From 3b28440d0b5f0d45f1a9801e4109af4d9cb90f46 Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 11 Jan 2024 13:01:05 +0000 Subject: [PATCH 01/11] Add draft security report for 2023 --- .../blog/asf-security-report-2023/index.md | 86 ++++++++++++++++++ .../sankeymatic_20240108_103035_2000x1200.png | Bin 0 -> 151239 bytes 2 files changed, 86 insertions(+) create mode 100644 content/blog/asf-security-report-2023/index.md create mode 100644 content/blog/asf-security-report-2023/sankeymatic_20240108_103035_2000x1200.png diff --git a/content/blog/asf-security-report-2023/index.md b/content/blog/asf-security-report-2023/index.md new file mode 100644 index 00000000..aa45e6a6 --- /dev/null +++ b/content/blog/asf-security-report-2023/index.md @@ -0,0 +1,86 @@ +--- +title: "ASF Security Report: 2023" +author: Mark Cox, VP Security +date: 2024-01-11 +description: This report explores the state of security across all of The Apache Software Foundation (ASF) projects for the calendar year 2023. We review key metrics, specific vulnerabilities, and the most common ways users of ASF projects were affected by security issues. +--- + +## Background + +The security committee of The Apache Software Foundation (ASF) oversees and coordinates the initial triage, handling, and process around vulnerabilities across all of the 320+ Apache projects handling over 65 incoming emails a day. Established in 2002, we have a [consistent process](https://s.apache.org/cveprocess) for how issues are handled, and this process includes how our projects must disclose security issues. We have a single paid person to help deal with incoming vulnerability handling work, with the rest of the team, including the VP, being volunteers. + +Anyone finding security issues in any ASF project can report them to security@apache.org, where they are recorded and passed on to the relevant [dedicated security teams](https://security.apache.org/projects/) or private project management committees (PMCs) to handle. These groups are composed wholly of volunteers. In general; each community, or PMC, is responsible for handling their own vulnerabilities. The security committee monitors all the issues reported across all the projects and keeps track of the issues throughout the vulnerability lifecycle. It also helps the various communities with their security response and process. And finally, the security committee reports on this to the ASF Board as part of the ASF oversight and governance function. + +The security committee is responsible for ensuring that issues are dealt with properly and actively reminds projects of their outstanding issues and responsibilities. Our paid person plays a pivotal role here. As a Board committee, we have the ability to take action including blocking a project's future releases or, worst case, archiving a project if such projects are unresponsive to handling their security issues. This, along with the Apache License v2.0, are key parts of the ASF’s general oversight function around official releases, allowing the ASF to protect individual developers and giving users confidence to deploy and rely on ASF software. + +The oversight we have into all security reports, along with tools we have developed, gives us the ability to easily create metrics on the issues. Our last report [covered the metrics for 2022](https://security.apache.org/blog/asf-security-report-2022/)**. **As well as vulnerability handling, this report also summarises the security initiatives we’ve worked on in the year. + +## Reporting Statistics for 2023 + +In 2023 our security email addresses received in total just over 24,000 emails (2022: 22,600). After spam filtering and thread grouping there were 1843 non-spam threads (2022: 1402, 2021: 1272, 2020: 946). Unfortunately security reports do sometimes look like spam, especially if they include lots of attachments or large videos, and so we are careful to review all messages to ensure real reports are not missed. + +![Diagram 1: Breakdown of ASF security email threads for calendar year 2023 (after removal of 'spam' messages)](sankeymatic_20240108_103035_2000x1200.png "Diagram 1: Breakdown of ASF security email threads for calendar year 2023 (after removal of 'spam' messages)") + +Diagram 1 gives the breakdown of those 1843 threads. 415 threads (23%) were people confused by the Apache License. As many projects use the Apache License, not just ASF projects, people can get confused when they see the Apache License and they don't understand what it is. This is most common, for example, on mobile phones where the licenses are displayed in the settings menu, usually due to the inclusion of software by Google released under the Apache License. We do not reply to these emails. This is up significantly from the 305 we received in 2022. + +The next 608 of the 1843 (33%) were email threads with people asking non-security (usually support-type) questions, questions about dependencies, or general administrative threads. + +The next 160 (8%) of those reports were researchers reporting infrastructure issues such as those affecting our web sites. These are almost always rejected; where a researcher reports us having directory listings enabled, source code visible, public “.git” directories, and so on. These reports are generally the unfiltered output of some publicly available scanning tool, and often come along with a request for some sort of monetary reward (bounty). + +That left 660 (36%) reports of new vulnerabilities in** **2023 (up from 2022: 599, 2021: 441, 2020: 376), which spanned 112 of the top-level projects. These 660** **reports include both external reports, as well as issues found internally by projects and their communities. We don’t keep track of the breakdown between those categories. For example, where a project has found an issue themselves they will follow the same ASF process to assign it a CVE (Common Vulnerabilities and Exposures) name and address it, and we still count it here. + +The next step is having the project triage the report to see if it's really an issue. Invalid reports and reports of things that are not actually vulnerabilities get rejected back to the reporter. Of the remaining issues that are accepted, they are assigned appropriate CVE names and eventually fixes are released. + +As of January 1st 2024, 175 of those 660 reports were still under triage and investigation. This is where a project was working on an issue and had not yet rejected the issue or assigned it a CVE at that date. This number seems quite high but it does vary through the year and tends to be higher at the end of the calendar year, when many developers take holidays. It’s not uncommon for lower severity issues to take some time before they become part of a new release, so at any given time there will always be a number of issues open and currently being worked on. However, we’re watching this metric on a monthly basis as the number of issues still under triage and investigation rising faster each month is a sign that projects are falling behind in processing reports. + +The remaining 485 reports (2022: 490, 2021: 391, 2020: 341)** **directly led to us assigning 173 CVE records (2022: 210, 2021: 183, 2020: 151, 2019: 122). Some vulnerability reports may include multiple issues, some reports are across multiple projects, and some reports are duplicates where the same issue is found by different reporters, so there isn't an exact one-to-one mapping of accepted reports to CVE names. + +The four projects with the most reports in 2023 were Airflow with 109 reports, Tomcat with 38 reports, Superset with 38 reports, and InLong with 27 reports. Airflow and Tomcat are part of the [HackerOne Internet Bug Bounty program](https://hackerone.com/ibb). + +## CVE Statistics for 2023 + +In 2023 we published 258 CVE records (2022: 245). These records consist of vulnerabilities found and triaged in 2023 (the 173 mentioned above), and vulnerabilities found in previous years (“under triage”) where the release that fixed them was made in 2023. The four projects with the most published CVE were Airflow with 47 CVE, Superset with 27, InLong with 23, and Tomcat with 10. Note, as always, that the number of released CVE has no correlation with a project being more or less secure, and we’ve not taken into account severity levels or timescales. Indeed, projects fixing their issues and releasing timely security updates is a sign of a healthy project. + +The Apache Security committee handles CVE name allocation and is a CVE project Candidate Naming Authority (CNA), so all requests for CVE names in any ASF project are routed through us, even if the reporter is unaware and contacts the CVE project directly or goes public with an issue before contacting us. The Apache Security Team requires that all security issues in all our projects have published CVE records. + +## Noteworthy vulnerabilities and events + +During 2023 there were a few vulnerabilities worth highlighting; either because they were severe and high risk, they had readily available exploits, or there was media attention. These included: + +* Several vulnerabilities were added this year to the CISA Known Exploited Vulnerabilities (KEV) catalog. These mostly can lead to remote code execution: + * A fixed and published vulnerability in Apache ActiveMQ in October 2023, ([CVE-2023-46604](https://www.cve.org/CVERecord?id=CVE-2023-46604)). This vulnerability also gained press attention due to it being widely exploited on installations that have not been upgraded, including by ransomware. The Metasploit framework had an exploit submitted for this issue. + * A flaw in Apache RocketMQ ([CVE-2023-33246](https://www.cve.org/CVERecord?id=CVE-2023-33246)), fixed in May 2023. The Metasploit framework had an exploit submitted for this issue. + * A flaw in Apache Spark ([CVE-2022-33891](https://www.cve.org/CVERecord?id=CVE-2022-33891)) fixed in a release in July 2022. + * A flaw in Tomcat if an attacker can reach JMX ports ([CVE-2016-8735](https://www.cve.org/CVERecord?id=CVE-2016-8735)), fixed in a release in 2017. +* CISA also released their '[2022 Top Routinely Exploited Vulnerabilities](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a)' report in August 2023, mentioning malicious cyber actors continue to show high interest in Log4Shell, ([CVE-2021-44228](https://www.cve.org/CVERecord?id=CVE-2021-44228)). Their 'Additional Routinely Exploited Vulnerabilities' table also lists some HTTP Server vulnerabilities and a follow-up on Log4Shell. Nucleus Security made a visual representation of vendors in CISA's Known Exploited Vulnerabilities report. With 28 of the 989 vulnerabilities, [Apache is visible on the chart](https://nucleussec.com/cisa-kev-art/). +* A number of vulnerabilities in Apache OpenMeetings [gained attention](https://thehackernews.com/2023/07/apache-openmeetings-web-conferencing.html), addressed in a release in May 2023. +* Some time ago Santuario worked with Zoho to diagnose an issue that turned out to be incorrect use of an outdated xmlsec (Apache Santuario). Zoho fixed their software and disclosed [CVE-2022-47966](https://www.cve.org/CVERecord?id=CVE-2022-47966) for it. Unfortunately one of their on-prem customers had not upgraded and was compromised. This was published as a [CISA CSA in September 2023](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-250a). +* A critical flaw in Apache Struts was disclosed and fixed in December 2023, ([CVE-2023-50164](https://www.cve.org/CVERecord?id=CVE-2023-50164)). +* A critical flaw in Apache OFBiz was disclosed and fixed in December 2023, ([CVE-2023-49070](https://www.cve.org/CVERecord?id=CVE-2023-49070) and later update [CVE-2023-51467](https://www.cve.org/CVERecord?id=CVE-2023-51467)). There are reports of this issue being exploited. + +## Security initiatives + +As well as helping projects handle reports of vulnerabilities, we’ve worked on a number of security initiatives in 2023. These included: + +* Working with projects to publish "security model" pages on their websites, which help users understand what to expect from the project security-wise, and help security researchers on where to best focus their efforts. Such pages were published for [Apache Maven](https://maven.apache.org/security.html), [Apache JMeter](https://jmeter.apache.org/security.html), [Apache Commons](https://commons.apache.org/security.html), [Apache PDFBox](https://pdfbox.apache.org/security.html), and [Apache Airflow](https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html). +* Reviewing the Common Platform Enumeration names (CPE's) that were assigned to our CVE's by the NIST's NVD programme, and suggesting fixes to some inconsistencies/misclassifications we identified. We have stopped distinguishing between 'incubating' and 'regular' Apache projects in the CPE, to avoid missing associations. +* Working with NIST’s NVD programme to align their Common Weakness Enumeration (CWE) classifications. +* A similar review of the GitHub Security Advisory (GHSA) database, reviewing artifact mappings and adding missing ones. +* Put into place an ASF-wide default [vulnerability severity rating system](https://security.apache.org/blog/severityrating/). +* Engaging with the Trivy SBOM/security scanner project to discuss how we can help reduce noise and make security reports more accurate, possibly using VEX. This is challenging because it requires the scanner to have access to not just a list, but the graph of dependencies. +* Starting providing guidance for consistent software identification using schemes such as Purl and SWIG, so vulnerability information can more easily be shared by Apache itself as well as third parties. Such consistent naming is essential to improve the accuracy of SBOM and vulnerability scanning activities. +* Working with projects to start publishing SBOM/VEX/VDR information, including this year with the Apache Logging project and Apache Airflow project. We have set up an experimental platform to collect and aggregate SBOMs and information about advisories for 3rd-party dependencies. This is already populated with information from 257 artifacts across 13 Apache projects, which we plan to expand and use to get more actionable information. +* Participation in the Community over Code NA conference, among other conversations sharing the learnings from the formation of the Airflow security team. +* Working with OSTIF who are doing a security audit of Apache Commons, focusing on the Commons Codec, Commons IO, and Commons Lang components. +* Based on input from various parts of the ASF, we [submitted a response](https://www.regulations.gov/comment/ONCD-2023-0002-0106) in November 2023 to the White House Office of the National Cyber Director (ONCD) Request for Information (RFI) on "Open-Source Software Security and Memory Safe Programming Languages". +* Working with other parts of the ASF to offer considerable advice to policy makers of the EU working on acts and directives such as the Cyber Resiliance act. + +## Conclusion + +The ASF projects are highly diverse and independent. They have different languages, communities, management, and security models. However one of the things every project has in common is a consistent process for how reported security issues are handled. + +The ASF Security Committee works closely with the project teams, communities, and reporters to ensure that issues get handled quickly and correctly. This responsible oversight is a principle of The Apache Way and helps ensure Apache software is stable and can be trusted. + +This report gave metrics for calendar year 2023 showing from the 24,000 emails received we triaged over 660 vulnerability reports relating to ASF projects. We published 258 CVE records. The number of non-spam threads dealt with was up 31% from 2022 with the number of actual vulnerability reports up 10%. We also highlighted a number of new security initiatives we’ve worked on including metadata consistency and SBOMs. + +If you have vulnerability information you would like to share [please contact us](http://apache.org/security/#reporting-a-vulnerability) or for comments on this report use the public [security-discuss mailing list](https://lists.apache.org/list.html?security-discuss@community.apache.org). diff --git a/content/blog/asf-security-report-2023/sankeymatic_20240108_103035_2000x1200.png b/content/blog/asf-security-report-2023/sankeymatic_20240108_103035_2000x1200.png new file mode 100644 index 0000000000000000000000000000000000000000..dbc6ff03d22666a6155d46d269cb5707b41fd52a GIT binary patch literal 151239 zcmeEuWk6Kx+BP6aDWFJ+lt?#7N{oUcAxJlgTTs4Dvaqp0WB5(Wl6hMdfObyvfcas1@&L3HaT{7RY31N`dSuk#>q@8#r*!f-WJi?-Rk4H_*vIXAIh;IhWK zHg<%PJf#(IT-Qlk=sG^?hV<-H&ukxheDTA;!lU>3&p$xXgkMS0WeAw&Wj}j{xWX|$;>pqhb zll+eg{hvwxja~lFB>$t2|1V1ZUF82?l>Coz`hSW0Z?gCQ68C?u6aQCB{!Kyo|9>s{ zjNtfiA+5||PF@Gt42g8$=Mo47Z=H-(BZa_!V+iToG|8fwAxpoBOtmz=GYI` zYxJn))U9|7qoAhdh+9|OlI36L~XLug+V@sy;|X$jQ=q@(ffcxalDQkGY=_j%jD5wO? zf}`2gT2##YKRr>+*W@~?#33YqJX&S_=9Mt`!`H7ex!R>4lSS+wzyx0nuu3Q`=c#3f z(iHg*`0C`EbtjhD&$J}py><g~7eyf$MZRANp!2Og5Lr0kShEaeI@ z>`eIh_+{3kLiY9Jq5KPJ-i?yhUaOS|F+Eq@kKI3;gi{GUY zT>3R7l4QkL;N{yO;sC*BdF;j7WjV{gF(Ue>KG^R2Yg}sCN|mzu1=@T|{n=rXd|rbZ zTB2r=$;q4?ng!tjq%0i>BX4V%R-Kc@;e3*9rt|8^o+X{fhHu5IL3wW)Qc^~}DyxW_ zg0D>U=26SVacN#CIfUi+kA9r`HND>-J@YA=-5& z6Kkh;H7DTj5R z-(8I=HEu-~4;KD(Sslr;ZKhorthO~u;5QBAE^5h6Ei6(h$2G)W{QT;&Rw#yq2#Y+! z-R0KfarONophKeP`|kJhtn#_NVtpF`buci0@kkX?UT_cnWKm)!;jvOWmZ zaD1(m&YQD4Ntif~7+ikLS|C1Ob4WLKQ zV_)5eW=C?9IlDn6JqceLNVa$=$MH=d=D_r39@Yc9{>G?f9|t}&E^~D5Ncqj`;+=@5Oi7=baYv9X5+Q(#|Ir9F7{_-D<2@wIKC|IA@!+o?1}8QBi7f z#X_(($>Ij{Rb>ytyq{n(o9R+pPTTVA)}atzVa`2#@x}tw_$!k_MB0d^9;;R#zRU@h z`Js}{hWTw+%)3*m{-K54#G}qJLhRsSbgkyxUpWIbk<|orm z`LqeG8f>3ZT2Ad!t=f!~JxQ$c{_!qV(mr|2dHZVJ6H73c7DUtodBd$qyIZ*6W?s>V z6cWN|XY8?iqPrwulDU@u)T+Q^Z_P@y_*isWZ88W6=_?I8o>|=-;5}U0hdDu8t|B{g z?uX%aeU>_LhN3#>SJ6m^unKDiiF;Mxo%Ms%N^;g`r5-PmLy7hE@F;G6~-ws-BY*vME;K*BT4kB8_b6u2|Q~i0Qln6dv`Ym5w*5|6A1CtPVAY&hX`LQD}!M*t?u`YgQ zGsTuGuB!0K@2TAJ_VIIe{L)|2zhwH5x;X!Q$!r*o;P2zS$HOOmlVrEY5X|3|ghN`FayZg?^ zCVu|xP7Vce*B&JJlYh&WW-D(b;^{6fywcUMTN(;;lA1rt{h|OX^;QbqT-wy0iY^tz zf>jqh>m~~A0`c-j@8a5HN@`MCq<*_{Wu<`25_eGZr`cuuq0=j4beG>z5nO&7e(D^u z4_3o$&n+!>8d`1WqR|M0n>5f> zN}p1eZU-};gzw4^8FMNh8Sk2|iPjfM)s`?u9$&6}>&clor74@;R*rgEfQD6cf_1=s++pU+*m8jOKJ3v{6qrD}+do3XZKQ>>GF z=x7#0OapGFQCd!~OKHN#gWsO0m7-a151l61`lYwPpTH_amGXI7Pq)zRe!CR-Lv$FK zUP>;BVBvkapQqbAu;C);OJDD?=Uv}nO?$$xhyA>LPG6jQnug50Vd^wJ9?(H4fRFZg zB;y&gdc*~u8LZ+EQPx$W%=R&l1jjwCU$CN?Y3O1+afAEUB<@v4+0f`FS(;lbdK11% zTN$ZWP6WFT7}kpxH_&StI?FZPDqN?C&>Tl~%v;~vff&%e;)2pGJzE>~fn6`P6oXY` zoxW<>Y;GoZ^oacKQjFf6ktOOxt!tVZ@ZvJn1*b*58PU;V0>MY#U;p=6kpu{HGlNq} z1OraJ(;Bc~<=slJPQ1PqA9)x#$%yXf_lJb~%QrsQ+p+(=k(H8v`5pG&cV5WlTxs@J zgmcnqR8$^h0biPtRZd=MIOhwp~h`mK+Ub7X4D<63iLA84QBSR~0#isQ|Pe}nB7blCiFLR?LW)KHM0pEO{ zJ&4wMy(qulxS{+bxoHgB`F zqn4gg64l2OT&y9=f&KSVV`X3X)CMQE4P~F26c*AbiIR(+@OJX|-0da6lMuL~v?68r zm_??;?v}fM!ckYE{0MI+Yq;3992wpbX{XOP+0*V+>BJP@?VViiJ8uwt@XG&<*8+ePn^w)9!emp7g;hoOsldm6cV0~xdwIAV3I9l^} zpVr_=;|W@ze(r8)ATa5r^{Fd4KdD&#LjxzoyozW|pw2LXPu8s4TN&nQAA&5~=tl5! zj+S*Amsu=3pLkUhS!XIEl-vYEI7fj^jeP%q#G>#?EW}V%h5|dzG5E{<2o-D_tCorSROa6TCqCafgv1bH7p1 zg3iL-;9pe&=q+Ke>+>>?2CJ-8)09r0nCeeTUHw$8-{>Ohb)9ci*B!liub9UB$fj;B z(dlT%RouZPU&&#^F4@a_ku*$hd4Atiq_GLZ;KVl^)m*S*7&p|QJ+GXUJpRg}gEW01 zKK$~(onF1C#Vj7pxMUV~sDj&vjIJU|Kk)^-V^)zlFZ+yGz8lN^vi6doxcNDPB;CK6 zo%iy2gY|%P5#6P&vpZN_x77_Uj>{KP|+@3KH#J#*YOc|Q7m?g*)>0;h+{S~;L7SlZx-{Ri_0=^q$ zz4xm}ISj*4FW*k0oT?91U_}qC!enuOqB0IEi?Wq`^UG|M50oM!{5U~AwEQ$=*M2q2 zBCA+$9zp5TJWC&i%^*kO+LN_dW)I_sPEh_%o-az)vVqcZ>+nl;=E|^n_EI%GJYs8b z-*R`ED@iDFN_nr{$;ubgJ!YFju97{bTq2G=hNHb{LZZxo2aJQYbBna^-&c5UEYGkf z=L2kIDT@ppao^4us#JFjm>SqTSZ~maeE;fDX3T!LG*qufcHkpF)tO3tbFNVeENQr* zqq5u^(fPU$$)UUMja^U+f19oKp7FZkQ;B-{1tG3mCwZe)ljC_Au3fFu4N}V*xnPwL z#nu*qUPqUu7amB4hx-3E4!y1QY22;tONb8&~^#Uv*QFVxc_FXSkVOLH*m75id z^m6U(sKQ}2!)VK*8h!7g(}QyRdhRmFy5z}jJcF`)Kjfx~C^Oa$XF!>T4~B%E{*6cf zMxZuDK%nc&fqG-@$jlmoW&_mM8m}j5wEO-uk8eNi#lh<(L=o_N{o19Mg~ z%HFI%)(d!e#06MQA_XT;SgXhEQf{!Tvvvx-lai8?JX~=!C~6;f>G+YI)|Xa%vg@+6 z_x2hxPBK5bK=+{P2ABJz*wt(4=5o=605&o_{gL;tp@t*{Yt1B1lFH`o3^(Hytu#H~ zTB>N-Y@+f|O<&T@R?}A9RA1V{Wq8A{T_b30>NhruX5xSikg@@No5x*9qI$ln=qRaP z)vL-Yv=WAShIWlRD`SQ?1#2Ywg--QhDzwPMx7?0q0oTjSzTXpLr4v16I()fAaN_PC zyWiqyBvCoVEBmA}xl|F5q?-o?efc+% z9T4U`72hzasY|JwvE07nb^w2S?Ka5-pzSHBWH8aM4$=1+_M-+~9ZAEgKJGl5W=Z>j zr)-)PFJlKaTqkDQvrQ4SGYNBZ9kCI_<}hYcxa7UgIzkF><_zYBkDcR=t%ZF%YnS^h zdj(L-%f*eVW>35%JB12>C)`)V(Fn(oU}YxwH$B)CL%MPhOa0fFOq*OAaoe$&mFr<{ zLEzm)xMgzs)B_CP1~PgOT+c{X_Ls5JOJOUe%107GQ^UDN(UtZ2DusdKyV@?bhbYTF zn%ASN5z3N!Y*9wu{gQ5mnUAj}oK92LuH|vOzFCE=z8|#baQsz{&9EVUOm$!ES7>(m z(w3bywOWlm7|Jf=Lwi@_DGq+`n-?ER{%V2Y`&g322%?s8c6woHdo9&KqRv6Y+Zi_) z(T)$O1X$>2d6f%IZjiqZlDaK{dnGPJFGMd-Pb-UHZtl}^QG`5MPgJ>lOf)ceX&>@N zN7*7yIX7iPN9F=4IM_*3Y1olF?#@M}QP~}kpjeT-WVNc`f`gxhR^yK(c|pbcxgXUF z_1W$<+eJfXVv{mW`yVkNq`YQJ3eYwhZM$!Bf0!O8KMVBJe}^GqBF29EuPyH|X>YZr z)`uF&`>E5%@hjJhN28#Z*+MX|vNe9n90Ot4SuHhWsw>bh^LWnmj*yTL9F_k3+-d>H zREdeHJzB?cZaj=UXq5EWI}TBMtV$)g7?7T(MY{+!JtDH$wBu>L?zG(d2<5aIU1*Ab zrMFyzFXhWBofY>R)DB)P71mDpQqKFoCJLEUpVkz1dS!Q z9&kfmz6S(JuOmySm(I!eG4u7F*uaGtcq|X5dsR&tXBR#Y5Ly4KC;%7VD{mRZci6sD zd+!_9TILNb2O)ec71k#F9aep(Pru3(5)CX_($Mxjv~zpuR~h@-an+Bm_PMSTwW_PH zJH{B8-=qLn=b*@+m;J>hN!qcHPBmgoYjXC~)mjMnEn!Km;-!VKBaaBhrZEx_eG-7n z!L~kSEqMvfp_qzjwt9Q%E6k8D*&T4AdVt8yAmnSFRu0D0^>P_ySi74&q!t#C1+$7LTI1o?|uaXd8hIP*1wHBt29V}i?Lr{|uDPG6KCWr+%0E9#Ce7e8y06DvZ z@F(2A-T?#CQvnRV2L`+APih)?+N7{*!Rhv8nm7{xcwXi#t5y_>Y(G3tf4&8PQp&GS z{~JkMG1K7L&30N2fszl4(jKN3*p%B~&mz;fwK7 zhCHRm-YFbV&h4Lh#9Nele@)I=t|Rw`3Y=x(0r1t2Dn91vvNL%C=D$~_2tXGnzJKwN zYYabkUBRqHr%U~_xsnUmZZez#Q9!k%PyQ3zo%>DSt&5m-!xhjB7VNF!xm^Dk|M@PG zJk4$$XS3PN%+V{Xmyw9lm+~JIf4BzTzOuFW1HTKp$-jlBB22 zq;Q(NJS#r9KPzEt@=?&Y7MC1b1C9&BROHe9(0T-Fu=7*FUy&Uw3o zfpv`)sMCFeI->vS2AJ5lwVG!37Ne$sx?b6{=!JeQbxizzkxhON*8rmn53d05 zP&}gzupGJ1 zWe4`(JbmF4v-O30gYMt~gr_g;{Qu%-zQ+_B0YpuM7Pe$g`F5jXG)0EhO7HWdrr2*G z)|0ZodKwy?hQ-mI>-MoMU{qFw7uqSoKAou1A?MO#lT1T4rjbAApXMFYJ$f4R);Qqybd)L+Jo*)ddTjnHBjzV- zjcV)~B0RFjcm;|+sg}`q-~O}fkZ=QuTdTn^ji~6MXAzcFvGTw&GIpN5X)h1n&5z6| zGH#?es3mAti(9zkT2pX$=2uv3%LM|CBm3ivxByg?xtVv|R=eG{_P#uvRzcqr`&n0| zWbL*+w@Ib61@{(elZK)e@IIWp={9|uMr$#0V7F<`547T8(veX-NH{isq#rW;GA*!CnBIsIs59{S6KA-1#QI zcLwM|vPVSEPJg-Tcc48$Oqve7)iOb(dM>FZ7hxFSEI3Y{@alCsZto)6qV3`GQ(yeb zGg{TvV6$uQHZh-^j{* z51+ekU;oYgq~8egHDA(Q;!_g zq=@*M)%n$N_OYfk(V?ep_31RXuJ|lUUFNsbZ|MORddQ{ZeIE9by?irgO=^n`C`4UF zfN?bYf>vY-WKYbnlN}^=i-M;UcFevgMEq7LBap-WQ%={?{rg|>lAk$~?@O`+=kfimembe; zB_r*^cXw+$4@}v#hOn|DmD+dQ1Xf=YSFhbMPty=v4orv!!re8xm~)q84aaJ|9;N_2 z(j778(b!U4>aUE_cNrve@XnT{aqM6R!MQ_QZ`{J{=D>?#(5*+Sh!T(s%Uj&D)@`uNtOGzc%BLsbqI@wajbV zJwVD`CiKp&YXJcfs^+oL9b_B|g*Pb_Dhcy03r169E5}l8PxhKp57bM43V|@?xZk*L zZB*UPCG;)NC01^*L&HHv+9#D!lKmXId`gdlb!n#_iHQ2_3F)Yv>*xqYJIj@ajswf@ z#yDyImeyWQdW>GpwrQ1Iuar|gicEA)Q_%EcwO%KkQ&%nXf=YKDnSyK=Y6=MU zE7tBn_UW9051~40vynmESKO@edZj;Q-2PJx&ej4+If}{QOte4RNJ+juEpLB$s=Zx| zm4YnNf7oK9|AVZLm)OA4S@Hv=(-YnbyvHd(-oTJnXvl_3MAPQP&fW$^r<(Om`Bph- z=9cqwD)`W%Lg_)ooIBi&FjlODwHXp8n z;pIgrZdiD+x3>AdR*@Ce;cOulu!4+X zJN0gVts?efwpv=_FE1eo1UWdAUAZZ&9_v*)#%BUf+CvFXFjHt0GnjTp53c8uBE4-6 z0Gp_kCu*T_h^8Ac4|lQ|WazE{7Bz{Fz4&2N<=0jMdMhJu%g68>&J*N!-60Ic4E98^ zSvc&c=n%8Nxz2uMUJLk31m+{w7A>o-=E*M|QuVcJ&_yTNcKvxe$@KI!a4 zR0{%CnYofO|3z#8C_qGoGjVCniXTn$3dPPX6YlM$WfaODagIb*J7V{ zdOq%(d|BoZRVsj;eo?QT`80a#+nKo1|0-?}hC#}8+o2Ejw*rHzaqV=vgG@dz^O!G3 zA5=@7-bt!jC5anlg6z{o+YX)HvEP)v6;-z#n`H8(Tv_461HZCVD`qC3DETUD`iJ%S zz9i>Oy`P%dY!@bWpVkfn_I#b}Bfe6Fi|PJ@3;)ttHB5ph;2Rd_&3>s>(mE`!$5gAM zYqPk0*gS^lRi<|VT0v}oow-%{7Ge(0rl-{CVOx8HM{}%5830>N>-+$B`-dr+aD`J~ zq7Jl-;;N;zXBR#8qABJQIk@5OAWWu5q26+mx^=h5#mG9+IEbq~pXv(3lwTMdmk-*w z0~YD1`1nuk>F@OEN2;WFH;LZUJ@f>vGND8)ptnkH#6W zNFCK1X9Rq;Hzj`qvNRT!wKCkYI`Rf8X;3SZdP_o^f=4y;y&{#M+**N4y@5nMCMq{m zt!!;SZ7xpAJ4Slbf9`90lq#|-(m|=#aW-*8s~xOmID@w+K%Jd9GcxHFxtk>1b}EhQ zr1y}3BG$pQqr-2ICpxJZs?w2a!2BZ@DRtxEG>&er8io!($k>cbj^s3zkBfK}lP?cl zwvD{0fu?ZMdu26wvh(KnU|CGm?jSu`CG&kWkCvfL&AfZ!4)QADb#NJDrhP_vAp3^_9!nmOr1`-R$q3*)SpT~9iMQxkyj+Re>DV`xM z`#%V@G8H}uj#L@4XqG@_Z}Cs)P4TTZZ7|kOo3^akuSO?a7>kZu@6MantL4;bJ6(i* zvqdcoU?EhNJrH+0XM2)t<5ZaxL`U$1K>O}c{)IPg{GJnvqLFrYo9%O&>RP1@W+R4D z_#3X~z!##bC6js778KzXg}}sCq5oaT+>+#_ET`OHd7^fqjWo`YWO6tfO(GgL$*jV!w`4YHrMRcJ$p+Z?);NK( ze)#rzpf};%Xp54VO#)9YVX@~JY@ZSUlTN#$C>+xC{Qe)x!M9jB8c}0wXrS5*SKuzl zvSmpNcU2s+9j0evW7|6lS*wv%Urd`2;E`3j$+#`$h2YNbP!}uy7|m(_$!7WK7=t}d za&VqXWnF`mbz`yyvf%EvR`w7bHLAvAf17v@lBJNsRLNby_7Kj>4%u6eutp!g*@y)4 zG8K>FAj@2Ty^z)TomF?2GFwP-hq@>lE7#qNOio@Y_Q|MFXX#99rp)FvzsnY<#o`bJ{SV26V96XG_E(@w;0>IW)BgsvRGBHY(KV$lIA}}`Gd>sJB2(GCDz(h z4p)nJ%fPKLixK2#VY!oM4*0RBcFeygUs-oYsyRe(VT z1)l}MFW3Eu4J01@{zc}ayWm#b(aw!l|5*Ug#_wf;dptCRSiV~`8c!@Y_qXYTdTNQ5 z%iu#4+1oU;`?FyZ{a)73;HQ0sgKb^*d#%Z2)b;6hX z=aZ^!OD6%;A&N^rMkQL8ydK*2P4MeV8PVClXnQ^`s%s6O|zaecq z?E290Mx_(=V%lhOyTGpFkN$e{VqNBwG@3=%APfoRD%OzmMxLY+tClQ1zaD$s%ln?3 z_?q`XNL^A-99?(Zbs+ZVtuH%Lv<(O^h>lndS43R#E>mth0f4|imq)&KBpbEk(-IEq zW3tmBP2vo`3o-u9U*0ZJ0t_6d=al4UWloa?#nWoW^jszZ-R9C;3gXPdlivP0O}YjdxWTS?FS9LuOowkuhI(ZOX`~?cjXx@^B=yPha^-X8WcDV&9~j_uK+9*E0vq)qcZwe zI1U^jEtck^tJJG@R(5(433p$;tg;#$cfTIW)S;6lFK=aKRR{J)L!eF`D{`%nN}gP{ z?QB?dVIvmdzZ87>M_t`6M z#a`Zi>P445cD9#?*^$#P3FD>T_rgPVwk7F}}h(30}X=oD<+rggK(l=?x- zYxbT~w^SR3*ciHJiu@5*Zp8z|Lf+9xfgl4rJ+AZuMTOi6wQY9=*KTmn@>;&R)Z}qt z+(bBaajqqzw!9l!<_PCL0T(Mt%mx%Cq(!S%7o>?aOL+mEOl+h)AR#dGkxY9WjQ-@z zcYC`0RnqzrPd7#3ey~HX;eb)T%gW{8ygb5j|J}y%H^#}x6Uu^;*xi-Pi-*^cCU?n%q*f(uq5-zdZKW(8YqUMG0kOjat4h$F9L6c>5s zDnh*8evd=ILPCbWy@%`TLj;Xw-btX#JWhA_LkB5`)>SOr5vxNsB}`Z_9(C#rX62~v zQFP2f2EN0csrVe(tKF{l(F3&=pNzG1L%gfkw3g5-grSYxr$&Ma`yGU4{l1eyL#*BF z6qXTcp5~vD#n}7^DIz{H^>mrY&aD*YQ=`^TqswFaifLv9yz=b+F=dvC_i=wz%OYtw zwkf+)_ydY`svWI~VWGhK08FU-KR%-Q6@OlmJca+D6}O3(&;YBV#vB%A+Xn;)dk420 zm&XjW)U^wX7W{)_$wSIc=cY5McseWGTFQI#jh;Tyo&6XqDiIjPM@IPP`0Ek+Q#i54B3?|Qf zOrf-tR>ORssEDYZNAmG-1mEpAV!XvgK^dGNA@-U}z=_X6LQqK{xNNlabzu{@WT>4^ z^JYS}cj}`9)3>RQe9YdZRi#kX=`h3|HX3lIH>`#;@9g4w`>x`?E6+Wuh7HZ|sy?*z zyi(+|dHHR1sONL&8s77ih%y^V`l-7QUS_-&q+33D;71sMm=Szqj-Ka#{g^|MXw2zU z!uE;udM1Y1y=I|oixo0s#l0edR*DRzW?ib%gcl>LC*F9JmaCJL8a*t0rDlB=l@?dK zN5bloMLKX!3j$Tvsc}|_TY7`lYF}M_Q3&sD8rrMqr26>EO4Ejt+Hwu;Q;YI9dz3j3 z(KN7}q+Zo~Ugq6H#4`%lj%pHen%sk%&p=vygs`mcA@3d`-VM>wP}1mqdlIE>ET^be z&UCa81x+>U96~tLEVt%CS8}bes9EF4F z9?yNH`B&F;)|rF`1ou{X`(YH9E*YDb%ufpJEr&M!Aec-!(UU#l zCm1^ZoC=j*iOM})zr;~eQ8w(eIpT;X-n2|ClEUBuYOsWE(e=WpiXo#C?3GK+jMnH=5`N&vZpo?Y{lbrjxOlk_lp*WbZ{PZU z_C|&a+IjMyJnu@vlPPIx389{gR7eintX-`dHR(*EPg+HQ zd>+lIQ^`4AHQ?C3JXEVRd1@dr+TdC`ZPCG{y^|UozvvNb9(zeagMMRgi@Mq-l9{-= zM1eE)B;pmg6{=U?|Vp{ESfu3 zM$~98TDM~?Y9Xs|fMEWKLDYFAp3~4u9Mw|S5y!*hGCqgCB)hy@WKb`Eg4*q`*j%e$ zmj@0n&=i}qyp?j>${fhkP;g%5r*$NC9W2mMLk{FJB4Oi0#YQ}^%47NUTDquGt$uM5iwta@}>RJiITm9!tAugwLVTi`a@uHB(JeQU5D7PAcWS=TLE z&TeDmylg^;X= z`$EHs%O7f*9n>7rJb8o21iyd# zEk`+q#4cBdRN`ULKoQt2c1F8mT8)Z#-ol{h>4yhp_T6*|Ln?3@G*H?eu4U8hY`1%( zw&U)?(rJWUqs4z5VAiKJEqu)%g`%sDTRB@}>OfXj1v%bGdCw8A?*;pFWr=ZSBlA5H z^|L)frwf^+>E;mpoZsYu+o;$TH?nkMN?s7NB5$gejX{{yX-&gUpTcmNQJqt+)5;H( z=|KaIH#Gy^##d>@MaH9c@2iK^+{RwKR-LJccVT=0kO^NUchOI7WU6ObD{&2FA|J@* zUBd%-Fk!uZrnJ>D-_hZib&OmZ5 z?r-ly!=bjvT}7(nn)5z`A)wds0WCm?~m_e_ZJtsg+Mf;4e;E|&HuY7gRRWZjt7_ruze>#*zKdpq}` zsW%2=!KUQt`TR)oIi%(s@@5~zN4&32EmjiNH4*AK)8wg^m2WZ3NH8 zv;C^A)_1U#0HvFJhKYAyMi&Oa-MmwSQ?_0kEX1gg&P|M-e0J2tbcZu|nhsVQAyL(n zuK8WOX;i7h^f#;Om7P~mS`$!H@G9`^u>0U*(cF2#!^p~CN9lQ z4V{us`c8SF*F3Y#{nvD=;&gl=_wGg&qHX#g>W(8Gv=F%q_3xoVJmk-&=G}f>k8}H2AC8EH>0j4uh`l6f0zcNUhvai$- zn#tN7Oj6w{LS~R@_uS3?hlqtoHoA5+A;kPMFw>sRy-ALCwsvPvtepbQsQn9X!0=rJVtQB)*nH^17{cSQY{G~- z$B~nt-+WB9?(zF)z}>fjJidOznrgcYJ+#Wl$9Fat?JHKWtxZ>*bE?7^UKZyMz>p}0QNR4-gc@r+;LbRX#3j?zQwi0#0|tc zcBC>s47?HBY;V7Hgp!(tU-iEC^p$!cwci#HAyr1ObI)wzM8YRt;XhO2tF*5q(eL%)4 zf~WpKb*b-Dl)l?And(Pvdr?Xk?bDHi>aHU@U#pR-;Wd}NuT-coOjV=t%X^W6QXbYY z4+NKs{PHJad7vQ;2MB~6Y1F5YqI3;hqb_UV{A zdH{gNtbtbpK)}VHL;&&A&B>0ArUn<18@1Bk3cZ~rA1hzov9doAxnPv^Q{-x@$|y2+ z6@HaAW~zL4CiLr)+K!GWq6nPOmBuey1Y0Lpaa2W=Rgg=dk(0u!2=ndz0@vtCG>DC#~#xE5evZcGaGzb=VjPgnBc(StrXgJytc z-um71DtFog31BOajz%8?fHD6ZfH!D`=p2Lt;3v`}Uj|Y}EVZw#Vj%5>hIS-Ik-MY)>F}M@2B%tpGm$tMP6yu5!UW_ct zRMk$z4eAFI8$*}-%B8D0pIpCAdIrgLvT%@(R{K|vu&dPti`&@>EN$EIoXwhRvmRa= z_O^q0L8g}10plL(`M&petLMf-9?q>v`|qp{kK+;tz&%opYl6e<|AiD7!JMADRG11b zvPtlop2ZIc;kt7+*9S=V2I}D{adAkrH__Z(ci+Nu76mi=e>V4b*VAVc! zFwnl`Eo9qUoudV}(kh}r)Ub}Onq;eC?X0|1A-^bsNLVS)B7t!VD}QZI6oV{0(wo)7N*OJN*u)XyAK?wn||apM5}v0Ap;Sl6UnS^!EYzlJv54 z@2^Hhk3*bZ_5egai?afg?DzFPY5@6;<`43nOe(=xS8}uL2>zY)2r-pC8i=|L zfc4ZF+yfda?6WJ9Nwa=m;0{E%4D-SSw%@&07$C?_fuO*}EH)3Pp;h^D$C|?2Xqb31^A|&5kt#wc@DWiKB<$_JHJ2wK2B!FbUD6ezs|3ebR=T!m8j`!lW~R^-PB4E{cTHT zfM6@c=Q|F-zguUdJKHA-7Y8=3vHf(c{aOhLt8rev0WbafKAAD<0sR>8m}XBuO1ca6 z&Q=5J_6q9%{h1!%nFB$}R+0F(NngS|vD!vE2SO$#m68^kBJ%KN-vQsTVePy8+c+YD z&vy!$9WSV;n82%}u>SEfs<$aV_9J5+Rc^PlyPIu%DW47i-MQ>)pMd>^=xrdt=nMZZ zqfc)laGjpnwQxit^0~?RGGzRG z#H>@xEaT30Wqor-h0mNh0CXR?h$n}mwdSHeqAvzixGf*+{71di5BP-_YGvu1tmd0T zzHx_HzGIJOdZgUHe_jPj8t-u**jk>)`QNmE-$d%{CejI#f5>utc8I{p*8Thl4m}cQ z43}7b3%H4>hX|4j1C*W)l+qLxWX27@b&fdO11`m*-(dlCdKN}tq7oNK5g1D{Ojf_% zS)n78W?I7jHgX;~QStr;VDFE0tpJZc_nY!Q5HX1<^sfYh>^(*of0jaJ16UV^Z+ zallx%SDn`Pqv3-8!GCvjZ_+tIe4FeL==7!?>IFEp%3Hqm6|Oe-t*kLG#mb4NvT992 zjN2^BQ72@owbO?T2rV*zCh;e72R-MRVLRwh-Z(c(9KEKfaC)}U>LAFZ*QOg32f`l= z3_Gj{8d zhs(3HyGSS4Eh&5PabL3=>FCN$TZ`RA>FK>pZ=^Ug^P_?Gy`3U|J#cjP(G{nL%IC|> z7AU)*@X~)~bCG-pY~&iWLGj|yhX;ur`k5hSV*( zg?Kx6O!o&bUJqD1VzB&Jp=} zm5kB&Qx~8`RlthNS%3C>OOO%tM+D_*ZXqkq_;-&1a9#z;Vh!9ba}e# zs~n=$vOCbayXC+jQRJ%CMaL^8a3R6~I{e50X7C z!4VG#i2V3^+w+KEPli$g3-9ee9jtth=R47y8ct^9X#+QXypD;IIXtk4y0xvq145sq zNoCGutkTR4EbY=s9JEn|fT1H;EzZB=i^Wpn z(Y?@TUW4A*H>EIQr|WT*{RB^9#qH6<#iA`~hCW3EPDq4CBYI9&c6diAI89!RX;*K8Yg2Y+wG8RJo z&$>u-DqfV11BZ$v<~F&*mWs^D7#;j;w_z*qH*!;=1ou zwQZ}hv;j0OhptksY}zdugk&h<-C5Vneez>dcT(29y@8mbE#hs)(#^p<`_kY=DMj3+ zTKjA13-4}Q|55TxF#*}uaQXAgbMZy2v4Bedj$5bZ=GP--x8$nNy?lU){!5Bb#yRIf z{ODZEFbfIVUD_51q^vdo-c(Z5QG9yJu_W~>{46MT*9^9AH0d?y;Q%~Qe<{g3-R+wb z&8YUkVog)XDH8kS;KR&p5T1&em`pz?J_@zsFMmeo>-Ne);?jw4e$6n*H3L z9_7I3ciw=d0+_O21IB^05uF{G=iB{Q>u0MGB0y})dR+CyTO+SC+m`!`#4FZe&H|c5 ztvfFb6bIc3zBl`F<|C4#L$I>=dNG3Ip7RNZ6#CFIQLi?8|H{t2(J_vD`zsC=gZaiT zZVd{y0U;rkM#@S`v4+xgXN_u-S&=GILLoBM{Dg~F?>{7l(K2n(BMY?r)8^@{J*&$*OSeUaN}YB%8;oQj|o{Qf9!PSrweiYP9J zJYBn<{gb$fuE*#HIKCdh^CL=kezprT@8`^|*QNZ4VYcOIm;tEmzmm|~GTy^O&_zPx$)l4LUsVb{6#pVT;JP{L*hvgQsg zP+*^)&9aGZxMW*=Vxz=@l6R?!{rBBBxScS3{r)BzhppCcSMK#-4nFR{u^PBgJUi4$ z@>V}~K>PnDK$Q}n4xed1f99D~w%;65qrZy3Z1^%;sQl%2h_Xs=(jPA9_= zmQ^_xPRhY(#Q;j9NPG9j=ORa+nVO2Vf`2z4Ih?f;^whf^|j83oZDUB8q=Ig$$+8egV0Zx`=!9sP+z{Lo(V z`V6Ohc^@J6nh#Armw2%JR=7Hsz|XO&X>w_5_Zm7xFIwUFJ81?bgrGrxp)aAcPKJ-) z&|xI^?!$I~*4E1T`t^%m-fqcv`gyOtEz2g1G2RY5khPU5^^XX6oL9wByub)79*{52 z9@Va^b8%ThbZA8tHtYy8w^DR^HSO7nX>?JpP{Jcp@$8GT1?D<{`gww;Tok{UsoNYn z!>ig{VN@X<&($1D7JvDItfba2u5s%js2s`5yxvAV{=evd+T9>!jF@UaeR}mvwfTe- zLRopcuE)vQ*{(#_u-8TB-|IZLlHGyIJ)0$U;^@um1t&tfuiwxf$3MP*|FCh)vBQ`4 zUcV^7=ag}0|Ch(N&KDc+Jr6HxcjB2Q&fB$Lwp7~bCkC| zl|InNkj<>4B+&NilvU}se0YE0s1qm~1@7KBq8sLJo_M@~WAS~{jz#&ov;t6SV0S1@ zKUh$_JJNhe*&2IMu&i=;AJet%g2T0#W-m4Cf2_gV`>1F)_Z!RzPukMgR-0$oz{c`( zx}OfIh749Tpc~_4Q5U?th%PS*tFAssftyD&Lyf7jHiI{c%sMumEm$~QL|Gmx8g{0j zA2c9#?b^i}Vx*d81PJ1nZ$&+>lW!d2Gzv?PH}#}S0SUDYvcFd$wl<|o8?cAJO9{)g z`kZWd^fw0n0bcB;>AqH;jBg#Ea=2XW;syWyK*wjGzr><89*MBadnw#UL_^HbR*G*= z@fnCHxh8Df=2`GBVd`}}AH4DV8)78mXE58lip)o{1x?Rnlw4b1y*Z99HkYxp9ZmI# zYN)_ig@-IIdZGJ%cJph>AHA@hMr2M9z2;5?GaAGvg4k2=f%J&=Uy0Op6qTKO-qm&G zcsw2wO5odcUbk86jqF6{jRwQy_L!VhqRsX~!3x_wX`A|DT92&WvcMMWA6?@`E}tMN z4I&0&8aG}Px{b9ddxZP99lgZtnG^E0t#1^A;kmN%;q1ZGT1G&PA-b0}hF>TkVd?$p zUqO|DJjlU5e!;vzJtA$n+#I29fnI`8HmYX@a|2hZIwTccXhV5X^WIiB!&6LD3jcP} z;I{x))^qf6%Bq#E5KM6EbLq@YKLx?wEb8|oyRl}Q;|7sbMyVfm%`k&f~{s~L>Z@1LV>%uJbm<1Sch}KpJ$U1qyGui!_J;LWD##d9J5L%Lzr^q#XIBe!QtoF5jIw5!g?^Ui%Rz zs^)8E(V!rYvD2a;C`>+OYyP<~W# zn{529Y6wTlyh}#-O;B3;NhMmL2Flp|sRz^9?pl~jY!e+gjp5P3MWhRk&}@S801k~7 zt@0Zy3bm-x)Sl`egV^Vcu~;OQ!{FU8tuahDmGM-G@C(=0t_JOE*tor&(E_b?R&s-E-FLE;;!mA|FOfa!%rY;(nBAtK%noP9Ee-*;4@+rM#d%^9u&Nn(jidt-_z8J$NC zELM;BHftQK%@)a1a{(!?=_}gm+Xh)g-G-7qX~^2(!eETkm~P~2d?J{qMh~r z?qedn@HT9JI4~46@Em3RXKv$ETGXYb8=)u!y~YAGjLb9Re%dP6iG$IsNwRje)*U%U z(>Qv3J%tBX}`@+F9UNv*76bqxIjBgQlEFzDIC3)U65)} zmu--oFJ8+rukxEVHTEtc$eQU{5DT&l%c}DhqAkq=Zb>mp)W$K=XBBC6*tHWQynuMIcUu!vyyicrs(Wr+YgM*vzQ9W z4FFf!uIBGNJ?K$3N3SbeXgwl%>^LpSI16Sl)$7czZOeopG|YaO-{7Lk)84Qk3!BSVm79ycD_Ui^drDp6bJ3 z_$fVKvnf@+f$_41>{`~(HxmIgx3}~5>=h2{R|K6&$v5j|Qu$mU0UZlI*W!s~@zxpH zB-{95^I!J;2n+TOaqM)*(!AP92t&E#N4(u!TeQ}nNlL zcEvtVuHKscQHV-oo1sb_=(eJ&e)`32XQWLsDquy(31UaEa^EeD29em7(4|Y)%nRT5 z*XG%3(9{_c#|`gIvKgg!hxMkkye}?TBha8(1{IEv+0Yc{)RL}4Y~fZ7ZZXqXu%RMmrToo0&RR|>WNCfhV^1+9lABU zZg2HZP00OY1aAu7Rn}HM=UBg3AT;W{lJQ8SP%Qe{i;nFUHaVb%=1_@;gR=3+sm1Gz zkwV$sZm9qz6Z#m~fEqq8J4-;~gA==j#)1i(WzrnjwCDL!2UzCr(3;%y#cn|}1y zXCbZJ+n*m74kQQ<8zi2caSA{zOq&fi#yYGFMM{D2H&*aNa=ifKSekOy-S4key?kAzXK9qAaqcz-pfUkxHJ5=vmNnDxyRLaSNpmF^ZWL>bnbG>E@>nN_&(8Z3H zLy#veNm7uF4V_-Fd3x2f4@J;oOzl}qyPdEstA$QL8hwq5b{dPr^ zHP@^+$*?NxYS~O1Ueu7exMXF604IG=agmXHK&_b$rO`92%!LJ7u z3th^$Y3=niDN2zSZ$4eGUNxd~*vV6cCi|MSq{xpZsXcqkI3lVx{#cBnP-D?{ z;ZZ4@Bcwi2J^#Joz|1_^avtO9nv~+yV_Y*`r_~|UxX4n{AG5F9?C9- zH7JRyc{Q{A%Yg7^e6nQNG*b_DiM_~oWdR|o5n@VHa%+8MuUjy$w^t^8b~Fj)JZgrI zaU%MnNTBS~?T~YL!3T ze7rr&hP3Zun5JX%Kg{uth6x?eVY%~1`!(jpR867?o#{dZn?%}j;GLxni;aVcK{te` z233^pCPK~(%%+w1d)JtOpq64@S4+?uJtX~O;*0rIVf*5Mw0Z9PvW(@NE|kUv=Ivy0(*;L- zd)eD~K9)_(e7SiqGPc#Rt60jhJ~+#J*qW2jPIE%{U=5NlN0-vD77HgLC>O?gM7Ha5dARs`@SZR{ia=~uD`@4{HmsW+a)HR zeVRcWD{1oe%WIE&wRHM{WikC^yp3o0h*0Q9mnZHir=T}ACtm4Vquv|bw5~HZFgt;W z8{D%8Xsoz5WonY^)$6pLhhEBx6lP3x4V4KJ30nwv%-xl1ffU#^N+XGgUW`WXK@M3%MxwH@@MSp%Ds8MBW3)} z^vQ8MV!;i}#|PFjh8{JudNo=BS8$dJzgxi<$sfq;FUJazf` z`wP}4z`y3xzrL{WO*}OdUu0K=O!b><6Nq$#jLC(t4UDMVFspvwH;pkTZo7Hepf7B& zU^`x$7=@~Q(lL?W61bnUl+zm(aDFClwAbIQ*Hl70?qggcn>FZ7DpGyN<+-Wcj+<)n(lxn%YNHjc9Bu&ku^Y+gx!7PRmv8bP*t$cg& zQnFg5pWrvw4doboQ3%&YXj^bUt4jbybHroSOCZ2raqTIplyW+O3z8#G7f+qSqJv49K!F~uG zFK#Fhl0NrLa519gt%QO(beuS6`y${R$8U^L%QlRzUVe?Tjjx)r&6A1xjkYKjLQrTimHY*vlKHG zT7^>2r6-E^Lc|}Q$?`xE&CjLG)91VMOb&1e)-`b~J_*K3s)v4@;0Q-bU~FZ~>(p;p zbMwOt0ArpYNZbF$-`9nEf+D%l!tt;fUgUrNgy-DY4YSZ^K@!mXtu-> zpfCF}@XA#aCm~qs&npF3mUDFfSp8`ocwcPKbbC}^KI-)NXxXrZ<84c;X1 zS&fQ}mwi}W%YMT`H0?u0S;90uT7PVF^IKU+Eey;+>UTRvTK2dRcKFMUR8JjDow!}| zQ=QS{T9k}UVJpV_2X<~zG;s2Ut;ZWs`1>KcDXEGk_Edj?B*zU?k9&OD&8{If;_`mY zw5B`zz8$R`CTzv)_0tf({^;jQ(1%)_59`IIHeLvGS3Mi>6>@+(5MfSjo*$GsX7t_H z<-2Y}?MaMAofO*L{oVIG@ekkTgg!JOD|e-p2j8xMO;<2_7X82K)7A@5J8%a+=W}jB zN!Te7w6VXfJ$BhcBPfB1>LCQz$0*xC!_{bK$EkMLEVxrReAj-PcaJ1=v$noU7Vh09 zUf2=}o5KVQeCnN>w~l5s;Uf%WgBOoXEz-461R&lRn;JbtW*}r7nV~hh;$Fb25HRA* zZ<%6d$3teHrX(wM!O?fyGKeBm*SCw~79K05`0uo6S=i4sxJ&Mxir59$JBiV=E zcCn(V9cQbeBXxuMed`u0)>sf1u7dza;CSqjKN2bJZcrwR;7F|FF&uU#@e64!zt1*6 zI>KrJ>$(@(tYydfo4D6jjegvT9W7yW+iU zswO_FO*eZQ_q9kU$C?|ZP8Z+r3a*0f(Oj8l(L_?*rmLSKPJ~h<<8PjShd4uiUzOVC zN|50W#9GKtW(rC`gBfM>;+h#8-5sf}9QC-_(+AcS19x3RumH>1q>fli2JDfX6?VI!1> z8M`E4!O5yBEQ$H!+RB^&_ujJxHj9;}(|E6Cu_7sEN3oNoLQ(%5H0#-qExkJV}+cbDx_2aZ;;B^?bZ3Ix&y-Lqy^1 zicUl2&ymd!w__Y-8r>E)`VbM^JP%y&w|m1?Yy(jL$~k47Yx~BwT(%19=N65o)WEt6 z5|qR1dM;>A$?jDN^yHNyzAFBKdUiGf8=tOT^?ds(aK|U`iPwkI8k(}&o$9>oFEEB+ zqEV*E_r;yIj7zxTI7oHW#IJ$R#7O4iVgQZv{mpS&o34h%vqTa@LR(zjGwn6j-R#p> zgOcNtQf}X{P6VYLr=QHO4$*V@}SV(;3qCLW%I_GMIMc9Zb`r=3!EtQ&y5_Cp}`$KeE}hV{DL+Y)zL9W}0>7S>ZGNde>2s z4pN4vs}yRo*!y}NhnG_pw0>dt-5OhkmaV_m7|5Qf>}X=kACQ>nOE+JjB&d&@c$PC+VreW@GL8dXN`b(uCq z_{htQ1TocE$%4b7fo>VHs@x!wq!SmrzfPUVI;`thAHR;m5jjo%fMh2^kJN1eoSUmY z;(ubo&HH%8@3&H{wbo#p7XkNix=L7a6`kPMPYdC&SYSLxfo+*@vV2-ndVSu_*l2+d!nzLLlXU=oVpZ{ILp zvQ^fT(|_mN&R|B)=PyaYD=ZTu2Njo`J-ba;R`wMNw>mwjE#+fDKiggZjDulZNu({C zqD9RV%Z0x>HQepJdN3^%4ACgehuz37UmPsA>vB%8m+>@dCXP*ymToc*TNx128vA%g z&Wdvu!YD$jG`ajk@#?%1Jo{!yALc=BXFI!3WNmN7_@EIKnp|F{NH9C!I?s4K@pRQL zQ|F~H!|afN`k>Pvg0v5#?hr0`XnygU3oFmu0$lc23+p_g$J@T=UsVjsk1%)dz1xNO zk&T=i>8P^`7FI)D>8w%E;y8AKEfi;j`~{zj+-=cnP;kZ|prlH*4~}YBG)&S& z9{@?4@16VlhpXT$$T$|a;8bEFvjhMm^auR>z|;!qCP>EJ9;51nMAfqM-CEQcyhJ=& zVw3y?ePF1;T72(mSUaH{5w`L})c>9}$=z}XB?;wDuu!f)B=xI}p<_ep3|&5hrdD>a zYS_W}vy&e;VO(2Ga~D5wYAnPE_Hvga;8ijJ{GIrJ1k6UPV2Th$7{Z!jWR~+>4xQ$kgq54B4f1= zNh5dm%x-_H@_7p$V*>2;LddW51|>#+FZI1oPGQjU84@IQ+rdI4t;>fac7+c&-WfLD zadu!R8od%o#x8T{bseAOYVOvA(qb(pI3F#GaD-+Jw=m7@CJ`AA(u)K(78ZwoG|SJm&TE&pI$_v$qb)Kj()hxij1)Mhxo};rz*vM9NB`BUS8wN!xCOYF zA40}95O&|=V|}%$@~sCU0Ef+Z@jd^>jQ+houm^%?$R0#ChQ+k#pcOVvcfvc34yK7G z*B$PdcMRr~r6m1WgeVLTrR!j}Id(+lnHJxP#NRpSonXvliLo9 ziLy)jAthhnW{u)*!nzdopMtRN(pJJ_OV8IL!ls)d?3=d(dIyp< zviK-EUbahDYb95lyK-&j=~G)adE`4SDH@Qe-ek)oiGDv; zHjZu8;#$ARCtV*L!IzL-%^B0@?Lq{`rXe@9x~dgp#1I?$J z7Ns2Xqo?Z)HwI2!Ge=F}FFCbnQyCvON$-wdidf%lKJR!90bO#Qd*=LOzCge#EM-2> zOXzNN(zzp;UX?Q{meAOfd7;qe=2`Wrf@7Lhd^n0bDVf6_9}Qh8PAs%8Op2>fYNJ_B z5fF5(pqu-B@6jh3BXm;Yd%jYrgDd`BnU)IMr;?a)G||gZojF=+glOfKpE;i&SK)3f zyox9TWdqtmj(ETaRlELp?+{d+s`uT zM)yvhqf;#NEppR%IVr#wgG8(z!#1~a28Zsfxrg(>J?u;}eZ1BQ^0pi}4)f9L)`3_| z``6Y!-wp#781RD*2V;*cM_hePz+|bcC{a;}8WPjSnVL)HW@5On~_%w3Bt!N;mc=ht|>-w70d61}`Lw1@;shumho~=(-%0 zl;Ph6l0#5ie-|JXRbPHjWh7G8QTjY7QKC4IbD6*N&@&&6Mq(%}Zf(}sn7yc#&i)!$ z=x5~ebQPN#TSWd&W%T*5R*KAsHT0TkRs1B0+7*4-XrVooMuOCpv#H#(#SJEw^KAme zVY)|pOlNVH2J3L$`ngh3B@{OTpEB$f7eqBjGhNA8%cxTrK=KKh@dAvZ)&2W04P=^| z4W)I~GR^nAOp~n(rZ@w;zPO?90o^!D&xu+a9Qoo!SF(S99so~29k@mBuTgYtPSD?^ z=FzWSrVmCdS*N~y`O=AFfKd3pB4XvP`2yb!dNw@@fPpZ<)Zx%p*BCH`ud`!w?t*=KIB zif&c@;>nX%5P`M6h__9=t=ufT&QW=tNsva7I_gX%*CtD&MLpAnrn&qQJ53%f6Q>;4 zZ*4BBE9t*hRfD)Z#lgT(g~79eBr>7WyY_l39}Xj)YJ8ZOLAsmv6+}`p9pCm?~2p zP4bC}iMjhIh(;<}*j!cf0uEYyI=8=jN<;5CZkT(oEyFh4*f6Q}-7bl_FW+7jF04PI z&HcfqGh44k32jMW)Z@*m0F-a^e(k1&%*e>7CN{Z;h1`yq@AY4N-$ncr54`QK8xI?u zqewS2-r_mZ;2uYI-qSryVtka)^#sfp{M*54$(`$cJL*z17>R-dD*o~ z7J~xd`nigPf85@(qayb;23+HoLcSZ(IM1!lx{lpRsT7j)7>xhr4}Ta04D4pCKJMFBpR9#KF&sO(-) zRJWqq6kcduY0MkDhw29zc-letijPC8h&vgBq!pA21Um+BYa1D~L6-LBRwKzT5SfJN z?3AX-CY3Qql+T{`6w~sQY23&G4bL~D`^bO=Cr6*nm9fSm@+s{6v%EuE4+gHCL%LBzGB_Z;Ko7e+&v z(lMt{vi{V}j|%-IA>!02L0Bzk{v`QV)&)bbcvuxEJB6>M(w(uWv2d?bA{t&ZB?k;I zwl>(BzT~}wmFqv^40_Ctg<4n_5?{E_oU7_T`%^3pNo{~lzTnWVn-aK(V)G_dk`yJFdbf*8|h zcbbI@`SPY{6+dwvbX-=w`L$I$bl|?+%Wnmb-C13)P&m; za63zn75w`1k(@{CG;+MH*Q6!st9k^5rZs)X;UwN^3Y-_=Nndte;D?mEn=vQ4&}KNv zYjK^!@pgsa&zlmD157$xVVBM2FaHoERd7Z({b5&dnjxm9%i3;tQw!wL{9(KD% z>BTkK_|xiTZPX_mm9^>T;4zw(xK8KHK}+a(Iq7&F0A9zZJ15e2+<~Gx-vyr*cvRwK{7Oqv;pmNF8&)8JrQyp-()>T?nMsk1M!lPUq% zw<9!%S*I_(K^?p|9mY34!9@5(9t)m-%Y@H-dQ|4wdC$fQok-H$k*sk|t_2CL*)J@T z=V1r8TW58BODETr9$nC!Im!@6=^QLWBN~{6NFwT)X}q0 zTx|ceFCeRAk>9$F1_v6p6M@$J=>gKJU-Gy1b6n#B055-nmom;y$}6oMV+(MMJ(B~! zf@uevAEt$|-;NRnc!(&E5#sAxY9!%Kt*sepR>9QIfC4&t$HG~&rJr{t8yX76b6 z?+s@gz~5cn!@ zM|)a02xc!TldANiDZ%9vrl{;s0AX)j7`F>K;RQmtk-pXILqz9 z!}ift1Q+E2rcsgMukNpXJ<<3of7;g^c!lP_w?}GRIuI}fhb3)?Ehw}9M65wD39suD zxr~;Qtamr#6NN&m6>ipqAB+7)t)IoUZq?{*{zg?gVXk*+y}bPan25yp)^9b@Zq%J)@vHFbe_kK#55+X zdF)kf7f0~cGB3>BEZCf?Wd~-iMmId!C?r;JMCb9MdSkMhzZJPc{G8|E4i|SY8HBM> zsM!1x7w3mIBMAgMS-|&S40C7Q;V+H*{CJ`~l*@FQJhmJZ+Ip)9bsuvu4S5h(bfG18 zy(6>MQqUC}CC*+^2P_+NT)senr?9)A$aD!Jv z-uL{_IIPPLxCqBb+%5`EN=ik=Wt;89VQVcEtzeHUY&ktulp9;5eL?43!`zJBS^dDUKxJe%ML*ZZ%LSjVcxB`2=gIic}6m`U5Ns|vAchQvRmcasqpXO10 zFoMvEHN15nz*}#h!EfWW<=-sCx91pO(3z1oHoCI)!2<7C$ZD*lBqk5S^J;XiwlsKNNMiH`g%7e&_# z#;;lWZwoB#LZ`NDu+PXW19efE)7-h7)Xv+TS5Qx%5!8(8^n+|hsuxC~gc9r(f1yN! z724P@e~0wXhCIC%M0k9RaBR6?#xrcbQow;?kar zq#{cbU_hc1sR8znb$qy06V&V%tTOjZNf`_0pMB*v;`hAjx+k4~ebN!4_4bxwe#*BD z{#;_9leb|fd)^d=fRNi|Gz=!GmYz?(e6hIo8?(os*6SnO5ll;2qDqef?o`t_=C`b*fY}~X&G2!&kb>D z;^;w>9cj}&C{$UmUaE^S$wP}W}OTYTrO zUkhh>4iFYBkK8*Uj8P3`uW)^TE_%@t!ZFw4OR!5VjrIQoY;8?eaui+~(LnhA7`x#z z8opK9tQ};8$r7p<^fECR0bA_$5{`UkR{1*1_i9(ZZFycx+jjYiZ*v@RM*9992ZFzH zsKT*|1@q=t+YkEFi3ILEM0fqgix;hi3e9V)^OF$ng&|{~`cl_vC_@vmYX)mC?}gsp zC$c8UJNyH%0||S6v(v*=l!F+KlCIq+5XQU3Ht((YQ2RN;Y&3n7gXW=~`}bsqX4gq# z5)%e@eshLyN}4qUAP3#mX>F>&eITUPI5+yj_Am4BEl_(gf_~?aW!mj28hVTV$;O5$ z+gvtn6u-%@VT()?u?u#9<#)K1kH;QQ*;cS)pQi_ySmVwQeh^aB*3jTvJj(1yb*s!D z*RK6R9HoT5Uo!Ln50TY(@J~^OpQrKN34Nsb2en+szXEQXJ=)NaN|CDH4=Kp_wAWJ^-N1aGJPPuD? z(Zk7qL~eR+?RHhtP;*P17u75n%e|5uN~m=9`@B8hCQHv#=wviP%XQurO~K-E*BA#q zN^4InNq};I7NKv$pZ9fN7c5f1NMy=yH7+P{*McpvM)CmZ&F`382;+_Kk*?CMG{9lm9xZ@OGZiz&5_ zxLZE@S+sHkFLkg5Yd4@s{i}vA0U}f|@$|qSuLDMbf&H?H{Jd>d^BL~TKhLFZRP*8; zq~3oe$van3lW!8>tJLpjS*``AR^abx$*QVRf8^<#?}FHZ@Okwh?yTnbt9lKnmdiL; zNyBjg`nfR`-ktml?&Q4u4d1m6^RqkwAT_u0kNg}=o$~;nSh|dVv3lISO%4ZgL+Xn- z7E%q-qmG!;Rk_j2r|bAsqc{D*cK+A-=f%mq_6K8lDGAm1QA zTpjKskO4k%n6M>y4GrRTah1CgJk1NUSI_#-7vK~9746czziZ2GeFy3s4@0?T?S+)e zK6(7=Ia>tT+B9nK8ma2AHBUz7kS%ij&ov&t0oOQ(SF-1IKe&JWLrPM?7hvcs98kc} zpFhWsTde~{@ou(RQetf&Qy*YvwTS9k{Z+;DUj=XIrQ?Iz)f=l2(7)+^f$`+m}8#p`eF9s`4-RzD*U1ForUuqpZPHM}o@Ygqi_B(VB<#=Pv&2PY98mNHk`!8FqGGVS+!3j(soWC%XDil)q5iI)S3>uXb*5<}_)qz?Et1qPph{A(oGsM;&{26%gisrLJf99-&djhGxP)?6y0dFgW z3BF5G&s(*n^!{};5z2YMS`og2?K!*hK`-)G&vs?UtIQT6 zdO|fM36vgVoG5CAIK4OUdE@ar^&m#$LZu#((jHn0V1544i$R_`Btst`v=dRtpcS!tjnJ$o;mh@pashJ&y$QjxS7R#VJ#h zZga9ixoF1+o4yzPvyj!9XJuv=Es}ZE>ru5icO+V?ll5poukqhL|GM`x!WI)X;p>Hk zg@>D_Fg(GEk@%@HhE!BP7d z@!_N&Vgj~{SZAV2_B2DA$eN91oY^T$wiQE&HE+gr$Lge4yq{sJx$;lRtI2|59zJi zQ}GRx-@ohim0Aiyl&*bO5--X)0G{q;C_hgbgEv|zF_*54C%!n47d!+pEAYI13c`rK zOh`t`ewbdRbuA9~CcCNl-otfG#uB7+Y5}EwcB^b_sBW}#J2Z6yMGal3P?9}%nX4aq zjmKyX;Pm8~D9&^ksoSc7v}?O7)z-rHrU{VDbdsO#bNXsw7ub0wn2VS=8!L6=lgIV{ z6oT)O^lU6Sd(GP0X3YdqtPT#gR(SI^q5xG;=@rNp8aj% zj`9<_`i@m7*}Xc`W}XHX)_TefD^Y&m6MA@hb1j-`V&R~s^K0kr+yDHwmcLErLtr_s z=u14{#YFtqKDf4|fT(`Al6#ECkt6R_bv<~`couZT6gS5kipCE5m0kqt{T!S2raDD* zWx3$3^r3?}`NJ({T|P|^YE#^a@wSPMH^-bNKDB7rDvV~8J9nN)t`j6{Eji_7qJ6;U zW`|+@Jy02?V_(huXCjArfL*i;y<$STMy-{hXflwBhQOxY7zK3J0J2Z;8Rt@}k5SmP z@{#SU_bZT~9V1wqnYmZg{yx1^4!Tq9&4DN+)r4jl9_Z>D_Tv8Z|5`qG5U#8ZS-UNJ z%RK408?_LiiVo4yLO$CcN3Y}mc=R;q*`tXi7EO#IN?bY*^B|to)dBn!5)fm748_~V zF8}5kwoDEY&>e(EMC`2ZYA&r7dhz*-g#k&}4ahv(aV{|GPT`JO$izYwxDL4kl4 z9z`k@n^jR0dF#7$s?}lgW=+-I;s&?SpkXrr^;t#XN`Ts+3-N`aKX=SRxwY>sqz;-h zL;M`!1Q1NP^(^2az?z2R5pE+3*BQ1TF9<};x-~JiJ83pX8zykk9Q*Czt;xy`zqSHm`|Q;o?`!!sLygwuMHX90oV{GU>eAE;6==GtQ1|IF`qZa*Kx7| z0t2rGI$9x~7a_Xj>>gyY>u9B;Kh9s$y_EL}K(>ur<>tCeG~CGBaj>r5DYAy`O5i6K z5XMH5+nBl*CtA=AG0vaGO(oI^gdTfZ>~ZN@ZTe@Q#1P+6QA$)l*0*&|I|&A5UH% zSlOpK?l<{GCF`0Cr=Z8GO9zCz!0|3C)`f`UTjNuTUg`k6MyAv?UX9I$R zNbWpXqj_nZe$uvJPmU3y+738%P!#ZEI(1n|KHFzNa_mxa^Br4!d#cCak)j9wdOe0P zt4DQdrzK)N(;EwOkdFBIjBWhR!~3RjxyPj*5o%2*H^bRx30 zer-Biql-Pu?W3qJh{np=_PHR|=NOSt;-NohZ0m?_oplDtNr_6E^M6Z0=a1jQUXG4Z z7zlW-|BsmHek6;soN^#>&+|=`>h|0JS)85Uz(myKmK%M(G(Gk@oPOamC`5zB7 znMX2#I_yuScIS0|^KnNXU4LyMyfY|Edp?6)b}=?+fJfYQ+O{ooG2J=SiV z8PdC1cm673{_c?U>e>1z@jjRv(iQj(k?Ts(_Mqgxnjqz80nj73>Q3c|93;-&lP51V z*H6jF?ZjABMTr-c*V+6OPB-kz$8ocffUIxai}Ozfw2W9karK14>4(RwPyofUDgyYJ zG)+>Qsz?uh`<@CBQANbrrYN@zp&RIxx|w2uokib|{5>o|d!9UxGJY=j0c|$qWFC!l z>%t@29u6%j9qIeqAcbeH?(2cjJU9CpfoB+&ByNEiSn#0Ii9l}Xl8?^xeXx`Ez6=vA zlAGu}L!oSK`0DiW$u3-pqe1k7V-Pb7UOjJxV=*>vC%Q3dkRt!o)8`fHR-|o`*@boI zO%My_zRs=g(uXv?F8I&WP>N)1U}xRr{jGD9Zm&WT0Y|r$lst~;>{*#c*tT3#j;(f+ z;Qp~4Ay@aLvFjV^d1k6`^To@Tq_eLV2uC651axO6I#smj#+tSLV|Tp)`!K~vt&kTs zU%2+cy&TA#-Fu|>q^+7V&zPCaQj*|T6N{*-h~W_^hN-%i znE!c>!*q~FF$i&SypN~td=Ch!USvN>H*$7NN6v$c7GEAD`|VUXNIqymV4xJx(fwgN z*7Sc(I^|CI$6wCh&gaF5I&JeuT|zSI2ECaXzy)90CU2@{O#xlDls`p?{fi6|3?&iSi5Xhlxd1K-NQghy??<@J)}CKq7Er$>dO=hCj4_Fn zH?&`I%{ksadW#@dP7qc8Si#izx&?2)MGXs4KJx!tivJ2kUmoWNQuz~3P3DqQb5KHeE~M+nU9%PfEzu*G}2-QgnGBwI(Oy1vT*kZUj{XH(?V0Jy6lK` z6gf@V%j?2-?mSJ-fuO#kU-lIoh{o2cJ@96T$$Znfl_9d0b+5kthh-oHylJHMKo_Ki zyWZ!#JK;1c%ZqYjh8jLQbU)|89>1>sSaWB&Y*WSvyw(I-L_+@RdpI_o#Y3*r5&pC+ zFv`=+gJiBtA)JhU5k&+N1JlMPk+BG)r0cOnbUVcb4^c3kDZmtvv}|#vK&~{K%K)M? zC;j+_cAJGi+}#G+e)Ify)Z;Y+Z*(0&iwVwZ+nddv;kjccNE0(--D90@L{TydVprV8 zr^%07D@6a#c-IV(Y+VFHI8=|EwEB4i`dfzQfZOq$`%7ng z%7DlZixUuY7if|SlmkS#`9$oC-EZF5kmBV`E{7T+3lr|OoQ8rlCZCG*fcK5&jhvbb z$}tQv`Wv!uIC;zbWmT$5$jInDmnPV6qw~iwt)A~s5MXAjM^oDX(r{u+Le~glK^h$I zo*iP_>UYT>1FrEfX~VSWx$D==;VB~hK(%!?(?cuvq*W&_)zY$`!F^Ud3t zS^k@*pocR-FxMsH5dTP4+tp2|T%Tm&jXO4P4*( zx>)83%rH(Rx=-Ne8G)aH>Ko4TR^)$W>x{lOf;%-uUtBEqN~h25VYBHo>Kp1hcm}F`e67q+{Tv&?*-3gLVvhT zSO>RV!lm80G^OsTt+m38ca@S7i%(3WxR%=v_xWhp+LhZ!0O1S-$BJ!=HA!~vDlnS~ zEwoE@-?pk^sewD_NDSoz4EfU)iOq+9M1&!<#caM6qv5Vc%1;r8?kwL+z6Pw*e-~-z zOF%K)0&Y3{@V?VfM~gMJ$#sYxUY4Ay>Q@>hDNW^rJ-Xdq6fEmr>ybp*K!JV9%gEPD^VBR^6Z5VR&MSD zC2FybpE+`L!x^`uVcH2>R`s0nKG|h92=grWvI#iigHOKo^yD_wH0UUWe!RWQ4yg?7 zO3FAYp}71pqO;7YL!UOE%F4Fo&UKs|Rjx*_aRJB*GTo!w4-|l06>15%^gzC;cS8uY zXx;tfd1NW!Ksmp+iwlfF+4UNknt3PVIbcxmAnQ zTvYqIM_SWO$}0DzJIc=P+v?J0lgMOv);L6#QniBT=qw*I;RtJ*3r1Jw3t5ua7l8484Jbemup$UK+Zz(y2vm?0Fu^9VFE#AH8^@q#4QzS}^)<5^z3w)ut7R2(yCgw`1iX=KGWVQ;teV z__SNckyZ!KY~bO>#Wgs=FBGh~a(JNgIWd!SO79w4e*AgAYd8A|Afg)TBX4hj^?wPV zK~3~KQ8gX_XKa|frKG=OwWU}1bzbMGuD1@>o6iYYqw3L9ouZ>JAP`iJd$E}C=LxSA z;s1u_VEec7*ohn!$A_zkx#P3>pBjimD11+b#udjG?z~9xcQZ8x{+^ERha@#IVI(dV zZaw!l74MQ)*YM@*m0jryj=UH6A1eU@IYY23e54y-;9s?6H}hb#Qja=U_Po@19rs`4 zsr^=2g1_%%me(!U!`ew0G@H42@scWGf3(-bLB~fGFhaodp+nx7`+cmzzL})mKBE8U zEB@gz(FWcr+!fe);wGO9uS@S;a=G32h#gn`5Fh=XRPlBsum_pIwM1Vx)%jq=H>xsp zqxeQ-)Ya{u49?S22&uznxz!`3{W z6>LNVdQ@@KE0EiX{pwQVCUWV8ic~!h_M* zHsR`jUEtLK_d;XO907>vW^mwpK-&fLM2MYkRAYhqA0TdLJ_rlbRWa#jWM$SxN9uDT zjW3!$%*be7xFYjU^poeNrFr%jyks`}7wkU1P3XlEbnpM#KfE=F1NZ2D_5Wk+z2m8V z-}vzyDk3AvTQZ6W*()ojg$PA$ zT|pd)tnPpEjRPP2EXa-o(;Z=a_Tl{$v;Pq2INgaG`tkyZzY~PJ+*)=T1QLt^??D|Y zk?U@=psf98ns8+6daDs^p*6;0Cl=r3pVQh+Iqk)dEEmGcqx*G##fmKl2iP6#8~3CQ zawi#jX&UHQe39yd{FA+Y!`+_%VkHD9aauTx0))WpbWjL?A1vA$VN(RVBJ1RXk43Hp z))Tg0{xld{XkgbdMVimXzTiz0OxNGt^73Usfq?@_Pw*03PD1}J&X22@idi@1aY^}t znZEIX&JaafXZdToJfC-O_P419f_DL`gmhR7Ym!i3U<Ys&%55${|P?SLCceR2(NJU}~-yWmXBv}1H@Z#(+cb}w~GHjCv9Dcen-DlC+s zy{hM=Zc9Hxnikt5(WiK{K)pY7I`3|OU$AshOYj`Wfb)~S<^uyX=J8~uu{{@RXYTYi z5%2eo{c*z3DnObQToVS`=1nr~+#AfKq_5-EscQl{TCQHgKXKp5VNrL&T$vKIrn~fR zT?@Dnr1p41SQgbG@o2)au7s{!N(sAWruI|VCb}o*XCFx)%_|Ane%Gqb(0;d;^=XRv zCYO*UHE;3Q;q{pWue>SgztsqIPs6_qMhIxN!Ad;^crJI zo_bnnd!al?HC<&jB*w!S5?REZ4o!314+*e;GSfUaF4NP}+=H&Dah~$JaUkN)%-bHT zu~i?z4?IW#`uE%cUl8Y+$UaajrmYRLUw>j<8^Sa8<9aVGEqQ|Y02KV~D(04S2{9uS zA*}q!MM+(uk#YiNW8xea2S>c*7n^^C68g$d0QaB@aW#EIN|Nt`$pbT9?@M`I=HgV< zzT^th7w=-FPoFK!l77e;9=EL;Nq}Z_^J$JI>o-nfN<`t@Z$uBN54j*LSQ4%z>isK^ zfS)b_&>%gY!p@t7+Kx0O<*TV?NP6Bmao@6y&t$!gI%8a1=k~gp4uBHf;cE8f{-^Ix zqsRuDxSb2%$#mx+#AW4I-0AZm*XEx$c%%u`ig|i)FdOw9n5iD&&GN(47)f6Db&For z+6L3&yQ&+#6`UxU(nHs5cXS@9Fwk@YQFeuj7!n-EZ5OI8CFU*oQj+&^dG{1J=j{3HZKs+GNrq1Cn zv5l6C-#WW+dDSxGH>VdN_t~~z znDyDsLJdwqn!RQ5q{PtSBYzAqCkfvV2@L!GJwY-S%{v3Cu?ih`s# z?2Iz&%~n`97U7^$+LU&Dp|FXgSM7eu*@igl*B}FT?{!W*lM_=uvK-Nq>NnEuj6J@0 zOjb~6mJGR?cO+5+XK}^JtU4}RJV|ixufOl38jPiP9LmjLkb@P+R`D41rbshBxZkUE zKhSE}e28S|RioG>%{WTtnvlFNa-n+0xps~#)9i72r70S5`L`_%4S{6)8B=qKkXg2r zRt|FR>5*8SqUJK($ohQ&=YM~99;zD~MwVSKAY;$pQcIWh=4dHr(piz~J%Wico9PhP zliE;v@LbnKMdU^D(!;o?-%n-tG=x#Ip0 zU$y{W4vjN76rm12#MD37^T(dNgPe&LKI4V!)z%xc1B;k4HB35r=3aNvZ;E~Z2W37l zd`)%%>g_fxD`VKbRT2QRa0|V09MdRERCoqMGIcHRLi26$A+|H~bDINXzlpH>$sTH+ z?740s@GnB^M=^L1BCy>+;Rsmx{A8*bE+Z+)?q8R%rv~;OMXCW_;%2N)%^2_?{^~P< zknu^h4F&U>fH@3Op55+zg1wef`mF-ZlDp$kLds#+iuo7<<^Vb62N{qvift6)+hy#Z z0E2^Jk;%Kps=+E*|F+A$ElKU|8MX7ik}Z2{3HA-4FVu~wPU;U=sfl!Y9xQ1$ z8{4N2-&_BZBUBYUWrd{4<`FbizH~fra8Fb=A>|b!>~e`!oyZF1;^5_WE7R_D!N0cx zXN`d328K7|m#=^)h>X9ywMU9ss3w@lnR|M;1n&6ec24B&fgBZn?tPbbpPIm&?_TMt zT_1F3{TYygb%1zTk`J+>`D*O@jI=huu}}#8P*5{{LQuTvpLcnZ2VQ%!nU`$=90Wrp z%?Ckiz;S&;p$Mxt)8uaAxx1RlNR25|r*fUtW-R_@j7iNuEFXFp(8JY7@%0C&!EW8* zE9veFvo1leIrQcP4VYYBD2d6r!LNCh`;N8{Pxt@&aiIV@80!xs;s+0tKC#Dna5tc) znA+ zSjGJ%HFB~V$0qX!d|>;{Sy{l57if@r2cgl$KO5;}_9(Irlt+uK)$9|vFWK<`DL_+& z5g6`}`0qtZJF0M>7Z1G$Pk^gZ#qQ=3d|}Xv3f6~+K=>uH$gasR0TP;k&Fagh4vJC@ zK=qeDbSbMLbdE42@*sqsDQG;tv4@`7-3K}Q6hLPpa|e~586=e&KXr4w?c)^sSABU~ z^GX3~mW?X#oaO*mbC0&(ZtrTefW&NPY)Fq1(WXUkk6aK3^?Z>UXv+D%Cf)uN3UErs zV5%Uv2xjuVL+;~69?}V9w}Wiqmiq|^^*1rxy zEeXhwC>#;QP7iS;&Fi#1GTaAbxMIr9Knh#oxvQCm`snCj>UMi`Fdp@l64GWckS^>->Hk>S1RwAUc8Yx#V=VyBAa?hf)F%SJOHVCbvUe{&(7jAfB|4Bk z35MSYG6sgWgZ#_W=F-$Bdt!^F4@c!wd`+I=Uf%lE@|6(1t4z z*jWTDS=?nEA8+u;&6NjWkKK>AaOv;9A z2dGJHeKQm?uRh3hq=r!yRm zB}#R5!K{OBvINn~%hi!eZoWP!urC+uI(3$P;RE|W;s#d$a_Nu93zfz|e$MS+FcEin z>l=z{IV0fd#%Rmp?N_1j%jD>1-%vdPbkj_9Jm<7O1dsLcoS>ejqbXQ=bZ?Gea1FiK z!>1PZN)EdvYewFSR~AE=xp*(E{J`9IX^x4SJ2ksjxzrm4IsIxktEb-Zuw7A9Dl}l4 zvhcMVc=G+C1Z<>K=bFl;1PvnEoSxhHhiAKRVFcL=r&Xnu2zg2=6HopBKO+*hot_@_GU8_*FR3 zyz>{wa37uPv)EU>^3KI~^vl17#qyd(@CnTUb)Mi0-_XEy5nzk;ir%fw#lNJ5NJV(> zHY!FM|&!>IZg`#=a`Y>@NIh{916?o;DN-su&2(H{h$R ziZD~;a#7f37sz=~p%1|p&td#bsTItL3Qx+E3Sn~8{?#As5L)o^4cgcssAin=rEGVZ z+6=v&iAh~l$F;nHJ7xCvxkF4ObTfy?6iFnx?|vlQ%rH2ctItUKjo7Tf<-KQ~JZl@t zDM~J$jw)^$DJ6SJS{oAl-@cgw7qDAzq7jGsHNl7C?J^R$C*N;JF0{A*5W7@Hc+F;p z;L|Ipbv{zc2xFoZFw54;A^2nI!Zx+6&bph__KjJR9J^NiWJ3SlhLM}8-~EsOpmKbC za)D*D5oL0$;RCnf97VPYv?nl!^)Sl(o+EV|+4T-TW}`V5n1R-Lb(6K!67vL0N4H6b z`_RLFitozh>SK1O)EMh6u{l%Jzc$Z@7kakfQOA!E_Qx4Xv$`E&hfc#NOZ4($PHkn` z<3xKTYhysQgNu(^+DfKWO$J{dKsfF#^vZVGKy|nRf2yuF;>#=BM-2OI29O$Ohw|-b znofAWhyouPcbgF40Y@&xsFanD*M%9fx|G0pq|F%nk9+?2pBQY0MnLZaGIuC9cbHiA zgF{b~*>RF%I;>6fq#Y;)X4NwxPb&YmFJw@=MkuI8NP+S*y6~yRwxF=m9lW7{csjPS z0v3vJ`!|FIPy~SvBuVw^9Bpx5H=VNE2B*U!)=D0yvxa8COs$p%PHmMj8kg1oh5h(Um&sOxv5^rcT@aB zxr83NyrvkFYD_A^HEgHQtFtNG(Ujdm_P2fVfpY>A?Q-mV69*K&-)mt(Z`*=rAwHjQ zVJOyuv+kFCW2UBlO_91lHcOY56tTv9Cl&DsaL4mAcR%7|_;4TbSEt1HVu4+M?ie)W z_!36|qDB*ZC>|Wxo-N1v;NYF!UVA#{i1ZAFyn%twOr$c<@7;LDyvk)9CaHS$9%-Zi z#(E9`Bk<`wZ!>e-Gxs}!{|x}zFypjWm%f9(8)g=l*??^hJOHEgzvJpUf1Ivfzw?TU zgBTBF_!Q)b9Gu;BqHbG0A_!U7mG5Nz+wD_Rsg6N{k+6j`?iNwrMF8M} zI`U9@Qvk%2s;Y%n{8M0i=C1Px9rG^OrsJrmLLM7X0!Uq9=CiiVN1yeoM;7WZXcS$v zd%4T&#w@XI163{QTQ2GSjG3adp`mv%cH&bU%pk-Yxio#gZu*pQvFE>DH4u2b*45@#SY#&>SG>aJ>?zt1IrjqoRVWaM@|Q}#}N?#xYxJ3;Wyg9ChA z{ZFQ%HsP@XGT6@|eZOEY6`|~QcND*6Gf=k-_LeI-8j4fKQPMoGhz=5uq!r@&Ta-S@0^G6 zY^V>oO0o+Uj@ylktT(Eo!nkZ7yp{G`{rW*HN16%n7W^LBZ4D(W#dTQ@?fhKjoXw8@ zA14H|JDQ@V#yMr0sy6=d02R&v>%bm;!|#|3_%Nx{ehlJJ_%z9*>?ZUV&$0TslPE?9 zPAH)EZKeeeYN#jnb<2Do-Zd5LuiQXGUV6tjcThMr=X~8vKq(pD-%;^2i02U{42iPE zfHoyxL|VzVA0&39ps(Tur~(5)e|4!kN5v3riUHAAfjV_TppOKWJ}Puyaky;3}Tf(Br(()P_|AiIf#=Re7I$lLbH8P6>7VO==nt)r)^cG z(4MPMK=McrjqIArR!Yg@zDr#Y;Zw_NLh=!xLs2*SR%>hW=wC8U4ROUScmmn)!~}}$ zLSf+;W2@n;0eZIw0$jHFt%Qm*b_loU_q_mLh!f?@*EhZq>e$HVxciS}i$TQvz}|Xr z4QT3qTa`)3yoF}LW@j-!aI)|`#KBC(>YX*ElH51-d2_!H;Dd$iJvqri8aC&qxNo_u zNyC!Lp>$X1CHMHu9Lj8&5&Logy9-cA&>y~Y4?EU(WJh>BK2&d^d4CuB`7GSW2^ zo>#{*)5LUnJ1AjobOL4>W|3V}zHk{{WqZjacPic8gwpQwcctSGI`}>$z2I@tb?rn$ ze^u3~81j=LT*Gk?^I^$=#$S)5!-|S#ihIe$0I4={lZ*C#T29u3$@`3zMehbn+mH5r z0?48I%p&RaTM*)h6kS+?eppSf`ek_9`%901aDm-im9Cbu6wpdf>SyV2izrzI!=h*b znYe{&bU)uPK~aZ6%`N)AW(HF0??|8(O43on>|O0a9KbnIA;b*`R*ir);~iZOAAM6o z^`Q(i?zai?5f}eWH7r%TR$e$3s}@J>Lvl>uw3}P`o7sh`w3TBS3yySqbcP5!4MJCh zzfJ;GF-X^yV0PBiux66PFfhy?J$23{e$c+)yL9Gw_y_3O*Ey-Bg@Lzhnhl(!=Nxx8 zZF#Mn%E>y3M*t_ACnr?>$;s5vxXJ(SIb?qZ`Bl}JomubjGh~s&134F#@EjLZQ(Tkt zx4%K;i#@rO<+z}(Nl6ZS&U5#&lU2V<{MLCV+5*}v&RLIkhd=lu2|~Y{+>BPD1ke8w zDK7`Pdf%>9M@4bX!3#CqZR*Z{yz< z%V6@HT>RlFj+^;8(+}O>`}o9?+{tq?0_^elG^*bu-JqTRkCRhBO9G1HxS$2MD~Y5G zoPY3^XyvUs;u?kRpZ`dbBisz8P!wD4N?E8H%*5oC1V1QPh>CKFIvzsagCUm6?_!R0 zHDwV*>T>S?C5|8v1iXRAx2-fEo5UYLw@_wXXT<1W(swXG7s#~DVyKwU+uCZz)LI-V z-JXH%qfdgxro2+~j;u_(nw49m)G{f5j4Z}(s){gxwAE!RpZxq>lJJaeR8}%XZ{F=} zz8NN)tf$Fc>}XGmB<_4utW?iCshRg3jw4U$YldDj|DnjJLClB0@ZG^`4X|wg?y?mS z2%5Q-S3Ewf!_&+pw!tqqGbtCp{q|~Cfq$Rfqp+3pO0hxhe(NumaV{ zjs;?d-d8`zMn7ChO|(*xvBv$1O1_oCZ2~G2f%>%q;6mX(bn&nQZ&5 z*JcR^KRSgV-0g}hm&dK@tZC=$97{LalI5+ysG=98vA;%Zaf9x2MR`(l6$_3tMLlu@ zhv@%!fzTU}CKf>kowbBCadOIOaFwi?2V*QO=8v9acX`0_XdxxeV!NT2m0Hv{%hICD zaw}?z&MLY4{83TRg)eO4&khIAk=*A@rc1-4QRyvi5d+^H)WAts4#Fn zO!+3?TectZC5qeO!-Z{+@R;^pn^ai^@%{=ejk7=D)4fh$BTuu^hC%OHxFOoDsJ?z3 zOvp4b(UJYLVx*=6eBm&&__yLb+s+!~6}G1M^q(E_@dcV-c*yeg9-6BSL?I}ofM?gq zW~Gqe46q!Xr1yE#dHuJSP3Y*F21h=DzW$#MEk`^ne?Cv|I$IcJ*FSX=VW2hU+_Ydz zGxtjYQL@z)(|{-r5%-oi%3fAsPqg?$N~{6=1`%kHK5zBs4i!+z+m;cn+)K@FWc0Ry#&To6MN#e3A+EOguH!@VWDwbZ_1Bkvi zi}J%+$5mp`(bIZ21L0-6T#{*wJyu#Wgyh*l4nPX=m?ofu5x^U`qybqq!?ue-CJhe! z$qKZ4gSg|fQx+Cvoe#>ly?Y<{G1ABdR8xQ>C<%mde(<>`_2l8<$*!(0-S^g+;W^rg zLGMKfxL&0w1_qkbw>34eB~_d4ve{bMtm3NZBd7+P&XP&ZVvMhWmR7oK#QC;&-kaf{ zMsAi=1Rt5R_BIN6O~{+5=OBBi!N0u83M zg96&(+21gH8r|KK697z!eJ4~VjToDt&nWfwmbmeg*+{UZ{?%Ef+iGe_U|AuLu(0sQ z6DPF{QO>!W>kF#60xgDeegOdiZ{p*JMx6JDa00@M0-jShj$<%+0;GWE(JdxmJ`^q! zsoqNT_~cht#}In`0*Ye07Rx$9!rkOLmAxT5?xL6t1Dl`uOI@Q)WtW1wBBmzd@*lel zU8&;VRMHxB^=I~)x|YkwMMmhDakfftDrxO{-Q0SDP0al5R$v5w$3bz`9@>09QY$t# z8U4dS0~!&r_F0D(xir~{R$XMba;#?2O8k`z#o-$pF5foD7s%iDP)cDR(W<=fv&pme zZq(jbpJ3^(jhDtpmfttU;;r(#bIjt@Y;1A~UjACodr+?K#CQkW@=FT_9)p$^HE+nB zhVxKUemYB2^HPY{WNXTGeSIPku)`PWzuq zDr}Zil8}(d-DFJqjrfOSfpSfs9T1*B0Xa+3K$ZG-(%FrTbK7i;*pH2+^1;}45~$V9 zFjG;tpB0XUim~k}@bfUd1EON^h^cbf*duQ%l(Kji-)KljKo}1)mM*_GIbya{Ps+AT zJ&-~7ld<6|FWn>Hh}Yfn_%FLG%5AuMV#K&D*mI!e5RtFRE)<;mCM zW-gI0F<7>ZwflKmS+jq*+LO>lC956pxisLR@7got_Os0F6SnU(Ty_S_haCnlI=4SM3<&JGZUuZ>qMqE(`RJTGZvZ+-VL z$e%?|D>9WWU2N+1{Ep|tYTJ4Rv6!|#U@~%y%xk3FF+07@#-#i?=F~hUO1eeox-9s;{tvwCr z=I+WYJU#H+9fPYuF4)+6p^RYg!R2-+4k!=b&$I$OOg94~#@SRrqma8$n z-Qly06wFC0bCot-HhggLB^lf*?y`z$*gDx^rX-_{wd~?z6~irj@~p@7Et$0%T%shE zGWwRW+zZ5g)R)LBmx<;paER8I>dkMl*60yA?%B3aCvl_V%37LowI!_LGsP|k-8T5e zZpbWHH$_Uxd!N_IG1@q+ZEBUx?bO{?Yw6!qQm{G{4yN9JL97}F^k!}1*+SaC@|L{P zLEDbc1hQ0i;18SO0_UmB*8X;0oBC>h=AeOrEYb+IT)i*!^gMp55J9+(rHFsI17HX}1rsfLMb^<& zk8gkX<3IJo@-%@5Ha;?RI1w-|x-z1^DP$=VLtg2{L+1h9K{YXQ5+znjeqY7!ytpSfQ(Qo7KIJVla1O0Di#4wFVoD53| z!E&RM!<|q0Y;Aomn)JQUJis(P;U2%yqx*btpnkO*hVQw!4oAh=d1M%x9wu5y_4E7U zap@lNtv}e5SoQXzqzB$W$WX*wdr{K$5nTZCUUB1=`5;?;OViQpVtaz6RdCh%h zjEV2eH`&OA&|(C2!q8GDZ6e*GDRQf4wle<~Q%5P;>QcO8mVw(66V8CGq)#^=h~T57TdO*^cxuYj4`FX>@p3x03ogk^w5Q*A1T#`Vv#u?BKt^Q);%NyAU?e7+)Ju(*9)DI)j%0RA zxVTosQW@tt{i}TQ{MM1VG{udsx$%WG7=HD`&q}F~PGMn$O|eYjyz7GCVO*7=w@p`> zYyH7)ZrrK~Dmmm0S@PqtmyC$^ME4-e+UfT*uNDtY9-SCV`9#@cL$5zDt*l4h+7!W_ zSAnC%k&~MqT%%WAZ9&^+HF|DJypY+tgJYu&;P;+*TwpoAzQWArLTZz~g>Nb`uX>3R z>Fv%B-0TcR%Rj9=V8ks-(b`mT6l3l_VUD*kri#?q1pI%v&pS@hALo z59Jss7}|@;Eb>kexz(4zQ1JMi$2(k0W>9@TZ zW>qtcpYyK&Q%wmQ2NnX2BI{J2uE1*_o-`esYZo8VFqM-l6gKom+7ynh(WR>#=@R{5 z+NRR)zlpF+eX!wIwKYc1bKz*XACa4rQ;~fMMlp44lZmWR(YWw?X{!B%aftc%u?Sra zuqw$E^>a1V3#_O(wB_`{>P2y4$ha{}?tu+|dIQS`+4F!Oha)v3-e`YtSXy5<^|#O* zqZ+cEYn?dDvcWkW^>FeFz2j$BGrjnU`({>Oq*%UoeT>lIyyN_Q)@{AbG(M1u-V2fI zCjP}5Q@K8~q~~!+8U3k6Mv1D$yRCeD{TC+|d)>^@x{tI~YJ7J%6<{%+qfjm90+%D# zCh&27#S^phqy)Brb}Wp!`QK-O#LzeXG=TlD5AA)@lF`fMozSAd+) zV7?ar#(H};?_yytk(=J3wVrn-SP6Uon_XXQD~)4cGoL4vYz#T!Z1DA%rJ`@s4z`tv zo~lw3x6?=HdD5D^;ARGMLyO-2O=3NIh0NAPNEeyK430Zq&oyjIY>K-cp=NCe(IZ5QaA zvslb&o!N97wV|VPB;T;nj7Mrrro}w`nOMH?szGnF$e)^KOw;Yjmo*Qq zbirTN7f9*I~civX)#He%Hv;pR^9)?8`1k)L;c`Id_a zTs*rVmXVT5LfUhIx6k$mpAjE@Q-zKe#>t;xAWw|vnJv|)ACmlJY4w`W-QmsR`L0Xi z!rgWYw^b+ahkXL@s>MN+(vM@SaiM*G&M+ld_qDpAbtl(&Nj9N~LlO^I0$<#y zWJTn5T_+P5v82JxmUN@hDGlum=7X3wQE`0vwQM2%HnG9f>uQfP2L#|lChHH}Hj=4w zoi}Ah*!8`zQ@JO{Y)guY+A(kZh*slhRa+b8(EXN-ycz;TZdUzkB@c-~c5cN%aGwYM zkM-`EZN0lV$2m9r!M+qTWBE96M@_?7zZ|>))7CAXt-$y7Jt3+4c8@j;$$xNti??mA zZ2HIxsh`8oYTE2@(^|9TS|~)JjW%N&MQi$?OGq=)Il0SAPb*#a5h?GSDgE zt`1IpqFTD~ggK1fLLT~J(l2EFr&X$(hzPz!oSG5!*zMDe`k27TN;Jqu8K`kvx!OE>Gl-f^0detLH}@5;blecFYCy(BJlK;Z zCWB9C6*auLk|RgKe5zYcgc#q?9G9-1SN_qms#IQeqkOnXa}CvNba-mpdRzUM(6VQH z3xR)#@8`)c=`*mRQxk-5dHyoQqSp8l9Y)OJykDxweE({i>9xAya`Y71eR2WZc%oTs zA{6m>dd)|Ea>6~`beKc(jNc#(*pyIs4%i)BC5zbX@6#Q8lf2lgRhVCyS7Z^iIY9#U zd8h8-`r)k2z_dJwJAklN1^U6gnH&v4DWi|sjsG}j{ORa@gFU|nI6P#XV5Dic0*{uG ziAk(8(p>b8w-rvNq~8E|WIRb}xcKXFap7qibKd7eYH7D$-fZZh{#vY8Kv$*C*qvWf z6ZRzq$)UaX21&BBl@xQVfC}T#7AHb+nL7Q#Qi0Lua&lJ>9py>C=W}tb*UYi;srvbV z^?^IQUZb%mCdN`-hT1Y-t5CE7=c6UYEjLYO*@v()IpfkwUV`cU9wTC%Z{*|EF|8ws zbMrQ@?DAur`cy{cVjkS@BuM0j`c}HvLPT8vuvO);X8x65pecI@`~b9u&AiY@nC(g> z!LM$=Eex=WAYDeze0&%}Gc7+iXezhgt#FF!VuEm*ft7~%C42~fMM|ZNd(qT97HbLI zq4!>^qb}K-zNpzW&a{;l&V0iphJ>x<{``{_J#mTSvYyKiY>GEmn--TkwmegLYfc?o ztuXR2(9lSY0e5C&y!Fw>#T>sVRcx`|q@nobz{cv@TvwSm=I+bL+-BM6C51pg zDUr5q=Gs6tGzH9m$H-wrz-;riI}g8K)pzYnG38P%|1O02HCf(Oa}>-bHrfy<;m!Wp zl;z}rSk0Iz?(veEOFHUDL5A|?J~Syjelg>EkAaN@1@~+=i@{IZs=?bUb|Vvgo8OY} zSNhPLH^q4rKJ_Z_SXyW~Sv)tX8PBW!!J5Uk5~SJfF%h=`%M}$BVXGz(t26o6G?6_j z7nLSnFb;i}{h-GZogOjhUK>5JAwQcH2eyGt$DjXyaa`qKD(M~@t94TM3r_J`Pdq=h zr*Emnec#!G0s?J@R?p{L#t)1=LxX)4CAC$>9he9M<`d@Kb3eY1H8_qFdZrTT4N1|M z_Of<}Oh<9HbFr^ubGM}DOF?=G@ngBqpT)fMIxWZ~(5>cV9@u!DU)k9$AN-O`N7-U( zebxkwti!0BN`E@!Y1M`P-r3>Q_T;C-sJbBBd+hO2(c1IT^Rx?NLe zJ$)1JUx)Ri1_BSh=jNnM@ojOv>>hqbruS8q%bQZTTxEZ%p8h4-Z|3eB-kQ1XUw_q3 zO~`KDbaHy3*sxK{Ap(x+PKaLs;UU_&#q-51L&a9Dp;w{|M_fW!ww9hPdZGFhnEh(X zv{s_%GbkvVx6g9c5X*hKo~ZN-V!5qTt;7(^Rr;ixsam0&&Dq#~(^}(GR*R zb+E+P6xr5?dTro)lU2n|x&R&x(+GnUw{C?;nMp^Li!H`u@L(U}wepzV1^h;Sm3i|* z%hW6SAcBP7@;-#8?N~Tu`3#-gG^8s%rX8 zhvTo$uNn34)z~&a64!fKl1eetW5|zrP_jy}^f2%MWUZM7=6y1>kfXulbaL6fN}Vfr zmiMp#k%AL_ILArmWD$@{D4(r#zpT;ZK}Sz$-D)zVcANXIXF3@mWouh3L)(m8slfkG z*LdHt$O{&6(G=eEth%0#jotF-3%4jPp7dT`Wegi%D9ZE-1cO1O5DMgb%;?hua+x+_ zryXmVVX@2!^m7>}ht9cEgd0G`8L{Jbrl#CB%Wn4cC;AFp9QV6`%+sN61vTzmU0wh> z7Q7R+*)dmTRZ}6M`QJ%tvx<>(0Y{ENX*MV9h`gBO7Alj*MGh>lF>Y?Zi1W+r4*0&B zm`kSN^3B>o->crDJ8HUT(7mKN-s^Q&kwY+JdZt+%X8Lo*N?mRF>Z}x@J3U@x3VJLz-YD`y+OkxaPH6eROWK1dSN^Y+9Qil(MY z{(2Wk_^PyUWkEb=>wxFNba^t-4RpkiyH-z2xvH)As)f0fSD~9nh)qdH%3FDhbl&3k zeLMpXq^u%H)GvBX-m($A_n2d%*JJ9tuUUL|P?^JJy44LmT!>*ooKi@(c*Hu;x27=co#J_LYrT9qFj|Cs96qD=2NB$Kp% z9RP+!qLqf^9qf6dz?)MV>`djgX7$o*eMUU@PGOCuBqvXUq*XPyM%+sTxIk23kj1F5J|2u-8M0%(sxWvWbr#+0BT+tH*&K zCKk_HP7e((UM_Xe0#TR|QM&qIrRNx<ydrH^v+D|)fG zc+@s;V6{~`){Q{dT?^%T`QtolyiSf^@U!)rtnhmAAGb}}^@$?YhCMMl0DA$|1kO>L z1N`U?x_r`uNK1u2^~HauwG0dShrcvjf?8)HL-WAF1>?cyc{lv>;^Okd?}&i zICW^lYY5~ou?_O~ks$%aGet(R+i`>FnYPnz+ZatKRA7Gu^|a*NdG`@7s%D~b1|NO# zOsm3huBvQXb1h4<Ha zeSe-F_Bz%^_7==>t%>Y+uaYFNgM*jge5xuCVjxBf>fnEH!VdL=@q)r2(Z-lv+4lhk z#QsPd_EPw@Ypgf;U)J*+^AK>9?IJ-$%P5%*35Xs~I$UepERioN#ox*EbmgGiuVSg9 zsh=Z@_s_sfCjOYMok40 z&w~lQ1Jmf*Txf4nwa~GD@uH1Ax7v!uDysy(;d=dwZeKL!gA$$r%8Eu9Q5t&)#x)M6Q*q*}lqVEGZ3lFjK8M!My z2ozW1-b{8MxI9P)NpXKAT!(O_+imXv_xyycGuok} zVf~WZ_2=)4kFkOj5(Mphf6W4nmf3laXL|_oeM*@zvP>))9lZO*8R$o`%=x?8gL-H!}Th)Iiv&D21@q_%@n)^klz^xu-4OAZiCV`G~(gG%-56A+p(0rcHE#!>9O zBI^`5&ufGt!%Y$JAvsZj5mc>nV9hb7QbV*2^C~LtGo2aTHwDxg{CArbOFrVOdjVYG z7obK00L-`S*A+t@0l}_|r&63d2|l#lOgRdOB1Tl$J|J$LAuZ#^-rxEk)gJ5mz}aD< zq7bxHMf`)Ci3z)wI=$}?2p62Ua$jWc9emh9S%vtIvPw4@z%Qg8WjF(X6cRBi=KCZD zlOF+QhY~z3(Jk|~{$pxbCP382Njfws?B$V6z&om&W-*vU)7)R0-vWU1R~pqL_H|MT zRTadC>qne9aRLm#A+GTE2fH;_ff0*;XP=qH-RF`ZLoy8>iij^u;M_YQ{0&4olIy~C z5bo#BLLE2~>t!IbgBLx2K$an%|6^e0{;YZ6G!y&Qb7!8X&WH#v9Fw9_um>PG&K?h; zlY5uq!#m)5h}v8is9#P1-dEG8R=>?YRA6LpYLdoHG`jDnQ%_nG;V7I6C1t3=tnry? zsdle7;J})eeUGUoBV@NItX3M6L%M+P8;$O7balX2v3O74v`veZx;ABDktjBf{#gNK zwPq|AKneUdFsn1=VvaQb6H@W~Pm=pBot?`})_a0~L)2^9entoJy`zKN#Ek@m&62?g z==(07JKle!VyV|#bn}%r4!F>kowee#?r0KfZzBvE&N}2tp3Q@uHA#&Y+Tg$}{=AX}_UgXl|3%s=A1`ugVaOAuFGeys zb8mEiRt@VEgrxBbV7TiJ?z%r2S~DK10Ba7SSn;C>Pj{KSiWT$x4e3(=9WURa!=^w_ z0IulKO&PzIk4kfu$z&0RSwow;o!|9GX%cLu7VSI>el9p$0OcF_VlSh2z&8cNT&k;F zram(O{$?8j?c0K%fiOEOhp56!Y~TKH%d4wGNF_EP~kfA@aCTd;8e*pLedBX#VJbtYvou%XxNC{SZ6`h(rx+T$(V{Q;P5#?05V00{>yapRG)z7JKafzwVI44#1%O`SB1Kba$BVt_+9T!#Hk>n`I#H zV%BqxRzxpxXrb9Ba-Q0YOGDVo z(W;MwvaXF_>deQ$+@(rT_}i#l<}bq_2Fm1Q!k1|YHO6pN|#tztPm)N&x z1^O$Ib^w*B`IVXC8&4{`e%T-c(P}4vDY$kZD3IY3h%$Zmxl;Al>V!HiLrYMwI=XgV zSmsLVmkM?w>sya8eUZ=o-sRODgEN9HAec!Ye6Nk}`-ZG!sVZ|4Gv zhC#Db?%~HyI8o|6&gFW7`Qb@#KAoh*wIE9JDtSavkpXIA)07hr{P><(&S0yaC&;eJ zEl>P)!en=@evkkEi$)gV9|r9ul}1;{nq7C0syjCYI`C-okhvq-S<&9P*@a{0l9>`% zT-pvs6B^Zxj6LT*xb``ZDn~PI8S_`ATxq$OT-VanJvVNqQFjt3Ob3lfhZ)8uHs)8l=DR>RaM}#-010wydMFhVOtxv_e(y? zP~BKk(2=JSN>nWMUJ|uP9+gs<1x^AP+wfGcI*6z*j7l4s1_kdRMxbDamD<>Mn0pax zs#%DnzF2?S9TYFfBJ`6`%-$jtHk&gp7A-TywlwY5Ynz{JtNgkczNLq(9w(SPf*tOf z7Oe*ElXDu`A1@-E#zZAet2X*&jewEc+u{JEs2XY%5{vz>oX!x6a915%NT@?ksiaGz z-Rq?65@MpFLjO=r;6yX@0wZNQ7@Ojte6q^uAuD#;Jn^NI;mk|Ar z#oBZIh3Q_=TLCdDW^1(rpTlVRt8TkoTvYhRIdMu{MZHBDwXt*>Zd=8qwg0kWAp9wr z`rMkk3>@j&o_G`+)RGsWGX);mV?hl~da~aNCmE1NwYzDm`-$NTK@OR}5!>JlU0Epf-y+ zpH2IRXfYfU*srqx1@P(P!I~h3WO-&X!={ZIMqBgrSZ7_Wwj)Et*#lR2h974SHz_V# z+ElFN>4I#p(F^aDY4VeT<^?H|TLCNQ!jPsd?K(Y%^xb`R#*{s|^nUTl%xz%x6x;Wt zeFRb{DY(Ap0!ny6C{rQGIpIf|lH>Df^rcJn0oOG`*#9)6Jc1)(c+EreVE?AYw*n)h zqJY3a(3w3l5v@n}sK2#mwIn$|E2~q>&@0uXA>5*O-bA;I`d-att4lwGVR~IsSQ{PNJgR}7A^77e;`p#P*Q@xk6
    d0o)v z?6U{L1uV@2NU43@A^r*E_h(Ec6_T>2_z3eV5Bd`S;NlDKE&jKK<`o>&Ws$a(I8BqVZy&l z)X8gQjNVm3E?ar<_I_-ob`6+f4b$ica_k_(OG6(<15Y>#Yo4}VIdt?@x*1j7i1{bF z+kbP_cYeDr4Xr6a4vWs0E<>IrZJIdLYJL=@H!$oS zquFuEY#K@iMnomBkg`|$p!CFD*Op$R+?PJHP_X?r!@%W!L;KAlJr>`sXItbxfOaFa zvv{w!{UBV7R}BjbGm4K|Xi@%&>9(J*cBCm6Heb!p z$S`+Ali|Q#Qq@?`#oj*4?A$Ym_}|8gL=BpL;WQroQVyEtL3Bcc1`Y?k!B$9T)t0zd z9nW{S_w1iBh6F%~@qo9j+LEpbWe=bnr|!izRBo=~8o=nZOs#?Kt$aHU_e<~^v=+sa zR*m3;F|?TsbalHJC01;#HRy-Nw~i((>^*nSAN)hXLsKfiw#WT;Cv%nR5$6UBD#C;K z(ATJ!ME^A1{`Ca*mmqC%Oqt`#b7-X*{=5a5?|mA(lyp5aq&w)AdNTQE2f?2dg$}N8 z5z4k9)#Z*K1Ru_^wv)iFpBV;S*s5EbpdI!)rTnX)0HZ%nx^sQM4**vO3Q(G!R0Qx$ zv#~EcfE)k;7qKR}7hFuu(k~qPv^yH&PyM`m2v#RZrGud}79`*qG&`LZ7au;{OP zch0Nk8@y@=yUJ$#@3fgeiP(AqoVobiEzU9ML5O+=J8tOL@zZAwy)}{P^TyTR_OVfa zdam2TBLJQI@cy~y$uBspgC<6_j!oQpVH4^9{fp*EK<56KjIev)30z_$6yhc%rw}Cr zGVbsCq)kj?eD@9OpJ&~1Dxenf`v#pVG~nRJqs;xHgkX8qmJT>;2XQlGdgEu|oBwmp zeMvt9a6BQ@LD)<{>9~^%jpttLRp*E;;itJ&hweok_(ymDb7k*2fJjGE$ET-&6DWdd zdMbxN(qtBKP>81q^Yp3E|4i5a%b-%5Log}5)Qku<=$%C|6k=o~cgo5%&1a{&)G71D z$>cs$|I1qY2M4mt48Hd3=0sdE;PaA=<87Bnel#}X{l|f~6ZO*fAG!O@T+pXhBS0%k z+IF}Q@J={KbA;0FQ`;?jfLk^?IAPi)0d;Es@l$`F`x(?9A|h(RV*xniH5iGc0D3_j z8k=0l|3CKLJRa)xjUO(NRywC6r(`K7DWM1V=3F%#?oF2k$p`e#*DHJ zV;QCFjD0Z1$T|#TnL&mz&pmCY&e!jGUe6!Te@}mn%4a_JeP8#ryszteU)`l+#BKjP z6y19M)BoL@SA~H$_fFzt`~|2L=_Ljm1uxuYH|v^egs7dAKKi11ROj{|?5RfobJjmD z$~(59yDzhJ;Z%q|Z)+&*$}_hsA4*$oIh8D{qGJym%nZ!a#UraJ(^G^t)&KKjfSm+K z*s>`EG-&^HW8Z0sjB=fkXb#;rDs}Lr!7?|;hX3401%EC*)^N$ zI6&OiL?mMBSM`3^?*G};|LH+|$;p2!Gov1I( zezp#6l^Sen$mj4dxcnT*(pJ@dnE$(d%x3fVY%6H`Ta?|m$qqu^a`r=LBa_zRKzqB} zzkcF+YP_)UyhRB zq{+|>n2-C1Q(r2used{`)M;#T3F-%`$yF){zQ)}C?LSyY9wK%CNvb~{`t-mg_;C4f z#`|-7ZYhnnG)5srY^bXorStBG9*REKI!F3Hs~%wM#XvOUd;EL4=wKIDlA_|gr$ht- zT4}Wm0Z9_W045QnrLA>@^uyYyo=xdX z|NC42E=OG%TqHtB&7tqkLeiwDCy)Yg{@_OR6Sv)1%lwb#`TfUikWo*WG}tig1_nPR zbBp$JHa&4i^TmxfLN19on3&}6d_KqijRPTl7^N=loC51+w-6E&yLn)V>pqDg5(0QjeE49+U4^X!3iQfqTc!PfKNP*it95h7dsu>V?bGI< z(gi2XxNtlxys8ynwAV+vCvyTei@B=2ou8FGpOd5S-&f;WUMf>Dpbt$23`oBn`?rg5 z6Nqnx+yPYsZJ-BUBrU$)SEyLfA0IoeR@=`xuBaHf)s}6lKwO&xW!k#yxwwd@$!{#= zGvl_|^wM*7X3#;b7>T6WI6!va6s21uvCjs_ZSmY^W*B%p>-67uU{`Ni^_>ra1ubhM zx=jk-d5?5S^*AbwzLn4!xn=b;3HQrx?vev<^5$~;B^frP-Qk>BV+O)TcVIuW^9Mfs zs0D~lJZx%>N&+M|pFJ~c2KOG~ICAjn8R%{`d}l(cMbH+=c+dh%va7S}fvT)VA)hDr zo#{(;f@XJ}Ih;M7JdEuq-Y{Z(q9{z{7;JR3zFZ5qlwY=Wa^9V~)H==k1_6cU2KU_~ypJHq1yBc?r0oVR-%RlgQEE4!|YL0|2-9vUN%k)f3Vl4j4hL&YBZAp%|=~U zMre?+uRaRsh8re{Y|jZZFb&9nmZ%ceirPMK8W3+^V=`{&&OWfY%(D2}`m3k!* zyZfZ~5oP*aW6Y`?7Yef~X6&VsiMX``guVXn7w>1X`xjyRFH?)>6H*QE1LLn3U&BSq z;&P>Cjy}XE4jtX0#s^phA`|hKdLZLA8?Eh-Tb8(o#vF*GwWVf~y`=}xL?7ACt}3|@4C`lz(2Zp zq?8NSAPB7fzf=Ly^D zHjUp)bm?G!K_7TVwhHTOTmFAU;R4%ty%J|v^EXJ?`F*@`1Qyckr1DpUr9?x)D79VF zz09!X&c<5nD$YK83T^NSb+D9VuUWE?vV802fp_S#Kur2?vC-TYw zg8lXE;Y|>mC69A_r#-mC(XBXYZvI)KLGLP+7III$jBAyU!i}TL6B6>2mk7d7@o)Mp zb_(@xgA?NiokIp(y`|1=2oVQ5SZm{RvHytJ*B_lFLCi-1T!nLNuAbO{04n7Itv)`* zHra^UR2LyDN@V%_J!k@)LKc8C0Cs#AuSw`_$D^yks7@gk$(rRq2J_{Z@jd+q8pq|rKkH`hT6{?1 z04({8hBpKmgqXj&L1;^n-WS0gRZK!^BKGdW4X)Am(7u7~PG3Wao*!k|>&b}{`v@;< zpbT`_o1%xPo{p&=kLnnYK0VMnBen}YKx2UEQ)OFmqqhoY&L44)-kMM0KonB`Va<3I z0p+Ls_oWq6Z*G&@4^8~Iar5#Lm3&)1GBseg_fmpM)zLWetiwkOThBo4Yv9v zsru6&xatoQ+ysL^1fM=sKgvnwDHttnJha=7+Xm01M)tcZB60ohC6Ex)AV`)2QO*`G zc2&d`Sp08Uhmxo1UnIHdHjB-g2?D3M3z%XsSAcI0{_(A_Q|2Sw< z@#yymb_%T76(9f7WPWQsz#yl{I=YNvfW6PzHh3qeD&P zEm<9`eF21bR5&ejE3DZ;j9lb|XP9cN8hv1plUP%B&z?dpyFtL0L=u31XTc?f$v z930Q&eHqBbxX#u7vP$Xi$dyg*yAyse42gV4HGi^6{-V)Dex!$7o^mQFtLN=~8(P^j zTln|02ZW#2zYU}-!^1?8KmX#F9qBOzjyAjIWC&E$2x$el{+L%@%*J`AJ6qQwjt4pk zsAjFLk@k^n`sdQIsJ8EqR`&$P^%Wr7{pA~ee(NIpi8KAJ1*h1T?vGT<@1AF{3%K+y z%5t7N*0bB+D?j4@TYj*MJ<^AKs(n2-Iv5U~IIXNeKgJHoZhsu_{{B8!E!h&Nzf%m1Jai#Jo2?H<5)97YRZrg@P;l#I;PPiJ=-(BL#jXdI&MD-x z=`41IO?UTX)=XtbJ9fLv&=($63PI*gV@b6)x3@71Wx}e%f@Au&7`m zDEd{le{TFQhtUK0*oi3Fv)CbUJA_OFUBlE3x8#E2yOTU?t*xyDz1ZXY36RYx z0auGv;WKb%g|m49Q%dN#y7E-%L!Q%PH%DQVnB&7x)T_|I6}?)jq6Jjq=sx2EAgrbT znMUxiCa-HF=xkAT(AL#vzrnev`b)bW-BmB#MCTWRUzx!!V&o$A(7orm1^qAXKmSQm z`Rvu@$U~U9^w5PhXr5+gIiAw>E=nK&dAI(Hj)|va3uWWVrA)^Jcq7sz*2)zfrglAF zo@ft6BFzvl1)jcLh#`;K*b2zdcu0)u)-hgKv|4QR2C;{b~R_elw-1?320u9ely6r}2yE9 zZc!B{+p-LzV)0#o>noQ3=2*0;(?mM$S+^tsxA(VN1iMbdmovQ?Lnbq?B$FBs9KH*~wK2s?2Y&(cFudwJcI>n8~l0$HFle4G%V>htB6FT7Ge`7VQHeyI}?J6{GvQyshyn|+z9Wvm6UI-VTT zMXJJPdOH|~nk0?82Ym}Ikh;MGNB`ja&$)m7@lVhor}F-A1Qiwr?7(ee1NXyfsp8W{47J5Fz* zWKI%It&2XCWn88e>%X__D16C(&~J2+Oo9SOPAN9^}W249mmyq+Abo`e>gx+2%jf zu}Ri#E8&T%&pSuj+ub#kFS23};f~iACDD@uiJ3)8{k?hRxs{u^CzrK^itczDF?jdp znoBpk&GkvEE?>zKl&{IT&X{dL+bEc`x*SqFm>q82!r0YzXMaUV*<|bOT4>YOVS!{> zx5|jOOErlPQ1CC)3SF;YGh&1%-TV6$7yO#bhV>~zhm+tjH7Nm+s=iAQqG#JDi@&}^ zYE<*YNt-6Yh(+D8SJE#7t^c*w@_%7LZ-6DDX;ZD}5}@O1pQQ+hM*PJAYSZ*0P7lvZ z&_^~ERPShZa_vY>n4EmO6rOroyEZA%B5EMDaw%mE-hMlv>vu0IV70-28zturF@J5A$$s_-c_Cotno%pMYW=%0;3N3-^iA*Tr zJac8X8SUBjG3rLK2JfETst&M;YxikmS%F8UdX3O(%RV(R$$pzN%P-LJS?7Xj~(16<>sm_m^c(xhK*?{qwaWIn;gz{AX{<-cP z#?|_!7DHQ{bq*5Q7OBR6KYoFVH&AFw>AJBifDtE}D=iu4&dgmYoE1qwl>-9B*5VJJA_bc`*a&-LGLvf}5H>8tC4j zlHhTRL{D6(dKzzn4Np4tzHjT$ovpi(K_vSkxVI~+J0=#9UVhry+5Qltu+$@Wm_y0p zTY>T~Zp}|u$D5rpSlQ8rEddc;?fvA$gApg$N0b`35X_gBc+JFL_{8UP)3WwYxA`v= za?ou+?$csnWdMqW=h%+va?@esVKH^y2h%IzDuxEQcm$Z3+kPS|C1+#x0}Fhj$VxN6b!VZjl(Da4 z_QJrdo_zPT!D*px1tYhnMdb!(3Act~QLV`y?JVdlqx!5wQginRE4)HEq@a|+I<*!L zuYKzB_e%R6o%XOj+wPlOe)M|vb$*7pPWGF7`NnmB=I?1gn6XRpXf(3@sO61V$$3^# zOY+L}K)kXnj4BWFO|HdV9~rwB*A`ve%0q*7&-(t@T%j*QLi7 zT(rbAl9QsZWZ-Jg3G>APe;KD)qx>M8kdXnp zPgvPaAH_GVLMT$Otb)G7W%R+|WDUio^w5hX&Lo|Hp6X4x#*2(YVZNzI85{T3bepEP zK_@h@m)<#6xZMAeT;U%txMxZeTlmt2;m3tZQ6Vib1TNZm@$?PAW3BL1`7G(3WG5omB`bS#a z=BdrBArEb7<90tJlS&$Or70nF?BW?~LskSQf&_F!&gZ#zue6%KjKMMOj(iLl!n6_Y z;#$-vblTN9h0q7x0CxzD$#+9bUaf>xiMC^CfJq)(nH@uJ-pEp!NtfeGcSbB8L^g6s=Ze}50;6weuwEIenq6VwHOowh2 zt@9WCo0D`?3RdTDh?1#3y1qXYDzfX)}NIo z`iE)&^!e$wS6K^7^L^Z`X_Ge^6b74WHf(xI?yX1NwmfnKDdM#EO$cFbx;DV7!+$ z((%CHthtJ)QXVov!KFt8Vo{j?M(&CVGHg0&-X^I3pX3BNv}z)qs%$t-@0d^8Lmb2C zy=t^uYDvxvLqv3*P?t8UOlmS?*rtrbDf}Bzh@cQJ?B_f^uf7@xE(A{-EFzbZ!o%OW z*d?2`$)dc9JmTj^M{{YD+By~q#tZMLOZBxgeJ$YLxmS%X22PFFEz=VB+);NsDa~TVE^r?9L1;I_8 z%&QGUune7MRxugZ>ytHxuggQz%I$ z`hV@?OLkPN17fvJAo(bC+{yKxy4f~PCH0xxQ03(@4?^kCG=^zFrLL$~qGoWZZXZVe zoY*V2LtoNkxMkIkQ9;%{V8?KAz8Gx0CzdayB#t1l(PEd!3sV#=w(s5h3P@cwzUs2 zi_h}%i{;(gil5QpjO-8cpG}z3G19S>$<86A2)-|TQ?dcrLQ5ZUe-$ z&f24;)IOsqro6bpyO#MC}CaB=1%>q|?h-u{X+MdEk_iA2U~QYPz+EMDqiS_hW6umed$;uDpr#UzuEW zO(#UdD%P+C#iTX+XA6h!tfD-2U>8C;823Xy#3V{Pij;Xz9gm&x?ejwwt2Gq98@{pn zc3iI`p6_T~?r5=ZbKX>cCB(v}uQf-;zQsA)!&-$>bUhelIk)69)fPbTFSZHt^uzr_cVB0Nhv!QnD9d2o7W!h~Ev-u_kE!Z!L9br{5I&r~MQ>?g zft7kni|@M>`}YMnZE%vtU>Jo;UQOHPJ)|qmCOefC@QPE4Ze$-+5o%~!r3WxVAQQ@F8=xy z?Ap9jiaTn|dq-<+OQL8IPDO#V2+pr-5qJiVQXZm0+*%?d;>5kAF_)yE-B(b~ZD%4Q zqddCIkHa7A5RPL_PTbkm4|$ndAXr=VC0#-))d3c- zE53D0%_fZ3zi*!`wnS3EWmEyR#M|rgIHAEP_`nL@)i)m|ygVOeV8!#&=lp|Z!}G&? zBuDNv?o)&x`5372<8ETpE}!*voqruL4qz{2ZHmr%YHJI7dM-^}Wbh2g*04wRl>f2i zMsOwA?}_&G=q{q8u+;M>#t6SoCX~`0b(WjQ#}mm+SClZl0P?4~^1zf41lAU6_404k z>;O*BwcZMktVUJnmK+VYPw~ z%ER;h^Xi9?eG~kKjMK}nlZ;uXvvA+85+~VJrDk2Nqh1ASIz98gl$`oDoZ24rQ-!eC zin4q|^47c#y}EmkN5|V-@!exZ3I!;b0mL)6KxcpiI z$w%pW6otA;K8X=TG~&jzsZIUd_1dJI2@?ut6jMkxLDb}5J^Q)G4`exhc1P;o|p zpa1Y6Fq(^c5`Kh8JP~sn@3=@!+!L?An@Fb&t0bVQPR&m5PA3% z57d4opVm$|IsSmV9;Lh6>+|1f1nw+cQ=c?8vMV*(hA+>u3nwL1rFa0l6a5w#5P4tyDksO@G>SI?GhJM< zBT=dM$cRMKqnYyJjMc*1uS!2A%c6*m1RIG~8fNM9*@q*;FjADMR@e&&0T$p(|z$14Zi(YFY{#pSM|$vP}+4LZpqq@zFn%Z` z3>FtyTU*;0Im1$>l&jyH+Q!iQlbQbMX{^oj>ssLnFj z9q`!$MztLqh=F%!O!8uc(8UFnSB`(TQ?%P()dRrjs%qo5t*a4yKwgz9cVOo|HmHB9 z<>>V@BDXle;#Npq#wPHa+xY~ny3VEeEoTI9`#Xf1xYK8CkC>$2^DJ2sDjjK%(1X`j zNx!;sBz|Q=r@)VpI1~;n`vom6E&d)!;!z0tBEEgTyLi6Jh?VR=kh8|c4v}c);Tqxf z&(JXOw<_yKJDX8;!=Ai(bBbxm!+?FO6bC#|UC#h9)NRXAxb? zVb{rbnIptf554474o_IBDDz+qjuhn9CveLB-bu%<_Eqak!PIa?5p~#j-d&~jcL~h$ zqb3WRKFkKY6sLcz`izJ=dzaMA-d@_gH0g3aOCrK6aiZMhq+8!x4NT!pJMHrPtCdNC zCW17-8Jn`vF1Ut+8#{+@t-Hf!7@7c(+R7*D;1cFeh$xz{0Lpa zELERNYp`lP!vcMm(pedTS;exuMk+zMJ~lPr8c_%P@%YUqaqSBi#AlBXi+u}Dw@&c% zG6*x7u7>XU<@vV)QO5LX0h>cXs|-Z8$JvLA?X=s3C!VI7xJc{@hSJK3??fKEZ)WXxUx9^nd>jKH_o?F-tVwErB8eIRIAP1pMIk=ch2@#t=0NxRm z{SMJ54(vJ=qRvgO4HJx7e3tkKrPFP=^kMsGulDXk2Trs(wrYj%e@;ab>I?*&ZLdDF zD7rC}eqY~fzv;}R6N%qC^?klG0ZcHE>rL z)|1FZPdcRr>+Fw8@S{8S|D3@|jpj%3OQn{Coi} z9!IzOGPiwv+~S?}m5rFqUC7BUbn#_8@{5=5T9PL2=nQ^T%AB>ZkJ3M%v=Nh{5wv2g zr-?nDma3w%W~Yd?tv;P~nJ_uP*kfb^8TjHH4dS8W3&gFha20M&a?0ALpCgcek9ycM z7R%f;o42sD$!YcWZ?=5V5OD~$eyPI;qVxPquze?{e6n|SU@B7} z132enP86D5!H4?kgJk!s4D%bLkN;5YsQ@u-v&xt2qGTgjdFA zOYY=Sw(&q38{o*5qb)6B0o}&fhpaWrVz;&Gr0B{U?>V4Fey=k1?0_3p${0m#fCzY> z-fn4wFB`e$=vTedkomMD<6M2Dec2pQ8CDMr=t&72%$exKFj}B@-1zW;tJEY8mvH=Y zjjGDW$pY7m0Y;dI(UK z$D!o$L?y2mjfo1ek#;(bZK7Is%mg_Z=qhKy&>BEW5(GC-(H7n>6-z(uX*7ZhMJ$n$ z+^i=_Aylzj<}`al)EUhqDbJ-2hp|MJi(Q}N)U3taF2b7`cP=0ZuFbd|KjN$g;o>*68@F9WyJfX>FOs+xY|w>)0d#Tgi#iR)U9lT6@~Wg z*=`~9ev$HY_bJ*%Uvm6QcZ=k{WfL{e!8AIS;=1hWwKo2MAW&LFA+|5Puhe%)C8$X> zY+!;EObiN764zQ=Qzp$##;RaI&#NguUr;yAcBNL$%^h#i-q>X*65N`)kOm&mQv zT5(+knEC#9WGBJ{Q^=uY|D`4`6JPy3kmS{x7uoaOP4W2)OUJbD?>xK*B(|nsKmxMWB0Bsii8eDMfUQ)R-##Y~7}SK>)9SlJ4N`z=>y%A>QJ(QDw#o?LsQ^M<<>3 zJ>zLP+cDYs{PoDl8D5u_7|HzUrDpf5B-O`ZkL4ZIO|#97=uheC$M(%rx+j%kQxUHo zhF@^D%6*;57p2pM(4J^&Is?P?<` z?xIlT>d_-9ab)zOBb#RMH=mXLW5^wl+y%ic?Gd}%p$=r9zxyem2nkG!T(46=y#xs5 z!<8Mfs^Q>wRsLlX*x~`gfa9rGAN&~N`>V?%0*Y8Ux0Hb5{O?1!*stOaoU^6k(1hl0`z*xM)X8O~PTR|oB`$)wugd4aNm9gt8Mkd6&NH9Y9`#=n~ zR@t%{yv5ZxF2?_&Yhc{DLC7PX)`vR<#NaE7MFFtszC#&0(eqgfE}<7#%Hz=BPlLwwRl@zTJ1`n|H@D~6s3BZ9 zJh8|5d&Dgt`Ijg}S6NVGor=`gDw2VpaJhjZ(1^KgEgQP37nNO0x#TAm}Os3f(T zqY6aNs3tI5#wigD_if^m*9q1SwjMlt=7*27g9j&y#<)k3a_4+wp^Gz;loRPqUwj$VKdq<_k34qob2|Ux6NCa>y>xT7OA&# zk*PehVCGEpiR(3HT?(%K;tol-AC$!=`f-x)56zp~ad>igrm9>#`J=IaBdCJn6<1JL zuL4P&+aomlFihaPCI~hF(hC1@L3F)EY5@I8-IX>oP+=(}Bh%z5c-rUE zSaafGwbj|X&P0sywQJX!_RR6y1iU*5?Y;=^=X_FkvNEgzv?V&g2TE>VfBfW0q^MR{ z9cY#u1wD9t#GJJ!5~v7eYKbV$TR&L|bVxCajzKV2*1in$wyhmHd{}p)JtM=q!Y_R~ zGb@XqF{k7`6&J8NSDQIa3S4P^YFwM;lI%Mc-~Q&ZXf~wG`z4{vd%%w(*+ESWS~~*% z)LcY2xwm9{6kReGowRSI$Pu|8HT+M$S9hz(#@D6rSXWt@hkt%#U>W>>V=H zG~?Q*C-aktJe?>pJ*z;}0e8>|nu{w;u71dym<9tgI=WZ(1qaQ(=awSGsrVP4p05*~ z2b(jxT>i19CgC_^u2wi!#;)P7FIJ8>)o#@7+NsGWojs)bPKwCO>W+=Rvkt0u~#%TGH=LaFKyg z`#DlMcjl=rkL)g;{jlAmtLxHg4g!@wfbZ%7y^rDMZB#QWF7jc6lozg`uLrpA9z_Vm z0Bd&ud^{E}Yvu2EK?5zVIc5Umv^tTM>Wx{eT%pP$N~cE) zJM?9lPJM;hy_r^<=x$i1iI{$pcwYJZlhu_OY^IaFeP*r=cA)Q$szVm2Svd^4cHa(k ztJ0?lc)BK`OPZJLy#U&s8%J}7t*tJ*SMO9Xn|6AHlo%ouyGV>S z#_|)TtkDH{d9SWgSB<>)C7X#BVC$7KJ#Z@czRfn++*_buI&tOA!{V2OUKWFrXRjL| z7|RUhI;0zOlG){5afFjRK)(HT%oixCy~l2|D*+SJ*UK=x1;)vNn~dqRFued(M<7Ze zE{{=!NBBG&5@*+9x~)r*Q&&>T8=wc9lA>Lu@m3zsj#-!YaMmR&c{R``Itp66EPeca zkP_Km%04Q({l;y4(@0Bn@g$I_UQUW);}R)I8ayL^vI}WxdU6CW(r3K)#I<{LDv`h- zKR%oi5weMUEGLKAX*{#99D2DLtiQ}EIxp2AQC`m#%k)MFGg1&6;Jx{F_GSM5@k(Af zp5)d8254Tj)k_w|&Wt{X_I~Nb3pZ=()RYke#VEZPNobeiMg`G)U;vOjX)UKKNzo%$3B}=AyEd7$|FlnQKw#Hl;?;9X?eM*#f zkwJ`2Ynp~HP4#wU=eTNMeQEZ)A5qkZ`ju&tEqT~AKl8U&LmaixKBOY3DT)BSfF$%0 zLQ&-~FR}9B`+lx~^L{514J7yO=AANxDrg&WfmcxJMsYds4d8RUmS6fNk0K{I^;1qC zVQ5w-X~I6YNngZR7VdOud{@%(K*-~|T5%20zn7w^rKxQd5MV3aXq>u%2tBj!rzZQw z+uH)_pFJOLfS`5Jsm3Yza^O@Mw0CqM!@ca52jAaK&Kcj)TBPTqjFoY0|EEo|XIc|& zh8>C2?e`0C>drl)#-vAO`*-Lm)c2Qq5HV6%9flo;%5_L6YOQ5i*mnW063b*Rkrcc< zGrjpxYqfzd7?;vol#$e(!m3t&3zMS@aoak;y|XQR6Z%#D)NgE| zPkTNLco(3FdS7{(rKdPNRnULN$8A7BW-L2vw5k%Wzo6BeaKs_iMvWvNBOPe7*}JS3 zxiXUL2@3me(5K9WAQYcJHe&GiPW~&%|9;vv0z5aKjTn%3vErgSQRzu8wFT9}e&hpt zl|0`Vb+G{rVe8h#X|_6lDxlEfq-FYS9DR*A_dtOZP(b!2ThLE?Lz<~B?DluNrnnO( zvWp(Qf&}E1>_}j;g~yOUvo!+i+mAt_T1-VHQ5eo{YpttF{+ zzUgd=pwZc2AywQ#(RCfEJV2dyHn*tr^k(PjnGNo?7+)&*vg z#QgM5iub%;!pY|nsFE}L6kLyWAxvSEl>5kY!PaIcCcoLQU6mYVu<6J!Q-!FzD@$ej zZv<|{xR$Mrb>i8{($PoNv70>PN5Cppx=ihwq73{w^@6E?2=M<)pZM?fK9}}&4^X!G zn+uou48RZ{n;?iMmsj9uexpj7JoONW?mF{?U%jUvZ&uw-`{R%xCqett+it9a7d z=jC6pQ`X{n0>-Gz5bD%4^Z6;~&(?!i4A%=SL_PwAwrN)yE?!p4GjU<{iL2gPuS4qc z$ZZg8l-;nmw{V&8p2b+KAo42Rozx^GbSFE(3_qtqAz@*+Gq;)O8})yhgAs?uY7W7H zvx6F0l4F)=SIGhgoHv36Y*pkDqs%zWGFWHnB7AuPhEktmV z^%CWymq=)&vyPr#^fLhkztsybBurbJM_r`_mAzkN8)aGKQSf=vfR!Wycr7Eo;dffp zaits;#t4)AtM56`j9l9?loZ|&;PE|!;5I&O;}#AO5r)&BlPO7>wZ+c8GFcvz#K|jR zIsmMEbNhSS!skP8gJ!G?yjBK?WzAI}51X;vtWYmtWaF{#=DFrPB&CT0s za~ke*(WV!|EeZ7ssX^4v2g(~65tY0R{koIHAb67dKF}lj=dQDXfvGL&B$s z{%r|){~&$lf_?v=4=-Gm@n(n6=^nowfsBd6+13>peE26Is!lE3X#Sl^3p?iTG>pdD zxSF^VLJ=D(oVs%632xZ^&K>LSOv<&GJ;~ukngW3Gd=fWZ&jAh_aBd!vrX?1p>1oeRaH5cFyM3d zirVmwEJn&^vSMC`w51f0e%F+hn)S9o^B2wZulZnqy2p+ffGE0EfHnhp^5T$dE2MRk z!p&9@Utj=`PC)!(EsC5*{d+-p=4gTxRtxOU89%D-Hc(z#4va>ozO!@g6tN6l6+NA( z;1<&mEnzv$IH-=Vc>ur&0O45&vY0U0%?8^yVzS(=z9A?;sjR|h)4*sZEAQzZ+s&`E zhM)RhPhn?&_R4+Hj#qZf|GF$%>TsulEALtNt z3aPiiA@S{(JKLq|iZ~prf;Y~08X1^R2e6n+?u?17aRT)&uc|msWhu!h8E9Aqe9ZhN zFpKqYYCwBVmJP>E!0J-zLg}Sc_%9Vtj_hbP0M1QcE%28tPIBVc%8d3%TKog#y)b8O zzEL_|Vnjs}+{T6^C@3ZC zZ>_AjC@5LrRbC&(3`_Nw?5_JjDpo1*A3RtGF!l0#xB zzjO=~Raz5(dRbaAML^@6(Nr^&JZqOT{{BbA>3Dhijzt$ju{jvHzF zYK*c&us|jw-iaX`y0CpK_`?N>83*H1gnmv@Iv_c_kYkWxy21)8%eH#;;Gz#S56|; z{1;!8l$_d)0e);JMjv<9t@F+Ej^SKUep%8>F}j6~}DDj2mFor+fXO*pcO|Li^@@j{PO?de2ygy57&j{~pJj zF&ZR47j4h(mCI*_t2J#%fAz|ao@8#g((i%X$Y&gkVhK+)BxEVW-@iNFupm`xmXfOU zi9&1N+PeLf{@3}>|3O4UE&&jfH+=&{IBl=2{e_1-f=O$`Z%|wC$TkU+Tyd?i{m<3b zzMLKK9T!}lt>#5K=;Owc)PgD-B|8O9-V^~rbK#^(wxK2lHX{W%&=N+rbr=7r1u)NM z4u`8HL{qS9AQdX>JAWhl@~a1AuSNG3#qqj`180H1ra6hvbK{!rdx$_`boS#e;4d*V z6I~;>@g0qm-bD7EqK!32F;|unZ&}r*OVkvRV>t_X!$!fKivUt-v6&&9=f%fh>(XL7 z{45JVb~U!2p75nhEO>EM#(eyE&I2opJKcf6YJDwX`GyCFMEq5^H;m-&;4raPSFL~j zNX`ZbPSNc$Iz<=nAyuN@Qt{;=$iKy=D!9HF4JF0yX01jcsJpLgHQMng^ZCkX|7tLQ zgVxm9Esosg!6;rFh#E4Cvh=%sfzx>jGZX+|R$td<)W%ZOAeg%gtJHJ6gmg%y>>b6x z%O14)xwPavc8KkMOK5xpCQNIE3+W%gAO!5}?Hg)^gPiXKu6R>0&6o$D6&nE>nE}P4 zq|_RryD;}F`W#!SF5r%ve4Rha27@I-ylmi-OGS=Qc!)H+#FySe00ma$lMx^xhIZ>c z=pvxV3fiwyJofw#T;phSqVmG+4#q+|f;sJeixrr)gex2QbFZpPj_K~R!BjqB{`I&% z?gazgv1>D#(LdGmt~&Qiw`?QYjYOTl+^&uR*L}Wf6Ym8R6O+nt0*ElL6+7U&`oa*O z77jAQ^ZdFo#lt1W3=ltz0zR?m1q$BM1q#{O1%zqJQ;nFweECpFhEP53Y_n;t8)?}H zqO}aGQunbWn92;%T0iO30SrJ^*qDi48fz@kt)V4ZnYKR_^~Md4N(RhbS|H4W&pT)Z zQ+J==_bqY|`G+%1SXm5Ke3PAy=%t&6r~BR>+o8C!O7mF2zTxm>vP`vjguN#XE;{Fu zWB-6eqpeeqR157Lq(4s?UTZ-^n{>Q>GgQCB2)mAQ91uu*xb3Ypqtv!~a~rK~TB1(w zAC!4P=5j18ckT`~%O%&kqAy7!<;9B|ca~&ZPJwAZ0Fr9Xcfbi15HXv_-@SY1J77=g zM&`Q`l{zY2i>xaHeA}i;3)U%nn7lO%t__f7)OZr*iIyky1r8J&jz(H!|LW6OxS+&&(C18{Wk<`_R*e>C zdWY$kKjj!BkpqbXo_G7(OFb&9C%zW((s0R>PZQ*fT2!%>274{K5z^d?(;iM9s~@=7 z=|&;a!wtmiN`SWDKgx+M&1@R0UGd_Wy=LG;mER9$>L-S2=E(&fF5y(ipgzx1BdTvn zP-QIlQFWLc3Y6acv2*ozOZxlb-mn+faIp;+%wF7!#KiB5d(H83S6a}@C;s{IVwZe3 zoKP>;A#XX`wgMFcGcI-+IEJgn!sycioO{_y3MV<#zBy)`p*H2o z3%QKi=+|gT(DC#vT%H0-XTF;vYd3QJ?g+?m>MwXfeIZ3uJ)n5bhp(IJKBEB&P5!cf zth$-q<2E?bzw7JahD7WVzZk4K7(^WDX?s;#Q#41I85vw->d)YFEKLnVGZZWM1^A`U z)?l3n016z}@4Xy756ZH~obm!PbPNkjBp*Kujh?}-=ohb5Dw-zCj5gL6^2S^^b1mJp zobWY;#1`&(NpR4i3gRjp$JulvZNNdO@S93d)HzMKTLdI_-$7s;F4Ma)rqwB?i_uc~iy2U^UvIHguU|7zM zU@ibVcX?@#_~Zu2^x|5PrM-Tfi10Bpvb!z}X_W2f<=9*Ntnen`e58?KzR*4GRz)(0;daerMA_ zL8Nfuc+R@UAPKx|o!(wSo_pYf$cs|$?@5QRA;g>JznSYK9d?Q5g8yv$>5cFo;6460 z(Y)iw+=XpmhQ$B>RbTJ%|7RN*@1_(0fI3B=*|dMe#B_igd`?SiCDT@|$bGW&h$4uD z_A7f|e8MMT&zQ!6?27@U@B5g7kW1`bWLNwv(r;Jny9%TNg<2*tde;wll93=KTn`Zc znNEwjp-*-U`h;r9*#W&(5b3Zn*Jbjn@DV_D`W#fN5^{1s`+^uF0|W%^#V(eP-MR4~ zVdmGBy8Ey`J54%0&@urS#b1;T6# zkXICskB{dnHjUc`5~^+KQa_SlPk_k1ZaO)18`FJ7b|3C-b#K$;FEu6^XB;^Dpst!%ZEBwJ{w{Z8 z@WxH^&i>#r?jTTX1Q}8yCg{wWJM46zebT^Y)}p|lX=R!QhrUOnkB);oxh3(|gKy~Y zZ|3AH#Fu&)4zmC41r7$jAVQljkHT_z?!0I0Q#PJQ>m&AOi1UWhT zGB49ZSWu@!3W}A;D>wA~6kw|hoC`ZZTdcaZ4a5To1Ne_`=LFw=0dO0wW5>>cxhxpr z@u0=2UUw3Fsh;g>RfK|XhkR0T>J*P%>UJ4M7$fW%0AiAFldbWH0Xf+EaJ4n@iHQkU ziHW02AlPpJ8MgUyvAhjTkSTOuTOMx&LFD)%)7>OsvDYC36dnlKxM3rHh4Mp=v*VI# zZMzHWNtr&-7=b<_o?X7N>Twzbtz<$&;#!5?roTTUE8AHQJHmIE>;3^FkEenK) zL9rsj0jKYL{}WtnzLk{R4vGWJ0kyQTF-`{0H_XP5Iz~ZyKsfM= zM$4(;r&j0*fC`-k$yF&gH2~F@Qcz{?aCz@3vx#nGqB5kV03&kYNvNBf<(`5{H`+pCF-Aof-e6Tdv6{OW!wIbXDM2dq?DyXArv8GDV4I8 zHM_EmUG~seN-4=w*6d^*OiZ>JTZziP4Kar7%h<;lyYG3mJ@<3p>hnCmKYy?1AFoNS zxz6)AkNtR`$1!~%V_TVOg0v7&a{4K_?@43yQ5R6P9|BV9yrT5+jrZmTWq3_6yC7i3 zB2888Aa7!Wm^l{SC~B~M?1-4%Ib1$rksP%779WdPo)T-}A2omO zPTIpD!xRFl1(I+LgciR}g%`YB0i>+ML69W5eQJG$^b#nTYoLZU{8Clg0WFObZr&}) z1SB%9F0XX4+q$(JzWQEtR0Gt*!0m*es`?D1s@tBL-TLR+woyhvlFjxQQm`OVR~JDA z;NAgtdn=qGT2ka=nC8UmlH~kf+jQkS0z;7=e9q6U-~~QUtuBJ!3}m%B^wJZ&&^qw= zsHjsANCc8(726eFS$0s*9XmJ^#Kp^78=GQS;%J66kNB@v<>ABrSQeDHv!S-&0Fp9# z?h?KnzC1syhB8+s!1u0sE{q-Xa4j}zA=bH&+`VoufS@l<%afo*0@^S{QK00*ITxUp zKaWCb>0CidXMDLqQEVT^4XKU;<>&~I)AN)<0B@18^{1-!O9GbRkP5HdRxZ8ORmiCRkW402iD99xgrp_~vu5-ZMznXI?zU*ep%8EDatc zEd0Myh7?{L&?S^+pymW2A%Z|tQ=wM$Qs(uCN+z-p^JOCudUl~8ZFkEhOB*TRA>i)l zm`{oqq+9?Q$WI{q9A|IjJY2F^;ym7J7c5*6Ks_dX`!&N43qdOkEX0|Z8;`$Netr_| zyWR+a+BsFyT}h;JX6*&GoNw@Ba3lrQjwo3vWb&xL+gS6(_Fe*LqD6fGn4^5|=ix9U(C;%4pv zGIQ!n)G8d!6e|Eu5+q=Di!Dn zA&-SIeV27Wwg!N1s&^-_Bm)@IR5JW;Ia67vaf3fDP>AgZHGb(H$RUrV%m%z64DklY zge1RnZA?ZKxRCB?X+?nY{S7UEH!Zv-<39gdT@&C*YwN;z1{b{2RpLx*!+1J8K}kOp zR4%|BDXU!1Wl34L(%X2n%N6Y!YwuE!3GUtHDD~5o{&lHjizxXnWGrWi^cmaWzy~rn zTLj8F_G$*%8yE%0oc0d-bpTn402n1ntUWd>{Pe9il^*uMCu_~t5l)u?)DPuWepMW{ zaK)z_)b%0n@9?u+ug*7Kz+0FHd6rQ$44^iK>I5so78acUKgu&mb05H$hyd(! zWngg7AV{}K+IuqZqa%C~*uGj&;ZPR*p`J6JT^A0GzFAoCu2fO~V~iiwY2?ZD%j*GrK%Uvk`KD5x)+ER_fJG z1G7zl5|S{`1M<5J(C%Ck65T1Hq~ny%!Q;i>gI_Q<0_yJ@crr3+tC;T);PY)Vv|x#1 zHeWaZTQrK~10}1wLY_$&eF6X+;e=AB92+AusJ>0aAfMTN&gH{N@lfs96Otb9!P}V% zqz|K!r2!zw4I=-R+F6q2;Fi#ZKzZP1&+)~C{anY>ITezJG!|9YzZfdvCzD;?=3egd zayq@DONh^h+jKi+Y#8nCQa!?9w$LPy z|5L$sOkt&1?V{)6>Pk>q?vxwOHu-JbB%ywFu||p2Q?bz1HfMv3A(hB|TI*Y9MHZ2` zMo9uVM~l7%0PgU-uy1|f=2jpBAmLvjsOW4g*ij$wzBICLo$dStA`FYd+f4|7m$}3u zViiUh1l83W3#AU;JH~*KehKQ!LufLncwH&7Y(hX~1%PCGug`8xZ-jQX42DJiE8#_Z zhhlG_NO4e5kWhdAj_wup6Bg@ISNoba@TJI^aaDhGTD+Wv?L>4UZbMzpM$hwit@b(E zAD@5~oWL?5;~d&ZmuIS;E#Wv23?=L3OCFRuavy{>FT%ox9NXb53!(j0{-Y~4 zATV>p*%p0nlG%(Ul+Ha^0tIE$T&L3z5X55ERuBko82BvQxjeD53|zev3Gl^e5H*gV z!*g#{j3qz&mJ&*^yqgP4l(aL^y&>b|1#r4Q0S^bXWVOw34=ou@6~m&)`Eu5KQ6|YI z`BZi|1#{1g92Z+e5$d6Jo_7T69au%-C0ho{srM@Mq#s#{ziB&;jx7w- z1u!-`+D?#juac0Op8hSY$S;5V4%Cu5VBoHSZkOf_B`6;X5j>>)Dt{=i-9$EO1E~YbCJUI1!Y zXxzyaE*}W1djF}cb`HTsToJ?{W+1iCM(XqeV4NRLt6!YY4lIk^$EzQ&*#z2Z7B1tn zyF17zZATcgT@+D>(zc4>(AS2?kdrwDB)BK ze*E6v*Vh>l{B8ig5lz}N3#O5bOvpzInZ4FQnVZLuAwVurVpodn-87w#s>-at{b=GK zCfj+W6yP|a_%V1UmAM8WF#&StwRyuU!-9Y1_%EI?#@Su)^qkKao1DcRyhngJbOhML zn+`hTDCZ|7&g%MCN?LG-1^s=MKg-5m&>b_XyJx7!Bu?W!*1;SQW_&CDrDK;_9C--D7@il(d%ceR!ZY3DGTvQe%U7zLnB!Yy z=fK8j5{F|wVkU{g8Fo5II`3^5yhB@F_KNzatNSfG_SYZB0h%9A_mT~mh<&yISlJ3- zXM>;=SJsnwmw)75=*RiiSaae9#6C(u1O@X9|fq~vBjzKQ`BSS z--cd3ai-Y&#ugWk({hgKJlm4|u4qSpVL~B!im$xETI;_2N=ntz)(pGN_c+iWWGZ+f z)k1r_MvGG?kry~0;b0`or!XFMQ=l!Nj7y{@D5MJT>%I+v0JUIx%LHRIKshhQcmbbj ze&Cs4Ehs1vS@i(46d)ciPGe@IQCwxnT@+{}rzMy@dP%1;dot+hSzN4SJlU46CZ}0a zl2Z&(h0^vSSl!*K-Q^D_E(z+oVI>@a?*ph#C4us#J49Z9rvdnofsSj7Gkt=9-E-E! zfD-N~m221N_cnrPpBt+5UEZ$qH3`uSu%Ut=SPBD|3!;T_E(PuY`#TIEn4;^8@*q3x z&ue=eT;JJg5oN2llg(uNz#@ImTsqMceOu!9Qx$waK@NAzatE;iS7dMR(FXwGIsm)- zB#84oM%jlgmUszC4;{(dsbj^q2q%MMY}U3fbB~qSRu|h6oN*E3g_`}p)02=wIR(sc znQ=;DwnH6%(I)`8RO$o47#DDm=xV(lTcy)B%ejn0!M@X*_D;ipmmXISdn3R~XT!@mY>ZHR zNKXpS^2f;@{d|B$?l>V34d9?p1FSuAd>KqadJUjP$3z3Z&InL=%r-Gd1@56()f!o( zm+WS#eAxkT^}+BBg9xM}q$p2HQ9jOo_xACZmKAlIV}&~lP(>ncdy1Xx z+&B6Nn-A`;y4*aT#{UNq0?4qx^%Qyj>8i-vjyn$s8K<7sZj3Ksb~LkC#Uu=%gPh=d z-=)~Nppegl_7iJM?Jv!3KCts-Kki6*=-h9Nz&G`JgBCc4myB5<~&DhB-gJXoIX&cHrqsF(4V%+jKBi9uonG^E2 z*KThApk*2he=c>mFz0fie-jHWPU{4)dCq|!E)$y0o8Na2{)q*^86>m5AJL~MupM@G zHMhNVXX@d`lHjLCR*M)9ak=S9@?^sJ=pu(?Haq8zt?p9&v@w9z(0rIX6 znh~NeG)0iR+V9Sns@f>U?(77<#pY^eg*>hgwSD?5;Pw{o`@tfJx3)4SoT68e&qIr& z?p=TKTucUZeE-+CZt=-48KeYGHL}1LF+LSk3*K3xFH|1_RnBax58l%{Xkz1wE-zfS z^Xw}PQhu`@*ytrAx=|6nurYCHYRjv5|9VGAFm%(5hEf1J%#plirnxzme3<`))~DRt z_iY|<)^J_F6gUM_(^qS8eu4S(m-*#@WqwiNry^bj$9ANw(jX?}gobLMVwm48oXon^ zS<&ln_x)bierE(Xun=%rMCAh%>NbVRUk~GqI)fM2=+vBCiQm~XxWC~b@lOgBxXGV@ z^$(t0hAp^*TAO@t3IikSiO&w7UmQrdX6uBR@M{O z9j=?FdMMlv;EWD2pjtE~N^nbv2Ff=z|6Kz9EyAA#ZEoliN=!MWp%oqDR*pt>s57>4 ziX2mJ-5(I0uoCRl>3;r?U-1>PXSvIXVi&=Sc6xcaqsX7F!~f=U|NLhuAS$^x zoyXkk{c0Cl7Lk`7(VW#>{&P?MxD1Z3>>yveS=?&%1hQUB)UEKR&z^z--%npV>%EEB zh`j+OAN)x-fqvuL;^e6*n1K?waIpVW2z`uk&W)lRjV5|2`#)MSaLog10eoGy5|Bb7 z_{wWqAZBLB8=cq*w3<}h4JkG51cyI}nk?wL?aa0d&>zh5zPtb0Q`PXmuszpR1$f4< zAAa#Ff_-DMLp+3Jel zuUs>5D}tM!!oDm6>Jj}oLW+DIk8-_ewN3H}unqUnS2}9?C#5F)2_pL10ikU_ufA33 zaPS{%uvyMc^0=yS{d$1nzR`Xm(Jce}?+i|>4khE_Zap531L@G@4Ip=0judya3WOQHC!j@)bJpKr0pe>eF(g@Uv zHsnox8>Ya2qI&-`no_zS*n!{h#VIiJxQyeNbnrFETy1LDawhCglpjJ>gP9;Z^LDC9 z6lCvgS4S zYtGI}=jkHzwo2aokYCvl2vGt}I!y*=C8+B?&DKSEw&m=LP<;i3)Ckce58X?7pLX0{ z_`^BTL)Ac^n@%Y=AhnU&m5l5c2ssqVnW|2j1kUY@4Vi6PxN+(C8t0S*_=05AXd`sT zlkLMxxz6K;98x@TwFm0L>fbs7W<5B^w(SoZ$7cqxIUKYxzYR6#y9(Nvzt`p9lGdzE zGgF9utMvJr01wC`-Ig-^qpjWm6d)r7bNn-a?s=ke6dz z?K|J95CxgGEy~jf*=a& z<9cA<`J)LfqtM{P6kpk)ov%Nnzv3{^PG?M$?_CqV^Ls%BE?nH`wjXMe_Hv;tuzIEk z>t4)Pqh8;-Gxw>+_zxU-IRqRSwX&$33z&?Ahx1t-r=O-|NsHt&e3z|sQi+b-Wq$v+ zBo7q;I~@n(x7+}Xqwyg~+UHWMF*?VPPrr9&qx=1e--9JfDV>bC?f#=d&~A*v9cGYY2lGk zV^Nw9&j=|B!G+eddUD2r!=?p|FH%gu!fL035jV{umcWsf-v!px?>tQcP~lG%G@jn&CYVyyh-$iC zAFeOo(Sb<&`lQ)`+p5JsM_6p7R=$8Qb3aIb_t@8&ZR-hH&xh10o#Umb=|3I3rhH9U zuM`%Z!3k7#@mA0N_?;{RkY8qo3q^bF!1lhzvwQf<7Vo-zJuK{c-MQNy(RZSgk$-Y6 z>Cc15Ds`OF=^>?>^f?(p>z65e$0k`P)KEMn0P^OXU7*2(&>GGOsgyvfgb4u{CF#Vpt>1V;vCv<|brRZBg4LQ$^F)7M^UV3&$ zL8dl7#o@rLYz4Z`>*o5uWzQ?13~u;(t>?lm=xAKb$CxQ;zid}Xj|dGI*W^Uq5^q%a zOP`5j=V0NV+ypEoQ2!LERJxA+@@`(>Oyr`X;t{wWJ`1M^j-amLBl{4UZuahG? zk|5(4fV!Fh1{&MwrfJk>@S3UBJ=m%`_cP*Qg9Os2hN~Y;onYGl<9``wVZK94rkP=e zS9rrRPJ^@Wzo1d`ZzJvhjSfDlV9)T{>n8n>11%u@`8@p-8{e@E3#Y3dsS8)r}EA^^h@j4{66&bfyl>} z=Wz2^D-i1A+MuYS#T${qsi~m#GHj{+&)VfjBarXz=XOfk%MZX5E<^FMtT28p6=#gw zA2JO8)TyDIkVg>Siiq+C#0x#=Todr`RoS1U2W0dCj3+@y{Vm#bKMkhU?ceUqgD`G>Ps0qv&sZZd)bm>!2Tw;^wuc0}!AEGLfuPbp2^*gtsnr$s&vg*^l8 z6x;NH@DueRRnSNYJP$Qde)TL%>KxC^tZu-3}F6lrxZ}7c@{fY}pDE z`Au#4K~dK&r4tWl3xMn+uULXkith~)m8^6!b+aCaDe$mP%bES&l>TagbODOIdV=^E zWI6J;x9)FM3W?V&O};FDMP3x#korljzmt(x95MtkLJ~)zyCaqFsIs=BTc+<-VCA&MwemWJHW{t#Ng-ehX`G8_EuJRLKoaK+{snhui^#>5C4B zNN#9%x{F3#SclDw-KcMx{creLmKwNo^0QxC7SLc%NJ%{_2q|-?=WIvE^c0Ir$a3`V z-@6xgA$a;N*pKJrGyJ{VdqQ)-^f0nGDcn zp1L&EXp^aK<&~`(;e1mC^l5;VZ%dpxhwuW=6FL*pA+Fsg-Y%3Xg2Mo0(qv$Fb7Ci=9cJ!eD5>aN&F`v~YK4 zizAe@=QJo#Wu7rtF`00%^efe38aq~g&Jg>@+1>C5Z+3a2hz;cfODO^OaDe5xO?yt! zDrui3E0!})r)um>*%pw_?|Y(s3WV@ll>4>UK#9nAKWQqlCfU=m+J$)g$d7<5Kq6_<;Q(K#9F3 zvEy9e?DaUhSyKu#r{3y)BOwlhTG;nH?&UZI9=v$_^?nT43eNWOI2||xXJ7ND4F!6G zK|*~czde5X3}_r>iLVbG(12;cY;hQ?`Yw&#D^SKOPq7q4>LfM(mgjtA-N8d6RN&q9 z(8?0u?L5z_BBE$@+jgdxGs*HHL5B4QRPCP&pM?xgy)1aSIK;r`EPVaOE*Dt8jp;tu zt=y73w!`+~=Of?TL&M= zO;6PTJIl(^Tf{bNSCnYTQ?Ob?wogcc< z_S)Pku3M#nQSZ~Rv+r-~8^!>tf6I zr66YEcbd-PF2rMYpT^(FfDap|Ztj36Qc3&aN;Ob&I3O;UoGGC>#D8@Y{`F4=DCO|( zp?n)b1@P>&O(t}4;SEYwK|iZItx&x#Of)v~4=Vcmti65wtcd4e`L+wi%-`NVemBcf z&8a}eE@k98|IkpWGdIMETP@*7qD|?X5R_(0IymYM{tk@x>rpAv=h*SB+N}VpT+Rhg z4h6CDBS8nU1&I%-R)B!pC=`LN&Kdd4kFE6^f2uqjLUs7tuebQ&>j84<$We-~bNwKO zW{V%Zgn+&PvkTm$E z3NZ;8z4vkuC2M@O{GtIpqW01@d~?;_P^;Zh&v9x~PK-Yq^We8muWSgg77zC*xGVzC zz3AilR?xdpwz84Z;iiLCe0%Gz_O^i|b>nxtOE3$2Ar=8I{QHls6hAN=yNhG(M6O$8 zr9ExPCblUT|6YIHa02J|D#k&c3ar6?+e0O0NNA7j=Dd7T_cnUjD)x(pfPY<0S*rEc zyyzo43&{Tvc3oK%_)f2^9D~YyOGF|NA}?t$;Y2 z(@;uNPe{lLPTmbG?^(Y*`CWI=mdJ+jLEL!DXk>C>=u22gkuS~ftZ+YM#&b`|VJ0*a zbEy^{?2{koqg?P{HDUWUB;m$422UwImpVn;u6{>-$T@#ll1TMWqCyK~NdpI3b=1wH z49aq(ee0MgE5~$3uROg*q?;ilT?f%_pyDPsoVev35isPh642$y7oRqRP4HpeDfs{- z&9YVWXGYV+0#wy?^-V-nY_cr0ovX&q|HiWW?f{`&@7Kq%`&Pj?o$28HX5Y@AB}-Oc zBUUK`FjrRC7md^!vEv%{883akw$#^KYD-`%Xg@?enmEg&@LaKga`BLxO%+9A`qpP` z43R)@&xtr%a8ttL&6Uh=&C(N(?fOt`lFc;1tt4oW7oS|5vGn-bMG!G>!KShtmjDq? zm?m17TL7MyBQ&&q-${^?wi-oepU#)uBN8+f+YFQqbize;lNhs;(Hfp4Z6{m zB-@`J*Ejo?=)0@f;HE;L%7Wj-)4b1G#VT)lWlvJ$w=}$o@n9*0o$((Z7lGZ}3#QBY zR*tYZPbrYD__XD^LLk3Ej-6J{$;&ZFYVo5%kEt%I{$^9qUASYnM~;O8_m9o;#8uC4 zf5-C5r>$SZMk970Wgtg$VyH0B@s5@b3Gl5Ax%yNe2gEcV&a_?sCh13Z zpN|u$mah)qG0`GvLyU+u&zb2R*L|s%da}bUT`?`YE^iRiHk=aZ^l_ED zIXEkLdRA%6R~^>{3O?CCxTZ545X0cJn&1zc+#cz(vyaO^cAtO!W^|n&aUY>hmpyL( zPb|Qi)=K>H^p~48ygG}hsw8BjchZzQj*z{(DyaPC=R6)4Eg7aQrS%OT*qXu4Ij@HY zG6>ts602^m1Tc;5b+l`-{Jy~BI$x(``fglx^@wx1Js~a}cChbt<3#$_d2(0a&6o2X z>$ML7oVwTX%lJ%y-0JR3w`uD&4PB<{VoN3IJ{q_noB#p8*JwLr-QIIbwTHe+M zQq2Ecn^vMQ4gD-Q{KnE>|H%u^Pnd6uKc=1(sND5mA34~1G!^XKB*&Iws%& zPJ{A!(dz%iCwD>ak*gvKMOT^t*2GeCotK3E)1V_cxhB9Xl-QBxL2bi*LrpFDkv%+%Ijt-kTi3CK#kAM(Ou)x=Brx8B zB|QQa(@7y^)E&9{>5*wo*puKd-#>V7;3|+~c_Pm1U8V%_eH&B4p^Ccs1CTpvxTMvfyuc({W9tw`w*mbp4fx|(fZZctbBJ2BLjZ*oj$Q7efvRP_JOvr^}JQul* z`^sG~1^LAT1**Yi=SJpmOpHeueanj6Ub2@E&#tdb9gn-a=pf`-cCNb|$8}x>|Rs0~X&& zH|g%9#=?b*<{E>akfoF0VcLprzfx#Be@1t{vYfORT*=O5>#dUUX|Hk$J&iol7G<0( z6cBzzY4+Hn-4&gs(MT(-H$sYh)NSM}%UQcyoX$lT3+4t=Xsqf+_$3Gf!skre%`T2( zbS$O&M?Qy3-^~M?bs2M@v2LP5^AP}AX`E?fSMX@6jB`5;tJv;9WxaDlZxLZH&7h@oL)_f!WZT?iSNG<;In+XEGn3xmuu zIxbPD(gw5XxN_sH{p$PIbE|TvUI9%rFb$@NW3LS>c&oR4mgj6CG*K=p3izFra?c=eC& z51T?IYxz;fH=dEpTgeIQiD1m5o~_Wk$!SlQ*3k4tjgJDXS@);&y(0*9bmjTIs@4%{ z>W$)`SGw-Yeofh)FxHf?skZXiIU1GT_Uc@|mM%MdB~-!s)kvh~&6}ZKYilRh7lxa3 z%kMoZG&9Y*%%z}kT@8WPwd#9F&MTBgPVZU9)^%F+>m}$m3D=w?iNEU>sq`C4C|{2j z&BmWX?O*HQ5wo5SbQc=!-dvfoUzu9%%kivl+y+GStL4l%bF9{&6RLrjOOVvBsnef( zI_F{9Ybs)ouNU;6f7BaAOp8CX88(_){;;v5k|9zn>th(M+!jOf2u|78I_>F}yQm}M zO?tMmG_HzJsw?DonT(d#*6TfbeHQEAHx_As(6SA!+=1HvVgQ?Q{ng@lUgSQ>jT<7i z<5KB}tmas~jj8uD3!_cm)>8omwY~8s&qFhjW|)YMzRrvCY_}|9g+7nGBeU@~|I3p2JSj3&Q7UbgT-UsbqXKV!*FyZrgPC~we*z3t;}>AWnF z(awY(@?`?7ZM3O({ZgMdnmE&VpFWuw&+1ZtSl&7q?%FrpL)&f}$)pX+A7!E*JzF%Q z;Q)9%Pys%p@b)a!T>RL{QD552uVt5+kgOQj<|<@Z?yY?tq*>PBiLzz(Ti9sX*^#GW z8hRwUgv|^|WGRl9k%=``+xvbOVr|h@XToi%I=(Z0-88Mx%%;ttvp1cD5L?Q|*)V$5 zY)_wr zs%Ptc5KfM%KTHIwD63Fkx9uv+`DE{K-RtEQOzqEpMI-2yMLy^5<#dhJ3>dczLOcGIeYp7S6DsG<1Cgmg2%KF^hxW*5IcLbXlPAl>M07RgNw8%kf`fEbVEGm8K3&emt=5#=!p0Y*nhlIAc6(I>tW;b;+3#4CpDnIjCVxD%M%H(|R6h0MozsifKf% zw0v_?{&`8(xwm3`&Gv`Hlu`uQO&*nU7u(>=!v`1#Otn5D4GU|WFmpoev}5k`4AN!N z-ZP5IrIz`lrS?U*oHF!GX2+CX-IS{(eq!$mDdtLT0}r0EPhay{y{I4$WX)#Iw`r&lZD`^4gj+G-qk{kzym~}DCrAFb`+`?Ku6Mo zmO+4P_=nHqdky3rgZ*wMKR?C{a;A9f_$hHZX+y_iE`RkAZ(c!%;@A5}gZfx`9iqbH z_n{b20gADXw}y{)M7lSW+OOMBszj2?ZtY__7@6_m7!y-?#;4m}ZdsrDHEupte^mX5 zSAeH?uI$>CYRPg1g$ib7W}TU6L6Df9RW$~Vhl>j`DZaTeJA~Dt?~FCc?o6&R&Df*u zk0#)ijkb76XG`SfhGCi$4H;V!Ny;l^62#Qk4%1v!X|1RbEHo7ICBGh>LB7p-+oij{ zc+4b6$Q&_wRaq^(oJXz`?;c*Tj;R}-Z?`O@_5PYhlT+EN&pmX1U`n2enSHd{>_M}2 z6WfRmzQ<)#06n+C5MC(R)blFS-!35wDYMdn?i+Wk%|6v@Vn36EtfPri))OsQ0ovLK zLFR%@WV8jnEqo~E;xb)GtfC|DVI9pBI|NHKavv!WB3A30^Ua?P?lVO2yaTh+D(v%cuXrQ(wvAa*a1NfTw$Z9$3B8+-mB-li z@|brIN0Z8S7~NRvGh|s}tHMeHLCkvOAxa828$;(=f8QQ0VmFMO$IxiF>_E$a;?iis z@|l2Teo5X_+~x9jV6SY z0U1}dtERrB%T}^*Z*k7Mea#KaO=XKR9}!Yz0^;fq?HBhM*6p(CD!rl|>+l?==;Xw` zxOXs@jPCOT9%}F$sQy=_IFC8_FHMqzjW)6+U8$$je028OH6{soOWmuJ>sTHiv1(1u zV}p~9ad9pi=GZp!vAgzO%ehthp4YzqqYAOtS=I|dGf;doRA zT;yC71zOy5qf|~{;X;kyhxObGf?wTlx(;H?{M}dJmHn%A*@1%I+a+bih_}B!mCF_$ zXfP`@m$ARw$GbY$*h4ne>W!&8%5!FQFunBBj9~Ak!r)^W<1%|!-l&a{6wMB^OUpN@ zuIeFh4I-1d)-HDv2Fq$`_+;r8*AT@GrQ*B#%cI?NM$xNiX~Q=+UfM+uxDztn(mmn# zIKSA5#66)N6JbiZu$5!?6UEdULiCs-7R4dfnWz>7R;O?0XdtJBU|KOZ zTJ)uYCUPa&k4*8{X=xcb)^jw~4)fWS=)(-1Jqk$SeT_YSFIBx~U$clQ5_{CoR!+9( zq_BCos};EH5SA6gMH_k5hR2USKk8i;BtAH%t2&H99!a;C7BGO%@cHa>^^ta~xzO-R z=%YvcvT>FAj1tmSAZDuFKi0JXCh6ux?IXS`aZ-1-NAH!i-D48L%YQP(GXagzWpvu( z(^ZzJgGlS(oeqFKqyZ6D^_t{Fdpz3m(s+QgQD;Y>Eqd(JMto6?3dR5m*kJ!L_30Bk z!@79DbjN-IC8DBDD*FRBViLa|%KIKW7Qubx#qW3iipC7-Apa1$Co4>JCt%@EDh zaOAOtEjATix0^QNQ7Q7uEaL?tuGQPt^N-L>Om4t5^Yg^&`d zs2g%zLOV`IYrQ4{) zq%GF%Tz8yts*6o$8)FIteP4;ltf}ET@@gy_^C_{DogU+9J5M;bXUca(>nWG*Y_{gT z>b|A10*k^5YhSISzjkF`$ep&r=B74Q%^1k`X6JaCi8qz)2UKb_HoT^nY%@g+h~?msaBASpu|#cC(6|1`DVqlAet0&_C= zR7SoZc<4DiR~A%oDL+6@ ztrHM=;@y#)@L8-uS{ZB#LyRSWIDE>*^&a57k|uMW)SHe4E*tX=Nc2>G+^CDp+@gsP zJNFswR0W${aoDG92 zZa_NeE5(d(f`gy*#h<`7iYMa@#`$a=3JyTaiyUH z$3*2!)IEcD6@S76?)G(R1kV38kMXnq^$X@82i;KEKf=p45F*U06O?h)5#2TvXvgV~ z^K%H&6{)qMsE`s=*ICBp%-|ZxJ+`$1pB8Oa^$|38g(F3=@pX zrVrhd^CsoIVJQWm9nS=i841InSDa<~Pzv{E8y=b#&Imv>LT=6n=nH5UXl|?%WYGQZ zW2DU3yoN8jOm@FpS>Fg{l=3Bjyi>Yo{81EQL}w<(cBCQ8+bQ}kxr0ZNfIO7A%4iG} zabM{%gY{rceOqt<%y$)gk^PY!tFyn?x@#y&rE?u)F%UavnEIfE5)S!x!_l2Px;2{M z=HaC}{6-r>lKU@!L;;2jCw=dlvgUx&(1T7l3KnZNfPfVG_69PwH$9T*tQS~X-j z`4bCJ0ER2s+3kzaQ>F>uR+e@rY%4VTlXD^5U=l3Jo1HjRw`c)#ltg@mW9V3X7^u!9f0-X*u98W5O+ zo8^}~6J%P|O=}eyvF=Efjv4ZvBS@soTFpv{XA{*q*KSr!R-?yeuJv^IS&`0n9~YWg z)$K_=+Gl0SCoA`u``EFl_0ATff?A%eK3>Kmvv!4tg^fKpA%I=9#pN77nc$S1d&H?g zd(L>r7+*woJGShx$AlOxLefB_kAEoC{UtVA6QzK!t*w92HN8%Bt9avTdy02qea61& zC0)_Vxb=3oGn5N=qrEq%$99}O^k3L9f4>qfI*0QqirSeowCx5h&$;BCb0)Iyp~UU+ zjM<}+I|$JwxG(#pGivu@^4&(t(=$!j$s9exCfOk2I2teutk#UjfC}r_N1YznRHt_J zl~lbZBd3qy5~R|XQntCplw|`4@#R;G2co~W9aPec*_V@(OxHUfBCR|7l!V$zR{k{8 zr0FHHcoudvHFVJ5({8u_Hu%EVvqD-URvlTH_2OTciYCeF31(*X4%<2xdJn&+Dctmt zwn!E|5ZnF$hyb=pX)vC z=M93jorSExx)brcu<(RY3<7;mMu@s2`xe6c;5vfKTOeFKrDR}vcw-?sF;N!Aem6dS zYe)Wa92amMMM%L!jH^h{m@;nvs2-^8oUjOdP(f9z|ok*j-)|V_9 zRkYp0WoUX5w!tgp$k;OB8ZEt1kN^Z)L!l_zt;E1%yiPpec`ykC0Z|#CoTs^V!6&svQZXj|?d2b4gdOA4F3CM671Dmh<1ZQS261ebG zOtr9fxjT*n_*}*HGTxwxM#qaw|#>97V;T?U!7aK-^931On7|R=aq7Pdjw2z=*_ky2Cv;~Alr?Ge`=gv z{-o|vYx8t^rlf<5i;KmRBo)t8@HzAPtMxf0P_T;^t@m6Jk&?2EAbH-uQ);+$r%+#@ z@8kaLTluZJJch1XB{CG~ogdN#qp}X#>S=V%;AnzdR3#gy7nzE+_cSZNS^h$x)9z}F zojkht!tEz8(pzLD{7Z@0Exy$Tm$5m2iv_uqEY`^RQLQ3Ek4kXaVu<##59Pw`K@!Qo z?-nUaxUZpWrl7146r2j+kNHg0A8Uq3^F6$}ueoczX&zyP+FsEW{`Fy}f}D+0oO{bS zdLSYW_A(M_5g2Whuwh)*KA16$Cg!zhN{@OARv_eOUX8f-Y5UkUa#fgpor)J4x$ohm z0(a@Gf7@e}AVBz6j?hLWp#fM>oXNYCv0YOi53v=m=HgCPO_x!>; z$X6+|Ir}WUAZI~NL6cQABq0(hjc+1ffDJeeVqGc(44d})FKcW17&6;=DVIAwqWup; zlATUpq(1cD{mg*B=ZIhDxbV>1o))$~W3hAG}L6b}YqKm|v#$xIZc zOIN-uWbI<((uocyWb@Zo;27*)KG0gSF3k^dNDB z6hMJ?pISRMItJumnKNpxQmIT7vk>US_*GT!j3z%H_0sOX4JAf9k7lRMPpkffsJ7sF zojz@LuM~$W_7I(Mo7{lWPcfa8JDb^y9bQPU_l;`BadV2^b~q!zcqztRJ;dm1W@CNK zMyFBoK7;Pn`+m!B9xYeafU4RB_S0v!H;9gyu(9VveL0jsmLiYs_UNCBl(=63B_lU2fK6As{uH*cw5z${xtRVvl#;uXh&5JY5QayX^T({*-+;~BPr9CxcCRo8 zSzL8#nSZ3g|3EH_)azR81ox6?KfDXIx@R)yqSyl2W18#Zp85Od`yU`0+pctK7&^?T z`mpUIBGF7^?_3e%rJ#=YA8Nqcz@g+bRI$d8M;xo8u;bxWHO6kq8O7HQca7J6>ay8R z&~t1xGaTHdN`YcoNK>@KW^HP@vse_i_nIU$PPkUachpY%y#|PAwZ+AwIeG<#-WzL? zB+Wv#o*oM=ojwrGhilo!pvq|CoF9oI`)siGl%u_o@m!3>X`(856X$%h#aHjwjpRUu zgoQ8oww!!(u2pN92GRpzz9`Qr@1W6wm#gs^Zlh($eV%VS#Usgi-8O|OVoj?H-U*h| zfy=z7Pf4LXi}1Mder>kw_L_N+-D+A(Jb@vg+@y;dZDh*&GOa4)J^AX5%4`at5@}P% zRGJF0e5W$pV7O^eG;Ku53H6{v6B8jMfQUr4oV54iMOELAPIWj;Txw)$H6!iVpBPD( zpezLvmS)SQ_Dx#Ejt19~c{KX)YSpOB#75}LY;>*B$U|oCY*p*-Yk6~ESf_~kkq(=7 z!M@Wk#L1;=X0B9+)@M&uS8JD%mTOb_Kz{gkyn%q)k@Sh4cW|srpVWbbL+K0853h`* z*pn9PW_U#fwBR(P!b=`btaq0-(5p`+`CO`EeWlmdLgN$h^^vF?@h*esuSD}*58lGu z$&tRdZi295+=w9*3kSD6ai}VtSY5*lp4)i*G`#M7G z%18r}x_S2=X?9H3%#I=GGA--44N1>g&gfRaH!&pLOKPPn2JYpcoSf8fq&24^+C1mg zXCRI}Mty+Own=@l!!~Fd%`p7Ofg!Eu6S<&_b0tbqY`9DN+^nv3+iRu75Zf9eW>WdE zVs+WNqr2FBv+Gauy%j}-*S){wtp_X27R9+4-BYgM1#RTcS;>iS}In{fvv4#mK*@TK!vjSz&cL;G9WMo0v)u7?lz?;5a3g$~?k&cl9##$zc+9xgh*(M7gGQel=^6FbRkIPBrEcg{rEp1R0m|FN8huG7N; z^;@`=>;>eVg~embi*D?5J*lXX%-=QM9aeDjh_IN2qTS=Zcj|9&m*BmWiklm%Gv)K; zE+Y#o*dtj(XAzk=7du3i>UoWmvGDuhIHO49*N=kU9c_%T@e1z<&8*H?9{BVy++~PI z{ub^*0{p9cyb!V6yM-@tktxv)U-1koCKpKDU(X^Ll43L`807_}brk!nl;A%7G4Yq^$&uG#m*YBSG)R~MeQPrhm&j$=2RaSXo6(&GL&2%x zBOYB=n<$!v!V3rqZ)xbj2!q>qi%gZD3=0Qy=!)HIhQ;=3AQc<;)FxCW$gG>iS#DG@ z%UHFcTjO@{8gifOH9iiz1O@q>l4k`V0>L)*<`R0JfivQ8?x@2OgNtpi;c*}OBATzQMjXw$hzr{ z+V4JYR2P;I3Db$GmkpIAQvopbjtv4k^OUo z0yfHkWNXlSI<1$|3xdM|DuT-(Pt?70{w_K=c;ZEXkVg?jX49&GRL17(tz7j*>lTtB z$$ZsfHbfM6I8SOD`*cQzkwy1TtG#+cWkl~RbuWI056J(gD-_Mc)ha!|H>tRkXU=BEjH5I&!;X1#~o*3iYA9MwXGtbh-` zXK~D7kRFXLPJ<8D3!?yK2#3FgG~U%v z&>Z^vjE^oc5gYL88t#N3MPH&a#4kGf4nMV+d}~2_DYyTt!N*mZAud(jomUH}FqL;I zlx<^C)S&B(k6}YV84NC0+q~c@I2G%xtx|q^7B`l0KvDL%+slwt;Ce&PLOXJm&kNi(wQi_Xg_^%%N3d3mZ&gV)J=863oOEA@Vk z2vAZ32%|oLd+GWi5W#4s5s|E?_bt^~j{(w zE{2chowhus+57=z!zh>g zk8Xzo0WLV)M~tg)UqjuM3TiWg3l3jO!gy;#WAC)hmDbTS2bZ$BqfGOVWun+3+v|hZ zk4HiYpe=HpYO8eUIyF0>K~q5K7=INSAJOF(yinuZo=IH!gSUxfNY>^aN-3oxRW+u} zsxzAfR?2Ui*Sd5(YPAXjifhcFz276`l*gcb-8%wk^5&@9ZG3|P7; zrkL`6Mn+aBK-oeqsaHdp5heh;IrxzFNDfWGINtvSJDMw4z~FRU!wkbnFch@+)2(%ThMcY6Y`u@9&#_$!-%mG*5JLF*12&m`7STn=NgN;# zf%QTuP4>_WZGO2=eHZhhk5v0WnGL;NL{HqcXrG-G;$kBAwmv2G_=AM9X@i}oXGM;9 z@KFeu(rcpLoc}GF$Clw+8c;~BIeEv=pcf)G-`TZniWS?{Ho+<6BJKCyW-uf)iDb5= z#9_#k^Rghj_nv{qA|E6x#n2>pqKu-9YkSVj=V!rha5+NGBsIp1R3pr(7 zSD^Rx{w*qhn=3Gc1n{K)m^)+o2nh6_lpU68pShviZ&M5m=aQvz8nBcvwRVl6t(~2Z zz-P$k8hg;J00FbWU?D?nVR{A!uxSMtmqlpd^|=on=^aAZnd#?u}Nc7E*-3iVSVHs)s>wbFGw;I#lqb#{LrRi_TpoT4(L zmT_xF>N{|j!7`|8*(W6Cpkl5m?LUW9(mfiH43JdpNYQf9tji=m>) zTY0IvY1|jTCBksZvbfAq8)2V@>x=ub$p0=bFvZ%5si_YEj$ zh3Z}Pg-XvzQ(i4a#Z=M^M6OD_ixT#>(%}#Un6}&J6Yj0CFP=leZg%e(!Fyor+Dd(8 zxuz{&=s(ZSA0X@&$M``Z1Gjk$Op3h>mPF?TjxS3&>yzFK?!a`}|Gqlma@qRcq%SHl z^K*U(dqvLW=e_L3Y1Q8c!BzyzGM8y+8uJ;w&d1d^Dd`XxbVtd+PPzo@?C-7(3>i5q zjBXKLT5H(V-d56T6uat6;BB^p1OrHVlimxSti97T$6x=P;6*&0b@H zDJgzbo3+=Kj>EZ2=N)w^p$o93;BjP6behRdi~;~Hsm#_ovupSE;J4>LcE52yfydJ~ zIT?01WH!fUuUw;P8ChzB0Kk3nK1;>Nx|5#xau7foR7ONCR{sAHnc($_j78<+b(;pq zkWb@>YIRAAZ@6LZy?x>8!3PO!t8BviPVrzIkdr`lXVbIlU^tlh)~$`Xwhv;IsXtvP zat10?S#}n=5O=2ABsB{0tCH$=&d)E{kCw4SRn4bTH#fDf=P$jx&QrMgR8m%|uda@z z4==Dz(IjUJW<{RMe(PQvsutw8T6W(~q2||qscgodHQqu9=dFHg3om36RuC0PrsO|t z%83PO$9!P?uP{8jMlcE+{*xb_sS^jX92gdy97hc;Ol0E1_dA8*1Cw3+%s1&fBojiL zs}UQIP;232?cHfDWxlm?@#Dv;@w;GC&YY4?tCFM2;8jG27yRm78!wgWKUkb~b)Q=c z>y0%{@B#!6>H;6fxJf~O!2L-ais6= z1}ccJ9+MxRlmTH~E-- zOC@*TnE8!Ebw>091Z6a6$V``heD*-gV=jEKq}`Rl9}EwqAn*rUP$LG1H~a0~eO%*m z;s@_3v5&^&&%B#a&mv0f_YI6e+kgT=86W1EH#c6v@$m-c|6l>YFW08--}!}oE&pC+ z=teNCOy;4zq41Ooij&zF}EqHqE(>%N$Wq`6&9$+-dg5nPMn^!W)M;IDOxRF8=az8F9mMa z50@r;;qGM&EKJhIw)S4`v)W@yLZCg~iwa?12c50Vii(QnX5?e2ubm>t+nv+88i+`p zrgZH>m4f%lali{e2VSx zCd4aSHx_fsa^JU08o6$YlW`2b5gfxLiz%B4(L3X!6cj{UP!sD$a{2ON(G!5)-ZdJ{ z0S&luCNt%{j<`FcsFB|j6g#wyQrWBv7RX3Tcrr+CU#PVhUj&jTrL)j%e^pa=cde*O=C%8`tfNUd7%Qu`fZIk2 z0Lna06I-fPF_Q5xc{aVCK^dC|Jo-AbW4nR-U7am@{uqQi%3+;1`Ijr+<+k!N16I$d z>5kaDQhuHQOC@IlF!8r)Hy%(pHxmj`1E?Y{Z8*9Z{6!(KrdRMU$_OWNV$$D;Wo=TB zcnmj5gvZv=s*Y}}&!Tuo%0If@!kQDUCkxNc3|q9RP?(#-u-D8{dsA!I^8{273)gi? z0Z#k9Up**n+JO>?;#@$>LU%>Rk}}BB*IcZ?unf44`B&c@u=|O~%|-L@_0pHF2^fgG z#uKL!%r)4{W|L`mT@glQ@Py5{P0r<|wnM?d;q7<*WHae;KG%ALDK_UbV{@+oG%lDp z*+@|#Q+Qej>*#6dcd=5UY`j90csBV9-`@c|*suw0L6Arh(ICu}@(y_b(_v+5kMy-w z(hOq|lc<&SEmG1f(V~Ajl$TIRkm>KG_GVFXSn8sYv_*DSxhtOUuhN_Q0xWXc*)<<) zT+GhmgPeQp+}0pJ@|y<$DHsE=f*b!#75}I8QGu445poD$MKLhsVgV|cYB`@asLpEBnn}FTV`#>UrSfG82#mU!nw_=|Y`jX2(thD?G`}1%K70z~U>X z%bvg3{Q{YaSs@m;UG@St_cI%PiR3jZ`H>{crMMmm*IhMo=FDtCt3x#Kc$?3^qIMc6 zb0iXd!%0Jcf!XJEsn4~=iPvQk9V6!0vncj{ zdyfcJ3i|eOuFEgO2if-9#Coeh?bbrG z+!S$3V6s_qiEs5oD8R={c*zrCxYXMXqq*Ljihvq8DMGeKcQ0Y^;)W5EW~Sa2ZrGk> zz9p{mW}D6Ey)DN*3?E(z5FRy=^)mk0wLH!bBP`&}8;gVj(RPVRI5lAKjBj^&6^=xV zWv|+Gagc7&IZdL%Z5p?Mx|@ zU1tm2C)Ri30{xW(Q>ruyluFz7!Xg>6ZOdi(hbq>V4)2yMy$0{I`Tb_vU0kg?J0bbdI1cuufD!|FTC%jOwVX+cE#4cg8pK*;=3~- zyJ>FSaM=grgtN<+F0R&a{`8J=vDm;YU^9GKrIrOhXa;V){?b{PEvkLt`_CVG>wDA1 zh%)uMnM{nqXv>3`iq${EVq5bQuB!r_pB(Sct;40wOW@m!A|T{A)Nu==5yXENK>qjZ zfpi>#>^wN*Ye>_ngDvT+s2QZ2C(GJA3R=``(|NYvmFvePA1RvRbEkBh_lOlEc7LrM zmfY8i!W|eva{iPQo2S2RT5r6+vA+b5KJV(R}@H_6Bbg2RzQU=w{vgW9rR@05Z%WglEMw_N%Gf`ih&hA{Y zjL&^(!*ST)_q>1tbkw}9+7*D|nJs^xI>YZHCDNJa1+^TzUZ zj{|>ZFx0ywA*t>Q5Q^GO&d@QKiAQWRaLDXm0vjq1jn(E!jNP zB6+-cSE-i6^@|;C!r8q2$k8s^|Gim4D5#SmC=u-Yi!1w{Rh;iCS7xg9G-t(akutAO zBn6Pe7UlAv57;tx7u_&~iEBqz_Tlz{ot23P*i-HAGSn2NzGYG`Y!1kP!7*(x$sfKr zRN)Y6S+RU0&8l^|x_z$9Ac1>@tj%-Ez7EB#y$q1Jb5(^SIfJLOUZ3J4;8;YrH2XCj z6iQuX83dceJE`x;Z z&_ra14bAC z>R!&SS-ZK9W;#7}xxB+CXcIo=tq#mr&OOgi-`2Uc8hd7@C-yEZBB%uis1`7>Xwz^vr=0WK zHT$7HRim^FBNfV$UIX4tP?b%EQW(6RgN~6npQgvXyOf8DR>k^;Y@t|0MeiA&VPVp} zAQ1d6gn>cm-9q#1CUYXD4aQ4Y@&n>v5iD=N`5BU6Jep_qO5Q<&I61l(zHjPpV#1J4W9hb#*#1{i z`9T9_$W$GccFETb#i}Fe-RFYC8XUiXYJm0*ZDA#x;IO2eB!^& z*VW~|s>(mCQ&v~bM&J)ii5-3ojxIrc&i&GsehGWcJZuKtt=*3rF^N0zoY!B2tKe)d z-`>oKc~TXlo+8~nFI#SV{rTBf%2et_r9Vg%=yEobdpku3H@}mItdFcL!sa5t71p(Q zWlQWUbeK46bV24arcGi}O2xIxv-*;g;geVEkWT)?MY|N!eEvob{xK`9mTQX4dD)M{ zN1RB)C*9$%m0Fa|){A;gP0b@TRnjIul{CD23_f+wYSX!v9DB{pj}7f2wNWg_#9a%K z*WkX(GmqF^eR<3;vGS7oSi`hvx{UioY3mWtJ~d%9p#W=s8qaT4Gq}SmUbT z+j9xmbOq}13c~X;u#4x<^hSw41 zDNYTGA-#vL?)&jeRbM#NH4)-wAsWoen<$-Ad?3A}Rsr4jXKT}VYrmW3NO$NSY1vX(yEE-=GY2^~Tul)Bl z-UZ&170tP-Y$~x%(|cEi)R5>Q=oeuF;t*pIZ@tjD8yn(8uXx%kNU(Um1~WeYl=t;2|2%va%y7+;YDdxdzR7>tyvf0~ z4va>|D@>nX$;ju<7l)9X6MevKs2gC<^>R&V9cB>VngPXt+XUdf@kPF%OYoPAftUys zTr33E4lJ~GK(Mvpg`21`R}!=MxM0w(NH)NX8hs-!+A|7sdh&$!6-76wD_1}CZ~8** z_xuguCvSi`MCN85KBpMNQHTnQ=)c+3JxFi*L}llc8T)J^2Sf8rUmdj|uB}w}pe@Vr@T~L;9ID&K(1-n_-~21} zIr`66;y~I7KCrVuJtejJw!5&Ny~6n^k&u`(MnPCLv`DemFcKEZR5CoP=;#R3f_Jsa z4pFVh*}FhQ%Yn377YKYuQ%BVW!g&3a(hV_iaqSh1{#6fIbSo+Of`qZUaB-*x0FrRFfl{l4UA(afupCqg-eYtznOrJ0nSZ!9@wYG z1i>4Xl2KnACsWNkv&}yP-Ra?qfk%($k_1BwctSL} z^IF0!om4DeA!|=>N~-!sE+x;rmpIKO;w9#wDTcb*XDqUBvs7#6v)g^TW-#?KClFX& zji^u=7*yW7))=v(F>$*)QSz{7g^|=!mlbIvzi}1s**E zllB0dxP{RljNE&wL5(!IptATp$fCsVY(tA*aW+)^GOg2kUwE;}Wsb zgp7iaNvJS>@fJ-lE+`amBDP`%`Wx|UubA!Bpo3aX1|=#XQqgz8pK%&|mRMlw@>eiO zRm0Mc^vRoKkkTSTq`2TL1pW4Zs``M+JD_j|~%?~)510E&$<`XyjJTUG_{WLpxv zNSNenOkdHg1aFgv1#@09mgF!MS+L2=*UoxH*I)-H#M+}0#6aTb2%i62J5FJqW)j43 zr?Mx5FagVNyv+JxT3p()Rf7zK*wp8xR(z5A0rnXeY6SI)9_P#r1vpztbDrOO(F%@4 z3xqJ!4gZTcoWhL50>O&`R}C%Kr~R32mpjSyLyYjkvzy7&cz6AtwzjYJuIH4b>xP>~ zZ_A5c*0&R)vI57pD%vE7j$D3{M6bo3m(({Q&s2}4sWJP-G28^sSlR9+b1B`Mc7@Pa zr7es^;suk1_C$1ZYDt-Hsfx6A|9fRJuAhDtIGEmvP~V1w?QYP}yvln!#eik(9$B6he2Ju||674__f+c3+?AQv zf)Rl7;up!_Vv)Ze{Q-P0>p&WRG?(N*%S^!R>ZTwm7*Go7?Fe?dKZ;qVXC~aklV_%xQ+mPdTgcSfOE+?M zxHYh!XB{n?Ad~)YK}nSH!sM~SgjiK?h$(9mE^og|&+tZ80EB|I~hTCL0D?Z=eU zES+Jd-8)}6;6m>1KY0v>!E|lY77lSP(6eV+JecU_G#llC9z{H|gCf5N3}flx`RvtQ zk*{v8yWP0<24AJdG(A^bg5Sp=7lY`wST!(kW=IC?b+C*BBl?XlA)_?l$jeGgC@B5w z9D_hyv^JkN1I!`L3;BA9eC4VG`^u<@M^g!bsd?gsDh~rc!&dKH(>tFm$Q;@|_^MaE z|Gg+Gx{oPN;=+%4>6c!IP_$_!^BM;YPpIl3(ML5ILky?F)?~<&{y9_>Lwc62?t^%9 z(Gy>#_D3bgEg#+maGw!R%unkZimNSq>TeojHqlIx73x!49>#49#22S%%H#Si{%=BK}p)yG9NL^_p%P!XI} zl((PuXAjh%>!7t(JDxD-;INq$GkR2j}l7 zmxVqtNLV+re%Nb-Ve9FlCFP$Tlf&yfH!EG$@pFX=(*uM`i(i$f|LmFmr@VN(f!FHD zxS|yxE8cI5AfU zXOw}Uv7SZ8kWNTG-Cs6AdyTJ%WArOmjgL0pWxdv@hRN$d$1k~(?XEBK!@Di`Gv{Sv zSq|r~2v@PXa`Q)eMT9gUR{&Bb#6tQ3-J-lTA@E1aPA4qrly&ql7)lR9kuzL zEDo|GmZCr>frv~S)e!hU5%CSbQkamdD)PGMMsGeAo24j-J}f-d&6I{TQ__j6zd38{ z(E@KEU?xO|?hH?ZKf3E^l97O?&}P(Q!OeXlLMn8e766>yycG2H$g^>hTC=xF_SVvHX(_uqad&?UOf+uIhrG&QriK|2>GX>`fY?Nq>ipRj}`K&|%}-o32#5lcJnybp4mfn=gmWslvqzTFRKe56Y(Zq#kz znB`fdfxLD&5^H*q7Mpuo0vvoi71_~kHUA31>dV1%-K+0nK^F{SiPhW7OZK;ghH6s8 zrkR;)!4B_>n-7o)#DaT_L!kPf(%3wZxw57fbDZj%y_aFgm*7L<%_H&B-*0TAi)lHgPEK`A84^i6%;>>~GN%yaEKo=V@;fbWP8dCs1}_ z=_D03B_e!HVqDtlKXN^eC6nq+YFw((8)B+#Th+viIWk;e>5vb{ z_BLn|&wqZqR{<7CJd059&`R34h?ia@p!%U5rH3@Z+0vrAeu-824;J93e$7W04R6Hv zp~4Yxe|&UJ!j!H0ILK~UYdC1p?eq5@hK%f#$Pt9k`#xTUtl3cTV%7!c>)e^2M2HK9 zrMiAR6_N?6c|fD%kXgQ@x`~TwN)L#em*6EMdihZbobCT59>zKU+6z{_GFn6~a3!eg z`90&@C-@DL<#Ji9`x>M?zG;x3hT~}C?0CtPTXmG<0l%)Kjn>i zDbWkAgC|-6UQ3V>6fNXS3mPTz&xus+%dpAc6@Al87D6(+^yq$|pfR>)Wf8kc8k|qJED1C>oZvtOoz7c)Z=k&7fb=~`{4Cu% z4!w7%K8im{{h`Eep!SsVp)d~43%UAv9j*rZC8HZGLw6ds%Iab;s~7YqD##4j%GmOM z?&t4kY$G-+^*jb^`EBAcUA9In*w6_sln0r^WNV=p^FDX4sTY`|%JJ{x-}~u{o{&hs z9ne-z%`6aJzJ`gj^)L|;G@|TQK6$U5p;N0@47;poKB_smXQSt7 z&1eko7$RY6bivb6Yc{l_b!jMJCEix1aPw^2PwH=GQ4X zf0O|Qv0{9+4ASBin_|c_!hoq~e}3K3w3mu5#s4jDf|kHa*{&vYK@wR1=v>7H!)9{9 z^=uqmLwNCNKlV-l2ZTAFm<71xhIL-VrIW zlSsV9Wx+T)p}&P3m`19g9B_!54Kqh$Jhvx6{OK=WYFkN)=nsF*2r5Ov$#)PNsp#eq zpihH?#}Nm)CEk$%#+9!xB@fSbSG%>DyjkQC@#E8`Vu^mtGfkssXioFD&DOaM3?6EY(*fsJ)u`l98zyAf*8u*!G$=gG44=sgf6Jcn7FqZ_0XH9!oP?T{Zk zaW%+=;Qb%n!1;d>5%dtyaO6g*5;61VcewPqSaFR#wk2A8Bbe{}uw@f4IhhA9pfb?F z=&4^&8iIK%$ON8gx33X0>}52#xz>8ouHf}`*wQZ5eJEY{7yEwyr{F1I70>DrN*u8v z(FlW~Qhjz%Wul5x5qVDaDM=J>*H5J@Co_OR9m?OdT!d-Y2dO)G~a&o zyZf==N0eT?#&j*MO6SquiP9J@9t zn>adIB+f%3T9SfjrWRj4baN%g&jV>9kRKa034oCYc^4~`rDx5NP8de-{BmN9FZ`ne zjKtd^piOoH6%`N_W{4($00a*q1@$E+rTt{h>dQHnSh>boM6~=2tDz@fi!B%g39$)B z6LiU=AQdZU(LAnl2#B4Cu6aw^C`8l1%*NZLH|Z@Mn0oRdLdAwylx*J-jR@Qd5F4wc z8%PxJ2@ien%`yJ$QS?J8iJs~y_=Y2O{r5lKIv^~=?{f*c0KKMQJofyTO?|FgjjNd$ zSKED=;oQRDKrjGS;e^iv^+DH$#%jPQDwOCy$n3tMb|MX9 z5Dg>IA%qYO^`~%vvzF{{53i(*>njz^b@P4l$-xVXe@=J>u!!3W{$5IK?1+NrEMw_r zVY$u{HuBH;>_4=U!iFRYi#je#*I=D|%eJ5q(8U`3qX*zjP>mU04bS!vvP`G<$@tjI zps?x)`0nBe3gU&>e}`?Ezq#2bCX|lb>;&dltp|CzN9Pf4gWv z#OY%q)d*D3&;-J@s97$60F10OhZk%%8%|WsOG^-d^$K2Bygk^Ugs(to`>|Zip!$B+8)oGj!7B51eI`z zU6?|#y50%W2sqml;fnT|?H?9RrK^F131>Jbm^?C<%-_`qVq9jB?EQf3byX4RA#G5ckxvhB;vd z$aC0E(5c{$guUccpi4@IO3gXAEH*z*RMLNu5#p6&hjcSgk06%se10{@0C@gk4G_gX z=V1*!QNDrui*r0C&6}D)oU0~9y63F$ZQCSi6DEE)d=aTKmN2h3;G*pl-r^K^i_`C4 zryjk(R=(3f~=V-J^vkV_LH`U(hlX!2*?zX4syIX_h#bd!`v;*_`yq7u@Bt06~~ zB*916ni^Tr-)-bk&!ctWzu3eo8JIUCa*g3%^axI*VHs-FEDeToLo^5q;oOt#Z3S2x zErPC#N*hQ?>IrL96CH1$AZVm1YD9(^ai|LYJ6MIu0)@;LCOm znQ)Fu!63ZGo=?Zu=c?&({Tj6SI&vu+u#;Ma>ZFTzPkCzsR!%dEdLA?Cm1_O9Ny`Ac z$YJV$&!atJehiG9ZgOhM-$uQODE_ZB%>PGCiaZ%#@X@X?H{=*L`x3vr?J9qw-D`yU z^Z8HKj;(7w1E#DgLY||TzJEjF;lcS&zL#Mj#0uWR@jN50c!FqxJ}yW#7Gu(=ejmFH zsr7TS^L8TvY-ax9+W>Ux z1^w=kH86a5mQ6UvH@AD|V{3Bd*|nK-XI&szrvZ@xa3i!Zej?aO!i|B&1EgY=?O1~e z=rH;pXG8Jw9F+lwU?phsL&fXQ7*`W?Pc&M%pnv9)ly_z2So%A2{y2cO!O)BHB~G~@ z&I`$9ymlfNsYyZB_lwkP?dU6>!F0H81tGWK)|XoK43%>=-!!}HH#Gmc$1HrJ`yh@6 z+VMc+&Tl70brz%ABx(K?m#q`cXDv{N33mmyisv&<>Pd`zp#k2ZqCesIBIyTIK_*&B zb_=kOVFLZ3Lt;Gx-j=4V#H=32vTwVkJYxse^pXWLXrM392A9UQZZA}bps*$`!6zXju}RWXCFki z%Be45Mvy4wKJf(|?~ReD>n9!rHYM>E4PThp56;a^NTxl>$_VO$svPTEdm72(2b__v zw{+5Q=*=&j>XAU8vzSi`b|;2K|3Jk-jJf?9bBb|OaUmxpRw%Y~Im0)?GDCISvMAShoI&`^ zNmMjKRP15@G0Hrk1#|(VaS^Cg?`+6yjM&?Od*WGY&{OGz2uH;)q0CfH_H8LQs5_FVx~K8aw5KEzn%uY zI5EY4p9LW!&ixkA8KL^e*&9mSd9X)w&jm~LpFNpW81NrC%X|H#EacS#07-k4$^Ltd z4fc)S*2Y_8A<#NcJov}F=;qfa1n91Fg&5HZ{4fM%IX3Byl2koKsi8k7X6-y(9pZ&nyhN1^0j5Avb} z&)9vc^e2u?z^jN-PBVoEnQ?91mp^=EBmywXOuoc&%T_@TPdbbj(!lUFUXHap_6?1Z zUMK)@h=Vaya%u~|vWXS%GNyker^n^OsFIM1-hb3X7@Pevn$O3OY(b%O6-B7gAY@Hu zV)BO8d*$IF|LZK@2OX0Lp}iF7*gqWi#|vvdJrIO79D*r6Mykc+eDK1I zTw@8RkQ)lWPwn4{P`wzS!M)_li{BYKHQv1@j*;NSd^1v;tHPAkBnr9a3=NWwVY!W+ zUxl&Ili?-!8t9piaiPR5X{CKD)sNfIfe0GEtXT57^Fvhtpyn1Ys=DSxe)KT`w->~O}-Zv zKewJFsaT3YQUysPN{+u|InFCaIeUYIyNRO~FE8;lFg@_vm}L4(xI7mCavXh{`7iX^ z3-S8lH(M2}zg?}z*g8@eS@KkR4ekmBdswOUIT?3AV= z9!Tupv^#Jf-B=nV`Tu}=LQh}L@-pLMHdquXCwIH5tLp<=O~$ZPhO(RU4_~8OzYBfl z%0qA>&tJFwiHqOA@d5?XMI{4ul?UvCn8BaL8=4&+)7>%kGSpE$L0zcs0d;v^9HIYP zT|VFr$WS(0I*Em7yyxEHvo5~G2e0)5ZIe-9dUOjaAnxik0%gG`P>w`c9Pbu$l(m-k_e-jYe3O{lOa&OpTH!bnN$Nfq=h zU`(qzF2At;{Uu`x82$MQAp0Md#=H5PM)F*c)*mc@4wL+SWvI6%@%CyMS=4bp_qWh4 z0|=;{K;D_c-*ywA+d!GA3W$A{{ml7fFB0+*WpUOhsutgiKU$BVE9eaD`8dGmq+%n( z-*4Zj4&W_Y@ta~c#U8!^&IIp&_=a0%7|(71%!TunAZqkHI)!lvIK8@6j+@hr zrRD%{(Gt8Uyk_{&uU!5c?}&Q~wXc^6dRGAkIzUmH|9$O$(jn)|)^R1>_N$;?HR-JX zsztfpH-d@N{46LJ1?Q@k1$LpkCjLluprL|MRzi&5c34ma6CgZ_$VWm@hNrI5V8Dn} zN}S9@d=?mCJm#;Hb<|Hdc`8qE@~cKo;=je~b|V05CfY4rt91B8)zNAfgZoYosrSi2 zG1d6|y%R)G@Sk|hBjT_$#b#fXhnXB)A)v%j?UEOf`U0@wLdxb9_%t+FCz0X`H2b?o z*Pj}h+sz<}{1C0pXibL6pNyYKqDf#XAU<+zt!BzSvCdEjsx6zlxP*TY8Tu?^Jb6&t zAapQjo!#!*HE(gZ7s>P*pbaOhoN8=+!vMnAK}7%iA1X0G4)?PzFidsyx4m0q&6aN3 z0P;TN=2&-@{NvV55h4wzhBW{-YVv*A=@o|l(CZ5z-Kt{y{0D%xPh{NF0Q*fcDB(=x>c}nL0$juph_zhHy7YU0AER{4+g%19`T*&FD7lwvE zU;+($jX!Y(=eIHt$AdDmV$~uCNZenNy1k|?qe=56w#pL!xJSkUBf>8{lZ8Hxs~3cD zGRC@J{&+3za|3O75X!lb9I1i|vA7-V6b^8#BrI21VEhk4!WUB3PI6E#K)ps_gcQFS zNM#JFe%k;nhdm0xO>{@yunW z6uI9m*uTu8o+`li>n!5euVRnH8)F^tZ%WbeeW>O6TbK^`ME%O zOmdfT`6{b+rO>5}_?{K#wqzeA&Dch>n$z5>Qd06Nnzq_~3J+-r!z06uzcu2@MAgKl zFVv<;f)x%P9%H=frUHwIg#)_)S4t;a!+)#Pkr@4}o+*fZt8ULm%Moc0cSsTS?~dj$ z)Ax-)luk_<`d{NNO2OfG-?3|p<1H`$TGKJ=v1_qVHe^ZRp5U=#Lg6r=tHu{2m63ES zkyWkeA*r@o;lWylfC0runTA!C_WnFM&yTSzE&fmo3`Ba_<0eJ*aFS1MN;+KH*9S~9 zdWts&N`5Z;%E#G!#Ml|9XUNX(_7Tg{cr5Znsfb9);^n$ic<#)5{%PJI{JwAB7^9@K zi;CpIEzhU9N%T&TalNsSmz?}SAw#ye@6wkX z#=*?K2p$&gO8Dxi`B3=C$jz4S1ui$KjD(Wy;MFK;(e&3NBdv?}J)S*ft0SY|ex#Y% zZ?cfiO%%A*meZ4!bnI#fTH)K}bSb&)jl(#cr!CH~Z1BtJ(-Y4sJ_@80mF(+GxcYv7 zW2hxI!1{216ZK6&Zo$^&{s|#nB~acD)(pqS9T<=vuW#{D2 z*)QVVst~L@STEq3+g$#Hk4g=dom>Ade3AQM2j6CF|I&b7U~j_V-ZVU6R>~)dIkCK? z#EEx)DDVpAHO}?|!J(+|*LhljoQFs_aoUhl?^PUi`-M(rDuz!T(H{ z0_k?UY2D0}F_YwT{TEH_9lcj@kL^i#O59zO5dOVoVVT%_T|*6~LuIuar3JI`u8XrP zYPM^;uL)^uQc`59SKE2l{jJR7AwVCrCi|Z z63cg2N)Or5nk~-Ce3U(6c{qgwC1$j?p(^BN+0ZP&x53B%Kson81PMjZ0Hx>NQwrPG zJ0k;NF7CxUA+&yN<}m~X|84#GFW+vkRd~qNcCEqEAtRc`(Q)Btpg`Y6-uW?ix5dio zxn33R-o5SB(q3f^lgZ|AKEuK78Asc-tzVNZ91iB2)wwcBcI$J!aOoSI#b#yh)8Cz*z9ef*?8lF^=JT9o(5ZeDSC5B+KWl2=&ziW)#;VHe*bCo;!fnlU${_18JDqXB% zT3wJ!FTwspo6AhFr%TUUa$b2#goBt>&B*jfbxD~ritC&6QupPQS7t4bKNY)_WyrFy zNLUR=^rebgJx&Xz-6^B3O)3;I>+j93O%j>P-()GzRNP*EJVG(2Tp}H;8YK;eqCg#d z?{JldQ=rPT=U!VA(ZZp>|5c9cpFd&w6%YF1u6dhFnz%EirKKY#B(rwvlarGpo~v3~ z)SXs}XVBVFsxe?|PS@6_9>wgB1~54|I0m2ivFHcba^;n$3|Jx7mE$}Qw&A0@i`8|TA9;@U_qf?7ZObY3CcsAoNN#`OoELZqPZ9DkZ2h9rXzxU5u)-6_{^l=x>`f|T# zc2qq5X}8uThAL{g)x$Yt=Xus)8gobc;1?-{^F;8@C&~k=OLdjI2zSzAGPkc3j^Dl; zCFJ?tsuC|$Jq+mPT-{qQ@LYdV3!IhyqFYCHrHO?qzls!TTmR>U^0^{wgo}kgzvsjx z#V4?_p9NlsT;1Dq?EN;JeWCZlh+L1Tf94|-lcD`zLsq<^a{DV{F)yF^4ssz6D!@ey zk?RLyFwUKtf4Km?ChH;hrvL8cox`h zXSBcYeOtXa-{GgDNe?bS5hPp_OkxwPM!)WMVZm{wye^T(r%;=8hyayXky!T!$O z`QkvwAI~bq5Os$OYrEKbr_jcYxDP?y!22e#?op!fLPZDI^iAL9^f-^5*{aPE*Xo9? z?#S9yhIprsyTjK;`CT{W11RQ;4coebR~lR>PS|cWTKjO8(kVgPc`|%wCD5}*P1{y` zYqRdqeMxmIUL9QKzF6_|BI`)LIuMT0gAFde{k5K*-U5%_pYIZOho@^ifX{UIAZyLH zRmcR3-?g_Mh~42E!ickr>t0`-OdnblUK)-l7*2en&@sEEbR2OkAMly_DDdD;YqfEh ze0}P&`Z9)Vr;*rGjt4aj??RLt;(n~#Yf>9oT&OK`Bkt68-xqdY^oz8A@m{ChsszcY zl|W_PLgCp((m%{FWVvf2?%3vbZoE%BHbX)7USi9wgzu>PELyegyYrJq9!VJq2?dl| z{i{uwQ^q@DOV!Cg@h-+(+}n88z_VDAVA9Zh0bvvUY+nz5Pq2EvWZlrc-zu~JMU(cX zhk#`cp^M|96~{uN-`WSU7M>khq^<81f=9)Ggq9bOFJpSJ>$Zg0>#|uuZhPT^s#M#KoXYUy{-rCUUL0Jl;#S^!QV6nAHR!?X4y>@K7;#K5ZEhVKi zU^!w2t?Kp_A3si_mx^%unkN9nkD|j9r7`-;A#1Y~Y5nO!)z%L`#8(+N5Wi*y@NEpl z`V_~ILbH{XvP14G>FbJub<;`HVPzIbYm}aPja^><;acd$?h-zSwF5XujkGqm;b=gi zH1*DVR_(ODzOc<|q{H{VArpR!O$tQvUWkF&`pl)`^-=u$Id)YGE$2rMz64htM6=tr zr|o+K893b8bmlo&EBpCXMx$`-x_{>2-oTp1l8bz#rn941onGzx^7ea^I#CoqqTZ%B z3aI8E)*h1WFH~+*n5}neMa~Scwh!E_Yhv%{|0rTnT~M%h@MfoJ{qQG6G2r+Tx4~Jf zj5?PJoYePpF!GfS-z%q!6 z5)mXqgrJNvjsl|yh?J;^NR3DdEs2ggs6Y@KB3+tF6Da{g2o{Ki-U10plmH<>5`mBa zX?HU-_{}%teV*_Bx_^dW=i%g>v(H}bUGG}^?BU@gQuDFT5+ZB=VTqt5`tZqz&#KB> zH93ytX=H(mD{s=k>P@qRjPz=FXs;RTX`{ItnY!EWNBcx<sg&4wncGT9?QpCa z@5EQym`|UF1a};#g^!ePuBklzYSaPu<<*kTmKKpx3=}&S?Y1)I|H3eu0VKy+{s-w_ z%UJ+&4}1tCn2O)l*g8CTbJ9A=WYr8vgG5+Nmy;*AkjNjGGu`rSepp3&arWAW55|ZS z5)mCGzD>i+RYO3=fXaL@*;N zH9Q@6C87IU*oC9}QsrcQgdL(nsCn1Ee+{+ZA{`W@g!~BQ;4fz>-i?pTp?(c%Fsq1B z6Z@Al=rsq^+;(eyvwJYz0yrRzcL!H)oz3tqDwK}B>K=V(%*#c{o)uQ~-EOpK7#roG z!xeHdnR-h%b!f8k)33_a5qGU4q+=8k`~%GI0&Lnn&TLRN!PSeO1v2qu;(mV1y(!!3EW^RcQV6B-LYMtkFAy=ZTQXoLVtRwe=-ffC{w_y!gP$Th{PK`NPgYSM2MmRp)yKz-!uSuA6 z-`knEP@z)F7*CUARqyL{yPoV2=5&Nm>>|8I45Bk^!_v_9ZyR?kJtEtcuJ94TO^365 zOheu(IA}aIPG1t&n4=JhQ6t;V;XdDa7A}-GvIay^4eNP<-QvkEGQB42(nNk>kcb#-4Ue`iNIBT;@&JNbEZGomn4@T)k%dw6~t)}a4J z?u9U-oai%HG39PM{Y+fE{T*(KhJw*<_~Ub-X`DK{*xaAFG44s%FZLS$)Y{7kSRBh?lo;K)ysPFC*CWQC$$;+J+;&Q}8vBcWk z?qon-PmP0#SWj!h!>Kiv{6qZ2#{J)pJ_sOu@xnN(Kd}GWomZQPFB(^JE)YaH zejn~{4<9KYRHwZ2p%!*NJ??kNG*GvyQj<|yh_`@=6XQVM?(QhkR!mu82K12JwaiF= zyd%ojSI_iuW`-(YPqge{l>D?=aH?&0M?NdpsU$0X1#@ZDaNE7`WI|voRqdjqeub5e&LI z+Z`W1S*dx_zH-cKNltoor%i5N@w0+?k`8TL)NL7`RvIMeK2~Oz9hpch787kHc;3ALqW$s6{Gf98nyC*WlWT$q}m0 z)R)hYm5C9p6g*@^7BSrM>@f`GM)4d}Id8YoHn*LImGH_geSRIg$Dl6MuHSfsdI3jOj1wDe**=Zy`-g)eit7;BLw?1kaHgjbupQ({_PQ|UGiyLm@-k(p!#d$~ZM zk&L;Im9vY)!=ZhNCBiAYqEK0rxokIM|41+1(|A`p8tseY9C^7tU3)59&xq40CQ%wx zrla`PSrpeH($;v(C4gE!)B3HR*7Vs$2pat_R~r59cDomyc6KIh4h;+}NtnqYz6D6q zEhV6S9n&+xH6*c+B%;OMJa)AjL#?W`?Co91WENJB|19g*MU2V4@W)}4XK4R99zo#f zULOM@3^RlhY}=@oYrTm~N_;}v&LqsLaFT!35e>J{vvF**$qu_2KudMEQX<#YM#gVM zHuf$@jbq2^G|Y5M?ji2I_cg9g4D8Bxsv3F{E2uJtz;>lmcj11%b&(!kMqu8~Ok!rr z$*Qtn*yXe-eL>-6^9gB^Dc*!E`whkQ(bY~iY|H^G#+K|xm!@56sF~qD$n^_~3F8E4 zVf)ieCw@($GqV9NlVC$66O)=pz0<;`a;-$rM-!TUgvMO)Ll7Pmx`Op$+;EI^RiEPy-VBKn8% z{z>XBNGUx(7XORDyPC;dIni*hx%&C)rbjvxH;U_It5G(CZW2}H4`b=f?Mlwv{EmK zdk_eV6}INn{aO?l{B0wtpI4BRbNIo72eRAGa-$mcB?(AukK|=-W}Nx+ID|YjlaG*o zRt;|4tEsJ1<29d@oqZ_4vuv~;-EX>GFb(8{f}YCfE=r?5hJd)!*}%rO(x|{s=lYM^Ia@(p9mV< zDd_LwXiauxwO>Wf9H3a`F^RSh-b95dw9L3hov>02cT-aFF|rfP?1{Fk_=UJZi|AL> zW2<=LJ__7llDdL;yNH0!k|n|g5wsFtgfV&I)L_lTEH#~}l2&M`+D&3BFOdDJ=sybx z`d`j}YeD6F#B2pMAM0S()NMuZ9&kgU8-;yGl8w0qVot;ULVskX# zrSXx$n+VaLQ*!6mO+9RulBXpJ9snaM9?wn1w^aM_*W4edoHS zB|18q)K|&)f(IYqiP)9ijNvVWTso=9hf4U4LZqT+LSt3c<&Tpp!lE?XJ**-Z7iMWq z3rHT6%fb`k-4WhY*7(yxY0ov;>2k8X8ON=ap-0wcg5ku8U2-y2Sb3B&>(Ar~yyy^$ z*;(vf<11ad$ErQ)VdJTsv>uFqNCp93J$;a_644Ia6u=sg^@wuLYNeOE(v!wmic6LL zGrZN|!dpGh^H@`**FNRxk6;Du zzRQ7XQb+QPeGz&4VjLizlFTF{NX2OlmrGa05C`?WsoLcCL}~ zfSLEIHoO2Dosa!lLzd3#zwWoym%FZ?W=?GHg23w=OF#frWdz^C!!M_4MJ2-p7|12z z8VJULj7$3scdmNitzBnJcOOOscD^8JgBlCs6MHoITmri=LD!qqx(! znrs-;sbehrk;uG<$z{^Rf3Xl)-)#OC8M|zD>10OH#GP zq8|KaIc%senvR#%jMZxr&HQE8SKE9EIgw=S*|dR25;ILX$$>$f6m&S*kW!k&f%&PL zPo>+Kl@;tZJ^OmmF4wA3)*yJZ+2U6XVDZKKa!h`fy?CQCGUQG#Cn!h0pl^!W@Pv~Z z(Uc?-w%aCDM$`cI(E=trHlLBa_{?cXCE=Pptlzsag`43A*^Ehod$exNg%_>Zb)&7iIPCDAWoxjlYS}KwgYDP z>DgqiRTmd7#j?j0+|Y!rHgLy}h{}bshiPefsALfre7-e3K`~{{2&F5+wZ$PzW-QjU zz+(MmzlF=D-zNmK{o+R0b$M`eY~N?S;CJ(h;*ZG-!pT#if3ze2cP$otiUq{x+RZCB z{{g#r3mjbnZZtG`g2EfmhykXDImQ7hSs^AWDXU)u6UtxJp!UJ~Rd1)PB0RP!%YsZ#^8;N}7r zk5{aP$i2dZnrnTlQGVO(DkY^CKVAQ$@?=4*Jqjgdfx=X?B-g}72I>nU`~}vFvzA3S z24*>_=0_Ls;V?LvE?5cG)0?RO=?7!-8`Bh<2ue06CqexD@Hb)2;@n{UbnT#)0}x^r zQM0{Q=Fh(Z24&AR+cxx-!&F0MvBNa?l)Zky4@CO zcL&{8#)NPcMI^Xt$@7YdCDKFlm3m<=yHyHbRjfW9aNv;czF%+AE9w{(r~sqr&z#@( z9nSo*cQs`BVcoTv$G4c`*Tec!A6>b<^1;pYjnOZSNxhOJ(=2*T&_YaAMm7{>W~((C z_pNw&xePqI*Sd^{vHnE3?y=cY)0hU73!nesoEm$38b$LP2*HXtsaTPhhwJGS*V&?`Tt(<+9xPfTt>QvFCR^Jhh$X-OX#YTTKGTnywvM9R zNhoY|grw(QmGWB=b!c0XzNTGKO8HHW7P0CObAeEO%13nD+(FCYMT>^~ z&cuHYHUR`@I+kVC`jaNRKECFkJh3r(!N5sCVDDvS*%snV5T&zAi*c^5kmp8bq9sW{JgZ$5pBIRm<967 z(9FTk(x<5=JNVT;p^W08k%E%&n3;C#V%qZ*4bvv45>7oKZrujBpyJSm7s%$(wPS<# z2Nw@IUv6n{)Kkf%{fkr?h+0F%3<(;hM@su=1-%Q-7( zWj-23W`UUUJnY$lTe+;8*T@m}Aw+kI$UxLgz8Oq)BNc`pT_~)_XOR^d8hsgv>J2Eo zd?SBDxWAB@J+@lcd&zNJOoX7=Z@-*=NKtzxK!Bfz2{_0H`w7m;>d%AH;Q8~zoskFF zU^BaUR|jm;v5!(hPzaEiC%yu;ZKTFc==TGoCC&IGRE-HS1@B|aQn%Gn5^TSMJQc<( zqrMcNbLSx*fY@(v0vY?@$i1x|n7H+OaT=4KUR~P)F+-9&R9o67uc?@B(+VHT_=yq@ zJ>_5V`L}%v=`_WLfMS^|)5)T;8&QvylPoV|#07cZX~ckV4~PBOu``1WLaMw)ub zOH|CBqQ56jN@8hQS48(G{9`_=*4*jj(LE(oZ&3P9L#Fz}hmS50-oE`|YOqG*twg&C zfj7UwfyPvro=7L136nJzw{mK=sidP+Rdb!DecUVctn6m(5i!$O}L&mP^QE9<^D%-G8Ljxs-}r4vD~?+ zh_aeY%5UAm&BdAPiL@>SNHL?=^ZjQ;;mfK=5(XCyaetC(AhGa~oMML55{3H#8`@L! zQo^-b?X^UIcdlyz+`*1}GGo@zqZ*qzYjm8R@Id(ijA ztHsg2Ni~UBAn~rwBdjyFR(U8Que_&BZDTH*5%vALyORkY9Gv~u;HEz!pMY)#9Sl_= znq_fTzKK$e10V#h{J`!PR%IZ^ml8(P!GY!hE1F622Pe;zH84hyT?z7LYo?Va@f|`T zov1QzGZ4un;<%I$+IG59TB;d}S>0gRX&d-6>tWF@?mH<$J{C7NTTVZ}!Fp+n?f$X1 z6`&4U65>^GmjhBOt+dGTBjrh$#=X=AezvE|+T9!5VD)xA14+(xhd3KH5U~>@#Xl!J zV7I?-XFs5_VlxPc^(g72EZ-*A2IAhonrhUY!8n=!5XfL1m;RZn*;h7jS9`-cgj_CN zt)jkDLv_8nrGHojf4ntn@|Ink!XYw~BGo>8?9slxsi8B?0c@yN?9#Lb#imyelTd0< zM3`UDaOsI7=*fjb%f&+c5^b5?Xs1NeX{tAm^RTtD{pTM11Y9u9s^AYsJ;}KskF&5r z6eGW{9FACCZ!EfYt9V4NQ8#L`riYYLPT#3N{W-o^qHp$6P=+%OKD=Kxnq)BK`G)-l zckIKkZ-xAHkN;#@mrGd|8E8>%D$cIgP#QPEir?$_9{+`vFIhas&Eoc`{$Lt(%AlMs zOP)I4Cd_ZjQM|+^Umlegi?!&7sFPhc^-~;gmp;s7%B_0Cn(rmL@8FWc*ga_!s`}I` z3p-XEEqsBn`rPn0yvp8Lui|XL*7@D5xSg31a(mFtK9&QE+VUKWLI)l=s{0s%s`bta zYswSq!&I|~`q?1dUG60gqb*GhNrPo)xejuj2a}*!3RNcD_jMhg^uT zOh>jcJ%kX!D`SMvcS-!imQ^^PU`7Z?qjWa+(R6h-TEH~$?S3)()3nl2y9Gksw8)qI zcQPe98T4VqH+Ua4J!h`O_u@$VJ`Cpt}U+G7zQEdXgx>m}+6A9~Dp|k$$%J4>4=8UO{}9 z_4QPh!E8s$+f5YL2THAzN8K^OtSq1Xk%HRpb0y0)8?sI2&)7BBtXqip4&8HLSlY-z z-7F{{QuoqOY+^x@Z%kWn-#$ea;FU|ZOgNtg2EC>u^&bX(#z|vEI&?%2d@^`84yUiY z3MeBz!1Kt98P9f(?)y^zrA=j2XeOXtey@}8b|3*)85kPy$xA$G@94S)1VxvV_V#<9 zriPr%Wj8egc78Fu*+(x|P>~B^KFiwDW0#&<<7XZ;)Z(ifA$tiboSrOwvas!_294EM z-`g!K{RqGDd3#48c?;%Mm6v1aOjG1C24JLWZCGYC z6TLrCl5*PuC5?TR6nRPiQ_0M=V^-NnLm_(X^-+|SeP;q<_-Vnt5Vy2T9W?=6+m{%3 zhq*a>zM3a<1~C}cEBZ;jiHaSmF880wc(t8^(ZgPT^;wx$RPIk3z)jv+(s$MBaD9iD zp=Ni^ZpB-7QFI9zeI~yxTX_8j?L*_z7CX9P!#KTShNJqU$3VhXy@HNSa_MMu354@3 zYs?il@n)>{4YZ4Q7I%Oh~)DXM5?^-}wy@ui7j~S7hRtCvH$ zV#_NvMvktm|ALplLza)fUYUn+I;G@32W9$KZ98mTcl~MN!~wM(x&7Ww{tv)d$(kbe z6hTII^0#xz8Qfxl%z60c%wMtUANc3t?A^Af58wUMv|3Its2hep2^V#5I~lp5?wqxc zSx90SejX_};ouc!6*Kkl-|*9ljV&_^76`jw;vfIS!nLb3wy6&uYD`uwapl$>tXn0( zIq`l07wc`YK)Ir9xBT(szl`M~26)Snq=-MF@d@b8{(Q%a&n$|!LIiT`$>!;`%(s z(XaPh!3`Ck8|Z(U2sig0w2s-P{&dB~jT6G5?)&SzM{T3`T@hQSVWk6Ts1f>8A`Mb6p8^r}DkgSCyF6oEx{}I8ofafme6x&OY{hhV{L_E8U9?KsEBu15V?H&$pziV0XUQAt!tP~my}{jEk{~q{ zb`OKWJLrln{yt^%t~#i%NGI&6pv;Zyq1DxclMU0vcDqMzCfU|J8yvgHoz0Y_#hxoZ zMF?{CXYQIs|1L)pX$VQ*)6h@x@neKmcHg}t?N5H$R&VN4q)tb*o2jg8fzM1bwu2Oo znuSGT{f%wu5BEe3DHhM zvo=cH!iXWf^&KYC>v?Qd#l-3NlL0uQVO1gV@U<#dFGn)g^(bz*u&6jZVJ%{&@Fy!0 zAqzysC%L=+Za!BmoL2zfbHjem;koy@x^-#R7FKj;npMW-8L0)y^v1BgwRh42VT#0U zh2`S3RWfo}plcFfpcDpQnkojGR_Zj%B|e0@dPbLDTc~=zu*}aUra1>&nS{9)ON}-t zV$v=mJzax*q|~Cc9hKs?d(?Urx<4)7lWM#wop96EeeTg;M|ag2L=n`&=<_$fMu?}#jf0lRwx)5h8=2&^I?>ec zLXf0>sg9qR=}r%o5)$^(Sd%b?Irj2^nU453#*A#A6dqwTGX1}j6u`yT-c{QMBzm~q z(yYyY@_DJVEc)g)qnSHkJ~aI>k;jtE^9q~IiKx}K`!9txBpO1sw8k#)A8SZsvv1jz zNHqOkgp86T#$$pdg4T_-wqk|p%$x3Dh4Rt*gx6oxZo?e-GG0l*hf3JP-YQ{~Rb5;Y zBLC2x|Bd4W=6`0pvYK){9tVsh=A88mD}S3q;|Dopg5TZCvPd%svrizeSo6>fePl7!D)6)Ywem46rkShi}J&kD1 zZ??GI+G1Oi)6XP}<#gKxv1|BSIza8*G+d<~so1HYqHoz43+YR0V2A0_rW%Jn?>X2HQC>)_yiGr0AyE z#BFcCVDvPBA14Q7ZP(+x3u3JJ-McBi7d4>+E{RxDU*?$HF=UvE8FBd5sQ% zm&a+!Cpz}=-(k+(SmSW>T=7~lLU=AY;Pb9o8vcmvBQ7XN`l;Ho#3#;t%v&nCh1gYz z8+@-&r@Dq+&a}MfyJRN7imypfHOc#b(5+8-t1sGIG57DS7-Etlt{wQD=yVNmQd6GT zylmph9hvjGYm1Q@394GBPvEF25pPRyQ(kJy_G1kbxafs(71jN6F7D^T#9PJ|7zL&Y^N2u!q!ZHI&yV zq%fJdx6oe$%OKk{av*G;k=qaN)gfkaVzgux}AEjg@PJ8C&94;JM33{f<&3AI1F|#np8I{!hLm`FiSOnML42p<&a$E&hO{T}1?) zBPJm|9tn$6K|4u2-WRIgUMQH(2C&fpEC{F~gB}J&=ZqR8UV9&(>x}3TNBP1LV`3gpROJSC{m)SgP)-H1=xC8tN)= zKI!O4bwzx-vhdv7n=3y~nm*qDHDY}|xS9iK?W8AJDs%s-y{y;LJCBr;v$YB>&|*{K zib|Z%-dMBw#z2%dHk47;Y%bXeKaCmfF4n2Pws`sNs|%NOxk{$kaqjKbu-NC%pI7?HVH?E5<7|2cTP1BB7%_rt&b$79zQ z(D(WlltVNd0_tPdjSXeSJ#<0hWRsb|^DQ4v4WW4zgW`IZE6Ue1Y(^cl+{!XNn^WUo zPkeq8T0sC187V)@VmNghQ$AG?zvVPiPP2W3{3HZyn8E&q-aHv&B+)ik- zie0}3EIK;pR0MWqnDc1=v8hw5fKBOSJXM_o09TEnUqF4Q-dr-;{v@n7nCcqvda3Sx zVE|YvaA8weDro6zcI|+7kXpPL(CZ{a3WXhKzg8o z%3Az~G>lyYvU&5CKRfc{0gwxVT=hli0^tov9&@diM8tD{cV|<8sK*m}azF3BfLer% z1brdVE)VowtKNbL0Eq&tKrg=t&-v;BzIrK(Gw*@a6Jj#mzS;q;qPA^Wi;t65#AtEF z;A5Y2{qN%AYvKT)WK-J>MiJBRZO;LFaLzw(>L3T@`dGjh!{CdtuWA;5zxEEqirjM{ zX;(RP&DR_Lv}i`qp?t{++yUOwhlR_l-$e z^snaq)xiGn3jdnzxBSq*KJObo{@;M{jY;`8+I|aN{0mjSh0*?nD&L68|3Z~-Ov?W^ es8Xv~;-z$K;>yM{wRzz0$RV2_3lE<8_5T29$HP4U literal 0 HcmV?d00001 From 445a196a28d8df072df63581aaa565899687ee14 Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 11 Jan 2024 13:26:33 +0000 Subject: [PATCH 02/11] Update content/blog/asf-security-report-2023/index.md Co-authored-by: Arnout Engelen --- content/blog/asf-security-report-2023/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/asf-security-report-2023/index.md b/content/blog/asf-security-report-2023/index.md index aa45e6a6..57c0a6d9 100644 --- a/content/blog/asf-security-report-2023/index.md +++ b/content/blog/asf-security-report-2023/index.md @@ -13,7 +13,7 @@ Anyone finding security issues in any ASF project can report them to security@ap The security committee is responsible for ensuring that issues are dealt with properly and actively reminds projects of their outstanding issues and responsibilities. Our paid person plays a pivotal role here. As a Board committee, we have the ability to take action including blocking a project's future releases or, worst case, archiving a project if such projects are unresponsive to handling their security issues. This, along with the Apache License v2.0, are key parts of the ASF’s general oversight function around official releases, allowing the ASF to protect individual developers and giving users confidence to deploy and rely on ASF software. -The oversight we have into all security reports, along with tools we have developed, gives us the ability to easily create metrics on the issues. Our last report [covered the metrics for 2022](https://security.apache.org/blog/asf-security-report-2022/)**. **As well as vulnerability handling, this report also summarises the security initiatives we’ve worked on in the year. +The oversight we have into all security reports, along with tools we have developed, gives us the ability to easily create metrics on the issues. Our last report [covered the metrics for 2022](https://security.apache.org/blog/asf-security-report-2022/). As well as vulnerability handling, this report also summarises the security initiatives we've worked on in the year. ## Reporting Statistics for 2023 From c558b49b442189c7b2e8d4b62eae1ed895b14f59 Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 11 Jan 2024 13:26:49 +0000 Subject: [PATCH 03/11] Update content/blog/asf-security-report-2023/index.md Co-authored-by: Arnout Engelen --- content/blog/asf-security-report-2023/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/asf-security-report-2023/index.md b/content/blog/asf-security-report-2023/index.md index 57c0a6d9..40aff137 100644 --- a/content/blog/asf-security-report-2023/index.md +++ b/content/blog/asf-security-report-2023/index.md @@ -27,7 +27,7 @@ The next 608 of the 1843 (33%) were email threads with people asking non-securit The next 160 (8%) of those reports were researchers reporting infrastructure issues such as those affecting our web sites. These are almost always rejected; where a researcher reports us having directory listings enabled, source code visible, public “.git” directories, and so on. These reports are generally the unfiltered output of some publicly available scanning tool, and often come along with a request for some sort of monetary reward (bounty). -That left 660 (36%) reports of new vulnerabilities in** **2023 (up from 2022: 599, 2021: 441, 2020: 376), which spanned 112 of the top-level projects. These 660** **reports include both external reports, as well as issues found internally by projects and their communities. We don’t keep track of the breakdown between those categories. For example, where a project has found an issue themselves they will follow the same ASF process to assign it a CVE (Common Vulnerabilities and Exposures) name and address it, and we still count it here. +That left 660 (36%) reports of new vulnerabilities in 2023 (up from 2022: 599, 2021: 441, 2020: 376), which spanned 112 of the top-level projects. These 660 reports include both external reports, as well as issues found internally by projects and their communities. We don't keep track of the breakdown between those categories. For example, where a project has found an issue themselves they will follow the same ASF process to assign it a CVE (Common Vulnerabilities and Exposures) name and address it, and we still count it here. The next step is having the project triage the report to see if it's really an issue. Invalid reports and reports of things that are not actually vulnerabilities get rejected back to the reporter. Of the remaining issues that are accepted, they are assigned appropriate CVE names and eventually fixes are released. From 4142a542d056e0049408f848d861916744499f27 Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 11 Jan 2024 13:26:56 +0000 Subject: [PATCH 04/11] Update content/blog/asf-security-report-2023/index.md Co-authored-by: Arnout Engelen --- content/blog/asf-security-report-2023/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/asf-security-report-2023/index.md b/content/blog/asf-security-report-2023/index.md index 40aff137..fe92483d 100644 --- a/content/blog/asf-security-report-2023/index.md +++ b/content/blog/asf-security-report-2023/index.md @@ -33,7 +33,7 @@ The next step is having the project triage the report to see if it's really an i As of January 1st 2024, 175 of those 660 reports were still under triage and investigation. This is where a project was working on an issue and had not yet rejected the issue or assigned it a CVE at that date. This number seems quite high but it does vary through the year and tends to be higher at the end of the calendar year, when many developers take holidays. It’s not uncommon for lower severity issues to take some time before they become part of a new release, so at any given time there will always be a number of issues open and currently being worked on. However, we’re watching this metric on a monthly basis as the number of issues still under triage and investigation rising faster each month is a sign that projects are falling behind in processing reports. -The remaining 485 reports (2022: 490, 2021: 391, 2020: 341)** **directly led to us assigning 173 CVE records (2022: 210, 2021: 183, 2020: 151, 2019: 122). Some vulnerability reports may include multiple issues, some reports are across multiple projects, and some reports are duplicates where the same issue is found by different reporters, so there isn't an exact one-to-one mapping of accepted reports to CVE names. +The remaining 485 reports (2022: 490, 2021: 391, 2020: 341) directly led to us assigning 173 CVE records (2022: 210, 2021: 183, 2020: 151, 2019: 122). Some vulnerability reports may include multiple issues, some reports are across multiple projects, and some reports are duplicates where the same issue is found by different reporters, so there isn't an exact one-to-one mapping of accepted reports to CVE names. The four projects with the most reports in 2023 were Airflow with 109 reports, Tomcat with 38 reports, Superset with 38 reports, and InLong with 27 reports. Airflow and Tomcat are part of the [HackerOne Internet Bug Bounty program](https://hackerone.com/ibb). From e9f724ea339d54ee439cc697403b884319180385 Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 11 Jan 2024 13:27:03 +0000 Subject: [PATCH 05/11] Update content/blog/asf-security-report-2023/index.md Co-authored-by: Arnout Engelen --- content/blog/asf-security-report-2023/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/asf-security-report-2023/index.md b/content/blog/asf-security-report-2023/index.md index fe92483d..4a489306 100644 --- a/content/blog/asf-security-report-2023/index.md +++ b/content/blog/asf-security-report-2023/index.md @@ -11,7 +11,7 @@ The security committee of The Apache Software Foundation (ASF) oversees and coor Anyone finding security issues in any ASF project can report them to security@apache.org, where they are recorded and passed on to the relevant [dedicated security teams](https://security.apache.org/projects/) or private project management committees (PMCs) to handle. These groups are composed wholly of volunteers. In general; each community, or PMC, is responsible for handling their own vulnerabilities. The security committee monitors all the issues reported across all the projects and keeps track of the issues throughout the vulnerability lifecycle. It also helps the various communities with their security response and process. And finally, the security committee reports on this to the ASF Board as part of the ASF oversight and governance function. -The security committee is responsible for ensuring that issues are dealt with properly and actively reminds projects of their outstanding issues and responsibilities. Our paid person plays a pivotal role here. As a Board committee, we have the ability to take action including blocking a project's future releases or, worst case, archiving a project if such projects are unresponsive to handling their security issues. This, along with the Apache License v2.0, are key parts of the ASF’s general oversight function around official releases, allowing the ASF to protect individual developers and giving users confidence to deploy and rely on ASF software. +The security committee is responsible for ensuring that issues are dealt with properly and actively reminds projects of their outstanding issues and responsibilities. Our paid person plays a pivotal role here. As a Board committee, we have the ability to take action including blocking a project's future releases or, worst case, archiving a project if such projects are unresponsive to handling their security issues. This, along with the Apache License v2.0, are key parts of the ASF's general oversight function around official releases, allowing the ASF to protect individual developers and giving users confidence to deploy and rely on ASF software. The oversight we have into all security reports, along with tools we have developed, gives us the ability to easily create metrics on the issues. Our last report [covered the metrics for 2022](https://security.apache.org/blog/asf-security-report-2022/). As well as vulnerability handling, this report also summarises the security initiatives we've worked on in the year. From 6321cc139f35267ed7394eb27946ffd3a64e7d96 Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 11 Jan 2024 13:27:09 +0000 Subject: [PATCH 06/11] Update content/blog/asf-security-report-2023/index.md Co-authored-by: Arnout Engelen --- content/blog/asf-security-report-2023/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/asf-security-report-2023/index.md b/content/blog/asf-security-report-2023/index.md index 4a489306..2c79590e 100644 --- a/content/blog/asf-security-report-2023/index.md +++ b/content/blog/asf-security-report-2023/index.md @@ -31,7 +31,7 @@ That left 660 (36%) reports of new vulnerabilities in 2023 (up from 2022: 599, 2 The next step is having the project triage the report to see if it's really an issue. Invalid reports and reports of things that are not actually vulnerabilities get rejected back to the reporter. Of the remaining issues that are accepted, they are assigned appropriate CVE names and eventually fixes are released. -As of January 1st 2024, 175 of those 660 reports were still under triage and investigation. This is where a project was working on an issue and had not yet rejected the issue or assigned it a CVE at that date. This number seems quite high but it does vary through the year and tends to be higher at the end of the calendar year, when many developers take holidays. It’s not uncommon for lower severity issues to take some time before they become part of a new release, so at any given time there will always be a number of issues open and currently being worked on. However, we’re watching this metric on a monthly basis as the number of issues still under triage and investigation rising faster each month is a sign that projects are falling behind in processing reports. +As of January 1st 2024, 175 of those 660 reports were still under triage and investigation. This is where a project was working on an issue and had not yet rejected the issue or assigned it a CVE at that date. This number seems quite high but it does vary through the year and tends to be higher at the end of the calendar year, when many developers take holidays. It's not uncommon for lower severity issues to take some time before they become part of a new release, so at any given time there will always be a number of issues open and currently being worked on. However, we're watching this metric on a monthly basis as the number of issues still under triage and investigation rising faster each month is a sign that projects are falling behind in processing reports. The remaining 485 reports (2022: 490, 2021: 391, 2020: 341) directly led to us assigning 173 CVE records (2022: 210, 2021: 183, 2020: 151, 2019: 122). Some vulnerability reports may include multiple issues, some reports are across multiple projects, and some reports are duplicates where the same issue is found by different reporters, so there isn't an exact one-to-one mapping of accepted reports to CVE names. From 1169972ad9b99e7e8972e1be880035d15c1036d0 Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 11 Jan 2024 13:27:16 +0000 Subject: [PATCH 07/11] Update content/blog/asf-security-report-2023/index.md Co-authored-by: Arnout Engelen --- content/blog/asf-security-report-2023/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/asf-security-report-2023/index.md b/content/blog/asf-security-report-2023/index.md index 2c79590e..0ee7a4a1 100644 --- a/content/blog/asf-security-report-2023/index.md +++ b/content/blog/asf-security-report-2023/index.md @@ -60,7 +60,7 @@ During 2023 there were a few vulnerabilities worth highlighting; either because ## Security initiatives -As well as helping projects handle reports of vulnerabilities, we’ve worked on a number of security initiatives in 2023. These included: +As well as helping projects handle reports of vulnerabilities, we've worked on a number of security initiatives in 2023. These included: * Working with projects to publish "security model" pages on their websites, which help users understand what to expect from the project security-wise, and help security researchers on where to best focus their efforts. Such pages were published for [Apache Maven](https://maven.apache.org/security.html), [Apache JMeter](https://jmeter.apache.org/security.html), [Apache Commons](https://commons.apache.org/security.html), [Apache PDFBox](https://pdfbox.apache.org/security.html), and [Apache Airflow](https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html). * Reviewing the Common Platform Enumeration names (CPE's) that were assigned to our CVE's by the NIST's NVD programme, and suggesting fixes to some inconsistencies/misclassifications we identified. We have stopped distinguishing between 'incubating' and 'regular' Apache projects in the CPE, to avoid missing associations. From 642696f5464c8d738480efeab9b8fa11acb6410f Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 11 Jan 2024 13:27:24 +0000 Subject: [PATCH 08/11] Update content/blog/asf-security-report-2023/index.md Co-authored-by: Arnout Engelen --- content/blog/asf-security-report-2023/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/asf-security-report-2023/index.md b/content/blog/asf-security-report-2023/index.md index 0ee7a4a1..8a11e5b7 100644 --- a/content/blog/asf-security-report-2023/index.md +++ b/content/blog/asf-security-report-2023/index.md @@ -39,7 +39,7 @@ The four projects with the most reports in 2023 were Airflow with 109 reports, T ## CVE Statistics for 2023 -In 2023 we published 258 CVE records (2022: 245). These records consist of vulnerabilities found and triaged in 2023 (the 173 mentioned above), and vulnerabilities found in previous years (“under triage”) where the release that fixed them was made in 2023. The four projects with the most published CVE were Airflow with 47 CVE, Superset with 27, InLong with 23, and Tomcat with 10. Note, as always, that the number of released CVE has no correlation with a project being more or less secure, and we’ve not taken into account severity levels or timescales. Indeed, projects fixing their issues and releasing timely security updates is a sign of a healthy project. +In 2023 we published 258 CVE records (2022: 245). These records consist of vulnerabilities found and triaged in 2023 (the 173 mentioned above), and vulnerabilities found in previous years ("under triage") where the release that fixed them was made in 2023. The four projects with the most published CVE were Airflow with 47 CVE, Superset with 27, InLong with 23, and Tomcat with 10. Note, as always, that the number of released CVE has no correlation with a project being more or less secure, and we've not taken into account severity levels or timescales. Indeed, projects fixing their issues and releasing timely security updates is a sign of a healthy project. The Apache Security committee handles CVE name allocation and is a CVE project Candidate Naming Authority (CNA), so all requests for CVE names in any ASF project are routed through us, even if the reporter is unaware and contacts the CVE project directly or goes public with an issue before contacting us. The Apache Security Team requires that all security issues in all our projects have published CVE records. From c723036f320b53b4254c7ff98b2b9c38606472b9 Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 11 Jan 2024 13:27:33 +0000 Subject: [PATCH 09/11] Update content/blog/asf-security-report-2023/index.md Co-authored-by: Arnout Engelen --- content/blog/asf-security-report-2023/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/asf-security-report-2023/index.md b/content/blog/asf-security-report-2023/index.md index 8a11e5b7..c001b157 100644 --- a/content/blog/asf-security-report-2023/index.md +++ b/content/blog/asf-security-report-2023/index.md @@ -25,7 +25,7 @@ Diagram 1 gives the breakdown of those 1843 threads. 415 threads (23%) were peop The next 608 of the 1843 (33%) were email threads with people asking non-security (usually support-type) questions, questions about dependencies, or general administrative threads. -The next 160 (8%) of those reports were researchers reporting infrastructure issues such as those affecting our web sites. These are almost always rejected; where a researcher reports us having directory listings enabled, source code visible, public “.git” directories, and so on. These reports are generally the unfiltered output of some publicly available scanning tool, and often come along with a request for some sort of monetary reward (bounty). +The next 160 (8%) of those reports were researchers reporting infrastructure issues such as those affecting our web sites. These are almost always rejected; where a researcher reports us having directory listings enabled, source code visible, public ".git" directories, and so on. These reports are generally the unfiltered output of some publicly available scanning tool, and often come along with a request for some sort of monetary reward (bounty). That left 660 (36%) reports of new vulnerabilities in 2023 (up from 2022: 599, 2021: 441, 2020: 376), which spanned 112 of the top-level projects. These 660 reports include both external reports, as well as issues found internally by projects and their communities. We don't keep track of the breakdown between those categories. For example, where a project has found an issue themselves they will follow the same ASF process to assign it a CVE (Common Vulnerabilities and Exposures) name and address it, and we still count it here. From f8dfa24576fa240f249318cf811ce9ef51fd53ca Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 11 Jan 2024 13:27:39 +0000 Subject: [PATCH 10/11] Update content/blog/asf-security-report-2023/index.md Co-authored-by: Arnout Engelen --- content/blog/asf-security-report-2023/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/asf-security-report-2023/index.md b/content/blog/asf-security-report-2023/index.md index c001b157..a88f303d 100644 --- a/content/blog/asf-security-report-2023/index.md +++ b/content/blog/asf-security-report-2023/index.md @@ -81,6 +81,6 @@ The ASF projects are highly diverse and independent. They have different languag The ASF Security Committee works closely with the project teams, communities, and reporters to ensure that issues get handled quickly and correctly. This responsible oversight is a principle of The Apache Way and helps ensure Apache software is stable and can be trusted. -This report gave metrics for calendar year 2023 showing from the 24,000 emails received we triaged over 660 vulnerability reports relating to ASF projects. We published 258 CVE records. The number of non-spam threads dealt with was up 31% from 2022 with the number of actual vulnerability reports up 10%. We also highlighted a number of new security initiatives we’ve worked on including metadata consistency and SBOMs. +This report gave metrics for calendar year 2023 showing from the 24,000 emails received we triaged over 660 vulnerability reports relating to ASF projects. We published 258 CVE records. The number of non-spam threads dealt with was up 31% from 2022 with the number of actual vulnerability reports up 10%. We also highlighted a number of new security initiatives we've worked on including metadata consistency and SBOMs. If you have vulnerability information you would like to share [please contact us](http://apache.org/security/#reporting-a-vulnerability) or for comments on this report use the public [security-discuss mailing list](https://lists.apache.org/list.html?security-discuss@community.apache.org). From abae9a3b87e96a2dc9dbe51c8e56c592b9d5b8e1 Mon Sep 17 00:00:00 2001 From: "Mark J. Cox" Date: Thu, 11 Jan 2024 13:27:48 +0000 Subject: [PATCH 11/11] Update content/blog/asf-security-report-2023/index.md Co-authored-by: Arnout Engelen --- content/blog/asf-security-report-2023/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/blog/asf-security-report-2023/index.md b/content/blog/asf-security-report-2023/index.md index a88f303d..0ec21a34 100644 --- a/content/blog/asf-security-report-2023/index.md +++ b/content/blog/asf-security-report-2023/index.md @@ -64,7 +64,7 @@ As well as helping projects handle reports of vulnerabilities, we've worked on a * Working with projects to publish "security model" pages on their websites, which help users understand what to expect from the project security-wise, and help security researchers on where to best focus their efforts. Such pages were published for [Apache Maven](https://maven.apache.org/security.html), [Apache JMeter](https://jmeter.apache.org/security.html), [Apache Commons](https://commons.apache.org/security.html), [Apache PDFBox](https://pdfbox.apache.org/security.html), and [Apache Airflow](https://airflow.apache.org/docs/apache-airflow/stable/security/security_model.html). * Reviewing the Common Platform Enumeration names (CPE's) that were assigned to our CVE's by the NIST's NVD programme, and suggesting fixes to some inconsistencies/misclassifications we identified. We have stopped distinguishing between 'incubating' and 'regular' Apache projects in the CPE, to avoid missing associations. -* Working with NIST’s NVD programme to align their Common Weakness Enumeration (CWE) classifications. +* Working with NIST's NVD programme to align their Common Weakness Enumeration (CWE) classifications. * A similar review of the GitHub Security Advisory (GHSA) database, reviewing artifact mappings and adding missing ones. * Put into place an ASF-wide default [vulnerability severity rating system](https://security.apache.org/blog/severityrating/). * Engaging with the Trivy SBOM/security scanner project to discuss how we can help reduce noise and make security reports more accurate, possibly using VEX. This is challenging because it requires the scanner to have access to not just a list, but the graph of dependencies.