From 2682764c38f5fbb6555c7f1fd68938a647c83a04 Mon Sep 17 00:00:00 2001 From: Jose Szychowski Date: Wed, 17 Jun 2026 13:00:33 -0300 Subject: [PATCH 1/2] chore: add Taskfile for documentation management and create fraudulent login enhancement template --- Taskfile.yaml | 13 + docs/Taskfile.yaml | 69 ++++ docs/enhancements/fraudulent-login.md | 536 ++++++++++++++++++++++++++ 3 files changed, 618 insertions(+) create mode 100644 Taskfile.yaml create mode 100644 docs/Taskfile.yaml create mode 100644 docs/enhancements/fraudulent-login.md diff --git a/Taskfile.yaml b/Taskfile.yaml new file mode 100644 index 0000000..9fab6f1 --- /dev/null +++ b/Taskfile.yaml @@ -0,0 +1,13 @@ +version: '3' + +includes: + # Documentation tasks + docs: + taskfile: ./docs/Taskfile.yaml + dir: ./docs + +tasks: + generate: + desc: Run code generation (deepcopy, defaults) + deps: + - task: docs:generate \ No newline at end of file diff --git a/docs/Taskfile.yaml b/docs/Taskfile.yaml new file mode 100644 index 0000000..a526bfc --- /dev/null +++ b/docs/Taskfile.yaml @@ -0,0 +1,69 @@ +version: '3' + +vars: + DIAGRAMS_DIR: "{{.ROOT_DIR}}/docs/diagrams" + OUTPUT_FORMAT: "png" + PLANTUML_IMAGE: plantuml/plantuml:1.2026.4 + +tasks: + generate: + desc: Generate all documentation artifacts (diagrams, etc.) + cmds: + - task: diagrams:render + silent: true + + diagrams: + desc: Generate all architecture diagrams from PlantUML + cmds: + - task: diagrams:render + silent: true + + diagrams:render: + desc: Render PlantUML diagrams to PNG format using Docker + cmds: + - | + set -e + echo "Rendering PlantUML diagrams..." + echo "" + + # Check if PlantUML files exist + if ! ls {{.DIAGRAMS_DIR}}/*.puml >/dev/null 2>&1; then + echo "❌ Error: PlantUML source files (*.puml) not found in {{.DIAGRAMS_DIR}}" + exit 1 + fi + + # Render using Docker (no local installation required) + docker run --rm \ + -v "{{.DIAGRAMS_DIR}}":/data \ + {{.PLANTUML_IMAGE}} \ + -t{{.OUTPUT_FORMAT}} \ + /data/*.puml + + echo "" + echo "✅ Diagrams rendered in {{.DIAGRAMS_DIR}}" + echo "" + echo "Generated files:" + ls -1 {{.DIAGRAMS_DIR}}/*.{{.OUTPUT_FORMAT}} 2>/dev/null | xargs -n1 basename || echo "No output files found" + silent: true + + diagrams:clean: + desc: Remove generated diagram files + cmds: + - | + rm -f {{.DIAGRAMS_DIR}}/*.png {{.DIAGRAMS_DIR}}/*.svg + echo "✅ Generated diagram files removed" + silent: true + + diagrams:validate: + desc: Validate PlantUML syntax using Docker + cmds: + - | + set -e + echo "Validating PlantUML diagrams..." + docker run --rm \ + -v "{{.DIAGRAMS_DIR}}":/data \ + {{.PLANTUML_IMAGE}} \ + -syntax \ + /data/*.puml + echo "✅ All diagrams are valid" + silent: true diff --git a/docs/enhancements/fraudulent-login.md b/docs/enhancements/fraudulent-login.md new file mode 100644 index 0000000..1d13aea --- /dev/null +++ b/docs/enhancements/fraudulent-login.md @@ -0,0 +1,536 @@ +--- +status: provisional|implementable|implemented|deferred|rejected|withdrawn|replaced +stage: alpha|beta|stable +latest-milestone: "v0.x" +--- + + + + +# Short, descriptive title + + + + + +- [Summary](#summary) +- [Motivation](#motivation) + - [Goals](#goals) + - [Non-Goals](#non-goals) +- [Proposal](#proposal) + - [User Stories (Optional)](#user-stories-optional) + - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional) + - [Risks and Mitigations](#risks-and-mitigations) +- [Design Details](#design-details) +- [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire) + - [Feature Enablement and Rollback](#feature-enablement-and-rollback) + - [Rollout, Upgrade and Rollback Planning](#rollout-upgrade-and-rollback-planning) + - [Monitoring Requirements](#monitoring-requirements) + - [Dependencies](#dependencies) + - [Scalability](#scalability) + - [Troubleshooting](#troubleshooting) +- [Implementation History](#implementation-history) +- [Drawbacks](#drawbacks) +- [Alternatives](#alternatives) +- [Infrastructure Needed (Optional)](#infrastructure-needed-optional) + +## Summary + + + +## Motivation + + + +### Goals + + + +### Non-Goals + + + +## Proposal + + + +### User Stories (Optional) + + + +#### Story 1 + +#### Story 2 + +### Notes/Constraints/Caveats (Optional) + + + +### Risks and Mitigations + + + +## Design Details + + + +## Production Readiness Review Questionnaire + + + +### Feature Enablement and Rollback + + + +#### How can this feature be enabled / disabled in a live cluster? + + + +- [ ] Feature gate + - Feature gate name: + - Components depending on the feature gate: +- [ ] Other + - Describe the mechanism: + - Will enabling / disabling the feature require downtime of the control plane? + - Will enabling / disabling the feature require downtime or reprovisioning of a node? + +#### Does enabling the feature change any default behavior? + + + +#### Can the feature be disabled once it has been enabled (i.e. can we roll back the enablement)? + + + +#### What happens if we reenable the feature if it was previously rolled back? + +#### Are there any tests for feature enablement/disablement? + +### Rollout, Upgrade and Rollback Planning + + + +#### How can a rollout or rollback fail? Can it impact already running workloads? + + + +#### What specific metrics should inform a rollback? + + + +#### Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested? + + + +#### Is the rollout accompanied by any deprecations and/or removals of features, APIs, fields of API types, flags, etc.? + + + +### Monitoring Requirements + + + +#### How can an operator determine if the feature is in use by workloads? + + + +#### How can someone using this feature know that it is working for their instance? + + + +- [ ] Events + - Event Reason: +- [ ] API .status + - Condition name: + - Other field: +- [ ] Other (treat as last resort) + - Details: + +#### What are the reasonable SLOs (Service Level Objectives) for the enhancement? + + + +#### What are the SLIs (Service Level Indicators) an operator can use to determine the health of the service? + + + +- [ ] Metrics + - Metric name: + - [Optional] Aggregation method: + - Components exposing the metric: +- [ ] Other (treat as last resort) + - Details: + +#### Are there any missing metrics that would be useful to have to improve observability of this feature? + + + +### Dependencies + + + +#### Does this feature depend on any specific services running in the cluster? + + + +### Scalability + + + +#### Will enabling / using this feature result in any new API calls? + + + +#### Will enabling / using this feature result in introducing new API types? + + + +#### Will enabling / using this feature result in any new calls to the cloud provider? + + + +#### Will enabling / using this feature result in increasing size or count of the existing API objects? + + + +#### Will enabling / using this feature result in increasing time taken by any operations covered by existing SLIs/SLOs? + + + +#### Will enabling / using this feature result in non-negligible increase of resource usage in any components? + + + +#### Can enabling / using this feature result in resource exhaustion of some node resources (PIDs, sockets, inodes, etc.)? + + + +### Troubleshooting + + + +#### How does this feature react if the API server is unavailable? + +#### What are other known failure modes? + + + +#### What steps should be taken if SLOs are not being met to determine the problem? + +## Implementation History + + + +## Drawbacks + + + +## Alternatives + + + +## Infrastructure Needed (Optional) + + \ No newline at end of file From 061089541cc5d4e2067cab06b6d99c208024be20 Mon Sep 17 00:00:00 2001 From: Jose Szychowski Date: Wed, 17 Jun 2026 14:04:37 -0300 Subject: [PATCH 2/2] feat: implement fraudulent login evaluation flow with new LoginEvaluation CRD and process documentation --- docs/diagrams/fraudulent-login-flow.png | Bin 0 -> 31735 bytes docs/diagrams/fraudulent-login-sequence.png | Bin 0 -> 100138 bytes docs/diagrams/fraudulent-login-sequence.puml | 51 ++++++++ docs/enhancements/fraudulent-login.md | 122 ++++++++++++++++++- 4 files changed, 169 insertions(+), 4 deletions(-) create mode 100644 docs/diagrams/fraudulent-login-flow.png create mode 100644 docs/diagrams/fraudulent-login-sequence.png create mode 100644 docs/diagrams/fraudulent-login-sequence.puml diff --git a/docs/diagrams/fraudulent-login-flow.png b/docs/diagrams/fraudulent-login-flow.png new file mode 100644 index 0000000000000000000000000000000000000000..6a4bbbf11fc1869df248aa635f02bb4ff20313b7 GIT binary patch literal 31735 zcma&NWpo@twTp}VO($dn(%F4RBy88P1=H}*hc6MG~Ucte^KY#vA zPEJlwPcJMitgNhTY;5fA?(XU785tQ_T3T9PU*Fl;IX*tVzP|qa{0u$H0|myQb`n-| zGPJdGw=y?5Fq~fou$=$&(Dmpp_^@;8-5wCvh1Kiw6_I2o`N&v7AkalB>Gv)t~3E zwV<3%Ta*a8C_OT!*uqH+T+E}hOX`ou{Eka-M!koHeSV!Xr5~4Tvdc4m@P6c3XQJSp z8gD`sRdf}1H3r8!ULQiH7<4IBWhMzdQYp_b;6H079zooV_%;c0W7{_d``uz)6as6+&zbN+9Z|8N_14kq9s?4f$nVTK#0Q<0@w%p*^j&mDFf2 zq$)4QhoKZ2p(8o-0ccZ@wHnr3Rc0}z!co=8C=~#!1cNO^;oeVr6Ukp@TU(1b05T~J5{AhP z88<6GG(k3Tx}4Sh#KwBeFu40i+hza13`o|7`g7C+}AFsmj#SZ!{`VoRQK!PLZ z0tmxEs=n}pn;}3G^I7sCebE35fS$%d68ir>MXox_Pi2>`lP!+9pL9tErv587^14W^FEUq-*VllHi$m3?V?cozpe~yO+lTd1$GfwUektjx@s=q;tve< zQh~^#b21nx>_jx5G}3GG_-_oluUZj^iHGOvU;k@>ku&nwmN~d!Rof0`IoFcYe?Y6Y zdsZFI1N0`SW|IuTMYXg?q=qm0+H7{m0vc zI(zAM?`h+;s^(-C^}wZCWI;zp&^N4_XqJT>vS{pwqDb!|4hRNxK$01kFJC8K69M8sLI?Fb8lCy?fe)-K9}x8cp-|e%985Wh%Wywl9Hv7 zS9OCa@4oLE#?V-4mzzUi50od!HhUmnt)6j4-Z7sV+a}}BbJ8VZ<2MkTA9gn{0t`2F z4P1hOX{kHxlvxRnshy7;GZz#78CtOyXWg7;hs%qpa=#PmADZil4Il9pk~`pxF>ZJ2 zjZb5EOk_sMV@qq-3&URHVvC8)y6&zYFjoAX_nReHvsNgAIYPIZkQaTm08z^LWplJ3 zY{QTyD;_gOA&D6BI-{%Hb{@VDa&|Nuh0J~KtRX*8#7Pj54p+x~=vj6-^01+~?g+=W z3pza*#I)3T_R2igRrW0`x6Jm*WEJPM^^sH&!tJ(gRx%M5=J(~TjOyLFyIr+kmOU$V zuW_&Y5(mlR{dV|X`HgNhUuJ#jm*F6sVYHp_L{n2MwSqgcTQ)^11Eg-G?m;v7Kjy}N z_^?H%&iodg5za_Y#svXaAMx;C`+k1~ojF66AOcx#%If+I#HxOx3Q*8hWg_+Qy!g@y z1x3Gbz^Ps%MfpJ=SZc42p+%`@+8QCS*wo|r13OtvuRKU1ujinI_Jnys9t($muS_9( zFdO1}euvulo8UJ^=Cg-tZEER~qQ&nyzI3wcI8*2-q87Q+#d5)f?*63mszS@|rLlLh zpJ@CGPLln;fC|l01V!sJ@glj(#I`%y7P+2D2lQZCIuI&qGA0vXv^Y@vbipV9v(eIz z2xf(hMS(npf!LwDkipsn7mdKr53NbHEw7Xd`$eB}g^cu}NQ`@o-Z-aESyPA_ z>^5N^@DbnY(Pk|K^!P2ylWB>xW<5&g=9_+>3++SnW0G*%a>nj)ccv))C(4; zPEQkq!_lMF{?ZZ_X9WEqh^_k7S-D7*dng{+96K&fM+N%bcas zgm7!doX=~*;#4bo3HDw>J69ca$EJh=HhgPGE&Tp=`pz80mgi$QLHbsLGEYDq%Y|Mi zCfhGQKVi`z_r{!watwEC(i;rwl3YPKQjcaCGKn&xyx%SGg_myn2wFIKUje5mhmgCb zxH?Sy{RYR-)SPC|cS)vqC3QLDU7*k7PMp*f|C2JV*$ejCK=ZdOGIO|!?Kl1EBDqW` zLNc1g;JF6)_@7|1M{D|5-&pV`dM36V+(DX8Y?VTljPe_8M=BC#4FNL z*NQL_iP9F9=&D)E>f*m&l2pqb+|{sEgqF7IBowl`JgIhn_^DbzIAUvJAoC6(b(-+z zTqj*m%;aa!Y6;G5;PMX27A%_2{2-g-)*f2l%43|LCbo>tpL1S=ds26zqpOEpUFvp$ zwSk1f46Q1VUd(-U8~gKB)mpJNCq_j(=>v`TY88s1j~%D6VH78fyLVBa^%m(>{2tii z`!;TORvW07pT}sGYi#L+O5!3=rcLf6lfNH-ch$H>uJPC>u|(1=U-5G?ommml^~Z|D zX{CR%8xZJ9zn|t*gFR!_D*FGA$k7iGZW$d583+W5FYp< z#uQT6RB*idz;a8o1*I*PG$3zqzS;nxh}wWOLr5uvyFuDO5pH)8i0uRd0i{T;0I~j@ z9SIO@62DCQ3kGazZ$JY(AzPpJPj!p41*a_?n=M%M!!ObVqDj4+WUL*$Hx2M?EHHwa z4aD@q3cTkae3K zd%7`vZuzxT|3hB3$~yT@+=6*JBlFi0nMX+>3$p~kz#LCCM#I;TfCD+nj7oh2!~R+V zj;AFV0TS~#fD|sPkr{oK2%YFM)~X>wUeJ2sJL3$Vg;@+>+}>vGi&>Nh)f}3JAp%UV z&n(e!i{u7JRUKrr{?vU&v_EHQ^&E~R^t@%sR#Q(?UdW=FApZ6Xi=BPP#3P$RRwxxG z{fS`VNq@4#*A`*mg)4uC=57UD*<{7SA{n+S_F{H!O*GW^3m&V3g`niV| zxf+hd$#rKYldeHpCk5#4!?R}{U3#<Zr$4pyZi@5>6R$x8OvS5y%&T!vAhw*ocFaXZ5?)Iex^OiM7vjZMpL z(ckQrK6cvSMW_yvjs!+xm$NeP?H>^xC%wT^L=HI{D2C%x#P4XsN-$(oifQQ>SjO}# zT1A_tWh_&tx|275M;*e37pUbS_99L! zqvh*y7ErgYZVRIo!<;G|(29~-`dp~ANjGsBSZ{T_z%8CJu8ETzDL5z(c5iEo-Zz?C zy{%nXBhfS~0z6$#?R!B?y25-wP@RVlporZxbL36dxLr4lI7(xS9!Y(*Bx|j}tb!~P z5&cHcVZSyN1Aj4@>8Pt9q>5xJL#&-u*F9_`yqxs6yWRcp5BQssP=!<#OwdT^1|yhl zrp^=&Cq3k9398lDBg^br3%2T?Bu;(gjcdvzcNEl6Wg?irpjhGaa4&(k!rl>TB z!I%+mmL9w_%Vh)VG&{{py>&9tK1fC_B`D%_&Q79`VV^MR=q(Ra{DCk6-`+Ki{jh6x z&JM*{wUYk@X4WyT`r^!={kGNv@HmVy{8^n9@PqN(`WjyRL60)rh$S-&#r+nqyDB@F zNv7JdfYdb#rHBREQJmP`5JfbNlb6biNGs{{@D~bAkyC5`Wg(6W;PEYByZXYiq0V|a zRg&1D{XS}~ddYb~QY2A3-r-qvV@tafS=8aU5KUa#UtD23flcNbB3B{D)5l{6U`_I< zk6=AmjiZ*yyD5xV3|P#4ac%1<&}Jujeee}{Q?Scgp5kAHL^f zB)zSeO#zN~aQLBW2a5AT9@GL0cbcO-QD50|8i6e^H6ld(2h!dYgvN$poLtPEpZlF* z_R4)88nJns`(H9=^&T&ne6G-1>0#J&>w{|5^OIC-Ix&1-*=U;vNF@hapA z(EAT0Nbl(YP?s_ODbM6R25qD!0-8{l2skY2;42^+{ba`h%t6gUt#kWaHi!)&kp>~u zq|zCpVOGGZCLi7p5zk<4>0RV6VjP#a4Gctjk?8SjCx2^%JfmEP1>#DuMnI6^(O-<{ zOMP;?cQM;Y$sOBTrDCID5}LCt+0HDr_Nm(VZW)IEU8Cts)JFB&lj2cRli&=krP|AR z`|LRrY8!}Cf<;b2!x_)23Vcz~!8D=e)t9BHE@USS zHS0qD#o8W(F`JOdomHw9=!v=zh{=OiqH&dULB~oWIoTzDFEkCBc8RFE5NOrKE~-S6 zs&}t%IED!HJhE+6KUpql7O^aQnzox_`+=AM$~=fODUphYsaLWF6+7?Dzq(9kPB@XC z)_YytRd{bfA;4+Uh=A>K;-S`^6$z39~<%> z!5BJ<6CA}&q;?G|4sb~e1g^Zapgu4-fcix|5KNjAiH1mvXb91czwr2dfZ(v%Tos(X zVy#Zug=j#9L{?uP`~wU#Ay%VprJadW2?pdh7|-i=Q3yl3jmAkz?+auIexxthGlQm} zTGG@^1-{&0sUynpmXwAukGE0&q6H)BR$i8Czn5o1+uSThCs8AN+=G+=I0mw5t7ndD zn?1W=wN4kP0P>9e`RLbNe``S@2h>JRBzhmDFq0S;6z2n?sz8kkr7-Xd-S}Q9YHw1oQ5UDX`nT+a4{1F^PusJm#-O zG(BkOpu=S5TP^%2QD&GNd%CEW$0cOqSaUje0V?=Z<5?2K|7wZiZy6Y&strUl{H5af zTw%!|#=nD$SMTh?DU+p045-wt#` zw>)B=>{8M=V|Ee~B(5W9a}mRUg`!Z&CqW1^T^`g@7`j-G1O~1=DS^@h3$=^vqwu?; zL?TOz8m%wo!(n|*K3*%7e}M#aa)3UI6q)KCK3}L9z@_C%jS3rz>3KSTB_NH$7#Fcq zU)%_s3@P=xkcB{sJ`6evQ3}JDP`JX#bd9L>IcyIpHeY{glbz}lc@x6C2+c_Rl49FN zvbaR9u1A4!_s%Wrr^hI@>zOIIggT4zKaw{9>q5BV?iqL75?^B$len?g-hv+Z~(LpRD&+h zBLPde%TFn-!`@eX;lsihGUrZfzMz9x-&s^sZ%c$IHAn!WtlppCG`_g8zc$hM~ul1Dpa0vF} z(A~IaTP>PO7|WDhO__w4%pMC$9+Zlg^B3=GoC{dfQ+(fN@p+E4Dj2Z_%b|tkhTAD4 zKL|AW#j_N+f6I5?pm1B3(!F!{9Q(Gs8PDHr1ep*eJplYvoiB6>JaTjr||3QL@J+1ru)V{q9aq+70)O4(e& z=Q?=0c=JNp^oi*~lmwbsMi3BrGOAHPz^MoqmZ0R)y@y~Z$uh3f5&xOrajAX@`dT&&9 z-Wr}&DbZujZk4c3X#KV+r=Z7{!Qic4&8EQ0s&ZTRTp`hUh^vB%HPv)>r7VuKz>#x$ zO}BGJ!=kL4vJcZk+=2q)vL&VcT2sJ=mqPcsS(iC9!Ugg%kB1cE$wkC+KceJEMB4>zUz$1)?rnHTV z2sp)vQ?;zCHt7D}b0P4`#S<@i;tj%>Ude&+x;VXlHHc$r6a4P2#^gZbe#v1C>Ny;l;8|8Obhx}R~L{+}x z9W%9>>ihs*_ePT>mC4m0)pdI3EEd@eXD0&Y5=nq5JLQ`Si5T|Y?)iAi7@zZtjZ34R zH}`6QH)b2c>{>A*aa>i2|6=VUp2~7Ph-IDI$%{hS^Z24sKIbXt6;i>cjjD>=d1R6* zYjt}Y$M!-w7sV=vPeRo@s~5Lw~B}tj0(?hfCgzS?ZOFcIWbYjqP8)rPKqUN z#AP;1JE?BB*R#Q-|Dm3c!c zX1@KP*2GH751>2RU{W?ucdN1+)@evxldGZO?tI%;!JD%XMgJnvFc_GLubL1+cI?If6D>X8(5NQM39QCIHxNRlX>O3ko+kfGh7)c1` zB;G_CV_`u+sE4F$DY=xe$y~PG*IGPK16%%O;-wjKMryu025FWEh}}Tb49y_SUOv}y zED?_Z?0*PZ8oM?a)4ua_M&+^FZYqQ!bLP$G9>A)TXwf#>NJiz!TZ0wmFb|9ww}*WF z^6>_LusjV?VjdzGX#5$KnLej`Tn4Mk<@E10V7hHesZ4ybsFMK7;de zca0vk76>1gmL+x8!*0U3qf3qI$ETP1yp3K}(x2~!j!%cDjgCL(x1$!<7pwR!_g(QI zU`h!x`jd61G>dFl@S^jPh2%Ib8OFQXR(O^(;|vf47!n^g?v1Hk>pvUoP@cb^qKz)1 zFN*pT{wZw?x#j`{F=%GEF*Jwle^*K9DOZ2J)h=7v5IHvbJT*v)7xLvX>W0@f8GUnD zpE9_g!HEql%bBSn_}@xF5VvU^$sm;ulnElf*?e z;cPd1YBDPc--7BFH0Nl!icu_cXLaMGFiyGd)iDKQ>8y@QD8xDTTtvs5a!AkfE<0yo zQ!mVSJsK{e+Py_P6eGOl$4o8{1m9?6ey?@0JMpJ1$cP$9ILJod4!Ozcf+CB`P$qF_ zsh%scYAw-nX?;|Ge@7qLt9t>!2*g&+HzRC(elgpe)t){QUwvHqq(47nazFCFX61!( zMBnvCIN+V*UzAI|=$keot2#`J?@M5ma286SxX415M)kecdcZ??0m*Wn=qvasMjq2h z&%e~QEY@Gv40+D}hbjJ?1xvOwZ1H6cr!Vy(H4MuD^?HlN5%Nc;W{HnQSA3!T{W$cF zUZ#yG&CYPx`oNE>c+(yiEcK;vZt6;MN5ue)=|$VMI7MK0bvC{#wmxIt*ghBxH1Xr= zqv+tqrt#2qT7F90!g?oqV#IbKFWC7xyZqZ}(9#v@3F$bU>Ej46I1^T0_#yMZJd^x} zKP5-9=fuowc;`#QWNq7cx=T>e%s)(4FhOVwlAi{{A?6T14qH zez{PQtze2)_=ln9_hJHhFa_t;BET_b)##vZkrX=W%gW$IlfRco&H$Lk?aNrV_-a+C zY>ls^hL5FcSLY{bxRv6eZ{c1Z7s;g0E5-99qAEARrmqA{Sy|fqV^^jpPuF{*!R>9E z$%TB%IPs!0BQvBCZiVM-OZU=YEBOk`y4)%SL#2j1o_Lxl8cl|1X+^d;rM1s_rl-Tg zX}WMGU}O#JQ2FO}4gtY8vU(_IfOpQq@31x;H(}~cHoHHS5z13l8L|7>24Dk#iBmYG zMas$u{V_kQ!{~$Bd`3df76MB?Lq3_AFk<;lOwF311*vYpY zFD?H+a;P8p;)qA=*Z+$i3eFbNg$;}%h547(ws!BsX@#PX`IIL`lBv!L(J;D=&0@L; zbW!W?Q~g=Y(=vnGhUL%z-&m~k%W?+N@(NQW@bC*@9*ggS@B7JCYOxgDAVTz}?cq=b zrYQc?WaHd4rOhS|9)znKXL>YKy9-MCz=USMz~E(zET1X{klhY!akdN#EPfcX1t;mb zym7Eu$HDVT_a)ZGLIYzu8CpmUkQ(h+IGwhf|3S>k)6Iw!-3dANU@Jt0P) zK=9_X(GHOwYb9z0EKl(7FpQSVJegG@+)`!wXaBMrirqxL8}lg**&@o~BACrE)p^{D zgtCxG4CdB951Z^V%tEK6#*A+QO9C0<=YD-fy|TSSn;ws>K@`AUQ#K5|uiA^N>XKvNhYaDnKz?sJ zU;n>>rSjKldCr`KL1q%?YJHzM8L3 z6KZ*-%!L;=L1bq*i~UDfjdK%0Qrr0%idD!&mG*u4Z1CijH*7m1M@#U8E*k8TVMNdJ z)V$sTlAilM%cnYk!Vl^bEjSNZC|jcmlHTw}O+ukzQBm-8nRbNBGpRMA2oE#;rASLu zNC==QG&0vHSrG?hGVk2+EN&{VdF8yP|!J|x1GY+XhJEs z0Q7&nRMB}`LvHMI#oVu?1a`hMNOG1d+;g#2UE~q9>lk=6o5*P0ioow6Q)#}t(HA0xtf>KYP(--_FvL1A(^zz4d8+ZR@K&W{CL}c=Ok0Sd} zj6)tmdEAXXIo7cIr>W|$_(Uohmid#lW^xO7O4MoDm&a(6NPgJIn517H{UEe#FkRz= zLR4I(K2jvnCd}>$(C|kqZtTfh4|3o`$h?aJp#&1>&+66WTHIU28wzhqMgw&~8J1S( z)M5lQ|M^8#jJRc6q`V8B=5n_6XIK$rvQb>;`0qe7^$C0LGX+~ADAsLe&SOt{V5m}S z5E20Ry7=c2uW{M~&e_as?(1LmRFVqsADg}zJo%dIG&o{3z%Oo8nHKcH}X(EX`5rY9TpXpiKvQT*X3>Tf|Gyi+n{^?YR?uc3AGY*BbKrl^R3O zkEzdVAwdjSoCOn#HNff-5%d2iE7M;TvY$Yn)dNDq@a!(sH=CUQ7;|o;(gJ^2omB7_ z0u471aSgm>?Bj!wItLjbk;n1Ne43#v;C8s1e{$(=6Vt=#f7^bKgSl96!~F+Mu^_|C z%xnKt)6%hYhBj}Kogz2C(# zgwJ)-XTR8$z|Jtw0to&3_5j6VaAN2gLLhNAljB-r8c% zP+r(3iK>`Y0sKZq=KoUZY}ZOn4M4sdlki(GMz{2hplb48f*cl(^>+VT=XXOO>d4mw zjnDxZchn{n5$`_wZ;^iCzq-rXf{t^kZ(5j~leV~!e!ig4hNVGl#VPj{)w#(VN$v+F z-BJfI5*<_>A<@1*Lx}BPhyOub<+KU&;?2bm5ngh;Yn0UZ@A=IKN-&Ssb1hO70jKIi_WM%M6+Z~wp#wVk_!h~YY9S>X> zexfQcqBB6)NeW6r>UA@5yp*G-=cD#LCpPCgx5hPbl*{h_=f#Ozbf5zQ$uI08Adrk{ zM8ADc{CS6az^t|PL5AHWXj|c;QWlh%C6whpEJ{3kcnw$gjr1Eo1*&TridZw&9*2Z| z(Ft{LWLPd5VPqu=y>NoEBS4>>>zer2xMx#Xe90PJQnyPubIyZCKVcOLKTuokv#`q@ zcF!&{+m{1Mr?f0b@aU_077g0| zwZqig1Ki#K{kLr- zrs>P5?N<2^P3%pQoQ1QJHd)!($iSEci?(_zo?KbDRy9nsIMw4+;DRyICexYp*bssk z{?m>=@V}#6m0sM^m>)F?f%niFHRdEyI zi)TeFb5kdt&+6D0{mwu&W&UR;>;LJ+`~l6qCVfc$U-bu+>2hX@|1idX7a;m9ELTjM z;A&DS1CXm6js=J%k~oe>lNXR^V%6NQ-iN&dAgLJ$8$(rCO7PsT45D|FG*`L~1-yj&zv8 zJbCPU*XZZa@B1Jiaa~a&A`q;wiG`9cH|oC|d=Y4vD9|U2>bD#*f6{-QX!x$&x~e2l3RA$NPuAP9{x|1;=9TTl!PUVFLrH!b zZb$1Jf)623#a%*~ugk;$@^P8qF|~ImpiE2aRv!!8CLyp;2$pR z0A_QwAQO#xUV(E@a-#WRqdikPuv^4UDa}a#&uOLW;b66BDppg$8Wlfl!BH#3(I33U z%1VKD*MWS@p5PhSg8$O+978CTk2M_E(y;N-gwM4$y{yhe!!&R3Do_xMkgZ4SKIm9=B03_Z!b{aQFbwSvW}3IoiE@uB{+ zwiv~+Gtk^WZ>F93M|Wn3{f)|CFaPR_pdX4tT>>3m{Zkv0a7_r7%LR}8kN?!e5C87F ze`?`NKh=zI>Z~m+mC-ON0);nnp5t(Y27UHF#uwJsy_D|;oadE_xaPYTRO4LxL!$-u zp6`O=!y^;*)ATL!~SjPcTQ>Iv@FOpTtA!M=r5&HDFY{YY_|m;Yt?P$d(N(<~TAUDvhT*uy znSq>5khKRuH)LyS0b^#cXA>lXMm=m?sHRY6D6nx9Qsq{?7t$g;;ND_s=|?|qi7o2>dmikqBrPA`2v=WHd?S^D6)yHVwDpyR^5 zIHm#SAXA$p{6CuWw*v+MqGEykz#Xk5Bh7Swma7dY(0p#t#pq}kLbqyHHvx3@{l{?b zWc9xd=MB!OJEU`(Uk<6XQM4mA^{7$bunt*(ripx~x$}J^D;%4@Ti5tif3z*tvHzIQ zSr6ro0Qsy(!Tzn0)$urPQ@zCxmo94UEVY$qlhM5-a{7dt6LpU5)$8j9PXzJoy^j# z^Zzk|pT;l*8Ocs8*%>rgpG@+oI~i9`{PqL0vB0Sbr3=j@hB}e`PR1svxdCCer1=o0 z@$R=60uMF=3aPGo^&I|SK5OL1TX#0WgXfl1;+4ANo9su8?P~kt{^T(Li|V?^=!5GH zOJ{40X~8^%K{v_%DX}%x7iEUsB8jm9+5)j?QUCj-%|(Zm{}SAGrZUd2Qk1R3j7s#z z-6$@V@>pHPz=v`Hi4#5vluQL@`LI?ONh z3>#gzsA?yY*5;0;C-?~6Gte!(uHU4(9I|*5LwN(AUB$FPl$jJvsPi_H)DyLa8TZ#g6VozJg4HvSq zpX^hsRB(ylT-uN{Vu_><1Z!3diQ5C))3N_w0duG1#9tzJfndM{YT=-i%_yg@%XIq zN2OX@HVn5-B;3YokE>hKut!)#q?e&4CTH#=p*L1$XUf4sB=I} zNQHV0zo$xGCFC`=6KMM%$mi?kc+&ScoHW|n#&Hi*@2B_RP`9U|5GOT#A@bB{`8aR+ zW2CTG$1~kM&EnfXeeWWWzFj8tUCA2!GfZ!igfr&}Fa9+hFz=7QL>l9|+zK&2Zv#bc z9(4h-Lj}I=IWA^n0iCZ7W`E3ykFEWM1ztf0Nu(Y!^HhUqPS=sP?GF3Jz7a3Al{*2{ z`_H_X6iJ@P7UvoJcuCI?>-!Z>bDd1wR|It!Qh(5Fbx0KA7s=W>ie*b`KqYMIx-qq; z-{UlxqD$b1m1M25#C|GIow}%nhKa=r8F0StEj`{N;cm7Ip_JXrIw!lI;w0J3^5!%e z@w^CBaqG8t*Mkd*Xa5w7uNO)9kQEbx9!W^6?eG5VZxSmhKjOV?F8vtC`H0D8vX*ir zXTI;~u0IS4&xFoFx2EzflqL0QY*(uKywTo{Gb%&buHX=YB}104FHgw|R=>!1LUlff z+rRnz(A1(k7!pd;IvEuteS?Kjhln^zr6&LS`ABer^!6cRs3e5)yfC~6lUSsfcXjCN z_ONT-t>BbzrFtS<t`*ljQb>?LQ(vVvE38+(-TWk?^-_kC)lc;> zLf+pF((%CHqTSh258Y%opOQGJlX5ig^DJfzerB9ee}c)^O}oEA^8KV3xk((ETnR>< zF~%G>y5ail0Iemhuju`l-FmD4m3kC>d*dT<&u=LoPjjE|P?wfv)#;p50-H6+_~Qrt z4NsXStKT9%^w8$s?<-B_7wXV%f<4oXUojiq)J1g==LJ8Hd@)WuU+^x9SW}a&h!8Q2 z05vwnQDa8$c)T<1(Gc5r?aVp0ix`yV8~_fds{$ZMS6qU>oQ)a**NN$zPsWtl8~@kk zh?Z3Kr*g!k61hcgIH8h`@+ENPSw82|S@!cPzPK?5v5OS;;lYkmE@kIBt|a=*fr8y~ z*!8(1* zrc^Um*4?UB-w~K0OM5iQLe7nXbsIGu`5%bZDv@y~I%z|Uco+78zcoF=)Vqp-Ca*#4_y{z&wUqi99KxPPq z*w%WlDS1>*MX#4jjo$Lj4R6G)(Y5C$ar6c*C3Hebd5`1-Wrzv5gnKs?vq|R-JIA?n zKYps3@%@qGgDhIyP9lB5L`dw7MB(;-J60C&`9>2LN0ydd64>`)Tg0UuAN(>p<!=0+ za!J8lN~hjHoLh~4={@Mo?0$u2N|AbuUWfVSD_ zD9|neTxm@aT33~mK}Je z8G=37w`bjU`!)_&uP>9C_oxeW8Pj5?*3Yz$l*z6fW_p>;XR-|;r7#r<;pdMR2?@;~ z?dFr34-^{x7g==ug%@@Oa1K5=O5h`tBP90bS{+2zDH(naU7oMsy^4zgH@wQ5V4Y}^ zS)V>Sol#ZoN-#j`cV#elcZ)qT@Z-7Ag!g630CV4@j3MwBTJNb}NXF~eKL2EYD<^1p zPDnRJ-B}L}mopi#ku%g`hzO>_pGn!20|?jB!+MgdnNB{l(_KoRZ(fUAqPO3KZl7X3 zC*~fG5|$=GI+XOe60|&EyynC(lP7&H+|F9!NJjNGiH9SIZXBUDnfm0d0&RN?mI;tt zABLj|ewyuhlMCch_TM>Ob2AJSq?##BXESf&bD4kTwJU*Z=!P|Bp<1LCbc z#E9xpNls<9lerul@|=#ZZMj|_tw)u?vi9|K$Mv&g3WJ7$|0s?G@z_S9x5V(4!iq?= ze@qBBG(Gdz{hzLC+=x%VE`cmE;EQQ#5hj^W)a~f&KmOt)sPk#PKt1Z;)1Fi^4i3&Z~9Phumvg}4rX2eekDT zuOx*W$K`fv80?W@L8cP zly|z0!AaZ(M;@|0BKLABrFW1RX%8{-yOxoreiAF=;ZS|^H=anY3Y$u#xx{d#n?iSH za~(3y?HwrpFqb|x*fKz2nqu^OstKlPW5_0>CE<``@IV}_I?HB6yx;eAGj%wn;0>_> zKrU76lXv#W@n4=~!Uph?GJuPa(>vomJ?pvQC;Yu-Ox@y@a8yqfd3tk|X;}^Yd848g z?8t?jA*tzkf9N>5OduCpHmlyR@@`&%8heFhZGlHFwu3LeG)Y4sNymbIlD&#w{%|Gx z`X6x}d|FbM?VA#3Op?5(rd4OLn1<&LBwQFjjRLUVUBxg)Q$2Lco0rMmu+L~gOBn*A zgnRl#9kvM}JsV!@#~UpNiq_u;&XXb3p3vB#hum$RRo1C zR07x!xdo7##6O}at(0W>Bcm_w<9&kbx--OSfO@F5{5f`e!?j39TYp7S`X#%Rb=`#n zGF+Fmra21aoEq>>{)56XQxDmuUB>vU2+)fb>S<9uw1GZ+g;Uf(BnW}I2YYQ5&QcM+ zx!-CK!BXMyaE>Cms)JXrMp>cS-m0N}^Nx}?8h z^V$R~Nj}Ou4zbnUp_kFu*9m?NvLy*4afyJKIgY^}m^>;vJ-ipx0_L|5sh%yXVYG;- zxg_O)JPu{R^Ht$YcRUidLg4EAst~JAQmQs*-sVGo%K%NofY}#s=@O~xLW;wUSgiza zOYje+mqoI!qC~#EY#-FT0YZPKDg}WD9b1Lu)OErXbPji%vRMi5mQ$KS=}>NHny6K& zd~1dq+LksvDL}r2A6Z*fN1G#$JowENBZi+`hSoqY8|-1w)`?YlklXA93%&w^>Sn8< zS2k;Zf-8+POkM*2&1=bHXVBlIp{Hqu;+>4bHG3SVC%tC7z7YS^rbD?pMCgHzu9(fc z_Kp@}Dfb2-qFC#ig1@u2{I5Sp6Ep!0@A^>oLFy;{Lrj?<{KhAR3jfxmaAAMeXc|}9xrQT<}B+g-RM06d?w*!fx`w=(d z7Sd;0?4Niu0n?-N-t4w+0uAZcQJ%Y+m>pHZ?JPF73*y2}en4 zM9Z!X)o+7s;_sdEH$vjG93RC)`qYG(CPq1IxfY{0r9Q-O@|EXQAw9L)l^2Qrq~>da z@0@GCetjM|D#~)q>JT44Pq4b4ZHKgZ>x=lcE%(}EcTkdJ2|wDTqv_GE$g6_plE^!U z#eQp1q1+rjK=m+ad296b{-}yC>1l-M&+t6cCn@Uz^G_NblqS;lQyoqi>Uv@-h zpAt_oC+it)HizNQ3@6SdDIV7NkDdi?GwqXEkhkpXRi}`>idET{>mHQVsnJN2k=d%RI`#r-twu zc@yjx={xt(MWpQWZRfX!$BXCT!haT%`I{&I#o`!4+Tf+hrdv8PULaUA_fJt;;|Abs z9yR*1^_ea9hmEcrRp&k2($*4cc!U2|9WzWtBbf|K`UpkV6#M??&AHay18R;oHj59| zhHP;^w7n_fet5uI+FBy^X$a$9A-{71ToNzITJsjYab!+JL-lZ`Y+FPc7kegEp)={I zFJVb~LQKfjl^Z;&G5+Xf=o3>w958|HYA0*d_HIRh zqC|>T%Uo?oqfxhQ_MyEvhdm4%U+5mh?D?oBgTU-l5aSG{a}O?ZTOeOcXvlvSVbbMY zI?^e{Vb8wU6wngeEj~j6_2U};r6UzRHB_=xqrR{H7|)) z#-(xiKbN^pG=~c%$3kx85I*@S{~%COk|5iImmXFsy+0Hrya4L9~y(TWfc-Cbkhz~ zEgalbj}y86o$$l+F`TM%`BkH$Pg9NjG%%3s$WVhqkwKEk-SzLm_gZe3d~5HzfJE8> zCC*AfQyMN1UI!=%J>*Po%1ci6VgF4fo_-w^-ApZ{Of*(ZT20Z4Z~=9aK_=4lE&@`( z$q1BP|HBJXCf7oqxBF;AS|hHgK&;x~B9YC?j1n~Lt~Nfi3SuQ#E0#L@PWJOwR*!k= ze9$=?VYcG$3YoJEY%rzs9yC^4>l=TbUv&58eBBL|fmWH~mHK0ua?LLx5efENKiM2i zvPREGU~1^Uu_g=NiPg?2xFPNjuq|Yz{0S1<_xU~2G|Lj1?}fjobD;~(g8XP!l{xfm z{PxUsQk=N5&-FFPX=IXn8b5c(i|4KGi4{%Q6U%9H5O?EF;nA^2-)VU;k_$>1W-M@zKs zbe0B(K#Df<3J(Zs^ZMTf$-8Cqi9R$b{ILkP1qgkXS6LIHrQHeiGXXAKm*oX{JH0`gv!g9c%0?sEX`Q zCk|HBATEx~oT_Kb=a%I2t`9%;AlX`%mO;!%lgq^$;6XG-;JL>6i~*x;LEjDY!Laa^WLO_su;H>zQl$b> z?**G}`>6&Q3(muSE<@VKI!4)~==Lr9f;_6qMJc9ehBV4+@A<~r3+#%lwrqBMG#~2d zhYULv?3E;EdG$(AIK4uVuE=1tRJcD5OcC9$&^V-rw|G!^-1KNAvTr?MFGVe~PkD$g zO-$A=*}K)hgtND;kJ){ysOUiV{dJGO`y$h=rL#V(NKIJBHe;$sTMUDjA$uT(oTfG; z1IP*JfX5~;x>${DVL0jH2S0dS%H2fOv&#KwMj=@~3JY&jD)Z$N;BxQxnDliyjeAme z6iIDjpIxyW$4`E<&k-HB66(u=Td+89d*ggC0hUM8k3pQ2{;KTdn4iZD%>_+*t2Ye& zAQI$r9`%@nCwn9j&*QK=Nqtr85Jyz&-#h6+HZPlm{1)_pIw5^WcVl>)lso!|y4kwu zp85P6)*L$N22A5^Gsdqt4m+z(W24ncf(Bs$Gh^E3_dlV^G?@walu^$K(Y&h)e+pLG z6&k-kItlc|S+w8hdrlae@@qa!Y6jOwgjgnZJjFapq+xy>L9|aTxwRpF30QX^hj93- zC*pi@l57iM7Q>Q12=z5tu0=G&{3)B?w%qG&0Y*E$eNvKoUFLhe$Ukr+cM{_q3E6mw zO2=>WeYYO%Qqtt*{~Yu5<+*I?{yK(@FT<%P30&K-fQ!EJ>g?~|i_L}EOx@}Cf>=_v z`y%UFPm!y`ZxXI*=(?k7w;u(`WILM~m%g9H(H}KA35xIq4~pb$h!kCDXT;Sao0zdT z$$o3mKqO@Uj5O}34+Mu_=U?@D^XBbDd9U_A>fzMX6TpLnFJ7-b0&BYfD1wahe806H z;f-MzTDV7S1}3--u={*i*8cD8TYXrwgv)HkX#G{RJ?4}ZMQ+_hZvba0?M~#;@BOx< zS=qrPps8?Crj;p+xi)@N4O2`$UD5FT7Ti2K_*$bZvRcF~V-_;JP7R?@Gm0(E+PpB~ zazRzu0_8Ld=xK>B#G5bzJ9ibkEj7pctkMPdJD5GsQ$0%>Arv_Z=W!R)AzY zosk7-7k?QiEb9yzYVnpnN6ZsFfv$_a$r1nH%jcAU73c(hazsOHSZ{pH%2K!@N5n9= z{k_SdvKYsJh}k(uT~ja2i^=x%g@!VRl_k{}0fipyyHCf zu1g!S^=|1k_$_Hp%eoEp4I9Lm!$tmE}j1iiwf=WqlA|GGZN#HX4ls)+p5ux zmef(fx_^P?uZEhBnq(K@#;`rG*YTO~$g?fu*9Qg+Tzj8}Xs{=h z?ORgIhE$g?YT@cz%1&T$mwo>C=>QAMEn)ybO-PV^(sapokjtGS zUS)tE^}?r8^YvFYTF}>4rGQHYE#4IFxUO^IF!_i;6;U`8&_JHdn?Wv=-!w6p#2P?T zisye=oUKFxSQx!F)ScziWS{;9BEI>IM`38z|7s`*+l6&WVkRL=o02q*|DN&2#hk$M zbrCz`KY}igmzWpQmjLmE*{;zCZwUNO8idr910oa6jjii9_m79A`AI3>WEM=6hhdkQ zT@#qxg7pd|80nPZLEft#cOX>2sMXeZ4LkK0S6R#!INk8(}Eel&Y4_ z7=~_OpiWNaw>+=F%@z$fXqQ)Y_?@S!ygc2_-NOpLBg8Bi9%lcJcgL#YR;P^Nvg!=6 zz?RLc{L3JvNcN?OuT^JO-EqV~MU<`IxM)RrQ#tJpXe&jn&F^ zJ3w{yO)N+@$t&}+Jne~>^QO8tm+P0|b4cJ=Y;x#&dO5t!&65-Yu(|cG*C~x73Yilu z{Mymse$^1s@oer?>o2BXXLvGCQ(b$F9t;^bFTJZ%vW5=dupzAmb|10UHEv?PSgvE=(8B&y?yj);9 zAuNOC#IbAa_iStEZ71LX(k{2uNH>?W_*XvF(bc{FY4llqN-GpVF%HeNHGvHLe~JvO zAq1+iGtpS!*uuBpwpXeH-;A430}Ap?O|Uss%Zy73_>C-)k2nr6a{(F)Ynf8(M>{J( z14$R*k;|H@+qdo0q2cd6I6O0G2Y^Caz|pg2QMy* zb&2gvT|BBG(7iXJdIH}v#V}+?lrX^NKd$zUKSj|@+}Xd>Q%wqwdPns3@r!On&+;m0 z0nC6fzjx@obk8*ov-1SrdAqshQd6L>(o5BmQPNWCJOwiyuAbtbFve5LjYe7{_hXKc z4Y^$8LN}AO7V*VT(7GwiLfz}98kA&>C!GQt*?U&R^!l*p-w^e>w4}+$CSc9osEg5e!tBDUr2Rm8aX0eR0AJBzNjA#wtw5A z5=D?aMiiX$^e@F}pT?auFv8AC%q3zG5W21fA_fJ#FFnq1dfk<)T`{} zeA|NDx3sZAg+&Vf|EY~e%L`uh{ep}Wm0ms(y|B0>v_$qHSrHPPH}J?@@32LixeKUz zlcE^PI3TDqfb{chy|IAQCZ8~7sWTHm3Bk2{m>grO9(dxs#%gGdu=}be+ZqV^Z)&Je z4pOw%m}S^~+1v5f>FforpZt?`ML(=LtSShq~nJnYH&35yqJ?(Kd?p{+jarxf6kfXzYqthJ_#ANbW{>Cbe+X zqtOY^dJQt2VE^L({@I0i3=F{NHTScho=C*oWW(hAW6(ZvojmTYt1%;&B36p;lVs8M z|KM$hbs{}LGLTjJ-?`3e86tI^ za=$wkv#~%4>BQy9=aO7L_H2VZK0lYVSmj~$37^6kIb%f&%*|nAboU=xIjG|1`i9QO z|7PzKe?!QxZ4%JLOvuiqU&3M~PaR+0w=8^-R&)~aJxbGt4~=#2o7PyH3p97OMe0-` zE)|g?KtV#xVcXgV|FSn2YI8XUHWO`j9o5U>VQSt%{=-YwrmGWGmokE#aq9h27AxtYCJ_me>3Hf&+h4Auq*6CkR7BQ2St}PP&QkO?YYz;oafGnXknf(9 zK$W%%bp%0dEY10{*7QxzsoP`n%8tIe7Dy}=%>wm``QlunXtM7 z<>@Jerj1C$nCf0jJL4f5k9?K|{_w(RPCiaK?xpNX!XJOEz<48=!U({z!hHUP4-+YX z1|yM)2tz6l4}(<*3xhlj6t9Z1M+*36bPh}m2t1VRB4qg^GPOCt%l>g~azH76Jw49R z+_BpHs^GL(+05(A`YrHBD81~X%NN(WYmP)w`2Rt0s;VHG)9PT3X{Otn8V3(TzMc~9ZnD{;>~9031y?ijdvQ@<(|&`(79ksaFy~>@I1I?2k;~2qgVk8rT3qKI61tDDJJaF-?)<5)KYD7? zdXe7ii*Ns>%5oVlt#Z`$JAvuAp9A>Vkd5G`bQBi2c&&q$=IsIbrc#*ICPMXaGIy+l z^w}hqkn#?C?_dk*Jo}YH(n-vcrfYcZuu3yVPmcLm@F1^zxjmot90xZ!na|CzbquEK zM;Dexu!2-}s45<}UAb^!7YYii#GLt7-8q*ousaQ!zUI9df4w%af`WU!*m> zx^DLGsG({!sTzYE_MvY4d3*6m=s<#~i2Ie_49pJNJ!UWbb>HWw?){hn)3tU#`@|K3 zsEi_gdo7yP-oS=Mx-`Z6lk%HuBXk^Tg=kADM|dNVY`d(MN2db*ZT>^@534@E?nrh5 z&ffJMHX_p8wI5UulgJ#^AMan~Dpi+$^ClMI2|}6F2W4 zt5nDkDd|APni3qP40{*~)DD!b3OlPJ&6VT77w4_6_BW{9zlcsN_TJLRE|BXX0#VI1 z4sJMJc;yq^>pS8G>pN7RAmq$s;MCMmhh_G6nc`NZHhi&CQDxy`(u(o8$8aN6zZ4Pi z?W1q2#0T~Zu#D0fqijXK#l3GXl~y911xZki8P963^IPHf_p&MWF-e7FPVmv?1fG-u zdU1LVjMYWfsYjME^=v2dgIO0{Qh@vq!zpA0%STU}mwO`V2Lr%iHTJ*6GeX+jdupHh zpDZ8wzn#muXt0_Nw0Vc`l1-fi&=8p0#~p@M^whP#yBAm=WZMd3BkFj?%oQb9U7Vd6 z==Il63mteJy66Sw>6QH|gc~&}PnR2v{lVJIM&Hd##Nv70Muz&5@WUSE(qPfI9Wopk z`4TaHWfh|On*<08e>Y_}FB0&yJLp6FboRlKbB}<_nNpK&eNGI5G@`+=awXY`+raVqADmZ*_x5dZ!F@6Q8MAvngBUL1~X=tyu{(b7EERSIzkF0R7CbyqzJbQC8);N2Ft% zzWJu9lGkv)m#1}>Pms~^7Cp9>+G(Lcq)O@=0$O^sNPgzjpl~cizxzZ>k3VnAY@RS#GSDz&P)`) z@yIRiWBnl&46S)IMw-rKZrY61;P#tfX3nrhqO2)8_vqptJj$CGeHgXKnfyFhR%L-e zLN+o$SkSdV6`Jn34wDz6mvI_y>$b0_65jbzCs|!z1Nj~?4KrLx_lOXMgi4r0AZWv8 zq%~(rn~PSCtEAut?7jrg)Pe9FDhs3-j=Ei4yx9Y)zaqd4NbD>0J-ZWkK}R|Lu& z#70;s$lqM=&LGYq>sQAtZ~1|2lE-!UI*IIKFr6-egBe?(>C5WX<&-_!ANh}t;Vr>R zT|bs4wb{1~#NYtkfH`LfVXZ=~>BZ9q>(PBo=QKz8ZI~e zwl867^uAm$2+F zQpsy<4csTg#-!KNEJbCArsEM^U?~Zw=>gsXmj$I6U#?R(&s9pcs@l>aPI}A0?Bce% z83D9=1!uLPoX5f1f=Bhn;_G}6QcZ3>PAcjnrHdN2<5aqlqjJu()C`GMN!~^`MW;(g ziF*YwNS}bBbMr#q2&>=ADhEe6?CBKDeJvjnR+PO1lt1ib*l2vu{#=Yv- zg2SMhbK_Q8{qzwFEN*V07~xG=xIQY0&VPO~v95$cLiVa~y`3=}758wxOkCDy2%5bNi9AVf zxS2QQ`pnT=Q~?57JV$|ty3ff6X#t-~n7fPsN}kfx!S5w5#E`P*0?8-N?~~Sj zCzm=4s-!q_eOxNGjXNLgEFE&#$YYx@9t%$rO6u3hh-GooWZ8yC(1} z6r;=43$P-c=_ad+IW;f3%bR%XHLH!`Rx4WQa6EjUzLU$3ysL6-c?PM7bAUvFC;PVh zj=TPox)8)~0()O=hOpd4Z*~b7+kr%x*ZcgzkI9RA>$)?3IYf{)gkn=-NPi`IoQxg~ z!N*hgQl5`cS@c<+Hx&i(v{8#cQ*=Z80_xhnlP1$*RV@Ta4+`;MmdNyhlE5?N)J2gN z6H7QKtV+nterxJ#R_Ovr%6M`B0n(v64 zHhW=xX}VgOzh?MJ$MqwW=4(c*=0zwwt0Lc|ACnqlKPg$NVLLQ!*D+Ka zb15Eu-FMJ&`-th1c3o{>q0Xje>5eV_of?-uJBWCP{5Zx>^!Y@z3yY?$u{Lx;Al)*a zes@$WgGkEZ=$Pt2NgZ$y|g~n)rr1O1oO9TMJwiRl-j*Y{A8aLv$5> zE_H)Z2kHcP^FQ{rcaxlyyD`OwgBsQYXp$-Q@a>{UKaeIB{A;9i82xM|jM|a1r>@1V zwMJkylksuDx9U(j!IVO-pL!OXnfj*u&B=Zx3oQ226d!wOa5GO(N%CS{SCna=ivfvs z!(!>Djo#TMRhm1sd}NKBZ?TMN9KlN#g!XzXrClK{B#2R#^*&2=i_5$#>cCbN<))^k ze`M~dq*>h6PCARiTzm@1H@P$6T<6F3SME70J}h<2?KL85I%(m{*gNNFs!%x}r&y2R zXL=|NHEB%guVec~lN>iY@0Cn1&8{JMys*supOV9#Y@rKe3DhJy^uvW+EzP^UBW$*t zR2>i}eLQi^qQ$}#@#AND%ulO4vT+pRFZ})QFN&alusPTZs`|&180DKg9m3EZMG|sNm@0VY zTT1p!#a=oHj4D*yayG8BM0Q28fdBj7n#UU?Z6REp9!K?bqQS~fE+iL;=xGIN@rHp$ zajlImJ#E6Oiu;?qc+P4L>xlt%TZ+n%cQc``f83Jec30I6{AZTcwwKDE`A)({ZvNJE z-6mU9P)7}ukF)@bVP;l^QF@Z3fcBu~Q9`X^B79%zB?>~SS3??9B_y>{ zAp&Y<$%`-8FeS2kzhjVfw_l$=7pG3gJ)k9_o6bb3H>1S4mN9>ot%^QOjP=#HM#7 ziaOnn!v4EnUBYOty5arzo97I(`ZkjHdC;k*LQZ*KN9VA?!#M_4O~jr5^BgSCJa7rc zy7EE!g?~Vngkcov`&9s~E_zt}`nB!&tHLbVLR=X=A@pV#)@ccHL^w`k_-Xl1La33x zY(TZB5ZISW>mbsh>Uj{RupgnLv@bc#>`EQO(X&IZ=vQzwE)yrud*li}$OH*rKr+&_ zHEXk6MTL=0Bh;xobMQ;DMc~)~p&<}|gv=wC2u96 zS)=@)AjW@T9Hyj2YH(!<*=q8&u;K*FFN}y%FSA2BA^pd2mIJJ5VG^um#euNfNo6ne zmIgg0+W6^JKot*^MtdY}N`x^>LD@7jMuqoQo6(Y|#8__~pCR801KQCzHAPTnDyxsL14No32as>$ z$=5|+<~>Iwp2!F>&QG>>YJ56ey*C;#kkU>;tW zq~X^)dCINKuQb2HpWUx|VSDCt+&zB>NTrCu8v{)Q+OXonBwfOQ%-; z7|)sI!i3${h9r^8jAQURoax%*2;K`UktHmgbo^(o#39pUjk*?u2K(R~4i;|NmA#8b zp|Kj_!!BUBT#~!0S6?d_RO(0${S-RVr$1-6X~M)eow}U=t7P1ib!*twa}pY5-#)Sf z2%5wLc~)1tYHe7B3YzSsdH#lslMm=YLH^=w@tjb)9HIx$7Vu@YtlMQq?pTh2a=v~{ zsj)gMLm35eR4bok!6xPx_-1pb0mqSB{u{Xlq$_(IM@BQ?kxaFTR z-2WqHvZNz+8Eq#~dq4E~tWRITz9lP9Xcgs|X(?=u?I7xh@Pi*lao$t^>!qW5itO0K zUs7wtlZ}OPdcvMO9;F+XR2soD3B1~AGgyp<2!=odM=HYC10#Ha`*qtQ8Y$YrhX-l@ zpaiIM%F}0)V(m#xnr(CL`c4$)J$07(8exoi>w=RO&sF&xiNO>R(mX!Ksqe$7Eta=m z;+vm2cp09h^wCwEhE3>f z-wRk~lC?&Y4E@2L-%~K5EPLfFiqxF@!QIjkM;wu^i;m=C>=Drx$P%sZ8Uu4xSOb)} z#Dj3=2RZu1^lbE8zgEQc82}uiO$3^=7(n$h7%M0 z#`jMQ&grzn&ckV*G02Z=Uhc`mo4>?g&NYj8nU!#9{1VTPS%F;`wVC&nNcl+EQBvQS zv}H)PGcI?mM`Q72&Aam7md1w;#EZVP6@IpQe!sJQ^N=1*=YIgg*EsZfdT2?T>!A)p z-FEa$1#y4yAZ7oH`_T z(qI#CChFz%MR9W$BO5mcdC2V>@IkqiLn|wbO%bLeH~VIW-q4?~{~AEqK8-=R=<$rx zK}2FlBFRgYa~82%HQ7<&ofUfnZ>sbQKae5FlIdsB0aMy>k_dY|l?qb>HFHL<+++!L zurx_&>Bt(NnyxbTirP32gJLwf!ZEF~R{jII0)G^Z4X$O<&CLF;wz7gIzHXjX9I<<4 zSMi{)FQQNT7pGrF?c>!$-c!16 zL*x^AIrvg2wiVR$U&AUV8>AS&f1(|rE6ud2T>=ks_K-Gj;wl3sS`(x4li}gR4>Nco z$QUdJ6jqioNQFb}=wQQCa!Fyvhi!}ih7$fCqCT2Qu5%DoN%1q_)h-O{mU|bN`ql7ql@xinSJX_=Rgx#yfAQ!LXz)kU+-ol&qkY~bMM&4b;|W@vqEmp4}@ zFPW`Rfby0Z*#OH>3iVQn?Xz~TiXU-ju|&I+a1Xo_W;2+WmIOsn3YO+uRiO@E(dkfqQ;l#oZ$UdZDRn_Oiwg^nSk@&52OMOXY(d+_!fCECIuwvu&J46|%bYF+f01o;iRL@MHEm0ZJqrhU*~ zOKrLDUTw4-^8ccwz2-hlD4gQp&Kh&;V+v48LGu)oZ9eE3>N{WIDMjrHr;kswKN2;| zExCKMP>MK!Oa!6TDJi8`D$#o`S8_l~`cX%HXNswUsG#&m3h3KMXEmUXN>W9gCdaDR zQc*I6+Ol*z=uHXY`cN_6_3R(;J?EM(?;oH}4U6~c{7aP&B^+lB_#9=k@&#Y_vZ29xfR%sfG)SUQGgX+POh;b0U_kkX_3x{rw4eM-j^B@alw+vlE>BmA(7p>kq}lCDgq61ZHu{i)uTvLBue|EPDj91K@iA z#X*{a zzQ7`ry{@#hxb6`+7TQ*UyouPC4N@dl9sdEm!x-LDp1jj=l$oWQ#N*hxvE?_(k}11r z6uY_(s2Sy4z*ar9hFk<7WIJp=9 zEBzG^ml_+uDm$+??+4muq>C%;Uj}_Tt@K29R>QFN37A=+`F_M$=cNq868UeD0p^H( z*N{F-(p%(LqXiD8r#>$ie_D9N%mA~c8Ug!eNUNi9!6XA8@u^Hho`TO)2nx4QfLLSK zmsHN4cHNexn(IeV@nQ97`b%I`>Nysu5RoY`zQIz6mzE?n=4*DC>1X(#o&j=ZmOs(E zt?`cj#!uU*&@8qUw9=iC+qN$^V=hd|vW^c3(`$Q$m0fO1D;9!QcugKuYL(G0@9(m8 zdyt6C$Ng1C31ABUfBb9)&n$G0|b(u!R9Jay2fG}tdjE42Y<(5brP%=qIY zgsz!g+eVBaxTe8S6|L9f=R(UXj+_N=b(a6_ulpZN-8vb4oKmah_osN7{`hC)n&_Pf zK{a(SriGX_7rk3=TbnsXK;8{SvaPY#=$!hC`=4g+7iIYWW#*zN`vh^;0%s)F&GqYIzFKzu zN7c9G;J{n6KH;0pSMtIh2zDF1iHow;Nl}dHNHZ{nS!_EgRnpID-3O@b%pdqoC*2vW z3PU6>mq%2WPA0Y>XmA|}riDSAE-bOin^BgqXn?+Qea*HypJ9#Ht_CXKQP60 ztJPcmA7WIDTpd+5iuX_61kPxEw1~t8Q6CmI)BH4((IaeLYEd0(oB}bO9 tP=JOZ1o8jr4F0dl^*{THf#UOLY3n(^Ax^Dj;H%g$lA^LA-s=DW literal 0 HcmV?d00001 diff --git a/docs/diagrams/fraudulent-login-sequence.png b/docs/diagrams/fraudulent-login-sequence.png new file mode 100644 index 0000000000000000000000000000000000000000..c9220134cf001f54fb68dfde88ff3a5441c2cebf GIT binary patch literal 100138 zcma%i2Q*yk-nS6Zg3+VKAbOOj(K|s9b#x}tyXYd45JnAAqxarM?}R}@^xiwsdmZK5 z&OPVc@4M%I?|RqTYgzW*^X%tefB*Ibsj0~0VpCwFprGKsP>@kaLAk$;f`axQ6BW3_ z!huE%{9$#Gg}A(SaP+h_Gj~CeH?uc$Hgz$3Lksn!wRCZDd@IDs>1by)!MIbJn~a)>w}lJ*>pA0Lb4%j3Th!$F>_G? z&spWeL~qWX#j;q7%Yn0uT01;n` z=2J^Q(f1urR1IGPRaxCa%DepjlK!KtLX7Bzb|9`wOC zP)Iqxxx3wft)l8}kfQ_l%jU3!6jy^~w!H+iSg}y0=;6x=!k4y-_dVS{2*2_PjqQK) zd#lKD+v9}JdibhEFbk~L%G7N}Rpk1*H{oqa5fLw|1DUy~3olYLr##|XxLCa--SGUQ z_LB0eC)=Gas|OF2I)-x)8m!e%&Zkbkp*c**PLU0M3YSPq(>L9D{K4vDcV+gpm&t-% zr^~QEXNx3P)KY`G3*Azp&(=5j*E)GO@^wp5PDLrCuQI!KCL5QM_tAqnyyDj5_PqCQ zP}yq5jGLQJ2T)KxpuCWg)byCzPR5sE*hA}#VtDcOzg)UX+U5Va|D1_w{ay0W+e^^~ z2LS}yN2Q2Bafs>_c_no-c)b#roBd@L&aCbvVUHwGT<8yl)wHXmfau$$7V1G z|LeNsr9-Iy`&BuA$e#}~m^X)EAf>;T@u47qvi$WdPnDh=(M;7M*4H?vYn71m=QWl4 zAWUqp@y2Tm7fuUlA^ZD50-pK&m*$(saSS+>U-sWWxZdsZ^Z~I^?|aD&^S=D^5<4lq z7GP|8>_djQx$&v5dye;*rtjw52^KLueR6r}e173MetY85b#|6mCUW1ku1@!@0Ci;$ z-O90xlbzkMs2TEPYr@vvR~5UxJ$b(6ajh$?eqysAUs|N1X6RKa;!BUxw74$~i^?~P znt(mkCeD80KR?~D*aEr4gI!-739_@>I+j&6HSx2s(9F6V+e=n>dVb^3ZL>^C+74U= zlPX~ptl0}49KeGkj*iS6Z@jw$7+W*LYphKcFCsPedX7~7 zB-egIA4Ew`4z5OCCMf6d!;@1}pX}vlN;_1!;XkZ2Ff0y^h>3}uo0C&pYHyFl^z@iO zEQ*ST>FX2qg{zo>FH&Z@-ZE4?ES`N;38W7cuxi?$m-1UP! zJ?$766}q}s#w}B8>fzyTsY&eH+sYY!;h2~|dwVA)9tn#Y%G69xzQXRo$j8R1kPWBF zqJKCP(cW3;LzDA!gmo0v^PcYDvZ|7jTt{l^SzCL1XQ$VIF7UsUX-cX)KK?rNb>;yl zdyWC!OD=T>ho}k{N7^aJca3Bt$7i0~0Lt~=^A0`n5}R7a`!6EZ|LiFURt3sf`Qj5deU#S|@?h;z{l0{Jnf z77rC(zC@@d*935?Ha-5gmf1N-+FDv#T3Lw=z$C%=AeTweBkl-5vdDY-B_ zd^(eaCAu9Qjo8}a^M7NWqw?}ZT+H5vD!WV?c0x;SA$QOUhf-dj1P4pO4Gj$&YXop% zF^pQ(m70D@9o1ertA~d$8T3sTwGafNR(vNmDAoz0;YuY-S+Ib}JG|Tj1j-n!ly29|;R1!TX{ZF!cQsPDMH8K+Q>*U0v$B!%} zo4NF`>Oz`6e4Cn54}%I9CWy$)j(8QUahb__jxb${=4#zD2_8-lFU&kH)Oq@)}ekry31 zDw>$nC`d-y&OvqQ{?GA7t=7tOwnZc1uQ@O}+ijongspa85c8l+|(0i|`Saa&z8=nHb&NX5J;>VSmRI3B0E-Le>;WU}<9N7%~@MhGhIrn6n33Bdk7sH(9n#ueaO98?)wWNS|+H$b0ZoC*wtJ? zgNVDkO}g0LA!s>?`d{P=ne34K16@S|Qn-Z>0J;Krep8xd-`|&Tc*MiRc&Qc{6@?Dc zbaPAiIl?bCr>~)LXiX0>gT3$S>ayPUQ4L8>fU!63GCNZEaN< zw}iXWd`(HYx@ugH>3;7&8h7nY0T@T4mb>Tf?wFL%+$y;9x$wVO>e4#(ZwzkrfC`I? zD}}!S;9A?}tW_d}H=wTk+0gW~CEP_s#5O1*Fz_YS-0*O172o1E^XJ>MmZ%HQiU}hl z8UjBlnk=*cnf06LnwF8u3LY(eebz6TcutnGyFZ-XWU;Zb65h5k?{{<@-rR)3-o0;j zapWqj=om55qmWBbw^n%P=H}?`PJ!@n;VrEYxl{!)6BB6b6jOkZ=e44|Bli3?fG-K6 z1CwbM=jRhr8n^6jT2<`zE&&M7Txwim5QSp=U=#uW-s}16ulNIo6k*aNJ?@csH?A^03$Y8c;0!|p+fKPC=`Eu%PlsCL#(VAOhzPc7%RVyCADN_ z^@8>S4o}(N=L!UcSi&CGqE=^TKUtoVxcq@WN=3eb2=EFhYnSu(@tc_4-F;w^)z^*c z^@@uaf7?GJ_yWG!^RPof0VZ9JDf4{P3FUQi@`;@t-^s};qsG>VW=nl59;bJl=X2Y4 zvP~v$u-D{mP)-p~(qRC*!l&fFHKgd}^*6M$eP5lFRIs)lIz3%kdE@KhQL9gX@u$gN zoBs{@f?1Wkd#h%~{ymWo?_gi#16^qI;Zg?rM+r$3@a1wj_mM8rrd?m?A>u9T@(+ywNywYJqvhKMWzjr7fC4hal6;oDrMj;J4Aw2&>{k zHan~QF=O4dWKB*gOjb9KZ|M=W+N(cVmr$T_vFvpBpYm`GWN?(V_ZX=fm4@dK^=zSc zb#&xe8PmwCzN9vKSX!`w;JCB*zLNVp74+iR4VZsAtV*WSB?b2SmLY_u>GQAmg0Zp7 zpT^=X0>-_dsIATF)da+$K-?D>$5wj!JR1lLE{FdN3-0;&U_l9VSAI(ht*`em2eg|@ zH3bJdySe4?O08(Ga1<@XR#gr5^<4%98SQ`VBYo>eO0tqB=Owy2`1TWkfc5p8vR9#@ z#DO5x6|}jKo!Hodlam^=_Xbi$^$~eL2GoRaVxo%O%s#qVSvi1#pqd$=@1Y4xDrrf$ zU(~16qocKhgSnlZ7tf8X4Nkod|1g>B8y^ZHqGF$nlaZ0dj{Sm9khm(fRCf!VPp6aL z`537`8~)|(r-=SDdI&wX_s zR-**N#m6UW4+0{RJ2oiai`^8w1Z&e|FmVQk-4;*;q5rzABfLrRLPyjW<@3N|)=P2$ zKe4;5I3OlWM%Dv(aKRYBBMBvj|CQQsT&05=8iZqFVghcq`ctb(4CLe+2Kh?wA`J;f z7vFo&0UH|~?U(?GzCU&%xR-p`++0&qw!|DbYH3$2$Dx1?VfNZg$wsr4cp>psS2zE+ zW2VCI&&w8)lB9z7lN|sqxQx`bzkV%xaq(?+72T49U}$`ty|;067`hpXf)*1aOS|}I z*ztUYH2F>~5)xP=@xm1qgWVs1^T?(!>duaN6+d!-wG9=lOmoA-^`i1$s+tjqb93Vr z>**zMKJcd=le*(Yieynr<49O(Nt_GIQtPKr+tbsou2iCYt`FdcGp=`tLIM`z?6|ox zPx^g%Sw1q7rFwS#^k2X?1vY@U@Gcd4pQ4MZgG6D`SV(Qa<`!=TMi}faZ1=|+umu4cD)1B#*9*1A3CNr18Mf#sdxCT^0 z(Ry^gxj}F~pCATbJ7m*05L16?^)}G>a%YELCHDh^+5vZRJ6HCn8!GM>3xMdIubQj{^khi$v{}rrUuSDG?@WU8z{9y--tIK!N5`V7va`@Qd^yk)5 z8)cN((+$6g_2d@mn!lg%?vUNqj$y!CQf~X0|Bi2Rtmcu^yM=6@uV$}2Z!aqsZl(T? zpN1t@k=)blP@UIhtg!6AY8n~LuY33qZi(!(<_XoFE-oYUI_xJLVd3GSVYq|G!aI97 z-!f1oGuP7LbML1dX=o14vI%6Qy2|ac!thk^^)Tk&9@GX*jNLn$>Lp7EDE6OFErD}i z&0k3j?;T9U|C}d#CX4>5^TEr~X^hH25p(!CatMWds^?2@Q+s`WEuL&{Kaq%PKe0#Fphh7}bET=yX&0p$Uym)CS`&y}| zb>R19IGO$jkkSiviS6y8QRv3(L_CRji*E}B`G)+DrKMW_&XrX&CMKqm(*Dbk%;xu^ z4K3oAr#o#8KWV6oaq-;v1;*XnYku{A0g5K8T~gM(<$_La65Ul*-)?UjPA4b92=!>4 z6>dbI+nH{H-fGGo`MF@8x9+TB_?N(brgbVgL5jr9QX5;2r+Wnj)DC+>iAg8ynWa6H zXGd)F+Wc7X@ATK8X|6%F=MY`10xIM)MyaXTY0%KK`K7~&#YEGi&z>vxGT1M=Uj)Al zwllOP5sx%~Veta04YhT)b#tv2`lPRIan^S~xz0Pcp|XLu6kM8DoM&E}Yus6L{aOEby}MhTIIW^$ zQXlK)%2Pu_qokIou%P=2q7WuW%A``_?_Ya#WH+BgEyXVDDN7@5>t>y>gcXsRa^a+Q z)>zKs{G29LdoS5??@-&6^$5qd|5pKplxtBzYdiV z_cvaE7k-xQm#s~j9}rp5NqM{x94dOIlTTl3=IXYmJdkc9XH8sV|NFpW=yY|E?+R#AH+MF^p2%6+t_tE}^MB&wcR}}t zhkq_FbN|MhZtge3#O}{IE}3RdEfD+ zyi()-EYSIa$;s}n+Gl0FuWdj&`7i%7zKKN_k}et=(=&6JRoD#YFfx zg;O9(GU_nHYggQHo)D&G9v(vxpju>0oh|iDe`y+*K!uWenx;my#)u|DBr!=eHA&hP6P_wXBVqf-HtS?? z69nyQ2}|sIIjcXrhQm`Wo3`5d)hNjxd8GLIW?(d8bqb2pSZ(5c{4*B0zvF0Myff9q z+$*v0;~GZyX@6i*&qd#5EG@ai9lhIu*l{`Btj z6Q8$be$8DQ@#0M(20;3+ZwvLkRE+H5c1h`t>AF)S6coV`-@nNU52OSY;@ZYW$8y|i zNNOsF-iMpHhMlvtZ3%g2XQ8}e`KCJr{^p5}3g-9nt=SaY3cXo1mfc_+anhV z=&~B>wQcjjq%sr~P$e1BRB|&34?9!%IaYABXbv6ShpL4Y3gqLNTd~+4Hl8Sr8&7jN z`4F`J+%@Mn^!>~&3!@NW5rMc^dD)5jLxROc8^72k@!7hJU+h7hSa7-61`s8IT?2a$ zvS$=DT{F-0(H`alabEC1S;Qj8I#j~h4s6X6oW>pE9roX;Z1c_GC$1)Dr8|Cnn!9q{ zBu4a%NGANn^A~_@@do-#-Gc8YlV}BN4`|Xp(kduwqg6*HlMQiArcG##SU1#_7nXOZ zIy%FABFG^)Z8C3vh6IKtkvx(~h)!lGOz9vpIDYPrJs_hXn^=6QjFEtRmLW5T*VZ&rs?jx76Y9Z5uvlGI!rbZA5#MLG+ z{yrrI1*6fLflv#H_jmK0Ix{%guOgplISvyQ{RF22@F~lHUCyGm$aaDCd|6|0h0U9H zmhY?Fp^RcIlc&DYsx4dh`|UGd+xg|`qRUdpzWUhZ6!ap4kGDI&?0%R6F88ZyGo)HI z?{8`fQhs+AFt?qRouApDTm^HYm7A4`*S%~KGYv9G=94Ed+%K@At>2NBBBD$+)lK?I zioBR${)iP2be=}libYkG>9A>uVq(t7@c}$7Co=NAq}ssT+|ZZDI#4nRCku;LzjBN7 zm?Jf!M6+s}nh01zBKG&onw#AS$ZJA9f;8##fBpnVkDWg3?V+LCmLlh+drVanJOys( z?X6o}6hr86fh7!yA9k_2fmdq4>C6p)c;)8Om2LEg>BT6Z!mXE=p?6wb z-Q2vnx=LulK;M4)*wNfPfdYy|3a_nqIa+J$#AoF|Ont(Qlb-8@4>0ii>Lb{%N0 z`24)!``oVxU(r+5z9uI*3S&Dwd;$v#g>mumDn;u@L_UYiGi-joB!q@>x`V50Gatoc zFi8x0*<8Cwmei*bwNSK)Ijaj*VWgUFe<5h$f9a*0o-leCbH z$@m-)80!`jtlOM!nvOTG9aBpXNXyvGf7vk>kH&=n7(ERi11o-g6$_SRSCRBIuJd2YLl5_%#2+|_E%&7z6KNrYVmvb$ z9h!UzsSRsGGMcY~Y}6&U6OP=Wh5AAWkv9aME_RgSNJb0vlatVw^anX&Q4_+x@3Ngn z64nxH=w4bX@>P&!jf)D64$NXKC|BX@t;K28syITmS!3SC@|i#y+^{pBgs|GQ(bF*` zDJUw%3Gz3TO}Gu7;guMQV_`lvntP;M-MbS63ofwR+bmc4!Gy(zT{QTW5P_--$HgOS zFyD!a7%sQH-U!%zFJ(*n0uB06;&6~(6okW1#0>;;I!YE6!&6h0zpL0eRZB`#^o!A! z^48biZsg_UP;`V&&du?2d+W-GiOwQace02}6Rl;$gvw8TWn^YPcpyYZ+Bp*S+7u-P z=IdOZKE?O6pDa)bQDS(bBfp1W)ss+N5}FVCtgW3h0>Ys))JrIXcu5vO8=G=+3>prq z^i%$D#>n{~+-v%X0xD>tVo&yuh1P7bsO?uXGjEL zT8~`CPKPthPS=uP9A$x2977eOLlu>)DoE?ZCDFkpuFGQ($4wblv_ z9F{+|HqseT#iBBuH zgTr~7;ki!H{BNtj$xGR0h7({1B#AeNR@~Y>6JjL2&$eW-MpCOXVDtm_gPEY&`GOXE zn1?^xP&n{Gl^*GM_g12even75By#>4(N_)j(_53Qm`b&*fwC4ddtIN*c2t|nto!hc zh%^IlSGtam!!&DL1d8kv>$cCD)s6~*s?Q;`HumE9^TtN57X_s=~Hx4&95 z=w`9^j$EH??HD~Ew~jMLgJzQsMAbe(Fft(G;>a>5y}k7M`)fuxhf#&2qU`W%YHJ}$ zW&}nCNu{&rQ(-TFq}X9&Ifn>s6VboE8ukX6+OnLHDOm<}aMBK^fbMmGK2t;2>ygsi zL@wDn79AXcAhw6rqGc+TI@%%elxwE22xZr93*MCBj6S2t0Ovhyv|u4)0*>3J3_yA(^zl|2@n#)3sXV zz2^C}?KJ1>C3UL=J1-_gb2b%02{XPU2jfpS>3f?JWpwZLOcRt~qZ|dWF~L!0THS3z z%*}zcv69}Bwpb~G3fG_2mrh7UZ1|)l0ZS z*SqM+R$9L`nQJ|kf?bpJe!H%?SY})Nc0D{=C?A$t`If*+YB>?<%(YcLl~eV>q{B<| z)6f&xr~)X7g)m994A(H+ZaXM7w!?L2ishkK^xEs!((G|3?lgNRQSo5*9OP8Mn_DUv zs=iJQrT2X23sO~w5%e+37g$hPFgij`PWJXAWcslh7W^Kg1&;8&kN3NBa&r}_aB9EO zDpC|iOBX#t_;nzoW@n#LQdURa?(gq+b-e~f@3*%f?9IF5B<}FtcO8$V`OC0OY7gi z7r6a_&mV3ORr5hw5FrpAoTvzrjB_BZ2`c1h?CE5?&`+ z>3@P8@aMxCg}4|bxBK?>OZC|6Dg~aE+=HY1F!mj@zN~_iF{XAmxYC+qhHNyCiN8&G zvMZV#Pi|%9?af|luQP2Ny^~iIyJQPn3@j^?M_#J80Xb7k%_%w}xD5vu79L70PXYwq zUqn7YZ2i(09uR*+@B|X35c0N+L4;S2^X|^Gc^!G4aTwHXib>f(`aHtvM_aycE8!4HMOkDJe%_fPU#38Tkt;DG{Ne zC8PEulyaRN95`X7_eO~M3JMElI@s8hBAwO0+L3&inPCsf)@k$!_8oOsVD7Rdl$>?9tSNzvoamcQs*YX0 z8xHh);F8byZ~xzi&4=YF!640Tfd$i$<_b4Yn4 zYlFE)?46CjPn%G=z%{{_$$%znonR*=ivZJ_x_*51W8#f|@o?}kMJ~mb+}3~$RJO1m z8xFy&b> z8X)z7jk`Y2C)$l;*qg~SdlkxOqHn=1;Lv;HllbPBv|)0`iZ_NzNRg5 zAiU7Y{PW-k=tt)CS_Fd?$3g17eaeG4RI8~|#F(V*yG9pGyg0F%LXNVESO&y{bY9xA zKDaP684Uk140x5+sk}UejShw9h|}ZB;Cspgk(CAmv$LjJS{w5rJVJ^T!7ez^swgiH zK~~o85LlVv`s!*2MPzA-8xhg%9D80`1%4h--6SDh`}tZ$IliN?VCnU9DO!DGjiW)F zv7v%1&Tr)z9vJ#VC0{5C(-u|GsJ-W1`A$jf!^FHkvg$O3&ldkvZcNZs2n|Cb z%fiA5(BDHKPrH8+mX3c4mR)JMFrz}AIT4ey1XyFiKZ5&d$2ucIik)F3oN>Xb9hmp{ zddbY;IFvwYiBb(hy1UGLf;f3-%WD5feNih>g@rtGEiatY=0gkbmWPf`vJj3i7rck{ z+Wa7j{0xnP4l)iIZTV>x(In|cvY_Kp;iGh9OFPzTO1gf0xz5Pl3&G4{4X_qxLu?*& zuc8g8+!&6Xd8{tcJQVTvD7i7uU$>f467+Ut#Frt}=o4Qp*jYVlIMcqkw7NMbw6xa$ z3^|4C{)B#ef<6;0omKZ;%<_fQwnZE&)bMh=R9`Lj_!VhYhlN6iSEKXom8YL$L>Vu} z=<9}<=!zfx{p+oJfq^x9GuDuzGaJ=KBbsoz0sG*yb7`P4ySt0mIPr%G2a5zi+^;KZ z-2`g39mh+1n-V9VY-9@GZcj~AlxjBa2!%YI?x}&<>SJ0f)#IPsi!{Aj=1b;@3n(=I=d+r;4eghkmRebufPz?XCe^R*L+k3ON)^>ir{{uD&<;KUy*JW>;;HQ80`t{=F zW$WH5Z!{L1c$I_z8fGO`#3>8IH3vphq}a1{{2}MNyC4^AWoinFghc(RY2mu2>&x?V zLp%T1oJ;Y&vFYHWi3wn+p=7>i&;1Yn{c~%d$f3ShwJC{|Jc$?<=4%f2&4O9lcFTDi z8=p%`cJuSOv)0b;223|KLO?dkL{J|VDO;|@KPYX&)`J-uB=IKpT386slod`XSU5Ub z+S_;UodBb&BkLsKv3N$rrMmxw2|qZN5uxry;tv8wT}~EE`se1-b@sJ(XJ<2;o16FM z{p=NDfrQM6;GaLS1tE{tUm6>akB&BtV`-ls9;P=mthe0SUm0ltBJvUXCu6=pfM;gr z9KGFB2D^z>osU7u54~RkOg!0;f$`;F!JCP}{PBMZ8l40oCYr3G9O}#b9s5hTikL{! zMN=~XahC@Fg<0583-hAK0+HwQFFMYMh+e-h7x|I;^Zo}Gk;t6ZA9E;Tp5ZyApRSf8ro4|$yc+EOBb z`b`3ja*)!7mYQVIs5Sq$fc`#v@o1AsF=uj$^7H>cb8w*!4lQo3Cq_nM?)8HbDXbH;q)DDW*CWHjEe+l)uAgKR6v#KG#o^L`jdqLv7uqo4ZBbDbetyz` zsu?9nz4IH1$k`T#19Hlk0g{^k)U!$uTfiH6c_v|D@0?sRd;4aO))GPNF1&~FU7a}y z6m~#p%wJ^xsSG@b?wos%_1QE1{79pIJ`<>^tZ{etMvj^)-fu7O>4=XTYBSLjb@y zI7sQvYr+0udUOavAod|P1O1a%{t&4<`u@9vf&q#cE%{FsBLG$dHuwzo4^3vfTMbZ< z2miE9SztB7|DVUZ+Xmo3|5rp!=Ykqs+=lHacKLL@Fg9A<*INgE96kWbqcVSe0_eGZ zM}%hQ&JS5+`27C9xZB)*0Qkd}tPc|@J1Md0Vaq*Eiztxx8yL zLqJ<(Kf%>~>h5Rf+h-vkZ`1@5^?(XBBhZJevonE#D7gTP z3gduZve1t0>7ZT@+CSc;MGT2O`-1`hR*&U)&=x0PpS}K&DR)N1gRhwI$8P{GzuFB3 z*-#Ndub)WSmH}vo?DLiH*CW4~90DO$9YHn22vRJLWoIKOx$Ew%=_D8P) zamc`M`6+Rr0F2n$?G!fExYNrxe>B@C=#r1WsDP=xFB6ANT zwzimv*G^9hYsw>PzUm}gM}jCJ*sL(0s($9?+S-c&gO9 z@H|h$NN_XW+THbZb@hfq&7GWfj*q8|lTAF&I`s{y?{tF*+F|Gz7P33faeRGUb7mmU z#+LZ>=?)*?iM%}7Tzzb#w^=vtf}Wn9e0l9X_)aP1elkBP!rp#YzJQpJ@M}!WQ#wtZ z@#-p9Xl5NCJ(C|5Ld)1TmX<@|8b(Gz>?4b=uDI#x>4!^Z7VGa3L4zf zrzNFXew>QN)_koPa~!`DN0}rr1t@TRZK$Jj_V}2+x$)iajSV@D_oXa%2$Jjqj6UI4 zG&dt9`+38f$7W`n-@TL4)YMc_F_M!r2bvjXX1(q0J@UtK$L^<%qoZKNrIHYs)cu~& zFI?Q-V2vC$3NsiAY$4Y3yv4;(x zaG{Hj#Y-?Syid>Yo8GtV?b4i_ozeNUjNkROQeRzy#{_&H0bAePB)xR~9j)}XOGUNR z#(Goa5r(&KU<6Qy8^VXT@*DW8r|L2xtPQNBrN=@;l^-A9&hM?R;%bsMKHaSi42+wb zyXQ|kBcS?#Q+r?l)KKLLqM;d_zdc(f6|}aswf68}7ZU^X@f8;okcx>m5ya7!^du$C z%**K#C^^q_D^JO1WS9^ z6~m*qwy1BzJ^=J!OTkEhf?g#=d3}BEn_lQG-%G}$wzlZ`E!jH*Ds-1BTJm)aGm?>) z#}^VgY!>z+=I|zPUSC-;GdH&hZOE`tS5xyBle4pHUtFxixPB5yO&IvoTB4}pCcS44 z4?JcJaIB*v`}60Hn3&N+j>`LRJWi58orE;P3eWrZDXFRb96wsn8Mr+yj*Zcx#d{_z zq@J_cpiEEJZx5<+3RFDOUv)Rr)(*eI?kWzG$jVVrWI`464iGF#Yp2+#8xO^Sudml& zVFg*zd!~6H0E^8m9)$7m;FNh}qK$)w4D|F;6ZJdMc*R>Jgse?Wm|0n|i$CPZ^K^7{ zgkZ4gJ$?3!&^sF~9~4>(fyP@r{p7k zZLIFDko08hA(Zbjki%QpAL9G-DQtFTrYjq^C4Udz$8pE_T62DWH$bPOqBKC^nZ)B? zM}^2qNykPj^rWYXUufgHraEM$-$<|g^UY?~0 zUBlqDfNP*o&;q&r&v2 zVZw7_IB|h`YFMuPE{Y*8PB)CJtbDlRu7?T#m}L?G`56}{OhgpBXd2Z41^T5k^Wsj` zwG?e&` z^Ud=D40PFFQiFnC%+6l#p2iW64l0a+5!Pq;hNo_r@SCstppdZO;DU?{!smboV8tut z-AEvR#HHju+%i7&R#{oOv=F_0)%}|sN6IX%m%W5Zi2tzywgktM(ZRvwgoGQK`)VT6 zD zl;7}&$a3f8tYupZ*M?MH4Gl#D0_EA+iwum#=?J$ zpPk0W#WLdIY5U$byNh2VhlhIu1L<9JFatR`s*Q~}c(LivfIxux*V5AY*w|HjJA6K| z4-?3afzdx%*yyh8!hT7Kn63_=ybDPsfEJlJiSh9+?q~gpWJ^q56AEwa?RByH`#FjI zr0h@Ph$H#F0z*bq*V0l&rmOc5G>?rx2L}4(-~ZFR;y~V>7awe_y!0;aQHK2q4WE@1 zyB*OKBMvQ75s67jpBy)^18ztCuEQH&YAbt#VioI9|ku9jBA3Oo^lLq zbaaS%F=}sRHU0qtJ)uxiT?hN!y1x*^ z)|4si1`Hl60~%|l#}k9Daing}Zux?ZLk3dYnb+vj21?%E4m!g1TT_2JHtbA>$jC?% z5-q5i3BzY$GH{0f9YSPqF)`^dH&!lvQMo_xK7g4uZ*U>?Ar#11sY`VHdz74Xsi+NC zR!L-JWE9?7K8+nLD|6)H>bp7v+mgU47)P(JxtU;*o0}W<#aA{& zyuPB02rv3{X*2YTYD7*20ppV=$H$fRF@oyMEG(_VSHCTLb#rud8WvXS>lN)_z$shFq}%H~m8*B} zM8w4BPyfwl;bcfA*~gOH->kG{<>h*FS_8jj^BM*-GO1{2KKe!uwzft@iz&idfB&|G zo9Fk;h19oX?M4VHjgcd)kMXhK0WlUJ@AvP?NJySY7F8&9EXL$uKtEb*Y4Hg%@bi<_ z#2mNfR{RzB0C42|_9&t`&jWC6SM=(q?$E^Y^72J{rUZ;s}mi3FM=r6Dr1GaxAlE}X4suCEEk@X{pPcoh(ifnl+?$XH{&t{aAm z4Yl&SYm`63Ly(fJ*3<}eB4pS)l_c%4unxw@y(fSX3>YwhZI@#E>i!OE7F zhxKz=;Mp;7I0cWRgloA>oe6`nNnq0u@Vk(0%+x^9u0WJ@dAQF3wd zD$AkjbZ_VBw_Z^K0s=BJVW^Ikl_?Y|rJ)O9V%|d{J>=;kQ5G_!ZZRWX?4Hb-p2r0mCKI)C}K&S(W2_$CA z%Zvmb-rgTtb90GyqK^*Ck(X1(JIi?}CI>0S(N-!dYm1AUH#gn;j>Zs3{N&8_=4SH5 z$jF-mR4GqSI4>)*<#rZ`byZaGen!@&r|W&1`1Okyu0Ud-1{`^xW~_F1BaPfUI;wM{ z3nmT)l4M{i*&p&}mfp0~-JQ@Z7BwG|-t||$9*PDBPQ|A+L`O4pd~Nwq56mLAu1`*m zjYOj#*Ootf62ZyFMt$%-uc1L{$h*MV*l71hpy>1z#fnR?a(jC_ArVo8!mC$v2!CCM zjC*jm`P3Bq&@YMiVigQP&#tb@PEL{&BHUbfU$FcFrfIvnf*L6( z3kwT-RSyxdI* z%FOI6T`|wqau>;mvYZ?dAt6>iz6)UbH_}#Bwa`b@Ph=73S*tD0&VCfpu=qTvVN1-& z&i+u)%efrpmS=$4*#c2lOje4qGvHAhFamK>wiD5S>} z{DH{qJMDidame{WzQZpre4kf0HZlXFz_#-<+kPelM!z zBG~`)=l1T+`di69LSWuslMATr{b%Xs>pd{gql+W#5)+|%9e2HK%Y9x`UVc0+F#Svc z2-yz~oPc)l2Xz$FmoMwyt(w*r6cBIc{=j?`DkITCBe8vZWN2x_p)1R?{h+zwN>YS{K((o+HNMZFV2ep4W3;lg|o`0QI#UfiDJzb=RK8 zmq%XC_MRrzDL|p@k{zT(3Dlwi%~%07*wX068y_HjFTZbeOlG?tVS>jvze?L~y(@He zn%NsiyLL)3glrmYAL1i8l4p75iQ9O2=VZB zcFS`&v20aF4#m!W^gAHG2%-hL70$5F-qqgIzolyH#sc!TgqX zhLgwM)8L{=Aun;jOc0=i@*- zC_YRAhWqgUQ1{;PRQG@Uu!x3IokCeZ&{6jAL6WjaGkE|T3ylcpO1tlJMe7Z{q8w5XB4L`?D?)dbwI=3Xe z(qT60Q2Vc-fH2Jt?by;kLcce}xHo}F;F1H$t0ywx2bcRV_lx7laXQ|gcx~Lk;%@X0 zM0w7&(Gc8F5M1%ojQvulj9Y#o_(aI^f|KKD5X<28hn5BLXpev=Jc1#544TpnxbVM; zhyQ1z@t59stg@yC$^TuBlZ%UAElR`T&YjWujAvprKr>7JSC~nurNj*nk>5cyXRCiw z57Eo}*L!3wKx7)ZChK)MjDYaBOYI~7YbnKkVRlTEK&hyxh)KKL^7r@m!?s()ATDac z!rQ`-{8&&p5i@Y*H1ahi*Qs%#aF!g)CzPAM6SE}f6 zE3N4|yvSSxIqk41Zj5nq8hr1pZs7Lfc=PJ&YC}WA6WxtY6Em}nii!#d^SQZJ&d$zW zUL(`?QIV06QBlP&Uw-{ytTHk@tQS>TRpnu8yST8>Sur{C{=JTl4n(tZx6$owj|klZ z2Mz@5o;-Q--mZm(MN`F_)t6fkt8f3VTEa|M5u@=`*84>rY>A&}EW~xd_vCkLY?a&DIsp|Q8Gwj-qP{ltwE_WeB9l=GCNz5=HpPA4LLb^LPA1DM#kcu{nl1i zRyH>JdU~&p)PR2a>XoajYed&&F)>+Qskfy<6n<5KpL4KEN=i@TXJ=>K9HGL_(cb=i zmy5f*RHKcxH81Pp*4D%0#${+UZTksXQgU+o2XEiXq}}H&q1^wfqC!$&^_3sCva&Ku zOj}FK1#QP=8-9#Qe}GV@zpY>EnIM}OZQlYx+;K~}{|Lg1(q9WeQ2qPDOSrt-G&}3??jOa?(72^hCIwt?ih} zTh4t$XU?2iymP8i>z*9P*%K#dQ%m?Uz{|1JNsJzpB?wLt78YJRLqo&KL|{2KozqDb zlX84|*@x=<@n-*|^P!|IxYuD~ko8nfjjIm(Y916|_;k;|skvEJRyIAg=G{BlLt%Y= zeVF$>FqgTx9H_MC&-3!~V6z@0A&I}rgmEGR+dE4u5J^EnL6w!4QOt~t`!dpRpDTlR zg#)?%cq6(kI+|3)Gzy%=sa;)NU%r?Y2h|4$HhlQ-0gBzGr>B>emRML=u#Cg!OSN+| zi9LO7-Q3(%$jy$@*{~HelSJWlodGYR%=4}A0hEk@oT!vcF8rbO($t{W50O!e)o0#o z85LC;bv(PMT>@G}5oYW+bv^-ljJ1WOWjZZXw=fAf8XD4Kl%?$K?65$?B2Mg=l#!NR zSzf++?V4iItv92oLR->AXgZ~@tE*%m1L-||Y13~*9|x}0#$sgu@Nn|emM2PP6=MUv z{rwM8+F0qD@T8<(6A=;N`5=qcC`fKrs=Ww*gy}_k+q=2l+Ujv;=3fpK??lFmZ=lf^ z&Q+aO2UgWy%QHk~X(mZC&qE0=(;QeMcqymNm&`eyNm|*{)kXJ6S6lna=-02A^))p# zG&H^sYHz5@+1VAzz0-QRA1=>3FDgHfrOzGFiLt0MP(%}pXP)P1xISacPpqAG@xldK zPm3G-sUAl~okFHq5&K5VsJ-zye6UCE0OM<5v-|>CUZ?F$V#4GY#KgQ@Tm&(q&pGr? z_cdr#bmCNNl^)r^?jT%Wt+H`W41O>>*@ODVvL~_^qQAd+6ooG_F)^V(!zS&IoydY7 zFvB}1N>fr&q{phNL?Rm*3f-KY!w@O~ipSZy{JdQb9=IQra_iPDuH9;(?0x9--si3v zBrjW>$4~dsauFINjZ03(nK@6p6WzMsa8AAQ6LG0i9Lb=1lsdavNp&@+=PR7-cCB{v z_-5g?HI1tm9bM>nDU?(^V?Ws=;R+Q(qmEB6=4x@yVEmI_7O2$*5(`6so#&h>E-1je z4PBZ@cVFKaWYkn~50TL}mCx(wxPDH@+}zyA=$Uh*T5Uva=h)a7^drfJW%%sbGq5ej z#l;!CiHJa4zkv5LBSV%7AK^&Gd4MA=?(yTm*_oLcA0MCPWqZ_T{n*RTJEo>yjLw3l z)RXt>6@}(4J-xZ($fTQ6pClRhczOL619=$(Ngr^~KG@iB?NOws&eAjJfs^?)mbQ(S ztRQ|>R$SdYzj%sAfo`E(rg|{s`S}{t5rvTiLJc+@f+WT^Te*PQhtS|wo_?{^qoz#pB<}?-$!9Jr8BO~+` z+1YFXjQwiif6ce$TiUZK_-~+7?%04x)=YL74sBc|^G%$)W)2_CLc5 z#7~~6-#+tCjMD@zC?fA)G0rc*frj$pdesq#$T1rNxUg+BtLw={K)V_VHw#Ml#CIM5 zt0O<*+8%mG}Mr(b3u;;0BnW|JrOseJ2)_!u62GZ*&^`ubeb;=qr?R5rePLPG zU2>$Qg@wAh`tbT~VE>erl|5Zt7P_8A&|zNj<3O-#l+7vbUjz6-bag?I%-57e;?O`H zsHGNzBIzrVl8iZEwmo|2P^ULG>S4=Vr@WI>xrt5sXHLwchYx{*tX}F|9d9P*J$JoN zF;oFeJdyvNa!g+f)Dh)-PUZv8Hpm3eBF!=9sG^`Y?AMiV@_$<(vS-AoW;8puPskzEI9suDO{r zxvgjQgT({VOC)j}mI3UJj*c!YsJy!32|cqM9Ua}>frUB7a(oPWLhTxU9v>eEXt>BW zH90vs(Vo&qaw=eEetu+R2pN8P;5@ z^XKz1Z^u>*uh=ReEwp87Qk0p6BGW2F#$tzrMa+R8)k0oRFY+?OH5n1~69; zvpTYh2qYRhJ3GtE%LQIkRq6U-p@m6I44Ic0O04R~*7^Is6q7`O6;xT}5I>PwERXF{ z!M<~e!y<2G+*J#Yisq+u71=@MvecH(r2k{=%kc-o`@(A9_;*k9ZBCb@8XA5QM-vmB zHmb0(<)`C0Jn1bKsoHHZC?uV@c;7TELk4bEj{gGVP1bw($k*9WaBoA~rr@?66%!p9 zo3gw4eO_bp+|>8^5j40$40x(mZu^uhEG!`L)P1pM#XO~CWB}nl5ZK<{hTCW(kt(d! zZcf=11Gvl(2x=$(+{UKi=H$Pm^L1@xj@m^vWRxe)9D2B4vai&MKCPhem7TNu>gd(V z+JNo+d>-DqJva%_OiIq*~ z$RKT+`uf$mz*dpA!z)Ei}=S*V2^@#l(1xm{b+ep5^W;d`Sj{ zy>G}rHVkULlw;CJ7qAG)N+l zkPHqFKMDzXbH9k-1Py2k=}@mD9=HM*yXWkE>g|KY`)~fa<7De9qibg43|=-Ob9cM5 z?={u?&+7$}TAqUD55oK9)=%lDb&DGJdTU;w5^`IMi8}55=9<|@x+KnNDS0Ik{x6~V z(AcP`EBKp_kHmTj?YX7NNqLWf23j%&aQ8rmrQ5f^&dl@(e8b`Gt}E9Kw6Eki{Y5YQ z=I`5{Z+hOB`Sok@Ok!EsbVerFc;xKv6&(&f%=RLteI7HM>VFgc3W3MNFDh}|Xt&2* z6FU7qC7~sI_uSMpw*OMlcLQR!?2C(w((#Y#)9v$8nkeHVySm0l3P3}oNN;W7YH4ah z5EJjNEqrc{<-(rl;KbPQi;jQ!N<)GK$f<;yln8f zKVP4eloWxnwy`;Oo|Ul5Zi3ajutFO@JvBAeD!L}+}vFDwp!lJn>SSrl$G0dcfQwXkYa*q`&wGA zvS0>$0Kr41CND34=+Gh4A}wERc=(C2x%q(E4DvtmTr2*3WR6|)=}SY6vyv+nS!}V# z#5>Z9D7WQ(F7_I|p!hhx^;Ad&_R8Mg;kqA=^Q`CNSh^H!>K-+Qv&in5 zE`clglLPcuhUV`_;jawM-|U>g(0~VBdEJDx>hr~^Z|k3%p_XK2P`SFS2;sROBPs?u zEOU0Ohb`Hhgld%X|F{eKS7;{#XLCtvQ78Ko2n3Ipy9pNe6`t#h(i^IelJ6XgcxwNb zQyzxkC^t|DS-|H3#pMOn{6B(Y(0o?jfUFKg#I%DCGA_luDVeM~$%xStQ<|kRjQuo} zYe7HQQO9ZTA`S?v8yFaXLpk)U*fImo)BB@N;5WzZv{`7L)jLLp=f=hm z=a?BX9@@;&a&rim)$=gXd8^PrdkO*Wq?&5;bOIdQ?*;2rphtk#y8nf{3)^Z-kBVM; zvYyX>7!ukJHDB&qY<0|Fn9=hrm=}7*RuA$oY}(iTSKzXlx`nSgm-05 zb`6Bcv5E+nYg-**A6B0*F8Qq$*!}-e*Qdn+_2C)N=ix?{@v~GDXX+m6?+We-)+bM z>im{we}T^)tnf#;5o z(rRJJP+4o~l(p_F73N_bd{sEkU05$JeW>^5@#8~6w@-XDK=~ab5&Bv=H#@6z^{V$p zoIcjve8SelBc!1#YV`AGBZ=g;I<$wESLp1$d-s;az?3BlX{UhSqWHhF!+qqAeFtI1 zLYJV)i6;LLOiuPK1RdQKDdV(LhNinW#M#%>JfD=d+BFMGGk!dAVnMzUDQ`$cgP;f& zFPEK3%Y8J%eO>QL0PZS9gjkNv&(CY<(7-V!C@3f?DG5AUNJt0(r2N%GwZP`8CI$o? zz+LAXTA)J5cMmtbxO;Hi=YJ;|JARrMo(OH4iQjx^@hJm_vTk=k_-vruu-GGJXnD@2 zWtm&jr`@Riqy2fKyfU;qUyM$q!u{PgA`yC`Cyp8CGRXHS^flq$)F>#w;W0Sj>S?!W z<~aCjz!iO`kp< z5_a#Kj8GLs8Fn0$ye1Kh*>D%-xhARvglH`TG;Q=_B~A%7`En*}Yx0dUr0w^rJ?R3x zPkUpoAZgKf=l9Fy@DKz=pOnjqCkP73z~s5Mh4gJTy)_-w6clC4%PTo`DsQI>710^5 zu~Z%+m{wJs$Tefk!Or<2Q_pr&BPB&mB*@GT}|tnE9v>VEtnf4J^_*AIqinh+t_n8P&r4j?Esf>!jd z?%bJbjcGwC$*7YJj4roVoeQGY-;7I&Oo08K-e~@HW*o8EdiSx0W@1co9^dJUJQr)) zxB{$FiX%nS>m8UbS`{CARA?J9>|1!)(b?6M>Ci;ef;qOykl3I8h}&U0#L(cNLS17u zO%=2XH;2a>yfNkpx3CRzDA&=>RnO>#z~#BU5uIR`wwO^XYyi0z4-Zd^shzrdOsgp{ zTF1rqSCYxGGms&Oy{~vn_@wW(a!Deam(m;9;vJh7|(Y6-%1 z8m0Gzw@{{TUKW;4g4|YYEl;QYNOnC(Pvo4rdNon7-G&5t~g&V zD=R}ZpK)?>TAple4Oy1-wm*kfx#ypB4hohf>*UzU9PuwaGYxuEryQm!B@=gy89hp{ zFGw2x_jy0RaO{3!26g2gcJx68{<}QW_U1?5KItiOdgEabhV|Qrcp(1wp-&KBNaUh& zzDMVoae;xX@~|8`eh{HJtvE9Jj9gBlII@>&?_X4XFmz#>c&G3g)Z=_GO@|oNTj3@A zz4OWMY5VyL0HfZKLm14YkTUjdz^dTdyEryZxM>-*#%W^zfDa4j*f~ zJBCfTDH^#QT(`w^*AF3xhl%A-JqCu%a_o4EVcduZ{z>93nOe9jXHb81kgE>9TteR5 z8n3J0OXvU$*F4Pl{}@>w`J6jb(W#eC8*{@LJInqUYrMnz5ZNu_$npJ%>@V;lXJuz; ztrN6K>WyI{!cE3M?#h;d`{eX21x*<#*{wyZ)lZ0Aby@4IUW=MGj<+7pVVdVo{Bdt+ zjVaw}|AuWcRkF)|eVZYg@A1_ai<)vXvasvaWnIoivNNoZ!@}1?L9%z_E&KvT*2S& zi!|Jyz-E4Jc`HwNj@}1@f8tN`1v4l|_=l-xdr+A*s%|KkL*b2)If`2`_~(utqDRA3 zV;;sck`W6_Ajc1K;xq7H@Wv=yEM7Y%*$BV!jT7$Y6RGeyQ`m;iZ(zCO7By_3KOEP% zv(V?pAEyMjsLzr9%a|U;{q{-xe_beKa2>EQ_67vD8vkp22oSLBVS$QYp72n!>ut>) zUkOQhwaMfqFq}S6PTl`>dhBMv^22ubBz;e}et*)NRVPQJ7(kgb|7x@4>2+kJ=GCiL z0PnHY6`;kz`83}Z<@$5;{B|n56?_oD+~@nWWd;?2joEoU)oxY%;gZPiY7B&>yzn3m zY9t%Wvwf9S)6a)@KE81{5tN&gQ>>kvi+`Es8vG1E7{H|PGmaG=o}S6`KvDtYUO65r zar949{5diB?Q^OmPwW0xMKY4gla%d|=%or-MeDP(Bpf+y^VBMhO$!6q!M=t?nT}J_ zm)`B`jobRDvyxa8F~3PuHE>1!^7LincfnLNH<7WS%J2F;ALZNRQ>74{S^L(t(XuMK zqDZ|koFz-KK9W%&bMKS_3hw=D8AOXO8yni1ww|6lo8N5)1w=#~gp!~IcxY(omRc%C z4}{i{ks_-Xc8-p3v;AoltHvfKu3f!)y#)Ae*3=Y8!#@RFSL2Lro^=$veEC~lbF<DI1;{u<}H z@brioaP$4-_&Idb5jg$Np)E+@sF2denm3Ls%F9naSQ1l>&qL=n)8yjn5=hQ=&^|bsOnj^zW@iD79$kvR*HxQHGG7-Y1 zud*6@yA14^E|zek(XCDL2@rynT=*@D3ekcrEasl`k3Ec=%AAgb6set4%y^c`z{ppU zm-onnjZS{%{rkiL)R&61q{ha^v^xOoiSDIVRwjCqojP@=lT;x`JsTcx!aT&}^=u*R zL#HFwsK$LA`lKr}I#wjH?&kwLz?1&zM%!F<5FNmQg&e=p)z>G(ctenb!^+iFX!%qo z37_1()EMw2W@4sSK$3j$MpaeyY3FVJOP5mc)wT5Xul2IBvZDAYb&rR8(kE$St26m5 z(!joW>5`L&he#J5lHgyDq-gqZ&bqHn#}J4-|5SvcXG5BOubp*U*(Lkcg3t}KYBLi{ zENWuu)Olfyo!$)<-I3upj=Qgt1QtJjLR8qgKff41H7GP-J)Y5S+|xr59VzHFM`;ie z+s7{zp$Q0Z2{Z4dR+N>Mh2o4#FMB^UWTc-AA~&RO8Q$e+1Ynfy zZInhZMn;JLt0Qvw)J^)4XL(vKva$zyjfWUQ(gIODb`B1F^z@Pf94*rwAM4h~o<4o* z<0H0f!JOUF*q9pWQ1QY3x%=Gr)m8O0{S!e)ryj6Zm6Sw>1beC$g%cegI(zwl29$*; zEbuId2%AUs1t}3b9y>PPR_&;HwboSsl8GT#0{Qj^D&3veRJM0K(^r~1GUlqGbpxXF zdJw6w&JAP+zZ1UW#>D-xxD+>3ZKN1gF?wuuX<$$ep-5olPkcb{g&pjuQ(>AsY#-~C zXOaz{mY2tE&9aOdFxarMvE{e}i)CvYVF6-vp-VHfIf8N$D~Fg~5eU5f|G+Ywq0|jECGFH75fLfRV^eh z_#9VCNsd6*lyLF;3ONlh^@{OHiHUViu^-xHcwa5vqqwSgZDRatM7;vL7@;G(U8!8z zNijmdi)?JuJ3F3sb{B<(6GVu$)zplN28a$E$awxdK0aPfK+A;X$6YE`$3{fdH8<8*X9_cLHfA;Fbd%ngaIxSOjQfzU2%!5T!m_DoA;XHE8V<+| z0=4`iVJ{NnlSReN6p3yuyFz8ldI-g@E3Of*uBC`NI68_FGM$#MUkjEZARsVg>_hR} zpil*~_4Sgbu5|BUxBEqF@~1RrXo}Dr8wrs>g0Ne!jJ0j(YRr=t{b22s=2@StomTCu zo)|3Tt+DS<*#es^9mkB+WJ2;aWqI?t?YiXajMUrjzeiUY-@NS|^)qwP7?n_OUmyJ* z9sT(tQzVMd2+@{h-mZ z*L9yhy%>b(KymMl-Z$+aFq_mMYBfeY4(GhO0n|NIZrr)^ZTYDoDwT|#68iI7K=p0nCeS9p9397LJn@$FVR zNZAbADF1|t{!8K$uUg235hG(T|~z_3GPke~oCJ|UN*3Ym_Q)!euA z2s)Eahbz6+XPy20m)vC4ZdIgS%tjoGMc5jAY)0Md5?)Y>%nliB$TT2*+HdRNFuvmY zCgXTxYXhsKzCY_Y_Btni<#@Z~!H{68=zPAFQ;)4zHn(}Xt23kJYQmK{*n5ciD2w;s z{fgU7|IDQxU>@(p&8KVp;Mok8Cc6FpC~Q!7d5A| z{@R<1R)+SxuP{3sE7>I_y-4&8b@kvIKo)`1;nD0Zws9;Fbg4B9o7*<)YKNw@Kb^)d z*3I{32>=qZw6uiBKtZ&(uLfw8>X0Tk^X3ga*6VJ|{gd`<6YVQQLyC95bMB=Z>HB_7 zq84JYl}`~7BBi>$JrR4^zd7~kJZtM-iie92uRrT8*{kE&MGJpM+n@gC`O5rr` zyT@Tr{KjFJ1tnqc7#o{%o)xJnbZDGaR8Xc#)L-`^Y!@7QJRb`Hn(xoXhS+_qRon&?8;(); zvNk%aWHk$QC~zPx&AGx`J2XoY zVQk^zwQ~54Q(z9fz6}k1)#W@D%_NMD z_oek^w!wqszV(V$PG3?$VV91&71k-!C$V?-^_lWgWZ`qA+5r+fJY{WfAD9ir^B?o| zlZS@rGwjBf?L$fR^edK@I8L4GTl*?}c?(@u_BKNk8W1L@%r8B^9Xll^ zx=~L(*FR~S)HePyn|zO5dHOrMLRVOzCTVuEiJqFEKTh8FOQds=arQph^#%Pc|jmjhL6Nf>e)ka&o{tGnHOdm6XRZsndbBKecp; z^{S#GFxIBy;rk<|%8HAxdsy)E@i|yog*aw~9rdobKuU4s{^FwThCJVT4$u4s2ZD0d zojxh2AYYDIvHrPTTuRC@;Uk7lFuk&}x2{Sz@DB}&o(b8gyK+lgdun;PXvA~93v5)T z++Sx_D`R4aSQlKWnIc~!FF;4}+q?tNj5aH5f85m7tL`RBy*)R2dT-trN$eUP?&<8L za$1Qv{bz#Yt)PoEqf*tjds%TQEhA(4lbomPH9kQrR;ic>-iYz8)s8xCU@%+SMR=~- zRVVR2?xo#iT+*@K%zPhZ#%8mIVX|$cAt$LU?p$^7OI*5%P&ATLQuMOEc>SgG+IwY; zC&6ciqV4K=!?UouJvXjawF~JwSS1-NxUUvMEuO(>dyNTfVDLCT-Us4;#69V4y}K9O z+}#LtG5YGKq3u=Ftml?D~_@0tMg!q^7@e*Q#`ez#q z!6>)ew*zn70jZXSTSH#CP2}6m%tNc|mMbeO0IDVGA88@$lk*!IMYlQ7hSwauyi%s@ z*2yRHGBd-L7bhFr8Tw3%3LATSd*dEHTz>a%VzFlaz$!WE01?rvfw_$hl=7o5{anYa z=I8TaSAmHqvMa14qOVXW)rsC~lmCjx8{MkofGmUQe#^*1?Bv#k0(M=OqY}fm)GWCp zG)~=AkM!jcL`_Y8c6iw5Zrc_&YxezI2C$)x5y|0#ueOXfCTODDXJ4irqmRI}2_2Jv zAzzeH=D02!zG3ottO#=z8L9WgaZqojXa2idQ1_&LRajh{JnPD`YtV{o)fK~~b@yUL z60pNwrL6JVH5~^Za5#e_z-lYpDM0;vfFUexpw2%@Q|*SAg+*|0#sYwxrHVj#>hhTr zQ2NuuL#=u1Rx^2)YX#=Mi2f8?*UvGFQTEd>C#x8#9+MD6BJpS73&mc1_yIwBB`BLuHdN5!@rT*cJ@qm z?>aQGq1A0%%*+|f53gMmJoU<2LQ7gw_L#Y`sx42@Q*QcZ%67GqMwWaEnY`hSuJ8Re ztRfeSEbSLvPTMK=pe(etA1RLrFIe$$lTwxH^S8~RSyC~DLqQYY9|f~o77J0k-H)8q zA0L^S4X3EmMrN^e8R;q0$@WQ!UL6N_ZDpdlon{aiS&!2|0o64dQ%@Mw;e3UZUS+pN%ocWNN{(zn&{Ef7)!<&CF#Tcn#hVAcmxo! zdUZ(&V*;ittl|Bd#ZAEW^XK9AVm}PF)1D&-C;Rwd*4` zJ$7G~e{X)DmoU59?#@iUAym^c#x2Yo>tZyr?5U(&Gt@wS=-ZF7SS68vka0}gk+kNrkJA!K;Rf(fhL?>=LG+T?|q>m5`NFTg3 zrDS*0Jf#_8RBzr)@1GvnE(693EEMjH3<348liQC(U|U<2cEq!er|ut|b#y#f(t*Wl zs;bsCH8(Zg{tiza)Oqpphh`b<{F+;=ko7FHfr$E{6cmZ0FF>+vL#ns95q#yf=y_ z3{sM}NZuhP*{qHou^%6go2>ot;pVG{*58@3&)N&5mzO6ie9F^9{EJ*5NN0P(wDfy- zS9jbQPAX>(LjT4_7T|x*#A%tIIpf~SyjprQL_Ie9Qrh!$2a;AiI zt&$}|#$Q>7R8J0%YrOjSNF2#AF+{tIt{ZvzT>xU9Q%W)DUL~eHduK=Myf)+KA*-)d z7ChfDI^K5HeAZdeh=pYY`Rv1oM~Vg#qoYlV2CzwQB@pmb+-dlpPM#@8 zIy&;7iEW=S8t;*Yb9~yDbtyxJQ32I8QXrkcFsuxmNJ31EDO&R?liIawp+Co!`vQqu zHEcEccnktyC$BbZ3rv-gQu+vqr4}|xIb&r#5i)XB3-oCKhrth0=1*3?6v)hCX>X9b zln|n&6~~{j^6@o1M^=uJrk!8d-FZ!HBP#agGAiw}CAfp*n!Fj#OlC{J7XTId*I!h0&Lg_CWIB zdqYcdVoCL@DCV@?b9a){VQj1ob zQxTNWuqat*PRBrmM5EClyf!wcZx8;q?CPzl= zBS}dYHSbBJfcuSKn5XNkBl3qVMDyDrLFV$HvLNyWT@l9DNfwmBWuCK^ycBXKCE8FO zV$y-xlX(6~*aIaFI#Y~W&H$?Es5mPd&jnl_wehoB>M@>#;#mSoZO*#^>Wf}s zwCLdf67*y)^)OIaKRjTa4?%~50aFCtl+m3#+{3%6(OYN7q<)|2AA^yd%pC-tm`MV0 zYA6_z1oC6%-IYBx?8m}Z7coRA?iSYU6Q}MdqsDO*Vq|*~`_D0(I>bPhc@#Gp+jo8y zcVB=I|AZem39I#xhl7gw>sZPc;MSVB2xxAke^`Cu$Y)H3dT4q&G)aIFJYW(?NZ_(- zYDQ)q6)*S!;m^hO@X;ekIiY0h?X6oop{=HXNrAqU7|J(saDc~|C*@tWv6=7di@^}r zJx)&Eabo`ZebZrIqVhxyP0KCLbM@0JUEiA~ma1%uKEXwpdVsDLND6|M9-3f}BK#qu z(TRxYt|>$S5e7$9=KV0}M8C{=@>%C;W0t#qGv^`Ya&(L-<)b)y6lW&Nw=#wzi6m`P zQ>N{l>}YK;AFhkDBzta) z|H^kj>baYn2c_M1b4!>!94*DS|G7LPBcnZg5h2pvK1$;yJgTJP!x%hE{6K2JS!(L- zwT1dg`@<79lgDG5rN`~hSuNRyzO!?8cc<|dO&3zR^*O*#=LyRdc(0jMr8#)FU z^UOR;N}`Tn+X?TrFc~KakQDH`T{Z-YgCC+7l%S-fR?%^0L>6DF)1fkHA~FRtGv)+C zrh6WEoWu%)L?0xcj6FSwLe+TeMI^!t z1hB}5SeV1Vow`G-s;~jp)Q1n=O-->@M8gA3 zeLZj$mZ!MuAsT{Tl1Y2(xWygFn_RM#GmI`~&(K@cWM@Ap0mk6UFlkna9DdW6ngn3CnxLOx|NWUk`cdr zLRT^sqndP1aqJ%RMJj6Qantj3xO=^L)fKHi2tiKC^{#F>t-k{5>o?8Tf{>2eljKrE z_97sV93Ud{jSrbE<5EHH!^2}>c#U8i-~F&35APe=VD|}mxTYgw&t#%@J)Wj z@a`Ok@mY`E9T64-3P_@hl|H?jN=!^F2n__@-q5l#ajIkP_3M2@jMT4OIv)cXqVy36 zmzS}aW%9)YA7NkKAEyA-aF!+7o?3v(B5DWf^uor-8@~G8Ge@DuqUDEfUxoym!4zfs zxc!k#A!dBsq_p+CmF$s4yQP@c@@<$KVDL^ zUFJ0bx8be>i6LItTHx-zWCp2>?h9s-FB`bK87e-A!sCzm6U>JUxC;U}prKjaPReuO z`evRL7Z*S2({z!MAsVWB`O+ZZpoS@OdRmoyhQ9EnToxPDLzRCGob4}2BpNl#JpV{^7`yVgNIieKvZ^;0MA?d;O4OnaJ_TOPftxD zI5Q=~CXO6Ey1=4Ndqv5%;sY$&;!UV&=$!lX38`ve4Nbkiju8$*Z7cGV6g(CE@GYZ& z<71|me3*3yI74Q?*aRUguBP=_)5+yD)cTSzvl(#+Q$0$kEqbh587MpP`1skEbe8TMp z&!tPT56b`n78XWC7gaby{U;c$2YNWSja|>k8_|`J$s^%(*xz_LT1`o)w5%+4=7E;b z1s3D$U9x9-{PNnt53sy%B z3)RtTb#>1>cWU)8bx-QEOf#hj&0)Uia+TS63eG)x^eEFrFH)Py!Fb3}--=Zi+1QHp zHyI@3oo!@(D=)FGR?&ih6}8SPi@K1@&^RA7UZaMD&_de9opwZCz%%?~5bu?m=WwX3 zDt+dIPW#^XpB_E>N{W2sa2r8y%2JDzvI_7b#@f#0HMH8|<}_@__4 zW0=nie#80AqR6t)!-9}C*zVZIYB-!4)ILH$EKKw9!OaokDG_@S*0-=#(;kS^o3WAB zY&v5C816cEQ65r6)ojcCk2nlxDh?weHa~jr8RYhmCE;Gmq4EP>{Ud<>{Ucgq|Mj?J z8X7X=ArNw?O5b11P(KlM?@2lK>tOW)?d0S2BAl5EtU}-yyLs&~h75ZD?0Z7;b%+E9 z>dzAI1#S2*9JpKYlV``XAlQRQ$A5!JLEYt-1+Yt8us(zidaK?QN?O=CmOHk4P7+D_ zA5+|aP&#g05vGP2Ua__KZFt^g5r4OAjnauDPZG%G@ctK71OCM!mpv4(G4sQ~_Ag$a z{|wzfq}%^tD*|sBPA=r9{deQi54iZlHv+!6lk8w)1f>3-;oCD5{$^PFIc|GKtl#p6 zALISc5Bwio#sBB_DKN=2PU^%ZP=2leW?fRUik$pFr7>!Tm^8TfYV`cvqc?8(FIXWY zhs=`(3Mq4<6%`c$8oGaWD$L8Xc5%_FByr$fzT{c6dv=8sn#DZ;CD+NEH4xOUk`ge# z_>^{iebwn18Df{$uybC!CBVGe z<%)=WP*hMr#A;TE*m!#CRK{+(H`mokxwrF936x_%Fore@H4DOmJUoR(Mf7?BLWO_% zsXU+yAO!5U{K^m~#l&`B7%KW)E-Eg*@vJipqkQ#h$4Z)&?O<6M6|VtH*!Qmf$2V4I zs|Z+rPlx}yGN`6np5Lsh5?d-JBwSZga%gQ`L4AkEOoT9PPB!j-Dy~qTfL0Uj?_|Zq z68AeGk)t!H`KhKihbOxuPafz^yON3lxk@mJjp1!L(bAqEBysPf+Ve}7WPAJz+Sb>1 z=0}F*R#;+V18O{7d^ZjYxAiN`Y;RXJk3)=v-bZz|h|&)qbZbU-*VddJ9c9E)@Qb{_ zN`)lF30j-0t9_I9UD9I*?$1J1z_0$SQl$VjdYF_P^8443^4QynsDzLJ4PucPp{DkB z=EgLOmIc3h9D&rv7zkMZS*KjI|Ad3RJ?7REU10u%(trA}2$j$ZX9^lV<`8dGi6gg(lY-ZD4EjAoOwC8hj*{TgU^(mT;T2@O5Ht744~akoIU zkq@{Y^dVW66g*1~Sd@B|-Ys?YsDx}S{S*`3;t~%YiWPtV(&FNt$;s3X!w#RnG@UR( z8*9&uy7KZ1MFX|dVYu>?qKc&YzR(_xuL7~L83XsFf0#O^OH^jq50srZ4dmBTT1W2Uy=Tt zrVLIjV5b_5pJr?P<-^kA3nF-AFEC&ODc8+s4_LOU@Xq| z${z|>v_5z}8XFDOULy`rt={3^NsaX?^x9ZHwC9cguSFirs1OC^P*=du94|*KEJ8^0 zfU(=n`CB+0Oh(T0kPtpQJ0s&2%1aCQTfp zNQ{SIyWN=Ba@W^=bj#?eqql&X7>+;L-jQ!7kaIkE1ry@4%gM`&&oeoTuX8{5*(jrQ+0to}pf^ zO;gj4z%5JE#Deewj+TEh4_8YgF|iq99xoR)M}{RllGGe6Fe(>t@xd1-_M$kjPosWiH}~o%0G@d~!@$GfjZI9*$iCRw zw6wK7MeK;@eA5*k^Ai-L;6#^{kOHr~b*8_tkWN*<)SFwLtD;2U1xB^0`2i)xivhb_ zUc3OKNeDI%ysF(NSy^24WWJ6X&|7TFc@T!!*)0iscgW;TMWlaG~?(=!)bO&Dff@S9%I-LJgv9nEcMbS%E>Bh(uiGM0jWHP=~6 zsk8PmCYTEL6R4lfDVF0((n9({h>Gg!WXM8`N>Jc{?r#Q4*zXm|HZ6;^TX1zXgPmtcgJ#q(ZL~F!X}WBfFYw0 zRE|jKkP)p2S>TH|$g4_9h7YbJCC!GvGc`_2XeH_zO%Wq!P+*_5R#I{q6{n}ZU8J=> zWSPZ7jVy^z?}3QWAs{QW@leKtAxLS1vXCY8o#d)Ce{@oklJD5ky5=~57BH9Y$ud_r z-klAPK9825UJ#VwkG)-@?LT4{QC6Ejy6z-?pG+MI20d%*JoW7K6zIpe<@ibN9cUD) zh87mAXI>U$$xX1SAcG*MoO;08A(y!wA5YOI7l!E~Obf*lLTPQ`0BR;g6wbNHJ3xAo zOJsDb%9`eT}c@EKQa%{|b&)2&U%fMEsQ0E(G@1&|>Pb;@0K4&#fi)b74F7;s0} zl1cnBX?cb4s&lE0_50mSPu}*>I%#jY6u<(JeB0gmLUCZOJF0tJ^Pm=0kV%K48Y9i- zi>2tg^>smqrvB>S{UI^MarqJ}gZlzR67vX1p`x(bWa}K!sq^Tls-QCuI)1!971 z3&(#YJ%6&&4fN>L9EcYoAyz2VRb^!h-grpjop<^0j+;fXpifO;i#hMaUb$OsRhlth zaQuG`s6red!DDJ=Q<%NRvqbtKMf zA;DGtI7BA9F)boU>u<$6GD@7l;Wa!yLi7%MqsQW|lZxC-0N!4$he`M)oZUm|Ak^$E zaY7dF2y#Vj#glJwSh(qD!?o!>Pr4^=v3KiMp_o>+)aXI&Li{B0|45$`GAgoP($pP2 zdR2+^rbIgkKd&pEK!wsj>w30^@r`I=uD>z^8ggb#uZ#{C;72qd@ynx8o%AhrJ# ziu|Z0`86H-gKYEb2Yyt{{M!fAf2H+**0=mT|9)PB`lCN&gg10J-8}3r@>H4z02=&*yl%~-tQvRPK94IHk%Eq_Gzl!Y(L!*h|$SA zd+b>Cw55}0waH%E68eIWT27XcnHe4zxft0R_0>;YeFJJBxxjHy7qPSmRlJ_ff-M$RbDj*;LAP|(BguBuP&Cbo4 zo^`1jPD^9>*kW;;I5p#0_hh27S>^8Y*9U&)A-}F=b<-dY_TtvIM?8eN`T1QIcC4%l zD1J*5lg3!CB zV79*@E$x5jvT+(yWFry{8qW23sPi^-JE6dS2sn106mgQFD_-WqG+MA7A?O=SchF6cR6%@4s2L?#CY;^2A>8(b!}s zQ`6T!uvz@qE<{h?EB3=&}O7sC1GJFf#~e%U-j}IgbUVLer8~R=FDV++(={4Jug;Hbc@QZ zTa=KHfIrB?gVa1@q(*W`c_O&Eq%i_C6KEG#x?KRXrk8&&{*x2Wrh7X_H|O@nxIz9}jiF3W9+bWZmLQX{5RTw&s{qkVmikEp7^nHYPt@c;6_Zv$#>}1INv8v+M zEn+a&zzURkmYjQx>L${~b4TZ@yu6l9B7+C?(0^X-H!yUI7&j@R3>kKDgJZf-M$aBM zR(};qPR8Un&djVlOhIkJO98D6Bx?-RvsXaObJw`-k>>9+xAP79&WJmCE!#qyznM#Y z#ylaRp~Q;NwXoW2x2?3Sv=r(iy1Kj9oik%=SJoduF>r_8+ALOIYb0`$t?Nn{ z2AG@RU11u$yFZs0l=9&Y^Iwt=q~{yu8$l-JHDYn`6bwlf6~df*mZwOpsMgnS-@L&1 zgwo?xFnf!lhvnh&bQhi4ffVO+{L4&qDKm+7o6Af z0x{}0Zd|8#{|<-3qrriJ6Mf}1H4~o&MMOwf=@=p~qJ-AcK~H3OPS{lC6y>(dCYu7cpEesF|0R;pR7F{YKEv1BXBjrL6=@My_bb-<#APpjdzyj$K zS%`q7bQ*MnbbfOo`%$0Q_k8D{bM_zm;&LtJ7xz8yImaAhOd!l;XX`*n5w?6vmjLUc zb6`*x9yNVJ)|)pIvlhhc0-x;MX35V_mX!R_A9t_qT0wNS)`iW7nG$+Fc%jlO9^^bHQ4eoM-V2AcIY0gsaKd}tVzQR2(BsIYr&MrqauOFm;-TL4)jId#JK&^I zl<4K$n`XXgN;6>(RXD`L?>oGwg*ktxUH>P4W=BI#7!VMq!{I{|yUYt{-oUwfn*6*g z4@z}1J8yxcpeCyo3FAy&LgU^Sck85;+G&I^Jg5=>C9UTJSKrsX!u z*P^C!4e2|>c2*wWMX-M)laH@OH@J1vRh|&;cXZ5DinaGth3NXuE@aN^MWS8fi;f@Z z><;gQz;}ez*)O5*20_mYQbK!Gh;|@_hX&f#6HJ6}(&tG~yIBi@ijuCK3ok#qnZMCE zAHC&Wi-`P?)n?Lj*F2TfJ6#-MPs$#}GUW03%MoZ+{*o6TWJ{}TL}gV~L%qF7^z+`U zuX5xJv|f(a-)a{_`6)Jq5!X#lW-lPJSsy;EOHJhEwOm|HvzJl772_{DgMX0{%Fdg?M}5c*Z|1K__~R;Ycp8n%sK<&WE>ZJb3}1 z$KDaJZT5xiKOtl{wVsa5`n#+wEH4x2&@3!hZK%}-XxX9bhx(O5LE;4pb&%7_oJ?>o z=>H)ro4{Z&NxiRb{s*gt{-sX`FdI;H^Nwqj@PJXf$BeI>w}VEa#PtymGh3jt0Dm9M z2M(AK%C>fPT$e9DkGj`6{a`!6>_!Sr;mQjlp!opT>)oy2JQn^aORVpt@9eDj`jW@V zlNBeOqXOd37ok6sj^C5!RgIGg&(l02Lt5V(f_XzZ?!j6H=`%1;ek!y;xC=5NDiAmG z#H!9gcKpxKvER>ye_01sA)1k~u_?8+^^J`+#b-!B@Zt9dAbB7mp6N$m^WFva|Mk^* z;|kEgui3ru>uRti!e0>o{~uZee_q31Wi1DCd+h4@pGC&+cljT*Appb9CU^SuiZVSt zj{Ej=57*_J7PH^JeVLnEr#@Zq`n9=*1<%{^>}*>nr_Dh>Osv}*tfUL1n0}E!tbh~@ zSo?T*c<{A~?kGX!hyO61{`)KGX=rHQc9p$1J`Py#Gy1aB)P=9r3_~%4@w_4;yFtD( zURs*ZPq0zLyw6@Or!|^IV|^AhL~!tX6ZL`QaJfaNy&IwixaQ{fZtLkUg@lB_A3N@4 z93r^z`>*_C6+&@LhlUC1=Ka$T=&E~h2ufibgZIE zg2ubM!B47T;dNBP_s zwY4Z6j1^-$Lr!89DLn(tjrw{ZnF|UCeAmwf5Q~{lSoo!a)16mX$q)-4pA&$9Q75MJ z2LUsH;}%ZJI~&qp?&`321G^wK6!g%h3DmY89tsJigO+-aLARL74=xy7+T?aUBBbh| zD)a42=h5eWEwuxxYDGSgo9>fhTmJSw`rJ5))_)$*2bGDIxQEmF)}h*&gq0SaMPjS?b~xdv!O_dKoQ(Smsyb_Hj zT)i#xEcU;|%S)gK%;_{`VP<|c4TV{2XzLspk(mU83yykbrwJF;g$rm~=KE%5DMYVd zL`L!m30>gFdo6xXVzz&F72p_D3ekL&>F)MMm_=9&PUSzmNp9!>0_Xkb=lbjU0lWZV z0-_IKQ5P=ArN)hqZ@IZ$0B^;&gzF#mRqs-qn=tO|>b_@Z%VpkvWnxH|5QR7d#3tNh z5pTofrm}(cdpFfj*pngyzeujgB><=Xo)Iu~#Qm1nC-OCK+4Gx6$p!R#awi@A&n!J9k=k6GAg1|4jRh2VS z+|Q0A>KgMRaJ$ue$Ouf4ud= z>t<~%G%Aw$;jmBA&jmMfC|<#*sIRXtS0zPEs^;V8PsUdZZnQUgH_fjdXMg#5MaAsoHSBaAgOs#BAlZ{D zAUx>OL!d=vxlYQu@3}`NhY{a_oCvq{81{(%IoZA ze&-!qUpeN-#U&i^I|@ndAIfEVEhjqEXmGcZS3rQhQM^?9VX_|_tE*D46M*9NGYx-s zgZ8$^wYL&I7q}6WIyC1_DMzc&|sxvucc8IO+_(X4B03@R#K zBa)CDiHa|6ym(&?DV{5DDA=^M%RTVyfDoWFH#>~-ioynTJra8cN zZhl@m^vJj^S)upCy0NQHD$uN$2dG`2n>ob2$@r=V(fYyyXDB9b&NJH@PXmXM@*rwM zT8^d2HW2C@l`=}(`&vuy1J&W zLPE~cJ2;rO2^~{WgeZ}04|q7QuBN{;Ogli(w+o0^+*Hl+LN>u65l{rDQzsZAZiZ@J zT0T|ffOmc4SH8B-NXE+gu%Q1<6oRJ1B(L`_$UsE_ufB1kwAUPv;kUh6GxCPYHv?)x zF|4ekvv5}PJ`?2gnN1*k!8^0J26ye8UOi!7qMjMeV{GgTG3D%Yx3rhGw$Sj-mojk^ zzNd;35)hzmY`{v2Ge%j*65y=)*XIfB-JeLYMpHQH%ElECn1$5q!iHGph6)`a2 z@3QxL#MRwQ7~T`4mW^c53ln^CX@f{e{P5U{vk!++MQLerXlsOfjo7Nxl%umV`D*7& zNJCORKP{f?$QqtcU+vw#+Y_3rbJQ`a>LL?1!plcCYk#|Ye}cq)_S~aTxE|$IdSlib zD))42c1Iu++BW+GOWjpLsYw@O4*xUcc?A)I#)96t50sCBk9bPTQN3=O5do9%1Q(>bIbhH{U= zg4$=XzwP(@{bQM|Jf5}4> zUt;q3dR`}gOT?1x*U13={e3GOxS*X1?`ce1sol-FldeaD{-XcKs@X@quhTFpBGaHW zICvlbX8+hS@IN5-&wKmJB_H`&4`Fd-tbpJzsP(>A*k5q*|M|FnkG%iuU--XY!(TZ+ ze~%Xj4{0jAr;a+X;PKb&zRgJg*GXet-=pVkM52N&p?_Kt-4THjdvoK*cz@ZepSpDI zSx~N6SU_;fOiMEYhuQV@Yhzc*si*?A9{UQ4r`$`i;k^vpD)qL1^#E9+)jvLoVyKGS zgRD)B-FJ;cF!FC7KIrCY<>9j!P#71N${Mr;t?!vFB}nETK3wZBJ9qv(fEt83;+J4p z!ym%&XR}YqDJTrpFUHAra}Az-NbCh|5t0iBq5t5%n8SMtUy~bVL+dLpY9MR-nsfBi zis2pyxt5ajaVnldr(>_T%`5_5^W9` z58sI2%{@(Zt9go>Z{tRon$^WNp_u4<-~*(rB#Ag?jC-Myhx1n122P4FgP*%{Y`M0I zmJba>5hf-oGKRmaueu>4kA}BMa9Ez2Vg(+ zEfV?Erkyu5sS9^E@CG)zrVUL52p z^mXBetXGUpuJmd2WmscGLf^E|YZ>(!zR4Tw9{GGj(n``)o7oL>X3u)R3HCcXuRwZc z7sDHhuuOk1xN99Ow94&@EW6NIFcPUCvfD#n&k)v`G^S3}fhueszu&)N5vJZ4@%(kj z#8B3DqQ!WRDjc3x?x?~RJ$kE*fX#31yC0185}ZfmW!*@$vW_GOiyX6LpcjB?zjy3H z#XfFoLw28v*w5~XA~cmT)6-_|j*8MsN-*&f^#$e7Gn4pWWHig+8@xiL{hO#3e_^e0WRKsw9LK6HD0X5Ph3t2`gKg=)q2 zHpd1-j&vbkXIs;4DS4T(hlIRQ8mrt~HcS_G2R=~H9gm-zx#LhObmemIklbON+p0SE zIYw4C%-L#1s%{B|?v%b9cNP%PW!Hez;$-YXs;e+{XGwAK34Sd?)P=1reYy8Uz*`%D zu8s5KHK|T|1_mu|Q~%d-2?-(_6rn}6IBqzW=!E;|gJ0}1ON%FuEyZRYJc>OZD2mtq^_61+emLE9VBhTWE_@pHCkO3i#(G_WaU)wda$xN79}M&ug843Ccr#eIP?Pptf8PPo2ZG zJdvHzSkqu8%l?YFYQuepnWvXxMyoH&7rn>fn_4s}BIo8`h5{f>5~fFkJ>QXE_Iz-x z=tJB!;3riS;Or1jiiS@_Fl@!YOqwYM<1 z#>O2{7#)+>8Kf{4X$wRcY1TBs;UPuk8%GR@u$HQJv0{J+OifSsJ}ZWZ{OJg23wmT^ z*Vfij?-C&*Ve+b#iOCm*p(QF>CjI@PSymIT;tvzaBApPAMC=>9!yN9L10iNxVqd%L zT?pD`H7u)TcUzY7f)Q={G^em|^AI~l2845FHnzCpcmo+jX6{~7iy1ym<{6!NI=8f0 z*nM_vC5B{%gRz6K@AhW5>!!xl#v>j?F4lQXyjroU`j*)Az4E~*Ui?n?fw;-sMK z^#r5Gn%!n_rM(?S0_|J1;yN=lseG}#(_ZzH)AFE47h_oz+pLk<+1>(^BPWSu@pV*G zYHoiQx}jVNY|?<*(3lvRzVlq1p*^Wpcg#4P1gT8ffKmx|TzH?ye=KH07NOOB_suq; z788*yv`nIJy@b_k$^Oi**|UHW`*4yQ>NDzn#f~sF1>gIqeIFs$ba^z@=;i$%Z@))< zk28zQIG?ezwR6km_3_t}DyxU%=iXTMjrn;Le*ssXpXyBP@wdL)$9v&mDxFx$9O!>S=WJ=81tRTe2}TU6TFJ=ny`MYNpJJx!9WduvHr zoqowdi*SO`R%DTC_~QW`X4<~=Tnwl@(x=~%Jqhj6B`^eYXQa5NOhZG|Mfop38R)+& z8zEaA76R|2%M9&T(J0L3<|ZgNU^d&xNa~H0=$IJ)ZYeQ@Isn~RP3WISm6e92rqdTv z!h$tXj)EX)iif|vy6RBLtfuo*4e&d)|G?)Ii&Atzekpn&YyAmS0GRj7D0ttO^#I<3 zkFlPsZn9JUGV#MrKN?clNxSFNi{87dswo!pa8jxxu{(j~?t5Ds8^W4U`EM4x0Y@Tw z$@Xn)f3^kw^|>7m4T&s_Lr->78SzGsyKL6DW1@UdMSvYX7I&3mFe~cE4!hdwC$myH zx=TuV{)tm?`%mBB-;dS@GBc2ljZcg$7R`&!mzUfg9Jr9M+QOl-(fj`O!slE+9kw@n z+Ai@b6?ocCU?amQ{j>D!f*3hY1SK`~=k#(#38dGD54S-y1wwk<7_^ z;GmY|Pi-}io81knzt_LlgEiOQ-3#(SNQd4Z@3M*7@P;SpUgo_(y!Vi*f0y&3yFQ*(mL> zPmHKQ|IMxeU$F^G$+_cpo*Atnqq%+lSMn8m)K)IjGn3EW?Ne^cs>1j?0D%Mu8pD-t zVS|K2Cn&OBy#fz1fZ*}{UIV-V)M7BHsi}93jiCpSbl1$R5s7|h{<*z9OMM!S zJ(Ht|SC5*M>;R#hOlFV5J&nxV-gc!d-PmwCn|vh(2rKVepwZcrcjbJ-5h_mJw!9|e z{Qg;JZ_Ms65apOm|hWmURoVzXi>8lsFmV)>00-P)1ai(qYW zSgE~HmpC?8wD^3&+)~M5k#9#K^%xkG)!7 z3b4sa4)lQAX>{|MBjZxT`_b^7G)vUuDJ$Bw79SBwB#T0rf`}2xg!Y~|dPIhma%KEo zYxjq)%Age^z7omkUd93HjYDQTSF0{fnY&$3lQDlM=SoMK;4jwl=~AIk+;gAJ8W)$FAEEby;^CQQl0Fr5$ZV>VSfJi zuUnNq4kdn*4PO>l8lRc@w8semIN-)Pz|V&I?a2*Fl?JzRvh5^Jcu)I`j$dcjZ57^u4(%}g6NHjq zr@mO5+rQ2FPL-hk^DfkHee`~G(y+e<&BV&F=E2nbDG=pfNFSXp;L-_fy`D)BeXh+4 zo_KCw0z7*t&R~RGW+!v{teOn#QxLf+Qyp)^FJEkCae)b)OSHW&Tj)cf58+n>o*)8( zf^dX+Z3!E{eW@Qz1rWFK`JUl!@P6@PNiwT^4;?Zh4QZVAxP*pWZ z*Srx6b@6+V+7W3fT9}OU7K79HCNVKFFHc!GcFLYVB*J49TKJD(v!=b&Un)Mxa3EvpId9AJ@;t?!*x1{1X&3fF zgVG`i!J}!p@DhywP@3C~R(34QQWY7T-ZZ?6GEzjI57$g4m0|UQr!UW$ zh#7Jko}VI*!@EYxj4aLP?G0Z~l{<_xRaTddPFlVbaR_y~E2qEzc2WPVZ3*Vp{S(dQ zf|Je*j)Epy8+u)!IS*&lC!+8qC;_`aQPDQ{Ck@PHFDvz#DN-@ye2i#38CE4+M5HJR zA;EA?1$pFyYs)(Wx6fkp@47#ztLSW7t4vckuz6!bbH!2Iwtrq+BBtTmx^SDio>s_K z61vzv>E0KMvKy#QBAKiZFQQCTxeby*W~S^B(Uyrd{KQJrcOBJvPZ3#w`AF1=iep4; zA3X!~Vz=ukwRP*GECj}<9T$i-6jn(dP zxA3Y!tlYb?a8VICd>p%B_gC006r1&3`3K8SMl*ZUz#`{mv7^+CqM@vr79#TNTeuz= zN(A)6hEZ5LP$@%q306~RXlQG{HY=%PRvz8u%WZpud@U&;P6hSs=XA33Vkbau0q}k& zWdf+AH;)@kCc7FK7=WsrwWZ=Wux&9VwReOq+`8Rn2HY+Z~C6hrb z7~l~IZq+v~xY4Pz&(F+k&wK2J#ghiN62V-C348uFV6i>RBH&B_z-qY4!$pv)qY480 zkIL5!%*>~fpWsBq4m%AO=qQdznrBKOA>S?HsvXcP4?2)C zpK|-!S(&T{D?)6}A`7x}&t+<5IG77}4+eEUJ)4QROeoU!vWK+ObO~35C~T>{JtZX> zXF67bk2#$VL2~!*w-naf%&Zz+bvMV3s=QploWK2KAK>9>8^ z-Yz$%j-;TbPKb!`xd8}hQm?Y8I2VioF(}Z6>;tB&wp}?@2C8->5|D%3n=||p)Lzo8 z+Qg-St7vnX%UW01LX<)xygbtI-OmwI8`@|RS)fWDlt`)d&?cK@Hs0k<8i+A`#$C(P z%;j%uSISpLFTl>k&PQ9~o=lY)9T9yp@~CRS(?Hf~HeAiqh@J;4-KL95@)m&}SA1rD zl-iU`n0rH>T1eipw6L^vo5Lju#AaRp6${@}9iJk{ERD53{D@Li*(=ty?+atQ5YdS& z$VkO=b}DkTiVaqv$#kQhrgf3MiA#mkSrDO#So=hhxA|4+Zv46O?Q-sfag66E3pNyw8E8b~cfos=J*gWx+2AK!@ zS*5w@r6pz7qm9R@PHb$iOh=g?w`8&$urM=Y;ou`xmw0r{bi{~|Nlit2`iMI4%=}zW`6zhA2^GbE&4oHbk zMK#SiMjppMLo}QpVrT2L1u#of<2k`$VS7W1h=xxmKnueGlDNxO%`j70huDleJgni#U3@<+6G+7H*(|C-l`Qq5IGdV z*nuC{!A*Z`?4<&)8y)F`EOiz<0#YDNcemaXd5(#H@#0DBV-Saq-lSQ2d>o&-G8X#m z)jcpNXTJQiKs}t{Zf_UHTd0-b@yUW)#s{ODV9D`1EKt7ssiBg_LE?wKj$? zE1zKKn;)E?9hktp|I#~r#{P!{F$1bJS0^ZrWMlZoPq!U&$EMB8GutVsKak7}B) z&S|Y=jM1V=j*tk~9}Vl-L^-ejh?V_PMYW$Fyz(JxOgspb_anpS*%B~IUwcM&yi&Ys z4w;E5($ZcUnM&9oQ5~Y(#P5Hx-hnv9>w5#4oMIHWnGEKUGE8ahk%TazVX(6RS$(Hq zrK_Xb+iVFpU*+>%w_fO3+#n+)R9e=DG{?1ck`|P2+?>~6^+Ag_<=(Jyz8lOP(;}j# z-h;83tgNth$jEBElQ2lqVSxpP9+}1#fxbM9R z@0t2)S`wokPXEEm?e&IK*0vNq@h#-Edq*weLq*Ba-Dy#5_JPeuAt``#^byhR7ZHP7 zXua&dPh%fK^B!>reVFspi%{W3sjU#PWT{Cw`>(jjZndqeV)ia&8%IgdFvDX8W+~s) zIZuNk;>@Jn+}x59t!#fA`B5E3PB@FVD3Wrrv&BYImOsVDQiRom`k;67IuxeB3l}D0 zgCiLgvv8LQ%}k*oV-5uUY3Z!ou1YUqr6I0&5Y(oiUZRJkI&U{4I zw_L`Eb4rUPhbbz5-bJUx&^0tMVpaD#%8d*AQzU@}Yy>D)AQciA{(MGyOQ)ML-o{7I z{k}>3+;ZikdyBhNUtDT+%RSr+ro=_{oPC2Vd?PjOJf*KK=sfhWS3MgU^4qyNXq54yU$X)j&E&}LLGDLKD%G*=tC>N*~`OUCwutbGiUUp2Lz%@y3Tk4;T#!o-;` zZPGB25fKGNMU6*@vVeA=$=bhU9%x(luI-;JZiIj&A3AK-t4V2$prsmrhuk#YimLS7 zDMqx7w2j!qX@)7e||;7(g87W8uHy z?pB&{1L@-I3?zu{#ygJ)s$RW%g~4E;F$K=}NihT(Gwe{rvay}U1-f#wd#-DEJn9sP zRClG{2TS4tAewya@=ADzF84DQ1gSI_J<^>ykKa~zPu4sklj98|8#8^wU2ZkEH_F17 z`X4T=rAXXH+UszA`q8)%^@u38J2)!%#Us+>KfC z#@o$FpHp=jGm4Pv{Y=8KdFOr>eu??V(q1z<6=tt%bx&X*F6?dI3$uHY{*obe*?E`Y z*80-d-8+P2DnGK@q(^0uZemhd*vWn{BKrHH;1(;{*|Sf^wT~Ru0AuDQr+(&b5F(W6 zu#Y}BEnXtLh;XzmCOWd}*$QzrDy?<%Jy({keCZSSsRB!%~Iz8K}u-<}tDCx#UU zq9N!9RJ!k&UWs-cyWyTG3?;K~y>DJ+o^OV)|6_km74zD0|Mb3)y(ebpXsh`4Mr(3^ zX1heP@&Ejmh8LhB^G=PA=Qsyz?pRw}w{~@@L;I+w=R}0twEZrTA`-4#gv;$CW7Ees zO+F36HG#rh?j~9$PIl5MkX#K5?{87a{r|H?v5EgsCT1$^rWJ#GT{X5q_`Nz&M6N(K zz;-zgTjTxyLAe#m?KUHN?^L)ZEub>6jse+#?|4smud$)6UQi%bsejhDzZZwsv03u} zL!knn9+Z@(gn}pb(?IpOqzX53XFwfj?mWiUBR3*7E0KObpMAm4MI&Z^82ga^22Nlf zW72-nh5hMQO@sZ5-v4|3t%Vf28W0vIG_LX^T+<6m#8K?-g#!0K2N=BcX>nSTjbjd( z7KSF?v}kO7mH1~V%!pd~#EQ?w)o;P$8XjuyB;=Kb*}biZd`9`_zlC=R`)?UhF9Bid z6kC0LhWd0SIkvj++`q!#pWs3zLLI;2lv@S$qXJDXPEDDas$=`G#^2(v<1o=yp(1jR z1P~}JvXCkHZzc7>cXjpt1eBuQ-ahcY;-hQZ3Iku@`3)N9Yb%c!WZ}@FIq+n%BF||d zH~cUBH{vsY8)?+kl#?Q7MAF*5+|l9j-jE5cEw*2){?{gcg7FVNl0OFUpb4Esz;@-hzD(aeC9X(4y zH^js|uU=bUZo2B~5Kcl?wUTz{B6P+Ywi=(E4^*y;9bYI6(T|z;kOo(?SKIQkC^d!y z49d|0<+HmJL?Cv8#ydFu$I7%u#PEG4*!fwHTW=si@OXSz3no&x`b0*S=IFbeJCu@@ zHNiqNQX5V}>SkfSag&yY<_`D2zd9nk9Q&*1ZX%C2od59Dv;FXBt)iZuJT~Q#Hh3GN z`6_Wd!RXGNL%P=d>BHM?DuXx)*aLAPTGI`Ff>$U)+_>OG?*K;S*f$yaZu>U2(-#^R z2DuvMb>k@LY=rpvld(Xg)A2u^B{oygUDrH+CcYh z#vB(>RCJTkwf;_drLcqsmIi8DANNg$^OG6Y-5j`*BNC5vo;wF<-^HniM&C+rX`Y=HlNCb@HyuFX=N}F3+Mg}qBgleu$PSQ_p z6j7MI0`N>%7oivkEv{cP}M~1Y%;(& zg#F1ctLk8S_tzBQB(u_nef%h;BM4axu<*fl6DW@~%0w407xlA!Rvi0BJkkehLa-!i z&;{ZW?VbV2LdeW}6+0L#FP>iMwnfkKWUnp>Q%S*y-uyTC#qWbo0Cy)VpnQzK#PV0> ziSt3N-YTY{5fy}S-`(ytEkKfd=m*^|K)o_Vw>2IPAG`dL{01uS`ME36MBb0d&c18s zm2}eAckzxYEp0e{WP7h#4Q+saE-QV`F7whhk)mp9B(4goxtgpnkmQVRyqKKLDngjd0TO5jHv7ddU;ZJPaoFnZjn0$L z4NuGfs*S%_7rh-LJNpMQRn-nCrnkfVuEsVQqt%p@LKJ*J_1w#y${?ZPhW~KrtC773 z2Zw?KB(u#2*x~Qt-%Vx)sM@y*0OJ4zh4%YUwTz66pw;3nb71mZUvo*qKv|#CYA&y> zd2V{5cv#ZLM!2D^F_I0RwjXom6)xJG_9Ebn#5KmTk&*Gve>)L8ziB5BE z?c(I5)gc7W)S*`e=G87exRvg+y#p_(spcdtj~^Gw%$%3Ab=?jK?wK+73&PCJ%s7?> zbMf*r1jZ{PX^bCMBOJh~^swhc{v18hhe8=IlKAHMp*gEBYI zvX`AS4$Tty8LZ z6DToj9W%0W%gUyOzK=mKEie#&{yc}fGJZ10#0mMZ8G6KO9Gpa0SoUWUg6#=Ou}PRa66`o0JZv z>*=6}*!L<#vz+h^z|FvPJ+dR4WZbEb)sZGjk30`?h4i0br@XO+$;}U&o)@R z3C6)|`UGw=aQNOrUsDWAK`HKuEaTz{+?Hdxo2L|=Afcfhpx6>i$QbUKdhX_hXIF}d8%f=_i^({pUfcTGysjM2gzmzvb*K z+Y>hN?+QLs_?`(rlE|7ruC)!Ooy?2oqbNrnE_2FcZBk0yfg+nr&%y84M!|yY|7Met zepuHaCMvg?+1c7Cch;j}nqQ+~0yaGH+_-Meo_qFu5Gi@O-t7>iq#P+LlXWj5_JBZG zqc+c$fld&4NJ=(drGw<<9R~pkT0jDc^nBRUwWEsK+1}V)?Vg%ykBh5?Z4lfe;-Mo& z;zCVL{pn+_h_e9NG5+&y51s8giQIk^O#%!Mfw=gJ@7lFy0hFcD>8bO|-4hG9uBpvDSJWMpfoKA)TMb4Z(1Vk)Q zx)+yuXs^hMy&sOMg!a^n7v@hIU_cGfr#_8gDl1q01pE>>zkTQ#)|N*2;1xh99=)bMFmmzUQSX6PCucVIv59ZTqu9-y0%yGE)Ze*!}E zbApJS;XAZA-nF>eZHHf|#~*tR%uwW$@W{x>T(jsSF-r+OCz~e|wqduQqukX`M8)Mw zi;2CjIo~1zS}xep1esp`9uJt%^KfMRTDtocQCkw`6iAc6s^%WF&7v%2EE(75m=ni;n?2Rk(24+Cc5rs{$Nd?Osx{hAhA>} zyy8(C*g!c~UUV7y8{e5Legry#hRi?X4eU0Y|9Q!8FqJ1cczXoq`@!s@Ok!Ojb=l;) z8yu;%3ozc+rsPGAv*&xFU82n6aQ1DCHj?dWd=&P2#F5{5&i<%JGq?p~ra;y6gM;&(7jYI%EkW{fr*qykz4IH^QQXr-ou(!D2uBtG5JmFd<#xXo z5FemQ>H%LwVOgDd8`9(J>wC=Yb59R}IbN5Ui4}*xbKpY`w71ETgESxVe|@z0LBAKi z@8N0ikPzEY`t_ClN?^Z=FDNg>;NuNc$)%>HHBY|ivdenYENJ=_ItF> zVMB|H3k`WZa^_OZ=!Wn9i|72WH|_g@SYRh$AM-i*4iwh5*e)G3;h>=oX)*NE!y)-a zsLMiW13BzpKKNPY{$DjI%hLXH1i{x0C z2)L#Q4VZEdrn5D+ZE#Y;viHsYQ9jtz(gNN9U0q%94K{Xm-|3>P;$lZjOZJ|0NPl4? zg75{10_$G0i;g2V;ZTR5d`F>wyrcXia~Ww&>+w~mdV`V{+-9FE;*>*Ri&D9I=ODBE znJ4^S-aWggFr%uvOha2UG@x@^L*xDx#K@@8@BpRHW%P`B-NeK=8ILF3?c3A(JyO?E zO`kpib0;bjY`9>s#hnrp+*79v$djf8A3O{$Jwq-0{MJiwncVJ#DYrqAYJaSp)nYiJbnfaN4 zfg&$AGZUUP$5$hW;ZP)25j81{l1bQWq%zu0jW6L@o zcPC+eHXms~!AR9{IM%TD`=Y_k2AD6Yu(!SOy-MKiSXj~-pxmfulAL739licS3a_lD zgmCa=515&UE6PPzS-*L-0|};I^(LMcERcZFn{piXeTRN5i*WywU}B-s@fr7kd)5NK32}@839lsN$~SxPOxUcc;33Ud~zv7v*fAJw{G=aD=F|V z;dfb!`Lzj_NCbWYUVyJ;KEsF|1H=}jNNJz@%$Xd@xH&i)@5*RuZ_;e%CMWlp%d@h6 zvb)yq@4qB53Nz>eYF~uhQIM4_&}MUSX_P@-pr8QgGelr;Sid^3xw+7DR`MAJr=ONw z0=dp8BErB_5B4km?;#iW_Fji!D`2hy1SJ|ys5XH2zzE)d;D0YJ?ce~m)31uBK%K`* zii<}F04Y8W2gxWSp}H@$II)zeA5};=Hev18F2Ud%Q`6VmCzwZPx1w9-g8#X)Sg&{z zLk~lCF<Uae!xE#wn)5DTYK(4-Dvx(4Hl`Cle!xM_L~c`_?Ni(SRtx(%Hje4}XgnIwaiO z8Jm79C4Ypg1C(r44N;hp@!@-~fY9K~go!7gLG@OM07G5d;2`sB(PPBKa#bGGGmyjM zlS*uij#hS?2hBK8@R0eKa9+K7flUfqzy_gELp|#*EilMDe8jJ(F@=c2HE1p?>*?ku z^P)A!YhAtfh(HCX`(`ogAM^po?CoV@XG?HVPg6@KcRi^`*Kp_9E2hY==fE%@4+qu} z5H2^*ybz1V!NI{?G5z+$!rc6c+FK^8T~(PZ+p|j1Nk;>{GgV)Qh)Ch_$!eX32Q7;B z=BO5^c@<>$>y2(}&#_NASI|u!Oh4owt_@SX2TmiBgqj-JrBWT&}5 z{{;+JOuo)>{}JsDK(U!jnVCJRC;tB7YeZ#(WGYdz0>-?1vDpb+_H zbqlOB!N`yDx{h`=o%&O*hTCd)2!~eZADr;LxTjvtrReVLJY`q={vMXMI#m}$UHj#n z>hUSyJ$%m>s0Q}c&eiaD_wM2wK*Bn9NXZj}v$tiX`wmA5f~9^}H6ejlcJ=0HzP>b! z`xiJ}%ec;rJ>IyF0cfr=_S zBjd4By;B<+{oOT%>B07uS#wJv!*+ z1y+U8jOxh+J%&9|JWJXQ5Cr%3YP~(;hq0+FFUORGF(5Rz7Cu4i2EzMHt#SUbTSHZ5 z)$C7O$?&{~EsI#v?JIGa(1#R)gD}Y)!A|xndh&-U{afQ#ZT~#54zT)4J;t4dCEGL3 z8^FYF6BgE63#_%k=_erN7aR!SnA6bMLT;<53twAj(jdtvE@LCTnhL$=w*CG_h>B*W@T{^1#gmTHh0UU_%Qc zE4z1tG~#^vAy>o^>X`*-w360gTxg%skV|ln%DsWD_r6Gc8Fy>N>C+OdQO@g^7uF{* z@-*%EA?ZsUU&Kyc`{p)YAQM*ay^J9{v7DTqe!P8s!iFGy^2c}!bg{fdcW zuQM~fWE+#TgJWV!b8|070(mBah+^UBv9h?HX@1RYdh*b&d!)muR9(YU;CWy66E)B^C&SnxY zQ@+AICVb|kpOk<^ym0!!>kqq z)O*>30|Q6PIH@WO4EkX8Bjs}h=J8rCDcB!c*?+DX;XQyGeY+^QLEW4FN6P%OhtU(| zSC`Mrx3RMAD)1Kbe)HDLqnFR&?y#`2J$d#_TCU(jT^%3geZ`wkSisdF3_81L&MWO6 zYn-GpaKPWXB_;L5Pmk)tn@!o7uU~f-n0Qp_39LDGrFZA6W@g!r_k;5Wj$l{6!6|Yb zt;ZsiMMb>tQf3^=nv5Y)45J6WQ=pj1Er2fvJrJvafANP*3?AB+xRq^}E)QOwys9!A z^5ixeY?L>&GJ<%hO%eC)1qD_KuWviaqyfi9O+<%E$V>HM zdqcegHT!yGP*Avd6ajNpetx>}tbxD0(Xw7vgZ>=-CzhC(IR6{f=iD%sI-5W>kVT4cr zkD3i2OFACj@z_{16%~u!mYCNkP1x+)zHjUml|%AZGPw2~y(F0(R4RQ=le~6B{r}H)X{%u&$)0TwNoBB0<&l-UBT*OULVYqibb;92`D&>iS&S7O7;RX*OTa0<1efKkmc zz~}5}ZC&W9;y<)-KGzM0K#37l6sxx%j!MFa*`qJ6Pd7Q$p9I@okJ&pt0y0^8SPTg| zh1kYX=cS+cwM-Vj_*NOKuO4_cPzKt&GRT6vS~VbSrBH3wPTE&KAhp7}Zn?Qt^v}9a zOSrb}olO1@8vZ*kQvF#{eNy*ZE*I0+Z1uROq4g-`_}BA3rENfmp*Dg*Oo~%%`;Bxm zhUmf1?jN?JhD~*ipDR7Z7#s0{6`^gOmaA^QW@vYp@vxwf(9xU7lP7U0e+LQwU|kXa-1h;mq~!!3XY7a@83MX*e=t4abAV)k^*SRfhWAN$ zO9(wrk8KDZ``ZE&6pXK^ug@7D@3)FS2`qdM^1plwHaQU6fB)b=2p*Qtrzk&zfkxeu z^RJkTEq=2|tG%Ej4Y+sb`M&=2q;dET5$Uf(>n{z+gA)1g4d4Ch`TzD&7X8u(Y_og* zu*^)#e%t#ODgeO2f3uo@+1_3Oh=@9S1P)t zBDRVD$kczHRjUZ4zgEsebXTvsxo$Vc-pdxw%fFD4lAzCsCg9V-Q54?8n#X_`RsVZm z^B=YJ*FniA?#Eh3_JiO2r!CjM8)rJ^D&74px!s6 zH_-DuOgyK`eOAob&$kp(e0Fw+x$-0V06FIgH_XosXbOuAgW27?@4a^X>5_6vwoWBQ zrTliT<%FEndvCVw2yC!C)^u%ck_M0MeyNO$>*Y20lL;#< z9!M2*yv(L-uqC($kW8$p=-?nwos2f%I0XU}P(py@%8GSqt>4`h7A8Re!4;e_-VKYW z5^vSE07=%*a&LQ^@&N$ZZRCA;tG9`>^n1!$Y!(z~4GM)PH>75g*34;cCy0vV<1J1JnW`*Q{(pQ*BfQJVxLoTfqR8@KIioHjZaRG7u$I{X*deG~H z7Qg*+A4;I;=xA7QfZ!;E_5e>ip!V<%bawN#-+-lH^1!GqA0@tPctS$ZJO&yfj8F^9 zN=q{x$aoxS5BREzo<|kG&Q%$o%W@0n;^Im?8Uaa9mD|=>f_1Jt4R37Im>uQz=M&H0 zC^*}mj|6L|J3O&4pNPM0jKK>9;aKB*9kLk7}#0YEo%ZcF5PDDZReecAaN71PlHFI-Umd@5+ zWan6`Fm}0H)Zcnc>4`jz!ex3^1ZkP?V=MFR3sE;lp}mGCThA?iVGw~rpaZK9fgGil4XXPt^fA5R!m;TnaMGfhRZIA8O*RqT z^9b%w^DeY_xH&nk!5XM*PnCe}FI_>I8C-<=fIQw#W)|z?ME`W@q(DMK!gba2NIaDa zn7)FyapE;A*jDJ(;GfahL8y0~45?XKlCW9yd;Z)cv-6TMm7Z=~;M1q!vrkri9ss}; z34*?dZf?bImw|Rbg^T3K$mqIsOi^G$2i`;Zr@)|~PFdE%75X1h&<%GC18=P;066(6 z1EE<9VF3);&m}SftFXGS>W9n>2IHMKP)Fspf;&2tqC2v`d?PKcqmBVU3V97=#V|WW zg|y1$;Ar}JlFN-e!*ZsFkA?T#6o9p@=nvE zJpsOu%2~TBv|C8EG%xn2806nWBq>}I^X~d_N`+56I*P%!wX~KNCNlabUw{abI+cxu z1v>S?LHUtUWT^A;xzL=t4>zHS-zp!~xbbB?UoX9{ErVamXkjORMJ(|mk^UeeEHeimJ_`<-&{|KXRx-; z%`PY`1X}tgKMOO{)AbE8PfhgRk^B3yK|2E%laFUm&~~9$lcrfrL_}cVQIfa|Lf7E; z<4)W9nTI*a%I8*ARV63Kzqj`)r|;bdgt!5JWC%7TF%jnLqlk^tojui{b-%C7?3nui zA6;$HO4`bwyYHaC-?Q{+m8=@7Arf z9m`o+M%3%wOyu41rzc^X`ljT(vqeJSpl!p71rZxa*ZJ|srPjgTpqB>59M<4ycAzy!rX82W``9}wpoGI*+jD|4O6xWB`4gNXQ)6vhBmla zVeyJDT+_mpCaEI06qWVFtE$@t|R49fV4 z^q<})j|dzFPoz8^(?IX^88nP!EZU@34v2Asu1x>^|73Oglv^Pepg13FA+M;cs7_pe z6)lV6&Z+nlf!?^OrWX2TB3wmlbI2-in5(yL{7`s){jdp_CRzArc2$Eq7Y74h;&Aqb zLm_1Lcg`y1Bqa(Q@H&k}a{N8sTSUxFwS2O^iv-*1^MxRsU)-_P7w1s&R#uLtUsbHx zFQa8o{Gspq<+vKtLWdDVn(=Frlg&Rx%~Ss8QR9w3bO@UWdgM3`w-30S&#@Y7V_}6C z0E#_4PxhxGbDsK8u~4BotVb!!Tv-{FHsYH z6O(biW$?H?Cbqrzs;GI%;Tx}Ze6j`R(B|gmPiLS21!xzsTPZM3fhq}zO<)>8|D`{v zWNA4EIQ_c-$ajPU6o6m;iEX^3yww@~>T2S+v$0YiRRF$m{I=>wf3*@ewsN#6?E- zlO2bnj)`f%ot?#z<=fbZer#Kh|f6LI&(AD)LyLK!Li@+nj7X=^p{r#R6 z`rln~!_#^;w4%=3PZfZjSnUQH46Xf%v5H{W(;y?9YJ zQwHTbI?XcNn1;M0|2Ow)+lEWTz1o&XOd&k)@9Q*+4g2!t657GUgs@uQ-276;DcY>8 zOr@Ebtk1m#Mq3LDQ+=f*A~6?Itk(z72bjFPlv1osO-$xSMr1S!f9@@X1zm2BDqh@a z5u=TrwYLS&DFJ~HJR9H(3hg)^W$NP6GiBQcw)d#0FDb0mWdK4{RXwuWHM_aF32M5d z`E70L)RbD=6CGS9h_@fbc>Oyv{>fN#8=h&C?M2GF4USPw1jht8B zTi4s?xjSzyxX-h<{dJ#pT{y3Nx_f!Gn6ZcW)-#Cz(_+NTW| zm=khy``Fohus2Wk>9px`#N zu~~d`r%%cO3_A)63ZOv)2eh_!bYoICjN@8br=LJQ?p0OQ;mh2#)Kj^+yc`LN^lUeG zE5bDKg~e*&N``P&+=^s1yGTxT3|MpSR}hZ>AY&kqo=%gnxdMh z`UtsQiUgXrK}0WR+w1%n!fQ8fcx+>Ag@l9x+aT=xiGCy@A)!RgX17;*LL|=v*ib>N zNL#%;PWfzp+h4&`G<%*5il4w-sF$Ce{i*-%^V1GvdvuKHk>rK0S5>z)_b4&(dz8dC zgl}?2kdjjQ$iI{wnQYA)OHBpO7G8x^munR>Y zZ2zeM$6X%m%)(ufn;aXvztX*<%n=)9CK54KtZr+|FMrEJmM8^2p+|a~+b(pX1w~|g z6Q`r7FWcFrvqr_zdPdg@1;|aRcB_q$a?`yLC`GN#(iehz^v0FdQzUbNUCVQWm)9yU zu&^8$IbAy^O{=?7dE#{Fu03>B33|)`EnDTWRcvK)M?HA38~fP2>6M?~5iC(h@cCpp z33df#o}$ZAw@Tl4Nhz{M*=HVSAaWBH5+Z7E(c1t$O?lsp z@NsZEkG!8>6fD}Ud^9I)EdjW$0+shMF{jpI4{lEZGgjU(q;eN` zE%k;^-#_7$HCkFe3D73Jqa_egv0b4%VfPssl{BE;O5T-%4ojRqWok<}aIU+Jf{Mnv zaI9#dF#5z?@v!QnkJGHla69Pz?V1Me6abHQ(^p7l<}d6y19WfQwxcRcLI0_xMgKw; zLqk1DR(G@~HTA=T2ma-fDQ2IhbQb(SHcU=(U@mR|6UfH2oMz6pkY6HN^cHuFK4!9~ z`}(r~OLGGd=3Vi}SN$c3I}E1IvO8Pa751QST8{3P=>m2#T9a@nmerdU@8$DpJBm2u zdxDB8B%Rv>9wowA%iviBk?a*tCi2bAHBw>7Ndn?JB*7dp^hjIY1>$V|9WI8_HHw$I z&Fy)Oc?NVs4zVLWf%e|zR+G|T5F7wU*q0WFyUa`SBxQc~k$`x9em+1am&*YB2DpCU zN;gR5fQUFc1&w{OD9**hig6F!Mp7{Wbeq`%GczALJ`u7j?_Ou0{&GP?B=oxHnDjx6 zi>a!pW*Ho)McZKp9~)P-?^n2*n;jn*da6}aD#2{LS8no#UFm7g?S?6Mo|O^*mEizK zJ|Caar!vsP$vo%aI&;QGpxM!>`}wof!04$!gz(w3$n-N@%48I7-Wbdy0%c{%2mW!- zVClT6agvIv#7?-|?6jyL=%S#2ei;9miyMtg!v@EC>vsD2NKz-quA{hp!@4DU6e|+P z!A{D>J?BEB`}xXrPm|kGgOu8F|5-oUr6hTeKpaFBM1og)F4FWhL|AA(2aB6(QL6bWQ}g%nU7NmT~)3l%TR1pBjSI7(SLLQ!cu3}myr*Uz&`q)e4x83X3*Keflxgp<+R=gV07G)W7M|#xt)8A{k5Nqau6%l zsFJV0V^apzD5U+I&Af0kJHlN^iYw6ltrXMP2cTzSnnIN+f7l!!z+rL`%_4e_&~lx( z)XL5Cu_7$8otY(xs~+dy2t(Hl=rZsIpC5jWk{1=V-54WknwR|>=}}^7g@t?(6}=Y@ zKPbCLe;7BkYTqMl`{tx$si&tyL&Gbpw!u#IkEfGL8t$)ozs(l}IW+WGeiD}gDGf+! zBD^7o^28CJ(JM1W7IY#H$f?_>@ybLu}@9JTVOplC=G>QvE9SmE^ z-ia1JpfSRQ-L(g_U#T4M93W)I(!<%{kjwfm=vWC&MhY(L#HA+}GxhEdw5#%w3VVJK zk^25IiWev_lk$-DAwL~Tg=n_K!wo6t@TrHHx4-iJ`D6mzuAJCaEJgR`sy*dR5+~?M3(WY+y z^+A~py!GI!efh@fzG*0Zlwxrwz}fb! z&^jc@<7MB+BW<9l{w?|C8YgalJ{8!iIu3rb=o2Q|K)Nf{ytM>cuPZyY$ zrV;8}^T4I6wD_K#E&qFJy$?`U1wu<0@f&Z#XC3cqZti(wiCClW5axsug!_X`_5Jw` zNE|tPJz&)baF`TUFD38J8#5A+S5s#3CV}hdu2}gF*n&?FPsmnizXHCr))e%yso^Wx zeY7i}D!Pww8eQT{^s=o`eU{2KBd|nEaJW6$ekH9EEiOnI^oHDPY#e?8h^2@Rl}seu z5VXPU1;7AtmpJ9<(*t!aqq79U;tU7Qu|J`pn2BvuJLRJ{C0YL|4d8CQo$Y;8hWIC( zYmi8=)P}$yDv)H1U}Asp_~hi`whl6W4)}$&SQ=$>xu*ndt?ljWD-#a*kJ)ys?z~eD z69i+NKSPs#{*V~yz<}+e>fX=Ou>DQKcKLfF3dVhox?_=<+pW4qt8jz{Br7n+xgA|9 z<#Zgf?F)#m-K~5QNDq+YUx?{B8Yw9i;IHA*JF{NK@9r6hyRV?ET(_aL|IfNDj`I-?s#2d-TX5TJo~`rQ-tFw>_9Cq&sop{{wmHV4v{jO%EDt zFLG+pgx1t`+e!m zydYbxudVg*^#$1V)2wF5iN7zy?@nf*p+Ik3nNv3`r3};iA8KA8{=v&eUo0uv1Aq;j zd3L=IIwvM1wP=R{OW}x(y|c6J@?~yPFuEl^nKi%Y^L6cLLDAlW5dohjF9&Lrn-{z_14hr%SkOxUiJJ1U~ypO1^tVEZ$s@(<^ha6@bBiyl^;ZSeYIkj9= zBoa~sVNM=puyMj;RExIPcQ0t(pF~H4Wt5Ew8&}>B{5xDZt5zanVze22ZW$W4V|}s` zw-M}K=GYsWnkM{_FzSF?LIo;6JPlQ1KpnsAiR9wsj8`$+v%88OVUQ2fBG~J*+kJe9 z&Rs>Jyi4@#a>->MvED-~NjO`wK2PN(zy>!hd$O=+StAEFxZGSuEcWbnz?XPpj*h|3CAkp=L&Kq_re`sD zpfA0x#&p42MIMTX3=31olb*bI(vt^uTXYRBJF`RV+jE0nIVyrj*?7IKGpvD41}4pn zT4G~+k|=7{NQKO-sI zj1}72iXCEGUgFl9xMYE&?$XlG@Xj-G$)}j4(S~|gys(!1;XP>IWT_qQsXTLL=_?b& zK_turM}$IYYxg+NadKK%lSUV8tj;C89X{cDlRpyrI;Y7Hht5g4AUAb}vt~oL5w-fK)U37DE1AwU#9i%)|#&Y2J&Z7QxqZMh#ff4<= z*)vEOJk$XQENFA8y##%`1`5!+qlAtV#CUu7jN8Xf;qqYm64M`^TxRQ2-DgWcS2}fVbeksPiIzg!o*E|LTRP{ZfXwbn0827fdg*|z~{G>kw6xFrb z>RT0XXYQ^}?$Cg)cIv8Q9qkoSjuN0pZ}_c#IjwyXfRIik2vXVk|C; zUcP*LmO;?ehX@4G6-!I>Hz?vg6(8Q)S9mGEs2jiwjp7Q|&DAR+^FHN6=9}lfgx$hk zO#HEKN@GG%SbA5s2`>x9`^r}?6BmFiO`LAZb_2>{5}vwkET7@$*WlP#O+4WkRwybU z5SSi#HKeAswH3Kd;CtYj%ykV7TyHNOtqBybA$Udf)1j&p-d$%DG78dG&jAEhS6xlj zyJjEm>CDXhY>ym=bK9_$4_=)*Ui@ANo|?Vw8eBYYy3GMYBqzGCU@ro~QBdJ#zXEb` z4z#V}Mn*}_oUP+FKGip7iWp-7S%xDRCl|^ZivbHzR%+_eT*){~%iEUT?Z}&nZ{MPd zn#r$&OqG5CT&+i+f+q${Ly2GxiF`1#XAL4^jo}d$y|O(DN_j)hTKd#kLtIwG*R)&)<6?!99L96$sRALIdwJ3}B;^2QIGWwzzzkkQIyAKJ6#IEH4eEG4!d7f{_R$*f+)HwGcXfft zJ{x)>sX46gE0u|akqWP^4gm^G1os3f0zsEI;BVAPTw6ImFtDXph$A2HK?V`5d+!&d zq|TrK#N`(uH&@RAd>8-UtX_%f#oHvru0G=r-SLOrPkXoJJ%TIz z@X(_mUaqebz-~bEoXvZ&5EEL`dF2F2jI`NdKb-mNk@;E({RlsmmT zF4`acKeM;;3!=!=9~9(Cl_sdEf8w}!Ch&Ji6P2+uo}r}1hf<6=BbQwtv7|RV3ua(y zH3BU4fY*E3Sc(>Gm_?E43owQGr1h;u?esG4A0)iTFA=z@pAu>pj!}zI+5{7 zbNExbG6Z8l7$-g?^zXbH;Kuc{(==}D+xjyNLqI6@O7N~6?X-%T+ zAu-dkv#D!NF3T5R{nOYXKA^b&!)XY9^Cg&fzwzb&OIhRhc-Mc?JO0ZL{!*&qH!;Yx z{eNu>nhVB6Tioffw(h%r4GlGk& zZaz^F7+8?&wRdRN2nejM%`3q1-`;Kvpr?sRfWLpq(s9KPVuybZ0>9Q%U9N9abKTn7 zYmPa4pdFuJ@0S6gnf=v9N%zJkt<&hdrK3O!aTA6^WG;ZU}bIZf~E@vOA;ivov4-G^(c3voyJCv%efS zhYhD;w|c9Bu8CJIS!6#ccF)Etr;bS0GVRsPbI4%A{Y)3DedNK*-w9|m%mFmnd;v-T3B2>?AdfPRBqF?G<$Y&F|@Xm|COz?GeE>-H(ocvH-apG`REXT=t^RExB zbgo~2uFcjuac?n%AefWXXSDIrH4?+Y>O2E0} z3=c$3i!k8*)l%Z(-kZJx<6Vxy%JTA}h;^;el+CDzj5fAxu9zGpaB>A<4T5?FBKCKw#-&m>M$**V(74KZ6m$C#HWggnIv^; zZCRKffdf|5`K@jp8|9H8Dqa%haEuftsR{Z;vwI*u7mJNOBp#%0`l<^yc<6YB>9d5Jf@&&v3&C|=i-fA-$VfV6V_Vy(l7Uf1K6CMIaxtKY6WS$Go`4P=Oy z97hsW<1(`601u@f2tR|J0aVOQQ_~SVdT>@7R%d8cs0GP}svO6JuPae^W5ljqf>482 zf4`!Z5Sk-)LqCTE`hgl9wlf43e*1x;nWLjekA)m!b$hEjEG&QDoy5BWU%R?=whCnV z25jA++WPWk9al|r)}bcTx_lx2^XCtftjwxER6P~Lfi-L$9Th#b`K6C4aKCx8!s&W>0utm%NcsFI0d3}hKopN`N=sVPO$BCE(CD?90wlv^3H>m&a=w)k zRI#Ei=&-#HcF|b8n4GecsI6_1u#YHr4)gZYoqN=9Gf_rS_(CH*!us2@Ro0xCr;t&yA zX~NdxW{uW0XR#6 zuOH|;ZQa~Vq@~wzxG$5FtM4v`*QhZmZ~OUinVQybZQYTHfv3#ZiC7k~`3Gm{~`MXCOW2MmeeR|}*55d>Pz(pYiZ84W8zn9nGi{6)!%U|?z^YW0C zN1B!cXdjp~#+aL*Sf)|a5%NIOLLDUzZqOPmuPG0I-MY*I#SQH3{fMiNUHho&ujLmRN%uBgy4B_DqwVM z%=)p7#s%sa8^gLvlf^armfCo&%>bx zbA%w)%W!cYBkcKXZ? zQZ{tza3n5NF_ zjdY_b8GdQb3g&gluj8XU63OlSNjkp`v5gRsg?Qp z;MW&UDQ{}aP&YwGT(_Ric_E=%TT&k7a9N=-6wf98a@miv$qjeTD|Rp%$-k)CuPzsS zl^}x0y0lL@_N3@OQE32umCcPu8-pGH`*_lHNcd^Pqsq!#`h*yUnz$On=hn?#T~e+e zJnmY}>*`b+r!&*|NkRMdT3q9s_wk8RxrGx%UKi9{9Sc}490|s`xr&oFWHGtk{Py1S zp_@W6)r!$aieawmLWwQ}PfSh+i}ZDq?RZHkNw?wDOWYW+13eH0mt(5-z&TP^8X6P? zd3efRr#-v-fK`rJU+QqPyj+YSSjV3>$`bKX)F5ewybR}&etC+16HAW$>8G6%%}n;W zIVB;VTHYV$VPR*^!e=yjN|ZqWSo??K+|@U-VZSE`v_8wPky!`Dk-WCnnzFL7G7Pa8 z!@~gz2R$<QV1vvGRlbMC? z!IZ>hR8&yF#(Cz;vET2Afew4{$6eplx@hI>%-WMq;2xuB9DH>Cw&Up+=?#e`moE!L z&vTDQ0?MImT^YLJ2EKlM4)k-{l4PMwAWHw^@#EKCKjS>lVCt!iWe!wA1MHW;q=B{@ zK-6U=GJ$EA^b#3yU!PKaxNv;!XA;k+zJ?5-1%+_E_n-nD$H^eeh@>4ASg-?L-Xz=x zBe23$M9dpbwea7e7CHWJ`-%=c8)m&KbZ)HPT$wbBoyyGO3N~}zDXH*KNlDk^$$$M? zMNRF)Ya0Io_}ELy_xZo=(Zvl{bLqCfe$C(WdEc##_4PpAl|t-X-`LI4w-q@Vi;gtc zdDq0Xkun+FCI~8Kv9iB8$DHY|lMIFONN|t8-spA4NJ14+E^2 z#Kc5dGD7O)%?{fKO8v%-yte}7wX!tPN(Wx)@tl;Cm(S2RRCsuG6(=8jk}E6T%DAjv z=?H<#B}|et>jD0g8_zirNR0>}+LV?p5tL0J;Ak0dy?HLt1T4Pb-g&7Vs)UvetT(pS z*Vot9rkN^nTKQ=4CS~I@jOqCI{Ti|^pj+PW(u?w}qT~MFQGTBTf)j-#B_%(T;LjG! zsy9H*V`@l|T0ZRnhHz3}>R`+Jr+I<7vW1sliH`FFrm?3owo^XVAht0)xAcYs(Vr(S zyKj*`+;V0*yD$wWPEy!1h->R?e=yPVY-(RNwXk?N)BAa!B>f7^@7B_s9`f?E@l7gp z*?`$beA*+(5|(@KKB>?Vf}YLyFWnFUV+`~r+fg_}K^{&`{ z&$6)PUOz=58_``)z!Silewc*BfRdl;_pSNoy0UQ)Q(Ppnx@uWe&?NzjCp&w~$&3mh zYOD%1twig^Y6Phe?7R^2WbsD0Lu=Qozb0RN&E7?}K->XYjz~u)%eL_`b}i5MDob7j zk+eZj4t*bS|Idx{M<-tfndG2qmZOVNC6``yAZk|(`JelM2Dw9dnG(eP?LtJJg{PPz zGo#C1UdkiKckSBMOgCSej0YCt_%RKux5E|=(__6i56evU5hFF^Zs?ri;81|zgf26_ zMOBK@hzQrr%#WiY=b82yqj%dQxJkb)O&B63jUhAqd&y%fsLc#^SyBhD?60`xVBIA0HB?|Ciqjdj|YkJOc8^p7HIse*awYOUgz1zkesJ zC-`3pU*SK0=(h0SZS;|a`jAOzJnUy$Aw6t~B)51eSv^8X0s6rhJBHg;!qZcs@L4NE21Mc14md?gS3@K;n-C3lj*n>l`0!|U3Ly@;2W7Z&w6 z45=x6;ey|#gh}-mmxjj+jt1uln|iTrY;6y%@ADh$%ryb-s>s8n(he|*Vx6qJK1-96 zkBQ;=AOGOfT`9){7Z3hAXODirxG?+E9#o7-p=(5hg{}c1H8C*-nh{>!gd*Y^eOXME zaXPH_z)anMRF$sOlK%t%Q$^LE2kU(@Kd14ufxtAssL0G0Whi2xqUlbDdqOfn?P)W(OPYFd8!*CW8p=BA*QWOnrSh_ zmWKGi79`XmT~DW95yqo`XF^DuwF-)g6goWvhin1j1&A;oo+)Qf9EJ)3LNArv*46cO z$6DQ3J?@+5D8VKN<$aJ80OJ{Z3IP;6q>2k2U)+X0BWaT6{=R>`Bl$HE@|hnjY?tgy z$jQh&%De4WLQ;>-H)1gT_FFPeg(32jbJ&&XQK{RBuU_4<$%~!Zb``WteBCYt2$HRK z=Kilibtx+7^z;V94@nHZx$}Qui?o`<9tw#v9BIsHU%o+!h$k#gJ%AoR>cp3d*1IV44+lq%^eCRCUo;ujGUdlMWAMCZO!_2PDOA@utTsqk-LI`7P>`SsVHyp!G^Wv+z#*fv}*&2 zEdDz~fY2J$8?71d^}f_mu-HepjOSf@2?j7QuF}xZw5rvbo@RpgC*d&_=mr^QdE@*jFB!S%R~*M%thc7oL(omde@pWUP zZ?>mSUM$*YYAQ>CVokb~48ZBNwT<%(Wb-OCwx#SLSDCT>v;1p_*tjHvd`KPV+mz5{ zE_PN-wwYr=MDmb=&d>W&0x~u6;iT#H!k&-CoYchCR6F?+%@A4}j?(8VGvt}uP=jM5 zzan{3LPo;Q*+2B)zCC3FJ72P7`*eBO>r!jV%c!U|+m_d(+bL5$*7T3uEcajKrNAU3N1B zYr_?WFW`JN&J7}_2W@v@Zmuam75pV%zfRiCU9J;~CiY9l8S(^5Tz^SEKWd2C8nwgi zuR(CJDB-WXV08fOKsO7In6A~uaZ)abkg$0I#N5qrYOdZ@mkF4`Z=gwEtZlgpi3y~*#xVZWOAU4>C1oLu;@E$jlRsv&#=-e{J%_cy&Q8}_%^Lc0eG)fs_Ha~l<;`LIhGK{F`{W(71ag7Ia5)Wi354$(5NKz#Qi z#IhjRCa9iUKT{n|K^RqaEbZdUE4tv{I33F*FBo|EP?ib77t8;C-#_|Lrc_u65O)W2 z$XSOuI-t+g3jEB(S zPL?}+PISqXTMb+3@qMtS{%h>{HtAj63k%QImNs)pP?qN*n5lQskqA=A%b1nyCx;lB zZE}TXO~0f~(r*#*i+2>pcGxtC$$X9$x$m8UbLZ9*=~N~^) zt^EKMV{;R}YH7er$=UrIsr8HoLTumff$Vci+z^bkv%oU_WOrUG<_(J+kTKi-Ik(}z zon5T^eto!quo(Y)Kl*Fe!4KTzyBvO82=T^1)F}NcXb&U+d_MmRm_M>OBATYJ`?|6K zm1y6iMe>i0E{?_1Ktx;}U9_25U!N7nxUBJjB)6H?KQk%G(#S~Z2D;RFjb~0cNM`6* zZ1Ydtz6@}C5Ua)}rtQ1I+41Fzo~C98bi9s?7}riCjrZ@``)gqVDhdwjZ%ovodF6SO zK1SnuNjCSH;{6CUA*aL~hI?kOzc$A9iLqj@ z2FLs({MYJ$UztT5^;wQ#E(mw;%rV~m3AH1LL6!P^Ud9lXfVAZ5Tr2z43*^4p!M=yw z6#dr9y|BR7W|8}PuB?jem37ue&=tJE{w`N=eSCx?jDQlzN(u zqCDs3`hk;$5z9g3RBfZNK~XhbEN=fvWH1Cbd~HU%K{bxh>`G@-gq5`Ed!BqyYr~mFJWtbVHHCeGj(bJIKY8Gi2 zFi+2vJQZ3EloFtn5prhyRO&J}AzV&5t0P1i9#C@IU%uQAQFU+r9 zJ%;hCEHlovG)xSbT3)&b8$#EVdBkA{DBi*j@MqAP;Y*hmqe8t|z4J>>X{%*^TI z?~KLMn6;uhCX8syKsK+LrPEWnT2Ng=+h*8} z#GdwIOoTxY+{xoMO3KO`Tdq1WpQ0-=nveKgOD3&M@rRm0tE~fj4JrQZh=MoF!m=|w zZ1~vPdXZ_I^(ZdBrIKs!vSY`-aMH`KUq2aF2p)hrDbSl)-VB+exK!igQgVcxiRoF7 zw&o=apk8GYPij(ch3Bo!&I+4D66K6*Lwj-vYFq44!&NZkf39Q#(~QR3Y|=vGRZh+a zLwr3qHeO+Dg$*IQH*1WOyp$yn@e?=DTdp&N^C$SV;kIMU3181T`ko?1U z5zznob54KG)1+9^sV=9%V65~)gpcnyk*C#G%AOCqe?0_2iSY-8a>+ow3=358&elqd z?Bu|}j;6hp5RHMsUc0&57`|s{9ao#Y@}#D5v+QeU1_vdPRWvjWLxD92`So?!F|5?| z0|`w+QD5IYe|~=^_|?@?!%~Qej+HTFfh!k;0?K5!*xK})!=|kU3g32t#`aP|6YQ2b zIXt$PQ~#dRkx>~rWEe#|Ga(2V7n!5)BW!_o8kot=YWox2=i`!}golR|hD3yUKLz{` zh|l8`6jX;FrCifI$@ zNZ!M3Wh%%$J@=>_v@Fh#p7;+VZolaO84hD;FJJ_76~RpW)XN7+3`xuK>L^7n^cW0B zM#?KQVLf!RSnxIF5XfHY+vr(Uy}Iz8*TBHwG*df_?~zwve1AHFp}zg58}{o+$6?is z2N&S$TOC zGo^0alT+qzv$Aquya?8QCXYyOQRlt|wh>k~wxK<@a@9$W^iUa}qck;jtVx_3`yfwc zhGjx%zkD4fZ)R;>K6{r$Hw)LFdi%E1(u63^yL$_M3k&iR0+=@OhWY1}zVugA!Om%1!eRx#6~7CVrm5pX8;lbcrw78%sj7w^W^ZK0S4u&^6dcrM z;hQ0bVTwsag&{HOwc=QE7(vtFmSt2!|9M6O==GB$5l0IOb!nndG9P81UDG!2>b`Em z6;!djQra|e4=!j+%cg;W!(z3g8<$+KYsu=a<<0aSvATs+W$NRN^s_mr#Tkx^j#kg@ zR6(IGK60RN%gbmP|8&zwk$Lawyf#x=dmZ8sV8Of=1>kni$m@a*%BzU3ySQ>TRrf3% zEI~RsdGhL+90U`89Ap0?V_O`;x3WzB!^D6=5$({YPbzYlrHw5cQyUw9Ha18|$)8CQ ze)2hhXk0rLV(D(O9X%MBWjbiU9CyU4JVOLJ4g(B}zR&$O_=XrkbNs9jW}%|?5}Y78 zIl&(h=FaPjr#sxZFWUag;Ai&QojTYfFzaarlkKf>$#awp_aHu6K@_Ru8mOY=x6gfg z=xN)~+Y-@4a@^Ny5~8abu5)*-GBWCev{}Nd?`*kHLO_N4d%bzncM_10U&9tMicF%8 ztiKg?IZ@74{uVXlJBgL3qcz3}qz_zTIA;1F3$uUz#9yc7cZtOaGNNKcAEJ&wMGa$@CsSGeoO%E8(E8sSGk-qnjMdRD-xM6(7PoHQ(0VGbx$qrKJ(agH zv{z7UWqhgNu{^o&=xI(Ycs@xS1IHyN!~_9|0C$a`0v);Ul|8@&0P+LsX@Cp0reJae zx=1>)jIlQe)~jNj#u!4WB8LS?`em<6IdkW)@75^jJjdid%y+?=GP$jlz}L6_O5day ziki9DInPS;S3p1>e(Vk*8CtXn5WA;=^dPzKl3LMa#@`>J$2(* z@GJzQ)-|CzN~T*Y%(UOYN_F1b&ZFr3cD|5FA&grZ>3kEToXS65#NQKjWU+t%j^oT3 z%q2;)@X5LAfL-0ho}VpNC}L;2;n6KW`9;spiqXVm!v=E9A9NR&Z7%$wvh;XZE9_HQ zR$bj&SQwj?WAF{GRkZU~L8m#p?L>AI+Pb(z1U9#|J*Zw-8v9Vkv^+5IFe-3+7%DTY zlaA5nZ~szVj!&u(c3y!wFw6jZLVd8hd3t-hq+=pX!2H9t-0@SVPBDuN@R7MKz;HM_mrc^()zs2rz(vtb>udiM?bY;GHVI%N$ETu;W z@T`R{z39w=jTNKUib8Uu&>i$z)=pmToJ~fJ;n>vFQNSK0-&PR(Qw2JBdTB9_>agPr zEj2Z$AbXDl#P$ssiXrR{)Mn}F?1Ls;`JyMu%psVRP3!vg1izWS(%jla^|`|{Sz1R3 z+~H|##t$SAOx|EIG@SIk1_tHlC1Zi{@$pY}-QK1~JwQ@`E)i$PLyhYno0CIjN;^M8;TVfwvb{0$(r^XXm%G%!-<^`7OGB*#Ue=`h`djoA}j>GP+tDa54;~E{bh)iki#6 zu2C{B`1a9getA6`obPeeSSIJut?dR2Dr za2i?3fGrGl(Ta*F-!n`WJ@Iu??c>8zxohWndD&7=c6MD$UXV5I`uzFgWz30NblK8W zn{s+tc8UcRml(R$2IicZqK&VBC8g&cHguIr&PxTN?&+5;3Y&_UKc6To6tqbFfluv~_-H2-%n9+L_26wy@*hD)6d4s|iH7@!>LU&mtq?KM%vB zR^Zz-YOl($=1mey9JklAL&o~y`{yc$WW^m63hfar0c|CbX&10Bf=?_fSfU z(EXeMeG+6C_V_3t>nXwpZ4l!KtFbhJ(~3M=+KRk{as0)V{7VV_Q!NMB#nEtyRk{!){s0wz z&Wytce_&}1Cjwk6lvG>fa~cdWM#uaf$w<|x;}p`!Fh{)J$g-{0f5qYG!cie<5D*q* zJ~QKHaEX$rr*UacKBz|C6A?LoG=_!u+W;JjK(<@FIh15$WtGEu+}S+NW1SFjo98LC zly~wI(ubgu6`V`d7+QHK1mg<|99>Qtubeu_7k;`Krs7igU7N%WY3*g+(I&^`%cL=h<1($iJPbX2R6>;J|k6DWS3~EUiH6TY?SC0v;MlsE?W+__x{J z++6mAg5j3));eD)OMCy_yjQR0oKzut|F%Ay_B}<<4!?r&F(LqTn0V!hFnu_R`Oc(; zdRLq2D}|a=5zwmE0>OF1re!$fSa_W@GX$kK_$RgZmbx`E+ne)KEnGMCsRBMW*4al2 z);YbIeJd5ob%Oo)tG=0vk`jGK5eDUl6(CW$%BZ|uEqCNE)DBoujzA*hawF4|&v(9~ zzY-3}oP;K_1&k`Q7ZSz}Ca}(t`(pS-U7i_c$rVM}+rRaSsxadR?Vw@G4fNJ_gAdV5 zrIeSctg%s>;Z$jjD~c)U&!@-Q03wGAVfrY3#BoweaeoAY7FPB2wz5+Pkqp>GTQCe{ zXJ=<-D%DnV#koGj(`U7j&W~N8qQ(ky;lc&D6Da+v4CAd)rmwDbO5W@(b~1rw$X4nM ztVSUH60$_PZkl%6gp-E2S2iweVVJKQAmlr*+JQC_ASHOg>lMTb;Q?eaJZXo%hF8gq zKIqc-<=($%cdg%MKGgC&4$7)We!G6aNilAvWDnQR!kY79iCUEy%BBnI&X2R2yr3KH z!xsG(7yKau2k9Ch)Z5#fAvGT?$QAuTrvy!bgq~Pb#3uge24752aLQfQZh};kJ zl35+19jmR|`v9J;?nBAVGz^Cw!-z|Z7EOetwH`e7&fpm?*Gvmk2)K2oy#H?Yt$M?V z4e5j{LLOOc9K>2$+$R(wRFisSkP^d&MJE@6K0@bdEx+=hNFLv~dsu{Zt?6QWqFHS3 z9!JJgmWX#WNR6~#=83=N<(fmn+TZmXZ5KK!J8>vEJF{=lI^Q*_eP&j91)BfyO-l|k=bW&Z`p+*c|FoxhDMCK?4K*gcR@J*+ySZh z1`DEY;1|vEQPmURZ_R(z`G|$%Vdp zZRWhVr2Nw zc+bv|6#CAca?o|5qGG16$a0V;mt9^#_&rKZTUx3#YuyREKD5%45gEr_lbh?}T9qm? z+79v@x}PGd@3Q7!>EZ5f-LxUlNvK)5PCMP;vZ13KKfng;z2FL(sk3FA*m(jZEY=Eo8py?@$t`Wf{ZeEkH>W{I(BSq9aOz< zr?L9Ri@jf6S42H-4S29_8+)Gxs>=}Kh#Ae!U>VdA&Y{vXXPh*6*m-#8fZC?9uk@sk z_{w!S-|XW-MlJaqZvseT=;D7$kzUV+w3iE%OIWA(18zp9loxD4n+9xbbDNuhOR=j@ zzsIq(am?nz>c*TQcQ2A&V`_esYkLFAF7Sa%tmH}gyG~Bl?s&S}Z#B73EM)1HKJ$e= zHK;nm6mPV;07x)m#rmGj98$|enI9CSu@6Sy14UdX^8oON%>TJAc%x|Br~96X#$=*g zTp;5*?Ydc%6b_)MabkjKabDj0jt-HYF&I+Rld+K}r5(C1WNoj`%Q=&l#NT|sN$42` z{&)yNOI>|ss`qT$!usU`d{TYD^455$heT=d1PUQr;==d7wY4!%$oYhsNul1oK#pf@ zMz?EBjPJiz1!@MFkee$xJe${le6}Sp0#WAR?ZzB0M;FY*?o?fY^u6-Rprr6s6foL5 zmE>Tr4Vs5BWc%Q%3>Bam%Oz3!8Q|%= zjxu9PY!G$5>{DT0&^&p)Q=#$k77r8sbo!!XP;od4LFW_t?vWCx{RMckh8yYwiOxkpwZU|hb%W>c@Z?LuRk??*^ON{D?{g;1xM+r{+47Y`9k<1vK? zXWtCpek@?3dL6P)pF!gCpX7R0G&nZ|>|NM8D#O`xAlh`zE9acz<1^#Qzv=~gs=vbX z-`0(p4r#RCKUswTPclpYAs_YI!R23U^IvT9Uu^SVZ1Z1i^IvT9Uu^SVZ1Z1i^IvT9 zFCEMOd1KT2w@y{ z{dd^&*bm7$PA9ttyn5G#h_Cvm4ddjuzogX9=Knm1*4wBb%KlJIhL}k>}_5f!J=+)usi0gC0YvI<; z&h^w1)Tw|D5hc@$z(SfD&kv>*#q8C<7`kYxq8GWhfLO)Sbp@PK4}eRgoq zq5|QXKLDL9hN3)s>so1-khOP!Dtut~AH&tMY-2He0BVAG({Xlvv(m3q_{GU#J1eV7 zGLYNZ$}e*IsoA4~treCnlBiBS7a>T}9FE5$Am17iyDSwMUN2FMO1NM#BL9Wr$ ztvjnj_s}2~fO#OQ#m9d#&Ar6k4*VQ>UnmLYJKlqCgA?y79TkgQwuI{zW~w_I*#!xsXnqhj)l9DGB}1F7%76d;lWN(Hk{4#>Y%9 zpIA`NdGX>7h#I6Pd-5%R*Pwp_o`nN->h@SGJ+G%9*wrtzTIA0cYD{T9Q-n-BZ%pP_ zeSuC_Tctr7ZYGk(dfViN%(FhUg`MqU zu*401&fqnxfr<(dbEc%^WDPIie+E(Kxxi54esado&o5hNO4GGm$aUPch%%~#*3`_b zrrMS6vsK{>7hQT#ik*1m7VBD*6s$a3YzlNIB+2hBz-K-gd#aiA}R_+Yyx%QSdT@C>x zq+~0K4Hb^+h=}VV4R71qIbsx*TA}a&uMA%5kNd3MpVfAPT&Cr#JO<%E$~<=In>@zn zIlk{2uV*T;Vu$|?_a#v3>{hBcD9L~WfR|!3i{=!FSVyd*KITf%LC1rwt7!b6LP!J_ zKfkczdR<9LRDoeGf<8GiI(n!$gfq(Kxz$!&P>6rzaK{%q`la^pASWl-$+BoR`v`N8b!BlxCY>+M*2Q%PTU^J)F}f0< z|LN+oE%)V?|3+i`t3g;OS~oVf71_(>FxJ*7DP!Vy?*>*p9i1TY(f+E3nf@W0F}AZS zNlc9BK6+8f|F(D{<4DcvQv@jx0H_7gypuWctYRM{h})S}okdq-cM-b!`t)Q;O~}*E zhJbquh?StEgmgWWev!hd7tXYUVjU#wNno4gQSn-}-Egjbg>UFOO`Jne5hUcwWH+j#VAxXE~73f_}duRZ9^9zsbwBeyIj~X*odLSmY93B$fa+!;3 zA8j5C`;)cr&SW`%*9Q}WpnvB#IW2K700@ayIXE^D6YIl)Z~Y+gNUsn<9aI2xdMJ#j z&O!&O8k3+>rdg|j{{GWJf97-u_6XeW~NuL3MC{sgQtbXGr_*gF`4c~iE4eN zR7bzDWuO!|Pt2i{?%;o+oT0kk>1@Cwd{ARV!$@UiWl<3?;~61{xX*ZJ<9q#mA2Vp6 zQf8s>*)K*%$AB#iB`72kFGhR`2?IZyCF)4b^e1p>9#W7Vf1y{Zt9UAKWmeW4WNFbH zxQBG-Njc=k-PfLDd>YT?R;k`3+qE-VcOa!ANrd8s6GtP8o`ur{?rl3)D`!8p zwiapNpHWc|kiD^}EQSv|2*zYBHw(Fi+a= z0qZ+STu>Cn&Q1;-Nhp3`dsjR2jZF>AQ~?13&lz`?WU0F)Zrg&-$@kM=XcInE!^hA6 z*rapMZ+pdGJ)$1mxkXPzC{K)!$EvA}y*a2V5HE+7uX+9YUJs$smf{4v)DLPiFtLd8 zm2a$=uP|jsyJ>N+=HWfN*TZF4NW6c62>)7(DXR#&7b6}o9F)uIPy>OFl*ilcNHRdw z!JO}>Mnj1R`B_+GCnXi7j&Glq?HOygR?@mjN6a5{;=Z~~{c0Pv{S^OH0{TxR~3J^yAs;D7|?L?HK83%FCgb2voiKVszQwu8h?##(If;ivoM zm!OKw$FX=d>)8Ip#KIKDjxz_3HGlm0k)tc2@g;8tPt&>l*_KtMm0R$A5KjIO$p=WH zb`X_RB=!tnbve(@_JC*DBos3`MN^(wSU7v0qth4Drw-%PlKhDHRvz=CNbr?bta za>vjK{|DX$ao8ABkr$lQ3X*e@11l@)0~k#r%#lWu&5GO0wQGv_KCcC!S3VwLrZ+94 zrwF{GI4K4WU}tem-^5hEXz>4Audg4t5Yf`BvrD56T7mpmMH!du0R{D;Vey7p_VncFN^pg}i7KCOB zKY^m1L^ycIwY|S8guWt3|EquerYX8fH0vRm3%HE%@rrq!2nK*KrVDB976wJ9%PrUY z{L+{r^)N&Hdsg-D%x!j5=}Vyn0Vg*yE>sk&{W>7 zD&71XwG|)gab5}yJi3MxPoPJ3o+TH>`eqhCT-&|8?7_3$k(Kw-q914~O66BA>G6jGuq zr~3*@7JQKBAA_$XZO*HO{+|3M*hNIg@zQ=}AHb6YS0(anW3on`oILRWKe8(xPt@pb z1mAmWxA1rwGzL~K-4ZqDa1I`#$fbs;_T%ia^SxbNvv3L^;+Q@CFOySKvlB!o?tBOh z57%Hx0uP2gT;RUnBDB4s&rKD?_goj2O<=1k$H&KSE!eR0P~NgHHRFv@O=C?<%K@kw zNPXbVRlC|%=kSAAfi;mr``yE*vO0pbNY_q8lp@15qSOYAytH*jpL^C4e|kb zu$F+)%7X_*XMk5YGiS)UZ?v(|v`B%RygZmbKerS?q_BC9fBf{IYibtPG1~L?*Zb^~ zLT3_h10A#a^)B)#Nr^S6q*3msH^AQ3(F66;R;SX`4kbk%1x*&HTU67Y=e2jYwN;N? zKjL1J4<}Il!E(^xRoVp^F7~-OF*CgrM}}Qpi*wu3(A|1sakQ_@C24`-%)1M&tP6)b zta#xxk&xNg{{EWKh4-}lrg!f;Iy+019KN+5JjblJT!Fvvc6WgK@Gc~`8Y~(V0qUO4 zJFpG(A?I<6i%m{WeBc;_7?G|0$i(#O{%Z>JX+oil%q6{Y*CL-jhP1Y@#YNkqUOlM| zIFgHKP$ruGS2-+{RIr3j#5T}z{YtZ$6Lj!cNGlC^YEU$L%JjgvdeH?I7 zH0)&+gi+QIFU(=_e0w~g(^-@Uv93rRZgy_9t-0CNF$GkJK;<|ixZ!MS#xN9LNz~4S z5tbss0>9L!DKUs7XC3X33<`gz^|YQ+4xUv@u%0T$cwi!?uv{k=K3LwpdslyOzaX=d z6BUT&qGC=RX979|XSh0;X;P#lyvWEsNWT1%(9l3TzP#~~{*#pGewiNfFsaHV zMN*v81J~1i!&2!Ds`7SF7&hYN5WBRFiOIg&(XFlg!oq#oHKCzANzQF;bg7DdYn$sF z<%%jNp!X|Hnqp(^;$xJO!BLY}hm=c6&k_tlPMKZ3iW)rJ)no0lGUJC2I(hp+Juj3Z zv|qM(BxjFC!zQ{csk)vv4@fKd7leeKw}s`D@$v%mmCCa#35|>=eGX6c6>5%#r2-sI zxR*GClmGBR{j`+JL1$j^*y->DA{o`wPrZzi5iyqyq`3Xh5wF)8SEstgkT z>>0Grt1&ipf4_!fP^;?!Yy&%tm?2*^wTHR6?YsPGJz^r)w#i<5c<4CC^aH~NQ5hCi z9fa_$cuM{-|48JiljE*SlTbGy#;aLfJnY0FC(oE9SqYi$5IHEgHuhyI(`O&+^LK-- z$h$yU&YFA9TL+!oxLC~zEP}t#d&LS zqPoU^URE~E$?3kf%RUO%Qis$m-hfW+bJtN_mLm5AZOYxe{I0TX4bA6dXG6(_o|ZYs z+cn$DanF-C4aht^%^VzjBcJODcQ>}Ne?Idd8)@g#s}sG;g(odD^VYG*C@m+)HIu=H zsMzM_*&5#n!CM4E%z*7lD!uE+YlqFv2@7qiPjuydS*a`^uaGeMc6amMsvRHSRF-q^ z+LGSeq*RnM`ySf=h<8wD!RKBl7Rs^N+0vS7RA6PLsD;N-5D9^nA4#piEo)RqC+_ev z&APZ)4~p}|?xCFP?0kJgda|`{(EASNXT4%^3A9 zrmRg&C^ruYy6MUaf!luyQr2xx?9y@Wb0M_2+S%Db{>_Tb>GG_7!-pjGF_^yK?OXDz z7}oy8xSReOWV1U&Q6i1kBk>&mE?ebGjaNAQ%>4(a{U5z}^vK(L)N#CsDV2sPb-XAw z)BDk*RBy+DlvHoc!-sLASMi$6G&BkDlbTtS$^?aVRIg^J!=Ku{L7KW&qq11CEISg( z7t_nbSKQTDKeg)YtioIDWYieJ8Qe$D$JeuzU$eC~0X4hg9>*;&cf7edTsvpYTbi3a zC&$w9UdW-0z^vuAP8fQnzy3bG|8;d5S!gG_-XSQCIxrhvy}bEMDJ}a}!pG{w-MR7Tg`Xl zVq!`&Gx@|z$nBQg|HNh>Kgy;XN6Cri7}+u6yd$`IPZrvwba||8Pip827TU-<_gooh z8S~%V6wAIE=45TeaBI&Wthg*aOJ%i=1Bd*c$PTICI_p>L({ZzvZ+wKHc9E=|-I6aO z!+iGh=inGg=&veMW->36Sqdnbc^BHArj{kI(5Ru9?&H&B2<9;C`T3Yqhn&Fq5~HX! z9=9DVEd0|17h@fSufnpHYv7P}^J`&yM@KYX-igKzG2MiELTfohSp_2 zzr4qihJ?~mOloSX0bf%LAN_V?gZvfgNw;mM&JQ0LSUby%+EWfADTMblGT`$1K6^6_ zG$#fe ze(B2H7u6zNLKxeXKJExQ#Ut7DO7Al5f;%FyFnt0x z8+i~~4!f?R=0`TyuQKJX&FZ)0X|t%Im#QA>H02G|g?m(0$#*?bj8p3JcioB(B1k9a zXP0}_xX85ZMeM(3R}ikwxbM)RPn10T&X(=F+lgHwO4iWde{sHC=|SXk_XO_?ImJ%M zT<;Gx3R(>0(mLm;W+uBVm6k7Gx`Ygt^lF#wBE{awQ9z`1R6F(bhW|%uvmK$J!B}n? zl?{(HkK^XXJX>op)~BbGpqGb2Wd6S5z7Lm{IC67stx(5i&5W;D_6B067HsT3)iUF@ zS19JGL4RVTo5NNtzvM`B*S=_nA9GOe`Sq3!r)Sj4BQo>43LE~~26_tUQ)F*W#t<8R zyli7-kaqF5WlU=Lw z&y>_?3e!R&Zu>*WWwbe=JB%5r`WRw8D0VF$t!*u|(o(Wlb^9($W!TXdt16_YrQOwF zV@K`)fALZSiHL0dh8!ZikQ6!Si07|1PmRFvZLUTOQ*1WVLU(3_W6 z98>WO#;2z3RHZTl(l93EO#oiigDb^+?; z49cjEj(lGXi#)Mu29WJfWJh{dEMAHK)fgEp$KP;8W`A0IHvjvADPO zocg+{x_I9hr4%_^+lGOG`O;E3d3j&lQhhCJ_$f7HaZO3)S!>5Cwi_-@R{HeG@z>Iu zO+wI#{blS@=rPARwv`1C{@U2Mo&oLBg$tj&w0cH3Sf^~ypFt2p_#?8{epn85v zFJIsMYB%5Vy(b50i?6zJvngG+njP@BLdnzl8$9IMrS->hHI; z_5zC%_vX1h@ze>ca^S~^SauOXF`q^*xzR6E`bp9p>7RM=WPD=-+=la7F@TlV8+zv+#oX(ht7Fd}BDq9MYwdV=np|i@HY|!$dv4j;PYzt#prOXUH55B1 z7S6liqH_JHwn6<#>$CNzx_Z`Mg5iS``0(JQ7p6e&oMa=25aKg(c_!zfAl$d z;&+B{(T1qo9-E!H71ud7H5I5#7x?y7uJSeI!|hUSNG{xq^bh0`J4#OhBE>3m;EQ9kI}LhDhBzNrgS2Uz551DRzXvtELz-O>33<`=req2^3D z*;B!XoxCqj%y0yEs-w9_H@yuUyOQ3tw@7}<&)h?L*d4QYm;ijW7`5fX`U(`2NSMMJ&9B%K8u!i9m z-YXK0NIU%_V6&~e<5l^)iHKtT%#86T_7H1I6G_den3(l7l^Tp;AWXq)-E~+9Od+un zAlU2a;maVdd2iVgeMJk4)`om)48&nwH(Jm3$_5!zW5I2cPvf-3y6@Peq9bjC)W0>> z0FpcK3K$D>(YBkU4n><-AXSw!5)&sDdbUmuz2p#@8MFDm?TEQ-$*rlCC9^J3qot{t zp+{r87SXvL&aM}DFzlF4xocHHeZg7MYtdrpQ_2VIBcvxOgJlefn*?>O^O@}DLtT;? z^c`!{24)SK^N zZ*O8~C~FUzJyVsvZ3HV|WT{l0;73Je*)$+ex|msTS|tP@bZ-yrk8OfGg|@*kI`)Lx zI~RYcIv1CC#khBa>pE~_;pQi@;CxvF+jcd$JI5ZCqHTb>HW``Y*?pa&~2!z4Q z#p35Bxe>EdEs@RFeKQ#(P&;IHBB-LF9q!}DDUf0I$B}tK?`2Tio6}CQr|6ca7XRZN z=U#K{2@f)b5}u4EB5Nihiu9AO5e$zx7)55`oj&$y|%I3gDqN$3lpS{i;~s zQXktTOa_v>HG;fM@qp4Cx=jA#{>8VtOOhyBG0ypH&o2Qr`pw5v9@|cz#|`_bLU!`8 zXVu_oaNJJ!qT<^j9IsBRI=9%?t!;c^>7~CtCFOh;g@-swpqdF6REr4~xFLY4o(g#9 zGpW&4-rh^d#Uo-o@L_yK(vuYx#bsq%1{|9)2UIn~mJC@TOMKK@9wiOq#}O-!!m5g( z_96CLG|Qvja4s+TiN#m6wY9j_OLT{XJ>NW_hx>!X%LBigQz||DERJ^%mR5?TKwJ#V z#UZe1V{iXTd09Tt?irU!tF}9Sr*J$Bivx%WTB-EL?^jht`Q{rWHjmZ#i{<3_tgpKr z?aw3z-uLgNSh)2|c0lV1H~-^X8YtHA9W@Zls;cz+XF9(wbxZIj(M=)4b1(QMV;P&m z)yysEtOSo>N$-h@pgbs%?Xm&t@X`n*#YcC1cQ$U;?(XcH75hunr;pzd*u;F?&{JmJMs+EM~j}qytBFg{U@BV-Ec^??(zBD+P-FN=pg9#D%2Li#JINbH`6YTH( z^(v^du<&g~#r-|IqvTFE)L(V^D=z&$0A*1A{ura%`lqGPEZnpcbKgS2{lAZBW-OPD znI-$8&Oz?LPXDVC&eM#>t)M_v7`)=0i8E@V;8}ee)KGE7nU^N7z!4Kg(cC^Jy>22 zuBoBD)@8uK#Z3{$?J|8F9;fUdkE4p(#;k=+wk8KwR7f_(HW+e@(V&;UFys`h*f={I z-#VAnPxTTS*yJA#oP&>)rc+BwuAvF+mqKoAtU`%`k=fbVV$7MXmBB=ZS{%dFn4ACL zY{u}g7Z&@HUr*Q8zF=&9Y5g=T6v)3ni3rNPt545u(@|vd(#eC8iB$==C5CQm(9{iI zckr9;p?m?ej`p9E2&UM*d-wj<8KlG@BPd literal 0 HcmV?d00001 diff --git a/docs/diagrams/fraudulent-login-sequence.puml b/docs/diagrams/fraudulent-login-sequence.puml new file mode 100644 index 0000000..2de98b9 --- /dev/null +++ b/docs/diagrams/fraudulent-login-sequence.puml @@ -0,0 +1,51 @@ +@startuml +skinparam handwritten false +skinparam participantPadding 10 +skinparam boxPadding 10 + +box "Authentication System" #LightBlue +participant "Zitadel Event Handler" as Zitadel +end box + +box "Kubernetes Control Plane" #LightYellow +database "K8s API Server" as K8s +end box + +box "Fraud System" #LightPink +participant "Fraud Controller" as FraudCtrl +end box + +box "Notification System" #LightGreen +participant "Notification Operator" as Notif +end box + +== 1. Session Created Event == +Zitadel -> Zitadel: Webhook received:\noidc_session.added +Zitadel -> K8s: Create LoginEvaluation resource\n(Spec: UserRef, loginEmail, LoginContext) + +== 2. Reconcile & Fraud Evaluation == +K8s -> FraudCtrl: Watch event: LoginEvaluation Created +activate FraudCtrl + +FraudCtrl -> K8s: List Sessions (for UserRef) +K8s --> FraudCtrl: Return historical Session resources + +FraudCtrl -> FraudCtrl: Compare current LoginContext\nagainst historical sessions\n(Compare IP, UserAgent, Fingerprint) + +alt Login is Fraudulent (Suspicious) + FraudCtrl -> K8s: Resolve Location (via GraphQL Gateway LookupIP) + K8s --> FraudCtrl: Return resolved Location details + FraudCtrl -> K8s: Parse User-Agent (via GraphQL Gateway ParseUserAgent) + K8s --> FraudCtrl: Return parsed Device & Browser + + FraudCtrl -> K8s: Create Email resource\n(Spec: Recipient, Template, Variables) + activate Notif + Notif -> K8s: Update Email status to Sent + deactivate Notif + + FraudCtrl -> K8s: Update LoginEvaluation Status\n(isFraudulent=true, phase=Completed) +else Login is Normal + FraudCtrl -> K8s: Update LoginEvaluation Status\n(isFraudulent=false, phase=Completed) +end +deactivate FraudCtrl +@enduml diff --git a/docs/enhancements/fraudulent-login.md b/docs/enhancements/fraudulent-login.md index 1d13aea..d14497c 100644 --- a/docs/enhancements/fraudulent-login.md +++ b/docs/enhancements/fraudulent-login.md @@ -1,6 +1,6 @@ --- -status: provisional|implementable|implemented|deferred|rejected|withdrawn|replaced -stage: alpha|beta|stable +status: provisional +stage: alpha latest-milestone: "v0.x" --- -# Short, descriptive title +# Fraudulent Login Evaluation +This enhancement proposes shifting the responsibility of evaluating suspicious user logins and alerting users of anomalous access from the identity provider layer to the central fraud detection system. + +Instead of the authentication gateway performing inline fraud risk checks and sending email alerts synchronously, it will delegate login event data directly to the fraud detection service. The fraud service then evaluates the login context against the user's historical session patterns to determine if it is anomalous (e.g., a new IP, browser, or device). When a suspicious login is identified, the fraud system automatically enriches the metadata with geographic location and device details and sends a security alert to the user. + ## Motivation +Currently, the authentication provider is coupled with security and fraud rules. Evaluating whether a login context (IP, User-Agent, or Fingerprint) is anomalous requires knowledge of session histories, geolocation lookups, and user-agent analysis. Housing this capability inside the authentication gateway introduces several disadvantages: +- **Feature Coupling**: The authentication system should focus exclusively on validating user credentials, rather than performing geolocation enrichment and complex risk analysis. +- **Fragmented Fraud Policies**: Security policies and risk assessment logic are split across different systems, making it difficult to maintain and audit consistently. +- **Lack of Central Audit Logging**: Suspicious login decisions are made in-memory and logged, but they are not stored as persistent audit records for security administrators. + +By centralizing login evaluation within the fraud system, we establish a clean separation of responsibilities, improve the auditability of security decisions, and ensure a unified security and fraud policy engine. + ### Goals +- Decouple the login flow from fraud and alert policies. +- Centralize login risk assessment within the dedicated fraud detection system. +- Utilize historical user session characteristics to recognize anomalous login attempts. +- Provide persistent audit records for all evaluated login attempts. +- Deliver automated, metadata-enriched security notifications to users upon detection of suspicious logins. + ### Non-Goals +- Modifying the Zitadel event delivery system or changing Zitadel webhook payloads. +- Replacing or modifying the existing `FraudEvaluation` pipeline, which focuses on long-term user risk profiles rather than transient login events. +- Creating an independent geo-IP database; the fraud operator will leverage the existing GraphQL gateway. + ## Proposal +We propose an event-driven flow for evaluating user login security: + +1. **Login Event Propagation**: Upon a new user login, the authentication system publishes a login attempt record containing the login context (IP, User-Agent, device fingerprint, and timestamp). +2. **Historical Analysis**: The fraud system receives the login event and queries the historical record of that user's sessions. +3. **Anomalous Context Detection**: The fraud system checks if the incoming login context is new or unseen compared to the user's past active sessions. +4. **Metadata Enrichment**: If the login is flagged as anomalous, the fraud system translates the raw client IP and User-Agent strings into human-readable geographic locations and device descriptions. +5. **Security Alerting**: The fraud system triggers a high-priority notification to alert the user of the suspicious access attempt. +6. **Audit Persistence**: The outcome of the evaluation (whether flagged or not) is recorded in the fraud system's audit logs. + ### User Stories (Optional) #### Story 1 +As a User, I want to receive an email alert when a new login occurs on my account from a device or location I have not used before, so that I can secure my account. #### Story 2 +As a Security Admin, I want to query a list of login evaluations (`kubectl get loginevaluations`) to see all evaluated login events, their details, and whether they were flagged as fraudulent. ### Notes/Constraints/Caveats (Optional) @@ -169,6 +201,9 @@ Go in to as much detail as necessary here. This might be a good place to talk about core concepts and how they relate. --> +- **Race Conditions**: When a new session is added, `Session` resources in the cluster may be updated asynchronously. The fraud controller must ignore the current session itself when looking at historical data to avoid comparing a login to itself. +- **Gateway Availability**: Geolocation and user-agent parsing depend on the GraphQL gateway. If the gateway is down, the system should fall back gracefully to raw values. + ### Risks and Mitigations +- **Resource Proliferation**: A high volume of login events could produce many `LoginEvaluation` resources, leading to API server stress. + *Mitigation*: Implement a garbage-collection policy (e.g., TTL controller or owner references) to delete old `LoginEvaluation` resources after a configured retention period. +- **Performance Overhead**: Fetching session lists and performing HTTP lookups during reconciliation can delay evaluation. + *Mitigation*: Use client caching for `Session` lookups, run network requests concurrently, and handle transient errors with proper exponential backoff retries. + ## Design Details +### LoginEvaluation CRD Schema + +The new custom resource `LoginEvaluation` will represent a login event under the `fraud.miloapis.com` group. + +```yaml +apiVersion: fraud.miloapis.com/v1alpha1 +kind: LoginEvaluation +metadata: + name: login-eval-sample + namespace: fraud-system +spec: + # Reference to the User resource + userRef: + name: user-zitadel-id-123 + # Optional email address used for this specific login attempt (essential when users can log in with different emails/OIDC providers) + loginEmail: "user@example.com" + # Context details about the login attempt + loginContext: + sessionID: sess-98765 + ip: 203.0.113.88 + userAgent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" + fingerprintID: fp-ab12cd34 + createdAt: "2026-06-17T16:11:00Z" +status: + # Current phase: Pending, Running, Completed, Error + phase: Completed + # Evaluation result + isFraudulent: true + # Status conditions representing evaluation steps + conditions: + - type: Ready + status: "True" + lastTransitionTime: "2026-06-17T16:11:03Z" + reason: EvaluationCompleted + message: "Login evaluated and processed successfully." + - type: UserRefValid + status: "True" + lastTransitionTime: "2026-06-17T16:11:02Z" + reason: UserRefExists + message: "Subject user-zitadel-id-123 is valid and exists." + - type: NotificationSent + status: "True" + lastTransitionTime: "2026-06-17T16:11:03Z" + reason: NotificationDispatched + message: "Alert notification created for delivery." +``` + +### Sequence Diagram + +![Sequence Diagram](../diagrams/fraudulent-login-sequence.png) + +### Evaluation Logic & Flow + +1. **Triggering**: The Zitadel handler receives the `oidc_session.added` payload. Instead of running analysis logic, it builds a `LoginEvaluation` resource and writes it to the Kubernetes API. +2. **Session Retrieval**: The fraud controller uses the UserRef from the spec to retrieve all existing `Session` resources under the `identity.miloapis.com/v1alpha1` group. +3. **Suspicious Context Check**: + - The controller filters out the current session ID to avoid checking against itself. + - It checks if the current IP address, User-Agent string, or fingerprint ID matches any historical session records. + - If *none* of the historical sessions match the current IP, User-Agent, or fingerprint, the login is marked as suspicious. +4. **Geolocation and UA Parsing**: + - The fraud controller calls the external GraphQL Gateway to get human-readable location details for the IP. + - The user agent string is resolved to determine the OS (device) and Browser. +5. **Notification**: + - If flagged, a high-priority `Email` resource is created in the notification namespace, targeting the recipient user with variables: `UserName`, `Email`, `Location`, `SignInTime`, `Browser`, `Device`, and `IpAddress`. + ## Production Readiness Review Questionnaire +- **2026-06-17**: Initial enhancement proposal drafted (Alpha). + ## Drawbacks +- **Increased API Overhead**: Each user login now triggers at least one additional write to the Kubernetes API server (`LoginEvaluation` creation) and several reads. +- **Dependency on CRD**: If the `LoginEvaluation` CRD is deleted or misconfigured, it breaks the fraud-alert pipeline. + ## Alternatives +- **Kafka / Event Bus integration**: Send authentication events directly to a broker like Kafka or RabbitMQ, which the fraud operator listens to. While scalable, it introduces a massive external infrastructure requirement. Kubernetes CRDs offer a simple, native control plane fit for the existing environment. + ## Infrastructure Needed (Optional) \ No newline at end of file +--> + +None. \ No newline at end of file