From 32062fc79f87eb57d65fc7395f9e6fca6e43f273 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Wed, 17 May 2023 15:34:05 +0200 Subject: [PATCH 001/146] First commit for FIDO2 support --- .../20230430-add-columns-external-id.xml | 52 + .../1.5.x/db.changelog-version.xml | 1 + pom.xml | 1 + .../client/model/entity/Activation.java | 5 + .../client/model/enumeration/Protocols.java | 38 + .../model/request/InitActivationRequest.java | 2 + powerauth-fido2/pom.xml | 105 + .../Fido2AuthenticationFailedException.java | 40 + .../rest/controller/AssertionController.java | 77 + .../controller/RegistrationController.java | 83 + .../AssertionChallengeConverter.java | 52 + .../model/converter/AssertionConverter.java | 59 + .../RegistrationChallengeConverter.java | 51 + .../converter/RegistrationConverter.java | 87 + .../AttestationObjectDeserializer.java | 67 + .../AttestationStatementDeserializer.java | 65 + .../AuthenticatorDataDeserializer.java | 145 ++ .../Base64ToByteArrayDeserializer.java | 49 + .../Base64ToStringDeserializer.java | 54 + .../CollectedClientDataDeserializer.java | 68 + .../fido2/rest/model/entity/AaguidList.java | 195 ++ .../rest/model/entity/AssertionChallenge.java | 35 + .../rest/model/entity/AttestationObject.java | 41 + .../model/entity/AttestationStatement.java | 31 + .../model/entity/AttestedCredentialData.java | 33 + .../AuthenticatorAssertionResponse.java | 48 + .../AuthenticatorAttestationResponse.java | 41 + .../rest/model/entity/AuthenticatorData.java | 40 + .../model/entity/AuthenticatorDetail.java | 52 + .../model/entity/CollectedClientData.java | 43 + .../rest/model/entity/EllipticCurvePoint.java | 30 + .../fido2/rest/model/entity/Flags.java | 38 + .../rest/model/entity/PublicKeyObject.java | 35 + .../model/entity/RegistrationChallenge.java | 34 + .../rest/model/enumeration/CurveType.java | 27 + .../fido2/rest/model/enumeration/Fmt.java | 45 + .../model/enumeration/SignatureAlgorithm.java | 27 + .../request/AssertionChallengeRequest.java | 43 + .../rest/model/request/AssertionRequest.java | 50 + .../RegisteredAuthenticatorsRequest.java | 34 + .../request/RegistrationChallengeRequest.java | 36 + .../model/request/RegistrationRequest.java | 56 + .../response/AssertionChallengeResponse.java | 33 + .../AssertionVerificationResponse.java | 45 + .../RegisteredAuthenticatorsResponse.java | 35 + .../RegistrationChallengeResponse.java | 33 + .../model/response/RegistrationResponse.java | 50 + .../validator/AssertionRequestValidator.java | 91 + .../RegistrationRequestValidator.java | 125 ++ .../fido2/service/AssertionService.java | 103 + .../fido2/service/AuthenticatorProvider.java | 38 + .../fido2/service/ChallengeProvider.java | 90 + .../fido2/service/CryptographyService.java | 37 + .../fido2/service/RegistrationService.java | 109 + powerauth-java-server/pom.xml | 5 + .../configuration/OpenApiConfiguration.java | 5 +- .../PowerAuthAuditConfiguration.java | 2 +- .../controller/RESTControllerAdvice.java | 18 + .../model/entity/ActivationRecordEntity.java | 126 +- .../model/entity/OperationEntity.java | 2 +- .../repository/ActivationRepository.java | 11 + .../app/server/service/PowerAuthService.java | 3 + .../tasks/ActivationServiceBehavior.java | 61 +- .../tasks/OperationServiceBehavior.java | 10 +- .../fido2/PowerAuthAuthenticatorProvider.java | 344 +++ .../fido2/PowerAuthChallengeProvider.java | 162 ++ .../fido2/PowerAuthCryptographyService.java | 78 + .../request/ActivationLayer2Request.java | 30 +- .../src/main/resources/xsd/PowerAuth-2.0.xsd | 270 --- .../src/main/resources/xsd/PowerAuth-3.0.xsd | 1910 ----------------- 70 files changed, 3657 insertions(+), 2284 deletions(-) create mode 100644 docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-external-id.xml create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java create mode 100644 powerauth-fido2/pom.xml create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationChallengeConverter.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/EllipticCurvePoint.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/RegistrationChallenge.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionRequest.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegisteredAuthenticatorsRequest.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationChallengeRequest.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AuthenticatorProvider.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/ChallengeProvider.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/CryptographyService.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java create mode 100644 powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java create mode 100644 powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthChallengeProvider.java create mode 100644 powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java delete mode 100644 powerauth-java-server/src/main/resources/xsd/PowerAuth-2.0.xsd delete mode 100644 powerauth-java-server/src/main/resources/xsd/PowerAuth-3.0.xsd diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-external-id.xml b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-external-id.xml new file mode 100644 index 000000000..ba56c0200 --- /dev/null +++ b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-external-id.xml @@ -0,0 +1,52 @@ + + + + + + + + + + + + Add external_id column + + + + + + + + + + + + Add protocol column + + + + + + + + + + diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml index 447a035c3..637e48247 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml @@ -4,5 +4,6 @@ xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd"> + \ No newline at end of file diff --git a/pom.xml b/pom.xml index 458741fa1..7c5a7a3eb 100644 --- a/pom.xml +++ b/pom.xml @@ -75,6 +75,7 @@ powerauth-client-model powerauth-rest-client-spring + powerauth-fido2 powerauth-java-server powerauth-admin diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/Activation.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/Activation.java index cfd3f2e21..118ba244f 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/Activation.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/Activation.java @@ -36,7 +36,9 @@ public class Activation { private ActivationStatus activationStatus; private String blockedReason; private String activationName; + private String externalId; private String extras; + private String protocol; private String platform; private String deviceInfo; private List activationFlags = new ArrayList<>(); @@ -46,6 +48,9 @@ public class Activation { private String userId; private String applicationId; private String applicationName; + private long failedAttempts; + private long maxFailedAttempts; + private String devicePublicKeyBase64; private long version; } diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java new file mode 100644 index 000000000..4a1f73612 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java @@ -0,0 +1,38 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.enumeration; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +public enum Protocols { + POWERAUTH("powerauth"), + FIDO2("fido2"); + + private final String protocol; + + Protocols(String protocol) { + this.protocol = protocol; + } + + @Override + public String toString() { + return protocol; + } +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/InitActivationRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/InitActivationRequest.java index b3448a35b..d2859c19e 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/InitActivationRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/InitActivationRequest.java @@ -19,6 +19,7 @@ package com.wultra.security.powerauth.client.model.request; import com.wultra.security.powerauth.client.model.enumeration.ActivationOtpValidation; +import com.wultra.security.powerauth.client.model.enumeration.Protocols; import lombok.Data; import lombok.ToString; @@ -32,6 +33,7 @@ @Data public class InitActivationRequest { + private Protocols protocol = Protocols.POWERAUTH; private String userId; private String applicationId; private Date timestampActivationExpire; diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml new file mode 100644 index 000000000..793a80870 --- /dev/null +++ b/powerauth-fido2/pom.xml @@ -0,0 +1,105 @@ + + + + 4.0.0 + + powerauth-fido2 + powerauth-fido2 + powerauth-fido2 + + + io.getlime.security + powerauth-server-parent + 1.5.0-SNAPSHOT + + + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-starter-validation + + + org.apache.tomcat.embed + tomcat-embed-el + + + + + org.springdoc + springdoc-openapi-starter-webmvc-ui + 2.0.4 + + + org.springframework.boot + spring-boot-starter-tomcat + provided + + + + com.fasterxml.jackson.dataformat + jackson-dataformat-cbor + 2.13.4 + + + org.postgresql + postgresql + runtime + + + org.projectlombok + lombok + true + + + + io.getlime.security + powerauth-java-crypto + 1.5.0-SNAPSHOT + + + io.getlime.core + rest-client-base + 1.7.0-SNAPSHOT + + + io.getlime.security + powerauth-client-model + 1.5.0-SNAPSHOT + + + + org.bouncycastle + bcprov-jdk18on + ${bcprov-jdk18on.version} + provided + + + + org.springframework.boot + spring-boot-starter-test + test + + + + diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java new file mode 100644 index 000000000..d3a59a633 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java @@ -0,0 +1,40 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.errorhandling; + +import java.io.Serial; + +/** + * Exception related to FIDO2 authentication failure. + * + * @author Petr Dvorak, petr@wultra.com + */ +public class Fido2AuthenticationFailedException extends Exception { + + @Serial + private static final long serialVersionUID = -3214199555928548491L; + + public Fido2AuthenticationFailedException(String message) { + super(message); + } + + public Fido2AuthenticationFailedException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java new file mode 100644 index 000000000..510fc4612 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java @@ -0,0 +1,77 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package com.wultra.powerauth.fido2.rest.controller; + +import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; +import com.wultra.powerauth.fido2.rest.model.request.AssertionRequest; +import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; +import com.wultra.powerauth.fido2.rest.model.response.AssertionVerificationResponse; +import com.wultra.powerauth.fido2.rest.model.validator.AssertionRequestValidator; +import com.wultra.powerauth.fido2.service.AssertionService; +import io.getlime.core.rest.model.base.request.ObjectRequest; +import io.getlime.core.rest.model.base.response.ObjectResponse; +import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.validation.Valid; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +/** + * Controller responsible for FIDO2 assertion handling. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Validated +@RestController +@RequestMapping("assertions") +@Slf4j +@Tag(name = "FIDO2 Assertions Controller") +public class AssertionController { + + private final AssertionRequestValidator assertionRequestValidator; + private final AssertionService assertionService; + + @Autowired + public AssertionController(AssertionRequestValidator assertionRequestValidator, AssertionService assertionService) { + this.assertionRequestValidator = assertionRequestValidator; + this.assertionService = assertionService; + } + + @PostMapping("challenge") + @CrossOrigin(origins = "http://localhost:8081") + public ObjectResponse requestAssertionChallenge(@Valid @RequestBody ObjectRequest request) throws Exception { + final AssertionChallengeRequest requestObject = request.getRequestObject(); + final AssertionChallengeResponse assertionChallengeResponse = assertionService.requestAssertionChallenge(requestObject); + return new ObjectResponse<>(assertionChallengeResponse); + } + + @PostMapping + @CrossOrigin(origins = "http://localhost:8081") + public ObjectResponse authenticate(@Valid @RequestBody ObjectRequest request) throws Fido2AuthenticationFailedException { + final AssertionRequest requestObject = request.getRequestObject(); + final String error = assertionRequestValidator.validate(requestObject); + if (error != null) { + throw new Fido2AuthenticationFailedException(error); + } + final AssertionVerificationResponse signatureResponse = assertionService.authenticate(requestObject); + return new ObjectResponse<>(signatureResponse); + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java new file mode 100644 index 000000000..9d0cf6041 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java @@ -0,0 +1,83 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.controller; + +import com.wultra.powerauth.fido2.rest.model.entity.AaguidList; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.request.RegisteredAuthenticatorsRequest; +import com.wultra.powerauth.fido2.rest.model.request.RegistrationChallengeRequest; +import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; +import com.wultra.powerauth.fido2.rest.model.response.RegisteredAuthenticatorsResponse; +import com.wultra.powerauth.fido2.rest.model.response.RegistrationChallengeResponse; +import com.wultra.powerauth.fido2.rest.model.response.RegistrationResponse; +import com.wultra.powerauth.fido2.service.AuthenticatorProvider; +import com.wultra.powerauth.fido2.service.RegistrationService; +import io.getlime.core.rest.model.base.request.ObjectRequest; +import io.getlime.core.rest.model.base.response.ObjectResponse; +import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.validation.Valid; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +/** + * Controller responsible for FIDO2 authenticator registration handling. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Validated +@RestController +@RequestMapping("registrations") +@Slf4j +@Tag(name = "FIDO2 Registration Controller") +public class RegistrationController { + + private final RegistrationService registrationService; + + @Autowired + public RegistrationController(RegistrationService registrationService) { + this.registrationService = registrationService; + } + + @PostMapping("list") + @CrossOrigin(origins = "http://localhost:8081") + public ObjectResponse registeredAuthenticators(@Valid @RequestBody ObjectRequest request) throws Exception { + final RegisteredAuthenticatorsRequest requestObject = request.getRequestObject(); + final RegisteredAuthenticatorsResponse responseObject = registrationService.registrationsForUser(requestObject.getUserId(), requestObject.getApplicationId()); + return new ObjectResponse<>(responseObject); + } + + @PostMapping("challenge") + @CrossOrigin(origins = "http://localhost:8081") + public ObjectResponse requestRegistrationChallenge(@Valid @RequestBody ObjectRequest request) throws Exception { + final RegistrationChallengeRequest requestObject = request.getRequestObject(); + final RegistrationChallengeResponse responseObject = registrationService.requestRegistrationChallenge(requestObject.getUserId(), requestObject.getApplicationId()); + return new ObjectResponse<>(responseObject); + } + + @PostMapping + @CrossOrigin(origins = "http://localhost:8081") + public ObjectResponse register(@Valid @RequestBody ObjectRequest request) throws Exception { + final RegistrationRequest requestObject = request.getRequestObject(); + final RegistrationResponse responseObject = registrationService.register(requestObject); + return new ObjectResponse<>(responseObject); + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java new file mode 100644 index 000000000..5c1451483 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java @@ -0,0 +1,52 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.converter; + +import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; +import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +/** + * Converter for assertion challenge values. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Component +@Slf4j +public class AssertionChallengeConverter { + + /** + * Convert a new assertion challenge response from a provided challenge. + * + * @param source Challenge. + * @return Assertion challenge response. + */ + public AssertionChallengeResponse fromChallenge(AssertionChallenge source) { + if (source == null) { + return null; + } + final AssertionChallengeResponse destination = new AssertionChallengeResponse(); + destination.setUserId(source.getUserId()); + destination.setApplicationIds(source.getApplicationIds()); + destination.setChallenge(source.getChallenge()); + return destination; + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java new file mode 100644 index 000000000..27d54689c --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java @@ -0,0 +1,59 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.converter; + +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.response.AssertionVerificationResponse; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +/** + * Converter between assertion verification result to signature verification. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Component +@Slf4j +public class AssertionConverter { + + public AssertionVerificationResponse fromAuthenticatorDetail(AuthenticatorDetail source, boolean assertionValid) { + if (source == null) { + return null; + } + + if (!assertionValid) { // return empty object for invalid assertions + final AssertionVerificationResponse destination = new AssertionVerificationResponse(); + destination.setAssertionValid(false); + return destination; + } else { + final AssertionVerificationResponse destination = new AssertionVerificationResponse(); + destination.setAssertionValid(assertionValid); + destination.setUserId(source.getUserId()); + destination.setActivationId(source.getActivationId()); + destination.setApplicationId(source.getApplicationId()); + destination.setActivationStatus(source.getActivationStatus()); + destination.setBlockedReason(source.getBlockedReason()); + destination.setRemainingAttempts(source.getMaxFailedAttempts() - source.getFailedAttempts()); + destination.setApplicationRoles(source.getApplicationRoles()); + destination.setActivationFlags(source.getActivationFlags()); + return destination; + } + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationChallengeConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationChallengeConverter.java new file mode 100644 index 000000000..c15314c3d --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationChallengeConverter.java @@ -0,0 +1,51 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.converter; + +import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; +import com.wultra.powerauth.fido2.rest.model.response.RegistrationChallengeResponse; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Component +@Slf4j +public class RegistrationChallengeConverter { + + /** + * Convert a new assertion challenge response from a provided challenge. + * + * @param source Challenge. + * @return Assertion challenge response. + */ + public RegistrationChallengeResponse fromChallenge(RegistrationChallenge source) { + if (source == null) { + return null; + } + final RegistrationChallengeResponse destination = new RegistrationChallengeResponse(); + destination.setUserId(source.getUserId()); + destination.setActivationId(source.getActivationId()); + destination.setApplicationId(source.getApplicationId()); + destination.setChallenge(source.getChallenge()); + return destination; + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java new file mode 100644 index 000000000..002078848 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -0,0 +1,87 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.converter; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.wultra.powerauth.fido2.rest.model.entity.AaguidList; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; +import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; +import com.wultra.powerauth.fido2.rest.model.response.RegistrationResponse; +import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import java.util.ArrayList; + +/** + * Converter class for registration related objects. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Component +@Slf4j +public class RegistrationConverter { + + private final AaguidList aaguidRegistry = new AaguidList(); + + public AuthenticatorDetail convert(RegistrationChallenge challenge, RegistrationRequest requestObject, byte[] aaguid, byte[] publicKey) { + try { + final AuthenticatorDetail authenticatorDetail = new AuthenticatorDetail(); + authenticatorDetail.setUserId(challenge.getUserId()); + authenticatorDetail.setActivationId(challenge.getActivationId()); + authenticatorDetail.setApplicationId(challenge.getApplicationId()); + + authenticatorDetail.setExternalId(requestObject.getId()); + authenticatorDetail.setExtras(new ObjectMapper().writeValueAsString(requestObject.getResponse().getTransports())); + authenticatorDetail.setActivationName(requestObject.getActivationName()); + authenticatorDetail.setPlatform(requestObject.getAuthenticatorAttachment()); + authenticatorDetail.setDeviceInfo(aaguidRegistry.vendorName(aaguid)); + authenticatorDetail.setActivationStatus(ActivationStatus.ACTIVE); + authenticatorDetail.setActivationFlags(new ArrayList<>()); + authenticatorDetail.setApplicationRoles(new ArrayList<>()); + authenticatorDetail.setPublicKeyBytes(publicKey); + authenticatorDetail.setFailedAttempts(0L); + authenticatorDetail.setMaxFailedAttempts(5L); + return authenticatorDetail; + } catch (JsonProcessingException e) { + throw new RuntimeException(e); + } + } + + public RegistrationResponse convertRegistrationResponse(AuthenticatorDetail source) { + final RegistrationResponse result = new RegistrationResponse(); + result.setUserId(source.getUserId()); + result.setActivationId(source.getActivationId()); + result.setApplicationId(source.getApplicationId()); + result.setExternalId(source.getExternalId()); + result.setExtras(source.getExtras()); + result.setActivationName(source.getActivationName()); + result.setPlatform(source.getPlatform()); + result.setDeviceInfo(source.getDeviceInfo()); + result.setActivationStatus(source.getActivationStatus()); + result.setActivationFlags(source.getActivationFlags()); + result.setApplicationRoles(source.getApplicationRoles()); + result.setPublicKeyBytes(source.getPublicKeyBytes()); + result.setFailedAttempts(source.getFailedAttempts()); + result.setMaxFailedAttempts(source.getMaxFailedAttempts()); + return result; + } +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java new file mode 100644 index 000000000..0ce540c74 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java @@ -0,0 +1,67 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.converter.serialization; + +import com.fasterxml.jackson.core.JacksonException; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.fasterxml.jackson.dataformat.cbor.databind.CBORMapper; +import com.wultra.powerauth.fido2.rest.model.entity.AttestationObject; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import java.io.IOException; +import java.io.Serial; +import java.util.Base64; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Component +@Slf4j +public class AttestationObjectDeserializer extends StdDeserializer { + + @Serial + private static final long serialVersionUID = -5549850902593127253L; + + private final CBORMapper cborMapper = new CBORMapper(); + + public AttestationObjectDeserializer() { + this(null); + } + + public AttestationObjectDeserializer(Class vc) { + super(vc); + } + + @Override + public AttestationObject deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException, JacksonException { + try { + final String originalTextValue = jsonParser.getText(); + final byte[] decodedAttestationObject = Base64.getDecoder().decode(originalTextValue); + final AttestationObject attestationObject = cborMapper.readValue(decodedAttestationObject, AttestationObject.class); + attestationObject.setEncoded(originalTextValue); + return attestationObject; + } catch (IOException e) { + throw new RuntimeException(e); + } + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java new file mode 100644 index 000000000..2308f49f7 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java @@ -0,0 +1,65 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.converter.serialization; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.wultra.powerauth.fido2.rest.model.entity.AttestationStatement; +import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import java.io.IOException; +import java.io.Serial; +import java.util.Map; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Component +@Slf4j +public class AttestationStatementDeserializer extends StdDeserializer { + + @Serial + private static final long serialVersionUID = -3598363993363470844L; + + public AttestationStatementDeserializer() { + this(null); + } + + public AttestationStatementDeserializer(Class vc) { + super(vc); + } + + @Override + public AttestationStatement deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + final Map map = jsonParser.readValueAs(new TypeReference<>() {}); + final AttestationStatement result = new AttestationStatement(); + final Integer alg = (Integer) map.get("alg"); + if (alg != null && -7 == alg) { + result.setAlgorithm(SignatureAlgorithm.ES256); + } else { + result.setAlgorithm(SignatureAlgorithm.UNKNOWN); + } + result.setSignature((byte[]) map.get("sig")); + return result; + } +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java new file mode 100644 index 000000000..5a8ecb00c --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java @@ -0,0 +1,145 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.converter.serialization; + +import com.fasterxml.jackson.core.JacksonException; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.fasterxml.jackson.dataformat.cbor.databind.CBORMapper; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; +import com.wultra.powerauth.fido2.rest.model.entity.Flags; +import com.wultra.powerauth.fido2.rest.model.entity.PublicKeyObject; +import com.wultra.powerauth.fido2.rest.model.enumeration.CurveType; +import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import java.io.IOException; +import java.io.Serial; +import java.nio.ByteBuffer; +import java.util.Map; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Component +@Slf4j +public class AuthenticatorDataDeserializer extends StdDeserializer { + + @Serial + private static final long serialVersionUID = -7644582864083436208L; + + private final CBORMapper cborMapper = new CBORMapper(); + + public AuthenticatorDataDeserializer() { + this(null); + } + private AuthenticatorDataDeserializer(Class vc) { + super(vc); + } + + @Override + public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException, JacksonException { + final AuthenticatorData result = new AuthenticatorData(); + + // Serialize Auth Data + final byte[] authData = jsonParser.getBinaryValue(); + result.setEncoded(authData); + + // Get RP ID Hash + final byte[] rpIdHash = new byte[32]; + System.arraycopy(authData, 0, rpIdHash,0, 32); + result.setRpIdHash(rpIdHash); + + // Get Flags + final byte flagByte = authData[32]; + final Flags flags = result.getFlags(); + + flags.setUserPresent(isFlagOn(flagByte, 0)); + flags.setReservedBit2(isFlagOn(flagByte, 1)); + flags.setUserVerified(isFlagOn(flagByte, 2)); + flags.setBackupEligible(isFlagOn(flagByte, 3)); + flags.setBackupState(isFlagOn(flagByte, 4)); + flags.setReservedBit6(isFlagOn(flagByte, 5)); + flags.setAttestedCredentialsIncluded(isFlagOn(flagByte,6)); + flags.setExtensionDataInlcuded(isFlagOn(flagByte,7)); + + // Get Signature Counter + final byte[] signCountBytes = new byte[4]; + System.arraycopy(authData, 33, signCountBytes, 0, 4); + final int signCount = ByteBuffer.wrap(signCountBytes).getInt(); // big-endian by default + result.setSignCount(signCount); + + if (authData.length > 37) { // get info about the credentials + + // Get AAGUID + final byte[] aaguid = new byte[16]; + System.arraycopy(authData, 37, aaguid, 0, 16); + result.getAttestedCredentialData().setAaguid(aaguid); + + // Get credential ID length + final byte[] credentialIdLength = new byte[2]; + System.arraycopy(authData, 53, credentialIdLength, 0, 2); + final ByteBuffer wrapped = ByteBuffer.wrap(credentialIdLength); // big-endian by default + short credentialIdLengthValue = wrapped.getShort(); + + // Get credentialId + final byte[] credentialId = new byte[credentialIdLengthValue]; + System.arraycopy(authData, 55, credentialId, 0, credentialIdLengthValue); + result.getAttestedCredentialData().setCredentialId(credentialId); + + // Get credentialPublicKey + final int remainingLength = authData.length - (55 + credentialIdLengthValue); + final byte[] credentialPublicKey = new byte[remainingLength]; + System.arraycopy(authData, 55 + credentialIdLengthValue, credentialPublicKey, 0, remainingLength); + final Map credentialPublicKeyMap = cborMapper.readValue(credentialPublicKey, new TypeReference<>() { + }); + + final PublicKeyObject publicKeyObject = new PublicKeyObject(); + final Integer algorithm = (Integer) credentialPublicKeyMap.get("3"); + if (algorithm != null && -7 == algorithm) { + publicKeyObject.setAlgorithm(SignatureAlgorithm.ES256); + } else { + throw new RuntimeException("Unsupported algorithm: " + algorithm); + } + final Integer curveType = (Integer) credentialPublicKeyMap.get("-1"); + if (curveType != null && 1 == curveType) { + publicKeyObject.setCurveType(CurveType.P256); + } else { + throw new RuntimeException("Unsupported curve type: " + curveType); + } + + final byte[] xBytes = (byte[]) credentialPublicKeyMap.get("-2"); + final byte[] yBytes = (byte[]) credentialPublicKeyMap.get("-3"); + publicKeyObject.getPoint().setX(xBytes); + publicKeyObject.getPoint().setY(yBytes); + + result.getAttestedCredentialData().setPublicKeyObject(publicKeyObject); + } + + return result; + } + + private boolean isFlagOn(byte flags, int position) { + return ((flags >> position) & 1) == 1; + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java new file mode 100644 index 000000000..fe0801665 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java @@ -0,0 +1,49 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.converter.serialization; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; + +import java.io.IOException; +import java.io.Serial; +import java.util.Base64; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +public class Base64ToByteArrayDeserializer extends StdDeserializer { + + @Serial + private static final long serialVersionUID = 4519714786533202920L; + + public Base64ToByteArrayDeserializer() { + this(null); + } + + public Base64ToByteArrayDeserializer(Class vc) { + super(vc); + } + + @Override + public byte[] deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + return Base64.getDecoder().decode(jsonParser.getText()); + } +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java new file mode 100644 index 000000000..31d61449f --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java @@ -0,0 +1,54 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.converter.serialization; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import java.io.IOException; +import java.io.Serial; +import java.nio.charset.StandardCharsets; +import java.util.Base64; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Component +@Slf4j +public class Base64ToStringDeserializer extends StdDeserializer { + + @Serial + private static final long serialVersionUID = 2540966716709142276L; + + public Base64ToStringDeserializer() { + this(null); + } + + public Base64ToStringDeserializer(Class vc) { + super(vc); + } + + @Override + public String deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + return new String(Base64.getDecoder().decode(jsonParser.getText()), StandardCharsets.UTF_8); + } +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java new file mode 100644 index 000000000..5b53b39c1 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java @@ -0,0 +1,68 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.converter.serialization; + +import com.fasterxml.jackson.core.JacksonException; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.wultra.powerauth.fido2.rest.model.entity.CollectedClientData; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import java.io.IOException; +import java.io.Serial; +import java.util.Base64; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Component +@Slf4j +public class CollectedClientDataDeserializer extends StdDeserializer { + + @Serial + private static final long serialVersionUID = 8991171442005200006L; + private final ObjectMapper objectMapper = new ObjectMapper() + .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + + public CollectedClientDataDeserializer() { + this(null); + } + + public CollectedClientDataDeserializer(Class vc) { + super(vc); + } + + @Override + public CollectedClientData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) { + try { + final String originalTextValue = jsonParser.getText(); + final byte[] decodedClientDataJSON = Base64.getDecoder().decode(originalTextValue); + final CollectedClientData collectedClientData = objectMapper.readValue(decodedClientDataJSON, CollectedClientData.class); + collectedClientData.setEncoded(new String(decodedClientDataJSON)); + return collectedClientData; + } catch (IOException e) { + throw new RuntimeException(e); + } + } +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java new file mode 100644 index 000000000..ed4af7695 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java @@ -0,0 +1,195 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; +import java.util.UUID; + +/** + * Class containing map of all known FIDO2 AAGUID authenticator identifiers. + * + * @author Petr Dvorak, petr@wultra.com + */ +public class AaguidList { + + private static final Map vendors = new HashMap<>(); + + public AaguidList() { + + // Android + vendors.put(UUID.fromString("b93fd961-f2e6-462f-b122-82002247de78"), "Android Authenticator with SafetyNet Attestation"); + + // ATKey + vendors.put(UUID.fromString("ba76a271-6eb6-4171-874d-b6428dbe3437"), "ATKey.ProS"); + vendors.put(UUID.fromString("d41f5a69-b817-4144-a13c-9ebd6d9254d6"), "ATKey.Card CTAP2.0"); + vendors.put(UUID.fromString("e1a96183-5016-4f24-b55b-e3ae23614cc6"), "ATKey.Pro CTAP2.0"); + vendors.put(UUID.fromString("e416201b-afeb-41ca-a03d-2281c28322aa"), "ATKey.Pro CTAP2.1"); + + // Atos + vendors.put(UUID.fromString("1c086528-58d5-f211-823c-356786e36140"), "Atos CardOS FIDO2"); + + // Crayonic + vendors.put(UUID.fromString("be727034-574a-f799-5c76-0929e0430973"), "Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)"); + + // Cryptnox + vendors.put(UUID.fromString("9c835346-796b-4c27-8898-d6032f515cc5"), "Cryptnox FIDO2"); + + // Ensurity + vendors.put(UUID.fromString("454e5346-4944-4ffd-6c93-8e9267193e9a"), "Ensurity ThinC"); + + // ESS + vendors.put(UUID.fromString("5343502d-5343-5343-6172-644649444f32"), "ESS Smart Card Inc. Authenticator"); + + // eWBM + vendors.put(UUID.fromString("61250591-b2bc-4456-b719-0b17be90bb30"), "eWBM eFPA FIDO2 Authenticator"); + vendors.put(UUID.fromString("87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c"), "eWBM eFA320 FIDO2 Authenticator"); + vendors.put(UUID.fromString("95442b2e-f15e-4def-b270-efb106facb4e"), "eWBM eFA310 FIDO2 Authenticator"); + + // FEITIAN + vendors.put(UUID.fromString("12ded745-4bed-47d4-abaa-e713f51d6393"), "AllinPass FIDO"); + vendors.put(UUID.fromString("2c0df832-92de-4be1-8412-88a8f074df4a"), "FIDO Java Card"); + vendors.put(UUID.fromString("310b2830-bd4a-4da5-832e-9a0dfc90abf2"), "MultiPass FIDO"); + vendors.put(UUID.fromString("3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d"), "Feitian iePass FIDO Authenticator"); + vendors.put(UUID.fromString("6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d"), "iePass FIDO"); + vendors.put(UUID.fromString("77010bd7-212a-4fc9-b236-d2ca5e9d4084"), "BioPass FIDO"); + vendors.put(UUID.fromString("833b721a-ff5f-4d00-bb2e-bdda3ec01e29"), "ePassFIDO K10, A4B, K28"); + vendors.put(UUID.fromString("8c97a730-3f7b-41a6-87d6-1e9b62bda6f0"), "FIDO Fingerprint Card"); + vendors.put(UUID.fromString("b6ede29c-3772-412c-8a78-539c1f4c62d2"), "BioPass FIDO Plus"); + vendors.put(UUID.fromString("ee041bce-25e5-4cdb-8f86-897fd6418464"), "ePassFIDO K39, NFC, NFC Plus"); + + // GoTrust + vendors.put(UUID.fromString("3b1adb99-0dfe-46fd-90b8-7f7614a4de2a"), "GoTrust Idem Key FIDO2 Authenticator"); + vendors.put(UUID.fromString("9f0d8150-baa5-4c00-9299-ad62c8bb4e87"), "GoTrust Idem Card FIDO2 Authenticator"); + + // HID Global + vendors.put(UUID.fromString("54d9fee8-e621-4291-8b18-7157b99c5bec"), "HID Crescendo Enabled"); + vendors.put(UUID.fromString("692db549-7ae5-44d5-a1e5-dd20a493b723"), "HID Crescendo Key"); + vendors.put(UUID.fromString("aeb6569c-f8fb-4950-ac60-24ca2bbe2e52"), "HID Crescendo C2300"); + + // Hideez + vendors.put(UUID.fromString("3e078ffd-4c54-4586-8baa-a77da113aec5"), "Hideez Key 3 FIDO2"); + vendors.put(UUID.fromString("4e768f2c-5fab-48b3-b300-220eb487752b"), "Hideez Key 4 FIDO2 SDK"); + + // Hyper + vendors.put(UUID.fromString("9f77e279-a6e2-4d58-b700-31e5943c6a98"), "Hyper FIDO Pro"); + vendors.put(UUID.fromString("d821a7d4-e97c-4cb6-bd82-4237731fd4be"), "Hyper FIDO Bio Security Key"); + + // MKGroup + vendors.put(UUID.fromString("f4c63eff-d26c-4248-801c-3736c7eaa93a"), "FIDO KeyPass S3"); + + // KEY-ID + vendors.put(UUID.fromString("d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3"), "KEY-ID FIDO2 Authenticator"); + + // NEOWAVE + vendors.put(UUID.fromString("3789da91-f943-46bc-95c3-50ea2012f03a"), "NEOWAVE Winkeo FIDO2"); + vendors.put(UUID.fromString("c5703116-972b-4851-a3e7-ae1259843399"), "NEOWAVE Badgeo FIDO2"); + + // NXP Semiconductors + vendors.put(UUID.fromString("07a9f89c-6407-4594-9d56-621d5f1e358b"), "NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator"); + + // OCTATCO + vendors.put(UUID.fromString("a1f52be5-dfab-4364-b51c-2bd496b14a56"), "OCTATCO EzFinger2 FIDO2 AUTHENTICATOR"); + vendors.put(UUID.fromString("bc2fe499-0d8e-4ffe-96f3-94a82840cf8c"), "OCTATCO EzQuant FIDO2 AUTHENTICATOR"); + + // OneSpan + vendors.put(UUID.fromString("30b5035e-d297-4fc1-b00b-addc96ba6a97"), "OneSpan FIDO Touch"); + + // Precision InnaIT + vendors.put(UUID.fromString("88bbd2f0-342a-42e7-9729-dd158be5407a"), "Precision InnaIT Key FIDO 2 Level 2 certified"); + + // SmartDisplayer + vendors.put(UUID.fromString("516d3969-5a57-5651-5958-4e7a49434167"), "SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)"); + + // Solo + vendors.put(UUID.fromString("8876631b-d4a0-427f-5773-0ec71c9e0279"), "Solo Secp256R1 FIDO2 CTAP2 Authenticator"); + vendors.put(UUID.fromString("8976631b-d4a0-427f-5773-0ec71c9e0279"), "Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator"); + + // Somu + vendors.put(UUID.fromString("9876631b-d4a0-427f-5773-0ec71c9e0279"), "Somu Secp256R1 FIDO2 CTAP2 Authenticator"); + + // Swissbit + vendors.put(UUID.fromString("931327dd-c89b-406c-a81e-ed7058ef36c6"), "Swissbit iShield FIDO2"); + + // Thales + vendors.put(UUID.fromString("b50d5e0a-7f81-4959-9b12-f45407407503"), "Thales IDPrime MD 3940 FIDO"); + vendors.put(UUID.fromString("efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4"), "Thales eToken FIDO"); + + // TrustKey + vendors.put(UUID.fromString("95442b2e-f15e-4def-b270-efb106facb4e"), "TrustKey G310(H)"); + vendors.put(UUID.fromString("87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c"), "TrustKey G320(H)"); + vendors.put(UUID.fromString("da776f39-f6c8-4a89-b252-1d86137a46ba"), "TrustKey T110"); + vendors.put(UUID.fromString("e3512a8a-62ae-11ea-bc55-0242ac130003"), "TrustKey T120"); + + // TOKEN2 + vendors.put(UUID.fromString("ab32f0c6-2239-afbb-c470-d2ef4e254db7"), "TOKEN2 FIDO2 Security Key"); + + // uTrust + vendors.put(UUID.fromString("73402251-f2a8-4f03-873e-3cb6db604b03"), "uTrust FIDO2 Security Key"); + + // Vancosys + vendors.put(UUID.fromString("39a5647e-1853-446c-a1f6-a79bae9f5bc7"), "Vancosys Android Authenticator"); + vendors.put(UUID.fromString("820d89ed-d65a-409e-85cb-f73f0578f82a"), "Vancosys iOS Authenticator"); + + // VinCSS + vendors.put(UUID.fromString("5fdb81b8-53f0-4967-a881-f5ec26fe4d18"), "VinCSS FIDO2 Authenticator"); + + // VivoKey + vendors.put(UUID.fromString("d7a423ad-3e19-4492-9200-78137dccc136"), "VivoKey Apex FIDO2"); + + // Windows Hello + vendors.put(UUID.fromString("08987058-cadc-4b81-b6e1-30de50dcbe96"), "Windows Hello Hardware Authenticator"); + vendors.put(UUID.fromString("6028b017-b1d4-4c02-b4b3-afcdafc96bb2"), "Windows Hello Software Authenticator"); + vendors.put(UUID.fromString("9ddd1817-af5a-4672-a2b9-3e3dd95000a9"), "Windows Hello VBS Hardware Authenticator"); + + // WiSECURE + vendors.put(UUID.fromString("504d7149-4e4c-3841-4555-55445a677357"), "WiSECURE AuthTron USB FIDO2 Authenticator"); + + // Yubico + vendors.put(UUID.fromString("0bb43545-fd2c-4185-87dd-feb0b2916ace"), "Security Key NFC by Yubico - Enterprise Edition"); + vendors.put(UUID.fromString("149a2021-8ef6-4133-96b8-81f8d5b7f1f5"), "Security Key by Yubico with NFC"); + vendors.put(UUID.fromString("2fc0579f-8113-47ea-b116-bb5a8db9202a"), "YubiKey 5 Series with NFC"); + vendors.put(UUID.fromString("6d44ba9b-f6ec-2e49-b930-0c8fe920cb73"), "Security Key by Yubico with NFC"); + vendors.put(UUID.fromString("73bb0cd4-e502-49b8-9c6f-b59445bf720b"), "YubiKey 5 FIPS Series"); + vendors.put(UUID.fromString("85203421-48f9-4355-9bc8-8a53846e5083"), "YubiKey 5Ci FIPS"); + vendors.put(UUID.fromString("a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa"), "Security Key by Yubico with NFC"); + vendors.put(UUID.fromString("b92c3f9a-c014-4056-887f-140a2501163b"), "Security Key by Yubico"); + vendors.put(UUID.fromString("c1f9a0bc-1dd2-404a-b27f-8e29047a43fd"), "YubiKey 5 FIPS Series with NFC"); + vendors.put(UUID.fromString("c5ef55ff-ad9a-4b9f-b580-adebafe026d0"), "YubiKey 5Ci"); + vendors.put(UUID.fromString("cb69481e-8ff7-4039-93ec-0a2729a154a8"), "YubiKey 5 Series"); + vendors.put(UUID.fromString("d8522d9f-575b-4866-88a9-ba99fa02f35b"), "YubiKey Bio Series"); + vendors.put(UUID.fromString("ee882879-721c-4913-9775-3dfcce97072a"), "YubiKey 5 Series"); + vendors.put(UUID.fromString("f8a011f3-8c0a-4d15-8006-17111f9edc7d"), "Security Key by Yubico"); + vendors.put(UUID.fromString("fa2b99dc-9e39-4257-8f92-4a30d23c4118"), "YubiKey 5 Series with NFC"); + vendors.put(UUID.fromString("34f5766d-1536-4a24-9033-0e294e510fb0"), "YubiKey 5 Series CTAP2.1 Preview Expired"); + vendors.put(UUID.fromString("83c47309-aabb-4108-8470-8be838b573cb"), "YubiKey Bio Series (Enterprise Profile)"); + + // Other authenticators + vendors.put(UUID.fromString("ad784498-1902-3f54-b99a-10bb7dbd9588"), "Apple MacBook Pro 14-inch, 2021"); + vendors.put(UUID.nameUUIDFromBytes(new byte[16]), "Apple Passkeys"); + + } + + public String vendorName(byte[] aaguid) { + final String vendor = vendors.get(UUID.nameUUIDFromBytes(aaguid)); + return Objects.requireNonNullElse(vendor, "Unknown FIDO2 Authenticator"); + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java new file mode 100644 index 000000000..6bcc5286f --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java @@ -0,0 +1,35 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import lombok.Data; + +import java.util.List; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AssertionChallenge { + + private List applicationIds; + private String challenge; + private String userId; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java new file mode 100644 index 000000000..203d32cd2 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java @@ -0,0 +1,41 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.wultra.powerauth.fido2.rest.model.converter.serialization.AttestationStatementDeserializer; +import com.wultra.powerauth.fido2.rest.model.converter.serialization.AuthenticatorDataDeserializer; +import lombok.Data; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AttestationObject { + + private String encoded; + + private String fmt; + + @JsonDeserialize(using = AuthenticatorDataDeserializer.class) + private AuthenticatorData authData; + @JsonDeserialize(using = AttestationStatementDeserializer.class) + private AttestationStatement attStmt; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java new file mode 100644 index 000000000..8c59404fe --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java @@ -0,0 +1,31 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; +import lombok.Data; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AttestationStatement { + private SignatureAlgorithm algorithm; + private byte[] signature; +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java new file mode 100644 index 000000000..f08265ec2 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java @@ -0,0 +1,33 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import lombok.Data; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AttestedCredentialData { + + private byte[] aaguid; + private byte[] credentialId; + private PublicKeyObject publicKeyObject; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java new file mode 100644 index 000000000..54d962491 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java @@ -0,0 +1,48 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.wultra.powerauth.fido2.rest.model.converter.serialization.AuthenticatorDataDeserializer; +import com.wultra.powerauth.fido2.rest.model.converter.serialization.Base64ToByteArrayDeserializer; +import com.wultra.powerauth.fido2.rest.model.converter.serialization.Base64ToStringDeserializer; +import com.wultra.powerauth.fido2.rest.model.converter.serialization.CollectedClientDataDeserializer; +import jakarta.validation.constraints.NotEmpty; +import lombok.Data; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AuthenticatorAssertionResponse { + + @JsonDeserialize(using = CollectedClientDataDeserializer.class) + private CollectedClientData clientDataJSON; + + @JsonDeserialize(using = AuthenticatorDataDeserializer.class) + private AuthenticatorData authenticatorData; + + @NotEmpty + @JsonDeserialize(using = Base64ToByteArrayDeserializer.class) + private byte[] signature; + + @JsonDeserialize(using = Base64ToStringDeserializer.class) + private String userHandle; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java new file mode 100644 index 000000000..94a4538ce --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java @@ -0,0 +1,41 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.wultra.powerauth.fido2.rest.model.converter.serialization.AttestationObjectDeserializer; +import com.wultra.powerauth.fido2.rest.model.converter.serialization.Base64ToByteArrayDeserializer; +import com.wultra.powerauth.fido2.rest.model.converter.serialization.CollectedClientDataDeserializer; +import lombok.Data; + +import java.util.List; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AuthenticatorAttestationResponse { + + @JsonDeserialize(using = CollectedClientDataDeserializer.class) + private CollectedClientData clientDataJSON; + @JsonDeserialize(using = AttestationObjectDeserializer.class) + private AttestationObject attestationObject; + private List transports; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java new file mode 100644 index 000000000..dc6b1c587 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java @@ -0,0 +1,40 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import jakarta.validation.constraints.NotEmpty; +import jakarta.validation.constraints.PositiveOrZero; +import lombok.Data; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AuthenticatorData { + + @NotEmpty + private byte[] encoded; + @NotEmpty + private byte[] rpIdHash; + private Flags flags = new Flags(); + @PositiveOrZero + private int signCount; + private AttestedCredentialData attestedCredentialData = new AttestedCredentialData(); + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java new file mode 100644 index 000000000..e5b42e7d1 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java @@ -0,0 +1,52 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import lombok.Data; + +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.List; + +/** + * Information about a registered authenticator. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AuthenticatorDetail { + + private String userId; + private String activationId; + private String applicationId; + private String activationName; + private String externalId; + private ActivationStatus activationStatus; + private String extras; + private String platform; + private String deviceInfo; + private String blockedReason; + private long failedAttempts; + private long maxFailedAttempts; + private List applicationRoles = new ArrayList<>(); + private List activationFlags = new ArrayList<>(); + private byte[] publicKeyBytes; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java new file mode 100644 index 000000000..5f021963e --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java @@ -0,0 +1,43 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.wultra.powerauth.fido2.rest.model.converter.serialization.Base64ToStringDeserializer; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotEmpty; +import lombok.Data; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class CollectedClientData { + @NotEmpty + private String encoded; + @NotBlank + private String type; + @NotEmpty + @JsonDeserialize(using = Base64ToStringDeserializer.class) + private String challenge; + @NotBlank + private String origin; + private String topOrigin; + private boolean crossOrigin; +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/EllipticCurvePoint.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/EllipticCurvePoint.java new file mode 100644 index 000000000..798bd5e03 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/EllipticCurvePoint.java @@ -0,0 +1,30 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import lombok.Data; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class EllipticCurvePoint { + private byte[] x; + private byte[] y; +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java new file mode 100644 index 000000000..d7ea3d5c5 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java @@ -0,0 +1,38 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import lombok.Data; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class Flags { + + private boolean userPresent; + private boolean reservedBit2; + private boolean userVerified; + private boolean backupEligible; + private boolean backupState; + private boolean reservedBit6; + private boolean attestedCredentialsIncluded; + private boolean extensionDataInlcuded; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java new file mode 100644 index 000000000..58ac15f71 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java @@ -0,0 +1,35 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import com.wultra.powerauth.fido2.rest.model.enumeration.CurveType; +import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; +import lombok.Data; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class PublicKeyObject { + + private SignatureAlgorithm algorithm; + private CurveType curveType; + private EllipticCurvePoint point = new EllipticCurvePoint(); + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/RegistrationChallenge.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/RegistrationChallenge.java new file mode 100644 index 000000000..dc97ee192 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/RegistrationChallenge.java @@ -0,0 +1,34 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import lombok.Data; + +/** + * Model class representing registration challenge. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class RegistrationChallenge { + private String activationId; + private String applicationId; + private String challenge; + private String userId; +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java new file mode 100644 index 000000000..21598d731 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java @@ -0,0 +1,27 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.enumeration; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +public enum CurveType { + P256, + UNKNOWN +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java new file mode 100644 index 000000000..10a9f66fa --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java @@ -0,0 +1,45 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.enumeration; + +import java.util.List; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +public enum Fmt { + + FMT_PACKED("packed"), + FMT_NONE("none"); + + private final String value; + + public static final List allowedFmt = List.of( + FMT_PACKED.value, FMT_NONE.value + // not supported: "tpm", "android-key", "android-safetynet", "apple", "fido-u2f" + ); + + Fmt(String value) { + this.value = value; + } + + public String getValue() { + return value; + } +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java new file mode 100644 index 000000000..712069058 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java @@ -0,0 +1,27 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.enumeration; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +public enum SignatureAlgorithm { + ES256, + UNKNOWN +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java new file mode 100644 index 000000000..ddc5a19fc --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java @@ -0,0 +1,43 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.request; + +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotEmpty; +import lombok.Data; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * Request for obtaining assertion challenge. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AssertionChallengeRequest { + @NotEmpty + private List<@NotBlank String> applicationIds; + private String externalId; + @NotBlank + private String operationType; + private Map parameters = new HashMap<>(); + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionRequest.java new file mode 100644 index 000000000..a67618d2b --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionRequest.java @@ -0,0 +1,50 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.request; + +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse; +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AssertionRequest { + + @NotBlank + private String id; + @NotBlank + private String type; + @NotBlank + private String authenticatorAttachment; + private AuthenticatorAssertionResponse response = new AuthenticatorAssertionResponse(); + @NotBlank + private String applicationId; + @NotBlank + private String relyingPartyId; + private List allowedOrigins = new ArrayList<>(); + private List allowedTopOrigins = new ArrayList<>(); + private boolean requiresUserVerification; + private String expectedChallenge; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegisteredAuthenticatorsRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegisteredAuthenticatorsRequest.java new file mode 100644 index 000000000..3a742b537 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegisteredAuthenticatorsRequest.java @@ -0,0 +1,34 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.request; + +import lombok.Data; + +/** + * Request for obtaining list of registered authenticators for given user. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class RegisteredAuthenticatorsRequest { + + private String applicationId; + private String userId; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationChallengeRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationChallengeRequest.java new file mode 100644 index 000000000..d86c16126 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationChallengeRequest.java @@ -0,0 +1,36 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.request; + +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +/** + * Request object for registration challenge. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class RegistrationChallengeRequest { + + @NotBlank + private String userId; + @NotBlank + private String applicationId; +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java new file mode 100644 index 000000000..c29fbd17d --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java @@ -0,0 +1,56 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.request; + +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAttestationResponse; +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class RegistrationRequest { + + // Relying party parameters + @NotBlank + private String applicationId; + @NotBlank + private String activationName; + private String expectedChallenge; + + // Authenticator parameters + @NotBlank + private String id; + @NotBlank + private String type; + @NotBlank + private String authenticatorAttachment; + private AuthenticatorAttestationResponse response = new AuthenticatorAttestationResponse(); + @NotBlank + private String relyingPartyId; + private List allowedOrigins = new ArrayList<>(); + private List allowedTopOrigins = new ArrayList<>(); + private boolean requiresUserVerification; + + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java new file mode 100644 index 000000000..275e441cb --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java @@ -0,0 +1,33 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.response; + +import lombok.Data; + +import java.util.List; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AssertionChallengeResponse { + private List applicationIds; + private String challenge; + private String userId; +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java new file mode 100644 index 000000000..f80bdd017 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java @@ -0,0 +1,45 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.response; + +import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import lombok.Data; + +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.List; + +/** + * Result of the assertion verification. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AssertionVerificationResponse { + private boolean assertionValid; + private String userId; + private String activationId; + private String applicationId; + private ActivationStatus activationStatus; + private String blockedReason; + private long remainingAttempts; + private List applicationRoles = new ArrayList<>(); + private List activationFlags = new ArrayList<>(); + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java new file mode 100644 index 000000000..5cd7b4da9 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java @@ -0,0 +1,35 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.response; + +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class RegisteredAuthenticatorsResponse { + + private List authenticators = new ArrayList<>(); + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java new file mode 100644 index 000000000..48f24cbc7 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java @@ -0,0 +1,33 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.response; + +import lombok.Data; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class RegistrationChallengeResponse { + private String activationId; + private String applicationId; + private String challenge; + private String userId; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java new file mode 100644 index 000000000..2df4e62e2 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java @@ -0,0 +1,50 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.response; + +import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import lombok.Data; + +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.List; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class RegistrationResponse { + + private String userId; + private String activationId; + private String applicationId; + private String externalId; + private String activationName; + private ActivationStatus activationStatus; + private String extras; + private String platform; + private String deviceInfo; + private String blockedReason; + private long failedAttempts; + private long maxFailedAttempts; + private List applicationRoles = new ArrayList<>(); + private List activationFlags = new ArrayList<>(); + private byte[] publicKeyBytes; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java new file mode 100644 index 000000000..f9b1addfb --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java @@ -0,0 +1,91 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.validator; + +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; +import com.wultra.powerauth.fido2.rest.model.entity.CollectedClientData; +import com.wultra.powerauth.fido2.rest.model.request.AssertionRequest; +import io.getlime.security.powerauth.crypto.lib.util.Hash; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import java.util.Arrays; +import java.util.List; + +/** + * Validator for the assertion request class. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Component +@Slf4j +public class AssertionRequestValidator { + + public String validate(AssertionRequest request) { + + if (request == null || request.getResponse() == null + || request.getResponse().getClientDataJSON() == null + || request.getResponse().getAuthenticatorData() == null) { + return "Invalid request, you need to include response.clientDataJSON and response.attestationObject."; + } + + final CollectedClientData clientDataJSON = request.getResponse().getClientDataJSON(); + + if (!"webauthn.get".equals(clientDataJSON.getType())) { + return "Request does not contain webauthn.create type."; + } + + final String expectedChallenge = request.getExpectedChallenge(); + if (expectedChallenge != null && !expectedChallenge.equals(clientDataJSON.getChallenge())) { + return "Request does not contain the correct challenge."; + } + + final String origin = clientDataJSON.getOrigin(); + final List allowedOrigins = request.getAllowedOrigins(); + if (origin == null || !allowedOrigins.contains(origin)) { + return "Request does not contain the correct origin."; + } + + final List allowedTopOrigins = request.getAllowedTopOrigins(); + if (clientDataJSON.getTopOrigin() != null && !allowedTopOrigins.contains(clientDataJSON.getTopOrigin())) { + return "Request contains the top origin which is not allowed."; + } + + final AuthenticatorData authenticatorData = request.getResponse().getAuthenticatorData(); + + final byte[] rpIdHash = authenticatorData.getRpIdHash(); + final String relyingPartyId = request.getRelyingPartyId(); + final byte[] expectedRpIdHash = Hash.sha256(relyingPartyId); + if (!Arrays.equals(rpIdHash, expectedRpIdHash)) { + return "The origin does not match relying party ID."; + } + + if (!authenticatorData.getFlags().isUserPresent()) { + return "User is not present during the authentication."; + } + + final boolean requiresUserVerification = request.isRequiresUserVerification(); + if (requiresUserVerification && !authenticatorData.getFlags().isUserVerified()) { + return "User is not present during the authentication, but user verification is required."; + } + + return null; + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java new file mode 100644 index 000000000..4f8d902e1 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java @@ -0,0 +1,125 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.validator; + +import com.wultra.powerauth.fido2.rest.model.entity.*; +import com.wultra.powerauth.fido2.rest.model.enumeration.Fmt; +import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; +import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; +import io.getlime.security.powerauth.crypto.lib.util.Hash; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import java.util.Arrays; +import java.util.List; + +/** + * Validator for registration request. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Component +@Slf4j +public class RegistrationRequestValidator { + + public String validate(RegistrationRequest request) { + + if (request == null || request.getResponse() == null + || request.getResponse().getClientDataJSON() == null + || request.getResponse().getAttestationObject() == null) { + return "Invalid request, you need to include response.clientDataJSON and response.attestationObject."; + } + + final CollectedClientData clientDataJSON = request.getResponse().getClientDataJSON(); + + if (!"webauthn.create".equals(clientDataJSON.getType())) { + return "Request does not contain webauthn.create type."; + } + + final String expectedChallenge = request.getExpectedChallenge(); + if (expectedChallenge != null && !expectedChallenge.equals(clientDataJSON.getChallenge())) { + return "Request does not contain the correct challenge."; + } + + final String origin = clientDataJSON.getOrigin(); + final List allowedOrigins = request.getAllowedOrigins(); + if (origin == null || !allowedOrigins.contains(origin)) { + return "Request does not contain the correct origin."; + } + + final List allowedTopOrigins = request.getAllowedTopOrigins(); + if (clientDataJSON.getTopOrigin() != null && !allowedTopOrigins.contains(clientDataJSON.getTopOrigin())) { + return "Request contains the top origin which is not allowed."; + } + + final AttestationObject attestationObject = request.getResponse().getAttestationObject(); + final AuthenticatorData authData = attestationObject.getAuthData(); + if (authData == null) { + return "Missing authentication data."; + } + + final byte[] rpIdHash = authData.getRpIdHash(); + final String relyingPartyId = request.getRelyingPartyId(); + final byte[] expectedRpIdHash = Hash.sha256(relyingPartyId); + if (!Arrays.equals(rpIdHash, expectedRpIdHash)) { + return "The origin does not match relying party ID."; + } + + final Flags flags = authData.getFlags(); + + if (!flags.isUserPresent()) { + return "User is not present during the authentication."; + } + + final boolean requiresUserVerification = request.isRequiresUserVerification(); + if (requiresUserVerification && !flags.isUserVerified()) { + return "User is not present during the authentication, but user verification is required."; + } + + final String fmt = attestationObject.getFmt(); + if (!Fmt.allowedFmt.contains(fmt)) { + return "Invalid attestation format identifier."; + } + + final AttestedCredentialData attestedCredentialData = authData.getAttestedCredentialData(); + if (attestedCredentialData == null) { + return "Missing attestation data."; + } + + final PublicKeyObject publicKeyObject = attestedCredentialData.getPublicKeyObject(); + if (publicKeyObject == null) { + return "Missing public key inside attestation data"; + } + + final SignatureAlgorithm algorithm = publicKeyObject.getAlgorithm(); + if (SignatureAlgorithm.ES256 != algorithm) { + return "The provided algorithm is not supported by the server."; + } + + if (fmt.equals(Fmt.FMT_PACKED.getValue())) { + final AttestationStatement attStmt = attestationObject.getAttStmt(); + if (!attStmt.getAlgorithm().equals(algorithm)) { + return "Attestation algorithm does not match algorithm used for the public key."; + } + } + + return null; + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java new file mode 100644 index 000000000..90524cf49 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -0,0 +1,103 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.service; + +import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.rest.model.converter.AssertionChallengeConverter; +import com.wultra.powerauth.fido2.rest.model.converter.AssertionConverter; +import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; +import com.wultra.powerauth.fido2.rest.model.request.AssertionRequest; +import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; +import com.wultra.powerauth.fido2.rest.model.response.AssertionVerificationResponse; +import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +/** + * Service related to handling assertions. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Service +@Slf4j +public class AssertionService { + + private final CryptographyService cryptographyService; + private final ChallengeProvider challengeProvider; + private final AuthenticatorProvider authenticatorProvider; + private final AssertionConverter assertionConverter; + private final AssertionChallengeConverter assertionChallengeConverter; + + @Autowired + public AssertionService(CryptographyService cryptographyService, ChallengeProvider challengeProvider, AuthenticatorProvider authenticatorProvider, AssertionConverter assertionConverter, AssertionChallengeConverter assertionChallengeConverter) { + this.cryptographyService = cryptographyService; + this.challengeProvider = challengeProvider; + this.authenticatorProvider = authenticatorProvider; + this.assertionConverter = assertionConverter; + this.assertionChallengeConverter = assertionChallengeConverter; + } + + /** + * Request assertion challenge value. + * + * @param request Request with assertion challenge parameters. + * @return Assertion challenge information. + */ + public AssertionChallengeResponse requestAssertionChallenge(AssertionChallengeRequest request) throws Exception { + final AssertionChallenge assertionChallenge = challengeProvider.provideChallengeForAuthentication( + null, request.getApplicationIds(), request.getOperationType(), request.getParameters(), request.getExternalId() + ); + if (assertionChallenge == null) { + throw new Fido2AuthenticationFailedException("Unable to obtain challenge with provided parameters."); + } + return assertionChallengeConverter.fromChallenge(assertionChallenge); + } + + /** + * Authenticate using the provided request. + * + * @param request Request with assertion. + * @throws Fido2AuthenticationFailedException In case authentication fails. + */ + public AssertionVerificationResponse authenticate(AssertionRequest request) throws Fido2AuthenticationFailedException { + try { + final AuthenticatorAssertionResponse response = request.getResponse(); + final String applicationId = request.getApplicationId(); + final String authenticatorId = request.getId(); + final AuthenticatorDetail authenticatorDetail = authenticatorProvider.findByCredentialId(applicationId, authenticatorId); + if (authenticatorDetail.getActivationStatus() == ActivationStatus.ACTIVE) { + final boolean signatureCorrect = cryptographyService.verifySignatureForAssertion(applicationId, authenticatorId, response.getClientDataJSON(), response.getAuthenticatorData(), response.getSignature(), authenticatorDetail); + if (signatureCorrect) { + return assertionConverter.fromAuthenticatorDetail(authenticatorDetail, signatureCorrect); + } else { + throw new Fido2AuthenticationFailedException("Authentication failed due to incorrect signature."); + } + } else { + throw new Fido2AuthenticationFailedException("Authentication failed due to incorrect authenticator state."); + } + } catch (Exception e) { + throw new Fido2AuthenticationFailedException("Authentication failed.", e); + } + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AuthenticatorProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AuthenticatorProvider.java new file mode 100644 index 000000000..9ae64d0fb --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AuthenticatorProvider.java @@ -0,0 +1,38 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.service; + +import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; + +import java.util.List; + +/** + * Interface for handling authenticator handling logic. + * + * @author Petr Dvorak, petr@wultra.com + */ +public interface AuthenticatorProvider { + + AuthenticatorDetail storeAuthenticator(String applicationId, String challenge, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException; + + List findByUserId(String userId, String applicationId) throws Fido2AuthenticationFailedException; + AuthenticatorDetail findByCredentialId(String credentialId, String applicationId) throws Fido2AuthenticationFailedException; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/ChallengeProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/ChallengeProvider.java new file mode 100644 index 000000000..4801901a9 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/ChallengeProvider.java @@ -0,0 +1,90 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.service; + +import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; +import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; + +import java.util.List; +import java.util.Map; + +/** + * Interface for challenge providers. + * + * @author Petr Dvorak, petr@wultra.com + */ +public interface ChallengeProvider { + + /** + * Obtain challenge information based on challenge value for registration. + * + * @param applicationId Application key. + * @param challenge Challenge value. + * @return Challenge Information. + * @throws Exception In case any issue occur during processing. + */ + RegistrationChallenge provideChallengeForRegistrationChallengeValue(String applicationId, String challenge) throws Exception; + + /** + * Obtain challenge for registration. + * + * @param userId User ID. + * @param applicationId Application ID. + * @return Registration challenge. + * @throws Exception In case any issue occur during processing. + */ + RegistrationChallenge provideChallengeForRegistration(String userId, String applicationId) throws Exception; + + /** + * Obtain challenge for authentication. + * + * @param userId User ID. + * @param applicationIds List of application ID. + * @param operationType Type of the operation this challenge is for. + * @param parameters Operation parameters. + * @return Assertion challenge. + * @throws Exception In case any issue occur during processing. + */ + default AssertionChallenge provideChallengeForAuthentication(String userId, List applicationIds, String operationType, Map parameters) throws Exception { + return provideChallengeForAuthentication(userId, applicationIds, operationType, parameters, null); + }; + + /** + * Obtain challenge for authentication. + * + * @param userId User ID. + * @param applicationIds List of application ID. + * @param operationType Type of the operation this challenge is for. + * @param parameters Operation parameters. + * @param externalAuthenticationId External ID of operation, i.e., transaction in transaction system. + * @return Assertion challenge. + * @throws Exception In case any issue occur during processing. + */ + AssertionChallenge provideChallengeForAuthentication(String userId, List applicationIds, String operationType, Map parameters, String externalAuthenticationId) throws Exception; + + /** + * Revoke challenge based on the challenge value. + * + * @param applicationId Application ID. + * @param challengeValue Challenge value. + * @throws Exception In case any issue occur during processing. + */ + void revokeChallengeForRegistrationChallengeValue(String applicationId, String challengeValue) throws Exception; +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/CryptographyService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/CryptographyService.java new file mode 100644 index 000000000..f5ed5e0f0 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/CryptographyService.java @@ -0,0 +1,37 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.service; + +import com.wultra.powerauth.fido2.rest.model.entity.AttestedCredentialData; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.entity.CollectedClientData; + +/** + * Interface representing FIDO2 verification service. + * + * @author Petr Dvorak, petr@wultra.com + */ +public interface CryptographyService { + boolean verifySignatureForRegistration(String applicationId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AttestedCredentialData attestedCredentialData) throws Exception; + + boolean verifySignatureForAssertion(String applicationId, String authenticatorId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AuthenticatorDetail authenticatorDetail) throws Exception; + + byte[] publicKeyToBytes(AttestedCredentialData attestedCredentialData) throws Exception; +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java new file mode 100644 index 000000000..0cca0b6b4 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -0,0 +1,109 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.service; + +import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.rest.model.converter.RegistrationConverter; +import com.wultra.powerauth.fido2.rest.model.converter.RegistrationChallengeConverter; +import com.wultra.powerauth.fido2.rest.model.entity.*; +import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; +import com.wultra.powerauth.fido2.rest.model.response.RegisteredAuthenticatorsResponse; +import com.wultra.powerauth.fido2.rest.model.response.RegistrationChallengeResponse; +import com.wultra.powerauth.fido2.rest.model.response.RegistrationResponse; +import com.wultra.powerauth.fido2.rest.model.validator.RegistrationRequestValidator; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +/** + * Service related to handling registrations. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Service +@Slf4j +public class RegistrationService { + + private final AuthenticatorProvider authenticatorProvider; + private final ChallengeProvider challengeProvider; + private final RegistrationChallengeConverter registrationChallengeConverter; + private final RegistrationConverter registrationConverter; + private final RegistrationRequestValidator registrationRequestValidator; + private final CryptographyService cryptographyService; + + @Autowired + public RegistrationService(AuthenticatorProvider authenticatorProvider, ChallengeProvider challengeProvider, RegistrationChallengeConverter registrationChallengeConverter, RegistrationConverter registrationConverter, RegistrationRequestValidator registrationRequestValidator, CryptographyService cryptographyService) { + this.authenticatorProvider = authenticatorProvider; + this.challengeProvider = challengeProvider; + this.registrationChallengeConverter = registrationChallengeConverter; + this.registrationConverter = registrationConverter; + this.registrationRequestValidator = registrationRequestValidator; + this.cryptographyService = cryptographyService; + } + + public RegisteredAuthenticatorsResponse registrationsForUser(String userId, String applicationId) throws Fido2AuthenticationFailedException { + final RegisteredAuthenticatorsResponse responseObject = new RegisteredAuthenticatorsResponse(); + responseObject.getAuthenticators().addAll(authenticatorProvider.findByUserId(userId, applicationId)); + return responseObject; + } + + public RegistrationChallengeResponse requestRegistrationChallenge(String userId, String applicationId) throws Exception { + final RegistrationChallenge challenge = challengeProvider.provideChallengeForRegistration(userId, applicationId); + return registrationChallengeConverter.fromChallenge(challenge); + } + + public RegistrationResponse register(RegistrationRequest requestObject) throws Exception { + final String applicationId = requestObject.getApplicationId(); + + final String error = registrationRequestValidator.validate(requestObject); + if (error != null) { + throw new Fido2AuthenticationFailedException(error); + } + + final AuthenticatorAttestationResponse response = requestObject.getResponse(); + + final CollectedClientData clientDataJSON = response.getClientDataJSON(); + final String challengeValue = clientDataJSON.getChallenge(); + + final AttestationObject attestationObject = response.getAttestationObject(); + final AttestationStatement attStmt = attestationObject.getAttStmt(); + final byte[] signature = attStmt.getSignature(); + + final AuthenticatorData authData = attestationObject.getAuthData(); + final AttestedCredentialData attestedCredentialData = authData.getAttestedCredentialData(); + + final String fmt = attestationObject.getFmt(); + if ("packed".equals(fmt)) { + final boolean verifySignature = cryptographyService.verifySignatureForRegistration(applicationId, clientDataJSON, authData, signature, attestedCredentialData); + if (!verifySignature) { + // Immediately revoke the challenge + challengeProvider.revokeChallengeForRegistrationChallengeValue(applicationId, challengeValue); + throw new Fido2AuthenticationFailedException("Registration failed"); + } + } else { + logger.info("No signature verification on registration"); + } + + final RegistrationChallenge challenge = challengeProvider.provideChallengeForRegistrationChallengeValue(applicationId, challengeValue); + final AuthenticatorDetail authenticatorDetail = registrationConverter.convert(challenge, requestObject, attestedCredentialData.getAaguid(), cryptographyService.publicKeyToBytes(attestedCredentialData)); + final AuthenticatorDetail authenticatorDetailResponse = authenticatorProvider.storeAuthenticator(requestObject.getApplicationId(), challenge.getChallenge(), authenticatorDetail); + return registrationConverter.convertRegistrationResponse(authenticatorDetailResponse); + } + +} diff --git a/powerauth-java-server/pom.xml b/powerauth-java-server/pom.xml index 4592639db..1d69441f9 100644 --- a/powerauth-java-server/pom.xml +++ b/powerauth-java-server/pom.xml @@ -113,6 +113,11 @@ io.getlime.core audit-base + + io.getlime.security + powerauth-fido2 + 1.5.0-SNAPSHOT + diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/configuration/OpenApiConfiguration.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/configuration/OpenApiConfiguration.java index 66a1498ce..9cabeee20 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/configuration/OpenApiConfiguration.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/configuration/OpenApiConfiguration.java @@ -51,7 +51,10 @@ public class OpenApiConfiguration { @Bean public GroupedOpenApi powerAuthApiGroup() { - final String[] packages = {"io.getlime.security.powerauth.app.server.controller.api"}; + final String[] packages = { + "io.getlime.security.powerauth.app.server.controller.api", + "com.wultra.powerauth.fido2.rest.controller" + }; return GroupedOpenApi.builder() .group("powerauth") diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/configuration/PowerAuthAuditConfiguration.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/configuration/PowerAuthAuditConfiguration.java index 9da7fce4d..e4bf773c9 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/configuration/PowerAuthAuditConfiguration.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/configuration/PowerAuthAuditConfiguration.java @@ -30,7 +30,7 @@ * @author Roman Strobl, roman.strobl@wultra.com */ @Configuration -@ComponentScan(basePackages = {"com.wultra.core.audit.base"}) +@ComponentScan(basePackages = {"com.wultra.core.audit.base", "com.wultra.powerauth.fido2"}) public class PowerAuthAuditConfiguration { private final AuditFactory auditFactory; diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java index 1c76eabee..14dd61ebe 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java @@ -17,6 +17,7 @@ */ package io.getlime.security.powerauth.app.server.controller; +import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.security.powerauth.client.model.error.PowerAuthError; import com.wultra.security.powerauth.client.model.error.PowerAuthErrorRecovery; import io.getlime.core.rest.model.base.response.ObjectResponse; @@ -59,6 +60,23 @@ public class RESTControllerAdvice { return new ObjectResponse<>("ERROR", error); } + /** + * Resolver for FIDO2 related errors. + * @param ex Exception for HTTP message not readable. + * @return Error for HTTP request. + */ + @ResponseStatus(HttpStatus.BAD_REQUEST) + @ExceptionHandler(value = Fido2AuthenticationFailedException.class) + public @ResponseBody ObjectResponse handleFido2AuthenticationFailedException(Fido2AuthenticationFailedException ex) { + logger.error("Error occurred while processing the request: {}", ex.getMessage()); + logger.debug("Exception details:", ex); + final PowerAuthError error = new PowerAuthError(); + error.setCode("ERROR_FIDO2"); + error.setMessage(ex.getMessage()); + error.setLocalizedMessage(ex.getLocalizedMessage()); + return new ObjectResponse<>("ERROR", error); + } + /** * Resolver for Activation Recovery Exception. * @param ex Activation Recovery Exception. diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ActivationRecordEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ActivationRecordEntity.java index 1081956ff..9a586325a 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ActivationRecordEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ActivationRecordEntity.java @@ -60,6 +60,9 @@ public class ActivationRecordEntity implements Serializable { @Column(name = "activation_otp") private String activationOtp; + @Column(name = "external_id") + private String externalId; + @Column(name = "user_id", nullable = false, updatable = false) private String userId; @@ -69,6 +72,9 @@ public class ActivationRecordEntity implements Serializable { @Column(name = "extras") private String extras; + @Column(name = "protocol") + private String protocol; + @Column(name = "platform") private String platform; @@ -146,90 +152,6 @@ public class ActivationRecordEntity implements Serializable { public ActivationRecordEntity() { } - /** - * Constructor with all parameters. - * - * @param activationId Activation ID. - * @param activationCode Activation code. - * @param activationOtpValidation Activation OTP validation mode. - * @param activationOtp Activation OTP value. - * @param userId User Id. - * @param activationName Activation name. - * @param extras Extra parameters. - * @param platform User device platform. - * @param deviceInfo User device information. - * @param serverPrivateKeyBase64 Server private key encoded as Base64. - * @param serverPublicKeyBase64 Server public key encoded as Base64. - * @param devicePublicKeyBase64 Device public key encoded as Base64. - * @param counter Counter. - * @param failedAttempts Current failed attempt count. - * @param maxFailedAttempts Maximum allowed failed attempt count. - * @param timestampCreated Created timestamp. - * @param timestampActivationExpire Activation completion expiration timestamp. - * @param timestampLastUsed Last signature timestamp. - * @param activationStatus Activation status. - * @param blockedReason Reason why activation is blocked. - * @param serverPrivateKeyEncryption Mode of server private key encryption (0 = NO_ENCRYPTION, 1 = AES_HMAC). - * @param masterKeyPair Associated master keypair. - * @param application Associated application. - */ - public ActivationRecordEntity(String activationId, - String activationCode, - ActivationOtpValidation activationOtpValidation, - String activationOtp, - String userId, - String activationName, - String extras, - String platform, - String deviceInfo, - List flags, - String serverPrivateKeyBase64, - String serverPublicKeyBase64, - String devicePublicKeyBase64, - Long counter, - String ctrDataBase64, - Long failedAttempts, - Long maxFailedAttempts, - Date timestampCreated, - Date timestampActivationExpire, - Date timestampLastUsed, - Date timestampLastChange, - ActivationStatus activationStatus, - String blockedReason, - EncryptionMode serverPrivateKeyEncryption, - Integer version, - MasterKeyPairEntity masterKeyPair, - ApplicationEntity application) { - super(); - this.activationId = activationId; - this.activationCode = activationCode; - this.activationOtpValidation = activationOtpValidation; - this.activationOtp = activationOtp; - this.userId = userId; - this.activationName = activationName; - this.extras = extras; - this.deviceInfo = deviceInfo; - this.platform = platform; - this.flags.addAll(flags); - this.serverPrivateKeyBase64 = serverPrivateKeyBase64; - this.serverPublicKeyBase64 = serverPublicKeyBase64; - this.devicePublicKeyBase64 = devicePublicKeyBase64; - this.counter = counter; - this.ctrDataBase64 = ctrDataBase64; - this.failedAttempts = failedAttempts; - this.maxFailedAttempts = maxFailedAttempts; - this.timestampCreated = timestampCreated; - this.timestampActivationExpire = timestampActivationExpire; - this.timestampLastUsed = timestampLastUsed; - this.timestampLastChange = timestampLastChange; - this.activationStatus = activationStatus; - this.blockedReason = blockedReason; - this.serverPrivateKeyEncryption = serverPrivateKeyEncryption; - this.version = version; - this.masterKeyPair = masterKeyPair; - this.application = application; - } - /** * Get activation ID. * @@ -302,6 +224,24 @@ public void setActivationOtp(String activationOtp) { this.activationOtp = activationOtp; } + /** + * Get external ID. + * + * @return External ID. + */ + public String getExternalId() { + return externalId; + } + + /** + * Set external ID. + * + * @param externalId External ID. + */ + public void setExternalId(String externalId) { + this.externalId = externalId; + } + /** * Get user ID * @@ -356,6 +296,24 @@ public void setExtras(String extras) { this.extras = extras; } + /** + * Get protocol. + * + * @return Protocol. + */ + public String getProtocol() { + return protocol; + } + + /** + * Set protocol. + * + * @param protocol protocol. + */ + public void setProtocol(String protocol) { + this.protocol = protocol; + } + /** * Get user device platform. * @return User device platform. diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/OperationEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/OperationEntity.java index 080f31795..44393ba0c 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/OperationEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/OperationEntity.java @@ -44,7 +44,7 @@ public class OperationEntity implements Serializable { @Column(name = "id", updatable = false, length = 37) private String id; - @Column(name = "user_id", nullable = false) + @Column(name = "user_id") private String userId; @ManyToMany diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ActivationRepository.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ActivationRepository.java index 3f2963544..8f4d92b10 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ActivationRepository.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ActivationRepository.java @@ -180,4 +180,15 @@ default Long getActivationCountByActivationCode(String applicationId, String act @Lock(LockModeType.PESSIMISTIC_WRITE) @Query("SELECT a FROM ActivationRecordEntity a WHERE a.activationStatus IN :states AND a.timestampActivationExpire >= :startingTimestamp AND a.timestampActivationExpire < :currentTimestamp") Stream findAbandonedActivations(Collection states, Date startingTimestamp, Date currentTimestamp); + + /** + * Find all activations for given user ID + * + * @param applicationId Application ID. + * @param externalId External authenticatorId + * @return List of activations for given user + */ + @Query("SELECT a FROM ActivationRecordEntity a WHERE a.application.id = :applicationId AND a.externalId = :externalId") + List findByExternalId(String applicationId, String externalId); + } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java index ca46a5eca..e7d2d23e5 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java @@ -27,6 +27,7 @@ import io.getlime.security.powerauth.app.server.configuration.PowerAuthServiceConfiguration; import io.getlime.security.powerauth.app.server.converter.ActivationStatusConverter; import io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus; +import com.wultra.security.powerauth.client.model.enumeration.Protocols; import io.getlime.security.powerauth.app.server.service.behavior.ServiceBehaviorCatalogue; import io.getlime.security.powerauth.app.server.service.behavior.tasks.RecoveryServiceBehavior; import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException; @@ -257,6 +258,7 @@ public InitActivationResponse initActivation(InitActivationRequest request) thro } // The maxFailedCount and activationExpireTimestamp values can be null, in this case default values are used try { + final Protocols protocol = request.getProtocol(); final String userId = request.getUserId(); final String applicationId = request.getApplicationId(); final Long maxFailedCount = request.getMaxFailureCount(); @@ -265,6 +267,7 @@ public InitActivationResponse initActivation(InitActivationRequest request) thro final String activationOtp = request.getActivationOtp(); logger.info("InitActivationRequest received, user ID: {}, application ID: {}", userId, applicationId); final InitActivationResponse response = behavior.getActivationServiceBehavior().initActivation( + protocol, applicationId, userId, maxFailedCount, diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java index 6500a4762..27449d177 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java @@ -20,6 +20,7 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import com.wultra.security.powerauth.client.model.entity.Activation; +import com.wultra.security.powerauth.client.model.enumeration.Protocols; import com.wultra.security.powerauth.client.model.request.RecoveryCodeActivationRequest; import com.wultra.security.powerauth.client.model.response.*; import io.getlime.security.powerauth.app.server.configuration.PowerAuthServiceConfiguration; @@ -256,8 +257,10 @@ public GetActivationListForUserResponse getActivationList(String applicationId, activationServiceItem.setActivationId(activation.getActivationId()); activationServiceItem.setActivationStatus(activationStatusConverter.convert(activation.getActivationStatus())); activationServiceItem.setBlockedReason(activation.getBlockedReason()); + activationServiceItem.setExternalId(activation.getExternalId()); activationServiceItem.setActivationName(activation.getActivationName()); activationServiceItem.setExtras(activation.getExtras()); + activationServiceItem.setProtocol(activation.getProtocol()); activationServiceItem.setPlatform(activation.getPlatform()); activationServiceItem.setDeviceInfo(activation.getDeviceInfo()); activationServiceItem.getActivationFlags().addAll(activation.getFlags()); @@ -268,6 +271,9 @@ public GetActivationListForUserResponse getActivationList(String applicationId, activationServiceItem.setApplicationId(activation.getApplication().getId()); // Unknown version is converted to 0 in service activationServiceItem.setVersion(activation.getVersion() == null ? 0L : activation.getVersion()); + activationServiceItem.setFailedAttempts(activation.getFailedAttempts()); + activationServiceItem.setMaxFailedAttempts(activation.getMaxFailedAttempts()); + activationServiceItem.setDevicePublicKeyBase64(activation.getDevicePublicKeyBase64()); response.getActivations().add(activationServiceItem); } } @@ -320,8 +326,10 @@ public LookupActivationsResponse lookupActivations(List userIds, List userIds, List flags, KeyConvertor keyConversionUtilities) throws GenericServiceException { try { @@ -743,12 +754,14 @@ public InitActivationResponse initActivation(String applicationId, String userId activation.setActivationCode(activationCode); activation.setActivationOtpValidation(activationOtpValidationConverter.convertTo(activationOtpValidation)); activation.setActivationOtp(activationOtpHash); + activation.setExternalId(null); activation.setActivationName(null); activation.setActivationStatus(ActivationStatus.CREATED); activation.setCounter(0L); activation.setCtrDataBase64(null); activation.setDevicePublicKeyBase64(null); activation.setExtras(null); + activation.setProtocol(protocols.toString()); activation.setPlatform(null); activation.setDeviceInfo(null); activation.setFailedAttempts(0L); @@ -914,6 +927,7 @@ public PrepareActivationResponse prepareActivation(String activationCode, String // The device public key is converted back to bytes and base64 encoded so that the key is saved in normalized form activation.setDevicePublicKeyBase64(Base64.getEncoder().encodeToString(keyConversion.convertPublicKeyToBytes(devicePublicKey))); activation.setActivationName(request.getActivationName()); + activation.setExternalId(request.getExternalId()); activation.setExtras(request.getExtras()); if (request.getPlatform() != null) { activation.setPlatform(request.getPlatform().toLowerCase()); @@ -1042,7 +1056,7 @@ public CreateActivationResponse createActivation( final com.wultra.security.powerauth.client.model.enumeration.ActivationOtpValidation activationOtpValidation = activationOtp != null ? com.wultra.security.powerauth.client.model.enumeration.ActivationOtpValidation.ON_COMMIT : com.wultra.security.powerauth.client.model.enumeration.ActivationOtpValidation.NONE; // Create an activation record and obtain the activation database record - final InitActivationResponse initResponse = this.initActivation(applicationId, userId, maxFailureCount, activationExpireTimestamp, activationOtpValidation, activationOtp, null, keyConversion); + final InitActivationResponse initResponse = this.initActivation(Protocols.POWERAUTH, applicationId, userId, maxFailureCount, activationExpireTimestamp, activationOtpValidation, activationOtp, null, keyConversion); final String activationId = initResponse.getActivationId(); final ActivationRecordEntity activation = activationRepository.findActivationWithLock(activationId); @@ -1108,6 +1122,7 @@ public CreateActivationResponse createActivation( // The device public key is converted back to bytes and base64 encoded so that the key is saved in normalized form activation.setDevicePublicKeyBase64(Base64.getEncoder().encodeToString(keyConversion.convertPublicKeyToBytes(devicePublicKey))); activation.setActivationName(request.getActivationName()); + activation.setExternalId(request.getExternalId()); activation.setExtras(request.getExtras()); if (request.getPlatform() != null) { activation.setPlatform(request.getPlatform().toLowerCase()); @@ -1713,6 +1728,7 @@ public RecoveryCodeActivationResponse createActivationUsingRecoveryCode(Recovery // Initialize version 3 activation entity. // Parameter maxFailureCount can be customized, activationExpireTime is null because activation is committed immediately. final InitActivationResponse initResponse = initActivation( + Protocols.POWERAUTH, applicationId, recoveryCodeEntity.getUserId(), maxFailureCount, @@ -1748,6 +1764,7 @@ public RecoveryCodeActivationResponse createActivationUsingRecoveryCode(Recovery // The device public key is converted back to bytes and base64 encoded so that the key is saved in normalized form activation.setDevicePublicKeyBase64(Base64.getEncoder().encodeToString(keyConversion.convertPublicKeyToBytes(devicePublicKey))); activation.setActivationName(layer2Request.getActivationName()); + activation.setExternalId(layer2Request.getExternalId()); activation.setExtras(layer2Request.getExtras()); if (layer2Request.getPlatform() != null) { activation.setPlatform(layer2Request.getPlatform().toLowerCase()); @@ -1969,6 +1986,45 @@ private void revokeRecoveryCodes(String activationId) { } } + public List findByExternalId(String applicationId, String externalId) { + final Date timestamp = new Date(); + final List activationsList = repositoryCatalogue.getActivationRepository().findByExternalId(applicationId, externalId); + + final List result = new ArrayList<>(); + + if (activationsList != null) { + for (ActivationRecordEntity activation : activationsList) { + + deactivatePendingActivation(timestamp, activation, false); + + // Map between database object and service objects + final Activation activationServiceItem = new Activation(); + activationServiceItem.setActivationId(activation.getActivationId()); + activationServiceItem.setActivationStatus(activationStatusConverter.convert(activation.getActivationStatus())); + activationServiceItem.setBlockedReason(activation.getBlockedReason()); + activationServiceItem.setExternalId(activation.getExternalId()); + activationServiceItem.setActivationName(activation.getActivationName()); + activationServiceItem.setExtras(activation.getExtras()); + activationServiceItem.setProtocol(activation.getProtocol()); + activationServiceItem.setPlatform(activation.getPlatform()); + activationServiceItem.setDeviceInfo(activation.getDeviceInfo()); + activationServiceItem.getActivationFlags().addAll(activation.getFlags()); + activationServiceItem.setTimestampCreated(activation.getTimestampCreated()); + activationServiceItem.setTimestampLastUsed(activation.getTimestampLastUsed()); + activationServiceItem.setTimestampLastChange(activation.getTimestampLastChange()); + activationServiceItem.setUserId(activation.getUserId()); + activationServiceItem.setApplicationId(activation.getApplication().getId()); + // Unknown version is converted to 0 in service + activationServiceItem.setVersion(activation.getVersion() == null ? 0L : activation.getVersion()); + activationServiceItem.setFailedAttempts(activation.getFailedAttempts()); + activationServiceItem.setMaxFailedAttempts(activation.getMaxFailedAttempts()); + activationServiceItem.setDevicePublicKeyBase64(activation.getDevicePublicKeyBase64()); + result.add(activationServiceItem); + } + } + return result; + } + // Scheduled tasks @Scheduled(fixedRateString = "${powerauth.service.scheduled.job.activationsCleanup:5000}") @@ -1988,5 +2044,4 @@ public void expireActivations() { }); } } - } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java index 87d22d5a0..7e596067f 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java @@ -237,13 +237,15 @@ public OperationUserActionResponse attemptApproveOperation(OperationApproveReque // Check the operation properties match the request final PowerAuthSignatureTypes factorEnum = PowerAuthSignatureTypes.getEnumFromString(signatureType.toString()); - if (operationEntity.getUserId().equals(userId) // correct user approved the operation + final String expectedUserId = operationEntity.getUserId(); + if ((expectedUserId == null || expectedUserId.equals(userId)) // correct user approved the operation, or no prior user was set && operationEntity.getApplications().contains(application.get()) // operation is approved by the expected application && isDataEqual(operationEntity, data) // operation data matched the expected value && factorsAcceptable(operationEntity, factorEnum) // auth factors are acceptable && operationEntity.getMaxFailureCount() > operationEntity.getFailureCount()) { // operation has sufficient attempts left (redundant check) // Approve the operation + operationEntity.setUserId(userId); operationEntity.setStatus(OperationStatusDo.APPROVED); operationEntity.setTimestampFinalized(currentTimestamp); operationEntity.setAdditionalData(mapMerge(operationEntity.getAdditionalData(), additionalData)); @@ -274,6 +276,7 @@ && factorsAcceptable(operationEntity, factorEnum) // auth factors are acceptable final Long maxFailureCount = operationEntity.getMaxFailureCount(); if (failureCount < maxFailureCount) { + operationEntity.setUserId(userId); operationEntity.setFailureCount(failureCount); operationEntity.setAdditionalData(mapMerge(operationEntity.getAdditionalData(), additionalData)); @@ -299,6 +302,7 @@ && factorsAcceptable(operationEntity, factorEnum) // auth factors are acceptable response.setOperation(operationDetailResponse); return response; } else { + operationEntity.setUserId(userId); operationEntity.setStatus(OperationStatusDo.FAILED); operationEntity.setTimestampFinalized(currentTimestamp); operationEntity.setFailureCount(maxFailureCount); // just in case, set the failure count to max value @@ -360,10 +364,12 @@ public OperationUserActionResponse rejectOperation(OperationRejectRequest reques throw localizationProvider.buildExceptionForCode(ServiceError.OPERATION_REJECT_FAILURE); } - if (operationEntity.getUserId().equals(userId) // correct user rejects the operation + final String expectedUserId = operationEntity.getUserId(); + if ((expectedUserId == null || expectedUserId.equals(userId)) // correct user approved the operation, or no prior user was set && operationEntity.getApplications().contains(application.get())) { // operation is rejected by the expected application // Reject the operation + operationEntity.setUserId(userId); operationEntity.setStatus(OperationStatusDo.REJECTED); operationEntity.setTimestampFinalized(currentTimestamp); operationEntity.setAdditionalData(mapMerge(operationEntity.getAdditionalData(), additionalData)); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java new file mode 100644 index 000000000..4504ff4af --- /dev/null +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java @@ -0,0 +1,344 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package io.getlime.security.powerauth.app.server.service.fido2; + +import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.service.AuthenticatorProvider; +import com.wultra.security.powerauth.client.model.entity.Activation; +import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import com.wultra.security.powerauth.client.model.response.GetActivationListForUserResponse; +import io.getlime.security.powerauth.app.server.converter.ActivationStatusConverter; +import io.getlime.security.powerauth.app.server.database.RepositoryCatalogue; +import io.getlime.security.powerauth.app.server.database.model.entity.ActivationRecordEntity; +import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationEntity; +import com.wultra.security.powerauth.client.model.enumeration.Protocols; +import io.getlime.security.powerauth.app.server.database.repository.ActivationRepository; +import io.getlime.security.powerauth.app.server.database.repository.ApplicationRepository; +import io.getlime.security.powerauth.app.server.service.behavior.ServiceBehaviorCatalogue; +import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException; +import io.getlime.security.powerauth.app.server.service.i18n.LocalizationProvider; +import io.getlime.security.powerauth.app.server.service.model.ServiceError; +import io.getlime.security.powerauth.crypto.lib.generator.HashBasedCounter; +import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException; +import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException; +import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; +import java.util.*; + +/** + * Authenticator provider based on PowerAuth activations. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Service +@Slf4j +public class PowerAuthAuthenticatorProvider implements AuthenticatorProvider { + private final ApplicationRepository applicationRepository; + + private final RepositoryCatalogue repositoryCatalogue; + private final ServiceBehaviorCatalogue serviceBehaviorCatalogue; + + private LocalizationProvider localizationProvider; + + private final KeyConvertor keyConvertor = new KeyConvertor(); + private final ActivationStatusConverter activationStatusConverter = new ActivationStatusConverter(); + + @Autowired + public PowerAuthAuthenticatorProvider(RepositoryCatalogue repositoryCatalogue, ServiceBehaviorCatalogue serviceBehaviorCatalogue, + ApplicationRepository applicationRepository) { + this.repositoryCatalogue = repositoryCatalogue; + this.serviceBehaviorCatalogue = serviceBehaviorCatalogue; + this.applicationRepository = applicationRepository; + } + + @Autowired + public void setLocalizationProvider(LocalizationProvider localizationProvider) { + this.localizationProvider = localizationProvider; + } + + @Override + @Transactional + public List findByUserId(String userId, String applicationId) throws Fido2AuthenticationFailedException { + + // Find application + final Optional application = applicationRepository.findById(applicationId); + if (application.isEmpty()) { + logger.warn("Application with given ID is not present: {}", applicationId); + throw new Fido2AuthenticationFailedException("Application with given ID is not present: " + applicationId); + } + + final GetActivationListForUserResponse activationList = serviceBehaviorCatalogue.getActivationServiceBehavior().getActivationList(applicationId, userId); + + final List authenticatorDetailList = new ArrayList<>(); + for (Activation activation : activationList.getActivations()) { + if ((activation.getActivationStatus() == ActivationStatus.CREATED) || (activation.getActivationStatus() == ActivationStatus.PENDING_COMMIT)) { // unfinished activations + continue; + } + if (activation.getActivationStatus() == ActivationStatus.REMOVED && activation.getDevicePublicKeyBase64() == null) { // never finished removed activations + continue; + } + if (!Protocols.FIDO2.toString().equals(activation.getProtocol())) { + continue; + } + final AuthenticatorDetail authenticatorDetail = convert(activation, application.get()); + authenticatorDetailList.add(authenticatorDetail); + } + return authenticatorDetailList; + } + + @Override + @Transactional + public AuthenticatorDetail findByCredentialId(String applicationId, String credentialId) throws Fido2AuthenticationFailedException { + + // Find application + final Optional application = applicationRepository.findById(applicationId); + if (application.isEmpty()) { + logger.warn("Application with given ID is not present: {}", applicationId); + throw new Fido2AuthenticationFailedException("Application with given ID is not present: " + applicationId); + } + + final List activationRecordEntities = serviceBehaviorCatalogue.getActivationServiceBehavior().findByExternalId(applicationId, credentialId); + if (activationRecordEntities == null || activationRecordEntities.size() != 1) { + throw new Fido2AuthenticationFailedException("Two authenticators with the same ID exist - ambiguous result."); + } + final Activation activation = activationRecordEntities.get(0); + + return convert(activation, application.get()); + } + + @Override + @Transactional + public AuthenticatorDetail storeAuthenticator(String applicationId, String activationCode, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException { + + try { + // Get current timestamp + final Date timestamp = new Date(); + + // Get required repositories + final ActivationRepository activationRepository = repositoryCatalogue.getActivationRepository(); + + // Find application + final Optional application = applicationRepository.findById(applicationId); + if (application.isEmpty()) { + logger.warn("Application with given ID is not present: {}", applicationId); + throw new Fido2AuthenticationFailedException("Application with given ID is not present: " + applicationId); + } + final ApplicationEntity applicationEntity = application.get(); + + // Fetch the current activation by activation code + final Set states = Set.of(io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus.CREATED); + // Search for activation without lock to avoid potential deadlocks + ActivationRecordEntity activation = activationRepository.findCreatedActivationWithoutLock(applicationId, activationCode, states, timestamp); + + // Make sure to deactivate the activation if it is expired + if (activation == null) { + logger.warn("Activation with activation code: {} could not be obtained. It either does not exist or it already expired.", activationCode); + // Rollback is not required, error occurs before writing to database + throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_NOT_FOUND); + } + + // Make sure this is the FIDO2 authenticator + if (!Protocols.FIDO2.toString().equals(activation.getProtocol())) { + logger.warn("Invalid authenticator protocol, expected 'fido2', obtained: {}", activation.getProtocol()); + // Rollback is not required, error occurs before writing to database + throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_NOT_FOUND); + } + + // Search for activation again to acquire PESSIMISTIC_WRITE lock for activation row + activation = activationRepository.findActivationWithLock(activation.getActivationId()); + deactivatePendingActivation(timestamp, activation); + + // Validate that the activation is in correct state for the prepare step + validateCreatedActivation(activation, applicationEntity); + + // Extract the device public key from request + final byte[] devicePublicKeyBytes = authenticatorDetail.getPublicKeyBytes(); + PublicKey devicePublicKey = null; + try { + devicePublicKey = keyConvertor.convertBytesToPublicKey(devicePublicKeyBytes); + } catch (InvalidKeySpecException ex) { + handleInvalidPublicKey(activation); + } + + // Initialize hash based counter + final HashBasedCounter counter = new HashBasedCounter(); + final byte[] ctrData = counter.init(); + final String ctrDataBase64 = Base64.getEncoder().encodeToString(ctrData); + + // Update the activation record + activation.setActivationStatus(io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus.ACTIVE); + // The device public key is converted back to bytes and base64 encoded so that the key is saved in normalized form + activation.setDevicePublicKeyBase64(Base64.getEncoder().encodeToString(keyConvertor.convertPublicKeyToBytes(devicePublicKey))); + activation.setActivationName(authenticatorDetail.getActivationName()); + activation.setExternalId(authenticatorDetail.getExternalId()); + activation.setExtras(authenticatorDetail.getExtras()); + if (authenticatorDetail.getPlatform() != null) { + activation.setPlatform(authenticatorDetail.getPlatform().toLowerCase()); + } else { + activation.setPlatform("unknown"); + } + activation.setDeviceInfo(authenticatorDetail.getDeviceInfo()); + // PowerAuth protocol version 3.0 uses 0x3 as version in activation status + activation.setVersion(3); + // Set initial counter data + activation.setCtrDataBase64(ctrDataBase64); + + // Persist activation report and notify listeners + serviceBehaviorCatalogue.getActivationHistoryServiceBehavior().saveActivationAndLogChange(activation); + serviceBehaviorCatalogue.getCallbackUrlBehavior().notifyCallbackListenersOnActivationChange(activation); + + final Activation activationResponse = new Activation(); + activationResponse.setActivationId(activation.getActivationId()); + activationResponse.setActivationStatus(activationStatusConverter.convert(activation.getActivationStatus())); + activationResponse.setBlockedReason(activation.getBlockedReason()); + activationResponse.setExternalId(activation.getExternalId()); + activationResponse.setActivationName(activation.getActivationName()); + activationResponse.setExtras(activation.getExtras()); + activationResponse.setPlatform(activation.getPlatform()); + activationResponse.setDeviceInfo(activation.getDeviceInfo()); + activationResponse.getActivationFlags().addAll(activation.getFlags()); + activationResponse.setTimestampCreated(activation.getTimestampCreated()); + activationResponse.setTimestampLastUsed(activation.getTimestampLastUsed()); + activationResponse.setTimestampLastChange(activation.getTimestampLastChange()); + activationResponse.setUserId(activation.getUserId()); + activationResponse.setApplicationId(activation.getApplication().getId()); + // Unknown version is converted to 0 in service + activationResponse.setVersion(activation.getVersion() == null ? 0L : activation.getVersion()); + activationResponse.setFailedAttempts(activation.getFailedAttempts()); + activationResponse.setMaxFailedAttempts(activation.getMaxFailedAttempts()); + activationResponse.setDevicePublicKeyBase64(activation.getDevicePublicKeyBase64()); + + // Generate authenticator detail + return convert(activationResponse, applicationEntity); + } catch (GenericCryptoException ex) { + logger.error(ex.getMessage(), ex); + // Rollback is not required, cryptography errors can only occur before writing to database + throw new Fido2AuthenticationFailedException("Generic cryptography error"); + } catch (CryptoProviderException ex) { + logger.error(ex.getMessage(), ex); + // Rollback is not required, cryptography errors can only occur before writing to database + throw new Fido2AuthenticationFailedException("Invalid cryptography provider"); + } catch (GenericServiceException e) { + throw new Fido2AuthenticationFailedException("Generic service exception"); + } + + } + + private AuthenticatorDetail convert(Activation activation, ApplicationEntity application) { + final AuthenticatorDetail authenticatorDetail = new AuthenticatorDetail(); + + authenticatorDetail.setApplicationId(activation.getApplicationId()); + authenticatorDetail.setUserId(activation.getUserId()); + authenticatorDetail.setActivationId(activation.getActivationId()); + authenticatorDetail.setActivationStatus(activation.getActivationStatus()); + authenticatorDetail.setActivationName(activation.getActivationName()); + authenticatorDetail.setExternalId(activation.getExternalId()); + authenticatorDetail.setExtras(activation.getExtras()); + authenticatorDetail.setActivationFlags(activation.getActivationFlags()); + authenticatorDetail.setDeviceInfo(activation.getDeviceInfo()); + authenticatorDetail.setPlatform(activation.getPlatform()); + authenticatorDetail.setFailedAttempts(activation.getFailedAttempts()); + authenticatorDetail.setMaxFailedAttempts(activation.getMaxFailedAttempts()); + authenticatorDetail.setBlockedReason(activation.getBlockedReason()); + if (activation.getDevicePublicKeyBase64() != null) { + authenticatorDetail.setPublicKeyBytes(Base64.getDecoder().decode(activation.getDevicePublicKeyBase64())); + } + + authenticatorDetail.setApplicationRoles(application.getRoles()); + + return authenticatorDetail; + } + + + /** + * Validate activation in prepare or create activation step: it should be in CREATED state, it should be linked to correct + * application and the activation code should have valid length. + * + * @param activation Activation used in prepare activation step. + * @param application Application used in prepare activation step. + * @throws GenericServiceException In case activation state is invalid. + */ + private void validateCreatedActivation(ActivationRecordEntity activation, ApplicationEntity application) throws GenericServiceException { + // If there is no such activation or application does not match the activation application, fail validation + if (activation == null + || !io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus.CREATED.equals(activation.getActivationStatus()) + || !Objects.equals(activation.getApplication().getRid(), application.getRid())) { + logger.info("Activation state is invalid, activation ID: {}", activation != null ? activation.getActivationId() : "unknown"); + // Regular exception is used during prepareActivation + throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_EXPIRED); + } + + // Make sure activation code has 23 characters + if (activation.getActivationCode().length() != 23) { + logger.warn("Activation code is invalid, activation ID: {}", activation.getActivationId()); + // Regular exception is used during prepareActivation + throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_EXPIRED); + } + } + + /** + * Deactivate the activation in CREATED or PENDING_COMMIT if it's activation expiration timestamp + * is below the given timestamp. + * + * @param timestamp Timestamp to check activations against. + * @param activation Activation to check. + */ + private void deactivatePendingActivation(Date timestamp, ActivationRecordEntity activation) { + if ((activation.getActivationStatus().equals(io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus.CREATED) || activation.getActivationStatus().equals(io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus.PENDING_COMMIT)) + && (timestamp.getTime() > activation.getTimestampActivationExpire().getTime())) { + logger.info("Deactivating pending activation, activation ID: {}", activation.getActivationId()); + removeActivationInternal(activation); + } + } + + /** + * Internal logic for processing activation removal. + * + * @param activation Activation entity. + */ + private void removeActivationInternal(final ActivationRecordEntity activation) { + activation.setActivationStatus(io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus.REMOVED); + // Recovery codes are revoked in case revocation is requested, or always when the activation is in CREATED or PENDING_COMMIT state + serviceBehaviorCatalogue.getActivationHistoryServiceBehavior().saveActivationAndLogChange(activation, null); + serviceBehaviorCatalogue.getCallbackUrlBehavior().notifyCallbackListenersOnActivationChange(activation); + } + + /** + * Handle case when public key is invalid. Remove provided activation (mark as REMOVED), + * notify callback listeners, and throw an exception. + * + * @param activation Activation to be removed. + * @throws GenericServiceException Error caused by invalid public key. + */ + private void handleInvalidPublicKey(ActivationRecordEntity activation) throws GenericServiceException { + activation.setActivationStatus(io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus.REMOVED); + serviceBehaviorCatalogue.getActivationHistoryServiceBehavior().saveActivationAndLogChange(activation); + serviceBehaviorCatalogue.getCallbackUrlBehavior().notifyCallbackListenersOnActivationChange(activation); + logger.warn("Invalid public key, activation ID: {}", activation.getActivationId()); + // Exception must not be rollbacking, otherwise data written to database in this method would be lost + throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_NOT_FOUND); + } +} diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthChallengeProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthChallengeProvider.java new file mode 100644 index 000000000..dabb05842 --- /dev/null +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthChallengeProvider.java @@ -0,0 +1,162 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package io.getlime.security.powerauth.app.server.service.fido2; + +import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; +import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; +import com.wultra.powerauth.fido2.service.ChallengeProvider; +import com.wultra.security.powerauth.client.model.enumeration.ActivationOtpValidation; +import com.wultra.security.powerauth.client.model.request.OperationCreateRequest; +import com.wultra.security.powerauth.client.model.response.InitActivationResponse; +import com.wultra.security.powerauth.client.model.response.OperationDetailResponse; +import io.getlime.security.powerauth.app.server.database.RepositoryCatalogue; +import io.getlime.security.powerauth.app.server.database.model.entity.ActivationRecordEntity; +import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationEntity; +import io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus; +import com.wultra.security.powerauth.client.model.enumeration.Protocols; +import io.getlime.security.powerauth.app.server.service.behavior.ServiceBehaviorCatalogue; +import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException; +import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.Date; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +/** + * @author Petr Dvorak, petr@wultra.com + */ +@Service +@Slf4j +public class PowerAuthChallengeProvider implements ChallengeProvider { + + private final RepositoryCatalogue repositoryCatalogue; + private final ServiceBehaviorCatalogue serviceBehaviorCatalogue; + + private final KeyConvertor keyConvertor = new KeyConvertor(); + + @Autowired + public PowerAuthChallengeProvider(RepositoryCatalogue repositoryCatalogue, ServiceBehaviorCatalogue serviceBehaviorCatalogue) { + this.repositoryCatalogue = repositoryCatalogue; + this.serviceBehaviorCatalogue = serviceBehaviorCatalogue; + } + + @Override + @Transactional + public RegistrationChallenge provideChallengeForRegistrationChallengeValue(String applicationId, String challengeValue) throws Fido2AuthenticationFailedException { + + // Find application + final Optional application = repositoryCatalogue.getApplicationRepository().findById(applicationId); + if (application.isEmpty()) { + logger.warn("Application with given ID is not present: {}", applicationId); + throw new Fido2AuthenticationFailedException("Application with given ID is not present: " + applicationId); + } + + final Date currentTimestamp = new Date(); + + // Obtain just the activation code part, just in case there was a value with signature + final String[] split = challengeValue.split("&", 1); + final String activationCode = split[0]; + + // Only allow created activations to be finished + final ActivationRecordEntity activationRecordEntity = repositoryCatalogue.getActivationRepository() + .findCreatedActivationWithoutLock(applicationId, activationCode, List.of(ActivationStatus.CREATED), currentTimestamp); + + if (activationRecordEntity == null) { + throw new Fido2AuthenticationFailedException("Activation failed"); + } + + final String activationId = activationRecordEntity.getActivationId(); + final String userId = activationRecordEntity.getUserId(); + + final RegistrationChallenge assertionChallenge = new RegistrationChallenge(); + assertionChallenge.setChallenge(challengeValue); + assertionChallenge.setApplicationId(applicationId); + assertionChallenge.setActivationId(activationId); + assertionChallenge.setUserId(userId); + return assertionChallenge; + } + + @Override + @Transactional + public RegistrationChallenge provideChallengeForRegistration(String userId, String applicationId) throws GenericServiceException { + final InitActivationResponse initActivationResponse = serviceBehaviorCatalogue.getActivationServiceBehavior() + .initActivation(Protocols.FIDO2, applicationId, userId, null, null, ActivationOtpValidation.NONE, null, null, keyConvertor); + final RegistrationChallenge registrationChallenge = new RegistrationChallenge(); + registrationChallenge.setUserId(initActivationResponse.getUserId()); + registrationChallenge.setApplicationId(initActivationResponse.getApplicationId()); + registrationChallenge.setActivationId(initActivationResponse.getActivationId()); + registrationChallenge.setChallenge(initActivationResponse.getActivationCode()); + return registrationChallenge; + } + + @Override + @Transactional + public AssertionChallenge provideChallengeForAuthentication(String userId, List applicationIds, String operationType, Map parameters, String externalAuthenticationId) throws GenericServiceException { + final OperationCreateRequest operationCreateRequest = new OperationCreateRequest(); + operationCreateRequest.setApplications(applicationIds); + operationCreateRequest.setTemplateName(operationType); + operationCreateRequest.getParameters().putAll(parameters); + + final OperationDetailResponse operationDetailResponse = serviceBehaviorCatalogue.getOperationBehavior().createOperation(operationCreateRequest); + final AssertionChallenge assertionChallenge = new AssertionChallenge(); + assertionChallenge.setUserId(operationDetailResponse.getUserId()); + assertionChallenge.setApplicationIds(operationDetailResponse.getApplications()); + assertionChallenge.setChallenge(operationDetailResponse.getId() + "&" + operationDetailResponse.getData()); + return assertionChallenge; + } + + @Override + @Transactional + public void revokeChallengeForRegistrationChallengeValue(String applicationId, String challengeValue) throws Fido2AuthenticationFailedException { + final Date currentTimestamp = new Date(); + + // Find application + final Optional application = repositoryCatalogue.getApplicationRepository().findById(applicationId); + if (application.isEmpty()) { + logger.warn("Application with given ID is not present: {}", applicationId); + throw new Fido2AuthenticationFailedException("Application with given ID is not present: " + applicationId); + } + + // Obtain just the activation code part, just in case there was a value with signature + final String[] split = challengeValue.split("&", 1); + final String activationCode = split[0]; + + final List statuses = List.of(ActivationStatus.CREATED, ActivationStatus.PENDING_COMMIT, ActivationStatus.ACTIVE, ActivationStatus.BLOCKED); + final ActivationRecordEntity activationRecordEntity = repositoryCatalogue.getActivationRepository() + .findCreatedActivationWithoutLock(applicationId, activationCode, statuses, currentTimestamp); + + if (activationRecordEntity == null) { + throw new Fido2AuthenticationFailedException("With given value not found."); + } + + final String activationId = activationRecordEntity.getActivationId(); + try { + serviceBehaviorCatalogue.getActivationServiceBehavior().removeActivation(activationId, null, true); + } catch (GenericServiceException e) { + throw new Fido2AuthenticationFailedException("Activation could not have been removed.", e); + } + + } +} diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java new file mode 100644 index 000000000..a1c21e340 --- /dev/null +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java @@ -0,0 +1,78 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package io.getlime.security.powerauth.app.server.service.fido2; + +import com.wultra.powerauth.fido2.rest.model.entity.*; +import com.wultra.powerauth.fido2.service.CryptographyService; +import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException; +import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException; +import io.getlime.security.powerauth.crypto.lib.util.Hash; +import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor; +import io.getlime.security.powerauth.crypto.lib.util.SignatureUtils; +import org.springframework.stereotype.Service; + +import java.security.InvalidKeyException; +import java.security.PublicKey; +import java.security.spec.InvalidKeySpecException; + +/** + * Service providing FIDO2 cryptographic functionality. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Service +public class PowerAuthCryptographyService implements CryptographyService { + + private final KeyConvertor keyConvertor = new KeyConvertor(); + + public boolean verifySignatureForAssertion(String applicationId, String authenticatorId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AuthenticatorDetail authenticatorDetail) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException, InvalidKeyException { + final byte[] publicKeyBytes = authenticatorDetail.getPublicKeyBytes(); + final PublicKey publicKey = keyConvertor.convertBytesToPublicKey(publicKeyBytes); + return verifySignature(clientDataJSON, authData, signature, publicKey); + } + + public boolean verifySignatureForRegistration(String applicationId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AttestedCredentialData attestedCredentialData) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException, InvalidKeyException { + final EllipticCurvePoint point = attestedCredentialData.getPublicKeyObject().getPoint(); + final PublicKey publicKey = keyConvertor.convertPointBytesToPublicKey(point.getX(), point.getY()); + return verifySignature(clientDataJSON, authData, signature, publicKey); + } + + public byte[] publicKeyToBytes(AttestedCredentialData attestedCredentialData) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException { + final EllipticCurvePoint point = attestedCredentialData.getPublicKeyObject().getPoint(); + final PublicKey publicKey = keyConvertor.convertPointBytesToPublicKey(point.getX(), point.getY()); + return keyConvertor.convertPublicKeyToBytes(publicKey); + } + + // private methods + + + private boolean verifySignature(CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, PublicKey publicKey) throws GenericCryptoException, CryptoProviderException, InvalidKeyException { + final byte[] clientDataJSONEncodedHash = concat(authData.getEncoded(), Hash.sha256(clientDataJSON.getEncoded())); + final SignatureUtils signatureUtils = new SignatureUtils(); + return signatureUtils.validateECDSASignature(clientDataJSONEncodedHash, signature, publicKey); + } + + private byte[] concat(byte[] a, byte[] b) { + final byte[] combined = new byte[a.length + b.length]; + System.arraycopy(a, 0, combined, 0, a.length); + System.arraycopy(b, 0, combined, a.length, b.length); + return combined; + } + +} diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java index 5288aee36..8c831f941 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java @@ -28,6 +28,7 @@ public class ActivationLayer2Request { private String devicePublicKey; private String activationOtp; private String activationName; + private String externalId; private String extras; private String platform; private String deviceInfo; @@ -38,18 +39,6 @@ public class ActivationLayer2Request { public ActivationLayer2Request() { } - /** - * Parameterized constructor. - * @param devicePublicKey Device public key. - * @param activationName Activation name. - * @param extras Activation extras. - */ - public ActivationLayer2Request(String devicePublicKey, String activationName, String extras) { - this.devicePublicKey = devicePublicKey; - this.activationName = activationName; - this.extras = extras; - } - /** * Get Base64 encoded device public key. * @return Device public key. @@ -98,6 +87,23 @@ public void setActivationName(String activationName) { this.activationName = activationName; } + /** + * Get external ID. + * + * @return External ID. + */ + public String getExternalId() { + return externalId; + } + + /** + * Set external ID. + * @param externalId External ID. + */ + public void setExternalId(String externalId) { + this.externalId = externalId; + } + /** * Get activation extras. * @return Activation extras. diff --git a/powerauth-java-server/src/main/resources/xsd/PowerAuth-2.0.xsd b/powerauth-java-server/src/main/resources/xsd/PowerAuth-2.0.xsd deleted file mode 100644 index 91d3409f9..000000000 --- a/powerauth-java-server/src/main/resources/xsd/PowerAuth-2.0.xsd +++ /dev/null @@ -1,270 +0,0 @@ - - - - - - - - - - Request for client-server key exchange procedure. - - - - - - - - - - - - - - - - - - Response for client-server key exchange procedure. - - - - - - - - - - - - - - - - - Request for creating a new activation directly. - - - - - - - - - - - - - - - - - - - - - - - Response for creating a new activation directly. - - - - - - - - - - - - - - - - - Request for the vault unlock procedure. - - - - - - - - - - - - - - - - Response for the vault unlock procedure. - - - - - - - - - - - - - - - - - - - Request for obtaining a derived end-to-end encryption key for non-personalized - encryption. - - - - - - - - - - - - - - Response for obtaining a derived end-to-end encryption key for non-personalized - encryption. - - - - - - - - - - - - - - - - - - Request for obtaining a derived personalized end-to-end encryption key. - - - - - - - - - - - - Response for obtaining a derived personalized end-to-end encryption key. - - - - - - - - - - - - - - - - Request for obtaining a new token for simple authentication. - - - - - - - - - - - - - Response for obtaining a new token for simple authentication. - - - - - - - - - - - - - - Enum representing the possible activation states (CREATED, PENDING_COMMIT, ACTIVE, BLOCKED, - REMOVED). - - - - - - - - - - - - - - Enum representing the possible signatures types by the authentication factors used. - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/powerauth-java-server/src/main/resources/xsd/PowerAuth-3.0.xsd b/powerauth-java-server/src/main/resources/xsd/PowerAuth-3.0.xsd deleted file mode 100644 index 7a702d668..000000000 --- a/powerauth-java-server/src/main/resources/xsd/PowerAuth-3.0.xsd +++ /dev/null @@ -1,1910 +0,0 @@ - - - - - - - - - - Request for getting the system status information. - - - - - - - - - Response for getting the system status information. - - - - - - - - - - - - - - - - - - - Request for getting the list of all possible server error codes. - - - - - - - - - - - Response for getting the list of all possible server error codes. - - - - - - - - - - - - - - - - - - - - Request for getting the application list. - - - - - - - - - Response for getting the application list. - - - - - - - - - - - - - - - - - - - - Request for getting the application detail, including the list of versions. - - - - - - - - - - - - Response for getting the application detail, including the list of versions. - - - - - - - - - - - - - - - - - - - - - - - - - - Request for getting the application detail based on the application version key. - - - - - - - - - - - - Response for getting the application detail based on the application version key. - - - - - - - - - - - - - - Request for creating a new activation. - - - - - - - - - - - Response for creating a new activation. - - - - - - - - - - - - - - Request for creating a new activation version. - - - - - - - - - - - - Response for creating a new activation version. - - - - - - - - - - - - - - - - Request for marking a given application version as unsupported. - - - - - - - - - - - - Response for marking a given application version as unsupported. - - - - - - - - - - - - - - - Request for marking a given application version as supported. - - - - - - - - - - - - Response for marking a given application version as supported. - - - - - - - - - - - - - - - Request for initiating the activation process by generating the activation code. - - - - - - - - - - - - - - - - - Response for initiating the activation process. - - - - - - - - - - - - - - - - - Request for client-server key exchange procedure. - - - - - - - - - - - - - - - - - Response for client-server key exchange procedure. - - - - - - - - - - - - - - - - - - Request for creating a new activation directly. - - - - - - - - - - - - - - - - - - - - Response for creating a new activation directly. - - - - - - - - - - - - - - - - - - Request for update activation OTP before activation commit. - - - - - - - - - - - - - Response for update activation OTP before activation commit. - - - - - - - - - - - - - - Request for committing the activation with given ID. - - - - - - - - - - - - - Response for committing the activation with given ID. - - - - - - - - - - - - - - Request for getting the activation details / status information. - - - - - - - - - - - - Response for getting the activation details / status information. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Request for removing the activation with given ID. - - - - - - - - - - - - - Response for removing the activation with given ID. - - - - - - - - - - - - - - Request for getting the list of activations for given user. - - - - - - - - - - - - Response for getting the list of activations for given user. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Request for querying activations using various parameters. - - - - - - - - - - - - - - - - Response for querying activations using various parameters. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Request for updating status for activations. - - - - - - - - - - - - Response for updating status for activations. - - - - - - - - - - - - - Request for the signature verification process. - - - - - - - - - - - - - - - - - Response for the signature verification process. - - - - - - - - - - - - - - - - - - - - - - - Request for generating personalized signature payload for the offline signature. - - - - - - - - - - - - - Response for generating personalized signature payload for the offline signature. - - - - - - - - - - - - - - - Request for generating non-personalized signature payload for the offline signature. - - - - - - - - - - - - - Response for generating non-personalized signature payload for the offline signature. - - - - - - - - - - - - - - - Request for the offline signature verification process. - - - - - - - - - - - - - - - Response for the signature verification process. - - - - - - - - - - - - - - - - - - - - - - Request for blocking the activation with given ID. - - - - - - - - - - - - - Response for blocking the activation with given ID. - - - - - - - - - - - - - - - Request for unblocking the activation with given ID. - - - - - - - - - - - - Response for unblocking the activation with given ID. - - - - - - - - - - - - - - Request for the vault unlock procedure. - - - - - - - - - - - - - - - - - - - - Response for the vault unlock procedure. - - - - - - - - - - - - - - - Request for the asymmetric signature (ECDSA) validation procedure. - - - - - - - - - - - - - Response for the asymmetric signature (ECDSA) validation procedure. - - - - - - - - - - - - - Request for getting the signature audit log. - - - - - - - - - - - - - - Response for getting the signature audit log. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Request for getting the activation status change log. - - - - - - - - - - - - - Response for getting the activation status change log. - - - - - - - - - - - - - - - - - - - - - - - - - Request for creating a new integration record. - - - - - - - - - - - Response for creating a new integration record. - - - - - - - - - - - - - - - - Request for getting the list of integrations. - - - - - - - - - Response for getting the list of integrations. - - - - - - - - - - - - - - - - - - - - - - - Request for removing an integration record. - - - - - - - - - - - Response for removing an integration record. - - - - - - - - - - - - - - Request for creating a new callback URL record associated with given application. - - - - - - - - - - - - - - - - - Response for creating a new callback URL. - - - - - - - - - - - - - - - - - - - Request for updating a callback URL record associated with given application. - - - - - - - - - - - - - - - - - Response for updating a callback URL. - - - - - - - - - - - - - - - - - - - Request for getting the list of callback URLs for given application. - - - - - - - - - - - Response for getting the list of callback URLs. - - - - - - - - - - - - - - - - - - - - - - - - - Request for removing a callback URL record. - - - - - - - - - - - Response for removing an callback URL record. - - - - - - - - - - - - - - Request for obtaining a new token for simple authentication. - - - - - - - - - - - - - - - - - Response for obtaining a new token for simple authentication. - - - - - - - - - - - - Request for validating the request authenticated with a token.. - - - - - - - - - - - - - - Response for validating the request authenticated with a token. - - - - - - - - - - - - - - - - - - - Request for removing the token with given ID. - - - - - - - - - - - - Response for removing the token with given ID. - - - - - - - - - - - - - Request for obtaining ECIES decryptor. - - - - - - - - - - - - - - Response containing setup for ECIES decryptor. - - - - - - - - - - - - - - Request to start upgrade. - - - - - - - - - - - - - - - - Response to start upgrade. - - - - - - - - - - - - Upgrade commit request - - - - - - - - - - - - Upgrade commit response. - - - - - - - - - - - - - Create recovery code request. - - - - - - - - - - - - - Create recovery code response. - - - - - - - - - - - - - - - - - - - - - - - - Confirm recovery code request. - - - - - - - - - - - - - - - - - Confirm recovery code response. - - - - - - - - - - - - - - Search for recovery codes request. - - - - - - - - - - - - - - - Search for recovery codes response. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Revoke recovery codes request. - - - - - - - - - - - Revoke recovery code response. - - - - - - - - - - - Request for creating a new activation using recovery code. - - - - - - - - - - - - - - - - - - - - Response for creating a new activation using recovery code. - - - - - - - - - - - - - - - - Get application recovery configuration request. - - - - - - - - - - - Get application recovery configuration response. - - - - - - - - - - - - - - - - Update application recovery configuration request. - - - - - - - - - - - - - - - Update application recovery configuration response. - - - - - - - - - - - List activation flags request. - - - - - - - - - - - List activation flags response. - - - - - - - - - - - - Add activation flags request. - - - - - - - - - - - - Add activation flags response. - - - - - - - - - - - - Update activation flags request. - - - - - - - - - - - - Update activation flags response. - - - - - - - - - - - - Remove activation flags request. - - - - - - - - - - - - Remove activation flags response. - - - - - - - - - - - - List application roles request. - - - - - - - - - - - List application roles response. - - - - - - - - - - - - Add application roles request. - - - - - - - - - - - - Add application roles response. - - - - - - - - - - - - Update application roles request. - - - - - - - - - - - - Update application roles response. - - - - - - - - - - - - Remove application roles request. - - - - - - - - - - - - Remove application roles response. - - - - - - - - - - - - - - Enum representing the possible activation states (CREATED, PENDING_COMMIT, ACTIVE, BLOCKED, - REMOVED). - - - - - - - - - - - - - - Enum representing the possible modes of OTP validation (NONE, ON_KEY_EXCHANGE, ON_COMMIT). - - - - - - - - - - - Enum representing the possible recovery code states (CREATED, ACTIVE, BLOCKED, REVOKED). - - - - - - - - - - - - Enum representing the possible recovery PUK states (VALID, USED, INVALID). - - - - - - - - - - - Enum representing the possible signatures types by the authentication factors used. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From 189bed9d13980d616aa05b4bdb9824bbf116adff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Wed, 12 Jul 2023 13:09:43 +0200 Subject: [PATCH 002/146] Map assertion challenge to operations --- ...-id.xml => 20230430-add-columns-fido2.xml} | 10 +- .../1.5.x/db.changelog-version.xml | 2 +- pom.xml | 2 +- powerauth-client-model/pom.xml | 4 + .../client/model/enumeration/Protocols.java | 6 + .../GetActivationListForUserRequest.java | 6 +- powerauth-fido2/pom.xml | 4 +- .../controller/RegistrationController.java | 3 - .../AssertionChallengeConverter.java | 2 + .../converter/RegistrationConverter.java | 26 +- .../rest/model/entity/AssertionChallenge.java | 2 + .../rest/model/entity/AttestationObject.java | 2 + .../rest/model/entity/AuthenticatorData.java | 2 + .../model/entity/AuthenticatorParameters.java | 48 ++++ .../model/entity/CollectedClientData.java | 2 + .../model/request/RegistrationRequest.java | 14 +- .../response/AssertionChallengeResponse.java | 2 + .../RegistrationRequestValidator.java | 32 ++- .../fido2/service/AssertionService.java | 12 +- .../AssertionVerificationProvider.java | 79 ++++++ .../fido2/service/AuthenticatorProvider.java | 2 - .../fido2/service/ChallengeProvider.java | 28 -- .../fido2/service/RegistrationService.java | 2 +- .../app/server/service/PowerAuthService.java | 3 +- .../tasks/ActivationServiceBehavior.java | 10 +- .../fido2/PowerAuthAssertionProvider.java | 252 ++++++++++++++++++ .../fido2/PowerAuthAuthenticatorProvider.java | 6 +- .../fido2/PowerAuthChallengeProvider.java | 24 +- 28 files changed, 489 insertions(+), 98 deletions(-) rename docs/db/changelog/changesets/powerauth-java-server/1.5.x/{20230430-add-columns-external-id.xml => 20230430-add-columns-fido2.xml} (82%) create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionVerificationProvider.java create mode 100644 powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-external-id.xml b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-fido2.xml similarity index 82% rename from docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-external-id.xml rename to docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-fido2.xml index ba56c0200..85e5b3a14 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-external-id.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-fido2.xml @@ -21,7 +21,7 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd"> - + @@ -33,7 +33,7 @@ - + @@ -45,8 +45,12 @@ - + + + + + diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml index 637e48247..690633650 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml @@ -4,6 +4,6 @@ xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd"> - + \ No newline at end of file diff --git a/pom.xml b/pom.xml index 7c5a7a3eb..04d0a6862 100644 --- a/pom.xml +++ b/pom.xml @@ -88,7 +88,7 @@ 1.5.0-SNAPSHOT 1.7.0-SNAPSHOT - 1.73 + 1.75 3.0.12 diff --git a/powerauth-client-model/pom.xml b/powerauth-client-model/pom.xml index 22592cf39..8343b07d2 100644 --- a/powerauth-client-model/pom.xml +++ b/powerauth-client-model/pom.xml @@ -40,6 +40,10 @@ org.springframework spring-core + + com.fasterxml.jackson.core + jackson-annotations + diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java index 4a1f73612..9e43497e2 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java @@ -18,11 +18,17 @@ package com.wultra.security.powerauth.client.model.enumeration; +import com.fasterxml.jackson.annotation.JsonProperty; + /** + * Enumeration representing supported protocols for authenticators. + * * @author Petr Dvorak, petr@wultra.com */ public enum Protocols { + @JsonProperty("powerauth") POWERAUTH("powerauth"), + @JsonProperty("fido2") FIDO2("fido2"); private final String protocol; diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/GetActivationListForUserRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/GetActivationListForUserRequest.java index 07ad2f4dc..42949a003 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/GetActivationListForUserRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/GetActivationListForUserRequest.java @@ -18,10 +18,13 @@ package com.wultra.security.powerauth.client.model.request; +import com.wultra.security.powerauth.client.model.enumeration.Protocols; import lombok.Data; +import java.util.Set; + /** - * Model class representing request for activation lisf for a given user. + * Model class representing request for activation list for a given user. * * @author Petr Dvorak, petr@wultra.com */ @@ -30,5 +33,6 @@ public class GetActivationListForUserRequest { private String userId; private String applicationId; + private Set protocols = Set.of(Protocols.FIDO2, Protocols.POWERAUTH); } diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml index 793a80870..0b78d3307 100644 --- a/powerauth-fido2/pom.xml +++ b/powerauth-fido2/pom.xml @@ -48,7 +48,7 @@ org.springdoc springdoc-openapi-starter-webmvc-ui - 2.0.4 + 2.1.0 org.springframework.boot @@ -59,7 +59,7 @@ com.fasterxml.jackson.dataformat jackson-dataformat-cbor - 2.13.4 + 2.14.2 org.postgresql diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java index 9d0cf6041..01def9fb8 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java @@ -18,15 +18,12 @@ package com.wultra.powerauth.fido2.rest.controller; -import com.wultra.powerauth.fido2.rest.model.entity.AaguidList; -import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; import com.wultra.powerauth.fido2.rest.model.request.RegisteredAuthenticatorsRequest; import com.wultra.powerauth.fido2.rest.model.request.RegistrationChallengeRequest; import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; import com.wultra.powerauth.fido2.rest.model.response.RegisteredAuthenticatorsResponse; import com.wultra.powerauth.fido2.rest.model.response.RegistrationChallengeResponse; import com.wultra.powerauth.fido2.rest.model.response.RegistrationResponse; -import com.wultra.powerauth.fido2.service.AuthenticatorProvider; import com.wultra.powerauth.fido2.service.RegistrationService; import io.getlime.core.rest.model.base.request.ObjectRequest; import io.getlime.core.rest.model.base.response.ObjectResponse; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java index 5c1451483..112a083cf 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java @@ -46,6 +46,8 @@ public AssertionChallengeResponse fromChallenge(AssertionChallenge source) { destination.setUserId(source.getUserId()); destination.setApplicationIds(source.getApplicationIds()); destination.setChallenge(source.getChallenge()); + destination.setFailedAttempts(source.getFailedAttempts()); + destination.setMaxFailedAttempts(source.getMaxFailedAttempts()); return destination; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index 002078848..13a504632 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -22,6 +22,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.wultra.powerauth.fido2.rest.model.entity.AaguidList; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorParameters; import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; import com.wultra.powerauth.fido2.rest.model.response.RegistrationResponse; @@ -30,6 +31,8 @@ import org.springframework.stereotype.Component; import java.util.ArrayList; +import java.util.HashMap; +import java.util.Map; /** * Converter class for registration related objects. @@ -41,6 +44,7 @@ public class RegistrationConverter { private final AaguidList aaguidRegistry = new AaguidList(); + private final ObjectMapper objectMapper = new ObjectMapper(); public AuthenticatorDetail convert(RegistrationChallenge challenge, RegistrationRequest requestObject, byte[] aaguid, byte[] publicKey) { try { @@ -49,10 +53,10 @@ public AuthenticatorDetail convert(RegistrationChallenge challenge, Registration authenticatorDetail.setActivationId(challenge.getActivationId()); authenticatorDetail.setApplicationId(challenge.getApplicationId()); - authenticatorDetail.setExternalId(requestObject.getId()); - authenticatorDetail.setExtras(new ObjectMapper().writeValueAsString(requestObject.getResponse().getTransports())); + authenticatorDetail.setExternalId(requestObject.getAuthenticatorParameters().getId()); + authenticatorDetail.setExtras(convertExtras(requestObject)); authenticatorDetail.setActivationName(requestObject.getActivationName()); - authenticatorDetail.setPlatform(requestObject.getAuthenticatorAttachment()); + authenticatorDetail.setPlatform(requestObject.getAuthenticatorParameters().getAuthenticatorAttachment()); authenticatorDetail.setDeviceInfo(aaguidRegistry.vendorName(aaguid)); authenticatorDetail.setActivationStatus(ActivationStatus.ACTIVE); authenticatorDetail.setActivationFlags(new ArrayList<>()); @@ -66,6 +70,22 @@ public AuthenticatorDetail convert(RegistrationChallenge challenge, Registration } } + private String convertExtras(RegistrationRequest requestObject) throws JsonProcessingException { + final AuthenticatorParameters authenticatorParameters = requestObject.getAuthenticatorParameters(); + final Map params = new HashMap<>(); + params.put("relyingPartyId", authenticatorParameters.getRelyingPartyId()); + params.put("allowedOrigins", authenticatorParameters.getAllowedOrigins()); + params.put("allowedTopOrigins", authenticatorParameters.getAllowedTopOrigins()); + params.put("transports", authenticatorParameters.getResponse().getTransports()); + params.put("authenticatorAttachment", authenticatorParameters.getAuthenticatorAttachment()); + params.put("attestationStatement", authenticatorParameters.getResponse().getAttestationObject()); + params.put("origin", authenticatorParameters.getResponse().getClientDataJSON().getOrigin()); + params.put("topOrigin", authenticatorParameters.getResponse().getClientDataJSON().getTopOrigin()); + params.put("isCrossOrigin", authenticatorParameters.getResponse().getClientDataJSON().isCrossOrigin()); + params.put("aaguid", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getAaguid()); + return objectMapper.writeValueAsString(params); + } + public RegistrationResponse convertRegistrationResponse(AuthenticatorDetail source) { final RegistrationResponse result = new RegistrationResponse(); result.setUserId(source.getUserId()); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java index 6bcc5286f..7d54eed23 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java @@ -31,5 +31,7 @@ public class AssertionChallenge { private List applicationIds; private String challenge; private String userId; + private Long failedAttempts; + private Long maxFailedAttempts; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java index 203d32cd2..dafa7c33c 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java @@ -18,6 +18,7 @@ package com.wultra.powerauth.fido2.rest.model.entity; +import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.wultra.powerauth.fido2.rest.model.converter.serialization.AttestationStatementDeserializer; import com.wultra.powerauth.fido2.rest.model.converter.serialization.AuthenticatorDataDeserializer; @@ -29,6 +30,7 @@ @Data public class AttestationObject { + @JsonIgnore private String encoded; private String fmt; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java index dc6b1c587..7d976f852 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java @@ -18,6 +18,7 @@ package com.wultra.powerauth.fido2.rest.model.entity; +import com.fasterxml.jackson.annotation.JsonIgnore; import jakarta.validation.constraints.NotEmpty; import jakarta.validation.constraints.PositiveOrZero; import lombok.Data; @@ -29,6 +30,7 @@ public class AuthenticatorData { @NotEmpty + @JsonIgnore private byte[] encoded; @NotEmpty private byte[] rpIdHash; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java new file mode 100644 index 000000000..debe022fc --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java @@ -0,0 +1,48 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * Data class representing the parameters obtained from the authenticator registration. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AuthenticatorParameters { + + @NotBlank + private String id; + @NotBlank + private String type; + @NotBlank + private String authenticatorAttachment; + private AuthenticatorAttestationResponse response = new AuthenticatorAttestationResponse(); + @NotBlank + private String relyingPartyId; + private List allowedOrigins = new ArrayList<>(); + private List allowedTopOrigins = new ArrayList<>(); + private boolean requiresUserVerification; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java index 5f021963e..5985b996b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java @@ -18,6 +18,7 @@ package com.wultra.powerauth.fido2.rest.model.entity; +import com.fasterxml.jackson.annotation.JsonIgnore; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.wultra.powerauth.fido2.rest.model.converter.serialization.Base64ToStringDeserializer; import jakarta.validation.constraints.NotBlank; @@ -30,6 +31,7 @@ @Data public class CollectedClientData { @NotEmpty + @JsonIgnore private String encoded; @NotBlank private String type; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java index c29fbd17d..cd63a4038 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java @@ -19,6 +19,7 @@ package com.wultra.powerauth.fido2.rest.model.request; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAttestationResponse; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorParameters; import jakarta.validation.constraints.NotBlank; import lombok.Data; @@ -39,18 +40,7 @@ public class RegistrationRequest { private String expectedChallenge; // Authenticator parameters - @NotBlank - private String id; - @NotBlank - private String type; - @NotBlank - private String authenticatorAttachment; - private AuthenticatorAttestationResponse response = new AuthenticatorAttestationResponse(); - @NotBlank - private String relyingPartyId; - private List allowedOrigins = new ArrayList<>(); - private List allowedTopOrigins = new ArrayList<>(); - private boolean requiresUserVerification; + private AuthenticatorParameters authenticatorParameters; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java index 275e441cb..e9c08f3dd 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java @@ -30,4 +30,6 @@ public class AssertionChallengeResponse { private List applicationIds; private String challenge; private String userId; + private Long failedAttempts; + private Long maxFailedAttempts; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java index 4f8d902e1..ebc3b1bb9 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java @@ -40,13 +40,25 @@ public class RegistrationRequestValidator { public String validate(RegistrationRequest request) { - if (request == null || request.getResponse() == null - || request.getResponse().getClientDataJSON() == null - || request.getResponse().getAttestationObject() == null) { - return "Invalid request, you need to include response.clientDataJSON and response.attestationObject."; + if (request == null) { + return "Null request provided."; } - final CollectedClientData clientDataJSON = request.getResponse().getClientDataJSON(); + final AuthenticatorParameters authenticatorParameters = request.getAuthenticatorParameters(); + + if (authenticatorParameters == null) { + return "Null authenticator parameters provided."; + } + + final AuthenticatorAttestationResponse response = authenticatorParameters.getResponse(); + + if (response == null + || response.getClientDataJSON() == null + || response.getAttestationObject() == null) { + return "Invalid request authenticator parameters, you need to include response.clientDataJSON and response.attestationObject."; + } + + final CollectedClientData clientDataJSON = response.getClientDataJSON(); if (!"webauthn.create".equals(clientDataJSON.getType())) { return "Request does not contain webauthn.create type."; @@ -58,24 +70,24 @@ public String validate(RegistrationRequest request) { } final String origin = clientDataJSON.getOrigin(); - final List allowedOrigins = request.getAllowedOrigins(); + final List allowedOrigins = authenticatorParameters.getAllowedOrigins(); if (origin == null || !allowedOrigins.contains(origin)) { return "Request does not contain the correct origin."; } - final List allowedTopOrigins = request.getAllowedTopOrigins(); + final List allowedTopOrigins = authenticatorParameters.getAllowedTopOrigins(); if (clientDataJSON.getTopOrigin() != null && !allowedTopOrigins.contains(clientDataJSON.getTopOrigin())) { return "Request contains the top origin which is not allowed."; } - final AttestationObject attestationObject = request.getResponse().getAttestationObject(); + final AttestationObject attestationObject = response.getAttestationObject(); final AuthenticatorData authData = attestationObject.getAuthData(); if (authData == null) { return "Missing authentication data."; } final byte[] rpIdHash = authData.getRpIdHash(); - final String relyingPartyId = request.getRelyingPartyId(); + final String relyingPartyId = authenticatorParameters.getRelyingPartyId(); final byte[] expectedRpIdHash = Hash.sha256(relyingPartyId); if (!Arrays.equals(rpIdHash, expectedRpIdHash)) { return "The origin does not match relying party ID."; @@ -87,7 +99,7 @@ public String validate(RegistrationRequest request) { return "User is not present during the authentication."; } - final boolean requiresUserVerification = request.isRequiresUserVerification(); + final boolean requiresUserVerification = authenticatorParameters.isRequiresUserVerification(); if (requiresUserVerification && !flags.isUserVerified()) { return "User is not present during the authentication, but user verification is required."; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 90524cf49..0ad65cdff 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -45,14 +45,16 @@ public class AssertionService { private final CryptographyService cryptographyService; private final ChallengeProvider challengeProvider; private final AuthenticatorProvider authenticatorProvider; + private final AssertionVerificationProvider assertionVerificationProvider; private final AssertionConverter assertionConverter; private final AssertionChallengeConverter assertionChallengeConverter; @Autowired - public AssertionService(CryptographyService cryptographyService, ChallengeProvider challengeProvider, AuthenticatorProvider authenticatorProvider, AssertionConverter assertionConverter, AssertionChallengeConverter assertionChallengeConverter) { + public AssertionService(CryptographyService cryptographyService, ChallengeProvider challengeProvider, AuthenticatorProvider authenticatorProvider, AssertionVerificationProvider assertionVerificationProvider, AssertionConverter assertionConverter, AssertionChallengeConverter assertionChallengeConverter) { this.cryptographyService = cryptographyService; this.challengeProvider = challengeProvider; this.authenticatorProvider = authenticatorProvider; + this.assertionVerificationProvider = assertionVerificationProvider; this.assertionConverter = assertionConverter; this.assertionChallengeConverter = assertionChallengeConverter; } @@ -64,8 +66,8 @@ public AssertionService(CryptographyService cryptographyService, ChallengeProvid * @return Assertion challenge information. */ public AssertionChallengeResponse requestAssertionChallenge(AssertionChallengeRequest request) throws Exception { - final AssertionChallenge assertionChallenge = challengeProvider.provideChallengeForAuthentication( - null, request.getApplicationIds(), request.getOperationType(), request.getParameters(), request.getExternalId() + final AssertionChallenge assertionChallenge = assertionVerificationProvider.provideChallengeForAssertion( + request.getApplicationIds(), request.getOperationType(), request.getParameters(), request.getExternalId() ); if (assertionChallenge == null) { throw new Fido2AuthenticationFailedException("Unable to obtain challenge with provided parameters."); @@ -84,15 +86,19 @@ public AssertionVerificationResponse authenticate(AssertionRequest request) thro final AuthenticatorAssertionResponse response = request.getResponse(); final String applicationId = request.getApplicationId(); final String authenticatorId = request.getId(); + final String challenge = request.getResponse().getClientDataJSON().getChallenge(); final AuthenticatorDetail authenticatorDetail = authenticatorProvider.findByCredentialId(applicationId, authenticatorId); if (authenticatorDetail.getActivationStatus() == ActivationStatus.ACTIVE) { final boolean signatureCorrect = cryptographyService.verifySignatureForAssertion(applicationId, authenticatorId, response.getClientDataJSON(), response.getAuthenticatorData(), response.getSignature(), authenticatorDetail); if (signatureCorrect) { + assertionVerificationProvider.approveAssertion(challenge, authenticatorDetail); return assertionConverter.fromAuthenticatorDetail(authenticatorDetail, signatureCorrect); } else { + assertionVerificationProvider.failAssertion(challenge, authenticatorDetail); throw new Fido2AuthenticationFailedException("Authentication failed due to incorrect signature."); } } else { + assertionVerificationProvider.failAssertion(challenge, authenticatorDetail); throw new Fido2AuthenticationFailedException("Authentication failed due to incorrect authenticator state."); } } catch (Exception e) { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionVerificationProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionVerificationProvider.java new file mode 100644 index 000000000..385d7a7d1 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionVerificationProvider.java @@ -0,0 +1,79 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.service; + +import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; + +import java.util.List; +import java.util.Map; + +/** + * Interface with methods responsible for assertion verification. + * + * @author Petr Dvorak, petr@wultra.com + */ +public interface AssertionVerificationProvider { + + /** + * Obtain challenge for authentication. + * + * @param applicationIds List of application ID. + * @param operationType Type of the operation this challenge is for. + * @param parameters Operation parameters. + * @return Assertion challenge. + * @throws Exception In case any issue occur during processing. + */ + default AssertionChallenge provideChallengeForAssertion(List applicationIds, String operationType, Map parameters) throws Exception { + return provideChallengeForAssertion(applicationIds, operationType, parameters, null); + }; + + /** + * Obtain challenge for authentication. + * + * @param applicationIds List of application ID. + * @param operationType Type of the operation this challenge is for. + * @param parameters Operation parameters. + * @param externalAuthenticationId External ID of operation, i.e., transaction in transaction system. + * @return Assertion challenge. + * @throws Exception In case any issue occur during processing. + */ + AssertionChallenge provideChallengeForAssertion(List applicationIds, String operationType, Map parameters, String externalAuthenticationId) throws Exception; + + /** + * Approve assertion. + * + * @param challengeValue Challenge value. + * @param authenticatorDetail Authenticator information. + * @return Assertion challenge. + * @throws Fido2AuthenticationFailedException In case assertion approval fails. + */ + AssertionChallenge approveAssertion(String challengeValue, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException; + + /** + * Fail assertion approval. + * + * @param challenge Challenge for assertion. + * @param authenticatorDetail Authenticator detail. + * @return Info about the assertion. + * @throws Fido2AuthenticationFailedException In case assertion approval fails. + */ + AssertionChallenge failAssertion(String challenge, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException; +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AuthenticatorProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AuthenticatorProvider.java index 9ae64d0fb..1b7cfcb20 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AuthenticatorProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AuthenticatorProvider.java @@ -29,9 +29,7 @@ * @author Petr Dvorak, petr@wultra.com */ public interface AuthenticatorProvider { - AuthenticatorDetail storeAuthenticator(String applicationId, String challenge, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException; - List findByUserId(String userId, String applicationId) throws Fido2AuthenticationFailedException; AuthenticatorDetail findByCredentialId(String credentialId, String applicationId) throws Fido2AuthenticationFailedException; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/ChallengeProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/ChallengeProvider.java index 4801901a9..088893ec9 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/ChallengeProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/ChallengeProvider.java @@ -18,7 +18,6 @@ package com.wultra.powerauth.fido2.service; -import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; @@ -52,33 +51,6 @@ public interface ChallengeProvider { */ RegistrationChallenge provideChallengeForRegistration(String userId, String applicationId) throws Exception; - /** - * Obtain challenge for authentication. - * - * @param userId User ID. - * @param applicationIds List of application ID. - * @param operationType Type of the operation this challenge is for. - * @param parameters Operation parameters. - * @return Assertion challenge. - * @throws Exception In case any issue occur during processing. - */ - default AssertionChallenge provideChallengeForAuthentication(String userId, List applicationIds, String operationType, Map parameters) throws Exception { - return provideChallengeForAuthentication(userId, applicationIds, operationType, parameters, null); - }; - - /** - * Obtain challenge for authentication. - * - * @param userId User ID. - * @param applicationIds List of application ID. - * @param operationType Type of the operation this challenge is for. - * @param parameters Operation parameters. - * @param externalAuthenticationId External ID of operation, i.e., transaction in transaction system. - * @return Assertion challenge. - * @throws Exception In case any issue occur during processing. - */ - AssertionChallenge provideChallengeForAuthentication(String userId, List applicationIds, String operationType, Map parameters, String externalAuthenticationId) throws Exception; - /** * Revoke challenge based on the challenge value. * diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index 0cca0b6b4..09c433f6d 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -76,7 +76,7 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E throw new Fido2AuthenticationFailedException(error); } - final AuthenticatorAttestationResponse response = requestObject.getResponse(); + final AuthenticatorAttestationResponse response = requestObject.getAuthenticatorParameters().getResponse(); final CollectedClientData clientDataJSON = response.getClientDataJSON(); final String challengeValue = clientDataJSON.getChallenge(); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java index e7d2d23e5..894074388 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java @@ -143,8 +143,9 @@ public GetActivationListForUserResponse getActivationListForUser(GetActivationLi try { final String userId = request.getUserId(); final String applicationId = request.getApplicationId(); + final Set protocols = request.getProtocols(); logger.info("GetActivationListForUserRequest received, user ID: {}, application ID: {}", userId, applicationId); - final GetActivationListForUserResponse response = behavior.getActivationServiceBehavior().getActivationList(applicationId, userId); + final GetActivationListForUserResponse response = behavior.getActivationServiceBehavior().getActivationList(applicationId, userId, protocols); logger.info("GetActivationListForUserRequest succeeded"); return response; } catch (RuntimeException | Error ex) { diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java index 27449d177..45179506e 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java @@ -230,7 +230,7 @@ private void validateCreatedActivation(ActivationRecordEntity activation, Applic * @param userId User ID * @return Response with list of matching activations */ - public GetActivationListForUserResponse getActivationList(String applicationId, String userId) { + public GetActivationListForUserResponse getActivationList(String applicationId, String userId, Set protocols) { // Generate timestamp in advance final Date timestamp = new Date(); @@ -252,6 +252,10 @@ public GetActivationListForUserResponse getActivationList(String applicationId, deactivatePendingActivation(timestamp, activation, false); + if (!protocols.contains(Protocols.valueOf(activation.getProtocol().toUpperCase()))) { // skip authenticators that were not required + continue; + } + // Map between database object and service objects final Activation activationServiceItem = new Activation(); activationServiceItem.setActivationId(activation.getActivationId()); @@ -630,7 +634,7 @@ public GetActivationStatusResponse getActivationStatus(String activationId, Stri * @return Response with activation initialization data * @throws GenericServiceException If invalid values are provided. */ - public InitActivationResponse initActivation(Protocols protocols, String applicationId, String userId, Long maxFailureCount, Date activationExpireTimestamp, + public InitActivationResponse initActivation(Protocols protocol, String applicationId, String userId, Long maxFailureCount, Date activationExpireTimestamp, com.wultra.security.powerauth.client.model.enumeration.ActivationOtpValidation activationOtpValidation, String activationOtp, List flags, KeyConvertor keyConversionUtilities) throws GenericServiceException { try { @@ -761,7 +765,7 @@ public InitActivationResponse initActivation(Protocols protocols, String applica activation.setCtrDataBase64(null); activation.setDevicePublicKeyBase64(null); activation.setExtras(null); - activation.setProtocol(protocols.toString()); + activation.setProtocol(protocol.toString()); activation.setPlatform(null); activation.setDeviceInfo(null); activation.setFailedAttempts(0L); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java new file mode 100644 index 000000000..d8fc7afc4 --- /dev/null +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -0,0 +1,252 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package io.getlime.security.powerauth.app.server.service.fido2; + +import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.service.AssertionVerificationProvider; +import com.wultra.security.powerauth.client.model.entity.KeyValue; +import com.wultra.security.powerauth.client.model.enumeration.OperationStatus; +import com.wultra.security.powerauth.client.model.enumeration.SignatureType; +import com.wultra.security.powerauth.client.model.enumeration.UserActionResult; +import com.wultra.security.powerauth.client.model.request.OperationApproveRequest; +import com.wultra.security.powerauth.client.model.request.OperationCreateRequest; +import com.wultra.security.powerauth.client.model.request.OperationFailApprovalRequest; +import com.wultra.security.powerauth.client.model.response.OperationDetailResponse; +import com.wultra.security.powerauth.client.model.response.OperationUserActionResponse; +import io.getlime.security.powerauth.app.server.database.RepositoryCatalogue; +import io.getlime.security.powerauth.app.server.database.model.AdditionalInformation; +import io.getlime.security.powerauth.app.server.database.model.entity.ActivationRecordEntity; +import io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus; +import io.getlime.security.powerauth.app.server.database.repository.ActivationRepository; +import io.getlime.security.powerauth.app.server.service.behavior.ServiceBehaviorCatalogue; +import io.getlime.security.powerauth.app.server.service.behavior.tasks.AuditingServiceBehavior; +import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException; +import io.getlime.security.powerauth.app.server.service.model.signature.SignatureData; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.Date; +import java.util.List; +import java.util.Map; + +/** + * Service responsible for assertion verification. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Service +public class PowerAuthAssertionProvider implements AssertionVerificationProvider { + + private final ServiceBehaviorCatalogue serviceBehaviorCatalogue; + private final RepositoryCatalogue repositoryCatalogue; + + @Autowired + public PowerAuthAssertionProvider(ServiceBehaviorCatalogue serviceBehaviorCatalogue, RepositoryCatalogue repositoryCatalogue) { + this.serviceBehaviorCatalogue = serviceBehaviorCatalogue; + this.repositoryCatalogue = repositoryCatalogue; + } + + @Override + @Transactional + public AssertionChallenge provideChallengeForAssertion(List applicationIds, String operationType, Map parameters, String externalAuthenticationId) throws GenericServiceException { + final OperationCreateRequest operationCreateRequest = new OperationCreateRequest(); + operationCreateRequest.setApplications(applicationIds); + operationCreateRequest.setTemplateName(operationType); + operationCreateRequest.getParameters().putAll(parameters); + + final OperationDetailResponse operationDetailResponse = serviceBehaviorCatalogue.getOperationBehavior().createOperation(operationCreateRequest); + final AssertionChallenge assertionChallenge = new AssertionChallenge(); + assertionChallenge.setUserId(operationDetailResponse.getUserId()); + assertionChallenge.setApplicationIds(operationDetailResponse.getApplications()); + assertionChallenge.setChallenge(operationDetailResponse.getId() + "&" + operationDetailResponse.getData()); + assertionChallenge.setFailedAttempts(operationDetailResponse.getFailureCount()); + assertionChallenge.setMaxFailedAttempts(operationDetailResponse.getMaxFailureCount()); + return assertionChallenge; + } + + @Override + @Transactional + public AssertionChallenge approveAssertion(String challengeValue, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException { + try { + + final String[] split = challengeValue.split("&", 2); + final String operationId = split[0]; + final String operationData = split[1]; + + final OperationApproveRequest operationApproveRequest = new OperationApproveRequest(); + operationApproveRequest.setOperationId(operationId); + operationApproveRequest.setData(operationData); + operationApproveRequest.setApplicationId(authenticatorDetail.getApplicationId()); + operationApproveRequest.setUserId(authenticatorDetail.getUserId()); + operationApproveRequest.setSignatureType(SignatureType.POSSESSION_KNOWLEDGE); //TODO: Use correct type + //operationApproveRequest.getAdditionalData(); // TODO: Use context data from request + final OperationUserActionResponse approveOperation = serviceBehaviorCatalogue.getOperationBehavior().attemptApproveOperation(operationApproveRequest); + final UserActionResult result = approveOperation.getResult(); + final OperationDetailResponse operation = approveOperation.getOperation(); + if (result == UserActionResult.APPROVED) { + final AssertionChallenge assertionChallenge = new AssertionChallenge(); + assertionChallenge.setChallenge(challengeValue); + assertionChallenge.setUserId(operation.getUserId()); + assertionChallenge.setApplicationIds(operation.getApplications()); + assertionChallenge.setFailedAttempts(operation.getFailureCount()); + assertionChallenge.setMaxFailedAttempts(operation.getMaxFailureCount()); + return assertionChallenge; + } else { + handleStatus(operation.getStatus()); + throw new Fido2AuthenticationFailedException("Operation approval failed"); + } + } catch (GenericServiceException ex) { + throw new Fido2AuthenticationFailedException(ex.getMessage(), ex); + } + } + + @Override + @Transactional + public AssertionChallenge failAssertion(String challengeValue, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException { + try { + final Date currentTimestamp = new Date(); + + final String[] split = challengeValue.split("&", 1); + final String operationId = split[0]; + + final OperationFailApprovalRequest operationFailApprovalRequest = new OperationFailApprovalRequest(); + operationFailApprovalRequest.setOperationId(operationId); + //operationApproveRequest.getAdditionalData(); // TODO: Use context data from request + + final ActivationRecordEntity activationWithLock = repositoryCatalogue.getActivationRepository().findActivationWithLock(authenticatorDetail.getActivationId()); + + handleInvalidSignatureImpl(activationWithLock, new SignatureData(), currentTimestamp); + + final OperationUserActionResponse approveOperation = serviceBehaviorCatalogue.getOperationBehavior().failApprovalOperation(operationFailApprovalRequest); + final OperationDetailResponse operation = approveOperation.getOperation(); + handleStatus(operation.getStatus()); + final AssertionChallenge assertionChallenge = new AssertionChallenge(); + assertionChallenge.setChallenge(challengeValue); + assertionChallenge.setUserId(operation.getUserId()); + assertionChallenge.setApplicationIds(operation.getApplications()); + assertionChallenge.setFailedAttempts(operation.getFailureCount()); + assertionChallenge.setMaxFailedAttempts(operation.getMaxFailureCount()); + return assertionChallenge; + } catch (GenericServiceException ex) { + throw new Fido2AuthenticationFailedException(ex.getMessage(), ex); + } + } + + /** + * Implementation of handle invalid signature. + * @param activation Activation used for signature verification. + * @param signatureData Data related to the signature. + * @param currentTimestamp Signature verification timestamp. + */ + private void handleInvalidSignatureImpl(ActivationRecordEntity activation, SignatureData signatureData, Date currentTimestamp) { + // Get ActivationRepository + final ActivationRepository activationRepository = repositoryCatalogue.getActivationRepository(); + + final AuditingServiceBehavior.ActivationRecordDto activationDto = createActivationDtoFrom(activation); + + // By default do not notify listeners + boolean notifyCallbackListeners = false; + + // Update the last used date + activation.setTimestampLastUsed(currentTimestamp); + + long remainingAttempts = (activation.getMaxFailedAttempts() - activation.getFailedAttempts()); + if (remainingAttempts <= 0) { + activation.setActivationStatus(ActivationStatus.BLOCKED); + activation.setBlockedReason(AdditionalInformation.Reason.BLOCKED_REASON_MAX_FAILED_ATTEMPTS); + // Save the activation and log change + serviceBehaviorCatalogue.getActivationHistoryServiceBehavior().saveActivationAndLogChange(activation); + final KeyValue entry = new KeyValue(); + entry.setKey(AdditionalInformation.Key.BLOCKED_REASON); + entry.setValue(AdditionalInformation.Reason.BLOCKED_REASON_MAX_FAILED_ATTEMPTS); + signatureData.getAdditionalInfo().add(entry); + // notify callback listeners + notifyCallbackListeners = true; + } else { + // Save the activation + activationRepository.save(activation); + } + + // Create the audit log record. + serviceBehaviorCatalogue.getAuditingServiceBehavior().logSignatureAuditRecord(activationDto, signatureData, SignatureType.POSSESSION_KNOWLEDGE,false, null, "signature_does_not_match", currentTimestamp); + + // Notify callback listeners, if needed + if (notifyCallbackListeners) { + serviceBehaviorCatalogue.getCallbackUrlBehavior().notifyCallbackListenersOnActivationChange(activation); + } + } + + /** + * Implementation of handle inactive activation during signature verification. + * @param activation Activation used for signature verification. + * @param signatureData Data related to the signature. + * @param signatureType Used signature type. + * @param currentTimestamp Signature verification timestamp. + */ + private void handleInactiveActivationSignatureImpl(ActivationRecordEntity activation, SignatureData signatureData, SignatureType signatureType, Date currentTimestamp) { + // Get ActivationRepository + final ActivationRepository activationRepository = repositoryCatalogue.getActivationRepository(); + + // Update the last used date + activation.setTimestampLastUsed(currentTimestamp); + + // Save the activation + activationRepository.save(activation); + + // Create the audit log record + final AuditingServiceBehavior.ActivationRecordDto activationDto = createActivationDtoFrom(activation); + serviceBehaviorCatalogue.getAuditingServiceBehavior().logSignatureAuditRecord(activationDto, signatureData, signatureType, false, activation.getVersion(), "activation_invalid_state", currentTimestamp); + } + + /** + * Handle operation status. + * + *
    + *
  • PENDING - noop
    • + *
  • CANCELLED, APPROVED, REJECTED, or EXPIRED - throws exception with appropriate code and message.
    • + *
+ * + * @param status Operation status. + * @throws Fido2AuthenticationFailedException In case operation is in status that does not allow processing, the method throws appropriate exception. + */ + private void handleStatus(OperationStatus status) throws Fido2AuthenticationFailedException { + switch (status) { + case PENDING -> { /* The operation is still pending, no-op. */ } + case CANCELED -> throw new Fido2AuthenticationFailedException("OPERATION_ALREADY_CANCELED - Operation was already canceled"); + case APPROVED, REJECTED -> throw new Fido2AuthenticationFailedException("OPERATION_ALREADY_FINISHED - Operation was already completed"); + case FAILED -> throw new Fido2AuthenticationFailedException("OPERATION_ALREADY_FAILED - Operation already failed"); + default -> throw new Fido2AuthenticationFailedException("OPERATION_EXPIRED - Operation already expired"); + } + } + + private static AuditingServiceBehavior.ActivationRecordDto createActivationDtoFrom(ActivationRecordEntity activation) { + return AuditingServiceBehavior.ActivationRecordDto.builder() + .activationId(activation.getActivationId()) + .applicationId(activation.getApplication().getId()) + .counter(activation.getCounter()) + .ctrDataBase64(activation.getCtrDataBase64()) + .userId(activation.getUserId()) + .activationStatus(activation.getActivationStatus()) + .build(); + } + +} diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java index 4504ff4af..ea6d694a1 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java @@ -90,7 +90,7 @@ public List findByUserId(String userId, String applicationI throw new Fido2AuthenticationFailedException("Application with given ID is not present: " + applicationId); } - final GetActivationListForUserResponse activationList = serviceBehaviorCatalogue.getActivationServiceBehavior().getActivationList(applicationId, userId); + final GetActivationListForUserResponse activationList = serviceBehaviorCatalogue.getActivationServiceBehavior().getActivationList(applicationId, userId, Set.of(Protocols.FIDO2)); final List authenticatorDetailList = new ArrayList<>(); for (Activation activation : activationList.getActivations()) { @@ -100,7 +100,7 @@ public List findByUserId(String userId, String applicationI if (activation.getActivationStatus() == ActivationStatus.REMOVED && activation.getDevicePublicKeyBase64() == null) { // never finished removed activations continue; } - if (!Protocols.FIDO2.toString().equals(activation.getProtocol())) { + if (!Protocols.FIDO2.toString().equalsIgnoreCase(activation.getProtocol())) { // Check the protocol, just in case continue; } final AuthenticatorDetail authenticatorDetail = convert(activation, application.get()); @@ -153,7 +153,7 @@ public AuthenticatorDetail storeAuthenticator(String applicationId, String activ // Search for activation without lock to avoid potential deadlocks ActivationRecordEntity activation = activationRepository.findCreatedActivationWithoutLock(applicationId, activationCode, states, timestamp); - // Make sure to deactivate the activation if it is expired + // Check if the activation exists if (activation == null) { logger.warn("Activation with activation code: {} could not be obtained. It either does not exist or it already expired.", activationCode); // Rollback is not required, error occurs before writing to database diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthChallengeProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthChallengeProvider.java index dabb05842..fce69ead9 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthChallengeProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthChallengeProvider.java @@ -19,18 +19,15 @@ package io.getlime.security.powerauth.app.server.service.fido2; import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; -import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; import com.wultra.powerauth.fido2.service.ChallengeProvider; import com.wultra.security.powerauth.client.model.enumeration.ActivationOtpValidation; -import com.wultra.security.powerauth.client.model.request.OperationCreateRequest; +import com.wultra.security.powerauth.client.model.enumeration.Protocols; import com.wultra.security.powerauth.client.model.response.InitActivationResponse; -import com.wultra.security.powerauth.client.model.response.OperationDetailResponse; import io.getlime.security.powerauth.app.server.database.RepositoryCatalogue; import io.getlime.security.powerauth.app.server.database.model.entity.ActivationRecordEntity; import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationEntity; import io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus; -import com.wultra.security.powerauth.client.model.enumeration.Protocols; import io.getlime.security.powerauth.app.server.service.behavior.ServiceBehaviorCatalogue; import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException; import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor; @@ -41,10 +38,11 @@ import java.util.Date; import java.util.List; -import java.util.Map; import java.util.Optional; /** + * Challenge provider based on the PowerAuth core implementations. + * * @author Petr Dvorak, petr@wultra.com */ @Service @@ -111,22 +109,6 @@ public RegistrationChallenge provideChallengeForRegistration(String userId, Stri return registrationChallenge; } - @Override - @Transactional - public AssertionChallenge provideChallengeForAuthentication(String userId, List applicationIds, String operationType, Map parameters, String externalAuthenticationId) throws GenericServiceException { - final OperationCreateRequest operationCreateRequest = new OperationCreateRequest(); - operationCreateRequest.setApplications(applicationIds); - operationCreateRequest.setTemplateName(operationType); - operationCreateRequest.getParameters().putAll(parameters); - - final OperationDetailResponse operationDetailResponse = serviceBehaviorCatalogue.getOperationBehavior().createOperation(operationCreateRequest); - final AssertionChallenge assertionChallenge = new AssertionChallenge(); - assertionChallenge.setUserId(operationDetailResponse.getUserId()); - assertionChallenge.setApplicationIds(operationDetailResponse.getApplications()); - assertionChallenge.setChallenge(operationDetailResponse.getId() + "&" + operationDetailResponse.getData()); - return assertionChallenge; - } - @Override @Transactional public void revokeChallengeForRegistrationChallengeValue(String applicationId, String challengeValue) throws Fido2AuthenticationFailedException { From 532abfaaa85d9e21b5696f004922a02ce5992868 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Sat, 9 Sep 2023 11:18:03 +0200 Subject: [PATCH 003/146] Allow claiming operation by given user ID by accessing the details --- .../model/request/OperationDetailRequest.java | 5 ++++ .../tasks/OperationServiceBehavior.java | 30 +++++++++++++++++-- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationDetailRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationDetailRequest.java index 674948ccb..8499ab0d4 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationDetailRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationDetailRequest.java @@ -29,4 +29,9 @@ public class OperationDetailRequest { private String operationId; + + /** + * Optional user identifier of the user who is requesting the operation. + */ + private String userId; } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java index 8f59238c9..832e86fcf 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java @@ -385,7 +385,7 @@ public OperationUserActionResponse rejectOperation(OperationRejectRequest reques } final String expectedUserId = operationEntity.getUserId(); - if ((expectedUserId == null || expectedUserId.equals(userId)) // correct user approved the operation, or no prior user was set + if ((expectedUserId == null || expectedUserId.equals(userId)) // correct user rejected the operation, or no prior user was set && operationEntity.getApplications().contains(application.get())) { // operation is rejected by the expected application // Reject the operation @@ -567,7 +567,12 @@ public OperationDetailResponse getOperation(OperationDetailRequest request) thro throw localizationProvider.buildExceptionForCode(ServiceError.OPERATION_NOT_FOUND); } - final OperationEntity operationEntity = expireOperation(operationOptional.get(), currentTimestamp); + final String userId = request.getUserId(); + + final OperationEntity operationEntity = expireOperation( + claimOperation(operationOptional.get(), userId, currentTimestamp), + currentTimestamp + ); final OperationDetailResponse operationDetailResponse = convertFromEntity(operationEntity); generateAndSetOtpToOperationDetail(operationEntity, operationDetailResponse); return operationDetailResponse; @@ -687,6 +692,27 @@ private OperationDetailResponse convertFromEntity(OperationEntity source) { return destination; } + private OperationEntity claimOperation(OperationEntity source, String userId, Date currentTimestamp) throws GenericServiceException { + // If a user accessing the operation is specified in the query, either claim the operation to that user, + // or check if the user is already granted to be able to access the operation. + if (userId != null) { + if (OperationStatusDo.PENDING.equals(source.getStatus()) + && source.getTimestampExpires().before(currentTimestamp)) { + final String operationId = source.getId(); + final String expectedUserId = source.getUserId(); + if (expectedUserId == null) { + logger.info("Operation {} will be assigned to the user {}.", operationId, userId); + source.setUserId(userId); + return operationRepository.save(source); + } else if (!expectedUserId.equals(userId)) { + logger.warn("Operation with ID: {}, was accessed by user: {}, while previously assigned to user: {}.", operationId, userId, expectedUserId); + throw localizationProvider.buildExceptionForCode(ServiceError.OPERATION_NOT_FOUND); + } + } + } + return source; + } + private OperationEntity expireOperation(OperationEntity source, Date currentTimestamp) { // Operation is still pending and timestamp is after the expiration. if (OperationStatusDo.PENDING.equals(source.getStatus()) From dfa3f3ef3d96dae37ec6bf8df33ab4b829c60e61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Fri, 27 Oct 2023 16:49:20 +0200 Subject: [PATCH 004/146] Cleanup the code --- powerauth-fido2/pom.xml | 6 ++-- .../rest/controller/AssertionController.java | 2 -- .../controller/RegistrationController.java | 3 -- .../converter/RegistrationConverter.java | 6 ++-- .../model/entity/AuthenticatorDetail.java | 4 +-- .../model/response/RegistrationResponse.java | 3 +- .../fido2/service/AssertionService.java | 19 ++++++----- .../fido2/service/RegistrationService.java | 15 ++++---- .../AssertionProvider.java} | 4 +-- .../{ => provider}/AuthenticatorProvider.java | 2 +- .../{ => provider}/CryptographyService.java | 2 +- .../RegistrationProvider.java} | 32 ++++++++--------- powerauth-java-server/pom.xml | 2 +- .../fido2/PowerAuthAssertionProvider.java | 4 +-- .../fido2/PowerAuthAuthenticatorProvider.java | 17 +++++++--- .../fido2/PowerAuthCryptographyService.java | 2 +- ...ava => PowerAuthRegistrationProvider.java} | 34 +++++++++---------- .../tasks/ActivationServiceBehaviorTest.java | 3 +- 18 files changed, 82 insertions(+), 78 deletions(-) rename powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/{AssertionVerificationProvider.java => provider/AssertionProvider.java} (97%) rename powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/{ => provider}/AuthenticatorProvider.java (96%) rename powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/{ => provider}/CryptographyService.java (97%) rename powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/{ChallengeProvider.java => provider/RegistrationProvider.java} (81%) rename powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/{PowerAuthChallengeProvider.java => PowerAuthRegistrationProvider.java} (94%) diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml index 0b78d3307..26ed63ec5 100644 --- a/powerauth-fido2/pom.xml +++ b/powerauth-fido2/pom.xml @@ -27,7 +27,7 @@ io.getlime.security powerauth-server-parent - 1.5.0-SNAPSHOT + 1.6.0-SNAPSHOT @@ -75,7 +75,7 @@ io.getlime.security powerauth-java-crypto - 1.5.0-SNAPSHOT + 1.5.1 io.getlime.core @@ -85,7 +85,7 @@ io.getlime.security powerauth-client-model - 1.5.0-SNAPSHOT + 1.6.0-SNAPSHOT diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java index 510fc4612..0d9650988 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java @@ -55,7 +55,6 @@ public AssertionController(AssertionRequestValidator assertionRequestValidator, } @PostMapping("challenge") - @CrossOrigin(origins = "http://localhost:8081") public ObjectResponse requestAssertionChallenge(@Valid @RequestBody ObjectRequest request) throws Exception { final AssertionChallengeRequest requestObject = request.getRequestObject(); final AssertionChallengeResponse assertionChallengeResponse = assertionService.requestAssertionChallenge(requestObject); @@ -63,7 +62,6 @@ public ObjectResponse requestAssertionChallenge(@Val } @PostMapping - @CrossOrigin(origins = "http://localhost:8081") public ObjectResponse authenticate(@Valid @RequestBody ObjectRequest request) throws Fido2AuthenticationFailedException { final AssertionRequest requestObject = request.getRequestObject(); final String error = assertionRequestValidator.validate(requestObject); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java index 01def9fb8..40450dadb 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java @@ -54,7 +54,6 @@ public RegistrationController(RegistrationService registrationService) { } @PostMapping("list") - @CrossOrigin(origins = "http://localhost:8081") public ObjectResponse registeredAuthenticators(@Valid @RequestBody ObjectRequest request) throws Exception { final RegisteredAuthenticatorsRequest requestObject = request.getRequestObject(); final RegisteredAuthenticatorsResponse responseObject = registrationService.registrationsForUser(requestObject.getUserId(), requestObject.getApplicationId()); @@ -62,7 +61,6 @@ public ObjectResponse registeredAuthenticators } @PostMapping("challenge") - @CrossOrigin(origins = "http://localhost:8081") public ObjectResponse requestRegistrationChallenge(@Valid @RequestBody ObjectRequest request) throws Exception { final RegistrationChallengeRequest requestObject = request.getRequestObject(); final RegistrationChallengeResponse responseObject = registrationService.requestRegistrationChallenge(requestObject.getUserId(), requestObject.getApplicationId()); @@ -70,7 +68,6 @@ public ObjectResponse requestRegistrationChalleng } @PostMapping - @CrossOrigin(origins = "http://localhost:8081") public ObjectResponse register(@Valid @RequestBody ObjectRequest request) throws Exception { final RegistrationRequest requestObject = request.getRequestObject(); final RegistrationResponse responseObject = registrationService.register(requestObject); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index 13a504632..338f461fc 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -19,7 +19,6 @@ package com.wultra.powerauth.fido2.rest.model.converter; import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; import com.wultra.powerauth.fido2.rest.model.entity.AaguidList; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorParameters; @@ -44,7 +43,6 @@ public class RegistrationConverter { private final AaguidList aaguidRegistry = new AaguidList(); - private final ObjectMapper objectMapper = new ObjectMapper(); public AuthenticatorDetail convert(RegistrationChallenge challenge, RegistrationRequest requestObject, byte[] aaguid, byte[] publicKey) { try { @@ -70,7 +68,7 @@ public AuthenticatorDetail convert(RegistrationChallenge challenge, Registration } } - private String convertExtras(RegistrationRequest requestObject) throws JsonProcessingException { + private Map convertExtras(RegistrationRequest requestObject) throws JsonProcessingException { final AuthenticatorParameters authenticatorParameters = requestObject.getAuthenticatorParameters(); final Map params = new HashMap<>(); params.put("relyingPartyId", authenticatorParameters.getRelyingPartyId()); @@ -83,7 +81,7 @@ private String convertExtras(RegistrationRequest requestObject) throws JsonProce params.put("topOrigin", authenticatorParameters.getResponse().getClientDataJSON().getTopOrigin()); params.put("isCrossOrigin", authenticatorParameters.getResponse().getClientDataJSON().isCrossOrigin()); params.put("aaguid", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getAaguid()); - return objectMapper.writeValueAsString(params); + return params; } public RegistrationResponse convertRegistrationResponse(AuthenticatorDetail source) { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java index e5b42e7d1..975efe071 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java @@ -21,9 +21,9 @@ import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; import lombok.Data; -import java.math.BigInteger; import java.util.ArrayList; import java.util.List; +import java.util.Map; /** * Information about a registered authenticator. @@ -39,7 +39,7 @@ public class AuthenticatorDetail { private String activationName; private String externalId; private ActivationStatus activationStatus; - private String extras; + private Map extras; private String platform; private String deviceInfo; private String blockedReason; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java index 2df4e62e2..694379991 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java @@ -24,6 +24,7 @@ import java.math.BigInteger; import java.util.ArrayList; import java.util.List; +import java.util.Map; /** * @author Petr Dvorak, petr@wultra.com @@ -37,7 +38,7 @@ public class RegistrationResponse { private String externalId; private String activationName; private ActivationStatus activationStatus; - private String extras; + private Map extras; private String platform; private String deviceInfo; private String blockedReason; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 0ad65cdff..eab7b88c1 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -28,6 +28,9 @@ import com.wultra.powerauth.fido2.rest.model.request.AssertionRequest; import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; import com.wultra.powerauth.fido2.rest.model.response.AssertionVerificationResponse; +import com.wultra.powerauth.fido2.service.provider.AssertionProvider; +import com.wultra.powerauth.fido2.service.provider.AuthenticatorProvider; +import com.wultra.powerauth.fido2.service.provider.CryptographyService; import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; @@ -43,18 +46,16 @@ public class AssertionService { private final CryptographyService cryptographyService; - private final ChallengeProvider challengeProvider; private final AuthenticatorProvider authenticatorProvider; - private final AssertionVerificationProvider assertionVerificationProvider; + private final AssertionProvider assertionProvider; private final AssertionConverter assertionConverter; private final AssertionChallengeConverter assertionChallengeConverter; @Autowired - public AssertionService(CryptographyService cryptographyService, ChallengeProvider challengeProvider, AuthenticatorProvider authenticatorProvider, AssertionVerificationProvider assertionVerificationProvider, AssertionConverter assertionConverter, AssertionChallengeConverter assertionChallengeConverter) { + public AssertionService(CryptographyService cryptographyService, AuthenticatorProvider authenticatorProvider, AssertionProvider assertionProvider, AssertionConverter assertionConverter, AssertionChallengeConverter assertionChallengeConverter) { this.cryptographyService = cryptographyService; - this.challengeProvider = challengeProvider; this.authenticatorProvider = authenticatorProvider; - this.assertionVerificationProvider = assertionVerificationProvider; + this.assertionProvider = assertionProvider; this.assertionConverter = assertionConverter; this.assertionChallengeConverter = assertionChallengeConverter; } @@ -66,7 +67,7 @@ public AssertionService(CryptographyService cryptographyService, ChallengeProvid * @return Assertion challenge information. */ public AssertionChallengeResponse requestAssertionChallenge(AssertionChallengeRequest request) throws Exception { - final AssertionChallenge assertionChallenge = assertionVerificationProvider.provideChallengeForAssertion( + final AssertionChallenge assertionChallenge = assertionProvider.provideChallengeForAssertion( request.getApplicationIds(), request.getOperationType(), request.getParameters(), request.getExternalId() ); if (assertionChallenge == null) { @@ -91,14 +92,14 @@ public AssertionVerificationResponse authenticate(AssertionRequest request) thro if (authenticatorDetail.getActivationStatus() == ActivationStatus.ACTIVE) { final boolean signatureCorrect = cryptographyService.verifySignatureForAssertion(applicationId, authenticatorId, response.getClientDataJSON(), response.getAuthenticatorData(), response.getSignature(), authenticatorDetail); if (signatureCorrect) { - assertionVerificationProvider.approveAssertion(challenge, authenticatorDetail); + assertionProvider.approveAssertion(challenge, authenticatorDetail); return assertionConverter.fromAuthenticatorDetail(authenticatorDetail, signatureCorrect); } else { - assertionVerificationProvider.failAssertion(challenge, authenticatorDetail); + assertionProvider.failAssertion(challenge, authenticatorDetail); throw new Fido2AuthenticationFailedException("Authentication failed due to incorrect signature."); } } else { - assertionVerificationProvider.failAssertion(challenge, authenticatorDetail); + assertionProvider.failAssertion(challenge, authenticatorDetail); throw new Fido2AuthenticationFailedException("Authentication failed due to incorrect authenticator state."); } } catch (Exception e) { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index 09c433f6d..ea8422e88 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -27,6 +27,9 @@ import com.wultra.powerauth.fido2.rest.model.response.RegistrationChallengeResponse; import com.wultra.powerauth.fido2.rest.model.response.RegistrationResponse; import com.wultra.powerauth.fido2.rest.model.validator.RegistrationRequestValidator; +import com.wultra.powerauth.fido2.service.provider.AuthenticatorProvider; +import com.wultra.powerauth.fido2.service.provider.CryptographyService; +import com.wultra.powerauth.fido2.service.provider.RegistrationProvider; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -41,16 +44,16 @@ public class RegistrationService { private final AuthenticatorProvider authenticatorProvider; - private final ChallengeProvider challengeProvider; + private final RegistrationProvider registrationProvider; private final RegistrationChallengeConverter registrationChallengeConverter; private final RegistrationConverter registrationConverter; private final RegistrationRequestValidator registrationRequestValidator; private final CryptographyService cryptographyService; @Autowired - public RegistrationService(AuthenticatorProvider authenticatorProvider, ChallengeProvider challengeProvider, RegistrationChallengeConverter registrationChallengeConverter, RegistrationConverter registrationConverter, RegistrationRequestValidator registrationRequestValidator, CryptographyService cryptographyService) { + public RegistrationService(AuthenticatorProvider authenticatorProvider, RegistrationProvider registrationProvider, RegistrationChallengeConverter registrationChallengeConverter, RegistrationConverter registrationConverter, RegistrationRequestValidator registrationRequestValidator, CryptographyService cryptographyService) { this.authenticatorProvider = authenticatorProvider; - this.challengeProvider = challengeProvider; + this.registrationProvider = registrationProvider; this.registrationChallengeConverter = registrationChallengeConverter; this.registrationConverter = registrationConverter; this.registrationRequestValidator = registrationRequestValidator; @@ -64,7 +67,7 @@ public RegisteredAuthenticatorsResponse registrationsForUser(String userId, Stri } public RegistrationChallengeResponse requestRegistrationChallenge(String userId, String applicationId) throws Exception { - final RegistrationChallenge challenge = challengeProvider.provideChallengeForRegistration(userId, applicationId); + final RegistrationChallenge challenge = registrationProvider.provideChallengeForRegistration(userId, applicationId); return registrationChallengeConverter.fromChallenge(challenge); } @@ -93,14 +96,14 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E final boolean verifySignature = cryptographyService.verifySignatureForRegistration(applicationId, clientDataJSON, authData, signature, attestedCredentialData); if (!verifySignature) { // Immediately revoke the challenge - challengeProvider.revokeChallengeForRegistrationChallengeValue(applicationId, challengeValue); + registrationProvider.revokeChallengeForRegistrationChallengeValue(applicationId, challengeValue); throw new Fido2AuthenticationFailedException("Registration failed"); } } else { logger.info("No signature verification on registration"); } - final RegistrationChallenge challenge = challengeProvider.provideChallengeForRegistrationChallengeValue(applicationId, challengeValue); + final RegistrationChallenge challenge = registrationProvider.provideChallengeForRegistrationChallengeValue(applicationId, challengeValue); final AuthenticatorDetail authenticatorDetail = registrationConverter.convert(challenge, requestObject, attestedCredentialData.getAaguid(), cryptographyService.publicKeyToBytes(attestedCredentialData)); final AuthenticatorDetail authenticatorDetailResponse = authenticatorProvider.storeAuthenticator(requestObject.getApplicationId(), challenge.getChallenge(), authenticatorDetail); return registrationConverter.convertRegistrationResponse(authenticatorDetailResponse); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionVerificationProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java similarity index 97% rename from powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionVerificationProvider.java rename to powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java index 385d7a7d1..e2bae3032 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionVerificationProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java @@ -16,7 +16,7 @@ * along with this program. If not, see . */ -package com.wultra.powerauth.fido2.service; +package com.wultra.powerauth.fido2.service.provider; import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; @@ -30,7 +30,7 @@ * * @author Petr Dvorak, petr@wultra.com */ -public interface AssertionVerificationProvider { +public interface AssertionProvider { /** * Obtain challenge for authentication. diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AuthenticatorProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java similarity index 96% rename from powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AuthenticatorProvider.java rename to powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java index 1b7cfcb20..7587b3dce 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AuthenticatorProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java @@ -16,7 +16,7 @@ * along with this program. If not, see . */ -package com.wultra.powerauth.fido2.service; +package com.wultra.powerauth.fido2.service.provider; import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/CryptographyService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java similarity index 97% rename from powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/CryptographyService.java rename to powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java index f5ed5e0f0..aeeadbcc2 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/CryptographyService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java @@ -16,7 +16,7 @@ * along with this program. If not, see . */ -package com.wultra.powerauth.fido2.service; +package com.wultra.powerauth.fido2.service.provider; import com.wultra.powerauth.fido2.rest.model.entity.AttestedCredentialData; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/ChallengeProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java similarity index 81% rename from powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/ChallengeProvider.java rename to powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java index 088893ec9..18b3981cd 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/ChallengeProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java @@ -16,43 +16,39 @@ * along with this program. If not, see . */ -package com.wultra.powerauth.fido2.service; +package com.wultra.powerauth.fido2.service.provider; -import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; -import java.util.List; -import java.util.Map; - /** - * Interface for challenge providers. + * Interface for registration use-cases. * * @author Petr Dvorak, petr@wultra.com */ -public interface ChallengeProvider { +public interface RegistrationProvider { /** - * Obtain challenge information based on challenge value for registration. + * Obtain a new challenge for registration. * - * @param applicationId Application key. - * @param challenge Challenge value. - * @return Challenge Information. + * @param userId User ID. + * @param applicationId Application ID. + * @return Registration challenge. * @throws Exception In case any issue occur during processing. */ - RegistrationChallenge provideChallengeForRegistrationChallengeValue(String applicationId, String challenge) throws Exception; + RegistrationChallenge provideChallengeForRegistration(String userId, String applicationId) throws Exception; /** - * Obtain challenge for registration. + * Obtain an existing challenge information based on challenge value for registration. * - * @param userId User ID. - * @param applicationId Application ID. - * @return Registration challenge. + * @param applicationId Application key. + * @param challenge Challenge value. + * @return Challenge Information. * @throws Exception In case any issue occur during processing. */ - RegistrationChallenge provideChallengeForRegistration(String userId, String applicationId) throws Exception; + RegistrationChallenge provideChallengeForRegistrationChallengeValue(String applicationId, String challenge) throws Exception; /** - * Revoke challenge based on the challenge value. + * Revoke existing challenge based on the challenge value. * * @param applicationId Application ID. * @param challengeValue Challenge value. diff --git a/powerauth-java-server/pom.xml b/powerauth-java-server/pom.xml index 4a5210ee0..b035b0971 100644 --- a/powerauth-java-server/pom.xml +++ b/powerauth-java-server/pom.xml @@ -116,7 +116,7 @@ io.getlime.security powerauth-fido2 - 1.5.0-SNAPSHOT + 1.6.0-SNAPSHOT diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index d8fc7afc4..4ed907795 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -21,7 +21,7 @@ import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; -import com.wultra.powerauth.fido2.service.AssertionVerificationProvider; +import com.wultra.powerauth.fido2.service.provider.AssertionProvider; import com.wultra.security.powerauth.client.model.entity.KeyValue; import com.wultra.security.powerauth.client.model.enumeration.OperationStatus; import com.wultra.security.powerauth.client.model.enumeration.SignatureType; @@ -54,7 +54,7 @@ * @author Petr Dvorak, petr@wultra.com */ @Service -public class PowerAuthAssertionProvider implements AssertionVerificationProvider { +public class PowerAuthAssertionProvider implements AssertionProvider { private final ServiceBehaviorCatalogue serviceBehaviorCatalogue; private final RepositoryCatalogue repositoryCatalogue; diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java index b1d320c98..5be941632 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java @@ -18,9 +18,12 @@ package io.getlime.security.powerauth.app.server.service.fido2; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.ObjectMapper; import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; -import com.wultra.powerauth.fido2.service.AuthenticatorProvider; +import com.wultra.powerauth.fido2.service.provider.AuthenticatorProvider; import com.wultra.security.powerauth.client.model.entity.Activation; import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; import com.wultra.security.powerauth.client.model.response.GetActivationListForUserResponse; @@ -42,7 +45,6 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.domain.PageRequest; -import org.springframework.data.domain.Pageable; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -66,6 +68,7 @@ public class PowerAuthAuthenticatorProvider implements AuthenticatorProvider { private LocalizationProvider localizationProvider; private final KeyConvertor keyConvertor = new KeyConvertor(); + private final ObjectMapper objectMapper = new ObjectMapper(); private final ActivationStatusConverter activationStatusConverter = new ActivationStatusConverter(); @Autowired @@ -201,7 +204,7 @@ public AuthenticatorDetail storeAuthenticator(String applicationId, String activ activation.setDevicePublicKeyBase64(Base64.getEncoder().encodeToString(keyConvertor.convertPublicKeyToBytes(devicePublicKey))); activation.setActivationName(authenticatorDetail.getActivationName()); activation.setExternalId(authenticatorDetail.getExternalId()); - activation.setExtras(authenticatorDetail.getExtras()); + activation.setExtras(objectMapper.writeValueAsString(authenticatorDetail.getExtras())); if (authenticatorDetail.getPlatform() != null) { activation.setPlatform(authenticatorDetail.getPlatform().toLowerCase()); } else { @@ -248,6 +251,8 @@ public AuthenticatorDetail storeAuthenticator(String applicationId, String activ logger.error(ex.getMessage(), ex); // Rollback is not required, cryptography errors can only occur before writing to database throw new Fido2AuthenticationFailedException("Invalid cryptography provider"); + } catch (JsonProcessingException e) { + throw new Fido2AuthenticationFailedException("Unable to serialize extras"); } catch (GenericServiceException e) { throw new Fido2AuthenticationFailedException("Generic service exception"); } @@ -263,7 +268,11 @@ private AuthenticatorDetail convert(Activation activation, ApplicationEntity app authenticatorDetail.setActivationStatus(activation.getActivationStatus()); authenticatorDetail.setActivationName(activation.getActivationName()); authenticatorDetail.setExternalId(activation.getExternalId()); - authenticatorDetail.setExtras(activation.getExtras()); + try { + authenticatorDetail.setExtras(objectMapper.readValue(activation.getExtras(), new TypeReference>() {})); + } catch (JsonProcessingException e) { + // + } authenticatorDetail.setActivationFlags(activation.getActivationFlags()); authenticatorDetail.setDeviceInfo(activation.getDeviceInfo()); authenticatorDetail.setPlatform(activation.getPlatform()); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java index a1c21e340..01ac9fe28 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java @@ -19,7 +19,7 @@ package io.getlime.security.powerauth.app.server.service.fido2; import com.wultra.powerauth.fido2.rest.model.entity.*; -import com.wultra.powerauth.fido2.service.CryptographyService; +import com.wultra.powerauth.fido2.service.provider.CryptographyService; import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException; import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException; import io.getlime.security.powerauth.crypto.lib.util.Hash; diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthChallengeProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java similarity index 94% rename from powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthChallengeProvider.java rename to powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java index fce69ead9..da1be956d 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthChallengeProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java @@ -20,7 +20,7 @@ import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; -import com.wultra.powerauth.fido2.service.ChallengeProvider; +import com.wultra.powerauth.fido2.service.provider.RegistrationProvider; import com.wultra.security.powerauth.client.model.enumeration.ActivationOtpValidation; import com.wultra.security.powerauth.client.model.enumeration.Protocols; import com.wultra.security.powerauth.client.model.response.InitActivationResponse; @@ -47,7 +47,7 @@ */ @Service @Slf4j -public class PowerAuthChallengeProvider implements ChallengeProvider { +public class PowerAuthRegistrationProvider implements RegistrationProvider { private final RepositoryCatalogue repositoryCatalogue; private final ServiceBehaviorCatalogue serviceBehaviorCatalogue; @@ -55,11 +55,24 @@ public class PowerAuthChallengeProvider implements ChallengeProvider { private final KeyConvertor keyConvertor = new KeyConvertor(); @Autowired - public PowerAuthChallengeProvider(RepositoryCatalogue repositoryCatalogue, ServiceBehaviorCatalogue serviceBehaviorCatalogue) { + public PowerAuthRegistrationProvider(RepositoryCatalogue repositoryCatalogue, ServiceBehaviorCatalogue serviceBehaviorCatalogue) { this.repositoryCatalogue = repositoryCatalogue; this.serviceBehaviorCatalogue = serviceBehaviorCatalogue; } + @Override + @Transactional + public RegistrationChallenge provideChallengeForRegistration(String userId, String applicationId) throws GenericServiceException { + final InitActivationResponse initActivationResponse = serviceBehaviorCatalogue.getActivationServiceBehavior() + .initActivation(Protocols.FIDO2, applicationId, userId, null, null, ActivationOtpValidation.NONE, null, null, keyConvertor); + final RegistrationChallenge registrationChallenge = new RegistrationChallenge(); + registrationChallenge.setUserId(initActivationResponse.getUserId()); + registrationChallenge.setApplicationId(initActivationResponse.getApplicationId()); + registrationChallenge.setActivationId(initActivationResponse.getActivationId()); + registrationChallenge.setChallenge(initActivationResponse.getActivationCode()); + return registrationChallenge; + } + @Override @Transactional public RegistrationChallenge provideChallengeForRegistrationChallengeValue(String applicationId, String challengeValue) throws Fido2AuthenticationFailedException { @@ -96,19 +109,6 @@ public RegistrationChallenge provideChallengeForRegistrationChallengeValue(Strin return assertionChallenge; } - @Override - @Transactional - public RegistrationChallenge provideChallengeForRegistration(String userId, String applicationId) throws GenericServiceException { - final InitActivationResponse initActivationResponse = serviceBehaviorCatalogue.getActivationServiceBehavior() - .initActivation(Protocols.FIDO2, applicationId, userId, null, null, ActivationOtpValidation.NONE, null, null, keyConvertor); - final RegistrationChallenge registrationChallenge = new RegistrationChallenge(); - registrationChallenge.setUserId(initActivationResponse.getUserId()); - registrationChallenge.setApplicationId(initActivationResponse.getApplicationId()); - registrationChallenge.setActivationId(initActivationResponse.getActivationId()); - registrationChallenge.setChallenge(initActivationResponse.getActivationCode()); - return registrationChallenge; - } - @Override @Transactional public void revokeChallengeForRegistrationChallengeValue(String applicationId, String challengeValue) throws Fido2AuthenticationFailedException { @@ -130,7 +130,7 @@ public void revokeChallengeForRegistrationChallengeValue(String applicationId, S .findCreatedActivationWithoutLock(applicationId, activationCode, statuses, currentTimestamp); if (activationRecordEntity == null) { - throw new Fido2AuthenticationFailedException("With given value not found."); + throw new Fido2AuthenticationFailedException("Registration with given value not found."); } final String activationId = activationRecordEntity.getActivationId(); diff --git a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehaviorTest.java b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehaviorTest.java index 8242670bd..39eb6df72 100644 --- a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehaviorTest.java +++ b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehaviorTest.java @@ -19,6 +19,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import com.wultra.security.powerauth.client.model.enumeration.Protocols; import com.wultra.security.powerauth.client.model.enumeration.RecoveryCodeStatus; import com.wultra.security.powerauth.client.model.request.*; import com.wultra.security.powerauth.client.model.response.*; @@ -344,7 +345,7 @@ private RecoveryCodeActivationRequest buildRecoveryCodeActivationRequest(String } private InitActivationResponse initActivation(String applicationId) throws Exception { - return tested.initActivation(applicationId, userId, null, null, null, null, null, keyConvertor); + return tested.initActivation(Protocols.POWERAUTH, applicationId, userId, null, null, null, null, null, keyConvertor); } private GetApplicationDetailResponse createApplication() throws Exception { From f7223449d2a0bf92157ad7a88b04a981c56f73e9 Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Fri, 3 Nov 2023 12:31:49 +0100 Subject: [PATCH 005/146] Use correct separator for activation code and its signature --- .../app/server/service/fido2/PowerAuthRegistrationProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java index da1be956d..8d9387026 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java @@ -87,7 +87,7 @@ public RegistrationChallenge provideChallengeForRegistrationChallengeValue(Strin final Date currentTimestamp = new Date(); // Obtain just the activation code part, just in case there was a value with signature - final String[] split = challengeValue.split("&", 1); + final String[] split = challengeValue.split("#", 1); final String activationCode = split[0]; // Only allow created activations to be finished From 1d3c260c746cb302f51b0b75415d51cac25ec1e4 Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Fri, 3 Nov 2023 12:32:33 +0100 Subject: [PATCH 006/146] Fix typo --- .../com/wultra/powerauth/fido2/rest/model/entity/Flags.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java index d7ea3d5c5..3f93a6e16 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java @@ -33,6 +33,6 @@ public class Flags { private boolean backupState; private boolean reservedBit6; private boolean attestedCredentialsIncluded; - private boolean extensionDataInlcuded; + private boolean extensionDataIncluded; } From a3058e640c0545725771ad79c4b3ff0bf5649140 Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Tue, 7 Nov 2023 15:25:25 +0100 Subject: [PATCH 007/146] Fix typo --- .../converter/serialization/AuthenticatorDataDeserializer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java index 5a8ecb00c..11ebfaeb3 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java @@ -80,7 +80,7 @@ public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationConte flags.setBackupState(isFlagOn(flagByte, 4)); flags.setReservedBit6(isFlagOn(flagByte, 5)); flags.setAttestedCredentialsIncluded(isFlagOn(flagByte,6)); - flags.setExtensionDataInlcuded(isFlagOn(flagByte,7)); + flags.setExtensionDataIncluded(isFlagOn(flagByte,7)); // Get Signature Counter final byte[] signCountBytes = new byte[4]; From 56e997335f654c6637aadca269972a5a708b2487 Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Tue, 7 Nov 2023 16:39:45 +0100 Subject: [PATCH 008/146] Fix incorrect activation code parsing --- .../app/server/service/fido2/PowerAuthRegistrationProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java index 8d9387026..f9be5ee22 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java @@ -122,7 +122,7 @@ public void revokeChallengeForRegistrationChallengeValue(String applicationId, S } // Obtain just the activation code part, just in case there was a value with signature - final String[] split = challengeValue.split("&", 1); + final String[] split = challengeValue.split("#", 1); final String activationCode = split[0]; final List statuses = List.of(ActivationStatus.CREATED, ActivationStatus.PENDING_COMMIT, ActivationStatus.ACTIVE, ActivationStatus.BLOCKED); From ba9b41f8b2502e6cc21318f9c6f886f70568f29f Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Wed, 8 Nov 2023 18:13:43 +0100 Subject: [PATCH 009/146] Fix error message for checking webauthn method --- .../fido2/rest/model/validator/AssertionRequestValidator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java index f9b1addfb..5334ba035 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java @@ -48,7 +48,7 @@ public String validate(AssertionRequest request) { final CollectedClientData clientDataJSON = request.getResponse().getClientDataJSON(); if (!"webauthn.get".equals(clientDataJSON.getType())) { - return "Request does not contain webauthn.create type."; + return "Request does not contain webauthn.get type."; } final String expectedChallenge = request.getExpectedChallenge(); From 87d76298bc8aa2f959e11475c852c8e280a8d97c Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Wed, 8 Nov 2023 18:23:50 +0100 Subject: [PATCH 010/146] Fix typo --- .../service/behavior/tasks/ActivationServiceBehavior.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java index ed97d6806..9249ef512 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java @@ -237,7 +237,7 @@ private void validateCreatedActivation(ActivationRecordEntity activation, Applic * @param applicationId The Application ID for which to retrieve activations. If this is null, activations for all * applications associated with the provided user ID are retrieved. * @param userId The User ID for which to retrieve activations. This is required and cannot be null. - * @param protocols Set of protocols to be returned.. + * @param protocols Set of protocols to be returned. * @param pageable An object that defines the pagination properties, including the page number and the size of each page. * It is used to retrieve the activations in a paginated format. * @return A {@link GetActivationListForUserResponse} object that includes the list of matching activations. Each From 8c3d111d3265938d1ed2ad8dff138f5b4e16d70b Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Wed, 8 Nov 2023 18:27:09 +0100 Subject: [PATCH 011/146] Avoid using equalsIgnoreCase for security-related codea --- .../server/service/fido2/PowerAuthAuthenticatorProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java index 5be941632..0ec177b86 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java @@ -107,7 +107,7 @@ public List findByUserId(String userId, String applicationI if (activation.getActivationStatus() == ActivationStatus.REMOVED && activation.getDevicePublicKeyBase64() == null) { // never finished removed activations continue; } - if (!Protocols.FIDO2.toString().equalsIgnoreCase(activation.getProtocol())) { // Check the protocol, just in case + if (!Protocols.FIDO2.toString().equals(activation.getProtocol())) { // Check the protocol, just in case continue; } final AuthenticatorDetail authenticatorDetail = convert(activation, application.get()); From 50618df5997b686012ff204624fafa3b6b912274 Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Wed, 8 Nov 2023 18:27:43 +0100 Subject: [PATCH 012/146] Fix typo --- .../powerauth-java-server/1.5.x/20230430-add-columns-fido2.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-fido2.xml b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-fido2.xml index 85e5b3a14..a4203c2d3 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-fido2.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-fido2.xml @@ -46,7 +46,7 @@ - + From bdf114d7358b6470bdd36d6f879ca3b48fce10eb Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Wed, 8 Nov 2023 19:45:06 +0100 Subject: [PATCH 013/146] Check flag position within byte --- .../serialization/AuthenticatorDataDeserializer.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java index 11ebfaeb3..f7eb70b3a 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java @@ -138,7 +138,10 @@ public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationConte return result; } - private boolean isFlagOn(byte flags, int position) { + private boolean isFlagOn(byte flags, int position) throws IOException { + if (position < 0 || position > 7) { + throw new IOException("Invalid position for flag: " + position); + } return ((flags >> position) & 1) == 1; } From 20692828cbc38f71a2f62ddb232c6f7cc6a5d2e3 Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Wed, 8 Nov 2023 19:47:36 +0100 Subject: [PATCH 014/146] Avoid initialization of point with default zero-based byte arrays used for x and y coordinates --- .../serialization/AuthenticatorDataDeserializer.java | 7 +++++-- .../powerauth/fido2/rest/model/entity/PublicKeyObject.java | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java index f7eb70b3a..f6588489e 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java @@ -25,6 +25,7 @@ import com.fasterxml.jackson.databind.deser.std.StdDeserializer; import com.fasterxml.jackson.dataformat.cbor.databind.CBORMapper; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; +import com.wultra.powerauth.fido2.rest.model.entity.EllipticCurvePoint; import com.wultra.powerauth.fido2.rest.model.entity.Flags; import com.wultra.powerauth.fido2.rest.model.entity.PublicKeyObject; import com.wultra.powerauth.fido2.rest.model.enumeration.CurveType; @@ -129,8 +130,10 @@ public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationConte final byte[] xBytes = (byte[]) credentialPublicKeyMap.get("-2"); final byte[] yBytes = (byte[]) credentialPublicKeyMap.get("-3"); - publicKeyObject.getPoint().setX(xBytes); - publicKeyObject.getPoint().setY(yBytes); + final EllipticCurvePoint point = new EllipticCurvePoint(); + point.setX(xBytes); + point.setY(yBytes); + publicKeyObject.setPoint(point); result.getAttestedCredentialData().setPublicKeyObject(publicKeyObject); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java index 58ac15f71..60e0f20d6 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java @@ -30,6 +30,6 @@ public class PublicKeyObject { private SignatureAlgorithm algorithm; private CurveType curveType; - private EllipticCurvePoint point = new EllipticCurvePoint(); + private EllipticCurvePoint point; } From d4a16c2c4ebbfa020edbb7fc95692769de781276 Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Wed, 8 Nov 2023 20:54:53 +0100 Subject: [PATCH 015/146] Remove unused dependency --- powerauth-fido2/pom.xml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml index 26ed63ec5..a6297d7d9 100644 --- a/powerauth-fido2/pom.xml +++ b/powerauth-fido2/pom.xml @@ -50,11 +50,6 @@ springdoc-openapi-starter-webmvc-ui 2.1.0 - - org.springframework.boot - spring-boot-starter-tomcat - provided - com.fasterxml.jackson.dataformat From 535320680634c7cce5000e703dea48545f0310bc Mon Sep 17 00:00:00 2001 From: "roman.strobl@wultra.com" Date: Wed, 8 Nov 2023 20:59:35 +0100 Subject: [PATCH 016/146] Fix imports --- .../powerauth/fido2/rest/controller/AssertionController.java | 5 ++++- .../fido2/rest/controller/RegistrationController.java | 5 ++++- .../serialization/CollectedClientDataDeserializer.java | 2 -- .../rest/model/entity/AuthenticatorAttestationResponse.java | 1 - .../fido2/rest/model/request/RegistrationRequest.java | 4 ---- .../rest/model/response/AssertionVerificationResponse.java | 1 - .../fido2/rest/model/response/RegistrationResponse.java | 1 - .../wultra/powerauth/fido2/service/RegistrationService.java | 2 +- 8 files changed, 9 insertions(+), 12 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java index 0d9650988..6b8b5f573 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java @@ -31,7 +31,10 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; /** * Controller responsible for FIDO2 assertion handling. diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java index 40450dadb..69c4817e6 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java @@ -32,7 +32,10 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; /** * Controller responsible for FIDO2 authenticator registration handling. diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java index 5b53b39c1..c2eda992f 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java @@ -18,7 +18,6 @@ package com.wultra.powerauth.fido2.rest.model.converter.serialization; -import com.fasterxml.jackson.core.JacksonException; import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.DeserializationFeature; @@ -26,7 +25,6 @@ import com.fasterxml.jackson.databind.deser.std.StdDeserializer; import com.wultra.powerauth.fido2.rest.model.entity.CollectedClientData; import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import java.io.IOException; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java index 94a4538ce..f78eb68be 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java @@ -20,7 +20,6 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.wultra.powerauth.fido2.rest.model.converter.serialization.AttestationObjectDeserializer; -import com.wultra.powerauth.fido2.rest.model.converter.serialization.Base64ToByteArrayDeserializer; import com.wultra.powerauth.fido2.rest.model.converter.serialization.CollectedClientDataDeserializer; import lombok.Data; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java index cd63a4038..ae64d98fc 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java @@ -18,14 +18,10 @@ package com.wultra.powerauth.fido2.rest.model.request; -import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAttestationResponse; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorParameters; import jakarta.validation.constraints.NotBlank; import lombok.Data; -import java.util.ArrayList; -import java.util.List; - /** * @author Petr Dvorak, petr@wultra.com */ diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java index f80bdd017..80c101085 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java @@ -21,7 +21,6 @@ import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; import lombok.Data; -import java.math.BigInteger; import java.util.ArrayList; import java.util.List; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java index 694379991..c0015dcf5 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java @@ -21,7 +21,6 @@ import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; import lombok.Data; -import java.math.BigInteger; import java.util.ArrayList; import java.util.List; import java.util.Map; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index ea8422e88..877f17a57 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -19,8 +19,8 @@ package com.wultra.powerauth.fido2.service; import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; -import com.wultra.powerauth.fido2.rest.model.converter.RegistrationConverter; import com.wultra.powerauth.fido2.rest.model.converter.RegistrationChallengeConverter; +import com.wultra.powerauth.fido2.rest.model.converter.RegistrationConverter; import com.wultra.powerauth.fido2.rest.model.entity.*; import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; import com.wultra.powerauth.fido2.rest.model.response.RegisteredAuthenticatorsResponse; From 147da015c2689bb7e0235c20104655f0f6025804 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Tue, 14 Nov 2023 12:02:10 +0100 Subject: [PATCH 017/146] Fix incorrect split character --- .../server/service/fido2/PowerAuthRegistrationProvider.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java index da1be956d..f9be5ee22 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java @@ -87,7 +87,7 @@ public RegistrationChallenge provideChallengeForRegistrationChallengeValue(Strin final Date currentTimestamp = new Date(); // Obtain just the activation code part, just in case there was a value with signature - final String[] split = challengeValue.split("&", 1); + final String[] split = challengeValue.split("#", 1); final String activationCode = split[0]; // Only allow created activations to be finished @@ -122,7 +122,7 @@ public void revokeChallengeForRegistrationChallengeValue(String applicationId, S } // Obtain just the activation code part, just in case there was a value with signature - final String[] split = challengeValue.split("&", 1); + final String[] split = challengeValue.split("#", 1); final String activationCode = split[0]; final List statuses = List.of(ActivationStatus.CREATED, ActivationStatus.PENDING_COMMIT, ActivationStatus.ACTIVE, ActivationStatus.BLOCKED); From 287baf77e5231685ad1ae16c94c7bcfbc51a46ae Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Tue, 14 Nov 2023 22:47:16 +0100 Subject: [PATCH 018/146] Fix #1129: Add a new REST client for FIDO2 services --- .../client/PowerAuthFido2Client.java | 198 ++++++++++++++ .../model/entity/fido2/AttestationObject.java | 38 +++ .../entity/fido2/AttestationStatement.java | 33 +++ .../entity/fido2/AttestedCredentialData.java | 33 +++ .../fido2/AuthenticatorAssertionResponse.java | 39 +++ .../AuthenticatorAttestationResponse.java | 35 +++ .../model/entity/fido2/AuthenticatorData.java | 42 +++ .../entity/fido2/AuthenticatorDetail.java | 52 ++++ .../entity/fido2/AuthenticatorParameters.java | 48 ++++ .../entity/fido2/CollectedClientData.java | 43 +++ .../entity/fido2/EllipticCurvePoint.java | 32 +++ .../client/model/entity/fido2/Flags.java | 38 +++ .../model/entity/fido2/PublicKeyObject.java | 35 +++ .../model/enumeration/fido2/CurveType.java | 29 ++ .../enumeration/fido2/SignatureAlgorithm.java | 29 ++ .../fido2/AssertionChallengeRequest.java | 44 +++ .../fido2/AssertionVerificationRequest.java | 52 ++++ .../RegisteredAuthenticatorsRequest.java | 37 +++ .../fido2/RegistrationChallengeRequest.java | 36 +++ .../request/fido2/RegistrationRequest.java | 42 +++ .../fido2/AssertionChallengeResponse.java | 41 +++ .../fido2/AssertionVerificationResponse.java | 45 +++ .../RegisteredAuthenticatorsResponse.java | 35 +++ .../fido2/RegistrationChallengeResponse.java | 34 +++ .../response/fido2/RegistrationResponse.java | 50 ++++ .../rest/controller/AssertionController.java | 8 +- .../controller/RegistrationController.java | 2 +- ...java => AssertionVerificationRequest.java} | 2 +- .../RegisteredAuthenticatorsRequest.java | 5 +- .../validator/AssertionRequestValidator.java | 4 +- .../fido2/service/AssertionService.java | 4 +- .../rest/client/PowerAuthFido2RestClient.java | 258 ++++++++++++++++++ ...PowerAuthFido2RestClientConfiguration.java | 241 ++++++++++++++++ 33 files changed, 1653 insertions(+), 11 deletions(-) create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationObject.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestedCredentialData.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorData.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorDetail.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/CollectedClientData.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/Flags.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/PublicKeyObject.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/CurveType.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/SignatureAlgorithm.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegisteredAuthenticatorsRequest.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationChallengeRequest.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationRequest.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionChallengeResponse.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionVerificationResponse.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegisteredAuthenticatorsResponse.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationChallengeResponse.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationResponse.java rename powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/{AssertionRequest.java => AssertionVerificationRequest.java} (97%) create mode 100644 powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java create mode 100644 powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClientConfiguration.java diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java new file mode 100644 index 000000000..22b60bbcf --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java @@ -0,0 +1,198 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ +package com.wultra.security.powerauth.client; + +import com.wultra.security.powerauth.client.model.entity.fido2.AuthenticatorAssertionResponse; +import com.wultra.security.powerauth.client.model.entity.fido2.AuthenticatorParameters; +import com.wultra.security.powerauth.client.model.error.PowerAuthClientException; +import com.wultra.security.powerauth.client.model.request.fido2.*; +import com.wultra.security.powerauth.client.model.response.fido2.*; +import org.springframework.util.MultiValueMap; + +import java.util.List; +import java.util.Map; + +/** + * PowerAuth FIDO2 client interface. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +public interface PowerAuthFido2Client { + + /** + * Get list of registered authenticators for a user. + * + * @param request Registered authenticator list request. + * @return Registered authenticator list response. + * @throws Exception In case REST API call fails. + */ + RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request) throws Exception; + + /** + * Get list of registered authenticators for a user. + * + * @param request Registered authenticator list request. + * @param queryParams HTTP query parameters. + * @param httpHeaders HTTP headers. + * @return Registered authenticator list response. + * @throws Exception In case REST API call fails. + */ + RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception; + + /** + * Get list of registered authenticators for a user. + * + * @param userId User identifier. + * @param applicationId Application identifier. + * @return Registered authenticator list response. + * @throws Exception In case REST API call fails. + */ + RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(String userId, String applicationId) throws Exception; + + /** + * Request a registration challenge. + * + * @param request Registration challenge request. + * @return Registration challenge response. + * @throws Exception In case REST API call fails. + */ + RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request) throws Exception; + + /** + * Request a registration challenge. + * + * @param request Registration challenge request. + * @param queryParams HTTP query parameters. + * @param httpHeaders HTTP headers. + * @return Registration challenge response. + * @throws Exception In case REST API call fails. + */ + RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception; + + /** + * Request a registration challenge. + * + * @param userId User identifier. + * @param applicationId Application identifier. + * @return Registration challenge response. + * @throws Exception In case REST API call fails. + */ + RegistrationChallengeResponse requestRegistrationChallenge(String userId, String applicationId) throws Exception; + + /** + * @param request Registration request. + * @return Registration response. + * @throws Exception In case REST API call fails. + */ + RegistrationResponse register(RegistrationRequest request) throws Exception; + + /** + * @param request Registration request. + * @param queryParams HTTP query parameters. + * @param httpHeaders HTTP headers. + * @return Registration response. + * @throws Exception In case REST API call fails. + */ + RegistrationResponse register(RegistrationRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception; + + /** + * @param applicationId Application identifier. + * @param activationName Activation name. + * @param expectedChallenge Expected challenge. + * @param authenticatorParameters Authenticator parameters. + * + * @return Registration response. + * @throws Exception In case REST API call fails. + */ + RegistrationResponse register(String applicationId, String activationName, String expectedChallenge, AuthenticatorParameters authenticatorParameters) throws Exception; + + /** + * Call the assertion challenge endpoint of FIDO2 service. + * + * @param request Assertion challenge request. + * @return Assertion challenge response. + * @throws PowerAuthClientException In case REST API call fails. + */ + AssertionChallengeResponse requestAssertionChallenge(AssertionChallengeRequest request) throws PowerAuthClientException; + + /** + * Call the assertion challenge endpoint of FIDO2 service. + * + * @param request Assertion challenge request. + * @param queryParams HTTP query parameters. + * @param httpHeaders HTTP headers. + * @return Assertion challenge response. + * @throws PowerAuthClientException In case REST API call fails. + */ + AssertionChallengeResponse requestAssertionChallenge(AssertionChallengeRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException; + + /** + * Call the assertion challenge endpoint of FIDO2 service. + * + * @param applicationIds Application identifiers. + * @param externalId External identifier. + * @param operationType Operation type. + * @param parameters Parameters. + * @return Assertion challenge response. + * @throws PowerAuthClientException In case REST API call fails. + */ + AssertionChallengeResponse requestAssertionChallenge(List applicationIds, String externalId, String operationType, Map parameters) throws PowerAuthClientException; + + /** + * Call the authentication endpoint of FIDO2 service. + * + * @param request Assertion verification request. + * @return Assertion verification response. + * @throws PowerAuthClientException In case REST API call fails. + */ + AssertionVerificationResponse authenticate(AssertionVerificationRequest request) throws PowerAuthClientException; + + /** + * Call the authentication endpoint of FIDO2 service. + * + * @param request Assertion verification request. + * @param queryParams HTTP query parameters. + * @param httpHeaders HTTP headers. + * @return Assertion verification response. + * @throws PowerAuthClientException In case REST API call fails. + */ + AssertionVerificationResponse authenticate(AssertionVerificationRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException; + + /** + * Call the authentication endpoint of FIDO2 service. + * + * @param id Credential identifier. + * @param type Credential type. + * @param authenticatorAttachment Authenticator attachment. + * @param response Authenticator assertion response. + * @param applicationId Application identifier. + * @param relyingPartyId Relaying party identifier. + * @param allowedOrigins List of allowed origins. + * @param allowedTopOrigins List of allowed top origins. + * @param requiresUserVerification Whether user verification is required during authentication. + * @param expectedChallenge Expected challenge. + * @return Assertion verification response. + * @throws PowerAuthClientException In case REST API call fails. + */ + AssertionVerificationResponse authenticate(String id, String type, String authenticatorAttachment, AuthenticatorAssertionResponse response, + String applicationId, String relyingPartyId, List allowedOrigins, List allowedTopOrigins, + boolean requiresUserVerification, String expectedChallenge) throws PowerAuthClientException; + + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationObject.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationObject.java new file mode 100644 index 000000000..227cf24a8 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationObject.java @@ -0,0 +1,38 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import com.fasterxml.jackson.annotation.JsonIgnore; +import lombok.Data; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class AttestationObject { + + @JsonIgnore + private String encoded; + + private String fmt; + + private AuthenticatorData authData; + private AttestationStatement attStmt; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java new file mode 100644 index 000000000..bb85e8cb0 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java @@ -0,0 +1,33 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import com.wultra.security.powerauth.client.model.enumeration.fido2.SignatureAlgorithm; +import lombok.Data; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class AttestationStatement { + + private SignatureAlgorithm algorithm; + private byte[] signature; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestedCredentialData.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestedCredentialData.java new file mode 100644 index 000000000..f3caf2345 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestedCredentialData.java @@ -0,0 +1,33 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import lombok.Data; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class AttestedCredentialData { + + private byte[] aaguid; + private byte[] credentialId; + private PublicKeyObject publicKeyObject; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java new file mode 100644 index 000000000..621cd47ff --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java @@ -0,0 +1,39 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import jakarta.validation.constraints.NotEmpty; +import lombok.Data; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class AuthenticatorAssertionResponse { + + private CollectedClientData clientDataJSON; + + private AuthenticatorData authenticatorData; + + @NotEmpty + private byte[] signature; + + private String userHandle; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java new file mode 100644 index 000000000..fa9f9872c --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java @@ -0,0 +1,35 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import lombok.Data; + +import java.util.List; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class AuthenticatorAttestationResponse { + + private CollectedClientData clientDataJSON; + private AttestationObject attestationObject; + private List transports; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorData.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorData.java new file mode 100644 index 000000000..b68b8887a --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorData.java @@ -0,0 +1,42 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import com.fasterxml.jackson.annotation.JsonIgnore; +import jakarta.validation.constraints.NotEmpty; +import jakarta.validation.constraints.PositiveOrZero; +import lombok.Data; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class AuthenticatorData { + + @NotEmpty + @JsonIgnore + private byte[] encoded; + @NotEmpty + private byte[] rpIdHash; + private Flags flags = new Flags(); + @PositiveOrZero + private int signCount; + private AttestedCredentialData attestedCredentialData = new AttestedCredentialData(); + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorDetail.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorDetail.java new file mode 100644 index 000000000..f5b52c76d --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorDetail.java @@ -0,0 +1,52 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +/** + * Information about a registered authenticator. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class AuthenticatorDetail { + + private String userId; + private String activationId; + private String applicationId; + private String activationName; + private String externalId; + private ActivationStatus activationStatus; + private Map extras; + private String platform; + private String deviceInfo; + private String blockedReason; + private long failedAttempts; + private long maxFailedAttempts; + private List applicationRoles = new ArrayList<>(); + private List activationFlags = new ArrayList<>(); + private byte[] publicKeyBytes; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java new file mode 100644 index 000000000..4ca5d1d1e --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java @@ -0,0 +1,48 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * Data class representing the parameters obtained from the authenticator registration. + * + * @author Roman Strobl, roman.strobl@wulra.com + */ +@Data +public class AuthenticatorParameters { + + @NotBlank + private String id; + @NotBlank + private String type; + @NotBlank + private String authenticatorAttachment; + private AuthenticatorAttestationResponse response = new AuthenticatorAttestationResponse(); + @NotBlank + private String relyingPartyId; + private List allowedOrigins = new ArrayList<>(); + private List allowedTopOrigins = new ArrayList<>(); + private boolean requiresUserVerification; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/CollectedClientData.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/CollectedClientData.java new file mode 100644 index 000000000..7a89bfa0b --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/CollectedClientData.java @@ -0,0 +1,43 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import com.fasterxml.jackson.annotation.JsonIgnore; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotEmpty; +import lombok.Data; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class CollectedClientData { + + @NotEmpty + @JsonIgnore + private String encoded; + @NotBlank + private String type; + @NotEmpty + private String challenge; + @NotBlank + private String origin; + private String topOrigin; + private boolean crossOrigin; +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java new file mode 100644 index 000000000..8a402c8d4 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java @@ -0,0 +1,32 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import lombok.Data; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class EllipticCurvePoint { + + private byte[] x; + private byte[] y; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/Flags.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/Flags.java new file mode 100644 index 000000000..9e57170d2 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/Flags.java @@ -0,0 +1,38 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import lombok.Data; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class Flags { + + private boolean userPresent; + private boolean reservedBit2; + private boolean userVerified; + private boolean backupEligible; + private boolean backupState; + private boolean reservedBit6; + private boolean attestedCredentialsIncluded; + private boolean extensionDataIncluded; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/PublicKeyObject.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/PublicKeyObject.java new file mode 100644 index 000000000..08d453d15 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/PublicKeyObject.java @@ -0,0 +1,35 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import com.wultra.security.powerauth.client.model.enumeration.fido2.CurveType; +import com.wultra.security.powerauth.client.model.enumeration.fido2.SignatureAlgorithm; +import lombok.Data; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class PublicKeyObject { + + private SignatureAlgorithm algorithm; + private CurveType curveType; + private EllipticCurvePoint point; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/CurveType.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/CurveType.java new file mode 100644 index 000000000..9418febb4 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/CurveType.java @@ -0,0 +1,29 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.enumeration.fido2; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +public enum CurveType { + + P256, + UNKNOWN + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/SignatureAlgorithm.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/SignatureAlgorithm.java new file mode 100644 index 000000000..f405e0af0 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/SignatureAlgorithm.java @@ -0,0 +1,29 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.enumeration.fido2; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +public enum SignatureAlgorithm { + + ES256, + UNKNOWN + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java new file mode 100644 index 000000000..78cf11325 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java @@ -0,0 +1,44 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.request.fido2; + +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.NotEmpty; +import lombok.Data; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * Request for obtaining assertion challenge. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class AssertionChallengeRequest { + + @NotEmpty + private List<@NotBlank String> applicationIds; + private String externalId; + @NotBlank + private String operationType; + private Map parameters = new HashMap<>(); + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java new file mode 100644 index 000000000..6357face8 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java @@ -0,0 +1,52 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.request.fido2; + +import com.wultra.security.powerauth.client.model.entity.fido2.AuthenticatorAssertionResponse; +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * Request for validating an assertion. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class AssertionVerificationRequest { + + @NotBlank + private String id; + @NotBlank + private String type; + @NotBlank + private String authenticatorAttachment; + private AuthenticatorAssertionResponse response = new AuthenticatorAssertionResponse(); + @NotBlank + private String applicationId; + @NotBlank + private String relyingPartyId; + private List allowedOrigins = new ArrayList<>(); + private List allowedTopOrigins = new ArrayList<>(); + private boolean requiresUserVerification; + private String expectedChallenge; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegisteredAuthenticatorsRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegisteredAuthenticatorsRequest.java new file mode 100644 index 000000000..3a6a52d55 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegisteredAuthenticatorsRequest.java @@ -0,0 +1,37 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.request.fido2; + +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +/** + * Request for obtaining list of registered authenticators for given user. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class RegisteredAuthenticatorsRequest { + + @NotBlank + private String userId; + @NotBlank + private String applicationId; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationChallengeRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationChallengeRequest.java new file mode 100644 index 000000000..b23bb8b29 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationChallengeRequest.java @@ -0,0 +1,36 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.request.fido2; + +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +/** + * Request object for registration challenge. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class RegistrationChallengeRequest { + + @NotBlank + private String userId; + @NotBlank + private String applicationId; +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationRequest.java new file mode 100644 index 000000000..f4e52d4de --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationRequest.java @@ -0,0 +1,42 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.request.fido2; + +import com.wultra.security.powerauth.client.model.entity.fido2.AuthenticatorParameters; +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class RegistrationRequest { + + // Relying party parameters + @NotBlank + private String applicationId; + @NotBlank + private String activationName; + private String expectedChallenge; + + // Authenticator parameters + private AuthenticatorParameters authenticatorParameters; + + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionChallengeResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionChallengeResponse.java new file mode 100644 index 000000000..30442cd95 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionChallengeResponse.java @@ -0,0 +1,41 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2021 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.response.fido2; + +import lombok.Data; +import lombok.ToString; + +import java.util.List; + +/** + * Response for obtaining assertion challenge. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class AssertionChallengeResponse { + + private List applicationIds; + @ToString.Exclude + private String challenge; + private String userId; + private Long failedAttempts; + private Long maxFailedAttempts; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionVerificationResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionVerificationResponse.java new file mode 100644 index 000000000..d005ee2c5 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionVerificationResponse.java @@ -0,0 +1,45 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.response.fido2; + +import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * Response for the assertion verification. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class AssertionVerificationResponse { + + private boolean assertionValid; + private String userId; + private String activationId; + private String applicationId; + private ActivationStatus activationStatus; + private String blockedReason; + private long remainingAttempts; + private List applicationRoles = new ArrayList<>(); + private List activationFlags = new ArrayList<>(); + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegisteredAuthenticatorsResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegisteredAuthenticatorsResponse.java new file mode 100644 index 000000000..5e869c23d --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegisteredAuthenticatorsResponse.java @@ -0,0 +1,35 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.response.fido2; + +import com.wultra.security.powerauth.client.model.entity.fido2.AuthenticatorDetail; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class RegisteredAuthenticatorsResponse { + + private List authenticators = new ArrayList<>(); + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationChallengeResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationChallengeResponse.java new file mode 100644 index 000000000..e8b80d07f --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationChallengeResponse.java @@ -0,0 +1,34 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.response.fido2; + +import lombok.Data; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class RegistrationChallengeResponse { + + private String activationId; + private String applicationId; + private String challenge; + private String userId; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationResponse.java new file mode 100644 index 000000000..d09e0040c --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationResponse.java @@ -0,0 +1,50 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.response.fido2; + +import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +/** + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class RegistrationResponse { + + private String userId; + private String activationId; + private String applicationId; + private String externalId; + private String activationName; + private ActivationStatus activationStatus; + private Map extras; + private String platform; + private String deviceInfo; + private String blockedReason; + private long failedAttempts; + private long maxFailedAttempts; + private List applicationRoles = new ArrayList<>(); + private List activationFlags = new ArrayList<>(); + private byte[] publicKeyBytes; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java index 6b8b5f573..b2eff2c08 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java @@ -19,7 +19,7 @@ import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; -import com.wultra.powerauth.fido2.rest.model.request.AssertionRequest; +import com.wultra.powerauth.fido2.rest.model.request.AssertionVerificationRequest; import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; import com.wultra.powerauth.fido2.rest.model.response.AssertionVerificationResponse; import com.wultra.powerauth.fido2.rest.model.validator.AssertionRequestValidator; @@ -43,7 +43,7 @@ */ @Validated @RestController -@RequestMapping("assertions") +@RequestMapping("fido2/assertions") @Slf4j @Tag(name = "FIDO2 Assertions Controller") public class AssertionController { @@ -65,8 +65,8 @@ public ObjectResponse requestAssertionChallenge(@Val } @PostMapping - public ObjectResponse authenticate(@Valid @RequestBody ObjectRequest request) throws Fido2AuthenticationFailedException { - final AssertionRequest requestObject = request.getRequestObject(); + public ObjectResponse authenticate(@Valid @RequestBody ObjectRequest request) throws Fido2AuthenticationFailedException { + final AssertionVerificationRequest requestObject = request.getRequestObject(); final String error = assertionRequestValidator.validate(requestObject); if (error != null) { throw new Fido2AuthenticationFailedException(error); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java index 69c4817e6..a219a0870 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java @@ -44,7 +44,7 @@ */ @Validated @RestController -@RequestMapping("registrations") +@RequestMapping("fido2/registrations") @Slf4j @Tag(name = "FIDO2 Registration Controller") public class RegistrationController { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java similarity index 97% rename from powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionRequest.java rename to powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java index a67618d2b..bea3f8e2c 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java @@ -29,7 +29,7 @@ * @author Petr Dvorak, petr@wultra.com */ @Data -public class AssertionRequest { +public class AssertionVerificationRequest { @NotBlank private String id; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegisteredAuthenticatorsRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegisteredAuthenticatorsRequest.java index 3a742b537..6a2f83a3d 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegisteredAuthenticatorsRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegisteredAuthenticatorsRequest.java @@ -18,6 +18,7 @@ package com.wultra.powerauth.fido2.rest.model.request; +import jakarta.validation.constraints.NotBlank; import lombok.Data; /** @@ -28,7 +29,9 @@ @Data public class RegisteredAuthenticatorsRequest { - private String applicationId; + @NotBlank private String userId; + @NotBlank + private String applicationId; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java index 5334ba035..b235b4ab7 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java @@ -20,7 +20,7 @@ import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; import com.wultra.powerauth.fido2.rest.model.entity.CollectedClientData; -import com.wultra.powerauth.fido2.rest.model.request.AssertionRequest; +import com.wultra.powerauth.fido2.rest.model.request.AssertionVerificationRequest; import io.getlime.security.powerauth.crypto.lib.util.Hash; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -37,7 +37,7 @@ @Slf4j public class AssertionRequestValidator { - public String validate(AssertionRequest request) { + public String validate(AssertionVerificationRequest request) { if (request == null || request.getResponse() == null || request.getResponse().getClientDataJSON() == null diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index eab7b88c1..05a766464 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -25,7 +25,7 @@ import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; -import com.wultra.powerauth.fido2.rest.model.request.AssertionRequest; +import com.wultra.powerauth.fido2.rest.model.request.AssertionVerificationRequest; import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; import com.wultra.powerauth.fido2.rest.model.response.AssertionVerificationResponse; import com.wultra.powerauth.fido2.service.provider.AssertionProvider; @@ -82,7 +82,7 @@ public AssertionChallengeResponse requestAssertionChallenge(AssertionChallengeRe * @param request Request with assertion. * @throws Fido2AuthenticationFailedException In case authentication fails. */ - public AssertionVerificationResponse authenticate(AssertionRequest request) throws Fido2AuthenticationFailedException { + public AssertionVerificationResponse authenticate(AssertionVerificationRequest request) throws Fido2AuthenticationFailedException { try { final AuthenticatorAssertionResponse response = request.getResponse(); final String applicationId = request.getApplicationId(); diff --git a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java new file mode 100644 index 000000000..553f2441d --- /dev/null +++ b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java @@ -0,0 +1,258 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ +package com.wultra.security.powerauth.rest.client; + +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.wultra.core.rest.client.base.DefaultRestClient; +import com.wultra.core.rest.client.base.RestClient; +import com.wultra.core.rest.client.base.RestClientException; +import com.wultra.security.powerauth.client.PowerAuthFido2Client; +import com.wultra.security.powerauth.client.model.entity.fido2.AuthenticatorAssertionResponse; +import com.wultra.security.powerauth.client.model.entity.fido2.AuthenticatorParameters; +import com.wultra.security.powerauth.client.model.error.PowerAuthClientException; +import com.wultra.security.powerauth.client.model.error.PowerAuthError; +import com.wultra.security.powerauth.client.model.request.fido2.*; +import com.wultra.security.powerauth.client.model.response.InitActivationResponse; +import com.wultra.security.powerauth.client.model.response.fido2.*; +import io.getlime.core.rest.model.base.request.ObjectRequest; +import io.getlime.core.rest.model.base.response.ObjectResponse; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.HttpStatus; +import org.springframework.util.LinkedMultiValueMap; +import org.springframework.util.MultiValueMap; + +import java.io.IOException; +import java.util.List; +import java.util.Map; + +/** + * Class implementing a PowerAuth REST client. + * + * @author Roman Strobl, roman.strobl@wultra.com + * + */ +public class PowerAuthFido2RestClient implements PowerAuthFido2Client { + + private static final Logger logger = LoggerFactory.getLogger(PowerAuthFido2RestClient.class); + + private static final String PA_REST_FIDO2_PREFIX = "/fido2"; + private static final MultiValueMap EMPTY_MULTI_MAP = new LinkedMultiValueMap<>(); + + private final RestClient restClient; + private final ObjectMapper objectMapper = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + + /** + * PowerAuth REST client constructor. + * + * @param baseUrl BASE URL of REST endpoints. + */ + public PowerAuthFido2RestClient(String baseUrl) throws PowerAuthClientException { + this(baseUrl, new PowerAuthRestClientConfiguration()); + } + + /** + * PowerAuth REST client constructor. + * + * @param baseUrl Base URL of REST endpoints. + */ + public PowerAuthFido2RestClient(String baseUrl, PowerAuthRestClientConfiguration config) throws PowerAuthClientException { + final DefaultRestClient.Builder builder = DefaultRestClient.builder().baseUrl(baseUrl) + .acceptInvalidCertificate(config.getAcceptInvalidSslCertificate()) + .connectionTimeout(config.getConnectTimeout()) + .maxInMemorySize(config.getMaxMemorySize()); + if (config.isProxyEnabled()) { + final DefaultRestClient.ProxyBuilder proxyBuilder = builder.proxy().host(config.getProxyHost()).port(config.getProxyPort()); + if (config.getProxyUsername() != null) { + proxyBuilder.username(config.getProxyUsername()).password(config.getProxyPassword()); + } + proxyBuilder.build(); + } + if (config.getPowerAuthClientToken() != null) { + builder.httpBasicAuth().username(config.getPowerAuthClientToken()).password(config.getPowerAuthClientSecret()).build(); + } + if (config.getDefaultHttpHeaders() != null) { + builder.defaultHttpHeaders(config.getDefaultHttpHeaders()); + } + if (config.getFilter() != null) { + builder.filter(config.getFilter()); + } + try { + restClient = builder.build(); + } catch (RestClientException ex) { + throw new PowerAuthClientException("REST client initialization failed, error: " + ex.getMessage(), ex); + } + } + + /** + * Call the PowerAuth FIDO2 API. + * + * @param path Path of the endpoint. + * @param request Request object. + * @param queryParams HTTP query parameters. + * @param httpHeaders HTTP headers. + * @param responseType Response type. + * @return Response. + */ + private T callFido2RestApi(String path, Object request, MultiValueMap queryParams, MultiValueMap httpHeaders, Class responseType) throws PowerAuthClientException { + final ObjectRequest objectRequest = new ObjectRequest<>(request); + try { + final ObjectResponse objectResponse = restClient.postObject(PA_REST_FIDO2_PREFIX + path, objectRequest, queryParams, httpHeaders, responseType); + return objectResponse.getResponseObject(); + } catch (RestClientException ex) { + if (ex.getStatusCode() == null) { + // Logging for network errors when port is closed + logger.warn("PowerAuth FIDO2 service is not accessible, error: {}", ex.getMessage()); + logger.debug(ex.getMessage(), ex); + } else if (ex.getStatusCode() == HttpStatus.NOT_FOUND) { + // Logging for 404 errors + logger.warn("PowerAuth FIDO2 service is not available, error: {}", ex.getMessage()); + logger.debug(ex.getMessage(), ex); + } else if (ex.getStatusCode() == HttpStatus.BAD_REQUEST) { + // Error handling for PowerAuth errors + handleBadRequestError(ex); + } + // Error handling for generic HTTP errors + throw new PowerAuthClientException(ex.getMessage(), ex); + } + } + + /** + * Handle the HTTP response with BAD_REQUEST status code. + * @param ex Exception which captured the error. + * @throws PowerAuthClientException PowerAuth client exception. + */ + private void handleBadRequestError(RestClientException ex) throws PowerAuthClientException { + // Try to parse exception into PowerAuthError model class + try { + final TypeReference> typeReference = new TypeReference<>(){}; + final ObjectResponse error = objectMapper.readValue(ex.getResponse(), typeReference); + if (error == null || error.getResponseObject() == null) { + throw new PowerAuthClientException("Invalid response object"); + } + throw new PowerAuthClientException(error.getResponseObject().getMessage(), ex, error.getResponseObject()); + } catch (IOException ex2) { + // Parsing failed, return a regular error + throw new PowerAuthClientException(ex.getMessage(), ex); + } + } + + @Override + public RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request) throws Exception { + return callFido2RestApi("/registrations/list", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, RegisteredAuthenticatorsResponse.class); + } + + @Override + public RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception { + return callFido2RestApi("/registrations/list", request, queryParams, httpHeaders, RegisteredAuthenticatorsResponse.class); + } + + @Override + public RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(String userId, String applicationId) throws Exception { + final RegisteredAuthenticatorsRequest request = new RegisteredAuthenticatorsRequest(); + request.setUserId(userId); + request.setApplicationId(applicationId); + return callFido2RestApi("/registrations/list", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, RegisteredAuthenticatorsResponse.class); + } + + @Override + public RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request) throws Exception { + return callFido2RestApi("/registrations/challenge", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, RegistrationChallengeResponse.class); + } + + @Override + public RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception { + return callFido2RestApi("/registrations/challenge", request, queryParams, httpHeaders, RegistrationChallengeResponse.class); + } + + @Override + public RegistrationChallengeResponse requestRegistrationChallenge(String userId, String applicationId) throws Exception { + final RegistrationChallengeRequest request = new RegistrationChallengeRequest(); + request.setUserId(userId); + request.setApplicationId(applicationId); + return callFido2RestApi("/registrations/challenge", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, RegistrationChallengeResponse.class); + } + + @Override + public RegistrationResponse register(RegistrationRequest request) throws Exception { + return callFido2RestApi("/registrations", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, RegistrationResponse.class); + } + + @Override + public RegistrationResponse register(RegistrationRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception { + return callFido2RestApi("/registrations", request, queryParams, httpHeaders, RegistrationResponse.class); + } + + @Override + public RegistrationResponse register(String applicationId, String activationName, String expectedChallenge, AuthenticatorParameters authenticatorParameters) throws Exception { + RegistrationRequest request = new RegistrationRequest(); + request.setApplicationId(applicationId); + request.setActivationName(activationName); + request.setExpectedChallenge(expectedChallenge); + request.setAuthenticatorParameters(authenticatorParameters); + return callFido2RestApi("/registrations", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, RegistrationResponse.class); + } + + @Override + public AssertionChallengeResponse requestAssertionChallenge(AssertionChallengeRequest request) throws PowerAuthClientException { + return callFido2RestApi("/assertions/challenge", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, AssertionChallengeResponse.class); + } + + @Override + public AssertionChallengeResponse requestAssertionChallenge(AssertionChallengeRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException { + return callFido2RestApi("/assertions/challenge", request, queryParams, httpHeaders, AssertionChallengeResponse.class); + } + + @Override + public AssertionChallengeResponse requestAssertionChallenge(List applicationIds, String externalId, String operationType, Map parameters) throws PowerAuthClientException { + final AssertionChallengeRequest request = new AssertionChallengeRequest(); + return callFido2RestApi("/assertions/challenge", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, AssertionChallengeResponse.class); + } + + @Override + public AssertionVerificationResponse authenticate(AssertionVerificationRequest request) throws PowerAuthClientException { + return callFido2RestApi("/assertions", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, AssertionVerificationResponse.class); + } + + @Override + public AssertionVerificationResponse authenticate(AssertionVerificationRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException { + return callFido2RestApi("/assertions", request, queryParams, httpHeaders, AssertionVerificationResponse.class); + } + + @Override + public AssertionVerificationResponse authenticate(String id, String type, String authenticatorAttachment, AuthenticatorAssertionResponse response, + String applicationId, String relyingPartyId, List allowedOrigins, List allowedTopOrigins, + boolean requiresUserVerification, String expectedChallenge) throws PowerAuthClientException { + final AssertionVerificationRequest request = new AssertionVerificationRequest(); + request.setId(id); + request.setType(type); + request.setAuthenticatorAttachment(authenticatorAttachment); + request.setResponse(response); + request.setApplicationId(applicationId); + request.setRelyingPartyId(relyingPartyId); + request.setAllowedOrigins(allowedOrigins); + request.setAllowedTopOrigins(allowedTopOrigins); + request.setRequiresUserVerification(requiresUserVerification); + request.setExpectedChallenge(expectedChallenge); + return callFido2RestApi("/assertions", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, AssertionVerificationResponse.class); + } + +} diff --git a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClientConfiguration.java b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClientConfiguration.java new file mode 100644 index 000000000..668bbf4b3 --- /dev/null +++ b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClientConfiguration.java @@ -0,0 +1,241 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ +package com.wultra.security.powerauth.rest.client; + +import org.springframework.http.HttpHeaders; +import org.springframework.web.reactive.function.client.ExchangeFilterFunction; + +import java.time.Duration; + +/** + * Configuration of PowerAuth FIDO2 REST client. + * + * @author Roman Strobl, roman.strobl@wultra.com + * + */ +public class PowerAuthFido2RestClientConfiguration { + + // Use 1 MB as default maximum memory size + private int maxMemorySize = 1024 * 1024; + // Use 5 seconds as default connect timeout + private Duration connectTimeout = Duration.ofMillis(5000); + private boolean proxyEnabled = false; + private String proxyHost; + private int proxyPort; + private String proxyUsername; + private String proxyPassword; + private String powerAuthClientToken; + private String powerAuthClientSecret; + private boolean acceptInvalidSslCertificate; + private HttpHeaders defaultHttpHeaders; + private ExchangeFilterFunction filter; + + /** + * Get maximum memory size for HTTP requests in bytes. + * @return Maximum memory size for HTTP requests in bytes. + */ + public int getMaxMemorySize() { + return maxMemorySize; + } + + /** + * Set maximum memory size for HTTP requests in bytes. + * @param maxMemorySize Maximum memory size for HTTP requests in bytes. + */ + public void setMaxMemorySize(int maxMemorySize) { + this.maxMemorySize = maxMemorySize; + } + + /** + * Get connection timeout as a Duration. + * @return Connection timeout as a Duration. + */ + public Duration getConnectTimeout() { + return connectTimeout; + } + + /** + * Set connection timeout as a Duration. + * @param connectTimeout Connection timeout as a Duration. + */ + public void setConnectTimeout(Duration connectTimeout) { + this.connectTimeout = connectTimeout; + } + + /** + * Get whether HTTP proxy is enabled. + * @return Whether HTTP proxy is enabled. + */ + public boolean isProxyEnabled() { + return proxyEnabled; + } + + /** + * Set whether HTTP proxy is enabled. + * @param proxyEnabled Whether HTTP proxy is enabled. + */ + public void setProxyEnabled(boolean proxyEnabled) { + this.proxyEnabled = proxyEnabled; + } + + /** + * Get proxy host. + * @return Proxy host. + */ + public String getProxyHost() { + return proxyHost; + } + + /** + * Set proxy host. + * @param proxyHost Proxy host. + */ + public void setProxyHost(String proxyHost) { + this.proxyHost = proxyHost; + } + + /** + * Get proxy port. + * @return Proxy port. + */ + public int getProxyPort() { + return proxyPort; + } + + /** + * Set proxy port. + * @param proxyPort Proxy port. + */ + public void setProxyPort(int proxyPort) { + this.proxyPort = proxyPort; + } + + /** + * Get proxy username. + * @return Proxy username. + */ + public String getProxyUsername() { + return proxyUsername; + } + + /** + * Set proxy username. + * @param proxyUsername Proxy username.s + */ + public void setProxyUsername(String proxyUsername) { + this.proxyUsername = proxyUsername; + } + + /** + * Get proxy password. + * @return Proxy password. + */ + public String getProxyPassword() { + return proxyPassword; + } + + /** + * Set proxy password. + * @param proxyPassword Proxy password. + */ + public void setProxyPassword(String proxyPassword) { + this.proxyPassword = proxyPassword; + } + + /** + * Get HTTP basic authentication username. + * @return HTTP basic authentication username. + */ + public String getPowerAuthClientToken() { + return powerAuthClientToken; + } + + /** + * Set HTTP basic authentication username. + * @param powerAuthClientToken HTTP basic authentication username. + */ + public void setPowerAuthClientToken(String powerAuthClientToken) { + this.powerAuthClientToken = powerAuthClientToken; + } + + /** + * Get HTTP basic authentication password. + * @return HTTP basic authentication password. + */ + public String getPowerAuthClientSecret() { + return powerAuthClientSecret; + } + + /** + * Set HTTP basic authentication password. + * @param powerAuthClientSecret HTTP basic authentication password. + */ + public void setPowerAuthClientSecret(String powerAuthClientSecret) { + this.powerAuthClientSecret = powerAuthClientSecret; + } + + /** + * Get whether SSL certificate errors are ignored. + * @return Whether SSL certificate errors are ignored. + */ + public boolean getAcceptInvalidSslCertificate() { + return acceptInvalidSslCertificate; + } + + /** + * Set whether SSL certificate errors are ignored. + * @param acceptInvalidSslCertificate Whether SSL certificate errors are ignored. + */ + public void setAcceptInvalidSslCertificate(boolean acceptInvalidSslCertificate) { + this.acceptInvalidSslCertificate = acceptInvalidSslCertificate; + } + + /** + * Get default HTTP headers. + * @return Default HTTP headers. + */ + public HttpHeaders getDefaultHttpHeaders() { + return defaultHttpHeaders; + } + + /** + * Set default HTTP headers. + * @param defaultHttpHeaders Default HTTP headers. + */ + public void setDefaultHttpHeaders(HttpHeaders defaultHttpHeaders) { + this.defaultHttpHeaders = defaultHttpHeaders; + } + + /** + * Get exchange filter function. + * @return Exchange filter function. + */ + public ExchangeFilterFunction getFilter() { + return filter; + } + + /** + * Set exchange filter function. + * @param filter Exchange filter function. + */ + public void setFilter(ExchangeFilterFunction filter) { + this.filter = filter; + } + +} From 971c6611978c9eaa8ae7ba4e4ea26e816dbed0ca Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Wed, 15 Nov 2023 14:24:25 +0100 Subject: [PATCH 019/146] Fix issues found in pull request review --- .../client/PowerAuthFido2Client.java | 36 +++++++++---------- .../fido2/RegistrationChallengeResponse.java | 2 ++ .../rest/client/PowerAuthFido2RestClient.java | 18 +++++----- 3 files changed, 29 insertions(+), 27 deletions(-) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java index 22b60bbcf..8406c2f6f 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java @@ -40,9 +40,9 @@ public interface PowerAuthFido2Client { * * @param request Registered authenticator list request. * @return Registered authenticator list response. - * @throws Exception In case REST API call fails. + * @throws PowerAuthClientException In case REST API call fails. */ - RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request) throws Exception; + RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request) throws PowerAuthClientException; /** * Get list of registered authenticators for a user. @@ -51,9 +51,9 @@ public interface PowerAuthFido2Client { * @param queryParams HTTP query parameters. * @param httpHeaders HTTP headers. * @return Registered authenticator list response. - * @throws Exception In case REST API call fails. + * @throws PowerAuthClientException In case REST API call fails. */ - RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception; + RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException; /** * Get list of registered authenticators for a user. @@ -61,18 +61,18 @@ public interface PowerAuthFido2Client { * @param userId User identifier. * @param applicationId Application identifier. * @return Registered authenticator list response. - * @throws Exception In case REST API call fails. + * @throws PowerAuthClientException In case REST API call fails. */ - RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(String userId, String applicationId) throws Exception; + RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(String userId, String applicationId) throws PowerAuthClientException; /** * Request a registration challenge. * * @param request Registration challenge request. * @return Registration challenge response. - * @throws Exception In case REST API call fails. + * @throws PowerAuthClientException In case REST API call fails. */ - RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request) throws Exception; + RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request) throws PowerAuthClientException; /** * Request a registration challenge. @@ -81,9 +81,9 @@ public interface PowerAuthFido2Client { * @param queryParams HTTP query parameters. * @param httpHeaders HTTP headers. * @return Registration challenge response. - * @throws Exception In case REST API call fails. + * @throws PowerAuthClientException In case REST API call fails. */ - RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception; + RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException; /** * Request a registration challenge. @@ -91,25 +91,25 @@ public interface PowerAuthFido2Client { * @param userId User identifier. * @param applicationId Application identifier. * @return Registration challenge response. - * @throws Exception In case REST API call fails. + * @throws PowerAuthClientException In case REST API call fails. */ - RegistrationChallengeResponse requestRegistrationChallenge(String userId, String applicationId) throws Exception; + RegistrationChallengeResponse requestRegistrationChallenge(String userId, String applicationId) throws PowerAuthClientException; /** * @param request Registration request. * @return Registration response. - * @throws Exception In case REST API call fails. + * @throws PowerAuthClientException In case REST API call fails. */ - RegistrationResponse register(RegistrationRequest request) throws Exception; + RegistrationResponse register(RegistrationRequest request) throws PowerAuthClientException; /** * @param request Registration request. * @param queryParams HTTP query parameters. * @param httpHeaders HTTP headers. * @return Registration response. - * @throws Exception In case REST API call fails. + * @throws PowerAuthClientException In case REST API call fails. */ - RegistrationResponse register(RegistrationRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception; + RegistrationResponse register(RegistrationRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException; /** * @param applicationId Application identifier. @@ -118,9 +118,9 @@ public interface PowerAuthFido2Client { * @param authenticatorParameters Authenticator parameters. * * @return Registration response. - * @throws Exception In case REST API call fails. + * @throws PowerAuthClientException In case REST API call fails. */ - RegistrationResponse register(String applicationId, String activationName, String expectedChallenge, AuthenticatorParameters authenticatorParameters) throws Exception; + RegistrationResponse register(String applicationId, String activationName, String expectedChallenge, AuthenticatorParameters authenticatorParameters) throws PowerAuthClientException; /** * Call the assertion challenge endpoint of FIDO2 service. diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationChallengeResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationChallengeResponse.java index e8b80d07f..d8dcfa55f 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationChallengeResponse.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationChallengeResponse.java @@ -19,6 +19,7 @@ package com.wultra.security.powerauth.client.model.response.fido2; import lombok.Data; +import lombok.ToString; /** * @author Roman Strobl, roman.strobl@wultra.com @@ -28,6 +29,7 @@ public class RegistrationChallengeResponse { private String activationId; private String applicationId; + @ToString.Exclude private String challenge; private String userId; diff --git a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java index 553f2441d..3fda9e846 100644 --- a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java +++ b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java @@ -156,17 +156,17 @@ private void handleBadRequestError(RestClientException ex) throws PowerAuthClien } @Override - public RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request) throws Exception { + public RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request) throws PowerAuthClientException { return callFido2RestApi("/registrations/list", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, RegisteredAuthenticatorsResponse.class); } @Override - public RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception { + public RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(RegisteredAuthenticatorsRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException { return callFido2RestApi("/registrations/list", request, queryParams, httpHeaders, RegisteredAuthenticatorsResponse.class); } @Override - public RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(String userId, String applicationId) throws Exception { + public RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(String userId, String applicationId) throws PowerAuthClientException { final RegisteredAuthenticatorsRequest request = new RegisteredAuthenticatorsRequest(); request.setUserId(userId); request.setApplicationId(applicationId); @@ -174,17 +174,17 @@ public RegisteredAuthenticatorsResponse getRegisteredAuthenticatorList(String us } @Override - public RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request) throws Exception { + public RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request) throws PowerAuthClientException { return callFido2RestApi("/registrations/challenge", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, RegistrationChallengeResponse.class); } @Override - public RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception { + public RegistrationChallengeResponse requestRegistrationChallenge(RegistrationChallengeRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException { return callFido2RestApi("/registrations/challenge", request, queryParams, httpHeaders, RegistrationChallengeResponse.class); } @Override - public RegistrationChallengeResponse requestRegistrationChallenge(String userId, String applicationId) throws Exception { + public RegistrationChallengeResponse requestRegistrationChallenge(String userId, String applicationId) throws PowerAuthClientException { final RegistrationChallengeRequest request = new RegistrationChallengeRequest(); request.setUserId(userId); request.setApplicationId(applicationId); @@ -192,17 +192,17 @@ public RegistrationChallengeResponse requestRegistrationChallenge(String userId, } @Override - public RegistrationResponse register(RegistrationRequest request) throws Exception { + public RegistrationResponse register(RegistrationRequest request) throws PowerAuthClientException { return callFido2RestApi("/registrations", request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP, RegistrationResponse.class); } @Override - public RegistrationResponse register(RegistrationRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws Exception { + public RegistrationResponse register(RegistrationRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException { return callFido2RestApi("/registrations", request, queryParams, httpHeaders, RegistrationResponse.class); } @Override - public RegistrationResponse register(String applicationId, String activationName, String expectedChallenge, AuthenticatorParameters authenticatorParameters) throws Exception { + public RegistrationResponse register(String applicationId, String activationName, String expectedChallenge, AuthenticatorParameters authenticatorParameters) throws PowerAuthClientException { RegistrationRequest request = new RegistrationRequest(); request.setApplicationId(applicationId); request.setActivationName(activationName); From 9dcec5444f6a32d671cf51c155dd78d48e6f2905 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Wed, 15 Nov 2023 16:38:21 +0100 Subject: [PATCH 020/146] Exclude sensitive parameters from toString, add JavaDoc --- .../security/powerauth/client/PowerAuthFido2Client.java | 6 ++++++ .../client/model/entity/fido2/AttestationStatement.java | 2 ++ .../model/entity/fido2/AuthenticatorAssertionResponse.java | 2 ++ .../client/model/entity/fido2/EllipticCurvePoint.java | 3 +++ 4 files changed, 13 insertions(+) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java index 8406c2f6f..cd182ee64 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthFido2Client.java @@ -96,6 +96,8 @@ public interface PowerAuthFido2Client { RegistrationChallengeResponse requestRegistrationChallenge(String userId, String applicationId) throws PowerAuthClientException; /** + * Register a FIDO2 authenticator. + * * @param request Registration request. * @return Registration response. * @throws PowerAuthClientException In case REST API call fails. @@ -103,6 +105,8 @@ public interface PowerAuthFido2Client { RegistrationResponse register(RegistrationRequest request) throws PowerAuthClientException; /** + * Register a FIDO2 authenticator. + * * @param request Registration request. * @param queryParams HTTP query parameters. * @param httpHeaders HTTP headers. @@ -112,6 +116,8 @@ public interface PowerAuthFido2Client { RegistrationResponse register(RegistrationRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException; /** + * Register a FIDO2 authenticator. + * * @param applicationId Application identifier. * @param activationName Activation name. * @param expectedChallenge Expected challenge. diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java index bb85e8cb0..15f93698d 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java @@ -20,6 +20,7 @@ import com.wultra.security.powerauth.client.model.enumeration.fido2.SignatureAlgorithm; import lombok.Data; +import lombok.ToString; /** * @author Roman Strobl, roman.strobl@wultra.com @@ -28,6 +29,7 @@ public class AttestationStatement { private SignatureAlgorithm algorithm; + @ToString.Exclude private byte[] signature; } diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java index 621cd47ff..304bbf4de 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java @@ -20,6 +20,7 @@ import jakarta.validation.constraints.NotEmpty; import lombok.Data; +import lombok.ToString; /** * @author Roman Strobl, roman.strobl@wultra.com @@ -32,6 +33,7 @@ public class AuthenticatorAssertionResponse { private AuthenticatorData authenticatorData; @NotEmpty + @ToString.Exclude private byte[] signature; private String userHandle; diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java index 8a402c8d4..cd6453293 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java @@ -19,6 +19,7 @@ package com.wultra.security.powerauth.client.model.entity.fido2; import lombok.Data; +import lombok.ToString; /** * @author Roman Strobl, roman.strobl@wultra.com @@ -26,7 +27,9 @@ @Data public class EllipticCurvePoint { + @ToString.Exclude private byte[] x; + @ToString.Exclude private byte[] y; } From b0536139ab9647fa694e438cfadf3434a7a82850 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Sun, 19 Nov 2023 18:31:25 +0100 Subject: [PATCH 021/146] Fix #1142: FIDO2: Add handling for compressed / uncompressed EC keys --- .../serialization/AuthenticatorDataDeserializer.java | 7 +++++++ .../fido2/rest/model/entity/PublicKeyObject.java | 2 ++ .../powerauth/fido2/rest/model/enumeration/ECKeyType.java | 8 ++++---- 3 files changed, 13 insertions(+), 4 deletions(-) rename powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/CurveType.java => powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java (87%) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java index f6588489e..4d07b2e8a 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java @@ -29,6 +29,7 @@ import com.wultra.powerauth.fido2.rest.model.entity.Flags; import com.wultra.powerauth.fido2.rest.model.entity.PublicKeyObject; import com.wultra.powerauth.fido2.rest.model.enumeration.CurveType; +import com.wultra.powerauth.fido2.rest.model.enumeration.ECKeyType; import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -127,6 +128,12 @@ public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationConte } else { throw new RuntimeException("Unsupported curve type: " + curveType); } + final Integer keyType = (Integer) credentialPublicKeyMap.get("1"); + if (keyType != null && 2 == keyType) { + publicKeyObject.setKeyType(ECKeyType.UNCOMPRESSED); + } else { + throw new RuntimeException("Unsupported key type: " + keyType); + } final byte[] xBytes = (byte[]) credentialPublicKeyMap.get("-2"); final byte[] yBytes = (byte[]) credentialPublicKeyMap.get("-3"); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java index 60e0f20d6..c34a075e2 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java @@ -19,6 +19,7 @@ package com.wultra.powerauth.fido2.rest.model.entity; import com.wultra.powerauth.fido2.rest.model.enumeration.CurveType; +import com.wultra.powerauth.fido2.rest.model.enumeration.ECKeyType; import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; import lombok.Data; @@ -30,6 +31,7 @@ public class PublicKeyObject { private SignatureAlgorithm algorithm; private CurveType curveType; + private ECKeyType keyType; private EllipticCurvePoint point; } diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/CurveType.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java similarity index 87% rename from powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/CurveType.java rename to powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java index 9418febb4..a4f8851ea 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/CurveType.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java @@ -16,14 +16,14 @@ * along with this program. If not, see . */ -package com.wultra.security.powerauth.client.model.enumeration.fido2; +package com.wultra.powerauth.fido2.rest.model.enumeration; /** * @author Roman Strobl, roman.strobl@wultra.com */ -public enum CurveType { +public enum ECKeyType { - P256, - UNKNOWN + COMPRESSED, + UNCOMPRESSED } From 81d66340cf9fbba67154db1a4043af27da3e67cd Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Sun, 19 Nov 2023 18:32:41 +0100 Subject: [PATCH 022/146] Simplify request model classes --- .../model/entity/fido2/AttestationObject.java | 38 ---------------- .../entity/fido2/AttestationStatement.java | 35 --------------- .../entity/fido2/AttestedCredentialData.java | 33 -------------- .../fido2/AuthenticatorAssertionResponse.java | 4 +- .../AuthenticatorAttestationResponse.java | 4 +- .../model/entity/fido2/AuthenticatorData.java | 42 ------------------ .../entity/fido2/CollectedClientData.java | 43 ------------------- .../entity/fido2/EllipticCurvePoint.java | 35 --------------- .../client/model/entity/fido2/Flags.java | 38 ---------------- .../model/entity/fido2/PublicKeyObject.java | 35 --------------- .../enumeration/fido2/SignatureAlgorithm.java | 29 ------------- 11 files changed, 4 insertions(+), 332 deletions(-) delete mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationObject.java delete mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java delete mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestedCredentialData.java delete mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorData.java delete mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/CollectedClientData.java delete mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java delete mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/Flags.java delete mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/PublicKeyObject.java delete mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/SignatureAlgorithm.java diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationObject.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationObject.java deleted file mode 100644 index 227cf24a8..000000000 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationObject.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.security.powerauth.client.model.entity.fido2; - -import com.fasterxml.jackson.annotation.JsonIgnore; -import lombok.Data; - -/** - * @author Roman Strobl, roman.strobl@wultra.com - */ -@Data -public class AttestationObject { - - @JsonIgnore - private String encoded; - - private String fmt; - - private AuthenticatorData authData; - private AttestationStatement attStmt; - -} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java deleted file mode 100644 index 15f93698d..000000000 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestationStatement.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.security.powerauth.client.model.entity.fido2; - -import com.wultra.security.powerauth.client.model.enumeration.fido2.SignatureAlgorithm; -import lombok.Data; -import lombok.ToString; - -/** - * @author Roman Strobl, roman.strobl@wultra.com - */ -@Data -public class AttestationStatement { - - private SignatureAlgorithm algorithm; - @ToString.Exclude - private byte[] signature; - -} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestedCredentialData.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestedCredentialData.java deleted file mode 100644 index f3caf2345..000000000 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AttestedCredentialData.java +++ /dev/null @@ -1,33 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.security.powerauth.client.model.entity.fido2; - -import lombok.Data; - -/** - * @author Roman Strobl, roman.strobl@wultra.com - */ -@Data -public class AttestedCredentialData { - - private byte[] aaguid; - private byte[] credentialId; - private PublicKeyObject publicKeyObject; - -} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java index 304bbf4de..7e7116c5d 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java @@ -28,9 +28,9 @@ @Data public class AuthenticatorAssertionResponse { - private CollectedClientData clientDataJSON; + private String clientDataJSON; - private AuthenticatorData authenticatorData; + private String authenticatorData; @NotEmpty @ToString.Exclude diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java index fa9f9872c..cca330fc7 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java @@ -28,8 +28,8 @@ @Data public class AuthenticatorAttestationResponse { - private CollectedClientData clientDataJSON; - private AttestationObject attestationObject; + private String clientDataJSON; + private String attestationObject; private List transports; } diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorData.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorData.java deleted file mode 100644 index b68b8887a..000000000 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorData.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.security.powerauth.client.model.entity.fido2; - -import com.fasterxml.jackson.annotation.JsonIgnore; -import jakarta.validation.constraints.NotEmpty; -import jakarta.validation.constraints.PositiveOrZero; -import lombok.Data; - -/** - * @author Roman Strobl, roman.strobl@wultra.com - */ -@Data -public class AuthenticatorData { - - @NotEmpty - @JsonIgnore - private byte[] encoded; - @NotEmpty - private byte[] rpIdHash; - private Flags flags = new Flags(); - @PositiveOrZero - private int signCount; - private AttestedCredentialData attestedCredentialData = new AttestedCredentialData(); - -} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/CollectedClientData.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/CollectedClientData.java deleted file mode 100644 index 7a89bfa0b..000000000 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/CollectedClientData.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.security.powerauth.client.model.entity.fido2; - -import com.fasterxml.jackson.annotation.JsonIgnore; -import jakarta.validation.constraints.NotBlank; -import jakarta.validation.constraints.NotEmpty; -import lombok.Data; - -/** - * @author Roman Strobl, roman.strobl@wultra.com - */ -@Data -public class CollectedClientData { - - @NotEmpty - @JsonIgnore - private String encoded; - @NotBlank - private String type; - @NotEmpty - private String challenge; - @NotBlank - private String origin; - private String topOrigin; - private boolean crossOrigin; -} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java deleted file mode 100644 index cd6453293..000000000 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/EllipticCurvePoint.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.security.powerauth.client.model.entity.fido2; - -import lombok.Data; -import lombok.ToString; - -/** - * @author Roman Strobl, roman.strobl@wultra.com - */ -@Data -public class EllipticCurvePoint { - - @ToString.Exclude - private byte[] x; - @ToString.Exclude - private byte[] y; - -} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/Flags.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/Flags.java deleted file mode 100644 index 9e57170d2..000000000 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/Flags.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.security.powerauth.client.model.entity.fido2; - -import lombok.Data; - -/** - * @author Roman Strobl, roman.strobl@wultra.com - */ -@Data -public class Flags { - - private boolean userPresent; - private boolean reservedBit2; - private boolean userVerified; - private boolean backupEligible; - private boolean backupState; - private boolean reservedBit6; - private boolean attestedCredentialsIncluded; - private boolean extensionDataIncluded; - -} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/PublicKeyObject.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/PublicKeyObject.java deleted file mode 100644 index 08d453d15..000000000 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/PublicKeyObject.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.security.powerauth.client.model.entity.fido2; - -import com.wultra.security.powerauth.client.model.enumeration.fido2.CurveType; -import com.wultra.security.powerauth.client.model.enumeration.fido2.SignatureAlgorithm; -import lombok.Data; - -/** - * @author Roman Strobl, roman.strobl@wultra.com - */ -@Data -public class PublicKeyObject { - - private SignatureAlgorithm algorithm; - private CurveType curveType; - private EllipticCurvePoint point; - -} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/SignatureAlgorithm.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/SignatureAlgorithm.java deleted file mode 100644 index f405e0af0..000000000 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/fido2/SignatureAlgorithm.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.security.powerauth.client.model.enumeration.fido2; - -/** - * @author Roman Strobl, roman.strobl@wultra.com - */ -public enum SignatureAlgorithm { - - ES256, - UNKNOWN - -} From e7f172a6ce3a3716bafbd9446f347ad17ecfa6cb Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Sun, 19 Nov 2023 18:34:58 +0100 Subject: [PATCH 023/146] Add validation annotations --- .../model/entity/fido2/AuthenticatorAssertionResponse.java | 3 +++ .../model/entity/fido2/AuthenticatorAttestationResponse.java | 3 +++ 2 files changed, 6 insertions(+) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java index 7e7116c5d..5d0e7e8cf 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAssertionResponse.java @@ -18,6 +18,7 @@ package com.wultra.security.powerauth.client.model.entity.fido2; +import jakarta.validation.constraints.NotBlank; import jakarta.validation.constraints.NotEmpty; import lombok.Data; import lombok.ToString; @@ -28,8 +29,10 @@ @Data public class AuthenticatorAssertionResponse { + @NotBlank private String clientDataJSON; + @NotBlank private String authenticatorData; @NotEmpty diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java index cca330fc7..b2dd754e7 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorAttestationResponse.java @@ -18,6 +18,7 @@ package com.wultra.security.powerauth.client.model.entity.fido2; +import jakarta.validation.constraints.NotBlank; import lombok.Data; import java.util.List; @@ -28,7 +29,9 @@ @Data public class AuthenticatorAttestationResponse { + @NotBlank private String clientDataJSON; + @NotBlank private String attestationObject; private List transports; From 4eef368621b426cef2fbd3759e0bd6ecb1d5375b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Mon, 27 Nov 2023 07:17:27 +0100 Subject: [PATCH 024/146] Fix #1152: FIDO2: Invalid timestamp check for operation claim (#1153) * Fix #1152: FIDO2: Invalid timestamp check for operation claim * Update code comments --- .../service/behavior/tasks/OperationServiceBehavior.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java index 832e86fcf..32121e37e 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java @@ -696,8 +696,9 @@ private OperationEntity claimOperation(OperationEntity source, String userId, Da // If a user accessing the operation is specified in the query, either claim the operation to that user, // or check if the user is already granted to be able to access the operation. if (userId != null) { + // Only pending, non-expired operations should be claimable. if (OperationStatusDo.PENDING.equals(source.getStatus()) - && source.getTimestampExpires().before(currentTimestamp)) { + && source.getTimestampExpires().after(currentTimestamp)) { final String operationId = source.getId(); final String expectedUserId = source.getUserId(); if (expectedUserId == null) { @@ -714,7 +715,7 @@ private OperationEntity claimOperation(OperationEntity source, String userId, Da } private OperationEntity expireOperation(OperationEntity source, Date currentTimestamp) { - // Operation is still pending and timestamp is after the expiration. + // Pending operations expiring before current timestamp should be marked as expired. if (OperationStatusDo.PENDING.equals(source.getStatus()) && source.getTimestampExpires().before(currentTimestamp)) { logger.info("Operation {} expired.", source.getId()); From 18cf674ee7cc2064c2851e9bdea69bb260ca3c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Mon, 27 Nov 2023 07:19:36 +0100 Subject: [PATCH 025/146] Fix #1140: Implement tests for FIDO2 REST API (#1149) --- pom.xml | 3 + .../converter/RegistrationConverter.java | 5 +- .../AuthenticatorDataDeserializer.java | 6 +- .../{EllipticCurvePoint.java => ECPoint.java} | 2 +- .../rest/model/entity/PublicKeyObject.java | 2 +- .../RegistrationRequestValidator.java | 27 + .../fido2/service/RegistrationService.java | 2 +- .../service/provider/CryptographyService.java | 7 +- powerauth-java-server/pom.xml | 6 + .../fido2/PowerAuthAssertionProvider.java | 3 + .../fido2/PowerAuthCryptographyService.java | 10 +- .../SelfAttestedPackedAuthenticator.java | 54 ++ .../fido2/Fido2AuthenticatorTest.java | 463 ++++++++++++++++++ 13 files changed, 570 insertions(+), 20 deletions(-) rename powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/{EllipticCurvePoint.java => ECPoint.java} (96%) create mode 100644 powerauth-java-server/src/test/java/com/webauthn4j/test/authenticator/webauthn/SelfAttestedPackedAuthenticator.java create mode 100644 powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java diff --git a/pom.xml b/pom.xml index c4eab21a1..c9fbc4e72 100644 --- a/pom.xml +++ b/pom.xml @@ -102,6 +102,9 @@ 1.11.0 7.4 + + + 0.21.8.RELEASE diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index 338f461fc..2915d8ac3 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -72,11 +72,8 @@ private Map convertExtras(RegistrationRequest requestObject) thr final AuthenticatorParameters authenticatorParameters = requestObject.getAuthenticatorParameters(); final Map params = new HashMap<>(); params.put("relyingPartyId", authenticatorParameters.getRelyingPartyId()); - params.put("allowedOrigins", authenticatorParameters.getAllowedOrigins()); - params.put("allowedTopOrigins", authenticatorParameters.getAllowedTopOrigins()); - params.put("transports", authenticatorParameters.getResponse().getTransports()); params.put("authenticatorAttachment", authenticatorParameters.getAuthenticatorAttachment()); - params.put("attestationStatement", authenticatorParameters.getResponse().getAttestationObject()); + params.put("credentialId", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getCredentialId()); params.put("origin", authenticatorParameters.getResponse().getClientDataJSON().getOrigin()); params.put("topOrigin", authenticatorParameters.getResponse().getClientDataJSON().getTopOrigin()); params.put("isCrossOrigin", authenticatorParameters.getResponse().getClientDataJSON().isCrossOrigin()); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java index 4d07b2e8a..f942c7398 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java @@ -25,7 +25,7 @@ import com.fasterxml.jackson.databind.deser.std.StdDeserializer; import com.fasterxml.jackson.dataformat.cbor.databind.CBORMapper; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; -import com.wultra.powerauth.fido2.rest.model.entity.EllipticCurvePoint; +import com.wultra.powerauth.fido2.rest.model.entity.ECPoint; import com.wultra.powerauth.fido2.rest.model.entity.Flags; import com.wultra.powerauth.fido2.rest.model.entity.PublicKeyObject; import com.wultra.powerauth.fido2.rest.model.enumeration.CurveType; @@ -59,7 +59,7 @@ private AuthenticatorDataDeserializer(Class vc) { } @Override - public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException, JacksonException { + public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { final AuthenticatorData result = new AuthenticatorData(); // Serialize Auth Data @@ -137,7 +137,7 @@ public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationConte final byte[] xBytes = (byte[]) credentialPublicKeyMap.get("-2"); final byte[] yBytes = (byte[]) credentialPublicKeyMap.get("-3"); - final EllipticCurvePoint point = new EllipticCurvePoint(); + final ECPoint point = new ECPoint(); point.setX(xBytes); point.setY(yBytes); publicKeyObject.setPoint(point); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/EllipticCurvePoint.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/ECPoint.java similarity index 96% rename from powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/EllipticCurvePoint.java rename to powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/ECPoint.java index 798bd5e03..fdae77c50 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/EllipticCurvePoint.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/ECPoint.java @@ -24,7 +24,7 @@ * @author Petr Dvorak, petr@wultra.com */ @Data -public class EllipticCurvePoint { +public class ECPoint { private byte[] x; private byte[] y; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java index c34a075e2..47dbbf5da 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java @@ -32,6 +32,6 @@ public class PublicKeyObject { private SignatureAlgorithm algorithm; private CurveType curveType; private ECKeyType keyType; - private EllipticCurvePoint point; + private ECPoint point; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java index ebc3b1bb9..21800b9c6 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java @@ -19,6 +19,8 @@ package com.wultra.powerauth.fido2.rest.model.validator; import com.wultra.powerauth.fido2.rest.model.entity.*; +import com.wultra.powerauth.fido2.rest.model.enumeration.CurveType; +import com.wultra.powerauth.fido2.rest.model.enumeration.ECKeyType; import com.wultra.powerauth.fido2.rest.model.enumeration.Fmt; import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; @@ -114,6 +116,16 @@ public String validate(RegistrationRequest request) { return "Missing attestation data."; } + final byte[] credentialId = attestedCredentialData.getCredentialId(); + if (credentialId == null) { + return "Missing credential identifier."; + } + + final byte[] aaguid = attestedCredentialData.getAaguid(); + if (aaguid == null) { + return "Missing aaguid."; + } + final PublicKeyObject publicKeyObject = attestedCredentialData.getPublicKeyObject(); if (publicKeyObject == null) { return "Missing public key inside attestation data"; @@ -124,6 +136,21 @@ public String validate(RegistrationRequest request) { return "The provided algorithm is not supported by the server."; } + final CurveType curveType = publicKeyObject.getCurveType(); + if (CurveType.P256 != curveType) { + return "The provided curve type is not supported by the server."; + } + + final ECKeyType keyType = publicKeyObject.getKeyType(); + if (ECKeyType.UNCOMPRESSED != keyType) { + return "The provided key type is not supported by the server."; + } + + final ECPoint point = publicKeyObject.getPoint(); + if (point == null) { + return "Missing EC point in public key object."; + } + if (fmt.equals(Fmt.FMT_PACKED.getValue())) { final AttestationStatement attStmt = attestationObject.getAttStmt(); if (!attStmt.getAlgorithm().equals(algorithm)) { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index 877f17a57..75c6e5f74 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -104,7 +104,7 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E } final RegistrationChallenge challenge = registrationProvider.provideChallengeForRegistrationChallengeValue(applicationId, challengeValue); - final AuthenticatorDetail authenticatorDetail = registrationConverter.convert(challenge, requestObject, attestedCredentialData.getAaguid(), cryptographyService.publicKeyToBytes(attestedCredentialData)); + final AuthenticatorDetail authenticatorDetail = registrationConverter.convert(challenge, requestObject, attestedCredentialData.getAaguid(), cryptographyService.publicKeyToBytes(attestedCredentialData.getPublicKeyObject())); final AuthenticatorDetail authenticatorDetailResponse = authenticatorProvider.storeAuthenticator(requestObject.getApplicationId(), challenge.getChallenge(), authenticatorDetail); return registrationConverter.convertRegistrationResponse(authenticatorDetailResponse); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java index aeeadbcc2..e3f157ff7 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java @@ -18,10 +18,7 @@ package com.wultra.powerauth.fido2.service.provider; -import com.wultra.powerauth.fido2.rest.model.entity.AttestedCredentialData; -import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; -import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; -import com.wultra.powerauth.fido2.rest.model.entity.CollectedClientData; +import com.wultra.powerauth.fido2.rest.model.entity.*; /** * Interface representing FIDO2 verification service. @@ -33,5 +30,5 @@ public interface CryptographyService { boolean verifySignatureForAssertion(String applicationId, String authenticatorId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AuthenticatorDetail authenticatorDetail) throws Exception; - byte[] publicKeyToBytes(AttestedCredentialData attestedCredentialData) throws Exception; + byte[] publicKeyToBytes(PublicKeyObject publicKey) throws Exception; } diff --git a/powerauth-java-server/pom.xml b/powerauth-java-server/pom.xml index 880a6ea7d..f6bc5cf34 100644 --- a/powerauth-java-server/pom.xml +++ b/powerauth-java-server/pom.xml @@ -171,6 +171,12 @@ h2 test + + com.webauthn4j + webauthn4j-test + ${webauthn4j.version} + test + diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index 4ed907795..ea176b42e 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -89,6 +89,9 @@ public AssertionChallenge approveAssertion(String challengeValue, AuthenticatorD try { final String[] split = challengeValue.split("&", 2); + if (split.length != 2) { + throw new Fido2AuthenticationFailedException("Invalid challenge"); + } final String operationId = split[0]; final String operationData = split[1]; diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java index 01ac9fe28..a2aecfce4 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java @@ -48,15 +48,15 @@ public boolean verifySignatureForAssertion(String applicationId, String authenti } public boolean verifySignatureForRegistration(String applicationId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AttestedCredentialData attestedCredentialData) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException, InvalidKeyException { - final EllipticCurvePoint point = attestedCredentialData.getPublicKeyObject().getPoint(); + final ECPoint point = attestedCredentialData.getPublicKeyObject().getPoint(); final PublicKey publicKey = keyConvertor.convertPointBytesToPublicKey(point.getX(), point.getY()); return verifySignature(clientDataJSON, authData, signature, publicKey); } - public byte[] publicKeyToBytes(AttestedCredentialData attestedCredentialData) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException { - final EllipticCurvePoint point = attestedCredentialData.getPublicKeyObject().getPoint(); - final PublicKey publicKey = keyConvertor.convertPointBytesToPublicKey(point.getX(), point.getY()); - return keyConvertor.convertPublicKeyToBytes(publicKey); + public byte[] publicKeyToBytes(PublicKeyObject publicKey) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException { + final ECPoint point = publicKey.getPoint(); + final PublicKey publicKeyConverted = keyConvertor.convertPointBytesToPublicKey(point.getX(), point.getY()); + return keyConvertor.convertPublicKeyToBytes(publicKeyConverted); } // private methods diff --git a/powerauth-java-server/src/test/java/com/webauthn4j/test/authenticator/webauthn/SelfAttestedPackedAuthenticator.java b/powerauth-java-server/src/test/java/com/webauthn4j/test/authenticator/webauthn/SelfAttestedPackedAuthenticator.java new file mode 100644 index 000000000..9be31b978 --- /dev/null +++ b/powerauth-java-server/src/test/java/com/webauthn4j/test/authenticator/webauthn/SelfAttestedPackedAuthenticator.java @@ -0,0 +1,54 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +package com.webauthn4j.test.authenticator.webauthn; + +import com.webauthn4j.data.attestation.statement.AttestationStatement; +import com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier; +import com.webauthn4j.data.attestation.statement.PackedAttestationStatement; +import com.webauthn4j.test.TestDataUtil; +import com.webauthn4j.test.client.RegistrationEmulationOption; + +import java.security.cert.X509Certificate; + +/** + * Self-attested packed authenticator. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +public class SelfAttestedPackedAuthenticator extends WebAuthnModelAuthenticator { + + @Override + public AttestationStatement createAttestationStatement(AttestationStatementRequest attestationStatementRequest, RegistrationEmulationOption registrationEmulationOption) { + final byte[] signature; + if (registrationEmulationOption.isSignatureOverrideEnabled()) { + signature = registrationEmulationOption.getSignature(); + } else { + signature = TestDataUtil.calculateSignature(attestationStatementRequest.getCredentialKeyPair().getPrivate(), attestationStatementRequest.getSignedData()); + } + + return new PackedAttestationStatement(COSEAlgorithmIdentifier.ES256, signature, null); + } + + @Override + X509Certificate createAttestationCertificate(AttestationStatementRequest attestationStatementRequest, AttestationOption attestationOption) { + return null; + } + +} \ No newline at end of file diff --git a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java new file mode 100644 index 000000000..815f279b1 --- /dev/null +++ b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java @@ -0,0 +1,463 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +package com.wultra.powerauth.fido2; + +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.dataformat.cbor.databind.CBORMapper; +import com.google.common.io.BaseEncoding; +import com.webauthn4j.data.AuthenticatorAssertionResponse; +import com.webauthn4j.data.AuthenticatorAttestationResponse; +import com.webauthn4j.data.*; +import com.webauthn4j.data.attestation.statement.COSEAlgorithmIdentifier; +import com.webauthn4j.data.client.Origin; +import com.webauthn4j.data.client.challenge.Challenge; +import com.webauthn4j.data.client.challenge.DefaultChallenge; +import com.webauthn4j.data.extension.client.AuthenticationExtensionClientOutput; +import com.webauthn4j.data.extension.client.RegistrationExtensionClientOutput; +import com.webauthn4j.test.EmulatorUtil; +import com.webauthn4j.test.authenticator.webauthn.SelfAttestedPackedAuthenticator; +import com.webauthn4j.test.authenticator.webauthn.WebAuthnAuthenticatorAdaptor; +import com.webauthn4j.test.client.ClientPlatform; +import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.rest.model.entity.*; +import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; +import com.wultra.powerauth.fido2.rest.model.request.AssertionVerificationRequest; +import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; +import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; +import com.wultra.powerauth.fido2.rest.model.response.AssertionVerificationResponse; +import com.wultra.powerauth.fido2.rest.model.response.RegistrationChallengeResponse; +import com.wultra.powerauth.fido2.rest.model.response.RegistrationResponse; +import com.wultra.powerauth.fido2.service.AssertionService; +import com.wultra.powerauth.fido2.service.RegistrationService; +import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import com.wultra.security.powerauth.client.model.enumeration.SignatureType; +import com.wultra.security.powerauth.client.model.request.CreateApplicationRequest; +import com.wultra.security.powerauth.client.model.request.GetActivationStatusRequest; +import com.wultra.security.powerauth.client.model.request.OperationTemplateCreateRequest; +import com.wultra.security.powerauth.client.model.response.OperationTemplateDetailResponse; +import io.getlime.security.powerauth.app.server.Application; +import io.getlime.security.powerauth.app.server.service.PowerAuthService; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; + +import java.io.IOException; +import java.nio.ByteBuffer; +import java.nio.charset.StandardCharsets; +import java.util.Arrays; +import java.util.Collections; +import java.util.Objects; +import java.util.UUID; +import java.util.stream.Collectors; + +import static org.junit.jupiter.api.Assertions.*; + +/** + * Test of self-attested packed authenticator against PowerAuth server. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@SpringBootTest(classes = Application.class) +class Fido2AuthenticatorTest { + + private final CBORMapper CBOR_MAPPER = new CBORMapper(); + private final ObjectMapper OBJECT_MAPPER = new ObjectMapper(); + + private final static String RP_ID = "powerauth.com"; + private final static Origin ORIGIN = new Origin("http://localhost"); + private final static String USER_ID = "test_" + UUID.randomUUID(); + private final static String APPLICATION_ID = "fido2_test_" + UUID.randomUUID(); + private final static String ACTIVATION_NAME = "fido2_test_activation"; + private final static long REQUEST_TIMEOUT = 100L; + + private final ClientPlatform CLIENT_PLATFORM_SELF_ATTESTED = new ClientPlatform(ORIGIN, new WebAuthnAuthenticatorAdaptor(new SelfAttestedPackedAuthenticator())); + private final ClientPlatform CLIENT_PLATFORM_BASIC_ATTESTATION = new ClientPlatform(ORIGIN, new WebAuthnAuthenticatorAdaptor(EmulatorUtil.PACKED_AUTHENTICATOR)); + + private final PowerAuthService powerAuthService; + private final RegistrationService registrationService; + private final AssertionService assertionService; + + + @Autowired + public Fido2AuthenticatorTest(PowerAuthService powerAuthService, RegistrationService registrationService, AssertionService assertionService) throws Exception { + this.powerAuthService = powerAuthService; + this.registrationService = registrationService; + this.assertionService = assertionService; + createApplication(); + createOperationTemplate(); + } + + @Test + void packedAuthenticatorSuccessTest() throws Exception { + registerCredential(); + authenticate(); + } + + @Test + public void packedAuthenticatorInvalidRegistrationChallengeTest() throws Exception { + // Use invalid challenge + final Challenge challenge = new DefaultChallenge(BaseEncoding.base64().encode(UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8))); + final AuthenticatorSelectionCriteria authenticatorCriteria = new AuthenticatorSelectionCriteria( + AuthenticatorAttachment.PLATFORM, true, UserVerificationRequirement.REQUIRED); + final PublicKeyCredentialParameters pkParam = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); + final PublicKeyCredentialUserEntity user = new PublicKeyCredentialUserEntity(USER_ID.getBytes(StandardCharsets.UTF_8), USER_ID, USER_ID); + final PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(RP_ID, RP_ID), + user, challenge, Collections.singletonList(pkParam), REQUEST_TIMEOUT, Collections.emptyList(), + authenticatorCriteria, AttestationConveyancePreference.DIRECT, null + ); + + // Prepare registration request + com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest registrationRequest = prepareRegistrationRequest(credentialCreationOptions, challenge, CLIENT_PLATFORM_SELF_ATTESTED); + + // Register credential + assertThrows(Fido2AuthenticationFailedException.class, () -> registrationService.register(registrationRequest)); + } + + @Test + public void packedAuthenticatorInvalidAttestationTest() throws Exception { + // Obtain challenge from PowerAuth server + final RegistrationChallengeResponse challengeResponse = registrationService.requestRegistrationChallenge(USER_ID, APPLICATION_ID); + assertEquals(APPLICATION_ID, challengeResponse.getApplicationId()); + assertEquals(USER_ID, challengeResponse.getUserId()); + assertNotNull(challengeResponse.getChallenge()); + assertNotNull(challengeResponse.getActivationId()); + + // Use obtained activation code as a challenge, prepare credential options + final Challenge challenge = new DefaultChallenge(challengeResponse.getChallenge().getBytes(StandardCharsets.UTF_8)); + final AuthenticatorSelectionCriteria authenticatorCriteria = new AuthenticatorSelectionCriteria( + AuthenticatorAttachment.PLATFORM, true, UserVerificationRequirement.REQUIRED); + final PublicKeyCredentialParameters pkParam = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); + final PublicKeyCredentialUserEntity user = new PublicKeyCredentialUserEntity(USER_ID.getBytes(StandardCharsets.UTF_8), USER_ID, USER_ID); + final PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(RP_ID, RP_ID), + user, challenge, Collections.singletonList(pkParam), REQUEST_TIMEOUT, Collections.emptyList(), + authenticatorCriteria, AttestationConveyancePreference.DIRECT, null + ); + + // Prepare registration request + com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest registrationRequest = prepareRegistrationRequest(credentialCreationOptions, challenge, CLIENT_PLATFORM_BASIC_ATTESTATION); + + // Register credential + assertThrows(Fido2AuthenticationFailedException.class, () -> registrationService.register(registrationRequest)); + } + + @Test + public void packedAuthenticatorNoAttestationTest() throws Exception { + // Obtain challenge from PowerAuth server + final RegistrationChallengeResponse challengeResponse = registrationService.requestRegistrationChallenge(USER_ID, APPLICATION_ID); + assertEquals(APPLICATION_ID, challengeResponse.getApplicationId()); + assertEquals(USER_ID, challengeResponse.getUserId()); + assertNotNull(challengeResponse.getChallenge()); + assertNotNull(challengeResponse.getActivationId()); + + // Use obtained activation code as a challenge, prepare credential options + final Challenge challenge = new DefaultChallenge(challengeResponse.getChallenge().getBytes(StandardCharsets.UTF_8)); + final AuthenticatorSelectionCriteria authenticatorCriteria = new AuthenticatorSelectionCriteria( + AuthenticatorAttachment.PLATFORM, true, UserVerificationRequirement.REQUIRED); + final PublicKeyCredentialParameters pkParam = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); + final PublicKeyCredentialUserEntity user = new PublicKeyCredentialUserEntity(USER_ID.getBytes(StandardCharsets.UTF_8), USER_ID, USER_ID); + final PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(RP_ID, RP_ID), + user, challenge, Collections.singletonList(pkParam), REQUEST_TIMEOUT, Collections.emptyList(), + authenticatorCriteria, AttestationConveyancePreference.NONE, null + ); + + // Prepare registration request + com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest registrationRequest = prepareRegistrationRequest(credentialCreationOptions, challenge, CLIENT_PLATFORM_BASIC_ATTESTATION); + + // Register credential + final RegistrationResponse registrationResponse = registrationService.register(registrationRequest); + assertEquals(challengeResponse.getActivationId(), registrationResponse.getActivationId()); + } + + @Test + public void packedAuthenticatorInvalidAssertionChallengeTest() throws Exception { + registerCredential(); + + final Challenge challenge = new DefaultChallenge(BaseEncoding.base64().encode(UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8))); + final PublicKeyCredentialRequestOptions getOptions = new PublicKeyCredentialRequestOptions(challenge, REQUEST_TIMEOUT, + RP_ID, null, UserVerificationRequirement.REQUIRED, null); + final PublicKeyCredential credential = CLIENT_PLATFORM_SELF_ATTESTED.get(getOptions); + final AssertionVerificationRequest authRequest = new AssertionVerificationRequest(); + authRequest.setId(credential.getId()); + authRequest.setType(credential.getType()); + authRequest.setAuthenticatorAttachment(AuthenticatorAttachment.PLATFORM.getValue()); + authRequest.setApplicationId(APPLICATION_ID); + authRequest.setRelyingPartyId(RP_ID); + authRequest.setAllowedOrigins(Collections.singletonList(ORIGIN.toString())); + authRequest.setRequiresUserVerification(true); + authRequest.setExpectedChallenge(BaseEncoding.base64().encode(challenge.getValue())); + + // Convert clientDataJSON and authenticatorData into object and supply encoded values for signature verification + final byte[] clientDataJSON = Objects.requireNonNull(credential.getAuthenticatorResponse()).getClientDataJSON(); + final CollectedClientData clientData = OBJECT_MAPPER.readValue(clientDataJSON, CollectedClientData.class); + clientData.setEncoded(new String(clientDataJSON)); + final byte[] authenticatorData = Objects.requireNonNull(credential.getAuthenticatorResponse()).getAuthenticatorData(); + final AuthenticatorData authData = deserializeAuthenticationData(authenticatorData); + final byte[] userHandle = Objects.requireNonNull(credential.getAuthenticatorResponse()).getUserHandle(); + final byte[] signature = Objects.requireNonNull(credential.getAuthenticatorResponse()).getSignature(); + + final com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse assertionResponse = new com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse(); + assertionResponse.setClientDataJSON(clientData); + assertionResponse.setAuthenticatorData(authData); + assertionResponse.setUserHandle(new String(userHandle, StandardCharsets.UTF_8)); + assertionResponse.setSignature(signature); + authRequest.setResponse(assertionResponse); + + // Authenticate + assertThrows(Fido2AuthenticationFailedException.class, () -> assertionService.authenticate(authRequest)); + } + + @Test + public void packedAuthenticatorInvalidSignatureTest() throws Exception { + registerCredential(); + + // Obtain authentication challenge from PowerAuth server + final AssertionChallengeRequest challengeRequest = new AssertionChallengeRequest(); + challengeRequest.setApplicationIds(Collections.singletonList(APPLICATION_ID)); + challengeRequest.setOperationType("login"); + challengeRequest.setExternalId(UUID.randomUUID().toString()); + final AssertionChallengeResponse challengeResponse = assertionService.requestAssertionChallenge(challengeRequest); + assertEquals(APPLICATION_ID, challengeResponse.getApplicationIds().get(0)); + assertNull(challengeResponse.getUserId()); + assertNotNull(challengeResponse.getChallenge()); + assertEquals(0, challengeResponse.getFailedAttempts()); + assertEquals(5, challengeResponse.getMaxFailedAttempts()); + + // Prepare authentication request + final Challenge challenge = new DefaultChallenge(challengeResponse.getChallenge().getBytes(StandardCharsets.UTF_8)); + final PublicKeyCredentialRequestOptions getOptions = new PublicKeyCredentialRequestOptions(challenge, REQUEST_TIMEOUT, + RP_ID, null, UserVerificationRequirement.REQUIRED, null); + final PublicKeyCredential credential = CLIENT_PLATFORM_SELF_ATTESTED.get(getOptions); + final AssertionVerificationRequest authRequest = new AssertionVerificationRequest(); + authRequest.setId(credential.getId()); + authRequest.setType(credential.getType()); + authRequest.setAuthenticatorAttachment(AuthenticatorAttachment.PLATFORM.getValue()); + authRequest.setApplicationId(APPLICATION_ID); + authRequest.setRelyingPartyId(RP_ID); + authRequest.setAllowedOrigins(Collections.singletonList(ORIGIN.toString())); + authRequest.setRequiresUserVerification(true); + authRequest.setExpectedChallenge(new String(challenge.getValue(), StandardCharsets.UTF_8)); + + // Convert clientDataJSON and authenticatorData into object and supply encoded values for signature verification + final byte[] clientDataJSON = Objects.requireNonNull(credential.getAuthenticatorResponse()).getClientDataJSON(); + final CollectedClientData clientData = OBJECT_MAPPER.readValue(clientDataJSON, CollectedClientData.class); + clientData.setEncoded(new String(clientDataJSON)); + final byte[] authenticatorData = Objects.requireNonNull(credential.getAuthenticatorResponse()).getAuthenticatorData(); + final AuthenticatorData authData = deserializeAuthenticationData(authenticatorData); + final byte[] userHandle = Objects.requireNonNull(credential.getAuthenticatorResponse()).getUserHandle(); + + final com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse assertionResponse = new com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse(); + assertionResponse.setClientDataJSON(clientData); + assertionResponse.setAuthenticatorData(authData); + assertionResponse.setUserHandle(new String(userHandle, StandardCharsets.UTF_8)); + assertionResponse.setSignature(new byte[32]); + authRequest.setResponse(assertionResponse); + + // Authenticate + assertThrows(Fido2AuthenticationFailedException.class, () -> assertionService.authenticate(authRequest)); + } + + private void createApplication() throws Exception { + // Search if application for FIDO2 tests exists + final boolean applicationFound = powerAuthService.getApplicationList().getApplications().stream() + .map(com.wultra.security.powerauth.client.model.entity.Application::getApplicationId) + .anyMatch(APPLICATION_ID::equals); + if (applicationFound) { + return; + } + // Create application for FIDO2 tests + CreateApplicationRequest request = new CreateApplicationRequest(); + request.setApplicationId(APPLICATION_ID); + powerAuthService.createApplication(request); + } + + private void registerCredential() throws Exception { + // Obtain challenge from PowerAuth server + final RegistrationChallengeResponse challengeResponse = registrationService.requestRegistrationChallenge(USER_ID, APPLICATION_ID); + assertEquals(APPLICATION_ID, challengeResponse.getApplicationId()); + assertEquals(USER_ID, challengeResponse.getUserId()); + assertNotNull(challengeResponse.getChallenge()); + assertNotNull(challengeResponse.getActivationId()); + + // Check that activation is in CREATED state + final GetActivationStatusRequest activationStatusRequest = new GetActivationStatusRequest(); + activationStatusRequest.setActivationId(challengeResponse.getActivationId()); + assertEquals(ActivationStatus.CREATED, powerAuthService.getActivationStatus(activationStatusRequest).getActivationStatus()); + + // Use obtained activation code as a challenge, prepare credential options + final Challenge challenge = new DefaultChallenge(challengeResponse.getChallenge().getBytes(StandardCharsets.UTF_8)); + final AuthenticatorSelectionCriteria authenticatorCriteria = new AuthenticatorSelectionCriteria( + AuthenticatorAttachment.PLATFORM, true, UserVerificationRequirement.REQUIRED); + final PublicKeyCredentialParameters pkParam = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); + final PublicKeyCredentialUserEntity user = new PublicKeyCredentialUserEntity(USER_ID.getBytes(StandardCharsets.UTF_8), USER_ID, USER_ID); + final PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(RP_ID, RP_ID), + user, challenge, Collections.singletonList(pkParam), REQUEST_TIMEOUT, Collections.emptyList(), + authenticatorCriteria, AttestationConveyancePreference.DIRECT, null + ); + + // Prepare registration request + com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest registrationRequest = prepareRegistrationRequest(credentialCreationOptions, challenge, CLIENT_PLATFORM_SELF_ATTESTED); + + // Register credential + final RegistrationResponse registrationResponse = registrationService.register(registrationRequest); + assertEquals(APPLICATION_ID, registrationResponse.getApplicationId()); + + // Check that activation is in ACTIVE state + final GetActivationStatusRequest activationStatusRequest2 = new GetActivationStatusRequest(); + activationStatusRequest2.setActivationId(challengeResponse.getActivationId()); + assertEquals(ActivationStatus.ACTIVE, powerAuthService.getActivationStatus(activationStatusRequest2).getActivationStatus()); + } + + private RegistrationRequest prepareRegistrationRequest(PublicKeyCredentialCreationOptions credentialCreationOptions, Challenge challenge, ClientPlatform clientPlatform) throws Exception { + // Create credential on authenticator emulator + final PublicKeyCredential credential = clientPlatform.create(credentialCreationOptions); + com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest registrationRequest = new RegistrationRequest(); + registrationRequest.setApplicationId(APPLICATION_ID); + registrationRequest.setActivationName(ACTIVATION_NAME); + registrationRequest.setExpectedChallenge(new String(challenge.getValue(), StandardCharsets.UTF_8)); + final AuthenticatorParameters authenticationParameters = new AuthenticatorParameters(); + authenticationParameters.setId(credential.getId()); + authenticationParameters.setRelyingPartyId(RP_ID); + authenticationParameters.setAllowedOrigins(Collections.singletonList(ORIGIN.toString())); + authenticationParameters.setType(credential.getType()); + authenticationParameters.setRequiresUserVerification(true); + + // Convert clientDataJSON and attestationObject into object and supply encoded values for signature verification + final byte[] clientDataJSON = Objects.requireNonNull(credential.getAuthenticatorResponse()).getClientDataJSON(); + final CollectedClientData clientData = OBJECT_MAPPER.readValue(clientDataJSON, CollectedClientData.class); + clientData.setEncoded(new String(clientDataJSON)); + final byte[] attestationObject = Objects.requireNonNull(credential.getAuthenticatorResponse()).getAttestationObject(); + final AttestationObject attObj = CBOR_MAPPER.readValue(attestationObject, AttestationObject.class); + attObj.setEncoded(new String(attestationObject)); + + final com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAttestationResponse attestationResponse = new com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAttestationResponse(); + attestationResponse.setClientDataJSON(clientData); + attestationResponse.setAttestationObject(attObj); + final AuthenticatorTransport[] transports = credential.getAuthenticatorResponse().getTransports().toArray(new AuthenticatorTransport[0]); + attestationResponse.setTransports(Arrays.stream(transports).map(AuthenticatorTransport::toString).collect(Collectors.toList())); + authenticationParameters.setResponse(attestationResponse); + registrationRequest.setAuthenticatorParameters(authenticationParameters); + return registrationRequest; + } + + private void createOperationTemplate() throws Exception { + final boolean templateFound = powerAuthService.getAllTemplates().stream() + .map(OperationTemplateDetailResponse::getTemplateName) + .anyMatch("login"::equals); + if (templateFound) { + return; + } + final OperationTemplateCreateRequest templateCreateRequest = new OperationTemplateCreateRequest(); + templateCreateRequest.setTemplateName("login"); + templateCreateRequest.setOperationType("login"); + templateCreateRequest.setDataTemplate("A2"); + templateCreateRequest.setMaxFailureCount(5L); + templateCreateRequest.setExpiration(300L); + templateCreateRequest.getSignatureType().add(SignatureType.POSSESSION_KNOWLEDGE); + powerAuthService.createOperationTemplate(templateCreateRequest); + } + + private void authenticate() throws Exception { + // Obtain authentication challenge from PowerAuth server + final AssertionChallengeRequest challengeRequest = new AssertionChallengeRequest(); + challengeRequest.setApplicationIds(Collections.singletonList(APPLICATION_ID)); + challengeRequest.setOperationType("login"); + challengeRequest.setExternalId(UUID.randomUUID().toString()); + final AssertionChallengeResponse challengeResponse = assertionService.requestAssertionChallenge(challengeRequest); + assertEquals(APPLICATION_ID, challengeResponse.getApplicationIds().get(0)); + assertNull(challengeResponse.getUserId()); + assertNotNull(challengeResponse.getChallenge()); + assertEquals(0, challengeResponse.getFailedAttempts()); + assertEquals(5, challengeResponse.getMaxFailedAttempts()); + + // Prepare authentication request + final Challenge challenge = new DefaultChallenge(challengeResponse.getChallenge().getBytes(StandardCharsets.UTF_8)); + final PublicKeyCredentialRequestOptions getOptions = new PublicKeyCredentialRequestOptions(challenge, REQUEST_TIMEOUT, + RP_ID, null, UserVerificationRequirement.REQUIRED, null); + final PublicKeyCredential credential = CLIENT_PLATFORM_SELF_ATTESTED.get(getOptions); + final AssertionVerificationRequest authRequest = new AssertionVerificationRequest(); + authRequest.setId(credential.getId()); + authRequest.setType(credential.getType()); + authRequest.setAuthenticatorAttachment(AuthenticatorAttachment.PLATFORM.getValue()); + authRequest.setApplicationId(APPLICATION_ID); + authRequest.setRelyingPartyId(RP_ID); + authRequest.setAllowedOrigins(Collections.singletonList(ORIGIN.toString())); + authRequest.setRequiresUserVerification(true); + authRequest.setExpectedChallenge(new String(challenge.getValue(), StandardCharsets.UTF_8)); + + // Convert clientDataJSON and authenticatorData into object and supply encoded values for signature verification + final byte[] clientDataJSON = Objects.requireNonNull(credential.getAuthenticatorResponse()).getClientDataJSON(); + final CollectedClientData clientData = OBJECT_MAPPER.readValue(clientDataJSON, CollectedClientData.class); + clientData.setEncoded(new String(clientDataJSON)); + final byte[] authenticatorData = Objects.requireNonNull(credential.getAuthenticatorResponse()).getAuthenticatorData(); + final AuthenticatorData authData = deserializeAuthenticationData(authenticatorData); + final byte[] userHandle = Objects.requireNonNull(credential.getAuthenticatorResponse()).getUserHandle(); + final byte[] signature = Objects.requireNonNull(credential.getAuthenticatorResponse()).getSignature(); + + final com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse assertionResponse = new com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse(); + assertionResponse.setClientDataJSON(clientData); + assertionResponse.setAuthenticatorData(authData); + assertionResponse.setUserHandle(new String(userHandle, StandardCharsets.UTF_8)); + assertionResponse.setSignature(signature); + authRequest.setResponse(assertionResponse); + + // Authenticate + final AssertionVerificationResponse authResponse = assertionService.authenticate(authRequest); + assertEquals(APPLICATION_ID, authResponse.getApplicationId()); + + } + + private AuthenticatorData deserializeAuthenticationData(byte[] authData) throws IOException { + final AuthenticatorData result = new AuthenticatorData(); + result.setEncoded(authData); + + // Get RP ID Hash + final byte[] rpIdHash = new byte[32]; + System.arraycopy(authData, 0, rpIdHash,0, 32); + result.setRpIdHash(rpIdHash); + + // Get Flags + final byte flagByte = authData[32]; + final Flags flags = result.getFlags(); + + flags.setUserPresent(isFlagOn(flagByte, 0)); + flags.setReservedBit2(isFlagOn(flagByte, 1)); + flags.setUserVerified(isFlagOn(flagByte, 2)); + flags.setBackupEligible(isFlagOn(flagByte, 3)); + flags.setBackupState(isFlagOn(flagByte, 4)); + flags.setReservedBit6(isFlagOn(flagByte, 5)); + flags.setAttestedCredentialsIncluded(isFlagOn(flagByte,6)); + flags.setExtensionDataIncluded(isFlagOn(flagByte,7)); + + // Get Signature Counter + final byte[] signCountBytes = new byte[4]; + System.arraycopy(authData, 33, signCountBytes, 0, 4); + final int signCount = ByteBuffer.wrap(signCountBytes).getInt(); // big-endian by default + result.setSignCount(signCount); + + return result; + } + + private boolean isFlagOn(byte flags, int position) throws IOException { + if (position < 0 || position > 7) { + throw new IOException("Invalid position for flag: " + position); + } + return ((flags >> position) & 1) == 1; + } +} From cc2b874badba96780bfb9e60c1bf3fa240e2323a Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Fri, 5 Jan 2024 11:17:57 +0100 Subject: [PATCH 026/146] Fix #1236: Update Wultra dependencies to SNAPSHOT --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index ae5057e2e..0d92063ac 100644 --- a/pom.xml +++ b/pom.xml @@ -84,8 +84,8 @@ 4.0.1 - 1.6.0 - 1.8.0 + 1.7.0-SNAPSHOT + 1.9.0-SNAPSHOT 1.77 From 880911d3aa031bf4bf3b77e76cf64547f07810d8 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Fri, 5 Jan 2024 15:40:13 +0100 Subject: [PATCH 027/146] Fix #1195: Set develop version to 1.7.0-SNAPSHOT --- pom.xml | 2 +- powerauth-admin/pom.xml | 2 +- powerauth-client-model/pom.xml | 2 +- powerauth-java-server/pom.xml | 2 +- powerauth-rest-client-spring/pom.xml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/pom.xml b/pom.xml index 06d173797..c75406dac 100644 --- a/pom.xml +++ b/pom.xml @@ -26,7 +26,7 @@ io.getlime.security powerauth-server-parent - 1.6.0 + 1.7.0-SNAPSHOT pom diff --git a/powerauth-admin/pom.xml b/powerauth-admin/pom.xml index b2e9f6b9a..8bed0cfd2 100644 --- a/powerauth-admin/pom.xml +++ b/powerauth-admin/pom.xml @@ -11,7 +11,7 @@ io.getlime.security powerauth-server-parent - 1.6.0 + 1.7.0-SNAPSHOT diff --git a/powerauth-client-model/pom.xml b/powerauth-client-model/pom.xml index b88455c54..e8d72bdbf 100644 --- a/powerauth-client-model/pom.xml +++ b/powerauth-client-model/pom.xml @@ -28,7 +28,7 @@ io.getlime.security powerauth-server-parent - 1.6.0 + 1.7.0-SNAPSHOT diff --git a/powerauth-java-server/pom.xml b/powerauth-java-server/pom.xml index 911aec6be..0958be03f 100644 --- a/powerauth-java-server/pom.xml +++ b/powerauth-java-server/pom.xml @@ -29,7 +29,7 @@ io.getlime.security powerauth-server-parent - 1.6.0 + 1.7.0-SNAPSHOT diff --git a/powerauth-rest-client-spring/pom.xml b/powerauth-rest-client-spring/pom.xml index db5c5c99c..31302c4f4 100644 --- a/powerauth-rest-client-spring/pom.xml +++ b/powerauth-rest-client-spring/pom.xml @@ -28,7 +28,7 @@ io.getlime.security powerauth-server-parent - 1.6.0 + 1.7.0-SNAPSHOT From ea636210aca69b45eac8a261480a7854ee6feffe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jan 2024 11:34:24 +0000 Subject: [PATCH 028/146] Bump org.springframework.boot:spring-boot-starter-parent Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.1.6 to 3.2.1. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.6...v3.2.1) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 633512d68..198435db1 100644 --- a/pom.xml +++ b/pom.xml @@ -32,7 +32,7 @@ org.springframework.boot spring-boot-starter-parent - 3.1.6 + 3.2.1 From 123c5c6f7788e27b9847453539418240f452cba2 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Tue, 2 Jan 2024 12:41:17 +0100 Subject: [PATCH 029/146] Revert "Fix #1175: Update logback" This reverts commit d1e3f94e801af59a6be209db52892fee3bc20273. --- pom.xml | 2 -- 1 file changed, 2 deletions(-) diff --git a/pom.xml b/pom.xml index 198435db1..2ae0f2707 100644 --- a/pom.xml +++ b/pom.xml @@ -102,8 +102,6 @@ 1.11.0 7.4 3.15.5 - - 1.4.14 From c0640eb6729867110ebdd172cb8d97af1b1d74f4 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Fri, 5 Jan 2024 16:18:28 +0100 Subject: [PATCH 030/146] Bump spring-cloud-vault version to 4.1.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2ae0f2707..b2b2ef2b8 100644 --- a/pom.xml +++ b/pom.xml @@ -81,7 +81,7 @@ - 4.0.1 + 4.1.0 1.7.0-SNAPSHOT From 311ff8850ca8006d0a6d50c3d5fbfa2b40f1c498 Mon Sep 17 00:00:00 2001 From: Jan Dusil <134381434+jandusil@users.noreply.github.com> Date: Mon, 8 Jan 2024 13:29:22 +0100 Subject: [PATCH 031/146] Clean up catching Error class (#1233) --- .../app/server/service/PowerAuthService.java | 138 +++++++++--------- 1 file changed, 69 insertions(+), 69 deletions(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java index f6f22bfa4..462cd7472 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java @@ -167,7 +167,7 @@ public GetActivationListForUserResponse getActivationListForUser(GetActivationLi final GetActivationListForUserResponse response = behavior.getActivationServiceBehavior().getActivationList(applicationId, userId, pageable, activationStatuses); logger.info("GetActivationListForUserRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -207,7 +207,7 @@ public LookupActivationsResponse lookupActivations(LookupActivationsRequest requ final LookupActivationsResponse response = behavior.getActivationServiceBehavior().lookupActivations(userIds, applicationIds, timestampLastUsedBefore, timestampLastUsedAfter, activationStatus, activationFlags); logger.info("LookupActivationsRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -233,7 +233,7 @@ public UpdateStatusForActivationsResponse updateStatusForActivations(UpdateStatu final UpdateStatusForActivationsResponse response = behavior.getActivationServiceBehavior().updateStatusForActivation(activationIds, activationStatus); logger.info("UpdateStatusForActivationsRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -259,7 +259,7 @@ public GetActivationStatusResponse getActivationStatus(GetActivationStatusReques } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -299,7 +299,7 @@ public InitActivationResponse initActivation(InitActivationRequest request) thro } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -330,7 +330,7 @@ public PrepareActivationResponse prepareActivation(PrepareActivationRequest requ } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -374,7 +374,7 @@ public CreateActivationResponse createActivation(CreateActivationRequest request } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -415,7 +415,7 @@ public VerifySignatureResponse verifySignature(VerifySignatureRequest request) t } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -440,7 +440,7 @@ public CreatePersonalizedOfflineSignaturePayloadResponse createPersonalizedOffli } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -482,7 +482,7 @@ public CreateNonPersonalizedOfflineSignaturePayloadResponse createNonPersonalize } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -518,7 +518,7 @@ public VerifyOfflineSignatureResponse verifyOfflineSignature(VerifyOfflineSignat } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -571,7 +571,7 @@ public UpdateActivationOtpResponse updateActivationOtp(UpdateActivationOtpReques } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -598,7 +598,7 @@ public CommitActivationResponse commitActivation(CommitActivationRequest request } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -625,7 +625,7 @@ public RemoveActivationResponse removeActivation(RemoveActivationRequest request } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -652,7 +652,7 @@ public BlockActivationResponse blockActivation(BlockActivationRequest request) t } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -678,7 +678,7 @@ public UnblockActivationResponse unblockActivation(UnblockActivationRequest requ } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -731,7 +731,7 @@ public VaultUnlockResponse vaultUnlock(VaultUnlockRequest request) throws Generi } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -760,7 +760,7 @@ public VerifyECDSASignatureResponse verifyECDSASignature(VerifyECDSASignatureReq } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -787,7 +787,7 @@ public SignatureAuditResponse getSignatureAuditLog(SignatureAuditRequest request final SignatureAuditResponse response = behavior.getAuditingServiceBehavior().getSignatureAuditLog(userId, applicationId, startingDate, endingDate); logger.info("SignatureAuditRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -812,7 +812,7 @@ public ActivationHistoryResponse getActivationHistory(ActivationHistoryRequest r final ActivationHistoryResponse response = behavior.getActivationHistoryServiceBehavior().getActivationHistory(activationId, startingDate, endingDate); logger.info("ActivationHistoryRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -828,7 +828,7 @@ public GetApplicationListResponse getApplicationList() throws GenericServiceExce final GetApplicationListResponse response = behavior.getApplicationServiceBehavior().getApplicationList(); logger.info("GetApplicationListRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -853,7 +853,7 @@ public GetApplicationDetailResponse getApplicationDetail(GetApplicationDetailReq } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -877,7 +877,7 @@ public LookupApplicationByAppKeyResponse lookupApplicationByAppKey(LookupApplica } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -901,7 +901,7 @@ public CreateApplicationResponse createApplication(CreateApplicationRequest requ } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -930,7 +930,7 @@ public CreateApplicationVersionResponse createApplicationVersion(CreateApplicati } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -951,7 +951,7 @@ public UnsupportApplicationVersionResponse unsupportApplicationVersion(Unsupport } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -972,7 +972,7 @@ public SupportApplicationVersionResponse supportApplicationVersion(SupportApplic } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -993,7 +993,7 @@ public CreateIntegrationResponse createIntegration(CreateIntegrationRequest requ final CreateIntegrationResponse response = behavior.getIntegrationBehavior().createIntegration(request); logger.info("CreateIntegrationRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1009,7 +1009,7 @@ public GetIntegrationListResponse getIntegrationList() throws GenericServiceExce final GetIntegrationListResponse response = behavior.getIntegrationBehavior().getIntegrationList(); logger.info("GetIntegrationListRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1025,7 +1025,7 @@ public RemoveIntegrationResponse removeIntegration(RemoveIntegrationRequest requ final RemoveIntegrationResponse response = behavior.getIntegrationBehavior().removeIntegration(request); logger.info("RemoveIntegrationRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1049,7 +1049,7 @@ public CreateCallbackUrlResponse createCallbackUrl(CreateCallbackUrlRequest requ } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1072,7 +1072,7 @@ public UpdateCallbackUrlResponse updateCallbackUrl(UpdateCallbackUrlRequest requ } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1088,7 +1088,7 @@ public GetCallbackUrlListResponse getCallbackUrlList(GetCallbackUrlListRequest r final GetCallbackUrlListResponse response = behavior.getCallbackUrlBehavior().getCallbackUrlList(request); logger.info("GetCallbackUrlListRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1104,7 +1104,7 @@ public RemoveCallbackUrlResponse removeCallbackUrl(RemoveCallbackUrlRequest requ final RemoveCallbackUrlResponse response = behavior.getCallbackUrlBehavior().removeCallbackUrl(request); logger.info("RemoveCallbackUrlRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1128,7 +1128,7 @@ public CreateTokenResponse createToken(CreateTokenRequest request) throws Generi } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1164,7 +1164,7 @@ public ValidateTokenResponse validateToken(ValidateTokenRequest request) throws } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1185,7 +1185,7 @@ public RemoveTokenResponse removeToken(RemoveTokenRequest request) throws Generi final RemoveTokenResponse response = behavior.getTokenBehavior().removeToken(request); logger.info("RemoveTokenRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1210,7 +1210,7 @@ public GetEciesDecryptorResponse getEciesDecryptor(GetEciesDecryptorRequest requ } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1234,7 +1234,7 @@ public StartUpgradeResponse startUpgrade(StartUpgradeRequest request) throws Gen } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1258,7 +1258,7 @@ public CommitUpgradeResponse commitUpgrade(CommitUpgradeRequest request) throws } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1282,7 +1282,7 @@ public CreateRecoveryCodeResponse createRecoveryCode(CreateRecoveryCodeRequest r } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1306,7 +1306,7 @@ public ConfirmRecoveryCodeResponse confirmRecoveryCode(ConfirmRecoveryCodeReques } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1330,7 +1330,7 @@ public LookupRecoveryCodesResponse lookupRecoveryCodes(LookupRecoveryCodesReques } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1354,7 +1354,7 @@ public RevokeRecoveryCodesResponse revokeRecoveryCodes(RevokeRecoveryCodesReques } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1378,7 +1378,7 @@ public RecoveryCodeActivationResponse createActivationUsingRecoveryCode(Recovery } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1402,7 +1402,7 @@ public GetRecoveryConfigResponse getRecoveryConfig(GetRecoveryConfigRequest requ } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1426,7 +1426,7 @@ public UpdateRecoveryConfigResponse updateRecoveryConfig(UpdateRecoveryConfigReq } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1451,7 +1451,7 @@ public ListActivationFlagsResponse listActivationFlags(ListActivationFlagsReques } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1482,7 +1482,7 @@ public AddActivationFlagsResponse addActivationFlags(AddActivationFlagsRequest r } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1513,7 +1513,7 @@ public UpdateActivationFlagsResponse updateActivationFlags(UpdateActivationFlags } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1544,7 +1544,7 @@ public RemoveActivationFlagsResponse removeActivationFlags(RemoveActivationFlags } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1569,7 +1569,7 @@ public ListApplicationRolesResponse listApplicationRoles(ListApplicationRolesReq } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1600,7 +1600,7 @@ public AddApplicationRolesResponse addApplicationRoles(AddApplicationRolesReques } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1631,7 +1631,7 @@ public UpdateApplicationRolesResponse updateApplicationRoles(UpdateApplicationRo } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1662,7 +1662,7 @@ public RemoveApplicationRolesResponse removeApplicationRoles(RemoveApplicationRo } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1685,7 +1685,7 @@ public OperationDetailResponse createOperation(OperationCreateRequest request) t } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1708,7 +1708,7 @@ public OperationDetailResponse operationDetail(OperationDetailRequest request) t } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1728,7 +1728,7 @@ public OperationListResponse findPendingOperationsForUser(OperationListForUserRe final OperationListResponse response = behavior.getOperationBehavior().findPendingOperationsForUser(convert(request)); logger.info("OperationListForUserRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1748,7 +1748,7 @@ public OperationListResponse findAllOperationsForUser(OperationListForUserReques final OperationListResponse response = behavior.getOperationBehavior().findAllOperationsForUser(convert(request)); logger.info("OperationListForUserRequest succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1768,7 +1768,7 @@ public OperationListResponse findAllOperationsByExternalId(OperationExtIdRequest final OperationListResponse response = behavior.getOperationBehavior().findOperationsByExternalId(convert(request)); logger.info("findAllOperationsByExternalId succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1791,7 +1791,7 @@ public OperationDetailResponse cancelOperation(OperationCancelRequest request) t } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1821,7 +1821,7 @@ public OperationUserActionResponse approveOperation(OperationApproveRequest requ } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back, operation ID: {}", operationId, ex); throw ex; } catch (Exception ex) { @@ -1848,7 +1848,7 @@ public OperationUserActionResponse rejectOperation(OperationRejectRequest reques } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1871,7 +1871,7 @@ public OperationUserActionResponse failApprovalOperation(OperationFailApprovalRe } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1887,7 +1887,7 @@ public OperationTemplateListResponse getAllTemplates() throws Exception { final OperationTemplateListResponse response = behavior.getOperationTemplateBehavior().getAllTemplates(); logger.info("OperationTemplateListResponse succeeded"); return response; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1910,7 +1910,7 @@ public OperationTemplateDetailResponse getTemplateDetail(OperationTemplateDetail } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1933,7 +1933,7 @@ public OperationTemplateDetailResponse createOperationTemplate(OperationTemplate } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1956,7 +1956,7 @@ public OperationTemplateDetailResponse updateOperationTemplate(OperationTemplate } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { @@ -1978,7 +1978,7 @@ public void removeOperationTemplate(OperationTemplateDeleteRequest request) thro } catch (GenericServiceException ex) { // already logged throw ex; - } catch (RuntimeException | Error ex) { + } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; } catch (Exception ex) { From 559e2a1d1a7887d6326f4eba0bf4403423a04f82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 01:42:06 +0000 Subject: [PATCH 032/146] Bump nl.jqno.equalsverifier:equalsverifier from 3.15.5 to 3.15.6 Bumps [nl.jqno.equalsverifier:equalsverifier](https://github.com/jqno/equalsverifier) from 3.15.5 to 3.15.6. - [Release notes](https://github.com/jqno/equalsverifier/releases) - [Changelog](https://github.com/jqno/equalsverifier/blob/main/CHANGELOG.md) - [Commits](https://github.com/jqno/equalsverifier/compare/equalsverifier-3.15.5...equalsverifier-3.15.6) --- updated-dependencies: - dependency-name: nl.jqno.equalsverifier:equalsverifier dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index b2b2ef2b8..1c03a552e 100644 --- a/pom.xml +++ b/pom.xml @@ -101,7 +101,7 @@ 1.11.0 7.4 - 3.15.5 + 3.15.6 From 2db1e0bdc583ecb4c9f04c7bb05ccb9042107299 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Mon, 15 Jan 2024 11:41:08 +0100 Subject: [PATCH 033/146] Fix #1245: Warning: Using generated security password - Exclude UserDetailsServiceAutoConfiguration --- powerauth-admin/src/main/resources/application.properties | 2 ++ 1 file changed, 2 insertions(+) diff --git a/powerauth-admin/src/main/resources/application.properties b/powerauth-admin/src/main/resources/application.properties index 1e2768fe9..78997389f 100644 --- a/powerauth-admin/src/main/resources/application.properties +++ b/powerauth-admin/src/main/resources/application.properties @@ -55,3 +55,5 @@ management.health.ldap.enabled=false #management.endpoints.web.exposure.include=health, prometheus #management.endpoint.prometheus.enabled=true #management.prometheus.metrics.export.enabled=true + +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration From f6829969e53ea7e27ab74253fd9830ad8e88b053 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Mon, 15 Jan 2024 19:05:31 +0800 Subject: [PATCH 034/146] Move FIDO2 DB migration to 1.7.x --- .../powerauth-java-server/1.5.x/db.changelog-version.xml | 1 - .../20240115-add-columns-fido2.xml} | 0 .../powerauth-java-server/1.7.x/db.changelog-version.xml | 8 ++++++++ .../powerauth-java-server/db.changelog-module.xml | 1 + 4 files changed, 9 insertions(+), 1 deletion(-) rename docs/db/changelog/changesets/powerauth-java-server/{1.5.x/20230430-add-columns-fido2.xml => 1.7.x/20240115-add-columns-fido2.xml} (100%) create mode 100644 docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml index 9576d19dc..ce290d088 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.5.x/db.changelog-version.xml @@ -6,7 +6,6 @@ - diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-fido2.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml similarity index 100% rename from docs/db/changelog/changesets/powerauth-java-server/1.5.x/20230430-add-columns-fido2.xml rename to docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml new file mode 100644 index 000000000..3adca5752 --- /dev/null +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml @@ -0,0 +1,8 @@ + + + + + + diff --git a/docs/db/changelog/changesets/powerauth-java-server/db.changelog-module.xml b/docs/db/changelog/changesets/powerauth-java-server/db.changelog-module.xml index cae01c7d2..08b2c353c 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/db.changelog-module.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/db.changelog-module.xml @@ -15,5 +15,6 @@ + \ No newline at end of file From 32453c843fdb47cc70ab3bd79dafe33bcc6b7f66 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Mon, 15 Jan 2024 20:38:30 +0800 Subject: [PATCH 035/146] Remove duplicate user_id column migration --- .../1.7.x/20240115-add-columns-fido2.xml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml index a4203c2d3..a5fc9c5df 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml @@ -45,11 +45,7 @@ - - - - - + From 723a01a96ca839b836a75cb175864ef8b37fc4ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Mon, 15 Jan 2024 20:56:54 +0800 Subject: [PATCH 036/146] Update version in path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Luboš Račanský --- .../powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml index a5fc9c5df..965a52739 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml @@ -45,7 +45,7 @@ - + From 763d6566267d73717986ebce624d6c98a00a9979 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Mon, 15 Jan 2024 20:58:34 +0800 Subject: [PATCH 037/146] Update liquibase migration script --- .../1.7.x/20240115-add-columns-fido2.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml index 965a52739..125b77a3e 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml @@ -21,7 +21,7 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd"> - + @@ -33,7 +33,7 @@ - + @@ -45,7 +45,7 @@ - + From e1ae565060b17e8b0857d0618c742c58d75a3959 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Tue, 16 Jan 2024 08:07:58 +0800 Subject: [PATCH 038/146] Fix #1247: FIDO2: Database migration instructions (#1249) --- docs/Migration-Instructions.md | 2 ++ docs/PowerAuth-Server-1.7.0.md | 21 +++++++++++++++++++ docs/sql/mssql/migration_1.6.0_1.7.0.sql | 13 ++++++++++++ docs/sql/oracle/migration_1.6.0_1.7.0.sql | 10 +++++++++ docs/sql/postgresql/migration_1.6.0_1.7.0.sql | 11 ++++++++++ 5 files changed, 57 insertions(+) create mode 100644 docs/PowerAuth-Server-1.7.0.md create mode 100644 docs/sql/mssql/migration_1.6.0_1.7.0.sql create mode 100644 docs/sql/oracle/migration_1.6.0_1.7.0.sql create mode 100644 docs/sql/postgresql/migration_1.6.0_1.7.0.sql diff --git a/docs/Migration-Instructions.md b/docs/Migration-Instructions.md index f3db65634..2043315cd 100644 --- a/docs/Migration-Instructions.md +++ b/docs/Migration-Instructions.md @@ -6,6 +6,8 @@ This page contains PowerAuth Server migration instructions. When updating across multiple versions, you need to perform all migration steps additively. +- [PowerAuth Server 1.7.0](./PowerAuth-Server-1.7.0.md) +- [PowerAuth Server 1.6.0](./PowerAuth-Server-1.6.0.md) - [PowerAuth Server 1.5.0](./PowerAuth-Server-1.5.0.md) - [PowerAuth Server 1.4.0](./PowerAuth-Server-1.4.0.md) - [PowerAuth Server 1.3.0](./PowerAuth-Server-1.3.0.md) diff --git a/docs/PowerAuth-Server-1.7.0.md b/docs/PowerAuth-Server-1.7.0.md new file mode 100644 index 000000000..ff4879b28 --- /dev/null +++ b/docs/PowerAuth-Server-1.7.0.md @@ -0,0 +1,21 @@ +# Migration from 1.6.x to 1.7.0 + +This guide contains instructions for migration from PowerAuth Server version `1.6.x` to version `1.7.0`. + +## Database Changes + +For convenience you can use liquibase for your database migration. + +For manual changes use SQL scripts: + +- [PostgreSQL script](./sql/postgresql/migration_1.6.0_1.7.0.sql) +- [Oracle script](./sql/oracle/migration_1.6.0_1.7.0.sql) +- [MSSQL script](./sql/mssql/migration_1.6.0_1.7.0.sql) + +### Updated DB Schema for FIDO2 Support + +Following columns have been added to table `pa_activation` for FIDO2 support: +- `external_id` - external identifier of the activation +- `protocol` - protocol enumeration: `powerauth` or `fido2` + +The data type for column `extras` in table `pa_activation` was changed to `TEXT` / `CLOB` to support larger data. diff --git a/docs/sql/mssql/migration_1.6.0_1.7.0.sql b/docs/sql/mssql/migration_1.6.0_1.7.0.sql new file mode 100644 index 000000000..25a5b4719 --- /dev/null +++ b/docs/sql/mssql/migration_1.6.0_1.7.0.sql @@ -0,0 +1,13 @@ +-- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::1::Roman Strobl +-- Add external_id column +ALTER TABLE pa_activation ADD external_id varchar(255); +GO + +-- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::2::Roman Strobl +-- Add protocol column +ALTER TABLE pa_activation ADD protocol varchar(32) CONSTRAINT DF_pa_activation_protocol DEFAULT 'powerauth'; +GO + +-- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::3::Roman Strobl +ALTER TABLE pa_activation ALTER COLUMN extras varchar (max); +GO diff --git a/docs/sql/oracle/migration_1.6.0_1.7.0.sql b/docs/sql/oracle/migration_1.6.0_1.7.0.sql new file mode 100644 index 000000000..7cf04bcd1 --- /dev/null +++ b/docs/sql/oracle/migration_1.6.0_1.7.0.sql @@ -0,0 +1,10 @@ +-- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::1::Roman Strobl +-- Add external_id column +ALTER TABLE pa_activation ADD external_id VARCHAR2(255); + +-- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::2::Roman Strobl +-- Add protocol column +ALTER TABLE pa_activation ADD protocol VARCHAR2(32) DEFAULT 'powerauth'; + +-- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::3::Roman Strobl +ALTER TABLE pa_activation MODIFY extras CLOB; diff --git a/docs/sql/postgresql/migration_1.6.0_1.7.0.sql b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql new file mode 100644 index 000000000..4d022a85f --- /dev/null +++ b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql @@ -0,0 +1,11 @@ +-- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::1::Roman Strobl +-- Add external_id column +ALTER TABLE pa_activation ADD external_id VARCHAR(255); + +-- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::2::Roman Strobl +-- Add protocol column +ALTER TABLE pa_activation ADD protocol VARCHAR(32) DEFAULT 'powerauth'; + +-- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::3::Roman Strobl +ALTER TABLE pa_activation ALTER COLUMN extras TYPE TEXT USING (extras::TEXT); + From a08f88bb31828af9781dd34e4e361644bf6cf594 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= Date: Tue, 16 Jan 2024 12:08:38 +0100 Subject: [PATCH 039/146] Fix #1241: Rethrow original GenericServiceException (#1242) --- .../powerauth/app/server/service/PowerAuthService.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java index 462cd7472..aeb1a30a0 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java @@ -1728,6 +1728,8 @@ public OperationListResponse findPendingOperationsForUser(OperationListForUserRe final OperationListResponse response = behavior.getOperationBehavior().findPendingOperationsForUser(convert(request)); logger.info("OperationListForUserRequest succeeded"); return response; + } catch (GenericServiceException ex) { + throw ex; } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; @@ -1748,6 +1750,8 @@ public OperationListResponse findAllOperationsForUser(OperationListForUserReques final OperationListResponse response = behavior.getOperationBehavior().findAllOperationsForUser(convert(request)); logger.info("OperationListForUserRequest succeeded"); return response; + } catch (GenericServiceException ex) { + throw ex; } catch (RuntimeException ex) { logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); throw ex; From 1dd93c7d06e6b3346efc0b85e3e15ea0eca9db70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Wed, 17 Jan 2024 14:31:26 +0800 Subject: [PATCH 040/146] Fix #1251: FIDO2: Update OpenAPI documentation (#1252) --- .../rest/controller/AssertionController.java | 23 ++++++++++++- .../controller/RegistrationController.java | 32 ++++++++++++++++++- 2 files changed, 53 insertions(+), 2 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java index b2eff2c08..bfc67ad0b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java @@ -26,6 +26,9 @@ import com.wultra.powerauth.fido2.service.AssertionService; import io.getlime.core.rest.model.base.request.ObjectRequest; import io.getlime.core.rest.model.base.response.ObjectResponse; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.responses.ApiResponses; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.validation.Valid; import lombok.extern.slf4j.Slf4j; @@ -45,7 +48,7 @@ @RestController @RequestMapping("fido2/assertions") @Slf4j -@Tag(name = "FIDO2 Assertions Controller") +@Tag(name = "FIDO2 Assertions Controller", description = "API for FIDO2 assertions") public class AssertionController { private final AssertionRequestValidator assertionRequestValidator; @@ -57,6 +60,15 @@ public AssertionController(AssertionRequestValidator assertionRequestValidator, this.assertionService = assertionService; } + @Operation( + summary = "Generate an assertion challenge", + description = "Generate a FIDO2 assertion challenge for an operation." + ) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Assertion challenge was generated"), + @ApiResponse(responseCode = "400", description = "Invalid request"), + @ApiResponse(responseCode = "500", description = "Unexpected server error") + }) @PostMapping("challenge") public ObjectResponse requestAssertionChallenge(@Valid @RequestBody ObjectRequest request) throws Exception { final AssertionChallengeRequest requestObject = request.getRequestObject(); @@ -64,6 +76,15 @@ public ObjectResponse requestAssertionChallenge(@Val return new ObjectResponse<>(assertionChallengeResponse); } + @Operation( + summary = "Verify an assertion", + description = "Verify a FIDO2 assertion for an operation based on an assertion verification request generated and signed by the authenticator." + ) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Assertion verification succeeded"), + @ApiResponse(responseCode = "400", description = "Invalid request or assertion verification failed"), + @ApiResponse(responseCode = "500", description = "Unexpected server error") + }) @PostMapping public ObjectResponse authenticate(@Valid @RequestBody ObjectRequest request) throws Fido2AuthenticationFailedException { final AssertionVerificationRequest requestObject = request.getRequestObject(); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java index a219a0870..0f562dd58 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java @@ -27,6 +27,9 @@ import com.wultra.powerauth.fido2.service.RegistrationService; import io.getlime.core.rest.model.base.request.ObjectRequest; import io.getlime.core.rest.model.base.response.ObjectResponse; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.responses.ApiResponses; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.validation.Valid; import lombok.extern.slf4j.Slf4j; @@ -46,7 +49,7 @@ @RestController @RequestMapping("fido2/registrations") @Slf4j -@Tag(name = "FIDO2 Registration Controller") +@Tag(name = "FIDO2 Registration Controller", description = "API for FIDO2 authenticator registrations") public class RegistrationController { private final RegistrationService registrationService; @@ -56,6 +59,15 @@ public RegistrationController(RegistrationService registrationService) { this.registrationService = registrationService; } + @Operation( + summary = "List registered authenticators", + description = "Obtain a list of registered FIDO2 authenticators for specified user." + ) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "List of registered authenticators received"), + @ApiResponse(responseCode = "400", description = "Invalid request"), + @ApiResponse(responseCode = "500", description = "Unexpected server error") + }) @PostMapping("list") public ObjectResponse registeredAuthenticators(@Valid @RequestBody ObjectRequest request) throws Exception { final RegisteredAuthenticatorsRequest requestObject = request.getRequestObject(); @@ -63,6 +75,15 @@ public ObjectResponse registeredAuthenticators return new ObjectResponse<>(responseObject); } + @Operation( + summary = "Generate a registration challenge", + description = "Generate a FIDO2 registration challenge for specified user." + ) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Registration challenge was generated"), + @ApiResponse(responseCode = "400", description = "Invalid request"), + @ApiResponse(responseCode = "500", description = "Unexpected server error") + }) @PostMapping("challenge") public ObjectResponse requestRegistrationChallenge(@Valid @RequestBody ObjectRequest request) throws Exception { final RegistrationChallengeRequest requestObject = request.getRequestObject(); @@ -70,6 +91,15 @@ public ObjectResponse requestRegistrationChalleng return new ObjectResponse<>(responseObject); } + @Operation( + summary = "Register an authenticator", + description = "Register a FIDO2 authenticator based on a registration request generated and signed by the authenticator." + ) + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "Registration succeeded"), + @ApiResponse(responseCode = "400", description = "Invalid request or request signature verification failed"), + @ApiResponse(responseCode = "500", description = "Unexpected server error") + }) @PostMapping public ObjectResponse register(@Valid @RequestBody ObjectRequest request) throws Exception { final RegistrationRequest requestObject = request.getRequestObject(); From 4acec34f2fa54404f5dfb8a4db0845c5380f47b4 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Wed, 17 Jan 2024 08:24:50 +0100 Subject: [PATCH 041/146] Fix #1257: Database initialization using Liquibase fails --- .../1.4.x/20230322-init-db.xml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.4.x/20230322-init-db.xml b/docs/db/changelog/changesets/powerauth-java-server/1.4.x/20230322-init-db.xml index f6edbd3e6..43579957a 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.4.x/20230322-init-db.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.4.x/20230322-init-db.xml @@ -557,23 +557,6 @@ - - - - - - - Create a new table pa_operation_application - - - - - - - - - - From 92d7bfa076ac36c1dae96b3354888a7e3f1e1f10 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Wed, 17 Jan 2024 10:05:36 +0100 Subject: [PATCH 042/146] Fix #1256: Invalid DDL scripts for release 1.6.0 --- docs/Database-Structure.md | 6 +- docs/sql/mssql/create_schema.sql | 379 +++++++++++++++ docs/sql/oracle/create_schema.sql | 659 ++++++++++---------------- docs/sql/oracle/delete_schema.sql | 34 -- docs/sql/postgresql/create_schema.sql | 616 ++++++++++-------------- docs/sql/postgresql/delete_schema.sql | 34 -- 6 files changed, 879 insertions(+), 849 deletions(-) create mode 100644 docs/sql/mssql/create_schema.sql delete mode 100755 docs/sql/oracle/delete_schema.sql delete mode 100644 docs/sql/postgresql/delete_schema.sql diff --git a/docs/Database-Structure.md b/docs/Database-Structure.md index 4329d1cd6..31d5cbb2e 100644 --- a/docs/Database-Structure.md +++ b/docs/Database-Structure.md @@ -6,11 +6,7 @@ You can download DDL scripts for supported databases: - [Oracle - Create Database Schema](./sql/oracle/create_schema.sql) - [PostgreSQL - Create Database Schema](./sql/postgresql/create_schema.sql) - -The drop scripts are available for supported databases: - -- [Oracle - Drop Tables and Sequences](./sql/oracle/delete_schema.sql) -- [PostgreSQL - Drop Tables and Sequences](./sql/postgresql/delete_schema.sql) +- [MS SQL - Create Database Schema](./sql/mssql/create_schema.sql) See the overall database schema: diff --git a/docs/sql/mssql/create_schema.sql b/docs/sql/mssql/create_schema.sql new file mode 100644 index 000000000..f22ead3e9 --- /dev/null +++ b/docs/sql/mssql/create_schema.sql @@ -0,0 +1,379 @@ +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::1::Lubos Racansky +-- Create a new table audit_log +CREATE TABLE audit_log (audit_log_id varchar(36) NOT NULL, application_name varchar(256) NOT NULL, audit_level varchar(32) NOT NULL, audit_type varchar(256), timestamp_created datetime2 CONSTRAINT DF_audit_log_timestamp_created DEFAULT GETDATE(), message varchar (max) NOT NULL, exception_message varchar (max), stack_trace varchar (max), param varchar (max), calling_class varchar(256) NOT NULL, thread_name varchar(256) NOT NULL, version varchar(256), build_time datetime2, CONSTRAINT PK_AUDIT_LOG PRIMARY KEY (audit_log_id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::2::Lubos Racansky +-- Create a new table audit_log +CREATE TABLE audit_param (audit_log_id varchar(36), timestamp_created datetime2 CONSTRAINT DF_audit_param_timestamp_created DEFAULT GETDATE(), param_key varchar(256), param_value varchar(4000)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::3::Lubos Racansky +-- Create a new index on audit_log(timestamp_created) +CREATE NONCLUSTERED INDEX audit_log_timestamp ON audit_log(timestamp_created); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::4::Lubos Racansky +-- Create a new index on audit_log(application_name) +CREATE NONCLUSTERED INDEX audit_log_application ON audit_log(application_name); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::5::Lubos Racansky +-- Create a new index on audit_log(audit_level) +CREATE NONCLUSTERED INDEX audit_log_level ON audit_log(audit_level); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::6::Lubos Racansky +-- Create a new index on audit_log(audit_type) +CREATE NONCLUSTERED INDEX audit_log_type ON audit_log(audit_type); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::7::Lubos Racansky +-- Create a new index on audit_param(audit_log_id) +CREATE NONCLUSTERED INDEX audit_param_log ON audit_param(audit_log_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::8::Lubos Racansky +-- Create a new index on audit_param(timestamp_created) +CREATE NONCLUSTERED INDEX audit_param_timestamp ON audit_param(timestamp_created); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::9::Lubos Racansky +-- Create a new index on audit_log(param_key) +CREATE NONCLUSTERED INDEX audit_param_key ON audit_param(param_key); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::10::Lubos Racansky +-- Create a new index on audit_log(param_value) +CREATE NONCLUSTERED INDEX audit_param_value ON audit_param(param_value); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::1::Lubos Racansky +-- Create a new sequence pa_application_seq +CREATE SEQUENCE pa_application_seq START WITH 1 INCREMENT BY 1; +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::2::Lubos Racansky +-- Create a new sequence pa_application_version_seq +CREATE SEQUENCE pa_application_version_seq START WITH 1 INCREMENT BY 1; +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::3::Lubos Racansky +-- Create a new sequence pa_master_keypair_seq +CREATE SEQUENCE pa_master_keypair_seq START WITH 1 INCREMENT BY 1; +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::4::Lubos Racansky +-- Create a new sequence pa_signature_audit_seq +CREATE SEQUENCE pa_signature_audit_seq START WITH 1 INCREMENT BY 1; +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::5::Lubos Racansky +-- Create a new sequence pa_activation_history_seq +CREATE SEQUENCE pa_activation_history_seq START WITH 1 INCREMENT BY 1; +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::6::Lubos Racansky +-- Create a new sequence pa_recovery_code_seq +CREATE SEQUENCE pa_recovery_code_seq START WITH 1 INCREMENT BY 1; +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::7::Lubos Racansky +-- Create a new sequence pa_recovery_puk_seq +CREATE SEQUENCE pa_recovery_puk_seq START WITH 1 INCREMENT BY 1; +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::8::Lubos Racansky +-- Create a new sequence pa_recovery_config_seq +CREATE SEQUENCE pa_recovery_config_seq START WITH 1 INCREMENT BY 1; +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::9::Lubos Racansky +-- Create a new sequence pa_operation_template_seq +CREATE SEQUENCE pa_operation_template_seq START WITH 1 INCREMENT BY 1; +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::10::Lubos Racansky +-- Create a new table pa_application +CREATE TABLE pa_application (id int NOT NULL, name varchar(255) NOT NULL, roles varchar(255), CONSTRAINT PK_PA_APPLICATION PRIMARY KEY (id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::11::Lubos Racansky +-- Create a new table pa_master_keypair +CREATE TABLE pa_master_keypair (id int NOT NULL, application_id int NOT NULL, master_key_private_base64 varchar(255) NOT NULL, master_key_public_base64 varchar(255) NOT NULL, name varchar(255), timestamp_created datetime2(6) NOT NULL, CONSTRAINT PK_PA_MASTER_KEYPAIR PRIMARY KEY (id), CONSTRAINT keypair_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::12::Lubos Racansky +-- Create a new table pa_activation +CREATE TABLE pa_activation (activation_id varchar(37) NOT NULL, application_id int NOT NULL, user_id varchar(255) NOT NULL, activation_name varchar(255), activation_code varchar(255), activation_status int NOT NULL, activation_otp varchar(255), activation_otp_validation int CONSTRAINT DF_pa_activation_activation_otp_validation DEFAULT 0 NOT NULL, blocked_reason varchar(255), counter int NOT NULL, ctr_data varchar(255), device_public_key_base64 varchar(255), extras varchar(255), platform varchar(255), device_info varchar(255), flags varchar(255), failed_attempts int NOT NULL, max_failed_attempts int CONSTRAINT DF_pa_activation_max_failed_attempts DEFAULT 5 NOT NULL, server_private_key_base64 varchar(255) NOT NULL, server_private_key_encryption int CONSTRAINT DF_pa_activation_server_private_key_encryption DEFAULT 0 NOT NULL, server_public_key_base64 varchar(255) NOT NULL, timestamp_activation_expire datetime2(6) NOT NULL, timestamp_created datetime2(6) NOT NULL, timestamp_last_used datetime2(6) NOT NULL, timestamp_last_change datetime2(6), master_keypair_id int, version int CONSTRAINT DF_pa_activation_version DEFAULT 2, CONSTRAINT PK_PA_ACTIVATION PRIMARY KEY (activation_id), CONSTRAINT activation_keypair_fk FOREIGN KEY (master_keypair_id) REFERENCES pa_master_keypair(id), CONSTRAINT activation_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::13::Lubos Racansky +-- Create a new table pa_application_version +CREATE TABLE pa_application_version (id int NOT NULL, application_id int NOT NULL, application_key varchar(255), application_secret varchar(255), name varchar(255), supported bit, CONSTRAINT PK_PA_APPLICATION_VERSION PRIMARY KEY (id), CONSTRAINT version_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::14::Lubos Racansky +-- Create a new table pa_signature_audit +CREATE TABLE pa_signature_audit (id bigint NOT NULL, activation_id varchar(37) NOT NULL, activation_counter int NOT NULL, activation_ctr_data varchar(255), activation_status int, additional_info varchar(255), data_base64 varchar (max), note varchar(255), signature_type varchar(255) NOT NULL, signature varchar(255) NOT NULL, timestamp_created datetime2(6) NOT NULL, valid bit, version int CONSTRAINT DF_pa_signature_audit_version DEFAULT 2, signature_version varchar(255), CONSTRAINT PK_PA_SIGNATURE_AUDIT PRIMARY KEY (id), CONSTRAINT audit_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::15::Lubos Racansky +-- Create a new table pa_integration +CREATE TABLE pa_integration (id varchar(37) NOT NULL, name varchar(255), client_token varchar(37) NOT NULL, client_secret varchar(37) NOT NULL, CONSTRAINT PK_PA_INTEGRATION PRIMARY KEY (id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::16::Lubos Racansky +-- Create a new table pa_application_callback +CREATE TABLE pa_application_callback (id varchar(37) NOT NULL, application_id int NOT NULL, name varchar(255), callback_url varchar(1024), type varchar(64) CONSTRAINT DF_pa_application_callback_type DEFAULT 'ACTIVATION_STATUS_CHANGE' NOT NULL, attributes varchar(1024), authentication varchar (max), CONSTRAINT PK_PA_APPLICATION_CALLBACK PRIMARY KEY (id), CONSTRAINT callback_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::17::Lubos Racansky +-- Create a new table pa_token +CREATE TABLE pa_token (token_id varchar(37) NOT NULL, token_secret varchar(255) NOT NULL, activation_id varchar(37) NOT NULL, signature_type varchar(255) NOT NULL, timestamp_created datetime2(6) NOT NULL, CONSTRAINT PK_PA_TOKEN PRIMARY KEY (token_id), CONSTRAINT activation_token_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::18::Lubos Racansky +-- Create a new table pa_activation_history +CREATE TABLE pa_activation_history (id bigint NOT NULL, activation_id varchar(37) NOT NULL, activation_status int, event_reason varchar(255), external_user_id varchar(255), timestamp_created datetime2(6) NOT NULL, activation_version int, CONSTRAINT PK_PA_ACTIVATION_HISTORY PRIMARY KEY (id), CONSTRAINT history_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::19::Lubos Racansky +-- Create a new table pa_recovery_code +CREATE TABLE pa_recovery_code (id bigint NOT NULL, recovery_code varchar(23) NOT NULL, application_id int NOT NULL, user_id varchar(255) NOT NULL, activation_id varchar(37), status int NOT NULL, failed_attempts int CONSTRAINT DF_pa_recovery_code_failed_attempts DEFAULT 0 NOT NULL, max_failed_attempts int CONSTRAINT DF_pa_recovery_code_max_failed_attempts DEFAULT 10 NOT NULL, timestamp_created datetime2(6) NOT NULL, timestamp_last_used datetime2(6), timestamp_last_change datetime2(6), CONSTRAINT PK_PA_RECOVERY_CODE PRIMARY KEY (id), CONSTRAINT recovery_code_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id), CONSTRAINT recovery_code_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::20::Lubos Racansky +-- Create a new table pa_recovery_puk +CREATE TABLE pa_recovery_puk (id bigint NOT NULL, recovery_code_id bigint NOT NULL, puk varchar(255), puk_encryption int CONSTRAINT DF_pa_recovery_puk_puk_encryption DEFAULT 0 NOT NULL, puk_index bigint NOT NULL, status int NOT NULL, timestamp_last_change datetime2(6), CONSTRAINT PK_PA_RECOVERY_PUK PRIMARY KEY (id), CONSTRAINT recovery_puk_code_fk FOREIGN KEY (recovery_code_id) REFERENCES pa_recovery_code(id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::21::Lubos Racansky +-- Create a new table pa_recovery_config +CREATE TABLE pa_recovery_config (id int NOT NULL, application_id int NOT NULL, activation_recovery_enabled bit CONSTRAINT DF_pa_recovery_config_activation_recovery_enabled DEFAULT 0 NOT NULL, recovery_postcard_enabled bit CONSTRAINT DF_pa_recovery_config_recovery_postcard_enabled DEFAULT 0 NOT NULL, allow_multiple_recovery_codes bit CONSTRAINT DF_pa_recovery_config_allow_multiple_recovery_codes DEFAULT 0 NOT NULL, postcard_private_key_base64 varchar(255), postcard_public_key_base64 varchar(255), remote_public_key_base64 varchar(255), postcard_priv_key_encryption int CONSTRAINT DF_pa_recovery_config_postcard_priv_key_encryption DEFAULT 0 NOT NULL, CONSTRAINT PK_PA_RECOVERY_CONFIG PRIMARY KEY (id), CONSTRAINT recovery_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::22::Lubos Racansky +-- Create a new table pa_operation +CREATE TABLE pa_operation (id varchar(37) NOT NULL, user_id varchar(255) NOT NULL, external_id varchar(255), activation_flag varchar(255), operation_type varchar(255) NOT NULL, template_name varchar(255), data varchar (max) NOT NULL, parameters varchar (max), additional_data varchar (max), status int NOT NULL, signature_type varchar(255) NOT NULL, failure_count bigint CONSTRAINT DF_pa_operation_failure_count DEFAULT 0 NOT NULL, max_failure_count bigint NOT NULL, timestamp_created datetime2 NOT NULL, timestamp_expires datetime2 NOT NULL, timestamp_finalized datetime2, risk_flags varchar(255), CONSTRAINT PK_PA_OPERATION PRIMARY KEY (id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::23::Lubos Racansky +-- Create a new table pa_operation_template +CREATE TABLE pa_operation_template (id bigint NOT NULL, template_name varchar(255) NOT NULL, operation_type varchar(255) NOT NULL, data_template varchar(255) NOT NULL, signature_type varchar(255) NOT NULL, max_failure_count bigint NOT NULL, expiration bigint NOT NULL, risk_flags varchar(255), CONSTRAINT PK_PA_OPERATION_TEMPLATE PRIMARY KEY (id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::24::Lubos Racansky +-- Create a new table pa_operation_application +CREATE TABLE pa_operation_application (application_id bigint NOT NULL, operation_id varchar(37) NOT NULL, CONSTRAINT PK_PA_OPERATION_APPLICATION PRIMARY KEY (application_id, operation_id)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::26::Lubos Racansky +-- Create a new index on pa_activation(application_id) +CREATE NONCLUSTERED INDEX pa_activation_application ON pa_activation(application_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::27::Lubos Racansky +-- Create a new index on pa_activation(master_keypair_id) +CREATE NONCLUSTERED INDEX pa_activation_keypair ON pa_activation(master_keypair_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::28::Lubos Racansky +-- Create a new index on pa_activation(activation_code) +CREATE NONCLUSTERED INDEX pa_activation_code ON pa_activation(activation_code); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::29::Lubos Racansky +-- Create a new index on pa_activation(user_id) +CREATE NONCLUSTERED INDEX pa_activation_user_id ON pa_activation(user_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::30::Lubos Racansky +-- Create a new index on pa_activation(activation_status, timestamp_activation_expire) +CREATE NONCLUSTERED INDEX pa_activation_expiration ON pa_activation(activation_status, timestamp_activation_expire); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::31::Lubos Racansky +-- Create a new index on pa_activation_history(activation_id) +CREATE NONCLUSTERED INDEX pa_activation_history_act ON pa_activation_history(activation_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::32::Lubos Racansky +-- Create a new index on pa_activation_history(timestamp_created) +CREATE NONCLUSTERED INDEX pa_activation_history_created ON pa_activation_history(timestamp_created); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::33::Lubos Racansky +-- Create a new index on pa_application_version(application_id) +CREATE NONCLUSTERED INDEX pa_application_version_app ON pa_application_version(application_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::34::Lubos Racansky +-- Create a new index on pa_master_keypair(application_id) +CREATE NONCLUSTERED INDEX pa_master_keypair_application ON pa_master_keypair(application_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::35::Lubos Racansky +-- Create a new unique index on pa_application_version(application_key) +CREATE UNIQUE NONCLUSTERED INDEX pa_app_version_app_key ON pa_application_version(application_key); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::36::Lubos Racansky +-- Create a new index on pa_application_callback(application_id) +CREATE NONCLUSTERED INDEX pa_app_callback_app ON pa_application_callback(application_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::37::Lubos Racansky +-- Create a new unique index on pa_integration(client_token) +CREATE UNIQUE NONCLUSTERED INDEX pa_integration_token ON pa_integration(client_token); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::38::Lubos Racansky +-- Create a new index on pa_signature_audit(activation_id) +CREATE NONCLUSTERED INDEX pa_signature_audit_activation ON pa_signature_audit(activation_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::39::Lubos Racansky +-- Create a new index on pa_signature_audit(timestamp_created) +CREATE NONCLUSTERED INDEX pa_signature_audit_created ON pa_signature_audit(timestamp_created); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::40::Lubos Racansky +-- Create a new index on pa_token(activation_id) +CREATE NONCLUSTERED INDEX pa_token_activation ON pa_token(activation_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::41::Lubos Racansky +-- Create a new index on pa_recovery_code(recovery_code) +CREATE NONCLUSTERED INDEX pa_recovery_code_code ON pa_recovery_code(recovery_code); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::42::Lubos Racansky +-- Create a new index on pa_recovery_code(application_id) +CREATE NONCLUSTERED INDEX pa_recovery_code_app ON pa_recovery_code(application_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::43::Lubos Racansky +-- Create a new index on pa_recovery_code(user_id) +CREATE NONCLUSTERED INDEX pa_recovery_code_user ON pa_recovery_code(user_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::44::Lubos Racansky +-- Create a new index on pa_recovery_code(activation_id) +CREATE NONCLUSTERED INDEX pa_recovery_code_act ON pa_recovery_code(activation_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::45::Lubos Racansky +-- Create a new unique index on pa_recovery_puk(recovery_code_id, puk_index) +CREATE UNIQUE NONCLUSTERED INDEX pa_recovery_code_puk ON pa_recovery_puk(recovery_code_id, puk_index); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::46::Lubos Racansky +-- Create a new index on pa_recovery_puk(recovery_code_id) +CREATE NONCLUSTERED INDEX pa_recovery_puk_code ON pa_recovery_puk(recovery_code_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::47::Lubos Racansky +-- Create a new unique index on pa_recovery_config(application_id) +CREATE UNIQUE NONCLUSTERED INDEX pa_recovery_config_app ON pa_recovery_config(application_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::48::Lubos Racansky +-- Create a new unique index on pa_application(name) +CREATE UNIQUE NONCLUSTERED INDEX pa_application_name ON pa_application(name); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::49::Lubos Racansky +-- Create a new index on pa_operation(user_id) +CREATE NONCLUSTERED INDEX pa_operation_user ON pa_operation(user_id); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::50::Lubos Racansky +-- Create a new index on pa_operation(timestamp_created) +CREATE NONCLUSTERED INDEX pa_operation_ts_created_idx ON pa_operation(timestamp_created); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::51::Lubos Racansky +-- Create a new index on pa_operation(timestamp_expires) +CREATE NONCLUSTERED INDEX pa_operation_ts_expires_idx ON pa_operation(timestamp_expires); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::52::Lubos Racansky +-- Create a new index on pa_operation(timestamp_expires, status) +CREATE NONCLUSTERED INDEX pa_operation_status_exp ON pa_operation(timestamp_expires, status); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::53::Lubos Racansky +-- Create a new index on pa_operation_template(template_name) +CREATE NONCLUSTERED INDEX pa_operation_template_name_idx ON pa_operation_template(template_name); +GO + +-- Changeset powerauth-java-server/1.4.x/20230322-shedlock.xml::1::Lubos Racansky +-- Create a new table shedlock +CREATE TABLE shedlock (name varchar(64) NOT NULL, lock_until datetime2 NOT NULL, locked_at datetime2 NOT NULL, locked_by varchar(255) NOT NULL, CONSTRAINT PK_SHEDLOCK PRIMARY KEY (name)); +GO + +-- Changeset powerauth-java-server/1.4.x/20230323-add-tag-1.4.0.xml::1::Lubos Racansky +-- Changeset powerauth-java-server/1.5.x/20230324-add-column-signature-data-body::1::Roman Strobl +-- Add signature_data_body column of type Clob +ALTER TABLE pa_signature_audit ADD signature_data_body varchar(MAX); +GO + +-- Changeset powerauth-java-server/1.5.x/20230323-add-column-signature-metadata::1::Lubos Racansky +-- Add signature_metadata column of type Clob +ALTER TABLE pa_signature_audit ADD signature_metadata varchar(MAX); +GO + +-- Changeset powerauth-java-server/1.5.x/20230426-add-column-totp-seed::1::Lubos Racansky +-- Add totp_seed column +ALTER TABLE pa_operation ADD totp_seed varchar(24); +GO + +-- Changeset powerauth-java-server/1.5.x/20230426-add-column-totp-seed::2::Lubos Racansky +-- Add proximity_check_enabled column +ALTER TABLE pa_operation_template ADD proximity_check_enabled bit CONSTRAINT DF_pa_operation_template_proximity_check_enabled DEFAULT 0 NOT NULL; +GO + +-- Changeset powerauth-java-server/1.5.x/20230723-add-table-unique-value.xml::1::Roman Strobl +-- Create a new table pa_unique_value +CREATE TABLE pa_unique_value (unique_value varchar(255) NOT NULL, type int NOT NULL, timestamp_expires datetime2 NOT NULL, CONSTRAINT PK_PA_UNIQUE_VALUE PRIMARY KEY (unique_value)); +GO + +-- Changeset powerauth-java-server/1.5.x/20230723-add-table-unique-value.xml::2::Roman Strobl +-- Create a new index on pa_unique_value(timestamp_expires) +CREATE NONCLUSTERED INDEX pa_unique_value_expiration ON pa_unique_value(timestamp_expires); +GO + +-- Changeset powerauth-java-server/1.5.x/20230822-add-tag-1.5.0.xml::1::Lubos Racansky +-- Changeset powerauth-java-server/1.6.x/20231018-add-constraint-operation-template-name.xml::1::Jan Pesek +-- Add unique constraint to pa_operation_template.template_name +ALTER TABLE pa_operation_template ADD CONSTRAINT pa_operation_template_template_name_uk UNIQUE (template_name); +GO + +-- Changeset powerauth-java-server/1.6.x/20231103-add-activation-name-history.xml::1::Lubos Racansky +-- Add activation_name column to pa_activation_history +ALTER TABLE pa_activation_history ADD activation_name varchar(255); +GO + +-- Changeset powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml::1::Jan Pesek +ALTER TABLE pa_operation_application ADD CONSTRAINT pa_operation_application_application_id_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); +GO + +-- Changeset powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml::2::Jan Pesek +ALTER TABLE pa_operation_application ADD CONSTRAINT pa_operation_application_operation_id_fk FOREIGN KEY (operation_id) REFERENCES pa_operation (id); +GO + +-- Changeset powerauth-java-server/1.6.x/20231112-add-activation-id.xml::1::Jan Dusil +-- Add activation_id column to pa_operation with foreign key constraint +ALTER TABLE pa_operation ADD activation_id varchar(37); +GO + +ALTER TABLE pa_operation ADD CONSTRAINT pa_operation_activation_id_fk FOREIGN KEY (activation_id) REFERENCES pa_activation (activation_id); +GO + +-- Changeset powerauth-java-server/1.6.x/20231123-operation-user-nullable.xml::1::Roman Strobl +-- Make user_id column in table pa_operation nullable +ALTER TABLE pa_operation ALTER COLUMN user_id varchar(255) NULL; +GO + +-- Changeset powerauth-java-server/1.6.x/20231212-add-tag-1.6.0.xml::1::Lubos Racansky diff --git a/docs/sql/oracle/create_schema.sql b/docs/sql/oracle/create_schema.sql index 20330e0f3..45e7cc4df 100755 --- a/docs/sql/oracle/create_schema.sql +++ b/docs/sql/oracle/create_schema.sql @@ -1,454 +1,303 @@ --- --- Create sequences. --- -CREATE SEQUENCE "PA_APPLICATION_SEQ" MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE; -CREATE SEQUENCE "PA_APPLICATION_VERSION_SEQ" MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE; -CREATE SEQUENCE "PA_MASTER_KEYPAIR_SEQ" MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE; -CREATE SEQUENCE "PA_SIGNATURE_AUDIT_SEQ" MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE; -CREATE SEQUENCE "PA_ACTIVATION_HISTORY_SEQ" MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE; -CREATE SEQUENCE "PA_RECOVERY_CODE_SEQ" MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE; -CREATE SEQUENCE "PA_RECOVERY_PUK_SEQ" MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE; -CREATE SEQUENCE "PA_RECOVERY_CONFIG_SEQ" MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE; -CREATE SEQUENCE "PA_OPERATION_TEMPLATE_SEQ" MINVALUE 1 MAXVALUE 9999999999999999999999999999 INCREMENT BY 1 START WITH 1 CACHE 20 NOORDER NOCYCLE; - --- --- DDL for Table PA_ACTIVATION --- -CREATE TABLE "PA_ACTIVATION" -( - "ACTIVATION_ID" VARCHAR2(37 CHAR) NOT NULL PRIMARY KEY, - "APPLICATION_ID" NUMBER(19,0) NOT NULL, - "USER_ID" VARCHAR2(255 CHAR) NOT NULL, - "ACTIVATION_NAME" VARCHAR2(255 CHAR), - "ACTIVATION_CODE" VARCHAR2(255 CHAR), - "ACTIVATION_STATUS" NUMBER(10,0) NOT NULL, - "ACTIVATION_OTP" VARCHAR2(255 CHAR), - "ACTIVATION_OTP_VALIDATION" NUMBER(2,0) DEFAULT 0 NOT NULL, - "BLOCKED_REASON" VARCHAR2(255 CHAR), - "COUNTER" NUMBER(19,0) NOT NULL, - "CTR_DATA" VARCHAR2(255 CHAR), - "DEVICE_PUBLIC_KEY_BASE64" VARCHAR2(255 CHAR), - "EXTRAS" VARCHAR2(255 CHAR), - "PLATFORM" VARCHAR2(255 CHAR), - "DEVICE_INFO" VARCHAR2(255 CHAR), - "FLAGS" VARCHAR2(255 CHAR), - "FAILED_ATTEMPTS" NUMBER(19,0) NOT NULL, - "MAX_FAILED_ATTEMPTS" NUMBER(19,0) DEFAULT 5 NOT NULL, - "SERVER_PRIVATE_KEY_BASE64" VARCHAR2(255 CHAR) NOT NULL, - "SERVER_PRIVATE_KEY_ENCRYPTION" NUMBER(10,0) DEFAULT 0 NOT NULL, - "SERVER_PUBLIC_KEY_BASE64" VARCHAR2(255 CHAR) NOT NULL, - "TIMESTAMP_ACTIVATION_EXPIRE" TIMESTAMP (6) NOT NULL, - "TIMESTAMP_CREATED" TIMESTAMP (6) NOT NULL, - "TIMESTAMP_LAST_USED" TIMESTAMP (6) NOT NULL, - "TIMESTAMP_LAST_CHANGE" TIMESTAMP (6), - "MASTER_KEYPAIR_ID" NUMBER(19,0), - "VERSION" NUMBER(2,0) DEFAULT 2 -); - --- --- DDL for Table PA_APPLICATION --- -CREATE TABLE "PA_APPLICATION" -( - "ID" NUMBER(19,0) NOT NULL PRIMARY KEY, - "NAME" VARCHAR2(255 CHAR) NOT NULL, - "ROLES" VARCHAR2(255 CHAR) -); - - --- --- DDL for Table PA_APPLICATION_VERSION --- -CREATE TABLE "PA_APPLICATION_VERSION" -( - "ID" NUMBER(19,0) NOT NULL PRIMARY KEY, - "APPLICATION_ID" NUMBER(19,0) NOT NULL, - "APPLICATION_KEY" VARCHAR2(255 CHAR), - "APPLICATION_SECRET" VARCHAR2(255 CHAR), - "NAME" VARCHAR2(255 CHAR), - "SUPPORTED" NUMBER(1,0) -); - --- --- DDL for Table PA_MASTER_KEYPAIR --- -CREATE TABLE "PA_MASTER_KEYPAIR" -( - "ID" NUMBER(19,0) NOT NULL PRIMARY KEY, - "APPLICATION_ID" NUMBER(19,0) NOT NULL, - "MASTER_KEY_PRIVATE_BASE64" VARCHAR2(255 CHAR) NOT NULL, - "MASTER_KEY_PUBLIC_BASE64" VARCHAR2(255 CHAR) NOT NULL, - "NAME" VARCHAR2(255 CHAR), - "TIMESTAMP_CREATED" TIMESTAMP (6) NOT NULL -); - --- --- DDL for Table PA_SIGNATURE_AUDIT --- -CREATE TABLE "PA_SIGNATURE_AUDIT" -( - "ID" NUMBER(19,0) NOT NULL PRIMARY KEY, - "ACTIVATION_ID" VARCHAR2(37 CHAR) NOT NULL, - "ACTIVATION_COUNTER" NUMBER(19,0) NOT NULL, - "ACTIVATION_CTR_DATA" VARCHAR2(255 CHAR), - "ACTIVATION_STATUS" NUMBER(10,0), - "ADDITIONAL_INFO" VARCHAR2(255 CHAR), - "DATA_BASE64" CLOB, - "NOTE" VARCHAR2(255 CHAR), - "SIGNATURE_TYPE" VARCHAR2(255 CHAR) NOT NULL, - "SIGNATURE" VARCHAR2(255 CHAR) NOT NULL, - "SIGNATURE_METADATA" CLOB, - "SIGNATURE_DATA_BODY" CLOB, - "TIMESTAMP_CREATED" TIMESTAMP (6) NOT NULL, - "VALID" NUMBER(1,0) DEFAULT 0 NOT NULL, - "VERSION" NUMBER(2,0) DEFAULT 2, - "SIGNATURE_VERSION" VARCHAR2(255 CHAR) -); - --- --- DDL for Table PA_INTEGRATION --- -CREATE TABLE "PA_INTEGRATION" -( - "ID" VARCHAR2(37 CHAR) NOT NULL PRIMARY KEY, - "NAME" VARCHAR2(255 CHAR), - "CLIENT_TOKEN" VARCHAR2(37 CHAR) NOT NULL, - "CLIENT_SECRET" VARCHAR2(37 CHAR) NOT NULL -); - --- --- DDL for Table PA_APPLICATION_CALLBACK --- -CREATE TABLE "PA_APPLICATION_CALLBACK" -( - "ID" VARCHAR2(37 CHAR) NOT NULL PRIMARY KEY, - "APPLICATION_ID" NUMBER(19,0) NOT NULL, - "NAME" VARCHAR2(255 CHAR), - "CALLBACK_URL" VARCHAR2(1024 CHAR), - "TYPE" VARCHAR2(64 CHAR) DEFAULT 'ACTIVATION_STATUS_CHANGE' NOT NULL, - "ATTRIBUTES" VARCHAR2(1024 CHAR), - "AUTHENTICATION" CLOB -); - --- --- DDL for Table PA_TOKEN --- - -CREATE TABLE "PA_TOKEN" -( - "TOKEN_ID" VARCHAR2(37 CHAR) NOT NULL PRIMARY KEY, - "TOKEN_SECRET" VARCHAR2(255 CHAR) NOT NULL, - "ACTIVATION_ID" VARCHAR2(255 CHAR) NOT NULL, - "SIGNATURE_TYPE" VARCHAR2(255 CHAR) NOT NULL, - "TIMESTAMP_CREATED" TIMESTAMP (6) NOT NULL -); - --- --- DDL for Table PA_ACTIVATION_HISTORY --- -CREATE TABLE "PA_ACTIVATION_HISTORY" -( - "ID" NUMBER(19,0) NOT NULL PRIMARY KEY, - "ACTIVATION_ID" VARCHAR2(37 CHAR) NOT NULL, - "ACTIVATION_STATUS" NUMBER(10,0), - "EVENT_REASON" VARCHAR2(255 CHAR), - "EXTERNAL_USER_ID" VARCHAR2(255 CHAR), - "TIMESTAMP_CREATED" TIMESTAMP (6) NOT NULL, - "ACTIVATION_VERSION" NUMBER(2,0) -); - --- --- DDL for Table PA_RECOVERY_CODE --- - -CREATE TABLE "PA_RECOVERY_CODE" ( - "ID" NUMBER(19,0) NOT NULL PRIMARY KEY, - "RECOVERY_CODE" VARCHAR2(23 CHAR) NOT NULL, - "APPLICATION_ID" NUMBER(19,0) NOT NULL, - "USER_ID" VARCHAR2(255 CHAR) NOT NULL, - "ACTIVATION_ID" VARCHAR2(37 CHAR), - "STATUS" NUMBER(10,0) NOT NULL, - "FAILED_ATTEMPTS" NUMBER(19,0) DEFAULT 0 NOT NULL, - "MAX_FAILED_ATTEMPTS" NUMBER(19,0) DEFAULT 10 NOT NULL, - "TIMESTAMP_CREATED" TIMESTAMP (6) NOT NULL, - "TIMESTAMP_LAST_USED" TIMESTAMP (6), - "TIMESTAMP_LAST_CHANGE" TIMESTAMP (6) -); - --- --- DDL for Table PA_RECOVERY_PUK --- - -CREATE TABLE "PA_RECOVERY_PUK" ( - "ID" NUMBER(19,0) NOT NULL PRIMARY KEY, - "RECOVERY_CODE_ID" NUMBER(19,0) NOT NULL, - "PUK" VARCHAR2(255 CHAR), - "PUK_ENCRYPTION" NUMBER(10,0) DEFAULT 0 NOT NULL, - "PUK_INDEX" NUMBER(19,0) NOT NULL, - "STATUS" NUMBER(10,0) NOT NULL, - "TIMESTAMP_LAST_CHANGE" TIMESTAMP (6) -); - --- --- DDL for Table PA_RECOVERY_CONFIG --- - -CREATE TABLE "PA_RECOVERY_CONFIG" ( - "ID" NUMBER(19,0) NOT NULL PRIMARY KEY, - "APPLICATION_ID" NUMBER(19,0) NOT NULL, - "ACTIVATION_RECOVERY_ENABLED" NUMBER(1,0) DEFAULT 0 NOT NULL, - "RECOVERY_POSTCARD_ENABLED" NUMBER(1,0) DEFAULT 0 NOT NULL, - "ALLOW_MULTIPLE_RECOVERY_CODES" NUMBER(1,0) DEFAULT 0 NOT NULL, - "POSTCARD_PRIVATE_KEY_BASE64" VARCHAR2(255 CHAR), - "POSTCARD_PUBLIC_KEY_BASE64" VARCHAR2(255 CHAR), - "REMOTE_PUBLIC_KEY_BASE64" VARCHAR2(255 CHAR), - "POSTCARD_PRIV_KEY_ENCRYPTION" NUMBER(10,0) DEFAULT 0 NOT NULL -); - --- --- DDL for Table PA_OPERATION --- -CREATE TABLE "PA_OPERATION" ( - "ID" VARCHAR2(37 CHAR) NOT NULL PRIMARY KEY, - "USER_ID" VARCHAR2(255 CHAR) NOT NULL, - "EXTERNAL_ID" VARCHAR2(255 CHAR), - "ACTIVATION_FLAG" VARCHAR2(255), - "OPERATION_TYPE" VARCHAR2(255 CHAR) NOT NULL, - "TEMPLATE_NAME" VARCHAR2(255), - "DATA" CLOB NOT NULL, - "PARAMETERS" CLOB, - "ADDITIONAL_DATA" CLOB, - "STATUS" NUMBER(10,0) NOT NULL, - "SIGNATURE_TYPE" VARCHAR(255 CHAR) NOT NULL, - "FAILURE_COUNT" NUMBER(19,0) DEFAULT 0 NOT NULL, - "MAX_FAILURE_COUNT" NUMBER(19,0) NOT NULL, - "TIMESTAMP_CREATED" TIMESTAMP(6) NOT NULL, - "TIMESTAMP_EXPIRES" TIMESTAMP(6) NOT NULL, - "TIMESTAMP_FINALIZED" TIMESTAMP(6), - "RISK_FLAGS" VARCHAR2(255 CHAR), - "TOTP_SEED" VARCHAR2(24 CHAR) -); - --- --- DDL for Table PA_OPERATION_TEMPLATE --- -CREATE TABLE "PA_OPERATION_TEMPLATE" ( - "ID" NUMBER(19, 0) NOT NULL PRIMARY KEY, - "TEMPLATE_NAME" VARCHAR2(255 CHAR) NOT NULL, - "OPERATION_TYPE" VARCHAR2(255 CHAR) NOT NULL, - "DATA_TEMPLATE" VARCHAR2(255 CHAR) NOT NULL, - "SIGNATURE_TYPE" VARCHAR2(255 CHAR) NOT NULL, - "MAX_FAILURE_COUNT" NUMBER(19, 0) NOT NULL, - "EXPIRATION" NUMBER(19, 0) NOT NULL, - "RISK_FLAGS" VARCHAR2(255 CHAR), - "PROXIMITY_CHECK_ENABLED" NUMBER(1, 0) DEFAULT 0 NOT NULL -); - --- --- DDL for Table PA_OPERATION_APPLICATION --- -CREATE TABLE pa_operation_application ( - "APPLICATION_ID" NUMBER(19,0) NOT NULL, - "OPERATION_ID" VARCHAR2(37 CHAR) NOT NULL, - CONSTRAINT pa_operation_application_pk PRIMARY KEY ("APPLICATION_ID", "OPERATION_ID") -); - --- --- DDL for Table PA_UNIQUE_VALUE --- -CREATE TABLE PA_UNIQUE_VALUE ( - unique_value VARCHAR2(255 CHAR) NOT NULL PRIMARY KEY, - type NUMBER(10,0) NOT NULL, - timestamp_expires TIMESTAMP NOT NULL -); +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::1::Lubos Racansky +-- Create a new table audit_log +CREATE TABLE audit_log (audit_log_id VARCHAR2(36) NOT NULL, application_name VARCHAR2(256) NOT NULL, audit_level VARCHAR2(32) NOT NULL, audit_type VARCHAR2(256), timestamp_created TIMESTAMP DEFAULT sysdate, message CLOB NOT NULL, exception_message CLOB, stack_trace CLOB, param CLOB, calling_class VARCHAR2(256) NOT NULL, thread_name VARCHAR2(256) NOT NULL, version VARCHAR2(256), build_time TIMESTAMP, CONSTRAINT PK_AUDIT_LOG PRIMARY KEY (audit_log_id)); -CREATE INDEX pa_unique_value_expiration ON pa_unique_value(timestamp_expires); +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::2::Lubos Racansky +-- Create a new table audit_log +CREATE TABLE audit_param (audit_log_id VARCHAR2(36), timestamp_created TIMESTAMP DEFAULT sysdate, param_key VARCHAR2(256), param_value VARCHAR2(4000)); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::3::Lubos Racansky +-- Create a new index on audit_log(timestamp_created) +CREATE INDEX audit_log_timestamp ON audit_log(timestamp_created); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::4::Lubos Racansky +-- Create a new index on audit_log(application_name) +CREATE INDEX audit_log_application ON audit_log(application_name); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::5::Lubos Racansky +-- Create a new index on audit_log(audit_level) +CREATE INDEX audit_log_level ON audit_log(audit_level); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::6::Lubos Racansky +-- Create a new index on audit_log(audit_type) +CREATE INDEX audit_log_type ON audit_log(audit_type); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::7::Lubos Racansky +-- Create a new index on audit_param(audit_log_id) +CREATE INDEX audit_param_log ON audit_param(audit_log_id); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::8::Lubos Racansky +-- Create a new index on audit_param(timestamp_created) +CREATE INDEX audit_param_timestamp ON audit_param(timestamp_created); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::9::Lubos Racansky +-- Create a new index on audit_log(param_key) +CREATE INDEX audit_param_key ON audit_param(param_key); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::10::Lubos Racansky +-- Create a new index on audit_log(param_value) +CREATE INDEX audit_param_value ON audit_param(param_value); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::1::Lubos Racansky +-- Create a new sequence pa_application_seq +CREATE SEQUENCE pa_application_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::2::Lubos Racansky +-- Create a new sequence pa_application_version_seq +CREATE SEQUENCE pa_application_version_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::3::Lubos Racansky +-- Create a new sequence pa_master_keypair_seq +CREATE SEQUENCE pa_master_keypair_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::4::Lubos Racansky +-- Create a new sequence pa_signature_audit_seq +CREATE SEQUENCE pa_signature_audit_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::5::Lubos Racansky +-- Create a new sequence pa_activation_history_seq +CREATE SEQUENCE pa_activation_history_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::6::Lubos Racansky +-- Create a new sequence pa_recovery_code_seq +CREATE SEQUENCE pa_recovery_code_seq START WITH 1 INCREMENT BY 1 CACHE 20; --- --- DDL for Table SHEDLOCK --- -BEGIN EXECUTE IMMEDIATE 'CREATE TABLE shedlock ( - name VARCHAR(64) NOT NULL PRIMARY KEY, - lock_until TIMESTAMP(3) NOT NULL, - locked_at TIMESTAMP(3) NOT NULL, - locked_by VARCHAR(255) NOT NULL -)'; -EXCEPTION WHEN OTHERS THEN IF SQLCODE != -955 THEN RAISE; END IF; END; -/ - --- --- Create audit log table. --- -BEGIN EXECUTE IMMEDIATE 'CREATE TABLE audit_log ( - audit_log_id VARCHAR2(36 CHAR) PRIMARY KEY, - application_name VARCHAR2(256 CHAR) NOT NULL, - audit_level VARCHAR2(32 CHAR) NOT NULL, - audit_type VARCHAR2(256 CHAR), - timestamp_created TIMESTAMP, - message CLOB NOT NULL, - exception_message CLOB, - stack_trace CLOB, - param CLOB, - calling_class VARCHAR2(256 CHAR) NOT NULL, - thread_name VARCHAR2(256 CHAR) NOT NULL, - version VARCHAR2(256 CHAR), - build_time TIMESTAMP -)'; -EXCEPTION WHEN OTHERS THEN IF SQLCODE != -955 THEN RAISE; END IF; END; -/ - --- --- Create audit parameters table. --- -BEGIN EXECUTE IMMEDIATE 'CREATE TABLE audit_param ( - audit_log_id VARCHAR2(36 CHAR), - timestamp_created TIMESTAMP, - param_key VARCHAR2(256 CHAR), - param_value VARCHAR2(4000 CHAR) -)'; -EXCEPTION WHEN OTHERS THEN IF SQLCODE != -955 THEN RAISE; END IF; END; -/ +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::7::Lubos Racansky +-- Create a new sequence pa_recovery_puk_seq +CREATE SEQUENCE pa_recovery_puk_seq START WITH 1 INCREMENT BY 1 CACHE 20; --- --- Ref Constraints for Table PA_ACTIVATION --- -ALTER TABLE "PA_ACTIVATION" ADD CONSTRAINT "ACTIVATION_KEYPAIR_FK" FOREIGN KEY ("MASTER_KEYPAIR_ID") REFERENCES "PA_MASTER_KEYPAIR" ("ID") ENABLE; -ALTER TABLE "PA_ACTIVATION" ADD CONSTRAINT "ACTIVATION_APPLICATION_FK" FOREIGN KEY ("APPLICATION_ID") REFERENCES "PA_APPLICATION" ("ID") ENABLE; +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::8::Lubos Racansky +-- Create a new sequence pa_recovery_config_seq +CREATE SEQUENCE pa_recovery_config_seq START WITH 1 INCREMENT BY 1 CACHE 20; --- --- Ref Constraints for Table PA_APPLICATION_VERSION --- -ALTER TABLE "PA_APPLICATION_VERSION" ADD CONSTRAINT "VERSION_APPLICATION_FK" FOREIGN KEY ("APPLICATION_ID") REFERENCES "PA_APPLICATION" ("ID") ENABLE; +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::9::Lubos Racansky +-- Create a new sequence pa_operation_template_seq +CREATE SEQUENCE pa_operation_template_seq START WITH 1 INCREMENT BY 1 CACHE 20; --- --- Ref Constraints for Table PA_MASTER_KEYPAIR --- -ALTER TABLE "PA_MASTER_KEYPAIR" ADD CONSTRAINT "KEYPAIR_APPLICATION_FK" FOREIGN KEY ("APPLICATION_ID") REFERENCES "PA_APPLICATION" ("ID") ENABLE; +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::10::Lubos Racansky +-- Create a new table pa_application +CREATE TABLE pa_application (id INTEGER NOT NULL, name VARCHAR2(255) NOT NULL, roles VARCHAR2(255), CONSTRAINT PK_PA_APPLICATION PRIMARY KEY (id)); --- --- Ref Constraints for Table PA_SIGNATURE_AUDIT --- -ALTER TABLE "PA_SIGNATURE_AUDIT" ADD CONSTRAINT "AUDIT_ACTIVATION_FK" FOREIGN KEY ("ACTIVATION_ID") REFERENCES "PA_ACTIVATION" ("ACTIVATION_ID") ENABLE; +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::11::Lubos Racansky +-- Create a new table pa_master_keypair +CREATE TABLE pa_master_keypair (id INTEGER NOT NULL, application_id INTEGER NOT NULL, master_key_private_base64 VARCHAR2(255) NOT NULL, master_key_public_base64 VARCHAR2(255) NOT NULL, name VARCHAR2(255), timestamp_created TIMESTAMP(6) NOT NULL, CONSTRAINT PK_PA_MASTER_KEYPAIR PRIMARY KEY (id), CONSTRAINT keypair_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); --- --- Ref Constraints for Table PA_APPLICATION_CALLBACK --- -ALTER TABLE "PA_APPLICATION_CALLBACK" ADD CONSTRAINT "CALLBACK_APPLICATION_FK" FOREIGN KEY ("APPLICATION_ID") REFERENCES "PA_APPLICATION" ("ID") ENABLE; +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::12::Lubos Racansky +-- Create a new table pa_activation +CREATE TABLE pa_activation (activation_id VARCHAR2(37) NOT NULL, application_id INTEGER NOT NULL, user_id VARCHAR2(255) NOT NULL, activation_name VARCHAR2(255), activation_code VARCHAR2(255), activation_status INTEGER NOT NULL, activation_otp VARCHAR2(255), activation_otp_validation INTEGER DEFAULT 0 NOT NULL, blocked_reason VARCHAR2(255), counter INTEGER NOT NULL, ctr_data VARCHAR2(255), device_public_key_base64 VARCHAR2(255), extras VARCHAR2(255), platform VARCHAR2(255), device_info VARCHAR2(255), flags VARCHAR2(255), failed_attempts INTEGER NOT NULL, max_failed_attempts INTEGER DEFAULT 5 NOT NULL, server_private_key_base64 VARCHAR2(255) NOT NULL, server_private_key_encryption INTEGER DEFAULT 0 NOT NULL, server_public_key_base64 VARCHAR2(255) NOT NULL, timestamp_activation_expire TIMESTAMP(6) NOT NULL, timestamp_created TIMESTAMP(6) NOT NULL, timestamp_last_used TIMESTAMP(6) NOT NULL, timestamp_last_change TIMESTAMP(6), master_keypair_id INTEGER, version INTEGER DEFAULT 2, CONSTRAINT PK_PA_ACTIVATION PRIMARY KEY (activation_id), CONSTRAINT activation_keypair_fk FOREIGN KEY (master_keypair_id) REFERENCES pa_master_keypair(id), CONSTRAINT activation_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); --- --- Ref Constraints for Table PA_TOKEN --- -ALTER TABLE "PA_TOKEN" ADD CONSTRAINT "ACTIVATION_TOKEN_FK" FOREIGN KEY ("ACTIVATION_ID") REFERENCES "PA_ACTIVATION" ("ACTIVATION_ID") ENABLE; +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::13::Lubos Racansky +-- Create a new table pa_application_version +CREATE TABLE pa_application_version (id INTEGER NOT NULL, application_id INTEGER NOT NULL, application_key VARCHAR2(255), application_secret VARCHAR2(255), name VARCHAR2(255), supported BOOLEAN, CONSTRAINT PK_PA_APPLICATION_VERSION PRIMARY KEY (id), CONSTRAINT version_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); --- --- Ref Constraints for Table PA_ACTIVATION_HISTORY --- -ALTER TABLE "PA_ACTIVATION_HISTORY" ADD CONSTRAINT "HISTORY_ACTIVATION_FK" FOREIGN KEY ("ACTIVATION_ID") REFERENCES "PA_ACTIVATION" ("ACTIVATION_ID") ENABLE; +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::14::Lubos Racansky +-- Create a new table pa_signature_audit +CREATE TABLE pa_signature_audit (id NUMBER(38, 0) NOT NULL, activation_id VARCHAR2(37) NOT NULL, activation_counter INTEGER NOT NULL, activation_ctr_data VARCHAR2(255), activation_status INTEGER, additional_info VARCHAR2(255), data_base64 CLOB, note VARCHAR2(255), signature_type VARCHAR2(255) NOT NULL, signature VARCHAR2(255) NOT NULL, timestamp_created TIMESTAMP(6) NOT NULL, valid BOOLEAN, version INTEGER DEFAULT 2, signature_version VARCHAR2(255), CONSTRAINT PK_PA_SIGNATURE_AUDIT PRIMARY KEY (id), CONSTRAINT audit_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id)); --- --- Ref Constraints for Table PA_RECOVERY_CODE --- -ALTER TABLE "PA_RECOVERY_CODE" ADD CONSTRAINT "RECOVERY_CODE_APPLICATION_FK" FOREIGN KEY ("APPLICATION_ID") REFERENCES "PA_APPLICATION" ("ID") ENABLE; -ALTER TABLE "PA_RECOVERY_CODE" ADD CONSTRAINT "RECOVERY_CODE_ACTIVATION_FK" FOREIGN KEY ("ACTIVATION_ID") REFERENCES "PA_ACTIVATION" ("ACTIVATION_ID") ENABLE; +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::15::Lubos Racansky +-- Create a new table pa_integration +CREATE TABLE pa_integration (id VARCHAR2(37) NOT NULL, name VARCHAR2(255), client_token VARCHAR2(37) NOT NULL, client_secret VARCHAR2(37) NOT NULL, CONSTRAINT PK_PA_INTEGRATION PRIMARY KEY (id)); --- --- Ref Constraints for Table PA_RECOVERY_PUK --- -ALTER TABLE "PA_RECOVERY_PUK" ADD CONSTRAINT "RECOVERY_PUK_CODE_FK" FOREIGN KEY ("RECOVERY_CODE_ID") REFERENCES "PA_RECOVERY_CODE" ("ID") ENABLE; +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::16::Lubos Racansky +-- Create a new table pa_application_callback +CREATE TABLE pa_application_callback (id VARCHAR2(37) NOT NULL, application_id INTEGER NOT NULL, name VARCHAR2(255), callback_url VARCHAR2(1024), type VARCHAR2(64) DEFAULT 'ACTIVATION_STATUS_CHANGE' NOT NULL, attributes VARCHAR2(1024), authentication CLOB, CONSTRAINT PK_PA_APPLICATION_CALLBACK PRIMARY KEY (id), CONSTRAINT callback_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); --- --- Ref Constraints for Table PA_RECOVERY_CONFIG --- -ALTER TABLE "PA_RECOVERY_CONFIG" ADD CONSTRAINT "RECOVERY_CONFIG_APP_FK" FOREIGN KEY ("APPLICATION_ID") REFERENCES "PA_APPLICATION" ("ID") ENABLE; +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::17::Lubos Racansky +-- Create a new table pa_token +CREATE TABLE pa_token (token_id VARCHAR2(37) NOT NULL, token_secret VARCHAR2(255) NOT NULL, activation_id VARCHAR2(37) NOT NULL, signature_type VARCHAR2(255) NOT NULL, timestamp_created TIMESTAMP(6) NOT NULL, CONSTRAINT PK_PA_TOKEN PRIMARY KEY (token_id), CONSTRAINT activation_token_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id)); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::18::Lubos Racansky +-- Create a new table pa_activation_history +CREATE TABLE pa_activation_history (id NUMBER(38, 0) NOT NULL, activation_id VARCHAR2(37) NOT NULL, activation_status INTEGER, event_reason VARCHAR2(255), external_user_id VARCHAR2(255), timestamp_created TIMESTAMP(6) NOT NULL, activation_version INTEGER, CONSTRAINT PK_PA_ACTIVATION_HISTORY PRIMARY KEY (id), CONSTRAINT history_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id)); ---- ---- Indexes for better performance. Oracle does not create indexes on foreign key automatically. ---- +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::19::Lubos Racansky +-- Create a new table pa_recovery_code +CREATE TABLE pa_recovery_code (id NUMBER(38, 0) NOT NULL, recovery_code VARCHAR2(23) NOT NULL, application_id INTEGER NOT NULL, user_id VARCHAR2(255) NOT NULL, activation_id VARCHAR2(37), status INTEGER NOT NULL, failed_attempts INTEGER DEFAULT 0 NOT NULL, max_failed_attempts INTEGER DEFAULT 10 NOT NULL, timestamp_created TIMESTAMP(6) NOT NULL, timestamp_last_used TIMESTAMP(6), timestamp_last_change TIMESTAMP(6), CONSTRAINT PK_PA_RECOVERY_CODE PRIMARY KEY (id), CONSTRAINT recovery_code_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id), CONSTRAINT recovery_code_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); -CREATE INDEX PA_ACTIVATION_APPLICATION ON PA_ACTIVATION(APPLICATION_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::20::Lubos Racansky +-- Create a new table pa_recovery_puk +CREATE TABLE pa_recovery_puk (id NUMBER(38, 0) NOT NULL, recovery_code_id NUMBER(38, 0) NOT NULL, puk VARCHAR2(255), puk_encryption INTEGER DEFAULT 0 NOT NULL, puk_index NUMBER(38, 0) NOT NULL, status INTEGER NOT NULL, timestamp_last_change TIMESTAMP(6), CONSTRAINT PK_PA_RECOVERY_PUK PRIMARY KEY (id), CONSTRAINT recovery_puk_code_fk FOREIGN KEY (recovery_code_id) REFERENCES pa_recovery_code(id)); -CREATE INDEX PA_ACTIVATION_KEYPAIR ON PA_ACTIVATION(MASTER_KEYPAIR_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::21::Lubos Racansky +-- Create a new table pa_recovery_config +CREATE TABLE pa_recovery_config (id INTEGER NOT NULL, application_id INTEGER NOT NULL, activation_recovery_enabled BOOLEAN DEFAULT 0 NOT NULL, recovery_postcard_enabled BOOLEAN DEFAULT 0 NOT NULL, allow_multiple_recovery_codes BOOLEAN DEFAULT 0 NOT NULL, postcard_private_key_base64 VARCHAR2(255), postcard_public_key_base64 VARCHAR2(255), remote_public_key_base64 VARCHAR2(255), postcard_priv_key_encryption INTEGER DEFAULT 0 NOT NULL, CONSTRAINT PK_PA_RECOVERY_CONFIG PRIMARY KEY (id), CONSTRAINT recovery_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); -CREATE INDEX PA_ACTIVATION_CODE ON PA_ACTIVATION(ACTIVATION_CODE); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::22::Lubos Racansky +-- Create a new table pa_operation +CREATE TABLE pa_operation (id VARCHAR2(37) NOT NULL, user_id VARCHAR2(255) NOT NULL, external_id VARCHAR2(255), activation_flag VARCHAR2(255), operation_type VARCHAR2(255) NOT NULL, template_name VARCHAR2(255), data CLOB NOT NULL, parameters CLOB, additional_data CLOB, status INTEGER NOT NULL, signature_type VARCHAR2(255) NOT NULL, failure_count NUMBER(38, 0) DEFAULT 0 NOT NULL, max_failure_count NUMBER(38, 0) NOT NULL, timestamp_created TIMESTAMP NOT NULL, timestamp_expires TIMESTAMP NOT NULL, timestamp_finalized TIMESTAMP, risk_flags VARCHAR2(255), CONSTRAINT PK_PA_OPERATION PRIMARY KEY (id)); -CREATE INDEX PA_ACTIVATION_USER_ID ON PA_ACTIVATION(USER_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::23::Lubos Racansky +-- Create a new table pa_operation_template +CREATE TABLE pa_operation_template (id NUMBER(38, 0) NOT NULL, template_name VARCHAR2(255) NOT NULL, operation_type VARCHAR2(255) NOT NULL, data_template VARCHAR2(255) NOT NULL, signature_type VARCHAR2(255) NOT NULL, max_failure_count NUMBER(38, 0) NOT NULL, expiration NUMBER(38, 0) NOT NULL, risk_flags VARCHAR2(255), CONSTRAINT PK_PA_OPERATION_TEMPLATE PRIMARY KEY (id)); -CREATE INDEX PA_ACTIVATION_EXPIRATION ON PA_ACTIVATION (ACTIVATION_STATUS, TIMESTAMP_ACTIVATION_EXPIRE); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::24::Lubos Racansky +-- Create a new table pa_operation_application +CREATE TABLE pa_operation_application (application_id NUMBER(38, 0) NOT NULL, operation_id VARCHAR2(37) NOT NULL, CONSTRAINT PK_PA_OPERATION_APPLICATION PRIMARY KEY (application_id, operation_id)); -CREATE INDEX PA_ACTIVATION_HISTORY_ACT ON PA_ACTIVATION_HISTORY(ACTIVATION_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::26::Lubos Racansky +-- Create a new index on pa_activation(application_id) +CREATE INDEX pa_activation_application ON pa_activation(application_id); -CREATE INDEX PA_ACTIVATION_HISTORY_CREATED ON PA_ACTIVATION_HISTORY(TIMESTAMP_CREATED); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::27::Lubos Racansky +-- Create a new index on pa_activation(master_keypair_id) +CREATE INDEX pa_activation_keypair ON pa_activation(master_keypair_id); -CREATE INDEX PA_APPLICATION_VERSION_APP ON PA_APPLICATION_VERSION(APPLICATION_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::28::Lubos Racansky +-- Create a new index on pa_activation(activation_code) +CREATE INDEX pa_activation_code ON pa_activation(activation_code); -CREATE INDEX PA_MASTER_KEYPAIR_APPLICATION ON PA_MASTER_KEYPAIR(APPLICATION_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::29::Lubos Racansky +-- Create a new index on pa_activation(user_id) +CREATE INDEX pa_activation_user_id ON pa_activation(user_id); -CREATE UNIQUE INDEX PA_APP_VERSION_APP_KEY ON PA_APPLICATION_VERSION(APPLICATION_KEY); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::30::Lubos Racansky +-- Create a new index on pa_activation(activation_status, timestamp_activation_expire) +CREATE INDEX pa_activation_expiration ON pa_activation(activation_status, timestamp_activation_expire); -CREATE INDEX PA_APP_CALLBACK_APP ON PA_APPLICATION_CALLBACK(APPLICATION_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::31::Lubos Racansky +-- Create a new index on pa_activation_history(activation_id) +CREATE INDEX pa_activation_history_act ON pa_activation_history(activation_id); -CREATE UNIQUE INDEX PA_INTEGRATION_TOKEN ON PA_INTEGRATION(CLIENT_TOKEN); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::32::Lubos Racansky +-- Create a new index on pa_activation_history(timestamp_created) +CREATE INDEX pa_activation_history_created ON pa_activation_history(timestamp_created); -CREATE INDEX PA_SIGNATURE_AUDIT_ACTIVATION ON PA_SIGNATURE_AUDIT(ACTIVATION_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::33::Lubos Racansky +-- Create a new index on pa_application_version(application_id) +CREATE INDEX pa_application_version_app ON pa_application_version(application_id); -CREATE INDEX PA_SIGNATURE_AUDIT_CREATED ON PA_SIGNATURE_AUDIT(TIMESTAMP_CREATED); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::34::Lubos Racansky +-- Create a new index on pa_master_keypair(application_id) +CREATE INDEX pa_master_keypair_application ON pa_master_keypair(application_id); -CREATE INDEX PA_TOKEN_ACTIVATION ON PA_TOKEN(ACTIVATION_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::35::Lubos Racansky +-- Create a new unique index on pa_application_version(application_key) +CREATE UNIQUE INDEX pa_app_version_app_key ON pa_application_version(application_key); -CREATE INDEX PA_RECOVERY_CODE ON PA_RECOVERY_CODE(RECOVERY_CODE); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::36::Lubos Racansky +-- Create a new index on pa_application_callback(application_id) +CREATE INDEX pa_app_callback_app ON pa_application_callback(application_id); -CREATE INDEX PA_RECOVERY_CODE_APP ON PA_RECOVERY_CODE(APPLICATION_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::37::Lubos Racansky +-- Create a new unique index on pa_integration(client_token) +CREATE UNIQUE INDEX pa_integration_token ON pa_integration(client_token); -CREATE INDEX PA_RECOVERY_CODE_USER ON PA_RECOVERY_CODE(USER_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::38::Lubos Racansky +-- Create a new index on pa_signature_audit(activation_id) +CREATE INDEX pa_signature_audit_activation ON pa_signature_audit(activation_id); -CREATE INDEX PA_RECOVERY_CODE_ACT ON PA_RECOVERY_CODE(ACTIVATION_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::39::Lubos Racansky +-- Create a new index on pa_signature_audit(timestamp_created) +CREATE INDEX pa_signature_audit_created ON pa_signature_audit(timestamp_created); -CREATE UNIQUE INDEX PA_RECOVERY_CODE_PUK ON PA_RECOVERY_PUK(RECOVERY_CODE_ID, PUK_INDEX); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::40::Lubos Racansky +-- Create a new index on pa_token(activation_id) +CREATE INDEX pa_token_activation ON pa_token(activation_id); -CREATE INDEX PA_RECOVERY_PUK_CODE ON PA_RECOVERY_PUK(RECOVERY_CODE_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::41::Lubos Racansky +-- Create a new index on pa_recovery_code(recovery_code) +CREATE INDEX pa_recovery_code_code ON pa_recovery_code(recovery_code); -CREATE UNIQUE INDEX PA_RECOVERY_CONFIG_APP ON PA_RECOVERY_CONFIG(APPLICATION_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::42::Lubos Racansky +-- Create a new index on pa_recovery_code(application_id) +CREATE INDEX pa_recovery_code_app ON pa_recovery_code(application_id); -CREATE UNIQUE INDEX PA_APPLICATION_NAME ON PA_APPLICATION(NAME); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::43::Lubos Racansky +-- Create a new index on pa_recovery_code(user_id) +CREATE INDEX pa_recovery_code_user ON pa_recovery_code(user_id); -CREATE INDEX PA_OPERATION_USER ON PA_OPERATION(USER_ID); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::44::Lubos Racansky +-- Create a new index on pa_recovery_code(activation_id) +CREATE INDEX pa_recovery_code_act ON pa_recovery_code(activation_id); -CREATE INDEX PA_OPERATION_TS_CREATED_IDX ON PA_OPERATION(TIMESTAMP_CREATED); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::45::Lubos Racansky +-- Create a new unique index on pa_recovery_puk(recovery_code_id, puk_index) +CREATE UNIQUE INDEX pa_recovery_code_puk ON pa_recovery_puk(recovery_code_id, puk_index); -CREATE INDEX PA_OPERATION_TS_EXPIRES_IDX ON PA_OPERATION(TIMESTAMP_EXPIRES); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::46::Lubos Racansky +-- Create a new index on pa_recovery_puk(recovery_code_id) +CREATE INDEX pa_recovery_puk_code ON pa_recovery_puk(recovery_code_id); -CREATE INDEX PA_OPERATION_STATUS_EXP ON PA_OPERATION(TIMESTAMP_EXPIRES, STATUS); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::47::Lubos Racansky +-- Create a new unique index on pa_recovery_config(application_id) +CREATE UNIQUE INDEX pa_recovery_config_app ON pa_recovery_config(application_id); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::48::Lubos Racansky +-- Create a new unique index on pa_application(name) +CREATE UNIQUE INDEX pa_application_name ON pa_application(name); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::49::Lubos Racansky +-- Create a new index on pa_operation(user_id) +CREATE INDEX pa_operation_user ON pa_operation(user_id); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::50::Lubos Racansky +-- Create a new index on pa_operation(timestamp_created) +CREATE INDEX pa_operation_ts_created_idx ON pa_operation(timestamp_created); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::51::Lubos Racansky +-- Create a new index on pa_operation(timestamp_expires) +CREATE INDEX pa_operation_ts_expires_idx ON pa_operation(timestamp_expires); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::52::Lubos Racansky +-- Create a new index on pa_operation(timestamp_expires, status) +CREATE INDEX pa_operation_status_exp ON pa_operation(timestamp_expires, status); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::53::Lubos Racansky +-- Create a new index on pa_operation_template(template_name) +CREATE INDEX pa_operation_template_name_idx ON pa_operation_template(template_name); + +-- Changeset powerauth-java-server/1.4.x/20230322-shedlock.xml::1::Lubos Racansky +-- Create a new table shedlock +CREATE TABLE shedlock (name VARCHAR2(64) NOT NULL, lock_until TIMESTAMP NOT NULL, locked_at TIMESTAMP NOT NULL, locked_by VARCHAR2(255) NOT NULL, CONSTRAINT PK_SHEDLOCK PRIMARY KEY (name)); + +-- Changeset powerauth-java-server/1.4.x/20230323-add-tag-1.4.0.xml::1::Lubos Racansky +-- Changeset powerauth-java-server/1.5.x/20230324-add-column-signature-data-body::1::Roman Strobl +-- Add signature_data_body column of type Clob +ALTER TABLE pa_signature_audit ADD signature_data_body CLOB; + +-- Changeset powerauth-java-server/1.5.x/20230323-add-column-signature-metadata::1::Lubos Racansky +-- Add signature_metadata column of type Clob +ALTER TABLE pa_signature_audit ADD signature_metadata CLOB; + +-- Changeset powerauth-java-server/1.5.x/20230426-add-column-totp-seed::1::Lubos Racansky +-- Add totp_seed column +ALTER TABLE pa_operation ADD totp_seed VARCHAR2(24); + +-- Changeset powerauth-java-server/1.5.x/20230426-add-column-totp-seed::2::Lubos Racansky +-- Add proximity_check_enabled column +ALTER TABLE pa_operation_template ADD proximity_check_enabled BOOLEAN DEFAULT 0 NOT NULL; + +-- Changeset powerauth-java-server/1.5.x/20230723-add-table-unique-value.xml::1::Roman Strobl +-- Create a new table pa_unique_value +CREATE TABLE pa_unique_value (unique_value VARCHAR2(255) NOT NULL, type INTEGER NOT NULL, timestamp_expires TIMESTAMP NOT NULL, CONSTRAINT PK_PA_UNIQUE_VALUE PRIMARY KEY (unique_value)); + +-- Changeset powerauth-java-server/1.5.x/20230723-add-table-unique-value.xml::2::Roman Strobl +-- Create a new index on pa_unique_value(timestamp_expires) +CREATE INDEX pa_unique_value_expiration ON pa_unique_value(timestamp_expires); -CREATE INDEX PA_OPERATION_TEMPLATE_NAME_IDX ON PA_OPERATION_TEMPLATE(TEMPLATE_NAME); +-- Changeset powerauth-java-server/1.5.x/20230822-add-tag-1.5.0.xml::1::Lubos Racansky +-- Changeset powerauth-java-server/1.6.x/20231018-add-constraint-operation-template-name.xml::1::Jan Pesek +-- Add unique constraint to pa_operation_template.template_name +ALTER TABLE pa_operation_template ADD CONSTRAINT pa_operation_template_template_name_uk UNIQUE (template_name); --- --- Auditing indexes. --- -BEGIN EXECUTE IMMEDIATE 'CREATE INDEX audit_log_timestamp ON audit_log (timestamp_created)'; -EXCEPTION WHEN OTHERS THEN IF SQLCODE != -955 THEN RAISE; END IF; END; -/ +-- Changeset powerauth-java-server/1.6.x/20231103-add-activation-name-history.xml::1::Lubos Racansky +-- Add activation_name column to pa_activation_history +ALTER TABLE pa_activation_history ADD activation_name VARCHAR2(255); -BEGIN EXECUTE IMMEDIATE 'CREATE INDEX audit_log_application ON audit_log (application_name)'; -EXCEPTION WHEN OTHERS THEN IF SQLCODE != -955 THEN RAISE; END IF; END; -/ +-- Changeset powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml::1::Jan Pesek +ALTER TABLE pa_operation_application ADD CONSTRAINT pa_operation_application_application_id_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); -BEGIN EXECUTE IMMEDIATE 'CREATE INDEX audit_log_level ON audit_log (audit_level)'; -EXCEPTION WHEN OTHERS THEN IF SQLCODE != -955 THEN RAISE; END IF; END; -/ +-- Changeset powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml::2::Jan Pesek +ALTER TABLE pa_operation_application ADD CONSTRAINT pa_operation_application_operation_id_fk FOREIGN KEY (operation_id) REFERENCES pa_operation (id); -BEGIN EXECUTE IMMEDIATE 'CREATE INDEX audit_log_type ON audit_log (audit_type)'; -EXCEPTION WHEN OTHERS THEN IF SQLCODE != -955 THEN RAISE; END IF; END; -/ +-- Changeset powerauth-java-server/1.6.x/20231112-add-activation-id.xml::1::Jan Dusil +-- Add activation_id column to pa_operation with foreign key constraint +ALTER TABLE pa_operation ADD activation_id VARCHAR2(37); -BEGIN EXECUTE IMMEDIATE 'CREATE INDEX audit_param_log ON audit_param (audit_log_id)'; -EXCEPTION WHEN OTHERS THEN IF SQLCODE != -955 THEN RAISE; END IF; END; -/ +ALTER TABLE pa_operation ADD CONSTRAINT pa_operation_activation_id_fk FOREIGN KEY (activation_id) REFERENCES pa_activation (activation_id); -BEGIN EXECUTE IMMEDIATE 'CREATE INDEX audit_param_timestamp ON audit_param (timestamp_created)'; -EXCEPTION WHEN OTHERS THEN IF SQLCODE != -955 THEN RAISE; END IF; END; -/ +-- Changeset powerauth-java-server/1.6.x/20231123-operation-user-nullable.xml::1::Roman Strobl +-- Make user_id column in table pa_operation nullable +ALTER TABLE pa_operation MODIFY user_id NULL; -BEGIN EXECUTE IMMEDIATE 'CREATE INDEX audit_param_key ON audit_param (param_key)'; -EXCEPTION WHEN OTHERS THEN IF SQLCODE != -955 THEN RAISE; END IF; END; -/ +-- Changeset powerauth-java-server/1.6.x/20231212-add-tag-1.6.0.xml::1::Lubos Racansky diff --git a/docs/sql/oracle/delete_schema.sql b/docs/sql/oracle/delete_schema.sql deleted file mode 100755 index ea5bec2e7..000000000 --- a/docs/sql/oracle/delete_schema.sql +++ /dev/null @@ -1,34 +0,0 @@ --- --- Drop all tables. --- -DROP TABLE "PA_ACTIVATION" CASCADE CONSTRAINTS; -DROP TABLE "PA_ACTIVATION_HISTORY" CASCADE CONSTRAINTS; -DROP TABLE "PA_APPLICATION" CASCADE CONSTRAINTS; -DROP TABLE "PA_APPLICATION_VERSION" CASCADE CONSTRAINTS; -DROP TABLE "PA_TOKEN" CASCADE CONSTRAINTS; -DROP TABLE "PA_MASTER_KEYPAIR" CASCADE CONSTRAINTS; -DROP TABLE "PA_SIGNATURE_AUDIT" CASCADE CONSTRAINTS; -DROP TABLE "PA_INTEGRATION" CASCADE CONSTRAINTS; -DROP TABLE "PA_APPLICATION_CALLBACK" CASCADE CONSTRAINTS; -DROP TABLE "PA_RECOVERY_CODE" CASCADE CONSTRAINTS; -DROP TABLE "PA_RECOVERY_PUK" CASCADE CONSTRAINTS; -DROP TABLE "PA_RECOVERY_CONFIG" CASCADE CONSTRAINTS; -DROP TABLE "PA_OPERATION" CASCADE CONSTRAINTS; -DROP TABLE "PA_OPERATION_TEMPLATE" CASCADE CONSTRAINTS; -DROP TABLE "PA_UNIQUE_VALUE" CASCADE CONSTRAINTS; - --- Optionally drop the shedlock table --- DROP TABLE "shedlock" CASCADE CONSTRAINTS; - --- --- Drop all sequences. --- -DROP SEQUENCE "PA_APPLICATION_SEQ"; -DROP SEQUENCE "PA_APPLICATION_VERSION_SEQ"; -DROP SEQUENCE "PA_MASTER_KEYPAIR_SEQ"; -DROP SEQUENCE "PA_SIGNATURE_AUDIT_SEQ"; -DROP SEQUENCE "PA_ACTIVATION_HISTORY_SEQ"; -DROP SEQUENCE "PA_RECOVERY_CODE_SEQ"; -DROP SEQUENCE "PA_RECOVERY_PUK_SEQ"; -DROP SEQUENCE "PA_RECOVERY_CONFIG_SEQ"; -DROP SEQUENCE "PA_OPERATION_TEMPLATE_SEQ"; diff --git a/docs/sql/postgresql/create_schema.sql b/docs/sql/postgresql/create_schema.sql index 485aa57b0..7ab67c672 100644 --- a/docs/sql/postgresql/create_schema.sql +++ b/docs/sql/postgresql/create_schema.sql @@ -1,429 +1,303 @@ --- --- Create sequences. Maximum value for PostgreSQL is 9223372036854775807. ---- See: https://www.postgresql.org/docs/9.6/sql-createsequence.html --- -CREATE SEQUENCE pa_application_seq MINVALUE 1 MAXVALUE 9223372036854775807 INCREMENT BY 1 START WITH 1 CACHE 20; -CREATE SEQUENCE pa_application_version_seq MINVALUE 1 MAXVALUE 9223372036854775807 INCREMENT BY 1 START WITH 1 CACHE 20; -CREATE SEQUENCE pa_master_keypair_seq MINVALUE 1 MAXVALUE 9223372036854775807 INCREMENT BY 1 START WITH 1 CACHE 20; -CREATE SEQUENCE pa_signature_audit_seq MINVALUE 1 MAXVALUE 9223372036854775807 INCREMENT BY 1 START WITH 1 CACHE 20; -CREATE SEQUENCE pa_activation_history_seq MINVALUE 1 MAXVALUE 9223372036854775807 INCREMENT BY 1 START WITH 1 CACHE 20; -CREATE SEQUENCE pa_recovery_code_seq MINVALUE 1 MAXVALUE 9223372036854775807 INCREMENT BY 1 START WITH 1 CACHE 20; -CREATE SEQUENCE pa_recovery_puk_seq MINVALUE 1 MAXVALUE 9223372036854775807 INCREMENT BY 1 START WITH 1 CACHE 20; -CREATE SEQUENCE pa_recovery_config_seq MINVALUE 1 MAXVALUE 9223372036854775807 INCREMENT BY 1 START WITH 1 CACHE 20; -CREATE SEQUENCE pa_operation_template_seq MINVALUE 1 MAXVALUE 9223372036854775807 INCREMENT BY 1 START WITH 1 CACHE 20; - --- --- DDL for Table PA_ACTIVATION --- -CREATE TABLE pa_activation -( - activation_id VARCHAR(37) NOT NULL PRIMARY KEY, - application_id INTEGER NOT NULL, - user_id VARCHAR(255) NOT NULL, - activation_name VARCHAR(255), - activation_code VARCHAR(255), - activation_status INTEGER NOT NULL, - activation_otp VARCHAR(255), - activation_otp_validation INTEGER DEFAULT 0 NOT NULL, - blocked_reason VARCHAR(255), - counter INTEGER NOT NULL, - ctr_data VARCHAR(255), - device_public_key_base64 VARCHAR(255), - extras VARCHAR(255), - platform VARCHAR(255), - device_info VARCHAR(255), - flags VARCHAR(255), - failed_attempts INTEGER NOT NULL, - max_failed_attempts INTEGER DEFAULT 5 NOT NULL, - server_private_key_base64 VARCHAR(255) NOT NULL, - server_private_key_encryption INTEGER DEFAULT 0 NOT NULL, - server_public_key_base64 VARCHAR(255) NOT NULL, - timestamp_activation_expire TIMESTAMP (6) NOT NULL, - timestamp_created TIMESTAMP (6) NOT NULL, - timestamp_last_used TIMESTAMP (6) NOT NULL, - timestamp_last_change TIMESTAMP (6), - master_keypair_id INTEGER, - version INTEGER DEFAULT 2 -); - --- --- DDL for Table PA_APPLICATION --- -CREATE TABLE pa_application -( - id INTEGER NOT NULL PRIMARY KEY, - name VARCHAR(255) NOT NULL, - roles VARCHAR(255) -); - - --- --- DDL for Table PA_APPLICATION_VERSION --- -CREATE TABLE pa_application_version -( - id INTEGER NOT NULL PRIMARY KEY, - application_id INTEGER NOT NULL, - application_key VARCHAR(255), - application_secret VARCHAR(255), - name VARCHAR(255), - supported BOOLEAN -); - --- --- DDL for Table PA_MASTER_KEYPAIR --- -CREATE TABLE pa_master_keypair -( - id INTEGER NOT NULL PRIMARY KEY, - application_id INTEGER NOT NULL, - master_key_private_base64 VARCHAR(255) NOT NULL, - master_key_public_base64 VARCHAR(255) NOT NULL, - name VARCHAR(255), - timestamp_created TIMESTAMP (6) NOT NULL -); - --- --- DDL for Table PA_SIGNATURE_AUDIT --- -CREATE TABLE pa_signature_audit -( - id BIGINT NOT NULL PRIMARY KEY, - activation_id VARCHAR(37) NOT NULL, - activation_counter INTEGER NOT NULL, - activation_ctr_data VARCHAR(255), - activation_status INTEGER, - additional_info VARCHAR(255), - data_base64 TEXT, - note VARCHAR(255), - signature_type VARCHAR(255) NOT NULL, - signature VARCHAR(255) NOT NULL, - signature_metadata TEXT, - signature_data_body TEXT, - timestamp_created TIMESTAMP (6) NOT NULL, - valid BOOLEAN, - version INTEGER DEFAULT 2, - signature_version VARCHAR(255) -); - --- --- DDL for Table PA_INTEGRATION --- -CREATE TABLE pa_integration -( - id VARCHAR(37) NOT NULL PRIMARY KEY, - name VARCHAR(255), - client_token VARCHAR(37) NOT NULL, - client_secret VARCHAR(37) NOT NULL -); - --- --- DDL for Table PA_APPLICATION_CALLBACK --- -CREATE TABLE pa_application_callback -( - id VARCHAR(37) NOT NULL PRIMARY KEY, - application_id INTEGER NOT NULL, - name VARCHAR(255), - callback_url VARCHAR(1024), - type VARCHAR(64) DEFAULT 'ACTIVATION_STATUS_CHANGE' NOT NULL, - attributes VARCHAR(1024), - authentication TEXT -); - --- --- DDL for Table PA_TOKEN --- - -CREATE TABLE pa_token -( - token_id VARCHAR(37) NOT NULL PRIMARY KEY, - token_secret VARCHAR(255) NOT NULL, - activation_id VARCHAR(37) NOT NULL, - signature_type VARCHAR(255) NOT NULL, - timestamp_created TIMESTAMP (6) NOT NULL -); - --- --- DDL for Table PA_ACTIVATION_HISTORY --- -CREATE TABLE pa_activation_history -( - id BIGINT NOT NULL PRIMARY KEY, - activation_id VARCHAR(37) NOT NULL, - activation_status INTEGER, - event_reason VARCHAR(255), - external_user_id VARCHAR(255), - timestamp_created TIMESTAMP (6) NOT NULL, - activation_version INTEGER -); - --- --- DDL for Table PA_RECOVERY_CODE --- - -CREATE TABLE pa_recovery_code ( - id BIGINT NOT NULL PRIMARY KEY, - recovery_code VARCHAR(23) NOT NULL, - application_id INTEGER NOT NULL, - user_id VARCHAR(255) NOT NULL, - activation_id VARCHAR(37), - status INTEGER NOT NULL, - failed_attempts INTEGER DEFAULT 0 NOT NULL, - max_failed_attempts INTEGER DEFAULT 10 NOT NULL, - timestamp_created TIMESTAMP (6) NOT NULL, - timestamp_last_used TIMESTAMP (6), - timestamp_last_change TIMESTAMP (6) -); - --- --- DDL for Table PA_RECOVERY_PUK --- - -CREATE TABLE pa_recovery_puk ( - id BIGINT NOT NULL PRIMARY KEY, - recovery_code_id BIGINT NOT NULL, - puk VARCHAR(255), - puk_encryption INTEGER DEFAULT 0 NOT NULL, - puk_index BIGINT NOT NULL, - status INTEGER NOT NULL, - timestamp_last_change TIMESTAMP (6) -); - --- --- DDL for Table PA_RECOVERY_CONFIG --- - -CREATE TABLE pa_recovery_config ( - id INTEGER NOT NULL PRIMARY KEY, - application_id INTEGER NOT NULL, - activation_recovery_enabled BOOLEAN NOT NULL DEFAULT FALSE, - recovery_postcard_enabled BOOLEAN NOT NULL DEFAULT FALSE, - allow_multiple_recovery_codes BOOLEAN NOT NULL DEFAULT FALSE, - postcard_private_key_base64 VARCHAR(255), - postcard_public_key_base64 VARCHAR(255), - remote_public_key_base64 VARCHAR(255), - postcard_priv_key_encryption INTEGER DEFAULT 0 NOT NULL -); - --- --- DDL for Table PA_OPERATION --- -CREATE TABLE pa_operation ( - id VARCHAR(37) NOT NULL PRIMARY KEY, - user_id VARCHAR(255) NOT NULL, - external_id VARCHAR(255), - activation_flag VARCHAR(255), - operation_type VARCHAR(255) NOT NULL, - template_name VARCHAR(255), - data TEXT NOT NULL, - parameters TEXT, - additional_data TEXT, - status INTEGER NOT NULL, - signature_type VARCHAR(255) NOT NULL, - failure_count BIGINT DEFAULT 0 NOT NULL, - max_failure_count BIGINT NOT NULL, - timestamp_created TIMESTAMP NOT NULL, - timestamp_expires TIMESTAMP NOT NULL, - timestamp_finalized TIMESTAMP, - risk_flags VARCHAR(255), - totp_seed VARCHAR(24) -); - --- --- DDL for Table PA_OPERATION_TEMPLATE --- -CREATE TABLE pa_operation_template ( - id BIGINT NOT NULL PRIMARY KEY, - template_name VARCHAR(255) NOT NULL, - operation_type VARCHAR(255) NOT NULL, - data_template VARCHAR(255) NOT NULL, - signature_type VARCHAR(255) NOT NULL, - max_failure_count BIGINT NOT NULL, - expiration BIGINT NOT NULL, - risk_flags VARCHAR(255), - proximity_check_enabled BOOLEAN NOT NULL DEFAULT FALSE -); - --- --- DDL for Table PA_OPERATION_APPLICATION --- -CREATE TABLE pa_operation_application ( - application_id BIGINT NOT NULL, - operation_id VARCHAR(37) NOT NULL, - CONSTRAINT pa_operation_application_pk PRIMARY KEY (application_id, operation_id) -); - --- --- DDL for Table PA_UNIQUE_VALUE --- -CREATE TABLE pa_unique_value ( - unique_value VARCHAR(255) NOT NULL PRIMARY KEY, - type INTEGER NOT NULL, - timestamp_expires TIMESTAMP NOT NULL -); - --- --- DDL for Table SHEDLOCK --- -CREATE TABLE IF NOT EXISTS shedlock ( - name VARCHAR(64) NOT NULL PRIMARY KEY, - lock_until TIMESTAMP NOT NULL, - locked_at TIMESTAMP NOT NULL, - locked_by VARCHAR(255) NOT NULL -); - --- --- Create audit log table. --- -CREATE TABLE IF NOT EXISTS audit_log ( - audit_log_id VARCHAR(36) PRIMARY KEY, - application_name VARCHAR(256) NOT NULL, - audit_level VARCHAR(32) NOT NULL, - audit_type VARCHAR(256), - timestamp_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - message TEXT NOT NULL, - exception_message TEXT, - stack_trace TEXT, - param TEXT, - calling_class VARCHAR(256) NOT NULL, - thread_name VARCHAR(256) NOT NULL, - version VARCHAR(256), - build_time TIMESTAMP -); - --- --- Create audit parameters table. --- -CREATE TABLE IF NOT EXISTS audit_param ( - audit_log_id VARCHAR(36), - timestamp_created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, - param_key VARCHAR(256), - param_value VARCHAR(4000) -); - --- --- Ref Constraints for Table PA_ACTIVATION --- -ALTER TABLE pa_activation ADD CONSTRAINT activation_keypair_fk FOREIGN KEY (master_keypair_id) REFERENCES pa_master_keypair (id); -ALTER TABLE pa_activation ADD CONSTRAINT activation_application_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); - --- --- Ref Constraints for Table PA_APPLICATION_VERSION --- -ALTER TABLE pa_application_version ADD CONSTRAINT version_application_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); - --- --- Ref Constraints for Table PA_MASTER_KEYPAIR --- -ALTER TABLE pa_master_keypair ADD CONSTRAINT keypair_application_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); - --- --- Ref Constraints for Table PA_SIGNATURE_AUDIT --- -ALTER TABLE pa_signature_audit ADD CONSTRAINT audit_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation (activation_id); - --- --- Ref Constraints for Table PA_APPLICATION_CALLBACK --- -ALTER TABLE pa_application_callback ADD CONSTRAINT callback_application_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); - --- --- Ref Constraints for Table PA_TOKEN --- -ALTER TABLE pa_token ADD CONSTRAINT activation_token_fk FOREIGN KEY (activation_id) REFERENCES pa_activation (activation_id); - --- --- Ref Constraints for Table PA_ACTIVATION_HISTORY --- -ALTER TABLE pa_activation_history ADD CONSTRAINT history_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation (activation_id); - --- --- Ref Constraints for Table PA_RECOVERY_CODE --- -ALTER TABLE pa_recovery_code ADD CONSTRAINT recovery_code_application_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); -ALTER TABLE pa_recovery_code ADD CONSTRAINT recovery_code_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation (activation_id); - --- --- Ref Constraints for Table PA_RECOVERY_PUK --- -ALTER TABLE pa_recovery_puk ADD CONSTRAINT recovery_puk_code_fk FOREIGN KEY (recovery_code_id) REFERENCES pa_recovery_code (id); - --- --- Ref Constraints for Table PA_RECOVERY_CONFIG --- -ALTER TABLE pa_recovery_config ADD CONSTRAINT recovery_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); - - ---- ---- Indexes for better performance. PostgreSQL does not CREATE INDEXes ON foreign key automatically. ---- +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::1::Lubos Racansky +-- Create a new table audit_log +CREATE TABLE audit_log (audit_log_id VARCHAR(36) NOT NULL, application_name VARCHAR(256) NOT NULL, audit_level VARCHAR(32) NOT NULL, audit_type VARCHAR(256), timestamp_created TIMESTAMP WITHOUT TIME ZONE DEFAULT NOW(), message TEXT NOT NULL, exception_message TEXT, stack_trace TEXT, param TEXT, calling_class VARCHAR(256) NOT NULL, thread_name VARCHAR(256) NOT NULL, version VARCHAR(256), build_time TIMESTAMP WITHOUT TIME ZONE, CONSTRAINT audit_log_pkey PRIMARY KEY (audit_log_id)); +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::2::Lubos Racansky +-- Create a new table audit_log +CREATE TABLE audit_param (audit_log_id VARCHAR(36), timestamp_created TIMESTAMP WITHOUT TIME ZONE DEFAULT NOW(), param_key VARCHAR(256), param_value VARCHAR(4000)); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::3::Lubos Racansky +-- Create a new index on audit_log(timestamp_created) +CREATE INDEX audit_log_timestamp ON audit_log(timestamp_created); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::4::Lubos Racansky +-- Create a new index on audit_log(application_name) +CREATE INDEX audit_log_application ON audit_log(application_name); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::5::Lubos Racansky +-- Create a new index on audit_log(audit_level) +CREATE INDEX audit_log_level ON audit_log(audit_level); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::6::Lubos Racansky +-- Create a new index on audit_log(audit_type) +CREATE INDEX audit_log_type ON audit_log(audit_type); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::7::Lubos Racansky +-- Create a new index on audit_param(audit_log_id) +CREATE INDEX audit_param_log ON audit_param(audit_log_id); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::8::Lubos Racansky +-- Create a new index on audit_param(timestamp_created) +CREATE INDEX audit_param_timestamp ON audit_param(timestamp_created); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::9::Lubos Racansky +-- Create a new index on audit_log(param_key) +CREATE INDEX audit_param_key ON audit_param(param_key); + +-- Changeset powerauth-java-server/1.4.x/20230322-audit.xml::10::Lubos Racansky +-- Create a new index on audit_log(param_value) +CREATE INDEX audit_param_value ON audit_param(param_value); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::1::Lubos Racansky +-- Create a new sequence pa_application_seq +CREATE SEQUENCE IF NOT EXISTS pa_application_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::2::Lubos Racansky +-- Create a new sequence pa_application_version_seq +CREATE SEQUENCE IF NOT EXISTS pa_application_version_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::3::Lubos Racansky +-- Create a new sequence pa_master_keypair_seq +CREATE SEQUENCE IF NOT EXISTS pa_master_keypair_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::4::Lubos Racansky +-- Create a new sequence pa_signature_audit_seq +CREATE SEQUENCE IF NOT EXISTS pa_signature_audit_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::5::Lubos Racansky +-- Create a new sequence pa_activation_history_seq +CREATE SEQUENCE IF NOT EXISTS pa_activation_history_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::6::Lubos Racansky +-- Create a new sequence pa_recovery_code_seq +CREATE SEQUENCE IF NOT EXISTS pa_recovery_code_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::7::Lubos Racansky +-- Create a new sequence pa_recovery_puk_seq +CREATE SEQUENCE IF NOT EXISTS pa_recovery_puk_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::8::Lubos Racansky +-- Create a new sequence pa_recovery_config_seq +CREATE SEQUENCE IF NOT EXISTS pa_recovery_config_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::9::Lubos Racansky +-- Create a new sequence pa_operation_template_seq +CREATE SEQUENCE IF NOT EXISTS pa_operation_template_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::10::Lubos Racansky +-- Create a new table pa_application +CREATE TABLE pa_application (id INTEGER NOT NULL, name VARCHAR(255) NOT NULL, roles VARCHAR(255), CONSTRAINT pa_application_pkey PRIMARY KEY (id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::11::Lubos Racansky +-- Create a new table pa_master_keypair +CREATE TABLE pa_master_keypair (id INTEGER NOT NULL, application_id INTEGER NOT NULL, master_key_private_base64 VARCHAR(255) NOT NULL, master_key_public_base64 VARCHAR(255) NOT NULL, name VARCHAR(255), timestamp_created TIMESTAMP(6) WITHOUT TIME ZONE NOT NULL, CONSTRAINT pa_master_keypair_pkey PRIMARY KEY (id), CONSTRAINT keypair_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::12::Lubos Racansky +-- Create a new table pa_activation +CREATE TABLE pa_activation (activation_id VARCHAR(37) NOT NULL, application_id INTEGER NOT NULL, user_id VARCHAR(255) NOT NULL, activation_name VARCHAR(255), activation_code VARCHAR(255), activation_status INTEGER NOT NULL, activation_otp VARCHAR(255), activation_otp_validation INTEGER DEFAULT 0 NOT NULL, blocked_reason VARCHAR(255), counter INTEGER NOT NULL, ctr_data VARCHAR(255), device_public_key_base64 VARCHAR(255), extras VARCHAR(255), platform VARCHAR(255), device_info VARCHAR(255), flags VARCHAR(255), failed_attempts INTEGER NOT NULL, max_failed_attempts INTEGER DEFAULT 5 NOT NULL, server_private_key_base64 VARCHAR(255) NOT NULL, server_private_key_encryption INTEGER DEFAULT 0 NOT NULL, server_public_key_base64 VARCHAR(255) NOT NULL, timestamp_activation_expire TIMESTAMP(6) WITHOUT TIME ZONE NOT NULL, timestamp_created TIMESTAMP(6) WITHOUT TIME ZONE NOT NULL, timestamp_last_used TIMESTAMP(6) WITHOUT TIME ZONE NOT NULL, timestamp_last_change TIMESTAMP(6) WITHOUT TIME ZONE, master_keypair_id INTEGER, version INTEGER DEFAULT 2, CONSTRAINT pa_activation_pkey PRIMARY KEY (activation_id), CONSTRAINT activation_keypair_fk FOREIGN KEY (master_keypair_id) REFERENCES pa_master_keypair(id), CONSTRAINT activation_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::13::Lubos Racansky +-- Create a new table pa_application_version +CREATE TABLE pa_application_version (id INTEGER NOT NULL, application_id INTEGER NOT NULL, application_key VARCHAR(255), application_secret VARCHAR(255), name VARCHAR(255), supported BOOLEAN, CONSTRAINT pa_application_version_pkey PRIMARY KEY (id), CONSTRAINT version_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::14::Lubos Racansky +-- Create a new table pa_signature_audit +CREATE TABLE pa_signature_audit (id BIGINT NOT NULL, activation_id VARCHAR(37) NOT NULL, activation_counter INTEGER NOT NULL, activation_ctr_data VARCHAR(255), activation_status INTEGER, additional_info VARCHAR(255), data_base64 TEXT, note VARCHAR(255), signature_type VARCHAR(255) NOT NULL, signature VARCHAR(255) NOT NULL, timestamp_created TIMESTAMP(6) WITHOUT TIME ZONE NOT NULL, valid BOOLEAN, version INTEGER DEFAULT 2, signature_version VARCHAR(255), CONSTRAINT pa_signature_audit_pkey PRIMARY KEY (id), CONSTRAINT audit_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::15::Lubos Racansky +-- Create a new table pa_integration +CREATE TABLE pa_integration (id VARCHAR(37) NOT NULL, name VARCHAR(255), client_token VARCHAR(37) NOT NULL, client_secret VARCHAR(37) NOT NULL, CONSTRAINT pa_integration_pkey PRIMARY KEY (id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::16::Lubos Racansky +-- Create a new table pa_application_callback +CREATE TABLE pa_application_callback (id VARCHAR(37) NOT NULL, application_id INTEGER NOT NULL, name VARCHAR(255), callback_url VARCHAR(1024), type VARCHAR(64) DEFAULT 'ACTIVATION_STATUS_CHANGE' NOT NULL, attributes VARCHAR(1024), authentication TEXT, CONSTRAINT pa_application_callback_pkey PRIMARY KEY (id), CONSTRAINT callback_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::17::Lubos Racansky +-- Create a new table pa_token +CREATE TABLE pa_token (token_id VARCHAR(37) NOT NULL, token_secret VARCHAR(255) NOT NULL, activation_id VARCHAR(37) NOT NULL, signature_type VARCHAR(255) NOT NULL, timestamp_created TIMESTAMP(6) WITHOUT TIME ZONE NOT NULL, CONSTRAINT pa_token_pkey PRIMARY KEY (token_id), CONSTRAINT activation_token_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::18::Lubos Racansky +-- Create a new table pa_activation_history +CREATE TABLE pa_activation_history (id BIGINT NOT NULL, activation_id VARCHAR(37) NOT NULL, activation_status INTEGER, event_reason VARCHAR(255), external_user_id VARCHAR(255), timestamp_created TIMESTAMP(6) WITHOUT TIME ZONE NOT NULL, activation_version INTEGER, CONSTRAINT pa_activation_history_pkey PRIMARY KEY (id), CONSTRAINT history_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::19::Lubos Racansky +-- Create a new table pa_recovery_code +CREATE TABLE pa_recovery_code (id BIGINT NOT NULL, recovery_code VARCHAR(23) NOT NULL, application_id INTEGER NOT NULL, user_id VARCHAR(255) NOT NULL, activation_id VARCHAR(37), status INTEGER NOT NULL, failed_attempts INTEGER DEFAULT 0 NOT NULL, max_failed_attempts INTEGER DEFAULT 10 NOT NULL, timestamp_created TIMESTAMP(6) WITHOUT TIME ZONE NOT NULL, timestamp_last_used TIMESTAMP(6) WITHOUT TIME ZONE, timestamp_last_change TIMESTAMP(6) WITHOUT TIME ZONE, CONSTRAINT pa_recovery_code_pkey PRIMARY KEY (id), CONSTRAINT recovery_code_activation_fk FOREIGN KEY (activation_id) REFERENCES pa_activation(activation_id), CONSTRAINT recovery_code_application_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::20::Lubos Racansky +-- Create a new table pa_recovery_puk +CREATE TABLE pa_recovery_puk (id BIGINT NOT NULL, recovery_code_id BIGINT NOT NULL, puk VARCHAR(255), puk_encryption INTEGER DEFAULT 0 NOT NULL, puk_index BIGINT NOT NULL, status INTEGER NOT NULL, timestamp_last_change TIMESTAMP(6) WITHOUT TIME ZONE, CONSTRAINT pa_recovery_puk_pkey PRIMARY KEY (id), CONSTRAINT recovery_puk_code_fk FOREIGN KEY (recovery_code_id) REFERENCES pa_recovery_code(id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::21::Lubos Racansky +-- Create a new table pa_recovery_config +CREATE TABLE pa_recovery_config (id INTEGER NOT NULL, application_id INTEGER NOT NULL, activation_recovery_enabled BOOLEAN DEFAULT FALSE NOT NULL, recovery_postcard_enabled BOOLEAN DEFAULT FALSE NOT NULL, allow_multiple_recovery_codes BOOLEAN DEFAULT FALSE NOT NULL, postcard_private_key_base64 VARCHAR(255), postcard_public_key_base64 VARCHAR(255), remote_public_key_base64 VARCHAR(255), postcard_priv_key_encryption INTEGER DEFAULT 0 NOT NULL, CONSTRAINT pa_recovery_config_pkey PRIMARY KEY (id), CONSTRAINT recovery_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::22::Lubos Racansky +-- Create a new table pa_operation +CREATE TABLE pa_operation (id VARCHAR(37) NOT NULL, user_id VARCHAR(255) NOT NULL, external_id VARCHAR(255), activation_flag VARCHAR(255), operation_type VARCHAR(255) NOT NULL, template_name VARCHAR(255), data TEXT NOT NULL, parameters TEXT, additional_data TEXT, status INTEGER NOT NULL, signature_type VARCHAR(255) NOT NULL, failure_count BIGINT DEFAULT 0 NOT NULL, max_failure_count BIGINT NOT NULL, timestamp_created TIMESTAMP WITHOUT TIME ZONE NOT NULL, timestamp_expires TIMESTAMP WITHOUT TIME ZONE NOT NULL, timestamp_finalized TIMESTAMP WITHOUT TIME ZONE, risk_flags VARCHAR(255), CONSTRAINT pa_operation_pkey PRIMARY KEY (id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::23::Lubos Racansky +-- Create a new table pa_operation_template +CREATE TABLE pa_operation_template (id BIGINT NOT NULL, template_name VARCHAR(255) NOT NULL, operation_type VARCHAR(255) NOT NULL, data_template VARCHAR(255) NOT NULL, signature_type VARCHAR(255) NOT NULL, max_failure_count BIGINT NOT NULL, expiration BIGINT NOT NULL, risk_flags VARCHAR(255), CONSTRAINT pa_operation_template_pkey PRIMARY KEY (id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::24::Lubos Racansky +-- Create a new table pa_operation_application +CREATE TABLE pa_operation_application (application_id BIGINT NOT NULL, operation_id VARCHAR(37) NOT NULL, CONSTRAINT pa_operation_application_pkey PRIMARY KEY (application_id, operation_id)); + +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::26::Lubos Racansky +-- Create a new index on pa_activation(application_id) CREATE INDEX pa_activation_application ON pa_activation(application_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::27::Lubos Racansky +-- Create a new index on pa_activation(master_keypair_id) CREATE INDEX pa_activation_keypair ON pa_activation(master_keypair_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::28::Lubos Racansky +-- Create a new index on pa_activation(activation_code) CREATE INDEX pa_activation_code ON pa_activation(activation_code); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::29::Lubos Racansky +-- Create a new index on pa_activation(user_id) CREATE INDEX pa_activation_user_id ON pa_activation(user_id); -CREATE INDEX pa_activation_expiration on pa_activation (activation_status, timestamp_activation_expire); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::30::Lubos Racansky +-- Create a new index on pa_activation(activation_status, timestamp_activation_expire) +CREATE INDEX pa_activation_expiration ON pa_activation(activation_status, timestamp_activation_expire); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::31::Lubos Racansky +-- Create a new index on pa_activation_history(activation_id) CREATE INDEX pa_activation_history_act ON pa_activation_history(activation_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::32::Lubos Racansky +-- Create a new index on pa_activation_history(timestamp_created) CREATE INDEX pa_activation_history_created ON pa_activation_history(timestamp_created); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::33::Lubos Racansky +-- Create a new index on pa_application_version(application_id) CREATE INDEX pa_application_version_app ON pa_application_version(application_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::34::Lubos Racansky +-- Create a new index on pa_master_keypair(application_id) CREATE INDEX pa_master_keypair_application ON pa_master_keypair(application_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::35::Lubos Racansky +-- Create a new unique index on pa_application_version(application_key) CREATE UNIQUE INDEX pa_app_version_app_key ON pa_application_version(application_key); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::36::Lubos Racansky +-- Create a new index on pa_application_callback(application_id) CREATE INDEX pa_app_callback_app ON pa_application_callback(application_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::37::Lubos Racansky +-- Create a new unique index on pa_integration(client_token) CREATE UNIQUE INDEX pa_integration_token ON pa_integration(client_token); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::38::Lubos Racansky +-- Create a new index on pa_signature_audit(activation_id) CREATE INDEX pa_signature_audit_activation ON pa_signature_audit(activation_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::39::Lubos Racansky +-- Create a new index on pa_signature_audit(timestamp_created) CREATE INDEX pa_signature_audit_created ON pa_signature_audit(timestamp_created); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::40::Lubos Racansky +-- Create a new index on pa_token(activation_id) CREATE INDEX pa_token_activation ON pa_token(activation_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::41::Lubos Racansky +-- Create a new index on pa_recovery_code(recovery_code) CREATE INDEX pa_recovery_code_code ON pa_recovery_code(recovery_code); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::42::Lubos Racansky +-- Create a new index on pa_recovery_code(application_id) CREATE INDEX pa_recovery_code_app ON pa_recovery_code(application_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::43::Lubos Racansky +-- Create a new index on pa_recovery_code(user_id) CREATE INDEX pa_recovery_code_user ON pa_recovery_code(user_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::44::Lubos Racansky +-- Create a new index on pa_recovery_code(activation_id) CREATE INDEX pa_recovery_code_act ON pa_recovery_code(activation_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::45::Lubos Racansky +-- Create a new unique index on pa_recovery_puk(recovery_code_id, puk_index) CREATE UNIQUE INDEX pa_recovery_code_puk ON pa_recovery_puk(recovery_code_id, puk_index); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::46::Lubos Racansky +-- Create a new index on pa_recovery_puk(recovery_code_id) CREATE INDEX pa_recovery_puk_code ON pa_recovery_puk(recovery_code_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::47::Lubos Racansky +-- Create a new unique index on pa_recovery_config(application_id) CREATE UNIQUE INDEX pa_recovery_config_app ON pa_recovery_config(application_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::48::Lubos Racansky +-- Create a new unique index on pa_application(name) CREATE UNIQUE INDEX pa_application_name ON pa_application(name); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::49::Lubos Racansky +-- Create a new index on pa_operation(user_id) CREATE INDEX pa_operation_user ON pa_operation(user_id); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::50::Lubos Racansky +-- Create a new index on pa_operation(timestamp_created) CREATE INDEX pa_operation_ts_created_idx ON pa_operation(timestamp_created); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::51::Lubos Racansky +-- Create a new index on pa_operation(timestamp_expires) CREATE INDEX pa_operation_ts_expires_idx ON pa_operation(timestamp_expires); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::52::Lubos Racansky +-- Create a new index on pa_operation(timestamp_expires, status) CREATE INDEX pa_operation_status_exp ON pa_operation(timestamp_expires, status); +-- Changeset powerauth-java-server/1.4.x/20230322-init-db.xml::53::Lubos Racansky +-- Create a new index on pa_operation_template(template_name) CREATE INDEX pa_operation_template_name_idx ON pa_operation_template(template_name); +-- Changeset powerauth-java-server/1.4.x/20230322-shedlock.xml::1::Lubos Racansky +-- Create a new table shedlock +CREATE TABLE shedlock (name VARCHAR(64) NOT NULL, lock_until TIMESTAMP WITHOUT TIME ZONE NOT NULL, locked_at TIMESTAMP WITHOUT TIME ZONE NOT NULL, locked_by VARCHAR(255) NOT NULL, CONSTRAINT shedlock_pkey PRIMARY KEY (name)); + +-- Changeset powerauth-java-server/1.4.x/20230323-add-tag-1.4.0.xml::1::Lubos Racansky +-- Changeset powerauth-java-server/1.5.x/20230324-add-column-signature-data-body::1::Roman Strobl +-- Add signature_data_body column of type Clob +ALTER TABLE pa_signature_audit ADD signature_data_body TEXT; + +-- Changeset powerauth-java-server/1.5.x/20230323-add-column-signature-metadata::1::Lubos Racansky +-- Add signature_metadata column of type Clob +ALTER TABLE pa_signature_audit ADD signature_metadata TEXT; + +-- Changeset powerauth-java-server/1.5.x/20230426-add-column-totp-seed::1::Lubos Racansky +-- Add totp_seed column +ALTER TABLE pa_operation ADD totp_seed VARCHAR(24); + +-- Changeset powerauth-java-server/1.5.x/20230426-add-column-totp-seed::2::Lubos Racansky +-- Add proximity_check_enabled column +ALTER TABLE pa_operation_template ADD proximity_check_enabled BOOLEAN DEFAULT FALSE NOT NULL; + +-- Changeset powerauth-java-server/1.5.x/20230723-add-table-unique-value.xml::1::Roman Strobl +-- Create a new table pa_unique_value +CREATE TABLE pa_unique_value (unique_value VARCHAR(255) NOT NULL, type INTEGER NOT NULL, timestamp_expires TIMESTAMP WITHOUT TIME ZONE NOT NULL, CONSTRAINT pa_unique_value_pkey PRIMARY KEY (unique_value)); + +-- Changeset powerauth-java-server/1.5.x/20230723-add-table-unique-value.xml::2::Roman Strobl +-- Create a new index on pa_unique_value(timestamp_expires) CREATE INDEX pa_unique_value_expiration ON pa_unique_value(timestamp_expires); --- --- Auditing indexes. --- -CREATE INDEX IF NOT EXISTS audit_log_timestamp ON audit_log (timestamp_created); -CREATE INDEX IF NOT EXISTS audit_log_application ON audit_log (application_name); -CREATE INDEX IF NOT EXISTS audit_log_level ON audit_log (audit_level); -CREATE INDEX IF NOT EXISTS audit_log_type ON audit_log (audit_type); -CREATE INDEX IF NOT EXISTS audit_param_log ON audit_param (audit_log_id); -CREATE INDEX IF NOT EXISTS audit_param_timestamp ON audit_param (timestamp_created); -CREATE INDEX IF NOT EXISTS audit_param_key ON audit_param (param_key); +-- Changeset powerauth-java-server/1.5.x/20230822-add-tag-1.5.0.xml::1::Lubos Racansky +-- Changeset powerauth-java-server/1.6.x/20231018-add-constraint-operation-template-name.xml::1::Jan Pesek +-- Add unique constraint to pa_operation_template.template_name +ALTER TABLE pa_operation_template ADD CONSTRAINT pa_operation_template_template_name_uk UNIQUE (template_name); + +-- Changeset powerauth-java-server/1.6.x/20231103-add-activation-name-history.xml::1::Lubos Racansky +-- Add activation_name column to pa_activation_history +ALTER TABLE pa_activation_history ADD activation_name VARCHAR(255); + +-- Changeset powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml::1::Jan Pesek +ALTER TABLE pa_operation_application ADD CONSTRAINT pa_operation_application_application_id_fk FOREIGN KEY (application_id) REFERENCES pa_application (id); + +-- Changeset powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml::2::Jan Pesek +ALTER TABLE pa_operation_application ADD CONSTRAINT pa_operation_application_operation_id_fk FOREIGN KEY (operation_id) REFERENCES pa_operation (id); + +-- Changeset powerauth-java-server/1.6.x/20231112-add-activation-id.xml::1::Jan Dusil +-- Add activation_id column to pa_operation with foreign key constraint +ALTER TABLE pa_operation ADD activation_id VARCHAR(37); + +ALTER TABLE pa_operation ADD CONSTRAINT pa_operation_activation_id_fk FOREIGN KEY (activation_id) REFERENCES pa_activation (activation_id); + +-- Changeset powerauth-java-server/1.6.x/20231123-operation-user-nullable.xml::1::Roman Strobl +-- Make user_id column in table pa_operation nullable +ALTER TABLE pa_operation ALTER COLUMN user_id DROP NOT NULL; + +-- Changeset powerauth-java-server/1.6.x/20231212-add-tag-1.6.0.xml::1::Lubos Racansky diff --git a/docs/sql/postgresql/delete_schema.sql b/docs/sql/postgresql/delete_schema.sql deleted file mode 100644 index 2b63f1272..000000000 --- a/docs/sql/postgresql/delete_schema.sql +++ /dev/null @@ -1,34 +0,0 @@ --- --- Drop all tables. --- -DROP TABLE IF EXISTS "pa_activation" CASCADE; -DROP TABLE IF EXISTS "pa_activation_history" CASCADE; -DROP TABLE IF EXISTS "pa_application" CASCADE; -DROP TABLE IF EXISTS "pa_application_version" CASCADE; -DROP TABLE IF EXISTS "pa_token" CASCADE; -DROP TABLE IF EXISTS "pa_master_keypair" CASCADE; -DROP TABLE IF EXISTS "pa_signature_audit" CASCADE; -DROP TABLE IF EXISTS "pa_integration" CASCADE; -DROP TABLE IF EXISTS "pa_application_callback" CASCADE; -DROP TABLE IF EXISTS "pa_recovery_config" CASCADE; -DROP TABLE IF EXISTS "pa_recovery_puk" CASCADE; -DROP TABLE IF EXISTS "pa_recovery_code" CASCADE; -DROP TABLE IF EXISTS "pa_operation" CASCADE; -DROP TABLE IF EXISTS "pa_operation_template" CASCADE; -DROP TABLE IF EXISTS "pa_unique_value" CASCADE; - --- Optionally drop the shedlock table --- DROP TABLE IF EXISTS "shedlock" CASCADE; - --- --- Drop all sequences. --- -DROP SEQUENCE IF EXISTS "pa_application_seq"; -DROP SEQUENCE IF EXISTS "pa_application_version_seq"; -DROP SEQUENCE IF EXISTS "pa_master_keypair_seq"; -DROP SEQUENCE IF EXISTS "pa_signature_audit_seq"; -DROP SEQUENCE IF EXISTS "pa_activation_history_seq"; -DROP SEQUENCE IF EXISTS "pa_recovery_code_seq"; -DROP SEQUENCE IF EXISTS "pa_recovery_puk_seq"; -DROP SEQUENCE IF EXISTS "pa_recovery_config_seq"; -DROP SEQUENCE IF EXISTS "pa_operation_template_seq"; From 299a6cdfd4a171168eaa9622d276549a55d24ca2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Thu, 18 Jan 2024 14:40:42 +0800 Subject: [PATCH 043/146] Fix #1253: FIDO2: Improve error handling (#1254) --- .../model/converter/RegistrationConverter.java | 8 +++++--- .../AttestationObjectDeserializer.java | 5 +++-- .../CollectedClientDataDeserializer.java | 3 ++- .../fido2/service/AssertionService.java | 6 +++++- .../fido2/service/RegistrationService.java | 7 +++++-- .../service/provider/AuthenticatorProvider.java | 3 ++- .../fido2/PowerAuthAuthenticatorProvider.java | 17 ++++++++++------- 7 files changed, 32 insertions(+), 17 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index 2915d8ac3..e313bbfd1 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -32,6 +32,7 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.Map; +import java.util.Optional; /** * Converter class for registration related objects. @@ -44,7 +45,7 @@ public class RegistrationConverter { private final AaguidList aaguidRegistry = new AaguidList(); - public AuthenticatorDetail convert(RegistrationChallenge challenge, RegistrationRequest requestObject, byte[] aaguid, byte[] publicKey) { + public Optional convert(RegistrationChallenge challenge, RegistrationRequest requestObject, byte[] aaguid, byte[] publicKey) { try { final AuthenticatorDetail authenticatorDetail = new AuthenticatorDetail(); authenticatorDetail.setUserId(challenge.getUserId()); @@ -62,9 +63,10 @@ public AuthenticatorDetail convert(RegistrationChallenge challenge, Registration authenticatorDetail.setPublicKeyBytes(publicKey); authenticatorDetail.setFailedAttempts(0L); authenticatorDetail.setMaxFailedAttempts(5L); - return authenticatorDetail; + return Optional.of(authenticatorDetail); } catch (JsonProcessingException e) { - throw new RuntimeException(e); + logger.warn(e.getMessage(), e); + return Optional.empty(); } } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java index 0ce540c74..536c07ce5 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java @@ -52,7 +52,7 @@ public AttestationObjectDeserializer(Class vc) { } @Override - public AttestationObject deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException, JacksonException { + public AttestationObject deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { try { final String originalTextValue = jsonParser.getText(); final byte[] decodedAttestationObject = Base64.getDecoder().decode(originalTextValue); @@ -60,7 +60,8 @@ public AttestationObject deserialize(JsonParser jsonParser, DeserializationConte attestationObject.setEncoded(originalTextValue); return attestationObject; } catch (IOException e) { - throw new RuntimeException(e); + logger.warn(e.getMessage(), e); + return null; } } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java index c2eda992f..c6ddc20d7 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java @@ -60,7 +60,8 @@ public CollectedClientData deserialize(JsonParser jsonParser, DeserializationCon collectedClientData.setEncoded(new String(decodedClientDataJSON)); return collectedClientData; } catch (IOException e) { - throw new RuntimeException(e); + logger.warn(e.getMessage(), e); + return null; } } } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 05a766464..5940f0e91 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -36,6 +36,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import java.util.Optional; + /** * Service related to handling assertions. * @@ -88,7 +90,9 @@ public AssertionVerificationResponse authenticate(AssertionVerificationRequest r final String applicationId = request.getApplicationId(); final String authenticatorId = request.getId(); final String challenge = request.getResponse().getClientDataJSON().getChallenge(); - final AuthenticatorDetail authenticatorDetail = authenticatorProvider.findByCredentialId(applicationId, authenticatorId); + final Optional authenticatorOptional = authenticatorProvider.findByCredentialId(applicationId, authenticatorId); + authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); + final AuthenticatorDetail authenticatorDetail = authenticatorOptional.get(); if (authenticatorDetail.getActivationStatus() == ActivationStatus.ACTIVE) { final boolean signatureCorrect = cryptographyService.verifySignatureForAssertion(applicationId, authenticatorId, response.getClientDataJSON(), response.getAuthenticatorData(), response.getSignature(), authenticatorDetail); if (signatureCorrect) { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index 75c6e5f74..f34da19a8 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -34,6 +34,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import java.util.Optional; + /** * Service related to handling registrations. * @@ -104,8 +106,9 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E } final RegistrationChallenge challenge = registrationProvider.provideChallengeForRegistrationChallengeValue(applicationId, challengeValue); - final AuthenticatorDetail authenticatorDetail = registrationConverter.convert(challenge, requestObject, attestedCredentialData.getAaguid(), cryptographyService.publicKeyToBytes(attestedCredentialData.getPublicKeyObject())); - final AuthenticatorDetail authenticatorDetailResponse = authenticatorProvider.storeAuthenticator(requestObject.getApplicationId(), challenge.getChallenge(), authenticatorDetail); + final Optional authenticatorOptional = registrationConverter.convert(challenge, requestObject, attestedCredentialData.getAaguid(), cryptographyService.publicKeyToBytes(attestedCredentialData.getPublicKeyObject())); + authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); + final AuthenticatorDetail authenticatorDetailResponse = authenticatorProvider.storeAuthenticator(requestObject.getApplicationId(), challenge.getChallenge(), authenticatorOptional.get()); return registrationConverter.convertRegistrationResponse(authenticatorDetailResponse); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java index 7587b3dce..b8336e338 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java @@ -22,6 +22,7 @@ import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; import java.util.List; +import java.util.Optional; /** * Interface for handling authenticator handling logic. @@ -31,6 +32,6 @@ public interface AuthenticatorProvider { AuthenticatorDetail storeAuthenticator(String applicationId, String challenge, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException; List findByUserId(String userId, String applicationId) throws Fido2AuthenticationFailedException; - AuthenticatorDetail findByCredentialId(String credentialId, String applicationId) throws Fido2AuthenticationFailedException; + Optional findByCredentialId(String credentialId, String applicationId) throws Fido2AuthenticationFailedException; } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java index 3b93f060a..c24f3fdca 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java @@ -104,8 +104,8 @@ public List findByUserId(String userId, String applicationI if (!Protocols.FIDO2.toString().equals(activation.getProtocol())) { // Check the protocol, just in case continue; } - final AuthenticatorDetail authenticatorDetail = convert(activation, application.get()); - authenticatorDetailList.add(authenticatorDetail); + final Optional authenticatorOptional = convert(activation, application.get()); + authenticatorOptional.ifPresent(authenticatorDetailList::add); } pageIndex++; activationList = serviceBehaviorCatalogue.getActivationServiceBehavior().getActivationList(applicationId, userId, Set.of(Protocols.FIDO2), PageRequest.of(pageIndex, 1000), Set.of(ActivationStatus.ACTIVE, ActivationStatus.BLOCKED)); @@ -115,7 +115,7 @@ public List findByUserId(String userId, String applicationI @Override @Transactional - public AuthenticatorDetail findByCredentialId(String applicationId, String credentialId) throws Fido2AuthenticationFailedException { + public Optional findByCredentialId(String applicationId, String credentialId) throws Fido2AuthenticationFailedException { // Find application final Optional application = applicationRepository.findById(applicationId); @@ -236,7 +236,9 @@ public AuthenticatorDetail storeAuthenticator(String applicationId, String activ activationResponse.setDevicePublicKeyBase64(activation.getDevicePublicKeyBase64()); // Generate authenticator detail - return convert(activationResponse, applicationEntity); + final Optional authenticatorOptional = convert(activationResponse, applicationEntity); + authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Authenticator object deserialization failed")); + return authenticatorOptional.get(); } catch (GenericCryptoException ex) { logger.error(ex.getMessage(), ex); // Rollback is not required, cryptography errors can only occur before writing to database @@ -253,7 +255,7 @@ public AuthenticatorDetail storeAuthenticator(String applicationId, String activ } - private AuthenticatorDetail convert(Activation activation, ApplicationEntity application) { + private Optional convert(Activation activation, ApplicationEntity application) { final AuthenticatorDetail authenticatorDetail = new AuthenticatorDetail(); authenticatorDetail.setApplicationId(activation.getApplicationId()); @@ -265,7 +267,8 @@ private AuthenticatorDetail convert(Activation activation, ApplicationEntity app try { authenticatorDetail.setExtras(objectMapper.readValue(activation.getExtras(), new TypeReference>() {})); } catch (JsonProcessingException e) { - // + logger.warn(e.getMessage(), e); + return Optional.empty(); } authenticatorDetail.setActivationFlags(activation.getActivationFlags()); authenticatorDetail.setDeviceInfo(activation.getDeviceInfo()); @@ -279,7 +282,7 @@ private AuthenticatorDetail convert(Activation activation, ApplicationEntity app authenticatorDetail.setApplicationRoles(application.getRoles()); - return authenticatorDetail; + return Optional.of(authenticatorDetail); } From b88ec40ba3beba5ca8aa48e80cf4982b04c018a7 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Thu, 18 Jan 2024 14:50:52 +0800 Subject: [PATCH 044/146] Add a test profile for FIDO2 tests --- .../java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java index de2a13d02..ee478485a 100644 --- a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java +++ b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java @@ -56,6 +56,7 @@ import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.ActiveProfiles; import java.io.IOException; import java.nio.ByteBuffer; @@ -71,6 +72,7 @@ * @author Roman Strobl, roman.strobl@wultra.com */ @SpringBootTest(classes = Application.class) +@ActiveProfiles("test") class Fido2AuthenticatorTest { private final CBORMapper CBOR_MAPPER = new CBORMapper(); From b685dea13d60576df8775d5dba72e1aabd3c9932 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Thu, 18 Jan 2024 14:58:52 +0800 Subject: [PATCH 045/146] Fix formatting --- powerauth-fido2/pom.xml | 144 ++++++++++++++++++++-------------------- 1 file changed, 72 insertions(+), 72 deletions(-) diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml index 2b1a392b3..b6e079c1f 100644 --- a/powerauth-fido2/pom.xml +++ b/powerauth-fido2/pom.xml @@ -17,84 +17,84 @@ ~ along with this program. If not, see . --> - 4.0.0 + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> + 4.0.0 - powerauth-fido2 - powerauth-fido2 - powerauth-fido2 + powerauth-fido2 + powerauth-fido2 + powerauth-fido2 - - io.getlime.security - powerauth-server-parent - 1.7.0-SNAPSHOT - + + io.getlime.security + powerauth-server-parent + 1.7.0-SNAPSHOT + - - - org.springframework.boot - spring-boot-starter-web - - - org.springframework.boot - spring-boot-starter-validation - - - org.apache.tomcat.embed - tomcat-embed-el - - - - - org.springdoc - springdoc-openapi-starter-webmvc-ui - 2.1.0 - + + + org.springframework.boot + spring-boot-starter-web + + + org.springframework.boot + spring-boot-starter-validation + + + org.apache.tomcat.embed + tomcat-embed-el + + + + + org.springdoc + springdoc-openapi-starter-webmvc-ui + 2.1.0 + - - com.fasterxml.jackson.dataformat - jackson-dataformat-cbor - 2.14.2 - - - org.postgresql - postgresql - runtime - - - org.projectlombok - lombok - true - + + com.fasterxml.jackson.dataformat + jackson-dataformat-cbor + 2.14.2 + + + org.postgresql + postgresql + runtime + + + org.projectlombok + lombok + true + - - io.getlime.security - powerauth-java-crypto - 1.5.1 - - - io.getlime.core - rest-client-base - 1.7.0-SNAPSHOT - - - io.getlime.security - powerauth-client-model - 1.7.0-SNAPSHOT - + + io.getlime.security + powerauth-java-crypto + 1.5.1 + + + io.getlime.core + rest-client-base + 1.7.0-SNAPSHOT + + + io.getlime.security + powerauth-client-model + 1.7.0-SNAPSHOT + - - org.bouncycastle - bcprov-jdk18on - ${bcprov-jdk18on.version} - provided - + + org.bouncycastle + bcprov-jdk18on + ${bcprov-jdk18on.version} + provided + - - org.springframework.boot - spring-boot-starter-test - test - - + + org.springframework.boot + spring-boot-starter-test + test + + From b56c5ed0507ba4b5bcb7a1be86be109379f2fbba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Thu, 18 Jan 2024 15:02:55 +0800 Subject: [PATCH 046/146] Remove empty line MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Luboš Račanský --- .../powerauth/fido2/rest/model/request/RegistrationRequest.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java index ae64d98fc..591bb6fe1 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java @@ -37,6 +37,4 @@ public class RegistrationRequest { // Authenticator parameters private AuthenticatorParameters authenticatorParameters; - - } From e893b808c70d6401b714a95a645372923828f05a Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Thu, 18 Jan 2024 15:05:43 +0800 Subject: [PATCH 047/146] Remove explicit versions --- powerauth-fido2/pom.xml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml index b6e079c1f..37f273cf2 100644 --- a/powerauth-fido2/pom.xml +++ b/powerauth-fido2/pom.xml @@ -70,17 +70,15 @@ io.getlime.security powerauth-java-crypto - 1.5.1 + ${powerauth-java-crypto.version} io.getlime.core rest-client-base - 1.7.0-SNAPSHOT io.getlime.security powerauth-client-model - 1.7.0-SNAPSHOT From 7cd066e7eac135767ac3f3c5484163881f136532 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Thu, 18 Jan 2024 15:07:55 +0800 Subject: [PATCH 048/146] Switch to project version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Luboš Račanský --- powerauth-java-server/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-server/pom.xml b/powerauth-java-server/pom.xml index d79ac193e..52831c215 100644 --- a/powerauth-java-server/pom.xml +++ b/powerauth-java-server/pom.xml @@ -108,7 +108,7 @@ io.getlime.security powerauth-fido2 - 1.7.0-SNAPSHOT + ${project.version} From 847ef9f9cd4249e649ad145dce9153ddc2e41103 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Thu, 18 Jan 2024 15:08:34 +0800 Subject: [PATCH 049/146] Remove lombok dependency --- powerauth-fido2/pom.xml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml index 37f273cf2..e9c976d58 100644 --- a/powerauth-fido2/pom.xml +++ b/powerauth-fido2/pom.xml @@ -61,11 +61,6 @@ postgresql runtime - - org.projectlombok - lombok - true - io.getlime.security From 550e9bd9ed98c2a7fc48c4bb67c74f5848f964ea Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Thu, 18 Jan 2024 15:27:46 +0800 Subject: [PATCH 050/146] Use smaller OpenAPI dependency --- powerauth-fido2/pom.xml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml index e9c976d58..f285598af 100644 --- a/powerauth-fido2/pom.xml +++ b/powerauth-fido2/pom.xml @@ -46,9 +46,8 @@ - org.springdoc - springdoc-openapi-starter-webmvc-ui - 2.1.0 + io.swagger.core.v3 + swagger-annotations-jakarta From 23c0bf27b482356d82a09460a0aaa756d6a3a4c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Thu, 18 Jan 2024 15:30:13 +0800 Subject: [PATCH 051/146] Remove explicit version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Luboš Račanský --- powerauth-fido2/pom.xml | 1 - 1 file changed, 1 deletion(-) diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml index f285598af..ab79ca44e 100644 --- a/powerauth-fido2/pom.xml +++ b/powerauth-fido2/pom.xml @@ -53,7 +53,6 @@ com.fasterxml.jackson.dataformat jackson-dataformat-cbor - 2.14.2 org.postgresql From 82f19a3860e554533735b4ad07193b4289d3a5f0 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Thu, 18 Jan 2024 08:46:52 +0100 Subject: [PATCH 052/146] Fix #1263: Clean-up FIDO2 pom.xml --- pom.xml | 12 ++++++++++++ powerauth-fido2/pom.xml | 14 -------------- powerauth-java-server/pom.xml | 3 --- 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/pom.xml b/pom.xml index 944574a7e..50f7f2efc 100644 --- a/pom.xml +++ b/pom.xml @@ -123,6 +123,12 @@ ${project.version} + + io.getlime.security + powerauth-java-crypto + ${powerauth-java-crypto.version} + + io.getlime.core @@ -132,6 +138,12 @@ import + + org.bouncycastle + bcprov-jdk18on + ${bcprov-jdk18on.version} + + io.swagger.core.v3 swagger-annotations-jakarta diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml index ab79ca44e..139030213 100644 --- a/powerauth-fido2/pom.xml +++ b/powerauth-fido2/pom.xml @@ -38,12 +38,6 @@ org.springframework.boot spring-boot-starter-validation - - - org.apache.tomcat.embed - tomcat-embed-el - - io.swagger.core.v3 @@ -54,16 +48,10 @@ com.fasterxml.jackson.dataformat jackson-dataformat-cbor - - org.postgresql - postgresql - runtime - io.getlime.security powerauth-java-crypto - ${powerauth-java-crypto.version} io.getlime.core @@ -77,8 +65,6 @@ org.bouncycastle bcprov-jdk18on - ${bcprov-jdk18on.version} - provided diff --git a/powerauth-java-server/pom.xml b/powerauth-java-server/pom.xml index 52831c215..3d83b9d00 100644 --- a/powerauth-java-server/pom.xml +++ b/powerauth-java-server/pom.xml @@ -87,7 +87,6 @@ io.getlime.security powerauth-java-crypto - ${powerauth-java-crypto.version} io.getlime.core @@ -111,7 +110,6 @@ ${project.version} - org.springdoc @@ -128,7 +126,6 @@ org.bouncycastle bcprov-jdk18on - ${bcprov-jdk18on.version} From 420737c764a492f500904a8581481b7bd70f392f Mon Sep 17 00:00:00 2001 From: Jan Dusil <134381434+jandusil@users.noreply.github.com> Date: Fri, 19 Jan 2024 09:53:10 +0100 Subject: [PATCH 053/146] Fix #1099: Move tests from powerauth-tests to this repo (#1235) * Fix #1099: Move tests from powerauth-tests to this repo - Move operation tests - Move application roles test - Move callback controller tests - Move activation tests - Move more auth tests - Add javadoc - Add helper methods --- powerauth-java-server/pom.xml | 15 + .../api/PowerAuthControllerTest.java | 1384 ++++++++++++++++- .../api/PowerAuthControllerTestConfig.java | 82 + .../tasks/OperationServiceBehaviorTest.java | 57 + .../api/PowerAuthControllerTest.sql | 8 - 5 files changed, 1453 insertions(+), 93 deletions(-) create mode 100644 powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTestConfig.java delete mode 100644 powerauth-java-server/src/test/resources/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.sql diff --git a/powerauth-java-server/pom.xml b/powerauth-java-server/pom.xml index 3d83b9d00..c8913711d 100644 --- a/powerauth-java-server/pom.xml +++ b/powerauth-java-server/pom.xml @@ -156,6 +156,14 @@ micrometer-registry-prometheus + + + io.netty + netty-resolver-dns-native-macos + runtime + osx-aarch_64 + + org.springframework.boot @@ -178,6 +186,13 @@ ${webauthn4j.version} test + + + io.getlime.security + powerauth-rest-client-spring + test + + nl.jqno.equalsverifier equalsverifier diff --git a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.java b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.java index 341f30036..a8de53129 100644 --- a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.java +++ b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.java @@ -1,6 +1,6 @@ /* * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. + * Copyright (C) 2024 Wultra s.r.o. * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published @@ -17,112 +17,1326 @@ */ package io.getlime.security.powerauth.app.server.controller.api; -import com.wultra.core.audit.base.database.DatabaseAudit; -import io.getlime.security.powerauth.app.server.database.model.entity.ActivationHistoryEntity; -import io.getlime.security.powerauth.app.server.database.model.entity.ActivationRecordEntity; -import jakarta.persistence.EntityManager; -import jakarta.persistence.Tuple; -import org.junit.jupiter.api.Test; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.wultra.security.powerauth.client.PowerAuthClient; +import com.wultra.security.powerauth.client.model.entity.CallbackUrl; +import com.wultra.security.powerauth.client.model.enumeration.*; +import com.wultra.security.powerauth.client.model.error.PowerAuthClientException; +import com.wultra.security.powerauth.client.model.request.*; +import com.wultra.security.powerauth.client.model.response.*; +import io.getlime.security.powerauth.app.server.service.model.request.ActivationLayer2Request; +import io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor; +import io.getlime.security.powerauth.crypto.lib.encryptor.EncryptorFactory; +import io.getlime.security.powerauth.crypto.lib.encryptor.ServerEncryptor; +import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptedRequest; +import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorId; +import io.getlime.security.powerauth.crypto.lib.encryptor.model.EncryptorParameters; +import io.getlime.security.powerauth.crypto.lib.encryptor.model.v3.ClientEncryptorSecrets; +import io.getlime.security.powerauth.crypto.lib.encryptor.model.v3.ServerEncryptorSecrets; +import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator; +import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor; +import org.junit.jupiter.api.*; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.http.MediaType; import org.springframework.test.context.ActiveProfiles; -import org.springframework.test.context.jdbc.Sql; -import org.springframework.test.web.servlet.MockMvc; import org.springframework.transaction.annotation.Transactional; -import java.util.List; +import java.io.ByteArrayOutputStream; +import java.nio.charset.StandardCharsets; +import java.security.KeyPair; +import java.security.PublicKey; +import java.time.LocalDate; +import java.time.LocalDateTime; +import java.time.ZoneId; +import java.util.*; import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.Matchers.containsString; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; +import static org.hamcrest.Matchers.greaterThan; +import static org.hamcrest.Matchers.hasSize; +import static org.junit.jupiter.api.Assertions.*; /** * Test for {@link PowerAuthController}. * * @author Lubos Racansky, lubos.racansky@wultra.com */ -@SpringBootTest -@AutoConfigureMockMvc -@Sql -@Transactional +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) @ActiveProfiles("test") +@Transactional +@TestInstance(TestInstance.Lifecycle.PER_CLASS) class PowerAuthControllerTest { @Autowired - private MockMvc mockMvc; + private PowerAuthClient powerAuthClient; @Autowired - private EntityManager entityManager; + private PowerAuthControllerTestConfig config; + private final KeyConvertor keyConvertor = new KeyConvertor(); + private final EncryptorFactory encryptorFactory = new EncryptorFactory(); + private final KeyGenerator keyGenerator = new KeyGenerator(); + private final ObjectMapper objectMapper = new ObjectMapper(); - @Autowired - private DatabaseAudit databaseAudit; + @BeforeAll + void initializeData() throws Exception { + createApplication(); + createLoginOperationTemplate(); + } + + /** + * Tests the process of removing an activation. + *

+ * This test carries out the following operations: + *

    + *
  1. Creates a request to remove an existing activation, using the activation ID from the configuration.
    2. + *
  2. Sends the removal request and asserts that the response confirms the activation's removal.
    3. + *
  3. Asserts that the activation ID in the removal response matches the one from the configuration.
    4. + *
  4. Fetches the current status of the activation to verify that it has been set to 'REMOVED'.
    5. + *
+ *

+ * + * @throws Exception if any error occurs during the test execution or if the assertions fail. + */ + @Test + void testRemoveActivation() throws Exception { + initActivation(); + final RemoveActivationRequest removeActivationRequest = new RemoveActivationRequest(); + removeActivationRequest.setActivationId(config.getActivationId()); + removeActivationRequest.setExternalUserId(null); + + final RemoveActivationResponse removeActivationResponse = powerAuthClient.removeActivation(removeActivationRequest); + assertTrue(removeActivationResponse.isRemoved()); + assertEquals(config.getActivationId(), removeActivationResponse.getActivationId()); + + final GetActivationStatusRequest activationStatusRequest = new GetActivationStatusRequest(); + activationStatusRequest.setActivationId(config.getActivationId()); + + final GetActivationStatusResponse statusResponse = powerAuthClient.getActivationStatus(activationStatusRequest); + assertEquals(ActivationStatus.REMOVED, statusResponse.getActivationStatus()); + } + + /** + * Tests the pagination functionality in retrieving an activation list for a specific user. + *

+ * The test executes the following steps: + *

    + *
  1. Prepares a base request for fetching user activations, using user and application IDs from the configuration.
    2. + *
  2. Creates 10 new activations for the user to ensure multiple pages of data.
    3. + *
  3. Fetches the first page of activations, specifying page number and size, and validates the number of activations returned.
    4. + *
  4. Fetches the second page of activations with a different page number but same page size, again validating the number of activations returned.
    5. + *
  5. Asserts that the activations on the two pages are not identical, verifying the functionality of pagination.
    6. + *
  6. Removes the created activations to maintain test isolation and ensure clean up after test execution.
    7. + *
+ *

+ * + * @throws Exception if any error occurs during the test execution, the initiation of activations, the removal of activations, or if the assertions fail. + */ + @Test + void testActivationListForUserPagination() throws Exception { + final GetActivationListForUserRequest baseRequest = new GetActivationListForUserRequest(); + baseRequest.setUserId(PowerAuthControllerTestConfig.USER_ID); + baseRequest.setApplicationId(config.getApplicationId()); + final List activationIds = new ArrayList<>(); + + for (int i = 0; i < 10; i++) { + final InitActivationRequest initActivationRequest = new InitActivationRequest(); + initActivationRequest.setApplicationId(config.getApplicationId()); + initActivationRequest.setUserId(PowerAuthControllerTestConfig.USER_ID); + final InitActivationResponse initResponse = powerAuthClient.initActivation(initActivationRequest); + activationIds.add(initResponse.getActivationId()); + } + + final GetActivationListForUserRequest requestPage1 = new GetActivationListForUserRequest(); + requestPage1.setUserId(baseRequest.getUserId()); + requestPage1.setApplicationId(baseRequest.getApplicationId()); + requestPage1.setPageNumber(0); + requestPage1.setPageSize(5); + + final GetActivationListForUserResponse activationListForUserResponse1 = powerAuthClient + .getActivationListForUser(requestPage1); + assertEquals(5, activationListForUserResponse1.getActivations().size()); + + final GetActivationListForUserRequest requestPage2 = new GetActivationListForUserRequest(); + requestPage2.setUserId(baseRequest.getUserId()); + requestPage2.setApplicationId(baseRequest.getApplicationId()); + requestPage2.setPageNumber(1); + requestPage2.setPageSize(5); + + final GetActivationListForUserResponse activationListForUserResponse2 = powerAuthClient + .getActivationListForUser(requestPage2); + assertEquals(5, activationListForUserResponse2.getActivations().size()); + assertThat(activationListForUserResponse2.getActivations(), hasSize(5)); + + assertNotEquals(activationListForUserResponse2.getActivations(), activationListForUserResponse1.getActivations()); + + for (final String id : activationIds) { + final RemoveActivationResponse removeActivationResponse = powerAuthClient.removeActivation(id, PowerAuthControllerTestConfig.USER_ID); + assertTrue(removeActivationResponse.isRemoved()); + } + } + + /** + * Tests the activation lookup process based on specific criteria. + * + *

This test executes the following actions:

+ *
    + *
  1. Constructs a request to look up activations, specifying criteria such as user IDs, + * application IDs, activation status, and a timestamp. The timestamp is set to 10 seconds + * before the current time to include recent activations.
    2. + *
  2. Sends the lookup request and verifies the response to ensure it contains the expected + * number of activations meeting the specified criteria.
    3. + *
  3. Asserts that the number of activations in the response matches the expected count, + * confirming the correct functionality of the lookup process.
    4. + *
+ * + * @throws Exception if any errors occur during the execution of the test or if the assertions fail. + */ + @Test + void testLookupActivations() throws Exception { + initActivation(); + final LookupActivationsRequest lookupActivationsRequest = new LookupActivationsRequest(); + /* We are looking for an activation created during initialization of the test suite. */ + final Date timestampCreated = Date.from(LocalDateTime.now().minusSeconds(1).atZone(ZoneId.systemDefault()).toInstant()); + lookupActivationsRequest.setUserIds(List.of(PowerAuthControllerTestConfig.USER_ID)); + lookupActivationsRequest.setApplicationIds(List.of(config.getApplicationId())); + lookupActivationsRequest.setActivationStatus(ActivationStatus.CREATED); + lookupActivationsRequest.setTimestampLastUsedAfter(timestampCreated); + + final LookupActivationsResponse lookupActivationsResponse = powerAuthClient.lookupActivations(lookupActivationsRequest); + assertThat(lookupActivationsResponse.getActivations(), hasSize(1)); + removeActivation(); + } + /** + * Tests the process of updating the status of specific activations. + * + *

This test performs the following actions:

+ *
    + *
  1. Creates a request to update the status of specified activations to 'BLOCKED', using the activation ID from the configuration.
    2. + *
  2. Sends the update request and verifies that the response confirms the successful update of the activation statuses.
    3. + *
  3. Retrieves the current status of the activation to validate that it has been updated to 'BLOCKED' as expected.
    4. + *
+ * + * @throws Exception if any error occurs during the test execution or if the assertions fail. + */ + @Test + void testUpdateActivationStatus() throws Exception { + initActivation(); + final UpdateStatusForActivationsRequest updateStatusForActivationsRequest = new UpdateStatusForActivationsRequest(); + updateStatusForActivationsRequest.setActivationIds(List.of(config.getActivationId())); + updateStatusForActivationsRequest.setActivationStatus(ActivationStatus.BLOCKED); + + final UpdateStatusForActivationsResponse updateStatusForActivationsResponse = + powerAuthClient.updateStatusForActivations(updateStatusForActivationsRequest); + assertTrue(updateStatusForActivationsResponse.isUpdated()); + + final GetActivationStatusRequest activationStatusRequest = new GetActivationStatusRequest(); + activationStatusRequest.setActivationId(config.getActivationId()); + final GetActivationStatusResponse statusResponse = powerAuthClient.getActivationStatus(activationStatusRequest); + assertEquals(ActivationStatus.BLOCKED, statusResponse.getActivationStatus()); + removeActivation(); + } + + /** + * Tests the process of retrieving activation history for a specific activation ID. + *

+ * This test performs the following steps: + *

    + *
  1. Defines a time range, starting 10 seconds before the current time and ending 10 seconds after.
    2. + *
  2. Constructs an activation history request with the specified activation ID and the defined time range.
    3. + *
  3. Sends the request to retrieve the activation history.
    4. + *
  4. Asserts that the response contains exactly one history item.
    5. + *
  5. Verifies that the activation ID of the history item matches the activation ID used in the request.
    6. + *
+ *

+ * + * @throws Exception if any error occurs during the test execution or if the assertions fail. + */ + @Test + void testActivationHistory() throws Exception { + initActivation(); + final Date before = Date.from(LocalDateTime.now().minusSeconds(1).atZone(ZoneId.systemDefault()).toInstant()); + final Date after = Date.from(LocalDateTime.now().plusSeconds(1).atZone(ZoneId.systemDefault()).toInstant()); + final ActivationHistoryRequest activationHistoryRequest = new ActivationHistoryRequest(); + activationHistoryRequest.setActivationId(config.getActivationId()); + activationHistoryRequest.setTimestampFrom(before); + activationHistoryRequest.setTimestampTo(after); + + final ActivationHistoryResponse activationHistoryResponse = powerAuthClient.getActivationHistory(activationHistoryRequest); + assertThat(activationHistoryResponse.getItems(), hasSize(1)); + assertEquals(config.getActivationId(), activationHistoryResponse.getItems().get(0).getActivationId()); + removeActivation(); + } + + /** + * Tests the process of blocking and unblocking an activation. + *

+ * This test follows these steps: + *

    + *
  1. Prepares and sends a request to block an activation, specifying the activation ID and a blocking reason.
    2. + *
  2. Verifies that the response indicates the activation was successfully blocked.
    3. + *
  3. Asserts the consistency of the activation ID and blocking reason in the block response.
    4. + *
  4. Fetches the current status of the activation to confirm that it has been changed to 'BLOCKED'.
    5. + *
  5. Prepares and sends a request to unblock the same activation.
    6. + *
  6. Verifies that the unblock response indicates the activation was successfully unblocked.
    7. + *
  7. Fetches the activation status again to confirm that it has reverted to 'ACTIVE'.
    8. + *
+ *

+ * + * @throws Exception if any error occurs during the test execution or if the assertions fail. + */ + @Test + void testBlockAndUnblockActivation() throws Exception { + initActivation(); + final UpdateStatusForActivationsRequest updateStatusForActivationsRequest = new UpdateStatusForActivationsRequest(); + updateStatusForActivationsRequest.setActivationIds(List.of(config.getActivationId())); + updateStatusForActivationsRequest.setActivationStatus(ActivationStatus.ACTIVE); + + final UpdateStatusForActivationsResponse updateStatusForActivationsResponse = + powerAuthClient.updateStatusForActivations(updateStatusForActivationsRequest); + assertTrue(updateStatusForActivationsResponse.isUpdated()); + + final BlockActivationRequest blockActivationRequest = new BlockActivationRequest(); + final String blockingReason = "Test-blocking"; + blockActivationRequest.setActivationId(config.getActivationId()); + blockActivationRequest.setReason(blockingReason); + + final BlockActivationResponse blockActivationResponse = powerAuthClient.blockActivation((blockActivationRequest)); + assertEquals(config.getActivationId(), blockActivationResponse.getActivationId()); + assertEquals(blockingReason, blockActivationResponse.getBlockedReason()); + assertEquals(ActivationStatus.BLOCKED, blockActivationResponse.getActivationStatus()); + + final GetActivationStatusRequest activationStatusRequest = new GetActivationStatusRequest(); + activationStatusRequest.setActivationId(config.getActivationId()); + final GetActivationStatusResponse statusResponse = powerAuthClient.getActivationStatus(activationStatusRequest); + assertEquals(ActivationStatus.BLOCKED, statusResponse.getActivationStatus()); + + final UnblockActivationRequest unblockActivationRequest = new UnblockActivationRequest(); + unblockActivationRequest.setActivationId(config.getActivationId()); + final UnblockActivationResponse unblockActivationResponse = powerAuthClient.unblockActivation(unblockActivationRequest); + assertEquals(config.getActivationId(), unblockActivationResponse.getActivationId()); + assertEquals(ActivationStatus.ACTIVE, unblockActivationResponse.getActivationStatus()); + + final GetActivationStatusResponse statusResponse2 = powerAuthClient.getActivationStatus(activationStatusRequest); + assertEquals(ActivationStatus.ACTIVE, statusResponse2.getActivationStatus()); + removeActivation(); + } + + /** + * Tests the process of retrieving activation history for a specific activation ID. + *

+ * This test performs the following steps: + *

    + *
  1. Defines a time range, starting 10 seconds before the current time and ending 10 seconds after.
    2. + *
  2. Constructs an activation history request with the specified activation ID and the defined time range.
    3. + *
  3. Sends the request to retrieve the activation history.
    4. + *
  4. Asserts that the response contains exactly one history item.
    5. + *
  5. Verifies that the activation ID of the history item matches the activation ID used in the request.
    6. + *
+ *

+ * + * @throws Exception if any error occurs during the test execution or if the assertions fail. + */ @Test void testUpdateActivation() throws Exception { - mockMvc.perform(post("/rest/v3/activation/name/update") - .content(""" - { - "requestObject": { - "activationId": "e43a5dec-afea-4a10-a80b-b2183399f16b", - "activationName": "my iPhone", - "externalUserId": "joe-1" - } - } - """) - .contentType(MediaType.APPLICATION_JSON) - .accept(MediaType.APPLICATION_JSON)) - .andExpect(status().isOk()) - .andExpect(jsonPath("$.status").value("OK")) - .andExpect(jsonPath("$.responseObject.activationName").value("my iPhone")); - - final ActivationRecordEntity activation = entityManager.find(ActivationRecordEntity.class, "e43a5dec-afea-4a10-a80b-b2183399f16b"); - assertEquals("my iPhone", activation.getActivationName()); - - final List historyEntries = entityManager.createQuery("select h from ActivationHistoryEntity h where h.activation = :activation", ActivationHistoryEntity.class) - .setParameter("activation", activation) - .getResultList(); - assertEquals(1, historyEntries.size()); - - final ActivationHistoryEntity historyEntry = historyEntries.iterator().next(); - assertEquals("my iPhone", historyEntry.getActivationName()); - assertEquals("ACTIVATION_NAME_UPDATED", historyEntry.getEventReason()); - assertEquals("joe-1", historyEntry.getExternalUserId()); - - databaseAudit.flush(); - final String expectedAuditMessage = "Updated activation with ID: e43a5dec-afea-4a10-a80b-b2183399f16b"; - @SuppressWarnings("unchecked") - final List auditEntries = entityManager.createNativeQuery("select * from audit_log where message = :message", Tuple.class) - .setParameter("message", expectedAuditMessage) - .getResultList(); - assertEquals(1, auditEntries.size()); - - final String param = auditEntries.get(0).get("param").toString(); - assertThat(param, containsString("\"activationId\":\"e43a5dec-afea-4a10-a80b-b2183399f16b\"")); - assertThat(param, containsString("\"activationName\":\"my iPhone\"")); - assertThat(param, containsString("\"reason\":\"ACTIVATION_NAME_UPDATED\"")); - } - - @Test - void testUpdateActivation_badRequest() throws Exception { - final String expectedErrorMessage = "requestObject.activationId - must not be blank, requestObject.activationName - must not be blank, requestObject.externalUserId - must not be blank"; - - mockMvc.perform(post("/rest/v3/activation/name/update") - .content(""" - { - "requestObject": {} - } - """) - .contentType(MediaType.APPLICATION_JSON) - .accept(MediaType.APPLICATION_JSON)) - .andExpect(status().isBadRequest()) - .andExpect(jsonPath("$.status").value("ERROR")) - .andExpect(jsonPath("$.responseObject.code").value("ERR0024")) - .andExpect(jsonPath("$.responseObject.message").value(expectedErrorMessage)) - .andExpect(jsonPath("$.responseObject.localizedMessage").value(expectedErrorMessage)); + initActivation(); + final UpdateStatusForActivationsRequest updateStatusForActivationsRequest = new UpdateStatusForActivationsRequest(); + updateStatusForActivationsRequest.setActivationIds(List.of(config.getActivationId())); + updateStatusForActivationsRequest.setActivationStatus(ActivationStatus.ACTIVE); + + final UpdateStatusForActivationsResponse updateStatusForActivationsResponse = + powerAuthClient.updateStatusForActivations(updateStatusForActivationsRequest); + assertTrue(updateStatusForActivationsResponse.isUpdated()); + + final UpdateActivationNameRequest updateActivationNameRequest = new UpdateActivationNameRequest(); + final String updatedName = "Updated_app_name"; + final String externalUserId = "external_user"; + updateActivationNameRequest.setActivationId(config.getActivationId()); + updateActivationNameRequest.setActivationName(updatedName); + updateActivationNameRequest.setExternalUserId(externalUserId); + + final UpdateActivationNameResponse updateActivationNameResponse = + powerAuthClient.updateActivationName(updateActivationNameRequest); + assertEquals(updatedName, updateActivationNameResponse.getActivationName()); + assertEquals(config.getActivationId(), updateActivationNameResponse.getActivationId()); + assertEquals(ActivationStatus.ACTIVE, updateActivationNameResponse.getActivationStatus()); + removeActivation(); + } + + /** + * Tests the handling of a bad request in the update activation functionality. + *

+ * This test performs the following actions: + *

    + *
  1. Sends an incomplete request to the activation name update endpoint, which is expected to be invalid.
    2. + *
  2. Catches and asserts the thrown PowerAuthClientException to verify the response handling of a bad request.
    3. + *
  3. Checks that the exception message and localized message contain the expected error message.
    4. + *
  4. Verifies that the PowerAuthClientException contains the expected PowerAuth error code, confirming correct error identification.
    5. + *
+ * The test expects a specific error code and message indicating that mandatory fields in the request object are blank. + *

+ */ + @Test + void testUpdateActivation_badRequest() { + final String expectedErrorMessage = "requestObject.activationId - must not be blank," + + " requestObject.activationName - must not be blank, requestObject.externalUserId - must not be blank"; + final String expectedErrorCode = "ERR0024"; + final PowerAuthClientException thrownException = assertThrows( + PowerAuthClientException.class, + () -> powerAuthClient.updateActivationName(new UpdateActivationNameRequest()) + ); + assertEquals(expectedErrorMessage, thrownException.getMessage()); + assertEquals(expectedErrorMessage, thrownException.getLocalizedMessage()); + assertTrue(thrownException.getPowerAuthError().isPresent()); + assertEquals(expectedErrorCode, thrownException.getPowerAuthError().get().getCode()); + } + + /** + * Tests the operation approval process. + *

+ * This test validates the functionality of approving an operation. It involves the following steps: + *

    + *
  1. Creation of a new operation.
    2. + *
  2. Construction of an operation approval request, which includes setting various parameters like operation ID, user ID, data, application ID, and signature type.
    3. + *
  3. Submission of the operation approval request to the PowerAuthClient's operation approval endpoint.
    4. + *
  4. Verification of the response to ensure that the operation was approved successfully. This includes checking the response status, the operation's data, template name, and operation ID.
    5. + *
  5. Confirmation that the operation entity in the database reflects the approved status.
    6. + *
+ * This test ensures that the operation approval workflow functions correctly and that the operation's status is updated as expected in the system. + * + * @throws Exception if there is an issue with the PowerAuthClient's operation approval process or the initial operation creation. + */ + @Test + void testOperationApprove() throws Exception { + final OperationDetailResponse operationDetailResponse = createOperation(); + final String operationId = operationDetailResponse.getId(); + final OperationApproveRequest operationApproveRequest = new OperationApproveRequest(); + operationApproveRequest.setOperationId(operationId); + operationApproveRequest.setUserId(PowerAuthControllerTestConfig.USER_ID); + operationApproveRequest.setData(PowerAuthControllerTestConfig.DATA); + operationApproveRequest.setApplicationId(config.getApplicationId()); + operationApproveRequest.setSignatureType(SignatureType.POSSESSION_KNOWLEDGE); + + final OperationUserActionResponse operationUserActionResponse = + powerAuthClient.operationApprove(operationApproveRequest); + assertNotNull(operationUserActionResponse.getOperation()); + assertEquals(OperationStatus.APPROVED, operationUserActionResponse.getOperation().getStatus()); + assertEquals(PowerAuthControllerTestConfig.DATA, operationUserActionResponse.getOperation().getData()); + assertEquals(config.getLoginOperationTemplateName(), operationUserActionResponse.getOperation().getTemplateName()); + assertEquals(operationId, operationUserActionResponse.getOperation().getId()); + } + + /** + * Tests the retrieval of operation details. + *

+ * This test checks the functionality of fetching details for a specific operation. It proceeds as follows: + *

    + *
  1. Creates a new operation using the provided configuration.
    2. + *
  2. Constructs a request for operation details, using the operation ID obtained from the previous step.
    3. + *
  3. Retrieves the operation details by sending the request to the PowerAuth client.
    4. + *
  4. Asserts that the response contains the correct operation status, data, template name, and ID.
    5. + *
+ * This test ensures that the operation details are correctly retrieved and match the expected values. + * + * @throws Exception if an error occurs in operation creation or detail retrieval, or if the assertions fail. + */ + @Test + void testGetOperationDetail() throws Exception { + final OperationDetailResponse operation = createOperation(); + final OperationDetailRequest detailRequest = new OperationDetailRequest(); + final String operationId = operation.getId(); + detailRequest.setOperationId(operationId); + detailRequest.setUserId(PowerAuthControllerTestConfig.USER_ID); + + final OperationDetailResponse detailResponse = powerAuthClient.operationDetail(detailRequest); + assertEquals(OperationStatus.PENDING, detailResponse.getStatus()); + assertEquals(PowerAuthControllerTestConfig.DATA, detailResponse.getData()); + assertEquals(config.getLoginOperationTemplateName(), detailResponse.getTemplateName()); + assertEquals(operationId, detailResponse.getId()); + } + + /** + * Tests the creation, reading, and deletion of callback URLs. + *

+ * This test covers the complete lifecycle of a callback URL within the system, including: + *

    + *
  1. Creating a new callback URL using the provided configuration.
    2. + *
  2. Retrieving a list of all callback URLs to confirm the successful creation of the new URL.
    3. + *
  3. Identifying the created callback URL from the list and verifying its properties.
    4. + *
  4. Deleting the newly created callback URL and verifying its removal by fetching the list again.
    5. + *
+ * The test ensures that the callback URL is correctly created, listed, and deleted in the system, + * and that all associated details are accurately reflected. + * + * @throws Exception if an error occurs during the creation, retrieval, or deletion of the callback URL, + * or if the assertions fail. + */ + @Test + void testCreateReadDelete() throws Exception { + createCallback(); + final GetCallbackUrlListResponse callbackUrlListResponse = powerAuthClient.getCallbackUrlList(config.getApplicationId()); + + assertNotNull(callbackUrlListResponse.getCallbackUrlList()); + final CallbackUrl foundCallback = callbackUrlListResponse.getCallbackUrlList().stream() + .filter(callback -> PowerAuthControllerTestConfig.CALLBACK_NAME.equals(callback.getName())) + .findAny() + .orElseThrow(() -> new AssertionError("Callback not found")); + + assertEquals(PowerAuthControllerTestConfig.CALLBACK_URL, foundCallback.getCallbackUrl()); + assertEquals(config.getApplicationId(), foundCallback.getApplicationId()); + assertThat(foundCallback.getAttributes(), hasSize(1)); + assertEquals("activationId", foundCallback.getAttributes().get(0)); + removeCallback(foundCallback.getId()); + } + + /** + * Tests the update functionality for callback URLs. + *

+ * This test verifies the ability to update the properties of a callback URL in the system. The sequential steps include: + *

    + *
  1. Creating a new callback URL and obtaining its initial properties.
    2. + *
  2. Updating the callback URL's properties, such as its name, URL, and attributes, using a mock HTTP POST request.
    3. + *
  3. Verifying that the updated properties are correctly reflected in the system. This is done by fetching the updated callback URL and comparing its properties with the expected values.
    4. + *
+ * The test asserts that the callback URL's properties, once updated, match the new values provided, ensuring the system's update mechanism functions as expected. + * + * @throws Exception if any error occurs during the execution of the test, such as failure in updating the callback URL properties or if the assertions fail. + */ + @Test + void testCallbackUpdate() throws Exception { + final CreateCallbackUrlResponse callbackUrlResponse = createCallback(); + final String updatedCallbackName = UUID.randomUUID().toString(); + final String updatedCallbackUrl = "http://test2.test2"; + final List callbackAttributes = Arrays.asList("activationId", "userId", "deviceInfo", "platform"); + + final UpdateCallbackUrlRequest updateCallbackUrlRequest = new UpdateCallbackUrlRequest(); + updateCallbackUrlRequest.setCallbackUrl(updatedCallbackUrl); + updateCallbackUrlRequest.setAttributes(callbackAttributes); + updateCallbackUrlRequest.setName(updatedCallbackName); + updateCallbackUrlRequest.setId(callbackUrlResponse.getId()); + updateCallbackUrlRequest.setApplicationId(config.getApplicationId()); + updateCallbackUrlRequest.setAuthentication(null); + + final UpdateCallbackUrlResponse updateCallbackUrlResponse = powerAuthClient.updateCallbackUrl(updateCallbackUrlRequest); + assertEquals(callbackAttributes, updateCallbackUrlResponse.getAttributes()); + assertThat(updateCallbackUrlResponse.getAttributes(), hasSize(4)); + assertEquals(updatedCallbackUrl, updateCallbackUrlResponse.getCallbackUrl()); + assertEquals(config.getApplicationId(), updateCallbackUrlResponse.getApplicationId()); + assertEquals(updatedCallbackName, updateCallbackUrlResponse.getName()); + } + + /** + * Tests the CRUD (Create, Read, Update, Delete) operations for application roles. + * This process involves adding new roles, verifying their existence, updating them, and finally removing a role. + * + *

The test executes the following sequence:

+ *
    + *
  1. Adds new application roles ('ROLE1', 'ROLE2') using the '/rest/v3/application/roles/create' endpoint.
    2. + *
  2. Confirms the successful addition of these roles by fetching the application's detail.
    3. + *
  3. Retrieves the current list of application roles to verify the recently added roles.
    4. + *
  4. Updates the application roles to a new set of roles ('ROLE5', 'ROLE6') and verifies the update.
    5. + *
  5. Removes one of the newly added roles ('ROLE5') and checks if the list of roles reflects this change.
    6. + *
+ * + * @throws Exception if any error occurs during the execution of the test. + */ + @Test + void testApplicationRolesCrud() throws Exception { + final List addedRoles = List.of("ROLE1", "ROLE2"); + final AddApplicationRolesRequest addApplicationRolesRequest = new AddApplicationRolesRequest(); + addApplicationRolesRequest.setApplicationId(config.getApplicationId()); + addApplicationRolesRequest.setApplicationRoles(addedRoles); + + final AddApplicationRolesResponse addApplicationRolesResponse = + powerAuthClient.addApplicationRoles(addApplicationRolesRequest); + assertEquals(config.getApplicationId(), addApplicationRolesResponse.getApplicationId()); + assertThat(addApplicationRolesResponse.getApplicationRoles(), hasSize(2)); + assertTrue(addApplicationRolesResponse.getApplicationRoles().containsAll(addedRoles)); + + final GetApplicationDetailRequest applicationDetailRequest = new GetApplicationDetailRequest(); + applicationDetailRequest.setApplicationId(config.getApplicationId()); + + final GetApplicationDetailResponse applicationDetailResponse = + powerAuthClient.getApplicationDetail(applicationDetailRequest); + assertEquals(config.getApplicationId(), applicationDetailResponse.getApplicationId()); + assertThat(applicationDetailResponse.getApplicationRoles(), hasSize(2)); + assertTrue(applicationDetailResponse.getApplicationRoles().containsAll(addedRoles)); + + final ListApplicationRolesRequest applicationRolesRequest = new ListApplicationRolesRequest(); + applicationRolesRequest.setApplicationId(config.getApplicationId()); + + final ListApplicationRolesResponse listApplicationRolesResponse = + powerAuthClient.listApplicationRoles(applicationRolesRequest); + assertThat(listApplicationRolesResponse.getApplicationRoles(), hasSize(2)); + assertTrue(listApplicationRolesResponse.getApplicationRoles().containsAll(addedRoles)); + + final UpdateApplicationRolesRequest updateApplicationRolesRequest = new UpdateApplicationRolesRequest(); + final List addedRoles2 = List.of("ROLE5", "ROLE6"); + updateApplicationRolesRequest.setApplicationId(config.getApplicationId()); + updateApplicationRolesRequest.setApplicationRoles(addedRoles2); + + final UpdateApplicationRolesResponse updateApplicationRolesResponse = + powerAuthClient.updateApplicationRoles(updateApplicationRolesRequest); + assertEquals(config.getApplicationId(), updateApplicationRolesResponse.getApplicationId()); + assertThat(updateApplicationRolesResponse.getApplicationRoles(), hasSize(2)); + assertTrue(updateApplicationRolesResponse.getApplicationRoles().containsAll(addedRoles2)); + + final RemoveApplicationRolesRequest removeApplicationRolesRequest = new RemoveApplicationRolesRequest(); + removeApplicationRolesRequest.setApplicationId(config.getApplicationId()); + removeApplicationRolesRequest.setApplicationRoles(List.of("ROLE5")); + + final RemoveApplicationRolesResponse removeApplicationRolesResponse = + powerAuthClient.removeApplicationRoles(removeApplicationRolesRequest); + assertEquals(config.getApplicationId(), removeApplicationRolesResponse.getApplicationId()); + assertThat(removeApplicationRolesResponse.getApplicationRoles(), hasSize(1)); + assertTrue(removeApplicationRolesResponse.getApplicationRoles().contains("ROLE6")); + } + + /** + * Tests the retrieval of the list of applications from the PowerAuth Server. + * + *

This test executes the following actions:

+ *
    + *
  1. Sends a request to the PowerAuth Server to retrieve the list of all registered applications.
    2. + *
  2. Verifies that the response contains the expected number of applications.
    3. + *
  3. Checks if the application list includes the application with the ID specified in the test configuration.
    4. + *
+ * + *

This test assumes that there is only one application configured in the PowerAuth Server, + * which is the application used in the test setup. The application ID is obtained from the test configuration.

+ * + * @throws Exception if any error occurs during the execution of the test or if the assertions fail. + */ + @Test + void testApplicationList() throws Exception { + final GetApplicationListResponse applicationListResponse = powerAuthClient.getApplicationList(); + assertThat(applicationListResponse.getApplications(), hasSize(1)); + assertEquals(config.getApplicationId(), applicationListResponse.getApplications().get(0).getApplicationId()); + } + + /** + * Tests the retrieval of application details based on an application key from the PowerAuth Server. + * + *

This test executes the following actions:

+ *
    + *
  1. Constructs a request object with the application key obtained from the test configuration.
    2. + *
  2. Sends the request to the PowerAuth Server's endpoint responsible for looking up application details by application key.
    3. + *
  3. Verifies that the response contains the correct application ID associated with the provided application key.
    4. + *
+ * + *

The test assumes that an application key is already set up in the test configuration and + * corresponds to a valid application registered in the PowerAuth Server.

+ * + * @throws Exception if any error occurs during the execution of the test or if the assertions fail. + */ + @Test + void testApplicationVersionLookup() throws Exception { + final LookupApplicationByAppKeyRequest applicationByAppKeyRequest = new LookupApplicationByAppKeyRequest(); + applicationByAppKeyRequest.setApplicationKey(config.getApplicationKey()); + + final LookupApplicationByAppKeyResponse lookupActivationsResponse = + powerAuthClient.lookupApplicationByAppKey(applicationByAppKeyRequest); + assertEquals(config.getApplicationId(), lookupActivationsResponse.getApplicationId()); + } + + /** + * Tests the management of support status for application versions in the PowerAuth Server. + * + *

This test executes the following actions:

+ *
    + *
  1. Marks a specific application version as unsupported using the PowerAuth Server API, and verifies the operation's success.
    2. + *
  2. Subsequently marks the same application version as supported, again using the PowerAuth Server API, and verifies this operation as well.
    3. + *
  3. Checks that the application version's support status is updated correctly in both cases.
    4. + *
+ * + *

The test assumes that the application and version IDs are set up in the test configuration and correspond to a valid application version registered in the PowerAuth Server.

+ * + * @throws Exception if any error occurs during the execution of the test or if the assertions fail. + */ + @Test + void testApplicationSupport() throws Exception { + final UnsupportApplicationVersionRequest unsupportApplicationVersionRequest = new UnsupportApplicationVersionRequest(); + unsupportApplicationVersionRequest.setApplicationId(config.getApplicationId()); + unsupportApplicationVersionRequest.setApplicationVersionId(config.getApplicationVersionId()); + + final UnsupportApplicationVersionResponse unsupportApplicationVersionResponse = + powerAuthClient.unsupportApplicationVersion(unsupportApplicationVersionRequest); + assertEquals(config.getApplicationVersionId(), unsupportApplicationVersionResponse.getApplicationVersionId()); + assertFalse(unsupportApplicationVersionResponse.isSupported()); + + final SupportApplicationVersionRequest supportApplicationVersionRequest = new SupportApplicationVersionRequest(); + supportApplicationVersionRequest.setApplicationId(config.getApplicationId()); + supportApplicationVersionRequest.setApplicationVersionId(config.getApplicationVersionId()); + + final SupportApplicationVersionResponse supportApplicationVersionResponse = + powerAuthClient.supportApplicationVersion(supportApplicationVersionRequest); + assertEquals(config.getApplicationVersionId(), supportApplicationVersionRequest.getApplicationVersionId()); + assertTrue(supportApplicationVersionResponse.isSupported()); + } + + /** + * Tests the creation, retrieval, and deletion of application integrations in the PowerAuth Server. + * + *

This test executes the following actions:

+ *
    + *
  1. Creates a new application integration using the PowerAuth Server API and verifies the operation's success.
    2. + *
  2. Retrieves a list of all current application integrations to confirm the presence of the newly created integration.
    3. + *
  3. Deletes the newly created integration and then retrieves the list of integrations again to ensure its removal.
    4. + *
+ * + *

The test ensures that the PowerAuth Server correctly handles the lifecycle of application integrations, including their creation, listing, and deletion. It checks the presence of necessary attributes in the integration response, such as the integration name, ID, client secret, and client token.

+ * + * @throws Exception if any error occurs during the execution of the test or if the assertions fail. + */ + @Test + void testApplicationIntegration() throws Exception { + final String integrationName = UUID.randomUUID().toString(); + final CreateIntegrationRequest createIntegrationRequest = new CreateIntegrationRequest(); + createIntegrationRequest.setName(integrationName); + + final CreateIntegrationResponse createIntegrationResponse = powerAuthClient.createIntegration(createIntegrationRequest); + assertEquals(integrationName, createIntegrationResponse.getName()); + assertNotNull(createIntegrationResponse.getId()); + assertNotNull(createIntegrationResponse.getClientSecret()); + assertNotNull(createIntegrationResponse.getClientSecret()); + + final GetIntegrationListResponse getIntegrationListResponse = powerAuthClient.getIntegrationList(); + assertNotNull(getIntegrationListResponse.getItems()); + assertThat(getIntegrationListResponse.getItems(), hasSize(1)); + assertEquals(integrationName, getIntegrationListResponse.getItems().get(0).getName()); + assertEquals(createIntegrationResponse.getId(), getIntegrationListResponse.getItems().get(0).getId()); + assertEquals(createIntegrationResponse.getClientSecret(), getIntegrationListResponse.getItems().get(0).getClientSecret()); + assertEquals(createIntegrationResponse.getClientToken(), getIntegrationListResponse.getItems().get(0).getClientToken()); + + final RemoveIntegrationRequest removeIntegrationRequest = new RemoveIntegrationRequest(); + removeIntegrationRequest.setId(createIntegrationResponse.getId()); + + final RemoveIntegrationResponse removeIntegrationResponse = powerAuthClient.removeIntegration(removeIntegrationRequest); + assertTrue(removeIntegrationResponse.isRemoved()); + assertEquals(createIntegrationResponse.getId(), removeIntegrationResponse.getId()); + } + + /** + * Tests the complete lifecycle of recovery codes in the PowerAuth Server, including creation, lookup, and revocation. + * + *

The test follows these steps:

+ *
    + *
  1. Creates a set of recovery codes for a specific user and verifies the successful creation and the expected attributes of the response, such as the number of PUks and the user ID.
    2. + *
  2. Looks up the created recovery codes using the user's ID and activation ID, ensuring the correct status of the recovery codes and PUks.
    3. + *
  3. Revokes the created recovery codes and confirms their successful revocation.
    4. + *
+ * + *

This test ensures that the PowerAuth Server can correctly handle the entire process of managing recovery codes, from creation to revocation, providing the expected responses at each step.

+ * + * @throws Exception if any error occurs during the execution of the test or if the assertions fail. + */ + @Test + void testRecoveryCodeCreateLookupRevoke() throws Exception { + final CreateRecoveryCodeRequest createRecoveryCodeRequest = new CreateRecoveryCodeRequest(); + createRecoveryCodeRequest.setApplicationId(config.getApplicationId()); + createRecoveryCodeRequest.setUserId(PowerAuthControllerTestConfig.USER_ID); + createRecoveryCodeRequest.setPukCount(2L); + + final CreateRecoveryCodeResponse createRecoveryCodeResponse = powerAuthClient.createRecoveryCode(createRecoveryCodeRequest); + assertThat(createRecoveryCodeResponse.getPuks(), hasSize(2)); + assertEquals(PowerAuthControllerTestConfig.USER_ID, createRecoveryCodeResponse.getUserId()); + + final LookupRecoveryCodesRequest lookupRecoveryCodesRequest = new LookupRecoveryCodesRequest(); + lookupRecoveryCodesRequest.setActivationId(config.getActivationId()); + lookupRecoveryCodesRequest.setUserId(PowerAuthControllerTestConfig.USER_ID); + lookupRecoveryCodesRequest.setRecoveryCodeStatus(RecoveryCodeStatus.CREATED); + lookupRecoveryCodesRequest.setRecoveryPukStatus(RecoveryPukStatus.VALID); + + final LookupRecoveryCodesResponse lookupRecoveryCodesResponse = powerAuthClient.lookupRecoveryCodes(lookupRecoveryCodesRequest); + assertThat(lookupRecoveryCodesResponse.getRecoveryCodes(), hasSize(greaterThan(0))); + + final RevokeRecoveryCodesRequest revokeRecoveryCodesRequest = new RevokeRecoveryCodesRequest(); + revokeRecoveryCodesRequest.setRecoveryCodeIds(List.of(createRecoveryCodeResponse.getRecoveryCodeId())); + + final RevokeRecoveryCodesResponse revokeRecoveryCodesResponse = powerAuthClient.revokeRecoveryCodes(revokeRecoveryCodesRequest); + assertTrue(revokeRecoveryCodesResponse.isRevoked()); + } + + /** + * Tests the generation of non-personalized offline signature payloads in the PowerAuth Server. + * + *

The test executes the following steps:

+ *
    + *
  1. Sends a request to generate a non-personalized offline signature payload, specifying the application ID and the data to be signed.
    2. + *
  2. Verifies that the response contains a valid offline data string and a nonce, both essential components for offline signature verification.
    3. + *
+ * + *

This test validates the PowerAuth Server's ability to generate the necessary data for offline signature scenarios where personalization of the payload (to a specific user or device) is not required.

+ * + * @throws Exception if any unexpected error occurs during the execution of the test or if the response does not contain the expected data. + */ + @Test + void testNonPersonalizedOfflineSignaturePayload() throws Exception { + final CreateNonPersonalizedOfflineSignaturePayloadRequest nonPersonalizedOfflineSignaturePayloadRequest = + new CreateNonPersonalizedOfflineSignaturePayloadRequest(); + nonPersonalizedOfflineSignaturePayloadRequest.setApplicationId(config.getApplicationId()); + nonPersonalizedOfflineSignaturePayloadRequest.setData(PowerAuthControllerTestConfig.DATA); + + final CreateNonPersonalizedOfflineSignaturePayloadResponse nonPersonalizedOfflineSignaturePayloadResponse + = powerAuthClient.createNonPersonalizedOfflineSignaturePayload(nonPersonalizedOfflineSignaturePayloadRequest); + assertNotNull(nonPersonalizedOfflineSignaturePayloadResponse.getOfflineData()); + assertNotNull(nonPersonalizedOfflineSignaturePayloadResponse.getNonce()); + } + + /** + * Tests the generation of personalized offline signature payloads in the PowerAuth Server. + * + *

This test comprises the following key steps:

+ *
    + *
  1. Initializes an activation to generate a personalized context for the offline signature.
    2. + *
  2. Sends a request to generate a personalized offline signature payload, specifying the activation ID and the data to be signed.
    3. + *
  3. Verifies that the response includes a valid offline data string and a nonce, which are crucial for offline signature processes.
    4. + *
  4. Ensures clean-up by removing the activation created for the test.
    5. + *
+ * + *

This test is crucial to ensure the PowerAuth Server correctly handles the generation of offline signature payloads that are personalized to a specific activation, typically representing a user or device.

+ * + * @throws Exception if any unexpected error occurs during the execution of the test or if the response fails to contain the expected personalized offline data. + */ + @Test + void testPersonalizedOfflineSignaturePayload() throws Exception { + initActivation(); + final CreatePersonalizedOfflineSignaturePayloadRequest personalizedOfflineSignaturePayloadRequest = + new CreatePersonalizedOfflineSignaturePayloadRequest(); + personalizedOfflineSignaturePayloadRequest.setActivationId(config.getActivationId()); + personalizedOfflineSignaturePayloadRequest.setProximityCheck(null); + personalizedOfflineSignaturePayloadRequest.setData(PowerAuthControllerTestConfig.DATA); + + final CreatePersonalizedOfflineSignaturePayloadResponse personalizedOfflineSignaturePayloadResponse + = powerAuthClient.createPersonalizedOfflineSignaturePayload(personalizedOfflineSignaturePayloadRequest); + assertNotNull(personalizedOfflineSignaturePayloadResponse.getOfflineData()); + assertNotNull(personalizedOfflineSignaturePayloadResponse.getNonce()); + removeActivation(); + } + + /** + * Tests the verification of an offline signature. + *

+ * This method tests the verification process of an offline signature in the PowerAuth system. + * It involves several steps: + *

    + *
  • Initializing activation with configuration settings.
    • + *
  • Generating a public key pair and converting it to byte array.
    • + *
  • Setting up encryption parameters and creating an encrypted activation request.
    • + *
  • Preparing and committing activation using PowerAuth Client.
    • + *
  • Sending a request to verify an offline signature with test data and checking the response.
    • + *
+ * The test expects the verification of the offline signature to be invalid (false) for the provided test data. + *

+ * + * @throws Exception if there is an issue during the setup or execution of the test, such as failure in activation initialization, encryption, or if the PowerAuth Client encounters an error. + */ + @Test + void testVerifyOfflineSignature() throws Exception { + initActivation(); + + final EncryptedRequest encryptedRequest = generateEncryptedRequestActivationLayer(config.getActivationName()); + + final PrepareActivationRequest prepareActivationRequest = new PrepareActivationRequest(); + prepareActivationRequest.setActivationCode(config.getActivationCode()); + prepareActivationRequest.setApplicationKey(config.getApplicationKey()); + prepareActivationRequest.setTimestamp(encryptedRequest.getTimestamp()); + prepareActivationRequest.setProtocolVersion(PowerAuthControllerTestConfig.PROTOCOL_VERSION); + prepareActivationRequest.setEncryptedData(encryptedRequest.getEncryptedData()); + prepareActivationRequest.setMac(encryptedRequest.getMac()); + prepareActivationRequest.setNonce(encryptedRequest.getNonce()); + prepareActivationRequest.setEphemeralPublicKey(encryptedRequest.getEphemeralPublicKey()); + + final PrepareActivationResponse prepareResponse = powerAuthClient.prepareActivation(prepareActivationRequest); + assertEquals(ActivationStatus.PENDING_COMMIT, prepareResponse.getActivationStatus()); + + final CommitActivationResponse commitResponse = powerAuthClient.commitActivation(config.getActivationId(), null); + assertEquals(config.getActivationId(), commitResponse.getActivationId()); + + final VerifyOfflineSignatureRequest verifyOfflineSignatureRequest = + new VerifyOfflineSignatureRequest(); + verifyOfflineSignatureRequest.setActivationId(config.getActivationId()); + verifyOfflineSignatureRequest.setAllowBiometry(false); + verifyOfflineSignatureRequest.setSignature("123456"); + verifyOfflineSignatureRequest.setData(PowerAuthControllerTestConfig.DATA); + + final VerifyOfflineSignatureResponse verifyOfflineSignatureResponse = + powerAuthClient.verifyOfflineSignature(verifyOfflineSignatureRequest); + assertFalse(verifyOfflineSignatureResponse.isSignatureValid()); + assertEquals(config.getActivationId(), verifyOfflineSignatureResponse.getActivationId()); + + removeActivation(); + } + + /** + * Tests the creation of an activation in the PowerAuth system. + *

+ * This test method performs the following steps to verify the activation creation process: + *

    + *
  1. Generates a device key pair and converts the public key to a byte array.
    2. + *
  2. Creates an activation layer 2 request with the generated public key and activation name.
    3. + *
  3. Encrypts the activation request using client-side encryption.
    4. + *
  4. Sends the create activation request to the PowerAuth server with the necessary parameters including the encrypted data and user ID.
    5. + *
  5. Verifies the creation of the activation by checking the response from the server, ensuring the activation ID, user ID, application ID, and activation status are as expected.
    6. + *
  6. Retrieves and checks the activation status to ensure it is pending for commit.
    7. + *
  7. Commits the activation and verifies that the activation process is completed successfully.
    8. + *
+ *

+ * The test asserts that the activation is created and transitioned through the expected statuses, from pending commit to active. + * + * @throws Exception if an error occurs during any step of the activation creation and verification process. + */ + @Test + void testCreateActivation() throws Exception { + final Date expireDate = Date.from(LocalDateTime.now().plusMinutes(5).atZone(ZoneId.systemDefault()).toInstant()); + final String activationName = "TEST_ACTIVATION"; + final EncryptedRequest encryptedRequest = generateEncryptedRequestActivationLayer(activationName); + + final CreateActivationRequest createActivationRequest = new CreateActivationRequest(); + createActivationRequest.setUserId(PowerAuthControllerTestConfig.USER_ID); + createActivationRequest.setMaxFailureCount(5L); + createActivationRequest.setMac(encryptedRequest.getMac()); + createActivationRequest.setNonce(encryptedRequest.getNonce()); + createActivationRequest.setEncryptedData(encryptedRequest.getEncryptedData()); + createActivationRequest.setEphemeralPublicKey(encryptedRequest.getEphemeralPublicKey()); + createActivationRequest.setTimestampActivationExpire(expireDate); + createActivationRequest.setTimestamp(encryptedRequest.getTimestamp()); + createActivationRequest.setProtocolVersion(PowerAuthControllerTestConfig.PROTOCOL_VERSION); + createActivationRequest.setApplicationKey(config.getApplicationKey()); + + final CreateActivationResponse createActivationResponse = powerAuthClient.createActivation(createActivationRequest); + assertNotNull(createActivationResponse.getActivationId()); + assertEquals(PowerAuthControllerTestConfig.USER_ID, createActivationResponse.getUserId()); + assertEquals(config.getApplicationId(), createActivationResponse.getApplicationId()); + assertEquals(ActivationStatus.PENDING_COMMIT, createActivationResponse.getActivationStatus()); + + final GetActivationStatusResponse statusResponse = powerAuthClient.getActivationStatus(createActivationResponse.getActivationId()); + assertEquals(ActivationStatus.PENDING_COMMIT, statusResponse.getActivationStatus()); + assertEquals(createActivationResponse.getActivationId(), statusResponse.getActivationId()); + + final CommitActivationResponse commitResponse = powerAuthClient + .commitActivation(createActivationResponse.getActivationId(), PowerAuthControllerTestConfig.USER_ID); + assertTrue(commitResponse.isActivated()); + assertEquals(createActivationResponse.getActivationId(), commitResponse.getActivationId()); + } + + /** + * Tests the process of updating an activation OTP (One-Time Password) and committing the activation in PowerAuth system. + *

+ * The method performs the following operations: + *

    + *
  1. Initializes an activation with a specific configuration using the PowerAuth client.
    2. + *
  2. Generates an encrypted request for the activation including necessary parameters like activation name, code, application key, and others.
    3. + *
  3. Sends a 'prepare activation' request and verifies that the activation status is 'PENDING_COMMIT'.
    4. + *
  4. Updates the activation OTP by sending an 'update activation OTP' request and checks the response to ensure the OTP update is successful.
    5. + *
  5. Sends a 'commit activation' request with the updated OTP and verifies that the activation is successfully activated.
    6. + *
+ *

+ * This test ensures that the activation can be updated with a new OTP and then successfully committed using this new OTP. + * + * @throws Exception if an error occurs during the preparation, OTP update, or activation commitment process. + */ + @Test + void testUpdateActivationOtpAndCommit() throws Exception { + initActivation(); + final String activationOtp = "12345678"; + final EncryptedRequest encryptedRequest = generateEncryptedRequestActivationLayer(config.getActivationName()); + + final PrepareActivationRequest prepareActivationRequest = new PrepareActivationRequest(); + prepareActivationRequest.setActivationCode(config.getActivationCode()); + prepareActivationRequest.setApplicationKey(config.getApplicationKey()); + prepareActivationRequest.setTimestamp(encryptedRequest.getTimestamp()); + prepareActivationRequest.setProtocolVersion(PowerAuthControllerTestConfig.PROTOCOL_VERSION); + prepareActivationRequest.setEncryptedData(encryptedRequest.getEncryptedData()); + prepareActivationRequest.setMac(encryptedRequest.getMac()); + prepareActivationRequest.setNonce(encryptedRequest.getNonce()); + prepareActivationRequest.setEphemeralPublicKey(encryptedRequest.getEphemeralPublicKey()); + + final PrepareActivationResponse prepareResponse = powerAuthClient.prepareActivation(prepareActivationRequest); + assertEquals(ActivationStatus.PENDING_COMMIT, prepareResponse.getActivationStatus()); + + final UpdateActivationOtpRequest updateActivationOtpRequest = new UpdateActivationOtpRequest(); + updateActivationOtpRequest.setActivationId(config.getActivationId()); + updateActivationOtpRequest.setActivationOtp(activationOtp); + updateActivationOtpRequest.setExternalUserId(PowerAuthControllerTestConfig.USER_ID); + + final UpdateActivationOtpResponse otpResponse = powerAuthClient.updateActivationOtp(updateActivationOtpRequest); + assertTrue(otpResponse.isUpdated()); + assertEquals(config.getActivationId(), otpResponse.getActivationId()); + + final CommitActivationRequest commitActivationRequest = new CommitActivationRequest(); + commitActivationRequest.setActivationOtp(activationOtp); + commitActivationRequest.setActivationId(config.getActivationId()); + commitActivationRequest.setExternalUserId(PowerAuthControllerTestConfig.USER_ID); + + final CommitActivationResponse commitResponse = powerAuthClient.commitActivation(commitActivationRequest); + assertTrue(commitResponse.isActivated()); + assertEquals(config.getActivationId(), commitResponse.getActivationId()); + } + + /** + * Tests the retrieval and utilization of the ECIES (Elliptic Curve Integrated Encryption Scheme) decryptor in the PowerAuth system. + *

+ * This test performs the following operations: + *

    + *
  1. Generates test data and encrypts it using the client-side ECIES encryption process.
    2. + *
  2. Constructs a request to retrieve the ECIES decryptor from the PowerAuth server, including necessary parameters like protocol version, application key, and encrypted data details.
    3. + *
  3. Sends the request to the PowerAuth server and retrieves the ECIES decryptor response, including the secret key and shared information.
    4. + *
  4. Decrypts the previously encrypted data using the server-side ECIES decryptor with the retrieved keys and verifies the correctness of the decryption.
    5. + *
+ *

+ * The test ensures that the ECIES decryptor can be correctly obtained from the PowerAuth server and used to decrypt data encrypted by the client, validating the integrity and functionality of the ECIES encryption/decryption process. + * + * @throws Exception if an error occurs during the encryption, decryption, or communication with the PowerAuth server. + */ + @Test + void testGetEciesDecryptor() throws Exception { + final String requestData = "test_data"; + + final ClientEncryptor clientEncryptor = encryptorFactory.getClientEncryptor( + EncryptorId.APPLICATION_SCOPE_GENERIC, + new EncryptorParameters(PowerAuthControllerTestConfig.PROTOCOL_VERSION, config.getApplicationKey(), null), + new ClientEncryptorSecrets(wrapPublicKeyString(), config.getApplicationSecret()) + ); + final EncryptedRequest encryptedRequest = clientEncryptor.encryptRequest(requestData.getBytes(StandardCharsets.UTF_8)); + final GetEciesDecryptorRequest eciesDecryptorRequest = new GetEciesDecryptorRequest(); + eciesDecryptorRequest.setProtocolVersion(PowerAuthControllerTestConfig.PROTOCOL_VERSION); + eciesDecryptorRequest.setActivationId(null); + eciesDecryptorRequest.setApplicationKey(config.getApplicationKey()); + eciesDecryptorRequest.setEphemeralPublicKey(encryptedRequest.getEphemeralPublicKey()); + eciesDecryptorRequest.setNonce(encryptedRequest.getNonce()); + eciesDecryptorRequest.setTimestamp(encryptedRequest.getTimestamp()); + final GetEciesDecryptorResponse decryptorResponse = powerAuthClient.getEciesDecryptor(eciesDecryptorRequest); + + final byte[] secretKey = Base64.getDecoder().decode(decryptorResponse.getSecretKey()); + final byte[] sharedInfo2Base = Base64.getDecoder().decode(decryptorResponse.getSharedInfo2()); + final ServerEncryptor serverEncryptor = encryptorFactory.getServerEncryptor( + EncryptorId.APPLICATION_SCOPE_GENERIC, + new EncryptorParameters(PowerAuthControllerTestConfig.PROTOCOL_VERSION, config.getApplicationKey(), null), + new ServerEncryptorSecrets(secretKey, sharedInfo2Base) + ); + final byte[] decryptedData = serverEncryptor.decryptRequest(encryptedRequest); + assertArrayEquals(requestData.getBytes(StandardCharsets.UTF_8), decryptedData); + } + + /** + * Tests the retrieval of system status. + *

+ * This test verifies the response from the system status endpoint. It checks for expected values + * such as application name, status, and display name. Additionally, it ensures the timestamp + * returned by the system status is the current date (ignoring the time part). + * This is crucial for verifying the system's operational status and basic metadata. + *

+ * + * @throws Exception if an error occurs during the retrieval of the system status or if any of the assertions fail. + */ + @Test + void testSystemStatus() throws Exception { + final GetSystemStatusResponse systemStatusResponse = powerAuthClient.getSystemStatus(); + assertEquals("OK", systemStatusResponse.getStatus()); + assertEquals("powerauth-server", systemStatusResponse.getApplicationName()); + assertEquals("PowerAuth Server", systemStatusResponse.getApplicationDisplayName()); + assertNotNull(systemStatusResponse.getTimestamp()); + final LocalDate localDateFromResponse = systemStatusResponse.getTimestamp().toInstant() + .atZone(ZoneId.systemDefault()).toLocalDate(); + assertEquals(LocalDate.now(), localDateFromResponse); + } + + /** + * Tests the retrieval of a list of error codes. + *

+ * This test sends a request to obtain a comprehensive list of error codes available in the system. + * It verifies that the response contains a list with an expected minimum number of error entries, + * ensuring a broad range of error scenarios is covered. The test specifically requests the error + * codes in English language, but it can be adapted for other languages if needed. + *

+ * + *

The assertion for the minimum number of entries (more than 32) is based on the current + * implementation and may need to be adjusted if the number of error codes changes in future versions.

+ * + * @throws Exception if an error occurs during the retrieval of the error list or if the assertion for the minimum number of error entries fails. + */ + @Test + void testErrorList() throws Exception { + final GetErrorCodeListRequest getErrorCodeListRequest = new GetErrorCodeListRequest(); + getErrorCodeListRequest.setLanguage(Locale.ENGLISH.getLanguage()); + + final GetErrorCodeListResponse errorCodeListResponse = powerAuthClient.getErrorList(getErrorCodeListRequest); + assertThat(errorCodeListResponse.getErrors(), hasSize(greaterThan(32))); + } + + /* HELPER INITIALIZATION METHODS */ + + /** + * Creates a request object for creating an operation. + *

+ * This helper method constructs and returns an {@link OperationCreateRequest} with + * predefined application ID, template name, user ID, and proximity OTP settings. + * + * @param proximityOtpEnabled a boolean indicating whether proximity OTP is enabled + * @return a configured {@link OperationCreateRequest} instance + */ + private OperationCreateRequest createOperationCreateRequest(final boolean proximityOtpEnabled) { + final OperationCreateRequest operationCreateRequest = new OperationCreateRequest(); + operationCreateRequest.setApplications(List.of(config.getApplicationId())); + operationCreateRequest.setTemplateName(config.getLoginOperationTemplateName()); + operationCreateRequest.setUserId(PowerAuthControllerTestConfig.USER_ID); + operationCreateRequest.setProximityCheckEnabled(proximityOtpEnabled); + return operationCreateRequest; + } + + /** + * Creates a request object for creating a callback URL. + *

+ * This helper method constructs and returns a {@link CreateCallbackUrlRequest} with + * predefined callback URL, name, type, application ID, and other settings. + * + * @return a configured {@link CreateCallbackUrlRequest} instance + */ + private CreateCallbackUrlRequest createCallbackUrlRequest() { + final CreateCallbackUrlRequest callbackUrlRequest = new CreateCallbackUrlRequest(); + callbackUrlRequest.setCallbackUrl(PowerAuthControllerTestConfig.CALLBACK_URL); + callbackUrlRequest.setName(PowerAuthControllerTestConfig.CALLBACK_NAME); + callbackUrlRequest.setType(CallbackUrlType.ACTIVATION_STATUS_CHANGE.name()); + callbackUrlRequest.setApplicationId(config.getApplicationId()); + callbackUrlRequest.setAttributes(Collections.singletonList("activationId")); + callbackUrlRequest.setAuthentication(null); + return callbackUrlRequest; + } + + /** + * Initializes a new activation and verifies its status. + *

+ * This method creates an activation for the provided user and application IDs and verifies + * the response to ensure the activation is successfully initialized. It sets the activation + * ID in the test configuration and asserts that the activation status is 'CREATED'. + * + * @throws Exception if any error occurs during activation initialization or verification + */ + protected void initActivation() throws Exception { + final InitActivationRequest initActivationRequest = new InitActivationRequest(); + initActivationRequest.setUserId(PowerAuthControllerTestConfig.USER_ID); + initActivationRequest.setApplicationId(config.getApplicationId()); + + final InitActivationResponse initActivationResponse = powerAuthClient.initActivation(initActivationRequest); + assertNotNull(initActivationResponse); + assertNotNull(initActivationResponse.getActivationId()); + assertNotNull(initActivationResponse.getActivationSignature()); + assertNotNull(initActivationResponse.getApplicationId()); + assertEquals(PowerAuthControllerTestConfig.USER_ID, initActivationResponse.getUserId()); + assertEquals(config.getApplicationId(), initActivationResponse.getApplicationId()); + + final GetActivationStatusResponse activationStatusResponse = + powerAuthClient.getActivationStatus(initActivationResponse.getActivationId()); + + assertEquals(ActivationStatus.CREATED, activationStatusResponse.getActivationStatus()); + config.setActivationId(activationStatusResponse.getActivationId()); + config.setActivationCode(activationStatusResponse.getActivationCode()); + config.setActivationName(activationStatusResponse.getActivationName()); } + + /** + * Creates an application in the PowerAuth Server if it does not already exist. + *

+ * This method checks for the existence of an application and its version. If not present, + * it creates them and sets relevant fields in the test configuration. It also ensures the + * application version is supported and sets up activation recovery settings. + * + * @throws Exception if any error occurs during application creation or setup + */ + protected void createApplication() throws Exception { + final GetApplicationListResponse applicationsListResponse = powerAuthClient.getApplicationList(); + final var applicationOptional = applicationsListResponse.getApplications().stream() + .filter(app -> app.getApplicationId().equals(config.getApplicationName())) + .findFirst(); + + applicationOptional.ifPresent(app -> config.setApplicationId(app.getApplicationId())); + final boolean applicationExists = applicationOptional.isPresent(); + + if (!applicationExists) { + final CreateApplicationResponse response = powerAuthClient.createApplication(config.getApplicationName()); + assertNotEquals("0", response.getApplicationId()); + assertEquals(config.getApplicationName(), response.getApplicationId()); + config.setApplicationId(response.getApplicationId()); + } + + final GetApplicationDetailResponse detail = powerAuthClient.getApplicationDetail(config.getApplicationId()); + final var versionOptional = detail.getVersions().stream() + .filter(appVersion -> appVersion.getApplicationVersionId().equals(config.getApplicationVersion())) + .findFirst(); + versionOptional.ifPresent( + appVersion -> { + config.setApplicationVersionId(appVersion.getApplicationVersionId()); + config.setApplicationKey(appVersion.getApplicationKey()); + config.setApplicationSecret(appVersion.getApplicationSecret()); + }); + final boolean versionExists = versionOptional.isPresent(); + + config.setMasterPublicKey(detail.getMasterPublicKey()); + if (!versionExists) { + final CreateApplicationVersionResponse versionResponse = powerAuthClient.createApplicationVersion(config.getApplicationId(), config.getApplicationVersion()); + assertNotEquals("0", versionResponse.getApplicationVersionId()); + assertEquals(config.getApplicationVersion(), versionResponse.getApplicationVersionId()); + config.setApplicationVersionId(versionResponse.getApplicationVersionId()); + config.setApplicationKey(versionResponse.getApplicationKey()); + config.setApplicationSecret(versionResponse.getApplicationSecret()); + } else { + powerAuthClient.supportApplicationVersion(config.getApplicationId(), config.getApplicationVersionId()); + } + final GetRecoveryConfigResponse recoveryResponse = powerAuthClient.getRecoveryConfig(config.getApplicationId()); + if (!recoveryResponse.isActivationRecoveryEnabled() || !recoveryResponse.isRecoveryPostcardEnabled() || recoveryResponse.getPostcardPublicKey() == null || recoveryResponse.getRemotePostcardPublicKey() == null) { + final UpdateRecoveryConfigRequest request = new UpdateRecoveryConfigRequest(); + request.setApplicationId(config.getApplicationId()); + request.setActivationRecoveryEnabled(true); + request.setRecoveryPostcardEnabled(true); + request.setAllowMultipleRecoveryCodes(false); + request.setRemotePostcardPublicKey(PowerAuthControllerTestConfig.PUBLIC_KEY_RECOVERY_POSTCARD_BASE64); + powerAuthClient.updateRecoveryConfig(request); + } + } + + /** + * Creates a new callback URL in the PowerAuth Server and verifies its creation. + *

+ * This method creates a callback URL with predefined settings and asserts the response + * to ensure the callback URL is successfully created. It returns the response containing + * the callback URL details. + * + * @return the response containing the created callback URL details + * @throws Exception if any error occurs during callback URL creation + */ + protected CreateCallbackUrlResponse createCallback() throws Exception { + final CreateCallbackUrlRequest callbackUrlRequest = createCallbackUrlRequest(); + final CreateCallbackUrlResponse response = powerAuthClient.createCallbackUrl(callbackUrlRequest); + assertEquals(PowerAuthControllerTestConfig.CALLBACK_NAME, response.getName()); + assertEquals(PowerAuthControllerTestConfig.CALLBACK_URL, response.getCallbackUrl()); + assertEquals(config.getApplicationId(), response.getApplicationId()); + + return response; + } + + /** + * Removes a specified callback URL from the PowerAuth Server. + *

+ * This method deletes a callback URL using its ID and verifies the removal by asserting + * the response. + * + * @param callbackId the ID of the callback URL to be removed + * @throws Exception if any error occurs during callback URL removal + */ + protected void removeCallback(final String callbackId) throws Exception { + final RemoveCallbackUrlRequest removeCallbackUrlRequest = new RemoveCallbackUrlRequest(); + removeCallbackUrlRequest.setId(callbackId); + + final RemoveCallbackUrlResponse removeCallbackUrlResponse = powerAuthClient.removeCallbackUrl(removeCallbackUrlRequest); + assertEquals(callbackId, removeCallbackUrlResponse.getId()); + assertTrue(removeCallbackUrlResponse.isRemoved()); + } + + /** + * Removes an activation from the PowerAuth Server. + *

+ * This method deletes an activation using its ID and verifies the removal by asserting + * the response. + * + * @throws Exception if any error occurs during activation removal + */ + protected void removeActivation() throws Exception { + final RemoveActivationRequest removeActivationRequest = new RemoveActivationRequest(); + removeActivationRequest.setActivationId(config.getActivationId()); + final RemoveActivationResponse removeActivationResponse = powerAuthClient.removeActivation(removeActivationRequest); + assertTrue(removeActivationResponse.isRemoved()); + } + + /** + * Creates a new operation in the PowerAuth Server. + *

+ * This method creates an operation with predefined settings and asserts the response + * to ensure the operation is successfully created. It returns the response containing + * operation details. + * + * @return the response containing the created operation details + * @throws Exception if any error occurs during operation creation + */ + protected OperationDetailResponse createOperation() throws Exception { + final OperationDetailResponse operationDetailResponse = powerAuthClient + .createOperation(createOperationCreateRequest(false)); + assertNotNull(operationDetailResponse.getId()); + assertEquals(OperationStatus.PENDING, operationDetailResponse.getStatus()); + assertEquals(config.getLoginOperationTemplateName(), operationDetailResponse.getTemplateName()); + return operationDetailResponse; + } + + /** + * Creates a new login operation template in the PowerAuth Server. + *

+ * This method creates a login operation template with predefined settings. It sets the + * template name and ID in the test configuration and asserts the response to ensure + * the template is successfully created. + * + * @throws Exception if any error occurs during operation template creation + */ + protected void createLoginOperationTemplate() throws Exception { + final OperationTemplateCreateRequest request = new OperationTemplateCreateRequest(); + request.setTemplateName(UUID.randomUUID().toString()); + request.setOperationType("login"); + request.getSignatureType().addAll(Arrays.asList(SignatureType.values())); + request.setDataTemplate(PowerAuthControllerTestConfig.DATA); + request.setExpiration(300L); + request.setMaxFailureCount(5L); + + final OperationTemplateDetailResponse operationTemplate = powerAuthClient.createOperationTemplate(request); + config.setLoginOperationTemplateName(operationTemplate.getTemplateName()); + config.setLoginOperationTemplateId(operationTemplate.getId()); + } + + /** + * Converts a string representation of a master public key into its corresponding {@link PublicKey} object. + *

+ * This method uses the {@link KeyConvertor} to decode the base64-encoded string representation of the master public key + * into a byte array, which is then converted to a {@link PublicKey} object. + * + * @return The {@link PublicKey} object corresponding to the decoded master public key. + * @throws Exception if there is an error during the conversion process. + */ + protected PublicKey wrapPublicKeyString() throws Exception { + return keyConvertor.convertBytesToPublicKey(Base64.getDecoder().decode(config.getMasterPublicKey())); + } + + /** + * Generates an encrypted request for the Activation Layer 2 using ECIES (Elliptic Curve Integrated Encryption Scheme). + *

+ * This method performs the following steps: + *

    + *
  1. Generates a new key pair and converts the public key to a byte array.
    2. + *
  2. Creates an {@link ActivationLayer2Request} with the activation name and device public key.
    3. + *
  3. Initializes a {@link ClientEncryptor} for Activation Layer 2 encryption.
    4. + *
  4. Serializes the {@link ActivationLayer2Request} into a byte array.
    5. + *
  5. Encrypts the serialized request data using the client encryptor.
    6. + *
+ *

+ * The method returns an {@link EncryptedRequest} containing the encrypted request data and additional encryption parameters. + * + * @param activationName The activation name for the request. + * @return The {@link EncryptedRequest} containing the encrypted request data. + * @throws Exception if there is an error during the encryption or serialization process. + */ + protected EncryptedRequest generateEncryptedRequestActivationLayer(final String activationName) throws Exception { + final KeyPair keyPair = keyGenerator.generateKeyPair(); + final PublicKey publicKey = keyPair.getPublic(); + final byte[] publicKeyBytes = keyConvertor.convertPublicKeyToBytes(publicKey); + final ActivationLayer2Request requestL2 = new ActivationLayer2Request(); + requestL2.setActivationName(activationName); + requestL2.setDevicePublicKey(Base64.getEncoder().encodeToString(publicKeyBytes)); + + final ClientEncryptor clientEncryptor = encryptorFactory.getClientEncryptor( + EncryptorId.ACTIVATION_LAYER_2, + new EncryptorParameters(PowerAuthControllerTestConfig.PROTOCOL_VERSION, config.getApplicationKey(), null), + new ClientEncryptorSecrets(wrapPublicKeyString(), config.getApplicationSecret()) + ); + + final ByteArrayOutputStream baos = new ByteArrayOutputStream(); + objectMapper.writeValue(baos, requestL2); + return clientEncryptor.encryptRequest(baos.toByteArray()); + } + } diff --git a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTestConfig.java b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTestConfig.java new file mode 100644 index 000000000..a6675d81f --- /dev/null +++ b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTestConfig.java @@ -0,0 +1,82 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.app.server.controller.api; + +import com.wultra.security.powerauth.client.PowerAuthClient; +import com.wultra.security.powerauth.rest.client.PowerAuthRestClient; +import com.wultra.security.powerauth.rest.client.PowerAuthRestClientConfiguration; +import lombok.Data; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.util.*; + +/** + * Configuration class for PowerAuth Controller tests. + *

+ * This class provides configuration settings and helper methods + * for testing PowerAuth Controller. It includes methods for initializing + * test data, creating applications, managing activations, and handling + * other necessary setup for conducting tests effectively. + *

+ * + * @author Jan Dusil, jan.dusil@wultra.com + */ +@Configuration +@Data +public class PowerAuthControllerTestConfig { + + private static final String POWERAUTH_REST_URL = "http://localhost:8080/rest"; + protected static final String PUBLIC_KEY_RECOVERY_POSTCARD_BASE64 = "BABXgGoj4Lizl3GN0rjrtileEEwekFkpX1ERS9yyYjyuM1Iqdti3ihtATBxk5XGvjetPO1YC+qXciUYjIsETtbI="; + protected static final String USER_ID = "test-user"; + protected static final String DATA = "A2"; + protected static final String CALLBACK_NAME = UUID.randomUUID().toString(); + protected static final String CALLBACK_URL = "http://test.test"; + protected static final String PROTOCOL_VERSION = "3.2"; + + private String applicationId; + private String applicationVersionId; + private String applicationKey; + private String applicationSecret; + private String masterPublicKey; + private String applicationVersion = "default" + "_" + System.currentTimeMillis(); + private final String applicationName = "Pa_tests_component"; + private Long loginOperationTemplateId; + private String loginOperationTemplateName; + private String activationId; + private String activationCode; + private String activationName; + + /** + * Creates and configures a new {@link PowerAuthClient} bean. + *

+ * The method configures and returns a PowerAuthClient instance for interacting with + * the PowerAuth Server. It sets up the client with the necessary configurations such as + * accepting invalid SSL certificates for testing purposes. + * + * @return A configured instance of PowerAuthClient + * @throws Exception if there is an issue creating the PowerAuthClient instance + */ + @Bean + public PowerAuthClient powerAuthClient() throws Exception { + final PowerAuthRestClientConfiguration config = new PowerAuthRestClientConfiguration(); + config.setAcceptInvalidSslCertificate(true); + return new PowerAuthRestClient(POWERAUTH_REST_URL); + } + +} diff --git a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehaviorTest.java b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehaviorTest.java index 7eac57119..b3dc9a2a7 100644 --- a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehaviorTest.java +++ b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehaviorTest.java @@ -425,6 +425,7 @@ void testFindPendingOperationsForUserSorting() throws Exception { final int year = calendar.get(Calendar.YEAR); assertEquals(2023, year); } + /** * Tests the scenario when an application does not exist in the database for pending operations. */ @@ -472,6 +473,43 @@ void testOperationClaim() throws Exception { assertEquals(userId, operationService.getOperation(detailRequest).getUserId()); } + @Test + void testOperationApproveWithValidProximityOtp() throws Exception { + final OperationDetailResponse operation = createOperation(true); + final String operationId = operation.getId(); + final OperationDetailRequest detailRequest = new OperationDetailRequest(); + detailRequest.setOperationId(operationId); + + final OperationDetailResponse detailResponse = operationService.getOperation(detailRequest); + final String totp = detailResponse.getProximityOtp(); + assertNotNull(totp); + + final OperationApproveRequest approveRequest = createOperationApproveRequest(operationId); + approveRequest.getAdditionalData().put("proximity_otp", totp); + + final OperationUserActionResponse actionResponse = operationService.attemptApproveOperation(approveRequest); + + assertEquals("APPROVED", actionResponse.getResult().toString()); + } + + @Test + void testOperationApproveWithInvalidProximityOtp() throws Exception { + final OperationDetailResponse operation = createOperation(true); + + final OperationDetailRequest detailRequest = new OperationDetailRequest(); + detailRequest.setOperationId(operation.getId()); + + final String totp = operationService.getOperation(detailRequest).getProximityOtp(); + assertNotNull(totp); + + final OperationApproveRequest approveRequest = createOperationApproveRequest(operation.getId()); + approveRequest.getAdditionalData().put("proximity_otp", "1111"); // invalid otp on purpose, it is too short + + final OperationUserActionResponse result = operationService.attemptApproveOperation(approveRequest); + + assertEquals("APPROVAL_FAILED", result.getResult().toString()); + } + private void createApplication() throws GenericServiceException { boolean appExists = applicationService.getApplicationList().getApplications().stream() .anyMatch(app -> app.getApplicationId().equals(APP_ID)); @@ -504,4 +542,23 @@ private void createOperationTemplateForLogin() throws GenericServiceException { } } + private OperationDetailResponse createOperation(final boolean proximityOtp) throws Exception { + final OperationCreateRequest operationCreateRequest = new OperationCreateRequest(); + operationCreateRequest.setApplications(List.of("PA_Tests")); + operationCreateRequest.setTemplateName("test-template"); + operationCreateRequest.setUserId("test-user"); + operationCreateRequest.setProximityCheckEnabled(proximityOtp); + return operationService.createOperation(operationCreateRequest); + } + + private static OperationApproveRequest createOperationApproveRequest(final String operationId) { + final OperationApproveRequest approveRequest = new OperationApproveRequest(); + approveRequest.setOperationId(operationId); + approveRequest.setUserId("test-user"); + approveRequest.setApplicationId("PA_Tests"); + approveRequest.setData("A2"); + approveRequest.setSignatureType(SignatureType.POSSESSION_KNOWLEDGE); + return approveRequest; + } + } diff --git a/powerauth-java-server/src/test/resources/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.sql b/powerauth-java-server/src/test/resources/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.sql deleted file mode 100644 index bf3b2bf4b..000000000 --- a/powerauth-java-server/src/test/resources/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.sql +++ /dev/null @@ -1,8 +0,0 @@ -INSERT INTO pa_application (id, name, roles) VALUES - (21, 'PA_Tests', '[ "ROLE3", "ROLE4" ]'); - -INSERT INTO pa_master_keypair (id, application_id, master_key_private_base64, master_key_public_base64, name, timestamp_created) -VALUES (21, 21, 'KdcJHQAT/BBF+26uBGNhGC0GQ93ncTx7V6kusNA8AdE=', 'BP8ZZ0LjiwRCQPob3NFwF9pPDLhxCjnPNmENzayEeeGCiDdk0gl3UzUhYk9ntMg18LZdhpvYnprZ8mk/71WlQqo=', 'PA_Tests Default Keypair', '2022-06-07 09:13:27.599000'); - -INSERT INTO pa_activation (activation_id, application_id, user_id, activation_name, activation_code, activation_status, activation_otp, activation_otp_validation, blocked_reason, counter, ctr_data, device_public_key_base64, extras, platform, device_info, flags, failed_attempts, max_failed_attempts, server_private_key_base64, server_private_key_encryption, server_public_key_base64, timestamp_activation_expire, timestamp_created, timestamp_last_used, timestamp_last_change, master_keypair_id, version) VALUES - ('e43a5dec-afea-4a10-a80b-b2183399f16b', 21, 'TestUserV3_d8c2e122-b12a-47f1-bca7-e04637bffd14', 'test v3', 'PXSNR-E2B46-7TY3G-TMR2Q', 3, null, 0, null, 0, 'D5XibWWPCv+nOOfcdfnUGQ==', 'BF3Sc/vqg8Zk70Y8rbT45xzAIxblGoWgLqknCHuNj7f6QFBNi2UnLbG7yMqf2eWShhyBJdu9zqx7DG2qzlqhbBE=', null, 'unknown', 'backend-tests', '[ ]', 0, 1, 'PUz/He8+RFoOPS1NG6Gw3TDXIQ/DnS1skNBOQWzXX60=', 0, 'BPHJ4N90NUuLDq92FJUPcaKZOMad1KH2HrwQEN9DB5ST5fiJU4baYF1VlK1JHglnnN1miL3/Qb6IyW3YSMBySYM=', '2023-04-03 14:04:06.015000', '2023-04-03 13:59:06.015000', '2023-04-03 13:59:16.293000', '2023-04-03 13:59:16.343000', 21, 3); From 70af45c34f2435da2b99734d43fae71d8597cb1f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jan 2024 01:57:40 +0000 Subject: [PATCH 054/146] Bump org.springframework.boot:spring-boot-starter-parent Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.2.1 to 3.2.2. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.2.1...v3.2.2) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 50f7f2efc..230234539 100644 --- a/pom.xml +++ b/pom.xml @@ -32,7 +32,7 @@ org.springframework.boot spring-boot-starter-parent - 3.2.1 + 3.2.2 From 12e1f299e7a69c062ced696bf4f04758c418fd6a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jan 2024 01:58:28 +0000 Subject: [PATCH 055/146] Bump com.webauthn4j:webauthn4j-test Bumps [com.webauthn4j:webauthn4j-test](https://github.com/webauthn4j/webauthn4j) from 0.21.8.RELEASE to 0.22.0.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.21.8.RELEASE...0.22.0.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-test dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 50f7f2efc..b1bc81f83 100644 --- a/pom.xml +++ b/pom.xml @@ -105,7 +105,7 @@ 3.15.6 - 0.21.8.RELEASE + 0.22.0.RELEASE From b9b29170f04ded76458bcdcfb9eab4465be62ddc Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Mon, 22 Jan 2024 16:54:26 +0800 Subject: [PATCH 056/146] Fix #1265: FIDO2: Improve error handling for converters --- .../Fido2DeserializationException.java | 41 +++++++++++++++++++ .../AttestationObjectDeserializer.java | 8 ++-- .../CollectedClientDataDeserializer.java | 7 ++-- .../controller/RESTControllerAdvice.java | 20 ++++++++- 4 files changed, 68 insertions(+), 8 deletions(-) create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java new file mode 100644 index 000000000..6a7b045f1 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java @@ -0,0 +1,41 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.errorhandling; + +import java.io.IOException; +import java.io.Serial; + +/** + * Exception related to FIDO2 deserialization issues. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +public class Fido2DeserializationException extends IOException { + + @Serial + private static final long serialVersionUID = 1835532378587759773L; + + public Fido2DeserializationException(String message) { + super(message); + } + + public Fido2DeserializationException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java index 536c07ce5..c1d276de0 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java @@ -18,11 +18,11 @@ package com.wultra.powerauth.fido2.rest.model.converter.serialization; -import com.fasterxml.jackson.core.JacksonException; import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; import com.fasterxml.jackson.dataformat.cbor.databind.CBORMapper; +import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; import com.wultra.powerauth.fido2.rest.model.entity.AttestationObject; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -52,7 +52,7 @@ public AttestationObjectDeserializer(Class vc) { } @Override - public AttestationObject deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { + public AttestationObject deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { try { final String originalTextValue = jsonParser.getText(); final byte[] decodedAttestationObject = Base64.getDecoder().decode(originalTextValue); @@ -60,8 +60,8 @@ public AttestationObject deserialize(JsonParser jsonParser, DeserializationConte attestationObject.setEncoded(originalTextValue); return attestationObject; } catch (IOException e) { - logger.warn(e.getMessage(), e); - return null; + logger.debug(e.getMessage(), e); + throw new Fido2DeserializationException(e.getMessage(), e); } } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java index c6ddc20d7..38498c8a4 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; import com.wultra.powerauth.fido2.rest.model.entity.CollectedClientData; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -52,7 +53,7 @@ public CollectedClientDataDeserializer(Class vc) { } @Override - public CollectedClientData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) { + public CollectedClientData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { try { final String originalTextValue = jsonParser.getText(); final byte[] decodedClientDataJSON = Base64.getDecoder().decode(originalTextValue); @@ -60,8 +61,8 @@ public CollectedClientData deserialize(JsonParser jsonParser, DeserializationCon collectedClientData.setEncoded(new String(decodedClientDataJSON)); return collectedClientData; } catch (IOException e) { - logger.warn(e.getMessage(), e); - return null; + logger.debug(e.getMessage(), e); + throw new Fido2DeserializationException(e.getMessage(), e); } } } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java index 1c5ca2af0..a9ec39b73 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java @@ -18,6 +18,7 @@ package io.getlime.security.powerauth.app.server.controller; import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; import com.wultra.security.powerauth.client.model.error.PowerAuthError; import com.wultra.security.powerauth.client.model.error.PowerAuthErrorRecovery; import io.getlime.core.rest.model.base.response.ObjectResponse; @@ -95,7 +96,24 @@ public class RESTControllerAdvice { logger.error("Error occurred while processing the request: {}", ex.getMessage()); logger.debug("Exception details:", ex); final PowerAuthError error = new PowerAuthError(); - error.setCode("ERROR_FIDO2"); + error.setCode("ERROR_FIDO2_AUTH"); + error.setMessage(ex.getMessage()); + error.setLocalizedMessage(ex.getLocalizedMessage()); + return new ObjectResponse<>("ERROR", error); + } + + /** + * Resolver for FIDO2 related deserialization errors. + * @param ex Exception for HTTP message not readable. + * @return Error for HTTP request. + */ + @ResponseStatus(HttpStatus.BAD_REQUEST) + @ExceptionHandler(value = Fido2DeserializationException.class) + public @ResponseBody ObjectResponse handleFido2DeserializationFailedException(Fido2DeserializationException ex) { + logger.error("Error occurred while processing the request: {}", ex.getMessage()); + logger.debug("Exception details:", ex); + final PowerAuthError error = new PowerAuthError(); + error.setCode("ERROR_FIDO2_REQUEST"); error.setMessage(ex.getMessage()); error.setLocalizedMessage(ex.getLocalizedMessage()); return new ObjectResponse<>("ERROR", error); From 5ef203292cce07a84258fdfb410c527e69dff86a Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Tue, 23 Jan 2024 09:50:24 +0100 Subject: [PATCH 057/146] Fix #1269: Document offline anti-fraud check --- docs/Offline-Signatures.md | 9 +++++++++ docs/WebServices-Methods.md | 2 +- ...CreatePersonalizedOfflineSignaturePayloadRequest.java | 6 +++--- .../model/request/VerifyOfflineSignatureRequest.java | 4 ++-- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/docs/Offline-Signatures.md b/docs/Offline-Signatures.md index d2445fb49..bd1992b61 100644 --- a/docs/Offline-Signatures.md +++ b/docs/Offline-Signatures.md @@ -17,6 +17,15 @@ For Web Flow the format of request `data` is documented in the [Offline Signatur The `offlineData` in response already contains all data required to display a QR code. The validity of the QR code should be verified by computing the ECDSA signature of `offlineData` content before the computed signature and comparing it with the `ECDSA_SIGNATURE` in `offlineData`. The `nonce` in response will be required during offline signature verification step. + +### Proximity anti-fraud check + +If you want to use the proximity anti-fraud feature in offline mode, you have to specify `nonce`, `proximityCheck.seed`, and `proximityCheck.stepLength` in `CreatePersonalizedOfflineSignaturePayloadRequest`. +In that case, `CreatePersonalizedOfflineSignaturePayloadResponse#offlineData` contains `CreatePersonalizedOfflineSignaturePayloadRequest#data` plus a generated TOTP. +The structure is following `{DATA})\n{TOTP}\n{NONCE}\n{KEY_SERVER_PRIVATE_INDICATOR}{ECDSA_SIGNATURE}`. +This value is transparent for you and is handled by Mobile SDK. + + ## Generating non-personalized offline signature payload Non-personalized offline signatures are used when activation ID is not known. A typical use case is offline verification for login operation. diff --git a/docs/WebServices-Methods.md b/docs/WebServices-Methods.md index 8deced4ec..c6d64ba8a 100644 --- a/docs/WebServices-Methods.md +++ b/docs/WebServices-Methods.md @@ -885,7 +885,7 @@ REST endpoint: `POST /rest/v3/signature/offline/personalized/create` |-----------|-----------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `String` | `activationId` | An identifier of an activation | | `String` | `data` | Data for the signature, for normalized value see the [Offline Signatures QR code](https://github.com/wultra/powerauth-webflow/blob/develop/docs/Off-line-Signatures-QR-Code.md) documentation | -| `String` | `nonce` | Optional nonce, otherwise it will be generated by PowerAuth server. Needed to be set when proximity check is enabled. | +| `String` | `nonce` | Optional nonce (16 bytes base64 encoded into 24 characters), otherwise it will be generated by PowerAuth server. Needed to be set when proximity check is enabled. | | `Object` | `proximityCheck` | Optional parameters for proximity TOTP. | | `String` | `proximityCheck.seed` | Seed for TOTP, base64 encoded. | | `Integer` | `proximityCheck.stepLength` | Length of the TOTP step in seconds. | diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/CreatePersonalizedOfflineSignaturePayloadRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/CreatePersonalizedOfflineSignaturePayloadRequest.java index c47c8d97d..aa3061fd8 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/CreatePersonalizedOfflineSignaturePayloadRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/CreatePersonalizedOfflineSignaturePayloadRequest.java @@ -35,14 +35,14 @@ public class CreatePersonalizedOfflineSignaturePayloadRequest { private String activationId; private String data; - @Schema(description = "Optional nonce, otherwise it will be generated by PowerAuth server. Needed to be set when proximity check is enabled.") + @Schema(description = "Optional nonce (16 bytes base64 encoded into 24 characters), otherwise it will be generated by PowerAuth server. Needed to be set when proximity check is enabled.", maxLength = 24) private String nonce; @Schema(description = "Optional proximity check configuration of TOTP.") - private ProximityCheck proximityCheck; + private CreateProximityCheck proximityCheck; @Data - public static class ProximityCheck { + public static class CreateProximityCheck { @NotNull @ToString.Exclude @Schema(description = "Seed for TOTP, base64 encoded.") diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/VerifyOfflineSignatureRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/VerifyOfflineSignatureRequest.java index f77064950..3deacc7f0 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/VerifyOfflineSignatureRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/VerifyOfflineSignatureRequest.java @@ -42,10 +42,10 @@ public class VerifyOfflineSignatureRequest { private boolean allowBiometry; @Schema(description = "Optional proximity check configuration of TOTP.") - private ProximityCheck proximityCheck; + private VerifyProximityCheck proximityCheck; @Data - public static class ProximityCheck { + public static class VerifyProximityCheck { @NotNull @ToString.Exclude @Schema(description = "Seed for TOTP, base64 encoded.") From 3708c1520ee2f5a44804e67d0c1307fc4ac6ddfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Ra=C4=8Dansk=C3=BD?= Date: Wed, 24 Jan 2024 13:10:58 +0100 Subject: [PATCH 058/146] Fix #1171: Document requirements on OS entropy for deployment of PowerAuth server (#1271) * Fix #1171: Document requirements on OS entropy for the deployment of PowerAuth server --- docs/System-Requirements.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/docs/System-Requirements.md b/docs/System-Requirements.md index d3cbc82a2..58f91a87e 100644 --- a/docs/System-Requirements.md +++ b/docs/System-Requirements.md @@ -60,3 +60,22 @@ You need following software versions: Deployment is described in a separate documentation: - [Docker Images for PowerAuth](https://github.com/wultra/powerauth-docker) + + +## Entropy + +The PowerAuth stack requires significant amount of entropy because of random number generators (RNG) used for cryptography. +When not enough entropy is available, the whole system may dramatically slow down or even get stuck. +That may happen especially in virtualized environment. + +For Linux Kernel lower than 5.4, the minimal required entropy is 256, ideally more than 1024. +For Linux Kernel 5.4 and higher: the minimal required entropy is 256 (it does not report more anyway). + +Command to get available entropy bits: + +```shell +cat /proc/sys/kernel/random/entropy_avail +``` + +We recommend using Linux Kernel 5.4 and newer, where `/dev/random` does not block anymore. +If you must run an older version, consider another source of entropy such as [haveged](https://github.com/jirka-h/haveged). From 6f0c926ec5abfea970fd49ab0c727c1f481f4ccc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Thu, 25 Jan 2024 16:54:18 +0700 Subject: [PATCH 059/146] Fix #1262: FIDO2: Write JavaDoc for classes and methods (#1274) --- .../model/error/PowerAuthClientException.java | 2 +- .../model/error/PowerAuthErrorRecovery.java | 2 +- .../Fido2AuthenticationFailedException.java | 9 + .../Fido2DeserializationException.java | 9 + .../rest/controller/AssertionController.java | 19 +- .../controller/RegistrationController.java | 24 ++- .../model/converter/AssertionConverter.java | 6 + .../converter/RegistrationConverter.java | 40 ++-- .../AttestationObjectDeserializer.java | 16 ++ .../AttestationStatementDeserializer.java | 42 +++- .../AuthenticatorDataDeserializer.java | 194 ++++++++++-------- .../Base64ToByteArrayDeserializer.java | 30 ++- .../Base64ToStringDeserializer.java | 26 ++- .../CollectedClientDataDeserializer.java | 16 ++ .../rest/model/entity/AssertionChallenge.java | 2 + .../rest/model/entity/AttestationObject.java | 2 + .../model/entity/AttestationStatement.java | 2 + .../model/entity/AttestedCredentialData.java | 2 + .../AuthenticatorAssertionResponse.java | 2 + .../AuthenticatorAttestationResponse.java | 2 + .../rest/model/entity/AuthenticatorData.java | 2 + .../model/entity/CollectedClientData.java | 2 + .../fido2/rest/model/entity/ECPoint.java | 2 + .../fido2/rest/model/entity/Flags.java | 2 + .../rest/model/entity/PublicKeyObject.java | 2 + .../rest/model/enumeration/CurveType.java | 2 + .../rest/model/enumeration/ECKeyType.java | 2 + .../fido2/rest/model/enumeration/Fmt.java | 2 + .../model/enumeration/SignatureAlgorithm.java | 2 + .../request/AssertionVerificationRequest.java | 2 + .../model/request/RegistrationRequest.java | 2 + .../response/AssertionChallengeResponse.java | 2 + .../RegisteredAuthenticatorsResponse.java | 2 + .../RegistrationChallengeResponse.java | 2 + .../model/response/RegistrationResponse.java | 2 + .../validator/AssertionRequestValidator.java | 5 + .../RegistrationRequestValidator.java | 5 + .../fido2/service/AssertionService.java | 8 + .../fido2/service/RegistrationService.java | 35 +++- .../provider/AuthenticatorProvider.java | 28 +++ .../service/provider/CryptographyService.java | 31 +++ .../converter/SignatureMetadataConverter.java | 2 +- .../model/entity/ActivationRecordEntity.java | 2 +- .../model/entity/ApplicationEntity.java | 2 +- .../model/entity/MasterKeyPairEntity.java | 2 +- .../model/entity/RecoveryCodeEntity.java | 2 +- .../model/entity/RecoveryConfigEntity.java | 2 +- .../model/entity/RecoveryPukEntity.java | 2 +- .../model/entity/SignatureEntity.java | 2 +- .../model/enumeration/EncryptionMode.java | 2 +- .../service/model/ActivationRecovery.java | 2 +- .../app/server/service/model/TokenInfo.java | 2 +- .../request/ActivationLayer2Request.java | 2 +- .../ConfirmRecoveryRequestPayload.java | 2 +- .../request/VaultUnlockRequestPayload.java | 2 +- .../response/ActivationLayer2Response.java | 2 +- .../ConfirmRecoveryResponsePayload.java | 2 +- .../response/UpgradeResponsePayload.java | 2 +- .../response/VaultUnlockResponsePayload.java | 2 +- .../signature/OfflineSignatureRequest.java | 2 +- .../signature/OnlineSignatureRequest.java | 2 +- .../model/signature/SignatureData.java | 2 +- .../model/signature/SignatureResponse.java | 2 +- 63 files changed, 492 insertions(+), 141 deletions(-) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthClientException.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthClientException.java index 8655aa443..d8b479285 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthClientException.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthClientException.java @@ -33,7 +33,7 @@ public class PowerAuthClientException extends Exception { private final PowerAuthError powerAuthError; /** - * Default constructor. + * No-arg constructor. */ public PowerAuthClientException() { this.powerAuthError = null; diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthErrorRecovery.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthErrorRecovery.java index 4599f1039..3d9b7aff9 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthErrorRecovery.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/error/PowerAuthErrorRecovery.java @@ -27,7 +27,7 @@ public class PowerAuthErrorRecovery extends PowerAuthError { private int currentRecoveryPukIndex; /** - * Default constructor. + * No-arg constructor. */ public PowerAuthErrorRecovery() { } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java index d3a59a633..13fc82e3d 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2AuthenticationFailedException.java @@ -30,10 +30,19 @@ public class Fido2AuthenticationFailedException extends Exception { @Serial private static final long serialVersionUID = -3214199555928548491L; + /** + * Exception constructor with message. + * @param message Exception message. + */ public Fido2AuthenticationFailedException(String message) { super(message); } + /** + * Exception constructor with message and cause. + * @param message Exception message. + * @param cause Exception cause. + */ public Fido2AuthenticationFailedException(String message, Throwable cause) { super(message, cause); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java index 6a7b045f1..812984dce 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/errorhandling/Fido2DeserializationException.java @@ -31,10 +31,19 @@ public class Fido2DeserializationException extends IOException { @Serial private static final long serialVersionUID = 1835532378587759773L; + /** + * Exception constructor with message. + * @param message Exception message. + */ public Fido2DeserializationException(String message) { super(message); } + /** + * Exception constructor with message and cause. + * @param message Exception message. + * @param cause Exception cause. + */ public Fido2DeserializationException(String message, Throwable cause) { super(message, cause); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java index bfc67ad0b..1055883ae 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java @@ -54,12 +54,23 @@ public class AssertionController { private final AssertionRequestValidator assertionRequestValidator; private final AssertionService assertionService; + /** + * Assertion controller constructor. + * @param assertionRequestValidator Assertion request validator. + * @param assertionService Assertion service. + */ @Autowired public AssertionController(AssertionRequestValidator assertionRequestValidator, AssertionService assertionService) { this.assertionRequestValidator = assertionRequestValidator; this.assertionService = assertionService; } + /** + * Request generating of an assertion challenge for an operation. + * @param request Assertion challenge request. + * @return Assertion challenge response. + * @throws Exception Thrown in case assertion challenge could not be generated. + */ @Operation( summary = "Generate an assertion challenge", description = "Generate a FIDO2 assertion challenge for an operation." @@ -76,13 +87,19 @@ public ObjectResponse requestAssertionChallenge(@Val return new ObjectResponse<>(assertionChallengeResponse); } + /** + * Verify a FIDO2 assertion for an operation. + * @param request Verify an assertion request. + * @return Verify an assertion response. + * @throws Fido2AuthenticationFailedException Thrown in case assertion validation fails. + */ @Operation( summary = "Verify an assertion", description = "Verify a FIDO2 assertion for an operation based on an assertion verification request generated and signed by the authenticator." ) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Assertion verification succeeded"), - @ApiResponse(responseCode = "400", description = "Invalid request or assertion verification failed"), + @ApiResponse(responseCode = "400", description = "Invalid request or assertion verification failed"), @ApiResponse(responseCode = "500", description = "Unexpected server error") }) @PostMapping diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java index 0f562dd58..02e54b9e4 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java @@ -54,11 +54,21 @@ public class RegistrationController { private final RegistrationService registrationService; + /** + * Registration controller constructor. + * @param registrationService Registration service. + */ @Autowired public RegistrationController(RegistrationService registrationService) { this.registrationService = registrationService; } + /** + * Obtain a list of registered FIDO2 authenticators. + * @param request Registered authenticators list request. + * @return Registered authenticators list response. + * @throws Exception Thrown in case registered authenticators list could not be obtained. + */ @Operation( summary = "List registered authenticators", description = "Obtain a list of registered FIDO2 authenticators for specified user." @@ -71,10 +81,16 @@ public RegistrationController(RegistrationService registrationService) { @PostMapping("list") public ObjectResponse registeredAuthenticators(@Valid @RequestBody ObjectRequest request) throws Exception { final RegisteredAuthenticatorsRequest requestObject = request.getRequestObject(); - final RegisteredAuthenticatorsResponse responseObject = registrationService.registrationsForUser(requestObject.getUserId(), requestObject.getApplicationId()); + final RegisteredAuthenticatorsResponse responseObject = registrationService.listRegistrationsForUser(requestObject.getUserId(), requestObject.getApplicationId()); return new ObjectResponse<>(responseObject); } + /** + * Request a registration challenge. + * @param request Registration challenge request. + * @return Registration challenge response. + * @throws Exception Thrown in case registration challenge could not be generated. + */ @Operation( summary = "Generate a registration challenge", description = "Generate a FIDO2 registration challenge for specified user." @@ -91,6 +107,12 @@ public ObjectResponse requestRegistrationChalleng return new ObjectResponse<>(responseObject); } + /** + * Register an authenticator. + * @param request Register an authenticator request. + * @return Register an authenticator response. + * @throws Exception Thrown in case registration fails. + */ @Operation( summary = "Register an authenticator", description = "Register a FIDO2 authenticator based on a registration request generated and signed by the authenticator." diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java index 27d54689c..0edb52027 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionConverter.java @@ -32,6 +32,12 @@ @Slf4j public class AssertionConverter { + /** + * Convert authenticator detail to assertion verification response. + * @param source Authenticator detail. + * @param assertionValid Whether assertion is valid. + * @return Converted assertion verification response. + */ public AssertionVerificationResponse fromAuthenticatorDetail(AuthenticatorDetail source, boolean assertionValid) { if (source == null) { return null; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index e313bbfd1..8407f2484 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -45,6 +45,14 @@ public class RegistrationConverter { private final AaguidList aaguidRegistry = new AaguidList(); + /** + * Convert registration challenge to authenticator detail. + * @param challenge Registration challenge. + * @param requestObject Registration request. + * @param aaguid AAGUID bytes. + * @param publicKey Public key bytes. + * @return Authenticator detail, if present. + */ public Optional convert(RegistrationChallenge challenge, RegistrationRequest requestObject, byte[] aaguid, byte[] publicKey) { try { final AuthenticatorDetail authenticatorDetail = new AuthenticatorDetail(); @@ -70,19 +78,11 @@ public Optional convert(RegistrationChallenge challenge, Re } } - private Map convertExtras(RegistrationRequest requestObject) throws JsonProcessingException { - final AuthenticatorParameters authenticatorParameters = requestObject.getAuthenticatorParameters(); - final Map params = new HashMap<>(); - params.put("relyingPartyId", authenticatorParameters.getRelyingPartyId()); - params.put("authenticatorAttachment", authenticatorParameters.getAuthenticatorAttachment()); - params.put("credentialId", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getCredentialId()); - params.put("origin", authenticatorParameters.getResponse().getClientDataJSON().getOrigin()); - params.put("topOrigin", authenticatorParameters.getResponse().getClientDataJSON().getTopOrigin()); - params.put("isCrossOrigin", authenticatorParameters.getResponse().getClientDataJSON().isCrossOrigin()); - params.put("aaguid", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getAaguid()); - return params; - } - + /** + * Convert authenticator detail to registration response. + * @param source Authenticator detail. + * @return Registration response. + */ public RegistrationResponse convertRegistrationResponse(AuthenticatorDetail source) { final RegistrationResponse result = new RegistrationResponse(); result.setUserId(source.getUserId()); @@ -101,4 +101,18 @@ public RegistrationResponse convertRegistrationResponse(AuthenticatorDetail sour result.setMaxFailedAttempts(source.getMaxFailedAttempts()); return result; } + + private Map convertExtras(RegistrationRequest requestObject) throws JsonProcessingException { + final AuthenticatorParameters authenticatorParameters = requestObject.getAuthenticatorParameters(); + final Map params = new HashMap<>(); + params.put("relyingPartyId", authenticatorParameters.getRelyingPartyId()); + params.put("authenticatorAttachment", authenticatorParameters.getAuthenticatorAttachment()); + params.put("credentialId", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getCredentialId()); + params.put("origin", authenticatorParameters.getResponse().getClientDataJSON().getOrigin()); + params.put("topOrigin", authenticatorParameters.getResponse().getClientDataJSON().getTopOrigin()); + params.put("isCrossOrigin", authenticatorParameters.getResponse().getClientDataJSON().isCrossOrigin()); + params.put("aaguid", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getAaguid()); + return params; + } + } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java index c1d276de0..7a4c326d0 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationObjectDeserializer.java @@ -32,6 +32,8 @@ import java.util.Base64; /** + * JSON deserializer for the attestation object. + * * @author Petr Dvorak, petr@wultra.com */ @Component @@ -43,14 +45,28 @@ public class AttestationObjectDeserializer extends StdDeserializer vc) { super(vc); } + /** + * Deserialize the FIDO2 attestation object from JSON request. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized FIDO2 attestation object. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override public AttestationObject deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { try { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java index 2308f49f7..d2a0b2c4a 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java @@ -22,6 +22,7 @@ import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; import com.wultra.powerauth.fido2.rest.model.entity.AttestationStatement; import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; import lombok.extern.slf4j.Slf4j; @@ -32,6 +33,8 @@ import java.util.Map; /** + * JSON deserializer for the attestation statement. + * * @author Petr Dvorak, petr@wultra.com */ @Component @@ -41,25 +44,44 @@ public class AttestationStatementDeserializer extends StdDeserializer vc) { super(vc); } + /** + * Deserialize the FIDO2 attestation object from JSON request. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized FIDO2 attestation statement. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override - public AttestationStatement deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { - final Map map = jsonParser.readValueAs(new TypeReference<>() {}); - final AttestationStatement result = new AttestationStatement(); - final Integer alg = (Integer) map.get("alg"); - if (alg != null && -7 == alg) { - result.setAlgorithm(SignatureAlgorithm.ES256); - } else { - result.setAlgorithm(SignatureAlgorithm.UNKNOWN); + public AttestationStatement deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { + try { + final Map map = jsonParser.readValueAs(new TypeReference<>() {}); + final AttestationStatement result = new AttestationStatement(); + final Integer alg = (Integer) map.get("alg"); + if (alg != null && -7 == alg) { + result.setAlgorithm(SignatureAlgorithm.ES256); + } else { + result.setAlgorithm(SignatureAlgorithm.UNKNOWN); + } + result.setSignature((byte[]) map.get("sig")); + return result; + } catch (IOException e) { + logger.debug(e.getMessage(), e); + throw new Fido2DeserializationException(e.getMessage(), e); } - result.setSignature((byte[]) map.get("sig")); - return result; } } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java index f942c7398..a14a52455 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java @@ -18,12 +18,12 @@ package com.wultra.powerauth.fido2.rest.model.converter.serialization; -import com.fasterxml.jackson.core.JacksonException; import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; import com.fasterxml.jackson.dataformat.cbor.databind.CBORMapper; +import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; import com.wultra.powerauth.fido2.rest.model.entity.ECPoint; import com.wultra.powerauth.fido2.rest.model.entity.Flags; @@ -40,6 +40,8 @@ import java.util.Map; /** + * JSON deserializer for FIDO2 authenticator data. + * * @author Petr Dvorak, petr@wultra.com */ @Component @@ -51,101 +53,119 @@ public class AuthenticatorDataDeserializer extends StdDeserializer vc) { + + /** + * Deserializer constructor with value class parameter. + * @param vc Value class parameter. + */ + public AuthenticatorDataDeserializer(Class vc) { super(vc); } + /** + * Deserialized the FIDO2 authenticator data. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized FIDO2 authenticator data. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override - public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { - final AuthenticatorData result = new AuthenticatorData(); - - // Serialize Auth Data - final byte[] authData = jsonParser.getBinaryValue(); - result.setEncoded(authData); - - // Get RP ID Hash - final byte[] rpIdHash = new byte[32]; - System.arraycopy(authData, 0, rpIdHash,0, 32); - result.setRpIdHash(rpIdHash); - - // Get Flags - final byte flagByte = authData[32]; - final Flags flags = result.getFlags(); - - flags.setUserPresent(isFlagOn(flagByte, 0)); - flags.setReservedBit2(isFlagOn(flagByte, 1)); - flags.setUserVerified(isFlagOn(flagByte, 2)); - flags.setBackupEligible(isFlagOn(flagByte, 3)); - flags.setBackupState(isFlagOn(flagByte, 4)); - flags.setReservedBit6(isFlagOn(flagByte, 5)); - flags.setAttestedCredentialsIncluded(isFlagOn(flagByte,6)); - flags.setExtensionDataIncluded(isFlagOn(flagByte,7)); - - // Get Signature Counter - final byte[] signCountBytes = new byte[4]; - System.arraycopy(authData, 33, signCountBytes, 0, 4); - final int signCount = ByteBuffer.wrap(signCountBytes).getInt(); // big-endian by default - result.setSignCount(signCount); - - if (authData.length > 37) { // get info about the credentials - - // Get AAGUID - final byte[] aaguid = new byte[16]; - System.arraycopy(authData, 37, aaguid, 0, 16); - result.getAttestedCredentialData().setAaguid(aaguid); - - // Get credential ID length - final byte[] credentialIdLength = new byte[2]; - System.arraycopy(authData, 53, credentialIdLength, 0, 2); - final ByteBuffer wrapped = ByteBuffer.wrap(credentialIdLength); // big-endian by default - short credentialIdLengthValue = wrapped.getShort(); - - // Get credentialId - final byte[] credentialId = new byte[credentialIdLengthValue]; - System.arraycopy(authData, 55, credentialId, 0, credentialIdLengthValue); - result.getAttestedCredentialData().setCredentialId(credentialId); - - // Get credentialPublicKey - final int remainingLength = authData.length - (55 + credentialIdLengthValue); - final byte[] credentialPublicKey = new byte[remainingLength]; - System.arraycopy(authData, 55 + credentialIdLengthValue, credentialPublicKey, 0, remainingLength); - final Map credentialPublicKeyMap = cborMapper.readValue(credentialPublicKey, new TypeReference<>() { - }); - - final PublicKeyObject publicKeyObject = new PublicKeyObject(); - final Integer algorithm = (Integer) credentialPublicKeyMap.get("3"); - if (algorithm != null && -7 == algorithm) { - publicKeyObject.setAlgorithm(SignatureAlgorithm.ES256); - } else { - throw new RuntimeException("Unsupported algorithm: " + algorithm); - } - final Integer curveType = (Integer) credentialPublicKeyMap.get("-1"); - if (curveType != null && 1 == curveType) { - publicKeyObject.setCurveType(CurveType.P256); - } else { - throw new RuntimeException("Unsupported curve type: " + curveType); - } - final Integer keyType = (Integer) credentialPublicKeyMap.get("1"); - if (keyType != null && 2 == keyType) { - publicKeyObject.setKeyType(ECKeyType.UNCOMPRESSED); - } else { - throw new RuntimeException("Unsupported key type: " + keyType); + public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { + try { + final AuthenticatorData result = new AuthenticatorData(); + + // Serialize Auth Data + final byte[] authData = jsonParser.getBinaryValue(); + result.setEncoded(authData); + + // Get RP ID Hash + final byte[] rpIdHash = new byte[32]; + System.arraycopy(authData, 0, rpIdHash, 0, 32); + result.setRpIdHash(rpIdHash); + + // Get Flags + final byte flagByte = authData[32]; + final Flags flags = result.getFlags(); + + flags.setUserPresent(isFlagOn(flagByte, 0)); + flags.setReservedBit2(isFlagOn(flagByte, 1)); + flags.setUserVerified(isFlagOn(flagByte, 2)); + flags.setBackupEligible(isFlagOn(flagByte, 3)); + flags.setBackupState(isFlagOn(flagByte, 4)); + flags.setReservedBit6(isFlagOn(flagByte, 5)); + flags.setAttestedCredentialsIncluded(isFlagOn(flagByte, 6)); + flags.setExtensionDataIncluded(isFlagOn(flagByte, 7)); + + // Get Signature Counter + final byte[] signCountBytes = new byte[4]; + System.arraycopy(authData, 33, signCountBytes, 0, 4); + final int signCount = ByteBuffer.wrap(signCountBytes).getInt(); // big-endian by default + result.setSignCount(signCount); + + if (authData.length > 37) { // get info about the credentials + + // Get AAGUID + final byte[] aaguid = new byte[16]; + System.arraycopy(authData, 37, aaguid, 0, 16); + result.getAttestedCredentialData().setAaguid(aaguid); + + // Get credential ID length + final byte[] credentialIdLength = new byte[2]; + System.arraycopy(authData, 53, credentialIdLength, 0, 2); + final ByteBuffer wrapped = ByteBuffer.wrap(credentialIdLength); // big-endian by default + short credentialIdLengthValue = wrapped.getShort(); + + // Get credentialId + final byte[] credentialId = new byte[credentialIdLengthValue]; + System.arraycopy(authData, 55, credentialId, 0, credentialIdLengthValue); + result.getAttestedCredentialData().setCredentialId(credentialId); + + // Get credentialPublicKey + final int remainingLength = authData.length - (55 + credentialIdLengthValue); + final byte[] credentialPublicKey = new byte[remainingLength]; + System.arraycopy(authData, 55 + credentialIdLengthValue, credentialPublicKey, 0, remainingLength); + final Map credentialPublicKeyMap = cborMapper.readValue(credentialPublicKey, new TypeReference<>() {}); + + final PublicKeyObject publicKeyObject = new PublicKeyObject(); + final Integer algorithm = (Integer) credentialPublicKeyMap.get("3"); + if (algorithm != null && -7 == algorithm) { + publicKeyObject.setAlgorithm(SignatureAlgorithm.ES256); + } else { + throw new RuntimeException("Unsupported algorithm: " + algorithm); + } + final Integer curveType = (Integer) credentialPublicKeyMap.get("-1"); + if (curveType != null && 1 == curveType) { + publicKeyObject.setCurveType(CurveType.P256); + } else { + throw new RuntimeException("Unsupported curve type: " + curveType); + } + final Integer keyType = (Integer) credentialPublicKeyMap.get("1"); + if (keyType != null && 2 == keyType) { + publicKeyObject.setKeyType(ECKeyType.UNCOMPRESSED); + } else { + throw new RuntimeException("Unsupported key type: " + keyType); + } + + final byte[] xBytes = (byte[]) credentialPublicKeyMap.get("-2"); + final byte[] yBytes = (byte[]) credentialPublicKeyMap.get("-3"); + final ECPoint point = new ECPoint(); + point.setX(xBytes); + point.setY(yBytes); + publicKeyObject.setPoint(point); + + result.getAttestedCredentialData().setPublicKeyObject(publicKeyObject); } - - final byte[] xBytes = (byte[]) credentialPublicKeyMap.get("-2"); - final byte[] yBytes = (byte[]) credentialPublicKeyMap.get("-3"); - final ECPoint point = new ECPoint(); - point.setX(xBytes); - point.setY(yBytes); - publicKeyObject.setPoint(point); - - result.getAttestedCredentialData().setPublicKeyObject(publicKeyObject); + return result; + } catch (IOException e) { + logger.debug(e.getMessage(), e); + throw new Fido2DeserializationException(e.getMessage(), e); } - - return result; } private boolean isFlagOn(byte flags, int position) throws IOException { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java index fe0801665..25c3026d7 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java @@ -21,29 +21,55 @@ import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; import java.io.IOException; import java.io.Serial; import java.util.Base64; /** + * Deserializer from Base64 to byte array. + * * @author Petr Dvorak, petr@wultra.com */ +@Component +@Slf4j public class Base64ToByteArrayDeserializer extends StdDeserializer { @Serial private static final long serialVersionUID = 4519714786533202920L; + /** + * No-arg deserializer constructor. + */ public Base64ToByteArrayDeserializer() { this(null); } + /** + * Deserializer constructor with value class parameter. + * @param vc Value class. + */ public Base64ToByteArrayDeserializer(Class vc) { super(vc); } + /** + * Deserialize data from Base64 to byte array. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized byte array. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override - public byte[] deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { - return Base64.getDecoder().decode(jsonParser.getText()); + public byte[] deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { + try { + return Base64.getDecoder().decode(jsonParser.getText()); + } catch (IOException e) { + logger.debug(e.getMessage(), e); + throw new Fido2DeserializationException(e.getMessage(), e); + } } } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java index 31d61449f..2daff0d15 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToStringDeserializer.java @@ -21,6 +21,7 @@ import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.databind.DeserializationContext; import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -30,6 +31,8 @@ import java.util.Base64; /** + * Deserializer from Base64 to string. + * * @author Petr Dvorak, petr@wultra.com */ @Component @@ -39,16 +42,35 @@ public class Base64ToStringDeserializer extends StdDeserializer { @Serial private static final long serialVersionUID = 2540966716709142276L; + /** + * No-arg deserializer constructor. + */ public Base64ToStringDeserializer() { this(null); } + /** + * Deserializer constructor with value class parameter. + * @param vc Value class. + */ public Base64ToStringDeserializer(Class vc) { super(vc); } + /** + * Deserialize data from Base64 to string. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized string. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override - public String deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException { - return new String(Base64.getDecoder().decode(jsonParser.getText()), StandardCharsets.UTF_8); + public String deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { + try { + return new String(Base64.getDecoder().decode(jsonParser.getText()), StandardCharsets.UTF_8); + } catch (IOException e) { + logger.debug(e.getMessage(), e); + throw new Fido2DeserializationException(e.getMessage(), e); + } } } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java index 38498c8a4..ddb5615fa 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java @@ -33,6 +33,8 @@ import java.util.Base64; /** + * Deserializer for FIDO2 collected client data. + * * @author Petr Dvorak, petr@wultra.com */ @Component @@ -44,14 +46,28 @@ public class CollectedClientDataDeserializer extends StdDeserializer vc) { super(vc); } + /** + * Deserialized the FIDO2 collected client data. + * @param jsonParser JSON parser. + * @param deserializationContext Deserialization context. + * @return Deserialized FIDO2 collected client data. + * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. + */ @Override public CollectedClientData deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { try { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java index 7d54eed23..e5867df3c 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java @@ -23,6 +23,8 @@ import java.util.List; /** + * Assertion challenge. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java index dafa7c33c..5848374d8 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationObject.java @@ -25,6 +25,8 @@ import lombok.Data; /** + * Attestation object. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java index 8c59404fe..299da3af4 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java @@ -22,6 +22,8 @@ import lombok.Data; /** + * Attestation statement. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java index f08265ec2..2e3a473df 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestedCredentialData.java @@ -21,6 +21,8 @@ import lombok.Data; /** + * Attested credential data. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java index 54d962491..3ed46bdc6 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java @@ -27,6 +27,8 @@ import lombok.Data; /** + * Authenticator assertion response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java index f78eb68be..cd86705e7 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAttestationResponse.java @@ -26,6 +26,8 @@ import java.util.List; /** + * Authenticator attestation response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java index 7d976f852..d280f191d 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorData.java @@ -24,6 +24,8 @@ import lombok.Data; /** + * Authenticator data. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java index 5985b996b..cba05f8ee 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/CollectedClientData.java @@ -26,6 +26,8 @@ import lombok.Data; /** + * Collected client data. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/ECPoint.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/ECPoint.java index fdae77c50..8d8b5d350 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/ECPoint.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/ECPoint.java @@ -21,6 +21,8 @@ import lombok.Data; /** + * Elliptic curve point coordinates. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java index 3f93a6e16..9a2ee93d9 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Flags.java @@ -21,6 +21,8 @@ import lombok.Data; /** + * FIDO2 flags. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java index 47dbbf5da..70ec54056 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/PublicKeyObject.java @@ -24,6 +24,8 @@ import lombok.Data; /** + * Class representing a public key object. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java index 21598d731..299449f66 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/CurveType.java @@ -19,6 +19,8 @@ package com.wultra.powerauth.fido2.rest.model.enumeration; /** + * Elliptic curve type enumeration. + * * @author Petr Dvorak, petr@wultra.com */ public enum CurveType { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java index a4f8851ea..76ba75175 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/ECKeyType.java @@ -19,6 +19,8 @@ package com.wultra.powerauth.fido2.rest.model.enumeration; /** + * Elliptic key type enumeration. + * * @author Roman Strobl, roman.strobl@wultra.com */ public enum ECKeyType { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java index 10a9f66fa..245a89568 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fmt.java @@ -21,6 +21,8 @@ import java.util.List; /** + * Attestation format enumeration. + * * @author Petr Dvorak, petr@wultra.com */ public enum Fmt { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java index 712069058..9680c2d3b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/SignatureAlgorithm.java @@ -19,6 +19,8 @@ package com.wultra.powerauth.fido2.rest.model.enumeration; /** + * Signature algorithm enumeration. + * * @author Petr Dvorak, petr@wultra.com */ public enum SignatureAlgorithm { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java index bea3f8e2c..09c20505b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java @@ -26,6 +26,8 @@ import java.util.List; /** + * Assertion verification request. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java index 591bb6fe1..46e97b508 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java @@ -23,6 +23,8 @@ import lombok.Data; /** + * Registration request. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java index e9c08f3dd..17e123a30 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java @@ -23,6 +23,8 @@ import java.util.List; /** + * Assertion challenge response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java index 5cd7b4da9..d7eb23993 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegisteredAuthenticatorsResponse.java @@ -25,6 +25,8 @@ import java.util.List; /** + * List of registered authenticators response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java index 48f24cbc7..334027cfe 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java @@ -21,6 +21,8 @@ import lombok.Data; /** + * Registration challenge response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java index c0015dcf5..f1f2944f9 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java @@ -26,6 +26,8 @@ import java.util.Map; /** + * Registration response. + * * @author Petr Dvorak, petr@wultra.com */ @Data diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java index b235b4ab7..c5d70d2d8 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/AssertionRequestValidator.java @@ -37,6 +37,11 @@ @Slf4j public class AssertionRequestValidator { + /** + * Validate an assertion verification request. + * @param request Assertion verification request. + * @return Validation result. + */ public String validate(AssertionVerificationRequest request) { if (request == null || request.getResponse() == null diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java index 21800b9c6..29e10fc3b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/validator/RegistrationRequestValidator.java @@ -40,6 +40,11 @@ @Slf4j public class RegistrationRequestValidator { + /** + * Validate a registration request. + * @param request Registration request. + * @return Validation result. + */ public String validate(RegistrationRequest request) { if (request == null) { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 5940f0e91..0534b44be 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -53,6 +53,14 @@ public class AssertionService { private final AssertionConverter assertionConverter; private final AssertionChallengeConverter assertionChallengeConverter; + /** + * Assertion service constructor. + * @param cryptographyService Cryptography service. + * @param authenticatorProvider Authenticator provider. + * @param assertionProvider Assertion provider. + * @param assertionConverter Assertion converter. + * @param assertionChallengeConverter Assertion challenge converter. + */ @Autowired public AssertionService(CryptographyService cryptographyService, AuthenticatorProvider authenticatorProvider, AssertionProvider assertionProvider, AssertionConverter assertionConverter, AssertionChallengeConverter assertionChallengeConverter) { this.cryptographyService = cryptographyService; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index f34da19a8..03c0d1d85 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -52,6 +52,16 @@ public class RegistrationService { private final RegistrationRequestValidator registrationRequestValidator; private final CryptographyService cryptographyService; + /** + * Registration service. + * + * @param authenticatorProvider Authenticator provider. + * @param registrationProvider Registration provider. + * @param registrationChallengeConverter Registration challenge converter. + * @param registrationConverter Registration converter. + * @param registrationRequestValidator Registration request validator. + * @param cryptographyService Cryptography service. + */ @Autowired public RegistrationService(AuthenticatorProvider authenticatorProvider, RegistrationProvider registrationProvider, RegistrationChallengeConverter registrationChallengeConverter, RegistrationConverter registrationConverter, RegistrationRequestValidator registrationRequestValidator, CryptographyService cryptographyService) { this.authenticatorProvider = authenticatorProvider; @@ -62,17 +72,40 @@ public RegistrationService(AuthenticatorProvider authenticatorProvider, Registra this.cryptographyService = cryptographyService; } - public RegisteredAuthenticatorsResponse registrationsForUser(String userId, String applicationId) throws Fido2AuthenticationFailedException { + /** + * List registrations for a user. + * + * @param userId User identifier. + * @param applicationId Application identifier. + * @return Registered authenticator list response. + * @throws Fido2AuthenticationFailedException In case list request fails. + */ + public RegisteredAuthenticatorsResponse listRegistrationsForUser(String userId, String applicationId) throws Fido2AuthenticationFailedException { final RegisteredAuthenticatorsResponse responseObject = new RegisteredAuthenticatorsResponse(); responseObject.getAuthenticators().addAll(authenticatorProvider.findByUserId(userId, applicationId)); return responseObject; } + /** + * Request a registration challenge. + * + * @param userId User identifier. + * @param applicationId Application identifier. + * @return Registration challenge response. + * @throws Exception Thrown in case creating challenge fails. + */ public RegistrationChallengeResponse requestRegistrationChallenge(String userId, String applicationId) throws Exception { final RegistrationChallenge challenge = registrationProvider.provideChallengeForRegistration(userId, applicationId); return registrationChallengeConverter.fromChallenge(challenge); } + /** + * Register an authenticator. + * + * @param requestObject Registration request. + * @return Registration response. + * @throws Exception Thrown in case registration fails. + */ public RegistrationResponse register(RegistrationRequest requestObject) throws Exception { final String applicationId = requestObject.getApplicationId(); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java index b8336e338..92a318fed 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AuthenticatorProvider.java @@ -30,8 +30,36 @@ * @author Petr Dvorak, petr@wultra.com */ public interface AuthenticatorProvider { + + /** + * Store an authenticator. + * + * @param applicationId Application identifier. + * @param challenge Registration challenge. + * @param authenticatorDetail Authenticator detail. + * @return Authenticator detail. + * @throws Fido2AuthenticationFailedException Thrown in case storing authenticator fails. + */ AuthenticatorDetail storeAuthenticator(String applicationId, String challenge, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException; + + /** + * Find an authenticator by a user identifier. + * + * @param userId User identifier. + * @param applicationId Application identifier. + * @return Authenticator detail list. + * @throws Fido2AuthenticationFailedException Thrown in case lookup fails. + */ List findByUserId(String userId, String applicationId) throws Fido2AuthenticationFailedException; + + /** + * Find an authenticator by a credential identifier. + * + * @param credentialId Credential identifier. + * @param applicationId Application identifier. + * @return Authenticator detail, if found. + * @throws Fido2AuthenticationFailedException Thrown in case lookup fails. + */ Optional findByCredentialId(String credentialId, String applicationId) throws Fido2AuthenticationFailedException; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java index e3f157ff7..f4fc85c23 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java @@ -26,9 +26,40 @@ * @author Petr Dvorak, petr@wultra.com */ public interface CryptographyService { + + /** + * Verify signature for a registration. + * + * @param applicationId Application identifier. + * @param clientDataJSON Collected client data. + * @param authData Authenticator data. + * @param signature Signature bytes. + * @param attestedCredentialData Attested credential data. + * @return Whether signature verification succeeded. + * @throws Exception Thrown in case of a cryptography error. + */ boolean verifySignatureForRegistration(String applicationId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AttestedCredentialData attestedCredentialData) throws Exception; + /** + * Verify signature for an assertion. + * + * @param applicationId Application identifier. + * @param authenticatorId Authenticator identifier. + * @param clientDataJSON Collected client data. + * @param authData Authenticator data. + * @param signature Signature bytes. + * @param authenticatorDetail Authenticator detail. + * @return Whether signature verification succeeded. + * @throws Exception Thrown in case of a cryptography error. + */ boolean verifySignatureForAssertion(String applicationId, String authenticatorId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AuthenticatorDetail authenticatorDetail) throws Exception; + /** + * Convert public key object to bytes. + * + * @param publicKey Public key object. + * @return Public key bytes. + * @throws Exception Thrown in case of a cryptography error. + */ byte[] publicKeyToBytes(PublicKeyObject publicKey) throws Exception; } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/SignatureMetadataConverter.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/SignatureMetadataConverter.java index 817b927ca..18e32c48f 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/SignatureMetadataConverter.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/SignatureMetadataConverter.java @@ -43,7 +43,7 @@ public class SignatureMetadataConverter implements AttributeConverter activationHistory = new ArrayList<>(); /** - * Default constructor. + * No-arg constructor. */ public ActivationRecordEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java index 6f30d80a3..193d979f7 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java @@ -61,7 +61,7 @@ public class ApplicationEntity implements Serializable { private final List recoveryCodes = new ArrayList<>(); /** - * Default constructor. + * No-arg constructor. */ public ApplicationEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/MasterKeyPairEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/MasterKeyPairEntity.java index 25e00dd2d..fb0e1559c 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/MasterKeyPairEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/MasterKeyPairEntity.java @@ -59,7 +59,7 @@ public class MasterKeyPairEntity implements Serializable { private ApplicationEntity application; /** - * Default constructor + * No-arg constructor */ public MasterKeyPairEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryCodeEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryCodeEntity.java index 1ebe328b0..8e5a2cd40 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryCodeEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryCodeEntity.java @@ -83,7 +83,7 @@ public class RecoveryCodeEntity implements Serializable { private final List recoveryPuks = new ArrayList<>(); /** - * Default constructor. + * No-arg constructor. */ public RecoveryCodeEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryConfigEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryConfigEntity.java index 73d787070..7c734d3de 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryConfigEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryConfigEntity.java @@ -70,7 +70,7 @@ public class RecoveryConfigEntity implements Serializable { private ApplicationEntity application; /** - * Default constructor + * No-arg constructor */ public RecoveryConfigEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryPukEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryPukEntity.java index e01223b41..0e739d0cd 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryPukEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/RecoveryPukEntity.java @@ -67,7 +67,7 @@ public class RecoveryPukEntity implements Serializable { private Date timestampLastChange; /** - * Default constructor. + * No-arg constructor. */ public RecoveryPukEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java index 9f3688ae3..e0798e6e4 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java @@ -95,7 +95,7 @@ public class SignatureEntity implements Serializable { private Date timestampCreated; /** - * Default constructor. + * No-arg constructor. */ public SignatureEntity() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/enumeration/EncryptionMode.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/enumeration/EncryptionMode.java index 323ee127c..43b4ded1f 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/enumeration/EncryptionMode.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/enumeration/EncryptionMode.java @@ -44,7 +44,7 @@ public enum EncryptionMode { final byte value; /** - * Default constructor with byte value of encryption mode. + * No-arg constructor with byte value of encryption mode. * @param value Byte value of encryption mode. */ EncryptionMode(final byte value) { diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/ActivationRecovery.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/ActivationRecovery.java index f3bb5320b..05aca19e3 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/ActivationRecovery.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/ActivationRecovery.java @@ -30,7 +30,7 @@ public class ActivationRecovery { private String puk; /** - * Default constuctor. + * No-arg constructor. */ public ActivationRecovery() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/TokenInfo.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/TokenInfo.java index a22782fdb..e1a2de5b8 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/TokenInfo.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/TokenInfo.java @@ -28,7 +28,7 @@ public class TokenInfo { private String tokenSecret; /** - * Default constructor. + * No-arg constructor. */ public TokenInfo() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java index 8c831f941..858f5ca79 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ActivationLayer2Request.java @@ -34,7 +34,7 @@ public class ActivationLayer2Request { private String deviceInfo; /** - * Default constructor. + * No-arg constructor. */ public ActivationLayer2Request() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ConfirmRecoveryRequestPayload.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ConfirmRecoveryRequestPayload.java index a703606d5..4fd70488f 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ConfirmRecoveryRequestPayload.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/ConfirmRecoveryRequestPayload.java @@ -30,7 +30,7 @@ public class ConfirmRecoveryRequestPayload { private String recoveryCode; /** - * Default constructor. + * No-arg constructor. */ public ConfirmRecoveryRequestPayload() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/VaultUnlockRequestPayload.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/VaultUnlockRequestPayload.java index 323a18d47..a47ddc2ec 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/VaultUnlockRequestPayload.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/request/VaultUnlockRequestPayload.java @@ -28,7 +28,7 @@ public class VaultUnlockRequestPayload { private String reason; /** - * Default constructor. + * No-arg constructor. */ public VaultUnlockRequestPayload() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ActivationLayer2Response.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ActivationLayer2Response.java index 8b6aa8872..bf4dba184 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ActivationLayer2Response.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ActivationLayer2Response.java @@ -33,7 +33,7 @@ public class ActivationLayer2Response { private ActivationRecovery activationRecovery; /** - * Default constructor. + * No-arg constructor. */ public ActivationLayer2Response() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ConfirmRecoveryResponsePayload.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ConfirmRecoveryResponsePayload.java index a8505b6b5..dc3c76fa7 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ConfirmRecoveryResponsePayload.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/ConfirmRecoveryResponsePayload.java @@ -30,7 +30,7 @@ public class ConfirmRecoveryResponsePayload { private boolean alreadyConfirmed; /** - * Default constructor. + * No-arg constructor. */ public ConfirmRecoveryResponsePayload() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/UpgradeResponsePayload.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/UpgradeResponsePayload.java index d4268d5e4..1e4fc4d8e 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/UpgradeResponsePayload.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/UpgradeResponsePayload.java @@ -28,7 +28,7 @@ public class UpgradeResponsePayload { /** - * Default constructor. + * No-arg constructor. */ public UpgradeResponsePayload() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/VaultUnlockResponsePayload.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/VaultUnlockResponsePayload.java index 385d9e9d2..244c0b28d 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/VaultUnlockResponsePayload.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/response/VaultUnlockResponsePayload.java @@ -28,7 +28,7 @@ public class VaultUnlockResponsePayload { private String encryptedVaultEncryptionKey; /** - * Default constructor. + * No-arg constructor. */ public VaultUnlockResponsePayload() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OfflineSignatureRequest.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OfflineSignatureRequest.java index 2d7c22021..946c413de 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OfflineSignatureRequest.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OfflineSignatureRequest.java @@ -32,7 +32,7 @@ public class OfflineSignatureRequest { private List signatureTypes; /** - * Default constructor. + * No-arg constructor. */ public OfflineSignatureRequest() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OnlineSignatureRequest.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OnlineSignatureRequest.java index 05a8351f3..ce102740b 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OnlineSignatureRequest.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/OnlineSignatureRequest.java @@ -30,7 +30,7 @@ public class OnlineSignatureRequest { private SignatureType signatureType; /** - * Default constructor. + * No-arg constructor. */ public OnlineSignatureRequest() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureData.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureData.java index 933096d5e..789edbff4 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureData.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureData.java @@ -38,7 +38,7 @@ public class SignatureData { private Integer forcedSignatureVersion; /** - * Default constructor. + * No-arg constructor. */ public SignatureData() { } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureResponse.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureResponse.java index 711f29b13..47718f499 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureResponse.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/model/signature/SignatureResponse.java @@ -33,7 +33,7 @@ public class SignatureResponse { private SignatureType usedSignatureType; /** - * Default constructor. + * No-arg constructor. */ public SignatureResponse() { } From e8ad7607a1dd72397d22a0648d10fb2c544c4f16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Fri, 26 Jan 2024 17:59:40 +0800 Subject: [PATCH 060/146] Fix #1277: FIDO2: Add a protocol check into existing services (#1278) --- .../client/model/enumeration/Protocols.java | 9 ++ .../tasks/ActivationContextValidator.java | 108 ++++++++++++++++++ .../tasks/ActivationServiceBehavior.java | 7 +- .../AsymmetricSignatureServiceBehavior.java | 5 +- .../tasks/EciesEncryptionBehavior.java | 14 +-- .../OfflineSignatureServiceBehavior.java | 3 + .../tasks/RecoveryServiceBehavior.java | 13 +-- .../tasks/SignatureSharedServiceBehavior.java | 22 ++-- .../service/behavior/tasks/TokenBehavior.java | 14 +-- .../tasks/UpgradeServiceBehavior.java | 27 +++-- .../tasks/VaultUnlockServiceBehavior.java | 6 +- 11 files changed, 174 insertions(+), 54 deletions(-) create mode 100644 powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationContextValidator.java diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java index 9e43497e2..26c76b14c 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/enumeration/Protocols.java @@ -41,4 +41,13 @@ public enum Protocols { public String toString() { return protocol; } + + public static boolean isPowerAuth(String protocol) { + return POWERAUTH.protocol.equals(protocol); + } + + public static boolean isFido2(String protocol) { + return FIDO2.protocol.equals(protocol); + } + } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationContextValidator.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationContextValidator.java new file mode 100644 index 000000000..b533362f4 --- /dev/null +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationContextValidator.java @@ -0,0 +1,108 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +package io.getlime.security.powerauth.app.server.service.behavior.tasks; + +import com.wultra.security.powerauth.client.model.enumeration.Protocols; +import io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus; +import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException; +import io.getlime.security.powerauth.app.server.service.i18n.LocalizationProvider; +import io.getlime.security.powerauth.app.server.service.model.ServiceError; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +/** + * Validation of activation context. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Component +@Slf4j +public class ActivationContextValidator { + + /** + * Validate that protocol is powerauth. + * @param protocol Protocol. + * @param localizationProvider Localization provider. + * @throws GenericServiceException Thrown when protocol is invalid. + */ + public void validatePowerAuthProtocol(final String protocol, final LocalizationProvider localizationProvider) throws GenericServiceException { + if (!Protocols.isPowerAuth(protocol)) { + logger.warn("Invalid protocol: {}, expected: powerauth", protocol); + throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST); + } + } + + /** + * Validate that protocol is fido2. + * @param protocol Protocol. + * @param localizationProvider Localization provider. + * @throws GenericServiceException Thrown when protocol is invalid. + */ + public void validateFido2Protocol(final String protocol, final LocalizationProvider localizationProvider) throws GenericServiceException { + if (!Protocols.isFido2(protocol)) { + logger.warn("Invalid protocol: {}, expected: fido2", protocol); + throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST); + } + } + + /** + * Validate that activation status is ACTIVE. + * @param activationStatus Actual validation status. + * @param activationId Activation identifier. + * @param localizationProvider Localization provider. + * @throws GenericServiceException Thrown when activation status is invalid. + */ + public void validateActiveStatus(final ActivationStatus activationStatus, final String activationId, final LocalizationProvider localizationProvider) throws GenericServiceException { + // Check if the activation is in correct state + if (!ActivationStatus.ACTIVE.equals(activationStatus)) { + logger.info("Activation is not ACTIVE, activation ID: {}", activationId); + throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_INCORRECT_STATE); + } + } + + /** + * Validate activation version. + * @param actualVersion Actual version. + * @param expectedVersion Expected version. + * @param activationId Activation identifier. + * @param localizationProvider Localization provider. + * @throws GenericServiceException Thrown when activation version is invalid. + */ + public void validateVersion(final int actualVersion, final int expectedVersion, final String activationId, final LocalizationProvider localizationProvider) throws GenericServiceException { + if (actualVersion != expectedVersion) { + logger.info("Activation version is invalid, activation ID: {}, expected: {}, actual: {}", activationId, expectedVersion, actualVersion); + throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_INCORRECT_STATE); + } + } + + /** + * Validate activation version. + * @param activationVersion Version of activation. + * @param localizationProvider Localization provider. + * @throws GenericServiceException Thrown when activation version is invalid. + */ + public void validateVersionValid(final int activationVersion, final LocalizationProvider localizationProvider) throws GenericServiceException { + if (activationVersion < 2 || activationVersion > 3) { + logger.warn("Invalid activation version: {}", activationVersion); + throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_INCORRECT_STATE); + } + } + +} diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java index e4171f0ba..d00d153b6 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java @@ -111,6 +111,8 @@ public class ActivationServiceBehavior { private final ReplayVerificationService replayVerificationService; + private final ActivationContextValidator activationValidator; + // Prepare converters private final ActivationStatusConverter activationStatusConverter = new ActivationStatusConverter(); private final ActivationOtpValidationConverter activationOtpValidationConverter = new ActivationOtpValidationConverter(); @@ -127,10 +129,11 @@ public class ActivationServiceBehavior { private static final Logger logger = LoggerFactory.getLogger(ActivationServiceBehavior.class); @Autowired - public ActivationServiceBehavior(RepositoryCatalogue repositoryCatalogue, PowerAuthServiceConfiguration powerAuthServiceConfiguration, ReplayVerificationService eciesreplayPersistenceService, ObjectMapper objectMapper) { + public ActivationServiceBehavior(RepositoryCatalogue repositoryCatalogue, PowerAuthServiceConfiguration powerAuthServiceConfiguration, ReplayVerificationService eciesreplayPersistenceService, ActivationContextValidator activationValidator, ObjectMapper objectMapper) { this.repositoryCatalogue = repositoryCatalogue; this.powerAuthServiceConfiguration = powerAuthServiceConfiguration; this.replayVerificationService = eciesreplayPersistenceService; + this.activationValidator = activationValidator; this.objectMapper = objectMapper; } @@ -2001,6 +2004,8 @@ private ActivationRecovery createRecoveryCodeForActivation(ActivationRecordEntit throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST); } + activationValidator.validatePowerAuthProtocol(activationEntity.getProtocol(), localizationProvider); + // Note: the code below expects that application version for given activation has been verified. // We want to avoid checking application version twice (once during activation and second time in this method). // It is also expected that the activation is a valid activation which has just been created. diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/AsymmetricSignatureServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/AsymmetricSignatureServiceBehavior.java index 361f77ea1..8fc7171d0 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/AsymmetricSignatureServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/AsymmetricSignatureServiceBehavior.java @@ -47,6 +47,7 @@ public class AsymmetricSignatureServiceBehavior { private final ActivationRepository activationRepository; private final LocalizationProvider localizationProvider; + private final ActivationContextValidator activationValidator; private final SignatureUtils signatureUtils = new SignatureUtils(); @@ -54,9 +55,10 @@ public class AsymmetricSignatureServiceBehavior { private static final Logger logger = LoggerFactory.getLogger(AsymmetricSignatureServiceBehavior.class); @Autowired - public AsymmetricSignatureServiceBehavior(ActivationRepository activationRepository, LocalizationProvider localizationProvider) { + public AsymmetricSignatureServiceBehavior(ActivationRepository activationRepository, LocalizationProvider localizationProvider, ActivationContextValidator activationValidator) { this.activationRepository = activationRepository; this.localizationProvider = localizationProvider; + this.activationValidator = activationValidator; } /** @@ -75,6 +77,7 @@ public boolean verifyECDSASignature(String activationId, String data, String sig logger.warn("Activation used when verifying ECDSA signature does not exist, activation ID: {}", activationId); return false; } + activationValidator.validatePowerAuthProtocol(activation.getProtocol(), localizationProvider); byte[] devicePublicKeyData = Base64.getDecoder().decode(activation.getDevicePublicKeyBase64()); PublicKey devicePublicKey = keyConversionUtilities.convertBytesToPublicKey(devicePublicKeyData); return signatureUtils.validateECDSASignature(Base64.getDecoder().decode(data), Base64.getDecoder().decode(signature), devicePublicKey); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/EciesEncryptionBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/EciesEncryptionBehavior.java index d3c1c5e5c..e437d0a9a 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/EciesEncryptionBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/EciesEncryptionBehavior.java @@ -21,7 +21,6 @@ import com.wultra.security.powerauth.client.model.response.GetEciesDecryptorResponse; import io.getlime.security.powerauth.app.server.converter.ServerPrivateKeyConverter; import io.getlime.security.powerauth.app.server.database.RepositoryCatalogue; -import io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus; import io.getlime.security.powerauth.app.server.database.model.enumeration.EncryptionMode; import io.getlime.security.powerauth.app.server.database.model.ServerPrivateKey; import io.getlime.security.powerauth.app.server.database.model.entity.ActivationRecordEntity; @@ -75,6 +74,7 @@ public class EciesEncryptionBehavior { private final LocalizationProvider localizationProvider; private final ServerPrivateKeyConverter serverPrivateKeyConverter; private final ReplayVerificationService replayVerificationService; + private final ActivationContextValidator activationValidator; // Helper classes private final EncryptorFactory encryptorFactory = new EncryptorFactory(); @@ -85,11 +85,12 @@ public class EciesEncryptionBehavior { private static final Logger logger = LoggerFactory.getLogger(EciesEncryptionBehavior.class); @Autowired - public EciesEncryptionBehavior(RepositoryCatalogue repositoryCatalogue, LocalizationProvider localizationProvider, ServerPrivateKeyConverter serverPrivateKeyConverter, ReplayVerificationService replayVerificationService) { + public EciesEncryptionBehavior(RepositoryCatalogue repositoryCatalogue, LocalizationProvider localizationProvider, ServerPrivateKeyConverter serverPrivateKeyConverter, ReplayVerificationService replayVerificationService, ActivationContextValidator activationValidator) { this.repositoryCatalogue = repositoryCatalogue; this.localizationProvider = localizationProvider; this.serverPrivateKeyConverter = serverPrivateKeyConverter; this.replayVerificationService = replayVerificationService; + this.activationValidator = activationValidator; } /** @@ -217,6 +218,8 @@ private GetEciesDecryptorResponse getEciesDecryptorParametersForActivation(GetEc throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_NOT_FOUND); } + activationValidator.validatePowerAuthProtocol(activation.getProtocol(), localizationProvider); + if (request.getTimestamp() != null) { // Check ECIES request for replay attacks and persist unique value from request replayVerificationService.checkAndPersistUniqueValue( @@ -228,12 +231,7 @@ private GetEciesDecryptorResponse getEciesDecryptorParametersForActivation(GetEc request.getProtocolVersion()); } - // Check if the activation is in correct state - if (!ActivationStatus.ACTIVE.equals(activation.getActivationStatus())) { - logger.info("Activation is not ACTIVE, activation ID: {}", request.getActivationId()); - // Rollback is not required, database is not used for writing - throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_INCORRECT_STATE); - } + activationValidator.validateActiveStatus(activation.getActivationStatus(), activation.getActivationId(), localizationProvider); // Lookup the application version and check that it is supported final ApplicationVersionEntity applicationVersion = repositoryCatalogue.getApplicationVersionRepository().findByApplicationKey(request.getApplicationKey()); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OfflineSignatureServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OfflineSignatureServiceBehavior.java index 0cdcbbfee..0c692b9d0 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OfflineSignatureServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OfflineSignatureServiceBehavior.java @@ -82,6 +82,7 @@ public class OfflineSignatureServiceBehavior { private final SignatureSharedServiceBehavior signatureSharedServiceBehavior; private final LocalizationProvider localizationProvider; private final PowerAuthServiceConfiguration powerAuthServiceConfiguration; + private final ActivationContextValidator activationValidator; // Prepare converters private final ActivationStatusConverter activationStatusConverter = new ActivationStatusConverter(); @@ -131,6 +132,8 @@ public CreatePersonalizedOfflineSignaturePayloadResponse createPersonalizedOffli throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_NOT_FOUND); } + activationValidator.validatePowerAuthProtocol(activation.getProtocol(), localizationProvider); + // Proceed and compute the results try { diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/RecoveryServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/RecoveryServiceBehavior.java index 1ce54b68c..14d7dc0f9 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/RecoveryServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/RecoveryServiceBehavior.java @@ -88,6 +88,7 @@ public class RecoveryServiceBehavior { private final ServerPrivateKeyConverter serverPrivateKeyConverter; private final RecoveryPrivateKeyConverter recoveryPrivateKeyConverter; private final ReplayVerificationService replayVerificationService; + private final ActivationContextValidator activationValidator; // Business logic implementation classes private final PowerAuthServerKeyFactory powerAuthServerKeyFactory = new PowerAuthServerKeyFactory(); @@ -106,13 +107,14 @@ public class RecoveryServiceBehavior { public RecoveryServiceBehavior(LocalizationProvider localizationProvider, PowerAuthServiceConfiguration powerAuthServiceConfiguration, RepositoryCatalogue repositoryCatalogue, ServerPrivateKeyConverter serverPrivateKeyConverter, RecoveryPrivateKeyConverter recoveryPrivateKeyConverter, - ReplayVerificationService replayVerificationService, ObjectMapper objectMapper, RecoveryPukConverter recoveryPukConverter) { + ReplayVerificationService replayVerificationService, ActivationContextValidator activationValidator, ObjectMapper objectMapper, RecoveryPukConverter recoveryPukConverter) { this.localizationProvider = localizationProvider; this.powerAuthServiceConfiguration = powerAuthServiceConfiguration; this.repositoryCatalogue = repositoryCatalogue; this.serverPrivateKeyConverter = serverPrivateKeyConverter; this.recoveryPrivateKeyConverter = recoveryPrivateKeyConverter; this.replayVerificationService = replayVerificationService; + this.activationValidator = activationValidator; this.objectMapper = objectMapper; this.recoveryPukConverter = recoveryPukConverter; } @@ -312,12 +314,9 @@ public ConfirmRecoveryCodeResponse confirmRecoveryCode(ConfirmRecoveryCodeReques throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST); } - // Check if the activation is in ACTIVE state - if (!ActivationStatus.ACTIVE.equals(activation.getActivationStatus())) { - logger.warn("Activation is not ACTIVE, activation ID: {}", activationId); - // Rollback is not required, error occurs before writing to database - throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_INCORRECT_STATE); - } + activationValidator.validatePowerAuthProtocol(activation.getProtocol(), localizationProvider); + + activationValidator.validateActiveStatus(activation.getActivationStatus(), activation.getActivationId(), localizationProvider); // Get the server private key, decrypt it if required final String serverPrivateKeyFromEntity = activation.getServerPrivateKeyBase64(); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/SignatureSharedServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/SignatureSharedServiceBehavior.java index 85a4ed5b4..7b97d631e 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/SignatureSharedServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/SignatureSharedServiceBehavior.java @@ -75,6 +75,7 @@ public class SignatureSharedServiceBehavior { private final CallbackUrlBehavior callbackUrlBehavior; private final LocalizationProvider localizationProvider; private final PowerAuthServiceConfiguration powerAuthServiceConfiguration; + private final ActivationContextValidator activationValidator; private ServerPrivateKeyConverter serverPrivateKeyConverter; @@ -90,15 +91,17 @@ public class SignatureSharedServiceBehavior { * @param callbackUrlBehavior Callback URL behavior. * @param localizationProvider Localization provider for error handling. * @param powerAuthServiceConfiguration PowerAuth service configuration. + * @param activationValidator */ @Autowired - public SignatureSharedServiceBehavior(RepositoryCatalogue repositoryCatalogue, ActivationHistoryServiceBehavior activationHistoryServiceBehavior, AuditingServiceBehavior auditingServiceBehavior, CallbackUrlBehavior callbackUrlBehavior, LocalizationProvider localizationProvider, PowerAuthServiceConfiguration powerAuthServiceConfiguration) { + public SignatureSharedServiceBehavior(RepositoryCatalogue repositoryCatalogue, ActivationHistoryServiceBehavior activationHistoryServiceBehavior, AuditingServiceBehavior auditingServiceBehavior, CallbackUrlBehavior callbackUrlBehavior, LocalizationProvider localizationProvider, PowerAuthServiceConfiguration powerAuthServiceConfiguration, ActivationContextValidator activationValidator) { this.repositoryCatalogue = repositoryCatalogue; this.activationHistoryServiceBehavior = activationHistoryServiceBehavior; this.auditingServiceBehavior = auditingServiceBehavior; this.callbackUrlBehavior = callbackUrlBehavior; this.localizationProvider = localizationProvider; this.powerAuthServiceConfiguration = powerAuthServiceConfiguration; + this.activationValidator = activationValidator; } /** @@ -266,6 +269,8 @@ public void handleInactiveActivationWithMismatchSignature(ActivationRecordEntity * @throws GenericCryptoException In case of any other cryptography error. */ private SignatureResponse verifySignatureImpl(ActivationRecordEntity activation, SignatureData signatureData, List signatureTypes, KeyConvertor keyConversionUtilities) throws InvalidKeyException, InvalidKeySpecException, GenericServiceException, CryptoProviderException, GenericCryptoException { + activationValidator.validatePowerAuthProtocol(activation.getProtocol(), localizationProvider); + // Get the server private and device public keys // Decrypt server private key (depending on encryption mode) @@ -344,19 +349,6 @@ private SignatureResponse verifySignatureImpl(ActivationRecordEntity activation, return new SignatureResponse(signatureValid, ctrNext, ctrDataNext, signatureVersion, usedSignatureType); } - /** - * Validate activation version. - * @param activationVersion Version of activation. - * @throws GenericServiceException Thrown when activation version is invalid. - */ - private void validateActivationVersion(Integer activationVersion) throws GenericServiceException { - if (activationVersion == null || activationVersion < 2 || activationVersion > 3) { - logger.warn("Invalid activation version: {}", activationVersion); - // Rollback is not required, error occurs before writing to database - throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_INCORRECT_STATE); - } - } - /** * Implementation of handle invalid application version. * @param activation Activation used for signature verification. @@ -596,7 +588,7 @@ private boolean notPossessionFactorSignature(SignatureType signatureType) { */ private Integer resolveSignatureVersion(ActivationRecordEntity activation, Integer forcedSignatureVersion) throws GenericServiceException { // Validate activation version - validateActivationVersion(activation.getVersion()); + activationValidator.validateVersionValid(activation.getVersion(), localizationProvider); // Set signature version based on activation version as default Integer signatureVersion = activation.getVersion(); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/TokenBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/TokenBehavior.java index ef6f00945..601b928e1 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/TokenBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/TokenBehavior.java @@ -83,6 +83,7 @@ public class TokenBehavior { private final PowerAuthServiceConfiguration powerAuthServiceConfiguration; private final ServerPrivateKeyConverter serverPrivateKeyConverter; private final ReplayVerificationService replayVerificationService; + private final ActivationContextValidator activationValidator; // Business logic implementation classes private final ServerTokenGenerator tokenGenerator = new ServerTokenGenerator(); @@ -101,12 +102,13 @@ public class TokenBehavior { private static final Logger logger = LoggerFactory.getLogger(TokenBehavior.class); @Autowired - public TokenBehavior(RepositoryCatalogue repositoryCatalogue, LocalizationProvider localizationProvider, PowerAuthServiceConfiguration powerAuthServiceConfiguration, ServerPrivateKeyConverter serverPrivateKeyConverter, ReplayVerificationService replayVerificationService, ObjectMapper objectMapper) { + public TokenBehavior(RepositoryCatalogue repositoryCatalogue, LocalizationProvider localizationProvider, PowerAuthServiceConfiguration powerAuthServiceConfiguration, ServerPrivateKeyConverter serverPrivateKeyConverter, ReplayVerificationService replayVerificationService, ActivationContextValidator activationValidator, ObjectMapper objectMapper) { this.repositoryCatalogue = repositoryCatalogue; this.localizationProvider = localizationProvider; this.powerAuthServiceConfiguration = powerAuthServiceConfiguration; this.serverPrivateKeyConverter = serverPrivateKeyConverter; this.replayVerificationService = replayVerificationService; + this.activationValidator = activationValidator; this.objectMapper = objectMapper; } @@ -168,12 +170,9 @@ private EncryptedResponse createToken(String activationId, String applicationKey throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_NOT_FOUND); } - // Check if the activation is in correct state - if (!ActivationStatus.ACTIVE.equals(activation.getActivationStatus())) { - logger.info("Activation is not ACTIVE, activation ID: {}", activationId); - // Rollback is not required, error occurs before writing to database - throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_INCORRECT_STATE); - } + activationValidator.validatePowerAuthProtocol(activation.getProtocol(), localizationProvider); + + activationValidator.validateActiveStatus(activation.getActivationStatus(), activation.getActivationId(), localizationProvider); if (encryptedRequest.getTimestamp() != null) { // Check ECIES request for replay attacks and persist unique value from request @@ -300,6 +299,7 @@ public ValidateTokenResponse validateToken(ValidateTokenRequest request) throws final ActivationRecordEntity activation = token.getActivation(); final byte[] tokenSecret = Base64.getDecoder().decode(token.getTokenSecret()); final boolean isTokenValid; + activationValidator.validatePowerAuthProtocol(activation.getProtocol(), localizationProvider); if (!ActivationStatus.ACTIVE.equals(activation.getActivationStatus())) { logger.info("Activation is not ACTIVE, activation ID: {}", activation.getActivationId()); isTokenValid = false; diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/UpgradeServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/UpgradeServiceBehavior.java index 9418ade56..d88dbb6d8 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/UpgradeServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/UpgradeServiceBehavior.java @@ -25,7 +25,6 @@ import com.wultra.security.powerauth.client.model.response.StartUpgradeResponse; import io.getlime.security.powerauth.app.server.converter.ServerPrivateKeyConverter; import io.getlime.security.powerauth.app.server.database.RepositoryCatalogue; -import io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus; import io.getlime.security.powerauth.app.server.database.model.AdditionalInformation; import io.getlime.security.powerauth.app.server.database.model.enumeration.EncryptionMode; import io.getlime.security.powerauth.app.server.database.model.ServerPrivateKey; @@ -75,6 +74,7 @@ public class UpgradeServiceBehavior { private final LocalizationProvider localizationProvider; private final ServerPrivateKeyConverter serverPrivateKeyConverter; private final ReplayVerificationService replayVerificationService; + private final ActivationContextValidator activationValidator; // Helper classes private final EncryptorFactory encryptorFactory = new EncryptorFactory(); @@ -92,13 +92,14 @@ public UpgradeServiceBehavior( final LocalizationProvider localizationProvider, final ServerPrivateKeyConverter serverPrivateKeyConverter, final ReplayVerificationService replayVerificationService, - final ObjectMapper objectMapper, + ActivationContextValidator activationValidator, final ObjectMapper objectMapper, final ActivationHistoryServiceBehavior activationHistoryServiceBehavior) { this.repositoryCatalogue = repositoryCatalogue; this.localizationProvider = localizationProvider; this.serverPrivateKeyConverter = serverPrivateKeyConverter; this.replayVerificationService = replayVerificationService; + this.activationValidator = activationValidator; this.objectMapper = objectMapper; this.activationHistoryServiceBehavior = activationHistoryServiceBehavior; } @@ -149,12 +150,11 @@ public StartUpgradeResponse startUpgrade(StartUpgradeRequest request) throws Gen throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_NOT_FOUND); } - // Check if the activation is in correct state and version is 2 - if (!ActivationStatus.ACTIVE.equals(activation.getActivationStatus()) || activation.getVersion() != 2) { - logger.info("Activation state is invalid, activation ID: {}", activationId); - // Rollback is not required, error occurs before writing to database - throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_INCORRECT_STATE); - } + activationValidator.validatePowerAuthProtocol(activation.getProtocol(), localizationProvider); + + activationValidator.validateActiveStatus(activation.getActivationStatus(), activation.getActivationId(), localizationProvider); + + activationValidator.validateVersion(activation.getVersion(), 2, activationId, localizationProvider); // Do not verify ctr_data, upgrade response may not be delivered to client, so the client may retry the upgrade @@ -279,12 +279,11 @@ public CommitUpgradeResponse commitUpgrade(CommitUpgradeRequest request) throws throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_NOT_FOUND); } - // Check if the activation is in correct state and version is 2 - if (!ActivationStatus.ACTIVE.equals(activation.getActivationStatus()) || activation.getVersion() != 2) { - logger.info("Activation state is invalid, activation ID: {}", activationId); - // Rollback is not required, error occurs before writing to database - throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_INCORRECT_STATE); - } + activationValidator.validatePowerAuthProtocol(activation.getProtocol(), localizationProvider); + + activationValidator.validateActiveStatus(activation.getActivationStatus(), activation.getActivationId(), localizationProvider); + + activationValidator.validateVersion(activation.getVersion(), 2, activationId, localizationProvider); // Check if the activation hash based counter was generated (upgrade has been started) if (activation.getCtrDataBase64() == null) { diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/VaultUnlockServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/VaultUnlockServiceBehavior.java index 478d6cab6..902ca1d34 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/VaultUnlockServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/VaultUnlockServiceBehavior.java @@ -85,6 +85,7 @@ public class VaultUnlockServiceBehavior { private final ServerPrivateKeyConverter serverPrivateKeyConverter; private final ServiceBehaviorCatalogue behavior; private final ReplayVerificationService replayVerificationService; + private final ActivationContextValidator activationValidator; // Helper classes private final EncryptorFactory encryptorFactory = new EncryptorFactory(); @@ -97,12 +98,13 @@ public class VaultUnlockServiceBehavior { private static final Logger logger = LoggerFactory.getLogger(VaultUnlockServiceBehavior.class); @Autowired - public VaultUnlockServiceBehavior(RepositoryCatalogue repositoryCatalogue, LocalizationProvider localizationProvider, ServerPrivateKeyConverter serverPrivateKeyConverter, ServiceBehaviorCatalogue behavior, ReplayVerificationService replayVerificationService, ObjectMapper objectMapper) { + public VaultUnlockServiceBehavior(RepositoryCatalogue repositoryCatalogue, LocalizationProvider localizationProvider, ServerPrivateKeyConverter serverPrivateKeyConverter, ServiceBehaviorCatalogue behavior, ReplayVerificationService replayVerificationService, ActivationContextValidator activationValidator, ObjectMapper objectMapper) { this.repositoryCatalogue = repositoryCatalogue; this.localizationProvider = localizationProvider; this.serverPrivateKeyConverter = serverPrivateKeyConverter; this.behavior = behavior; this.replayVerificationService = replayVerificationService; + this.activationValidator = activationValidator; this.objectMapper = objectMapper; } @@ -142,6 +144,8 @@ public VaultUnlockResponse unlockVault(String activationId, String applicationKe return response; } + activationValidator.validatePowerAuthProtocol(activation.getProtocol(), localizationProvider); + // Get the server private key, decrypt it if required final String serverPrivateKeyFromEntity = activation.getServerPrivateKeyBase64(); final EncryptionMode serverPrivateKeyEncryptionMode = activation.getServerPrivateKeyEncryption(); From b488c0b51e71692b473c5fc5a547e7921f4e48e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Ra=C4=8Dansk=C3=BD?= Date: Fri, 26 Jan 2024 11:23:28 +0100 Subject: [PATCH 061/146] Fix #1275: Improve logging of verifyOfflineSignature (#1276) * Fix #1275: Improve logging of verifyOfflineSignature, validateToken, verifySignature, and verifyECDSASignature --- .../powerauth/app/server/service/PowerAuthService.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java index 05cfb1a26..51da89ab0 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java @@ -414,7 +414,7 @@ public VerifySignatureResponse verifySignature(VerifySignatureRequest request) t try { logger.info("VerifySignatureRequest received, activation ID: {}", request.getActivationId()); final VerifySignatureResponse response = this.verifySignatureImplNonTransaction(request, new ArrayList<>()); - logger.info("VerifySignatureRequest succeeded"); + logger.info("VerifySignatureRequest succeeded, activation ID: {}, signature valid: {}", request.getActivationId(), response.isSignatureValid()); return response; } catch (GenericServiceException ex) { // already logged @@ -517,7 +517,7 @@ public VerifyOfflineSignatureResponse verifyOfflineSignature(VerifyOfflineSignat logger.info("VerifyOfflineSignatureRequest received, activation ID: {}", activationId); final VerifyOfflineSignatureParameter parameter = convert(request, expectedComponentLength, allowedSignatureTypes, keyConvertor); final VerifyOfflineSignatureResponse response = behavior.getOfflineSignatureServiceBehavior().verifyOfflineSignature(parameter); - logger.info("VerifyOfflineSignatureRequest succeeded"); + logger.info("VerifyOfflineSignatureRequest succeeded, activation ID: {}, signature valid: {}", activationId, response.isSignatureValid()); return response; } catch (GenericServiceException ex) { // already logged @@ -759,7 +759,7 @@ public VerifyECDSASignatureResponse verifyECDSASignature(VerifyECDSASignatureReq final boolean matches = behavior.getAsymmetricSignatureServiceBehavior().verifyECDSASignature(activationId, signedData, signature, keyConvertor); final VerifyECDSASignatureResponse response = new VerifyECDSASignatureResponse(); response.setSignatureValid(matches); - logger.info("VerifyECDSASignatureRequest succeeded"); + logger.info("VerifyECDSASignatureRequest succeeded, activation ID: {}, signature valid: {}", activationId, response.isSignatureValid()); return response; } catch (GenericServiceException ex) { // already logged @@ -1163,7 +1163,7 @@ public ValidateTokenResponse validateToken(ValidateTokenRequest request) throws try { logger.info("ValidateTokenRequest received, token ID: {}", request.getTokenId()); final ValidateTokenResponse response = behavior.getTokenBehavior().validateToken(request); - logger.info("ValidateTokenRequest succeeded"); + logger.info("ValidateTokenRequest succeeded, token ID: {}, token valid: {}", request.getTokenId(), response.isTokenValid()); return response; } catch (GenericServiceException ex) { // already logged From c3b58ddf809f76c389e6aa6a75c0f064313dd74c Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Fri, 26 Jan 2024 20:25:47 +0800 Subject: [PATCH 062/146] Fix #1279: FIDO2: logging --- .../fido2/rest/controller/AssertionController.java | 4 ++++ .../fido2/rest/controller/RegistrationController.java | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java index 1055883ae..140cd708b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java @@ -83,7 +83,9 @@ public AssertionController(AssertionRequestValidator assertionRequestValidator, @PostMapping("challenge") public ObjectResponse requestAssertionChallenge(@Valid @RequestBody ObjectRequest request) throws Exception { final AssertionChallengeRequest requestObject = request.getRequestObject(); + logger.info("AssertionChallengeRequest received, application IDs: {}", requestObject.getApplicationIds()); final AssertionChallengeResponse assertionChallengeResponse = assertionService.requestAssertionChallenge(requestObject); + logger.info("AssertionChallengeRequest succeeded, application IDs: {}", requestObject.getApplicationIds()); return new ObjectResponse<>(assertionChallengeResponse); } @@ -105,11 +107,13 @@ public ObjectResponse requestAssertionChallenge(@Val @PostMapping public ObjectResponse authenticate(@Valid @RequestBody ObjectRequest request) throws Fido2AuthenticationFailedException { final AssertionVerificationRequest requestObject = request.getRequestObject(); + logger.info("AssertionVerificationRequest received, ID: {}", requestObject.getId()); final String error = assertionRequestValidator.validate(requestObject); if (error != null) { throw new Fido2AuthenticationFailedException(error); } final AssertionVerificationResponse signatureResponse = assertionService.authenticate(requestObject); + logger.info("AssertionVerificationRequest succeeded, ID: {}, valid: {}", requestObject.getId(), signatureResponse.isAssertionValid()); return new ObjectResponse<>(signatureResponse); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java index 02e54b9e4..2da5433de 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java @@ -81,7 +81,9 @@ public RegistrationController(RegistrationService registrationService) { @PostMapping("list") public ObjectResponse registeredAuthenticators(@Valid @RequestBody ObjectRequest request) throws Exception { final RegisteredAuthenticatorsRequest requestObject = request.getRequestObject(); + logger.info("RegisteredAuthenticatorsRequest received, application ID: {}, user ID: {}", requestObject.getApplicationId(), requestObject.getUserId()); final RegisteredAuthenticatorsResponse responseObject = registrationService.listRegistrationsForUser(requestObject.getUserId(), requestObject.getApplicationId()); + logger.info("RegisteredAuthenticatorsRequest succeeded, application ID: {}, user ID: {}", requestObject.getApplicationId(), requestObject.getUserId()); return new ObjectResponse<>(responseObject); } @@ -103,7 +105,9 @@ public ObjectResponse registeredAuthenticators @PostMapping("challenge") public ObjectResponse requestRegistrationChallenge(@Valid @RequestBody ObjectRequest request) throws Exception { final RegistrationChallengeRequest requestObject = request.getRequestObject(); + logger.info("RegistrationChallengeRequest received, application ID: {}, user ID: {}", requestObject.getApplicationId(), requestObject.getUserId()); final RegistrationChallengeResponse responseObject = registrationService.requestRegistrationChallenge(requestObject.getUserId(), requestObject.getApplicationId()); + logger.info("RegistrationChallengeRequest succeeded, application ID: {}, user ID: {}", requestObject.getApplicationId(), requestObject.getUserId()); return new ObjectResponse<>(responseObject); } @@ -125,7 +129,9 @@ public ObjectResponse requestRegistrationChalleng @PostMapping public ObjectResponse register(@Valid @RequestBody ObjectRequest request) throws Exception { final RegistrationRequest requestObject = request.getRequestObject(); + logger.info("RegistrationRequest received, application ID: {}, activation name: {}", requestObject.getApplicationId(), requestObject.getActivationName()); final RegistrationResponse responseObject = registrationService.register(requestObject); + logger.info("RegistrationRequest succeeded, application ID: {}, activation name: {}", requestObject.getApplicationId(), requestObject.getActivationName()); return new ObjectResponse<>(responseObject); } From 92ca4d269f9eda660f218479c38984c3dfad5253 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Sun, 28 Jan 2024 17:01:07 +0800 Subject: [PATCH 063/146] Fix #1281: FIDO2: Add protocol into activation status endpoint response --- .../client/model/response/GetActivationStatusResponse.java | 1 + .../service/behavior/tasks/ActivationServiceBehavior.java | 3 +++ .../app/server/service/behavior/tasks/CallbackUrlBehavior.java | 3 +++ 3 files changed, 7 insertions(+) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetActivationStatusResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetActivationStatusResponse.java index 98684dbb4..f08d2decd 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetActivationStatusResponse.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetActivationStatusResponse.java @@ -42,6 +42,7 @@ public class GetActivationStatusResponse { private String activationName; private String userId; private String extras; + private String protocol; private String platform; private String deviceInfo; private String applicationId; diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java index d00d153b6..80ae7bc24 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java @@ -473,6 +473,7 @@ public GetActivationStatusResponse getActivationStatus(String activationId, Stri response.setActivationSignature(Base64.getEncoder().encodeToString(activationSignature)); response.setDevicePublicKeyFingerprint(null); response.setPlatform(activation.getPlatform()); + response.setProtocol(activation.getProtocol()); response.setDeviceInfo(activation.getDeviceInfo()); response.getActivationFlags().addAll(activation.getFlags()); response.getApplicationRoles().addAll(application.getRoles()); @@ -587,6 +588,7 @@ public GetActivationStatusResponse getActivationStatus(String activationId, Stri response.setActivationSignature(null); response.setDevicePublicKeyFingerprint(activationFingerPrint); response.setPlatform(activation.getPlatform()); + response.setProtocol(activation.getProtocol()); response.setDeviceInfo(activation.getDeviceInfo()); response.getActivationFlags().addAll(activation.getFlags()); response.getApplicationRoles().addAll(application.getRoles()); @@ -617,6 +619,7 @@ public GetActivationStatusResponse getActivationStatus(String activationId, Stri response.setApplicationId(null); response.setExtras(null); response.setPlatform(null); + response.setProtocol(null); response.setDeviceInfo(null); response.setTimestampCreated(zeroDate); response.setTimestampLastUsed(zeroDate); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java index 57c35e902..dbdad10d1 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java @@ -301,6 +301,9 @@ private Map prepareCallbackDataActivation(CallbackUrlEntity call if (callbackUrlEntity.getAttributes().contains("platform")) { callbackData.put("platform", activation.getPlatform()); } + if (callbackUrlEntity.getAttributes().contains("protocol")) { + callbackData.put("protocol", activation.getProtocol()); + } if (callbackUrlEntity.getAttributes().contains("activationFlags")) { callbackData.put("activationFlags", activation.getFlags()); } From 787aad05f253484c4faf2afdcb4b943c5dd9022b Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Sun, 28 Jan 2024 18:03:38 +0800 Subject: [PATCH 064/146] Fix #1283: FIDO2: Add auditing --- .../fido2/PowerAuthAssertionProvider.java | 48 ++++++++++--------- .../fido2/PowerAuthAuthenticatorProvider.java | 29 ++++++++++- 2 files changed, 53 insertions(+), 24 deletions(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index ea176b42e..d8d19995d 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -18,6 +18,8 @@ package io.getlime.security.powerauth.app.server.service.fido2; +import com.wultra.core.audit.base.model.AuditDetail; +import com.wultra.core.audit.base.model.AuditLevel; import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; @@ -56,13 +58,17 @@ @Service public class PowerAuthAssertionProvider implements AssertionProvider { + private static final String AUDIT_TYPE_FIDO2 = "fido2"; + private final ServiceBehaviorCatalogue serviceBehaviorCatalogue; private final RepositoryCatalogue repositoryCatalogue; + private final AuditingServiceBehavior audit; @Autowired - public PowerAuthAssertionProvider(ServiceBehaviorCatalogue serviceBehaviorCatalogue, RepositoryCatalogue repositoryCatalogue) { + public PowerAuthAssertionProvider(ServiceBehaviorCatalogue serviceBehaviorCatalogue, RepositoryCatalogue repositoryCatalogue, AuditingServiceBehavior audit) { this.serviceBehaviorCatalogue = serviceBehaviorCatalogue; this.repositoryCatalogue = repositoryCatalogue; + this.audit = audit; } @Override @@ -105,6 +111,7 @@ public AssertionChallenge approveAssertion(String challengeValue, AuthenticatorD final OperationUserActionResponse approveOperation = serviceBehaviorCatalogue.getOperationBehavior().attemptApproveOperation(operationApproveRequest); final UserActionResult result = approveOperation.getResult(); final OperationDetailResponse operation = approveOperation.getOperation(); + auditAssertionResult(authenticatorDetail, result); if (result == UserActionResult.APPROVED) { final AssertionChallenge assertionChallenge = new AssertionChallenge(); assertionChallenge.setChallenge(challengeValue); @@ -141,6 +148,7 @@ public AssertionChallenge failAssertion(String challengeValue, AuthenticatorDeta final OperationUserActionResponse approveOperation = serviceBehaviorCatalogue.getOperationBehavior().failApprovalOperation(operationFailApprovalRequest); final OperationDetailResponse operation = approveOperation.getOperation(); + auditAssertionResult(authenticatorDetail, approveOperation.getResult()); handleStatus(operation.getStatus()); final AssertionChallenge assertionChallenge = new AssertionChallenge(); assertionChallenge.setChallenge(challengeValue); @@ -154,6 +162,22 @@ public AssertionChallenge failAssertion(String challengeValue, AuthenticatorDeta } } + /** + * Audit result of an assertion verification result. + * @param authenticator Authenticator detail. + * @param result Assertion verification result. + */ + private void auditAssertionResult(final AuthenticatorDetail authenticator, final UserActionResult result) { + final AuditDetail auditDetail = AuditDetail.builder() + .type(AUDIT_TYPE_FIDO2) + .param("userId", authenticator.getUserId()) + .param("applicationId", authenticator.getApplicationId()) + .param("activationId", authenticator.getActivationId()) + .param("result", result) + .build(); + audit.log(AuditLevel.INFO, "Assertion result for activation with ID: {}", auditDetail, authenticator.getActivationId()); + } + /** * Implementation of handle invalid signature. * @param activation Activation used for signature verification. @@ -198,28 +222,6 @@ private void handleInvalidSignatureImpl(ActivationRecordEntity activation, Signa } } - /** - * Implementation of handle inactive activation during signature verification. - * @param activation Activation used for signature verification. - * @param signatureData Data related to the signature. - * @param signatureType Used signature type. - * @param currentTimestamp Signature verification timestamp. - */ - private void handleInactiveActivationSignatureImpl(ActivationRecordEntity activation, SignatureData signatureData, SignatureType signatureType, Date currentTimestamp) { - // Get ActivationRepository - final ActivationRepository activationRepository = repositoryCatalogue.getActivationRepository(); - - // Update the last used date - activation.setTimestampLastUsed(currentTimestamp); - - // Save the activation - activationRepository.save(activation); - - // Create the audit log record - final AuditingServiceBehavior.ActivationRecordDto activationDto = createActivationDtoFrom(activation); - serviceBehaviorCatalogue.getAuditingServiceBehavior().logSignatureAuditRecord(activationDto, signatureData, signatureType, false, activation.getVersion(), "activation_invalid_state", currentTimestamp); - } - /** * Handle operation status. * diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java index c24f3fdca..e5e42b835 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java @@ -21,6 +21,8 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; +import com.wultra.core.audit.base.model.AuditDetail; +import com.wultra.core.audit.base.model.AuditLevel; import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; import com.wultra.powerauth.fido2.service.provider.AuthenticatorProvider; @@ -35,6 +37,7 @@ import io.getlime.security.powerauth.app.server.database.repository.ActivationRepository; import io.getlime.security.powerauth.app.server.database.repository.ApplicationRepository; import io.getlime.security.powerauth.app.server.service.behavior.ServiceBehaviorCatalogue; +import io.getlime.security.powerauth.app.server.service.behavior.tasks.AuditingServiceBehavior; import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException; import io.getlime.security.powerauth.app.server.service.i18n.LocalizationProvider; import io.getlime.security.powerauth.app.server.service.model.ServiceError; @@ -60,10 +63,14 @@ @Service @Slf4j public class PowerAuthAuthenticatorProvider implements AuthenticatorProvider { + + private static final String AUDIT_TYPE_FIDO2 = "fido2"; + private final ApplicationRepository applicationRepository; private final RepositoryCatalogue repositoryCatalogue; private final ServiceBehaviorCatalogue serviceBehaviorCatalogue; + private final AuditingServiceBehavior audit; private LocalizationProvider localizationProvider; @@ -73,10 +80,11 @@ public class PowerAuthAuthenticatorProvider implements AuthenticatorProvider { @Autowired public PowerAuthAuthenticatorProvider(RepositoryCatalogue repositoryCatalogue, ServiceBehaviorCatalogue serviceBehaviorCatalogue, - ApplicationRepository applicationRepository) { + ApplicationRepository applicationRepository, AuditingServiceBehavior audit) { this.repositoryCatalogue = repositoryCatalogue; this.serviceBehaviorCatalogue = serviceBehaviorCatalogue; this.applicationRepository = applicationRepository; + this.audit = audit; } @Autowired @@ -235,6 +243,8 @@ public AuthenticatorDetail storeAuthenticator(String applicationId, String activ activationResponse.setMaxFailedAttempts(activation.getMaxFailedAttempts()); activationResponse.setDevicePublicKeyBase64(activation.getDevicePublicKeyBase64()); + auditStoredAuthenticator(activationResponse); + // Generate authenticator detail final Optional authenticatorOptional = convert(activationResponse, applicationEntity); authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Authenticator object deserialization failed")); @@ -252,7 +262,24 @@ public AuthenticatorDetail storeAuthenticator(String applicationId, String activ } catch (GenericServiceException e) { throw new Fido2AuthenticationFailedException("Generic service exception"); } + } + /** + * Audit stored authenticator for an activation. + * @param activation Activation record. + */ + private void auditStoredAuthenticator(Activation activation) { + final AuditDetail auditDetail = AuditDetail.builder() + .type(AUDIT_TYPE_FIDO2) + .param("userId", activation.getUserId()) + .param("applicationId", activation.getApplicationId()) + .param("activationId", activation.getActivationId()) + .param("activationName", activation.getActivationName()) + .param("externalId", activation.getExternalId()) + .param("platform", activation.getPlatform()) + .param("deviceInfo", activation.getDeviceInfo()) + .build(); + audit.log(AuditLevel.INFO, "Stored authenticator for activation with ID: {}", auditDetail, activation.getActivationId()); } private Optional convert(Activation activation, ApplicationEntity application) { From b1769e84d2cb498054d556b1beb97acdc9d302a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Mon, 29 Jan 2024 14:52:14 +0800 Subject: [PATCH 065/146] Fix #1285: FIDO2: Review provider API (#1286) --- .../fido2/service/RegistrationService.java | 4 ++-- .../fido2/service/provider/AssertionProvider.java | 14 +------------- .../service/provider/CryptographyService.java | 1 + .../service/provider/RegistrationProvider.java | 5 +++-- .../fido2/PowerAuthAuthenticatorProvider.java | 4 ++-- .../fido2/PowerAuthRegistrationProvider.java | 6 +++--- 6 files changed, 12 insertions(+), 22 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index 03c0d1d85..5d8f20c5b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -131,14 +131,14 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E final boolean verifySignature = cryptographyService.verifySignatureForRegistration(applicationId, clientDataJSON, authData, signature, attestedCredentialData); if (!verifySignature) { // Immediately revoke the challenge - registrationProvider.revokeChallengeForRegistrationChallengeValue(applicationId, challengeValue); + registrationProvider.revokeRegistrationByChallengeValue(applicationId, challengeValue); throw new Fido2AuthenticationFailedException("Registration failed"); } } else { logger.info("No signature verification on registration"); } - final RegistrationChallenge challenge = registrationProvider.provideChallengeForRegistrationChallengeValue(applicationId, challengeValue); + final RegistrationChallenge challenge = registrationProvider.findRegistrationChallengeByValue(applicationId, challengeValue); final Optional authenticatorOptional = registrationConverter.convert(challenge, requestObject, attestedCredentialData.getAaguid(), cryptographyService.publicKeyToBytes(attestedCredentialData.getPublicKeyObject())); authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); final AuthenticatorDetail authenticatorDetailResponse = authenticatorProvider.storeAuthenticator(requestObject.getApplicationId(), challenge.getChallenge(), authenticatorOptional.get()); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java index e2bae3032..b6491f773 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java @@ -32,19 +32,6 @@ */ public interface AssertionProvider { - /** - * Obtain challenge for authentication. - * - * @param applicationIds List of application ID. - * @param operationType Type of the operation this challenge is for. - * @param parameters Operation parameters. - * @return Assertion challenge. - * @throws Exception In case any issue occur during processing. - */ - default AssertionChallenge provideChallengeForAssertion(List applicationIds, String operationType, Map parameters) throws Exception { - return provideChallengeForAssertion(applicationIds, operationType, parameters, null); - }; - /** * Obtain challenge for authentication. * @@ -76,4 +63,5 @@ default AssertionChallenge provideChallengeForAssertion(List application * @throws Fido2AuthenticationFailedException In case assertion approval fails. */ AssertionChallenge failAssertion(String challenge, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException; + } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java index f4fc85c23..99aa411af 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java @@ -62,4 +62,5 @@ public interface CryptographyService { * @throws Exception Thrown in case of a cryptography error. */ byte[] publicKeyToBytes(PublicKeyObject publicKey) throws Exception; + } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java index 18b3981cd..f1918e309 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java @@ -45,7 +45,7 @@ public interface RegistrationProvider { * @return Challenge Information. * @throws Exception In case any issue occur during processing. */ - RegistrationChallenge provideChallengeForRegistrationChallengeValue(String applicationId, String challenge) throws Exception; + RegistrationChallenge findRegistrationChallengeByValue(String applicationId, String challenge) throws Exception; /** * Revoke existing challenge based on the challenge value. @@ -54,5 +54,6 @@ public interface RegistrationProvider { * @param challengeValue Challenge value. * @throws Exception In case any issue occur during processing. */ - void revokeChallengeForRegistrationChallengeValue(String applicationId, String challengeValue) throws Exception; + void revokeRegistrationByChallengeValue(String applicationId, String challengeValue) throws Exception; + } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java index e5e42b835..b96355997 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java @@ -93,7 +93,7 @@ public void setLocalizationProvider(LocalizationProvider localizationProvider) { } @Override - @Transactional + @Transactional(readOnly = true) public List findByUserId(String userId, String applicationId) throws Fido2AuthenticationFailedException { // Find application @@ -122,7 +122,7 @@ public List findByUserId(String userId, String applicationI } @Override - @Transactional + @Transactional(readOnly = true) public Optional findByCredentialId(String applicationId, String credentialId) throws Fido2AuthenticationFailedException { // Find application diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java index f9be5ee22..3b16f7c94 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java @@ -74,8 +74,8 @@ public RegistrationChallenge provideChallengeForRegistration(String userId, Stri } @Override - @Transactional - public RegistrationChallenge provideChallengeForRegistrationChallengeValue(String applicationId, String challengeValue) throws Fido2AuthenticationFailedException { + @Transactional(readOnly = true) + public RegistrationChallenge findRegistrationChallengeByValue(String applicationId, String challengeValue) throws Fido2AuthenticationFailedException { // Find application final Optional application = repositoryCatalogue.getApplicationRepository().findById(applicationId); @@ -111,7 +111,7 @@ public RegistrationChallenge provideChallengeForRegistrationChallengeValue(Strin @Override @Transactional - public void revokeChallengeForRegistrationChallengeValue(String applicationId, String challengeValue) throws Fido2AuthenticationFailedException { + public void revokeRegistrationByChallengeValue(String applicationId, String challengeValue) throws Fido2AuthenticationFailedException { final Date currentTimestamp = new Date(); // Find application From d2f80a0763063544bc352e8ab6268b2be67826d3 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Tue, 30 Jan 2024 07:54:08 +0100 Subject: [PATCH 066/146] Fix #1287: Broken implementation guide links on sidebar --- docs/_Sidebar.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 07944aef0..508f63ee0 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -12,8 +12,8 @@ **Implementation Tutorials** -- [Authentication in Mobile Banking Apps (SCA)](https://developers.wultra.com/products/mobile-security-suite/develop/tutorials/Authentication-in-Mobile-Apps) -- [Verifying PowerAuth Signatures On The Server](https://developers.wultra.com/products/mobile-security-suite/develop/tutorials/Manual-Signature-Verification) +- [Mobile-First Authentication in Banking (SCA)](https://developers.wultra.com/tutorials/posts/Mobile-First-Authentication/) +- [Verifying PowerAuth Signatures On The Server](https://developers.wultra.com/tutorials/posts/Manual-Signature-Verification/) **Reference Manual** From 707ea324018a120f412cb5d76f9e0fa44500dce0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 01:26:49 +0000 Subject: [PATCH 067/146] Bump com.google.zxing:core from 3.5.2 to 3.5.3 Bumps [com.google.zxing:core](https://github.com/zxing/zxing) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/zxing/zxing/releases) - [Changelog](https://github.com/zxing/zxing/blob/master/CHANGES) - [Commits](https://github.com/zxing/zxing/compare/zxing-3.5.2...zxing-3.5.3) --- updated-dependencies: - dependency-name: com.google.zxing:core dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- powerauth-admin/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-admin/pom.xml b/powerauth-admin/pom.xml index 8bed0cfd2..bde52308d 100644 --- a/powerauth-admin/pom.xml +++ b/powerauth-admin/pom.xml @@ -66,7 +66,7 @@ com.google.zxing core - 3.5.2 + 3.5.3 com.google.zxing From d7384380a63d99be7c413aca575b706d1588a231 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 01:27:05 +0000 Subject: [PATCH 068/146] Bump com.webauthn4j:webauthn4j-test Bumps [com.webauthn4j:webauthn4j-test](https://github.com/webauthn4j/webauthn4j) from 0.22.0.RELEASE to 0.22.1.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.22.0.RELEASE...0.22.1.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-test dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 5b1d3ff41..120298935 100644 --- a/pom.xml +++ b/pom.xml @@ -105,7 +105,7 @@ 3.15.6 - 0.22.0.RELEASE + 0.22.1.RELEASE From 591c4830581acb13193084c1d49782d59cc32857 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 01:27:44 +0000 Subject: [PATCH 069/146] Bump com.google.zxing:javase from 3.5.2 to 3.5.3 Bumps [com.google.zxing:javase](https://github.com/zxing/zxing) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/zxing/zxing/releases) - [Changelog](https://github.com/zxing/zxing/blob/master/CHANGES) - [Commits](https://github.com/zxing/zxing/compare/zxing-3.5.2...zxing-3.5.3) --- updated-dependencies: - dependency-name: com.google.zxing:javase dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- powerauth-admin/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-admin/pom.xml b/powerauth-admin/pom.xml index 8bed0cfd2..c71ba8ad6 100644 --- a/powerauth-admin/pom.xml +++ b/powerauth-admin/pom.xml @@ -71,7 +71,7 @@ com.google.zxing javase - 3.5.2 + 3.5.3 From 579f211673556629a24fbb2496600648a35f058c Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Mon, 5 Feb 2024 07:19:58 +0100 Subject: [PATCH 070/146] Fix #1294: Extract zxing version to the maven property --- pom.xml | 10 ++++++++++ powerauth-admin/pom.xml | 2 -- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 120298935..fdd733e44 100644 --- a/pom.xml +++ b/pom.xml @@ -103,6 +103,7 @@ 1.11.0 7.4 3.15.6 + 3.5.3 0.22.1.RELEASE @@ -144,6 +145,15 @@ ${bcprov-jdk18on.version} + + + com.google.zxing + zxing-parent + ${zxing.version} + pom + import + + io.swagger.core.v3 swagger-annotations-jakarta diff --git a/powerauth-admin/pom.xml b/powerauth-admin/pom.xml index ab72fbf9f..f698bff13 100644 --- a/powerauth-admin/pom.xml +++ b/powerauth-admin/pom.xml @@ -66,12 +66,10 @@ com.google.zxing core - 3.5.3 com.google.zxing javase - 3.5.3 From a2b0e0148d74d78f46165ec33ee2d29eb27d4ef6 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Mon, 5 Feb 2024 15:53:32 +0800 Subject: [PATCH 071/146] Fix #1290: FIDO2: Show activation protocol in PowerAuth Admin --- .../controller/ActivationController.java | 2 + .../webapp/WEB-INF/jsp/activationDetail.jsp | 66 ++++++++++++------- .../response/GetActivationStatusResponse.java | 1 + .../controller/RegistrationController.java | 6 +- .../tasks/ActivationServiceBehavior.java | 3 + 5 files changed, 53 insertions(+), 25 deletions(-) diff --git a/powerauth-admin/src/main/java/io/getlime/security/app/admin/controller/ActivationController.java b/powerauth-admin/src/main/java/io/getlime/security/app/admin/controller/ActivationController.java index 71eb9f94e..e96bd6942 100644 --- a/powerauth-admin/src/main/java/io/getlime/security/app/admin/controller/ActivationController.java +++ b/powerauth-admin/src/main/java/io/getlime/security/app/admin/controller/ActivationController.java @@ -159,6 +159,8 @@ public String activationDetail( model.put("version", activation.getVersion()); model.put("platform", activation.getPlatform()); model.put("deviceInfo", activation.getDeviceInfo()); + model.put("protocol", activation.getProtocol()); + model.put("externalId", activation.getExternalId()); model.put("activationFlags", activation.getActivationFlags()); if (activation.getActivationStatus() == ActivationStatus.PENDING_COMMIT && activation.getActivationOtpValidation() == ActivationOtpValidation.ON_COMMIT) { model.put("showOtpInput", true); diff --git a/powerauth-admin/src/main/webapp/WEB-INF/jsp/activationDetail.jsp b/powerauth-admin/src/main/webapp/WEB-INF/jsp/activationDetail.jsp index af61900f4..0fa6d0b9a 100644 --- a/powerauth-admin/src/main/webapp/WEB-INF/jsp/activationDetail.jsp +++ b/powerauth-admin/src/main/webapp/WEB-INF/jsp/activationDetail.jsp @@ -151,35 +151,57 @@ - Platform
- - - iOS - - - Android - - - Hardware Token - - - Unknown - - - ${platform} - - +

+ Platform
+ + + iOS + + + Android + + + Hardware Token + + + Unknown + + + ${platform} + + +

- User Device Information
- - - +

+ User Device Information
+ + + +

+ + + + Protocol
+ + + + + + + + External ID
+ + + + + + diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetActivationStatusResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetActivationStatusResponse.java index f08d2decd..6f11a4988 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetActivationStatusResponse.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetActivationStatusResponse.java @@ -43,6 +43,7 @@ public class GetActivationStatusResponse { private String userId; private String extras; private String protocol; + private String externalId; private String platform; private String deviceInfo; private String applicationId; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java index 2da5433de..117848c6e 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/RegistrationController.java @@ -49,7 +49,7 @@ @RestController @RequestMapping("fido2/registrations") @Slf4j -@Tag(name = "FIDO2 Registration Controller", description = "API for FIDO2 authenticator registrations") +@Tag(name = "FIDO2 Registrations Controller", description = "API for FIDO2 authenticator registrations") public class RegistrationController { private final RegistrationService registrationService; @@ -81,9 +81,9 @@ public RegistrationController(RegistrationService registrationService) { @PostMapping("list") public ObjectResponse registeredAuthenticators(@Valid @RequestBody ObjectRequest request) throws Exception { final RegisteredAuthenticatorsRequest requestObject = request.getRequestObject(); - logger.info("RegisteredAuthenticatorsRequest received, application ID: {}, user ID: {}", requestObject.getApplicationId(), requestObject.getUserId()); + logger.info("RegisteredAuthenticatorsRequest received, user ID: {}, application ID: {}", requestObject.getUserId(), requestObject.getApplicationId()); final RegisteredAuthenticatorsResponse responseObject = registrationService.listRegistrationsForUser(requestObject.getUserId(), requestObject.getApplicationId()); - logger.info("RegisteredAuthenticatorsRequest succeeded, application ID: {}, user ID: {}", requestObject.getApplicationId(), requestObject.getUserId()); + logger.info("RegisteredAuthenticatorsRequest succeeded, user ID: {}, application ID: {}", requestObject.getUserId(), requestObject.getApplicationId()); return new ObjectResponse<>(responseObject); } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java index 80ae7bc24..9b1791912 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java @@ -474,6 +474,7 @@ public GetActivationStatusResponse getActivationStatus(String activationId, Stri response.setDevicePublicKeyFingerprint(null); response.setPlatform(activation.getPlatform()); response.setProtocol(activation.getProtocol()); + response.setExternalId(activation.getExternalId()); response.setDeviceInfo(activation.getDeviceInfo()); response.getActivationFlags().addAll(activation.getFlags()); response.getApplicationRoles().addAll(application.getRoles()); @@ -589,6 +590,7 @@ public GetActivationStatusResponse getActivationStatus(String activationId, Stri response.setDevicePublicKeyFingerprint(activationFingerPrint); response.setPlatform(activation.getPlatform()); response.setProtocol(activation.getProtocol()); + response.setExternalId(activation.getExternalId()); response.setDeviceInfo(activation.getDeviceInfo()); response.getActivationFlags().addAll(activation.getFlags()); response.getApplicationRoles().addAll(application.getRoles()); @@ -620,6 +622,7 @@ public GetActivationStatusResponse getActivationStatus(String activationId, Stri response.setExtras(null); response.setPlatform(null); response.setProtocol(null); + response.setExternalId(null); response.setDeviceInfo(null); response.setTimestampCreated(zeroDate); response.setTimestampLastUsed(zeroDate); From c4e0ec2aeb3efae8cdb5c96e43c66a20b6f22548 Mon Sep 17 00:00:00 2001 From: Jan Dusil <134381434+jandusil@users.noreply.github.com> Date: Tue, 6 Feb 2024 11:23:31 +0100 Subject: [PATCH 072/146] Fix #1272: Add TraceID/SpanID to Monitoring for Enhanced Observability (#1273) * Fix #1272: Add Traceable headers --- docs/Configuration-Properties.md | 3 +++ powerauth-admin/pom.xml | 10 ++++++++++ .../src/main/resources/application.properties | 1 + powerauth-java-server/pom.xml | 10 ++++++++++ .../src/main/resources/application.properties | 3 ++- 5 files changed, 26 insertions(+), 1 deletion(-) diff --git a/docs/Configuration-Properties.md b/docs/Configuration-Properties.md index 0f4cfbcb9..8386f166e 100644 --- a/docs/Configuration-Properties.md +++ b/docs/Configuration-Properties.md @@ -71,6 +71,9 @@ The PowerAuth Server uses the following public configuration properties: ## Monitoring and Observability +| Property | Default | Note | +|-------------------------------------------|---------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `management.tracing.sampling.probability` | `1.0` | Specifies the proportion of requests that are sampled for tracing. A value of 1.0 means that 100% of requests are sampled, while a value of 0 effectively disables tracing. | The WAR file includes the `micrometer-registry-prometheus` dependency. Discuss its configuration with the [Spring Boot documentation](https://docs.spring.io/spring-boot/docs/3.1.x/reference/html/actuator.html#actuator.metrics). diff --git a/powerauth-admin/pom.xml b/powerauth-admin/pom.xml index f698bff13..3f144a415 100644 --- a/powerauth-admin/pom.xml +++ b/powerauth-admin/pom.xml @@ -99,6 +99,16 @@ micrometer-registry-prometheus + + io.projectreactor + reactor-core-micrometer + + + + io.micrometer + micrometer-tracing-bridge-otel + + org.springframework.boot diff --git a/powerauth-admin/src/main/resources/application.properties b/powerauth-admin/src/main/resources/application.properties index 78997389f..b999e5431 100644 --- a/powerauth-admin/src/main/resources/application.properties +++ b/powerauth-admin/src/main/resources/application.properties @@ -51,6 +51,7 @@ spring.jpa.open-in-view=false management.health.ldap.enabled=false # Monitoring +management.tracing.sampling.probability=1.0 #management.endpoint.metrics.enabled=true #management.endpoints.web.exposure.include=health, prometheus #management.endpoint.prometheus.enabled=true diff --git a/powerauth-java-server/pom.xml b/powerauth-java-server/pom.xml index c8913711d..077458476 100644 --- a/powerauth-java-server/pom.xml +++ b/powerauth-java-server/pom.xml @@ -156,6 +156,16 @@ micrometer-registry-prometheus + + io.projectreactor + reactor-core-micrometer + + + + io.micrometer + micrometer-tracing-bridge-otel + + io.netty diff --git a/powerauth-java-server/src/main/resources/application.properties b/powerauth-java-server/src/main/resources/application.properties index 2851cf497..af3f20178 100644 --- a/powerauth-java-server/src/main/resources/application.properties +++ b/powerauth-java-server/src/main/resources/application.properties @@ -125,7 +125,8 @@ powerauth.service.correlation-header.value.validation-regexp=[a-zA-Z0-9\\-]{8,10 powerauth.service.proximity-check.otp.length=8 # Monitoring +management.tracing.sampling.probability=1.0 #management.endpoint.metrics.enabled=true #management.endpoints.web.exposure.include=health, prometheus #management.endpoint.prometheus.enabled=true -#management.prometheus.metrics.export.enabled=true +#management.prometheus.metrics.export.enabled=true \ No newline at end of file From 10ecf627cfc37423ae59c17de04214b6220d1600 Mon Sep 17 00:00:00 2001 From: Jan Dusil <134381434+jandusil@users.noreply.github.com> Date: Tue, 6 Feb 2024 12:28:44 +0100 Subject: [PATCH 073/146] Fix #1297: Remove spring.datasource.driverClassName from app props (#1298) --- docs/Configuration-Properties.md | 1 - docs/Deploying-PowerAuth-Server.md | 6 ------ docs/Deploying-Wildfly.md | 1 - .../src/main/resources/application.properties | 2 -- .../src/test/resources/application-test.properties | 1 - 5 files changed, 11 deletions(-) diff --git a/docs/Configuration-Properties.md b/docs/Configuration-Properties.md index 8386f166e..5211072db 100644 --- a/docs/Configuration-Properties.md +++ b/docs/Configuration-Properties.md @@ -9,7 +9,6 @@ The PowerAuth Server uses the following public configuration properties: | `spring.datasource.url` | `jdbc:postgresql://localhost:5432/powerauth` | Database JDBC URL | | `spring.datasource.username` | `powerauth` | Database JDBC username | | `spring.datasource.password` | `_empty_` | Database JDBC password | -| `spring.datasource.driver-class-name` | `org.postgresql.Driver` | Datasource JDBC class name | | `spring.jpa.hibernate.ddl-auto` | `none` | Configuration of automatic database schema creation | | `spring.jpa.properties.hibernate.connection.characterEncoding` | `utf8` | Character encoding | | `spring.jpa.properties.hibernate.connection.useUnicode` | `true` | Character encoding - Unicode support | diff --git a/docs/Deploying-PowerAuth-Server.md b/docs/Deploying-PowerAuth-Server.md index 454c52c60..f1c389f14 100644 --- a/docs/Deploying-PowerAuth-Server.md +++ b/docs/Deploying-PowerAuth-Server.md @@ -42,7 +42,6 @@ The default database connectivity parameters in `powerauth-java-server.war` are spring.datasource.url=jdbc:postgresql://localhost:5432/powerauth spring.datasource.username=powerauth spring.datasource.password= -spring.datasource.driver-class-name=org.postgresql.Driver spring.jpa.hibernate.ddl-auto=none spring.jpa.properties.hibernate.connection.characterEncoding=utf8 spring.jpa.properties.hibernate.connection.useUnicode=true @@ -57,7 +56,6 @@ For Oracle database use following connectivity parameters (example): spring.datasource.url=jdbc:oracle:thin:@//[HOST]:[PORT]/[SERVICENAME] spring.datasource.username=powerauth spring.datasource.password=********* -spring.datasource.driver-class-name=oracle.jdbc.driver.OracleDriver spring.jpa.hibernate.ddl-auto=none ``` @@ -68,7 +66,6 @@ For PostgreSQL use following connectivity parameters (example): spring.datasource.url=jdbc:postgresql://[HOST]:[PORT]/[DATABASE] spring.datasource.username=powerauth spring.datasource.password=********* -spring.datasource.driver-class-name=org.postgresql.Driver spring.jpa.hibernate.ddl-auto=none ``` @@ -136,7 +133,6 @@ You can specify the individual properties directly in the server configuration. - ``` @@ -157,7 +153,6 @@ To match the previous example, the contents of `/path/to/come/custom.properties` spring.datasource.url=jdbc:postgresql://localhost:5432/powerauth spring.datasource.username=powerauth spring.datasource.password= -spring.datasource.driver-class-name=org.postgresql.Driver ``` ## Generating Your First Application @@ -234,7 +229,6 @@ Some application servers, such as **WildFly** by JBoss, are very restrictive in spring.datasource.url= spring.datasource.username= spring.datasource.password= -spring.datasource.driver-class-name= spring.jpa.database-platform= spring.jpa.hibernate.ddl-auto=none spring.datasource.jndi-name=java:/jdbc/powerauth diff --git a/docs/Deploying-Wildfly.md b/docs/Deploying-Wildfly.md index 7bc4751b3..0dd363c03 100644 --- a/docs/Deploying-Wildfly.md +++ b/docs/Deploying-Wildfly.md @@ -96,7 +96,6 @@ The `application-ext.properties` file is used to override default configuration spring.datasource.url=jdbc:oracle:thin:@//[host]:[port]/[servicename] spring.datasource.username=powerauth spring.datasource.password=powerauth -spring.datasource.driver-class-name=oracle.jdbc.driver.OracleDriver # Application Service Configuration powerauth.service.applicationEnvironment=TEST diff --git a/powerauth-java-server/src/main/resources/application.properties b/powerauth-java-server/src/main/resources/application.properties index af3f20178..7a6157e5c 100644 --- a/powerauth-java-server/src/main/resources/application.properties +++ b/powerauth-java-server/src/main/resources/application.properties @@ -24,7 +24,6 @@ spring.datasource.url=jdbc:postgresql://localhost:5432/powerauth spring.datasource.username=powerauth spring.datasource.password= spring.datasource.hikari.auto-commit=false -spring.datasource.driver-class-name=org.postgresql.Driver spring.jpa.properties.hibernate.connection.characterEncoding=utf8 spring.jpa.properties.hibernate.connection.useUnicode=true @@ -32,7 +31,6 @@ spring.jpa.properties.hibernate.connection.useUnicode=true #spring.datasource.url=jdbc:oracle:thin:@//127.0.0.1:1521/powerauth #spring.datasource.username=powerauth #spring.datasource.password= -#spring.datasource.driver-class-name=oracle.jdbc.driver.OracleDriver # Hibernate Configuration spring.jpa.hibernate.ddl-auto=none diff --git a/powerauth-java-server/src/test/resources/application-test.properties b/powerauth-java-server/src/test/resources/application-test.properties index 66fc7cd8f..e1d502878 100644 --- a/powerauth-java-server/src/test/resources/application-test.properties +++ b/powerauth-java-server/src/test/resources/application-test.properties @@ -20,7 +20,6 @@ spring.datasource.url=jdbc:h2:mem:powerauth;DB_CLOSE_ON_EXIT=FALSE spring.datasource.username=sa spring.datasource.password= -spring.datasource.driver-class-name=org.h2.Driver # Hibernate Configuration spring.jpa.hibernate.ddl-auto=create-drop From 50ade67be60f0e75acf7c1abae0d541d34514f71 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Thu, 8 Feb 2024 13:36:19 +0100 Subject: [PATCH 074/146] Fix #1300: Handle explicit null JSON value in final fields --- .../client/model/request/OperationApproveRequest.java | 4 ++++ .../client/model/request/OperationCancelRequest.java | 4 ++++ .../client/model/request/OperationCreateRequest.java | 3 +++ .../client/model/request/OperationFailApprovalRequest.java | 4 ++++ .../client/model/request/OperationRejectRequest.java | 4 ++++ .../client/model/request/OperationTemplateCreateRequest.java | 3 +++ .../client/model/request/OperationTemplateUpdateRequest.java | 4 ++++ 7 files changed, 26 insertions(+) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationApproveRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationApproveRequest.java index 88ff11131..a27a82c45 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationApproveRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationApproveRequest.java @@ -18,6 +18,8 @@ package com.wultra.security.powerauth.client.model.request; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.annotation.Nulls; import com.wultra.security.powerauth.client.model.enumeration.SignatureType; import lombok.Data; @@ -37,6 +39,8 @@ public class OperationApproveRequest { private String applicationId; private String data; private SignatureType signatureType; + + @JsonSetter(nulls = Nulls.SKIP) private final Map additionalData = new LinkedHashMap<>(); } diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCancelRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCancelRequest.java index 5a41ff0b5..9c9237ba0 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCancelRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCancelRequest.java @@ -18,6 +18,8 @@ package com.wultra.security.powerauth.client.model.request; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.annotation.Nulls; import lombok.Data; import java.util.LinkedHashMap; @@ -32,6 +34,8 @@ public class OperationCancelRequest { private String operationId; + + @JsonSetter(nulls = Nulls.SKIP) private final Map additionalData = new LinkedHashMap<>(); } diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCreateRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCreateRequest.java index db54f6b8a..d6b5f1849 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCreateRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCreateRequest.java @@ -18,6 +18,8 @@ package com.wultra.security.powerauth.client.model.request; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.annotation.Nulls; import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; @@ -50,6 +52,7 @@ public class OperationCreateRequest { private String externalId; @Schema(description = "Parameters of the operation, will be filled to the operation data", requiredMode = Schema.RequiredMode.NOT_REQUIRED) + @JsonSetter(nulls = Nulls.SKIP) private final Map parameters = new LinkedHashMap<>(); @Schema(description = "Whether proximity check should be used, overrides configuration from operation template", requiredMode = Schema.RequiredMode.NOT_REQUIRED) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationFailApprovalRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationFailApprovalRequest.java index 384ec2bcd..4f2ebbf8e 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationFailApprovalRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationFailApprovalRequest.java @@ -18,6 +18,8 @@ package com.wultra.security.powerauth.client.model.request; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.annotation.Nulls; import lombok.Data; import java.util.LinkedHashMap; @@ -32,6 +34,8 @@ public class OperationFailApprovalRequest { private String operationId; + + @JsonSetter(nulls = Nulls.SKIP) private final Map additionalData = new LinkedHashMap<>(); } diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationRejectRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationRejectRequest.java index 935f9799e..ddc211ed5 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationRejectRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationRejectRequest.java @@ -18,6 +18,8 @@ package com.wultra.security.powerauth.client.model.request; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.annotation.Nulls; import lombok.Data; import java.util.LinkedHashMap; @@ -34,6 +36,8 @@ public class OperationRejectRequest { private String operationId; private String userId; private String applicationId; + + @JsonSetter(nulls = Nulls.SKIP) private final Map additionalData = new LinkedHashMap<>(); } diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationTemplateCreateRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationTemplateCreateRequest.java index 4ae62528f..01eaf9ae2 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationTemplateCreateRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationTemplateCreateRequest.java @@ -18,6 +18,8 @@ package com.wultra.security.powerauth.client.model.request; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.annotation.Nulls; import com.wultra.security.powerauth.client.model.enumeration.SignatureType; import lombok.Data; @@ -50,6 +52,7 @@ public class OperationTemplateCreateRequest { /** * Allowed signature types. */ + @JsonSetter(nulls = Nulls.SKIP) private final List signatureType = new ArrayList<>(); /** diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationTemplateUpdateRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationTemplateUpdateRequest.java index e157ed93e..bb09e5b5b 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationTemplateUpdateRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationTemplateUpdateRequest.java @@ -18,6 +18,8 @@ package com.wultra.security.powerauth.client.model.request; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.annotation.Nulls; import com.wultra.security.powerauth.client.model.enumeration.SignatureType; import lombok.Data; @@ -35,6 +37,8 @@ public class OperationTemplateUpdateRequest { private Long id; private String operationType; private String dataTemplate; + + @JsonSetter(nulls = Nulls.SKIP) private final List signatureType = new ArrayList<>(); private Long maxFailureCount; private Long expiration; From bdba08cf0a2fdc64804eaf816816a2f4b4de9ff9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 01:34:50 +0000 Subject: [PATCH 075/146] Bump net.javacrumbs.shedlock:shedlock-bom from 5.10.2 to 5.11.0 Bumps [net.javacrumbs.shedlock:shedlock-bom](https://github.com/lukas-krecan/ShedLock) from 5.10.2 to 5.11.0. - [Commits](https://github.com/lukas-krecan/ShedLock/compare/shedlock-parent-5.10.2...shedlock-parent-5.11.0) --- updated-dependencies: - dependency-name: net.javacrumbs.shedlock:shedlock-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index fdd733e44..eb8843bc3 100644 --- a/pom.xml +++ b/pom.xml @@ -97,7 +97,7 @@ 2.2.20 - 5.10.2 + 5.11.0 1.11.0 From 845400af8ba500b4a4e8fcd54fdd98df9bbcafa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Mon, 19 Feb 2024 22:50:59 +0800 Subject: [PATCH 076/146] Fix #1304: FIDO2: Use templateName instead of operationType parameter for challenges (#1305) --- .../client/model/request/fido2/AssertionChallengeRequest.java | 2 +- .../fido2/rest/model/request/AssertionChallengeRequest.java | 3 ++- .../com/wultra/powerauth/fido2/service/AssertionService.java | 2 +- .../app/server/service/fido2/PowerAuthAssertionProvider.java | 4 ++-- .../com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java | 4 ++-- 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java index 78cf11325..d5f7687d2 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java @@ -38,7 +38,7 @@ public class AssertionChallengeRequest { private List<@NotBlank String> applicationIds; private String externalId; @NotBlank - private String operationType; + private String templateName; private Map parameters = new HashMap<>(); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java index ddc5a19fc..07a91097d 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java @@ -33,11 +33,12 @@ */ @Data public class AssertionChallengeRequest { + @NotEmpty private List<@NotBlank String> applicationIds; private String externalId; @NotBlank - private String operationType; + private String templateName; private Map parameters = new HashMap<>(); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 0534b44be..fcde27cf7 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -78,7 +78,7 @@ public AssertionService(CryptographyService cryptographyService, AuthenticatorPr */ public AssertionChallengeResponse requestAssertionChallenge(AssertionChallengeRequest request) throws Exception { final AssertionChallenge assertionChallenge = assertionProvider.provideChallengeForAssertion( - request.getApplicationIds(), request.getOperationType(), request.getParameters(), request.getExternalId() + request.getApplicationIds(), request.getTemplateName(), request.getParameters(), request.getExternalId() ); if (assertionChallenge == null) { throw new Fido2AuthenticationFailedException("Unable to obtain challenge with provided parameters."); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index d8d19995d..ea47bcf84 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -73,10 +73,10 @@ public PowerAuthAssertionProvider(ServiceBehaviorCatalogue serviceBehaviorCatalo @Override @Transactional - public AssertionChallenge provideChallengeForAssertion(List applicationIds, String operationType, Map parameters, String externalAuthenticationId) throws GenericServiceException { + public AssertionChallenge provideChallengeForAssertion(List applicationIds, String templateName, Map parameters, String externalAuthenticationId) throws GenericServiceException { final OperationCreateRequest operationCreateRequest = new OperationCreateRequest(); operationCreateRequest.setApplications(applicationIds); - operationCreateRequest.setTemplateName(operationType); + operationCreateRequest.setTemplateName(templateName); operationCreateRequest.getParameters().putAll(parameters); final OperationDetailResponse operationDetailResponse = serviceBehaviorCatalogue.getOperationBehavior().createOperation(operationCreateRequest); diff --git a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java index ee478485a..991a41d14 100644 --- a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java +++ b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java @@ -228,7 +228,7 @@ public void packedAuthenticatorInvalidSignatureTest() throws Exception { // Obtain authentication challenge from PowerAuth server final AssertionChallengeRequest challengeRequest = new AssertionChallengeRequest(); challengeRequest.setApplicationIds(Collections.singletonList(APPLICATION_ID)); - challengeRequest.setOperationType("login"); + challengeRequest.setTemplateName("login"); challengeRequest.setExternalId(UUID.randomUUID().toString()); final AssertionChallengeResponse challengeResponse = assertionService.requestAssertionChallenge(challengeRequest); assertEquals(APPLICATION_ID, challengeResponse.getApplicationIds().get(0)); @@ -375,7 +375,7 @@ private void authenticate() throws Exception { // Obtain authentication challenge from PowerAuth server final AssertionChallengeRequest challengeRequest = new AssertionChallengeRequest(); challengeRequest.setApplicationIds(Collections.singletonList(APPLICATION_ID)); - challengeRequest.setOperationType("login"); + challengeRequest.setTemplateName("login"); challengeRequest.setExternalId(UUID.randomUUID().toString()); final AssertionChallengeResponse challengeResponse = assertionService.requestAssertionChallenge(challengeRequest); assertEquals(APPLICATION_ID, challengeResponse.getApplicationIds().get(0)); From afeda68ae5a43c84fdbf671e2ed7a55c804801c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Ra=C4=8Dansk=C3=BD?= Date: Wed, 21 Feb 2024 10:33:48 +0100 Subject: [PATCH 077/146] Fix #1306: Failing tests when Tomcat is running on port 8080 (#1307) * Fix #1306: Failing tests when Tomcat is running on port 8080 --- .../api/PowerAuthControllerTest.java | 33 ++++++++++++------- .../api/PowerAuthControllerTestConfig.java | 24 +------------- 2 files changed, 22 insertions(+), 35 deletions(-) diff --git a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.java b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.java index a8de53129..8d14a05ec 100644 --- a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.java +++ b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTest.java @@ -24,6 +24,7 @@ import com.wultra.security.powerauth.client.model.error.PowerAuthClientException; import com.wultra.security.powerauth.client.model.request.*; import com.wultra.security.powerauth.client.model.response.*; +import com.wultra.security.powerauth.rest.client.PowerAuthRestClient; import io.getlime.security.powerauth.app.server.service.model.request.ActivationLayer2Request; import io.getlime.security.powerauth.crypto.lib.encryptor.ClientEncryptor; import io.getlime.security.powerauth.crypto.lib.encryptor.EncryptorFactory; @@ -35,9 +36,12 @@ import io.getlime.security.powerauth.crypto.lib.encryptor.model.v3.ServerEncryptorSecrets; import io.getlime.security.powerauth.crypto.lib.generator.KeyGenerator; import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor; -import org.junit.jupiter.api.*; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestInstance; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.boot.test.web.server.LocalServerPort; import org.springframework.test.context.ActiveProfiles; import org.springframework.transaction.annotation.Transactional; @@ -60,13 +64,17 @@ * * @author Lubos Racansky, lubos.racansky@wultra.com */ -@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT) +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) @ActiveProfiles("test") @Transactional @TestInstance(TestInstance.Lifecycle.PER_CLASS) class PowerAuthControllerTest { - @Autowired + private static final String POWERAUTH_REST_URL = "http://localhost:%d/rest"; + + @LocalServerPort + private int serverPort; + private PowerAuthClient powerAuthClient; @Autowired @@ -78,6 +86,7 @@ class PowerAuthControllerTest { @BeforeAll void initializeData() throws Exception { + powerAuthClient = new PowerAuthRestClient(POWERAUTH_REST_URL.formatted(serverPort)); createApplication(); createLoginOperationTemplate(); } @@ -1112,7 +1121,7 @@ private CreateCallbackUrlRequest createCallbackUrlRequest() { * * @throws Exception if any error occurs during activation initialization or verification */ - protected void initActivation() throws Exception { + private void initActivation() throws Exception { final InitActivationRequest initActivationRequest = new InitActivationRequest(); initActivationRequest.setUserId(PowerAuthControllerTestConfig.USER_ID); initActivationRequest.setApplicationId(config.getApplicationId()); @@ -1143,7 +1152,7 @@ protected void initActivation() throws Exception { * * @throws Exception if any error occurs during application creation or setup */ - protected void createApplication() throws Exception { + private void createApplication() throws Exception { final GetApplicationListResponse applicationsListResponse = powerAuthClient.getApplicationList(); final var applicationOptional = applicationsListResponse.getApplications().stream() .filter(app -> app.getApplicationId().equals(config.getApplicationName())) @@ -1204,7 +1213,7 @@ protected void createApplication() throws Exception { * @return the response containing the created callback URL details * @throws Exception if any error occurs during callback URL creation */ - protected CreateCallbackUrlResponse createCallback() throws Exception { + private CreateCallbackUrlResponse createCallback() throws Exception { final CreateCallbackUrlRequest callbackUrlRequest = createCallbackUrlRequest(); final CreateCallbackUrlResponse response = powerAuthClient.createCallbackUrl(callbackUrlRequest); assertEquals(PowerAuthControllerTestConfig.CALLBACK_NAME, response.getName()); @@ -1223,7 +1232,7 @@ protected CreateCallbackUrlResponse createCallback() throws Exception { * @param callbackId the ID of the callback URL to be removed * @throws Exception if any error occurs during callback URL removal */ - protected void removeCallback(final String callbackId) throws Exception { + private void removeCallback(final String callbackId) throws Exception { final RemoveCallbackUrlRequest removeCallbackUrlRequest = new RemoveCallbackUrlRequest(); removeCallbackUrlRequest.setId(callbackId); @@ -1240,7 +1249,7 @@ protected void removeCallback(final String callbackId) throws Exception { * * @throws Exception if any error occurs during activation removal */ - protected void removeActivation() throws Exception { + private void removeActivation() throws Exception { final RemoveActivationRequest removeActivationRequest = new RemoveActivationRequest(); removeActivationRequest.setActivationId(config.getActivationId()); final RemoveActivationResponse removeActivationResponse = powerAuthClient.removeActivation(removeActivationRequest); @@ -1257,7 +1266,7 @@ protected void removeActivation() throws Exception { * @return the response containing the created operation details * @throws Exception if any error occurs during operation creation */ - protected OperationDetailResponse createOperation() throws Exception { + private OperationDetailResponse createOperation() throws Exception { final OperationDetailResponse operationDetailResponse = powerAuthClient .createOperation(createOperationCreateRequest(false)); assertNotNull(operationDetailResponse.getId()); @@ -1275,7 +1284,7 @@ protected OperationDetailResponse createOperation() throws Exception { * * @throws Exception if any error occurs during operation template creation */ - protected void createLoginOperationTemplate() throws Exception { + private void createLoginOperationTemplate() throws Exception { final OperationTemplateCreateRequest request = new OperationTemplateCreateRequest(); request.setTemplateName(UUID.randomUUID().toString()); request.setOperationType("login"); @@ -1298,7 +1307,7 @@ protected void createLoginOperationTemplate() throws Exception { * @return The {@link PublicKey} object corresponding to the decoded master public key. * @throws Exception if there is an error during the conversion process. */ - protected PublicKey wrapPublicKeyString() throws Exception { + private PublicKey wrapPublicKeyString() throws Exception { return keyConvertor.convertBytesToPublicKey(Base64.getDecoder().decode(config.getMasterPublicKey())); } @@ -1320,7 +1329,7 @@ protected PublicKey wrapPublicKeyString() throws Exception { * @return The {@link EncryptedRequest} containing the encrypted request data. * @throws Exception if there is an error during the encryption or serialization process. */ - protected EncryptedRequest generateEncryptedRequestActivationLayer(final String activationName) throws Exception { + private EncryptedRequest generateEncryptedRequestActivationLayer(final String activationName) throws Exception { final KeyPair keyPair = keyGenerator.generateKeyPair(); final PublicKey publicKey = keyPair.getPublic(); final byte[] publicKeyBytes = keyConvertor.convertPublicKeyToBytes(publicKey); diff --git a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTestConfig.java b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTestConfig.java index a6675d81f..ece409faa 100644 --- a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTestConfig.java +++ b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthControllerTestConfig.java @@ -17,14 +17,10 @@ */ package io.getlime.security.powerauth.app.server.controller.api; -import com.wultra.security.powerauth.client.PowerAuthClient; -import com.wultra.security.powerauth.rest.client.PowerAuthRestClient; -import com.wultra.security.powerauth.rest.client.PowerAuthRestClientConfiguration; import lombok.Data; -import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import java.util.*; +import java.util.UUID; /** * Configuration class for PowerAuth Controller tests. @@ -41,7 +37,6 @@ @Data public class PowerAuthControllerTestConfig { - private static final String POWERAUTH_REST_URL = "http://localhost:8080/rest"; protected static final String PUBLIC_KEY_RECOVERY_POSTCARD_BASE64 = "BABXgGoj4Lizl3GN0rjrtileEEwekFkpX1ERS9yyYjyuM1Iqdti3ihtATBxk5XGvjetPO1YC+qXciUYjIsETtbI="; protected static final String USER_ID = "test-user"; protected static final String DATA = "A2"; @@ -62,21 +57,4 @@ public class PowerAuthControllerTestConfig { private String activationCode; private String activationName; - /** - * Creates and configures a new {@link PowerAuthClient} bean. - *

- * The method configures and returns a PowerAuthClient instance for interacting with - * the PowerAuth Server. It sets up the client with the necessary configurations such as - * accepting invalid SSL certificates for testing purposes. - * - * @return A configured instance of PowerAuthClient - * @throws Exception if there is an issue creating the PowerAuthClient instance - */ - @Bean - public PowerAuthClient powerAuthClient() throws Exception { - final PowerAuthRestClientConfiguration config = new PowerAuthRestClientConfiguration(); - config.setAcceptInvalidSslCertificate(true); - return new PowerAuthRestClient(POWERAUTH_REST_URL); - } - } From 163a0aa9557cd8343059d19d8fda2690ce1ff847 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Wed, 21 Feb 2024 17:42:48 +0800 Subject: [PATCH 078/146] Fix #1299: FIDO2: Check AAGUID during registration (#1302) --- docs/Database-Structure.md | 27 +++ docs/PowerAuth-Server-1.7.0.md | 12 ++ docs/WebServices-Methods.md | 79 ++++++++ .../1.7.x/20240115-add-columns-fido2.xml | 2 +- .../1.7.x/20240212-application-config.xml | 68 +++++++ .../1.7.x/db.changelog-version.xml | 1 + docs/sql/mssql/migration_1.6.0_1.7.0.sql | 15 ++ docs/sql/oracle/migration_1.6.0_1.7.0.sql | 12 ++ docs/sql/postgresql/migration_1.6.0_1.7.0.sql | 11 + .../powerauth/client/PowerAuthClient.java | 75 +++++++ .../entity/ApplicationConfigurationItem.java | 36 ++++ .../CreateApplicationConfigRequest.java | 41 ++++ .../request/GetApplicationConfigRequest.java | 35 ++++ .../RemoveApplicationConfigRequest.java | 37 ++++ .../CreateApplicationConfigResponse.java | 38 ++++ .../GetApplicationConfigResponse.java | 38 ++++ .../model/enumeration/Fido2ConfigKeys.java | 32 +++ .../fido2/service/RegistrationService.java | 17 +- .../provider/RegistrationProvider.java | 10 + .../controller/api/PowerAuthController.java | 37 ++++ .../server/database/RepositoryCatalogue.java | 9 +- .../model/converter/ListToJsonConverter.java | 82 ++++++++ .../model/entity/ApplicationConfigEntity.java | 107 ++++++++++ .../model/entity/ApplicationEntity.java | 1 - .../model/entity/SignatureEntity.java | 1 - .../ApplicationConfigRepository.java | 43 ++++ .../app/server/service/PowerAuthService.java | 46 +++++ .../behavior/ServiceBehaviorCatalogue.java | 11 + .../tasks/ActivationFlagsServiceBehavior.java | 2 +- .../tasks/ActivationServiceBehavior.java | 2 +- .../ApplicationConfigServiceBehavior.java | 190 ++++++++++++++++++ .../ApplicationRolesServiceBehavior.java | 2 +- .../service/behavior/tasks/TokenBehavior.java | 2 +- .../tasks/VaultUnlockServiceBehavior.java | 2 +- .../fido2/PowerAuthRegistrationProvider.java | 44 ++++ .../fido2/Fido2AuthenticatorTest.java | 123 +++++++++++- .../rest/client/PowerAuthRestClient.java | 54 +++++ 37 files changed, 1330 insertions(+), 14 deletions(-) create mode 100644 docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240212-application-config.xml create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/ApplicationConfigurationItem.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/CreateApplicationConfigRequest.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/GetApplicationConfigRequest.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/RemoveApplicationConfigRequest.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/CreateApplicationConfigResponse.java create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetApplicationConfigResponse.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fido2ConfigKeys.java create mode 100644 powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/ListToJsonConverter.java create mode 100644 powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationConfigEntity.java create mode 100644 powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ApplicationConfigRepository.java create mode 100644 powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationConfigServiceBehavior.java diff --git a/docs/Database-Structure.md b/docs/Database-Structure.md index 31d5cbb2e..ad1f8d9a8 100644 --- a/docs/Database-Structure.md +++ b/docs/Database-Structure.md @@ -86,6 +86,33 @@ CREATE TABLE pa_application_version | supported | INT(11) | - | Flag indicating if this version is supported or not (0 = not supported, 1..N = supported) | + +### Application Configuration Table + +Stores configurations for the applications stored in `pa_application` table. + +#### Schema + +```sql +CREATE TABLE pa_application_config +( + id INTEGER NOT NULL PRIMARY KEY, + application_id INTEGER NOT NULL, + config_key VARCHAR(255), + config_values TEXT +); +``` + +#### Columns + +| Name | Type | Info | Note | +|------|------|---------|-----------------------------------------------------------------------------------------------------------------------------------------| +| id | BIGINT(20) | primary key, autoincrement | Unique application configuration identifier. | +| application_id | BIGINT(20) | foreign key: pa\_application.id | Related application ID. | +| config_key | VARCHAR(255) | index | Configuration key names such as `fido2_attestation_fmt_allowed` and `fido2_aaguids_allowed`. | +| config_values | TEXT | - | Configuration values serialized in JSON format. | + + ### Activations Table diff --git a/docs/PowerAuth-Server-1.7.0.md b/docs/PowerAuth-Server-1.7.0.md index ff4879b28..90083ef11 100644 --- a/docs/PowerAuth-Server-1.7.0.md +++ b/docs/PowerAuth-Server-1.7.0.md @@ -19,3 +19,15 @@ Following columns have been added to table `pa_activation` for FIDO2 support: - `protocol` - protocol enumeration: `powerauth` or `fido2` The data type for column `extras` in table `pa_activation` was changed to `TEXT` / `CLOB` to support larger data. + +### New Database Table for Application Configuration + +A new database table `pa_application_config` has been added: +- `id` - application configuration row identifier +- `application_id` - application identifier +- `config_key` - configuration key +- `config_values` - list of configuration values + +Following parameters can be configured: +- `fido2_attestation_fmt_allowed` - allowed attestation formats for FIDO2 registrations, unset value means all attestation formats are allowed +- `fido2_aaguids_allowed` - allowed AAGUIDs for FIDO2 registration, unset value means all AAGUIDs are allowed diff --git a/docs/WebServices-Methods.md b/docs/WebServices-Methods.md index c6d64ba8a..9ee46c9f8 100644 --- a/docs/WebServices-Methods.md +++ b/docs/WebServices-Methods.md @@ -19,6 +19,9 @@ The following `v3` methods are published using the service: - [createApplicationVersion](#method-createapplicationversion) - [unsupportApplicationVersion](#method-unsupportapplicationversion) - [supportApplicationVersion](#method-supportapplicationversion) + - [getApplicationConfig](#method-getapplicationconfig) + - [createApplicationConfig](#method-createapplicationconfig) + - [removeApplicationConfig](#method-removeapplicationconfig) - Activation Management - [getActivationListForUser](#method-getactivationlistforuser) - [initActivation](#method-initactivation) @@ -343,6 +346,82 @@ REST endpoint: `POST /rest/v3/application/version/support` | `String` | `applicationVersionId` | An identifier of an application version | | `Boolean` | `supported` | Flag indicating if this application is supported | +### Method 'getApplicationConfig' + +Get application configuration detail. + +#### Request + +REST endpoint: `POST /rest/v3/application/config/detail` + +`GetApplicationConfigRequest` + +| Type | Name | Description | +|----------|------|-------------| +| `String` | `applicationId` | An identifier of an application | + +#### Response + +`GetApplicationConfigResponse` + +| Type | Name | Description | +|-----------|------|-------------| +| `String` | `applicationId` | An identifier of an application | +| `List` | `applicationConfigs` | List of application configurations | + +The `ApplicationConfigurationItem` record contains following parameters: + - `String key` - configuration key name + - `List values` - configuration values + +### Method 'createApplicationConfig' + +Create application configuration. + +#### Request + +REST endpoint: `POST /rest/v3/application/config/create` + +`CreateApplicationConfigRequest` + +| Type | Name | Description | +|----------|------|-------------| +| `String` | `applicationId` | An identifier of an application | +| `String` | `key` | Application configuration key name | +| `List` | `values` | Application configuration values | + +Following configuration keys are accepted: +- `fido2_attestation_fmt_allowed` - allowed attestation formats for FIDO2 registrations, unset value means all attestation formats are allowed +- `fido2_aaguids_allowed` - allowed AAGUIDs for FIDO2 registration, unset value means all AAGUIDs are allowed + +#### Response + +`CreateApplicationConfigResponse` + +| Type | Name | Description | +|----------|------|-------------| +| `String` | `applicationId` | An identifier of an application | +| `String` | `key` | Application configuration key name | +| `List` | `values` | Application configuration values | + +### Method 'removeApplicationConfig' + +Delete an application configuration. + +#### Request + +REST endpoint: `POST /rest/v3/application/config/remove` + +`RemoveApplicationConfigRequest` + +| Type | Name | Description | +|----------|------|-------------| +| `String` | `applicationId` | An identifier of an application | +| `String` | `key` | Application configuration key name | + +#### Response + +_empty response_ + ## Activation management Methods related to activation management. diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml index 125b77a3e..e42b7e6af 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml @@ -1,7 +1,7 @@ + + + + + + + + + + + Create a new table pa_application_config + + + + + + + + + + + + + + + + + + + + + Create a new index on pa_application_config(key) + + + + + + + + + + + + Create a new sequence pa_app_conf_seq + + + + diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml index 3adca5752..0838ac2b2 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml @@ -4,5 +4,6 @@ xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd"> + diff --git a/docs/sql/mssql/migration_1.6.0_1.7.0.sql b/docs/sql/mssql/migration_1.6.0_1.7.0.sql index 25a5b4719..67faff720 100644 --- a/docs/sql/mssql/migration_1.6.0_1.7.0.sql +++ b/docs/sql/mssql/migration_1.6.0_1.7.0.sql @@ -11,3 +11,18 @@ GO -- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::3::Roman Strobl ALTER TABLE pa_activation ALTER COLUMN extras varchar (max); GO + +-- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::1::Roman Strobl +-- Create a new table pa_application_config +CREATE TABLE pa_application_config (id int NOT NULL, application_id int NOT NULL, config_key varchar(255) NOT NULL, config_values varchar (max), CONSTRAINT PK_PA_APPLICATION_CONFIG PRIMARY KEY (id), CONSTRAINT pa_app_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); +GO + +-- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::2::Roman Strobl +-- Create a new index on pa_application_config(key) +CREATE NONCLUSTERED INDEX pa_app_config_key_idx ON pa_application_config([key]); +GO + +-- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::3::Lubos Racansky +-- Create a new sequence pa_app_conf_seq +CREATE SEQUENCE pa_app_conf_seq START WITH 1 INCREMENT BY 1; +GO \ No newline at end of file diff --git a/docs/sql/oracle/migration_1.6.0_1.7.0.sql b/docs/sql/oracle/migration_1.6.0_1.7.0.sql index 7cf04bcd1..760ac1e1b 100644 --- a/docs/sql/oracle/migration_1.6.0_1.7.0.sql +++ b/docs/sql/oracle/migration_1.6.0_1.7.0.sql @@ -8,3 +8,15 @@ ALTER TABLE pa_activation ADD protocol VARCHAR2(32) DEFAULT 'powerauth'; -- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::3::Roman Strobl ALTER TABLE pa_activation MODIFY extras CLOB; + +-- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::1::Roman Strobl +-- Create a new table pa_application_config +CREATE TABLE pa_application_config (id INTEGER NOT NULL, application_id INTEGER NOT NULL, config_key VARCHAR2(255) NOT NULL, config_values CLOB, CONSTRAINT PK_PA_APPLICATION_CONFIG PRIMARY KEY (id), CONSTRAINT pa_app_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); + +-- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::2::Roman Strobl +-- Create a new index on pa_application_config(key) +CREATE INDEX pa_app_config_key_idx ON pa_application_config(key); + +-- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::3::Lubos Racansky +-- Create a new sequence pa_app_conf_seq +CREATE SEQUENCE pa_app_conf_seq START WITH 1 INCREMENT BY 1 CACHE 20; diff --git a/docs/sql/postgresql/migration_1.6.0_1.7.0.sql b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql index 4d022a85f..b1fb025ba 100644 --- a/docs/sql/postgresql/migration_1.6.0_1.7.0.sql +++ b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql @@ -9,3 +9,14 @@ ALTER TABLE pa_activation ADD protocol VARCHAR(32) DEFAULT 'powerauth'; -- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::3::Roman Strobl ALTER TABLE pa_activation ALTER COLUMN extras TYPE TEXT USING (extras::TEXT); +-- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::1::Roman Strobl +-- Create a new table pa_application_config +CREATE TABLE pa_application_config (id INTEGER NOT NULL, application_id INTEGER NOT NULL, config_key VARCHAR(255) NOT NULL, config_values TEXT, CONSTRAINT pa_application_config_pkey PRIMARY KEY (id), CONSTRAINT pa_app_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); + +-- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::2::Roman Strobl +-- Create a new index on pa_application_config(key) +CREATE INDEX pa_app_config_key_idx ON pa_application_config(key); + +-- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::3::Lubos Racansky +-- Create a new sequence pa_app_conf_seq +CREATE SEQUENCE IF NOT EXISTS pa_app_conf_seq START WITH 1 INCREMENT BY 1 CACHE 20; diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthClient.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthClient.java index 77e26fe12..159ba8157 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthClient.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/PowerAuthClient.java @@ -2135,4 +2135,79 @@ RecoveryCodeActivationResponse createActivationUsingRecoveryCode(String recovery */ TelemetryReportResponse requestTelemetryReport(TelemetryReportRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException; + /** + * Create an application configuration. + * @param request Create application configuration request. + * @return Create application configuration response. + * @throws PowerAuthClientException In case REST API call fails. + */ + CreateApplicationConfigResponse createApplicationConfig(CreateApplicationConfigRequest request) throws PowerAuthClientException; + + /** + * Create an application configuration. + * @param request Create application configuration request. + * @return Create application configuration response. + * @throws PowerAuthClientException In case REST API call fails. + */ + CreateApplicationConfigResponse createApplicationConfig(CreateApplicationConfigRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException; + + /** + * Create an application configuration. + * @param applicationId Application identifier. + * @param key Configuration key. + * @param values Configuration values. + * @return Create application configuration response. + * @throws PowerAuthClientException In case REST API call fails. + */ + CreateApplicationConfigResponse createApplicationConfig(String applicationId, String key, List values) throws PowerAuthClientException; + + /** + * Remove an application configuration record. + * @param request Remove application configuration request. + * @return Remove application configuration response. + * @throws PowerAuthClientException In case REST API call fails. + */ + Response removeApplicationConfig(RemoveApplicationConfigRequest request) throws PowerAuthClientException; + + /** + * Remove an application configuration record. + * @param request Remove application configuration request. + * @return Remove application configuration response. + * @throws PowerAuthClientException In case REST API call fails. + */ + Response removeApplicationConfig(RemoveApplicationConfigRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException; + + /** + * Remove an application configuration record. + * @param applicationId Application identifier. + * @param key Configuration key. + * @return Response. + * @throws PowerAuthClientException In case REST API call fails. + */ + Response removeApplicationConfig(String applicationId, String key) throws PowerAuthClientException; + + /** + * Get application configuration. + * @param request Get application configuration request. + * @return Application configuration response. + * @throws PowerAuthClientException In case REST API call fails. + */ + GetApplicationConfigResponse getApplicationConfig(GetApplicationConfigRequest request) throws PowerAuthClientException; + + /** + * Get application configuration. + * @param request Get application configuration request. + * @return Application configuration response. + * @throws PowerAuthClientException In case REST API call fails. + */ + GetApplicationConfigResponse getApplicationConfig(GetApplicationConfigRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException; + + /** + * Get application configuration. + * @param applicationId Application identifier. + * @return Application configuration response. + * @throws PowerAuthClientException In case REST API call fails. + */ + GetApplicationConfigResponse getApplicationConfig(String applicationId) throws PowerAuthClientException; + } diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/ApplicationConfigurationItem.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/ApplicationConfigurationItem.java new file mode 100644 index 000000000..f096ab4d7 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/ApplicationConfigurationItem.java @@ -0,0 +1,36 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package com.wultra.security.powerauth.client.model.entity; + +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * Model class representing an application configuration record. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class ApplicationConfigurationItem { + + private String key; + private List values = new ArrayList<>(); + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/CreateApplicationConfigRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/CreateApplicationConfigRequest.java new file mode 100644 index 000000000..b6cb372fe --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/CreateApplicationConfigRequest.java @@ -0,0 +1,41 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.request; + +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * Model class representing request for adding an application configuration. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class CreateApplicationConfigRequest { + + @NotBlank + private String applicationId; + @NotBlank + private String key; + private List values = new ArrayList<>(); + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/GetApplicationConfigRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/GetApplicationConfigRequest.java new file mode 100644 index 000000000..2a2f0b136 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/GetApplicationConfigRequest.java @@ -0,0 +1,35 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.request; + +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +/** + * Model class representing request for obtaining application configuration. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class GetApplicationConfigRequest { + + @NotBlank + private String applicationId; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/RemoveApplicationConfigRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/RemoveApplicationConfigRequest.java new file mode 100644 index 000000000..a2394be23 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/RemoveApplicationConfigRequest.java @@ -0,0 +1,37 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.request; + +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +/** + * Model class representing request for removing an application configuration. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class RemoveApplicationConfigRequest { + + @NotBlank + private String applicationId; + @NotBlank + private String key; + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/CreateApplicationConfigResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/CreateApplicationConfigResponse.java new file mode 100644 index 000000000..8cfa7d31a --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/CreateApplicationConfigResponse.java @@ -0,0 +1,38 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.response; + +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * Model class representing response for creating an application configuration. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class CreateApplicationConfigResponse { + + private String applicationId; + private String key; + private List values = new ArrayList<>(); + +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetApplicationConfigResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetApplicationConfigResponse.java new file mode 100644 index 000000000..191f1182c --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/GetApplicationConfigResponse.java @@ -0,0 +1,38 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.response; + +import com.wultra.security.powerauth.client.model.entity.ApplicationConfigurationItem; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; + +/** + * Model class representing response for obtaining an application configuration. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +public class GetApplicationConfigResponse { + + private String applicationId; + private List applicationConfigs = new ArrayList<>(); + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fido2ConfigKeys.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fido2ConfigKeys.java new file mode 100644 index 000000000..12a31c990 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fido2ConfigKeys.java @@ -0,0 +1,32 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +package com.wultra.powerauth.fido2.rest.model.enumeration; + +/** + * FIDO2 configuration key strings. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +public class Fido2ConfigKeys { + + public static final String CONFIG_KEY_ALLOWED_ATTESTATION_FMT = "fido2_attestation_fmt_allowed"; + public static final String CONFIG_KEY_ALLOWED_AAGUIDS = "fido2_aaguids_allowed"; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index 5d8f20c5b..7aa8c1474 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -22,6 +22,7 @@ import com.wultra.powerauth.fido2.rest.model.converter.RegistrationChallengeConverter; import com.wultra.powerauth.fido2.rest.model.converter.RegistrationConverter; import com.wultra.powerauth.fido2.rest.model.entity.*; +import com.wultra.powerauth.fido2.rest.model.enumeration.Fmt; import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; import com.wultra.powerauth.fido2.rest.model.response.RegisteredAuthenticatorsResponse; import com.wultra.powerauth.fido2.rest.model.response.RegistrationChallengeResponse; @@ -127,13 +128,18 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E final AttestedCredentialData attestedCredentialData = authData.getAttestedCredentialData(); final String fmt = attestationObject.getFmt(); - if ("packed".equals(fmt)) { + final byte[] aaguid = attestationObject.getAuthData().getAttestedCredentialData().getAaguid(); + + validateRegistrationRequest(applicationId, fmt, aaguid, challengeValue); + + if (Fmt.FMT_PACKED.getValue().equals(fmt)) { final boolean verifySignature = cryptographyService.verifySignatureForRegistration(applicationId, clientDataJSON, authData, signature, attestedCredentialData); if (!verifySignature) { // Immediately revoke the challenge registrationProvider.revokeRegistrationByChallengeValue(applicationId, challengeValue); throw new Fido2AuthenticationFailedException("Registration failed"); } + logger.info("Signature verification on registration performed using packed attestation format"); } else { logger.info("No signature verification on registration"); } @@ -145,4 +151,13 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E return registrationConverter.convertRegistrationResponse(authenticatorDetailResponse); } + private void validateRegistrationRequest(final String applicationId, final String attestationFormat, final byte[] aaguid, final String challengeValue) throws Exception { + if (!registrationProvider.registrationAllowed(applicationId, attestationFormat, aaguid)) { + logger.warn("Invalid request for FIDO2 registration"); + // Immediately revoke the challenge + registrationProvider.revokeRegistrationByChallengeValue(applicationId, challengeValue); + throw new Fido2AuthenticationFailedException("Registration failed"); + } + } + } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java index f1918e309..0349baafc 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java @@ -56,4 +56,14 @@ public interface RegistrationProvider { */ void revokeRegistrationByChallengeValue(String applicationId, String challengeValue) throws Exception; + /** + * Verify registration parameters and determine whether registration is allowed. + * @param applicationId Application ID. + * @param attestationFormat FIDO2 registration attestation format. + * @param aaguid FIDO2 registration AAGUID value. + * @return Whether registration is allowed. + * @throws Exception In case any issue occur during processing. + */ + boolean registrationAllowed(String applicationId, String attestationFormat, byte[] aaguid) throws Exception; + } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthController.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthController.java index 40ac6143b..01202c3ff 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthController.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/api/PowerAuthController.java @@ -433,6 +433,43 @@ public ObjectResponse supportApplicationVersi return new ObjectResponse<>("OK", powerAuthService.supportApplicationVersion(request.getRequestObject())); } + /** + * Call {@link PowerAuthService#getApplicationConfig(GetApplicationConfigRequest)} method and + * return the response. + * @param request Get application configuration. + * @return Application configuration response. + * @throws Exception In case the service throws exception. + */ + @PostMapping("/application/config/detail") + public ObjectResponse getApplicationConfig(@RequestBody ObjectRequest request) throws Exception { + return new ObjectResponse<>(powerAuthService.getApplicationConfig(request.getRequestObject())); + } + + /** + * Call {@link PowerAuthService#createApplicationConfig(CreateApplicationConfigRequest)} method and + * return the response. + * @param request Create an application configuration. + * @return Create application configuration response. + * @throws Exception In case the service throws exception. + */ + @PostMapping("/application/config/create") + public ObjectResponse createApplicationConfig(@RequestBody ObjectRequest request) throws Exception { + return new ObjectResponse<>(powerAuthService.createApplicationConfig(request.getRequestObject())); + } + + /** + * Call {@link PowerAuthService#removeApplicationConfig(RemoveApplicationConfigRequest)} method and + * return the response. + * @param request Delete an application configuration. + * @return Delete application configuration response. + * @throws Exception In case the service throws exception. + */ + @PostMapping("/application/config/remove") + public Response removeApplicationConfig(@RequestBody ObjectRequest request) throws Exception { + powerAuthService.removeApplicationConfig(request.getRequestObject()); + return new Response(); + } + /** * Call {@link PowerAuthService#createIntegration(CreateIntegrationRequest)} method and * return the response. diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/RepositoryCatalogue.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/RepositoryCatalogue.java index 26b63502e..3391ecc2e 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/RepositoryCatalogue.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/RepositoryCatalogue.java @@ -37,6 +37,8 @@ public class RepositoryCatalogue { private final ApplicationVersionRepository applicationVersionRepository; + private final ApplicationConfigRepository applicationConfigRepository; + private final CallbackUrlRepository callbackUrlRepository; private final IntegrationRepository integrationRepository; @@ -57,7 +59,7 @@ public RepositoryCatalogue( ActivationHistoryRepository activationHistoryRepository, ApplicationRepository applicationRepository, ApplicationVersionRepository applicationVersionRepository, - CallbackUrlRepository callbackUrlRepository, + ApplicationConfigRepository applicationConfigRepository, CallbackUrlRepository callbackUrlRepository, IntegrationRepository integrationRepository, MasterKeyPairRepository masterKeyPairRepository, SignatureAuditRepository signatureAuditRepository, @@ -69,6 +71,7 @@ public RepositoryCatalogue( this.activationHistoryRepository = activationHistoryRepository; this.applicationRepository = applicationRepository; this.applicationVersionRepository = applicationVersionRepository; + this.applicationConfigRepository = applicationConfigRepository; this.callbackUrlRepository = callbackUrlRepository; this.integrationRepository = integrationRepository; this.masterKeyPairRepository = masterKeyPairRepository; @@ -96,6 +99,10 @@ public ApplicationVersionRepository getApplicationVersionRepository() { return applicationVersionRepository; } + public ApplicationConfigRepository getApplicationConfigRepository() { + return applicationConfigRepository; + } + public CallbackUrlRepository getCallbackUrlRepository() { return callbackUrlRepository; } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/ListToJsonConverter.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/ListToJsonConverter.java new file mode 100644 index 000000000..78f4b0c96 --- /dev/null +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/converter/ListToJsonConverter.java @@ -0,0 +1,82 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package io.getlime.security.powerauth.app.server.database.model.converter; + +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.ObjectMapper; +import jakarta.persistence.AttributeConverter; +import jakarta.persistence.Converter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Component; + +import java.util.Collections; +import java.util.List; + +/** + * Converts between list of strings and JSON serialized storage in a database column. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Converter +@Component +public class ListToJsonConverter implements AttributeConverter, String> { + + private static final Logger logger = LoggerFactory.getLogger(ListToJsonConverter.class); + + private static final String EMPTY_LIST = "[]"; + + private final ObjectMapper objectMapper; + + /** + * Converter constructor. + * @param objectMapper Object mapper. + */ + public ListToJsonConverter(ObjectMapper objectMapper) { + this.objectMapper = objectMapper; + } + + @Override + public String convertToDatabaseColumn(List attributes) { + if (attributes == null) { + return EMPTY_LIST; + } + try { + return objectMapper.writeValueAsString(attributes); + } catch (JsonProcessingException ex) { + logger.warn("Conversion failed for attribute list, error: {}", ex.getMessage(), ex); + return EMPTY_LIST; + } + } + + @Override + public List convertToEntityAttribute(String dbValue) { + if (dbValue == null) { + return null; + } + try { + return objectMapper.readValue(dbValue, new TypeReference<>() {}); + } catch (JsonProcessingException ex) { + logger.warn("Conversion failed for attribute list, error: {}", ex.getMessage(), ex); + return Collections.emptyList(); + } + } + +} diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationConfigEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationConfigEntity.java new file mode 100644 index 000000000..8ee8cde1c --- /dev/null +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationConfigEntity.java @@ -0,0 +1,107 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.app.server.database.model.entity; + +import io.getlime.security.powerauth.app.server.database.model.converter.ListToJsonConverter; +import jakarta.persistence.*; +import lombok.Getter; +import lombok.Setter; +import org.springframework.data.util.ProxyUtils; + +import java.io.Serial; +import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; + +/** + * Entity class representing an application configuration. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Entity +@Getter +@Setter +@Table(name = "pa_application_config") +public class ApplicationConfigEntity implements Serializable { + + @Serial + private static final long serialVersionUID = -7670843254389928550L; + + @Id + @SequenceGenerator(name = "pa_application_config", sequenceName = "pa_app_conf_seq", allocationSize = 1) + @GeneratedValue(strategy = GenerationType.AUTO, generator = "pa_application_config") + @Column(name = "id") + private Long rid; + + @OneToOne + @JoinColumn(name = "application_id", referencedColumnName = "id", nullable = false, updatable = false) + private ApplicationEntity application; + + @Column(name = "config_key", nullable = false) + private String key; + + @Column(name = "config_values") + @Convert(converter = ListToJsonConverter.class) + private List values = new ArrayList<>(); + + /** + * No-arg constructor. + */ + public ApplicationConfigEntity() { + } + + /** + * Constructor for a new application configuration. + * + * @param application Application entity. + * @param key Configuration key. + * @param values Configuration values. + */ + public ApplicationConfigEntity(ApplicationEntity application, String key, List values) { + this.application = application; + this.key = key; + this.values = values; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null) return false; + if (!this.getClass().equals(ProxyUtils.getUserClass(o))) return false; + ApplicationConfigEntity that = (ApplicationConfigEntity) o; + return Objects.equals(application, that.application) && + Objects.equals(key, that.key) && + Objects.equals(values, that.values); + } + + @Override + public int hashCode() { + return Objects.hash(application, key, values); + } + + @Override + public String toString() { + return "ApplicationConfigEntity{" + + "rid=" + rid + + ", appId='" + application.getId() + '\'' + + ", key=" + key + + ", values=" + values + + '}'; + } +} diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java index 193d979f7..a7f49ce76 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationEntity.java @@ -75,7 +75,6 @@ public ApplicationEntity() { * @param versions Collection of versions. */ public ApplicationEntity(Long rid, String id, List roles, List versions) { - super(); this.rid = rid; this.id = id; this.roles.addAll(roles); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java index e0798e6e4..dc30d1622 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/SignatureEntity.java @@ -137,7 +137,6 @@ public SignatureEntity( Boolean valid, Date timestampCreated, Integer version) { - super(); this.id = id; this.activation = activation; this.activationCounter = activationCounter; diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ApplicationConfigRepository.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ApplicationConfigRepository.java new file mode 100644 index 000000000..9694f2fc8 --- /dev/null +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ApplicationConfigRepository.java @@ -0,0 +1,43 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.app.server.database.repository; + +import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationConfigEntity; +import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationEntity; +import org.springframework.data.repository.CrudRepository; +import org.springframework.stereotype.Repository; + +import java.util.List; + +/** + * Repository for application configurations. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Repository +public interface ApplicationConfigRepository extends CrudRepository { + + /** + * Find application configuration by application ID. + * + * @param applicationId Application ID. + * @return Optional application config entity. + */ + List findByApplicationId(String applicationId); + +} diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java index 51da89ab0..6608aba47 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java @@ -24,6 +24,7 @@ import com.wultra.security.powerauth.client.model.request.*; import com.wultra.security.powerauth.client.model.response.*; import com.wultra.security.powerauth.client.model.validator.*; +import io.getlime.core.rest.model.base.response.Response; import io.getlime.security.powerauth.app.server.configuration.PowerAuthPageableConfiguration; import io.getlime.security.powerauth.app.server.configuration.PowerAuthServiceConfiguration; import io.getlime.security.powerauth.app.server.converter.ActivationStatusConverter; @@ -2010,6 +2011,51 @@ public UpdateActivationNameResponse updateActivationName(final UpdateActivationN } } + @Transactional(readOnly = true) + public GetApplicationConfigResponse getApplicationConfig(final GetApplicationConfigRequest request) throws GenericServiceException { + try { + final String applicationId = request.getApplicationId(); + logger.info("GetApplicationConfig call received, application ID: {}", applicationId); + logger.debug("Obtaining application config: {}", request); + final GetApplicationConfigResponse response = behavior.getApplicationConfigServiceBehavior().getApplicationConfig(request); + logger.info("GetApplicationConfig succeeded, application ID: {}", applicationId); + return response; + } catch (RuntimeException ex) { + logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); + throw ex; + } + } + + @Transactional + public CreateApplicationConfigResponse createApplicationConfig(final CreateApplicationConfigRequest request) throws GenericServiceException { + try { + final String applicationId = request.getApplicationId(); + logger.info("CreateApplicationConfig call received, application ID: {}", applicationId); + logger.debug("Creating application config: {}", request); + final CreateApplicationConfigResponse response = behavior.getApplicationConfigServiceBehavior().createApplicationConfig(request); + logger.info("CreateApplicationConfig succeeded, application ID: {}", applicationId); + return response; + } catch (RuntimeException ex) { + logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); + throw ex; + } + } + + @Transactional + public Response removeApplicationConfig(final RemoveApplicationConfigRequest request) throws GenericServiceException { + try { + final String applicationId = request.getApplicationId(); + logger.info("RemoveApplicationConfig call received, application ID: {}", applicationId); + logger.debug("Removing application config: {}", request); + final Response response = behavior.getApplicationConfigServiceBehavior().removeApplicationConfig(request); + logger.info("RemoveApplicationConfig succeeded, application ID: {}", applicationId); + return response; + } catch (RuntimeException ex) { + logger.error("Runtime exception or error occurred, transaction will be rolled back", ex); + throw ex; + } + } + private Set convert(final Set source) { if (CollectionUtils.isEmpty(source)) { return Set.of(ActivationStatus.values()); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/ServiceBehaviorCatalogue.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/ServiceBehaviorCatalogue.java index c49dd83fd..805bceb3b 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/ServiceBehaviorCatalogue.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/ServiceBehaviorCatalogue.java @@ -40,6 +40,8 @@ public class ServiceBehaviorCatalogue { private ApplicationRolesServiceBehavior applicationRolesServiceBehavior; + private ApplicationConfigServiceBehavior applicationConfigServiceBehavior; + private AuditingServiceBehavior auditingServiceBehavior; private OnlineSignatureServiceBehavior onlineSignatureServiceBehavior; @@ -91,6 +93,11 @@ public void setApplicationRolesServiceBehavior(@Lazy ApplicationRolesServiceBeha this.applicationRolesServiceBehavior = applicationRolesServiceBehavior; } + @Autowired + public void setApplicationConfigServiceBehavior(@Lazy ApplicationConfigServiceBehavior applicationConfigServiceBehavior) { + this.applicationConfigServiceBehavior = applicationConfigServiceBehavior; + } + @Autowired public void setAuditingServiceBehavior(@Lazy AuditingServiceBehavior auditingServiceBehavior) { this.auditingServiceBehavior = auditingServiceBehavior; @@ -177,6 +184,10 @@ public ApplicationRolesServiceBehavior getApplicationRolesServiceBehavior() { return applicationRolesServiceBehavior; } + public ApplicationConfigServiceBehavior getApplicationConfigServiceBehavior() { + return applicationConfigServiceBehavior; + } + public ActivationHistoryServiceBehavior getActivationHistoryServiceBehavior() { return activationHistoryServiceBehavior; } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationFlagsServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationFlagsServiceBehavior.java index fb75de870..2d83bf22e 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationFlagsServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationFlagsServiceBehavior.java @@ -44,7 +44,7 @@ * * @author Roman Strobl, roman.strobl@wultra.com */ -@Component("activationFlagsServiceBehavior") +@Component public class ActivationFlagsServiceBehavior { private static final Logger logger = LoggerFactory.getLogger(ActivationFlagsServiceBehavior.class); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java index 9b1791912..5e911e023 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ActivationServiceBehavior.java @@ -91,7 +91,7 @@ * * @author Petr Dvorak, petr@wultra.com */ -@Component("activationServiceBehavior") +@Component public class ActivationServiceBehavior { /** diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationConfigServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationConfigServiceBehavior.java new file mode 100644 index 000000000..47b430f42 --- /dev/null +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationConfigServiceBehavior.java @@ -0,0 +1,190 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package io.getlime.security.powerauth.app.server.service.behavior.tasks; + +import com.wultra.security.powerauth.client.model.entity.ApplicationConfigurationItem; +import com.wultra.security.powerauth.client.model.request.CreateApplicationConfigRequest; +import com.wultra.security.powerauth.client.model.request.GetApplicationConfigRequest; +import com.wultra.security.powerauth.client.model.request.RemoveApplicationConfigRequest; +import com.wultra.security.powerauth.client.model.response.*; +import io.getlime.core.rest.model.base.response.Response; +import io.getlime.security.powerauth.app.server.database.RepositoryCatalogue; +import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationConfigEntity; +import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationEntity; +import io.getlime.security.powerauth.app.server.database.repository.ApplicationConfigRepository; +import io.getlime.security.powerauth.app.server.database.repository.ApplicationRepository; +import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException; +import io.getlime.security.powerauth.app.server.service.i18n.LocalizationProvider; +import io.getlime.security.powerauth.app.server.service.model.ServiceError; +import lombok.extern.slf4j.Slf4j; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import java.util.ArrayList; +import java.util.List; +import java.util.Optional; + +import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_AAGUIDS; +import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_ATTESTATION_FMT; + +/** + * Behavior class implementing management of application configuration. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Component +@Slf4j +public class ApplicationConfigServiceBehavior { + + private final RepositoryCatalogue repositoryCatalogue; + private final LocalizationProvider localizationProvider; + + /** + * Behaviour class constructor. + * @param repositoryCatalogue Repository catalogue. + * @param localizationProvider Localization provider. + */ + @Autowired + public ApplicationConfigServiceBehavior(final RepositoryCatalogue repositoryCatalogue, final LocalizationProvider localizationProvider) { + this.repositoryCatalogue = repositoryCatalogue; + this.localizationProvider = localizationProvider; + } + + /** + * Get application configuration. + * @param request Request for obtaining an application configuration. + * @return Get application configuration response. + * @throws GenericServiceException In case of a business logic error. + */ + public GetApplicationConfigResponse getApplicationConfig(final GetApplicationConfigRequest request) throws GenericServiceException { + final String applicationId = request.getApplicationId(); + if (applicationId == null) { + logger.warn("Invalid application ID in getApplicationConfig"); + // Rollback is not required, error occurs before writing to database + throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST); + } + final List applicationConfigs = repositoryCatalogue.getApplicationConfigRepository().findByApplicationId(applicationId); + final GetApplicationConfigResponse response = new GetApplicationConfigResponse(); + response.setApplicationId(applicationId); + final List responseConfigs = new ArrayList<>(); + applicationConfigs.forEach(config -> { + final ApplicationConfigurationItem item = new ApplicationConfigurationItem(); + item.setKey(config.getKey()); + item.setValues(config.getValues()); + responseConfigs.add(item); + }); + response.setApplicationConfigs(responseConfigs); + return response; + } + + /** + * Create an application configuration. + * @param request Request for creating application configuration + * @return Create application configuration response. + * @throws GenericServiceException In case of a business logic error. + */ + public CreateApplicationConfigResponse createApplicationConfig(final CreateApplicationConfigRequest request) throws GenericServiceException { + final String applicationId = request.getApplicationId(); + final String key = request.getKey(); + final List values = request.getValues(); + if (applicationId == null) { + logger.warn("Invalid application ID in createApplicationConfig"); + // Rollback is not required, error occurs before writing to database + throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST); + } + validateConfigKey(key); + final ApplicationRepository appRepository = repositoryCatalogue.getApplicationRepository(); + final Optional appOptional = appRepository.findById(applicationId); + if (appOptional.isEmpty()) { + logger.info("Application not found, application ID: {}", applicationId); + // Rollback is not required, error occurs before writing to database + throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_APPLICATION); + } + final ApplicationEntity appEntity = appOptional.get(); + final ApplicationConfigRepository configRepository = repositoryCatalogue.getApplicationConfigRepository(); + final List configs = configRepository.findByApplicationId(applicationId); + final Optional matchedConfig = configs.stream() + .filter(config -> config.getKey().equals(key)) + .findFirst(); + matchedConfig.ifPresentOrElse(config -> { + config.setValues(values); + configRepository.save(config); + }, () -> { + final ApplicationConfigEntity config = new ApplicationConfigEntity(); + config.setApplication(appEntity); + config.setKey(key); + config.setValues(values); + configRepository.save(config); + }); + final CreateApplicationConfigResponse response = new CreateApplicationConfigResponse(); + response.setApplicationId(applicationId); + response.setKey(key); + response.setValues(values); + return response; + } + + /** + * Delete an application configuration. + * @param request Remove application config request. + * @return Response. + * @throws GenericServiceException In case of a business logic error. + */ + public Response removeApplicationConfig(final RemoveApplicationConfigRequest request) throws GenericServiceException { + final String applicationId = request.getApplicationId(); + final String key = request.getKey(); + if (applicationId == null) { + logger.warn("Invalid application ID in deleteApplicationConfig"); + // Rollback is not required, error occurs before writing to database + throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST); + } + validateConfigKey(key); + final ApplicationRepository appRepository = repositoryCatalogue.getApplicationRepository(); + final Optional appOptional = appRepository.findById(applicationId); + if (appOptional.isEmpty()) { + logger.info("Application not found, application ID: {}", applicationId); + // Rollback is not required, error occurs before writing to database + throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_APPLICATION); + } + final ApplicationConfigRepository configRepository = repositoryCatalogue.getApplicationConfigRepository(); + final List configs = configRepository.findByApplicationId(applicationId); + configs.stream().filter(config -> config.getKey().equals(key)).forEach(configRepository::delete); + return new Response(); + } + + /** + * Validate that the configuration key is valid. + * @param key Configuration key. + * @throws GenericServiceException Thrown in case configuration key is invalid. + */ + private void validateConfigKey(String key) throws GenericServiceException { + if (key == null) { + logger.warn("Missing configuration key in FIDO2 request"); + // Rollback is not required, error occurs before writing to database + throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST); + } + if (!CONFIG_KEY_ALLOWED_ATTESTATION_FMT.equals(key) + && !CONFIG_KEY_ALLOWED_AAGUIDS.equals(key)) { + logger.warn("Unknown configuration key in FIDO2 request: {}", key); + // Rollback is not required, error occurs before writing to database + throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST); + } + } + +} diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationRolesServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationRolesServiceBehavior.java index c4d9898c3..74aa921cc 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationRolesServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationRolesServiceBehavior.java @@ -42,7 +42,7 @@ * * @author Roman Strobl, roman.strobl@wultra.com */ -@Component("applicationRolesServiceBehavior") +@Component public class ApplicationRolesServiceBehavior { private static final Logger logger = LoggerFactory.getLogger(ApplicationRolesServiceBehavior.class); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/TokenBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/TokenBehavior.java index 601b928e1..5fa2d0a4e 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/TokenBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/TokenBehavior.java @@ -75,7 +75,7 @@ * * @author Petr Dvorak, petr@wultra.com */ -@Component("tokenBehavior") +@Component public class TokenBehavior { private final RepositoryCatalogue repositoryCatalogue; diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/VaultUnlockServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/VaultUnlockServiceBehavior.java index 902ca1d34..3539dcff7 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/VaultUnlockServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/VaultUnlockServiceBehavior.java @@ -77,7 +77,7 @@ * * @author Roman Strobl, roman.strobl@wultra.com */ -@Component("vaultUnlockServiceBehavior") +@Component public class VaultUnlockServiceBehavior { private final RepositoryCatalogue repositoryCatalogue; diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java index 3b16f7c94..820022630 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java @@ -21,14 +21,18 @@ import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; import com.wultra.powerauth.fido2.service.provider.RegistrationProvider; +import com.wultra.security.powerauth.client.model.entity.ApplicationConfigurationItem; import com.wultra.security.powerauth.client.model.enumeration.ActivationOtpValidation; import com.wultra.security.powerauth.client.model.enumeration.Protocols; +import com.wultra.security.powerauth.client.model.request.GetApplicationConfigRequest; +import com.wultra.security.powerauth.client.model.response.GetApplicationConfigResponse; import com.wultra.security.powerauth.client.model.response.InitActivationResponse; import io.getlime.security.powerauth.app.server.database.RepositoryCatalogue; import io.getlime.security.powerauth.app.server.database.model.entity.ActivationRecordEntity; import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationEntity; import io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus; import io.getlime.security.powerauth.app.server.service.behavior.ServiceBehaviorCatalogue; +import io.getlime.security.powerauth.app.server.service.behavior.tasks.ApplicationConfigServiceBehavior; import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException; import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor; import lombok.extern.slf4j.Slf4j; @@ -36,10 +40,14 @@ import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import java.nio.charset.StandardCharsets; import java.util.Date; import java.util.List; import java.util.Optional; +import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_AAGUIDS; +import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_ATTESTATION_FMT; + /** * Challenge provider based on the PowerAuth core implementations. * @@ -141,4 +149,40 @@ public void revokeRegistrationByChallengeValue(String applicationId, String chal } } + + @Override + @Transactional(readOnly = true) + public boolean registrationAllowed(String applicationId, String attestationFormat, byte[] aaguid) throws Exception { + final ApplicationConfigServiceBehavior configService = serviceBehaviorCatalogue.getApplicationConfigServiceBehavior(); + final GetApplicationConfigRequest configRequest = new GetApplicationConfigRequest(); + configRequest.setApplicationId(applicationId); + final GetApplicationConfigResponse configResponse = configService.getApplicationConfig(configRequest); + final String aaguidStr = new String(aaguid, StandardCharsets.UTF_8); + Optional configFmt = configResponse.getApplicationConfigs().stream() + .filter(cfg -> CONFIG_KEY_ALLOWED_ATTESTATION_FMT.equals(cfg.getKey())) + .findFirst(); + + if (configFmt.isPresent()) { + List allowedFmts = configFmt.get().getValues(); + if (!allowedFmts.contains(attestationFormat)) { + logger.warn("Rejected attestation format for FIDO2 registration: {}", attestationFormat); + return false; + } + } + + Optional configAaguids = configResponse.getApplicationConfigs().stream() + .filter(cfg -> CONFIG_KEY_ALLOWED_AAGUIDS.equals(cfg.getKey())) + .findFirst(); + + if (configAaguids.isPresent()) { + System.out.println(aaguidStr); + List allowedAaguids = configAaguids.get().getValues(); + if (!allowedAaguids.contains(aaguidStr)) { + logger.warn("Rejected AAGUID value for FIDO2 registration: {}", aaguidStr); + return false; + } + } + + return true; + } } diff --git a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java index 991a41d14..8c7a9b9ce 100644 --- a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java +++ b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java @@ -47,9 +47,7 @@ import com.wultra.powerauth.fido2.service.RegistrationService; import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; import com.wultra.security.powerauth.client.model.enumeration.SignatureType; -import com.wultra.security.powerauth.client.model.request.CreateApplicationRequest; -import com.wultra.security.powerauth.client.model.request.GetActivationStatusRequest; -import com.wultra.security.powerauth.client.model.request.OperationTemplateCreateRequest; +import com.wultra.security.powerauth.client.model.request.*; import com.wultra.security.powerauth.client.model.response.OperationTemplateDetailResponse; import io.getlime.security.powerauth.app.server.Application; import io.getlime.security.powerauth.app.server.service.PowerAuthService; @@ -64,6 +62,8 @@ import java.util.*; import java.util.stream.Collectors; +import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_AAGUIDS; +import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_ATTESTATION_FMT; import static org.junit.jupiter.api.Assertions.*; /** @@ -103,7 +103,7 @@ public Fido2AuthenticatorTest(PowerAuthService powerAuthService, RegistrationSer } @Test - void packedAuthenticatorSuccessTest() throws Exception { + void packedAuthenticatorSuccessTest() throws Exception { registerCredential(); authenticate(); } @@ -271,6 +271,120 @@ public void packedAuthenticatorInvalidSignatureTest() throws Exception { assertThrows(Fido2AuthenticationFailedException.class, () -> assertionService.authenticate(authRequest)); } + @Test + void packedAuthenticatorUnsupportedAaguidTest() throws Exception { + // Configure server not to allow any AAGUIDs + final CreateApplicationConfigRequest requestCreate = new CreateApplicationConfigRequest(); + requestCreate.setApplicationId(APPLICATION_ID); + requestCreate.setKey(CONFIG_KEY_ALLOWED_AAGUIDS); + requestCreate.setValues(Collections.emptyList()); + powerAuthService.createApplicationConfig(requestCreate); + + // Registration should fail + assertThrows(Fido2AuthenticationFailedException.class, this::registerCredential); + + // Remove configuration + final RemoveApplicationConfigRequest requestRemove = new RemoveApplicationConfigRequest(); + requestRemove.setApplicationId(APPLICATION_ID); + requestRemove.setKey(CONFIG_KEY_ALLOWED_AAGUIDS); + powerAuthService.removeApplicationConfig(requestRemove); + } + + @Test + void packedAuthenticatorInvalidAaguidTest() throws Exception { + // Configure server not to allow only one AAGUID which differs from registreation request AAGUID + final CreateApplicationConfigRequest requestCreate = new CreateApplicationConfigRequest(); + requestCreate.setApplicationId(APPLICATION_ID); + requestCreate.setKey(CONFIG_KEY_ALLOWED_AAGUIDS); + requestCreate.setValues(List.of("\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001")); + powerAuthService.createApplicationConfig(requestCreate); + + // Registration should fail + assertThrows(Fido2AuthenticationFailedException.class, this::registerCredential); + + // Remove configuration + final RemoveApplicationConfigRequest requestRemove = new RemoveApplicationConfigRequest(); + requestRemove.setApplicationId(APPLICATION_ID); + requestRemove.setKey(CONFIG_KEY_ALLOWED_AAGUIDS); + powerAuthService.removeApplicationConfig(requestRemove); + } + + @Test + void packedAuthenticatorValidAaguidTest() throws Exception { + // Configure server not to allow valid AAGUID only + final CreateApplicationConfigRequest requestCreate = new CreateApplicationConfigRequest(); + requestCreate.setApplicationId(APPLICATION_ID); + requestCreate.setKey(CONFIG_KEY_ALLOWED_AAGUIDS); + requestCreate.setValues(List.of("\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000")); + powerAuthService.createApplicationConfig(requestCreate); + + // Registration should succeed + registerCredential(); + + // Remove configuration + final RemoveApplicationConfigRequest requestRemove = new RemoveApplicationConfigRequest(); + requestRemove.setApplicationId(APPLICATION_ID); + requestRemove.setKey(CONFIG_KEY_ALLOWED_AAGUIDS); + powerAuthService.removeApplicationConfig(requestRemove); + } + + @Test + void packedAuthenticatorUnsupportedAttestationFormatTest() throws Exception { + // Configure server not to allow any attestation formats + final CreateApplicationConfigRequest requestCreate = new CreateApplicationConfigRequest(); + requestCreate.setApplicationId(APPLICATION_ID); + requestCreate.setKey(CONFIG_KEY_ALLOWED_ATTESTATION_FMT); + requestCreate.setValues(Collections.emptyList()); + powerAuthService.createApplicationConfig(requestCreate); + + // Registration should fail + assertThrows(Fido2AuthenticationFailedException.class, this::registerCredential); + + // Remove configuration + final RemoveApplicationConfigRequest requestRemove = new RemoveApplicationConfigRequest(); + requestRemove.setApplicationId(APPLICATION_ID); + requestRemove.setKey(CONFIG_KEY_ALLOWED_ATTESTATION_FMT); + powerAuthService.removeApplicationConfig(requestRemove); + } + + @Test + void packedAuthenticatorInvalidAttestationFormatTest() throws Exception { + // Configure server not to allow only an attestation format which differs from request attestation format + final CreateApplicationConfigRequest requestCreate = new CreateApplicationConfigRequest(); + requestCreate.setApplicationId(APPLICATION_ID); + requestCreate.setKey(CONFIG_KEY_ALLOWED_ATTESTATION_FMT); + requestCreate.setValues(List.of("none")); + powerAuthService.createApplicationConfig(requestCreate); + + // Registration should fail + assertThrows(Fido2AuthenticationFailedException.class, this::registerCredential); + + // Remove configuration + final RemoveApplicationConfigRequest requestRemove = new RemoveApplicationConfigRequest(); + requestRemove.setApplicationId(APPLICATION_ID); + requestRemove.setKey(CONFIG_KEY_ALLOWED_ATTESTATION_FMT); + powerAuthService.removeApplicationConfig(requestRemove); + } + + @Test + void packedAuthenticatorValidAttestationFormatTest() throws Exception { + // Configure server not to allow only an attestation format which matches request attestation format + final CreateApplicationConfigRequest requestCreate = new CreateApplicationConfigRequest(); + requestCreate.setApplicationId(APPLICATION_ID); + requestCreate.setKey(CONFIG_KEY_ALLOWED_ATTESTATION_FMT); + requestCreate.setValues(List.of("packed")); + powerAuthService.createApplicationConfig(requestCreate); + + // Registration should succeed + registerCredential(); + + // Remove configuration + final RemoveApplicationConfigRequest requestRemove = new RemoveApplicationConfigRequest(); + requestRemove.setApplicationId(APPLICATION_ID); + requestRemove.setKey(CONFIG_KEY_ALLOWED_ATTESTATION_FMT); + powerAuthService.removeApplicationConfig(requestRemove); + } + private void createApplication() throws Exception { // Search if application for FIDO2 tests exists final boolean applicationFound = powerAuthService.getApplicationList().getApplications().stream() @@ -458,4 +572,5 @@ private boolean isFlagOn(byte flags, int position) throws IOException { } return ((flags >> position) & 1) == 1; } + } diff --git a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthRestClient.java b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthRestClient.java index 06435d2fd..ff8b184c0 100644 --- a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthRestClient.java +++ b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthRestClient.java @@ -1477,4 +1477,58 @@ public TelemetryReportResponse requestTelemetryReport(TelemetryReportRequest req return callV3RestApi("/telemetry/report", request, queryParams, httpHeaders, TelemetryReportResponse.class); } + @Override + public CreateApplicationConfigResponse createApplicationConfig(CreateApplicationConfigRequest request) throws PowerAuthClientException { + return createApplicationConfig(request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP); + } + + @Override + public CreateApplicationConfigResponse createApplicationConfig(CreateApplicationConfigRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException { + return callV3RestApi("/application/config/create", request, queryParams, httpHeaders, CreateApplicationConfigResponse.class); + } + + @Override + public CreateApplicationConfigResponse createApplicationConfig(String applicationId, String key, List values) throws PowerAuthClientException { + final CreateApplicationConfigRequest request = new CreateApplicationConfigRequest(); + request.setApplicationId(applicationId); + request.setKey(key); + request.setValues(values); + return createApplicationConfig(request); + } + + @Override + public Response removeApplicationConfig(RemoveApplicationConfigRequest request) throws PowerAuthClientException { + return removeApplicationConfig(request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP); + } + + @Override + public Response removeApplicationConfig(RemoveApplicationConfigRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException { + return callV3RestApi("/application/config/remove", request, queryParams, httpHeaders, Response.class); + } + + @Override + public Response removeApplicationConfig(String applicationId, String key) throws PowerAuthClientException { + final RemoveApplicationConfigRequest request = new RemoveApplicationConfigRequest(); + request.setApplicationId(applicationId); + request.setKey(key); + return removeApplicationConfig(request); + } + + @Override + public GetApplicationConfigResponse getApplicationConfig(GetApplicationConfigRequest request) throws PowerAuthClientException { + return getApplicationConfig(request, EMPTY_MULTI_MAP, EMPTY_MULTI_MAP); + } + + @Override + public GetApplicationConfigResponse getApplicationConfig(GetApplicationConfigRequest request, MultiValueMap queryParams, MultiValueMap httpHeaders) throws PowerAuthClientException { + return callV3RestApi("/application/config/detail", request, queryParams, httpHeaders, GetApplicationConfigResponse.class); + } + + @Override + public GetApplicationConfigResponse getApplicationConfig(String applicationId) throws PowerAuthClientException { + final GetApplicationConfigRequest request = new GetApplicationConfigRequest(); + request.setApplicationId(applicationId); + return getApplicationConfig(request); + } + } From a9bec0228255e1abae14c498ceee123bc3f73a8b Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Wed, 21 Feb 2024 18:55:21 +0800 Subject: [PATCH 079/146] Fix #1311: FIDO2: Improve format of extras stored for FIDO2 --- .../fido2/rest/model/converter/RegistrationConverter.java | 1 + 1 file changed, 1 insertion(+) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index 8407f2484..4f2e5883c 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -112,6 +112,7 @@ private Map convertExtras(RegistrationRequest requestObject) thr params.put("topOrigin", authenticatorParameters.getResponse().getClientDataJSON().getTopOrigin()); params.put("isCrossOrigin", authenticatorParameters.getResponse().getClientDataJSON().isCrossOrigin()); params.put("aaguid", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getAaguid()); + params.put("transports", authenticatorParameters.getResponse().getTransports()); return params; } From 3cd088e5d3d3a5aecc19e9771ba7b0ac2eba34ca Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Wed, 21 Feb 2024 19:38:34 +0800 Subject: [PATCH 080/146] Fix #1312: FIDO2: Add additionalData for FIDO2 operations --- .../fido2/PowerAuthAssertionProvider.java | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index ea47bcf84..0410e98f6 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -47,6 +47,7 @@ import org.springframework.transaction.annotation.Transactional; import java.util.Date; +import java.util.LinkedHashMap; import java.util.List; import java.util.Map; @@ -60,6 +61,10 @@ public class PowerAuthAssertionProvider implements AssertionProvider { private static final String AUDIT_TYPE_FIDO2 = "fido2"; + private static final String ATTR_ACTIVATION_ID = "activationId"; + private static final String ATTR_APPLICATION_ID = "applicationId"; + private static final String ATTR_AUTH_FACTOR = "authFactor"; + private final ServiceBehaviorCatalogue serviceBehaviorCatalogue; private final RepositoryCatalogue repositoryCatalogue; private final AuditingServiceBehavior audit; @@ -107,7 +112,7 @@ public AssertionChallenge approveAssertion(String challengeValue, AuthenticatorD operationApproveRequest.setApplicationId(authenticatorDetail.getApplicationId()); operationApproveRequest.setUserId(authenticatorDetail.getUserId()); operationApproveRequest.setSignatureType(SignatureType.POSSESSION_KNOWLEDGE); //TODO: Use correct type - //operationApproveRequest.getAdditionalData(); // TODO: Use context data from request + operationApproveRequest.getAdditionalData().putAll(prepareAdditionalData(authenticatorDetail, operationApproveRequest.getSignatureType())); final OperationUserActionResponse approveOperation = serviceBehaviorCatalogue.getOperationBehavior().attemptApproveOperation(operationApproveRequest); final UserActionResult result = approveOperation.getResult(); final OperationDetailResponse operation = approveOperation.getOperation(); @@ -140,7 +145,7 @@ public AssertionChallenge failAssertion(String challengeValue, AuthenticatorDeta final OperationFailApprovalRequest operationFailApprovalRequest = new OperationFailApprovalRequest(); operationFailApprovalRequest.setOperationId(operationId); - //operationApproveRequest.getAdditionalData(); // TODO: Use context data from request + operationFailApprovalRequest.getAdditionalData().putAll(prepareAdditionalData(authenticatorDetail, SignatureType.POSSESSION_KNOWLEDGE)); final ActivationRecordEntity activationWithLock = repositoryCatalogue.getActivationRepository().findActivationWithLock(authenticatorDetail.getActivationId()); @@ -222,6 +227,20 @@ private void handleInvalidSignatureImpl(ActivationRecordEntity activation, Signa } } + /** + * Prepare map with additional data stored with the operation. + * @param authenticatorDetail Authenticator detail. + * @param signatureType Used signature type. + * @return Additional data map. + */ + private Map prepareAdditionalData(final AuthenticatorDetail authenticatorDetail, final SignatureType signatureType) { + final Map additionalData = new LinkedHashMap<>(); + additionalData.put(ATTR_ACTIVATION_ID, authenticatorDetail.getActivationId()); + additionalData.put(ATTR_APPLICATION_ID, authenticatorDetail.getApplicationId()); + additionalData.put(ATTR_AUTH_FACTOR, signatureType); + return additionalData; + } + /** * Handle operation status. * From e3971c6c801b5d3dca9187ff78733807d69daf7a Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Thu, 22 Feb 2024 09:59:22 +0100 Subject: [PATCH 081/146] Fix #1322: Update Wultra dependencies --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index eb8843bc3..e7faad1b7 100644 --- a/pom.xml +++ b/pom.xml @@ -85,8 +85,8 @@ 4.1.0 - 1.7.0-SNAPSHOT - 1.9.0-SNAPSHOT + 1.7.0 + 1.9.0 1.77 From e0779cd3d326b880773b9c0ae2800ee0e2c9ee6b Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Thu, 22 Feb 2024 10:07:39 +0100 Subject: [PATCH 082/146] Fix #1320: Set release version to 1.7.0 --- pom.xml | 2 +- powerauth-admin/pom.xml | 2 +- powerauth-client-model/pom.xml | 2 +- powerauth-fido2/pom.xml | 2 +- powerauth-java-server/pom.xml | 2 +- powerauth-rest-client-spring/pom.xml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index eb8843bc3..992c3f207 100644 --- a/pom.xml +++ b/pom.xml @@ -26,7 +26,7 @@ io.getlime.security powerauth-server-parent - 1.7.0-SNAPSHOT + 1.7.0 pom diff --git a/powerauth-admin/pom.xml b/powerauth-admin/pom.xml index 3f144a415..ab13d163f 100644 --- a/powerauth-admin/pom.xml +++ b/powerauth-admin/pom.xml @@ -11,7 +11,7 @@ io.getlime.security powerauth-server-parent - 1.7.0-SNAPSHOT + 1.7.0 diff --git a/powerauth-client-model/pom.xml b/powerauth-client-model/pom.xml index 17d80aa9b..b61296445 100644 --- a/powerauth-client-model/pom.xml +++ b/powerauth-client-model/pom.xml @@ -28,7 +28,7 @@ io.getlime.security powerauth-server-parent - 1.7.0-SNAPSHOT + 1.7.0 diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml index 139030213..3742d0fe4 100644 --- a/powerauth-fido2/pom.xml +++ b/powerauth-fido2/pom.xml @@ -27,7 +27,7 @@ io.getlime.security powerauth-server-parent - 1.7.0-SNAPSHOT + 1.7.0 diff --git a/powerauth-java-server/pom.xml b/powerauth-java-server/pom.xml index 077458476..687b487ed 100644 --- a/powerauth-java-server/pom.xml +++ b/powerauth-java-server/pom.xml @@ -29,7 +29,7 @@ io.getlime.security powerauth-server-parent - 1.7.0-SNAPSHOT + 1.7.0 diff --git a/powerauth-rest-client-spring/pom.xml b/powerauth-rest-client-spring/pom.xml index 31302c4f4..26d8bdc78 100644 --- a/powerauth-rest-client-spring/pom.xml +++ b/powerauth-rest-client-spring/pom.xml @@ -28,7 +28,7 @@ io.getlime.security powerauth-server-parent - 1.7.0-SNAPSHOT + 1.7.0 From 8b8442aa16cfbeb367382b8526b9e8357d3e13c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Ra=C4=8Dansk=C3=BD?= Date: Thu, 22 Feb 2024 10:58:14 +0100 Subject: [PATCH 083/146] Fix #1308: Operation list fails on Oracle (#1317) * Fix #1308: Operation list fails on Oracle --- .../repository/OperationRepository.java | 47 +++++++++++-------- .../repository/OperationRepositoryTest.java | 24 +++++----- .../repository/OperationRepositoryTest.sql | 17 ++++--- 3 files changed, 50 insertions(+), 38 deletions(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/OperationRepository.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/OperationRepository.java index 4339dd57a..fac985f5a 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/OperationRepository.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/OperationRepository.java @@ -36,6 +36,7 @@ * Database repository for the operations. * * @author Petr Dvorak, petr@wultra.com + * @implSpec Oracle does not support {@code DISTINCT} on {@code CLOB} so subselects have to be used. */ @Repository public interface OperationRepository extends CrudRepository { @@ -48,32 +49,40 @@ public interface OperationRepository extends CrudRepository findOperation(String operationId); @Query(""" - SELECT DISTINCT o FROM OperationEntity o INNER JOIN o.applications a - WHERE o.userId = :userId - AND a.id in :applicationIds - AND (:activationId IS NULL OR o.activationId IS NULL OR o.activationId = :activationId) - AND (:activationFlags IS NULL OR o.activationFlag IS NULL OR o.activationFlag IN :activationFlags) - ORDER BY o.timestampCreated DESC - """) + SELECT o FROM OperationEntity o WHERE o.id IN (SELECT o.id FROM OperationEntity o INNER JOIN o.applications a + WHERE o.userId = :userId + AND a.id in :applicationIds + AND (:activationId IS NULL OR o.activationId IS NULL OR o.activationId = :activationId) + AND (:activationFlags IS NULL OR o.activationFlag IS NULL OR o.activationFlag IN :activationFlags)) + ORDER BY o.timestampCreated DESC + """) Stream findAllOperationsForUser(String userId, List applicationIds, String activationId, List activationFlags, final Pageable pageable); @Query(""" - SELECT DISTINCT o FROM OperationEntity o INNER JOIN o.applications a - WHERE o.userId = :userId - AND a.id IN :applicationIds - AND o.status = io.getlime.security.powerauth.app.server.database.model.enumeration.OperationStatusDo.PENDING - AND (:activationId IS NULL OR o.activationId IS NULL OR o.activationId = :activationId) - AND (:activationFlags IS NULL OR o.activationFlag IS NULL OR o.activationFlag IN :activationFlags) - ORDER BY o.timestampCreated DESC - """) + SELECT o FROM OperationEntity o WHERE o.id IN (SELECT o.id FROM OperationEntity o INNER JOIN o.applications a + WHERE o.userId = :userId + AND a.id IN :applicationIds + AND o.status = io.getlime.security.powerauth.app.server.database.model.enumeration.OperationStatusDo.PENDING + AND (:activationId IS NULL OR o.activationId IS NULL OR o.activationId = :activationId) + AND (:activationFlags IS NULL OR o.activationFlag IS NULL OR o.activationFlag IN :activationFlags)) + ORDER BY o.timestampCreated DESC + """) Stream findPendingOperationsForUser(String userId, List applicationIds, String activationId, List activationFlags, final Pageable pageable); - @Query("SELECT DISTINCT o FROM OperationEntity o INNER JOIN o.applications a WHERE o.externalId = :externalId AND a.id IN :applicationIds ORDER BY o.timestampCreated DESC") + @Query(""" + SELECT o FROM OperationEntity o WHERE o.id IN (SELECT o.id FROM OperationEntity o INNER JOIN o.applications a + WHERE o.externalId = :externalId + AND a.id IN :applicationIds) + ORDER BY o.timestampCreated DESC + """) Stream findOperationsByExternalId(String externalId, List applicationIds, final Pageable pageable); - @Query("SELECT DISTINCT o FROM OperationEntity o " + - "WHERE o.timestampExpires < :timestamp AND o.status = io.getlime.security.powerauth.app.server.database.model.enumeration.OperationStatusDo.PENDING " + - "ORDER BY o.timestampCreated") + @Query(""" + SELECT o FROM OperationEntity o + WHERE o.timestampExpires < :timestamp + AND o.status = io.getlime.security.powerauth.app.server.database.model.enumeration.OperationStatusDo.PENDING + ORDER BY o.timestampCreated + """) Stream findExpiredPendingOperations(Date timestamp); } diff --git a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/database/repository/OperationRepositoryTest.java b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/database/repository/OperationRepositoryTest.java index 38c9e6f73..3e2226e37 100644 --- a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/database/repository/OperationRepositoryTest.java +++ b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/database/repository/OperationRepositoryTest.java @@ -45,11 +45,11 @@ @Sql class OperationRepositoryTest { - private static final String userId = "testUser"; - private static final List applicationIds = Arrays.asList("PA_Tests", "PA_Tests2"); - private static final String activationId1 = "e43a5dec-afea-4a10-a80b-b2183399f16b"; - private static final String activationId2 = "68c5ca56-b419-4653-949f-49061a4be886"; - private static final Pageable pageable = PageRequest.of(0, 10); + private static final String USER_ID = "testUser"; + private static final List APPLICATION_IDS = Arrays.asList("PA_Tests", "PA_Tests2", "PA_Tests3"); + private static final String ACTIVATION_ID1 = "e43a5dec-afea-4a10-a80b-b2183399f16b"; + private static final String ACTIVATION_ID2 = "68c5ca56-b419-4653-949f-49061a4be886"; + private static final Pageable PAGEABLE = PageRequest.of(0, 10); @Autowired private OperationRepository operationRepository; @@ -74,13 +74,13 @@ void testFindOperationById() { @Test void testFindOperationsWithActivationIdFilter() { final List operations1 = operationRepository. - findAllOperationsForUser(userId, applicationIds, activationId1, null, pageable).toList(); + findAllOperationsForUser(USER_ID, APPLICATION_IDS, ACTIVATION_ID1, null, PAGEABLE).toList(); assertNotNull(operations1); assertEquals(3, operations1.size()); final List operations2 = operationRepository. - findAllOperationsForUser(userId, applicationIds, activationId2, null, pageable).toList(); + findAllOperationsForUser(USER_ID, APPLICATION_IDS, ACTIVATION_ID2, null, PAGEABLE).toList(); assertNotNull(operations2); assertEquals(4, operations2.size()); @@ -92,23 +92,23 @@ void testFindOperationsWithActivationIdFilter() { */ @Test void testFindOperationsWithActivationFlagFilter() { - final List activationFlags1 = activationRepository.findActivationWithoutLock(activationId1).getFlags(); - final List activationFlags2 = activationRepository.findActivationWithoutLock(activationId2).getFlags(); + final List activationFlags1 = activationRepository.findActivationWithoutLock(ACTIVATION_ID1).getFlags(); + final List activationFlags2 = activationRepository.findActivationWithoutLock(ACTIVATION_ID2).getFlags(); final List nonExistingFlags = List.of("NOT_EXISTING"); final List operations1 = operationRepository. - findAllOperationsForUser(userId, applicationIds, null, activationFlags1, pageable).toList(); + findAllOperationsForUser(USER_ID, APPLICATION_IDS, null, activationFlags1, PAGEABLE).toList(); assertNotNull(operations1); assertEquals(6, operations1.size()); final List operations2 = operationRepository. - findAllOperationsForUser(userId, applicationIds, null, activationFlags2, pageable).toList(); + findAllOperationsForUser(USER_ID, APPLICATION_IDS, null, activationFlags2, PAGEABLE).toList(); assertNotNull(operations2); assertEquals(5, operations2.size()); final List operations3 = operationRepository. - findAllOperationsForUser(userId, applicationIds, null, nonExistingFlags, pageable).toList(); + findAllOperationsForUser(USER_ID, APPLICATION_IDS, null, nonExistingFlags, PAGEABLE).toList(); assertNotNull(operations3); assertEquals(2, operations3.size()); diff --git a/powerauth-java-server/src/test/resources/io/getlime/security/powerauth/app/server/database/repository/OperationRepositoryTest.sql b/powerauth-java-server/src/test/resources/io/getlime/security/powerauth/app/server/database/repository/OperationRepositoryTest.sql index a46787cfe..983c32631 100644 --- a/powerauth-java-server/src/test/resources/io/getlime/security/powerauth/app/server/database/repository/OperationRepositoryTest.sql +++ b/powerauth-java-server/src/test/resources/io/getlime/security/powerauth/app/server/database/repository/OperationRepositoryTest.sql @@ -1,8 +1,10 @@ INSERT INTO pa_application (id, name, roles) -VALUES (21, 'PA_Tests', '[ "ROLE3", "ROLE4" ]'); +VALUES (21, 'PA_Tests', '[ "ROLE3", "ROLE4" ]'), + (22, 'PA_Tests2', '[ "ROLE_ADMIN" ]'); INSERT INTO pa_master_keypair (id, application_id, master_key_private_base64, master_key_public_base64, name, timestamp_created) VALUES - (21, 21, 'KdcJHQAT/BBF+26uBGNhGC0GQ93ncTx7V6kusNA8AdE=', 'BP8ZZ0LjiwRCQPob3NFwF9pPDLhxCjnPNmENzayEeeGCiDdk0gl3UzUhYk9ntMg18LZdhpvYnprZ8mk/71WlQqo=', 'PA_Tests Default Keypair', '2022-06-07 09:13:27.599000'); + (21, 21, 'KdcJHQAT/BBF+26uBGNhGC0GQ93ncTx7V6kusNA8AdE=', 'BP8ZZ0LjiwRCQPob3NFwF9pPDLhxCjnPNmENzayEeeGCiDdk0gl3UzUhYk9ntMg18LZdhpvYnprZ8mk/71WlQqo=', 'PA_Tests Default Keypair', '2022-06-07 09:13:27.599000'), + (22, 22, 'ALMo+ZbnbelAs7oL5FsD8IocDC15nITu9+RO1xvfWFaY', 'BEr2c6ikVz6fQ2FL7SXcl1vxcksGB+/EbNbI1Ma7al/1jr455+b6f9dKhAupA3WIqcCRx6qpw9CoWdSVEbVZxzY=', 'PA_Tests2 Default Keypair', '2022-06-07 09:13:27.599000'); INSERT INTO pa_activation (activation_id, application_id, user_id, activation_name, activation_code, activation_status, activation_otp, activation_otp_validation, blocked_reason, counter, ctr_data, device_public_key_base64, extras, platform, device_info, flags, failed_attempts, max_failed_attempts, server_private_key_base64, server_private_key_encryption, server_public_key_base64, timestamp_activation_expire, timestamp_created, timestamp_last_used, timestamp_last_change, master_keypair_id, version) VALUES ('e43a5dec-afea-4a10-a80b-b2183399f16b', 21, 'testUser', 'test v4', 'PXSNR-E2B46-7TY3G-TMR2Q', 3, null, 0, null, 0, 'D5XibWWPCv+nOOfcdfnUGQ==', 'BF3Sc/vqg8Zk70Y8rbT45xzAIxblGoWgLqknCHuNj7f6QFBNi2UnLbG7yMqf2eWShhyBJdu9zqx7DG2qzlqhbBE=', null, 'unknown', 'backend-tests', '[ "test-flag1", "test-flag2", "test-flag3" ]', 0, 1, 'PUz/He8+RFoOPS1NG6Gw3TDXIQ/DnS1skNBOQWzXX60=', 0, 'BPHJ4N90NUuLDq92FJUPcaKZOMad1KH2HrwQEN9DB5ST5fiJU4baYF1VlK1JHglnnN1miL3/Qb6IyW3YSMBySYM=', '2023-04-03 14:04:06.015000', '2023-04-03 13:59:06.015000', '2023-04-03 13:59:16.293000', '2023-04-03 13:59:16.343000', 21, 3); @@ -30,8 +32,9 @@ VALUES ('2067b5d1-1c50-43eb-99df-847830e4807a', 'testUser', null, null, 'login', insert into pa_operation_application (application_id, operation_id) VALUES (21, '0f038bac-6c94-45eb-b3a9-f92e809e8ea4'), - (21, '70702b41-7b5a-4a6d-9bc2-e99949c2df53'), - (21, 'f451bcb7-9d76-42d6-97a6-76a9ecaf25813'), - (21, 'b6e41a83-6357-4670-ac4c-1f7dcaf2aa9e'), - (21, 'e708e33e-e1cb-48e2-9b51-521a3d205330'), - (21, '2067b5d1-1c50-43eb-99df-847830e4807a'); \ No newline at end of file + (21, '70702b41-7b5a-4a6d-9bc2-e99949c2df53'), + (21, 'f451bcb7-9d76-42d6-97a6-76a9ecaf25813'), + (21, 'b6e41a83-6357-4670-ac4c-1f7dcaf2aa9e'), + (21, 'e708e33e-e1cb-48e2-9b51-521a3d205330'), + (21, '2067b5d1-1c50-43eb-99df-847830e4807a'), + (22, '0f038bac-6c94-45eb-b3a9-f92e809e8ea4'); \ No newline at end of file From 27792c34a5ee626f692cada7ff455bae101e44c5 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Thu, 22 Feb 2024 11:11:56 +0100 Subject: [PATCH 084/146] Fix #1330: Add liquibase tag 1.7.0 --- .../1.7.x/20240222-add-tag-1.7.0.xml | 10 ++++++++++ .../1.7.x/db.changelog-version.xml | 1 + 2 files changed, 11 insertions(+) create mode 100644 docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240222-add-tag-1.7.0.xml diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240222-add-tag-1.7.0.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240222-add-tag-1.7.0.xml new file mode 100644 index 000000000..ddc21c862 --- /dev/null +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240222-add-tag-1.7.0.xml @@ -0,0 +1,10 @@ + + + + + + + + diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml index 0838ac2b2..219d5fbdb 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml @@ -5,5 +5,6 @@ + From 38ea2d116516c596d99449f8415b960809ac82a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 23 Feb 2024 05:59:48 +0000 Subject: [PATCH 085/146] Bump org.springframework.boot:spring-boot-starter-parent Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.2.2...v3.2.3) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index eb8843bc3..5af74d3d5 100644 --- a/pom.xml +++ b/pom.xml @@ -32,7 +32,7 @@ org.springframework.boot spring-boot-starter-parent - 3.2.2 + 3.2.3 From 403ccd9ce1ea5c85f7c81f85fa5e66a6aa1d541b Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Fri, 23 Feb 2024 15:35:34 +0800 Subject: [PATCH 086/146] Fix #1337: Missing NOT NULL constraint in migration guide --- docs/Database-Structure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Database-Structure.md b/docs/Database-Structure.md index ad1f8d9a8..5654bf88b 100644 --- a/docs/Database-Structure.md +++ b/docs/Database-Structure.md @@ -98,7 +98,7 @@ CREATE TABLE pa_application_config ( id INTEGER NOT NULL PRIMARY KEY, application_id INTEGER NOT NULL, - config_key VARCHAR(255), + config_key VARCHAR(255) NOT NULL, config_values TEXT ); ``` From ce86fcf56acbaba32da96a023e0b2a071a1ef393 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 01:22:33 +0000 Subject: [PATCH 087/146] Bump nl.jqno.equalsverifier:equalsverifier from 3.15.6 to 3.15.7 Bumps [nl.jqno.equalsverifier:equalsverifier](https://github.com/jqno/equalsverifier) from 3.15.6 to 3.15.7. - [Release notes](https://github.com/jqno/equalsverifier/releases) - [Changelog](https://github.com/jqno/equalsverifier/blob/main/CHANGELOG.md) - [Commits](https://github.com/jqno/equalsverifier/compare/equalsverifier-3.15.6...equalsverifier-3.15.7) --- updated-dependencies: - dependency-name: nl.jqno.equalsverifier:equalsverifier dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 5af74d3d5..89bc66961 100644 --- a/pom.xml +++ b/pom.xml @@ -102,7 +102,7 @@ 1.11.0 7.4 - 3.15.6 + 3.15.7 3.5.3 From a0f632f267177ba89d19368da8fb62dfc017ae0c Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Mon, 26 Feb 2024 07:37:36 +0100 Subject: [PATCH 088/146] Fix #1341: Coverity: Useless call --- .../powerauth/rest/client/PowerAuthFido2RestClient.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java index 3fda9e846..558bc7f2b 100644 --- a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java +++ b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java @@ -30,7 +30,6 @@ import com.wultra.security.powerauth.client.model.error.PowerAuthClientException; import com.wultra.security.powerauth.client.model.error.PowerAuthError; import com.wultra.security.powerauth.client.model.request.fido2.*; -import com.wultra.security.powerauth.client.model.response.InitActivationResponse; import com.wultra.security.powerauth.client.model.response.fido2.*; import io.getlime.core.rest.model.base.request.ObjectRequest; import io.getlime.core.rest.model.base.response.ObjectResponse; @@ -84,7 +83,6 @@ public PowerAuthFido2RestClient(String baseUrl, PowerAuthRestClientConfiguration if (config.getProxyUsername() != null) { proxyBuilder.username(config.getProxyUsername()).password(config.getProxyPassword()); } - proxyBuilder.build(); } if (config.getPowerAuthClientToken() != null) { builder.httpBasicAuth().username(config.getPowerAuthClientToken()).password(config.getPowerAuthClientSecret()).build(); From 9782d548fd323ea850a5c8b35b579deee1affbbc Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Mon, 26 Feb 2024 07:53:18 +0100 Subject: [PATCH 089/146] Fix #1343: Coverity: Dereference null return value --- .../serialization/AttestationStatementDeserializer.java | 4 ++++ .../serialization/AuthenticatorDataDeserializer.java | 6 ++++++ 2 files changed, 10 insertions(+) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java index d2a0b2c4a..b99b6392b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java @@ -70,6 +70,10 @@ public AttestationStatementDeserializer(Class vc) { public AttestationStatement deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { try { final Map map = jsonParser.readValueAs(new TypeReference<>() {}); + if (map == null) { + throw new Fido2DeserializationException("JSON deserialized into null."); + } + final AttestationStatement result = new AttestationStatement(); final Integer alg = (Integer) map.get("alg"); if (alg != null && -7 == alg) { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java index a14a52455..0b7f5a9fc 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AuthenticatorDataDeserializer.java @@ -82,6 +82,9 @@ public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationConte // Serialize Auth Data final byte[] authData = jsonParser.getBinaryValue(); + if (authData == null) { + throw new Fido2DeserializationException("JSON binary value deserialized into null."); + } result.setEncoded(authData); // Get RP ID Hash @@ -131,6 +134,9 @@ public AuthenticatorData deserialize(JsonParser jsonParser, DeserializationConte final byte[] credentialPublicKey = new byte[remainingLength]; System.arraycopy(authData, 55 + credentialIdLengthValue, credentialPublicKey, 0, remainingLength); final Map credentialPublicKeyMap = cborMapper.readValue(credentialPublicKey, new TypeReference<>() {}); + if (credentialPublicKeyMap == null) { + throw new Fido2DeserializationException("JSON credentialPublicKey deserialized into null."); + } final PublicKeyObject publicKeyObject = new PublicKeyObject(); final Integer algorithm = (Integer) credentialPublicKeyMap.get("3"); From a5e8dba91a90cf791033def23747864aced4d1cb Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Mon, 26 Feb 2024 08:00:38 +0100 Subject: [PATCH 090/146] Fix #1345: Coverity: Reliance on default encoding --- .../serialization/CollectedClientDataDeserializer.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java index ddb5615fa..0066dbac6 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/CollectedClientDataDeserializer.java @@ -30,6 +30,7 @@ import java.io.IOException; import java.io.Serial; +import java.nio.charset.StandardCharsets; import java.util.Base64; /** @@ -74,7 +75,7 @@ public CollectedClientData deserialize(JsonParser jsonParser, DeserializationCon final String originalTextValue = jsonParser.getText(); final byte[] decodedClientDataJSON = Base64.getDecoder().decode(originalTextValue); final CollectedClientData collectedClientData = objectMapper.readValue(decodedClientDataJSON, CollectedClientData.class); - collectedClientData.setEncoded(new String(decodedClientDataJSON)); + collectedClientData.setEncoded(new String(decodedClientDataJSON, StandardCharsets.UTF_8)); return collectedClientData; } catch (IOException e) { logger.debug(e.getMessage(), e); From 776d17d1208e39820ee56105814b7a4e6243b755 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Mon, 26 Feb 2024 08:51:03 +0100 Subject: [PATCH 091/146] Fix #1349: Coverity: Unlogged security exception --- .../server/service/fido2/PowerAuthAuthenticatorProvider.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java index b96355997..4213a059e 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java @@ -192,6 +192,8 @@ public AuthenticatorDetail storeAuthenticator(String applicationId, String activ try { devicePublicKey = keyConvertor.convertBytesToPublicKey(devicePublicKeyBytes); } catch (InvalidKeySpecException ex) { + logger.warn("Invalid public key, activation ID: {}, {}", activation.getActivationId(), ex.getMessage()); + logger.debug("Invalid public key, activation ID: {}", activation.getActivationId(), ex); handleInvalidPublicKey(activation); } @@ -377,7 +379,6 @@ private void handleInvalidPublicKey(ActivationRecordEntity activation) throws Ge activation.setActivationStatus(io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus.REMOVED); serviceBehaviorCatalogue.getActivationHistoryServiceBehavior().saveActivationAndLogChange(activation); serviceBehaviorCatalogue.getCallbackUrlBehavior().notifyCallbackListenersOnActivationChange(activation); - logger.warn("Invalid public key, activation ID: {}", activation.getActivationId()); // Exception must not be rollbacking, otherwise data written to database in this method would be lost throw localizationProvider.buildExceptionForCode(ServiceError.ACTIVATION_NOT_FOUND); } From 03d8f53bfb0663ef7518bb5cfd7cc3c6abba8783 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Ra=C4=8Dansk=C3=BD?= Date: Mon, 26 Feb 2024 09:20:58 +0100 Subject: [PATCH 092/146] Fix #1347: Make AaguidList#vendors immutable (#1348) * Fix #1347: Make AaguidList#vendors immutable * Remove duplicate keys --- .../converter/RegistrationConverter.java | 4 +- .../fido2/rest/model/entity/AaguidList.java | 296 +++++++++--------- 2 files changed, 148 insertions(+), 152 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index 4f2e5883c..303dd3bd6 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -43,8 +43,6 @@ @Slf4j public class RegistrationConverter { - private final AaguidList aaguidRegistry = new AaguidList(); - /** * Convert registration challenge to authenticator detail. * @param challenge Registration challenge. @@ -64,7 +62,7 @@ public Optional convert(RegistrationChallenge challenge, Re authenticatorDetail.setExtras(convertExtras(requestObject)); authenticatorDetail.setActivationName(requestObject.getActivationName()); authenticatorDetail.setPlatform(requestObject.getAuthenticatorParameters().getAuthenticatorAttachment()); - authenticatorDetail.setDeviceInfo(aaguidRegistry.vendorName(aaguid)); + authenticatorDetail.setDeviceInfo(AaguidList.vendorName(aaguid)); authenticatorDetail.setActivationStatus(ActivationStatus.ACTIVE); authenticatorDetail.setActivationFlags(new ArrayList<>()); authenticatorDetail.setApplicationRoles(new ArrayList<>()); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java index ed4af7695..2d39f2848 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java @@ -18,7 +18,6 @@ package com.wultra.powerauth.fido2.rest.model.entity; -import java.util.HashMap; import java.util.Map; import java.util.Objects; import java.util.UUID; @@ -28,167 +27,166 @@ * * @author Petr Dvorak, petr@wultra.com */ -public class AaguidList { +public final class AaguidList { - private static final Map vendors = new HashMap<>(); + private static final Map VENDORS = Map.ofEntries( - public AaguidList() { + // Android + Map.entry(UUID.fromString("b93fd961-f2e6-462f-b122-82002247de78"), "Android Authenticator with SafetyNet Attestation"), - // Android - vendors.put(UUID.fromString("b93fd961-f2e6-462f-b122-82002247de78"), "Android Authenticator with SafetyNet Attestation"); + // ATKey + Map.entry(UUID.fromString("ba76a271-6eb6-4171-874d-b6428dbe3437"), "ATKey.ProS"), + Map.entry(UUID.fromString("d41f5a69-b817-4144-a13c-9ebd6d9254d6"), "ATKey.Card CTAP2.0"), + Map.entry(UUID.fromString("e1a96183-5016-4f24-b55b-e3ae23614cc6"), "ATKey.Pro CTAP2.0"), + Map.entry(UUID.fromString("e416201b-afeb-41ca-a03d-2281c28322aa"), "ATKey.Pro CTAP2.1"), - // ATKey - vendors.put(UUID.fromString("ba76a271-6eb6-4171-874d-b6428dbe3437"), "ATKey.ProS"); - vendors.put(UUID.fromString("d41f5a69-b817-4144-a13c-9ebd6d9254d6"), "ATKey.Card CTAP2.0"); - vendors.put(UUID.fromString("e1a96183-5016-4f24-b55b-e3ae23614cc6"), "ATKey.Pro CTAP2.0"); - vendors.put(UUID.fromString("e416201b-afeb-41ca-a03d-2281c28322aa"), "ATKey.Pro CTAP2.1"); + // Atos + Map.entry(UUID.fromString("1c086528-58d5-f211-823c-356786e36140"), "Atos CardOS FIDO2"), - // Atos - vendors.put(UUID.fromString("1c086528-58d5-f211-823c-356786e36140"), "Atos CardOS FIDO2"); + // Crayonic + Map.entry(UUID.fromString("be727034-574a-f799-5c76-0929e0430973"), "Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)"), - // Crayonic - vendors.put(UUID.fromString("be727034-574a-f799-5c76-0929e0430973"), "Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)"); + // Cryptnox + Map.entry(UUID.fromString("9c835346-796b-4c27-8898-d6032f515cc5"), "Cryptnox FIDO2"), - // Cryptnox - vendors.put(UUID.fromString("9c835346-796b-4c27-8898-d6032f515cc5"), "Cryptnox FIDO2"); + // Ensurity + Map.entry(UUID.fromString("454e5346-4944-4ffd-6c93-8e9267193e9a"), "Ensurity ThinC"), - // Ensurity - vendors.put(UUID.fromString("454e5346-4944-4ffd-6c93-8e9267193e9a"), "Ensurity ThinC"); + // ESS + Map.entry(UUID.fromString("5343502d-5343-5343-6172-644649444f32"), "ESS Smart Card Inc. Authenticator"), - // ESS - vendors.put(UUID.fromString("5343502d-5343-5343-6172-644649444f32"), "ESS Smart Card Inc. Authenticator"); + // eWBM + Map.entry(UUID.fromString("61250591-b2bc-4456-b719-0b17be90bb30"), "eWBM eFPA FIDO2 Authenticator"), - // eWBM - vendors.put(UUID.fromString("61250591-b2bc-4456-b719-0b17be90bb30"), "eWBM eFPA FIDO2 Authenticator"); - vendors.put(UUID.fromString("87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c"), "eWBM eFA320 FIDO2 Authenticator"); - vendors.put(UUID.fromString("95442b2e-f15e-4def-b270-efb106facb4e"), "eWBM eFA310 FIDO2 Authenticator"); - - // FEITIAN - vendors.put(UUID.fromString("12ded745-4bed-47d4-abaa-e713f51d6393"), "AllinPass FIDO"); - vendors.put(UUID.fromString("2c0df832-92de-4be1-8412-88a8f074df4a"), "FIDO Java Card"); - vendors.put(UUID.fromString("310b2830-bd4a-4da5-832e-9a0dfc90abf2"), "MultiPass FIDO"); - vendors.put(UUID.fromString("3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d"), "Feitian iePass FIDO Authenticator"); - vendors.put(UUID.fromString("6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d"), "iePass FIDO"); - vendors.put(UUID.fromString("77010bd7-212a-4fc9-b236-d2ca5e9d4084"), "BioPass FIDO"); - vendors.put(UUID.fromString("833b721a-ff5f-4d00-bb2e-bdda3ec01e29"), "ePassFIDO K10, A4B, K28"); - vendors.put(UUID.fromString("8c97a730-3f7b-41a6-87d6-1e9b62bda6f0"), "FIDO Fingerprint Card"); - vendors.put(UUID.fromString("b6ede29c-3772-412c-8a78-539c1f4c62d2"), "BioPass FIDO Plus"); - vendors.put(UUID.fromString("ee041bce-25e5-4cdb-8f86-897fd6418464"), "ePassFIDO K39, NFC, NFC Plus"); - - // GoTrust - vendors.put(UUID.fromString("3b1adb99-0dfe-46fd-90b8-7f7614a4de2a"), "GoTrust Idem Key FIDO2 Authenticator"); - vendors.put(UUID.fromString("9f0d8150-baa5-4c00-9299-ad62c8bb4e87"), "GoTrust Idem Card FIDO2 Authenticator"); - - // HID Global - vendors.put(UUID.fromString("54d9fee8-e621-4291-8b18-7157b99c5bec"), "HID Crescendo Enabled"); - vendors.put(UUID.fromString("692db549-7ae5-44d5-a1e5-dd20a493b723"), "HID Crescendo Key"); - vendors.put(UUID.fromString("aeb6569c-f8fb-4950-ac60-24ca2bbe2e52"), "HID Crescendo C2300"); - - // Hideez - vendors.put(UUID.fromString("3e078ffd-4c54-4586-8baa-a77da113aec5"), "Hideez Key 3 FIDO2"); - vendors.put(UUID.fromString("4e768f2c-5fab-48b3-b300-220eb487752b"), "Hideez Key 4 FIDO2 SDK"); - - // Hyper - vendors.put(UUID.fromString("9f77e279-a6e2-4d58-b700-31e5943c6a98"), "Hyper FIDO Pro"); - vendors.put(UUID.fromString("d821a7d4-e97c-4cb6-bd82-4237731fd4be"), "Hyper FIDO Bio Security Key"); - - // MKGroup - vendors.put(UUID.fromString("f4c63eff-d26c-4248-801c-3736c7eaa93a"), "FIDO KeyPass S3"); - - // KEY-ID - vendors.put(UUID.fromString("d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3"), "KEY-ID FIDO2 Authenticator"); - - // NEOWAVE - vendors.put(UUID.fromString("3789da91-f943-46bc-95c3-50ea2012f03a"), "NEOWAVE Winkeo FIDO2"); - vendors.put(UUID.fromString("c5703116-972b-4851-a3e7-ae1259843399"), "NEOWAVE Badgeo FIDO2"); - - // NXP Semiconductors - vendors.put(UUID.fromString("07a9f89c-6407-4594-9d56-621d5f1e358b"), "NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator"); - - // OCTATCO - vendors.put(UUID.fromString("a1f52be5-dfab-4364-b51c-2bd496b14a56"), "OCTATCO EzFinger2 FIDO2 AUTHENTICATOR"); - vendors.put(UUID.fromString("bc2fe499-0d8e-4ffe-96f3-94a82840cf8c"), "OCTATCO EzQuant FIDO2 AUTHENTICATOR"); - - // OneSpan - vendors.put(UUID.fromString("30b5035e-d297-4fc1-b00b-addc96ba6a97"), "OneSpan FIDO Touch"); - - // Precision InnaIT - vendors.put(UUID.fromString("88bbd2f0-342a-42e7-9729-dd158be5407a"), "Precision InnaIT Key FIDO 2 Level 2 certified"); - - // SmartDisplayer - vendors.put(UUID.fromString("516d3969-5a57-5651-5958-4e7a49434167"), "SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)"); - - // Solo - vendors.put(UUID.fromString("8876631b-d4a0-427f-5773-0ec71c9e0279"), "Solo Secp256R1 FIDO2 CTAP2 Authenticator"); - vendors.put(UUID.fromString("8976631b-d4a0-427f-5773-0ec71c9e0279"), "Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator"); - - // Somu - vendors.put(UUID.fromString("9876631b-d4a0-427f-5773-0ec71c9e0279"), "Somu Secp256R1 FIDO2 CTAP2 Authenticator"); - - // Swissbit - vendors.put(UUID.fromString("931327dd-c89b-406c-a81e-ed7058ef36c6"), "Swissbit iShield FIDO2"); - - // Thales - vendors.put(UUID.fromString("b50d5e0a-7f81-4959-9b12-f45407407503"), "Thales IDPrime MD 3940 FIDO"); - vendors.put(UUID.fromString("efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4"), "Thales eToken FIDO"); - - // TrustKey - vendors.put(UUID.fromString("95442b2e-f15e-4def-b270-efb106facb4e"), "TrustKey G310(H)"); - vendors.put(UUID.fromString("87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c"), "TrustKey G320(H)"); - vendors.put(UUID.fromString("da776f39-f6c8-4a89-b252-1d86137a46ba"), "TrustKey T110"); - vendors.put(UUID.fromString("e3512a8a-62ae-11ea-bc55-0242ac130003"), "TrustKey T120"); - - // TOKEN2 - vendors.put(UUID.fromString("ab32f0c6-2239-afbb-c470-d2ef4e254db7"), "TOKEN2 FIDO2 Security Key"); - - // uTrust - vendors.put(UUID.fromString("73402251-f2a8-4f03-873e-3cb6db604b03"), "uTrust FIDO2 Security Key"); - - // Vancosys - vendors.put(UUID.fromString("39a5647e-1853-446c-a1f6-a79bae9f5bc7"), "Vancosys Android Authenticator"); - vendors.put(UUID.fromString("820d89ed-d65a-409e-85cb-f73f0578f82a"), "Vancosys iOS Authenticator"); - - // VinCSS - vendors.put(UUID.fromString("5fdb81b8-53f0-4967-a881-f5ec26fe4d18"), "VinCSS FIDO2 Authenticator"); - - // VivoKey - vendors.put(UUID.fromString("d7a423ad-3e19-4492-9200-78137dccc136"), "VivoKey Apex FIDO2"); - - // Windows Hello - vendors.put(UUID.fromString("08987058-cadc-4b81-b6e1-30de50dcbe96"), "Windows Hello Hardware Authenticator"); - vendors.put(UUID.fromString("6028b017-b1d4-4c02-b4b3-afcdafc96bb2"), "Windows Hello Software Authenticator"); - vendors.put(UUID.fromString("9ddd1817-af5a-4672-a2b9-3e3dd95000a9"), "Windows Hello VBS Hardware Authenticator"); - - // WiSECURE - vendors.put(UUID.fromString("504d7149-4e4c-3841-4555-55445a677357"), "WiSECURE AuthTron USB FIDO2 Authenticator"); - - // Yubico - vendors.put(UUID.fromString("0bb43545-fd2c-4185-87dd-feb0b2916ace"), "Security Key NFC by Yubico - Enterprise Edition"); - vendors.put(UUID.fromString("149a2021-8ef6-4133-96b8-81f8d5b7f1f5"), "Security Key by Yubico with NFC"); - vendors.put(UUID.fromString("2fc0579f-8113-47ea-b116-bb5a8db9202a"), "YubiKey 5 Series with NFC"); - vendors.put(UUID.fromString("6d44ba9b-f6ec-2e49-b930-0c8fe920cb73"), "Security Key by Yubico with NFC"); - vendors.put(UUID.fromString("73bb0cd4-e502-49b8-9c6f-b59445bf720b"), "YubiKey 5 FIPS Series"); - vendors.put(UUID.fromString("85203421-48f9-4355-9bc8-8a53846e5083"), "YubiKey 5Ci FIPS"); - vendors.put(UUID.fromString("a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa"), "Security Key by Yubico with NFC"); - vendors.put(UUID.fromString("b92c3f9a-c014-4056-887f-140a2501163b"), "Security Key by Yubico"); - vendors.put(UUID.fromString("c1f9a0bc-1dd2-404a-b27f-8e29047a43fd"), "YubiKey 5 FIPS Series with NFC"); - vendors.put(UUID.fromString("c5ef55ff-ad9a-4b9f-b580-adebafe026d0"), "YubiKey 5Ci"); - vendors.put(UUID.fromString("cb69481e-8ff7-4039-93ec-0a2729a154a8"), "YubiKey 5 Series"); - vendors.put(UUID.fromString("d8522d9f-575b-4866-88a9-ba99fa02f35b"), "YubiKey Bio Series"); - vendors.put(UUID.fromString("ee882879-721c-4913-9775-3dfcce97072a"), "YubiKey 5 Series"); - vendors.put(UUID.fromString("f8a011f3-8c0a-4d15-8006-17111f9edc7d"), "Security Key by Yubico"); - vendors.put(UUID.fromString("fa2b99dc-9e39-4257-8f92-4a30d23c4118"), "YubiKey 5 Series with NFC"); - vendors.put(UUID.fromString("34f5766d-1536-4a24-9033-0e294e510fb0"), "YubiKey 5 Series CTAP2.1 Preview Expired"); - vendors.put(UUID.fromString("83c47309-aabb-4108-8470-8be838b573cb"), "YubiKey Bio Series (Enterprise Profile)"); - - // Other authenticators - vendors.put(UUID.fromString("ad784498-1902-3f54-b99a-10bb7dbd9588"), "Apple MacBook Pro 14-inch, 2021"); - vendors.put(UUID.nameUUIDFromBytes(new byte[16]), "Apple Passkeys"); + // FEITIAN + Map.entry(UUID.fromString("12ded745-4bed-47d4-abaa-e713f51d6393"), "AllinPass FIDO"), + Map.entry(UUID.fromString("2c0df832-92de-4be1-8412-88a8f074df4a"), "FIDO Java Card"), + Map.entry(UUID.fromString("310b2830-bd4a-4da5-832e-9a0dfc90abf2"), "MultiPass FIDO"), + Map.entry(UUID.fromString("3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d"), "Feitian iePass FIDO Authenticator"), + Map.entry(UUID.fromString("6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d"), "iePass FIDO"), + Map.entry(UUID.fromString("77010bd7-212a-4fc9-b236-d2ca5e9d4084"), "BioPass FIDO"), + Map.entry(UUID.fromString("833b721a-ff5f-4d00-bb2e-bdda3ec01e29"), "ePassFIDO K10, A4B, K28"), + Map.entry(UUID.fromString("8c97a730-3f7b-41a6-87d6-1e9b62bda6f0"), "FIDO Fingerprint Card"), + Map.entry(UUID.fromString("b6ede29c-3772-412c-8a78-539c1f4c62d2"), "BioPass FIDO Plus"), + Map.entry(UUID.fromString("ee041bce-25e5-4cdb-8f86-897fd6418464"), "ePassFIDO K39, NFC, NFC Plus"), + // GoTrust + Map.entry(UUID.fromString("3b1adb99-0dfe-46fd-90b8-7f7614a4de2a"), "GoTrust Idem Key FIDO2 Authenticator"), + Map.entry(UUID.fromString("9f0d8150-baa5-4c00-9299-ad62c8bb4e87"), "GoTrust Idem Card FIDO2 Authenticator"), + + // HID Global + Map.entry(UUID.fromString("54d9fee8-e621-4291-8b18-7157b99c5bec"), "HID Crescendo Enabled"), + Map.entry(UUID.fromString("692db549-7ae5-44d5-a1e5-dd20a493b723"), "HID Crescendo Key"), + Map.entry(UUID.fromString("aeb6569c-f8fb-4950-ac60-24ca2bbe2e52"), "HID Crescendo C2300"), + + // Hideez + Map.entry(UUID.fromString("3e078ffd-4c54-4586-8baa-a77da113aec5"), "Hideez Key 3 FIDO2"), + Map.entry(UUID.fromString("4e768f2c-5fab-48b3-b300-220eb487752b"), "Hideez Key 4 FIDO2 SDK"), + + // Hyper + Map.entry(UUID.fromString("9f77e279-a6e2-4d58-b700-31e5943c6a98"), "Hyper FIDO Pro"), + Map.entry(UUID.fromString("d821a7d4-e97c-4cb6-bd82-4237731fd4be"), "Hyper FIDO Bio Security Key"), + + // MKGroup + Map.entry(UUID.fromString("f4c63eff-d26c-4248-801c-3736c7eaa93a"), "FIDO KeyPass S3"), + + // KEY-ID + Map.entry(UUID.fromString("d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3"), "KEY-ID FIDO2 Authenticator"), + + // NEOWAVE + Map.entry(UUID.fromString("3789da91-f943-46bc-95c3-50ea2012f03a"), "NEOWAVE Winkeo FIDO2"), + Map.entry(UUID.fromString("c5703116-972b-4851-a3e7-ae1259843399"), "NEOWAVE Badgeo FIDO2"), + + // NXP Semiconductors + Map.entry(UUID.fromString("07a9f89c-6407-4594-9d56-621d5f1e358b"), "NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator"), + + // OCTATCO + Map.entry(UUID.fromString("a1f52be5-dfab-4364-b51c-2bd496b14a56"), "OCTATCO EzFinger2 FIDO2 AUTHENTICATOR"), + Map.entry(UUID.fromString("bc2fe499-0d8e-4ffe-96f3-94a82840cf8c"), "OCTATCO EzQuant FIDO2 AUTHENTICATOR"), + + // OneSpan + Map.entry(UUID.fromString("30b5035e-d297-4fc1-b00b-addc96ba6a97"), "OneSpan FIDO Touch"), + + // Precision InnaIT + Map.entry(UUID.fromString("88bbd2f0-342a-42e7-9729-dd158be5407a"), "Precision InnaIT Key FIDO 2 Level 2 certified"), + + // SmartDisplayer + Map.entry(UUID.fromString("516d3969-5a57-5651-5958-4e7a49434167"), "SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)"), + + // Solo + Map.entry(UUID.fromString("8876631b-d4a0-427f-5773-0ec71c9e0279"), "Solo Secp256R1 FIDO2 CTAP2 Authenticator"), + Map.entry(UUID.fromString("8976631b-d4a0-427f-5773-0ec71c9e0279"), "Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator"), + + // Somu + Map.entry(UUID.fromString("9876631b-d4a0-427f-5773-0ec71c9e0279"), "Somu Secp256R1 FIDO2 CTAP2 Authenticator"), + + // Swissbit + Map.entry(UUID.fromString("931327dd-c89b-406c-a81e-ed7058ef36c6"), "Swissbit iShield FIDO2"), + + // Thales + Map.entry(UUID.fromString("b50d5e0a-7f81-4959-9b12-f45407407503"), "Thales IDPrime MD 3940 FIDO"), + Map.entry(UUID.fromString("efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4"), "Thales eToken FIDO"), + + // TrustKey + Map.entry(UUID.fromString("95442b2e-f15e-4def-b270-efb106facb4e"), "TrustKey G310(H)"), + Map.entry(UUID.fromString("87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c"), "TrustKey G320(H)"), + Map.entry(UUID.fromString("da776f39-f6c8-4a89-b252-1d86137a46ba"), "TrustKey T110"), + Map.entry(UUID.fromString("e3512a8a-62ae-11ea-bc55-0242ac130003"), "TrustKey T120"), + + // TOKEN2 + Map.entry(UUID.fromString("ab32f0c6-2239-afbb-c470-d2ef4e254db7"), "TOKEN2 FIDO2 Security Key"), + + // uTrust + Map.entry(UUID.fromString("73402251-f2a8-4f03-873e-3cb6db604b03"), "uTrust FIDO2 Security Key"), + + // Vancosys + Map.entry(UUID.fromString("39a5647e-1853-446c-a1f6-a79bae9f5bc7"), "Vancosys Android Authenticator"), + Map.entry(UUID.fromString("820d89ed-d65a-409e-85cb-f73f0578f82a"), "Vancosys iOS Authenticator"), + + // VinCSS + Map.entry(UUID.fromString("5fdb81b8-53f0-4967-a881-f5ec26fe4d18"), "VinCSS FIDO2 Authenticator"), + + // VivoKey + Map.entry(UUID.fromString("d7a423ad-3e19-4492-9200-78137dccc136"), "VivoKey Apex FIDO2"), + + // Windows Hello + Map.entry(UUID.fromString("08987058-cadc-4b81-b6e1-30de50dcbe96"), "Windows Hello Hardware Authenticator"), + Map.entry(UUID.fromString("6028b017-b1d4-4c02-b4b3-afcdafc96bb2"), "Windows Hello Software Authenticator"), + Map.entry(UUID.fromString("9ddd1817-af5a-4672-a2b9-3e3dd95000a9"), "Windows Hello VBS Hardware Authenticator"), + + // WiSECURE + Map.entry(UUID.fromString("504d7149-4e4c-3841-4555-55445a677357"), "WiSECURE AuthTron USB FIDO2 Authenticator"), + + // Yubico + Map.entry(UUID.fromString("0bb43545-fd2c-4185-87dd-feb0b2916ace"), "Security Key NFC by Yubico - Enterprise Edition"), + Map.entry(UUID.fromString("149a2021-8ef6-4133-96b8-81f8d5b7f1f5"), "Security Key by Yubico with NFC"), + Map.entry(UUID.fromString("2fc0579f-8113-47ea-b116-bb5a8db9202a"), "YubiKey 5 Series with NFC"), + Map.entry(UUID.fromString("6d44ba9b-f6ec-2e49-b930-0c8fe920cb73"), "Security Key by Yubico with NFC"), + Map.entry(UUID.fromString("73bb0cd4-e502-49b8-9c6f-b59445bf720b"), "YubiKey 5 FIPS Series"), + Map.entry(UUID.fromString("85203421-48f9-4355-9bc8-8a53846e5083"), "YubiKey 5Ci FIPS"), + Map.entry(UUID.fromString("a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa"), "Security Key by Yubico with NFC"), + Map.entry(UUID.fromString("b92c3f9a-c014-4056-887f-140a2501163b"), "Security Key by Yubico"), + Map.entry(UUID.fromString("c1f9a0bc-1dd2-404a-b27f-8e29047a43fd"), "YubiKey 5 FIPS Series with NFC"), + Map.entry(UUID.fromString("c5ef55ff-ad9a-4b9f-b580-adebafe026d0"), "YubiKey 5Ci"), + Map.entry(UUID.fromString("cb69481e-8ff7-4039-93ec-0a2729a154a8"), "YubiKey 5 Series"), + Map.entry(UUID.fromString("d8522d9f-575b-4866-88a9-ba99fa02f35b"), "YubiKey Bio Series"), + Map.entry(UUID.fromString("ee882879-721c-4913-9775-3dfcce97072a"), "YubiKey 5 Series"), + Map.entry(UUID.fromString("f8a011f3-8c0a-4d15-8006-17111f9edc7d"), "Security Key by Yubico"), + Map.entry(UUID.fromString("fa2b99dc-9e39-4257-8f92-4a30d23c4118"), "YubiKey 5 Series with NFC"), + Map.entry(UUID.fromString("34f5766d-1536-4a24-9033-0e294e510fb0"), "YubiKey 5 Series CTAP2.1 Preview Expired"), + Map.entry(UUID.fromString("83c47309-aabb-4108-8470-8be838b573cb"), "YubiKey Bio Series (Enterprise Profile)"), + + // Other authenticators + Map.entry(UUID.fromString("ad784498-1902-3f54-b99a-10bb7dbd9588"), "Apple MacBook Pro 14-inch, 2021"), + Map.entry(UUID.fromString("4ae71336-e44b-39bf-b9d2-752e234818a5"), "Apple Passkeys") + ); + + private AaguidList() { + throw new IllegalStateException("Should not be instantiated"); } - public String vendorName(byte[] aaguid) { - final String vendor = vendors.get(UUID.nameUUIDFromBytes(aaguid)); + public static String vendorName(final byte[] aaguid) { + final String vendor = VENDORS.get(UUID.nameUUIDFromBytes(aaguid)); return Objects.requireNonNullElse(vendor, "Unknown FIDO2 Authenticator"); } From 3df009fe0ef6b66bd211202f60ecabad506b008c Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Mon, 26 Feb 2024 09:56:43 +0100 Subject: [PATCH 093/146] Fix #1351: Coverity: Useless call --- .../powerauth/rest/client/PowerAuthFido2RestClient.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java index 558bc7f2b..3d7156736 100644 --- a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java +++ b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java @@ -85,7 +85,7 @@ public PowerAuthFido2RestClient(String baseUrl, PowerAuthRestClientConfiguration } } if (config.getPowerAuthClientToken() != null) { - builder.httpBasicAuth().username(config.getPowerAuthClientToken()).password(config.getPowerAuthClientSecret()).build(); + builder.httpBasicAuth().username(config.getPowerAuthClientToken()).password(config.getPowerAuthClientSecret()); } if (config.getDefaultHttpHeaders() != null) { builder.defaultHttpHeaders(config.getDefaultHttpHeaders()); From 05d08746ca5aeb7f7924024130d9dcdea759931d Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Mon, 26 Feb 2024 14:32:32 +0100 Subject: [PATCH 094/146] Fix column name pa_application_config.config_key in db scripts A follow-up to #1299 --- .../1.7.x/20240212-application-config.xml | 4 ++-- docs/sql/mssql/migration_1.6.0_1.7.0.sql | 4 ++-- docs/sql/oracle/migration_1.6.0_1.7.0.sql | 4 ++-- docs/sql/postgresql/migration_1.6.0_1.7.0.sql | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240212-application-config.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240212-application-config.xml index c495dfdd2..485818c85 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240212-application-config.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240212-application-config.xml @@ -49,9 +49,9 @@ - Create a new index on pa_application_config(key) + Create a new index on pa_application_config(config_key) - + diff --git a/docs/sql/mssql/migration_1.6.0_1.7.0.sql b/docs/sql/mssql/migration_1.6.0_1.7.0.sql index 67faff720..db82de320 100644 --- a/docs/sql/mssql/migration_1.6.0_1.7.0.sql +++ b/docs/sql/mssql/migration_1.6.0_1.7.0.sql @@ -18,8 +18,8 @@ CREATE TABLE pa_application_config (id int NOT NULL, application_id int NOT NULL GO -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::2::Roman Strobl --- Create a new index on pa_application_config(key) -CREATE NONCLUSTERED INDEX pa_app_config_key_idx ON pa_application_config([key]); +-- Create a new index on pa_application_config(config_key) +CREATE NONCLUSTERED INDEX pa_app_config_key_idx ON pa_application_config([config_key]); GO -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::3::Lubos Racansky diff --git a/docs/sql/oracle/migration_1.6.0_1.7.0.sql b/docs/sql/oracle/migration_1.6.0_1.7.0.sql index 760ac1e1b..10a4f6da1 100644 --- a/docs/sql/oracle/migration_1.6.0_1.7.0.sql +++ b/docs/sql/oracle/migration_1.6.0_1.7.0.sql @@ -14,8 +14,8 @@ ALTER TABLE pa_activation MODIFY extras CLOB; CREATE TABLE pa_application_config (id INTEGER NOT NULL, application_id INTEGER NOT NULL, config_key VARCHAR2(255) NOT NULL, config_values CLOB, CONSTRAINT PK_PA_APPLICATION_CONFIG PRIMARY KEY (id), CONSTRAINT pa_app_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::2::Roman Strobl --- Create a new index on pa_application_config(key) -CREATE INDEX pa_app_config_key_idx ON pa_application_config(key); +-- Create a new index on pa_application_config(config_key) +CREATE INDEX pa_app_config_key_idx ON pa_application_config(config_key); -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::3::Lubos Racansky -- Create a new sequence pa_app_conf_seq diff --git a/docs/sql/postgresql/migration_1.6.0_1.7.0.sql b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql index b1fb025ba..5a4e29ac8 100644 --- a/docs/sql/postgresql/migration_1.6.0_1.7.0.sql +++ b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql @@ -14,8 +14,8 @@ ALTER TABLE pa_activation ALTER COLUMN extras TYPE TEXT USING (extras::TEXT); CREATE TABLE pa_application_config (id INTEGER NOT NULL, application_id INTEGER NOT NULL, config_key VARCHAR(255) NOT NULL, config_values TEXT, CONSTRAINT pa_application_config_pkey PRIMARY KEY (id), CONSTRAINT pa_app_config_app_fk FOREIGN KEY (application_id) REFERENCES pa_application(id)); -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::2::Roman Strobl --- Create a new index on pa_application_config(key) -CREATE INDEX pa_app_config_key_idx ON pa_application_config(key); +-- Create a new index on pa_application_config(config_key) +CREATE INDEX pa_app_config_key_idx ON pa_application_config(config_key); -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::3::Lubos Racansky -- Create a new sequence pa_app_conf_seq From 8018c5446a4ea9bdf4669491f4a516dd4731b988 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Tue, 27 Feb 2024 15:00:26 +0800 Subject: [PATCH 095/146] Fix #1310: FIDO2: Persist and check counter value --- .../fido2/PowerAuthCryptographyService.java | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java index a2aecfce4..3e53e7cd5 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java @@ -20,16 +20,20 @@ import com.wultra.powerauth.fido2.rest.model.entity.*; import com.wultra.powerauth.fido2.service.provider.CryptographyService; +import io.getlime.security.powerauth.app.server.database.model.entity.ActivationRecordEntity; +import io.getlime.security.powerauth.app.server.database.repository.ActivationRepository; import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException; import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException; import io.getlime.security.powerauth.crypto.lib.util.Hash; import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor; import io.getlime.security.powerauth.crypto.lib.util.SignatureUtils; +import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Service; import java.security.InvalidKeyException; import java.security.PublicKey; import java.security.spec.InvalidKeySpecException; +import java.util.List; /** * Service providing FIDO2 cryptographic functionality. @@ -37,11 +41,20 @@ * @author Petr Dvorak, petr@wultra.com */ @Service +@Slf4j public class PowerAuthCryptographyService implements CryptographyService { private final KeyConvertor keyConvertor = new KeyConvertor(); + private final ActivationRepository activationRepository; + + public PowerAuthCryptographyService(ActivationRepository activationRepository) { + this.activationRepository = activationRepository; + } public boolean verifySignatureForAssertion(String applicationId, String authenticatorId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AuthenticatorDetail authenticatorDetail) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException, InvalidKeyException { + if (!checkAndPersistCounter(applicationId, authenticatorId, authData.getSignCount())) { + return false; + } final byte[] publicKeyBytes = authenticatorDetail.getPublicKeyBytes(); final PublicKey publicKey = keyConvertor.convertBytesToPublicKey(publicKeyBytes); return verifySignature(clientDataJSON, authData, signature, publicKey); @@ -68,6 +81,25 @@ private boolean verifySignature(CollectedClientData clientDataJSON, Authenticato return signatureUtils.validateECDSASignature(clientDataJSONEncodedHash, signature, publicKey); } + private boolean checkAndPersistCounter(String applicationId, String authenticatorId, int signCount) { + final List activations = activationRepository.findByExternalId(applicationId, authenticatorId); + if (activations.size() != 1) { + logger.warn("Multiple activations with same external ID found, external ID: {}", authenticatorId); + return false; + } + final ActivationRecordEntity activation = activations.get(0); + if (signCount == 0 && activation.getCounter() == 0) { + return true; + } + if (activation.getCounter() >= signCount) { + logger.warn("Invalid counter value for activation, activation ID: {}, stored counter value: {}, received counter value: {}", activation.getActivationId(), activation.getCounter(), signCount); + return false; + } + activation.setCounter((long) signCount); + activationRepository.save(activation); + return true; + } + private byte[] concat(byte[] a, byte[] b) { final byte[] combined = new byte[a.length + b.length]; System.arraycopy(a, 0, combined, 0, a.length); From d7a5209846de8246845f284d39d29a66fa896a53 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Tue, 27 Feb 2024 15:27:48 +0800 Subject: [PATCH 096/146] Handle different cases for activations found by external ID --- .../server/service/fido2/PowerAuthCryptographyService.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java index 3e53e7cd5..535c0c2a5 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java @@ -83,7 +83,11 @@ private boolean verifySignature(CollectedClientData clientDataJSON, Authenticato private boolean checkAndPersistCounter(String applicationId, String authenticatorId, int signCount) { final List activations = activationRepository.findByExternalId(applicationId, authenticatorId); - if (activations.size() != 1) { + if (activations.isEmpty()) { + logger.warn("Activation not found, external ID: {}", authenticatorId); + return false; + } + if (activations.size() > 1) { logger.warn("Multiple activations with same external ID found, external ID: {}", authenticatorId); return false; } From 9af222e7bf5c63c9917e594d4de93d5d7b469db8 Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Wed, 28 Feb 2024 15:37:12 +0800 Subject: [PATCH 097/146] Fix #1289: FIDO2: Do not allow duplicate registration of same authenticator --- .../powerauth/fido2/service/RegistrationService.java | 7 ++++--- .../fido2/service/provider/RegistrationProvider.java | 3 ++- .../service/fido2/PowerAuthRegistrationProvider.java | 11 +++++++++-- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index 7aa8c1474..ece894b97 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -115,6 +115,7 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E throw new Fido2AuthenticationFailedException(error); } + final String authenticatorId = requestObject.getAuthenticatorParameters().getId(); final AuthenticatorAttestationResponse response = requestObject.getAuthenticatorParameters().getResponse(); final CollectedClientData clientDataJSON = response.getClientDataJSON(); @@ -130,7 +131,7 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E final String fmt = attestationObject.getFmt(); final byte[] aaguid = attestationObject.getAuthData().getAttestedCredentialData().getAaguid(); - validateRegistrationRequest(applicationId, fmt, aaguid, challengeValue); + validateRegistrationRequest(applicationId, authenticatorId, fmt, aaguid, challengeValue); if (Fmt.FMT_PACKED.getValue().equals(fmt)) { final boolean verifySignature = cryptographyService.verifySignatureForRegistration(applicationId, clientDataJSON, authData, signature, attestedCredentialData); @@ -151,8 +152,8 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E return registrationConverter.convertRegistrationResponse(authenticatorDetailResponse); } - private void validateRegistrationRequest(final String applicationId, final String attestationFormat, final byte[] aaguid, final String challengeValue) throws Exception { - if (!registrationProvider.registrationAllowed(applicationId, attestationFormat, aaguid)) { + private void validateRegistrationRequest(final String applicationId, final String authenticatorId, final String attestationFormat, final byte[] aaguid, final String challengeValue) throws Exception { + if (!registrationProvider.registrationAllowed(applicationId, authenticatorId, attestationFormat, aaguid)) { logger.warn("Invalid request for FIDO2 registration"); // Immediately revoke the challenge registrationProvider.revokeRegistrationByChallengeValue(applicationId, challengeValue); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java index 0349baafc..e9a18488a 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java @@ -59,11 +59,12 @@ public interface RegistrationProvider { /** * Verify registration parameters and determine whether registration is allowed. * @param applicationId Application ID. + * @param authenticatorId Authenticator ID. * @param attestationFormat FIDO2 registration attestation format. * @param aaguid FIDO2 registration AAGUID value. * @return Whether registration is allowed. * @throws Exception In case any issue occur during processing. */ - boolean registrationAllowed(String applicationId, String attestationFormat, byte[] aaguid) throws Exception; + boolean registrationAllowed(String applicationId, String authenticatorId, String attestationFormat, byte[] aaguid) throws Exception; } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java index 820022630..e9f57f229 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java @@ -31,6 +31,7 @@ import io.getlime.security.powerauth.app.server.database.model.entity.ActivationRecordEntity; import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationEntity; import io.getlime.security.powerauth.app.server.database.model.enumeration.ActivationStatus; +import io.getlime.security.powerauth.app.server.database.repository.ActivationRepository; import io.getlime.security.powerauth.app.server.service.behavior.ServiceBehaviorCatalogue; import io.getlime.security.powerauth.app.server.service.behavior.tasks.ApplicationConfigServiceBehavior; import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException; @@ -152,7 +153,7 @@ public void revokeRegistrationByChallengeValue(String applicationId, String chal @Override @Transactional(readOnly = true) - public boolean registrationAllowed(String applicationId, String attestationFormat, byte[] aaguid) throws Exception { + public boolean registrationAllowed(String applicationId, String authenticatorId, String attestationFormat, byte[] aaguid) throws Exception { final ApplicationConfigServiceBehavior configService = serviceBehaviorCatalogue.getApplicationConfigServiceBehavior(); final GetApplicationConfigRequest configRequest = new GetApplicationConfigRequest(); configRequest.setApplicationId(applicationId); @@ -175,7 +176,6 @@ public boolean registrationAllowed(String applicationId, String attestationForma .findFirst(); if (configAaguids.isPresent()) { - System.out.println(aaguidStr); List allowedAaguids = configAaguids.get().getValues(); if (!allowedAaguids.contains(aaguidStr)) { logger.warn("Rejected AAGUID value for FIDO2 registration: {}", aaguidStr); @@ -183,6 +183,13 @@ public boolean registrationAllowed(String applicationId, String attestationForma } } + final ActivationRepository activationRepository = repositoryCatalogue.getActivationRepository(); + final List existingActivations = activationRepository.findByExternalId(applicationId, authenticatorId); + if (!existingActivations.isEmpty()) { + logger.warn("Rejected duplicate external ID for registration, application ID: {}, external ID: {}", applicationId, authenticatorId); + return false; + } + return true; } } From 30e1e1919b718aaaad47e4f11f6b2b1a66524566 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 01:45:44 +0000 Subject: [PATCH 098/146] Bump nl.jqno.equalsverifier:equalsverifier from 3.15.7 to 3.15.8 Bumps [nl.jqno.equalsverifier:equalsverifier](https://github.com/jqno/equalsverifier) from 3.15.7 to 3.15.8. - [Release notes](https://github.com/jqno/equalsverifier/releases) - [Changelog](https://github.com/jqno/equalsverifier/blob/main/CHANGELOG.md) - [Commits](https://github.com/jqno/equalsverifier/compare/equalsverifier-3.15.7...equalsverifier-3.15.8) --- updated-dependencies: - dependency-name: nl.jqno.equalsverifier:equalsverifier dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c683f8fef..f773224be 100644 --- a/pom.xml +++ b/pom.xml @@ -102,7 +102,7 @@ 1.11.0 7.4 - 3.15.7 + 3.15.8 3.5.3 From 42c6ce84ec7c517766294464cd08156732d3e2f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 01:46:03 +0000 Subject: [PATCH 099/146] Bump net.javacrumbs.shedlock:shedlock-bom from 5.11.0 to 5.12.0 Bumps [net.javacrumbs.shedlock:shedlock-bom](https://github.com/lukas-krecan/ShedLock) from 5.11.0 to 5.12.0. - [Commits](https://github.com/lukas-krecan/ShedLock/compare/shedlock-parent-5.11.0...shedlock-parent-5.12.0) --- updated-dependencies: - dependency-name: net.javacrumbs.shedlock:shedlock-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c683f8fef..8bd35f584 100644 --- a/pom.xml +++ b/pom.xml @@ -97,7 +97,7 @@ 2.2.20 - 5.11.0 + 5.12.0 1.11.0 From 987f28234be6a808246cd5e55435bd1e9a571683 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 01:46:44 +0000 Subject: [PATCH 100/146] Bump com.webauthn4j:webauthn4j-test Bumps [com.webauthn4j:webauthn4j-test](https://github.com/webauthn4j/webauthn4j) from 0.22.1.RELEASE to 0.22.2.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.22.1.RELEASE...0.22.2.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-test dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c683f8fef..ef3ce7d43 100644 --- a/pom.xml +++ b/pom.xml @@ -106,7 +106,7 @@ 3.5.3 - 0.22.1.RELEASE + 0.22.2.RELEASE From a018e5b0f7a4c5a95ed11cda0a8fe3427c11da93 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Mon, 4 Mar 2024 08:35:15 +0100 Subject: [PATCH 101/146] Fix #1366: testUpdateActivation_badRequest fails for a non-English locale --- .../powerauth/app/server/controller/RESTControllerAdvice.java | 2 +- .../src/test/resources/application-test.properties | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java index a9ec39b73..c8b8f9365 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java @@ -138,7 +138,7 @@ public class RESTControllerAdvice { } /** - * Resolver for validation xception. + * Resolver for validation exception. * * @param ex Exception. * @return Activation recovery error. diff --git a/powerauth-java-server/src/test/resources/application-test.properties b/powerauth-java-server/src/test/resources/application-test.properties index e1d502878..e6ddcbfee 100644 --- a/powerauth-java-server/src/test/resources/application-test.properties +++ b/powerauth-java-server/src/test/resources/application-test.properties @@ -31,3 +31,5 @@ powerauth.server.db.master.encryption.key=MTIzNDU2Nzg5MDEyMzQ1Ng== #logging.level.org.hibernate.orm.jdbc.bind=trace spring.liquibase.enabled=false + +spring.web.locale=en From e5eb8a0d7b5de357c27b6ece130b4a0419bbe879 Mon Sep 17 00:00:00 2001 From: Jan Dusil <134381434+jandusil@users.noreply.github.com> Date: Mon, 4 Mar 2024 13:40:10 +0100 Subject: [PATCH 102/146] Fix #1368: Modify datatype of pa_activation.extras (#1369) --- .../powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml index e42b7e6af..5a9a77f08 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240115-add-columns-fido2.xml @@ -46,7 +46,7 @@ - + From 6da2b4f1c3519a7c2bae1d9be83932635e5046fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Mon, 4 Mar 2024 18:19:39 +0100 Subject: [PATCH 103/146] Fix #1372: Log a successfull callback call as an info --- .../app/server/service/behavior/tasks/CallbackUrlBehavior.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java index dbdad10d1..d423c92d3 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java @@ -413,7 +413,7 @@ private Map prepareCallbackDataOperation(CallbackUrlEntity callb * @throws RestClientException Thrown when HTTP request fails. */ private void notifyCallbackUrl(CallbackUrlEntity callbackUrlEntity, Map callbackData) throws RestClientException { - final Consumer> onSuccess = response -> logger.debug("Callback succeeded, URL: {}", callbackUrlEntity.getCallbackUrl()); + final Consumer> onSuccess = response -> logger.info("Callback succeeded, URL: {}", callbackUrlEntity.getCallbackUrl()); final Consumer onError = error -> logger.warn("Callback failed, URL: {}, error: {}", callbackUrlEntity.getCallbackUrl(), error.getMessage()); final ParameterizedTypeReference responseType = new ParameterizedTypeReference<>(){}; final RestClient restClient = getRestClient(callbackUrlEntity); From 8863190225fab8cfc4f6d058fd03f7a745b7e804 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Mon, 4 Mar 2024 18:22:30 +0100 Subject: [PATCH 104/146] Fix #1314: FIDO2: Add new signature types (#1356) * Fix #1314: FIDO2: Add new signature types * Fix comments from the code review --- .../converter/RegistrationConverter.java | 6 +- .../fido2/rest/model/entity/AaguidList.java | 193 ------------- .../model/entity/Fido2Authenticators.java | 253 ++++++++++++++++++ .../fido2/service/AssertionService.java | 14 +- .../service/provider/AssertionProvider.java | 14 +- .../fido2/PowerAuthAssertionProvider.java | 43 ++- 6 files changed, 303 insertions(+), 220 deletions(-) delete mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2Authenticators.java diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index 303dd3bd6..fbe39406a 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -19,7 +19,7 @@ package com.wultra.powerauth.fido2.rest.model.converter; import com.fasterxml.jackson.core.JsonProcessingException; -import com.wultra.powerauth.fido2.rest.model.entity.AaguidList; +import com.wultra.powerauth.fido2.rest.model.entity.Fido2Authenticators; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorParameters; import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; @@ -58,11 +58,13 @@ public Optional convert(RegistrationChallenge challenge, Re authenticatorDetail.setActivationId(challenge.getActivationId()); authenticatorDetail.setApplicationId(challenge.getApplicationId()); + final Fido2Authenticators.Model model = Fido2Authenticators.modelByAaguid(aaguid); + authenticatorDetail.setExternalId(requestObject.getAuthenticatorParameters().getId()); authenticatorDetail.setExtras(convertExtras(requestObject)); authenticatorDetail.setActivationName(requestObject.getActivationName()); authenticatorDetail.setPlatform(requestObject.getAuthenticatorParameters().getAuthenticatorAttachment()); - authenticatorDetail.setDeviceInfo(AaguidList.vendorName(aaguid)); + authenticatorDetail.setDeviceInfo(model.description()); authenticatorDetail.setActivationStatus(ActivationStatus.ACTIVE); authenticatorDetail.setActivationFlags(new ArrayList<>()); authenticatorDetail.setApplicationRoles(new ArrayList<>()); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java deleted file mode 100644 index 2d39f2848..000000000 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AaguidList.java +++ /dev/null @@ -1,193 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.powerauth.fido2.rest.model.entity; - -import java.util.Map; -import java.util.Objects; -import java.util.UUID; - -/** - * Class containing map of all known FIDO2 AAGUID authenticator identifiers. - * - * @author Petr Dvorak, petr@wultra.com - */ -public final class AaguidList { - - private static final Map VENDORS = Map.ofEntries( - - // Android - Map.entry(UUID.fromString("b93fd961-f2e6-462f-b122-82002247de78"), "Android Authenticator with SafetyNet Attestation"), - - // ATKey - Map.entry(UUID.fromString("ba76a271-6eb6-4171-874d-b6428dbe3437"), "ATKey.ProS"), - Map.entry(UUID.fromString("d41f5a69-b817-4144-a13c-9ebd6d9254d6"), "ATKey.Card CTAP2.0"), - Map.entry(UUID.fromString("e1a96183-5016-4f24-b55b-e3ae23614cc6"), "ATKey.Pro CTAP2.0"), - Map.entry(UUID.fromString("e416201b-afeb-41ca-a03d-2281c28322aa"), "ATKey.Pro CTAP2.1"), - - // Atos - Map.entry(UUID.fromString("1c086528-58d5-f211-823c-356786e36140"), "Atos CardOS FIDO2"), - - // Crayonic - Map.entry(UUID.fromString("be727034-574a-f799-5c76-0929e0430973"), "Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)"), - - // Cryptnox - Map.entry(UUID.fromString("9c835346-796b-4c27-8898-d6032f515cc5"), "Cryptnox FIDO2"), - - // Ensurity - Map.entry(UUID.fromString("454e5346-4944-4ffd-6c93-8e9267193e9a"), "Ensurity ThinC"), - - // ESS - Map.entry(UUID.fromString("5343502d-5343-5343-6172-644649444f32"), "ESS Smart Card Inc. Authenticator"), - - // eWBM - Map.entry(UUID.fromString("61250591-b2bc-4456-b719-0b17be90bb30"), "eWBM eFPA FIDO2 Authenticator"), - - // FEITIAN - Map.entry(UUID.fromString("12ded745-4bed-47d4-abaa-e713f51d6393"), "AllinPass FIDO"), - Map.entry(UUID.fromString("2c0df832-92de-4be1-8412-88a8f074df4a"), "FIDO Java Card"), - Map.entry(UUID.fromString("310b2830-bd4a-4da5-832e-9a0dfc90abf2"), "MultiPass FIDO"), - Map.entry(UUID.fromString("3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d"), "Feitian iePass FIDO Authenticator"), - Map.entry(UUID.fromString("6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d"), "iePass FIDO"), - Map.entry(UUID.fromString("77010bd7-212a-4fc9-b236-d2ca5e9d4084"), "BioPass FIDO"), - Map.entry(UUID.fromString("833b721a-ff5f-4d00-bb2e-bdda3ec01e29"), "ePassFIDO K10, A4B, K28"), - Map.entry(UUID.fromString("8c97a730-3f7b-41a6-87d6-1e9b62bda6f0"), "FIDO Fingerprint Card"), - Map.entry(UUID.fromString("b6ede29c-3772-412c-8a78-539c1f4c62d2"), "BioPass FIDO Plus"), - Map.entry(UUID.fromString("ee041bce-25e5-4cdb-8f86-897fd6418464"), "ePassFIDO K39, NFC, NFC Plus"), - - // GoTrust - Map.entry(UUID.fromString("3b1adb99-0dfe-46fd-90b8-7f7614a4de2a"), "GoTrust Idem Key FIDO2 Authenticator"), - Map.entry(UUID.fromString("9f0d8150-baa5-4c00-9299-ad62c8bb4e87"), "GoTrust Idem Card FIDO2 Authenticator"), - - // HID Global - Map.entry(UUID.fromString("54d9fee8-e621-4291-8b18-7157b99c5bec"), "HID Crescendo Enabled"), - Map.entry(UUID.fromString("692db549-7ae5-44d5-a1e5-dd20a493b723"), "HID Crescendo Key"), - Map.entry(UUID.fromString("aeb6569c-f8fb-4950-ac60-24ca2bbe2e52"), "HID Crescendo C2300"), - - // Hideez - Map.entry(UUID.fromString("3e078ffd-4c54-4586-8baa-a77da113aec5"), "Hideez Key 3 FIDO2"), - Map.entry(UUID.fromString("4e768f2c-5fab-48b3-b300-220eb487752b"), "Hideez Key 4 FIDO2 SDK"), - - // Hyper - Map.entry(UUID.fromString("9f77e279-a6e2-4d58-b700-31e5943c6a98"), "Hyper FIDO Pro"), - Map.entry(UUID.fromString("d821a7d4-e97c-4cb6-bd82-4237731fd4be"), "Hyper FIDO Bio Security Key"), - - // MKGroup - Map.entry(UUID.fromString("f4c63eff-d26c-4248-801c-3736c7eaa93a"), "FIDO KeyPass S3"), - - // KEY-ID - Map.entry(UUID.fromString("d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3"), "KEY-ID FIDO2 Authenticator"), - - // NEOWAVE - Map.entry(UUID.fromString("3789da91-f943-46bc-95c3-50ea2012f03a"), "NEOWAVE Winkeo FIDO2"), - Map.entry(UUID.fromString("c5703116-972b-4851-a3e7-ae1259843399"), "NEOWAVE Badgeo FIDO2"), - - // NXP Semiconductors - Map.entry(UUID.fromString("07a9f89c-6407-4594-9d56-621d5f1e358b"), "NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator"), - - // OCTATCO - Map.entry(UUID.fromString("a1f52be5-dfab-4364-b51c-2bd496b14a56"), "OCTATCO EzFinger2 FIDO2 AUTHENTICATOR"), - Map.entry(UUID.fromString("bc2fe499-0d8e-4ffe-96f3-94a82840cf8c"), "OCTATCO EzQuant FIDO2 AUTHENTICATOR"), - - // OneSpan - Map.entry(UUID.fromString("30b5035e-d297-4fc1-b00b-addc96ba6a97"), "OneSpan FIDO Touch"), - - // Precision InnaIT - Map.entry(UUID.fromString("88bbd2f0-342a-42e7-9729-dd158be5407a"), "Precision InnaIT Key FIDO 2 Level 2 certified"), - - // SmartDisplayer - Map.entry(UUID.fromString("516d3969-5a57-5651-5958-4e7a49434167"), "SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)"), - - // Solo - Map.entry(UUID.fromString("8876631b-d4a0-427f-5773-0ec71c9e0279"), "Solo Secp256R1 FIDO2 CTAP2 Authenticator"), - Map.entry(UUID.fromString("8976631b-d4a0-427f-5773-0ec71c9e0279"), "Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator"), - - // Somu - Map.entry(UUID.fromString("9876631b-d4a0-427f-5773-0ec71c9e0279"), "Somu Secp256R1 FIDO2 CTAP2 Authenticator"), - - // Swissbit - Map.entry(UUID.fromString("931327dd-c89b-406c-a81e-ed7058ef36c6"), "Swissbit iShield FIDO2"), - - // Thales - Map.entry(UUID.fromString("b50d5e0a-7f81-4959-9b12-f45407407503"), "Thales IDPrime MD 3940 FIDO"), - Map.entry(UUID.fromString("efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4"), "Thales eToken FIDO"), - - // TrustKey - Map.entry(UUID.fromString("95442b2e-f15e-4def-b270-efb106facb4e"), "TrustKey G310(H)"), - Map.entry(UUID.fromString("87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c"), "TrustKey G320(H)"), - Map.entry(UUID.fromString("da776f39-f6c8-4a89-b252-1d86137a46ba"), "TrustKey T110"), - Map.entry(UUID.fromString("e3512a8a-62ae-11ea-bc55-0242ac130003"), "TrustKey T120"), - - // TOKEN2 - Map.entry(UUID.fromString("ab32f0c6-2239-afbb-c470-d2ef4e254db7"), "TOKEN2 FIDO2 Security Key"), - - // uTrust - Map.entry(UUID.fromString("73402251-f2a8-4f03-873e-3cb6db604b03"), "uTrust FIDO2 Security Key"), - - // Vancosys - Map.entry(UUID.fromString("39a5647e-1853-446c-a1f6-a79bae9f5bc7"), "Vancosys Android Authenticator"), - Map.entry(UUID.fromString("820d89ed-d65a-409e-85cb-f73f0578f82a"), "Vancosys iOS Authenticator"), - - // VinCSS - Map.entry(UUID.fromString("5fdb81b8-53f0-4967-a881-f5ec26fe4d18"), "VinCSS FIDO2 Authenticator"), - - // VivoKey - Map.entry(UUID.fromString("d7a423ad-3e19-4492-9200-78137dccc136"), "VivoKey Apex FIDO2"), - - // Windows Hello - Map.entry(UUID.fromString("08987058-cadc-4b81-b6e1-30de50dcbe96"), "Windows Hello Hardware Authenticator"), - Map.entry(UUID.fromString("6028b017-b1d4-4c02-b4b3-afcdafc96bb2"), "Windows Hello Software Authenticator"), - Map.entry(UUID.fromString("9ddd1817-af5a-4672-a2b9-3e3dd95000a9"), "Windows Hello VBS Hardware Authenticator"), - - // WiSECURE - Map.entry(UUID.fromString("504d7149-4e4c-3841-4555-55445a677357"), "WiSECURE AuthTron USB FIDO2 Authenticator"), - - // Yubico - Map.entry(UUID.fromString("0bb43545-fd2c-4185-87dd-feb0b2916ace"), "Security Key NFC by Yubico - Enterprise Edition"), - Map.entry(UUID.fromString("149a2021-8ef6-4133-96b8-81f8d5b7f1f5"), "Security Key by Yubico with NFC"), - Map.entry(UUID.fromString("2fc0579f-8113-47ea-b116-bb5a8db9202a"), "YubiKey 5 Series with NFC"), - Map.entry(UUID.fromString("6d44ba9b-f6ec-2e49-b930-0c8fe920cb73"), "Security Key by Yubico with NFC"), - Map.entry(UUID.fromString("73bb0cd4-e502-49b8-9c6f-b59445bf720b"), "YubiKey 5 FIPS Series"), - Map.entry(UUID.fromString("85203421-48f9-4355-9bc8-8a53846e5083"), "YubiKey 5Ci FIPS"), - Map.entry(UUID.fromString("a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa"), "Security Key by Yubico with NFC"), - Map.entry(UUID.fromString("b92c3f9a-c014-4056-887f-140a2501163b"), "Security Key by Yubico"), - Map.entry(UUID.fromString("c1f9a0bc-1dd2-404a-b27f-8e29047a43fd"), "YubiKey 5 FIPS Series with NFC"), - Map.entry(UUID.fromString("c5ef55ff-ad9a-4b9f-b580-adebafe026d0"), "YubiKey 5Ci"), - Map.entry(UUID.fromString("cb69481e-8ff7-4039-93ec-0a2729a154a8"), "YubiKey 5 Series"), - Map.entry(UUID.fromString("d8522d9f-575b-4866-88a9-ba99fa02f35b"), "YubiKey Bio Series"), - Map.entry(UUID.fromString("ee882879-721c-4913-9775-3dfcce97072a"), "YubiKey 5 Series"), - Map.entry(UUID.fromString("f8a011f3-8c0a-4d15-8006-17111f9edc7d"), "Security Key by Yubico"), - Map.entry(UUID.fromString("fa2b99dc-9e39-4257-8f92-4a30d23c4118"), "YubiKey 5 Series with NFC"), - Map.entry(UUID.fromString("34f5766d-1536-4a24-9033-0e294e510fb0"), "YubiKey 5 Series CTAP2.1 Preview Expired"), - Map.entry(UUID.fromString("83c47309-aabb-4108-8470-8be838b573cb"), "YubiKey Bio Series (Enterprise Profile)"), - - // Other authenticators - Map.entry(UUID.fromString("ad784498-1902-3f54-b99a-10bb7dbd9588"), "Apple MacBook Pro 14-inch, 2021"), - Map.entry(UUID.fromString("4ae71336-e44b-39bf-b9d2-752e234818a5"), "Apple Passkeys") - ); - - private AaguidList() { - throw new IllegalStateException("Should not be instantiated"); - } - - public static String vendorName(final byte[] aaguid) { - final String vendor = VENDORS.get(UUID.nameUUIDFromBytes(aaguid)); - return Objects.requireNonNullElse(vendor, "Unknown FIDO2 Authenticator"); - } - -} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2Authenticators.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2Authenticators.java new file mode 100644 index 000000000..e17818383 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2Authenticators.java @@ -0,0 +1,253 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2023 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import com.wultra.security.powerauth.client.model.enumeration.SignatureType; +import lombok.Data; +import lombok.extern.slf4j.Slf4j; + +import java.nio.ByteBuffer; +import java.util.*; +import java.util.function.Function; +import java.util.stream.Collectors; + +/** + * Class containing map of all known FIDO2 AAGUID authenticator identifiers. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Slf4j +public final class Fido2Authenticators { + + /** + * Model record representing an authenticator model. It associates the AAGUID value to a descriptive name + * and expected authentication factors available with a given authenticator. Most authenticators are set to + * provide only the possession factor on approval. In case the authenticator has a biometric sensor, it will be + * represented + */ + public record Model (UUID aaguid, String description, SignatureType signatureType) { + + public static Model of(String aaguid, String description) { + return new Model(UUID.fromString(aaguid), description, SignatureType.POSSESSION); + } + + public static Model of(String aaguid, String description, SignatureType signatureType) { + return new Model(UUID.fromString(aaguid), description, signatureType); + } + + public static Model unknown(UUID aaguid) { + return new Model(aaguid, "Unknown FIDO2 Authenticator", SignatureType.POSSESSION); + } + + public static Model unknown() { + return new Model(null, "Unknown FIDO2 Authenticator", SignatureType.POSSESSION); + } + + } + + private static final Set MODELS = Set.of( + // Android + Model.of("b93fd961-f2e6-462f-b122-82002247de78", "Android Authenticator with SafetyNet Attestation"), + + // ATKey + Model.of("ba76a271-6eb6-4171-874d-b6428dbe3437", "ATKey.ProS"), + Model.of("d41f5a69-b817-4144-a13c-9ebd6d9254d6", "ATKey.Card CTAP2.0"), + Model.of("e1a96183-5016-4f24-b55b-e3ae23614cc6", "ATKey.Pro CTAP2.0"), + Model.of("e416201b-afeb-41ca-a03d-2281c28322aa", "ATKey.Pro CTAP2.1"), + + // Atos + Model.of("1c086528-58d5-f211-823c-356786e36140", "Atos CardOS FIDO2"), + + // Crayonic + Model.of("be727034-574a-f799-5c76-0929e0430973", "Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)"), + + // Cryptnox + Model.of("9c835346-796b-4c27-8898-d6032f515cc5", "Cryptnox FIDO2"), + + // Ensurity + Model.of("454e5346-4944-4ffd-6c93-8e9267193e9a", "Ensurity ThinC"), + + // ESS + Model.of("5343502d-5343-5343-6172-644649444f32", "ESS Smart Card Inc. Authenticator"), + + // eWBM + Model.of("61250591-b2bc-4456-b719-0b17be90bb30", "eWBM eFPA FIDO2 Authenticator"), + + // FEITIAN + Model.of("12ded745-4bed-47d4-abaa-e713f51d6393", "AllinPass FIDO"), + Model.of("2c0df832-92de-4be1-8412-88a8f074df4a", "FIDO Java Card"), + Model.of("310b2830-bd4a-4da5-832e-9a0dfc90abf2", "MultiPass FIDO"), + Model.of("3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d", "Feitian iePass FIDO Authenticator"), + Model.of("6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d", "iePass FIDO"), + Model.of("77010bd7-212a-4fc9-b236-d2ca5e9d4084", "BioPass FIDO"), + Model.of("833b721a-ff5f-4d00-bb2e-bdda3ec01e29", "ePassFIDO K10, A4B, K28"), + Model.of("8c97a730-3f7b-41a6-87d6-1e9b62bda6f0", "FIDO Fingerprint Card"), + Model.of("b6ede29c-3772-412c-8a78-539c1f4c62d2", "BioPass FIDO Plus"), + Model.of("ee041bce-25e5-4cdb-8f86-897fd6418464", "ePassFIDO K39, NFC, NFC Plus"), + + // GoTrust + Model.of("3b1adb99-0dfe-46fd-90b8-7f7614a4de2a", "GoTrust Idem Key FIDO2 Authenticator"), + Model.of("9f0d8150-baa5-4c00-9299-ad62c8bb4e87", "GoTrust Idem Card FIDO2 Authenticator"), + + // HID Global + Model.of("54d9fee8-e621-4291-8b18-7157b99c5bec", "HID Crescendo Enabled"), + Model.of("692db549-7ae5-44d5-a1e5-dd20a493b723", "HID Crescendo Key"), + Model.of("aeb6569c-f8fb-4950-ac60-24ca2bbe2e52", "HID Crescendo C2300"), + + // Hideez + Model.of("3e078ffd-4c54-4586-8baa-a77da113aec5", "Hideez Key 3 FIDO2"), + Model.of("4e768f2c-5fab-48b3-b300-220eb487752b", "Hideez Key 4 FIDO2 SDK"), + + // Hyper + Model.of("9f77e279-a6e2-4d58-b700-31e5943c6a98", "Hyper FIDO Pro"), + Model.of("d821a7d4-e97c-4cb6-bd82-4237731fd4be", "Hyper FIDO Bio Security Key"), + + // MKGroup + Model.of("f4c63eff-d26c-4248-801c-3736c7eaa93a", "FIDO KeyPass S3"), + + // KEY-ID + Model.of("d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3", "KEY-ID FIDO2 Authenticator"), + + // NEOWAVE + Model.of("3789da91-f943-46bc-95c3-50ea2012f03a", "NEOWAVE Winkeo FIDO2"), + Model.of("c5703116-972b-4851-a3e7-ae1259843399", "NEOWAVE Badgeo FIDO2"), + + // NXP Semiconductors + Model.of("07a9f89c-6407-4594-9d56-621d5f1e358b", "NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator"), + + // OCTATCO + Model.of("a1f52be5-dfab-4364-b51c-2bd496b14a56", "OCTATCO EzFinger2 FIDO2 AUTHENTICATOR"), + Model.of("bc2fe499-0d8e-4ffe-96f3-94a82840cf8c", "OCTATCO EzQuant FIDO2 AUTHENTICATOR"), + + // OneSpan + Model.of("30b5035e-d297-4fc1-b00b-addc96ba6a97", "OneSpan FIDO Touch"), + + // Precision InnaIT + Model.of("88bbd2f0-342a-42e7-9729-dd158be5407a", "Precision InnaIT Key FIDO 2 Level 2 certified"), + + // SmartDisplayer + Model.of("516d3969-5a57-5651-5958-4e7a49434167", "SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)"), + + // Solo + Model.of("8876631b-d4a0-427f-5773-0ec71c9e0279", "Solo Secp256R1 FIDO2 CTAP2 Authenticator"), + Model.of("8976631b-d4a0-427f-5773-0ec71c9e0279", "Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator"), + + // Somu + Model.of("9876631b-d4a0-427f-5773-0ec71c9e0279", "Somu Secp256R1 FIDO2 CTAP2 Authenticator"), + + // Swissbit + Model.of("931327dd-c89b-406c-a81e-ed7058ef36c6", "Swissbit iShield FIDO2"), + + // Thales + Model.of("b50d5e0a-7f81-4959-9b12-f45407407503", "Thales IDPrime MD 3940 FIDO"), + Model.of("efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4", "Thales eToken FIDO"), + + // TrustKey + Model.of("95442b2e-f15e-4def-b270-efb106facb4e", "TrustKey G310(H)"), + Model.of("87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c", "TrustKey G320(H)"), + Model.of("da776f39-f6c8-4a89-b252-1d86137a46ba", "TrustKey T110"), + Model.of("e3512a8a-62ae-11ea-bc55-0242ac130003", "TrustKey T120"), + + // TOKEN2 + Model.of("ab32f0c6-2239-afbb-c470-d2ef4e254db7", "TOKEN2 FIDO2 Security Key"), + + // uTrust + Model.of("73402251-f2a8-4f03-873e-3cb6db604b03", "uTrust FIDO2 Security Key"), + + // Vancosys + Model.of("39a5647e-1853-446c-a1f6-a79bae9f5bc7", "Vancosys Android Authenticator"), + Model.of("820d89ed-d65a-409e-85cb-f73f0578f82a", "Vancosys iOS Authenticator"), + + // VinCSS + Model.of("5fdb81b8-53f0-4967-a881-f5ec26fe4d18", "VinCSS FIDO2 Authenticator"), + + // VivoKey + Model.of("d7a423ad-3e19-4492-9200-78137dccc136", "VivoKey Apex FIDO2"), + + // Windows Hello + Model.of("08987058-cadc-4b81-b6e1-30de50dcbe96", "Windows Hello Hardware Authenticator"), + Model.of("6028b017-b1d4-4c02-b4b3-afcdafc96bb2", "Windows Hello Software Authenticator"), + Model.of("9ddd1817-af5a-4672-a2b9-3e3dd95000a9", "Windows Hello VBS Hardware Authenticator"), + + // WiSECURE + Model.of("504d7149-4e4c-3841-4555-55445a677357", "WiSECURE AuthTron USB FIDO2 Authenticator"), + + // Wultra + Model.of("57415531-2e31-4020-a020-323032343032", "Wultra Authenticator 1", SignatureType.POSSESSION_KNOWLEDGE), + + // Yubico + Model.of("0bb43545-fd2c-4185-87dd-feb0b2916ace", "Security Key NFC by Yubico - Enterprise Edition"), + Model.of("149a2021-8ef6-4133-96b8-81f8d5b7f1f5", "Security Key by Yubico with NFC"), + Model.of("2fc0579f-8113-47ea-b116-bb5a8db9202a", "YubiKey 5 Series with NFC"), + Model.of("6d44ba9b-f6ec-2e49-b930-0c8fe920cb73", "Security Key by Yubico with NFC"), + Model.of("73bb0cd4-e502-49b8-9c6f-b59445bf720b", "YubiKey 5 FIPS Series"), + Model.of("85203421-48f9-4355-9bc8-8a53846e5083", "YubiKey 5Ci FIPS"), + Model.of("a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa", "Security Key by Yubico with NFC"), + Model.of("b92c3f9a-c014-4056-887f-140a2501163b", "Security Key by Yubico"), + Model.of("c1f9a0bc-1dd2-404a-b27f-8e29047a43fd", "YubiKey 5 FIPS Series with NFC"), + Model.of("c5ef55ff-ad9a-4b9f-b580-adebafe026d0", "YubiKey 5Ci"), + Model.of("cb69481e-8ff7-4039-93ec-0a2729a154a8", "YubiKey 5 Series"), + Model.of("d8522d9f-575b-4866-88a9-ba99fa02f35b", "YubiKey Bio Series"), + Model.of("ee882879-721c-4913-9775-3dfcce97072a", "YubiKey 5 Series"), + Model.of("f8a011f3-8c0a-4d15-8006-17111f9edc7d", "Security Key by Yubico"), + Model.of("fa2b99dc-9e39-4257-8f92-4a30d23c4118", "YubiKey 5 Series with NFC"), + Model.of("34f5766d-1536-4a24-9033-0e294e510fb0", "YubiKey 5 Series CTAP2.1 Preview Expired"), + Model.of("83c47309-aabb-4108-8470-8be838b573cb", "YubiKey Bio Series (Enterprise Profile)"), + + // Other authenticators + Model.of("ad784498-1902-3f54-b99a-10bb7dbd9588", "Apple MacBook Pro 14-inch, 2021"), + Model.of("4ae71336-e44b-39bf-b9d2-752e234818a5", "Apple Passkeys") + + ); + + private static final Map MODEL_MAP = initializeFromModels(); // prepare a quick to query map with models addressed by AAGUID + + private static Map initializeFromModels() { + return MODELS.stream().collect(Collectors.toMap(Model::aaguid, Function.identity())); + } + + private Fido2Authenticators() { + throw new IllegalStateException("Should not be instantiated"); + } + + /** + * Return model by AAGUID value. In case the AAGUID is not known, the method returns model with the provided + * AAGUID and generic name for unknown authenticator. + * + * @param aaguid AAGUID value. + * @return Model. + */ + public static Model modelByAaguid(final byte[] aaguid) { + final UUID uuid = uuidFromBytes(aaguid); + if (uuid == null) { + return Model.unknown(); + } + return Objects.requireNonNullElse(MODEL_MAP.get(uuid), Model.unknown(uuid)); + } + + private static UUID uuidFromBytes(byte[] bytes) { + if (bytes == null || bytes.length != 16) { // strange byte array length, UUID requires 16 bytes + logger.debug("Invalid byte length provided for UUID: {}", bytes); + return null; + } + final ByteBuffer bb = ByteBuffer.wrap(bytes); + return new UUID(bb.getLong(), bb.getLong()); + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index fcde27cf7..2efa15b75 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -21,9 +21,7 @@ import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.converter.AssertionChallengeConverter; import com.wultra.powerauth.fido2.rest.model.converter.AssertionConverter; -import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; -import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse; -import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.entity.*; import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; import com.wultra.powerauth.fido2.rest.model.request.AssertionVerificationRequest; import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; @@ -101,17 +99,19 @@ public AssertionVerificationResponse authenticate(AssertionVerificationRequest r final Optional authenticatorOptional = authenticatorProvider.findByCredentialId(applicationId, authenticatorId); authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); final AuthenticatorDetail authenticatorDetail = authenticatorOptional.get(); + final AuthenticatorData authenticatorData = response.getAuthenticatorData(); + final CollectedClientData clientDataJSON = response.getClientDataJSON(); if (authenticatorDetail.getActivationStatus() == ActivationStatus.ACTIVE) { - final boolean signatureCorrect = cryptographyService.verifySignatureForAssertion(applicationId, authenticatorId, response.getClientDataJSON(), response.getAuthenticatorData(), response.getSignature(), authenticatorDetail); + final boolean signatureCorrect = cryptographyService.verifySignatureForAssertion(applicationId, authenticatorId, clientDataJSON, authenticatorData, response.getSignature(), authenticatorDetail); if (signatureCorrect) { - assertionProvider.approveAssertion(challenge, authenticatorDetail); + assertionProvider.approveAssertion(challenge, authenticatorDetail, authenticatorData, clientDataJSON); return assertionConverter.fromAuthenticatorDetail(authenticatorDetail, signatureCorrect); } else { - assertionProvider.failAssertion(challenge, authenticatorDetail); + assertionProvider.failAssertion(challenge, authenticatorDetail, authenticatorData, clientDataJSON); throw new Fido2AuthenticationFailedException("Authentication failed due to incorrect signature."); } } else { - assertionProvider.failAssertion(challenge, authenticatorDetail); + assertionProvider.failAssertion(challenge, authenticatorDetail, authenticatorData, clientDataJSON); throw new Fido2AuthenticationFailedException("Authentication failed due to incorrect authenticator state."); } } catch (Exception e) { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java index b6491f773..8577f37ef 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java @@ -20,7 +20,9 @@ import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.entity.CollectedClientData; import java.util.List; import java.util.Map; @@ -47,21 +49,25 @@ public interface AssertionProvider { /** * Approve assertion. * - * @param challengeValue Challenge value. + * @param challengeValue Challenge value. * @param authenticatorDetail Authenticator information. + * @param authenticatorData Authenticator data. + * @param clientDataJSON Client data. * @return Assertion challenge. * @throws Fido2AuthenticationFailedException In case assertion approval fails. */ - AssertionChallenge approveAssertion(String challengeValue, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException; + AssertionChallenge approveAssertion(String challengeValue, AuthenticatorDetail authenticatorDetail, AuthenticatorData authenticatorData, CollectedClientData clientDataJSON) throws Fido2AuthenticationFailedException; /** * Fail assertion approval. * - * @param challenge Challenge for assertion. + * @param challenge Challenge for assertion. * @param authenticatorDetail Authenticator detail. + * @param authenticatorData Authenticator data. + * @param clientDataJSON Client data. * @return Info about the assertion. * @throws Fido2AuthenticationFailedException In case assertion approval fails. */ - AssertionChallenge failAssertion(String challenge, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException; + AssertionChallenge failAssertion(String challenge, AuthenticatorDetail authenticatorDetail, AuthenticatorData authenticatorData, CollectedClientData clientDataJSON) throws Fido2AuthenticationFailedException; } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index 0410e98f6..31b4dbd8d 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -21,8 +21,7 @@ import com.wultra.core.audit.base.model.AuditDetail; import com.wultra.core.audit.base.model.AuditLevel; import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; -import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; -import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.entity.*; import com.wultra.powerauth.fido2.service.provider.AssertionProvider; import com.wultra.security.powerauth.client.model.entity.KeyValue; import com.wultra.security.powerauth.client.model.enumeration.OperationStatus; @@ -46,10 +45,7 @@ import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import java.util.Date; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; +import java.util.*; /** * Service responsible for assertion verification. @@ -64,6 +60,8 @@ public class PowerAuthAssertionProvider implements AssertionProvider { private static final String ATTR_ACTIVATION_ID = "activationId"; private static final String ATTR_APPLICATION_ID = "applicationId"; private static final String ATTR_AUTH_FACTOR = "authFactor"; + private static final String ATTR_ORIGIN = "origin"; + private static final String ATTR_TOP_ORIGIN = "topOrigin"; private final ServiceBehaviorCatalogue serviceBehaviorCatalogue; private final RepositoryCatalogue repositoryCatalogue; @@ -96,7 +94,7 @@ public AssertionChallenge provideChallengeForAssertion(List applicationI @Override @Transactional - public AssertionChallenge approveAssertion(String challengeValue, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException { + public AssertionChallenge approveAssertion(String challengeValue, AuthenticatorDetail authenticatorDetail, AuthenticatorData authenticatorData, CollectedClientData clientDataJSON) throws Fido2AuthenticationFailedException { try { final String[] split = challengeValue.split("&", 2); @@ -111,8 +109,8 @@ public AssertionChallenge approveAssertion(String challengeValue, AuthenticatorD operationApproveRequest.setData(operationData); operationApproveRequest.setApplicationId(authenticatorDetail.getApplicationId()); operationApproveRequest.setUserId(authenticatorDetail.getUserId()); - operationApproveRequest.setSignatureType(SignatureType.POSSESSION_KNOWLEDGE); //TODO: Use correct type - operationApproveRequest.getAdditionalData().putAll(prepareAdditionalData(authenticatorDetail, operationApproveRequest.getSignatureType())); + operationApproveRequest.setSignatureType(supportedSignatureType(authenticatorDetail, authenticatorData.getFlags().isUserVerified())); + operationApproveRequest.getAdditionalData().putAll(prepareAdditionalData(authenticatorDetail, authenticatorData, clientDataJSON)); final OperationUserActionResponse approveOperation = serviceBehaviorCatalogue.getOperationBehavior().attemptApproveOperation(operationApproveRequest); final UserActionResult result = approveOperation.getResult(); final OperationDetailResponse operation = approveOperation.getOperation(); @@ -136,7 +134,7 @@ public AssertionChallenge approveAssertion(String challengeValue, AuthenticatorD @Override @Transactional - public AssertionChallenge failAssertion(String challengeValue, AuthenticatorDetail authenticatorDetail) throws Fido2AuthenticationFailedException { + public AssertionChallenge failAssertion(String challengeValue, AuthenticatorDetail authenticatorDetail, AuthenticatorData authenticatorData, CollectedClientData clientDataJSON) throws Fido2AuthenticationFailedException { try { final Date currentTimestamp = new Date(); @@ -145,7 +143,7 @@ public AssertionChallenge failAssertion(String challengeValue, AuthenticatorDeta final OperationFailApprovalRequest operationFailApprovalRequest = new OperationFailApprovalRequest(); operationFailApprovalRequest.setOperationId(operationId); - operationFailApprovalRequest.getAdditionalData().putAll(prepareAdditionalData(authenticatorDetail, SignatureType.POSSESSION_KNOWLEDGE)); + operationFailApprovalRequest.getAdditionalData().putAll(prepareAdditionalData(authenticatorDetail, authenticatorData, clientDataJSON)); final ActivationRecordEntity activationWithLock = repositoryCatalogue.getActivationRepository().findActivationWithLock(authenticatorDetail.getActivationId()); @@ -229,15 +227,22 @@ private void handleInvalidSignatureImpl(ActivationRecordEntity activation, Signa /** * Prepare map with additional data stored with the operation. + * * @param authenticatorDetail Authenticator detail. - * @param signatureType Used signature type. + * @param authenticatorData Authenticator data. + * @param clientDataJSON Client data. * @return Additional data map. */ - private Map prepareAdditionalData(final AuthenticatorDetail authenticatorDetail, final SignatureType signatureType) { + private Map prepareAdditionalData( + final AuthenticatorDetail authenticatorDetail, + final AuthenticatorData authenticatorData, + final CollectedClientData clientDataJSON) { final Map additionalData = new LinkedHashMap<>(); additionalData.put(ATTR_ACTIVATION_ID, authenticatorDetail.getActivationId()); additionalData.put(ATTR_APPLICATION_ID, authenticatorDetail.getApplicationId()); - additionalData.put(ATTR_AUTH_FACTOR, signatureType); + additionalData.put(ATTR_AUTH_FACTOR, supportedSignatureType(authenticatorDetail, authenticatorData.getFlags().isUserVerified())); + additionalData.put(ATTR_ORIGIN, clientDataJSON.getOrigin()); + additionalData.put(ATTR_TOP_ORIGIN, clientDataJSON.getTopOrigin()); return additionalData; } @@ -262,6 +267,16 @@ private void handleStatus(OperationStatus status) throws Fido2AuthenticationFail } } + private SignatureType supportedSignatureType(AuthenticatorDetail authenticatorDetail, boolean userVerified) { + final String aaguidBase64 = (String) authenticatorDetail.getExtras().get("aaguid"); + if (aaguidBase64 != null) { + final byte[] aaguid = Base64.getDecoder().decode(aaguidBase64); + return userVerified ? Fido2Authenticators.modelByAaguid(aaguid).signatureType() : SignatureType.POSSESSION; + } else { + return SignatureType.POSSESSION; + } + } + private static AuditingServiceBehavior.ActivationRecordDto createActivationDtoFrom(ActivationRecordEntity activation) { return AuditingServiceBehavior.ActivationRecordDto.builder() .activationId(activation.getActivationId()) From f7beef585aa229d7404726ff86ea484dbdf4939a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Ra=C4=8Dansk=C3=BD?= Date: Tue, 5 Mar 2024 09:49:39 +0100 Subject: [PATCH 105/146] Fix #1376: Liquibase on MSSQL throws error (#1377) * Set onError="MARK_RAN" for pa_operation_application_application_id_fk --- docs/PowerAuth-Server-1.6.0.md | 6 ++++-- .../1.6.x/20231106-add-foreign-keys.xml | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/PowerAuth-Server-1.6.0.md b/docs/PowerAuth-Server-1.6.0.md index cc40ad151..c413c2a89 100644 --- a/docs/PowerAuth-Server-1.6.0.md +++ b/docs/PowerAuth-Server-1.6.0.md @@ -31,8 +31,10 @@ Add foreign key constraints to relating table `pa_operation_application`. Applying this change may fail if there is an inconsistency between tables `pa_operation_application` and `pa_application` or `pa_operation`. Make sure that `pa_operation_application.application_id` contains references to existing `pa_application.id` and `pa_operation_application.operation_id` contains references to -existing `pa_operation.id`. If necessary, manually remove orphaned records in `pa_operation_application`. Consider -creating a backup before this operation. +existing `pa_operation.id`. +Also the column type of `pa_operation_application.application_id` must be the same as the type of `pa_operation.id`. +If necessary, manually remove orphaned records in `pa_operation_application`. +Consider creating a backup before this operation. ### Add activation_id Column diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml b/docs/db/changelog/changesets/powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml index ce6a54098..acece2348 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml @@ -4,7 +4,7 @@ xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd"> - + From 1e6b9543b76ea2d735dffb12310df035ff4936ce Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Tue, 5 Mar 2024 10:45:04 +0100 Subject: [PATCH 106/146] Fix #1370: Update arch_db_structure diagram --- docs/images/arch_db_structure.png | Bin 941345 -> 911303 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/images/arch_db_structure.png b/docs/images/arch_db_structure.png index 26c1bff15d496eaddadf7dcdd33784e50f4ca5bf..711f7b2cea0b91f386a1b396ac68d454ff632341 100644 GIT binary patch literal 911303 zcmeEuhg*}+wl1JxiP#BBM@3YcQl&Q)0RaUG5C}y&N$5p7sGz76LArn_MFrv@67jy(-!Vy_>F@3LUDQW19BI3u{Al8!aum8?^FKI!5}lbccRd zq5aa)v(YjBt4v3yLC=0r)}_Dp?>Y>0bT94c4*$CjnD+Vm=RWO4yZhgthd$E(Y4Ib& ze(fVc9}gXrtAF2SHSf1a`#9!&-^h)Q4sh=Gi=Hm&!v$JvM)r>l-3_%K$XGhTg)OX{ zo>&V%g**Sgi%#yT46O*acDLYp3Wqtm$vl<6^sgE+wDRxEBA0mnRmB}Df5}kmA&;t) zt2K|L@J->HmlTfk@bJjFTG`0x-nsYh+i8EvU$S#|ca{+m@$&K#_7W3za|7v8vojcZUmag{B?)FZOJiptuc;e*YE`RCL?*|?H z{8vBS?QQ-%$9sx;QZDt)_OgF|>>hKjrl*BT;O!VzOfBa-hPC>akqa9eWhYLabl{Pjs51uu`hIEhoDI7V28Wg@ z3@u4W*gW4C)Stn(I?yCYcQAH4dIS@u*=*qr-Np}XG4FhNOXy15U*%@Tu+5sb z;gj0RwBN13_Wen0 ztWjzD`t=Uv)NM~*f7vzS`qKqVMgFhE`;A=_6R2~?XDjkViIRY(&p*HT`j-q<6c7OY z$Qy+9i*Aoe;?>s4gaxV)j_%OqznG+ob2O1HypSQ>+3$kQmzoH8@|Y5IGI?<4*``}& zNuG*I`YmR$(a+NlG+P3e>~AK=n_c1Lgo}!bU-M?X8yy{;rM&p_WsO3bnei?DvYP&9 zL%f`&h|l`EU1EG9`86S}PRHBn|GJVM96wFBg80*~#ViKU60vK5FAY2WMpqwlIlb@} ztKn6~=Ya=|$d)Bb_%fyUmcSD~mgUJJlEViiCH z`*_f;_HL0sRXZm)_ubt$Kxl|#6##z7Cve@GaDn?&Il+@t%GhRazzX+5;n^EvE zlrqJ*;wkdijk8!Ui0-MUf|pJB{z~0eW&oNq1`e`M?kX^ZLs( z*oq`e5r}7W|K1zixNK>Frer1d(eXDLR^}gd7QEAXD~Y#{tV@-F+JW~;9_!t3uV61_ z<@C1>W&Hy^>GY*cU)g5x-QCU4Lf%}FkkERqIZ<}YX=hz(e3v>O_qw@!J~f%0V$Z|r zL4gaW5T6mVI~r0WAzdaXzdZ7}7m5q;^?j4PGE&k1((i8@&MQrNuu|i=rM2$8Zhmicd@t56r-pItyE4w=mXVS180J5q#vSm`)Z6+wAXo&qeaLmj z-u8Y3Qz0l32cHF&FAS#PGz{{K@X6_w++A_q-kY1Q18Zr~L}IzH`~2KoRCemq2lJKG zBd#NS3-JP|?I7`P0#qsK6FGSj>%8Hmqj;S%uyfAHe>n#n=3B{x;6y$1s;z4f6~BG0 zLvb%}``2KahPr)u^2?AqoEPk;^xzkv^a{rJhYLYudcr)SH9F0n8(tn*}n-aQQRT%j}@u~d?p~`bOtvrPXBz^JMY!E z%))jvvgsSMNR!AswLBx!wv34|(ebxk=B6xdpGf8GNHn^%Z$8!dKh~xj+)av$L+PWm zT$e&7o8&3|LY!=IgRU)Y%ZVKU+5wBtWzk6(RmbWb-{p}=hzJ}GNBzQNI|*Vy$nej~ z@IWUV;$d5R`@0?}UgI%IkU&_7(O?!8Aq3&;`iR6$*CoFA^3#3zv-5UNUKWdYS*vx} zW@k-g$EJg`&O7#9HXsUKv<=6v~?Pk9d3a^`vyD`$kx--8;{l$A#A4Qvb1=h zki~83IfcsW3r_gLVm>njvUt^2b(Fq*`!!;GuDB!i=esj~82B69f`B-WY4Q4Fqz{)1 z?*apJyuid`jh!k(mgS4KsX_=)iXa4h9j5>N?-ojpW}(*Qpf<1fEfj|oy+{xm)G>-> zLROYu(xXa?=N`)eHTxt(Kf;FG4R~%{8@bEf$-g1bfX1ZK|OvF<^7OZI4fC z=jYn;*U?BU+AluekWU^9Tv&w?vA8okGX#f0im7|~V>`YT5K9i<=RLddY4?ix!_9a2+Sa-Q=rK+RtA++oxKf;@GwTQOL23F)0Il88dWF; z^{k^;Ga8EQmd;i#cy8wJZL@CvVpX^tsj&PJkWI)l;>W9yQfps@)+<)5_%1iGqk4dy zcu!gN=4OGC8)ZXnZ=Ck6(!P*?1GZwdAmESUNh2}6eK0kgz*up*JHMv_v$;dB-jfTd z9?G>OSLz&hLy`-S@$7(Lvp3J~3Ix>uO3urG+kJ^=5r~5VrVHj2f8_O)YF^=&GVp}? zH|bZJI@jKHt><@gtwn^hgx}*+f3C-Am=7~6gc?%qjadovWSWw`6Br5%XDX#9Xb_)) z5hzZ=O^MU@yJv=hto)M$446=-jQW@0@>!kMX7j&L+;5_e~Jd~cU~2WFzt>`T^!sTTKzrnQCWp~{hK=Xia@*h|tW zlXyF{w|feU@5Fg6ykGF21oo9%Qpf!7W|raz-U;gY?Uhwk_RFSdYs{`?Y^CQOkl_?F z^LK&Sv^a5pI6UR$%ap<~1aw=j)^l}b3K4wW_$JoNtP(a<^aurXWN5Ss(| z2XywRaf>Cp7+W|}2Nqi>EnO}gM8?k$_BIIl4$0H6P~*m9?S+;|j}r7dR9s>}OAItp_~n;z;1 z_HyXD%MT%qO+A#6=+{*vp*rPjfrZ5@D#}3D)`{ies>w=Hbe%?E##2kry5h7 zcngqsVfW6-VA%WpKc(pm7WuYF?VEvphlVEl;4;>ajPCu4Pp-b&Hys?6K_S(^x55dE z2EX^{mbm=)vh&+H8FnOFfWzLZ&fcBpgB^Au4!P&;hqn?t{O&32ZHjykLS<4({M<2J zI*O2c=x73h0do@%b%NEBGl{@HmB#=fLVn;QuD~h!>jDB^vx8L&%aj)166O;9TB0|` z(UBTliDHw?vp~UtM~&;styfx563aATJl@W&INV<7TbgS~ExKWba|{ej``|KR{F7&)OCM+u_l&&H!l2A` zg2W3E-y!{(q}*9vCl5ER4<|_6zN;3K?jv{Ozk5$sH$o`-kV(o?BbV#!RsO42rz`ug zEuY9pRpB}9PB)=~Q<0J07YnH${%WR|M3m?__Bs+S{(&n(=E2$MJHpqIQMRc8x}=k* zT4b1IalW6xWaG(a8nRjW`HeKxaMSDYA<|3ktys`VDBl;}Z2jXpI=qm(D9~zEh0Al$ z$%XjM6;_AYQUB#_H=ULlz4rH$sXIuFELU^`m<7gy%&#b_MSdpr^zjDn8ko7o7J2HJ zM!{+q+fztm#zPy}3QAo|MnS>%a9eW5OfHC%=z3 zn5vwA7t!vy*_O{86?f=}6`2?_&gfBy=@c+P#f^=f@2jp>H}%^!Vl^cB)c)Q+jYoUu zk$&1prtc&Z#)1%nHH*Zpz0bSM!*~9+7!t24(aCkCUZA|$Uknv(48X;RNT}~vv}j+^ zG|OgFWZ>95kC2hoHH>Gx{pvHDvWwhc^N7+K|ARE2e)4xj&`W z!By zb=LDB_m8AoAO~ssC?U6_Dh1H=_em38TGj6Cm(Cq2Wc>7!I5!ACIejtlY^TFWdb%L^)pqJf!!#q{unX zyuZ;uJ;Eq>c&#de05|*&BPUU*RLHEAZ{U?=M03yS&4;8B6=RZ9&v!CXNciZsX?qJYa+XC#D_xO#33t3t$X-I^la zBPG=pTf8xp@YI-rCERfPBjp1M%O;kFWAc3Z9{>-AXGx#dfnPv-K>c-1Oy+Lb4#<={ z`4J!a&D?EMbD4RRwroT2EAEKgs^jku0|vd62;%1CbnEGOiAYr#as0rpvcDSsfThz< z^=L$_6yGnpg8{7{HPo~LFzxIH(YC#^n+eW0t5T~Gb$Imq#>U3XoWdskC;U^se_eMQ zr+MfiA}7BK?mr-S^wLcQuDC1kO&B>%%87&`N2^9(ILc89{Lwgm_2O9X;gW4Hl{YD$ zf4;J^&3J`in!xeI&5o#x2g=&0RRcbRyZ0SygF<#ed#Zzjh8RN| z$(K&Js~qiRYdu!TlC~Cb5`AO&m`ig1;s4a3pqeu@f|Q&0!pj5hw)mb>%N?N;7>7qt z_Ew-8!&s%u>dnOC|9S7C4?U3TQ+Z@zf3Wn2uQHm9X)dy-RiApXwX|uH$nu|eeWcOB z+iV8|ILdRAo$(7pYPe2{^g$Q))viYH^hd^3!KdFJoY_}_+rkXT0ywX(Q;vApn=kP_ zm}091@z3#v6%z2mM0~vU-$*AKJS#P$g#yS@ldlh&K5_1cxk3F<*phHqM5W-dBziUe z&de$yz0k(1S01^IeBt`FvT5aPb!P(fSVK9W>TP5sRB0}xUJTZ(=8Th6D+L#g4>cB) zyIeJPB+d5v8V5?tNX&Ex3|JNcF}|~6{9mfG$>h>e_)3I})5hQUmD2>8B>ubW!*Td* zwAG~&Glsrwb=O*3D-(q8bJ1&)X5v@X!;YQ(>DLLkeD2&i>yA_z@7)I0j4uVwHx6Th z9$(h-5(D1zsm<{6GF6iHul8zR9j*N6vE?EeDr@$Vf*J{@dTzhHQzygCY!-QI?qtZf zE2ral@ppSgvY0Pi8IiI8Umsj2N%~h)$|+qD$pKm-1#9a@j7YAV9&crLKMoVW zB?Y9WBu7Wj%(tQZ7bTuF8k6SgBWK%6^D1;{d$_f`m0@^v#+NS-RMMkX*VZ1iiAYNu zJ*%~1$3vj*?sx7r-s5}peAFE+DTO;y%ywZa=2x`qMK+Eo<(=gtC6B2W5bp;5vzJry6M2pq(Cm1sI@&p-ZR zPj6@Jn+ybt6uKozPuqfoqdKW4?F?Z156X27jJ{oL+ zSRi{?_ne*Xq2}i2yN%?9PfE%+-f&YL{md3+e1C^nCTVKeSZaw}E-lIh6&1T#2f97C zva-_jXfu&|k+`<%KHclPYM4gb{$t0?Uq@VYoy4FyqXt9eb#>*=3utg+VWYtvgY@Zf;QH*#|9h3PQ4`T!evmmVYvYgc>eA_rS1!NRE0 zA$+bMUC&tm2r`6c=qql&P2#Nfp1nFvo{be{787b62sE!2G_AN(-zw~F-6h~UVQ*XZ z(W?b76n*}It7S%JX4B?m6)7Z@-E?rc?g`>(1TqEcWlnkl013f3PtBT$U(wdm@=7~l zcN?y3AE5m1?QA7weZ6c4)Ca9~eyCXd2rKalAs70m`TKe8RxA@0uBPi!iqB)*d5( zDr-hRz|5i`zOVb&2T1+$z1Rw%Cm3oAMaX&0Uo!B(xiwxzc5D4CoX|8jegi62G<$B! z@Js1`R{(s1 z%a5j~2djTO%qmRv5WaZPh&V5;_k6~YMnTQ;kH8p3eYsdbweP{`)qV;= z#oe2+;hiYMm|}vuR0hrVw&Is@*=f<8ovt*lug25lCB|uYmvbmajoaU_xkX^CL{G;p z-31KBmY^}s5U-sFsvRdNeaO=sgRuwXs8gAh3Hp20!)Zg~~ySv58r@NZJ z-3J~L~*iky?MdCYpO5v9_ix)IIdwIflGsigrcIDw?VO zEC|iV4Ap^fRcKXAt|iGT{IP%1lqTgNJJl*EtVD>9i5!{M1x| z;YVn2kv^W-@d(~i;l09yoagi)Om#V!K=b89ML)6BkIpCT?sBmbQHI{H0TrK<;u>kb zA839ZH=5@|K)28$uGA7L+688U(9ov&%^n`ICJjXclUW9YmIzK`tIE)xN`HA>6WxjS z98#s0q!W<`FNt-eoJ=u`1B5lYa~M+yxgY!fK*T>Ko0oKZe0H94wl-n=Gyz9Q(ADyv zXO^;2v02zjzM=&#BM{5`N-~7a>Z-&2nXa3?llWxx57Cc8FX3H+UHbW0srgJyMCu94 z6%9>DuS1%V>{N%}OmUIpz;uy5Vbvcj@Vp+}G!ugH)YfpwecWL-e6R3fuVgiH0kQYi zu4UqI8d{y}y;_OS#^z+2hyGV%3@o}R`YZw4m-2B)&P>3IXw9GHG7YI8pTdD<_B*e2DyZ~?EoTfM@9Jj%moWgvr z7qVw%cPG5FqFT8zysfR%1;u8RXMgJNpa=B5%R^zf|o(S9r-_Cgq zpzrL9{P#6UU;H*^(5@4S*;A=q{2^#-!AO2u7+pxeS&Zf9@vDjKRNSE zopNvV$E(oDFt9R5PfhV`4Lz$Vm<7og54>c2^I~U>dlkk*o1kG#5`2JJb0Bk_boVG* zITYMPXV_63_YF>z@fjMFFLIxD%}J5fS$1`ka8KbsCFh)W;>1bpS_sm*n6Vg`0OlbM z4qoCHGR~Z(oYb(j#UW0t+i%FA2&Er;h;qj00t6UO^$13#Iw`vZ2Iik|S-bLHzYkaG@99PHlY!iW|R~L!km7 zjb11&vmEjlc8SC7of2UH2*SawP$ERngLzCD`GCd~{#fsWv)zx>2u3NxdRmy*d^2dd zDUlzX>Af^Gl8V_cOm+EZHT@0lonD}U`K8?#i3fhV^LvH>W)oSGY(|zt1jbfDFJOlq zS>!(=y}2T?m-wM)J=&^6DCUFao@%`@f)>YX0Tykc8(gd8HoIertTvBd>;ZnwA$}`E zXEuc7^2O?-o?*(%oAehI7F(!%iq%TmisTaz+fq}{d1Cs=#7CyGLs$jJ&nHftxNj8j zZjP|tLG}^B^d;5eWy*O(%mS9XxMyX)o-1-~&@hO_xs3XFd#oU$(~>7uAb>!4FeLEf6P`m`3RR$~ z#ko&p+jF1ou-#Nci#~n0Fi?lj%JRv{Nfgo42H%oESr_1ai28up%09U~&Jtt{%)&`c z4FPzD%#|L%Z}l91(&jqgK_r1qYM{za5$*Y!hhWCI-W$&;cFA@)5x^^Q>iP^@!+IAO zLXv=K4<>y-`QopZ+C?DhW_FQ{LkOlUh40(}=Kk&81Mbr}n~YDN9uvACyx~-eCe#@B z_Vy+h#1)Vz9f;J@!s5;PM+*5f_Vm{XVd{Loy?>L!Oc+x7}N>tNS>E z7uxHO?;?$=bZ{_>*N+sq+Z|0#j+u>cA{-xjZ(g)&Kl_B5h={H56iG=*iO%QEr`ho( z5N~oOl(fD^X~;E|xQ$tFVrIK)Yd2mH@&(icr9fkGzz8v7<@a%2x`OLc;ki8 zdCY55gTg$jhs?a`lTo|OBGe;TW1qC7Uo_}CDXAKD+)yBp{KAkr9s~%3b6QHFI6pTU z>le#Of{hg6#jx3#?Ielo`=z)~-UY4r0vTbE*~W$z!G{ikG;N@HhQeQo-0 z?VFj!xT72#bPG^BcXF~UPG)?DVs;q;LVDKP`R^!fZtv}CUTY*J7D1WNb&!6m zi$$J6@GRrkLbRP_dM;xWeydlZm`)6cy*B`5?^-7<0X2w~eLAv@ihU}5?S)I^is^Jz zNQP61H)Sj&WzZKF=an{SD~t}eE^xe$U`qWlTH)635;v!cI;3%<9A*RvG?f#;jaie-@X86TW_?G^8-pK4>PESeBQtg|C|7G*o~ z+20$w;KS`hpG6r|dDNmM^kTKH)6fGEnjM!lvsbZ5XfGsSrl;ngI>}M(CmZS>BCEou zlByl8yf%2Ny(ejRF2GMLpecz1jjL^dKr^rY+QupQz6nmZ?=IP=a`VZlva%!-G-{Jp zSFy4_dr%WraC~5m8mv7lk%J2&O0qNx6!T|eU#7lqpmrfAf?cLPtVh03W z1TF|EKwDj(dn&ACiyYuk2|7Nk`mq48-=>neu9DuMVQ(@|SXda_ z7Pi}9JD|EMVh3Rbi@aAGlg7u#r&X!IriMq#vq`io|AoL*;<>8Cc(eN0pXa?~b&jn% z_C&vu$~MDyHmq#XOHNKWAT6{8bSAH{*M`2pUqMvzDqyl*c00joF)ZAI-t{&I9(oVf zEp>bA>&Ex_zGDw$ILHvK{M_|AcPBxS^QAk3YY)Dy<2qK`R+R=xPKu|vTG(UK{yg$e zY3VvG442jsYjhCqZ@gQ>U<#$m-Mq;YxLvLo#|Qv6Z#*?rZFv5&RAb~zXsNQjqhoa7 z<`y9%j z4c6P`pH@>g&+NH}&74Wg6)mRzpVm(D*aN$x?C;4q z&t_{@$fY+xp|~U5em_F0<4s%>D;DeAiqz_fd98x18sP7@{}=fLrk58B<@U;B3ZtOy*&|jO=VR2dKmNXYS2}h@A>pALg#Bo9ntkB;1p>!%4-?TdW9r0hxYF)!+7VDcV-p3Xi-uwZtnQy*EcS5aYd)j zYp3XalI=*zZ@ltK=hL}&Ij6UWUEmMcFN+Bn)0{nPoq>}VIXPoHi=?AtVzO5_<9DdZ zR!{AIgp^rZ$40+PyngOcCHLC=94uxX18iy&h^njmmE+6Nb!&aD@A}GwNL*pzBYRk{ zfHLcs#))yq=)dpHzf~eWGFJVMN+_F)3UF{-jJv}8tnr(QYllBY)6*vOga10tsSqXpNfOCu?c7waUyiPN1~f>@@(uXMCvR z9`gK2`@4vckL5=N`fLxFwK?#C-MbAQ6&LHh8Zi> z+tL85E?TC;@Ac$mZnf{2?y|KAhO0X3~Q)D3tYZ@l8+64ykmz0Ubb-B(9)GCt7oU&Wu?gKf&XP z388`O7wriVZxuO~uOcTBw^7=KWc z*{vw^@aV)up%#M=f{8Ns@E0Ud2Zd8LZvJjsF^%*E=g+>8 zXF6UZ_CrsQNys`Wp1TcvU{3bv$H;5#BG+6AO-3aPSK7@`}fKYLWez{bEdNV6j+WGq}ge+B$r^M8*b%Xhj3tE)y>i*OS$- z5yp>AX4co%)*ND;JX>|^?Vw%#y=8=u&gp3*BEGykMeOE}Nd`~ER!X&b*oUHdm=W3m zGPjlFY}}Kt&rI6&*wQyKnP+(73&Ny23-(9Im)eV0{3RTC`jzVM?f1X4y~is81`I{| z(a;AI6~c$*O}s3O(+DcRXgNKb%X?eV;`p8>oxp%JP_}1N_U?w5?q_()9vQkPoc*Cl zo6CEQ*J~Ce;kT7zYsbU(9*Z5A?{A<{Sw+?@*6}EHm<7sAAjWI1m)98M7?<_!YEw&F z^6~8Kj-fgeL^L{xmhQ_Ze4-5>*Tf5-?57d3qlZoS3c_uXiEtPWm10XzUWeynoBNW8 zjGejq6&|=!T(b$_DZDtSoTNYG7(>r&$|@|QuGrD(>)4~@`vYAYaYwfyd(@Z_6;49% zZnUQud!*?Qc9E_lXkJqL!mCTe|nreefvn zFk=;P9UQemq#jo9F6hkW-tdq&ajMoKjECQ|OfN+4L6bw$XeV(*Z{EI=o$8G-uEyl& z>wNR|&Fs+cSjXm?0Pa9G^HO7Spv=b3u%7yriS`&zNi)IBmTB@kue--F7U z%>kxlKPO?(PpE!*6ZjU4de7q|s1{1;!()a*8YR^LPF-DMkZW)X%uJf?K26a=(3UbN zBth1{|2$j--dMh=E!+krry*7Pp8cX_$l%P&bL{go?ARShX4OumP%-$3qpNEX;t6KB zR15Kz%q94hi{nC+bqk>^iU?LBVXJLw{ze1Pa;EL*^Kk@Yj>ePzo(I+`4U712f^Kn+UoQG){Q0LUZNQZ z9U966X&I-nxwNomt6F4Y!YgzQ#2_(e2UhY6NWOSS}lT{OcFW6JFMoTPvhsfWJ@|!OX zoSW|;D(`jVb458I*U^iexv+)6VFjb2r(u4ppSj~t`3*nEia=7I{<<~2un^gKiNgLQ3b`#!7qTuV@(9;%Hfrergh}WHQ-PzeL`L{H*ShG^PIy zq->_k!3HtoF@n~NkvNP`J91K-maA_f?M=SuNFH!O%=K*c?tIIItvyK+C3#DRqCb5{REb%AnDaWNm?<5Rb<%V@{1&L({YO@H_@d;S!rbjp7@fA?h4U!a=O z2f&rqoV@h&Jnh_~T?b%d_cT2~^xqr`2x-FW%g)A^2Y(~<2wkvzjxaEM!-HS^L_1z% zkRC1p>&XUHvH>9cCKrfVv1O%xR2w)B22V$3E|m$&+vnU_`>2&{8r$9dc)II!Y1tP; z5Xx}8t~Ff5>HT_yWX`p;%WjkHv0GdIonJ;=!464zw4jca9Zv<6BHUMD9fPQ9Yi{n` znZ05}m>HcVC(BuQL%2~XJh*-{NTzd6LnUIZcdIV zFL;{J2HLX)I0*J|ba22T3Ye!q$jE}%e9lFuq>O^)jD78(?^5F8(k)M6a|cY27qm4s z2{$nY3pXU=&|a8s{5NL1YfwtzLqr%E3|dM~GaLKnQd=}HMhXsAFz}uu;Jau{?JvTt zyO+mnbO8nmo}J-<5N=<-+!9X89?36{j{}t*pQL52dUiaK(Yix2&USd!-`kx*xjB;> zzgcjAj{i7QM_XaE?3Bcv?K0nkHBfep;|3iUAmqvymWPsg;-PuY1!v$-}e#Y;*g zn*&&Pzp1D~pTlMcP(x*d$jRh{gsEqi2v71)bO6~F!&C~=f~9AoV+MzOYLMI}V3Rp~ zC3@C|bHm|Z&t~;W*ZC){NlE^_u>*K-3P(Uc{h}+H+KwG86 zJF=LuUhlUay?!0qp)f$~K!VH>M7L0v!$@doCANLB0Me$z5IHMW zNR>2WCzz6MOCCv1=Cnnosrs1EkO^E>{)&)L8|q1Kay}%DuJ`<3XsY0ibF{6k+P3-a z!PfTqY{Bs2@Nsj%8F)40+w~qKl!9HaXHx)QaL}(zg3bT|f;F>Qud9nzl&8h-e(=&3^E)>py#r!-Ghl^Kj| zZ7GQYx3xQrgoc@4dQ?Li@1=0yZ|GSr2(6-dZevhRa{*5b+$O;d`2mvtd$knTDGIQF zYdh?uIGnoEQF+Qtb{=hclFMm}N{A>uV=CLoF0$U0b{ZiXAhhlOdBv1Ew>HZ8WbXw^ zElT-Ej~9MaYfFR+wPim*k&px}cg9G#Hdx zdn(dcZJ%X{C{eseS(3?3C!qVxNpeDUNy0hG|hz)N2G@IK+1WqK5>uTWFP zlK0r*?ZPS=UdUikxzr*kj`eeLb*0=0DU@&D*oX)yu748XMXU z(x07>O0XR><0H3~&!X9G=f>86Smu!Q9LBu8^U8?(r;2;?feA%zbo6OVHTm$D-U<1f zH3EO@^2JLuN==pPeCa`$u7b>vbWFS9*}4p`IxT)0nN>}1_IOBZN--ZkueT#8&QLwgJwMz1Y4}xEEoemc))@~AM+hXP-(vwH znq5)Hhyw=A=aI-@bpueVOL`Gwi-OrRYQ?5f@%b^9`!~N33cICEB_+b{eWD#J{v_Pw z;J)EZQt%~B25gYR;`wV1PG#@+f~GV^*FUbY|1;Rfp`j$;zH|L-&!SY6TSSJ?M#0+$ z8Q*{0$<1h$)_G>%5PklYgLCpHGxe=l!2pQJM!#D}j9a^mnv9IB36I>(+dOI2({9Vt z?21D2mGbimA3-}{d~!_8<#>~)IpWcDK95A50+r6rU#Eq+#UQ|-4`(X_YSai|F1NW&Ce zxfaZ-qv^D)`_(Plc`YsVb7@SYBkwF&1Jp`x+y)78x+Bw(D%dQW;JKk8p3k2zM<<+r zUm$b$l0~eB^GG4ULt+;F`U&6-xw2!@D=s)l;c_Lu426Srd`C?)wwo5fsE628s3qf) z?0+#UN`ACNutv&?wdcMtYHl63OGGh6o_l0G=cUr=Al#j6j$G~e;o@N(@s`i#l?Xg> z zb5U&|jdp&xqb=l~GNWl()hEx`L!s|zo?+AX z*698Ze#f9k`_m^$Y<1^;9y53Z0ZBIMYm&;3v2p!Q1-CVM`0z@O{YB9qL;UjcDZ)qF zf8K)iufBaSO`eWRA5n%ka01>&F0nrE`WtVm{gAe-&#l%v8y}25jPEp5f+PH`JxdNK z)xi)t;&@G*=X#EX{lY0t@AatuB^}!^r#bral_d+KfM#iMlgy2s=g*12Ex#}a%`s!z zc_Y735p&{9KLdlZ%tC&j4 z%QxA+da5Teq5GuEX*p#r*a+7j9s%0g>MpaFY^`Z2Ps1Z4ysSXm=?kP%r%un#Y0<#i zvj+4qmbyfJ3E^%yyiep!ykPv>w}Px(2B03SXTO$~uXR&2i*Oz{ez?@^xdo#l_L$2- z$o-%D%G)y^kMzIwe%ya;Up*GJk3NOAI<#28xj#%%?3rhwyib(&;I0p3S=1y9w_8q) ze=jO;5-pW`wEJu3!L--idLmO_cH``%rKRQa;2YtdMXwyDB;)bd6thdr%*@2)+fDjq z;M_R~IVEA**i|c~6zz*&K*3jDfyh-`Gd_J7vc5rEa%$@J@Ni#b^zH zEX(LdzryhM^z;dfIQi9v+mqAD9RC+yj0V4kY+G9QO@6Q?u%O^!e6mMu&Y`5$`Tn2j zkhg1Qy!B=uabJJ#+EA-q?aCA=4~?PcFrwtOhn}g ztb}=Tr{>C#X9=`p1gnA~`Obtds9ev5dLkEbz0ulZ#;O)B_#kbY8XtEAIyKuya9vnh zy2b3+V;s3aa4roPa%6VYgFJ;ox4_h?)wd_S-ZFl(x1Scxf?hLr<_f=)QJymxQkj#( zw(bCMAUQSmK^J7U9sVN&n}#sHR?{+jw-qgI{+w)!RT7jtZx82=N>*6oHL8Lo-nm4} zEEqqzxvnRouA>((E-!V}h><-r|MMe92a)&2dt0!k2h86U_r9pEQ`9o=A)d+NK7mJ) zuT2x1H|EoJ3{lwS9a_$g{ql}%;3s6b8)O`z_;DnEFcTtXiZL8c9)1Sb^bi`xsNefs zc&9hNHqT6TwXo1|3JRrwTPEAvC6NpwZPK>MrNZ$mZzG?MkT}WC*#jI3x zn)Id8ou_vOSLUx=Jg#;B9yn>PzkGl(jYR^zJes!sQ21#_2%C9UlURowIXBqX$LER` z0z&&=E0Sudo4f_IQ-oEaC6yiqUfH``eD?#*@~QqB4<5WfmSS5vU%F24gndR0L2Kb4 zP=qhMr`8+11pPmJy>(n$Th}d2DHLdm7bz~K6bN42-AaK%A-KD{HCS|s5(0McniM{{N9%v~=2aDdBnLZuO)r!O!PNgeNKUVE4v#V*AOplPv74U{4sBZm% z*S|^iNf+#$X4Idm@&@ebUrdt}lR#lkczAZwj@nndoto=uRc^LWs^Rv1`DJ9xm4D^L zu{GsXY~TUMO4RYgqtDm^dW4_m&a?*`H9Qp(#%r9CKCu)&*ymQ>3E3$x=DC!H+CE zDdB}$!mmUrH>&N?l~p(6^d9$p(P{VW6S4@|Z!J?D8mdGf;o|^LbJY1&_<_EuD``o| z^6yGQ=hiq+iR+_g=tXb8Oa`uZ<$QqFDklTAi-;he|61QNsDyGy=DSnt^WQ8&m0oMI zc2j?IZp#@&^O@34dgT^RI8;W1oyqe#oGELV~cblkS zH&q+kcWr^%Z(7}gwh6z0ZtYPwXum=GAEl->g@gt(Tqic<{rfhNW0tOr!u~bR%8Bjm z>)Kz7Kg7yP+4B5AJbUrJ&0<%cz_cfqJH`glfBxFV0L!P4DJk5su* zz9&H1S27D(t}$gZ>&+cvY~998YYG+4EbhFlDRwlwS4XntR_d8cwl5BFdp^Bi)PDbO z@QEo1ZMpGwdh<`)k(CZ2Xv9>cMIs;|GCBS|(jD&#s*&n8yOa>^`Xt(f&%&xT(yJe1 zi;Lv792^$SfQI#&uqyq93{%eB?3^0Sh8ou<$}VEcBiKJL;x-U41=4y{&`>*|sQ7{Oc3uo0=wTzAxOW;T%n+=YIILnjAGs<_IKI`^v1OIq8e&4%zk-wI8N1OTE z-*;jq1g>z81?{9>%dWjYsfwDlw@NHDcTSUL5801AGA@pm%h4>V`Dwp7A~6xq8QOfo zv3@bGzdfXW)=s=YHOX?W=cFeb7COwNl@!BcX?mFwNnrPF*gEd4d6b?j?YBt&`#iwF zT0;{H1l_1{`M=*2qh3+rH?=qW;*g`*qH=*Rb87jSoR(I^*VmV#x%6`^ojNr<{4E~h zw($*Nxa|<{JQQl1W#+X^VUDD%1a>1hhoaYuFy^Z2Q>oYnz`wEopMQzikneFU9k%kj zbq=ajDbY;b3EZJmj8dQ-24f2f^waA1+Bi=tN&A(R3hyQZm-qIlZ)duTW1yV#vL;=4 ztp>UB@hj$2BJ972Cp68!T$PvH3CMplXO9+bxKH3~L5sv=F0mY6D)hD{6>uP_m8;s{W zaxD%c5=Ij9qQSFP(oJnR(kl=9JltkFVa8tcIP z+1RhhB9_Yw>&4Ixc7CZOz}MU^ z$8`{mk@dDT@${4jw28(3MIwBWeZ6B1J-|!Ty{Xfptjhb4;64!=Obw<>8Rm}WkFql> z`r&OI3PW&Shx9fz)-RfJ4JAeSIMzFw$MM*6slyNkc&7x-P8`qElF!xM%eIy|s=GDS zwv3E~--Sup*aVtJ5UD=jSEWCOh?Z`fB=IP@D()H^ml1ZKEEZe3OSH^Y$u#5KH{ucz zO}QfPGKVdu-K&q9s`{Hxr#@}Bg}%ebPkJD{ZQrteQ$3jf$FBWPUNxBk_Nnk7xtUA* z$QS<)Th$6JTB&T$FLC_6>mJJD<}ZpRDx1H+wA|$-yGih2%F4=k47Z!7-Ncg)qnmWX zoHsSQ+XTbY*m?STS^G-9fYw6lS;4RLXcZoFN5iau!-J-=@v+X57u6|-KNG(3sA%0c zU8_?mxu1}qZD7juAQV5Pr^b=0Rv(6EWC->S4A{M}WG8UYR&j8E6#EbWj)7VgC(~YY zP)|AGFy(f#YbsFVdnEV$05jBa&u!o291_+Y8ukr|vhKdZ6+%Be*oC;O7KstHQGTud z^Bk#fNZlS9)VJD}d;mCo#NfM%ubP@A-{#C!eyXo*%}h?xDydn=C@4<$0EYSKV`5@3 zCeY^En&_W;<0u4#ns8F@Q#Q76dc2qV&1MfA=i21%jhow2D|k@nbz1Ym*!Pc+bsfzs z<$Yt?4ENT@2;9|)rtgY9?}z4?%0}|8%IJX zuQV20p506jg)PQ8xzMh%=d)nzhVx->}Kw)UPttZ zb`F(N8XBz=;5m+fyZf!_+u5=|lVbl_*8yzL7PEwp=fCT(Xz`7(*tp0jC=zlKK80NR ziwYmN;3cpvl=(LvEBSYUMX*ilp~wBlgyfv6c-^i0@yU(&Y(-pfeR><+6@I(;5=Q=*-zOrK!AUnC$T zv~SJxxxxOfl4qLqO?-YE%A}7frh3aH)$eC#CV*J_`e(Dl?yZmde)|2fQu$5KUG89Y zY@pg&R|OyD(hV!*+OUh-`ta@^wQ|q)APVX>D@x{*kEK;5y^tf% zn1D2cwAPiwP2B}ru3VGY=nJlzjxgCIZ6wPV&WfI6JEdZ4?=6gsB1_yZ3&tiE-ansS zmh@(HN-b(SlrG2gm)v+LOi%PUTGS6dZoa4=GI(r!Olp4owPYy!bVvWJwnYy*cxsrj z|C6Twrvw3=^$EM; zY2^Di>-Kp`p`&^Z>DbFh_KFr3Tp%u6>o67Hp?wvU41o0R0Cuok2LNRCx=o!;43X()K0_h*RGY3Od_m>?h;2$`;<1bn@YV^(;AeEJd0;LDLjj#ZV3=l-$M%JG;8`83zO$`+>v?Pi6fsWflmo2jbE zVXLZ&Xy{F)N<&^=k583c(OOlX?fl%_++_l2hiHCFVXA>{qgrtfdqTtR^#00j_Io1vjPvh7GE@0c-doS_!4hKPpwwKb+j?YZ(KIM`q9oi??wysxXP+cVP zW6$%+;u<<%difC^&b7i(^G9&VMg1f8je&t)o#f5c)fXP#tNPT0gv~8WgjsOeZz}YE z(Vqby$`TFRvVViA03llH8eh;@;&5ze>zW#F-&zq`=h9nhP{}V!*`DH5ueGV#FkQLaqz4OZ4X2f8&u8Ox9AN;IOB$~*nTl!CiEEyT zZu^v;1ip@cg?4!J(6Q6e(8LWdT}VvdO~Eg$XWCqGZ1>2^@Z=xHl|(})`Wf>;hQ0;n z>^j?0h?hP_(uOHu; zb?rs@b?;P>YNd&Dz9MI?%r|evXr<3SO@_(Vv7bIo)dvoTxgBuM=6-8doJ~%OW4km% zaXGN;B2 zBuQhDgt+hT^{B<0I78jq)&44F{Y-H449|Qd(0YI~|P6x-w z;p>5=%`(`G(o$=>16NE(i|*LmVFn*)G}J2wGmgVVBV&4Yj)(sQ3s3CLh&b zqog9Rd>>NyDj~;9$m{@H&&QYW>(&#NIMvcgj7h&gu<7FqigdVW4-8pYNq(fiU+lEO z9n@PbSDOCuJ6YI!aTrDWP&1ZlKJTcj$`Rpv;LkDVICGy#D(@jI8l~}RO|V3e`$IyJ zJdV7!TttnpM(GMo89$JYE@!jfJ%<>ZK2wJ8(Ytd^4_jo>L3xWe<8gk~-X8cB0e+;; zKEQ5&kZrup5?hwH`xCM@BUXOCNV@COt>Nw(z)()anS;>n2E7~=#XJf$(`0OdjuQJtE>h3im@m5aOUmXqt8_NG zzIPzr-DEzOk)%j9Kh-5Kxtz1u*f?NoTVF|6TNf@Ga6FmNWqKC5l5(~++J5^6uWoy( zpZtuBjnZf|b0U-%PaCy5g{Q06;SAEqY!(aQPyq(5raHDxYX-&x92<#J-R#y6_IILW zc&p}y+H6Hc;8S|n?39(M2AiI!UG{pr^=D($@g3v5ZF`b~(3;sS=Q@hZ06Xk%4Cy$k zFztI+;iGDR8>n6TH5OIOK_ zN$NdC>->vGR?ps{zUH4GWO7R9j)v*Ct=UU$rE8^;1nA?#Df&089`NE_ZezV2jZxBQ z&#=M`YAdK&K)1VYL@gI_r3$K8-*^GzUz<5Ycpv=Eusqwbe1K~}4sk*J2Lfu0A8fK3 z_s)d;@Cs|R>^FNXc(_-ASR7|7$t`?YH{MHQZoo9hC!aMkE*j<_Vo}7d4-y7X3HD&6 zKX=sM+iT<-QXagO5~1>8+#g%+DgvehqbBMSbw}Xo>4}Vca$5Ds;aPeVt%w9haK_VA zKeqH~aFuJ*=f=lo1i}e%+hnuA>2r*ZuPiQJ0&>Dj1m=6VxVe6sKIQ1Dj&ji>F@snv9Gv1ve0=mg4A#Hm?n1o&~Zu1x~x(7llQz4NQaEWCdCO6CO<(0^mcQ7z2D*&t>eIqMq67l z7r@6KDXAZOT%5SpcY#E`kNq@t$)XE3hU#Wv-4}rFX#~w7u%Yq z9T*O?MP6uorVZ~{Znm0dA;ZtaSFM-QP zrFnKec31eOOg68LjH-QK$vlKnu<3eSo20H_nURFiv{Ud zD)srlk;{%47Ojs&Z*6!M=fsxdhD7xAxZxr!yEW438vw8Owq}RWh z>R=1EOpKH|lSoMkr;LE-ss__&VkbhOqfCF4wG!(P2n24`u?65Ft)lBIStTzD2#E%A zsa{|*nncJVV8F>D4wNeJ$Re2+7f|Jv>2_C4TKa=(W6NkX+1UEqu-1~A-C+prFFr|8Eh;xr_bH0+U`on6n{(W}U? zb-4-@l5qNWNHT(U7qYLQ&M=1OIMcvC6SRVE5A5Dp4{tkhj z7Q!%7G1AeIi9=+&isEC99qX!)nhe@)LLkbnoG2nYijIv5`1t0!=_BT5>l}(T7b#i0%3E^}k^L!J{M~RN z(b07oUYghrG)2-kqv_Zh5%4p1Uu z-c@~grR$wHWq#P8Ral@@bSDIN?tBdHuy#rj0r8z?8S5+}PB9xKOWSTW2+xD;z=u`S zwcoCoApSmgd#0B1X-$tE;7^HwAQhUN0!-B%#lHAu+iPF)>NY>9UX9dOc`$TXp!V>m^O+Q~2DXy>`Qm*W*x|@nEq0 z``ALnU|MU{(Kx)Vw1fnSS><`qr!QF@9aRe9&FTwph2Vsr!g%jI9v&Wc+=;*US)}ne z4`KD!u(2wP_U3-xK7B`f=uuUY`2&;3YFS-p_3o5XQ;r+3IM6u5{vK%wi)+~XagZz)scwENbBrlls&g^ za2EXu32<@ybX#?J_=G+9K(_98z1=z#?#EzM`RAv{+NRM@9=e}|8r|Tw`ebHE6f_S$>M*XwYEH!HvJ%v*(!ii<72>+x{(wSSC73q}wj zAy_9wN)rIdeE$5ldU!k4Jp%MWOhl~ub^i}%i%>#7jWb=|TI<^Qet%`~-i5p|UVZ4% zbT!{`H|3%yUvBnSu-w0eSt~R|P}mi*cVLy|pY+c2Q3ggal7j>OlNCQ7`d7uLCmNs2 z4X08wu(F)GfO5hv!Mbf;&7O~lg_)XHjhhe2UfWR=0_wXi*goO|Q4YZc)b{eXUZ1f6 z&S(}5VAzgH8zZOpgl-+U0emVgI%Gi6vL<~grg|zm-JkSg3&UhbJCE1P-D~>q;vz`N z2s>1sJ+y}0KRuqEWB9IgD0W#BShA)q-eZr!SZErE=74tFEswAp)MLP_)JQGvNJH0te9SBNe3Tpl~hPfoG2OrFc}(YVq&7tjs5+x z*1!Je&z~2I8J6r{jzD+DyE=7SbNI>!beWWCPQgV6>!6LtKw5)G(EIbqrXrQ9$flbI z0L0_seK1$o6@Dmr!$vnT6&aJ)({Vm!NBL}jcN$&8idiDVDF}ToDl&2>Dr|XsrlosS z(ang&(3Oag$plVBv~w&Iby=p_`i)j;-_Q`YCvCh>=YC0}S64{d`}NuzKamM?_F&yt z?j#w`Ag8xQcju^g;LX<%1ET(;K%rTc%G6E~$dTR)+r>E+yXh3iQkFa%b5OJB7WUlr zqaz^SG41I=mY+xUR&*5lSII208K+a-pWaD@SKDskwkwU6Y6}^69@F$rcdKq04*MH% z6lVtOyH>qKb-dU?7cO`LLBV|@UiT(hDw4giox|-I8m7s0U&}p4h!J6aINxq0A8akt zay^L7*WqY9$fc;e|DKf*6Ok8wreQZPs9bUFWyyQGayuP8XCi4a>Sy6>J#Yotz{~to>e?&_yIb13m9^ z^it9@YrTDAsz~|^oie1>_bIwAL#aGT58uJN@Q_dHr7KbntNVi1K*)kaKQd5wC?|qo z7*o+cKfm{r;}O0ckLo5FD{$<2CgcRFl)jvAxeK?F{#;|a+18h;mCoGBe|C-ZMa37T zOtlLHp|p=(A69RbV_DFu+l^A_fL{an%-pwjb3t|k+Bg+QI+JF1j_n7koiPWCj*F6P z%QlpNIw7hw5$z6s_5QWBMaLz{=|wAM5nJ9Fn;}$9X7U?9rGb&5~8yaA-U37&j=VMa^ zD~9U*U!f9_fno1&ym@Jl?1FZl5RP!r(ZK$Jp;1g)r^u_=*h{5-g$4jiO6;CibPa2H z&>Khl^EKQ;0VZr{tWtIg(d(BI>(e`0)&9Bmivz6sp;d4$Xpx!C%1j#-8&TW5*4{MG zzudZvaqXzpo6uy7q2r4ns9wotxYMSg2&Z5XMKB<9ysiMVCb?nNb3DWxXXN z>?PA<0o29bTYzHPISEinT6A!+XRX+R*~b#z83Sci%?{WdXo>iDP_SF36ofx-esHKy z>6@x+Dq^%EOkOY|QQcp1xlg(1#7P@#a9oN$h>){BxZ+AUYJ5iDo2{T!w_5s)K6A=| zNQB|>F}VC>1VOE8oix~c>2ae14*up2UQVLSnkvMPVMX{?0JP{%^}a@I{|Ejk#a#A>iEUDS1Y)=}F)Kb|Gj!QqV~p1{H=Rl?50X#%qwAyzbu{GK|Mv zdO8smCi(2;1$)Cxl|W2nwd%)hl05+9;ECcmRth8LDn|^=lnOl0mWg+T^oDT2Un6cf z&rRq6%<7fmeiNEM1->26U)1@sOTjhkAL=Xwi`Gq&`05fd`{Lpgr0_8TP3SV(c-*)z z8WYs<=+&8qhz` zjnLZ}OOlw1BtyhZacu%yY(WxWsP^V{=XP2^=K)mj47SCy+&~>^=yJHG0z59I6k6{u z^`u&<%pPkT2J!9=Dr7(#O$lo1+_bABXK1E`-_bM~L(w+0e4xc1+TxVe*IXZ1Q)%^Z zM!ia!4Zbw0bY&|Fe?zP(eeH{{iKvYRX2g-j4uxk!EJCv&jm-Fd@Z$!76#e!TXPQO; z=so(F*OOWfyIxPJ@E1H^oi&Eyq!wXvPdUv$|6x?V;k4*M}Ax{(>j}J63kLC zTnSwGVIWU0eFSuqXfW&vfO*XpgB<-GdfJ29UY4b;lc?FeQJo0jzS-x^SMK5={Yl(? zQM86Y*rv~$m6dbq!eXumnEi#Vv;e+C2`_t%MdBgDk2z+_MH)jp}A!?&G`=D zCJ4>4u#7S8fgQrY3t*6G!P_P-yes(iYsSaU14I!Qr_{s#6X<{8j~>!sg=5**wh**h zCiGb|m^re>Wm|thggJI*du3xNjiZ%Y6Mw^Lf&!KPgz;l@1hFW8{lnv9jpik{=66ux zRgAOu-AS!a`KZOk3w?+1akaame@ExJD38}IhZ0KtivIv}%L_6X>zA={^RFvFHv@)% z`6xu};t=4Jvy+QB4M{ps^Qodn{BXXSUOLGw(M;^kWN@(gr)?iYeegleDH)oN@Uz7zMExwI|`o{k<*TK8IjM9mx7!e9od_ONisTG;f2;8 z2tlgT$JpS0j>OrjQw#`9vLyKaQro)DUt~w7v+6XTpnlw+r<4Gis)QpiGt-x9l_Ma= zwl-gOdZfrl)nV%(%3?Vv$By+CN5dYyViY5iwlWT>sVL?4-d|X4_X~iTT9~kg6GpVz zq3K`+WsW7AXn!LjAK%hMh^gNlE!4(I-mHZW6$km-Y>lq31d!6vam~ew=bB zVkY`!LmNWQif&SQUDjK;QZ4P+Gy--%dd#{y%*32U(?x3`kBsKR8Wq7?RdlwSMnZ(u zgqMkjIR{5)D6d$mSeS^l2t(dtjEB@IN)Ja>+fXXQgA@XKCS&4J3-i;)e*TiiVfpg(>iVe zDoAX$C+sR6JY^`}&C%^xsT}vOdcP9&#m({9KY#_zQjP>5@lSb(%Xh)j=wxWv9@>+Q z0q?Hxt!Dv05s(DwgweBFT1d(Y+nI!kR3lK@XyD}ELyGi%`j~2U!aGY!N%kbDU$niR zlti}MH+LMx4Hda-J0C7H-6TU-FCCs7RENuq4JK=9TcnR9Ry`zbC1ml=<%I0~7}1?W zXw4}bEk~;~EJLL8k;W(G7dS9md;GxHcXn~HX0Dj5MN=}V6xAFdqT7M!%R&`N+>NtE zoxQ{=8F|1rLvO?u=`5DELNx1;RCp2u0JP7938|nk*E`&Y+L)gwx>)hgA42wX`1hR( zLJX1)xvubEppYfswzJPq`RL9S&&O62Y`Q18E9u+$n3smKAoZ`nmf`4_(E>U|?K;`v z%ChOM1cX^ovEp@UNf*nrSTi{Lyrc}GO}pM~uAsuw_c6>{2lrN=pGtG_M0-5s&?T=s zp^<#b@~cVqoi{#5kaFNo*NU;M8jB7yH>jsVJs$^>v(1G*bfHE(xi;;E?ltRo9-V27g z$V%mz7D7`iE5t=-sQ+;eD`O8MbUY9)NWMShS7VK<+x8)w(O8!5Zqq$+bbQ6Utqprv z&_)s~xX%BV4N0?}UX~PaZQpQN5dQXdZOWG5S~0t}k95F2hjd0n4CtM6E*ZFZUT!TH1IcyZDO zw`HDcspg31bNZ$%%uv1n__KW~77CxWb=L}hJ>>zx5uIQ{PJxcOlyG>)V)75Mj6;VCcgN$L1<3upg=M|P*|7!JRVJ+wy|>nUWx>^P zKEb^1;92vaW$3u$pOWo&^j7!u_z_mJ%%lF3d=BA{PuMBJqH*HQP@|SPRlhgalalQS z4vAr}_xAw^IL?++*tG?WJE@}FmYMDh1iwjS-WK`wkv^L|jMKNFp)o&Rox!!NUa=!V z{bo>Ut!cV@-VZuRJ(Ucp$6t~gsku%`FmX;@F9i2XXsnJzRZ7BpFbN460(P~W-Pv@rXn(t+F z8Er~NrtU`yeH!zb(oh>)+q|qS|1+EFel$PZrN}j%Q09jOP@|~r!`i`tndE0RnR(lC zPd6zw#UTM9nAes4anEhtLJAf+o6W`PQ8JvK z5DV!XEE=~=7)ZEip{n%X`JR8lm-Gts(xBkL!<{aal#qOg((fXOEG&W#4Df;ED(5}r zW6@JfI)ls6Ee`1WW8{+aKJqN8V}V2x=58q0F=p$H*SP_N2q$esNq8*SJRj)mE2}N= z;@A`or)a)<`>V3Cw&_wT`Y7;YZdI`^DZ@wMLc8&=)qM`c%lr<+>ilw})@z)sG|Y`G z&DK&u<^nuzGcL1XBHPHHVv6i#_;h`1lB@2v1_UiXEPlFI;ebHZU}Q;EdaMs`0~nJy z%-hYZzb9jEk0}70n4H|_Qi3J+_TF%aJLwK}M<$Ht>C>RQBOR^U4K2_4!1#j9g}Y&a z@W%B2z|;R#0^;O+VgF)rR7`ySpELc@v++HQ<1Z`tH`+M;Td0B`);#IdZdmm7_2sO@ zWgt_?Xw?NMUydqmHeX8`PWLjFHTI0QN&ubE*>JlvfgNuyS7+M%8CAc1>paSEl?8!} z3K)Xo)1hPqO{uu&$K~Fhi7^X={E7y$%5EkWtX)A!mt$&Tl4UmWt-s780)f%j*4B0w z!`ZXrN*Jgk1~H>s#qHoB*I^GWDcJadXofKt1W~k_*ImcR8ra*zdksJ~&~C`xkP+XZ zcob~hpL(LO$R(v)2mRNrK!YaxqJ}0o<4WLvt0i~)mC#I zw~=SYzTz*V%XyPQU@&5CTI}QJ$(U@ix+%5^Tc9?9B~nH#mKk$U{UF)e-28lyK2T@N z25xwYGk7J)DYZwp+Z|N=>sM^~2zJMTD2-AbxZXc)0P=SKk)`e5K01Ft1s zL3Xc`gqX+Gp&~D)%7`tN1V)RHBYFxa>6`lyHGJ?R#!{_h>0{fkq_B2I|3T9}ehu4X z<7#ELV?}4h#qt63YL_2Xv0YknQGZl?{`W!LfrV3mIfDI>r~bz^v@D@9VAqI#>|_M_ zroRqSoM>@wEL{S_Sl?i$}>hz3+hovj@ar|=ddTvy1 z?rRup^-(3}^=Rpn2#@H4&zHj$EqbuW32i|2yMpB{Rx&$N>$*Sg)o-l*8!kAhUfh3~ zvoMGJ`OTrjp!gAetW1+ik&%vLgN*vUa4aGRn;_jcx3>{~ehAq)WdCH~w(}4rDL_6P=wR-qMIE(9yO<_u8ERMx0}-k^`up(hGQ2TU#rk0h)Gk zaS2>gQB)L|)^L1@jL(|2qxlDnOM@i4EOL4h2rrzaHL4gsdS} zNnvEAcKt{1~b#AV4T9SWtEW4Tgi$^a+@DqI8*f%9j zdO?Ozu{20_?#O1Gro?z|nkZDPe{Cu#2--+sw}xG`>nEHTnc)vzDE5GHpKG9suxMV_ z;ItWFRA{&MUX1s#OOJ{D?guy!EDVUwAww0`{JEYwa0!d;rHqa|bV zWrAdn_2wpv%8ia*T*!x=Hnoy{=Bk)UN=WE(FPfzSa(^wfiDIQZn(2{R<;esB)Q@l? z^(Unk#3*-je`MmDe^#TsKY=}+?eCYG0=$0xk&;U&mQXo77Q&nq9sPdR7f0&gDza&| z4AEk8tWFi@e;=GbjthV8d+2iK60n+A{;}LoUtq8s(VPuaTuJ{TTV*He%@%|_w;k;h zG)<_Bw#PyTfwf+1>+8xFW;xF1OF3zAv_H>>n&ZjHGljjO(KVaJRB=2ijPEn)Pjn3Y znt=5UGEpmCdGblcxKRnpG)YX#FCQEos*@Y+X&TS=XfAqmW#phtE+#H+T-CBkAVGPa zWBC&ljH`7$R+SNEhmTJUSBf#9mjI1>CFmD)?u*uxs-U6Ro#;=kIUfA|gsX2n! z7v1JVbgUP86uYemc^nqrbFK$7=a-j9a&x#t$G{6bh?tzdrtQDW_)S#*U*P1V`787( zi+!0d`r}jhuxJvb!E>|q{^_^#md#^bApy`#sIJjKymh60{|CHJPKe0(yvc6QV4sfu z6#Jvwudv?p?P2U+g(tHHlXl~EyGDZ(DnOqH(P(C=v852+;EF%qT~fLlI%3BU>jtg8 z!VYuKfNI#cgjl_T7IfgVQ@^(u7=q(DX?@t8lM0}48IjJ;i|)SV-eEou-w<4ZNfs8n z$#2vC``aZ=4{AVf%jR{IzP`Skh)k5#X1Pj>L%hAkdioUWyLV<1$!*2?v#<%Bnm9Oy z#+J}}4x)R+Xc-w3w907n9NBSbi&-BdN=-|X+14hg>gr+2VsK7Yxt&Vs7an4%EV1hsh2nYd|T$W3&c2~2^J^kZS z-h<&IXuS%ms{b)zXt*Cz^m1+1Aa#BV zXz)yST&lN(!pe7X9?*9p<}D-1ofLlkP5p~OHqCKYvjlFZ6WKGvQCuWzS2^RL7o~`c zSPQZF@-kX9E3fK~m$=?9`$uHHzhY2yd)&m4lv@5U4|N02oYf}hq`16NeRLU1<`^C? z>5r2W{BBunSjymqSSaxaefT?;{C#lk;Q!J~SfXs1bD?@-AWGrR#hKLZF!TZne787Ci|4RNcGbi0$5(}fF zM^r{Ga!*fBR}>g(1_lIR@s?&0f_r{Ocfo#C6WZR;>v!;PBqjZ6H`*B&RgjbfI&piN z%`G49?EKc}3)sijjt`J_5KpgdOH$xzc${j8~B4`6H1esoD>(x;AFrS6W6 zjTt)$N4Gnx9Pj9x8t)HMd@B12bPVHr62=ZRrEs&sVQi>gw*Flieoc$b+QQbyuMlU^TRZrJdEoc2H&(;fx&0J z<3?A=Y-3wl(x1YMl9ksC1QL9Vv0J|(VmJI3_!;T_%N;{W%x~WG2ZC$K0T@}Rsl71R z3bQ-;zKcOqQo3;i)_;{?ULU_B4JU~d+~7VRsK^V}-DtWWQY|{siU`7OZudpbrQmyN zIZEJLIa~WkL7^XdX-XVpySqT#YcMjFpcl0&R%&*iHU9Y zF_K9TbE(YF6Wzv}#{|Rd)+r6Tgh#(@Z6V{R%d}Z(u}>dQ!7pFJ?m}I7>EA=Sg5Toe zibq7qmA_G%c=v9%lFFI~e0pp67JDh`?i#=4R>?Yf-OOf-b#mJFLC<62zsePk7xg`P z(C0txZ2ZU@{L^MK&8g&#US_*YnB-OozT1aue(F_ z#Ob)9%dSs_?~1xRyD0nt2GLjq7(|8!p}5WHjjY%QEAMgs?SVuQ@cl)0cdAq3Rx?-J?ROfwN=%pQY&-{vqW_9Jtgw5q zbrm7;|3l)|Q+RCO9e{8TX&J$U1Oy#mTWM+JpxTg1mrE0BATT=9^?H|Hu?8fuR41Zy z=5l)zg;TFATDSo1`R+w{fpu!TIKyHWM&wBrcold|zQ&;TIf*mTnRrTl)}Fc07$0vh zn}7h7bh5Ws4i0n>RuVQW25jEkUWXq-327uwPJgJHsIu`p zXQx{^aVu0~oH^Ki!^)S69qbSYfb;N1tTq?bY)>#E-qK}FQgk#k!H)Sj^J|B>NU?lWsB-=D3u3pp zKXLGS1ZuZXmWU0;bpI67lr%>O5Jjl+aW_|U$JOC{f%WI0(Mw^~{l&ck<7%T?wX~j9 zHR29~2hs#c64NLh*VFVO#*DUj_VfJ=IGTLm8h!1kF9MQbre_r8VE^WfJb`0=D;%ZX zWNy*>%OUx=y7g@d;qo`-oT7T22g~#4X@_0we@Eh$Bcwc-23OWPu|I-SN_@+Z&O2{B z(BstPWcBL~*#wfVuFlRtcv_&%v-(^uid>O{GXMPd597tvLTX;P1nB4=j?zPVybq1& z*KqJ(^g%tioAD|akH=6pEfntv4c3fs@{+(jpr?VsG20vUbb z*_NP>v&&fR^DNzQu&dl-w0&`G)SN)WWzr(_;#m^BiP*Ds~zB|V6MP1 zia)gOKS4(_oe(h(W&uUEO8k%a?Sx^WPWUmP6nB-dJW$B!u3AUl^&0iiYbQD_ty%ut z42pn>=2yemAZ`6YM3tg~))$|(SoT`fNNxm-+F2j87lCZ7uIggmeg>KnnBZVkur{XdssQSE;G0L)C(Hkv%D2VKXVBihcX*r1|bO zlDTok=nhVAVa&95=AK&qXL2QBVQiDq4h9Z+jfV~rNLz^#@+Gn&vUw_AX;u( zX@0qWdYy)WR@>$?N@{9krx0>7UH#_W=7NH#U`lROj~^fYxTAmGaWK-s{9?tGc~Wfg zAAFi(Bm{|{(yK=A-ViSP$QM2Xe~m`y<|S$eLl^7EIyySKjb7^{(!jd<`XG2JZ-JVf zF3z*IUlTz-qhpa@L&FF@vn|;{YulnDwcDDX=$WIhRmpn|Q&2)>2 zh}cvC=!}j^uqz!Qn?BQE(=Kbkb}-nVIAo)@EGvRo*Pn@7nL&8gD9ArEvfoAEp7cq> zdeYvm)h7;8*(o+BJ4kk9KRuiyfk`Q6AWB{T>N=-XGF|nkK zOb*ls8Ei1X9>m1XH}?|zFrtN+F>BQFqW8zUch=*j{Ar`^7x;%Q51mX-f-6^NXBoa- zulfdQ(+f&!L%RsTpQPg%JS`e-Q6#0MqZoxWf|-rx#@F?+U!1x~(^xQj}? zx}7yC6RG^LD|FJr-x2NYUz&HK zv__*bKaiH8+T1s0EA;IId32{5@m!t$cxVW%)YA(d;rR2*OL8S_4RsRPGp;e;OH&ma zWy===qzduPjrOV~H@siBI4bB!*sv)yQ_l%F&dbo?NpU||E-obE07|ur^77DHM;s8K zDW4e+mDs+SFo#do{#E~dz*7#mkh!1EX z38y*Is`0%j(+51{8MP(*s$r-oyArkY%*GGiy`Rix;4fw}QDrTQyF(KAJqG&*HkvP{ z9`XQX)$>EyE8$k?u_0I$=;bNuz!yme$qtFc#lSVr^JHOaYU)^4t#|fyAEuSRjf#IQz?|P-wbS-*Qs4fmoqAyG$W2r7XZ zTqd@p#e%X84}GRaCo4a7IO^7_HFsm;G}A}@hy>!)T{yZ$=(3x@_Y&VXlr+H!f3ZxO z*^H_Ad9lLJ?QLzl+iC6@N}A3Q@Lf-4?^Nj9KCTT3c8G9pF93E*+e6V99S8TCcjiTw z#}2EPCEVQH6k3XFh}~{Tp`w_b(7jE9tVdKtWK`3=7~^_%eoTHRz6^6`Lp~=+#7ISj z`Y+#}-NHna(MFG)!q=~YKm6WkGqQ&q)!wrPhDf39D}1aHP4~gKA?Mc^QtTxc4bEt2 zP{YPcQLWbeeo8?gHYL&LD`NhVSYAU#eEbW~k5HZ~b|`PrBb^KztL1$!4=Fsz#fe7h z*Fap#O=FA-#j~xva30T*hB{`i(S=v$k89!<6{n$n1oheub~#WT;DHUU_b^Ci3G!K4 z^2V(LJ2gy|X!dt640{!ooG^gB00(=0UlYF{C>S`wsyexTH86O!XuJG)(efhk@~C{8 zbt_(edFdo+uaNQD$iN(pH*4o`G&&$8pXXe)WkPpoSV{nsv4A?OfW=@htY>!y?Zg}RYJx4 zlP$&Z=@zPWsC(r>ApT}L%^}4m>#whb!f(zB+i@M+!!^=pg!~US_Zpyx=>l#kJt^4kZaRPQfiU<(Cehp;!p*B zW|((d&G;)nKMA3Ahn$XiQqLpTUS4LxzKDYQH!|I?^72A2Um-`XTerY-$D$?0K_Av5 zGN}Od_3#0z;V&kYG{fn;ty5VK6{y(w_`+tR$I=R((8}yLNd5R#atlhDVg4_h_)n7mPMz%- z|4LSLzEY^q{4;u&8p5IxqPt^JvDYA|eq@z9_Qstx0LosgwRz41f@BdrN^#XsE~h_P zuL(O;?7!F1UTy-Y=3cmdH+U>8<6PH~~=>T2*Mo+H9@>XGJRNcXz zg(rZ*2pSq15eDD*+X>9D9y$<8=CJs(TYY#@0Bu=Q>U?OO;ZQuO;QC?p;zws+RAPzH zgTR_b47dT&(0P1pA`#2xTh2k9pX2|@XnC~oLsJ69v5L=Co*Hhu&Sh@A(B#Wo!ugy1MQVe9(E)`HUP>-$f?w5L~iTt#J_oMi6y`ssI|X36MNj@6E+_+!wP znm`baJ3aO)E@dz?#t?GHb|=?Y9#yhT+HG4igUZ8J1Y*7YH4F$G@mQY|R?v`C99_(V zzhQ8BSQ2-__u2ur?WV3vchOUVICi??xQ#N&|Btb^3~Tf2)_sGtKyfHm+>6s9!L>k( zmlpTp5*&g{@nXf@3lw(=GJ(lflTr7{GAe|eaOqanM|jWg}K1tM1xA2YGnm3XedTcop#`w;EP zwuyixly4fjv!!95MEyJ}a3fLqCg||+BcW-8wh1;|BvyILN|w6q8ZPcU1W5*K+`%yz zj!;tVu^cWuzTB3zUvx$^;cQl*khagn>ciA@ajF{Qcq}Q0y~JIOq{qRvAMsqXl~VrY z&idb7!}oqjl5lMgsY}!9-%oEUWU5~z;uFiu{zl0=%H@QIpSo+MeiG1ifByg?}&5{Q4aLTxdnLhsXCQh%bVz$+C}W5{G%DQzvFUZB3GP_r zGPCUuxo=AL)Zq@)pSze{=g+?WL}5=6eYub$L_FM^9AYo{5*uYi)J3~M;P4AIgkqT3 zK0Gz0NOQ?K-XzZ7eF7VTA}v9I8cezn;b?A7tZTnr>om8Ft!%E56pnI{X19U%Pe0J; zYq!0Ul9E=fB|YVChudi)q_0ARcY~?d-G`CWPur%-F@Gi3p89Ak*-q z6!AokAP=@rrbG0yu=hK|z(CC!Dubl3w{E?8gYo81o7xLg9|Y1ElE>ApLK(S?VWrn? z+4|y#B6Tag-fi*Y3wkAZv-gvm0RnqoG|mIx@6xD(Y7dZ1U4k?P@8uk(RghCM3FXyBr~37-VDHgi1C5I}weNqkTRFZvauR~l|IAG2mdLIv;lD6*>WhG6F_b`u8^ZPRqbANu|G7I# zsCfolW(o_ox#Vf`5BeL)*UD!KtpkzSUK0|sdQ`I*=)0glp)_%FQKe zxkPq7h(Bo)ibX1*gKXA~C_TKX@ADLRc%Arx+o(-+hoHnQeg0z;=9llk`GD!c&KqiXXt zcsK6@$oun0SyeSJq-m8+s~=?h2VTTf2_7R8TBrYGpD6HtdVmQLe=)EP-J#$Gz)#H4iLNIz~`pJop)0G;jPlAmLHR0X~6*s{{rgFemnxT{TQJbMmuB> zGX2k%MY|uBK@WF4X*Qd_T4?CupACM;o$;Tq&@J}HsaYSd|IiWgqf}R*`Pt5vXvQ$o ze3b6ygAkaS4V120pyX`lV|m(0=)kkcesu7LNUe}95Oh~Mp;WH9^J~Yp_8=}3WqNh~ zG{%wobor;&>iNe_x8wZ5WONzih~~`!F7pO6Ybb6oFFn81r*;*>?X?pi9rve5!{DK2 zGKM+l+h=xGR#U&ZAXF zbrLJGEf1IYH!|cUM~QlVH4Xy=KdS_EUdQ*o8ddI<9_w zl4fd^Ayac;&(hyLJ`&jUG`H;M5VMK;pPNVp=UqtWLOa^?4uaAp4R8~+{KUk>)<{At z&TL;q=BK_)JG>_74so~8oQ_VKCMtUtW2UG4l9$or*?2%$aqw{F4nwzCB$W^0{Q8O@ zM`B+(WxlU##5KJgbP9qQA8+!A^AlTDEiOiMOkud1{Gr#dIMoUt`*3}C0E8UDZWu$iHuXhv4SBpDb{vC>1 z4udxpmaUp^jBJm$f{|HKg@lE+`d--p)YQ~qBM_ClY{O--%BR9A%Hp{k0d9nF0UN4W zdm(->kf@cvA82qF%=j!T$MUza2qIapPg?JT27%nk3P}$K2Q|K9Uus-$^Rb$k{Ew2x zLuqZiD>92~j86es3ZfiovVQP{E%L{(E2yf!Hd4_T*cGzdXt!R^?epB+!f{Krb%~8p zfX*S5NmyCCcOa^Mk#4Be`Yn8HK|mmQvxjEokcC6IEs+hne7w~nV59SDneL*Ox7O-4EbyjJn7V7mrg-GdtN`*x5!=!fF&dpX7g-5fKsk!uA7q zU&itQ(7ML6YpqnTCaoIK>dMxtD#>xnNCsJ&uq&28D4&X|=JX1I<(&`hS||2jXO1kLk$n-QN5!Gv*E|A`i}zkM;BbS+j|!G`((4drqfol z`a$izl;Uy&tAWpzE`fn8I$JiM<=>)zyWBF+-JO@Mso3q{(X_YEhRirSIK>5@jf;4W zCL|_?zACG)FNetXUi--Id|S92bMe}3ERB&D`Bnz)iBrSQmEj?P6~iHkRAA01fKm>;yO9}$i%MA9KFG|CjR zHY;?bjA?7ej?(I?!$RZYsy6GwyvDCSgy@;+jnto5dSm5k&CP^Be|Czt*3A6={f|>@ zrc#vZUD0RE9R>+bk;8w!{O_XQ2^*0a0FJU>DQ^j=2&TkN1=7nlRGY1ShI<~Zr8YZk z01KT_rH@-Xi3A4t6}*HNmDA)EP=XX{<_J$6dCrv?gP!KqX@*~5`BTU=nG%+mab-dal; zOIs-EIE1(TMq2&LM}|H5AxL{wWy~hC(Fv6ehmNDmpMdKVAqKk+^to*E;`E1f%^^1o zIGGlx*S*n9>!aA;^|pzx;M(I!D@%v;$B7}90H+6pf`g5P9vh6EO^Yr2o)P|}t}_5H z)4gCUojY0#F&7ss;j2rz>1pNB^R0)A(`uiKm5Lix3&nqVr0@MA6#yb_+)REg48Eka zdaRc=i#2}B-3r+jQ;N~4nyGw|#5TqR)wPm_xJwU3?e%lYO8gk6*!c+Nl60!SRHk$Z z_EQMJ_L-{u)M3Jmw>T?QKgHJkJZ>4haklj7fZEH#>5t5DrkN40*gyq zF0};C?X6w4Q#m)QdJRz(ozg-Eo~u{;Q>pGfJrhNuFMoK7=j?=ZeC`yFI9CIg4dtz6 z@OEEEg@tKY2u9b}6ZIidGGn{4>OInKZ*84*m6CmH++OE_N;m zY!lHJ3CC5}boZW{bxtBwHeW8~f3G^#|G^&BDVCp>fFW%no{n@M?8(zz7WeTePwQ9J z#vR9mq4^ARyoZg8UZ~vPsQS*B`-k%3aYzxp5u`G5iL80*dTtF5RO1tNqDfE#E z2d#L4Md0|COvy$QKF>bSupikHZ6ukb*$AJ1e!2tRveT4;@#!Ai4t@3bJMtgV?fNHx z-8kjW&nnevR+G!(V(ZJ>rCgMM&^c?grQmX(gA%jf)))IZ{{oc6iOtc#pU~X9F_%M3 z){Lbk9VSMgl1&-~cP0dFI##!6KwzS` zgj2$~nU!uN`hGj1HKsK#Q<>&nP)v((6m^)X3tK`}#X(((g`s?)>z|Pgk#DT#Zi;d7 ziBl7OWRh2`Szbf-YLXH^=_z;6S{GZ$whM;;7UXayq0(=0V)sT9rlwF|K+Km3FnAof$siIj1) z71x?DvBkcm@^vE|bdmMi+tHKt5qeFK(Zc$ARvq=z{^%}wDv-wjSo<`G)+>Xz(R<(e zj2_h@!j?SwYOyF!i#O)8lB|-TCnsfZ;r_pbuaWW{SPM#^@4?i*UpgIMIS%@F6?i_L z2X92e(i}~HkzUY?K1qAwxogkv&IW4*TeyR*P+Pgq_|LXtmByXtbd{zGlyXno^glg4 zT*U-`vKzIsq(r>XT>SWQ?g2Bqp7d>-)ALAYZ`e|CzuQiHPwnm7SPG(i)UqU^H_&a; zsPx8dwOVNgTTJbYI9;i#PfW-}<&{%b=A9TyqXYY>M*@?pn zYv?jNJ9FtGiGMWD&CbNI^p%&aX(SNO^@rHuT2a?XC`(xnZIuqZUE$JMGTYfUo%+xh z4o4Ib7f01>x#khq8_Y5ZsfpOZ)m&2pBVCE^$ge`i)8ZSFb(WglumbxfkqC}>MW{G^ z;gE<*+q3^(QE_=*o}AAgB@uUhoq5nA#1GM5Vqk1c-DYxbdRkWgzO$1C*UkS{1M*Va zz0Y7Vl^=1~KwfPQ5BC}0j1p#M7sXBG5)|}jr}QG|tHsW}J8kXRel42}S4}O3CpIk> zFTd?qD~XyW?y$W7`4DmZElSj{H=I9cCGCMhO8PqPRFYO2+z>kPO3>Jg;~YF?(@hSm z4Rl2G*=TJ=cNk}{74>WW$^7o4F|jBr46_Y8Cw8IH{(~r=%Id{JD2mRor`5}>IVK2g z?Xh=P98PiWzdWC6y6@-hTFjO>Zfn))zxW-Av`SF;T6(0Fo$4dbJdTfyXLs$Fx2aV& zU8-^$v;ztObBMR;e)j*E>DpKD)=>EF;yV22X{9M7d`fgWuqpGVZqGN(2V#2IKKx|a zUUasVoA&&-m69Ijd-d61*Rs0q8i3zEX00IrQW*Ws=ccE(a=95L_lF=PIhb2-Qs}(x{P@;_s?S?-u_}<4 zp^T{h+^+l$i;_aRKfvZ~M@rkDKXFEC4C82w88nFd*GrxxeeJ#gIF=^P~}6 z$s17QmeJlwc$h1VMP!QzmnF>~1J0d>*y<;?j0y%LR-LWplo9#}WEMxA6@;IS-(aF; zvwb0@AJvS?qLNiukU&E_pH4Kgfm?$Hz{K}~V@w)3k_Mxrqd8ZHvtL$!i_*|Yh_oHd zcg`;vxa`dTUSD5-i}SWq=$FNEBM;tCV`EWV%MZvzza$p^p|J*zVD%Y@zRq!uqlb|2 zJ|EtsqxRLPekIlOc9!dx$o(ysgF)C7JOXUMEU}oSvtaF)_EZOr?-krk6;<9OdMs3V_J_QCwsl1U1gRh$#QWIZjFBinuX z1uKF;l7^iB=qGTP*$Pp6MoNWnhFf|6`(02s@gH_`xpLV@cr%sa)^J=|UD^#XMwJjgE~VtsEP1KWT_&kVa+Qxp*DUHI^S5%Md0e@H9QOujmj5CC zAISqU%W=Hc6-7DPK8q09<5LWT+Kx&ZPn*fOn7U-m1^5h6tqJf7v8JUOn0bNEBt_1g zvJ0Qke7Tz4+qGrrML+*Ssr-F5{^5H6bnKcEsWjUPx1Hbr@VI~Pz4z^hXho62j37+% zPph6Vo}NBOR)g#Q++EeVcaFyq|57?&Ak+eQ=`OvZkcTmu;7xb?bF?8&A|O~q+Sch5 zR|mW>0A{1U;F(T{28Q{B5H&hm381r$GCw-U^820#r|QxzWl36pr)x>3A{H1y??vAv zCc{&N&*HXr^WYM`ZTBLBE`&)_x+Gn8bxp}Fd9At}vem2|a!8FI0}XIg)l^js3~)?L zO~)_4MeY)JxLBuqfzLnWZHQSYno+t zWKw?N_Pj;qzn2U97_Xm%z z{@9@#*i8Y<6wd9hPUM!lXlK8fS4rPxj0p~AbUOoUz4%FX2g2aOw*-+sUl^O0Tz_`Y z5AtKl;nAF*I=H>-%YX+(|nirRw*zMxc###xRBWZyXVt zj~`VM$QP_W<15nqvuhu%5c$fN_*AJV`owcnEv%OW%Oi1ZS zvt$)!*xwB%aPbzicMCI8kKJs3css{=&>Sx)v1yOxBJrbK_uT|*0Zy@h={95N6cZl` zqqbK(E377T%_?VXTvvyI^_%JwkxMw-X>18U8<@z9B$((B^j#cK%{6%};E!DEqt3&q z5);&w&0YTp8D{7!Q}rZ`MZT!yQ#h`n88q9mt5;vKmsp#QwMH-Z@?Y>bZw9lJSOIO8 z`p^C9r%v0-v*5CjN&Tw--#?H~-BYjhedsZReaRSRzs-VC*?-%?3KL2(UfX+58(nPp zMuZ;jrC6C&Z=Y*!_0UvTzLyakFYC>hzB|`hRpuzme?mg+ktOb9*Saj#fJKsU1sPqd zP2FEvRVK4d$o2QlsV95|E*k6@`W=P-nA$0Q^iu6oYd4&vX&tfutv%aPRBn6D9Gjjl>Hiu#W)#SK z0WOJ@yh%Y_gg(i(>mU)mC9H~X$&8DTVZQEj3q*m>Ju8G`zJ6`^?WcM|bUqca83iaF z$c-{jsDi!^>?mC8ZXFD*K7YQT!Hov9PxD@fp>NtBddnZkmMZc41>x+On~` zbLO*^(#>ape%TH>#RuV$C{Yc7mf8l&&5%!2#9aDAFhGB8-88+vJ~6}s^T<^G+b*py zY(8*VCn5grIDMi>&ksvXU1zv0r43so?{#E)Sb$Kk||yA?+BY|Bce42C1?kUd? z2$Qsp3>~yR7q2#k1MkJHF}bT%+>xVbfXJzqPyc>jFNG#~fBKGA5G~ixO~eY9!0$`&bfCRh=M97v zc;2O6B~|v(3h|cEewDx4^z`IL)=5aG&aOJYbaVd9c$h zIQX}Z)-}3liOz5vBer!Cw=0Z!&HaI{+dd>On?_oDF7v_e0zCI&#``n_pu{-LvgGka zPN{%0@mV@r*dqj<(5p@s5^#?j#7WPV+8ZStet&by2og}fq6`tSBwr2#cweoxZUf9Cc#Ncbos=H;)g51m5S6@gLO^8W+5mVpfDsII%h7LLEWhxE znZ~w)5fLHgWrpiOD$almpA(Xl4@L}4PaL^(dS1!*SBHJVYY=hkrbfP+aXoIzGemLZyEozMMVPKhil1 zV-j=z))g=RQ}A+XQD}u0HuM+8qUV?X0!>HyhWnMF)jHr;;;$CA`+!4i*GcHrFRW}#=0GWFcW`$F?VO{iD9U1%mYWfY<_U=x9tKPX6UBW5UwuSu=p1!!>LzIyn(yu{i z;xR?0$BUM81`oM2R?}X6xFi>YhttheVOg!Xht@-zlziObSs+?4slLk?^#7nz>ldmG zgpvX`@2s;)6~N2R91Z6qOd1?r!cO$)ElMJHd~DB#xY=pVkDiSWW!l<9of4j&`isAl zKDRwK$K~W~-u9}s){ql+!!5v<{arVwag=Unxf^0nS*wK(y8njN!1Ewd#D-cvLmmPS zT^Bl#pK41Nd4 zzQ~EQ^}%f$*k_l@|JAY9jR3H7zau4`7p@|OH{j&i)2P!na`=Hjr6o?_MO5EyKSvTQ^AaI)-|;HoN} zJ=wWG(FvWE)!~*5$AP3S1;xpv`r~`)rr!l67?mepg^Yd3(okh=c#6#45F9ti!_bNA z=;2w+{~ul@Cm`Y@OuQ`YT(FZaRjT^SYP?uIjW4X@zWSJVG#ZHmaVY9y_F7}N@c7OW zDxs@}_!93s%p`y6&)EZlhLc2|QZ0SE*gE?G(a*&`fZ|PVM=An#@lNDYh}$0)^$2`# z;K;14<#a5P(brj;TGazcXraLOkGNF^n_ZnRRa3u32<603sEC?Ii}Ltq?uE+FX3hj9KYl6{db<@Qb$KdaSTKz(Ky=y{l9rx9kgY z+JenyNWB$8T}j5j-6+r1u9OWSbz96b8t(A6`81OE9e<~Tmu~lL{t$+jr@^7o-jcZ6cin4?x8?5 zR*)e9#zgILU^YAeAfZ&*vT4a>H8RW$wG)DCTx-(j5?5;^7%5|^onKuYtAV2plq^Xy zzC{4|E!0$l^cBcwugN>hKnpm53Lo!A8e9LxFbq$j_dAhT%cO_4&>|>_=6pR@@X*nh z?B@oGg68bG8e3Zxy;Gfb5ACMFcM4qGK}!>CHj+}&+(1beQee<) ztbh1iuzCJKzER!`6ZZ9y&DTY-DoeUvs6!gM?Gnb|v|b7GPI9g9^&EoPq1h2y9ii-z zTilrmt)k=qaWpN*0&LjLO#ghFOxS8cG}zb(eLoq&akNf?W@vY$@itgJC*@thS|zO# z$7!1|ag(~i%}0E1^ml$n9M}uH*3#jBi;Dh)gRJIZ-!a_mMPI%sb0ZG>*_?`iA^t>w z47<|QnC9fkNv@a5+SV0CG8Kz0MQrBBP4S1{2%CCZTAiXVnn^ojL>wHHxK+cR^STo# zMmBIb2Sm!*HZ&yLfbFt%up!O7_7VS~g zV;4a~HU9EEdPQO{JBaRbB|iVB0YcA;hi!<7Gk95dZdnPe3)Pxk0Uy8euyxvRkwi@g zppi?+w7%Hd*j%6@Ac*5P%M5s&CVbl&9_BZDHrx61Hsn3dSE?MbPks^-e(elzXP4(QX+Q)6B7JI3Zm!D{-AWS909%vzSNgTp8HT zBU9J9_n(f@P6dVcHj^5UWrwIb@twQzLFv8~y$UJNWV3YJ!oq6n$pHHz88_Q5o2M_7 z#XnfoO|?Fpe+m2*?^1Y}aZh6{ciCX}rd>TxHomSfwr`PVZq@R5k+Sf!fp%K!_~M7@1?h^oA7rajm+3m5P+y?wO-CTGLs--gbiCvS2x)Jcok5wU;8g(_n?6|1nHS zv|`cuz`gt9Am%N7T&P(7yiSGplNN#$+CoN@-wLXmgVJ{Ipwe%!4P>W6cT4<@angk( z`CC^dl&W{liItv(@oYo|FsmVG&{gr#;^Bj4e9_F&alKwOeU6c4x|N)WVMgDF>J(ucwKJbTcrD)G$8u_b7t-3tQtYa?>E03p1KAN{#Yn}T!amU^`g zfwl40nVy6Di+dmX^xW=9aiWrK0sFhN9K!`v zKCih7f9iDowfX-n*#GSZWNL5Q9ph<@i`3*QD1?=2ruiMMyF+l*bhCCAoe!;-ZtZz3 zFU=7?s+wr5{y;*(j6rA&N(Xo3@jeDqE+KtLpd$V`H)It0SISer)-uopG{4sCiqS=f z0VVcPKU_JOVOg3de|KmE8+;(IAVCs2MfkL#ii#uGIWFH2*8rcttX)Y%3uwDkOmY={ z51jJT4j;8aoz^2 zEdP0%`oXy-e*EeU0W+i{)xn(OI7fsuqwZ?2DMOCkL?#pq1Dq!X# zSEAu{qHZ?Ju8BJ5mI}2g zJmQQ`e!m%M<@eo1AR`)1wP9kqD)ETgbRJgvrrpdpf_bl~ens!q1@6SNU1%P7xK{FM z=(E}LNM+OEn>+ogejuFz-#UED*>dwlZcy^4m3YKUvoD}-jXLYl`|L#L1J4?TZ9)v`961C2?t$ZC|rp_cj$1{#4Z7p2o$5gIq);XD>sBL_A-wQhzI~ zE?6u?41c+5-$eX{4_cV)8HL7)Kh0Viy}JK-y3TVOf11i`VjTr%kOjsuLvsod=--Jcp{a+YZkQFung4h?(6f=6t#?f{fLe#<83up zc3mZ*)jrpBNCWyi5T*8PdbumclvP%fCr4;5Ip|iFDe~~>h;kzLS%kP=I^x|nY1*Jw z^)Ni7nu%i7yu}@U7sM2f2ZDwN9Yp+m&h>UFO|nuYT4}qvpHd4I`1WL6#XnoFlsI_9 zD5?U5e*bW0^&IeWeJhfyXx;lm$5(%Rj$Ssd>er%>KPyPp4Q_A#h*G{mF0VWB09f4` zG2=@(PyP6p!$Iav@2?zbZS^9|@E38?$7>s(e*e$@;^asv_7RQt5gya=p4HQedq0I} zjP~#WYer4vX2$|#+s8jmYp~aZN+_?EQ^-etd-g|}&F_6`S@@$i{|y;HbWIU{K>44q zlmE^8LV{Mol-9T*7d`}_Mgp1Mt@5n@Ru{B0k2$I|$}iEY0Nd@0=) z`RYqeZ2yJ0iXWxku!{jvf@J`;WmK!)#w^r1)}()=Uj)78Zzswa?4$O+-jLcc+2@WV z@^=d`T575ZI19WzqS5VIF77W~CvC84ijYXx-0%))v-A4y_V(9ot0W_e6Chk-lbedQ z_e`x6s_ieWKt_iZHBQZK;K>7T)mVEtK9VqGbyf=0tBn$I1@>_fDRurLV9|cKCNH&|K}I>2$n`1JaxSr1 zej8t{l4V0{HBl8o+5u#V<92#04yJy!V(JQ6m(rBnoVc`nm2G#7|o%}w}tky+f{P;1UA-dIMsBX4M!Gi-|8AI8xwV><~uAN8hsr0U*^fQdP zL;A|>Z}nQXnyj!mhk&=Fl8}i8lrUA^f;3AL3iyhFFUHMCcU>r5EmCh403px z9>{Tbl)wwj_cXv8$72ix)cxYerm5G|JSpi!6|) zCiCRHJQ4YH+Pqta#O^1ZUNYz_xOki+krMXE+XvbmfkY5`4yUi_-HjWC+bh8eDZDqW zQf-~KXM&B)d3s2KDor8z}9a;+;2 zzezw{WWHR-=#*b94ex)WljL~Q{`}p&F|yvzzQ_WWknndzrnr`bmcOAD#+r&ff7#)R zXYDY5V#3MbaceRYYxeQuq}P#UIWK_K%$RjqH?mqAIg|0T3$ebOoX-@)Vmomsk1_Ug zHMdvvOu`a{+jk{q$zo=pYKpLf9pZw?vTR88_q{1-?Q!V=bMa+T} zfhl5nO&T+>Q58#Bw3*o&npU}<7nDxfbg~=m z`q{&F;WdJPL56pk2eLgDE!D_Jk`vK~OUYCL=a^Bx@WgD_rro1gd)TiX#3+PpnwGZQ4g|dT8Ek zx(kR&uE2IiYHwD&rWnFWZG0LYyiwxOsuvm+1XFpPs{nPO*L|W-nc*{6WF^SR#6X)G z;q&-ly>3?GB0MR8Xg&9rTFjqthhLcPkrPu4hS_|6N3*R3nBMSDs#Iq#WC$p5}EWu6K*{**=JhCVqhbs}c z>d^qq2ahwAMvPW7MYX(C-)rqjfo}QMOH|@kzGH6@J|^n8wi{?e0X+SOkxhfmAYxpNAVw>sC;612+|u|WazaulkM4)lIP-7FnJS!@reXWFD_ z9?ZvYZa`3-P^bR`PDJAi65WSO%cfA2r&Zkc=58P`oks63+Y0LCk^6(;JWhlp?Y%y!!b( z#?|?(o#Uv6i$kS}y>5Rhe}37gbzqTlW|=)G_bJ>8ya6CKiW zv$wLqh~+9m~Wz6L~=Le^Cg*4?@Fy!0T0&i?}ZHhjB@4C`rLpOu@m&hx^0w zqZ$#$#r=YeEkIvIw&YO>mr~`#o6=Aq6BD<~1K5qoe&v0yi?3w(kpF9M4vuAoH{YN$ z2(crnRb;H)hkJ0nUxjZ`{AA$Go=uiOm+6{k7Ax5wpQT&%x5R`?`rAa%YA>Gj+n;O;&3I6GR~F20p|CD1F*}7H$6o9cF8R-&kyMZ zD{i}Ng0Rb#I_2zaIJvw@LWH{~g&2pnjS(fz`*F=gNfc3~YJFqRCy$v{Ui-%U)Y*YDv2a<8WV^|ENP6EF4{Ml4e-FvEwXB`_);{1C;Vg3GHRH9wh{>Cb zUP*ir3ZQ8mxyMoEBBw*XfBxzheb1L=;Aogxnsb?}Nh|qGWih#z6L^)6)A&qmw{|Pe zJ!Y5cyWlng4FW^KkO%k=um7~|{Jel1<-|20j=a<=;*Z=Yp^u_E-|?5{=RpFN@anK= z5+TaFV0Dg+qcdhw3b<|D@*9JaQ`QZ9#9bX^@}i6oBq!H46PvhKlFW5w8{}bzm;=Ha ztFA@33!NM*0C)z^@gkvY&hVRM7Afyl|JlrM#Nc#+N85dIXB`>kKm6{OmU*9Czh}M@ zh;rFB1fYK8SECYd#PSNZQ6Q>VmC##Zv^at%r^Yz*-)p!*^C4JXZ7+h)6i>hUfa~q+ zu=xP%i8<>XKkNlp@k``e$|!waU3B*L>pt2;46^4Xj#A<;z8Zv{;<6Xj{2Z_g=Lf}WC}4rf82eBSq$KBu6Y zvQxLtFSCsx6gR%|%U#Dss>QW)ENt7kUe;dq16gkLJ>N)TUZd5oY zG=4X{D&HY0bmxJ^Z8?k5|J}U%KUQ0Op6{tVn0wEdRhhMq8zad6GU+zP`OcNiX4$i# zxO@@CgjZU@&R_R_mKO;K@I1dOI4TD(@9RNaSrJ3t;@jO_gpDnRaR`BoOq%st zEaOST&@gp04U-T8esti5FNP5gJNf>;K=6Bhu5UV8M>(+<3sbK2o4a6$*Y56sLT!$% zd>~iuD5NavWjQ#dBLqdY@&48DW#T}~lMxZ{S3U-}$@wrrkDXy#9I>^m?L?L|d%Tub z1}he2R`U8h_>|xE(|ax7*Fs1SZ8v2?os;D6-?3yJz*AkEx_FOQTR}~##VVs+?i&MF z2gMubwAQzSXmD2$SIFa~Guf*KvQ}|Bk?E6Fr&dY39wk+l%%m zujql|WA6r2HtPFo38O&Hn#sA`10<}+;G=krZEZaQ!TBrWarf8pC<`xo-Ydc~XtC~d z>0Za>;FUEoYOmiqZ5BAcG`;vWYZ|Y1NRJb|fqZ{|s=J~D-fV>%;60Uyo(xE8=qI>xsVHi7G$_j z!^dDNAzrp!N1(v38IETM@M+j}@Wh2qzYq7xoWu6^+uN#|Bf@S*+k{uje?HrpatbLx zbVa^gUi|~~`rJN&HY!8e>qA2a7LCsnJU$@iL=aN8!E;(#nf!1Ls<)2?jqbTYgh?Ah zl5{_@$fKNF8Q=1>pXvJCFo?Cdz6=g=RK2v`)*v~LiQfEKryekU z!z*6#C9f)n?9WJwao4N+i&5FYq?f)HpTx+?hOS9{S8&;Eeo(G}%eBkqo!eaIi+TNL zX_Z$3c)X43nJ}+v_$!2t-0|V`egW>f-f)s)C}J)Ft$Drc5Ff=5g+(1wX=oMwYBR}B4YsQn+ZciBw>tE8b{mSia2 z@qWe~UmAByRgi&WBh#;gzO-f+$9LwIE5A4IolsU%<`r;zgham!CUWHtVR)0A5f`_S z<+zyk9i*00e(vyB_<0ZM8eUYsN9-JVveVgDLa^%GMuoJHXsaQrKV zfVcR4pgqBuC$9!Tp#FFLdCn^?msfv{xY*ZLb8*IBHT&lrNd4cOAUaGqh!Rr9Any}po@Y)KSR z(j?Al9TY(E_lBy(nIctEH&til=YRul4kB9y;PenNcF5xS-`r-lG}U?S41L$VA7TZH z*@pj%uCt12s|~kxaCdho#fnRDr-c@Z7x!YtCAib#QnXNtySqd1;u755f=lpVC;vHP z-|R8YZE}~f*86>V=QHP|vEA(Ne-Cz=G!VwRbw3{8tlCj@Yz}%ush8o zB~eIMcAOXu7a+Far0aBZ%+wm3Et-JHePDFhDHr6t_ik=YGYxWapjbkA-c53vn@MKm z+UlEY<~E3h#mx_@LtqnDXbgC^U}teM>PE~eO`rZMedXaq_8b+?2*FFDgJjaW&nDp7 zODjP){bp*MyaKlJ3O&|vFnKxDQg5eeVenap)2W_Q)SI2?l^W3Zh$Fd4y~kw~M-q6A ze~&Iro}v8NWU_geAZ3T*Lm;$J`V(XK+9EMj{p5XWf)V$LYh=I%E3F>)(&KsPW0{w)RSZ00vSxj4cMKfiXX)?IlZD zc{1AQ7Xbf4o-0!|77{fn%O(se(t9HTG?IHEa``aSEuXFtVEq8mW=+QX&-6ah@ zzI#|K47etPijVCx!ZMUaV;EzMg1YRt&46Dn6PY+fTC+0UrrBr}rFN~|vLNM8CE-^_ zg4Jq5Yh$h8FlIL@P#Ct_?;wTfAx)1Cz{c|S@yK@R_zT>O0^QV;HV0^de77V963yG) zf%vIy`49=qR0v3)fq}f9^^;a<`d2WWOcA(i^V`OE5*L( z(1|(b&?xRKcQSqrWs#!^?B=-Livm3TCH15w9Rou7O_u!x>}w9#!Du%^wHiULV3@st zyPixNZM7R+Ek|3Y$N|4Y7--@)c+CgM2ec>J`~SqsWCu2w55)%yetiYFUk)*@I{3i0 zPXtk|Q(gDz!M8{5QP?YyP|TNkN!W#v*i{AA6ZRJVE~b=7y@11+pWV#aC!v>eC}OL& z7`fts>WlyDvnOJb>g~CBm)oUbbN!4;P=ouiws%_Yr9>(&g0SKvdL>TdCHB4u_W3CP z0_F#UbMFdxWnY%}5w88JIDBPq$t2=`gc20r13|TM2CCP%WbO4Y&fPC zZ>$7;EYD)E(G)`r;ky{R7^wp zABLyPQ~(p+9VKBS^nUN3_R=Mu2cL z-?`BYuvUYw)h}{hS>q&x@A7N+&3b;|`k=8@mNjQhZ*C%*RQhV=Ou$XgHu=?)qKKZP=P)3H;x!~x@r%y`ktStOUloVBqbFQ1U}3x zk+k+Df4fX;s;)w?kYc zJ%pwPFqZp^aw3Ta_4dl%KM5n;XQ9)W_`THje#t(zo(ne~7P*-w8z49W)PPL42shLa z{$NX#&>2s`m)a+xkSwSu(Zd^+E1WlI_)N(9WCO$q-J!MccmRd}eVS71W7gQlY5eck zx|^XGAg_mA3Ge`F7PlpkR_E~Mhxsg#8zI<#0(b!W3k(^3d0hHxuqKfYyx?t}Sn)Pa zYrl>UH?e3#LpG6T_xu*q_=}cBAV#~JbY{A>f=B=jGHE8l4TMDD>Ke;Y!TCyGRiSGZ zrb69BP;Cl_o`p%^Lt%Eh63t43gHzzk=-Qd(+^2QLkb^H;_d3|~G-4hu=NqAz?86V; z@O6oCuHM3;j>)wr_6h>y9D->hXc^sk)Uy}vL0_H*FS`HqkIBuv-Bw>!Fyn4^TsjK# z?Y?ek#d?mB9}(Aas4!wtr;S=$Ta0D!e`Y2*+)Vw;`SWhVo?Ev%0svALWv6g5#6FNo zo0Q!QGQk23UbMB{woy6kM&v?u4QxMu9uAn`Gjs5z-B4Qpb@L>?`J0`uPDa|B#~MPW zQZJH3NEtpUgTCkr7Z+}CQ`=wm#iwf2&4s$*Yk;Y?JK^ESFrVL?I`gp)lL?Zd&oRI! z`&oBrK*+wa=bmw{EK2*{o##?&c3{C(x-~n8CqLeKyKK<6`~hXq>;AZMeR1|vGe{DN zn~(b~EQuRsGxXlIe|3ihQ0y8iY*6C7e9giTZ>^GUdbzg)a>6K9gyP`gHgsDupdl~y z)emt(mW=~_oHfpEdHcKYYRQ0Kg0Ei&pg~*1&sFQ?OC|i}3wR8{CW-2Vp=RJBO zSsq*G;p>rG!5R?+iJi~hn!k>TN#sgQk5bv3UiU_)jnHb%m@cSsWzTw>-`mdC88|*? z`d`gi%Sgha&lnqk3J61)?bJJ)R6+c0s5F8;yZClRZHQL6;K|Q`?*%!}FYjT%cvb-G z-$J0{WiJ!5C`O$63j@+yz})GIyKp_>CRaK&K)pU+=FuHS1vV64@!ogKL>qrN;UwYx zfxnw!+4$_^;z7CECW}&Rmp^v_`W`HxJ9;F-oerCBv26r}?3u)FNAk zTT(9%2&s&}-XNxI^{cf1)&7z$|9Bq-lnq zBXE@T(0ll`fo-SIoK$ybK)IunI={yBh5F;xCpR9lzo_PxSTwDZ(|seyGJ<!udMo zMGF#sp$ThSM=g|T4G!9$?a+*eF%DeAq3ef%JYG!AwMqlLSOVo|FVv${U7`L*?y)#e zEV(GaX78jDO69MuF%EJ`O#Rb5*nb$!g`Ij3!Ls%5E^U-NSH}NK);I?dU-b7NbW(MY zs+(rB#aqXZrD@i)u0g)!p)q1U6|v$+d^Xm+bc#Y&H)q78o+k!G^cc7e6C$JlA&Xi% zMh=in&#dk^N{{VG7JWE6K$G)!*7c)z0KDH2(z)+W&Ei0NhW0fv0l(>d-*!@vo?%wu4V#cvaf4{RDK}{SIWNYoj zp}5YB>2Iv;OQ1RJjphQHySDY3!aE5DanFb~(?Y^fLPVNYT=;Z%cpFq8e*$)_160VR z2GBQ#A2Jt=0+aBb3@nnfB^}BvD;77y?kADT3l3yjb}xO3+hzL+eMotz&m|8&8hzGe zRu-6`XXbGH94ZyC)A;H`HN;Y@f^!$rTVLjqRD>E7)kAr45Dk{9-EC`JqX*YlY+Z8g zNM@ynM26yK7<8q z5KP!XH*Q@>;m9u<>*<7r;KQ&%0S=mxBm?(jXo|u^e_;$q?NjBQNH# z^$|lk)!8b|!3UIXSkx$&8&8SB9j(VDlaAN=u9WSrGg@$1nd1RduO^-QSL?&t{-*C! zvPkIjeZgN!{YDTrt5VeZWVi+C-OgMaQtM^S_7H9^-f|gmt?yawj~ybq8Z4I{z}=94-?kH~dVqdKgW zILBl(wfdm#uwcD-vHe-9$u{Z?ko(y6TAI}Ex;L^tm3MpFPA6LJTx5@5W=z{P4Lo8! zmlJ&CxvjB@a9e*MYyHBZ%L5)v&|>GOK|h;qEf)`bean60-pPik_U9Af1^WgY`zFW5p_bce>!An9ZNz ziBLj;hERMN!j)UQ8%`G{yojv^A3=5FY5WG}E|zFErDO?06XM6>8yvGY2j)frWMkQo z91omf9IEWzSZZu zkO9=h#7h!36~t=paCz@tz6dt-a>F>^g{iw0I~z zzTV?<@z}>rNa&5zN*R8Sh6F%eVM)n5Jr$E>NoTz5K7{Cc;RR5R@ zbIXVLJ0dj4Y2@{9nPl}w2>@FlhIrdT?Mv}b~N zhA>_2_gdk{FAPzT@pN``_dKLItbMRnr!tAWM{O6s)fl<~d_V!%QJnxG%^QB>GQpye zY_wHZr7U!{^U#953XNsnj{q`M4_OC9VL<7iK)$>}GrPg0wAO=P(LfyYew!b9uIcD?f@ODqVg3vT@~f zhfGlq;s}X};M+Z@&o82TXdbN9J9-{hAN)tMKRDjY`^hm`hZS@^VNks!5R4L1fcpKD z&E%@_yqGdd%@#tF-X;od@n{Mc0gs^=ngEvfJJ@O_VvjB~Up9YW)DEV8%*-w6g+Whb zDw%;Mvy%Aoi0-`*dr>cUIWcH}N5RO;VwKsq99`d@tsanx+*z|_wjEN7yZ;8l-F4p} z{$`~#aP(m*8(_SPgFa_u{4zugQZ!~#O1ZvjfNzFVvWpe}xJz%tCHc|5i@KMeWP@>3 zcB84>sXE(lQcDx2`A1WVM(g?dZ{#5pnI~}M(ph4vCRb2>=V&jWeRuVztn&X z!CZFZ#|dpLU<@RZnRpE_5_QvsP;TVlylb>wfL|6D;4W;5AIRn?R61n~ zC8aog$EW9ak_UCcWW05uh6w8c*ISRb@c2BDz&bqyRga@s9d_dr13{;$#p|dm(%j6c z4J0%_yQIbk#MXqwh3D4?VT3@0CJjL<;zh6S)-^AbdW3haGXAN`z5ENQ>-+r5=5pyx zG~$616;{-~Pg7{(qG+NNotBKMng1->pYH-MU4mcx$Txzz0A4gm=8s5gx14bs0s z9k+m&-JLrlu1Lj%v;?!DePwrT9?RVF_30M$*hCFVZ(45gy8;Gq`PaZV!3_?c$uliU z%gvw6ac}Gj4;ViD%E9^2N^c>sgJFC#TV7L$gc{W2%X{JkFBt^uo{IUJMzPWa5KEhV zE&aE|gsI2yQC8}FwX=tmd-631=1?4S! z-;!#M6K&JX8DzdjViAAVgF#UGyJwMPJa=rx<-DdSj&f1au&A! zA|~I8|HQ6cHLoW?6=?L#l(tq?D=gVrp%oE#g)-K2RO4)KQDM@Q0o*7sB!}c5KJ~o0 zta`8j=T3GM@a!^d!0&z5hojoC0mT4?!$~#zKP!$it4-SsX)9rTjas6}X^7|%(*YXY z5Mi;3zp#i9Nh?lUDaVE}l5#(l$SFa^M}^=FcO#O@;}POB_qCTsai6vtwV(&`ZpV+I zfzJm&JuM=PI8Cb)u_5X2@s^J?llUyRpB_^<(<>ZZNeNTJ?S~8(fwFNf^C}J z9F7SUYVivyp%YECm^;RBJT0;47MV=z0nD)?oN{d^4}I4Fe&ZoJOi;Hu@k>Ot+OUud z0xOubW277#fHM$6oL#Utm`x*fW{P-Q8S-uF^0U6c9a z#vL=>&(`mTu1;hNDcweWftbLk^^pB?#qaI%WzV!LwdJn%-yr7g>z+$OkX_k3x0g0S zniGxlPx?VCyOHM4-m-jnbb>>29dE>j*g<@D`?DGG$A;m9#VTnzY8{rDUBY+#n&Lus z1H{$re6u;~{07WRb_<>PzFT>W%*q+`PR{{wzRllTqDa&WbtB;Qlnily#P`7Do?WF5 z!}+e?nywAEoS7#c9l?tm>AQ^TvZ(!#^ptJ%LT2o{5EBLMTsx9EjBf93D*HI+*%%g8PN(7 znMS>`D-GIZMR}+4S@93)S$Z1YDtk`VdNt-#Nu9j5K`Xb6t76PRNObUnLBA=Qgw&)q z%8C4sxJ^a(Dk-AAroSAr_@e3+8PAAr}B3g5IuPBc`OwUM}YfKf5r z7}>1Fr^!E33U9I>?rch$4Q<_>cRf!ttESne8v3MN>ACC;-y5=bRw+1{0yPgcEd4-~ zZ>7_A$cE@z<#18$DwZqEX+}Q7b5;Ji%L><*{uGSg)FPzk*r78Yt6|vi&Frh+oMN2C z$bq9T=b7?esDY0+){bVGu(T{x;7$naCoT1={_OOrr7&RE$S30_nG2)4)w6yhs~Wt zwk)5NI<%f9JW*as$jJ@)sVAq!;&U5w`XwfoYgsS&1N{!T&>`Sl4)SnCwwTAHRB5<0 zt#A4)pn9dEJ6TST_5r+hmClmI1S^c%8lCF0%)eCgth>A_fh4%UFv z5CYR!k3Q8jJ~{aWQ-VOAqkoG-10^9LWgfE$r+&FUJkVI^JqG4?8mxm(pE+Bhpqrz) zl~|)t_g^gIV1kwyj7Tmii3G#p7iJ&0z9H66p@K?}}QD4Qv z3p_^4HMsKG;<02r;n^h2Q3;z^s8GwT^EFB^@glXlpw5l4Yh@6k4onwtV8nMV=(ruJ z=ljZTU(ijCy#oi+>yf>6x74E@d%a>9^f8AQy6pX`3>%v&Q)DtOs=c-aZSrnX00hK;M)lLK8!Adt|mPk;n0NPCRm3zjP0MFx(qom{M zdUGL1h+R#>&e%o(q;jklh|!VCi`VQ_N{vI1y;*w;t~6=JDHW*iJ@#u5`qz-QP=6T; zb(jri$n`$INTJN+If%60Z<_Pm+I}#2bw5lMXB|&4aI#Bj&%0fo)*EB)SoqUkI#a!O zl6|f9+laVd!fzIQ>uPsNxwo2){Tae_qDk5IT@5~N6(=?5A%lD4$u0)s_Qbrnt_MQU z?$Ok=itH0R(fC5nq$g|_J{M62WWst?;i*YPbXt>PaZR*@sjfv|vfer$Y6dnHOyE_g z-~;q`X&Uq(QCKHsdgYEP0bad>^U+OVb)T|&P)R{}NZwog$n{?ttA!Rmd6}lN{q#fj z`C%8*hj#_>OvdFx*(B(`NpTR}v!Wge_LBOPNZ>A8lHXgt&I{{74c&{%kVZxqoS(Iu zUR4^H~f$IkN}^O z@O#0z80z=NbyOKjq_d~p?9wwADyun{9WoEXjjR^LlTJzSdAhPK}eW zYY!RQE4WFybwtFFO|>*@(GqE`s)@V)b1t9EsSSS;CkGnPrN7@8!|$Fia>t^Ou>Ibd zc4*o9PQ)!%>d#LXgjzu)3?mt-fZeFyFfbN`gu6DjxH!%arij3zCPP$d!x-K#3@9&3R?6u z5*&9Cb>cU6=8C0C5Fn(Db~54Few-oA^({n&WcZx&N&$qm;dS%z@nk2eQytmZsD)k` zV6rQ4~Cwh%k7b+WIVXd+ybfj<2E`P%uE zv5wK}2E<7>vLC5-+Ts=L5pYn^z_`~{mTj0QWNmSucB9gr;1j?J%Scsx+4Qhw;4!pKxlRtdKrRv%m4 zF{|K}0ie69auY|#(5n>$gl+*X|4QP2vDPkP4$A_$mogPTqMVB1bSU_MWK1!JAMrE| zyhq1<)x|$adG+AATzRz23@Tf^hk-_{1>+yhP|Uva5wF|8t`8GBMUf>i;&NUQRw<+@ zzUE(UZW8^CRK45|lKxn65)fitEQS6!$V}_ee?{d_Tlk-h{3Fy=X4Yh^`2tp=S^Ucb z32nU#O|F_RgNU~B>o6grZqt!rqkvEwFF1NSw-~U)WX^<iRXrbYkhVI(z^qNia+4mgSY;Kc_T`*J! z#*DxKwgQ=eJKXt3q=dDnk#%3H0E4E{pKDHN*nmL~Vi(xXE}Kk6fXSDC>oJ{lDa1M8 ze76=&Y11rO+NFtA9?>P>h3wkJCzEHsHL}A9IR$G{qKvCv@6i+ajqDG9$Vr(_xR5_t z$qfczQiez(pe=1P7{=@O4|yWaRq?+zbaCK+<;`$2LfdXhq<;_fXOrEU}8 zxmdQ7m3G>9-bNoQCGlLB?iqwX$F5Ep54zH>wT30CFtjZ&ej?rw=S+2!lC33`9P^3AlC+&h2)R z$qwQB%YGjI>j{AP#GaUMfNP`|ZZHv^NQP&*-lZ+|r0GDtywiGo9)$@ z$ld)Zmv+bf*<@J;6S5~&Yy>hWh}ie*+G;%IUh?cJtTSb^4<>&{B~WtStufTz#U%Q{ zA(l0s4rOw~e&0fK5w~*dfkxL5>I<7R0y@jPj#$Ghh}~C}djJQxM$!2hfjF4NQ&!tJ zRCR91BZ`;$P0jl+Y2~;Yjlk1~M!SV3+qp8^n0J8mBwUT-Jo^ADVp9;hpcb-q1kv0z zq#zpu@S2f_b=Hm#FP&JoH}(0ae*fLo!1>W7&`v(P-VVzdg~42hn${J~uDSnZzSvaa zwLE6IiyY&^>&@30TFb2cQB6$+cwLDPzECTF>s#NmJu!qtV!b!#;-Ysu5Fx6%}OM|DRF z9{AJ+F!s8(QTH_ELAZmov9veQLh+02LGz@$ijRzGqt9CCy>;QU2V~(#3Fv?mjUsXfms`=)>o2AcS2gD=lZ&qX9;x%fPO5TF38t?(-{b zwyvh|yKm>=3*WNiI#TY$+A>58YpmwhPDBdGU|26^Po|QeB}U$fe&*@IURKUDUr91) zyxmJ%yo35?*%j1OELwl-LQ_QvG_M{EfHzZzh|tYT{3GXNY#HR8L?;c- zi9pmsY6#PpA3GFB+4w|pRkXn1)T7an9KrDbCd;|y(HHP z_}5Z#jiknLU;ELHa9!E$FLg03;XH&k4#3>){AZ*C?8Y`hAL~bcm$zkv0vnL_N`G7% zmmvM2(H`esB58r&s%pWLV`;mQASPXD3*LP0gB;(u2gMUhOp(|fq}`}W(@>_I-4rRMp zkIKJjX2VP@p9Z))Tyt?3Et-yj+YN`3gKDR@9U@an1Sq$P!9g1oXo|l%w(R7*V*l|O z&HObHMoD*Dib?(}xWK1V1@%#v+T~LuK*5wm`GF&*C#t`*I6-4%o$jF7h?fz_2oP>x z=nH)ipPLFes{?_e>}aUyjYq#XPJbt`20MaEC<)IvccnG zw~l9b*=^a6yX#${4`hG{7Sk>}Fe9GiS@=DvdivG_1jOjB%nf z{}D5A9p|e4Qa3{E9`a0%?QFI*WxZ7Za0SUf8&wC$mFv|vSvrilIyYO~dPkEd-0Nrq z`aFW!XNr}1aSPE{ahdUa9fkY``2E6cbZBv82?o~jvPU0>eJ^Mu&wUjcoX(H^p&aUY z1xKxYaH{4zjTqf&o5S?KOUFgrD~v0gV>)B7LG^{uDQZT~PP6OpvJu}TI0rk}=5}hu zU!>XyKSFi^ZoA`Mpa#s*O@0ok+vW96v>R*>g*_ce&6l%Kwj2~Hp9nzB+F@_r_jEx( z4~zY6kJo1j;EnXXV0N$y`f=Oq-WjC>{TNGA$bqjk!uOxlDU&J_j%#su(Nz6i7kvI7 zyDq8J$}ENxQ#vhb$CZ^D;r`-w8FweQRjRdCg=MPhGq!X3ja3)6F4xU8iDB;{)h*xJ zE}g0&XUR&qcGVNYvw6%TCD{kLn&-ABy1POn7n>oG!SA~GFg zsOJxX4HY`6c&W3?F{?wrPJRUJR}YOcK(yu#BW$($@)bhCTN38*sdOR=bPnR zw_kEB;Gr_Se@Jlki4e;xuTg z09Q|q!k?e_`v$qIgOcg#)@RKZFIg)YkM=S!dH;lPt#WPspJB0;^09vrp@NT3iS^AC z^&S@0ynV{WGeuvZ*21r1yTuZXYz0au&++nG9T%P_{15(j5CNeNiVvN|#QW`1cQ#mh zR+g2`R^tXXGaoF|1za+&P|R`sYFNCnkHE~J8sk}IDL1pdkuMt=IDf{9PNA2ViNjS@ zzPf|Fc#A@`EA6-=)s+lJxeB`S>kwJ}Q1E^S`22#RQDtLKB3}geTC{edl#5@pSf$C! z0WmU_Hj^jd%Y-4r-P-EI$AAZgg*TYg8kjA;&XKc!^{l0=z$myjY3lp%7as#<^1Ks4 z(OjFS>J3kqUmk4?Z%n%7`#Wisd}8%YQ_UcEhWeq*x?+)0niIrZeyJlh#jEa?I!g<7 z%skB#YtpG5_=4{}W=^vnBZ^?}Nh26sqFiuOABm>k?6`ImmeKhf02v4@4Z~Lrtcm0@$L&`SZ~sv#RUjX$F`4+oY-KUBMh@_yT_kYV?vR*;_HjW`~utO+;{l z3BD^i-ZsE*t;r$!?8I9`I_rfaN^49y4M1v$W{)v~MVi~dLVbY1ZTk1Zk96HUVa&e@ zEteRGBg!G(Ckn-;*KKhwT+bj1XAy`Dg|`+ulafzggrRp&=Zy#zAXvU0y!P_ch|A@j zg&^*9m}=~%dOq~stgW=nY+%s2ohv_Y>MbW5#Jy3W64E{N;W-bMPYw)$ITgA~ogoKz z6@PE``be=y^`>?Vl+1+|qx116q@b&kF{`8;YQ&$0=vIROhnvpd@r4@h-@if$k{Vq$3`!7qij9 zGfE2ULeO*K%hbKCnBty4Y#0qLJ-*h>JG5Jk=0q1^4dd+jB@ zc1~kGkUoHDcd4cmkIk~w{2%Jvj#u||kAce+f(}Q-?T~8E#d_|Jy|BY@x~K5}d~9&9 zZ=~S2d$q?eH>xGZGly}wOeO~e<=L#^!{>ri@4nQElIu^eqg>6L{7Zr@!qKr58K(+( z?f`^Sq%asV_-j~AA>8{zb}MlZp5u{cyH>TjoII41@2yTjSwZ$uVI5gNC~Lb^I-?Wf>Q^A z%11sDGYazJr{)HZV!uHR@r%NR_zE*ZMD9te`;Q;jk2dH0?_S{c*~KLliPJAsa9`$s z#o6;9OW#x%I&0_y0CDI^Oj%wd*I(j$C(~@sims{+|aI^ zDc+NfK>TB1%*+Ps8XNLBL><}YiYGc5v{*Yt7x9p^g7)DAeIHh#9L0-jeJo>9Z85Ct z|05&Mjso6ci+r;wa*g4i>e(r0Fr#6;tOqf)fS5Q(!t3kjUoHdT``_J7(5EAUgJyat zp|{ssLjb}xMC|obGF6jE5gQ8BZYbIw_rT|i=XmSHjU+dN&o;t%n6MkKd}$qKW}DBA z?Z#%EG+F4peZ66|K04_Hp&t2)p!>mm9TLjoL4!UJwXa`_oSHf{6U(iSPH| zk5=ewK&wW6;u}n2drV@E%$OKdVCfI##uAUv1jI4-f5s^9Ld`Yq^>W^kX))(@tEvIg z`+F1#033>SYDnEQd=?QB*BAMGluk{OEZLg_mFpdc+2N%P1wzK^6}8H+ zI806lf`vo34eMC7P-6$QwbvPAa6>Zpo|9pm7SwN7U8`L1<%?CwX};g(h0fR??{k>^ z)2U87K^4X(n#^!Ep%^8-@0hk6iAH5}#P8nZH90NGx$s-LmN0)nL=fBCy-eGsHA`Yv zZVC|E*b4gtmU`5c2c37&q58eXj%P{0e+w0lJ}6)4mO-Oy>p`9Jvo3gk^t+};5QEr6 zsd+Lc77E}MV6Q~(A9#HJ^4-S9#$)Y$>Pi>weY3ch-AW-@HYE08C;P0)<8*lmUTk93 zp(42kkLI;@XTst~X?Q#IvoBWMhp>;lE>Z`{j6Rhk>-b!!y#Mg*rX^ z$LQZRqV81R>k$Z$p=iN!5-DEq>pGKiX>-}Tk6-fG-;w{YNGX5iS$@jxz2^$^(B zOI-!ubo-C|6|#F51k50?^^F4Q$GgWk0lwJXNP<&!+Dn8`N5|8J^p7gOHu5jcR~WJB z8L$B=V$N9F6_EMprU$SV=wQShih0Jz^HuRvUg5i)VbIc@JDxKHKkn45oH4k5t>1w< z4wCRHL%`h@sr&3}@J_4hL;%hm)FU2j0-?#J+9q4~=)*cft+{s+{>LzzU_guVafjoa zT~W&&zxcL)wOZ-nHdb}<@?wb#`#F+01zU5*H3Or?q}D6q36%>Z2oac*sjv!b~N|NgLU?W^~UjQWGtn`G;P3zr0+}rs~#T0y;Ijs z5sjx|Tn1<}*VOQH5^XhGfRVY~f`u(d#9ghZfUtSIvQlPIYmaD$?}uA*J-FM~m2Z{| z#-4mLSI$>iHZW~@i1nV-X`b8!>}@+y@mbsO34X~_2ZrcRq+>GxXRMam-cv}ff35hs zwwEE=+Z@tnm4O^D6GoIodH?6V*M({O!~6z&hAqnDez|IgihGgv)V78#>Q-$(49BiN)y1d!FF0Y-a$nF~;a3A{ zEEQ~Vus)_^bQ)>BD#wRkNcy#aTd#m8yBuywO9&SW6~rPN`+ZW;T#zi^)-{Q9GKNLU z`R9<&xK!f@G_+~uRiGke7L4q6u>q&Vfp1~V8O~2P;on|DZY+q1%z1%=1Ha)f8f-O9gaNn? z72QVi9vRauX#HlBeY`bCJr-##R?}C@J(@DsxZRemmj4Tk6N#z*`N~n+Nf4>lJ6!oE ze3H~GN8bD^$6Nuq)mF~_0RbVn4z$raOE-qxla7K}ym&dr{n4o!t!$F0evhX@P+O@v zAKH!4b-(AX`PU9ln$3ro_UgT@mR?K33v#E;&@1cmvlW3m&i(TlvRSH!yqLN&aIg2! zSG`y{3~jwSRfDTv=}%#_^;TaR-p$#1FPc?3%-#!fJG9MBil?*E4iNwYuQ9ALLnwz4 zPi#f!bUuSC^=l2=s#2~$mw}1OK8NWXP>M!NT0K>zuP)xuTpgXiZHM=EjI{r4W|xCG z=)uI>bgqu-R224E4%TP&X2fU3(v?y;RDR>eYDzY)5hV&j95k`ni6g2n80oiS(&{U+ z-EQDvU?+*u6OB|2kvZ1jozn{b2{no4Wp6S=TQXy>+{}5%+w!jxOUAx?C}J=FG*5Q$ zHsFgf4W3DjCY_jB<(%=(lkG>oG&wzKHBjS*TAXP&*?-(y z8M^u_5KvO<(*9$hd&RMH9+FaTrP6%9d)O1U?sH=RYiaTGZnNYvIWQM67r&9uTKvQ# zS%;ug%TtFVX{{UYRuHPIT9S z@IqzhOV(3o3+r}h*|9^OZ0UT3)`~{r@zN8@ z)rl{K1W#B6nea&Ot-W_z9Xn;*4|T@yl|^30wZ*>+B|SfA^TBX;R|SfVHyX3k!&;`G z?>x5eX&_i{RGVhE!=otXVu<4^PvqJA^L64<9c%ztx%)l}e+}hFO zsK&*RkBl`3Ppt1rv=G>@n2AKRMa6^7<6sD_J)sp(rkeO|(}IH-g*I+kgx&<+E-3^E zsn~PaTo}VqrN)KEw(dHw4kcD;(uSSE*hVkp|dXebPzl_n_-2R(B+RJ?{X{^I40mw@W-O?_PC*;37gzw8`K z8Wfql*vYfsDD@b>T)0T6)@fHR`;?6HB9a1LMFx-I+#wj%$pfVdsLKx1pl8FUbhCig zg~d`XQ90eFs`K^)Z@tj@?GI2}#EvsKbv@>~$#`e35C)ZbIUFE3k=3;-ZmusujNktJ zLUMV*+AdocC*uW8juiCTY<65lbhDW%%QSMi!EqEG$PxRHjTrJO~bZ!c2zI$IG=5IBK5o=XL$d><($l2J4@MHvkPlmBq9kEY}4F}Urx}-XV6d@-y%c(Y_ZFZ)wIsSNRFhjXmed^LPG5-Pe{HAFE-@;OL&$7z^6Fd zyA#$>OVwpH@yALo9NVqNelN;$zSU0Xu>4kA#gr@Ty`W#gcp5_#8Ue~=$J?V|$zr+^ zc6nFHSD!nHJa;6ttj-4*ko%_#fM;_cATS=cYDd1y1A5w@OY$bM;1)e-h;Fp7mziWs3ADNW3;~_?V6WO$B{RlQ70yr-|CAeh0|xgT$C(sC(>~?zVSvUtiE|lXU-4G<$AemZ}RH7dy>r}U^9H_me z5!Guyc5-{zbYRG>v5mxPc>%T@sty??Q@E0 zz0ji@Hj1Tew67D#bZXnfonte)iXao%XYqMNlpt;h^+Pbb{#!Vac5Jo^2igf?SWW@^ zT!S8B#=v+%uJeOzghWljAftB_@=gKpj33It#!E%m9{gXS=lKcvecv6aa;HVGuMm78CUcb~9NeQ68><)H=n~S33mHp^uhMUKY&^z-X7jUX(T)bz zmM(vX!gE;e!vuEOwVT79N&L^~Pzo>$kvwgG>Gwf8Ek}}@bW8%)_p0GRt{(eo)=U2f z073u0NhkI4e&jdcR+~0$H3zHXpr@CXZ4e0Ob$GB{bm^5gf8Jc@y*6#yId2V;d@WnL z)W;DvBV2KHUrS0(@$qTOr9cS7T#bfBufgVPgOBOSj#x@OIZtgvUm#0_cW%?ps^))HBaIUplUa({-ePv>7v|NT-z7#?^jK6T-#baN})m zfEhP-w2e?1lozfoLS2P!X`y*D<1Ikk*I$0>pmO6T%{6zp!4@o-Z=Zeoq3f9QFT7md zh>d*g#d~*z=z;ztiUo57%DMi=TO8ngoN4>2OoVX-uO|vu$0du-v97(uRY$t^b?-cK?*i5 zvZiC*)UYAzrV&~{U841*HpS@Zns2}P()o}z3w(0Uc^A27Et{rBj{L#KYYbpRPsj(m zl4+;Yyq7}jH*4O)%SA2+eE+oo&J3-cj312a9W1c%lp5HZ#)bX*1xfSCHYif7^J-$wI1kj3iI3cnDsb^|T9wND6a~wS4 z^=j5a<48$k9{bJLpSjMs^R9<{Jl!E)yyf;kId9N@!n8BKaD9#5@1nUMYdGfg^A&o0 z(17n;o)`k^Ian79C&XdS)YzoH{i+PR)0;=ycTfyq~51WH`dj);ZCvr0-wZ_-$$PQuCmx%WDMXPhw$5jNRGd~9)u2rkHeWy7$o2O`h$a}H%kG@9~ zh$s+IAfiA-frtVT1tJPW6o@GB+oC`O0O#p%KnoV=!-fsDX3d(pp&ySmjLiVG&9x|= zJY}*ko{v8I7++{_Sii=Ni!9UuLNNZ;md6OKqT_uhTeK6?LEyYS-c?bOrH^11>hG!ihv;{N&Pp7g~&hSy}(bDg~PSXei0+FafO zRqcs?-y`GA4Sp{*b(X#K+|zc=^*33kPF;NQJ!s%SyYo+Xxn~DEsM+aUUv0qq=+A%b zD?s)*(V(^39e5iP){Gs@t=qQu#qXejUkfxYuX9JcYFBhk-whs~w;2M!fYTU~tINxR z&|#dLg#j#CATq|akL9`e^b?QU-S_;{x^?T}G{d-n5x-vj2KLYc_qZ2Hb1lxf#u;0L zE-Y0_U|G#t_Q*r`IWPv@d5?UTi>8F-I{KJyGPsqnXP$Y|{&Lsf+=C2b73~Bpr|%Xn zT;TP?(dE}d2{K#g#di9;}@GeG{kZC-H{&x4D?dF?r6JUC-%QRu-lai8sW61yh_o9HD zxhl89t}-ucJ7-g0f5R;@jvncTUdpR4JyN4qExYN)YwenAlNBPeo#%xYyq77y$Dq~k zrt4%Rz92^rp-Ws3sZQvdo3Fpv>jFE2j;C+%FpjZ6U?z469t_V|CEb|4nr3Mkh| z_Y?K(@A};!S?($MZl!k<9Z;iP0J?aOJoD6}ZqTAV(1XNx{qGwxuDR|e*D;%<>$rUw@$uHp{%t7;B@HO98^5Kr_N*Pn|l&!JD4PAFpv~zJvP6 zZny5;1v)O)Caj6#r|#;@pkKpWkQX-a5O$KWB&A*h-3mZY#xZ2%=_el%50~@^5w!$j z0Z1SR^esSs|99VT&@?s_DPZx!d9!>hY2CW5jPQxh4{RC%l-{feBbDWKPyHEp;j70U zeb`=j=~bU!Fiw(?C!YW7oqg@%%WtwX&OFC?6R-OEof|k%^!&3=`uK%>z$3LZzlfhH z4|ehPZMXl~^8k!u%tL;NF!IoY_gUYYZ})MY@vd@Zor^4bt(C`o?ZhN6JNyIhBM-pkH0dg$;{74~zm*sHjIg{n#7_-~0SH zYomi%fHDgg$a_xw*tv5Tm&Gw-MqBURr?>}TSSWnO<{CWiD^+eMzHey_)bGsC06LMs zByE~}{<$XKnPuYzWxo94Grn;UK0;=he^OU;I`6;pc5(aW%MX2QV50^ec%1*+ z_2_Q4MR~pa(hGLaz4vLX>+Z5mM29Bgb2ga~?wIp@!+Ig>j6d}?W;4dJiHLu+r;6s_ z)g=GO0y4u~^R3rk)CQ&=0*kJ2dNXHd&cWEqeE-YO-}g4LS%UhrfeYQhd=>pLTAR06 zTjc61&0nMkku5f2F`fZX4b|q7OE0@hvU{WeybS5sX^NuoUu&YxGSCuPMV|o9-h0p8 zcEe4#`Nm1w!X`L2z8>4Xk3zIx=5vl<&Yq%mM@xI;-~Un_syTf)>-OoVp0GQ9f2Z~8 z-N)Hulg^GthcKUd_UXr6|G*!Bc<>#dC~ac1O4iF+@;F}Lp8nglUUKFPnXG_)9)aK} z0ZKwcB2Kkz+0r-VO`fdiP2w}wH_gN=leJ-w$xG)hT@|W7I183{neM>Pa|Nc>y;k!a z&Hd^ogLZC8*5Vl*7GmCO!EuYp4(im$cHiP$^Sg8deyQk zH7}%J*9g32yhYBw{GzHo`pCn+S%MA6&<|N)VSd;Qt+9yM+S@h zPFlpTUb|I>n4WI5{_N9_?6M1c%WHO=dpOirn5k~vkM{-otXVUy-;Gz;>#x0{I&aaL zm))$k!qXDkj&=afY*!svG?VahY}Txa8*u>4Y2RsmPSo!5G5*Xcr=I6Vc^01RY=7&` zSM5KKJ(%rzyj-Al9T~V1+~^LVv|!#`8zb*u!dZul?4bQec(}^$Jx*{#0G_uuTzj#7 z{@EwK$i--PWXGedW5+J)k4-YZJ!g0P?nZg^r8>yctM_RF=T-)W2hr^l8KM7v_np3L z9YFucj-9RV4c7#quju>VSDv@K{_;ns7lu3XtdUUB0XP=b^w+KZuF=9eEvG*K=c82E zC?ID3fA-D-Fzagl<3~aiq3DdVuVHgKqI^$5O%LVy&uu#7)q8X!tcI&ZZ()Evit_dv6m>+8_mK zs%zS`iP0m{F>VkJKKIPy?hPqSiAKf2;5M7 zOYqBd=x>{%oH#3xl&HpQ zuF(mNnYpAM6rGPhdcPYtW`s8X)W1#R+2l?=^)#Km+{hw@o|QukX+lw^q0l_z>~mE2 zMxz_d$9q!9|M!&_%y5jN%%`_i8u*AZ0h&vS+~!BLG9&ehWy_?PzTds2F=LR$A*MyE zR;HvQdXx2p?k-To2X*3*vrTl*I!U7{9zwhUjA#~|dr&~Xs=mA=W#)3Vfiq1Doju3e z5}nxROBuOD2QiMJ%)|H$4L(weNTNJH@7=>)d$rC!6feP8eng8SZJwa9Y`ku}^8qvd z5;6VklMiG?Z22C={tYw0Il0Uiju?IVd}X+ba}!a#PdxUhd-|zI1w)&RPXasOB!vsl(q2YP^kY9 zDRYS!1fGD48?U=U=UuYqi|b5dB8bmC<0Kh-x~h-qQtlUZk3Dj?Ig!y1#@gwF*W_q&p1~&3VWbm%Lb!l| z0h!=X?RPLjQ=kRN5xshSD!yIMU@^!-_CV%bK|{!fz?rY4EC-HXdht2eru`{$2y120 zVfWsBvvBGdWgeL#Ii`-HlFo5NJ%TeRwb?q=R8%1b^%;uFpEzlX8J?NDw7GNLr5Bwk z#dsgBYeD0;iIq8q;#Z{`p6ven>WhZ2obQMe9g&?s$;b^o31^$q4s{VV_Q*r`SeAtP zjapj!QCeZ+iv9CH&4337pEjM1GxOiGXK(l96AxRaf@#yH87{u@)_VrO^XAQSZ@mEx zUSar3qjJ^BYMXU|wjw7Z*CN;5dUHoRhdoXajV%=g2ac_l3`fe~lTYj*8ShQKztbET zs0+A{!t4&g4733_BOR=nAK*LiLcO<$zfJgYtmNnlX2?Zmq)*U? zF{6KQ;OnrVLo9L~9NMscjS&)X-O~_n{2>~?S+iz#CNOgY?|S5+yDcgZLsz55a+f|oOa4_;*CF;5xa$G&BG7fXHm4^7!iE8$QcSFG){-msf;Bn-BIm37#-of;eVgj z!RQj_owt$0hKl>0c&G&#JP zIjN4Gt>bT-MV&m*I#q7gGVP-t>)UbKUT1_ zT>B}qapbo(xas;UlsbB@=Aeu@eXLSe5AH?4imLK#LC#~I-gxb0MSIRPV`tZH-EEIK zapDBYbU!HrRd@IFORw4fgQ!xRAOeg7bA^k@`NH_iPLq{hc>XE(nrP&D$y@9pk7#+6 z?ICd*=-sos(N40$K*Md1xpblCESqOBdB8%+Ql)K8M*lF%Jt`X7@yc^;|Af;G&ObQ$ z;B-Y~>xUn_WBWcLfUAnWpK|)Sa$;C-^)UIpd-ZVl+;y|YIKvFc?T$XyGNITwGWiN) z0It_*d?%jrZ=IdpK(hEklNoW;z-UVLthR02n!HH{iwEwz!`*iCRf6T^ws)-pKI#`9aYYU4^Ame1Z3+L(-R`z_bH0sZ@EDGoB(_~XtWS%wYzGO6}Nv5x)IXFw2mP=2>_`!e_I zx&iLj^~wgdaex~;exUnq&~N{yNPdgT(_wZ3{R_YM_9y#j+C_Kf+uA+m?CZYl?Xmq6 z>thY}#yUjn;5#s2@Ru#7T07x7pIPrjo)7oKTxUHKF68mgpo3T{y@uiCw}adW$!@vf zDAyK<@8cv7-o(njpMkxhX9gyta2a5h&uEEWkKW_m?0Y)mLcb|F>y6fxm%p=bn4vwQ z!MJppLnWu}4&K>=GIsDJ6hH3pEB5(Mnt=lqrvJ|(dkdnii*9*D*4SxUz`=nFdo3`0tXV~#WL;Ct`6 z!_utQS47?WAABrDe`(tY^A2Ze65&K0(SouYfLRm#B%MU*6 zVgw2$Dp9kioN}rn1&WyxwLvWgV1D9@+Jz{Tcu@!~~_ zQ4W+*X=6e(sN z>=G6pLMmf3a`EXR*P~b0t1B`5qZ!k6O;50IBYaAQ$veUoYaLpPikt; z6(o9xl$G?0^v`oen+g^zp#G)1FMIaT8HW{hHsYyfxQ50s&-69B$Ox`9ut|#Oz(7xW z%8BEKySfdJkWu_)!(Y~{m-@_^dYnf|BqK&x=pWHtQNb>|UjL1I(0tM#MkM4ipXb@@o-h02ZtrKIWlkM8Ix0H(+Qf!j4kn`1hC~|b9XzLuM%S8c6 zAD|~hZec)s=JESna~YPo9xK0{0SrID7i(IfLV1@`v%dIke&auf%NYpcFT5KgJO#Y| z?LIX-f*c${;oGbGhjxx7MvE#{P~uiLLuXM%(%~%hj?NN>R|605>g@E20HZ;?I)#Ci zsKI;&_tON|Gj*Od(cJLxxoLCsd#)L9w{LG{G-j55lV-K0oWmYa6clOC;d`t(Ps+!s${3LDKJV3Cb<7i8^8I0)^lR0c%`Pb^$#91$%AJRhud+l31sCj96txuc~;Jk_q-NaxAE zB0RlJnHi2&HiNUx=!2|tsFZZuWrUz_;1~tGr>?ID^fj7NsdAFt|2@3UZOpN2d!B)? z5ypTUFL^kB0Yxeb-is6|?2_e35Fb~;A{SAnQjkZ1{hWpML&gHuf#v>vdut6h>3EMZ zJ|b1TbM%-oMn8cI&hjp)l&T;Ze1+&XKIu;={N|{WzI}R{5t@j^k2-ZVXBuFK)Tw+P ztSI1Bt5&*xU-cF&{VeB;p^84NZ_$K5|Gd@s9MSgQ4D{)Eab_Tzy__5uE5ubXT+0MK z1HphN$erK`X{x(^(nSsuN4O7Uv?ekZgVv8@M>?`T&@bcwBJkm}&>+eV;jsP}F3Gth zb5PXHo*=neqKgyXCesf`7bMDwlXUBcH#@?j1yk!ZHJHbUI84VpELyzWjLl>sK*lL_ zNMY5ztHGR>3QLxlK7Fb=Zs1_m?1(lNiJT@{HFD%Acg9)gS_Cf9$?R9aDR8i`#@VcS zTU$fAN-FBHqlZ~$A2R8XHGu3TA9v|)5zPJjekq5YFD)Ai&lA;Kt4;&auu^6m{&rA5 zMQ0aM#+8w_7RXM>M+GDwF=pt*)M+#1JUid^7|0ObiNLr4Rp$Mou7VE~4E^w}#3~7y z@Lbe>SE*ddl`mJ;;M!-q;AzI_i+2R}Fh5Dr)>9{q6My*0oP8TLYGRSC&p-c+DQN4; z;o>V2H>kNK9yWsK>O6u=8P1gS*-F0$(V=<__T(l?R-xTd%Q2 z(od2MJ8Ij{KHv`J>IO@Y08>4&kWZ=-n7ay{{ipGUXUbNntqH^ zmV<8wbayrDG&2X4a^=d)$ymn}RJzcdG)D~kUQxwG{&?+C zrzpxEe%emX&g?4>5r{DF6vh+z{8r@fisawfk5 zC%oe|c^!MMH()3Zhi9pE?j02rWg1M6ZG@hD;IF4bs*xzxZQtXbU(6K3M;)k{$V^PzU=g_WscI07G^& z5C4Nh^&#r_d>M6*myY_@n{SoQ$2(^+4~90GU@oJ=@i-yLx1pnQ55ILYIMaYDnFNM60-lFLkfC4&lceJ^_})@Wb!$$>jJt1DyLOxzGRq>)M9)VxN0y z2DCf`1hGoMe!z=dYv-W@0OoV+d&~fwV^*RI9oCd<;X2psdZr-BudJ_`b%EeQWkYlb zL&;JVrQ|Jagcd>q(d~H6b#^W-1bLyN(C}tPxdJR1;pIziMc3&IijRs?LLH*0vY?DJ zqljvNnWI3%d!JNR5ETrYe3DKMrPi#OtKF&8=p}NR zC?lgq!VxoQs~!X!gd_w^Up!qbsHhhD2+b-k0~QK*zlrd;Z{uR_)v4sv8vZQq(ABIp z$*fZK(0A~YKJplKRfzY-Db5pIsXkI}zV#j{mg`yMF?0=QAI{E$uF&S53eORd$#_Vc z%Os+Vz2L%&b>{okww4(gixfe<#FUiOiGa*pGLHoc9BgY&ls3lSj79UTU7q6)MJPt_ z)6P0yhTzFo2ekQ*^leXl|3}?tscg|%0*pZcD1bQspC50y?qMU_qPuALPXH^}N?gw$6^z9jHCrU%8i z!H*OZ7+r}1_L&O2CoA=*)~sQD$qmkeY{4h6zfE|WRJEFGd-O@l_A%1q8)J|$mQ5h| zw^YVz95)s(US#7W+L6foc1Is)84rl2o;YEwORZhol!440b(btvRyg8Q|1l1XNB7?U zq>YoTEXYa7D{*l}%y?my>mNVMeEM%Vpm2V$=hH-C$I9NHfo!=aC;YRXx#9x=nX_ar zo|fBWR2(*N1OOgbQE&q%M$VPRslaHf6vQ|}!B@8HJ_f^R0Y)-pe7XF}>*Wm9#v&?7 zOU=32#f3{0jG)v{KfPl_QKQfNW;`CM{CyO|@IU%w{nGsaYyLTE%q||^p$&?fm;VXI z;N{DgSR^GdeVO`2dT3+ zo-KJE+%H(LkmQKs)~B!*249&S#uykMSH}8Ae;8D*u$K9JUi|Rm+O=m4W!G_Jt(b8$ z=m1?Gb~#sQk16;k!kbAmxzuX#{{%RI zX5MtmU8WGjVRmuGB6Co}smIH*{(1ObsnYS8G}ap_?G8Yu!hW-ejLhtN!+w%mw&wQ4 zZ~p;rH6nw9auqA--9s%Jn0GiwmtzZX$|52hI>6c5Md_FNV!Tx2vbj|)2WwxPRWwQL zJ((9A6LFk`@3C)1Za`@n`o;U;diCUpJeWDxS@mUp$;LU=t2r)Jrjp6#(3v%>R~erL zAB=7YH*iXU|3Viiw3#_whP&m9sg&w$`}hh*sj#az)k9hE^~qx*TwI#;YpOINtWBzNdR^X23OlgpMFIAUz; z)@|;iE}dM>lp4l!z?qC?GR(@c0y=?Q0B!}k2rj}8!Iz+v=U%|Qg2D|7I1e*q-)FP} z9L&TajK5?6IlO5zH%Brn*$ljck;hWn49{k0A5caPUEJq7ZH2%Q`a<2g72fAL`sFhU zc>NiDqA;e=2KD%Be!oDSv=go~4_phsc`xXyY~04{t&08n5B;KqIoaj6?gbhc?(=MT zCb##v#+Y$P67{ppGl9->&x$GyHUD0{+^dpUO>4c@oc1}&EiS&Y@d@}$s0%#}avaM9 z%|&+GAO|35GJCeLZotCImCKYlB91{=Cbc~p5PU29^+qS(N8fUvCjiHo|6(T#C-@|!1 z3Yb)xF5Y9 zt>dqL&)i-7)oKp>_rtHomHz=%K$n>z~Q|}ws~jctV!^U z%zK0-RZX^3$D1~;wFq6_U$k((t6#s76gl}_mybVmmtA^+c}(*jj1a;LA)zl>fAYG9 zC;x z)YJdvo__W}ma>ZtK9K3 z7=Az$7|S(RU*;~q^g>H#$M03z01M=^`ipXcxx_d-T@h|8l&+N&nw%{~A12F#9cBbF zp%7xMj2+>LHdZN(D+Z>~83jK-vDHQcyy z0VYjrD9jtthcG^MEURzahbj2E^-t@ztuJdbKYg|_NQ_-awL4b*`B`UVwYC&vj425I zp`F<0fieT0AcKcE3{Zew;BCUV={jd^s(Asi#=0W`X`Mauo6Uw`hsYXWiwz-XTu+=h zN%&sJ&g81jp-=_A4?(ZM_$`biti zPxgHIGuDfjEFH>1=&_dV+Fy7yt7Z|dg;x<#61QonDOz{(u?HD)d} zw;;btv^{>K$YecOV~lg821N13SU9g314Zv%-QC3(o@43kZBwZCX3d-|0eYR*F<#N% z4c(9-Lv)_&*+#$4JWCNGKM_4%(9ZoEtY|JG#ZJ~)dt?@X4*QLl?-Tuq6|IeUZ$7~m zv$AyQGULyz;TEMfo-!lN&73yD))X&h3V59xo%TYR=clX>XF1Q3;k~ZTA>`g-DSC(s zBuy%7bN+e%lEL*m!Hnl^-nqf^=777jgYrAT51$l+XMKmq```W(BW+#51?TronKIG+ z`>a#lJ8!;X&+{DVns2)GcFW4qxzl^@q!W&I9EAX!aBlIu^hN5cL^<^r*=3u^)lwPB zh}4=lZ?3!Q%1hjpI=>NxJ~RcV0}!8nA;Vy}rQoQLH3q>W_yt|!IdEjSqL{{x<}CC? zck-!cxTVY2m@yoD$KU`>yZo{XEvla}t<~lzxmuD%_R}trPi!7Z%e!Xva&s_avqTge z(Vb(*j&)5BKf;U@8#in;IzsApQn;V0)W6qVd!_MVoVUFE6L@x*Pp=f<9<&&q9xMA` z1_V35{DL>S_kLcoWT~4xJ{L==T4?4)aU>M8B z@oag6^G6rzywG%|uf^G{p6DNGai>n52|hjVAgt1fd_2+whHLgBMWk=rOm zX^*}_gGjM`dB;2Kc#AK;=qZ}jL0Nl-N^w%cXe+6Nc@|tIl|4L=vs;mwkl%@phR-4+ z(FVoSD@EKWLY(jX=^vXHdmyj>gRrH-TEmYhVUM|7P5|sNiQEPbmakaprp=tACj{T( zC!2l(&N3^|w}J;t;UGE(oFMycRR$W)cCK6{(du5Dkztu;xZnAs_ib-BS4uASM8GUg z69H#XUSJ>vcaxJ-%ve7!ZLT}xv=iM8*LTc>OV-!Jx5+_rK&ntNLGNrbxlLU%_ye}U ztN8c?!FqkeWsV~OpGX+V!H>zLY5QRN8<79dazXe%~l`7rt2|gGz&cevyNmY|AYIcI;SzwIx+8K&^;=KS* z^wIATGyA9d4%YmH`3m@h!x9c*@HXa+>{ZjJj&~ieyIHc`^Wx1ZrWC~?33+1NxF6MK z0~rU(n*m|o-023pUM^4?{H;G3Ukh@Ara~=e!#Vu}0<53#fw~u$ftY7G!>oUw;a>-@x zvP-Vi-}&zH8#;?W@umfG=siTd0a}@sKF`gU z6BTEX78D&r4n_CGF+*wd=V`ya$#9BvwM*ofh`d2rDZJsC<#N`TtNkW2BkiOrQx^`O z&>Hk=95XUUv~Xd@BBK!-H*HjAz#=+|=|R!g`r2zuGY1)>h2~4IM}G+LFnS`~jTZ0` zx=)+bOP!%l0asV9TIFWXRkk3>ycFmfbQ5Fr8p$2$niJ>~`_?&*xpgGy0Y}4(>zWp~H*~nizeK>tr}2pkw34_4cga z6Zlqe&dz?`8ydME>gAIc`b%AvDkaKMJVDuKN||#h zhA`xkQqozHF$Jd~oKA7rr{I`~5g3Oa)+?;9?_FN{*Y9JIwI+-m?HV_3Vlv4k7oFp} zckeE_Z<%}Mxu+!WUF0sk<_g2p%Pzmr@Dvy$v(uuqxgOTUZh+DC3NRwm4YYlcotj+7Z*uhW-Y-D)+cWjoFx76kD*`D z-+V`2;4>7DAKNo=z{4tZ0{8_^fqmqo%2leGOw18*QGBAFP;c1FbB%ZTqaI+8QZcTQ z9MB7DE;m?xWZ}fPnWRrL2BN12W)tNU!4Zw<yuZR#{v)&g7~qE^(J#c7b610(Yr&4p&}&v3ugF z#{{p+xT4H0Yjn&Cd}+4m@1^2j7o2yY8#2OYNyIp8ds@ky(C8)l&5+85L`v=Y)Dm)1EoAnC33S48~3SNN&I1J$k5omnC#jwW< z{p5PUX^+=_?+QF}oj>TB@p84#GvIR+r$b$P>+`o7nY~r>0aOnYj<8X!TB3P>oP5gZ z?%L~bk)pG*Mfx0dR9i*pG!juvvUE?aTeoz_9MeI9LQ!LMRVv5ZW;{A%6vHeaO4_^b zd04l0nqp+jL+I1yEfi5e(Xla8D3W)fh&Jbc z;i-jUj7=?q6yEm3h7NIfuUvT1WfoaLo8{%nNIJHcUw*+-aN*g1t_W3!4#(M9x&Rx- zQKHZ=@HCazW0$U<+4zV=CZ*KeIWt{drKuV>_6LikfWTv5nW*%twdyvr`8`r^dK)8NPTwkJ zT)fgpGq3!aK&N?QGtWFi)G6Ha^Xh#fNCQknGyP4UpJ8dqjymdS_pg7StMt)l7y-95 zY=RwAzFRG^e-4Zp@UR8`lrLAp&g?>&dd_(l>nuJt1d2Ae{xTEdNj**q^$Ubs&6+hg zSVp)-Q4CIp0u6yFK=f7;DCTxp;$y}Y9-$@H4R z-JH4e4CXg(Tw}BZMQz67720@IF{4K{!Twuse;|RZlx;d-CPd4i5rR39s`i!FKhm{> zZ48{d*1LC4ci;UFS)Yiszwf~(tj`#lGDL?4^#9x)cf#pF{f~=U;l$#?HCmb3}6n^zGsPea_|Ti*QzW3R9#{&;oFj?fytNC{5?#rjYB@^-J4)u$kw~-8r*oXd}JO`th*QCVk~^{(>cz zk)gve#~U0$^D)vhSF_~2QeUt~Tcl=u`l-k5ykeA-*Is{{d;PyJm|~Z{@fRyz0Saso zMa{gOamMK~G^C1G7c-CLD=t3Q914iiWrKQE#~Uo7X}q#x6f5Grh{IemqX^vK5NGUO zuP7s;4J&H>FmMbT`mL=g@<9{vt2f_%-wgTi1>j`a()s#Zpni~&c$>j^(W0f?@|Eii zep&w@(8FsCzA||Z*YQLpCGB!;3^?K-Ik~#Efk6j8j4}ycT~?d1w(_{fFm~SgmzbiT z@e@Ha1>^#XL^pkPGt6zTM5p#lQD4F4jr=E3>+;^wR28|juai8_HL}^i=z*>X*xw9t9;i9C;m}FRho?`%7Baim@gal<~=;$uG_zG>*;*Cc`%YkXy z1YXWQ=X`h4$)^b>;|)H?j2>kQy+9+5JN`tSMSP@1uY-@IhsXE^E+dcg9P%RdV(b|> zaG)G`&J-VN;%>X+KEsK`#3Z99(EHV^SK7Q>AvyIDWsQLEF(34Wf`J*FfM4LaIsE$} zmH`92D56J3NuEg1-sHrSPSx=zO-v~c{lY0^>GHM4%Zy*CPIXs?WYQ7}PxSu0^o42x z!!UabZ_tB>R!gZTxx0v^fld|AFQXKgVC>mk38AscanV7Vys5D>ug|^shSs-$@rhZpX1LEk z?`3iu>v8;vr?^&%IFA?n<9x?F0tdkDmdzUs4-Pq`h!n2N%!v)>Vd{MQoe$-(TU>RP zvuBud;1s!;wY~k$`|LV09$7KiYaQOKrSVc62U$zxX7-IZK(ePqVM6<1Ex{k^MXvou z$73{8Ds#@gfAjrbx?WID0SP*Tdz9@{Q8=Tdd`ta;wjg7HCq%_BU%p7VyFqi7ARc(D z;S@X@Ls7_NMFtG`%+0snWoOyr$bXU?4Mwn?G4WsBdF z=QkNqXI|_4=@zYywAAo--TRQiH+%7gQgoBbcBJ;;9RJd;eFrbq*CyFJ8LZ zct3oL{rtAAQVL4OM6PFkev7os%s*aOIKT+_GSKqdZ zp|)tz($dBw3m^kcpD|tfyLflB_I}W^AH~a-Xz##&1o}jQZn8gQ{|JraZ1#3-+xtF^ z{=sM_2C|llen#(zp<^KBMvNS0P9!I2ABpqI)M-<#U1Z*qPCVI+ zlmux^(e;wr(*(X_9r-)|5l3Jgr{s9aOmn z-@+-0vTWI6)5GCl1O4NKputy&LD( zj~_oueJpIWnd_@HHuzqdvK1sF&9(l}ue@GZC*RLQ490-x8q&9NtRH$Y9QB!t3}t)+ zrn8J38X68sty;7;S)Gwqsa(a)o-<4GVVc!R>fB?FKGx=big@vyv^lQ2oHUzPIYRX< zaz~3tBKwXOE}tma#wZOAATwf2t0A5FsfxlxuQXCJF!;waI2^Kv*x!YDLmn-wKm=eN z9Ubt7Ar%Kl^xH(%7LoG+-`NLPb|JwS&UG9!1wA3MoD6$J=Kdr(onR?oi~51Lq@)yk zexG_#$DHJ3 z8P&xXW=bA!(zvNP;FDnj{pSyoX>mY8Q2`8}b^2K*drzJ+$@mp?8yirp{QWb4jR<)h zoC*62aMN^z(r3X-R*46}W6;YXzk}a6BJsT8xNu{`#&zNiYYZ2-jw1y+wGDy|@D@i9 z_zn05Z$n;(Z{QpQj0CwKnnD!vzOXaJ48Wkj7#RqSm)D?y{Y)r4?zrO&@PPjs6(pCtW@;19S~-wwbF5KaO*Qq>xxEMHGqx6jcZpv`@;}mGZb} zb3p1BkN}T)6Evh~jH_7MggWjoCjzBbs(bUb=iEa5Cb|=)A zg78{BrH<>_qpNxKUU0z$275#Z9h-^&jEX3Yv(G-qgdrk4*?{2r2}AHjse2{Rf$s>! zL%)~dv}P?M=o7SQ1eY2&Zsb1i-NT)@{WMcVA_?Lv>Dg9~&q1h19O3Q0A<2 zyyr;G3A3Z#eto}iZA6psmK>x2KMB&xD z(fWlFm~#f9br_MrZT=p6{3$c~qKKz32W)gPGQ9WB>+aOk{$)mS#{b=SgLNKcZ^M0} zk=iR2EsUFURWWjN4jk=ivW!lk7${e!sODmk1a1t%1xy%Vd>F4tLx}MgLjZI

nc= z7a%AT(Tp+^WqeXqZ}6&JtESF(?PW9=XB)=Dd~t^34QNxDReQU;ZPJS@K;65i>Iy-JoN6>!<>R@rly)=y=v8}W&~!Qwn@OMBn2`GmFd%_ z8V{-8sFh$h+e5^Gf;0gsXN(oYj69qqByamJ3R`JvmPdUeU z9~)!#pzvx0dZOCcT+N?f+Tfk@{D{zl55dn$7As(z#QEv-?Dt^tF<=L$C=>^?;PrCS z;C#>`+L(0d{GKEF03%E}MGz6qJ95M@ITnm|)l(a}uY`*oem+5Pt&O8L4@3fX?)1KE z-{Dx%6;ho4DtPXXuNPL zPDWXj00Ke%z8$1RnkIfu#%ljw`t5r>O-6R)dfKHW? z8ifHg1KdMV_2uV1jYkskilPWPfb-wMwVJ6ZHf|zJaQ5I`WCBl5mbhB=n#dUYogwHE z;=S;Q#Tvud(WBh=-wzV~XkzjKdk&6esaz$|=nr^;!{?1R;novYkAH6HN=p-5CD%t#vlp=b7#uQ(%jAaX1Al^2wQyn^V zFuAkOm%X#(J@}T#8>jVC+ED>Kr1}RrNmM9bQ8HRNWpNs*HR)sLvm>7&L*hJ0F=M1? zC#j&Xz3xV%$MCzHd(2+Ko1>(RMaCq91aJ)wadZ#`+RA7)1DF~^-~Fa}+Kk1&o^t5!H< zx7NaUoPdY~Mn1#Q89GzCbVZ#X{-r6X;g8@C?F09uWKPl%L_I$J*kBL?Gdz0IMD51~ zk0>v376YDeDCYQ+!^H1buUcgeeyj(Ml;8x>V4>LlUh?_d%GPntxffez9TcTFPO$%G zo^U$s^6`gu^b0aDG60!GzSI62T!$Z)P`ki(ob(US#)S*#+n%6ml8-`UzQ|gG41!Ub ztR&Dg`17#u`x!1DCF4`+(q$B7Jldjx6BConNhS0(_8FUj{WAklC<&7=XHl!2G6e73 zzSJ)LB3b$8pH~Z}F%J8^&HB|V^{5QSnFYfqQCB$1K>t!iztTmIP`X}x(WRz80_Pe? zcD(!EJC%)~hNY$juW+ISpTM1RqK)7$3i&Rde5?SDeADZ2K4Hyu9Yl{F=nSSi8OMbs0|EX7=h6V zpvNMjxJlzCX2e>pJpeKfd&NZUCvUo;qx;XRZy5huA-Z+AoZV{Is_pK1_*!JG7Qnjoy(ZrABHUeaBgrxhO4JYqafkiMHLMeZgue;r+h4 zp5~l=8&232v{xH%`WKYyj0>3oeI;!`C#xm1M?fc2z;rc}CQ6o3KN6H7je60Ypm>K5 zU`Q)kw1lO_h39Y`aHap~f_R4h5p;r4`6uxM(mc~Hu*d!S^$$0GxO8cT^^5gE!GBnh z!>lfN+ksH%riT-Md>MVVOg@4i_P9hg=hs6RWO>d%tA{jSL@yqBWE*o_M%DxWj%d-+ zz5C8vChuN-^|fZKW#87k`4R4e58t!%R8KqY49(|CtwB-aZ#YPlQNRKQO7Qvid+%@; zpL?P9oX2VI6>TcrR4w7gn{T~t^}>gNtGrNl2!4=P(ND~sGsEQIDpjgUpD;mi@1ttb zIVU6}nz5AZl9ejgH(rh$h|!6AIHMvHpr=9x&&XI{y1t4Pgcn;k8;%g6I8(;k)YQ7R z&!*l|31!WAMB52+j3CnsQN8SA$YzAGoc%U%%QNUO!5yeGWEy=48A16=POfR|i=zg0 z^A0o%oWn697^j(ka1B^M?!o}gwF995?>-ejWA`|^S@VTViXM|OvEN1R3-FGCkW3S` zYSpqiK{we*dOhT{6HYwY=)fy4J@0O~?k3aKq)CQ8_Soa~zB3&l!7}ix|GxIB@r*0v z1YE3GQR7uO()ZT>5Qiqt*3NRUI1ncDAJRvhGPeG_ML3vXMtyJ(=OByR7wuwS1blB0 z-$F;g-VPld*?1EZlTFu6FbCh4AA$}rP5Yi&Mh~$cvi{)GteH~995{q{y1e%%7~5B@Xa+!Tkc~xu`^}f!>#uIpqL$DC$=h7apZgda@CqrU zXrFcKR@nV&B9gyV%zI-5@34S(+9tp$H72lW(|Ua>ufEDg zrHX#&(dR9#7Q!pQWzhy=C~W3$zv((xt$H;h_$XTeN(3hqY=Z~(Q50So6L27Aq=Tgo zoV)vZuWnL+e{9Q-#`(G^Z`P?`{sXae2f{d zzBn;bJS*4$Jo@n6)>k~G@KWmE?+f>Fr?-X72~uLWac{lxvdyJW{Zd=T`myfo0bh#Q zl{1EV!G-smvSHxY{oJSBy1EA*eAI+{(yFanw^9m{L}RA39V-Xc3?Q`JclQm#OYiUi z{2}mD*Z`pDBFZ3RL554Jo@@phXhqJo22a5W95tSN;t_2Ml*&$F@Sq{v>RF;tdvxSApYXSnZ&479OV z5yN`+>4zbPqEi)Y<1~BLbT?w?H?BmfvNGy!G}^#;z&D&_`hC^g`mj}WuCP3NcWSQi zdMz)b)7UX1rNr%TLL-?9X3d!9KKrzj?j^WnF+_yQmtTCsHeYPKpgol;SC!CIQFAy= zO2q-9ZC==9K6-TTV$nhuU37^>W6}q%^T&5+()8(5-N<3zx;Ni=NmKzkjKJ&bEv34q z$;dZ+=wNd=fmT6F5b#JPMY-d)YqT!qTxzX`?xh!>G!Jx?*+g;ol@S-lyng)}>oat_ zg60@+E!OS5cm8XN2^5mRLB4#XRxD(+nm$5*d-mw!X|UQZEpO1K&D&arhW>qfX}-(4 zT6G$m(c^)8Z!y7~eo_B#d5m@U|K&fxI~x}^fYZ`zO^A{| zSjy!sqU}E^y=-&MmrwT`CeFi1cG{&|Z@EFjd41vMDuX=~!?g8rr+00WMqSdF+nP*O zI@YJ3eNi}fxPAPDZIuj2G5z(9+EitPc5h zfbqxXimdC`_j4JCx*J_VZotD9ynsic-1xNXN3QF~?|T>&{J^jAE~cOmfAX<=O?d&o zuTitU37(HXa+fx1WwfDD>M3pf5`!r3{zAT1C!lC_FH*Hdf?(*hmAfD45B1 z@Y<^{xYu5O!qshfglpWajUsa=xo-x1VX_9w80Pq`H(u1Z3+o+a>`*HDa>5JFJf#1Z zUV6D18(23S$hZcLVU1`9Z%ZPrUwPqC(bt+52_1(wu{QcRyo~u_nAN>;!&)ikOBx-7 zMo{0Kw_TfwuZ`SWf&Y?Xdm+2 zcBP3XnhgcSFLIKrQ}1xCiQh=G?iBEkZ}unU!+lcX)~%~!0kqaA8PIvK*?%g^W zJx3--#+)>1vU}>8=fw+}W#J$77R0cdkzusqnWr9-oK{i_kd?xxV%9etoNCLl1|=PR zeei*MT#Xczx=KebTFbcjjxq!XtIi+2B^t8Tcm?m$}|J^s@y}eA9*s#I#BV=s){L0JE80>>1^lhqm-ayH+$T0Wb_n6OC zp}hqj$ENVnW|V!+;BWfdkryvK|F{{|kcBZ?VI;)Rj3MorC+^Rh2V`($mt<{Vd-wX( zeIR;LF^*^)BA^y%V-MeBN-3VLDE$8J+kt|IkE9TfHyGiV2qP!}RURz?=Gpw;b=!5WbXm!p z!WVcubQ5}(wZ{}qUaBaYBt^*JY@4mX&%_(i&H%s2eh=P%kLY(pIX*1a8dTC66gQlB z_2s8c*4ZRw#i4?29DLxD4?g^?87#B*m?-|#FYo~#IAZvBn#G+m%5N|jL*87ya;ar2 z0d?VbciwS}wYhA`BEeL3tyR1!7@2UP+`?ah6ZWxB zJu$-g5qQGf-gfiVQoN8FyQ`TGx&wGBVIa#GOu4K5nRtDmSAGpJ0MD~{SE90}NoM?B&Rb_Hino9NuOyGY>^|w%%Xr2cZ@wmnt7Lb<1sCaf zhzrbUg4{Y@PRC?bOqi1*El{Co3ycO;>lDvIvZklkXFcJ>*_{<6YyA@4x?!$phD2 zd!w=jwReNQ|JF6AQ_s_N8z1NW`gHX;6Tkk}f87(0K4p<&jb!j$tf*leo(IZ7_T6!tp040=bpz)$22JxW4w<8$@d=xps08Pm&{bzy5vPH-o-$_uX^9 zYumP+>o0v3ycK#8_>WcgH~d3;@Nx{SM8?6B*lS~4T9LNQdN5C^`3bThU2?LFwnPWR zJ9uu&)CtBL>eg*yw0r!IKbTxkz)j#)@F5&Z*_StH(9~!*JZpY>n(AF5+Fwq5uBNq3 zz3kJcPMv7H1*d9c26U*vjE^4n4#w50rP_6jSwkx#ym5$BdwVV*b+7=DH!mm)mZ=(~KYwJanJC@%o!( zG);81Qc@M8_2Rfn zl;1|l%D@7SY#54a*J)@@5kY3f@odKQiGrark_~(y#_ZWs}KW8NMJV0sqiFp{1=CvL|?eY({oZ zXa)NZTT9h|Zh%zi7^}b&!vpmLTq39qT*k2vS&etegl4e5zZYWbZ#fP0fFn+>b=h_>ta_x`mpn#X7TuO3^tDKD7UeO#ONn6ey5F_~`k3Z~= zQ9#Y?1)T-(FYVz>X|46xE+ z-fjKCB*6*J=yP;zOVcJTjjwR540>`LF)-S)FGWTta4JLDB{1x=pU0^K!|p;INjPWr zH1YM?(ubwk9*XQ0)IDRyWP`K%;$h$-u!0OfWBO!!4t-XD%fC3hU0#nFfFskvqC*^O z*K2Hwe7d_N(i0YE59SoA{X!=LK&bNa9vZ@Kzv)YZf*4_E`-2`Fhh5M}y| zu?HcA%^<=S>>T4Rh4fblFZ8Qy{)*Oj-VOEBFE+%~&o$;K%nP5@Bw&%M$NI00EfNC^ z1TW3Rr0RB^_vjnmdFNelvHDO^o987Kv4>!YF?g`NqDLvBnrB0ye)>u3ii3+4GDSG` z;28zO^+E>%Zhk4EYKwVExvcitfJ2yh76Ah#0@vv~pD3vqH@}%b5S6*c(}!`u_~<*{ zLCX}$g@BPP!k#3d=Aw%)xAzg&M=1Ayf+Cez5BeG_2i6P#Yrs*<)*TFA=soMmbz=mX zzk!J)31h$xO0%464Xm+gMCpXrZ$mkJl#U z$=pX!tCZl+^dN;1ZGsy-$A*gW@rUxzx8?ByPd}I!w1LzXfvzwf3@yBa5*Zxx-#w0T zALj}F5Ei+Ip{Qzds`a1xP>$g!LO(R?RtMjCH)p@-6PrUKWfm$z;&q*K4!$x^6y}OC zS#+^BXly)xR!SlsLAmPd-EInP<|y>v)>-e-M+!8VzVe5Xj+$9p<`)`DeHdk_4@Mp6 z2lG-TDcR^Cu)%NE3n<#5_o)X1JI~Wrlm=rk3~S)$1)*CsRnPL56V~YG|M$Y2u!eZm z;!)1`oJtO!VSSl<@CLjER{0&^hD{p0!*E0}0}g?+cpvjD>p{Il$kIkwTi~O0>oSUH z>u*tmIe9e-4CsZ21CLAaIM&(2fQRwGAGwAA32e~kocKh$coh0~1wTeVyoWu{!$Si< z<2U`rcwM4IL!)cR7u1=B2Xg)buc;4%7g;#S-r=d9hc0l6`@nJIW^HXl%N*d4P@^Vz z>&HdC)y<1h$~^E!<6zE6-PWRI8%0N5X!Hlim=VK=sP8fqs9p`!=AAi0wy4{%nJM69 zBeP8?Z80XI2lx(cVr=~7hOZa_0>1K0tn9lP03M->L|S;5&c?qe-?Vkmvt*yZ>2cR0 zSz0(oT?GUKM53lDDh}BW9OOFk9fnH0;*nn=_e9fp{A(?vrDR4amvX~DGpI@y26iwm zsXG1TGml#OK|P$W3a>^Uga+^o9`e96zjx-_;lNR7N7#fR8&k4nM)3#H@M_|1^o#a@ zf1I3n$H|E6`{el`>%f>$vSPf2hENK~ zK*erLcteAlsqn;6CsRE)&6u z{0A=$@X7t`y_jS~(fxxCQg*0JUP5$FO*!8I%Tb=i7@+Svcb2pM6i7f;_US5_Q{XTs z4`l9k#mW3ib&kWfrYYq_azVo{6i*xcvqI9ZN zSCqfxaoaPiP4EZYvv%|wTE;xECOAyd7C1n^agxHxBEWU%2mRw3^BQCXo~NL6@=g+K zheu4{#UYAsW*ag zcaV2{$?BV)gH{-$&%9`qoo7|Z^iaEA1JVCO4bCsS^a|C*K6#_jyY1V3dQQ?cbB##F z3`NYR&75Hw;>rvENTm#p%u|H!FlEKznUhXBRXD25aCY{tbONfAG@fJ|xb>Dhtc`8T zQUE?$zr~Bt`OsDN`_PP&75#;*f}Rf9xrz+4&;a_!AN-xRaUz+k%ocNJ%rJv5h9PJ< z8Fr3n-om28;I&@n0H6K%zWru^Yj$`uDTjY@lO|8pUU$7c!@LlU3|()a3_%SWG*bUn zpNx|U@to7X#ppNmVo$5~U9Rg#} zg%ZJtaf$h#Ib(|Ea;Nx670Wb+tY$P-JcI8Tg^@crS_7IHXf|`gJ?05njx_g&a0=K% zcVd~`B==r${zW$b@N?z@8HMk2)8@FZys=zqLUHT53A=mTAco;X&1ET~`AQR){35_GmAi-j* zWh~B+F$wtr{007Sj77fy&ae(#2j2MuM)}P;u$a)I0P6;QnR5k>{i^n9ll0F-Y%f-% zBQU%|>1LP6sgJs$Ukw{IvpqY;C?c7u`=_5aNFQF)u4f#)!04ZrQ@EQGc=F21?Anh^ zaM!x{WBa%ZZKhsh^eNJG?Cak$ z1Afi1<&oYV2Z*8y-XgOWJPF(ZN63%`9m9DPJjb?07C!-v;W!RNtSgQo=p@Mcg)RhM zMjhZ&P3hBsG0!7_MFN_(={@NS_L1?IDU2C_a{(j-F&37^1iAU77@Nub&4TXO!6wz; z<38V6u=s=|<$a%Sj43@m&AfNH&O0D;s22ne1bnAFAwyj-5WfM=uABD&7B=D#j4UdZ z*)DbQKJ_8s&>p`-od`Z*Otw+Y><9gZ5oNurx>4wa_qb1?O|Io6M*K!t%dKwi@tzS| zefMMi#Zu(*od_sW{^8-oJj2vU+ZAn_I#4EnaDI#k?_Mz-`W^aZ{SY!TYsMh;Zn(#s zL<{XvH-9|CZ(lrX@O>9C)@ul4ll0}dLlWi^6P1`$%hK;{&_-~!Hn?~n!Ki#c<)N2Q)y-A} z9Vzrk;aX10W^jgn1-SQco{6KXHyaQ9*a95_UvttGa4g_`=ofvY@X5R3KG(d0JBo9^ zXgq#Cbk}e;yqmLMTn}^q>#y4-6ffizHN+j2Ogs)unE9b?3jL(`K6!&)=wG-_dz37C zrSH+X;6CFI&rvsH<~McmiK7bFc@LOCxb($$a(6VCcdgybx_CddL*4tfL??0IwzRiv zXKtc%YPhCrVa5WyFqdpZ{apIHd}obNU~@)o-@ad%@J^&Hc!)wL`aWxIYs*^cyVa#S zcE_{Wh@qH|u4{Ci0o?FA%**fL6VFD+>g5kFo6wiQ@9Co+wf=ej=#5dk#V%c}PtWOmG z=xG-I2tKytkSW7@;$Q^t>({T3WwG$lqaMD(`vA1T6mXz=!A0KZ4+9Kd^?VNn*Z}|F z!O(2_2d;CS?`+oCgbf(b&!WxwO$mI_;8T4jRV(iV+zKRAMK$To!WhDRa1f&&&jwkU z@1gKK?a&X}rFgy?XGzXes-)s9edr z0gn7!NA{RXK^o{Z^-`E`_LnFo=qG=?PZ7Au0P9mifA!TDN=rRoSsvmIX98T{;7mj; zshEl6g_qK9z`ftDrC?rt^ef@lI@AS>(VwX77REw7!FieQ0Zw-1fxcEh?rglu=2N@k zBx3|8qs7m?msgiAS!{i^1qctRe>ii%BT)|V>FE=WX4$Yyzv-vPcOQkuZ~naF$F6u2 z?FaQRhG+ry!4(Wgq}P7tsYi4UaT__A#2X*y+QbRt%mJ0T&#f>!*%ULkCt}xPGw@eu zKoBOLkiS4-85d@`CJCRoE8EAp;e+7=&K-;qq@c2LXnzY4Kw*BUjD()nd*}rI!8v#` z_ySFwCgUds!{U4Iy)Ea#GUl8=LG+MRoVBvH{f7Q3~v1I6i_lpk@1`&~LhqP7|XkhIO(nK-ayY^!sV%VVIoLNY+A^2&(g-_saPMGpM+mAmfrG^=Pc^;>-^Uu3L*+3e& z&L4jy2g}Xw(n~JaJbB|K^FkC|RUP95egs1t&Y9dp#;0yz=$&`obcu;c(rqQUdFk_% z+TCXeqMiL+L{)6xK}vIA3D}?znG5{l#EFw!TG~u=T=!1qJmL2xzzuQ@&LF_=iWN&t zhAJt!3Vu(?nq%Z6{l^?u6}*EFb7oIBM_KO(&E4?4hkFe4hi1~zAY-J+NtJg=olcv` zggAnNBa0U=wE4$5k9B}%;k>tWX@)y!v)>OGF;hc0{eiQ{_<6lB&&+3&X3gD~Uw&@s z#9Oy*r{f~m8txVsZ4Go5T7QU+frCzD!Mon4uy6G1vD3{?pX-vf-Z+hP=y0q>@nTf} zVa#ap7mmLq=tDtfD$sg@f!Kqx?_zHI_3vwRu~w}*=76k=hJW0PmHjjWntT7Bi6Ggy zr}bx9kR<|KfbYL%>eb0ui=zhk1b(oF=p*1G3l^k_4kR1wz(=?TERxC{2Pb$B87tX4 zQ38Acv-<)T{<;D99|)ge(!+#@Pg@cF6Ml#1!gUr2B7xTr=Lt>FSz;)dNyCJ&K?(0b zLYTTNqQY;WN(EswUp}Slip(uE2SGCsZhJ8D4{cLIec^X_B(xja2*0@>zVGhcP)B$- z{0^T1IK%x=ANRvGz9Yn=FeH^KLOv-_NtqHhxF{c(E1MWzP+?f~i)TW;Spo`7FfvKj z4?P>EEj&*>(dYP0iC&9-_jh-_Pbxjm!}?+55Fz(QDO}20Bp^{%^bL=y-0BE*9f+Tq zAax*ieGh&1xDp-;xDw!>>p9ml{Eos@c%OTuW&B~(aPvq-fC`>?;Tb-|yScSfM0jBR z2*Aq=z`kIM=V>GKfmsuNPa+))*TZw+79-~#0ysv>X-W%LOsSAis)kKW&UdocHgmn~{X)jC^);(R zc~;iN%rBuo;d=CUScmAf==YrWvta-}>1kTDkD>q3YY42&P^dT5$>zRLp;Dn+{?kvA z@wf1Ncp&F*Uk`N3Kf!&JIyiVuRf;y|83z@d*g}8!{;jfpV7S1^ivB|HyyJwgDD*Gd z-XHlM`uR`zWDfW@ozR-T?H}}J}@NBpjuK&?7h4=s5 zC-D9EmFQT)_vk!^F^3+7-(gO|b>^G*;8QcEO>rZYs+l7QEY!YJKgRWuk{gTv=tP!5ANmUGyPZXrKRLB{l>5 zat44~Xu{li^W4Q3T&R?-t;8h?x)z7mbRP_v=%&wCq}lKl>cSxX$CaI+l0 zhr56O`y6+w`i6r^a&mPyREF61-g(2tCnf2;$gQrh`k0YE&$VjV%Ifzrt~Yu^yK$7l zNtLL^(@#CqB`KXV{iN^AA^oOcl%s!)55o-i;03*U_0YMhE$poElp3k7md-g(OPlMy z9yq`Z4uLmVC4cij=t3}p#VMMT$R>`$!^sF^ej$yEtbiPi!91YjWZZ$CGX9k^u95{I zMH&7u3bI!ujM5PR06+jqL_t)Tru5J}gFI$*RSQVn82PXK|l7@*^o6=JzE6UN0=l0#e}1*9y`G>R#jQ~VBN8TS|iPF!5$s14wP zOb^uOqm>n`qw$a;nv9SK9fYB0{}|!_$Z`iB15Y8t2W8nZ1tkcFW+`%U`Xo7B6p?OL zP7d}X}ADl+y)oqb6gHB)OEykY>uK?B%eZ^-*AWZ(rJsFy<4 z0M>5J+Of}Ip;dMC2a(fpaS2B6(xrR$&v~aY=8NCVF@`6M z^ynSQ2IO(aJDmi1k#*wiYchSZM(6?S)NN!k9JDnxwXVrCi0jQxexc`0x|ai*n{*G=9R5n#&?~X8Z}t;KI4^sWofqsLSzgz&BsJ z#L87{o$~5j{!{yfWDH)yYguo82WJ>?mTT}5;C<`1E#gOIEGq=**(+Auq9X#}Asoe% zV6ypC@hY4`a7<#~gp)gkI^m1em6Zs-gG|D4KOAMF4pf<`F z0b=l(bDYdmbgpvtA!ofgfA8t}ocI6CZ~BU$T`Z-J_1ze6WS#cZmp{{1UU^o_rLpFf z-u%^mL@|!<{uLb-8usw7$p&~5QKAkF1Kr;*J(*xw>pjc>d4Q=1|uk=}*pQ_Vn(a?&qv8{N_Cb*xxI=t9y6Xf3L2+buVYzIe-6| zcCz37D+r1yV^>A*pXozhcs6?;e!n+4p9>fd9cRM{uZH)4CqX%y^PSvU*b~pn?VZ2t zT5kPky`v>OvoFSh!H&%)si|luXB%8YX#$gh{)N5-+8piY|L5<_i=Ufa*KVK8iM7R& z{IRyO*X;Luv%BZG&W4IKfEaB(5BvSPqIYw`RP^5NzSCxqL-`J0jF!+>&eR1Kxv$5p zJ6WJdj9wB|F3m0mYm~_w)1=S=5{Z)Ytj00e*eAafA3z-dj8knp$-4} z$6)+_Z7cd7?PbAG_!50!H{U~l!|m{!HN==tdND8i{W<0Gp5P#~7ySg+EcLUF*x);L zMCD2PmQPAakITQkAFXS5-^2KFyZ?Llcz#d!bF1@@T%+DS8BlVz9sM2s{zuyTGtXdv zM!Adpf}HQ^l{ez=t{&@;==)!h9CufD?0Relm;op&N>XSOd$pD=Tf07e`?>$T_^j*t z>1VEe%6xZRtvDBVc^74*K<1V+1@uF*K)G_|Oc7sA5rN$A_lY>p$0fpIYx(`QU~lP6EIG`U4J&Uxu+X8c{I zI?1fSJduie^ypD`^a=0LPwFq5kf7tpmReu75OJjO(XVC7I5uxVy8Gml&hE%IZOv#s zNd~*G2lkgff{5xr#~W;7_tHPm8peQ8Y`OaBzx&j)8H?sCb#;-(wi_U>c3zxT%)tpX@|7A7|i41RIlnjByg9?`&msjF*!E24#%JOO+y*_vX%-VPoJ3 zo2@e9FIl|6`ar}d?{fYzeP>*MpR^H1^G80tEKIuaW-VH|VIzjgd7zGa?*knbqP-hY zi+9|5hZ(HA!O`zUI8q6iOiP>VQiYQk^GnD{YPO=!wdAgf3>ifJPMtQzvVnZ}-M0qU z<%GNG>GOnlTP!U!Y1XId8KS}~>zIm}%4A0*W?>ms7Ru2AgJ}`zxVm)hY`B`7oMO@A zUw!qZn=CvpQKE#k{YOUncRT~UGfzZ+E?bge4g|m=G+^O^c{21=mH|-bf@-`(Dtm-ypsQSgFPvKWIcowz#BdA>x>vo2dUZ!xDB#x!41g$dd}RgmKs#$5JLz%a(y z%`(pN9T?=SU;>$n>wMx>t5=u<1odH%B6^qTb&h3Qx^$6h-D$@%;gB&eZH^hRFecAX z`t?ec6GivRn(>NrQK=ioL`y|G+&x+Ou+swe>!`!VMuhYCGxMMrCb=O>X zqdVb*la1EC_kL%SCBawd1ml8^!YjzoP`0$P#A!WC%LxG*iyRCM!k9Zq2INytK2>v9 zR%eY*cGYA^=UM8RHFKu%I2;>>4*lMaCV)0~@7~quK28l|$Nb>>i?>wFj2Z@)V&(6h z0dN?cAuApH1i54__$qz@F2k$fw zT%8vz+E-Xn!Hbo>5?*qMaBbPL47<;Yg;ZDy_{HxP)&%25aCG~V7p)w z14o(CrQLBSo@@q)^=ro}y>dwzLG&lZD)a)dg)aB)+sA#c2--?A3=$bjL22K!cTe~9 zD=)eRikNApqqw?s>*CfZdkF7TkW#*8N)4sl9OZg`*~=8~7&V@H?nzfhXD&8YO61Ra zc6TeJ$gQ1{YD!xaySLtay{nR3-O@GJu2IuXl;QNteqXt2iAi=;!o3gQ=eDR1CFT4N zNvkO1O{$Dg7L)2|Q>&+#b2bjzq+$l&7~qN( zE8KPey~2!bjbu3cN@HEGqtA%;8Zl~w>)NY_QO=@z4<&Sh(zu z_x&Pkd`~>{xGSsi)zrPII#TTm9k+rJsi6KC15s;Hr&gQHzxf~FfJj2l%nje^0{ep5 zv!|IsmNkTKVcc3PL+V>edtND6f_I~FTm%)R@;y9U1%6^TlO<>OC1<|@eWL1g>$N~OL*M))F% zY-NqgYmR`=2OfRECF%_8GQ#1PUwugi-@@*2on<{}&^PXr)t?BCtGeP!=}z4n6vet- z`m8ESqf2ytUYl3e9=QAE*X>HhKHXr=I~+K3Bp?Mezv(x43XCt1Vb~jgy*Y+D=FXj= zdG_!NPVhZFeU3fPdJs{#ZXM@h7cxf(&gKpEf*-*4!UgG8FEC8uoZ)rr)|k^Z5$v;O zPPOZ_$6tVJ>c`1}bATyEPcrKuT`gw;0|NoCFoYG=`m7eLBZtu6ytXd%HWd1nAlSkA z0OQ^1Xa3uq6EOBsFw8@D0A#9pFniCZwmQyN4cs$Zgi|BN{ew zFa75=S4VUmL-9l%RX~bzc(|2z?FaO(`S3osyEGjaeQ^pY%rt5PK#z1OH!V zK#Ui!Zz4Z9BWkY}5r%^gE@%-9l`B_L8lnn*1H4xoiB%SxfxI&V$hT;CGL+I-r+FdT z?!|(3OiF}$Q|SJ0b;jO` z%|Ol>0GxsmpuD1?ddqlw(n+US)a;x&v)otx`@2<2pSea#)|{n!ty(T#5rlSDy_u8z zz6E1wCH-LlLOGtSG|5D$p*ZD_b9+e#i=mXLElP?~sq!pJc+UJSEn_K$-}Ll(iq2f_ z8a7cBuc8gP&pV{@t*tb*e8-ScU#XPAk8s2n&tc>s3b}$(u43Hf*?9GfvmJRBoT4wU zzW$0C3NXx2xQ79`U58`s9qOV#M3gZm`WMb6W<1Ov&+v{0XzvhZ79C%W&ck;MJItRSI}XmYv1`33>9^=y;dG_k1V%7qWzj<#R-r!rFvjyo32WnjI5Q$y zyXu!7w&#c*!%#qd2SQ;?zzWg!q*A}(x~r|*`DE1Hv3^6YL#SQ9ff;v!J>DnE8XTqI z)WQ0u>O5@bmcn<|#PC7$WQI0<;&?&ZM6M=PNwoQ<&f>+3E8@D8!9B8?!MdKIE&jl< zyjs*lgC}!95V&iYW(+c?2FZqYl#DI{H_#b_pUlB9KLLLE&OQH}hi|@fJ%4`xJHV!% z%C+85H~5E9_YmO{>CJOv`B`o088zyAWNYgk7=Y*e`46@0tU*}MMT_QJ#5Z`#wY*va z+$2@0A|CXWtDaolU3FDQb5Q#ByTPtYk8bX@|GuoT|8@jTnjhgfdp*EAa81UCy5bRJ zj5xT^!IrflJ$;`0vdd!GxC;Nn)kLopQYRz7BtF2(c)U6&i~jT5oRehK4R`?NO4m6I3Q1AF`7G?2Loj-%;2aGmX(z2I(9;+@k1F;#{ zXET5>0UkrV@IqmuCF*1{!2!vajFV}@7oywJEdUJrU}Ch zDb)T*0dGNL^Ij9*UbI*#xnxX=@#{Y_d$DI?GqC?=fGCbb<)L4qn9itHww=9NL>N#& z+F5(+*1Po^H^J&v?4P~bRIIYt4D8Pt2uiYTQXW>+SzIW}wMEZ__r29KxU*zurPnJc zWx=LRn~c|b1+u@lw_1wT6PtlQGXuNq>jax*ZZkz=3@rc5G{&C&12X_zq0GiGId1$o zIULM2W9vwr-EzDL7*-}~Ns?m5qS_Vb+Q5?JCp*M(px-+!;2 zhU_XP0hZm1;T}G@j)oIH1T!jhjy|I6qIrd9b1lKB@IBn$P66GTjr*AgpIqN$3PIFzF?M04eeFsA701N(36xEYCmXQCWqn1-fPVU5G7 zunzt`+*A1(u8Hm6uNPRObI~&}nrrq;Ag!bXeOK_+@ovuv9qTi;@7QDd#OLj;ay$fm zO0;8`KKF+cKW3Q!)gj{r2if6x;>o8lHOIS}FykR$EWcOdEN7vah<2hYs_Bp40*yF* zgbs8*;4t?<4?K^t#Ns+I-!6TM^R(U8z|YjZe|E#^8e^`)nHuMr1#=7Yi^a!qj%#S) zd-&wsf9e<5Rfv~R_T2H38$P4$Hue}gi+xr&CU8$VcKWRA&2d_AfajBt@Vh_$pAAw_m@0z5VKceyOtCCDug=Ozfy<{n#!1f2v%; z_m(OZOwvgVNJT^N?I=ko$d2%g8pDWx-H#9m_{}3@k6AqMD72b18mCYs?FKoHnlu672^_^+90G9&9PAJvQ#OH2 zGZcqv9(52;D^e^`TGuQ4xT(r=cn0x7Jfrx~znTz0xkyrCM*S~bzBy7}P%umUJz2`g z)p5MVArOZ^-Gu-FTC&D*lI(7N)Xtb)Zx5Yk^gMA@O4lZcKN4qZ}fSrMV zkX^1+LntUH(2l?8-M;7=U$oV9iq`y2f3fFck7Iu$D9vx^JvCeGJ)dMzWHS9QckN)0Vzn4H`R~IdIt@iTP z1A1AY*DpJWntsBX^RN0I1M8}Ddw^H$Z;Ywt_b)rnukL+HN>K8@<9n?EVPEuFYlGXZ zqo8|(=LBy1t5pBG!f2;{m(Hp#;box1RlD6<`DM?)ftMtcbW-VaKJm|m03bJ3%bS=) zm#XgJ+c5-Dbv}M@s6c?-#H?{h76AY1!kYh=0pMtPm<%t4PteQH%j;qE9xBTgpGO=5 zUr`819wCyPltYH&Ap#2cRgy|Bkg>*boL?Ox3;PwCMtOOC5B~1@5_%&v&22csc|S!I zSo#tjeTCp1pK2Te2Mz*}LQS&AzG^`R@(gw@?#pNGt2xB`jYHt`Ab_6*2Mziky5GKS zQU7iqi>4B!Z({WC^T+PnNyU3Vm?0qiN7Dl{>w*L7Uczw>W)O!=g?f#ZBKjy*%;3)iMP31-|c#K5Kc}d+H8ZL`iJ4qS#js z?CILQImd43J-u^%f5@A?8DIRG0|SAe3j~`pd_ORwseWp$1c2$zCsdimQ29~)l=x8` z0&xf&bP#~11H(G#2LCw&jxuT^ttHN{J_lIwpX(e19CK?!=~f@H+2wU^qVWO6A@G%l zfGD&!Xnil>$YYTE6&3qBIJOsqiC+?jz&?V&{*`&*X%P|cFIwJ5po@2VkV7C~V>}Vz zAYaIXaQKI^PvIb3j`)z{5Qsw{4uP*M1n_Tr>`D-z%>IAhYNwa~ejM>0;t=?J2-I$! zw@=Z}e)3v<{ygJX#32xeKpX-!AW)NG#rahY0L8z4B_R-}gRkVW$0uEPAy89P?e~$! zdBT1NdHjKK2*e=}hrm97zyTL0`(RG-F5?i0Lm&=;I0R|~0_gj3oxe698Smp@fIuAA z4~A8WkFj|2+&)Mj7IJ4uRT(K&5P?By?G+XuW==F0TNV?+%DOLzEOn zw{O_6q4R{=d;Vwl1l`pZ9oJ@Gj5y8{K6~B1+P{Fa<^C?@1I^ z(`tVhbV~c8bQ)+nF3TN!@qZ2&1i)o&QpA?rW2`C~SddYB6RV2LhrL_OI1ku6IPL4J zK0h7ri;Tbx#|9#%EmpB3&*~?(a$!=xUb!`H)Yu(F4fVop97T;AH@3vYL|a!__=N?? z7a0;6hx{RIN=r*U*o-mxMO)}6+!y)^h#by;nNRxQW#rqoZ^O#{RBIr`xi+5jsgC0( z>I4K_z1kbE%N}r}PE6pS9Ymx6RO~7izbdHYR}JK#`wV`iz!&@qUb3&~G4PoxekF(D zmuU?u`5yO%zWA(-#@u)8++o|dZ{H&v4kdmC%=qt+Z*sU)>{uaWQMy(_3(2ASq67Ps z+-}mOiLd+m4eO0SaBbmKEPTPQfJ3`>mD#p!rLjNn^|89~ez<`?cM4~bv7E21#@Kf5 z+F64RBL2V};_cvqz~0N^T128c2_o@4If5#7ZIC`+DA_2UP(MkI+cIk;{XOXMuFFfe zhZn3~vwEM-B*;b{QYyOpqK>C9xY&NG`YOlS9Ip8CpAnytF27B>{2p51YkT>icku=C z9sggoUl5(5p*4|TaO1{}R#H;pyprn1G%1idNw;*9nZ9+ zv9d4rcu)8Jr*l<({-=xT)NjxkI9;Y3@Jtl~Ya)HWvEWfAx=fPJzq|iF&?#~r{QW#S zt)e460vjA#{L8|3Z|G%jt^xdedmYyv(oO3Ui?h{h^Phd4;ktuzH#k18@~!fF<;uQo zDfCa2eH-ihjbsusis0|MqC(qMw)>`sD!i^l4(Oq*mTbvA;T!Mk&1!d6 z0XOOO^Z3($`{dYX{kMJX&--h42e6Q{qHMc}DaBeI^ROi~Y-%e@>e;wH+w91+eA}@r zK}=sRHrMGQ1#t1=MfT|9k64T5axkfdg@UjEYQ&VHaxk3Zch2j7Ie?B zWn@L`*Nb=)t!Z*o>)5fAZQfj5DSV>9F!$En(HEZ0c^rcDS*-gw->hjf-{sJWzP4<3 zXE^7p?h)~acmd~P=Tq}J%$Mi0ld4(Mrj{rsgYp~t;*;OjN^x$|B-xeY&>#24+o1sg zvSHD^0&a&-W*3efr=_SiXs~cCvUU%qx7k!p*u?CI1S&I=r z6Q5{gt4bT#_`X|hX!io!z6*t*nqMU(B-(-n^X%~_AG201mE58hU>|5UqVY(Xj_6;N z4_IHdpd2XOuF&+sn&pP&!~{=#(|bstW7_#V%N z_ifs=vC3(_r@lDHP89Hw=Y{^NpH$7SS~P2J4b=apO`EF5#r^Or4E<($Zlgwxs^Amb z$H8>WoM^tzf{6|)*Di8Q#KMVn2>1X!vn#IZdzf_Wc^wB?!O!$Xt9j37o%f4t;h%c- z8(CTDVr$alc1!L#UiCUEtZ-)|yLiwB>(gP4wz^FQ*D?EeyxsN`0 zHvMpnqh|ev4c4+nOF!SNSqs+%Hs~C`$KDhA;v9c`59=9z<2kX7^X=PpaD#U1)~$Yh z=obgpmaSW?b*t9iU+jJH#~H67GfiRgFRj%_ac zLSNB%BfiJEz?V6$`5gLV?8rZO76HAQJd1nK<&%{})3|Yys{Xk5P;J192JC=O)hB|_ z@dsYZ+C`mYa&UR?u!2`EA zvFLyIXGC4^bPD+dWn-5}Z~pVc4_Tp-t)XdTYH08pgas7^ zY0#7Nl}fvnbMS=NR#T4;_du7ie5abPmHAk(SFl64KluGRNZ&{AAo-c=WA9OS-Z&Td z5XXDsYh38#)>sP_Sit{@y-wra*!#n|Fwbfmi%MjbQbQlr=Xak!_t&+?T*4eVriJfe ztToTq{2tcXabhp-5B-90JTZcExhFGnymRMvCG+lbzea`Dh4oC3Y(`H(Zt=V@248p9 zS^S&zt(=1Yj*Z$#HtQ}W2K#T+P_7oARl}%T2O4AjL@O_yXDyEWwF8kO-n`jq3zz~= z;9Ju^07kJi#I?wKYybk&H51nOo$*0a==UU=xgrt$3Enoh^+uQjiW=m6WMnt#OJU-SB^-(vbL7awK~dGb!_qTnt_ z4NrkC5>@$-R;B=GbpzJr{#zsIXWNzZ8lF{sOq&;V-_KEpA6Mr+1V zwC>;;&-twL;4J;@kUqUdx_0nCbN%jk8sSdpkN!ChIA1jumzT^zboU=*C->KE^btE& z`lp4l$37d_fFrSf?sCngZJV}U0jZ?4L>o!si&Hf(8Sn$oBM-(%NmBymneABJgu5CMa@Z5UK?cV3~8Ply@yGRJ_QeV#agitj4@0PoFizo!PMj5xRGLErOEly$=0k{=|UV_2LJdB$LzR4sod^6*rMP?_zi~0F~|x-k3Am?6=$4IM`Fk@ zD`$v8aKAUg*{GlDyZ9~^E=8$GPEE?S^Ni}>!x3y0x+^MLXG4b#vo>wo*u;qw_1Vtp zsb;_7zWw!y^9>%=zkfex)Hst98#cGH;&-jZ;rH2&ibR|H=wNHv?G)R*qmj*e<93_7 zaE6-RgybPcaz%{Zo2(|@FZavksq=Ya??(C+iYtw?02>-#ma}Yu z@Nm*Q6Wwt=V#E>l?2FG@JJC1uWc?ExRKozg#Q4KN=D9&OgFjpwehW$y^aCDY+zlB# z#ICsfO3TT~wv$g9W2c{fhRvQmQ_ksa#;z%L*VUI%jZwmVp-^paS+eVEXZBsvZU-u+dtr-p~zDIZpd?H>3y|FIzSqA(ol}*m!Bqz9gi*yQ{ z-mky?rgiDm*`dC2^(s4c%qe#E_;Y;@7zyCV=dI5kmMng1KS2N-#kfjM>nWMl-eoa( z#d&CqPyR5JlZ0Q58nF{TDvKO`i{%S}cEkPPOw^$3-5nm)vbcJ(;3D^ihI5piw*(I} zmt~3Xlax{Yd${h)d@{D}+jmG_w303_c~!p4Gop8Gc*mLz{E_WSYHJJrHPRBA^stKL zRGT~T|Jj^5Gi>hM`TG0Brq7sW*;(0k%rT>Fr|53p!ui%FrH#`j`Y^l;T7m{J1c4K@ z0DN(*;RJ?XL`EI(K`)kU)Gh(;!3jao_Qo4-wr<_JyW{Eh+rR02FQ%;yxh+{tVI|v-@|W_ zvnql(=jmgqbb}kNyU|WK@g$oexS%i54^9D`yw~eD_{Quxvz$LgJSXboQ2IB(I;}@< zYt<@6y2mPq59ed)2^rf+@-s>6w!Ja{&ou(PXsue#0-NZ(yFq+=;Mc$x>^b(z1|Iw3^Wzd0p>!4%d8o6#d%;#DWgUU|>%_Az6jk1!XW5!-miqKu_>_1CYq zv8SJD^B2r>hcn5ARNsIPqHm^lPqPnYi<9gX<{R73{yb(qB3aT)c-6+%tz9jcSIQFc zJM;)&vnp9qTXvnaIl)s4rRnk)$p_%U^I{v{_**Bt4oCWD*>$n^#E%ax2sn>YpyVjo zap=|WzWc7Vm2DVG(|^&~20n!BZYkcnLp%b#AHBVO`}TJB+2`7G&pl_azWS;^bLPzH z_OE|GZ5iq5(kEs+@0&33Z3T%3TUuJ0{q@feTF>5noG%A`A3lLD6l~x?>+m*s5@X;P z-i2O|jlezdmFOOPhmlRf{KH(~Gw?O!0jKb6JM;@4qX* zUl;E?;$6`_L5HDl`fxs}@o+x2F;0HN<~eNe;jZgoKht-h)$qw&LW}gGO1nfng)#H2 zL>&kFllcd@g!>NUC$JB53FF{gG}r3j1mB|;$!)F)yo=vB=3MZbbm`LFnn|ZxFP{@~ zBs_ypd}{%2)%}X+u_)?;e)z+u)~k0v+oAyFRwW*!rS+B^OBEe-@aJun?4@<-nr7X) z_i%q!d->|>*H2J_!dmh7w$`g>U#A<+%b#wA>(&V0JNcjMJzAU4cs%&mHYLSYuU;dc z$rkw)6aWbq?1xWawQ(-^CwUkalat0NC$~V7ZjeGpWk~)mCC2!qjJGK^CV(US+ z;QhbZ>=|#{-1(wY`S0h+5Ae>rlkC`IzvlG)4{eC(*METHU(hX}9cY&1?SfS+?aC{z zlD}xA^xoO7XLONH@XG72xbDuB(GPgNS_nwtHwbGQbOU?_oI8BTP?udBw4s4}SVwQb zRx%YE;PAr^_w_GU0tY-G@C0ZM-2qy`ZomH88>I6jD>k9Pw{R&`?txc;D~t;s#&fHD z7Q!v$EaReI8uTr!^W)F@hj9iR4cCNo)%YE&+eUN{tG~ux7xAy{)~Qn$tz(MQ0eJ68 z%#{xa*E7CqI;ie9f?edB#Mf1-#P!XaH(C1*oh>c3m*X%xA+a8KB(#FBx^3I`{+A+M zc(Y)fs%x3srcLsz#;%FR5om5*AwFbuSDqgru|&+z&{V9uD}Pki#5`>ymEd!F?QJRR7V zDp=YPsF%mpp?t3H+3CaSi7_OLkyW zV~6uQeb6GAsW_edYmAlq1HLggeN~fPjBL_9&>gVA*Y=IuzvY{f-~kS&O1}VOO42j- z1QVXkGk^&+8DPb^*oIx6kdWklO5!Ex!u|RW_Io#ORGhLBKe>+Q&=_x+1K;68$O*=? z`}ruK9pLM9rE8N#Bfx<^!}Spi#1&%3$Fak`5}x2fxQFL5R)4mR!n0%93is1*r;Z)m zE=^C*kPJ%kbFt6yuJ+=eAaVEN($Bj@Ojv->{H=Z?5y!>?D_W^jJ2u;vl5Lj0Xqt@7 z99x#P%$BcMZZkz-D_7<_uo4nMjPO1rv*o$VJu``W-7a`}kb1GLs=XEmZQBE_nvqS)qVz^XJ zA$IPR%8|7!dzljk&l@*xyq$dVDVDKlk@r1)`gC{hc96nMUt}EZ+R1pce4LC6qQV)R zzp_BPgtj~L*lm#nGG9z78|;KeA%<9ZK8&VVPA_)tr72?^!p|;HS#9+jZ-)p3Dg{BY znE5&>lPI>}GRz#tgmND_NOxHq30wljfl=`rP6n7DpAiE`>D~Q2_tU^T943*%A;F^K z=m*^+JSF3czP>sw;#W#+wE9Y1DcO)~>(^@bJGWS|_|?({b1iH63h}E<@uL+sab~)L z0;@%T64K&VWo1$M3f3!AJdI3YXndJ?2?7#$?-0L&_BYA6C{_??mG1XolGX(Nl_Nd} z+@bZ&#ZizbHC2X&oZL9%X3qH7^2A$O$*IK{aM;1;cm~e}7nVrzpfCQimS;QvD=8_p z@d`eD?f4UIU4Fig`{U`;{5d$ta>Re>i*aV^IYIbi{N`!A@GSTrd^DC{fjd02os6D^ za`MlbHPaP*3|EvY6moVx_UM74)xlP*j`;Jzic=`lMTP4smD~_CDzy{h3untCusMepu{m6xV(p+~E5$Ka$jXO(< zY)e*-)4_%dmSka8POi;evRs*vi&Mkj>zhXa0(gNWNMp__{(a+Tjyf+e!fvaEKl7Bwx&sTm)Cazl>#>zT|24Eutr+rS`CkF1pN8^|?(B_@z?ZXU&?SdlJ2mbUAgveX@W_ z=!kf3xzjN;jT~kdAM}gz8ye$486{wW%%&Lesy{ zdrb8bU9u6G zI&TP9x6NxK%IJ9r1B}YFbFVOFy+@Plok_GG67go|!B|T`~;5aa2tvYt-qQtRovY#YBD}UP=quT=4NPbFB z)iv}BT_Jx%i|8rRbF1ko3M@j8+*6ktneQ9ct`L3}%b~H&1E=6%wsgDf>>SI^U2Buy zdq+dA=MJ~brHh0wk>h5CbV6`3;3$skh^8VOrBoewnztYXMi4ZMKj3x$exe%V{jjOWUSd57s(#bN$i?3cCP87J~AcWr%#_|+hng} zXQN-BZ)eG#hc9&L(#5hX{Ru&j;{F5GB3UBbcRH`M>jZoB2=KAWu2TXXfd!IaSVQOn z+zvQiElXnUx*$uU*?ku7LpOCzmK><{h(GthK>+@P-Ru6lf&!cT&Lnr@BAX{E*(6(f z0lqf;XzxyZTY<4vo`}MT!C~kE`pDEZ*tzV0f|rGcLzsK9LD1LH1)v}9O&3q)dJ@R6 zx6#WO5B&sR9sB|wM<8sccnh`)e!(^J$((i8**50nQ*Ej2kj>)N)2DyzKFo-(<=NW6 z*L1%->nrs>be=rTb(<3Fyo`ShT><`wy-X1KqKht3@Sv|{2oBg4ydr=x!3(iLBm%ru z>qXmLFWRX4ab|OViTERS2IE0D0cLfjg}H?BFt2D$dA$!iz|ey#+{TNpiLrZStI-0F z<9LVcF8E@yS6XT8I~MWFz&C*v>%L9$HRxA809i^LW!;I&wqO{OqoxNg}Ha$$2zMo@RSy}RX=h(!z z-Vi)uUZ*6QVvfk0jI2z@$wKKAYuB!|wUU8dlvtUXip^ARb7s$SyS}q*X7mE&KLKCt z1LzW7!5X0(M0P-g@6b0pEibs>B0GHOFqh#Ifaeg9>d~X80(c!QV?~bia|OJG7gQU;KSu0uXz9-}`o|Ij#wHW)kj#4-G-8ee1e*N6^6Kr37ayqhGeN}7@=xvzl| z6RPhI{YKRRqVtR~_@bbLBwxo43itv?HX*fc-Bx;Gn)s=Fmcn~0ZyYE+a&pp3V zaIBjZZz>i;?;!!b-d=g-B`0104#GB5IfzcWFHgqkav|fPDtqZlAyg~R82ZD5f05EU!TW*dRuVQMS2*N6e%|NXSm#<_gY0JnTw1LyV=R z7;l~k14IEqT8Pod+o1&k7yyc5$TCY6BY_Us6(K$$VIl>laeYfkX(OX1Q9BCyDTyIV z%1aYxaFHUr({gjOmBqMOnY>Nip@0wxN(C9{YqSG{EUgqNq$m%?QfP8=GJJQ2XEcgN z8B5l(bjSTe3(B7{8wpJqb43L^p7j1TE|VbvziJ_V)gU=pCGGX8Y@*>^vux|;UgB48 zSn-Bz?dFKGZV+tOU46X`7&y?CzafFxy1>iI%CzTSc-ED- zZz_|jS5M)L=?O&`8ttkqU^hHPW0c9s%+#(N(NhcYZ2`s& z$mJ`tw6mzSb(X@607to5A$mp8fS+SjqC|2Y+{4%`R>oxyWgdrq2s-EHW@#O|I(>pW z&~kQmrmtD;!xSQ5arJ+LBumgI3UZH%68x z_}ti4evRZExC0K)pFhuj_5bd*pZ?$;H~vsmgKU0PGB7Vc&#t@n23K~-f~R7@k|m4n zm-qeJB%x7q{LXKFTi?67JpB0MkL>lgUbmsj2&TFRc*=dy*#ar;?7|bM z<-j?`@ez7xr)*6W=g!gvuD{9lECoZcmO3D|>Y5JV4U z_OlDIag$^R!EzaJ(0_`I7IZzbp>sr&O{CZ2#D`Ad3oFC}N@P%B7ZP;~l`#SDQ+gttb~i zXn;Piz<9|NYu;tBO`kT=ax~_{MvQcN!?+!%U@JR}fEU4#mtTF!=>=Y~L9zqgnAe+- zNb$g5AF^Any-_<7`}=RmMuNYuzwxSl@X?1=vXS?X!Dn!|%}syFZr43W9C4J^E=hbd z*Is<-d6z*q>imEK0|meOmM?zu=;MDA&0ix&MH|3se|+#^n=s)m=K;vxzd!wiefyht z8PyHIgOxHipL^k1*(uw-d?n6hcJE?bB2&@j(d&c5gLT>}J`Ep2zLP}NNe;&Gfy&*qwsXFyZzM&US7x~7QBk}BS@gyu)u#~)1)Z&+-Hj~Ervl;Ci-f)YoJILaMG z(7nc56a0q%i)%V=r=|7LoMhKYj}(%+ z++dFAkMPFc$P&pHb`o^!7ReIyD0D~GtFd&C?xG*Ab=+4U_(s;sVcVleU+n;ja32RP zxX-S8oVvgdS+YzCJCPJQz_P@#KK{>F3IakoH!p;*luT)a^URBQbj9QNob+`}<^c%6K22Sd|xN%hdihWgS& z+Dc5x7l8a|nyd{E6&(~TOP2l??aoUT{qUQ>&;1=}002M$Nklh&vZ~y04g4s^@!vjY)GjZKg`LQlM`+Pg`gp<6iE=g!FyzrbSa8M}+`+*Yh zZR8tYq772dJo|4u=j`+R-Xo>&-}BwO?YZZl@eN({OW=fEyl0+qmXD2!n%Ghg%C5lY zg$~3zuUN6dp8ER}em!~vzL~P^rS{Eld`ojEvxoljfG1>}G4@QS*-eToy!qy9Mg>mh z29H3lckbN9{d4%@umK`?R01Ss!8y+}&}otX0e7K;1gDEk_v^Bookjv33AQ9Bv~DH8 zudbm|WP17{*MHF&{5tt?Gcy-QbfA6*4I1kD13Cb7fR2d`>wYEOz%F-m;I?f$%7$(0 zaAeIEEu8B+>Dj#t4xleU2f4X93Vf?Py?9tt(FyvQ0nV&R-E8PU8k>I*t4gxS_gfjOYLRU98e`i=yH(+%*fH=k8vZ*HH*dJ+dbjIH zR`}Cj9#v(FmmDWZB0lQKqwMIB$H?X_a(<0pG&?)nE8YU%DdNu)-<_o0ynUU=V+W(x zy{GdNloU1euwizCb`#@gg?2~=C3zYjFtl^|Wmh`xH#;{kT*8-zZH+#Ud`nGDbKe*~->%)dJ51i6@}4T>O>sLn$YAD;-vfNQ>(0C6 zyGZp-V{8EW&2N5bzxc)fSeoS4pC0<7%Oc`*@4hq1pNqU^6C-l1Q1%D*H1WC4(&fP$ ze1hZ8I>*lu!+ZVpR|Tgm`}sY;@QS+*6V2%jRoFXT6$efbuV^h>fCP@I8tV)NlCd9r ztXdvE@h7lh4%raJOP0C*Tq>Rnzwgkovv9b=e@8Zu*a4r0MsuV)V{2kJc9c&X{bQSC zH99rpZQHhk(Z74yTv{}xRohsMd)?n@+^9LVJk)qaD8T)5?_C+_9m>Mu} zkTYEt@buHqu+vT-=Ld7O3oDdT z0>Kwuc(G@2uv>w0HV_<$^ff&cuKlROt_#~**93u=s2#zli) zttpHgiSQ_Pk&Kr^va5Dr!2c+Zh(Jb><~@i9bAz5x$_en0lz{>TEup~k&J%*U2=T2Y zTl~FM&?a+6u}5$(U9!NHfUaG;YfZ~Vo1$64%LBP8U5LVrQo#;lN(GYGQ6NRJz1FLR zoY}w}+VqS|DcUH0wa)*A`&CWMKw)p!jrj-OAiYmATbXP-Hd=XNXX`L#mTl{IzfCAO z)*2;}&8MK&hGNH~Zr!^ZNmc%_wci=Crh)zB_%h_zieTA_C=w z3gy@sEradKi!YbMS6ShjD+UKUlt{=zW?pj9r7G<-%rdm=9VP25?Q-uWJ_yZGh6m*p zz2HpYI7(oy3_Y}bDvd1CvvK1*D+Pu%Dkcb4cv&Lm3Z^y#BAM@ry8 zH|Wu$r_Y5%2lzFOfD%eSL5)6rRsKtvucsUjfOWjTM4_!m=DEr(G zUhp~ucnZczyLKJrXj&m$$#y<~VL@p_g2H6Ut}KYMf5G1agFbpH=NqSAg0H>+Nk|&gvrIb3^#K<0K54{`NNHF$v$*6JT#=9Ps zk&)qi=*%@Y zESxWg%3!-#I|-;JgtI3khA{WzjyqoZIte1t?o05Q@hubohW0Uhso;Yh0{=qJgI8p3 zbAN0_0q#B28gzkfi$e&57TRhhXBP4c-IlEJ?xH8kCGyTkoPEeojArNw10VT`W3ihO zuYein!9C~+`G6A(9hd}0Xe)O`j&zshPG1=C;0k&!4v1B&^CeFc4lI}}2^nMFX-T6A z@*Mb3zOcMP+2Exa)_k}Ug->|SCT}{=RuwDxxJjvP-6j~y8Hat0?aHeRdI$$e7N)`s z34_?L*qb=vPC99foudQ{9G2iXyJQzFTIk6M>}=~S_z6hvY@k#lG({rv2sxRkAcOva zPB&P6LW3<@G`HcyM@Uw$^J-eW&l5RHvK4dyoiEfe&N672fXBIKooi=^9@$BZP0jc& zl!Iv1nl)A9MgDW|F~=NhgT)irZNvJ~ps7sl+=E}ROOB)p97cn5U1nyw+y3Zf;723L z?g+$@oc0b5z(29L-%PqNj_H=-F9aUY9cctPkRy~&#J7Nxh`AEzU~L`uxlT?c-oZ!m zF85>CF;_}3LJQb%$df$52!|~+fz1bAp*x~Wkz^R{P&%-1@rlR(`D#Ky_y|s-<80rq z9Wf$QzLP)=KBE`$Ss^|KZ-jk= zPhaA;^;zN%w6XFH5;Uc>K2Bx)Z&zMYxT6J!Wzz<~p;S#q-59@s1-_3-MCe&WyAIg6#Yzz^ZcOO|EW`R85W`o{b3zvr?J zKSN*LhaCn_InXTxLh(N!li^YDIM=VG2V`ZXdol|ScbxX{Is9NGaupQh3ZC7>=TwzK z`ZmFLjtQ&-w?>VcxDK&an{lw4vDNu&s6+$w3^wVYA0+D>31#Tl1jtseDsUSS8;t~S zcKWVbl_y6$CGnN)E&dGb2#Vp{=d~}`^@k5V(ncIH%Jmv>7JY>zwjqa&@bf);_LJU2 zbrY3kl^#z3hG!7;IcS>3TECJ$on{4Rd|~Xu2j=`ix3LX+WvAkK!bNClnecMEbhEJv z#*P!6V*lXthPJ_Jbd^r35_j%7=R2)WocOlu{1?i1P7)f)XosncGeP0)sy;Gm)UkG$ zbcf8$4Cfp0fE>|uNWf&AtQS55d}NG~ihbzum&w0{KcZMw_R{fr4L`yzx%g7wwTO;` z?)8WNeZc7rTY>5(mnb0wzwFy@zvVpT+;cB*eHQ&_$dJQ@zomXZ_RUd89_`gq@CPuC zJvHFNJ(Ow&pPUXV{XYbS2?FJ7vsa#EIQ|4^!vj;2;RILnl#~D-<0~S87+OH*#cl-O z2o|A7aUR{EdGnS|N7x(4e|$^$o7mk;Yb83smc`%1JkgDzNs=x|&SNJq37f|sKUN6< zQ6Jzkeig3mAv|Z?YgFZrPv*wl`5n4ASQ^WP?-wq~`1xK|w$iHKci(--b$MQ0MnB*^yd)b>eK;W86oBu8_g!i3YHVKc4oHY>bsoQx{)yg})Yu zB&4$?cTYLxG`CSEO`hacgaxF1-u_$FY8Vc2Yr*gj66gB6iIKu4kaOzo$$yQ_+0u@ z?FyG2)}>3Tj}h7+v8h0QANLO_NK9WOaYDz~%2dE&44c&t!DX)Rs{8R92c3vH*H)`l z?SKfi<}JW95>Oi&`&APf;J~URp8AdTlKGFVQTHEP!*++;#*e;f%}bYA%K={(088Y2 zH8HUb_R`BQy28ebqH(m61%y(-LSkV4`0np%hwqCHkYRHEvd|cyFYCS^e*ZhZ`-os} zTK7~pssSARa2<{X7&ga$d*rY7b7e66^IuPkFmtubC)=|)HfrHPT7(usW!`ZBbA*`w z^3VfrG?O*Gb?X+-^uYP|=wpAgyMORqS15b*=p_c;!U;MnYnlDvd*8Mh%D@28+RL$w zLdQZ!3`a~;2nIsHNZ9?0V;n(r_Yc0~yN?iR2m_4heSrkEg-r2&zBmL}PZ&11jiLx1 z;0#!~Qf0-(P*5tsL$Xj{bnEmkQW%BT(-&UAY)}Ajx**_DNXgzJvjwLB*(~50Ob;Q3 z}CYCv=HT2jgY+c@~U45ZosWhxNBtPu`s8Uh_U{>hKNCpv!Jm8;>yMmX<5`FifT zXYBiTeanr@&YiosamW46uY?achTsVVY2h^wiuc@i|8MQzdT$ct?-wgUi(>?_>Jm z_rL8~%LqPpGEtQvCqAABu8 zKi|Il?K_lp`zN34z=4At-aH;<4I09@Ko{uIqo+Hhk*8!ZzM*VEjLM0V-nRGU{6KLA z#wh3PG?+7Imcxt$uBnsX@qTf-43~o&<&*b0{_LK+z4`~4!Z_BU6KLm+H(s;v-1!YR zCQ+POYw&=^x}fX8Pj`q8Q1aM;NPF?67eoi&_2ey*&jK&;ALIYjX$U}H@KEqF%4px| z1}=^vs%TK9gY|S-ESXK#KL$1iJqkMV*Xdn!4DBPk^A(U{XG30Ij?)2@)v9GwQK6yq zWDG@cHtcRdmqdOOw5n>6II8-(Uk+dh=<=eaL{-OVB4yrnc?70fy#~^cH@|6(Qtz~e zZI#3^?MK$MWU-|TzRq@)^G>=Q(zUm{PM)5=)Qv%SB)SK*1})(vLT7&Ah3E9W+>exu5K7URi-Ij9eNu@)$q=gevuX|L1qxKc0Td6GT@lz=VxJ zdG{8gU+yId<=KDz!{z1HEnDo*5B{OjAsr=mVi$1TQ%^l^_x$MlZfm5brg?P?47?nb zs6$?V_~8`iO*n%no#n=-){y_32p1xrSE~2Bc9-!N1>Jt|y*mYq7o6vF{jP(^N%Cd! z4SJ$1KkJ3lXuEbyA0$zIxC+f!9iQ-#{|%D(&8** zcQB+upex`O`mG)-dQu4&HG<3RJYv1~iTw1Z?Ad*nHiFa?IQSy->?$^n##(G?9IRb<4K1t z0aqNT!1>*GC%G;?zUqGMz#^ziuOkGS1VQZq?dBu69L30B|roo{M) z-6V$twl5_Xp%Isz;r1 z!`|Peez*^vg*5H{}seZcZx5(GU=B-}x zUoVqx^1bhV%N~97uWqB06afrK{@@nq6@UGh6UVr3pXxi{1#3cpCsm2$;0yGQzWw&w zZ)gY=?q_=S^;cXk$jQmJC#6$RJ%IJ#k7rOmmRCm6(2-tw@p&&74ZT17*N5x}@_F$( zt3C?UrL=D2>wBd1{s999dDYMd|9HQhphOXD{*BT@2;f2g_$-bTO~M;U*7(kyx7#zS z^v7JFZ4%RHds<`0Mz9Dvz~=)UfTvu`?(>q;t%hHSYnn+1P%mzG(I3ePF2e;we7(qW zzO(UQiRb`35uKMrvI5ZubN~+^pv=2`!CClTO9hnmK!1ilTrZC7%ng-vpx13kZwn25 zoeB-^j}rZ`frZBW>4zW{0ZG;jy78n3(KYwg{RU1;zr?;3%!yS|DXZ`yP@K*_hxicSL3zM3v z&5NR2Y!~LnC%)+yWG76WI>i$|(9Pd`^L5LTy?}2H+9#d|KVTjtesok{(4*_?S_=Bd zCi&(!Zt+(NVl%T#7~2A0H8Odm-XD&Q!86$uI(zm^_uHW_lVk;r(V!`C6uylwhafI< zhZhHajQq}*Uj};6nag*g1jJe%v-2!P+neL=bgpD*L1AA-Zg6R;t;zqVWL zQLBV^dAX3HS%R&~Uux6WmiSm(?dvt(?DC}_8t;ZUl=v0%WTH?gyMUoRvc3QS@ZvkL zMp&LFlvY+#kV)9i(M`KWpN&t^Ns)&>u#@1{ufAo5@(#Gf;Z`ejV3# zqyPF!_pPYk*%qeHv8D4Cnypi&o93cv={Nqs9m(%RIbw_R0J%U$zpV7b*RAQGJFG$D z6sgf#^UYiBoXgI4=L*@k&;Sl)@DF$(n|Y@W4JR&m4ZZ<43~m~R1oyeYq3?`~*>Wun zg&R1bB-2n3Klo^>_kER0T#`YEzQB6{c^*bTju7aHzG$JZ9>+H8;$zZ% zPB%QZiSz_1W;hCv(P3>F2W3SAeS#Y#ML>U);isWb_yqi0{GWpc0*-F{6X6|e3|%6N zBU*u8Bgcr-yYPaACb^G*7Q6Tg3i7IO#pzu*Ri*$A_k;5!25=8fd+3^yb{i#2zCfXG`HZ3@cyo}PF=N&<`X4NmDn+(j@1sGGhF@#xy=1Ej62qaRz<_~B|Zy3!qB84 zyZJqG9;%$7Y>}u%Jc2PeUl2Z2G(Z+Ku*S~UqQyg(2SmAgq^Qlx5&3xnnK=2G)1X-?BmTYkDxtZ2Vbd4Q_vgq2#mm3#>ls( z3MfM#UZP#jn1u@$cpzoOup_*jIW}#O^OY1SJ{CPg-S}G57k|JWxsF~)3xRk7)-?25 zZyEqP5%)Bd?nKZAxa>w#x&~(_^b4P$p%c?T_xb%k6aVP||0AeIKy`qyzKjuB0=}~z z%#k&t@rf+pCO(srRE0u35hqZ%rrNHnmL zAppLE=kOV-Xv~{8S0!O*TUN$G$JK!A;CF?piSXH=r5vru19)|%E{^V>q>4#6%4zF_ z-|!9S1RCNw*bg-H1)fP6c@l96Hj=D@GkU(Bzhuc`OHE~0y`1#AzW?AMUd`{Ev(NQD zd9NXT2U&q^p+6eWi9YK~*F#s>>AL_qhkeiZBc56rDA9T3y~}(Z^BeTaxVe^j@g7^A zMFL#10=iTx8Y5mgeAo!zL_&g0rp|FM;|M$)KO^5sKxAC>LDeGsiZkW#XQvmXOSvYD zn{n>%#yoj{JpKxHGcitfNtKl7^;fEPKvg=Do3|-B%ynglvEZ!hf)ABGfHgiUcpQ%U z08?ygPb`p}q0tAW?e z^a*4&{gb@iJ++5F*X>s6b=*&K8o^_N132y-?wUtv97UrDXX?tQ=v4ZCQqx2$F3PpV zMTxdP&#Xnqt=2`sG3McPCb=t(%W;z%!R^Iu~?yfnI(P0Yzek}0mO1`Bo{23_>o~>^ClS2r8l8uB&=G>q zi}8`X$(peu^ba0&?%aiLv{NvuBm&Rqtbi4E05k=S^9=fGsemxAoMGNH`uI=HpP_N% zb0vTT&XW99T)e^Yl^uulOVAcvN2b%52f?FyyCS&5n-~KygN6tw>*0P~&~v#D{g^;= z?>_xK`HUbo{cv7||3UxSZjG8I*_xH<_Hkik3%1x^W+~Dy>(|FVm5pC7vQs&Ze4Y`U1Dpmb z*@54{O>dgN!$DubEpP)E57Kq;4iY12@M!!5@D}KTwPwdV*G&I-n(MZI(uN2sRrT)O z+jj!v?@G_i@c!T<;6*d>sv}6nIACdXjMQTfj@%i~)|!RN%NEKVJlv;7N_}W^kCqCK~;NhlSG7X|aB8#>ao? z@{9#qZz`H(BNGj~j-(4dgrPs`w|~54L;`amP);Ywbqo~*5JLq*c#wI^I5WZo>zikCw`|+yjF1uAoRxXjJIpo z-jW0Cu!rV&XRu%$2BD6fPYSl^CX6AvJ>qHjhk}m)9ua6Z;`;G>0$!F91ty zu*+6%9B7BN_|TrcrK>&h#ADW@alW#*@~zA|Sjm=kwj<$KE1Z9i?cBcAI$Sl+n)W=? zO7q@V$%!pe>~<*oC)G=`OrAW+o_+oqNBH0@01?UhyFld|PCD@<0kW}P=$_+1$Jsl6 z+<3e2;>&#NJAyf1$mvK7g!Ko~fhd{Uc|cad#phpa#~yR6{p80#vr8|&T$#n)lsS`Z zk14Z=(y0)FH)TbmIS?p0URg^J6N^pXIXT(>4uW%~KwhA-G5z`t@PG_k+4-I8Xe=Oq zEIK79**%A22w}9gAkW8!Gi15SM>2MHLY=3QGN-H5D@4IFlVv;tgLpdxAyCOgz)@PH zoPxHI&|%eKS_oVeV3-O!c4y3(>N_G}belG^KJhDsTNM>@-Zm(+g7sbPh}P5Wxo`Eh#~%Bub*i6Zo7S(iodS62mLl=1 zk>Xdsbq9XOZ+xQQ?+I3t_l^WhL(5uOq_T8kJ>FzZEN%dwGxx&%4krz5FV@$Fi@4_d4MY zS(@Tk!Xp~j^T#|2rF_7zcy}s1Yh}^8h+j!iW{Lk1)FZR{obxZ#J0-?=7Mk-b;o!mF zpung_w27dOlzz@)I6$%pa%9U^DN(R!GBjt-{J?oRe4kxQ&@YNU3P9&hU7eOum{6)w zoEI;is|pf}oDO+sArGc+c>ccP`)&kP?6l$?o$ZFB^6kanjIn!vb+;T1WNowiHcArM zUeUpd(x114R=upl9WyPVS$Er#{-oZOa=09o+r0!CPKoQTxxxb|7-HZX3JfxJ?CEFP z`4?SMiR+vF9l+og8G$$6e4Cx4a%N<-=jN{PNxR$xkZQ=$Rm!?W38MrJGX4VL+RuOb zD;v;%pp0=!aTnT6H(c#yw@|uiD3vIsJ$v*N^Nb8ooI*>M>OICXh;Xu;u97!nPCnIx zca(!;4V_j1zINY7PFfPr!2c~Sub}~g#*v~1UycG?%=4s^#@I!dUM@Xlh_7kj=RTnL zKL-H>wC>)Ji_tM<#r;VCI4x>rBUzkON$-(iKV$k-H}JtBl0LxiE;6{-#pSYC{17KT zPAU4%6s<2_G|!DLa0zq=U!2w}asNO7jM*k7?6lmXL3Tp#mG<1Vt?ZFU9=0yY#kQq% ztKJ9J&`LJ1l58Ah8#118-X%Zf7Dfd{bje$-#KviZpr zzEJ$&D9O5?{OD)KJNR%Yk+u7er~hu#WkBNe3yt+81A5G9V}AN+1Z})OBt@S z&%MB98gel|KMLqOPvZHS1H6rOLN>w=oHyvRuz*B7@hs``D^yj8`zeEU;U$-Qc`b~7 z=8lnh=(mW50!0Bg8t{*r6O;}ygd^S7v#3QkI9zAW_`r8Iz{AOy2L7pX>|z*qmTrs8 zMb9AljI~&*l3PobXorq)2pB_9Jk#l^@`(rXgK;z#9wHM54H{$*{OPYQPe@oGIeJU+ zTHBF$l&w#HN)=}07`%FhHSMie8RfpOZ8KA?aC0Ns$KBk~|GwUfMdhk$nqpV|E~lxl zUwxgOA$g0vnxCKR{Dok{Nh(`<_IXi>M)VG73fMwVH2y`0r1UyF3C=uYoQ)ni+J5l; zyX}VSZt~siDJd!T>MJk#j$PI)+{@g^R39fh7`_L6KvT=LYo1*V*vHWGAjw7Kc#iZ? zg2u5l#W8wNw(McvrHyTj+$~aKC8NV}hBIlyhK-)^b-5D1E;#o>cYuKh>=fqyy3&A6 z1lfpZFbC{^PC8yPR{hT!V%K2^X2B9THgr?l9+c$r7AX zT!#~n^$7GPcYl5FukGsVZgd|R__*CL54P02IY=-%tExW=nx5v+yo;WfjC4Y%>Krzy!wzcaNfibO8@ zc}=?pc_%I&&s^>|7<}@LqImkUZ^Lr0;M)wx9Dg(YgEmV(bVuu}~R+F;bCe*q|X^N|wqf>`=sh zU$}6-FBULFFFN&BAeze=!PoDB-|0Vm zE3I3%^>zO6gNa^ggnL52bnE)O4uBsF7+)F3=;?j>sM4GGFFPj*uCwOo8;2b}!uw@R zyz`Ouzz@gu1ldT6>eQ*L)>45vjn|WgB}+--0f!tPG{(BukRJHL6nxw{+*6c2iAoR3_ttzFIx)|LkBpdr>5`h~vODSX`M z<2|uF)|ZYR9wlujc%_g|scG6}zQT9uo`24HJ}!1uu2M-`0#(oy0Vb-2jT|}3Zoc&n zuV%*}@ps+*%X@sME6Kg9w8J~1{|2@h$A}u=!R61>JHS=+RVqm#yTNBFLy@!wO@Ncr zroHE-$)N*pm3jil_?(~vD%%jO0&e~L5An)!zEMK~N6tB(3tl{rYIML3A2GY7-Sg0fCpK$*i~-nFf}LHHj0ZdizgbUUK~)~d^=Jll z@?Rj3)Iim}iU--irXSifH+HlqpL)XjHCtut3-fGOMK8B0z;*Bq{34lwByRkp&UXaA zC_w>RvZbAJnqL2<-~>_r6~%mXxE{D7-!U?vGLrdnin$NWwdbZm%qK&{ngM5$%&)RjhXwWtG9#>)7Qtb!fAxEKdL$*mZO$XFN%Y{D*9Xj={gKva zOC|0n7)eXHN(`DQnxcPn18^R=u%n#ks`wS>X{<$+|5y)knicn8Y&;tq z4m%22iR@{sQr`5>4q?`;wp*=uApj=8*sMV5;QoD7_x~cV`OP~jFFd`4{qBLkS(^?= zS596Nt!QqgbFQ$2W8buroHuRrv|Cm7>Ri1OKsEcNkn!%WGlfJWM;_zIj1Z-NfI~$6 z%CBGT!kKq_Jo(ro_P_T(AR}p$JCkp?;bs@+l$1h|q&e_4Mv$KjiGM%;Z-1ZA=wpxb zTI?)1+vs6{IHh>0Hp(LcE;Qa3cESlK*)`W(Z?C`ciZ2d``OqVO@ooClbRVtKS@iYV zYp-};zPMtXGz>eG6P(3|OVQ)~W%Qq@%*LU^kE|La0_?r_Ci^?lZocVOFE_#5K(1{& zwmA&LnBt#@4g_3qgC~JARZflXC=O(HQ)+kckl}I~&-M2@bk)1j$aVy8+4TT^Q>upS z$3cUJI{w2Pc|QbY24GCXM~rk_gE4NBlN#)dFjNO{y{||kn{?BrVmo5!5DD+|e3wJd zUcKzXQ{h(%1b010Ya!UwYi0Gynu%ZCZcRr&t)SPxZOfdytV!CrHlTZ+8=9#SL^#M0 zQZQ{8Jp77dXda${Lv7Zqnf8oIP{J#440qT2y(m9J0C3`@2`&TxKfHo9;oinlh+ll^ zd4Jb1!6h2}VCF2nmsputX=!Qp{qOzA16uGCS3Z6;hBoci}zuQ5iBa_6P{%^_4*}YxXRy_Xs60E1Z0l?J9oD z8nzr~^~K5 z3h=8cb92n7NbWOLaM0;V<3z4rsHCXtr5vO1EnAl9!JUBv2Ksw|UwG+tPi%qbkp(s`#y|-i zG9P{Sq7*TdVw70258=O$Kl)cYLe3`wR_sP5YZ#}lD{a;261t6l)>Q~VaDm=+z#(>n zpVDveKOFSD!*|f&VJ?fQzQH>h$&6;ri;C7duL!bupd3~h*8E{m=c#;cb7g@adDO9v zTR1zoM_RPs7lGygA&n+V2K>rZtL@mMN7$*SpDWq8Q2J^MyJ+kH`|HbZE8($&b_mM} zq4CzMS7zJh9&bsbm)f>f)2;aZ8?AAl^Q}X@RsR01;loGxyL*NW8{x7k7@*J;PPa=h zx!i-X=>0E>zVEo@b~zT5p)XpyN%}9>z5Vu^mY%!Z@5k9eb6s9enP30keO|te66`pC zOO&)hg$y#~dB^ZgH{PQ4+ThQM;A*yT(E_jZbJdmCdRb=d3Ib#gJ@|X+S3_hFkMzE_ zZdK`e@uNy~aG6IR$N|QMfjy{ye-ChB{DT|AWlZyXbWNGR!-@AQF%F#A*azIl_z(RS zImUwA44=>wjqi!tVdC<$S3lQny_BMyWXMzAlZx||^0+%>`|v7+E?rY?;Go0ZD2AS} z!FX?4vw>Q-qmOk$Ww*~dcQQxMh@N)f{?#=7l>`Oi6UQi^dghtq{53^54-OwX)IOT_ zp(iY0=xb}e)Nmz<%sodmHO)%%6$t#`Hm9jh6)SE2f_ZKqk5%9Sxdtr3CFCLSB+H)n zY!P%_vSf*D-DmCU%dc{I)LhObbTo9t$&=r)PbBkj0J3|SbLe#Ju%)!(&|$+ps6k)@ z2O$p9d?h#VUcO5&y(Ol2&vQ)i;((O9w zR=kFQU~sNbka=?aHQA0f#V zy$62PR>wICB;)ix`sk7FEdKG`cPWv4ngZG*oR{-n;C8CQ036}%DT2k#vgzTQ%r8gx zPMGkvS0Vd@{Giw*y!#aY0=zPe!vSyr{^9xVYf=&m{G9cqjBO;>S9xOO$tRC*A1Z+>% z0*8A}PKIpoA+Arb#zTi6?S1jSM&5@?@FT59ugcQT^;{Q$f1{hAlN@oxF`m>%pgYVD zU7tiyp2@hQXGi0xOaFp1(Qd&qyZDl89M3jxT4!gR_BC7k>yEHjrmck{q;9q^LJ8Tef4#IZn^OL9VM%sGUim*7q|}G1)pDkABthN?(+YTzYmpMBv~>1JmsFul-e>-ghO zw0}PK52qu_*HUdnL-DaBYAj(~d;*uxYm6U0!OmZTc*yDGCQYN)`UwY*J8n#sUEs8! zXVJI*)fg0jUY+k10|pHq>W@NSVwWMWM~SYBM!+#uUnn_^k8sp6Cwjm5BAgcJk$(NU z=-t2DrC%o}NAChA`Lc!d$A0|>SLv2{vcHI@bl2u0Xskdq34Sw9>?iJ}Pw0|)*44%s zkrl;?RrTqWW@nDO!~?ONwA=Io*|+yAR+Z9jkn<^gJt0wdknoM*Y)C+Wk1{Il0HZif`Xt-zx-xv2X&lbYZ*Cqdur@#35y*?&lWGj?ham8g{ zcYG!xl^``T`qpoJ%Xtd6JjohI9C4(>j`?DrMPrKK!&tE;cm}@X2@?bpC0srJ@Z)Y% zuh6{n^Yc9*O?m7;{O*r#LsMO#KsE`RKZ89@zs#S~&%{RXwerdUp5ZM*`{Y2v7 zHWn;eU~|N*fA`DZdf@hf2mj!ifrZ-9maEL?7TN*ONsJ%G4}$8V-9{|fdI$~68=RjBJnBReF5x+_jzglMJo_n^_;hJ?t_Wpa5?B09t z^Ow_KaPBy}PRS!EfD0DPm0>r!O1Y)f%e0TC*vkbcTDzT@R=i@O_?5B&<@}~J1^l9` z0(&c@BvGQ7027MWwbxwl&TDp5;OtwpXrXH}|_x{Nn@vr~A74`+UhrWLFaW z3MVnyhaAISP*_=0cnkrC1KV|=>5Ke#XcI>s0zTS3NMKQ=G9_=grzZVCZ;AR1r}5H^ECuMR zm7vd}Gx~^>t#Tp9;Ee#h-M+i&i>-**`m6y!;6kCviCwkzcv z6WtLrbJwNTaLq*9zA;1ZEL4Viy+$tQ2K4Xmb6%FU%u6TDm^H(0mBX2gTV%82pk(uM z$vce2?|<)Z$;LJIgmwp#HHWSI03UQ=p$&b&`t zX+&{jCor-(TLx!G$xWvlUEf^ylAuvos9o#&4<*-k6Dx_LeY1SB)UVWTrsvCEdfB4~4PXIwr$ji_3;PYV73)y;%9s1=H+O4^M zpS4Eu^9K$Bv9cICN7f=|F>sNQDB&0Z5ie-uM$Z<}HVHAja|t6D+D1Mjilr*Jx+-xfoOqw|TuX7!`@*Te7pLg8;O_hV3rC`n^mth2u zGIFx)dw1UDJM;gn-7HkTA$f#%b_HD?xkovyE^>-)(rzJM`%)r09W-E|8|ajHL>>Xl zcA{_IHHs4oc*9GfePG?YXK$TLa=LA=#5!a)l`wE}U>8vGDpRtI%x|7eIjU0GCdfPZ z1AK}1YK>P3F8T#0;Qx&6WxewVK1)JaQBje<3!NRwnbPH3x7NEo1vg|g1~@o(s5a&X z+%e#GiU+bLRq|7?!ja^ zU3%}G@BcfqvwQck^aU4qqsx2m-nmoGoPN&Cg>HCX6KlZ^Q|Jy|8b=t3R#E;-9dM?e zcGIHQy!YORGPdiBw*67UVLgy1TjbzeC?~_8|NMwf=a{aY@UQ4KMNK6ecGs7~b6#)2 zKAtT{MlWS?SJm#3rFzHX7w!)aJ>uH5Zs*QA^Hg_%l9?{K0?=gqe(Ik}sA`vEOaKc#Lc3r^f_~)?&0q~Po6wDAk-g3*WCM)l|?_N1fTi8a9D8Jm_ znez;MzLa$Ay2*8v0L;!`orJMqfqVI-S9HSGEAGuVUX`u!p2=i*5B4iTBt2?AQI3Sf z*^5np9|W1fSaBpn+a!BJBgoSE;xp%IchPz0U0^a7KN@m*oa_SZ2a-+f8QIM=4nKsi z)ssB{uUV*s99_1yvDfR@t0(=;pT>u7khv(+b}pvYPc_~{0uOu#od6zbx`N;Z&r27N zWCuUG0(Gz*7D>;mqTmc|5%^_O3p^~)C;GwPbkrxh0`?E~If3uiO0pr*l|;2?o_j_- zJHho=VhssD)MqC%@Zcmv=1Dv7W$Yr3Qy#00G1#62nP|Hp6xNWnz>b6uf-7b>YrWug z@IKZ8TM7A$PKw>jcj{3{-lY!j4(1d69NhwZpgmsUfjmbRp^Nhe{{#lKK^^q+&@Q@1 z^%}M0uc+ZBPa0?K!I$BqR)mulB+lZ~=oi@ioXo&DSxd7M1Z#8?{BZ34Wv+>dRV;yx zQ%Oi(qhGFr=kVGl4I3zFdV=)NMVh}}9m9l%;^;1B6yfw zH`$&+M%SuY%iy|HItMyJBl*NRzMNprqv_t&mj+tv|YfG>>t*dh2Pzz5cNZ-x8B z0XXI!+yRb^jg4vS`a`#6F8DM6HFyL50C-|21QFTU%k$6yxNWZ_Q(f9)eFzrgFWxHp zK{o(z!AmRJ{l zCUi-7KKA511x5)Xw^qCjzE9v7y&L@-dSU2%2d_Et797X+ttb7R#3N{w1Z;HcOuc3Y zKK$Bi|8Te8ez%<#1kW^F5x>Y3k9h2fM-(4RGJBqJumO{Tod6CYPr)1DF;`=|_`;vr zyq1>|kR4V8PT?Uv` zsGwM$Xx;1D{`CU*7NOtGn>QLx;M+lWAubc_T>52Eps%Pui7}DLOndd}H?(ogQ_P0; z@C9R^<;V}chgkBceVbOsFF*R|W7)0^?Hc^|Kuf;t0H$LIp_?-2zf?9_`}Q5(KmPT) zCRM@|n)g2(AR~8_ArlK#NK9|jIyq`PpQHB(gaHFn&-XB?kLpm)z&6qaAjrQ2V0C8b3`xk6)Go_Fn zzT96W;>Ixr^8@jXfe0C3z$m2%I$(paV>~blGBIciVhZDkMf3w*@Ob@#1p#OW;R^17 z!x;E{avg?+aOF3S7KE;6L`95=!E8`)VK6Wk>TD*X`xK`wo4hm zLV3rjh@hT5XSVTN=5aLhEARxxhEM)HZF*y8n`BL(S(Ie%ZQKZaJZ+K@woaMO;Wx16 zeMiMahhzw|LkGo<<3(`R0jHHK{LT%YK|u%#`(dL^F$CsSR|?yN2@{m`(8WFbmzSg@ zH&eFXCz7QDbrj)fb959cq^L=Y!m)K3XUG735-%z)H`P(j`R7c6nvN9H@n$d<6 zWR@JWGo-{&=mXjK^|xQU+DWxc)`D+=K8A`0NYcV-QAY9)rI4g4WFaz`opa~{$VHwT zGIX%vX*C^-4o_En7!Wo=CBi(Qqg_(d6N5FEO0>7gzlu-Kle#js@IufOuLV^TA z9-ak%F&=4ytbBq?tRox&I%ix2e$f@8bQS0VdZHcXA1?(T0*0qCvKU>Jz)Vz5CWt<_ zsvf)nev9md{(a!r%VO{}F|o2at&q6{thmN^WHEhlst34hZHV5Zef(6=0=L0;cCwC@ z!P}-yTlZHvZ)?`9Wyu=)XY2zlQi!kqRzWmH})Giumy{!I%E)Si3^3~_AiFgwRH@|Vp zz-y6FX-Zr|FAslHr%g2@2p&Owcnk87R}_$0OuN7w*@oUj!UvhT@U0+oxyK(z)8TwV zmhng5$TsWZ2no`7>0eE?a_IA$wBi?-$+N4h-lW@iE14;soP zKc#c-k~{%sUVi#l;-Ke3PXvB_QlpOQ6d#5*IC_rb?>M;zCm4n~`Y-iOenL;`i#ELc zR3D&l!baoBd@h^7h^)={Oa-gA{Z z4s*pTHF9N*rk)ZWZjG~aXQgH!H@3;e`f)dFm)1_p{bcl z)L;%#n&KX92U{B&KtIT)XX%sB6i!%d?{!K<`Rub#km}YSwhaM%?vZg%;07A!6r3SH z47RpRPt{=Pi!m020=)4@FdFm$a6d0ug02V8@OB-?pcgY|9=J{NLa^%+6-Xj!kkcn{ zOu=7}CBfMml_lW5mnGnS!QG8h5Y{O^hQk8^cnvbQND;m3Qn)%@^7bsfTA`PA_+tAE z8}^#~UK>nz23IN241tU3GqmYJ0aN%8_jK8K89Zb7h~ZYRT9s;&>t(GEo`r{fpjXCq z(WzHKUqGj@XSAz{0`GxOVz1*E=RRB!o`OyGtxn#9cLkdQeFd41uE1QPem}1(6t^HP z{*%Dha3lwxBYY3u1kZ#=fByNWOwxh_*wOfA7&o@j1nu;lBERFEH{E8ZX<>g49`wDd zM&h>op9Bbj591h+#ls2u0w4Gx{#RrIN!{oi%!|4Or7(80XEh-BA%$Qo$&v6n_#g#% z;Nu8>FZemO7L0Vo3U437-)Ikin5LQC9;YI39a$9B$En0g7l?-7>!Mxiu}c!?J3JNM zO4~Vb^ZpLT#2C;=keTSM{Lu!sI|-niI6^(IcPMc|GHvOy#b)1=$Q^e7*(3|nKY|~2 zNnHh~KK=R&JFVx5M;{klmKl5pe)pYD3;9m-A-L`X@$BFOj#FjdvZ>1Ol7OXNtA;O$ zdp`^tYP3V*1GqR}I~#!)GzEPCKj;I!Vy-q$OjhC=^hJB<<)-Ur=?2Js^nL0RQ(%4Y zUqQ>@3UJ5v=aac?(I0d>a?}XZEwKH=GbGZo!3>+7O;zar_~_vUB&MOCv5|tH)FSz~ z@FftFAgP@36F39s@Kr#2!4Bc%6z=b<04owesmplzBq{KM+rWwfQ#&4M-TAN`*yc)-)QxL3pmUx%Sf0&zXpb^k0n~DJ;p~{ zjFq-2jFaEswIxdH8StIw3Um<+(YHEv?dHDx`b+Ih?W7&zewQ~fmk$PfEPv5RgC{zu zCTMfT=gDhJpcB6-k+m*lz9fnLyqW|0ry zX_q|muBvdF!sY~$80LKUjcqJMX9nKbN(4fo8GOd{#R)?2GBzM`51$h;BMNv*`{vU^ z-f8~WvK(jLR3|$c{%OtLf9Gwp!#j8BZpl^n$1UMNFhEve^KuFvI6w4qtk3r;Z>WDR@|*waQ{ zbEMBhE%~wom~8p!vvd@Z6seVRpw_Ng%alDbv0r=RH49>BUdDuBZo6ksR~9NO563INxek!(*RL;RsANYsglG7q z1SSgrqu;|l+NW*+upvXFZ?1=XJWrwi{O z?kJRvweyjT;>F6+M|lnWiYz7+WgN|+ux^wn&+y;jO}-YtWBFC|TELC4w%ntbattq# zumn{o{yBJAZvMuz_PqEt$tf7A1jVx3(l`l9lUzWFjysGkb{tmmIQS>b+ome`d08ib z>pRMnK3ruvE(idT>A7OXQtuSBJD!$#Hmskuvxk53We2c^X6;B}nWI4GIcJ<@M~{sj zJ<^opstT~OBUhqGh2w*^xMC$M>Ai$ky7g&~>EZRRP_bkUn9MqiY>#h@pYJG<&{jn$ zbW?@v;6E_plR}0r_?4bM%@kv<^Q@{EzY4N1;1$pCowlhLaF6TJzVoUd>gIJX+7|bB zuTw~loVDhp4*k#`$yq4ae5Z}Qjl*un|2d{00G@<(XJWCx+1VS2=Kk5*WwS!x-+t#UlVgn6)3RhmAsutRb+Rkp z>`}LE?QFMY_M@&y;$C!l!31YX)27YL5lcW6qnP$E%O3 z{2zlrSR?;KaMOQby}~C6j^GQsOK@8841bjH8S2`_JpN%VkK_*Es@1BxX*1ZVTH1D# zG|=f*XP$AkB~(CDCPRcfhNl{@T+=RL`wUmE*+bg+JI!sG_k=4_anCg6oy&!^!=;6s z5UVT!FG^GF7O1JjE95NlHveb}-j&0@@`I*Gydd~tE1E?^1VwQ+vA)MDO)ABc)MciI#!mbmB@f0wQ?*Pt&K^zB{z_r7<12|bbfY;0afUHM;FI&FcU2)kJ zw&U)LFFvy%5CI=#d^X<}Uc&Q9&;;MZ(TQO>s2Aig*U+g5g7OYuPQW7ZIs}b#KO;=f zvUQj@?eG_P33Wr;b`8Qf415jV9Qvmp_!>3@em;0Ij`HN>Wa&RO%t_B~;PU0m$?n+X zPXyF1$-MNU==f$5FIa5AZS@&b^xa&ixy`aE+TuO)t_niIl-LwK6uvxM|>w(YCAbKH|7JZ zpi_KZ(fKiVU=d&$aFJ{L@jKiL&+*&f7s1`U>QFyC1HI5UCxUP-v<i=<{~r5dH};*jE$Oql9_wPyPL=8|WakA3pd0Sp}JaPlS|t zwjk{QZr;3^8$W5Xf_ocG7bc1K9G&7sfRlII!js|07UUIRp?G{`#S{RnnTRcw0 z*pdQ5h~H2@2T#1t25h6W5$=a;JVTwmT@Q9Kv;ds>3+;x4mvAjyr(NnJcac4uYR9{K zIR%e^CiRi41dSO#g)tFmCNUzfF>x*0J_!RGWoM*HE)&<{gxyfW{KCBGkMB|6G0@ z%V^2m}I3jC0fMzBAphz@pccIzfw;u1>sPzqe4 zCh3E})QRE`ZQ3gllpPr>n}G#o&=4}#WS7&cQ>NV~no4qoEAEY^kl>VEcKQ|c zgu^yUQyCcK<0`mSnDg^+2^Q&GH*eviG!Z%S@l_SeF{(dVPzxgYyGuWQg0ySI6D zLQcV+_x5oVKXQ*Fz#!+TqwQOCZj3$lx5<*FizG|DU56}*+jU3VDj#3tHRpL&z=x!+ z2X&18Hf?@rp;JW&+#;Lt-^G@|yQ2J%I#HVEH?{+>bekssAG!+8`|vFHDgK$<{DEt+ z^p&ga+|_gOu2?=6`}lBhTQ5AnzxBfjBB6fx4DDopf;ZVea({_^2K^+e>*uar z(0+NJ4)mlm2i+Za-s%(qbM1AaXV|e4KS-UAjv?+(|w7GM-hAF;oACiYtF zZ***eTv3_|eL+jn{=)UxHe&mUeTLt$^N4LD_IK#(U_JwU_Vw)k)(h?IZ~Z_A2l^cK z?OCt1hsO)-Cjn{J6`u~regE>>D_tQSCET@*VpZB<8yl-)BET?KwuA|K`1&}N_glf4 zz1|vRSXhJLTjqDTM>`}uVdqA#?dy7|8=j?pXjjc!33V7(_|Du(l;9Md&lOXvELn`~ z3_dsfc4bP}@(pDD%aPV3p;LT+!6x$+Lcjc?9)4qXJ#(@jr+IiAK4;E3@W_G_vMfiO zS)+ON1B!9-SYEKQhw}I*%sY=;`*mqg&*ybL_FC-ky>*DZ;6w~y6Lt>AKF@D|Ee2S7 zYj`jBcIWDQsl2aSAUBMe44giCi8B*{XvlbC&|%SiJBs}4=ty~s^oJ8UHt3SOH-N+0 z-?YzP01U{?aSmh%BajMmVay1OSfS!^KYtdqAkRNOwj%=p|85lD7c`ff?vBhDj)q>K zM|cTJZl6=cuk;`M3i=HEB@2rBP&QVn&RP5_$0?oHJb^daRJ_B%+LLe(?a?;;kv@+W zezj!>?*xeylhtv46@kcpeI=m5aZ{n>r|}TlJkZauiqHYOb@`)^Wkv}~q5VMnf(}Y6 z0b-YE0NEX@wfTyM@8CMS>Gvd?arB~Cl3g6=BkS=3^?@>v(;OH@3u7+G2;Ge6Cp=-_+Oo2m6CBqhtH#>dxm)~cf9;R1z?|9fOi+Sj zanXx78alv_#2)UkOB0yUX1wGN1oFbc{Al@bwVNMf%iV?#%%IytPks7mLzZxi-_X^e z(rNC#^5>TylRv&Xwngs6%Yj4SQ1JCoo;~o99{dwRYqM)NZ;>r4xl~;5OYYvYxA5H` zx6O%n#;;9M<@96xHlUSvgXP=|-}ZDp+|TQCPtW9aJ+EtdwYj%zS#7Xh$YhQ-$IjSb3MApAF*xjv7&B-y0M>oduD&`h4w<-@H>2l z>j(RpS3A09FczNiTF_h~p86{IPBv}Y>~~CCg{&L?_5uH!uK{3Ig9)Id6xtT3C2LZ< z4NdoV68PP}34oOL&Iiad!r=Lipo(TS@77fTyAU0J0UKI;IL814jyA{GPYLpDeih-i zyVGYDFFQbf#e2F?987u0nj~%eKoWc}he!UDFxXe$yTfB&PsH!%1p#E(o|LP+>L2NA z0bdzo-fJG{fFRGl<+kCvWV2o#r24z#dI+B6-Pe(x{l5A`@7PzJ`29Epazo%~mc`Je z>GBcU&6`$57$k)32Tw5Qh;?k%F;gZPBSgh-botobEx93DuzuwYkAgMEV`emxOB}~` z^p=QyoZmDhpzzLF z7tZGI2oAipfDf&;OoAPs{EAO1s5Lik;Nf!yh9-Hgnh%|z<9#m+TGi|eUBqvBMyOr4T1f~?*pT$ zyppT}B=*10@I?GG4uLoX;t2@!E$1fn$xX z4h0tRXO9gCz*{Tm)hpZeN~1mV*<)j_@mU<35a9K&#fpV@%X8Y=f!c{Va5*di;GE{; z-{KI6Lm&=;I0WJlh(jO_fj9)>5Qsw{4uLoX;t+^KAP#{z1mX~gLm&=;I0WJlh(jO_ zfj9)>5I9^A@VnVLF=E<`S#J4?mG;i{13Ojaa3tUmygMB29ts>oK=Dw&Z`2Xc-8y%)cg*Xs=tIJv!w>-WgXbmF`%@smaOA}P)Q{IWHX*RL zV}a}_k^^Lt2lLFa3EB9p_67m)gm<&@&fdKijviF@Se#$&6-x1&M=bt-QSUt#S>U_dvD!gqOT)`yOEh4^w*&J!JBcUy3OpN`jyL*P&$AT?LV=N5IP zOO^anGx6(j2;?UO;LF4-`13n|_kytd(eXZ_9{bTkOci`V zMT!(wmc?|pXx?0xpzZcW3m0))R<6vc$(Xb3#a8XwyYl7ATM&4EgicN)xxYmXSYBjr zhO?B&gDIgcK8uM-@Url2dQtYFjPGE^aojv3d?-=8geem!6amgKT$GU_G90#S<-L>p zE-2GQixf3OBfMjB-%lOc8UerZqu2awD?i3_G`5i-ulD3=X>M7@0#~F$1&=%MtH7ti zrzY2?Lq}J(OxZ)`S4Sh9j@2>e2Mxux0ZviiVcCkK@W>1997rOkD1}rXGz(=Xim7B| zY`fupet#B{LIJ=0apHLA)~z!-ppWgVSLe_{=(Kn-*Y$)hMkkE(a0c;g{^lqToge&X zF}*i~wP2pK`%@JR4|?A!o#J51!Qe!WER`;1?}|K_p7;F>@)sO0Uc9(fCQ%?S-HCUY zP*0FnDVyGfe^DF^eBxl%Hne?sK9%&eagf`o z_v}fna_crbH*ONx3v==x#IuNNq03jSP%+Q-&X2K$_ulN#JH?9@EoL(Kpn_u>H$01V z0vFKnxAX4di0*l?<7FM8Z`Qq_>YoQYw>>?VZ}cSCg%ao{&_(R^@H?BHV&rFdu3*tq zn4f5B!&h$S)}2OEYd1MJesUlt&5W-URd3zCgO04La9C&xUR_v8U)Wf{3tr84J`a=@ zphrsVJHzebG5k+~!2P2}mK?)~5TDu}Apmb7_`7E98aICQD63bha%H!1{W_-?_~txU zSc=4sovvD)x~_3*1LH$EH*m<9Z~C-;HH1Cd^lIx+$3|aAsxVgYammspE^X38Maqi1(t20w zhLy{G-dY$)f+nqc6oL~O=Fr0$&$^3qb^$z%YsD0-e ze*~{-H?$q}@+i#F!Sibj(RL5lcesV7WdH0^0%oDYCG~xWwBf7-=R$nXUBdkG!=}px z=iJ@=N+ilpe z!I%dQK_faFxkoabFe68gbQ2~{aETQw=E^3rNvgfPkTHs+e5X(9VYu>p?Bt2AYGNf< zy=pbP7HuQfvj8&EN3<=N8bDWsJvRn8W4(KeV4V`VP(UHwP!_w?(ffhtWLCF-!eVtHFmC9 zZLJxw0@m{td@HBGTB%Z{{L8I1QL+Teo?sR18BZo zjIzU3z(f*kHgDeS%9ShUo_O$2u4KuQ_M1LK(A4+u`73ol{OEm~b5Y(!p?QV-u{@u- z2s|nt-}z>AqDNxoWbAc*!$*YTxGXsBk)kpz-KtcsVsnh`i@JGTvlWYhRcJR_pYM!~`pEN5!jtM%t6IWL zH0aJ8SPSM*HES%Py~F*<7`JcVD*4MebJplU`UO82JL^rd8D)#slWWj(5nZDn;J|hC zn}8e86Z7A`eVf(iS?Ur%0d`x(2Y5cn_vf&%s4si49kkdZD1CN&L&Uo0cabv8lN{QGYa%QP7>g6@2&}Q^rbbVOE z)oWH8|HNjcJzB5iwPY18h0?Q~p(Pp0VGwV9{`Gbz2CrYgR z40HxPh2Ug?fLkHy0^66mQVpLKO(nb48@9N171z0IekJ*zO;a8l5~NQIA3n^Dn=sB* zuU0*VraW%vg@?dKAXSOdsBhEX^Vg9@1W?juq`MUg&a`US#7&z!%hj({$5pDBXh{(? z;cM?rwia?rmn}8$ChEC8%2sR3w-#tTXH6I%#ozbe3--Uja{G4AuMc*lvA9n=dzU3% zM+8pbcp>4)-eif_9giNE9xNQ=&lOAvKqJUR{5Z{;G;>#9d5!UIYzT0Zd#aLEe8T^t zMT^|KAG~Y2ARfe?7Jy<1-t;I){1*HYAv?fSz0>=nC2MU__qh!l#)lGSVig>lFH+ggM)f zO!4afrlx9uxJtEvDj7c=Iq;9wF=ya4c}HH#nitaRzp?!0r)cZ(M-bSo9KV`rTS63x3v zfMg#P@?&rCRNlaUL|05pF=SQ*0# zZAqZ`w$>N{pja}#C;#}Un>~A``}X^9T_pvTDWU%`t{jJw?;{BR7!cV{`VR;b9ScE% z*mij!j2XDmZYX(OXB?DJk2bS^=K)jt3l4VL3rNho$bLid1Sb2MPk1);%kStMtv$6# z;W}+nxXxOjVDvhvrzr_2|NN#coaFWE$;l_BVOsiBUE7&0Xn8(5F4{%eBJhi$K_Hnx z9oGv=0lq~v#-;fa+FDO0E$l+;6-xBk@ErHT zb*{le0(8Rl@cgm<$$X)gxeMmI3(vd2b?bJLn=O9TtZ8#sN_0Pcdb;5uIGP|>akM3{ zKL5N6-E)6=M!}6uuB3z|@018M66i1R7hsqdorZv5xF6_-cA~Vx{V2cV-tk-vXSHsj zM1Kbyx4T(&!Zqp#{El7&o`Ht;M32$>d9^{?$d~FhYT4Q?S)6HWR=s*nS5yYoN*O*l zvsp*_N|X#qK!)i*49eA#d$e1zVkP05k`7Gl7jmmst&lQS(v>Y&!7a?3CpdZJLa^XC8afRhA5e2RClj1cu}0%$X&_&}ZAD+;82w&84O`uprDm58mfGwr*>| zj)14k1)PuKG}pp!;EBxPGm7hZU5B1e3JG@JaC9IH~5RpC&sx zckE=cJzWlOPMiqi^kc@D@p6e>g)qm^W}v&+-%)tx$UN~2wG*8)&rui~yCC}i;tIj9 zlzacfcU>ucT3wAdR^Enravz=of7rBXlUuHg?3y)dT6@5idh{RdGdecp!Z6Z zs~Wv7UX)?5tW>Fr^u;np&+FE$wSJ)4%2g8WJM>QfYu2nX94uS5yelak1v~>LYuBwY z*e2Di?G`Uy=(fx8!g@r<<2Un;;ug4bV&|@wz_3!M zb3FCXW5TVeZpaTq_NbTB4(m+`xXW*xQGAvuQ^r+L0Qs4R|LoGz($v;qOB$qap5+<- zC^_Q=&pdyNT^pVO_nS0oVz@9ZJ%BFvd}hF1l6F>l%mzpasc_=h&5 zV~+mjdnlpKzOFH+Ku?D%KPy+R=88%0&&-@}>t3x|lF`>n@w!c$Hi#B<5|A9O$j=;j zZ8v&j9LP_er@%*7uU=^|OsZMOEn2w1;2-cQ%=3tT3b$S1(r(9^Ph9E7&$$xGXNacK z-L~>6qN&QVkq642^|;Tt!1way%e(W>ztGLeN*F4ZwdB*IC1WKh*PU z?PU|saGy`)&z-m4X>>4b_)vHGWmmWvk`F_MimobodzZTW(MD*KzCvNF9oluUpV(a3 zZ}dssK-2uz4NlOt3nCS z?@t@l39Vw)n#q@06v>PoFtmCwM4%E@D%_Q)tsR4@l2TlG7evA*7v`E<)R(K)*c8 zrh~N_X9!Z^52FwIr%n#v!sn8suY~Kg5$eH9is)JNO`fMfpZK>LOIJV-NlTk*JO{oQ zcoS{WCnxqSTeM7LNz(H^_(eMbZq$qN9qXU~{S$a;7-O#AV!gZhyCT<^#%|9^X$F2} z5;u>og9Rs))#!Fr1%EpmZIxVfHc0>of${CIS#xs;` zT*$)n@O!uWsvE9FpNn3j|5ByOXnciivmL&r*nn23ANrxKaLwA)n(k2IYn?hNvai;< zRnoZ&Yfd$)*D@O&UljU1{weI-09V?>cHgAA*G#G-dRbz&ec*kxU2qHfta!$jS*~nb z`C$^1-O{z2-5GV(y9es8lZ-)U&KW&(9y4Z?`|JxJQ-VJnSn)W-hRE3q=DGTHlC^Fn zh3{F!bYP9;b8TSZfE^3}3++Z}HPp$kPp^69Lu*VBhxZII_}2H_>t@cJ z<$ihX748oTpw>@Kb=O>VnG?n%tzCkQrkxU=?K^dLe|X>_3Cn73=A7B)Fl4eYwWZ6J z88fLYBb2}}${|R)Qi5Z(44gzAHAg^ps+=s>UUi+TrZ(<>=ziBs3RNv-Ff*P>lg3H# zv^NC{fJ1yJcI<%R{vz!tAp4GX5JZzT_FrE8OIKaa%A0?4n>(#%A2G$c=48NW$=DVx zUhFn%AsH7APR7a(!s0p>6Qz~*8A~{>E(%(n=h=|`xMs~7J3@o&9J{ej&sG(KEvsWU zKorKzZUO{L1vvvaUN67_VZB1ia~TmT!jLwWEnj9x$G9lKigp+)I~x`*WxktSwJO?` zBWESYD&vqQ>x1@67B6Y3f zLWUjQLD68WIQBTYr2iFH*&0sNcg77IW5*ty$C3DM40hWVIdv*(XMA1Z=2(LP<44#^ z2HP4USWs9PGY&5bYfC_b;0uM!Z|dOm!eN{?b)xRWWO9z%jP7~>=Bz(T0@rDe=P9fc zf8n}aJP!T=AAtSr^l7d|i&o|UzU8K0y2t+fjH{7U-CcY2<<5?&TE0B{v-c@|-R-}= z(}E~zdakq#f-PG%3CCC1cam60f(i5p7@^;lt5z8gs!Z@t>&gyw6iWh4D2~;uYIlbe zDR>?yA;9lKApnLUN`^2yG+C?Tu>?E~^v?Q$*U$*xeUcBEm^g}kAU)tXi6ddBE!n-) z2j8JJXsAX~EjM+_1o34BE+l*r=9JJbebbM%D>;O+48d|8x<&!7R;`B1STNVFHEGh) z6&FvX{VG+e$$*-!K=3k`oSbTX1%q|7WXdWzs^OC<^%_|H9eM^Oo;r*tIi-Oq*eKV~ zJ!8tx;(5zXw?(k5tWy>S4I1R0dg2lH{9j+T#D^PixK_tOm)B9yYn+f<9?R{n|JB!t zFJJ7c2`Ay>z=b3%3=hL^IVO>Tw9QUXct5g>g1lTTS%>qZN@8WB3+9A_1{t_P@{vR? zXkeiNVK-iXvmBah-Tn97?Rxe(#hypb(I50g00%h3`w8kIdvK`mJbi%=IE;{c{ra6{ zhRl#*LyYE@h_;Z0$Uk<+E|I~HGYPrEJfOXja?GL(i@UlNlJl%hdC_6cI(X$7Lzp>% zKTAZ%6|>|uI0AoQY{>pOnG4+YHEUU)%we@;JMs@0BEwdiysc>Z19PGd`T&loX*1H@ zS*M>R=UE5$`hQ<@%hgX+?XZQPEEAt%cO<_FfaHwN2X^PopXbgy`+V1?Z9DhW(@(gs zzWvIzZP{9|Lbvh?Ds8M0{1PSqfh&c3jANDf7&;fa0qe>iV_zX11Kk82in&t%hF{&} z8Z>CA-@9BNt=Xrae(VMf`QCQ1Ey&DpJ(cWr@kN)IKDP9qe|PgWHr9;w3Wat8eTQq% zcyQpMYatT@y;BD~pg{Lt?iV(`5a^fsIC$zN*LUgDCcE`(S8KgW8vWUW`iDLO-moT= z(5~;#zbCtf5C!SE#rKF^qzDGMdH9wNIs8?IY zHaa4B3C=;)nHlq3`36l4j`Oq=uP{eb{Uk-B(R+V)>bU2k<>c5|yT}cEsjq8&>OF31 zk&E4PxBNWMQ4RRyOA7=&^S2k=$tRv<`aA0gy(8z?RTxgrfQAV^u_K+M(9s21Gjw#L zBf(~=cxIyXC2$d4`HVBplGAvJd+Y80%4t_uf$~M!&S7>0ZB~*)6(u-?qzZV`LM4|X zXRBoC)idYJa<|-Yi{bB`x8LF}`q`zXk1dv7A9Q@4*(6#<7Y}&3T(p71iS^nbT8BqO zPd|Vjz?X4TCb=u6f7Yy3+f9FZx~(;1LnlXm^Zb%b9E-b*2f;5^Nk4%9!6V^2z+}@V z*(H_a96JQVG`dK;(-Sf?xBSFGjp4~WurmVQLl4MLufsxjKKKQFm(%Ne>eQ`g@)Mc0 zXZe|<=R(&M?C9~{E`GJ zV2^BNT(pfm#i(8>zFS`WYKN}PpFdk|ijQlKN50@(Ku(Cxb>b;BwQ+TZ`}U>NT-$yR zxJe0TyJv3x#qPrrPyG1p_g(vT?cFPHyz06t$jVxPBk*2$GCSbIE;!(jmt6=x@f>Tr zLe9JjN-9H6d@X0zV~;=MIxDearUEG>CDo~u?3PKcK!ZF3zecWEU9fd-$grU%Q-m)axE;}HL$Oll{68<)C z-sqY(ZSBelXSc$Cs#JILrBjk*R8{(AvSbN(O+m)ttlc6VvTkxcYsa4+;S;u(ELo)F z!Sb$})^P6JnbJ{zD%=myh<_e$5P(MDN$_b-Fd!-a;fEh_qecvI@4f$t8~E+l?!_0L z%eE`TWSksm?wRLaluh2!Wj^*N*C@52ferdYc4kU8Z<7sj$FF~5a`FeA$VJcvT^;{f zW$9sw@;6PKI@w*@|60k5T9&X)0x9|hIzPHTb~d~QdJcv0!lNdoO>zA%y~5S6pX&bd z!n4NvumRvv%jM51C%znP{MFJ+yz5x{uzX=Ps#Q~)@-0f{qwBz*vF%q#k4G;-S7$D@ z<+oWN|JD_kU1>hXNs}iUf5u<19JwWZ0UK(8?1hs~?BTj}>FVBj_ianCt1bHheF%F6 zo*w*Q=%?_kf>wea0pF*&zG){=u#UrHhF-)Q(m%e=8S0? z-%iulNzy^zXPoFNOT}ZWD_DZR8NHSHZIup+t-fRDc1yrnrL|-n++$7!ulVEz@c#RO zU%PXZ42ga6i=SWM&OY}d*S~*%_sC-pyQw;*QwS{oz1~+*Sc|e_mwV^E0h(hiH*dyt z*I4$RU(+HM6h_{oH<0){UpmB%H{5Kx^n^*{1+Us#`@*7U#R3v4o8KBb!cUBT!8&1U zGbUv7TIny?2NY=dp1bdLqsNSLZ;Bq;w`^^CKYS(>=nERRG03*ZpTIT#NQ6c=0Z&Ya zS9<~1uv3uPRh8Upy1ry9b_;eIzCCPk^wr>hV7yhO&!kPC<}N(#P&72nj;qA?pVG15SdOzzqM^2}*pw^N!!Ruaz`0 zYV;`i2eoMteis20&j)@14&l$CJ^EqYxkuZ4r%*qyf}YN^;Xcn%Li?c&+Qv6kNwV|Q zll$7{rx}_fb7qc|FduAb+6?2P4V%Blb~sBIYv?2V<}+FXOrqDL*MJyLFlOkfvgmiU zUHCFKH@W>B88b6mq|2GRE5v(3`k{ME*0CchhL<1>Q zAQag~I2-FF*E3`UsW^s`1%TnhwE7AWas14fIm335;D|x#Y2UWJf?l=EX*g8IX4_V6 zT#M!{EnE7sOD=Qcb!78UW%93()AG_wu5cAm1|__3?lfxHNCLl_8#{K438~XgJ>8z0 zHEX6DuXi7IXxqUxZ{EU$(66q%)=k&0K0U8b~?DIs4;?;U=VdoYcz^RG2(H7rcJdSLG9#Rz>!u*K}lc)Vb9Wz9Te)CNi|)UPB;f<*l*S`n-IiY zm@}|HyFnv^_wW(JY}pwzj&d@Q`<~j+&C{-sbj=IoM}VJm<~b%X(v>YfYV2rNTM9uS z*lVu4!6jCzWWnHti!ux+xW~AFNBw%Ku9wyT!Wkjh;iy26vNNDhuan)}HtmeK!KH$y z3wwbA4A}vMp-+bQ8aa{?&S95n1u3E^nkbpf+dH(2nM2tE5mNk(sS7R?;Dho&n>CUW zjmDOnk^{5fsWq=4Jg+E2Y_nS-#SD5Yr@Amf7#8bFwqp=zVU4ZvQsdAD#xzDKz0xU4T;sZvTT#xQOweCug5s!k8u`A?w zTpt`*7z8+cDXbB}+tsUA82;CgaD}%JlvyvDDpst7*0MYruw+mf1mFH+ z{6RaO9?L0dq^1R4*Q{apkXPWihLX$9y|oG$5ri!%M+J0PrgT~DmR%rzrPl)pCl)Tu zut0DL8T#qzlP#07b(@ZAH_3uK?D(V43FAju0FW`lFpJAE&GVBcj+KnqXk(|JjT_g? zuw0j|nA^nj`ya1Ex}xGU&_8mP0{#gEuDE2~Ns=SngGS)_?0jduBs)-$Yps>E1JB10 zPDxJDYaPbh^-C1!!x2Az!gzx<@J0@mRWO8I_I{_mKQ{M_)6dM7Pvca-d)Mv?t~Ifw zs>`puMkjI1GP&Jd!KLcetK09uqdPq4ZI8;lz0nTv@O=NbIR_L2K%$+gAwUeCa z-o1zQKXuv^?b>T9S#`R`yvh9_y@KcZ^gh|zLUw^$C!W~NcHB&wJjs4DcN8;}=LV?_ zM4J^%c|)&QBu5pmx4;S1{lxBq+e&j9byEAo)P6C+w^`$+E?KYw1_YgWWk%P|Cz|}7 zBKh1ydIiQZZH*l_#?_Lup>^vvwgbC|#y%h*jgd(Ld($yjrm^y=B$@VaJ_PliC3gSR))=`A>cmP+S7_0-es6Fh?7 zLchR`#E>C_2Prrr*l8VE!;|}*Vg@UY)Vb0(xsJRz_nh;Lf2T=TN9XO{rJMButglqE zXGX>X_x+%6Z7eu>;bo_&tqSWRK5_s6KmbWZK~x$8yBX8v+#$K4M~|MSC*w%2BphZQ z>|VlA1Wkov{6^!1)@X}>(7D=Cfj&J_`g<)oetSw!XD&FgIBlUz=Prg96DCbC{)SGC za~d9+A37Ox1?Nhamb{c4BT)x9R<2UXcD}G~IB(Dcq3d;$b4805H+;vILnbU=p`f7n zTxFbNf-O5{&}op9%o&=gTD6AhtzIU32UIo5PfN^Eo5)b)cA2s|CRk&Dc9twzC|D=j zcrq5uH5y0O&zzBF^xCR*2a})3S#(v}7(3?2i2Rh!CV7hkX3CWD#vhQYtUWq0@)kWI zGgI^wS*NgGNA^=RCHmO4Lq|-?0a{I+7b;%Kl@d+$>~*4kDB)8>Rs>Gvcn%%3+~i4bi~pUjYK zDOsYF(bm{8!>xUEQg&$JSOV_Q3++K8+(TXwd_a~I$?zu-utw1}%MbX*+lWJ8j}XYx z1;9IK30_t&C0T*g)pl$swrnHu3j9CZBZx6VdakM){?aaTAN~OEN|pcc5lC=Ic9A zdN}k;LK%IXa`LIBAK?E(*C3GHawJq5t*!c8SLi`fDoc>p;KJX#gl{Ln;fOnE`i9UlI zpw0Fj8mitVH*vgd9F4hgljf$IaF6Ha&Y9^*reS>O82Ic=Cz0NYj!&Q1iO5FAg6{yi zfGtp})X|fG13t^cVtyxNVI%qO2~bp2(gaC)*!dYc>5~F3Tamm5M(8HsCMSSy+OW}~ zXDn8NulZB7rr_@nO28&5tfF8{g7b;e$!pZ8VJDrS>!bU2m+gyh8$BLdAD=bBx3kYY z+w5Q3;gnD81aKwDHNK+9X6==dpcf zNOwVRp>OE;WclqUO`725&Yy3(4S{X!VeDs;R9b3>b4qfG@gekl{2&~S3|)IYPCi%7 zi-LcO@q!b`Z+6^*>+C!SP6UlerbIvX_$vR1aEgIW?$}tgLSyOBL4E<9Cc>tr z>C^p51+>FP2lzTRId&`KVoun6j61A}O}aq+qr{Q~ZKl|~)fKPQ%&l9R?uP&GCfDhr z7nR`L);<5+y{=Hj8gAEC+2ZA^xmEJ(b?thBd*H#x6eO+Sew6$od0?~VPSOC0@!$>q zUJ?&T3IOlWEw>34B-PiH4-hYABVh@cJ$LZO# zxADw3bvj)$;WfScUw8e^TB-ge|ZbIk8Tf8aSdONsslj+Q{A z>-3FWp}?1*am)x3?9n8UEfiouDPBVH64|}b1@RW|pHYxp?d+*t#t~#J?LbTTnC3}m zr!;EZ+{OX@CW~hv3-ArGL8zK=02>6Kk_B{CpD{yQ_%KKwg5NSvZ0Hi&s6gT;wg5h5 zP00Gl&wuha0GvHC&-D1oV)3_53=yD$XiVB1Mlw=NFo@kSaS#Y&=!WZW6u^X}B91Oy zPIQ9@fA1c7`Z4$PBTq@GYh}!_ckh$U=}KlkM4~3$2@0%`$$VPheik%FQ9D&keWUvR z=PQ5H?!CLjph}uRxb4>4wIJ2yAXp{GZg*Gp^G^&}%B!sejiH?syR}j}*>!+Y_xU$p zy62vFR*O~3kOk-QH@fz|-i3IFjH~2M<{je z+RYdR$TU_0@49QQcPTnT1EJVS&h~)=zjjYP{)qdt`lBs&9Q2Zc+e!hc-#qv`cdxP^ z88bo#1-4bo*6xNoZ?&B_IH$%>9OuebD68YcF0$b3fKNYmkN)W~DU+2n_RVt0c5(mx z?`sC{v(7xn7!|O`5#6RuTQ_v*VE5qtzjK%UHc?7DJAh!8O=S$E zis@9+I9qG3ljX1rOod=F%Jzj9{><!0-|T#-AVI)RC4_nd?F@o;U^?t7oUGmLIMERP zw1bl?C8dEF{05sp!3YF+ty*=p8>OxVuM!h=)LglWaYe~ z-~Z7iC#P5dj3CN)O33)=laE|=DHz*Dug60H-tYkEo!u5&woEl+t#RWNQ;-Sjv}oDR z9PO+TPPbXJ(oLY&PiYr5c`~G$br3Y=K|`Jt$oWa)Q5RD2a{`D&Q3I4Zg`SNI3RbXEMN06yR6% zV>>w#WIQT^7^ND#+o1k1B2jD@AMiLF1#+kDfd3d2I^)%CQIG>V;19llAx%A77mbH` z&6z*fUD^L?&^?dIFf07T|=);0R#z1*jtc7}n4F^-T!Og zkz%f781xPO7v_Z$*ri){lTkQ?*oAOXw;t{s1!?FTMV{RU4?p^l484e>~}E zIpu)~{F(PCpLNzb77)Jop1a&-zqrC=+Oy9+?S3g4$}xGg*F|tjO>Lkfh(-%f{qbb2 zWN;Fks;lI%v(GtKI?hJ%@lpx^v~Yia<^N=u`J|RGZww6N1mmSob~d9skX&~EpYC@r zKKqgd+tHaicj;>1A9&;s?oapq(KTt>)Esb(g8aK^BQo-w*f03xvj!y6s|-E*CG;SGhQSDIoP1=11ut`!gq z5TRRd=2pa@(lzG3YnSM1C+{luJ4u71gL#({+}KS@_VSH4+-!j=f~8%%b~EP?2~s31 zprZjdbU^gZ`~UEJ?SN}$4i8aoUFvLA0T!atM z9(wWzAHJtx;AD5(t#^pGYUjOpGrZ<49VrPNaSa56N8tcE^Nh2Vh&jT2`RzCEug|<- z@F$Uy*Fvy+eelph#$OmK#yd%0UiW;##^d!&fR$5rY-fkwI`=#6R^UXTfBf@hb6{Vk z#8Pk^KGm*W2lu%2frbqm+x&584U%*0p5NXpUcXDPof&A(FzN@q%IRVMzws<~7CUI& ze5U~4Tk7WV9k*kzszv?M$PAdi5Kc>_yIzmCQ2)l+fLAHkDMsmf#k6 z4{fsE$WLfy;llaiqwUPW1^mghoI z76AiJn8L~0ym=dg2hT#=6{XiAhm2ono;a4V7r4gpyp=gpS2`~9fX06El0{QqgY!;` z?d<9hP8JegaNF!GjWw)235VbeJ5l;y*57ak`>$uu-m(i@yE}e!oBQJf4;wFz+J!eu z59LIp#*LepLzU!ZoQbrXTt`Q`D-nxwqGaL-B@~@0dw1}VL2|ZEch~>&M$sn8%B!@- za%>Bp^W^{~@q#1`_y8qfK7rvjqN!^nyS8rGYIH*~#TlY6U{8=0*?RYVce`6|zRmi+ z>+U-&5&VJ+F0!L0(QliG9%!2}9%}Kp?`27$1v)-b&KNTEYe<(S5f8hnjCAw$vb{}~ z6q_&HU0||+{_T_&@n&|};ONQ5eeq|X5LnFYEA%;VKO>`cM;QnIC0ultV z(HPSf;r`O4;J$VUDlwP&5>!BzKm+E;QoR6Oa34LjF|tJCLY5#a2(EzV!NEl0lO5q$ zm}ETZj*=xLXKYY1A#yKX;t=>rAYimC`7K*+J-Y~1kZ~KOb8nZdgnlS%L~F>ZP{8fQ zO6=@(LMMCu64zU|ZY{hoFP&5;xQH%pQj#G-Q-Toa7)hdScox1e3UZ!gs-Iu-3rl!G z$L-R^>#YBI{Xe#Y7@G5aE!HlmQ%%N0ryVHcq5%KL--!Oh92j>&DDY3WPk`TtuTJ!_-V)!1xCN?h6Cb~Sy(%=m|nE)QipsY82z*AG} zH!@!s_5gk_AJna2dJ655=!1UFA2t?x|03~c^bUe@1P`zqNi0J*!fs-RB#D9e07wL7 zEa*Pm=hPB(8j?csSAg5}gDt3P1!hh5h!!+#7Gcp#<=%26J$qL`yaT_3eAQtrH1V?b~&fFZ~gFHQ>b; zb9#~Y$3ts>d-+Ar6DJb9ey z!ss*j%hqci;BX1;97dle&}7G*6r3WMgcj={loG9lv)gnkY7sZOLLK+Rx+-qM^aXDD zYP}YqN}^7x+hj804B4S17LyRvr)MAOg0$UTTXHeBC_Bf${^l!p@r6G#pUWqof2_?Ftu2XZ;-m@M1US-Oe{i{M z0Q7ibQ)9=EF?~GnNBALnXRn^UwMG@)ci#;(dDy-CNrtbVefF_ynA*@?{)_&`yQa&J z^!|VkjYon1*kb3Nc7`@KonXlt^Aw*sy>CC`fnVsgsu<76L*}(wauz!kKhWVwK!R^@ z!XkPu36AIqmfRzrPTT|-LkI9+XmY7=7#k1yfnmZ1R9*qZoUniKtKi?s%#-Pi& zUY~vHaWimn^ga6LhmD9}{0N~-MUbf?n(x2+)?Io1)mqHe7RVtZ0wm>F&}W}}%A8U) zB*YpvY$RiSr3sDz0~jR>i!wo`^S!^n$94$f^cps7s2pJTnXu{Hxr;kfLKMYymUcZ| ze(e=aWIOBER}-I*x&!)UF$zt!Dvcd9kWM2!^Pal%7VcF4~U5@ z7aa8nzk4)~apT5n9If01+VO?r1CoFF<>&6T*Z*xq)J)1NiUhlf-;^Wnop=9d$d3>w z(+dX!f%-ql(Km45*Vgw1=bUds5hY`Tj0S@K5C{S3kEA59JL)9uknAWpL5Od@`MPlC zAEuO04?-@81sLMA9`WNKQ#uLo;Gn{YUnWP}h!KMkLss8eN9Y+E%FM`czx~}^qNT+~`>mR_Qr6T8H$={~M<0LK z_zlkIddVrmOMk4#-(|Fs08+PZvhf4>9R>-;Y@Z&z>`0l>qer>BfAhM$Pt6J`$?}CkV0VXie9E_S5aEpL|bQ+UK9otV(1rIL}szO zX0w7$IB&rRc7Y=^>efxQ-GVq2aem@VL=Ms?w8?Q(6cmWCs|H1;LBl3ykfQ9^P9VuZ zu45cz4cMN`&wq9>E)harcok?s12DMoo8n>Tk2c~Oa_y5(2H5d7I9SP0eMHB&;oNK> z8O#&xlz;c#w5Z6Hc{+uyx~@@&n5** z|K_GizMgV&UmN4o&ps&``Gv+(-}RGx95ZH=l*3A{Y2&8mK&LH&nU#cJbQs`3@(6eV zUqwH;_18Ds*w86(R8e+G7X9Zx|8j3C5sLAWf&QMH-M}bCnSvDf07uadQJ@=z`s=U1 zbbo&Q5d}1s%jwnDja1)b#19z9|K54aeIYs7x9@2tH-YnDCCW8y)X0o*vOD2Vq397C zBTD*|$&=i#6~tx7G=_Ee&fNt2Oq=_YPd#q$wrbREp|ow=-kqWA&?d*@oh1H6LJJ9W7~=y4*Yo~;LP#~|7z4VDrn5>`x!8q#j4262Z2^C;dP(Go4o4eN9!@wWc=f@`} zuhs&%k-eXhvA_+Garu98w7>_N%khaG2u#o;|M1WQN~HYC96Ds+6R?9mprc!EzuD-a zLx&UG3BoVn22SHN1)njluejtg(N8_oH6Ir5fL7Q62``>8Bi+6J`hTP=zAyc%lqEji zf8TG7=2k3U;cmF`YD++1EI4hi`bB@2oUFEVH12Jp4-E8Py?WaYR^|zBe@ygFm`kndPlFUUO#%|4WxHZO*0t{`WQGEhLpNf7-xiXw#y# z>9V}vI8!vj?pa`YCP>@|1t;jE~&(f~- zF{6i@-ikpSob{QR^WBfb2U&(Q^>~(cd9?z@EzT`yIjsF+*%j!j^iQTc^uRMFKSf*6 zHAXr5>LNK+k=0~Kg9EG=G*9r3b>3-o!+XSWxEGaNZDP(Tcrxt^OYM1_vIU_?%4)0% zXfv3sAu&e2f@fCrk^Nm4N=W|W)M+l;uD$31XXMq_U!@(iQ-x#I-D#(u;W~EgWHR)e zv-)cH?+BBX7oX)5o6sM=|8AiB=Rf{#G=!t}!3Tb4d>F^cwYOexFo(X7qkXme9{&C5 zrvr@l1555}lWaDSMWB}&Y}H(@j)UGT@@-&;@tnE{*#Fr=kTa#OTx20nuPGJdW{aI|twmUdKh)tz4)qL zF@aN@>(9UNtnmPzKw-Z_Hhf^8{6@C;1nn?JA3y7y^G%kb$G#(de9)lpC9`VFxt!^q ze&$J=SCb}9O`k?Ct<)~ATYi0$*%0W}yncdrtHSH>uPvAE`t7%08?PiN$!3?d^fXJN zq|Sf=A6U@rY$b34u)n_ey!%-87Je{JK$$srw#mP!+yF*DRbd>=o8)U?R7QM@0246h z8vKx?YV_?4Il0jn(Uak6$Qkr|PBtL1izAiCjs4MrXQqQoFM`j)D<>&fHd%ZYUXPAJ zat(p0NfXA%uAgguQ1l4eMaL!pH+Sv~UDvKE;TflHF+Tj3@J(c0eQl5+K(<0M!0dbR zSo&l4D*^1Jq*~efy2&fGgm0oj!=|>L-Y$?%qIMG!vV!s+rGKjB*n7W`u?5kaO_O@k z(1Mnp%H}L!GB)&A0$Av%BmjeZ_~+3v7+Z$o5d?F2 zT^KaOapcUCxB_}Px&)hf&^hqgvKyBTYP12M(CN{$%|EOQ=o|Ep|I5?SG{Z&c1N`Q1 zx@=uGD-aZ;UGtadS#)}EfP^+qv_khMh{m|M0beBH6TM@(_!MJ6Z(+QguE%_juA)F7 z1J<}1`nGM$LlsLBPD$2# zvK5bl*CVI!Q*sgyr`}+@5-2_IybCOF%Who!AtWrbq3zO3FPF|%Prlw3mN1X(g71)A zK$7vyv^3#(EzyNPxuT`&u~C3T36e7}zW5Tg)4>AEB>16wvrZZEL9n@qglNV$S2}8+ z-ly2kcoG8p_h-XKeWR0e&%MAAYvJ`V&=5SeNn_1L@f}Xpn5+{p@Ds5KX^d=NUf*@9 z{7&@4&Ub>*6mSY2nO_B&$9jNI)iqz@A@F|Fjpd^S=h@`Le9+yKl4^@j)Ud?pk4_3GLst!Ih5P>*)` zBM^*V7b3*goFE4+j-TLZUD-HMZ;zQ?Lgn&`IM3v3M>l z8lN0h1JU4o=9o#|S9`gL8N%VY`|o|gb`}zt

(CbBtFdDKAex`;@(F;p%IDWts2< zT;0~~W=P{`CK&$jSO4YCJo9V|9Dy_t%j<8w?w)`8uQtDq9ZxVK2AP1DKO%FdGFT?N z5fW;pgotzI%&}b({ja*tGLV3`s%DRy@xv&Z*K1)&$_|Z(^d4tm2*Q#Pg_492{p{<{ z?fnZJ--DB9zL*egku}5GF+cu*6+&ma1nnfvi)<T;!MI@*tJmn=$l95}5gTNPn}a}jXAWrvt8iGL zkTPcsc(PjtUM5#T#ca^{F~0i#Hele2BxPIe8L;S|8J2{Wu!E7?emwP$@;2i~QI z(*}AW!_;;g6$DTn;V}S<-HO)9XxFm=MSv#L3M2)=&mG&VxWM8E4!>StmmoqtWO@>kXZ8k9JYwS$|598LTZd zhZ7FE<9Ho*DM6z%m56}@kKH~f_)WB16NLo_H;OdQ5!!`@xt^Ih-((wv%RKYM(|m$> z8Szm{a7N;!_CnAu`+vlH{aExVnh9jX`^62X#gE?j=sovyIh|3Q*e&$Ef*ZHqe4EkI zG6nIGvwdVVF&FR`8XGlnoPsLDP3ArP&|`LL#n^FU1pnM85wH`GXHb|Q`NJdPi^Ysb zqUbWNIdXt}tYA;K9=)>kfG|RTq&0jOdCi)A`|UUO4nz{IkRh~t(+xM{~f|3Han9*mtof*Q~@@^|!oh7SgD+6YI~ zgI6Rw+)W@V^*?6JXm{SZ=UW@ebyIc=0yA#bh@*KpR*HlS)(9sNbbu29#UK7lfDF0@ z|M*RSnB!~7q6B6H1bK(i!bJ;&lN)TOf8Y!71m=m8f)<4`fx`m|V4UC;Z4r=KCK!p7r(FePVppQ9n;-KS0gS>))`#73M|2Ry?w0AWb zfZob_fe-vosVEu+AIRK=KGHRZzrXpKC7`nN2N`wY`4?Gz#i5xrC1x( zA;~3K#wK`1-+`8`!a@E+Pzt$(Y$14rQ-^Vb(~Y&m#>-EFN?v}#SK#A;o{*6oA&vaa z$e3#~vu4e@HecixfhlO8oepNON}gfZG6!JAe7*eKuJ7y384S&7a^CLJJWYP8Es`SZ zh&L>d12^cqvu97wh7U$RJAs)`X68K8o4Lt2+O$2v=D1iq7u}XgB6kfpsq_;SO;32Q z&Nbgvn|HcJ`dV8s;yT4pNcTdCt~quswsA^Iis3nSSsC%^7hZhcO_SbvgOUwcQ+5eZ zIJOk$6Ec%_fIarnO7ZziF1gg|QqSYQc;8yTJI(*rae~4Tl8`uEV}xjN<}4kF*s`_N z_XFi=UsyBjk~*R}b}A26BGP9cf8@@);9{+}>~oc0-*Sg^HocoqZIaOX;ehw;6o3{A zazGc@h#ddO_rL>v>xcd?ycFEWaZ{y=&+1TRTvI$y8<`CQf_rY^u$Q2N6EATH{A3Ui zf5W!`U94ZPO$X4Ou{p^#V~CNF6)^^>3wlU(&=)F+C!nJ)$jES?5ByT^5wB*6g=SOD zpJxtObXWe6FVHRp{HIT713d)2qP_G`5@paEvB3#ChB`dMu-N4o0$j_aKX&cZMKTaR zP|iK_$488BpmSDCtZ3iiUGFIXoLH%n0?V5mdd=rb?!57an`qMXJU*vRo#HZP>xgRk zxZ26l&*?kx16V#b10R1L^TKz4JUQ9mId>W0h8@tAi4I7GLLj^%$DAOxLnW1+?zW;CSyXT&{&LHIu4th7tz2}~@ z>)NaBwbtI}URz@Yo3F1!PDJ55uT7%vjEoHTmp}f+oFv%BvH#LW_55o0?pqTbuZl#@ z61+_y6lI`^*0KH>WYrzkC*redf#pLy=@GkoY8^w3}DNe96G@1%lvfe)WMv$=w0aZ z=oi4jbO^zUc?4$A7$?~Udxh_de@0n$Ci*!>6~dlL5T-x67@ETtg2Rm<3^o#ByJELI zI#HSU9QX{Lz{ePLd>t4@(Tu-AYxSJ~Ml1lD1|{9xq~J^~4HvK8n=7hX z=Q7j!xL=<3xjX;%<*xH4*`|aG@G={_N&;gXjNm5sz~#H{zTF(P1V-j6fB_i*pMocj zIq)FMN3ak+mH+wub$#7asWPYp+<_=bd|j$-QS@9A}&I$WQwm z>&$CiaNOqR4tEFb%P9w4E!ddN0qE#eTF;_uvhg4*E8FEOxR(Sz&^Gu3zGxe?^$VL5 z8!0()VqVoe_vm8}+on8Tzs3n2FTVVe8?5y>?I$DAHawR=W%P3RYNhmGf_XUR92l3& zzOqhmhPCpX;EMUOzwoS5Cl!^HwXgSqAOEM(X0lFvl9^3_P!z~;cK$a?nd zZFVMtvTaQ*9>p30J$>Ln$wIYJs#7SLa|VXoLv9I8lb({cG5~1oOvBLk{0rkWfD*U6 zj$Xj92!rU^O*;<-ERdH;ZLcE{5r}?)?sq)kMCE;0?DXV)f4ATHFPnH4w!9P`1t&c% z-HbD*D5BzupI#wFj(6ZF8dspnFDtc)XQB*obq^y>4>4S#7cgKxJN^ZWZibMGiVExq z2o}~bOp<+z0P<(&+2s3rP+V7))=gCWERU9^}Q2L(y^3(H$_SnC<4bDVF!xP zfhmT};<9fN{|gx{xk{R z88Rj?77X7gL(`^Bvoqcq8}r69j*kS%xyIpjry?)ewL3{n<+GWe+B{KjmK5A>Vld=G zaXROWbBtMG+&&fFVo) zMSwAb2P6~;E~$?lOhiB8cv_-kLoiB{^75uxR|&Ja*M%C?tZC zGSDY^NL-WPNz51hV;M5@FdqlKb{d?Nb-m zC@Q)z8aLcbGKt!vTjS^^hZWKBC?u|(9N^+9j7f~j_)w7B9mHR~Jc+?T{Q>8pALwFt z?Ouj=lUQ77MP;x;fjQ-*AGkvgJ=~n5>=0rB#+U|6hM^cgr07{>)TmLT?YQLyHH!>( z0p=W~Mt&lODL+a4|LwQm(h)5y)tX=>IOhx>Va9D}hyI6e_$6bg*1NUXJvC;`K^B2O zMaSnbml%WoecwHHd=K&$2kwlyvn|+Suf6uRcjFcm%yqR=)^OU;k5GRn{f4f&pP7-t z(1n-0HC3;^kVBSvL_ZoSV>ibTb058@pLQwFkii~)apc&e4fgDeI_AjZ%)mvTSsb9K zGY;e>_)pv5bE#xKedqlwci(-7dqq1JiI%4CoJ>;JN5KU-%%Yn)$;`;4i`wDEP9c8; zFOD+igA+p7eSlm>fh{X5)9V}lV<)n}6Hh<=O!afUwOdkBWXEzL`#I@=_dN5u3Kpp4 zGC-3U8@Qg6J=7K;=yKOy^DEO)=-=_jpXdf?fr)`AEFOUuO7D^-wTAZ`<%}_iUHdrJ zhKRO!M$|t$xS(Cikf1eHYi*)0GG2BJV?@VU#Hk>9Z2hO7;4a_r2AsbvHi)h!5X&lx z)oVseUDFP8P2J2XbHpNm-TWNgK1)&9^nv*qC}p0gQ!68SBAT0C;v8m7DEz>Hh+z`> zjOKKWOy}9xm(){hUf;r1<960x9}LK@2u@~zrjSSUoj+jGQ84GIt9|8w;uS1aRTVnw z?H1`LdiS5;=Jl0L;=$6_l=?`ghG*b#g4UU{jEoF>#%o%r7vm@?@GI_-kORzZ#*hs6 ziD>7Kzxqkodn@!@sQ zFbV!bV%(t&<2N3oaq&(6&DbMeHD$`jwy^%SoL?V(pm(2YPQi=EpLooT)9!?~#b-YK zbeh4rpdeokssR>&flfV5K{34AhWyFE18@}mkUp^E9HZtU(Gw0aUVng`V;69poI}6R z{KH>pAH$m&U{w!C)?w_#@Pzy#kq?~&+@}qKtdP?N# z(cK05$jCD1Z&A@4qY35#qi)zq30$nK@SvyUIF4wKu#&B@T~+W|;PnvJ!KK2P zW3^M4bs>5W`3HzzNUT$-kM$`DazQ5a)gRa74T;`$6Rwl&zMiq(CD@ML^dxA)41}U@ zbYhS5UdF=Iz^_`#>%6>~=3qHfLAsx6El56IkHQh?FTebf-nTu`cGt}<(R*$szjl*M z!~j)PRH#=ZaVm=+w>6ri58!FIFIfkVhZoe!faLYGEORcv^XVt}8*CC>!!yY5=Z9nF zmYR{tWQk~>_?wecjC@!8BD(3IbmR0dNm|MYeO2 z-RrNvDw&Yx=2ul%QFsO?8^n2E8`nYlotG&RKB5uupWV7^*RHc;E=6E2Q;t6zCdlg_ z$}Wbjie0xi|MMoZ89|RE%Hq(Nq!TN4)lNfn%^JO0;vd>YjD7-NfVOC#y!=M*?WF$V z6o9s|J7If-e$m5&tqa*bXU-he@7IA@dL<0UQHvCesoywOe!qdzzl_@+F3Xzt7z)&~6kL2dZpga-ODZQ4|Ak{DpT zfxOKn(HDWhcr5Qg<+x28OUU^Qosh*E1DjPzaiQ@}9E-M=)Vwh#$bF3P*uPjKus((N z5~K}oF)ub=mE)VW2D`VAT^y%hq@XeQWzbK^gWgS_&{M!s;LBWL??gV(Cmg;6)WBnL zJQ5TNZosFF$EpPF4;qwVas+tOHtQYhkABmC^6*EB%3QnAEI!cL8M}AxOw{`E!w=tg z-}}L-Cco%A!4d@4LnqKI@*iCH;}Rg1(Ct{Cvre;s?2Vgbs~_b4s?9;i%bss~Y;3%g z1McY6%nLT>yYIcj?8lQPO{_b`6If$^2s#0CfzuWG1~00$Hf8Pt?J^F6p9xxg^_7<$ z_H@=1$IEfcPGjf?JH%shT#eI-0q?#$$$~w($I-h3v}P|N%{6^xM>$TnKC=0+F2%9Mj>H~4 zd+UUeeBo@K>Dr+@W8$W>x6*Mu! zXoq^y)2WwhO@r!%4!jNrjOa_c)̙kveg&PJb^d&V|!V7lsBCx6O(TQ{2y18t~2 z=6`2M;8H71+2`81JbU3%H&2~rm1}U9;OW$^rJFuylRI+Hj^Y!}o%)OU?yeV>xB&Rrvhx&*q;j9r@4L4Hv~9kQvMiyW5c+;59)K1V^I# zm+QUk$Y917)~jZhuyOL52Gy(M(>YBFen)+werT(6C-2u{h==Z+IC z!(w#OyYJ|z#-r_>M;uK&ObQoAMi8k_R655#-1O%gbhPl}R*x6z&Z3Ihi9@vA`0+2g zm3q$>1O;-?#<9m7XA9%`G7OVY42Nqs?ya}q?cP(H^a+FA3ySFbj&}V1=+x8AxJ3KB zS7f?~j0GPr+$Lef#Fz+@&X%A+fm|b{1qTw*fAkB4VE01bUcKyv^Ly^Ow{{aBA|nPz zF6^p>ak;zh`af7Z2Z=!Mxa&SU(wQiwyZ?Q+!CvVVXXI1D{DzU^mDKQu=`*hJzZ-*Hraw zEizGA1 zX;Nv^E5^+5w=1z22+jwTM-=&53AGQzhnCAI)m6Lr_{PYL(1Fjvpm7`kH*k@KCdrgz z{YFVcS;EnO_#uaz0|eR!#?%oMMsU=>b7qqq0p0+_;ub!}ksbT*f1u6l=+V2_X$Egi znrO-@3N(hhZ$kpsz-*bEJsSqfsUkc_p+zA@XoJtdoufLs%K3_6fH`7rPX948kMVDzPfqQ@8`3+6fnElHCO z_ON3I2jT&ek-Qrg2MEd{PDE2eQn_|K}OJs#mYx?&zbA)wp|0ZZ5T5vOm;rA+AeHODzuzDQJ)&pq!kcI!gKmH(veV zy(C2N6XY{`)GqcedSn^$g}GXy{5@B$aI*^XZEPJxi}NKT+6q5_I|?($QU3Gh+uWIF zp5x|7fA~zNMlfdN7)P;jbj)*d&=8$FM@R4+b=1)&kJzEqPkedy+&ONk+5x}1i`TLc zHD{t|`N$)WG3Ro&9G-d74e|>M)NTjirwl$?jG`oi%l!2f96phZMNcB?e~L~QnX2D= zYG*I=O@BFx6WK~z9LF3i9OFvwKE35gf51*7>92C@g_9WB z<_WIUfh;{ru;)F$yc&ZY#~9+77xb7Dk3Ufhyfj-Zq8M}B9Qw~Roe)BTr+uK^+GEEa zX~+4BWK0JDN7;pmBbXzK{`80IO=f3gWLl6`p7e?*Mnf_`U4Nz2>v*FIq?Rb2u*RMIw!So)Hr+sy@dC8-F@$a7Ki}s zKKy91J7E7YHYXfuxW9N3v_Dt$HsSqA?&_s&j8TcYc=yr)2OQ|mIp;igoSewKn~W29 zs>Fw&Va7*7hQn{b2~Mn8nw2d!r;{U;r=qCHc;6;HyY8=layR|u|Ll0i0`a5C(zki1 z7jxoU%V)$!-$ z9E)pY569A>Ur;6(-H=n@EJqv?hyguuDh+|Eb@YT2OnnVbep`$SW-Nw@&L(IBf`L96 zQ5YNagmKv3z0|pbQ2)Ue$W?fvaTb7 zoAS^YdXf*Y^!&jJ?#K@zqQP>b-ksgDo4fo%1-)n-8#e6aCcg8jd$usom3&s|Hq?~+ zUZG10mYKQ34CgQiF$Qp$_kA65$f342OuOqo+f{&5nQv$YXx$=mMyx9O^!Sn=}f zuee|C`pY_+gMUMR{E=7>aJ@{g1AyNkw}JDdciysN{?9n$Y&)`!-EHiQV_nIP;30Bw ztkk@*epsx4A?O2s`9FXBy}L*2Qr@>&DA`9~*PeUsWhYY+bcb=6*B1~Zl9xBr|obWK;PIke0W3ohL zg~@fe%uYw-h?h~SS9%_6IdI(9>v52}p=<85!$3a_{^*PF8Fb1KBRm~cRh8Gt64nZ= z@6c%p)S~auE${GSS3Uhi-Z4+@ktO;E?qftwr4$5qBm|6p#9NBB8RT@mdlO?bj-=hB z-y+lJ%W+aLdzRieF1z3cS=q&RWHqmov-B1I#OvK=&6;U;#YZ1}!t^8z(9p?R(FwFn zu+)jipJcRFD_a%`T_0Q5y|>(Dwj}rr<&Ho01arcgb60DhY0^#mi}!F!4uPayp{X(anz_$ zX5Y%lPynO)HX)|FP#1lJ=2?Fc44RRdX|#=vl%uPma{|iQtin13I~a~FJS({)NWvs~O#M@v106+jqL_t&{ z^b+_muP)0}K+VvhBTd(UrxL7&9^Fbh68Xe{&E7{j>LvO20{1Z(p_5ZDwo7aRty}s{ zGu+3X#``35b4Qso4*rRgnfXH(!r;#Z`BVd?UM%mEZ%kHSVS7>|MX?Qe;Od>%m&-l&`(< zy3rB&6aitfk+Rs*D)j0eoGctqdyP)kyFqLD0rCfMWN$~oyF!5`H{AG7(>bP2{n+S~ z{MZ&gRZu1GABJwgg{&;Si+ZJe3zOcm6F7f*+0Tu>IBJ?;c=!YK41T2x=Vr)Gz?x(q z1-4@6898#4)qBG~|Ifw_4qSNQC1$&0or505dI+5tUI?tP=W;R}Yi(>i;0eKr;4f{V z*LD;>f-5aGe(+h3^xfLljySqFRfj&IS7Qf5cVIlU0elHmfX;Yrpy$EugtOYkDBd<- zd8m{8X1`QEY+%p~yoCO;zG2ssySS{2>vE|xyMa?nNY?UDuJ(?d1xT(@>(OE+e>w(g}V8{EOWcXAK? zxt|-*yNxTY-r$OsD$ugC0t3aAYBK>xjdH$XN==GfRV^Ar0+9uP3W z8hEt)O&RHfWOo^8Je;{@-k2{EC*DB|tlw~C@{HG)q05gwVyt-UBDLW+67h_G1k)14 zgxo|{@GfjljvOyP){QsaYBn2oCzs3r@|$1%R{ay6sa<#@ScLuv&2^Jp9dq!Zwuus* zm)C}o7D#qqrdOe!an`x=6%EztdnIOUZ+-D3V@DW_+m9Fp(_&jzNa2wblbD0;`tgIW!3;q)r+E>9K1Q4-1*yTO5s*6BUcasu-T zA5MpaZm0`qGi`CrTq1v(N}hX*h7D`mKL7>`z*%!=YnSKQc4qleV-L}L=6-2T$D*P_ zA?yPt+)XVJz%h1Vykl}WTCKB~C3SoxgA0bD;WFgl#QRuAAtK~hz&!ZS{l>tFZk|5v z6ZhhHy&zjhv=LQ|QGn1IdZfS z6^>At;ZPCc#EEbCzQlI)K|qTn>}MC|yGI^p%W48Lj&S>7Hg5hSe#&z5=$GMD*OgBgKiQ)D1U;WNqn4TV6G<&B3 z2CLid_?J8Vv@@(92+|1>+@*S#0Z!f3t2lbq?|`1GdSDzc>Bw7NlAf6%gRU3`?{TQ9 zS%iGFU0Ey$c+S1|Wn`GDeq#`%k2ni>M==J)QJOb!?hUnv@gG8F0e~Wb!T9aB-x9;> zVMK!=t9c{@g5NPzEhUD;d*s;dTTxMJ!nZ_`TIpg=EaHiDEGU>|N(0I>$}Yl}akI0K zNc5hqd)FzO6~Y5JH)Ubu)m7z&1Jq5O>^{Vqf&mc4&5k4pOh(@rMQIa(_H9ToR18|f zZ~Di-%;4Nv(SEnwdPj_Qy&y-CCxRCvQuTsr<5d8h_xj*0BgzZ<_s$fK zI9zS-9vnONC>>Qa$lmdbVG_Y#BAS9W`sqG&F;`JyL^+edb?(g<4Lky0IP3^>0C6J1 z>#x6R1}OwpQwZATKJSdXMvK9X;sMK+FEJ$=!!*a(uz=(ggoT8_MAfbqPxR!3P&sbJAbKgzX(AHy~>4J8nqvvFtv z!SiG#I3skxF|5~I{a+@VE;#Q@caxl>9Ic8RWg&;6Nj{?)DI=Upk(ZZO=L8)fzEoCL zYVw+BS)4TBF|saQ%4>lZknCK4Ytma<$Y&{-X_zA7Dr2WNY;ZHA!0}FZPU#qukzw-r zWjTA1?d)nj^2noYfk<%HLl56?@9gEh!6hX+YE93HxI_jMq2F3_vWE;z=bn9@!3^O7 z>?A#9*?Y+T-Y&yY9WyWJs?1g#!4Rj(+}Bi@m{;?XSK5iW%IY@28}1 zoO0ZE?bQ$PNdnc7@7}4!4m)Ijo)&1sEGTK*xMy5{=`!p%#u(L0GKqi>=%2+Frv^ax zyjPesWy;5Hpm@vzDXHVfzhv+rSc>O3(J&6Z|G|59tS7r**#&m%?YFv%&cDbOvnZM` zzVN)^@GZCAY4c@@q~TbteJ|UM|?YsxfoiEjk(PboMM+mE71mY$+69pLvco_ zW)~u~i9?vEPk05!H|81R9r6$yVXV;Iz=4B|w-aFsJgE!WNW0(>{fFKOCczMo?!h8? z(qS>4gmC)VjVjVk1~Bnk={71dP%Rr_{4Fw@D3bd<#)s_|~t3mpGHTl@!| zbJE9?U8d?f@WAhwfeM^{?uF-M*z0Ay5dP9m>jv7LHA{vUr5mL)u=oxEtnfT|4LFf4 z9>s3oADn!OIi_#F`!>U&J$B#IR)S|C zYruPCBf$nlR?n9lM9#5*HTfyrLmojVti6z7&|_f%^yKwZV2P8J=<21)2VX^gnyeCS zty;B0{J280R`rUGaF%)FkdAg&+w6L0Z1jm;{LlysbjHu_CgvE2q3ya+`viFLel+x0 z7R>ZD--4w44pR(L94!oORfs>JGlPR17sg!BHvEHeBon4vGB=P4!2xedfBWy>{Xu#` zUw6de2fIry`?(A_M<{^#BX{-n*QsCFhv=U_P7Z#;dUEoIlikqFY=f~f*g6>AOAzf0 z1tG&| zT80O{tTo`wycrh!^t4{rfNV!!m?}BYLu)wjs3{V7M!*8WIN%?+fWx%XWJ#Lg9>#w7 z6F9h3dHi~)wYn3-{lOmh31C82AeWYC-H!nj+($oT?FIkm=zrE?$a&z&4tn%OzxyrV zz5>?N4zdJ(g&u?5fH@|p0lGs^1je+-9KzFpBk#tvqZ&7$`^+-EwrBg^(pjraucbeB zbhTs&wuXTFO#$0fohb+;LI9qJt_y8>^}nA7aj=|NHx2+@t?_T6n+M0<7-&_k+S? zImpEHd=O@>!Bg%|d9Rzyf1fDu|it)pf6_Ca0G_2<+hb(7pgU&&~4X<(Fk8;E$oeg3)U%kF%Y#^oIm7E~|!g1*ffeCSB*&Fc+sdABb10&tU! zNiV(lf_r7sL&w&6JSknY%1*0np_xFZVgBEo z_=fvXIzIvW*vAhz;6R%*oWJ+z=;{;XES^0(&uka{B%_x|SAIx7h@%P0j`jD=i4)u& zqj$4cW#CgFu#a~bmk1tRy9&`Cc-@iLTl@}n9CiF=&5TY>-~~1@)|lK!$6~Eaf)=o+f#J#d4L+%YjS>e_NkuF zw%^TVD@gwL@>4CGnlFRhJlDI+2KW9VoxreR4|ns`BVAs}YIp2Si{0Ua3HI)4d>r2i zJp0L~Ul6Q28H|u21P-!Gp5P_)HeiKL#(IXi@2I@*zB|d@$;c76%>vi2HXxfZVe^jgF3OhpsTZk7am+yS#GdgqrgUZ680S&ujtIk3i^N!&m2=W z93f2r5xZ{T;jDAfwS7KRZr^ug32Q~*)31M;?S^MZuBVq!ucu?s2;KqxA>WZB1W3dG zk@KuasjH-0MUHl_P=v9NVqaagCm7mm6>vM1iM=^5~`e+Z6 z^wB~d^{u8TI5nb zH!H`=<51>(LbSE0W|1A;m@T6zkxD3)L^~~!B1ao6iaDAQqlRK92B)Q)fT1t!vPKC&Al&$m8ze+(-5EbV zOA!p&MrHx90beh=n*N+ zp>FEMNCT4$b@EMqgtnSD(`YS2ga$wfIEJQ=Sfu`ukFyT20 zI*U_qg+y8Y_)S}ZzG;VcdAB0ZP?n)lguO299(iz1vxvp;&0>MEP#+0;Yol>s2%nQ* zBnM$!ep-eGKB$vE@RyU5r8-3a8q>rHuh}UREa=WY=M49s$DWh{eW9DHg&N1WVnD|s zK-=($QYp&M%E;SIh7=NTz&X28iwxcY!dOc6{tfUOg{Mpk8}HU(2P^!0nPf|lyS&E` z*^bPp5)X%e6P?HF1ArMvIOUg>xZYB(kO3?J3q>Qyv2~i?T*)yUsm02}B8{;fEQOa- zKZu<3@~W+z0%h)(*IwmD?zX$@uY8;wQKWmLbBCLwUl+}a-g0Qp^PK>utSf~ z0xHdnM>oireVUH3#%N7Y0r*6eY*nQk&+0b|%m4n}uifN#Czy` z!70Lf?U@sl|B}iImpwSc=o^>e@xFrvljq%bCv+U-RXlsnI*j$YxJVm3a>M4D6AU&?VorLn06N3@*B+4ifVQ-UCbc3HhLR z@f z75W0_pp|mzj{=D6s^{bDuw88l@-JfZzbQ4E>M?`RZj`1M;(hdKnVq9430AUj_Mj z)+YT4fAj@IFw7jMob^-Vz{mpK_&PX#(XSt&Kjs1>b50JyM*bba7`GT7&sm>j4H<0u z^V3g{6WwL2?)naQ0$tY0xG_)0!@vIZdKoVB-M#nTBUwLE@>qc!jU@W**T=;&79K9c zwceRLZ@!zRBazQP^Bj{O$cfWrT*=DH(T;DuxBfea87wJFf~FGnO<)Twz^M|^0y_}e zYMdO2itNUq0p1~7kYnhJtgE3(oV$S!v(}=2I94zQVKhfp1ONF7KGZb2Lk>DbCxU$6 zcJWq7ezCir0NtrmKeiJ%2zW5Vmg*@kDsunx*FU-(88A62dWrPoxg~nHy<{ux6q$U| zv4!G=*>Yg8e%VvH_F;z++?b&N=2zVV4?o~?<%mI_ZmRSp-2Vz$0uCWV0SEyJQQQyw z-Q&LB0kC;l0`K=SD$o?;q)wA1ngehjd=7Ze_twf1>O_}Cw;Zb15>!={ThK?qeV(Il zA|c_)d9&t9o;SX(BY!G=^B@3jq2m=OaPsoYuTW4;U-#SJ{7 zf7yXY|NLov+(Y)l>*)*k;inwBJPne}#W*_8*S4KjVILQc~R={3PVgwG;h z0j1vlu)*aFmhD|S7JZ~{P7%lzjk0?jKLfCeCVqprK}Yt_SmS!#lRlE55w4^7>dX2y zDtY(~9ROE~;Y0?{Sf^vBVm_b)@=+ImtTAZ;XHysxup=-oCwD|FxWd0@nERnD?NA^0 zpqn@ivu@BSVA_>TAWW5XZGzsQUlMI%>k%+q-fV2h@>8g7ZtaLf`_N=zL9upzAEjO9 zBi-D>V)xuLPr2Xx?td*v@%two=T1BQES(5)*=CN((q#n7XX7h?`M z$TlTT;UovysyNM+fK7Iu_tN_Q+FxB`@_={i;@@IdeNK))3F{rLJICxl#_V#?F{h$V znL0(sF<)Z*hWSR%1jer_P=ZsZe(?PtnDhAUNpBgwVYfKsJBP}rlVib~&^BuXHZsvq zX#ahcJNTf3-R`o1(Kl$HfGGTRB>F~q{6z1(`;PQX`FLax3~R7t&Mi0y-Vtovy<1QD z3#)B@xQC6Dz#wcgtbdR(IDENB5NDLGa1?jy*x8=XtFDwBReh43;4Sn^UD)t>ogmI+ zPHTi#@!LUT%a$#c^SHllCg4;7aEzU0P#fPLuW=|^pjh!ztQ2>LQmkl8arfZv5FCnY zao1AZ9fCWABEj7?xCFWR{b%ldeP3i|Gm}iRXLrxpbN2Ino{+pZ?z>m-k%797VQ6?N z`Rf&P7zcSGh(sqZ=1E@~m(aWO91cQpaCWK_o(!udlx7FywFKg8ITONtcJixz&TBJK z8%6F`uyoq@mPB*x?7l@JrvbvA3QUxg`R~%*7oYZ)40Tc7W;2fNy$n$`6{eCOt*mj) zK4MU%1(C3EFa#j?(FXpcq4|Yl)K?#N7Ve9{BJlP3%Oo8>mgbRN2M)GhrJc#Jg7(rT z-kv(-40hCA`_ z8AR(~u#8SqS7X0Hyv}`;ljLwzqL#!P4Y_3|dBnW{VF8H*L%@TS^4PJYct;qbryEsi)5LJ#HWLtg0dD~_K6GEqySemsiYyD%4}47IsT zV4Uq~JP+>9)xztR*O0mKccBD{agnUhaRj2~V~~g3$WD23%)(YQd#N4+(2#I{h~dW} zKcfj;P58oxiamY-$^nP>NZn<^P@=tP8yA5dl52GFho%yQsemg`;Oa%#jNZ_O?VX!G zdoC~uyV}&3o71oXc%*K@VtNy4FrCvHJ3rR3m1iVNH;RN?r8R=+nvA=rwDDMmGhjjzLHrxpy`7Nx!#4EsyTEADn$ZmQ)FqxHjV# zp12?QgRG$B_g}3(43loWyZ0cC8*(G7(}w<$xqp9|Dy{edN0onfn`hG;uf|033-B@c zpE`@Bh~EdNTm)7Ma3ES)IPgPhI@S*QLyN2+_BJDhe*yE-$&ugLgHy?{RJ}lLZ;Q6x z4%}e_e9m0A!RJ|t^{><4;d)Ec-Ag(=#mkIY4i%1m6RN6Zvdu&B!~a0-fFFXG0}6h3 zDr`zi6N_4@vhg=uxJ?$2`JzfvV_Iu;$?eX*M0G{_D5L!tIBs4$;V{_GKS)%NvZ;io z%d1RI3Jc^Ez`G&iJq+f0LY%7p){{VaIo%!KQj*O<)g@KuE25c8CKddUC;yDK%N(Ul zTs#Gq`9tE_MBIg+^-GdwDc6%~Jq~QY^$Z}ZLe8lH5B|dUQ`UB^pgcwhTL)mX7DZKO z)5=19V-`p9kFJ-JI5HmBVF2S%6MiTHLlyw&Nwkfas>M`)@R)$jkBa&b=}2XX_7RFX z1dlaj1KP0#^DXkTHcq00W06j|RS-3Nuh7qe@Ed{+aJv#fQb#y0Zvnr6C@b{8aQy^z zNX)H4#i6OHIgd=iJtU>P5f>L(5;)OHv((p`OUP4YGY5(fAl%1rL{EOo*U4J& z$vfZMMN35pE|2|h#)oZ%>xNKgwvCV52x#Djd<>ovpCUlc*K`@Gmtn$7H3rf?q%$=S z6U>J`y}tyQ^K*pP=A+;JLHI}ga`=@=$CQT%XUo;qWZ4+;AHj!DF6=dQ=-P&LnY;5a z>gf?8=cPd;H z6vMn%M3+tpYTQ<^K|tV#8DX=u&#ot%`=Y?X+T$OEZA1aG?08gBT274jT{D&EX8ut(G_a4xF$h>rFi=ZP-uXTU&s4^+FA zvm*|dVCpQ;>{Pi%tnjU;&+d|sbB6H_qsj+|5}+FP*R)xprM;!WDn4e}$jhHOGpTzy z2aL>64p^nnfu@{{<)kUZDWFU`39n2&={B*6(5nUxWLw z?>q-K?L5}b_G(j-3;8%>R6*S2K#;t6^YBEAo#?p7hinv~A_~uml`kHFYeBe(CnJ3> zqcs`>K+2Qd*>;J?cQr#J!+MEvZfxG}ObX%{XtXNeZ8EHzf5f{Bm2aA+OS;d4e;|pv zj$YSC=i+V`Z_O<1-mU!Kvs79){}-UAV6lR@F@vh^}W=m2z5ppI;Kpt2!0? zPh1V?eGF?25W})#V^C3a2(bGtB>4zSoIaEu(Q^DE+=zdJa_-nhVYB=8pu48vOX*)x zZ5SDC4i&@DFNdL!vcc7Z>)Pz5}Nbq@1XElkxM|5_6GM=k8c-j z?W4=L?PXetND#m=Q;`0?OTrC$X7rqF+ExDB68WD5szL49;CWK%1Y?%HBpBblkq1?g zgX&SEVB^e+G>Ir;H{NRvCD)5lA!b7lO|8p6 z4q0U5yg+DC}HamZ>7uIx->n3x~JJN`5`lH-}4Ma$c zHu5dA{OZ^VVMwOrE){jhe0An8y?}-|XDS1^X;jI<%z;R_FUtDNNcN~&LSuZ3>*xa$QEc@a#MVA-YEJ*$eUN3X3@emP5P#sm`hua>YS zl2y9JNX7@?cpf20Q}XwpS4y}%??dnY=ALW}fwy7Si>JW_RK?p|hhsN`j$#bDoD6|iS@%6>Qq+!wy5fW7_CQTx zqBGN)Y5U&P8Zj}WJ0dxD(TnHbmAE5RCn}%dlvdhuqwvw+j|eBN*C##3yWr4! z%5wZ-5R1ENV#>97%D6OCAH1saRN&MA@E4d%>H895AffX1-w}8*+eq=Lf`s2(OPtB> zS~lQRc^!CJXXXC0;4!?P@BqXeXLIo)s_+Wf%6E?T*~`s43XBz8)rr<%yVFC(g~Syd zuAC7pkKFJEnk)v;H2wxSD4TCJWHHZ_9wm=q`w$!9OB`Ly@_s8d#-SLby1WwhR_c7( zi?hVpZ`PX+?caCj-lW@+Kam=?C?!9Xb+zl^UXQzf22V-E<@=iWr>m({2g-B@G5lWN zI8d)rwZmqU+t-RbRG+0($~QF5YEZ#^s1SGWvmZJxrm{%`4qhci2|0b;1mQU<*beP) za~tr@BF7;^`W$i<9$b4c(>+Z2!zn?9vT@Ec;xjBl#r`RpDeY?hj(;f=#;2FJ-|bAr z-l{vN5q!n|JYQwFJ>NvNwbmjw^m|MTP1m4a+c$2L1da3LH~T=>K;o+Wf8+&*JuU z+pJ_2VEB|VgZ>jf@1?%R>0G-@Qu6A`jSvWkiNDA=LED@~e3V_!5V5M*dN*$XV7Z=p z)j&g}2SuI7AMHm?5#1eMN*`6{c3*hsYdpT&YXAzad;bx?&^EnGr@MC78DK!53j0bq z;)=ju5g0n(beV}8{I#!w@)@JBlR1SjhV3GD#$jfXpFqLQp;KJF}=Bjs!#c zEuCu*DaehLpNnU?%$!A*$G|~(m0DSpU64egRiL27odYP&?nn(elq0eUuv#;2MFZno z4QeiYa%v#hPAfJw68IOfL$?8%lADW}mJ}5!R_su{&d4a}-iE})ap#2p%R$?^Bk)fO z|Cy^1baFHGWZ4n>*d6$0%2C;gN4Ps7^y2BF&98GZmTb!`;PK%ILcVmH7tsfA!8WNX z_+I7mzX)Hm`obQ2@1G*{pkdM{c5Sj8Y_SVn#*1)0$Przd^Q>r2a5^40@x(`%R5%f6H^rKfDfS zHEz8;E^Zo@OmcL|EH*p3yNAu&hubiGF}<@ZlrV@q32|FEDvSFFFRpNoslb-~p;qc| z;7@T~v{?Mu_wCyq_8sau$NI>hWFgLXXf2F|lRqh$F>F~;KvL0t&+m2uH|zcsEyRFh zwa#k0IC%Y70G}eKbe)y_`BURw=u5)vbj36~szAZ5)YKABf~Sv`q~l(p6jK{+5oN&i zu;aQ6-%z)K!rdeLvuKhFTE^x(-5=GLvxh6XiT+qVq)0s;DS|<`d9vHwAf5s~9Q zY&y*V%PSAsG6s*XAfA>->nh_U=N6s536ICCaoBY)einUnNW!sBv+x0=xgpd~74c|i zE~n_v6~zAI16>)e5gdm33z7lgCxBodDlm&_8hT$Vwblxn0jf-krXt2|EGcANLLL4Z z3Nxd0p*~qNW~c8>pEC5uQ4aV78wV8{_3{RoOa5f1f2q2wd3cgTTlrI%@BO}QXqdeH z)lH&U@Miaz^mTG+Pg&4m8AMnh!XTs>?Qa<*S@(zuH%a2iN+z|fp<#Tq0XF3yvJ>?H zLPX4!##!DRkjoHrn=t%S-8yHVn{VLv74O7HLYHw>O2bb3Ad)5>Jia7mB1KEo0PmM56m?#!{`j%{6fa3$U@B;mjEQGzemg@@|;+GiydOe%D*7J;u!xH~{55L~fkOXpitI{XT6hy!M_x+N9fb?y_z`pMNI=}E+ zZ^{8Gx1j|->7+8DZojt}lZI>bdb+yDk*?#O~ z;l(F?mk?omcN**b!W%9qcVm1^8?V^yLns)~3{)*6_<#TA|97K?@-4?X;v_>ioqyjW zj(tzB^erZfiwONpdky8PBGKvyEe*SsIUv;^bxw?F;GZO!h$u~plmDjQDe(p$esiP!@9-od1^(&jti{wey!ZH3GEWlI z!{jE88h9EAlCiTi%buF9#Uh?-(OAm1ItIERK<AxTdf7ccC z--LDSFA^9EQ`os4;l6&<<@-y$;a{%N;V!%EUFau&qPun8k7z%2&RXfCaAl`r=x(++ z5fg4%G%*n|m9R23al;I64j;QCQw2(C+$prUq=dvXgc8$^V`Ssr+s8a8?}D+C^D>_u zZ{8Gdo*6cy`p~VUk?eQL?Nd-u^X;!ZJLY;n$8W!1N+gUF9*6|OXgicL`EJDuPs#k> z8IrfJ?Cg=^o4dw#j*GWWU^S+cE)bd!Mun#+uHub8VOkgTD0c2^OJw z|MtxQRr zHr#I*O0^8HFi7#)Q@wS1T-C?`{CP2(pHqD<^I^vD#E=j+Y?;@g4juvjG<8mS5)Lcz z6>bRS{49+HEcuc9ztc|-qsAV@Ajc(!OcH`GL(nF@++;Vv*qNW?o2jtrB_%YnH(H!i zOarwGlgJ~-FF2@F%AV*ti(e)ds)EegofzOqStnhiu3a1**Nu;oVzecE!O{HPw)~mq z?Vh8q(2T0KHi|3x)8fa{InA0&J1f`nv4HZ*ooM@F?(FH#;{&5|n{PyNl14*PAgE?b z6e|N6GrSL_bH|@sa^|lJGL`ktfKs;-!X>WUl2#k<|x{B$AOsqV`~d4 z-+^SnQBmT#$RD<>!P+^~#eAefp}-=Dmu6$&OXYU^-npFG@BsKulVEJfUqNs&@Hw`* z-A^-`Te~G^ysgRMr?9CNw6s{a-Xcb~)w=k2rakU{u8p+Ynk1brc|&9GUcbYv_IR2AAaLBC=5Za17Xky^@#DbXw zR=&qIjd_VR2;cXWJr8H{JmYl>dS(9$=jSw>ZwSHlX08&MYoyz#{LV-eT3sfs%SBA1 zRHELVD|WpvWLa}@670*!;WQqJ-yyfxbjjuhfj&~M?~6Cxjv?tll#@bF;v*}lF4Ig~ z@jf?V-23t7Z2m(=|3HR&YK#hBUHq&hXd*!Ljla z|v>?93nc{TQA+nTVX^DSO+Ekc-G-$36-Zkf0NaS zZYgqiaSetQ=%1OpOL`|Ez z8f_ptAT0%hD$*XO`(8NGQGZ`K+l~^+A0dwX+X~*fBfL=UC8Hwbv$-3IYlzugrk2V^ zz0#_(NqgD469$5hBl8og$d*UTyi^M8V*O%Eql(S&1lTYsH*ev2==QOY0=2Z2*!hib zZI9o@gGjxX-OB8Ir5-YTfo5yf@^q%y#j+l+--@Tp-3lYO$IU%N=1|nY^ytVY9Dy)v zSc<%Z`Fr!l_WJerA-rV&*w-ut8oVw&DGr1C+qa#vZO8fVfENse><)9aqIn1~SUM3w7 z`WHb(o|-ai@eI57%Pzc;hx)Zh?buiDWa3oWdx@kdBG3NLm76#wnqc~xV8`tBrnQu; zs*0_|-G&}J=K4MvH2J1WF`uuNlklo41xIv+2+{^uLm(te(Y+sL&yA0Ueg&;p=?gfNr+kWEWHLT%%R&layhGkBQ=m=TMrwe_;)# zUo#9K@0464YwQbOY^(xkS4rhmw@v*FmW_CjYIV5e7ie~0eGgF(cwL7BWLX6Qkp&EL z4If$otiYSY(wWs@JW-=bb|b=#!Igld?;`tNpc$is5B_lQU7ug<>gIdo^~c8JiP}Nl zQ%H5GlL7wHMrHt}=K>e%dW~?s=2XtS_@hL7el?sTV_76&=;mem6c4*bXS@-)Arf2d z(uWDX5FW|zd3@0KojV8LYVN}Hlrgb$_y%PTumr(xSEY?124VkjwuZ);-H@mc(!X}y z?A6Q&t9;$JbL|b4wkgx`Y~lZW?_1fp-NY7w%NgJRLSPv}YgyEYC0^QytL2pr8fZwm zDEjN213P=O?iNnTH=kjw$TQNxIEuXUFry-V$e`>!R*Xl=g#P`h2rmHLx6^s+A{P@G z=rrLns75_hc-L7N->O4v$z5|gTb9%l_;@^~l$_VnfhF)Zn|;abbCk8U?VURRCdbsa z>)!DO|DBZKF+lQ8?uj9E|Ca7nvfWrQ;%2^F_BlXCzFf1~eT+v8No5HzDJs&jR_{4N zu)AR9TOiv^Wsx@Yoycg&!!+>6HF9ZhP$-tZ$H+qL58}e@y1_ZTtf`2*Kte~A4wdwS z`+UODZHkINe;YvXi9Fa)_RycUC5j8=cat&q-qK;4a<-E`qU&pYSZiaQH#|rCH&rFQ zu-nQfYR92rQ_HfFDn?k~?^3gasdLa{-gjuS&B6N&M(QWp9Gx^a#i@LjYSYJ3&>Mpu z4-V_WvC|C}CA>P^Cq)GX7t0){reo{2_iY{2E)BBLg?_Nxv-&A97s%`LlszP&@CZq6 zcqlDEALKANCAt>`E0R!q!u3L?%s>9Zjq=Cn;PhW>)G_m7Sl5x)Ur1ruCn#n4PwFl^ z|J>U@F1w?@Z(HE%1C5+E45WIA&*}u{4kB+kuTz8cxYsikqG^-gm|{H;J}9=R028Oq zA1H261jwF3{CAM4;LARb7;UIjP(JfouKYD9<&pIP|CC(A?=(Km*r&|GQr5CmAyT!> zTRUFr<7kUs(G6_<_!g34#v@$kJC{mfCHEmAJUnF0djrM=l!Za6^LzH2Y_AV_Cc_&& zXK)|8Gh8ke{l@G3X2P=>2@b^?WC;2lz~7+2 zL4p_q_KG~=;C4^xI!mvRy1>0uvKBTf zbNoT&!^C$>sk`IHMnc07C%Br=vJbza`{NzWY5-D#%>ltvX)MB6HtEN*s`KQxP~Ym3 zrg?qmO?vz51AV)gZ3tg3IUYixJoK|C-{nKBu!D<25pv-jjQ5xG0Du-Ma^`V7ukU8d zqfZYdJHqr0cNo1G;uR4{W~63@;-7_!93Z3g85M3BEw2ooOk)}#LTA;*TV(8 z!9tteDDG&KqSr~E-A?l^A)ZB#h#hM*n?#^Az}PfX7l}NsL*CPRcZ}lznf&v6}BJg zlbP6;^tRi~&Crh_8wIuYdijkCvXH8&TE0EpN{!YPgYmdry0+Lq#w6y&^M1TK%W%2s z+#n_{n|{;mUTyoqzbW)q=HpFr=uiG1%vNuq8SD*pm2W6;gs450kUY|*fLB?^0_zu7 z)-9D5-EVPFgjVLoc%%g%(e?2Z$v3`z8{65}V$&z`0_j9?7X5(V!c(INc;z>_*KYFO z+qt&j^vPu)rwuSDcgj0-ZrXS4x^rUfv$fn4+>P1zZ^GHyJNE6*8r-hEKW#UezbLAx zc))8(63KIf$CYv~$`q0~(|bT>swlw-<|G8jX0&mfc}nCCAA>o+YjQ*PH_h%WBMwjnRxWLYvyM-OcCC~nQ_!%1d;9TcLM-2x6?zUP~ zY+#`EoMZae)zz&Ms=N#(TgAR(RB=(*z^pm=S6qHPQ<}@d&R*6h`}i$)L<;l%9W=^k z<7*n;9=`!UeI6cPD91sIwr}zzvhLn{`FuT z;D&Rd^%&R3Qg!;WWb~I7%8)Gg1|g@Tl;n3AYFPum7JE!% z^*VzFD*M0-0V9cwW7Z|cxz9QqdsEe1f*^;3CjE9?`vvIttr#plb@TMORcW+etu7Yc zWGHfp<4dYxWp#N4E0mraJ@)ezB6rZfxE4b_zed5@v(`H{ekQ+o!FLI)jY|ox{hOw% z)3VgZITU_>T2TKl3*at##C8LxYUAz4xDlagMUYw!H(nq^UOEnWhp*8jQtTB@RnQP= zWSQmcAN}z~gHPVUxCxn`C!K`o)G9iRhWHx-I&kk1^{g`2ce<~)6r_V~R)X=?&mZrO z9h_rDW^L+}9#KsL*7A5qr_TfEe9@8lcHz(9J{}c(ULOVy5<(OA1yFSx?aY;D2;+pm zqt)uKM6rvVkD~eqv0$Y2J@~8%?w7B!uUxT?CFD zz1Qt0_K!{t_@j972WzT(!S8X=m47n^qBO~sLQ~i(lX5lT*-E`PV%A|qwjq%NvK*e# zFoo&W^c?noc^#jb;#);r@!TBP*Hc&jeXl|iv%aXM{5pNe#v;57kCF;HHr3mBQ+edkHVWhR`|S^UO-eU*}B!y@;<~N$HbU zXM;z@Kr@F)Fun$xzkQCUE#6@Z85+B%ua|VhMyqmQeD>-_PdXRVG@k3kl)jgCM3w}L zzKl$hpgPXbY%?m>o)=k?@IQ5pTB7&!bxGtSG7LJT}SKcfZpE=M_XZ2qF#C7Dfu^aX?{& zPGmu`7r60cSbDu$qmB-KU2c7{Z=J^yZ@soGx$?W7HuHFxs&-Cd>^?v1d^O-VS#T^A z#CDS0F9MDRL1yDtPz(hU04whhKv z@<#>zKttN|(AXP-DKZjV&W+xd19Xuc&PuggI_ooGh0B@))B_oNhscvQLIz~#AP!n*9nwTJzj>Ib`RD&V!`smLwj zw|tq=u>O0}U`X84djc}BhIzuFo)r3y{4BW?rSLYt?=(_bKTD4b;7!YydUAfRM+-gB zr(qy@>4plG`R}WW^3g|7N`H2WFrDHLzqM8x1Ur+YfK;5sN_g#?yUTWi1=FWb?wWc| z#q)`3D?aDlHtsnaj=CM5wZg|0E-QCM3Qs%#uvYP9DNTLD-K00{4)DQJmGe8AhHjOI z-~2mXgzD*fseAlADMbR`?dT=HI*Dg>yq%{U_PP9LIDb!B#6nC=tfl)s=WC8?X{FBx zKCwsCDNMH}&Fq6wF!ysD!(;QxFE__>H6lb~EUG==<Oo%zndh&#f0a*$bUFlVl z_Ut`l4e`tMZ)?hiwPnnauR;SUS2_Fk<>*o;yWTuqx8PM(=`=2hUW1>jI_kaz66h;w zE~q0?34r(arfS`!@^lXn{i+`N@((T0SLmdT-$D~$IHKr1$duvE5fAsLHZRW4F>~Zc z8-j0iXopk1bPA2^064(m_YN_9ImTm>{Gs9SM}RxwU2X1%C7^5~1L}wv?j2ZLcOZGw zRIx&;!kwN`$8-uJm7bx;-H+2!nwq({0QyXqePv3VYGlKOqi;WHtZpnNS@wtVGmGDV>;&TCkpthwtdDWc`DrKKC}x$|b0x!RlJM*LUp zAkJb~1t>)1TGC+GG7^qnEE_dxYN_b2l|tL+c+521A zcwv>1*~uUJ+QI<24ln1Bl9Af)#Z5jV4-4v(ZF4`+G^=z>)`874Lfl&f>Aw=tg1I0Z zef<$eBx_5JET;k|IYMkMf$m+G6S!6zT!vvUKxd3`h%)6FJnxKg0Y?$*iJxL_$#qV) z8PZDcq!q@xp;O+&&7Haq^R-5e7N2uic9ZGcY)`DI?;VrviisDZOhACX%O%yQ4W;4W<(jnK3YuJ+lUx%Hf$5_kQYjuU`nJ z_F7q0y4_2IVa6nZV0kQWqaQj3e;;+od|CF@7Z<+2t8;O#$QIt^};$#(Lpft*lE(0sW5dzcVOstRB8#4fU@ ziJ~oCFh&q@FcaEa?16FoNP;gUyV5y@xsJl6_Lb0GFX{gvDUoEdu8wy9V1E(xqxl;T z(plHV5{te6G`R>;X;1i!xRZGD1?CXZV6u@M3J{BE96<@h{^=9Ts>C$as9LQj1sVso z9+sJ{Y5sh7cWJ#>0s8$<`!fy~Vw01x5i0BUU4To(2j=$C2qXuSArWCzK?6c`_Pa$v z{CjE<1Toa=fH)i~k$&PiC?oO62H7M%fEVnRw%@oi6StvQNJU%;ri4I0-w$%!5DJx7 z{BgW;#RDEG{mU=;=+`IPc>g6n&((w!AvKVjr-#>bY9U>mm<63M&jM>%p)F;P9HQ_l3dS%#80ka;$Fa- zo11&tokW%DDU59~bReiyA~vbZ*+dc#d@F$}wJ8^x%7x}=9BLF~Yct)}RZ)twQKNA+ zHCaOS&tGG%g23U-+L9wWD(dQzu_zZ-M>x}NVZ*P*4jyBbz@zW%Xi zd($>2v%Olp{1$s!9*feEL(MG+G9`8w4f{H|yp?Ej2zwsS?|;gZN>$frkwl(}Ub~FK z)Js*?=W(!m=U6*S0odT5G<91MEkY=(i2m&2NfhxiGobKy)^LaF+1yfCvTWGytTI__ zlK%;(byS{rddF>71Fbr=z*4!m?7NsF8anGWkt@Ixx5j*20DY|JxR>P3s2=SjRnZfO zSf?1*Or(bxMYI5Ncebee=+-(mIqd2c>ato^nzgqv0x|T@#^yWf_EZJa`cXeGMe+sf z-PrIUNzRkL%!oODz3qWbGxtD@^rWl4V9BTyNIs(5jyo247201)w1W$)NlKd`E@in* zWvOmRLIf@N2Ub-<%tBUO&N~g#Y-~C$v$WhJNx8X}km2jmw4T&1sO)Ro8?h+j2@e}y z@$0xp&2J<@n%6TOUsQH%h~=NcXo7oNbIS~)VoFMwRnf(i^MVinH89sb%QHBkG9{t4 znk9KHo)b{h+Jd8|I~Wqq46`M zn4d;h=3oYeyz=CCJA|*Ci$Y4?Yz<(%hfg|~0zFxEITl^%`+%Ta+HFN(RMQ(}n!LnD zD!;#plcV0rVtw54tWrBh#yJ?n0pURo!?JttwQ=pi8f80Fel#?wOEOdmc_i1a_rCJl z={;e->nMzld327{WZ!ju7(FsH$Xl;w1Q49>47mqYp>`&0@Pdle6;MBXyZee4%C^*e zW+dsI!hDku1i}poIJEnBnt)SGUwroaVyYGH5Bl0sJs+bPux;>9$qVh-|GLNL>=)f& zhG-;PFCNHlho+5#%fncy*zSu2F5yOt-ZB0BpzSA+eMl{JXUaZQZE61nX>pkeuM;E; zZr@;EsMA7Ejx05cVBeMZ7u-L&`h4&ZX{cv!lUy^IFIImXQEDRl^`$}!|HRr)30=}* zL+mM$7t@_(My0U|q;ATkCDNdEoMlt}@cS@;#NdI@V|Wd=i2Lmkm0jxmgE6~wsbLqO zbwuS6A@1v)q<9#~m#gHy7m2*L-DDmva?vE7V8$OUVVbm2HKH6-$4U?=ACoJ|C~f^n z99tlF`yty+MB>LT67!h z5S!kS98nm?6v^C8vEaDuvlz`7>a0fg>R|Cy`y`#cyJ5rOkr=$@@El*WEfJZ`4HDBn z=hyWl1*!9kb;p1y$#7e!xWui!hAhKniEsu{j_VM-4q`DWPED0t=ozk@1~hptnUq3- zu#^3+*Jo-S@SfU~7=5R(+SQG@&(G&Bzj|Qcc~cIN0jz(IQ-#D}kFX}dHxVAA9^ewe=9)N%KpVn!NG*W8L?U*@D?`4+*1{QOTM&R&+|qn zx|4%+H2;Y<-ep#zj#F_Pv^Tb5_Vqoe|{m zpi<>X8fK(J?RTA@3Eev`!O-`88Q>bkD^+VMKYYx5*{kY0aXw{we>yl4aDD4@-jX|_ zm0nzTXGMb8o&|*C0wrbQX&{Hm39URd*m(`P__c#e#@ zPg4ArleTvaA@2v(u^C8lobKNquBs`{e!%4B(r+Y&n_fATg};8%I|JvR6=1PXZ>_~y zZT0i7pga5G{w6%=aAA)x1O&VpmQP}6Gv*4S1sHdf<~pVLNPfGzRw->Q2Lg*p-Ac$N z#8NeAB2~-cHS-x zy;D_#uf$;UxNXT_1#$Gy#zF6YC#&zF&>ubDt-E-LcviRHmTG=;G;1y9GBYufEwhwW z>q}*cXb>A~GJsDrOmX77T^H{wKm^f4<69T?28>Smc)uQ@a7oEIbC*}_S z;T?U9hhswjtLwDDc-kB(ZR`BWe)ZLWc*No>LTZK;S76zTT_Qn%_<*==#fW0n7F$Vp7XwU0g>Ki2jezL)3>i1%(4lb<+_i?HMX0osEPb7FJJx7 z%#D@f*6W15I!<{%sdq&#=2Q}kHa!&n+*cnU1jD0J`w{-1RK9#2SuUKb9EGeVR+@pK%3_^R-26$vP*SKu! zkmJ27lM#~#v^`kQ&~Pct20gMI)mJo^(+d*#-m{!)sQ)H^rl}?#!v`t9WMqWy)sTsh zKJ*1Ol;7)Ea%-4+_LU`+1K$<}PW$8>F|o38yhQZC)gAg##K#TGjH^q=fg@FV+e3-r zpLs^caC=G=q1c0AoM|C-4nyiu#UGk`R5rv^l?{p4zRHlDd=hu?e zbN(r0e!E8gP}kqd^MWdkI^|XhCufat5no-=;~4_II#`%KIWht^TT(B%!soVB{v({h z0x#Vm3s&bTy63LVYwl5iQwfiIW78OT*(8fH5P^iP?chhBx^k^i^U43}t?TOS40t|s zbJWKNvh9sIIZynCj1JFEiQe!CpOLiNRJY9^{PKE|koj{_9qR!(pc2MAZ@W`=LD6?w z`|aG%?uaMi+Knnc&4yJSIg05qil@wr&UDGn$Ot*|g;$_eRaDGAUo(o6OjWu0w_a4A z^%usu3{m+6U1#wWG6G%zr_L=}rFb+$U||CY^CwanITX_k4*h)KI2h^tX=cg^Jz5Zq zefYT|*XK+-iLwVOnXZvY@-awTzgh7t9wVd6B7fe z&*MfQm2{Ryw(qD8pZ*S>{ zFe^UvHMjE$;iRtR^|kg6o7?y!?Fmi+#xHE5KUgI5mFmY88oIKpcF%X3jc&7Z#*K6H zO&WUAl^=ef4)ny6X<)?H+~sV&K0oTQd0o=e$OWL}%s`)kxp0=wnb_T8?$qk$JL{Yb zV}Z!0tZEymbF>b?svYXQ*0C7IGEUAzo@nqVDhYiJEEj<;GIUSEHe9!ZuvCnbB||za z5Do}7BXCF7D$Nsr4v}#}nnv5+5O!(%d9P@Mq$49nXcPva4d=Jj+9y8rHoqV}s{WoC zjT20fox({KOK{)bmcEXj1-K61U~)zfO>{zFF{5vzbJ6^+%-NNM!1XmEO4NtSp(fa1 z8nMj3mEaBoC>gwg)&`?CxKC=ADRTknS z^)_RFv&Fukbmp&1X=)m{7azi|z48Gsq1`Ww`d$y}B`(M_j5&{;-!6n1IMF11 z{o=1(D{|C_cS5l%40H~s2OtJJZ4b7+`aOyFY2TZqvgxC)J2$~5lBUEC!wz*ymGwVc zq55n*?7tqg{hiEH>$2p~%{NQy?zr!0hh|;rXY$$EJwfCwfl5sn9f$_s*7LMA3JcNq zb}C&1a}tv>t$F7^yR7lNJuS4{QvFaHX#3hQo8rZlUqB&|9@Y+qo3Dfv^BC6FP@^^2gAU)_lau-zZ;__hOEhU$UWK`Z- zPIxKIDYAu&szQ6YgU3hSlEl zK$_&%ZE`ZKZ;xFPt;E|OO2eYYsmrg#ey<>V$cK#+eXb^Ebtmqkl?Cyh#BC;~W+^Dv zp@xDKxksYP%?&Lk)6S@Xmz*96Q1|$qmHj%)QUzi|Sl=;k^$j+97sYF+&r>rVc}|{G zUh|q~UmVZf@rqR4G&-Kh01nlYsLQ)<=w;N|5aea}07)Q0;`(oF4njCv>%osgJI9pO z0vS0?3kpyothh1c!TzJ)TW#YW{OLiYkph`s(?l|GUpx!gO#eb>XM#cyPzx9POf$>t zY%ji>z=6`_BdvUzs9~;j@t(cYedI^PaU|Ey{nybr&CHWM{}&$3>&p~GD^^s>HS2Z2 z6d1cOJ1EjL^on`X!BLXQAM1MUfiaB5@P8h5-_Lcc`cFwaJ@kb>bT-xg;;h|4A+}ii zl1s=_W-JABtCELWUBf-a_ow9;x_k76&h@PSu%>(Qll%R<&F;HZw{Fu9F#9C>buTvC#>Hz41A8+w2yWTChzB$PkuP}Uw2~6c8vsRMe!#~ z#M(!9<7H>xPLdrx+kS+n5y*B%H;X*>$bHJKW_YmH5{JJ?hJ!}ZSlZ!P$Jl><H zTfws$Tx4@1zw;TG+UjB{;J(nC8#WpDWE4*2$?7eAcQ#~WZ=Dts_tItZ@S{8`woe%P z+jwXzSc}acHS}W3MJjHKa`=FV+$^}}l*A3c9)q4}qIN8x6>pB!4=-2^coew{5PHMwE$ zrydq5=f{IjC^XtxQqUBH3J$ev#5m*W9(VdbrkW|!{s+|?bpH2yay9iu+KW5~&0v4< z9IKOzJE=FG{{gnUZ3@9;`g#Xb-IeC1 z=@ejbFp<4}Z}Ml5ZER!cOWfLbU3Zj-vHREKZ$r8TuxNak3Nq_=HSAa_WuR6;0KNx9 zSOATqY72+!)F>K0(2OjA$D`VILUOC3-J<+nUQ&)1DAFQT1dG`IuDlb)jA+I4PC5K-{VF+p7bV0#oNW-J-eQnbWL}*_kDees$hqIz7{m;wV&;v zNVT1+_)=>s&Np=ShB1qYaY09yZ212Gv_MP0J6M6oHqbb5k3F`hIlK@kY`@o0mAy(vv+jt*vT@*v$EzYBde#jvmIhaInK6}6u;ttfPIunA}rV<`T}j^ zNWU=ZaYCGW>glfUF+C-4s<{rDE1Y7i`tH!7qwC*)fC-u76&OPReg4Hbb5ISHvQ4mn zlC1X;P{+B@zyCmYxmH8rBtmiJ+C_RFW2didC(@_S39hexx6@cyX@Vfc5y5IloGAph zk*OuUKm(Pew36|TqYWhzyU_LO)yM9Q8S}Bt*_me!byF1>K1+sQ z4;iBKm9dIqcZTR|$mwUA0uFz@=DHiTf@H8cu1Of7eN)cz<`?HQ0U~IBv3Lq&NKH+( zz%nZ?TDNL#4#P!qCWDXg0&s(1;lU`t0v>=-RbPe!ie-|5J#57VPar@8-IH;Md;yoK z500bclH5Q*C8K3K>nrqyqTEylCo%^IJuC2Wf|CVKhA#?sT^VV7vdW0-O>`ZHa&;Li zIG+jNKqDA-D9PXo?_Ho^6n#cPM-fN)<`Y=etJlz0BSB9%sFyEaZ0)ehI3=aI(fL{h zj+lFlO}4yTyeP-U=QAulPGUq7XrW%f(Sred3=i7(tFQeVY??LIfd;@GwlgD>6%>L? zfDdaW|B!VAE5H$q85|aE#H&es0GChbbE1s{c}*h0`0-zuJRCG=u;KLgl=KBZ`{a|4 zT{ErnA)z8GYmUJZXXorWvus;7g2KT3V+BrppYPfY)!n_Nu$=vMbC1j&mAk0exxJBEuf-+_|#_oLZ!3*fy~A z0x#xenH&-XJ&}C`py$k)ZGq5p#0OXbMbZ>2{MTvs5*!;ib#RE&7Yt&y2FG#JL`i68 ziI;2>90%7sO!i`WF>W&y9Lt2aMBTI zhMwyx_yjJoZ5w@U(j?V>v-KN#;$j)M^aVO++|UDm+2RAVhqDL6d6V!18bO!g*-o9h zD-oiXYum1~$yeqDnkLz+Yq#UX!wKm7fC}S=XJPPzztMT!JKT!*F0@U7&O>306tBax zI@Bk#(NAmyo6CZRpkL$vN-_yrw&x%ZDxs4GrwwSGw=nbW7Xt&oh~Ox?~_h-D8x{M8d}O>C-F`<^1!$ zueqIJb4oJEoY}KYPV+w6I`yO>rbp8jNuA*J_lI5R9nhj-lDTlg(vSZA2Re9yIaTzV z!gXwkA%joVYLX6?B#GQQUObQOYR^@Y2t0y-FgiW-$jV@x$&8=22)>>|lXhtzW;9 zwa+{y)vaeb0=gq|6j=m(Yz2VEL^2a|&o;}<9f4eE6ZyLXdJ5~o}kC7RXKNdi@}e6;sl2N8Z>AuzFODpD_~n*v`+Fzm#)Vu zNZ(ubQ!DjTD}E~}NvmoV9ih=t^wiUJ>)y+FA9J$R=&6kL*W?x#OGNRsluuKFSD>fx z>1oQ#Shj5DH}YWEuPbem_BW)*_`K|bDnD@93{xmNdaD- zU8z-a$Vqg^Owj^KfV?kPcuUX_TELd;CtC~Mk(~*aNp5wOTxc$Q!(oX|!+Zcwk_AXu?7SB4>bMqv(G;@s3RkK_CCRIm^p?n2<{*^S1(>{^oacre?0Gu zvrX2JIL(nM-Mja2Crhtr->$uE`cq7e?)JE2lF2MYN@HI#^3NSqHj=--A2;WTbMq=PD$|V!O}5E1nMCjXYkbOT;`RPu>_E6)zS)W!4Q3dAS^r#`5#JU(5Icf|QUYD* z9r(}C*ZID9@j`109!jD)_<^2AAI*M{pRQZ?p3>KQnV!V^!LPzPNo&I!O|kKB0>%0M z$&xS`d+CFwM#jGUe}YNb>QwYLDE>oiXW&su!Qk1ezi~rP(9SuZyyrgn^efj@zGUpJ zjl$#3@&Vw3&di$Q1`asM-E#A-?#?^zlCOEN>3Gm?Rlx)rI9dvDGoO%n6x)rH_=bMn zO!_mnE5F;d@2n)1cKT~8-qpcmcWv>lw(UB~*6Cz8jPEO5&$nvb-s-XQ6!U^!2+p=q zJ&q>gKKzyUa*f~U?rqdAelGlF=*s+&XhyIWJAJ+B2}+JI+h~SuaSlzOlS8}k9g>|{ zShP+Hlb|VlW3;(pqt`L;b@4l5HXbe09FH@GK&gX3@dkiRg0Q^?+c)WqMHK`-%pNC1 zp_0HMkO$O7>4MRGC1>M}*Z)us`JLwIAdri&CD@8WH$cwH3^|l=694p;AGzmWc+OVO zz$6LK;@ti5O*+%_kzZL5n3YH`YNap6EKbl z?b^#hrm^4pBloB0{@~tKmLQ78hoeWi4?cL`+8{8D5*W5z#4+^z3x9SG{^CAUh;hFB z?Qbt?8=9NN>`_p4PM+Y6;OAXDi^Ch|I{jfR1nS8!LNPt|*yBvF(e6M0^|I#cYJ)Gq zfZ0-b={rI58WIW!{*Z};BF2`Mw`qHw=d`K;rz=ir1R3u|Afd4H8^;hq7jT1B4k+)m z_4k)wa<~8FW^?+{PYYa>0-b`nCCJ1I2eye}^$|%AIJF7><|vr~<&@PG;1dcfPGqtp z5ysisv(2f-N(mo`(>zIGMyR7yu<`-=!Qqb*O|T0kx~3cmPlo z=ztX+BS*exxW&70`kgC>AoqWI&mH+$w$K;F=u9+4AcObTOG&Z5ps0dB;2ykS^oOH# zj{7YZCsi}!<1+}2d{vy zgC7NLT2saI5B*mGHo%R57{$LUAK~rVp8g>yOnqeY9rxd*RerCVQ8RVwWbLYPm0-Bi z93)>Uk%tw41a=6lGfo1c1nIy#_#Bzs>~JymlQC|DWE#fDTFK+5o_N%p9ncV~S%4#} z(~(PT`3%k@Yp%QI2exH08OXFx0he(o^A2e0<}~&GqfoM>4#V&L4i?jU4@f(GI%A zx~0nuUiP9Q{-I0sn-#re`hzEx#RtfaX5~F_gkCW~2_%t7g~NzvpiStTl?JRFB*?_- z0qAV@tZCvO3)EK~uOOa>EM2r{q0u+EguLWA5cb4J$XsX%ESv#OhBtDbKZ4EhGFE3Y*I%Q52?(WmCyvc| zyprUCH?%^1+VrWGd<4wU8%Z)`tgPGvkCC0=Vpqvha2I~`z4{n^|5e*L-*(qe+`nFVS-LVh)H1D(e@(hguF*5kCMDH#|M>fhhNnFH)bAb@ zt&q&K)e;MO9^cEH&@aCDg1h@?x49Xjo%Hk;mK=fnnJ*n2ot0G%^aGoLZQ}VZPGIxK z%312d6Ph<~ZuI$&f4*!1vNQ#@*x88s=+HPRyLRm+2XZHqua7_Rn0DfLNarLDx8NCg z2F<`Te|E>M#-~V1V$~;j22Y@W(`L>v8wHq-81a^zo-2$`zy~P24|-awz)(#kNkC6H zd^pFB)d$E*woWFSKj5=}Mz+tQg@WOH@o&HTOxD~?qY;uX2;kxvMK&(Vg`O7J7KzA3 zcy6|ISa=F@6?njZa3%sD+J&Z=ccWe52H$xv`Yd%?>No|q-lSdR^is*}Y&nZrHH?mc z!?#YIdKMJJwj$93d50=W(^AvqhqJAC*nZi;jb zw#3HnMrM`fg6u)gg8SHX=!zs`kZ6eRiH?L`h|R}b*h=7}dUkXGGzUDPJKzP607hlh zW?W(j98w76nGg6HkXPtl$bgzPs(E>-&U_oCLd)PdI895(Le&CAWPUF8V)2781=i}&PjW0ya8$*&%K z!00FN9Nun`X#qXKHn7O&cqT=I}uh%m%=P|M%Awr$#J@kK}7^L@Y$<{jle{7cj=lj$U`D|P;Co26 zA-J`5tN5sN8Fn6`uQR3hfYv0x0a_Mia2x zl19=|*!_tyzx(dn=2yU{gI>rxj-~<(@!63KiQY}H7Tm)pi{A(P8CnI0ScHJ@4jYtW zi3y8xWGl_IW5c+Po;z2^zR(V|u}icCUxf}x4r8GQi7D9i%pp24G=mMzA_{abAG}@U z=4l6@YE@Yw?2l}LPh%gGB*D&Cefyqbe*0YQwudhS9u9`EI}mz1Iz09S_5;(W4kONpE4!LzE&4%mC(u5HaIkjK-Yz`ozJ(b1)8sDW4%wj8Uq+ z42>Dm2FxZ^D_d1bXLfyQTYBQG#&JtotKj6j@4aKIc5&!&9tdTHGWKzzAlxZr(&Nk} zI|;*>)p=yn@ot_=OZ8_HunGoc0Vg1i<`xP*a!%evDWAQ2pWyoU>u-iQPN9X$wmVM7 zH_8M3E3&D(K*3%VVT2LC`Lp>| z`>c@S9^2PY=qvB0f6O}y1r9@2Zp@sODTkMT2MRrfIkKXDm+XRCMUep@Bc8dzskKx1 z;b}xcS&bchL5Kn?9M32U&<(gsrZUia~0A9cp=Og&VJ6JuB63yyjR#WnwcZT2< zc!WbAXB{}sySb)jj+zn_Q4G|;cf#+@FZ}2eo{LX-EAXjUuPrJUIm3E8mGbtobklBoLFFSjllrsg6D(OsB z88+Ym^Gd<#`{9Ql*lH!(;vTrds*dh*Fyl;uMm-Pkv|V1?#NZhE<{R~2J0h^E4%)N+ zXzVzU>34Mnr7&uJ|Lt`LF*$NsXf1Q+5`UStX`2c?U zkFCs+3ABTQ48;@};QS`D*!TY%Q>w#wm>+0_Z75NCsUPN957;T-p3!s+EW$q z0bY+IoKIl7eLE|Y*qXm-~sB0OBSEa6px)TW4etk@PB>;8USWS2bv4U?%`>GFqnX2&1C>HPT-h- zUsaf|L2^>F3xv^x0tRH70-w)69qaz8pv%C4CkY1K%s62?O3vft-5S0Xf=9Fo&q_~E zw=DZ?$#W80m=a`I)ASa$@-WCGo`;u`Wy`asi)hRkNU4&s^p&w9=bEID4eMnaEAcp& zk)$V965=pIrcTzDmOT^@ratt;v#dH|9K18g`k?<{Fa>Ot7P^@Bd~9Bl>pxIuCrxP!SDYSlD> z0pQELFjpAozk1>~25NTnIO(KQZ0y5d`?oos=?ji~WDLRWISSsj%xGoLlfX7yNp7@% z`Q=xd1FK!T_7?1G-YnI&(c^iNx-QZE8JRlkQ+$*9MHTwZIfppD+4e0txv9aKgehRa z$|uImYHy5HbjtuIKEo;kFK5LEBxiB7F=y~i_!@XYThtHFlbBIebqNCRkOK#vf>VmQ z0&d`)@k?DHpcM+vb~3DSKFyduSuojd`X)v(ybK;j(gF!t)L|<*0$3DqcJU&eg{^=L z^JXtn)4(9|itwsK_Q{wjz8`+9p+DfjH|4yZ#(iK39npDct(F3tIO8~0g;nr44(2bI zFZg?&5T0R6S_--xct{(p3;{3L-No+Z>38UZJZJqsu|{cv>R)K)SNvv8$|i zY;pGSiwZJhmyod7s#O~$8LY4b3Hs0c0vFo-YSIMT3KDw+8)ez56|RmFVn}{jEazj( zjF$Eu`czJ5SF!3ACokuywn%Rw=gU&9KA-2BHcl}Z!^@GM^E}` zOsb=xq9W~AkDOKj~CrkQ!uA@?-T5ge!cVV2=_lFVv`I8 zoJw;6Ho!LE2H$}Rg`)!a4PVO`I5N8@4nK3*$IKd0*I)NU_KG# znvznG?_O8;+ftkUsJ3_?yayg-{967ybVRPR0}=i_7H+_+IbMZ&rsL^-)alZ?t$$wc zNg+85yHNH_hJ0%H7YV4b>y9O6Nj4Vf@~lplJt_W3pcmV;Ze5bBl59Z?i)FA^Oh*9- zhp_+`cojA;Ha5JUaUjdFyIIYP9*8Z-m~6h#1q2^-2oGcIvmK^WgD>o8V16u(i%&}| zP+f!y`UJb>rAimX$GBDJ_HvDODd>Q}4SwqN!91BK8Hj#|jmgeIByTQMz?nc9eI~d| zU$B)pI;weUy4e|w3w@t)vS-mf z$DZ_da5Xo5+E?~0E6_J6QG)iN4{So>sqM1b=b5B^%rwx;_TW1TZw&!m|F4eW53v}@PFE!6v0t`BXpvz7WmYWXyoOn0bW<1yrJ}MASq($R_9-U~au;6AnI|nY7dXYr*jPEsEMy*L z&YEc%KFrIbS~W3Y;&=$guJgxsUceRuoW7xmjU4%&`}^Ntvg_1E81kO9^mKCu zbM_<3EAz~K{=g5MTl9UTGCDb5nV<|ffTGSyVzvUiK>cnlC7L$%KV2`u1t*tx9D=`` z(M-UJ?P(D7t5*4h1%x%qF@Yf*emL!zdsYqwWfuhkC7Sklmf$cj=RB?P<3G^~q%2by zP)u<;)As1mZ=2AEu7FpVGrj{nejjZmj2Ya5A5jPf7>XaPey|G0HU3NM!F#007r0kkdSu>}~c*HU5gOg-P3)rT#a}8%Z{X(7+d|*Dj!CU+^3hc;mt}6IqoSbvcx!NN6 zUg6eCbNDl!Ah+2ve6#3)@nFc&N8=xc%N~zSj;ou%DBug<83P&XoC!4I?YAr-!q~v) zQ{*HjTX@RkuiR5l|IXTNt0bnma`;kkDEBzNmu-{AZ)C%*TKz;s+eh1_S(pZ(LbI(u-O(HAr_N5OC$G6Zsv zQBx)RYslexuwyrvXU-qRLC1;(j7RtyW8ggm z?BJn$E8rBeANqxknkf+kClNdi+0Wk`orgSe!l#D2@GANd@Qq*z@{u+;Tbu1PX(K}c zDf$PEQQ!mijNS)5V&vk)`QnQ)GKT$mp~heG@Z00MlC;DJSkVt&BV(I4Z(*6(bCkW! z7SXhYQO}ms?K}9LP1q71XFdFh)h1oK9BYmu40B{VvIbtvvv3{0(>EU~vF;wye*&kW z4!c1cYqiCeBs#oD}MD=3Ad^bwx1RJP7}XAd*I|K11gF}V#KSb+jg@}4K2 zdfa_E{!7huC8LuC+BO}&c-aLPyFSPFc0YgML3h;^R~rw5?)fWUR%h1d`hFn$@A<{O z($96Km-;k*>Lim7tSE+WlFa7mzhJzUET*xL2+>plV0a$#iq$S8OiY_PQL8w=VsMt+ zfRhL~11sQ+u1Z2v{RWLimunqK7;M2D;0IiI#&$!Hy#bEXpBXbIyD3w~s~s;BLb3(* zxk&pY4gnuv3Lj-9J%Qy+ty-W>c>Ffe1N6)Gcw6OkYSbv%Xa%0YR?(e0A7i*zU8^Gr z472q!_)73v&6+bk%%8pcaQu@;RK7nxNQqoGno?pA@)vr7zR=}K(BYo(Lg5x$pObh4 z|KvEF0Rwcj(X}_YryhS=XRgmN9PH8KSl6fD03Dyx*XAuVGcS2K5BI?f@F^7f!aT3l z7Jl|k7vM?I6*R&T3pd_$t8I@8?}Q&=7lQBn@ttj;r_GpZa=C}LgQR~Pr_j0kF{Zn& zSh+&ycV21yxQZ#YT+cj1o=pEP%q)X?L?(_A?LBNKhtWy7qr43eUxO8UOju+ zR`0LBK3qHIyl#OOwt~%(%sK3H8~}R&pP-3{k&*z!Pr(7?AfLI?e zJP$qMYn=rS|3l_b;3eor!_Gb5bl=)z`Y7 z(z7vB=>u|wcfsd4!XWesdxSG}-+%wVW-Fs#6zGN|3RiRIe(y}PGq7u#NvF8*lFMz? zEix9rTC{C~U+BK{eaf^c?wQ{|Wp(HSyd0h$>=Jk$HU#Y^$+qYw-Gzk~U&#i-R%ADn zoSYmbp-$GgwHQKUL$(i-zYlu>yJ3Nn>ez)0`S3YB^2O)Pe?g)Rd@{=C4VZ`NAK-zF zgie6(YK3$pWKA9Urm#Cc`uM*V2%{dbvXUn&fe&@?Q7~@=nAk2Cy(RESdnRw5!3TE7 zL;oK0@%t8}LY{?onJ?Pp6TA|J2)hn_`njU+YvG~fg{%=|wEOsbk>9o;#c09X&Bm7unCQ&(*3$`X+68?= zKj1oi4!q+yBDS2yr$*oyKI<2{=vmcA&q7Bi(8u_$1W(yttUO+{XrcS^i?O!Nb3<@j zZIe(ze|ZP1-?3NWy9Af5E7C9H5t#kHJR@PiI>Ieis z|H7YL3pqi|IiSka<-99a-m--t4u7(}qXp+^vYaBEf5CQzI2m7i`BhW)I9mv3^tZ`6XwV&gDFOXI`nYA0hJrj4Ve zjTFrj73f8g89VkP_tnhlwqloaNbbGo0ei=1TDkCnvZY$ekZs?-gM0GvXKYM3Svmi( zl9UPh!`ZuhzWVCF?CioHO4&s*V(g!5^&yHeXZOAK#@nX6pr`~z5CsHfq+NQ3&L{iS z5%lfXZ-BO~>1xJ2iey!trPVY=tGJ}}p!_gbJde|Ss2s^pJ@JeQ8iG&EjaQh1F!C9B z!Dz<`afY%sd-p!U#>l%-Tv5Pqc94CUltk8ImU~UcJi%ZT1suk2%CP5b#2c=^$rLBX z!4{dLKK#H|5;0de=rD{Kzu}MXMih-o+;{Mau_S3L4jjM0JU5pWqS}^nQH}+@dLHkc z^(e|Xl-c^OTD3Mh`|LQ4wTvmZOP1tV8wh`dKHKB4;-c?~gKU0KBFI!+p;c3j6bu_Y z_#CSjoB?_)PlfOxI$VzC!#6>BnQlt9AlSt=lN6L3<|I|Ti8Bmw(h{huql{j*Tn0BW z-Z1{^CDn7|KL6CNgNvMf2F(yCnk)WClF0ePF0j?XC`{&5%?m#8E}H|*19O7%2Cv{; zKUN%KoQxU!v74do9m9Eq|N8eEW~_L}W<_n2`L+Uf!{h|K(P)5e5I_EOtetsI5acg^ z{-e(QXk%vxUoRd>@P_kleHLFu8|!#EqK6DQ)m&=>kAvk?Uonju>f=XFClf5}>eW}*f=d@9gUa*6@~GB)8wY*T|`>y_oao(uSa z7D}FUcAhoQ#or-Mjm9quE{)!<6&F*(Qkj;2p(nL=v$1Y|;dGzs~9D zEGNWd$;WQpjxm`Dza2E>G;==iZo^T@ZDcx0D%o;suxfUPj14QoW%bY)i~h|o^ckFD zb$qX0eeB%Y)vH(Mj|ut9Je{q?2VejWe)`E6+m;;M@6)HRyZJ}AxV!HAnFV7xTYLE5 z{%y~2gag3=3hzP2kSsv(#{v?f17Jr$3K%nn$A0^eIa7Mdk&M&%)#0yLlEfnq{nls# z=M)KFjhm}nV1L1ouP!B}t)`Hn;BW;x8kAskB!g?kex zPH+PUoa8RM^a@KZBTxj~kz1Seoz=)czU8OJ5I+2Hq?I$4 zTUDx5c27U^ge76Xqu>p+@yVf~4I%kj-z|&_;H#l%cIx=R~tXZ0a8k#5HXZngx$ToB&1+JDO3LGan0_Q3LRNjL_ z#|Ns#f7Bb#Gi9$y2C*sz*@j%^-Sagkq2%L>`isM9t!R{0SnWIL7#+2Xa}^r%4k-VW zs@j}Fzc`f`D@hn6j^eDs8OwVZ58K$WVj210qemap_i-w3-n>!slDG9``%Y?ul?*$? zXLCh!a#~7XBS;M`Lxa47xjZZ-4@mSOsU9>XyIFDonyOp3j`3i=10z=6o;>hm<0rYf zxvr^pfFaO2XYO1}sOa7M1f8vSx3%&4=i}VRUyO5IKK`HUCp+`ryYII#lFanx>#y4R zd%V*Z&m;4G*oR?r8J}=OJ!Hpko_^ep{$bY!wpwOu(xjw%rvD=IvD?{Y1>OnnFPpR6 zRwK7+)!Jkn0c3P(Xpyrlhrd3;U=J>k4C&{=%eL_ozHq0UJlI`&$>sJeegt^TKXj~6 zx?~%=Dg1_cn=Si3^yT{Ne`L6oo15d@x<2pf8=E1106XO3i!PBIT4}P>x9!`5_Bu-^#g7PoM9!Zn-xn|#J$jUO zCa9mcJHbvH7rPb_=w?C6fc^vB`AW2T`k5!)JMX{iP7>eGki5tC*&scTq)C#b(77)b zFATaBXZ}{6HPfYO2ZoE(FZ=?O?Cg2=-oqy6tQYM z=?v>{A>O2^;y3j;dZns#fi7K-wR*@K@WGES$Tgc;3lJ~U>RSR|0|uTdtu;^9=T%da zDn2oRAThc+D|WN9XWQ;v1ip|V-MSrb_WL6F=Fof4*RkPABt<^6B{Z^|)tHRom>wi9 zRj?zf7%MW=>sQ$JUgsz@z6gvC?^mS1w#Y93wOg{Pj_Z-WR11pwxGFb{ly7UIdt>Go zuELg`ZtbG!I!dsT``f?QyPhq#yPMBzBz)ZEKApPR{b$+^cYGuHpcgStb}p$Tyq+SR zYqRP9H{Wubbhcv+j{^+y=jHGY{*b*L+W~xG)hvsA*e0B9ohc-mfODBjmLyTwf~w4l zct@0m@joReH!(jI?XhzY=V$XBob<5ObK-}5r(Jj-iIhIk)9;eN9MLZRi(nVf20nih z8B%ICH+`Hf*f(veuH$R!8ZX7?#j$Moz*t#~J;6BGVUOJ`X^ZD+KQ1u@VhEIc2$YdP zE0Cc3*k70nf_d(o+3w6U&#+AICCgU0k3Rj_J#g3k=0rJr==a?D7hG(L2|-L8G@Qv% zSZJ5gDv}9i=q1UBAv+Ht$`)w^7%_s$hGV5#b7kKVv}L>GFQxp|mD3a_LAC1DY!%!V zIcUF7)^V*`I)q&Bp&g7@jMS;qrrO8|KB9CrQf3U>FfWvFr!Gn)!OWIgHO$I^mD)~q zg8EfQ??{(}$Fi}dxH4uk_)a{bpF92ZGc7=K?_IaMTYq||8z2WSOw<@Du*uSD9euJ2 z@R{E~Z7Tv7tBr-ZIdT})u`OF$q^B#Zu(?~dbg7)CGi{a8GAX{ilkF98tf3&{(4`Ob zJ0&H>jO48BY#DzIT$@&H%&{_FFu_59zSFUNM;m{ZRtB+k>=LciC2)lSiL;&gLy6*( zpcRf9&X*$C+e3~koXi;NVV-Bmx%BJb{MvOEJX`ZVDNYmQc&2bZa7|#T;1PXn-n6+y zmoq0Y=L(XUy+n>!wytFytX@b}p#p7{B z@vFHCG7U9HcGmm_+DcKY9%TTqvY+4#t8mDQ3jqYL$P{LeoU!(*&Mag_Anh_Y>jYP5 zj%%~U6LUr9Y|{ws%5ELNl2y%3Nm!decLui zWAk|Gm2~>e?h$Nz&3P|4;G-~y-YU>1&C|@;S#p@-?BBcdll}!6m64I|a2L?G|BV{y zUjFBB8RW|qyu8l+`r$`SZs4H7K@!HsT+;@4$m*NPQ)RFuk;T2)a0T3(zaZPj53aCs zbhUUDa(jo)HYJfMxpA^3iGjb!US#qtT?e*3y7w@iI4?WP5Wc_*P4Aa>){cPUoGqf;o-aOkT61mTcJNPgw>j}Pt_w^M7 zX{Yzl4`e@cRbF^NGS&qbTx{~^rW>wtS14$7#+hf?^PB;OOrsz0);4Y0y5Ild8TGA! zZDBh%D@!_rg8rI2bPHrKXL8fm<$0O=$Yf}&b*t9qSemVXDSd1rLyy8P8>w<^qYEsR z(FHs@wCiBF!HyvdM8iM7@0S+vHu}ko%e#@lO|8n=T39dGY-xOZmc-~U*@Pi zbU8}EH(<@VkieR)eQ9%Fc?WGkhu|QE=eUN`n*cv_;%ReRgueYM59pRv2RL=$7i_0R zThJ@ChqDj901Y5-X_qX2_~S$~jhT zs{%Aezj#0I!uUqEu9stocQFR|74n?KHS`+vRNmXR9eiHrlx5Af@dP+=&US4D^y()i zxwqeaU)#C*?W@CmJ^Y;u{BGTPa5T+TQM=nUR_2U(XDh>tF1*B?m+S_?cz{*mf}XL< z&L4g0?=L#GdV?3i7tryb3-mN#$ab^P7{OhfxFjW|q%^TWQKo3)&Y#?2`sW}2_^blM z(vLK6vu4jW9g`I}Bo4Bo5Sn1CX5=CG+^It+qZGJKl<2j zghzE;d(lhK;o*(w&9nudfsT>a&?E2%Cdhc~ovBl&h;Od3#13Qt`UA3!!m%*~w$Uxn z8#o@u&hOToG;7k#Y=U{&^9+Ak(FDGRf(%6mG5nX)Mn4T#nQQb$-eE!7yg5Q%LMO~E z_zmr&OQJ8q?+Cs^8>~|F^yHmfjE8`0XxHNc2@QVkP1n?%nOs)~p)>HFL`NK|1c51* z0HIIbOM8j>aggiK62m09jeepZhdx86^c80o4l&-z``F1My}9sI^F4g{8`8O2XbdEj z6)3kP(`=L7g5CDeL%$L}%yxhN^K;tCqn+U7cZ|^scPr4Ow~yy3`C)(@ehnn!=1EqF zc7(t6M8g+eaIpnc2~zKkrpAr?)V-`gXfxp-EQ&llTk0u*!{<#OMgN zvxDRx`~y5^1u*t3$EkpGnM#J_sFO;SeBuea-GF1z0KNheHZ6d|Lq|Y?ZrI8kXF0eI zP6tOWztIT^UO>|%3{lWMDM6l*T!W6t%AKHh8Xr&{pfr7k5=Cn4*{-9lxEy&9fPPt7 zI!6f=H{Eoz$&GvNxmyVY98tse$@@=3JcAFfs(459)Mjq0cqcm1LecmipMB0f|NNia zKVN>yYz_Dg@|naZw)f?A>XP_GS^2jX+mSHHOYC24FnmJj$mv?NfW9cG z;5jGs>1*HL9r<5(zIMbKs2vhsc;PvdpXi_2;y=iDbO%<*VXNa)!w$el#x?W?{DSZ; zcoMqZT=AqevbEu3=wUg!51&OY>m-Z2bn0q40t-^6i*Mb3_XDN_<8ML! zAlpXC?)t~S|KSEH8IAF0$?m}>y5agCnf~yb-#+Z{2a>RP?KRiC&psa~9qTj6`^HMl zoG9HPZ+8Ic5?z%LiY~W9%WsHvoTLB#jd%*{@+3k>I&u!NK8ahe?p6ka!(qujPcGEQ<)6_q$XwTF8nP+@x zZCkZeLhNMW&=Se!%9dn!DCP)~J+?|es$H#ud*rjVZscXF-A0*YXWgu09tKMv+_K9pU%ArVedpaa zH#hv`CU?aJmss){x)8L7FB<%PQ8q$r=`Z+vnYW{*FjjDZRpaQuY~hSf%q}(QS^?|> zu-go;7AjepU8a(RN1O``zW|T%2eFkpgy4#i4VDk;r~%I?MDlG$Kx!85Ga-aFwPPJDmX7FKa&t3 z(+`CN=J2QI{%B4XwlSf=6fg)e64|~G<2DrTv9%e&q~P%O4h5~ykm83zh!ceZL&cC? zCBv6@6R-`}QS>l~VNhh~^NAwCCxQpzkMictAQaDX<}|?(gt3g{ioW0oM2RKvNbvSL zt)^j{D>BUgEQOX#Lk!<0GFqw6AAP~GblRz>o6x)e=h{+J3>il?3I>dv_u){&q0QDW z^aVwi{;{PT!5tVk4rD(lXU;Fq38^iG6UQ@7Bn)5R#Mprc@8?;RSqx&v8qO)jQN}nZ zp)UPGF~h*7Eu2dzm^jJssxWo};wZf+F2EY6CGTSl^nrG9G|+d(g!aUHfHC!JaIc(S z^}%~^)bq~mQYd(q`2jA}XYBNs`(X~*qLhF?*8+@J3GM{zXb(ey_cNxFUPAxrCypy% z7@WfN9~|X6utdS6KGzGBSh8v>~XkxWrF*>hl1k- zfzGp`@a`iy09;k8el$eG!L{0Ys+}CwBo{CT7=nx+T;>x69)6N7x`tnI%^WFtFoSPk zh~oGqu)=-tnP;Fw3b4ho#_B>=9I;XcUI*>N$G~@J89F2|1dY=Ub7u(=Qu5$`1QVc< zKr_4pCnCIpcaWsQ7ziXm!_lM?qigkrcjFi(AcgaJljsh<0xhAib00bl@1Z@mtcvnw z8`MGkhrWWJ(QHu+If2CJhF5bx5qE(BI8UF!b>QUTSb*aJuFxOFx9hW&`R&{Ft8QtJ zKjx^80`55B7R=Ae5BR{JfEUHT+tV;~P5a?p&?_fgO$$aBwgqO z7_<{gu>^qC97X{$_~HvL*0zd0ZRZYFv%mM=JMKevq)^~87;3y9Iv}9J+#mzMS;hd~ z@EyMIaYZs*@}FRz1=Ga;;nBzo@DYr*O75rt&Tk)m#7&t#)ul=wKwdGQ z^ojn#51?xt-q1E<<{JHm<_WR_Kc0bxDZqhe2^7IQC^*M~cOB_Lw1WeSHfRr80ZZnJ zt`|v10Y3gL)3OFXYe4^?dtvm~QXtFvAb!L<=o@{Z??I;sxX-*X7On#)`U!05AFCF5 z7jqfr00}|%zKwVBEcK`ZUkoq_{n(dJ+6#0V>O+faTK(~KXSkFg!+1CI3?A@2^azYt z)f%1yr%i_HK7fP&BLTzx#CB;Dr%$6s{@m3Z8PxQHQb3=`Uw?)pV~;wYd`IsnW#ff+Il9ksoJmf$7^ftGEY!vnvqE2jLpH%yrY{1z*Mlj48-#=7vBnI%}Y>&=xd-UP@b@zes1* zJn=kZ;(3ByBt%kp4jmUhl9e^rXbzePbVMC+iFTtpG}kCRzeWM=ox)Ydz;pC}i`v6J zpzq<2chhGJLW`#|4%%U^klBGgX|t#T?+)@RygT5i^#{6=UXxgl_fwDe1=+^;po50C zcrUoaJ>M={a3;{H`U|h3O%f&8Vvc!cl|F4ljG_PNrL;#~<|0u)HiFeqc^4x_=J0MD z#K_QG(I~V=8?S zqA(5|&Fk`bF8C36ByA%fu(?eC6GRABgR}5vfl$vX7%yCf=D;I(BC?q_ko6?%lBB?D zGvEkbk!(Cpt8B-7GR6Wi1S-%$NHQQPFgtsm!4+9UyYMt%&72`m(2;6Nw$VQCf)2nh zpXCn-JeW0p%$B0A~(n060|v;7v+)LGDk@ zoZ%k0`#wvu#pWbIj{G(cSQEYN3jBZ*<^R*%7n#^V4m5Q$3+fszA(VhaGz z&eEAd5)uR|(o@rHg)D(cRs>+!Q-T7(cNjwjWgMZn!PKH92v_Qa;u(-v4x;Vs%XQjG zY>Vfj?eHGn%XR98dt9S%4My3aeFr&|YP%^@CtIKu!H6=5!pF0rzz|iuu5!~c0wKQQJ24Hz3B7Qr7avtDA}QJjDs;^wEMml zC}^SmXuCW|3Gd{0_#UovE%DjJ-_#BL3(rxV=j?j zQ6ta`co<+0+@tu3-})1!S(!WGIsbc{6^`+ zxrU>Twkh1hIL82|4N7R6PyVd$7%q8i*!Qb2FSQ2`)<1NsKm^!ZqJ90g*HTx#-K~xM z=OXRzQ@g-jh9$5G4msZ`{aZvosTVEb9pPHy{ct^eGDrLo^hhkl6#%w&GvXYr zY-QVW&Uk<4-M1}^oPb8O-}D*00T-f%9Ci2$I2Xm0=y&Syn|h($=rf^>C~T-tNvubm z=(X?+xK1#|p3@u?xFWcU(}?;QNAwTa2H9wM7=Z=j;Q4^Zz>T`>NWl&P+1ad&^l})w zO-oI)Rf4SKCou`x1wB!sI28RJ?(wcDZhHDG;5GC!-~rE5LcbF4CAO9LKKjL2k*QV$ z8#3q_8+?ZQv_ZSPBa{FS-LT+Q=#Q$Zeqp+%ZsY{SG_Nfcv}AQxSblq%rzi)EJ7QC*X9*R{$#j%!(~=A>anK z7JdF!ni3s^vDv)npD@>Z!msFcp5-s#AeiYTGXdT}_wISR9KH)j8Q}`X)rSIXo-8_>1 z(Kt1@f)VMrkx%qm!QI`y0jEURc={4tRXYvxdMaUXgQ_?*bE2%KOp_tuU@B&(40%<(Pg*&!i2 z`V4QwzNS6ew-jJPrH?*l|5P6TZ{OP(oj+Lw$AvVQ~YzpWpnEEFN|MA&87E z-ma}y@5z@)vT8_fWu-Goxl6Ts7`qqYgRmsK2wO;eU+71P|I~c%rcdml(_wyq-M5zg zXcry9Cu~YC>Oaq6{Trh1+S~iN$FuxTVcx;L#NCcmO}0bHS^+#;x(W92hvUY&ryqG- zE0@`EYMuGHe)rT9ru$b=pmD2K0yn7sjr;WTvhLky(_EL9Ro%o{o83zzH@Im_zScdh znBL}fb?}@&d}ZkT!EY9Hau21W`Ckx4$UxykKjAZhj_o>^h3f(DxW@OukD|PUHUi%I zXRLA&?fUmd+oertfK|K%m6>}M2B4GE06L=KcOKtLd>6FCafYi_u8_^PRrBr_T+m%nf_G2w=XJX2XDl#{~J-|MEM%#$C zoA~Zfzolr+&cS=p01rhVR@Db;2`6wZpYgFMQvvK0z)07YfEA zh9)}|go3h&fdb7ZwioJzzU}FExPH(+3x<&YifCW+FYe*Xx7Llc|E+a-hvq0as0-DP zv=h2g=ziYCqOOJdMSWrn1SP+y`^9mMu7d+<+7|NPuMc;R{^lXqBt6}=NKH4K#xP7Q z;DxP7ipXuo79C#{ccR~^6Yw=!pLay-McKQZ7s2_4pFtQYB+-cN)>cxF%6xgTvS)KC1}mpX~h zWL0B*0UWC`P<9!gibpIyBc=xssKYrLB=Ch>jYX zGbF5NxVi~c!X<-V;$F3ThVzJte+gze7S*=*N*oPokte{)|j# zo-uJlQf&cn3x5L^I8b>ev2f4hOF`SAj$gr4_&Rk%9}1rHfnYdf^d5a<>vvWe|LHH! zSu#|Lc7zF$;4`w{$QMT}y3RY?r zz8>w{5%E0_4$-lM`HEiK)A!x#ir#E?ir@o#Y9qcLLtuX)0N%kH;9vEXOmf$Q54c?l zgtpgq#jFNIFDS~s@Vl_=PSZunH?F}8*%<&m<+V3ob4ymQbjjKRxd~_0m-9QxMQI?~ z4$lVtgzwQ3t;hA~?@*V|@O^L3ay(SMGFkx{5vshGHsSH;5-gbc=d1tJP6;(#L+SJ+ zkOI4{(wF}8&RdpPhJTLw(eWhqE!vL~|6L%D!enp#Eeg(itiK=a2Aw;!zo-6$`$fGo z@gDP5u8a@%7gfKcU1M=mANlGZ``u&iY@LaXy*pg~0Q?V)wd)nQ3UyQ}U&f_&+vPr+ zzQw&UcBA{l-?zGc{j~#SWo>V)cp-KX1$bb8@;ukTbAJzdu_{OTKLz?xU;5 z7G_xo<9}iZ#1JUa5Gb|)Fry@c9p?v`Z6^&H0*A6~Nw@~X2}~pkktidIUN4E?37D`Q z3l89r*+l;lZb6BR_M25WC;~XfN<#@_+4l9eLfzF6RU!hb(B1e)41v-Q0Ti96fw!j- zl_q`_#t_D~8;=r6b1yFY4uPU%*uFo#|1}Tx`@-xaqg&}bE&jj>R^w6j^!}2JH(nkW zmSLdz{`47HPcj>4X#pE^O6BP=Magq^$w2SHkUrD}T_mxJ-1;?y|m`3MpwZ$;O!iNLO{5-wlO3~>>WjcL+!bLhv$yB zXNuwlrBO#XJTNSH>%qeNgVk<9&-eDtd*GlQwqd3(hqpg_>uceAh_UiIVy8_;Yu)gx z)j7YI?ei1;w0r*=(bRTPI9MFxKUnP+N8b|Lps(OzXdOWe4-;1wXx@*Q!2WR+w`pN@fRI4Pw+cj3!jPaj(>Xy>??fswO)YhKGl~}$1!q+ z>gpPNbYF@+OWl2|zAsJ2bz%s_5ID#XDAoWl)Q_M*dEqmZ==X4~G=3t`INyPIt_j3% z86(au&k+k?Q5wd5q|8@ofOXu*7y^e10x?}5DoB^k_Ym|AMq6pel>_ZRaInB{Uba2I zLn*3ljO4K5Hq<**pGEcOP`x{TPYi+mhJc&|f!9QFm+yy@j`n*TdLY{W@A7>7%#jKK zA$b|U@`Wut)0;Q7^9W1TXyv>uR3i3nq3iLF(gOh;{R${;)j5CbwUb#s|0+;#O3zs0 zo|Xy-fMX=VaGVT-DrFFe z&hh?s{Xm}G-*?6JV+h0$C>{tDa{$)e{vYyA0qM3~|dL*NiWV1IP#{q0g{yR_;M zq5p~FF0JE997p`SBtyU_QAAgt7ln`bzjcgpTw(~s5QrfVL!cBx;GhJ6OEEm+uE!9F zArM0#hCmE~7y>Z_VhF?#h#?R|AcjB;f&G900X3~=-?7!UP+Yriy_-BeQ)gUji#?r7 zZA)kNqqVqd41wZ=z%Jn++do&TP{Ga_wTyO;vc>tDxUCohF$7`=#1JS25C|*gOF>uT zF2)duArM0#hCneu;GhM7E6BLeUN7vCX5A$7G@ATu_J;1UZ3|h_`%-Q$mYA4A}~L%`Dka4reQAE|T? zBkp|+fg=$D#U21gxht=&ujb6la=H4eTsO&8P`2rYRV$r5Nj@lCR>Fo%Xq}PUrTek2 zW{nya1TJd3i2!u&RjN?QD~7sAfSIi-N|F&1#*U)9U1tTOJkoF9N8nPye(%t^f<+aS z$Z}=NmB_Ib)!&kM4H%X$SKgeKoYzbaLP;wHIC0=TE6%nKyf>w<1<(VUn>lB;Te4uj ztCCbtzstCdtKnB-k06kYR<}z@D&kq)y7zF^t5q+=uh4NyBA%7L*(fY4o7vSyW&;L;nR6v0F?yNvL^ zSGVrkKCrAvVpnWD9)$Ubn>=_BC=QykHlPW}LS;{M9j^OY5+Rl};q^k=2nBlQuQ>V^ z+ANMwx|qFSfm<+lwkun+rmInpIme(VzaC?h#4 z5nE3BWgaiF{_CI6_e6U!TrX-2*gvr|wAk^4?I# z{B-i?S)f`ME9m?79oxj;sZn~%-egPZ9o6nVXPgw~II*B(1id2hp8eLNX8Y#p@6y&{) zE%Y_|SyaDGr8PMEeiy25FyTt!d-R7(!I9wGjn*@05-ACN2xIm)i~cvU zAEB0A*N^CYa*ylG!KTfd+y=q9UQ&|%W;lC$hG!Go;@ZI|^kb*+fw?`eZ^?^7le3X@!j^CesKF-aVGso4GGaQ}-o|iAj z$__uT;1S=W_!OlDXv(N3fgb#O{QIKMS_k5P4mku^;mW)t&km$)-@Z+>ULlVUedD%n z-D2{vV#P|BXL(1>?$#XKqzLt5>b&etzdY zlGRnLpGbg8l`0xOhZf+kTefU*Z~f;@w@d#88RhTO+V1$zy`peFN*C10mp2LYW6v`g z)IlMLOALYU2!X(-%PT1njQcJH97KlGmhE(-M$p^7{(6UgS2TL}bp4I4Z#8=7Jv_(# zGNNyu-?`H#0{V6;8b5$v_%^>=-@eOuihc&CZF#q5?HYIfxx-ACXDm2G(d82heBp~P zK6jHQe`V*L!p9gdWAijCY8MIn?*&gAoFclWzq30ZDY~B5>k`{6Xg&URupz*_9H>6a z{6*=BHVfn=bWvdACDIdeltQv6GTRsEvXaSMPfrTAmWbl<+U?rmzTWr&ACm3Pt=;V0 zlo>^LuuX?fMo-WkaN-Y{i%pGw5DGAZZ=kQhi{f(lArSbI@vg()o%|k{E~a0HTf*db zDE@N9LI7NYCvDic(Y0>b%3XT#rKS^X-Rif;kJ=A`hb>vM*uDPd8?Hh9`c}7qeu~x$ z#1d5su-WiCLD!&-K#zIWNWQ%hfX{RI1F&yqXJ@%B(#5*B?_~YAfFQ3>yNrkae?0AT z*R4%^MLm$UuE=Ng}&=yv;PbACFn4P#}N9I`03l*y)M`7st1OBkG`7=j4${f z_GD`@AIM_HTL3R>?uhzlPxd|IM#n&}*wgrTeXTk=-eGTb02a@Oc_}Ht13gGWt6i(Q zd|jK(KVJ=fUe^Ool$5^4{V4qqV1Yp8N|oJ4@&7&1Q|TXNJc1Ykr4s@N9)-#qH~I(4 z!y+kfgHImhPB~?Wn?FC>rKe|Duw?GsIi@HDr359TTD5AfdGk~Yc&=N&&Q{iOox&lUkh1aRk$UEDk=X#{L|FMkwsnv3a>p@&l{w1;sVjOO6{iyF}O zu>Qe0SFVh*qNE7WCZGI~;YSJW(LehwrvpkO?V~t0Z`$0|ty@=pn`eDnxO|zeHBQ34A*&3RqT1-K|gs1PBQ|(ojP`Q3l`3|ASUf{pF)54q)>!@hxS50 zah}k>uN6q(9ih-Bf7Fk{0hk*sb$w@^gCUGH)T2#G^f%81SaFYMXgkXExsURJlFU2y zI-b0K?6H4&@8^Cf6)RRW7^WnrNExs1va+(YFlC!5>{0v(&*YD_h_*tT#res5=|}bI zHKcg?KqKvk{@A-BiddoRx*1@}b^gE&+S;U~1OIG+3KxAgJV%{yoom4$h+emLj)H%H z130=cH^-fI=2>pwz*AhdXtrfWD_6BzRX2C;Tq*cI_yw$X$^lnhI~6n)EkE(Q$IJk% ztTWwEn@L8gBqb+Fv<;n+?6GsFcg{g$JP+=}lXx$`t<5}M2e|oN6pkJRQ*l5;1a6cl zUhnNU_rfzp))Q4AU#ch=3N_(~_C|dH?~Jw)-W$EfcNAYrv*zh;jaJMB8m(Wyk*lcW zg4L^5n4=aN4sE~>YiR`?pBpx;b4m3YnDV?>i9-Q5tkGip2k4QZIeX>|_sIWy$Teut z$Ss%5>d>L1!D+#QY%_EN-r|UE)26LtcXfBqFYa?ax^y*Kz$pS;!E^e`Cx4+pYvF#l zj!b2&&;^C>K`!w6TO0-_UO=RYl zEn0n&S0{WX)(_XCZBU0`Q{ANcMw?5QE;2l?BfSlpSf_yL#*G^cU*Q``New*is=J*3 zxo-VhFH6*iDpjh|oZ4zkHG)`{fmMvXudL}d#`d}3g(LcPia^1j{; zY_xt+ZO|t41f8HmEnd7(?{fHA=>c%{k)#U6|_b?AqB zl)n)i3_FxnR1#fDn~Q*nNBK0x!#~InFyE78c4g7P`C1f$Uuxq91%unPaVxY?WX+n@ z;&a{xf{#Hr*cb4*f4%yOYn9QmkbOa&pcl~fpkL(c1w!l!O30?b8_}tdC)A@3c3Gl7 z%PQ+1bP3*z@96wt7f7B|aR2$wTjsl~TD7XRM_qi5jT<#~k6&=Hn>ca2Tdr|*?$pK2 z7GLHa@Z!)P^p^0Q_tK}(fBM2Z%Sn&frE!INp+AYA$g{F#y*?GK3(OcFh3knvHa}*c z@W_4o5#(U#OYjBFTafJ zYpi=XZzx@fBy4jTWy%6RjfISas-oaT*C$pykiZe)?9DC_w(;4mLsLXq-N@EEtcI;w!>?LIK_w$+mA3b!55NcumGLw76?&$U<`P91 z1!$Gvz%x8gp?ws20^KN6z;=^XdXoXk_PA_|vu4#AgCVP-D`?9f1OW5P-0&>V(BAGV z!+nNjv>&YWW{mt{RFh;tznJT&0kBq1pGjYS;eM$=#<9otbkF|&DJeONtS*5*A%ejL zrJV6@Ri^y%6)Q{uZ&2SmY7ds825fii+@=6e9XV2)yQxzHKm`B*06+jqL_t(1($rV`U zCk-0nZu#*~U431jtyRGAl3d}}_1E0sz`bAo=2z~R4xNp*peg2%9S~TN&eoW$O0S|V zG@(b}4~2KKmo;~maALjD^EPBv-FmJ~+YWBYl3cfX^$KgVLBqz9 z4;$PD1&(-Eaq}k}#f)c*_$tBQk3RaJ`|TsYa!)?}M~$nDyWzU4T?HjJ>{zo#%i_gT zwAJemB-75-s=x-~|2PStBV;PFfS@jNvrg^W#_#Db?XxQgvaX(Z7V;WAU$Jt9tEwOv z<0~uqQctoKCpPrbK*4Y3jJZXgELM^Q?LZso83cV|+AwrHBL4wzz!7jO6dWqhq2YwS zg9A9TxJIEq1s>q(-8=Mb6}|8h{2}<8nwsHe&6*~hUFRxEw?mH$g?B*9Bt-;AVQ80j z(1YML$;nME*h?U}RqGB$yW5m3(y&2emyaY`~C$&Wvt}u8m%8da15` zEeBOOt2KmbT#-(ToczS|Yd!3S6!9mG)bW7@l zKr8am<2^xp(UW*C&V2ZNpeO8@sx@mFF3*@gS^RyIL4?T9Z><(71cIepEk|}r>GHKqtIl8x8tI*S2QzaRoQz3J=t1baxZ~=K8cn0{w z*w)Ct!QT2>d?6<%+Y&CQb6AStS*D!i-kP^ujn02|XC;^dPDxmmMknS5o;*j$fZdxM)keX4u?tv6f~CA%_y?741Ty17OQ zOpN>NQ?rwR!(kimVF7Zm%H#Q6t?mPdy={OEO7v zLI#7AG2kBm-7^+Y{f&HREz?^V4PiTDUm%0l$!5Y1p#9uMx#ma04@W_FTfBU+`9bQ* zo??*+z9e)7d|)IA;k%<=UD-8(Ea)dR__^%8XMgiM*Sd8ZH(PucUC7#8vczqXt_Huw z$5LB52Y$`z)2F%PR)?KX&_ud0kL_jvOA%sk3*n9c^e$IV2d5M8y4J-VvlK0+k+;Q$X z_ndpyMTS~YTr7FY%S${&zmYGOuUMhIS9RA^Iym-V^c9#P7aR0@)O&yT})>CN@ot@3+&CeZrtQDVjXP0XU?2rGLgyP z0z9y)FPN>=5n$}`nM2lcWE$`TnW%pKTKd<}6|Y!kauajQb*}@jW$z%@WMp)Z<7BSA zzc=>o-((t~9rUvFlK`s(mh(-jjoytQPzC}lWk@rTELsLE(T@lM2LuF4wQH5pow(ov zbKxH)Nx~1xgP794bZFOJ%x0SejT$DfWW+K|D8ZAPRLL+{416%t;|C8hWl#3P1#X;D z%Vo#|nneU77XMJr^Lx1%HA2ssrw=zKHhIcqGamQQW*A}Tiy6~Q!8T~%U=zmX>nyYG zim=6t3*n7^(k^u(G_{d&4x{Vhq9S+Pz~kJa+(m9dcD6g^q*JY5lVs#YKg_T!vs~Z4{cVFjLB>h0)7G*52S~_RDdDxABE6crX-b_} zIBThmi~f)^f0+~_cp45r{VZeD6DLiSQf!q8wL#ex1i%n^j8Z*gU^_Qm^(~QyT0gbj zLQ0ec+4J2@rP{`zjeQj~1ixYnhmrWx$PeAz{E)tY|apP z>F4o-hSHV$_C+9OegbT%r&5b> zjrn4%$x=i&kPx|U{TeBfG4AL*8PNs`>IRyN&DykJ1Y!&*;85H(Z{EhO^5ioj6p~tt)2$!Jv*JeV|W-S(_&bx?wIVb?gUl zWr_36{3EP4NlkUV(&g#`NEYwMsF+WY4>KzW6fi9AygkUp=5fQ`BvSo{H-6rA) zg|=<{1anWP&J@tlioG8{^@3ro~O=~lr)=fRcn1BN|^pPl`(X+p3@Rh`6bS?YiNCD zql@B#LfRg&DOXbp=Rt8^$C`@41|^Eo0ER0S6cAmB7}kB(vf~F2(Z)C56xTQ;ZPB@2 z#~(LXJfg88>*tF$W;r4Wj}(3JT<_Mst-et*KKJX>S8!=6zCGO>jckpQ0cp7SJ8+sL zk9!m;<*(KikhYu2nX+z8S0 z_3AaSYwOmpmAoJ&pm2Jf*5?)Cao{jYz1qSl9H=ljL4(LA;53oF$)aVVcvr6pPJS2{ z<-jI~HRv5hCVUx34R|Z{6cjAd8b9B4?b_3|kj#^px6s1gtP%v*seN`xMxI z-85KgEZiSB;5c)_Lk3Nj1L)+*lT2y0K}xvx?b^AMPCUitc#>pW414fW*1~mCSjMzJ zfREyEc$VZh4E9qc*HSP178$>dGIAh8PLV9ypg{xc=b117yM?9 zpeHg-Fn{1Ic@T`??PlNE zk8`x#0o6^r@2~ss5)w7p5 zrA?hS#mhG8C+}e>zVw_6%;}BiMvnSW@}3N?(iNhwL++TRtSIQG2v8Y0@o@!Vsaa5($h1PMXbnsTi*UHP!H~j;KZ#6GHU7?M=d|!Nz4*tK4k$pgOIcy@26t7q=JlkY@ zi^bCQAUo_J6PWf1$REh@Tw@Jq53*F5f7mbAS3n02X5bsL@e0-R<(Jzf$F#5vUaZaN z7{KoXt$<_9ug{2ip!F{5PgR0I;(At<#ubevg22HHfyy-iv&psM84F(_eEzMI00c8+ zQ-ZLBS0D;6+stT#0`r7Pvcdh~H9xlVI1yw9NP(0hW&3QUs0?-S$p)AR&ZD~bbXQz? zm3gnh)Q?r8fL(Te@_q306dG@I6HaNtENHxx4G1cexuC<;*7gu}2LnUx4TvX&vJ(+$FFhP^C;URwIcdt@JStqwa z2G9Qe`@2!2Mk+%2HunpSfAHWT)&|0DZ$)j~@uxqy(@s9kqK}y)gx6z^>Emwt%`e^2 zx}Tbs=5D*~_cjOTpLe0b^?9YT{`2jBvgmBa-M{|;_risx0>c>VerJzeff8;wE3kkM<3nWJ@DZD5_}sw zZ~~lTtkm_e<`SbkxByO6Zt*lhdo?tsSgf7V1By44TRAxk6y1>FQWXgSED=l_N9u&d7F0VXo4n@au};-&X{5bD{Wm&xquQagJ>f;F)$vC$a7{-*Su*Xph!d%eJIzs z{)LQC?b>%V#lw0jk4Se*^x>S@Ul{HJzsetfU~3osh)P)qfTLa^-PAT|GZazJ+{6@F zN19cXXq~%scbl}n5_yEOd-}AAa=K__kr^lwF#MoM&gyuCtpmJ|LT=jhiMAd=FBpk= zrl~y6Q81IfIV-D+IR;?x#1I8Np|oz@CT43Y245VEP`Y7ALLpaIn{~ePJaoEPX`L}% zL3^7vu9u^b?*kiA@JWNQ0mC0KJh3(g+$;-;%K1eKvP8OPbL_rU#)UW?fP)_9oArrW zQwk5Q@AP$%3^12}`wB%nwljw!GB!|NdhvPp{;2oe?`~F>53TWmpTDmx9e1sUMFRZQoOHf@+2zJ7S&~`5AAkHYb0mTvv(9@ZYvsTps%8H| z02R3!*=40ZH$KDU1ZY0*aI&tEX*?=+NpCllON&xYh=7lZ`0Q9 zZ&7r9QIx|w4SycGvL zjsn;&!Yk!y(xOF6lgoGp z`I88h=5pG*{np>QKmY9?QtWmU4j|hOFeU5=$@Vx*M*PyIrQ{DvOZHhro#*8)G|4?q@bchi*CuhFWbgtF@B}?+)4wETYC?z8AfUn>s^aNdQ5br`>M#e-Y zB9fOj7B9|MB=1osi=sTm5S+Vcq2YPkwwdB(I!8}D7z1!UIqC)n0&r{YoS7D7#ae(< z7FjCzPCFQrp>yzT*;43fgBf_C6V?ZKa&hr;>p#3{y_B^$VnL_$1KQuOMYQzgPVv&3 z)m;m9T^^s&j#7EiAI=t+p*?4HgX8bK+#XG@dPn zed&4qE--q59-&2}*FeDgb+CtS_X@d0U@Tj`Uk{d-AI7q`IJtK(_ z!+;n4*|!itpkvP<{Rhrp6!yWJ!~@{hT&JuN-#3}VetF|3PN)6)9qVEl8FJ`ZZ8|h` zVeG#N6o5Wne)&cBne=MEyzy7sGdD1~0NvrMuf8nfX0G%}!^OWc+;cBH=PtSUGB-#1 z#5do0(`Cr0O55-gf*ja)AdjGjBsgG|_CHr$b+rXuAiGiLh!Ia(pHDyiOruNq3Trcw zyu;2?|t~b%gW3$z2MlfpDBIfQj{=tPN3P$Y>zN(0+{q`O zYMBJzdGmGm6Y0lrkYnFU7jTX>6Q?(RBcC95@I98%&g3HSh`k0G!5T=vhTP761lb5#YRcsCCI^w(5NA^y zInmjnM?fd~Q-1R@9=dJym$oJt?J->@fE8w48o z4J^kPkMSPQfcT3bmYkfd%~6q^ll$-^57_3vTet2d0wPS6f)W~m?37bZvuL3EAGp^& z_SnD8uyUb{gm}o&CLV2g45AFc=yK-S=bEu5SCPFdq|8I<#&cGuHc%K~5Tw442jA0A zKVjbK2!y}8n`;?PTu{4N5|6`)iaNgWrW;K-9jJ)rqh+M(-+zFFlGX12etCl%uPDT3GFErY?C7|U z^7L0X|I)ql&ReF?|CV4mR}TeMF`(f2_rD)@Pdxp&c@ws2)5gZ%UXkFmKX&|QW{CCU0EY5f77iRQ!JBKhtIiKT zc+UiS1X>JhjPdU>nmsKc90k^~{Rf)YWjodR$tNGHAHO%nEZ*^WO`>EZUC-k(oIm;G ze_<{u7YhEZOkl** zaD`F^jUV^1rH5@Kp|f7y1{R%xm*HdyoYSUGFd;Q1#VfEO2b8NQ;4m;vo$|TMR`dj3 zl=&^U{nmZ@=_iT`ZEqS;3i zqIl*$8#Fevcxum@HO-tWTDOiF&QF^7nWa)E3j}GpfI0IxbLLd>f=NbmjT$#KV@81# z3Pkb}@yBMIh(iphtQ~A3=gpm|I+BGuWK7;{Yas^Q#(Ez|4c6;SrGq9i3Hro1jbp}w z1#^twF;Y`}s}HQ9tflZT*2n!(0u3;rlJ7#vfRz~17(4SY`jd~$`2il<<%q7Pd|a%o z53lMN1aKR;_LPzZg+JrMxO3Ov{~{V%Ck0Jg_wPp^auX(umlCv%Wv&=<{7{RCeCp{Z ztzP)yNhh7`W@XQ__rF57`vX8xo0SFu@XHK0qKl1Epc4&?tVOf}p7%r;qJTlk0uAyT zx&r^eEus>~j~{LQX)Xg|?xJkr(-`BoKAOs}r;EjR$B+BO&KSk01y9Ct1p0+1B7gaM z<)kQC69et!Nn_3E49$}UkiOC`hG71oP@>JHQra^H6l~nb0R{Tbl;a3=!FZ6fkUde( zw{7QT5#(Q@yeK%DK=1ntzvH5;^(FiX*I3sWJ0+|KjMEn{$1xW;XF%h~gUF<_XU}x8 zScdB*`X_2}(xeIQ&OhH_nPuRGJ-YR<@w1M6C83;Z}!QdLG}KS2OI28WwT z_GgdDoM6<&If8YPYy1XhDYnjQ&MZPw&JoZFavx3>?CUnl$)b&(Pg6>1cmzgccm{@L zcu~9dSzZ=W9b7l(L-Cc2w(aBmvvh6VPauh!J=7tf^-g4A&eKFzhV==02r`6$Na<)< z4@-9!&Q>H6A zs#h=f_8YI6tdS`l*N?8bRgx!C z1*SWCMQx+|I!eaTjdGTP&O?FU@r!}=Uh=nsXp1Bd=WgO9hs0CaPsM}K1SFaZ$*l_d{nlRw;XtD}GDI)^KG z0-39#!Z94kWc2f|fBTc|wNg{lEK}iA8au!wOUnb&y>cv?$#qqTmoR6Hi9ibE@VRro zkdAbWt+#%C7FX7IS&MNfW9|L?^G~H$ogEKYLca9?v3fL5=nSSz8mFu!vrW%HHn7~> z9Fu8sggZFo`2Bko0%S$V6t<1_G690FDbp2pDWsC_#{k^USh_+EL)HLA;eO}a-!-9+x=;#v!O&L$6RsnJ9nrI-fO~t?hi;5g8RzS)FqB54 zWH=-m6s2-&rHNa#D8~dPj4d$k`Sa(w7E*@9YqJj%1gjk`#=XVPQ6g0(N)v?23G(72 zIu!xJGjoJJzp+B85x&POv^I8Z_nw6aaTNLt9Pl)x4vf%mz45AfE-shh591{D^Bf8b zqKFYhh#WlotaHtH1dLk51=k>eZq{a#`Y3fsA}&9HUZcdjsFcTUbim#ulj*uwmR zC!5v3bZv4Q%23bqV<&xXQQBvmHq1OIIR|>74C^0^`oN7IGujpFd{#UdiJHZLfZ`54Q&r=MNn|GV4?puP^OW2q!MK5hdeZMA*q%c?{2(q)IQESJlZl zQ4Xw9idqam#l_1^5N#+$HxV{OFOb%Dy;4IXSYnh#K~^j!T`*AN_01-q5^#mh1xBu( zNA-2B<(-Id3r?U|Lt)VC=>Dd_<2u4GL)@@_y*+~g8D)f>(Pp(CT7Ud{CMQZP-OI6=7jxzQ9( z5se!8^9zR#J<(l!(WPc&vkOL2EE?(Xg`3GQyip}1RdcPs8* z+}(mZ+`Q+U``vrLzmhTb7}-0?lkBzDGv{xnpTbA|6SI~4c(u|VP<~3R#~frHQd?rO ziiSs6(&P8=CRvmkYfhh3j-WDmr|`uhm7(8yuPzjiM%8?cHE?U$$7#|XCd43!q#4p=#9mm_%aM4gwribW9<20x`VQtTP-hR3yOM^O zVQ;W|?zF^iAZhnwT;K1zcE|3AD04S5a|%=(Zu>fm>>rl2b6xp(p?9;SJuaET)U8MdQSTJhm>770llN}3cgkHaCkFM4n(}9m_w_gdfW}~xc-u}mK}tiA zkA(%UZTy{+I8M@>M@7sicZggr=jf^x`EM!m5L3kEQaOCf1Viz6Rtv+LC9GJs?nba< zP!lrNzZfnMf5+@?dwvn)VQ4Xe`){~){S;^>((hq6`R0oSs)TW zizG9(#suOlSjLS8iM+S~>A6Sv!4}w$Qm^~phx^d}y2VzhL$R5J4wmD_cfZ1Oz8tyo!Boys0p#Ab)2i{kXq@Blm+lvNr6zfkgtv7Y1?$VrqYzKh$#|!=yh%@!}XFT4lX< z2}tz%u+mUM7`u}v>jo;2KsqOx!UkbdjNjbiSTnI`NEX60$5Bu=$y}efI=kr^LYp=g2vZotu5#v2Yt?W}jtSe0 zj(D;J$4IEqtD>QrGxdBFmUall9dXU0rTXZ>##JxmyH?fps<8>-6M-IH&)G_`&bPJeF1vXEQY3ertyq z0>ARY`)|CH*Q?qWEHf_S^CF{$a+chN%R_!Ik#`Zf0c2+A^sx@Z+n8Qh&~TvV?gvp1R1x=rcuh(dMYA<_h#*)}ZEMT>D+{ZjW75**G530g2IJPF=O|f`GygiI#$GKH3=!WfMBmt* zkH-FYKUc@neF2uMjc)eMj8gZMhe(DXVX-ef@?sj%!uu3amQzE~h*C|#HM^!}YEU_NFBkh>C$gExK|Y@@Ws48n(U+9QC4f;Ql6o;2IX z**=%sz5VoR$;@-j!+5FM(rsSlVaTG>)Y38{~(DNtwZf?8>0w z)a=0V*cW~UCa1OvDsvCx=PL@_CfgE@(+1|MYti|4ip=h1PJKz>MysBq%c&@&!-tRSn~=%j=;Yu(GZEWR}C6Eb`jU=oIm&{72+c>tSMFPLHv0D=|nYGa9DdxtD~m*a4Or_7Q+43AhMv}rea+P#5rV# z6!|fi+P+^Q+b5Sy0mDChf>=r#MyS&CMfL?AT4yMhIfgj2U&1oG^v_q&Ez4!s{&dm#-Thj$Rd#_d&bMXs_+LpFr(Qh3$P&ksrp4MqNb^ zj#)OxLVL!(@ZV_XpC)hlgXO#vh_X)?%I$|8?yw#I?j*U-)rd?LH_KpTCED{K`k=#+ z2o%v8UZt}+ZtAHX{%1(y6tHK|zp|bGempM*p=}YHoQ0Qcf=`UhBz?9ncPEidUXGGB z`b#F6*VUFaymu0Ci2GJWF2>BCuqVD97{2@nE3LE5!wum!_!04H@78Q=Y}`FsM9j*E zKP~a)BA14kB8=rwZ%BSomUsr~?n~~sd2rv}Fv)Cz>QQdi)@Rkc4uncD+g2@SJe`GGteY!{6iLP_QtTVm<-GX7AVM@!~Slbzvne{ z*^%U_`T*Zou689a!w1|ue^$micx|R7ZV7a;paRKm_Vg~y>DpKWw$;AK+0A%xyflFS zBzfVsIc_qS)!CcxF*+^L;IFm?y}vl6ax{msitZ4NuyhkpFKDQ|96>d2pys!#JjtKwo0vjYqQYU&>*`lQiT z{e4bJ?`Nf~cyxIKNH*fwyYlokH~66#x#Z7K|+s;~u+-%!^L)tiUX*7=?{H;j-FOUpk3Hc>FVHLK}+iV!Jx;IMk!7llf z!wj_GnAJ3syQ=fePmh+^kmiK7LI(j8!c|!o7@0MxGe*L1c5O1Dw;UsbQ*MdM^(WuG zhz6p$vocdd?l56O*7%anW2^gF;Jb@VEP;V0Mh}tie{Ng<)1v4N1ssAGIG#`sYb>RKt0`sqX0KD%j~p!W6f9kz-xm>68{EqZ zoVm6DnI=VxqD!Dd5(Z%f5#%oTmlW`kzAg_uWMVVs`rIVM(t?|t?9#~k=j_KV7AOl% ze12u3N#!D2Ed0MwMbPBmELDA(l-%eLMNUi5?D8gpW$jg%Zwl-t(h3mFvC7Ly{cp4p z+8day%GXNmHXSy-(LQypOTM)_`}Y5xHb)0-DaY(F z0;k$=wPehOgzp$lz4!B98CRW>pwqlmQulwPI|k|6F9zx zQ%>UD7fs!BOXuwM?sUU_Fdo=UY(MPEGSL!`5wRt@5>wLeed>iRAM*O!k1dRPNW%A{ z47r8;8&#z~$*QTYcI+{oto162=@Pd$(vyOR#d(&w_i!7}`Jp@8jAz?{Xo1ARq*^M^ zp{0-`xCpHjLX#{ji*4`w0!}U8d}$3Q@m!yZ6`N)8x*N8b80xr9kjibGWaaL|@AqtL zbNJS7xUz!runW&X#Ha+?d{Fo4_`N9RUa%6YU| zWyr@!lOnkR1-pEZ&+XXgWRWHcRvO9R5BuE}V(J`cN0`iXr`ITEHg2*5D7Yk$=V{Wb zMPYiI$ay&1f6)unD)A+0D)M$kP($1-2h`QWnLsOfE$p|QKP=8J1)%KFRELFGy74{s*gY2c<~P!GIx- z=cS~i3*G7Aq(pU6Ft0Q0HsnE58T}nu{H%`T`KKr6qw`Cxr>0uMN2Nhkn1qUmrd>`x z@zu%MysWWOnBNJ~ot%!A%DuB6`5Af?P(>}1rsFud*$L9R#*#VjdnzlTj=5=+81fM1 zQilxFwYhcDk`Qo1fg4kL)TTlhHkDPv5lutS#0zZBIp z0S$c*c-hvT>L z2Klf-@RqdLml>@5##V!PgW4TgJOnX+K!TvOM>&L&Eh`Uj7^lhI=<5=06+Ztk0I|^? zmU)M+cpO8Dz#bDOBjZ~*!y=S@;Y@h$K^l9O` z5hG?{X+-cnn0%QD`A=@&tm(atxyH=u{q+c%k0TYs+HToBlk^St8@i5E9F)d_F{`(a zL7ux&@9GYU@2E$dBh4)PazecJo)%x8`;z)+XE@tqq8YZI`6ZdVr)PJEX7lrbLh6O&}~_Q+(onw`iA7$9Qolhw{w7Y(_j ztoaqjBrzyDYv)c1w%DpQ$hxE8&ZBDxKO`Iu^>&NXZ;<$dextX}L|>L8BSIYhak*cv zZ^JNDIl1kA!!Q z^)medpFr{{HVF7zGhg_6j>()hEV8nym(K-?`r9Sc8$#m88*($SWv!tu6@Ff z17voHpYGC0kb8`C14K_5OG4~C7( zD4S`Iz8@`20a|bl9?Me-nsiKvbG}HNTAx_CNxZFk@qG&aVx7>j(?V&WHEOrqx5LCc z?HKk&TP(*NNNzC#5#n5$G6fifm|C$sZAHKU%VQ=BkqbGL=fShcne2j}YOBNWpo-Pr zpTHt$tz>F(3ICgu;Y&3Cw`d8JImehOJdEQ)SrfWmv>EU}J7DVwG{{NHC}dXMW3loMyHV&%;lNy`TQgF{0Cr_}l!K{G^MLav9n7UENjVMg^v4+FL}NjC+B zeLS?k(ep?>@5s-jET}OCZK2OJ8Pz8-3)0l%xC<&LSH_uoj3iw-7p4V1V~~-9#_@LL$qXivY09=?!j@Un#hXtw3M$JW}ej&P9OIr0O z^{w|DiYA@*d@jnsmGIVdb(DGj9EV>urynHb;QS{tx))>WCoW6>_MBK+r)sk zZ7e&e)S|KyO$jNmUZh<>Oy)R7PGSma$PQDB&ul)Yr=TKnP2)zVD*yr`rJUjJQwYz$=E9`4Xe@w&!DX zY+p5nI~cK8uO3we6?$sO&44|~A9@>~n2$8EC>0@cny8X$!Hst5SqqiM#vHmLD67BCDWrikBz>Joz3{O7`LJY1~U!V2I zo9E#j`%8o3gu|(S6lw1ma1rASRF&R%dcHW20 z+QgFxNEo6_ut54P$|TrMNU2p&L-%q4lZpeEbYdy7-6k`7LSdrCrK~N`ci&W&EOJ66 zTOvMUOC$SSN;u!JX&8Wp)lbxPTlq9r$S*YJ>^}H8Xom9OTk4o=&X?sXgKNp9uV%Hi zI7SQLFjA6np(RAVSN3iaa__tmxbVma3GM0U@`d0j|C}l8y_mYg$;9uWj2V1oq{R!V zjF~a1$6Ft?BdXlljdoZ`Z@+BEMtk1h4PDSsW+$=sbTryVw6c z%>DPc&&9P49`RRO`EZZ&XwH_=3@AU*+&m5|nl=UfSzUKFqYQFQ_90&)PN&*XKW6?t zT4_m?se@okrw}oPxVXE7U`iEl5s@4oHQ|mKEOt1@AZjSmS9-UH-LG|aSro@o^Cfhb z6%0R`c(^+?Y0_BjbG)tAj~t%=3_1)X!USpB1E!xQcLO)pb89Y64-f3!O1HYkve7H) zXcVuF`p`T{;ZAT3{Wk9}*0!<%o1qT1`-)cR5D*RTtW#a^{lQgW7;AO#-ub=O+69A4 zveh_9=N7uFan7L0`?2sFl=;~sFAt&zJMSPlRA~V?FgNoJadU57mP+srwhDVxxwat- zk#E#GsIe;RI=joLdQ!+~#U2Zlz!<6r$Mz8F9gn(5{l2ep3=158&5!-6=3=RL#^*(A}IK&yTB+&>=7WqZMtv}EmiyV)6*|xlnu|t-~WtwE}xy{16p9W_Ab&* zc!cP@XBBX6CiSat&!jH>LK%$sFtR7-@>(g<>Kr_ybPn)MdXIXd=gm4nbP%rACVz(M z+VNTJP~mUNe_%--&IL{&&mZUgbezn|-COw4eT;b@X?oxkP-#7!BLJH5y_}0?n)hqY z9;#p8&o(ERCv@zxsQ(sM2TD6K1TIa2#aP$7Eep6rvpl@t3}4wE6tVB>Mzpz`YY=PI zKAj|e6qQ%sU(vAj2y{t-AIz!D)QyPPMq_$=YN}f4maHNdVbZ)FWlG-4{%*3|n20oX zX5Mjy!jj}R?UM2^(SPO)3|W!y1Cq|o5l}^YCP|>Pq*4d91MN_cqsr#_zN%peYkbj* z2>YL|S_~gDyh+;ewTUMYSI$P7oLOIt zAg?!+#ml%~%EVZ%52QhB`qfg;DYqS0)@m&eg)cMf_v&9tW{w$2K~2I}4H?3iT{^{0 z8$4&@3K&d_rJuk)t5vyvifQOz*_?D{Wi7omvV8jtYz(|i(-RiJlJ-#)4-H|1q;+h6 z{Lg>OTmIuH-0d|@)35SsG#5t>lT@j1e+n~pUqGVFGS9`Ew;kula{jS5a6@Cs*ad!1JuR?c%^ z?cV~dWT^d(;Mr1JbjNm(V}?oa3$qPmi>9IXO4rjmo5MC(DeMS+(nKqO?_Z@82Vc{C ziiOA;@>}Bh*`igr4=brQiiXD;=@#+EJmR0tX1M)A?vTnAR*0(?! z!}nqo`7wFV&| z=eedI8V&vNEC_6eHQd(f{v}8w9ku4^YT0&W;9N|^UBCYM{&w_oP9ae(gj@Z__j<~; zXGGa#^Z^NYSQ*fF@9VItQ;D!a;W_%_x?Y=4Gq!in`^Y%^m9U(}RFV&bnV$D&$9Frt zh2`j~HlK2ls@Af4$qFkV7y-EcI#Rg)i=1Y}y0CPh%>BslgSK@MP}NlaejV>;W4q(% z_z^muhy}%tVxaodzekUIg5!`@j2rQ?J}&=P{Fnn78OSaPmjj64z-IV{)CjGwtdvzh z8t%~hs-*Qu*9j#r$~8kf$S}+7GJ-G6-McPqIpJN#)rfz3KW$g%x~8OM8X;3%9BjgjPJK4NWB{|(^`<=tVc zyXsV_0^FNU)p6D;BvnD8xh50vPZMCT7B%!jNzp!0O(9|r>3)~!m!x~zG46!3@3SOK z&=z~+0p05S&VBKUKLaHl>I{^_l_Cx$&(){k`)voF6yOszI-v(o??MMt2rRY7PQrBN zLj#wRjuq8|A;7eHQPb_OFa%%1p|Wcgg3|sh&wP9Oxr4uX0M-lYs{%I-u=}$%3;ExzTw8vMjVWgLVXqn|pHJb=RoWd>?pCEEtcxA$KCynY%M_yu zG$;R1_W?^}A9Zo8SRyKr26(KSUT5-!rpNeCBDo_cB7Tw|KUAop_a9<)Y!Ru1=06Ew zk8FNS?r+IE6eruBxR@2jtq1v3AuyUJD>ie$JXaO(ivXSDV&zeu2=JUbNM1u2#~q>eBkr-%MEh=iSpvN+N~CULAxx-9dWAEZ)nYyEi5-aFH_eT+2*ZFk->`^7|HkfcDs>Ym)l_)cUkN=+9&f~ zo~t(u1^`y`2^_d{QF4vy`ybH*maN_N{H`sQTaBT(v@+On#xkC|&^Fz>yopVvVvT-{ zFkx4X^x5r~C7k90?(UesZw(wjZiYZS!6|U1>;wee^b|j&W=)UsMqVQfcYlp4vUH4% zkrF3W=-j4>6LD|cG=3Z8fzmN;l25H;;3>~3HacpByxiFy_gv=I30M|Ccwwn9{ogEr zBzX$$DQRx*J@6lbFq6~IB~V7gq0PqneRuU+$Lv+bmoH19t4+4nUD1ePRuORJhur&I{hHeY|4H+o;aKdw*qfO*9~wVQvl zUn@7|d_FytnO4+K8c&2y2fuD}tlZ6X<$F^=6bbVVaL(zH7uLobDF()&`VyaU@0r%j zh=<9Ug?o+(59bi9m{kYy5}eQ`kQ&@l@&$!I$U7DQHodQiAOG&fw~`2WuQlL3&XDF~ z6)Nns;{)Dn?Npa+nwX2DZ+o8upIixag7cWU#Ve+LW z2o*WYGz%xcN}k2rjcA6OAee(ovlE9V;DMM|CRNKU&c4_iiuAjQOT?&#AREywk^u}4 z-3*plXk5Lj1>DXvI}iPL9KV;ld3B7b*>no{{~ok&_l5`;;{`~Mb2547&Bv2TU`n)O2KI>t?$DM8r$0X9C8YRAo39mjEL-!0|$I^zKWHce0w3AG2 zh3?dk&KV4aFmNjD_+leq`%%7;^;6Mb15>vu5AH2UE>)l@AdJp;eDp(PpcxP^K>WVj zeC{ssSIo~!z+B7Ls}vgAn=XnV%j3#eS$Fa${qhF!2s@z7-y|IOv5p18&Fd)aT+#3c zx`pw7Ac`Wv7*`Sg!Y%lW{4Kkipgie~PFaEVBfj^oMfaRS(qtvlE!mVb18(`wA->dA z9U1x4CiZ~q$MU_zXeL!?^Qhul>Lxih&$pVj+Nqd@#zCP?+0?vH7T#WgyI^N1#~1XM zVS#Ekjj33(pZLimE_D@nK*9;yB|Z)jZ_ z9@M=aw`^?t7(Z4nUv*kdI4_X1QKD;S5*TP96C3*Vo~k_+{>x!dV#M@}yHgmgKNJ73yP~en z=W`w0)l;&facszk%-8A2dr^P!(>!>~YHh&4yKpXhhE_j!FH^mcQpAX;2)P;qU5YtG z3CSw*J3g0vRIzcAB&3mv^$%+{pK?kVv6||Q3rjpS)55sg!?62Ij_4+QEeK0Q(>+5V zwGZ3}`EHCi$f{k*;$4H78_qNRm8V6fP)HpIa$CKZ4R+KK(T9}s$K#XcwQG*x_-%LM zi`v&SN8r|}x_*Z@i5_gJ?O2{TmB?|tJN*aEf}w?d{xn&m%r2i#IP5k#UinhZuy)mV zhbvX6+T?iSw;6IojX0+|6T9nGX>rApC&G=<>`SMeVVE+6F1hP14SATmO7fLS+ ze!%j0WU?KJc*TQi31pDizxn+!mKV~;%?lh`$4;4{;hS$IMv-@%+(*e4H?$jud6c(w z>3xnv7-q=bl(-0a;9IX)W+LMoe%Dq#VdD>bu}*vO%(-gp zdnAhoAvaD5RLb5FyTuLNs-aDX`GpCFZ*^L_p9#R@S-L=SY0+#K-4RRaWUT?0fTSVS zkdwDrvG_T7Jqkj!dZkX;$Rt_T(boyrGlIT5zJ9j?=Zip^n1n0!diW5Wb29FKUbI<| z&Dche{E3OD^m{)i?pS(%QJUTC7n!<3$=y2yfa57(&qA*BkRIRO!5;ze3Y*_eo27tHCAC%1B z)(4&l)9H|Te>4no2^rAJs3G5ehs^VzX&L1B=zEJ4ttivlxF&=b{qX!0Ogo9k{Z-bX zh7Rw3E4_ndJn>Q^yTcc@@=E%Y7P2s4&hBVM*!>q^CG_@yL1jRW`7+4U_cg^S*Bd_m zOEr9J^C))jF%t75q2woVU(K8QY3*4BO|p{zG2wCs!>MKy&KDvhly%QIugLDVN7H!P z0!>Se(L&Vefhw6VQXy=gV`+asoSE+8UqpM_NDfzrY`FJ!uvZW8!M{6WWIfA5d)LCN z$mO;cE?I;(=mw*aVu9*4f$B4F6NG-c{tAcGbs3+joX8%+>TtypmW96YZ_9feDWCdt z!e8I}JH<%t=S?r0g*Fdi@Ax!GUMiDI1cvX`?;IsyOt~@k0;_?r>rem?byeZrv^c}& zL-ubx3Q@M5Tv{!q{_mmA|L~=B2<`MNSaT4nNpK$o9vV=U!n+3uyh!3|5Q8p zP+$JzNc#i!UgI#DTj=MxqDk}}ib3jep73AR1$4x>*{EKurLEebFb;rbXG-0Toz~&l zOjz}+%Bsej=$*0z`0S5Z{=t>`R0c=CKN+Fdi7!r?uNM-JeC<1m)CEXEq|fBEFz>pC z?}Vqbw&pS>hR+UfKiLl&kko!_8I(-cyno4_ixWs8 zw7ttJ_TWj$eJO>@ci${kk}4y8c{~dUSJYAkE)iLmlf1c$+Y=QDd^B{$m zv97-P9jzp8UAO)46#BmKK~AN{aA3anbTH?&i`xsux*kG_E3=BgMCFq@lLVrwOLjye zB8LojJH^|6u>8`L@VGk2x*pE^P$)f5eHnDyWB&G@qG{lw+MRwNn9ILXrPnfa!T%@B zR>QTc-nzIWI_~^jFuiuDi`%QPVBg$~Tke)p%bXsCzA=CjJ1nqU!0UMj0W=eMy~2#} z>bf27w6^Uu!aDHyYclW(6ffQ#m;@Q>Jp(C4%$#J9bHhIBOrF(O6=To&$b)nwTfIu; zxaV{s02$XH*pN#jt7Z+0a2gMGLir+m>4C*U*jkAFxWnSpi9838p77a{58Jo>kV-yD zymqQeJIBYAJ^AP#Cl&dzok4~xEcDGgw)Rs=|9lNA7mXEhXfrCRDz`xB1+53cU5Bqi z@lzMUeeTC6?L+70j=th_@r?>F=cqM)Du7o$Cz(Hl?Z*n@vt~Dl=o1)^`Ct`kdgwJ1 zc`XpbcE<=VJ3x^$!!t}qq?9({ak>j<3g2Lbje9?ppSEW`OpNY_Fu4E~`@<(*6#>eKh%li|gY{ zpl0L+Z94`G zz3EY@K6VM)=tup!(M_VJl zA{@zb+wY%n3&u>Kd=_VU?o<* zE4LP*hOw{Js(&*MOXPj~q&}(wHXr7l(>+ZkfDAAEzsPFOn$CKvoCERRXt{W^B zxh!F0Fz{&U!BdxwdV8XuPLVGz$HD;|u^eNh;Mz1!SxhJbgB6c(5)U6P(%6v>F%7~7 z@ER@7yBEsZqn=h%ZCA`Mw)J$>^Lq4Mr5W-=L&Z|s*L;nxjdTd3hVt5L7x4K{(>y&< zFy*|*=d-_Kht2s)-D9Gdzv%pa?jwwMSDz7yN&maQ5I=y{7ZPe8;{$0bEJ18CKjh1- z7Uh362}(`mO69Od^L;;sMYl~&W$9M(s1X(5;N^^OME;cvAFfq)Azyqj#XkAHay`2D ze5QSb0fOp(yeWhTEq5cxiDu7Qg1?n;h|F)KEXsyQ45G5eUG$2Y7U*jOQGKSItp~Cp zTLT1E-aBeL{Z_lf_hns3w4i;t+MWrIzM;$pRLca z1d#@UMdY=(GsnUOrAElsX|qc)q&pKM=*Aj;mps1tO~^fFuA2s&+ih=!vsd(}Ut%x> z3-Bne%k|Ny)~k27QZWe@U9aN54S(Ea1Z$7Vxr!)G7`Mt0KEc6v)iFK%Qm2*%kug2Ol=LaEfzWz?8hHz&{(l$vKd0CxuU)1HaJE4$XY+sy zy|E4iJleT2{rB0tp&)5@JxXJc>?O~@LV`Q(dop46L?HkWU@GQ0*>-aMRI(YpzHc26-*{TIth%Tfx%S$P^FGf4I_A|za#Gd`mC)=^sSX=81e*tc*4^0j4 zzttJeK0*;fZbP4avmMzs&8YeG-WngxT0ozLZhA@0HMR)g%@R0VuX-c z&iaL3D103RemkqrI1#TV*GtT+WKlIzkj zU8=FE$8vkyo^&{ZF_BUB2|Tnd1Fs_{^k4iI$_FoCSM}qQ{H@=K{K7Fg^p_sMW{H5r z%&ZgamFAaTS3^I~^a}}(mY%26OmB~G3)+5;4VI3tr9Q-8A3x6)umlMI--YsT8NEym zin*VN#P2__Yz7US4)DmXeNvaRBb(2o{WpiL&7QF?TI{UU*YjTmp6@Rx)nHqM;ToTp z;+LU_;twJ#nkn+^_Yl^(4UMru?_SBD(Ie9XK260 zcIrQxoVgw0S^?I*gEu``TNVz@_Iq}%HWt5Na{=f7jD1&B+gJ48BkhSRw#Mg2KM})) zgF8vB=x4NAhpuieRvdQ{1)vPnYqe;)p-5OC^HIE=ncmB(J9WEF+VBCk%jFlG_8Vr5 zb$)AFyYJ@2`rS5ddtQZMu`!MzAAP|dR=y??olsynzRyU?rYk7hgFeW#n5!9$;q7Jb z<|di$AF7FEyD$9i`yBQeY$N8!ECM*5+YTMXJu~ljLKQ0`SI9KO`{wW-c3*8A9Of{- z#3*^yWV2LX-G@sD8mijWKU=N=FzPn)=bc>pA0!mJ*kN;6CUr*(Z9DYt>GRhQr!h2C z3pg~Yklx)HG+3ad>2)+$A~3Q4URe~RJ&(uYQ=V=5``Yo^U3!)3|KklcH`3lIw!V_( zspG@(`ElS1G^!f8g|+og{n+2(GdDdW`Lypv>+QmLodN24vn+E|6ddR{$UWfwRyX~I zIvuW9ox-$Z@PrI5bziSQ`CwA^>W9gh#>2Y}({&xl<_=#Z50hM}5m;BLSyMgw^%y=u za|Hm+)6a^C@HOp+VM&*Sm}aR*whR~KfU48oA=`1xgINUsbPw4;%2NJ^7@smvD_Jk5 zY`N1Vy)_H+c&j7b%m1~EQSso_D!y>TYc@5lyzgBA+F$Mo(;>ns5TFY8X$=1wV!Tu^ z>{<=QoLmYi@>?KMI~4E>ODC0?9eJCqq+o`hHP(s2S|VDvELH1P#scJ}a)U4u&+NP& ziVV)8v9D>{jtRqbx?PFMnH`t-= zC4Y+4?r;2Ue(yMq-rVEc(`xc+s?=?%rUS7MId}PFE*XuIc2#b4FP z_gdN|LuA&w10`Iol8&Boo-%FoXO7%DJIX!MhYVo|sTveNowC%NvB?E_^O#&NMv8Z)wz&91!GH>~fb)~RTgo9;1#-DYKKmU{w*{A#mKp>X)dhA0m$k377(@*-bo~XmW2q?KzA)cLvRh^^ z=7#*3d;D7$LXy^F@WI7w;Q%$!@4eITcKcPobVFzN+nPGATZ?;TJVAII?fMqIm~`Ga z!7e!2jhs^Qt@6D($BJl?lG_CIV+a;hBpIu-B&juhQ7rQTrDa>*Rq!o(gN`P9Hw+oy z!uRee23OE$?NNw*vI{)X-~5kJvB_qIzPs8-yFa+s7tvObJEP1hzd9h(m<0341<;uR zn53gnFa+b%*!+W|iY$Ibx?T-P_9h~j!n5;!^wc*N0 z*awqx*hc1rmTntv59XsTq4kjb)Ij%#Gknm+nE0jc6lSwhU)*t*IIahUA0V&r)uE1> z3TInQ)-;pTzT$Py@N>W2{nA7sZzm(5kgw4Iu?$vh2+p4QYj1#m;18(v0gh8+ne%LJ zV%OLsELl$ix=+;mzTonnWGSx<4*)-=&v#mSxBI`EXN#4k9*;R}rn^AY=BsUPZ>D{F zBjQ6AXQGadDc7CszwQ069o}4>xH(OVPLiMMz?zBRl-FQC(XA>KRXqoTZrv7#uGs+` zbk_ec$Jn6r!Y4B;GVL_D+TyATF>Ef6q|56ky`}2E4i18)5j8Fw?d~m27@lx~r|w#Q zpzUwV%hHyB&-YIk+odWN9&Q%yeE#^FV}RC`b~u(fVznynt8?|5V?O@9zdL?1mw3M4FL&5hcdr&V zDY&8uz2!+v<;#iW>9jax%SubT)8zV8fJr7U^F8U8DmumKP7yPqH*D~JK9*uAl!tu% zc%ifcH9u8(3!iS+zDh*br2(wZB7W#^grN|wo8YSfVa?fN@IzS=kc&Esx|DFYY|9NU zDf0><$i}!9hF!%!!FzK{VB;46447groRP})q1rRSQVj@^M(sB^77``9DBKo%f$vJ3&;QrVQs!uY@KPKb>Qx4HHA+xXY7u+tkc6z|o^;y&aKYF5 zO=Y(xB>}4t>Vm4D&Iip`Y{r0Eaom_D>$u&Gr@!lMEZPEIu(Q2@2ikDc@{iy88VpvS z+WSrmmzh^SE&NJM$`!U?d7(%!?Bx)l-^t;0?$M^_qkX3T&_ouD7Bf!wJkHfWqRI=# z>nrnW+c$o(zRVmRMECdOQ&MZe)z!ltu&%}B7H5L36mpeeVLg}ajR*|iv{Y5;e*NIX zxfs>zRzW|+jDD947@nbrNplL~r8D+}LT(+>qTN;imX?72sAsCRm{}*R(dwCz(800^ ze15yP`QA~nJm8u+K4RtQ1g@6aZ5PTSW#wgCw$4JCV4kDx9GEFePQ1#ZX*)YRiR_=a z+O;I%*jVRC-u3E>lw7;V+(*vOad5x3?(UlROA&n=qt~cvP(MdAH6s!HI9CN+=|AF; zyg#kxw&rd*b=lI>1csA%^(Jp^<4#v$X05i^Ud0K0KtF=z)GFr(WAMmbj$B@QJUt#y z9HCnmYt39fhuWOsU`ow-M(3NJuIjnx>}QF5W=u}a`?b5nW@p=FEI8SZ>wS0G;buSb za!*mP`GYxk;l#NbTN(-#GjNf!uqunY!nzxG7vKuN@aDNuDSHp14qHr|-XdNOV-NtO5E!u8_9be>LIF%M&V*^8*A6uVVR2>Gn zG(_)vy&?{q>pYjwxCTzkdakjt&(1uSeQ8h=k;$ZP>qdaYm_eq_hx!dDLGDFiQidqa z*4aHl*PiEt$=x&J4FT{7I|{}Xn})A(v)&^79xV&1Ca@{iuoYgQ&l0l7xN9&l`jsEe zaG%d7Pjz_8q0*@%uU7aL!ST@rGVI&lg-!fpY&g=9_Em<|wjA->?He9`FGEGEBRho` z!n6}(-OScsmH^pavJp&>1x3DR?h$i@<4XI=Dz6@YX7~IL({Rq`BGfG9?XLpukIdXS zverZHImL>N<5!^U_BPlFI9r8wkBiGqpEHy`$}MEQM*rHc+v!w#kZ4NK&DKdf1nhR- zJF~1^hxPCThEV=e7h3x#Yq6I6tvwb@kWsX+a-IC$F^&B+-fcC!wxA>>;jxvGF&L==KuOC(BHOtdARj9gd((u3;;J_{}IR9 zoo|1Gk)U5;Q{Xvp1Kc1CtXmd*-f^C!zL!$0hN7Ygt>d_RZyDj{@)>DnbBF+ds6I#Y z1IzQoPt*K?pED}E0D8G13>>+fLev*)e(kG6>nezgI)@D$syi)ufZ;BnL|gjo04nM9nR3UJ$%GQm?>2mD@iBRJH&~M`Ju$B z)A18BCP4nR;HITKd}F2-%^A_vwVZVJ3o0qRi&(1z%2lvXV|Z4R#RYGRn|2*Yt`T$i z+IPlhK^!_zUkqY3qNZU){`EJf$41?;f_hLuRhQ1$%2r8nN&97@?H2HzBdx(I;ex3| zA$xboUvTP<{m)|J646vVc%dc``Yo+oN@@B}qu_g}M6Q!O37qlslL!WWM+XA6J`)Cl zv21|hN80`f@NJi+%WHlgX#SlWP4e;hR{`O|Sp0ATN?cnBP);WH)p@lNn zhUq$BRGRkdnz~j7qJ#00VRY!^HE`*-rhntjd+}KWR-w}5Ni45QTS zhMCQ9e8*&?6`dHoLz%xsGL+a}(KokxQ53k$u#|EZmP}4U&(~<{N_17qIF2gsqbg2S zDHy*WtxZJ~n(1OOwwK0QGpYC3?d^VnTD&Id&nRaV@U&PIe$b8p%Dt#%`wbHcpi--~ zE`M{`mXHAV@c$Q2@B9||`~UA}+s0PgWbJ0#T-0XUwmsQ)EwV9bvTL(#O|@B{d46BV z`}+sXFV}I*nr^JgMkAgW9(u@F z?*FhPM|?z9)k8**WH|PIReg(D(5I7Vmgsy!3RTs~TOS}cJTdS)_P#IP@{_J$cen_7 zT5Tf^Dl6s>jMI)UQmAuK4 zUG_li$F(=j!DD2VudzpGbuBtr_(W!@q0trKD+RklBb!(CI|KYIJoS0SR0{8;49f|& z#4#U3aefXu z?DT$e`92M~fa<||C>I?ICtSOZO3Y^u*ws!A8a}GnHN^E=bsqgL0=mRrU+bY)RYA=p z91WspQ^y=d65AY;Xww*O!O2;^BoN`MTIaq{@=%(1reaE7(_%3z#%UTinDydZr1zqk zJfSQp$3po0x!@aka`$)8J;spyq@OD$nf*#>+Zcy-X}fJld|vyC5NPaGC5N|TQeSYD z?1y&dA(X6R?sl=&l_@&XWh%^`T!QEodV^#;dNNN^!e!$yvyyh4ZEY{7AmKld&4>a0 zY<_Yb%V4W()}CVNsO?HDPM$K?wDG$;26!HqW&FmDZ1ddo>AO9d{qDcctWAA!fU?MS zU}0g=_U(lH23FLapv%DT%KTy~X~T2EZ~v|alBX0T4_ zZEt>5Iadu7aFJB#VLi z^W6v`zvyR3LQlu`WmW1E(S`zLtb2mO0a?9rGlm=+19>HWO=V85-3wuUKBJx$y8-&< z&{mx3*A5`jMY2-&u5A2E&-!CRcRTGX(o(Cou2sga^$-x8XF~RDFO`UK8!yB6CSou+>E_hhAQ3JNP?yt(Q-vsI7d21lNer+}982M{Eb7 zf?OzlN>+U}LL_V&Frz&`@7u5f%evB7GRPC+N3zfv6VH9Rn}BQMgr|y%indJTx(ZZ! zh0P~tEyq%#MKFv9M&Q<&YQxR0^6|V+=E=E{{h^5*i1I6$}A%hRF<} zp7w?`D;1l=hr^eZq!1;mwA5s+kA4>cZWB!r*o%7ibcVxxU!Uk3kdLd| zx@7I^R;WCd6c>x6$_q-$VwEVq2CIA#j<0R`RrLrqMis89x?MYxbBzm06S!{N_U2nG zq=s0=9uSh<*7Mk&srpg}O!yzH%vO5_1aqYEKa*^hPij{Dg$Oq)E;r*Z_Xz1??9R(as~m1JbF;^O<+@rAmdlU@GO{?l0fR7{bApZ7AZ@sg&ZGe-F(| ztet7k_pW1@g2!T<^AL=*a#PP|^bS`ezF}EVpDjp_yf>^+sqZtck}uNtdN7xxS7RX8 zA#?#+Kgk!cEkB?7(PU*jxHq7bkrC|hiRB_aC&0Fr)+9wf zL*_b0`f5%RZr_umThlaWo66@5*RxpDCEsV%+94N1oyWp&JK+6vlf|bri>X;u>)#G> zJFnYP^vV6U!_qXqN~_=3!9SOV&S|8E!RKE{4Gn#FKcfx;#z501oEhpNCIhJsnp?Lb z+d-rqVdnsozq*&pvb^%LlP zGp7yJYbUBwxUYabQ``(6N5z{vJXFmyD<3MD2tG$jQ?ME6Z7taBCg$p?jV@;vccti*~kFu4N= zi1t>7m)z!)Oya#Iq6T0Fa_#UYLwx}o-)h(w`2Ef3ka7w$S&)mFA7)v^v}=OM2gsjG za|tF*2�Hj(0y>W>E^Q{s5QvU?dmw!A#1gG?mycI*2}f8>G@)F?`Hp`BW2t|9l^~ zQ6ZqiA(uJW?C`o@9oX*tW0w7|uk>@nK^&#fU~#p&)!_*L;Ei?FYU{i3W97`J#(=5N z`*y?42iw?c6Mxg)m>JKkT=S=UeHJ>?Z2L^=_Iu;|p3wWY1()0h=x&MjC(NV`>20;# zPraCA{Mr#`!9Nnnvt5xIQ%ag}c6FBKNI37VsERkO^qiet9dTw{ zbmFgaABW)6IYNWGq-Wo4F^`R)L`h=8gViSJO~0I5-$i&N03myE{9wxe56Pa;D$lUV zCR~Q3JgT`9&nI$blDUa8wuuj3^=F1RypnQ?HU16S~rIi^~0NN zHu!RJKDT6K6Zqx@4NlcnP=>0SPxIBBPG{@h_!4a@4diPMi8 ztR&`4(qZbE$h`F@KvKWurIj_5p_7qTlzbTMh1SeedZ__l?aN3kN(5+SpHZKfM4+yvD zWRl-#Ly=6o_IAd`Tf<$K=x0`-pw_m{jeq2EEooJ4)JpM>(z}j}&3PRU#Y%A&y&Czi zMthMLh@@=@AZ(aFpRH=Ngx$gC^8fkK9hZ&Ys4^F&xc0YYA?|f84;Z zQ7VUv@|4fb@eZD8j9^StzoaygLz5P0@y%LaMEPUD=5_UY zmD4XlzI9$^qF5T0l)|g(vL7ETWLK4SvH$)xacQ-(5vG*;6%K7e(3`k6Nd?P}e1P%W zZj&ywj4e-sO{4_#_<=)pzcwONhX)&{+aMaB|HQvxwuLZKs*U0#U%_lmNyO zJQ=O7W)RP2=nP@zU%7<{B+L`^ORN_6+VTb7+}*+^V`%slV{K?JbHGKG?CMM_;<+@N zTHpl!eokqsZS(Erdo#N*dzbgsK*s1F#b?+N5$W~ue38}l`{{0FtP3c+*ZkU=V}R`R z{AYrw8$LtmUu-J`WRxc!C^YMS3i-m_vcRMKboEj@WuH^IWX=A!Kp%Ae|#=4HKgFjVmG5!CgLK~scLP$t3LkRRBUho>Xz&dn{N z+L?Oj*HiKO+?U+2Ju}>H2R~hI?^~PCz>Fd?UD$Mccu5zZ8SYUUV7oPurILR%X z(4f6Ph4{Z&@(gW!(noO5K67(7j5DP+QS}`eUx|2bF$_!i$;m#wrERuUN}dTtQFZNJ zh;`@&JnAmWKJNu?__kb~QNKbMFH+P*>-~j}%fF9mG}^D;r5^*&_!}&y{sxeUEP1## zihh4$rNEqR{BDt;Lex2{D%7|4nL@}g@b#X7(SuEx}%Bb-X`Hyxs6IKV@SIdvU(gU$;mfJ_Pl-1!wngZzKa0&2>lQODscxPI+u+YJ5zYzR~r5IX-!@Zmuy`wi#>*Z3qi_ zj%EqCPUiA*A()`_<1B6BK$7!ZY{U6Qlm_7Bhx3lgS)cgGH5k4i<+!H?;4F*d7)L<@ zWFVpS1m^5ugD|0rT$k)r`ib#a{2~@K9fC?JdONC5Mzvffj0y@dCJz7QYO6L4X>m~( z;clXE$buaj)D3SuGfnVHB-pr%q-*=2&9MqF)!fBX|Ys7 z>LwNXK59XQadmZN3u~CCL&EFzmX&pE(KLu&?{Fu^PhuSygyZ`H{0Q6&L)}%$bj~Ko z0n8J#Py;8f_s8}nGLP9c$)DvRX;}igMbbADJSFdSulx3`{Un6fiXyhgNXNff;X z?>m6lf<-{!E5?IOlXGP1Gh+vPUPrrX2)en2#UvNQob&I5#G;{}>#t9@e3wJeE^jMc zS*mK{J!{c#(phMt4ZT~)sE5Y$&bp7Gk^$q=1TxMM`qgd>&n7}PMu zgShH@*=>6+A%A(OPr~-DB6KA!zO?q!7@y1TRJkYi+H&@zB+Tc}!CyUy4E}y*@Y0Nu zV)8=q9m>@Q0X9M2tBvPIzzsbnFAa+lkmMGk9f}eHPgD zD`m8J$xfB%*KGKoWqTSq^sbSaL|yd=t|d=5$#ar~xv%!u@~A-!_I&^F+Izu0?Mcaf z*pf|hozw8AKQb&+?`*I;=RX~%UiRsG+3Nezm)k!ba@q#=B!IIw+Y^uSnXHh-1tv2x zFbog~001c|=D@&d52=PAFt)Wz&DQ zh;sx})$CqQ6gcDV*~p~{cmRIdVprS<$hbzku)`5}`y89ow2~kbv*2PfT9_QL%nv#g za+L=r-pJIEr?G>&HiTtBojMZtUE|Qnj32Dy$k6SEV&!5gwMfar@7a$_5NPa9Ft!fg z7U5HTfA-*0uuJ$oJSI0;(Pt_dbyt~!qZzusjfzc68!D6jelDC&UuxsVt|}*3pFuBG z9REti77%#qiV;cT8(cDI}SSqyzBCSiG0w1k#;8l*Vpp(++@QHByh5$+vMny%05Hj2>eG zqyL~zGp@y|;^^DxQ9csT;;?##uNY0weSbdU&~)Bo3;wmH=5a--vD^Ro?%-A}i!skF z#t%drx1%ZBaB|7HNbp7*nDx>=IJu<1E|oMoPTx(Rw2ej~Bpa&17~j2nW4 z7f7n0Xu!RxnpNu`CL}kCv2q=xrR;deem2IuZpt@^FrY?ChbJs-3tLdj+cOqK_phPd z3d2@1mPmoOX8U z`EM~wJkQPDW^_)$YaqQVVa)aaOggPDJ6DX$GZ>W;(wDtfH-1;a00tp>CS?M$1qLsx zqsxV=95zYV*IpF(T?{KT=sBh#gy>B!m{{tAQk=P(eWX|LY9+0Jj|1;(}e$mJD%{p-$<>h(5;(iqu0}NgXQQ?$E2C(v8hgZ zjj8f6qt-YfDZg81DK(rb2Q%485;s~)a3=n8&ebb4P%_5A*RPI2N_PvHm|-Hp!oAuJ z!&l{Qqm(U%e6V~!qTo@L36K#=sxVew*D-InuVxax$aS4;=!{vnlzOx zaRjc!!l9wx!NtSz#OQmScOTU+b#4?HoNH02h3P^q&~Irax)xsIve8;=LNST6j?H{M zvj*CN5*!5~YzDrIm

C&?q1J)pNKXkcHeSXwKmUG(ZQ3AA?u`08RGybILR&%W8{}0Ye&e`!qy|c(-u3# zIZkc)u$}iw_mF6(%E(gjk6oBvE^5rQAi&+lm3#lV^>5fW0_8SB7Q8`^4uog)#_iz- zXJgjPjGnY+P3#zJg2{j3t^pcbJBZ<)T=rY9AJG^UmVOYJdg}}1~=MxYgpZf zT*6U*;dO&_p?Kb0Gm2ZN7~CWl{RVIcxE{v53usXV5ry9upUqX0ba;!qZ4^0O-9l8 zgK5Qs*Vgf&zK=JqVGTEkyQ3CCJZi16Aq0Tls7=6KkMni9 zujZ=!me}Yw3c(mmHk>scNP_Wy+lsUzWUF~6DDQIMrp-Zik9LJCp1BLim0Wl$3xS#-D`UKDekx_ z(}Xt(+f%rbXA-fX$Z6UGK2yZk5LsMiG6^ij5Ak6^27fKV-O1FVK>*tC39aDxRIAzY zD$=WId@;BO@^ z1Y?@+griPf#~OKv`hY*i@F{i&DIDh}@d}$N0-)$xZ;49v$F3@eg$@`Vd!So@x@{** zCg?~if%y+F*M7P%=^zXHeB2R3Ch7!MUru8TSzUv_SDCf~9<4xU<47$EnJg11Z zDF*et6u`hE_*P^`*bDAv$Kl!cxR#AimlR%YMs{#)hzFHbJ*WZq!kA2vypdrpt z7KfJBD>SG*V%4$EN|?m(?!r5aG9#$&=$08JnbAk~? zY{xJRZ2?`euiQA5^9ln>~6afD7)=?+n=490HCDlOmRl48@b14o_YjS7?mhHvuypTr!-ElUVd4@tDT zcJ_rN>cxtWdN{hDFIJ)bO$VHJu^A9|!nCMq=S7KEgkdPJ@)v?6+nO%0zleLx{`*TT z*Iq;KY~OGrAyHXv%qI7Li*#->J`_N#+~X!V{R z#-{XQEAkU7#*J?L7&d=uP`AxrcG|mZilP>gD^pU5+7o1_sI$>$%7OH8Ke?pWT4Kyc zDjFQcJLUHaw55h~ruTbC@7=y?ZuWoaQNOmopA);TNyJO*_Z6;TF5;QOrQbnKPR@6j zI_BGu2@|=P|C1pkk&nqq%Q>86sQrH|fSOQIPp~3giCtFYS^n^_` zrk*(y>CcR5et-hME&)fs$1m$Us(TV-VJ>x-Fb~&mnOJ&T^bqG0`7hpHw);w?=r<}4 zW?^U0hv7jUtZ;?=Q9)%p$!T%d*y%?glcYZ0;kys*PuD*4I0Y+Jf+x;F6yvMRH|o4P zFhA~~_fg`mav{R5n)a8cu&*E8jZg)B7nDz_@5SD{N}mG*UmNnS{7%_ga^##UCiTbh z3!76>0^i2OSRGfJ?bkokIXIaT#$;cWCeY3VO0v)efuCxU!Nbl}C^7S?1WfP#B;d(V>-t`meo7G{Ya>Pz6sN+7dvBHq)StQ=*dQvlDy^d7J4UF zF8lV?j@ZcOj(lX^S*&w|R32)J%h1NjtH!Ea{J`Sv3Ug*jqpyE&ygf+i;)Pm zNiTbsrVj8Yt0N@hSS=*)L^dd7sooj0regci;+_Y!1#_m}ldyor)S%vqMPt>U6X0W< z(H2!ov8f(sVN7f4QwFh%JO)NO@UA|GW81MT7A28U2BX%E|L%L2uXSd<~cfk%_Co%7lw5$rTJhO ziiD{G+mF&gdn+LJtO{0i z!y*?hugMAQKVKYjqkUh{#-`r*h^iWH+V>2EkG_&t5Z}y^zam`VJrL{Gslmf1C+plE zS3>|KoB|N6Xk7^@9(H1<*5|Tj=dlvdQ)81+roV4Kznh1{RNvCqMUDPfvu`4o*jqSRzHE7&} z3sGTvQJFR~M~B2y_^pqkOn3oh@~oUaJ}8Kqp3A|&Dh#I~(STX)e8u3(tWn>6hH4|& zkVcH(vGs#YLt2R^iPB%qrdaI9D3>4&bl22&g@y0WO@VJ=qyz&+;BwNuWgXPq;QYti zU@J!Pm^ZuB9`w*M#Oqf79kKUj2xN=>9+DY^ZDH5*HMyp5R`!BCz(!|>RWyL-(*Fy> z)nAtHOG0PZLBvDD5DKc~M#=ka$F0C15mWfhY+AitJtr%AdwOH>0aq{mNzMw;2p)ke zHVD&CH2)>vasGkS!5RpYNX^W`@&+$V@Kye%KmZzqurG-OR*{+>QF)=fqvwtw`y)h< zm;?=tBVWV#;_(~V23-g3l4z+@ZSaza?HCsTo<>BcXYC!wZ5(ZYy?q~k?B`hS4+j3% zSd4<+Nk*5FFa{BwoI}0F(?g=J;QnZKM%V1BG1j+f2dlTqym0P@FrQ{(%e+PG5<-$6 z&ETMq=KyJ!_yP9-FXDjrqP>QCbU=<9 zA&$>i(u**srTz4teHiJ!_^SCNTI;{s^ncgSgD4J!V*1{@q0$ow@S)|%x28w)Ns8mMLy6sOt3b>%|(+ zBzJ6g+jXu`*Cx%)?`^-%_j_n~TRgHB=zWb=%!*LQbbJo{B?aStU8|*!tV1CBZ#8oN zmunSQTG*A>$*=cJOIYQ6cNzO4l|lL_CXCT-AkY9R!ax(^b4o;QGNOmT$ZDYSv}qKm zcx4bU!#>@eA4bS~`}RXQz{)PJu9eE52>^A?qU7|*PHlC#-k@pB3n%gJP=YHZBDQcK zWVrL?FFJkh5BqU|q})kS+=yU>*G){?H9+57am&(86_EdplNRtt9YAYV=K*F_f{DgS z;PO)SHumAiN9>AF=R=u+9Qhn=BeU6k@Gln8s_?g0){3ZPy16;*7-^SHQX$cKnu?sx zO;s{sjZoVDWCp=ORe=iSua%9a8f+cA3^us4cr6-FR|?jC^5|-=n_e$bmR;Fx2#-`} zD3VJ08U*Y!JabkAJwjdCm1_P^6sDXXF>q?dhgE+<#>bZjbGI>N-*IGTB50;dFzKh( zzH@EU5*6njws_yjGO1={5n8b^@moyfmqSVmbh}A}@R4k`J`H@SAeIC_(3%aFpkPBU zIiaT)NQ`1Ye#3UKb*1^PiuS0psn{(!)@mzFp>*mc;lMa1XbGZN>KMjJ&r0R$aaU>G z+-4FAMglOD#ew5J8#cYPw}OK+@W4C-$|wWFu{+TX%S(GO_z2r`!89*U3e6io8&EQ` zR_PC53(moW2PovBL7QQSma25pNCr1eT{t_G=v&Z{sw3ZZ2{r~JX-lFyFpvKML5MhY z0uJq&?&;rGfsNT%fi{Dp_+PVwxsRoR^gx<;A?M7~8XjK_JG_m&t74!8JW@x&hI5OK z9J27P2#_p7Q74^&0XIi2Z0Wn9d)79ExdTo-ZZTQH$m-?OF9N&M@lZ5)q-*5NM9)C_ z1HPiA#Stq63Nuxc;h><_d{(zZThq7Wipwk~(xtk$aNY(7*NBhz}CgaemivcE-BEjMuof8v>Eo4dz57ff3r8$_!@Q!j(f!Jo?_)xrZIS zN%D{LV^5H+@WT<`pkjBxRzOM7xISn};K^w1q3&X4h^nq#(EVgDeV8ViOWHV>b>F7L zQ*CtTou^$whc;ZWb%EtuL|{3QW_Q&u-3hCsLFxpj3`6g@1A}^Rgvq2j{D<&u z(t?v8ELTsK!q6qb6T#A!47r{43*!4VM!JtRd(B-7zmNOsl_24kyPsRuji``%(2Bks zs!AU(ZLzmS(V-LRYzC8VUwIW+k%WSD}GUuIDIRO?De zyb5s92U)-MNc@YeGg1wLA7@(-ys-YDV=#DcZ`0H;@V1S5T=9=Yz8*D#TLOiv+l3*06O zz?0HiQI~nJ)h2>5ON@RGVnmTgjhjQk!1hvKZgDFbRKu-r3#TW{*k8QY%de$#k*L9x}Ppi%WXhQBsc7AASwaDUK(%$fH z!a5wJZO&$-uloQ2E2_rG0CK}>Ua5?bq`NMX(AM~59Ee@cpfrg2rR#9S+0EMQ8R>vV zm@dZfPDdrDxz>BGQ~_N`GNO)cS7uAaS!#N=AxiHA@*P2K%fVJifzq}&!Q!*3bSlp>s6 z9?K-Ovd&;W(iivuO$({I`zIVTs%>{cXCMWl^P>!r@fJ;^#I{U8uZ|8{}{teMV zcO~?`_mlVx`^wh+MleNpo4m*!7w`~OaByhOp|z+_C-9yvS4qRG=>W@h{rV2dAcy39 zcrbcgYH<|vJY2tTCnn&191`nVczwzDt)fPe4wmE5;a^BW)>nUWmsec9570}ia99?Xq-hgG&|vKlu@%cnJEYLl8z7JZw-)Da9?V6u7Uz!Y6x z*150^U+nj3%p!5yQVo#^)p+*<^GCLLiiOXEUMoDwZX)W9M(1kQzr>yAICgG-+tK)0 z3+jHGceEG9NhS^#jybVH8-HSEawJFp25>gM#+5J9mJCjb7^>za3M(uvAnd>I-Qqa_ z08tedE4`CZLj+pvjNgPs5uSk|-wx9Kg^=SisOW{0@5S-*9K6K6z^513 zP?ePOb*k}r_KPhder^G)k~w&>p(~6lN5nTh&w8}|G1hS7T=dnhQApMnym}e`#n5KS zdo}DUFkex#_9<3ae+0Gg4;Be-`ww%1F-DW;1EC2GZp(Yf4ADcq zqaXJe>4g-vK`_f(xOW2MkHuZ6mce{rWN=fcTG)jw=Q*JofK_BNq`MLx;DB;Tn7Y3$ zVEz{hUuuyT&tvRMF!OXPfaMJcE0m7P%T9MdvqRWjZ@+IoBBlj>qMF*;ltpdxy%Stn z2oFc+KWvPckPu!9f;}%Q*w0elzP+XQJY;L>pduBSsHdWpb#RCW>JPRBYr1IC#W+IX zqTJ3`CJ2OY%3Awv@|z0WeY!AwpKQ9;OY2FHJCY|*O4B&Zg<=!C}FPlSDTq_7;!WDsU>5;-_ zG|Z?G6K9KY?80os2f@~M9HzVkJ+xQN0vf(Cg;6%d3w5a5`kz+4l3?7O1Zo^z% zUSn2Ec%JL&&sajb_8uPp#>myxx~;?9ZBZY_-U;3D_i+&fpcC&|i=Nf0pKfuuWTaW_olecxr2GK^ zMGb&X6#Tq}^3DTaj#F|Z{a6C-45<7Ej2$XQ5_oorK!sT27FIM(4@ql7+U#BG>BFGp z*S7uonTPd+#*3S1Z2r4b2G4bmzGx*A386(y_c=R!#R0clVRvd@yP|*2=Zij7!R0U) zbYkYl=hK?@d~V(_!%(6=c*&e1-K-y;oFJ3)uCu=^XZ~K>#0Gw%X>Jk=v)y=DH_CjIkm6SgtE5ohqCWy@*n2;QD2TK_5D+!KOe(WNJwoRb}#y(0o z)~0FrhZ!9mor^$f?{O>M!FYi6c3`yPVx7H^ZpSu5;p;lLPnI4^pB$dwSE(7`z1yeJ zghu3ta4-MSa7(YtSI_nRWENb)6R3_i7I?mz4d3U!xM}7`_X3Bz8-*hGv=w^4#!4A1 zlNAtH$a~WD+Z}b~^6*4QRW+W1Bi?1I6B2{*@Ap`y{h!n6@~Wl`Q=9+B>aqO2UAP8& zReT2cH3B{H;g7d9RJA^`wwv7Fxa+A6y)nyHMVK`js?O`+mO{+}U(DCGRXR=osxE#T z+#c5$v<&vb^}@&7q=1sFtFp*4iG^-oK24A@aD8%^>5J@Rs z)MxwvubO_8|2vicO4~bH1ZMfGe|aqfI2xG+tfk8kB+W4CM4 zOky|>H1y#b(lG!1CHZ75&HfU-IeQ!=U1tu!W2ve)qrJyVuoh35hd#;zqy7_-E5hP|4deK|yC(Ox|E(Cd z7yxz|FYn4XCl$a3G>#CH)V?c1IEtn3fw$;E?WF~awK@!zNj=9eOe%-3mv;8pWrH}3 zR;~zO*>lGv{efKe7u9ug&~WKncKH*vkP<7u8nd!4-RHXFimML<)gG6ovPZ1|o^0 zEcUQP8Fpw0Kbn?^H)T31o&>C5zZqpI0oB)QRa~6haN}p=))Vm(@WYdzROrtcs>GBa zg!>~o{8^NbR-sB$Tg7!URfsk5diDU{o+p}g#C8s44FFoQD(FLVkQzcZ@_0?-p%IjG z32(aurI+9$r1!(|{B8E`9mTX|RkX)~la3UGZt@uC?tb0pgOGqPe?DTbjI-Krsq*b> z-mM9fGR@%t-O_8q<}&pBvSiSV^m<$mKD0`q&4%5g!}1<#A{X(y3Vm%|Q*6!7;9C@K zRp*_|;hQqDeJH&(gL-8?N)Mi*{;`5&;GB;ePf`tN)5{=nrAA((?vhNxTdML{a$Xzd znP@3V!{=KnX~#(*Zwz~T|B(CQ*zxa<$iXIk(D)Zrlfk^e3!aZJ_|!W;o89^Yir=vy zx@2~u-9q0bdun%-J;<@`m5Ns(cKx))%pdiY&A6~vA*`1~wKkvg9v*8)rC(=bi@-o` zOXyL(vhd6AO2|cJpVuju=P4uoN^6NzGiI)&^0$oStoBgulxrdP3*(rrwKe5V!@d(K z4Jn~a>MfR5rF9b5!Z}2_k-qlPl>x6LZBK7(KLp6XB<^4MdV>wZGREu;ZU@%E#Vpc` ztSfqm*)$L1*(q#(8IjowV~&cA3H6VS)+vgK-nOfNs@W;w`}&E#9EaA0*Sn%kr6`Wj ziWfg2sXX_1&!%zhRX*l+c*`l(X+InK0rXlZFKnZ{qNU*oz0wk(%EQC+IWncnF{_w% zf?$+iV|1ns4BZRyH=itN4EAu5{rnoSVYd82L=hePmB3e;+ly|;=VUPO%HnCReMoV z+=!Qz(s)^O>tl;xtQ;6;6TLjKiVhUMb@W`Qos|wG`_)k%BXX^{ z!P!92V=ytQSI8lWSFJ3CnzWEM zx)pMf!><&VwhjrqeJnrs{~%^$#1wnRr>{#-T{u zXdrp7kgKeF6Ql#1W=M6bWcAP(Ek&_hV6yI>MjSuM78d8;g z*H-K4`!!pUC4o2;0($s+vtzj`0LA)ty{zf`U+rIfL5<%o6EQ4zI^l*<#+e$=>Vk~v z%jgQMI{pT}YbPuP_I&5S!B%XfeV|#v+O+mf9~S`6%E;0cZO#dKyzpO{-iGUv1K$UQ zNJ|EgY^ZJRyMVF$Z$-je1{j^8@5GQG&k)OyL5aY{>f1xNQ24Fb8MF1s%W#g5VvX?a zNcwU=u_l9*wrVFNoPNBhVN&+>JWUBIQi1^#N+Rpz(6K*-@65$SI-nJV*)`fq-Ds$SsoX? z%*K+eFT9!EaCae3m<<#r7)#oOD-ka;t~YYDG*)I+kWj?$i+snq$Cyodjd{1MLZ3j# z>TdBZopLOKBGzBN`N7u;>lTkR+}~f_>ypWC*KZ#g_5dIB86-9&M0+{VO7Rxji8NEY z6d3s`;_|&X*?nPyTGVs{L~+%CD&w74)oa*u4~ZWk`9kEHwY#__;M^sC0q+}(Q6=T0 z%jaEB;dxDLJ^72xMl1LKh6K>+zbiz%jXB6RN{3E@6P0hR%+wOKnLd+PD~b;gmJtR< z+iCTf_`xTIVa39w$SKWfhT?YBPx*Sxc+q9Jw%;BbEhPaTI*c3)8>17z_o*ngViANIR`loVpLAh)ZdPn6xH-hWW$Dq8-9784e>`gKfp4!h)%P=k$SO`Wz0)7m z5A~lyYB6MqkkSNkjMVw2a50dUW@N!+#luC|oRy832j*?53SI&|04<`$C>|q|Q+Y^o ze!hdbh6joY^oOm!+TRE;K=%ZaoF{s;A4zDb{3Uu*=Y&V}SEtW5PXdH$t1!xJ@9^79e^udw6*1cOu- z(a+5j^TNklYB7`voI{AN`T zL}IAJv^k?z&1-{T(gc}eJ#K)PG~!rOReDWRJiverI&s@lb?>mHv7DT*Ukb2A=*pT_ za3<%<&*u_ovIUEy+ka9Qkw&X%#S&GG!=u8sI6BhiGZ);uh<+mM`E0)Zhn=jNGjORt zSgwbo61@jd`5jU!;Ee~%fhZC9FI$54#mqV zse~Q(OxP4+4HL}4MHt^gGKWm~^@xW^lWsLveFfXDD4I~x)LGObMKmQfp@nlC0)iuH zx0_^M8{xP8v|0LY;J0(SWSnDp!ynNdVC9@}^(?A0;z9*Ozq;nt#iS3pYYQo+lRF8e zqQ5=X_exBjnrTJ4*KXG^MZJ(o3pB#6m9QTmonyFrlkhkWA0Mh}E4B8ygc+xBn0AC= zPS{Ju5EH^VkD~t4Bj{nSuD3#t5Xms``gO|2a0;EPN{{)B{&>?5*Q7F+m8l$RL=`rQ z8%avSQzSW{cg?Z%13!%m?`Gd~+We@&vH6GDjxZtl5K^BhZ2L(};GGx|3u0_Qm+MHA z4Rc;H<=3j_J*T6j$h@GnaVQ%7NM$ANKaX7nzQH5IwQ7Bj+ZLB8Ii{EoT0GFa!p9bS zsEu1JTLjQorOHmzA2GYdCDsLqgd2QG^mJ=Zm0_u*-XgLOzvwv(szHH0!ao(=O@J{9 zhvfS<76?r6NG{nYZznpZeollJWIlL34LHerZ91@CkmyZEb!sT!?^ar- z=XM+HAusWR2Eisp(`G7S8xPuDsluhPA_ZTJ<2$hQ1L z;T|{w-%7?3>li;J)C;qUyvP2<`Z4xU++%qT%h-zLt%KduBF)s&mQb|8Jg+cE2FdTw zMRlXh4HaW>bfd;M!U^<6fs%!dMd542p`GN`A^$;vX|oGt&>r9Ys|c`*f3^juqUp|i z?baJ^-1Gl&bq?&6by?SrZB%Sq729^jwrxA9*tRPbR&3j-*tV^c?>yaC_uJR^56<3a zt-aQqbBuA%AY<&+u;O-GPgy7=XD|V4Iw91rNZ=fGhdC7F{9#KS#32D3)c5m;xWoG* z(-k^FjfwN0#=jg_4m`gRvu5;z+%}WaES_fA4thbRkWdfAzQx4V)rvn+ff+Ss`?2{r zzmSgymG59@OYe_lq1rg$AvL78*nRknDuZq_$frtLeV)h0Q<%oYn$R41J}1 z2P}F$n1^=-I=PjlvN#o!oOZNlbFO!I2eYk zKc7}zN(gEQu)RBmb_i*F9@!Fr(uM4T3BwJs92&YyI9Y;fbB&0J%`*PIFC+sL0&?Rx zqz;=xXH=3b>MqJlNJ=XI4{1rRzE(j42gP?XTLS$yHuGs_ag?as-V2F$p-d<$_U6{j z?)*6c(w^QT{zisItd&qe#K&${{g~oY1U(|VA z7N|4E7#k)-mTdaH@U`WS#-23EV!XJNXF0sE@UH}y27zW6aeVPlbZc=5f@|foij{H! zB3cKBT3V5Og>m(HlGkBRDcvJ(mht=x8KG@f%O7+6*`j>ZIV~G>Z+aP2x~f>GcoS-A z%o0a)mFX2^oN6w81Yc7^_fqv8z#J?7rfXZVlwZuuyY&m(#@zf)Df1NVpQ%*ct`i@XmtdZ`3Mx{SxY|1Nt7hGa zvtwb;)a$_HUH!TDU5N?@jxy}`!0S>~FPgw=e42tf=dVNzdg=fw1^jFMfO|xp9_6KP zO*)Q2-;CvY`NGpM`BlMRr#j(W63>}utOSGo6^Wuxf!OMhK9NJ{Vyv3tLkPZ~Tji7U zFBoSByeW9qA=@Rh-)c_D5*a5A`tQ4oCuiQ8lt_V|ht$kP#&_ zjmw6igfvywBN;!#%%D-4U%}-i5iZ+=sj<296MV^o6ugcSLxQ2w-h80Cm%9 zDR3i{Rfy`GSc&xFUb3IWOw1OYXEHC6gP@_3x{~KRoHnfI5>ln>Fo@fX*MXLK30Q@w z`heI$)k}Efomqeo-tHkg%OcZKFH8VMt0-P^r>`a3_QN0gjmKy37?AHtS6)kd-eC67orV6piA!@Qn)940y_hvt$R-$9w|pDN`ksUY zs&|7GwlEN$sh+>v>fsG^GlD)!9D*IRyvEx#G)-?cDw=|vVljJ%b|M4*nY=i93J1Em zJJ1FuAA;%@P{ZCpUZ69lbjrnn&)z<7`7D!aLx#-$!UxYwdv8Scr>VM*LFy@P%;uZ3 zx$EU6@sX96U&!p9!l0OyObCgOyo&VV>?HCBz5;!zAS##-5Fe)}nv(e$&)OHlPzz2U z0v}#LLk}>kTEn%o4a?K12!AQHk5f62tG;4X8Z5ltGYZ3_7^Bw6O#BGVR-p=n5lZ8O z?!O-cWQeFz<-;EV#Gcgne{$Z-Am%7cbv&U9kqSBWy&uh%e*s-!KZU6=%uu|jn4Rb9 zJpy_(oy=dw8CWXs!eaS=Azom7bm(Kga9o`Ty(0L2K`6%9newa12RQV)Upy{&@ zGxJ1T2s=Idc8@+1rdEEGy~Iu?>zz^C3uoROIcd2;I>fNPqtV@@MJn*^82)V{^z38;ks?9 zs`Wgc(}EkWcT;>YtE8#SDVw6>+i}wNsRY=Wd$4F^re+H`1+@S?ZDWG)>$&mA8HtB3z~V&kW491hupR$^a3p zMRmJfA>4k)-6^JmRp%XaCd=;#o-B`TwsQtsAqpq;J4R8hh zVsEz{f`u^B=6p*>iU%9`GfvD>b(Xp;+lE?Wc1>?r(nrw^{;i4vmXB?~cyb&7_930} ztH1a4rUGMojmfh8w^eXl{c@Qdx~NKoyI=D*Jg!+DMUi*KuwLI#osUeX-3{VC=Tmw| zyG1e&V!P2lryA;kF`zVA%Q530mwI_&>m)onw{Bz2;qSN4fDn*i`3Z34a>_w4x$G02xuJ7NXj=!UIbZBs>S^r~#0PuF)p(NdE9;+2 z>QURBf?{uuX6&|51b z3{n5L#(@J3K?o!%$QuB(>_+f^w0ppl@I(mYkSVVx$3U&r*^HByZNe_Gly95}Vo$%J zkt)fNNqaRpXDc7uOpUsS-ZSmdcG(9G+X4{Z9lCc+ah=X6cyPbnO)av;3p_!1`Hr*S$-TvC=?unvI-UYFCg~Wbd?p;9 ze962nIBn)jP&8!IPR{||0e&ZE){B*ARhx&59$UWf$#~vJvJ75o?(&6;rTJ+ZIuo?z zFZzL%Ur3j+Tbp_vQ4`cxHmBX8d;s2*x2b)CtyMQ)*%s61$F$UBXX!bP@b>`&+89Suu33P2Qs00)LvgIP+`P@+T9DMbMfsm=vK&xU6kSP~6 z>7w1Ne0g&W0lCNab4dNIrhAyHMvBS_#sF_aJ6^6=i0&hM377n$fDqIL3wok@I360f z#XEMRd!k5vg1cC`-nP?S#;=1uidPHoV`00eGJy`pYiDl)G1Qi_?r}1Cg%C}3-)6h23Bm7>TZg!f-_;+r^2BD3j<*--i2q{n(-B!CS0r!o%bqxy-(0NGTTkirA^VP?cFE9( zaapZW`a496g3rJ!G^cR#xB8L#{Sw>&n5cG>vs$v6Z7QeK;%_wux$R~K;bHOk_TXWx_8rA0-1f zl!Kt4Z%5Q|R1YJdGU_Qo0<#DG>z|zt0)w%S>DlOk&b~s$JXI8iN&90#uZL0yj!q+~ z&%A`@1Hq1d%3;+{$8y}drAuomqv7NJwK{u^5I~o-Q+gmF zA?^E9q>YJbI|jXBYYZ18TC|AlSP^(IX=yRO+M8qZQBxRG?~fy`93(!NP^Z<+musu&SV@Khk5__mL}#|~$gSfn zo@#x0!~^j;jIHQ2JU_y(fB%ku8({Ik4u6A$hxey2=r#Y%bsKhEt~Zly(JyQ!P67Vc z3oTgS#ThVS?){;+_DdI9j3kA584TC3a{gp_VZp@-oFEf0wT#`L-6`KvfB#HeR~9i6 z{rmt@)5pT8H|VZK0J8!Z@e}Iw9&R?vG#B}B45>xeWZ+EdXc3)xZ6$IL=gf^0X-qD# z#tF)DVeN*j>Q&km^B(Q(ZfET@3+3(Mk9e(=Ds|A|WCsk35FI6#rR%`&!6&K7DQov7 z&)>sT^GZ8}a~pbCc3g(#ai|lsK0nT9#J9wcM#zlb6ejJ)pDlmChQ*(MAs;fmexuhm zl(}nnJJ-%F%zfX_=C0GTtD)YYCj7cyLKE~~x2Rq`k{kV2qFI)x6a^gD)|WNmDim}_4ZX)EnY zC+@kCYkPo&*A0Kir|9-}vUTQhjR-}H$vJI{$tPFSvgvn5i%6F!C>?X2-wuL01|heI z_k#C^X`3@3Fqz zbLl?n4+DL`p0uoxsqbEK$?E}(2L8@aVsm4x|7#pqIZGWaIFH>V*)v{9bexgB+lN`S zcRx8igB$a|YD6wu;$FhJl%8{VU2T~x-s_F~*l)H;dsuA{Gf~nZ>DTo00{5{k+pe*A z9IOKLZ#mnY4aSFX>A+Y>H~a0rlqTV{QU-^)ZqM5!if>aTKo7U?5TB*RZg!@AGO$R3MSU(8wF}Q!2h># z%0R+dLZ}(FJ4X?5z7GPEQl;&Kup8Y^FZFWU-E@Hp4E_l0esWU0z%YIc6rx`DG20T_YDn^=|ilLvPmPPg}+b9b8ISNC&BuKWcfSmk{us zfiCyX(JA0_%@D2W{`v2J3C!xK@vxn?*NQompWB1o-fH&VhufJ3wR{-Uv;-Le(I|)(>b3fZ9QL{fFtsu@!Xe&JWaDK3 zxAP^K@bv>LgAp|iPf4^GYvDfa5W59)8esPA5XXq6O`~1fE6Rr`QKrEwJXWh}IFLGk z#J@F_FSzY?GCQ~UOL^h&=qQ6q;2dOsV1rym*x9)rsELekl~?K3VESPTN_dk#sB1H$7y3qbt28uOC5vbvAimX03I+|htrePAPU?5|A#OB#~4{$+lz#dx6 zOgTwUX=~y^BVm_#Yj=2Tc}>`DwXfbJe{{;~i0%g)%?bl9)Ss3U3DC$QXc z8=|7phz}h~*Dm!$h8-GlYIfD_SN3WY3@($hfgz)DtP$FuFZPS=ZyWG4S-T>!xa?Kj z*c(+TB;doKlki7OpC$1w^{je+INvGA$+7idZM0vX$QT*Idy#<`AD4 zkc1BoHbA`3@Z!}|V`XN-g?i2Q-rIM2$CgbkVjks5_&+h(li@F!%a9yfL3xA(54};mN^oGH`K@~5{jT!KT>sVd8i9eD ze!pOgviwZoSfRgMA@RNBcwiIVUBG`uUgw7S)W@ zpyT8tS{E3RaRqiFYTqKIz${@%HU9axBe?8 zzkZs=sAU>;FbjPa`#+apVD!?8%hXCsBZdfEGN;Yjk7Xc;NcBbE`_{|;qV*4>;%)&G z5SZt&8_(o|mE)1t;X0UlRRllngbcU>HQC5ww>wIUwuB0YMb?Cnl0E2ZR)RA_6T_xN zFo#q8j=}kHL^wlS7oAS;PECIkctEHg+_K?WN#j8&|K2XO8(HtJ5Adad;l%1f-j~vI zH@GfN2~8|P7}xp5^BO)Ts>T1-pv=hfr!Zp;Uhnyef8!(UbqN4Mc~*}65bdxg+f_)! z{D=BVWZfu~4KtWSFXk4~SZuu!*k~hoOw=J84&}M0FciEUG`jk$s@URKW4ExN7kwmc zZ@25R7ODaZN#htpnen&DW;x4a*y~t-r`_$+d~49tqPUJKQ^|hHx{qmOd{7j;3_Ig4 zmK5KUDN*eZ7_D2iS%|bXw08Hhui$Et!=elJMc?O?*GI=A;7K+wv4#9h6Y?H|7b9>3 zlaGmp;!GsYCHDdZJLm$zL!0uP8yC}98$q88oZCl9+KsN%iz^VO6`vzS9>Emwc z$qLOZWk_f5&4c(wwR3}RhFeO*J8l!5N@NUpJw|WAI~mO`Gd{=0EYzI|6h_W6c&b-@ z-_y2GUYt44_!lpun^;BKs6YRHUnZ?6O%=zXp*dAI|Aa!+>v+o575NlXWd_m|W=hMN zT!8X;NBL3+Tl!tP{SXg+J1H5NrLLnpcljidhMHmH5SBXmlx-b>ZydyMp`tgOCgb=s zIV_uxCwaTT2zt#N;}>9+g_Rm7#o!)5w_$`yc1O20cYf62w&Cv z*qB|HivDx|{aqO5c~Oi2N34q*ul_!VhK%Dxx@lXKn|7PL+FH9B-4P9bd%2p;Qq|&H zkEV^hpU3p-aa%=Z!xW5h;+3A~miSfQJJH{dWRmzdbO^?(^wYd;J0O%$2`U`1yi z=;ZBiSnq!Om|%1~&gb3GbA3E~;s<62t|!kV?^2u9EsNC**C(h|lnx<1g151hjarqV01h?B3GPB94a>;jlS%;(fQQyJdQ8YWc$- zowDc`cXeKW?_BMF;Bnuy+{Eu58poj3K4@xr^ZlYibQ6!f!FVPPArRwi!)I2&Q5K5w z!bwyF5LN}BLChQEVcLV|8Az}mx$=wu&kMA`!9I@Hi({AC_Gn#}^spK+4)wlBUc!!` z2aSeXm~%xwvH}LR4X33(39rp|ceD*Pj)}^IX?og{zS*0Hc9VizwN7dKunH2V&C>j0 zsxaG~6vCeB!hE!;H6k9n8oJUa&vIv5`Z7rmZ_bEdjP(EY=Ae-vI#2buTSm~06=Prv zgLkO3qNbXy?8IhU)*hW{a8DJfrg`U?a|;}=yI^Z1-ckZhy=bl|7c6HY0a*yxEnTm0pL^F&E1{I;YipQ-=ZQ%xIGg8 zlLa6;=J}xPcOb7dBd;nT0(*}XGkPl;r}4VDF`3CW6^%JWYNthfc$FxLZ+5Mi$umUY zBNyQDFz2_ylOkj-NwG-OuK_OelOF*#s;ErGekOgsA^vV1huWB9EFSHf*;GvC!W7%{ zui`lO)z#Huu8aaPxueBpz##T&WHM!|n=wZq=vHlLIS$3)&2P0z-F=Bzd8-f)X1IPn zFI0skZo1Gt6MR0py)gPlc+FekTesU%4XM|3!y9eVT0?qDokpp8*5S(O2M#-V$9ztY znvgjPF@|ybl-~Q&oodPU9aTDp3WCZW?ZQr*Cq< zD?4LlMQ!;*m+Bg`(;6q5Crgsr`nE=|!@ViiDVVR`M)n1#3eINnE{Xu74`!e@NDZw3 zj45Lm3i0Nk+Rm&-ZM8Avb&PFXctyKXogF>R+-$m@W65DwXgA8$-VUI<+$I~&(hrX{ z$#$)l(wW|jq@zNYFBXeY_vFZ`TNNqlYr1_|c-+X5i<5I?NhF47^wR3r^BYS9Zf{kCamF3r%4l_c7zn$-Ny)oq8YA2-HN z9onpFw|C>Z@6?`m$H%Xt1GaW`bJM1)7uq+N`>J)i*Yuo*Qm=p#;wH4%U0bWF53Ti+ z>>pkx1tT-?MjZ-b!y_gveI|nBOc{5mB$`+^7=cIw=OVH@NrgnS zzBlVv75FNR_#JXW`0n&eHKa%7J#Zz2+JZav=x z+_{L~=3K_-Bi$Dky36`uATJ;SL3mrhXxdXFh2CuY6{Q^@HOr)tjLjt+)~Juu62d24 z?{*A6s!ugrqo2axr+X4UbN9WE%2R9H7#V~K2toUAmtX}N<;ECUr#vySPJ)VxYJ$c% zwR&bWdCl$YLR-duNIO>eDLskT2?6bal-yF7>N0wF=;dMjq?G@VT(#4<6~Q2=?;e)* z$MDHZvZA1}X`;Hiq}eTzS7v5S%NDoHyK-Fiz%A(w#lS#^rpQ`rl7cXY8&guy?e2 zr`<1SE*h%JLj}^xTB0Z0g&&BD(e%*{mi+HJrZ8%>8bGLuGO?3-Adx-|vaaWqcGDTQ z)DCh&E#vZ5`e^V0xPPTO!*gQEpw7ic+vbZ?O3MT$YNB%nZ;XK|HxG&*>Wn_d*yswa zrCg!`^EY^`=>4C{#K~ARisfBX)OYh-q zjWlI`1*%bSD(NkW11?X5m-xepZXM^h6lGkXJe7s!WR1kVir9-lz-LX2yH zUZi$|gvIj07LAk(O=2Pt6LDO?Ox}>g>wiNz1Y>czJP>w#JGF??(sYhy2m5}tMB2nd zZrlHg=<6fk%G?WLe=eNa_+)l}0~iHlEVqexM>}K^k?zQgX!djU{;W>idy4`Zg|YNpD`?{Ke0Qxpp6xu^fO*$% z09mK4BJrem?=uYazqfu9vCD0|*WJqm9v_kaKsOwz`*k9nMo8mL`;}?BltcA>=gi77 za0{G)R1R)VX}Ht;E$@ho!r?OFFf0ErpzBBHy8G~|ecxX7q`v?Wn`^Y|b@=?M3CIi+ z?D$kjPs*{5TJ|5oKi~2`M|_^6BD1?t3N8F)lbf^m57|aFW4AhkZfMo6WrH!g7fe;C zkgsg!;d34R{%@N)s|@j=a~?K-XOQ;9ox|E+>ARu}%W-{r$n5WlDh4qCRu->Zm5xeF z3_y0{A5EHxze`769m@AG=Y!&F2?dVg+`*g>`=Bx3WNtY%;e4FR$NW+yL_k zM7`JO-6>?g5IHZJ?|mgqQsYqIq`tp#jOuCf6kl=w{ws*VUzkrQ1>!lzlV{^kbmjYg{wS%+om zaRUcKP{Qdf?!}`Y+0B=m52wj?E?HS?O9<@DdB)vFcAe%^K;!o~-PghLNG@-4+xX&n zo0zQx?V@AkB5kWlJO+Q|`jpyAMMHBV&X?f>?eimRn8t+80h;x49kDrlz@LMplZaH9Pbw~qrLfbUyJO$gcnne!Z(PmVXqtrtcZ7}>G zy9>%WY;IUR2dAH~OS;n?*a z$9Xp=&7vS!oEozEJ^s9vosd^&Em-T+0t?i@0<2MU6ZaxL1DupmVJ^l#m- zj~0rpjn3ERx;y$IAU?ePE~E*N4k*8`P->(4(EIPj_guJ_$d!G0TGJb8wEEXD$FC>B z%gbJL5g7VdFj_YpwmMTCYs=#DLr=^2b4% z|7wg#AQ~AP!c7tyj0PwxGx*WoO`leP86HhyF-d(&Qa7-p^Ni=~Gf$0TNkV187IyK3 zIQCI7V+zXx7-UxX^iVP!%i<&@MClYbj=b;(TuULi;YO$iAguP z*UHK0_5>tm@tsWH{hKPXP2+(!;pAH%>a5l6o+lt-V-tDHO|a)4%iR}!u6{JW>dN5j zEdq#;{qxCv2V&}fG4Sd4vh!L{Bd7t?;Rz(%EG0baSChC*TA)$@=q$l$HU_pj~S`c_dQvr z3~1}xye@_ugs7w@IKS6XGURAwO?w%1KJV-HW29VU)@_W$M$BQxER;J3%m!-7T zN|cD$d_VHsCEMu3Cfe?6*5wOR%3QFO%_Y|%H*Wix50#vwQZ5D%83j9@89nw2_T_^3 zM7OXxH@u6(j&Z7-xjRs21Tp@Qi(C=!45HU57o}YO7QA6+eq#3Ry#q$uI|sZ@m^^j# zV1P2OY07usjZa+N27E2h({LX{PACo|dIIh=p4+9-sjvs)nkc^IQ`ZBZPXRp(DaDzK zoqK90hg3As-*}LBYyp)*2WXdkKPX1NM8M*!$@hAaRxSFotJ$8T)H0Vy^UfJef~}mv z+fO@?)2~|}v=c&XeH24;bzV!A!CDg(nn~E58WWVm43MR3t>_fHzrTklo*{P}=M-ji zG}_>@c%ERA$Q)r1VdB7t39*>Up&a(eIa8LxNrl(7LbiyM%lp0rl-0qOrTl?jf|*sC zX1AK}=S#+7(z0|3R;nk*Rvl*zOFlFD$aI-x2z5F=C6MctClYzVr)NY?pNa&nxIw-z ze(;`NUb623yj5Pk zasq6I(QQe$QiUPR>Jn|YYeMk&3=?RK1mA5NJD$6JhRRV~yd zw{O*@h>JegT_!GPCe`TypZCQ_pK*o(4UQr1N=puetp=}K?mGvL)ij}J{hHy#qh8iCJQOlGoFPDD=LrN@e#b&IG=3e_edd$L|u@2nBn<+4;a}9RA3MCoIYSeeeB8K zgeDjkbA)H+wIAEpvrmPh1DPPmLuQTz5vHCVGZ`tMtM&`-OY6Fjh%#?+t-u~Wy#;qh zskEQtSsFm;p-?-1_1VMe{+RZ;?kC_>k8rF~nxVr`sIBMG8CokgM*^(h)XYQ0FmPT3 z*>us7Z80_DUSm8$%qP>W8)%L{3c+)hlCwBOMtNWaRVT znw4H*D9{(^PS#KFi|5j+V_$lj_S`SMq}N@-aJ~zjuL3`_CTlg|z(?F?r{;nwl@Kr> zdgXVir94V`CPkm(2&=-U?{>(}T4Znu0BY|uNjSfQwTBeaDj+D1X@QBVVKfK4-4mH5 zwCJ+ZnNsq~1@S80Rg~ug;<*D+HWAwvSk|sl4(+3I@UFV9kKN^P-hFa3ZzLpc-+^8B z*7Sn{!;zz31Q*N5<%1c8okMI`873&P7qFSsg!MNto+G6DS%OT<2-G$c3Gfsw`)np} z7&sz|>8j!Bf(ls=shjr-D6Da5zQ}n#!0w-YyTD&%gZ(%@c$^JWn&jg{RO#xngF;Ud zvf7PZbE&xWWH!lXxA3|bopF9NIn$QJA;La&&bIQkb5B+1{ns0e9$->aqVJL-p!|pzn4`SE%>PZ&GUk|Fu=AIR6%@=LE|*6h;1>G ztle1WP&wdfRyzx9K89=p$vIWiJX&Y|Un3El1RmS=G8AjVndJW9T4#GP<`8j2ut?`a z7e%(DO-ckk?~kIxonX9tHRba8=F3?6dtKk6X|9ouYi;I z4c*+Jq>L3Mgf#kB(;=^mKcAPrCMkBEoRWtHRSuOmJI~wCcqV_#6tZb+*Oxe;E-@sI z^E&+PnF}{_$iRJ-=C|(ec{jm(KATt;B?(tY9@VMW{6FKGczV=vn0Gv3Tz}wbW?e}K zCz9zR6jsANBkZ5>qq%3zvaz#ox&dJhEPt3IL$QKk#a1Rddlw?wLM4&Gs({R#j#W7H z$XTqT9-&tlhY;rI!4=!p&LJlbhxj~ToSbqJsN^^kwPvLU?B>P5<|?1E1~4-opNSO0 zz>}{)mvV55&(75Fm&Ht$`BFk7yrL=gYK02VR387Pe8x>!tRxvrRX2hE6=>}M3uckj zSPj;m?1TBO3?!kIC~c>~@7YsZd<8D24BkTwuS4q(&tX0@UmP~HT*T2ikJ+f?b{=@Q3~P#($HgOdKQr2gn`YhS zrIr!h^mdynIErt9YVt*;AtT2ZArlc2 zbwPI>92LQFI*|DlS_ePl@7OLJA{KqZV$^?ZZ*QMgolC8lE$u0mF@TTb9{60fOdY3n z{%Sg{{40Q9afiFPEBdK}2ww3r5cb@osVHWPxx{=Cj?w23$-`)w_UbPAta6iAZ=~_< z>WXO5BU$5T#2oKU;{%reU>Nleh^gg2uX@~r_$@4HS> zz(|~|^9%G**a0gM@q}^^`yx$NGPhj<34n`WRxp*cs z@DLVykzC!-^V&39mL(Ty?Gg<|8E6Z=6 zDe2J+$+mE>n1|JxZS&o$uL%}uPfMQ8d9L#`_CU%;Oxo^>Fa{HbufZ6Oag?cRGL?K? zmjKlAD817THp?DWO~9A%x8GT0PAd!0UV-c{%rD?m;&Dw{cgk_{eQjVb=%~;yeN+|? zd}|2#L4thX&cEc75^p=bAG4aVDEYpd-S!1~KUxzMQgUOX3T24=d>Nhb6(ZEo@i`^L zkvtu3GDS8sBV9w10aX7cf`&Z{j({-{SxpIAfT-`Wy(JobN!Z;hU{RfGe;H=R3sHP} z&>9cXMLb4%!CE^{odx`YJCDcV?mxWZX+aL5LGfVuPYs161e4M*T%OS@JSm+ALK|aN ztzAE>Zpn-K17dI27aBrHpTsg#Ub>ez=U&E|bO>@BroV$&sD`4yTWg!z4fZjJ6|sDNLNoEtu7&OUd9Gj{y$nDLr@_mMZJ6yfjC%0X33WKBLG27M0dEpQ&p zys%~sbl=!6IWYdO$T-?t@N7-vg_i*o9EW4@;-EM}j>WL;J{#IMbzUcGE z&P}-}i+uS7EZ$oCw_{YrB~sXSGJb2JBgXb+q5Q@VIOrIH4yl?{tJLwSkv6+-pb#p&}XprY~g;R~F!pDsDy`?%g%fU9omwQsy!UoA~ zw?aflt4KrP`5)$7W_CNe z>5XSs4K(MQr=0Yz3(g!J!Z=ME^RKLH^93e3fx_qy?Y~3W;lCZMzpHlV+1`h>L2SkW zt7vdsurMwO*KapqzVcGUYhxVyY?DO>E}6%(9(-WEsxcMq?&o%eS1{7>`EXN|&M?>S zKMA(TKnjy^f=^=pJQ1|x+J{{4z??tD<*pA+?Bv#cp*=*f2R$8B&nMzq!?}tFR4KFn zR(EYf_h>EV`H_CRkK{4`Gwf|E73kjRJ)f|M*6WZY-cAI+M7HkJ_l6K#^^DTps*`H+(fGCms1zvZfHNb>KWuJJF6 zYd(5C04e&L!h;vjZd08Hhs}CfulB+5`MH?mvQiYlv&Tm}ui>9&@Enf(MNu?U zqOpG2%onvZlco}Vyc*T&A8=^dTgwWfXtAt=5!}R5KYFVHosjtQ!(hB)HobsFH}{7* z(G8e`Rf{j0Fuys+Hz-g_Lfso=UYd-~R1fpDT^3^v;45dIl$f zoco)PsogJVIZH)Poz@@;Sd?NoPgTzwp;h>y>NXd+++p{2oll5!{k3pErZ3jBziy?n zCr)wRfdasELgN?Ag8@NLN^I){ESdC%M`VAT%ge2Am?L^Im43O~rNat*Hfk=o1Oh}N zR=Uy)!w=w=Xq|7f24mp6jf{UiRW>HAE+q(3KueY8Ly2Tz4kM;XN}g>3u)oBBuMsuq zr;ykV2yucG6)m^P(s03LXdTkgx8P|CQZSAaz6~g2wA#c&U2v-jZc+K{fbTb&Dt-$! zvHs->xo-Bu;Pp@pj=~3)T7&gFNXfHz0H3SJFl>+6+IZh7p3%cw3WJWx%;_Q0C&TYT z)RPGmm=?l7z2GKb+vB?K*^GUo!GftnWT{G25r||nGVpocY{@kQ2h&wU64;Zn;2{^` z*An>I)>~v?z^H8T3rUk08Q(K>(`Q@MUM->*a?dzCbOc6=<7eI2Y{TAagC4eQyCj0Z zJm5MW**iBa3dZ-mtEJjt8_<4j9N_msGc*fZQ+i5F9>ILM>=3xzBN`Dm@2+FyARFRz zGP{tg8BT&+IQE*S*mG0WvCan!@;_u`SoR)eK(s*mdeIPUk)x`y`F)Y8&Sm%8?T5A| zKp~57jv=~l*CXJic=K!a(>`~-GJV?nhu*7Rxx0@+R%%YAj_&tu@3U2Wy?92qT7K^h zsvlE0g-zCrjgV+p!J_DGqiwfu*%xJa4yfqmsU1z?mhiVB#6-S-;KEUkkyuBYlA(oiGaX)7Q zAi$q~v?bb8_X8f64P5vt(&2$xRNk*bUljWsyx;PtIH8X&CdUDj%B_ei%On-lPSJfSNg-WBt@YjriLk95TH0`{pJ!URcrUa8+Ii*1_-gSQGFtG z&2KE5Vz4cgR@x-^FzJpnNb@}M*6?2(sC3^L8rawIZ`9^#UM~oP9*u2FOeiu$FldQ+?C$qvCTxxJv$h5 z7l)v#-m*8HL~7)1R|byGa%z_3*{a*i7>+#7RVFB>5{u+V&z4f3@M_0-vKFgfqkyo;ccON{z)~{r86ph{*my zCv%43Iyr=ZQc$99!y1%MTUU!2{YQB&?}??3|0X1d^V4tB>Ur%yX77~etgUged9M|S zXZizI0EK3P#o`(U-FBdKse3BUI$R{vaehszw-VA7v&wIR;V`)Sob75VT^%3CdYMg;pz)^!lBHaOH}B{S7M@ zAQpzAvnUj;*41n3W2)%askhWnP7*0yI9>RBjGvNj9vv$t1tR&`K8EOOTi0f8{JuV) z8}p=$)boC#F!!JL^Db2ahpgN0R|NLDH@VjVBj#2Pc@=*2o$cW&f9YuH9~zZ6A_4{k zhMyPOB`Y$&`vufC_@ZhWAKaXs4_umFMk@-u{&=2+RE&1}dDp8G3S`@KI8;K_i~T>Q z-YTrEMQhteODIrWio3f@a40UtU5f^%xVuAfcXxO97K#*ihZJ|WKWn{v@9#gz$vnt4 zb?7thp^-t5j2mc&!2sq~3tut5|KZ9IKMvN|DXhyK?nF67IFD*3-Zzeo^hXV8MO*NC zk}F_UUKdSey& zM)W?WlLFK;xIolV9r1S%5K!k29?b#O$;oU6GMcj@NBs`bfnM!K^GGOd6Q=LX1W1p< zZJPyLf4~_>t7N?|RmeWV545C!RPyCgn8ueD z)o}r8RY5cg0~Ozk!z1^ZPjcAJ5>jDte*&_kqVeqH)ZTY?9u@aQkZ~uOzxTVqB1XPd zT+8r+P@=vuKIFWC6YpYg`dWm&*eK_r=e`6KyMv8Mg$Ey_V(csrT_O(uh#T4+I!+6e1+GcPzA) z4CY@k{T38u;X1J;Bm%MVBdN&m>S`pnLN3e$>g>tLu|F`Mqa)8wR#Np1q7Vhsz|q;6 zUb!sL3>fbG&eZ)&fWNjzhL?Ye#_p8De(vak03E?45a=7O0v8?uWm$+hfYwrZQ)3oI zxaqI_fz>~L4MLco%4{Ol07p80$uv40ABnhfNWtHY265sn4>2Zy#zR)zzaj*$3>D{~ z9S8jC)=eWSi1#)vzxzuIjcxan&-BT{?QI2&I(hlJU+Z#E%}t3Iq+%B{&-|Ngt4mr; zgR$3%ouk_?h{kyoXv>%`kTUi}E8q(t6qumglz%G}`ZR-==6n}6* zXw_R_J64j^r$ztg{=DnCWRlWvAeQKgiUgstSnaA|64AU+mhd1HB4BKrMq&Dkk|B)C z!sJ+t7yM^$bV-zU;=`Sz_Jc|KZ(a$FsRVOXmnpTHkc3aACk}%|R$PKDa1=wbSF6(htsGOBu65Z1XDe2z9r` z@{LgV9Ie`HgxVHts&P!^EcPoQ#P+BRtU2hs@-lyae#JaF;&3{( ze>X7S^s?&Co}nJxcnIf6vMyiaN7aqQNTgP1=nsmUS$Qh3?@GTm+L$dh2?r2X0a$C4 z|C+3k{}_IDBl7;l4yN}nxfKb@3Y2?m?&TmiK zry8}{B?!0R2Ki+(Ugc=}{J zgl-9l`&wc{&7U5tLYed7rJh>BETYnDC9zH?l)yc7@5PWYH2+urd@8-+SU>{a^U07k z?^i~DxA8yB0V$*?K#l@`rO&J>A_2|^(N;Be>nfv8#>%3^?(>;^&XGsc8=Luae3cFv zi>Oa<#D8XXs0=L5?a|uU{$D~wDw3Chvn6Pdq9sq3WIma8Cco=R?rDxS=}IjeMO~xl z@OjNJ5H_3+N0YPQff+HP1qY4{CZ-)Ddglo5c-;VlbHja*iCOFM7wUOkOE$k;o2Jr2 zyu$0V30oyu+w__>ZB(FM_PJ<7R1tQYY&37U!WH8WqY!qdyDygok||7NQVeW3DUt5t z(mQ7vlF_98`FfIL1RrkA5yu@YvY0^faJbizU|j~pnEuB2-a~{HW<}T1Ggept))G9Q4$HKt(mm#$D&?xV{9-Ibn0=+%P&QF4VmWCh&It;CSbv zWkrn8g|H~$wo0^Nr>^1`Pqo5v(`55IYB+NtUedU4086W0DD;C{;Q%&c3dBh<4HyGj zlq@}DLYw`-T|(nYMnyc(J~PP3TXS~AW@qp4sP#6xZ=o<72FL%lXqwe$dHs8zd)=kYpyGc=wxX6SkW~*HZh%h7$ZrtpVqpX%#voR-6p0teuVQH|aI_qt%=3 zmZS5wzyoB*jdYs!&lS1fKV-Lg* zdWSQFmGP{qCqCL0$Z_I0j4Q7EN>dtJhit%^qM}`7Obn^(lvbgL{~$|t9AhH0jY6?OGnF~gqYwwht#*RCDpzsBN9sq>~eB$fU!c(NQ6Ut%wKv%+Fhe2~!t zf<8c#RJQ$`x^wJMTX^E*du0AD#umvTeLODa7J7-=#yT zL>TRH(D|X@wvJU~8)+Mxc@z9gC$C-a3&meCs8Ay$YE@Xe?EGkT@}~q&)kXP**b$XG ztCISgo$=ZV#@iPkv)|=awv`&S^$?`LPN?P5O2Kfb+}F$Avxj^lmpL~4ahjE7u)a~M zfm3<+>lp%fou9BVoI<1e4P-yp(;s;O3b16RPL}cJ!}3P~@OQdE#?`<3f{#V2S&mOx zNnCOG-bqR6u`VmPW+SkEI`38PIi<#HG!IQllHk@@kHcIWle zM%?U1`sTmtSWlk_DMxT?Y^g5hmTMto1*aI#{FujYN!`@rn&CV+YZ6eYZRUu>Kfe^>OMrLt#LGaOOg2mCj zS8PEK;HSO)%P)iTV{O|OxxiT)Cgq;547f?rDIe|eGR|AffGk_tH)jybF_laQ@#{}|kEjJ7K{7KmF(P=5-IzTlLq_`I+P^aI@@(|P>%QV_gt&fm z*-veVH>Yg{*Rlr-iSVPj%5FGr32t6=mIl}ZyJt|*%PNv`xXl~_6&_CsA?KxmtT#Lx zQmXnDID=}ooALb-W$F=y3=qK1juEwYq3=FrAAY`%nM0=NPJ9+I?$XE2*Q=fp|B2W> zvCl266-tXaY_1khn8N~h%+||T#gVPG_%piE(st`RdQf)xPq)4h6G=Shm%z{G%CScB zRCth#%oXJ|9_TSDxcP@z4^w5-^@vxbE&3wbPmja=XVe`vN{vk7rKogT3C7x?&(FnC z*F&Bm6(6>X71QvybYuw7-+{DucKeqeGrdCiAfR zU7moLM_7IoFbG)CC|p?Fcoo0rWf<7TTQ_12-%ixKk!PBmUKsiS~Hg+=- z7y%|&GAKSUFyA-YjO|?(JGMTrjcbLqNdL`~U<$lFT zZOI+HFndSu|Qq=EEFMi7%34OZ@z(^Zp!$bHcw?*_>cV7fIQtlgi7m>?+6o|7k) zXQl1O>CH*a?U`!=6kUXqq+>M#)*-w8U78rh-f+Lt!Ij=_t5Hbf9kF7?YbsL8QOxX< zUT`;C3uPm?*z>`HLg3u7hg4CN=h6IKmq}o@>Qc?#q?8487FvkEkuk*Vd^Da)^-pQ^ zRlSe)o?6Q}iQi793^Y4<6)C)A-W%;m?2s}?*?LYc5cL)=j5wuOdvi3$7HcQ2Xsj`hPe?_wIzvGc&#*L`B%GgJz|xoM$k(woM)`)&Sa?|epY zrBcTYBUukix0xbgyQREBqb7T1C7O@^M6C}r|0%_NqJ@d*P@}>L2*E%p{bakU-5J=D zeg6vp97-_El$g+7yNj1cJ1m*_3tE>Rx$$ExyCcaMsuaAOY15`E ztm7|+J=GCbbUU-f0Vs27M|R3-zr8>=JJtS_EG{_*nM&%ph;m5^o1Paxq>JT>qOi3 zQb#s|GSKIDZI~qDPZ8aENLu$uWnK*qt{(vPD2!O73CKPd@EeEIaDVeKWVFTIU^5VZ zqtkxWI>>P&L#g@9@TO)( zzWmRyHa*QGoXc?Wg(11q*{(`!vS^O2V!?qCF6>OWr=n8~Z@kRn%iH)?l!-))Vcqff z6QY8q`#(W(Eu;H0&sTCRt*dsO`e)S#tE%tbDk-}RC-F47${*&dzh+yvSRYywIQ>R% z@mAYY5Ny{p(oFF`AG@!5TQ!->qDp8DR%Eh7{JmS z-u`p6E?oP|Ra`rNGM}0h^8wzEUk^3RIx=U^*i#71_TOWW?z6HMG?b@BU;Q$589t2T zT7PY|JItu;&-sl62vil^M*|5XB*UXJPoGh2dWwr};@r*G`c9;q61HCUm(|~GNRcdK zXzTCb3el*Jnljp17`C^Tc5~Rp2)^F&|759*ILoZzKeU8ffL(|Tz0zW9v-k5mS50RX z`--__!ux_|gxnWQ<3RMpy~w&W=O+Vw-0wfWNRo<2@{nO{WsfUDZ-AJFdVUgd+)B0 z%Cl^7y$``A0##vN79*;GY^qvoW<2KA&)kBT!wc;UjV`H1RYQUwB>Q$(zSD59L=g@KN zY~CCXbfVZXU+f+3hOzRoIPixOt<(dPoNl&r81EjupU#vx;mm*}*JJ5NKXIM^gn9pD z+X(mpKGe4X{-)6KVq#^*n%s9z>j21PT`cx-S8hWx zemx9pGr6UuBxm>c_GN}<2S{hE?XC=`MB8g-Y|@z2>vqNM<7%JkaVt1(7vA6EW=tIi zI6}Fm9n*=MQdMcOe-?Mc3BUK;cpP!X4Rqfx&NR)kp*o7ql;0m7YGRE_DQK^deYw*8 z+EacQwzNNm;qCsWy^nl8*1O6loKw`RWTIZ&yYC*VQ)-&90aiIzU5z_;b9N7_a(zT9 zgf#~uXXL)`fHm?svS^O79wui7rlxGm{i2in-Cadvuw9*pj$V>{-^wjZ0OIUf-U(R$#|F>a74)Y8PeFsnLB{SUi zo#iK?{-v)`>7yQ-n`g z;{Mws|F@5k2RPw?W^G<^6jjhAL$z#X5WW^UQTH7)WR$GiM1N;VQ6x3Ni1|qwGbZ~S zm0V`+r~cVCBX+AtnnN%S)^DnWF+IourOmE;Z6#91u*GsGb_Lu-{ZS=VRcg?ykn&EKQMGTpePqEp@I=&lT@|BVWD{1mOmj-(9T) z+=mGXdUovdJC?uED`cNMEnTDP{XPi=~DSRvD+B#zqWDoH<2_?w$&ZDbZKlL zVuX~4Y3#s22hBbYcbsx_HIC@N&sk<({aB-yl1glAUs91h8>v)*1rxylme9UbCQwqZ z$Tu;g_(w0$$Bah1iFBx zCtW+)Bg-S0>rV2Y=Z793C~1`Y(f_`QmCg5GJGMjvXj7NAwXk+BanaD2RoPw^`o%M4Z2Kk?F_EF(Hv2iukkWKUqD{O55P;e5G)y<2(ik;`b*1*A?TwFKrUMA? z{amH?Nzxq68Om8qIjP`NX9jK>rk05rR2NcbPR0C9eM@qj$Pu1wcg;(dN#y??>w`Dk zj?T>^-Z0+(4nd02K!61FMgJ^LJ>@^w+#}XEfz{gX51LqMZjonZ0>R%0q;U^JdRuB} zA~OX-osNSaT3Oc!CY+1asOv;s9Q!!_%K~Ui%(8f0-i1z`$|c%WhGtLUAa@8S?Mt($ zJ3Ic7BE?QaiRwo6QY^jwJ&u><kxjQ#(LlmEPl|28kt zA+{6hONmPLN-TItL+vbR!o^9_EPCo6RfjkcwAL(tp&I5aMAUCP`9fZqo1VS{<0&6xHQyZc-4k}I(ti;QzL)GyD}quTn{zZv^sZ%$wgc)%ez{!#SK;A8n5Io&*YmYj`_O?|NAt`$N_2=bL ztpuw_G1+LQRr6*1v`uqA~ZeSrRQGuf$9ar&XeqmZ#k#Sl3jgiN+C8K$Rj6(pld z9OwkSza)IBk#oPH_eUuCPj7z_KMt~NoWGnv_{m(;V5joNMNI+t3`6PF&aLWJ+%xQ@ z_6Uhuh~QFJVRoyO!1lRiJ|oq7^`M#`K|QcpC0t$K_!LjQQC=IxnS>P{X@ve1ql701 zJ>lFfIIvR*0 zLcoNXRn8tmHpI5ME{9iG z6c{)LDAE*vZ^^r8)s*q&o~mab>!{>Zc}y>N+=`gPVBy`~%rAOcK4yMadC<=tT@4OZ z*#A{@&|bQjoW78AK(s3bIfZ|pzL6g(q&Bq0{zaua<8EBQ&n$+3$JLlxOaSL)4yqas zn#*{A*XxGGucbsGqeCQ4k`M;4Z9rP35@JvujPn@M=Yj?ZJy$`5*|?6gAhU(5o@B(H zWk4?=vq{pG-&X=0J}Ru_{&1tUw{8!VQnt}}3J%%}5cUE3qe9C`bd%Uhvk4n+d-NaPsMLeVotdQ8!-1gen z{+edUnA(2J-mL%|T7KyovU~g3Q9WSS{t{V*xO-{<1JM^Jz6y4e4-# z>`;z)l)b2JQ*=_gJ4)n=G1jf_jSfyTQe>X4=e&08lgZ)sOG!>9@5vtLzPoF5Y7oT~ zSHH1*#VX79t*>sHNNliOZfIvj?I|_lp?zef%D| zZ6w6feu9HJv0dtAgb+__+K=#$XG?3Rnop9`gH)~XYPQv@Fyc-&gx_kbb$cg|=BvRk zq{03&((al=D4PSOAAw>yjwr7K*K_X1zMI>fD!!Vwr-$2dMQ7U)B<^-(Ofz4MkZn=A z6|}lNo9D3=LNCRn1zt+P>2t=Tz2!jm9o2KQ@l=6aG~kS5ASZ0xTt^7j`0UET^Y}bS zV-+F3DwjM&Oy_V}Pq*xAg*Bj&?0<7_D({+z9Q))K^UCEx{e1XC_ONzLDYxve?v;!W z@l1tcyKL+Jp(Ai!P@1Ef^OE~NejD;ZV+F`!LQyc5Q}plZp7)x%ZMw8#s=U8$zT0Z* z`G!CmtShLd=M zo^naN^wXZWZxL>I*Nq0b;0~HF86oBlYUtCQ+BoAF?Zf~TmE1{_YN$?FEYT@MZPQ96 zm!ehpB?kD)1zKFWUEJ6TJ`W@DF*5AkCxD2-r0zx$&Kh&pJG_>=i0K93u+rc@5ZxNK zTNmFREw9$}9O-yHpYqsVCH-2cGZwF+X_IgK#I*@e+zO`l;ZhPd(m-Ow4io7CBJk9ZHT>l;JFQ|5cvep} zG=tzcubg!Zy-w9L^L(MvWdw2P-)9y1<~{GvK&on^sRkZ@Ae%SonTp1YrRUBi=g6zj zLyaV~Uy_f+085TU8zJs5Dw`?QD=Q}G!vx$_s<|>%S^Wd>17A82`xWtlG{N5=*Q+LE zL`A)d)kjMdKiBrmO6*qjg~UUwR7=65Gcd;U_DI*xuBSCFV~{OZ*gp1Y-~&i?S`?@1 zHrZDtO!DZyQlq*~k*ITJ0A8}i+ascioV_d7z<=;9Zsq%`Q{{4AEf@ZUphSO*yK`vv zv{~V;t-fVu%Yw$HrtV+A1B?~NryDER-Vv%@qyPtfZ57v}rDYuHPLI=$W+4(*ZcDc( zjsQOLP@gcUU5e<>PM2QzOrO8_PF*+f%G-NNb!g+Z2f!qrx}IXjOrAn`7I@@0hHO=_l_68cg}JO=-*x*rkU$)s4>+MyvCQW81|L~S4CwG`8>s#s8 zKAQwpZki(MrSBf*RoXBr|6j&11rQNygHq}W>skXIFV^;UUtNuJyKU%|s?x~g*%yvR z&lq&XUu!h|s^`Kefy@p(x}NcYR~PMjCKZAEoM2rxVFUvbZ_2x!Y4MAJEZ=wwEFj7i zat;PglRMAAN}K0xuoOb}?~PG~4@tO}TLQlC0&ZHqzCEu`XND=4KmF;8hPgb*Z?X+J zHx-30zdc{2PC-^xy@mO(-(emv7nU;Vcg$&or>dy#8!2HgU@m-~LG+TGp+_Qb+>#nd z4Knn1x!IwLI+YXe`L^D9-{klHY{p=qY=eT&dBGVDeo-nm96@60rk)B$O}*G#GQ~Mu zJb%FPHELFQBe`7G?E~*-_(Q#~ zRMu+xW}edRBgF;#F=*D#`BE;{w4Kls2>WKm;5}ySgZEcQ6bQ22LL7sxdBh3mQ6EZR zpHQ1XH9eCX81~LPLx__+R5|CF>NqRZ!oAh*pyTSIZ(kcq7p@z)^8|xy84zg|Y7p}k zU}|G6PX6e&GG8>MFlz64xva1ZAzB6UOaT>UP`xYzMB5=nVMeb}1xR!Czk)yjTA9SJ zV7LM_YyzHkWxM)d7m}{~l5CHI^o24<3a=xQINeR?An*DxyoYZq-vsv4Se6|}v$rHr zG*lRWGG-A-u$s_~52U9i9>YwFX@{Eg*jiUE*3>gXm*w9Dq?KhB~lIEYEJUXAYu@KphlK2&@Uw3w9Pm4_RO2QD& z1eS^9#V};-Rh3;W6l9?>0pd03?AHdI)`0@6>35J`ty8{Bx94q^GR4`RHpj`z!lG^} z^ZLnU@B2i_RE`Q3*PiwhBb zR@sT*Aze~>QV9*YK^6gqafl~2hVUTjJtz#CPf!%}`%vTbBz1@vQ8*iSNxkii0c6wk45Z=3Ia=NYhll|PUwgG}rOW85xDQtl z4Y#k$uSzBXPNWrdND`EGc4!x9M>2m`+8kAJ8>r2&BWT6Y-C{F&XbuyI4@*ihgNJVp zA*wL_X}L#!m$Ng8qXNm{l+rs&Qarmq37heU(ocYjD`Lnty8$@uMcdvy96 zPd<*|oB}3{ALi)H47AmQrxeC7RR8jS@qI0tQG&WrFMQ0$UgMd)Uw312?+vy3-VsbV z_Qxb~?+`yqLb`z&S?^-=8#1Kb7cgB{{i1v4G-;3NhtfmZ#T?7CocEkEq3hn^zM$Lb zT8%`e3qIhRvW@N9=86v(_Vj_Zk2F2l8f3y@i3Y)ywPlPDZ0cRsYJhqr4S-=%EqVss z8R34?8yAGzy%12FMWf9!J0kh$acBENi9&$B=OH$?_XC6Lz0W&H>gHrO=WVO7zGh3k z*lr!!%_6&J(r7qJ#6xvWa-7_=(+Z$Z;)PD_zd5R;!z5f zDL%4PMtJFRQ9UxKDRtP3n3E9NcUuq9AN|esaAqDp9j_zLa!v2Hl<}fvDa@1hHT^5^ ztcQ44>Dk5AmaW|kgwI};(C^4U75QmbVrH+1Z(kD0w9S;2wn{R1EL@TEMlp33w8vxFlN~BS1LS>~v+)7Gb&e-r^x<5ORdTdb3zM zbVfemVHD@A^lg;JUn#8ECz^`*RZtP*&aW`K?N&sd&+?QD_azqDc}t})Y0?0@zxl-s za06R{Q>C(oyht1^DI~fsek=->NdKcmL@Rn#OfIJb;xboN>9@Ir6Q(*1Gv@z-lo$pJ$y5EosSx9>#H)DwwXQ; z{m(Nh1lt4Z;m~6;22n-DZrhKzo*oXhGd(^C+BeKCenQttomidQPnoZ8rM*3~%tBxW z=5M}t%YGHU7%dV00@pVjrzx2|XJ^s5UT@l&oGuNRNNCz<*np@bq|6A8($!>KeUqR# z-WmAiMkJ)uWpHl2b#6+hQ~t9uHGmj^9$s^2yRw49vu2~^{&x26YhRk}UEw1WSmEi^ z4#SKp0|{| zbN~G-vyp1RkKP8D{pxC=r4ARGZH*$7ep$qG{5A({q?M;zf{q^_0zd88Z>)*Ypw(A| z{6NTTced~lfHbFvBji_Lw^77QMkHbxo!6g~JSOJvA)!{XGDHFiYI8 zL|L{$^P4l=(2H(pW&)O& z=yO2Fw>cA7fhOUb$>ck_azP1CD&|j^KCc&_Do8qELae!tmq)OpCguSxvl^>5vmX#Y z97{jD5M&})#n@?sKnsN^4AEv}%`z6FTr;6nWtKhnpb_~Jhn&(0ZGj1r^WN8#;5P-m zzdbS;b+@+AMS15@Wg@k3suEPo{Lr5W`dqK zvl)v&KUz#Vgu+}yPeI_wXKi0KdaM?E62Y1(4a&O>eHlFV`&P8evPfa?4>g=+pN@hp zrSL5NnHy)QX;VSY^*+Dv_PTF)dqs$7Nh2GsOfey}{jPJIS0m532K_~3j4kZB!OtH( zc9{eS80zu8Xp&@iX=FcaYJE15vd7-40%CQ?L9@#tCMU%!u16=Mz4h-Vn`-)A z*6smom`kI^eU959xb30{&yC)Q`e0D+>)fnTN7P@r9@q3csd0&CoHohJ%0a_=`}H>_ z53zBVZ7T2nUcuL3pZh!e&VuLjcZayHPp&N-lfcyttf{ze1M$lb+Y#RCA2&{r=;T@+ z^hm-HmefLNF0gPTbMF>=1rNM~JTb&9ctGYfIqnJPh;c$sTBqxE61KayK6_KB?GD$} zm)l#T!KP<@0e*8xJX03gjxC+Tp|!!9oh0jz6q|+v_5yDYi6`tHLxWy(<5#Xc3L|uF zPH$(ey`XkJkI7>KGK0Txh=rF456!i{3i~H#ho;5?Z(w2O)hY59L0RAwgu65^M0^{6 z&B*J@vL&y&-G6d4UfaTqF+E`TyqEar?%2!Ef+wnXu^QwCwt~!f{lQ+7>f&A-iGCh> z`bDtGG@5Os5R9JEYagBpu*b<~YkRwMyRRU+vN`zu`Og0#_M(3&^}5q!TTI}fK(1No zbDp4l=xF~Sso1rU?0pfY(w$JF9NMlw6(@XD0|c@w^T-hva;1` z?dy~k@z(FYWE&V!Q3p@XclRC*cf(iih3-(-;EB8MTZ`LNah%Iu2ycX^fKB^OcZrkr z#)b?Jfh%v~>mzs*Mr>`%`87BJlWt<7q9tCRtA${n7o zF(Xe%4t@Iw*57iWh%*f(1mR}At1m*yW6uOoY>FE#D)ZT=IPhtDM59A5Dh-_1X88s5 z5(v0PV}@($c@_s}A*t8IIuWgpBC=gfrl6q*;AqTRB6uoaix>r{ii+x@w`Zb&PV>dX zmZ9cJ+$Mq~wZsT1;Do!*WR(eC1}A>I?dWSJjQfEmpp-`FJclN5JD0CPj=R)o zfxCj%-YH6&lbl=}UC}O(N0aNj!Q6TCvDMf2Jm`L{dGZkhU)3P^-Ewa}A;rk-!%>@z z1Vcv7@`TP3Ke`K=J0JwIZR4B(0j?L#^M(r`auyNf;94K9u+mz%M%NhNpC<8FhZLI4 z?mHT(Xb}r-4mi*ppcE{KR-zkBm*Vd-ckjH9fk0-HNd40@Tf$VR1<0Steca84$Z^jYX|Cj3iU)Kpe;5F3$ zLF(cM+DALAUf33rd%&+P!+tj-;hS>c(Is%Y^2IJe%p2))b!&pldTz->D(C}|l|`;g zEE2^wQh!vC{Q#RTgq0W7ndw?=a|+!{ZW?16$2(>|MVAyWt|=h3Nd}-&2p-fbx;yzZ zes6GbuthL{Di-c`w+!Z2iuVCdL5wdRc>DHrR>=TBAoH_rXgm&{?Ql>)Zi6d@O%!ze zr!iH$OQehK0cs9A2j&YU4Y6NAHuDCqmk_dyqTuQHT});VSr1r;4%azJGbiakaPB?!=n-78OC++z1CG$qXNxSeRDF+_QiYuLPM1Wq zR}*kpECG+kOVI~<%^7OQFm%Hs|G-i7?39!5n$4xma$Lejh(*rv!uZ9_)@?t}DJ3kz zMJBgd0YPh1LTe8jJD?u`&T^h~%Ll@2bOEb8K$Uitwm<6)8*0NBWdxTS`=o%nW+bjp zpI3UTT7M-z{d)yp|{W!c`S> z*|Yd%1Pfq=%VeVUVl#&$J!1L4rwoi_MBjO;^~2r>u0tOr4y z!39!7V;(7=40!C20?Tk_*(gDh^&@bLA#AA5GLl)?XRw8Tg(F9E)Aj3ryA>c&jFwvi1F zFcU6$@68p`U19Fqbi~Ih%Q!;sA|&iTdC!xry>u}>s1nor&pXj6guxp~EIok~LJ|15K@IuP^M0##6;uYjaJk?jxUonovR9V?xQ9lw`B8!J zt8|W%NC$nJS*jD!AF$}iIYXHOZY3bLl1QdchQ)GPjH9DTcvh0V(N5TD=KtVPeadWw&wxcoYqZMbHwzruQQ4%VwkzP> z?M|7<;F`wdwz9awZqLy1QE z8=E8O^^@u*o?pzk=HMB5LNv@(-}LZb!O8y(5&vUIKRLn49xB`~Q1d6hA`gswxE(&G z<$_4|CzA||7eA7*J%h2?Yy5FtXHhhx;@DSX_@pu406BX#9XlX?&vFT1eC(v~%YxsU z`MdiSB!lIDYr{P47k>S^P)o8>KS~T1TZg2n{UwT7TLTt%5wwb86sF&uu48uS#uBh~ z@O{_a&L3j0yOu04;{4i-e4n#3c8Fa1 zv)Q{?;R@W|uE2M4m(8?F5qfH>G!MdqhR?03g=J+w;WtaiNZ|)D?#i@=n6!HJ0 zywF~r`t)Nub9dV^D4s%!x7IlaxWhFuHY3#1+x;+eeK$ftksSxOiBTKdmKM4gp?){z zcggX5hS~!fPhoZu<@PolgJS{Z!988{vD)=};=!NAT6ZSK3IFnFvG08?c^y4%ZKG<4 zELXxjnR!Mytd}~Frh3rjFqe1SVElrmK$SHd=s9vDvlBIeu4I#6)lCp(IK9?Om&K(3 z^!J$T9shAbjH(at+m0aH3#lE>Pz4v>-V5Y>>5yE}T%54m2W{6@V18BC6VLSQOOsc8@gMU~Cpoei# z0nn(r#uN5&1Nmy`#4A&nvX|p!6gi2m0u(_0!|~>e z=zhf^+zU_7qpjCAiRo z;6NMJS@@M8;7eOz$-!Yoqd>P2aX=kbcN$C_(^L`4Y@knAa+9n)kL#YdkM=Rj=1c-Ypt(HY3GO zHI06$ZjdL6jgf*4_gx`G(T02X^W2K#Rv;J{eWS-!&p>rJRrGr3t789q_8d8*xD|OT zNWcO4%flC9ZgarbbkJuDc=%H@$xK?iKL0I&5x$R~wH^xE0-WG>O;!gUGbnH$wY~|t z#q6lyPFUWX)1N`0Cqjn1+}V5?%Bq=W1N1Sb!5ueD2Xt$qY&Cy4HU2-k-aD$PZ`}f= zDIi^xA{`V|NlzRAzb)AnktPV#Lc1eK(i|tIHUqZ$g(!7OdM?>9)wBJ;V}zwjd0NQJagW&Je*>QW z+fpgwrV0oyWsvokh!rFebKfub%$eHdWDRtCB(ZOKJxE8eqj2-ZrnMbc_(u{ zI~r=V_v1@@b_}Q@@@)d@ai|G0TypkQwPQTH>_>7yAh7)0x_MVjZ98^l$1fTfdF9>) zw?SgQGxfpvlNiER6D_lowy-ca(-QeB^$=V_VfLT=2l6Lf&tVWw3In>`Kf>B|&(tMj zK5}L+`PSQBr8}YjX`cb}QwkWlCRcLgx zy*9tw4IBj^lb^=3oIOUy|IKJ|D?l1#0+@J&tt~@tWXE(AevRyYsmks3QyJS@=l$HI zBO>SOrQGUHsH<%ZOiP)Kjs2zqK+;0KvYcFpf&v0R7+f^)KGU*}UJT&4k)K6f2yeS+ zY#{Kt#PLJVn0x#Y!!k|QH>#IDu~2ije5$6|hthV4l!}86;)btXnp(fTe-f6?s z_PRvaaUgw(YV!-|)m$+!*k`5fjhZ>zALatF-7F=q+NUJVSM}8DAZ#OQs<{0U&Gu33 zghuZ4YBAt*PL1nQV`miNmA>kD1Ts#Sh(q5|PZVWksUORSVAnCrRFg#BM>l*>z5@8m5Z%~{HEE13=fZA6^j^Vx9A2L);_ny5w$jdoPczE39YfV!MKx~_{ zJmq;S9*|>Uy24wa3oUa!rNfX&K|=o-K(-E|nKDS0OOH4wGW}sqR^6Zyq9>&Ut@P;6 zf384htEKmB+((7=$^7miPWbl27A;_|aT}A5G1dx~tUH!-jN|Mq@?P7IxQ-8$^dIJq zvlBQ2GcTg|Z^{jsUMsV#c+FOO+E!9*$NucGn!9ackihm+uDDK8k$5!9nZ{`Ouf);r zZFs#6k7jm&yinSqy}kWx^{=Gly<4aoAN@n-rWPw@Jq+gOK22syM}I8w$q8vF-#O=< zT>Yt))3HrzmkhHV-$5GRq39qKf(ESAfLtR?==NWE&hYzihf&!$q53d3dYe+0Y|O5+>0xRi!-Cw^qF~l?VI+DOrh**i%LeRNtc7Rud1ypzX0ytzO6>D;Wr*V ziK>9o_<9wdJe$~1H;D1*r|i5fE*pO~m?kx?>I+=4vhT>h5zCMb`+7%eOCVEU79I8A z^Yy>}>kMTi<_Afb`(rPjj63FwUv&Xhp`o(+d4J1kk3);8rp3fGcCVVz%`b&z4a-H9H%=1V1J zsk60NzHZ%pe!lV0HB!bo>HwG?P?|4kq6sOap}q=#vS{F!IikWbnK)x%gt>KHAI$46 za_^R1h%&g#Go?HU`&*dAO&ynqW%@*Z_Het=#w-du2Lgl9BXkltI~3-0U=O|S zd|7x~8mYxA?J&6SR$&~$j{M^4drvge>TdpJJ_dC9GK-VG9P9HSxo*FSE(>uDu;~`; z-;d9MS_b?QXE$Kw~ZJPg;s^Gd7J1kh<`xBMVn&u;J%%>_3l~&SMAU&nZ>!_-{nKqyma)yZc7d zY|T4CN4hr2g#_a5LfI#NKCPvdpg>o1OsggPyCqcL2d^%TMZ&*i> z)tANb9%myJ2T#eK)_*-52E2qY}!+fO#T1u<+b*FmL|Z(?u0JHL9IB@b$AeJ{mw%Ur{33|wsr_@bNqMF)Z(wGZszc7DoVpdcq;}OzK z@)3I6v@Q|oksmN-sI}Y0<@$vT95u-#YQ-MwHp9PUWkDRgBmw|^?zHKSY~ZWznwA>M z%>1T7o|6gZ%2t*W+@*@@bL!k{bQXg&tIGRLv~nfDgBl zbKcY7y|uo<304JYjxoJu={UW^x5Le1DTZgRP<~F~{#j!oj4R~mLG3f}OBeENn)`5J zit9@PkB*##B4!PBc-J~khJrxQoNfxnG1fK~=oE@Dv?njCt*u?g)63cGqWu{K!n!;S zHsodg!xwki@ffb!rqA5UD7zT)(JwX}NmCC@QQ{`CxUJq_|DmSxw(6(Z3Cbs6QvWMI zkA|=2M@R)?pHG(MNNJFHN!fr(>Ycde4Z*anx%$Y#T+FKGnNhK^ui72p9H*f*4O%;f zt?q@0F2=3}6!K7rbt&%F#BAzR2PtwEJnM=B!%Jwl>@uMgn5ThXt1G&?K1s8M21M>> zfOTNM)%a;1tJheUy>Zmb5sc}ypLopmg`6@0=dG?KH5P{3naht{iT}=tA3cKkZR?I@ zz*z}P>{kz%PhX7Jn9HcveAB%()v2{UWssoKIk9jQe(n@L=Lnb)R?fF?BGKIqn7hfH zd!#g9j0R*J>17WB2xAw=xLZ!IEn1#-fAY?4KIu+doXg}YYi<>PfyK_AoEf?P2>$#L z{P|{*tZ9R1MI*?%FizZ<*dO!lrGrL@<53#^XAvkoftur*YVFuXHD|_qOQ{v!ThQmG zr?N>D-K$SmxUX=KIeXLgrp;lH{F1zn6M}$_%EwsGsCNGgJFzddjqxMCoz2)=rP6o9 z{;&ZA8P2sK6PI)UuHhy4n_}rgrj0^tfH80sn=FW>-7=23^7j z*LC~hx9uIXA@Nq=`RA^ii_!SpjA^?ogfyV9=5A+O_8_WaXjJXwZQh-5@%!m+VRt+` z8;%e``#dClhlDvviaVtkY|@>Bo-ac5s=Q4vMmj`!J%BtH(Og-U66BKhD;!EE0qoCA2hWxE5TZ+ku`fL@ zq|Tzcb51gvL}k5sub+6mM-5vC9^Y(S3@x8w3O->imor9`)AsQ*i;E^qYHVEXQ@4)@ zpRdaaTJ8;oK$v%58sJ36sDo&9Z~~TH`Cfr&k5<+p@8G&UrU%BGOUj*ex2MYQ@NRLr zHMt5c1nRmrB>31R?gj2K-lMy1jhFoUoo9sdxO>*l#q1V-cN}$UyW0%yW#v6k$b;z& z!3P2MmnuLVwPEP~(I@tDHgWJ-#wSI_Yi_QKonKzWboM!w361&Twl|b5eJeW;Z$w0@ zz_%tZpBS)Ga)<^0V!zD4Iub4LztB}Kit)qQ>RE{PdFIQ?qRO7UE$<04N5vJt$4k!j zRV6#dvCP6I)*dyDb{aO(ogx$u*|ralxr8AMTBd|e;KgoPcEx8TGs|R|mA_9`Xaomp z1z!KEn?%DfG~7mbLB)0}l*EjTeJJwuZZsFm#XzRaXy4y@FuUW0okr~9AA>zOM&B2= ztC>*%5_)J=`k>}ZVnNN|erBQc$3ne~H&?Ekd$Ve2@mwCafxYJvSLmN>U|5%h+t>TQ zp=o|B;r_NW_1r3{5x1=F`BW75)8*Ip=hhXyO7(~LI3A$m|E zL=wYKK`$I!VL4{=r60nJeKtRTgq|I`g{1I03-^#PJzqy(Zl$)qo7QO3C~7|3gIX#v zIN68i&1*lA`{MtK#>G;WPoS;-{is-$m*G3s<5;kt$>%3c$EmZHFNjKJDh6Nomuf9s z@zSs5?V##P2vUk(wifAaZD&^UrY5>m0#j=Hz$b;d>67IX-MWU7SDu^oCW;2^u5Ez` z(xL^M)H^wb%fI6i9JT?dteY1AIPd`IC_*z1KhQurrYPJf!xDT6oWV1KuMy z6|DPSmqvdkN4?=^WWjr@ddd$awcVkd&vg#JGp>F~Ny!|d(13e6E#nHn(Cmf#av(|Re^a@<-Q?9PcuEhBya6BDsSm%h`)*9^hTXC^)0J*OXZbW z)b{d>oLwjOiI1bdm`u!A;Y%yPgU&Xr4s6p;yLrm@hN>L11I@Y0m;#h*TtuGRxOh^o zBN~X%_&B%MV~kR-B`6jQWN>~*o5k2Tye7E z_1>+r#Be8{8%i82l4S1CK~6OqpGhY@5ZvdS5cf}?4V00fLwk?>X>aI5cY)3T+4sw) zSsU4VykvhiMHs;2$eD1og& z9Fe_jQR1ZtGU%g1*J}rS_FKNJxz_`&tS+(Bju{k9cf(&EkVC?VNh$|0#1xP(82JgY zA8^>=ALd8_Ac0ahXhDpayad%{wjcXlT`@qfjf6c<_-OkwtW~K!5X;T!?w-sQpdn_% z{*2?=9!rpIW2krZq@jQP%?L-O_{Tdx8f^6>y|!=MTbp1@D2b$dCiU~3m>Vcb+n_x- zw?C;9>Lj3T6As%SeNh$;pfR{!JW_kbWxkR3RMutY^+%Op@9Iw25cf&58N3M&l*XC!&$@{v>Y?Z>l?|m#E ztmHE+2uA>TW_;X(1iD1|0*-!Q*%sSvNh-r8e1$|c-s6gH^e;uZ#4AU;)1Ry(1C|(q zxCgp;Z!pE~pQK8NSNL~OhO5!?J(_RtioWb(@!1#3(3SEl+pf|i?l7XiuKbmJyksHf zwe(3m(eOE#*1zI)#6~ZRPcoOTtt7B0FWvlZ7U^^9@{gJzSj)dN2G&$uJkBC*w3R z^?P=hy>A*{hQ495q54b}{+;=zS*7)-9@`LMhVYuY zM*`0WhZo_GD9poQa~o^x3KiP7k{O(IX@0D{O|jr_!-}Y#@?|`*OZOU+p?IEFED-Fz zNNC>2(SXNb4S~ACK1AGNz z!#{@!D8C4@2>HFo!4hUeeW2SQp3L;<2D-}Jh0+%3FH1(Q^jYZ7?H7zl?T;_ojTk*L zdNpYUndmoJZEEz|PSnTM&Uj3C!7#Z66D!<}9(gmdI)M&^-mpa-?@=%P#U zsEVAq1EG6gJz?M>UI)2_fZ~V7k;ub+Av~^{2^7p~m;H%o%()O7 z93sC9kN>Ba^_1#6IlhL>_q^*lT#gr@v1D+$(LGqcq-+u^ec^f8{L=bnuwJMMz1kEo zD*RaG_~*T(Or4Z(W(L*26@nSaB?ErVUSef8K2?9+=dkAYFGwN9wgAn$)M`|42A!^y zCtqN2D$xFy?+H@sA6+9vx>cDMZtOuKNofD=RgG(^d;tpKopsL~m=a#Fz+V+Cw-<)# zJmscmUL0t-G%vtIgO0Cr$?nn*ukWCvM0oLe>odp|AgPesrurpt{^|iIi+nraqa5v3 z8iS>Q*0AuQ$Ao>)IjbsM(OlA1{65nX%)!y#|MV9nMbDk(Vh^4ZmyY=&<^2;Kb8Pgw z85d8?7|cM8--lZg`EgH{)VEA2Om-BRJK%i;dGR75$HJJm^HU+6#D02ek02YI#Wa-j zV6g^t#G|b03mX{o-nY9aWEvub?p|ml0oUR|eW~g)ug=5?1-};q)CYrIf2&q%NKE^} zM8lYHhp$N_%2MIoNl122ICQ(?BC;9sRVS1aHR9M3xgj7v6Xoyw{)l~fzu#jNet&;z zvDucn4RGquof7JHm+thFdNXNA^E(TPk?7z5qWV7!S&M#N($!?bq00AHLz%>5nGNcS z$7i5aR{Y8u{5`q69H=E3y1OwVF>W->s?4(C`|*xT**_k7Nt?){5& zq=NXdAb=S2N%6`u&q)*>qM`Yz+t|%`te>#qp({0gPi5p81e#sOlzNESdnyusFR;;4 zlIKuwAjXaIAS2$;jOQ74UFoxXcb00}*FxA2Bt+hvjD7H1A;S|M6nEgIzuNxuYb%ar z$vl`-6v{%^rE7}jH{EQ3_^it)&K%dzbG>%#mxEiJ1&N^-9B1$NY^q#3d}{0uWRZ`I zB=0`hEr{fd)v30zo5Iul1ttlk$G##c+6njn@;n{$;OHU^w9DJDcF*aUlX$LtpAu{@ zbVoV~P$|}t@2R{%ZGPYkug_r&8yj>0+^d`(yOKy9OLvI-?l#Ie-&1cQ8rD}6{Ay2*OU|XjSiCZK zANJcj)pUEA)R*>!C2wY|8N0Bhz0#Kyib~p{gX2VrC6jeBP&k{6;xKmwK(1W z+;n&-I=^w>|}hYIJq8?^`%_|qZ(W^6Oz6_pn)>TU{f zop0MfJAlOUN`bf+&@GK~Rt6*_tq!OVWi&rCd0R$q1oWvqTSVJu&DMS|ZPL~Q>rUBZ zhLS&ilC!rcW7DihSc3>F8;s}<$Q`S!EiT~G8iWV_MAD;JL?GF__aK8Ry9CG}Eq^RW&d=K|7 z5!oB`}Iis zz?ZcIr8S%1O-EvwiP%zW!ds37zv#CO%usSn4R>36M&{h+V@bEElivnZoq#z9Rq$Ik z`{f7kyf^uAu*K1(*7)cnB)+8{y%l0-76F{xbF(ndp0429JQ0Ozy`lKuknL-+!_%d+37})m`{MaQ762udqlpb zz0khYeAL17DYq+~C+34rR`H(xW{&f4BUX;k&GEDpBi2df= zE0OS)`L$^3>k)*5*uCMa)g7$wr=k8|y{B~!az|Lc$Kjq%>GWcfDve*}9=(@MXSiL` zc|MGW%{vcx75Gf*X9bF>k47f`2)w}tMFn_gF(AuaMHq@~cOKrcNqqX`2G7@>)eCG2 z2hy&)I54gS6Q403$Bt}NI;f!7nEE(Y_iIw1G&*Q2ZwqC71E5;mK%;JVz%=X%J(d$M;x zipZ6aW}TVb3`2}8aM|9ccwS<{H1i!aF;L{#+<5F67ImD-3N(kJD?Rm@tS^ruiCY&o zqC-KyapXf0vM53PbZppPIY!?fZ^-|Lb>KTv;E%zTmPoqvn=Bu;*kHt}vYRQ623Q@M zRx^0`*pc^$!|Z6d-Pz|Bfl#vZY>$4(Ly>GyI^EWbvKGZULHlSsi(a1ORnd%}{4C*! z$R|d2QcO1}W;RY8_UP6Tjcv<-w1Bf+N%fDAl1#@`%T^0rt4XG?4_){Fr_uBuBj*mM zQ4g$i48f5!62FNGH@tjvw>X{c&=3f< zW1g-XF8@CWmWxOHB=Q>y^y}Ik>)YTK)i|nc@-S70fJFWl4t1J-1hcnHnH*Gy)^Oz? z*1vx=pZ)1PkW(l%H+SI)OuGBp#8CcCjSxjXO&vwpZFtm6SiD%W zeSp_Pum7`j(BprWmR^)3hBTVX=F5?f)eV@J{EsiVq@)rTkJ6bz_O zs4?Fq#d9k{;AdDdDtbB6aY-&9BPfTUY+0D9rc6hAV87`>kXCxmG1noji}f(TL-Urv zMOjdkPEk==Z^j`)U|@(KETjJ+eQW5|p4LTgfz&FL;N{EqpHS{U8~U&PZ3)s)w_wBF z=JfhdNb?bL9rvK|RkTV}qtaHVJWB{=0$JWi?4Kp2UJKv<1^3GH)9hv^dox8x)bh2V zAllec_X$0xnWp;jBJ1|la zu{`5abBt;JUjgNaq;+ullh zuX-P6O4%uLN&)p2fuD&lzV@?g-nxByGN30MlKk}aNgFcl+Hon(^SlrQOC0qLtGV-051_)m`wJOZKI` znkg>w?c@_x#Hcpt&z@t8^oQA@aCo^0rpig@r}{=*z$4d&IAQgVWFdJv--pTMnZ^!x z3&x!$lA(wr`?YXZhh+3DOuMJDJeDNFNV0B~?|uC16Bcgw=-9=@R=VPg1>8rx8PAq& z015Ovtw0g}ol2juN>_JWyBmtV-MNGNHp}5Ecg}qGfkh)d^4f^e&L|nJ;h@s4G1hNWCyd5 ziU0>slmbmCal?5!Iu_>#qxH?iI<3+MB6#tFDt>Lz+iOqZgxK5EFnjbCzb3uom-99_ z#}{b57isBs4j0kM5lj5jxNl&WUI<~W3^k*&I_TyXZbRAkxS;_+_Y?omB&)4-j7 zt+;=5?I9c4hL5@NMVa5(0jL)XxL5AmS&T$>^NJ?LD-^_XN*5>}_I&jV_Q5|;M#nKb z3})7^1?~mAF*rPq=Qh(?Ecq}%tOCg+-eFrXE!U|7Y7V7cry6|>7|t5-YuJW_J*o&5 z``)~S?n*LH7Vs>;$I=hMofcihIXQ`%X+oq>F(G-CD+x;AAJyya@r z4C+y%Y-X(csZ(;Wqq&A%+=p|fusa$R!Zty(AoyWwsMY6PK#_0nEPJm#qP z9@uU;f1iY38)?oYCXojlWd2Pgt)MK-hwlhOQVzwAf zX?P&20$NDf8Wo1lV(OGs4YZa6lSCqZVht-|yqCY-PQ0AtbelW7tT?+&kn+&f!e8!X zKc&Z|kZkFHj4Gu4Isb(z=Z(BEw6#&h^FVt}nUy=k-G5-a3pG_uJ8CY`tQC3X4#7Tp zIF+}2b1TKhsZ7DU?e@#zQ8kx>_;=IMYxYhzlKL}b3Nbdgd-kZuxKfpq{Wehl&!-1I zf71v)FJPA|?n!@CB1xnnYKlU_-UM4}SEGyP&ESprO#^O^?@X?X=MV*AmXFRS!Yh^a zzZ>*TWqt3zNA&&kihm>2!^quVOLn!+p8KH87H~RlqPnEvM#RAm!u( z+KjwhYhR0{(Uqn_{+@T2%BZk^6@PZ$d5DinW~|>I`T{()+kIZgm~@A@*k;IAWSWYcRNBYIiFpnM1LW>#WQg(NN~I z`uU5@8CP6gH~r>r95-VfXdq9^9! z>3gvJs+98s8FGB`-;ro!;Lr;>;D#kgX+&%mH4MvJ?Iqjc1)AW6U@DZDm~5~Iq-kREqhPvy!AkF!+VduJSs^zva{%LGcV>1(0^y;!CCLd zMlaR;pC;b9E*Jk5c#}9Z0O6^H4?sUq=WV!r8{)Z{z{+)qO$vF3zx|oek++*O*PRKy zi?1(tb3}66`@i$aHl#Sfq4kOrQ4wtaIVb-dm}+rm5h8w1EG$z0o}GS>)^t;l_H<34 z)i-(KNF^9mYCk&>`7F5iA~x1@1>thOHa0qVR}KH$1d2Z|XG*RzP|MR7!FNqIOA%^> zlM^1RS>s~t5l?Ve9Mt9k7iWM+In&XV?n_!Vz#aFk+4mL;gq%nG7Y>7}RTXw39f_-9 z$kffq0eFSw;d%18`>TTfdkHGFB{+x!YOUoCpS0i6)LrNFm&Rg1^Vw}xH9lyd-uxZn zcqP-g=0CoJicv14i(+w*G&+)U#@J6L3N1P0xur1{g zb4Zlg|A8N)g4@ zR+KaJ;()+~{Ns;@7u1;Ikd=dO9w5lVSh==|g!!tsAOCH%Rz?#9@WW}ZHDR-FQkPpO z3ApYKl_^s11%0AM<-iZ+;<1w^8YGWT~mZwB#@+pK39kWvrPkidWCR%B+$w#XP-?&tscLd7J_zvg(Zzs4nL@3zb1^l>(o?vv&Rd znd2mKyK(urUmZ`D?R^uy_4tJv+3qe}>Wle7&1eMUlB2pa8w_Qr7?u z0GXNU_km5W?R~4g-4kJ>r518JcaCs0OFmtyvBheT*;Mh24;H6$!ydxU7}WYXH4IW~ z7qJ5Qu4s=OyTwrsL=?bvbYeG4%Yh4WVhjFU%eXuRj_269$q;Jv{7@2#D*j8Rp{?Ct3}vFmc@ z`r#Jc6CV!>1^F+=MAWRq7D_&6DtdjWKl-ZMN3D8taX5jxY=0m<)BE?dljUWQ)bFQz zjhFC4YPa(|8j0>nck!IdD1)F9UgwK|Osh04CP(en@1-X5&;N6R@oQrQo4OUzlm`z3e=6hI{^~HWE!Xjt`7F>Qci?doHTEH1p zw)$#i@mPrOeB-c6%^wn;%mhV2u)+6(_jNAoo6gqMEZ~PJ0H}o<0rk8T%4V7Y_pP^O!4@+wFZ@OWyT&VpWnLh)IxMiA9wUbu-_)huhDKK^s6vz-E zy|1D&ICHk+b7533HWNHfx|!M+vwx__BwvoI5t9gWta)uprN*5*Db!}CO|b63q}=O7 z=o=;8&x?U;$dt9pK5K5<^Ypr4XR1S?J|6@z>+6rR-D$AkqXjF8y2a4S+o3BPsvEht zFu_OCId|Qn0*5BWQ6>=M&H9abi=a!Nh1b@6j`0px{9K)`4nfH9p8x^yfJ?&Oq-_|; zf5v>I9`HNMF;l*H(5~v;aG2p0`1f1(@031_rBym_eWd}(O{jf5#7f@Nzi(Rk*7ln$ zI{bmm{SD%BGh}yc1^GKg6giR~gN)?_Bdg^-Y#pop^}@T_1*w3Qn?HOJuHqtD0p2R^ z1Nhz5lM-e3%lUD+$!{TtINyGPm(w=!w|G*aU32~A|H~JW&gu83Atx4%5iP?**R|A` za(th0s`$UBw|ZFJuj1{gaFP3-g)zq}fA}d@dd&=bFoM95yz}z5h$hvFS-~bw!R6cJwWenF?R!O$qh2ND>Jm^rU zaq~vcjMwCd)A>~L3lUM3FMa1uqK3PD^`=?QtIRCFoF|w~RSH}KfjF?--vGoUkS9Ew z#6zV9ufz!$sNm{08?#Muya*A(!@O-3-i$q~e`i?o+*FEoz%y#+ry{tx2z;bCCvKg6 ztu;rU>o;#HkMi3-0XONyzWbB(+ZPA~F+;v;k5IYzGpVnBBhy48idil)?83C4=@7to z`7Ye_6_Rd6-F>^_Ro~Ntv`A9^8+?F58Di>*m?A1(E50P765UiW3B+Y1!pNEvdp##$ z>*5nNtIdxqT)8h?4|YE2QCykI2TXyWO9S%0q>gukr5Xd zpR)UWXDGg+6hu7=^1TtXX6Iq^Kw4Od*L-~l_(H2K!>w5%!b7#7!EE8%Luo)Dgn_tllXzNF9$3?#C5LF*Ed&~48g}Aug*%*NxHy`o!{X-o zeml-iV=9aMf?5r%*g}@0)_{n^{KM?aQ%pm7dBED5{YpXHF~rR548}r`NLcz-Rk~96 zyj);+pN2>J&*dPj{P&I@rYgsx`1$BE5rrr?8^R+Bjh7ti)Pfh927Dht57wd3)tTvOG#~kOU)<}chL@OuE7i` zES=2&1GQ8*`l6>Y+~B_gmRb2kA#7V)QYC*0zRy7l%8W=wN8WXRRjmat5APiYxq$MB zidO}CF|0HbV|eTA+wQ19p9%c42t-1slP7jyvg_}Ls1Q{)TlvuDgFC8pPR8ZGhlXCr zN9rPnT1ez+%tKt(m`3~{s2eRe9;oI@i1oYv*t&QB^hYFy7=rf*{2u(DEdPHpGja-p zdx<|xjt<86MZ;h!_NeTe#|6z&YhxHIryZ9J*j{vENqN9_mSZxzeq+I$*MP{gA*sUT zA6mE+o!sju3Z(3Z%~~v$^%98P2Hu@!s?;1*vNH zdM~6iD;ugB>3K)KQQ8JG&NV|?_QD*s*Vr9=R#UlgcmmCb^0*dBQC7#nOwOBeuRfd* zK9vXN2LLb@4M)SEHd<+9yVM+ZUP{@6k?E}aa?N0e9jzrr1u_m>|Kh-?lG%6Ao%5nN z76Dn4d*eEnvIYyPQ%PG!vn5j~u9n9l;^=s>X{L1Hb zTV7mX)rH^-QU=$UN1@P;usp0Mp(qR(EWis%c0zyqs<_<}&be4M93qhOcOu~nHBLS} z&-`0MlaQsb`IoAf(*`Nfv;IEay`oGL`xmD*a%X-J+^3;mDY>JCd_d6Ds&W##M0!X9 z>@XxwQaO!YDs+p!KlikPAxlyf80k!`+(stY(T21;z5HM*T=fwV1oZ!VD(Qk?n_0oyBH9GL2!NfBTbgoR?` z?=atKPvmxxW2YBsJPYM+MU{;=?*2B6!*LMgCzFiI?fYtxiM*VGOgysHbG*dM7gK?k z#K{SP1ji2W;m^>yZa}xJG&A_g#+P>g9p)v- zV%lDL0B|+LNmZB>sc;WTvyzlumpOR-HA|`ZxNh!399Cv(5_FD_!a0on0vTGsb?Gcp z)t;)33uj4v?+bHYg{?b_23LkEtJx`xRe$>5lE%Ml8~b*&yX6Nx7coCrBJ9;3J^#3a zHf&)waSLifoK2U<0hGjxhHF38x#Q1xI=2Pjd0pEDCWSf?=IUS0^QP5c$_0}B zIH+nvoqlKP`LD=V!7I}1S73Sn+ywhSDdHH&v%tcu(yGhU5zRTpC-xAlG!>vF*1XrLTNT2eNYta~)(1uHKA6s$O@_p5^F1q@HH3TZ$r>cccm z*~)GWEvrasw~3lH#%~|4$mBX$m_dHLOfv-4NkN+#(q<9A5TUb~y4FLKS@dzE3Y14T z6I9q7JG3QvHSF*nr;ZSYPc^^k2_Ra|B_WbrF88|(F!KV28DdYbN%(2b6< zQG(LXgZV(cE-Fo_bJ=0D$-(?AdTfw+0eM`7%QtA*PZie^WguO) zgF6{Ut*;7sfdhvJ(~B72OI1S8GNGZ+qhZbQ?(87m2+lV;{O`Q}|G15lFI1J~cZlq{ zY9Cf=;UIjQmpv&r@puz-#Mv3FqSCI5!f6SP+)vL^}hm3--3V2%_25elQIPNRREfc(u49Nf44dr z!`2U_4d)3z@IilqJRDnmJK5o{^rInRKzy;=T@r0$>39)@KMgoV$4(m0^3DPs{#r{| zzybRhnv_C$9CFhP`h0c2TEUNb1D2hlQ(2ggfU8pJITH&Xu+H z7~V21)*L>K9si3BYNwv85D*66R`ePjbAJ(jQpv{)yy%09NdRJBC@``jKN*H(5J4dN z#!OqZ5zA-mpwpqrYbybR>qS8W%mB*iVJVY+nTo7>Kz()z2(Iwk9*a}Tz3=D7O~n+` zjfpm3W0}o}EOs3-)!^1pNu`?fVC>9Z$}0nfQaI3>2m8P+7H>G?kajk| z2Yh9H4lbuHr$eF;J1T~TP2Y`43Uv1qQHTC+r9-{Q8D(;Qm_Sye(UMob%LOax_z(-h z#?E?itkem|e;!zGD9aBFJ-!$W>seU%bpS~-i40$;2kT_^xI3FQI6plzd|1P%0Nzu9 zbx(h`K$c8{cbGTLu4I-Q@_sI}fHhoQSy?8LL4_o!*&0*r_kD2B+}Y&*-jxns`~PM< zA6qVK)V+m|boe@Y4yU3ck@E!fpTO_g(g}oTz6L7mqdN$40(zwfEs_{W+zXuD=`dl&#UUF}3SqsL zs6lvE%>$W@w<@x~Bfu7FtS+l(4X=bc;FlNvJLK-^B~i zW$vf7aX_&BX+H35&5!wuRswxY*anHkKIKjfJ2cB9(PP$y6t)L>_rr+G?C`oK{P~`^ z+r@xfH#Zyh_r|eQ<{^6N!R6{GlHHDRUfBusiV8m2iN>x-u>+5qZpq>zog%)Nq0c%2 zR)%2w-*o&8CZd_vA%2b&LadM&^QBz5PE96EREJ-398RX~=RH`BqIm(KkM%1#rzia?AH9Bc&P z*C#Wra`0j>m3}m^h#&SHByjlozieVsq<%|GSj~<%m=)ORId<%Hg$Exte|79|jkodl z2`55Y(lpSdGT?Fzuk}P3q$xH|nngrss?m0(;c&l=y0701+}BhuGTB`oD+w!fG=-cj zQ7?CdZykS>$w?Z7d~KeGUauT|Z(Rp* z_^Ae^7~}b%e?TzK{9fj{&oDGK0j-|{g*gsu1L^6q&c9b}kOoL+BAu8suW0}KigA~x zd3c>{BYu_LX(Ptnje%k#3-p0|*K4pSorBzw@&94(t>c>9-~Vw$K$H?W(jlUvq=Iyb zNLXOeqeUb}jjo9SDj;1_A|OcTh>;>4LmCDfJz$K60b}fYd)^<9dOYX-{_pqCPyXPs zy6;zA`Mj?Cy5NaJaNhfhl84a@&>2$HmXi)TDh};#L0cYvBt(CpQc^$@kd<}XbBQj_ zY>W-&-FFl4zVdTn#ML^VGqsNRW*lGpCQ;=!^dKmuV54Ks!u^_~Bp>-Wr{dmT+|BKq zr0rSuovska)lqD|u*pF=G;g5XGhnEbNi#PU3qM%nS=`1zATOt{U*c?SrS3jJB1sju zUR{yQc?vTCq@?0!NX(hA0{Im}V;I|7cw-rRLwinG3Nm$>lEAlyZEvj2< zXJd_Z6xWMF`*Cs1gos9&6yG`hwXvIv$3K^kc|j;r5~hQDazAv-*n4-l7J*5-V28X% zKozfO=TbhRdJs4E-46KRg<-f=OLF(mS2Q9RzMoZS+1pTvKT;k{DTyO22SYGnEMK#oI9A9dclsIrrpv`Zk@4A8{#b%nOw02)(?zY zyf2{xb9kV+-2HPFC07-n%_i18yx$3lI8y$rMhrb2M)YS3aNRpc)s*!F6N~U&E}2b1 zk&@Q|EExtWp7^rfTY`yMs3W}?O^JjYE*P(ZgCHv`<`gw~vo(OVne1*I+|TT5)R(3u z6eO&Z%gW+wDBh9zzSVTPna-7>7H)C5iqq15q&MS>uA3b$mWiBnzMx-xspv~+Oq%9g zPd74+$NAdk(K#32&}LAL%nf55pe8;eZ%L>fanF@;40XR*o#d)`P_ZDsc$Cg|$X+mK zC^s9I8|t^H;O#b0TPk#*&!oyCGhnc-h1svWKUI_9TjqP|mJ4EH$)ZCm;6I*asbG%= zSz^QE0H8!K;*|hWD>m|UDY1q1b-Ad(;@-{m55}8B10z}96mZDT645Xf44hJHe1(-XXY|e9AniJzD zJOltDSE*5oKo|_br9YufUYjNBs=7kx8J(9YSq4*M#Q*4WopYP%)koBh&h5mlNS0q> z;1+wA#Gs0C%=k0Qc)?q;5rAys=(I+X-7BskyP zC$^rsS&)OhJ1RDIgTGwZByf4F>(Z^YqibH48H-%*V+OScTTsE4W}xEqY=^n#T*zz@ zb)34I>hA8{E_o3&2cz2~BwHsU(aC%~#!e}xvZSk8lwnFU1aD;AT^YBrbvux@h@bxL zopJ!in4SuKv23evHhRFH8~9nid-v^}n`_|fh1$9*EA~0Rxk99;_rVNKC1A68R({g_ znro|>t=qL71=q#R2&>C;%62+bRxexwn%BB>MeVH=WE>o!{11ANJ8|oa)n!?M^EWs9mR{EeH&}LT&rdIm+@C|t z3*(J1z4w_zCbSI65*K+=ZAr3hh{1NrBObkSC1IM=Zp%wS3wZ8VNW2=)Y%cqONC;kkrS)#v zij?|5PUtIS@niFW?AfvvVS+hiv)Pj1fPhIhYxvrpKHuG;KNgOCWiS694E(XtyKpjT z{OQ2quEUkITtJBBK-*K9_EPoPr?tqHsx;6afJLacMdL^k!Fb*oCzD_pb!KByo?2ur z#*Y(noLWM$6pcw3*IF6zTb&roi*LF1i?7dxyh7$I4vHAd?3Uy;F z3D(g0h}4-#I5+V7I(zktR))KY%eDza@X)r7U5MRt^pLUl?Oiom{v>6njxuJWBtl9M z3hADwRTVE?4mw;ssz%W((|H35rPwagI*jb>*xlc6BZxgza;X{j#R6Q74QyKRh{w|{ zRu4+}@)X{c5pr?gZScK;^zrRGi{?|YIKS5N-eza5kVD_Ci6AU&W9eRjneG*UCeJ%M za*ewVpx2~-O!oRuz%cOWLxl47rI}YdEm{dWio^x2m<~~>s|*pyw@z|L8Q1#FO4(kl zHXnIEPtB>*96V+Svm4VrnCXg*vCL_SMfh3W_jGZ6?r8D8)xsUhbyk!hTuc%ne40~_ zlXuuoJe-55O`*lDUt%UFC10rxyuo%SoMR<{lXwxW#5OlaupY0Hxcjo#P&4sTj%4}i z*B91dLKUrN3Dd2-cl!#_>4`pGjrreulm=p!bC8}wy9hMiIg zCh7V`@ycLK#nP)IR!L;#OgCKbt~>3{CYpR6U+Gd|SgbP13PdG?XMDBXyiroC+x*^R zspWJ&`}G}Ku;lJTswjx#0#(!Q7!Rx~5avCayfDJdWs!;h@2P&BZGJ)(rz zJJ_30EsVGY^aqL@R{5j?t_tO+TU%|!<5CLyo8T5D%|(V#-pxWv5~s4>2M=LJ<54N!M4LSXRo8Og;pRfps8)~%aL$@kjTiRZ5CG= zrYfSsR<}LoKIS#_=>8r5Zo;E07m+x-H&!zQL9`XzyuC8LE5>hoC1{m*!G zgCC-r)I+F3tR?&jkd_LsGEvpD3C%X>Lq}i=hcl(6gE~ApW2`i1i_gyS5bws?VIJ?U z%X8w-mS4yTM;iMLyK%mG1U4kjV-ZRpsW>MN=IQ!N+yk3lkvC4wJn@fiRZ_d3{C6aZ zvx$5pHgXcI=@8@VrQhJ)+?F}WI4|}<&Siwlh?#B2*lT~Hn18vuL&;9YV2>I)d{9|q zxqhXbpWaK#Zum}&kY{>#PNKi_zJe9+pZ@M&u@nmG{U=xWDY_R%W%;^rV@gIy z2KkHjtS5*x3YYZ8^Uv=L46Hu9YVR#eS>^A5$M;p*V^9Bi2h!a?hYz&!p6<+Qump;7 zSsGEO%H%rw-IaADgnCt$-kexqZ0(byQXhp|sGD$c%VSu(mD*%UiV8?m;U6aOHMOCB zQaFrAaU}Lx4OJO*^+NY)g!&`hXNsSnd5LhTlCPn<@g7FiZSWI*Usqn=C$!2$QD2$i zjg{v{x-Xp%;?_4%3th~EoR#k)n7UF>Uls~$`9O3MYw2MhfexZ>08#t$dH zUJ(8#rO5DK^+|049j)P0kD6=@z@_l<*7Z)kbGWnrP}R`~JuqF*U$oeHI3m=27=K3I z{&dgVdViY(YUs39!=;>Etg;=c&9I<@}F<@#%G%qW7 z%ci^{8rkd$D)Ilv&Rlgly8ro*qq~aS5l_NYkgx#d5!DicTMG$xjcV+^8=m3Svj&wp zhH>aSY3G^N$EO2g@=gXMIeey#DyiXDaNGosoW&>9L$j{<9mra(%3dKdycm@JEA{cu z7t)_7ihKBiWYt302jWF+9LG+L%YHIeO(5``?pZ)B2WLyUJkB+TTDkc>E{v%8-jO_x?1)R1>xjGCxENNff1UMN~pTpurZ1BtDmR+L~U;3o7G`TD{3#q~-Tpv&al{}wW_IKBV)rodP55Ya>KE)H#qP&bUkZI zWn2|8C@u6^RUtj#N#MUq_gYd@ZfmpHk65+ybWG37%gg-b0&jFlK|#UNIK2F8t~d2$ zSv*Cu!6~I9yW9voad{lR=(y;K^lwKJV>eD+LKAj}tLxzXccit76g=+NV6W);w2r(u zjKsmh`A@r%G&qL0{Ru_@&HWt0;XEDYOACa_ahqmKqR#R&y!j_Q=8k=~GRJg}TXxQ) z=2toxUjD~8m#-o3qO6yBzA+IFJWy5MKHNvD*aV|N_8vpKmfcuIBYV!v1)!}jCPL4= zMMVgE?t>HVTW=+1XDDgfzoub|IV|rxqkZv%rtWi{`mWfgL$P`Psm(z z>}>aXYp;5T!$Gq{44b&75D#%U5WtTO7pKMlC^;^Df|5$LX(hiFH@m~6DO6LF*5Qjs z-3@4#AKg9DkE-#uVU<6x=?B!LcYp91KlpkFDE|IgAI8S&p6!qS>~q?45RCEa97y0d zyLJWSu=0wDf66(p0`XF6aEJ#tM;rmL%@kVb#w8-rn<3H8>5SLtqrV%X3ny7+?u9q^ z3EG3zBkEhvo8Q~@K2u{3`K z48`(#mwzVuS`HU7W;kH0ip@4)*)q9SKo(+I$*s7Hsdl3kMLsLu=nFwCq5_fpT=$=$ z*?_F-j;X!jqUrX{g_hU`Mh{$9p}=4{{{dDs49sjk$) z&$T=rN;a~bd5JP$9OF6UKp(B>x!x~r;dm?WH6rzWiGg%6lKPEz#~UuBptcrmT5^L! zKouJ+z6rOhztH`$ro=&=R!00iRWq{OA(ZJ-z#yTD|L%;hj8EjR;Xf!}nD22wj3k4A zj%;m4V}HU&TA@HT@oEDdDt6M2!mw%^^MzLvQi7P0MfZXBle23Bq0yBP zO@ZmOq}&szDp!c7$K+wB-llZtu}!AMs`YCjfjoZij1?m|!Gb@Fx*s{LUfI9lh^VBu z^_>S&gU!>o>gCxkie-0mezTszLn$io6~QgG8E9XxKa7vQaR0+KY3=qf>as-TfhBB4S*FQ5@%{~z zL7to}YDH#gW7ugLd#96O4C+3@F;LCl8K*D!9HO{X%OwY-D209wpa()XUBbYAUT{Y_ z-G4x~^0K8XTP|$UL1z=?jyAHi%F9l9pfY#iuCh<(%!S!-b>`?JJQbP1vk0(T36ctm z>cp~Qzs3O9FWXaI#m#-9W+8vmz&{F^+ea_6lMPi~v!I^moT{{%U+v{E91%Z*VZnuF zH?!uu?YvvZWq5a(5M3PN-9HtIVZb>Z!VGkx1+^|d&zp#rgk@z{?MRo-{#*>n!Cw9EsEY*E^Ogl!@yVRJ6^*n|+j<^mRNnvtn>1ArXU0?|RV23I$ zq76wM#ey$E9TkWE$7*yAB{s@4aGZdI=f~d@NnSIpoXX3L(t^(Q%?2O6M4HbI1md1+ zmQ9Ovv-@p^9fk+is`@qd-j$fw3$w*mAtEMlC)*Lmk>&Z$_ott?7YYh;@_5ZRWVvzP zH(p!Ujge{r)k84dL8<9@wZ{^hSK?eBZXmtLw}k6RDf!Y~W(HRf15Se&osYXkqVE*}~?3qnio}o=) z^;A)Y<)jKeI#;OMR7Pd8TUHLc>h;5+{h}L3$U`XVCH6z=-G~7pv!ASzj6{4J1lwJQ z(0VX?q>=IN`^cLs?V-_;2oG(U>Hf&}YRXI?oix6rqrlfggO*TT?!)&9P1<))X#aSh zDmKYGja)37xn#;+gW`e7&X8y{5Dd&q^qkZGn%W2&%roTJc)R?%$HpWtM!t9ftl+O% zn~(~oKb&-v3SQPO^%R|$Ql7jTb`p*q>?df+Y~>mpt@9a)5R;f&t=aL6jZVZ%af4FI zf!xKit9}Ph@1I`fI?*WSPynGV&|7;v!p^%IZ>5+ckKGSyuUKPhU)~Y2yyV->24bPC z=Q=|AYLNcOx8GU%jj4Y?z!Q{ifU1V;bW(YAY~9jHiHg01y1kP1uL)kBUABHj@}&1P z?JrmqrOe!A?7!6lc=|y>BAxw`&ozC=#@m*-J<+K9kGKr|@LTYXnhy7t{d9|t>=xZ< zd<{v#m3~71tIpqG`BrfISg}rwCdy#Tgib^>zAw;eypeSd7e3pAMKt#KvMQOKE?D8DHQI(7J z?l8aN-C7`P3Lkhg>527Z^F0x0OR1Q5b6D0QPIyRo4CEC^mmM7jbkNP_)mDUl+FAQ5 ze1~37(8h1navm$E5A~j@LOPRcpTZD<@Un9o;x1LO%w>r2@`JhMyx1cxXGS~~ay$Y* zgGN=ROTrMyLNjpQCYPk0hcA$pGTpv&G;;Cc7a5QXJ+a!lubK6pf|7WK9THZiLyhqn zV-vDU7}3n{`){IPh6aeC@T+v|zfIK+xKElMC*3jLEh!KHnl20RkosFXiXuZl;s+K# zdEEMgJBH1IDtcwSw#;V(24sH;;-fl}(f461i=~$USAv}xGreK8Ie+O$ekiBR`+RI` zX892cS@PY=1(CzghW*Pice;SpK;bDt)yc|^crU6dz%&Xb^DxSz?OvRu;}{&M1njlS znV!W;*fK;GD_wE0cZ&4=P<|n3&LZ*<%KCUS%d?a7S+bp;>R*H3A{HNRU9d{=GMJe0 z`9QGo(9Q^mI#HzU*>MutUdePMmPHY&F~U5#GC`DiK!01#kX7&;RG}Z3mXYY;lN@kucBODxMXqim{WU*oiv7PB2Y1i(=#eF!)32$pLL|pom6lge zsEW3UH5SX|V=k8HTT5TeZ9l%~*+(^GGm!-E@L$EBFD?_LFko!;dzv? z?SKyNC^TzqA4Z|}ywSC^PX=hXn^xH1+q8_Wkuqw*tj4gF;k)Y__WzCF_bL5y$)p3l zx?iKGGqoxZBJukdA}B;STh{(d~}}+^3z}6X#E`ial(-TPo%Di!uJ! z{Ty9r_OBgs?Ctlw8b~Xma>GhwA}yf<#pp42)I|*{NwF!u5?$W%(`Ns5?N?0V{3_Ft z`pP~w^8bL1|Ev?f`pxf*4q3u+dxmoVc834CEj!b3GAXr>y#GpCe~wTpc#6z^2tE4m zwDfhxJ#kOSDlXliWBi4;f8+pQVuu{z2ZNg5$@d>t;onR_Q6F;G=H)+p_rr>C$Ecqm zx60lA`}8lL1EwE*PvzgX^*>`g*1bYDmS6WL5#V|Gu?7`M?<& zL2dt?!oOaA#R8aq^LdGD|9&H241YIDiu&Iq_U94*Cb7SW?l+13#m>K_*mnu_TZ(<> zkl%{(8;kr_l;1hzw=MRU&-4Ua0d zJD+Cv*`NF=H8uIvwS%mz^Y5e&HKZ6`XpQ0ZK41KzS7E;U@it0MY8R@APC$OR!*~(= zHeu+?W%tAl1@wkIf9P|9V#*53A&TQy$bS9DDt3r`f;TOl_n*K1;Sy61O6n(pLn$?U zPsqrrPyM%lD(9|{$v=#`{QQ6YkearD?9l4!UWxnv9=??V7(O^6;2)Rq!#v6SCr_Rt z<2HtFzxm(8#{S8rHMSUX{fnxk|s9*Q<3YkAI6EM8k4fd=5u-!jj z9H9Gz%)^5?BKN*|t{^0s~B;86yK*uug>e6GWg_|PUHg$JejE6Y&P0OUM4ap@a}UVKWCOD-)daKj+M zHlr*<`S8CV78!&NE2mS&5RRP_K0}vVg2}oH@~|l|WM*e) zUwqo#z?%h@+SyHRAgXJ@m!SHtqRDzyTIMTJCSP^jc_ z-(nGiRXC(Y=fZF$7{BKR8Z0o%nC(SKD^JJ>HyIawhusfYYFuV3?c zzHISMt4h=xA@K4DPmls^x-d-g^rtrsaDs=RV2Rh~M&(21~#hvdG7LG`Xk?}Ew&d<{3GXP7o(9b< zX{GSLpj0&&;m+};jqL6g+1*9>oy$z|s~W!4(!7VMM3IJy{i<$)HT-)RM{H$7 z{`zVnn@{fYDWK!2keo9?%M_mBE0$rZx_dHJw2HuTg%^}NAB+*EfzC-k?TX~sz*jhJW9ltj0cmuRdj`SPa88<<`7SP{*fj2u{cbAn zHsSdA_0@Pxm#^_Z(yjs!f86=W6|9hQ4^6B zI|EUtqt@%V6_98=`=I?;p|T$dE;kdIvKLHqWn+DP_5(+)XiCk*22eGhm%TlvL(9Il z;gH|K`xnH5@txu{d<+GQ`#+1c2cGF_91rkihiZXgjF*4JMJG%n=d@ci`r zRk7E=jY@*Zc&G>qbkdpbStk70hE=lP4P(Cr9)n7d$XWPnqaE)NmV(|>FvI3hL^x0h z@_w@Cp3}I%jXGI7NcmE4YVysS9b?m?#(vQONT$RP%Ei3JM;*Ggd)h3^sEr}HGNKs9 zx&XSq1bNsN(U@4NeYPA{HrgSJcKz6|6I<0n*hq;g1xVAzB1al_vBJWXdXZSEHLCWj z>dLL1)G-i%u-siC*V(c@WP9&kv5?%tLu(tGsDM3L8KBF-Y++-lBLYYj7uGc) zp3HMJ%G9osk==Ak64I;Cc%POw+sxyqQj4#_p3!}V5;jDASw#LJGx^!lpk}fC*7$0t zN!4PG^JhkN+p|k*@p&p9XvgWU^)!zB=(B;`=R9RW&P4%rAt77NV@@qMgXx2o0s`sj zB8}j$#}tJ&Yu0a?47h1UwU7>8a{6vwa&F6rwaqf%butk4-aTm&AxGMm(=VMreqB@3 z>CkG6(%Mlr@khA<2}Q*&3v05vD>_`xvLHobJVe5U`GTNu_(I=@>o;#k2GonsJVh8~ z72x{)xOvriN*=%#@}7~=xR|8i?QC1@Y%_;LRJ=ImaoM7LThB2>Vj`y$r-Mm~ zLmj0R&$|RZ=V(7JD(MG}cM~wMyt2E`22Qkfbq%Ga5;BT&HN?clnyyY%uqM$+f98)o zH+$1VFYZ>Hw6Y-7!C6HF394jrk)G-8HJ7npD9X=UP8M0f;#~Z}uj%tRxg`xxMBcl6 z@pjCLAL$%RqJgVZ2vC}I?jhWb;A(ID1p?-^45jLGaw>9e(Nf@bf=Zw1*33k?YS&<8UnH>n|0VH11B1VVAys+mf+hQMB3cEay*Sy|m zI~#RhvropO+~)XL<{_6i*IKT@-|YmMRNtFoig4jJ3r%$C6?-+{D6OBiR<$W1anXOj0bApc3}E?_^qP zC1npL**m#gX(>FQNVqfn`oA_rQ&A zIS(1R-*5pH2e;jVDA~Hv>;3A3`9ITsLbhY7AihcSjazq)lS}^Ll1b%n{jrUG?}Nr# zzSxNLWA2gX=`M6-=AWNd5}A{IUmkF8=GYv64B?M`oPi5h=Sqt%)on*}`#nhZTy&}= zHMGpUfbOdt?6;uXR!9|~!+qqQ#4X*~-j4h*SL|SG{{>(6HIh?h7i#fB^2;+GH&${g`+ZlWv=^4OsMt)u!A!3$`w?2N%i!SWB zL#L%sWl})Z`NA1vgtu1Gu^EPIJX^9Unog>lIKDe4G1N{YT78~@g!5Z_u6EN0XpTLo z+rdS`ACa1YJa|x=p6LoaV`qffE8AZt47k>et#_of2ggG)bO;WZ=BvA@pw7WLVwp@# zizPuYeS?3-S_2x@U7#>TS5#{@%}htUUn*7|=;~#RZ}wo4> z{aGZBwruosfBzXSS*ej14-U-0-k=K0lZiq+x9S~cogiy!*RI`giGpTL0kzqDIdSZ- zf;V;3M^~F9O_mUT&XH6pc-!HG85C(IvpXDk@Z2Vg^{kcee&n)5f|lFV=T|4#8FQ4E z-P(Etrl2H(>&M(Im*_^=y*M34IFrn($5Nb7c^=UMtWUbdxEqBOHvfCb;a}+%zaUX)Hf(b3%x_L9U53yfyO;zo> z^NrW?`>QIlGaF6zkLMEX_x(XWZ5gr;Ax{m_X_NLI*PbgbyGK`svqz1Z`&(}hUs^6Q zvSsczAhUajH-&9+kxcK3M zQ^)0(TG8U&`*DvddDr)B3#xGF9-GPQk>@%J?BTcbccz+TOP#VoTeAhPDJ$gMm%~_+ zq0L<{Y&RH?>u;!9Pa9Mc^PA@Qmir?2BYDuL*viLJ2{IjJ_|5xTi?yLcG7yI7fB>pW zd@_7IMpA2Sb3y#!z?HbgjV+rfq$t0zoa%|oGe$r|TKV12X+VQ1a;cUTI;n%<7e$h^ z>#8i!y8;63>6)QHJE&%DMyZAUURbWtG=tT6q%x`BHpAXQt6+au3mUcJx8k*1%x&?p zTNQlB;Z$|mWGcAUoaPDmz$77a4_{ZKA{b-Uw#x!Kuc}J9r(JiS=fm6K}}A{%YK= z@=yp-Y&0qmj?s8{D&k>@zdl#RiE~-Z}?#WFA*Is2|-fck8n8oNw?RUmbX% z3QyNnSyv4d>P^ij35S0<8WA0z-_nN_u+BR%@@d77=>6%_kQ<%9ZFYw%QDwYmSRkMH zHeI`s`QRXssWioS`OA%2kEE4~+SA9>ckg6HuwEFu($Sdk{i8IadVwrqGMJ4%{9~JT_h=Bi zn!$0K=qe`u+pa2y3%&>#c!LZKJ}BEHojLc}wh4EP4vKauK<-I`ieDs?{H9ORd8!y` zRGBrN^Tc)y8Bs4X=z*cI9neV|5Gav`bJ`r|op{Y!&+evH0aRpk|7fJ8x^g(-l>2Mc zlYxTNRojBvbOaJq_ukx&72~JBwtcKTiD)tDc)d+z;W5}{a%JX1Uzv#_7qhJPiK%Ij zDYzkr?iC1B-9cIFpPB%!sW)#lgCEdsc5x%`bi?!t6Jq6zo8NS}O*&{UQ%Gr*b*0)K zatC}zYzk!^b1o7KtHBL@nkpI@VZW!P>KFvG9F#i}wTEBW5D8%5lIeOI6LN8vH8oNia%LaI9d7Un6cxu<1M z#Eez?DCm6h1p2S`U(u5_n|g?OWR~@!u!enf)ThD8>3*rrppw+a^P`@JCyNna7RJdG zi@~SkbtvCVf|t}mdRrf8$L>%mWtK&;*ceQ*#nJrg)12)s-JxxpCU5}AyK6|Il%B=5 z&$tecBBa;keWC0dgi+S$oP9`yWj~@R#yREEKLcY8J-{vY1^T2V3EPf2cGS>`c@rzE zOuaDn$B3&A$U*tY(i5YjWp@-zN7AA{yUD|9^DJ(9c*H3#%S{Zx4zeFYn@YCQG*yV3 zo0q-k$-UHMoc{O+@Zrc;Y+Kpw>OB4TU1{JyP7TSk@^3k?F@;{S=5?BIHO$PkLL}B4 zObi*1mrx82bb;n&J(3!524ptMkE1lpOwH1Tw`*UNF>j7q5Y~^BdT+BmM%UHWof!IL zAZQ4CGEi&vFx^@k96%Eeu4xFuNgb~>K>DBUv7b=DmTS`=A-6R|>{m zi-9)ABhyzBwuiUb;tqQv_Wae4Y{R$sO-+oAMIdvXPF(X#OU}w$rYVP!;@bh=z4&jh zmJ9)}5G_*urwsfLdR1RYqqphhf}YrZC}|9!8M(E~w1HEC*~G3LeotPf$kE z_|;YeHGs>obDs|rl;qN&SVAT3skhWL_~5-E(TMtdoJ|h&AneE z2m}*gbP`9&kslPTV)2s~xsoQ!cZ3d)tlYU=2B(9vDqJQa$LE!|>rH&PE^sAr_2x8c zt7G@;a5$sU4*v%Sr?8^q%HLd`zclj~;nju?Dz$PZ_0Vt2{fb$n8PsP+4;{2W;@HMN zYv%b@3t%KoyIbhH^!WCwzTtd*Ci9VL{Zy@QAAP-@dIC)Hn+_2X=R9P|oVr^F8kyu`?nFl?;=G#=SY|>gSJBb8!W>-97!oLDb)&dH(!4t!v~FOK)yD zO|7`$FWU@f{LNC0i>C1&6`9-b|9SL4mG;fnlQ8 zRr5rTYVM4dQ6>QWE4pu?W;CGlgl<`E?>Tt zos%=$6l)wCHA7KT+4#xyZ&1oV?*c1eAL165W9G9SFAS~#6*j};;^OWyvX1Q6F$a6r zpv=OoVvpRb&usJ#oIl>9L*!TrG8)n$<}w-G1ldL9P{5|?JKedKS`ceL$7dSO1I!R? z6>afDgws^%m>#v=~OkNW*~J zDNgwcFI9)_z$=9**!nen%0lm3+i)cjzR_zx$uas0Kp7t5w+j4`k&Z8s`8!Xb(6)FV(mlJ)azL-nKg|C(h6?){6Oy?=_Y*@sW~OFfa1V4y zeM{NkAJ(NdP{x}+4#De#6S=K7Pp=sABBVFCB*KcRaguF8-gv0ocfq?eT37wQbA4t0co@ej^`!wo-u z`t&*bdAa?FP^iLQ*ykpG4X6p)yGpF$^foczDhzM8d+}t&Ak0_)ti!vv?v6*uSB{L* z<{E-ZRZjDzorT+}zF5!-!IFfZ;Ta!$uh!yN zZL$S3($a1>hoqbm7QQ{YEUyn+dN5MuS|Y!`>Kl=mSS4o)lO*>=4%MO%f`y9cpM(am zCTg8SB!0>UFBeXhpVsb3Mp2Er^YP=yD85idO?suN^FXjFYHp4>UeWi%18v=#s;U{6 zFJG?0Y;Doq13eJBNv{B^dlU9H`&b?)EHw%*#Qet1+A{A&BC{K;^s;T-7$2%f0lzw` zh*QXk0^8aSv~cIO`;thXOSV+X=xE+2BqWR-@Ar4JOM%sFHErV@`UV;L1kfVo<9NT- z`#_w^WUzgV$~vncW;6H}o06jXi4!L>@?rP9yuI9bp5r<&8`j5BleLCTg>^WQa)*?F z=|L950vOCdq;g4M7qz7no;82|!UdGbb%QNAMSgXBI4{o2=Kx3am14lIn1+hr((1%U zruXa*RpSt&R)051OfMf@+TAq0%q7wCgS`bPRoc`imcj62<*hOpKTVYZV*rTv2Jn8B zhrQ`-#pX?h>{)KMl(rGK;>A=4^Nsi@U#RBakXBSQZfuXK@tS&in@%J$LM-F%v%%&7 zuXt(CY^r?MdwFI~HUtORR)1T^W+0@ae8!bz};gt&$MV>3J>Sy zo)3Q&`JoMnx=48BIf2hvyXL(pVjdjzbKc;$nRQNI5)g4rb-ea49ry$M+uF}fO*a$i z@$yc+w4RfdnU>>kweRUw+z+)%H5__sX_(8v$QbT5cA*L_!m=(Y*}qV9E7Bv+D?dB8 zr>8>g#ED3dw~S1sy%7@e{JOa1_^9@QMSgxnXRaMx9vsxFXb(ybW=jyZ%z$5hP!QSQ z@4^z5X|q-IqW0vhmroT#N`bE1$&-%>ZTTj1?N9$^kkmgu4rGhaS;brYD6ssAB4Ke+ z`6{gL8UZ@F#!w>ONZK~Kh{f0=d>LtCl#peHu~LNO)2K&AMoR31A&@aDSu0+<8mdCT zf{q1hh?U&a(Gg&-otvAxeiKqseXy6qUZr@JH~F~Cc7>($QZEzeqOEp5{B_XGS_{vY zl^5o`h1zH;=A5On#o_t+$3TOn{K$`eAFy}2!+TLE5r>-H0C_?uQ~oDu)y94r(W+a| zP)GB<2Fa(aQatYk!bD;=L@S2N%u=_?(3Qpq`nzvd?O9w*wwrk7t6O$$m?pE|ns{$ndafSKu8(6KP+WhQ ztiKSPiPk+hYls>-k4eVM&~@r|toT8K02p68zk1OoUf%OHO^h%nlvt)a^Quni4D(YH zuaVfx$Mf9>>cp)^j*oE_KiU%biWv0sX$tz|xnIkgHvW=t^z`-wvE>L2EN#}~2R#mC zToBLn^y{UW*+(snmfh4;+PbFihe=|e8|+|k*h%%-cuV>kHHK3~(S7Z;*7}j3M^sx| zo4vJJ!%Cfy%x!&Rp)WOAc(Y8D#zy!L<4oSiQ32&0nzE`N5Q(@?BbNM0*#iaEBK1af zetEZ&#k4i$h(Zg!0(u;>UaO8h+gfV zASH>u+m&MO%j8_2svZm$m`rCsN66sGizdAKm#`7C*@L#W{nrD8*!W`Y+(k*M4lg$uYRVAyxyKR_%Vz<8! z(a&2Rdm|@cI@~5j%Iv+4MrKEI2)0bPfYWQ3vDkF-gu=EnOY42gYRtXqzvUua`I^CW zWTkSp^~aN#AUmdaGM`Rt>B}OBvEaGwd7FZ!re+QEtJMLG;rYiT44$2_jAr^ zUcVmxkn8Hm+)^3ta8OxnxQv=k9w>F7w7eq;dXS`psLgFW8(Vd1@amXK3@6_%`@7|_ zN+Z9W8rvBT6GE{LN%8F2v+%L7KKJq6BP>GYi~DeN^b|mgp-x$#zm0K+I+WvivsC1#J#c--NN6{m}L8*HBwB7FaOQbb4enNPh5VzqDB#FZ0o9iSylVxjV+U;wJ_0GeTDWDF?r z7jEIY>-LRnU79kAudA3Q@JTBus0fxILC9yf$t8XMo+5N=n1YpDcDVa|%TI|6ji)C* zsY)SosR|g|;D_}>yK8Jy^Sc^s{Xf#7IT;!A5nv5->|*k}L03@9_5z2_uB{5Y_tk3W zVY9&NPGx=FMKST+S(y)xQtbR+7O~&e77pMmWG9@>4D6kw~IEqmwY$BsNcM9{VJhP zS`)+c=JjhQUk7`8h>9ga+nmF&E2!<+a_;A!RDN)K{v_L{51t&GIHgd;$^4^z z!KrsB0W$PdO$u+X8$$JVJH?R5{=tT9X+Tsr+!k`kTViKvTtU6S+tX3^$m^%VJEe~0 z@9i?Hfqvf+aZ%~K1-j3=m}OR~H)cOu^25otUbXNw)vd)!^-}$1$<=s-?$LmnLTlL(!(1x(c%KCaV;9kCvV7R+vUO3+yP;4 zRlBu(f2zek?h(>G1*U6=%)WQvW@DSyRDGKT0<#z zmxUXI*?G(q7;UIju5PekLFMZ3C!W|C_cN-PgR*xe4|R*i;QK@NDAdl5M-gu%&Xr?* z1XB_=!gCpUv0bNmimBz7wvmxIb(@U_gzFL3qZa}oF5?A zWC#i~)8E(avVk+WVmDAa*lca(a|46f(&a`r7)Z-mn2i)ucS0Iy(h0n2FVC;h;UOGG zfep(m7WKTLtGxvPmYN_bx(pNtp2p!Z=qZLlD1#Hcs3n!{MB zzOl!Fwajjm_$JncCEb7(454&D!kS)`7)m6nZC!nnIUEm(RT5&Jqdrnnt5vQ!MwY8|QpCE`SbuMpm}n z^|Kl;PzEtiF_h6HMa$TG_UwhB)EK772#I&4Ho7Ep2nC-0dD_X7v+JMHJg&+G026?A zWAx5~RXyYPXSM1gWgr;1saqaZqrSd{5#?&Qx^OgKsO;#AIvs+I|Km8SG|BQ6EkB={ zC~He+P0eI_I4EtPMDF2U@JKPFMN($7M`iY89<7LgP#9auoJO3^3B%TEo7sejsHmwu z4}=LRSGy*#N?;-;h8fWM2|&zb0T!yI;cSM*7Sv6VFT~6}y3jWr6dde~RNSmr$OmJs zJUu@?(A91OVxdMoaE~=!_Ep7YV;(uT#6M1+oL~KNa($kU!G0Ox^R})InVRh&L!2lIfKSk;g}cNjCI+8vv--Q zj+7L%)9N0f98^54tQwgG8kH(M=^cSPe@}e+FMTpiIe;v(W}7fG{dtaM&IpNk$KH=X zNcJQI?+G)xsU+&0&xaK}S2FnN`jYP!|MOK4C%jJ2da5--Zq;^@b zh;jPKy_K)oAB5M7lU$iz=;#cYs<>432OFE4-zH(n91bp^#PYH8Uia;pK>8&qw~;$G zh2OrpT9)Zj>Ui_vzfi3XjOo}z5_GFKi3Q|(`F7VWhYGhg$CA%|o(kaHQ;lqFHb%Ae zzrfiUi3FkpRW*|^7@Ixx83Bi@Rdg5x&-)Cg3 z5?yp_yoE%MaI}RbB11>Et7U@>K=qrRn05EN?!h?1rF5@a)_6Pmi=8d#8ILf_M72p` z6_bbNU`XwAXzUgLX%VRy0*!K=XLo0OpJAhaVbGg5+}p> z=a%*xyU0@j-~#asoA|STb~CX)B%(yGi}UPR{x>XW-gGe0kke=MMh=tE!Ek;H>|XUi zi3^67oddO6)&U59q}$y~IA8c3>=Y&z>Q+L=5!y-`oIK;GO2N^I2DQ4vhz4TX@DZdo1Rwi4(v6TemgOn6e%pmo9Xr{1d1jFWpJOhzQgDOykAMbFCif9XX;# z@ety{x%FQhm4XNWXUz+IZ2Lcz6Hp_Bp1eKXs?KyrzI&GQ+cgp4TPYY9as;C)cyECK zgOS8J=pWM|EqNUPhE2$%VVL%dhzp8st)8~1QChwXZ?%zYxMHS$wQ3UA5h}objzlDk zHB+N~^iks=y^%wLjd|(1LzlZ7V;pIUFo|z4$4)g8ngXXL1+xBW;9!jd5X=@|y$3h` zC}N1!A;_!4x?V;L1(5PHnIRE5V6ZT378R*|{P|5L9R^WfACR5ynnmoow`x9LcX2oM z#EHMawcm~ffPQ+w_4hAbd;|M39JvX0alt;6T05Rvw|58*LD!BC_OdUY8+@Bm89bdZ zB$%(H)Hbm(P8YPk_SckRePjV#IDcZDMfXpD?`kxyEKkY3ky% z`){b^>IM=33@Pi8Reu8T-_9+MSjGq+;(z7D=ogy_Fu1vioZ!)==Mth;xca%$=S?Y6 zyLD&jf%LTrU1F545FJX8a`nC(Gu40oLE!0P3DC=VyS*M0fAoEzGS%&KRemADvaxSt zP_;_eFHs*{H>$Wq-6lL(D&H%)T$zpusF7(q{>K&-39u%NPF6*lHE0gIvZ&Y&>m6S{aAQ1Lw@=1_PWZB@IzF$gm?nrE-R2EBVNTxb@{0jPT zgXhve{X6$Z0sj*VLQFCEk5lo*7;2+^3|9B5<)tgB-*#w!jg9cn&T(Jjx9W`Z zI^t=-He%dW*NAqIarEq_@0YwhC6o(BNK8QMH|;Q~`;%y)kIF8pT({(hRaIQLs6+J6f22R>=h&R~#uxhNT# zd@jxROZz~LL7lX5zQ8@@7dIAv)WmV*mtyl&^G6cW28j;e9A_3k+|tRgwvPe@ooX^6*BeL^wmxZpWA2Q?nmGR_%P+FtzbaM`t&S^CUI8n%gA7%q|D!XsYz8 zUPpnW-puJzL)Jr<2ImAYL&Fu{hpu6-8|_NRJV;6R2Vsr<{{SCZ1AnjkK3Wg1{jo$d ze|r?IH$n7*CH=T%o~i{XOb$AzF9qx^S*z~A-8)m|B?dXtISryL;?>SMfZqvZ?|+T! z;SnuG?ng$xV(&hPQgU{1cpq8tI40q3Qg}E`H8@YM+7*>@5P3>XU2Wu!@HlNF{O#Lw z+-&$(>+Dl7t9zASKG!^x3qlE4FZPaA;0sC;v*lZ8%kg-8V#Ws{%|1<7CJj><7<+Ui zdB!VRTwL-=B|-i<353G~Se9Lee}P8!T^&LbS<3;H0~OHDy0&|nzPbugxB3ca97b$G zl)H{m*XTh?wJ}w^892^WiD<14AD2H)T2@B5vU3?nxEJyC3>WI;m$`oRbQr1XfQ*dj zZuK8{ZFS0H@rr9#DDyXBhKqi(CeXevXug+7BjgKDKYi`mb^cqoRDk0KT(PN*NyoXR z%v5aV@(!kKc4lVgo}`Rw_tQ6C={!uY+d96Ml8D3_PA0|Ow2F@LDo)0_-N#g%k0+d^ z%lJ1Y1>b_7xYbkfx}J=HyF94a?HFeWZ+BKY{$r~DUb5%~f#btx=}fLOe-vMIX3e^n znAZ@Ay*$Ji{S3@a>o zKX!S1abZDCS2wxX6p4!Xw!PS!6yLAK;VaCYeciYkJW@1D-Sw-?ry#P@X2IrO@G&*V zw-U3;r;c>gR*XoYn?d`@sh;xhFaNqx2hqq9H;jMiU-%(8xqB53HKhkB5Dsg%t&8=T zQ&Upx7d9Su_5S!!dobP}lQjS1dP0hnL~+o{0!O~iZ66)4<5?r7EnBVZLfwYBFE26U zHEv-TY*pcq2`lFI5&yj7L^t4sQ0dYhdBt` zs?f1cBn-V)2q2iB5|pCL+62$j?+sXeta9iG_*B{+QMw$$V7UIx0Y zR;mrEFE4Dtqp25{L(^Gb?bd;Q;TqMeD>-i$2mjZu$j`bb&RY{7oA>8nhMp9eW_b<2 zJZh)(^T4FMNLM6Ql~Sp6(rm@qJE1b6#*`4$q>|W(Mcu(g47E3#q0zQN_viYDS*|0FMDkh2XBQK;BFU?(QRjk`weC>Mf2H4L3)6 zyrS(X8~u_T8=IY(SD#;wJUW*0`9TVHP2vjLdk-6z6cl{Q4l}+kb+p#Gb>srkz8z^7 z6M^XD3CLg!@Nu*U&A@cEc#4hy6O|`e!hwHd3wfvzbg*pP$LL(z*W&o>38>u2rnF?A3x6CX#@QItUD6>3rZ1l5?YyZx_ybnfkQqA%| z$71Td^7>D5Lz8QHV$kVqLKor_v=bW+V+j86ndbAJ2HRj`DF?5>M2$heJo2t|wO=mS zcg2X?sIDof5&+tju-cwfF8+^GF0c_?<#lTP&QE&Tp+V`);Hj}LHi>hk0taz_F*Sj# zRFwPAuUKoM{v1jwnknr^+kBj_P@3kBx)H?SBc8ogTwzL$AvW=2#$3MWk$p_owi3e% z6kUceeFHNu2NF|T9m=d^oWvd=bd5mH4;RUOzMln|T zi(5AtMyVlAPpTye^z3Kv#X(c5o{b{lf<}zpDfSy6w%XsP|2`0sH@&*y`dsHyH&@9l zJoX8c(769qDuzj^ars@x)?iXX7XT@kZ1@9Lh5bl_gZQpp`^D51aH#h6N3P174#in@ z5u`z^XVw(II&+d$g8a`2$XRLY?b}9vhrr!Pb=^Gxw(`VA6F!6y+kxrrI$kLW_7?h@ z>0ifKCoB}S5lWsYAKPeZeAu}DwLjqc(??-}N1w{Jr^d#30qrS2aOaiVwuN!CagmZd zWpGWw@>1#A{sb^b2RQUN?Aq zTraT-CwnAC=351+Ks5$ zS2lm_Y^=VeAx!wqoh)t@Zsy@j<-yzAA=48TiZy_IfZWD9`P0BjOi{r!mhb~dS}V0Kw z(#0Mh@Q=Kmus2*BTr(a@8ncVYD!XrQP28y`XdZP^OFax#Q>jLK()GjY|1&b9bd zkqOP82&XAiM$gjY10fDc(*6P8-5dQ8PV78B_BZW3zK*|QYmnTjg4eq*oGui(_1+7I zsv`nCXKDVl@c8ld1o<0kMlpWhFI@rfh!XOtR#%XfHhr<;c$4MWAaX={XBR0RJyoRi zEZcWh?YDe>6r4w~FX%saftuGS0+TBx7GBGF%3pk*rMCx!jyw`F9I0z$&rhD-Ub?cX zXvKLj78#DHeGQ=U&QHpkYjj`GxGjHi?t%OwiPale{w1ONt=ZkTDuWivmM zWk)JK4UM=jd;;}Wv2Wjc@fI^dK?-`g%x^&IiA^poA0tY`PQo7bk4#Mg^l0CYAMdtu zuNnIHzSy7ebmh}oc5Ya$Zgn+1Y8=tr*9!me z;brx@^<;IUv(gg`7ZNeQG#}gOOs*~yenGaykEMb^Ic35`Gh}1~yAY;)Y@!*_-q{KA zs*?9aEVX+T+;QiSQud#IHC*X1GKny-fTqURGoKRSUik@XVakS;N`buUbSWvxgv8n0 z%wM17jlE08xR79c$+#j?d6^51YC0+&)i?YUJozi}+L*4%G|`IUyK6Kx88KP9^_TL6 z^$|eqd^^F65bNIj<9z0Nf>y}$^vIpc&s6}Ud&_;#QuT@b9z(_RD6M0>M{ufe`s$Zb z_ppLbwQ1Ikd`aW?Y*3r%*wU{`X()VDo54j(bqcAZuq`;@KL(_sw;4xyxbIUWwEZ@eoUpQSN?N@X}~(n zn;=X65O8z{KL@U+JTAZu4oG$q(%{g^ricDqj2uEAii?G+uRy0t3JcvJHOt$nKTM_9 z%XSA8$LRq7T!wqM!*5$$Vj*rICO^_mmXm7cnWnt^3%%LY|iq-AkcY}M%(1{sJ&GelRTvtQVwiO28AVnreMs?pjd<6>D+af za?nVBqp20bU=R0`wOTt$9(!ccHbxMkNF+U!(~okS64aCy^?czTYsSLlY-S$dq@<*e zgQtA;IOxxKfQ5sSk$rVqN=lh=LtrogyIOQQ)5EvHbNMY}LmXKK;)#9RLh{ z2E;$i2Rgk}fAAh<6q;gbRHTmC9Up{{f$O)4&0yqENRa}J+)tYS*cY6vu3a+`QK*-E zk)21FEn=Vtr;Fh)ws}*9^h*yPxUbTxR3}m6_|7gHV#F+eNdHONCe3N;FdmwPUt1gA z5P#WyyW8^z#vd@xC7~szA=5czoBp+0n7empJRasg+B%VHc97~cicpFFIbHSWq#n*( zO|6_$P)gvs&awZ1se5_H zQp0%6fdx7X`gjUUr%C<;hxz@wwcP+<2B)31i~l*%hEB7Vbw6g575>)Ot&!RvFUfQV zGRySVqfHFs3THQph){U~+PbhQK~n$qMXWvjj)IZoWG>EI?UiEU;kG&Do$8g~mrJ-2 zu-D$wMebR|^OKc8D2)CCzg=``;)Rk}?mUHJT01=jhwU$tE3CEprhbJQ=@Q0_TuRpO zPqhumQR2iMpJbHaD1Q6d`TFG4)TAXrf0w;YCg%X?AothxgaICb1UX{#ga@V3pKJ15 z!ASjk=`YR&gwEGE3_zK4W<5|9>e-<{memE^1Gw3)K-_P8I?(QiB z>_1_3SY{?zrFbuVu4dm(K9P^R;9#o<=E);jRT>e(E4{Nm4hPNWs`sZVrE-agiSIR; z-;Sp2rOHc}ezecT=_ZJIS$tfXt}%LyeLf0zp(>7O((3|^%oEZ0aXm7ZHSbZsQ4}BuCXzv0=a^qnY&2=nqWmYa=+f-cdKe%S{+} z9^&McbT%nT-nS$?rY2S9N?lu%@A)R7e1 z=U$`El+9 zF!TD{ciZ}>MvQrLUO$$Vxm(AIoQ8CUOwx(|Rgpzv1zH|Ts>ZqnyI4W@PDfU!gc9jr z)F4iy@g||+e)RO{!7H%gH;}r;mC6Esf^!e58m;5`(G1jvs$SJ%%qqc~Q;5u@v_?Cs z4EU#y@2+<8cr*k|qJS8W24i$d9=RM{Y?|_3)FLO?;3GQIr@pJX$Q6IN?CNMFLv^RO z>8O?QgvXJy)Pqqk3v@W#Qi`<-4u9(CSO*l@ZIkqtQVOH*2G}oRHhy`7F~l7Ilc931 z2|nv>@P7F}`xtmrT7&?Myw@((>JN7B z8zblP6Fq1QZ(n+TZLh|XIl)o+Ni1`C7!oIB^%Q~NTx~9MiqZK9 zvo9p-kpSjQ&x4l^P_iidSqP!~2(YmD)MN^#nie5xRT{iWS95fZ<2U*V`57G9NX1EK!q24s$E$x3+jo(jK?*m@GuYK1vo4fmb z+DonYkuvyKbSr@5I6Qa#xC4iwd!>w`LgdtjN??r#5AJ_CEsNlFI;lP_5#T%nWkNdj zWT8)z$G69`NKTp*a_F=B8-eSRL?=)w=A8ZYjY+f0Bg_^7A@m3(ymqCU2C=#9Iv5J3 zULQk*l1`Q~1Xivw?n6Y!l`sN>l7vX|yFnWDm)P^i%xVJ6vyTtpX`{!TuYo)V zgWX!;@J1#6r!s%^#MO{Tt^hee*XcKZ^UpH#CXG<^L8;{jX2XA$rT+uSmj%-tRx_?= zBOKWN?(TooQUCKJAVYda6?me2jO`B?CQtEdJ2YzL$|`VG^3$nCX2?K8Z9rr1`M=uy zuiq9*c@FrbgK4Zi{`~R|6=R@R2(NZcKOTb@U|@Jpxv&!%5&5)qfP{^DL#(bcKW6%Q zj1Q=BHwE=qOtK50@Ez91m5xX@T~^IQ9dpOG>z}_%wdy z9WhIp;R2Pha`7i3v3#n-vI?fm= z@b~b%`>pI+iCHN7b9gMMdD#UWBwVy3_=M`rujv##^-%pP^kh9L$u>pJ9H~2QWRZW? z%^VpX1t^N#-cQsXioz5}=Qe9L1X=BAUl%vy!m=@U8|#ZkQJjZ$@=`;P)uy#ZpVD=6 zw1B0hZzC0Be?$h0sQ0vs`<0zArsyK{d&Bt%yn~jg^A4{;_c&uZ;Ho9GL%kzwt!SZn3@p3 z*{UXd8Uc@Y>l>FRido(GmwNYof6DBXuL<5+xl^x#U900z+D+Kk{tjC)%ds2W~W9lvUlqY$O(^G zeP^aA49v4*2g9xPF-0eT%E-Nw+^ zCyZ@?-QD_l!q2_`L3VPgng4U1JV=aP%{a9y|XM~Zlotf+_oZDq4RRB zb{mFk=o1G28Xe{X@~0A05*_y|jfEQC{6eQ0r`gPX-+iHH zcB4y8?Q(H)ZTGy_cy*6RqX`frHT(JjV2o@Q0{E;N0`*LZZr?ZnF8EI}(ay}ACDeC1 z%MD&dqpD+#86EHiCmC(=H)sL|%&I$zIsr{czGjpZ30pi}>O|5{TX#U4XL8PtmwT6R zV|?tt$-8Q44-9`ssHCNH+Mw2GfwZ8TK+p>xzl7=5wm{E!Cg|irm%pjhFj@@&p6d5o zhz>3A-4?;1+k)LY2P8`GC{9z8>GBynH5;2+y#>%T*Io`iOsD7P-`!6C?F7}GRH{GL zMfx)_kAlrh)5%iTG`CTMH<=1$6H}xg_qgS)(Q=$H4oQ)>DLU0C*$zXx{}jAh@^o`M zyWT)rMrK|gd7R9Jn7{MDVXO_B-N0B? z;Z}g7jKiS|Fft)!NLyN$UC3Zw@NQ*gXV-b{LsNv)G)6#K0gGWD_!2&iYwqdP4X)gJYjnVCw4@;h9~0-U(IdRqThmb_(!xCE*mWZT+a zc<$2K6-DgU){Dj)Mf@@{`qy?((J;PD_l(|1OjIo21v1In(YPT_hNoW)Pom72EYF`$ zYHuC8!xYui{nSLl6$oR9tk#*(JOlARuNZ+aHa6x5a67dcLeEt7swwEY3Dg6p9=jtQ zH;f3#|K|FY`BRe;rZ8#DgMGQ~E^|foSAFvH`5;?q84SOqq?r<+Dt+*B)e$5vF5)V6 zcXS{FtfQ}g{ga`U#51i#zyrc@j;<)3C0w>@->tlcZ&GLzTzv!=p?hW*4ZBZ-|LPJwLCSZG#N)1v(q zqEILg!7oDfx_)y%vab*~@=jdyHW=@gaq4SKOxLTNU`NNuNaStb2R;obkIfdCOQ#K|}FN=tzL+XQyD!NPDuRkcX~rL;xgED~mDleA0`ZUHe;t zm0$+Vr!pUd{0tmUbK*7;!x6?BK82#XpX|)A%5#rsk26QJT1Yd=h|}?Jj-O z&X%fc9;IG!7_#fhRf+03q>Wm|ewLiCVv69Ic|D~P#l;&XB=;ifL%+Mck6xkE$hNnT zcP0i~@Lv?eEnuz7SW3=QoStSK9QYtKbf}$7yUyXu95f)8F`RY=*z#xScft*Gk@jeV7W>T;gF+a7GyFM*6_01 z%fO!ekbv?D?%N~(K(_E&1as)E-1#BN;_T^J%;+vtMLqc%m6rB&EI+wY4+44qcte6yL2ZH_J#fVugEn*W zewkOXDO9c+_p_)UfTZ2pdi;K}HF+tZxi=u!iOZ0iF_xRPBOTFvBwM_y`M{Ek3c8UEuHeXSqD`#Fp> z;ciWTrapxB8|<>4yfyqm7xf!mvr)RDoCAdq!bFASh^kOQ8jOfgFV3u*6yWJwKh%F; zU0wqUBzFaBnlmJ4OmLwiAt83=p)6I!V2UhA&(a!y0F49(6YF%n0lU=`VvQ_Gp%Oo2 zRxLLwjc9_L0OM(?O#--<(|0@NzEzS01&h8^=Bc=EAGSRokBS!V6L$Zl)-&-e5QHus znxQ0`7$YF+>QLrR{X(`Y`!FW*U}=873RIGP)%Eq+3ik!Uk{{9D>tjLx4!^i~iCXeQ zrFQGJp)c^l7kcQ3r_e>SIrlo724+>x-0kB?U%b4`non^@Bd;^F8D$-HJc+cz*K)EO zp_dC?2C-wuoXA&IX_0sWh}Zad=Xr3jq&mnreXbnId1Dnslxo&vic){- ztriCZA<-Dm%$3Tey3c*oX2xslkSdWzq#KFBe!Xev$ai z-|$A+Pj=So6@S8#7RgdR>c7^6+jln1D_R0VxGn)kt?Wl1Bfsbw4vmh^%lX1tGS;?l zkf(+3-FqQ#kDodkm0PPo@YCC_U}kY>>!{8p>r!KiQ#q+PIJ9G`@@ay)X#LA3N*E`+)hdeoY+P<0S|pfM zDR<29;CS!+ZVkwUj8ZjT3O}#)F8gpzk7SwEXzTG^S3kL@B1tPztY22$5hOTOS=ubO z|1Y0@bBmxwGLS~9ZG?{!N{thv#@I=wh+U} zXtHOEWWke=N6h#^13<$F~WxZgpb1yka@{v5z_8{m?RDf zwqnZ^SYBV(&fYfcLZ{akn2N^+;RL!@?;;a zH>6etU5y_Se~G9KqinWfP4}FFE18eUzbN;WqcREZ@+>Hhdgr;S)yYKxSg}x2ZZ2Nr z5Wl+m?#uj3?$*F^TxFlS6WS&9_{^A>jMbuvRCU>;vSpjRaW;PGrjStUQNw5-Gf}L1 zsT7lt`$O`tL*5B$y2=x5&2-yiIWF{ZFGEAMlb-f;^YPwQ`1L}^rtLri5Jz;4 zq5Eq1WhzM5t+qEE`2adgAPd?%rnFiq>SvEz3)mzuR*#AwNB2XID%a!E zDqRrbrLLZ%*OPP}t0Je#3N?AB^f@!qia*h^N|?x-!DNbOdV{K+T=o3e^on7KmjaM} zxl|<2YAtP_1gNsR_TIl@3q#M|u$W2g!{dHF#d`GD{x~9RudE{nf)4oh_qmZt1hdAL zo;)d?nE2xyDUczn*Zi!Ksf7(v0N*oShE0I#mkz%d*Ltsxbd5M=wjfdkuMNQL_%!q_ z1w9liSJHuAC3n`SP_up;+ky>)McI z;F9^eIP6kj{{xpwz3A>h`Z$)5%@%RkNvL=u{WGV9gSx&xrag#sTU#`V=uMVzad7se z+qh)c)OO|321C@0M|=gB{3pOha`t_}uwIFDSMCgb!R^deLG%gcqYKQ9V)Ew2sjs#_ zeUmyjOYoHl68V;GSjR! z27nq|OmC*9>MvirJK1fL@NrJPy>2{%68EUBmOHMGaYd6x`O)7W3!}5|PRN#sd_8rY zI*N`8uz157$Pe{LW7$;6mmT4731Xr4u}sFfed1e}z@bU0v9YlrB^(h$u}6k_ESbw6 zxUt|zS@ch4KGaQ4CXNjRF-!am6AL-Fp|x>R#Ffkklq?D(n;UGMxD2F@=7BePLZ#`&&OxkbaMOH zJh_nP{suXC0a|ms0yAYpu)lUuFl%D88{3oFZ&o5%#Y9L)x80&&YM6|Tjh#+$s^*Y% zsXF+6%DBO`JgVQcIw&*h7m&INUx!eFoyIB_j-@=?B6s!lk!agg;;2h-K$7lkPU(ec zv((m+^hjj&^|qV^-q9#B0f}~Q*gO^Ol(|QidnLcWk`Q(RS}^yj9;e9@p5xy>#pe!^qGgX+Gd2>UES zgWQ7;-g3WkIH?XcQ=sfHS=6-qI=hA^ow0QpzRe zvD<4yKyu@(*Z^gN4y#0gm5b?RJ7D(?^jRhS%Vlm*`-sx64eyADf0La8B3}8(L)p%i zed&_pOQq!5cAGH-7>bVwi@7EIu#IdOayNsFsBU9xY-u8nh>n&9d-Q}``R0C>{P!z8 zP0#y?SCDPS4qXgEO&y>-@CDf8mg^paXZLr~;0Tb`lx0~4+#1}-wL;}f|!YPH7lbRxP2yPf^n5+ zz4$m{-vmeos`V_u7QzC)UAV)AWn$aWd01@v4n( ztSd#V@awcQKDSN?YHCwAATB())o=>^X;vgczaMnER3pRVg3Tvc&wDi1a_!B}1}7zS zgW|{<8KmAej=b*xvgYfD8W|to$@O39T?jkdJJ60;p11LJi0$C!&haWd+Gh|Pd~zt< zz0MTuA=Ns`DgC(9|4T5-%^Q`bvCXpV2l&hQT$hJDWsh!LDW$Pc{VH{qmFln0#}pdA z6WTpJMG7&^xF;5ek>>&ifBv-OFb|B0a$006Q@(HiX*tOE;FADEb4p@B7Q8M^p=Nv& z-BKc2C*ru)DSwc)Btrr(jm6EL!xn%-rM@o@u0*8IemSqbwHtxlTA(}{U98nJGb7BT zX}52d25(~s{q*5Rk!f77+rliqq)1044Sg{s zpl#QChL&R=dz{^3iW#io;7v~do~ljHPq6k0H@5dLWzD^bX*GVXkmFJ*a=aKFnV!@tqNJ!J7O?j|D)6mkWQ1+-z9{;#h;r@w z_m-k<8^gr{%Pbhi@r~|XNnwT!(ks`#Fsffnz4IQNNNvBM)%8d6k$zlZesg~Bqa55J zhh`d6@~(~a9kN*l0^5VM8oZxgx$=ci4N3|8U^{61(IBf;o*F|Aq{SSX(d3FJ=+Fbj zU#A0+fp@HP+n?&+jRo5Ke;*AQU^)3Z$v+aJJiQAD?H!b)tmO~i2g6U(S6fDZ{<|$)1e!w^{&3V@jV}xOFo&f9UEe^>^2Fv#{usSUEZqTF^32TcqfUW0u*>bSXi z_)JR^1%W{x&R6tG`UNAw6y1w2tJahJY8txQS58)yi;|9akrQsE90c1SmK!81_e5ID%)+_f|x_Z+a0fA3b#$EQ&vdy|IFnQ7`KVg1TS`Uh&NbY%B|hd!7U=s^2;sFc5NcVKu8 z3<}*u3;^lJ#pd_hn)V_F>NYYzd<2kEpD|2-Kt1H}ynfqJ{gCZIR@fmtEBjhi;{Oho zA5E)CxMn-Hc4$Br({cNB!y$(7dMG>%?qW@ME|`=F0auSE6yD;a$E_1yij2#jp8dX8RL+;h}hoBKS~+55lf?s&SHMQW{rboBJBc@(eUTv1Ew|#rmxl|f)pUZCGbBXj$!pehUyBaT? zE!Ott5(?oR-KW`v^xM7>K!w{&S)Z^))~@Ii3hWgqE|l#njbPi=E6XH~>PyTAwRY%H z3(DuCorCNegI<|=lWpJ0Iyik8H%_Yiq`1uK16nLBH?sN6+Uy-c8+qd2Kx3mgevTfph()p`Jh&S`3* z)*BB;8$5NCR^+WFpeHw?eaX9;NJP|?pyuQC;NaP%#a`2Co0Y*#so*A4zmEJln^w~d zZZ58>hr0F8%olwjdH3a5EN{pZ*E*~#A66Ioxk$=D9|8v>HwYWlT*SSNN_i|z9hEQg=W1}s zO?{f`$mhgL6@7Fw^y(cE3wAcP+8!zT`ems&W6W9;nV|4(!I498Zf>qz%Q-dwSl)% zG9#g^wN*A?tsH3>Z2pz4?<2$As)0$m(5p|WB!uF2&nR8s*^s_f;qB=;d(o6}CJTA; zl`#4$b4=sWd9N~AX0n{h__OTZh_QD#-rfYabU(i=uujHg9ayGSQGPRblRdT9{cft? zm_TfgLhydqv(eByeX{dst2DogcJg#<|CAbD;*iKa`R}F1HT>*!m~IQUEfptCS=?GL z{@%2lvon#Y<^hB<^)Ed7gG>^IwKCL!6wGKq~e6;!U)o?TJ z+Pchkxh!|vnYf}W$H z4(2xTfz(M$b5I_pMcyCdA= z(9BMyBkX#a_y4wnNj+p1q~lRpBE5JqU|?ZgVfYP|a_hw%{&P2!a`xI6&LW&KjssTv zQ6J{#Ibxc5&%VhgQkc%t>mPFV=3i<(OBIfPv9VA-UT1_O;L9r#UwoLPNIm)1582gp zo(u7^G>nC1Ij1jpm5W|LE1Krs=ip0WYOh0*FjtpP_H1Aa_aT9YZ|@c!TW~2DB4ldU z737KBSafyQQWeCWeuGy*&iDTAc+)J(ZU6hmiCNa5^VihQNW^nVn=k9yy<3Qd>rTp`oQqj`aSp5VtSe{jc{P(14uHwH+ z#H2x^JPqe#<$1lB~Mc(~5xg`cB}MjK=u#^5<3D=VA@b2ZIJrsfas!e2P3hECI4D+-=SY>>pb) z07(4FU9?Q2h=^fJ)AN^%yKj1=!dp!%wTN%QZ{yZH?EURJvG)(3(0dB0pN*fh#3-am zJIA)Kadb?74oa~hUpPhDz5Y_^ncPLIXQgs18X<=#Lq9wS%uY&ay$MSeeMpT`$eIqk z+OI9wzts}->Q(N5x*4Vre8=2gEh+UI2jp_7D<}7PP^}*=YGT;p=;RSQ2dCZGSZ#FT zP}I61bl^H7HF}+C$?utqwo5hB4vAb2sJmU>KtB6UjEp$Y(ux&V=5cS=W0q1lhSUF3 z8~^VcUBy=xyf*CcK$+VS9`4$30>8*pTPd_PC+<^_f?EreNK2o9K*BrLDFwj>bd zU@%CJlE$Lu+4xphb@ewgV#Y?scj8YCyw;Ixnwm1(abQ_>@!+`-Q_m`wUK$kb55GwM zVgKaBqPLyh63vy<9b7sKS%SD#LSl{7rDJtKVEf}9;}ZHN>}=`C&2S=Bbjby+u=WS- z+Zjqixc#epERQ}jg$JJA?clEzdhmel8Yp$(&1YG8zaWe0{8jD^?=f35Gv3uFGL}Ksk733 zYol?kJbaI4ptHP;^7Nk-;#KOQ)DW)bA=0>`^ zO@YkW_>o7w`5VgRA6|_P4&G@W8KflM$q-W+2UI!Z8sVnS_TK;itMP=YOU0Y?7_}Jh z?<;n7jP6H~UaWp(r~R!wr=Pj}BJArCHxGt&w2iD^eqn3_a5+6)T?cN~#9IZzCN-m% zIWMn8^l^eaw%GKj(RVPT(U8ay)228tUY3JLp~S+k*;NL`mc1M*tGTbQ1q>Bg%``hz zdU2wzPdI-`PEPR~^B-2UuuPZOoLyq>9+vQ_im3WPN_?GmwvXDZ$2WLD7@DdDq^3CUg6v$3u>5A}WU{lr7fo(`b!v zk6K?;w5$alEUa~#Dpz=bpYH~FqJZ|(HXPxdz}Q$E6+fxTne9Wj9(QTac^IAR^bw7O zU~b5U561glj`F_Nz*6q!HYJ~;)=Cn%ckeQbX8ZV5BU}hN;YE&H1&%ZP9RJsqY>0bAZQ+(0~(_beRg|=t>bWTzn-e zKQuIi*A70;GxeOwN1W1{8h|VUX-&aFLk5eHoUrO1QAjl~LWQn_-oBiiyoh7`W~USL zM4P7%Po;Y@zObkwFJ8L)G~=7K6!}R<{m`GXE8$V-gOfZ9Lfwlt{3rCNVCct^6i?<_nu5GtqeXIM2;4I z%~(|Q@zkh#(@5ExA&o`JZJfO=s5oj?1MzTo&tRHt7PGw|Q(aG}YXfdfav4K65rvJ* zXYGAXcPbnPaLv{3CIpvdtZ{L?W7$`}pTXIl!P)9167pI5>s~xQ-IPyQINfR_!29~4 zdt7o#zZ;#X%E*UdPfQayFZsg{hGH-E^9G@p&n&)C6f^BSyC?E@)i16>k*@p1&rIFE{- zf0Vs-SX65lH;jZdjDpgoA|Nf&-6%+i(w#~U-5_031|ba+N_Tfj4hRh0F~Beb2n;dA zyFE`G&pF?Bz3)F<8@QO+?E9W|ueE-$9t#D)SFrtm_V*b+LBoM6H0IhvoVF>FmBuO* zbf_xn#~;#UgubAVu(i$b>kXY_U%F-@tsC@B6|k?)yk50Nwi-0LrnpHN5aLYJ1t_K( zq$YJT$ZtAco(Rr=RUY#amRmLz%AP6-SZoC-zcL~7Yn`aClza=VwBwhg^R{YY2ZC!t zv!HwDz!0Z>btrken%LPBQB?h!{ZuId`b6z26(LQz^ONY2GVg-63W?5FcOFGVfY)fc&fmG9M z(UnH@1+P^Uc@Fs|gyi+3x_sXT-Qy3{muQyq5NA+|=sF4FTJk!i@JhdM7}JG>Gf#8L z%2m8Xw` zh35TE#-yaZw?2G5Tt1Lbpwl14IXUy+nBGGtpzS58mYE7PR8&-4JG?`D=`|b>2%`o^ zDxYm_6X#T!u{C$G-w1thy^86ll|;5IH`!gEUB|fDVZqBE^70}f=F6*e@`hxXH0aP~ za~(c+G|C=znoHWGKIqOW<7`Ld<~KZ`yLaN8nZB{BiR1+V7YLj&8NQPfH05)6> zSHoq#CB{%m(tFNA5`27ByEMj^H|3;4{KE$M1O=zg`_iEuo<~&9kQcP}4h~@6WL1N( zfc)2k$6i!-MR17Xblr0DtSuVN6SLn7n>RetC=dSh(Gxvd#- z^hDa&c1dK1He~S^z%}FBfGQH-vyiC|)+yHl@)AC&m*B^-anOv&Crd_v4VTXd6Hk2~ zaW8Em_?{dC(*~Eh7A+tpegiO5RfoV6Q#3TD_8_#zlV`->S zt>2dKkEKj*{nZ0svMoyZcMIiT4ZL=^)Z5P6A?!j-+gW++@42J&JFGcmCSFA3;PrrO z49Gs^%!N`I?8Onw=DF3B{dC7VZF=8 z+x-L$?Bnou6stP-Tm6(da(}8HpO0TOuSMGu-CwSWc1d_09(kF6m}1_%TX~}6pjx`% zJ;w?D88-jL^;+iUkux9D&t9o7R+krPp~wEZ3@2ztovP9WP~EjNI&+@wml(LANSKLf z@z68a+Xd62*H+frUNB_NSIk6eY;mFOyM~s))I!yrJ98!UwwsS7VK@?LE<)*b^#Up! ziW=n)l7c>t=F&|e~U7R_2wmhq+>30Vt!X<`~$d8hO~CS+d|1~vlPk{!b>8@ z6}Dzc)u@%Cu=1WWT{o=8F`98e0j>85@y0j5b`dcs7p>59g^rCVYo|FdLvL(A}wE80++l@54hwDBEXA!ezLS1W5*+tlT<`sp#y_RgB%e=Fb;nXr>xY2gPz- z_j3#r32(#jrS32ir_3cJ>adfVQAze?cVe9BF zY(T2Jr6{zyYB#jtDb~)jWyUiFqNi5~sC4mb%WwQa5dBPS*Ry<+A7^#3H3L6Tcq>)n zU%k0MFKj*q&^{W6d)qwuOBRo>PO1OcHnwD`ykm1H#d_(w%l}J-(0|p50n@il_8FfSxJt$<$Ntye_0n6+U=0P!) zCtYVRFpSzvTZaA4*-}M4GKM))w%sa9-UrE`5yNe@bu9=4*Oj~URtvmT6p;d(nohA! zv-|`K7tWvfNN(JgWEvoOybaN%hmz#0D`h9Zub@zFJ&GLLa_VtUKoRYvIoIO}J2 zCaq_q?y&oD8kedmJC(Qkmqj^aVd?M2l5^% z)dGQrBzWsF!(5ioT{gP) zCX%H{9rmS$;XZW(gPYO~Q#Rj-FR;)O0Y3t5c-@kEXBA zhbJ9f5CIt#QTNFTB-B!ZAd}pKh2@GXi}mRW>S?_#U&Y9y^n@X`DIQsBO;E1To$w_J zVci+7EX3EqE(*(re4E>84Zs7x-mNjuV+sXnFg>2ghzZtzPY$hkfmbR$$3|&R zv$N_sUXCp4Hg2QkM)w}OQ8lJua**|Ci}*J{yp#$!dkpBU34R{vRdC49jb6m;`+k7m z56H+h84}TDfITfV3R5I)==-`{X*8l6_K}M%WrHcB&eYF1QBgDPTtadh7ZvWeiFGrZ zT+dhp98pz9?i=PWe_OCyrX!BdhNQrNPQ$?*wz% z!Zg0GMx(2q4L+=GfNnF+H>iZ-go4Uht795X(x?-6&UDm(_SCRi2HZ4{?Tf~1!jLtr z8jZ)f)3OJ#SsaEPU)jELLB~qO0!9p$NU)`%=Gee*9;=N)d?R{Pu07VSWnSkN(&>pN z_SMtxu@wMHD{>4rF%}kPpLFsMXE{FJse=iyv;00A6x9A-hwJ@DP?nOsDW4=a#F#wO^IfKB50yk+m~6Uca1rK%aSJ<00Db!#-vj7@Sg5|p zb3Y%0{Y`qMx_^H^iG48mC4v(tWC&}Urq z=IMlQhyOm+KpQuQ2Ux67u&}JA#!J#vSV;2h1E~ZyTQcc9>5hfrhd6+DqiUMm_vz1v z*1xXv1%Dk~=yMy_-*zEb37?0 z4qnUbXy^}TVMuKr7BgS7SFi4&Uy7HxBbgv|PgiisD1fP8CuAearm)!TsweB)q`m3#Y9A3?RIJVXpl1 zw}HX(QcPK-cXcP({}%~>NALI&)ASal7b~{wsj{56R`R;w&iZKmKi&w5zzyNIqynas z+`qp99wxbOHY%)dnQX4~I*ewDPJEOd7)06GX(U5;#p2nL=+>I(c1b4tnUxxxCX_|| z&o?ZD@$1zwS{OPX*d6t)&h;roG9&jI2lTyps2uk@7`+W&eD?O z=_gp$>yam7ViyC1Y%nI~_VAlRq}MauA~F!g5X4CqHhn>I@|-4vI^Jx$cbeZygL-<| zr7XquuFfl?e_BPx8>cna-+o`j+T|`}OrQ&XJj~nRq zNu+9SuK8U$I{QzbnszDL&V}W^YEaZ;4!>J{#h8N=q=f-+X5t#Yi*iBT-8^)C4KC!U zxT6JF=WllM42JXGJr2RUE0G{M;a?x~E>=g)IF7lS#nUD5RP^!V+qXYDJ$Ws;rOjCF z6tE*)wvOS*%`Xw-fC|AN6*n0G_0X^mSlq!b7CsQbC+{T6ONKR@?_o}`(9JM0J~8d(w4>`Rd!R6Z&z zD+_9uxi0Fok4h8kvyal|)!>CLE$wwWYM3U}cvQ~;Ot-nDQgmfrUfxW=H6%dSPNg_0 zS4v?e`VF?(Y^%UcLkq$xJQ_;cYM^Rhf5ci@ixQZt^egg1eTL{-S>^k!wOwU011C_x z&6_uyxqx#UKg1aIsZ)<}h)&5O*M*N@m5vNj#Xx>iKm1cV{X^gIc|D}|=2+iJ%gLqD z=1JYf2wYo7`Gw!AyGS3W_r4{?u>A)OP^L*+ZT&OW|o3e+QP3Tl~=7s zdn|E%D}gu!y{=_bQ&YMwF2R1fnA9Cqf{g<2Jk(i>!wK6)42~Vebar z_&;Gi_W-y}&rp?E;kW%xB7P$()to4aHq#MH++NG$T9ET(n4t;)4t=h&ML9U`-4UTo zi(X+W*v&r%cDrLh5@9*{Yqmmpxe$Ft>+nhFUQPAKmjF~!yZcTBz-FA1*0_Yiwu@=s z(o`}EF6~gGW_1fPErIzj6_+be{oRZvWclaMHnui4A(VHmhD$gT0Y}4oyf`pbJmZvY zD(KAQ8-DPQ${6=*ZKAQdiiZ9XVKlAi$^79itnD;qa(C9!&8-Fs3_c$Nzk2buL<)US zaR3z@g;|b||0tnZgYPkvLs423X>8s3(#d(JDvC~wz0SVm&W66Wg>`Zf?!eSGF5kYs zJ~S#rufE{JhZ0;f!@GUrT&I(Q0`+)0t!~jkLTwFp>hk3vFRn}4tG0MoLE~mATWpnr z6$uIVSD?M(j9opCw`5$rNlLK)VMMR-&34YlS$oXj8u^A`FGSY*az@w-8r(2BIcZ8r!5KcCiOjJF{MSN@{AKS@pj2jUe{YDit#-@Wc-^GRFbm z+A0SaTivx%r|&{O{1i_zG?i4aLQCn57FUdKlzC%iR-7!aJ{KVsa)bH?}r~Pr2l#*U$xAT(bIzyw2^Bbw%Lc2{K z=al>X>~};pvdwPDG~aKd#`8)ta&F+%DIWz;uh)^_8^+)cd9JIQOxaki=ku8ubS=Sn z8_&ZX1?J0xgD;np-i@wM;g!r=>!vhtB_hAhT6W2H31H=j8`ebPKlS8cqB*RlTYVG# zN#-K&yRslB&c+KN7b*!6qGJ}RdPkdYCu==DdH%y&1JAo@3&X%eJdmDb7_qjy?SlUbM@+nL1CkN(vLc1wlj3mVKt}SP zfg*AVAA_{@Y(6hsx3{=oU!K$xzGr&RmOLChs+?U#y}G3+;hJZ7J<0D7$PamonNXP8wA z!sr8!LnPavI2DTYUf+>zurjWjnqUdHNhhvZhw1Xg(yQ(^rum~irskfRrz{z}og8Q{ zb{X}yy_Tc~p5$PG`^)v~$&{u^OhIrOxc$tJ4G=}u?xN3Lt(yNut~=bmPO5pqq9D_o z`dr&2uIrWW@TB&P-^l_TPMLYNIc`|(5C}gUIBDziKV93C#n=mJr?g_BYZ;KYYm7*} z)%v;fNzYI&FLc1BbdMTwDG73<<0Gw`A63UKurC&MrZQ_NE9(o@BB=ZHY2$maTM5(d zV_&{doiJfXTiXi2+_Uj*YSfvYW>ep{Zv(t_?s^+Y0*|>DFYM*$n%og@vy3-f90JUd)>GzdmP(-Fa&~T<34GA{Li%M zgmDKs>iE9|g=`j#jp)w1FWCv>tPVeR66NS%FV$}_WqC=Ez~6_>hiCH#rZ`gOOr$u+b;K|a^&mm2+L z&l`5eHSMraJNd);aQ7u%sq3ylJM)l4c?@NQok4U`4rdRqS~jvPA!YZhzLtkfUc1pQ zB@^N71IqSPzLn9)F!BN=O5i4EGGq=~kg**KlO9raEjTa|QaD^zZDlY!BB_s;^qyof zcxNjYkbK%N^5ND<((%#J5#~s_{miQsTaqe>0X!*_239{p>Qy8-i`}^WFoW zbniLEw^PaYY(=5=n>CP;{u5znWch;Y_q$0Sb+xog35#9J#v4Y2d%DktM@K7?+f-b) ze>{&SL!NF3-+XCBBQ|2Imi>vutX5Npr>l#{ovg>Y;xI-bR!NIzjRc6JrE^={kLozqp zAR&jpEg`_GD&JG>ucphn`S7>e?jCp)UmZ;xUIn)J9+v&7(Vu{q9ZVN1MV|Y8@MWO- zkSypqo2$n9mv|r(u>`COgV4@(zeuj28j(xdE`+n;gl^U5wEl=VL{${wibh`hE{zDo zIq6GcC_G~`T{LaggK-^5XA z6oN~N^yoy7x>Jo?zjlBjb~zY>JV01&2ALy2SX@}x4VW1<$4O`EvcT@inluT~?PUMz z5&os3&SwHD?Sd8g$@t%Xv8;X@Tybj_revHeZ(UY?ic@6gSw7d>d2jw}M17q)gi=*- zs8O^L@w(V!kl&u|?HJ-2>_K`BV9G1tgQ7(*a0Y}8-g0=BrlzD+?gJ7?f$#fYm}@tE z?=A21`F2tt{9$8jr)6g?Gsr|>3sd`^LDwCSSJAg`^N6N5;|d-ZFE|z}%mL<};F81D z0)x067Y<*el?QTuJ7`H5)=Z3PSaiZp-8q{dMTg?)l*x>(@oPICc5GrDKKFN8BSu{^ zTup>Nsm#w((uf&Znx3ZgxZ{!<1O~(>ydg)Q`5`7H&^v{&0I}*lK0vG!Cw5$4qUTmj z=P`eP%4N9d#t|oIj9c+^ein5nYd2i-qKtk=xSGrEV@tV9syKmkYV5Y?_4(VXd*SqW z{^ThvAw9Cf__0~F-^0yb^BF7vDclv~jUHD3xjhiX%5K!oJaG5WLF0s!CEa_3Xt|24 zfKE<&zTS9Mq*_a9;MfSJ@=xn5mAqI^kv-E5J9ai)=GgKnt1b)ACz zjJk&x%r1BjTewe=H)W;&42&ZyldAzK`w+NYEmr*oOo--yk z39r}1V{!!&KY>w66E%s;kn7g0_RpVE>|Jj8H`u7d#>Y+mDpDY>gknGd(mK$!xFg-T`KQpCK9DrNtx``=(;t zqS-7Uk5X|~8oM&QH=lZNXbPkfRKe=`4iO$09V6mKuv1d=mpg8*efuq)?IK%wWXD$8h zv+cWru#^3L#-AN4(G|daFP(d7{X_88qfv~`B1lJ?Y6WNNluzrj%zLb&d{;vwX=~BW z`rH7qUqle_I@z*E3h6_{e8q5S(Hn5T@v@Cc@rson^G^++z^}jf z1k5>p02w+U8K9j7P^J+4hgW(_dHF3S*bFm-kLZovXm6Me=c7wk8saX!uPcbeq#KGm z^(^mK?+gO8$()GKr)~t%ulwEPl%rT$vO)y?+Dglf`o;NJT!Pe0wL4Z0|Ek9C#ag|w`(fo{j zy}+fGg0z(XiJ%^R=W(pbf>xBLD{d8p+&uMjDkr|}nNlLb%P7Qvn>)@LZ8svrt0mD@cP%A#Hh`#uli>-2e6{ew=qHAJ99WV z@`u7^Go=HW;MCDIjp9sWk6vQQE`(w8h#0e(jNMY{crRGU_Kw%!G1S-h!ge7r9=L+f( zGA<%UyUcJiaf=@H>0Poo9JYz8h?8(L9N@=82ur_faIlk=x3r%STmOmr1MhdJd0%3KSbs?zk~wSO<(?!P&d5*kFosv`p??Hrj z;^11IJzYs*!zHnda``~E&@N5a0b4)h7DQrgSkEMhNHiGPw}}OQbqQ-Ab={S!p=Di~ zF#mAE;;1%Jcm46Wc7Y#BhreM~e~|PHx0no=>gp_MYJ=SUn5b*>>|0E1?3HE+>tk7E6gd?Y{+RGkSXh{mVY)Pn z#(8EbeDYW-FQ4zmP#MqAbwz;lh?=z=^*^+LZDoPIXxpVx^LxLCCRIx3V+=8}qVQ<) z?gzgbVj>bff4iiXOT#V!k$!9ynB&WrAMNLACyl00gP2)Z+LW-Z=n0zQ2T|q&YyRXc zefy+676di2U9#V)tlWIy#RYX!R(F#aX%3O>4BuRKTBigww8?j9z8&Nd>9iFy85`r}o?|ish%0S&3hCs3U(diKMgYTMZr>{ZPnz>@!W%mi#w&8u z%)Xnc9QWRYGIL)Rih>oxdO6Cf+czo1tnTL$;S;BPyhj-_0?eG&ueA7j+=Xvoq+uEv z8M$_kN6t_u+$-bkVR%G7s{)`%CNbVzv6kQ9im2u*DJbh(bcX74va$8kd+z&3N5(2N z<$``Fj5#Q=TKP$%rD@0w8^rNC8huZ=QVsQP-fHL@(eq2p1CkZMNu0QYOJt&K9~?0w zy|trmJi`s`Z#{5v{b*WZtmm3HJ^0uz>7KFBPVu~^W&f6kw_f8(Ff1i5($A_jB0_1s zsQOE{x8>RVeE5GL=wWVC<^PUvg8eCX-z*3tJ#-GFTXA}+u54H(7r zp>0M54j@`#r0|?3q1%@^(*~N_(e86ClH}iJrbbFtDO^rEdFQeEc;ecG#>QxGqo=QTW^K5; zd>6zQP-Ahv6Iz+>VfOQlGw7~0fLzim!uCj0&5A+tJRzWt4^V8nYklO4uBon8iCAf& zy%tEhgs@0PTati`hlZW=CX*GrmhG0sTndXMW5~@{r zFCYt{8X(V9U$wWJsqMMPNWg7vsGOur7BZEe|FDc*K;SN-S5H~LXk%k@c8pz1Cc?gk zIMt|JC*%P5U{wGrvs|9bO-;3`{9c8KDp5{mVVpI>1_#6GFxGj=(KvH+_lt@?eFNX- zmi^9~ML6MW|^LX9XtS+NbHIcf3}X7SE1+(p&Aw_3!hlH8zRz zs)b+7GCzDc$AdkyKJ7WwhG*Ls3>r#G%y^?a(~wb+mv<{OnEtT{StqaI4g$exMA2gq z)gvr?CSlCF^HUnXac7%Et>b*w$qE0|q52H#mTN^{PRXqyWq*dogXK<)0XY+gXGH$# z55qp+`Ad`w3|0c-xpYX;x8IJQ5HK%#e?KIqG|kVMa@A$|bNU`-|{ zU^graimo|^Pf73k&2J8;?qSYVfGlinZSB~wS2~04H626hW&mu^%sS)jF2w-r7sPbM z!WF_;@^w;HDd4Ku9yw<>Gb4;gDsJO(vElBsm4M4B$T9`bRZ_f3?y}_5gBD|eb?=Nr zs+X=%Q?<7{9fW?aZ*HzkQ=wR@PY&YzZm$%Kw|`wy?W;(2IM1U)=dbzh0yanP=WmMa z*YaZ|dYkrI2V4DMQ;4V&gEx73mZ%P+)eI7`;vvD5+|0mLbJmAQTkAnK`Of87kt$!^v2canSP)i>~8M&dtkn z@g?D1_s~;p1XLe)vPU%Spu1i~#YirzdB2@;%`15CxUC6F2;oU)M_|4e zH}Y9`x$BMlPJ@)5QJBTE#yXWOdgAGDG@;I5yMTm)neGJJ3)pc^h2Uk>S1blwuLt3gbdk&93Nmy1v{5q;EFWO8{xZ_-uzl z1ErgLcpAknxr}M+>|FUP&G7dd=jIf7G@A(6rp*3ox6^7qF?rJdO3Y)#fFjysciPJM zx_7F$**Bayd)GeTBAB?n=4k=4uI*$A!0j*!oU1Oc5>pY-xvS+MR3uA=-4c4mqnXr| zKj6yN*wy-Rk0mN0GP|U!t80F&VYM(aNq&*n8$D4YQ==#r)V;-(zo#<5_{;|w40fI0jDO2{^TlsOq=PRNWOn7$t&4237^#E^gZD?@E`MfS zl38V~P=A}l)BDn>m5eEKe0N99U@bedLBd8u6!s_cuQ&G_%z5hBB`k32)6Mpo< zBsNev*}){%7G(ZC>@X3Ia#(2W=@K`-?6+->1v-Yh4Bf`0;W7KI!+4g4aidc)pnR$q z=et#lJ2{*O<-Q<+rn;|Genf|UwZMEkTi+K3#&t+9imtYcp0dU@Pr_NIpHdva^7*9W zhcpNc^5-^a?eT2l)3vUUM;_$VGenoehSx0OOS zX9P|2UOBcva(0l_z^~{GzgD&3>=kGCIkGdr1CyX~2No6epaMgZ&WHZ@_ZQ zX`Q)dHuc#$vx2NVY#&fUcgV;l!yGlzRF?58Pccx$`}X*@yVU*s@$WEkvRj z0xoz{@w3l=D06$SJ2ML+q?}4m>I(Jpj}gl5EhCjxXfmhi+cqjI zU5w!`f)_h`2-81V_F$jKS*0(I8}?F!iNax6H+(x*y4%oYQ`bdr6fChu}3KCTR_)&1BDc;QLA03-(g#utz}*n zsL^Be3UzAk&I`S1ONR~P+kBPLT0ci(wik}--NuW1AM zldeOU!2gxoB-cYo4|O-g#dpP(A4H*j^a>0xi2mF7*8at^%~?IX!1P~Q?554}%sOK3 z;*3Ytz@TGv~o|K4Yvnl(52f$Cnijone%jTeZH14 zrN_r(Q-GUl>S|_RkEtkkd1T$V2ksx5xdO>D?-0=6-M?wfKxFgxvVR$LD?;h%bMy}; z8|7i3u2s>*JmMYY@8WSCj1wUs`J~cxeT6{BQHaaOj|yvMjMJvk=T zF>(+{t7e1F&qlSK1Pc@t4~+=J=-kI09Ry1IeHOhO>yQKJ-R3IoxfJWx9<5B*ob;Qx z$b+KTn!5B8lEJ}2j{+NI<*Kr}xp!)XRiK(@9E5Nrw6jGB<7AI3#K9jk7W#3WoT7QO zS$x0!5=9O@L?Dr2?bP9oKZ|KrS-Tj=FY5u!1ip<3^!#k`H1cWdrlY-mOmsiF5daoM z3RE(6Bah8RE9f0@LS|ee2EBCjYZ@BfT+D{e+?@b8AOq?BuHz`w5l}*2Oggk(Y5{WU zHG}H8a?=*RWI>PCnwq*9piDwk11a;JLG9_W!MNISHOcXXUV}k5)UNR2O?iYUvU%Yi z)44|cAOxaVzbI6U_KDsw7juCPRb|je!0-@*S7KGB>CDpcn>th@Cn!+|4;D8Ehm3I4 z#%$-s^IEInaZuG9BOYYGw%!kB=wXt+=8YFo!6nqn#Datiz4o_e#W*y*QQD=9>*(v7 zLrijnK5z8}Gu~b0f`J_!>!LfhsZv_+@}xIMf?HgMjW^#oIF!>5`7{P?tExSH+GVhZ z67FUacrxLw<8nm;85lXn zt^D$Lmi9vOl2g$po5@trBZ&@r?=7Ya!FzoSB4a0)-`iTL1OJye(MCv3zgvB=$nu8} zBT)M};6PaIdFa-M;zYHc1hfO`tL>DL3$X;nYS_!N`G;kniwUCs-BVame9P4XttHWK zb-k4as4Wgrbgd3=Oii=>wt}zC1ebh2AiDLMj4wL189y%Cvul?gEn(6x-tEHg<`H>) zHV`r@ugDdriJfnoD1!t+mjJDIlNhABpmuf(Z&R4yjhAo(mkodW^C35P7sjn0;xlpa z{V9N0a>)I@n8W?9Ua#b>yA(Tsc>@LlwW!aKZIeJBPza02sJ88I(sa6 z)jF)WWpm|jwnT8qv?D!anK`SjefNC$(!2P^5btBszO=CNaU#FxP7Qa;s@Gq7$b8V| zmUFKCke0kfG?V0B%se0Bvi)_tu#V0aWZn2y)yZJ{_$A-p@C@;QY*9nD5GRcni&^>8&l1>&WH-W^bnZrURo(JV!MxkU9;L~Y zz%fKXNT6Xgp`gwsAOL*<&am|4xD~5NP%uvtX>FQ_<&=b031sc{gX$W*+=b~-Od;~% z$@aa{AJcJRNFKTEpa@@&N2D@3%Fmwt1P$B8aicQVPTOc4DJf1FbHPallel4y~*Y4|{4Ns2+MglrgAk{r){jJ)nHph5XwYK`+HSW)Ph9!A}DPZ-qjM ziS%Ha%Uv=Yx6*{-qw`zK^KKdxQ};3Nm8%ikxm;-$Z@8J|oH7j27***Abp;C#sE>7Z z1z&+>R8=#EQ`@FtTnig9#6Fw^GEPF>Mp3OCvUNgaaFSURmiOOT?a9zz*b#iNsN?t3 zxPw_LFzVjs?vKal{_Cr5RWT$sg&BkQktsWy45b+@X-G*H3wbB2JW2bE(gC{?xm(w= zM0Ze)k@fOR3$I2WHrE#uIh529DIBtW_iRmD`|Wx6TFtZFn~AF-auu%5G}(=m?^CWT zId<~0-d(*T3X?O7bt9KykJAKOW-wNW=f4&b%QyRJ}ekk8FQSAzxuqT=RUyhWcp~Eleq_nAFpLN`qJMdy@?&8QX(i+`cJL4|5*(E zc|+1VW0ErsmMb88hf^7gNt#YYF`1(7Z3MoLE{ta`$gddl8<>9C@d%_-5S5ZkW{LVl zypyhn8>c2A;FSss63D9IW%)y1F@l5G%d|FbAv&PJbI<;n?PAC7iPIMh@w=REEAi`- z6*hK|6r!jWuL!^xk#0H{dyI!Y^}c1pUG4#NpDw!nbBBQgPIk-kMf&H5Nh#i{=---6 ze~2l@Q-8Tp`1$dR{FaabDz+{44euJ2uC>yMBpWf1hVjltg0C1TDsG*(a4%dq@W7gk zviBdX3Z$^}f6>!EMf|lEHsZe#nOR1i{-1#Sudw{zukE%n7=#9Fziqbv{_>wLRB$n! zG1S6~3VHwhNiL6*mdsgq{w}TY`<8zfNi9Vj)mNV5X+3EDS^S8tGc60S;WY=SU^6Zmf6$OxkEV@A5>)->8+ClvLls;!E^P z^0NBjZhHcqdD8Bp{e7hfV=S(V&5cc6ZI7gua zLit57O%WLO>PpdZaf+F;ZuWB(3&5zo@x+vrH%k}LDNbRwnL&+++;YWRahH~6OQ)+6 zkcK9z9NGs?k_^onzOg}`eYvu0=5Du0*MR;|Il$?(wYPWE;4b`tP^Zl=?}H>@P0&n~ zLA0e!qC5wwzo$h`CAcJBW6OXU7o8=ErqYB{;-=VNT6J3uvDS=?kifTI_oU&6%AQ<& zfcLnoQw##0uj{mf10xm1#Rf&JOFL733Qk}1zI>Ts9GQe_t)R!lAFpV=coF86YC`^Q zCOquC1v)?fwle!?nv2-t+?;Kb2cjJC!O+*%E|{D|I!OyrCV3eB$N&3}NcFGSH6Hbr z{xV%FNi+D?pF6FAQ{hr><}Di**0Lr$mGFQIzoNpza))}C>wTEy?83={{fRi3p?lE> z5g5);P2+!V4)|qxn7UAQJ`80gct!3k=(uEaTxjcarW)~@4m2jil*4}VQuoz!ei@ZL zS7}?d=P{qiA=RY*`}eh8zO?fx`ewJcC^Gj-1BpTXnYx5jh6=}+VB|Q4*gwsWpk~ZO z-`!4D^1PU&b7o%nu(|XJ-gh5$MOj(#UiDaY=orW@ym_HTOsipVc6P3Lak16N*5S>8 zi;qoFNq#95M=Z?6z3$*NZ~1g<%VJJ{(8JSMh=ibH(v4prU=b7Dj+P`!;GTqN?Aps+ zvwfQ~Q+YM%V@EkM{Pnn1LfhNB`dP0pWBV%uqDWGT$>36t6Q3X(d*H!T$a_ z{~=C-em?7wUjK}mCxTurd6q6?R$JN8Lqm3sxdniCnNVMQIQEYpe4KYxQCuJQ`Yz}d zmUJY0mN-6U^B`7o3i|RUSpVD>{ns^#6cB&0q{f(jJA44L$~!67mqc>;?e;WpoWK*0 z$sMR@JBZF`>mRUX5RatBU0y>Ly)dRDei8ox6X@GfEFPW`ncL(Y zk5?0pQ-~&{{}S@Vo^0-0VO9kBHuD2lB^hNV`^O(dT9Q=ytA|d+u0>fI@NeKec#s6^ z>7VyO3h#MA_L{Ys+YT>`AF?wokD4(C_?&xJJlw}_Iyg^_HyH}PKvV-#nUP0z4#(zY z4Lj7SVQZ|jM&8@<+`&HQ+txZVGC}En(3yCzF0PJMFjr!h#M%)bVp3ast}9N`jv~V+ zFdZ0`j=DI6=*gPjA91QG@L@|%D$}t7%vIcf_A9rP4RSSgerRl=R0H^Nh|n};HKjW4 zfR#beFf%LJLiAyq390x&q2G3*WQEuleo>|n7PSl;&iL9m@vDgFUF?tZdGju3g!l`@ zXIf&})1_@l1xXL~0ZYk?@3I19KTp1Vkb$+He^b-%491Ti(_{)BPdKHm{!#h(i(nma zixL+1bD3IqH4&G$O>{RjQeWyJgKA1@sQM8)&6#$9D$UTaK1tI`=STg6q_4+rHT7-w zzdjTAto$RlSJG1Xn>=)MXUK;VUeW{_l*oRoEhw0?w568wx3a30e4wsvY;Ks$pz=jc z&P*^R(r_r+JK{PvR*Oc`Kc|PK+vk1VokM^ZomN^hv(07*jHD2AE%)=uv$TfI>40 zi8dIFF%f+*V~p}%d7g9b=eW=P;r%vaex_V|Uwi-eTK~0H*-Pc~IA+<)HU*Fx+7F*e z1)9DAXoQs3&C&vf{rYJW*U1viUcsEjo5@Y;!=r$@Vr@)vRME-6pgG5_Th8%w8NiBa zy73sBnYn_E19(OS2|X%EbX?m^ypSRkAiVLW&hX*W-G+wxxy@Nm=f!zkgS$~Z==isz zGmt1wVb7Na&U4j6oKhcXX}A0CMN$MK19M2}_-krq+{uzU5Bbjta6|98d*NQwi{`p4 zKJ={lcEjloVvBCcrK)(AEI*e)Bw0!@Ad0tFOUrg5)~U9F`ty1qZT= ziOXr;4U3@Ex6N=|SwqphJr*UT6eBG&;Cy57RziehJf5S=)J|3oNGA4q zNy$0ZwNia=&8p~E>H!ZR>A&~$JTp!KWJA02W^<)YD88#G<2WstMrswK!E-0LXcG)t@|)uW z-rKIxT2eo0`3-*~*02J~k4o9)4H44Vm;Zf)`Jhff*_r5P=JoPFhndao1;x_c&rZRP zk6%b=C+WPlv9Sh>EQYoQxS0D5OJbFEF>K${Z6`UkYBPlGi~!4K&{^8XR)lQJ!eRiz zE5+WWVLD;ghSvM%=a-mY@*SRKz4gIh*~9l>SN_i9&e}ERh(oXFgpc#K4{`%1OapO> z{wtCF71d>3VUBmNGN>V-XUC5GUvvGgS@~|>(t1{teYj51LEX184XK9&BBQyWBd7;|5o3a@s{I}2cH>drk_UJn-W3#tW0B0RK5bnBc=OnE)O(2`K_0t zT|KJGw0&^w^oLN&U?5shOUmcXo0%M+({2~&o?&_L*AnqH!>?VL-^gADwb>D52N{=V zY#=#VQYBrCg{ERhyW6b?keZH9RRMRV`#azjFlCxer@=&PZQ+QhvmucLECQcq<5l09 zI9jDJyQd0kcO=@TpNi;9Eb`3X){< zm@#br-s>V4urkv_*(1Z{8#wAfvKrD&Oz}-brXesU7-fg{#a3zy1OB5 z(RO9sT-9uFEj|5Lb)XV2EsAUcyO?qIw_+W5`azuF{$)n@#us!K{j!vDFR4lC+J-5( z&d=;{gELNeN!ViY1ii$`I9%k{d&cKF82D^pK=o#eMAGEeAq7(mcm@V?-#WklV&&-I zP`x8h;A7Fgv;l#RDn1A^9Y2v;cX(yc+{;;TazFzPB0+xYpB+ri;-ew(UZ2o)o+#4! z0Hp<6N)f4TbLLx%6!Y~m(Dx6f#VK(1t40n@jgK!Cmm~}FtJXig-Vm4)$shI+Y1mT- z-R$9b_?`t4$|oZ76H;oi`S^ErgMb>5om@bz)WcbAO!eMd?zHlTh$&%P1M`y9c3#1x ztghQ2yVJeg>$^M6p449A+AJ#BZZ8Q7z_)YE@OTIF)3blyCaj5^Ku zWkU*zkV_UIv6*O=aWgaw=Zc|EyyR;C$=yNvU2}s~|ErEPrU1I6#NRe=#qWBSR#%VW zQMmGBu|lT<0%k2&*V7qnoZa25rGT=(ori#hm%{yO%B8p_qtB!l+Q@?MX_-?v?)S;b z#F{gj*RuZNAmJ?X*S?!6OKp_mno=e*qLFKT)7s(F0soX(jG)|`VFi^h=GE1t(N zpq`R)QS7yr+?Xfbteezqgq?2?d9UN>a4ju+GhAX~*pH;SaW(B5Qo^@rl7W=sS}C~7prjz&M! zcYUDLm%w*=+l2qfSGro?Dz!U(cx=YH-JhMl81x zbbykIQZNtCOS=DNu}v{hb2O5=sE0^UiznG`G}9HqnuR}p``q;L7|Qm!PNrvSq^0aR zUg^`l3ylr`)7Tg1L7;kx87ZdRb74^qwhDeiHW6Xm?=$#={Q*yot+f7FT1^ZrDIv3H zwdl?7(3qUZWj`h+C*2JSb3fXAuDL@DW0Y+0Z$`H6_+3g8=`FrJJ!;ahsZ!DE9}7Zk zz~2~5lkpfE86lDYxP5jMP&_(1I(xaR4rGQ{l|M)OiLq~ejil0U@G1OxubCcjD*C@AJ-d@=d^q-=22RP*?xr1^8-`3P{=6W$zIKhAvGD zgqv#`S(|ZrC*RKS7-pQ;-ec~73}{RjZnnUEOZ_srJOSM*5|-t-Sl7&LA`SR%;&JCE z-ManduiBkn!am0q=eKsQC#mr(NtkETmsy@Y7d7+PL-KEmhg%n=45Y{;l2lZ45yUm9ewT1FM@bJ(_!o=vmeOm2ZD6(P7|5d9Z_$BKX|N2 z2j+=Hl9b=Z;Cr)sKm5@L6& z5#00d?oKZIxR>x%^nl1OHfdbgcGPp7KK9Y^_5w_>Tf4$)0pWmfN{L;2+{MQiDA6MH}G0&-|UJY~~6%KEUGoKsLFV^sXXvzRqW5PjQ z;lz_`3jAtH`)w)x^kU9mE*IUmvtZ`T&v?v#|Gu2g8*_CEddgz0S-@-2SW&^#ru} zqx5ETFRYQX!Z+4o`nGR?|>wPAj{#ecvTcnbzz~0wAm?y z?-itOFHBK}GmcC00W9eLgT|SCfev$r836&VX-GL`P{!z4&5Uecy~p8wItO)HVbEro z`3ISXXDPcmmz&!>4j)Y2FaVQ21*c}LqvLBb2>cg}HY(okbG9OD^RVxC)yhq)Qz2D# z#QNvpX$8&KK~e-MtvLzR*{vxZPU@?oB0ur-=oH=t?axB2n|W3)9*cVxR|c1!tX z^YLnEoiF}^lqbmX9Yf6Od3xU4#(pTBnWbyg9rs|M?#_1>)JHXv6@S_{p{->QQ415E z9ony{HWo+GclaE7wSwrGKbr^5N5DDK8eMwj$<@E^3y%h!J&H4-AG>paV*Ew^?;G_m z&?Wc-;8nq(-Kb0Vw^P*3;9K9g2RT(o>NloZDq^Ce74N%?KVlK*oz|y#kzygiU8{Ck zF_PvR_qLg#&_LsU?V}=L9%-HlZWS)@%NS6&SC~5kOq~7x1JxmrEGGGG>TifV8}A~L z2Y=mKk9SniVUr={H3N;TUC_Y5fM{_5IvC30kGm73Uz2Gmb{i12egS8eh?B*Q4UA$0 z`Q+!o9A5_Ry#ZZ&s*w-=WeL`i_!U94D>C$|v@pi|TA(S&i$)cTZW%N#+V{+r--_3I z#|94Qp(lLpi$GDg$e8rWEHxw;-#mTbHBMwx-ti2a9gl}2#DlK0R#>)9E|w_0AFkC)xdLl%YhIXj(bu*OzlI!YN9n``gp%|5jv*~*vw@9mN;_T5#t zq6KY}`2S-%0VFx#>Q#bBHCzg@_A%a&#jOVmi@3T21zB~ApIm8MJByHA>%=^HM;L*Y zM!Nf2srnv~i}&Y)81I`m({AJ=h%r3h1l%O(0!`x(SSi~ zhp%`0ZjO(C1phu|Ic?KDpX0x9rvKM+LV*Lm*S&M54U)fI{WugKt3Z04fC_t;4#lrtgA^gXW|JOeN1D6iewP%2w!1cmcK1#p!AudkzEG90FtvBlS zgTM$eD8jpn>crjbfp~Vb>E9$h|NeaDXy5`cM;9Gm1U%yfFOvYWOZ|=CziU35Nb-sB z3{b8hDoZ=Yy36kDa=Z}{5pd9#h+WiZ2R7YjN6@Z~HUc!G*zphRTiZ(X|V&iT4pdPj9Gigk>AlZlQ-{9701wMISyiS5ZNb zkzCfL)_wBol}mMOmYAX8eU4pdXq8L~(^^Sr@54s?EA|gcds>gIg$UP{c0Wefhxc9E z*xG4S>E)OisqKTxo?k!o``EGT$?#*E;#lq+==q+SoQ{Ta#vKN?_q7y#CA}MevnZD< zH2st{mMuATErPo$)IB0FVh68ja?R?x47qH0-k$6Yt7I;CBSMBFPVHdJ)p^#M zCRvrw!8l3HV!QXMkCtmZ9K2d&?Sl5E5bj(GbZ^>W5QDS>U@e}TN!Frc^@c3xFRrG( zU3aDPrtaMqa#V(ff8IiEff-qUAtRSV3ovTVr`~gIJ6mn8bNp2R*nDL%`{2pkW2=!{0rTc7)dLUiwDFPa?O&3rC z|6BC|JWW(&d0fM<^f#!G&CQzl{nW8ZDEoS3wAR6oonE?JXP*VH()zkbFdDF#wVttO zn2G<;P0adOV4n+a0=0=&6WC?d%zQLpIA>&Hsr^p-73N--k)D~I|65Fx+iF}&ICcEU zFGywk2qhI&Wo_*w2`TAT&;o|;$i&*Ut!2=5EW;6S^x2mI@^n}I^VjeOF43#MlE6SiZvX8X?eZr_SI!(M}|+P%DdaK79@ zvtvvLU1xx{vVxp4Wtu{@>6nA*fJl~fbOcVU9O7Y&EJk8RARtnQb#}USbxkZ=@X($| z_LZX%E1sQh`Y=-<#tE?Z!rPi|EC#nv%}xE5OSH+BY<=8LPS+^klY7v9CM*W9V!3M^ zOiGUu2MPdQfHao30ChG{mo*5>7$e)3-Jb^s^60}ig?vaQJVr)S{TQ~IZ(6un{ zhCibI<)8clw=BeobcXc1J+U8>_b^?1N!ma~OZu9#VOGH4nFqov{s}Z*KJ&3a$GC(r z@h~9FAH@%YxVsCx%8Ht(^Qu$4xeZ26uk9r~+0CtJk~R90Qvlvih|P0{l5K7&$p%~s z!N(onZeornrW*}R_$OeA8#u`-{n+}^``7CJ=Rv2EJPSoY4~3yqbF&1$DwtRLC&vR0 z{!A<=ol&X1b|YWPg+X3Sg{Yi4VNYK=W~=5ybys7#StG`S7&i-WR7G{Pmj%*$#64ILXAsm;zdhDBoQDH=%Wvdw|? zxuby6N>~$99`fkSx`vpeDK7x+4i~!|z{3XSHMP8>ETgNyDR+Pl)OOKJc{x)M7X7e~ z6V_lwf3KV$7TDcYw=chH8%A(8+3G8z3$9uW~s?4)yjlaf3|>%c%+?l;ZLRCI?qTSuBPmQcG^b|yKJ zrkgi-KoZ#6T2GUC?-dI|XzBAcA5H-XMN%Lni1x$VLHLXLQ1+K>>pl4X_1uQ1P+%w=fAv-d{5Z$KWOy) z%IsD72S>Pa1BNF{sBK7T8C-8B{O z^adW+p6_{P2ct*T3(yRXQ*9RIU*I>CEl8f{cI4*+Ce=BPRDE=?EAc0zRc)KP-iv-H z{NZ!x%U3Q9M&}1wo1cTub2aj0dK4LT>r!gTWlugzpRahP<$-rj_Z}PYXHXvgegLUf zOn_0pna6C_K5&{Wi517HgBwe;Jw5}jX*ii=&eWE+p|J6V=obe-T7#XddBto(Gj%(! zd;3iWe(`fTqZMsnmJ0%eYk8)6dMXsi`$bG3?>ty{GdwdO^Qm8<8ZAz47kcte-YJbVTWE zO1TrK|75)k{W?txMdX^zPIny9NN&{$8}ld49v?bxH9&%X{(*DoA+aheZ6{L9{q5MZ zzNwD-#UUS0r^G37B5^HYp_+;>_HEAdUucovx%53$?`}IY2bLO&DL4a+lUiXw#7yz- zR$u5%;z;6GrZPXDiQDadc|y0X>vc#=*M_8-3@}@~BJ*i{Zq5mak%)oS)_4H+_u^w1 zXCrBC8JpkMc|;6D+YA0CH*^om|GUCeV7i?8F0Rf0^Mk)3q?(uFhK!z* zl&Apg5zpbkqZ;~5qHl|LLtXpZq5b(@YY=(H&)<>ryvntnqcU_GdnGVN+4C|kYaR+= zAt95GLS09I3TOt~fz9Km;ORD1piB>`1{R#W5`r=q6MMLx+<`~CMJ|H*Y<)+n{_V*g zsmW-STudJ3>%YAKR=_LHvo&0srRV!sQbaT(c%!T5E1V=z*`6jXXG7<>s!Ef_zBu{M zhr(ikQ-lKjFJIRG4BXE$!-+h+1-tApxM5lN&{;mjmrV7ZfXUk^uAuX^owLE@I=dXN zxUHvUsF&OlBd5$kD}s0=Bxu<~jE`?*tk+TVtBAIt&%LLEv=4`ZZ6Q3TSNe|-IzL_$MyZ-?@oOEpz)i#aXDm24^v#+}`%OVx9I$Foxy`+Woa}5%!Z4}; z{x)3SeK0g&Cgi-xa&c{Sb#|2TC1$Q%;J8hIpT}!kJMQ(CfB41yf*vd`{$&EcXck>wr)f4-XHsdRepudbwZ(PHFA0Yh!?rAp?tgjhTXY34->+6VdTp(JP zy(5>4f0!7sa|Jtx;FcY!ndeoKrp7#f*Yjaq)(vOHN8))COYgk1C}Xw$hQtuP*0$Vp zowtiI-Z@)$AH^s4x@jhikMIkGd0}pavJnEY3o_$5;=OCrx{r?DY$8-Uk*O9)BQAB@ z?lX?*lBbf2$h^4w0A4E> zVu}|oob@oD-PIR?n@zuNiaC8aQ`TJlovJJSM$S(x-JqyS)JyV*-=W({8VMjq9S8Bg&V(I9Wc^B=*VGb zYdbf<#dr7~ZL3L9q$ue|VHFcIz0e4PyNR2XebO#HbHfQO z+~gX#p;PXt)2ae;w3Ey0FC~3%%lnT9TfLot1Vd?YpOZDW>#zU&KyphBP{}B5R{jjT zcsEA?z*VA78ENEXO^t`ZsXt)XJ4f%@W-HKkBsIv~I7|C&<{*TCPIr%@%UK@+E{N`r zeez1%SleE^LZ?Xw19<2(n-?Y65HEA6X*Qgn>@dG2sJ{{7GhLMfeI)=%KqfY_atu{J zS6#C>{o%!J5U`eEhimCfO*Pu&VAr-QR1mU(QH%xajH|cT+;EX%_oACldU zd&rMSw*=wpUwYd(-yDMCrD|u7i&r6IgVrc4Wz!Fpjhfc9fRVUs@~H0}Niw_qMlh?_3jI8M7%r0Sl8wBJ4^eqvK=Ef?iLoTlwEvy8&RqW6%|(7HZAq7hLsjy z^05dfPT>ajqVl}JvpcOPH4kDqN`dY6yx(>tbIT^i%y*s8Oe`IR0F@k}PFL`ODJ5~M z&zjZtRM&_4@K4U>N8^ujWvTZBxur)b$6CE#wVohbI!8usrX?k;A#)@XSCDTzsJPN* z>()I_n2OA$mtEMSBqb#)Zo_$G?8nFTBZ`i#1$f%2KzpWs2;zU@V=@6qQ2}mhl6_%O z2xz*>U8zsv+jnqBAAxz%id}?%WcQ2*E$^Gvv<4ok;fL#|TW1P>d2|s9swSpiZ65Rr zq)H4deph_M1ZtU~)|1TQ@3S=*mf{31W|Kb7^54c-0li1RZJe0>R-YQR23D3b=~V^H z0*;3n!mO+t#%(oYm{A#j(&B`S8IuT5Mv1eN(}9RPm{(#zQ_ipffHWY)+3&sFrmM`X zgcs8tblu|0xben%dK*h5ERH*U$Iw5A#UbmcaU!OsG1Iqa29g_8D3%O^Xu(*Pu51!k z6W3Gap2cH3_(PHxB$}qe$&CKi-(_D+1Xl_>kMENJ$1I}*l1vC8eA&RLq3b8{kBCzQKf!aEB(0>?@MW)u03d= zo64TTPVxq^ZiuH;8~N&wxO#JmDZ_`i!yX1usFSj+qgV#i{YJc!GSo|+8&|J5(Cz*y zgtz9}sWu+?;O4p@=36VXwQGiceqru6SAfF{JePP4dxDwHh2~28SIIK$Zq|~|9amWgfE5&;Hy7;$<}7qDGz5NvX6~q+o#l z!h#?RwbstzFLD8``yV9l8z;p}p=$N`^Jf_8sh^RZ5t`=AXKaZW};nqKXo67)}z0y|$+*}czk zt>^R{p?P&-$}PuaZ2_F*)xwJKA%F!NlPg%WM){W6o}Gu$UbjeVv+=ViG1g7i<&%6c ziG`GvdpbzH_fl_mWmTp0FEjdJg#pLbJMjGAmJseAd?0)}ckO#d7?!ti_|z~_xn$QG zolfwGu}0{MgG%7D^+9%z(R6Vu9)wg%ku6Cx6I%QVTRo`?{LQyT1!jT^{_?azKehEI4Xik?b zTj#cd_Ta{{MaB%>1iTT_C^kGwFjR&}9{Ejz%QtA&#}^^d6ln)p>^qYqr&BmSy>9n$ znvG%rkn?CN3>^K7`HMOS4c6`ipairJEkv1Eh^12~2c{v8|5uF!$3FmwKiMiD)9L>R zOaXSipsNHaUwGx)&_91RT(|k)+O*7BbepKHXct7j=z6{*dq(q&ZsorH8?D^{1o)l{x&i{#s%oSjlqHj%wfVeUb2 zYh2kI!aCuU576~Pjq;;UBN?-W`DI4qiytBGLUj{7kd9Girrj)~%m-sO3mY>te# zSn1~VVSSm539vD@4~Uolj+OCXZIG(dwq(p!Ava@Ae8-6$@jAu695eY(N8-NDYIg>w zl+=01C84bD?CBn_9D}*X=C>JouqnMxQe1?dhJKkHYxQX3wrf>~PWq!6cu%J14YfG` zAe!bNaoKrC(?;3booa-1i&~3HLY9T;a=cDyMSZM)?TXUBb0-kpHX31E^ z!38)cvoe3TGXq?Vt&oPY@`22(*^xv*;Xh$v`anC~Eq_NZiwjlB?lP6RWn#Ch(A6z0 zaM+RrtvlpC1081|UkL?p6Wv|CIvN`4IS~2$Mubr65UpE5 zfQ>Ak@S)i<=vN(nSMp7zb&pKw#;NnjG}eIG!>) z6i+lghB#r0eV%J!oqO#H57Busod)eSr;c zoLXWHOE>`JLkoG^Hr+X~`yy?S-Dzm(|Nj+rTfP3AJxzUh>K>l9t7v>D`3vbA8u36U>3Fy@Np1SZ+gzPkoRUaF$NW*uI zLeZTOByHq#J9x(UILYJdS3N^FuK5=p-AwLKf`1VCt7+u_xafN-PY8~bC#IVJ+Jyc* zVCg1y<1?-&f5wvF&s;&rcv{WEvW~BA8fj7f`N!6J@5g;B;EdMe9Sm}`zp7cRoT`yZ4m9%Jm? zF1+kkL2=t_mY$AIw&Bb*MNvuVDFM-n*zb>|k@4}3`T6-@#`0tOG14rt6C{>OyUsK#Mj*jp#ev|`S68p&3M2lYlOAg+-llzm7RC%&74DAtJ4mHb z`q=yal4g!(sO|0V6&yTiaBl|-+QZ|CE|30P3Jxas=-s^MyTp1FtMUO#&W>t6?X=4$ z;toNOHA)|ChQ_G%{{y8=|A$hJ#TRK`c&$@g?OjczO&&mD{9#F)v!wi@wia5aktxyK z$8bTrp@}i-8d$?i7|{Mo*&kLUfGw|t)M^KqzR+K#4#NX1=mPzc5R87uOk{<^kGfVmByLI$Mw%7r=G``JsJ5A%43=%u)>q z8D&#U*M4n$aB%w>v6-+1b8H0X(d^RFrM3O*GNdDRfe=ee%fwFRz8;cLd}A%-=;&&+ z99tf|c&Sy``|;@oAn&$kq#rQGc zm(NmM)y0^r%v?y}qx-u7Qn@IEc*yiJ%+J{=AEYmu6}&nwxa`P7geOEy?7-z&jL~uJ zoO+@j$Wsdh$Od5-FcNf>dHyhQsJW}pN>x==(5|JTy!;B5bin-)Q*DPCTvi;j6xd8& z?4qd&MXp#xIR8u)jlsQ$k(rzncBa^GsB!@Z1vTw_jYOuUq&QLcF*xe#hSt~Do5!IH zU0g1Y-B_o01`=@^Je5*4vP5D1uguI4a^g+=%timS#&iD}9WO~Q!3(3a`<-HDVaA*g z$Zu0$z`)OOuHFlFE)BSTM!Sxa5tFps%qX34cm8fm)~64|T)xzf$pASOK<7kyz}DvP zI-oKAd(EubDN@WCeQ@VUs%tWeho|gM^7_WsRy~m4{IzjjcUEKC4-Tw8608O}VeMt4IUDxo&7RyyO{- zXs^X<@>%N^Jsk4`ZQ=u8S6LBc{sq!5@OtCzyV6WrXuX+pi;8n^=%(QKmXbyy$h_s#>Hl2$b`>^U0g#DcQX(&ti@w=}uzk4>}l_16!-Y*v!|fIpazw2Fe}(Q7ht9Uq;o$}}x~##X$1pFxxfwTgb9Q)N@J^enb>7}% z08cT#Atokfc_UKBJGT%h)R9ZKqbvvD@!n_an-@kESkiYb04vM0FT~|R7xtK=+Z5)J z2CAH##`)iPiG`9poD6Z+;FnJ`lO~*R3-R4W+V|+DsiSo=wG%*Cv$GLSjr;Y3gM8l8 z3qH8OlNidXK$NB=;PtTODHgOiRt@U+_D7fXOC!HMS_OCP+GIVNGT^ zN>`%(W4rtKtJv9s?CjAVRSb{S;7@_`0kHGLSCy$N%_sAJ7@IVW+_<*Ql_6v0>85nX zz3Q+jO0orYQ}X1mWeKpnlhx9S^4g&>Ba`-@+f5rN?+v<+5J&FXzz=PJ`e|_rII(Bk z$?%>$6f0D~SZkd@aclIL!9lR}R>0QJ>A4?elL2@DfO2`D*Re7U+5-YWDhz5*i-5-K z`Uob_xTdjh!5?xor<`57dU*Tpr!%SdPd+_5`l^C#AS&B$ zXs`vhQE|OI!jF!6m#0fD5Z(`Sm0nZU(`%)nrNxI5A)c$Y(L10sGZ{t8-qgU)Eu@s6 z>owAob8l8#4A(yTc4SbCGU8ozXPjv8XYs(Da%bq1sN}5_G(hudJ?loI`oK+XNKC_& ztri*AQdhX)K|ikV>dv-_F*8xA@kRm>R19bSmx!mHhZcRkobo)SH+N34yPm@F(hf}Q^&gr9oVp$I zr0{l$xy&h*9qea9F>m4!db~8}Z3_?#0B{AL^)_1^Wv!y=1fF`-z)Cc;T*Tl95=HTo zQegw=X29NSx=m|v)dqk_#Y}^e!TBYt8d_?#fnM3EIcv=to2~x zMNq0eVXHM`qq?IP!x3R;yM)YNK05Jp-*)BVmst3tPFhKKB&=`T3iNiIq>!JQ(69X&)!Hx*fX4;~Ilonx_QlTb`0#K7O5egfi&*->@( z?_0Nf>#aqE;Wue?nsowf?Gz-|q>KpeNHWTSDRDbz%aARzv%|dh zufjmL=zD?Uj}QX2@3Fz;mh_5?qD8I{+yU43bHglYfBuOyK4o*4hAn-1i7NwUQAV6e z%%B5S|BcGSgwCx%M#Y2$^{Bqs)H{K=RPZL$f2aCw$`6^dBPwIsAX>y}Y0w!F-C{Id z&aVMPSN>(A(5rhW*XAzqv*8Nfiqp)k>AQpymEOJt?D7^cAhee5h}2b#BhdX$)Ro5m;>;>0|HJFA2nlV5fz7_OZlA}Fc>REKM?XzU zk?pD%#0`luIar9M?MM@8pHHU|Xeg+nCVH(HNf(#h)!MCG4 zBuB)(`gwOE&C(ul*^!*Btmq8&2Uy-s_YB*3;%Qp5H}mx?dqr>d>drt8v1vni_+2d| zy7|%|EG6Yl9=%lfx>40lV`Hg-bOqG$*rwz!A8Pz_h1xKve7>Zz!;pK?6Bc2M`5*e^ z%dPZyPWemNr&4-v4PJAG7_4Lr*l-Tb1nzMGTC0){bkR`WcK3w)|M3;BG9i_?VfvS$vh$iMnxL zKdp3RV4ymy>MX{@1LJ2((!y9!MNSzVk|r0UGB`Y}ZuE9SCriezN+Uz)=VZbL+z=Jw zvOVwjDm^DuBt+KE=X{eNE+#74m)tZ~xG6mJFo4l3My-ZjukVu8q$;6Drh8$ zT;Z?SdmMP;i~m|?H&f3|WpbTW{Jl^o1J}@HJUKfvBp9|!)W_^NtEl)YVo&>$&Tb8y zEAK4<@t8L(CS`koOW;rqijGoqlGf?ubsX_}4>?;+O_+Db&;=cKY$CyCUqv+JN&H$w z*ajply01!}cSmngmF6s46)dgc212KMX_LlTp#fv8W$nV3Yv`YLgKaXS`{+WgvLS@S z*1SVf!hUB5ljH{eM&-4K{xRD};{@>wt&MP$CRve-*kCdjXI#%|Cc^U_-XmA%q{cl6 zYO7+aYKwtI>A-nenGS|jZnc%XUptM7jm6eIv~gAJeZl@yzHH^_NCDge$ZNUr0U@Os z5-u{gyNVtrw+q{i^m}O>)CU7S7c=eA*4uRSR4BZnVlT^N#ecVBQk4DCqWzF8-?(tV z3cjbzLb{P#A88fY3`piIHH@TQaTkYxHE7d{{8>(sN(QiG#FbBc^#KWU<{beTV?B0@K%WSk}q9IUA zfQMa4I*e#MpGmIaz1;3O&960qW(eBPafMN*M6Vq~VGVjPG;(OOZC~I^1hYx_3#52O zS4%%t>X=k3!Akv%%sEcL@BurE5$~v0vM2$rB|eE9VlW795TQk<*?^N-2tdPQ(i;e? zj>t%A?^FIGQRg{(wM3G$t#4+vRr0#zNYEYTi(Wo0E0Lm_6w2s8v!ss530 ztihVScM)1rzc;Sw8eSvT8T5qODZSWc$eNR+`sjo_Zb|u!=xQWVd3}~(p`=u9W3%@0 z$5B}N&_JM>d$RPY^j#XuAp||^akQE$DAuGT1g}k-NsxvODM;_%m3b&K3I_sNb46uN zV@RbGhu^r23!pCHS8@LS{sBRpA%N<{BO@#3urTAQ%-Q?o(^`|(2ET%~PoHLNN3&6I z)<7Tq@XXVPy`y#RqN@UsV4KS3J~t1K&!mX)`jwLzy?X?fFfj~Y z*G)h0lT@#)P{NuVLY*t;eiP3V1^LKMbR4GTxm)WjYQnNdX8E`1Z)B{E$7Aa@l#Wm<^s#8 z=tjL)&`q62pwBb#L{_%0S^4&~T({86W^xX&Yx6p7g_zV&8wTV9swSXs1$`KvG0*$t z&g-=Jz_-0Z0@~7`xi{dBazMwzUnHC7i+0xnm&m1gZds<~S3w|+V%7Zao@&wHcO@?Z zuWa0I1bn%zJPS{kBH*>S{W#BOj#JRc7jA`M@Y%x7b}gf1BWx1~s9#?~%-fg8k86yz z#Fg`yu9~`HsFoP42h*?>9z)OQZ_jT~=G8RNQl=8aud+MSYkOp%)5rzfG)zQG?0Nin z;+xGlr`BwAn(knu@a_xn%T8MFJ8f__gNCCy*HUbl>-DEngg}< zp@{1>36`#ouHp7oy_wyck_VRviurUg@(Ck=*KZHQppx15bOAmY0jk~3F3eUcG*^&0 zeW@u!XH5jPx@N(2(@<0^VsivM~OiaS@iN9QD4oX+MAMBObToo9?AtzBx&7^dsCB2Ek+ z1_i6BRwb&k4z8U~1fP#}BAVglkdCPO7yW*6qRN+j%wu8c>Gt595sHr-+&$R@18O{T zQ8jH2+@8SHH^f0Nv!yt!>~W7}U&|j{eaLY~?U|VQ%>~};HdUm<=gbo!ULnmcF0X9U z;vr;g&6ieqMMP+lVhif;SgE|X=ik*CPMPMFG||*dLW32hsYj+tGz8 zyT5WRuPMzlaY;^KM+O4&8Y19u)tCOR{vFVs`Sra5vz74R`S#O6VLCSdOOyhPR(8kY zGqOxPROBL_H=>fcK3p^?T>0(TW&#RR5}w!K&Qd&+TFayrm-&19=~{ zZ+L3zB%#my(Aeu!Kal5zH#vOnG{kjFF`}CXt$5s;dv?bkV(fwh7l}|Dlg&=cr)W@u zFG`|G7QgCqk81xB-98Yk^ID6>6Ygd(^i^UyZ|(Lh7yV>Uw$FV0shj^V$y*zqdD8~3 zWO|VTHX_rX$c}F?hHiW%eBlZUu6{qYO(uh-`lDqEwo1FyF%${(?A3db-d7Ev`FS0^ zDGA4^WeIwU-oN?&GZ{lIU1{)tDl*#c0Ynx2R;a)0w^P>UCtWHu`jaOY3wr`|*OJxxLvwv^nS+`y+Z_4dq_r4)u%ef_B+OY%|}D zXkNfWedk!vzZ;<3! z*x<2{v!h(Br0*EO00^LJm?fu_j03VEG;MZTjbnKEcnjHiI6mT&MrSDDQ^`-v*By*A z#avK++$p%n0qR}V#}~Q1KadH9!5>A=M&R$)7fa%MtWRcXu5**K_A`l}b>5N+`T`HGWMv(~Mo41Z@SbMOLr)R2C`+IWZ`(V1TEqts zl#<3B4Dek^<++}%u`@EC%H`7p{IdT0ctr?2g#b|5FRO|JSiek zDT%*%PVCD6lPs}gId7x>LNCT&2Y&_!03lS$Y#Qad@D6Nl>Xf@F5Q3Ec)%MAM3NBef zD6kwO-c+}|x=@q;ZGQge(+}3bCnW~>csc(awfZ*~@wdM-KLC6cPODoMTJ$e`#*rI9 zawyRUJyTMG?zw*rnU<+a+$InZk-!p4757--2GL3kC7*qv=-Y3BQg_&mX1tl`0@aO; zvtwgojJ>YU@u$!FH)VZz z8*0hVo*x|x`i`J~z`UIrvp0ceakYp~Ob1p?vSZRxLNVwccsa!FjVzBW^!9UY#u$wb z#U(7@G^wJ_U^g(pGc`NAy^sDFar2>AsHpfO`#tx)Gf|2z?ewfOWx1KadDdT{a3Yz9 z?&d)YC`SD*!E#J85bmb(|GmU#D7x%IhvBT*RK>{x~F zb6(q~Tah>$(g*NU%Q|y zw7#L<(EC-xQ1xYo{Zg|NT^JCKD1CBtPqf}LYG@eV&%8oKM$sfi~ui?d=AUjVb-7fx+6FI;;Fr|Bte>jEk~c z+rA=7mm=MufD+Q(DIH3eG}7H53eqW^(xTMRF?0+)fRaPk(A`747x(k*yU=Tyw}YbG_7M1P!sFv(-O7Eo^~ex2Oe-aSNK zDJHJ8MMT+-&y3n�m;ih-_>S*AS1UKCOQQ&)@+DTw(#+(LH$Xn@nEEIAA^i;G#ME z+6ZR$4p5nSNG_zUC<=w5LEs9}xrg)ku9qWk6t+MlSoh{l-NaYNsQ7qJ(%?Nco=fsp z3m+n5J*02@v;g$Mtf@(eS4Nh?T9~p@UH;L3y?D3*?sQZSuc9oE|1awB-F|JQl%rx0 zkw+Wo=A-QhO=!Fib?@RLucs57k>X;WI9Ec1k80kB#Z>AVk3ATjUkj|RsBfn`Lu=>foNKR-{rxOOE~YYY8#hiT{1N1c!=z@U z-o%wrCJ_fD&^`86evA z_w`k5l{U3`d3k}Mcbd1KKYuZau+Fb?m8mKs-{2yp!xiE!Oigvf7Lj39jwR0{%UXSu zPU!AZC0AEBEns9p9wN-fHUbdSqw6PZ4`kbul9b62nVs4eGHJFjjg8N>VB^i3DlepF z4qIDh4gKn_GXV4)v`yX)W~l+XXdXYZC*%r;MCapMB>mzi#N8c6PI{iu&RH}o@bKsHnN>p@tjuOqMWpbXZgn_ z>D=@x`kOb`+)CmhEQHqdrj2XvBdBt zIRcbX_B)2t0KkacP0b|4$4>&TH#^M;|L`Lm03)V>I4bj-YTln>T@d`X6G~4}OL?=7 zVA)`4T5+PIZ&Z=vCpMt~A$A)fH5%`|h&S-Sn$H5x6do9&lrHxNlb`DwZMq}BT{zh? zs3nK}Vxr~1C_43^8*(=>z&Wo`l3fga)~`R;e7Y$Qv=5(mI%FpCvIfeorHo^t2}=+w*KJW z;dytt2IQuH0^*4atkL~@H_n0<)tgTzPK@PRn~8%`gnlUE$z|9ROH`e86q|JMxER4jpdDQNy`Qz?zxnp+J_@9DWVK0f}%l)a1n8zlRW zBc`cN$?O5(CcdhvXBMua;Wbm|SYrammYr1QJqP08Mo!yj0gsSBqtH?LOEC9Mloep^Zta~^3^to{39oQ2 z>&bUEOfm5dO*q3d7TS{#&UQ|b+v7Fntd(=&dj>px8I>=h^H-dmF_=VJdg=-sIHLet z+~XB{O^e1ei11X>KZxT^@5J!~h@ZdytKuU`)hD&_`2xdc>}P_8uCBG2dV#L4H)-GR z?z+|-Ol-qP$uBY`b{X@6QzBNT+Z1Rk1~_yH#u+mJ>;#Y9%%_`Rp~(K7?Qr&Rv%D{7 zi0-Fd_`~r!C@UKA`Po+-U97c7!Qv@d&gA3YRgX)hmXfzH3Te4!fcuGEfI(U4(ei@l z1z+@gU{5Ji#gyh||6y5s){e+&RW(Ca@(uiR1*ONHQ31CtFMwSIElnZd&S@I`1R_ z1_}uK5PlWR-KJK*(QP_{m}AHPcFX^}&5oopTiu@>TG;_YPFsKNdf-7KxtRbXA6R>dC^hWCH15|+IDam zA81x~n^<^gB$ovQ?sz{Ct&!YwTT!>iuGZ<$cOIUVzex5R}NiUettp6h8g9)F@&}@3TAnZ%U z5Uf^H$FqymhkngNybf!_rKY=EN4Xom`dswNZCNZFJG|o&Hqhf=6brNE{?IPjKQwgk zhkuo=ivv2iBG3~2Pr;2M)lXC76pGu(ZSUe=&jN5VT7~ma<6>r}bn1KUZnl|$GUmU9 z$U9p{Ei0G9DA~{clUv~-;cM@Z>vQ|>GUb`e+nB6sXcV1r`G|x|?kM}8n!u_&E3Xl^ z*EqU0+l<9cjpyadUc_;(7aXsd=mkivPqA|`?J!q%sh&2RB&NiMj@I~QhA>H@!No!< z8!o-#EtH(u23-9xjxh8?s;jCmNeY`LMbHj;@K&?6r5i|ld)F=FKYaz~9~(bSfnD&) z3r35s7l;ef)6<(YE%LKoq@#w;1e%&T;`MKJYwOAc=jZ2LT4XK=ZYNmgqF#MK<_$il zdibr*V2*g6%r9$FYfUhI*v!)@ktF(*?oEGAB^hVGP~|&5Gd5i%C1JJZA`SJ*-xE(V z`K+6(Yq+O&^Moz#%uG%eO~!pW;|fO<&g zzw064vtC=8kvMw3Z~=cS4iz*LXl7>ZwR=08e_O-7+lKx-a{0^8_jB4-#7oiagp}A1 ztYvSn8~a%XQBu2212&h{d>D!Q2o>A56b5Byr?fO$IOJZHx0oP8+j zxWFn&^K-M+OdZoKpwr#1w_F9TvSDfp;ZmortfOGnRrPy_d>FE7qDwV-F7T)#S-HW< zXPX|ys%PQo3Jf^iL(e%tb)68rhQxvEGG|ECqT@%JeK9l@@K-w47VK=bVX>_E8nN8E z6TV<8h)Eq#4}2L7@T}db2V8yC)#<5-1t;L{{{CfLJY45Gts|2-#FUcb6A*Xr#-rKxsRBnLZYO3*r)r_20+?O`p@1No`!M^9mnr{Qx-9M7L&)E z!MpLjQe9HDN6m&UgNXC=8LGD5&_uRVwJJ*)gHL@1L>(Q4v70(Q4OY*pTYjx#*1vp? zqdUxchIMH|d4(2gwo7;!kp*y5V(A>#)0YuOyBvH2T&4AMdw~9wYAkcp+WIUT>>0C5 z-sK+5%)2HVr4PS%%l(yQ^6~@OCnforSnmC#+$8lu5VP6d>(`poxN?*1v!t>!608wL zhJFM+(-Htk#wOVB22pdAESmYar9N_Jb`FK+yj7U#<}iS3 zRBc+|{THeVGr--uXQ?Mb)Z!jr<$oR!37RBjH2IANeNP9pA4|{QKYvX+;3us8_<@H*oJqcmWb@y~ z-H@(5!&@GHettSH#sD0vgM$NZPR`@fEo4fk9uzOq_`b2}4ocKqY=XajlY0vcIP^Zb zTlq&kZzb+onFZu#iN+sf4eGuwX{?2)#l=y11T()}YyHWg@R);KkWz~}iBtqY%C zbehb6&pV#9-|fGiD>^v(@x$_0QOQA|ld9N5wchOOj_B1b0K-rEH67d3aky~rOeV%l z%>RYjanL^YwRiy|**>sh(&{Pq%|#Tqw9J<_u5qx8+}Xa#D=WJbcRP1? zcVD_SE0H9bqRGBIqiGvBI^^hMpU3f4*cy7Nf zV0cS{l4t>;@`}epHUObI1C$1)0etWH?Ck0hJ@1WZ3oij2b%jL)M}#Ne&dn`zb?y1& zsck~Cw*+^#N1R!ng*Y;fmi{cu?ah8NfGw35ADx4I@|>ReV+j~>CMG0U*VlV)Pn$XV z8)ogyXxpk64ps;eX-Y^iQ#i@)FZvw~rm2diWW zVGrAkOh^OG+rd6NpPZh4?Y@%lZ&G{3U{`4o3cD+u07&`+hccH3$C5aHTgE%I|x#ep`L`hlv27|wg~!V zoy8ietoQ;RpwoGy=&zZ`?Dh3Cxb0?m0f6&YP{g?ep=V4dS)W13B3{Hd$dM1=^O=|) zXYT85WL?@Y{_54s#w-11pOiD_ zrBM3Ds|H~DQt*B6)87CMj)0U9&Ny#4?@KRCDKDNQ(pMrZ3syF`e4EB*Qm`}EWZhD? zB}L-IV!B^Fp@*ZIXbUvDPyYb;0{ryl^JT)EdHg%X`wkvmP~+J)$lm{2H?zPd*wSye z-l8d41*R|pcVVtdA91zsPK zWMHiNZIA~A$ScpGksk)w4-y^m&cXF{bt}W?B=d&1Mhw&a?Tt&G;7GlDZ(lQ$?jzXw zW*+kOmqSrwiC4JDuxMLaYHEPVenv>71W8>Rx4i+}w>&E^&lI2;yF5(K%=|!3zSCSL zxewwE<}$y3vpmE*zrF*PT}M;}-&>`S);((6S1A}5n+Pmw*B(uVlnA;PzoX+jZqnY$ z(h*27(^+eOtZxRjm4cT(3Lv(fL6q_viIZ^QGkO-ol=3_WfJ+lsQd~TvBy{5P8e(r} z61wqSm6NBoW>VWCGl=~+VLc`wU?s}21!Hi$jA9il+ALBp)b{nwP|RZMC~dx+zP3_| ziWOnv@df;BX?+DzDoW@2RHrY0{wf6l6Ii26bfsS^H_t%gRIgrj?{WREx_BIPlRBE^ zln`oP@DX5mloWv|&Ui`UYG>efIv@Gz9AdGIY^@XBSu!}M4v#QOp3x-W(7aQ~?1qzo zSDbWox^JEi=f`y3W;Go>82`iXgsWbFFdmnHqzD|dzI@0q!BzjFhPV3J^R(kr^ObpC^Xtk3tN>YTJDzd06<` zPIqTb_8L#+5M5XzwHdPgdN>yii}e=z#n&5|jXTjTEgfBCzvXYCXDt@<*EjA$B*|8G z+6?wna}{R&LVX9$hUXE!@Wy#@7mHdM>Oxxf3n(zm=RWIO2)vu5BPl{L{+_4X-S9io z!dy4Atag+0nbI9ReS1j2-@egp_jp~Ulw2<+3nxHmp(66Lu9+9!!qsxaP^8BK6&p2x zFaE~N@fs5Jn$`)(plzYMx0!!?dHG_@oHxiBRTu4xyEX&Cp7-d zN1-l!jP`?bTIB6S?WEb<-pGY_H;l(OVBz*Ps@gxWN(tV7AW1fjIlgFXZ426ganoGZ z4n8fP<65f(-V^7gKDVJlWmu-O6feixfWn)Out@|)Ns+4 zR3C<+_cUvut`j90UxdUdwAK+>4d8g>yXAV<_q|tWxWn?HwJ7b1cI38lH?S_zkk@OE}Y_jnp#w-9$)RRI$qI@7$=6 zIDrdI6~7#>&cNBO`r5Bpm`ln(2&T7&7}Y2;_P1Y)r77%?HSma!bbg8HikQq0u+Nsk z;o#!@&Br0`akgvAnrwJ27(nmVu4-t&kNDEmF= zK>7X;hBA0EqIj)%?r&Yi??qy7PLRJ+H8E(V91=U$EjwZ0RUCsE0(kTBt+%!v(7H2n zd0FsOqZKLzKe>7n4j2Mn3T5R-(8gB3vow+E6aXlHE!#*+Nok>-qCKY(^Et)JhY^aT z3eimDmULoQw14|HRKI+e%zNVfgh#4=fvZ8~CY`{C4X5JhhS}1F!<}cbZP)8*K^xA$ zsr&o-`+!p9Ga;Ib**);gG>DrC8h!ov^AOH(t(D9t=NRiXH-+LhQi~E<(jiOO=k^p2 zhwo#%jeBR4<14Z7%t4@Ww>9KBu)gpm8HFzdX?NSE7FqC3xltQhG9@TGn5w&rwXIwj zK7a|>^6~Y$rQv4xSC{ieHw88oQknmGGjXu$)efNJx!s4vi{HKXp+B3`<4;R za5g4PubuQXEq2f6hcVhXWhPr?=WjWV2I4{5O^*k*PRzSnvg=|t9gj$}=T7whzSEJ= z7?608Sbr+Lz4uu`swly@s#)r4-U^*d273MYqQqolS>GsL8&R;UU%dwF3!7It&wu~^ zt*?M3?&OFCjFyRcpT`DoV-XtI7~Vo}4;f|%Wb3=TrRSmXP@;|To`gZ#b*?`Oi#|ja2HO( zB?8^$opYa4m$0kzpB=l@Q|03i_4U=bS~R!Cu@y3gGrqs*TV`;a;IF9E@$=7Kt(>GFftTb-gB4}r_ z?(Rv<1{E{3pHkeeI>!nxn;*$C?;Mht7*=_tV3-%Umd-Z*p2smJ%g?WjA>hZ^7*W?Z zb)Ge9E_|?tAewRJ&DIPoB>8*p>v4@2^T6*~|5>E${k6dhPzhZA%;yZM*?pt|kURas zX-Uu!sx4NsL9rnysZ}d1M;5j_M+2wB7);zY?+AGO@X}Nu^KNn3scF zkTdOX)N*~8#4|Zle}p$Sx#yIGl)?zSOIh~z^~bg>N%f^xRCUeQv$qvWvdd;6r$Q=C zl#F>YLar>qPQMj-s2bd>WlY&4U0#l#nq9&bb<3Z;xh(pTytjTe zHZ$Ru#Dn!L+;LTx6?SF<*7pkvyvj7yo1k!p34%2}q4Ji#?qN!G9-QS5!F0e;V^wm;`{;Up+V;T9(ZXfw!g|}*t@@{#5CUktcR(AW=6ujiyXKa`c$M3 z*bn!EMJ}65gdMpgwbRRf_n*iSi}i}nOKwOxB36DY)4bxvj*ZIZ9Ew-fL-BwNk-N=H z;Ap*ydY!4gvJ{S}*_*LD6ZU9%AD>uXM@m5<_H&I>c7_E8Hmj`d_pZEXvHk1&6L#begze;p5(jaufS)_FU<+; zmW7At`=$Y1zDV~(VK*p31x_+1_|*#N#-w$xvX9r6mK~s=U|SPz3_B)A2lzTNVPRE= z5U?B{Ls_y%SP__OWM*uSPuAB%-fL4aGGJ zt@eb}Iw~%vgfIcyF#I>i%TDcK6sbvZ$!EbBZ%zkKCwXX-E>d=wMTJOeM9-WW z3~q^pI~dp`{zBt7y@=0HG1#}%QJMeFVsHacX#q{v2f}xS_tE5KTo2L5i(cXDO2{$_ z)dwOUuasQ=-52q%UosXLk>))t0}ZL%JN#%;KbhJ~8X9EW$LjoV)vi^Z4!4i_)(E+f2zX$RYIPi1ZtEM^IRh#f8Txo{FMbWJQeiyq##94v~~H7m&j z2oJw7ce4dKyWpHtaZPk>q{$cti1IOFnesPiT41_4IhiQDJKcy?W~uWiqHTgoqGV^^t)21*s=a`Z0PI2@0alFjb7kEaQF;rzR}=iJBwG*zP&o11 zH8k(-SwPrtOno>F%tr2}^SQNM5Kaycmt$dLYdJZw3vEmCp(5~67VE7iSYW!<6QgRs z4d^@=D;Rz?G&btLf=IkXae6&T$mx*>jsFUu&tl5hG-9$u{FuDDd0)zN)Ns^Ce&5M$ zQYwWyhoOI)oPn}oVq(^Z>e@bkVb*=*GNnlA7Z38n zFycT32@A5@^jZp7a$L>u7WCSJEz`es57ub&-jtTIP~u4KuN+}*?#FjPy^RIt0;5+g zVN=}D+{Qwfc3wdN#mn~I7`3`zWzeVJp0e35`7qh+o#-%}c(G-iE*1 zfeY2Z>vS~@(uCfBuz1KsU2j7*1uJ{zd{@T^2nqL=I4BRRo11sv5KHrQU0N#%ca9)i9T$pm+GO{pA=2A~C;T96ITO zGxSvR`m7=L*;FUZEG%fz`6-OSvj|k+f%eJu7dJJ{0*OA=0BaRIYu;#(c`y+$l>#$t zMB(H0vz2E=0LGwNcGlKM&7Rl+=gXk@d?ps8wsfbMhD1mOvLO8#p5B+yIJG+m_#Vo` zhQ$-`b@>fg%tv6_Z5Mv7_1SIGU)MV=pRVwZXzNH(;`YFqT7(C>1!88;!_Rup*5A<3 zSd2rH3~72Av~#5Qr5(!DjAhTqdM^B9`J^Mz^ZYb)dH*Ff^#>o}uhZC@AZ!eXf3cgV zZ_g_po_T)$X}uUoch{wbu*wK5Jea0?sBhS3PTOdaW$L-%>tDgPC_5T zmPNA0gKpB|>guk!!?p13%`-!j+x5{spQp_zf6QIm1-v+P?xyS?r5YHKA>!fQ?K z*K{O7oMy%*>bV%Jypj@X?OjU=;&Ha8Cnrj>zk3%LZoRy{OUhbsb^h1Sjb;Yr_z&{k>jHdc}@CM23_16B3R$VlVIK|r%A=Z*P6C5T?_{w~+ z<7BXAu9>0?upSTEIp_0i>|nJcJaWdwA;iSN(fI(7w?!W~Q{?C8!`g%7ONj86oZ-wB zIXP;i-DFFTFe~9qtwL3;eSH=ZanQ=+stB|Z0sot)uV1H`kwFJ?o>q-*EiWC=@&+$} z#dCkV|Lsx>kfr^Ox**$_!%undGY>4(VQ1A%wJ4COnOVK5j`uV%Mc3N{i1v>CQX~aq9X~(iSSmC>K3FB#~LyZfp#txZ>yN+EAwT#>NH< zIb%PAGU1Tn`p(R4t1ovL2wyZ$Rjy+8@uVgeTO%dJ8Ec6^ws$67PhcnhH+X1QsPWpl zjwr9y#MI#}KqwH{RtTXapxOse-$23v~tOHdS)UW%uP(# zLv1{|b3GY%P^g(SSqwL9?dKY%q&Qxjr_EmxNLoctv-&w^l<2zGWcUtw*4P^+?95eS zjMhU~yth`l-FF3(y5GL-WzltH7mmL9X>a*uo1ra5oVb*jvEbXa5Alb7&!ix0-VhLw ztY+U5!3XOz!s1ucDKl^<@yGZ=v?$u^-CbQj$){H?PF7SpQMZ|Znr3U&8=U+N46@H) zv$K42c5xU}oISe2f)2xFirl60%ycdyoqJC6Ew23-+|K5qgROu!O|GH(X-iV^um;U& z=#icWfzFGF7q;mo6+tEL>0_>_rl|ch!O; zM~JbKVaN+W$mHPo;;VkAZ}bWOtZ=iO;qS2MHORGBNuTA@-h3PcohH0po!{m}g_GKy z15c%fXv}j~`8LaU&DpRDzyUiO+eC}p{P4Ynh*bS5ts5QULkP|fIf|V8@oHSHNz*4l zp-EG1kBp2w&HPm=Won)+bHr}Tk!x!YKJX$Hm4uH0rl?RML`3wW{O#p)$)QYsiuW_{ zxc!b0qg6JA4?ahOJldo=af~{QC5#`TEeqm=VF`#=JI+}*79q_v7S3#e=Yu@AqYOce zabHdhOsJs(4up2x@t%sWEtZ3SpRw;Q=x<)1%`%K-fhI83wUbgyQ!bF2pG z=_!2T_K#itGLPFVj{oN2Rod-|tFpOc1TFUN!M9d@! zTkLsGj3uI@dH0vJe0GScjwCfK2MFeqt3q(dmFJNovob_yM1WfHXyoP11_>rxvI6Uo zD{@XX{zz4PllR%S3$Y-|NR?~#Sa$sHO1Q)*_ID_k zvbz@;1c;deT>IdwvY*pC;%RtbF!x(rPzkf5AAmknklY+PTxKv4nAQbo4&1+fB%2h4 z9Ol0(l`-XkbHj~s@>rzoXeAv)XrP`u0=U|PmIl&|N7+b7izG19xw-KrTXp_#x5EoD zgUNtQx}Mw@1kBK!c36)L4}aN;UC1(gDNX+Ozqq~u?YZ)0`KPRaEqg|5#5erGV|+ADOtoGG`q z$M*XSlai7VY7Lp^RGj=o0j%U%O7J9 zOiSQgPx+lS!tf5#t?9+QI8Gc@M2McP@-OB#8Yqm+9yHER zEAm_;J#{E(BCSY>OE*bD(Vz#!S44P&!0dRHA$s@CQ9vm2sbxvn8(KG zs@o-_g=k`d$Hxsotm}WrqOZXPCo&1QX%uT&z0jICKZW^6f^ND0Jn6i7Vei8+UN+d_ z1r-5_%()g0c5r#Ijv9ZX?+5h5;U}r{miAu1^WC17zQ@Q(NkO_|PHG-h_q)BEs6BTj zd(@9z{P=o;-^eL1-RzHz>^jBqpPq=gdgEBBJCBXWQ}J4oEm63aBwI%~De2ZuN+G55NPo|V@xt;K zd(3HBkdq$=^{svk$x{Rq56xHjAQ0gTTrt8NZ^i}B7Bh)*LO>7wg1*=V)bAa7#KOfq zIDwTZU{6hVq$dJbEe;*5AyOO^_5_FBD_q=Vs-mV(RsN}p1Rg>~HlO6!QHqG9iLv?| z9v%kzYL#j$A-8BK#y|dN+@k?*Df`omo+^XQltule|8WOpHNK?up)+;PNB8YX^IzqO z+h#F^Q?jr|XE^q+(wXpu9)_f!^wft5?B7&d+^;W$2_vo_UArBI(g%%0rH}!NV^%cP zwNnKKC}+tSR({}_=QxxR5=9o2UJzjt4==+7=>+{4QCH#{%=KclCuUX<>t$zW-(*h^ zPl$_Jx|nEb8srvfX&a{!azYywv7m{IM=&lhbbm2<^~#)@y|T>?d?DRG*as@i^h9^% zD9H=K%h#(U*xrvc$*0O2UcGEX#Ihj5Zx76L8=MmQHROa#1IS3AAu{;4H>dNHW4L8z zvX6aV(Zn-yX8GUny$%e?!^A{~Su9T0*i4zWv|X^jKQxwn1Wo0F+0|`$<(0F1@wgF4 z%G8Taw5l=`MP_|*u$t5|+jYnR6|_}k9@NlMSs0CtOR`nF;b>1eOi>*~obFVX`NK(1 z+4R0t4)LR?_Pw^@D%A$wh3h9XUU;DceC;N`9cCdGs&8hJuKJF`qm|3e^VWx?y!I9H zs+A-pnQ{YAo=|Bv8Vimc{(LrJJl82;FQ@Z!ltPecIJ}HWk94T$I)o@HGO|`lR!4f% z%lFTg=n6Lk78wGY89@?(j*pv{XW72i$lP86;v$y4ue&V8)RCUDz5T31SbnPAkj_qO zq&f%z(~3}xkuLT3Z+Luz!aTM<<68%ltNog^LM|Zr?F@n1OP|$-;VwYe^!elqV`U0K zDjX_|-GXtT`VZ}`oI4!-pVdFT{}DUg4Om!9d}@Ck6KoD*DND{tJd85L|G`w8gnU5w ziZgZc$q3iylTVCY3|!jD6ubmh{)~o0r^ES_psVkW6hOeB!3X#Qk5jJcQlM75hE zMmQxlUf4~!i1gCp87(&>GZt~lMPGFQqxqC@>S0`b{Q6GBqNyIz@{A`7lio8Ae0V$R zyF>|a&*JxREoo$q9hcXm*UhVuNjf-mb8fPB(#sWot#Q5;_NBoJ*_W{`x8Hq_wr&?q zvLDQ$h7R&a2(MjsZs3CSYCT2(G45tjp|17oA=22U3*1)IemBOTN1?q3s#TRLyv`y) zOScyb!L}pqU2aezcSLpHpgx@am^#ni{QBz3M_@6~>@><9{H&-s__`sLTJ5ynB7F*w zLS;u6WC9I+oaga@I)#pCMedX+w{^>@QzlxPcjg7iS1O&S#v3$#LoOC*Odq%wQsR%fkqmOPqsbv;oUco?Ry2Ddlrljn z>SCp49QU3&th%&xT%F4QI&HqIq0AGviI|0u(r^1iGoHPopub?iWl;U;!L~ck+SlFl-4Cq0FFcd>=q5u+%;Yz02ARrPcpfFIx6hEqu=*? zFvKMT;5-+)`rQN(Ziiwi!}N+Tt~Bc>NU8+9uuu0paJ+t6mwuS}++$t}OrsmXsDt2xDO)DA@UkliPmHm5 zrlCNM2w>4fn2HstRY^>fqLzj?v)93=#x(D}mxXIP9m24vMws77{e7ZTs4JhY?8r&- z+>JKjsOfBed5ep~*n|60_v`ux^fmn-^T9t1!#t#4I+N>BD33Hfo8V#PnJ9Yj>Iqq2xDeiKxp@W@cfjyqPn2&5*vK z+NoO$e&eXfH^C=vU_wyC@#*NJl~q-}mVffZ42(SM5!gN_ml$h)53(=zNl8|(z~0<+ zFW@?X#TT#!8j=1+DdIikBjE78@2exuD*U-e*alwDTHKNoX&+^kFXB|o^MVXM78E}b z8cH22@(G1r{Or}+ANNkPzlJL$X@JtMEchos{rwb04k<=I+#Cwp!TqKed^X>F$VK=? zp$yUGe^Kkm2)JRHanj`*eEb+zP5s`k@7ybIN?ZFB2J^SI_w6@}si*g-dKJX-cy+g_ z(PzG1t3S#5_SA&@j|`=MC+#OjB_0U{^X#$`-C8Zem5(1kzM|9SP=lY+ey*9YYuq6) zEIZ5lHg1Hqpb>2VFxRdwH5$*Ccp3!r@%=W7PGW3&PxF<1=T^xclS|F`^;m_qa2G4f zgCNc`A@Pv28SmOIiIrKDlwQmC=pPFd&0Stkd@$=Xl3q~5!YD7d^ha&(W5aK##3hy!hykdKy6sm34OY>W6?iA$=@xKf+FQI|g=VI=| zEsJptE?hAeu~ss`_-dYjd#-Rai26r2#^4ew=Iob7X}eA>`DyE;vux-Sk+Q-}zfm_@ z9k+}27nZf{v`x1T^FnS-XjqWFc=BonhnZMx#g*^b)ZM=mzI`RsP)`Ff31AT ziA57G_VkG4&&1dQI9UHH2eVsw4eP}As@4>X*>2x^YdvJ3 zilNeYP4Qyz%xCh`#`h@-+AzN6m3aK5c5U1iASz(V4#qv`j~@a@qf=+~Ry;>avqn7v zzXAyJd;^B%oxk1peoa4m8}V*d)^iZ_=40~mvYy7@Te~3&NUGPZMURZwj+Dn1knIj?g_!9;s#_FhdnI21y(MW@B4Nb)|AZbR}Lp~|c7#dz; zm}Z|u0hL`a=2ppd1x)!w=9?Di zM(D=Pdw|m=ca`pgqPK0e2lW;^%UM@UYIs>2jNc*B5b!NPB*`rkEM`l$wQpGQ(FI-7 zCDrns54dVGDtO*}iLr^eG+kl)O|AaZiR?NgW>u$6NXsJ88iT{k0j0Z>UoeU$d719Z z^d*0EXa3||g?FKT9iY#EKiBjUG0CLh?S8x-?SDx7>+7csZQe&)E2ltZRFFT>mh1Z0zy?H0f zP#16d)cVW2ZUuM!Ph3fiA7!X~7`xMS)0iJw1*gQNZDjJD<`8oTwWq>4A3=_E$Xa=c z>-$~fbaAzH_1>+hrA#D~@p2o?bM`0+bGEiuXFY^OTV$Eay(Gg)X;KRsP25Q0Gt_4I z%=nHNPl&hE)iYN=QLV26`NYE@q9zgrB`OpT9ACDAA8Gj^Di*IJU1Ehq$07x9|G-G- z(>3)X=^P8p{P>_)TlOM?ufarMG{yVF3L8z#2t7T~mZKfV35OJmqeH19ONC)n@QzdF zLE95_>+yVC;gFq1H`^mi3wxZMqXb*357j$UxE(f;8_ax7IS1`PUh*>v=QERW-em9`1Mta+`%*Wz)%AiTs&%aGONfBq7 z&E=pCu_Ypv{IF>nHW+=qEaJ%z-}5=sWeM`Mp_=BU$ZQGcJC+CyVF5dkwtT+frSNkU zTr|O&t7INuh3}s&niwzRy9u7DY%avqtvYVM=8d{m32~?Da~&$?J7p=(mLIupoSy|? zZMBUq!b@J|bHd|wUGYG52afW7vf}Ozmfb)vy{)uIftLLr{R+NB-{*a^eSMNp-=xw|FFa;mb zi@_5C0YV>EpdeBhRaPHOD`^dkHJlT1Ld|^H&MQq{c_vyv8pf z{ungPj)M17L3yx-;oU`F1JlhMgkT5q#P&#`K050WTmJ-Z04;`44dl3arGr83v~9T~ zh<)q3w!?SiGv#MY9)88jXr#}cJ*_ZJ52?1@iZ#C!m`5b`8&w$Lb3!>{25lG_R@&Gc zD4_vnmRDZLc%?IxJvtg_rq`WB4iwuE2w(&q_h)g&z(t=*=F5%vCJ&Kn2nWn7zkh}M z3skUW;dvd`!5=dLv1{7uUT%*Y)2T_Vy^3_qXpNVbk_n+_KghsYGlajTIgFEG z{}jch-RU|E4Kp(S^N@jfLV+>hVV(dsvU;5?7A0~m$|$#wKt3hL83>ssd{2Ts7AB6s z4i(=O0`IOs10*q~v4l~|+T18)0(u$7dV@9!iQ9U6R`xH82}xkoe8dp~9%dO5kia1} zAH#ERdkmU*e=UzpG~Bvx7{p&G32!nXZ)VwloPS_>u9{U;@$Kn1y&RN@uSMzgB3B+! zTtxQeLPpQit;>Zxuuf4RkFz9}v8DQygoD2ib+QpbV&#S*v8PQsu&7$-atUF?k;mpY zjNkf{%KG+a!+$Uu&}=j522%W{e<@A-O^RLK??&JC6>;(IfG|t!n{@Yr{Dl)SqY4GV z=^t8qCt3`%NPHy1!g3#?_+koo^;^uRf;5ouC%~BHN!gzhoBbR`=wI z+JB9#$*&u{|9|ZiQz8BS_F#3&h0wAr2%MRzshj%`voir3ilX7S3VU0HBljki{tEd1 z9s=Hdr4{+1)C1-3!=(43K->V$&#i`Xdjs3hY_5-np>uz}-dp?s{9B^Dzyat$;>CI& z53|pXM%L-5NI*baerPzf%%~v1A5`**C&W$h=|z{oV7gQ=HU}$#OeM>gqSp& z9H9QxKkYZ1HGTW`Eo&GO_S=##lN9_<2h&=}ZwK76n*~QbJUn`gO_rHnd4ZoAXr{!A&w$__a1D`FVlTc8U*VUcx53*idPfq^m>g-e+P~~o|K_C#rZe+V@ zMD`q$-4lRVVMYMWAlf+z@0gah!yp<~pLL@3QZynl|FcB%a?}*R_%6i)0 zmQqv_kkdu|=r8(qFCGghdWri~{XOF6wj$7ySQEPuKJ1}Q%t$b^R_5!vIfn@7^9J>6 zg#9`i5|~%g@r@JOUw8zRkx*l~mQIXKOl;%h&{Y%TH9GM1P;!|FoUBdt3_#4|g$(lY z@|9we_?3!wh5KP^et%XiYGgJB+I{iOT}&OfEqnyFkYRTo^)#FU}0ljXbF8L+-T#5mN7Bon>FI> z{iQ_>TOcq43g)W|mb=ab`g*`nYb{WLxfGJ1*3;l7#S!nEzPV1&PQmwd_lc%0aNkO&(DEw>LE7v|BVyFOgk0Ly$zi93sJ$J`- z%H45&)Ua9n?-S(i4@PomZw8riolFE>ZNV~Y>|TyLhwnqU$&{@y9+EwN*u66%JEhPj zP2KH;`?<8XWunvvl5p3V%xmAN4W{%Q9v3;uYl8o@W@6?V^z)jHwq5)zl>#sYpvhq;2zn;(a|4r>()^fw&xc)iZ7U%w)K4}BcOQBrgIAjj&P z%@aum^;p1IR$K8zSOl80#159$ezitY%SO)emKIeG zT2J>8afGnC+9()D8qN7eLsQf9=i$1$|dna+mn&ek0e|9M-J@M~O$g~G$~2W3t1 zfX%O;(~+E8F#RVS)5#<45jue6+G9xwDt|P~8rgiWuLQg;qMdj|{_%WEL-O?h&fos$ z>U|T0%+Sp+AEQ9{7!TY`z?k!fI!H!ZTB1x=u^;+Kc8cs(wyPKMb3MSI+`i?CyvA;J zYJ6nm!&Ho^rsxy+>Y5HEjn`dWXGj3PGXGX3wEkF(u;rcIf1<{FOLjw11%)b_7mnHw$v>4sdtqPHjOhdU;IWn zICjW~jiy&UHmZK`@DRNiY#asU2vhHyDIId_my*0tklbNsZz4kC!yBoy;i08{cKz<0 z7ag}(X#@5JRd49_U5IgkaRKt02Ql$LgJR@K9nTZNC3hE>$+!`o)i=-=Jhj98Bb0k= zHG@5CfIL@rnTfF57x&M0+OqNGQE91CQm4>tw)0#0{!iPx)gMAu@&BOB@`OFeZ069v zm(2Vn`7?Q@g1is9uq?ZOOSHZg{S=p|lw7tLbjX9hqh$&3GCsK~=>k@(nH8QPNWv(p z4TSn0Am0namIc)|0Gp16Eo6x!eE#YBGSRSsER)MRO6YQu)(tk;QsoMWUSgA4>K5T{ z6OYcOi0S_iWnUTBWdFAfh|&xcL8L(mX^`$lX;7q7n$a-2y9Nd!rJyL?qgxn_faK^@ zYIJSDbMlY-zP+yN>-958KIk{_1;tk0`5=LN5{HwmGqLmzAHBz!d-&;5d)*_|ex# z8#)?Ncq1v>2yJcca;`nwv%RChhj%}I|GK>`E$Wglo7iomI0;y&*9FhDI+v;Ft3fyL;Le@&q8TPK>TKndhKR zp|u2;1)afrMFbI)Y`=WzzwPmVAdHWqWdqXq>p%@<{1pn2K;c? z?;qaj2&z!kPmuCn$3n>7^&u>ar(S;$24<)q5QrU&;HC3g{4hfu_P0_5Xms8C(F&w! zUu5%)ds$MEhgr5o+ib*I%S{VogCT(PRIA+BV@Y9N z_vM-i)cUmw0_I$$5IwuIyZG?|3xihZ^$|(x_0`oK zv2lF?v|jXYQr$y-=kO;nr@u*a=Xw__ey55wC@D6xAT!<9$J=%)&zYaUQeq}$G^HSw zO$wGSN}+Ynn@47MyAi(TLeapwh# z?7qfbQ;m1V^?XbJb(#XT?^)@J;PFkfOi08_$U^zhxvE*f=o%K1@TpefWAMKi<~)cy zE&T`O4B&~)_L1ole+&KR-NnZxger0H)fDRk@KyxR3*;F^l#JGROm%g!hK#D6!nCg8 zs}+j`?cF}eW!B{ts8#N%HBByWEdmW})YUo~wSZBUpt*C?>fnTtVVoB!5#FcN?38tc z9F{14E@v;yDX@K_RHQ3nHpu^&-D|iR67`xNdwLD&{q^+x*ctuxavus|^gMDjbU%3L z7YG-maB)kwHUh}UqoGtUiPtlr<#c~V2CKUuyb$-+vD>KM3MJLc*I5R<)&@6`?loeS*F~vQ(+T~{$={Sprs|y z?`TBn#!|XkED$2ZNcUDE^q>WWtT;7B1+ufUmOD#Nm6`;+xnUF;qfW2Qh9ysnvpgs2 z0XhJMPY{{mJFj<+3eo79UD63{`teodf#%XzM0 zoP0R@-Wy9ob=~v{Y~k9vL}#Ii4l55I0c{?Xzg*wi)s+c5dk#1v8hc3gGnj%_d9j7w zK!}(vMNDjl!A#8YWc%ENTS8)NOb*9Q1RDn=EKLrV6$B9;=}XBwJ$sg3Mv)n#ylA3q z<}9@S!+jDxiM?++)CSPEIZh`4u}`0;ixqPK6Wj z+&N(g5P%kyhy_>wA^@)y3e*LqX*baAJiTZhpPIr*H`=bu_+3IZLO#i=9<34XomiW) z&K&eW79^^=#a7z>*GjOB7qFM6y9f39!&C_%XlF>X672xmnVn%kUk(Baz zhG2$e*Y8_FGaoa*M1v#4XPT_u4sv8Jv3(>sINT}q+pYAKKj$*2>xme@V96^e z=mF4g939aqKHO}|R$5m?4;SZr-FJUPUI(1quLrYBF9JecR#-SvIn-eZ}VT3 z3SfJkhsMOjHy)B2Qkux~2Zs<^Z`wN9d}=Cj{&sxqcb=V_vLhfQR3~k4-JO2Ss4eaNBuN_+4g>K0peGJputKPk{KbtOam)8 zX;pm4sUaO5UH2}-C%Cd76gW@T{?-Vd%sk{V^3py5?5nlk`;@hv z8h>-2zsp6Hrwp2BOe=S8VCdfVg&*E6(%TUr^O|b`Cqk=P1`l@VdEgU{TzPQb)p2s3 zo!py&v^lkEi@~J;moqxSVS7B&oGMn9YWT zVuB#`^^zxRwd{f5qaUHZj$yJKO-|m8?Yv8fBS}6yY>TJDjlDV0noDI*7H0wg*pu;V z-%5rZhTO@yPJ%D3DSJYz6X4Wf)W}JN)IU~e=QkI1{cwx$4*<+;6PMn_)#EAIh_Gi? zAq#0*Aokgh?=MmccAcLLs|EbAr~IqlrdF4RUegZA<^1u#{RtlZ@hh_#z*sLEma2a1 z|HAlx5t#q+Hl*`rz5M_CiXRW##!g1<{)|-IyI>-rp|R4^3OW}V3&VjsIua7x`G-C9 z-@9s4E^voTwKDBh{}`@Uf_T*8-ai0%rKGlY^5KUJ4oR+|Ws4O@7u!7^dMzz2K|Vf< z+vn#gnePbk#A7eDqQ=wFAple6`_!*r-zsueI7dcC0s$|zG&;W~ctJL9lMz;C5w}$$ zZAs3a*O?^i5;)3vnQ!2YrczP%Kj95+EV62vtSntET_+oW zU=SG<<>=x9$nJbP2_C<6G%5yE^!+Dv!e({_1xam|D=%3ga+Pt%SnUG%&t@klZT9i@ z$*Jyb<@Q@q6f(|x=bj5I+dQ`j)Vd-zCq%IqG2~j76o1BsS8U1z5zP?OP#;k>sXzT4 zaNDyJ?(r>hKBkQUE7LENyFF8+dgE-tJaVRIuUtyA-PU)W4#30G#&}x>HzYq;ntt+w zv%sXb+b(9ML`9d&w%;SXgATIe+b<6%<9E)6Wd;5ikN+A-CMtjpLD}Pg<3EkUNu`6` z3ch}Y;}hU-Zx)qR0N$#&MOyuUEnatbYt~kV*48PBMn&p#OZjSFz~ z(fS;jQ<#b;ddh*J=dh0pNe>8~Et*lw7~e7PHmBxFp9j`|TTNXWprm?Hh~lJ@tfh>Nuw)>y3vXL-0(r_|~@L>G_aI zMpjnb=`C-PTndop_X;^n(~9Uy&~03$X_DL>kusm4N6Xn3qF$1W?IQh_hX({DUmFn% z?$l5IP~ZHkiceMn)?T-=lA%8baDK2ftM+L`7GlR#@>rxNpVzPRwhcn8w61R+NW3^% zXP>u@NP4A;r&jZjK;&hO!&e|{;u4T|8~Fu}DHgGEx<6BBSD983nIQUH0PE|p5@?GG>lxL(b#G~51xo};H@?~LfYkvPSG)MwXkQ4-2=g*pvr zTmJ|({)G&|LDs%oCDYKFlltLI`J0j}S&4*gdTb1ghlfXE+c^}cop?8)EM6Q4;qxe% z1dK4jnoYbuF!YU^Is_2j(~Iu(^R9UH%lxG2aX> z`XZOeDPhi*NC%VfJJGvt3+6P1%}$g`jJvrGTzs8Cj6PN=A+zv-C+>KSl{p>pK7A@U zlQ~^Qs+LZ~)-Foo3>x>-N9v4DKRi#@`ZWu9ILGwt3+EK6nhuEwh6e(e%^rqae4HLk zWr<4u%i&aaq$pKe7=9c%_h}Rn%xT7qKkj)kiAC-0(DadJYMYmj*Igm0kIm3|(G44N zq`hox6XVn7Vi2cx?=d54od-f62V?c!E2PFFld_Gq+QwdY*r)w>-5e8krD!p;iW%T91jW38Vr z3bpPJp5$B~3!t`HBpnFIIl_O5*@h)`*DmZEA}T$r0?y><_CMVybqRhaihTFI`cl{o z9huo{P9|42HABM>j@+B?-o4Nh{m!vnCSW<$5}!eJMmetMa%&{w~1^Sj`67WPwjW-?DJ77 zW13j=n%F#JJR2Ju2%YG~=8gHrlDfL@T=i#a6LB6t-qnk@)P0+>+UItv8`|R3EALU4 zSw-$Z(A|iV!oq4pr_1*eCuey{rtu{6;K_wOcRx5{-ialR9 zAXPy&Ta1wS>F4o9ekN~9%mHPH;-qBjlAXi1vI@XoHOEvddJ1gkRBn?UIJ;SqwZmtT z-H`%%=!m!ob=K&TyNy*u!F{9{$n#cXBO=O-THO{V|Un*L|Yfu>Si?EO}MqIvh=cE8dB zl}|5qbifOj`=ITMjKGjz^NKwsl;i}{3R)C^2?|K+golyyblPXb#4L`S)3rAvGt-eu z$oW7tKE?kc22Q%9hwP|pY(xkG00R&f764grPrY29$N=+i+HAZw6d9G$QGfMPcV_bX zZ~@G&tqAY#UOc;lx;kwEqfU`w9NVtEXvD(x#2WwDZ3vUXQ}}1TX576GT`~uPa^2d6 zZfdh0#Y}@QhHu>p=(g3*w>GIbc-=2s=wf1#@0S0>s&I{-Pl$L+Ix5%JlHSgcCr9wi ze=+`J^;)LIg-z*j|9OY9g*bzGe@Yq5NO|d_@jT|-x5F)%~{RS57pJxyMz&7{!v-vR7-ERpHs6Ed^k;i*&@{e?KZfeMwL@>3#ZUXkcGh_ zdjuZ;-G(k|x9PX%a3rP>F^u8U0FTb;4*L&iAG!b$+)~0 zm#0ISd06caSV*O~LD|Y)=F?$Pw57d@$5_9G$1@q&`7s4V_D9O_j+{RuDh*Wzg!mTh2XijgWx`|Fw#Ed7IeZ+uKIbi`EXZ2DXal zk+oDbM7{A1v$Ql3magKcUtJ%*SCO3e;~tk7ngp}%9$vlWX{D?ms_#{PU3yM6YZ`yG z7SQ=(bQ|iqyy9YN-cn_J(hmEl5uF-5fsr`tP{jWSS`fmXt}XO^_1F<d48iA>_r1ErN~_=M zmQ~zK;i!3DT@f%z>>OrMeE%+wAoIHqLKqZBYNX23O1+AB!ojDrU-=~P_I%v~=6wz+ zd|o>{IPkCAGL|}L9?LWcTI|f-CeYXukq>#!)?bt7Gl+wOlCY@#R`-)BiU2>(fADvS zGKeO^OCL_hi1CmX-l1&Lhq#D*m?7mH6GS{iG`?{$o%SmFBtdc0CSML2{&VeNJOADy zCX)}FKV`-2%*-m%hJon#D!{LTXzOyFg3+R7-pbw1?sm6u@X=ahvY>D20{7e;P4-FV zVd~1F#J#)IlHz}ZV=zghd4Q8Xsh5nW=pXwtV7Ej(6RKYY-WZ~RnO(`EQiCob^771n zkJdIMuk@j!pV`0svUvI^?=hPjBDq_TjhC!otAh}=wYiC|OXrW<21LFvL{Ly;N$4*C zH>n&+CT%>OmohgVH)`Alry6>y5q+P+H07?TxCoZGI?MB#v9pC@o?J3HE?jIi?*P%ofim%Q!i_B>XJ=dc|&KWlxa zL!3KyVYE^o<}w1PeGNKLg(qhcZ{B7gEzRvW<&p=+kQa8}|9A%fDk*}}rOB?$d(bcc zRc`E6;<<2E0O>L}p6SM@`P1pp+lM=2ITvIm6o%Z|Tl=Xd|67(M%LL~ZmNbv)au`}z zS$%<7q108>R6@dHD;1SzgpBs?h#mhNGqTkR<{jl>4Ov~=INr+HJN9;GaHqUIOW1n> zH0;N|?2W%_nVXPZ6_guT-&jAtRyjI3Ho*VxN|#HaL?5a{-}>+&6(>z-Jc4q1YJPtA zQcJSR^ePBAuWwy|2eYu~*+>-t{Zrm%IYVm50HH5@eiIZ!U{fminSy zhU6625~X_*6J?+98w;((Zlzs|6ZGcZ3yNX0Ws9lLx$8xEkakKeRaGWAa5!DH z(KtI-5fDcw*S0N`=3ETF8>EKLJRS^W>b8n4qkq zv*9E=KevZ<|L0KErUf`_oqe;dmix=LQHQ&jJUUWA%HGEPp0Wb9;~X$JdT;>74drOs z`&1zxUE>tJ{ASwyhUwGwU`tcm)62_13VSQ}OTY0?awhz=<@nYn;IVdYJqUMh2%-)7 z2Gol}EpAe+X?!1!!+K`PqRq&6Ez`9$f1&DW%TI}7;HSN8-=dz#NIW+u4_vQ1yHD0< zmGaT4+_(&2TRnF4HuvBz<9uviw+h*(dhy-JywC<;cSuO_HV$b`NG4I?og9&@au2nUSLZb6fsRAdy}r6-JvjCPM=MLLeatVPha!>#+0c;>dVuvUE44BUW~^Jal*@ zdT32jk>yT=#c6j&>FG*ZVY(9U+M)SvIM3!AZBFv#!~&OT^&gB+eB->KD zjm2^!13n8sG&it>)0~wahSm0-$N11z5Bs*G%pBV*)Rd{zv<7$nch3FK1Wr~1pn%G< zvLW?99(evc=_J8Zy{tsWgA}cXCAT({8=?s<#H`*4K1{G&`CMnRptXRVXt^zy6aMa30F4YE~*=okRVWMReT%| zRbX>Fb^)emgJPT%Il{%3u7kaCR%f#{N5zJf^&R ztpk$Tg3LgP*{*lizx$Co{1+t+O_lUdY{U&rzqbjH&7YkcPHH;moc)4>+e0G+d3YB2 z><=z``~`+#1K||wKyo|O^v$-?N|9J z)~SQ(l$240+CveS1Grw;aO@oD(ah}3@?B0bcEqrNEsk35pqvr_w|IYZv40->n3-8U zx~cb=nC25CSssY`A_>Cjx>%5Fr}lZa5q17FvK21O;-gWK@aa=X%sCxh&LV2c+7^X7 zAF(cQx{nz?GD5md)!~J2epvD7(W8q_5*#Jcbg0)qooD|_9;SYe@r4keOqf6CZSNSK z9WoW??@K_Qcb(q46$T4hFk#QsvH%Py0T`R_O68ZFR&6`?`!L+cuzM5~LRt`Hb{4=6 zvsO@uAn9eAf-8&2|4PuprMoNE?$@`x|0&{5G;%u+@DGRcSz5EnyJSK$5N!D?Jo6u~ zW5SLUfl>DI5y?e;1xTxv!qmHh)1Z24qRiBplBCRGqPRlp^0!l~vyW-j-o`*rPx(z} z`K9h|jg%DnQLM~C{XQtljtG}L`+xo$2s>Ak(0gQ0jOW&>063kx>mIE9Y8O$rm^^P^NwnL=&F&3%fgf`S6Bm#jAT?yUe0NSz-tHjAqr$v^L?HXigr5SCC0ASikP zNUPiH|HaT__SrUqo_NMWEadYVN}>@mRXlyTr?TOMnu1FuSQc%cEX-T0q?UZ=?(zGf z(FCmrnj?8@Q^W*8=0m3WIF>7dFvR?bIROPnc~NN~bS~(+S@)G8)HIZ0+I?6OaJhj8 zRYnj{Om9eCi>Sy~--8REP>j}88s7(W9j)2YR)d)AY;5h#^H!$k2NXN85R(Mu#oH%H z)63QrqV)H|ErLAA{mo`ShG!b>!_e1gYRV&2)~OH^1!cXVz7BXznKWSZnSUczfm zt(8Y{-bvx73jhii*@9!yO5tN!;Dwrzc)8MJ`L<}COOW|kIq|HkigHA zzys2n(TC!f@%#)^54R&I1oaesBL!Cc4Q6JjUA(OGNZ&4=nWU;~^SDP?09DL+Lf6KMFP&1vZ6D)WgumuVx@Em!436fK}s# zsr?Glw$81$-6{b25z@}+JkBOXjY9$}>;&6J^UrCCaSGuF z<|V(w0Q|7%8NHv;2P;P|WsWM%YyNmCKVebVD~Lm8P*0*r$P;MSJ$^`R^qq&G?o+zH5iKPk~x z0-dJ8(z<2ilhwBxABi7P%;d#eUL%8$sFHG*NCA4agt~} z^mfR`Yg!6e0b9X6?KIiMY5ckzwygBZi-goBfO9uU;(i_t8>qC&@#{93Itw)h$dSg> z#ByAf&iP@Iesj}+(*VBIb;7s9vkN$hOy+M;-JbtTz#o^D)6LE~90CHGM)#BeT zhJ>1kzxz2dV!w8VViyn?RNUivVH`jNgVYNrbc#P$SC>jqZl+O4v*jZXGYqnwsrRL`ieH+i4qdhX!)LeZdavNk;v(z36 z5GqwVnpOiPIoey1_6{eAp)5mx!njlp_yg@rM8(?4Om?G9^qJH$sLhl!8w32|k9y}rMr{ECM4B>r<$Yuk#% zU`pBCe7N&A=fWmK$T|D^?u7X{GzH z*g{H~Ud+>Sh`xggL7>*qG5(a0B#jM|O&NdV>Z=Q2Cup#lJ?sN5k)&5TF zWrC}}`;Q=73As-0%6j7cr0d*lt1jy7pp4bn@ABcYo z8Gpv``I~h5t_Yc3@2}@|FUt6XU%)=yeO}X#s=*{pq`O*FB02V}+*xQ{NZ~eJa(i!= zt3U74)p&X6R7}uBh+-WDCejYf<2PTbiPTMs#fmbj$>X!M379s8;eRiU%EJXa?cEVw@o@ntBzUjr{L3{22M^P_v!h(Y~X^p)9EQu!!;xg zBK1DHn3QPrp@xqJnKF%0UNX5x zrGQ=lZi`H!b(E(>d@g(WFaFSP{EKB2EsWIz`SL#;`Mp|z#~X6D=9_Kgwd`3t&h@sI zY--C|30Kgq4wnnJe`i-qSxd{10!bRCC_sXXY1cWN$6SedRLnc z22TS{TTVG!QS<5E!xF>yh+~};uAKUm&Q|rStPy}y^|qW))9_6u4TS|8ee3ltp^i@? zy{uP~mjisO{3X>shwFZ4h#f?&zLr+S`wk+bP?Dkh_ZxSXaOm2Q3FgA$V%ra+OLg+! z)w7>XKxb{CALp8*Sz#J)*7OXIpy16KPxmQ)W7D#}yL~8H=*9tsivpYO7jv zc_hB?aFOT`uWJ6Hl5>QMmk!A80TFmTMjg7|W*cYW5|-t+d;Y)@dU@CyIM{M=-9k9& zTASrDS}+j>(|dF!8p(9Qgf<+-VDYw)z59Jsoht^r z1qFLjRciMxJh=^6Izq;t84^IaJ9&{)6@B}~HtJIkIdMl0VaEUZBLXnKXh~583Fi4^z;Z4lj5si`&AU-#1N<&8{ zFDh!?8y`RJQaHBJe?(!RH6#9@J?TLcv$w=Z?>5MhTI*o*Pv*c)*|n&AH|f@y@~E!q zfA;)6;=3QE`>FcH`fI0GTxPR94xZ7@^AT~0rs$|k5DB#+c2rEyI9is}c^`dg% zTu3ckXo#&0xVtj>gmN05d>)M8_vV#1TPMuV*vz=TM5cVm22Yx}C+x^ck*TX2l~2(I zoRK!3NuT{5l!;nG8~Ts-*73F=0?)#(Biz|~15toKRFv~M0qFF3#rZ<( z{;&&M(DeGSRI=RR4z=IwPf6OM^*`qz9u(IXucQw5hFNmlV!wR0mMJ#>_KUvNW!3e@ z?su;no7J07LwLb2nco8o`_Yx6cU6b4cx3MVpeUfK1377i=kAfW{2B$>Zy)-%cy#b_ z@NH?OSxy5@T7rD>$RVSryPzN=D9H#qK+%RrZr*7Q*7aQFtM@P4$PMEvL0s*? ztzX|?JEkEPew>-|VQDMta=$^j^CI8D`vDe*TsZ0+K4Ykk*xqP9|fVk$iT zp;%44h2@4phr^<;^WWsLdEER(Z5*N7Gs*?cH$ zBxAOH&H~onkuhQ@$Yit`Pw6#Ozfqsmzq5eaJq2%8+f5MLkkPokeECuk@7yoXHOvoJ z#793gsXQdl4kM9yL2&lo>wngp@ zlEn(E&l_zdINuZ{wd%pSELpLGgC#DC*7Oj&r=`uwLg460Rwz-aPP7K@xvB^|nWh}+ zd(VcYSgQd1E;9FXQ~~KSc~+v8)tF;ne7YA`F1BW-6~HbU=gNPd>a4{2>vX#CC3{I_ zWykI18WMlDj#02m`v)JdI0jrD?>v+nAZQHS##&t}nQul&9>-`*a|Z=bbciC47kmcp z`!mfLo&3};DlC;X72sN|G`*6i!YZ^Y*D<2%zoU!uQK(;fVYem<#LUaB_#vc1tB*7mR3kR#AZCM#f zBv7gmS3#>jG6;G!S;%IH8r8)eXpO92b(?+4T?sauXy0Ow+H)zx^e<8QKrU8SVJ?B1=3)o1w_%swyt+W}kNMmj`oSH&iDt%z)m+V|^ z`Co1iO-QebduJ55u#KkEH5>!6PR4|W_4X0qP!$N(>}BI3I>>d-pa_mkdH0hnNHgry zdrOyQNLyFkMb|h9ta2x6p>a-KY)2Kz`uOoQZLkA`pH^ICCBABVcj0=ZwEb9;k`zNY zo2Ic(g2Fj4P*Qe&Vv79eeMD2C|F_3@mcFa)QuIPw?6mcZP>{q@YsQ0=^In@A*eiP4 z;cjGw-)_JUN$<`mac&WXDr?+Y|Fj6uXHCM{Du>2v^<`um=~3_L9)z$>u(Bae2XV(s1Frit94BCoaH9=FK?K(`MEx z7VKk^u97MeFf4qDB^<5-mp8`0L?b%gRb_;F_A}yuh^6HaAZg*%q=GJP@u!dd5Gi7$ zV=C7yV92?U)kX#uA>Q5aU9u@<5cTuPgc5*k)xysD_lBtvxm`9>+tY^!e#Z#mt<~V-4D+7dUi$I&&E5~PZY8)2t1g|$=H{P{>Hpa= zqt%Cd&@;)~nl}X6cqy!-M$K>Lr4po8>?ua?wnQgSm@k|__7++#`A?qkwpBV-cYF9Tn!}Dx0<>&cU8@6l2 z0)53~<#L?(lT+P=GTncZnDr;Kyya^0!5yCc`SUg8YMp}QnW(FrA0Kwcn1l_Fb1477 z?}Ig!WIvZe0`38k2T@d0gTm_ox|YbPSJ#sU7rJMjpUUYsnr(PR<`kdvyI$m#iW`9*0yr|;b5a@n3pVH(&~_{3}JVmO?&>qqy!y+wtx`{b*P ztB#R75kFLTISCk?e)jjI+M~LIgQD#N74BLU(z{po{w?QW zbfM)lkuFEjiwf$8K{k$4b+nT%Vs5J^3?68A7|!n8=H?Ts4uvKl1bLWJJ;Z@Ve$_89 zDAja<&{E?or>Vn4(>5sLQ3uhp(^XpBp}qawD^XmBIg*Pzj>m-*+Yrct-MwTXZ_a}x zh^Mv-|7yUT^)&?0S&)f09aKQCzGOw)4hQ#X5W)Dw#8f9p$`(Lq6zaA-gmWlI z%+QxqF&hVZtR8KA!(6woQzn=x)Y#f!a^Jqtt57(t00A+Iw#R_GsPLqboSa<9Ti7iS z?$MH-2|s#ZD{?D(D-p}#4AgbiB6;mM6PelJaZBgSs?mdP?AbsNJO8_<&^%TIK)BTR zmZm2M@m3@%)k}NZ$2Js;1>-OauRGy(QB!RZnLEDprjNbUW_7Z+mk#)BX=d7UZ=k8& zu@!gMS~Q}Fl=*{u0tdBNSaWSP?A(_IdL0POER&3D+gA*3^)uMp8!u2k?`W;)`K7H zOwZ68`;wD#;)zk$a?dbhx}0&B^XZ*WE{r7$+M?`U7EIUXNRvEFw{V6)pyMxIO?`i+ zTIGS< zPcnVD>RxP53rsLW1~LV37_yWc;fWy{{crdI%ni4ah8lgNIZaU;&Wlro6h`7?8$FVKiy*1O#F$iK2L*6{R z(eYcEjMI0I@EMMy^QKGc@mySBCqwJpu%a@Az~u<%RvM7`famEGx+A?B`(~QvBcLSQhC7?;o7dwhuG`}V;w~vsJ+~i6bXhWz8-EudsgEU@ zk?b)Q$1;Ctp2Fa^_Ikq`q$;_4?B=JYY(eP#z-v?v5CT*4Ehp4f2V*01S`m}FhiuE9ryD(MRIchmZcMW2 zCHG*X^-&+QnquG*8Aw8nS92|krL9Jp_oti>O6v5ap1$L7SbUUB@%PF4g(Y5uPAQ$_ zwmfON1z*IgQd6fD*J6q~*QoB<$MvLT9zCIKu5Hi%V%T;tomo_)kS?$6*yjDB(2i5XSwVc2%=@My9V4aJZM15QH=9 z-aJ_B@P!xonu|sqLD!WMHzz;KRE#n!#e?aJfTDnhAaCBgKftvC_peW~p$m92KSL}b zUJvX4Pgl8Zi!|D&nP%qS4XrjR3;%>gYcSsdE~C^F>URNky|X`O*M;W1522oD+R}xm z)L%|~Pd${jup5`2ug<|L z<)l0uz9+#!jnOwH99kB2#qY@OXja|)F{He6WWBp3F~A!vmE6cE1)cc5`TatkWu8ti zgwk12XR%jW&nmWcx?Z8KUK~SdMm^kAy$0P8gX=K;`n?P4@gte3Uv#p#>sWbuR8V9u ziPFOigXXB>Oxd8aZ^d0|8@B!35Lhov9|oSo!!asc`v`5A5iN4IRh;U3;b3p4)H1Bs z-^(7E;hg~hy?(8JPYN#;JvETQ#}hxH__F&hMgSX#W%f0+L(OaG69E@T%1lEuE>Tv5 zW{E3F(5Zn*V9fB>e6O0EA&YKsPG-=`qIUGKFNPSmA&MfADt1L&1DtE4MOh#21tvs&gV z_r%w*6qMc+k}&+e&B784tGd0zlFj;k+kQUhTQzm7~FNhSQgS@I#FZ59=HJau+QR6BHI&} zVC4a^Z6hNwCfu{MfuGu_$S1x^tETcz2CSxai2D9rL-fED`w<4T?66?^rpcdx?Ohcw zG@<=Q2fWhlS!VCkJs^_DMKJFzxi^F^D%_02rGAh7?UIZl0!xM7CSg7&(vWKmPCaWz z>;V|pG*wVd{q*%_7yAkASUGFPU@-TgE{kIn4meLo93Hx#&_SDvml21Rm;75+R@U;> zl(WJcgNN5>XwdP#{MARMbcSzipUb&LQ+(L&1mNr_O-$MV>xUcz$*Mw0RG5H^yMg8f}4-*yH#0(qlzEC+$G zqeTt+w(^O6mv9eH&&K}Wee7kGU3E)Y@8ACx>PnZ}OK|SJ#LL>Asv~g4$*WtWaG?W`4Qd!{5*k11}_^3+7<8pGM?%(Th!8eORf=+l=IC;6?|J0-ZWo7*PEgT;cuMOUpJ}L~b zMG|o_@zr8tVssPGdF~skwXNq{8hScFe)*x{LPY|Vi3p>mCd+?5W>1~etQ2{bE!eme z3A(dn!GP}W>Nen>Z3T{tkfqZQ6!LH>E8s*Vuk+_yP2|sW?bd(%enuC7Xc-JrR6qa~ zN}?f_2l{*0k|G3B6tH-)Rov1t-*WK2OwS~+0*KfpsK*b>m?ew-FI;0LPP(`N3lH~3 zRMrn#?AP*0O3p_t?1*_yRa$9GH@CLJzlym}P&+syk6eDpJo2jFhmVQ=F!~Q?<9`S- z|9X)a09*$2()}Cd&16->{`Q;s@#CrdgsmN8WJ?bpf7SL^2zr1IsF)=r#(n)z$=9!h z>KB-2?Exmi4H(J#h)0;`SKg-5w~fIJA%q-A!Vzfbv^r-<*wD(#f>w~`Ii9CS%}(S_ zlB!)vBhI>MZZe=3&6JOK{=RVhi%(svE{(NkXp_$be0(<>=4=`5AiKTSK`)CwV42ih z?iQiOmf>`(j)7|*l9}zT_HWv?S-do$w0WPRUbS$w%jFl?<+dQ{FkzH|AyZpaL=ak{ zud4d=%EV$4vz>=^z5DxjJq>550AqkGhpZBOSq$--(k~nz2Lu8cs(Zm6Ge2T%xZ{os z-SM>Hz5RLukD$xqKB+J{?jB}z?Mi!OkJp(9M>1H+Y2!)=K{0JTl|BD=!cjL1FuYa{ zo9uOgryqocIZu|i67yJsbI|?zpeian67lT6#@pRum{*+C(?S+o6V9+vwlNY)rV(FX z-z7AS+bidA;^T*802OHhXxu;U>hhYPw3%L9{CFdav#_|kx%(>a7O6;gUq3`o%{T!_ zHr2Xh`!D0#c!B-}8((hpY z!0A$xBs&;aunBet2M2v7tdr^6$|}OcjD|a=b=NPEW4|UC(oT=8q`Y-K7OWm@5pO z&mV-ZyrxK~S~>tb&c?aQ2GWebX4BJ}65Ysj-?5QG#f%I5Z2X}TQV1v&)(5g3UYU9( z?9A4878Vxn(d%Y9Z!DO{no<*V@!*e>d9rzRnTef_2~bCPP2rdptFZ80CmueyPl}7@ z(j1P(RvU3WbO_cf(#pHOBG?K)Hhqa~TiKIfW}cX&MZCs?f?7Tq7e8|%sHL0Yn&iAz z`;d`gNkapUmhB{aGy=%bB5R_uDP>IEROo-MRE#`8{!&*HFsA5tHo^kFI7)|kU5aM#f*Sy=V+IJ!+L05Q#~u-) zm3^6N?A_jIjJ{llTp{|HH7a0UxE3z=zcOm$D3~U`#p3Q%2hsn0I`^F{nT-byhc}W; z#=j%pemf$;8XnPspc;PW2Nw%jT9Rh{;@x*Ql6u47Q{D6Ar=zZ7gteSyIHC^vb=`F- zSg*j?XuoH?UM^-o*a5{@15A)=*@?rbiR|0QG#^QG{91pl@D*M( zzgRR9@DN&M$fG;!3^?h@gHF|NWN&~y+hSBhyz%812L@Ex7xbO7XtDrbHY*}ODo2an zN4SQ+0o@@N`;#Z3DwQBDiHF8%*;0^}s9cjqCr+dH^*t(tQS0CQrl=;ND~T9gdXdZ< za<@KFrGf~{0cn0?-G{8KmBh6XNaTOL01$iskFxKMhO=G2R->B{fjQI>h;x#zy_ zYwvyS?dM-N;Z{8PNV!}7##xAomL*I^ThT(7iV%dUCx=10IS%X&c7 z6E~4pVR{B;&yy7m7}qf|DVj!=Qz9p7?dAdp3nBWB)>P32Zg0_45n|w+Xjp71(cfG< z?B#&cVDFG4q%n75lh4NjArKKo>o1|=Ol#~JQjVM z(E6^A4|aCb2hGsT>qNuBagT)t`rY8HB;5L_SPbHy?s()5u1_fj6jSNR>4ct`OX&*` zlyq?CoHPjb=Evd@0<%@F=5xSH@%&WME*6>3RR;LXtLwpBBE1jBqV>cBO&XYig!s+G zmecxLCG@?XZw_e`wC73;2C$L*!6Rrd;JS9+de`GHO)>SQXa{q+4i+p4gz^yAvaPs=D8_qt_ZxY}%H23EU>48Tc! z=>ARSpw&gk7X`NwzK!^dJj#2kV#zzxMinLzLn6V?f4gT~PekDzag8e2XCJw-?6D#$ zb>?nO+AeRYYh^__Mc!Ui>21iCtOJaD*4K21scA_emYjdMKm0wO#ZZN$S+%bre`xT3 z_ws-H0f>?la_$b=Lq7{C0=J+RK=|ji-Q*+SMju=3A~WCr`;O6P;`z6v=KAx3@fwDu zX>_@21d1VZC&cn9BdpUiBW6MPK{Z}oj+%zeGnW_AhreTM-tDuynpRvCtB1b%@uSA$ z@IGwOQpO&8y=nwrwQz=07dRO5V%n^weqRf+HGHd|?+S+{4{R(v>SY5>27siEUxM>V zh>52eRAN+@Mely_{k=Oq@&gf2*6XzGV6c}C!mp~X)|Lz$&hNgV*YsX&PitJhZosuo z=nkgdu-1C=LkQ7*>-+7zBlR$s&HFUA8Y9Cq*z}P{1k4R3p390wfc*(D;a9xqc0d=} z$=g)d{%8GLlflu`@&uZ`gn{)JE#2}mg3}N2je@gmZEgLFe6TXjii@p-Vg3LwgM1iu zD9j~H(}C^V{*i-4-|3r?%vqwfxWa6E`_0hb9NJuRa*l9oS397 z-&TJeN0tQB;suqJ|Fr_K1E&mqcxSktHi3okB`I!`&ww&vE@ByHtY#BYTv5}Ff1lW8 zeXQ{88Q&+FJ{DIC6_yoO4LA0AARE zgT!uU5cojTeRVZ1E{+geoIYqang++~g`fY1p{NztpL`Y$2t#?l*bD-($;y|BFKOTQ zBNwN<{`lF;YD$w#1j|hg*+_Y9N8)-f?XugpvypUT$5YEcZEdpYTzkdm8}rzb4!PI` z501|$sr58nN{p~Gm}oP#quo7pRxiky;*1wJLb9_8)G`-0H@N3kqLyoFG`Ai5Rt{@c zmTB}OAonv?+aZo;wo}Jp;lD;-dvc5LGWD>-jwSq0JVlQ}t$s<2f&RLF!G89Nz#dX3 zo}Lo%UjPws@)g8eWp|<}a|OAw#`AN&Qz>lyRP7|OmtNW#*g5oQYu`f>f`8&(AAJvB zOeK~=Ix&xFtB206p=;K6hJe}h-c%nifgJz(5$iZFMpcgX9W|p;TT;$sEFrEp+MuN} zalCQEBnxmtydkk3Q5i!}J&PvbmpNty!RO$%wQ^w!Y@|(OShipTKQQdfzqpA$0X5 zkNIX48q#Z;F~Xd7yA}(#|O9X#Bq%ne3`9!myY7JxFo8hHjS}MGUe}(s+9*@ z_*jKa^<%5J3Y5k?u1nV8Ag>QTfxAo+l&S()+rMpk{`1*y7qB$gIhLwTNxt^_(evZr zGUiinDb~>s-1uHuG%^#)YddYc40D~_3X`fKDgE~6KEiJYPPM@K!ktq$^d;aXnu|lX zx1SUFh|r2ElIw0ke!i|GUNJGfnv%J$Zc2FF1Fh1)q_H;znLhd6>xele(bau@g?0b8 zM?*Mm!aL>(|-m&Pw{0_~6j9sAw8sr-&5gHX9wFGAK+gG?bL z2#bj|z^5kxPsEmU_SC0Dso1?{CM4tzZAqG#=h~Thl(D$yI)J1m(DwB`sPbk5r!7)S zH986_mFCCkQqJ9u2OM7=)Z^veTbC1Lq3!*$vG3|9S^hDBne>i3N`)RL) zkS`|YZz#aoZM>t&{$T+`xfyH#2sCPTK*+R3rdqFo-^*YUGfAf-au+7C@V+g9rr#F! zYF*9!|A1}}$7p|w-Db(s)77V+Iw|PWghX%Y%*N(Vrsmp@1tdQlcdgid$5#YoeX~qZk9|MNsd|lvT^wA@4?$mcin4 zWWtICq5J4j>D;m918&ZPU7^;^5l7$~f5WZL(#p|A^6{!Bnk&bnMmX zF$QTJ9n_c3>Y_xjhihkj*i6fqVr#^xhUN>h44ZYj+lRgJ_V6#0Z9q4F@9Ge}SM~mX z#mfKgbD&Fvzn+K+2;lLH3~tqLGh(*4y%7$T6~&qEPgo>_%<*n5GQSWK7HM#ksCEhq zubgHI4zxJdBi85cU+&w47_unwrNeZfrxhfhL|{PK@NFzDJZYS*guzb<((@&g`_^!`}rFR83bgm};A-$C~h9!(rJ z7CP}T&e!D0-nu2^sgf2+e_v7fBHCH|OrmC2B8aa+VA8gZ7auauG<|`4)v2i}a89oP zGPZgv8vWiiLtfIuzEi3LIg?4cUmyxmLOw?!|uo z%q=E1iHW501tFoYDg1Ijw<5vsKuW1f_aw=lU7OXrY71NMVp&oAPlxgEVMV|-a0HK* zQTKoGoWC}Y%*-E_Wd30w@bAmw-``pE`#|5ih~$1xe(g7)R1~6dJ8)tpPpWi2vVZ(% z#`=JTxn#-n0(Q1*Rb`tBoBcf9*xuegBYb?vS?<**(D7?F)0@UiMEOr7MMY_Ud%wot zlJ2!HEi}upoCsPX+PE!4UcN)?yOSL#sgTp^` zoT`{afW&p8T_VFw)4gobXdMm!*$fU2K6B>m2@D`z4_+j0-gaaWFLo52l`j|HKtm6* zg+VfY#!WlO;FylNWRJg|SFkBWO91plxw)CM+s*qI; zkYPF5+Z+1wS0pzT|Ju#j8k?dSXY}^f3NdK44#=^#@lLOePe`!%Nc6FpchAkob^v+8sQUd|M2fv4FB{3?dPhl7slIMt zcX*jz2zw4>cKh}uK|%*L@mxsx10nA^!d7ePh{Fyc%J9R>$5GCPY<5*qpmFeM$v>_0 zoj)-CMN7k!kJo?LO2JY#81#d<&S%bXsLQ3Dh-9OSMoaJ6v#@lpJ+7aB8HvAo!&{6&6TDen$MY@o^F$9LNTIu&be9_s(hMhH_yuGvO?{HPcy8)4pcKBv@uYI5$q>WK5F(zmAL!u#x4 zMdM-kc!w+X*rMwZg)K^g0sgiXgLH)lId>c#r}yln^Ty}KVhzsB&wnsCU)Ba>>zk7r zQHRp2>k+6(j83~ykK-Mm6(IZ_jl147bX3+<_I%=bUHbMvyb~9Jh`RY*Pg^0uYsXzt zQ#=<Cp*=%x!CBZ0IzOFrfu82?!QuNXHz5E~~Br>^jxW4htY8JI17*sB? z4MV`C*Iv(u^kuy@shXoWi`90cr3N z17fqt=+x5_?Fp$CrmrmcM%<6qd8U4|TW`T;!{)uy%Q}3F246{k1ZmM6Y#iUPMh)$t zWEn#8I{@4x(IC!`c1x8u|HfmmSLb~`chQ$WnDp-QfcNt4M?!biY%f>yph(%(sPM>Y z(|$qf1*b1>-8!E)ii_XH(YK@8Cb)q)XTkDW2}ebgYNz!ekreurPlfB9QZ}dR2Tn1V zGAZ~C@Z1VPp-CI78(n#0rce!x!5iFFRcp!(SyQRO1R5EO7{axfw zn|Z}L4(@-`xyDMhQrrU*_$9Ve&V*a+0=VoJdC$n8cn|(pW6ybuFN8mT{UEhU3j_ZG z?y<{E^*G{3K^k$n6;``eOL!qE?s>D-oE<(s{umy`;pFn5uHrHyF!Wf#vUC<16?SyG zQTx4l)&VX(-t5qo$o$n}5^k`3v^0DV;&P9pU?N`2&}J?3Ni86ETHo9}EN7QjA!Deg z`f&SaeNj;#Tm~iSDxkp(td1tBz2n@YY&zR^QDPp3DCD5`MW35mNUCVhid-FLA@Q<} z(dU5Wf#UPU^-@fh`5TKVKsIwV@#I8tI;;$-wIKY})zt;110etrq`8)Xef9G4GUCDd z*i^t*baT<1<)oO{*zDMQK}&drM?b2WV5=H5?N&LEEI2+qJiN&(bEI|jtHT#>&<%Dp zwcaX-evynUD>DAO#XN00-%Fb?71-_iIB%(-$=XYseLR7Ey6VUp}ZA*DvmgvlghkJ z^roxUhzj@E^g3e}yx$*PM!t(ow49BM&-^%Es<_wf)ks>ePaLulDKbs^(gp{wR99lV zkwpIqW{*b3Ql@@U3(7WF_Ve2_2_jPmQ`4OAK_}%K_~iXbqJ({sE`NR$ObUUu(Cyh0 z4@KXM>pP~0_rIj&2oit?;oRxz0}oLB0;bIkz!y6MwQ_I6{h(Sls7zm$KX)et2c>Na zWGC`dD=RBUh>>IIe&q+UgkP{EZ|Cfi6lqR%evI9S5QJCVC;T0N8vximZy(v07{G3L zx9@&z7PA#sv};7lCq#e|o-W%pjx3rS@-HrT)$GvFNve+5Q4pNwZk7vn4wPI!k6)dU zS#t7Z0`be1n*5*YJ0Ik9CQ0>LF3f4{*M=E7amlaz55KzI9D9mAW+vsJS%CQcPSEDO zA+hZHFF;JMtE?QWXhxQ>Fl7uQgMLd?P5*c(fFt7bfKivzfp%2rmbPctMV2fH<73)3 zab(>;jK%^CnRG_!-`EacYHV>=uCMA~#a}u!iT-8PCY62@2k!^o`8zwi>KWQ*oc}?| zR0Hveb+U)C5fUsI6^Dde!`0*PY>eD*S*_x(7U@W#n`3 z2sJrXZMC_}!RV;PzfWOwGK;S7{aH3FG6PNjZg}3Fw4*3utDTgXB&Tm<5D6HF%ezUv zmH1g(KQHe5$H|P-Dy)Xe^>W#&c5()N1~=%1v9wi1SxKooi#T# z6|u8yb)|{hN&r}tU&b4?o4mS~3ta%!Y1GCnhB=E!a~}qii<6*O+wNLDV?2 zF+x^%jw&lEcql*|zs(p#L^i9*ML#(1W??fK&x^l->D88?%Z3|$mM)}D$HE@}C6odX z4-jCBeV8K;dw;#V0|;zC!5S?8SG)@S`T6Xh2pwVt?06mH8(xrLhq2O{8wWQA(a@F} zGX<3^)cLI0n*aFm)1F}K;GLlL*v918%nUB_K^wmM*heQwg?EBe9TyjLAdu2+tXO9Y zTC9*UZMsBeQCL)Th~C?C0P(Aqr_}q42{&`r8|MaPpN^K8d3r&EDrV_tykjs z=Qna|jztGaHs){)5HsCW=+%cA_~QbKjSUShfws^0eUfXFf==|$9XXoi@tj_Q7uhL^ z`%{rF7KPux@234MXuUEweElngN03wtBTThr)MP#hP>X z2(&IIrn*c`Y4?|w9{NK4tz2=&Ot=k;Y4q9HnuTLOtCy8nj7V?G@ecBjTPZ6GPOow? zs;AhRFw*o{ksQ*Rra0F%b29g^T8qkzRA;26h26jD8~sx;=h3wycGcGaIsx+eTB0v0 z*Giw?Vl38OZ9?_fFlFn>ioCIjy7A@q67(OwcIoJ! zg;9}mww#78^4#gV!lTcnHl2#(CRRX(mxfh{Re$RA?zd6ZxYHLkgSzuzi=;JFhLNp^ z*N(0p=I0&2oxEUkwz3bAE|Ay1&MV9LF4!VpyN@5=`$qe84KN$Vy~J(tcE!$Ty=5ai z&U=10{moS-&vX}24kOIy2OqvGJBPE6ozk{OhYo4FXK<<#9tu=1LL) zf99u5krE~)20!D0s1m(mqZ0h!_ZDqRkoUfvALRJPX&hf`RM~`#xGw)Ju))-*jtx(* z&ei)=Rw7S>p@3E$-zo%^DaVJHu6LxH-WqJPH+=UU9HtW;LZSA1=j2-iw1E+&w_ZoMtzn7L>tJ?&VU)J2%%ua1({? zk^Pl{+RO9VOBRCdXzQ(M_gR_!J?g9(EoQk=z00uhDyQAx^BY^w9kEj~xfEit_nR|Z zrf$2;y3^EUp{MsOZR%isE{~F=?b}!}OB@&7J|{&+tw>2axx-1#5U)~t#0pQUBuGHf zLj39LC}|uj%UtF&!AwDtIrnDH?uFkN*Ok4^Zf8E6#I62h$6c&8cF?lEK;ds{jx=O; z$J!rY%Cdb5VJ2wN4+!|5J9F?O7Vns9zZ36A^-B%Sw38Ce1Wu3HZ1QMZ@^9TFk6X!& zj`{me#=3I^w998l<*$^lH`>z_S)rph9--r6pO=56sgvF4%R#v0K6mbFwZrm0(1NK==1e+n*0x|GN149}$aC6F zR}FPYj+lG(4EipX=n41rMvV$0P7VE8j;Xr2pfPXj zd_LUM4(+CD)Rb3LzAdUKhPkYZ8V$^#?Kv9W(d(K$;>Z}d*>yW7|T^QlF?rHA%3 zPN1dF*~gy7@AQGsn)gd2c*u};x9`-Kwha25_DK{I`5$zic|DMm@auEv1UhKLqA5MQ z$^w;Y>d?WF9mBx0R{H^a$XEL`(he2$vH^P5-1|5UcPP@|`Tj~`YOL9J(Jf!!V*};q zDiu%fQ6j%tSK9erN+jH%h+-)t_=H9m$XtFDGQ}uFRMwSEppJ_qe3$pR{GT*!tmVyu zWVYo(|7g+Pzw>-qPulB2Ao4Dv%s$|JHDoSe-itMG$vTrGXiJIF_xB&eUXCvx7xaQ5_67i16j z2I!lurR9K|yM+9+!^5HARcAvP@+hZEDMTG;6 z&#(dgGDsh4^FlJ8B+2aMwLuD^$Bwrnz2Q&SC?QO89_OC?jKC64mnLyOl`ogi%f>G|Da0)CVga|QJ>1+n(Y#3# zm#^E|(aXy#Cuy94s=<9ptUQY5!5SGtHo@bTsndfrm{iiX1ZOcr;-X?-jM~Lum-d#W zuYD3h(2NdPhpp>X&7jXBOYcCcP!Gn8-0Vn%iQH_P3BxtJJCVE^aK2BQ007NRiO54E}~$8hZhL|B}*!MHbgHHk1Ofx*mjOQ@tK9(X)zX znYNb<9C9K|y$79W&X`viisNNuq6%wmtAWmEf1vXL&DBeBXZPOWIu6Dh!#4?P=(aL- zb*X*mJuN+{EJ56*HmK3fW|zwgYI1rubl@Qn&d9?i)sf-7b=&HljdM&2`2du3Nj{j$ zr(@4Uzx~`p#)BwuT>h9b>fxT}lI51njwiHVI?#1?lc_#a>_ajr)pVzAz2)L4OX~dZ z(lT1LtCdnvSy+FqJhw{7F+*VjJ+{(vOd1~+!dcma;JMYL`EX=dbm#Hrev$|XKj@OT<2BqVM!)zuXYn-$Q~_ zk=HTrzh1(BU(x&^3p2q^ro39uf5w0Q{Yo~5VWqbK=&hN%HOQ%&RiG+F%;H#gxxxFE zxcA@Ru~$#PuQmv{f?E9CJJ){hx0s66HNCp}c71!hc4dq@{9{ykQqo>6%?&nO=Xd zTDFda^knnh-Cbe-!TxT~FUqf|g8sav$qoq-3m&Hqn@pqJ-}mS?_5$sfG}jzi)xIFK zbbrv(SaZwfwi;et{=s~Qn|N+Y_;vIXfaBAFrNNYrQp~;iAKLorS(=4m1r3*!K(68m zV%5Ya0bCgn=na1U{Mn0<@8Sl&oV|)l1W*TSgPS~g?ungb;jBp`2y{fj!CXlUNg7E2 zs3@KriAfmuA+HIPnH>A|tL*jo>xLHwuU@Re^poThtz(@zEw*jmSGAwvTuS4yh(d%R z*4;spujJjUKQKhO8XLE+cXoG2F*ufiOuV-iEi0C+zzZjSb8OL|sKo>=^dL{^0*ae$ zJ%%Bgi1V?)k~UZ9{w)DZnPNtr=W5aL@3wL{X zdTvH#o_8L};pJ0`Qi;nW!?$$8dZ{{0S!h9QZ=Alw3cI{g$mN8AY}EP4qD|C>pv;x@ zt6S!t)**7J!|~=h{Q6PelD!6ia*!r(_>4I{<&lw@yCO~zjqb7GlUzTz#zqi}&J#2} zd^j(8od_!_n0TjF>NtHW4egA!A9ZQK<00?FW8{b87u;N3YlW&GB03jt()67)Wxp#` zg(NR+R+gZneMA$XQNVaZG`Y2{B@;czoO}iqbAWJ8lTTf`1N5XM9Y|s|e){pL4|#`A z`yxY}Pop`G597{`?ECjQ0Ggog>3U=$Kh2cT)`nd?IR7XBDlzy#`BMtN*p)g zb7$SUdU~6SnP+w0Tl>CNM#sZ*2-NQBo>t4-M13#6@Mb~F{)*u4CWwW@S1E7|SHAkE zjn!4?Zmj8RE6-GtZ`rL+W8yF;VZm-cx2fXRWG%eM_P1vY2=4vz2af`M+GD^s%*q?McN=A}(hm15CM7~))$W&0-Qwi20Q3Q`F_n^WOQ={J7YLy<#UVY-a zZ!~>spQrW$Bp&1gGZ{^GV)j7VNH2_D`?WKa$^5;;!u)^g1~5;51I!V4ODqO#(8$sb75Jev*(HYvt~?4A?Nn-4?WY z3+?SP3@hZOYFVwzOH!e*9{%!F(?D-gZsm7HAy^alW#YnXbLV)~49Q6VAJf)wj3r44 zB3w+1elajT2SPr;wO#snkJ4y4=?l2K?Dsw@-FPH_05I6Aof!1B50MD9Vy>d5p+Wqv z5TKEXy-E4K(JMsiXo9WAe&lgqZ*L$tZA;Fc4sVT|FsG8)cw|{6Cc$iLecKV4w3t^Z z!p}7XIQZ+&?>~KfHm@xj9e9kFDq)!s{)7p2jS`jMp(1kd{q^vg)`xFl>MON9@Jj=WKG?kY%Ix}LEd0f=uVjs>5Y=Jf34Pf2)@Zn*uF~Wi! zJD>drG$Ji72pOH{wj~lwdh;3Q$j!MBW_=)D*d=J@vbCv(#3Vvyzi@EsL1}Sy=Glgl zrnr4Y$S20&Pu)JHb!X3*#yUSzZhl7VTY%1x(y-0G%Xu7unYi!ZXLgsnAcF%*%!Z>i zrJO8UemajWc41qRux4C;Ut0O`leY;%Rz@{O7k^OT=z=MZ%RhF^^YIg}p})H2!IsCC zaE^*k6kQW~whdi?yYP?t^0^*HPuiT>PXkHPBSl6YYs-)@wI0{t)@D-MH{w2AKWE)K zR99tgH}<1WMtOZ_FBV%adh+G<3j`a0_=PKfHTaAelnRtPgW0-l8XX^<Nzi%F96Szn=JGIl8n78GNfn{d}0gaQm0GQx+8!*UY`uw_YI9+B!5UJ;wo-K z&IB%;x-twV#-v@Ens-U7wEliv(`EzCH{~wf4-K!Km_&(*UWC3ek)A!@CY7LD+L{T` zuScTz&Un@%8COgp_ydx4K}K#Sc|s3=BLL6x<@W8L@q--{l2(9ez0mlFt zG`B*d1FGEXWCRdDvvI%$f;^_wG%JbDI zrpY{T&zd;$uOzVfcsZ^aqN}m{7^<3rX^UEA6+7;h@Gw-Akzd!?!3sx zMl~^F-@Z=ZXV;BBD^OA7L}7cbb)jaY(m(|g28%&K_qGUU>r5hF=RgqVo?e`OEMJO> z?r(IB4!Y~ba;Q1SB%w+PK)TkmRd9Ttl^-k4S$`uESotmpS1+rhTO7aLz7Eq-aQp&U za?8tVgqmhQ=>u2#QPQ?Uvq&(_P`Z}DRC$)L_U%ireHj2--(+k*rU*@>x}RJt3^?{N zx-C%9h@b}2qtBYcrzexJOv0A|pmQFFAAg2}dC7LV;>R$wA8W6`ft#BRoU;bD$o4!= z&QqHznUR>Wk@P&G*Q;8+>xyLOxYr>hL0az8t0+L6>$C=!LpXKr?Z<2B+PCXn#ONHOb%YYGzyXI zw1FIJYHCiUj221q@;^vOv=a$#u(+g(DQ%=bXNwSY#2=Iu{o@VZZ)gzTgk7QyatUXm zq2pKC+jhR|GT(1GntwHh2NZLGFV6~O9PASTQ-QA{c9R>6?`&;r#6x>;fhm$HPXNAA z9wUe(^r6lNA zAuIleyV^{|iFa@;-I9`itqRav;80P8*tE5G)!3dt&;((}=2chU%CVsD9HONu<1`Ht zQ=+8AX-f#B#s5+EB9|;^flrBxp+z3twQBptbC)FZRKgPtt=a>pQEKy^Qo@A$(9qzXM z_`$F72?$E2No)Pcc*lJtpG??l%z8VQ#{b(PU@_hkSE5+od)7R5Ut0)NdyGyk=x%WZj>sLp%Bqw40ipT-#dhc{GXgXuADY0s#JG zD(Ai)JY*6?%+rfr)YW|;n*0=w%2ZW7^zP5LE+1mlZJ?}=vQ)`L!dHMXE25sRNkJ&P z#&LcYt^0+jX1x5p56*a7k}}At`FfKm%Z!2-gewacvwz?vehm0{{afAlug^+k z*kNC&L~m0kwL>~sWOkPXg&kK^JWrMr_3ut&S-yMiT>V;8OUK6G`=;!3gRm;esBLbl zCQf*FC!X9p&aq*lr!)|B`3rFVoBl=^X+S@H4OOThGoGNOEyGj+?C@&i-KY3`VjeoI zI-sgaCSpr=6yMQyr=~|*8}Lxp?_IJd#b;OSUic9JkQ=;no!&K*Km%iVk~B@6R7#J2 z->I^q*c0X98JH<00^ic%)D)QJGic_P0yhKUW%?UA#)?Y(L8U#6zMWyp&o*$!=ZuAf zMxpfM7<(qa)C5d&kqZr8-$&ZP+m>nXet>lx9Ub%!mbH^RYHyhG?H9SY%D)}>QG?Rt z4#`RZtm-_|Lu>%7`cUiu4LYXfq;+j0Qf3jpwK?NGxV_;GG^8b$tz;P*Nn(y-&3SzZ zfLy4Aq=G7k>zlg1L6vcKyeii|{|o%a)ft+4=I5yGMt6?ZF8$RU0mV^)KvToWvO&T8 zK?TCOlPhX}N{|rMzw^7&VxT;hCi9K!*#?J8pOUl%lk8=h;69<RtXZHF@i zb%Dw+%<-O|%*+Zi4bQvBx%sZ5RR5O!IIn$=&t!N>K;&D(@w(Y)?=+85L% z&JP3wd`af#NNnBd8Ke~9G6I&o`)hKYZ-_d%g5Q%X@Q0gU_Ie z3;Kn+c)BIcczk z3b9H*sl$}nP6#6wr;Jkx60+blQ1r<1`_)|ee?EG#i-rEHE?ljG9S+JY(RiZlJ%DSjuB5m) z2{$^fI3FnvkiogYiyIL-0N)1AthDb!RxfX=my;I3vy1ZYDnb-HEvfQSwZ?oiSSYctW zYhU}Wpb=lRNov21a!k^km_@Kp{*xYgE-wcrN5XyD6|Kl%s~RWuLK5c<7@rK2KTjv( zfRyG$G`}Fj(Bi>-hIuNtb@++npxC7xVP|^Aq6ja?kO8c?>@~yPO}y zhe`rSC@nx`Fz_<=+pkXj(mY}>g)1rCKFysxICa}Lx>HoGZY3E1Vi!W)0!lOY-!CxY|v)$I@*k7v$TCZ3pKgj@kHxX#n4@uoFh6r|q15!**ds%o4;1OI; z(zCsO_+^Ihu}4MPDkuD^o+bwde@}8`8L|FgmN&ZBZG(n}xue^r-8$!N9krx3+|M|sr zFRPmWKH#wK)KC&0-dhQ7B0Ox<9dZ}vqe+V z?k$;-*|Ckp_{9>}a=s8r6L!Aw*5SCaTH^6x6F6V zlOqQ8ITJT=htEN2yUV8z7V|R@ghj8t%@_4T^%_p{@6%h?6>#3gp(KAjcg-xQl~BLt zrEH)5zFu0-Kjt|fP(Lzbt^`bX`mcQgQWkn75vW^t@dgFBxm1(hxgy?ge=~L7mic7`UlgCiQLjg zjRm{AAA9)~e4>gS-$;+(7dvcFewz2($dn(r{#O9wK~CfMwPUnw>egTG-2eNbXvNj3 zwW4t}_5W^Ez_W|+#0j}MtFzT*-$MHE(cf0W)nafB1r~!VVPnI!f9ALQgc$;{<*wxp znjfe1sE%gN2L-mm$tX{2L9&14z8J%&L4p#V-`bd#2f zc^bvm4r@hdhQ+xYKBMNxj~|~MY8EUmly3@Npf!o3l|$9a+Oo0f?%eUw3!3+)RgqNi ze)t~9;<7W>wkw1L%}h*ahktClRO~t<2)V(Zm>pWbfs1&%h?Tu!{UC#qovqoDPQ)P63T$8!M~I&08?;J966*!(0GiBF>JZ zahA7=+3R-J{FH8`h#wSU&TaR6DbkAc0FBfQE&uwKxXn%K(v`v}egfPBPLhq)D z!5qbIfOGrJ6v0U)s_A}8b_I7jDqhrJs$J&gbfWdz@V%omk_W}iEv*2D)MQjcQKMEK zyJ(C|3TB>A%x1_WVHlneYCn1OB!XTLLmEvIoyVCH8*7$m;81Vl_qEv>K@Fr;J7Ir1 zFQ0qjVnR0!ukm-sgPZ#>KFFn9J}zxucuzx}X>bt%a{_i47joflEq=Q1GB_dc`yZ`z z?oSL4n>wQUtAT#^#}Ts452aPo>Ln~856=a$zJ&zNA*9jfRyJ1EmI*R8<^1LPuY7ZU ziHncCj1f-5tqsmRf!`F6nQ-0OKh>Y4b!AaF-YS8tZ*4go0bA{u%&JTAd7Gb)@?dX8 zV1; z)bZitL?|z#%Gbh@s&^xnI!d0Yn=^XbAd|rT1?_**$I<{QXQ0r$7rtI-qQIP`(`LSY zpWsw-Eqi%`lNcFjY`iK@rSI_{8XjT64)vQiS@he^!}(ewfiUq90;T{xA$*D)%vYm& zEO9+i*Gh zuGhp_RAj)2fs~g$c_&{K;BMSKxnyB3?*w;@sVc1h=uuQH`-+<p6tDR&0nFv^6Wvq22Z2jof{R3UU;ubF)T!{scY+}#QB$>xW&T7pwK zSR(aqIpIm9$g|0ob5Fg>BXdl5%USN#0a|~x_*>zl&JBt_mBF(1GcU`oqiLaV{=Gl_@&;ARsVcm{>&>FRC7#j2IBm$qQD-j|~f*!2$z-$0|M%^zq= z6V%$p2x5AHPKFB*Rl!{1fs9|Zh9nha8u#q`+jmImtFtv+!B)|5?F^%^5_(*d9@#f5 z^#w)3R895WobXCR&ea?KXuQ5b-iij~dn@bCsSYu7sjWqi0~exOi)4trW3?V$#K%ao zc0It;#B7G_Dr-amF$u%~Ip&%h8*rFN*-SQ)TRmv&T9GC^IHx7(f;w0lZf?-0F%?&8 z>N9PGY*uVPlH~pbLOE$@1fbEH$%W0=ir`h1ZY`GwN_4qn$wT#PRZ#Rj(Th(xvX3c< zi9WE%nl~IfpH8A=`y&JN66F}2tBEwz6IQmJ>h~m~vz24~cY5s3>u$+@`R2EC0*n;v z&`ifsk;{0EC|R?1_B|$ySCcy{3VCrhTU26i63NORBphbpR4jcu!3KSlk5Cnv-gw?G zvE2Yn-)@p(dPD5W>yF(JbtVB)7fXx6ApgzfL<2uzI-8$y0#}R$Fp8VEyu8#P`=e%W ze{XZIue8(co6VoNLc&ctn+M3}28Vm^VSg%$xN-NtkR;~p-=~KWl&l;@kz>vZq)CRH zdl|hCOh5$QxSgtFFglacK^c^n1Tv8FT>rxN2#(9wx2Jz8G8xW&Q|<^02k%W-MO-20 zJhhg==-5=AR6%v$(9}t(R643^YpS6rYvG3Zc9W~z&59oxZ}wYCFavbbW>u^?;O$z~ z=55cOed)n%cd>#UObG@lMZ>Gd?Klll24XIlRRo<28ZRtibtMS^?I=p*Btr4@G0v`|mG zKV>_N#ygt#z&9&gX71b;^ZKF>$f)KkhZq?KQWdDJZ#?Eo4ns*=eGg4v{98F8meR2`*N*h`CekHNsm18 zYfCwufw_i+%|~Rj9SjnoLUMfPn$y+w^vLL&exdk6J&28r&Q3Vv(j|nIv6|i5n8Fr6 zf0nx&kUJDY*t`5JzGF+$*CWFvkAe^9aVsG$Hk&bC#D{-BNQ=TdE)}e~{omjF*DpN( z{2{e{$x0*Siv+uhuDV-!r=U^tmp6aLC)471?pZjie)n1qPJPp#RDR#SCpz=%XNQil zNQXr&+k~f-gCkTAlvU$r;2|0QcQo^8#pZM&SicXlHI=_2~JfRQNLs4)~2#aN7)vaN+bJ5U^4|vN6LGOH2w=Wz7#$>Tw%{` zNr&x|QxoGhTlHrBxITvlJk?*JfcJ}ygnI79eO1b#v4KysjRYt9PD9qog6lWqv(xjU zv16)qE)r2MI4@3XTM`R33W}VH3%|#g&U(NiX!+GA)l!_K6;8EY;?ya?r9F#PuoeS8 zRjQ0SL`;h+y?rL~v+ctNtXrv6$ha|n+CG3H;X%o7#NN~Sl6Rj;J}vy2Vx;*b@NPb*g@^dvyRUALG3FQQ=7fhv;Pg-z+s)8f-&jbNJ9!^E zD;gJ)zr-%`f9QJ8u%^1MYg81a7bzlw6s3hKMd@9nw}5mA2mvt^A<~-&NRcLl5-Cxt zv>?4VX;P!8)BqwSV(2Y|5IFI9&vU-l`@0Xn;My0tcGjMIt~JM)W6Uj#{MA5#>1#~_ z2d{p@kMgm)((0kVK9hy2zauBoO>rB^nJq>#_MZJv`=aD^%F>=+>=_s-TU}_C|7_tI zyRvI;<4}tW2#=8gHxKm6d=HTrW@dd{HMInFj>fDg3ghv9=+(9eed&}HsO#*@ND_qjP^$xv#n-w$;R}&s=f#UCau!#p- zn!RBb%oX%wEHRkanyIrzwj2h}G=}9M<@HSmlENNwz}#XPxL+!D7&$~N-!+sqMkv^8 zael3#d79!qAJirQ3R3A`X!V2KjhCm6cQ`^U+eG;ehzb(LnTD&KL=6V6X#6Be>^_~J z;u(a;a2xYtUBtsEVc^||?cr7J_(=}o0KlMTsv39*gv=R9k^$VENrCeEpi~H)*7c9y zo&IKH_(bvzQ5P2&GWxVPDvGM?c65A z9NDt&67t3NphDkDB+_CD#Wcy%f9VRXiPQMXVR4p2vcv^Deu#x=7D?Ba&`7NEMkja5 zt-_i%=c=Y2Ya9Py+tzf@PG%{4T>3PHa=UP^p}f}4teJq@oLKhLp`^H_jKyMM{m2I` zSWnxj!rVZ9a!6%KV8GTi9|gn4YbhO@%$KeN(VF(Kxhq3ML-%h@8K<`>b#jNfQa4?R zw~wgDPMLbOG2uvakkesVSx;=TeB0O3j=uK?jbeEfbto50vk+e!S@dZ!Y~YMUV=MxQN~`|6h6WzhNm?M`=a%OB&Ky z+4Ohn{2_Duv;Jjw5KP1MMGX_!6S(6xZUZE{k+QLmd%`If3~e3$@l? ztDOgOtH4Fp;=#RdzWWYNZJF=hbvh*%Tef{@UB)CKBV$f*FgF(pOQi&N34NaCZbF5w zW~QfCRg*@G3+Kamih0&osE0aw_ zwI_3!4YKs$g|tV-n93d|3-a@8dFi*%UEImetWDO6_te{l!OUCmtsHlG^#JYg68*!g^NQpX+PrkC@LM0U*>S;*%jtzO8>7k7=b z;%n^%np$?HzYdHesM;M>08^TSA;0cxBSa-`jSmIJrG`5}yawZ-wjWBWH3_Q+f2WIwf$bJ7%mPJGM;E z4@7jYyzhL2<D4VTdW-h7Ls8;lSCwcXmfSM`5k!efR+glx&N zr%9TB9gR5NC#k@_98{?woD^yXD)D_gU1x_3F!SW^4Vl(I;Y90%yD8i4SfiO*FmvBJ z?@SW@?I$kPjQQt+_(TeI7sufqhck;4=^?q>=9c=CG z%dp2MC&%t5nM?{?;EI_n@W?eis>v^4!gZ#uinse?D8tk8uU+~VaBVH zM*k6LUgX)|Iu6^K%KH3@zVpC*!mXuvHK4B-Xz#-pFX)u(6?r?A$nfib(Q;qC1h9%s zYhX`}H>fen4b104Dd&oeSX8I_EDu12mN1~)>PK0g=IWxrV0=NJc+B+}TOqz3{~~jM z`wSw9V`{{)NZS%=7rECm-s%U3qt1RM^yxo6iV5Iw7!h3JPD8w^soKdey2D~YIzajg)d9k1Tgd#$B`=RCq zUJLEIjT+;dZ~v;hP3Xy}2LRM6c-gFuC&&XqvUt+HPlKr2^unaHZFbm20xtsJ4kcykqh}$m~b6)#*L74Q1Gx_+ReF;SC%@V zcDbiZ?^Mg{3w{(ZI^Rf}NH2EBX(${eB}{%3jhX7T8VQ*Fwr8k_%d! zDFyH0&7M`+Aniwp9?r`Hbioox*^#{tk5|P>Ed%1r^(18W&6D|vr(GqcgDE-hA!HKv zt@lY|PWhrt9|aDj;dnLb`nbW7-fHqLNT(6tB+O?6VqsCz=@m&^va=FqS!DxoN*!wp z*zU8b;rFe7r~Z>ynr3ew448Fp`Sryal|d9T93z)VM+D)6qA|1o>zm108x065yWf~oA4@XL3+g4S?U~X7yG{4*7MhD|N$Jx|AL4(Y zwlY@8F4Y`)f^^laF?X?(Ja_FXJbeu95>QFDvbuH#mC=s&)<>&w4B`vyPPG$vSZLS^ zKjo~Z)@7+XlGcM_$;&FsQ&rE2)j*n_+~{3_AEot`=7RfZ#lOP+&uFClkA>J%CqdUbn@omzQYmoU?;q`Q8=q??@Bo-UQ%HF}Pd)nzIv2nF zntIJnax5qEo6JWzwhpv>^3yfzlSU3 z%5sSdHdMQvk@vil?JfFn`|Kd3tiL1MYK_w;{5OyI`4xG)E7tHtKL1b;C6+D8_~(6# zFAt7rXx8*Ubal}h=tl9;o4q{sz0h=>4+cm8R4wzMGkW3)AkSA_LgoOE8E=Wx&;0w= zBjYOXF>({%uP%{Hj$2dsVe($ob5e2N)0j#PWMU-0cJ&K!j2#8$7H7VaM1>kJ<)o*V zIUl}!yf(lh#V;Y4Hnqdq>9+2UG~|5l*8Jhe9pmpId!6V&iG&pazC~$i+|TQCd;QYb z3XCZq8_UXXE1?Erclw~F$yzS2hmu$kH zo+P^O?ewPTnfd_EdTLYl8QvkBK^qqTP0U7?7h#WBGrmhb>AS-hp6-HK2owG-WQ^hp zYqawn0-u}{7Q-=O){UWXnFbkMGi{p;-&d%n$_lJi^Rw%$g70= z2R&7tIuwhA9mZ@F)_C-E0D049B#_@npfmKcNP^y^xMEYaL5YL^`s$l;`-UemoWt@( z@pja^p`Wx>i|pnb3F_zvngezAUYxfV+nfailgShhGs0GKTiWM4MVL9EgTJ;gEe72` ze~v=}xltiI(z097xz%a(-R!(V#Fp$}Z;~ezs)~(G26=(-UzAg}+w!sbQ-_?meeJx( z2798k2AsxW-jjPOKco}Wfevrk-wqn>kd;(Z*LStJm#I?{4C7KVSG*NEn)=*Zan-VZ3feL}z zJxgH87?jn{4_^4HJa8n(6<}bm+J-sQRJEF&fiB-Q5Npd(v^aXF=r8I_+;L_Yxf-{! zv>sI~oA$0fUw56dk{#Q!d$M(c&DSKGpIq!4VZcspo|MrkPh-mMFeDOtaEr#B1mJ zkbl{<{ycg_{&T7y#;9?m%s)ZlsOP2G2cg?O!|eD*!KD7Y=lOC10Uk$B{s!g#2f+I= zV$_Wtq3<5>{Ag zs=t-y{{KJy=}&Tl3kW&swvT_W(Dg`h^5(VbrluwtSy_FOyy^IdvT9R(y@H#@iSM$$ zZAjbw=$Ka|kmml=wykZdE}^cDj`nAvE4x8n4$TtV_@G7HKBsd4?q?QNdwct#yaMyU zxZ8@sFSme7PsG2Z++6uT_aP4jE0bQ#|NXs7#mI(9+VkM}xVY4-z1lhu+X|Vx_jDZ{ z8Bap(Uhdso-Fc^J4Ro;P?NRUHPU~iInXfXX>7a^4JEf`Ke<2p}O%mtQ*j=ZDf>uL8 z^H60_3P}K`QeWSw<75rLuXVHzo10IH5>r&hJAy*P!iuY^3?r1P3C$r-Y=3?6y#7bsAydiQV_{B`ykJyw3EMP4{XQ$r&)cfe0BWvT|zjwD*O<(IMrpZ?ta z@xxI$7CpT<9xkjXn6xRiiszJ2<#x_V9T-$qR8oF3RRa_y{J4>vK4mJEesf#XOKD)L zF}cNOjTT2bha9in-3kokBK+_=t=y-iSGfrth2|wex3P)bnB5t9pau1pdHq|rZ}H9& zR|{w)GTYmGf#$%XpLzQeL$p(Y3t8JiiKzR7h0FfSuuk7lm0uxu)*8uBonANh$8ieb zZW3#q?8^sVjkm(HVhJtF<~KPO+kkV*NQ`sk;GOV*WfiUf&^+;9-)QBO?%ggwTzkz- z+&>?!+$uQ_jOUyG#-iZY5~JA4{Y;t?gaoOVy4}2x<-q>@&>p{Qy!{%nfO94W{cyvn zPa9^CC=hn3z&IGEe1S&tqhSglte}o_BKzZK!{EIP$Q4T-$Vo>s1)Wd)1~!_Mv3O4re;rQxmtEp3JNVd355tDlIWixcRgOVDbclsX9)r<{Mj zoqtY_b{Dx%r;_p&jX2={yj+@k0elmDn;+2h_AO6_foLpe@?m(dM(;uF`VUg|P|OOs zWM*gj4EVq_)bvM9q7R9>eRD%hR2=A|vp(qmm4g1aQVQ@Dm5Jqw0KWi<9}H)TPW$SS z6+i#s1Lel6FQ^usI8vLJo}O+`XU>8m6^E^=d>tiE^AKjn#>;}dJ>qJ|6yH!A!5n~PV|o0>G1DCsvE32^ zPe((~@TV=y&s+lA9F`M&8o~b>HcA&QF1BLE%91|)y$y$Mk+<{Y3grmp=Z=}eSPZrp zaQn(&ZwZM6!BRdkFiQ-tKHlifv-|{A>Z%NptdXw#2pi=6@}rAIDu6Mex=b<9t%$Q; z&AsDvW5|p<^#`fS4(uz->^t}w3GUQHbIgGm-@4U7h6M=*;;E&Sqgv}i7fac4 zEH{xO+9TJ_@4KDY&|Il8Ow{2tzx{N0B#mC(aM!}rl#D%(7m9JHh@Xv%QxR??aZlp7 z(;r^=`R(%}chFJ%$DsAvekn5FwD|8-%Yu)H%WC-kYHnB{8Z)lg3DDBg+S`B{kD#{C zFGoXQdRqk_HG-}==gRMsj8)AK3}qK?sRr+;;Kw=`hCevDMOsRfMZ1LIS0gm3F%>+; zb`L+w4KR(c#IfW{yN$hW>m-2E($mFoQN2^%E%pKi*>OR;UtBgwc8_l{5r>m=;NF*h zdwq|RWbZ{;WW!-dCkywCRZOk3|ki#1n{wmhia212J*`;KC5UPlbW)lPyonl z9c|Bv;LcXK@LTieVr(EK+iRkM4`0$N>z^EAV_5E#}oi&#?fYO?D9^#Bg>T&aM(#q~h$C`ek1dAulh#N4Fy=O>LQQdWqs_h~yYq z^%I8TLo}H+)DSJ=Hl9D{iNjfym5UBGe>FdqTGfwtu<*a{3#C_oj*AgJ%8>iCySDa# za>qicDe4f#dX9!^1Y%afSh*`DZaO@(Mbj9&n)%AgOKC9J?CV?pdJs1*bZIR~$zwla z0;LbCUUSt>MwI*5w*7TJ`=38{`mcT<-(eeE*z)-MNE%E_hLgBv0P|hG(Z*tEbTRW* zg02-N_T#sCp~M!%ndfZ%`Wrps;yIyi1;cGYmQ8;3UdSZB%{bmT;*492L7BNA@IW5( z@6NMOc^D_)FVHA-ljq`Sin`C8``(+Pmboi--3dq=-0nitU1K;9=y1a zG$pfsD^5qi7%sQg+SIQjQ77Tfn0tvAMi@9q*A!wNb3t}>A^y?jM6{ ze|5wR^Kv}$BE`q*9EjMO$RX?CzcDTFN9cRBl%_BK^+0OI^vdrmUM@P3>{qYyHZ30c zE!`MIb?j6cJZO`4wG)a-9gV~PuEfz5O-*J&{N=$sm7`LGFWlNK~x#=is z6YB89r2Hgdq#B4HxtkN97M{W(tB&kAdtf)CpFXOkLtbrNr?^=u>7|;CfoWa6)z4(UqXp zh9KcL@QpCf9uda3kqRi6r-!*CtL^&&`ddq!aM|reo$i+-q^_%&6>pkZY!U`wVNvZ+ zhP_OJto6oU*txlH7-i1BGTVP8+QI9NPkf4$Gdc=dT*w1HcT-kqMW~>(wD63FNxmd< zFFBpR5P*~Qb`T*=SV>*-`Ei}6#wT7ll61U%Nt8dyhe%QITF*<|Q>Uh(kJ`PF7qtSD zX}_n-bAR6y_Hm)jt+cZh>wtK3)wbf_Vp5Cg>3QDTtBt7nf0TdMBc-!1@H^a|B!HP@ zyB9&)KbNtU9eVh|q!&~3N?$WsoRd8~($Q!;!zL;I;R7+PUvYIWA#kumL_gT_2|-js zS=2e3dib_>!YYMMO=sJIvQBN1u*YEHjlzNqNQcVq&$_gH6&-#XYL|_`Pa}K=B)~*u;rsF#&R;71o$R2Z^8V|a*(L3lIQPd+D|p@=x@ka z$xDI>pO#ZTrJn~g0amF;AAU$=ziY$4N_fQv$cp7YQ{7}XEB6Rcy}w@_zWcnr$rrvc z*JS+BWGm>}%Du~;US7!_c5OC@;(`K=po1ap)ussIrRc}>ZlSnz>&=ONv zJwBaMpmgx*b>Xw5pG`bdh~PcRnW#P=b8}dcTHihm<>kxxy{-s+RHbc~1%ZqHnxBq=-S1E(~iwbjUizuDlUEH9RcVZyq z!!%txKcO}Xa7eur_zf+-ITSC&nnlt^3ca&?A3sJ)`6ElcEk9oYTUfw_sV=LBqROMN z4HDrYvpWP$emM0w$S&V94m*>wR|^!AA3J;ju$bxU(TS=BDWzbZa<2jiBitpjEkPlQ z*!?|)4U5;)91~(U0XE4mHPR-whyjb4)r;Y=)Q*|Rl2E(&K9P|JDK|rq0`Ah%4CQfa zF{1jT1YbjtS12kZ)r}^to@6vFOf!GzK#E`&HP%s_QY@CqSS2E1RCA)Gw?qH(k)?)| zg*mL^?OJ4Bc7-Y9YSw5AZD=SMwV=#I(KG7f%jtol02g-faN_eJ0&I_HVM8mQe8E~*B)d=>qWfX&yo){`H{FiYfd5c-4GwA$BR&7_KJ_kZ11{^SEfheBG6XZ+EplW(QVZdbnjuxizB1 zqa_q?XJW;}Z`FIiGb{yFEoO~j?Podf^|PU%y)I;sEY&fx;=cCIAPluP5W+*zLNCVL zvC25QAY^L*uz2-MY_9D2N|Bm@K9=F?tZn1%FT+V?Ks~F4SYY7iAGDsOWRFHO+VASr z)>b}MIk7SaR=xio|$@m`@yiXYOAGqZ*U){;AJ7^HwF!jx9x3`&eEbv9p|Ea z1Ox>k?rV8%{*OUcXW2xnhT!6boC)|;#%*PNfc$kS0ux^zZhMhLbJ#DBRvH+}48Bd2 zF>3`gmaSO7Xh@XZo-UVyE!#FcxeOfO;K@e4K0i52ap^5N6b{uinS{TPRZ&qdR+uWB zuM22`-BKTpmRePqIs}8{v^iDh+z=L?HnE59`VG0hD&%)=ZZKB9+Q=MQJGTA}55r6Y z;-)HXt3Dooq>)H#JHt}=&Uu2eDv<3qQ#}57&QC)VQmD4>UCR9Uy3_+?Z2d|u|Iv1} zrxfw@6+(%p3mFlq+;e>7ge|PjRQ`idFdTB;Ta1=Nos;`g7kxwFTrucaX9=y4* zzEb1{pm75!X{VQqavMbIL|Vo$O^|5QG%98Rb@B-P^jEL0b%Ne^uYDSYvyI#g zK$lU?kerD=saNjLKCkUEG&KB40oV4qwkToLc*|6Qv$m1?MWD!JT3$5lw<68rOLCf+ z-2C?w)#c?jM;dX!I8zzv4n0L#PNuY5NuKxu5Ob==n*0XT$EW5Y&2h zcDJPq8lFIjhM^NXzZEE#h&wYe^GY|p6Wx8x8epdwAji~Xhs#{e?h3|k>c}W+T{)`k;S|hzLOangwuQLw^cGr5Rn;yZ7!vNJoyBG$d z4G;)ysD?};Gi4V;?e%pch>(DC6T6ltG1SYOI{MJCB@)h2&azkwZ5!>G9k%PuhES$c zU|yC%1nNjr+a9zmz0CP=etmLPxd@n{>%3Rkyb;s+)DT>Yrh%Uha8wU{E0cakTvMPt z30Md+0}Cvg9UM`md^_7idu9tJoVT|tQJ#yg7ZxXnxIfC~&xKQ#PGb~M>q3yR! zL!Yt3=k8F#5*$-!8oO)CxsNhe?{TU$%!@ecYPC}$qPyh8GZogI=W zb@iS%EN4H5m9eR+OA@fkD{LSTvUs!7dsG#quFfmGW=;QwA)I{e&V}Lu{REmjjsEPC zKRq&fXJ#lKR@R+L>p$5ap={4b*#$uRjeJxQmMgoj@0E%^0C=9tpTFM^O8V1eMWO_b z-QXYxg+NCH+HY$9guj5W)n+O6GCxLQP>xk*Jok&0@n1BY3V=k;MF4^R`TxY;xNmhI zJh>m3Eo$4MF|O*JfDYKc^rn7vY%F8ywF(i}o@IX00?fn?TTEKKQjPw0;ghx{B@oEp zC-}a*nAC9KQ1S#o-_j|8a$a{%Z*y~i=OHY?tW(&%HZ96Zn5ugn> zDW+U&QA(*keHZ9(fp@HSyq#@T(5#?_F;CPuG5v!8vhGOKtTunje}Vhs)^#NKhDEYG zwrx*I02)NUxUUjg+*f42Dwo~7>XV?4@*Um~RE2tisGZM7BfwlIzbeAkvgI3tE7M2( zgT%L4nK+BqA2+hoz{f*i85!#LV&7j!zJLGu{@wHj>{NBen2tF@)vs05w)6gE6=*-Q zk%J?LujBl}Cb!wFooW{3%$GJdWY#j^R3WQ=Jo}oSYxtTRU^a-JpgtLj3a@*HBeluD zb-`UAYIK*3aq!s4A;Dnux02k$Cjte5uJGVLd6RGUEGz8is51N8$`)2B}N$jqh<#uOpsW@u5`r?2}nLXPvhZ~p8S>hFQ!Pq-Baj27CHF*^!e`Vl_051xY^?B{rzz#nLCrJm&kw$!R?6c6kLnEg(NE zoGNlt^73fd)@k6vGL(bl@%r}(_&-mjlaWNlb}?@FoBjO+KSL?se|V9NWn;d59(?BR zuJ+`a%YX@MAneUxOo6oPR^fXnu8r?_#>}c^5Wvx58twzdakJUBw(VO65E?u`X|Tow zmwYY3w7`m3U|T8X1B) ze0w?8t+e>-ucqa1ii#^UpiWBwgSfVdLynmqz`)BMh4tuO_&aj{($n+WxQ6g^8OL0sf`ZO1K_rhjL%dN^wk@6w!v9HQ;Dvs0NtR!EJJ8p9Tr!{HNWck;$+T9$u?jK8~Wt86PT?x2hdx7db1I8#$qXr^$UcktRk zi1_%$5`h;(ufe;Ijsk$w=pY3p#69JIDSVy=Gm^Oe;L)hVe^AJ|U&xbb?h6)UY1h6D z_nKYW2t>#WczNNM%%EM&-rvoRxVAUr8Tq{yK=Xp*p zvDwrrcz5~NwB+CM`F}nkG?)~@s>+IO6aNTr5>ICinDuEhoRgrA%w$lMK>3l4qqrbvK4Af!@o zgO-w#5$UWyv`KA1ZOF~d?YNsk8q~78w>QC^54~mkJmPshHzaFqZEd{Kc;zHTp{XuH zigVMLSh$(n>tH3gVGGVI1lu4`J`-ky;LMhIR%lt9pYs4WhVW%1cD8< zTWgqQ5JK3!+lW8i5xH`bMAOdIE8T+)>>!M`49;U)8^aW&>Q(+;`u~aZp+C(cd$d)T z|6ci>Vga?X`}iD?70+Vpa?T%4Pv+h|>SAVaDP|zdfNFcL$#Shr0Tdh?9jfLZlpi9{ zwTK8(`xqRnhxnv29GRA!_yhvsuYRv~rQ|5vDbETGlq4gwI$rQOeKC zwo1%;^2_=UUL{+Hoz$qAhXbW8MZ~WwHo(47x;R5dV+%t z4U=44XfsA6+B6nOeQYhn$+=>NfwND}5o{&F^Jle&M>99mL%chs03p2%vO3CryT2PM z_*l~5m>Sg;bOYVq{+F`=RKI5%8`GTMp`R2jvF+J-ajnyGuu}v8JG5W87JKmxr^a%U!^;)%1=3jRjFu`Bn}zBe?K8gsR!&Y zCokQ1m=AhZy?a`@&Fe6Kzc$2p3$uoYzsSV+a7Ub|yUIFx{pM}NhlYQ{b1$Gihf2iF z2~g3zO8wPITzR_1`)N@iK6y*<>eaCB&G#&arDcV z`YtXo71DG8EH%x3QN+2roC7}?%DOFFrc5SV%FFe(@ICXsV-2!;zIq9#E82@}RP-Msq8^%GQ4_Mb#ya#ub|I#HLrgn` zE9QN{>E49zkQTodFg8q`v7knhD6^|W2DeNVY+!__lSK+s13nCk3^$C~#Erb|=3#vd z`*1Zi0ann@-!FWpF!f{A%TbrT%omaZ!Zswc5gC4K3x|?|O3vDQ^1Qk+x3{%@2Dqu` zfw{}C{6|DY{6L&1tS?riid~3buCPwCyv=x+!5Bf821^yfAXKgC!Q5$G=Zhdduw&~% zzw*p@@udk8jpknKNw5&Rv}t|P{NcTcFwd{-t)y+XDFA4`)8t;-R9`%1eR?q%CziJ{ zQ7d&v_j&Xt|7DL$#2qbm4Btj!oLfPb=gZg_k*r%!cL$Z4bEhf6U@j)KrJaAVfr5AK zA03#5=7Jk7HyJOxK==c&9Q=Kl(KolV9D*+o%<;gj;Xpe( zT6fO3`@7akOJa=c!pIKmTI-z+ztAh1nHYar?x#iOrHE~HiVF2HghJ{e{R|CzSiLTJIHcTHc;-M?-Hk(KIB#3j}~DG)kk|->Hk7F zzoj5$Ty&J+)XRTBPAU=?!)+c-UM;;v#&ngv4Cryu<<^K=+mLw)=RS`M{7uoyPd5R} zoSc;M%G2LtP3i^xdSp!fBbMUnB*0#n&b#?YBrW=GR0=2Hb-(@sTf&^aE2w;kR8Hwo z&tCf^L*0*C0P%HbhKw9eg=u}wmLLHf1Ig?nvf--&Vliz{jK6jJvl~^$P_YDY_923CA^OJ+sRNZ zSl|2#D11GGaqMBO*Srm%pY6(Zm;DZ$s*oh(Ku(iK8XeZM(B947aZfH(&N4<46Za_K zs2|ElhkO5g+M(S=64>b{{02Y;UZ)kKX%@Wb`?ZRR!e=CigsJia$1^54Zk=axc)xCz`(#Y{Yn5?OiQB9au;2nq7mq4( zXz^{SoNadq55+N>fVk-K843ZuZ_+d?4$J(7VEdlLXm($?(_jI^Q`^??ELO z?o-8>dq+-#KQ^+yXsD{9D^M`G!oXgFQU%}9ziSpc*w6n9UnN$>ID2{GxqksKq=V-j zskuv1n-$nAae@4bzL8Oh12g%OZQ{4>d}YNQ%q^prF0@&1-!i_H6Y#9^6posg{6LrB zcorn0PEhpsm}s;*lc&^Ox_#`c<>FE=5DnSM-LsP&JDvH^VDUH9`JYDHAJ2H7S1bMt z_abL~G5^K5^?6oWLT%c`x_ycliH|aTO(N8{B#E|kR|9U}Uv0r8o5lNc_3hfhE;w|# z-|X8QlM321pEZVMt5~XTFLWA?D?pk@Bgs`L2-);EVJcQ7hB=W%Pj3R7bx%~7ZndhW z4K<-pAL@3i2nbcT{=NZEJR%Z_E)zxj4Rm^XnO{Bc1Ji1gUo>`hs+-j^3mBx0q&@&Y z@>}_2>bpPI^kk8OflHLxXOsb3E9E!RnQ}wk<}&Z9-TB$2XUZjA8U)tC1@1QHHzw|*6Dq%89giY@V%NRMl4vs=VS- z?=jnI?bWC3$}2w-z4`V)-4|Qcq{|xp`$ADN2{vMsYPvzo1pfVvoe?Psyukabk^(z= z)9hnAw^=Xqfbj&h#4t~M%0A$do^|z9<~T?G?oHG|w=e7HW1r&aX47@9Fm-Q|2W z>`mX1vxlb7Ha^P%-E+Kgj~3t~;Azbz&$zy8^~r8{J3CvBwT&+D<#AK ztE~mz-p7!9Pha84SBvU_-B>9srYb3<8 zgvvpHCrjK`)VuSr^>#Kd2%c7Kj&6&nMxTw%ffb9SMvU6{pLe_-b(wL<@4dfg2x@t- z5DJaV{F!$bnpt8OlJ%_0?(2$y!?;}P=I#xS?V;#&vRu^| z|FHQ|(hQ&IrtJA?NHX~+KAtiYgDkK-j^@|QV1+6A&ZUzaKDO1g?Q?t>QxxC&dsF9B zSMiK2hj7z-ygmkBf_bBle}5O@qr@^wU(QPosX^}!KNR7+h8n|N)^y`;mg zoItAY3kR19BuK!+S}N_E9xMbplU;8|Ud+MS2RE{7kuxd>a;U&z8Db7`EEO&r2JJ4+Jf9Rv#S zc6Y?WYjZ@>Q{KAVO>blwwF6}V=Jj9(Yd2a+!g`GYS(EQLaVvp{@^kfzGKq=u- zNnjJn$jr?*#hmB0ktynEB(-&+(XV60#qG(uhu*yJ##~nf+ps3aeK-r?l<6aIF8pa{ zbMD@6KUgoUF4vhpYf~PmVwIL=wyNV^gQP*fT+a9bd?jJ@0ac>|8tm))-SF@`>oh1v zC8M0r$WVWZa3^fsKM2&R8uUg`k;A{^pE%~9@>lpzPdlqMWa{tG3dSIt z)oE>slgmH)CLc$&M5K#HRe9z{uBOfSbjt(duY7{rS|%)I?XqC63rr*4&Yp|a^Zw}$ zC>B5rU~ZWqMhN~|lTXhb>WS{PhD-4zt(Jv2iLI!$9A?g$EGTI1eK-^E$Fdd*4=vq;8a)^n?& zv5`xsmTT^1zvjFNt)uzSvc7}<8}&=Chcl@>hUcwd65<21sLoCm1#i*q(};+3PzzRZ zF_ol7dxHPP&gPI-N?0(Z~7a)5>*IFP9 z`ZFgF|<^l;M$8NlCUG#F#3-hVb?&aa}} zbmd6)DcmuPio2=sjBi*iR{mn<=A-52Y>l-W-L3CZHUz&8vov<5e$$j1pHQ`JX^A~J zTWNw!T^mB7UUvvF*uRuoyZYMn|F9b*Vnui6gruM!_C8ybc+Ij9xw2-F;o*@3_^fka79)!MA#&b(rf>_%=CZ=$ ziLG?%H4j%H&5R6NWcvu6JfQJQvKyYc5D{?`1{s#%dN=_Q}28-24QbSOUGm+ zWd+LQ1*G06f!_?{AQ*?_XIocSx1%~ukHu|Ut-_Cf5QS3EMXMz_CP&u|HB8nZX@N@x z0WPS8`C3*qX>KX?mv81h1+6-laO&%u4?a!tuolAd>)b#Wx!h-CO$#6BtMb)xq#l>B zD8rMMSKEOT7EurFLJRgpwQVK`2W^@DAG+Q;D$1?>A65a8kQSsnMrj13k!}Q38bn%3 zI)(v3N@@VVm}M;;M^r@WZrqF%eM>v=^0qX8b`&78)% zlfi^TM)gcj-$%6jyVdu`N8-jfA;ah1-n54)nVH$j%d}!b;lguP&(bXm1o#zpoexd} z#J4UN9-3#Y{NP}lrA`n)^6?GbI@6jjty_pxsn7pgeRszCyE1uVXZ{uZ{}QK#@2flu z?`v*5m0)rD_V)ebR}T^fe&3{Evu5q+vnXN2W{QVzu#)DZQ7IofOL|t`a(YSMAhuU2 zL7T@d*W&sFl_GxEa+DHV_6a$BL;;g}5QHh3JgFU5q#WL9t~3zBG|&jbo_eStrpDwn z(_r%OF>MG*|8qg&>nO1{*2m}P97)vJqb;wWA>RGi%OeuURW=H?QxQ|Sbdgw)5UW!a zor30nj}Ce5XL}1zRYAw*#B&+eZ-W5u+dWXU&pbs42K7z*#oDZWklD-ECf}OQi5ek^ zJUvbAFgqL*{`E#Rzk}eRrEtWEglEf;|2bDYOZ0EV%i9MF5pb+}GvD}M=TGgVKTBQB zao^pv9`+aGEhQGmezel|yt%4%xxLicxTG-EVjL+9$q^@4HcRZY+OcQLs%HSuMv)B3 z_sHv&H{3t{t*ZKjK8P35yhNB)X~mNVe_q}i6=YvykJjgpPbL|;h)fl$$12hRRUoPY zDMN8nWCuov$@%FiWNcXp92gP=>mu+H;^g|IxBb-{LX?~aXJvWWZfE=Ti`kYXfIi(4 zBQ_Mn-W^&e+r@*ov9&o^>sn4)hIO-W3hfX0f_mG~6nAQIEBCtYq!GZyrFDPk1uuld z)zlbNT9zXA;g=rQV|BB^Q+YWfb@hnmm5R6XpDj1usO5dlctnFcbr?+2FJQ;lgF*9_uaR3S# zMZ{IG9j`EUGx}AQ@l0WlpmnDt$vZnWw-~XH4swwn)>`Z8sQe3LYNXDeG9SW~VBZ*R zr>XuP%KRbo>)280z&zR!6`1-54)y6F(R+hRlC?9V_#O3EIj$omcr_)*Xbn9>EhV$R z?=~2XFr{&HaU5O8##j!zNKGwS+M3egN$W2u(gXDh%!dtBmTK*E&4-s*Ng`?;viuOH z{O%`j`ukYatF)P}m`WQhAy%wp_baD@HlC6GQfqCix5=*4?4*o183b0`?n!0(7_mvS z2zWP9XH0ZZWctB^DQF; z*cy56(KxjqfPs4PcwuTP`b7bc#hz&VC+<$Y4{xp=qz#0zcQ)i$Qj&N~bKn#@zYq!{ ztM~Qh&#};GugeHo5fHH#2Q%@~;7;}nxSn2Ip62g}5B6J0%*bGcB(C0WkKa>5P~6=F zMoIunewja>>El%hKMRPNx>WjrrmGsT`n<%1zl+yz+pBt>Pd2b9Ou-Y^Sj{sYU;53! zed>Jy%~FH&mzL%uS}rMx7v>xrhYywJEeE~PihPI&Ec%;Im{Eau%G?%Wh7{Z%%&|yA zO_W6BW!Uwf0ogX%ksTZ zi}Rb4SmxuzDvxQ%}KjSRq*1|Y`|wg(B+WUMBR!$0XQuFBwQPvL7qSJAE z>qqpF>ty>ISefsaE~m;u0SlX_(xj00>L$eo@6^Qpms&McVcw4;U-!=ER0EL#7nUd^ z*JQvfJA+Ikf(zNanNLVB$$9unZAy0V9IP4hvP4;R_JUW=0Ylclco>QH*udliM3FTAn34i#q|*j7aoJ6M7?B$W51xY<{8Ln-zr43zJNxP{36ST=rTHT0tiw18@BkFSTKUn_M)7XOChUT|-K%C_ zIz0kZw$z=;EPf!vL1>VmPBo|0Fqb5U27wh_{HB+NcI-1)(!+)+ZZ;#ZKY2Tc86F;? z9n}KNK@4Vb9KK>WjI>F;h?!VEIk?0!;?g@SMNYL=~v|<%MVSlbT@}L*K;Fb&XJ2<^wW)VmGo`nGErVAtj>HWh*4xqyWad=inEY;S=OlWuY z#Wqk{;>)eerVzfvU`e~?3&SVxWT%8?t(U-QK+UCy=^~b1J&pq7o#_XRFs#vSlWw?| z9~vXskj*@KdTBdInV;53R|fe!U7=nFi_VyKUH4O2vehZDRY@r_E(m32W`1D?d?{sW z!1%VcpGpl7^^NqK=w&0w6BeMh0J2|pRg-*5dMC^XZU(^}muAR?>CEpIhBF9}0`mpG z*-fMO-#DNZlTwZc)=<=Oa`Uo8d9&-{X;Wry*71d_u`P61A`2y6zM4hM7Dc4C3q3sMS$2`sFUyQCx>`Nv@j=%jetQi^`5l3(lTm$(t{D=2$mX>vSENot8gJZu&LNs!~^pgjQ`$(FI=duGw z-8Yg2fVs%CP9L!(=5kMznowE#rZSol0DDwI4-vV9nENMn+G4n6&Ik`8?%Uo-T!>9q zOVop`(?^_^;Oo5;k$#{!Z`b*=z4~V8X#&!G7M_UEVfXiz;y+nv^78<@*WZ2HgNtL= zJ7+$tmxtA!HuO0bL>n5W@d@`~HTJEJ)GrzrV@n)P@=0dShs&Y-KUP;e1I_=1Wp4cf zJ$SM{JJW~#gAlMI-4Xjmt-vMMKBpsBX#mAw1{@{rVnlPARf-vw^J4%B4snJP*dF0vXa?3Lx|@7e%(&niDZ@w zDsXFG2Z5+*+j|o>r!%@``*>8;`v2VB1qm8cxMt1trEdCjXmL^U$n8m68Rl)t+}-t@ z2)CXH+e40&t4$PC^VTOC;pML(ciY5O0adeU-Z73||B{B91>LM@p)CH-CH`jhqU zY#P+S3Cdo<+ojY^IQlP2jAWzO+~l7H!r!dSPojU}@uJY^^MBk@IslWw7hL;Jm1kM$ z7~CRu@05-#u zfKjmLv|Jbj8p_tIQrvx{!RS>p3s>G6pPU$e5x&j@z*`9=s`kSztxLW`gb*OHx6b5Rc- zaaVf3cMH!o4ib>A-kCQ` zy}atwKDg#?R}QMtbZ^J?g=I#p$W`-e~cuILn{hY4pxnde*7S! zH>E#Dtla?Jm)a>BT(hDH4_klNlhS4haKp;KXAaG<-!?>w6t)ohry8bOqSdh*+oQR0 z?i|IZBEQ>KAotU;O<)k%Jy^9dqPcmPmN5SXEcTRsOiYdnEVO+iQEu+P0QEg=1jXHm zhu*+w8rCu$wrlrH`;r$y2RHp;cl$nsejda$4q0n3GO?lB|_GBit}MD)vCK_P@J zfsA=^haC-&|D_XiY(P9b4*5P55}7V&7j5J_%2`xal-S#=knmx6n9HT+m?JO0U8Q1f z&R|jVRWJSECc2X;DlXO;-8m>cD=9Aja<6z2RVzcLO=BXA^x4UpG99mJnW9E{5d<@r zXRGCJZ`^qMfh2o{JopGvwguT+Ka-Wmo#1OnM7P zRn_9U)l6L-LuLxKcIg7m4DK{f$8kw$1~3DkGLBJ42~k%;)NB-;U+l;iseR zSzpQH*zU~}4yww3u>~9i(ODZ3bSpf`N9zunz~-C1ZFRCoBPp&aYMJ71s~F*cokqd$ zJig>J+{C)8l&j*$)hcf!;1@hg#ZOL2#>C!qbusfLKFlUlSEs#KM3dL&CA0}(>tp&Q;ZR94cn+?1)t6FT$L^T}yH0dv;tR$0e^)S5iy-@uO{J zYQfvd)9BxgAtKN{S*Bo?5Y<1CIHLfd66+2Q)z;#Bw)AuvcsfU+jOaVj=0r&4e zTX=Ak8WWR8q9vbJpA_EKlEXwP@v%lN%Q^d3Pp_(*1-(96n8RsYCnv+W&&0$O^x=13 zA2l31bRb~p%QJvEs^=$%rD42<2vHv~aV!ZbDKnZd^lZqh1WmR;Q<#*DjM6tK$QgDF z0651u{1`}T5tsNuNtN-IE?)_D8o+#D&Vz&^HF~51J=#DjPcuvM86%Q*hKG@naf}*d z7M{Y-&Cjph^PIF~Pgl!%6q|*PJ%lM{=WRH2uUmx3WpqrqshrIPpa2Lw#XWg?A1m~w zLz+u^Tsn!{+OJaIW8;kV$T?v#;m85Rb zRt`Bg=DY5@6FYzLoNS&ehmS&o@s?wUhSa`3!b{p)pi##@z3pLT)h4us_{G|xV?%cm+35#^Er!jc9gXhs!rW!d14}fqu%6e-0qVxZ0P;*PHw`we|M<( z|Fs&p#f;Gqf4DOV!Bd`EA-H+?ReAQS=*Tu9X_kh*v1z|tBH7jyHB%J7>j7E>n|l6K zZU${6`?zzGLslTfb~l#wyHn$3acbM+KA(;@4y_hgjIJPwjLJd&G`9G)0)7h+fD=_!^5E) zGCtN}L%`cl^@Xu*s}R%5^mL;nAHguu+wrVho6`}=X{^~2eZ}TT-_;(9y5@S-T?3bSuT zE&=y`k!tQ9>XsYd$!9;hFYp` zhedL*%)-!CtN#0O5nHk(eJ{b~zL#vk^GQ|{irk>-GE+NY-%EuwUbCEPGYQW{5O&a~ z7Gu}pzEa8)cl-_UO=S3!^7$LWTO4y`mw*vIZ9g4Hojns|3eC$2Ee?B`t=YI58~r$ z$h%(9$}~K-jTNYV(AYv4+ZbO;_Jc1B->UuPmP5WFgZeOTFNOCrOI#y`)TA}>>A8!p zBJL%9PjhqHyekdr#~Nf15u4%~H-X*+bIO?A1$yAqDLHR6|GV0-S&oWetGWP z;*_xz+ty;wcT9pvAvp;2tZ9ZE>S`SC@Emcjc0APfnisZ3E`2TArkl`Q!L!&jTVCk4 z^tdka9^KbN8Z2Sd&woiveSt%BkrtLMA{nLfXA1esBa){N146!=yp)>ZzwSP(Q(K3Z zi}w<;>b_gj8FNxLqQ*a|zLbS#}QOOmR@rQ_i!-X=WdQ5ZWzxwdkilJF^bJ z4XnuGfccP?uu*BC#cfu5zQ#6})_sC+Ns`$tWhzB0DL&SLC|QJPApQqbmWIcmh3F>p zA)il+dWQILZXBGb6t(dU+_>Fx)D^KW5?O?WVmpQLg=wjX4?0aj9xXYCMGp@TRCfi+ zpkv_c1_$?r&_3+oWY9sQwRmc(_(+OpnZ(VIsWJIM;3NONW5o;ys+?Sapw!7~#NNfa zW(7K?GuH`fU}7Q}biKJ`t?=@+DLAI2G^{sM0vOGAl4zUpC4Qu{#|<)!xZXBP{c9 z=qY1*q&0c-_{Bd0ylybjEw?< zFM2pFxlwfe;~biIL-|yXwIFbG+&OGI@5}xO?L4Dj1mjYlbQ@EKzy@Gkk-}-#1})1u znHY?0ivnxPWGT$|KDLYON@8(=HDSgIcdK<2IWM%f4KPP$T zHzjea!qk!zOpUDLA=*2ZJCNhPk;LZ=P6ANMl`2 z1>J{Fw872<7DvC7$FIfuQp|!x=!I5b*K{X7{}OPRjdsoOvKc8>VErTfS26Nl4`Y?Y z{3oTV{#Cvu#}_$nDRk3V3$G+7ll>B7Q`Cx@@%a-+v##w=w}#(USz_ergB2Z5X#B%t zJucgcHV19=aogxWXs)uBb0Xl$Og?)v&VC@XRm?QB+)q{bz{#-HwNOw{Xih68Mv-yx zG>$dGVRbF3)CJ{1VRnA*UT3ihuOrdwDSlU4u_Iu`6vsae|A5KCO3iv^N(cOPaJgA8B+kfXI}wWTvM3 zv2{o$nJbvo4bH}s4dJ{rX@Pun3`@U zc&R9Lg{1cqbsQ1vb0NrSq?}Y!9+b$SPD?c!#J<7x1JXXlfB_;23Kj^bw-2@$)KBQn zzTl@FXLcpq&qx*AhrO_}un15tQ@rKRX(%n7EYG%Am)r1sYuN}@*|_Y``rN%6_|t+exFfQ+8bg3eytIviT_J% zcXh_=G29&U6cO%FcYV$(8GRjyBk4&tPy!B2o&NcsM9BY%i^Vs7K++-W=_ttmXYkYm zOa_0HkNvM7MelSf$Ap}`M(d_i9g5aXDw&O5%gZash|*qU=iv=X-lg+D^BJ;{(|@Q{ z6`!u4JL#m}tt78-TlG5LMQWmJKu27jr-wyH@l@QBI+#0{huN2Mz%UpDI=t*Q4*R{Z zvJ(M=wl8d%iqiwWG$WVCr^j|<%N9tJbK-Zhkc+0-pMqt1mYPVBrt|I;yHw@Z&c`8>!?4LTYc2d zCMZG)igJrpe8|11CCsdAD&xkR`?*jf%`AR7evF4{7dfWNE%sYsw(cg5cMASMmLl*+ zaXZvLY29owlKe4VAN;P{&Wj6r?1!s0IQq$V^*KBne~Yd)9o!Q^-ZT-Vsd{SnMU=QT z9H>8oH8uQbaz(<9paENPn_3bEvj1ZFvf+ddcfL2oC#yQi#Fq|5K8;D-{a!`eY_;}! z)c|M9{*L`+hruuF_`(gfhh+Kj<(&3OwrPzA4T?O|`htkCvhK|8j0{@3oB6RS>d}b- zA=?wTcAjKrm)+wgHZt{Nvc*!ORtK-oX79gtBnQ@|Jd@bQ?)z$W)7RJ8wvGu6USAVE z_1vabt7&DUQTM7`*?`gM-u=3diCap{rq2!-CvKC?h#hvOn&+^G*XG=`_ss9 zDy!ON#hFo&D8wmrley<80@34LR0o=ePtA}=N%%#SQjLB4P)3(iX0iT|A|?BG-b6U~ z>uIYoAQZ;5e-Z@H!5~(^3AwKoqV=rmDB(kNQ9RmmmjQU(L`&T2JfmBOGn$3&+TXo! zCMjF8cGXBW*Y!P9Im;bPWRwt)cjX_$6_zHcR#Pyv&T!2vlqt9d?e4Vaj1Y61UV3B7 zQO#RVaODcN@?^q9w{?HlD^Y;RD$psr$V%P)+BUGA{;W`O*^df?JdCo^Vpm3kD%;$` z>fU?%`B*$nN|pv6qs<>P*-`ckO!NvbxmAN!PfZn`Z4l0i%8ekT^#rg^1?lhN!D6`R zduG*7uJT@JaL!~(8B1e*VxFgF)FIRnN?f%dTbG;NIX^ToQ2D&<>ZzPV{b}B33kkJz z-^D^HyXA|mdM+t{@iArHnS;gV3~IPJ4(v0D*Lm-`WSMbHw)%{i=KuuHNJ*f_{fWg3 zsJa{rPtT@Xi;K7+QHD|Qi^+v{uLp9H<95~l6zO+ns4H}`UcoD?>FMct(TQP@TdVO4 z+OOWQ)T0hHqAS`mV#nq92MtGVy6l z<|xYG5upZ6K` z_#>~8;elfGyeD0g~^sn(+xB< zG$h6m>+(aPmeE<0O@~|%6cvLgAefqQ&r0@zj*zyVW6)=lhR?R&njLz=H)l>g>I#Xr zGMjacoNE_9-RPDORMim&CQl0_@Xa6gnDlbmr**{z7X<=7W7t{~WeEzoZfS9AC2;|V z6B%$XT}?0eHx@oA&6^~-^}Tmm(KP|}DHnfxbnol%$L-Lg$t_bSLx@)=b_v4i=q5-sErJvdqua z;<---x>wxsqda;kT^$Y4A8w{YZjN^^3^VyBJ$aHb#Vu(%Su z)Ko*!C=7UbdK!>1*`#!d(7`d3cpUsK-JNvI zZF+kD1diCVt&b&|GcqqNZDvd`|@APT67La8qjNVYj)$2Q7xol;tV z{l0c0T71iwh-aLO275&$uuS)Yn_b;{LwEIz{CqZ)=^KI&z8~QKd?$_^Nxvt5wEq~g zkro1SakXDhBk*JrbYtd-pfYxq*Hn4ooZmk zdh2AEWMw+%J!A&o@LVl8l#{3>;OG+FALsPr24U%-ICPziL-Q-boqx4w7{CglL z2C7T+TKpEcJ->XL=^*`Ux8Co9N62%es4h;MoC%RyTz(#=qoSZ9I=H^Pd@gpV$cW%r zdRO=O<}32Hf;*bgQmv}GNc!2wx}^Bz4XuVf>fCey`7Ha%_x|;ZFE*nLwE~CP6P6RU zgUMv`Cbf(6E8a`vfzGaXMheuPGMpj!Kn4LyZ!sZY39|MBuu;Iwja$E(YYFP?TE61# z3iXH`a*eFBQi0LFeT!JXyNWF=9FdRblUg^*V>ox?@9nus>pq(+sVCS6k!TH9SKJ+g z{jQyErSDV81bL>_)7C-wLT+GusFvo&*}mb4g~;orfSc^<3T!_8@8RtLvZ8dm0`Qg( z4jiFtvgohlm09?ZPG^rlE)o8NmMLM3TyQMW{8YURMF3i6 zqwy@x%y;8cE?Rm9A@x34Em601Gn}NRPF!5B9@m+nS-{}G9=E(UI7iJiq@)h4J!$(P z)Q)m&Ute6`P1YarLfo#!vWM?zg>A44qyIP6oF?%z(`Uj61^Ry!mMxU`3$pUljXq15 zXo{WVqdJlP+oM%#o!2wpG-tZOl4~T9iIFl%sQdL^FC5C%Ii4P_#W}o==dIwn9pzg+KaDaxnW?12 z)ZP86Xug>5`(fYnZ0Isx%)zZN0h>JYWu?~WEt2+=Bt+#rjqU6%gC45CE)q`;W-iq@esd?~9r8(bZ7zs&gfjr~fE z=meOT1RURzS6CBaUh}F*?Q(EpC_PtN=An7cwWS=OudAk4BIA|uMlzP8*)NBOS6zP9 zbSk=87?Ek9s2<-^ncdCOe8U?m#J9BscPmSam6v0=6#-K&3^v|UtX!zR+vEe=J+g2TOb(NC<}M!IoNqS72Zz zp*y~X_cz7Iq03zDdhLG{hkr+@hp^noSz#0@rHcO}=$3}^0a_xfj@5YS0fG95yR{`X z;e(E{u{r5>0ssowxZEnmXA>`$A%gK{uQb2-cnv*LT#~izB?&8A0dtEJ$Wwp;-A{W4 z&2M=J6CJ8vrv~R^_mw1Bu6WZaA|Wqu$6jkxfmBqc21x2U*I%22>{mj5_8G3o%+mOcG zqnkS|9{uBB>S)$rAk&B}X}yVF)_XoiN-t$z0Femq6Mn=UR%DV6SEzw?oMMO#0QDZK zly%e6`_k6F_iESWUztwJu=bzPn0a^M^NBiC%(SW&6F3$9>HhHcn?doZfmYowO#sp_ z&d$p--L>wYqzLd=k8Z>oz?~9KH&+4XAKD3fKCTFsWSK{Hky9!2DZg^PY4>*Gh$bw9 zt%zQTF#Awb!6m4CHu_^x)AAg$*h>OO$-}|ZLHjX_hR*{0{Zx}~hvg5l?&<=+pvaem zkFGn`k4}Ywo5{)VQe|^nZqh`5KT-K0CH39VspUX=;wY`Q5Gw!oF8$wq`%ntKV>_in zsRI7ku`Mu6qYcI}=dB6b7wKU`d+x84ULh5TpSYcKMKmFOEu300)T-48u5o%;4z1qs zx6({nTu`;F7k;U~SYWDZECvH&3F8CIr9L5!6piQ?*pq;8eq6&%Cmb&_K3(X&PO+n( zvY@_)ek1GkF2kM3?bbi8{?{|LV}*s`zW7U+dMo+;|7p+zkWcR88izyQ`%iqgbJE3Z zD}Q+A>9%!ra&qr${nM-~&zjq%MVI$({{Hkb&bP>E-kQVs7TW)_=zm>6OkFzdu4P>A zZPx#}`2Q(f{@+u+MG=$i{xw~IZuK8!IPV*rmV~pBa2uMR)#c8AY_9))P|GwX%jab{ z5F0Ot<T_O{g6WDW{&*9*A^7_z zl!@WKFUK=c_CIE6Oh-aEd)58@9P>un_F@o7AW#us7``iMAz_Z!Yv`wOu9mV}Y_QBO5vg0P{^~vqghD^rPzTq z*5T3U>nLeIvGuju*x1;2hPrm8`wofUZVrz9LJJS+e@3q#Y|o(0M`n0&$2$$tT?^L( z*ZxB$ES|o}>1jJHt!}{!q3k!sYaQwtlosYMQ_i$F}gEh|+46gp2O@~N4*HN~By-@bi2i>APT z01OOVV|Fz_eSCcEEsWA9Cl0F894}HM2JUY5%elPOPW-fn7i&`jDE*{ zPj-ByQMTFUaQJRK#aLN{}@60mb-XdXFO`> zr@oY>i>h6*yW2sJyMEXwx+h8tUw+ZE8Y?P>B5UygW#e%=3|%_nE8j`XTJuGLRA zwl0tB!ujpG^+@?fN`}-9O+7u66paNw3R7ui%CF-&bSJ8N>;zNHFEm=uA0D=KKef%s zN^%lo*oIS48)3pMqH58e`&o#sE%J$ZM?>dDYsnjZ>IfS+7M|$|ykCF}e)x;Zn+N{A zVX?U$-LBzs;=0y&j~hHXIs2~qsVXu${|zClc>YVMR=hxX;)4wLBN}?`_p2g)z2`lT z7Gj=EKNwFe%*!)$arx;mTh%#@9c-uTnQQ_~E;pa*23|^I=m>@qVg)(i)6?Z`ZUO5^ z!+^Lq9Od84Ra7B07Z-9Avox}u7hi>N;XyJl>Boe*g$O`;g!jdl`1z|!^Sp9Z*H$Vq z5Yqp0!2cjdAMhUqejfi(ly?B7-^;lT`FUHBo0}6&swxY@;>V5Luwu)?K1V*adP`Io z8I%`EE9jD^x^fD=jZwrelx;F`8O@J*SNSgRCI~PbNAhhiQeewqzsxu>Az?GNoQKP+ zQ$v1HKc*2rRa#jKpUP>YOA~jl0`2YE8IN$8whak6E^TW&%uU!Lj=`V@eX(^PCvgq0 zuC&pBTrs>4it^JKiNTo4R3uy$~>{Kc1 zyAV(`Pnv(QyX+E|LCx<}M!WKcJ>2#Xb0rm(Ds-^qT)}Xf5fhS0wm-DJ2MlTm`L{soyTgNj9k*Xq&zxJfs z%I`be?8dcCHVvO?X*s6zhWJ@nMj?gJ(}?ay+9fL&mx6jqu-kU27ek;_W264aXX0kH z!pzh}GthP0N;Z}X%;2oNwRN(bQh==oA-yInw6+>l+33Y#7GJ90y08nkt4J(Ze-$y> z_HOrh1xpGX9o=JuJ-T(sVe^*l&*Sy42UHs)`T^CJg6l5#$07JoARyq<0(k&_llMCB zBF89KFZazcZRJUZ9TbU*FrS6gu2+Lkfwl z28k>kHeHFTz8c(B{#G!P;dwh%m+067I;ImD-2N>QwxQnlRO&PZ+JtW}>vmk(M|X%~ z6qvghYP9xFUGk7aa2q3jf)HqMFs}L@p!)fK&G^VCThRJ>R{h=O=DrYU4*$9QO|^Aa z*!C0+aAP!-kya6lrt`}JkN6$4$C5V;)v(sbHgj>j{udM`auws4b#YOc{)#GEhe44t zc9_FTA)TP7>k>)dZ=^6CO`T-doJMujArr2;;M2e4B^RZ$Radiz=-&+tWHPMx2rmEH zh4anVvBB}=gneczPCfc-UsRMkx2fwXI;bddpI7iD9{s(i;C`b5%Yra<`3Y|Nm>)kl zg5!ssmmDHP6nD3{4_yA7;O(n2IQQjx2rUjcKtnxd)?8i+Zh;-hDF?w}`?Db&$Cxpl) zb4^La4?M0x!*CN^;qX}q%+w|!;favXnGNdD(5aF=(`%?_=4BrDR$CWYi9hJX8TdeI zVf{Q$q_E+;rJSRsW&Yx6X!HK8byi(!>PO%i4;qt1%$z)d?6XT<34>dFuXft!K>k;` zg&I~htnvc6&nZEdT@g^(^xL8N@86rx*6><*W@l%~sY&5QzLYrElm1sf7u}H=ZP!5v_oX2lA|J=Ec_AnNzR(R9Ad{cgN>Uo=GN*a9049|YU@qtnh@<_ixeoGc}UZuVP ze-i_H)yt4*xY_rTr1+HuH@(68pBv|JT@hS`Vf3uEL3|0Vut-R9Iv4D;d0%k4)s!2w zSYa0R_HE*N_Lo+=gyHEbeub*TQ=fYKrO!5Sm1S2iGCHrw=kRy4yOWR-w01_T(>IdogC1rZvl`bhHdhYked1H*7?N~;F#hCS8H(sM4Rgohg*?^&F zh#_gk3m}GMd=OVo_R%bx6Aw>E#?@(Mn=jWmPb;j4VV4gVg`s0}Tz7QqBPUSB%gQYe z9}_Hg*oxHWuKz%UMTvm}K~e5g1yEB-A)FMk{-bYJ9;tM`mnxT0y0)2gFV+jfK4!ZKe z4jRjAI{_&VyjWQ1x-&3DG>lLT{(UQ_Y=%*M7P6oHS6#DCt{hu-tSI8p#q+HsHK5EJ zjAZbVz$jYevF34jy1L9%^-0`Aj79`<`yu#Ii8%XG_BKolHf~l)$6Jq=%0^eZcK8^ zgG%M|&1wxQzRw^C<%9tbDk10c&O?mEaV!7J;GAECIU7Lnlcd-Vv*lTC|Cen9a>-6}HNEZN zYYqOcbYwtMj~)Z!|MHHH%&l&QTor`{vx~pyu%INJ^YP-aYCmvC>IXh$uZA9UZcl zt7~E(LC#b2wpiCEb)|YlbRLU4H>ddLGse4+<_4M&NiEFY?-@OKrZRU|;#FsM%h#!j zH08z+iEq==Om!$Pc5?L^95hrkytpVaB0}?x&_3)Mclzn{TSZ0Ga%8x+@KfO_*61%J zGy-VNIC6h?@5Jploan3J+qY(q&)s8cag>-BZOYrKIyRj&G};OgTgX7W1mHP;g6q4f zm*T#!Emg_eZHAlE0?#M2m{Nfcfp-^CM}8|y71(WUA!c{Wn1{laeDeNDisv4uh99&p zOq{t6USaY%Szz+wA-AkruT5Tmu69&e#aM?s$?^QL!hd)5vf+QN{)F2{-alUZWP$S< zq-`Q7^Z73#U&;6PEs(w<9r*sL;;nrev3?V2Z1s%VBojxjxXg_BRbpJ+hj6L&N^4un zvUQU>`o6XrV614;xr@J!iipB&)1EwVp*i8ukdYTq#bHTFdASw=op+z%LH1I&ZxJV` z`J-k`>5i|U5=hxLC^xfLqtnO9XqBW1^=)KPVW!nzc(Mca#yO77o$EBHbCZjeN{6Z1 zSm9|keQS(uym#b^MfRI@RDb^?r%>R{E!tlgNjA9vN7m+->)~lDIW5*b0qtUi5Ko1i z;+dM*kg{u3Juh#VDG@Zvk8Xl^n%yvi^z?$+qmXh`@MPD9D3dJ=IKo29;zN6Rg#qzAR0G{UGB*!a+h7 z-&-LaVa*I7NP$|$4k0xQd!d2%?9}@ka*djet2ZUVdSH@5x5JK>(>8#P)razBhufG3 z<9^U&=aR#n`O!-3Q(CzY>@kYb6Fo)z?}V0uD8;Ws5<#SVQaS}ACla4idK=qX$Zp`W zqTAdQBSzn9l~CeT4r*zBHQ_hWl!SN$IsTa@+J+pA5MMC{TVQEQSE)ohGqlR z;`hUXxoxTUr|zyBBXpM_2*CP*|B9x^yhD2h8c}to)bPH6DbiPsYe@D4bLmK1=jAsO z-7eC$S5|M0xX!8)pt1e&Yss_UUzR+lkYosM4Ox|K6Q!-khSSX#nV)a9Uf$gs#NJW=M}?H6czc9IJmB{EGZl#&f%2ly zk@;Sh8E+Fdxua96yio`jihAGIIVB~(azCf2_@EH{awE)5Pt)x_dNg?zid)I?p$7e4 zzdP)@vWgeK>vQjE-07j3Lo+wp`xm3$tN{SFnGZ6w2Cq2e9^$3!st`>umoH!58Sf&({A@Dsc3+1)A`rupN#(* z)q2sBet&9j|FJIDN~3yVfyS`iJAw}lD{%O)Z#m7OJ()n@#cHTz-$DDG~nDUY9%s!V~v@ROJ?`Rc}p^C%KTNZ6-WPjFhlbWOi`j zlGDRx^6s+)yE_|d)h_m0M#(>0(&FZ;XPB$PV=8+To7s|dF2rEqp(>xEc%(5n>?xvt z*Yl#k_-L7z)R`L%r6wdgRev-RqdRw(DY1IBp&kF0DZJ|5G%r=PFUmtTn8Q+z4es!9 zX+H~1S8gM`-!j{F-2*ow07pg$925bscB~JQT**2zW{Q(sl7YC>%qMkCWxZ_VY87ga z9Kw(H#h!7o1Jfg1T(V#Ad{HV1$x{zVrvv-(GNtU~tManl*6Y1f`KgGiYFDE-Hq?c! zXNV9N{cwgx?`G6JN$03$-+b~?acc2FFI=TgkH0q#zYbW*;~Av_yBvTZ8+UMz4m>Evy;xDNGNn0b?(OubIj*K-%{ z=}mR6A@}=KtnX@;!o*bX<$$FSlGCbP_WqD=-B&$xxsar6)4lnCi7iR#zq+5NHJBH) zu*7@+!Bo*gy%#7%eS2`^gYn}#W{2Cu+*e{R-HraIoL#9vkJo+mUR?bHrC1q$bi|WL zIoeE$nvq1zFjYLt2#X?oR3M zW`LnN=#7;e|F9esDo2)Tz0Vz77!tKj-_%L4=xU@DAh`j+lI1UhdkzwBqkM~1$AQq-5R<{Wr* znwhPWle;N5N!;OSwTTQyP|C42BKU~^V&8d zD+jSi8XqhD9#ENJF(p*qXZK^E=YL?JbF=v#`eN+d9qo5HnWqX^_r~p}@yT;-xpUIi zEP#H#Q1aWu^=8)zf5Pwe%ct|9Czm3nqQRD6Z3f(P$FqCz8e0@~F*3^j^Om;|a{g5x zco?2cRInnZP1DoF0~-u-EVco86E^`K-aZ$e~%)&n^S6 zL&|KgSNvwHFh@lw;pY7ItfPm6l10Ih$4|-zN~d50@{UvXrLLCR0JHUSTX+0_R`HDh zk`r>gWMTZrb+8LWL3qipn54Kbb^2~!j{35d=^^KGc~4z*LPUM^@_lu~G{z@lhGMMw zf) ziys!vvtv~fVq$X<5s{gt87mwd90Fp$>lTp*euH4un2kE99=xqEn&INBEW^!B!9+rlDp_yKv_(ET01=gMqf z6+f1t;=V$dqW1LC#GwN#2laS9N6`K%K`>6+^toaGsUJiVb>y*fe8q=7G_HmAQ^cYxoeL>Q#=nnK0bc9ZhZ)7GqL|3C3z{rFH5XqNHTZ} zfBhmV*DgwOf2f9lcmNrrv%$x-&;C{3n?;m1u5`lIU158ra}T#Qk-nd8&%vgqS~Y)% zFWX`9zK<8zkLiS$e@al0FrLX5wq$s)&^=j!@rK3-mE6)(l3_0Fse?VW{Wp-kxSV%G3SK4E(pydqVM}B5~?U zWN`sRpakUP)=Bzqks>#14>3w5S7WP>1zt}ft2I6kb(Cwnuq)`(X_?D*jpo7+)m*EC z1oK))&B#aqY<7`EQDI0oNYZt0_&QxVh}Lw{ML3U0sDtuuX+t78C*pZrWy(=`bxmEv zk4@8iU_5O7(ek3<(b17NS!Q9e_3GsDtZZ(}iZ_nn)5dLLmZpJHQ`)^d8ekmm3e_XU zG#tKG1SwG~6)C(^a_hTti#lUxVu~qg4zY;#GA6f*Kf+=@)VJ0xA$L8r{|m#j+3bxv zuLWBJ*7rlYdR?8hw01rUmh6wo$wZWr8ebBbE>+)3**=8@OPtk9*rKw)mCX4ZoMfkU6*{?4i0DDy<4ZPY(&N? zDtt4#&9CXAc*7@%q<#@bu=x{3o{upoF^0nKh*HQ=o&thg!6U1gSO>cg+4q!wJe*$? ze>xU6V?Yj%j~4)eS!7OfkaOjUpuEluereW8$Meih_ZPFywkm9`VjPJ{`ex%=lmJqs&G8K3%E?*c zM-PH(bJL*6L2TT&P7cK*#fqM+y*-?noOY0f(7FMV6kdFX0O-g7TKs2ViVJ1e-G?=Al_kz%gDS_pHo+_q-=J* zu^XliWa{HWxnN`Af2wejQZhA;x_tC_4M|4zsepOrJ+>Scj|69%C`%R=vup58x7a^fOw|{4aVo$pM6gjct{Q z+Df|*5WvE~df-z55AzN{F2UwGPwTTu?HV5^v$!*o_WMzU0DhgfoV_ve$XQ&FOB!0_ zs9YPZ7yM)IM%CMUvLMo>PuF#B*qrOIi}DeLMzF8G`g4OrP>FuqOqA%3mZ{f@8zC6> zHIW%`rkBa*t*f5H$hxUk7=ze8hU>CJb(#(aEv@D&XAcJoGt0|XFEA7o6l62HimR)q zD8MHw6z}fw*_ja3(IlcyS766}I<^&Ko@ZQtQPW4W9OA~Ow|cWW-p{EVCkcO13?I@w zZc=>LXgRB_pfu#mylkD4ve_>7tP6EQ5-KAFCfgFFL|8kmweGp^rwt|+AO0{Nk-*Bb zywMDZRqXu~Tre=4SwVeo^SIFX39U~X6+?F;hOM%MR`fMmr?0B(jL224?t&$cufAtR zP^c&>Iy`H3>~k5GPEkq~?%L+Oep5j71?}>z^5v6FB+0k6*!2ic%A|NGPAmR)zFyzV zhSHwoi{1=lB_)hdxScMH+&e^9>;_Syo%ddN{~1XCdJgtLSh?ZDv4!gCviy-$0tb&W z)d#-_{>vZzkDBs^j~6sFoWhvu%W8P8PKVOn*5M^Vb4#r)ONb|xv-({yX8;yI%5tX3 ziG!hWao${R59z>V+4t(aS**oyD1PbSkjN2v-VnNz!2v30xtRER1$Z`s^A1xA$NnWR z)ymV+Yx+_n^4P5}9L`5ik1XL-B&%n$SUb&N&*)DablV*tJ>MG%IZ6gaRk@jFn!wl- ztuBHd^qO2El>oTZ=W@dbi#EPu%j;vAXszRpCCv#|N^Co^RghvA{&_V9sD}d%zpf%aH`bFvi=Rc#)Ph1Ah zWHM4V#{9{M!rB5xb7PDYyBkml(pGRmbd_71!T6w z*-%kcK_DsPn+g6La!QfcnD{3v8E?^tVf8Cv?}PG?6Hy)YPmR-qR3pR!@*Sg{g7XCP zs#=9#Og#d&B%U?H@23-Yc$^Isy5pU2jR{+iNg%~5xN0Uvj!>9N8}y34Z&wLEJU%$C z?xTGA`f#6^MfKAyS2pA9yyF9ry#ifF01E7?@I7X|p_d_h#D%q0ah1#PEJfaaf$wtU z5A6cioqM`&dO=_oqo&L`r++H&YN(2>5zi^Y_Mn4DCamiXtOAtHS!EGBCR-jjz>?%S z8-8_~T%OZ!$j+VtxLnu+i@|rFN>D2si60CNyZNEJJPDJ|mreIo;84?1bADdEE=xu~ zVxDH;m|*>mj^=-RDCxrvH@qsos$?tu-#F4QpXK{f$X69r{O@7+uj&wo9<-u znt4{=+PdQL_VyjM;(CvqW;heU;D(mm*c!uJRw67@M$$8?eWg7?E1|?@3(WHvW^h9T zMbUe28aOl}(f>}SOikuYv{rKe-Tcsxet_!|^xN{H#TVMJ%c_#0*f9`lcpN=srg!x< z4u5BawFTU&lp;97Yompw+SpZD)#u)F2oEu}*d<#U1IZv(Nl{H-h+broudunDM!|N2 zUn7yt)t%6jK)X6Cyw7m6WD?F^MU$-rwfL&XW~RjUi#?Q4Qopvtn&2dK=jKvZ=Hul> zV15=b5ewSY%6%_3saJ(%6;ifWFl|VdaEOE5pAhBx^ysR0y)_UY%jD4v^-&Zb5HQd+ zmZck_?o_DzMuI4~OM}-Mp(pzOj()2>?D`TX1wqIE(&2j*8S)H`XrZu4xEZT(xLT#j zdU`y%fZZrVAka9bIdh3tm{AHv8SU@C5^+hfa9>`)|KaCYKGwr^jnA6O-vcS>qZm%7 zt;NTiArGsabNMZUcd*OTO-{8-^P&{<2dKsE!7p^z)jw!e8f`!IfJx+TDuo-)!WJuQOv)nt9jod^g_|;=H48-Q$ z^JoA$VwH>(PomY5L4-`+Mb7(NKm>tTcjR$ZPbT_MJy~Kvb0sa^!rH-3(u!n+*%zZ5 zs~S5K3~>`PAHo&f#g{cRG6a#l?Rq=+*pVn<4)K98g> zm?i3(S;)6TQH&*aMm5UCVuw94%u()DJ01DMfP#xADX25*VdD+0B04(#oY=#88{k0V zJ$!9Y@`Iu7ARH~CjUqP9dB!(%LhTS^*u@P?pDSjev8HDFxKFQ{wp@%8@suLs2$-u7 zn*rV+^8j#K;e{l|f)xLTnwp;NJAkcVJ1_T9C(NFYmq(lBz_t_e=@2#uo1C0H5}KR5 zX?7gDX0ViDUA?IBsdO{V+T1UjE!92387+<5t%W6K{J{Xl>%iP(dNgx+1|Yo1@BRX3S)JM}0RX0=9scR0jWs9K1IMn; zPEDB!l|QlO`Z8*XIjr}v1~%9pcP8me7+cjrb3G0#`W9~~8{s@wMQs3St_AFFwl(bG zGbHvoxbCaPRmzb%Tor@X4ZRRQLpvh z`E!Ls!x*}{XqLxl$i1MUl)Qt{x42{BN3F2bW)yiEhafoWez4v>P zkiN(EXEO}5iPxx*a=T7r!X`x(-4HpWl}SHmJY?b#o*6**9XlYzjQe1iYEb}PiAtDC zF9YY5@3?~k*%3v@ivBo9{=c9tMMR>I4^cgzc^3*rABd&K6{~HRJh}7=-CwEP5Z1{S zOZu2f-lNZ}9WJ_dAQCPtRgG2y?UZM+{0sh7O^;|3x?UxaWX=a|yq%ZIu0ewxJ>F&` z19a<-9tP>Tm8cePYbFGc&=&g>slOOrd4zI4L#`Gmff*)#D<9kQVKSjV;_a8fQ}E%_ zP|JJ1BrEZS9aVk`np$`S_rSmmIm7H8Sx1>j~M~8bw4&BfCkWEs3_LY3co~!UjQ4aUi zPB+RN4>9AuxBOLDc){ZwbA}iWf8~j_qb2 zWU!;h*iO9hHrv7&b{mj6p{UoI1&S&PN|#XYW}Hcm3kC5_{pNM&qfYBb`NjpSlSBeb&%FPHiO-TJdR$7o$Si4V4~ha|Ma zd#pGfl)~v;u&Sx2v7y>|NQ$m+A4Y9oZ_UCYnI`V!e$$|zrw>#~0f}!wQnAKkC#RCM`3NEtzr`~KB!9jJ)z4kd9;~u^F;EzG9qdPXAi7W zyqp*g`cI-w34q6?HES1G@pPz>L7h?bGj$g@6DKnzrr}a9K*2B7k9&-}_CiMh)aT~J z3MB%^qlj)WSuUayFOMXcCj>{}=dmjYVPGZVIqEyV>_fp#h>pg>&AzfpLnY)^sLW+gkVBIY1QMm^`L%gplk5%m2KxH8?_k zFd&V%vzDH+wYH9=JlD(Iyj<2ozK?qEt}ekPSYP@ixbo}2xI;LhzPQJQ{3g$r`5QO* zq!jyYMCsS!=5!s{K48AW+GN~X2x@)mKrV+`MNo1HPB^Y?@byfZp@71R-X|lGqaUo> zljRsOcIM^lwieAHT);p&&bD-ux$%ae^6TpabK$FV>|tj3vGZh{mgb~= z*Lk+uo^#J_x5RP`3iXqU6E6AglSkO&1#(hZJo;Cin@T0UD)RB}VzwA}s%JPu9Gsnr zyIy5lQvy~}?NnAty92IM{i=FcL97D7Ug04T`NgG2Dp18w!^0A86jJYGb8PW^JGACZ z2X$uzUdH}-r0{y7z<02#r3F^e;*YY6uu6N$eJBYYF>o_!6L>U?{T@`bon9VTw$6{# zO8J+Rul$J%!k_$X7E}7JW0x`9ElO-19#I$*f}xK!jRmw!e|3|f?NHbHkdtHA7q_{a z<|}LiPWWv$&}d598g8{unl$*_+w8N&{~*i$1tI~mud`3$Z(H;JN)`HpmJwd8;h9(9=;sO5mo*0M543yfoT9~fGW60jU*Xs|$6k02X zo(z|rcb%Fury5aw)+<{%$(7s*bqOt~p^fDH8Z$jkGZDjizeRKaoWbGyYKMndn0|2p zXJYImJbD?{w&NW1Dv{ zpP@;}@KNwNCSHd)R2I_9m3c7ibH5L5WkWi_bn@R%BR*RC`e8KNEI$S!bFtm=`sO}T z;(E<;0IbV(A-iLY%O{ZXE%{#L zPcR=!GkyomruvuQKM_SFdO!GvIV97kY0E!Sz&{$G|Jh9dp8I(N`{|6@-+l!w3kdT1 z^`*I6bNfH0{NsZDD@8a2L`Kb&L70DhhPMchs?TXNM_^zOIXuCBA|wcHP~ zO&kozSj6N5qrvB=8m}H=50e)DN%02W2YC0d&W9uO$M`>9*V6z{<#`d{6Pxtpe=f23 zY~D`oUaxI>O`Wn8!B)LwFK}bEN-9dp5E+8i_rS2c98$W8!S|S9i&T5#N?fr8SEB|FV>JascQM(w!6kH>An-8{9VTwk^<%zbdj6GmNKKsTpnYC@HL) z4ccsXXAla(qBKn7v#xFvK23g2_X^PIVMM%VVOjj*RWHg$e{G;5Tt4V?a?`)Sj@HoM zFK20KTlMoGBT=Zq>H-v#z@JvWQ6Hw^+Biy~DbdkPffcDL{L1KWPK6 zAfWDq8g&#}j-sW<9NFR_R9shwj71W0a%x{JvMf?h_Z$oE#c>7ZiniK6M6Ce-Ee1~1 zp?Es(j}>?!{@m~P5^9QDues^m;k=_2Waj19u&|2#Nz*w%zO~Vb8a0P5jpw5*c#F6A z%O- zRXqa4HsXlv*c0pn%XIk~7UjqAwY$a(d3kkrcTNUdH7r@4EChryR)LWTS~OgDw%T0V zo9GXfTZG@&(t2;Uo9UHVqEj=Gno5#E$Ycl)gQ71wJ3Z{qV?qx1<}B@LH-&BLlbA7a z#D!y|?NmZWL^hcTM}dYGNx$2atm;_jX&^{2c{#f`h;`jvPL}M%J@LCw3qRpAiU-vn z4_=sMs1SEHz4?&xw(;@tzrZS<>5psk>#Fl15D+-?8k0FhP-S4uN9#r)h2pHy`wQ|c z@e=X9=#T|Z4RXH<5&;;;K7w?D4YKw=N zVF#M6WEbXBasdt1d&yc5D=Q%69;;u!j;vjd(EwHTE^vL-t4?ckiYIp*u5ei_^D$qf z4v~!rJx^>myi5C*X_zY$vnBPyPtoD06U8*=>C+557CmrEak4jT{CiM z6`(6tWDuFU0em!s*|+ZMGF8i3QwrvvXWv7`Vq-!P-EL!cgpSCT_^yZDuKL7QOf30| z>rQVGLvNNKMqD~@2~ikp>R(|XRa1>G1w7n5b7AzO74`M}uv-?fiiAU}A(>Zp5}y96 zy+4dOjRNfslJS5;-O#hU^xb-N<`mjyJ{Uie-m51v5Cm z&7O6@%lvl0bp|~E~W~9djBNM8X)Pn=EHcfSPGdxdu z!Q|*r6LPCJF((7YcH6{!7bYg6`H5Da)=@ zHX{ANTZ(Qqgt(f=(y_)9g;z56lukImVSR^9;N6^LPM*ocMrEGEuk zl(DdZIltQ|Tj$q8MSv`Jt_XG=Z3%wdN%Q1bWeS(6_0!*ha>*ZRPT(D@g3 zMw92XgAjmuSOYeOtp6gk1I8I8#a3y$p5w1s6$n|pi7QK{ck~@n^y4wbQxg)5hZ0$8 zHcEO}wLGYIBu)n&)vtooqC0PB2|c^R!^4Y9N=Bd{DW0MI!b}^0Y<+f)PT0Byqoed$ zva%cei$Z&8KXdrgMYUg0yC2MFd}O7==XQpd+pc$W_Iy!QbN9%_*?Dod72Kl4z}(3% zZ_SwFM?5Q!?dADs;iaMQoLZ+}M~~ySRjf<+eoWg??HY z;+>r26hY(TBaE%%(K+9FE{JK(ewIF7Zww&$!G(eb|(5sUGI#n2v z%z8HBN)@_l3%SP?I0Hllxn8TUsK9J?jF>IfZCX088_65siv1!o(AWETc5ddWDWGzg z`~N5Qd~-iYRLN=n~tg!+~mvPIsRyyz!q;bP_bX2EIOiU!{FzY6j zg_e_7z?TQpE`tCp@QOuR6D`N5P&s4gIS)B!RNT3#*i#Vz(a-VBdM=qTE@pC@R{{zw z@|o%RX`j~VZCa>FmJF@MH=2k_mlqT7vyimCraw|Tjt}>b5_5gg*7eGWBuxVCraNZJ zLg?t|?rzWgr}Z0D4c{>euM27^SGxKa zin4hpM0vfeZ`jVw%)>uAY>KuK`fR-vf*m@xu%Svvz8m_#UI3`#S&QBmWic5UiKwlG z;>=vn({N@Ly;@wBEnvf@qIGRg=es^ryP%=O5!O{=!=tpccj!gQ9gCA(jwME! z48?uocF>jOz1YTg$$dz2YG+FCl+F_d6-`7bRI4E~r59$afW}bxAQ3{>_Pt*|obT?_ zC|mN{exj^V<~h3xKyvlW5uo=wf!6r@hmBUZX3x;tH(UXeUB7@Tu(&Ca%tG!>10DD# zzSlv`&u7ljen#+fZxU2 zwIeC#<2Dx}wKsL2=yJ4ueEMvyfB}E3#!okWO+b@Dc*7z5toBzEE>0XwXIRf=KcwWR zMH4#UOzZMX|RB@Bym&H=GrOf06Ewb zQ#GUJ3dNWy==^NEY%%(2GlW9=_OME2arydw1<*2vxZ~>da(=2Rv&{lJmvPH?U!Pp& z<#D_Qq$$r@*$2NdrlkPWZhy4h9{HRJ5{bBX9^#fbdAPM%q4QIQ`YfA{%Q@<*>e-A5 zpC>##mI?`1^5dV`pLGKybb#1kGNf121Z|zvDAlnU(rC6Rqcuv}IA$Z-oMaP5r_S7X z9-9+O6FXk#xRV~pF*EOZ;=Y%StQ%gHh4&ps#pZLqxcCqv5tEZ{Ue=(04v)2D`j-#4 zYeH;G#H$@1#gAS++k~{0PBlX-xm10oBZ6pWbv-tBcaeKTU92$1aJEdJ1|WxIqec=0Q<@|&%GS-)8}@~Y<(5kYs3wqyK^>^2N>HSltAIhGEz z%V0U0XPX#HDw{c*{;37n-wH$mpn1y z4wpr2#y0O|d6f11Q9%rxUS_;SaSL-{Grv6p89_%8UYZBjFFRVHyEJX0ay-kXT?1Jl zjX%KLf0bfHl>ld3*tk#w{?B@xR@OHzh7+Al&!6xIS2~JM=L&m}wbl*s_A$yK>Cky` z0Ha0j%LXI^oYk3E$uR4g~8H6Oh$ zV?C`N1?<|Z3sXve{tQ&qHK*M)Y7q%nx7vXixeg|nyWF4BgEKNhyPe$T+9<8e&BLHa z3JrbSZOnKbOTUsIK<@j%Sd-$MylypY)#0lKjx`Gy;9Dw{@(w>an5qZb>g7Js8MFn4Z zn-L~M3NAI9?Au!P7fCiNR!3&8qTOr|BUpsY$mnP<#Sou|yvfR#NK(pGnio``PH#8% zriXVR@?lf>eQ|Kmp%#OxY*fT`&14uz9#s17D&^WP)2+1J?j@KulCQU4#4p9Y0qJ>? zYD2_Xsf@)glGH8G2|DA)w6>4zH7u=1X3O2swx!=m=}f#nIS&jR4+Ucda?`psnB5T1 z;!|__Cp~;gJ4)so6@ztjo}PwmLiXlBq}i?kh&1dxTWj-;`YvZ> zTr2w_kdLkgh+Z{FDfyeRbUrqQg?8r|n2=b?>tChJ$_kJ=QujS_MsfxnnYP^vNX?a= zx-dc<92~5s5Ad%ZC_Vdn&KTtug|9ETsF|9Yy@2xKY3sd3C02wl;2Tzl-s72Pacr?* zEjuRId)y4s6MD!~zt_8>o_uXzeI4==wt>zjV*yDCmGWMAgw15Rkr;-{UPXfnZ;TDA z8PRidggS)j>1UPSw(Mp&M-{dlcU&r&Wm&)1^1%eTn|GkgZMF=Wa0G$buVp_yLvDtj zZ^DYJUhd;K(L~sx*Ru7Dp+3~NQ=C~^O*-=-&#~jP(lYrNy0zWfxa3%eGu~6yQu~|o zMgItkovMQPaLqy#!}ZhHikt7e^G8#Uk){2XYd!8<)ug2@rXhzO#PSY5xQ@B|w=d`d ziBNd?QBh;wzeEu+2zb{{^unfosMZ)?q4w2hYnjv)59rZoTdVUIQ4op{+(d6gFlo6!Q zi8+Z^v718+Feg^=7f8o+vA4R558;# zwwQ71E$55ypATiCXL2K`kw!02?WGLUN+r>Wo9!RIjuQEQAd{duAgN{uoe8QBe9>LV z{zmoysFI#v=2EtN{1sW0hnDbOY4gQ1q>6oc&0@ds2XUn&^jLfXf}fV@GW}m6dNGUP z;oDbjEnPVuCMUVJ0qX?bardL9(j>=G(J>lxYT?hHKjrC95=tiO6&qbrLK|fdc(#uP zOtaol-u{+l>EXU>CmLs)cn2a2{auZ+txb(q6#VcOYwNmNepTys;M&_5f-Wg%W|exCcQ(T3)4sL(aQ&czrXX+fAw|4=c6!?E6GRgrJSl8nV^K@HMC8A*v9zp$ zz1`aT5rwfS{o&0V^(P{nqTLMFRw^|Toc_?`9pf8|sz&_gRoBUpv+1(?Dj9q% zEsu`DgLTu)m|tbhy=o4$KZz*wB=xQ*1abT66+~01rUe3cTovRAJ_Q0%fQBHF$=2Nj zqj}!_lcF+-xV^Zh=G`Cx^S6oHuT~i=d0QV8kTDuQz1PZ7omeBai6de|jQAPRS5nk)R>D5!QjBaSK9Sv4brIebop{=QKW1buU@@^WFRHq2QSI`Fu!{H{BMuP zcfQZ(#IoK%!~YB@>}R2G%9v9%X-N5OVsbi-+)l8fEx3(*^YZfgZ7IP0QUplw*@*in z*(d^^v_G2f`%@Rj#m6Zn_Dc210rVxb4HUqC8y`0q+xYXxJYHU2xkQTROKK{rLqR>=sn{ZBG`}iya z7#touSJuCyp($?A1A$qU7< zSR5}MU#J=%CI4iqHk&PDv3>9p?cF=2Izn6$Qj1G%*Zpa(iTC=T4gCF_Umvf!N@(s# z4?&;}#i`k8jh|~{vFsVSBTAQar{l;IVY$}La=xZtzj8d`j4Y0?1ScDif|5!H)dw!QrT8cF4q1V<_6^UftXp0$6-XDO6m$ENt=oPr$F)B2dM-yTeT8 zN4jdvWi2r+h>;H%vfgt}^h4ryU2n8kzZD^GJ98xpQ?)n7}b7_H@rIyW2)H5mz16hEfq+M|7NZFtA=Ubfvd`y zOm$*@nh|zjX`%*WnEA26jbC9_r{1&REfVEae_nZhA-1YsJeHkJJ+E3JD}Rpmnvp}5 z$?{izOWo(Q$ttUsWoGwYzTc89_8*xB@tZx7m% z;T|tmy>%RTa)61^Ki&pin*3tZ+$SuEZJMNur*3|_?*^S6qK^$qzsaZ`{zy`@nA=(Y zHaD^F!n0sdtGMlR*+i3SzDcP3P-Q30XIa9WIu+PbiTO9NqVZ9MMAoVw2Jz`k#*j4n*`B-Tc#aq{SHDkJ}%nH<6q*^YU(t)Q z@vD;;;CV}=#manmb$*Nc2caB25qb*>M*WKVT4`%CpAW>6t9lLdaTQfKz6N3i|J z*H#XjW-8SW!mBwxO^qj=&u0iJs_e6M4~3lNc}VJeW|(_h3_TfcWU@#?m_JU}EY!yT zToSSUb`ydiw^seyca@XVoEk;qG`XMa8TA5h8O!AaVP^NPP{EmbXNmp^S(Hcyh*se9|* zpl04sz!w#YqUq=S7G*^fFuekJ?J#B*t*1VWbTC<| zntB?kseM$Yr+f9O$!xN8nwM;T|K!w~a$}-*y9;ynmckWE2$Eg}k7|v%j+khgeRyMB zIlIM&z_LO8hr;RTcuWoEPPq^~b1lVMZr7rUE8$vxdc=AhqH)5R78c~Sn3e3^ z-ricMg;FjF8Iy&-(exT?S}ZMxPiyc$9Uk11Q)<)UEi*pG<9$!KflnDR-a@b#vQoB) zS=v==>qRDM4_PByAPX7RuwPkSWm~;nsY8T}DgTU+?RE$*D3h^=4%CgQi$5A!VISDo z&)2VpQ1rDz1y-#^)-}X_j5GxFxtG`qi7qC)hH4>0=pr5J`j@neju(;j{Oz(Je!II7 z7@LT$at2fOTjkK{CAvQ^5O9r7WS`@;Ki+(BQ~4vIu!}=cv>g02t>L2zZN)sa=E*yT z_@1tmia}_ z8RK7HY}|^fhT@v+s7cUdO=;<2$^Ws8M}1U`tiorvul1=H?_2oCFkQ?-y}~i95*#&PZC$5-vV$<-UgqP|K_NAg%FG3vw%2K!owTZ`d;nZ z?Ne}GYqp+@Y~L$p=0hT>Jde|gIKg`F_wQpOP2CrMZFW&DIoOF@?~S)E_iqO*p0;e1 z)a?_Aui7^pkuPc3>X!uu2g-xN^>1?|Hz|W!e{Jpikz|zkizXx7 z@n7od>P(E%(a34-myraR6OH^~f~|;^ggqjdDKkqG%%}FJFL7|Ffy9JPbewQhNkwHb z`8TB~Q5MXr9z}bq&rJuS$0Z_?KP#~5TILLCfZ2R@iC#c1m9;+>>hI;qRU=F!bKvdA zHFjpF0JcJfB<6VP?dgRXi;bltc;}_7W!`bqnKFCr zb&|wQg?6`53RHB=_)~j~uURau=j|fF0wj3CFtO?N!y2;E71Ah>JbAw8LOcJGtSMe`ysyL5frpAn#-ke zGB%cq9!LjcsQLk$Yk{*&F=ilvDE1JoyA{}YE|7k~4+R*#BIq8Kz6qQ>80=YA@@+ymZ^zCj{PFv=cw2YLJlaQ#*3tK;|Qv?Si zS>I!qnmH==h1q{Mh}eU7AOU(;Q5YCl+LZO0Q_=}+2j8tjZBSOqf3r8-K2XLeXy`Ic zU)H!#fO_heTz(@*`Dx0_|Mc7|6QkM9s8c&gBT@3s%@B-iZZ#UgccD~O9p~iWFa)*N zF!zPPWu8t=<#qS=Dj2F3jffAk<-O~xs@g3a8`1Mdc@fjyZH(KnG9T)^>)vc^x7PD) zSV_o+jglW?PFqQe*f&ma*Uc-+P){*yXw%?0p?re%_kKc*?<&rBxT_}FLDD}?KtEgs zxbdQ!r}j056f(-Vuwa>Q%Ao}roT!NFTb>`>Ex7IUZ5w31EB}g+NXVrvp~}O~Mt7SR z`)#|3!Ni*ODfN}0;6fg&@j(JwS@_Qf7g0{mg+RK6U@1#0n}od|L}6dUs_-Vg9v9?!#5Gj`W)CdU6t zYhq&JH8r*BPo_bo9U0f(0G0 zxIf-!A3Z*by4f66Ra#!N4k)T5-Sr|Vk&{!iEbI1SUgH#drFf>}FVnlsqzkkd+DIO6 zZu{=+Ab}|G@QT~QP}5w&+6MCaC?^MGUng$U;?v4j$LTCjm+0wwkLJaXL8OkTj<}14 z+3R!X`{Zvo=m*ta`b9Qjy9|r+&m)Qkl z8=&oRZHb@r{&9$`fpL>n*GaL7US)!h%z4k)`S}sPfR(RC6{p^r&rhEXFI=iM*=FPw z_-KHF4TqYU5NAj~&9e??vL_m?oYwvI*iz9z-(*1zp5lh@FweK$sc-`(bM z@+`i-&gXzjEk@s|%F|5_%hVzbK-ggosXH@v1;} z(fV7~!##amQW`zfeb#xRaD$tLN0-9qUUk0OEq8DQp$ln0I8;$;ILa*0e*B*Ec4^gX zMNP{GBJ@N}nC|1J6W9Ys3`HZLZUokca@Cn zs?#LQ#K7R~ZQlN^>~=l|St%+7eN6i9-`}a86)Fo?M%W;9lJT|z%!R9!`yEF0XX}_f-D73~Ba0h

swmeL~>N8~kT7aIopk zt&u-|);>TBH;%Z@&lSeOuQC2>19f9cXfw8Go#my*&2?Pufo!GFmIkq6y|hH0o~7V; zOiZhr+pU^*!|DWA+4zT^(9xi`8GL0@1Z;XV#QVf_L4db8)#qB98IXcWeu04A``Y)T zBBuF=OSg@}4;S$SAJfv}0m)>G1x^x1>fO!0X=a>|sB=iMj$7;DO#fU6$RodJ; z0Z)iefZ7X-L9@zp&~u!}Po;C8ld?B5iaSfKkTb5Xv0i*Lk$py_IuT0HbMsqFO~%wR zk3A>Vw)IiOp%v{Qap%i?1*oYug)=P}%$v_n>w9!dHYNt<4dslEaN5B$X4iB2@pGZ@ ztnK5jQ?N)p=5pq5fz_oCwi0||ZF9kwcaSo<&z4oj#yiQ~N-F<{v9FG*YX9~X1O-$Y z>DqLMgn)!}mo#ipLh0^Cx*KT(Hr?GI(x4!@=}o6}Y?`+`_r7s|oOA9Q?;plyt<7Sr zZ_PPB^D{ql1h8g8&jQLa^lZwVlS2ykEM9^g*Q?P|OaSv#Ss&WVCg{NUgMa#v&1n(+K4eoRD zKCt$)am}En%;v8=AFU35$-+?-e%i-YL|s1NI2vO^nwoRjQ#X=K-|Jl}J2&Q*M;nZ# z5Hay1WPhP@ndY*f!du&&JL6RV(M~h6N)qN6Q&JX9Afws+X@PLR&HaHl-{x-zmNM40 zS+~t{uI=#tW#kk5WZRyL^7eE0fr&!c#s;mMES38xdH0?d9A*L6EsN~{4t)L~nai3? z@+l|35usfYoL|ydBtC6HSm`O+ITdQH@E zji+jmI0bVZLsOuxAG(6Ng#Uhkiy(SS`Z9dI{q1+`{NGdhU%|i<1haC%uW!W-tjLSVE)!o7hWl(BIN3kw% z=!B`DdJbiI;?@>6uV%vg2m82F@kd+axF;Q~t;?AW+C_76a*ap!!AUy=7Lc5;tZUH1 z{PbS;rizaCt}!_yuo_Mwe-d&kKjG(>$GEqmH&2kCrhGdwy_#21=!^guH>~wMkGT^$ z(V~nZ)gf8sP^X}(sDsS5mi6z?*y^1^a&wIU8qZG+{OvC)S5Ker5s%rJo9iSo>oEJ= zc47>LEHdRJ)NqH*G&aVjx~DMV*tI$?gNUC6EYEAH>lw|l5C~(65#`ETh@Zb*Joriq zXY?kwL3EXrhDS8*-#ww&pbX>S-D}!5N}u9}aPU5MM5j{VQst%Ud9|akP15DE^!ucj zd%72lgz{&LH^su4F7=1?4w;)KSVC+sez!oY7~*Hc zi5tb#!_U-`eqX=ybVC!+*e!G0N`G6H1fTwVe0y6Dh&1o9Gc z2)1(s_yyFXkj=x^MYW4S&RLQjAfjsB+>g8^5eiU#J0cZSw`U)Mnzf=`#f8BO;IT55 z)R0Q6iGJ`YPBDYCfsa+N<@`mQ%m&-ts-|&GzHQL^AU*GuBD&JsiCRa((b}ItFGj$H zvb4Ao9khZ~DcFaF8GBml0d4Nr$Fo|&?T2|SkitqWfV1huY=@0cZWG&8_>6<}s}Z6B z`?m`UXjSB@^b0{QF30z!f`VgTje1;_pTgC^V5{vQm{*s_`oZ1ZGftm7&+(IHME2A% z=jVL)Bua=iaSNF=nO{X+sF`!>F@77B0qG17_|+H}73j4{-oCfO+5EynQBiwruiF^N z=iN9b7oKZUzAI~7^7QM-9C+$sk1-)BX;K@&z90?U)#-|FX009gAc*+($G?OgFeCzm z->{J{E>aJ|lD-UI+6MK|G{$(ZYZ}lQ^FZqkYYJ-Um%>A7KKQ)csbwV*YvkQoY0Olf?W|*(pd;ezaQgJPBkRL^zgnV@3MgC#AWBz;V?cbG7A#!p<%ww)T>)vuB;XHs~6AR1fOsZ&e zQIkqceRElv`uV{eU5TUTvzN@AP2qNYo{}b_5}BHPD^Yle4TXhTq93W!DDgVcO|;f+ zW9-`wI`79Pro;E*Q&LRK>Z=y*ze>K!{q>Y6X!Tku3n#}NL;Qo%T)KS#JIJj-{ula- z=Ud?~yoQ_G;#XC5-!b%@46fZg)7ZUygwq;=ZEaatR|rd=_w*Qj#L(r>HRxhmXaGgC z=3q#V*L`or!!xzr#%I>`$r0Ts>fan1UcX1T#Ge_VeS{|E;8$NN>YyUCX8Lq-cz?+8J>;!v8h zl0{ayHA`&5G(DlU4%;f}F87t@IEUQVG6#z|^<0}+Lqc+C`2-a3WBj<%l9Hhu<9BiI zAocAUIk`D3gLtvcAptD!M$wvd@>D7=Mx09n!&Wh~FbljGp_rq(F$NSWsXEQY&4Ung zd)4Z*V4)qN9blJU)!wG6(gc9kuxkr}%I`brV-+JqI7g+bQ?s^37sgTQ;yI$VXK~2;A z(#}CHzAiWfj56Qa>bd=UCqX8$e@WmCr{!wT9V80ND0qH<0%ddLc43nxj*y{%gI4@b z=z9KDk~I+&9sLE-;}8dwbA2$|OZc<;n79~!=Dw^)cLE#%Y*PrC;k_9O{!yQTnxZi> zWwf*c&{i1Id>UD0H~BU;`uj1z2Rgmjb)|~~=YB45Y-iTDPb%LN_*ygypF8Pu|Neof zEXwUw9@`6wNvG{W zu@o~@l!3(MwycC$FE=8rbP8R%rzW=tD8ZZ!F+ATb7s?s}V@)B(U@QV)hhN6{(mUM|Ag^ z>X@-$nsYQSERKGJ=C;*NaLJ`aa0gIPQPK3`7+Hb#UR^1w+qIlu)*T-wec3c7glGZs zZv!8t*Oc)rL(r^8O@}ZOEw*Pj0tRQi60gbZ)M?v|bkK`fBj;=nD=KwkyR zMC!zDF~)TYdrF9%m4EqeSk)@|@)5>aQoZ&8#xYUflP6a!EVfykBGl|_Bmum=L?xdu ztNO@Q+(>zNHT1^Iwo51jI@z_}p&5Ct)$^Eqg$9=p1RzOGu&-Ar#N!-49hoX&7(4Q0 zcTuj4L~IJT+VnTQz*?B9D>w^$q!;YuV~1|&VrV#@Y2@sjNllZtRiDoaz;srMX+WQXg)>gg;u;*(PBnrQ_l~8fnP1J=cCl4_r z8db~>{JLB(P9r{LM$}m+WqWlbh4yBJ&@FS;y}uHcJJr!V7u9&H28wg(-KA#!Y%5_m z^%%Xn-=H5Xt&D4#E3%c-c)jl&Q0^b*eDv1X#8oRf6RpyHI@nSyAVKrmUtY}JOxH&} zI+wy8+oDL6KiA3=Q4P(Ad=s-SoTG1xsBG);c2>Mvb9>{y+f3z$wld_1suewV+0;Lw z5jNyH1kpKH*lw65#L^jVM>ZGZLq9F)SnJVVRW*9$Vgf>X-5co9`&tF#JC@4Cbp37} z3*5ay$(!5#0m%zzcaIu4Ahuk-dj)U zjzLCT{>HI&m;>fhxMgrbGAv_dbXB1N`}~C6rDGPjs06!OB-3cR{+=TE&)0wW`E?WEM0wg@*0?-)-k|`Z;#z4w zWK!S+>^}vUOevrG@}%MK@ABUvOa_$*!p(4%vD||*)wUN01r?R!31%y1rxbQuzt)>< z3ur2h&}tFZe`X5)<8!M6FkdjfB+JkT>vvcS5wq>>+qbIf?^s?;s-p*2D#unGb#V@` zWYY1aXz%!7(RtpW_2QMTqMf=L+uN%K)@ll@es1cEeyuBnjnIne7Yz;P>;I<%DT3G+ z4P;J^08;jYH(QFJ_^LRxX7f(2#`D6TJg&MLnUjZy7J%}xv2(De3q<-svW=~t(Qod$ zSFwq4Jmv$EWz6t8G8Vw9;}i69vYT?YwjpPmkfL)!0$!P=*Vx}Y(^50z20~F$Upx~q zG(TN^jl`qyz-Rq4a<)&fP~Q0OCpO4Fymc6blZ+KDI~6sI-n5n@w{~;F7T4bH9a)Q~ z-Rc_p938#?*RQYMK^sDXf(!Pe5+%kx)p%p$b5wqQ!}rX9gnvC2-t!MZUYZj*7{6Pb zVg!gbZRZ7pb-T_A{f)A-v&ZsRn|H!W)`DS|?bNi?DapNdaH0mA2H+fmwZrU;Ee|6= zzD?YD+rt1~#CWll^9aeEnVUbVh1`H5SQ4eh>2OciGn#xa-6PV*3r^7SU?~4uAvf`l zsC;ivnvTmKhQ3JHC^5&WjF($d)*QFGO*ni%Td@cI=*hD1HF;|l5 zsoQ62DsBZ371dcY);5$!R7?yahwK!fA0HRTNw=#=A@95%jD#79jcQVvbKQ8pT<24fLJNkdTc92?=S3S3d-$ z8pTD=U+5_3ad{`t&IVG zjTk}w0`Ow)0D+MO(-TF~Bf z6nMx>;g7P3NJ@p-5ONjmA1ABWaMS5n)o?{%KHlT8kSIx3&n@y z*{xa(e2Br|J=(a{m3NjGDzT$uGc(p!VgwG>9T^3K7Jnbwr3qT#7&aFsk9wHXRD6bL zJ^L{P9E+7QMK1<1%Tzlm4z*^%9+jCRp{L5tMd@`CVl-cH2LxBDj7?02?iYQsWar^S z>lWoP*WQ=Unp8V%nzui0@9!ra9@?e|cgVM2DH+7x+#qTL9{F<&3^^a4EL{ANcng?Q z+u3%;(cl=(kg-UvJAUzNA^3bEV?e_|557K#ckxt+kc6Pt6qd*6-vPfpkku(h+bSuK zjfz5#pA5MROt`zl==gK~5vja!(s}a~{dj`PHv}vW14?7$K59gv%_z#qDysMqGcABg zv2nub;RG`^*W76ynAIVQ!M_v~WuP$esL*+>@Sy0Vg%+3O3l{ohI;t+Qmp{{D(h9Mg zdb;;p3Ct@9($x^w24O+#3WlT-uVS&j8P#Ej_E%myhIB6#_bEEjIj)Q zaBtWYQ7SCv3^hHYgtGzby-I9|v8Ub1lRx-8Agd`eJUoT6gqWzEVGr}~h~;MV#cI1Q zxjsm&v&c#`PW;5H2e*!IdEf4KB6<1k=RsoQ^y~QgMD^=+pSw-E)c8xRpn$h#;4v?~m`uLC$>^y2khIf=M|fW`nvqsa%6zdOJJCXFWlbGD<_W zg^PoO_GXraiS!xKc6O*&#L|-|{?%4<9~szuz`1TxrMEyoz_$T5ZTbd4e-mn?MJ#Jyds;!>u6pN}KxEYL!i?4O%Fg8S>lTqlIF)yx7=K5$`;6wSy>V{ScrYOkJV@ zHdnQ5kX%JK#ibS}$f4}G`&prFe2A^Ece7KkX?$6YH}$brw(>pr(`zagF@ROQKC_uQ zT08P=UGSh?2GHFkX5q)ic9)*}#$OsjAvrKG9P0|!t*fe1$)$_!cJBpo*bU>&M#Lb! zNOJk?`;$H6lg6RPDBt!l+rorZhRem)FeFT;Uq|ops4loo$}tsP_+eAO96SQ3BDEuxDW_ z%>%dY^(fLC#w5&0V#s&=JV5=6`k?oWZMOXubqvpxtNA63ULGFgFhP<=R58%J+eiUi zhN@S(+u|}}J(Gv{S{r$<-l}3&r^Ds0>kGB~_!_Ng_kR2BwR}RLcDK>j30~eoWG1$l z-3p&*$J&OXQ&R4uXHB}w%Jd(aoexhZYFm#7Up8%|?yk9X_=xvtCl74ajR@2ANc3P6 zVdrDdg@V!1QL8w#QSu^_eWaK6aK4dXOcd(=aKrVSdxpbkMCo&6h!hnWg+6zglcPG* z;Zx!0H$*Y*Q4T>{wX1%SAEpVf4tRy1Fki&>D(=Jab^vo?6Xo~rTTeMnpFig%kx18z?x1dREXN*O( z;CaZKt8OFv)fWeNBQK-#J6|LT3tm;e7hD3;t~2lQkpxDvQ> zyGwL!U40?fGoH7blFDQ@sg|&N6pAotuF9cw&-~0xdB=-rN4VqmGt~I=I0VqroWSAt z?u7WD)^f?XcVpC|@3?t+re2y=1KZB;Er^*cIezGWF;}d_1{a%QJ zMV8HAWwCCC*XpLtSZQde5JFSf@2(0xzU^!i=1zITMyDhjzBy38H@8+rch7v;)PxQB z%tXsCsjtd$6ArtZ%>g}oRRa+>*$+}+8z3jY&0X7dO4%kno~Th8@_}8yYU`zXh89M{ zMyE*?#zG;=a{Gm=ZAc#h!~W6!wHnnTrEOZ;4hyNHH2c(X#u)A|?bN|H>ZwG# zRtvDLEv<#}aTvHVbiH`6jsH!nJ!SnJ+nDU?o3Sb}k(z(ONqB*se(&AhD)3;WUsEDs z_7LFUP?4rqpUd6f;DM1|D`TtoJD2>Z{`{r^Q#DErYV(e(;6p<62U&)OgJE z;g@du?~$B~Ia%*SP4=bt6e#&<#$u_&r6d}qHYfygLO9C1E-NdgYlV3GMx*9}xx4=@ zrKSMXG*pnY+5F8?K1YzILz$BX=boy9!=c?tWL@xVWT!U$ipjoun@&4Ou!ak_=C3E> zz@8gnWWfZ^bB@en-alY4oPIMB-b+T=&Lf4snU{e;r!FnsH* zd$s^y=)EM&;)`-f&T^H>R?YRq8VxtPxR5o0KV6$kI;fvx`}YtCxza~Sa}n=>y-&wQ zq*YYUyp!mWy1S}(C`H`W+98!Ag|#;+AQoUFNWT{^GxGW%j+tw#m?f(eV)XX|%P(He z7x7~4_|w7Pw$q=}HK-7N{ zp8xs1|G0t<`iA@K>GBf#gEt1E7g-AS!=FF{F84McGv3zB2ae+Zxamvm02qMrI57Bs zF8%fJMIwY!shuNNBtsWdQ)xuR$4DSo_gN-{V6OGa=2$E&cOjA8ETP>mPmqv8TK0D+ z8;s#$4#5IGwY%t6!PnI9kq&d+3VewAautMFAMBXFAe47;03g6{sr8!v!M)dQC?e-k zk&&VNsto-jU(E12r=wA#m7~{-c*&nGGA@Vd zU{*KhjyyWA+WYnjGacs~ceNz`X{xXfA`V@IYwu}%*AF~@%3$ulOzdenI==N<8 zP(UxM>yZYCK*|A(%*j5x2`LVaH%wu6FUo~aiO-Jgt^rx*!h^FNg43IcwS-C37cc7S z7lij;%Wfq0uXRIeYwM@AeqjhLeO59x4OvL@Anj0MMR>z&AY*>*s`6oK!HC?X9NqbB zKD!TNLCQ-H&CcW3Sv|aWx2zhxdLBHng@8?p!(^08#mUWW;=rzEkdU03njmxA*nwZb zw%I(hu{T8esyC>r@qkKPs&7kksdWw~zKY79cv^oL7?xGI{S0uvMqoZ$R z>}wq49pA3xlr1lRKt)H7`xT@75*5ww|7roGC=Uqm^A}%tI-`p|t9EuZ)&jCKChKmS zay{+#W(TIw+Ob%Tr?GvDgcTCxVqdd`geYfwr!N{OJMH@QJXdkZUVik-CdaKM$0jj^ zztc6KYw%oqIq>60T-M$1K4-z+P>&Riw{JN3D0w^XACE08u)sa{$QYOy67BX1v`r3o zxd-&mM@;4PS*q}XN=4y?YSL?v=a6Ay; zFtEXj*l>{K^u3FQM^HTcvYVRTy1Vo5xvHoX1q24q&G*)^utbhcO)+byG{q$)QNEka zmx?xG{c^CtP>6w`_pZiZ^KLG@)y3`TpC=Izpf9y1d74MZ=KkHq??HVY5g~01G*_Gr zTbNTwP%tCX6~7SOirR96x0Ka%vg&G`;$y1Q~InNFnx*w3`f#pcC(M3AKNq6%)lCq=|xL8XAU4212R zGEbM=-Bqg(F9$?0hxtpeO>oM_Qa(MRSbG0gl{5TI)=(8-g?)NGrr7sv`RPC@M-puq zujM>NMQgP>=lEEj`nBJd0}WL-$8dZ*~~_fimXV9?7%nLVIz`;9#lQ zDw)Jp7Lu1UjFz#$ zoX=>U{*amIYs8LMg;Z2XLC44vZay2f-hcOu)F|l6jirC zdPx-KNfX*8igrwsaA_UQM&zBU#$*CP4E1%$au1-)O(`QSop297Qj!7Ku@Y15)lT7_ zw{!Qju&XNm2}Lv>AZal5`7Lr=Au3w*}pCFysNpVz}It) zm56k9anUBSjGs^FXunXr;mJ?uH|W1~qcPzu94RR(8V<0wJM#3SARYaJhlaNKa~LKP zUT9@j{^jPz4I7WtDz;%^A!BT8p5DYnj#|rrS_E)#W1S=0d-S9g6%&EZDqaH=YO^|N z+?)+>S5~m8=hn(3@pk7eZEWh=pFNX14Gfa@phR$b`tW=Hqa;2W6V z-dqm!`|)Qj^{PT$;D$77UxAjT)-B;Cit8%Hwd;r! zyM|u`S_WQ_L;DY)1|B^DW|Hnn=mcz>0o$!1F+o>EiOmX#A4ni7EqHh>c}lsxvG#;m zt)}Fo8;RF&G-~VS;a4R7YZ(*$D`0^JnJ>duiVs~T00jW`zH#eJ8an)@H)OV?NRBewqT2O0dI}5~!Yx5( z31ISUl|lW3gxe^^mGSq`2Xh2?d_Y1Y_R&4^%IohY;}7oH=HrOCFYw~_q0cS9PgK`h zZJ_T^R(&_lrG8o|Ii95B2m;}b=-5Tw-1))!fo{fYziWm^>r__PMy1G;j==(X`p^xD zcL1ZP+G$)e@`fb=HF7M_Q396(Vqs?&dj86Yp&-lq3iWaWdfzj4CVI6$QzO@YS8-3> z;@oD9HQ3bTc09crJs1UbmNpyk)P3hFIp;eaxO7ffZ!G{1v@u-@4V95|XfvGArrpT& zIw!o`Z|ErEbdO)4+i`Uw)lQ0+d!+Qp;>6h$iM2gftr5g>9FoUKUQ7QTMWbH>XjW?q z;Rl&>L|=2WI5;@?hw4KprEm{_E%}zU>9)IkK~vvcZ03qW%TpCv>8bke^+uA<_IO_2S#71Q zmmbqF*?p!fBIcErjm!J5BdSyd1tzkM<)L#0BSa&@Y#q{^HTIT@B4|`Z_$QB%9Z1YF zj^>ZPVL;wU5!rq!dtXv;78}KJ#F)K@SW}Rllr2n;SH)Ovfcy4 z+gyyaN*?}ybBh0$a<$K>6vr<)CqnhoYeTe93itP|74qgkk)x=Wp6NEZM3)($EhE1r z${tNn=T>Jddt$jTzBwhtWJQ#nl9*T)o4RNJ(}}mg2j2kH;&Q<0cAg2JH+2c-_8Q%c z>ye{rXw({CuTREZY^V^ew}R!Hxs8{RP00q<`uFbsqF2PlX~JyK`JFz8E?EE!_auJs<#vgaGPEfA3ne1+XVO(aOfsmD>bqB5 zSG)$PK&^_75zB|ty>PYB@Gt3QtC2~K)2@-KN-20lS}<2XT-=0d8xFdLZ@sS}7Kl`l zb$vLc4CPW*iiVlh{{m3Z`BB`rvivRbjrkTz9aCVD!BYfbWXWJ7zf7Csdf|{WIL*%I z(KADYSArE@lVc$YeG9I34V5i<9j+fh5*PxA!c{xD*mxdXuMPWL#Gw^GGPAT)t39-c?s0C90VWS6uOsiI~|GcZ`w?!1DJ3L7(Rzo$GKT|(m*rZmbHyE zVbf|CWs_IEYFb*xSluz>9H~?IhD58$>5ib_3@e4@H(`aVk&J1Y1MrUP$KhOLnTahi z)*+(9@+0XAsC)gdq!-T5c?gL~Yp%86HxAX-ljhn@$B5wZiwb#Js>I4!K|DM67a4P* z=}Eyr4K8_gdqKfaj@Q%RD=Y7}gN9x(pnp=+?`n%ZH^T*eh~N3nd}nT#=b0;F9?-#L z3I?{Dl0}{H5?@l3kFr>5s@dQ+X5Zl6AnCTYkc(ei+ZamahR)p7I6EcffIXEl+XM<3 z@;GEbPHj7Pe)@P5+f$zmRjaLxFrAzx`8Rb~XdG4SiheS*Ci`-YyQXB9)y<5(&2pN$ z3#8ox(gRLS>9%U`0CcqI_&qI@;)?U+R0vF}5j z`u~*eUtx6690v*n*ard%Vtc3Q*^FQ{+Z|WBWdqAl7n$`@wECBs3vl3q#pl z+#|4_mZeG(@MqGhqB+KP5w*(*2QcHQ5}>`Cr>EA{!IgZsm;p&u;7s03>`YpCU^Sa<6pI&yWi7mMZ=z zZ6d8#y1c9BUuYM-N5$d*kmw|q(J?S)-&FE5TGpL3UDZEv9uQ6Iz`J(VbvOT!B2uzx z+cktT?A|{9vMS<4EES!|NW#Z88{q^S?sra+ZKq&omjaYWN?$H!V3)#!y;W=vl9NJW zD~f@d?pk51A(NHU!46AMP@Z#N(`G=5Mq^Wa> z01(7N_frAx`ud0rt#l26!l!U2w;_09+9Uth5_3Sa&3bZdY{ToljHn9<@~wvQcExqw z$^p*OO&zH6r#>U~;kU+=>RjE-<$#h)fL8FJk+h*FrXb(z*QWN&LPCnEX=$b8;_PCa z!Npu+6V% zGs?NIukVyMdrx#@xSqRg7rkY!kqjGXprT?xE1jrprUvt#AR+4Qxy(7Z3rBzWTA4|}r4eBLKCu>~?%}a!apg^6C6`LhZjj3ksMyR|_ z-(IH*;UjMzp{k<3EJZ}0Gkt20ZjV3Lh|W18C@i>FXZjxQK5^n+7ZqkG{V~J{TKMr7niX#!->x=FWjcB*#>g9x#tUm1e$ZEVn5VqUs zwS#?_fgwe_UNz+~=Q@7HuSsbpCW`*DXaCIRqIce_>+R;ZY%j`Yg7sgkidJ`j&r<@~ z4mw1sJ555LX1T>@58vP$D&-?ow9eCyaRZu3nK6ECk26dS4Z^o10xE1e+tQ=ps~#Bh zLQW{HGd7!hQKznT*Uo)iyZ;QxqsW1>_0_&4mcQ}eE+`QO_5Yax{4ZwMAr+#Zw4G zzIMKYv=7dSC3zZ55)#YZWy3ZVh^)|Tb1qN}U4Tamo|*o^^G+m7BRbOmpW{m5_bLi_ z8X>&jt?R-6I~>OG-FktJ7B_pvUsN)G;E0LE%E{?IJ$$^GD6Jv6p@Mw$f$dF@zYT3> zbap7OTIX$GKtS?DW^%G?mm3*{UoIBP^XIq~P>)(h8~6QRZjn3-D|3ME1{=fs#b&k- zB<^hsdi5o2yIvP#W`yrLpNMvE!caY|t}Xx4Lg_vnc<78ls3(~?N^ zAUPi5BQr&Oc1`~}$o)dnuE$2nCVD_u4+9k-kg~ye7OvW@e(+fAU6A#iQRPxO`)KNW zC(5UWI9%04UG~`k37DZaN|={r3pwmWN+9SmxOQuR!OQ`ARUhg+zv~r!P1beZ-Q5T% zSIKE;l-~wXIK;=Pnk=>=$7N>H0G+CMs1ItP-WYC|5~^xyj31Vw>$$Q@o=9wS<%?Eq z+;sbn+(i;Ak>@lg(q{qUMSc$>ee+ z?+^I92PS=qoKg+~miZVpfw)$+^HCoTFNTu|@Gte$vaP z)o~xXQT|MPXa|K|l^yLq{kY;ZwZJ~Bkn=eb$zw&^ zStS8kVlD3u>iiZMtq=Jg8TE2nMv5&fe57pAWdIXzW50i^WAi0HzUdQHgd0In#%v`dSHkpfg`b( z<>w3je0E~EUGO0KKhHWvv_BFZpEEKZ5FUJeumGZI4ZS!Ddn}5Kq9V_zQ)f?!e3F}* zHRV3$W}0s5-bO)wK`FX(j1J*w9p?At56f}cV@{jpP~*9CE6xtbc0K!1#`tRFOXTWL zBi3$SfL7SYv-P-)c&ZFi(&`VZazND-71M}-K`wR8x@V*$8MJU9EDVi-nK=Py=kxaZ zxc{7V4pLvP0pjAsj%|hNJ7hp0`Lb3Db(Yh$o!zYEEtY3Q05K#{1Fu`xU<0urcJx?MOVy=;fBR%B9E*^U zkI|ay_w4X6j|VE^Xj`%c2Z!C*v=-eFquVI@Y5A+GLY|}f*xp)N{XKbwu+YgZB{r<(B+Z-Et%);1lqP?n@&0L^Qa_#do)-jYh z)5wJ1>R9+pLtiSCu{INJ6OA>QnixYJ3HZ*`rt`jwgQ$L_USQ6JDeRp~& z7FW#aVs0)=W1B=xm)Gw&TI+eUn#Jx{(3wUrTqCs( z;%{0(IK6@k882tTQS>49!vids(UJ&IsQSR?z#%S>pzIZwm0NzkizJfmyLTDw(=ngM zT#b#pK~9v;v9hEN#7^hxzsER`EXYr&C38n(b4WUJ0m*{M^SuU#>}*AMXFY#>E=(4Z z5+}-L%377If2MrD38UJ+cz^F%-pce~(q2~~z1LLOBpYKvU-f4z@n4vEJiOfGfN6{Q z4!#I?xV-bZFF@LvZN~>YhRT+C>q2WKa~*|GX6Cr7UA}iSgZyAV<1eZ&*A=QwM-Aop zZYSO;B~QCA1GOuwbC?Iy* z7&5C6qJ%A8&}UZ5+|8`Y$ZSwkIk8%lXOhzt5k7>CyD zNOhS(_$P$BGE`2E@sh{ZZf+SOC{#oQMGygC_<_hMsohPS%HL>pMd8L!o`pq$AHzWX zNFaZVXJW0&pYL0FATDbruYrNPbi?UbeEjM~?95p%V*tQ7l6x=mwSL@GrOT)$jsOwp zfJgpZ3XOIf(e1Awdww5!E3jQVUtNhGbvApxj7!3?jhlim}z|gKwXW458yy z3O3WSgFbhC|1NJnIW;AnE4yT=a1?Q->aw?J_A}vN!6-I1C6$M$NBrcsNTr62gF{Wi zK}ifiiUouXRhr9fto7UT`WMO>^5xVoystajX&QWvc@(bGjYfwAT==azfLusYCXtm< zgyN4iKReyv8;4n(Z|R-0t!;t}*g4hQ3b{`H+~4b!sJxF1AFB#~NnlL~3{NuSvMQ9! z7yJEWMz5>6eR)|0n-Gr$hbS*xS{Guw4`dG~R<8Guk;Iolb+5atBzi1Lwq9{Dt5N;H z@6YLBN_P{QV^x*R1w%Y~_4)|XVfgKBw0V@Jlxf7oJJb@;`lzU=8rZ<}bfIMTmym(2 z9W;R;9=&ag4l%{$aqr>dCx15(OQt}sH(D}y^KUnzLVYz&l4NM{H0jINUZA6E#J+@# z#&*(9i=Gmzgi7yOnrKYSap~bRVCf z{dQGUEFWlORhWs`l8or0uFNEzbR1`3V3@K_%?|)LF>xw*78#^_Q~F1(ZmLxtUp#M; zqK7(sc7@CKDDWnbkrn48BzkzxSrbPwKk0*?Uc5+}lk5~Oc!ePKNZ>pEuF57pt}evJ z#-<_9QPO;CYU-ogSz=_;qMLR3uH!eJ{G$NL9YZU9h}Qm|fGw#pYuHb@gdapB){VU~?E3Y~ z*LX(@2PdAp`oc*ec9G}0Wn%ZN!S6bKYU?B1Bx3wB#qRe5=lU;aUWyi=_(uN-`tvipaI5X2PCN3n3y-I`|EtPjziraE>Vo>X(BBtg@ ziR_@|+Bl#iU26kA(O~gj7f)Y%?3Wf>g|&~mtP?2=6|eV?hz#L` z^p8ygS4E)?Hye*B9fTa&!D1N z1M3r<6YTAdT<&%I56hnMC0+at%5UB(atW-NSLBEH@^?rN&5vg=n{5-;M*+=3TTWVj zHAUm20HhRZ>D*w-)Pj6k7W>A^O0_udF#MvlGO*x*K!+{KcJ>hnc?v6Ptp6fz3^^_# z9dtyb9#P-yDEK=f!jgeLo$hh-OIt(3u)S56U&;n7u|x_H2@{P{kgR`EK|3_~BhYqj z>GtWtRM{e;ye=}sFLCYBX$?uf{rMO}d*Va&V3EP?6+$?VBNaO3*O)QFm4^KKUXTM; zVhFvAbWu={J5ITqn_IQ>-mB{Kp3U`A6DD~iUT$8QR9Q~xN`nQTEIp^5$+*}QhB>tx zp_3o)7#l$l#qnh!Kx4l->cB8mMdm!*;9ivm9K#Idp_rH|_tMZ`Y}Pj90w1)&@AOzZ zZe$Zp2abVi>H!?3TkSB1ll69kyYJn$?(WUyd(9G4LieS(KiT2|)*rElt80K=##=7- za2Td-j;}u#TI*1^bw$39Bo~`1BQMv4md@5Udhol3rqL-B^sx}VesI4wyyq#zc=*R4 zxAt6iY@5QBA)@|!k#4>Xp)n~8^izx4!vKkuDX6+`%P0p&y$0LPQcno06+Twa#exW{ zk$g-W;2gd5YppPBkhn7R5x=$>mww-GtgESY-P0DZdw>9?Iwqje7|*5>C8&PQ{6ofI zj~64F_n(zTKum_V)R<*z_O=6dqr=+1g^gp#-K=lZILOve z7_Ul*M*$Fms`vBo^8mC9dj&^6LSehA@|SX?;`2nG_RXQVm{>}N)N(#4=(UxpWsJ{t zbcLLvWRkdI9i zTfW24Ziw+V)Pfz(SVx}T$1^M8At;#9d~O?FzgCJDVfSGVwzkF<`35~9>RiJDO8U=` z%@+w^Df}zlP8l&|D>5>2lD_w4)5$X*HuDr_v}yw?!bw#=BfAduI2Pe+Jq0kaP3*TA zEiA?`rjm0DuGPZywqwuGNynCPMhC1il%~3`#_a>#DEjIZv{i$$vL@|=Y?`efo=+<( z$u(dYlawnd$xQYys}VnzevaI>vd`*JFA*H{5*E4%9B>^Ql3%E)iztS zIgfdNMTPJq@YgTf4E&m1wOs|##TEb0C&|K5t}p6rNcx13thJ_p%V882oZy{dUGD1p z*N&zl&7N14vkB2lS>UUDi}`5^C~7V@2UYT{+_Zn}^EZWmrAT)%Q2eGp)+icD9oT6ykG!l2zP_#>w%feD{JZ zM$H;5rSqZfL&(y=0BReNEI#LOC~Ge-HLG!|E`{fUSA#;h_|#DjX#t7pW4ND_LD`2nzE7@APQ^N+CL`t7;>Yyfy zg8pHcBw63RYOcXs;Otinj$b&7K(yk=-Q}U}iLwI{KFgLGb;_hso-qX~iQ2PObUg{~ z4Z%T6x#6hWp2o*}ynaGhO%WCgpFO^3I%Iexz#g2jf0@Gq0br|--=f;zJh*3zjVeNW zc>&=oy4DB|a8`AUe3!tWa8MfRvYBc-D@;)~e;4IQf`27j-gO}Gv!g20W4_$p`QtsA z8vL6rda)7DPr;QbyN-obsVnE*CRqDfl=E-f%_zq*UFfZ3TbC92{&ei@so=gf`RUozyVdRYSUZcZzyv|{#bGQgiiOaA3-%(5zlzCoKoE}Q*&gXpiF?-aGPM6eJvCBZ5Ra0RjJZ!rSnVlvE-`&mb7-hgeKxB(% z0#}p*A|f3e(;5&ULQk0;U~Uu<8EIvyom66ZwwO1$lW`v*sq<_m$*K-~3th~ZNfCfA zUhcQmlw5A6=bmVaIat_le#+A5{Ql1udII2+OK*LL86Uh4MGWdUWR`i}zV7aRtYDUy z!w}nWCs_oB7>`6N@=T=k#vUgpCm>~2z?!3u9i+RJnKep~8R9ziU^M_M1=AOa{?XI- z1yutN?yx5#VLpTAf`G6u-g2g0EO5!R=28Cb())9?U0OeXsz+te0=o*qO!ht^EnzW~ zd=yXHH*UBOKt>?t`WzV%*Ed*{t@6c#hhr)usd1_@y>0X=FD*{u!Hb@CY@Gp)XRYt|w_X;1X3m*4=eZxpvFEmL`wLWSCUjJE8pwtb-6>F zcJ&_!)}xEE#NJg2oKnKg^SiGnBGu(Iv=9!uza^di)n$W9hm6tUKVxUj@!NttdWu4t zsT3kLt0POxWELiF@|Ce@L0#r>ye|es0y3;F8%gFTi?&|)N`Jo|gNB7=NLeuMZr!j!q(;SUOF$pN-Gajr=PJe8&az!nH@bo+%re}p0c@lq`{oDt|Y4vJgJT| zQpgnP!0$2sUW!62bk;3bOK-jIWLGQA3?Zj5qhF#?wFfJ1b4>=wC6m#t>r(KhM@NlU z>`Y8dHkEYISx^Yb_x5(^^txwS>Coy4q@)wYq-|{UiTTb+h=|NU&)wgpryTep>o2I6 z2n3A83GZ&K$Np{ED7b-jdlKcdruAF#zlGxIyA1S|l4@g7?{gb+#?*;JMlBtFy2&$3o_`r^rDfEl8s`xq5zY|-99_iZ&u1#!j? zYO|r8eSN(HoFb>C_rqx@DfI=<5ANY6waW`T&91}WCt!>))QHG^k|>cn{VNuVb$)Z6NXjzR=XXv{mKCPMFBO62XE&GaxkFHTwf0i-k zCA)Dqh#nZCNtEmx3F8UyE;U=*Rc@LLF0WuDGoH{ z7DeRcy-yWlS2i%PT7Be%2|gi6QMg}PqYMlKHj5`rpb&e0+yTMrNC73$eAbwB%I6ouf2sovqH#e`{%F zCC?V5$@|LY`}Mv?Nqh{oR9|raLIQO(uVj=ELfiuIM)P+Va26>FMNEnykQjAb_o64b zpHq30D@kM2H>M-Xj!p`iSpY0@x!1O*~UFj{KApOH9ZC8l<2gE*?JFvt4)7FIx;I zz&-kUyx~-L@0Go09%@_h@sh}t!qg5PsJ8%%v~s8Yf%JKVV9?eg!m9dk-8NV={BVP0 zHU9hB^WG%3&Z?P1AKvDahgj^wmCpU0pY9XXzj(MFygl7FFz_SzK9#dBXWw+0)+^H; zIl>YwX1NqWot4#9`CU>j79BdduT(QUakTX2u>*(N#@wtuT0c$qRP?|pW`9G5S5(mGE+LHU)=GHQKeIsZMrftWewLy;pL#sCo-~x zl%2G+uRxcNsPS{uQ?S#XJ|y@^-pNC(aPM{l?KGx~+?eSSxddQ%#MMptu2oG-Lz5)o zW@7^lEh={AzGM~@RN5il`L5NirR()E^t$I^xU*)+st8I*O{h$-axT_=;rCtBm5wKx z5oJVQ3MT8^-XUMTW7#RpdlAnL>LQKhKzCua zgB!?&vnn47MSj{?T7Hg=rAo@9`XDFwRcj#2i|#io_^+(@5{)o2H}_S%xy0}1QC9dd z#@rm~Syldti+1Y{kb?=Cnk)XOm9m@v^kVj6)#PS$b4`eRFLwOP8{9y#Z1K+7;q+s7 zXq`Z-IP06+)o6`Am0^C`*W;F_%}w?(VOlTg!faqQA`5QE99lpFVW^c9xp$?iI=KJ4 zOdPEiGcz0xUn}n~{sOcT_BAfn>e)6QlR5KvH}Gef$|vzpFgXn3mV|lsC$PqGq!)tS zoi+V+w+50Q8!qfU|4}Az}n?XPqUGbN%g(N)N-&NKc&lcm=3N(6cxE6~ilW+!< zXL5B7wH`TOr(zH>4{<|Ok zZ>EHlw3b9I6f?fQjf#mk?nCpAr{if-xar1#mIn*t`hlQfS?}cr`&PjP$tlucwEtOaIW_ZL= zjZIx+INK6hzdWY+#y3%XOVe5vZXDrWlOIIzHBC^v`=HnCaYKP&uz;{1dwAI!NoL=t zQH8 zn;x0pYZZXBF|3fr=p|u}hnY{dVpG)%Q8W1vunK}DmQ_fbK0JrM2VE;ed1jjBN6d1$ z+&l{xCugr|g1(V$ocB&Lj}EiBR1^uVyL-x7Z?`YQ@a>+~#Sdz%-Yd&_Oj(0;Z9On# zZX;;4T*0bW9zNA;HkclpOtqPIcV9+LWANf4#dNg}TCUu=Ea^<`JwuyNaFA@cLcDU? zruW8VDt5&fqJB1pjr#P?buuD}j-f>NB8LBLH+?<*&Z{#(B&4sjEr9zxw$8=prztH>%valAnpj1!DNk2F(%5N&?*mr&!l_hN%Q$A<`JBpJYg_}E6LLkXZ^+PlUW-7 zQVd3fb|n5|C9*bV7^lXUgk(c)EiJRjR+XHA=QVp>HNo#6l~w5;w|wMQn&$xNg7YVs zVPbaYA0nSWw|4E&A$3(#!zJ3R>nsd6dirQ;G@gMhnn*x>Rc!dx)Gz^xZLKL0D-k-@ zv!#g~5SlSt7Y13e@cauL#2}^mDhbRxOVU(x=J5`gh-H!zKy9)K=u73q_jCP!*UsWd zDY08FMi(nEYiz{sHDxe|q6fhw)h(1CDxP)PzaBmS!f?^TOmJ?Th^K zBJ{}wXaQa;YiGpcEo&smc`LV18`;n6`=0 zu>j+%0Io2n)E5uj?yp#ys@1wx4tGWNb58ZzvkDq_NcSqa_UV%r*r!L-jAQHkxWoSV zW2$t4!*#QCgrl`tty@-nbGq%`18f&D4)PrlEg6PaiizBv9WyJL^K@icB(9GPBc^L6 z*)2h`Le=>rB)GUmAMKL0$b8Gq03esmNDsX!g`-;%LZoUz2J1ePpxtyHXVl7sTh)H!P*-Wej~HZ$7!6?@X=}N{T0<8JwKGjk|7e03meuY}X=q)Xq?aLD zeJNV-meozc{lNExTc(=GSrMYR@lRiKb8;#qPbA~_>I%4`RhRArLRkY0fU5%7QQ;V? zgO}W(0q*%lOK=MTC`&S$z2C4VG^pRa;(Ed%iam&+l^|U~r;wrPH%0kB(J>*QLq#St z_(^{|k_6HyrDoRe-+z|jNpf6~G4HdoYba8$eC+67r$4lKElb#VZi1Vlz+U!pM>P7{ z(Gr_zp|fMs1U585c);k;7hH(&*pqJM-XE9C=jzL4;;B}`4X7uUi!UP&tLKdFIXEXbO=O`p=JkkjgYNn*5#1Ix=FjA*KFO=Ko;fzk2 z?V#<7j{v(axXV5fx<@a8&gx+sOWH>n)#c@Fr*~(u1*Si@e&7Xj>(03y z${B&yibjMi!+jG`&qAb)Ns9feAGo;QjiT-nxzRz7Q{88HW}>Ndqsau z*!zxgKALl~KYgJ%Aqda;Q=yTJtZJpadJG0QB7Q8F5+7rbLR_;4YZ)?;9s=NN!SkQ_LHQJt!Aus!M z#x&(Xh%jI|%3@aGP&h#7@u{h@l=CW)6?#0aCjj>vF`Ta?R13&`vk~$9oGU}#m&of3 zMpz`kU?=M7a}Ss}QUbPPQjV*&d5TZiXM4nfwB|G_TX$9_6|LQvWG$l3PP)$LZo#2@ z?^3v*DN@S7d@8g>P^{{|oBY4gqf{axLNTiU&=^0%gj2!{dSzsePOtX+fW|Y%#k$)E z7nbcDvFXiPX`ajbM+Lb)S;kf=;&~}s0U>xZ<;+?OmxCms;Q;&F56wIVei4jzOq7Dv z4bHb+osk?dc%mez#RCqj@|xl5lw7i)Ytc84RTAo`$3~gy7;Np^Zz@s_2pznaC5fmA z1gW#Bo5NhExi~=)@t^j%CugQCBmLKD^s&Q?C`n2t)3Lv(#Hq-+wF6{s?T6TK!=%uk z1Fsb=$ehax?qJ$T<)9y7k@z7Z9KI>>IG?N`fA>))Amz*^_joszl>Z6Q9&M zgfM3{L945imUL8fn4ugKoW=81_3kylv0DC5Vu%IE1Ai(Ia_9Ul56t!r6}$I2I3~`K zu7^7MMtVrlsVr1}xcR){do%&%YFEVevp&_u2;#jsU!Ql3#IEiWR8?wG0wSxi`9lx9 z@kGJ!WIU9DP?Ng(r(-0oxbV`_4#BzN$r=PZBD8)54{R&wO5W#u44Q|25ZBj~7ab4G z+h84O?Ze;P?%E2(4!*G^s}?+at!vC@`hHHStVu%ry_X^ML6-|nE~x^E`Z&C*-Q~ze z`kAm$y@S`h;65Y+A;@K?=zd*&lCMiDMvxL8Po%2TO+}_)-#uy$-@c{rKd#NQPawmm z%fPO(F}$q)2>Cvs`d(Yd2?*od_{=JnGgT?u>LPD0RHJH)R?JUb_2?V+FoX?^m)*{x9$^p zl!v2=-l_QOBIg{$26A;#<8vN{NfG07*QA|Jf6KrBueF0Uv^VS?W?tl35LUBfcWQ$cUVZuqJ;9`#iITP_cDpStdptglQj+dlH|XXJS_$qAq>BTiWrBE3o8knX013~jP0CI%FYEF#8kA7^3g zW-k9N8IA&seOwaWZ8uMkLI12m7T3NTR1EbC2`ln83_GD ze*#bS6JY&n@kWc2`0bK#DUKf!2`MRUJ!UwKFVK1#620e0PP|JmBsYW=1XEIaTF%3& zQQUCE0Cdq;tS<+X1HIUbalI-zvSMPNYJOQTPkfwKN}~)SgYd{B|-3Xi%{IDW3)XI60;`5x!H! ztR8kKD~nCJg6O*a=zL`)8uf;Qqxbsa*yKkhwdrckU@Rw~M zi%?Nfz3HmJ!6INu2bfpau7}gWYiiy&IdWic9!Hd(C4SjNs?i9%MX59<6=ynsC%d5x?%oB~*a-&8D6bv3L3 zst+a7mB3%mXtr#&M3HY9vyFJNT=E+wLESRZWFq3udm@^55(V||W7rNYNet0Cx*GR(|q9n~)i*c|%LlZN(g zCkv?nO?xkq>fil?YeV5rDe8xEfW3{z`RUJRco2>h;YNvKZW_(OHT-m$OsiR6kH5Q1 zGp@@d0^BgjXEGTPIyy3Ka_B$z{)SI;zSH9m?e$A0hUvf(@8e*({%wU1D3G2`ZyqP9 zl}Oj8Rt|46QJz*+Pe82Rm(+%mk%_y3|3MnqiKwFYDrWwu4F9q`!p%?ZKP-}k*(IEw zHX?Q@g}8pxn15}IM{j-^Ecve||9JI3ChV`ze-;)3p!YCELoKF1rT-5f{@1tu-%tE+ zlKJEP|0k$F1oFSV{C|S_-z4+L`~QCvl<>&2_xs$hT?s4c`*8j=zyD>T|82MZDS=*y zgU@?JoDrxfA$}H3l%$U*vkQ>xQ&6^4r&WLRq5jd-qnQAv{@%a*EdnZ3(Qg-3eED`M zQ;ZoIL)o1(lDKXmA8=CsW>Ejs(`=7`kcaF+>VOK3zdywiMvJ`s;4=UKp;iUGph4YX z`&)wRk5&Bj5-8q(L*l1M)Ivu`6++fPvbD7U12m=rMgadR6oN!@y*c#y?}7TC59Ocn z%ecMUMz8vWijpiWor?*e|J6gIqGHcGXmI?*AV?2C43{7N`2hclbN~BIe+eMwH9W!B zkwp;$`)MHscS*}SRn&R|e14xN)k^{bL`lfX2hH05#|a1`MDBnHeK|lKI`lrqsmrbU zW`mY(|H9_cIE#R4m0{4UORAG`t{3>;pS-Va#_+#rNgCix&(-YN2;AcceuuUB&dxLN z;!l5KX$kG;AZhHUf)pvhbO8V}f(ucksPOQZpe{NK3yYY508|TGTS72b>8I~H?nJ-t zo^1_XSa>=mWGRTQMJ6CHaHf``WO%b;zpyd&tBToFoa}kTDrswGE z;bN2WS=F~Fyp!+1j6jVB{QxC2>zIyatZSZgyG4ARI}ptI4%CYOF@d_LN~ifF#P?{p zdDG=iFq)({2Y&{6S6_bwTl=Zk=n4YA?HXFT1&UoL#}-()rwnMo&24_p-i@zS-xZa%2h0kI=bGO&!9`e0?=1-nesHl|`r_H%yw zA|%oK0&5aG3snL{`Q#(upa)(WLDQI~-)ZRkXEwi3S7Nu_1wCu^s@qKxq8+sJt>NNVKZc)hT@SRJ_VrnUcE)Eoo{W%{cDhJ0 zxm=^aN5Tv?R7*D(dXKypBHMnY@0`F*j@@ znlJbreyo%Cn7d7S-NFH3cNTME9O7$xL)f@`-TBwy{+<}>JrNAu;G{qIpC9UFu<+8n z(hm6(U=^g7u+f)tuwhh_6BDv2+RV#c&ax`dd24}=On2^oJ4(AENNo>Lg+g*myCPJV zQC85J!i_;7COcEpcrADvac33j{f*Sj!b;JmvrkfMm17EV%oizd>$y5DpntUJvD-PisR+U0#jG5G_*HUp za$)Lir0Y>-O5i>gnTM(Z_aW*`6SG0A+IgViE9V{6+O^SslileuWz`y$%*@O}+q+jm zN4%FvB&`+Y`F%db!sp2NUolTJ>{@CY=jrFF@Du$|t6X93CAyyTcgcYiN1}$^WdN8@ zXQhFWfg!Slkpws2aAJJay4&k8+~CU<`L+M^gfA{X4e};%ad2$9zwsYLM@5x4i4aEN zX3D0wid?7QhnjqU}K}_gtkg*YIwWM z#kYaC!!WJ)9aJxWbj-Pv*gV@MSZsIB9L<|=Wx0E~F#yWtA5h%9%whTAtYEqWgRiT#(V|4EDNwP>wghGNVr9@ZdFTWm||cGAg90X(4I`S};;*bIi4w@*)Y$+1A&gF+D`8vtExS z_#!v;mWMB=vQoTgE$k;Ii|AyD4yer-pko9=X$9ta(eKdqz}K@6F?pHx>g};&Q1Kio zm4ORo@eSH`+YVRl@FMHMZPf6p+R4sjVb)7t!LE!5?<+f z#v)=sU8Ga59a!+3*|T2jZJl@fB6m=*owqcSa^CA;N9Q6vnAOv+mmAn!EM#DUxELc8 zCe&Gg6;LyZ`$*bKLdhWp0G!QuK=pMpGpVvG3t?m)#&Nq#50=nqt|yWtvVEqd-R7 zBYyTKtHrXLH4N=5rv`I(+s`2ymJ9z$NhBkAvz%}!f&ZK8eZ&sca1XQfEGK3EGvRA< zNVa(Z1}^a$pX;KTv(L>ed_9jk8ZWv|tkcDLfa!Q+Fu`H93m_Y)ijXFyTz=hddbm=t zUb}fqXV-9>?{$2cqWZPxvon0Mx0gXuQd~Uw-F1tot_6 zb(8vjJkfA>Px4xwwE~usH9^O&QSAQu+obO|4`R;htV-f{cjZiWwwE?!{D+%Zw&v&YM`5<-1)iDxRhlj;hi z46JwUGfgnaCVMpWS$eSAsoUix6GJ7>8;emI8AaJC_s>)StH#k-`knHE_nFPbar!NV zhW?4ER_OuTl~)&``HUB&xH#6T_%`;d)53kAhk4m$P)3ZJWcSO54iO+V_DoX@t>hND%!8ix3pAQ(to@-HW+%#N;w3g)fF-L1qOTU zI9J5g|B#$1&i#0^ztZBh>2fCZdSS&7II?d4YSHr@00wl{x;bQcsZ=oPdwXn(^PKV; zV5>?*b07a9MXVh1*_mkUq#Y}vAIK9?0^?%clipaAe=S()Vf8(HUGY}0)-fCGo*q`k z6Z<)l0^e(yN~?5<&Ha?s7o3}ZnObG!uj|!|tG-Y;QvvlRUjJk|Tjh>vvQw$GAvt>z zg`Dy9(4;$xm_8%zUG4g$PNhJZBQS~^GI8XB^G!#m5qWAJyGTVU;?2`-u4W(Qw96Yi zxz7S8s@-j8qq3|CbkIjWOShiCfMhXKw>PZt6kJBZFTp+s-`3<3Uz8mlnhAK-gc(Q! zFvp14XIi(dju+jS!~HjB^I3SI)Z@@yi6g|ET|Ta}zqYt7n7G+FHG+ggTQZU;yTQDV z(3}N4!9eA^-CPo@L@m`XaOR_-H>2MF+_~)WGVpx2apfVP|JPQtNM_1eQ|e7)9kilZh4uIz%(yX%p2oB=Is^Uut|$T6YnX(sFx{M}73fB(Qwt@e=#rvq2zF-jk(aOT^@!H=uB#@p0;u#pLrq+x9+N;6_IDYSu z7*%Rk0>hU}^p81`xE*4{o>)5P6bEBzWZawEuisSgXIyt(@DO93VPGa>hG9~ReDm{M zhRN5Ot-F8Kj*%>o*xC2F(+O3@AI&W&*lZu)d2B0>6BoOis2*vq160i6(^1n26=uUf z9Q)P+H}4qkJWfnsPS=V_Y;A+h`@vrBD~IWcXs}H7kmW8YB%@A+!2jEWmaZ=@-xeo2?yLYbI?vg}TrB2SSRHbz|SG1hC$ z&F0$^EvJVm2?^$iy2b@{NKrvqg?ORC&%^rt22=K!T>12(OvDSE3s+q0I3A~sd-wLJ9uO;gthP0F-EN}-_L2H z_j@RYOQ9?e9GRXdiG&e z%#s$;RD86cHYK%G)R*no8;O|anj`qTFos}qhk&oy3s`K!D{pLhl*2tp-&Na;og~$7Bb}Rir7;W~o2>EWyiNj6Z z#8HWFqvZ-aOpBVwDFpoU7FMJ18|)cSW!@5o!_A|Y`Kn;C-!1_z0+sX^47(5zkLQq= z*3o)_e8iREjPhZ==EEOllFaMgoDH5wRK4NiN}?qer0&d1L}_i$rFtT6 zJeSi}erIm&RQQq<`SJR>S4cXc<;u&`+}!B#OR7RIuP0wnyYzAU3JUtxbhu!7EU79J zuP)DA$gsbwmuMSp^6-KxQ)B0ZmWePcwTkLuTBvm;))Mr+^d&MaosYf4J1u;6&YHo& z*~Rti+;GvJd?i#EHRa5!H+g5IXS7cHOD z=-Fi5%4BximJA)a6()L3H^$VxoI~7uI;VZm$nzrA0pKGv{R-kk72C9aiE`##0%BT4 z4yvkBuRWc$nhQ`c)(<$Aq)zIXKo z+awl0tY!!CaL(fs^gq+5T^H#Y_?+|`%!)C&X+A(-C3dQ2-2U`@hZcECfU6S%cN!qo zEh!amYbQ*+ca3{l3$$&pVlW=X`J4pGGPzxko+hd(d5v{ z6mh?Uq01rb4c*R}??DLcLw^w-2pA~F*JZ#~^;qQR1F}*{38E5P|Ck*46wCg16+Z)n zZOJbtrBK<@mM#V4_1Hj9XyMSU5bCJ%hXkd%WnPf3n|VqD?IR(_&3Rz*f$IX}#YL?L zvjuoK)gec2gu9_;qr+7bif`eyw0&8654J?T+={=;w>t3J#;1)`P+7t>P#?a5q05t{ zvWoL;;^by{&mSyB?x}0rxW__RGTCg`d_taLkVq_z{mJO@zIIUk6c^BhTTHpYy5he1 zzTxo7zh9qeeM+U_1Pw z2Fi*K6u91A_Iz-n1aPY$c2M=&X8+K~RI|?0+pGN^m&lB8w>V&0hO(|MO-b{qBCen@ z^MuPif_GUY zVZXu7!bhkZc&|%b`H1<{MEPuY`sTq`xF&d6=a}Mzbejg6?um(t$%zAvC~?Vkk`VR& zMh|Ct(x-$)D5o!G0Bq{@DVL%))8KQP<6uTGW&rV54I`tZD)u39nSs|KZJsRhCEL?3 zFW|Pdx6U=|7yC}t-kjv(l{YX#oc=6bRN zwd~a_Mgirp!yvZCMvz9wbqr@`Ow0u{_p8)uwV$)a>JjU}1RhgoCht3eP-XwZ%I|Uu z-urqu2}?mPH+4|;%~z2V;nOYe#Q?eniaXZy>)Ng;vJ&q}1}mY94yKASyPHera?^e@ zh@Evz-;pt-FkdZA-^o=+SCz*1a#e-lGDq85bqzrJ7idLn+QPnJkvms|jdu%tyx_ULOVq<^@e=ot?Rv8l1{?#c6Yb;lyM~vY67_@3 zf@ELckKJBMuiA=X56#!~k_orMKE|`^3bfz9Il=;4Uf^<8$DS;M?;0+Gy0C6P4SkZU z;MBi3q(8kPn95b0Eab!=e#{%pz!uD~G&)bOrNyIMS|BWdd@cEEe9$|n&Io9VXPDNa zn5(k=(Tsa!{bbL=n`EnzyJv4I80~Af%7a?cLLcd8eh>XI9_u0F?;mU(Y^2z|P4*!5 zKZ_MU*YTDXHO=~uA~p=cK_g60YUisGYlxfXe}?uP#pPI$*mL#q;uqh$D-L(SLpM44 zvW*wbj(wXKfcx%tL%!VYkcX)HfX4m$&_LQq3GzKR+Xc4t_)D50pNyd)+PRm4t|;uo zlQH}i@tsB~HQb-;3;sV1&g{VT^EbHV&DXcx2&;MKYEQDeJ%q>EdQ;SP)9}qMxU713 zdO;vMWy*Iuz1w$QD7qfe>}vzM~<%y zWM%efyIO5JZWPvTJn-l~E%KS$=&6JDz*Q2m3F!g=dbR%PvK=~JyNa&T!Wf`wDDeOa z+EjqDxfom2-5*Hg(Fy$g_9d)Qg)4Bo-@%vHbBJF+a4|}1A*4q$iPJf(P{~0_Rajhy zXd;rKNyBh2j62ajFk)Y<#@hQh(zk!#_slAZ&7mBf9X?qs!k%got9>kC*#HW$_CFvE z3tDwWDnzCv*;}};uZK=jb~kpScN1g-<$&%qc@}8%(B>a(g0QVPWn&aynNoRQtHx+@H|ZuGe*6`Yz1XrA+A|3gqYe z>`Uz2{4%O?Mwwf|W99>|GR&OFRs#9Z=P)qCRX;GRv2#d}n?Od~wv>3ga+93Bl$Kdi z#Z-1%(K`fLS!UPCEM*5MbrY&w2I6bZY3d)WT&k(7=Nmg}_~;&EV7Ng1R5R1?&9u(E z@~4*Jb~Rdf0|qbTcfh22co|q93&#mMq6LpWcP)@vVXb~>Zi*yKu>fC}x;=5;{45kM zpba7Sn5{0c5!i$4Z!`&Bk?$AR_j{ANe!F@{_pIe2p}E?5ZEu+%^(|+@0o#L(=RWDq zj-Bjs?P*BG)k>EsREh#ox~}tFyUTfeh#I}sfZ@^oxjMg#RQ6rISfu|Pvn3?J(-9Ol z901(kQdgAo_Gf1_0E8g*>DgytHtZJN;GR#!G9m2KBO`eq{k0W6;2)QNx;;S_qYyX7 zk(Bn953C|!*ItIShB9u4$|<)}>z;`SI~eP9(S6_ERK6i8Vx>RLE|z}pmU*sSP-fZN z8$5g&iI-oj;5}4>;3Zq3MojXF+MCGbhw96pth+QEKfs5Ova>kvRgU4Od`5$-43KIr z7wR`^3+kU_EVAp8K0ZyXi4G)o z9hfnGSiP-xV#YY6$@4stZcL*@*nLVh*A=ZBpZK!HTO6nmVY%A^9hrljypxr?MzhH4 zWS95Y8=Iacood>eR<$S$UT3*{-FFI45f`VQ<0vS5GR39g9x>s}wNctr)}3m?GUMPa zcC;wU#V-&QlI?-)qnBAZ4uuJw1Ek7T6@IQflir*J*cRcZxxc620f#sQtX zEJC-3(X>EQ2VqiLJ|cLkf6o=htfB7!>9P@=)ORK#C&tT@*kP%c(Mq1kxK~#ZhG1m5 zQipOD=jVg*A{$|uh^A#@QrnO{f6;-5DVX!oWOV6gF3h82)fc1w85&bua^fkk=FKs% zK}bu@V-{ff{!>Df2%uMNO7!w?>vKe0W_$J>P$sKioI+Jd1QDtOab27Z<%7J#P`|H^(6IQ8L$wljGZ{?Lqgw zf=2+$e&or*mte133xoB2t8`yNfugh1>4gn3(#Br+#>Id#^TxyqelZWFo2jX}%m>xV z+TbqvD|OuF(r62NG+}=K^Ke_Sws(?p6AB^=RS))49&4aU6ZuvF0p4osh8D?Qg1);R z(fE!^`~9R&kH)UnArhgtjRLBD-e>a#h-&k`w!mXr#@8y6(PXp$nri0>F&0uS&DroH z*x|uFaEO$SzCLBW%igQ0O`{B>sP`dHw)IWU;E}1~Qr@-;2zL+5s5=LNy|cxQ4d(=e z;8{g|hs)hbnqYl5!e-{?ym6fvV-8xhB?P}3iUJOJa#!%=LrlTr`N|T`tMux-%Y~@z zwA?H6vl_%)y|2sh1?$am4ID8lw3t!o$~t@#K^w~#bW>eFSK2)1!r$>UV{+=CPr3Lo z0~i)Vi2I4F=L=-ahPc@IPdHgSFePPad18@Y=if*G?)NCg=U3UZvTFfAPjrl7@bxM= ztL39{Nht5jI2%3}ooi`LKT^L3_9J`C{xob~(3i~kI_AgMP{VVRlfjhL^Nyd26M9qb z++{Ib@T3c-tPTT-iHK?6pcX5W@-;Nh=j^*QFDf+W+T7~GZf@u5O0G5!4Wt0bI#^l& zIyktxw#D0Zv&(X(@!;qpVX;xSngl?IE;7%}Z-Q5CU4=ltQ=Hweo_;K;C%+Pf?vMCx zJ$AiH>s}s9L+_?6sqfHto!2wgIScTX2D~K3=D7L-YcIshX27vr6d2O0J6YByMWByO z_mmRtzRh~o)mu}RW&H?5((df8q7oh3c`@P0t3a zw9?|ydkwcR^0o%3V>+0DVq z>-L2{^WGeb3bR*t-rjf311ga1cieZow>F2vtAI0r=sqXkY;G#Kwk5oEzn-e!-?vyK zbN^X;FQh8uD!c}v8End1I7)odib|s~-M-!^Q8fLO9w3MmA-9!&1$WW(Yumvt^Ka)R zLsCw8$2aNiBxHo%U>F5@`XJdd+HT;RX6(86AVzk}+U? zrul#(<8$~YH}{LViAeA4Uz`Yz>+u@BN#vg3njK6?eNe?s-)&6HlEw_)wSBqw1noHJuTnO&xxynHHpMe$O7 zNkvPI&6q|#Mq5;;d0uVU!W8@b*>b&UK-iEpI?gNkhRez7;sp9MH__X(WY%6q-%Fe% zZj1b|QT@T?w>{ugJ3u+#qJHq`$dm9c^r?2^r)GZBz3+R+=QQZOW0BkUuwSF6YOkIK zq?+7?YP($Fal89RT2Vv}z_wt!vMB!5yYM95PZ4z9DK7OE>`-6&IKGlvLi4rY#> z59~CPF;)-vIF9LR4t|@`{SXsb^LRz_Iu}0G=f0WB3M5E>O;g<57{yZub8tX6s3r=1 zAXfKfs~=vww>-NMeimdKqJ31i!W6J{Prj5}lHnzD!pk_PwN*9Tqvc>mlh%*-pW($& z3=R&a;`Kb#<~)vTv8VD2e#LhGutmHgtO3Yl#{*s<_++vBzrSZ#PU}BmA(SWJ=+gPpJwxg%LLW`yT?Krf^LMVy% z+*z-C4)mEk)s2r5la-WS(!ccUxM_Lt`C49>1r!eZd+JvgjLjh7k{<_x?lXj$f6BsVFQrSc8n`v zUM!{Y@$nDEV<$NoOT_42L4Jy>J)Yyw2q2l6qOV?4BDM2!>&|kJAOlbV;eGU)!*#|! z#_wtpO8~(B@#c@|E0n~z-+{>#OF(?^Gd37g6$9EhJ`fDp#O<-IN=u1~!sf_aS@+;c?W0$UO z(U@sBt8F?d1w?1FN7WTGaFsc9U7D`Q z`9>)`!}Y!{mVQO*+p$%vosL0K(3Y4~vEfAVGTQl)l0l3qPdhNI^mr;ss(o+Qz3I23 z!qxytm2BbW|59@Jd*j&0GrC%Et(X`zI!UU<=*5yXe0sPoW>h>YSD z)r#;FID5$)UUWAIuNk577+j>^P5NfX((dfUjh_qn?rutph}@w!eoy0XKPrrZEY^a< z#%wC~C*sQwl^4CG4h!XFq3QAtE-RN2pT1!FuzoQuMaLw7A7Ps7kWtB2TUDz^08@4N zldEl_Uo|dphPT4e%Jx34Vupuh7w3q+s-T+&iKInwx;5%s-JAWCz=)Uic;SggrR`NI z*8idFErZ(r*0o`*Kq(HzrKQD+yAvqxTHM{;o#GIj;_mM5Qrz7M9^75u{LeZ2nSIWl zcUC?`CNs&(FY8|SwJtHO;=8iV57}&eCd$| zmalEctIgxxc+;wVHJs>)Hex#p%B@C}+>akWtaTv<(-6b0Pl4-nkB^Fq8a9Kvc5jbY z>*sv5D3K`JA5r34Te(Nk)M8^}Rhs%qe))6zUYqcckk!zz3LQp9MK!Xo+b?=wRS??5 zoUUFqREqCtD=2)$qL59TmE-$`gw!adrB$A>7;}cq{_m#<5SIRb-GU+Zs@+1xEKAt` z>yHm9kq0QyYD*B=uEhRBjlx%zV2qy5!D#iNss#d;-9PaHHb=cnJ~+fFg_-S{qMEozrSj>E8GE0t804l|IVI( z%tA06wAylSPR%{YwWI#76Ulb)j!?y>=6<{N^V?GQ2RFf z&3NI2i`n`KxegUo;gi<9^4?%HA3Y(5P0XP0TXMSh1b7d~f-`Da^(rOH^Xho?n@dnb zQ)71!@D`g72`TowQ>3fIe4*Ah`0Z+gGoUSxv4GDpK1=eZg5)$T=OH`8}5*lLtK_bU7dkg53 z*grIYIMw&Z@HO{AYm1NRRN!>SOs{r}pcBOi5X7iwIFdt);oGd3hIi;!uYHISj*?B~ zn#=KcTwL4_(8Iv3$uC~>E9|<5*HzFP+0H;@Qokvk3e6s!3GvCmyGXy`U}U@z-&q8% z&JPxou{Z$lYeKokZEQb!WANp_b~XRAjsEWoVAJm(h)K_g_g|O(|9cfa8mip1kM+)` zb6}6}YAA2c;a<9~JIL79oI%HX(9pD>-rV)TeGDxIIf?VReh=leFeMlV*}z@(^TnD=pj%zFEmeM@1X#=0pfVXny>osYCs397}T#OM@OH~NUMO(11pOx0n zbUc-A&$!^KN>w*5l5inRb(OFb913S?{I4qX@4MPB{u@{j>Vc=q7^K0sLx+R8^C5;E zCl#yf)3f^I0Um$&KMQ^99(DSz3a z&KHgBh``3cST_Du2ACrI_H8$#36yXZ?(n#P!Xc^T82?|?rh8HkWo^#MxVE#WsE>7_ zAAy0*?V0kFztICtLZ=!U8XCujhN^johlefP*Gwuiz4^29BgNzA<`i)H79$@c+&cA- zHkO^CBPYM+eBHLZ52Ilp93Vevl&3-X&}LBcs~2KL1F201cL;dC9jAo2|5KX&r!EUr zV`f7UmGg~Wll_-Zf|bdSZB^GV>vq+5ZPtr~lnZxJSWAXkX(3XWhz>AW8MAM$*s$g< z2<~E+H!z`4 z2)mh{=MC2L^S}1b9;^GJnFVp|17aN|CmqZ^?gl9UYC3UP3`b zYr6WX*O!ai%Mh0#BwbFc`PA7OBg+K+bTd1t?9VMJVgR1}wOfE_)%+j|^GxY?j_=)~ z%i*RM@PC#*y$1|Ck}VP+@Hh+V7Z{VzQ}zK=eyMyXso{hxIXV1%wqW=GPbCIrI_`8r zZ=v@A*cEe$wD2@wv-#m=p!u^ss>ktn@xiYX&cz_*J!idYdTRc<5eLgAdrTY~$8Ylc z4Xby08oi}w@`~VwGkK(~n&8JRA`gh+htVVQs-%`4?8Q~-2Sk#vz783B^mVwhQZv={+fpb_)2Ax#8c{L zQb9=g>}(~NK-n0@RkjH#RUBshO@gqii=U4>zJ_8_NFB7Q z?u>k$U*r&XmeC%Jyy&c~M;o1G7ZVXt^XEj1Ze{zsR8~&4a2gBI>0u`rqH}!J)5gL* zR)fC%I?Yd4nv)};p`jU2i}r-AOp3d(ut3h*SeA`h$bnf=N{y=~w`zv=%6wu?HN+2SU3t#FYGiTZUh(SJyY5doV!i>OVn`UY*%R4QI zBbiSH#Tp94n1U`Ko7rTH%27m3QKJ-xK84w3%)+w$LynK(r*t7#0(f<)8M`Jv8>fceR? zGq3&zh@4hfLqp?q3uP>NgJL&Gb745%(Q5d7ej|=2)T_E#aVrmEjk8_WSl>7_rtWyd z!=!Fl-)MhE1UK_aY~To&lHhG_o-%g`Yo?#`G&Lf~OBI{JC9C~K%tdYdv}(U+HQF(g z-?^602!ZEX{*^cYuiJWq{o{N{Td%3iVhEp8`&OHdZ$wb=xH3h~lU_k34WU-wC83^y zY+`uXR^xinj^kB6ks&xSjQK*3bmT7^+~5~~2A>_76xN;h^3%ggpC|igLoRf*5IDV))j=U5N*O0~_1EM{8@VC=M;Bw6@luxM=VI zMx(|fJ38FjIniHh$XeZaj8iU(w#$RCZJQAOqMl;dFzg{S=X=uUf4~PW4S6E~*Z@C9 z6+F43__Wb!HH-VoiCF?%_%=Bh=?FF&ny*VByM9T@krNND_OOeSe{XQ$|7jZi$;LfU zL!oSxd#+$qWFdlM)_eOGp<6$6RD*r=c}>9wb#z&z6e85-=zTT2vkiwf$cC~YOQk= zXz()+FYnKwVP5sRJ0%IlQKdoRo44o?4xq;^du&`f)u)CkjoYuELer9Ygx*sZZ@u4^ zL3D4=-97It3+u-%?;diG)#ELg`W2Sz=WaB;uRvaH<5a|oUVCE^i9uT-I>D~dZ}nY; zvMKF@Ylt85Et#U4Y}S7`?vJe)l1dsM`NBM;d|)6|V?XG_uI`SCjy?tQb#&omcWo^Y zqAALzu{Z4KPYEPTJ@eEFte%hc&}m+sZfX5pI!nFwccJ%R*{D3H$iTU}2kX{$Su=_S zkASrNB@<66{tYNx0zkT?XVbq#0Rm9IrM-OQHb`to@sPBo%F}jrR>X1rKL`R)9N`ej z^;kF#hsEq+$QDWP~0FKQ8f?*dj`T}g_fUizB0aeWY4RqECIzLpR6B7X#>l%hW*gldw#%Qoa zQ!BI!62x*;4Kou#q|}Acz2^U!FY$n3BI8Z))TgMSc+VVSu^J{*&3jVua9l4*>ZCBb zjMxw;vbG|V#x4<$q*e_Sd6W(jg+k82TY4kQ{swf)BDC=}=)B+oPc@T{Og~J7MMgA{ z{p>^4D(}6=COH@%U(W~e%;Pk*dg_u&KD(W~ecYT00*z|>F2XHNGa+TOXPtgc{0DxU(bs#%cZ{Sy@JGk3Z<#+4>p>;Ppb@(M__g z{3@st?G6XaAIfM49rmz~KoLW1)XxiqgZG2_`!n?Pq0-N84>78m`P6zZnJCJdXdh`G zfxl;u$#?Q5Q6B`}ag_zJoLYySxyn`*$;*8>)(Q^|tv)BBMZ4)K$PC|Q$3$d>!Mn$M z7k`kg1sVFgU|KQ!3xWv%e6G6WaREgWX0_%nz`-#}Q3!O1io8(;^nQ z5-H89o(X1TOm@VxNfDQp00|DSXWMzSp#fT0*E1<1hZ!^)$W7tn6yHHV0$RI zCySG|z2;F^Gnl$K0eST9C07!Lnf|G_JQ^yu>+k=sd4b$%{YNNg(8GoaIoo;2LrqNR zus=Nr;2atBK}%&rBdUah7t8N$-_RwnSfH&m=Ahk7M$PmylsQl+a~zDj*p%9iMG)Hb z>r_RX`h3?@Pl+B43DlegQGD%)!Xgd@FLjK2m(AX--^!eMvumA#j3l{2RB|$my)av)dR$` zql;!YGY~ER{qKcH1@qihM=W2|HxSp|jnz$h(L5alxYK_;()eX?*cmg}5PoZ>wX@{_ zYqaT^=WF?Q{KoDSuu*=fJ0XCllxEP}2B4_P5p?}_WZ`aw3v-J#p{4Dk6b(fU%44dW06HegGKWT$5Fy4H|?$CmW%?c+<$Fw4KUbP$ly44RksIm2|_6mErXL(AFu z55)0ATubY>o2KR|+HU`&0!5ph`ow``tM`dtk>Ax&3Ej8aYG%Fe!D()6b=1ZOHCrX{qJ3eUnWfxPCc?Lm! z4a8UZg1-O$>cQW#Dp(Q{i8lmMaV9R zO$s_BV3)Q#UaYFCImJXhnIa8N&qkzcOMx$v4+mSV?6TWvfsYm}H?OW5Q+O+4e0@k{ zA^OXQ4nBrS>m*1 zOF(a%cA;K?p5>aVRZ{NQ!eOIkURxlW;SszOQnUKJ&U%I6^KnD44bS&D%qC~NVzrTA zl2>hc$Ws%-58x7WuFI^{Y6&l+ZrACe=g}SblUb8~mt2*e9!c*xF1gq&p_H+z-n=0s ztJjWI7wctqvS1;DH@qD84CS?{p8nnf3T}E0_Hnxq{|)s}LuQ$>MRkKx;VH!My4LC4 zMpI?l+@v@;U#Y3A^Z~*&o{3s`3?V+($Yh0(niUKYl%RqSB) zq@f7vy@m4s&+!@}zzB5?DDRDjh5`8rczKE7Bh+ex>DSjFo<`?CR7)(74z8GS&f*+W zdr9yOp^?5M)SP#5EOcC~VbPN}6i~w$a7ngy4dj*c7DDxLs;qa!e?CEg5^A$r>&0V$8k?8wss`HCu!b|D z!#AdUH${YZ+K?B)<7qo2-VZ*ibtZvmBx3l@MOYhqZ8~&`i3awpiL#O~nOlXIpXB@% zglC?dY1Yr*E^rrV$>;fA=L~I*lCp*w7lu}LiJt~Yz5V$gNkqzoMGa>96%7u*TYTaU z^ANfrAMvT&K~$(Sp)31TK(>hg$!lzuVp7obLKs+#Cr=&p>K7uy%YcJg;~lC&{|3rs zJptv>zqy2qoehIyF+g?;x^BvU%{;BYdA6r=98UAM(&zb11X6MIj*Ov(we! z*_)@WBc;=c4RQC<0kL=Zxk9r?H98a}W1JqXjJ^`bo za!*4YH@&m;H4?ScmR8Rfc9|O$tvffg{X5mKQ-IBnw-2>-p|m%P5k6;h-*O1?udbej z+b}jnUX2ksqlFDaEw=H2(AWdAZ63pa;*o*TVyJN>2|lMa_S0f3W4^{!_IiP()N3M9 zSne$%4=-h9m9fwrna?1h`!@2!h!cKm|8s0T7@3*I9s#@T=&29U!rni$e3zuQvS5Eh z+4akF>22z{t{j>Yq?dfrIPP)%=2MRLN;=+`X4`%=5am8gPFa-N!_p`Sc;Bqn{p3T) z@0p3GDK~w-8CaF(DFP;0qiNk23TEv5q4C_S*|W%IsnViSu|jaV&FcthDVu-%I{sAA zb55mQoAi-aj+lIlZ88Not??=Ilg@ce`r~|+@A=VO$qtFf1%H#1L~EILTjebWX+;Go zFvZ|?LRZO$P>02Yj99gD$f+pHz7n!O40t}sLt9^4uG6Ax5F<@)8XF@&I|99B9WT|? z8CL4}-nuW={^B9jg|;@gy79k5;g9pg`|G;d9tUdjzC=TtTzc|zKG71rDw9uK_3HzK zpum(Ds35xf*iFl6XLY_>S8fM-PO-5POt<<(3qe49zWp#R6P+eD|Db0L0c z+lqwp-ywjpGEn#_m&Motl9rjV)gn6NKdr6!r0 zG%vFhwMtW?NcZHUxJVG1S5^&;D1V=aXR)JA2aG<2#AQ&49wqZ#OS!vNO$}&CO5BFI z%JZW4*BIHSN@;S6DNrBF=nMKDau7Z=l&QA3I~KJW<40KYwhO(7rVIO%mWgksG+3&v z+PT|AD9+JKrh)e-Gq%{RSImM{j{0YLl}6Zr68KWHGAYe2rxwRWs;SUr4dFKVvIFO< zm({!ROxaEXg8nduJ?-j>M|4f#mb1a+yyBA^k!zHN8(2K0;&?zV6-y$$%WR?dX)3#n zJ+bToRe*+21iYw%xbG`xsM__pCizxY9uf@IUMOuUt9cyH`EOFmORatsoT!n+SPS?$a7mE?_kKJ(e0_(_Q8?`0XdOFa#@oxymwpJ%2b=( z9ShT#x@SAzzh5~`lvfGcev0H*nDNge|GW`U2%b!%-n(JFjB@Vfqh1N@n%c0Krf81b zPSNN#G^6A3j1*C#`)r*fU1Su#=r^d@xEm^K65b{3)jtbmZ5#m)o_N$SOt+nkoz~m> zt)3gE>^gq_ejv;39*Dh%HRcwggzSa9vZMWgT%Vrz_S2JwO~uUPctPuUcA-LZjLNG1 zht3DUh@uhl&fsP>1828X_UeagQ$kw5kJdA?m5LyG?b;!-ge`pR6`c-`g87fYEz*k* zW}Jq@KNm}#H5Uu5JykWQU5{()`s)_(bafJ2Ms82$2VdV-0Bv`ta#L!6Cs_sSg_Mg) zjxSIX`g6%lhJ`%W<>xIxAoB41S9(j4M57*!`=+k<^>w$MNSo(#m*=0}LnXiBZ1JLIaOtW6c9rs#DvYVHswR`E77y8r$kBmRouy=1vAl(u z1yVD}_X}0Jntq-`f(JfzPl(!r_cVzNG}&R|Z&ZqkoZ&Ailq<|!RP7@0;5}=$wIESO z(dnikweK2ZclDf;My$c0Uo=T=9=FGBmOl5sX9-GTEs&T6y!EPa@P~S#`XpV`>c(vC z%5Qbq_-;_%!8#?jZ|(RtLOwU1u{|MK&mW=p@pV`Y_h~uIF65h>4iz~Z{>ooA(T>ty zO!{sZaq{_g?*CM%TubA2E+ypMHByyA6&V9K?nu>Bs9Sph#ntT4HvXiwEnoEQ{LuxB zWAN9#?Qq{-sB2w1A)K4YG}-kK^=aGnb&Yyjs#J_6Vc<84_QkN;Zwv3dcfGEYYRBgr z-OsDWB^?nScd$L}JTq71#3<@&*O3darR|FU1@YriJf0pV|1sGf*XoA92ysZ3-dgYi8y8`?F{Wv@kH8;zBy8o zHb>k}C*NBwHaj1#q%>WtMs*ie7FP5!fKQfxH5nbgG2mf25Iy$e4QX`a`N_RQ2dp(L zzV;We+a6NvkD@*ez7V{}Si#@vxCjOS1K8Z^;e$Zd4iU5Jq*gS3J1Xl%bVtyYIYj)3 zjINxV=;NzxasUpG8?*cC(JFLpu*E6s;=0#0U>)>!=c?J%gCL5`GhU(5v6A6E@z~hK z2o5K6Om5&6YEHGb#JfoBK&(H#XXKoH?7%)|F@k-i`iR@i@AzbNpGW#Wru{ZrW<^@3 zqHxBk{>61EfQ%5Qh=I}F&q}@B&i}4l28e@+NnlCZq9Cwg=!RgMvy>@Yk4TR*QY&7G z-Z9CKnI62M9&)9wNLtZ*A?GLXpQGgGmr9jWZeNCZ0wH5)m;xwh_FyUp2(Yjn7nf?L zl%|c;kZAMyCRXNQyFX&RSi$tiFDoIDPxa0v)Ft7yCDgWOE0xY=Do4I??ki+M%a#43R&GV+MHaqTkm3eZCa4~g?0sfa;Ya7XE3!xe*@(Uu@JJp zf7n8#UQHcQYn@A26j8!dqJ;mPU`&ZhV1a>|k4waFkWjFz+2|BjMz*I6`LWi&%!^>_ zKII0P%yn}D4QO)ga~tLxG;Qym3!%ys8%o))R%I?18ax@O_hjv5(h4Lm8+sEg@|#Fl zABPpNtf->TcZnV@vFR@n zv$JE4o%(%{XQG_e=fT#BV|2QSTcs*xDpN@_{jD<<<2#6=qv`46zg07PDx5UA9##%W zr#}i$P)49xtu-q+*5{2qA#P+>Yu8haXIyt&|LLvmw4BcUV>w-0AQGffr83`OzOE6z zWwc%fF8vsi%3*s(z-F;qDEB;KJkl++BKt(NrCYgSYyHrq|LU<==`9xVqaPjiO}Rot zJAAdG@Zl7o7kU)l-e*NIc^d2a+(Orziom6vWbfJY1Hv@n8dx5-2qB+0L_~xZp{R#SrckehFfF5pEU@ikZn^$L57IA48b0j$mo1N z9{G&%(9~9LULku@Q6#sj5Dlde$RICe!y92JXJ7epRy15qn&l1J8aF6l3=tj^S;cy# z-nB0{%cOq9c_kY}XOw)t=o=$qV@Tvzb-QTmhQuh^GI4zoyx|QmuFy8_e6}`!aavZQ zn+%DW&a4l*)|QlHS*!wuC3cc#&NSN_a*db246OZ~P*V3Y)uPhOnU_g(U@e5$+gP9a zbGW-p{?Y2nbkpZ!na~U5j0@+Ot5R?It9=oWg-0B#|Bamd*97t}Euk&7wnl52N)@au z8S6wV)}j0R4MOW!86W~Dla8BrmJh6mYQ;FU!2@+s+eBOqA%_)XpWSUL8*#0er9Q`Q zK8DR^7-dQig1WdaBPK4L59-3lqR>i!!d0c}IrPFJvdA|WrKkWrUZZ5AtOJ=ScwsEe z44@ZuQtTq$kbLnsA@{6KdR(-v*S~+iyXHP^FMe3}ym2uiP^;q}y-g_hKU-}$H0$5AR3tIdB0WVA9`o!63-_?y`JH;(^Wvx`~p z<=0BSgt)_T*s*qpRe40F?wkEhwJhFZv8;i^*PB71zv#BTQ0xIRnHbYKYq#Do>a5f# zacmi84#yB^5dKa}cU{dh)#Z?XK<%s{=||)iKOQ~f^GK2Yp4uKY5coC0HL+Ct37|Hx zs?l&%JgFWmR?ZRov78B)K_}m1L2aFKlqwjgFB1Y??;S#4*|gv>gm*#EGP;5e%dj)4 zL4u#nZZ*_+yQ$ZcXFST@yVcN0LPv_bmE1_o@3~e&swq6_KYKjtr30|NyHeJvbaSaRzJXYyFFUhb$C%;)L=G`1bU7#&wS<^ zCc0%#2|g*#0>A^U@si|-SjTP`2tGfJsnx2fBW+_h=<0gu2M%A&;m}!6wcq|Sb4_2MUI)_*ql?@!gkC$P zC(M6(;|K(lV*>`&LzKrj(W-TLB(Abuv;2c6%|C&cP3;-K&W=b>MmrGmI5#%XTk=0Z zPlyqUsB(7oD89SNj&#WDAKbn_mEY_ z1k~`MRs=kE*7qx;lOxGYe=|Hc?hC}l=L-2G=@w-mm;VXYO1CX@0Zf`ZlC!~PH#(o! zLy3uap$zr{p83*?_GK9;_4g?D@79pq*X1J8_-%`h1l_(h>Thx!eT*fe!AJMIault& zS-z5zWx;1NS-J*?m#k0`GkIB){IAW_VA;g0fVyZVBj2|}IM?a^q&CM1KG1jy3&aZK z&2xRet3@>UU>2?pkwka^_ z=LRv)N+kYkD}IL?dqUnP7@Zo4Qn8D=8Y1>m)he5MkwD_ZUzQ_gfr@D$Jcn+Mgc>}L zi-c@cxmnXJM}J@xC4p=oY_VlTLNQfImirS%QryhU>(vNo=*yI%8xi%Z$L(2}Q{&_a zdWV20^bAeB3$r8$_}jGt+XhluG{f7s7SIkn4kU6XhvV0>-X0L7qQh#V>Z=Sv?$fVt zt!epM=hkk>Spv%;TVec=Nt%sB&%nY6!oUlGe-PB9ejxGO6(n4>t$d6pV&qZazl*I+-77Nozw#NW$M`|PWOTT@sH+bFZ##5oiNGIB*J%ndO2{<;6*|UN7h$S zICOy(0#8I+IuxU!6CC^W=aIFiX~l~3q?M5WXXL$^DKK-zw6 z)A1;J@9X;r|tLm^PrTVHnrn|@BYang!f8Dcj^%pmMD>5$WJW57> z)wXzp!eq{{JckGo?r)pB);l^=#5Ljs@&!@4NwU;J^q)Z0O%`}%q}V$CewHr(XAgYI z9;^qabN*Kp4z=iN{;!`eL(aRt^=*l}E-ZuUJa~1Fz7HmvX8O$8p|@Wi3j>ny7^<4D zTn8r2Bh3E3!PegqT{jZGZ?!emZwECD9^O_)iDvx4T%; z09w-w<>5*l6<0~g(lYu7nKW(@C&%E+-+L*eYvn1rEoGIR6A!gXu&)T|#m;NTXEkD^ zjcnwWntCzi#X882bJ1FEwkMj*KYg*P=09lK!W6xEBo3Jz=*R2H8eITvTYGY;)XNOp zJr6op*G^pl2Ij~9q*qxDdxqSS*+mB^ef-QptgUQDFReFmq%<(ssuaL( z?91yuqwg)BeB4^h9;A({hHE=u+jrul0SC`JKeuhM=wsF^6i)J^n|dIM0jD z)%Aj|mkQz}Xi`HWNc*$RFPymU5MR5Wu5bB^xoGpkKkrjiG$&)%(}<(Pk(vC|WFL!V z&isEO_=cn~LGJxguQkCK@Q4ZAaP_!NiVB4L_{=t1KFe}{t{z#GJYFH01x|pD2Lzk7 z2mAd;ui;60hxgV~7ZLj16qs-pLGPSYq|ZM-r$>i5JU@anU9bkc_2BcqDt@n_9#re) zL$2{{zvI9O3!gy_f)f48ep>UvSkRpspNVtv4>MH2*tH_^SPI*$_RUUKO76pY&3Q9G z=bjM%w+S^;V~7ZWvb-|>fG#$=p=cMmai3Bl?-v*tWBe?t+C+)RyG`G7dtI-$5^QJc zGihpKiL5qpQ(Fjp{1mVe%buhG-*D>-ZdNTk{Z*S;^ZYEqa^+4pL;g1s$<8{^^i_YFAiQ8#uy~dH=?|P3mUGQor^GY<7tR4=_K)l({dNPn__yD# z&wbTdO%1t%=c+X46U;9ta(ja#IR_Iwgf}3ug-R-bdI`Z4v4n5l-!VU$e!`9rM$Ik% zrjaL`(VF`>fb(cS3aE0m?YKFBd3wQO*~Kh)93I44Z|Le8!QP^3WRi_n%q%w6^@F`ZjqbjX zE;RwJUtl5kdpqCh82r>G#BHBn8PCE=cV?AvkR7)Bwj206CylB$grr?HwhzBB9SHmu zONPrYQa^zey-xYz*@*{CO#T`%2{1%b$qWJqDte%Q`OJeJ6fGC?B3wzYmOVEfN0an& zLx!+Ep3EeqP?2(0E5+ba)%g^@MHsBUPZkU}9uw3<+Ru8+e{})Njq4dM;?Q?or(%)@ z3&j~!b6n-yvJi!Qkc+tFk_(O8eA9=!+s{s2H4NYLIE9x8@^l5_m)V_kFYh4WzAh=! zoMTt~q=~>OP;XOr2tCR!)&w@@TZ#?Lob|o8f!5sz=@Q2c4yNL@-+heYzwkYi#B-5) zvrg<{-6Urt6Lv!kiry{Y>5)gNE&-W0Ik|2dP0l}qYdv|XckrWhu=Q#sFaiSP2+Sui z^CP?^QHh3Jj8>|*ikfl8(=_IA4ExnCpDY<#B(Ny)GUA@J{wxuE8DfP!gnl*TEaC85 z$JLd#SADxutT5lFCceS!Gq&?ssjo`d_X=uz0RtSX+OKLWmP2LNbIc~yyawFNCyrS@@V7Oibt< z-#d3yc5H?F1Ip^aV@k@$h{i>SCcIZ&_v^;()$Z4c4rgtD`Cg_vY_@tIDG(@-RCV1S z-TP>aJ{ywoxBxrElxZxRKdYC~@xaFBDAl{1EPKWr)Wk|jX&%@-4eE|h`*>whd}nT!V>TdEVs!16{1%p&4XQkDD0{^8W^c$smG z^N$}xkNyV7%*ecS+TjwMw0ZKOdHxZ$x%<%d~ zZ<1MQ2_J%hJdoaxL$(&kn!o%eDQbW8BVF}a;{l8=1ocp-1Ld0OzHjb&_}->=xS~o` z@tpLbzEgUTU@Vhwba!QUI4ijhY8{xt(-jUksK(QWX~}D6N`)5FDdpU+>OIpS@G{V&C2=a1;Sa^4=_)XfMQ@rv;S4qkJ0*k*^I_m;^!7vTZWMN-+iU(dI(VKt#9mX>$ABJ^~=VDUuf zSsye*b_Z0k@9Bq-gSEkdwE|1m%di!b(0v~&Xqf*T#t8mDBQ2I2Ff35fIrqPI4Q}Awzjjhz#=(^9K!BuG>ZRH7Q`N=Bor2`sZ!4UiTwqs9D%f1j=Cq6 z6WA#XbxX=P$MY6eb<>)V&e?8Y06+{U{HUJ>+xo*0zQ`LCf!+ zJTKv)f=nTlV1iu04hjqY#*Np929K8OpxGcje!nE!IL;faJ=5JuUa%y^(2;#Tv#(Zf z6Hg%_sj#RyQp`Xb9@?3wCR!7k^nB2y`zQ7RhJ`j>vOFbMRNevO&r+*Q?#w1iwad1A zg6!ki`a^VAOQm+(lDliZGAt_fI3_Vhho9xZO;v%i_|*MRLvEcTDsc!i0XRU`KP<(- zTQO9MMq9B-Mvae4n@qW5u(^?pWU|3JstBz8@t+9{v^Gg9HN1@^qu&2g8_Ytj6m`iyWIW~|d9 z@p}TaL(0rjBkLd>_M@<2&Sq6Pw(nd-&&(_bs|+Y~LqKA^=^ZL#nR5`iX-a?IBAjBz z+w8YTs1aN=6D`)BSPOUq0mZi@#8loPzVhk`@V>DpF)23pixgiWOwH$geUa|z&rS8* zJS%zs!6(?q+?xVP_s+2d&x<%!9iQQYc>;xXyd;{Va$%6^N*?-r@b8O9(=5C5&gaVG z>AW_4I(FL)T9F;uf-xd(padUhlwBJsGi z24F(sjnI4lpem~n?T*7;yEjUzq|( zciC`%Mxoxzio^7-ytLXN0xe$+W%fR z$$!dSZ>y`BRD`>9 zdjkBKAJ}-XSAsrZVF+GloSo+CJwN7Gc~>7u$efFx5ZOpQ9`;iwQAe3uj94l-lTyV!bvcdrCztc6bm<{zHqf? z(>@cXW7iWjQ0C2Zy+7enVf@k$wWe;#y%0`>!EAbm98q6jJwsuLO(x0Fdt7QWvG!<^ zP>sG zwE&=pet)XUz^QgtH|SBI$suYco4bZw^3>y+dZCil&Z;p-l|B^JcxShFUgzaE1x?7UNn zFvmG&Y6K?c*)uTaXH@@U-w)*rC{LPfDie#VsiSMML=brdCLt&o5twdUcE{NuX#F;Sc>`Pah<7* zE5uBqgv`UYym7k$gbyb1-u11_U9qKJ7GSjpobu&hxQR{bbkL=Jz*mk*`xr*OPt~u3 zErvzpuUv-uxrdxVms|)<&Ayd-tNs_Q2?{Du;|yL+q8ovxsCN7{X%Ra0#1Ks zzDVY&Z(vIcJ7-^PRKD4}P?$!@-psM=1o42+L2$pp^qk8{~v zYypQA9r)>-+m%1SwNrvXm>FURrldJtAG9b+o-FjP_?w&!c&| zf*A2l5EDkhoC??!BZYad&faB$0O@3_DBXM{I#RLRo9))IAjg^rKVnXIfL4ClHW#)e zLfJ6ColhkE&5D{!!dbNCvQYEZ%gF0&qoYk{!IfI07&eHCaS=^v4dZka-;rveLVPO( zV*P=sF7y54r0u+WM8xNepsTp+7WtzPhkC&;sVo=W#~ZivND9xwRk>b;Cu7m!n_O+% zx>J0R#81141>qWCJnS?&UWB)XT5eo$2J?uv!y$vTy)@j{k=oEgrZ0JVg#|xbgLSgA zaCO~8W97if{`CRK*;LzIFwkI(Zi0mHFki%I)-G8sk_zRHF9 z0;j$TVN<_C!_}#)dE3IV6YAZuX_p{!stiJxictA+J?|zl7)5E;o~%i&Ai445*B=Y{ zaC;xzMqCl%Jc0A|wkDvIvo!v&H*k#VlR}}Xq<@%xu1!bq0mbiX8 zKO_2s!3!%vJ~cg4VLZuVI5%RXp@1oH*>drR%!NF@iz)$881{7#zeru=CBsH1tP+sE z1|Ig^>w%US(eHjLWf0%O_>9TOUbOJfOIVFL{4sBisOzaNS!WNS9eOJv_sw_jN*4E! znN;!HPxS3-)IY?MX~}w{9DU74lX`7ib4htzLc64LqInU(8pB&5PUS;V7pOZVucDbd z2i@-7uTQsZ?jJh^?}gWtLTkSpL?pCv>K7cZS=zOTq8x;?0I#J{bEznQU%hU9RCojZ2E=jKmfM}rtf-EjCmPmqVLIehNi$osG zH%Q^yYZL6=i2+A#Vth~wz^Z8;^xyvFf|qqKA5>d?1gnoKWBJ4f<9LMx4^i2# zcG)Bf>BLoh+*;;Eiz5H%s;2p9|DBvY;Sy{aAwST(>bt3@N#k=nk888_Qnh{&3m!J} z$SEL3C}LuDjN&WMe?6iwEGGP>;K{`%Uz`S0@vB6mf3rr!n}pLYyF!21r>A-Ax|>Mn zw~|==0LmRRyF2GY%}Nm;VFUELUzA3ZO{}fJAQi5yT_HlNwbMN$m^iHl$a-P~{^CI3 zBc$T5&Qi!#3nwxu8kJivcSzcP0LSInjdh}>y9Hw@g=7e~Z@pR{C!|zbFhNnlGsv`g zqb$V>{n8@=5jd`RWKx-IDN=>t!t{R3bL^W&If|e!M*j?a$#rYr!FbPTLXx}*AFhN{ zIec$4eC9bLWH&2?f$crO+oAFHZHM%k!0}Z3pO<^@)nKoMEWXNEvO#;{!fIb=%j`Vc zkzk@e!HKru%-g=&OuwX)iley-TX0nTOiDxPF!L6`Es|EV)hO&X!kOSzFZv^KO{O88 z^}7Cx)Axk`#CD+knS-E?-{fK7VBk=3V9cD9<>_;ZbFvu?gu2LG%do{(tqsR)fg;Px z%Z-QRPh*7cC*-e&lBU+V3Jz>Z;9D{7!MGbW=lm}eL3>BP%AEE$B?{eq?hYx}@Qb45 zpV}v_zC}$Zb1%O<1CDl5A@D_vKuPeG#ck=I#vIdlpNg6JNN(%qHt^XhF&HG9$vd3j zdlT&xFHGdhZobgq0ag4UR}WE4J~ zb14A|qTi^`F+j{igY?cVb(2Jg6I|ZSio1LjEZl>~v`vQ#zMDY?%yQx433(_46r)Ps z!SgHvhiPH8n-DXkPjsyxf`nK%+&s~2Jrm4t5JWU1a4HHy39TjTLP)(wwB7fr=$-=E zIT`FBggu)h)mhpnB=RwC{7nVnD~QC6cUP5G(@fG6!q6Py)9awJ_UAc9&S)um)FZ;8 z1lHByQpvo)g-qtb!W8~dlyn)V3%3u?a!fc&Glmjz5BiC`2AA~+m*gV#6<4!c;s6l= z_?JQ^q1Qh3`D&Dbjyd8uB?Z3_+x9#6v%L9(ETMZ`L25pIy#a>IrzR1G%~aPYvtqF2 ze5oPz%=`ID+2@+e?Ay;Go5SHYKe^D>mE@5W#j9TWadndg!>;*Wle_IZuUV10PniXj z9wPPqLx&O)l&8BXZFWO*!n4D3_uMI5uNz_Zh#8Z)91|bbWC>Yb8;WE0%7AizseiZn zflK%_7|BaID}D*n)rVi6kciZ$f6cT@%gq&+;oQ3(E<7S$S8P@VUmPJ#cUItk-5A1>Gd3W zEltDKAcbhA@4gk%NWxA*imm7uSEY&~!@}bnj>2E#aCyg<(~ljK8BW{H6y!6Tu5!Sg5^$!2lCDl%#Q;2KLe%94aXsn+UL z)9`TuP)5a&>u5TxCdvooIC_^A!DMKp+9fCu!CAcgJ?(Po3Ex6la!QI^*g1fuB+u8d)b*j#DzfaAl zshtnABmeH{zWR4re-qCTd+iF08F4?7Yc%-j;oml#xT9a_Cd`hy8fZgEOE}7yc@-T< zuJV8@?g&5$DB0+rckZI zbE*?izu%SB)EM(H zLWVD`F05q-yT#$tB!(tPy0rsLq|&__CqptDV86SX^GC&A+o{ zT8;~PP7(2|pv3mQj9SIoJlPzrNBOo4D5`+gBG=QETwXpm1e~odUV$i z?nG%3$5n~zzyheb+3`Sg_ToRLPj5e4_yAMrHIYJVOL4}NLJ#?FGrSP-B@5Gb>eV;j z)1yBTk&`l-w*{5Ca7h36mcRzrQOv}!gCKqf4Kw%|F7z_DiftfNT+BW&7aWd?mY5$( zp$*#)R3G^E5KpQHu>PxIj4i>nDF51Pqbcx{d(iv&-qH2_K%c|u7w`6J(IidhfzM@c z1XBrZvAOC)a_4%EOkhW$Oinv>#5AB-|l|p>8{|WX2i;aG{lD zXoYv|NTTo#7SK8%^ii6k&VSuG2IfqX?pY6UoKD;4F1FtJoEP7cA zzbADwF9DwNsoLZp*xcgRQG;Zh>29TCe8g4y^BDV=tQ$WD0j(0gIlnz+Ok=@rR3(O! zS%2atzuwV4B4$v^1qJ}4%zhw`FsSCs^64l{No~^j^8U!r&)1~aNSMK9keaHxk9#Ml z2$4aF{BFI{;QAnPSv5B&Wqwzacz=GQMAI_S!-pJxwV{85sJhV@GOYT=h{wT}<4{4?^mgjVqBF~I1kGmB z3#kp`|9z^M(E8Z4yaYT3OA4Ow-@cucR;u*bfTC1Y`stmGS1Ev`k9NXG3Lme@2@kGI zi<=l3-D{u`A0US`Ya}2uGVq=i$U2X9QX8cn5`%a2zG18p%7Ru^>#kF0wI`e;b_!|h z)E}CI$yKs`CFqpZr9m`$oF2cqL$V>?0^Z}FT#~4~N_^g=95A)420kCY=Z0keA#bXn z<6}cIVC^dYefaYc83AqL%U32AyWh63;`>Vmc~?EIDJdOqh%G0xAs8E^mVyglLns;A z4SX2d5eBs+e~=Fno{M&!*-vM7(lPj34J|3w4#Lbso0(ms_#(W{(733mv3qG|){tK3 zuV!)6uN;%SG_m~N!`qy_3da_dL>*5My7a5%GjtX+u*K|=_ZCe7h|#t=qx6-3qTH5_ z=jR7d^i^!?#te3 zD5CTjZuZzC3e8EQuCLM@bJV+|2&g`uHLm~QJi^og{rl>`Okhj??t3sS#LO_n<28hY zw6QJdjNF#kjF4-$Lz;|6_$&&|D)^sE>FGo z105;DP(k}}HeuIG8h)!DlHZ~c8*G|nIG-$VX#V4wu>5$r{!qjPu}Z~@BaQdYv(7r>ja*XKR~>_RJA6VYA1k?LBdYJXQhdZRvabT*Qj$|R<9O2Bw=htS))Yga8C2}YpVvxXC1JLS9sdSQ~%NoSfC9% z;W0ba_c`K|)+q<@4S8y5jXGDH5#9?2>n99aU3=fo7I|FMYk=xF4QL6J&y7ob6%t#R zt+!yjL8r@gCuVZv5KEAWO!6IjTznJd&wnaxYbau9zNe5;znKHAcGIR9g_(gaFujnG zfZ-djhUYA*pa%j00dz?{2i1fp6>amQ&;QaF7gfsI?~hRmiH>OdU;O+787Y1{-Uz=M zlyyHRCTGuRMVl@zg^tl+(dTWr&+MCr0qvvl-;yZEl(>7Z=p_{lSw)+pe|ZIgGyJz8 zbdaA1#W0Ql(u|F^AISU(&g2xZe~E+t0 zV?oUh)R{4FN~*h#9W18c0!~|F^YiciML#bRws5GKn}WU|nu2q8^~tH1JujlTwLjdZ z;W&g{;;zfQU%upbfoKtfX}Q?UM}@3CR;9L3_1f?DEp2|IYJ0z+u|hctpEcQE6q9l= zA>;0my=8Em$UiJnVhoFVq~W84@(+;b$uE#d!CnSh%jqe~xdLV-!gGlFs!&J?Ii8&* zF&f$TM50L~q_?TMJug3j?~Aq}us<*hh|JmXs(i=2vo zf28&&;C$!Jy=9WaJm9GpVwlu_$a>!Ex)vnTGz1I=qr#&nkN}fR4^ibF6*Z#vP8}yy z(;f@JTd1lj4(C^c{3jLd&$B9uB)4ytbAyYUsl160PbUEr)`6!Wr`xV94xBtQdWtsJ z6ni11SOH|Dc(ymy9T6s-M((W3^~FYOo2`}0HsuZhIEv<$(TO(iox5a(E1~^0`>!au zr7suli1tREvGx~{Pyc+B@IG?+-dS<8&JWSp3DU@W!VD4Y4s)}P_(goi4tb&w24Xxx z19?~uhkSYmSSEz%RHMV;4$G+rT5!$DrMh`&>>_PBkr)RpASh(V*cP z{(-L588fc%=djQ%>}KwtuZRu-X{Q$S0Urgp*<3Uw6M7Uhm}V|LkFw_{m0#0uK5?39 zA#v(oVmGfy43w+$$E4SK=1N9vem{Um6AyJ#Qq;d0f>qaZvx?^xY5=v75BqDFP}t6aqn7%&-+kaDM` zhA%Ok(Zz4ESfx4^h89SE(9$b1$$w(S@mMv%sZZZ_Hs79HzVIJQlxVq4VQHDX%x+W8$~Jl2jfzY!Z#Nq(r`zF z$gn1{-YmO=e^k51JS}p|w&SU!RHro#|Brjpon4gn)D-b8N*>o44Yw@2@Pq_rSkxFq z2;%5YLU8CYTei=2mAg%|-2-7? zRM$K{xon8kek|f=F)AQ+DQW50MGoYL?bJsTnOzrq+*yD#mwPt8poZ8j%gV@9y-`S? z3%-oq>~Bi(+wT9vJr0~-u;{FHIU^{~eMSm#)kX;Yw6l>s)8$caFU%hD^FI3@!@=b? zS>N-)?93#GusA0>bzGDH6ZO+z9CdF96rC^G6H!e{K;JD&hzbg@!y~) z#Or5r&!lk%LI~$xL#q#l?sjn(%=!y9n(Ol(C@Xu^tKeo14g<{Ph5-9H>$3V_c#38sc64-w-Wa5#>cKqI zN(=kNi5q)L-L1~BP6{h(8isneP=Rn&$>-ToRT%8$_B!=J-*3g_`o!XE9n6t%Dk$Gd zd&xSo_Li+Pej-R$oC;ud#?GuBU;<^4OBx5<#m|OxQF7H602|I+fpz9v!oXVg>1-bsDU`L{WKca&L1=H!OgeOva`J>3~*0VePqBZ`i()W1|!`eUQAA;$f z^?KZn$#+$4Q@Xe#mbdMgADK4?-(8bIR|1mH62+MiNh#k#Ib!f=KTbJfyWaxsc6vd> zpIqbgfhJ9-jC^~WYO}@tap!g<8{e~_46IzZsuc1j{oDK9eNeF^(aH;HR11X_oPuMg-6gL@4qk!cB^urhQP728 zr^TKFUnFOvnIx)Bu{jWFt^p%%M12FtJR3Zg~F$1v2Fy^7dwFL}h3!oBo=p9zt; z(j7qC5Ss0OOb739hpIz7Hh%}Ip}D-wU|c%x3=l0;STjhrHmDB-X$>&=&&2+CeWj@6 zRc%pNK`&$t))3bK>@wCQ9@+wb{Q5&3#drfJ{3K$u3ej24W&F13II=BNM*K)Qu?YVy zA?y#E-)cohc`}ly#l3Oq4QBb+DCn&ED`V8cI(J;~)@Z!wzCVme?W-#JLgxUdGMi_H zOG(m}s~4hpUXu+X&-m_`tbc9jdft41k5+^5SEDm`i;P!F!WU&2BhoDuxL&E#IIv6h zsIZ}&U}*LYAu!~U9Ow%Z5kw&V>sO6r!d^HA)>B5F6P}|>BF(<-T?zI+*L~R3E>yrpYtT;@CWHL(3ZSz)OLE*%Ldkgxyhk(kp&TbEQHJalaB?@A#B(g zd&JK$oiMJOLXq%Za6Il={LRs9xI{{^sC`haGHz>lZSz9wL4}TLq)sM+-=#Q?{pYxHH3z!yW(S|K2Cak_pqk%>fg?Hb1!z=e>2Oc z&Nh1`b8%s6_d5IkF038MWaZ?3IJqbgI%-vJ$Qh0yf)EE6`piEXWVBTHHR&DLpd`&%|UU_6^gzG-ocVlG$G&LQ(r%HImpR~yVm#&Cpa z?GL-jkZL;={EeILK5vtz4Nct9kxz_$!uT}k`oZb+(~_#k6TG4_?#}OyP85*PqdUK# zZ4U^~v!*7g?PJSr=hIMz_$S!qo-L%1>e7nm`bRbKhXaw1;piX3!(nc3TmFh>T>rmm zjsHw;$Bf|3$LT43R#osp_yC1ce=$a<)uH%^7AO2i{l#J%Wp+(20qGt~(#zx+bO z+VR$EQ`Flo;qf1Cn5k_|#`t14RX2+*XU!ORdDVHwP<;T?loIBMk>zFq2}8wEox z33<`z+HshGePDnGo^9A-jt#PPZr|n@2Y@&-S!5HaXRcm)QT)?1r-r=nJbxEZO4xge zLsxr5dN7x(dAL-XEpU)=Q@~rv0{CghhoFi!4>0yX4!_dlfbxQCVt=(8R`NP9jl?8nGr~8PZT=y zzi@;vBl2`JRoswZ9njXXZGOfM_?(4=JRzH}M^4I3n#Ta>g!Dmcg@1i7^vhN&Rc|y^ zQM6^cAg0|;05)giD~EM_!%t?+V{^tVfcN$1?y?^EF6NFlo--u=G)Rh$382WM*b|~d z$#Wb$nJr~$(JZjXOw}5G?n%i(F-xefz|P(-6Ij2BrtOOEsqOkg;`i;3j9kJAG5;NV zAPZKST7el=+DuBx@|L@s(ng2(_>jLn4mEwccRDU4zlck-T{17{^9&i; ziB-?_F|Wsi%`0A7Q6=5lxR2qNO&El{mNW+Z%Ms~-*rrMA(U|4-RngAwm}{78tgsB;7QCLWR*b}uXY zCBlpC zL@h>gx7+`THrHrN>i8!w#z?GdC=eF2?elw>A+%FKEqqgEPCX!4dceftyIZhs81BS1 zI(kG|(dJXzWEv*yXTg*Qy5NOlCF(aZN`Tpywn8WxRE>Hrh>^~0Z_2N$G|MPB9kZ`` z18i9bJZ_U7fF-}`M4v7mHxm5b14d%%fG_jRk{}q6z%Nm!YFTs%yt+Ts`62f=m<+Ap zYFcln4x;a}*2dP5Y9E&w>^QkKl#;=us~Isbs}B*&qfYLS!i1G%@L<0rd!(s(x<`)Q zK-WR`yGOjdtZaR?Peml)62WL{Vr^qp6*8tM5`qUa^-iuPB_QVUpiMB_oGJi;SjijT-!8cWw%1v4E%p;|PA)uyR z){rxv-pkFPsDUx&basqpyvSiRgjEoTg%Ldvk+mO?dhUG~O!22<1}#a|byutj)KA%J z8yxQPfgTk>%2XafITwW1xr=!@KSVi#ukre;F9asRqWfdK&o!1B0CHoNBhur+oS^A) z*>g~fNUIHRM;4C5;l#y0NA<>#v7_hU{fvCq+V6`Q1VseJR(4h;U7nf! zhI)*!N1`0>K&Gls-lF^XX-7%U)(_a8>C7?-ua=NR0e8XD2u)r#K~TkC;kYyQQ7vP0 zzz>7XXea9ON9v&~0}#(KCvGC8ak(TVDbOCo#Hb^oQpCCqSo)k?P|) z%0@0RDk3eFw~*(LhgQS&xStkzbiMA(+t#g&0sW0Aq_F${7~~w?5GNhbQXt3w+*v^| z=_2f9W{unvxm;fKQKf<3`x+!14CKZP-OVH-$B1M-JmRcmY2@g1-s=9on9|x6 zB<16mV1;4KlHP2Ci|ld-{j%Qx-30TOZh%m;5mBLgImU&udDA{UQqN+Q*9(&L3B&np zK63lM>k2&JQ_@Kp5UHkUgl{EY;tL;M;R`~UYD!1BA8<{HMPD_WDN?pkh69AnAAzY{ z6U-d<%0=0p&qkKQI=)iD3d=i{P&|^Rf|I1T-MnuvUNt27Xdkco7bP)(-W5E2thvU< zNV@Qa+wsadHxmBK0^T+$^e)8x;ZGK?O;g9JREBJY=YJy0wMw(_mw&xTdso*ms4GsJ zz-1$QB)1^HVCo>=h&S3n5;&V21)2i9|qs*%A z#GYhO9kp6j_=OhiC?uWj))0Q5i|6|kwZnQMZ5PWOF@gXhJrmX06u^2Wt16lb-?NL} zUNf^btC4lyDLZi2RMC?1j$Nfskk>__{;!#z`u>3 zp&M?AY+vyGHMp>3Y0DQAE^NhAMx{J$jl~ntr)*Cj8Y?Idnujcj;blyu(&&zkd8~9X zkEBIZcA-nnR;S}qeyPcM)2)QHAr%-Q`LW0a-~_pfs$AJYPqMQPdVMoG&tfo!IdFudL6l$@Tkj*4X3i*&)K1p+yXds62Cptc< zimSw1T(#c@BJhtG9v{k8YU60?&ejwe3c69*#y#VWIo1HXoafT92-`#rH$M>h2K8c6 zw?T8D-+J3P$|}37zJ|FDS}0K++05-Y_s~_VcTag%=_~R*53l2?Ep(+jje~k<;#q7r zcAM~Lx25;!15FR~wu7eF{QN&K&zflqtV#c~tda)}Lk{z3mQwI<5LVrRxSWh~dRE%H zN=yWEk3N_|BPHz@>bA2Q&nUvA#K?U}uBB?KCEw|My7pjmC5iA{TDCLsUfaA0zlWXwExsWQ z14n`*0ORC_!Tg3!wViifIs(S-zM!@vzt? zvNwZI9Rx;Hut6Y1VCZ+oVj@{X#^RU)_spwbw-XUzIML-FGJ%MeA+!6|DIUG{^X(zv z7!|^-tXEUU{QDhG;WS|K$4X3N^ouk>U;g0+$N&m7?`@PvTP)$IJ-uev&Pawij`G{? z59be@Ok`(-|7yJx@n9k$Z0?wp#7y|tD17rD(Q-@ZK}&cO+<&iD;9Dk+O0^I9EJmiT zg|!Lv(DeTn%kfr1Tfk)IN`<4EthsRy$N=GZem#g?JXjR=Z_TnLR$RS%%dx%PvAd_n z5#D<77xNpMetbOqE+^6FA6FiR{e`X7Ioc#zvV`R15px)Wu74Qa{_n1Z@Y;-iPCabz z)x~vPvibh5gYq}D?a;$;_tEh^qE+39LIGe#G-@^%cWE!9O%vlD%z~ zo~fE5Up`?Z4X`wSFSeNu>LqXe!$-7Wm;VnKCNA>L=JE84STGU!muun{=r;*P!YRHX z#1@wqbcGNNScp#Se{Q<0P>58#zsL>Jsp(KA)_}+Z=%Q3M+qUoyFBrvbvG1eA#%9H+^#zrmMEQd}w;NesB-| z{G#Y&{89OI;4Sp-dP?+SDJf#O67@#%qI-I`cu_rhdf~cW1PIcYvV2|7ZV2}r0NrHI zV(Wyrc62Uy3B9|&Bz%J@SRF|$%})uPNWGsVrpvZx2hQ*S@f$4{6xS%&J6`pr62Xr> zi{VL&?l%vDjIS5l!fzb!9QUbj?Km$J9UZvklOOllZG+F6ZQqS`Ii;nfhmv@5f>V-Gg4}8dJKG;HB=gK~OST8PZPCX?% zUs|4Y+dZO2C-iBS{?^r1^W5(Un4)}B%3xV3QX(w~kL1v%mlJ_c0 zCp%9>-Z&(EUrwsCsfARhoj)o%FGSw%z}eLghMhOMQybM6&z|oy8#_D&O;^&c_Z16} z-`xj%A0X!u?sM?)j&q#XchA%UTrB)JgHYDQ?H?YT$2V@WJJ#cb-yFTp@4k0TxxPK4 zF$;NDPc%m+oK;U=oCpLbJwEa_icck$2|*NGM(oqj!Bp9h2__orW89N3Fgh_Z^+;tEQ)pUPXWf?ghi_y+)RPy$9zf zQ?JZ-p6qv_4=el0K4IJ!8~Y8zlZc??&hw3{&bOjYl9%R6&+5s<+xGki`4)YkQ1wED zXR>8S6$WLR)85FO&D`;v3wl{+V`p~RRs%!2>{^Sn?r0JdGST+0EqtA1+s>xuh_lKM z{abh6On%6%(3-Aayf^H8d3ek}EuHMYOLp}luHG=Lw9f>t)*nv1uiad{D1F#WDfw>r zI*8nR%1+|8>)-M?E6WAIK6I34+InWcB!KS#Z^S}(;|H&Ial(ctVQ>1YH}4%EjOX|j zPcL4;Hu97_p6%^>`0~T2OWXgOjASlKhUX^_8=f1@?(b)vmhWW{U*|4wvo+EBT^l74 z0g1>L^HLE@qs3^Io{wE3iP}!uf&fMO)>WU#~^V$_y77M zUAg~(d6Ighgy1~j!T<@XRK8vPN$Q}w1{?PRPK94kx-WJ8M8hC(;fR0?4(5}E3MM6| z$P#K{pGBL~si)N2FVcUEQ%BbZ#?uP~i_JO%-*>ANNgD)t6|@XdT!iW?10#vP@uIg-31_ z$UODSbLgHoSXY3-{;^_+a<@ zoTh1aOMVo4wV^>ofTB5LQ$j&)DhJ+%LjxeR-VsRRn5YEC9EABkG2Hnl_HzYB1>Kk65UxCy^{+0-aQ{)o_uMqMf_|Kx}1{y|M01ljofS&Z{ zmo(`x;c;Nrw@;Y7>tvX_Ls#58KimH2e4jKrT*3{<|Efm*pO^Z7-!uF_iH>GU|Begl zBa4LoF10Z=ivIo}lf!R+QXWjQ9}yx2eN5z$T327Q)QEVLKf$75^710>zQ89jJhjb` zX<(q&Y?T|r!>qfykh0TA@RBgZ6A!2iV1`ChFS=5S?Vl0~Z`u6UqyPWX&bm6tFj2c+ z0u-BEcfaKbn!*^qO3Lc#o64UpuRI1`E6nFy?~S%X+=xP)45`QRHA+rnUHC;h#c|V-uG2P37*fL&GDSt6Gl3o zrLyI}pcl;UDUWXji$2jGciV{fIe=5$hUd1Cn`#XQqk+9|+sls)megB~MT34D8wlNY zA6;aBSTsg7rY*f<^gPd*9RKoYd+sOFD;4SYX%r8ClGq~u!?zC2@Q;cE51F@3XAq;W zzhBbS@J2@cCvuJdoB33!=A1#HCkvvN_?_5Xh}QnXS+}q8p25!_z4FF`V#7s~+G`Vf7VP zd?ag)y~HaSC~*?uu#~*U=FAb|L!#p0-k&U_GcuyT@xJvW@l$i^Y#7qo(%c;Bm-INT zOy*6F*XwSUW7j=nj{?WfEhLtz^xpC3)-DFDKcO$*Xu?xFZlaAMsus-!-RphiA?@)< z9S0Vd9ug@h4`LnP2DR+$?C1qOA~V|x41D4u8Q~!_;AAKYxG*B3`(`^kOg(b`+LB81 z{tLyi$Gg>swx~$A&FIiGu2ewJeQKtGc*2`co?R`rYu^5uLJ)hqDR@{xuXJ{QK+BR`V2j=;V4{WHWh>7F|&@n^7Y}RjtBaM8Pi26w&#OQtf2HRfykZ{;?zd z)HISrN?-AGwf-i@P1W8xv2ZNccPurVXWzd=C+bKS`=N9;*M^lUhXTjMy;;JT%_a3kR161i`3lSR z!g6_=xZN)AsIIJ^j0xU%sh&aXTbrmu^FvtoN}Mi_2Uzpf;)|JYsUNmy=(GUX-fgpB z{$G_hgl*d_;36c9GyaF`2cy*$T$^jJ|D~uDg8ZLl^e-9lG959}&~&ZoAiYNUT4sgC zH`_+F9Uu#f(B0 zEygA_yH8P{S1Z=S!4n!~L~nTl4pLP@w(0n5%9s801nBu8ttuX}d?BA|t+%=WYX98I06-$wZ|sI}{Z)36Iy>A8b|%P**?1Wr7`g-Xx`#BoR~xz@dQyuX{?SXmRI?paIcwss(N z0DDw3;n8F)Y1@z;KMZf&JdzCw7jJm-4ir|#cu6VqejEH7Z8+1J`))KFnrN-R?#}P;lQS7A z#cG0$`Oo!eUwA!8ihk&_wNK5`v$S-+sd0r~IxOvKWevM?(nXEoBI&0bJ59EfrYEyr zOW&IJ#Tqjo-7t6$|D_wiLgP1>R&Tk=jjuvz**e%_rO@$UWLoJc7;^bv9?n9*E`ai4x2UpMw2z|g*L5Y=m*b>hUjrn zmrqFf7Y4j2qElLh4kVT~a@>}s@fQ7?FT+Ia6nkMdE`4>X6Nl;U{6E+cSJz@ULVREM zAijXRf6(PA={W98GV zQ9BjypGpYp-#p7cAQ2Vmzc${_{|QIZJ&eDFPf6j%9$S~y{&M_NQzY3}FN{i_woaBm zaw^pMBRtrDHs;_tqBb3@84j%{y)|EJ%Hq0zWZGhC^lCm+lSo&*xTpmee*SWZn1JpB zJM2mOjn<0!X9Bg=3~=2kC3aVNXQe*4n=CZ#)(iS2?7Tu6r!&L`(N3pvf7$lK$4aky z0|jCM!J-u2Efw`yuYB3r$W6=OW+q>jL!(xmDVafBMtz>$61PA7b<@7QK~PW* z-$DF`z7S@j9alY@={etAA)jn>4msA&vS77>u>ix|-aT667`(o{eCZ_PJ$p9;L9!Om zgRf(yNgbNm;WSFsnLx6HQw^074_=_|zBNfV*ayM2_q$17SBCsYuT5W!rhU3%7w=ls zO`1B9ZtshXn^n_n?_>3f9+}9R63h!UDCtoVDDuJ+5^k8!MowLvCr1$DhNZosrtI|A z0w~<@X%TCcQ(|u}{Xa^zn_`(Qce;@8KD}o!d{0m&GkI><6e~IbgSt_RwN7IT#G;_7 z#Uq;U#(SgcXC{T+jxL1qy}ErH)I+@-wp@cC|3bQZ+|XYE%!{DXKy03iplLnx+@9O` zX|vuo$R%t}GpC~g%>KWLW>fD;gQu+~4AjQAjA#DnIi(m8_#Ied z2}0c>x7WMN(DsS9#f?k+{lDQx(hw^D8o_X^cRT5diW}9>{OuTi^+wLwP-tZWX*qMRqhF-nwlwiaywZTlk zF3S+p7&vR9i{0pX;-rzgD{oR*HPg?z~|-{;r)E; zc#!2C?WrF9xxD_quM7SiMyHb*wlG#zW~(Lg=vT@=z$67F1z&Zap3Cqacy!>r6Js?U zgj)v?8mxUMwuH_4Wj!^(tW(>3s2^tr4JF#3{nCWz2>39vWBuAvQqotu4ygOOhp#J)`n;>I6 z9Ye32p?#*wtF15{yc5h7ehZF%BjPQGx_Z}(Ry>!SjMIq(iVxb>R;|e0HLBCRrUMGU zb^`b0C8dhxq&Ao3sJTJ<6zU`u6;(3R;x*UY4O3f)(WF6M+o-E0O$!8>)Y|W$ZR{;k zjERdsM#)c~4=aKwSSx0Ep;8p>pjM(jCww5p*QQ?g?9Z_i(=X{GT|*~@us7<|Spl8^ z!?$p2S}-38OcIQLnruElS_2*6v#{j7U`0vo;J6$TubUF}-^Cm>DK2SrhTq>*y$7R8 zU;sq+7cX@403i>O**o~}T@U5jd3(E706|JOJE4*iyAAz1{d=o_o9KLhY9|8jlbE%P z+J?=f*lkPaKM#@aqf?&iv&&#peBrUty|7p)J~*B$pUkm3KbnMm0DRxKUT+(o_rUx8 z)^sTUzvVu#|H*xLb4Zp2k&t#Th+J(|$Ph*%&X{ikvvZRjqtYvjOFv(XRB*_>RRdXIV?CQ9`5 z9tpY{3rkp;CGfazVI-}D^5><0%9Fod*XSobz{JXm8dLksvLh(mZuqIAb@*i`C9A6_Q2ruh=ne$@X#P=;IVO2>cOmi~$G|{SylmG%A!H{YgVE-!W3!re&IKklM z`a+z;`fd0oV$}EOt3ul0I;p_&nedL4B(!ZEBiv|`sdf_dVb%~Tg<@!1IT%S7wXJy@ z7jR5*O|8Ofe^emiO6n^(?ESc|*(#;?kLHci!?m1(=qZaftwJlWP!h>7!DxRzj79W9 z7^cSTR@kjht0~|*Q}`#I;dhjS3Hx3}l5+%fqSNW=>D6y^KUMH9)`|JrG-+bMzFjvm zPjY}9h8!(-S-gvza4EBhgB%`%HlFc){BkMI6eU~s8UsJ=T9X1kHCBu^P=d)8{6BU% z!$}k{=T0m3_*&m?A4JutI~cuYj9I~8xS%aLIOm{dteMVX+H#lra0JC(Sb^Ge8ToW$ zLPt;EZ$`i$bIiz)mI!t__@Q7 zr#c&d=J$>VbtqGe(`~qbtkLm}Y50Jc`DUk7w|R|FuQvhzyqTq_8Ggss^$yt55_PiQ zG#|(3*zvw9biaF3;e2w>>}cPTVZ*=3j}E(fjm@A-Vu=<-DXVh4No!m`AAad&kd(GM z_NZhbSMoC4pWNiSL3}3c<{H_J#^;Z!)$CDVs5kT+&$T0mPxYCAv*t;Z(+44%C<@-= zmjcd~&`BS0aLg%P+tnYw-->P~EUA?1`ZgF7Xg-;LQL+AIA2N!u4nm>oNzm2qSTlE& z>l+{mU51GFrF~4UyF;01>3w{Nl0{;wfAgafT_iLL`!4oFR9OW8Pyy&#f7FWzl(}f? z2%Onu*4K|(=sc(s<>Z8(;=_FMr}`~QcG~{FG3kEYC69SRCUeRmZKzxv8f1#xz zn8?rXdbA~_cU;CmiED{vq)1)vth;a4acC+hXSl-Rquus1v)*=NDHB1f^qFIiQ*3h# zq5P+&r`3AflF$1L=@RzNSIwLK@v{nnPQ!Wv&Z^_^>muJPwbI4qxze*IT>USdLseRi zrla=s!}`9KHE-9Zo%X#~Y6~FaH_!X414jwlP2rb1)U&tny2jqBNXk({+wU$RUFF(@ z)feLW)y&!q%Yi)H0Gq&#O+ibV$NjHU62HDNUEvR#bmQq0UgJF@GF5ee7@B67Z-;~< z8KH){)!^Orl@z+Oy(uPDSvc{H^8GRL`ABnEX0<3%sOCy5JE#Oenlwc;cAtEpt+(Ku z4<3B}qH6HnXRdUb2i6y&xViEvESi?#v>+`gN5*te7;Xw(N(>A*-&a5+C+V+g^O~1( zS$Tc}yqJF3n=c-GY}?9+%<$Gf>=CWzgQbtr=6(Nt_6qUHWfNw5k7F~6pT~fpoo5KB zWH0q9>osdG%Go(^TfRt^q4tQyG#q|W^l`4wvTv3Id3)DrSjOwkLwNu|CLOr~7i}>V z&olv|aQ;XzSa1|b5}2W6m||oBUBe-wMo_{}tTEcJjF`%Gah&!gxp8W?f)eTU1=F*^ zrD{7Z^HyE>?C3nx?XVpxAf{g0bZc&Jdd73oowC#BUUJOb1@-;Nu7-8wIpn$N#`e6B$GV^JoU!Vw!n$U( zIhI-smQ!t48L^A3v{i7Q;dv4-s4HbL9xP?&efp}MZo(ZKX_*XWzKs01jsn>S4O!qf z({%DJ(VrFXj8oz31h7xJmIEb3rjiK5S8phN@11A zJUE#@4rcND)`0*sw=kNaCxe(vMiJk{UP2;DZ62*~>IB>%%j*JOWo&J-=zxsieNmC=*^%f@&?k4g3_Nf3IYU+M& zw@Y}EpDD?WKsU8h?^3PWqn$W#1B zE>-SAbXz5h&riS#+zH(5zs7enIxmm-Ji*JO%*|sENXQNX5QtjwX9j7(^MPM}s(lT{ zht)B7Jd0E_7c)GDXH-f?%%N@h_G$ z+#Rh&H{RzP^gMM`l?|+&Nk|?FzkAO_fy4l|UAQV9vGX?NsA%~e>-C;R5HE)1flyp{ zgfUo~6gY$}tqiZq(1I{Cmk0`zTrD%awEj)GUCG+WBw*6K1MHjjIQFGSu03eE_i{p5RQiAy3g2m*ur?aWr|-fo1r@I6vi?)*-fV!?hZe&?9!bCP~ZJ@>JY)h(o`_6K0C^E9gPfbVe7!7#dDMa>{7q?V$4+M0M}SXiu~2ak?yxEL6&akyO0kIvJJBO>eeEz+q7z>@z9t(MTH>V# zYrBPCT&zIE<2s~O_V=&orBFWYH@-gE?(w$G42gCLetR@TI>7Z3LsGLUELP|c6}yHg z&uDGZP;+@-i|Yv!C8EmpC{Z#uvhV(c_l7yNdoX(@e{3T!%h_VJf_JoIFOKCGv-S=m z$DGL=g8{l23PG?%xzN+!EI}F2!{c(TR-pELRZN#gX>mn?rdP&v{7EYK^{K(sm#Z{$ zdBhlfB0z#kDT7r-FhA^O|7d2zo(75N9)Y%}+OdeaW8dSU{V1v4D>cJ8xWzu#_oKGI z)>TLU-9mmj)e2v(K=3^Ls==UJFrEAf4lN4bF=#wFL$mDe;BG;WMYCwMsbRR#f+?J> z4ALzK&>?O$ctjdM5i25f!<`VX^No${g^+EW4Cil;W~}_@yLu-`&tqHhGM3H8n|}5p z{6BoXg;$$lxaA8)3&Gv3l;B$22~sHT?ga`IcZcHcr380(clY4#?(ROEb7$txId|6m z2eQ5->s{~n>}T)a=E|m^Vhu91MUeCqpbJ3Y2;BtiNBq`pS)Mh!a|ZWRifMCeUFwVL zctEk+#vyhY5v;RTcZYW#-aer){2M+*br+ozMjMQkuy4&FCt^_(2^joJOtf)niKNy7 zjf8;8CQ9DJ5sfaIjTb3M=M5R()fu`@X z{f&$rwI%u2yVMQ4@dqwUR(!Xjp1waKer1^gq38)hbMAE@IMgF^3gD3!X0Q1qksa7bmuNXFYrndo*4J zS)wHEcQQd|8?zAO=)9EQfH^KfC28ih7Ii3Xi}_xZ9j#@r(Pd#?2F}X*1}53!Fe^oF zu%fkl3jrIY!CMEoxY^Z9WYhNAbYO;Aet6p=$-L8f?$U)KFF{Q!M+MOB7!2&U(TZ_Vmo5bVrHXqf+33a~>Y08*92sO5gc zLS%LqJ=2A+D5y&#zMi5~UG?EnjQOLvK|G zkipaC7^bRZvHcdK&gYZ@h*6Ku$Yi~B6tk;HH>3My+*%+HV_WN{g^Lnil?4!M@*Uuu zL<35*_GXvL*~D#5W~7?xz@aHzWrg%y6N$qQH?Fc(8-Dp+SSXY*<75iFk)oj`3mFy8 z3cv(&cmUrOymO^l|CR#(j46d>R&Mi3!#@fCVh7aSlq4+ymW4NC($WsYY>p_sG&c@^ zmrs!2>Q_@{H{Tx|$Nm8>hJwh`Qf^q-I7grumJs)9DCwyV__)8TYZ=bFlIGwJ!J-qd-k0(Hr?+7LCN85&Mgu3KC*l>X_s_ME_yu}pTHZ~uU zaO+-2>_KJGwEMf@t1d;Tf7w6q_Yh%U9{?$TZ{qJ$(-mHi4TBM#+6mrJ{hMRHP8?^v z$i~4SG&0R431uRoH$uz&114;hQCbHvzhp3Dvm}9Q5wQxBk|V1$<;|+b|6&1Dsg-H* zF*-QwdWpwe0j$5$v*pUKdplqDCA)G|(#r%6j9O;G@|(ciTJ1x0vAtRc$_ZT}iFF{h zG=CszyvSBvD;_HT_nAhoSW^s+VTvyM5Nm&RYpz~VcHm)_ywXh;{+I&qlmMH80a#kr zaw|;C9324(`v!;*iv9tZ4Csjt!J<6M@<|9G7}I`y2GP#NcZG6{jiPZNpXPALU%PL@ zwSe|-RiXi>zhF!^K2lz5$#Q8P?lV-Ua1vWb*{>jV>H1%@Yl(?OyHcNo1{Q)8@u{ze zSpUNE>+O7bLCn66L8LToj|8$aEk(9ZV2(SDptc2OmTl(O+46e4zkTSI4+Z}lJ_9}4%|aN zrJl9faD+PH)2}?>L5fV-zYuX0wXH9bbR88 zygohgZdfW)ihG!Q1p$039A}>*>sIY~@Y88i0@*PLO#4IIyE%EC55A5PRLZ;SSi;|Im45|IkZ3>ZW;x%1`X$gR+%`msb0*ekwA1+NRuokY2_J6 zZX=;<2|GoM*9@RMSS`V3Zv^Z?hZl^UOL0G-vXq+(<-2(!&>dHD6p+hb27gU4o=e4# zNNq4@{I_!CIOHk%jNj{TALm-YES@0SNo85*91nx`5Na1K|JKROEK2GcCb>jcg1NqF z2P%OH2wg&}IupsiIa?k0s^gGGg1*wlw|3|yfksr}M9SS{eo5IPWyyZ$6dHGV!Lu`{ znf*cE_%b;`zMd=+KQRO(Fq$91_!K}E#P5o4{fYTbdV|+tU=nsegKLJ$f6=9CJ@@_9 zWP#M-F_F{wiI43@Z}X;q=}+DI7?)4q^7%|rJPH|ScUlVmys3RqwtOj;9c7!2$8`Ft zJNIeV_0U&X>zaHaobd6)i&!V9hp=sWOTryQFNvR zCuP7ct&(Q*pD9G(o;DmdxPRF;wH~zqOd+guF~M&W>Fw{n4t3{8+s9H)a;K-xE2iFZ zA2cJCUf)9b|8ute&pWdK6P6O@qKJb?QU8qwcA>EM$n3wf9ra$2v!-ag~Z$0fJ8beAY6pOJFO}aK^iB>x<3ibSlIv-&uT z9D5TEn|J>m(dR*IbD^&1HuSrBQ_JJHj7y-ns16`x=6t@J`phHkRCiG{yW6`B2siaxCIRA~a^ zyHxFfJ#E>gn&juGY(!H6q>@OYa2zN0=|m48Jdb3UR36RPLy0V>*Zo4d+E=WcufTbbDcEsA8#ZUZ;qiT^*6j#8>b; ze7uqgeQ>mNSSwO?TCqx(Yr+mZ1@_W}{aiJ5b{7h3Ej91dUmiSmrxUmY|?PW@4e3@~* zeb$aNkIxf>n+jobegbIQI}w3#eMa^^@#cDdPQ33H#4C6IiNBN41WQ8ARp{!I4vLaI z>4aORX7?uXfXogo0gW$p5H93dr`fT6gb$!VOdXS0r*Y2UvW?M*QmVdNZmUH;4L59e zM9~~`ADX+=p?^DE2r^;0S1S=X_yT55*cAPhfqFr-WRd0Imr~#<{^jeJ8D~i#Wp79v zY{@?vi|EY&JCT713@Qy{9y|lzo{K(WF?zq1os)rWiX*cg*pxJ#`U#f@vDO_c^d^n4 z_m#DZ?eE1LwY<9R3}y&<{sIbCksjWQsC{M&U0&Ma2$5D0u;$&%^|*U}2+9^7KC@PX z`7Xpi_ec9>3D>e1+G+*jXrdsldEnKW$Mk8ekkG+;8YlL5DR?|e6840yPm*~rt^BE_ z2c3Q4c#AdT0%e?Q7YuA*f*%}PH;3okLT=)U(c^;Dk2&wY)(&OLcBt87pVjp@t3R9l z-5gf(dl9a`fXs5q#po;pVWgFXJks6Z*G5^RKpWT`O}a05`+x}TXo0)J5#nk^7D@bH zsL1AIvVD&OZq)|Rq;s+0pTwhN1V9!{obsXjQij~G!41YN{ytPNori7?>n@spSxJMg zQ!ipvAXtQl5-Qp+`g`0;wT=Pv;$KN78)C7ImM)s`yHTx_3 zu7-T506G_wBEL@y`~2lCeHJ3U!C_I zT`$toD5&Z%Z0lV^dVfOO-DA>5Uvs09PQdd6U^pa9 zjy6dS!kcyA4_}4hzg>MJjp~~Dj?MBgtrOKb6S!i6f`0-nKbsQzg!3Wu{@3wQ+#iZ* zk$1A)m zWOwEAsz&V_W1s4BvX9sj;3H-xPfcE^>lmb=ry}Zu(cG!R&?Udwv=nUB}GD`*Y1D9EjY`uXJTIrHi zY6Ws$>do1Oo0`~%xe{WrC~xq$@Dluhb|4f<^esc6i#eVt)p^`g%8WS>?=XO#ctBBRkvct@j(&^BAtjS%Wf#nhR^UXDMv9Bo=GtmhawYl`QFm0R0q_lI5CEr~~uMw}9^4;K}gyDLTuYmGcJ0per; zxa2jpg@0EogWTRr6tjs=6bSbS|5#bz=^{XZ()Q4S2$y#p>^O{5Dk=|#bK{ikT zsL<9;T@v@c6p9oSV`u1Nb0x_q@ah2d+$ofVO%L(s@7bD^451uouFx1g&tC#I_JiI0 z(v7@XTkRrUUZQ#mimj@@e=7+7v#w+1MET-TrYpuqzyB7>8K+mfeu3 zq_w}Z*Ek8|?d(U1KB-ezRy{u-H5$5fW`>~#S?C3Ry%H}*e+j0zBM>AMM%w@ zuU-h!-k|R)+Z5(3qPJ4WuYD2#XcW$D*m$)2FLD&i{U{1NbGx#Q6?Bd(T6^GSa-j_X zGBZRN!7+0a%$phhd)31Obiqr|qtI^rC8x}lpg9CPNR8D9eh`1d(#nJ8iti$#L`l-J zZZ)Z;eId!aa!_fRbG9+?{zz=M@k#Bl6Fyw#zQ?lu%Z~=#nzcfXNSn03v#xX=G&!NkPZAwAtSWo)*nY0Uk zPu6FxEiW+m?f@%*KQXu|gP&Q61Q7KKV_yn3o zkXv&7piWm)7k-;-lmJw9DyIewJO|P@;w%^wM7ap=FI%=!waoo)V1`VB?6}aFFPJ=; zvoY$VMLDhcA?;jAUGcS@rFB5j)G41&V1M-s$s#5gQaD#%n+yB{7(rZI$XQ_WPU+~K z41M5$2b|@cN@>dx&>y$azD>Axt|Yp8C*)j#2IJwP(&#o&0K-9Cm)hPns}jCPIGjq! z{Kb@%``kNn3R&oSG=5miu3hqsy%r)R->z6) zCFQ$(d|8d9@mk{&ygsFf9C_O&G2jf+5cmHj+DoisfLpn1OWfgmX3|GUo{}ghj_b78 zkO|xG?QM>t9}Q*V5!!J@zk5!|)Jxkg_n3e?oQFwAf?OjU(N^n>$M1$(;p3OF@&+K^ zB(I-f>B1jk5&Y>{D^@+Jfobn|NaJ;J@NV~hMP+&xc#D+&@2kg;J87KglcckJhKqdm z9TnmW8lo-y=9`$4waXAO(Xv(Z>&<>gwOXV}`yRf6wpWk{bBDzt@-{=9T3SG zgpEB5ymrg?YC)BrR^5UBhRq?=vQKkY5KN|0yKm2R_IrU`-iH?DNm{YedmG+k$FE~) z{QR*jg0DnCtFndi76={)-Gbk}6sA^te?~e*{4r0&ngR*c(5TlGL%%ani@?6?q z$Cgjq5lGcQ2ZUro5~R}eiA^FBiQQ|9?52lc47 z8G(gM1!k2mlwLW}1(t?Z8_0)W6#ss+__rxW9fl4EdpJCI%&=Bu({UtWWJ{w$1S?%U z>|Ia2ew@R<-ncdn{Z%#3l30aE8f6bHP*!6q5eYwFe1^6{YO`$(M}`92rQ8nVtdy6f z07{9T`Xgv4EXtZ*XBDeIAl4QO(94Y#hYn>;ZR*cS_r4T#x)SUNP-5M$ouZ(vFKMW+ zD>2i^I2vEJ@#g9;Clp%Z{5{2^t(xWY=&cejYCf*AtX@5e$){sE6#quslLU!l`1dmr zlb80%BwVQs4VPh*spUpgo6-z1p{WyKQ7YGk$%0w4UbxI0XsERb$5PtXu^J$#It{(3S%2ycu zfk8ivzmBP$2x1uA8Fc>w;n&iiis={9e##6CfpdCS%L>WOp>s5c@=+khS!CEE{zb+hpLxxU+;HQXDL}V|qE;*6(+`+1B zr{g&$d2ZwO3Ui~hos$Ne_xv%{UXKqYzD$=0qPlX%b_Ho^H;d-Ks)VfTm0$ZO7bh8% zexu%w2_{n$75pv~^6+)4ICW<=Fo)^Z+~onx2TGW`HFN?q&HKU~lTl8jP)(V}C8eC; z3=M@zsn-4n=*{{LeD7Hnz_xlxq(k3FKliniHY9HOix&AenxdbY^B0KYe&Ja#*!@h| zWXVjL=47MbJ$R3$JpyS3=E=@3x6zyEuuOHO<*$ccYk@(cO*7?QW-cMw%(>b5g7SQf zVh+Jkx^3fNK4dRtX5)(p+z(Egd@3{z|0H|3LuABuqKOJ)ifK;jkA{r*EtxsqwxCno zbh{*rU1@4ub%9mX)4!GoF4$UW={}XYGV8XkC%V@z%i5-y)U%=YPMh!q76W?TRoQsR zy~(B*lRAbgzWV_^X}pfr@BEKoJ5MNy8I6>lzkYVjduDI`Zs~KWbziqLzIi0wPF9f( zlFyYJGqo(BR16Xy{BbENagU_x=P=MObb^&LAG57j*yJ}<%9-jI&h|lqZ#3cIcxo*s zeLWWq;-&QrTF=r012p+u_;OlIYb}h&5`)0EEYzJS?^;=JhMxEaS@d9h+wy>O>zOrj zZtu)0$(oL9hzS>d7kiJnPFDT}52Qv>7#aVg20l$g|AXalYjg;2jB{=OQFjpPJD?Dr zb(q#b({jmEipLEj0|>uC(K1EJDR~pT0ZAWy1df|VHy1y~F4uMCom_a5O@_f{Oucar z5IvjxO;)S4FKa$<%_NoGCF(xd!D>+mn%Oq8-M?YbXpZU8-X2zB^XWU_fM$(AeNDJ}y%@aOyResc%N0#kiCrH+u#PTU4egW5CdobW)J(EF zwO0AplQJ+wdSKke1R!}_`PL(XyO3aCywNfpL45s3EZ6R90DwP1%J5Fj#EX(1U|lKE zqgf#~z}_lw0JmhQ*ZIACyVGx)8G=87ag1g=o>q4&K==O<7cpSv;1EF=odw+tAg>1v zbOQ(dM&}%_kH*Smzgj=epsP>vvh_mp=|Ac1!>z)x!|a^6v^`e@X^UV2Ibw18lp0kh z^W$a7ha)F^yT3-(<7PwA{!@bUj{SYf zEGW;rM|Ao3V4ON?K_cUTHaAOJ6i_@nX5PhA%) zA(fo|2IT*KQo%s(KM|c=+D+EW59x*`yq8NWaLo~T+p)a6Z`jkQu8uql&#?ADrRzHY z2wW#7m#OtP)f+xFSiR4=FbZb1oib|f9>RPNeVgwP`fBQ=n}G)=k^1g&S{HwEXX7(p z!HRc*?)u5><|EVPvo9yU18Wx0C9hVYvl+&N?NfrY$Z7_$vYgJ!QK~3UsxCg=Tb)iC zS;OINtHS3|I|JWR$e?>XqWge=M!KhVRYvZ}i z>C)~Wr7*=tqo06@PgUP?Ed@j1qPAzklNNuMs4@;(*>a2n60d(Xrh@-!4u#L|!!2V= zDo|}Y;0$S!Q2ch@Ew|h@aWyPW zGW<_+C#Auj1|>VUT)$tFB5;d-KUhqCSv~VO`v|DyPuQFNowZJ)@9{{VO`BYIU%&EG zElaWLvx&m}al{)D+WMtV$V}&bw<5ZkDxC<+1lC)-D3xdZLydhM9SG+qCyX7`1{m+B zam~09&Tl?~HF@Px|A3IOG&>C5_>*Z5?RC1*C5WP5PW8_KUHrxo)K{c$-?T7#Qn44q zOMShOu-)FfMpHP=Ck#CHn$*GdLkidH1sRpv?VjQH2zN~)QIQ|mOVWrM)nQ&`ySg{z$TL@Ukh=Dn^d08LqwX-0Pzb?lh6H~ zLCx^xlvEpsrB$NtosD5S33aXc5K%9koQdDsp{QJ6_2Po*(C}4t|2Yb9jNS?OVL7Vk;!~No?>^a1CHb^x*EV zG#&YxtPPrF{|#ZukN&^ATExiZ!gpE(&*ea;lITEWXwDy2gOVe_S{RF=|}o?IXcUm-Q#rmw?4JF?)35cSR_PtxchhXGzHuy zIEUTn;-4xA$7Cmt@zS;?nVL3D0s210B7YP&XM0%Y{LyPPr#PGa@WfSe?FhVm_)SeG zWUr+3v5SER>mD}EZMiOm;UU-&AS>bh;g&RPckpqORG9UY$`m|O5T3p#IPMBA@mZ*^@RN)AWvwI=K3PPQw^EwLUxhwIvQKsq(`uL&9| z?=vdGN`bK12C*4ob^?V_G^c!`=({g7t!`>=!7^tT5ghevo6!k(Dz8& zH`Po*mESm$qimKt>Tn8MTPM$3_j~0fQ{WbF0~KZ>f~f{#%eGu@A{|IGJl+WQX@8%n zdVqXYk|@)q2(TmDoPJ(5()Vk3w7tI6*3{TbjG4(zuabp4}5_7BAr z&1{M%Ekwl^OIidn(_e`?s$gz}P5F&KOx*gfyEdm_TEMCs8u;p0g>_gpg~P`0fCcAnC+t6h5} zy1q-#G=8o3Syn1ZTA3!ya0^zoWb4%`$XjUWcd4Ju>0hMA)5{I%MYc{bp|{6rlH^ES zb6i6h7g$kznyzF@o)2tW?wKU&Y%ODMe z5HddQ1cNSNHI;6k_6;S-;wZR1br7gP*+a+1GuMbnR!B$KCDo?cIPh2Sw;|Xgp_`u- zLrk-nZ=th7yWX6Frpb^O@9q9Bp6pdvlcu~*EBNZ9yG!@~yDS85)lRv8OmL|KpAigL)A2 zfm4||Y`TJm#=*D|)Ufi;zpw;XQin3N_h6nHPr(gpo~>Jah%bR$(2TZ%f`Tyt7y-uNy+-_P_7>a&4e1#(*gR-j(oQQJCxt%PX?B`2)`us?-;$b0k_OEkBHT zePj|tb_T&jjUWE|RDm}P%538bOt>4_*C2MDF z5Lser*SNgWP}(nooy0QhOIaPhLpCvr{h#Cu8WUz$PE|`Hz*R)F)enAseMq+|^|nUM z>13lTLX-cCr}0thR;WqT=Y!qbdHuTiHSozZ+kx3**shxDM+lVM%OUzq!1|@JgybAy z(3kJZKiq`nM`iGvV+SCmu5ER(#_VYHB>A=_2{3gH9v4A4LCBa{T+VIRtF-mIW&ro& zUvIy^B}WH*BRM4(`;O9~qsf|?v(QG1+D$9%f+EW{XS9iqN|ft^yE$Q{ z^8dz1{^wp%P6$zDia`HFJqJ@{Bf%ev2pxO&`}f;gkwa=Kx$=9oz-L{Tx530QtLhJj zqy?JLOU$?N!HY3mczNl}+{JSw7J!7Sa=dhWZ48iXA;z8)n@B2wAl1}%C`lepxfS@ofb8j;kF`Y|cpzdN@zBD#!$FlI6JKR%k&*vhMi(AGEgiXlHK>CmVF zLB5enxu%xv_!W`r$V)NVsh8N6SaYHh+LUQhG6Gt$kwE)3FPDD;7Z(9@(uyr+XvDd! zU!MBeRM0oY+wEtiX@$8K>D;6mlDd4aR~p9~xl`%nhdc6@Lh`@Ie#a)hm;NY<&qicO zH^Yijtj}1!+ptGzEl~vT5`WZ$E%{kN8*bao-B~9I4K;avPL2`uwC<+F^Y!J}) z>Kqq5w;~g}p$0-xs~Fj$1ftx#k%@N(&lBY`(!5eS1XVMCs|%GB-!);rb}mZ3f6Ni8 z6@R_4cz{Ni&Y8wxFR}sB$$D&BH&^8e+|*&MRy$#7#h0J!J)Wht zo2yzrAQg!uOVn`FQ$9=SFCL}RWe!&B>5SQ%pO)$JESnEpqOr+Pda)FiY*C3{pdM<6 z%r}uR4}8tRc|7!BNp!|mxz<00^cQg4d!gQO*mg+PFvhNsBYuLgTfJtb3if0aY!Xl| z%4GY@Y_mnsHA43HK`39Nu!NIEwz+v#6H$jtk|oih?;aO8*z&2l8@d!!U9wnTY3<8X zwniC~}x96li^U{eG6r8)`or_<8hW()Sk7htJM4Gh+cgHJzb3|Z<(FbSM;$(5=!(XQgR{dD0BdY|BM zVjaI>KjG`3-9S8Cv7;LtLWQIhKq@CPe*H5hjzmI23QP^#n5v6b_8m_uTQ2ijPLh^c zg(R8${G8m2_T$6k>0EpsTl?3!SUUP zN1adYj#UnfpARgN*snjGegE~_3NkuY@7M)i=QgwZYBIPlh-yXm!Y+ydAmXO-)z@>3 zoTEchF2`T(rh@Ms{es?8(Vc%>6!wj>8*tF ztx4b_`bZ2_iR% z36m70#e`%qr|j_Q!9TxKN50SkHFjG$5`_2%E^!ZwB6mSteFFibpU;(j-0+sVi<|?& zAe*LLOG2M8uXB%eRo-JroRc4xwA(#JvCw}t)}V`Q?1+)GL1lRUm1Oh=AXW|`qjZ`L zLA6?mLpH~3WoWyl7=!&!BDuaU?{KZFL`oOYGrRB?E0$MjN=*Lw1a*FDyDc?sg-dHS z)!qFwij&qV$~B#Lgb+uEm8y?AOs=9p<$UmZ6Fy3o{QgDL`mTG+`a>ydu&Tx<`zwIf-%V1G3#-ryZB4Ksp*s5i@EFKw_(UtfMi7XoaG3uZiS zE+uu{)EFegk1kbDgmqv_61bL^bf4%;CM$!jwV!BMgLI{xT14WdvCRwspA8Xoijvo> zUZ4m!c;N{B^j>*n`8~;ZaDYZ`%y*A5c%B+WRZfar<4Vc-z5BdinIq&h^^lj9igw$` zLD>X-AlH1DKDwsFV#yFh2H09MjZ#ew@Gr88`NwP_I*ZKU4{kw|>VTA3x>K<81l9KR?mn zU{}46=@q2M;1-6nOMicL`}0nl=Bx~+EPm#R@fFCOM-TFxYGBr}Qy`5!jSvE7pyN_R zbT=VZ_<;Aj%?hbrNZZM#^cUSzd{~HR8Z|sWuWz&0%WvLR3VJ77BNKLVUl?+9*U(Hs zfm887j+-yjKcYC3BT2XAM3wVfEymj)vH=y}Ohz>;5^CAP2J$p?-WV)h9=+7c^oW*| z9y8%-#O~XTP(BqzLpAhVveoC9i+B~Vw4?iot)Ti0Oi4&NtZb7=1JwnKQI>Xe4R8jD z3G{j$!05AZM_cY1c6WF4HU=-<4+CR96$R$T9NDVPgq zo*P3b`Zx!=ln8FU;0P#rT3+WAfD*nE&-(oRH%!0==eThMiovIJ1jlZhiwL_wul)w9 zyt7LtABr{mJ zVNQA44hgASNhhW!tLabp#sgosJ*1wiTK$g;>_1fQ7hRX2e` z&BE}K_@D9X|Lw~I|3C!6Z^VB-Ei8*hf#y`Hg5M}TNo*%DVUNgiOvC?>pRY70+2KXx5;JF#-RkJJCTL zwx+LM8ayc7*FdEH6OfPQOD9qHWnPEF6sC>6VNHS`BrdxdU*sJ zO$BpN5cumx@4wqnI?eo`v_cC(=!NL$!d1a$PHDVOj=$vv&e^qpD>WpkqN|5M_c_MB z<;;97egxM%H7Ui`xQeDxV)$0AJ+*304iK}y92^h$cABM}k6)b)94vkJ`coA{8hbqj zIhyNn`-F5TAng}2|IX?x59qioI?8E;i;a?#Du}K|4a97vst3zmlkk;?-MvmjdJ4SG zYkDLlO2tGHNUQhFOP@~aeEtzqF5X*YIv=$;WZOM~=I<5Ja~S8+!Sb^I?4?hZut+^s zx-L94_JqapgXPISA}TYs)`U^dCJ@PmpEqs{u!5)jo=f*pr(N&ul=k-S((#jcVgx~| zb1V}JLnj08XNQyW#6D$CPZM{ORBuKvbZB7uXxLe~E4J-^ zg634MlJ?(rTTGJK-qoQs7V8qmW}$Y5A;=$M*k=OGN}?B%qsR38iReUdM%ZT@xcXy^ zK)wsMERkOaMr!EUojl~wW5Cie!BQ@&+wGq@9`W!e%}h~LydKo;AAYC?iLqnHj-u!B zytqlm6Bu&ki3wGG7dEqfG4*o4%mfXMak8Q_Y^5f*|1VovN<>fS|9H|4sCdt26jo;# z(&tx4g8f78{AttQ*>+%FbVL-fcWpbV8yxB>4Fubex5)pMvXn>iTd31Kx&L4tn?R~q zLd!wu+=QRx#PV{lCT|>XJSHptD?s6YpI{LBg9&;FpfdxYH#uE^4J%4blol4jS1>aJ zO8dWLIR6vAU`K&|wwvv>Vkd&V`v344{*RCQpMVB4-w!~;8=x~>@0Fi|TwH{Df=hu| zr5yBBIrXC=Z?!uIoG=VRl%W2P|7sfR6PQdr>5hQ57z88}ghJ!q151#G{ipRRm;$Oy zSUzi%p(G0JkT$L)SOnMW(O)E!A(G{#r&?m2ity2&0>rU04(}(Ocq{0$)N@&OMKP3- zQv&z^qeeA(-zfk8e0Ofr|A^UKl4I!#IZ^m_Z)}jhc4+md(K#0?p)5Bt%E6O5HK`bn z4fw$zl>T0ISF4eT%z>Z?#=?lPVgPASwRCjA>ar~vb>P9~17xpUxhGt@`yN5HJpdCl z6I)CmI&FshUM9oINI@R6Xjzw=U8loqkkP>EL$NAJ2T3%XCC8;FF}LjmCgv}#)7~Zb zv)(kAh^z=92-#a{-?5U}eFoIprRFnc8=3G%xOheIpAkFnuiO1`nBgUuW~y7o2cy$o zl38Lv_2cj5Y9C9EKU33+C}|sH6L`C>Y~|94blw#wUben2@_&8^b&2u1&9WYv0@yNY zFRN>NZKO5b@b%D+(awElZa?0W(ypFzNo)SVg!O{+~k-5%LbgAQwC z_^SaTsb`h>V{JFsoaMhAl4;yevCt2-X-m_N25fJnOC4i$16-9yDCIR`YzHd5jjQmE ziO_06qdo4@)}0Id6bJ*ooymiOKIULAb7G&^6#^;I-l{tX+!-UQJN0nZzn3V25 zOqB!r1kS0*x+Id5ve99fvuFVGX`6NQg!(|tw+nwZH`iS#r0lFGo z_eO?Iuga(@|-BfS%tUF0K>bou#wYma-s#hJk*FH70TS zAN@MI`MFYE%h0-CBuVm{8qs|XRE=2AKXx03{bHL`_DI^*mzILJr8MSa$2YVYB8kIu zKKx*}N1JexIBm{SY%K<|e*JOgp`oFI>FAPOhXNk=8nbk&Xxn#+=RVNhP#H1hLSwdW zTstWgFZW~%=eGMU3@Fexb6>H`1Cp_cT{N`e0_$`QD)$%Z{t?-h^CRC*t3Nolxo5|+ zH!q9mF1J}G_gM<`Ju&VSY}S+tAR{4_%BArR;QIxbMfYny`2f~us5bNvJ3d;57v$;| zD@DSDNJiepz$lyO%kcMfmL&h-Pwu=sX!dU~TK|0fxiF*dc3^keU1?f`$goQRwH05| zHSGyVk#?P0H5Gi(WW2nSMs@4$>eIG_^f)fagXd{C7ot^gN?+fol~(p^3$A-aK&{}& z`FOIh+BVPe=?^kRd!@J7SGeco3%`w~?M;yrr}i3}9p+5vn(W(S;{78F-H=UAt8lH6 zExpC&OzJuK8F5+$Ez8f}cFZ-NLvjpH_}&yog$6nX{?b1`)oXYR2hq|7A5wbmH(oL1 zzcF8_?=xajRb4-R-|T9kST`-FMflRtiDjP9WG2|yZ#J0h%G`@=TZV}`Cz(?+kMoN4 z-$NH4v!TiVVCyWK;()eoi$idCcY;fxafblG2?Td-++BmaySux)d*cusg1bx5*XP!g zy0>2KKfs4>dhfO7978-Wiu>GzhpZV-bSF_ngs42o%k)jYflu&~qf%XQ4*!*@-8TZ| zs&43S<$1zi5e&?V1bM;;s3-|E!FzwZdn_Q0g*cu>Uq}Q5cBBM?O52E3Oz$i}Tu@?c zWEfTo6+2;f1bvuZS&6=ydmP<)Io$`j_%Sf}j=9IGOL$ZedFUsSu11rAI#J>Ep>o!eeeCj4&vX-@0>?Ju^xicX|2Vgqv%~FGT*nH=++N%OxHA z9BQ^Wn#NS8IuQK17P?|n$4={fI!D!y6jG#zfjR&hZN6}*T-v8`+KEEa#n5*tLj2D&6(RnlwcP zg%%S2md=D(oZDh8yd9OF_s?s<+CP!3y#^qxYMkqd5Ud8QHUaN(`G z58PI=pyF!t7Z$)9`2D0|MT}w!Q_FB*ZlMzvOfmsjE4=E1(UZ*X@;XfsSJ%eyewBp*J4J!T|nkU^h9=*DkMJi_day8n6rM(jVrtqmu zPc>=V_CZ^z-`f+*D+3ZED)x_IzDLv9`R6C}!lT`6m0WO!<*nB)txHi83K+QCFa|;Y zf^|enZ}rs8`39U{G$h!lrG5j5x%Cli!J+P;y1>rBwqY~Io|w<}ij2=Vbq#)dDXTD< zk{p5U;;BlUF+4(ZgRjZTvgVunx%Pip0HM$T!evS9QvOUpF6vfv@Ob%cw!`dE-O$Hj zr~h#byYwb}DTzkV(_1_K#sQBL95LgGDhlz!i1d=2_Ks))@%7HScB`$rZdIlgAjdj& z0SVFZ85$OzbghsrWwvdgOQRCkTH_ciBoCb5Qj_koSuF^AnE!W+H@TbpH36e3oc-xV zhNpuH!>3YTcpP86k7_3s(i`f-ukR9^NWAnO@?;zuwtpYBi-M;Rn!kv%!}LJ=v9rF~ z&bv(gO&7Qxv|Mg%eg*9q_>C3-;=GO>1d8ZJ+CV?w5oJtIYrD8dd$iU3yUXfvhx-HV zc52E*;WM`qN6WSqDy99R)53SPQQV)8Yt z=i49dxgR&+6s7UX+(u;?tk9_UO1Y}Od&^m!&drU54xmXHpUOTwyYiYZxBg!Lk?(3` zi&buB_Z>Z^enw>_oGG~p1ZeA=t)NA#9|GyC^ro!;z+Yx?!Q=T*-A~9HJ{`u|oh7SwP^8>IU#ttMljL=M6gTKo0E>SMU3w7M zf90PN$2djePCBn>O$3$8PeJ0s{FbkHNUQv6cI+5ASskR_t%b79fAyz+`i3J;Zprus zdxxA|KBCsex3r|LQBE3Q8@?$Mu-8X2vvllrFOPr z@#O2CT>`UrQ?99?;2Ms<@XLj<>zPLAnoaAr?RL*zrt7F%uZ{Q&5p~cy3t09^!F?1& zuvT>9^FB(OfubcdF2(R$JV={{XTZqcc;Qz=`B1JT!|)YYV&E0(cDZ(v33l(&FM#-; zygP4b8Q7fNX7l=8K|2&{OmLYl+=cidtKSQ}5qRF|kt{OL=;4&9o2*tRXcf}-W#N3$ zNIU~j@afo``}6-;@GS=5JAFqgJ)&0n4W zOV%>&bb_Ylj>Qi@Jq@oXl%}m`yY{tH#Zmc~b-`r2ah}?y~SlsJj0OZSma(O-INwgU%lReSo8|T1WmO_#4w|WpgF(weIKDD zHm@qTrv};e(6Ukw#?P$NNU~h1aEBjSKo92=tylbP4PW`u#9h6<7G-($tJfFW`uQ3I zgr=0SAmk0&3vAq!+psWRdSr3Jo|b z5uWk-h#>@s)lRVGpB-r0+iNjsy0+}2gtXsutEca< zIVOMd^s)-2qS|IXAI=YMafwI%w9-3;KU@j-_1qq4SH%;5YpJjyOO$)P&5Bpl;}HmQ z7)?R9^T+C<8q)RUM7w4bN+(*D)PcVe+c*>@ZSW;msnDm}B% zD)bJ+udXYjqEgi5+lDiWWfGBr>otYV7OTs`yK-ZlFAs^;KA|;Mwb{*<3v&lFS3y`d zYtD7tHvC$Qn|nfV6fav$;vCH(#IHscbhvPIhn>sH1C?OHPnA#S<3K8(>+6NvAD&*9 zO#bfz{}%mp58tjY`7f63K62l$FUkH~=LcnfX8UciW&Yc8)*ocY9aZfAvyu~Nemn+^ z5-_MeOw@{$TbVo&p79O1`mnNPAb&u8^KoxkFel2b210y&yj;joEO&y1md~0&5=ea@ ze@0^Y?L0<^)gdD%-$+Df)Kz1C)mzyC2j>#ZR`4!g;Bm~E#H---GOaT>Q!eZpP0(|e zD~7Zclwz65&h9oA!(KSLrrG`47LaNlhG3R8MxL`rxJTeJN5c(HdcE~w=GWx(8Tv$)KY&N+(NW5hdf%wp0kXhW@kux>ju zmTkw9wz@q#bwt%~P|sTRIzk$uU&RkY-MaKMv=N(dY9N2P&1+b|d=TM2Qy5G1#1K2g z7f^TPU25^27|-JXA~CHpt6FUj<&YMY$Q8i;py>a5(60_B&Ew}X=F&$FCptPq)E znV}X(C&Q9W-9am`nb-y%)ee?O}8{H zCn%25n3#eaCqB6v8mpc23z;M(2N3{ag z-Bal0gIBG6L?lFsP{|m9A}OOyVCH(Yb}@n&#T`w=^N5{}f?XU+8J*M+tOB*Df;iO? zflbw5II-Aze$iU`ylS^0y&7I07EPV$iY-u-ArT<8t|J}LterUtCWo))HNtDl5dB>S%rz>&|FwMQ15sly=wxNIMBdW-aXS z;AmA2d~IfINS!oDriTqGh%UC4jk^gPW1T0QhhyWjZoXD8@DoCUfr3Sw0Kcl@dM8|E z0>a~i&!#vhOt2;TNF`mhw6GWkh%8W{C2?g@lCHmeY1V-xd<=fE`dSboycJ!mHEjnw zQ7o%+yX+=#y*&VJpT>=aiJ46r=z$8X{FS@&jSGu@^|3Rs-8eNz2w{W)r9#@`o64zx zO0TLCS3GlH?_?YveJ77hK#PpjA8r*ETE=3V{B3x%S)kS)SFwrh`6{&isl{qR@$UXy zzA+u}E1zzIbA9*Qgq&@W&1OaP0?!4+I-KmBjGFaLh*9Ybx6PUd(JV>1t9Fw`eg~)? z6me|zm6Y8J#N>6bl$x#QcD1#4HAfn+RAejNFS#fkG4fknx=<=w;03w3q%`d=2mW(b zs4L`tk$%;IB|LS0-Xpfg7+HjU+{K-S;kG=NejMD=;J1FxPDomcxr1!R>c4xH+7%<|8+q|NB=|4+a>toRVv>~LH5*-={}ww8gSdog zL5j&vGG_b{dz|5Z-tYSe2ZA05y<~F=PPjJ&-@@gk83`X!%$TJo?4$7k*bhKLUJv$s z6bjAP5cU^1!GOr3(&6uLHJH<(h9&9y$WrtpBUwE0>`2gh(z`-jvlXVmP_hvn6Ky1d zhdv$^t9dxf^s~s^i`jSQaq%tK)Hp8`LateTaXX@{qipEEq4YDBSTBR)kz?{7Ml)Qr zlsz5CP|!=21>KsB<{r+%_p?fH`V9_sdLrB$F+QhA5g+)vJ{}6=qcudH@cMnVzr>*s ztq@U>r=&^xRkNH5Q_I7te2 ziGQ)o6Ac>q=p+|jQITN0UTk(G{*}@`d!`@{JPi>-*1vZ-Nq|ksPBabngj+q z>F9*5+bWT}x&>Z?H;p7178w?*F}y>EmfvO&8|dizK=|=ai=X{s{1fj@YXGB@7smYTb1al7j=xlv5KD1LS6kmWy$Jo zOUrxHU-cxI2+K96=AFjp@WXIA<*Ns5_hBuAJ@0&vk4Wfj-}1#elqZqEP&NeEuVZx8 zD?A7W&{V8IqO>uo5fu%hm_mUtBzTRh3ItUKjMbq1j0{mGhr-%h%El~1KUByVtn-(^ z)6}(ej+lBq$dJk=QX6V<+NRiD!aY{!<=#(`v&~ngP!z6}?@mNgX3O(ws`seRu(@TF zS<;tv>S9uXUO4ss+G9}1r6TsLEk2c#=pzGvvPfaIci_5kpBZ!$j37-FdtrI)b-?++xOvPYbedQ+V`$6w?cI@b2MQuj=JmvzQvmc1QY5~2`I?<=~N29jY?c>#4camY}1e>CDdg#Y;c z#O%SIjNkEpIQJ;wUv3B~C)8is^1gG~Hh;KSUFWQWP~3@P`V9tPuTEsB$+211{@|R# zkovWpi|^$yFWGYgI+f1wA z3wa557ZPPf-`?UanZnOSDcz2?S--`XC&XbE!?{}Q3-j7+Fs%}QP4?@PwS9PvF;2Vq zR`MR=D&T6VMt8-~)5NBDPnVkYapGT$XTQxpj`D*@$`oIc2r2Dx$Gq?8g!mE)iJ0B2 zglxoqN}rZe-C8zULNn-Bt8MlEg7@4Ah1|*ug!ivT+8OoQiTZP#N$Wkh8=B@$X~%MR zpZMCJm{_rbP<{NE|KBkZwK)0gV%EM?;URdgtHCN5KgB835!<_Mdo$d%dLQc2JVok zU8z5rZ+TtmdhNuAo&$OOmOyG>&A8*}dA2>z(2Dw+e4P(ec3KTl|odQyp5y^|~GZ{1cIdWBXj7Pd}-|=X$v~ zOeJ(Ja%A06>+_(laf}f@5RzdbmPCpVEO3OPARm$tofP0oska!u{Xq~#*dYcvOo9q8 z(QLx3ZGvLLCgBjzL@Xgw@380Tk>R%7rRJtX<70L?fm3sDvBVc9VHDHvn?xRoH{)dL z?&%q_hxe>YUU=8x5*$%=N~wd43`M^k85t|lmD4wu(^T;{%Qfg22U(CFpe%NGBt>}j z1uu{#9|18rq{wmN%r&fHoh92)$iM-#arBzqXFhG2KVxq}B$4AR0 zd+*){j3RR#HZ?Aus$d@W)@FD%*8+pUqTAmPd8V#G4W@Dzqfc*(v^pNmy&6mhJa8N@ z+&>lQikfM~Fm(KD{ekpIyrl_aQc0KeN5W|j0q=Wry^KG7>^gtNtK<9b3v__!tH%|nDIS%yHW1u{HXW>qOx}v6$LYLb^7~g>z%Z0LRW`qon0) zkz`@uPSpT0_@`k?GUCH#2ZVh+v)M_+U)`*xMioysD-dy-%wf{6ok{OWUF;l#&v;jF zBw3O)yChJ-u4FY4_7&DBX3MhDLVEr%u<<@W&!BP-{Z5;-*ztf|6;hzkY!iDIqdEx_ zZTk&ap0$LQvnMo4mj}kL-(R|rkmF8ac@K5`GjBfwQ^>yn-9(}Ohc)&VmDYhQH zem&H#)ix){PxInXRr-8`y}RIV^;5jp*dEPhHZQK-yrt>9gBNbG9bkmU-eN<~DgxLoBp-FhFq>fHD}5_=u8GX{@+gCD{!U~0xv z|JidLwdu5?*lmYDyfZBz?(>ERG=LS$bu%Q5!@+k_S;+X_!}QSnol}w~e+QHlkE2sT zv-h>mOs^q@`O!r-64!=lu4k%*p?$F-CiPO>7bC|b3AK}J& z28IIOEA+0@o%F)zi}jm^or>mQVz6_jb(5=`f7U-G9@{+gc!xD(jV!?wcuA6JbEiJ@ zOKjwK(IuoI6K0w|53l}ym{lh*{@(0C{q+F>^fF0zO@=axgvyi8D?=f0tQmy&&Jy;kxtmIvn0369*MEE<_7-FWrguNj-^HZ%oimLSWO>;4 z^`UoazWHqY)L6H^x$nGui}BF~zs(M@v_8M#)DrUEin#=%k|Zdf`ec@J&2)QapPYOj z*Mh!ivRmml-B@2J(ZZYCFHu<5(vb{^{X*4Gi{)~N8iGziGrb)Dry z-Z4M{la7_t$8Z)R!}C?EvpP1m`4BAL4gD`{r!K(vN5`Y5*YPgAu9N}5SWr$X%n!`a z;uo10dfOWz>Y?7-Fwu7dH@MYa4_JMTg#WG9R*8qk$U?s%%`|cDXWb2X1vbrIF-*Mt z!_$wu>Gt)HE$*&BCmYBXAGnhJ`85)5A*tG=m}XJt{wiQf8PRim`Nudha_==iC9#7q z{X9Fq&6=xy5cyrVDj=beW731{KAOq#2w|5j_Zr$=l2dX&Xl7O|-{d~yTctn+#vW^1 zmx9!2GqAON55MV`9?ed9vBI}JMiUt3e|QAeo?t0yx-$p~n9i2tgzu{#of2Of(tQp6? zFQ5#}VmiaV*MYnwp8s_U3m6bgXRcrQJ^?#VUNWn^o^m|(=N8v81@F!iQ8kX^T#j*! zN5d~as;OK(I}0z2Ki@LncS42hNd-N5uOw{eK8zLL*M0vbdTrzzrJ5k#t5E}lX*WhG zYPFj4YOhhUGCdiMeDezKS0?gf_-HMw03Xp`dxlmh&Ut}J6KfD=2jArAdbW%Y)JyjJ z)d?1~+xmH&PM~I<{Z-N5&@>x9}e9bpw=D}@rHDwMBGPygf&TE6< zG(_Xt%=dsG(>xN@Afj2116EO#=X&B3-4Q1LzhUKnw)+3|w9KW0fnr=cS`8|@K!D0c zhq8t%-dZ};CPbEmR#g%p6)0Pj4^6UlUcs!K`xsrWyF#lf`)F3rVjHQ@04;=|9f+CQ zbg7zRYnwl9JxQ-uB*po>KDMUFa|%d)#ei>bXS`_E(7!=>k>o%(G#FkdJeWjc6*_wI zvTPKVk|ON_DaT!I);6iCIAW#8CnTMZpmMicUwZWF_kJw5>q;-p^)1Y8xqXstP`wi~ zK;yCKSxlPX7yRdS>B}1Tj4W`hn^4v~<6JfuV^G>tVw{N}GYskr_GQ383W|-I0x^tEKMj|psH*&t zv@%MhMLV`rcVt=cH85SM3b)0(%gZwV4pR~F3TuOR* zfZDIcX46@RxkcpA@JfUQQRE$n(jg0y1dyx<1#3!};Uvdbc~L0%JNQ=^ z2gSBYxH}R>l!%tcC#+n(&YOv_u^Sn5Z8Xa7CB%97{yV#`2@FsX&(}-u=zEQd*&SobVFDH4oEL!*LAXEewa_{{WxWMvoJiDfH zIk%!(?Jqum)Gmh0*AIxmbg(h(Idtx+VO;-RfPZ)A=%Yhq(xl5=hzn99`hlBakAfOzwRl|b^Z`z1mXs?5Pr5&&c{n@uXFluYohtm-sw1p5c+}K z@qYgwc=S!5U|{`yUmDw1&&M(m_io0S&ZXc>t>1Gqc;vA@t^ZO%lpZz~%oC{51n&cZ z6=l-&1+^5YK*()fHZ~{L`Lwkisps06-{zBAv*ou#fF%A5QD+|0Kkd%2Bdu>AFHK%E zp=-(7eIHnAJUlz*<@uJxIQ8Xyk633UK!h< z=u2yN&fi0BKovsDEl|uf`2mvyRwQ8CXz9nRI5wbzbIVzz8Q;zFi|m#vx@VZ-H1@TP z1!EI>fGc_ms*Cl~fc`EHH^3r$>A_E<=ub%b?>zwWMKl700iZWrYJd9t$FXQlquyRw z;45jH#%=r1N{)#%zL53r2C=53{Nr!J@I8@HT425_|CBx+Qe8Asu;CH zr|U&GvkA7%u0%jQuv=ve90w;8jD8j2J=t*&swep1SB>GB>AfvDwIVl`)17|M>pU({ z2JL;`<&Ns$KA!RP)sQ+RFA#DyOP1$vyBjx5`uF&}u8*kf2}B3ENiZfVLwO{XmQBHv zbOabLXc=DEZDn0^ZOWr8&%M}wiBfe9 zdYUf7FIaakvsgwr57)!_BBB_n4gQ-oRbXIA#be5@jfmjdAM8pOdhu20f-lrFn%UM= zskPIx{R^|64%nz5)hf0|j#ymOf+aSKz6ax_?we8FGj*;$8{J6#b=8kPgyYD)UF54x49r~Y3*L#()O~s>g{fA-E;l3re0~&eW|PskD7%nYI>DUg85zS zkJnpo?$NZ2o{@waR6tJQ?$c}cUeuAmUY2<_x1)FG4_zVa7}%XfSUjD5+{tnZI=c0! zy;>_2u|+_W#Nr!xy?^18MMNv!Q@Vzh`Qb)qF$B5u#JgGCeotkWPsbZI|jIfb^h zsWm*R22e!ee6~_u6Q>;>n8_jdXRSQk{a9+yW1ob82JzNuqoEi{etFjbX(~<|z`>*` zuzd*e0@<>mO=WyJPlGhXNjPz%4ocKoK>rzSJb(IgGFmT=*Q@C;gcOZbfIegOtKQOZ zG_gxh^_>N0zL5EXG^!n7OGVnjAzycJH;`R)As+_ef1X8Hge+&3%KNlbFmJ&9V^?S>}OnI99DIdKo-*ZF9`4wkVU ziE5Q+_g)&RJjh-j;QlScQIl_BvhacDVQ*fmSv?jSV5UYRPfgS}tWtv!udStJg$Okt zneSbKt~tbM%@R5Z5bLIoBlA6;iEvjw6}Nf0p`@+mR1VV6cd0JUH3#a_`8>jA(N zzl8AlpB_os)r*06dgfaPlC3Y*KQLwnOhK|#ln}+HSPX~seKJ}EqRP4T1E%_U!OJRf zJ%!)J3_NyWv6yV=FsN;kJkeo2MMZO7Pd+~uRk&s{g=er!X1T5k+Gcb+N7nqeES=&h zt7s!~b-YfJahW6HfrsEyF`>IfLRsaq3fHZG4+sQmc*@&u2o&S9y$5N=;(KV+>Y2vV z7mjAz!5s+65_Fi18*xreWe6_39|XKk(N8zxTbAPm<30CzxEJjVQJ8Yi2)Xx8Vxm!c zCaXQr-z!^u9Q40#q}|~Ck}&f#CGWGB5-cJ*rx%B2uv2a!Lc>s{zTB`RCY+F_duE>f9VB51r$O^@Jy9qfMk)p@^kIH~x9&6=7C6*VQ9=jgGN z^Nr}zYNdvsD&H;Y!z{P5rvyN(m#zvwdnl~<7I=WC3VPN5upZ{bxmeVR&nyb)Q3oM< zORoxwG#sS%K9}29KebmB=OXb3zIRWuBX`AmO9m*MkgpO|V^n~&s`k;W zpoz`(*uf5vxrG=1xzqGgQXX?Sm3ejEgkQ-nr@1c$8upkvmK1B&a|O-g0n?ds%m?2v z_IFI+CGo_ZcIYu0@dLsE+nsK$#ir)n$~tO!=9tWD;SY!-diz*#6gk_p>B03WSMT+@W}fb&rwghgi54u;%a};^A?4Dw5|IaV4u% z7FsOdhhAZqAPG6A!!D|{RN0gw!i|Zh!zuk<&@)tncREKnITaZB`?sd;lu%oLAQx}U zkf9rxQC!+>MTyZ}1f;O+hv%9hnNuhaUGH1O zJXKc^Pc_77UJsWx_fmoq!l0a+l=aW*D}0h3hL_i=qaF)XgljRxxzssts>lXxL*A*) zk}%^aPfjxsTULp%i)INii3=qi(MxQ<>nN&N=i?($ZF>Q$x1=}Q zuzZHV(y}b4Im=Q!FQZL%7;&c#s>@*%WqV3@Mn}u!j{7XLcFzx>(=r77lmWnbOi7!l z=jC+ra(tAmp6hZCyIRP3)_{l%6;=3O?WglmG)e6bMe(UQ+uj!wj$}U==;fCwRv_(R zk};?K{rhI_$Bt{b;*+Z1FY%qRG0$@~rYe`N4Xg6*$P0ZK?Wnr37!}hFnZq%Naj1O+ zi~bIXLZ;^^Z!4NYK9@fkvLiYi3>38;^a*KaV2?*idjxTO(y87Yk=WvYAZ zIo}Svf}ak&aKX%X-}oG&qc4<+nkyKqXDb002lNo#wkumvY6q{$5rm`ds^7l7mxrn5 z&p<-`_ahxD5(Xi}=RL5=2MvkMAF*snZMVH~zychPjL>6nW^7RUHF4cftB^S~G{kwY zYc4Uaq|>Y1P`UD#$qkSnF9+z7iztS!Nymn6-MG~x`0kl08icK5Ey3=pq!ePWjvYK* zA}N$EMypcbKyrY0RVON~kHNrf{R*;K?*p!s$(v#aM~3oZ3^8!TpdTcGe|;wSvAwf+ zf2%+qpgy28x5*LBm657Gr1AakQTmJc({~{>3B*uSi7ZV|rDR=rF5W-+>ls)k-`t_9 zX%QM-OF-z7JY5@2@%ZClaCg!n&>x;9cK}Bo!D;;M4-8PDj{y-8;SgsSdIAaC!|U-p z0g8S!s#_p*o(vX2_EloHw>JC9O=fO_to#Cy8NpYER2;&f;(mYRU2y zQ5(Y{$pFP~Tgn4wDt94(*n{YIH?p!2^>%-V zDhPj_p>F=r)Od(htY>_w=|idwEAUH+X#T6b+2YG-t9UirTMN32rakqdV<`LXC;vX% z%esSQ-X{f6*#@;Ss_64>FYSH3@E2ANN9OZ>Vh|VnEMkeeYmb0pWE$gv<~mY`;(ta_ zmh?I366>Yx(Ns3o{Ro>Kv7r0g8yEo*m_V9lxIaQa2qsc{(r9@lf+88wr=hT(1+Ma( zOHi@9eBZKgVpTALO>J#k7%(nKmf*9>T3h56VaAH6n%0}jvVg}ByoVk*?^e;u;~mua zLwqCntqd-vIWhR;*?dQgM%J<^DkP=w_GzABOy=kKK7EV@Tj0P-;&r1AfwPjU(_(*@ z$Ccz&1S&gW$rx|Y!0Qe#Y=*xAJKyHl)vZElR?e?`Q?TcG8f&85o;^zc2!dFR^YunB z=46`S>ZDGuh3^TVnIdeGHt><`0ezxj))?uVUIfHSWkG(Vcm$XYxxB@FQ~_8aX#=4YK|>HvEfjGx^}m zH(Hu{Fz6*3LJ8*?YR}{%oKvDDs(Co!%eC62GTN1@``{#T78=8tz3d|VQAepMV4e$X z)+%7>qF-pLBf$h?geq7lrP{{RDr%IEhK8X7zMVdve+X4z>9XNdM{dS0}g zcC=c&Ef4-sQ&+KU6|lx-8#cK-Iss_z_^X4Z*TNVI zT`A@QFrjtY}WKss;<$;0w#xH2p?gsf1feB<+`sSEyC|YoRYes zd?7dfM5ayEt6SaV4#Mk-?fKeXL}=O$R-CZ7B{~)J7hr!roH2A_wJnJdh@)OPwB0S) zQ3?Qa%I($|Y0jN8gQa~Auz5Ug)tu6(zPe^+N%ToRV;Rd>qhF+JF;qgFOss#MSX?F{ z#AQec(C?~B4!|GW0`P89^qTi_F6jDQ$X~)0M~(!z9mqE4KMDA1{%#5jXf~n#^s&LW z4={z*UwTtcqeHx3)m4BvtRxb zA4{PA2b{ycy1A(@1e$|b-_7WL%JtkN^I?jcfzgc%hWoV3V{etlTL*;2b=Hlg;NS}t z1H-E6SUxUo2sGB+`Pov^>RpKVUnc?R?ZD+Yc?qJ%5^XlW7*oI9GE$R;noWLYzT7L5 za8Y>Cavd@ijsK4t-30>5cT^v~1G592{CXF?Zn_`|m^tCvenZvKk?Tt_EqJ?=yW!Sr zAHcYkbTr|5Y~AjHr1LRCV!Jtiqyril)vXlWcCHTns9aCx86?@@n7*hjZJLNC%IGio zfzc{gBtlhfS+pa?I}XP_?(<5t?fChSn0qEr;4Eh@-Gp?3#qesk-MOyoveeu{AiWzB zIG=>LwpXudf&~Cx@<#x+&ZVM>s~cA@opax(j+iLJQH1^QvsY^MOHoXL4D(5s@_yD5 z$_a{X*G4P)C*}<9H@&ZyI;!VU8bwADtk7M$iYRn|nXJV)}F7~%7!B6Ap$ zYh|`d{Fz1fx>N@U@1?o)J>hMXFZ)2*+JCviA7pY~k(7a9%nJ(M&s@LxbD^NC9>_)Bm@e9MlV za_0k;UO`XZThYD75bNB8rY!I3k2!IA{u2#w`ZDUMzi>w}$|sZ3O#xOQ>iAm$Q7v`R zHpaUYqT~qbCAwy?AtHc+mHRu!cRuZc3z?NKg5VU*s7h0!6uKl$d}W&DIiTrGP(W#RP zQSpk75h|TTJC=jwJ#U*XH365TIdvcz{%_@9`hM@xmw7RIeQctLCvqnAltzpi4+ATG zXh}6);?#uK*Rq>X{o(EYsC_hu+X4J=Mq6}&@nuXeJGs!I@{c(C4AtiO(MX<}}RkN&7Bqp>F>JmS8bwVIxn`-;Qo$Ir7!zkB( zchv-pV%sOWDGy-DghidKR^}p)>rVS)N0ayf+Ry~)9TjId&|n?y`#kdN-LYYV^5>$5 zkY@(q#^-lLNpVaPo-Xmv$bBUd-6_Kq6YATzJt^7d6kn$iA}#3>eh@?SawlW(#dcCY`hM=WDd+ zCE1Lk)1D_?m>XXE-`f{HRMU7ydYe=AZl~7uG{N=e+`5r(Cww3q?T6oQP_g>))KF3H+YbpnyGZ4m10V2BmwL5As&9 zJa?n2b-Mw3>UxT}S((Y(MDQrOCQCG`E8Tlyf+W>KI3`o!J$mR1Kuh;c0J|%UM|n|{X}V%S{%Jd99+g88546bc4YtHtU)sAD#MHWVTN0Hfqy7j9MH z)XP`u?0RtPX*L+?_!z1Gl7U=!XNs*!Zn|utk@MaocjX?EWHOj+TbW73W>IyP1{kzi zTauK9A+yi?5Z8isdE`_;y{A*tA}cw0cpLEQ zTl=Ub!<%;bLhlF@)Zb*u+OeXSe#p{hAINa@pI{6FQdV)~Rzc%h!g{MyQ1Q+gZ7`** z1ola|N|Tcr9YcwJ+GF5D5a*$iY=MO_R@7WXG(a{~^=CQyXg=Rfc6k37qa@Y|FZ&jE zNT9D_SN0Js8ue=?u zQjk6GSb%OxTd3Ba#JCuF#E-!zL06D;eTS4Ssv+T(VC534A~x@;%dizDa<5W>T(RzU zUKf_n!TZbm1WBLUbWR-YeJR`T1155Rxcx5&!`65H4Sgw)EdfDIE%rKO$KBEzQJA7T>|lZ^PJF)wV#)z#HY(>YeCH&zSqftr5V$qo0*wg&>U{D z-DTc=X{0k*5KKI+ZnAIUSmjA=Zw2SJR{B7TcI#zH-{?4Wo71Q6P39t~Tpcfj0hyeh zn*APA@C&O5MXaOu~FylBftDmu$0M0tSIFB}S&--2 zFRhKKa9HBI7YDtjGk99J@k0P~O9foTO;?nAGK@Y2d2}=^F*0MA1<&1qYlB~i#lojH ztP}HbsVYj%Kc_-{pzJ_zKWsBiI7*6|e!P)K?C$}BKL*;7$J<;ZJg*i?VjSE6qR+ zIm6f2*Gm^mt4yvI2_J_X2DsXT$<*=LpH>kDCe&}8EI2cC`Cizwu&}(e+F_5>OYRlO zokf#HS38tv2vG$1i2Wp4xTxPxqVvnLLAS$g5m*?GuzTL^42P!9b6POsYKEdU#nF-= z`^#@3McEu|UIIMDJqEFqBp#tuFmU=H8k+^$RTBjwNxC~C*q0P$(`C9-vGf=UI(;d8 z6CywSBmS?!-?(7p!Ed5QJ~kE3+DvYS>W&f6FMn8$>VQKWk2XmV+>+(7g;QvNd2NF* zm)+LlGxJ;^_HwYz8g)BoaBj7!H5d>aNrDyFPpRA0TDuS1l#r5g2of?cy3trR8`fH< z3D03i=2`YcDy3P@ndN)eY5vNG))ZtAYm6Ebu)}0I#;)aX$?81ZxZ|`?BJW~$BG4-H zK`onEh|3yBVn7o?NLRTT{G7n9{;-MXuq%!8E_d{ZrG#-Vw&n zZ0wiI=lfHK@=^3R0nIl1fc28*gLd;+uAYS^4^Ez{z?i&Zr*C@5Cf7Xf2-4_rn#LLX z7m&@05pE;?jbqz6J|o9D_pM_*S&iIs3SGDJku{YTLXT{=Qm8T;qmzr+`yUKm+ zLE&nl3)drLvg2i@#Tx-|!+nch(0wLnEiu|fzIE$pf=F-w5og+!f2(6~30O+ynn9aU zsN66zN{X}v;cb8Hb$7utMNtrWU1rzoJ3>|xnWA2+TYawd09&b+$lBiC-U1SHt&S6i zz6$gzTB3a&A{}=xhya@pj4>Xv`Afq_FR+EzY(PrH+W~Ksdr+2R@tRd`mkaC!;|aO5 zlC^q1=W9+gpMxr0v7{b3*AH>U$qEB9vR-@z_o@$<5Y?l?ORU~g7#+Xr=)c~N9@J#Bk$PX!1?F|ZLi0_=$pUTrrCTg93$Vu zYn(vMrAUWjLxog4d<61w%Ar139PnME0SKBSLWn(eqFzOZ(^^^)7LQAPm`7hg38QIb zf?yrVLpT?xiZRaTJUi-g$ZjcYMw&)2sx)E|^bWr3urQDw~9l}J#>qlIbH zimo_0F;U-srvOXmXd4%PPRIKfD*bkZ$j*X!QiyW`--YrOa}5z4;lCXKJ9=4Zqe_eo zo}1ANmev<^HiSBM3FXZad7zCF$oZ^ES?nYx@Tul%^TPMOkgTJXt)d68Iqm-XjmLc~ zy(K^#QVg-=LOXIJSAX@4uq4X$mAh-t)y{pBWUYOz{YAx0b~TJLVwy~LGv>BLkE(F; z^X<8`1*797q;lhrvhfeg=v%u#JNcJ#;1Gf&+xt~_uY-8;&VWHClQDXxYynjm%Y6hL zw>mxGd!_7G;k6wd0qg_%4nS-~^clB}fHJa_@g^|7hyFw6LUQ{%%E(BX6HYlUSj@29uQ5y5o0N_WTtlHY*E4DI8A%l&=36QZql6#aulbi_g`58hsI9_EQJ)d!$y>1bVcgw~k)!NqB`zPo zR~w~QyhfaoY(kCZ$0vqoV_o_wdwU4 z|4Q-zS*2ln+aEV>H9=cJAZ2x<`;e7>x-dAolSSSNeH+8?5NH-ifIg@1>rsI@zH{6c z915@1;BijRAXPY5qeECLHX~tZN4p|6_X%D(((|*gw)EMHFkvQ~b+<`Yl;GE&P5URw z^&F*ui@dQR`;grTu_TfSkE9m*9o|>$Ve)&z-C2r4hn}F7F0$kb*RL#p-~qEr?h%cO zqWy5=RkX_<-tTey4LNd+y4p8_lanRPrbS}gcfsr{z*ZPihPzQ}JMYZ|sZL6|m%_M$bQ z9Ki*_$9-cKD(3E6!F@U#PlD-VAHkn-WnSBTsvrI+!B_DdnN9;#Z}%g!00mBN`&6$i zIYlnMJ7m(K+&ikr2gi_a3>wPrL3cg!-~sAJ9xA0fQj%G3m35*ZUMP)YJXBZuckEC6 znt0=D<5Q6s@V|rpf8jS6C*Oank_*B^Bq z)8ta(oysOblRN^$ny6Hlk`wbBj{EdPcs`44!b6(b~#a4_t5Ssd5#_bB4N3L6>6&k3)R<*U)sBr zmPgn=L6!;l^$j}UZS7FO&93)=y%<2~R<~fcR-$Ej)iy)^iRQ2qC`kHXmF>m*qPwl zhIV0#t(ogcNBp;OhPY7r9D&v}elqw&l!G%Lz9~bef$#Rch`@F9QCD{JYt4sig?C4M z1J{;C;`|m8Y+`QrmQ(!JaJ+k`bEvqq4J8$e9_&!LVNzjt_o=k10NW9-v)e1`>ieeu zw$-ZIRE9=EwlQGxG3w|eWSbPF{)4bhIzrd~umD_QxrlEE1kS0ud^67%b;;Ri)a{eG zM#n_0l4Ug(!R6#V9v3x!2qii;>_#{%yYXkR=M6ILo})|_w)H|;dsLR3A`}}nij#h4 z6a|EX!~8gqFcqFuv`{16@X}ix<}K5HOXELSA~(*c!p4p>zv*SBBgj7dIMYcGA-E|( zHCFH)*U+Tob&7>_`yPcoRWf6G4lQ#2D~aFxVIr10gY|s|$$vUyM20UskU>!83J?OF zU{T$w^jrF~oxk;G3!xe*9?#DxK{t?3so29ibN-6!4NH;)+jqSZ>*h7Oc&y(ET}8h2 zdhiYX=slObqpQdM^69^ZBjuM*Xx+4MqXn`5p|pM3fDsf&+FCfRwdIh446^uNF&vb} z_M#R;pz+hD^q6wX^;7rS;U`>9AG6Y0Hb5eKnU?xH_qMuc?v?&4q)U+8vh*c+`OPES z?=cpVn`$VU;GB1eK{V$h`2DGd`*cDvQvDk>x8Vkqy`1I!(9v>H0Ig}U#BFce;bPJ0 z<>|WufnZzlr`SSNDY&V+t37^D#5eIs8Pc^IVj1pMLFkvSiM-7+PBGNq^=KE$mBE^{ zz}Z(>2unhDbZum{W3zzBdmCCS_;!+au3vgOf9ci-n8R%XH`R3eAiWC`>g-N$CVygN z-7&L2`p?9j`y0~MOD}pFgil32!-mFimpO$!_b=+; z)iCh=(1IcJ<37r<%}mKrEjS21b|S$@zMpU<8!L`zm+icc3gTXKI=THL$vL`Teg?; zYu6VuD0k!z@YP@z>)hy~YzJCu9(fnXLHxm4(MNseP=M)-WITD9fY=GV+-$iW%!(YruatDPb9Ko7Q-Lt#+Gi`8^u@c*S#t7{_1}I%3<^893 ztd(z!Q^v-WzffMb+hq!g&&M~S!tWyFzn%iZtbS%iN4+f>_?8&qK%{dd9Zdo@>YaiQ z%15n7R&crmH;{}MZ7&z~XJqN6b@=YjLi14m5cpBb28Q$QCZjU`l+(Dr06=0Ti`Ic{u;xY03od*1W3|JM(gOC(;cCGpd|FC6Se zGN%?Rcf82$j&X2EF@fH~eUa8c7VN68vWa3Kv2B$MF=GkRAgY zY2)0i;n54)zC%R{aZZr84I? z-Dzc!ISu!x@yYc;e)QxL#EL3t2G-k_{{6CzYWW`2MVBMUd=>ZZSC4f`BL7cg1SZBg zCjx~sMw;%9t@O(#;Koe~F;#NrJFYzNu~{u3^Ji<2eaj*4YIpaX0*OU;8XRUom=7P( zx}*!DQDm-g8uyOfVAr$zPCJ!wmCs@PFg~SPVI!5{UTW@bVQnsf(bL~kGBQD#yd5`} z*iEjxRGXI%@kRYlN_QS-fpfQckJ^DBZ{Y+9JIC=!wex))qMC>dm0@Z$A|O==zbS&MOU$D$6gqCuDSb#cn&xA&yuop%E1f+ zYjx%og}-;2rgMtxZKs{Q7mh~F;JfQ2hfE`ukWAgo?_Xr7zDP9fV-EnK#bJ?U5t;5! zOFDav>YKk}k*fyz9N*vQ$U zo@n*TFAef5NpENcBQB2@-qRomEOLX7)=fsV%^~{bzs8oNc)mQmC#4>`9U`)iICAw9 zrPSW8iqM6-!p8-fL(f|Jd$NwysKAh~OLWQtZ%cfJ{l7q+}1^@ zrgg`-K7xlroi3@J)dikO3LpO-F8|fo$(nog@ZW6O^}mVh`tkbu*gw)f#=dhx5cV-~UKTyR@VsQrI)IYX8Bo`Wxr*#@~Ybe>49}zeCHI~xvAH!li;IQbv z)17E2UpjLekzeL^+cMYDlD;+lc9hOmQI6(OQw@e5IZ`>uc}I(CKPf!*{Z^>5F#exM zvzA*&)WM6u!fC!x<IZ)x#48S%Q75998kJMSq;!A=aJEhrG*4 z0Q4WSuo~4x+%@E8guiJm@|Ihc6?AP6fq#B|~t0!wX^po8{2w9H}j}Ir{XYaRU&C-~u z_qbe;P6OM}CkPf;;zeh(MC1HsH)i`kS3lWieDMXQFU?Pf)O<^_G6oQX!{RJH5Q}fg zH$l4FU{mZe+;uf^=6Sf1gtSR;!*k^l3^{%Cc&X#}^~HJnv9SNFU?(%1Te5!QvhAN- zxGb{!4A-^Q`F;ZePBl{;4mbMbTpemENtF^B){{Dvcp1H{zBA^@bgNcVb#w^m8!fAi zBEXr&O?t*lQNX2BZSVyK{JifGbBt&ho4R;PwV^#+t>h2p?^Qx;!6luANN=?94<2G^ zu@uBA*t$d(ngV5SPI$+N{Sw*S_zo{t&N6QvY!9Thseq2IiI} zqVGUnBuHxU&q-*??3H^9*k7xv1kzSA29D>L+K!L9M=iL&OqvYy`RKFROaBG99%BXirxbGvcd~lgS78MSo7K7?A&L7bdxghXfzj7Z{ABq?(iRX{uE9 zl0iCQUlumFra8XQb2mR+LD+b2$98qOAIp;2NZ(j;@r+bm**BT}a@1P^OwLh2GKKw%6v?<#F!nRrvMPiSZ zDpAQ0w{_uHBvP$JRt|JMm-HUW1&a>2CVcEqPZne7JU_`J0Q69h@P=U$**57+JqeT1 zd(@{3P$^9fFX>vpR2c4-zGl_Pcyo!wRcqZO@Mh$Zk&DQY3s1D=6?I%H2Z;W!(Jdne z{q;mp#JBx&f?jQ;jC>~@@FJ?Bb!ho5%kum?c)=SGk?QlK*iwk~Xe!icP z5%$Fq8f2XgC?2O`POoZ)y1bV{rjpSEMeAt2k$j$=AQAo#4}DOeYe2UQH0w;@3QYcL z0oXwh6_qy5!`(xuzpu&c?vAFC+H3!jy3>3hAEKAmQF_o;GPNKoQ8J|;miWI_?Fh*8 zLdcTg>M}oh6w=Dv?kC6gJsY+I3!mgkcYXmR;jA=}} z5C1>s@&dip5(K;xT0FUun7&FAeK(uge(CHF$X`Ek~wwlFYT>k;%h=y$zv2g|`jG%$(Lm~?z(-A|@z!}+B z$ldyeulFgV@VkbRE`e=M5X@MZL^#GOVK)?~NiL_7J9V+z1pYnf#MvtN2c=iyzvY+z zb5ufz5Cr?knKkVnw|#W>*8toMbq4X@*342hXN+-PH`{*^txEB+dE!*%PS~!R_>A@m$ z@4Kual~2BxTRkcWT4ks<=>Rct@xp_O+}-jkY&MxIC!f!}oVH8TkVx^g)?eS=Adv(r zO6UIb4ZDk75#!~2Co!PYA+jz%gpLy?G^yMlrC$rRpg}|`$js9;h(3l{4IBGaMu+_VGvbhTjHPgd3vA#)m(JmwI08R*{?wI9{<{-@5L#Y{+;&4|`v=vVKz)wld6(=DTYBDHg^5?U3@_T9~ncQI*J#KleTuG#Pdn$d^nG&bmhrf>&Hk_E|qU#P?!bfP1XDFO2*< z<7iJG29;DA&dS5X`qfSi(E)bMWm_=2j8Jz@q4-%rII{^Ni@JAsp z+w3V$iw-KqV0k~BbHB)x2F?~1py9T|Uj%xTc!_DvA+JnMIN`^2b-!+j_>#=(>9a`7>9Og6mB$dovxisuu3+W^ctHd^hOO1m2<{{;I%)Q)I*e;5?FmD|CB?v`~bYtSyvlU4~Q7v{BAx*ZQgl&C+^r{Ffz4N2#@zQ}#fm&N4meDmrdV zlBFsy8~;e@th-a%=9gYLk5#5TH+Up8&AfYpI8g>;ir*6?rmj?Q&aV)+i;D4}UuNVaUhm(otG!?Dgxt{md8~-v8f0fGxbI_-il=7_ z19k_G&B}a(?M82fZquNflAN0o5f7X8z$TwTrv&-)!$n#Df(k!#{Mh&n#mHX+Zx7=5 zd*`tOmF8-h+GsEiOWPw^36>w#Tt1%>3+PvyC~B5GcS~t<2~n)*+{^cLzDuFS+?FJj zhc)l`Q%VvsLymjw?+HwKDP4Jgh2QEL`d(xJ0S>W`kRd&0&7iTH)^8cu6nYF%fI|@N*iA6XsBVFqNl)M|v3aOu zbIA0}ttJj?WF~kw&%qhWh@S&VBnfO4R0TI+E(h&gheKZ6jCgoQ1O$nt{>UJiR8r(6 zxST0y>xF*)uU)wR?8&L(e^Gs28E9o4oerOahm-U^V{t;)jdzZ1HQbZ0wb1R?2fd}Y zWWV6+_x4bFG#g526nY~rL3u&z`{@STxd4b9NC=okZ~S@BIxY^&93D{$Ws{0pZbAC9 zFDbn#{X(p?AyzjHmN^XAc>l($ z&+X#0e(NHZqb!74t?na^QUjrtJ}#v;tBoBt3{UMz*yDuT?pso_7;1WEk_E3)o*M7L;bAilA7Q|aXUnO91pTwHon$)s!^orUm;K{= zQUOIQz;@^kd=%Vr(Z81@@0%=+ylF+c@&+5cS-2_NW%W+VB${^!p3C?!YgUa zRr-nDB^sisuAf+E7XLn8dRp2x*~`uApKjZ4RM_&9fUd`j&0Pb(V2<2)Cnm#Ya`L=G zr+G2|$GyyjGRwPtiPLD%fIzZCwk@lV_n=;-8^a}QuUqa7>z+WUyWoq@>Kc&jEw1>o zy(B|E=P%Kn9bn~pO4HEtTJxK~)->u3!fQS&3j>21O{DBHB=Esg%YUItgBFzk91}xk z-$vreZ9D8yp-bIzf9?$<-{fSPxJn^xWaKvY<8;xkoZYxuz07#^ZwU{9^a>EBPXRyPB;H%upy{j z=LWgci+q>i=D~!wU-0p%xN^2u-Q%#!4|H_c^zb(5b~Zh8ay`XH2H8Jtcv@(F46%6C z=lFqwK{$MBA~EF(rOk*50-%AVPhD*a%$@TU`VF%cdQFRuu|wu36iIo#&GC%?DT{1| z4)Ixe3&CGZ(763x-Uu=4GW|H>FY~0?FKJQn$K-i*)~~pCz~tu;VZI(QD({pW3K158 zB(>frq#a-L-nNM(m+n%hWSUBabk{zLlRnSNzkj>UEac_2PEo)1b`+u`{xMU5T2?BI znpQUWgjLH+(}rQbfB6sz1p_qKO$iS%8MMxuoen1g*G5wrV(>EmzUThfVws-h!me_U zA5klmX;S2Hgaz?3!FXqr2{L$YrKwpHGu%LuneIhK&%%geNM`@HM=ltYuf(7JTR1Gj=Zg;vt)h_&=3GxJ9N zU7zx)1A_t7z1{GA#D@wf|J8-{-u+^YS{L|F4$ZiwMW<5ZQ1ev7UOCN5Ls`wwc{hh& zc~ghHBEjV%UE~1~1e8&Em^@pq41T=r7K2~cbLh~C>??QMCaTo4V8NlgOtXub zmECn+7P1Bg$I-q3_g4>L`rA~w(#X!8%U$pAxSVx+J~wDusFDj_Y26O^`HOo?$9Eq+Hr~ztUh+!myZ&`T=f{o1Wf45lIXm4L+mU?Gz7KQ&iNr zXn7C}l|jx@-?&E{L^Y(}C^y#=%Kxuw3tA101c}!F6xOK-cZWxaBZRYUsb>(ZhpI28 z)#amonIHB`nbqP>N30pv$&LJ1_q*QlLA-ne3j*z{)Lah7D7AHK!Tz58#coO-i0a(N zFcvpjx<4%P3iiUs8u#TQ72NA15aL`%@aHZop>HSnM8xrdV@w+Z@d7vWQhm|rGK9BwH zQFKtNZk}F(Wn#3Fc{f}aN-^)R_1Xq0*#q3Yw(}s7Fjh(=HVoIJ=^o#UMwZs)I?Gm` zKV3h43z!cOsMW6qe>TYp4ne2~=#bbRC*1EA0KXjzGgf|;Z~}`O{`ec3NWXg`?G0Mh zd>x~|>gq?;n zA}Si0lB&4J*)6P8nGnwVhcp&ME*HeOEaZsSxH$?(s+H&JLgswyjqOaS!7?R>{Cu(v z8~TlndTS0X)dW-5U*Kp%`i0YCjFX!?aglKjW%7xyHrF>UMVz+hUbkm9(neoEOm*pc zZSKW<&Svglrl;9?yY!+KG4pZB};Zb-1U_AYwrz=R`TS zxF_-E+vET;W~?s1S^92-XHjxR(y->E=V{{9bhdGGON*W67;zWK}~ zjAx|Vw9dcBVRPIV5d<6cv0lbG&h4;$X`(w5Pp{yVVIHWV+BAXAR|Adv&ij=z=29hM z9*c2ammq-5q=7~GJb%!kz_3a99YV1_R^NcG2B*6B#DL!4GB4t*d*Ne`qxXdDg>F(H z)qyohRRqI{x$O8z( zeQ8Wt)Z`qJ!RJcb%Ih<{RGm`f@mjE53S8+-I8Pn^@30RyMsI_58?AFfce3OUlLB>X z68@gu>hqOTi~MzZ9!>58&K~dZm@W2@$(1^Xsts<#t&nkg>~{;2Qg-E@)$NBD=|LEd z#eyv;cRK7cOmLg!2G&0eBjK(%>57E7+Y7gZE*mvkbLy{)%*gWbw}*L+_%^K#p9%CI zM8B*e8tHwKI^c**)}!jM+|o)r(W80~*}4Xcm12Go@0*1R7Q8m<;?MC6s!|e$3R;!< zxx}+=J!*gP`arAKV0FwN;h{Pu9sAK!dJzpWt*mT2kr_?XUv;WE^Eh(S4Vd^_w3&Do z;RmWug9kg}nP*=*J{o2V=PMjl$C5xWqJ&Ytx^!!84GSHR2;)eVNfQ$OrRu!jUPjG;M6~V+G?ktPO2USRD3*HrnO@^jflEKD5IQA* zqrF(5&9~*yWF*eMP7I%t>hL}jS{*^s&Ix@yT!+uT4m0as%u+8^i4gIea&Kr3(Ei2S zTUU#k>7aE^Q;#D#U!BxcAF;Mbs#Uz4NcSDa`HGIW%yfsDu#M8?=p1!@pJ9C-+L8v1 zirZAzCFaAp%Ty~GpTh;Vk+i)kZF|sL^+hm`>ab$Z3M&7>U$|VLLw)?X()pUsLs>S; zc`^3m6l@QozGciUy5Jtqv-QCUjRvRy5!y74w0v!lZ=HKFu|4!fYs%WQ3Qxq zjck@H(Yak6ZM(ktB?|dZ*LnRL(}E#JXFzfRmn+;hS?2#%;~{^Fkbv&n?M@?ao(d!2 zaP48pjE)cH4B2QbOfP_tnk?mQ(r3&PV){tUVA3cxv)bV3k(SVEkCP8TgN=H}+_Z+C z4fJ&HS1+3ryow>Lx%&`28uL3e zr&GdG*q&0+h98T$DO3xVB&-8I2gLG?rti6vPRxgXF6c;sl~l@aXQW@Y%7Q>C!8#$i z#dovbEm4Kka7{{jQU||GLIz11T}~*|3P@Dpr5J`)f-t z#p1a|?7&Eo$%nnFpY0!7X4R7HG9iT?sB;6+j2c}7Q?`^s{QJ&@p(4Nw=UR}C5v#?g zr&ZA~K^(Pxc0=ah?{S^UG#oQHRQvyu|6&e`zh`kqrbsq?yjUq0C_I%-Oin7K3lOuE zQ%kWLy~UG%P0yH_z?qVSGlfB7-q6OnLk&Ik^Vm1nYQ0$Z{_PAFn(7632L4Is3`y82BYJP5fvz16e6cJ$i8wLjtF(SGk)by$C6dYBz!LHS|XT;+RQhKDG1dz9tSVG^ZORULCs zd}1^Rs~AxkAkA%`q9%4}z058bHfIq9ndI>jEkGB}pQbr!42{8ci*HSXt1@Wxf>@qG}JSRmf_4driTteZQ2xBulCWmPhfCHAIUr$)?Kaz zJ&)p-!oOAH`U`9M2i0CNgTca*Bh$wv^#eNB$J1m668EDP3t&5#eziX65mJ zd$#W>M6_?tZM$eCUV8?2*vuFied;hyVPs-*V(Ee;W$|9=ZePMoXz6*>ITGoQeK(L4 z_so#*_mY>7Dy-zu(c}nYhlEg)4n>WRlQAm*(1m932S*9$W6md6yDD028Q|Z309DY~ zat+6d9=l$W#`MYWh%=$0^3Ef-$PNL;T>{1oOqESae(KLJ4WJU@3pP;wjWvpI|8z(q zt|goqhU-TRtYt|}e%@7Ob_^NJ%M``WbYpsvalZwO6Y}y*edScZ_UzVegF32Cv7Q%8 zYy&5&rCexgVYgZLE7W7dRaRmLsekoPg2?!I2!i`s-OA9yAEJy>Qd5VASHC;1GEhZL zzT$LXkg@m1bn57oP0$(rXq3AVmO0+fT5>qTY(XWf(C*Y8l#-f9wP(_;Z*+3NK1-IQ zB1XCS)=e<6ToPzK0gjTEgf|RBI|HpQh7xG~o|`PhawICj8;phh-2fvEW8^s91A9q% z^|sOROn{j~L8Q~>SCRGg1wopngM9)`0A%DHO!y-YaLoo%0l3Y@YK*J4{aQeI*im3< zg?&Y8R$yt-cWLQ)6bQqiq@_R16_EF#ABiRR54@^%lmCwKek&cZ-savG&C=R`v3-k- zvG%_8dZ2n2T41>X_AKm>O7a}mT%pX&@HA|24$WfVixjhLuB4#aHbuolK1^rkHno>O z#PR4j!aXEf@iT`o;DutM9LD2gVOPnSvBI@SF>xFC=K=BRVB+MKSx%%GHNvOH@Dc`*1E#p!k$z z3mUCP`*lV`U^z4UeUqGgpMiszRV4qD3!K4vk8a$0p{FyqmxNeR?r+I}jcD`D41KC+7p0!2MASbf*~vDwPZv~aupY~!$euA}Xa_m1$`nhd zGl>Dd#F7e4`bsN13`djdZf+?)4MMRZHdURIk9-&e=X*ufP+m}zXnPi9D4w*+*Vy0X zhaTNpE|BZXsYouBOAn~)$!^9lu}x7~@eF(W0lVSA6#Ot+#?p3L*)q9u@HDYPzVVPQ z(o$NuZJ1PYS*ufLxpF1RWL9sX7=y(Z2|vu+5X(qffu?qOU1@zhNSxqC!o%tbb?frn z{TU0iNOnZ^Q>U?v0dXHNi#@^K8qm!yB`j z3lHQ0o?&AtT$rE7sW{CfW?Wju%1{_Ywt^*7x@C6b!BV_-u8Re!X>~4Mm6_iT%)rrh zhONk$*v5~2IT0QFc^N8G%WaN6#E-4JAMb0ZS3#i{g;^bDmN)qJf8|Fofys!0bXrRz zzl7?Ezg*IPaeT}#c1)tE8U0xd(iUyAUc zVLgeJ$v7US(y{JZ25zy0-&V#VT<4TD>PKvt_dz-rNc4odqtyXF&mpI@En@7M36pl? zzppNWP-%u8mo{+xY%iC_f%C?@IptRQSGz1J1$+~C!)Nwx?#YFpf8Mo;OWft=r2XR$fSoA}>q>+nL0_0EvQlPai(R8**a^H< zbqisRW`ObZ<&hi4b@4$&hzL`vnWzq}bQN_E#wrR^oW-yxt|wB2G$H@)VD2`8nboWNcVBrfH4w4hJ!$!iqEgjI=XY`qH0S}RUBv`0djP1|_8 zb0F%1x9kZ|gVOAmh>JKE(}#bH>d_%bZbgHnI9H0<9cShc>SJ5`dpbDNnczAzqydPB-NQcZ~z5fM68 zLC;0YeM=#MMCQCG-*M^t1wl|LV5UT*GEDd;)Vb8P=Ji zZaAgH3(BZ^gXttF<04kh3vE9W{4Sv0lFe!B$5y>4sGrh>E>Y_V{&q8@#LcVZNS^1p zT=0(MZXbLR&zfck3l?)WCJ^2cyb4wf#x&h%u?fHWb_r}eUeKnvEqHHA`$nYWB3Tem zr&~b%JO^e{FU(S0@D=gs_PkconBeQ30v8cGIJ;O(IBKc1OG~emp<~Jpye(Au8K7*q z2Vr9IhNI=G9yk_flW{rM)3=3Vl5fk3b^Ji0wE`=4$b>-VvmD%jArD)K(xrMOev1c4 zhxoHA!E@bFma-ZhnkcVXQey;tj?%mjYibui2;qOwL1QbgK4LRB-ihLyg9DUhKC(m? ztA6k=9eN8vE{E^tL9-ZkUilfPiekjl+ANKMxrMk3H^srhZotB4y~gSJZ%;PtbsL8r zFs$0c>pY#`xvTbDfHFfh0mwSUDtSw8-5*)0h|es6T|_zr6P@_6nd&sDUt=pL1{;VY zZR$u|?1Mi-(@DjWC=%0Dj%Y@LV zWX&u@0=3`VDwz6g8NddzK_UPpAqE|;%Bsgvk?bUWdL+4#-&5-11G7PEb5`h7jL>&w z2@(?+G)GPX1|1mYZB3Wcil&TU3ZE_Zkz@sy&hb6W;}TkZ*P4-_x{yb0_Eq)UEQDqc*}l2_7lUePdsMBtbKPiz@cVh^ZbD)bfVU`R$>G4kzjXrW91C? z?}I6tS!HGBoWW!q?5)fE1QN_@GlH9SGAt9;s3T)jSsVyqSCNIjXm(o|?eFY-dOM7A zDZ33IeTQoVOUf+`e0g7`3)r4$PneQG;+x3_WXvpiGS@oGdJy;}Wpi&MlW^B)M;#mEZ$0EU2hmkksZad>Lb^9S%7#j&}7Pp=K zZ9jhk*Ee=VT57ASY?r}r4c8fA#Pcd0<8wNFsn_r2iAf6dg*nKUP6_5{YJ9>k$5e+4 z$i?4)aWkK;rFqYe(MW0vnZ-T`N+2-VpckHHL`So9&MP%7Ma#yX^7KZ7lM@e?Vh5lo8;qtsy&F z)46`hb~!KKc1zNLwrM#tLeBa}Fm_ql1DsbU^4MC#wZs%|+cZj)4**9_aI_x*BF~(Q?!2>KP*=y~Y}-iew}Pj!?P!m6;s{}o&W0Sb z&1Zs5u{fIzF%)=d#LCLiOFi;P(h^u?M)M8b<2%TFU_T@#0w;NB4KBmPy~nA}y_ZdR zdPV+6bMpT^(td=awWoDVLL$f%>i7~+iykT>O+v{IjYDR&_zu#$Y!mk!3i};PKI1=o zuri2-NQZ*N9YbJty(jcGKc~`~Zj@;;nCgPF9k#Q#a9q{Qv*ELjLw~4H5JMUJ_K6QL zcUYpkA}mfN>}QR){P7{=ZVt&zCsHaz6luypxt5Q)CjC3Fb9xkNIj~kiN+Sf@ z1oeueqg*yW^fEjA1s}@M&OQGOE2}7^|Gc&3i1K;=;L+mk_so!S(gj z{;&=WhVx_9BF05*vwc#huUKiuI*dsXXPY~)9Aq>{7#?%_4`kl^;;AdTYH#>&!QU_R z;M^Yu<2^4=H*4?@uNye(MFjmLW`EJ9iMef6i-sC5W`^FT&@!^!6#G%-McF^C0balJ zt8jo)0th~CnQVO=l{^`d9dmsBfL6_>+;Xh@@ZkS4QRuDpE%p4TlzV}#kE$9yc+y+t zF~9zi-4Gfu(6**AC1_phy$yXcl154zd=U(_*LABNEq%igb}C?5ew0Z)U;TYGD!2cb zT8Xv&J^n#glVh|k@8ztE>Gi@pYRl(-+49U*cvi{%q$mO-7Qely;sg<@Q({rW!Q1U? zfukn1)J`9k4Tp1jg)HE0D`>JLD}Kc`4L+IICAThB6D6OmUlnE?8K~K z*5lu#^wcXuxAI-jOwFva-JPLBc3R9A$$ppDJ!EVcdnTyuhBXGG`bur9kVl{uOqrjM z*UNEM@uko?hX)1z?o5x)`(*Huw2vb|z&8Zbn31>O_M2`gQ7rlQ7Y<6AFf@mdDPzvx z0v?UquxhfBh9;i`58G$lmEGegoqH^2XMYYOrf>LqRDOrd&&9WO3B86az%#$RI;iM; z_52r8OPaEXC*|qxo>pt${!=Y%>yz3KNkO-n*K{27E_DzkYP9FLc1!nX`;v?-mFRcIzxevODJp@g8LO<60pN|yqh*+}Suq6nTkZz7_bJctoQlhC5LvR{%mIH5ilJ~-B zF+}et*mzjnP~1`yi&>W!RCvbr8UFOFydmnR9u*Nim(Rdct)J$ z4?$^yby}$ud#Xobsa|SkvnB>@`PHnsWcXWTHEk>Tqn$>*sU@F7f#Xm$Oec&2+Wm0X zE+Qyi0Q2h5rjT?Cv5J^-_p|eJD1IK#%aGIMPdset{-pFN$6QVKfp$?{nOTqs?5+U#n&=JNfE# z_(MDpiLk)Ub?^A+3y;oXtG=4W18Ble6S5oN%@eA*I9;rAtLl2od|s_nX_JZ?98zO8 zs14<8;+3-1{Q5eVL^$`SW9vr*(uggrpV0kM-wCKedZ;ff$C^EaTOn26>m-FZ27`@r zSFwk`m3cg?N2VI~FoGbY%LL)4Ac4*HIxj*XsC<8zAP^SWw2VgLwn@*&DiW}u%VBF$ zWYB)(tM`nHcR+kwfEZ)IkjCQ5pvA~m0vmHdkZ&7Hrwaq>dAEv{<=@T0dsWUtC;l~6 z_})H#*xpv+sL4RSdSnQ5H@R0(pQZp60sPe=CzKj zhsG55ECN@tw<^4g?v4}P(EU9%D*i~O!GFP@GT2GJS9H`XitB?8xpp3tQO!62&zZC& zIq@*A7RB$mZL=9l1HxpSV0p1F*<*eoC3GH};30aWEQu^KsBv!be%iOD8C$GOl}LZ| z^wMp89;os+xzwe~dCX7SkFEA{9-v*LM{#` zb4=qfEipxg_Hp(yVvJc}CiZ`kqOb&LP5!=We7=EyplA0?BnT zDArKbn_#F_KhaTd&@-%>A(>5nlWdt3Fa`-r9sT4~R-9i>R?og+p8AwH{7iSj`dhWR z$*4JI7DmduxL4`%uU;57-Td=CvF&-)9A5?<;}L4uuZ@CE_z!OG)s#Z2k_Tf}`=`<$ z*(K?@+34&x^b0p;`sRSF7&rwuDb?MxD0%3qVQP5<+^=rgY(CpWGuB0k)S1V&uO`36 zN|hyP54%m~4RW&VED!zO8cXG`GA^X^ymPlhw6tgW-5L@oeQG9)1r)F%C5alfQjo$5 z2h`gQ{%%s4sgkknkZ2&Y8Qn&EA)w5xpDtE3Tv(W!XM9e-!M*wHY}7xo$#mf z4hM7n3)Z8JX{Aozg5CW{XEHDONG;CrSYi;ET1ny6Z725f+hGoA@C zr8$%<2z15qKMvr9qQ!~(Fx!*)Uj$e3f4*Nbn~En&%j>2r5lrPrUSF#N5esE9qc&K7 z1Y*#s2O@%5d8QGRdDcKG(Pwmw<6Kfq^tozBz>^B;do&Uzy{Oz#H@QWJPWbG*`xVL+ST`lvj_(y#S+O}bD~mJdDW^Ao(jY@~vw zh5beAU-vu0@mMY_1ChyhIN~iO>$QJ!^M5o3 zaWZoTq$M1Bc|yH7v>>IB4^Wby>%;4|2eZ!1on5}-5rcX-KVi2iT9fNubehScLvsyD9FD^cxZ;c5Vl8()zS`*S%O6=i<1YD zuQ?hTfT<_&L9>*TjYzDdJ0ZdVXN3&u+^v&h(AXF``?rD_iL`|k4j%zaOx9tyOUfSI za-!)lMK@DBqGbD83G0H~A!hDf&Hq$MgS>faj?j6!C#SosW`?v>>#Q?QP z02A+yzl$=xi|8hLq-*eVOgP-;$(L|s$22g{w`eq9mW1rB7D5*bdfgX`=$KG4R?c?D zUG$kw$;;1b5k7&3b@yKjF#yjlirbr)EC6o_QjZ{PG{=(!1n__r-iRzjrmDy8()Vo# z(LMpKe(RerwR6&&@!w)hs8lfu@4^A=j)1v<=jf^P!}}L_zdywJioCDS=+&I{H~YUs zYKVZ7nQk_=YoVctcy{9%Whv@}zI41CgzuniuTC2tbL^H9v;wz{k^LLA0`xx2utIwvNreU1Ebj!_1Oomzj?CYjdq2NcyHiYX zOu7MaJD__eYxcZ%g=poCNYmckM6~et`Zl5Qr&?9DZWtJV?!@P5^w4otED_E6rblXJ zfLZ<$@D5$tz$*2oH3ORkSnhwqa`>kH+o;l$Oh>)2W8+`yg}k{7#V-Qj`k12D)-(4EQcxY=}4?+#7}uiu=D*FtI}fSs!hj- z(XAqTH;@gHD_F^9U#YSJZXkDMXzAN7TmI1p6_iU_<=c*Q;_iw6a$Eiwo*2I+@XUYA zk-063hLFFVKZn4RBdwzoU)xoL2jZL7@_ijJQ&m$7cc&rGwudVK~6>zDH(XXpSg*#iY z4+DFEl)mW0aB^GxY-o)dPjFB!uu}CGIowP(AHARaIY|@VHQrDb2_mdCxufZ%fP)S~ z3Vl)t*Esp85snBQ=A#5wggB15${+RD0?ETQV-kcHpETA+10G zZg74$iW>S0Qo7pz!`53zwHbBmzBm+jw?gsa#oa0H?oP1)#T|;fySo&34em~HE$+b` zPP)(8_wM_h`&Y(D-i%}=Yt6OZIiLCba07@ok_|GRaT&e0d<&6nzc4@hzJ;Wj1X?Pw zT_Ydodx2#=$9$}|`R+wRw|M*Th~jf69un#cC*@DfyW~j1-!8fedZa~0_?r^0hleU( zHnn!5@uO1QwxPkH?~gOM=3B|6dOLvG+Z8~!z+#W-;+~SUR&?xrdu6$f0#5i~5Yt9u zV$t(ItE1Hpc1eCU;BT*nKAn8-OZwKlO>K>~k>its8RvL= zyrY`RRikPaqHNhQRqJ>gcONfa5XF$mSpO#)i)TwqEQqDuv`OMjMW}f~+FasE z*3>P59%_<8<;7s)0u-BP>OV}7ru=nlOG+1Kc1VUsp3X13_i2HveCvNyYBz=moW@KJ zxJEbUx6V?&#h|KpAAM2TbjLSEu`ds62Z?#LFxe2?XwUUdi}Q8uAnnL|%C_@V=zU|V3C@5&v~zgI z8!Vh?m1XLg1D`pF)~#q3!~Q&2zvnXoimR#yKtd8BU#xx=!T^5!pgP2;*POr;WXCg* zoQ*AGju20+!|NU-!w54I`>amgD(&Vmbwg`~3;ng6D;(eVqbogRe1>#dslbzxV2I;6 zG$81nZ(KXZ7XvapfrL<8GJX-u6yj$<5bRBZ)Eh;%<>lrZO34I?^L{jkx8-Z6Vy3Tw zAPRr%JCmg$S*@dJB{nkdfwXGfdr>U*GYpfGbnj%_JP3gT%i-zTaw9P!#IVV;SYi}+ zgf5P~%rVbMKdcZ6mJ$Oac3S8I4J>}%`rKAOV1}~-N!!h6qzH*?gr^|0zE;5zk!$KD z437Tp3TUnvLK_uj##wG@rQmdp&BNN(+v;Kq5*}0Sh>_WdX{^8*sXNHGGWU?F4aDYr z`?xagXEK{A@I{k43^jriTW9qoAR#-c@mscG1rIZ0;*RF|ldos%jNxgRfWF&%z{h9j zxUOv;YvX*3M-HD{z6VAEElmWA`2NyfeF)g*8Tc4%{Pr{lQ2MU07P}J~{&FjaD}cBS zRv!4V<>i)QR5N0fqpGjmMaqPcbAz)0{6)VtxPQ7ZR=`9XcUf28eFvu3EB4RyjrdM;V$jU;tmy_0 zR!y_?vUHA=v#>t48GNuObN8bPJF%bPi*Uj5F*FVo-hCSWAG()hiHPp_dY{_+@T>mUcP6Gv9|gH(Bb@G)*)8R`OevqH+{tmIEK6XO8 zI}@vN%*+0dF^O=ej|A)n7_VGv3xnrn2Aj}RGjLuICwqK1-%nice~BOW!vksRM{Y0J zXSQW~HdV_a5Apdxs8s*aMhkAFWfIPlxzWJ$#Ck?22Vf)A zrvE*g>gawEDBd|I-yi3cWs^|hdnfoQeSnv!a9FyNxIbydPUb~ z_^D^#MW)7Bzw_J725x1Y!Z@3vuu=)61Hv;UYP3dp`5PLiX&iM} zSL$WeT(`r{NB6hy?>~#de>b-w#0lyxM+~A^ppE+cQ{g)wYi!5yoXYQomcV^#tC2Y}< zET^D5PXD;tb#Q7bTA=Boy0cf=qaLePSDDHW6U&A}#goMl^tzYhW4=@D>Dj_gzlEff z*U%^-XjeD_N5tKDKUw9)x!?1x87=ah-2e2M8!wTD+N)MkYXaEv_n;52iAOH}SkKN+ znHWCxEK9V9K;45VM}Pv+Y_RS(3kn%t`V8DcTTlo;JjJ7NQez%5$yoFe;sN+gz1mWWffEsN9tUwSnRt_T}5t%H-6Qc%^d-FZiSF< zQS#!s<4JZHXP^#`NZi&x5h}LiR9w5vs(!9WTX{4`P^KCQ1!IvexK#Bup~$^x0ytj>~e0q zRcu-PaHr&jS!?U#ML5fFHni_QA`xl=Xma+ddoCoegdLJTiw%#<$WLi+6%BYFtfWpr zMuwG_=Dx;G1reJ!imnyG2B+j@tFxiDB+XhzB0u6Mu_B@eO#5K>U`IJkV7vu`2^m}T zypo^M7%`N;|9G0p=39Fzo8fg2>J59L9jI(z;SvuG3@zHcKW0gvXA5GrB)_mz#CE_+ zl)}f26Sxh3j~i+WR?(qQ-Ois;7x9hROomjsK|Z{7kA)PMbZdfrFSHsq4s6V}6*gzc_nc0085EWXRwz7u#42Sp+axv`kB?y9otaG}{KZG%>1Rre7^3a-YpTfG zudNr>-QmwXE+;R%(06QZFLrMDG1Mc=qCdY#;b%48m~rXE2v#xT^VRytgrblbTlP>o z$BB&0!~VtdQ9QD=EX(n_u)1n5Nm0Pt46H*cWkdw|=R8hk99q%iqn;uN7Nrb+g2JcN zBs^J0&7uc9o-Agw8@p`Qzvm(480+`C9R)XduztA{*!dEK_v)0)CP3~$%P%EzAGn2o zs^#T+zB+yo-vmK`;;)*gDwwXh9sIi1%%~Z|xFO+pE@xqk9psl>rEhA-+EWx9G8M;D zIp~~^<<4|TZfF&{RTat#7owfhV#bBf3q4sWmf`Dx0 z+4$bb7qG%Ezqth^#BI3~CN$0MF$1h1tIXxKQ`uY=ZL4xjfMRfhMiqq}r$Xo-XTDqYZr zJ&~8%HbyX}nrrZ;eMP!vK5ij1%%)ggeIIw=n@e6^3`wykPPMbEvIPw~fi6FCO_bk( z=9zmoz9KoluclMh3%WzedLI;UWpH#RB6+a@@Jz2hdB(h9d{fdYb4flL9V(Q3_55>#=gwF^#a2Q41E1G)(}OfE z#3!34_E_R^HG`wLTC?U|a;r$?a_JJg|6OmCI_9g99iAEb&j!&`rNz;O)QW~kZBsTl zisY3WWtw3(B|M)f8JK|oi}Oo~5}+fW!P#*r?MCrKC{WlOq1O01BF5eBH9>wya#gBx zh`DuJ^r3&v_vqrI-{)eia=2qvH?^HXGWVpq+aimI-LtXd@ilV2`1<~RDA}OywGRnP z9%JwT4fcGlSXLf#oH~A_fP<|zUgHiY`{kDjR`ID?YSazMAmO20!aK4vAtF~2boVBks*!P?L^-^@ z3cRE)b~Npt5}U1t4}Q5aTb}_BZLtkm<+n`BDE|5At}`crt%;=d(_(kg^3ZxgcIV(pzWA^P z?C?I15U@_MGgyIV3u`r(`$~KELR2*-Ff#TQJX3`8D1buRS2eIumN+?*gP>FE9iXQ_sKI5x>_x3<`S~3)xIOZg1aW zt(D~~I!?2sB!U^HWUvyDV9s}bu|&Q&FgTVQ@j>Vu%hNCH zc3j#d9}d7`On$Ns3dMgTS7lbiKE?O()rZraa`5(=({)u~4Ovw0(hk`gUp>pcfz6t1VzBXzCO`HB%{P) zcFdaY175C^&RP2~m2NaV6lBec$$Ca}&KwG!k18xfs$GazUIsqZ!v^2A379NVwcXyI&FKu393V!nJRT2;^bWq=pNI(z3_m>i;+(z~pcnpDzFhvXNEKuAg zJY|?7y(Qu9kemj`JFv5o%N?TW+``)+9GNEGFY2{FA)Twh9SlXzlV|x@5 zSU|EOwW>ZP10y+s<;<{S>SLrYCFIx|bOH9xOx{I4Lc5jp+QuCw*^8_J!XJS<(#k`S zqVR%Jn@T<7FI`{^-Pc2+HM82!Zd`;_{foMNU776aNG#Fwcd`CF7|wEM=b^=uzU0i z!#3MYjHEZ-dG9+`j570r)XNC*b6`}T|By1Yr0z+>Z1uCGVIKP`@OxcwmXx#?QuWRm zI%2JV&e%W@S0r9NC$HA#{t}==-H*~)Z=e>XI+wcNPVqP66rbg<@v%|I!|_q0c);1J zrNTc`qSV3R6WmhK1E3l(2WPrAM#3ktjBJ%QHmD@A#KB*pJJX?LqV$Ohm%1) z_%4P%=jN%@QY2Z<+@+*hLr(>2ySPOLVO-8en zTjK2ko|ymUbnE5+-Q~KHzCOZWq$GQqrmDcJjcU&5(m6~NVw#0BLC{aaTcopUHHR@z ziaG%_Z*zwo&VDu5Nu9AM{samqZy0{!ln1~A_-2dr`uxc*B#V%rCXt| znAouW1{atEmx6*updL%47mwna$WK|bJU#G25f%$4nD3l&U9t>olC9qs*B8x+6HQ}) z8J6K+y>NMr(1r~VyIXsZSBnmlvxkVOzpEN3zB)xOVy&8%XQwbGBIDiMXz$7({+Obb zl&FgvfUuGp4K?RHoO#~($V78|>W>DuX+_^=#d5ENIR(Mj5wVB_>4wSA zM9hdp^iviTe*>K#39TCjhwzG#h*;*Xa7OUwwKL7JmF4#sCqitKIS&b*+N!HLW3p9M zO}N4u{S z7$ip9P#!C)%MZ42)g*Hi9e|uxa#Q*VA}NM>lT*%K2wvh{67}I16CxUG4Z{Gu!O?LD zhKh{xy5N5V7_``LP($0BW)pZOj5B|A%9N;im*dEGrfVm5eO8kF9u#=x%9k;Ro+fsK#Fo-l zO=oS;MjfR7ve(Q>17y{Nb1i^X-kgVD9ZL}f1SQ3hBxxigpk-+R*nr!DLZ;=XB?vgr z(wSKjV{X_*<97zC1om^PD#ZXv?T*1mjru6etBih^zc!KV?CX=eJ;gUuD#*F4%>aY# z`eNCQi52#VR#}1H3#AM9bT5EXal`{0wqN(Bo2t&;y;0-%QZEl=M#tXAT(Elm!279= z#BXT28=}$KVK~nS7jb`6!nUX)EUfccO^e_x^xzF(RdVdnr%&nnDK43nihc%W5ogc` zMt$1^O$E_428-alEBs9Hw>cNFkL?g~kNy~|GhU#!|CobSG|46F89|-Na*WqN3BnMJaY%3}i!Hsr?`i=aW ztiL{%?aH(k{ua$;pj-h|oR=rrpH^vlLS18Aw@P#*@WOX_bgG(X=Krv5CYnp0lneJ`RWJ<4%ro%8u zGvsaNnSWH5TJX$8D~d&BZ_}j62g^o(h=8|-w6#jr(!et$Jf0R#zKEcolXM|2tIuXp zMK_jj8Fe4!QxY}9-1Stkh-95YiruD9?welK&6d&`=$*&?ygGh^N1o=X8Ex< zHUe?+aO@mN@QL*C#SrBZ`h6K#u}c=6+Axui1>(a#fG0L3^=EJnmSfv*KOoA%01*(w zYI?vC7sqy@8Gw+t+NK@0v2>YTt__q{Z}|OalYGpss1t4YRasq`dybf=O~m^VCfuw7 z`rKB*Zhl+a)R)eJ42MLPUky!$n1?WO;FB{BQcw0w|@k4mLI*y#jolI;530M{;| z&g7yh-6^h9!?F{Vh0uRVoBqeu%?JNeYbEn8`nfP!qZs`Wa#MrYiktHq~v5j`qwUM#Ks4@7o`3 zy+I1mh#?kSYU(e`TKpTSR`RKKHoW(~0`0CXlqf*hEXom`KvuuGy_P5` zY*`DZw^JuGe%17HE%v`rkG;3n)zbABFI!LDn`C>wAE8_Acr*%t?2ZQjql67GQ^@Qh zB9MPlcU@2rnrweFo_+?k)~IS*=n>&UnI-P;PvA5CEmk)+0G9{qecsQ?zpb#F+zsfq z3H|X@ssIP!xB5N!qJpL-0j^mfR{2 zy+6kC2@)z|U`Lty{KN(!W_lam=UkPzM%@&D^-e;B#zwQ=5{h~w)EF!`5$8NR$>lfA z_OR~rpdSIaD0W%5IGs1X5LNT}pPMc^cozm@_zRms2to8xuo3+lJ{svhwb+r?Py`}l&q zep2nRiRutp=CD%huoret>;|`&L`+Snr918}YlI?c_7TZ3H# zM_?1kHu>(#Uq<~wi7mgXv}?JqVf&!Y3}TalN;^;0Wot^BlD?+y$hHGpl-n03)>HM` zYMqYl`5PUVhR0)4sohsiaoAcIotR=bBT}nxdQ!d6(eV93vt0N}ZPT4kFWd!>4QD?y zN1N+wP_T{L(Q@;a-L5d7r3CVo$Swi7r{0HzTfI2gK7(xD#!7hvNsD&Ht!AB_Scv?X z{bhgpTmPWCD2MV;T4m{SjvtjAEdZ!VBVKS-T>palyx{l*r1*frj&reqY+hv@wi1>Y zh#sHmWH(wpw6~WkMVrFT4UlasuCFRh@ac}%qaD}SN1a#l(e&m{_X+p1XE}T;2>vU5 z&tau%?n18C*h^z~aND5Ouh|l(?DZOZXqG8D@zMY^9w&d3O``3eJRGta!)yn zf)Xov8EDakXXI z?Oim#TdNc0d{*j&0sY+}i8T|!d&?fh`I<${;Hl#_;Lvod>3Mv3$_t++1es^jC9xp) z{yWYjD|%yZhp}9~;h!slgFsHvPfLB5fY{R=z6aEUHW2b<@a4;ixeBu8eGL~sQq3)* zx4VkOhr7`2E|yD5Y~i(w5uVY=!}5#wzY)PvfHMr1Q;x)azy+l#QSXZ+V@S#%vdB_A ztG)Tf9OHG!P$P71G^Km}`G=Wme={6sH22TY&`dYTej`qZwE;QWSckZKxtz<730VliZ6&H1qUjmos zONRHA3|$EQxyJL+pqFI`SVvjdL}MDb|MEYq!;B}uT$+=>3tW-egu~tK>cjIa)mEEM z5C*s~&cK1pwkwxHl< zXb7^PNQdX-(o|1&d3%nbgS)k}@5evHEWrNXj*lGaQ7;ue-N?bCPM~e=qmH7Y0pfZv z(9jy=QGA~(8A~EOi#ZJU!1l#$E7Nv%2LIBUFQuD)d^GJKc4W!l4N_yr&DOF{&xw(L z_+e~16*r_7g&1Z7)hf&v`ZFk7*RizdXdAud+^b4{Heb`l}57?HZQj@;UsBSoT^4$XMB}y=#Q!y zx(&`Y(e@ipyUTGdRy5lu@ww6p?oKM%x1B02(vG zZ-zK({uzeWXD6)+GrEr~a=j1Pqnr*h*6ocWd!Bj>oK3R{!|{--&$rNSQt>F`$MLAfo++eqOE|0A zHm|`k>NxkyX<5mz3P`%$F2(9sD7r z2z_C)_p)H?%M6hywQX_E(6SroE;rgGhMR4Y2qr;7cNP<1!LBLXekuk|HXA9wNn zlB=7kZ_Kyjo;7tbvsOc_2*Y)9;gB16&z{_X55U4xFdRV_@&7wTDgJBD0@lUI*&xUs zXaTm6{_@FofsVNv#*}{F>>4TdSL=cml^rM%ym82tvb{@rPoL?5oP_;X@Bt?UkXiFp zwR+_TwBUNBMgayHB1{ERDq8XRQ8ogUx(Eaw{=FSYYK}Ma=FE6?oMeOlalU;1zC%W6 zGA9-DzP%H6!sMavUien=KX>Z?vwlz^0!ARbA%Nnku?7ggA{{MaF|7YF*?<e5V1uw^kfw~D3yOJ95q-+lWoyespQLkxOxXB|d`QL6 z5k^SP(w^l#xnBrO>x^Se#|5dtFusmDG~&dqx0S6ZJ1~MW0EaWrkk~&Mzi`5~wKTK<<^PxhEZ$F%7rG~s_ zhlX8?^U~Ct6jRz+{JL26(BNQtR4@_=Bh`$V`t_yN@$S`f>{#P~gN*qz;?jAJpT8f< zpvjY~dyP}q`%eE2vmG4aO08p|S)_B54W+Z|B^T;*V`Y})-_t*Q7E{MXTdyQ2A)L>U zRh0$1h2^=S@biKl8b;_={-say;ax+QfUfJV<Dxn*PneL4J9f z;_AbtBWp8C_mbL2Ig$k5-E+HZS@nRA%RqO-rO8vOVuzFuEv4pfgZ+$e)_?z=4ifSE ze{UU@%)T$Y-WMgG=*@2?JaDLq%A_58oYcEm?HUJ>>Xo8Y56(eM=NGN~KKz035Eyu- z^y2uf6F!)A^PI1F9KUHeo7*U_l5y8TTRXi{mrEgp0S)OH@hkA5>2$H(d_1+oLOzo) z8X{E*RZcY^RgGV_R3Y2P8)9%@k^oAl*~+*U%~>JD_sEmlbcm^%J>>nC=p=wgXiO?JI!tKR^9o4pi7mn6b8y9 z43(w&E`(szixzWKovlqe&v#@VmoNg47W=h>li}e@u5Tea9nE_`?5jurgrE?SHtH1@ zK=0fJRKE-{05*h%|GZgawuSBv$B^(vEoMf>oGetU3Ua;dy6*D|MW?toq`0GaWAT=? ztKBlM3(dI4NDw|1_=HHt36Z+JuJ(UeOdgnP=jCge(qF=^u2r6)bUcjhRA()up)sFo zP5<&hovC?Oe1_jljZoyWUs%pwEiB!^Wg}N$qtU2-wzRQ1Pe0Z8t+P+a@#B`qOhIC+ zH$Ni~a@X{H)IA`aIX7e;J~TGjF{ud#AozH<^M3yLe58M5Dxvt6{8r=K;zZUugzt8S zO;V$8V`ICA1J2;mY-6tQqju*mc>YZCKg79lM|i`;cbq7v%CS2Y6qzNGe-or?g#0NW z@WlCpwgLJD4KW5V!2z38K$=r*Sl4QcMqJ`&WvO~hy~Nb^`_xU;uSK;p(?{Lg+o$R1 z#X^2wME*UYST?F>>9_8Z74r;%Pl({7eq;SI$D#pRXpb;+?m*q!RSG9+SVsl>1kT;O zyCPA-+|UK zFWaQk#F6|bfIg-QzW+Y8{daud9uXz4hau5^l=|(*gkUvXJYpCH){?!h{|U3Pk0=PYX;C|ndmG1!TQnS8!fTL_HPw%rzU3^P)X42<6naVtF z3+Pa&g!X!;dVQzNFKc@DM~nR&NeRZYe}kKQ#dw-@r}Okg^242A`_+_i)okHx+U!&S zdpLV-VDB;6mAd}BqfJ$r2e^M$KP5B0+d%3B`L8}=905)t@>F+=*Y84u z!vEddD84uSg}X?J)f)m|tbalZR^CgD|Dmi>eOx1i==k`UNg0*upB(fdZ7qX?;Uv!< z5YS$Rm0_WmBL!$Vfy#R2>$p85?T=M=3JZ{Jj@!wo3n&$FlQ1pcoIR9 zc-4M=c}xd3{uU2O6)KJqVVo#MT=I*->vLf6b*<)x(o;QelGxZeu5P=s-Z zl>cxm_HBIs@bFT#dEW4ZjUZSKn^YJ{&y;u@$9; oNX{vdnH*eZO@#yX{r@w;yeZ zI=qW2Pzv!Ou5>bk)A{c2N!!3LaV}xh&jbYHgEU+Oq(P#_!u$0T(W^Tl;4DHVXvx7@)7W{bZ(SyRmkck-nvd`HBlT zFPWD~itAii)$W&A)5lFg@%mn{u}W1N*Pd-~#Br*6%#0gWwULpLOX~}`TPf_hJE2^1 zgJaCkga@##f6B|-G)Z1t#HNJqnsS2BDA1sLP<+ZR6jzPU7qy1giK=^MsYZ;^GOQP? z($_jYBJbd{0=15~cDLUR-=8gcKG^|WSai~RQ8HqZ;YW~qwRQ{r@sdE9R}J^J^X*ML zTrN;j&(L;`x%d8`&x29}n85@m{^_y@x3? z!RK_&GP2c@U#_AgGor1etEfJ^*)xLEGn%W4GoI!~9|86f2Z&dBcg-;5)rkT5+705mhqj6HsGu6d zp8O3{AG}4zgNy^V37}gdKOMi_QrR@9HOnG@m1$3 z?Jnru!o2@Myx`J>=w~jVA>|$QOnYB_(zM08BB>f;S>5uFSPyAtzi zQiGPW5Nl)9< z;wh&94Hmv;nFgFdW7QtteoqJP#6Tdn>MC{v0n>)w4`oUlBPte`Pj(9!SiNW(Buw0{y}5A4AdCt`2JkF3}Ards1X_ zE|h9ZJcm(pC74u%AutlKvgHAyaK%tE2%DC~v^X;RtkXl8^87xiuv8FsEkFK@=>vKt zs@-b3tKIKpPT?=74eLj;eHPm;hKRb&m&$_N3REB=IWKI%X@?$p4Dxm1t2WgL%Uc8y zx?W;cCH`e+6=Hy0DTP*A$3`IgSlexkK1z#{UZ!%M-inC8J^#{OPE89%u)fj|Xr)^$ z!-hg^xY^E}ZR(pFSaIf3Zk?^ya^YjvXl=ZdxaJB@{@wye_*@z|!A&ox8Kbmw!pE_E zMMZ0m$PS&=RIX*i6K+Q>WvwIGPJc(47&$fs9=EqPj&6o%P09wk?w=W+eM>qXG=jdVJ}A^u#-k29Jivx31kAjqRn{Z9H#mfvVR zJFg=u^*lYL9(t1=*2BSyOv%`8rN;GTV!1RwcSu-?{6FPx4>n?BbO7i>?30tE&CwHH zyAdTW&jnc54Pt>?;x~%Es4EqC8Sax{`xaZehUeqM0K|uF%2Ts}LYsyD2j?mN;cUmD zbc^lc%~oEgBxSzFVF!0SRCX~%qJt@c7yeyiUpe!VEVMB(BP{GNe9W@UdzLT6vJ2Q6P1MMkZ|5&vD}z-<4ZbzYI|hh&p%&%MjT2<1ndv0Y)uVX2T~%lkCr#Rb`x zwbNZr?%P1N^CC;XNLH#7(oL5h4iLzUIA&%RL*V<3*a(i1g)^#t26Gzf5Tp>7cpq~D zCI)l}z)yS?C^I9wjtyf~Of(opnqcbKv#HLt@;dRlY&Gce?1*F{-d!E5GN2qfBO6 zp{U0ic&7yl*&Q9#8=h?n2{zfhZtU>?XBbmaI z&Oo}GJu(wQ!tZ3yQ0zh|%wS;LYx?c}Ah1Y?Hk?NTxkrM~br85wBFO^MY(it}RN-Q0(w`%5uk!EIL*@iULGqb_{ zPTeo@?8tqPEl5E6Voz}S@OFCxJ;@R?!}&A76#Wv0bXp*12aPyHsL^hzmx`uk>D7MY z(kJ6;TD6Aj+Bw=YU)hd;)7b8l&rgiWqN1PcOQA)3s5(UVoSr8X zo;H8LUkc28Q9Fuq<2_|&BzfLEJxQ&>_$@*x5CzMh+XKkCr}L5P&hfejJlxJJwnY6dth7ceRG!K#P~7#=nb+yvK}MR0v{#tnSC(b)XHLW~rEZShk2$ zm^wiw&Ja3Db#mXp5J~*wH0VXWfUTf4;NoQ){cPb7O16qsklP7eGT-g8vW?JD{C&RR z(QFP@Pbeo;%#8rI3e3|W-!@;mje87_L=MZP*%k{=(WyF)JIVAF>2$Cq0epSRJ#FJ) z>k-~koLJ|u`&s*<1^=`Q04J^1o^QWMG#_6psAjiUWKZsxMiWDW?DKMMbi9 zsGk=3I3amPCT{vaEJsp(X=KSLj4u0+6!L#%rRLDXG>WA>;R^1B$Y6dR)Hn&Bevnja zc-v@J8Wj9Ii&%`Pp&Zn!;LJiPZnUKx^k%4ZTU(qgAz!dx;{?*WXjbc3N7Tfyb>|^7 zXsoiR!j0$YYN^qRIV2P-G3ls(-E}HYipe&=6%dmdw`Xc{#(UTaC2Qr{^4ypbkyDV- z@aw!*ulQUXWM`gp`xFdY!YynJEXj`kIr`jGZ5eA|--(0$;uW##!FZJo321vZvIedS^Ngo`exI8m!rjM7OFVW zZU=E8R^vLxVIeQT?j8#Zmf3DP)vUKkOm~29*Eh?0DQ!gh)}$2)koyxzXTtv zEFcgOKONu(L&?N~DO`;+8O zN75;p!UHZx)E*QFC9S*`M{MTrB&#IZr9j1UN|jZE4YN8HNqAdhg>uY)%91Is5^QR`^cdO^f8mU$J4%@uy^SUMX8bwl=F5+Jx6F6n? zxqz%K#36_4Z=9l1i+>VY@(nHMIqWzh=b(*er^$Q+4X!f zPW^BqJ1a-HiOcqvhKeeE9-&d9V-n{LRiBLsJb3g&2TR?(Gme!ekANU=2_DD6eu~h_WkjABS9;L{DZhnB;4u(^K z)U*Md;mO$ObkoAfxj0@?=O9MBTX>*Ui3rxVpnG)H=jSvI#zzG*mLGLfFjD!}i^;*y zL6YImH2rWl$2;G_voN|Ry}-!>j^85YnDU%W!3=^erV5jxp6xt4yFh=j_dB63!;Y|s za(*;q`Y-Qa7l{iso_(L$j+FQXs9LMeY_d4{@pWvGQtmf9D+E#ds>eZ=rGRejtPr_y%6h!`(yfg!7 zwVUP7&huW$JxlmOtX-Q&>RTK*X_9*f+G|Gi%ozk`eR88$cQ||1rKz|gTdkoCV&4sQ zP#Qsi=*0R(B;Tk(u}be7;Y_P|45744UykazRxB!?azE zgk*f_bS^7$A?CIF&7w(5J8|l;_Q1qxIW^f`D_c;|0c~f{Szt*ZG$zO&wH40id_DZ8 z3M2^z8$tGH>-OS3Y&Cdf!J*FJHp11mjOC|zT7`Pjji?~sE({7h_dWubz|H%O9?Hty zLlK|x-i-fMU-^%{Hs%}5>&3P7!@u4R;9;;oK`o1a zL0Iy!dgj+C9on!N`?KZxfo!&GnTPjVD*N$vSbO02(&ZAsTS(JI75lVne+Vj9F-pYi zKkNw@%CQ>7#ziNJ8$@S5njmoz&1L9TdLk#D#8sN(nL$UaOiDvX5fuGmZrXETF_pFB z>pH!0aZk2kmw5#Cpqo44eaKQ?B;)j(FOjcnOnQ4kt1X*pnC2a}i+6%3{B+(`cvOt_ zeCu+^P=Fo`eL0cIwY1@Lcz$u%^BT<`4mBw#P zp3P&s#9|mSpt(7e5-Z`^O|>zGB$CWvRSp}>&q@^tJA(I_bxIhBWOHE3tG;an(9|O^ z00)r}qls=6ABhF-ps7gdFBbQW^~0_Aqk-yigmTJV%2hJL<}=DqgDhfkHnxJd#<7@k-_)XjN0|fU7)|>l}LkYpJ;BKHT8XqXT68POeHCHp>LE+ zT37#zuCoe?E9$m2?(Xi=xVt;SB?;~xoQB};?(R;|;O?Puw*+?x+E{S7{Xd*rb%>K z#h&u10)!LIpl8rDv7AbSkBFKUB-H7lXKm`suN#X*iEnyr8YdN#KcDkS``Pr3%n+cPpk3f#u39o1X_i4oo}r|)!oDvT0`x3v`oCyE#Gr96Mm4_`fAGA!z`vA6r>GT7u&vACvX04j z9!SD(^tVLb@?Zfy1&L9KDcE~6xNoUTYN8H}bu6p~VQ9_DnN#fm2{If%yj_ZMTympg zAzEKq)i=bAWY;=;>fa1M>ZX~1y)+ilUNK}Bza*l1;8&&kYp1OC3b}nw^l``OPY<8s z4rA+%W$}g(i=Yea>7H6zYo`htJ156^^NuL|Q zh~Y+L-5a!+53F5l4nK@X|9XYVPaJcwKlRNZ3{d}F~CYpxpmr6Ds8fLg6o_EMo;_yMz~&n8%-ryRg#zlB*n30xnWmY8U2T@!9xsh|@-`p4W z`0I3=l$rb2=ie#g#;xXT?Q#*L3)V9<<-`O(i^o0pyb)$>^+=Uon^mmkhu?hH$_ck2 zcAbHG6P!0{{_f5|tFZq14^(*$(QQLe#g1en@iFT>8neN0!oUkcWsCM4Fdlu?JP@?VAh_69 zbweqJBmu@CLjNFoYJ2E$h^oL z5gI>{8qq3cdoXhj>v@IzYe#KO=()_fo(KbmTpJVwYT9dBQZ=D^nRs4!Jrseqn{7Be zcf$!YZP3kWaHa~!ucIx}D$Z*x#`%Ic}`~JB8KFOpr#Co-JuOrsbug;K( zSvA*cYfpAUyeytQw_O|mFoGNVkngV%qpHthnmH^&-U;~b{iGDraX(V(U;3(XBM+BB zo5NoMMZJLt$VkpPpaU&9J|bGBp6zIEA(^aAa>SSvqO$XpERH}`$|_uX=)XFj z(m~e1T0FYE$PV{EI09CuFBR^x)I|!ANyv282jXKkx85;siLIjI+@FOQ5LF$w-2vxL z5i1Mpm`AgU6TaIM9d0y`r61gHzZJJ~sDG*1kkdguc z4af6gV){Ywl$|kxXiNhPe2#m+v3<6Pc@-7V~(tgv&ZG#k1sX$~pCq-e0D0 zzY;1*YKfG3$uK=ED07SzHBUiUK)>UAPjIwpT*=o0&e*KbvFac_1=T+EocQeoWz46z z-<9KDa{cem1BK;^9Il(cDz}z=A>4ws-q#7`iZK~YA!QIC&OugSujA(Yc2=JsI#1Pj z9ypM0Ye_Q+kfpuNZG^OrL(d;qfgg);{R3q`F3pk7I(B+#-pWV%byX!aF-_)ir7?K$MJJ7m8Pktgm{#f+!C@r{syPJ=Mr@* z@~BRXB-#X4*|xLBUea*K2~}Jia#!#E95m!XjBI%HE{S(s7c%%6Qc%QZJO1t-So2KY z(n~ES{OWjjf{Lc54vG2|VloAYeQcnz=Cs6@bPPluTUo+W&?*!huC=MT9iIT;H4Zoe z-%^Pkl2a=&gs0OQ9oO6NXW3j*8TuU)v;e+^xq^e!`7ez^YI!spfd)+^8yrd8enUW9 zmA?t01gq@nB{@hhm=)@&FfT@te(%rt+eyLh&0>+Y^dXe*etXf325?rKDNu+sb1r=Y zTw&Xg%e#lOlC^VY>6glxd`IRkCVEcI`8i?vb4Yf8U4f2%?;OtlUn*EQQTWi?LaU%q zYx#KL?IWTs_yF>6(4GUh2hiB=L?N1exSA2oSa*mkJD*Llm4;|t2siAhh=+Z5c;#_R zkTn-LvLx1zP!N%{kVAcmn2wl+qN7KXgJD3H%1q*(GiW@IDdq&k;WxR>0htr7$a&BL zNmgSTcwqZhb{s(~A_to{Bic$tn!ytmZuEUVrf-Xfh9jbTOA6$&p5>ELHR{{JK3k-f zN!~=cPw~NrE;poTbH#8zJ2CTdaYEng^1gZ{oE1y>)z9bPT4#h`gtRI z8={%zE672m{+P@9{HF*>7EQX>_pT|*@aV%NQM|;%x^FzGSvGQq=I2JgSKolxBTk2! znK&nJ^CboQyL#C{jXvojK~rRvkQQHaKmkCH`zgQO%I|C+5(|a1JN7-5a0h1=*OAD? zwkTS%%QMt3Ql3uFP9_6)P)hZVvYsLevUF_YkF~5=LkVj$Tz@MF2uCi` z{4FWY=6BN%M_eS}ozQPpUZs$?uT3rb#J$Pc-U9tjQ7=7Rt8GWiJDd~Wq`no^4llgU zoL9`LMk8WiH+?f7hsl;h;pcOBNXSN$#h2|_v{`fA#+Aolfh%tsmvde?;QvpKULQ7| z#3OhdW`*6-%uGx!=WnW9rlsc)u~P<_pX&)ViT@vN=b$`c$C%uH(*kf`tdN4}E2KBC zb&1&$GjdDx5X)w9YpItFK$}}j@%B?s=*y$T*lbp#_2H+c9wZAHLkmiEy)y1)8{v-7 zM#-ibgOQ2(4g&8+E;@chop(xd6B5n$a|`|Hd7X&8l&$;X`Yy>Jc9)14uAq8h)Fcdr z`+WQH{`7NxqqF*Ux_z5daG`K@+iUrm?`Tii@xt%JR=UyCl82A0iBK^v#I8Zcb;C^v*}!i z5Ks0*Y(P5yR;dbC+#bx~+C;ii><{U06D4^LHH6{v0>m+j7kti_WDgAr6ixA>xl7`` zFF819q07y)V*3I9SF^R0fZRW_iw*vAxvF?WfN4%~9J!eJM|e5Zk3;o-0Snw*muL0B z|Ln4Npjo4v{>7*fcegZ}a9FT|p3-Y#RG7xSyJh2wy=4DHTtkKPD+#8p4)FI=jmEj@ z-Iyy7N5Mdqn?;u(XA_n*YF-xE((&;mf7$fCYgP9N+Y3gDZ;g4CDIWZcEhW1t)fp5V z@s6Vx&Yk3Ly8}C0bReTCoeQ|*>HxE%P_0?kE&&}f-(Eh(P15Usy}}UywlwzGGNlu5 zJ=YbzA-4q!Ku=KBmdWOW@T z0sG(QFhsAYrqqD#hAIvkNky(TjS06?bip`t^kFvaM1ZVNDVq*<>Q&!Mg71TW15|kd z=3$t0wS9?*#*qc5H7k*J278t>0^Nd_n%_SDSs^9MJl@vH%+*@VoGjObE_?5ReFYvZ zdTBWYJ_Y5Z7syb?W)3aFolJy3wlD>RPZ6|X>PI9sKu+^L8@36`v}#Yxws0)z!fj8t zyrq4>Gu;chC*PMyNuv!&Ks&pvzXlR)ccncR7^S*0qt?$SWv0NXC{?UDFJ zOEocthU7VzUwAU>SNGD3^85}jvCHwqQw$O)AO`JM6XgS6u|?3AO3) zpl`E~SgCG_PYEA?2NBWKwIOC_Z1l?#@JIJ$F;=AYScOzC-m{8z13pq~ahjr@f68uW1dW-lShs!Ma$}+(g?9YNFxoP=R!4w7K}Na}}Av z*dxM!00W4YN#pFhNNOswOgF4*3T5y|J;p2e`1hATeXJ@#-Fr6$IMDu;`?#oxVVshfQCy=n-XO4jMXGr6s2=-BK^Z>^G;6{cxhAF z;=X?YHl{Ik#WH0z>T-A0ZebV^T#~tyK0PKZ2%I^LR>vAqL$+5>zzbe=Usxktg0mKDsCl z1O>X0wg|~0EYsb$)`uEc=cSN^^trlGtpzNUwW|a$Ft+n}k34OVwGWBRv17p@Sgt+| zUj;ZanX#E~tcAGux@JD>*#LWB)Rff$s3TXG-K&QO)}$2Lg;zDfRr>G2ms~+j6{Y@Y zs&fbkW%p;wyfa#{Uk}dh@_d3CO(u6gxBWQ@v*FUJ(~cmdA?2zz9|$SrQTJ;ywj>`D zdnCe+AR3A?rqf?oJ+u4P?DcD{wWbcUWu(aebE!ZXb!oIa+!nmPZwTVlpQiFyR$=di zyx6MlRy5NwvN&@x@+L(aFnelaXXAltNCLvHn3o6!;m*V^Yn*eX7r!WOrwla@DsV!K zrBQaoFq6;=S^jDKN|oP+BA{RVQ-Wm5DA?l&U1&m|bab`w{mLjp0&M-*WYQq$nUfa~ zWqAkz$;c$eb;sJGMoQ+Hj6Fj+=ZHQzidY1M=HZ`MSX)=r!TvsOY!lYjD=#ttBO+qj zBIorUGkWI0E_}bY3PuC~bYH17JrrN~)os2SvY8!lyDm>M49fhD`W%8dsx>^*hf_g*Qck9ZBhavh17^`Y zo=;mE_N)hFuW7(K*A5x$LEK>az#UkB8|RUYKLx71=qADMoCM8nR5zKuxOc6ZZ#$kY zRV5VM4PKGu%PZCv`8F!WlskIyB(1E>r27Kd#?~`g42EmPNRC4H$QkGDRfvB+U&KxL z;Jo4fPc1!`)XuFGl%vXLh?yc4t4dQjw=0Jt+g78!-SmU;*7 zUFJS(qsT2Zm!Qc66PB205^14@h0rJeY_?J%VX|8PX+}GR#jn5wyQ<{C-2mvwETVZ1Di|)QlS;Q^<+oftS^@v`Re9r+dYLHdIv zhQHvmunZa$q$SVT`|0~o5F`4On_r1Bb#lvPB$`dy%l%Gr_)6pz1Y01UO?g!oObum0 ziOocc4;?C%+0rQcYN28w{$z0p5V1s)nn%JMPvs^qw{5-|Bk_X!iP3SnU9}acne|;+ zIWyQXI<44XshICOKYtT;UX#Q%ch_WA?zk5+nkkh$?DNreF^uzH=OA?6G5;MIDIrRb zjDMNMC|3+%(LqS#5D6hqGrsYM^5~4)ivC}AoCKUV*(JJTcJsTEgq0YaG7OO9_1o{r z@|B|uoWMSgi^zcMao=6??t1Z+uXt?xoe|%a@qNJIZCt7(rRU% z=QKpl+*JwWBl?d5KXP8aOUbXN1Dcn7&mgby3(6k~VD?j06 z8jgFxm?%GwFb_q-m$Csb(Krm;3HJmxgIbg>EbKF@WbHh#yh1un zaG;F8!3~j(k3u&tJULM6OBAc5w(&&u;Q;-5*lvvh7?*DlrnJ=?fH$&XD8z3+Rdhd} zU9`txnyF92B)M@Z7&~g{WdItHb|)HEv+X4OHgJ%3B`m*tlB%H(vgc#KyR`5+%)-sf ztC;kLDW&9&w)tD#OZy7Np(sQOPI)>IY3a7vXUJ7p8_<28t)ytTiT=+gN(UjXV1-Uz z=_nVd3Yk%jlK_(rI#7;MpDxz}i|PiSF3xoFeZHG8AyPhgMc{~3_|JaXCtNGJBC^em zc@HKXZ8hz;%(vA-xKJtKV!a6eb`wQ@qG3W=pPJxMz77{*g>6v^Pc9ZWh~M| zQ?Ng@gxg#p3|P+zKb|}*r@(~WO+F1Nq*jm0Qu*}P*5-)-psf1#h;ZbfL`t;UVt|Fo zmZI5JbIpB{}FbCVxc{S9o!|KOG2scVtDt2N(8(J*FHzxnisTY+o>$u1TZWl;cnFMwPP^m!D%5;F*~!ANm}C z4p-OmIRXhnd??oVkFnbrb{Ai8_z^H>E>`@KQ@Ai~4du9@YeSbg9NwlI%eVNn4VDeC z0E4nn5~=EZR_ixeVG(QyU_Jk(wu#s8|IP0m{7&5AFQW8P@0m0?wtjxjO56ox6M^>7 zo}e2(;dosQT(f%9=5j9P7>m1^{HKwHc|u={xx>W(yc50&Y9zTpo{6I@KO_T=ymsRBdI({La87ZXCwulL)j3toXjf@vg@riZT z;G%ltU&<$^)eKh0@1EVuXOm^3h5Iq94z5DV#x75{g&wLeo2NPGJ;Ukv043YESSOqK zm9@B49$56hM3wf739gYRWLig7Ha58rw}~GQ$CuU4hWns+QfE!!G6+Iup}{23b74o@ zadA{Wy(;>TmSU#j^@LslAkG?4ov>u)6$*S`Ley%)HnN%EcI1x!Y|i6*xm#wjz7~g^2PO&)6tIZ)RT6)k#EfYkZDJsec`e)N z=N25M7s0~2ddiQ_1s6vC+pY5zMkYhYQnLd(H&Q#nDM7dE8ac&^qqJmlnDV}OaB|_^ z1id;96iO0~=kUmBfp|w@PYT(gG?<6**lG~%(A3y*?|>$I5tMB5{#RU$7>tzd{w4%{&an6Kjy#N~UQ6vt(yjS9N<3xo6qC(8nu6 zoNN+)xK>94m%J6kmLoBF0y{kM-TT49mfF!c8m}5}p$$Qfv_F_OMg%Rh44w`Lmlolk z-K1|Lt|G73f0J*u^Q@tJP)h^nFQTJIX2@HM8EviDQU2HnQ?mp&Jn;$G-G;tz@q4PO z)0$TAuinDV4yD8up^apbh$VVXy>DvTFd^D^gztiqb_l`8Uk4%dr!Ku8b%-q7PyS~j zdiWZqh%!Q8ae~-ULTH2AanBP@07JILBiBRJQC#K%c_pcm>Z6m7o5Vs||nxN|64i#UKwaLilwHI(1>)`buhK?`$neCvjsOzsC_52M?)>^a*gL(KIES5}euh8&iTTj^tY_wShSU+|(R+yHbOfx( zJMZ`b%$%V*x0$e-sh1y*Lo==hc&D`)rBx8;+@a{pomIWj?DBajnlSY9eDZ55*kyfV z$L?FqTv~GXtj{C%LePb6pPE9u9Mnmib@1w`?r~%>VhbwaY@7mG zx)VaLCYO2XSeU~pb1yvmU=HEYp2S^}NUBFg7P;rT#hftyw`3?`196t&lB^JFxzKHa zfSvGpD{+D}t=jjH+;QHJ~{*uJvoReF9{DYcI1M(6O*?yU`U7>$XTJ^Xu+1?APtdj*9! zC&s}s%E3Iq=hO?@as`mjBz(}a$fiZuLnQVrT_@HZRq4>eFC^m&wv%ClXKO;~i#2Pl zIe~vh)dUWB-(=S-ST2Waa_J$t*4Z60D)799$Pe-qhz5V%y;Yt0R{ zlSVOOYpR!tf{)6dAklYB}1{1F& z`b8qRkm=PocLdBCjx$do`+k0YdjcYv&JDUNB-jLK^H_q8Ya5d^kIq?Y5lOH>m` zinhl9Gmz=*?+1uTnp+RTpD@u8&H3ItJVFRmda8XgRT1GcPS_ykcj$mXAa#Cy?85_z z*+w`rZ0djdqYJ9FF>u#wWWnyhv2qSH$(x}A&n`TP-rdMWD+0ijfY8~&>lEP~&Dwii zMl(Nzb`+~eKA)umG#iP3ft9ga73zi7Jq4|#AftcIb2nqyHXSpkA}^vVZ&$Ydqg{x` z)u(lsJC6j{2uC4Trzr+?9(|Q^&nG;pcUluRE4nt2ndD|F7ch7opg^R>K^V)vG6B`C zOU&8S>@gLF*7NZG?5Uq=%pn9!75Q|N5g?;ed%MqDuQG@s$SMCX-7cn&QREBxJ+#kM z+A9qo-``QkI>tzNFAa+eZRh@dr_>QJ`A(N5(;aIk>!^jLWAP(t#6#i7p1@_Kz{lL_ zNF%zg4jyN2iLK#0g1r=tr$W~5g$rE-v}srf$2+ghKj~ye*5=q>CU?tq!$!nZMKk*Ub?>{BQDb#~ zlUVSNUQ2}F%CSsytF)Sf*PAUuYsgo}T8UqS*1PP=V`H7qAtzvD`Q(HZ6H{sYQvF)s7T1)nc+!;N$g zhDK(ke0#q8;RLEBZVQ$h+${A~7w|hliaoF^iI>O~=6_VSvOSF3veF7@OlDX>+`kEW zhuv)Ndm`692OhcLme1@zOA@OKdtUBE{EagykSms48V1g){=AhC%0#xhS$FQ;HO>>1 zn#D}JaZF{(Ikn%9E)Mz*3b;6{*pY`G06i{A$++i_6{5HO@IQziol06#n2=crJ_H={ z=Dv${w<0s3j43^`et44wdL7EJDZj+sgr+qBusLCHr!%)2YwY_MStz5|WOm!NA-*UW z04!(H;i1)}*YCl5JAMtpGWR)dsvt&@dq0gm?{Y!Au6BK&nY5(@Ydn~{DUk^*JOd(r zjk)v9$!zzsEGP2_hMB@4)3mfOnnd7U9^T}WR#`o60)3hS!6Av72IG(416+8o0A$s{ zl1!qjM%}0w)fAezv|2zBBwpE1NWh&N9-=9!?$(dlGv$=NUX`&aFFzIjK`Rq%yj6Hp zPs+8Y^00aJF6qL=6^iEK<1>^h&p{-_)O-*o#Vn;&ZXPuff!n180WtIzT&wI(hrsBXflK#K|B+PH)ceRMfYKI1(bIo zaNsax_3labZbOv8X4THf;OFej0?&O&aBmv8%&*K85F5LG;G=9e?i~%-8{kSy$`k1M zJRvgEweMh#Hsj19X8Y}U<}%by`=aOT>Bq4IB|kkY6Pi$WS`{`Li3c9}&Ah@QdIA{Y zq%08iPI-2(Sk7h)jnpX+3jGv`!DRh7q&Sqd8!jtfdM3J$GrszrBqr;7DmLf5)}MW zQ{gEeQmOiRO@D@oZkp@nuSYpd;Kd=~^dDp!5}HzZMb`vY-;37F`0vIz#)ba>yq#X} z1@tVL5EfLfRZem|HFhdl>dt+Y9=vCSN>vIFMB!I~Jlw45JT}ZB!?9(e$6}BFaMdNu z9@kCWvfhCaCxHcChHlp#gdtkZmC=?XnatU}})C z#DZ7^s>;o(5%Yj@-BZcR?eN#OIWfy7SXCarLIBX91hZ|=0ivEw=}yF zpIW7OiI1Xr3Zl(2qiO_)+e-38GsC@>Q@V0{Ms|Y82~!4~vqmhT z7?AxuMDcj`r?>L)1OIXlmHm6-`@^;{p?g$ZrI@?rc;}^h;9GMmkNb&BD8~;KLN?=r z1xvi}dQLb29A{`k&acpy^5kRomt6^QwQ+C*Xz7L!qsJoLL>|97?_3zbo$oh9`7fpUouw! zDICi5gn}z@B=pt9rAw0YHd!Kh=xQ07sI*MUH$<8Rgo%=UJAPqk(=#(T8~#4OhX*Nk z@xkA1Ljug*f4Ri)s3)VDLOhEbMN-2Kz3oPtHKOWaw1RARcyA-#!)ahLTGsN~T7)o!U&e!=x z?UzNu0SbuYK-F9t^~@k4k56#8L&H76!hE)%pkd$7R&&(Ne5f%r?Rrqr5nbn2Vh4>^ z^yfB|=ks5g&0o>8F%Jv|B-RO~f->CZH9Het-UK}d4i0GU*={Aa?2(8Es*wk6P7w?5 zz?Dl=t2jxBZQTqV9dnJ25!(wV`M!3sDsqU?wS*>%lARemW-Ku@)Kjfzwqm^1w|HE zfU#yqM$tp3u6KEk*)YN%CAfJBT*d`eV(f1RV=;MT`QbIJd}Gol?V+}LLP71RUnYhd z>qu+G=*|`@-QgCpxH2JfTIUx3V+a#lwW9wTbk>F`WHo2HuDs8SF3zovKXS!Z1iK

|iQ5(Rv^Kv2`3{zQOXo%^<2=!|X52*{05CN(#t*H~ zBito!{}S=&9UcYnx)qGKk51_^UDr`7I~+%@I>iil%4BwW*zmaO9B4n?v18*o%>2&7 zi60Qk^JA>WDCb1romp}yP>j(HykvYsB^B<^zQgVcC}pHCKSj0)z~NgST9|wWF19H} z%jEWq7FKgxk)n8rzOE}Z4!!`;^%Xx!i8Nj`Mq6nI4nI0~eb)*AV@&AbF{HW^te|Rj zRhE}2&1)X5d`m5)+vins65W-l9$*fpFycje^bTk9xpHC08426V6cbJM1z<809wE`g z3kH=;v*baHu!0kl3JR_mRXp_ahd#qSrFSQP&fsF(Xu7b-b`rmHidt|s;q6pMy_fz3 zB|(17FF_r4uHw$LCg3!#xU6!xxIkKCks>zYnSiONkV_y-;*-mVbsPW|qRBc}6MCYX zw@faH=`y8zT-J)5PHaCrn zTZdjScmho+i5Fos87%>ZK1 zIUe=w7}Wa7p9+(pNRsA+%&lemi>d}n$vqBk2hq>zkXcUX$A>Igs7%E`T&y-+l!QfA zBVs82)x0N)=BS49w->w`=k%kIXM4~7wGXdj%yKR~r>q5y+bCRU1oS3kC%anPB?P^nUr^KvVbZhfyC4z^?zQ4`b^xF$N~E4#1-c&+ zvRlh@yom4kXN1i-!^|r;EsZX+%DEeIZB}@AX5r{s-S!*p{do6vOA~I)3)Jj4E8OK! z+C!cdr?vViU~1m+r)udZKvVN*UnAJfBVHV$8Mw+BUUm)uHtZtu!Z^bPDsp^E)9~FD zzEi}bx`_$U3W~qii}>-(-4qho8N;fAwK-(t>H}3+Y+;MB7T(4L{>4X6|5X4?9nRP? z3G5qlDShDLuG2`{?Wn15z4iGK3PaAO*Y$hz;pN2;@gCEHR-TXs0D-yeJ_CA>fw+vi z?tzVXzxsP0+A&6dQf}OcWwM8oy&@Y@@iEGKtl81SLLGNH;k~tJGV6hK@<&!jeTrcM zrjYH-c7;UBcj}cWyoGjVjSu3s>vAZMNOiv~E7U*voRMysk5wCTc$oh(6XSXwCpfZABrT+B9m16Ev(@&y#E)r zDYz7hyBVLHC1>XiYLrtxltYY}lE0q`>}s3XDR*h6u}{%|D{DYhIxY)Kz7rI@Pox>$ z|8aX|n3HD|MK)rqLLL`=ofKZ8t*=n(ePD&UGVz?)$|28$!V414YU#lPAsYoKzXrRv z42+5N2tB048Sz;ATRNJe!Sf61!Jx){RmHCxdx`9Z%Yznw9oYk%Nj@s5?#4#w|9EWe zD`#F6Ym%0vG{gAktGhTv5ejn|x;>|=x{}2uh)VfuZdpsS?~@X-YRgXnDtopnZ?Jz= z5hG8)xBAm43{FEBgB7$m=#JD@m;eN_&J~6q`KL~fAfC(7fA|#S4IXBnq7%q9LFvyE zLjydB+Eq5|{QvkI4RNig|I|Opu;($!T-gdC=6Qhr3ah`l30&sbZ?ZJ>uriitMu_15 zd`M7$Nc#>MCW-6I$(W>h#qIH$C?#QooppM28Wm72c8worY^;3f@`dllp6zqJNc{4y zWUJZ<$eULoqX~tjznMVM~yx{{)k`>u-5=T zD3QX5sm`(Fk$h{Sa1k$i6%1R=^Gd{d^xM~MFqr^ zl)yB>(pmmgpfU@;{|G2ZP3?(Bh8r`@E8Tra;3>QnJ)zwRR4lp{3xCMx9vYWTvVHNL0%nfF=yT5cb#POfZUdkkfjiiOnc+FDi2cRMw*;7vb@E(FZMe{l8n#Onk~+` zVJS>co(Eh>QcPk<A%z_5$zH*$(KlRweGM_3SQKkU4qb&@0)^e@2zNY19h4ugvO>Xux6Q_y<8&9qa zg|&mkD--80VG4X4bDz~dyme=6@V$odybfPwKf)i=;cr+0_`NiXx2b^zQ<Q7U zAb&<4s(x*tTPv>-$`%Z(Bn2Yc4hHdpCo?i>p--gHCCngbrbGynRcH@(sBC-@$_nFx z&dZtoib+Zs#5RCBu~Q)WbeP!l15=(UXy^c0EK1pctsre!-q}9(;bwmeq&l)sGD0jV zwy#;$@Z~7!eRPsWRdK>XD3ZwCsjA>g~^cT1GlYg*8)y3T`1Ca4>sK88X7jow_}l4eZoeXFSe=Df9{^?2K4V z?U5lx22;0$XZ%9^j39~PCcC+_2=$fvBM3ikJ~*hYbt4LHzn^_uRj8h(*6E;4m^C*h9F zT?K*6&dHw+a0CVi*4(r}vSY7&H*?T%mO!a}CRgBIlDHLc2ig-4aYn~uDklYeW!+$3DYuq-` zx|s`)9~jF%(V4|wUP5B30w;@UPNL~=32G-r#W(Fps zgc+NuC@tV`@pxl9?#iXoAJ$bH7(u1V^d%ME{NOO9^@d5}1o;x*y+Kc>Iu1RC2*q^W zs$z z1g@rJ>11U0pQQB~x^-I?l*+)<%LKn~-O{Ti7G&SlZrc{rQi$I0fe+XEzlw_vzT(Q15Xl<)EcOnqt@L_zL#tP$ z=#YUS?v4?Zb&%SJ;akJ8gWl`|>GpTON-e@Ys?olNH@!x2%A-uq3UBX0@MG1yLig+m z+HU)Hz~tszrSHbPe&GVaf~kWnJyYyG*#&G=g;@G6v1H`~j!sLAFp%6b&wZ@vy5upU zYn~xal$f-Les+iY2E`q%h0e*%7{lG{0cGvXYOp=tttOI+qc#$dNHFNTEOX<1lXG`x zG~yEj{b_K`!k$55*7wg%XGD`tbd^48sRIiM|MoV;zJLp!v8BCt z3lhQkBCm+`fwO=7Zp2gh+%&wve(Lu-{%9Vhl108Jkz(c5GupnflP_Y2$^n3)s8DI8 zDd%Ff!zlmnw)Vz*2qOvV7x+v7e+)h-qH;XZgqx8?1k+`fi*F^g*BWjxd!NVhqKG7^ zv=^ep$6Er(z%lLz++kwlxE{s8p}C+YJ7+7pNfqNrw;@5vr}6ir9EkyFC~T9qV_GP| zXW?JP{^>CsAW_VpVXh%fFzA5M)zWW0a~a@*p6F4^Rs4Iajit9_G8jjgI*r<9e3}@k zw!&Yq8Slu0do_`dfzH7J)s&b!#ZEIl@YSh^#n*0KDinG|1aH~~%jQ@?H-ccrD#Ew8 z65KxJhyjye%pKH)y)S7D;rzzx1r0qoye-7uXm&6Si0{bPuvgbTDeAjoCZS2ZaX6}hcsIhcb(x8II2uX2(&$S=jj8^_?e7k6isRL*~M!Y=V82elb zaY2i6A<~UyePBHTvv{K`?en(lc%o3m_UWy<>iv(_SI)Au2O-`v3Gh_4DI8>a{X^oE z66#+B`xxip*MDa8lo9{J+P-EcgT=v?S&32VNPY%y1&=+=66iQV{BWnHp%DwWCW^D& zr`|4<3#1(S&%d7Ar7>O!y2kIMFwV30pqV2cq^xV&qlGovq0*kao-2#lHyRU0URotDfa>-1bgi#W@Dswptn*6pSAm?pvu>jZ2mq zLz@!Ev}Wu=NBAB1cFy!$v$%a{ADZMPPC`LjudS;tC6*olL`!Zy)ubsT{{pQ~ICF2| zdKL6w{DIq2y&=7VnT4lN2QhLK`082K*QAx7TK#?~-dof;_$1Wwqvm^==>yDndlVqT zRZ{evQpz=kMZ5-MfQ(U1=1BMHE&Z%Cl4H{Z9SH4aH_`9YtQXGS%2L4I^5^dW#wX>T zt_ewQ^3~S##>(U3+O@sU9Hr0xP#(m`HLLl)2bgPF$&}<}GfD~lX^Eonu>F?rb8IjJ zpJINUDF*-d0+mRXBQ!NC#U09`ka5D_adpNvPnW&Ujb=Hx)f{ygP&%@8bzRsq{w38} zC;7LOVJ^~IZYK1od;q?l@_5ue$idpWmdZri^}f;TsK zbL?=gaV#G~6wVP@dHk;|0B^8a42`f~ON5_Hz(!=tuF-3q2>ieB@Au@HuNp+yDc+0? z_KwlItU*K`F(&r%h^wfN7*J%7c{Y6EJ0paaF@jQNxVAU}GS5n#KXPmiZ>#;K zx=y{9dgC;{9XbOT^^Psy4NJ3zUj!W1RleC`L80u0@uoke!9x2GN&{Ga-Otv5P#ux& zq&FmQlN35IuM>W4OOmc(h-p*<5$JfO?V>~(_URgOV~iajpB0P54n8eK%1WScuTGLq z5W^XqGrT0nlPFjR!b&dguzvYElM$f+>-_mOW44i6b*xla3H%^BjS?>W^WOCD)8JDI-9gq6vtepc6_7{==gfC;-vc71D0y4eJy2U1R(-( zF8^_gK40JSW<*cg(js&36Mvt#mBAea& z;`aTZ-y`~V{ByecH)WH>+tbQd7c}pQuLAeYs2pnyh;{8-->T{_J`!>_=!;qMoVRX+j8=W6C z0{5YL-hlZQs2THkF_+@_7Hr zB;RXFLq2YmBc7%gWo__3C~>d3@ztADw*$Li0iGf_ZiN@cNe(Ch=(Q1zbeQ1&YH=}e zcf^FJIv?sA`2sdPzPtSplTn=`71g1*uTQ+j-Y82TAfj|( z#2C-gC`cr`<#BE{m$8mOM|}Rdsu25wvY?lm z&YM|uz0f4>xs~PL1LJ6fa;gK+(G4z2bFrERrXPKkgXpC&~zQ>B(c?yn9ndJX03yq@F zKKXb}b5>d{s{e28M3q2E>Y^pXC@{do+$s$JAGY2qs*Ugc!%gsF!L@j?LUAW}ffkn* zw>D55iiO}%3beRW+zPa%K(S!KA-KD{yE~lxF3wu#|6OP8i&=9yvu0-RdH3gio)nhK zCrB|1CiDMiq=ll5px4@N)2o(X1bmX`|x9f2iuuO+tU&wvkiGls(>M61gOWd@c1cPeO)LL&x9&wHQa*lOC@ z*>!qlbNsc}g}dmP&s+*Xjl-Exm%GfD2M`z%BU+capB#U^=rWljv*xx$_WgqcQ_OCV z=VQ6Z!1&%QGF7UvILq4f=;|Hs=`^X-pOkW5m*S$Rt1u8|Ec=(Oz1gkz*C7Xa=pYdu z%=;N%;U37^Bug^XQai_&cn0C&RVjSA*G$2gA@kIO`N_@Er=i5bSiS5|e3b1*LQgUB zyXS>GFzUI|o)~l-Pkb-qdwDH|vV&*(WK*W91M5e1)JUtQE7T9kG2!%Ok z9YP(AOC-c=beZoqpC=i%S0zj~Hb{P2-`0$5err@UoFUgD_B;1W61&mq(+XL<`(M?D z<%IfZIwqOxX!oc-NbdRVU5Q5VCp-Pvs`a!gZ^Uh}T=(0maf4OcKl}x$*V)Yr8B%35 z{5<=Q>(BPaBQD+>u14O*LQMS)Nl#>MgkDdRF4)*BB+U^ye)pOr#k?oeV-*Zt){JBi zo2fM^Xgy*3&r7_VlZSc$Kz|OuCC$)cYIT!2b3ms8HY=URfAMdId_BciG&*HTkKsn7 zCUYC^A2vKmr;OxpvCAO-kYgF-zj=T9o1$~+C80~g#sn3wbR-!^5#YYos_zpgqi$c) zOq|f2D)5{&Fx%@!b%DAld&TMQ@qlE`w9UU}PK+oKz7AT@eqL(aJovCSqKq$u243|t zMO((+0Q|bdhkO(I4j`BGJanzx8uDoLwxnXba9Jb~<=`@&d??`x^zSvQghm-RI+gSt zrWDjyRe54dK((^JQd7=XfGb7Lpz7cp8Of|o5EbG=yE#6ZUXu9@d^v;)cBm#~Wj{@qIqYTHtmXD!M8GYH3o9^ie*^WmBX%fN~W%dVJ#$h8tn3k3`C z949qy&{m{d6dMcKyxIkKpNAv%!r|cXS=V``ub4n1yxcOMmfzv4q}9Ex6N<52SVa}kiwYh^#<(}V za|vnlO=(HpKl4>*06S(o6*u)0o~DC3)xy4o&1tMvkaQ}xeU7^&-~ zWwz`WZ$uBm#AFC|;Eni_;LcG5Q!-mYA6@+sU+`!{;wDkcNpy|J$KlgrQR8cvJBO%y z=gY)M)G6G%Pu1<@2>+na&L-;-N2=9eGaH=Z2-{C~r6iBcsEFT;rZW}dukM+Zs3DJnf_M^A%Q@rI0T7lqBKU@VfV0DYV(ER_ca3JEni# zQdyRlCW`gz$u9Jd79UKwF3=SKC7dsN_3t&3*+iY=E&?i|F8l}rO5)fbIN75-*)u-J z8}kKZ1$lJQc_Pv!F4Xs)WHl2r<}f#-=p+YUp|a48$D?>Wx(yE3H-r-J2eW^^?M>NY z9f*6$yWZs-4>!3(Aea5}NA= zJG+e(9}+R6*Or~oQCP8|KmBuJ8Z+Y-jmWdzTK_30%+f7yIO4gEP zj`Y`K1X_!}kZxLW=cj(gMW==OsJ+>eeB&Bub+zDns+x1^PPXQHvFo=Oxz_hBGB&=BYuOb@5xM8C@f{$Wa=k;VDfVKY zAd97Gn*QK6NS^ET_iV>a;Fk^(n;qE#7s97`nO_#X4gLtJKNMO$Jl_Bh}H9tGCi+>j$ysrzzl@ zN)b-;ZFwBV{E>X$(%;g0*L5-H{(kBvyF@J_yQY*kZ05Ty8D160S|`&6@lDs;e5<6A zZ(Q~ohU+r0Zk!rz$l&e-mqY2B(wUc#fcUHShF$l+kKp+*^IliL1Gdh z7y6}@Y>2bwoqhR6vEHviKlQ_3pc~{r5Luwf24sO=mv!~z0i>DkV!rB?bY3mR8-wB8 zLJ^sA&I_U3Q<`MrBeqvYJEH}w;P`&kCf(ty2&9Dk-zw(+&cvuVh=9w%xs)I2cGZB1 z-vAtQ7b6b`0e5Mt2eB(zFxXe0oej$QO3jC{>Z3{ZMb0tUHY8N)8)OslEbo)A7^3(L2r1G&1N{Tnc zhMTi}f~93-prZhAyWiE`5;Pc#09y03ja`buh!$Gp15Ml(`FhWJG8=wiQ-z0BckY$U zM;=PKKfX5#8O-sbBx2e9FCzm(9?6N*d;$$cq~z9mvp=S z;|6Yx{~FdA(GIKDGc8J*lBBM~@QLF2-8T8FqotctN2%-o5oNsgCd($_V+?iAtTWd% zWFGK!F$R9zXxP*b=uM1CR5o8DMyPF!5+cH=hX6nM zo#bX3;RcN5yCaSEp1Pj}H~GyR<3&k~H3SKPU+DtwpXs6Q=;N;_MS>^2RKMe?RmQZAf?xOd?!*YXXEhL(HZ!=tptKgTV?@JP!MvWZrKP`gbv7D2~ zj7$?=u%b+=zz{m+wnoBL)rb%Go#RJsgd8@R^SwNFR&L80HSkgSQNm+)f4170x5dLY zMD0hLmdh7kl5AJLSRsP zWQ|DpRP5Wtk#3&`=z*zHnRFp+E34vHJ2DDYGb!-g{Rojej{hlrK^Gf_7Br!64I1Xb zG@eIggWr2DVy4swp<~xSd2W@>|7k;;g4^rsR(X<{Gm~~3g%Q%t-^LU0pp@}f;jkU{ zCzpm%eAlJN#TwIWvsARY+3w=n7INo#jx5!Q%EeEg14X4DfaYyujh&EVSe#{^a!M(h zP5tcML_DdbWh2a#+wn}uRnT?ZM$|;f!ns*$!tzrmGKsCdWLz0tc#5*O_%w2itrm}` zc3SGRduhRVtgv3YUAg}Li|<*7GS+WZA1~gc;U7QVbt^=W1l_cvr9%cWC!RRa#OC&pt2~9$HYVcWK z@gzr;QlF?^%z9Jpc@PmJJ?^8|l4w!=p?xMuF9B)uZ44VwV{n~lMI zWA29?^g|LC!@whs{S=yVH7i_N=l*CaXk9PUcv{+*d1^l;0r@#s?+T~on;w!1xIIHR zVkdM}-FPMAdW|#pYIV1-)RmMiW9RVhjA6lqnomHhMU_wN4DCM5)926ZlBw(l4RukX zoyHEQzx*N~N#q-QgdTU4`tbgL|xe@%gjQ11X!KPExtb~>yPP5Bj)!(;b>h_MCbfXICD1wK{ z_w{c#zXF!H^T%o-F>Wb+e0vNr()(;p{5?^0ZdF_y+*%7$24;Q&0*;6Rjo|_Vp+3{v zmWAV)q3=(j^|oV++O#TB(hX3r*ie3PQ;+?T{1lY*D>-OWPTI!&hrLbu(u^FI(W>Td z^t>D;!_X1-pp-ysS&(u(9@@zcY8#r#ZM{=r@J)%miE4$r2yU9&7fX;-l$|*K_>6 zI94I`<9E)2QM|^5^-%Q3eQ3?$j_cw*!_=R<5hwK`w}n35CH9#qDps0;ZkXNPq~mUi z#^JcGX3ELXGq~Q)bb0l~`)XfDdQJf;ECY(>u!!gu?mOTjlxF*6IZ~B*G2K=LwpS--pOWn4d((nY;ov3xgaZ}R3gt6cPy9|Px z$^=Ygpp>BZ+#%16Y6@(v;Plp*WmP5)?Y~1^7F7il1&%=C?lghYxSq*e>BwyFLe9+_ zqNA4uCkC9@TKLB!)AGG}WlIm+?G8!=snhH4nUbY>@-M=oAF=eDm3nta04xingbUV z)sy<^t4Ja8>>uO6OU{6sg9Y}!YRXt;6L5i+*vd%|2}TPZ=AHLLF1O@6bQLXGtnJYv zPv@G0Uu$ZHDQs5m%G56S^kUtK-3Jq9faP~V^df|bqEy4!fZcmH-q?9iT)cH3w z3&3;xW>2Ymm|rY=No|wTZ!e9V+#V^=*E>uLi3lIwh;t;Lco#~K+oK?v^&|N)@dAIf zu&{y`pq%yQ-ZzS#6B|?Ass~iM|4Nh4$lJ*W#ih;7CT0Y}<$6L=Sm`I#`9Cp16Z#aoV~&JD~>R)1#iddS2-Eh2vJP$2(l3dOcUd&8gn?OFMp}5 zT$m{3{aDQs0Jub_wm4a88qz`|7CFzPxfdx?+#d+2V>Sn@C`N3mCO5o!hIktoD!T~W z74^CrdYq<3f9|vYwh(4sSJ8d@^B3RJ#(IBsmE()6Dv&IGa8#<`qF{)Ko8jFhons1M zof1=Y(fVa6Fc@L@j%N)6C9Wi3EKMJA@5c!;if5h0D~WCJs%N7=k^DAz+*8C;*S3xc z*w{0_srOln>fzB3B&-l%^a*UKCpdkV?Z7w?vSn_$vof(5zu>v(H7DC-Z29e<+8Q}x zMp=n)t528VabS1J++?x8@orJ_P`wAkHHMw=^he%fBg#FLsL2qOYhQv7eIHQ zdD3vpAhW2CYHeR|5ZbOB8T+NSzwu&{%+arDJn?EgSk^qW*l}mnMD*sOhmBU>+#_l(=Q^{GpqWiQYgIzePmRCFROtyFy@XsMx?Q?!zg9oPq*^p3T)Upt<$CkFa$y4QuQd%BJ z|B#-jCbmhMtw_4vjHjxHv>H6!&$f&LNI*D%m z-rK*TPucl3TC!S_?4&g$G`01*gm(<9K2yO5)#lNEjbqp<85t>#`Ot*o1iJ ziZUcWNBg``YHI9xIkQC#x+0R=E`FO}=2q0x{cJHy)U)(%xqSzz&>o5}$Vi&n(Y>9Y z$}lsVe6x$Bm3BT`R+CD<9en3GW2OH?o8{qTBj6!4UCcI5@*r^xQzfbb@$CvZ&gs;~ zNgAoIUuv)tichzjtOA{xS*4-oEho%kezd;Ag;utF!(9B}koMSm=d{^R&BhCS9xRHA zZg6^sAMw;(3#3dk4Gg5nO}ZJeWb+-uJRff;!(;U9`k!wvre4C0e^d@HaMW2uL)4{h zPwkO{>%qQPdnr~~tGYrA#2VBAe@0F+Du>9ktK7#duRS)uR{k|T?i{aKa_`^xXmQZQ z-%nR0kh&zB0`T5>eLI2;ns2*W09H-F|2_t*L2dRv1uanV^A!R3$`zkfdWas7xA+jc zNi*j1sMOR{bW{71lelMDx@=1LQZE#Iga1z42P;cm*`^g6l(jYoZZuY5Vbp$HY$u8p z2jt_Rog(j*vtUgLTXv?E!I*C3_m*d2>zNmH6&SF{edf7-mIEOk0M-^yj|(1!@BZz1 z&!iL6gX4V;cykmbi)!-#aYTx0d)m1egvzGk2p^(S#mJKY335RrDn2 z{>`H}Ctp;fIU%v5Ai8q?Y*wSOCjEYsY)WCTSbs5N|M2!e3MrV~xS=GfajLk)6PMza zW`ijxH$ByQG%k;(^t!$F+)0Z`&pCZ_}CLM_sskO9k*Bde!uRL8$?6!s4*k zSlyQjg(Y{WNE2?bg4tFDodlhk-0JGYjqW@W<(Bw*eocA{7`1ABISKZpszTwov}KJp z1t(7;@u<;)Zk+O)s`BMFc8Io*3_Ab2hf-M3k{baKdbRLzM_n<@1lxFBifgTC_dU@MN80@EsIr^Jcu<`X;~uHt6tMT!R9pFh=)=4TSC9??fqQ_yaF zAKgUXijNKjCXTIZkDD?;j~bs!IbU)Hm#iNvi9gnosvF*?n?JN=`tM?J`fH|~+SExN z?Vl|a%t9$P0O7C5R+^vMpVF|gRi+-^--?j$K5bb~x1V${9(-ulc)YssmfYlx4jd#t`SWAS46rdh1t*Tn;q+-}t{A)(u(yeNIgj z$bLA#IP6EE|GjjeEZGWHh?5BO$ML8M=!kwIS3Quj{_Ttr<5BBI-j3+wMfxUxgPK_= z>Ydmuh+3t{Cu%7q*U8D}DD?FQI%5+)Uymjk#?8T7_C+C#Rf7;ZM|01FXm<|p56T=I z#LxOG6PxBMRkN@HZJ%zFjOQ5+8<(KZ4G^$6guiB@0HV2JBi&pClk7g^i#P_EZ9)3v zoPitai!}?`mH5y`trO_OyDUvJ2KXjTmIDC1rSL1T=n}j(;=BhA0V05Tz?R3WD^F^h zNY^@kasxByPchweZ>!76+B!2N-k#cTWKMIQVO&oK1*ct2k|Vh()(^Giw;}U6h^}cM zH5GUo{m^&=C~UE;wa1X?YirvGW@J>k=%cX+myz{@+w&3|#617hQ%u&$aDe^#Q@UED z;16B^ur?G5)5wig9*pHhQ1#&bqqJfbh^b-TpuqK=f5AsE9CQtdrm;qW=R(*R$Pxh{ zn1%?}LaM^EWBHRb657gIYajI%oZBx=TV=IX?+{y7-@VZWJxCbCSAb{C0E(>RskcqX zI?7GQUq13YTzWP;P8k{+qET(I<{uze_!IwdZ1caFX4{ZF6)|H3wNPhOHCp}+Q9cbj zMRak+tkLnQ)$W{$rhk!A?)88d6h)Y2*>G`LH2;6kv48PTV8D3kwAN z^s{;V?Po*~0pm{dfQPNWG2Lfr_R@~-T?Q)>)X!GvB3(KrXu5vWBBReKPXn)3ey?e| zOqt!;4#+GTIIMTaoyMA2xy{U2XWE~}u}RZO*+ohois5VOs4D?|j&7Hh>LD8=-3Y8V za|NoDf@!Zet^L4b(8do08qI)T9`DoAoo@4Hrxtg8A~)Y}R$19~QIigiUn544%8@xv zbvJtH?9^Nu61E6fT?#(8vuktX-jzhcy^W+>2ITpVJNo;(C5OYW(Nvmzgo0&eu02*F z&ipl2AgX2mtA?dCPeB3Y?OBhK9u|8xBxGBc^_#|U_$42*MYGZSf&sjzo}9RRdU4z#s9B%>Li1P>(uYFr&Ob@r2ON$@@OZF< zs*1cDYzYc3X*NsDJrpRvMk0l3EA zXhA~{#_79viCoU-XZ>1VC$&7$1Z3>a%RgP0YumqH|E*uvL~|u+JUc$#3t{G#yJ!E; zRy3ndP8{dw+8jWX8r;A{S3599BGJ-!-(``NA)YCR?H50hVmLRMBnN$i{hX3C5xaWU zI=%n(5nA_Voy-ot$RJ_o>SNfGM;NElaq0C|Ld;xU7L3oz>caEsYD%Ur!aj)e#Q!4Q zydG?rzGnDs^=pe>BnOQa9Po05SkQUV3ATe9W9h<_WO1kvL* z-}dlXU*bzGITyx5Aad%2}uE$vOpDBr;~@w{R!P+)7_&*IHxO3NePR1pJy&S9&x$b z*Y6g0W_km%qQI3&?CX|T>+8}9UwUYebnKVAu}3naeLi`2KQ5e7clYF-%}ILlvCTMK z+V7~*b74Z?j2Y7>4&in?O)(j%Fa*A<@-gaF0ej38`d7&cB8fsp2)@5ZgFMe#fw9H1 zUoiJ)i0f{c@f>BdqWuc3ZGPO)w2RPBezsKp$~+rNBir^h!OoRq9Q0q7fX& z+u}0{%n%{HWtn8(Ba$V11izn<$>L%PpH^A+$Ukgw463la_VGIXh#@P({X@q1ARS_6 zs&mkgT3MJ5R188o1ghf$bBK+{21g|$`2h9Trip?}WYHW8z@%t!hGC-=2(Hwa;5?0!W}o>8OG^n(+`CSn8}_ z7v-PH=ChJojNeln;?!OISKX@03*MslK6Vy3msn^~2DcPy`1K(uHKkn;eIVagkN=+D zafFH`p8VW=%zoIHDJgxxq&mCL^en6|av$&L_+B1ZVP-t=%T+n~Th#<+M(JOaeULPBQ5muP%Fw{U)r7K9mFS`q&B(NyTz}Y0Rw2 zVHxTTPpL>Zhv9Er{f#NIS59zW)5VY6>>W!MG6wbvY4RoKUOyhUdq&2r3?1Vif4jl5 z5;fjW;0>T+8PGKwkGUW`|C-|1Pr?x?hY3gtV#D!dF&UV!)QCItB*IS-!W=XtOs5GS~cXBA(*$6Q{kC#bZ1;>2s-g zfjZ?-zr7O9L&~QIK^i+h=tUBxy)S0u&Ibs;WGbV1&BL|`wbuQ}cC_a!V;zXBoJH31 zc49)u9F;7X$Kp`eytWkyxMrX~K3n7VMDfIDE|1&8Vq%qd!B<>@(f^fnvv6l+gwXQGve!eZEmO;6Z&JG`Cmh9*3AV1oli*F1}5kw+YVdK9>M7kai zoC91$eQ(%+BeZJL%Tp?5C&v8())v0)H29BQZ-VQYuLe3Ax+#(F5w4rmW#t;_A_pFK zpDfr@+<{Vn`+c6)=aq8wfv|DrY^q~N;vcVPLuN6*+&E0^Zop~f;_&IN4_o-qZdjzI z`e}dvmY_BBXnC{taJ5vyPngy2;+ zr0Ss=DUZ)=z{Sn=a@cplRA_*&Y5Vuq@p+msm!ouN%QOEKdIf!afgGvDhT)7%_E?4H zeAV!zARw6%H*8NJT#Be~i5>TcfPxAK;$2~rV0)(Tsx~>p zqyw-MJ3C0gH}|aB|6r}Ssv|M=XTa?a`vT^c`Fa!VtfcT7S4BM0_HyNS3|O9llLp&f z65K)y2PlkWvmP-fK6XH8-;jaGzMg&!l$YlnnA-}%e)<#BS9(e&F(l1L$z!tpX(+X1 z`i}v=G8N{w+Y`2CUJj~+1yTe%AAek>!^I~1exLV`_QjDR8odEWoy0C3{d=>U;X(Mu z>)bApnq%oXlGQrg7}vqfpvF;|96n{kAp9Jmvy1Y-pt^vZ6n%OXV)nWaC+Tf{+!u%Z zWY1#i2wTUR)l^nXPhBMzGZ}fg*C}Td2PJX3Es8h1bgmr|KHg6nH#>ww2hmtx<&Xi7 zpUq%(m&>N!qW}1a|K{c6cEsSR((AZvc3$?jj|cdHTP%wfUcCv@hHM37Kt*8-8CjlC z00jBm3fF^dJ5qszPMhL=f3;qYgoMD-9R#W6Y@@-$hm2tyY$uB!X^j%&F^VIyNW%hs^)My`F-~bE z91>56k#yaBw!kRPFxTIGfk6st&p;g5Z`6!o{{7RW{VnLhAiO_93qLrR$=;VWXTA58 zH1c%NRE3C z%wLfJFnwCe;Yvfj zy%o3Zg8TBLN*k?$fjAgQ8~9zo*+R|18=S-6AVx+H8Mn4nq;uz~$S1lnb3h38Pq3Cn z>i(KcBIpf>yd^j3@679bNBB~d#siJVsp;|(DK+8LM)@Y686c~_#EjAKi z63mp4XbBCEokAD;)Cp|EJdJ!~diw@rMwY5EL9Wq-&q0?(Kd(z(<4ut_)E#ZrO1Jxj z^9pSi585^D9&EJoyd$@4p90-X7JoOjrsx26M;am%`WXNTV^x9!|K7IaSE0Fo{A*stp^Q#m_kK_j=DBJWaN1L3(ClKy zwy_qaCc{nHZG=L2IO?PZ<4~dfv&V5{T|C_=Hpz<28Qn0{H!*Pt)h&q=eF#${vcWr} z0rYlN%0QKi3C!XGgE*z(( zWmY<+G<-1O@?3modszORc7EA^=a5!k*llXDZkBGLq4KWJFQBSC+oP}fX>MwPvgw+Y zdf)=(7;N73zi(%#4Y<2Hnz>w~%yJ6?!k+h?q-q9CLJeV1p>;IL0IhrZ>&Sw(H zJ6AQ7dR88Fpu6b1@L-m;j*<^%BeQK+-x{;qL<+P;=s6hnQ+0!bMu3o=C#h?F&n1Qc zXZrnoWdiruH8cEcljTGP^-?7|NdipndOs z5m8=Ye;GZ`DeYD8#izA_F;<)6ldk>myPwa!ck@M)?ej})Y4w)GE|PQx zL<4Yt;113{W61Aj`AmR*Qs%|?y+-R1h?NUoz6#!P?&GpAY-yF(-OYzt7z_R#TyZAz z=djkch{dKj8(YeL$+{-*<+W^8@m>+8D7bMW!1*vtFpLAznEldL2K={(oGHoOf6QSC*s{o$zkM@QZ9 z1Unygx`oHUm-iPNQ-TaTm>5M1k4Xmv1@EX}7b9UuX<<^ve@KQ}tQ4=NbVgA^ftZi6 z09dF#OSs=|a0Lmb)Pu16+!Wg2NRflB{Yf>Q2d`HYK0UZCD?t-5%z@|sb(2F(LF&~9 z^!wmk;PUegM{N>z;7=9yyQ_r{DjuWORu?ss6;T4R&%i3C$FD6TX2vvS+7YW| zb-N@fWdgsKE(Mm%JM4c~Hd|{1EZwHKH9Z|HHSbJUcwO!rp2E|)%3Kj2W=NL$q8W6- z*_9rzuxQtV=goW{L*SS^X17yMeFKHZT?!&F=a1jyaJ;Op1}dt+5ECZQ?0L%Fky~@q znLZS{i-I!s^FaDXZcC+z*#(xoIw{2b+1Va`vla|m)Rw|PE6&PFv8^l< z^gtKG{@NysFxpf0%P4!9LU?x!^=@t5_J_b=QfbEK;Euq^!**A;ORDMkRUXLorN}>TZ5e1GlNP%( zYwvmtabp5EtlhSPI%s0+(9@mhC$OB^-|9KrSJBG+ zwr*9EO?vd_88uRnLa4}ynERp^M0#rWO48BNqv_SM z0%%&a?XO|w>jV9jl)PMm`dtZxsdQhA5bi04Of%YRNi(~@pQ z;~C4SFO&+Yta9Cvl6^>WYd+BN>fvB>zA944PPTa+VVn%Ejkdq0_+TknvaQ8 zV!n(S?J=~{PkB}R^646t{0XhbsQ~^$Ug1dU4HFu3?T8;8BiMOPG3fx!-R=0227;U# z8@|dn1f)5-5tFN#9$fQy;t}(CXi;&J_s=7@c=u}Z90yF4Qj+tE-Ikgwr=`xI-}gr9 zLTDG&m0qCw5vV+KCPdHEs|_8Ec_7SaT`nz@wgTSEDJAJE&bLt)gUd~Zq0H7oCt5|glQNn}W*<2j|(KWPvWI?mM3o10}8&ppR-%dp)# zU1g@E_cxVlE7h6Lq)nF1crN{Fh~CD6N9cvLyE0E4ExuXYt91?D>QAbIi{@nueA_Iy z87?4&7qZ@`76d)o5>$*I$U^YnARHp`)_5z3zof`5a0Z}l%{P}h7jN8BKx!zS2L4S< zLZ5$V^=kggSEfh%ao_a+uiW>WW4Rhl{k=E0sE!2#M~kv)93b}S;qI#7=aD0W`~BdL zlU(k*i21P7FE*SZiH3)&x$-T0pAJw_u~ca?ZKoUu8kPtLczFMSDf5Pw&zZnS`!cIu z$a=T-;h_2A4!zGlgU+wga>2pJ$MmzLD9vClog(hVdL;|3xr43O(0d7aIuLzu&D+e{@E5{^#0mX=B=5us1CGT-O zO`B0zVd!1JoJ&S$+!KSCr_L5~OOkU4N{oB#%vHo^Ll6Vk7HOPr$8E+%{2xo<^8E>2 zev=kQ)!`orJF`cOdsza-5Rqa>XNx|EqWMIpa&qUFRW%D9GwAblHBZxETR_(Joz0^O zP?;e;tXp>o@$+;&so+%VbCKKrH}(SP;VAe_t8;lx^63OUA}lXSposJ6e{sZzvy-jA zOUL70CmWOtZ%^gf{C=^Rp`*-yE`6A=65@a896mz~Pph}8-_>(U6X#SG2P3TT6^`9U zpx;qiS-Dy1B)CCyakNQ3m?ftw?=Q&-{uJOZhmti8SvqIuok3>I)imi4)p3-7`|g}` zotl?Ut`^=!WhBiC!z>02!#w{7vJ$-=3+w|lXn-zk93ud4Iw1HVK3aqE6d)D=bTEyU z)l04k&@oLv%fL!BD16!5Ns)(b{qmBm_+K?60G$!b%dlyct~3`N0O~bMOyQUX2HdIq zj+7_GWO3g}dnLs`*|L`+cyP@4A>9~!)tzr&!|mg|Xl1uIis-C&X5B#Ovk7KbPg1WY z&S~W)%|=;AVRMPt_ucpolr=24pR{{(j;DL>TdZ{vR_k+w*o;oX?2ETKCu;1A`M;eJ zE5}IBE<6S^)GzHIhIhu61dnc;W$tTd=Vtpr=Z!rYEKnl%IU8s3lK>O<_IVgMw^@a7~5)~;X6wF z#kX8a#P?%P8q8+3V`?9}ixhPrm9QPPw+kCApD0C-1l`fvh-SSzW?FugrFl%6 zL*!4K!T`23$?XKGl9(dF2T&lWq! z;$Dfz^(CcQBhV+EkQe@(z|az)+VdwT7&VE5}UGrd@^)#sS>NmZ$pn!m9RKG6$N6A$bOUh_NG80#Zi{q|^=bm%HyPdTD-+%`01 z`}DoyH8?z7(*C|9XhmGx;juR{7j6x1gM|hLDb{aVPW}eCp{k})Y|aRK)-_g;#<#F> zYYZeEEWFa4lL7tNWJMqx9h=bA{GoR$N^~aeM$s{*NzTt36&bQ|l33hEPIt$#aj`OF zO9lYsM5n@=Pd?N@+1B-j#YbDBEiD5`-)dwEh298vU7Ab58bz4`S%w* zmt2Z1g@(y0wdN2wY1Mo*Hqck{D5ys>;d| zb&iG$WjRAS(LvI?0+x)`M)p>N&Q|+_-P`Y(miny$-XS5FdXwb(CIz>*uX1@C&t0z~ zvL8ox3AYn!gr+umz zbMi)djw^tomS7+{{hlAdwFoAG=fTc1@MOX5vokkgXHbR5DMZXZ|a*D(d*zgO>-r)i3ibk4?zt#k%LZaw#^V^&dB*QX)m$sU8D4&fs&9SrbDc<&CWLoNw?b++x>RMcg7tku!iY3 z=xMA}_CbXH!)Mh;DnpF+^n(Hzao2x)^ifT1=VWiNb;f_>wcT z^lqQva^&iKOtVhNFEQUlX-5!(RK8q6hS6+!Nnf1HR7;tsIUdj?HZeSV_v!BKVD*{_ zJVqwVs+WUou&%DI5TnJeNmgZa=ag?XfnITQ&smMapuCm*SDa9M4qQ(aJ8l>wWt3BSJUa94%R|f2!ah9l{pO5OI|#^;J5u3ywx$i5BB$CE9TL z79KLP4DzrF!h-ht3wyPoAOTPgMuZpq;B~8YU}PdY2N~WAT8>j#XhjE?5|{|5E>6%A z?HK)tnQTsOr}M6ma6IO6Wo1q|+`fe*v4026E4BcL_IgNc4d1hltTi>Y5wqpOgVNkJ zRnpwL&eU(9XhB>j+#Gdu=v%A7v@DGS;)J^g&au|1s<}jb*$xI3rTeZaimBr|k_B@h zwsw3!LumnDUnMD%^x9ccI>-KY)+GOi7)3HH<_pQsbW_AQXyY$OyB6pC8y>8|Q1g32 z_XpyKa z;1x_a8Ep+_{yD(bqzg!ExSiEZ{}}HQhxm<$sFB@zaH1^xaNbrajFzI^vGyT}g(Vq< z|A+&i=!*c{gNzJJ=q2-oe2-mk4VwiHQV%WMA68pC?fld)vdu9DGy)_}_6&zzaad`O z=JhM=8bq*o zbM)0uf*}9EfF7SUB*{e*Hg4OU)C05T9EQC6-t0^yy=Y`|*i-ot$SOYg+4wUp4M^XdQY?^X0cidPt`@dH)Se&C2-TV?cjA2va z*>2yjg&aiRNv*m}#THlwavI|P^F6n8ILv_Nn#?rsH&6)WzccyTZ8P>K~V z5WKj%2bbam_b<;k#u?+h&v~=|Wn|pHa<9GjnsZ%~2S|CK1~bd-TpTVF1bG(}v)s3HTu4~u3~Eb@(kiN9`on#f^V0LfQS$1M z78Cj4NM^lBo98^2GvuPx&+U+qeCEA7unQ^0|1`{|Z=x!e%6o~EIG&Rz4-tR+tjw=PynTPX+G>4p7^gKMiADudih0?c4TH6Yia@PJf@BdjVL3YxLiYd)( zcJZkYY+Hx44z0PW5I6sH$!a?^I$8^@g`KWeiBFLi0rx5`2jY^uyBzu#059pr-ceYn zJjbj5+Rj>M=D(e93U=OD3u^A)Q?b!EkDIjqK)^;3B~TTg>27Q1@oQT$bnBLvj=*j{ z>%b}PEW6&FBg0uXB0Xnu{N%*F&3?gbBwio*vJ~_@7%RTZ$IG*4i}yf+NbXq$)c>4o zmGh&RBSlOT@hX^ki64m`xyk&qsg%Hb-L1&@7}J0+v3hhq8-9`7j(79H;e$-;2c$fN zM+HSV+%mw>K5%t=3@bO9j8p4B%GJ?(h>5Ttj(<~x&CBx77DRf+J(fNBoi_%hVkDbY zQ?5w(Zfxlf?&-H;D2k(r*&?G(BpDe2Uraywn^S!n8zPxB5!vS!tP^|V@L>mKBWs&E zjeUr1zvQEV1G}ktKv(Ad-L@KcU>=`cQcl$92h^bdXU})J)5y;lzx(7!E?wLuDT^Q` zp|0)qFR2wR$d|S0%`OKn)Ac!e}8`jp__OSt%xH-UWF4A-yDd{xO0QWiKDl z-;2^mk3phUivGcX7Fh)+V6aw)p4zI^cvk*FIKVcJRG_EH^6`UBff6w;c-nvrMh;KN7e=l9zsxO3Ts3z2XH-eMrg7R4<)g!NF zgko8uFTc7e{{u@gvh1^Por5sgQgAmZXXRCY>iMz0(NL{f5b}8hvhcg(Xzp_WzrqI# zH&j8J-g@c{qp3iJkL4&;ACb&mN~-NGd}`Vq9CMmKI|iD3cLD)r{-TAR%(L94!4Z1qK=IAHw;#z zJ&)0RkgPIZETf871Qc5@XI6-MLQP`bBc>qKDmSU=GFUiN%tkL%eBCczl-8&f-!w^gIK;Fwv=+WRFrhRu1nkfIAYmjG3aF#+cpWm2L`Df$A;AvGi7#UD?Q zOTdLR+-I52(T9ndZU>$5Ow~=tExIuqhW@VA-v5rBP`0cd{1a2VRGgPQ0r^EDq>(x0P3LTNH*x1a??g;}yNPS&NWvX8B z9mNI}m0Yk9L*Nk`G_;xxDX{9Tnb}up*y-nB#Q$Hg@qWBDe(jdVVkr?jKl8nCOaq1g zy!>YD6aVhF38xM0v%fJ6)Fh>T7BMN$NS zZ8RVb4&>0T`(q5rbG+xAX^I0pi!!_laIz1%k{*(SEppw8WeUax`@x0L63AOA-#rI8 z19G{@tT19E?kBJrFm=kRG`Vq7jBTjMr1tzI)nK2<>WF30tTy~)2A zi?RNsv1&azK?Ehswdo$ZU{}C6>#4YVwQbyd=+#ArP43By?`xikZf77$wj|E*Ui<@u zp45Uut@{4z?R;W{|~D#kUB) zn>Q&~UD7E--oMSuV+iKfrQMVAD6*_!#pl~YM@UcFUvN!W z=0e@W6_Hx8E#@tdSNpi|`n?D1d?pELyGd^67w5+oay^9m z#>Xt@c3R6A|7J}-ea?KV$a(fbCZ1^JtHh^Av3Ztvxx=ZOa*10WGX^tDg{%NZw{^Nk zbowf)B%ufXLBY#)3R2@(JatrsvBkuqdkP;ax+Rr`MH!m-mO`)0!v$%_K3;LH1}w`) zS&Ub1ubVxrzq`y2k|=h}7hjqIV-}+o z;F0qNQYu@BxhidE0u^*W(|uHN$XA`}sJ$EJk2Jbmwc)a~JFXOA5F0uBW{Wu3*VqwTp%iwD6 zKM0a>@mD&p)1|T&4S8y|^D7&mm6@weUO@1W;BK>B&SB};ut!nW+S$jZ5_pSb{lKs} zL9agT?_$w!0gz$adshJg2dcZnzuRis2JQUR4thW1#TshuL-**h&_4%&Mr?hK7cCtF z{f=_Vo7#rn1A_~=_H`!aS{+9Rr<#-q>pDKx@fhaU{<2)p7@+7K7a@z*7CTapq1_wH za=6N5EJBQl0Tlam+D_5M;uw71K#~~!lTqwoa^Ur6AegE$&&V!T{g==;Kzw~4uQ?Y4 zBfhtDkjy`>mj7Q5^#+H3EFOVe9k_Ex5pzivA+|J|(NfbYF_`S>;7vs_a2W4l`_Bl2`ca3*(vL@E1FXR0;^{i`C9zK{!9T?!N z-w=tD0089C0K5aSp)?%IL;U`CE?!F|dOv#XU^|L?bH7cfT^))64zyt?2wmZqnJ9{Q zp`YHdXxsr2kuZm;hc`oFZdt%WGm2)PN^J`vI}y0lDzwy4ygPLUu9Og@t%PuIr0BAE zu@nT__V&nE3Rglf7cgkjyBdAd=g*$tecU6i_c*nYT`6XMNR4_W7u&F&n5iAfR=C-g z5veV;f8u7UXhZ}KBfvWuumKpH!X@0VK(2I8>j^(GZB|qaJ)Y6l_}i5x8BpJ#W9%FD zB!y-rz~Y4{nP7AfR>ⅅRa1)8f+z^c_{iphh29%gZPf8|ITf2FoJI~LtWH4WiN&{ zMzq)lMAuF&um007p&$QsZ}4kt>N6k&9sso4Jy}~gs@|L+_)onQne49B zr;pba{U=!cX}TkXRssijfb2Ev7 zYWEi%zGO%A7u2RJ#tT;+9SG*b=%7{w0HcJGVVkG$Wo|uAdGUUP#5C;^;;*ra4$5G! z4dz3~TZVVkk61MLd6#h?EXJ?DZWDETXL}Lxd62k>UvzDc5G zL~~0(R5!l0hAJCE9*H;LT=NwdAVsQ}WPO1xyzy_em6Dsx0L%K46KQ$E4cMKjyA(acE*^5;+pBTRul`J>9Z}nEi)U!%E)1#lRpjUPBg4Yhz�Db#PlxxfIh+xXuu+;_{SF5a3#%ldZCFeZ zSJ0Hqqz6Pci14gm)U*AxbQ>$79X;UXONSeO@k{nQmdzaV6{9~T#0enrH)h`;0z_HJl)g1GpI`K0Hg6p3^DQ zDMyI?rdfNKCH>0DGWhKqdgkQ3OVB~{`G%8ZzMIPB#LK+Dnh#IjoFIT=7!%Ua?0e>F zS_OaFzQI8xet?}thtFD(c8v#ijp@7?6fsSm>IA1V;^;$dd~x~y0n0EOLe0Y<==_UE z%l3a>?-=BB8YJW8cjf@ZqA}mJszzo=)T%blBLn>$0d?`MEDZm%JQldISb08+;$&Oj zH6f{7qXM}T(SC|Lm1dT?V&jd8*iaemUM_Tj8DRXb#su(t!@zH-FMT+&c2*P?AMr&H zf4<4I6zQYj%E@PT`%S7RNv@N{hTi8}rL48cYOqJgynSo1>*~^ z8nbgTa%VVy(wL7`vG~@dym9VI`*bq%Ex4;<7cc$-A=niqA)S(G5C<3EGMbwz)CXCD zC(wax$o`r6${?~UfQMn=(S;JqydCbP1Ea5iIX_z&PcM*kf-D~hP0?vH1d6v!QtOU` zVRIU2!M9Srf$*UM05dCo&Hp53(jk*Y19iq&$SY>`Rg1d<)xq)X^;>B=0@O$T;ERIT z9-4a#-Tg}XJ0ly-zDQJJohf|r_sMFX#*ekt30uNbPLgwc z2pkjjE4Pr|X-TI$Y1}XIrBb?a&6O>Ee?=y28##8%G9eBpAE(bBi;gFXc^>CTT@xXy zRXhxj?9cq*kuqqyIiBvrsOh+oaf%D=szqpMZ!NQJADR-2Ba#P>-OkHBAWq1+ysLJ= zgdR0FHT!GMVPh}k+OMy3W6>y);JFB#_Tq@q%r<3==ZI@So4u!+E0X?&Zf8H9(l0+4 zxT1JXk24w`h8BeG>29_k-ll1NsP4AGjAao=%DU`Px#x0~>KGNZi0#vm0=Ex=y;$2c zaN}Q-?2<3Gu5(${bG$0nBWC$U*N^H$^=ApwAr8K|g==y^7h|Jrvb+k=Ud(463WZW; zr~l1vEBhZ91JN#gToQh-{`I>Rdstj-r}sM0nuI_WgW? z#54aNj&xE#(|>bh`6&OB<>B5C&v?d+oHSgva~=4ZIQjqn6@?68q}!w9ENSgKxnKr0 zrkZ#{7)6w$nC3&%`<19MI!MZDyCV7Cysf@@SIw4#m$h3deDYRD-FZeA4q#4ae5{-P<8-L*#w6|IK|79QhzcmVVK@6la1xQ*l3bG%p@J-gL%yFX=UtBG=DTet0 z?th=T;M`d)bsArQAo84L2C6E89WZlYbM##bR>bm+Evjnv4|u~PQ5s%f zxGs+o33N4${esK-+Xh31bcr`$Yega0kOiM+Tka-l5s>A z`q$cBk?&pFYiOolitW^U`bM)-fahj>az8sc(O|~L z#+7cHo-J=V41bK$*W}KB;XN1#7N}bJqpN1H!$0;3%V6-)A$!`Z~)CnJ4};hHKN#$Ey(#I=^vtr zrcCe2J3-QI|>kbX`0qi^4zK4dUl!!Lq?R({qf&Yw7Z_Bejq_Fgneukf{Nu-u$Y{7*iy|dh zmh$jC3Ezkq?a1wc^33gsR)(4T#L}-{K6X@)QGhYjCoGsP9HlGXu>G0cxQ>SAQ%Agi=zB_~n}tr(}pI8F^@Yh8G~MaXyVEZH5vV zYyFmU`<)D(bZUbq!K03k)BPm38%15gu)E;W8aCODskda0N`j7G9T^D*;wWwWqhpGj zJ~sMT+;Vo7RE-fx%FS2RH|~$yhs!Gp{WOfQKaxZ@gJYNt9`QbYR9bCvTru9i8gHd{ z+6C!8ci5B8R<(?USsd4761O~Nl-~GM`ud2C<-S&BmfGjo!^x-e)Xs~)B`v2_jiRN^ zqpC`a$}@2j zZap&mKL;Cy;Qo9GV;=#OR7+Ag?wFgLeGm?oIqGmfN;e@6ZU#&I`}eQ97%l>7QE``W zi&YvnJM9W6T6j%}dMO#Sj}v-95LpiAD$+%+Q)Y}UG=dSNS*|lH0Ak~J+|ok=_Qhbv zfb6j>@d+?tmpSx;nuaF`EbL8P$hU0*i2SK^_j}vN5kVHM8&pLY&o`pS?&Y}L;F=@s z$+PSG2Q`wDjjaMuh~VIb*1)6WJC{?}A~%H(tE`NV9}vah-`d>ltEq8NYPP#%LLBk4 zxoO&eD}PNZemEd%XSwKwA<=wuBJ#(P$CNuzaq|5+s;l~V527)1p4O*7I3*Ds8$LW@ z!WP{z#Xl7Ypv*I&{@9IX%ix8e%{tI+j&s03Y)ZD%+cVD;i20(1Zqt~zKqMu_iZbXw zYHF(|I7u%dgu(G!Oz)$qoTp(Y_xKm~wF4er9yTka45_!IBEQ%kk{cY$ zg|mc>t&?gH#tV|ZqjlxSJ?&g_%h@W|Vh!`YsZ$o4O$2S`@jEQ&llz!9_-7nJ8?)N! zvF*6?yAgvOa{JU@3Bl=2&Rhf&8~-%g*qMFe3`6}M!dj5e%UV|#yd2+`E_MV&kYf4Y zn{^zvdYx@H4TJNO_p;vbeETLlhlJUN^!2?MtuqchNnpslU~FJkkd=3~{ozS3#|$Az zuiB7N>0>8%Jsp?E%;3+c~Xe!q!qvj()i5TWaF;n*n)x?pjqYCrvsZtEyB&3J|YDJA3_W zmGVoAN2V{-!Y=Z5m?s&$>~fFhczbsoHo%fF_S20$jvw%DNg%d`$-MEsJu}5_goYJM zZ#=!oNr$q>=z?#vS`D-*m%JD<{UYvnhG4Gaaq`Mle9Lo1`hzqaS`rzlfLiO-2mPe1 zrFF%~B`TI|1DiPOBT<^Q{S;k$%lVNY(KK8*%;GcH;xkJxHyHfVndhh;7=|9sezXOPaNPc(y+o>f%` zZsXlV+|2N7sl=_=eQ+89!1$+hA!a^X&fCyExB`mo{_{1s&;sEDHD+z&ma#-BXR$#GaQiU*$Q4SHE|d(n+k32v5Z&)`afUJm z=>Bli+-akf&fXO9dhy%3xY-TgXFDyH>Qiebm<3!xvcqO^$y4Tn03t!3m|%iF6_HEJ*xc zq(5@y1L9BP;c+C4I4^HtB=%NkosUhTcg^xu zYI%X4wnk%KkKaEYm0zBR47H)l?AE92(o&m4hc`xF4kg9-V=M*t~VPPP5bX6y) zGqXINN%aLVEB9L61*Oiyko75wZ!b^lCPD7F)X&B68-_b3 zUGRGiJv{WSBfKTuO)Hu%@!S5}qVxm7)+i^$l*_;wFXvi#&Gc@m|2+14-_(14#B#KX zkk)^m)Mn*(K`)00^UBM^#xsn`;n;^NDj=X?9(}98pgt|LdBG=d!0O<%b#yWEI<0BC zd6XCqrkbg!PEC_a80Mx4W)Pm_v4GFF7Tx|Dsm7(%UaxL@A)jwnb8g!VCqE84y=%O( ztgoq$QH)G2Pi9^osp;4)9!-fCuXD-~E+0=6v0pky9%4EAb{+?XaIdMInlS!E@K{#!S4v6o$)b>CnFIUN|Ae%~wrzYO zr4Xn!dwtN$ycMrCdp^|TVfURoZQJJ*v0g-5?|fgQ_FxVXy}rWqTwa_xc@zv9kUPq0 zr@Wucy|yNgu|(I``_W5!dqC>|INJ$Ml!fzDPwJF7>#ax9mS@yNEpR|rI1Wp7C1Y)t z)iFa&4;^t$MOmv8^_7aFyso6j+mWA>mzn0|u&GO)PrvwGHxi#@KE75%422M4R`o;v z#0zT*!pz(0oDUVnC7ayL_~ID{ji~KVZ(*P_nVd!K+PLtW zS_dLGnHQM{*XjnN@)gnFzlohde@`)b3cceKB zsyON*<(AF+$xVmZjCDoL3RopnQxt|*-1CcywGKvoal=c4MsTO{-W;l|-hk(`+U*lKgITkmb2Lom#9uc1d*1iBi-5ff?b~p= z?+GKHg2StJ#^xYCZbpsvsff1VGq7kMW8bf!%mts7CLSEe#b#&m;D`3r?G}Z5!g6fy z&yAXXY1SNWfcP`8Gi`tnI*kKF4S^XG14eQ183e48JedDw()$jnlBXI0prxtls5132 zwpWS^;GEz~cgJnNAqLRLU!aXrFlxem(D%VG5A$cJc_72dk`)GS0P%rW2zLnBMdJP_ zXdp6zYZUfsEj>pB<@D1g$F7NMn-dp26@eVN|%fy%% zD$Vxa&`o4h%UxiplB~bS>FiP+pVuFRi2m;BWA>w84l!@s$Bqic`a+sb3|k}q_Q`5mM>>{)eP8t#Js+&PpJx7 z|HOKe>7yNrcC1oqclV^j*md{Iq#~|y>dBC?^E=wFPt;il6jY|Tv`e3nXQpZEqN8)Ysu^O@cu5ToJSHOn=i1#R%#$5S#DLt$$SjkB%nW&Z zW=5YJebmT=U_;j&{*nx|_IZxv9Cr(d;N-GF@r^^>#RY~%avNwNmhtDzWI=C0?6d8% zJZDkm>X)O*>UILj%Bt0g%*Hmc01dyMGx;VY8dL|{Y9%~Y15IPAFqkr9t#eO8xcbfR z_XfZPQF6pZ2jZt6*9jhYl$P=R%ii1s!m*opM`NB<<;OL2bR6Fy>Ux)~3uve&MwV%W zeh5!X^wXuDJaksiED5zV(Dq7MMnf}_$4VlS!{5#aYZdXaWc>ZH5VB@_YhD{w zFCQ9uwDDN-5##2c)PMO}e>8t;sUe2n158nT6%P(;EmiBMiqt%$V?0T7RzK9H(T%Bd zMea8mrt4$U>Rw{Ph-3@H{BETei3s27w;n2I(b$mNbBzXui1J6ZVAiF<1a(p#ABOjt zVw3&VdQ6i76y@4Hb&H?fAbL*u_bxM^NzLt`in`jlz|=OA$J-lHQm3mw?93zd`u-n0 z>eA;L6bS@pi;q3+k_wjlbJGJ@AJ^4p1yfQBJPFfN7Cldb|BNpRY2J!lQPx?+YyNB( zbwE4&PX_URoB5Q%8~WwxlrgWd4C4sD)3+=YEg3e`rJ+u9dp(MuWoG$uG>#6TVH?b8p%`eYt=dj_Op^G|D zHj{FO)qbu|Q!Jr=1S$~e-Cs-#4xuw1gl@NI4?z|}k2*xV3fW1qtMd@g7q~A> zPyXY_?`!O8VqIhstxa@(L08W!$E7PB&dmX5kMDxOhynnxTJ$Qy5Bg3Ix?VtU!U$HP zVUCCwJU#^uitBvtbw24oa)Mv5TZQc8mH_c;;?HVFOGUXJNj7}mP#rx}j`+iYunt}o~B0L(NGEm~~$ z2o1NDG}fyWuqS`4MkS?{&)EZJkP;j0+eg4d zY#>NV_e$z?3&FpY;KS9-QHKo;v3dqy5rI=&JAO6%4g5M1zw>@|;Y>c>EP?n0On?F( zk|5R9nK1L|)47S4r*?fN@rSYQ98LssZw6%X`4mPt$9o`g35>H3jKof!20irVfkvGI zUoiY&dGVO5RloC~H|z7dC@cV}l6S8y`+0b*nzn+0+eY&R(x`KtzrbgjbK62$ZRXW$ zG$v>BRc%K;uCBGBH+SMPze^O>+Z4{qRxH&(_RNEr1QYKg!_#<>x?Of!9XdC`Pj%KK z#!MS(2%#`1G4mjO=Sgdc>og3aaf%LAaKJvNXaEJb?m{_Necf9)y|<5y?~7Hv4O~~K zN?uun?HZ^;rCAzP#(wX%jDT?ZPr5(Wic#w6KqF$c-bF_#uvORQa;w5wnY9#0M2^-} z-M04U`C4B_f7I$$`SP>r+S-`C%CPV`O)5AnjisffRX3h$H3n2YpKPM~S6Nb4wiQ(e zDEZzkpq|yA1)ZT9MhJ^2##s!E)IhA@AV5{Lfd}{BR=6-xK74Zu%i;woXj{xhsfy8^ zK5NpZmfYj`>GiNb240i*6v(pb3!|uEgKbBABQ|C0pZ7XRF>fYo1?UnlWqqBrcd$CB z8?>Y5iaHO1lfVCB_L~x>s}C5P@`yCT_YKBQxN{7-`7RxSRiDT+Twd+Dy{j4;Zj-D!}))mY2|{P&H?H`PE6UIPUi3_2tg*AN;i6 zytJM6{dWL7831BJan$p{pn+xPboz3w?fTr~h5FTZl~ZURIL2Fc?>1W1a5lca<^*Sa zw=Y{ZexwdLmS^te$(TE)`N|)@BTe)&LCC3As6UL<1%x? z`Od&(eDu#IdpB1dtf_xMfS(Y$j{wl2o02mbM(!wyI;MrJ`<=C0YB8zRahkNUj;@v8 z%o{m>n2bpOdv|fRe7wY)^Pz|Sjxj8$8|9xH)^)uDKa+7CIawYsqGhL zXjv}678&_|zCzELe6p-F#2#LURJl9u_l|&Zhs!>6IpVoOCYw>|n2`_K9=;3c))3kA z(Lb*>w}12$3=K00YzA{ZL$CVqB~)Y7x&)-C=>$N02h9*7A>dKkuu*dXpnb1NYO{cr zCi=VX5COvk;QSoP;J0~`HHQ&94M-8-XzBC7AjFc(_Q`f>TDCPpJ*jb3y4Z2Wooz-x z@BOoMdkw+w?7h?-ufsYk*V2d*6^dlD)$jCY*a~yrScSK^7!3V;*gm`nKY4JDfn01; zerq8Efz^WxS|v4;L1|SQ0>g~BE@@U(Kz#zr>>D1-f76WEtJ3pv30~rt%1Oga#;0&^5~q1b zJBS;#Eq$>om{}<5F{LMHYb@sdKx6^^i43XDXpYE0t~bmTXWQp=X}EExrT` z2KlzdQMFq@A*8}?f#nZv8C_4hx_`cgkz?UK)R!n&g8s}aywY-=k4p_)OpDzG5RUD~ zOnv7F{km47md#35Qx0*~ZS${7`~iCUH7^f&uO@oUM_uIHanTy@vG;+F+8wU|)8b-E zo^0LF?VJI$e|$+K_rMrG8H`7?-4Q!@_7=k#ll5jxiR;c4NqVQM!+y-(En3pnvr4JNM?uw-xquJX?W-GIvPJjO%tGLHlwWHl)8W?NV z_1}v6jJT~z<4g0y#Pp;1nN@4WT*7#oZL=R6KbmZcRWl!Q_(_6-(2<`9>4Pr0`(!M^ zNaBviq)rfCI~Y>cRPF7#p0N#cKNT_0zv18)g^mA8Wji_Xg4WHbiOk&gPmBOCoNdPG_w|Wy#8h^kS7iDb z;3ck_U}!?@w&A9Pe6_+S^yXKkO?i2F?(5Y*>JjezsyDO31}xjdzv#9NBI5rN&asiP zjb`XHifQhN{PU5D&^qX=&ROso&q}q)#Uv)BeWhfPoH|e|2F^O%02;Vs=F_WvRqy~T~c&+K`>CTXcIzJC7{7xD$ zn^rE3_jkZX`~5N-EcD=XKU0!PQ_Kh7lPo{xfy1PA@#VI;6YrUUS?O@PpSbO=5BNtSabE4Zm(UAl$# zBpPYN4#b&={$;YvJqO2#K(GbBOp<;X@c*j+;#Q?hQJv7If~3zp zqGexl^|Igvb-EREsfiETNv}E2+8*dU>c{CVSzrJkD&tj?%T&(@y6ul$;|`y7zUCe+ zvE=ZMLjY6pamSOO)E|W{;6Xse@y$w*)9tYIcNT<`W$VR(dYeId`)}mV6kKYoS3mB< zxbwYlKT*I7jf%xrYVQpyQnxFZdhwVHU2eVtAe7LlfV*&%dQ^}k2*ioAp~s&t!IbCI zzl4Elwhl*epYHz(Om zgv6X{;{CMMsHVTNy2@@=MuHe)FrWXo_HoX>vAN7Tg@G>aJUg*Kfl!JP|A#<=n0(+r zL(t>)(zro~H!i*>)z^QyZLbqdgZkfEdB>p{Pr;Ba<`2O$`*$5;9q7a&vbhnse~I4t zP0!+3|NPyTxu@@*=aqyT^rtP{k9k4YYCAe6#Rck2LwFA7r{2gV>LQSRos2 z#q8_TYHH#mVBbDEZny=F2~{5;!KjN@AB~YIH1~fOk|*7Jc9J0zb8X?wAs3If@{~KD zN`$d4?!SnJ^Ev?ves2!n0wd%)FPobmR|7idBSyn8zmyb8oU_X(v(IMs8c!IC$!pL= z9`-=b8h9tt_H8jq)2vnoVBtC6B$J0p-hV14&#ZMeckEGD?78|1BSiS-Z;;MCX$ys9 zKtlJI%+A`3_7OXe7yPb|PaZLDa=F@Jg=?;lTQ;|EW zbN#wysqlT_>2~uqYMr(!v%b8(JGSe2zdJk#G*qZ$Aa`?=opt+!Q7Ets+(pZQ+*1!Y zs+2y%K&d@1D&@UG@%!*(iV4_lrzlNtqM$$L$x>1JzU(ZxQxul)tZ3Tn|CysSu5w8} z@O#WW$;dH1&Bem-j9QtibI%k#eR*6=f70!)`=e%wTN`^GY&S>$uBjeGXw!(apKy82he&)C^4g@OS)2%spi88 z5|Rh6spj0TLVJ+em@dXBx!2T(-ee%Ia|;CLLN`Bm4oP3b3qYkw-(?nhSh4XKud}~%U8?_ztD96DPer4 zJuI!fnmEdHo>0O+`-;#+R)AqS_lL3RPIupTmSbKX+0V>3CpAKwUj@!;f zUD$-Bwz4JRLpC_lE%lAYYeL#2nbmzYPsU-G+^G;^l(bh!?pXzj;6N~?%$ zf`al^=GBAogn3+IvlO?XdvsFsyyCcp$!_tqsEQ7A&7pXxR$Q#Co@f5mHa0d(m=iA} z_Kf_siFBn1D-)@xyi*8hU6Mq)oTW$sgU66-G2P)g}3qT#m>B|ys^ne)oM`b8QMtEJLKr?Lb1Xjw3 zD)@6ht`_0avmIhuNEDjHT7}}zX>A)^TWimB$h-+zq@RKwakdY~Mv|-uk!@GjR0=V` zm_p_Z5xK<9q{5;^M-*uwJ1y}r8c`|X8wQD=R{dD}hdgLMg5H1JRQ9|2bbXk5>NA{8 z_G(&!aVuMA{)IcHaKFd_^^(hS6}95!VY#q&gs6I%7xV!|KGU3OViL7RbjrFOAlD-ADMWz041Xz$g4bfW!Us zbICTR7d-~VJdqwHVm7Qks{HKqfv`%Y?U1a7%alu05+0#so0?YolBf|0%de_*ZHR{4 z$KY*l^+m7hM;(x5SueiVf<950^@x&C;V*#$9Gsk*#)-ynp9h(F#+B1)t+>K`0;LlH ztNF#2Hl%W%H@9*{`>B%L$`?nDK)s%Vqk2NEy@_({~bY7pP?lh@1Os5Q1D&>#41iuV=syPmC z^mP_(!Quom!XExxQ2amg;;{j+O+7;Nm8u#AodORZ@C3kG(l>P~2S)o2i)=12=l<59 zk7z45xFTWv6HgAiD=sn)9wV5q>rEHKATGG7xR~Jf5XYOZu|V0W8VC9EABn%uLi#Lmvom z@QmI~Oh)}ebwqKY;62n<();npp}NBqE?+$g#Q^Sc6$XJ|eA4g+XM7i2Y;@sC6z{Pg zF<_0}_j7((>b1j`?&w)L(QW(h&^L4UL zd=e}Y4-{V&1<`-UUYW1k2kxw?kf>Wp)}MP$WOoi;e~xw!tZ=7(=1M_5G4!cVpfU71 z40kWkMj=Fo3D~b0ZYG`mnF+kTT=!N`2F!d;V*YB>>RujlJc{>Hd4-Ofb+*sC!&C6# zLhjol@PJ91&$nMR#e_X)Kdf6`d7dEmexdnw-0Ag#Yt11DE=j$_m2Ic6CWEeosp7L2 zB0A#9y;>wLJx*zrp&TClv=(CYCQzqKe(I9p5O#yh-v5l97gRoe@9H>V7Oxk7+6&r6 zm{YJBn4EhD!gcF%QyxSOS7XJ-x_Zt}r zi0dE39+|(3ThN*RKIh|;>ZYS3_|2ZK=vSZN_K%>4tA94@ubV+Sax?1Mh@{&2%#}jk zCwRG3I6ZgS+A%tY!;wcYwi;JU=6T6^o$;zYG0nbfx05-=Y%;U|^&vme z+&58W53_X)cO)PcESou2L-p~-vKC zR&w*Bnb#zF+4bnp#>VZtWOPvA}y6 zZ0&8AwI}xbIB0g$FcsLexE~Ibo$iW6vt(FSF@-lKs4P&6;_K>o%mmAnnrW|im%V;p zlMiciohZ!>G_aZ7nhBg@&>ue*4-xE6Wf%F>70{u|xG_!yFl#n+5bzRQ-a@CIebrb7>!_WaPZf*(plW3HiLh;y( z)f@lQo&Vp~bAm*u>hVCxW+F|nG$X=>a~C=|#}Jq_K_G$rpc1?wmrd|VxVHiIzF@faz+#@rmqvV19PLOq6>^TcaKXSEM@5OF|}Ugh9*!W5z! z*5g23|) z+MB_3>ZEE_H!j9VD+%w1GRpx~n1ub-bJWYsK!psNG~rG(i!IkVxn>M*9<}mQ7tJJ( zd)j#)oqtPweb`h@3lAYFBi$FcW(#dzS~76ru2VPFrA(23eR+250uz`B-d9yzUHOcu z?dSLv5V*{SJ*cKIzn7!OW*f3JVHO&w?>Jt%%qA0LZ&fhvvDZyNPb zZH?*fUeSMue>B??aeX2E;=#WXQ_%0s3w)nQlin)}Xqk#b3d5Y{}q&>b?xu%{OHri-Pbx{y2D z?Z&{#DzsL$HPYzD8@Gm{4;*(h6^O5;(twk?$y=WA8INW5 z&i}$A1)n9{lv~Jg`EfJE{KnajD%zRlF=EKx4=?Z!SDVzAioQbTV=uX`>Q9%nI$mG= zZjL*1-4P|{`EQt1Qsu*Lg8jvApQ3l#v$q~GcE(mE?)H|J(~BMx*1TC3=0vDEx!6Ma z+!{gXF!KtjQA}o5X}Cz*OwbB%Nq2Cv=xDDL zy&&-+G0PV=|8bYrBcY}pzy;a(w7y@r_vsuiUfv^4SnYhZV!lB?#5XrUB$C{Ri%1Pe}aw*oB^tS!ae zgS$(C;O@bK1?S`$-+6z0=REJokBsd6*?X@&_FC({uQ?|h^5w19`>5Sfh9m@S>b_E# z?Ekk#`9Ht=BQc9>HJ!bFJq=$|J@;_vYf}Y~e48j%Q;U1{xsS`Q&(p%YFh*Z=$}F~)wB@z zu*k^mdkZ;1DDFVW9g{RT?GEkiG~AgbIRZ2@^z7^Nw=~2gP)WezsXP{@(@JTW8Mt>w zOZ1$V>G1=YTjm-?8f6*UI6n&@MW&(P;1#F1M+IJ@>|O}>!N`$Ly+?pA%wYjG2zInV`$F}ael*Uy;} z&+$GOE^diFW}mAvGvRjnmwG4NGD(C6?h*Gfo&2Ku9$Nv5L*P4hi9iim#`Apc*_i5< zf;EGzp%A7hrle+1_z`mmCGU?TfcW^UD=Hqqx5RF9tbvO!HPSFNO1N6ZhjLTy6Lz#P zk>ZomOiDkhCjfy<+B<~;Wx}nd*BxiuVEytc+)9F<)7rld_s`JfPgr6p6R7(aTW1G; z2$|_5x@ZG$8XHo9j>r##SP$|@SmbwWb2(zPQJ(i7Y0;Kww~`WeU#w^jMBRZI9(oe3 zTLZN9=QQ0Zj6f%;=@v)71hFW;hcJw%y7rPi`N{9T7CZG5H0;Fq+4SuuER@qWZ_F?B zH2+DknM=1-GV*I5Sq%8ws<=9-c8zGUSdUpbz>5?_I!?mQ%qKDfk6!5mVR%H5<$#3@ zdOF)p23*}@*evO!4}>bFMb(Unn}oY^-ux)!Js_`;KuGycfLRn6eK+3a1Qy9Uw&EOZ z%?_?GoJA{;gASFA=9Se`tVoq9MlMG)#nOrPcnzOdQW31@B|uMCe)+R4j0T|5zrj|6 zzZUqVnuALSHFmNUe%|+e+@}Zft!C3`xUo-oAh9kMxcD-I;2f_RXHw&4Amh%_NyLBU z*ClensXRT;=s;`PHqIA`vi`0UGq0lAh2v9igblM(BDrdurDIY%{zK>V0$+9Y{+$^f>6E|Ev{F*Gn zJ3qQ5aL0Iw0l4ERz$SE5Vn&-C)%BTGTXj`A*`(;PEGXC#RxbS;qfV)E{9Rj8mN?H3 zF4e?S1cMNN2(qU~V!5tPfS3CnW@Nr~i5_is494|xdriJkbjRB4834afpCpVA`bm}V&cl7=LiV*8==69{i3#$(g3=q2yGgP6+szrGd|Q(w`6n{w`TQ!Uv6b&kucWi70RZ0Hy? zF$I0%h)%mK3sjlx@q=efez5|k-(?nfvV2&8@UUE5kC|m_tVu=PsqV=r(&9>6F0oRU z_upc35eJP54^Tez;K#^x8nUz{fP+CT%tDO`FShm9J0y|sWIFgBsF3(b`8k`lE_?IZ zgtNx@FR-LSV(!N{_;k8`qrj}yf@xkeD}L9OP~f{ z>M0^pj~LusJZcP&WY}%_i)84zM~q>f(-@4)&+U6&tjad@J^B0 z;9i-GkZ34w#8n?)C)40ASc<2^Q zN>dV@2*2Qa{T6By`WG*=t9r6VWB|msy5PHNi>*Uj$Qw~87tc$9mm%#@+$0@QQ#d&x znDJk5bKxkasrgQDTIT<%4O<4XRpN`xGhRt%b&;CKRP$X`N!Lb zZz1-re$PFZv~LnyT<7Y0>`CDaWU!*M;~zk~Wa#tVM#^UpCZPe92ecXQh#&b{fa?Kb zu(uR*XX|tGx>I|Uy(xw-(FQxP1@1H5ev!_3Yx2Y%PblLuuWR)ae}`+!cI&eGO^?7Y zX`Al>tdlOW+&8l6hO>5=Vs7H>Pp6|iVtvk}K7}>dT-@>NP>=@g zs@_v@E@+u;f)nnz1ll5QlUy{qddGWDqRtik_@Io2xJ*xm>8%N=(h#R#*S8PRE zz~h$po4KLNt1-XkS*>&ie#GOxJ{XB%BX{+%vR%wj}NRUrIF$fGV*p(m@yR!0Tp3$#l5 zQMW7z>Zf(C>lE>N03#EuX{(`E-P~$R!Z`xa=#Lh&FKv?qFll zIL%UpYF(xh2Hw;N_cDo5TFbEoXhZw#J2(Pj0u#%y!8HoXYIG)8uR9vx$b1+jKc~>qS}vcRS*vvJXEs3IfqL& zAim;U0wE^Di8>=)f2$2S`=7sx95KI&I_h_tge9&_Dz0< z^lyvp;q2ZG;STmslM2~pDs03VSW#hkYAG{nnZ>$1YESnNp-J#HHbB-t_QKVH9I^r- z;}v$VJ;ssrw#=c233RxE?Z@iQSNl8ugWlT653T|RS9z0kbkB>T&UuH4ZM?N5<>L|8 zJLkI|%!mf*@m*kz?_0LOf>oLJkB6+GuW(c`-)!JvODlF5=H$ssfdk3V0@e>)| zV8CpcyZhT9SE6gYNvcBWxQFWoo15iJlOghy!fz1d)Y3S{fp613kHsIE5$(j*C|rNp z3&|YAkW&d&%M((|N6SOclcgCKYk%=6*i35!$2}?A*HgA2NUlK3?2>eaM4Ko*^b_4| zmXL#WfU1U-zxwyS^@owU90|T7h0wHCP^|U~ zbP+8TnN#!7fc2HO-`GPKfQ5tASsSyb)Xx* z_J1GO|8s(LKK~I6Obi3Rdjr^XP&+PqWD#iYJEi3kB+^{=Qm@^=TGNUT>8G)X_IHrd zu5&&*so()}KqXuDX^Kw&-;;Od#%kN1^cZqDDB0q>!L_vNnnMy`vrYN(;DgdG^Z9&# z;C5D}FYR?4NK+zHEVO*dOmZDHC~RmJ2A4v!h2GBdW-@#KMCrRL8&*lbpMxO{6EB7hgFIkQxI|HoY5+Ryf z&Y>ikxX|jKLGIZyJ^RHf8~G=1$KFki--VwGsXIK#rh=@x#pTD`XwJ8 zraG9%F&6ZcH*VrA>VtvlI2$LA55qe(6-fGGx2rmH?DGJ?y0+{cDiE6Z;~R?*D0R)u zv!3))GpBR=@mS+~#vQa0gK?~@V^*`0t0qL7Z2qle{PIK6zobWk2i3P(PgjLwQJcZz zQ8#^H6_^kvsdG=(U6F?W5B%>xDBUMz&wc%reXZM4Wf`W$X0x-lo9g}Mr~YO=l+2yolc&|#x=x=y<+2i*)Yh&nH@B?613q4< z7)PB0;FPOEZF4!bJOWqQlPm6bo&*wCoDHWVZEu+vuo2Cb732NLlY{;NfT+-_xJ$WG zUm+sne1EL&Sk(x$aTSXEZ&l*|91GzImIE-F-h?j^S7HMAXI%_kHu;--e69|U1^4vm^w|DI-*L4SEsTJ^|O2?64%c|Sg{+8eFumtPsMr6Og{0zUKn-zT(%NL ziRn_xA*-w7((0_6Je*f2Uy2&cN!AIJX@1%$^SzI45FD>Ct(&SJY!PbGhi3!E85rlf zdzZJX?vTFAMsD%qMk?#U6tdMQgZK5g)aF}ztmby z%(pX}#kY;92dRa?wf^?nI@Wrw+dHq+SuuYii#~4fK!#H1IE^pUiyAu$yIjA zTF?{KJ399(Rd`ZCh0LDyWQK?*;u+=5itv=<6(q6x-FHf3@)POw;U621*e4CsqR#%y zYD+oC>hOXpTBT&G3WE>k$EYOo6h`n(+q+xy#^QKxS4$N9BkpT{YaJ<{ zAMe2|x?N>X@K-njCPOvLCsQ=4|`u=S)dCKaJZC!Boo%cH|?leM=SiO6oo!e>}p9x*8 zJcE=wUt9X!08hEi{r%+a*y()LrXDBnzeSJA8FVwAY5Nx6{Hc$mCsm(sAlDL){@O6) zl}VP1wG2W8B0)n|ZL`$iFuT+jFTL#HbXlw~y0_JtmYHb-jwS*KJqr%=@(152!zT+G zvO!nitB1^X=Yqbho$(ZHUdoju{LK_(>p`sCnf43k+mH=}oQuUHw&&!x?UuL+9YNSG?rmrj%t z`mIR2xX0RiBktN$3+y-HTPj@UXO_~x$FHF^blaWhQQL_w){uJ&i%pO!wlaE^>E=?R zt97&;JyN)xJz(YGrpKOmX?NW3A>8i>R+vM`0Gv)6REM-q1)*^+=qlxNzceoM*Q4LZ zOZqrha#U&F8s7jK11_3RuLw)?E%!6o#8*+mq+DCqe3k;r`<+)=Y+`*p;PWq2U1!J* zOz^=JPbje8|EWhh_MfOF3jAH+dzf!khlTWIdf3FAx)*To)aBj({YCg?e zPMI^9`C?eQ>dT`-7voUezvG)jb52`K#EAbduE5zb)e8Ofw+|{XS%C&ai-*pT3(hYB z^CyoIRRfJV8=i-c(rxMBLN#5zlZa|UIP~bgzTpn(PCu`Q>bqu_H8u{+rcs!5hsW`1 zI*}kL%gl>h>*u$7FT)9GeGwPTcTBT%vl$=ClIz5xV`KIr?(cz4Gm^b`lCptK<0+|R z0j3Y93~VI-_4DGhY- zIRgd7jwydW=o(rk+;6H44>-7h&kVl-uz=iV4YQre(W9BpB~UCqOiPy+Octib)_fVF zHGP1~W|!q=j}Py4dFi%<+gE@@ux3Ka%3P`Q>4m*J`~o3k@mR5#SyRSej^hP*gs!&KfrQ zaC|8y`6ghz)oXDJ_hgYzws91Th|U(dbZ1|o4toAM>EWlej0eZj(Dnj zR|wfLAL%_y!-9UEfrbsBBnH7%Jy&%8IkLnK>N-T#8(=Doq6=9pjGzX3DfhaW68!A% z#RYBhW3fD>n|xPe9eNmYNtlf)vKV`loJrU$tX0t=JwE5Yh|^9~G0R#9CM-Vm_&x=S z_iM3Ri~8ke*n;P7c6-DAKaP2j0Q8fdlHqdTcn)8y4JYyQoXMsbI{|ZBuhsLQjtNz< zVy;-uJmBzaehEgpWXG~T*BTDB@OW0*3opCLm*6dzdaS9k_i@W3>@lC0o~6&JaS~Ry z%Y4moZ|`VrnMle{CN1Hwrlv2`E3Dt5N84BV>5u?D_;eWXQg=fyOylFdaGGrDn`e@p z;vdbUq9kt#iG44k;Xnlog)=u|m?|(r?8~OIW+}hzz>wcK?W?Zg3F(W#QZLg8@z}HF zgK6bo2!WwBS;iW}1~Xlo}t1STjs z0$n!76jWyRD&w*X9)5#WE~xb+kFl$&(nt6C8jPJvxPr)|A@MAEQrLK-M1~n zzhtx6p`Wdvxy|mOiGf&Q)&_KANf)S68}lsw{@mS zN@zvNlQyFM_Jca*!JQDr9vUva0_B96Ih{u*Xpe)Hs7pkotQBWY!|*ku?>j?}+LI0r zoB}`Mp9_B!djD3_5x%NIK+hjiBz%~oExitQWjwRh{jG74 z-uh8OC7rGljGXx4rZ@)RdRLn<}Z5+xgRcei)qO zl}VZOp5#%WQ&C%)Nv)fL!d3DGXZyK{Nm{HnrLBVKT2^JKK~CSc7G47m2NV z?KA6g9!(3?3Ltu$5v0j2!%n!?$AOY8LIap~GX@&XsMA?lbhcZ^ zTWwKvBEmu|m591Irn#%l_S+XYcKj#0+%E%vTcE5qn`dMH;rI1C+X%GER~DGZJ!)j1_Y$qrAZg|H zE6A@w>2WPxqN(YN*TgFzl8kD!_kTA<&Sry3`=ngsiyC3 zTyq{w?q%S=)sxm1w~r(m*jPVvKb~%?NyT@_5l3K{@Vuf3Dm6$jF9tDI2*{BML{{}+ zk~|ZPR1tu%k~EiK%ESjgNz;m++QNT}ZaVv2&F|v%Xs7kRb@6v`+|BU{*3>aN-_rL# z*sDTMmTVF`-{K~7Hu6MSa0m^x{zKsp3k?m=nu)9Lr(DxpD6f1sSIOt!!Ia~v_yihf z(vqk8(Eb+b70ykS{`Q0Jus|Yk6%-c}SWV2TYPs)gT>#=X=dx%%bWjxL`WDoDWzmEpLLH3i{O0 z-(*U4e)Gc4yHiE2KUxt+7ECd8xMCZADevtM2ZW1mgRcoHM$ETQrX=x)LWn+VLo2{|^*p8c24y-`Tm zR~>q$fU?LbU9kAfrdJXsU`JnRXt%@yb+V`@eiY63xZ8wsd28m6X7ji`d^TNjKKfY5 zMNIRPRlnnL|8Vj9zBg3A<#hFD7SJ72vRiwko0(h&$tp@wt-<+waLqJQs??=DrPSyj z#W5}cz(OaHQ(j!p$Ku~*`qg?|Z{ts4U*p#iC1bTk`T0v0YHFjUibu2WT}e{Lk_<8< z-^(r1ia7C%ckJ+&v>B7tNA^UkX7&HwPS7PqbGk8XbrWr;#ImF zn6&p|P>E)(ye5N&F?A2i$dxM4m}I~1uT90LA2|}M+t`zR85+{|!vl^}5h+K}uIVKS zi^eG&nuoKDPt$z~u-jkY(+r*pkB5(=fnN7gS`>Ojid0BSimkUgV@mvs zY-xa#)QzyG{DK#*qK$n-ox{qI^ox1?JOMj9III7cl_^*U>1FpqUGLOM8pChfRDuF3 z`@uoyrOf9i$~)-5VTyHO85Hw;zHebzSA^nYrHb!;>EwU%BX zLGhxP3q;hf6Kk{2FN1_Yj}p5^CZkGDcBi7?A+}W$=MT#$gv2i0$)exfD!N<%1{L`{ zhf^jty1a+e9sOIKvgJ!1$_`;n3hB3+K9(s9!~Hn>D-54kt6}7zu(pGY82C5Hc}9a+M<8u{dcF5s4XY^ew}St9|x|dC8Kl~o2E78H4W@A zxBGV0#y0y7qEyK2N?REG$gM9wK_>?vyjx8P)HYK}+E@ zKKz*cz)=Gbtb1-s@el)Dm$2CIzuh708BXPthIO5T8?NaW?o8PE z=WmmW5&^>?(C6BYTG*<$zOD05s0D2dv=_vS=SV=JH6NGi;^WhdF=t@mQRe$zj>a_q zoC5JJxVB4AoQG$4QPI#=&Or{^SxE4lgipJ>-Vr@+Ve#qySjbWvwl^CHTE6s;u^uUHQd7$B&)N6R^ zB%Z%s#C>7*gF1T<>u1;3UU*d=;7ylux+Cug%IjFl^$n#nHrVwZ(@DIxBHbGXJ6rea zQ5x-_c(ayEPZIjm%A#BHN*BZiSc_s)=ox}GxL&11(W}Di#TO9#!G3WYph;<@2}GAx z7+T~dZj^ldj1Qh+AH0hOw^Ry_cgvmA`OMc)hAYn~)|Srt8Er_$qhUK?-_RYp_Rzew z)~FC5e}_h0+H*geK~cu}+^Wso&B`ohQI&BfF?c2l1M5>;5wm=QAzVHgKHD12-$@rR zIs=Q^;{sJ!MDpJT>(sI;$9pQIo}IaIx(PI&l5&2UEEFCSSBI-5w_f!*;k8Khz^n)? z4NI5`xEg-W=8R>xG*3ROZr+G4Su%{i+)h^KKR=^!H2d>75>_^io!RiY4yC)K5Th~S z6L^aw1o6K~rF2GV)mOd{6uwn|d)VyMmWP;n*P~t@M%PBHb*1vkFD@A2EDSM|G_Xme=ANl~ScTaSi3T?f<#Cl|9f?R}6@$f< zXY9G^UL-thma<$2_Ueey$Z4s@Lb8S@kCR2cZl^S@@Z8JpG#t%RORHYxkJaagYkS%H z8ZD`Rgb2Z6o5wwrMWHmJ$0i(sv6+P!l&SJMkwJMCd_gWFDWwoSDSiT%#Ue6s@^uyDrIIMf-jr!u@vt=-u zO2`7R!{drl_D-M$`53`gL6lbE;X9$m$rI}8)MAqKDUu|}kLbNM{TvIm5U0YeeDqZN z;8}j3O&a{@mE`R`ap(9h7-WCzF-sSzPY`|pbJ<%tN^E0eQTROLA4?1TI-g@XJ*~AV zEewj!k9dz92Wr25b`~~mr@bOtmrd5TWuhY4)w*S(4#x|9eb*%E!Q@5GtnBpcOeMWo z%>d;M$trL-`-SeEPGuM2cdiD=)%?R<&f%t8DvPC{SjrCz_(0=Ogb#V#vbWW#MR(5s zR(>zgN1t5RQgJ#`Xl?f-1<;|1hxVXR?bdKIyZZLNY*dm(H&%FoL4~H{f0uSL*UzX8 zO1wd(KvGEDP_`2bM9QO?hhDLou4sVS0YBFBZkPT&U4WkZ4(V;i3Xf4V)lWPk=46)^ zNziF3aS}<-_EEd4;}!fE3cCgEM|i}sCTb~oB0(kQyr2@m$e^A{?n#zlE8DJlgys+$ zdkm{+@A#$b`~D^n=%10&nE2a2A>wbbbzn0*!4tL|=w|uiG@|mStGrgCmG`SLi1a^m z?{x{^clHG7Q4@Xmn?DO7FV7eN4E2aH+Sn`UBO{@*HpYPcn)# zr1)%cPoo6{T%vo0TIUxY4RSJ)ts9Qx?$wL~^^xgAF>=hB&)Coo&?`{@KDq#Hb)!p8 zz*UC=(pLf{Os$d%^lFhCiYI!>pUlgsXM#AEOS=#_1B#N`Upl92IB1h!8a2rsN~ASe z#wVyiWzV*j-(2sA;7Jp_2`wbsqJX9Eew2s`jli+8A9Na9+CS(vLg#=rWu0nmWxX3? z7&U>gvnX4ZL*vk%QzJ>#YwZ2EEEzYILLLmCJIhP`z#(nxWAtk2n^O!Ykw#(P-yc?U z9`_yq4sj8_#T`conuzo`DGR`nU+~p~bnMOu^*`zUK(#<~zjbQbSMEQCQ-B;AS!;dd z3NP3#)jZS2sj)K~V=}#X+gPP=bX8{t$Qq+)(*b^DqG=LbVqQN9>?vBXbH7klE_ZZi zDOB?tRd-nMZEa4Y#Y0v=&qg67Fz`RgXnUn3$z5#SyPi{sCA_~>Qs`2 zV78E_R#4?LX`ZM~<8$-xIcLcBa1kGEm`3X=Zk1oG#ww+#3bv;TrwqFCUKLA3Lpd+_ zqJ%AOc%}WBF*w9P?9SL=97Qy{H?ML_BHZaFBcBpU1OJ%wc9Qg6U~i4`HLM&uQ7BS0 zC-POt)P48(h`MAgKX-~?6aH_s!J{a*f-mNK1|!92=TDeL!4#$CpOTr z;w`oF>+t!LjVAo(55?}`4~)L{1SaC>zb)DWzTk))=Yx*ekH~QK{dV^4Z=gMrHxS^l z%L9UV2?tw2?y7hXFVyihw&FW2LDOza*QH(*kC$?Fnfh)!UkU%{5@u1y3Go|Y{UmpF zm1ac_X&>n&mOT^meGIeD{xvpa{t>nk**Tz`@IqL(FNq3l3%|u6UO9R9j47_gYyZzJ z*KO27PXJPmZK2DYag&9m;VY4pz)**Hgv8ILK=9Zr@JacVkjiVkt3#5CQi1vTmHEOL(H2>BHoEMLRPFRyTgY$;_CSA0h9E<5+iqt-*ROR(I`LVG+HZ_ zlWo*`>}C|KUbe$xbS6qU5AOuKY|9WLDp+s5Nelnfo!2Ef4aC`C%_Yc-s_e?v?0o*$ zOp%>%OwEXs7Y_XIo&w)6iCQo{n+O=LibL@*as8?=0Y`|8UTgn_Lk-%meqPwQVA8Jy zIy?ccapOT;0VzSBfUlV-5XZ)x33>o}Xu^lmflW_rIq%&=*@5}T2W)XwtUYC!%WYS6 z?=1$FAcVR92TKu1DL{%SQhzqMd74a6u?rL%x-G-N7`hQ+%cMQVxNTHXv&ybv3KOR# zl1uSf`uZS7A8X8B!F9$2= zMRK{B@olX0(tri;6Nh{4e$zGMO-9pG{=fe%{yREKYghMys3Q_Sc0R>;u)l{tRX#U=*Ed)dbv9@EWc;UqvKD z$*ve1ANms_Fq`zv1aOEtl!4P!*s+wVCM#%$Qp3KXwVH}#Hh%&_n$I$LkgJUeRk7GS zE8GK1YS!SNfVK59@2tM(*Id7-AS|(geJ?#EjLAe2-dJ>9urzS(n{AT0^;PJbuUz`N z!#L3^sh{>9S;A&Y`6{UTUT-FYDED*1(96^$B+g3H5GsD*;z*|MN6sv^E^f&J(s6}y zN=l_3Th>Tbe`3cc_Mm&J@ewO;<#qkurQUnh0e7G;^UKqTXMXlLrv&|&xq57UQa)h} zg4Q^+`16=SD~f$DMhq_4L4wV_U#&`O6JakPI$Q9l=J!#@c?1_^fOT~otSUg-7<{}JH2y`ZCzoxaEHUx)QuDZ+ zS$lAXhbULlbQAxWage(YP{EE@SL|;n%R|m@;S|>Z5Lw+P=WbvzPt;AzPhG^Fq(q%chbD&tG$9 z<%%%8`g}MieAt4LajB8T3(XY^4bXTWQgMQ7h;MReXwGAKW}7lZoQ7?LB(=#a0`hYO z|1j0kh-jP%9`CXFm>D*9DRc-2o&(pHjTTwxiw?I!CTM2Aiwg<#N_L7|{cc`!dUe9~ z)T--pGqNJgT~st1hj!dL{21M;XLH1A)IQI%{bK9R=%0aEKvkWVdX1h61m#4t98G2? zHnmi%szOT=yi*<1cVq63vJ|NQ;JfgV#Vp~(AA0qZ^9EY4xk*mnBgIJl{48BDn+ae7 zza}n!J{eZ4==(N4mFX41q{$CZ`YvAs?|x4>;n|BBQ0URl&2_H~`=jZvR&HDyxr^9a z(trodx=abVgqz!;2a@b9S^qJO8H|&AJ{ENYqo^H{9o#-ZUg@NW>L%mL8LI_SsI)U? zruB3%v51GXCB3yhFp+pON#Y|YEFMncI`qS4g#%s5|B`HX_Z6q}gRT1Z51ZApM}2?X z)mUbRa4uSRStsJV>Z~mGmGJ4!SAH6xvW#QboA*Oib+NQe4@N0}u@$hXo0t>(49bcX z(;{_ikx^UY4`wK&$;Y1m$C3Xa^z9bq&?ydewBqC+XDPA7mt2Nlaz6Q6X>7x@DksQV~0hdyAFi=%Zjvhc6nJc`#tbX0nK1_?M!9qOcu(BKrI?C3& zmBn$Mb@&f)D=h1w=~{CpmC#BDw(8kKSPAJRmlV#VZ^ru%UBi$V(_JZ)i7|Joh`S8y zZ0SEw;$qhsE*4JXvQMRaiJUCvHPZ<-OA8IdmBD8|=u{ZLq8H_9lhEvOyhu;A_F7Rs zI4xWGAjPcG%heC~bDN)SY?U*^px_5b49oTEQr?PHpWwaKwwuMPEU56#ppCdNs8eg+ zb%)lC^Bu$Bxo&Hckn{Szg>FPVJ$-I}OSC=Uu@PAlx2@Iqu6^<3y3RN5;v_Jiki^iC zsVnoAjyCFXd8R)ptFcFr6$8(PY?hzS21+$!^OoSr9)%ROmGZ zziIIW&j+@|KOkMy1BorW<$RY>;ztDJ1L)&?B0J z&2Hb`2SS5M82H+^u){ym1o{;+;(&2ahwR;PD!7A8pfA++Gq5LS$j^YR+Q-4}kn#aQ zR;F>e&bjR4zVq>ni2d8Vlzu%;Vji$7pR3kNp*jL;48nN$}$#`z>qHRAIGuJ+gsL4vWN^oT--x<${yylpLbZp6L{47i1n!&*D65djB$}3% zl&Viht+F=l$?TKC#P4bx-Kss3^TBS~UEJ&s$Hmql!FefzdVC;K7S zq8*LFd7~aBHc(Iye)`9`L|O4{Bxw))>5hosBn^f_02vD6w10z$f!;X}+X7zP@?D>0 zSyOfX#o{l>vDk_o{g42K`=7V0PE!|=Ij=yQv^)_~+iXsnVc)yw4*s(=LaC;`%sCi( z315pcm2G&QYN+1vqrvnp@!4b*1vVpOVlT@pbs%kc>+z5^TvVJEbKwA$^D-bvs3UMs z4D$V5U?qfMsV7T&c~hFhro^27xetv+Ed52;maldh85>Im+aM_G>n82CKY0Ddo@PC9 z5W__yw$WJKMVCAuSYYPsdw~d?|M?2YL?;U7h!@$xgnI6N^0Vo9?Y{RFIgl;k)SUfw zYEbmOInsOF{OiikXolq7aXrc%*)!`SmZtmP>U3gVCyI2;RrXu4pJ(4JgwrZLxBDM2 zfQiXTisTklBH?cKDyhX5;~@K#@D9nrkaU5^tiXeBC)i%xRr9a4EaVM1Y2oiORcP*T zVxgwe+ms29c(J^d`T2Rzs;kPAR%AKc>CKzAh$PNc#hdF83k0zTKOf(f17Td|>r}BL zNwFm>x@v~eA3{pX()j*|x}I$6amxOGWDbW9hC|Y;V$y}5GYZOVh@I^OJRtmOL2A*n zY*$P*A3s$ze1+@|U$3MJ5Z;d5QA-$9^tG9o_YX1Juyjclh}|y+y%I#(#Oe1359k1v zE&0|1A`dSv;u##jjStXtv(M5!d4=?`j{kG{FTTqEFDxlV8u|D;;INjnc8e+vz@(GM z`}71?k-eIT4cZEA$P~7(&p{JcU(X8j#&IUo*$bj%u=HTDGysTLGOuAlNEYjrn5fo( zYq)YUa=1Cna)>@A%=3BsY`87y4ItSJc=z zj_&(us00+(bwsqc3_FkMpajX4fp+;tucrUebFsL;TKNV#m1FkSGHUAsNBZ&e%Nsf-DY4LDSQrXT;D zqm*Mm4{gjPGW64;LW{4-G-s3osd(TIUm-L-7utc3PS}CtGIu~Q z%f-2az z50K46MZ21@X~+46T{u}w`(AmR(yoytxZ!X@-{Y{V&&da=;}nXVy<&S3H)REEOlDD$ z?d^XA<0>B&TZ0t6T~^z=`)`fovY#an;>GRO(;(U0@g7*vyuU2eP6nF-v6n$AFf`A} z!9v?ZLEC|^v=X0UbDHMlSFX=(y@gErh^1SQ?#r!b(N2C@WEo_-d-01;29Tq=?0cKT z{Dh#2L_1XY`B4t$9{dw}3vS+spMv+6Y1m*-4J9k?Y|wX6M;Rg}KAeAQvYVGr@a~z@>3D{qtX$X`gB_V3s`92~Jc&Ta9`Fdhq=s z4cAEggS=mrP8PG$i2`X)##B{|t| zG4t?Y(OG!`lm5=fv@_5m?21EJnbY%C%7cqUCFefvJa zhwRA0=>WJEE~X|Et3iJ=ne-4upMIq-n2nyy$&2}_x&B#(wDlck5! zy<%f!Qads2C@FRvHTO6Ap8sAjDQtl6h4S~*0*|4<9Q}a<5q|rjzQ}Lq zaCo)KB=Y*uXST?}Y{t0YaUua*wU{~ce=B`iQ1JavLRJ@vdK+&Tlp z#FJ2g4t%BwsgpKm^)x=$YRZni{FwfzIqA`GRHist*?C8#Mjx%#s-43s|t z>Mhcg%94$W(Qz~|4@iYs?QwS>=7R*>JK_^(ymLt8Q$PXC*4!yI)Usp_374`~0)?76 zAJj+#ikmCycP#=|it(31Ua)Sxw&xkkk{UMVBDj(SE85!gk?~RmXBru)JBMsdy=R6P z;5cCB(h6GU`VwGRZ+P@JxtF|beG5=VYZFhoX4IDXq>uR;l?pPk;?jQpC*}5n&`sh4 zDMK4c0(2A6gO33qWzJ^)4p;>+I*QrfNG5Svh$+`_LCHNK)jcaKDU=taCDE) zfA%#^Pxf{q8Z%yDWHyBXaID$yjdva>M7>7J?smyj?b(q%277XEWbJ?o5FPDv5H zq<_N(8$`)~$G4s<65rjPUFSsaFF2G}M?x7)7dp5j5x!rh`f10X=t2vv2NJ zD{H*(+`kFMM?m4p0fkT3BN8nmcOw!!BD?6v3f1U;K_3d>p&Y`oHnZjIx8J}6j$;&N zC1~gz&GCBn2Yt5~d*&}$a^=>fEv1xc$?@z> z4J6wXHnS$iNlfn3vZiKRCq(ysHHw*V0KQOHTt<@*;mjdWw{|w21R3YlhR-#BH2uo? z`MFayij6T+El>b>v&T`n#{~_&|Ae-px)bdyhsujR>y}d}{*nCi_q%XubA#2uC$mA; zXun`)d@N~+vnhp~iAe(s-+7qE?5l(Rg(inddCs!4U-o;%mqt*Bqza)@vP?D}_o&Oy zh-9U*7Jy0+ez|O z=rnt+loQ7<$*q6+VLzkK5U~kD1FdvrMYQY&s>My`FLd?$-cS4goV}wo_Zy4)Qtof` z)3J~nU)g9yKa}BhG$&uD$;@lBE z?IKs`+{nlx-zIiQ+-{>PCHDSfcMuRb=N$5nd9i_=LmH%GA19nOBkgyM13rUTrJMRR z4K(=iOy9InI=FU&ce8duV_+X*=)nQ8&(DN=1T*|sFUd&JbOp3j0WXT>B>l zx!lSI?g*9syDD9&HlRbz<;vhir|1Z;MrS4j$+6?NvRuv95{nk=ug8A(OC`s z#LY`(S|;JL|NqeSmQiiR-MVj!QyhvFmjW#g#oZ|sD5b@|~#F_q}_J^WJY+BOfB;zvi0q%-=Ir2nvPbL`@8S-0f*Xoud?02{Aq zO&FPV1^lu_7oevW{H6t`inTMt5!z)z0#!eKI{ycr=h^2%P{&8LV?B6bLp}pPArXb| zdcw!Mzr?&U)*^uiwA2D(g>ZN>vJA-1d+yst3`RcC8NvSuvbhI-4Q1I|mrKHv8j;pC z3*<=v)K%{r+uu`Yv zqN6Q1i@{}@6fP;d5hvp>{CKaXXG27|F=SEbkq839 zJ2%55v4Ca9$5C|jj*4`h5|UisJ&xz(UL=JeBy74T*FBPt$*moG1=wh*8nUiyelIWg zb3^zd06GH2SSZ>Q`V>JdX2ZMQfg1fCCP=D&R`f9cVChHJvag0L!F@c2*HcQ~Q9qQ; z74>TJ^p|0~%>?KUy4c?%&0kT7TZL0(7Y}pIDulvpBpkE6P)!_nXf%_a%CIM5UoL6* zoj2mlN`+@}^6Iri)7qC{xcP4&wxXe=sT|eMJdDl_CdrEJ?L5yK3Zfv=_ zN$?5nh6;}i+94%y&~=uip_XK%dfEQDO!E=XIf&r2A3wz8(ZlbqJX=q3wbg3)yL1e; zSg#I~tzS_8tCh_gdd;3SJ!!62)G7#My|5xvpF$#kyO5w`cua9>R#X_F$%F6g9OGAD|bdfnvzplNacjGh&fl zFm(+#N^3hH>aTg^Oyh1|!a&TRpBPDDQ1T#ZGu}1fBq}5x|B(h#X!VzU^onxbml%w~ zI5iEQd}O^kG2s3f)#=?fM9=!3XPG76JVg|Zn>wGSnzQVB%1!VPB^I``D-$t{bD{*uK#sEDxDQhNyh;?bN<*mxf#>q$D- zSCe5FvZ`^&*cT>YXjgIfukWSMr|YQ-J8oKZJ@?<{P0bkNCBUhA zUXNA8e7ApD&7?~x;0o<1;YJ8ILai9DH=O!h%g0}UbYD5PxfSq}lGziX6{~A4!GbtG z8aKjrP*GP$KcF6NwT??&_~#as!w?SI7fPE~)q(chhQ&dqf5id!yQ#82QlK6{UbXb`z0S(41;k%Zfd{;0 z+Yd}5uCUsEn#hH?ItRJ7eO-%=`=wma=yM5cs{oje8R*-J%&a5xHC|0=j?Iw!7}6$u zP~OF!s(3{vL|T%m6mKk+%OH@7{mLh2JP<@HalqLUaDt!RE*%?mmZN5ZP0Jq1D_HuckNCav)pG%=Y=r7rM+;?i zwQrBb@aUn*HY8^DLFMl-9@g1hWbg3USi>}vD#8NmW|DX>F-~H4x+2vGIJkbR9oMNX zO}RB5ufheCHO_Z!6O9IK{jk<{G85;$kS@5}GwWjB~Rxj^4 z_Q-Xg=gZF+dU3afGOx=*WXi-i*44!d9@tfk68XVA+bKPd`wZFqYm)EWjp~+u^K5!Q zv+CWTIeE_&YEj(8Nos zRBbJcx&+uz4hbuokx6A(Djp2wmOzZj6<*MQSmOt#T=a1%+^f(@hcjN%3%%IK)l8u% z!Oc~??)G-?^veVwJ6q_mv%@;i^{g&?I40d+8W&XxPR;|8+aL~t)RvI@=yfnJtTiX6 zgQ)k+y0WDRxn@QaEBa%-u~pyD8}{#tqOH?TTW*M`J0Xg1{KZ&RKgTbqHd0QF{iywN z%x^Y^g`xhdd44RxX#V@^6huUp{2u}O93?>URR>Ys&y}FiSMt9R>x#@sfU`h3`>UWk zNn$zu}Z*|p=SJ9l7Es$jc$AA-_K8;c%dtPn|b-T(m-nHDGm+)4x%#}dXFbcN~@6I z3|4$0g6Hq4UUuZgN*hhStHAW7iMsZSo4n$UO_EKzb##6jXIZd|Sl?&K4w+q5>E8hjcg1>$XJ99R$qufK}#UDba^ zS{vY=mtui>dJQU3PRj41)DY3D|9GPlPwPFu3ZYsZix{-<>SiI=geZF`m9(LL%Wb1lun< z1vYncBlw47C|?wj-B*}#U0$7o4d{xQN8sdq^CD&xZT%SH9Ge<;9Y zB&IujsK0qZEmVh0IFw0fCOO0ll((Q!&D`;QUsWG{Jupxfi_S4NJ+5QhJiDJ+kxMG7hDTAdP!Z@*y81K6&FxeR zu<&?FD-LrUepZmw{7mFqI}!eg?O?(IE9q$~UQPtBczmJBe|`7bLC67+-eXSdVF zo9DlrG~n`1W-3v<+3I%Dn>prW+8KtGZsd^G;p-gs zZ+nqhsibLwy<)7zw8QqpdISJO-5ypNa1S`#&Z%@dh*wV}H95ISpRS`TzsepCAHul( zbL)|(X3U*qGtA5N=d;)e z_2(T1`(VxAXAs!Y$D-+i$_QfV(}%$(Lk8A_*cpAosS5*EgL>+){d&-$1(^bH?79mh zDKUz{&UPd`{((I~c-kI`5x3*~X|U}~YUB*Zx5(0sLsUj#s^$AriN%>QA@RsVbnzFY zHR)n`no?d@gB{_*?7DI$l|bve(b_BhIsqRy-|K!6L7#61AwBTYij#SG)>PuvQ)mUA z;Mdt-u`BdoDTRwP8V0ow)Glh$Y47L~bmM|U2nX=iu0Lx=P=?;BEJ?wS*#4PI#Irjv zq$-7bdkTG?8=OR<#<{obB5XcRWGp9su`@pzRmKwf*Z+~^GXdvh+aK5m-W@fnzbvP@ zWoyFyg2f)^NAKPn0shqtBN6}2NO8>tFS-3=YH3@L^u!`HNlEIvONdgTb2tkVWl1l< zY=89h$hD{D>nL@Z!|5o_zT!W}%l+ODi7Y=v_ANRdsAtCHD<6v$RUF@z-z^2iZ31u; zIq3Xso}Z+fXQCuN-w)zl^OJtofmi&^Q2GIi+I-Xt@x|H(Ca5Q5?;i^FO8k%0`u}9> z|8;mLC<($*99>T88S2K!n7KmT=I4N9Tz4DRZ?Q>LkRqcP9&mmWMg4e)Rt|>jqz_>r ztF+~gJsBI9a@q$0XGojJ+C2WG_;!WQ7%g9^7t4G7nz2^P`qi8L0c8P~m#Xto5xY)A zWrNZR`(1E7$BLUD&B5>9M_e70v{YPItKXs&8VZnOpHYT~p&<73TfQ}c5@k0YJ6o{u z;I9|k0&#x#66)UOc70_!+DEF%w&2yNpA0{+CHwtSR8YF&db+d5k$!*bm{-Gh?Ld`e-cOPT| z_Za1iC8X52{l}@{@vdUZ7c?`<@QAx^=sO@IfQ-ATDYMRZ`W;(Mi-4@4zZ!ixtvJXg81HZ@ZxM|B~U$QCil3*nmj``nZ)hq_%wiu&S z0cPIUPaY_YJ*uAdasB2sD%|VVNaf9qTyqli6WS;Vex|5uH;|&=(Es?+vKwEeXbC&R zl+=1XKfMe1w3*Rv?~2B~B_&0BGb$AzL_+w#i?}rplr6wZyN6U+=WEGV35{;7V}+}S z`x7x_!o6+&8J&|auV(ly2nei%Q7#_LrSPzD5pdRWFj&8ZU=&Ry3@{?}KdZt2{{5eD zkf27+DnT|QeE;{`R!kU@S2d$92(hYnV|qeiVS~zke#6vaY4j?*G5r&tCNKR23(CTh zgv{^w#iHmRr~2nDlO@62-~LBp^FNL@B_W0^(p}s^sCI-$(5wBCGtL>|>0f^F+n0z~ zowG=X-ydKxZ(iLU#)YJwjk`G(@k4|KLvWI{JMz4Ix#1ptydQAYEfpX^;v7y_rHta} zZc#+jn3##?9sYw$lllMt`u|n>-b6?;`rl%zc>`GJJ2ex_6f1SLcF`iRffgrA^&&#G z>~4=6XRBUiJ`c8bI&-??6ymIcWZ*&G&>{s|TVi-Sg+_dG&+MNcjdpH+0zLu)K+J*o z=f-P_xd*_65}KzgS=+uZ#)?hG?A%g=osEdc>B>2Ip_3@aK;OAM-B+!~z!Sbt4KvZ} zU+JQw=fA=|03C>hPVrc#%Z~`5`xUU(p8pVdy*iTq@a_c&0e1>`4uA~=J|+7yT@&uk zf9)vzSX0Sgkk>bC5$T_VCp6=?iEX^Y5kHE38mU)%S7ole)h32706hN!Lal!DD@%2I z{2v3Chm(#GxH0wH<(uiRk8s$V+kr~%`Ringvv^RPy_$2eli&2N0FxX`Y}0izISgw( zdhl|!_w)Yxgd0Lr13eO7UU!(9(mC|VIMTyeQ`?^Yy6AT9B{ZA-xfuQAs`iKl%KD%G z>p!oN;$PXLWxXxc4tfTxIpblu$> z`ul<>r6D4U+gT!VXdgNxY2A(%264Rk3JWWb{(SDPg{a{C5S-S0taX(#Y&X1V{yMw>#fvvepq~94+;)Fh4JQ{mzSPn6rO!3Fg1bC?sOquh^ zJ%ft>wd+OFSP}714Po11$sZdeT&J)n?yG2~1|?N1r^2zHR%_fMai|3sbQ`VhG6WnN z_{*1@zMPRzUwv$%%}4m+Ru`Hpm%9{?&C1{Z5yx}>eBFhIR8|NH$E6ZJNlx}T-frK` z@|Jm-pqY7C4TBH=8^jY*EV|}upA}u6{~>eF@9Jj+!xGPP=m))J!FzmWDm?Pf;Xk6|cXYBK3<8rhLn|$AHawLvihDm?OAVIY>y>1+ zbU(MJ@Ko9_#Qo8lo_yE+shMW4bK*IU5Zg+i$!@Wx&yB)o7Xc`rDl@7?rRnAoGb(ly z+|jyhJBJ4YaAsLW)!GxmN7+5UQe_Mh@12To#dxF_JPZ=Q#UynYC#5`jES=r{Y2Sp+ zq|RytAKStdZh35P$J`pcmTms9&ZM$?>H^J0mTL?==~UCKz+v{Q4XZHEeeHP;gPV5C zZzM2DV_SJ$=^QF@VGlBLY(Vh-rbw^dfk-db`XOM`5P{+qX;aDD*IHGU zzqU9^c%PS^+``zh{AA|cF4g)=A8fNb-aFt7ddb{QoAbR5RCHtF4%tU*R9TWb2_yOuOx$6!6Jx|u#xnFaq@yoA3*K7@z1FmdCU?QljQP5F{5 zalNX*uNN7&LP3gbNc(yvC$nH1DC`4Yx~zo!v)2XD(dfYJ?Pgo*?GnnS<+;X&eierh z>b1q{9_tjV8py`kD=q0-<_4!uMm_uE+37YlEj;hua4wXnD=ZeNWXwQfRDar~LfZ<# zq(tG|26@94v0~4bUVDp{Wm;;GXj$|@Ea^ybN!%t0=R3vzYVCUsRb3Clry14PLwE^k zpAahV{KjX=z3&h#*q+e%gbB$XTaxP8R!h$LQ)~j5VZ~Iu)`SlXWA|%ABI-XHV6f=n zc0t(^l|pmreA!LLYOC9Ajm$fHXDV35Jz91n(e$Caz<0ybsf+`y`n8kU{3G|^^|}ar z-v_)^<+Hh!N&(QYyx3v#XCG*f7^jRMtzT_zVhGZKR+>k6;}4XNH3ZV0uhAGcsDb~8 z!m;Ky|Df_AY@NJr?Njup)l|sIYK1P7gnf?o)b!5Rnky8tgxz33-duDf`2lB}Y%PRM z6lsHZpYv_mtrL24>KF9ppU-)u0|G1k$Q|w_lgU)S1fc1OmzNLPsbg62vrt{BOeiG5>KUn#$4HLH>H#?fkY?8=sIS_8Y>X77hL!v|bT zHIWtb_JpnF*Pv+kslUtRDimwWY5l<4mF-K&&%rZ_=`}9M<^{EmrXiCx_b{>0mxsFv z!@UTcKOKvI1D(X{p8WZkEoM##7V@j3KIETy`RWQZR8yn94-R$FXAv#2-wxNBhD{zs$n|Wp;GDsaNp2)Kie;t z=u=!zgp_?TkrjS-8j`>V17&gr00jLfM(l^EY5nsy&TT4Ccv6o~)Q6desYs4`DP;7; zKlL_`;`@VAy73CqJQ4o!PLwjZp=PkoZ)t_FzZw^wMIwqawBkUNpDf%n5Ba)&12jJ) zo5=JcV!Pr+xtZ+NY8IV-O*7H43WS&Bt>r#@6J6ZVQ=y1nBTzSC2EfH1XCDR~V1;K% zGHY}Oosq(9AK2^vYlYUn{csv{EDoi+_5LFdFVa7|5w;~co zma#E|if~-0U<6bm9vS44?Meo0MiXiGx;i+8(jnG%u9?Z=(8n?Li4@2AptSLKR9k}T z1$BotV)4(8l~q>$Zb`TBx$=xG!FR&0NjTIzE1|K1N~gyk9a=``lnYc1eFNa;rNgF* z>y#bKiqv!?FzJZCWreA%`_rUt zo8YJuPvwvXyb8Q3&gMQylmLGJ@nbP<()0veJMJSx0pZ(Y?ou;7*vMSE}G&vXXX}LlUBT2>(WvHt)fv4dg`^s9i%=W;V z6I(onYpQTuHqj@yVdXrkq>cfJYgP0kwH!6VRb>pHcRNjr=ukpAW=#AQ`~*ybo~`85 zsc}QiuM6u=IKrp#5gh{Szr^0E?qql;^l{JR{wU=SeKxoDa)Pn3kQvK_#w0yQe_cZc zukEb1dVr3%H@bT47OK=!Qs=eY7B@{9ox+Z&*MqLWDj94(JU-q(O%zre!i1?y9Juts zt`S-MP6-g0s{1svLyGF^evJphF}BX{;b`?{)WL6bf7Yx0fnDVIkypP+A^M%2@{qDY zLnrFF7ncQS!=q+{8A?`E!S>}~p*?>Uo<6>Km^fC#6uS&uAxxIg#S#*~T^zRwkmnRR z>`gowVy%R>e_&&o^7aWi)`dtw}ctWj;vHPW5>EAU;0o;91) z`lP@fxoertyuG-D`_Y0^rEdUV=j$G1>B;G9m75 zi!lG#;whq?;7-B7M@I>nb9V4Lo#~)-x!Lm;FubRmctxcjR@{b;(YXcR3h+WruxoxQ zuVVdmzW#MfCVE`v!WPC3-${NL+DSdR-_NeSSv<`e(Qow4ii#5!_`Yn!p(eywP#r|U6Yjmux6xi-&R{vi?gfm4I( zb=SZ*aDgmj+}{2|PgnD!>9y)`(xik2HSO+jDo|`8&}9xRWFNKn`0Ys5Yw^!q1RVhb z!eZh2E(wp{4H-H}LpZoSL_{9Mh-QD(QS&p|&1${txZ1n#P5cH0n*wN(td>~)I~twQWr4xs1L$%G24Ykr>@7XxzrnzpDya%sRU^gasR$7)K_Ec>o=ia^z@ z8UBF(`zuo-BLIxr-@Q$?9U#(wNlvw)(5OeQL7gI&VcWq9{@}AxVc^vfs~#;%yUz{Y zgrYCXv|_9{jR++Pa~c<+RX{~N$4{aBO3h=37`*(k|!aHDaN zfbXWT=9FPIKX>0;`$rg`AGA!Vjvu0PSw=}Ub~j7`J~T}6gCdoF`(PijlN;qfP8RYV z&n-FiXBih~BYHs;&e^N&ZO52C$~29YDLAlDZQXLa(pI|Pm zh);AVc)}zhnIGvLwmuZM6pOV)7kkD1*s3)}a&xG(jEdb@)S=!goSN*7EDwAnt4OjUztGWIaW2}vJo94SN?2}!;)>FwZZwsd35dgwiZ%%5}mam#?PZvxf z%jA}zQx|!GLa*KA)Dwj5x)YvBgL`F3*(X;VDoYa#*cZLHblC1NAB`L7eZ%ZSfG3Hv z#D^%M@DTFhPv_tTqohm^d>1;O!ypm6`-0?t`47Tlsq493WwxWcZNP3e5e`F z#*zBs*JQ6WuWg0wJJRC=C$aXnS>GXRh`T*ME3eck9b>RllNZT&UWPVY1mqX=51)+D zJS}px9Q=GZC^xE8mH?zb4X2(@&^OlF)$cfO^=jB1B@K#?U9O>Wd(WsVv?_?S1dOx` zy8Y%Dm-9 zX}w|@u^cfHWxzde5zoHgDxm`5-G@1q#KJ5;!8{5X9JHNJwzB`b#So1gM?rf0 zMt^ZiuWJk|B0~u>BW{$Rot={5maz_~i+M}i-^{Sbx$Vt{_1vzPX5IgV$4} z#*m|GS+k2u-zVkq*x0i86CTZcU*M%GZ!|j!Q4sCp^$FsRIUUuxBkvJ(*k4t#^`%{=70^_G~R8&|hjU~ycWCz?y zbnvQw&#xyW$f<%VbemTmsLwIBq$tY>x>VK^(E_a}yMY`;&8inW06UNH34`yV>kSbF zoNVt7Q2x9k}OLhc&t*^YtQ_dgZglPg(kTu_=*N2Ab_NZO>do%^uBXT7xo_ z4u;{mO28Zr-B07wn}d;*mVciCgvo4%IW2ZI94&Z4jlMp~6w^?B{W8lq-$LcZ?xyJd zUBlInS>-vYoScb<8|+iw?B0NtNuw*y9fF!(zHRByhKgN*mTa;qqQD^?nrrH185vm| z3Z9X%2{wN_OypF@S#@{s;Ah>q2B`Hy&GXx(x1C7tcs}J+z1et; z`Fgg|A)x&W}G}5J$F|$!-MGI znu~VXPf4p65gDtc&@Obp^Lr^m$sz=nXzuL(tnoBx-uo-ayx-I7qa6OD6!fDUSJebP znZu&N1{}{bYzx>X^*?u&Ov6wyupzIQ(N@2l{F^ZIJ5b{q7(F#N zklkX}=F)>V%)Z&x!Fny?u*No@ePi2Irfa+0(6@JN*bsiY0v7*g@>4Kdz@v!k)Y3q1 zK$<>&e?^FQ1%Itbg>;vD>KX*5vx*2(KsY`wt|>wM?=LOy0si|O!e}2_O?reo6lfAH zimUY53@YE!VZ_DFlNBW*~<{@HKKEZ#_jtErA8m2b$q$$T|X(n zWL^gDXPsl=rf}-*f%e(HYyU-+rb*3=N28B&B31Ju5x}Mr)~B9$I)SrF?d#^CnMvK7~^4)I^Ef;kxLHWMMCL_4aVJ`-T!!OS?5;fvJaD*S%dLR<>cHBKG z7U@znP3vF;|52>K8AGh-$*%OT>B>_+^a&2MkPYkcpJlO;ITYO9!9EA@*gKa!t|3wP z6+r7jcccMR`uMuH%fGf8_*)S}&;E0loohUMEK-iD@%3lU3Wt?!gx*W+u|Mq7i{qGc z{l0Lr@CdT!C{n9on=>D%&PmOC$8UGYoPHSn0g3p+m?KNTBb4YaPRnHvyn8vevLY@fFRaOe-PA6^n%dw@rLDA1P_qnrbEW_**^x#|GLcMZi0Ou)Wn7?FR;w*C#*8 zEPK#pK0^3>U2w<=#Q{&wGz<_X;Hj~{UX^2e)D>)E+D}9Fto?rO69M);kMxZreYw}| znJUbo^mGs;P~+TO|s=sq-m7cOLy(fPU6c%3W(tZVaHjw*%LaP z=94*^Ce%ai_o#NpjuNjdG!rcfdfZRsm$#-fc!tmSo1uVq_0Veg*qp*+oh%?xjVnFw zX)td@4zL>T@(5){9POH-oT`B$6)%n6UVSycq0hxlVf1cH#uH&DAq820BWwDnlw}tl zagy+|maBx}tjA6bth@(Qg2p)ER3rC7A{~i`ML#bpt|iMz{UF-@w5w91^?k@auPo*E zYf%Mx)v7{jPViNp&(?OfE8+d7gt(Oh<~)(Apt>GIOf9sZy7<&1mRN{)+~N&I6~ys( zqlpGOoCb!3S)@yc~=HJJkB-b7AZ)8G)3DH*wGIJR%3(072aN{n@ia?X{ z#DdVIK-kWNSldQh<*Byn(U!zc*M66H31Zl(t-(Sq49Pd{r-5;aw%oWAG@nbXxrBKf zoT^p+xQ4n)%=^APthZ3-dSw;p#eof4-D)@45(Kx|#%aXDY{!$aCz!nv5MK5cVIXYy zXnYNJk+lI2wC905N<~VvSc{qj^h#vk7mFrq2{ywYFUN(sXI0i70Ng}NzX$qcvinHm zS^)1&!9GWSnGHOcR7F*S_w|{7LiNE1-O9Gj;Fh3(6mfI!pk71HRoS)dSzy2Nr@fr* zDD_||-C(KqDC;OUpE{~%n@SaKlH9K^`SQ_F7$Tahn@+eA^x?fTr8Y%dKBqT|<3(qk z&^nf@tKmZK5jZ``vs)&Qr7fn@)L{%bGg*KzfCS^Zlj*fdIMR*{o5b8yfxyLY*O#{a zjbW}S<@t2_nibj>2%~!fos9D5qeD}+9cVYIOYr@d_$sO&7S14^9oReaex0|0pi7f4 zQsZ;h)uX!cX>s{%H^u}CA)+#qKD5V+yb6(_Xv=Bb+j3uT-P+95afNke9C8|Bs7>^-7h z>hoK_*i?4>av1dzscsf)c536AU`4(-@6{`gtFV+dHPXHFynJE48 zVjmDhvV?Thn+X}bri$#pt3ur*=T}sgt)c#4&O|K)en+i-TlRZx&d;Nnd7ojcy($$L zghJS?MB(KLxx?w(`CE1#Q#Mdxa}1XcJmco5H1YI++tk2W# z6ml`3&`AR)%uFBG2G=RAoeih3&uXvClUnCS9`L$QV+jlmDS78oxloG$XdPJV9c`|U z-W*Qw>$R9w--@-&%y=fa#_mzIaYE@%zIk2!`*1qR|15H&ZM`f1u*Iy}II0Y)3Zs4~ zjTSpY0h-xYU+daBPDL<3oMCJ1^!eTwYAxXitXR>^7P55EY5Fxr!GE5cMIsQy$iUVH0e=j1yxPN3$lTJrN`45e1zSG zP(FECHf>cY{wrC3#oj`;1DliE=DcJV;p1Y4Is{($I$1HiwITh_U5N)7#EAGohDBV$ z48N1CS|f!Y+l=ftqAcJ~`Jq>MTncSCrS@pS(2ANNtFj#bW6f($3Aw~fux-Q!lC9DH z>bQ=syc1Yc^zgmMYJdOUP&sSY0G;l4|2G<-{Z*m>l{FXF_J=U$nUeT?^S9I%;{(V? zazGSBD(T!Kq=zK_a;3p<2md61u|1fSn##Pr$zf-?_@29>6x{Lj#Cfy*(mpSCmSR0T z;NW*zs=5Hso8@=xJiY@t_!&?`Iy@L|{R5DFmOuYd^^wezHba3}M-|`=$lMio+@(KV z`8^MVypJ&B-!HE1S!R1JwLfGzG==fra$RIQPsxrW2R%0B_b=xAdCCUQ{Um5%7P?m? z|0=0m$IkASF5nR3^=&tTC9saH&<>k>gV}5cKYlFa%=%FeND#)^{61wcW~W8T>GtXs)PGEPsd5Bkq5C% z;yG(x#}>g5ZQbjLFYyx2sOnYT!1P3FWHekiJUL?P%yUd&vnD7bIhl1OybUWvo_iWh^&TAe#nbz``F2Tvphhuzmz6gAt<@bkGXtOV*AJK?*(^pgnWh@`_0BA< z_4aV+6EvIKC$q`gp+!b?&cAsB>3(syGnnou`xcl_qTWuZz~9~nmhHCWH|X}?wM#=; zQUUmr00OlP{ys5-MT=}X=2F?M+7e{W-9=p#Bsst3FHtFIFZj$Nft#XZd;ERs8jt73WlA9c!9V3p=d>YGXV zr`5B?MEuTwf%O{!9D7=)HI)X_UG_~mtp7rU(M!8!dsvS><88k zfceqy-8MP%#Vh%JAAz_c8|jhebh^$~Cg(BH&NHIEzRNm{UE+>@lA|cMfw$*PkMf~K z?Kd@?uCi)mL3hEZge%)mu6t2`E40`g&E_KtVfgZRi+zDY__3x#(RBYmIs^$M9@AcY z0xN0^E`WS7v=(cJ;b(n}nyMn?-{Aihzt z7vbOEDS6BaysQBdf4|&*CI0ZqxD!7M@6R^MTgF<`^QV$_4RZWOvfDV*BZ9FxMw+wt z7EJ}`ParL^c=V%Cdwkjw&2ZZyKZMX0fT@88D}EXkqwNvfr5e?V;Ec%3;S#WecZk3O<5%mS zDGFLUuYr8`PXDe75dfx(1bNS-F?&^8{KME}39&gh9j4u(zsa*0FXZU0?o~4=cBMlb}g<*CvZR z#VRnEx{93gzltAOC_fKprbNXo;12dCj zq|#T(mV0hAk5vwrM(VllR`yq-!6HsQO|=@qPV^E{e?OB;fhg6^nUz#QZb_sp%VI># zBfLX#7^vpb%cr}?$=e2M}JjGI2FeN z4%)dP;!4XkgaL!rA)>!q%6-r{(?oQ~C))wTa193_Aw_*JKmd!T=GnUkkiM}O|JwIQ z{y&Yz!zGb180Vm9)R1L@02$QRQ6yxCbSy3|&h;US7+(5o9>uDni<(1`Z;<<4?ZUvi zDDQjmsqLM6Tx!Bxm$JsA-vJh-WVeVTil=CIiK3{J0&+#jinzIcV*j1e9Ew9DL&)Gb z4E0Z_WdQhNKhhB%>mK8^L_6xPeY;vmwhMAM-I3$X>LI7PfAMk^p)pyGd2aLM&19uC z@NF3ojhp(Up+uBmL_8O?%(?rsbz)21m8a>z-pVAWH&iu?!L!@}I&>enyOfuVXtU+p zDGl$u7cc@T0X`F+&t*v12>8KBT6eaTsrn^VU5SP25XzZ;R2h8Bx3#k$4E>ga>FheS zpZEJ|h!2wh`rnMeOms3AuE9HfC0Xpw#zo*V*6;kMg=+vwH$v!hmrZ3Or|-S}ZIQES z5(SLNv>kaS$?rRM=+COqI;>p{VF-u#6*qrna8nLX1S)oVC-3(LZsuO-&Skky2r=VI zP8UO_t@-f6T#Lfb+Txq7L~r*AShSH}iGQO0eMOt$n-{ zfY|+fZ5hWKe=xHelN`eY75JrsNvjE+L;`|d@6|vn!={n5bt9tT>3%KC?25iW- zQxO;mdiO?nq^YMC&u7DvIc6ZEdfTYoH8rb@eP#9HpJ;beP*f;1)G2`f3+VCpQYN#` zfk|!skE5l3^;3L@U{Olz>0j($awx$ZmDBfsS6f`6wWD-Rg0)R$Wiue3YjYZ2G6neU zxkIDRb7XrTFP0h^CkZjP;dELWf1WNq=0j!BrBfIxuNk` zop${%=5n8OW*&O(FE;lakZ}Y-rd_7j_0Z+IZ9L|nGPS5jo0dL2;?n`!F1hd!DJpxZc>c__K9EPgDvRA`L^Jb>)$(;M@%2Ew z!Z3x@d46P@bkpD5Uc`noWel8HDyHf^zHfp~lu7K(?( z;}YK9h_o~2d6nGK?Q%)*kceG$p6hE`A$JG1OCLm2@s7oaKpBAzH&?)0kB%1=9zRK1 zPpdUkCpU&QD5(pP=a2|;n%#G!sq>TGYO_K5Yz1;H^5O-dp!;Z-facITY4J(UhQ8|w zvz`RF<*la8tUWlH9rWvXU(6PDwP7g}_TzaiH8%wN&o{PWA6C6Kp`M0QE0b+B^Cc>p z@f!E7*_5&+a~YBPDylIJ=43Nwq$TQ@R|f@sd{H0Rs-#GITKh%N_?QH}2`04DA0Pa) z%oA>vA>&oyy&cySglVg6v>}N?>OA}BUJ)lBevdPY?=_cwUUKCHGJhdqxp0WvdyWCz zy^*%n`A=$Lz&^&t8Ho&Hy;c5IEh^*~}+PgEloix)gp5pUAv$veAtjY89N&=xS;>_~414)){XB=(; znOkfttQ@W1^uCI3?w|Tf^(u!beq0KumY?)K{#JoGgDQjfT8-f-ko03HIril?glfBY zgu>y=_33*Fc)VIu7kLj0fQt8q%**G})4$JRm6a zP;^UYjZ-v;48qDv=kG4ENr<6s7FwmM$5TnzHM-a$Cx`4>9Fl#mOhe!?bKs;sxuR(B zqkhRe+AcF9vbwRXPIkYJSa&{g{0g9|_wR$+sbd{^g)w+7Ad39Vxjww7lj&5h97#NTDIs+kv zJ!?9}b+`>$O1XAs2Lp8UKGmATi|y~r5;=QAXpOrt_8;gyP{90j7eYo?BfMh`<7=L+ z$H!Qlq7Dv9YL!h}AN!r%p-2zc4!-7=$59ixGGP>YsWQ&y)|Rj56$muQlxlam2NwL- z+U|xT-A}5wPj?cTKaO%42}=4ATeaTK7ptnTUlHVrPObqialGJ%#V6oPj=BgUwM)78 z2tE8IwF&f_Z1N*k7SgBG?@CLA|Mv^$e!Mrk4^g)A(b^X#! z^PZgFgBMC0a45Sh}9A-4sGn$bQyrOt!NdsTKvEe z($kvyQt6J@B_+qmrc(AC`)v8QgMk=RjtK6plE>-NYK+M9Tcd$4{{E=_ibN3Sjq5<4 zop@*sM)1C^dd3HbA4go?J7kp}=DR~XUmSo>HRX1sSq71rY?Jl`<+}AwY9^5G+#Y$M zx=gyLeFk~&qY<)G>X-ml+d$kLgXVsl&I^QZ)+0qXnh zme~r5j}<;9wC`;!wkA>70bWB&Wq$whmWqQvFn}?#$>deXM65_m{%Knv5-Om4IPmC1maH5DPQ|` zrLW<~MkOm)`+CW_8E>LmFZgDms>iML`rYr6ddClRtUmE&X|)+fj?a0vT8?-suiavO z5}@3*e16`h@vFzWws)M*G9te3P>uXiM-*IT*+uT-$cTDHrqdmX7z|~Pbs`92?swv5K{d+W^}EeU?E3&z{^)@u_0EJ!cL#ty?O{VsZ6un=F;3Lr*7be74$OocJ2r*Wgcoo1 z^{I*`;QlYR-ZCuecYEWN25C@2a)wfAkRG~4KtKef8-$^2Xryxp0cjDWyJLp#ZjczH zySvZ)_I36-|9$QK>icG1Og(F@XRURAZq7n#$n(l*TWg(^fy2Ws434C6c(DRg6!&W& zZNoZLlA?-p3d5Aw+|=RmH2KiU^dZBrc~FH~yge_xhLYc^V9B8~T7^0mGmz+Dg?juA zFjFq9ts}C?7jWPwFH0lMI6ZF0<(fNViL9foG<+ZMY)b2-2 z$SOuIu0Wk}uF`CvSdf|VomE%~wVEEFI>g-~103pSg=;zQcDSfU`|Y%CBI!tTJ|g|G z`EI1VFX0IPu4neJ4!Kw%fAuccJ|Z`nNX+BegbLRiU#@Y1^t|DD^C^ zPJ&U}-26AG8I6qkFU~$ZGXUZ^oh3qm$~rhoW!hav7}zxzpxXYrTXCU=!-ERC$J;F`^`sK zcgsmSH79E^U;LUt_=7&ACkaO6>2ZOCTrwDIrjTPRHjga?y$JasYriwvbVEW;DMNR6 zL1!Boxy8DS-%{bvs`2)%e+R`*^_2_CRYzqF3Ia`#DTX{L19N*e2`zFj)R>h2u!im+xH-a~SG zA0Nr_5+KsPptSfdq$o-1+X1p0xqpS+tEuxJaYN2IPQQHo_>0jtS;<=)iPq^m**9^G@t)NUq5Ry371Ed&WC9i!^#U%3%+)+!(PrT_SPZjbYe#Tk<2aBU| z5sGTuqElhi0-a=gXM{y&7RcXAL@bd>$)b&ok{xMRaSfFXk9;Ry(flDxOxBkXCz8O~ z`R#pOr|RUPGlqw+GfslqlMOXJRVo$FN|J54BZJai6jt zhAcNO<~pMfC?fw^i(=W*D+~#bBV=%u%B&RK`{{dnKjGK^1PnUITf+!ha-ikf>7z3h zXJpsab)q>u8@2}}D?o`!;&IRzTaX7 zKb=V~s77F*-?jA$jRA~lgSsK{-8O0ERiJ1Pz_CG9R}o9757P0MbYOK~I&9dV=^%6{ zx5S7M$bJPAu5TzPJ{ZfW z?{f}ch{Y-i^imr0Z@coHv@n$QdS{tFC)@UYHyU-hX`Mr6DZBMT&C23f>iOR=EUv5L zunyiBF{RxfMB{o_BmHNk4uDqrOevZ-k)Tvu6uq~mpf1%)5KejPrDvMp$tRYwKPdj} z+J>_;Wo#xA(0G5_qsrAPbt(={Jy3f>9m~R-Z!fEszBny?rZ}2H3ib@QUnBM(u<*t% zbE$li10ZLcb3U#2!3ipoey_2B;U`Rh(UbM%{Vt5_5RY|5#J1>##MNuGlyB&g@{RHj zu`k8#d8~t$XIOoTi}x4B%sMM?GrV7*9?*PPdP`P7)9;JGCV$R3 z=BxH!a-7oo(&DkS`q`A*K)`x0FDk?_S|zlb8qw%_%0$D+l?gwmL1;+|h%!6?RFF7N zYdGG<35Zgh1nO$`jlEvCe#9l?@-_tTLYWpT{#lPrO4HaO330-?=xG4;$xyqA3ke8h zO8bR%RB2Olf(t98o3%_SwY7lP8OK!F2|npQWz^!l^y0Da#pn<6H*~+CbyzeGB}H4h zWj-x=WxE28N}E5;Pzah(h=$R`5d0C7F;4xEwtI8`0(6xhNx20CWgueHfoKkH# zA0}HNBh|<0_M2g7iqEPmpxqAjK8FNe+u2zA(Lt@k$%my5ir)?QbDFNxRE9p2 zgEgUZU2z$d#OIIlY3Z-YO@-1ytT=DBL+~jD(?2A{5lQ3pyo)-!zz{Idq9TNhh(~-Q zt~}%$g^)!-@0mpb+y&RapZ?7HOps;?W{YNW?#DfSl)XRNP2=jmF$(x;T`(%3{M&yZCog(_iBJ) z-SuM&sRzPU&DD{C;gEQu;W}E_d^&k%jqf=0{r5vaE__|uc>Z?Re0JT+#U4865``AMzga~FniT#WqU z&(LkEfGsvqz~X69{>1g!cRNh@w|D+T%ryAFMcFvA?Y>K9>Q!U#n>kqP6dnmb%MK0@ z;N)Bu1B}f!pHxp7bRV#8z@rR2gll3x-&11dM8s(R) z=>R*S>y*C|`+U{q4g?kV`kPzMU*lE1_qC=ed$V@1R=t&&x~!14-a1$xbLm~QH|o zKnj-fmeW__1E@EaRL7$}JA%nTT*QribhKg$kfhzR!yFF_Sic|Z()cm)(2xHXz=TQM!?1A~V;>9$N+Y^&HO{ly$*0M*PL>(lPUt&DqS zA7TAt1s0kgE?wo!Ysu{@;zH>HNZm9(TF`|2t;G)e2FO<>+Wb!<(HNJ?Yo{As@>)%iaB; zvRZt)xq(Tf^@VtG#JjU&u+*fxRDLGwj-%rYGu=|O=_QiP;G<9DURx>iqm0S#2b)m< z+hzxX;fU!pt@pI?O#)odh}bJ9b##4YN(;77YJIw;5j~|bsBw@?7PJ4|yPRjMI@EjvBmX4hf4TXuhn`IGfVylTzWn>uf-m^7Psg1>PYr~&y1X9k*hz$wOcW5o>*vaF{@4G zppNMDAXJE2R=}FWyCT<}65c@b<8~!B3K$An;3~p@T3zsW){zexXX;B-W098I^|X+8 zF5*jlJza{u;@`_FRY~S9iM}NfGUA%C+|ptvGk(6NQV(9fyHg2!bGi!Z$-EULrvLSV zjSvI=+?3AqQ1WGo2%@qUWH4S-wr0*w4eALZ0H2sfQN!yF@!a&6c~bjHl9# zeC7-n_Jpn*`v=^qM;TwvtXz2sFnsJ=!uX$3a|nkp9-c=cInDhoAAi~V(#?|gtPr`p zsC1nugW0o$hG`>oC@4~LApW_UuzosEBpbNM)3-)5elU13u ziS+HUBExD~`}h?56jL3J^S_%9f5-ks)=)9*N_|IyG6D`ZdxN z4n$RslqiMNSVu-Q3Xr0AVD~qZM+RUMfiH%KMd$;n8D-zsK)lQ*Qx(bS$fjjzAuL8- zj#56S5bbyG_<{dfYyTV3h#>wajmkT8_x(q9{ny88iwlvMU#oAalP0r?{xw&Bo7v+< z9DoE=khCg89ohcp7Q{OibRf!Nx+m*QEg32w!d`p+8&t0JwIhZ%Sa7vGtj##|S?1^P z$6m+36?=%QXAimm)2_mNbu}?84*H5L^36; z%E=L8m9-u|XLiB{NCLn+5p;D@?9*YP9q&-pY8%xO2bsU3K!1XYjmGak1Af;XRr>z` z{qJu(^~FCLzc(=Mvpk7sYiIEj>bmdjRpNatsH(wymZ7qo^T>Om0l#!z)gZx3SdI)UNr3P9j84q5l1KWEoD~cW2z;z1|3(NX&s>vP+YD^)k z52@1JDobL&^xGL`qTQww%czb%+A5ju$z%a$ZDz`9k;(^A#TmIR1i1VOh9IL6nRCqP z)h>?ud^a8F;EM>LC49I3dMZjJ8f+6a`wsgjVbE34lQn!*IK#eAq!DTmp>J|HPFv}9 z+4r;TV@~;_M#yE5i}F?)$apPBO z3Rd9QB5|x++NU<2g__DFN_J9UL!-c3B<1G+a7O>FrKC3ghxUTKcf5(vi`vlKE80I* z;;dH7iE-j&3`^}ICF<0lkizo-n^kDnSY^MwpB0_9qmek*~u%Je_a z<&PrHhiO=Lv*O~6{}F_nvnCaTeawe!+3k~-LTj)XAEe>4<%agfpS83leGQ-VC+)Gy zEbDClFn*YCh^v2dD(=9yB(K6Vgv5nN_v|LAFak!AzuAQsrHSKwO}~q@8%cg}#iBS$ z6Lf+gT;9sg!Xhs*De+IxT1>r&U2Eq>k}QE;Me_Yv);B5PETZmWt@1i7I^Q<8qxk!? zzu*A9gga;QAptjv?c#0*EOicwv@bOZJsI^c>FlXLp~s?tIsnF$#x)5h{c+2-2G7@Q#QA#t7D%C&@BGU9j?tc^(fm|W)%$qcknqzMWso<@i)P-vB4XhA-IQ`x zl3H`^!?KTfy$X%U0r&+YN{>X#jnQAc%&w_mLV%ArnzZq*uR^QiB=aDNHHMlpEfMDW z&W>hJ*{+jRW;W=Q;7Xy_ej-EyH1IcpU~w4+slGUxT^<2Fuz5MpQ+?LdG)ErPC7S~L zodP)}N)IWY234Wh?sej*`^93a_$GfPbzj!$=(-@!5YW{&?G+Bbajy?HOu6Ihbp^58 zXWy28R3znSS9`3jc0QL6A^>0kX%=#XwlH5?T>73a%*axBx1V0$&Wdon9c`>9a8MJ zP;A*Z$<;r}M6Um}e#tj7!}s}nwhEQ_qeqt3 z)5#QR(t=3u#*F#*$AXzq`dMAR*`hx)DoFdFjEljlys}>DH$#k{g;MM52m_| zN6R0;fao|{X=hpU-*|`Y;0(}5?vX2Xv0_=GvgL|)C(jGF2?}Xu8MT|!4ZEwn$*Fjc*aw|oj>1_llaxa5;h({i@AdU z&8dtFKUYKsVL|Lwou^uj%h@o814mk_hBX-M8Cb@m5xqWo=f7n^%mEM9$RE)MAEr|l z8P?4PH%%VRBlB_F^KB2}8NrNh37<|Jy-vEx_gnp(%3mtXCbQ`o$<9C0EVW+sKCR_89FQdbZej38^VBW`=T^(A zT%;6yTcnc!yW6_w_6h4%$(i%>gs? zvbl{SL6t~D%&$Td)t1byR)$X#T2m}HZnLw8JUy7_Ikg~3B=Kn5Cp2HoRigKJG2b`s zlU!>D(9hs44dU&Msor*8Rcvslm_n;tG2!ug-m;n>tl>mX3dzU1#YROUs(+FHm3m^* zWn*djF{9>!rN4uup+FS}las9nO?Mi5KDb22jwFLS6S%XP4SQY;?97*jp6(Pq8Zeu* z2I5olNbyun%NHU;@Skrt&bCWUwKJ_xMmD1qt;X=a-~2_@WL*+&7WMU@oj16zu7^Fk z<|II5Zm~(SZU8VAivL z4J1pldW2lZ_3CHM6lM-FMCltfnM^-lc%5?aEBI62gRZm1AAzR>Dg<3U!YM%+bb!a+ zGQYYee$woo=&L}U>ARzIcd69^Mw$TCa3UUL_c%%5PWrz`8Q7*w477_eK5S!|0&i>O zZW9uJLn)NWNJAz0X=wrA~Q#W^_){zkqUligH9B!98G zH^Y-L-flhc{VuP4o=3x46GoUJku^?;y7tWTy;v05Hejs+N=Ul~f6C^FdRl67Qx}S= zM#=;Kfxia<+gcN_9n(dnFzES3{=0Uwn)#>yuj9TPrv>Sw3X`y^Ayv&>m!Sx0H2_ld z4v)=tfOWx7EJjk_94)dD$I%?* zlB!lt0}Z|2il6%YYm=gS)P40I(_DV95nBPdOV(XWEq%vYDq#LD-UPC7-9+qd^c3KB zp-Jb!vl1bhKzm4*|5Mq--hErIEyYP z@voOJU-DzGemwz#k$(ja63X{!nO=`NS26HUnNc>Mddq+TO<~?12en$@m0!Us7DSxr zVYa?UPCRDNgn9A|zijN2_QT45WJ%@9t01LAh`qS6#9I^rn2 zm41dKePq_gGckF=$+@ph`^2~QotKF2R9C*IC0JU9adB`Mn3Wf)uzV04my4m;0H@#Y zvVP_mt)n^hXB%^yO4j!b#_Iw{)s3c#4u0vc{+SnIIdHry1dHcIRoKu#Hm^m|0UXGV{7v`%%DThqx50XC1DQo@b%3EQ}H6q3pDaoW|&xd zLkKB1oqB$uVH=Tweqy2b5TKeJ>R6_;r{5Nf&%STXB<-*1*|Z))e@+jT$)ZF!}~$9JCsz2-SYu7D5#p?lR8 zDII(~6LLu@axpb2GgV%npXDToMI;U_@%TKL?^Wkq;eG7cR)tkTIh0mTH z)c%O?)|JmrN4{bEl3GsYIkEjI^IAOm8BEebB{BV#uD3tO>nc^4B`3JRg;}wUbpFPtuPSX?%80zm~Zvq6%s@=rVU#(7z2r2Zaa#xsHE`x z8K@yzMIwW0e|7lQeZh_WQLY_@Qc2ez&P<*F$KVpM*EZZRWjb9{GuUIBF+!N4;5w5y z6F8GRR4M0jI+L%npP79AEW++kFab}Tkve)igbWlfwDZV*mrha#XI4H#<-8?`PoWjl zN*!I=(?r_8F8QboO#$gQJwRJ2IfQ0LD>yO^&KWF(jAY#93{)tE6;d8v!c~=FrOMdPnp}2 zD_#6JB+@~r(uEp$#U&TY#2`Z&%mwu?Td{&~pw;ZpNL(3)z6jm+Ch zKE9rhBRm$YyWhS^fx*$^&3dl;X7Y5RpBEy^98L@6p|mP^NQu{DJx%#J(JPA9ey{6e z;!9kxA-upNJ8bZBnwFLC8|t{f`w5?x!J6)7(m*qL4(Q@;M0DB3e!F@E)C&*73Tva~ zGKv*FA44<1+Kpz>(t>;)COZkr=e;&L@749}IAOV+sryII#D97l*TN@Y-9`?i=1BwR z%ZGV9jl;!{_n^M(m>1IoEL@=kG5b6pxkg&VvidK8*cwl0lccWr+M?(7`(}p_p?E6R?HHg|^X!*}A0pxBHfk+?mH=o1%abR7K`E zP!$+h{5Bif#F0(N7O}nT=fCtY-OSjTu(d3NUu-tKx&3=fo<;2|i{sqVp< z*H96fu1~XD;8(i&;BdOzVz^|P)%swVj;G7a>0VbL=l=dZ(mF+wnLh5%`x7&Ee!vLy z=pj49cYcT8dSYk3!!sP2(kLO$1edSaCE6CQkS6h0_ka%^@O3AMn|qD;)5hqGF0SU+ zT1R`+v?mPV_X}Tayxd@BI@;~480WENK}N3x9e!|@wdGVOER0JnO4nU#WPzv3@b_f4 zrSS+R+>VBbV@uJn2wpn2EZ`Ix960;v+VxcXK49%=2k0QLWR$txT=Rv`me}L5)@J@p zie>?KuE>b1HGz43$-xY%V6|P$MlD9R5cY?4-=C)UB4x} z#9A`Q(H=NU27{~szcM~e3wEN?ZDOx)8U>4%Bpi#Unod88HrF%bH;cjfpP*u{)X^SO!Jv7qdNX|mv(D8%Ej{IWZ&aJIc` zfYlrQ5yi4+Hhocy<0-LNOYsTwdW4h+P6Rtg6H((Drf)GGClINs7(_kOGY~U1wuy$~ z*3jFPkZGHV?4&K%kCFRuJyi9+MuegAh)g^2k2X+HzY$e=s14(kfB{N-4?K0_w&6FEwhC`*Tz8w@4L=><5 zXj`Sj55Pr{;>>op#p4Ie^}q*`n2HF`Iz z&vNm;hf+E|Q~@BChWVduhF35WAI>s}9`J zly-}zUrE_SsdO89;@J^&wJxh|25zU~QUd2L zMa$BTW5H&TA(B`u16?{v4GZBJdy2m+P~-S( zXg=Lad`)h9RDp|0|Ciw#AEm~qhv0@$QpH4~%8QL?5oXZM`f^9EA}RaxXFM>;G?5X~ z@u_P0axR^#R+pWdi4-p~R6NW!NPFfxLMJ__25_w zyN-oq$oD(j#})m}M~e9**qunWs>~eGIUf#lqbM>&AU*{M+tn&1@WUsm1TRkcUwt4GghBlq`bkz!uHeH)0Ji3k>E|-z{ zJ7h?*)f*^!J6URz7rpd@`zVAZ%X9I(G-cC@>lWxx6w#Y~O9Mf|u~}?h3paV3{5tLz z7q8)qR=~u-5aLhz{rqJN$ExP?r?jclGbc86j7%8#!d=z|9Q9WWFsbvD^kO}Yw%X3o z1#K(8x~|Ii7pZNSl)UXyrkKzRGB*Ac!B4#%cL&&lsK{vX_rD(!%GeE94$6Jk4`{R~ zQHKr565hs9L35R=Wf#(`lTjVF1D4K|5rE-_kcP>X#+NsOgE99WUh!N5YrlC^LN)`? zFjG)op?>?A4D-9(b{jK&xMEf zJg2etWf>aOrtgA7UqZPZlqhY#b-QDY6+#5b|5 z^3>cNeMVtiF2U6rC!b|M$DRbTkF#(o-8T1xjSrg-aWB{gq8YE@aHbVj*8$Wi?GY<_ zY6wZr)OXevw3mA?cQdZOy!~*nx)>}sFD1MpL`Xce_obl(G!Js>a>#HP7UNXHl#h+*`yt{$WHO+?+b`_RfT6Gb{4c z?C~Xmn^)9dYu}o*##7y`3H&HrJkaf|s@;=zv%~gj<~|})spokfxRY@BZVE(s@qE;a zzsKQw+k!ouSViz8*I{tDegTt~U%qB=TaTNAa;Z5DmZK$8`LlJXu*5o7M!YUG28csR z+Vjmd(kw0NTv6d_>*>+9;kKweq}=BqZS%LNY%kjw!REFg*=79G{1Y};@7v0x9Or&H z{EWCVn;xX8Xb*qcx@7OG*Y`rEnVE=g*e%2!ejcDeW}ExhzHFv+;ZGj+d7Nu?*~~iT zDaGNeeFfYmE#;Hgs0T}7DA!o+l>*xF$@+gE@BjDAw>?VG8;4!W_Z#FfRL~Khh?YU^3=cgv;%Lq3BYq6=16Id&Zy0^jQ$k+ZsB?9Gxd zFv5hE@m66uyb}&aQh?*A_>}3$#^zZkgem z7x!{X{;j6qr?U1yH#ISX$lOgJ1=WCanN7W2hzLR$$^XMUtKJO0^M#ZX>&WkVZzjky z8G})7D_ccL9`^`ar*FEm<{I;n13~^Z-y;Kf$9MCwj=n0xG#@B|+9-Yz?IjO+fhv9=Ieul(w&_?Bx|~=5e#7 zu-64GDEcUW1=*6J5EQcIG%+P=>XI_LH}PYA$l}(wjEKRv%!Gujm)5T+W$E_ert;>t z158k?iMTOEHX~+EyY9Dha8|Zj8|1s-ut`-hK0Hl9w~mB09Gt>ngcCo1_*qGc)(?RJ z*=10fNQ6R7`DpSEh z_syXEyW8;P^@+&J- zB}YMh8%<8gayc2IlFh5%@4ydzfThE1$!t=&s-J0qbx&i8{LE?g7ENvN=FeoF3ZBO? z=j6?Kx+~Oo?V-g294@YfAaE4 z0)qd)bG|==Ljf>W8%Q{f@M^W8LG_R|S!c>UsrjR0EUhTnu#=Y-Rg#h$+npUC^9tJR z^ccnaN=TkJFAq486h7CUaIt52mxuQ!JfJFWLfiY^v+fYZ_>L%ehC%UtN zuqU|Or`Ga%q`q7UJ1}ZwrFPb^^5c)KbT41Q)4rS`kyu_vp*82t3H&xq_-Lw0dP?88uZJAZ_8i`KH^4=hO0Mja8!BS$5pZks@v4i=!g^O@6I zL@?e+X1PNTFsAK!=RQv`{9vhAwP7bDO(xT9j?#-l`|k3<((-Dx_CsS3;U={_%%pIy zh_$@ZS&;6rRXn&w*xn;Ls#baZPpYVW8D8U`m4>w#!cno?And@dNU}gSW8srB>b$X; ziz&wVI_#s^`<}zSjN*5(j7x{XXkO3QNOx4HkZ&l2W)V)S7WQX7=X&aQ8o8T&ny zIFpAvk%iIYfH!r`dNAdWWu~u%;6v0n-gih3(%cXUq%?{)yK;rlMZCew@H#i52qG3v zvdxnSO?o?;D4gs$H)d>Hu-;HA1=nCUwizeq{{TB(Ju^N}u?$AS7(!cH&qIjGlLa{kv*G>IY z=u{h0b>jy7>Mm;ATdI#Yjub!pP?Pmee{+4EdIR9CZq5k4?OCwz!)?gv57l%adX&0K zfdXzRNMRN@#WCdKRE}+Q8FI|@213#T<2hysBj>K?(R`LiP9q$|WY|JV9#)&*1zYK* zVWC=%iZ`BdapRin&e9Aw)>xwqDeAJOK!THuyaapJ zZ)@4*^Bw()Iwu}Y6X+g^^~BHm@Pl*4yQwJg@ZFf6T1y@OjCbG`WYzTzq5iNMOUAo_ z(2MF_;}gx zo->$mq+a>csMu50u>If8d*M&LGMXmT2qnSlVOv0hf<)?WI zf9ALOH!6BAV|%?@AEohxT_Bfi;Gb^{8Tz;Si5<|XQRLhH*W;%r`fi==^exM@_-S)Y zTPpzyUMP{Fa_T#R3=zvP8TPs!iJ( z62aPPg4w0zQf8|Whei?0J;OON%9|tH^K}0WBy!~Z8?P^t%zQy7#G{?#)Ac5D^JL(M zA$8IlYThGBB1_iM-YoBuYUGS z6UIu*BiQW9cuBdB*SfJKC6_$7jQ6vOx%y(om0z~JlLz-F^(uvg{R9$!Lh?tkS>6mW z%U!0Y%gViIz1>x^U~Ap0qtmt8(2&a@Q4zYCa@gFiE`|TLQDXmeaK1A+^fyK=aSz#S zb0*&k;sy?K<(Wj~x0b^ni>7g{;nt=kPA^TaS!cbMMs|PSPpXPA;86;LKsV>49hkpN zoUgUfL0xhIcu(c9ECL=j&wK+J38Bnc6+)r8zj@?i#=|TYF>wMC{ylE zPxRh!4wT!bgkLJ2Gm)Fh{u78h%^C!ddH(#2O@{YW$-|^WNP~kms_!RpZ3oTGpMtyG zZOUMf9a-G>`IzaB1YYSAv5>aBL#Cpf0;`k@w28(H1;Y_~#M`Rid*-bTaL~4#UBC20 z`nZ*xS1nXV1QKHaNTcFI#J#S?ds;QDA*8XHDlp!j&_QIq;)IRItrV9xF?-)baaL~k zT3&L%wn=uh(9*D4ydLmZV7#LQ$v!&~4k7F3NCOMf!ZCn15Y9fu9JKkIVL_Ym2r0w< z`>>9)D9mP9#|FC{Py(o)N$O_kr<4nsMDI$;zh{IxZw@_=%(W+Kz^$s1Y1=B&*HzZq zvoWv+l-u$P!dUd@^X}3G2(l9s`IfPZE?#L#b+915E(}d(7NGnc@qlJ=A=c?_9=#bz z#<*Ix4cRp*ioy)xLw|YNMIE+fJwEU< zkDUFTe0B~|#}Fw|i-(`HvTqBo*fz@<3M0ES4kMGWLIfb|Pr9U!?Yed$ES;NRXK*tL zANcJc%6LccHawJf^jKz7&!MIF^mW2blrmq9>+mbESjE|_yS)>-68~n3TOXR=aVn6higKarSgDZPcAn$;wD-jf-{mPKP=qPMvekoB1xMw z+`nB8Bg}A}(p6Ucc-=zZ+{bhcoo7f5-S)i+jV-Xz*cP`&jwucFIfXVyi#wJrNY7W7}) z!tAB4g0}^6#)xmW$VwOpPy^@ygt&{=tRp4I6{I#gus?`}F?9UqAPac!+tTYd_ZOvs z-d&AC$jn2V1#N@*At$t=N(czheS6QsNJJZ8qogElF>7aGJE|s>a;nWF!)pL{cCH#e zE3}j&KkLe|#U8lh4Au!+C3}ON%@lH0+{YmgR z4PV2C0Oh?b-0Cm4!WgYe-SYbfad_Oq@irbjukhU$A59q&${u>OhB_-#`oyG|p=3ML z5{wi*s<8LmzEUruv(6m_)gN-7&RjBgzQn!KUk{FuY^eqXv=ga=wB*i1PC6hP{C9cRKY>nA& zUH9xBp5>5G`fRaH2&EUb%6nR_WZLC2PznPF9xnea{V%2Y=};KuLr$tw1E&4JHwvI} zN#4*p3r^&KGYsdZSMcV*hU_IgqAakD3In1{a-G zo|PW}h0QjPW5?QeDQlYw0yEa>yzlbO+;%K{1V8pz`$ax?8fcJgXe+g@tZHCv%9bj7l<%J&UO#;g;&dni)D_?awZ%cEt9lhqt6g8 zBV8&^W9G3wGz)?}lznWKd%Y;UVPV6rp93kbcgdEa%GD;^ohl_ID?F4Uz8HSRSIL*i zNBPHJ;_@5=;GdaT4(;>#MYV0{6b<{auS6ae7En@63uxVz`mhc3yFVWn?tRri{(PzF zLSgejN8^BWNtX6C8fBS^pD83yV_-qssXMPQeG#-EA>#!S`ghkhln1pW*tTdmRa{^Z z$ts9=KP|Qh*`hISYipl((Ehr&pB)9gTKYeAS3uxP6c&HNnYhx8hmNq&e05D!3TXhQ zH{Q7hGSj7*Z`*KkPMXApnl~}$a`GFAOlr+`zKnQD_}dDEPBzfPrMxPJDSPM`olS?v zG`qe+8H5*N-{LIJZ7YS%*pC;(6Ljce2(>1?GSz{pb_C)&Gj4trYg84YnBWd_=B;Iq zt%);(UH?*Y#WYa!IEdDY{?vVzz;6QTUBd)YAI;nXTblYsQr!X1-=tM5YYhLa6rIAb z822Rr{M;;9y1++M(Cy=ix_D8c1GdeYnF(|1EQitER=BOAfQ=nBqRPH2zVCa{TqEX8 zH`GXoNld!?W+BxmZXI#A{9V=LL&Ijm^TO$}i;`7eSRTNP)i3$#LiR@X*JpUSeBnkc z-%NKc(|{Vh@T%A#f$*q^{ne}+aF088tN*D|P>nYe>5Zur*XlO>xK)yAZO0}}v^ zh+7kfIvjm3H^W>eh#IEL8y?XgugrN8^n&-oPyhC=iW%WRq3hDCB zs_I?teOXeZKa+doQ}msb(4VdrU%A%elE!Zbd(rY87s{JG&tD8V?hTUiD&$&!O^2Q} zB&r=(Ne1U*&);-Fv8pqT~-g>|Ain9YCMRKPGK;Qb@pxgPHX;rpSJxHU`y1!FMjP@Z-9CC=e z5^bYUBsn|JZe`^K`C5hh&X7`rniR#jJ*EDBTY5f(Tk=|G9M;khdYJ6SGS{;!HYtic z-3Lj`gTo!R6d^^lkyl@izuU|ew_8hWaWY>qUV@>qra9Kq$_Bmsct&m}Yfq;Meu$xhnQ6u$GuJTh5*wPE@!Pu_mAX7Leli-@GpZfIO~i59hJ zN!t-Wi|g|nI}$57q&^GHq-XAAAM~S(@8C5eJo1?=BJ3J+Y9rTcv?kMv##2pUbW$>u zCyTY{@w^$W{j>n5Tq7&`h3FIXnK|7O-_*MFXImQ-lNqS^1V&|?#JT>Gn=}Jo`njq- z+EqeVY+rQuu3}q;k<8xyUE$2nf~SH^ip9L)&+VG3X<&s9 zxit%8$(g`g{0uBQt?KE*hp{kV!F`g%sIB+M>OJjU{T)M(~AYeXBrewnHVdS5Bj73~xmXG*ckmN?xA(zii4#gU3p* zi#HoeT{X{dFG)fI;iY4ftztHcSoE!o$Nm+b_H8N(e`1Bh0)L^FmCM9Zm&okj)wFES zGUYS7`NV)f4IJ(FRSeD}0Hii#w3m4X@ub?K&{LG10JVQjlYd9|`NSgry-#db`yTp( z5?%)v?r{ra?`?o$aO-5NR7Yg&{vSe&vX6D~)gIeo#A4vmp(cTAYX4&7MBGX_Kc>%) z&GQ*GkB0Jp-b=o?jm>WAzj>N0LjKvl8jFk@H0{B0dDmfA+}Qu$mZAR%1_UhzBd%X> zRR;YT8wjkD5FLH1C;y`XXab;?(UK(otCkgE(Kogjmee?hKTm;@=erpMsPx*#M@e|ve}W|b8%}{^i<0?5{8#w(pQGiY zOuNCfuoj=fKbAvRCY3cotZq6fe+!kf5!6{G}N_gR#{3rqoH_!%(7Z$w1!iB`}v3 z9{%d0S-mSPS3O_ObVw^}Q@@L>t)EQ-?LZU{UnpMunaFMG<-{}cN2*O7x&vE^@{CFP z@{G?@U-q<<3RR?9n=ij8Y3mp#VUwb*pnM`Ce}0msb$+owL4qALxAPxIzoP=r8Ocj~ z_ofyZ=Otu1gWrjVpvXAK-!gC&;UYrMmfQGhj;&nH4e}c0?8iKqtHebBKFk7I(m1Be z6@UhNe6oVG+3ywDr1gk~X2-DoeG!#TqB4z3-7mjeKu_M61fbiBh+PV!wQytVx?O~Q zyxL)AZ4JL@P_)I9NU^S9HGO}nwT8v*uq4w^tduS2N=CzbsiB+!Q^ZU&&C{t;<6v>A z#@5%k>-B6uClAFzfs;oaH;w;Vv+SDe?zD{mtj<%=-3#z)8@)Xz>+8#OT+CcmT0cVo zk4WgpN`J#HWDkonV2Kt{6-gON)yrq{_93{!YYG<92PA zSi92F{tORF-(PD&8=xy54X|8n<)Muoc39f7XuaoYFsx}gIM2v`m_$%w#xuC)u1m8H zpD*~*@@aKnBU);oIca9p#SlZ-&~SOUBER`t%zn9w`<>&mpzal3=vlXDl5xDTg<*`^ zEn5nJFRQ88>$8jXY?-e0$M#N+i<0zfO{YWm5#N-DTk^TnteU_1fO|EoYjtGY6SMer zbK1@?<&t_y7dhp+iQMLyVBx2g?`0$E^NH9()jou3k{#oTb>%C?7W8$ z{@;T8@7^RBhzZw1H%*B$h&_l6c!#xid*y)$<-;*Ohu4hf$zqb_&wa)daYsi6NrNBD zjar2tP6M9sX3O=h*1)JiP}hZ$_|@v9)wQ?Ymwzqj)Kwi-t;c@^wMI`QQbC4DnYsBv z-O7CLOz(x&ZSn0l9L!kk`VH^m%oP}pWV?PQvtlyIsq8PZoZ(DH-CqRz z7Ia6vw)xzc7qeBV*KWb_9Gc)B-QVtgd62fA?7fHi7_ptecPYND-UqK4F&(I(&jsDb z5*?O&IAW@*Sj^I6(D_8}g?LKamHw8+Z5ODIJVu$jf5mX1Ps7)}+SZIFLNo+$`wFgijaN9dyk223 zNawsgGU>KJw0EmWkeG9#4|Dfp>YO4gLi~?Jap`22Dey=xK#3)kcf&#e5TgGxQu^$+nlY zv`>k(>J>Hxf<03#w2Gpe`!Z{#TNO3GG^`*q{rve_R3yQ2lVirHi0zNFf{ahhk2TW7jUueEVG!uj)h?5K}u}y_2 zkZR72sr^65`9Fx?o0K<8*D{WTXE}Cf^w%YWu5?JOLl%D*{=(9A>T3F{Y!Px88)BL;qXyuGXT)}>JfR=dcPk|(GyiiA*o(56Wx zd%U=!N5Z2mjf$3TZ+nzN@LgRio@*5Tm!5Xf&oZ!(VGK%5tnqkwXbbD5CCWA<3A1G+FWs*~!yrtP|Rx-(Tc4p9%tuLlI% z&}n&v`=4s+>DgZXxqOw2bLz8xOOg>3FjW{c+dD113vk#D|MHPRrnhE$2$sUxPUE|I zFc+pVBWr9%0mbFOqkz0R-0~aDGv3NKhJsMtbUnE7+;SdfoyZo7qfvCF@(#asdWvfj z9-CY^F>#(Eq!o+5T`R3B+j2cJwnT2ZH#7x25=scPq0*EQQo2=8{!HLGGs0Y$YhIr&PrP_TwT8$oqQOXwhI?Z?k0;>+ta&7vu2` z7YETUQhSfrPQmv?MrIgV-CGT1uZHMd>&kEa?R}N&pHUeWb{HP|YBPY!Qo>J8N4uHj z;kFoKJzHcHz5QwAxQp|sh4Ep%J%D6X`21Uy`9PxcR)T!E?o?sADkF;ax%25O5&-aF z;#=f;*~CtW6349u(^MgWIXA%v18MYNfa~aQ=Mh1HalfsXSu_FN#93QnTT}?_U~99C zcl0$vCd|WwbsKxjlyVKMpiY=CkU}@QpjA#KBw#6Q_^B<5{5rRF`)W&rw%juahHxtHEH1v*L~ zr5cP_yH%b6ot=o5tB7=sUFhgASmaeEXE11ZRGU@Ad!NM`Re3Tg%`BAX!IQbJDJ@$y{SsmAUTne;5e*S${s+}&1Lm|wzwY8JHnQs3sx19lb ze@xgtV+n0O%7_c3i@T`!4g6SOy^4M)aC^sz=TJ~k z&^;&%PkIdJU+i!iBd8`}T(tCvX$!aSw zv=nmERC&a4LyoJ|bFIewPujmwHO2Zd;(Ejz3$PCU#3E?6Y5s9=Bz9+=ZEeakQw<8+ z@>AGda{9PC)6!lZ^KGKpBYp3E`%^INg_!)B4ejN{9&g7i?`*xlccsk~oIh5~`>Oi( zZQR{FN9l6F|HG*M&B258pIrj=Gz$vXndztQbI+;55xMv8Atv3+zg?2ZbVmM^`YxQq z)49oy3Atl)DUsP(O%OJl$?GA;r73K~$%Z-9>7A8#HfS;;L6~O;qDXoaWMuXld74 z!w(-KwB7z-$Gg4JgeBB1;>B-D8rCta>7{~Bh1FXNALZ_17>l~#czavQZR=RdLf^Xz*FUcTQl<2z2k3v??iZZ)41BxDk(Fc3-0wrqc9DFG#4 z6*6Hnh#MpnAD=S^-BvAd2 zK!V3CNJWuQu~Tc7DL?bN$gNNwYEiBd>3P$KLZc&10aKoYXa(0`Yzqbt#_U!m_G8I- zK0IQj6k^ib_=VOKZ(>+kn&#o-@R8VID}t8_C8mkAQKLiJ(9zH;{{VBlZ-9L)G6f8L zy=e0aN6Zg20TK?>^?F>e!H zq&_x&L))2yd1B>yjSVp*({WHld+?JhHn>IEDD}HGWs=fq|2K}bRhurf3|Z^OOSMO%va6{t zTx>cTCK*;<0*sv6eh%e4!F!CPm+_Dw(3<}vY%uY&mgRTouY~pKTlJpso?(X)r|PY0 z#iZU`%_8@V^LWMH9#O0r%e%Qx!qesYxZ8G?795{Nw1`O3+9ny#s)~cFx6vM@uLy4$ zc%;%|gpQL^jxQ#lw%eD3eo+5}gx)CB7wd}}ZUh)jdCC{BG{!DIUw4+eR{V0h`=D=M z@lkizCa?1KP{n=BrN5LT17$Uy_6T1b5s^*yl#Ye%IqDgo&+NPM&vs?)W!i{aX-i>K zcxs*2&;GFGuWYZER|(*gSGzNZ!s!*J&GWH&;!D)Z!uiM62O@WV61cr}lK^N$3@0$A zS*==%`yaP@!X9qVrO?VT$~-Pe?7ez3sZR5iVReM%fiW6on_h3nCR&ECN9b|;=`#f4 zlcrQf#4^2LiVdqjcq3Do3ktRj59n(o7j_5q94t-B%|>#w?f2Nnz~5^Hb=x(?)O7W! zza@A)X^{$T^ndJsThhQSL5oZ`XmtqklUv0Mc_|!XP>mmTzqbWZw?8Gg2RQm@A9v>5vYCi_>Ze_$)>ea(~Yl6`&-1$1ck#!{f zJKgnvovGf-bV$FKr+cW?0tN<=2eYDTVFi$`a1)$U(9*0~Wbt<~%H0;eR%`x%a%7XQ znjkQ_4&QUVO{w_!y*XEZ&XER?9$GwA7*gqX37`=X2%Du*q`qW`dV4fgl#}pFSNFVY zQ%#g1-%|JY>D@DWtIu^qb8T(yq4?p=^}&G$kg`c~|_2dt5 zz1it8gRDEidrmAj3!2L9%%NAu^>8L|9qwdw9`l|uB5inB*$446&bR(I=)C>y_eUbH zP45xPv0kcFm*ogcu>DAuh=}OraFQ09LkE)z5@tUh)+*^p+?$tvx7*s}Kulc`JGkJy%B(3tM0RCEDs;xgdhivK^ZRL|ivz8x zkR-1!FEW?t8E_Y!L!R)8`K$=-nT4jV6kl~r?79vgBw!Gb5B5o@_q?79JZK(cY<6mg%_vByuClIh(e z`X1*w>!f29X4{{xnk5{5b@sks#S3U@H6}n%q;IJW&tb}SyW4bVn+fbClzX%dI9ej@Ni-37a`OgEqQ`ij?YcXpso4)}_h zR<8Z_(kb-m5p7MxN$6UEa3EpF(NzkAD8b<4mrkAoL=nWHv7 z9bU;U>SZ<9tQS(eenKm!7qPDm?YiQDU9ft4lLVY~mEncMhrY5N#>m^2e0OY`N~JmFkpx|uas5yY(;yNK z0KlF$;=()&`kXd)ViX!UtiC!^8m+Ph^cX4CYp(S=rI~WL_?<86oW{DqRYh%A0nd!( zuXO)#Y+pd+W{C@CC(t8q4XHAuGwe>P4&}dA04qC1|E%2A<{cqAD7de+Qk&9ouWI`C zMe2)`DmwwH-CPZKVSa)={UTlv0i2d_6_y)U?c)zi*#*f?H6ad_%cf7kJ!Hu{B)-g!@$p+qw+79~%2-WTdM$bvMk1SyB$vlQ(Ea1}$+kO}E_pontLpiz9; z|NOAfXS)3p%IUM%g~?6LtRvitfAK+~CdxlMU{!V7rLwb>c8S$bc9jA@G zp6vC?<95Ik&ocPH5Xj3rb%!COVmRFNVE8f!a)g(>>06Jfe1}U)+E(g;G z-*YuU>~yU_q>G7z?NUPwIGNLcOIx^=!`wQb@Qlyt2+P5Fk8wjkga3jGkbrP(ThuI- z>*wWQZ6K0}l=-J*dlOSNiOol<{eLjFZU+smz34~pX7~6(RptZ1d>qm6U+lVz8pXdf zi@gYn;Vc_*L00uQiY=Gy_tFP9*Ur{9RNp!T57JYO{X$+a!v;})?JuO%&*9VBML8fp z5WY=p_pv=sZxBfQb1eKX2KfKmU4IlqiX^JMv+|$A7yNM6En5af`7!J(~^zDcp+h(jjUXL8S*rKd2 zh5gO2kJMv)Qbv~M<{?w6Vq#bl59s)^gs}N)5TtH<^+!-JY(k!jk-(%dqJM5XYk}WA z<@9<=jZuFIk>?7#KaRtej~I8DY5wfBlOU-Bd}@O)-UTLlJkqysg1uiF{AoYV_~8{Pw2ojFg;@D57X4gK*Vrldo%MT2mF* zPBz;;Uj9o8!pifY%0mE0aJ9TOcaSOhaHH0{)P!~&8Du{v8jw2)*#^d1jLQvvf(_o| z4r`sjY7%J`w;bqA*xwMDVD}*Oa8i0@dde@No8bq(U;&P#9SS+;h~--vjnjErC=VU= z*0=_K<5ZyvPcSbqnT!NB2_N_+=5(Z-UwH!W3C2BU91J0a9pK`&7w7n!g{T&(lJ#c4 zrwOmnrb3(M@K86s3q5N1K3 z=ho2yw6(&bh4yeo8X4>=AF8}-gCdj5t83q-hoBT069k_LQK#XS3w@A@td1jhIK zrgFq-?)z~QULdeziczs+-wehzd}i6_af*u&1@t<gCBm;QRnX2U1wQ$c%Ws84DJb|h z;2~1(NQDSvR?<%a&YHka1Xbaw7~UTG&dE*2*>B9Y;TaPe-?Nle&6sH)sbJL4#P9k; zn%7Es!j}XxyzR$taI*T1nJNS4%N`6hvbk{0PKHY*?JP3E$}6ab87Xe+XZpb@n~ZU% zHyonI$H>M_QK?NrQx{|!$ha|>%vx4P02brKJM9&5Sga%JU9unj;pcUwVKwKtqS6lF zn_aF;-X#JkdoHBDF#R6#n<8QEs%x3!F z4(j@wnaYITE_8)*55^qd5<`g+>=#>`zfj?HaQCf~yxP&Jn;es~!M8bS3oHDF)WO3} z{Uo`IBp*vgwxYM{gNa@931{V`~@)lFgRUHX)y682e)V#@vH0!#skfH413) znHq{EGVzxUJ=l#h0pd?LRO>!-D<;CCj?4E^52uo({0}Ewcf++veUg6;Rm@`YlXwf& z1So>yDbJsLh*8tQxka+@j z#Kg;VbU)=5Y3)%ye3%u$&rP&Kx1VL%DlDgwmZ{WPgx!Vs{~1}zMW(FHz;=rrGs%*! zoM%%vfNB&Ry4wi==u<1_;{z#OaTf~yR4?oef%93U52<0O% zBUv#8y|4q=x%I_n$*wkVi`kC9IBSi4;`ornfrTX<7K@GmMC$L-XmxhR38mz5sr(BP zdO9qO`n^}*dwkU9arAjn(7y4XNi@kQ1S^WR*Fj0J!m<;{a^E}^Gbn#{($z1d8#1Ut zmd0(OmLtxmOxP5~NY<+X=^_0@!b-O#Ceg&ZwV%X`?9{T2CU+&pVp0{Nyg<{%)U9Ym zRs=56u3Uv%$fr&tESiz?f5}$C*X3MBt8NGjRGJF`j|D`*STu%FnUwSFvy~)^0h~X1 zsTaC0xakJ+dc4%`3V1yAgb#$T-&#qu4ngLy0sG3Pm*`9G6{2ZJj|(ej2HsL38@9C0 z+Q~Vg3O))GAcQ>wqjE@u__*`w@m{}Q=T3UpTojiZmct~426_h2RIU*VVMa!(dt8<2 z5;G76bKY|GyHYw?&M9BEM<>j;KlF&fTW{vqo@}!d;;X#8R=x~fcNuTb=pc~bkeeG9 zkgRXJ1>L|8NofdapEGul^g{gN_1ZP>xm0)Rl2~oHX=X+X)3V>3!#XGKa}U(qX6^*o zB|A=FR^qwH*oA{2&id$a= zn`P}ZIh%gJ6!B62lFITG!7argRJPi>E`AI_p=_fw zM>2~#m7+o)QLTFk4+)|XlfcvElLJUl2h6{DVRKp1Pu;(D-3z6as;=JSJfo7{&>%ja zqG){VhpiJ6m7`0{i3Sz{0Z1plbh-KM&pB)1EyvGIp(=;7Dic`bDdD%@1!!F*clTe~ zveGS=R<;xPKes$%J>M5eglQZ5^qAudS#0(lHa?A`GsF4#0}(!{kO9ns#e^u-lL&X8 zDE^TP!ZZidAD5IyL2fdM`5?Si!e?&aMe>s**Sg9`7#W-j-rPom0*uHGc+#CZWgCgc z`>^{#nO`-1?c+zd`RWQA4YBC_pH9;1ftOkOx!Cyem0qYkXnE3j$`@pQvJxF7`T}6O zeL|YoNRSv(FODzA6+-&vZ)6;6608xW+ioD-r0Yiw+OFm=J@?`mm@xu87;(!8SW8F9 zi+K|DY)ZAC{~}(6Dx}QPsB?)5DS8(Pug#^F;E+xN%&2x3zQt~AZc`Y;e)k~<7&IZ**tkle)Xhw!JnC}=j5@Ve30>7A~7tb{{roF~q z=`UP^_7f?dC;M+wSMfev#uXs6qvlQc$zM0MCDDG=AQE@6FT*|!U`#(6&g}L|TSBCo z?&dQnbV|{Lcu7&*zaM$j{!jB>??Km1oW$hs>#8pWLw1y8vdcWYE&608l!TAw<#1o! zi(};aV3oHQ$=I6G;aI%4Z%b8h5QG1==<@LS5$;c$p26>6E5iv8JPABpa|-NjNJC&D zFeLoRGIgJ%aa=g>?AtB!IG5RZ$0UDc7F=1G0DaMQ8)HJr;$ zGaI@Ewpv}*z006o5}hAtwAanu25BPme08khMsBi<$rUwERvR=mg7L0NNhwjCjK?|D z^D{Xei$9J8lZXM4lpK$wX!EVCr(`8N&F=4CbHekIhq`>hOj8W}pQ;!Ni#)6GR``ur za=e+>{x@i)1F`#g38kfcDklcMpZ^Srta*+^A;@Jg3p^%8zWv7f3tz~RbXr?{X)rY| zH^Z)x6_Tv-N8?Ur71(-_X)&6MxR8y*pW>#6ZNONa^Hr zRdt17<7ykZc#!&yg0*nBrL0Y{7-eX;&FUDYxdhLaAysvE*6N8VsPPC*;uw2GdJJKWPJ@w4JYu@zz2={qgottVYie z1qh5T^>C>&4I!6ZNkb< zr(l2gG-d3mbJCH!)7CF>7Et-=q*}D-f)sZ>MI|~@xasLP)o;np8JipV%=^z{uu&ne zyzj3{&hKzl~DY^ECXG}z*kta-2K`D%~S(*`Cde49rx#TuR~+siJ!zCfg`|p zPz1`@ts;GRUR(YY26xJ?sDo~v3YtYvBngd!rO`VvBI4;j5no2h(Rk|7anBP;2EpTc zbv*$1W7J1&T5C)hJafL)0nB%eD`i!qAwGp=G$T~p+yXRx`10tI6%PK>J9Jsdsu4yJ zu6LbsSd+wXu}5u91S6?*pIFUI)pe$AjRuhS>NSYLnV_nQ-W-LaXS+2xv^j5(0i9DK zZeST?1SNhxQs)faRAZgLq9cq&X%zA7MAa7K>w5Yv?2HMJ(vAmBwx>R%lP+~WC{Kb8 zBuHFviYk2Z-Rl}ZhLF24?4TloBAx$6w?Yw-_>JOeAq%4o_4d+=L84pQ3lFM*j3lWGy&|1bMuX%-^P}OB7X=C{~HR~*jfA9hlFZ1G{2ayCp znN|D-0bMHVQhPW%jna6vr-O;p>D~+PrOg~`U1miJm=FR04^1P>|U;&90_aJol?$ausr8>FJCNg#JMbkCrPBT4BqUqKz+j3ONNB30zYnv zb1cw^AmLdiHZozaon|ULEC_KZi!Hus{V*Lp+LMnNq5M*Es5j(0`;yL$C5^#H0l!#~ z{Lf+Thxx^PR~Cx~9&e=i1T;g?Lqba7Sx29pm=J?$>t6Hg2LF$!^QSm&L>P}KXwK{5 z9*MW6u{6f1IChYWba;UoD+4f3NIv!US8RQj_A#Ntb{_o`Ia4EZ=D8VuEa}en4D;B60hwjA>@fana#c}{H~>Eg$kUG# zSsi~;fd?S9kDE#J6T83E4nL)i?3OgEdKGH@V8otJ8>S3N_lnvcyeF=lF#w+^6Yd3j z0xSq;PZ8~i7_~dYHC*v{1eqgEQZkIpwLaHe2H7PP?&54H1E4qw%do|6ugtnQ;ayrQ zP1l&yq>!NRSMenIeA)hM&+FyuXG0ZS8n(Hksci8@WLDh0IkG%FQyl$zkmJlX%(Tvh z{AGb-Ub0Z9hokE^a(BN@CWkoF1)MVYh1EW;YJ1&ktZ~az0fd>}x)@1juSZQ}xFt#; z0_CK-H}Jh4uN_|_iVIbKOXh^M@a0#dGeK@lzF*j7gr@iK+QM#dhk3~fmhXzL#wGkW zJh8g!Oshq!F?jvf9@{6taRN(eU%#o5+EfLW`5`3bBSW0hery`nDhiymy-AaQ1y+ME z&^FK@oiCE={r1y+KJxjhc@>BJ4pKl7Ajsw48BTLVp>>@pP~_#UBHSnAq=yy=;l2S$ zPzI}*dol76F~ic@ri#?21<)v{ByNu~T0}Tde^(-=f12LI+^usRrb+K5PbNe7SFrnbFvQ?$NLnx-`a)>C|?4 zaI*A#y;Q|^P3VB9Lz@|lpE8Ub^27iPPY6T`=yeC(l47ezYy=4xy;&v{QgLsWBK|3Y zHyH2sXTacP8v@?oI{VsWStcc%&x=QlNFc@1_Pu2pINUh7161l7!Gn;%&5{VQ_tmdW zRjv&ZFx{92*n@GkJ^4I#Aa^nLX_7;U+_+z`jW@1-4*t#O=+@%*X5aO^=qKvR?S-i# z-S&y#VQ%X?Wbu$nCI6Cevp{i*e8z#$hrTw76=AkIEAQvZwWqP*H1bz%1x?;jyMlDCur zUp*XZx9APmW_Y(jwK%H>{r5!L21G|~J0vBbz!cZGOoo@ydv{Z#wi!)>g_BAjWhUCYcZ0u3sqDyF~sGMldM@SGJVgA z*Y($$R%bQ)XXCb9h8bSZLIYGEbTV9D^Kp9Cj^OGK3P=S`tkNxp`|>=yt*8THB9LC1 zMp?0En8Eki{#YztbO_^X_B`b6;8kX7uQ0bp_nJpLKsxRzbWueHx6!sYYa{cps@m|y zo2yK!lcUSx=OI=(gG2ZBupfWT31!EB<5u%vti?9+)TrwFFx7lmYYYBML1XdbKEBm~ zNEbBzr|V~iiUYQ?-IUh3Z%yQDF(jYWxWl@^$CUqtGz$b$50x^?|G1(KRL7e{3f{L! zG5E#RSPCf%459Gb-y_~2Jf{uwh@cpK^;W`Pb(fl!Gh3eQb)TR#>heF?B%`T4=mvU& zw~2}hpCJvTm5QW9x2rN+07_Q_H~2d5m{_^niE#Qg^^9-q+S+@z1Ljv+(6xhA4<`#ov^eNTrc!$TLbUM^YtRA@3LD7`3p z*C-#_Yx-JDq(jQI@=X_-i>N;={LAbab5SPoQS&*YWhw$O*96ahUrdX~h$Sr(3g^Oz zS#EF$A1^w7Pix1m3L5V9AoERrHf%tnUzlBjo3GR<#fVLlt&Pn- zs6h#Yu1TbYvo*nBAB&uHz6cj%f^(?RH0uF0kI-iAzkvZjVDZ=Dc^s7HZ>v za3}zaWQ4rdHuQ+OG%bSz&12hm=IUpAUoGCB4RMB@yNjPVG%lNNR6BQmjYn7jX(%A% z9#K+b&y#T6EkIMo)r5NnK(O)hY={FF_i0-V)>uChY$EsR#ht+C3=8xOF$Fiy+!`VM ztn*H$9ygL<>)wAI zs?ab7zH6JxF*wST2&o+fh5;j#v?^=jTkNL=A0qOn&%3q^n{_~%wqudM ztF-JeLBH1$|5y%_^>HHl#E4nQ^1cftyUp%WbEqSV?dQ;c@nY*p@ZzXIzTp4oenua#JP#qyAEV zvD|aqDZSh5(2M6Ve)iN@h41$Mj+0Ev>F*{+;o{HGXjtp@3dj!E4s$;5z}Hqs`AgoD zd(tv+&8ytF0-XW^*lhc>BWmn>1#YO|3X7k$ho%*C&Fr$-9i~}jk`*%1T>$n;taS51 zqMC0#rW~ZC^VL!e63d>CTd!kh^E}pPw2k=p&nZqo1~P+v2dAd8vT=KH#%ps}xKVQSu45&s>3x)Iw>;%74-g5^%+oV;WA(IUot$CGJ11#f63XUkWi~x=tq8c zu@7kTIP@Hj$0f#ViDys~Jrw}+5M|_2s%<&a08bwbGuw5#P4yG>ElkryOSz!eM=MJa zi)EphQt1l3izq=#?TAE(PqbCELaXn0@W(Pl1eTvO?xmaiPn5yZ6GsS98~YZosi;Ly zy??NfUndt-WA$VFE*V+Y$Zmx^Jm%FE`x~vqCx`jEPSK$gDFd3Whtoa^CrX{;$ST_( z4G;I10_5xNm7`+xPD$PWs>YdF^-6L6q=pG`-CCkhQe&AFm3 zC!H$+X(^6|MQXdAt-bqJWANvriG07>;(KFs z$q};okkVee*S9pM;ykm;uHl|~E(7EPXsfXUZbKKG53j^CqgP5kV}kRjh|WCxJtLt{ zrv*@@0to<)|LJ*72xGRlQ9(CLQULUMoXq(Lm9G@PIEUeTTnEjscQWk>r&t3xXYxkb zz&?gbSj@f3JGd8@YtB{GZ3sB<nZZ+6? z{jd7sx0DSshJzzIrB>9y7Ayy(J6CKUZdD3&XIf5pG^UdQoMKx*R$nSN>~ zv1ZRkaP0UMg%F93PJvRRHSz@RxR|JYCpnokT7p|1*Z7!t>z&T;ho*D*VrG}`;KI;1 zOnFN{ zen!aA?@QJ5^yit%V_sj~6aorl+$<1#8Vd`H2I=PaFO>G#=EMu~@(DujY3C&XTlS3y zQ~sx_HX=I^QlCgwMUARJ(kjqc{aP0^`ys{Wdf&oT$PpI4{)<*F9gWvbWHSxWx1A%cbca(myk6T94r< za&h;&%O>JhV;O{t5#K`H(lelD`TiwaNRf^A2*9$a^_#QDDV`vU6$e zBNWfLuXah+CghV#n=r(rk4wKRiFn~wZX#f`(B;g~bhoI(mU2Uulpb8eJS=}w{aM8e zWW(I2-(mQ&!5_%v7iC0FNk>OU_@&aJ7b!K7KPGj~>Wsi{uIJO0kHMF1lp>sC|1uBE z=b)c>qS=|vJ~XX|0UW2-)DOF|JXi5it$F`0*1xU&bbAedvJX%BpBbSiJv4t%PDr8~ z=NdB5PjKV+(M^nYbQ_@Idi~V%h;Un8RDo{^6H>T?KYl&S;zbB1;#Vt#?W~GGQqcm847ZA=H4GJV+;Z=1J(s2{~7bEf9%D#krl!ZPWmevp}CdDEV`6B z_xq+R8ncef)?UC7;r`f8g5iq_^U? ztn@rd!h9AFO{cP)h9rW#Uz70zVvABMq>fE+#5T@$g8~x=BQ3~E*`|px>nu6N!s^A~ zZe|_5_X(XtzW<<-D`NrL+(m9*PZFMT@F`$8BwUZ(^GAQj{B!GmWWUfk^ zEMAD)*p?~@sJIxy_&Ei_VLJY!(=sB5&#n-hvTl({8V&SJtbVzqQ%GbmQaR|4aNh_x ze!dpJR;X^TPNg_wQKGBdI5+fXk=Vi@1yT30vTVFv%lGZau&uO3QFFk|AfxUe9h$zs zYC}(4lzCA}c>9$E+y;YYgBQtOW3Ng;1>lAW+~>pjM4|*j>~k!Uf;EGF=&>bd>O`6+ ziWFnhcFqF2ycSykFsnzJ2)8;%afvwnHIc2sx%3P;@L@VfPu}*?;2gQQXW?hWidm?Y zBeh1znZmA3H}zpU+op*R)egXJp?*GFOX!zIXK1*-nD~fn{O^$yw`})7Bqu1-+xC zx+9;$xn#m!OR8Mr8e{2m>i;}fkNW`4{#kmS!N5v z&s3*@YCW%Yqt76|vXzc^L2Q4-qL(TCrn%*icDA-c*eH@-+$vFO{Iz>9TG7+xqXOGV zFn_jeQu{xAy=73GU6d`{xI=Jv3&BHh8clEu?i$=7XyZXb(BSUw?(W{WySuyIey6^< zHFLjtr~h<4Rb5^EJbm^#d+)XOTJBY)8ucbj;1SOAt6yt0#|WpA!+%m55n1)r>id@d zG@w#e@EWIZ{vOk@*|CAND)^Vfpf{5SIc=n$z5zK8VZe8;e>6_yff@W2a%7wdvhE-1 z4@8}>bZ*Czj~bpCoY~a^bO)}vIW@hS&&fKA3LonJvl$ijlC}$5DdYd2*Z*|+gUO&B zeIVMqBnOBzxe}I)*wj`=in47T+qW*%KJ18U2}aMi1(jONoWT zErnu~T;6o+($kzyp5*J!Wfr<@3siR1>dwz@lpKGxZbZz#)!Rr(t`whNlR9eXyr4gv zMk%;oq|=_-3l*7Wyyv4Yh3`Muz3<;={d~N#A4Q@M5|_gz6>}0GMsSf`9{bf$9Htt# zUuYE@`NEmdKxg(bl9XEyI;TN$5M9 zpEqWtRB3h{sUjMW#w@0&R5QVc(c2>pTNtJ@nXaDlE>yKi$ z5OoxI_nTeTG=DaBXIGGO?tg|Tf3#GkY6#tLIeR96*!vu}=xGOy83pUXGj?&0(M(nC zqfkAD z%Lj)5>NOLn}UWqL+OI>jvXnkQ}pJyE5`r!+SGg33>m_=8z0R*dv}4kr55dS)RLT3$;?)X_Ha+R7ijBD|?Em z%PsjZX7nJqZzp9WfHL!VzC`^DN+%7SwDE(88pOVMeViryFSI39C1o9AQY*w(%-I~w z9oXyP5;%OevpD11HAf?ruhgx4hb36giu)eEu)H*Fe`LcvAU&?rV``!ku|zbc!ouhGxx$>c+V z9cH;#D0Fc#-@VzWeV@LrE;(u4gi8G85>vxHKH0K}p{GMLpJ59KPbs#MT~%Z5`Ti?7 zu-W-|A@;jXzV1rc?X2oof5>yzT>TLYD2GW z?)K80TdUo^ZVm0Qdu_fIwO!ka0@~SL74Ps^uV~n?LllKkS6f_UAj9H*&3~vA!F$+T z+A{$rzu?hMT35=n8{&_plWfL+H|F7JS+N)|TOB!-9S#aw7aDe(LZ?OQaLyL>2tCi~zru%FX zj^Pfyt{!u6(k_U-;3eP?Z?4oiB}B!wDT3=mVMj_SK40XUo(+y`;_x}25F~%G#iD51 zS~$~7OF!24>x^fv0ERXW|=$;P)(PF{K@a7vT$6yq)^>c}bsO7e-UM>hj|X5@8*=kf+pUA{$J6+)(|GUu9!Gg|013uESk`CS z^IqD~G0Hn}>iY4sb`{YN3vPtIbh0d7 zWu8PHWH&>j`VR4zY&65NvIxhMn+NCmp850nvEB* zk2AdcLqczl7(-)8OyP3jS7mmd67&ysrAh7MlAutqH>M!M3S#&SHfHk{KEr z7OOkkga_rKVW12+WlJ4FH8z^lFani_OFr#RXS{`tCJHL6wbzOIe;`X}_lCusX)bS< zueV*H$ap)6bKFZZ8wq6vvO*X#`Jq=Pji^C?iosoqfo|Mga?l5^c$7rfv46|Qc{19eQvxCEzNyL zfJed2aN^=p7;T5-KH}LIO=K?7ap{y59aq&WKd+fT`@H?FHkR<~2KqM*A4%_6#7ZvU z0KE?_WG7_YQiB53%u>DMTVJk1ueupo54#y5Oh(~>_&K~ogrDL4{(qi=Jle|P?9=Oq z93S}g!oQKfO>oe%YvP02xGfQcKcCGnE{3#nPH53EkflF1A}C{YYftYzPrhGPIW$N8 z0(9W*!b9m@HFXMv1EL(*9lCv}FZgdQJ70~zM;;WKFV@H?If2TKXgpJdRym ziK^f+9c1ZNqAtO;%|Q5*bhR~4PegUg_Yr{SwK6 z4XC2|8ykvJGT`X$v}If+-YjmUkO4fFCTHNpIV>!!owc^5<)@{ewGU5^(r#{zUk$$x zj9PHeU>khG0i*#I*4Huk_|t#S#Dae5x87j6WzLSYoVP>fU{4$byVvV`7*F9km*EDO zRTh>*1s7W_a!MgXX2L*(JEfK}ZLZ^2g0bpTS?&96!olxQgqCRCmxOFN>vfk^4&YwD&GN}8O(@p zqyb%Zb*ftE$80V`i|_NAUp{}_tg?tsOe_Rvz+Fd9txF3rHE*!8W!VazgxqFv+wq7B zH*}e@w4ZQ%M&lajL;v%W*UdZRwmz6tR!mC)MAA|WToP*_HXxN-;Yj?$V9niYTnQKxZngVVl( zo99i_@DdCjm<`=1{M5{1g3f2|JO{MropXmaCm5M>QJ(#TW(+5*{*^PtT;=n|`)MG- zOrxAPVuPg_i|QXkhgakLB_>C)MHgogUv-md@Ry}kC}DvaxcC_zD%I816A|8zbFS?L z_XN{tL@j>y02!Bl#^+xsRH9JR77Az@AA1xZZ;nn659gjA4XpEwp|A&3K-wt}4^%6H zH+Gh`QSvvg=H@&nKd?N&C>cE)-&e9-aPSj8{?!QB2#(r;?MNfFvD8MW#8iv@pAV3K zP8DoDD40&{b`*>nc!Mhv8u;*j?>2V&&;$hl9gY_*CzmXir)f_CP~^qSMaG7HQzo)> zQH^eDo@LrhR@Kf>eze{&Qq%)|Iwx399+vwCxj0CILWGE(Syv&pM^@MBOhnB$>bIf^ zw?IA*rl8G|H4^L~#mC|jIGU~<7joYZB1i)!($YcD^rF<>`?(&j3JIb={HeR?{?8ONKcWsOT1cVWxkfrj}?U0f7$VJU#-X>6w_?&Jz)@4lu=ezJUd~Uzos6AHwT( zL)a#-_r~XqeIA}+u9`ww6Kcl!B=o#)I~<|2;dLDPRF7t5I{6W@>`S6DOsY_We(BX7 z{J5=sd$l`{0=-`Vo^1G9CysvbQ6wJw$${l%w)LUj=q75|1gIi%zKWdetP~;2>10;A z_K#BIJh&KA!b3Sww0g)$Bh%8Gee$(wt)-B)@$|$J5brVRd2+2qeUa=kMWCVfYWBF~ zsQu|Eo$LV%aU)J3tl8V*riW##!u0(D$2OxcEsa8pTN#bQhZu@&bg)SDvBhQA7)s37 zf1^q%#(rK(Z))kc8A>|0Y`{vn`sWPQ+B7_X{t}da*ry3Uv+vT5f6fp_uWL-lqao$d zARHiP8p;Am$80na>9l&6yW_bo)$yuGNmG+jLFhG?B|7sIA`YO72ZJ}?Nqv7vA3x+; z@eZ}2m)rXE#8_?Lbty)<>N=ubqBaZ%sAWpg>-Egv-Q67`e{-wwc;Z9RhM$E${3bxU zJLQxChMT)D%!!Ea06ySbSer+&`W(J9?Ccp;K3?ySU@LqbM0UGp)%y7dhti{y{Jceb zJRtZgT3I0`TQ|^h`+AR*fs>Q7*{jz9Fn6+@n5e-#u)Z!+UE}oQmcIn{_xj&!wpW?K zk$qa9U~^*NLz|S$$kaESz`$jby;Aq5=YIPw_oit>=3fsD>IFeTdv@6P%DMTb(%;-e zg1pDa#{<*qgyl|J(m6GOVX9gSEIvYqn&X#J+V%fiPQ{kpxe1iv%>Lz-Y>#X(Y_CAB zCqF0)tqaWtiyGS<BEDT`yaN>0<&I3a zocfsr^i#c(i%7c&db(Kr5H@k#;BD7hrQ-GMBZ4~eTt9BM-c#mXM!5xVq}<_l(uxh+ zF4upbE7#165@O*JIb~q8kKVCc_uppB!`r5V-^@PzPL4|oBdq%Ac&+g{*4=il^1>;FPeH@rybEzQ6C44C&hWYHL!&_sz`$Dg*JO*aMIV2 zEEUPU3_eMYsa=JHd-*v*zYatXHv|xef*q0~n z1}p9T@ibQM^&7EUX%m8niuVovr_nhdA#(ZW; z37(Iwk_;uMaesoO9B+AtqKVPK`aDQaj~z-m08;ULqtF6k-^UFd~p^_2|J{?0-Hx>F( z@c_<`Dw7`a4Z|kwYRoBDYyg`GxN3j|!LH^Dn)dV5pLtFqVfpbNZiwEh1kmxF(thZ| zusfuCiiHQZvBxEPy-n`Z zCjFyLL|18@F_-|J_(qLip+Y1nWLjZgkh_o2&?m_22hdE$L9Pud**{oGuLTCoFldPC zs{k)|Q>o@C0^Zd^?hF}}_icUHT49Vk$y9nk#9eg!P}8nCeN=8HY5^BG!eJyi-z zbTKe*9|)m#FEqbZEUW8zi#S$SS5@{&;5T?~9$C%0q*T(g0}Ej;Q;kVUmRG1Z4+aPT z?&5bE2-+1TB{3tcZHnGL`=l4*a>^L*Hjm4dz+RSHNmH-wN_@8Eo@WkBCChI12n1c4 zO0SaG_&CF`+9P&)m<+UE(GhJc?mpgvrPxd0_JcmRt;9cn{-{>Cu-GGZ`y=}s9(^Uw zT6I`)>Uiez_5L*AWV`i{^ZH%cW9<4q$_%DTf#WnD!YAobUKe=Us<$~q2qKi6g6^5&p(yT|T}f1Ni!vqlW|Y4nlZU}p;$Em?!kTJU7N!TYAFCNG+4WUqgjLJ9^d1N$u0O_+Oli0E(vazJ*P z(7U9YZU10>nfBKu{;K_b!i9#THS)M}y8!n;UUzq;s)N6@AcP zowQzv$A%{`{Ub>x)V6Etz9aNL1$1q&UZtr*>>I6KWL>Fg#F&Um?-583fg|&C6Ms2; zL)c~1e{JqI@IRV~RhcklBIi*!puVEjS^p}V#c$|N8KS_bJ z+beVPI=9aD%Q&xlqa9bqyUx#F*o|iwD$80n|5NYfKN>Qf&kP12Ku5-B7ta-j zjcwpZ;A@(y&lBLfRHdEqqed| zPx^EVvgWVzM-@LxKU)=6s1mIF0h$sPr=f6VZ&WRZMs2LL@bl8@it%E5Ot$<5#aEN) z$q0|yPwKRaC~ObK6ciN*ZBnBp83%7GQ&RO8V)QR)&_$RmeZUvhxejCU2rpc^Sr_!qsL=uNmQ&XFVe+2aE#9pc_wCDGxpN2pATinIwQh>e!xR!Hd1 zlbsJfSymTf4JqX;hWgM^oSn3#TK!oP*>5Xp6cm%$;s%3t{1G&vMx8SZEJCXkdPFTN zWeU`#8NMNuki@X|&6)sJ767|goc9Sf{Sm!gya!0YM&A2WAN|*Jb5#xp7P5g?O}0Zg zY;dwr%ANnyo55GeR!yz7P~cDwXv;ltxZfsU4I6R_iY18x>pJAEyuUay6c@&|4>MzZ z2&+t80H4RQsto?=7>gZLBu{!fCE{hl#g0gnAs3dE@_ zmqxR}FpWvazE#I*jMMQjFTsd>hlclhv}Sj~I1(lmiQukx+aKNIrv2@SF*=t6IYwdo>KV?4PH5L`= zJ-bPCsafMj1+Awl76k>H$;st;Y$n9x7>(vx@*KFhp{c9JGf-ID+U^vi!0DjQj$2Vv zW#cH$Qo!<`YbsUCU|~n&^3{w&g?*2pKQlY>Aa(5;Nz7UvICCBJvsghloEz1AdRk-_ z`rEMPDW>;y?uaA?vTMIIg-b(q9ru`sM-)tQfkrK$rIis9CRs;8M#gzjD)=NkGeE9S zH$dW4y3}b^(Uz@O1G@~7Ef1Xk8FNewmMniB1%9FPq`&_ zU>c@V0|IlXa(1fd<1Gp|4yR2sBZ+nw_tWRB&fZ6aY9nS6v>aLOx;0pOd7ci8e^!l5 zD+n>zbv)OL9wCswprqrX)B+jTbXXYIJd`7nfC^-~cfbEBZ;>H^g>kX6!r=REqxAc3 zYB|;h5j`E&?$G(5#C9l+OEMoH{2ZRvWR>7N(eARHUw&^_p^fyp3S zp%;-Qhsr(X9$8m_Y-*xelFrEo|0+FI)j*)!vVB^HXz?Y*m*a)iRTy8qpjW}j_^aVh zhXdTtN5S!t*YpeGBn%-2a|Pe}0u5Jlv^eCBfd+#X>+E)^0YrZ|VhAf2iDd*b}> z#X}g3n}JbNUgi5zys1=pA6dsi#!dk2!550Ui=EN&!Du1?>YX-nCq9%i(j9DBQCW0r zs(^2=EpzCmlcpeN{g-xJ10e@L*a5WXxb#MrgB{)_9PH=lyL~!QA=lDNo&m;FBv_d? zHBG$h#t^+ol1QR%(v6wG0G%C?#=hr^v~_oVXbHXTBn?wQI?RnrMPZ>5!I1HDj7G;? zJ$h1d0<*hv{@~mT^lRIWUd#IX8d_xxvn6AKu1k}^Wv_8`T3Ss4uLb zQ(`|WWIGQS7WhnfvR#x*HXiKA;s8PJzj; zc?zT{i+eZ6%_XVkkst93+3nRajK;tL2|w(lGusbP%W3wJ# zx2-2_Jyj6czg`eFO0wF}P73;DcKwKCpP^q#7@FV-QL?u2>+q^Aff5M*9_#Vrn&&k1 z889tI9LTo|Lx+%Mr=ccg!Rsx7*#xx@iHHBMiyvGA{ldIsw>3`s=(y^vKLEYR1L2C3 z57!=YT)yL{1!@M@2+q0u*BC=rg_N`8#X$b9@F?) zBs<^GxYv6!8)0gCYVkyPx*w{t6l;120hO!2>#L!rm;4V7bGr3MpK;zrImAAxpJy>r zg|SI-C>vO4ti95{t87R;*@2{R%MhVV(bPxY&2cYYq#r9tZe;XdHhJU4%(FnQTM^?w zUV5QB(*T|5G){L^W5H&6)OX6^{sT6QqP=JED?tEcm<>K=d!P8$Lk=3swcEi!4Y82Z zg1MPLWag;a!>_W3yklSi@SDAWds=1gOw_%ZqmZ)Qk6v7PBcUtJ++L%D#I|sKxCQWm zwb^K8@`-C0(*E|^cA#+|Ze+QT|+*e;bU1Rv)R?a>5 zUoi*(Yv~xiBuujlIrjm9^n;paX*o7pO^!`3phcftytVjMfDByB+5+_^^(UY88~; zG-@^U-M1ONAj^B#^`7Te-k07JR-h%RhBzu6Wa=c_*kNev-N3qHwc747fO5@lp`VR` z3gGux(Eq<{N7c6@4c=Fm^JMkEq%?j#5>O~mUJp070X7Wu@T)_D@>uV?755`~2|D>} ze@ED)%C#frmHaYGMti?Nj zg`cDDt}KRleGV3ezrOZpZ<)vPZd^w)f7rSYN#_{?zy3u+GBv~;q`13QVe71qv`iHg zvJbmE>xSV*smmP5NNL>obqB`3_OR>&!{W)Z>`Z!~?(aJdGl!g$UG!X6dXc#zn+t(l z(g*e@jSU*F4y;(lCvHR@SDnuIS=>54LvZbt$@N=3ge#1Gp0>Y-eNXVBLKWhYrfAN( zy3B`&!H_*=Z8F3--DP9xx083T?aIrmuYHcq?|ruwIaKmfBBrjR;N5-anEq>%ISI{x|*kLKOx`Kz=c-f;zLm+{ZK&-;XOV&AUX%U`b_o`Eo_p(m`k3sx^@ z#xKg}S64=>D2eYbPQW$y6=f^1jMTsmvK^e41$z+}Alr*ZVV9#q z=_)Hz&+FaerUB&r)XCdCc{B;O1A#EXN}^kt0*$TON1JE_5sb8g(?J}4g^o;d&E@$1TdHTx&@S`u5%ysayqgrP zfDfA%*+z6=*oke~4ea5$NHQ0@%uEXQZ1M|HRU=@?0|#c@Ym zYfzeVTXl}D>{oT=l9p(xQ6>kaydli6@fNW~@0`(5gm5IN7V+x-VI4`cPWo9y=JE?*5R3y~vjYdTYcO%|L9q;o(%>?h)p859DpDSJOweG!szTNYm?JdtgdXYL^ zpPxUs4{xyNPd0~*w^VrMT=UTK`UoAQnzct>X^w~oA|SN&E-!0)UTldXH$;%?UO?92J}$oRch(Vs~O8j=$PtGjAhL7wM-zpMXpg>L-M+1Z~a zl%67=$%R^c(bUlK4vex9n15F+PMOBgLq;a_(C#3YMiY=-?)IiRIXpg%0qE;5%$tV+ z-vSL^Tbf&bU~IKMKRs-CMQ$$&ya2kKVE3V+U;5UCgyG@g1=%b+{Vds!O`=YOi!63Y zP~le0iAdAZnkR+_mL*)y7lF_o!DJY<1({MJ4?z2qQ-hgP;JvV}XKU+i!@+C!Rt?az zY2W!Tih88x=YK6f|G6V{?0;^BjubeVd?+g6PiiN76J*q#q~{5GzLBq0lN)`4jGv^X z>0)7FeV#!~k<3VJYjQ1HZ1D4L$08#7#K~C)${;CN7f(k6nb+En&+q##h z7tT|(*>%$9@iyZa^O(}QA}i)5X7@K#>w68F_>n8^Wi477p0A!zb7}i?8Y^SNBrr6c6<4bI3zWAEbkUe@k8Nf66E-POM>VH)7yvsi>(++bL8)=D95hD$mj! zPTI4ICvGo!y5*{STcUlWBKiK^i%gZS2VChZnWCQtFTlrj( ze7fUynKPpOw>E0$X1OoaMvoV4*z}!K^&GiDG0eo}DyP*f_xFANfuQ9uWn95cOA&i= zKxuuwi`9E&vc4TB^ z;Nam8HIzT+kEZeKH?z};iTdZ^uZ_Y0g!BM{<;PUl*ogvrRe(g~uHH9JL0%#=fsROTo(-XN?yE@(e5I<^yEp$`Gj*Gfmm!E*LlH7^ z38X*^N5eu)Yg7!q+d?|!nJYqzjD(LD=+7OPR9u2S?mCwhPePcJbh zB>ikQUoHwf+dnRtpRh{0NB{QfRPC6XT`kJj!dLej@D+-HAq7Q5+&YGY) z?#p&nYvpem5B8`bgPqEWJkL_+jHnsCx2n;G2VZkm5^H5!&lTmDs~KIQZaek01#{Vw zycv>vxGM)@wq%i6YMY}hZ`c2woqsWB?YTvOh247TyhtSC-G6BjbMC5HBQ_4!x@!Gj zE73MwHb83w*`3V_0~;c^mv4O32zhda^qSPYnMaj+IDBLN#1J(aw7!;BR>Y&-k6e-&TsY)rM@A? zowrAHsmK_Sv4XzSXJ_)dOk$am2BR12Hv;r0TRt8n8<7Sh2m|hVRRsN{F(?m+HHpEQ zaf+dpQ97X+1D_rr++@B>Rq41~=3$YNGIOszP!A0bMlqH*DxJNo+RdoF91KMuSCa8V z>72jZp6?n^-<}n>~u2d+Q=1x8r=XHdJR>&J!<)ca7J`F)BybBtxH!>Uc%ml%`>^)D{ zX*R~7SFhK+iuK6=clT5_}wpdP-p++D#{da>kD< zl$eH?N~*fF6>U#{Ab=UP;#Wz-NtW9MY8)fY5CRIi})9^=Q-Q|OH!q|GhO zCVf}xAJkqy!NsCxorrs8(gnnQ1C$4>dA_w=MDM>q$)qHwR*s_j=!I2{N1Y&5=7^JE z^xQ!Oc=AJ;Ic+A%OvpV;g()cV8!r5`1E}G9Pq!E0wwWXqBHcgB%gDt*JlJHs-&`KS z)e<*4l*6M#qiV~{pBR+*nfzBTlS%nq2YJnWq>sD!o*&^pUhHn6TS`Zo3StxRrF$vD zrN{=!am2+ZNNboke*Gr?i6#5%W*sUfh9%F_TTNo!{u7p>yIQzXlOmJ(3}B4s0(%pQbvdnc>6ys znd&lwmfV6|3!x@wLe}${;K~&H1Qc56%e7GUpuMBSBC={`L6C*QN=BMudjWn1yD1M> zamgnV?Jn0_*r0LP*HN%{-n^ToC0)N-n~GZO5tRt3!S*-UlHh;OPPc_2OLaRFyA+wc z6hQx#nN$aEMd|>;ix{b!_x?ULJ)K*VBX)J=xC`yZEqJ$(bCfj=qaf|iCX?UUrP7H{ z@uxGv{x^UV@gjsRcrC1bVLt%{hu|#E*Du7r3r-4ES3U}Ky5GSxHYVqIY|}9KLcKR+ zCghZN;_td0F7zI<@|2SyX?unPhn9B{(RzEAG17;x1IxN)oLAPSYXs%;b~*9O5uzh7 zlDa4X06a=EXM)9e@F3IpUQe=cJjdL&Q5D{gC0clfn(pp|qWf#CMTj+^vx4!2xp=&g z@Ni{?!C6Fw*IwmF8ItyC{)s92Jivd{hWyxI98b15sv?18|v%O{KB^wq5FG!L&tRhlfmI$$s?Z?)K)vFM9AX;tEwLtN4o^7TO*so{D#|f&1U{bgAm8#N<0p(nKC-2iO)8Lm{v;i9Kj z;{d;hMjp8NlZwmeMq&SLf9K(p&&q8{i#|8`c6N4gl1x7>{7jjd!=uyx!lZ-*n_U3X z4==*t1J>(MLM_8+dCzzJCA3iKq4cbLaQ5Xo>F#?BZ~~AnZ*lmKA3r|Q zv|O~J7zho>un+47UztL)=|ZGheJM^aaAfCR)#mLq3T$}EvT~+3Cg-8ta_dd{IakaO zu3>^9qTRHz58@w*;1OqMW&muenZB$nEZ>WR1aML|SG80%^FJ`68)uW~wvL_ATx*wf(=e~}jHQWKEz!nMSd%r7uId>l)eH!S%jEhQ~K+Xq-NPMc4N$CENP zPTS5y{s?p#@(Zrbh#1$aU2nn{Q^nqyj9*dbKItb-)&q3420gd-_x3}&&T=l@Vu>hJ z;{w~(7Ut%{EybKVPHQ^?Ly}-vb2+uf7WZqqq+l;kF#o=Q`|fPQEXqTxg062F{J6^b zq^p7PO2u*;>n6wMMtoVyt%i+U_|n0PyM#0e#R2h%e$0!%C+}0@cBTF+^zEL4f{c3N zh*==E9!L=iXjpneHY4D0(U11E(K4uXZ*4VTu|%zn_IiI@nQiRN^W{SDC%x@pVot2 z`k*x=zGmu42JFGELm;T>^|ctx?qt1rewUMpYyJ<=$%YUpy(d_tB%MIQhsOocy2*gb z=h>8$o{(@6xx_+yhF3s9defGbp#$^3^7brCHOPly zAhHU$`1xn-<i7%N`X)4k6K1JzfI6YD?2=!HXG7m_c(ULN|%Arf?=W>hLRfbJ#iQk&&^Rd0up zv1+I_ua#?#PoJd45EwO<%gB<`7PON)qc%exOLNVr zBLf**b0j2YS=%prfPDItX8kc*!FLBlR`DGyCCp zX}k*yiLYsRxOzwx1a01`Z;)b<@W4)2`Wh|R2MHOx8?kf{Jjp+xG!A>|x);K(U2(5n z0CjODkuL66k2|0g7T${+ygfZz1@5n|uZV=rVOs+TiISK4C~2Pl%^*1}lk;CwAiyfE!Ru{vO%IEGL(Lpd_pIJ|%UJsHQ z*O^9egb?(mM`EA3YDjfFFDH6@64qB7Qg(KBK6%odjE#*=S0gqmM=O1q`Eq?dyE4V3 zTp$bA8tz|kc6@cL|0+uMFp_~o1n&07@YiK|dte^+JbN^|O@?#Zn-ELAH9)isiZeZM zhotIYhdSqDyrx?-p?GF(E{4=SQGb8Z$E8>ZL$(?oMWT@+bSbQ%7Y-J6QkHmg3sI1s zFh7ZM49TU4cbSNg5RH`YgIb3Q@YiAA@m<{#`OnO^fI)$Qz7M1q6!~QriP)lT3T-Wm z_&wW>tw=_%!VC%aAh_fqJj6&^JrLtU^tyjRufx0Sq}K>BsD9T$G=+N8Wbjqw{b?TI z$7VM+pls>~ivT=QI>D#-+l|olR#eqh^uexPE5grd_Py9@7d$qhA@iC<^vIQr7gWa7 zzE00UV1B{-L>+@~in14d=Oki8TlIBF&-}*c+AooY1BZ)+fmyOaLw)3d8m;jr5bWIe z+>-t)%gAKg_qvs;U!DQxyuRgmhy$aStCK3_lp%)<=V)NP`k1?&dJbsNV>4eN;Q2u; z3OFG|p=>&;gcz|0v*0`um(ecTLxYch?l0k7<8jlRfIZi|>j?3a*W7Eoa%|#e z!``HyhA8mS{=*A4%qRTA>*dO?60QF^)Jd_utj5eh&%p&|jhv z`TWcwRN+s)LikY`uwJ&eY*12l1 zCi4#Z?gZ{NgE{U4IYc_r(Z9Sdgd>5UeRja+#Ljtg7ldVCZWpKse$q`(Q%1y%I-gVy z5Rka3+IQdFN2_14iNu&`;FRC9>VKt4OG8})$Y_6ial)aS!SQqvVTqovLpQ;L-sy~} zR?=GYSyHWc1AdyC2I<&uDh0T#{6Tt?>WOI>H6FqtfOMum_B^wVTDz;Jbwjb}5OlUT zpOT*XYA|0kp3D@pt(3!%;m{vY1sxq(uCo3_ZoNlT8C2qLGv?yTOP4`VJo-*-b?`>1w6S3~rGke6A|UuWu4!!7SzR9vsyxQv7fuh-@1 zzkiYJ8ju4PPe14bP#fe&&qXcq1I(fB_OX=>2vjgB(M9M_i9PpR{gv+s?WBa8I{3FB!wZS5qRG6+rM64LvNAKPtV~WzixgDM!0e3oIr9{D z*)|)Gr8QTOWZLWEM#WCildd+mK>+;vn$-aV;Ql0=$8G+!Gqj*(5VC}Yub3J+aoBwR zfB1UqxVV~SYj_5CcXtT{4er4`KyVMif;$X05C{@1!GjYt$l&fIK!D)x?k+Pp-#q6$ z_k8!<_n!OL{taw;*t@%{s;gG5u(RkMCyzd;8Day}%+4Rk$(;4c3DISoc5b5*D zcE=+h@9f(>c=9sU>)@A1h|x6wr?yQq80vBH%b}BD^waA_(ox7CdAvHphLFd}7zr>rj;NI#t;I=l#T{H@W{q`wJ}1xJVK&8YgSlQejWu$lK&^J z5JfuJXn`WVY@EA`<|pTEvx0A*(sa>YUpp_<$-r1EQ0*2XNBb>lS9Y@l6=bIfPTb2U z4{9faL*hfQBtG&dG6EpUeXqkiX&S+wGf} zh`wyHhZgcW6QK-GKldnq^JaQ({O9N?5}=NLxk=n(!XzHW-MvAR7Q`YQ>UEv0&p{Lb z$9ihJJaAOrWSaOsX)kZ43aTdzBNLj8b=OcYh6o8vz~!bqAuF^`Yb@dQSewIlc*3-2`Q3b{x{f z(-}e$%nr5hEywHE#YHynzDV;yeV22`zHEnEn7=(SJp?K8ExnA`%a#bs^p~|*5dzZ} ztp^%uX%*s=`8oy@9GBKt$QJEbtF9!8&zn{0^h>teL2i3exB6&T=}s$+*ty%TzLguC z7g2dl@!EYpt!fvBZpA*XHvaB?2BBGgt44kK)c?E`=(B%5_*gsbPh!>!*SG+?EW8d3 zlvv278wZE}`Xz6mL{v#JX?ElPnr!HyeD^(ghksPu_&D4(r9mn8Y3*aMSDoVOSdd+r za+ESilMBO*RR0a(0-0C-vgmAM>7)Cq<)<_*2xscn&-e9#P{jKh;@hm^k4h44`5sla zK5}wlNlD2ADo0WQtB_!Ba`NfoSJ#WN?;xf+!5pWh=WkHy)^}OA!`s5UWOhytwR)&YLZu$o`mo%B-4mPC}IwyVvr@>%)W@a=w~>wJ~%tp~{U#J2L!DTwGZ!U`#R%0aYm^5V)oR&_O`z_yIH$PRGaGn?M$RZBTfB z=uXEUlEurpH}aL?HyD*gri_&nkpnQWKka~K?i&YVlB2U&59+3$yG(M0tEeo^CecOh zE|Xs3%i+26(pnOmbH;nUe@8QuNEbQFD+R1s!~t=DQYuL2b2Q%qKXKWZ^STMg26*?S zEIuEpviL0FA$Wv<7hy-RHgE-f6Yg} zs|c&BF2EXljkQ=?%Eyn^_i=Ew(^x5dE_b`1`6zMc{wM9K{k)6Yug!v3Zpx)^t}y9%!~0ee=VJ|51MSbzjHrFl4_;@4nIT0O0*j~ zdwDT;*)^v8aaa~Tr|Aa74sU+Y%wR6Cxy6zi{zbY(*;b6Y0^4JSualJ{)S1*;v90f2M-Px}k(QDV^6F414SM@$?NwC_KioaZF6&&$1P3yK3}-{I4f8@EHT?3HD=ZqaI|sgVjP)aE$cD|N11?!{%) z*pGQ`$WT3qys+oN8dIix#&W`(bMptvv22>#fWcZv78)Tyxi%cW@prx3f*bjU@&mw^ zTlwhof6v%Pgd>n3+*R$_I25o~1!E-moIO(!Sm2$we{C)-BsLQT8=vj12X(6H6shUE z&fwDRAZ$Lie%$6mmh3cI0hl@s+nKw;KgiVzV7}*(TG01E0 zf>=PW`I=WHPV-p%_Hdm-T)D&;b%K0mUA8w0Q`vH#M!(0ig%#Lxjn+y&&>kuph*%B2 zouh)mybeYW@ay=_$z&k+>9Z3wXjABNesP@~b=V#J&0RC~sTKge6`!FLbt9UgxsUGX z_|0@5uiyE#NkHi5wjZzgyEsA^o~=y%)YfZ-LHzm1r<7~I+CyOggiBG>IS*iz!)iI{ zp|pi+?ofNge1ouj(0?{HuQpJi08X!#F~yj<%E2)>r4!^* z75imZD`nRf%G>_&|BMQcjNys-`xoC_9o5^3uUwB z;T~#;|D@E!lZHrzl9AH2n=9~?M@PCJ_isg8CUsaE1op=o=sI zQYRLtnEJWIWn?(|kNuq--T?Q^=x~y+9Y5~cHuO?IbIEy+ww``pRBQm<3qlWpn6ne4-VEn?+`)OTbY zjZap4dg(nyL?(tTtkJ9~Fp1jTRbAGNnyMzOtT`AC@9>WaD-URf3fvuxpZQ$f#@{ak zf8}F}LtkLpv_a&l{I|(BxnoeIox~>%4%hu4vitlw%O(Ll?I4}DeXKl;M@-hpUG6)2;^GPs<|Ifd)i(ES&P)5XZ8#SH^GilAg!^CgX;VGJzilq+)18W{ zLz$z&WgO!`0o|9%lfY;~JYwccn_(gs2re#Y{qz)KQP$ZRoMRoh^>J-vPQtV2HGgoI z_r^71<&YxD)u!oQXiYpOuLLR0S*>le^L%!{2nGr&3@aYd#U)PJN2@3I*qCPb8iB|$$ntBdl$R<$95%Cq-H!h?8gRVa=*R4-Y zi#(?NpX0b};eauH6yxZ_Gg?cc$%ZWCjom{Ia{GP0rU>heS7AP*hroELdw<$^Rh$*Y zSN1SxP#A7B_rjH%c5rZx>#(2y{eZJ?8tfXH-y{>0CoQ27>kH}VkZi~9yvz;?db-Qn zOxay_BgVrk=|@Gm`!cF26@N?HvzqNhkOtLFPYTGqy1G)CDbTpR5E30D@PTK2wR~p$ zcSoo%jxI-)4D3oi4BWX_74t-q{Q__QtGwtee&Sm`9CB4$oeq?+R{hemUzm({XKDc z#b9oLyil&8fl^7P|B2rLuc5g9Qcp#8?IZB!I z7fFv{z(bTP(Fp;qG~sJ8QVRlYFHi3QSjVMlxL0uSo=jA9jCRv&V%X9A$5AsjQUGaN z#L7>kca^(T>$KhILss(zmN*ZK*d-ffu%qMS#DU1jycUt%Z?n~$JC@XGRFF5toS-)! z(vkR;u4tx3_Zr)u&qO;=(1_}tHSVbZ{q9+(<)n+fKFE?Zzj(Ogo9UuqE~j>>&-Xjm z2aksb8`(ZX3m-wZzDZK$LvJ#~ozJC$x7vMag|LGarF?sYgm6b&?alk=`rynn=i#Xz z{Eaae4tzhg`ptLJ8gYsG1I#w;_YEhoef4y7m=jsTmE5(zebCp}k99+GQA?6Qr+dZA z`%X#6W&h+Psc1)GnuAMHi|7ug9zsIL%_)v>jrrxG<}2(fez6h}da}*&F;HNG)T;$) zmn%80$bFyY>?^o{urPQ{nc9U+WaRjbV(8JPrL4NT`o#eyL?ys6Gy8CVf81kzecjHy zap`QCvY@%y@aZ}ySmj+nCebH(7Kqa(OgxbW%acmT_k!kr^Kt~I{EVz#-!IAneA7ZY{sS4sLAN5jN7Kgg`sIhHHI?b5DK zE7(_aCLNdaKt7g5Gdo(+DWRcZrX7CVr`qvJv~8yK&J?|rVwuUnq+L3Mc~$K4nr-@> zuGc8c7iGks{xi@1A3E!xdT;}?0-6*0r#%gED+kcOw)acV^nE}lKv05iX1JvItOn_% zNI+xSpbH!q5&oxNw}#b9Ik{5mGO5@(IFnXa9~GmbqGTfNLd|D;|EN-|k(;c}vE_Al z6A)5=rxSej3TwWFC;{(-p1!UsE7;9MEi?2bf=MX#>-Q%zCbMv;qa{8-PzyulZVlfE zlWuu>@?|wx_-eqo8tQc0E!6QB2f#&b&a)iB#%5u2p&wgx~x zG#xtP{abBl>^@mHNm+=_7-5j{${jGGq==u5H|6c^t>UOw-a{8!Fw-E|{wblD!nKXO zi=U5^>N;8nEElN&IBsCYksci{lz9!Dw;DtFpkRu2ic)i>mV!W?i! z(&ZgWlU-cNJI2Jv;7)cIGvzHM1%!^3xy|Y5cM_5ju+abH8L8$*ix%d(A{)WR!gCfo z8-c@A>ltFK^HDk4y&1ul-l7qGduZ;4a;P3yBtaWv1dM* zTKNnV%|)>uH*VGp5P^>G4$%aoK#5*nmpFh_ew3qlww8I-_3<2@?^%p27GGSQdW6(Tc>8lA-p+RhY9`t5s-f`Y4@rg$uA|TYcEG{k-;?dufb#2W`+@g9f4KF9=m$siex%`Fvd*KiR} z>l(-riiKd3S>@V#Qk3$4U&b!@)Y!$_>qQH8kzJiW_R#{R_J=5W6Qq7?IR&%R>(=TXt z8jlAQ6huebq>?^qqOP3^($I;Xtc!X`5VhIv)5S)xc~Vlr`-<6)KCFJO_CP{{M6F#{ zcDA{4t3>bo&u=WG_`t{vRi!d9ek-2^NAD*3(ju;Hi2w^p#mDFT$CbF}z32F|1UJzK zY3Txn7(P1=QewHS`iBFfbrR6d1->im)^pwXNj-c2I^!PaSuVdAZnH!56kW1=tN$bX z%7qtv8$$jL?RfHt=w8t|(&fSpTX#^QVsFNzzNPZ3wf-aWS|%|@)jTX9kE|#RCg%TT zA~B{aB;oo7nNlCwN1@1045-Z`^n0lXE6Ofa${{oM3=vO50YZ!4(7LQ6l_H0KFK@x~LR+GZ} zsUcl^6}lYE9Q?)_B5(@x)hZlmUX=|%k|-bs&XGv$>W3H*0G-rF%UftTHnx7e^D;t3 zz+-8M0Qj8XUjlaCZJSPoTfidc71=y(mVW@3Mud;Clz~-c2nirUFR*NFW{n+hmwV#} zc~e?{_w-EAAi?i$Nr*aF)urS1)9d|MN+CeUQHt_eB@5WtbK^HSb^k1&B1N}sReQAC zD&CYX%;lU+0JYR6~|m2iqf6t4(p!^U4DaFvZ;$rzq!C zyDdGj2E%D$W3NG(G|eF)iC1P+l+4Ux%oIjGvanB|L}R{}l1T;D*iRb0^f_s>;!z-Y zGir2w25+8Dq((NbbLNZ)R2VhydA>ee)r&=6pA(#kH|yaw@Ei-fZ|yn_tQW;&MH{x% zp=SrUSQ=8C+;9E5w08AjMKJ&z9QwAB5}k~-5YF)a^k5}X$CJ)Sy`PpPGly;n-_O8$Gb0_fYXPv=M8t?4GS4_0HtF5y~aG|2`@zR(CHGXVKtk$GvM2bW6lQ%+xj6T309M^h>G>{W*{( zuK#=HU^Ir|`Ai0%!<||>|1Mh0{;TG-HcV@H!)gt+lL5FvL!JmR)c8X`@(UBY*OVCo z4h=-dFQ^deaFha9*8v&tjD`E&S#9F8(;JXdj5Qoke#oaa@I@y-OY*Yo=Frypa5=+~OZC)Y2DSyL3pA%P zcn?w%<}3P4VwV5W3UuXt|0@|;%w56!k7EOsB!-=x7HbkajMF;5m<@K%oOysc>?QH+ z8#e}y0z|AduGjhm~$!feLg3E8n02ZLg$k$*bTS8IhtkLC0 z>UKw{64fu)zt%GabV;2s}1l&h6C>I}uyY@`cQN%#Ko|@k{yu zD|CQ-g#_F>*qPIGslT-FN`u3`-h=|Ia)QrAuETb&?=$v}=Nnr|&EkQ8zk4YJ}ZErP%c z5?0*&2H(8I8rwU6z>OY_Aj%pz+(qyQD#K~_Cekk?QyIYfuy;t2>gv~Et@^ukYl4Jv z|1W152|O&KdOh(*B`Y1e)5N}~3Z{s49dJRM8A&E8tNAM>y}58n+eh?YeUj%iXDBwL z`?NBT>&We`wAG)g`>RP8w;2Bzq^->nSmr<$FeLP3c{)lRxQ@ax$w|1)@};lsW4UW66sKM`#`KjC(AsPgQL0K>M)Si5oromw7tM#SFF42!t0PkaW@ zWC(CVu{ckBZ`M1l#6>I%6RXxf((GMB;q^Qw$47iR}*le`p_XJ#Rai;J5%e7Y&VpMr{@%nLR&Vju5@#&Ssd7sjD4 zth#~6B!iob`KtG}wsc6oV#_V1hJ-9 zT@Mbbh#>f<7kAbAy_9xm0KzXwS`*hHeCZ2hKRcgGgvm-{DC9wFI5mCs`eQuWMSNoZIYZ?n)c(^)C3 z(#($QI2MRVmBxm|_&M}dR4{;{lxbx{=LJL846bNT@lo-H z$M%gIoxx5cW4r7_>pk%XoMCx!NHdm^HC2|qVv%fMWWFk6E~o`1%dSSUX*jY`@yD7s z?~bs?PyTl6|I4KdsAFMg)rhEVm%+hXe7q@2?gIL6TPR4j@Ka*PI=u4}B@}7=ea0lT1V(QnqOiF$y z&Bfd1vMsLM?;A4cb5k?jQbNn&1a!ZDk!Eu^%ywWJ2+5`(DDZmn(yv}}i?epNU(SNC zLv%U7WQRAMOgpTZ410yFuEJfoA@+E14l>&M7aSa)6rnckFXzMa+ldIyg?sHt0Xqas z6O##E3r%jZj`M9eG_lhd1!(bT!k8D0C8%8MJiQ|P8>%GpZq}ntzJ^PL6v>Nm8-)Z5dXzmTTwpwNLG|b~vX|O3z&fjM{!|bIth}JDp`y?bRPwyAuy{}^R5}hrZ zg6uCjrVrAeMek5+*tz3Q46#RItzuj?vk^+CL z4$YT9Wic^o-`k&r@xN=VpS5uBMZ@f#cYHcZa|IRbb%K0cJmYMVlQ{#wS>+Y`zDL6cI* zF(K#qVz)){c3hE`vHy<*ft5#@`0do@MVI+=`E{D8SIYw?rjj5%0x-Gr6c;wo_lJ^L zjZkGZ@bonNST*8hj_-qVOH&xa()pqJplnmzqfFNF*si#c=sCPRj@c6})VrBwk@}ft zu9ylEfPYdu+TgOvbX$duUVO6BWgd+cdf?7TkN) zI?g12<}v83cUYOQ)p(~Jy<+R>f86??b9@o42s^-lrg(ru=Ra;DGyuLfoNd(~PYy*w zc!7uil~cW!mWb~U5?$c!HtDvB^oj%I_Uk84>w!5E-zB~n_Vo`0&;cgA`Reb|s&iP< z;?L|0ufL8am(cT17 zZf}jj>Z>lh4nhDwKF=tkoz1p04L7U%>^<9tq7z)e=&&#M#?S?1ZWC zC%F>iF3wQblWtXr8_3e##q6L=w_hU5{od=L%EZU@JX_6CtUYc&Z+NU>5t!o_vwI0F z3jj>)T@Sg|lLNXeOT@Yj1lmHfBv0`_#m33ltwduWyk#2bb30o37}3YHE?H9g%I8`| zt8`!rE9@qm%Rs#wqlCO!a7Xk0b&yj-2d)ZIU$zI$CZ*YU9b)E$+;ZAMwXG-6F|x~8 z09e2bW@0L0<&kyt;575vo;K3s@2Q#8%LeVROOL9F9F}_!<&qL@IoP=e$8dzYrO*

3RGuW; zHNOq0+1}aBaVi-05!!8*rWQt1&M!M~2mE$cOGsk0CXrfjZM970%Fm_+*2D+@(74g1 z_1iBbW$LtOrSiC{1`oCpXI5i#?XBCM{BH4DBw5zHY1$8r>+`a>&!%yTdk!E=lHS(wY3pww9@N9^Y)E%m4VGDEss*>ziAM_}P45+f4P{d! zkJs;Eq;{FX!F*N$=pJ%fJ}avPv!S=GVnjCFVLsflMTyoPp@1u|VmQHtL`ShpC?!*D zSQ%=<9oQ=&VL#vi(^98`R7MxYDpd*eS#pgO(Q!f{dU`{80U6Q75zA_SG$uY5IO#Ho z(q*~E%yPvsX(+&m>q0aKeQ)jjGaq_(+Fo+nx0G-P#_(Cbq}mhtm^b5z9@UzjPW59t zU)Q1`K}V!&5akn1>RY*bO0@a5^I^#uEb@sU}g8Z(_&m z!W%wZL~F0nK@-nAjh#I-HNW>(?X};UFqNXkwgo*J`A$C@YnavfvR#3aKas=EueAb2 z4-U46`A792OXf@7pShIQI$GPL>fftK3tNV&vV0iXvWp8xDM39RQaUmU4c*IYV^QFA(#fUQ8XpQ#Yp-u9X(_IQ)`Wm&r*6$BonvkFX!d2Jwk zgfmhRt_(YDd)L8cGF*PWi$SyhDeNt<9ypaqab4WcB~eBmC&9|9KVymO3c}*Q^1>kT z$754ekU!{HKVpQX=f?Vt=HLqtulL~%VOdtrV#P`|bd&Fn`1(k0GR5)J%J47}A4v<_ z9Z*sr;QF=kGl9eaLZkw6mQt&kzjdY@(lB{SXs_2LSIE;v4nl^*@yW?WC??2}&!v!$ zjZ*22J+S)hkw*CmkE0)_Cnqa0QPIxqM*}2-T^CmwKT-dOv@^VPvX<~y>Y0AIeMa~n zxo4c0$O8c3aZOwuQ0(}m%j1GBMuO2={VZ5QU>0#uH#J2`TcJoW`}X!7!_QKLnAV4j z(RZ3lh5(_Ab#+quKVZ(5U^WYPJc}N}cnJpE>=4&}kGKRyT7Lx~N;@%ntO1E7!MdV{ zf7zIhGf%=jE}XacgN;H;!10i|j`VNWQ8g?vF{cI3=KW6@0*;)(L%4*@_7}yRi3=j5 z?<*Zf-gIDxP9~sH`#-frDtTCt5Be3ENW<0@LayuRCOX>yM`Z5NT+P7mF<)w}Q3dH0%37aJ7{Ly}? zr@tLUJwG+dS^TYiUPux01ai}Lmn`m`Fqj>%f+4S9R<6`ziK>+P`&8J#sJvZYMAMW0 znx^IX)Vq=)EdK4_iqyk7cSowL@^6#-%XT0C7Na@<&UwI`7;%%_k8PL^RhSAc*kv>p z*?F|h&qMrcLJ~YZkk30mlv=VVA1&-@z}kg_wjqKau9Wo{LCtAVz@|EFO{=qE6lLaV zQP6^ZR#5^pajC&knO3`E{!%&xyg)pCFp!k4+idZ2Kx+Rcwso-Fnsbd0fERU6mzpz9 zJusRW!@UmmoZkCq)0rxEqA(#cGz=YDEc;(+|2Qmi<^VVa?Tb?jxee6o9Vb$>l^(f@ zt;R=+HK7{dx@PJd+2=gmhzM>Z;D6ImKN{;*IqDC7N>nG~A1b%m5PZ3IAB$wJZ+`+r z4T+QcPE*kAKBR75Ewyrqnqxb)DcT_$sDffH4|_XC_z3PKWQmz%h?zY8<{-Jdd0alQ zaQmS+6&fsgS?+N)Y|{iGz#dtdlv}$H*PNv?&1ZYFLwbLg?Q?RAFmP*@`is=QawA?` z-_dfI$kDKos}>)O_NE=C3EQ9dxq@M6-LxsP9SW7#?x<%hw$0ZP={~pcMs!^L%6Pb~ z!aXlgCTurduswl(#Xh?JLo*Lw%9+J(r>ntWhN~fQdGV@@s~PjQ6HI4r*SfM?_RX%! zL$9aV&f7vy@>Bn0bN^%PlwufBmCvWTwTEz0Gsjgp`+wjUC61R0hV35&957c3&xVsL zq%rlB;)NVBATV^hSJ>vfO-m0>Usb68#*F1 z&k#`te>Vw&XkZj>JP5O0~nuhL47<@ZXTgzFR}gOxck$Cc0{-6bvC9X zfQsQD;Z?J4GBFMsa4yLkVWD6E1)*|Gq>B*#2grzIa8+M98+nk zH#t7k()bpOO8Agtq)jCe^=Lx|vRU-^GP5<_z^+3oJi>Eh-TDEYedqV)wjn=RF1Sfp z-v<&_x6OUS@U7P#G=eI=WKZ9;pz=i-7}5Fg!NM^L`ijLptv&t{S#q4#Ad_L9oZARs zQe9tUlfE#2TcTKJQfpJ;buedUpDJcxefmO(1I(lR&)l__Bb{ShZF}#;U~QO31jpA{b%E!Fq>dGiblT1JU@HFyg!^+BXlq}e z`|-4~HlJo`%VN{$Teb=h$U`>H=hc*)>m<$UXE!aaFYOl#95EUm#kHQsoBn3;q(nug z47DQhJ8&xA81*rRh-r{u0jkS@RDJTZ`7#aiRGzv{w^>_+WWz$ z`hm!}>dUQw%00G6htb(rk=p@A+}r$w4CkjGS-w3{f}klovGtpA?`VdN`Ol4Yavn7w z1LPVc?vEzDcb7YP^Y>yPvBFCAU@88R(4Jd8F)P`KG^%R#X3~! zVZ5Lfu!kVu^GBPA^*+CWXpIh|#yGW7(p&}UH7UjfRS}vogU>DoL$W?sU3WB|FH4nZCW)r~e>K#Jxhq)TV<{aNp96ad8P*y~X(j{tldm7R8AY7#IT@8OR3n+LwB z?&DQD=8Le80EHursv=u_!&n$+Ju81ZhAyG>MfJC5x`Qslmn#Xm`yT{ek;i*TJPP;o z9-jj^sl6(KWoS{AF_9xuOCMKm=go?i5ZO+qco)B4Ki*+Ltx|h+W%}NNx4UR6b(Hvr z>AlX8Ra!{xy_zvd0|>UaPtUf*gd|p; z?j=@p>xNw>$UG92ip&+M<*c)3g^V^Xd6u2-iW_2LRd(Echo1G~E_Q_=n&3hgtmWoD z+gSCry_>YvNTtQ-81l{+826}r=rHO4jad}7Rhn#p+p@GNNe6u{TfJe(h?fHTY@BQc zEuN+M=cHt%N#nj90dAG~m*bEehVQL*ZYZ0-6nBRjtKLbEBHZdU0HWGUi$^kTP}#rI zrU~mjzQxpoPDu{V$eXO4~ zFn`HuS>6ki>I&hOCJ{@+<+ytCJ1AvEat2#~2#O5) zRk9lV&-AX6Bo+yV76W7J&b>G1kU`kI|F_#V zW@5=vr>p~kSrI4(SGMs6W~8@XA~gmHsqB9R0__ICrL?TOl#=Qk2K;l(ZgZ90vAVDNy9YJ*nl|k?^tIB(BKo5ONk%mAUTH@JD&tbRrBU-*ae@^xK6K5vELkige=}~d+lNk~9J}GJ zVMz}+Pbt)J%&VFzVe)(u)R9=DU1Oc@<*J+{@%~Oc8gefZANbq5Lx&YeuW%WpdiVY9 zM6`FL#`~inPO&NxY8PGZU0kEO&Fd>6u6!Du_9dv#57UM5rYLA3byw=WR)vIfWYBm= zV=Q)kKUhHdn7NT#_e#+4RTl%wf|_?Bv??$axMn{Yh!1#^!Ztfu&;9bT9lAhvf4Tbf zj`^EDB~eKE@2~SiWOdJ1GT%s@h?R35h@am{7VcsXsP5NOZ|tw)OHT4y{mw$9n&g&D zxfj=dHK?~+DDb4TE)H{(TG+i~I<}zQP1MvTrA&OecjRq1KEOXij*ifx1_$|wLk?)_qgV$=P-ix{Yg)}URL#Q zb^@(>?XWK7^WK9u9WHlAley*@aC1iM`z%xeYgg|#`2Q;;oy!M2cc1`P@)fDV5%Q$r z9wY3pOBI9-&mVBgp()x&{?|{sBIJNi1Gq}So0u`lmVDGV367rERJN|nWr$UX6bTyN z8VKyx14LOQE>$6H8>Z|DVlNIFjJ~u|Cpimf;>QBWPKE|k{BN==MSdy?yiI)~7~Aj+ zeRD9ePVvW56o$XwSmyKTLDD8C$3D>(`$uNEM%{CX_ zK{f5efS(988F}f9i>q%TKG}(1B~)oZy)iGNG9TwhEu> z2`-o(XiKskWP6FR=#b+D+7UO7W4DJ_nTkLswZ-w}Q5AvY?O!3^RawUR@+xF2+;KXyBBOuoia&(rRN$Fj* z;(a(Z>7p@7n=KogoYd6Xaug@n=t3`?O1?RL6s77YZwU{lH8Ty>bw)&v|KaCkwS zPJ>RC=Pxr3x1s4CCg#D?XGeiO4=b;=eUQk7V98=lnH>$Hrj45|RzEzKK!7PEE zRDW-fVh#Y+_kvN0<&`RKB3~&Cre_UIniWk-|4Rw`2med59_W7_?XR)*Lrim8c^a>U zasKUWIHyWP7k?(1pz6!*M`8K*v;1pY{`5I(}eBtL&;PNCDY+>1zUC|Y^FNG;&AG~>-(egdetua_J6Z_x3`Tsqm1~($?a|b@3 z1by%PuV-09WFM=tlr^sZklefc37g_BsNMJ&mmOShzsce-Q4j?e)}5Pym_JvRX6n3{ zt5~>|*6aI|*R_%hX8Amk<+AW*6O&ockkPo_c~Qw?M;^%IPTI$|+ z^~fNniQ=D+^Y2gl_ouTbV)#rv)qfWI+mk;1!2lP4S-^z{zouut8{?w3!O>cEEU_5| zy$a-L-nDOwEx#)?_@2Kru6Z9-@3c50=s5R=8>whHnM42Xdgo8ZDW5MhmJQ&;Lh*C3 zt+LT^iKetD$a#*J%5R9 zr-eH@)>p|>L5w+?{v7Xj$RS4UgQTT(cH{3-+g-f%W=&`jcTS5FPGO?YtD5Fw{+d&m z|HpLQSYRLlo-FQuE&sj6pB0e1l;kcoGDLbSpO?J6=kg*J52nj1{4PlvoR>xAZ!0|j z$xvQocf8wsc$By>=VnzQ+X`)P{zymsJSjj&eD;y{;QDBOQbz4p4~7F%mmCx0HTb*q zQtTa)ja!^Qfw=naJ}FsWV3*m!D}peyj(5$A^VPD7QlnlNv-U%Wvj_$qi1pf(=yWbm zl@4MrrZ#Q=d=sFd$2QpzL-uD!m-7hH+GcQ=&o9*CmRFvw*cIA-=utQz2>BBzXUI)pQyFgZly1l!dTZUc{vbv zS_iPImhuU(3n$U2^3C@s*0^Y`pDEU)HE#8;(ACoeWxWa}!?oI+=Udr|u($io-5?4% zp|sbq90dJYMyVl>CE^cU;Ie zt&!J+Q|aM+xV3&0N&1q0cJLs;E;T_CEXF zequEd>O%{H6F`Zv21SLDa}AftNo;g?`TdYg0d~0Hx*S<-=o%ZkB_e5sy0VpPZlJO}X>Y z#2iPzNT02R0?t9LhqIkkw9hw+&_na*L9X^YcjG#{FVtRB$ zt2j!KRWNY-Ee=a1=FnRJ2O&CMowI)U@-Z8(Zj-EU;$)lU7f1XjW2lR2jZd&IM;@6U zGIR47Gx{jM*|+QQ7=C#(_2MN_7wI?qCwFQ}4T)R0dPK)}{Kt4rAelbIFv~u26@#c) zGF|hA|8nZl*vV2AA@}eqt3xS?y=o$&G0xzjT zYOLZUXGX*?9bGsODeiXlVK(xB0+P^#PsBXh`A<|I&?){*KMD+`80yq3-vj7#)t3=? z*dYdM3HD#|Ur`D;zi$U!H_U`ue=bn0wxEKIOC2L7!L@Kc*k*ZE#!~qeShCI*k&d{| z^)`LpArWaqC@Or-bhYuV@CgfaeXzZTLWW%T0>YNM+;vf3880gw@-4sl*9yyMd+G|#4kWJaOIA29jsNv zqP#(KH9gGY{ncL1CbN-_kp3T2b+2&d8W@qffg%k|394YZTe~QbmK3kKV;@jk$#8Qh z#Wa_cp|>IUwO&ZIsWr=5kgkQgsi~;hp269yf)Vo0NX`w<&$b)Fs9OC= z#rEcRlE|!5;Zh_E%GSA;5Ov#T?~Z<`?AEwsJR7b@WWvP#RmC^|*o9fjZ3lfcl1GVt zHT9}v(ENfJ-UBbU+=oYDoV|1`O7kdALc)b6&GO%unx+nmZ-%ti!2R$^A?JIGby`R| za_@H;p^20BEvF&Vj?sSM=k)*OL{woG@&wpw7AgI&6WlBdox{EBM64f)08$pU0QR?q zhAivrH^jx?1GMAWdGf-~Y*ilH*g->K-WyEzW@I5&;9Ztb7+UE=n`US104k#mH&@p3 z$Ad76z0IaPly33Hvgt#0J~T)RYDpI;KU758LykGEv?GG)$shfQVmxeGtrDbT^D8)T z+~UOG$qr7$r_^U-vr$cOOLsy_yJquNwzj;&L6p>@&D8~A-{N-FdKMYdlzhj^yB*lY z=2GLfhzL6DLe5`ornwU+)|#+x4-LvCpXFs%9WfXQjhOFq*LWW?f)oXGRg?w3UJ=3lyL=JLMxgx$C6Zt;FO{Ji7h-95f;oBob2qBuh_MNQpol&*>E;apeymM+0`4#lb_ZJE5 zDwsk&t2LTv+-v@sAe5|Q-E7eL8V4ez>(jikY2f6>P_kma=9w+f32zV7}BYE}NfJk;Mx7Yi?Y;jT6slxt-V+Fbn7<_ zm4$h|!#V{Oeyysw#QF-)P7lJ>LhIY``+E2Vi~eB7_@w!6M(dw}4Yk(w8F%%OrSVapvoL5~c%r~yx$35c9Uw}Fehi@}Smo4s7%mj}aRp)fX^T+LzUd-O$ zP1}m`m^{i^gf9EePC|OSWLZyb+fE^p6h{it5Ypoz+neW zdabgTz49+PXj?CEdh@+iv-c;<+q^J4w308hcI-}7VDuOdapO>-UeKzMw#5P+H7R4rxd^;~1jMIjGy|}n=BTl(I(({?G$imL^D&n7V5V9pK zI6$ig&ROE;0p;bH9D%njmvjpcL+S%DR28@8W`4S60B~Au)5ea4Gv&)GG)-FVtk!PD zyDf}gBgtK(GT+U(T}NFusp@Zo!i`UI-9=R{EqFoVuTl32}CMa^M zxP19*>52B{Txagk>S@}tFTx{d<<8l4@#@^Mk0WuVR@l2PxADW)wTzQ;O&fdzH}>Pnrby`En#5zSGeVZD&i>|n=ZMMk zBNZ|>7k3KXVbfot?FT<{qP-j>&3mGNEkporo4p>evAtwCSs@SEsj7~ovyFw8W;OW{52#W|g&W*^nK01XTZa^IaU zjmVd_s&NRJ;`2!V{M&Gfw2IeydEeIbo&)hy9W4(WYE%14oi|^mR*N=C{+c|bU|v3? z!>pPDC-Ym=y;VU4L~LpSRSc}Xo|%eez&iO%g@RQzmb`Djl;6%Zay?jR9CwIfd;jbE z<5TpUJ=9t4(@n1jvbH^hBgBp`%lp18^YeG{U9Y(!d0}D(oPiaZ2nHwWcUtcazGDIg zqoo6KyOtTP0+w+54Qr3*^6afwVmvDtqz>f;;wiy?2twDBD(h9mpmrML&XNC(NU+3c zb42pV+1sK;4WiRtHlI+oz{!ULL=}BF=H;%o&4k2RrW9LliQxONle#FsGkQ6j^AOY* z2rda{@Rj$)osR79ke5MuUi7}#-VwjW(w!d3=y?OVeBh&@5d1}JNvewttd#CKsnr^q zK62H*1d1K1Rb1L6jN$fG<8pFm3^dtu{Hod%(3fHZ;0N01n`29Z>49T?(E;I&gg(QT zIAztgnEvU@B2qGWolJqkIwtP#y9vi?OJ5bng7%JFtFGH{oje?;kX0Zg5iM61UXImmvMBw}Epi&Zme z!{28pL!xU_6>ddpVqztrFmM{sgsHw)8epOFTWh#9TPB?9=Lu z^TB-qSa}!vuM;bEEs=$7*R$y&KTivS%EC3uEG;cy8ox?RjbAiz5;fxb!}^2Wzd^IT z^>{!VwdlUQ;b=ZnVz#SHMRcvtcclZnmzWCUQ#Lp-NTpBsx>u>m!ElGaK7{BO;34?n zg$fto!7_*6C2a)zshYXz3I+cQ;B$aJxk0VZ)e#yMh78u+zxg4COMn-gihR%$V!kOd zhbyA~W>EkmqhJR*Lj8B1VwbK0CbER~Ye#*d^y)p22I(ULPb4*-jHDf`5g$f_Y)j^;(+=_-I=a6y&Qplu z2K}!yzvkwDjlQgc($d~gw=8uqZ8u@b6V%ikKag~uR$a5xn?!}a`%0?1`9cMX4{f1z z8F9%|cFSyql0F8O2__2Sd`DKp7aw}R4-k&mPq7TCz5gsl5HUfrQXQC9jjx+db1)`5 zl5KsgIIr4%aN{C?z%(e$@YXyDX(SatectDkR!IX4I*GD=r$nqAw7wyV$bE{GUO1Sq zhn_L)ar1cEJAS0D=34>3B9s0`N=L1);8H{Zbe19fA73=j*Ys4P2o}KHs9Pw zSZ_FOjgAfN9V$+q6zJxh>Pk~9*QaC>9OkTgJ+xbW(8rKONEx%9WL-msyh;^~wV_^1 zvI^>e<@C zxkx|ws{TFt%>&Q?ZPb8$;+SZi?a*`Y>Yfor`%LM2lS&|y0p=QSslh^*;i?-q+kBr1G; zN}YbdZRf<$nl!~z1?kKvzSF8ov;8Qqnq6XtBu_hiP5GPTc0df5#F+3`jCfv!!W`O@ z$0PHolZ z2a9IXuQ5rzN=x^fmWk9=G#ravB#nu5Nkl0qTxP1VQoY_>(jWcY+3-1X=+u~`FnSDp z{b~ChWr~I`wfEl^FqL9VKeDoazPd|yYCy%ck`y34eG3m zAsTQ?tL?QuqX92y@Udo(>W6obP{o6Cc~e5DQ-@p7_=|-$F=JLqkG^x@0A+$mI*9eS ze|c=zOQWb7zJL4bGNR0GCC=fzi|#v>uiI82O*pK7TG(oJ4AVvO?P+hz^TP+gXP8ZC z>q59izjw6Me0I<%TjsMrl8RcdAeJs!R)QMHY#^Mf`LoH0i?N)4uegc&{(R()z5DOq zL``6A#2cSw!V(c&Z~PqGj=J-&IJB~@GZ*M z-CPX*p{dVNM7M`tz-n^HQRr4R?pwNIwY^70aKCM9y5!4nhnO@K&m|SQCDE4MfGFRbW6RG3SpbE5hNMwH+AhJA2=e?N&<$>iD>AeCI$nm4b9z zQ2#B+N~xLo+V{GfVFfiLcffR0+6;uw2={m|Q3O~d*JFP)D<_H#n}R#p&X?z+u23fw4H@{D zRpXw@%`JZYE9k`nWk%w3R^-n2X(pDCQD+jU_QtU1in{qM8GFmJIr(c^FBwh8lDV%R zzGMpnJHeB4)%F*yds6=EQykUbwHUQQ>PQsrR(Fpzen+?XmM?JJ&}6!EH6YJlLEYf% zp32Z{5E{GeJMa=k#;{-M=ad=*b_OhFcP3N4_NCGk;Mu1qv|Z7Pm^?yrBI)tY9oLgW`}KLIO{91k$o<$~@!AeS?A73>hNL`O1e> zA&JYa_P9=~3|>d*k;2NIcqh#1Q&_L)*p$#60HBJ@+0U#{t!$|kJJtDNzp~`>lS~Ul zu(wZ?J_M0i=4QK?@~j$awe*YKZ;v0l@YJ%TAds5^3nvAa0KMF(aRs*!PTc zKG4(K2Ie`0=1=PI=+78$^Of|QN%^b>r9tY6hln>k^V%sgI?n~ya7l*JdKr)An)vKK zM4_f(m#c#=x#P-8mxo~~rsWpRsQuEUfSSia5GV?%)P9UTn^@Rg|4IVODezMk#Q%vg zL;)YnO-P0%rC9Vc%tfRRSu@Deq~jg)EEPA?PUHs?NUu*tzO**PcCk0aC5-!p7(Nvf zeZr0F{3^*DUZEcX5c{N&1i_He=xXqJ zvgr)lf2|TVeM;*8mbp+2q~~hEo6+emRyVLYW%afYnI082u?}uSSTu8BY*(g4@yz+f zny&O18fICb@RomtI%r^E!&!9PDE|1&qLU&uzUN$GxttK}Dq{3}?HcH0_&o}Z#XIp9 zQ`vapFE6GmZ8garWx&h;WYQ{cguuk3n3Q&;fhOBNAzs>dT^gxQr~v^N-vB(9u&QR6>?nk8BLD$qW6hSbA~ z2cQGWt>^JL;m}eGJkm&#rdh*(xxHM+Xzkx2;de58L{&kaOHrqva-GHi>E(ER!CU~W zr~Xc}L*n!apidCl(KZT>hka!G3wc5u3WCA_}tAtEvRVtYLUZ5 zEh%yO-j%)rBd5TcxqZ^hpm3z+{`Wy5pP}BRV?9(C={eMIV-8VYJCr2_zVo9ua59G` z1b&%w&$?HMBj_C1tYve8*@dkzSAsJQ4QhvKb0CV-Wz7dCp&waD7?zJdz!&5|C?UBg z1|6oB-g!v20My*(96Z<~Uo$sW)@&lX4kF~=Rwi7N&K0=sAGAyWWV22e{8Gx@=k93S zwGLX+pla-w1{Ca-YOr5Df9@fd7jz%N0p;;Jn}AhJF5XH!tLE`LcV^nwXiDqe4T@j4-lO0jc)by2@G$T#WxNI-jg7VLT` zDfMDA`h%~w2{1Uq@iKLi5q_NylHO?BA5A)NrZnze{Vw$V;Q{|t8!6Z$L*qaArN0HI ze*)3M|D+YqzxFdItnv|n6c0L1r~D$P%Iq=(!V8N1hIhdI6IDEB`V(9*Qpg;U)h=QR z_)+IHr3V}r5^)X7^9Vg4dP36D_d@xa>+CX0 zG`Ml5h|XX}{ayGjJwoml7}2&2*w-|(ov3AWO`UcPxYFeudITJgqZ_`yaDgQbt}iCh z(9;hN#-FsJ7#^5%7O3hcE6!6))7QtW|-%zckKIasOZFPCtr4y{|WFu|>Q8)o% zteV^RG9ueaKgA9tgPyeM0G*x>9;hIU8cI>Iq{q>;X|T0m_j*OrK(>NM>>E22kr|ix ztAIg~rc;kL_l$NA>JAw${-*|Chxf1+&*gg&w8^{`Po5*2YIjRAeL|Lvq?`4(Jx(km z8nvV-Uc91S(T-P@%}f6&`oZt81G}J$un&ICrT&%fH$@GPY_e*kYsT-J`{gOT*vi_+ zHVzdd)ie95`>BXhZBvVq%A9orqOpAF`@~k+4Lj_%=t0F@W+_>Z<)!BUlReSFAGa>K zooFkJjjDh3b_KOFeI$vFl}-I@4c=ykxVe;_b}bAl%vF)1td{tcXJ5doerahBPHKKF zRi29$f2}B7YF5@wgmW2PQIT|goYf_Dxq2IV9>3_Z`wWFTm)hgFx=d=t>1YkA2DU8B~e^@?TwC=uia)NZMfUsu5)?A+8(}A z!z&e}!o2-7(#6hYm%de(>F0-DaOd_83seUW-mj6%cZjCkQfkMh^E}Y`B?Gv{lIl$D zg5mZO^Q5<^EdI*nbY#2H@yr?@iF|r#y8lJN_mBqUIHc|U>vPxsfZ$aZa!tlV35~;} z+bWZ*?Ge8t*t0ZfC>QG;<7CJ){{(i~N1)gObXm)4rt;G~QgDQHfioE@_4FK>SrgDq z-9$j{gI+V6&So-UW+@Zv+?eU$tm=9x^XwarD+;bv0bwUYjgI3VeYk8F`L7G$fX(0X z37DnXH)V0*2dtJ~M&HsB_ttzlIA=51J}0UJyt3F~l1hNbj<71-A5S?^-y(W115s#U zVIn&L+6?MBGsHAxn140|aV!_=1uNU_y=b#?{8O1@aC=#fJi`cP}zRK8xF!i0#bIj+0>U(aWtIS`-zXZe>Z?n-{f(x>&Re%!Rp zzql@5TKVd&C^{I8b_{ua_`j!<0Z;ydGVTUeJS@?-G39IL2qp#~$$4_3&^hfWz#%!% zMp=b>pT%5c^dp4m#}nd#hqQJ~*E4%>5|TBC>kbf*TTh7kG66RMU%{zABkws+MYf7n zJ1AoEmUyprC)jH#+DTo84dmKzi{-5lFCz8@P0Qs8Bf3zW3Q$AYIP-RwfVxa)tywQ?xr zU%ynQLv%}KiX+|><`ZaxS;#ejJvlak$f<&o@3AErOv{+^ogm-Vnxrjsmm5sdaII>L znkM>T?Q?{!_!H)AQq*ffczEZJ1_<7fCG%sCspb1xHlKwXM5!lx)IL`uyEZ;eaQCIJ zL0QDM&)!AaXP0Bj{s>}*#=i(|y9#rv&7Zc&ynRTFzOVFlD{WZ<;9K!5L(&r7ocByL z&2icAUH~EBUtuS4({GcoYfW)}&NJ6K187i`%PczG845Fh5Yy9rCQcn2oL^vlb(5Zc zvDz95$W}zz)xB}ds*FPSZn~exa#iNfGrFCZuoWtFFi}gQw!R}z?qq%yp4CPHZ1}<6 zVH@S}r*lXU+2AxoX!T^?vQ)lKmGjjuGg&*~y{UlOQev;~z>&FSXg{SMABn342PK!! z4*Oobp_-cdSeL98MG`sovGS;TLIbb)+;fMl;_I;4?Qarar8i|I4aQXgJ4Xc34~O7r zoQ^2$^+Wtl-e4FZ_Hv}gRwg}EeP=W&3d@-5cu_a2VwpWcCJ_1KLd@?t)&J)neF;{A z!T7AR6$lm+UiJB#g@`EzTqRxuj2PdG{x^e5_`%Og5y-9AE2) z*A-2lCuy!#5zad#8NGPrV@(6NzLAoIs61Q%eeyO4qiwp?V2xVw>AYOdc}sk ziQZL2`Q(r{6bD zzIoTz@rNa(>D76rhcl?N`5>p&#tJkP-6zsIGG3;8KpGPVrg3lVr=kuPi5!g<(U_-D zFX)t84PK)sOCq)jAf4MH37Pn>lxocu5%s9ltXQw5IsRB2K{ek+M0xNwj| zRg$<2kt)-x7_VOLWuX2?upIU}K?{yhDKu~PK3Hx41iJO-$^PWh0mlu%dWQCyM+j-} zHmHdg{qg{}?JrAKFz8$y-zoF)p-S;2BeW5{UYCw}Mxdre(~+5c{Y~L~irHd!9~D|H z%F21Nw|-F9B*@u|LQoer)?)%m0={!mjME)PPd z))l@@j*`c`AnTBqW3ZSMRxjPa1UKng^lzN@*S_TFQ-E41)qb~-N-rj?wt=sOUC;QE zfhe5Ul!eaU|30#}90jLs{c0_ys4VPQS})+lUXTh3_EsP+Y+TC`&0c=0qyQRm(L>)< z9y!}xz%=$Y25unIMzozAaUG1BlQZ@^_7Tw8m=pX{uU%));*+z5RK)Ct(V5?Uf=33; zZuB$4b*KBw|9P7GKmQsg;Al%i8UzjcA7x_i899IiOl}bp?oXCkQJF5(XyAH*P^%}X zrbuoee7~bS-Nir2m^)nn^(S%Bk+GuHtsgV*XSurs#irZ$WfbhC4m8}cwzMI9>}a2K zB7m>W=GJ#jP|g-yFU8smgh&rEsV@(Pqj5D2ImKaSU|zXkA1cT%dNAHL7EjW>^YCp_+WpWu-~xNzi3k&deet?-EZ;;8hj0&GE(4u$ zkDR|RaNz)CA%tC#eS>hLzURKp6YXsh0%(&fe*RzBKIQqW@az9mYxSW-U#fn>F+1HC zmRZW`ng`_cIZ^+wi~o0%`;RH<>w^7U$ehVqiO`h(=!=_0!<*xcuG5>Iw) zi#@HTg2zPm4GJcduh!)Bg`ByYmjx%M=ibjdY1HRRP6W;e{q&x&H{qVi_@H+%J1(P4 z^L^Z6Z)k55!+@1q?Ddu>dTkQH1a zwf_}pi*f6PiPhV`P>#ibHQ~Cq!^|OFUeg3GYi;b!{tYAB;i%5eWYnb6)hkz$FV*(x zAvyuKp)2;|r~K1Djh%PLN}GXCaVc>6n}Y$b?E_=w3I<&p6+bK40ldGK+q=4Lhvhu? zz;>a<1gn7Yyu0n&Rt2DGz&BX^F-&AN{R&j`}SrMzxmFaD~ z7TTt~wi??wo#QNJQR$KQOd!pTo0|Dm)Y+1UtFt>?v988=Sy~1nLcu8PQLs?!nWWSF zlDkf3>5ZUiSw)Y3`7!=dIjH&Bd@b(-T-Z?2Gn@xudDj**>H4i=|6qouLY>b7HPMv2Vh$-1RoI|4du``Lgi056Rh*up zv3^ySgt7V#t>(AW&A7Q_VJl8^dKNg5K-v zrsj5D2?*yDG1EuTC!Qq1dfhmcpwx{{lg;FO$LJ^4;zciB{Emso*B|rl6k2YWytVEs z39jw%`H)|_2P;Vu=a8DulbsiQX)nUzIr$LPyS!j~buk8+|E|ey=W~hNpN3h2W+ME4 z+ZOJN*2c*x2C%0iYMt#Fp~024E^`CXN(Us^^?jxKmO4L0J%Er4&#N09W3Y%S6zJw6C?R^Kz9RE`VvLT0!x<2rmwobyGfelTehCNHcF zx5gF>0IAq*jvv)77ms!mmIozW7HsnD@|-+ty{4qML_1PX7r=M-2Ake&8|KBkI!%SX z7bfio{;6qwyq(xWTsfhcJYsa*j6QTwKWJO;vDn}L;y$;Afx3z=RK6ePJzu|nZopdrB}Wn#ttaR<5CBPbU{gT1Mu!$Iu;Z~ zSaUQjQ_;UGc|Q5zd)Mr|MvAol^b5}%`Nj6uotgXS^dQ`|`OAxw+!GJ7qIMW1ktbcY zgCA`7tmH-{$zdfQaPfS5w(@Jc4VeZ)H{t%X#q!IZ#Y2h$i+_o7m*iHJ1+fporhTf4i%WK=3XM6GCvMO4~D z-`5eRZHEddkh=ba{}9O>e;iX5Crrb7pWN?z=E(WcT1%jEU-+iw7N?)?7%Ph$%8MoN zly9DZ^b3_+W(59;h0GEn8H%nCaI?8Yv7wu|9I(>L>E|Qrkn1GOqQz!!39uZhBvaC1 zZTzdKXN;IJs75zUd@Rd|i02zwCeaWVb7f1*0y#NmmOMlZFq)hXwIeLJt^Et^)dD*A z%oy2Rl!(FKr}jpHy55eYI5JxMemM|)7g*M`^$4ViI~_tg+848@v~go2HyPyi9G6-e zEq(DCbvrd;B#;DzIXo2Z0c`Qio4XjdX;fbP3&eglC^bjO%(HEsl3Zc^EUB?3{U=k+ zr7tEcLzNl#Ip*2}-mQ(EeY-Y*QM#N@wRfmj?pRp?pC_9+MV;5yX#cA}*&0O0p-`~Z zhvG7;Kbc8L?Ie-ui;?Na2ALNZr2ba)RBLqZjj8c8FK@>T1~|s8d+pdMH2L_9N@4nP z2ph+)`vEM}F4|Ac!jGwK7G;5xiR_f1)8CqY@qzYvEU;s4)Ba8CYN?(muPgS+;7qm; zD;*iHQ=Ysxq-=Y%K`*Bkq?Wsz8aY4)yEV1kW*w}tW4+>;AXD}Hkm-S}GKk9B_jh-l z2^dp5(>q&~P`m&Kp$}ZSHQDnTTU1XxQrHUof-5)XoG$L1G`#c9%65XFCwm5ygzI7E zG{=OD!)D9;;wxqiMTno*H^RoywHmRr5{4H^WtQ|e<`KQ^t5lZ{Pxgft#r4nQdvn82cuB z0E~XORqc%;+-0|$Zcd)G(`Pc2qURGt*y^R-R|b(ozw0;e6TAlv$s4}m%6@_x*NEei z$VJwm-@?%N)HC+Vh+C|t#-{%Fm_|u_qOXFG60k65E74#3Gf3 zvSyz0rgQ0AylrdT)n)P8JM!L0wwJrUYc$%s|Jr)dE;558)9P-)<2NhE>w|loDihvU z4(@P)9okHiE#MHahN;UjKjZh==Zt$q9=|@T(f=k3*s}>Eje-Tumr_ARVOxeFd9_p+ zLg(VvcCl}HP5eGN#9=!q5G%upJH|7FGoC`&FNic1=tE|QMH*JP+BjBzH5_2h zL|I2($?fl_+r{m67!vCRmRz5gjGR4~363e96ti=2rB6`s8@HeuKLMc_z{T;23N;Ry zIbG6#yQF}KWv*~VZ;Pjuai_I!`nAyfvR#alqG>cg<_j9D)fJP6^Ms;2qPRk-X=C1e z12nukcF%sTr?~x`tO(+Kkmij^HXp5+lYj$jSdtMi7kKYA0~eC8}AXnEAnexq3x z{NuC1Mn5F@n44P_r7En$8T+Hvn_B*m6FX>qU@RU;T@TSiMEm z@Y`?68Vu@JD3Pr-+kN3o1)cWf%0tCFN_a{+9Z#4$G)U2#;Y-En+Cg)0zBj|Xy%MPO zV2~?>T50b(#EQoV@F3wm2k7*@cP@k0=!mk0I5EtR`T+-UQ|KCy6DkCVvII;LEEDtS z;6qD}8G?6ce7%H@) z4tBbKIMmX!+3bKPj&ANlTGY7MP5jg)7&p)}Vs1PfFH0(Gr%ra9oav${Y21p@yT9st zWu6?|dtjBr=TQF?*=<(+vpE9=Mic+mVEDG6I#o$h*ztpeE00vt4Lql zAGvi_#eG)en~8~uvommUaMQT z_j!E?Td;J~&J!0=XXP&_fN!`wgV9)P0ud>{+3vW~uHyY8(*thRs<4h)=V;Sve_N== zehR$acD~xSm+$1fF|<9cefFdn*VjcY3kWu*?XSOTLxM1~e<}At#}o4ku~n(rx)J2p z5>4af?r7T<2fBcU$@EKeb6>z6OA``@rno{3BbqYBH6yxr184>i zb?iQ&4~f2N`T1m#uq)Y=y+hmo4`Cm0&v2(`un5QN%HBcIHV38Vll-1E(iC=)JI$}V zwa~-8?4TE(xFD4w-N*{dH&VgtkF9OS>fM!~Nx6@%RR!T#tj~OiBp>O$g$sKG=LW8L zZC_rX{@jK%mZ~q~SFp(z1r48&sq~aC6J$N_dh=)ED%}_8pLznxf~L^ zI=%jyK{LiJr8AB9I2~j`{#lXFLdgdw(X{!jP4^QK%85Yu`9}0BU5-)jB_vrNqwi2W zdCcljKx}b}T|@?zg6Jwsap|6nhVOchaQ zo+Wj~m-lg3dFVOj`lxVnA(3R^L-L01dV&)2eQe4&0fn+~e^Ggv`sC>N_#$%2YArL- zXY$d-<*8%b*-5l;g0PT&hbG@(;tb&sh#TaNeHyGt5KMN~*dQ@(OWAqzS{6fjM{7Oj z*^vi}{%%$UD^b7xRs{ck-2Qix8PJrI3*1HfFAfuBP6}|d7*C7T;;)J#>KhG5R9&=( zAb^oQ0r(61eHRrgu9r_qDYo9YKST8{a_W!gfM8wM3bd$t6d>Q4J93Oj(B68N3G_82X0i2 z+B36Tp0+sE zkn{~-Zp?=Kw{l}%4Y^_tlt-(%LF?>__YRlAuzGbY%%^n)S>tF#H#gq}B{qn~#Sfq< zLak=IUx3G1m|YL!`|vN#Yd>(RYpuYS4|&c?aO$L9cjN#;gC`%VQBBrDLN;mV>L(ke z3)FY!4}Wuu8=H{-I) zH*hL+*;shesEUv{l<98lg$68OPPcbG>1||O5#o^eW$W)3LO(LyScF|TNgs{16Rb@B=vVDx zxbv3ya@aBAj@(Pn>uueMKJirPTjtj~0_-{Fva`8T%VZXxo~*3JTunB#|LgY zjA4gECv?dHk)pa6P{LEr$nOmFjt#;QT(+_E-EtIv4OB!cEFIS*csCi~l3bT&mmSpw z5)->(ZIw`tJ+ePXM|K5$4hO#qF zf)e5stPBFRVg?<;^iewV>U0EWz2TzkF=&qQj-0QiM9kyU{$@%*Ml^8xoaP-Xs1h=X zdPxW`t3}D141Cbw7i*JFy0F-fS>^t}56c5zh5*{J4aC0={~;yL&eL(4!>>lmmCoJi z?l?@hBvS*WCk)ze-2t?$#Hpr}Q~HEoqd^eKw*$mTs4#K?=j`jkp9-oN$Gj;N8 z$lrx-sgu*fYMxp&O(A(bN+BpDsTK{XPu2Krv@D)vpZ78r_jD|H`5aR}`S_aetkLaM zMv7T+qf_BtFpCx=(0H#)a*rtH!>BZZzg9Rix#=&gOVcdYjWLEonTXS{qPkM~Mz|#5 z-lZ;R16d6c9j&dv6q$)N@KQVC!YplVZTZgcm`fq+=Z?HiN=Dg?!RY2?X&3yjUZp}w z7T-w$nj(U8sJ?$GXEy4Ysa0}b77l-fhaeMVch1M$ZoA%}%^5Y2TN|oY=sYJR($#62 zXLt-aTDdDJbOlSDo~rD1T04ZG)E&#cSMnUp@*ZR;fIe})pl}ws;;t1wdlF7@kC)!v z%7SxAwT+Py{7T(v_m@bG+x*Yi)?EEw93U~i2eZIw-3cw|I&mIgEr_bp1BfeF@Galk zzx}nfrb~eiK^kc^8qPt!|GvdVMzL|})iyi`Z=|=agIUX7eGO%C=cAN0ILo1<)gciA zoyD4@pY{xeGv~1=5pt;I=}-3SuSO@Lp`IgtOG@8MRapy6Gq;xq!c8Sr;%PPXX?bZwyH#veb7d_z| ztTw?LDbBc7U;qkaSyaM?YEp1H@5mVU4?&&a7oI`uTgoiukCRX@gbq)v7hZ+M-)ELq zRIy3#3s}-zjAv(p-Yr`0DB2K&sMHsZK79+q^kBoE%nwUWnvC=`tovPfNp$kUp&B>U zt0&%Qx2pLf0dYwpW-b&1+O=ffn!+SZd=J_X+{I?2V5O6Tg9)EZ&AYc>Eoc*hA-R8e zZ>9JL$bK97HUitKht7y@kRxA3bPHF(m;}cL+<3#j{#$7M&lZU=+^_+HyKemb=4U3g zAqHD!56=>NtPdEYP#lJ6^?`S^7x;7#e<4D1Q($2 zyYYb>R8b8t&$eG`{R?+$g#c)}Uym8AZ99-!ekYJf8kh-q$VqWnU_KTEo_#hfNq!)L zimzAj|1;mKgt-B!<5?67pX~d~wKWezQRZplEA!*;lkO3WkTK}(QS-XWD?v$sL$d&- z@b`YKGjvSs4aJJ{Xy#o>uN}H(HEfRe!JHVeC=nM=wf($}ic|Ipz?iP*=8r5u_MA~- z(0!dd?)DThmVr~6IOgwhSH3$pSmf}O%gZO9xgR4KVFA@HWgjvhz5bO&6=6~5vaY|I zXKE!5-uK(I$}IT9%{nW?>a25W8|6jcut6C2;^>bSe$}QJ$@c;*ax|g2fhooEq^?#_ zc?eSASN87TER+@iDX*MjCBs0kWInSL?kQm6m&T#8+X!&_O zrk@w;#9>78K=J0cR`gPHX+5FdU~?TdFFiE&AHfgrW(VlW?cXHJQE$7osLMidv3uYS z{WhF#&#BbN>$e_UzNpu&bJP{HGR(a?%4jpw)VL>h)e{}KIIzjkjCY=KzOudue*Y?q zawhwFPvVA|r2UsY#;xgQKxR|T+hjGZ9biWC)lfHa{H+X6*P39_75VM>4m-!6534v= ziU^RFMEe0K=mJ!aoH4IZ@!zG5e1kvlRa&RTmd@AI@%wY==&Os3UcTL?*0-z`M}h(rCIp^KnP?b%&QZK zj_K*`5MnsM@V=J9MD2mmIX#wycy5j?wKen$!~NT;)E5CWZUd~D-i}IhfQ9wsLj~fd zWcL^XE zY+376i+{4L1NzSXwws7p?5Cco(~wZ@pJ-%saaKE-5oeg=E*t0B5WJqbqd;75zhhF8mEx#W`f0zR|iKI8n&i*wW zBhG%kC}-5fFF&3m?wmVZ4Odtz%muzOGIrk{&x7eb8jZZ}2+3V=9X$!VSdTvFu?GgS zr}OEP4haaRYVze}bIr>g7Qc9~e3yyeKS^+)MiqSL$u+*y&(q9#T#NwctgRk9*(JW< zOiOa*lJ84{%AL##yZ4_}Z7s0P#g~m;1Ksu^q`YDey=ycQjHv=G_y_1SwQA6$j4$^% zlUh?DiUGOsoD+Ck-$?TcmoT&RvWUq&=fOnbz_!IHqN#JSu_~TCp5vJfs)kJmH=@%) z`c_%@rI*8v-iq!6&VjdHV0+};EjU8V4fEjqDXx3@+PT7tU#^L^o`y!TNtx`AoE(Yi z$y}8adRM6$KB9B&5Bvt@+9V&LK^xGf`mb#)KLvPX@V{Q>1@7qHzSli%Qq`)zDd{ywAB1Jh*#`tzV9IS zis<6hU&Y$6akJJnzx%#$u4^)~{-&>Wn_Fv`g-hAE;*6i)zQU9kk_fXd{~+yXbv|lc ziREE!mXmF6xnI%+958VEE5}9WySMgl<;hrNen>{-;5qXQNrm8o z!tdK3o4-YoZ9wj-6R~>^y=SjQ7dIc&df&$b^Qq2WWH|xOa4hPn*7rlw_jT|L}>+ z;VI+1%4l9r_L4~JsfWhsIyNYMl3QYbwz3={8n5c}=V7n^$Ho7LviAUL>h0RSr3s1% z2udgPBE3kj(wj7;SE~Uwr=WIp;g? z`#j&wH?t>0vY9>E*?Zsjy03Mu-wN#^XHg6BJy@#C2=&zAs#{XMFmn=anuewn0Hquf8+l$##XtskGXh5%;H>)J4um?Z$jW*k()3 zst2*-QO~;B&^&kFy)t^W@UwSYEHrLvLo@4nO}P@V*De`lQ(T9uKK+D@XG}&)L(uTVsMtZ14We%FNtO4dA<4S&}+s zaGD5cC87B_ahHVA&9H1t52Lfh7@7piQ!Df;f@?3nE&?_oDU}25c`PQmHZGbsC=g6AQ`_z;U~Oz`49NFeXa(&KsDh_2uJ}qo9{q zIL(MJ07S{v+gN!Ox$)tG-Keg`44V7BCbX-8=_xXDcG_{G@$EatRnX%nV|Astxt0WG z3tDaEgLvBCr`D7H#cXvRM^?H|)ff}0qgJS8yxuSSZWz0bq-*&918qG~z`RYbzc`s5 zKS`fIfm-0_$$byUv!<6Ge8?y~`s_9RE!|8z0h6LoohL{{&7y!~B$%GbbUrD%~5aV*|x5W%^m#U^oE)gzsQ zb_US>AjLktGRyMVx(SHqRkU%&2qXi-`CB@f9Ke1W3|uBG`G@Q}4qHzNk(t*tLnQp#gMS*}SOdKx+neyI8qKtYB7ANzDJ{PyAPOUEA>2FK1d>WW`lW z`jqTWARzR2$dC6pM1DAj_anLQ;LJskQQ*7J5*>9BD@d7E zNtwFo(PIQ3emp@&P@T*8ximWM4E3d+JU)&P+zs4oGImQUa$sorD)%|^H@NYZe-8+u zMKzXD<4WM}{s8z->t4R-XH~4uD`vxd)nd56CvJ<-Ur;xnzfWzO`kEzC*1g8VTEJ$? zQsGnF;)7nd1>!(pxa1y|0}Xko^AoUV7e1AFv+S5(9-gy)EsVX?GV+jC)OBbNgr zi!*n!#e&9_S#^KBCe+kYA*#`%yh4v0Dyas(^gK2$V4e`Z5NAr|G8`-jjhXP(&dmjt z&T>xT+^Pp3$*L5KP6pXYFin$LE#)sKRI0cKhHw5n~% z9i>7U1c3)GD%4p5Caa%5YSQGZA8GeP5S8Bb0Djc7F;ltiSj@-dlUP|fxk2U-uAgf% zV&0>m3Wo7#KLYYk+OED;60S1r(clr}`yef+x&=It#$x3&&r=*WBuiYuvksYT*$hldKQn57_AG-JFsh61d=y+2GXnUhmfApyhS$;F>7CStyE; zz3l~}e^aDBWpGuiwCb2&T%$&*t&h0}VNucc;&K@$>Ni@2OMOB23%74hWI-R$ zpa%b@)7H$Z_>j870s8q5ry1MX7p7w6l7+5Xe^R;T3YWaw)leT&f-=z1(mPG@E{Jbm zlanu*+spwT#`{>K$(bZhUxk{+wNRFiR{cH9`4=yKI^Yy%``aB2(&RuOsJgle1T7VF zS>|i^mWF%;_;4?yZc>`>%rA+FlU{)uQxEPm8!Fndq-pSsWvDKC<^lgds}cVgGu`pJ zUhL2KFLhN`9mk1P@_qjo((cVpNdQs7+`I9JuvIr_uj?_Q>c z08^WVTA)SE2hlt8>G#RL@!!CwRE>DfLiW8~>_U(&nIToZ&Ks$)oO>i-OVSo zVVKDQ%b%{WYh~JNftQHEJrQs2J@b9e6s^Fupu_C0QJ=d4do-WEY=5i6+{ng;^N0xN zxpP?no=1y$J$q%q@Sp2&gr{h|oAx~+n}q}Bsm=f_X9-x4v!lP2b0A%VmitB4l~O~+ zzp-<^8L}S|+8KXYKzbWU0}U)nQMrDCLr(TTx5(yC5%`DZIwpIG5kzqjM7tEY=_2Vb z)9-AkK;_-O*;_xQ8&d6nadp(CR`S;)kj2I{q!e6!c?QV8|1;ZQuBBL zKWTG_c3&`sl0~MnzBD#A2Z7#BT(pJofr1d!|p@8x3*ZP$%tHgx$Qmx6r5Q4H8LQ$MDUVv(&3-1i~aW6E)*zts3%@UXl+Y5JmDNF@NCT z$QO(lz3krW!bjbbu*P2+M@I#B^HB;1JHlenKdz!3NSW3e{a2O$=~S?vuP|fJ=7214 z&*)!gy9!_>V_(tA%rLTc*s z`a@}1*>h)-)+HAH`}~?uRbTF#Vr6sYoR&fmXAOEORt}JjANZnkB?zVZr-L?sS$7x& z46B#d=3Jhcarnroi?%#Nqs?SklFxXrR({USnNunM6L&jF|13b-J7@Yb)ry}haiGGSn7kaky2lSKl*RUUGTcrByejS{;O&q9#i9HMqW z##WM|1-w@&$>8|#O2p6wYQ(=$`QP7A4@0q+fbd3WmPiGA%dK{^kVR_Ec{QhU%N;zY zi%)t+w_96G_0Y_McYthKwU1aqSeezVrL}co*4@Nu`^`3gD0k{&0JvRmBtLy;ueLf- zaz2`IsOIYsSC%&66NzL;YcitJ#}iqyuxF6Y*a}i7S?$U5UD(_tn z;Z#H}PLhB$58dRY(Cm--RRrsZ+|6Mm@v$AHXGlmpJ3G6nXwl^YX~IUQ?E9WQDJf~U zKj{@WOlmVT`vnapJ-_;d?<{Nw=eC zylX)_fEJ?iIoBED782>oqtnoktKd$5(^M#{nAmtK=|nm6sI^WcY-5TvX95^q*ebx7 zI9VMGCzk-2ygOQbVbUAczqW=qyV*+1eUE;9vhu%=8UG9+yQ&Jff#UR+|9bRTYON`{ zEpOxExaj_b3{PdQcz8=DGS&E-1qWAmI)zn~_JilUz3A;96-VQ3ljCWecH^Bb$c96p zWlvssU$lGmFq8GZK~IfjS>Wqa8uIIzl$4e%Fe$5qheHJ5H9=p2p3*q?H41nrjY0t< zJYBlF6a9Gjviw1&vGTUIvI)@ilb1XD+hE%~*Y;V$s0_c>Bo;|2sX+v=z4@E+mkEc> z$NoJ*R3;A@-?d;>ZtR-iITrMnxHmUZm^}z3Vz|dIt=#5e?Hy4lkhH(k_3%Lu~Sv-%k<$xMKbN?jS_&uYJ^N!8UEn9g0 zc;mdrO;vmz8l|-xe`Se)Uyu*|oP4=bJSCg{t3c6~ zO+x(Q!1BFOUQy`01JA|#S1vBJaGi%*=DKbhRNLAg9uzswp93??RoOG+NS`CTGD!oB&Edy1trM!n+llZ~=MFBv2mIHr+S^BQNzGph zbe??lt59(o1&_fXPCGUEo(%3y=nXnRovxMdJJ1CkqIu#PgF=(!5M zIum6>&ihx>qViN8y1q=_!kg1tvo0G)7&*AcVGbeCEv`v zGw5w8Q!-HByUxME(KP5)X;ULO*jE6F9bE<0!MbTfaaVuQQ^m63pyj5nP;72AGqb=W zSCo1>f!K3@HTmNlzC zE-P0d>E}#y!W{xC6@g-AZW2T0YU*M2ZB^S>@o}oE6+R3qCijbmxyLRqCCWXDAV%wv z_^N#d3O)?eTu_dIcB0~bO?CD9sNRaM)XU3HLd=&&$?>F;4~hWk?=*5^x~w&O@JDg9 z(=;`Pyn))L1O!&3fXM^u)Ylw|S^}L*Di-`Ks@7J`vw*yzp`ph1{fo+c@5LN!-ytemxhpBStxX$x+VhJPe$kotFg@X4mAP1Ox}TzLT6wDzU9NbI+BI(;P$jHmxV6!@*h$eQ%V{*vRU>|w z{~fjq^PfHKe6!a%>Zmb)3?`(?ZHI%t#+j$UXt!oEn>BdjT@%0m1;{2>UqaV~*_%6D zT56FgLgXr2PZLFNM;Q2 zh@0fCBLnjP8BG6;k={qJL?}H9e*CY!*-ZHFANt}0HJ-mvQRVE;AwX%i75fpA+15>_ zft$LZ<8r4auKb|h{g6Y&T=1bfU1Uk6yK|#TEHBtDMRJywj3)5cn%ZK9aoCF7X$8+- z5oy>E`=P>Z1Un~(6zQ9odp>3zB+Dgan@adXaVdEsXJka+N4XH2I+&&7=doOi-%|+#)ZW^aws9h7aV+z`Ng@lGP8GouZi9FvsLUXZ|<}W-PztXmPFNZ1V?Hmt0t6da7!_ ze=K_x1wi#P*?3P7h4L?2eAoLa8hk0kQdH%wK^Oc6+@V1az@7r9M3!ZS`@J$Shtgc3 z)Zo0wEU!ceWC?g#`?R#gFYt(i$o7^zh3$h_S=zuX7A|svi@Fc-DYqshFT@MiPH2h%~wFJoG ztpK~p^*;CEFKX-agxvEX*NTY>k5Cpl>QE2sLSh%)e?N4g|As`KFB`T0wcAFXeHHA| z=ozP(q+nk|Y|~-$m_B7dl?2{4$Sm#TU1Euff8PFU*&Tf`ZB`}7Gki%H>;5^5TW$LA z<33PLm{yRnXk8%uLWJeVB9rC^i%^0$Drbfd{>(~iMm$g4b~f%h$QRwy3w!;#Iq$#GQ}d&>8qlWbE?!h`_kBq z6-`b-r@Y!#jK{bvxe2(nTMJ3C^NJv~$#!3E8<4vmPF=*Jinp~TZu!~mjE$-6t=ov# zv25jD4-CrvhGC;^BUPRp2zjyy@N8Ykl)pTj5AAVF-TR2F3b>)cZ6QUB`M0C9ZlSM= zch>hj&u*79<*z=Y9L(O-m)lzjhJVr8F!#843qsLZgX`-J5GkNPySpa`m~|B`x6?nb z&~xoK>p&bJ?-Ej(dzWY8%fk}AG7AS$-WX5b@fwbj77oPmvB7BUL&emffVV*YK>{fi zAqO`*yXEZ0(g%)GTRQItW=x=><5o3gkKW|CzRzr30QlO7dP;7sZ3Zc%!JNI(Z&4Z| zW?4vgoFA_Kju39&_I7EZa^KQ$-KRV-?<6t!;Ay3$iAa;k^z&vW z>?~VYWiGxhUBBXRXdl{4%{&^kD9NGvM7Lx^On+S9)bQWkAU5lN7jEZJJ=VW#ek^wW z4(nsJcW|ah@AoA+dhWhsWn%x(LixyMp6uLpPnOl_J*6$OlLyOF)NUV>DZiH%9gkk4 zpxCXOQ8G$r*on&Wu|p@B#?_D3p6<*ooX*|!GKL=F=<34KOY%a}9oD(NyxkHFgx=Mh z>?i8?P<|#XD^jfQ%3Q}4$Q?t&2a_6ppT@_R{Jt=szm2ONw})DJ>iGM5tG0JDMTMI* zIcNb6e;eeJbL`&@h584+fXr+|q5YipW@axwoqc3jmEhi!5a)po2X7A#2ZA;WQ!Joi zS))0wz_JVpJP#NpY;O6`wZz>jRehO78f#qHtJmU39Xx@T)H>wo3r|nqX<*2T=O-=> zEo3)*`?KFofcN{{^s*hG3u{u}IB6hrw}?A%PYtgb&O}(Np7;wVOW!XBbF)qxOz%=b zE?cWij$~L~G?3?qz5}gBC5FmV2qmN=)kSakeqE@T%1MSNXw8GcjwLNGnoS$FLhSh_ zv^1xg6rYpnyzm}r1r0xw@XSe|0bakBvnfcF8Mp7NWfy|1naoVLBXX53KoGMDV{tl zMJ|c&%lR_DN_RGvMHM284EBCibIct9&oraF#ILa53W2`p=VGNSEbiLWdK`ud1ZlqX z%$o!Qgaevv(P;@pyBZO%6Q>f`$r5GexFDgEzXcLnowGdT3b|JfOl3Yi8H?`yxO3e> z_xO8~*Dqu<*yf?Jvh!fSatJ;!WaA-#VgN{0VoumE${NUR5W>9u=jqehusiyt?cw5F z#+FG+y$1M(w4}w!73z4PH3C56)|Mk?;T8ip{N03QcVpg5>_Y`__pzkLz4Hy-#%W#2 zu~`obBufBif1sLL?ClAQOTbk?8iphMIOmxwIC16nVmq}8N56&=k|eww-5No&7LFx& z&1ZF8l3+oW97W$SmfANvvGVKsGxFy(x6v=%8Y>LTS$xE@H^gMBJ^4_eIjITKl-9?u z(+^P05$5KfWZgwri)j41{Pz+I{^WGv;U!(CGRohCGy|P-)zB|Ki7pIy4kt+tV%;Ya zN>dG%;bb`Q!%j7tjmX&3xY^rNM|vv2$J;4f*KL8Ex({@cL0LK1RiMEcRXt z>Er*PYDHS&TLr24%t>`p{1eGUUMDDM|BUlHgPJ+2W`XwK=7@10V2lz@K8wp9N1ry$ znD5}cyMQi(+IXRX-7KMKBw=G@?UG}}p4 z8F)66*VKgy^t+GRJStqgOku@`f0t`?VI<68x9i}F)Wp%Tj6?w!XsV}5Rw0SM5bLZ@ zq>@s&E)XoS=<>(K@;77nRs7#}oHlMsXl(ygOg8lw*!Au1ZJ5jLb#dY1c6s3&clDle z2RA(5s}PgAw^NeYvDui7rGB^AbrhE1-He(nuM9s_iW_~1Fb;j*VHu9nQSZz5Or#PJ zO3)kE$&2^)w_BN?oqciuBdxiqBgQhO!lr0*Y5Dv_V@`g5<`^YTRl2o-sC^WX%1T2X z-McrtI2(oHhd(r@9c|q;V1&lSkap=639o07|0c=iZ1K`eBeoyk9-a6OkYVcMi;8t% zVM@zcnI#r!{9i199P*vSCxA8b&d?u`&<{vn_^%@rik5Woa4pha`B?Z^oDijKxN2}b zp5IR9LyH+aDpPh8y?z;oz^)2sV|*;#n+iRv;@rl&J9<%D0?*sGqT0aV`%w~uhH4@P zIk-6+TV1dIlXmD&{{GI&!1IHD_M`1^)9FoeD1nQ-ne+79un>Xb1Jcz9UJmAtHZW%J@? z+4^S42&}EmMb|SoHy8QlJsfThN_naIbo>A|q@qens$g~0F?h=~cxmBb;H%%QGcMrO ziaqjL#g~BL7El0h_LMjPgk`C5ey{!f1Dk@cpS)3?hupx_0^sBj;w1D^i+AyyK!lA0 zWC4M=Lf-{oC>wixFni(0Z8_PPGe|g^LfXEEIWsvO_G%`>$V%ViBZ>oFQ+?e!0nN?N zaJWtUy}G2)itYj;4p2Ztt~TXp83=M8vRG4tDP>nY=9Atsft$6>RIAV;XTe65Z|B{k z+?-sH?(k;TW$(-;+Y1e7Cp@*!GGO`58DDsJ_2u}hl^R9$-5rmP@dE23`pfsENAL)= zCNs_SRr`Jh$GiYz*8F^6p>8uHl7uyYhF}cnx|2yFm&ITFgWKxj5NG-+Fo>*zVLR_B zPjkpO2W*?a-_FpWIix$5k3T%{bXsdpq2u@pDcK$CVL)!HQ;=ROgY^Cy8Z^&8tspM; z({ylGdk8T+o3c^Azxm2aJdh}g{3J;(waJm5uuKWrv7mi6O87L}DBs=t#cNd{FmIQR zxHRmMfuiv%qrmW%ap}+DmHDY*@&6;4@K+eTb5H%wj?6zvjch@D>I*8ug|vrtjouq~ zF&No!ER?vDUYG^8Lb7f6Qf3TksiPU!P|-l1VQOSo5#Nc%+>X?7&iOC)s64ddeL%f)1&nv3o-cQT`A{) z5y{qL4`&-n$C750(UA52$CV`Vu^gHl|7D#y(;m>-^G1$KCCYnoEF{EG#+bMta&bLV zd+_f>lRf;-mK`}lnptU|<<58pU&88`ans%PD2){^Jyz<64f%9Oa(>kZ(lLVLk`tTo zhg8NNcX;$kB}QA6xRr2~TR2vH`*wWbVD3iOh4JPWhJiB_6QHI~ih_A~c-&nPMp}_F z->a*i12CYAs|(^DP+fjPP}npx8I}{toi!+;<;b+&xH3{3o|1w43CjCEu1Ah@-IEc@ zOb^JaqgFVSiaLRlgjHW6_3IerzLKSUd;})0$e>x!3L2eAT7NjLfHE;eABS!R%XR;l zT9TOc;M#>Y!-6d>86;A7uBe+?S#sbcA@{@Xo8KiN#QlWX=$hw%XkCqN^f=q^K1y4w zvMS^*#>SIJumfhKTuRRwuY`ZF9+Y`I>))%!Nsr#&nXULoGZthfI^+n)-2&OS&0zha8p{j9XFt5ZY4Y@%PY@opvJi2T$1KWd>5esaj52B^q&BAD zs1pR@dQi}i$Hc*ywRCj+)v}*>H7RNP`_pk^@&g8lDN%9C6t*ii`v3%7T$M zq|v>=c%aaM6^rVGuF22t*2_N%4-dX+fGMxY`2*f=4A}|ZNSr(EzV*v_BqecR-Dx?y z(MR%ZM%v=fap!^4?rqTLniV6j0=>J?ex^OqOae@|hbl(<2-dqPGpKF89Mzf_3Cpf z5j``v^o1o>H8-V!_t$4tI_Qm^5Vs?JeKAg+skTdQX$ewSCd#|y+k>s9+!W8(R2PIe zn9+t$uq#>Jh$7z!R6i?#T%*-vSyLARvl4a?jqxCpl^pNy93h+E3cNr+ok4HE4r}JR zyYc?Xb<=%Tx3gV3s94wTu>Hj8cj+*i9aL=EPzZSJ zDUWdJ3>;GnexphpTc3q_9nGV%6={W*c~bLi1!S4E7c<#m=boB>W9K>8CTis5rg7*v zu_>b_vq-;J`QK8d|NHH3J~lhM(&}76q-}!RbNwS+oAGe#Pl5O{C+{7a(W zeQXyq_wW|fLup)8qNAgunY_W7B(n)`Q9B_8jB~oa05E|Uj8CC|DUS;-%n~GekyME+tV%j#&O2wsmEzEKOzz@? z0WN8>%Ed9fW@p~DVGhd}{wFa0Z?BPfiP(!0=_f<_XYz1GssqV0QUL1Zh5U}${eE!zA(&K0JcGkLGEow$axD%|U+ zOuBtSpmkx{gCc%sXr_X{;*a~N%TxNeb64;@K=C+0z`0TV-zfusGno+_WZF@I3Z(jP zrGF3!nq|o6)l3^I^&TIBEG)hgk9l<{p1j(f_gP6QKeU&<@xrD7!Mtn1W!v@(=D8bZ zV`n{AsaDGv%9277xzyXS;G|I!47QUoCTcS+El=%(xw6UY*F~>h&CIu_NY8emlMhyb zQCf?&h_x1I^Tb(tzon(6Solq-^i^ExEF8Xbt);11zX#{pmG3%y)xO&YXmWSR<&%^g z#=xhi?P6jG{MR)&lQdVzM@@6yNty2^=!OnfUoC~3D1n;hPWSg(4MG3j+wgy1xA__( zF5Ezf6#bvk9f~+FNgA4bo4&WQnIhbPUg4R+qF1QhWBwf)mt}ZU% z%&lN+BZ<=aOTF^CuEB)zF)x~>sIPE;<>m3bXLDeWh2N(J)AhWZobZ@GDGBZ-Phtw0 zN(6J)H254B{Gzc^<#(lc?x z(yLFO5>qk0#s-r&1wIn?z*$o#IPQ1MBx#Le+o)}2^}|0CpJbs19}GLfw3BWsh$MGT z-8mu-jP(5TcRYcljnd@voq#*`{WS&A>qJJ9dUeLD?Q}IXq7;AzodFNUNUqBXrbqt%FmB^w_K8ktXJeNNC zfnu_gc3W)R=FhJD_SAi2P=~BT7QF&Qc<$}FW7%3}SySm1>5%mC^kx8LeL7I5uD)Iv zvy&eVRw9+|O_4?W>;R~1rEh&=)edIoUcm{lKr?Ix)~XqRI<8OdT6w6Y`6-2KrN#s+ zDl7+1d-8_+RBP?%;gWu4NK9%V*_lfo{xv^Ojm^|UoM&FW5|a@94P-eE)W0iW?w`IK z3>%AkxUywuD}Czs3O%eFK5J%fX5n&1dV*P#t@Sv8d0w zTs^Fe>+VsFK!SXI)17KpL+93H4sIV1h7|_pS5(wAjO|zr`r+pYO-;GqnOo@0*bbEV zYU3kkv{xOsKm|Sx-b|hi>GVg>1b;)!XPY<;6GC5F2zj<`@0q3ZDJ+OW^7jc!MwJ<*Z0zk-`bbBq| z(Vc7gDuxcX6zV6>;_G_e=vtF ziN`jP{6TQY9LrnZm&s@=e!H*QehCSC&CV|J-3R(GR|uF1v-Kcb$v#a!)xuxl!0niv zICu*9uzJRH|Mp@3Mmr$c7s)Dte5Jg)%A)X!<{3JlsEjEPw00SsB$2P^ZdsKdI>n8S znE>JB2wh&8Q8<<)Dr9MmoLnDz;pAvNIl;A9Od;4sAK5%&PL;to}YAAA*t+AQd^Ht z2eFu=e?R$q2~wOR_gCmge~F?4lJ0m?&;I;5kCex7$H7?lh8$orn$0AWn#it$Q0eO= zLreb`s?k$(U6<_U4VUZ(I{}b@rU3;;OaJYdn~RBnC6c;N@y_c{r2l*^-izlfc=vs* z4s!sZ((lb;dF<09dwbP@UJJj7%l974K||y*@oE~KSI4xNS@Ev*_45tm(ECNcDfxlx z8gWefO^79524x_*{Rz_+CK)9Pvp!#+d;dfVE{CenHNz$}4swegpLOin0XmoD5#Gp7 zwD)Lh$T_*%;+78G9-Z~=2hhW`b|^iDUpMHwE;W3F+V5(|H9XP*y08`th{w!hD+6}L zN1@A{r4RO@Bv+)CK9X$5Y$1q{i9^uUTBh_>*;DzY@LLczUU7H=d6Sx3aUgfYmMb05 zWf{KQgvP=b8m+JX+=WQOq&gI9Sa3bXaqiyRIy`7iTkm`Zr{=3&1KB)(>?>kx3yGN(eB1h>dN7K9Y z)Aa35JNfNbDXV+btf5ZFNTfZymV&VlomY!77f#h2XX19%*#Z95r z3s?oOnb{|-uVeu}I#Ia3hm{yw$x`}TX&PZ0k0aj*9lv)kg#o5EC>h_j@QaH6yi~fk zaW)Y4?f*r}(^9P> z>EM$7Bi!XIw9T|{@^X2362$=_ZZqE$xDddzeE*dTs(FXF`{Sb{_4QLWU2DI7VWE&O za7I7i-Gl9Mhxc`ruwu2|lwO0>pSjZsyavMB#0?ZwpyyN5Dk<%OOCB);h1afR%yp?n{ zg4~HO{GFs^s--9s4K{5790L&i3n-jOTzh*BrB6o*#|9matBP%{v#GJaTT*>PSL*%n zrmhI}2W4gR#oRC5u5=8OAPr(`2Nib@j8}d=ryAn_4D|&cm_h!NlB%G9Yf|15&Du?u z5dZ!&FCCL7w}^3-l>_7)QkatLFu6VuS0; zQ~vT34)D0i-=umHPlj>tG2th#Y|hiSm~L>(INe;BpD`+uikj{I<5Rxv37NJm0@vR>9_!gEz|NS-Y$9r z^J2u`VrRvCHU%1`pwBGWm88HX8@oAWH0{P8HC{faZ(5dRi?W-)H@*k>G6sj;a@`Zp z^69_ULm2=;i`>g;R{} zdoy09E8yK~X8OwEhzyd4`-M@z2bp(j1@Vx@T!~~xgO|6Htq|wSPA)F0$O6B?g@RXh zu*@-V@ScnPUG=EZy{3;ZWEPIoE{Z!s+p$#zs7#!m`KXIsN#ym#LGI49stidF%o}}* zzECp2YEokLZs~0$zZ_ELq`KbC&BO;+>n}Ol+qeJP6s5M$`SfWY+Sc0IV_-0K-BWK% zgm5I9DJbyZ)#|(aJxMuAZe(nn46$23I=itJ ze!%+`*4Ex``5on1J8p{;o6~w0I`GOlcpzwifZs)v6mIG>kPVJR-Vs^UOMy zU=@L47UA$cD5uyHQevj#fJe%{{%AJ)=!$*>|2>IV8p&$ND~>;sm0|yOS+E=O*OOgP zVHTQrPw<+(Q~(BZHCo(Am3<8bghyeEQRh9MB0zKb{u`%ri`ZC6Y#f2)85soVo%6%46uluA#(ybZVChm8EVp|X!sZ; zR9Rw*ZpREQEY`^zKpS{B5u_;<7@7BjCaz@bSefXusOXUl?~k_|)9dwO zPlN-VLfW;q+uEKY)GREnoHHLW9#~eiB_@;=BgW!Z2Py9annZ4FAR~8J|A=Yx4h}8yi^+oic*_K6y3~eqe(Tx8w{h`7ms#FjBFMJa2uyzO-}(nPLtJ zW5C~0Rqh^KWC-sf5GO9S9IsZ5_A=d84cWgy${P4%(C+>-XOO)~zTvoFTl^ndaow9s zy(%gLXe^G(4BK84;k;BI^s&ma;clF2l77E=vs;hOx`eBTN2I-#jTY9j$rxlW>ET-q zhVkDTOH+y$QYp>~M+K0xd~RzGu~;1p{HcjoWMLE%y*HB4Vw;ejZrWNodf-``>v_Y+k^>IHr+@;H);H0)Et6r>=m9Dt8+f4f^+`i0U}<8iRP8(& zsQL&P3I}JQDc_kf2~y$nsOMNDSEEmH=Mhvp;(%Phh*VoTZ`Z9Fa^ z8^Nv4JW2IMF+k{8x-YzO4+vle$6I`7;PcNBZ7z z7I}|A*GbehX0FQy%IL>iCZ4@bs;NI@Ab9tBKZaMk0XQy6HMhcnISRiW$|j9i5O;jR zb3|BYR2@28eKR>j4OF@r$CeRzI2Q={ZBL zHg6YPEIy_x48Fg)!3o(tQUeuIY{YeG3alwsJm;R^WPaL?M?Rn4O4$N$_Vg=YVAwP2 zVn~}HtFRc~7BGn=Z`rZ3iiePX^P=Ahr2U=2Q;3JUOJt=S%8Hv^FC+DIu+-boPS!r` zOF77q4y2Byox-2}dPOG{>RQVVB8J(gjWhs`?qT8IbAcf^0r1wM7U;p+jQ1ICwP z-uJvUYAs$;LA@M8^y6RY)Z3DvMFxTo_2^k+bJ}D`+y~b^X~t=^)5dy%G42Dac@81& zWVdTlHJ`2j>+$d+qgZ`bM-Z;Y5cEq}s~68KRpywe%zx-Kb~ljZ)&JWiDRGEZ;Lf|H z%LotSRJ}xm7xy8zo^iZ6(Ya%9%!^i;ayd+4)}1MqI% za9rSU|5EqkFp(T_+1o=5g4*+?L2nt$o-k{k!~vtHy$1qJBHjz{ND+T$-5_*eEA8QN zd%0MMVcE|TpLZJnHA&`b(Z9n%Y+dBl zCwNXDNfg(V>-@N@Fu8C054T zMK=Pn!K;dS{k0D@R0e6sU>s6a+0&mCEpLL-uUF-3dhj%x{Grw!;;M%RmyaJmUU+6Q z{(w4(-!l5=gf>HdcDA$i#gsAVL5G!ynItPK9``%CJyQ#e%i(1ga010mF+UzHV53#d zkS`6AN^CsQ)$~>8**T1iwmr#pk3nul%X`rN-)p`9y$0O1 z`x}%{fBh8VdhhTZ^CqvSgmBwiab9k0EeCM)sEl=*1IXa{XxzGXXh-lBQc>Se9y%yMt!=Em!tcR0aCiN8NeQ z*)sBAA*&|*dM7Sa5#rT1&06NwAdFWe#m-KHnV-pep$z9(D?8Z-(VT!ra{)_@j)fv3 zA~IvlF~V?SXy1`6YINFv0K=@GOw{J$`Cf7-m0)G=3*oRMWK)!~iqf1p)wPkdJOOm9U ztQx1|;o)MBtBXvLvXaI~8*koR#*WFNAi|9``st2fQFcs?cgvF|+ZPuSZWFGX?QrQ!cC&AGTgb`G_7vJixuCOB4aZ(uNVE-2>I(tEkomFFXxM$MMkW` zf~sV%4wd}R*VKZ|GhStMxxac`X40}Ir7LM^A~9fPc2VSA9a2U*uE^%{)QUSM$kM@n zJ5n!DMs29BX`qxhN5mjATzV{DdUg{hcrce8pGP8aDh6$0_pEc;Lr&O-?`*_D5!w8EpYKc z+_t^FdC)ymy*AMOq+jWj@-;p{)RDMm*Mv@<$ea3GSwqv-S5A#UdXsgS^i z3g_OcCGUv`E?Kv%992foSpVvl2*Pmwcm*&QyA$~F12#ucv#b=~DEe&~=o-3rn2GpjN!`l@$f-tAT; zIgU;yvD|W!)=XFh0HDefd%EE1GezIcEZ_OJShG7)`OX~Ul^Qe5wa+V{(|RsY*8FDl zqgaPX2e$Btvg>_+2U>sSbk&T)qHq-Hy!n$*zUvZ-hFM=PNig)iE-~E-MN@Vs4T07M zsJyDSQ9GwXP7o4Vu;LF?-;arFHB{9r!w=6O)6jQtz3D5aJZPNp$W_A*fu z|Is>ioNGBqmp3hu74n>H+E7>CmNP%FUhS@vgG0zA5}QM4-_ArVaAT=Ue^;Q1%n87> z_4iW&e9A(sDOkDY4dQYupi_Q(d%FdFWG3lfmv=~*1FiV-WtM}AGWbbqS=n7()ac3R z5!vyZH#C8Fc;UsBv4?kPQsr+si0}oPt5Cem+OSa|n>6Q~n1{(ucug(i1?qsugG$*4 zb&x=$do+3xOVcz4Hp%kiaw&c<^$BYh4tivuA^vQ}4geGc4TzRRR}Zw}PA10UWA!Pf z?>kitq$GO#hO{U}`TOo=XJY{`W(Q%`{qCTrf{)ilN1F9ePrkIXA;ln z2a?&cS*Vr$O847fxX<;udl2d)Igi`N_4FNy!u5ifQxmQrC?Yr14zzIXxK*%$%@VyU5Cex48uF7*8X5KHHa6^6&PdcTWC^YrR&r5gq{D_(TY4oMsUC4{P0CoK(Y_O40pUGhCf(x9; z-!Y$%n8=*Yvzw*{K(~fmDEz!WL%3qwyYp5TYVZ^0+ypFNW>vL(oj0m7dlTMqdgec{ z31}k7HqPEdVOg_1B-maM2Oc-coyc@U(9Oy-SEB_y(v<_BqX2P4^k(@*mzGxZ>lf{t zViX2PneZEDY@3vK8R_Xv!A;Yd0^vhQfi3z$Z!%b77Jb5nhwFDY^9o%C^4KE+_7)G_ zpR8jLX|5L+UdEO>O#n4bP)cjtw_cVqO1Qo9i9fSLfR0Ya|HIxpzt_2Sjly9YG`4Lv zwrw=F8rx19+iKV(joPHK?Z#+h+cv+u?>T#?`+0V+^Zo(fb*&#})>>KjoMX&kJueER z4IGg1EJePtv9#>v>ClR6AMZIcMy@}400R*E7V+{Lrp|F5$-)-MS;KdS>ddi0)+o_1&M0B2Iw+Bx2r>GuI zSb)HrWk;xnD&DCaw%=mzJ5v__@gDr0Kes|a-X5B)*tS0(TzO4kvm!O_g ze_}KTArO>)C`5;Qd;15;TF?5xyw6Jh{)>xAdH2N4G5`Z_8=GDoT(>=EmiB75&W6^S zyn-GOdOvgnM4t=+$L;~*5P!CR=$zgIKxx5HI?0@qQeM;$1!+D9VSR^JO;3h!Nl8}$ zmOclL7iC_%qW2^0Z5HQ9qC=6m(5b}!idk`?xF)N(*Ip}oX+VFZKBQA_5KhbhXEM=A zFYJK3JCFO`>$XkjTTAlfLc$=%`|Ew2Z#9{*>EMVtWD=~hlEaqUi$Jyqf6Ea@vcJnD zBG%BpJ0GzELgGGkpCG5EhK8IkY;pMOA1gKPL(+9NPVP8j!@UAt*O!;-(v}H@s^qXX z^9u{14JrFx+yh$pC}L>m$64hq;o;Wws~Y@P>^z8{GE7Jr2yijQno#>9ujr_$D>5>8 zFa}qvv4}iv`tBZZ{rero5RYg4t4Gy)eTHezy{kNChvl!y< zAHV}K&u{6;$*&aE&9fitFHB5Y-`N&K7HyK7?6qrbC`YG2RVU0zx>?pebqPrw6Yd6 zOC4PPO(q|0i%)$<7gZTtc+bH%l3drL-%yXQmY;U}q1*BO5X_x_zY>i6lquB^!-{uakY^@HgP*}xo?$j!~`mtk{s1zzP$}?j_#m|Ah5I&UL8fA zGP+;AXFRN`lP=48Mr?Qnxf^MTTertc6Pq1~%)D(wgRrh(iC_oJhu3pEFXy7fji z8UviK^8Q0?@IQ>MEZ$UWzntgy`|yMWaPns;x}X226zqTMFuCa|I0zjSt-@4faaOMZTf$F0tQVZ6Q4ipMgZLq0Mf2UC;H>_Mvv&a_3P? zw0+X^_>r;oh@P{pBK+SI-$L6hf$9$*Yd%ey-!O54j+oh|j{ChAYBqXuh z`RVCx%o`uuT-RNd00x}!Cdr7I47Qf^7Fp9%kR zkl&Aal8pH4P~|0xFNd0WhE}kFhlA5_l&;#88({T0Iy|iD?(SA|$}+6~RMD}vzD7q+ zepvvw01$1pC}Lr+4hb{xoYIXyjHnm$$Fc$Mr; z)zw$$o6|M7)0-`E&a7=HQqQ3Qy(Z`niN66|EK@V#v0_Y@^JW&jw=Z&}M>oPPn z6eFWC(N2_ZRu~DI@0h;jg5ic)E-IqL!Ne@T%H*b_VV+De$v0Jh=ag7eQ={SJR1Nfe zXn=y>q@UkF2qN(9trOK)TwJtHGqbd_L$rQBPUNArFs+Ug8$p5zE=>s^Qb7yzxKuUz zwadqG$SSYg4rb2s@`{9*#0zK2e0lb0zTk5~l*7uzV_{&Q>sN8iNwUy%_PVqkdyeV$dRj1vXzO>&{1bN6FYg8$vuE=& zaPQlL2&&U<8awWYwkeIN;C5m5ancW@^={(nc&&;buMpa*(k4yoQKO>ZjPdepv8V=x zz7JYcY26d-}7Etf^^1oo`vKI8v#w zr-aV5mYSPu(@Af_Rpz;8Utjcnq?r3|H7&kxkD_y^JR>vcYPg8xyD z=zCb{Qux2{1l&l76)sm7XH5^ykIt^n^Loz?>4zf5Hom^uheZnp^R>2B;o&ee-)3x* zSmCa^Ne~)VBBR4XaPjR7BV$X8ODjq~TEsNdEh`$7h9*aah1F&);m>QThBpSNhV-vq zUAcTI`%(c33ts_CUq8mg#MB(+ysuaLtDRoDB~TFMW;78Jq3T zbA@;Gx(%!XC)CL$gev*FnH^%Jj#uA`8+=17-sMtObov=PjKe|@cl0N5NuzlmE8+2v z85tJip-=ePo$2?vUynt-V>W`I3U}b72)!GuDKo0797|Ea+JK@}WZy;;6Zy)1Ovo(M6Y$CsbRR0I!KKiusB@+>pf9u-InntCKE-S?bW4&JRK&-=8AHF_;~$$Hh~$yoCes z+`E~UuR38Fu5JUdF4N=V4XfS{*G|gwPiA?Y+28j(-xojLW3*a{;{&d+%QEg#!nXEl zGC^clSJzpft*_Df)<~86`Icw?srb`np3A;^@gY`)uNZ5E&f z&|F>&uT|ahx!V05M%x}$o+n{k1mdtJ^e3-Ay{E{2T@h-MyBSe3Oa%u=`VA`Og1MhH{xRyb7 zi(!72AtLr*z6s z6k_}eVoSxkZKR~I)zR)-DHFR~8Y1@%3D2m!(g_!^;&g(pP>>U}F8~8))gVA=Xc5cZge?)bTzpj`&M)nbYj@(vk&d!r2L5=$q?8ge!!Ly`UE&{M)+*EDkUr zP(hpZa9=qKz34_uK43!+`{psHbF&kxX9+Es*w|N4qpNXdI0u@R;|cs`qNe=jqi?*2 zN=QbkH)g~_*P&9rp*C8X-gY6( z$$km>!E-Uzb+CBMwS?J%E2TJaoEfSx+?~;h+8QaucOJ=nm}(RqL|b}wF$oL~8=-Px z395GW;J*koa80c@^JdJ26t}z zEIp?~`a4EbR9o-~?kfDeh_u$Ueay}I#YOWFT!(r*_a9BX;q}GE_2C&+5Lm1QNx&g`l0zg}O7paf%~OJC%A%Qu z<4A2>w+TAuLiEQt7xr9>Y2mXiA~GftdCu!&tisIA^Yb#Drry@eONMzkcHQl`j`_j5 zhMi6NEbk*MPxSFtVF^4LgWDhLF?U>2^G3_wA4buJ`sXneV-$N(8xjyNB{?&pPV0Qu zUx@^&HpzHF?Mv6CxMQ!4l+k-)5XV==zWO-c&3`j`JQIMxr(Yb(;)5Z=q^w;hWahK0 zrB|b;d+#XkDLXztJK1H^piuCxp!v-N_BFAIL!0z^K>_)F_Vc6dFO{ixQn;_XH&R;o zApIDlZN_y#74YZC%855xi^;hP+_14seL7}cNieEFESDLS=@@=nS6eG^lYDzBAuWIH z0e2}F$Qbli*@#)F84{_7uP`*bxLMwrDY^nu z%k(iT`5?G7JK*;nmG0-{@(2%0j!WAP$D7WU)=RlPE=LX9vrS8vHuBp;)q}z_d~k93 zfJ=-X1w0Hh$mN4-T4Nem1qxNH21nf~W4FDw6>cw#KU5qi%K0@weTJvnI*Hs*`V*^H5p(5 z+JCGmIqT<)k_1vYcXbwNOL@_+Yd2L$RLQ)`%;bKYVfMhZC3Ht=#-Fv-9b{oz=rSsxZs4 z1ThgX=`Z&$jp{U4BK)xuy9w%`alXnjZRz(UTig=}Vy`T%>}?E(>e5f0CM!@Iy7IQ) zoSj|Oj}=O4lAh;WrphXY@_ei`C`zlBdRfuOFXL;Rx``GY{Lu)19)JA#tG(8T#9_{=UfyK6t-6x&1PlE?v^lpQPY14KUb27kPjxyYnvr@JbslcUUE!

((Ana^L=#JPbsU3v|P+1xk$k$0ARC9FB}&M8w)1o}JOq=!>X|Z^LxQ0o zt76%vA-$ehj1qjbOk=+Xd!}tb@hCBwQ%nt?U38Bu@9ddFg7stYWv%-ldFWK0b#J5w z{VwHEF46N*)AO;*$n0^Ayw4hQwBvg3W$kCHFFiSr!NIS%Z-H!OAOZN2_|kz1g2a~t z!4~M-7BMw3L5IIP*x-|9=+W^Z2&iW~7Rol%hDS$7or7iIi)k>zn8hm04nplvK@4x9 z=gt<~+ZM;yI8yA=d+1c-k-9zway`TeJlg4>Rzk$`bcyIs2}sbtW5${;W_tia=^` zuKB4N=pGQ@Lc+T?msY;04{jSW-uy7+9+rmPSW&T5;I~f{k?i418ERSL>Q>FL$vUZ8 zS65TNQYi7hn{6BEeWE=>Zig`FsPi9b5Y!(k-|}3G0}RL?BLwqAUKw8B+EN|tml6K) zv+$szFT1?y$)j)?@x5`<|G5V3-GuF-gIAfEY_2Y0!&%I)&$n%AZ`|^Q#msHYYo!r? zHX48b^pqwPMVw^rynASf$f{Xol&Nzsl4Vj*pl&*w$u?7i=Lq5|lngKQL)4SSR?8Dd ziLOpdQxluisO8iVeQS!2Dh+ge`aO->w`!iDRq2Y1=vxz5*g|!<4f-JFJVB~ltS~90 z44`q2^@*nNs<;7%?~<1Y`L(|899McG^LM}jY(=rLva#?zIX&GHh_fYwz3rD{XJONS zK2+6yXABuSS6W=`uT5X~?(69H-i5juiXNsQGyE;wqt1tV8I$4L5UTRDqcp=Cq9HtO zMa84|I(WxDrl5-jPRADS=m4YAUY_oaCVq4WqaO@pmnV$MI9P$9*#li>$(_3?T*C6Z-1K;NXC#wVBBTY<$-z^;3kj1F?#Du6+xAhhW&9~ z0nzcuWQt-rE%auy3o=73b&&FsGlud0`;VWr+9S28!5;^OI|jXhDgg+GrloB>ISC07 z-w)Me2c}?mlTlDdXW>%(eZsc~QG0(?f#L>2xY2DaduyGJEdh;_rpRSK8ZY1UPFpWM z1i6isI38eoBIb_AzPNRPa;O}r74W+g3%eJJE_Vg<$Hb`^ij--(y0f&V4zzMmLN+$5 z6K@OF5*6vy@}1A7vp#i*7~~zI<(i#SdrpCaV_AQ17$4DTn&mmSM)Znz4|O*Pg=mwB z5T42k7!*L25*&0JM1QtMbjd}CpRISw6KEAaC<4PLwjgG-WH2%>?Vp~QiV7vh6WQHb z=4KB`YQl1bWveA!=kbU-#6BO`U_gUd`Z4(<8+y`UZ6#40mbrFq>ChyUvY0ad)Q>4Q zO(U_(%Ebxm&k{IzMlpPM3^sbeCJM6<(x5gO*_1?)2 zrT62;VPN&uH#I3`7`4`5Fjg2NlXr)9_vM2cSE-dr=b%*zQ}M8qVhL(S%HUfcqU|IH zFTFSjtzs@QJMjED2w=s5vHzB9(8sN1n zJ}18NX1U`o2;I%2*W7cyF;6{jj}OfHDoXJZ#uw!NU^R;T6)`9epxIgfSd)CpAmTa$UKjxwwd@phSqCgwQC3)f<_{^Cw_Qcr z1E#HoH*ouQzKK1kE!r4I*@K;r74&3G^TvTpdFoVjUEWHD%D6xh0Mf3}@agpe8!pZA z@wcG$*;4(lisOptQO}+B4!olKH=WKKs5mJ55nYX*wHQ8I9^rcOIMLSz_8L6YW?ft@ zEsM3@_o^ua+M~$KKKyy}%wU|ftF^qmIKYPp&}?x@CvTOeURB1N(Z~8|ZIH}*;)=^zwkDGTpro{C>K7xnp6GRy=iCZ7H zf&65C0oLCx31H#o40!Ipjfh$P?NbIyCW+cFdLn;BiS8|=O-AtQ9H%=PdsgJXenSRl zoQrIi9r+rCL)>16Vhg_aw(Ngo$_p>~%bEO|2Eb9kWxwUZ-=Dok11;$P46=n=I;)}K zPw46R>LzEcphFH9jHeF}4OURw4TS+&96D<9FZ}8^+e<`08*sQU6>|Li%|(8Y4G|nn z=xdZ)+SD|!tKKq&jIu@)Xzpj?e?3Z4p!-MyK}k&r;g#`emQ9RcUV;va0j zl^jyQH>!Z|0;lSBq3%Ag(Wjm~(~~d~^9M z25Bc^43=yt2?6m|MDyLom~NlYcQ!`G@^lWDiXrR1h7CI-n00;cdXaC$h=?ohrv(I* zD=0AE99j<#c~Bky9mgCqP!b>nR^r<0FX0)`0cH%d8#I5XhQ*j!JKH+ZRfeu3&?=1S zBRs{UAH{5rn%{S%1{NhE!owZn*jcKjv6T<(%T`l&F!%S5J_-t=|CIB;l0yUleGJzE?%iKN z7l61TL_~r;ZR$lfeVmCuOVLoX{WdIhRKwuag2rU6M!d7SY9NoLqpE7*+qy2FjF`Q0 zmNHT2B_8ydv=DGxp>LrUK!`!S&9^f(EmWCO)sj?vYit)udV;@0vDXJWR3-gZy5sph z*$Ly;_UE#wZg;TDeZ@_|CM1s0wTA~RT-<6O9-j6|Mh+Abuk7)+6>KaVe($zs(AU)e z#J5+HfM|r?cM<6qoUXJ}AcFc&*L4|E=$Ju^7OE@%q~0e8um14Cbv}B4e+J6nU)tC>Ve@bp#b#|$A-!^xg`dvs8J+1p z#aV0Eb3U~&VFfg~Ru?}lJgY^t;|x!o8825Km{6Fx^Hh8A7r<-F@SZ<+oLMHyK;h(c zN34CUbu?{?nB(1Fx9Z@mx^~e>q3Tvvo}^`GC)l2K+21{?92&A39LU<(7WdYPa&~rB z7ZXcnAh-%$&UuYDV+ynk-jvNU*qoPcX(hF57i;?ik@5g^f68*9`+`h(Y%s(R;OVq% z>*rI;^X5Q?JLn+i+T)Z$efyK!<8zgNG*g7!P{6=`U2)oXRn^9>CzoUJ zNV`Nhfj2+^T!RO~R^B$|C;ODvY=NxHFUKe}MTYTbz{^ndwY7l_FBd35erO<`eUcaJh|9G8pFi4hTSh}u#fVx4mH@E9gIoNGU+svVbi z=Nk`U4703gvmaavyElJXB>K88KSr=!(GA#F} zzn$$YVTypq1|HzjZn`iy5wa5<&s+| zFGc2+-)DFI&{rqyfIRD|iG_o>OioTtmm|+nW-(Z0^edq^%;+qUP`ve$ZQgl>fy1NO z7K@9SQ%g&G#BOIBLZNr~mgeR{iLP;<^9%0Y8gbibrN^gnR5RJ|TgMj7-#pubS6+j+Sb&m7V3sZmN_D(5l7y zNozhgDGjD^`-na(3_`;1zh3&bgez_APVwHrTmr(sUOV()*1I0*v3D48iMe1l31U|z zj0Nb~Vj(a479w z!eUP$jn6w+)YgKs@W#Bv%(}VhRlAEfG^K^ekyu~%N5TlRWd$^i1Z5?SV|Hn0*GbCQg)k%jVov0*Je5*7$kgk4 zP|bxs;ea?*^gs^e5=&da8_p|{|EvRI3t~9AX8Yv z-u_cq9~rj&eX-9{y+J9eg{LmeF39Ys-H-hDPC@y$nzllWQ~PvNKbF(kN}1o*<$8sb z-bRM%F31B${M?ARQa!KUaTTMvq9PVCYoHcXGY5a5IaL1)yglZ%aY8{U{1nR=_}VKe zLBX=malQEguUfY4_zeh@q^kZEOu(B5GJaquBRn_1-Nn1tplA;dDht*>C6+QK9A@L8 z73)-{o#4h!_dQBMpDJ4#Rkotwk^@2g9cCbV9J)n=kn#5@)`KA={EsH7lb5hMTI{Kr zrpz~XdS!8zP{;71atFZ&o2nj2)#+wMeulo(-TbIEtIPwvp0o$=6Ly@(+eKCwn-yc!~z!E zD-23Lw5g}D)-tsKB8$ho5($_2{a5HV!~;Z5py=iEJ+vQlt|<~3>^O$yvydCz1k@sk z&N3$%nQTc3jmh`;I$D^SI`R7Gn{R?a)9=w@j8q+xIS~_QP1SKD7x2 ziVoQ2yO(__{pqrtn2|wiiEh1GSr_qq2TEL>EypC_!~vn3AKp9HVPZly*9SI_0NSWK z9RoiJ42fJ@W4!}93i1i-fw4X^&jq_hdPW4jz~CQ@OWzdCpWAnX;)P!k`nSrrqd?bf zqJQ5^(I(Fmk5Tm>*6WSQCiL}O5xiX?iCUw3k}+I+E#+<>HpEFIJH^APwPvKXk)ai# zG6ox4F2Jt{ry#@vXKQSn&vSd=yAd0JkQ9KxDO0fbu^lOtScQm5ecDGf(X0t-=6cm< znlf^En>`R2x;7{r&vAwybgu)@ze4Ajzc?)81zpw_nQtZb=4AOZO zC%l5(qw3u%*%@)q+s0S6Il9UiKcoEDu!RGA8e8na*POxHWjZ`M{paZC&aPgoZ_pDb zSXz8JeOOWVoda;k^!3<`2b{@N$>Ao_R`3WZWs zvBcOLc-Y+5dOjbG_cufTeX%17K?!o58_`kras>shQ3Uo((GI9-OzwUZGkFYgH0*7w zeebQw93TttbBj9Wr%nk-6DZK$FJcH`jrx@2d&MHYiEKBUP*wshl zGBZErIwghmO3-Ddr_-q9a-$qPp|@M%^KKC()7&|6O-&|D|K}8kWD$x`GkxS(jv0+=cOw3BX0Vgk) z#E#KMCK-UDLi^_JX}O-k5oAEn%Ev;*CiI{$agEqp*3(47Bvy*Fn^oao5WR_h87I{Vkg45Cu+|1#tm>Ja=_@ZoF3gfo>6>{)adU);Qsk1al&gd z(mh^G18YJdDP>-MuOk35PFxzV)LP+tM3tQW%btT*Rz(RqvC-{I@SBUHaUDx!k*kN ziBd^o*Ftf@sr%g~%jYZJYTmX#cGib?_YYe;)ti0lNp7WHmv8>({>M;$F(L?)tbmvM zDeMu0%BJUO>; zYW@XT|0k(-AvcwapVN1*WbeQ3Kh_$i!yX=f({6NM0QCo*$aSxZVntUVKei!?zQ@`f z0#AIaPVzCcs0or4hwR_@$qX#OO_pHkk((r5_TU*VprD^45*#9Br%+BIbyOTYJAwfv za9mne7FS-b5Y-5;uoT*06QS@ZWNmZ920?hk_6itX`z|q&m0ddFDNw=onN7l-_FweW z*mm7t`j@WP>5TJVX97i@!2_eCqeDhQq7MoZ#RhFw#byPo@BQ}P72YJ%RsaNwOa-*$=G9~*M$p?*1dD+Tw2LvIQ zxTr`Gt(d{Ve%$=yoVqVMRkk8L?}k1W4~HON^nS{I$S*FI%=7DN-qHWkp|>d5u63Vs z?dDo;lK!7}`G3gK^EIHndGi*aYBUkplV=egoAAr6 z0e1BG5o7`(BqT^uR;3u%aYzvv1%(b^jL7*^VcWy$rdFC2Y>cq~2BH6XiW3R2`$eb} z*@WL7dVv5Y@re6rHaA&3py|#WL#WQS-2#JYO!ZAaZyP}$EwdB!5p}ln3U(+ zqjf~=bu7{X0s_m}eB%E+>k9(LECCuiVomvg_q*Vk!GTu4uoX%Ds&k(RLC$ zW8iX<*xQ45i$31n-fC1c=n4x78IR`%1s7J9NC|xisL}P!>pA`X%rEi-1lkGc@zcI2 zn|k;Uh?|263WCNr(8*sd`)1`AWv~8D{tt@C(L=VgylYew*iqk_j#;y9Yo_5a`|TjV35gvIK;iIA z2F8s41988@^*`2&Vt@dw`()DfAMgM1&#|gs5}4LDE9yl8zX;FY3HYydV-z40ZG;Dd z|8c6nKK+;f%`t@rs8eH!2j@4i{sFcB2hC16zo;TO8SZzg`27a_=UQMC8Nggsvpd_r z1M(ji^nU=n!v=u1362hj{5N?2_t#$D@y`MnLA|N_xz!(G`I|!a>pNrC0BButG}&bS zx7gzaq?Fz0+1Bj8K=EGzoHPH6@v&7~rT%ZR=aCFxFKctS>QBV=U!bi+0zhkRHv6xF z_21BVK?`7ycQDE&DFTc6Jhh@=s?Rj{7w9-00dZ8eu=hFtxIJ z!Ox#R_mJ!ERWss!t3quZ8Ef0M=XH-h+B0&kxp$r^KT1Jr$6Ne*?dGN)Dk2s*dGyGn zzVJ^eN;>xK7Y(YV+&2->b}#q#iebg4656Az&k>BZh0&BWiG#b!`!a-Ln->w35*wC7 z?A+J;gPSbR-b(@%Hk>H;+}XO^J}vH#;18bx)jm8znv4?I?6(%x1I+)6V<&L`b7x-75CRLK!N8^Q=3f-0Ck*3>X z3?zYk1QAcDn>39EWOl-O?@CdIJ@O`@zn(A#2XXSKr=dbtOeJhQkSM97s#?G%=$BP| zJv+b1=*2cW3Z-9@0Frs5uB=6q&dfws#5xw?w#`KOcp$f8_a6d;3k6^_X;A#GIH1O` zVi$sT60xE&TN@h^9v+P%A|gAc-VWDMQg%;N%hpYMSbHvI+n!!(_v6XOF4s$VA>=h( z$*Y*o_wF6e!gr=3v37I~OPK8>QslW} z(-5P^NpY~SB#wtIe^0vcpa?1t?N{PJ#lm~MoVnDtwj~FDs{Ifk3<1xm&4B(F>G}Ie z2*`rW*dqFNb#|JeTy$yWw7tO^rSuo{zxvt<-Tb&&;+XLt;zmytuw>Mb)}DCfb7W&a zFb0JqEz(oN`g#(M+*;+7CH6|n*8#3TypIk!%O@Z6W%cZ8=1PQ+4QJ~^*(a) zwihyXjV|V%?;SR|uH`dwh_}eTS6=t~56ROC2^?}63?Jc84CbA68SH>;l3~M?8aP z;|e~^JKfeHBza&o`@+|EA42VtkQ&^r&5d;Qn$#0BgYzRw_4 zVT7-Ut(}ZWQWE@lV+b$=qpmkMO&S-(ik={jYjWQU2;^KXYAt=%Jq`&D<_e39e41MC zXbAw*)rZ7s%FWfDk7kNXBQC$L>s|g2#E_0HLNpgv9r3}=Q~0-}`cXW+lG4x!L*3Z! z_XD*j2MGxblrnx-{YVG{0-uwb3R>Ahs0ITI`;IYKIjCyE^Zqjf{T#i?XR?--^aFwy z?(Ss-HbNdmm{Q>$Fk3V}{&q@NL?kiH5eX^oij#{=Q-9t@{W&eHo1>r&J+h^>RSt+) z$&3ZohmDemMaIp{sH64cG*j-j^l$a05{{tTj3!9oVTe4XrmADTb%+dazg%)_?ScGO zT$a4IM=k&Gvq*12+Nd|WZkxik)8x4&yA@Iu|G(T}dg&k}er;?__+!~n?HaENMa?BE zWIpo9%JFSFg@r~Y3S_=r&b|Mb-oj#DG?_cz9-336TG$6W`lzPreHQly6O%!9@7*a~ z(SC-V9dUmWX~8VHsPM87Q@YcfJE{6vEcTjzBxuWF=$Gqavq5QSGF}9f?r2$~<2)ME~k?68f ztGg@U)yFf@Y~$j6u-?MU>FHV*rqjDSUhcKxhVySR+oI)3>c(9;>J%P;DAZR3rEQ&- zsKc`_K2**%&S%~02=lFDV`EpXTyidizAt)HyRH<73)(@xVP?MDYLD7LWLnkG6Rc8t z(I-$gr7v@WJ1=J>l-X4vD>jqkiVHeQj$E84gM*D0p8L;{W}p z`DpA{7d;~qE3PUj#ZA~At1dQf6gH;0iy9&WhEBE~HlUVOd9G|OeooL5;oh3Kz(;7* zE2huo0+!8Iz|S!7b^X6feSwP|R$ z)blmOmU&;f@trQ=Krb$rER=jHagq_L~?6-Sii#AtQL zK}kE2qJwCaiQ}zCE=viPAr&qM;P}BF&mc)c>tV7}2){B4wf;uQkkZ^NBPoYPzsiN4 zh@H8c-DLfR6dsE@l+xd*l#oIE%(1S>jIaF*j{jRW$<`}0t2h{XZpQ>tGK7>fJhC~} z{5O&E`LIY2MaBQ0u56dMQHsYl>@AkhX;BBJC^N>oG)vv)cTuy0y*7y9hkng<3 zz#)L|dm)I$>CrqJgUNhAJmXm2pL^T%;Xzh zaBKbp7i%#G$GT$PluuVn0yVIcKbEG}Yevh@2|tQicGDc3Z2V9}#$X>KRy}v9`fMov zsk;YZ+!6k#qj-P1Z8OpHyLq3X8GDCqew(Dx>CzNQ<$~|Y!@HH%TD5_JfoUyKp=!o3 zC6o;D_5Q*`1uh9>jZ6p6yXoaIA|LUkB0aZrgKr|>G|O)#6bzN9$*?v2o*pFqdZcA<@yK3J3KB`Lq0?{&uFs1&&fEAc7nX?j{! zQfO`L%6=8gSj#22yBq$8$5VWZbAav_H}6&n6`Ky1C!N#1y{xtWGO~9@e>oAhzl>J+ zl7VvI$Iij!zL$9u*h6%7&3&Xwq5PGLNNmt~`eB6F9|alNX&$8EvesA1&@i4N$MA#i z{DE@@lpGxgt=#>R#-4FWVkBMq<_(IxN}pta*UhRDn&vrO%f(crQ(DESkHZ6Wp;S>> zORz)$*)d)1yUCGHTU_vc*cq%{6Jq^H;`lWCQ>8!`8So$G$TYSsrypUaZuGf`*+aoKJS=}>lwN5*TSc}|yUl){(FZgo@9F3^AHx_|ZqM|j(Z znV~(%@3u_rR49{f?!8=X-@@g@_Oa`A@gmR!)OfbhIpV8s%|tJk>k}xG#ScjG@-p>` zA;*WJs?(x8`Env-o8ed#d9KCo3%97`vXYWSG#b8gZ#$`{or8!U_V0?ll4sep5&Doi zX+`!XM>(W>*72w%w#@>suzJ@6OpeoyV2aCrUacqoFF!d{Zo zwv?;8Vg)uBzb3@F6HB6kDHnUW&p-Vm#8MWquR;AqkJJA~mcwSIBAV9ShfoRa)`#mD zIa}86b@q7dt7qMSj>7cT{|Fesz&a1-LQ!iJpGkwLj>9TzXQiEi>#&1FO)Z@9bvks$ zQHDqR?8y*C9Vzo;dIHrsI&S{j?kr>APq{~JRo}`^a*|x$8K*Li(>gf{Rv{3+la(%$ zo$}RWk6V%&xQK8VS&)pXXD~Ehl#M*JLDrHBLTk&MuUhwMvsv~Q(wzlgROa2rK|@l# zwKNooXnu^)Ppu0(pKX2$!LuH3E;o?pIAuYTWZt+nB~Vs$O@3Gr=TGK9D>4A@N)EL4 zSq(}lD*C8zNZM^D<29sckL_X@_8zL!fw3PIwNP80^H6+%eaUKKb1)eb1FDoF3*2HGlrZg!fqq!26;2IE&@?yBqIj_R3QdSS)TsNn+w;aoE*svzdLJTBBaCcWSm_`_aHf zUG~yYd-(CC84{z4u?-EnrDyWKGMEaL5sjr zPB@ic`J1qyPix{KWzwV^|0Ho(3cb6$^#gS}<38~hZsv8&YG4*wK7JGHj|5_Lp_bm`e0J`PBL#O3wukGky zRlrl3VK>=hao-E`9c+rwOD52}V0PBTGd5q0EwH{i;H1utjuXdkoX#M|+diLAHhL@r zhv#_*&$FW-tIVsC=Y*mnQ5tXhbe@X)S!mlJ1kar6j4^t)>N=%v*+UqZ90Bb-(k|&3 zCX>mvco*<^KblFwVChlo%j?vX;WXDky_1!{_6?)>t?9Enlk=QY!_nMx0%p_+?@eqM zDVcMTSF=L{UYmZ0Ka=&{o7++47-_jF^4qSOI&fJHNpr$@Z?*)O}cH#$Jt`I3g6*BN{T| z-Eu$2n7uvaWOMQ3WawDcLs+(rqlf*W@%kvc>`7$Gt5F+X)pQe(ktT73$MimnWf-uRKwRjlaCN9oM7aIr~~8^Pf>h=(pO=d6I+f0g%Ce~PmC>HavLIx4i~;Oq+x9m4497j-F;in zc>lYc;ys!R3&g(n)$H`#zMoFxGa^87h?Cu_ zUze{engu4t$otrB#k`Z@>*;o8>^bjb$)t53U3A491Yo;&1Ad4Ff+E^szSjNytbFb& zR6@*&vCN-F!oOK3&z30XS1ZRdjIyp)>rn``=LadywIZXRSNtMCZO~UX=Sb+URoC-+ zVo~@cZTCOPEY3%NZifY2Vu4>dr$)g|yByS?I^0{c*XUUKN^7-nl1M+f9TI)~=$<;; z&d_#~ICok%U~J;I#!E7k^4xOrmFILv$6@oQZ~U!=uTj%J2E-x-fv5V_qANd&!|4LE z>k?QL$TIy~F3GDIBl+s>IR58djfRKtFB>N$(Ni9)E<9zBxf9PmgU;l4dCQ?iy}X^Azh25pz%lEE1iiGmsywXbS0>54)d%jN3wv^h&+iDg}WXK@0^QixDMW{>c zjeGZ6@%nOFSFz%TPZEbu3ZCnR5hdW+V?BElq3u3Mw1-~3zCUnc_I{W(MAN|F)5BwJ z+nzmx)<9juUVeBab`IF_D*EZk)x0fK^l1OgSGfWzhhBt{B-5vR+lXihIXTsk^psjS zLpyu>ispR7Lxj-=nVvN)bbFvP+4jzzJ%U7{7zb{y^^`?Pt49>7Ahy*H-<7AP%^Ee` zAN{LuwDjB$>YEX=5KKSXiqs&p_Mx~DYq~k!kvCl0vhO)-T-gCy_179*m zl7H5<*1E1af7AB~aWh$L4Wb@+8_cZw0=dcY__7t^h={GmMMpPSZUk)j#}rG3p9&x` z*;vX+goGChymmiD^)GZAt0_ljwmjn3D^*epR#!@{R>pP<27Kclgr|nIinPNK?b^_} z&`?SK{W_ZC2RFB?cm1zO;Q5%aUqrc2wNXR(B=a(+H5pZ(GPSDjwORRKaJmO-C>Pz= z)Z@8Gt!5IcNKH%AQ^d{YCs;SUB~}GUIGNjZx$ELQ@<~R!=*04^DjuNfGw;*Y_hu|k zC@KDzJl|bIJMntOYuiQwJpN0^X%sHWt$-)8_QwuU>+p;?x-T?>N^sVj8#3lI z>GltOl;TiGnxXHOwoz2-dq!0Xr%Njy^2mAZRI_n7Y(oF3YkEDC%c|n#4Zb!LbPWR> zx{BvRbXD&q){7-xFy8CP^k6V(+YiS*a zr*@uL-@BWUkdE9_phIs7!KB!Idq1B%u_z#yopPi1^nueE4svLL+vfS1PwvQ&vk6X2 zRIx?AF}NBZb-u}IwHb0uk`ht^j2EQez6{zDHpzct{{OdwzM$z78eurD=pnn#?$mP? zxF3I!u>AP4N3R}>-LM8#E1Bgf#U%Y6$srY`%D!+nwyk`|B5M`lW=?e^Qcci-?4)P z*Pf@rS1c266$vHB2UHe{f*DmS71Y5>nJ*_gR8m>Jv}l5#n7kTYe%&b?(aO`YG>Jv zJSNQa^a-{KG*Z4!$oafD66@+bD|*w^b$9fN!}=IQr|__JXDQfI(0j>|aQGWHVxzQD z6ySnq6{C7c`Emykv+#n$Vi}niK+B}%|3jR8VY~RKePE!Fc>t9@RDy+pZwbQ?5*SYg z$?YG1S12DZa*g3qBK)xJ*Px*G_ao)6*0U47QnFFQ|M}X5rBQfrsnrk&k0*HBfeipw z-|t&Wf8NNTz8X?zLbInztI{}vfpI%o6t!pO`5{!es`CS-gqm8h(UN3idEe`nQiroe z8&o*fwS&Jw&BMiYudIq(T+N<O z<{#MNUXW*ITEb-x`A3zqtyQ`$U%A7*M0=)ebcd(&B_bwb4;QEDhWGom47|mjozgcs zygKMrLg)exF~sFXx{i)S{|XGFuhZE|PmIK66&pxd{1neY>F~ZPrHkL?B%aC=Tp2=U zDd>5fpUIeRX3lcQU4D6AbA23{RLES2M@K4d8Stl9X(IXKw)FTLztsgUZHiME6#vl> z{`V|5XcIYY^t|D#*A%5kiHMBq`;#Ze^=Tt1^IRu~EmE}^@f~v*Zs*YX@T?ScA5FvQN69r6(Ena)~%N$R_l_GeU1}f(~9kZ!Yd> zvgE8QJkpR?kR_#~ks1B#-Te!Id)!s7MrZT#Z(bH9_8DPPF&`#&<2xTING=O_%|t*> zl}0d$>N%QSoFZ#>wapwgT%mfsFen6_WxBrd6^YyRvETIb>iIG4Y{L1PIz#r{A}R@6 z5<0y7a@n|Rag8rSXLZk1kVTR|^HZs~qQC)m4F1TpYQ>tB@~HR9$RJjBBq@3J=RV>B zTy1FxhHO<*>?38e$76w%T}xR>qoxnBd!xsUbXIzlT>O?=m_>X`Qy^yzmbNG1J1Xap z<>Cp4fl#?r{|Kf$&6~p`!UneF$a+Z!| zGpvTAl_tBCw`qZkzK}Tnl^m4>R^53ZBV2}b_$2VL*iB_CimN5Qa~D+$BAN)N>UUL% zFe^M?<`W{YUd-LxN4pJfvx|$)`{xLlpf%&F3Kp_1Oy_u?J2@|4$sB&~n4S2buja8# z&!iq(T{jlkv@>{+qEQLG?cIEg+;E1FWyaUcWh;bW;LxTIAo?{yL>a|rF z_5#eoG!y8M?zdJiJFg%B**4a!SD1wNw}7nL@o{=`nlwGfaAw{6o*HoH#0YxCPbNnc zs@KJoY`SW@c7Ure6F2>Oba_gHN|k=}z3%3PE_Rb+F+fZGoC_DXm1|Q;@i&0_Qe*{j z;rt8yUiO~kUD8fXSwrGN+>VV0YOzpuJ~7gW7jf=M_9ws6o-E?Ui-O3xy}L?|nYc;` z+x|J2|Le~czwd_OWe+t~8-Gw$;Rvr!M2o<>eRB(wdgyu^>U^{za}Gq}VVL&wl7ljQ z7b1xhP=D3aS}eDC>WyaAxbzF0ffE+xs116DR>GUFG;H|R$fZ$;qynl6!btucfv>TfqPi zg?^bW8MX;rFUmJhqk?}6U3a39i6>Yc$0r~#dkN$aw29et;d?h@%IJAUeSST_K_Yl8@p(11Tfm&$GC#fT+hy01=28>HhFKg zGCi{`((1SUe-AIdq+t-FZhU-aPm7v>lKs~4=l&nlaV?Y# znpP*T5PS-v9=mb|neAnCfSnNY!iZ)vb~59&e>FSTmi{Ca}sK8fR%Oo z0$E&34RN+fX#h-~|Kv7hIw`UY^Tn7WNB>&5^J3hJ4x>mF!A&>pN%_%#GR~dFktL_i z;qBdjdl|gnqpo7~_va=)cPh@$CnyP8`+SQ#=s{-tVHJg;jH0OAv!0CSc|*qUp2`TA zh^nBNVVOtOIK)VVkO4M@245vN>=%4S`l+n$i z6;AunS`^LJD(?RNIl_RV+9sTw`db<+dnco$9qT2IodYnn6wS0M+B_c$?$2yO2I3}j zXOa5~vxYeMj96jVcZfhnw_^W|f=rx$cP#{BKj%8t#_Nc%_{;Ih z19b8G$|tgf$DsGbMGn-aDRO68ET7J&qbQ7kTXQNUV!So4XRR+L?E$lPjvC7hNXs-a zod_}q1V5fse#<&;ee%r^aO>DKWQE|Us?z9ApV8+Q999-;M6z(Bz9qz7v77)SU5%5E z-W&X2{W2Zf_|H4s@`z%wb|n?Y3AH23aMFht!n z$27o2yZ5%W7hYIYei{u%dmsxIjvwYkPZeqh=hNE`pwpRBt9lMcP>eNMak>Q*uCJV( z#~32S;CkjNoslCW=Zrf91c2x3{ckiSw|41OXM1fAeK^z_AC5&mdW30)tnSTQ=Cc})$wQHW!;avPX>u8 ziUQM;`;`HAKHU_PZY=wUsaJmo@zU0kdH)jL2g7TMi{(H}YzS=oTm@X!|HsYpe?%bu z3Vr;nR8>8Vw=DcefA{tc@f3JvOpsy1dcxLCXF)Cm^Vn>{7wP<>Ab+^qdrt2n{w5)r z1o{^=$tbuhuibKOCr2{P38(lkwmM_X>d8aOmRq-c^;eGd8D0^Q6;WHZyzC-jsXz%n zSOXi{9>TWO#rvo3-g8>$axoR4CH}#|WxOPssi!A@N+b0-j%q1+mt7fotlxF35Cf39 zKY9{Dn8LpsI|j0-fsYoS?pmiZn-dG04d63?ngW`WKXT{vNWZbItV z6Z8rYqTAtGKc!U)wTz=&%dD4b;N+e7X$2o2dZxBS5bM^9AC=GA$s@yF5MQ6FmlXf% z5V8F^)Z`f2YOvzeV_c4E=yM=tf(E862twYFXK$&C-F^#{*OPOqzM`JK3dr?d0%#*o z@s8WVS3@)(blCM~A^cM~0{<-r_`*hwl7x}6Ffqww>LV8KFN(MDk@z)pwRN#S=*Q;N zr2@olVHG7uJ+%mEGZi1CoR*eVtr8=_{hfUyRL55|A|hh)&m|7y%*R6yhe%WVP1`~; zksnP_n!r|~3>1y}!m$=ZIGBWmW(*qel=adv~G(V|Gar;Cnt$MT* zEsMwQ))Lt#C*tmKZO}tpRN8srMcP^9_{Cq3etRD~Tbk>gxmHF|Zo$-a6azIr$S%ym$7ZUOl-=n+p>^%%)1@Ci3auZB zZ}^?GKmElRNNV_=_9klSKZ)=cfGrXkSxFYT`xWCR!ta5wh6x@XcX1rb#ZH zx>FQgrBxqkPs2O{^0eJuaW9$LQGdo%pIJs7fqs`9T3T$)e4^c!JZ66g4*%)41dG7h z$tyCZPy=Q#2iHfHT<>#`^RW}XP99-OxMi=4YgO&U{jBKncsV@NE-+OVo7)lva2gM~ zb&hh?UNv4)tv;Tw^lJ6jYx+Mf#w@pU=&8-!ean5>jjypY7E~7X0;|g8`Dj&jSjoUa z)B8qdj<@rJjzhnHi%?sU`|YE;g;qE0ZHPoR$l7U@9D>8GBtMS?UT{^?V8`=jx2osx zr7I--bW5+!tAy9%abE5?GL6lufE6;j(zj8!Cv{!}^oBJwm!l;!ej zMjEtd5CAoEBcA1?-+u<2o4L42YP{YON3^%vXtVF+G?_FpG#D{ltj7=i{3a&5xum&vP4*m|mn}uW8YT z_E|Z8eM$BV%&fNanfs&Evr?(^@lhrgB<(*jos>tVkT-$voT2?_g2~8PHd*>7 zlJP)1x~Ie^#+hupST+E56`s%Mu-=z#o(|p*e#Mq5^K=#Y01LCYFGh)lJIHty%ae*q z(=W#@`22`lbKb@w$^S}EN-a)U+|p9xN6}FAr6>dkgM{#tuW{#(*W{ACZ}ixTta63S z!n0jYp3!~H4LC{IuN%Z|h2pVD=fVmlYwFENF?mYKvlZmnj&ewvXT(ErwXu0J9J zirG1AE8A@!$=ZEa(pyHB=J3q}o0Lx$R?YE=kvVbyr!f!JwuRQyR_G2K*1b5iJ8wd# z{XFx9f<)Z-D~38TDpR_TAG266NnDM5gQFIDt|^X!HNq61OMd;^zpnKnyYAWE?(>Yl zIJo$7{VWE+zP4;XhwDP}1gvN;#-1PiuO&~ZpK;QW4ZL%6bE=tnc72ANZ2pR8Sw8l< z97ZUZ4D8nW-*M_R{YB{}r}_ZREl=U6{`sxS)OM|C;0*78;cYeh;Tc}SuyNCi*3M!R&1M;c zg8BvWo4(|^bd@>DYYrpOfNMS?bLunR)1Ub%kp%ymdXxB;Zi_Sl8+5`~MgbvYxeoZy zjWqyl%2q3noxI8~yPkV-z0b>0Z1zh(kt+i)M z4BnTF_K9JZVy-(r1It8<@|jj>{2XB?M!$av{#pqL3&F)rA+sw#o}(v?KscTj<4_dG zHwwgrN5+wrnOwwQxdHkQ!|L;UAVl{`bAK)e__jlXUc|ZRPyko+$@r}6<5$rlF$aNFmL-AnEdEB+kYP*=XA07&WPq?=yP48{YG=#y#tGN z{0@F;9hCGwF5AA8XB@oQd%A>Q&IbsWmFp9Yy|;MyvbZ>6xxZI`-iNrc3QssVU&(s1 z&k#D@d^rEcW}TWC!WHctzD}I)+$O#AxO>FJ{eeIwXwP*)vj9s?8_q@7GJuaX@(OAU zy*C2YM^sRHPE+_ZtvnohPuC<_25TS988ZsZE}IcO{y^g{NIcWm)l_BJYgQ=A(C_@i zspGm$|Mb^X0s8&+j_Bulx{q8yZU{XaKxwaD6yS2uQ|nuK&!A z8*J9SZp$$9*no$)B|4^9HQvU8H&j(kVYsbIXq!t+YcHamy(io@T9m3NtB6>0BKzA_ zroSqWPuK75`MpBjI+Wh_yX51*^TEgdjz?w;v(-*~M`JKuDR!C?cL=sE-{t7rY@+gX zm27=%lGit$M{@*#1n;+O?BzHuTqpXGi^~G@c-PeTuYmY_p)7GXGta|>V_e!VcHV*| z#DwLshgy=8sY&pTEi9OR2=bvQySWv|zq%<*izWsScsT{^lH$7>tI5cWuHW{f4(F`o z5RQIP9tEx0)b^Op4;z50JDRl;^DNe^J_o%a6rd6*B(nffqvPI2$b?STsk2S+(U}L< zkE_)4DZ`_%rN(ABt@j;c`f${ONK+UE?u%7G{d@U2oxDT{`5FU99QH+9##sd+v7nUUU_+mVD@Y z(_y>^7)Jw)-zDP6VNBsaXTj(3*+5cddv#?(Fo-#F@sxBArnQ>#QLaw;YujPw=Wv{?I z*%BuktAEn_)A{I{#bo$}7e_pT7JcK@@cvR?evO83*sS3)*r8dxkG$A`g_ zSG*4j@uEAlce9JLI^O}o!M=A_wfnlQXGkIT zXa)*t?GO7<``#O5SD4eKQh~DbVy5$8!)0cHVWUu?$qx=~wM8r=dw=6(NIXP>(EZOU z&}qA#_u8-2^Q)EK$FQkvb~Qyo1UCO=9SyXTpT(|i!yPis_&C$pEH!UI|AJoy+p4Nw z4?VP+P?2w~AQD+w^x73iIlV858&N3{+YcnXb_*W8rS6G*Hut(Klw zbG2ZM%kQ#JeY+BUjSfa3;rF)C`)UhbXcrz*gSj4uOg3)#G3-3q5sc-YUKU|Q{hz*F+pD5p)*yk(O-RQK#GY z#G=|X!Hs5j=fxiod8|(N?^~Goj2aki|BA;2KPs=F%`EipS;h?wHwMD4#5#LS0wb%1 z8+#yf>u}KBd(=^5TfTRnn&#Qwbd8#ReKWe4wlX7h<{RubbmqHz_DmucXSmhy)^=q| zY51V!x<2mz@{Y)ES0c4nkJi#vVrbGRidejYkClmhnBkR}rQt4o!k2ye@5ExcyXweh zh(Y&TUR}@=Pd+*P`utBox0DOh0jFZWg(rOW<81X4VvrWdFK0H)d&X<86AyUir8W9P z^ySE$hLfGKZ%z!1-I5|n&Y|nE!FG0bsVqn`X8)8_iad+z!~82_qIeF6hb^XTJG_k> zC6`B>xt~DG)@C=0+>?!-y;DCJFs^pBj?F{(q znzdWMAwxa1J4y8)k^~hWU8gBnq(1k|Vp_Vw)|FPup$n!2*?iA~2~%5$h0Uv2p-G=e zR%)9mBvF*I`Nr4vdi`^x-}L_ebjxP1@P`4ngO-E`%mXO$qOgS3?{(j_3z7$f&|6^ZUs~GXtoyS(N z2^BuImUtWMUQqDE^bA;Q({zR#^C2t}O2^j1Ti_r-0qd+~>a4B2&w%LM0pGj*Svu4 zh}fOgHj`=xyC=mqJ40XSHe%Rs<3IFf{~DhoQvTswcy0CqRa!;!Os)l0y~I{S&p9o99#eU5hSj}KSzp;BB@_FRckj|V8U zl`LAN?+&$ewdSR^_Y4WI`O?z!^$#w(f-6>{X&N4Wc7mF;lm4EE6H4QIb7${S-HteEgt2e=#Dd_RM@OEZy?;Zs zj2!3!nJJN2&EzygBcw8iy|4&Zq1kePLm@Awtn2eMPw?y7q+hbo?`rK5nd*JhlheOq z*aT)%i^^(h>IH63hS?d^O65~2a@=aVZngv)`2A9f4Q9rtlltXCxSW*=Nj2)E&W4!S z&j44bK&o>MD^nA&U2gZBH6ieH6H-9q6q~ospmz< z{T;PKirV6_fKfp~C*Cn%UJDR7%wwm^RLs`uP0*@cCN(<_y?BKk7Q9A8*ua)U|1cEGAkoXA$gMHs3BH zQrPy_47NDa3(WY@*aD6hqezspOs~n0>D77Q!$sDq=6-gkB`9xJM>Uy)@|LHq8Zcd; zhPTB%8xOYGc1Awj%64m1<~y?C)$8%|(Y|)Ef0D=TVd2l`{^in|PTZ5_50EzcE}ue) zsg}(LssA<^{*SGi5=q}7yyQcj-PtY1tgNWu7!3uh|2?ZY4W*p}zv#ny-Y-OrHq*v~ z`8|*1Bc|kky*@Bfut-=D)MNmt(Wik=XVCOMEW@~{Ju^*BZIjHtffilIL{r)?{@6^c zdg@Mk#MRWsocA{rJ1@GdW$m~*37D{J1(_YXIvKq9E-R&5 zYcsVj$tU~{?d{8+-huVhuGK0lJ0ey+T6FH$oVfEY`{s<}FDkZ8c#YP~xPhCg$sal`i~(|(m3D>Tnk z$qB3fhx!2*=>`?lKGo+X3_Oil+YSnPJPNedwAeLLxFE7SOazwfc(~xL3SnK^p*cb_ zYqg%{KDSdd3Cf`1TMz!LZXmzwFQ28%@g?u{FCst_N~}-i*x$Y_s?SnPD)2t&&?#op zU0q!zH`-;@KuD-4Sf9SwKSHiDE4;ddZu^8=dSD`r=2q&CjWyu!=Ds4gMj6Np{a^SO z1-4FkH6Bq`q|VodpwH_ABBo5~Cw-o;{5vwo#G<02F+o_DosECZtz)^+<7%%Npvtef zsYyN8bCpaaJkZky{ zYyC|a@o+J#{pM`DAM4#)?SiCfVxkG;b({&<(0CBQCS*e}I6gjp9$zvLPN{ETP&43B z@N$~PJYXFa@t3H;zk6)%OWdE_0?1hSx6!mJj6zuEN4g}mWW5ys3 z>r1}3-n^?N1T>@Ri4EK|o2}8^5rIfFN=na-4vM;HT;69LK&|egfhZ+|o^%{3D+#Z! zJ#Zv8=eG?3_?w$X#sf4}&@?i-8OhMi?05%KsXhmlKGDny!zl>Ml1}(7bj^KqJ<;DuXzcpwDz*~?mjZrmL;E=$Q%mH znEYcKiaLB}r|_(e&G7z_mj}U%Kbv-Y)6!9)+G1+D-s@!W)s}eVpVK&H;5b2k{_P2f zQuJ>8AUQFSvKIk$FdY~g55^|B75wo(#&l$J?5__-*~`mrn{|jx=%tG`s8XEfO{=x~ zS5NKq*7$4~CuZ)7pC~+j!Xpm`pKh zkDn`C4|u|9pyCVh)^&f})bMM?;TCLN^fJ_f!U0Zpx6Wsq;WssHdmEMiyugpa5ZqM; z(#Yzub8Ds;b<=RySZNjZ*f_CwxjH+FKim8xXwVAs$bvZ;w&*8t)2G**5!c||qT1Oo zz;mNv|8igR_$S#Q-VXFRad47C`^9o2(a}INFnjOcCNE zi}mQhTI|vwjZ9qgEH`)akz+j3(-4N&-9Z|&pIc*%)N%FQI-@Q(4mZXT9Rhcd_%nG^ zSa6Hp65IXKZwR~~0l!d%0_F$VBVK|f?6Qr-qnWqi8l|V?Ib8Dq;@npn5J*5Yn}uPM zK4fzXb_A;+vxQY`^SuFGbj;=eFE`_F82D-`y;~aXdVOH>rQIWL zA(!_%_b$zs0oQ7}qQ?-?XymDW8~FM(yBjsrTv++3=fhI{%)ct+=_a8iw^XUmJ*o^V zU=bP3!G4Brm7o9ni=N+kl*~teW{jk}q7nT&@6iqcYPTylO$zvC zJ>TcLWV1$pz?XKSr9HCrA_kJeeZ zcGx7T)@U^_Cq>e&^1K;csP5Ufo*iF!>mn86A;f~PY}wAilIrpTn2(3sD_FXEDW*rN z+DjV<8x2I6WsQo8vdY3QN@;W@=^=5yKY^x&{wF=>Z`MEWd>S&L^1nV^~4hpItZUIKg+rJ25{aem+iI2L9&VV$F z{X9Ol&1?MeLwWS3eipaqKQV5rlmB>VCfSTYNB+8!!G?i%7>Eb_?qJ#Ec$MA!XXWTS z+HQEC$$akO|4p7ib}V~*(CYN-mY%&-r9~PsR^h4dBzL_bd+Xu$kITAtA7?QYEL?aE zAK9$PN1COBy@gTi;Nt7Nv{0C5uc24GnC%@7Cm=RxWcSfLhj{5D@tH>p>vcV-br0W^ot())Z znu1StCp4IFS$A}5RIQm8ubbrlQ9+IJWMVwxy2mPO^Rp0-+`kWH-PwVyk1PT@nwoS$ zVqySL>N^l=-@YD>ZKY z5BW{m-DPiWH#GX=$X{)bKgWWPo8^1DdH=4%-gu~zD7?I_e?@PN8;(N`oae(tQ<2>j zm0Z8;_wPlG8`Ra+TWW__e7vV~kteEjKCCQ3*-RUeWIze^e0!=Yh@qjFQtCnBa~LI4 zhq>GDH>t41P^33s_{Toc@qlpu_*zx^c9dI%;LH0v?wD(`azKuL7_u~u<}%FCL2OsN z3ce;PXi60Y1hB=YbmI012{c}8g12CbWLh3twLX8MVHIxnNE|^5%5f5EJv-p89S&pj z^72yERHY0dr2DF&(TpHz@raM@{!b3lEhF-f*c*+1~X#Siw?tbfaa~R#EZQz;lOxExkvjps)ZaWd!DOtOcAY;!=V7 zf9JM`3wXWkf_7k%e`Ya!u+{Zw2a$#BZPu^;S-;p!xanj((FW})duRdc@pc`g%)<8H z?N5#w53+aE(2iO@b2_YDO$_qvzW_gPjm^uOVWa%yDW?$>w#<=)RsgJ(Uxx8*;B)Izg@721-+0iW!8>)ZD2K8>)-0QTC0RC$i_0C1<5wx*^ za4nd}R^6VWXLQ4u`TwLBDxetj+Q-F`@rw1*WG)@Poc{`sFg)o*t7SNW0Q}s6zL5NQ zn8nf=OAU@KVc!y5p#u9&14eQ)wynArAyR}`fZarz!?{>EzYBd1+oisuOMLO^8 z^MK(iwH4r_dw>gYh&b_-b(1}kyLF#$VT%yrzIcQ7EZ;yz% z`bw9U8R{HG>ff})g*j1_E^r53qK1jM+U4_iM~Ob((s-TRfoXYo0I5c2Yj*H?mCgX* zQPy?^c(lHUrxYHm^%DSihc)L~bnx~7Y4%YL$5TkjT>lOve^0OmaMu+K%zuKvv#GTc z+~VcsgI?>JOKcf85fl&B}40t8S3_4 zHa}@BFC)js%iuEqTTL%MIM3%fpLoYNj@=|AS!s>hA8}2vJem$^F3lHp>AVf{u?8%0`4_M11wh}zEW8eqz&>({Q%^t+V z8#-zfKpiI!_IW;TZl`PA9<@C{J-?f10friVk653p>yxP|JD1V6Sx@LjF7S__JLoeh<%V$S&Xdg9w6Apa- z!?hJ8B4xC4B$4-l4s$UJ>-H`}PHi~rH7CT%Dvp%yJrj9y`dR73pMuY8J%`3tSi}W* zs?*n$hWh%&^Sx>Zv7G*tY5Gp(Lz1Jb?tIy&r)Z_Yx-`V|1E({6pD@G-Yj4GhQ2kHI zZFYWBo}-M?Y?8GUl08rk5I=+0ZTe8m`QtXl1p96AXS(LmKkSlvZlBNWT}^l2*v)=8 zy$ic=UrxwrEmR5uIFLr)TQ+ue>0NJH7`_*D&+fXq&QjIWV@5`-L#g?XZl!g82gsJ^ zl%v6-M)PPd{!FKhl0UWDZZ)h?S3w|%1oShM4?# z42)1&C%O9LUXUJAMindcxZis)3fBKkEmgGPxah`#gzR1q8fIo*ks>V_WZ8o=)llB@ z%{aLPdmm5jwovPiBSt?(1{S7Yl{L2+OUo&b8j7R z-XStkQNRDz-IDgQ2rFg(ruIXaGvK~8QwIip=FkN)UbAdvfd4|A6I%zGM%d!7Kq zPOoc*Z0eSU1Picu2khqdaa#c(EA3zKByy$?vo7^TJ5h3sPdTw%#kRXHX40f$-c3|! zRGO_de7qMDP<&=2|MjGRgZDpAS(opTy9Ru!ctaPnK#@!V5&N1{Q2Lywm+8I32JK?R z2^*wg@L;j?B;{}YBDbJxvA}CIS`(9YU)a=Fet1>mN9o0d{xuYtFV)gG>J{3Wg$3VT z)EcoVQt6hFgw%SLZv*N^A!;`1GgC5LbfmHwzy^i%uoR22ZCV#TvFy#voKFfLlF%{5 zeK)?m727K+YFZ-2LBHbsS}!p0_)l&}Rbj`%lM1Zc<6FzV{T|xL^AL7o`Iy7*h(vtx z`_yCel+DY{0PzzVS9oJ7WU7IC)@RDx6Fi<-fT_f z2y*tmAGetCnC16Xj*g4c7*%reD#xJQ?Ze#75rpT>&fo6BVl>HI?h)FBMhI=nHEN8Ci^iJTGk9E1WAv z=9AS1of%OW6Nkr%(A2p;eevJfztP@ZZ3)Ch(|>s4_d*qk_`YrH8HY-87JU5rHM*E= z!U)ZS^H zdp$*a^O!2fc5UIC_`!#^MH0y?A-h6k8G6$5zj5YiU6Y-JqDQ(E6^pccrQ4Lhkc)bi zL=T09`A}U(c=NGD@bl@~V#Ed#d`2^5M1Axbm))*9<3BH?K*;tyg;0z&uNcH(Y0;M} z4+o$l`7u`@ZHw3VcnMEqxZor*tIeR61MgNcOVU=5EG*ZgEpPKCsl{c5?5m*%$&Fu| zU4-t5J^0T5caKChg>{DDA6dwT2&VT_@JJx^ix2P1q|P^AKRNz5`hDpJ#eYhNL1>$V zmA0szE^3oTqGHUZU%|cx@Y+f_tQHGjy(WCeOcBr}r6^*BdMv#<5U0S1vZ!fgo(H8~* z4ZxN@Ij?N?rhQ-C*1)F(8qJ1_DVv996)e1NUi|b>A|AO<+x_Q{xm85Y@RYdUtrSiW z3n?L)FeP(J8t2Xo-h9=YlyB_P=*Q5yxzFVlP6hrhtqv02H$YkzVF?4@LoeHqDDO8_ zS01-tR_<4IlyrXuOd|0v{hj(R&t069B(Ya((q9BZ))v;QW=(`_R(gszAcyIGVXRGhsPEs(vQ2S`A*d`m*DEUDeKEcBF1)YnkZEXPoQ* zhXUViaKFRGA+V7WxtwAS4zvtZF_|cW?K@7S-}AB(Ch^C8_@t{n#4w4{e&0}OibhSq zu+a1L_`%EP0Li+s0jbZQe2SF=4{2x_RL|r;Atn(V;5L5e$(5dbG-m^YT%nr*PDk?L zF`P;Jg?hrB+lr7tQnYz4j~iC6!(Rs+$n4Md>rBXwHe43qf7^4tGKR$wm=b~pD<(3e z=Xq3i9ht}!?_x1aAJ zUif6G)QZVzQ)FYn7rre>Xc_ZsV&+jk2JtVf%aPQp@jzLBO{_nci;ElbklByHPWbta zwL?8QS*-|*@R?Sv!AA;vZTb~`zZ}J;A_Z|0K~YgdWH!0gPdvGwF>F2R))f`B{2w)> zB5ziD=t)kV3fIM&M6EDXBF%VmSXZ;C`l-&ZYPW*bi><6>dhY-bRc&=z!iJGa?o}mH z$++*46Sdus71_#bNn;JU^;rtMr?)c&7NeSYMGOgYfJ-mBGbLTSd!v*7oh! z{3mTX_?eZiewf#Tc9tOt%OwOr{DV&qN_irfEBwU1j71F%*rWtH)t_<+%y3H%4|QJ0 zk5@Cklqj>d-IoL?=DeAN(<8%O^3KqxwApjG8h1XwQZG=%coCNVD^9L5Y&D#^KE*8R zeGG%=wCI^6qO)Sn$uUot6U`(Utfr$QyYtO;P-oD11nkpuWuyosjCctBa_PwAL za!LNzK7d@GvHWNy?_%4(iF7EXE2844_8F^MgyIF>{W?Qec|NWC@yCEt5j%p}>o})+ zm(9zwE`wQtrP>i=xS(e%%JKCwb#lqed2})7J2R~T)a?k&+)WM}fGyvLfrA!Zhty7( zA4+`G`v#I=TU=ENGwL{CFXGnFZ0(N7^0H5nFKm~f*=Jc}#rln{vLimmAN~gGtFLZ~ zEa?Hs#~bYu1vG^RA6~S_{$UR9^IedmAC%jnVe31S?Ej@$6&?Muib>pckW|uGa-0Ho z7vc*6I9PqKiLQ60J==)|D@4dqh4zxvK2>BloT{&NdeqX=(<5geehQD6ho?v%`zLTt ztNi(^^N+;1dy}l)X!8@B$!U4?T6+E;N4|tQ%CTpgtqGVDE{Lf;=yzO_?(nk-h7#*TAAV3u7-6mQGC$Snkp`*_k`4F>lka4-GJ?C{((z^f-bit1)IHd(Q=ALx;%pn3z;s|G~eR&{JkoC>vkma|7OL>{q(s$RuTMpSoj{R%Y2$K zBj}tZR-Bc28>2xAFlL1u-%RKBHj=} zlTBAna;)xHtMfm0O%mzb2FT>0c)GJdPC&VkP;~O-@aWa2uAI zuTtE;Pa?b=n`tei@03FO8EI*xITAuXf((v=YY@p%93DX`#=cudqj zUn6wvRK$Ew(|1rAD|&6Ua;eC1MrX-?Y`#(cKE5>Rq=-w}bJz1_I){YUGao9_`O@HL zmKovJ1nkRR=U6vg$4{B}E1AB?9ZW(%zrNd33F1{NNzf@iZC_;s^Jw4Pq2%nY$-;SCffL%QtUOD12M@agEDP ziii7poqd+~DaY=~Y-NaTB!Z+W+0 z3~p}r>=pkW&S1n#2DD4Q)Ulo7*$+C0&sLPXUZQDD=D-cRbYdJS+L6coftDWQG`+vT+rb|8q&dC~K!8C$vP*H&%EqsE zkG(Q#i}L6KMXMa_vgP2Z9d&|aNkRLW6W@%G?khw2RHn>1+RdG(7vVpkF&8UmdP)YquPiE zIl2y^JP(X1exVD0beiF``8IhS64wctWiS%X;N-Z{qdA<>9NLIq+RQbI)&4;Kz1Cye z#|{O;h4gB*YpdXGpo&_}0bet<%*%0ruJb;1ieLLuipgNcRtD zSm<%x*HUh+qUe--pjtiU?^KVsetmv9#+a4xVCwHkJF@*Nl^)W`*QT|c6R*2igQ02N zm9KkolR=a3%|671g?RA<0JtZKYpQP>rD>=iFn5b*876Ubm_Dj4)BEqrW`keU$Z=Ykb&~+stAG- z6L+s@zADfu7#RifxVD};qh(3<%c81MQCepDZjo1>Yy|BcWEZCLQ)sH3SJn~+0baO8 zPRSZwFq(88&s50eP%>+|WR(_}$$npf@;WKs1Jvu`|nuZ@0~c}vr2KU+p-Xw!abpU;1%oZDSA%bpWQbc0G-?DU*1 zPg@jOOn1sj+*(h|aVnU~R$SNBnQD`?6eVYhu%9@r^{D2Z)uTl03~C!H1+Fh4Q`e!o zVe-RHveCpd^7Yy2)c?tUB6W}=r48luTCZVgPpW}b*5+^~_zR*8-yU$={;)tp#(=xa z5f7Bzd9eZh@=h;1YC?el5JC%G8{bx(8Ubdwn$F_!ifi;f^Z7!^HX9V0;T=5hlDmmo z#Sepszot6WO==)9n5`T4C_=?QqRI?FlXWFR5fwz7TJ~$7bjrV zM5mPz7u54PKjhl*CHGO37i<8X>y?=r%PA5ky3ikj?m{cwqet`L3qos zn|z1kyNp-va>>}K)Bfw{DS@yk)Ag&5qp@y2`{R#V$B|pJ`{QjnB*u0EP~#(0nD^5t z@QKS+3+8J%{m+ zxVrkH?s2)bcwz>?1l*ceZ?QfttyDaR5w4k7|NKh};Qpa1l7HdU-s&iGGZZjdjPJXB zopSZuHzxhpu+G$9FYli@bT1Mjz8|FX3t7*0U#em&@L_C%Ujpg;k@l&DQPZKSjna~} z%Tt&wJbst`1=;Ph@w^L!`dK?DY}@RbEJNoO@jHhAAS%-&J?R>^WwtZVfbbMUWSn;brTB;vZH-I&z__6 z@a)0Q3)^3gv`lUk3=6XQ$q*TfwD^FxeAOR&WQzFDz^NUNvb}BIih$1JrgQl`EA{Tp zqW84*Nr0v&vt!*RTdlt@Z92;{fsnm6T~sgoJ4`Z&_R;L}VVAMUA++jPGBbpD{+whH zc*F}KzMowT@nqD3Zbh&AY&C7y-XGPjCN=FZ!a5!nyzN_>1Ym##YjF=43H1DY#d^Ux z8P>!;9mwo-yx}?W$zR%F24Lshmrn`6ajO7Ec$sF~Q@g&AsFpMkNeD6D+dcNVQ+3~2ZQBKC7uqgh+=X6N8)oO^p~SY_ zdLdS@xXmbyGG0%L@6pA4?(QdtZKL+RNRp(2b8L7?an=Cp zgH#G!3O0uG-Qfa}frKDQu{yI+gB#sk>3o0&lEgSRTJtZ} zmJjeDX&LuNzCLC0xoc|%?yj4>cB(^h&bS)e!~8;G8sViXs|f~Ar;;&V=zGab+8)fJ zV`l12SNx)%oI=U>_E{Z%5Pj02LzRo;m&607HOY*RTZ{c{jH&ZtG%wtr<9qjf?4$5& z*^2w&rVqHQC$DaLpgwt!4iD8lK(A}X{nJs5hLH`XHrkj zY&O7aO=QY+UEhZ<4Yzyy8?d$}nYyfTBWQ+JR6UybXEYQ`o=ywAn?Y9|=-aH{pWW58 z6PcHvmIQ<_T}ZfO$&I1WsIXrm@}&U+AL+%iS8au8ws9Nc-)l`#me6;zx zSLyA-o%K@M#P8Vlz%^;_C(e5;y9Rz@b9h}HISRXdl}H}00#5LJU}EaNN=DEh`VT~k zj#Sz-<-IM{kh$mz#V55$Y4Z6a8OJ>0z2?2csTm~QR$K}pf@pIt+^sw`J@CQy8wUTl z>ml>KjyEe%R3h7x+m3mhN4N($Keu}b-dk@NtPvtf!?HXPI7HRewViFO6ZSb{nJ&DZ zomgNNxZjr8T=KL@*q|wsR=hAWzg=0*Yg!e#IW;6a10CN8U0=kL-xp~xq}|a_a41?> z>?`Ky;%1u$^Ig>yR1>_2iN~wA(oP<6drr$R#%ZG2Vv;wPRNVjjfUWI%mgUQZaZ&s> zsO|l7^QJ13Z^wGU;-J~+WVx%r*QU>}1@*jrCS^UI5V&91J}Fj! zYE^~3ny2vdTYP(7sjW9;e}QtnjcqJzxsOYC-kQ~z+vwS}EnIv$&5zkg1nGP)(~G0B z{#dyy^qE!Q{EMar19+Y7i;+>c1(g*O8F^Lh$=9Uy`T|2rcmkjmz|;OoLm(MSzK}Gl z(`!IQZhhU39;T8{Rxk~QlI9tUSv+I^4Z5;Y(kJ_UrkB0HaDyA>`MH=zPe-QIbe;E5 zx5g8-)iKWYLq=M?)mZ{zr7Kk4dut5{RB9Umt*`i6A2pp@FDt;@P}`38E1s6?;lBAe z;{oTYYPnY zqqa8#&a_VH@0;9EH{J;gQqu#Uf68_#Ojbt}VtQe~(o>20bmo^2jE;$rAZmE2UgMEB zn8~fFG)(!iOGoaSAsxoxtAUV@_kc;C&r&9QyF5+&m0_G zWrS=>wLB-CiNrdLolIDxSf(G^mY)QQeilz$ctk$eLC;EIU*xh~WW>TvAjIoPfWo!K zyI>x#@X5VSd?u)QrAWWtxVwig4Jo3|a8B^p^t@%Sz#>PU7Q8pPyJUGpm9IsJazOLj zxpM}rs201)WQZMB%LB@$Y_-aci#=r}$ccMa;YvUJs@i%2!PM=RQiz~651S)wXKAr_ zsm-rp2sxy}B3(6Cgeuc0orD_7%4pjZDnhQSOHose?M_~aNd)@Bg1pK>Fe!T_f1c{M zdCG_#nXydzlHjiz8o8rwk<~xyWJry>+?#^=G&IfrMq5b6k@fJa9;qzlGLi2*ysijt z7D?McT)N&mOKz4?gUNAJ^Dm~Pth7?A6M>d%(l&^jdRkD_USQvSLNyTo}k>^d<%vh z9D#emt#ms|TI<%B{;Z}6mo>+BI9D1eEv5EBM1w8ZC6yf=Dr1Qwa5=H8WRfSlr$ia# z!o_}k!u^d##lXNI0rgN|&cLwb<6eEE&0femi3vYa(|hKPln2hilIQ%*RPKrsDFDMXJ{wS5Jy!^Tr4WwlUgnu zdPV(FCH<><_2=zErCdqOi2Zbxp^PKiGe!OyX*kk~g`TM_DI$p}=<95VMr}=K^dc3P zmglqXk%qH14Cp{n0dptjgQEKh6zBIK;W%p=85vz42$;;R^HqzXW&C&~wWfr|GWRBD zpqpz0b0W4r4(Re-Cu_#rf;R>r1Tq1Zo zg&bL%tc_(jpvGUdOo!gxZa9~UEoFN#@YZBOjSp<8C!G;pZ{y2GaDnLa{f%YPDptDZ z1zENuCP*oVbcfOKvz^P8ksQVl&wx~ak>sT|le>FU2Z{4=;oQ2;)PA64XD`&MS$qMN z)Vx{1{V9~EOVRVK_kBex@&4J_3+J;y8zX_gGbew;41~jP!M!FaJlv=*y~wk0hl(E? zwz+(B1v8qjEn(2g@H}E`I6m@C`gt->t-psdHW}J)s(G9+ty&VR=9|cLp8s4*N2=g{ zI>%Xg4xx!=gcu*%n1{^CU>$8H>u2O-E2Lh*XE*IFiAT!Jwd_&FK{elRA75Y|7XNvM zbGa9o0^UYlZqm+whvoS7>)Y-n!B=_2`nI&$sw{`{`Hs;N(&n6Vi+P1_NFu_LwG^7t zjHS)ep6e-_A=7r+SCWp)JCag44~z(~Gl}fqIA9iJ*a-yoSroO4HX~nbo+I3p3-lNO zc~5w)UFG{U!$VhDL&sYrsbqO0_c`?pHZ+V7h(M{Ov4iPa{p)C5-F=Fo;K3Dq3_Q1D zE{M4E*qkF0)uE0KF_7z2%oFh8g9N2ga6xvn=(rgBPmk?rrrU$Av~Z>A1Buhc#iV6( zm;+%>jXGCyJmrnm24^&R=spOf`vWSrkmLeyOZW#W{xe~PLs7JUKvAu?x@QedYrhH* zw6s*C3zY#N+%I<}whQ?+EvXdAz-Yq9v{;6eDu_Dy^Z@a&-_h%d963-u{-cV9LuSI# zRLcqe#g4k26>w)c2dwC&nO>jzn%vxD^&`LUzesU*U3}|R^c-(!>{b;V=CsMM#CD?`z zl-HEb*R|Rn86`K8YBE$$$M8Yg{sDY9QuXAMx$8`NV%}irUdn|yLt}INmow=lL!1kO zk7VM;{|Q^QqS!2)|-eE74(6;JY?VDc|tP^$3fdB5lKa@&mZ@mVF_6 z&Q}Paz#sMNEc}IeZ!TZPvrPKy^zXqt`uPc4_6}`Ft$?kSbvqdQ>t*e< ziSq?*pw>1pgoc{h@=!PYAo0s)>RbvE3-KMVH!Q3!V|mfLe!cOI4Zaone{aPgRfXJ zkwZHRxwe7|AxcYb_d$|TYLkj|>~!*@pP^2iqwcxb^ywM`kA?ynW&5E#=>?mE*~=id zWO)L$YyR}RnhF6qzXi{Cy;Y<7{h`6oaX0c5gnM_ix!S)@D%u9AnhuEPhlkkw3a>q~ ze)FvHmZ#`viGTa|dvdJ5+do zq?4%)m{%-Dg;gBu@*(CE8+jYoowk;n{PTnUEO7{jd@oWM@jBles?04AtT*3hmw(7- z?d_JCndWB|i|Yi~$K#c|k+v`77Y@WREQF{u2F(?*kB*=koNc5_Nfs>xSaHc7dR`wc zK)Z&lHlQNM?ek~1s1&Jl*3CFKmH+y&KcSO9SxS6x#H-CMpL5NWS}+8U3S}of8;!F# zpfHnrCz@FT(K4apH2oUR*5#L|>(ciSP`=}rEpYsdV;NnRb9*-1@joDpA09v&4KQo+ z-fnCupGorWv$gQ66*FDOm#KzDKX+tK)j*M6;Uqb~nq-E~J2+`Wj&^qJtn@C353Ns5 zW3JZuiDIC%ykt>oL(#MU4z}UU7XO@BKlFBq^)I}^F|*ESkq2JfjorFBrLoZMx2->1 zEdDa2KkYmx7{OZE^=uY+H&IgpL$9_`+-jwv%KY}bx65g%E;ANVUh}`c|ND>jHxli4 z5yZd6+5UGx^2Z1MIRSnj?#W0cEG5kUIjz4p5dH}XA7TUo&`ovfT;|@ zRglD<>Hgo>??2zal|{&E)B!er7iwBs62X91B1(Y!dM;Os|KGCz{Jecss2zDFXPt-i zTtaF)uB@!Ay1H7@{Ywz?b7YIW1^Ee-tFvIsa3A{I;{C(J#L#lqu$YKxXeKJ=_~^~` z^$uWb;g*j&=Focab6Dm!BWlcQ%8SwSrE{&}hlYJ|jiaj@K8Wc&(cepf@E}UJ6z<5Z z*0rhK&egR~m4c2QIp|AHJGK$=+}?>*b1kXF#rHs`6+G@dP#K=ZV2f8rTrZ4_kDrH? zT)4+XLXk;8hS)X>Z+cEDfQX4+z_P_6!xNpm4VQKAT@F{PE5Zf7X*hTTzXX48{Xaoq zxd7Z0VcYu4(FlmZ?(qs`6-}zy^{P!c&M58ai5i`&i}Vf|2J2E6t4p{#kKNlNQm=3b zqNbxg+z#B4@SP$z6oA;S@Zdb>!~6=_Dt0B|D=8^?NkEWG>FB$>a#-E;@U{!tt!!i# z(su!!yW+-o&%E1Z<>z0t%fBj8Ni=j6u!^RNALUFxUIB15q~nv{u6P-*^E|ee+mpD; z!c&uf9VRO^BGH?2a*z4)T8VFLtxPRT9WM{HSt4HZs&a7U$O+E}a`w;REP=L?Owb`4 z14}w{>vySh%&a9fSI6yZtJd}fU5fJ~ORk4rYS)g3l+a@zA0H2^>aa#uAr3CvvRs;i z_Gp~IsBV5kl8o#Sw;eJZ*ziaGX>N&)`;D73?p#8ArE!&UH$dn1H-8CKa|@f-aPH12 z?0njuua5LXW`89P3_;y{O8l{{l~y(}Nq?-oaW zNs7_&mW~1_v`38lfIuU8Fj$t{cGCCr4!Y;o(^~blE;(6n$!H=_kxmQt~ZH(wDU;d_)o-ZO{F)4lb)V_bhGuD;br?$L5oDw?>A6{=B^>NBG5 zY|X7>Z_c-5oSY(y-EC{a+ZGBut%~UBE#g0_#Nq@>;;4)`7Al>qTPwu`T-*;sk6;g0 zY8S4cbJ1%;feCD5ftD@A)@M-d%puyXORTQTb4Zo0c8MWADl)Q^(dWqOx*7u{yQU@7 zj*gDCfV&RFLnFVvgM;tM$!@y`d*5H9omGP`O^7~C918yHUi>FK&540K?VRJ($Ret2 zcK_0Rux4GK@8gDP90)`waJ^Iqw~r$=(_tnqU6vGX{5*7Q5H4D+m?x}{tL;*|VJAC+ zrhR!C5BhG**~P_z1EFU%IQaRiL=jex$CcASW59*;UVHi6bjNl zpyKCO+1s<2a8FK5q^gkAANC=k6JSvzBHpI~0;Sk`jiqqtI9A>gF8%>tUEmW608xi4 z1xZxujtZ)Caq-_+(D0gu%RBwRkBZiaHvJDa`R68PQu<9my-97QPXd?2kqi3rC1|A- z*MeSFZg8DVF8gTSdJx5u@_a>lco#~EuV5(F(0q0KA_eFjT`!qt#XlXYq`J6*;vFgRF{)hU~|LC#qY>)@3xI)szJoPJNK{4zvN z;f|k@QkbsO-huW`!XAk zPU}OJh7jzVheg-E>VB2W1`(7o1tH)WhTDP>L@LsTc$U`X_S~y4Y&t;}@chtV4itHh z6@dn-uC`w(N7+_Lo6)_q_g$E($pRmme>kqH;f{@)j`cRj=i=lPJg^Q};ZYfmd`e<8Sza^|m;te4*rE#{|U?ESC6nVuO}Hvh-Veuoc7 z`h3Z*4rOQ&eEst~u>`xz*6)j^seZ)!VIv0;_g%||8rZFkG~foL+*qemEKOk}0ua3M zb|ajf-j3dMNv^3^naEJ3OM0GN73R?KGl|@N`TThYI5rL`8t;FDT{tqL=q!1_F!Ny` zDWhOGuCo(qaT*la=>j7}A4%!H>w!QNNR^xE><};KT)8CC%+#FcM3V!=EX%EM2kDAmoyg<;Q2s*;Nbl>UByYd z=3N|Uw6Qs4w>^7?1pT!B^=O0rY1rPo95Z5c2@@~jIQV2XDR=iU*$g%jWqaQKP*m%RBI;@x+dQ*)Z0 ztdX)U;Xlbgr6_BY_wXBJ*z~-^#d_>Gout2*qnewFGP}KAEVBlVZYI)IO*-j)E3TXC zmK{F`2#Z7~s*srnK`pDpMDS*bF&_yw>2dFFZw<9fwD-gVZL24yC#9Wai^+895A;mB zvamE`(Bt4Bj`4k981BkAE}>RH;gRr=)A-_IUM=_Zsg9*zA9;v3yFq|OgXf9BxC`s$)P@L~1bM!dam4k|M(nqjW$%#uKh@Vq57UZ^u^Dsh3z~P+ zrAtlLBv$HmNL9kiQ~<0MEk8+F)9#;Nj(@ZGT;aRlhZQ)zzMF1!{FUwtuWc>XaP@`1 zvK870ILD}(|MhYINt0`t!8Fsm)TZimJt{7AVuT>6B+3RUGU2d;U+9zrKeoo{-Q?6~ zb0@^0>BD(o68dcXClq$DN>R}|$IqnbVsw1kUH+c^LCN`v3Cz%{{!pKt&WCk6PX|{? zkk3^jqv*<6h5=6_pXkAudXGK*nTwFoRX}K3ook)=chhazsZd98gy}Bs9<=8?C2t9Z zbPa*gv7JmY{@>Vo%)_S$V(#oSA*)O4EYEukAHaSHgOUjdfbEy>$k;WK+fXCXY=n_f zP>jO63BZKAHve|ycldA1aZaX|m!I9Ca?0TfbUiOyqfR6w|-e+z;SyPbKKA5f2^tmP%i1WQ$66n_o?IieM?#X|DqPwwQx4;mF zYeXm~+W{-Xc~XbN7(`YrxUckCB&bh3L&x~f2lLMMJ`B*jF?<-uc|>v1N)2x$ct`Gi zQO3Zb>vNNcOU3(%i2DWQMyWRMW>y<8bVW(`l>|N68OhHRM!U35x_{KPOUFBZy&vfIaP;iXX<}b>n z0bXP?LgeHwA^a6;kWKsYSVuz!9NegpHG*_N@a#wNi6D_d!aQ$(`R zfs<7R)V_Rl(UZ6*M>Its6~o~>p?fv66PW7V$>*$EZt~Ss8=Q}p?Y-QjNVVY>!y2RXmqq9RMt#|4i79#;K)_% zt04AOd}XXcbhH|Al%Cx80x?_nK4|!(IEmE)+-1|sy$t&Jer}9HU0t1dzk)wVO`NQJ z6tC9xm|4Bfrp9Nhe&G$IM66`lT2o-`kbZ*g@Ev?usI#lZ952t#8t$cFMcvPzS~V%KJzNT(#q>&p=t5snJt5Z$#3#~;I z^fm^Ib3Zkg=^<(5@}2F75Pjmcp2KW7`f2$|85GZ|4!QK1S&NE_ayaWRko1uL$*AoS zEkD(?f5dA{Lu)piY@e>>*}uu~+@ZL#65hK0L?%ICUMS!0b<|+Gd9$4u16j8a9V)oc)v|6u5ZqU=kr zy`r`*lX)tY0{M6;d^$@}wjkZQnyw6k3)XQpN8zR2g3O{{aA|NNO)< zU3Jue%Zek1LUV`7$$(c=IXBSrqSj5M!L zFG0J>=J@fR)RX}?n7yV2L|OsxK`uKRy>7C#8$N`aX{c##4~?)1&b$`sv}8gn0HMQv zQj|x@Tl0gN(qR!D-frC_%@i)%tXzsuPR3#>WC|m`pL8&>UH))o@1Y{y1A;wAL*}G|EeF8plJjGZQMN z%~Id&^PHsU%PjQaN%>Mf~}1PFgn5gB(E zqtoN3#QRDPz>{a@$xePAqx8lp_w?(Go0Zq)DqyEDTcxC+OcNZzjbG4CuUa6_lt24H z&0sVY;!MAk=-3?+w}d1)<}_M>TEjBBhhJI&|DSjA)C$9{ycsLPdNv zV7B~1v_bIn6z6qWt4COP3Zp(gOJdUfbl$HOoR`%*pBl~*FpN(Ra5l3*p2iAdG54@( zgN+BU^O=%Rnvrp?(AP*YhRwsXjrEw{>G<*q+>Tqn;ruBg?E%Rp*ClNVmiE_~$eQU& zjk4Q=aUZI|%xwoRYMigR`T0dq^yHVkt{O~@9=2kPdUNUHFy}3f7S{D`QGQ0{$L5DF zY;FuPhbEJk+$qX;`~}wz<~CbT5B3nh??euO~Cq``4K*ArxN9ih_kwt zu}Iun?6qzq{z0gmdflc06A2tqoPThmZy@o$Diof36T23?E(UR{X107d;iXEr>p9s5 zlj0?vqT+0(1Wbpj)3o_-W#;2u7_8M^G!W%sXeP~%&~6z?Fc-|obbt-*3=G(5WrC4I zz7hBKJOX0lI?Ixjg@TFan$sowC!p0qv+o<(D?#&)YqSF6WMyI|U^Fii0((;6IOlc* zWcFLAO@;z1Ww3j5vBaQf=YKex{{yi82mK*QZf`Auq8?fDN4D!zt?=mV;M%3#zF4`} zU;M~JcYOwVCICj=gBZ-P5P@G1SfwN}5?r>dg|)Yy zDGEeBl(n2`%vO39L>pH9ezmT28ZiC4h+HiX_M8fBM>hLe7=0>)YLcB)G4jaRh^4H_ z(|b34jUOUuke|5Tk{gQ~`c+S3_u+1pIdA<1_6PAWBY1!LbXBb_el}BcERU_OZ}jFt z$iP>wA!iSzLNLHQRb0brxwYTES^ue64g%!Mzr7{m$6h*Lcw>n_t~3>p+7l&tCyST{ z*$a5Ia`H3iP_l11c=vY&)So2I^u)t@qZdCiUL?|P&Z#%*@@ zXQ;e&S__|u-)ZCCbH2KgR`=#QuuI5lPgq^@k*yCP6>bWSU!5^4VEr9$K#C$h#~L|k zoMSE56pX)dJ*?5XKkXZ8HZpWJrD@yO8^bA>jyZB@U}!*%8~+LVP0#CUc6$%G0j3xa zT5pVUAqtW%;O2Z26Epyb{=lXTI0}-K{HSJKj;I+1X*bLz?TusivRR3!342y8$dJ#(78>A{8 zd4clFo3kP_yo{N=(#}e8Dkxu$B%A)n4Wk;oWbg9Rk%=TDy5vxcrA5LHI>HQtVF>Of zQp=WF#e#V`4V61yPkhIol=_~2{g#w8Ew+{f$oe zXQ6#XK2iK^H474NPb|KErx1dagD?Z=N*_jbi!xI1$>8Y1Tfsq9A>50U8_WoGwnMPv zPX|OcI_)9e^{tJ|gE%G-cptCblcRK4Y>T~!%@>k>_)GvA?v_wFjKSh|okE?T4V<+2 zA1(wqJ}q{t$S3YgM|^UiKvY61ev&o~t{Ii{!=_*2WeOcOu4c}0z&L|-o`xj2_$ck= z{uBeViW9PqO@(baXXCn=L{jQeGgG}`V|UEWuKe7iEiMe`WCnZ7f_5foa;hTl)*m2+ z&zF8h(yl&Murs=*2TT~!500Joes(#!Qpq14yDM${DXbhfK8Xh*vX*@y!8F}H(w}k{07x%+WI^)Is0vf|3oIL0qWK69|?6G-GJq4W10Q089b4?PkuE(1ol=lxx6yy2O@5}d4(!Rzxq&vK9P5>E}0?J0uTmxfJT%e(8aLVwo zOU)N) zv9M|^LfFqzok6ouZ&fO82UqEGo55FrMxzW(s&mH4Brk5WHJGmvk5_-&;l${0j-K&xx5pNH#|g zl#swU?`kzYF)DlfI*7+8t5l}Zv3a2%k|07GU9h6#S+ft{z7E19tm|(qJ)4^D`)>Qs0a)Z*-)Dp$acVmv{9pvn1IfrPhY{nv;vmj8w-YIqPt4e!fK5#){F(AlKW3+Sy(SSSzMV zl&hcbH;ASq|8oP#z##3+W}~dka8v^b-2-cQCgb(umDdp4$t@OIh%1g`Z&Az4)e(d@ z$jMrz&vix0nuMFr?I_^}%g97<{KBC_XKli%TBCkvQD2#@Rp&~Fdct!;lJeeEG8qiY2zrk3SQSmRf?>-1AmX8Da0lbT9T15?%l&Y{ z$x%xr1P|p)Fks|HjP51X>zNo>pr`IxMi*1oHzu$FFcfXo!<3KiR#atp)n&usYWu5| z{G3^gy*DnNzxT;fUcA*_wR&n?V{X0P%1nJCK32zrBOjTkt1Hgf+uQw_gH`dLCnO7w z+4xbJyG~$$JrPO#4NvVnX#H|!;okl}5;#2YK~(owqIkyN<&a1er0NeuL}|th-3tc? z=#}1Yl=(ymNVsg$7u>pr&W7gO=z~06`qMrv#Xor-V9!ptl;&_UpYY!h=S!xLVbfBu{>w``1i_;USaIluDD9A9yb)H(j@A?}W7P5}X~4x1Q3lf*p@ zQ6I_x>9-j;$x{u8NHo@ExS`*x{gahbMI*p}=2PYS*Va47IHyw>wUu%s_&Cy0B%MyJ<+Ym=fk$pxQXo?D? z!o1YV4v48F7n$!aJ=~k=ZY?)7FJp^;xh!Cff7jJ3mP9xM4l%%YJj73KB)Tt33K8rU+MJdf5cpV;QI|#=wTS-EHDh-%`9u!av&fQY2Cfk5#9uy<2cwtzFX|jyUDbl>vjb%3p-?5IXQg%!VOMv%5H#VmXcg|7@F=0 zMem|b$#XnYJ10rER;Pu5O=f)#XE~tt&A;9x;7JweV;$R`kx^f- z{9NwXGgEuzQnS8K(aL7+=;6R%Q7`_hUP3dyb2o7Cv=PhNr)CwEc5E~w8%qQ)&czEY zo3Ba#DMm&HQVHaDDK*?+x;xdHc|UQ+t4p}EZ=|z3?Q^t^CW=v2fir(0rNVIz^ zlJ4)*zM{6{kf|u?XIy3RAI$U=(_qdM!w}O3W)?wr;C*%C`r1+rNC%F~l=VT#e;GqN z8m3%3rC-RFfeg+w#BhBtcX5O_iAnk{ZB!nk=qnhe2w=WayWS8VX|w2c^A&Hw&yJQC zl{loYoG`1q5H~q_@B!GCvPE_fdjJ^-3xN6DcdPb@$CboW;1=CYXZsm=hyu2`$o=gp zY<(23UmlfeBD&re2J+9r66JN2h34NGa-jHRG9t~yM|%I&Ey>D>h8c~p)advoTRp(Z zz=)2L3999gBtBT`W*Rgxy(J}j_Hy^oCjKa{EmU_nWv<+ll1Ru%M;+tm5IP~v?-1$zqMQ8=(A=1Lz?NS zZ8n>2P9IZ8$aXz}GilS{p_u+y7@zZ<10VDHc~?P<;j)XwI$g#aXv`CNp}8(J0@(Td zU_eM>Zx}cjxh_v_S2oab6fzw({e7*xsl-#VS^hQR!C1NLe?1+3BJd4Alz;mQnIuGz zg#@VuKn77~AM-!W%8W&`T1YbQO5RFQO1eK{o`wlU(

=*kw8++}RJ}o-_}m@)WT& zvOv~1p4SEtdUgZJh8wded9j^rYM1_|gTOmZ-Zy^SV|za$0q>D7Q;r~jIOfYHj)Y?F z{?vRHK-8&m-!L{kPy4as;q3R64Z4WpR*KAhZpr?5=Mpe$63;=RvPXOEh_e*yI5dc? zcSum8ZuyaO^ijBCnYps(uMqXG7CK<~usuLx#9!W@y@S58 z0Xyf}W!e(y9Uzjc>;K(a{D2D{9@`l-v&YKTPB zty@cmJW3nHjn6>;NG8jxVP!ujpJ8y^k)C#WvxeqHHh+0;b=L#-kAjcE{D(~PXCWHk zftHNmb)ofvcMK0sE6|ho$3vK9`1c|Df0S*sI}#lK-% z)f3Wffbn-2_%}@kzEYBpNb(eURJES-75~RABzcXb=m`F*v%Rf98-itl91Wjyt2y6K z>r9Q)du9D!|K(eLWJV;n3oQ)ZI7B2HtmQ1f@@5vxzkaxt52+fxrKP0@3RR%;D~d?r zyxKgiK9N+h`UOBZJ@}q62J^^k+X`TZA(SDel^vh> zN-yqjY3+*;E%E$C$ooTG=sWs|Jf`1{rnWZS4GPUmJhGoOpBJPOL->AJ>miGOMD%X% zU{_YKjX{2wmM|Xdc0$y%trzl70rxM64nTq&tj2^5S+bI)Vns&G_x6Ex)i^*{o;1hC z$2TX{bYpu8z|206K4)8Lw(rKcgnQ)R+#>S;GhXLCj)tQ-;*G0gADPas&M(wk75PW=8!M2xzy1l;6G;BJk2RU^h zW?^};1f0`_qGvV;L<^bd>+6q2Kt0dTH+buO72xd+8!+E%a3FF>D2teLv}{s(<)ZC#y=icD4X_uTiVzvrL4yyWFAdB3mgypHoYkMlTPguVwnHnjUvgepYF zO}5aS2K@TAyR&DM z!m#t&njw8b`{7KJAh2k2(}QDyDq#A~)}bL{uI9>{;xRBdI=tVx6&@CPMeXYSSh4F0 z4?B&phDZB}{$KBSAVyg(89$We)?~pDMt4u7e+Zq=eJg1sGkf(H) z`Mtkz`(PMh67o##HS+>{eP=%3#}RxgUkj|Gy=}EY`@T|JGIxWp?xW>(NAQojyV{CN zk##Y~U2DJg*x#O_qqE2MN>mA`@1{{zXcr)pmF%%M7rn&YyB3bR*P5XtjM&ea^*J{q z)T4{cHlm-)kZZ|yDyg9!k-0Wg{|x#ewh6&5xPf@8P&dY#PAdKX>(=srHwYv3c>%3Q zJFaRr@z9BBfaTm01RmU0QBes|xPIAbMb!PU$)Dpge@NuajYuoX;91&t=L=sj6_mZ` z{nYt6m+CznHb1ZZDJSQ;Kh=s|nCtbHH+C}kxPE&cm#+WuV7sg6i}#vxzvJ_$oWBH( zJbV&ZEBNOxadDm730AMIxpU}v_#D{bYl7RoDar;7#}#J6_wE_{;Ky(F)o&Kq#rDNV zOV&JiQevSHBO@iHKW#-$qq>(q4y(y_NGoLPVz2&-BJY1RA^z6Qn*q@(9=Gi`4qB>=i{`r>a`k$Cid)B-z*oBD-S@gyh6rGTFJf zmVux0Gd*ZFrmo)Pboa|EmBpZ~eYwGxe(gm%h!empy$&PlBC$6rChDXK!@B*ki zEo%q{&y2^-LFqD^TK7ny$3-o#>uY+RJ{UNU`4=4NrtfZ0><)JG`+vd0KM_FImtY-6 zfo!f9uKXhncPf?OsqIskY&sr|yE%6@25)FRTv7r_iihBB&3=&Gp9+2?#il3ps5?ZSzMtJF~y;g`UfwgwLt zJmHc3?^03|Wu6w@pMOc88FLeH%Q7%rT=9esm?Q5MgZ+Yeci5xacviCN5m{WGqFue& z5)G2l)z<#B2H8h+s~kUgtn)ZdBU<-Om7>Mfd$z1$&9|iqjN6np1e&9{r9d0OR8^} zu&}U(uDtz6Uf)Ua_nyiN!$b4kG6_#!n&fNHQpY~1p4jm@>hgcP!NbRg#9on?2VJ>5 zJ2fi!)Hpu=?)gkuG|~3^t)T=NjPDDhnEl@ki2VFPx3SpIG(Xgj-Z$+*9$fRMzb^m% zyM5jab+mJqZN*H(T!n7mrPwvDsM~=RfDY&OYfRH+|D-4Waa#Sq#lC+618chCsZ*LM zG~URDBHhTZkNl$@&F+er&JOw4g@3B5diVSmRkNzGiw8sMPO~)#WTtt9rvPrFvl*`N z(pUX#d%#zFY9-c0F=3TkW0-1AE$-+@sd^m`+)+g(yj7Q*#U*cQg1+ ze^R4}>6Z7vM9`99pafaR7oqtsnxcd)E;kOy3+tNGfkqO!DwQzNOhzN8JFQ4tJUa2WFbzNuA=3J2ZVuG3I< zMh5Llj#x#JltxWJWWMXW?fEL3M}53ZC6(v*BF02NxE~NF+z0v`1Qil0{Lbn}?Atw< zb$@8*34Erlmvo0=Ewv==jR!dkev-c{_^X_iGMdPoM2>p#vv?nRg6Pps|pSJDZ-YKC?!^ZT2RDB3+A_CDSIQqgz+K0!lj9xAW_(7h4)E^@$d znnKZqS&bYn9MTNGdV#l`hThI&lYjFRApu9WDVaOHZXrtUI`e~@~SQ0 z)t*dNu1a$Y5b(O(?l9fD-a&5uPkF+>KLTndzY%iv$v422%k5qC!zil#SAwv-yh(#+ zbNe%#es1R1(6H65r}yWgy`PO4pE3@!2z*g!{c!&<%W`w8qwjNY-lMPKU;11%+BFoE z*G{MV{P>zADlaH_Ux7_xoyoDjH1HsLoRow_VP6g6BS+>NZZwsYNQOB@xuU*>6G$fu zbYYh*@tSqd>>yQd=|@-5XRJ>s=&$MkalrMk$hG7jtlQjoz{~lub|BEX4dm#d6cb0 zlh#DKJ6At2G)`%s)wx~6{F=!9(7Q{LK0&Up$%M*d{fkA}55GL5W<2Ue4%EYNSo{Ya-Y1d~7#I+fcY4 zaG??cn11y1yhj|&fi;sYT4`B{{|>kRJ%H(7q4w^?@X|g^M^{v6xoW>lf%YD--j`XZ zS##HC!?S#si_!SLdMmQfKhjPjG_lryF5rFe_u!QuiqGh6?XJ0$#t5jWrUf0{9B$|d zH%31;D)Q5!;)DGB1o$pW<)OrkQ$T3}Uh8Sh6&`Hk{@{+NGMuL(*mq;9@M&40L}BD^ zp(bVWk^fREN92BCOUcv?(v(+YiqH6E)3Su;Vj8Akn#IJJCT>AUG~OHD{)`ra^&C25vXl)toSO;Z5Ee&+1J?aL*}wAb}ih`u_2dhfLt zojnsswuX1~7Sv9?>RDu^<26Sq`h_Wf=p7cH3!%GQmVOqxDzLXv7}At)ELF_xh#w1z z{K=kiGi9gUw%BKx%9Yf7T$xPzIOqEAXaUyb&F-C?#G_v(r%f$y0I0KpJ`$_XJU@Q* zRmL~OZb@5}dHF^??w8PDhsd=n75jnIp(;ZzzwljMQG03fHq$qyVLy1^(-Soer3exa zxfGf2kX-+htmYrU{a-uiXSoaOyQYuV?$7SlQ?-zU6A#HN*J>Ajbx95nca%Bw4U~7s zp6uNoF4TB%YmRSAB}?q)H_j^(o@cL!T>MaKa@84@@}(EjNI5+y*zrj0*=>}0#WPNE zC6J}6-E9N$jw|>LB7Q>fTlUrM(g))oU-%wua|vD}b(s$DWnbcc<3>21nqqzThVAhL z3vHiXR-gcM-G+A#V&8e$!D;^1)nJ@O{WEEqADw@>`?U+VOWXf=S<2xZl$@L_t3k-= z5pY2)U6y&_4Es&eudJkJtKqp@p#Ft$Ym2DXW1FH9Tk$RLeiksn-=vi;;7v#kEoUdN?Y@DpFXE%y}q}0iZEGi;aMseob>~8CdT1t-}O7R zNVVs8g|yqD_Q7)2`+$^pYC4af#8(RHe|CFL9r@i9v9EQ13yV{s$*=F)O`9h@H&-uR zs5gkXGx3fNz|5@5y~&MnJmrC-HnjYj2G+8!Bph12e#&>w&#cB=_wL@cgae|YzmC*u5K=$=R+|*L8@t3RneHw3?{a~EqP_pl&pfoL za`64chPtei`Ah9Q=}Ffyk4jRaNL{G9hXz6h%TvLQxLe+8zg{2On9JgF2qp@gOS z&F^8J#|K<_#gvg`$a1xm+SeuS$eI%NFNA|uKGsABs{2USo8lC@owKOAYZs-Z_l!+C z?y<3bznyogj@VkUO)%xzxHi+A*urWJeBZ;J#hIkg#C)XMA&A=Ns&}b zC0qWlm#T*4g+)dBAqk&Pk4wpCWLHxuB>#E@QcPAlabVVxqK&aA=$1bnW|!liCS_Af zL=}i9440qNS?DqBd-sgs2>E$oLnw8W>O3#G-c==^fKjp1?+tQ%9(@Z7DgJHwH!|;Ps zA@ND32~UyieWRCD73~Mvbv|}KnodgM<}mnrAxSp;=6Qp4`>g&>TaO`rFZnQwyANr0 zyx1}wDjpU~VoT1W(xdXI6R#7?^rq>9ZkrT9s<>N zadY#OD{oSpr|b#S=Kc^o^a3?yEN||~o9psQy1piO32X#>`h739;GK%Vk-T~_Ij=$cZ#b@o=7k0brhB)0jDd3w^g2fIZFkI#$@ZfehbY3%UO zFP-7h^XJUZBD08+*ZICABslI?LsON=P^#;d57x_d`eMqfrkB(%|2=*m>_qLqAoRZx zm;X4ZJY4_U8lw#jS*zQ-bgKJ3z?kBLi$?`n!o0(6hlQwW<^$CI+Y(hydPHgxMD{t$gu;*U_esIG`X zzrG}zz#DA^sQ=%u5MmomCHy)@_INQ4>NZi5dbCw}<>x*Yvdb~NPEdI^Te?w%ib_4| zK4x@&*Yw@`7n5a9v`^UVDL1*v!wj@a;@l3A z{>hL0k0AL!E_+^*mOZij1^q)FT23IattB@L&%W;W@5kl;WWfIWAZ=n3q{>w_X=?DE z^mLXfpJ%$YHi@eO($ewyo>Pxz*&ddH{_`LHk17ClnOb+VQG0p1Ew%>&S|a!NwiAxi z9&w zox*hC5-Yqms$IkmLI2(28lI0&S_}>PomH2ei+xLjP%eDiT9`HUmw z5zl+)nwstbZ1}ALt%3KyO{pC2(Fu`i-568bKss@N4*3+K^9uqhqiQAWYjbisZ6%~_$)3rupXh})OWoi_K7Yyp)@jK$j_3(zPdQ#S%WXc|{m zreJ#Qs_V5vAFERieezx}8g^2b-W~Npm2nVXy~ga^>Eqf@v`aTO++7^U zUCO!~!j;bfI>sZ%qdKBTZi;Vgtf0%w?`WNi>){?9*HgloQ0 z&9h(H+JxUzx+m3ea_ST%2yo5xlZv3n_XS7v0E~UgK+`#5k4Z3?hVDPVNLA1?1?P_J zrTIA^rS9Ht4Tt&|J8#9s*Y5@hO#8P5e2#L(59*p3SM?lHsc(?;YS+)7#f*p*wCBQ2 zq5y6`sV7Z#;>T-gfV1qKSDv1pOd%YbqO37$=)C9mr~;hRjEw4=X2$xCe0+SfwIgD6 z@6khBYWr(K8&pDPz2)q!(xo&UyP5@`ddHyhxFx7fA^!JdUMf2-N3gL;p;n7c40Qd&G)+o80a`YBREb2m)#==%5*RNJi+NB>x>y1tn z)pTz(kilqYjI-8b9hT;NHA9Ai)YMd=Yl{7zf`;o4ZCt><2`d~3Vc>luS%|k=MWKZk z0=C}=DgA1RL4H7^P<`X$<3Fw$n&eCQLJU4jnA8p5+NAM2+`TeU32)pZks<^k@SS51 zSBCa+OWLBt?foCQZtYP9>#YLEc|EC$eF_SSO6RmIM$kqEC+y2N9~f0(N2WOsbG%m_ zG&O7C0&AxQbfsyh9GG`yWXfERU$@Vil8D4mr~%fv8S)m4;^O2y@HsW>Tff#Ykhuwt zYt7DdrMLq-l`%qkZRTuq%b3zet9OTD{>1(Njk^2#R=D71F( z70HhQk_5TL^FmHUq@%R7w4kV=*GSxIMb#Y%+Q>i0QDvXKkfBZ{%KCpxc3$A$7j-od zL~e@9%J!ha8>M16PbVgO7iSkWS(Io%g~j8SC2mt_jQXUmi(_7;##zpQ`*L;?g@r!9 zqCiGieXf{;7#{w zAwE9tqYXo?C*|em0I#40MMXadjX{k9(!fbfnZnihjv|lqNSU$4Sw<&{w?^Ig=|0}_}=wwyLSvGSxB{Z+k(}XZKvy= zNmJYQTcttI&WA-!)GNyo#vD>zmQqPC6lXZ9!z{Crh?x$4Xxs6Dz{zxw#~R*dB3b$1 zcI{D1<)}Ay$~so*NI&nA5f5{?N&qE&f@)jm#1llWsxP)Li|f8|9+bkoN$qFF2SUg? zYrSQuik218x9Ub;^rc-4CrI49$pUJv#04b-SII#~S(T$sxv8@@R*<}T5U2#9%0Z9w z+!3iml--$G$2Imf>}N|R65-^D6Y9CVmVjPpm+;x?5vc4*wkm$#=T<%@;}8*a5|ZSq zOiORbptMekZ^0d$jSpQlXK3`U02vt=Tpsa;V*FjS$|Oum2R%K#T3b&uQ@mpvcYk{s znHsrEFeVlDo%$UW#UR8!(#m{TS?V?sFZG~&F=3=$IV*2i;7Z>4*=_oJu$sS(pVT)* z^n-=I=?N-F@N?)7BF~MUvgWzWY~t~Sj{GYB?)utZ@}e$gZRV(|{$Zq?#DDovlx z?s}Z7NM2U8jE$&TX^2IhNBxHF&oUMk6m*Xin7HJMTiGn7l-)8s11FGi zXF$o!%ZBfdVvsneoyERNMfiaic}p*d9q|EGOAH|Yz&5xtzrp%f9W{_FFScwj3e@3p zxU>Nr&68I}P{A7l3~0AP3AEGP=VOl+WigVzRcq*4GhJ94;#}{JeK53XVYfM&Mf;Gd?H0OS}5_ceF`B zHJD~UHu%v+i2nUq6l1;9%2&&=WM>lwA%OBV8qmW6;ec3JG=*=oSp24ZX9N~sqA36y z4LY0?7%S^j<_rI6QDbM4i1PjUW-fEvWI89zL#}&hwN+6pvbG=j8VV&-7uU9MS69zY zu+C0#Kt$lc7CW7brBRqC_XSgO`N3wN)yW8aT#vBtl-LTU-DzQnR!bLvAKfOj7G?mL zk)RSK>I@Mayh)d|IFBTsrA*aUPNSf%mmGRd6}a8mEfWm^@Q!lvi#s|y@50ZvW_TK7 ztwM?rk9$og;5pQBTBy%`S#7V0@TEIp|#S5#tvZ0YQXXoXdnSVbk_|*axsG3Ju~Q zjQ*~D&^%EZ77bgT%Iwb>VF}2~wY9hV9?>HsBkSw(nuX>30g0Z6_tI_#v~pYw<$AW& zKxL=fz-SfoLt{ET2yASwuWwD^-)1|Gd7EA*aFo`+hXt}tMFb>T{}i|$DRDL9w_GPd z259}QI?$kg6-<6WN<{OVi50pQ3VrIP(YR)DVgTiKS3tY@%>n)pC$(*87irR3xZqb( zY8;IDU4>2Y({{DQ-+Vr+6GF{I#hM&{2JIo4pap;^UXx0NzAoB9h!4SJgd=J&En0lKQEgNV%fV)b++H*f={SAiTz#-QL%E=H&llDU+tFU|{Pv2{Yx zVloAuIvW=YgHeQLK>L`v)-_H<&0vI)QUCbVlv@v(G%;S0YXXHPPeBR5_*D6xJGmQo z0G?dp#xttxMEwCIOhHkxaBPV|mk4Vl*Po#Ef_}rtzdEGYf8}391b}Ce<3QZf1*034 z5GwZ;94ll!J9uoRs$nJ8)Axo$;(%{;RFmhiL zGa(7YXe<6L7=Pfts+h#B3cR9a$y!l$@AP)O);iLPLQQ4gvfRxL%-QpI{0rOTEltJ< z%_RsQ#To^1?2-khxYxNfH&-sSmD!9mY&bR!a>2t0^*Xe6|aer&f1L5LWtcJR;tNR#T za~L4@^(k+7+B9x*eJPDC`~=wV*~A>klPXE;am1k_ucGNi$;rtHtIqSb@D>PPwLr1< z{`^^bS>{QBlT}uq*wpi`x(mjn#YG98R{i;mZ`hNwg-})1QqG>U1sXQRi`gTYceBVE z9hY{=G8in&eq+c~EmG-{?wN@##{V2{|0@n(Z=}ZD`Nkg?7te8MuW$&^$gNLt(M@k} zdy;3o$g2@WWfll}$NhsV-;KbcAlh zc9a;tZV!TTUOTr8S}Qn!wcogd=Qzw0F+Kj?Kl6E0m8;Rk9jM;vm6!B8*n1t~nHe+5~Y zjxKUya`rZR-)mMl`^}&}$@eF!mj7BFV%*-%O=33at=iPpRK)nm-GG%c&iacq0*~MQ zA)C|=qQcKk_l<#)r5s)H6Mum{by2x7NjOCe@X{f)-!+hl zlfi=OZf~P&Nh!+s4sx1UQNOJ@A@*tr{nSG|^2UuJ1&Yei2HEAZOJyUx;QeSoy2CwT z+0Yhdd?r3~t__Z@+5aZl0OK=gJ#l`D`#}=(DKL)Ys^Gi3*!NhH6)x~VB+DB?Kk|lV z%rdTs@ia9;9MLksZ!`&T`qh(y$AxKPzW8hY%^}Kq-+J|o6yxS_?c&ANcN|9fqCO9w ze#DPfw+4B3=()Z)5Kji*mJ9vP`~*;WgLmhi{L%NjhlhtPDGki8_bj?bYav_$Ih2OJ zm6eq&vgoB4Jo1C?EGmAV(gDZbo`c7p6deCZk8S8UQErfcIeg`%n?sfLK3Tg^mkFdc zN+|>;dcwd=M-N+Yof+*Wf1kkzH}S9u(ga-%SSM?;={q89V!b>)*N@~<1;)>XAQ_)) z);cbm_h6Bf>E-PX$GP{!5K3-*@Wzy*yty$i<%i-Qj!D5yGL;>Gr?WN+$c4yVs1v;d zy-F6S{5*f3iT7b}KS}CFf!g2RJem-!@Q3{x;&YL|$0`2+Fd=6|?lWwL)?RycBdM13 z=mH{sc#Y)d`<-GE`-fOZO*EVAI0R|Z3c$o`ijoX9j~~B{PfFrkJQdS2wV(0w;!(;S zvEoHCA3s0(_&7*y=JUG3ki{QAO^B`7eVRa5m=om&J^S|c>(|FWMAQI)2WC7(YdLw~ z6p6Q_Im5rp8p41-u zJ=;J0%fv@?^i3C6oVD8<{2rr3;f#zC1+}>o$|qy+QvaRBiKeFec^e=pUJ2%xAj-t_ zw0mRK&Us`}5!z`e$N!Pi@_|R>TUferoW~6g{;8*KPK}{$%bIgvSi zHTPobjKL1I-=S@+%hyFj$k0q-;p<JWCy-tVTYR7}r(x8oh<7 zG)P&WSRpwM5T0Ht+za4yjkcEbOnO3i^X8P%(~>4?I=KXpYU4MKRGZ#Z=H3s7N^e*W zLLyw{qV5L4%HIbC74~g4>IlPoIsOo_&r4Dl-K>Q%G==_xk})4IZ@CTXdx{*S0a)qu z8FrwRUU{&yWL5(>MS+|g$|qO)z4dHv^Z&2DLa}xDn`8?o1JBI znVfKR)!6}=(c?qz6LO9-FS#eC1xoGJl^duGPkSP^EQ&s8f~3^KqZWtDz%DRUemb{94mk1 zwEOziWR^BOq&Y}yH-h6;-?Azr9t8tE?hS3eV`=?l1Th)WQGm4do z`gAAqD(4eY)&D;FNX;@lI(Pj@IEkB2d-s>p2ei?XKf%~VU$In?zZ7M!sr$PxV_ve6lx%)$)qH^fgND$0MZyqDb53Ez8jaQ zFiFja6l_!;Hz*5a)(v`6gu+@@G=zSp%0WJ2MnEP>j8we6Bhe$^vAh{^W_8U)+~%4P zeZAMxt@3x>+G~!G9l~RuCgh}|;)Gkk(-NI@<*SAza(I_=*m08Oy;iE=UVos7tqY0t zi3R2BeMB}nUHL=)YeRpD?vNT=6=>-Oc=JV5c`aHxrW;t75l@UIdxnrte(DRaBqJ0m z5AK(x!baqM7UCc*jrIY-K6@BKF~eET&?Z;o=2E~JV84oWf|X~rMbJUIqqYTLX?r~t ze&}vi;;O;qjwuQc<=^sU(SVKT=bFWXUEN96_%8-VW2M<$5;9_4(>rM-s!7V%2wy&* z5HPdVGU_n=(3q7Ad$O$LmmWxWJgQp76|IygaU+p`qqcN=?6|sL0XQsiL%h_aOtg-< zUU9M#aeiYjg57XW(f9a@mX1~>XCvfn#Z))*+Un{i^S(wrfh@+}+a+24wM>l8+|n`x zAOpnK)YcaEiN(mSzk2b|D32~}rQ;DO`=u{<9oIIWwfOEIC&qu+)-wQhL7L-J&7()L zlHV@BlBIv;`g3BmuD0aK_#2ze*%)pz2-8>}|2g$y_&a5fncyjJEULwYOvDp^UIkFO znAY%)b+Z%Fnq`lfi^@rR-?|Wrz9>I`OHg7cDq3qDEr8=jLyr%1{u=%#LEl_IU9{A8 zw-tF0v@*8T`fv&Am;#iTP$3-zw(+bJ(~n0j1D&Ed$od1!x$07|s@_uf!86OIfb%Tj zjO-UKa4?am((;P>%@!FnDt{p705~=tAV}ZB4EM#4yC3kczxeJDic|MSsXX}R?e8Bp zJNx?Al%gvc%~j~!SEL_S1ZUKcd7`GV6@)s(Xp!t*zBFNqhr%MA+yoGj^#Jidkg< z>i4|>Df+Zj3XrVdD-)P#&O%#A1J)|-gCXR7D;ymc_QC9>qD(`|3(7bGWTO#V>gBoq zB@XGjw<4}o$4%l|g_Z5fnSYp>CaLcuVW8V7 zpFeXU!a%YGfxMJPt;Lz;vf0TsuEy`)tUs6-+HX!vwZ)bB+g)@w`^K`ujhUA?4Jz zeNn?hgapVGfq#{r0P6Y%-dXi(PpKvneH$j0%u@M9gZp-7)1srb@aTykM=NryBy=d#70DQ0~=;{jQveLV_8MDSjyR{#Tecgd{1%mHFz zzT*aZz(vq9wB<1=9|f5pz`_7qIZ=z>5{xEJKmHW9R=3z4t4?WYf&rXT;oVo z!*jr)R8Oa+M78~zmXNWQ&f}8tsam(OPxeB?pv@ds?N%8V?1c8F2DkPx&A; zb=8Z;r2$tD?_()IKUW6}oV_`o;z(CB z^3=ZOFy|nzB5xZUf(kMahH7di_nlF~8KLBdeDIU*VV3xYS7T2ExNBNGDYSGf7pMC5 zUEZ^J8$C1K*g4@0g+5j-K|p!9on2>tFZdi@UJ96aF%-zOO|?5vdA1(Hw5Kj4b@opP zTQKArK=7EKnLZ{WnC@A>nBc8<9 zmhcn2fu6CMOEf8?&>2nIe|Dfdui^HvBUpcSC1$WkX-(y-?==z-z0< zbYlkd0cT;6I@?UcA~KD^aI{!~;(Vd@HEQPd$ZasG0qyp*qDnGgUlmj5?Tv|#kLTtO z?FUjNuWTbO?$)4UF~O0VFJH{bgV2hFPsoZlfG zZ;lWq>=P_)s3XLP6oEjjQPI8jL&ih(8N_+#ljde2=;Bx|>_k;->)s+)UT6#n^_ehFKarCY!8)%x7mih?nwUR7r5xd$hB9D4E$&Q# z>N}n|u$#RcIOpQxvO`1^wu#;47`fSUq9Tc)XtvCnTKbsaCC`r z~+Wia}Kz?(MIk6&7)EKi|VtXzug1-fj1#f9&Qwc%{K$~LApuTb7ZZhxapAHQv z;lJv{ZT4xGMEt90s&X2drD05q&HzJ|pq-BTZEVC3{Q9Q652OO8O!=NoKB}j(M;d$Y z158zEA^uJ#OylgC8d~h=FhYYR=Bp|D_k7c5Az#s0(!MZyTHOvXl8I-Z)*y%3?guG+ zLbI&F@>WNaMr-zi+A4dNIwihAO{0q%l{;{ZTe!K(p`HT&kU1`fIwz;gM!%aO)WNBY zl?Y=L3#NXKfL-qFc)LdtK7^i**`V0%QrZoMGqyjjq{BEvAV!h+I&k<4N)KdFrve z1Y14RhI_M>F3ffUJT6PS7Rk>a*>;EIjp_@dti}|^FQGW)~=e>M!9&my4q zCaQD}qW+NL8a$wKs8Qz2Zv&D_n19&BJs1xJ1j=?7E)HQb`y$T5MOLf(CF!RlgGFI7 zpUadsLG}>w``2e+S2Ne6|Ms#?!&IP@mV|}9PW66Nt2V=3MDp035q&Z~Nqd$oq(`v)eI8<6Ht|EyG4-b#=yUYCP^QTWOcL(Yanv?t2j#QU? z>fUVLNWsb`=H(3Z&t9y6!+#d$c)eALZB3oncRT(-9Q#xK<$CU4Twq<12*%{*{ImUu zz?tA4amh-rUS(_m6soo#mzK7XL5M8HZ31uJ93$d!4th#^p*`YaD%S+H9zQ-4f};D? zaIEYyS&MxVttF0WwJVHnDJ>D~sk1o2?Q2lpqTilK1i^+KKw>1oZbya8Zy2{qL<#B= zFy@3>{0M}W%(bD(Q+r$Wk+8ocB;VVvQ7?PG!z;CwSFQk)UbS<13-+A<&6_tb*Wjc} z5#=k|%#%kYN}dgh_IHE;6z5#aAL1%_H@L$D9-cga4PY}enmrnqgA_Qm z?!_N+tc{o4Ycozh6=Wq$?QOo^Ci7~CKwyaK^ z${c#78El!KBN0e(Nx44hGU-CcfRBY%zG-gM)2X7oJn^+1LmKmG4!hN=n_10YUzfAq zKU4sXJdA5qZ&lBlor|o5dr-bX(pQC6X(5%!+O8LIedpXdTJ8bX>m;4M9%YoB=w(#U zITnJ0FYSRtDh|KnUTITu`ksC$404{Djc+-kL&fl)3n@Sk+-7G-K(1bGoeeCvibCma z&aK`vMd7LKg5q7syt8%h)mzv0uXeVO_RtuB$@c)b7o}!7rNUCO0;yqBNavIq(W^>! zEFAx!waI^WdCzRUF4N^3>=VokpWEkb*68#$hAQkPQw3mOMCmbG($b|ZOTE2lkDgcN zZdvw6OU0hMvF`%k6zh~*l2`mFo4Py1l(iD39n0&z=k`Z@dnoKD2uDxu=( zu8{&D=2VNZb)GwMZ*Q!Ea1xyAy=a1-{TSgk(9-U+)t)de4v2JFTT_e7qoMjc$)?1; zoeBQds_^FUjL_`DuMk2dT$wQcL zF}qP&V0}zA?1%s%po@1#&jsR%lK2EMAhw&Fa~+4VdIEs(G5dsX)fzr7kF7`n40SrQf< zf8gTe2cD2llX0-T=UdVBr&=G=qhOju@=Pf6ja_bT{_^tIbXs~^0Gn)uFJDsF&oToQ z#kK@piQQj~l(I&RpmD`5KhrkS^f5>`j*(vRbf={v=;uNcFGQhn{fG}$u|stM>caU> z3~Fd8m3I;Q-J3XXnO}N6np9(&EC)&B;N&#ba?#4G!F(7%tXs^H*I;ljFQ&01CDydN zZb_*@t1CI1l`kP#+1c4+E7T0YA>FH}hdMSl)E8PuSKZWSi}?i-DmU;$2ztdceqs*w z^73*c7L1|0$T|9u&fmf|^`g!dxOXcuYW;PAE1nRQtHzG-urS+b_;7=~ynKcp3xCz! zyLU}ZoT>|r8$8ABMu^blBqf@3JZ2CH+{fQZ)iiPXnhM=eP^1=T>*(&O+~HyPa(Dq| zR7@>!FT>28sr~8v{Se|e`Kj1so;t2xE9(V&`{qZ@kIW|@up8#eZe;S#x-drD(n}PQ7+-|vB6F&ZM&0Cv+ z;H;#-O4Y#udasdM)kS+p*KhyoYA);UtIo-hPUP~3t2I&-ivONU zq%vaXXnTMjY7Fdd&WZENfN8__#0^^OazEuICx`XqB|HA^_V8099=&fLbH9)`Qq8}Q z|D<*6Y=&w3q`wcvTW(ZKveA*t(t}Fb89~265fWzTNrk%c^18qr{CI^7eRec37_>}G z#!XTi3y&-D7X^-unKVHe2(*CTjGWIJzH%(0h%BSnwIpohms`9OWQB?Xhvgq0Pm|1T zafd`X{8fRPPNPCozLu)IsUH3mORpYp{!AbL{Y1X-+@RTmCD(YybYbD_=|*nyQDabV zFVG>iaCfE()4Kc|PzQ1gz)m%ySsG!JFZ@7A(GPP8AtBBEByCd7K~|-ou%iYOC&$RN zH&zm#?~qm+8#Mm{#cMI+{?>;YA6v~D9hM5=UQCxb60Lmkd&IqyqojqUg$O}uW;jQG z&~ms+C5M<%xH_VgXvUw3_+^UP>4lc*keWa?_|M8*JK)AGS?Uy9Lgm>>Gq)SVUrww} z7INz-5Gcm=Blw~()X(%qA%E1#JW*ic1#18JXF86(*W@l9j~5y~ZU!_$-UR8mS07vy zN=blZN9^Os$G)!jgzg#=jX4Sh9BLvKlP*>k7yneKV_|6Vbaw+lR@Enl{ z3Y#9)cfnw4)hBAOzbN(i;TRq+6VTk8O91L{up9wL;q&*=M2(XDa^+)&wZMTTO!(=#>n*DfV^5A6fgfDUD)(6j z?fHMC)wsBn|j`pcM!-xQ-De6Ucu}q(mB7HYieD*Mr>!8c(KrWr} z;6Bq^LiJLSRJoU%#e2%{Ud5J_PG`;Nn2aaW-b)Rgy$Wlt6Adur)XNTh{2Z)t_>>Pr zE4RC8EBnd1gUT79L#l3L{2VIN2*<<2v#w=z{QQy{`Q1=od08DF%a(1rHu!mV{K zHk>9X8;Y_h8_`vvh)>i*69ndRg^oZU@`W;RTQR==!KVDZnzMB+ z8iX?l#7=-rJLo|%h2bxP$QT0C>~~SUGT{1(&Py7aD|3$@s2U!D1Q0HWb(MxgVbp#h z3#RF0TQ7aDe`|$x{-(L%H)QbMF&S=)I~b9}FC`ZE+EUPVm(RGh_%$#=_7 zZdiJWE<$hA-Y{1W8+2BW8!fRVF=+Kb3W~uyS49p9HPg(AR6a+douJ4t#;vS?SOkR? z9};@Pe%V?`hGD6EEj!&wX{kw&Br&|$q{9$uyRiKc@JIYE%y5Y=;E5&it^XkNCi|s_ z(JhjC%WB_pnskK{=rrraBBD9*x$;35FJ4qKeQJHJN4K6vBDhm-^@?0BeW$YBOW&VLh%XM_}! z>d3H>8LuVfx#pslLDp^my`uO$Q+dweuc@WPVg1Vm$19`9C&l$Gk0e&pN5trd^}Cok zvXq_uoW^d@9Q8*)&`4B}L!Nd}FZsJXRfpzX7Ez*7P0`EBam9_J4Sj%*F1!xefrrA$Gi+^5ZOYocQK(n|BirO$ZSQ+PPA_}$)ZAHH(8*RcMG z&fea%7l43owM}A%T!%;XZ-O>z&NJJA{hKV8y_h?Sem=U?V2aO$YLsv?5Tv6lmgv`f zeL-d}KNk>)Cx9nBR2I)+k39PO#YZHaL+YFOQQWAJLhR;+#Kz}1O~P$A0+NGCED+o@ zIXKAsnsN)U3j!8U{TsVp9QF?m)eVxuJc?G;_4E?@gzA6(a_HUik4P>kEEJ}nkiJZ0 zWP3Hu{LWj6?JE{_I7XFkocwvlr>3t(o#t3jeLbl*A3o9`ZKzSwVh7t;aMvND8fMj9VBBBNJI-y( z8QjCg)3sCXTX4aMBY~NgL#bg2hCN)$&>zcxq7O0`bzR?UGPFS{iv{v*`>>BX{lsfmgX@Z8WDj;{RPE-q>WS|$6@^;&wH(JR(Xm}^p`u%CZ_|M^TRWX zi1>L#b%;tpmxwD8EQdYRACdKzovjbR>ZaQg+pTk}qfa)3J`lxd{_$SYY&3i zsHMtXABmKN7I!`o;{R#y+vAz~yy?>%;2JLmm=zb?-X{Y z{s1W3JLx5umyVbYF%yR%1D?4#XS&@p1N)`zlkQE_T=+yC^Fv%}22lfA?H3Xfk^-@7 zrJvO(L*Tep<~YjzqEXdZ))Ldt`IL&wx7smNysZ&JHZ#1(Q{fpNU7! zujPRr=AyiokhL@%HGG+BHfsUBv!u}*b||cuxG1@Qe3>TG3W^6uDr#qe`V}#}5q?RI zTWNZ=aLpy#wF(~0Tr|*LAChj6Qz4xGG^{qFE!!3fn3~uQlM3VRT^GR*S9l??1)tSa zQ^AaQ{AVz)s9Og;C~#U3o(ND_J_Nr6`URkdp$8lKfI*G9A!eO}i@crf6Y|GbZ)SGs zAu2HNt~gc>3mtx1BZ|Sx~|W2z3-9jJcSUy*2f;B8pElDQ3H5QZT{54M5kz1*sQ|imwJ5 zyvjnmwccnf8BW{m49mkCHP7lSNgY$U0gGCKo)QHWEaQFpJP{Ey?-f7qa)9|crW}W( z$ou#03#LuSxoW$>%2mGFXn3BO_>syi1Wi@yFMcJX*Q2@i)a4xO1$-dr@1E|SljNem z!C8gfu%=w7>T=Jg22k5g*TUy#_V48Q^q%>FtiYwpKB(!#UG-=5?qjGapDN!W?G8TY zQ$Jn-E3mtHbDzo!G5yGPxsqBKk+9ms*kAOkox37y8{BB(8S@(dipG)sTYK4@RuFCp zfMI`rlK$xFjlF_#q}O>|`mB;yk{G5R-Qc~x?kqSh9h{6ax+S=_GHizui|C)|D6u{> zJJJ2~r&o_;KCWR(`>h$gQzMXQdt04s(soj-tXkf=j53`c4kxXznP`P{r6}MXV1;-T z;Px2QM+p~5I+WjglF*p$wgO#y5QQ6)jkj;|dYh^!pP`LDr3U>S5KnnoYy@0+ne`Iu zOw3n$f8&M?O@OoraNL);{tXO|33(c*fM}Qk^fD_4ge#~KUGL7@=`Ty+7TA*4;NpAYjJI zuy!f-`;iCrG2GsOZ>H%?)jf2Ksa%bi?GsCQKk7|I+dCP5LN1)^uMISxtYAFRdH;tj zk*@TLPUz{cu0Ob%ouwzsv8R#4MTIUGvnhu96kJ<8Ou2}3D`3DFahk?2AcSz|R1EX` z2!pO$g_{f`8sF^)K$0KHL2l`350&eGZ5^JjU8NeGJ^SbxrJ=HA(V*bwxipGo~OzrK(9l)_6MI#qsSBi(tvoo5{5O)jqpT0jCN-T2!=aID?AOFEtDT`rE z$RFk)XTYK=c0V*%(|-3C;oiqb|S}rsutDhf)?C;a0hI^a$e`4aMGjve4 zeO9e}76MZ3EL`nGIuc7(OHHFHN_~8J;|r|`+cRpVLKXBq`c}B>3*!L^llm)!sFOM9 z<r@pExaHsf=*>u(Ve17EA;cnNHN7a&%CY{~PX6r~THCI;T~1!N&(I;n{JUXH za@+lgA9G3*XXm&~E)3v7GrzoG>`Fe2W{jkLVF#(VN@mw6?l~AS&<7%s#K?j1jHfHt zd-cZ)uDT5}sr51>g)PW;O`C9hZ&*d@MCK1^WNLfPD!)|;1N)k8$$MC7H>p`1Mo)eo ztI$2MyX;<^GiW=9mhjAOPldfmHi5?T*4~SPu@RW6aA}v>~jA7FP2R@*JQ2~C_5dn-&UsKG z)W7_is^+Wv7|-OpF-9owV=&Ot?`)CVWpf!B^9Hvdb%5L7uf$fZu(;Ohk{#O%+#@bY) zeB%lbi;5#_Z&)d)c3;@h<37+HCDl_It~E736}Nc{ZQSsC!$P#zj_k3X@266|Xf#?b zInpZU<><}Lh!Yyy#Uq_x;vfl6jJ}5MZ62r=Y~8A8-7-!wIM$kTeOq3EQHr_VP1F*y zWncYvZNH7G#3*GIV02-6dhLletB+9a5p6SKN*LK4(`a_EheJqL zAeA)u=r9OAYr^vSKbQ~VNP(17p^2J$*?i+LAk>S1fBW`LQ(fO}4JXXnpSf}HDYK%# zMPCX)R*g%~wl^tW4bj$6Qw8#Qce6afeZ=pf|MwR%VrJR**S!7-w$q=@PKvF$Yb+9F zvVEEDcJD-sP2$U9QZ@S^Wio8C{Lf}^^>HUar})`9y0Cw1=Dy%Nvt!^!#kFHc-Z8!+ z6H<@#Jr*4r`8bj-D5|ouxI#RVsR@h<)}PDRH6@2bNRI*=5Te)nf@K@5Y@$Zy*=<(w zo=1*NfyV)qa-&I*_6Gn}e&NR(`zR57uL#e~_LrN+Htw;3hxpSxv0JauwO-wQqA6b_ z#<5oYRwVl`^2Dk11;jGG0MP5MM2M}ouv{H<&;`r~w~^oOeZ4(uR2lgWw3; zlF~J`D5k~tJo+D0)$v ztlb{2a5xO0xV>v-$gc$dKF|j+&&7k!cb}Ik1OWz%J3V^|)zri_l&kTGtLh^w^)0QL zX`*<2$PW{VZ^|P|F}&%3UGAle1LdymW~x7&QF5%^@Uc=#Xn`@iws(}9o|cma-Xv!E zIN)AUPn36*@137lQ99eP#N_L*35YAl@Ah|M4BcBi!@4zDSF6+#!l;*Q4utUZhRM+5 z_U1lC=_roQe==$LkkH1w1D4f!0{$!@UF#TH8<%9!9Y}~&=K;67N8i&2d;9<#2R*u? z75kjmTFvyR(W!yr0|p4)t#j@7LO_x`rKRmX#?@8dUUypw)DXH{$SmCBXzuJ>_OBcn za%Zx>mS}G89erjfP-f^9`&SDht2~g%-&vwg|?&F4sLFV z^~=pDjuz0WJ1Of-l8E+B{u!BN$$QT0OiMJ(z2wg0zrw6jr@5|9{^8=tK#KA@ zIisI5o3v}&fR_ek5Fe=MV3E^Xo5`RXl7j+`Od6gy)>=6q|{^{G51GTz(7oMlR zc>{iUXO8s^gShXpF&O>7PZ>Plc+3_#wVrtPAOlpwHbkc8B(6NydOL? zu+DUQv$C~{X9}~-!_ac2D`v>U$M^${J$V+ABe%-nc20cZjBnG!7(h1;j{U}3aLw)M z={BQ~6IvfOmhU^bD+>2Xw>rly>h2wnSefcte0OcFuKsTe4MCnu^~aCxPtDubgb*p% z%xWtk|3Usyz9#S%UV$+#Cns?plSIJ|(tdi?1(DnU9|b`MMGDp!EsQjAH%VXD8#bJ3 zUHs6kx$$y79xdV?o3Rt_^?`e~;ZU#1Su8Dw+hn|*?DQw)jIZ1be^wH5lCaKiQdFI( z?Rd-AsP@hw66dNve0Wn8x*}`NQ3_yAla0%qBQl5~8c18Zx~j7B0>~{>l{O*mVLTix zK52QQG4;g@FJ&i*+i-`w%1$gjgfPdNmdakbJ~Q-#4NNH=g5deA!G4#R7}I|tL424b zHW=lX3mX0l`f53A-Mz2h4zazV;oZ9d4jZw^S~bZUpfi5;A3ZBQzwq%RU`?=Ll8`tB zB#EZeU9ToHK#|y6L;K2{eh_MYo)4fOE%|7?Q#l__+@7>?fK&;Z zy(WKK^stlio5T#S5@_<&XxWdx&SR3W1W-d5gLy^^4?EiT=KF`)mO(6Mio&YMcb=;< ztq3DbT2@3EXBxuDm-#tL$d&2INrECoC1~c^X}h4H1o-;uZSo`crpJb@W=5zjs*NLIg!j<>&YhXgZ;oN@=~7^-+bZr*}yQgH|ww#{t>@s^@j;+n3fd&`7aCdx#Y4O=Wv zyHEnL*g7vKW@7gPKx81fv_>Fra zDgkDuR?3zi$_&oC{QQf>NoHsI8-^2T{;O!5W95+!H0#MOOi|;>!{@)x)lB#U(!`A0~ zya{2MOV!O2Tj)rttnMw87%sB!+XcOmL6ec|7l?9n{#tJdl#3{&M3jI=@Oa0h#6(?U zmX5{)juTY_?MM4tLn_R z`u^=(^-L)?8N1jMad)P-q$1gQ$QR&NGythScKT9>^jZ-n+`YFngyD}p@e|KoaWF|0 z^KcSq*CT6RCnYg5@G8Ow0=*=!E`!xNVa+KT7B+5Bh z_@?i66DS5}cCv%boSQ4{vb}W4Bbd!%ae|gui)6LIaaRIIug?yh0*j<;WKRnV^SWX2^st^{#&h=m72t>4RuK zCBjb+ZM#b76lDLRdae?yk_5J4*Q2nDj!!tBpE+{o*1ap9dF1s8$Fa8duqk7Qc%Uk> zs{qtxOU}Z9MbwhM2pw5NPGXs`RQ>@LpPl3*89L285M*7TTY_BFYC%c14Vz4-e>_^R7o1K=FC|n%tPj85oM% zt=isE8CQ1XrxtsTFrDP8SEf$IJyw)3Vd6o-UsWM1-N-tWM+fxCJWRa(VdKIcaWMPI zs#P(3K0daBx>fwil_yGFfMY~FygCNYJi^Swdsk~{Y1!kY$BG5Hte1&c-XhiWK+Z^Z z?otk9^dWFChUfDN|=1p3v#&(DwX{^E#HDM52j zEqx0G=s1+BYmjN%>=I5-4#@;6KNtH&Nzdm}&e7wsv^C@5ci^u2lI$#v^|C#;V;Tz! zz1*AFGdks6$4rb!in^SQQCb%paqBJm%BM!JgzYK!)w;<#^_JAQzcbzQ3G|0w3WOGY zHpc!s_)b95fzE5ohx*7aU;~?#gXQz#dq9&zmYkYU4LGvWx=``TeEk0qVgC=wq|6Lx zIaUhFDQ9;-?pT?LVt2V*M(4IM7sO^DfAbU&&D@u8Bc*vBPTq2;B70(!GY**pba+|>yr z?i-$8E`_1#efrh`Yy!fJq~L|EOb<8gMl;4QlUg9$%l#Kyd03WwX~HO%#$D()ZH*gh zW$*Qic*kt5{>$$`{S22!xz4B7F0iR=DrT9_V^c%x&CGwmu?ch^$4b9S$2H7yKaWfH zLwyXShOb&=5)Ftdlib0BJJ&mp-7=io%r!+`4j^VH#Hp4v#75#HH7@%3IPiUZTdc$n z&0pHK>|*-B<^z0SDY!-M{vGFyla8e(U=r|>_0%F!2k!!&~ zbP^FyCJ$}Arv5uRWB?%DHkterPby8RNQ6oiw&lOY4i=`J_9{vZoQJT~M literal 941345 zcmb3=WmqMb1A`6vxWB-`eB?l$v2lI?a91_yPhhoE zM8_WwVU{|wR*H&X3?FGYFlcZLFv!19K7L@}1YpqrodyGw11J1QbU^j9e`K`;J~q=TiKDVdjp{TEk$FCmKm z#^C=*|CP;3LH6G$ZgxTxI*KY};*KtsWZW!lENm3Q2xMerf-V+T{AvFfC@T0@ zF2Ayit>s6}f6*6a7yNI`|C9H>^$4>5Rrx=d`Ja~lckV}1g%Jc<|1CCQ1bm}ySTHbA zFj)yP4KMJsJm_34&8K11$)7Xp9I0-hQQ^U6=J%^_am`DMhK7b6OM0&EhK6>?SlG}V zh=iqLqU{|y@0Y$C-VqrYS>SFkR$F|25%>O=LiYog`G;%ej`b506Ue=>lv{AT5b;6( zZy=f^UFelm5Ul(Y-3f{aT>AeH$SAg8OpM|FgS!6W>Wm7m72J!qElC*pKd9?3uGYZL z?Ee4U{WoTC9uzna*d-OuT>18YCYB(=Ab;flNRUC4-&4r8V7Bu1q@FncBSC(!3i-Y6 zKN0<3jq||xkVt3BnoL2&|6AGrV-{b)?zsL#EBUDu@*xq=WWwY5|IkW)BLD1$`47eM zOBT%u@=D2t(x2czw60e0U(5f0+y5U-0eA>%&t&h1|D&{DU*PP2eK+m6-6zIYf{MXr z)Z&FbC~^6B4+*A-4Z6;hyjyzwiO3ESp5^G7%{qW+jZ2t4Kg#0K@82#75&Tjp&jW@V zt$!Zs_IJ6yFwtlX>JY@!@Z)&T)Oq*0;95_M60`m_A}U%g|G7UBxm zZmAl+*=`x-`1siL_33sNEw{kmOF#Z+Z4_7&m*>UWcc<;XPyHQ)UD_3D)EZS&@w%QKp>-btsA)oZAXtj2Qd-Y8l<;f;vfEh;MKtCKwVX8R{gkDtGoPQnU5?n zJza~=+jCFuD6i*3NfPA=L=l&fM8W4FqNZh-Gzk}j#}*w-ke8)sWIug|;n_rN=a7Gf zZw)=6{cV$lHss&GthXOYDoL>QMU_)B=-oT&OCw@_k;`td9RG5sTJAJz;Z3HB8z!m1w$7D8a-prRo!hJ|PO7L`4E zX{OM+dHEu>^xO4s8(u?WgD$)#Z6j~mjhF6TvJ58ng#6KPSS%sHt@XS%Mt{M%h@h7K zo19FRg*o4Hg#PTl>3hQT1?g^6{c3sM_4H<>C_B;mqJ-FyTEOPW%gKxA$0+d_T-@@H zLApZ_qD(F=863k=VG9JL>|(JiR1^AII^#<9mD}VG;EaqHg^++ynH(69158DQ|i`xKxbukuHPK z4Ty7_^I~7RF*}?{8l<1q+DA@8r(7cLTmoB58M7UmE7~)X=YZ)WK_?GLCz7oP`hSfH ze+~FQ!oZNIhc=Ce6OiT8Yu40my}F%uCsexqd~~{eZk00n;G_r@B9KUk4p+a4g+BQH zS*VC^v$l$8`mx)fDHP#cgt=ZH1p1iA^P%xpeIk{RgyZ~cNx z7Y3mRY0KdqYej7L4?Ac&mfcvT;MA-R-B0n=r34`nvG1hTsgRTCRNgBW(-m;~xalNY z&e(2rdehPK6&3>4X4rRs;;9M?2@x1(FdJs$ZF#(r(vBBIB1Lz7MT`V4)m(Eza9p?$ zxE=#6`&{C@n}I{!KYmOrQpVKTuQXjxCLdo9hmh%BV&F#tiOw*Wdr~u zD7fd<@^={{C6_dc1kyhGJtV`>uGJ&EA)nl0tXE?!$NR#fF?YY6ELUJMXxHT*ZWu*H z^sK0O4LPAkzTBt_E|=C{#9df-!;;xAxo!)8yyg4+1O43o?uRN-=%V#W=~^s6JYilU z_nYV<`HU}r(AUwln2gCSRYp}REh^|BtBsoVfJf~%H-_Y)`#-@Q!$wnRBlMb2Bv79; zEaA@8(C9#YrD&!mn~%ttv1$lk*E?e#yPK)&P8*-4>2NU>JK&btxzIwsEIk~>vKOO; z%zh;qBgPVH+3{%3(Z3Q&N;1anKu{+pBV{Y~+hE$SdXKxC zPDTFFB4GP`wFOl?@QqLK&*pms$@3Xz{_AvL->c^uI={zBDsvD=E!Rn`8J^{IFyD#b zFFh*plh^O;kLCY#G{W)09|()za3%_HE48XfzO;hUZFmiSxMe-$nH4G6PB4=HiNBJv zRRi`Bz6$P@U-cnQN1_n(N2D=o+gp7bKge-o-rQa({-oKnT|##imKzJB>fcvDbL~;D zM)KZ^Sj?Z$S@dAA3w@43D8834=v&!n@M!)t8FyboyzBU=)Pv=v&^^zZIWrWqKi(gO zPPy~Q?eJTwWXje$51Zw6+_y@=y}68^8M}9 zc)Q5=0)E5`m=&NK=-^ybIcij-j3V!tvMfwr8!Xe!7}QocLHsYmNxGO%+|)X@ErfVt7~2&KFZiEN!_7t005RJ1M?trMPU^%JwJ zz|+a){t)QvTLHt<=_V|~VVnDOWt&j0K?1q2d5TLJ`IBcUQdNZdV~;t_j&_-P6~kvd z1%j*(dkNM=J)4g^v58+F4Lk?2w{d4R&m)jaO1gx2&iIsnOJUySDaYKJ?t)EQ=qY^d z8o>5`nSO9vT`jiy{4DkR$L7_jYY)&()$`@LVD{?w`+i1$t7-{1$7g;0COiKb5*;?} zeEHOxF4%e(^0(;^&*0(UVdfv6!4(DAJlwpAM+6K0I-<`p)_!Mha@ZtSP{&D+KqefdpU7mV4A8qIHT`)i<&3ki879bZXu`oP!v;{V3s<;XgT;^OcZV{@fZhzPtCfb8#Tfq z98>@EcdxXbKHm;q05CP>Ml5D~#5jgF)VTRnRbl=|UJ3DPSfo*@umYc9ja1x-eBY+j zhO&8VQU`&&B`BbsE}r-;-Pwi3@EqWA5TT0khL-Qs#%4ofe#)0&fbkrBNL5)^hSY0l zIWaJc?h5u|D?~qz&+70~`;UKbr#GnGWvlo|)M+Odw0O!nGxrk z(md$Qw%@IWBMNSrA?CC_9+|@(UH> zq+iw;@mMrHsv`OU^FAibDx`X24snfB6Dn&J`Yo+Ly3>Ht6%2Yb0Cs{njRa-=9-_LN0L&Zqz%Lh#!8a=7(oQit{*4vs-@CP1dhXc!_aZ4e+av3xxZo#H`hX~A??E4rX+4IVbqP4;VceyE&2I$nuLHwfH`vN%w_Anl@O_JAW>cM zA^d&jYvwcQy=BelnoZ;#{Y~&ilz(bh-YtZG!|)u*X{hZmf9E6N8(; zR?zonBj0e&=4A;bA>+@;Es3=e?9xw|lZ{i}C>)MU{@68^Lon+>=uJa{k5k@9CB}RXez!a#lq$97eWQb24VxSd9Lp-Osk2#oAJBDYHehORdIIbJxNp_W zKe~%YgFnQ}LxU|vY`S%7P-{#@-b+EOCSdb*WF5h5Z!$;ZRIu+Vv#@vYjePFx1=-bY`az(eSX#m?AkhT2re7(`S^J1E34Q)zjKb1|zVT(Ne z&w0N7m*|kY-;SN=1hRCH<(J)$Rw;Lnv$B1>A+s&Ufn6(nD2WXOki5H_$v@M~Ap>Uq zo(m8K6Nib)S{C4Q_~;yU50ex*r&tx$6&sWI-UMGg^t=-;$&fz}$4bhYXZWUq;By7q(Y;o`aB7gp{LV`HZ{cMR{3{cRZQM1v1$>^zA3VF zrbAM53`yIuJ_-)=Mgs1hFT3T1v3oF~;f(F-a8{~AP!eyUH&7yb#nh~5aTThF*=+2D zH}`%%J2TJvR9J4l-lKLJl_p`09y0i#Qa|+XaM9NZzx(ZBmNPKmGJU4EwEEn$V1Aa` zt6M?0n~?gx<~Yi{)idxWvK1$HvT!p_5dp@#)^Q`Sk)hBOKMw9uo) z5lue=!fhRvL%IQg15jKKwi|N2IXYth+Y=~@hY^YL%4gtyTV$HF*M}J|z;H%sy)W{5 zti0X*e1TXH_#|e3Gniqly}G}>ot{&R+Op}KaMUAN+!%Jw5WoYugv1wvM9j}Q-1|L3 z7Z=aYC3%zo^LZkKVEOYH{|-M8^L{hH*M`x@PrJduz2;e2i_>APp{sq%GI?Ye>RzJr z0BATembIG~sG$|q@ui*q?)?&$6vT z`6(oqt;y%@@fj`1gTZ2UYUR)XO{-3qI9~WUCLb3Wbo3`-G(YqC~@V zGu&gsCdaSFf7r>^muI?z+vmcBt@$pS#}4O!&R5*%M&KwEwQn-;)y_@B$1v&P<~a-a zwJptqprtwC0;)Xr(Iw!!cQMDO0y8`QHsX0}$^Mr7_fhDHEgm)!!fEgXF;0MA$gHxZ zX)gT+1+Bl9`mN&cGuf)Jsx;I+s!z5xr%rzW6TC}e;7~_}YWH<+ab<0HJV>kF$ICV) z-*G=8Tz3L{yZ?v|e2N8|pbnQYhKfMl2+%Z2sw#$cuhDBR)A=os|1oP60yMsE`tX#N zkM9Zt%BsZm@GC5+EUpPz{WJGsQ#}r6g#G*A@Dr^^<)0Hv;$sd)-j7P0e%~%jf5i@8 zQ1o2Kp0^<1Q%>1>KB%gTI81|Si-lS^vSp6oYL=kR!P4n8KThwsjL*-PpmKU8lv{l1 zsc$>!zFE@W79n8mQOHfA zUroU}cUcxk4X;(>L=R@uboILpe2*PE(uz6ol0%q{>GLa0MUu85lAr~uwNoDOsxND4 z->`*vD2D< z_0|mkHj!|IWuQt6rt?m3Z;&Hw`!zubr=;zv>*`Y~Ex|Y%o5Xn@tF*=xI*7}9srssN z$~?DAV^>J#-s$@u`omLbI1kK*@?rsg^H!|tN{$%B@O?oU@8yek<;nUw z9C$O%aO=j`fd(i=s3&ga68jZEky&`mcKc~9qMhXtc}x-$nES~BN*=#^^h#ww9-Hu;ia~`#4cfkl zl*^%P@g$~_h!7I4;`AK(Z@-vpZ(ltvhFG7A6O?`z zKHYS1(RRBe8gnOHd>oOL#m{~db-C@)s1*Q9Q!3jU&(MV=R&H z-G*b2C=Q|py5j)kv=s&{lQ0L1A z`D{0L9u@d+VSK&_)*MpKKGltE#~jXoiBSkps3Q)loka{reqzfvpWx6nUWohV+pMet zel2v^huB|_KoXShxab;hkAu!JOX!RDEDpUWDe@!Z0=%8_V!84C&C^S|orXx1DK>Z8 zctLm_%wXXnGvOamSOjDUnxG^EpTU^@ZC83A9?`D zVbEkaRjEoQI>RdvcZ?MQ;z-OV!$BIp!b?;u@hXbPnuq;>tt2p|7dbkdp55bOza2tBP7L8z~*M zF?JlH`k#wGP~qFcY6|QKIiXxqz*@F7OD^~mr(8}0ykt=I!b0)ACF7!iR!j&!zh?y& z+#zG~&ZQdK!i-;f<@;P^M?&WPSGjV}^i&6b>MNp>?ySx1YLNT}wg;e~|I~l?~3Hx~ZI7|!kXehUZcPa?RRp!KAY~4X}S6)J; znH!2QGaq2^;W6={YIWxvCx(ZanWQPwiwPL-@5YRvL6Ma#?-rDb9wS49l(jqtr=w`D zQ`;>c&2v_3M=+l07n4hVd@l-$!HeFCoF6DpS2Hh-8_WXX;G5=S75H}|i8%F)b6t4s zFbbRsz9Ol@WasZ(R*tfDMn3#$-!Yax!lt&4V(rq0NgvBTHCtpXalWKK6a&iP$#=xO ze@(=3Q3kcqWkr_?8~L4hfhIF#wu~TH~$4VR4K4;XnU6gyjkcGdHS`ziB z#>eh+T0QJ6eNO0>>Gv*AeOqhf?n9l(MD@fq%F&oZ9ymp18~Rg}ehoE|D3~wNcV5^0=aqZzP;3z-CDg3WsLr>_3PBaLc;oT;yXEYfOYUIw1>V!uzbM6{R6A3US;wR&PA2YqxzE%A za)}Gw&QSDh*b&KDeCN_+hcO{a^hcimJXzyr|6k6!)up>@6XBp4S>y>Sc zztLL9$?x%og6d)qB4_cuu^wAXjhg|TgMnW7@^5=)Fk6pv{%7Q?YwD*k<%kGA zWsnvlHI>%;yMWXNDO5Gzql_iHbImy;B%%6Cr3}jDgjHOxh--TSvfY#XO5a9ck^2pk zse;4)me|uCOtE`@4_2-ZgPl+SRS8SDXFq9ivxx3f_G#HEpVD=^e8jPyAfyDLr9^Cp z9ZB;(Rk$!6PdQp~G(1l0J!p8Balnh_%5SI54G5eN%*an{9JsFQAyLAKD}L0aHkh>z zX1^67vWN zu(mJrV8UM7lrXni)O#rFpMOUEf+(*9&_uaWHF@LBo^+tS+Wv3n6?&O$8>fft@tMZQme!~(h6TvX| z>xNo6!2n2&h}Y-ixj{)IkPLs#jE21-{R9yr&H-Nn7k?>_@0DLnTzULp8A z7!FZF)BL;gT<(dC7oOl}4PH^XV(Buh!Y&dFqm%L2bdW#O;1abO4O@57AE-K3v50RN zNHdq?L57+SMVSHy5ORUud9|3k(|GKnq}1S*<*71sO!=vWoBCtXMSb7%S9!&acCk9^ z+aNj0l~HNsWN*J>>6k1jKnNN&rj&Y#7Ma|K+kLFe{v#yw3tgvM;j#$3AgsYV_aQ5w zt`iL>){~N$sq?sp#G6bZgB-Jeh!RzVLilnWPf`BKMy@ZMm0jMe3h-3I;)mfkYixPt zr-!iexFfAE+veYlwa`gn(fQ<~Hp_qY^`0I8E6IRx$PGxJNSTGFGy{CR^+Y}=xU^&S zaSckpmDdCxD5l~l)AkRHW1h^{l#f%qF(zM*UhgCI z*`J~uVaG-6HUiNSqJy!Gh$T6~>zC0kU%Mzu+UZ@6squ@mu;mVy)H*pl4njK`H@PF8 zybIJU4>?dAz=jUUZ~IADz(gd1emN~bLO6nV7o`TiS@H_W(>iX`u- zG1iifu+~>kw)3S(4X9tF2;5q96NwHxV;x?o&Ax{Rz$s)*%&TppYP~8Y^GTgPeJ1#A zr&imN4B3kfptxVit?>K`xYC%wlKmZvH4fzn z^cX$bO6P~D?d_yU5;)ebKkaj2bu+$-*5Tlecd-Q?hB&fA@o`4ZF@q+?Vw`f>3ysv` zpQ=X6XGp`Fb_+&lAy(?!pAP&WXHPExE_(ICXD!Xsjuy5@RQy{p8(L{OEN&NvPm8T3A+-&m zomWbVh2o?j^;+JWn6_#ORNS1?G_`U$f^GFYP+y7I6~Gh;TBj06P4tT+&;BNda39mh z%YxN?CTS8+{wO*-&zd~jR&IoV0)EGhu)>jk?BAm-_~!JWWtWZQxb=S2e;*l1>LbXc z|AW&i$hRu6ht1)s$qSjj&|68TzBvwaQ4U?xTZl3$|26c6d2=LlLT^JKM*Ys>;&EBe zSexNm0(pJ6ZckK2{}eWqCfp;1_?a)=%jFNV7>A(r45jK(4!5_J+0{P&&_?{1P@oNN zuD?g-H<{m+t2xmTr1W`6Pq+|>PTjo9S*#}~d_3xY{mef3pCF+y*aYSe2ksVsoG;#p z1@W z|Ek-iWMwhqP3ts|<5M^Oq=+xoNuyewrSg5HdO?exIG64#9yBU+Z(Um|r~4lGn)pU6 zZIl?bBHFR9lHe{d(+V--H*kz?XXs`K=7uy05ibHanq1fj2;ws9lWp{j33DrkFE*2# zxS;TMn41DD21?|Qz56~LUxflEi3h$dXTaL?;2V^H>pPeQ4Th$Kz}iNHX$n@;k3yjJ zpnq$PPZeA&yE5x69VVa;*i2}7`>(xB0Vn}`F@`R z$`Qdz^_9*1M9wZnQcwzC;#Yd#-IVT<*c67m0Q>OsCgoF_fFa5M%zhy@02s))v;dBR&l zq&d4Wy5alj%9@LB?^MGSd|%PGrAm=iC0H5tBIrmTn7n%A07prKgR5J5PYjIRZs|y~ zytv8y*yh8(V3o(b5Fz+I}b05$2~9dgS3 zHcY~pq1@2I#D2+_;G66O>N4iCMamCL!UU|xUyn2B%I?eH%9#)3B}{!m`|SHa0#XjH zg(e-0B{eW4g)~)%c@TKUvifS0fckj5wgU0$u4FD*YQ}gx8R)ssvfBZD_>_zjDGhIa z>#^6htrTn3bd3yZYZ-Gw;nu?slD*%g_t1yL5YS6rmL&T30m+7?bXK(`9(Ja(y(VHb z6s$d{;1?6RLfoi^8UHS6$tl%*VwHP1>h zI&(b@R<-Hqq~*wSlP%>xF;xnD3#5++OGv+r zEPeKS9tp9*L(0^d&Klb?(k z0SbH1sDrbij}n#(YZ|*Xt8@d_?cXpt%-72QAfEw##8-3~NYA%(P(yEJIq&Ty+cs;v zZaDZJ8tYn;=E0^|${F?U49aL}26=TcWxA#V#`(ERSbbgpT)SQyVMxneU1`^|gYw9o z{TEoH1EQD8a~UX|ID|Z9mzC-dQK#+H?&s%t02`|UhwKA)vyHsIMA?`Qzm1UdhPyd8 z(|vv<=?Tph3vZ^dL?cn=I(~b*TWCMTH!z&Gu^C#m@K1RS{!>pxrKDy8jv`OI4<|{3 zSWBBjyiaw`p=w+@U1F(GN9T{Otw)oh6aCJqw7S2#_vt&t@X@2t3=g}oo0sT-@e7z;+I0u&=jVh$Eezp)y9#2g|uFg}nOT0>gW zJTcxn0xB3UNz70Y>T5dtpA9-SQq8nJlloL8B57=M1memRm|=t@Y9P88;ic8897(Xh zbdaP97&VsJBGtfhVxsw&#Okw#QT_VB5o-!q?*ki>Iub{!MjOtpomZjYx1y+2J_1^= z)d!hasB}2^C7OzX>cX(=f4bD7suE;>vgf3(6D~)odmF#(2|X$j|B~8`=FV3%h$hcK zaFWJzsWDk7aj)IIC23jnb(F~naf>*~+)il6(`w-8cOskB-5b;zcTQ;fdS!`c>&SbySY9g{p6rtKnc~b>>i{)t~|e7d5Q& zy^aFu5RsFbBnXr;&}kV;%o(HK6>JsXZ2=^zNTl)Gzu*H*%#&2Y zkhBS5xl-7Ts%2O%L|%k0=`EWkVtwaTVqQJ5E7IwO1M-n>K$?Kc41*&^qY~wqII+-} z`)E3|4SYVadpJnGaE)yce?JY$?fVa$;IrF`+wbhzBF>y|b?+2S(U#~r&0NXaq#BV2 zxZ{c8eli*&r-=QirzoS_k%oYL{Wfa_ zpi@rX9gg*BIYIBl)IaWd8x=`{BFP?TxS_kw47nt#lL zTYC0G`Ag`_*H2ZHdk@Mtd@Foj5vo9zUH%wp?zarTiCko_3$ZYg5{vN^mYIb7fwO+ zA%0RCioM<!?{y^diXy< ztpT`HI#odiAWjT>zKER>7L{t>L|%`~Mt*GZCoBI?3@QlSl1b#;Qmz~a1`}*CIGtgv zDj!F3F6nxE@Fa0B8FsqNTnAF~zhUW|a{$Z+plMX+$ka{t&J#9O`KS(Znm)raw*SZj z_LLs*DbTmAT3bmK;cch*EbhU_T&YNgoT$d^WYz^tC90t+YiN8?4|wH@FUVhI_+!pm z=3H_WZ-zJSjX{_GjaZ$3Fy$%XiS5>_tN2&2B<=o;Ap0X|T}tjSwERvt=9dHO?j;00 zo|1NZl}Gj_r(`OdFvmn+ZvUF&!FGi?95Wm^9XdMq9gY-MF@g#ynG+BPWhF+&R8nkP zS{6HGN9=w2Z&!{em?8*F?li3mdz9YN##!=KPfzuMFm?4BhY8^tmnnWsIi6XY;FtFf z>vkxU8mjQPoW|A(tRPfM6a8c10lJrI1A4nlyTt1hlyme$`E?1k-h%Cw_kJZ9BSJZy)K7 z3a=c!A$vDlLQ3Pq?mQO01i@$#Acke!MML9uWOxdbm0w$sj-Hnhp{d*dIpQEj>ZEQV zSygomPjidW7PoudDY#&tsbDk4vn-H8XFHZ2mLU`w!D6DTG{fo)9r25jRyX#v7Jsb%V`?rSzX6L;aeiq||rpz8o5 z?ZRF3=1sp}Yr)!bBR0MQ`RB|w^k5{TrcoxRmrj|A>YUTJICcG7%kMVjGBq|9^WI2? zSUI%3YARn{r)7xO711rP9^YF*LswlCg0SPfqQ(ZH3OoBPWQEU}%~QW1m#V`*H(YdC zs2-WuF9{#_CMhCYA32)KR=36VV4fzV6PyI(l|(u2i5I^*&r04^(PYyua$K$p$<6v# zhZ|e+O5RaGr1$w-<~cMBoqJUm&EMtt5Sg!A*FX#JK32C^YwK~BLu?R^wMz_9g?rQD zJ3jiV>mo{xzzM2kmCLwJ3HRHD`@||4s|*DX6%*U^TJ-;_3oy^6ICr$3jMX@=9{HVi zTo{Mc*pD4I5o6_8i06-C3Iy>y;tiEgV^6j!G&r>9>hAbTYJ#s)VEAV3T@<-!m?jjV zaiu+3x0)tSs=BW9zqmS z|2(cDdtAIQn}&_vp~cy6u){y+eDV>6!V_9qEk-%SwNr52W9!wU>VSpLKCWi^a`q~f za0coeZm-YB#X4zdQSZ*!PGuK+w=msZSxA!cncYD}u-Nin=aP^HWt9dvd@&erx1PYt zN8EDBY(Oj|eAb+OVm(cRJsh>Is&O;xG=HQ!PMNVTVuj#XEgj&#jZX4U8|uT1K5W3g zkyr@37)~H2Jd8yF)_bVxfJF# zq+Wc+C7zXW>Dn*BY8JgP?^IS#*7VZpF?=;llH=|l`*OR})PVP~y*~*Wff?+5Y)J^6 zb>T-)VRC{>AUH$vq1KqN5P{o^(#x_aTZV1CdJGtREBs&rtDKwhlKmo|QBCb|27alr zR&66cb}0_Bk;JD{$+9*AM)KeVLEyGN`xq9M#zf{1G#WIxiKEwZZDUCqqTU>vz31Eb zlJ(mQ!=cF+tuc=F;-OdVF4qG>{0Mz`Z9-B9>9TNP)uz|Ns9=&#eK~&>le0@zxnuZ0 zQ?-n!QyrYrZ2T%l%}u68C0pZ}3csv#fw+!30$&UM@A3rzuCVaq@ETlyBy#j6oBgt| zX=+$cu<}}st(DDEsp?+amZF_T9S%P|vKuy1IwPjs9@D&hF2@=+=rbPsgFR*0DKCBE zrT1BVB0c1}AIQEgnrGm9NMCEsLvOIpF!izjw&8Zg);mMgB^3eA8`cJ=q90SInLFrf zDyt>b*BjwKBWyC4C|yrOgyO`Yx*nPB=T0@t>a zLe9&*;Wyji@0$w)U@qMcW(p9;tz<_esjC9fv++%KTK0}@AbP^sFWGH5Qmf9zWqaY3 zcaVuk@q@OLe#(8)ES<%SPjo3AyKaq%*YGbAmrGX2CowQXr+gQ0|o5{AG&Ixu$}oB6T+7drM0y zJJu=z{VVzusbJ_gY4Xba*(5oiChDtPyrf=MIGbGO%-Ug82NfDRLetK1%_CT06LAu1g$?ejtD-|_{a)hwD1DfTY zSy;f}QRPFm*D(f|m*y9kbKb!KnmCM%!k3g^k(S?PR9s2PnVwHqo+>v`1JZ1;`tR-I zib9IB+Y%(3sV?+XiMtYh|I@i44g>qtH&-UV)6oOdxx(7?d7Xx+RwlF`MZiF=88Az> z`c-kqP-_UT=Y9K--F@k_t_x!*{*`)(oLB|Rz7bEZlfiUGif(@riTzurolP^;32K>F zn=*{)hT`)a$MnF_T5SvzNsW()44T7og*ui}@Gd5Mbz54-9#>m}U_7d(n*(l_t3xTC z)f~v}Y>qlU4h|mg(A&(-^v!ovCN_v&2LfT12rG;b@1(A*Neq2im81ZXS}^btG`wAx zVTeQN#m>o!gBd3(9yV+?8ElRh!#WsZ>c_M(H|~^CLUcdrp;gmhal6N72Escmyg{R+E|tJ#SrkV_92{ z%#jH^qMi+ANLp-0r&I*WZ%90PjCS3c_3tHwEjTP_s3^QXdgrmdXz+mRFid6ms{(lG z0kdry`UrYD>Bo+&%^mlECs5?oke$D{9jH+PIR~A>dx}mwI+2aTY@sQ2m4AIHm1FS~Hx7|Nc%?7*rL za9Dc@BV2;LB@jU~MjP+HM)+YkFQ~q-N663hbU&`zZIjVQMswGeJSH_;HKeXn4V4N3 z4sz@2&544ntO5cF=i`&xx z;Fxqu2?v6X%lq5L+!n>nr7rr}nsuHblLpSjN@EHll9bTzt!+td%b4`ksS6sF-8AnQ z=XTU!J~N$pPP9Y-;1`l+qg`ccXQ0Ag=|^~#i1&TT8=+mv1 zi76?Fp#K!iD#5M~zYBsgH(uAMa;bNzhsRS{Fn#WYscuf(oz4giQI*s$1Fv*D6JDS1 z5wYjSrHErB&sWLX63Qf$cP%oBDXro2ovX*|nx;PqP$>n7#eW(;^#`3>4CGb=5sq|z z&1YDaX>MSg3$j{24Xt|W|55TeZ!D0fo!6M=S)w?NX@+qCb($tf&-Y$OrP)rG$=FqD zi%;JLj#WfeyLO=nX(*X3_Os3nzfkSkImWF6*QP6`{}h)$0j3&^6a7Q{gFQT!ukrKH z;vae4w@t!bS50O&D93a_C3msRX;3mptpEBJz(sq6H>&D-jL(l9r<)>*=c*Cgz5T<2 zglVD>>|c%}F87Uh6b&Pw+!8hvr-PN3vlQisl0Bk6*Unlu>3-}F>to|*%J)wdxLxa% zm@ea9#hhgoi}X(;-*SxM{zCp1gyhkLd+Py;DZVxS>k|RRcHJy`I?p!5|2}VC2uBIl z7+E;(D~1L*9K|GsA%%uRVvhL5V%RR{REq=cSZq59i4MtP>m!56W%e*_y4r-F)O*N# zPJy?O{^{7&TUmt8>gnBrjF<_$s3T0gm{29eWWnJZzn2e+x*pGl<&q5W?HTZShg?_w zFluC9$O?#V%ExfIP{$t~!nsi*A#G5^IgY1Y@t%}>iaWoA7!WsCsl> z>VYe#!mDyA=<{6D@`>iSGYUehOW3UN`NUtQd@Ru~tnm=<9jH{iwDSu~ z=(=X$le(7#I*&BN>a8z6vn=h3nBYDYsJF8lvfD1*t8{y(<1VqtJpG|R1&bU@-M|Xe zRnc0gGW2-aR-PZzX-Ih+`sWT)a(e-Llglt>Q`+*|qez*B-}Ah3Kl%>5uN*lr>B#jp zLZmicOi#|lh`FH!>+mWM&&SElp3L$KHGbe0Y_x|S1qntz78B6;tW1G@mungxlXl2C zl-!S2@EmTkEW6f$raQ&1O&h!HS45zM_Y`j;9N{rcPbWh@8Hfw05)LoJ2o^IjOW;VQrBxsxe;_5A<+KQh2Z``Fg zK?@Ws?hd6CXpvxr;_mM56c1KXG!R@`+?`^0pJN&tKJ@@{4pS9nd7g;$cJ2T1b zneTiCHPbs7G@kKYLhe>e>yg*jg@?J4tEf6@)yCv|>b5)~!NJh28BCh+x;ZM$cQul+ z6L}|-ye)}m+us>W>_cqYZ?~8Bc&?lT5Jt;P!nNFQ%6nMqk7t$1F4=%$Z$-1Q(%*f* z8k;N(V}?G?>0NYJpq7Q*Np?~QS;w0uAZwGK?k+SKN&X}CH0DX?0k~%3nwK@mVKP~I}kc5?xzGuneOGYMPY>n z+46k?_6aO{Su|+C5~%5Aua(Uimd7KVP=&x)YJ9a0MuA_FRz8z2Buw__#7PV^7<{?1 z5^;+m5EIfm-@4-NuA9^jJC09a!6Yd&DcSw&*245wM(Q?b^91ZgGqEzt47 z80Mw4BlWd%^HS>1tGK__PTscv)oxX`@+?mp5AR#!9UoAC)y`5SS6_$=iWlK72MkbQ zQC7xAE-&eXZFx+gm{A`|O$OCzE^O4wu7B+m-4l@Eu?{fPJtRuduWeubqbKV_Jcrz- z3g-5q*yv>r5yP1Oe%zP&ftTSX`g%6Gu@G4W1myIsCdMSs$nxpPCMScXq(WV*0GZlS zhkBx2O>PT%IO;!*!GfdFmXDJ#g*vQb%p03irIkG|F^-z?=Qv>a4+W9rewrtDz}Mcr z<-}hp-q?8?ubRT21J*oh56gz*nqk+o=Gy7h5d};>Hk3KCjk*UsZ8(w#Vt2>AJ0UP3 z*_O^!=awvrlB<4UlhI>VSq5(T(`BRUov1X_**PD-K`T4_&`}W&t#;8@d1DFR0NS{U z4#DCEs6)tN3gg8!f8I*k(rW#(su}7W;$}5IhWD58(Iu!I4jk zLGQ9X&e2vIY#$~5PiHtKd31V$$UmIy}juc=?rslVw_ zL|M)Sre`lD_GRFupe>{B#YmD^b!c&qYo!qg`{dHQ>&#J{aqGu|`I9ui>Y_-^{$9sV zqlP72D{s*>%r`5&p>3q1dmnsYnm@ZiMryX*Wnh6$#n~sdbg zT4b{$A93`~3@>wn^Q8LS8_sDA{NQ2<6$D`f-cA(1x8Qiy13hWpx09R_q`EEqXPcjH zZ}ky;beJpN6u|njD;s#bF%;c6?f6$Z_B2Bf9vts?9jn}x?=?36P#4k z-Z*tepP^ERW|N2$Z&jStp33!y@-vePFiGVh0cUQ2+@d*$r5tS~G``8S?(aV*ENY3; zL|I_{`m}ki@tq01Af|bJ!utc)mpT%RmbnjSVd_)-Ei}FW6vKlR2n*MAj$s(1ey&q) zcUgKWfGkppf~ALzIgu->^C26nK+jXcQw}Tj)SpyqHJ5pX+4xrzNR#qAqG+WMPuVxW z`47e7Dj4>jDkD$7PDno{-f4Rp<=}73^09l$V+}uckR;AmfhzPF@8DA5w$4@L(&yx@ zMAnM9C`rXZ=)RoWY0ka@QxEDb`(FWRe|y@Eec>!is>Q$)^K^&gqO-_if5_WQ?XJ@qEI!zQ6& z#-RTTQpkIiIKG-|0-+@SI$Imx8c>7FyAut(j1Lzer>fnM=YdFjxm{9TK^-7L%^>wv zpLuA9XOtyznqfd7ieMP1-$z+1L{NM+>yJ-lB!Z|8kc4sFGdr8Jpq_B=1`KNNYbMwf z>|Bn>j`Wg}A4=qV4yAn)iLm`h3hMk7ViYd{3l<&Fd~c2Wo!DG1wh+e#T5|)!?!|=& zTleoqA1X92l1xin*-;sCO0{RxU9&c$l8;|FAO{B?3;F2v#%6Rb3RQQ3nF)TbH-chI zhy8bWVp$fcck{ik<_B<8B*Z0Lnq=KUJ2LVBiaD3@qY8E>l+M)f*2IUGQi^A-5K)#k zVoJ09R9JHk`F>+aCd1X8vP>_7O{v;!bT~66;;8U^I!pN5X?7f`!)gN6>*rAI-#mFU zl~+QFD}cCCzUggIF&)@}mTZTn!V5q2o{W679rve3tG$fOp$i05bggS@usYZH8D+X& zy|C_5Y}d`xpR-Unjjl#E9fmpU&nW{moslQ``ej7qlyT!y!2HTK1fX-~KKf8@$gOwDtI$NVFXfS&XYetuyDfocan3iN5hZE6`=% zO6TfTkt`5b7*|%5V|J7zT_wm)@v4<^%4%cP!!-#SH}~gU=iC9+CV|>?2SszZ6%nvI zTYxfQ)bxa!T9l6PqxY&zoD8Q~N?l0iP64a%qe2Z~hw@p! z^Q;g=eHxjr+sE9QDPMUrL3zG}v9ear1c=(*ydoDoJY%2rzJIq)tdE(Ay^JBvGc%dk zMcG0&VC&g@tuYU@@hBrCl##H(%@F?{#C$iFcYjk`;5dV*rDeJ}d?+irOj`0}#%>Ej(P5cVSLuej_=wd1j^6LdK#sR>$XKKA)n9R(flM;GN{E3Jo5)m z3p@b1D3uDN{w7xQZ`>1QkWyCJYr0I)_rgqsWdjby`clRSW2vfZ`MKZ{lCDkqD_hFb zziv%F$;G1K9%Rf66Sl^Q_IaB-L|&Fla_et*HWoOO2DxiJ9P*60oNIFa;6fddYEC%5 z%5YL9@ebXNu-x~=O+1R*}j0w3Ct|i3e}qR*159n(5G1P7y6wnEIu+vS_-u9 z70iT&`g=?fj`a(YJ@@ziXlGnW-rUed#U?-(l)^g(Pjjo%ARZLR+;KFD_u39Su^m-S zd&%x3MfJD#feFc7&S#C&Aqv{<8Ul@(F?1??mD2!J=AQw|*TLPu&bd!Cs(2ezZ(;9;qB7OI3!k)v;D|qnL!%=)Gx1Vw0zQeyyv_;fAhkCI6uawBPPL9Y4-&T=l#* zvO4ktL_|3yC}cptD29LkYN>cvF8e%nxm*DE$+fu2OP%*&KVzcrb(_ERTQ9^q4Ez3A z_)_L@v^@t^f4{1%MdGgk9W> zB)Ee*7^aB!4o~G|1V5X9a@h~JDVEa9L2zzH2_oaL%t2H=$g7i-@Dw96v4w*095kO# z^ENqZOCc~#a2$Z&_g*A0`aI*ZQsjT`5lR5>3Hpjyai;Hky!+9W#R@-ix8t*MY>-z> zv`~itK0MM&%7SPS>S**wFP==*orqxC1&~=DjadO8a?(;?im7G?i#&%qat!<-sLrqY zOf_z|D|oZsj`fqKGt?!Kh@V^+Pw-C~%X<{V95ex)7ZI`z*847aQUFhZPBO(8qoqxm ziT<79-r7%CJ71v}eY1yb3ntH>DtL%NvzMqxG#B{j4Py6kt3;hIocyn{6wc9pS|?~t z*(DrkZ_tDRWx65LrN1U&f%|g-n1H+jtl9^XHRLrZkN<^J1yP2>eauCV72+yy zcQeh~UmwN5x|t@1Nu_Om20YK1#u;(7|2YyG z`p_DR(nI&6YW^F}@+zYw+zp*7N)xT-mF_1na`5?ZF7$GYW{Zmyg^&SOV?bYq9=KMC zX?(w_%zb0%x3T+S)5BjV{}t0IyQFyXPs3i+I|L?t!+|&Ai*UN{9I|oe|1I8pj1D|Y z4RsF`=akKgcx&jaV?@m!3sPTqPWHh%V{*kyueo#wqw2_x zQXY7Pd2w6UJ6k79Ewq+t(5u?((4I}du_UCSIr!RU)rH?mO{moc(^ocO+r7p#UhFpk zK4((_VmfGdM?KQN!=r`cbIBi+eG-7c9%Xy{hGs0!qmeREi^SH4$QYw|! zi}^boXx7y}*NtRnEv!tRZGM#~=h}8-FRW9I%h!kAi`4r2KNV18-1q#HYjogEr9Ntg z7nD%Gk zwHhgAdb=TC_q-+|4~(MDwJ$3fFQd0t;}z1|QPX2+SlSDT+Nb~h#`WNWAfy$L*v2yt z5=|^|>Ho36|AN(Fya`(LQV@71etWol2@Hn2Oyt2PdPXOnaw73J_4_VDfFLvxDM9T~ z;M2k~Lcino^bmiFwz?7yHTYi?r658xCjzGhI)@e#wpTjwLZ3Df2dr_pV~y-@0+IR2 z{IKki?0e4CMk6IU=3& z;)!?}Q@Nc+wg%9CywnfAU3IM*T(pK-iqlr8$fw4|c&q)pnTHr?w!F{p`5cR*evHlR zIke`v<}<#pWGCdP1HNyH(J(|x`jLM*LIw!*3Q#3>%bGDyP`SM>c^jn2Xv};vmaw(Hv z8G|LJZ8p{L4?%ilL5tH7lmd=FW|Z}JO8iw`x@Xff^=X8$cviX(!lo^xc?$b}(#wB$ zbH3NC^lcO&A-N)l4&K@gGfu#(A2sMD{r97^7x~YN-YJy771m<$lPAt7+3`xnhZ_>o zFAhX}jv@jwN?)}-Gz3s1*uy>h-QG?8XDcc&=>k9C{j^c7C`}U;EJ@JEQ6~=|s0);T z?WD_jquS!x+3bTknp*hg0fM_J#kC z3-*p>^1&PY*8lkKD@0ccFG6O~*yt{W8i8Sj_epWCGthdv1n>RVq6RA%;7o|iAjT6C z%zkR2{`(tlPqz(Qiip7I@ei*$QI`Auqgc2b6n&v~PY<3>&F{i3B1h$~jc5eROP)^Y zoT5TA$^xn77QRX9kuK619s+l{x{c08vlZF=Po?*^^EFmr6U(l_Yw4`4z3(1UE(Y~U zz%1(Bj)4&w#vz-hdp8<3MOW_2n+fz=!KGR2IXCgflQE2dvFQ>0R}ydaiV^gmt^z_* z1T@SZxx8?`i||nI@MZE}uQhZ1*;lkG&Wwll8*6n9Bp4Z1jA~P9GQKnx1HvGSp8>{` z{t@}>V~{7Y>*0su5QyLAeL55S5>dZ#raSE<0uyw8pduf<=V%7zBy6f7KQAH8gkq9} zz0zr)%_Rr7g#(@+UvZFkfyy9N%l*mX1h4XM<@$u)sVpc&_Rl_Q|`iu?yb`pPurLF#+b<}S&Q;O7-Ps8!B4-{AB+ z8*tPtB{F)M#>|!U=t4QmF(wm;AbHOmGT-9m($$5#Ouan{B_9BPA>hdElgwaYq(aU8 zqk1NNstPt0?~R>v+Ni&^d$nC)`w_*Jd@?fu%F8XCft0zqc?*^Pu-y6879YDzwdH?s%j>b&c@R^z~1WeO1b?Jk`#7-bs#GXoJJG9#V~}2zJ$#z+{QDn z?!Dsn0KF-`&^kAeNRzlrnRcxPA!hVB|qo{<6?O#1*cv*j1hC9n)VaSw=IZ5ItBdwt; ze8x~J4`Y^uTw8K+ZWyeQ;f|_sn)$H(wF7_lBtGsRJt+nwg4~U6i|bW|^*V00bG^&Q z7-HG)^wnYEKjnAA(%5h?)ppo$F$?_gr-{qUBUaUo-$(b>jIwFhVD(aY7?Ylww{v*XrrQ8L;u zoua0%3qq}IqZ6co`|A$uAvH8{P7GM^XlAd)=@pU@dp;DwazC1{m3k%Wc78`EScjxq z{HidU*_>qGc~fE3+3dPU`?wwU3eX%x6lA;H9jC+SG3kwsaX~~RltCMutPie=Z2T`g zF|YL`lMlqOv*ER8n)r;G&-!c2GR$b^;h%6y5CJ(h@OH?Uo+WaWf^47C%b-ZN-6TcC z`~#DEt(~S?nb+-B@=HHjjj%0~hBhb})UN8hVLH?56X$sBMe==+y_LyzH_K*w1f7WG z8xCDKZk&|;RFm7+u&$e|$1su*a$P!qr$PQdm-z9z95)o=Bg&zMje~s$NPiw@xFmGyS1fK zrTJiw-p?o}K#^BZh_yj__8HHSPJmhrPnPNkWY*hoQJ4_I(3Y|!Lp-Td2sTm#os2DC z!P#%E-T#Z$ik%*PD*x)5xo0=CCULkv$Bjy)eBNJMIGRtE#jw78It4Q)=2pMA z8QpDF|2@5SOP~~qVhCELmrwf3hfY@IB|AUHSE6%oS@e5*z z7bzZW)cj^cowg-#`!}pVJugdtI5SHLFVszkNg{^WHs;++-3kBcq%g$}>DBFqi07Gh zp?0lxe`T{Gsf52Tcp`u$<1L32W62$}T0!^2Sgp-Bp$jnj1}r8ThhXgU`wULvvX1PW zs%sz1PFTO+cYhvkZdyMODHrYE=;6_A9YS$|zx`v5oso>;VmI@$?Vj=4(>$Jxat7W8h7Cud&2Hpb-l)1t6%14Jm`j|oQK?IKbBji-@X=Mh_$STe|U zIObc)X1Nx5)(mksNIaO!JA^#(3vV=JY-paJO*UPNNJuQfL7%_OZ!t7w7iMoFkqEtEu$XwI~ku% zsG0G5ydhP2H2@uR^*cEBq*Wv2F8bh=l=0jnk|&x1Sx#qh^%zbcS=HDCfw7%;p4AK z4nx=B_|r(Z=uQ-R91Ikb;9{u%Myq+DpCDQsbT+jK&oJ&0HT-C$51M`_u^EjHI{wL?~l9stL5 z>fAzyw{cSabRSB#j)yyEQ@)Ees}HNE(NbxeEPab8mAmAQnFs@+%XbsdC#P{Ei~!}f zumYlJEWx)0lYi^{9z2T*Ju95oclaZyKdEHu*0*@J&##*aT@Q$yd_q)%BI2MC^*nHe z8A-fAmTc`}8l9(polzDJF*g3GHiC5Canw%Y$9+@rW!#{E@&bp{*t!vw2%!xKA?m8d zbh14F9t(47tHlPVO|>3Vdv5<*NAT0{?sOB*<#FU^lI08~ENMazE-8l7k4+H_+Y#~; z9O#IXobx3siuUc@tBg}R*Cvrck(MK7oOqdXqvUK?7c*}7st@hbtVP7nXeiht{00Wk zE5!{b!&bK9vEpaq2kSe7`rkAAJ{;9&dz>r>xx#ei$!kypa13xyVzaS(#C*jz7`>w# zYiF9eJ`V{3FlUJJJ3Rpc`K`2M-%51x%39Xrvejm&vaJ#e)?SHg(Q~<~JFaUz$zdV5 z;_v=m4iF7W^~kBauFQmvce2#-N-_}I%fH(g!nfDZy!rWwMMy71H+0cF)Tb+rG4YRJ z{}&DSiQh4tv@Q~Adz1TzyGqk)zd-2(8Qp$r-0U`>yHkq;vQ*-GL&b~85Tp^zW~&ur zO1ktam{wuGYbTlXv_b&^IpzVtE6M$pqffFR$pKe-TsLgQB``-k8L6wm*U#P8?$&fq2xBMb|viAiLrFkc?#;wObLjr8PbQ-%RLBY$ab3` zsbu_+E~x5A;T?oCPAwU*Ti!5z4QELrTy244^Ml{>T8kR8L%Oq@?&3alO>${PvEwUA z_*$hw`n6o}PnCuit&c^SXQ_e;c_2)=PA`-t;RR}scU{Kv3pFN zXyVqdh&hAM0Ji(`CDSO;ZAEdMir8F#jq%Jc1_@6A#|D&_6{fzd9m#CI=a zU6DbbTX6L#4pDcW|3weUT5&HGCfg(~RcU{yQ}$vIdgxjxdg=Qf@{hE^xEM6c23Q2q zfzh0i@#rB~beIGnS{%uu*N`CrAOi?dwi)6NGX&Lfc6jdPlze28DGscN=0@FM2{X(I z6AG_P;#XEkC~#FwS^b3MGNozai>qkR2csiYJYvWmWb__Fs!q#(r@G!*XC_VWCY z9qSl+XJIda#)0+66Tu~u|DPoB>lvpNk291O7}gV&jHS*SXq?XyT9q#smQ*Sd?lu^J zMgMnxu#Z_^!S}B~NLwt53Skr>?MuP4Fb#x`>UCPgOo;4D4YVHA(EtJXIke~ zxi|9)QcPi>!d@X>x$U$C^+cJDax|Ylwambs6(#HW zxosLmVzup2zo0p^-CN(P0DVa!c8*#ej*Z$N&s6OvZAF?6?1-3npaP1m#5+8@p~qiV z&vZZWU7?7$Sc7KZ!-vCaqdLz&jq4<%?VCTwR8-uedt}=L3_sjzK2a|hD($`xS?4^9 zCjHJ5Ezo+ho!*6Bm_d9^948Ds5_g=@8?SsLe*No}Z^lNrCSdkA&oTY>q-tI7z$j3~ zKt#0z7w2^Iw2Cy+QyK$VipZC@MflNyaf$jk@$49~BiOqdz;*2G!1=}qE(BM=jPIz6 zv8y@vT|NI@CQUAh-S`Rbl7*+Yr~Q0qM6jsjg0F1ZpZMqmlIQy_TnSLi^_(_&9tR9g zK}XQ1?RGtS+zGtGw3on@f@_C8Cidw%3;WiK7LE(fq=ZV;)A4H#kGT#DUOeq7G_@p> z$@K7wj1L#v%+@d?ku2?Rsm@Kxa;r>Cno<02>qqZU(xARtGgpak<=TLoK$}+ptj4bPY~G6*g3?Zqp1O!z(B5 z3>>)Ukzzh)sp6ceUbZ9ESMTt5(^tG(H>OQb-V%G zBpdjnhwo82idDT&=-J8iv8SL$F@%M-Jf077$O>iDCA1D_^$4!`KO8Yh@NjGg+G6?9 zIb39L5y5;-?J)ZsgU8UwSmB8t}$XwV>hN$n&+`3KeIR#f}GsNOumL7BYht^ z_&y3{oVCcu5<=U&md**W_pY<;1RWlKcVMMx3Ap^*sA^gg@%z2QQ*Zm=WOE6S?_hmH%Hx_|Qe;myW?O`%V zNVcH>M}Gnoe#WD;|5m|eWIj6PKHxtw>T3#<5s8%;sf;VT4cKzxKDEzhl;L|T2Ugae zR%gjM>j(p{^7MoZkXE~H{c?;VoKf$dDIs`qhu!UjSFV?ry}`W|0C=ooezEg<8|4VN zXo^B@(GHsfs5(2h{JQ<^XZDqTolmNK%8=p{sR?gqV6%)2E>@Xa#9#G?)8v_#yU}r` z0YQd-&-?iOOlGZ)3lC9Y9~4H}0AT&grYJwJ54^uvKv(ss>2 zmEi-CPNA?!Cq)1F;Bg}HSZBzsWzKRz)Jq8+VjR9#7(4e{YIdq~dgf!?WEGz_EN&*Z zIN|5pv5#TNVy1bGs(ZzS5zsv7K-!9U)W>ZfItrR88Md?O8GR>d&+LGgv4=joF50vB zAxiN_<+JI$QDnMXoi500+Y^EWPMpG|kpSRsRc~!6Qej?a!$je9@L}*4mt)Yu(*vuV zH2yQ+;4GK!SrnnC$9!P2Or+w%Y0v4>>2V*%>Fbn(l>~wgu3icP?9m$dlh}lPF#vi3 zc@ZjZ%oznE5WLcddV0{u28zBQEK}O91?)(oQW7p?DS}Tg`+c<#PmfDNxSXS;?X&D& z(F(t(!CeR!b9gs&?I#cCM8B&zY4t3PmlE5Od^#zZ4RiWoCq(ZxqQ;;5`~+3N(_*Vj z^H-*<1`H)!>&wnZwQJcs7PVK-sC>qUB?JvY*Xu zb83~<4<0#%mevIygN~n)of+(>>g-&9399l=>B`i|j|ef=B&wLUVo}KyIvI-GwwnqY z`5z)WSQ&h%>(Lw(HjR;FEFqt!bq!u4%Egi)=L~1hBJii9Bg^VMjSS}9=}{hVONg;rfiGioeIYn|Ng85c@3!$<{!P1>W_)ET@Qbyom$TprkA!|5mMjnzEgbY5j0C}kOaz>EacD2 zYwld+;dW%V)m9Nb(q?pgS_*F;xC`<-T@qLUjpn~toUpI*{T_G<;xLRd+69gVel84( zVxld|iulIK`Q{*vgsY4)#j~gTV<&NW#CQFl?U8aAKmPK$-i#qW2CTS^km=*_TypX> zWL|iUHm|hK=${>49X|P3+Xa2JMIQ_eU={f-9Xs@})OI&~eqY~KD_&UQdv-XKFCfFt z9<66qe5#YBY!h%wc74>FiMSaV)8|&h9cr<_;eQrwU2be~{`f9{qCEhE!Rn-lar79I zqASzsm~Q_Ep6~5i__w)v-V~|$NT2AZeW#(P4xUuqG}L`?OIFO)j6wUd{NjWdc}8^F zqJ%aDSzWA{cI}n7FzUbS8CwW0YnVL4_|W%4=FD>!3l5`I0R8RbCy;r2jFI^slhr5) zzw?iqIXIr<6Z{-2oC<%rEw-x*-1>K>0MvJK&&`p%dfXVOJ)6S|4hFzJAtkILU-P7U z9~~@R8w;Nm!JztRJS7xldSpE!Y4;#FO}V$BKYt+3s^UwZs=cv`{%X52FT7urYu)Xn z7L{QW$&X`Xn1=B1n@Ju^1y;x&Rdvr?=X28Pfjk??`-WZhzJj&2W=7v<>JT9?<;Q*s zRtRDuGwph+5o-I-83Dii(_a(Ln)jb8-8024lh1*3$OG_B-I_>QYOA%#eTd6g^0a&z zqeDMoJzb$Wi;~LOO*QQHQ$bUK2DU-5rrU~5~O!FwAWhLuZ z6)zAwe%-S+?zPsnx!T{=8NP#}6F|EWI?Begbf4YYn|2DA-a^`TtsRcQK5=f~*Trq7 z_TJ5QldxdR>}WcDy6G}V4Tp4MEkBr1H9WIPsZes~8+xEv!)!>&#YwuY0$l!(N%Rti zCt`h?^|!RN6n3}Z-T9=ZKgNtoQAl(cJH&`%Lb@VII{d^BwA)Yg|4R*7fY=2K*mYgS zk)S%7eSVnfZhLN|1v?5B&c&vBZ*Kr@R zJAR$OHe%Fdl}Io$r-AC_xI)8d`a|E#RO4F(bmYAkUZ`WIJ4*S+t#r`15?qa}j@<8z2)%K7)v)a^bVpbsuLrLsgY`?#YMI?B6?$XXhmpG=jzpkc*4ikNgoPcZki0sz?0C(BsIAZBd+f0qRkfnTVxc zm-AI!lXKRNwX6`FUqQ~tlnAm&ItkRH^8ri=^Nm`^PD4@vS905$`XPIKa3Ez5d z-HpI{bC`h)WAdprmz8z{mAlfhIuA@SgmaW8OayCKDf{(tSok=G1I)?_R{5XR_=7A_ z-pcWtBs@jnFOJmOF=x!=E5Txz>cMPbv?^))e@`T{a6YKT3OO=w9?7d?uYOc;KvFo;rFW%0%tm|0x}T)T{m4p=5Q1O?!Jvr zWnR(s?y=jF=)!|77}z`Svmc!-VC5IJyx*60T)ky1kJiq#f19sP}1Nm5AfOC7eF6ig$!r({yd$x~N zlw;OqZk1!lWs*PlhRewxO<9!2%<&Lg3S+(9mPQC;SXq0+i_yP3cw~RD8qGzYR(hMA(|S@kDR=DX zV^&K+0tWUl^;g-%0+$VAYizJh=wg|H>@rTXP#0|f9k`ISQiSeZoc7;p_!=N89G!0#jN0O2umplN5Xyf z;B3#2w~b$2#X8`AGp+_Nj!V4ojFjlnop@|MI~keYlQ=2F6MP$8)M6~Z&5pch__mpN zT%+w;B9wr#)orZ|DZAA1F7r<$aOqoI;&MLUJna;M?fZWQLM*6-xJU}WbC?D~`nLHB z_Zk#|Lw;MsD&CAwiLvq;wZ-}?o8MVe>W}U%af{W&loZ{sg`FA_)$ds-lUc`{ZbqMU z8M2$EBV6>eP`s?2&u@?(#(wYh@%$k0gDhAsCy2+zJmtR*GHd64Bqy<`@Cd_|U2i5C zI&AdZsS$C}3$w%K-c0a{MS@ctZnW8It5Me{SOuKT=$drvJ4*&5yAN2~G+Xq$ly6lT zciU9|LV1YT>Ctbr&=Sw^MbrF9(N%rH2VYC@wBjeoDR^V|P$8RObQ8gleDsMsdbVju z1ZVM^MUQyZ!F_eMP~0IlvWsVIg4s0(^-kZwif99@wWqbiZ(e9~j%V^&OS-ESs$P5J zE%JZD6RJWAL;j|RSV8)4tXnB7PffOtJ2h30k2B!h*yijK?h{`#@jvV))FS-yEOFEt z7!?Q&C30WDV3}*K0lqPdRIzu)r@3CE^9$9s%TNL@Z$psw$)HFd+_2n8bf*Aw;NOR! zVo@-`B>3}*h>55Z$mDjBDK05yd(x~%Cq<3_$Wlk>gR30)EgWe)vIgKgsjum*syo06 zT$oaKc3VIwu!a9d25f{v`BvK?MvwgS5*B|BgBiYBFmpXfa(|}Rdp__GwQi|d5sL{=W=lgG6M$$g?GM;{7vDy z5u`yhdf%Z)QBw3eZpnZUkrB&Xx*~Ik@nlp_e0Fb4kXr+jAp}rpQcEf}Rc(|6{CQ+e z9;VIfIVNCXO}CI_?JmBfHGa5|mg+R}Q=cx1&ujtKI8b>C!SuOCwpY6Z z{`c5}zX|3nsGPI3LQ$`0WarlWMYic&QmL}-{kW)rR#yXIll*_9G^urIPY6Zs+_=1n+yE>*rED?QkG28O%L1dXRCJj<^v70?&<7})i@@?8+g5@VA8{>Y>VT}++L-5Ei(NyK-mMPrW90o>3 z93;)YRU#%y7;CdQ6QgNIqpO3Tih~Y98bLHT04l z(!8g=SD9Rxql8m{qLA2=UTwyu2@_4w zye#9-v)_-#G8lm5Y#@AUO*Zdmy+Vqo&BFhXLH1Uz(GjNyN99w4AwaoB4ZA;YmNOQ3 z61+ewQ$d&bvsnQQmaIUZe)_XNe|JG_WiuM-pta?da(a?5tGC z+)X~{>s~)k7z{pSN)$hCM;KU4r9=Xb!oxxAW(xO<~}PHhlylg5|2 zd6)Xx99w+E_e1-woy)Qqvig)DFUnp+is}k#)tB2`Ktu*y&NNy%6 zL2uHLdrK^jrn2(8!m?$jOaC1k1D51>Z=8>i7`^$TODc{$7P(TVoMPW6u69h@`-^W+ zVogxwK|bA%e0c|lzZUw;#qWY3v|Q0#nND}z(d$@csH9b!1ir!!z%}+b>VTD%K9#|n z2)1S!nP1I^H#yrLxu+s6E~cvJnpV{yq{R4kiu;ful8_Qfc&J@ zrCB$Z0TE;Ts1G7!!1GdlG%qGLV|ZtpxK0x8@G}>3;FnL)Y5J?*v6N@0_9kEj>~&G1 zD8NSkPUOl=D}SHfDeK4J0j{xT zgN#ucq->S3;o3wx&(&^o>+?~1)Ic1^-t%bp+BxTlb>NKH0QKM}M+clQHb4Jyd4A){}r|=NLUG zyk>Lo-AEsxX@5|x5(q!>>80RdWt5HWi(Ey$pjb-X`CQ$I24*CGc{+_-N0Pbn_VfowiXmct*C>Z;@ z_VJg6&)rst(O8@$D7yN1Tey0uCz$6(Df3r}&=No=_@Z>{$(A%+@bBRSbIiNmc%wcp;#WPLNi&V4k0^)%XOKIF{_SN9m=#a5K)2D&9>3gm-jlQ3+x}b zd_J1f%tl!%0V{yUsytpL(gL%O|8M5xRMQF0T+1>$G(-`|>fpB^GC*cyr>TE-{tZ0S za$MVC$icb*t&`QV-ub3(ffIfrdPaf%7^0I&dgyk)S2$JHDLYYsZNYz(esekUQsy!B zEktwKIodS;=`O`&z-3)o?YM}Q=)M@&ujug`H^L|`yRGMWl%X1m(p){~hP0Eo?hgit0ZTANR5i{q+?_t5Lm$me6}MI$d!+l_x+ug%*FNUpj7qaHseK`w5vCF(1~=19olv)=YpNkXf(kX zD$BF*oG!W97364R(chli2e2p9*y2J8Yva^Zs^bdo5bA{pFg!{~xam`}#){u(-hAEp zBOjb?G$ZAI^}A}OzD+%oaB)Bd79lFq@4Ge>6oCAJo4c!-0^gPB)-zgg67bu|!{oc4 zk=_D@QBu6S9%;3av*u&U5U!?vV_2RS3<(-M|=t%>7%~vN4WADz{nFMfAv6 zRpzN8afS1CnXTdM(l5~}hN<2J>|7Tt>Yr2b;P3;=kgIgWIIhf#dZFG+4|jv)aBjw3 zY5^dne(ZHc`wQD|8ark2o4cif8r?!^Vyzm{CjhxDqt-8B%9fRxt2W^opN$v+=K4kJ zwQZx`v&RdD2eFyUoW8&tUAmKNF^P+XmKDaTUA@*|asG%{*N>Mpw_+#mD9S$yp32p2$Tl zo=1qQw-22%8Ny_OlYrY)WG7sx;O$I17`Ip)4$&MQprD#`>JL=VwTmafnbR;gcQ#&5 z9~_})yj2w6t!_hB8?)$-%+EIKV3ES<6Battx4-vJBw+EV4SeH9jw?iS023(G|1Erm z^1OD_9f|p_`Md!s*jA;^^BHq+G~jt+QDB6f`e~N^=jb4Nv+ms{J9OCZzQ71|IRf&! zH=`xj#8Y0e3CJ}D%W-zk<#_3THbn!*Zs_PZMh4IcjKfd0*}DK%b8VCEq@Hm`f1~=RSd3ycQf>Ahv~3fM&%letzBJ+-r7|;x zh*nU0)ivW*SHIGELOL-J8 z4=XR(RXdq0?5I@nH>VVr3+JOIalcgjewSAQL3mmWEP-VR!*{TEKOX*8jq3ZD&aIi` ziZZ0}{<#=o!XN>eLd(eBdYKT84jN}^v9A7*Jo)wMYaD|dc?gEK5MEe47Ysz&se$=H zj7|pc(^(4G8yII~!CQ)Fre5&>D0}aqrn;_e97I8+si+W%fFezrfRxY?0hJ~qAT=OO zr6+UW;X4(S+^yTcR>3ACYdrzO{E1QdgNc^;OH3J&}c2Ui9`sQehvKv{K8~q zAop#hcAL?Ns@w}?Ex0t%u8hNcZ*39KP#tZRPaPUhvT?3g9BJL@+uH+c{N=b5xOw&R7t^&V@n`6eWm zmfIegqO9f@T`d3w7;X_(IyySR2(jCL65*i}^$%sWi9-B;LrfBOj*~3p$KHOC4bhEp z2fA}ZZp89Mx+l-{57KTfvHtB$ZZno~&<@+lY)ag>ppUHTh0?w+guj20`fgD%I>X_U z!5=}I!A!-!oNB^6D{oEjjbUW1o%u%jnP-UKXB?fi0jO*X`SkX)E7M#$K)K6Ge^Nmq zJ2Xb#&em?o*|(Vc8gG4oDdF?+HjKkhO~x`4Y52lptZnn)pe1v%&I!gK%atVY#*yZS z>)2Glj{ozWo8wW$y{t;7@_7%cHEyW!)I@ofZtFO07w*>1Ql0ywuGi4K0eyHuV61qo zg0AT3rNa?X#b5)yAkxLv=~5<6N_YPswb)DOy_Uc(nUoUCD$gVN?{Z0tVVHNej5ayO zmhK${fb4d4djs{?_9ky5U4KAcrzIjw~1K`rI_yU;o^IUcxfren13LPpI z9ni!BL3im`zI}#}yKl?Oa?yS3_@i)spD_<}=-(DTexhjeD*zNy1((Ib?@O}W=O>nL zFVDTYT{3^JVEA+Mrz)GXTxnpRwr)4oxxE?tQMt^jIIP4h=V6aBE~jS;T2R&}Y-t zCKXg6%rPy3JifAPI``2%o^>y^dH+~9lg@$YC!$YU`ZGyKm-V^x@JB7OnO0gsQdNMT zG>*_GR*l-#)AIXDf2=Kvy}}HZ!R!rQAA1CR@5xe|(hGBpxAlckt!Nd1;%JCIiLO{_ za)%^CH7O0h-WTgznqUl3*HG~9{_OC}KZ1%`;y!y=-NM`{nTxSsu+qq3 zNgu2e1(oN;#nd>cK>c*;y`h-;+33GtxuDFCxHU}PM1Hx+@JK=!=3ZNtf)XlwnfjjD zPYBoSw32R|#53R3XB=*1DK&oM9#cf_348IA2#H@Wt{-RK%6D~Y%_mS~-?M4sa-ORj z@t8Co*$MKjnM#;u4N=2?6@-j`%)KFTW$G)GEkeiHR+WPhnsXKS=9tpZKCRs({tgopsBKBLLcTL#MXh~f$W&B2K)aZH>)U>ZD z;2gyBMfSBlDDRu{hUzlgsA|>zj*;*cp%!82p?FxU;uuU%?rZ3DzCeOvIWj#sCod1S zCGy(?mKj>myJlj+lDs9 ziizfFsW!%)-}ePFSv5N{5<@6N?-uA7wSoi$)>Z(WTb<&=Af-YXF1=!w)1GGpis zI5*EyOH*d`%BW6PUt7qaxaY*%w)k3-c}P;vTrxoc;J&M;$Rvc{xa7;oQggbPq1WE% zGXQ)h`MbB_r&IfS&x6stTa2KUlFe2vO7X98TT z@G$WAF(HptPXK?smua`%-{anCVZ6b{b<#~C2LLT^zHxJM_CKY!L0=JKc2LYHD3t<=wB0?zh~TV67c2c02&QvCL!C-~E|ycYn~YAIRZ`xtr16KMql zr=kePgS{gv?4TEyBWw{5<)`Zw0quwze+5$3(&x>n=qX9u9NP;mR>@ahmtL~1_V1uM zKXUrJXSk)Q4V@%>4#5n6PQM`eCQvuMYQ=X4 zUve6CzE(#zR^gXSlbF7tu5#5UFZxwjSL9>V?23$<>1XczFE}sV7jHeUtZ+Gqc9`Gk zp(?->R6T4EPZAFX)uy2K+V4772iB4uYOq^vh+H(&Y0Xqm?a5jrXSXtPYm#op$XmWF z`JHDK{-D5|X3ZJ7(PmR~jb|a7`q>Gl1G`RDD!hF5PmGvTow@ZkV_+DwRow@J#VA`b z*kW$u5U((Dn;*Z1(Mv{Tk$d1VA^x^n{H!n8y7dK zN+f&Op_ARGvxz0eVe#YYvQxcp5kh4M(`M|e7N*K$P7n&#D8e*#5P|m@vu!1}$(Nf+ zA1~93UQ-Zzm?I*i?7O|NgpIe?+hWwmHfI*h?njq`9UFtN0H9k8Eun7r{m!YEh}k&c zB!znpz;E)zEx|u8n3Jr1I6!)fZZRTR;ijl3>jsejT+ecJoNCNe4#BUXRG)jA6|d~q zx#wu0cL-}KrjSpF?wrrYxj=Ov_I@Tu?jHRcUlHPCC$z`3A=ZlMXLq|+Dgum8lqn7# zv4}7g#PI0y+b$TkWT;c-8-LuKig|{8EBk^g4u7XL?p~$8;Xh%sWSa86Y?{|U?)P@5 zEyC(k`37&f*ZdZoW|9LlVnROdUxkC_CV_u~1{oNwx@%mouJpdeFV2S{cjI!C2fI(( zr0LLw-kaVcjwGtiJEx#%UuTw-eKQWpdj#2deaE2xJ1HzFj<5a8qZ>5NFtM|+C8#{O zUY8}7#wWZ$@^1*IIg_N=@UoLLV~U593zSMmX?W)IgZVzPyez_c%U8fJzY;e&+&MGJ zwJ>FsPJv6_tK2gNJX0+6@N3@l_B#N+9sS<76agNDVVyi{q-nM4QvS2vvY&WX5nDDC zi{6ggr51)9z}pvoVESeOE`B2pg~2|tlYn@eP(UfVhuN4v*SpVF%O5lS#gJ>FQgbt| zXT4%$l1HxuGwZd{h`h6bk8@>C^S>Z#1q!)EjG76Kcy7Bh;6=rPbesLYmzTQnFQ<1A z_%yG;>Eo>TYhS#{5I(r+os`5)HySF<#FMaV6Ki!RVUGs!f}_tdRoV}3!?dR)CuGKm zlL(#quZA|%L;40Y#9Ns=fnNWNPPWKWiSn-S@|Wy9DPqWMt&QRM=1*0 z9P6zamhveciSf=YKeEbzQBFbq<&F~DBu1^)F+59&eDFIRFvzg5LZ8tcw zGD>rbTA@f5x3cz+XM0dPLzT_4Diu6>LndtFd24aTg#!hlw?@PALPrxTtN-Zf695fX zrPSbDbfml84!|Ah;}P~Um?qDKZ~2u~Ty5h(>uC!G$*=iq*y4efv%63$BkNTY!wogg z8DZJ)eQURl{ z#z`*Dj-0)q45G2$fDhS7PfS*rXX>F!yO!Snn8jXIAp5I}w6&yc(Y?}t2A}`a?)?a4 z|C17itMnI$vjcOYYwTsf{*?dOr;_unZnA%7B(2^2?Hv@;PWFwlCwKfGdhSbnqp3`! zk+eJx@Y?%XJM}ML^Ph~I|Nr)8xorQPR+i7sCwc$t)&0M;&fVto=^|MqPUrr={Oo`G zMs$RnGS5VG)C9gHsr=(=g@N4m&$$uaB*wiR@9y4UL74GBzWz_wR&CIxm79H6nxq|A z`5e?pb)VsE-adWRD@ulr+pSH(l0f~01%3OsW$W(UA?s9uK+7SefBny{a2iJUr1d>T zuhp@MhrEi74o`b@Go(v0W!f*m9R6##^8qi@S#|l6zSTwpBx~O2HabL0k_5e{JRR!E z7f$R{?PfuHB;uj<~5FEP6efXR~b-x zZLhr7z%>x6h3-q@A(x8oCc4t=_XURD6XCBqJgx2LJY>4C=q#QM!OBk}&?l9OG(NF) zjLoe7vt|DC3FV;+HphSg%?0r7vWQ0?hKbRPU=V#x)UsWUk(qqa zwmW&Oa);y%ea3I5@*KT zDtj*N@&}!(2Do~J_Kr3}}$=#^6_(U{UHjiXNq8vXDhmSwSxi)#Fw5359@#p$({SMWz zBBH(CC3#)*7N-eK+}ilsxRTVK;3M(aov!!8@}rvre!7Y^=KiaujT;uT6^@Oy|Bie= zG=>J}JoH+vgRIvVq+&N3%uIs9m~w^xP^Tl8^l>~q7o*Pi3yZ835`mreKZi|BYA1c> znGD^Fdb%PnJoGcW+4oR_uQS0wSE+vF=mWpPca2{XaQ#U-bj&fkQ5sE@;K}lf{Z;O@ zY4@%>gcLIu!E@2ruco&)egY@@EFHV&YEnJv-V2_`%gyJqiK2vxRRlW49fdHeJ&`$w zEIg(`-m~ni=C!z-8J(D|++j@yh)(ItaM@pFQ2nFW0EXDkPCZb}7M*3gN^HcV`^ ztr-P5Yo*VWEe%cRS*!s)$4ZemUs-}k@0I@?`okDkKX+^n`rwu`Fr<)^ z!F?t#D>whVVvCX%ue#xthQUFXm=>RNP31^?(QV_>=B*KF4cl_j!Hl&wFS?aGlP+rt zDfpv&tOw?YnNq^uux5C7jvuNgnLcl;*{75rfY8z0D`DJT1IpE{@j1rjiB*y(8yP?* z_aG2+lfzv~GOv*zq+S$)SpC!3Qxl)~X}%!&-F^aV+mUw?O<+CvaDW9F zkq4Ew>zZuept>fIk2jYet{guHdBezqO<%_+zbf(LDqTP5_vA_&(_vk4vE!T;Bfcft z^3s)oRgf^!dG5lYWzN-H^2CNm&UW^0<(jMW+^mlKsb6L;ha}4-_p0nHBhj1FXeC1i zO6o~-R9`| z&w(Sa2t-@Bo}ebDyHCAB{1DEi(E_wF3GK-`-HAY)i(!mA;`G-i97_fDU=xGr6tkAP zt|KlH}Ef!*D+iE2El9N4&Mv|_lm&DyeX!? z0%pE#2zQ;4vj`|X*!y|{F+=EWri|yqpW=CaS>zC_=T=fRZmmDyUh8oaTeO*iYBew? zmcQ8--ke4E6vnmL=O-II09F-r9kkB0>le8`O&=-6FRSP7(;Q&@iIQ0+OqvdvzV?JI z2FuM*xe;hixrOJjVRdiLXHiolFl=|pa}jq)$^tW)994|H`K;rrrmP!l11qT>`9+&B zAE(?RT4=1XY`jM}MY?>gG zn9PUQXjban=h3{W=C3Sk)`WWYaLCf*-F{>eKVyk`Y0FWMRqf#e%m?1&k}aYIFMM=Sg z7a^M^eQpXNhlJGB${cj-A{Mp|Es|VrB4f~#&3P`+S0xS0zdSjsp?4bPRB6g7w;hYc zn**VTRlP;uzkfHyE9bJhyYwY{crQSX{}O5h&xEy{YM>@N^c=}rx}dsAcW?OQimUM{ zUL z00kdD_uV6B8Y^v`?x#wPTGR#*wZIRM6XyY`c{JEEvtdBPP&q?`S#oqK*H&kw{AeQC zOFelY))8jpA&$^Fb^X*LBRS6P!1jc0!O7A(*|0}PQ0vw(m`3H^JaGn9FXmK1NU_78 zQINNHj$=oWEegD_#AJtmli$rtZ7(v=&eKa;8G~VnfxVba z(jH3+j~a39t7EANiS!AOx|PFM5JqsQ0XMG~68HEroL&+lfCDxsMkIAMi&vuOQdGnf z;1R-n4VtOcPA(t zrI8Y4ATFg0Hp^hh=Mu}Pou$V!TDL9Qw5#wF+uqw)^YzmBU9QZ#3*oC$ChpBB!NcZ< zqir|S;D^?h8G}8IBShx(hom)*0FBZ5TrNSI*cCH>ODR&3mjW6RztUXWW84$NH{U;U zoX(;{`%Nt~S`9z$q`*I(zf2ah8PWZA#v}1YA=UoW;+FgvD&6s@#whd7QOm1!97fV; z{v8@)e5eCDCTo`zvF2q;pBh;P{T*v=a0wtvr90S|`Vx}SFEVMIK%=~u*H1%%(c=Ys zLD|z3T$y`-akx`832#+k&o@|7Vq{c5;9PrTmTs~&b*Hs5w5S>L&jUM%fw@;z&NA17UkDtNnnYn(BXW=*RD?h}Zq;;gF?bgSY1axZ0yZ*PIWM@)ztT-Le(Qm8csTzddC?M@^pJ@`ID}zpn?Hh89|_Vf7xFNNG}tWQmmhjB zBjpqtCDO_VUPSjsZ`J05qbDmfHnZh!hJxew+j7GDti4~G60;%Y@&PQ~I2L?+|HFEi z#Fe$MQR_ECb7RD}AE)eY|6W{%Oj&s|Um#f7kGA_BU9uUZt~wc#eO+}oyG_Z*0&uc$ zt}dkD@aIbvzG64sFEdeX7)Q<|!%43!TE+dYtYVhbWnMdc^L!7Mt&Oe+%nL~pqk`P8 zM5nU{CLvn?t|ZC3G=GQtxB8=VR-7$eEIrBF-;^_r)|F040MxxhbGAS%*VJOlCS*x? zzvYc5Mz>Lt8tFZ4_)QBaeI~b*x5NYH)m5!}Z>hRdB^wCK;>^rs2PyC~`+BJDG^X5L z-G|h#e^$reF767f(k{L0fL)p1`2pDkpS}!4V3i2utb->^#5%rFn-|i3H+4DpLzUH) z6Q?LS=2~*V0&Mg$_&#~(9f#8kI}`t|PT!cFcW+8J7NH|r@w<&}&RbjQ8I_CgCrt z9)SEX|6>Epkj1J-pvnixPH}>424v8dt3$*U% zHm;juV%(j0!}EjD-m7&szU{baBg?C5mw9978Xa#q-haM5LS;f3kjGP|5#vv3SF@Nw zc>z2FldLqcS$8y-R?f)E=)d|ZKmPPr@5>-fFfqR?v>5}L?vGxfJssaT`4fzY^jCRJ z6#clHC-9I;n)ga%e)ne;FQCc@7kBD~=i^gu?My7fF9GSoM_#T_`We*qgcZi3Gjf zzS~|gN7Mc{v7mad#T!+0XIU1$1$3T}nYG^ISrho5eCB^NG|SXAA+K8M2frcq@U%u4QIcTdt^`vUw>aQt@ck@H70YmnK5A3lli zXr;`{R`vV2KM9(};YHDZ3L#$6gByWpvnye;xyrqhjHv2Or-Lrlj((=B_HkfNsdB-! zNwhnIjB66(a|$TP%3H%(mxt8a`B2PBIC3~`k*eq3{D<}}xIwh|B=Ct_9jLvIxl!Jj z_FfYn_+~kz2+#&t2d6oPoQeT5LnXY&tRtePtRb{eN?`m-T(5WRBMm4H*n~Vg*;o;u z&rN)75{VH{I;1{ZVIhsKwn$eevK-+Rq-MC!&{N)DjmasW^tv4#`9xXy7Xs|s^Z8PW zes3R+nioyFlX>eo(Mh@YHpu*!$E7^V++h6LaHLP!#?5#wXwa@L%#yVQy{*VUS|E3< zdE{Y83{hc(1b6?zh>J*>GXynBr4DiSy|iuunHD_-mYt{#qGy*v{3% z2|n{P;UV=X!P8mC6l?6dEw7!<7W%H@jwSX{H%xLH|7wCv`%uy{m$-47BfUW;wcVa~ z)ppDgZv*8u!r@{9xb2{s*qnw(z#?>Y&HXQ0xf1T~p7k@```Yyy9ig}fK zN%!p{vQ`Ij73n607F&0$Nf_7-2P-+)s6{%*f^B`1snzd<;ibAZL}E|%r?vFWKfBxO zt6F4p^P2y#gNJnoi1X)#l#>(Z0_+^d-xQVfJgAQdI2gnZ%vKK)gyCed zqR`JyEx)DovJ)JZM7fTw#wCOtof5SJB~JeIW)UPxc_4aIC!fK>MGl0Eq^WO83&fYW zUA+`BIp+ujMsC;D$F_#qwDr8C&G30dX!6as zPnf&Ql;~e=PtG(|XVGK<6SkQC8gI9?IU=ceu($VqkqAfr%!U3ZGc;HotQJ;!ABdIP z*0kL1I=qmXWS{{aCbWFVt_!V$mWN0t>i?fm&#X%OK+?~QZRXpLilg|SKT_d%k^lN0 zl6r$Sy5I?QfM4q|8cdmJh?D5<-%Sa&?kTa`7tW|u&k0Pu@+AOkhBv(lBw#LQ!_)$U z6fic|eoRnJi`@Owx?3$U(t0*doh08f%Vg*~c3;KwQxa=B>Y?n@!0_nrMVlFep09Ch3%!R|n|Dq;#7l#a5QK^+FFJrtN1pR9Vq_=V#Vo#m~9 z_IUTq0Dk6gDDj_`z}!8_bCHlW_?C9Vuol?V==1lZuQSrJOZ)D`wc}Zq)MV&!sBBVI zg+}y`jlg*hbc6U0Qx7O=M#B@x6;KNWV);9+Qj)PjEvsi|r{HmkbE8{O(ddC}>HR zw;-RZGI7R<9bg&JIO|%+ZfTz?UNiS% zqp7a|u$sFxwNz^*5E9=&DQ&o)#B6q5t zd+&G~HNV)T`JJe7V8;wSJr!;%6MJ^mJyDRlgP&hzwEE`rH?d9J5=es!4lKH~Q%dxZ z152Q8%11u`9n|og`NTb~D%Y=v=LG6u@_gP5&`bep+p+0~l{Lz`LF$dEzoi$+*@@b% zmTi%>+C*M@T6;?WNW6gfOc_O}od+JFLg-Rb36_xI$W`b=@J-G9=;zD~S_3^2r%&Pi zBwI|AD4M*!mCKd9##5QHzRPTb-iJ_?0r;mlx_vvN#L%{ZiXyQ&k~zj_A|X6Q1BRNQ zkYp%+-j*P&ej&XNs>?-Ak{pp(B;KAfwhE)VwEZ{qo@^9+@IqotB4a!?!eM&;bIrv^ zUnGU}(n;%sa9t6oF?UBpJu^}EBsKb{**BoNP^Tb&dAqn)P9obe@y|U25dky#g%Qy5 zeg1`U*za9_t@Ufrvf|#vqMIO8$-E2Xx_+G`U^Cz&nZVh4Za?dv>i*`j&A&Wy8>(i7 z)tL>M$;xGxFJ|n}*a|mp$~hL&HN;@=fXQDW&n|p0ujQTJWc8SlOQSP;B045@QGM-f z6q!<>VI;2|HxD5$zIZ@mYB=K`kk>8RpuFlJlHpYhD<;Ur47b^(pj-G5c zCGQ5h5O<*nh0{SYkVwTRBmYNNf*13i-2Ln3gw=+L+&)URW*A3 zV#{r_funjnIF*tIA&xvQ)biR+y+?74mOPHS_(AxKxRO*rg&bAHJ_oeSFqY=XqTcwJ zPx>6k3G!86zyfQ&Mhrixc|OzeXLAlo_CwTeG(ibc5#@xcEZIk|eh^LTy3UrokwUI$ z_t@>vlDhkVv^m50@iV4yA8Vh!?=HRAD=fk>CpZOz5oTqS=yYM1dCgk=?`vA&vNo4g z;#sgjGAGhpNaCE5dvp@9d6Zwj;o}ldZ)c9ipNBU*FM%W;d!h1H2suq zYVmBL!}q{14qUKwVDF6I&xkOevzaTqjb%PAg@cC+W6hdbbQ>%6=5bg0C_jh(3N8Hu zpq`o}}n(A%w_j)+TG^lu`(Yr0uZSQ12fS!YHp@o1vEfT)!wzN;q zang=S*pCYKyJ+>Egb?UO2(tE+P8#l4~RSt**QYJv*3<~*(@&})#AhduW!g*PoC6n1(w0&5UD ztn}3hUKGY#pCId#8b`guMtA2`=2i2msUon&bYgKfQ^Mh%Hz6W?xlyV1JQ|Mhlz@ul z7K?Z^g5yHopx$#gy5FTTK$-OUZ);_)hD_SLG&XcmizbvZdL>@Ih!O z9X@sD>1)jO!H3mOmSb*(Ruk$FrHHD499Wo$-A7fw)Gq2O4IeVHtwbmb~~r zKJu*j&C&PhkL1hl_vwjnAdeKI^Dxj36btxcZBP5YfqIp>Ofsdtzo&bmnroyM86Vt# zro&e-e>8v8zFrQ}ynU?0RbI?jkQ~@L?GbBFwU2vQ>v4fF3t5A_k)tae)yz|zFK}g- zR8Srr*irK5+HG=wGgR+(0V>&>op^1SfZgkm#^-Q9~f65H82 z#6NgwaYijl=)iFbXD?aa7xsm2SpZH%{JrBm2&ASF z@9Vpe)69zrZWj_y>?CWI)1A7=lB007xG8Df>7u^{GQ2qVGuz9hx9d;!Cu$euO}xbX z9@`%D+qPf1?Q2O)b8k>i!{(wUAI1GxP#{NGzQx=nPfyMlOJS!pd)vNue`)BgZl9CQ z+xYuw%6qXGF$DUUY>13AW{VersPOd~@17wqwjK-UIKA@j z^Uwf0E+}*-Yim-j-Z2Z3{aK~e0)kbmb`FWl82B?AflxV)wmC1Q!)3_MHb)`x^M?)M z`&s;5vy?sC=*HSOtY>-8L_uP54@g1E&fFOBrUsr&Aw^Yy;3*F11@kOLNj>GShT=~P zX0nYtl`5aDt6Me`K<-b@lVA2iNmIV-pq8gcn`NH}&q3wRz!4=-arnv`# zfqWEGcS#ZW6Bpm03x5LBN!J0AO5{7fm_+>|%`ca*Jk&Zw$wO|3r@q+g+)z+=4aD{n zWBDcbV+d`fYrJCHGqrlJg<)uK_1U|1k(5-vxK+zcciXSUGPtq3^`#gY@WppOxqPJ? zzz1t4PG(?*_Nv^bil-`Wdi}~2)K>Jme)V6?gEIMGuDdjprGFc%c3@h;1HitxY_A&i z_vi(mpPUgo8N@e|RyVm*4;|AVRJ~2YGSF}$GxFV<_=!!n&wNM|N7P+Zxp6Owu(DA+bn*c+~&qZ!G2oFesCuRh8Gm{7Mz*PK~60gxeyc8_hs`4oK zS5~yP>oW@kE&B&}!A7u>S|XVmiqTac;{EUFjqrj>JI~j&^*Z{!5G`AUK4THTO*^&pTzSc8#nhOA zukGY+_8$Y*ZHm+Ejc*uJ+}IJ1c#q7Y3(dpOT?3VGlzK~nQv99iRZoDKqg{1ETF-yX zGKsI7UN^ZFZya;E*MA;|x71|_-0exk$u5T)*sU6^O3wxSIuPHLcv8lxnP8cj#{Kv{ z>+&xvg`(+J-w~^K8v-9c?iTEt>?QfF@Ow%%JP0@StR>j2Da-k|JwB)z>{7NgioeOG zR+?|S8y9jU<~}z0<@7`v@M*LF!~5pG<=x`}PKQxJU{+ho=p|M(quTJN1VrWM+g=eL zt-Zs&neTTx%ibnNzyM9w-m&)-)E}0DJl#u+U?M-SYor!l=AgIsx|CB%yJVq|19c@82MMf%EJw2#_1OW`(j#M>a3 z<8pbPM)#V)!%U9C-3)WQ2d>H-Df_6W$+JaXTDUMiB|4)wx51O#Kp6yHDo|Csb6-3mUveKY`E3G% z-IbikEBo76J?!yPA`iRJ-&A|Qis~Kmk|f25ZhX*TyRZHuc-cc6H{p3_NNV(4jB1HZ z&Hl;3!*3vJYgDhP3oOd*8CwTTomW$|AU*E!)kuqx(76_O zC-u5P30Kr?U;HINeTqg+O9W}Zo}Rt@Z^v*vudZQw&%~|%c#JXK1I;bvIqj4uZob4w z2f>7sBGLWl&M23lz)7GFOa1gU1X`HEwB5I_~p{y;Udl%@3aX0<@N&Fs9jd~ z(_i4B{C&r%aGCyBIrB29Y0}TqODY`qfUM-6A^T<=8CQspJ;icWhyb`FXoneh!{XbRVxeb zIwE7v`enPa0Q`9b=Y0%?#qNoG0bs~Xv2q0`^`Q;qKVzoL^ZIsa3NJdHm;0p=Kw+}H z@f5<@7`unt6UiQYuawg2Jk~txl4kD9j=NqLDhg^~ZyGLYI;}H$SnKMUvu9?X+t8e` z^Fj7u(-m4T&AxIxFsh}xZ*e+$zNhVMLSjEYFnwdM+84~yD{@9eO}6ZABWC&^6E?vC z1;Sp3dOdq(ekS!q1hhw_){Zwf+Tii#fxAtSCCGlYd_MP*DkF1Zd)Nm?Ub9=x513=| zyoyI+!cjfv zXItikt_P_++x2gWGtUcCb5YfgNenN#YgKM6OjoMBxFWy*Ke+&6{T(VO;VXgqq0e-& z3W54S!<51kgN3n^-zRn%lm1@M?C+%?`%arI2WGeYaF7FwX^N?Tv)I22O;zg*$W-u! zB=h6eRZ~2TQdfOcZ?1!huPL`YR?Q)*UH2JEL-MVL?U36$+IZW?&3fqOa7H(7^qYky zXNkP9i5;8_08(1vt^`Vr=HzhTqAQP9b7uH6Q+4ZS$sGx7+t9*m*pXW4&}ivAj9sE& zJ&iwvzt+NtPtp1%$mz^AIluJC#CKT8@?~k$&LpJBf9%7SU4Uh-oYHRz>*M2eM;>g) z*gFM|cz2mDp}>TQz36v{Yn_Z}jad3tO&^lEmZE*MPo`l?ivg&m-^s}TDk{X56=a|DtiVwHDmYg5 zxZJ;jv?m|VB-Zznz^x*Cm%ALGyh?$lgk3K=3$w+(ylfmjcZ?IBjSe25=TX@krS9L* z{XhzGSh}a>BW|uQ`{Z2^uht^fJOU)Jl0v(!o2q_ch{LM%Ci8Lbjhg(0%v9c>==e8< zaee*2sd)aT-z(x&87>HM59iT(>05i{qv3+mi#6GNyv$1n$@}A7Z(F(ZPTw~@#l;HI z{giak_uEBD=kI}h`I8B=0!whrgze7usTH8(s8Cq5##LpCUENP2Qon&;6EsSj&$$#K zaWEZyc~|AXkyCc}V4B?@8LlE_6Q|YmNoGY(q@P5 z`Sale+0}>5hkTz+n8gO208h0Znf`U(Wp@_4VsvEBIJj{#RPf$w;Hd3o7ag51S61ce z4H^NS9ie%J3H!#iM!(I#el_7qU4|ojoK&U!A*?dG= z^ArDYhDk&Vg&fS$BiPm{N9cScHI%e zvp0_FN?%p*dulXht?fKkyF??oj4qxoa8666Hn~;Ks1EobVHa=H=pR& zFO-hsOM0MLl%|WG(PCnLTZaTz|I?pvO07Y-ru!T|9EnwE48&hkbexRT?G`8hF+bya za^`O!v6TfseE#F2g77WN_4M8bKDE-gl^&^zw+DwQvJu{q(}zvARd^pErx>h`sazcqEF^dyCF3z8e+%(9(AL9FBZ~lF(QOqG<-HW-IDc%SG6+RMf7|eIbCb z*wIsiw~e%P{rCX#lzGQss%6Txn;PU1>#J*oxgN$0xe$ zY0^{U53)JM;;HVNSw;loeNa=l3pYQcRv|9j?e)h>ct)cu)FI$%Kb-t|%0+vp>qrz- zjks~4ezbznbQf~)*S7FX5d$8bs{9CLrS}+nxQ}U1pm!vE=9mlE(VZ(J9SVF-L%%d? zJk&mYpR&>2VlOEX1RRus&ea_6G0KaM*BgaMN~_*kES?l9!yez(N%6u2;&WLPkP^R}0gij36vdZPpDv{OR+c33$ z^MZE27~)=rHwW4y@MY&)luy7IZ<)CK1L?2BJaiF%!tE3=<%r7?7>&|I2L`jRq~QA( z$T-iJv8xA<-j8BkNeMJU1o~BOp@oFz%UMAgRIJ;d$0Dl+Frz=t>zCsyF|R>wsQd-` zU6z`)uPmoVsW6OpX~S4~H?s8_E^|0+zT}(ljZ-GST1}r{klRqu zD%KHlg{|OvYJ8CiymOh`Nd?K+fIWtrS1H9A0m6*NZ3qaW1KKtHvYY7ueuB?B&sX?f7m+fsJ5D} z(WAw!6f158THGaADbnIl+}#OMB)AnR?jE4fLW{c-C=lG;DU#r>!7lH;_xqmbyX*dO z)>$VfS!-r?X3xx)-_Bd|Xyj#^FL})ny4FUJ9_*H?1;RD z##v^IGl)})8}~OqXcx}FHm;EvqP4iG129r;wRcD^`X1}|MLhe3+ukYm57NM5PUEDu za=)Swh=g&J->;aeC^ov$(Ni>*cR-lCHDM=;8-`)<94|xeW09_i9V6G80EUHn)lb?Z zKL*Uj>Ex`BKP}Vi_4d6J+E{KF-ohG~KaB+w`7Kp7t+|wq@qp&QIwk#nVFj^7)HE{J zq&!W=NrG1clWCD%cX20o*P!Bj=DgUae0IEt+_I9;m?ub#r2o_r!DMB3?MwU)6}&j7 zOx@?Gi~GJ3b_I=Du5R8o9I~ORZI`cK+ckOv&cjqtEQFLeh_OdW>jsE^P?fQB*IK>* zvs1+r;KtAM-Cfurel+Mhr*=_2PUd~Ci-b(0&n{k7>n7|-?F+hp#HE?9)1dR`%9=0O zhyCUN{y5AgaF-DzRvE_loo`%TIAfRi3+qEBWn>#yRc8^}5RE~D&qVall;C2MpIsx@ zws;MMxRIr8w4iDA%lLLHrgSZk4-uC%KyAD52Qm z#$=QuQti7M!8UKcDXbD7y$pI1>^q8bedFWBiI6%XI*wz68aDdz+TgWt_o*3%#5jkAX6^xtM%J3qdqxGa?u+9nsH zy9T#!`1z>kSog_#r54=4mmwW_*LxB|PHk)|zsk>PCLW0M%|(nd{~T$V4BP7*`#jwZ zMK#OUGv|xM@7>59k=3xBI$2wGWbMOV$+Nesbs|6L2y*FF#UJGVe9E$c<(a}oD})1f zbEy=*sPg^=IKAsrcQ7~!L5%2#@+>f8APW43UN8aUCJbg|@psD+(t)!Qpy@OpD<%h- zJ6_xot~05Qe)}O|CKLDQnDs_irK~#B)MO`PL`}_KO|Y@&bHc3KjaeWE=|?x5t(=aB|=`R9$f}TS$cEh!59c-*6-{P)TFT>WI>a#Dw81_bPLw(Bb>`&dDsz|4%;iwgmaDY-9>y9_O=fJ3OBSb8LUTK+vla69)fLZ zy~rt1@2m8;I-8G1j7^{g@1!j5620*9QtoO3==zxH3`rKO*ATK$pcRtdIQZJeI?m@O z!!dDy;^H&T@lWl+zRA7$tvzp;j-rTgVPc1SlMiRY$1(P?cf5rr2k)VAi|(U*1Xs3w zRO#zgq3rnEwBB==&_~BIZ)BhUP-=U_||1iU5QF zuKjEKFkqr0p9rpCOt-X`LBg+!)K&KD|Hp647M7AWceEXP$MfYznMmYvT61vL0H|qP zGcxr3e$=FEIpcOCGNzCy5;fT09bo+BRCZfz4dH{dJx%_ev>cn^>%|6<8c>90@Sum4 zk*Ylu%@XCh7{i4TN|;GfY$*bh))z+d`kF%BZbI>ll7_Ui*q^jDlvg70OF1k?Ni<@z zrI*y;bKil9MZY`P=W^~=0#RVnKoP>agw!TVo;O|j)aj|&b2%mfNNXQ1VZt^PAEYc4 z6#j$k1x3CTnf-qPlM`L?|0?NOoP53B$R%g5nQC3jz8-Ebajf4yA1pO_Xt6|v{Cq*A zkFW1Z80r+HlNG)KWePp%so951YVsjdpT~87wYYiGiGhaJIif6c#+qG;4K(;V@cOoS z9e2A{@SA`6Y9Vi--bdkP;GaVlGg3t!BbcQf+2w7B06E7@#~!q@s_51^$CPQBd$-fy zxFpO**LFXqRo7YP1d#RVZBzHCMunc(47{}0B{*KM&f=kFJP3S~eHzcBOE4*P27WJ{ zh=XAgz!!cUZ+S^|vCS^otjU|z@v3h+!fO?TU@Pro9gg(3j~OofXz~+=um!3x_?d=< zL;f0|;qZxOYgQyWdKX^e6C%OQF-Invy+uKfCzwu1 zUd0kc|IEV?8gR-?mJSR&cbHIi#+D?lP=u;rOIAes8BrTKCd@{m%6IbUzc~w3^!9#; zTrQ`TKftmJx7YwDcNtcU|3H8@~8%L}Mahmz5PxrLbXd^F4Ivn!iSUtdfr>^<%dRQTE zMD={uPYy=^Ft^OZ>GP}EMky{62upDv$O85a2hQoVJ|mheE)+hD{fKV3?YDE}bm+T( zqi9*WNU(u))uG-Om`Z{axjUwW|t;kyicS=aO`Erpo{Us@st8>8PaUd zB4XUKBsG(I4H4-@WeweI_BMp=rWv$1we1^;rRO~yuxztPK1$!tR6d!A?Clh8oES5x zoNkv=HJJ#AH1B-J89Fk#)1XeaN|@ONce^gahSzV>;*8eA4YLj8ju=q_vW%=)&y8XJ zwJY9-vskE=uWT>Na@{$6`zax#I z{&`wWLw<{a;X)Pv#-i-ljwZ3vbGeO9XDcEmQNTUj&_^P(b!)_XKrWdXPVVd5;SFYm zgSKuhBo{3DYSx-zG?^^>TLwmhc9eFCfd^CZZ(6tF$_TDx*OpBzDR3U=9V*-HAFe1d zK)~yl?kP%$2iy7F7SyH@@Z8vL;98As2*C5uRPAUqDaG5!nQlohhyO+*UpVDJBQc`8StEb3fd1%~lu{nU9Sx8fMPw~}JAz8Nbjo}27C(on z=0#^Gl2bzRp~fmBq&H>w~3)0~DL*3gG%%HA|xcRS>|ko+jUyiZl->X=3HH1W=9p(Y%U>=zln zKL5NHl$Huh-qn~U8#g1@f`9exg6EUhda%{C<#InPn37`#J6bPXkF?w$7w$48;9A6k ziSs5*sNFz)Wzb%+is8T>5VwySDrEklomoyxh00?k!P63LB(DYi18>&bN<5E0eJG4p z@9m}+fQyNvY-bMyIDV*CU z3AZ;!S===0*}=sI%vZTf_jQ?zW7m9D`^W?LthnKyD;LcE<_W_2Lp)A_g!0{$0ndQh z2knLtVhANEu&u{{Usq*C0xw;NrjGY&sR2T*x!RWO)N3aj5mJq@G#e)&sv|j4*icSe zu6iY4SP6+a$??75>&k{*(b-w3cp>rK^PR-gO494)uuPK_l`(k?l{Zc+Eqk>+jD*Ux zj9pDC_DU1Oxg`D)thfdb`y+@trX1WRek)C|pvUP#wS!P^dDnL1R;QLMR}A~aD8d_Z zWzy=Ui@(HLO1H$b6Um3;iXZjFvskFU`QfnD(&~)ZS_}~HdrWockycW9hS2-F1Wq&r z7^gezQC(x69c6f77nbq`3O5Zjhz=ufPN~ADTWZ#lE)Y&_2v7OFX2?2R|F$3Uh6TC? zTiFo-0>Q|ru{kh zxd$Y4@XB!xYIxNp@BU(JIQwdOWBkkUb>gq+N=ppY5rHw(D~d58_l2A-T6zlV~Qr-tscHOzGiXadZ0>Ch}%*>!1{cG#Y0I^ug2+x7KKXgfw*x*)!}o* z@f>|iS<0e2G;b-t&&R^Wum(LQ4`65t@*k4W?F4+j)=G4^ z52CJvQ&v`vv`a}|I3#2p%-bj_B#!OLu-lVHL`zO+&J=ZLD#?S%|2%113jg;kMf0CMwD3DTbyo1znbO=u3hA?%AH5 ztCVWsMZorRBNw5XZRQ#F+XmS;tJIybLl6JPJgiS_AeHg#AYF;Zgv*R7{v63(z0V^N zJGz^qo!fTpi=`YG$DR&pcq=z7#DZxc?5IpDVe55h&Wnlef1%&?tBzvx57lV+QW+PStIR z$j86S*%UIwkr`uM(v?h5Vv4iOXpAki;u0B^Ufnr60oi+--OIQ#xmnLW7IW~|p3a3n zv!MNK=Sn<$t?#I4jT&5FYjw0ndmX#gQ1mZ%i zqyE%%&(8g>D`n;}^p_4ro7*vE4xHd8$3rJ2zR*^OWD7803=iKl_~j8}NMc!J!=Y!T z!i(*s?N(pEcbSl(H{*7vnS%r6iOEYF>|h(P?*W(hH=!AkEReZ#mQd)K87JsPBHq2= z@q|CvOysE9qQiABiK3=p)V`P^vos)k%u!;`_N;_!upXWZ|J#m8Jlo6Wg3}%D#6OlE zBhYS55^=RGWkoLM16`>eg=~DS|3j+Zp8$i#w|+fT`1cQ-Tl;x4ntlj+eKzVE%;Y_} z$QY{dltR0e`2dYl9sHZ@Ub-CT=g_!Xd&2FpIX7(U^0-7JUYRRY`%pgWx!mlu@$(5c#(LbLBT@#lq>#1=qUY{ ztu4O$kG@ZZZFut6zkms^cc_+aT9N;Boe_Ah4Uf{UK$ov5xlT;20lrL|>ctL=-esJJ z>e{S4E6Dc>O-p0{<_TpGVVK5F;G4>gS6gguVR||$f_V=FBcL(d#qQ&D&N-_z2V3(l z$aJ;C#Ez(I{EXKp1$XAtcLzX^6#_7I?9|?IVgp9w;d?w^yet23k0NFKVtvks3>8Gu z8t!zeK5gi}bNr^IVNN`Xpw%m00AE~b=;`evv~tw<)X68*f3wRi-$>KD#YuABowg)L zg!gr8qkElDqi~Rwoi>Ie%)&s_<3DhJz4vgYVr9ATJ|Xw^npj9G?bdC+5}xy%yEX6J zu~tPYMZ$w;4r;VvV&*PCLpq1T!lQOa>M7+&SzcT$Cm+J=oqM1MD_>)hD@EbAZ=Oj! z?E9}#kL*j!X;`*aW;$1LZ2A7=Tt~-0O8VL$=jkNYpHA`HO$jQmaIj5RlU{4oHF0X> z^paiolHCUVK^fX`47PIh@_PH~Q=;f+R*!;bIMCC_H_IJN%uZ8;BFWFk%=YUz2|oAZ z%<~*Ro!j!CX|vT~U_i4CUX4}(=qD_7t;BM93&_b5pA2E7=@lW{tSXJ=HB>I3K4-fb ztz`UW-|(G@W69c$O5yi?r1X)2%pIGJz%n-W32m<|-QaBX)3@vj;nRLTm`To!m4J#P zMiKUsJ~5pe9ZFLglSh)1F7eN=Mv7p?M|=<|&#X?gjzW%iZcD^kmg+D11$mx;m}H;f z+iCZ}FNQh%)oo`t)TfHQ1x-%$M#F_oc7x`C#V)>t1R>QkaB^3P{M@V;nCX;bPsoa; z(p8D|U^#2F*jVu=*XZ%|1z-$Ej4W!=B{8r^k%D00EFe8Xg{hJ+j+G4*#~-%Uymj1G z3VMnb&C8O=ga%g9qNpHM(guJRiCoaAkmWm{Z*PfEzG9Vr%`N?qaQ{o0L-|0lwoH=b zGuQGzUm3(j>8EupZ{lC8P5+i!q!hwH7Qb;u`c31EY!?6I)7#GEo7A~0vRM^Loem;X zcHZX%h>KWy5#!C~8pKHZU?^i%0g>n(yG@y$@lPlRemD=r z$XAaN7C_kwG#y`2aPl6PoOZ$ze|e#_Y);mFf^93_0cM{@Blpp z9gW+iq{8d>x${jDrV3Iz+Ba~-Kc%lfW20?&visRsTfZ2Z@~+T8QX8O*qB~kr)H;)1 zAMyJCwVzc0ZM<13via!8G~IQ`;|H|wt5L^E4$_63Vk(0x`At86 z50^tBe>orePoITR0$-r?CJOx!`i%MX81vRA^LZH6-ebP9>CjA}WK1Vq2Pl)k}qgyL{gBZFT0cLL24TL!pMdi3O*A5NI>l`kpgEG(eRB6C#d63 zs2Ua}`Ca`VKbIw8M{@a6Eyb8t*qv!r4(DIHnqbHSfs!!<1UGM3|3IVVFGfCd!q5MM8HOzl{A!VLekr!3C_I)Rv>$7%fH^KiLb8KlO zJw9=983W^=3poq597assZd>0-hIFE-M>$N)>T7EL_`XbM*Q>DxX@V4LoAhZ&_VT|s zR)&0;J)YAbDKgt1k108bSpThE-ZGLa#raVx0xXiGYIW*WWLbnQmItEFq~&C zn$ldvPp49k&rzV|eXG9fLBTz}+5(L5&`A8=^S)IvDpI0@*z{)XQ$!GPXKKYzd)L24 zSp&1IA)zFx;w#_xnYU@%Y2XHpK6Zr-b425su6?b?#NO_^CWeY4sq25up-!R_G|a6; z$gZI8Ri&T>RB3uzp273aUOOdI zQq4CiB+o^pK@}fV*~V(gQ4@{CCf28kyyKJIQT!5<7tPFu8+TW5tZa{7It-ezZ0f zukPt@R@xX1x&%c_c<@GAJ84y@V#|?aU8auk0|mXv)m;6(u*rrvzle^l#X;a==IbPP zR;XgErg0o2e%ExzCjq>f-(5Rk-vBu+SRYU{eJx;<4bp~Gc$={X@2((;vYA>CB&KT3a*fnxyko zT*h^_0$(w4PO|Fl(R-&E*d785E?!yc6a@72IvSQ}mq0-l|NbkozCmFeS_=;1&0i-}a;vlSL|uvNfu62^L4}FkTG~ap~V(9d`R}g&dUZCsYv% zMw7BvJtODzWr!p_Uh`va;my(6>-0+z@kZ3B7d{EQ6$!i)`OK1%D-Zs_yB*(<9d1jv z)|+I)qLO9V4@qSIuCmoFRD|n#t4w(_GF#^eigi>HA)G){uv}CGSX%CV0)Kk7F&W-m zYrSw`5?HUzVG#Z$p>_9@>SJOF!|~TYW|Lb3^u`__b>BWZVXk(Y4!4b}sWX;Vj!pE@0xjg@8)zf&>szwm!;Blf zAe4p+v9)2D3ZnM`gV{iZtuzjO-8T+;u;L9;QuEwyzmYLU@TSMO+31hTQKBDg%+7tCsVy2+SKX6qzxiBg?4Miv(`ZZj z3FQSLYq0nTXit9OPzxYkI+iBrd z?eEEUb^|j(E4;W95fPCB$t0GRq7)W)xP?3d5NAMc!sk5-&!V<-yB*i&W2eg!HLO;QUk z^uT_pI94iCmXKLZXa{h;`rCiiGHs*mW@o>ocqja}sIZ3e2XFAEuGa=(XHF*wq6XM&)S`HW6<>`Xp4m7-ds2@v?_ZSe|>=nO6Qho^7K*l6$TWS2pJ&zZrI7Rl^_wz+S z(XjrZN{DkGm3Myq{v`9(NCrHh3t;N}S<`s7!`H#utVOBUFw?BFpTr0<5MqQJl9P_MsaWDwBUhf z@}XVKelRLVxcl=*wEcD{cAHciLbuQwVW{c%iX-{l8Jl6*vyqVzJoiX|u=OxDkpf^XF{ndA>f95AJ()W?qTbE7=i(1qZ_l3&e zTY1_yP^AOO4U#lTI9n*eoCVb=8HstW`SKcdsnLb~FoDq|_X-f}fHi?V-u>6E#~O!!(F#)NoVan6q7zR^=H3v#777rWGND^4JQ z(pPguw$g_XcT%EgjZOV)lO=&t^G8Lo(&8N{ezpB&W9_oI^DIhpV#Aca<&3>h<54bD zuP_TTpF|>1Zcn1;ghPY|5!Ih=aG2}j?AQS~Oc(u9&K2&;`pDzybi67UaG=|Io8{nW z!7;vpLPMuMU0wCCQ{GtCKpIG?FLlo+N>D)Yx22$Lj3}+zSkAP#+%*w3z;Kf?+9m~T z813ETeJb3*2$G=4+yB+aGeT>m2t8l>N5idSrZA!O^CnW+PM1_GXY%%j2Rzk}ta{NJ z)OjcRpPk+bI?Pg)CT13FS_M-=e$xjRy(G@rYc##Ngy`d;#{AK_lVfHoR(^-BSA(ZqS`JeN7jIg z5q)9#=J-CX{b*A0P?EvYYuSoy{~hmJ3em{?kI8;QfIyu6t@`P;T-ndEKRnO$&#g!P zn7M-(8_1dsOp0*+MypC-t(~rEFF89fh7&YSjY+Pl05)-3A84PdmVhm62~gU$bCnp< z4xZsKVf`1#sj3+jq<>WGAHb*Zyod>aCJ7ngV=xs(8uR_mE_fPjNLTF{Y@U zus^|=dRiyJAVr39P&1#lbf7oDUKXE}9jAVOgY{s=mf$ zArBO3>2s5`9-W?QPq^(ijP2V(=NY)CTOS!+X5co_BXbuY#em^%zrQ%Dn^I}Gg=Lcs z3&gxB+1K5D*`K#oWCP}g+fjOiO1;6K+qlO@Ps^ zu~Au3tTYMs`V2SqIaVa;f_c#B6Q08HQ>4YsBl~iqGngu$)Y~%RZhHXe=NUFiLtbX^ z4UdXbWQQ**!^|;9-W}>J;Br8EMlxZO8P&vC3n}WZh&3QVwG9f|3!^7+PrXCC4#%U& zL0V1N@mc*x3#bJXCD4HrtrX?5XO`+Be%Q=5npJ|W-62n%Ek^gTMk~dThx^$Dd&$9) zHPWd*YOgkG(6npA)M)D>nScHI?4qRu$41=F%uq*q5-v&x$0H#wWHQ7f@8OyNXFsYY zBk(Hlsn%z);vMJfw=bJ8+gWoP)&lP6Fd@t}+34?304M^;U6k}RRs`SJ!kkHkinfW# zYBA^3$K!EKPqu_mybWI^yfDiFzOP%|$`C#kHoOS@r|r)gi~&WRy2Y>8jR4mrck7Gr!JA6HW+zUcjlly(dm z(PgKRmtG*zN0GCz_fg7H;qU3OZ++WdZAVahqzEJ&cwY6A84we33z_)W8@&a2L1gf; zdIr)pit+;Yex3O^TEvS#`O$q=lLNj%X?cR@EfEr_vA`&0IuL(wuExc$=W~A>FcR@t z$i>#={z%B<2nqFZ_s?8xP`Hdd+q`5bIYE(A7yD$O|D=2=a%hkz zo=RqHOJ?GcdKkD)|xTE|l*(_DE-gYA?txxa)7oHXF`_?~xI+EI@+U;~g+`w_xrSPHo!XJoho{_Jf485nr{zl%bf$&^2M{XhA zr}Yt45khE~%4-<{z-^I$mdV3+iMz&_WXZ>M)Ygw%c4B{r{VjYcfb2x-mp9!6OO`~( z#d%)F8B5Cs+$l{eawHtGoWvXVn?fEm26v+Pg|zC|g;ms>HdH zL%#30YE~hcL&v6_h|cEj(}$YFd^h?9#BPAgk0a>_D%Y?}(d}21%rbGKzlEFt(&x8V zcSks`^e3xk?Xnb|2ekynS zcoi*TzSzRbRD7zzr>VH&u53uER?d+brd6W?4+aGf4zp*ZwMHqckbKkm@=y!aZH4o z+W6DnrbEyS>4PXsRYCX#HtQ6FwUKZ#`mM_Q_m84vLl#OW`sgr(8igb`MA*9YOyOlX z?%9(oK~RxZ&c*`xr%wXQmfmhL{-< zieYd#W8`j}pMCwurwnS%5zBRi>OGzwF2S^+YILKVPrJiXwUPY0FA71k;Tj9v8#FXO z;1kM}CkL34Pb-M>pP3E2uSM_P{u~x2Ymzhei&O;z?yPOe60bjecjsDfmRaG({`(k2 zgyBvp!?gEa^vvw&YOdnl3e%7aB=T@8`%4iE5GH=vgBeyw$sml}Mz3}W_?MZ|jgGF1 zkjP`^o7KylbbYyU>$HW}^t>bbmNsZZJ7puH^OLtTW$K}FSKB%!OT!C`-`|Rl?9G)j z+8IPUv6+N_WNp7nQgr-HYIDhS^EWDyqaf)dj=h%X;+AkQZISKsuMdy(hK1hd>alcj z<8dc(8aO`)aBN6>bQJ`XBjm~S04eM2&$+ty!xH5qgG1DXF*FzJtt#NLdm>-&xz-T z2k+kYGpi1_%m&_F*3+Ejv>hP!%TrSz$xNG$Z&50KrlhD-#A49$63~Paz8H}$%B6pg zOt9FS^yB1Zh~pus6WMbnR_MhocF2wt1)E@+(yYuU?X9=3wpo*~CTc4Z+cpx+$lm7p zFytg`tBAp=T0bzI;1Y$f4ynHSXsGOVtj7W-?}tH?_Mw9()n5T5t&z*YZ9%4XKM-}K zAY|laK8KFnp|zi*1w(mqR4G~uw@27Zyp8q(``9g+5vvhwIwvt$45paWi?HlyriJoAb-CLBD(COa#v~!FT?AK zp?U~WkXJB6WcpE95UO0zHfi90bKd*tzq?dYWwT6}uuos7z^8)tx`=Eu8EL>b1h9yi zV4KiOXhGP?IDhDn_8Qf* z(i{V&!CF$Q=g73&cXw&ZDg~wMOYvE=-qsi8ZRCNr_#?j9>3H973BBW+mBqQ%d|D=p z9mz0yJIKok2z=Fd$+@LbI>wCEExNx+Q4{)*z3NSKuoLI8dDWR z7>Y%5y`=yB4_u`yZOR?K4cSoKNcz>a=QkX?nI>VvbMr5G2L!jB^0pS}Wl zhCj^i`8u#1t;A)vPL)RbJX_))zptQ^A3F&UYyhx`6mMt`EpsgDI&%uxp`47yX_%X4Z9rzU}z$u&sZaFhYXAS4L38DA20#kO?e4i z5TRGMih7V+X7{bGe@@x|@d{BBj=$H5PLvu8??r##%Kq`v#OP4r2CrTcn9&4N z#&2~0I9LKg9zryT$6mZLz+A;p=yHi{Q&m9y1u)J4z9}^x+ydAUEo+jQk>CXaCB?2LUGqMkzGikz&{f+bAkare?{KQc8sN*-o}4ZT6us(B-O7<@VIZ{Sq}gKi3~Z+kT+70Qz4M(aflAbBY=>^19TQEf^I zMoBrVYhpTmibP`HC}g|q=GuJ>Z)tioc`{Hj@y%0W@%r7O(;I_RV?sS>Yl12XkCDNr zB_Wf5g(ICT^dw}0gcwY-(b@X8+AlJ1ZM9PCvDahVvYpb@<=k<9VSoJeByB3S9>7@H zNAN*IioL)ON=b$;W(SHm8nWj?BX;tAuIg}*X#>VW<3Ph2^ny|j+O^>&rY82P$8E+A zrHukRZmsEl3aipde3(flJY<+s3vkC@$T{1k-NVL;xsRKC#7JagJ!_8R1z#jg_22g+ z%7|=X^jdcZP`VNUvF{T19mO=7c zr${RX5W-VLFcj&7k&QS3xsI=5JhvvAxba~je+2ZGiHREIDL(*Way=0>xamt#1^DHj zPRr3ATI|Qw9Fk#+OHIQ6pGey-swpn^GS(Jy< zV0S_B;pyRKQ&4YrZM+nJoZ7#_7s*3HZHyBooOpR3tI|Hlzx<99+!1r#@w*Sh4M6_O z7i1w$CNX^+U%v@e*gg+~U6A*7)dtGMkU)8^LEOD!U<;_Nii(OiC-*9ki&T7Q9L57K zoP6^c2Wc>VNcCl0+H5qxkDjJ)CpKejm}qgtP~s!h5MxgqPOhCVWDYKP`b)JojjTlP z&NC?d*$u6S-970J`8*CzQp5|s_P#t*0Yb4v*^WLAvw<~%4sc}H!M;zUsC&{rV6G|N zrE(oK%*Q7&#cdvv@)NHPC?npwj4G^z`~?4(U%Rt~@ww=8-ST*gO!VIR4V|J>xs-S7 zr!;N)!k-)sD`Hx;21m=?uji)jKyUD?Ph}PgNX`C>1wguRk_kGtm67h<;OL0o#&yb@ z`HUTltkG1T=CY<1Jz>H`_);(oiH7$v`Kel1?qe@X`Wma(1_QY?MHiJD>ECPz%qPs5 zwx{2%DM_r~348R`8QK_gYK3ihRH)FrCTmNq)%`9e?WL;I#)9|VBRenb# zMqI=i*Fyl($Se7RABKLr)rf)ebyf;-mGUR8{4ITE1DV}d+(;d6WGhzt{f}pE41`=h zW_@gsGo0*Z-#T$I zE{KS{p8}gD+=yS0Ja9`nUvI%A(#KAN0tov}l{TGCg>Ci`(1fgxdI6B%ZGHCxY zp#^K-0)BeAD9?Hrc_%TBs;Q;#-gzpN3w~nzL84FiRn58q5oyZD_A{8=En@?}5sLPD znEX3~*Q)oRBBzFreNr#n!3jSj?d-Cynbw6lj>V|9@+^ie(g2?xRGW05xPF+!Yi+IH zV64~pxr`V93%y3(M*5Wgz%~ST!q+{nhFBv}0ZPq>T z(6muB7!gess%6g~zAr+Fi7a-Ge{Yv${Sl#v<_fS(-#}!Z7yL}c)YxEL1>P53RbKwM zwfdDFCphW@lVLbqC>ZE5BVWP=-F#jfE$k+9k;f7%9uQ_wRw8% z;q+J-4a0}llDHJ#wEivU*ToO@wdkvz^53REKogcktvr6*?&pB<#jb*!Fh@Wu0^EZcKA=s9Qm91QW zH{m(J!kAa`m&HBxc1_YB5m>Si%0^<~KY>mE@fE+KMaFVqcjaRy)UGt{{=F~uPVBf{ z(=ucpocl|-)@FgZud%*YFG}xoBGbyf4La!H;5~-f8yWf?;{Pg6wv!yyFXpXD1c{8OpFSZ%WrNZ@@ znY}TSvN01%3AvYSZHWH_XdKLr3&BrC7v%@XD?j}4NJ2?-n`FLYA7y!$e?;el)%MOy zhs|s)1@27tDoRCWke|iZni%F3^CK*Z(W1rXK+7tTNz|)?1v9~yWV!ESyJ;o#@N<|sErA`}i zq5*wHLU3Z>E#1;&N5l+in`;-IA4B5T;g~kO0m?=_x!V!JbZ--BZTdj@Kdf(IiPh?h zg)Ya88%TfB{08!*+A{DfWl(xv!MUp}(`omxs-u%~Zl+N~RZ|`b+tJRL@H|2@|D_VtdOO_GrvY_ls2lRRTt+5)y zL1^Hl5!!@9#S4;QOn>j6o%hnb;oH=$%bHRV^~yJ4#tnc6aq$61+Y8hC;B zg%upeKZ#mhGL2l{8)OUEMAa``0@n4Z26lO~Yy0k#K#tL+{PM0*7%AO0RD>?&+$yjL+)VQLUF_Zz-hqok) z(uLJur~yDqdqY0w?BBqJ$(&Bz0zX9LqdDbsS`&jnCJ=7qsW+cRT}w6Cq56WRF;b1D zxTCm|Y!7fAP6#bMqgNx_8*3OxI~s|(^LcGS%`Xq%CpQO>v+W>MR$7TU61KFoij#2H zhnKsMXxVv?%O)E(FH^Bz{%A2q0(a#WpZ>ZRbTtb3BpCc=Mrv965Il4b3g=(mPI;A6_+Y={g)D z^phpPu%tGUj;^kcpPhfhJcFNILG4RVuZ|MsON8XVgGUAFP}Gl}o!FVV?nhr28)|;F z@w6`O@JKE^Jzh8Uw{;Xehii>64$8&8rie>){jD{YoP2U1?GuI>e6gY!)arDy?!N=UXbogi|@(e*|EL`W4=>-DYA*yO!9*t+gU+x zab&gzEoH2~j!^2 z-GUc)4esuRlYP$netUn{$-k^0E7!_gbIvixc%FO2w3AxcnOnP$_Sm3S=}uEhBq5=m zhKoE>xwxRGfX8k1A{f{<5@e~2w)3=Q^02UDNR=K>di$94DZ4IS@=1Z!lrW3GGF)w+ zNsl7~$1EHMW#EURjifqrW<^x>Y{nStBDOi z8Sld)f|IC85tP#xXVJF{43JniJYQm;i)4lee(6Or(DTysoND?;CZVU@o5W#*LQ1i^ zs8;i5-rJ$fd{(*8<%H1F1H?{b{8Wru_@XeZnoq?A1t=#$jsSGE3AY{lk`=*OnO%12 zT0JdP+OnXqAr&(EWl-%(5hy-5v5IstKH!qel5szC*JfMR<`PHVbL|m1@0@Bq(Rn$o z;NDs(LStq){b|PYNxw=)H;=Pa;}d3{;&zVnAkkeZ@Dq`Dh18uen{%|N-zx6eAD$b+ z-!BR-?FDD-vx5VG>R<| zl%`Bn>{Q7io$j4HoVK5KIVot6&Xj;aFYJ`2kv!g-;yQ-Z?nU*u_?lk(5OYs!jI(_7yOYWQ)r!nmPGN_8Y0(BFUj_x_QX* zqv0>5EM@QFm02T#Zw!s?mNchve_?nK(DT!L0@Nn+KpJmOKEKmgt3fK}kpBV%P9Iq}!C>U`x$&wsT_?Tk?7@!|M zRO4W%7Rpb`Kvi*wKZj-vdyf({(0ZX{2&hjck!YXbxQ=8g1=)-9Tq{EOLknOB6<6b? zq{I}tsxEOt@%CQ3g#rv%!MQiHG3^R8Q1Lb~qc_pN6=l^eK>VULH&@Eyh4t4qH*%YW z6Oq2!*iMCW39o+X@wBfxheTo=+#c9bk*?mCeG%@feif%{&)&NBQM&W{KWeD`rA`pd zufRsh?)PhMsRqSThmGp77wdG5!y_r(BtJ}w=x9?yFeR$vdWBA7y9zGiDC7Q&Q&Z64 zoy&<=4}Q#e_bFvX+wPi`0KX0SiMd)EkJ7O&%}>gZIZI{S9D zN}p)iS7d8XkFveO&U>ieEhXN4+f|c5IK89(92Q~zsJYGq5NlJIpjHYX*08t`l%O4y z1Qo59yD~a7X$T<44DHH=6>sJ(-zDCt92wLUN8yQE|4ncAR29cv#7w%!eWiqpXBS0v zzM}b@G&a^2c-fqPwh>O*{+y!M+dvf=XG)H>TPGE)CheUdRFBb%G9BjF0i;ozw`aN{ zX}RQ|gRinU3c=p2qn?qD$*K}0LF6d~UB_V%9s)SSYRZbw12*-rp)W@C+l zYOE|w^24rFC=$|M-vV)N7}+a9N1Ge2;B`IjsUHLq2!cljDqm?6MF z8v*HpDi)L$1p9R$(_h!e#|3*(_M@zX^}3e)?h8CNFvy>?x<1pgOMbd1yz%bFN=4UAD(mhJX_ySkpJ8~nZBWxm>zX3HRfxyO;Kjbb*neF{sI)#Q^HS+nKV63Id%C=}id&N_4pfntP4}-NY>yFKdFiB}S$r7VGX)e&s zDzOjP&R&d%!@f_cip2C-5aD-@{S)3(0VZS(5rtQr|Nl zf+#~g7KBcZGVN>aKC%6htD2I_X}+DCl!GIXK$6{Du-IW&H{Zrw&d3$$U|d6jg|8GK zX3zqI11rkghOHE`Nh(Ww-~AmEYDmbzY8rire03+V0pI`HtsWUsntw=~RRh3A~^e~q{`Ca=vzFg*91 zq4?N(fxyocSl)sn{7f5CY2g9>HAk z`^=NsI+~i!rpbLw>er_CWmeq6^q=ckqgwCea>Ted%d;1Hhi06W&-2v zLbn^X=d0QWqXGrsyk3;_@*EB9v3H)!jJmOT!>w( zhEwx>OCZXWSpr0W1}7ZlgS@3pA0;?)^M4t54yoh!BP7x_3JWJHH5OVu&P||VZ*)#{ z^X0&I*Sm7G=PA4DnlzQN3^CK!A^SNsGUOmtNyD(8?ZJv`k~;&})Ikr0p%d!z+gl?H zM3hR)qgS{bZf*53>8i9wG5t3G~)T+#w03%)`f2M}PR94jw$xvLbp zilm`}J1-!)wS^i}MfeKrnDx?B(_XAv&2Ze%urp%r9kC%9`OwN}BPAZ-po0M(2Z(qQ zh{cLCOX)oQz2CsvkB>+IQ5ht7h+tENZ)bM%hZ}~|!O2^@4+nhu+NJ=sjflFZT32MO zejHCp*%@v{Cdw8N9UC;;u?Ev$9Wa~1W3kC{G;W%o2E8bePK((m5LDSw{R9*nCM%Iv zUg{Do_mGOBsE|+%maw@Muc;+aaDHHT>ji2W_~WOK@(J!O;-2iL=3pVru7X^49}WAy zPNtJZ6C4QcX@y3|h&-QYwB4qVz{3VwiUg}GRCrT{sT|MQG|W3tWwCovvR6V^wTS!R z%By-3y51e+1d`$E^zcGH8TR1rKEnL8Khm_Q*HMoI`;_EEwsY;DZ=;SG84Grg7{rhM z27!=k-cb$uQWH`3f*};t`49cwq;KNV%vF(_bdI^b8cEj+rM^C<;P=ozaYW3f$nc4T zvhdP1v03}PW@t1BgKUu4%K>7X{BRC1A%jSziDNfU{mWOo;g|2Orq5d2;xEpV!Kz=C zIa4@NC@~kP!r2{-k9FrCZ=jofkibQz7l7~_Am>TUIiJo}?oXAMCQ~@@5Xc$ME7``& zo=eE2A9P|$0JBG8P6GPVc!h6u+#6!*sWnkoH|foIvjk`2@_-$-a)Wg9F~Gxc777I= z^tU+89ELo1X_SX*FL1?LIcTkN_2+o{M!Kz(cd}G;wfL5@T!Q@VRqWb)+8R9vy8{g9 zE*u&DOd87=+lu~F^LrUD!(Ma>TyQ_lUtqexTtjJP*yf6!!iFs*%K#bqq-8Njt5&d>^>nMFn^NZBTF$ zsZn7sy)Vny$IP~el;2Pg_vgKdJ*R^e8YH8e(9#bZ3y#pi%T;JhVSCWCKgJqV$xcC; zrIHw+-5=U~!?Mv|^ftvG0Pm8}0xvcm_NeSTCFPV23O|b=gToYgxwt^jHvq;B=U&MU zJqJM2w)tf@A7!D_%BeF9jqYUv|41GC;+vAGE>+$^whswtVaRzn~5!T z_YUTHBWZGJLeG5os`ZCkONUXl?w-N7FTcMoww<@rZM_Qpg?{Dk6VyIhaIo#Ns(DiZ zX;({;Z)w{FxlR4h3T0^#_Sq*p{)i@vFkbzAo_ANP@O!n=v-Yg`7>;%~^{2XKY0>@6 zcd+6-QQ!S^tEC21R#Brok#Cu8YYL_R&^zGC+0ym%=op6?tMF?()f$Wbw7mR2&FIB0 zX_D0%ABObb6SO=$>`pA`dJn8>hkJaT8+O}KYT!QbMa=N=p#aO3b&{*9q;+$k#nqa; zC4m*>mLp3A#>Pu9A<-HZXEf|(6dWx%`S3w7Kw2%Fh~mFb)fxdK~uj_5Hax^c}V)q9f8 z#OkUeNccf-q*>EGQ0SGKGB1(O9FEsZ!5W zZJ)M3Y7yNH7*Em1jW_1_g1WEDwuOaQ81i7i2*O4$(bB=3B^u!8{B%nDhYdWWALZNU zu#7XTzKu;m$4gO}fVo6EM#(JOheQXAwDT(-jB}zkQ4rn

CN8GDWm3dC;`S!VK(y`h=U_ zCA^2T(4r-bzF2zN!%wO_lz*oY^Zl`i+lsS=DPP-!4%K6=s!=1^0P}J~rT5A&LsY;r zG$!j3ezXean??H?WD&A|AlmXWVj>dMAu81B1()Dk14G zZ3B|0;MTI?HUYNwGXQ0I8Q1@B4YV*ZiZ?>tth6bcEk)(yn|8^! z|7&dA`Ak4Z;oRh~dpxb492+J4OX;m)aYO*cZ{Gs9&|)|Lg0MYQNlC;5>`+V58DCOf zL5b(bB$JI$Vy+h3JG_3yc%A)yw!R4N<2o5x?yq$F;re?;9te6!0SlIPYV@$Y07|b7 zGeYoqAhbGRC#& zGd~0<L;9|H6tVEPV|fa zw*tv(g3JS@R?;Qz%!D2h&y%ey=G7avV*ksf@KJ3x26Nn?zK-^HklEaQ#L}(D&A~@N z_yC}xjZF7o*4wjFxrJH2tj_&m_ixwy5d0C7PE)znG78h;)arbzN_BQatjo9hzGQ|G z!nFOITrxSgSx=`;$0T(11z^eX-vycdWKF-!_Sma*6u&uMpaFzLNpld^s1A|iBa_C5 zLryIY4Mu>NK*<CXF19wT1< zL}YvNL+8HOFRJR}4A#1j2XsT3n5VbEmvZD^ndnP9-48q`jd$EAAo@Q7#UaZRGg@%eCtMG{H;z*M`zhf zkWGCcztY0!+;6K7mVd{~OO%G=O$(h66E9mGj|*;%RUhhx|5?p+>x#cod-Vc&xNR1| z2r4&kh#gn!YgPy?+c1NcHYIG*Zk4V|(rMD1kHH-xwAsk^fz+&L4W!))om}omXN7hCq(a7(b-cL(>4WbP(658AmIehJm=@C zY0H;zO?agvcQ0;{642`k^}Ght0QYQ;pYL!?)kG#*Ewa5>W8z?qFv6~GcQRKxzPp}~ zzU}E&lFOXzTj<@k`^9A9I^MIR!bPPFiKs1vY?K8AZ*ei1Y5^S0Sr$-%R)=5 zjD>1%Fu0&8?@nV>`ksgcVGVpgjxE5zp#E5E`3@IWb0kUZ?wCn|<%#D) zr0@Mi=k|JV3};oI2Or?}fsW!V8Vpod?`bfbGmDN;qvs&|zmX#Po~MSxOxR4K_aW6sIF{OamR^5?4qoPfNDa*uXwZZC2-O>cG@)IlGYz_BQ{ zYu0g@+jwa)`$;I4J|#Uv1kwFKctD$OIofGuZ31p$iynwXeAPLLA?#|LO2Yp2$gUr@ zkUProA2e-6^u|2uhs;sXkCqpdo%Jy1+768ild#zLQ%@UBo3!Acm}Qtrt@)SARxMP5 zdho>M(qrYf2+7Gb3$!In*r~`u2l(pV)Gq{rJ_KZ+jNMt*lT~B3SW0)9cBGI0ViCWU zsiYn=3wK-AP>X^o&}T<&@8(pKkhvE>FW%6RmUi}Tu=r+QlY$mi{1i$kdta)9 z0vgi2S#TjTP{xoYpLv_+ea)pVoy%W3Z{|r4>j~SpFBys;21-#5A+GdyZBl}mi81RM zl;-iTForMW)m-4RV(-2)Npw|Oxr}V2`~`3XMhnT?mn=5wG~;RSkrNz~Bbjl3BArca z7!!1=y{JNM*g0>N<@*Pz!N-SB`rvvTrPLZ28CJ>%Pj<_(4*bKJV`@QeOz~n-PSBwx zHdj~PyMx*;t;_F`tK*+z>ECRJcgK8j=BGI((Fn+a4%xKmfs`*%2(ay{OlSm`-!Xhj zX686E?ocuv2^Qu3XmfnW%C+%OUF|a@4T4Nko}4=|n4VDF$>be?dVV{Z)8fYUwqF8; zVr=~^sI}0v1J!|>Iwe5`mt{6Ggwug;iptsuTJ4q3Ar=_}b2o8qIz24D4^~C!+dZ$t zYL*1VhxZ==pe}WWJK?Q}d@S2`k~HrK4@CevSM+#4V60+VK%=yYzvuZ67_;-=DTZML zh~pp7nPv9Vkl1+O;N@Am!dSomyyxQ39Vw7{FY){0eQdWUZmHWC;3~%YEJld!A&OJ~{vxKvoo1EQSgAoVVW>y)3TG6#rR_VhQ$O!NdJ;XOh zEn%Y)JA#8vSDvWJXxqzeg(Q1p-;1A+zRE!~cymO0{;q>t&)%J=3H1Ns*+SM`O}$b% zrM{lph(jgS7I;?!FN8E2ZA>S=+ok_jVYIK^;o&j0o7c}dkTHBOPQW-I+6zsUIfg$!P+(u>0{ze z8>8d;ltGmiQO>yi_=Qgv#h_ZdB?RK)F*hH$tW5gPJHy?Pn6)MvZZqX)C+sJ+!M!vZ ztRDdcZy6?ibBTE{RQccMr94-5#ABHW*Fpf0wRdW~aiBm_ivo zHdq`(t~W48?62uKdwG?9{Bna~Ji7xM1w4grqCW|92?wxEEh@pudQ;b!*t{=iquX#A zXRarWbZFdS@8inhe*1a-0n>554i>+n3)ySnvmBsuzB#Q>EDZGjTmW^t(}dp76o76U z#b;SMyOsq8IT-z*w~cPn*amrS6e|{Y9p?QUQ#j73`T;m{^88p9S-5Fh0KVFXg-orw z4G5GSnftyqsY9jOHW4Sk|9?y0JE7-GmcpNp6_S^3My^@DK9$FoI1bVaz{)T3UhB6( z;8FJqj=CKj9ElZwAK8BlZGWig5sDm}HfV14EX6R*OLB=mkbcVo)7F-!QvR?*grqdUBS)rUK~Y;O-esFo zUDcB7(YrVN}+Oa@pXWufd?|z0(cV!)tzp?$c zx|p@>Kegk6`tbX#2s<87X5n88W`kj;#Ej#;U%YB_y!r$+F_-fXMP)CGW$;DQ8$#{P zu;X4#&d1i{BdbmJCd1mDzwUFtq$2-r&p5ovji}q6wVH>!$?%PP>t8GPgN^lNK%x%; zhCZ`zH?g~12xGdo~D43sW;xFGRe_TBpgfUiv*o${ep{wVV>35*Id zJ5{_r+*p1lHr^e-eacBHvAquC`V1$kHODodL6M*D*+M5c{Frecdl@)s&*R27EuEC$ z%`mpHoW%fl&RZ6Hh1(Nd)0pC0v27cqzp6&#&z6~%@#S=;iXZl#8uuJ4#)foW;LP^o zx|P~4VXGspGEhQ4&T^TYxpAHH%fpp+ZnDE3M zzJazP?J1!od%i`Fffzqmmu!Ccxv+TN;15@>x%M4cPQvZS`N}!=@>TeLU6HNR-_CkM zK^PfF+nq^sdzK?ejuFDWXT19F50Ep0 zY5){lv9_BKk9O+(&UiA47>gj`jXNm~u9TOe5p8A!6DrO0ny5@F-Yx9+ zIFV`5Ru(W6{|c|?9ltPbJdhp@^KRl09tbEkX`BDatX{@0Cxv+p-jeIoMuqKN9@oAW zki-`-?5iEDD+D36`}1p^vBs_W(2}KmdB@v{+h5wJYD@pzPWVrFyj3q(o2(|tybUh5 z{eMB-f_6XGIu)SI1fKG4Cp$Btc``*Rz6I9GProd0rWv=-qxT`{_leP;_GJAL(rMuNOGzj;nNI_Y!T+aTYt;jvsONDSZZh`UAX(xrLge;6JUMDsb_jLYX3a0Je2>UwO$7hUKfi zO;(^w*Q(*rzbd=B*a|`GteG2D=w|%&wx)wBxwya4=|y`(=I6AWGkLSK%p((y`!a5CAX31JAe~Cj zy=;iA@RyY+g3L`^9C825I+}+*&=G5U#`+gc)JQg)YDW=Fo2~i7A>em^|AA*raH6>j zD?lkr=b*}`T76K=m$UikZ|c8$ercX5x7s=^pBB!^m19XK{7Qv{OF`FPAK!UhyTFr4 zZ0*DJa$};H1|D-A$bQ{?f(WI8mVH+62g(qW9hmBuH#*@u{<)5kjBTy%roj$gmDx;S zv+Atk;kdxK3$tRg`lLxAd(ouE(Z9hNQ{V&tou-%IMW=!RC(*X*EGzyG5O3Rc`IF4& zyTWmsv&46Yp?P%BxYI&4Yh90rbF-&eUW^Uf{A9e*>$kesI-R2q8{u%$s#xcUDoXUb zubTmjH^y!4H7;lMAziY&3Uv~gnbr?%8%G+9{$=V@AjVV8r2qvKsaZ9P((@MnXY*H# z5G6TZW{yr1p5;Jj9inavDPXZjwmIKzJ-?CNwjYp^p6}A_hI78$ET86^uJT|ynBSVS ze?Oog!E_$D|DBjW27EdWw>oq#5g7mL4R*-6PP#IGR(^>TDY@fD{Ys5hl^uC|knc?G zl)-ttXemU-9D%V8XQxix$3@7S*?l3J zT7nY%6kyw<^k;gkdeprKVp%K9`aK!mckNNhdZAR$zQVgU3jYc zpFqzhX`_ipQz(q~)7OV_#>^!gDC5D~5{X24n}&-rTykkYiEWYpZ(FiQrmd%G<$4i|VP%tDG4uMj(#-$l?lvhh7#gt3PGjt==SoJX180sPsBQCVubF$$Q9T=DJ71ML` z0jh&&g4>z8#JMC01RFsw=1()0#Do^`fD^G6r7 zv$k<7u?m*`YO|PZ*e^p-t*33Wr5`qQU+hh;z{8Z>&oGQ#^SVkz{(4_)ljfLz>=UhV z9~pGk@a9!#9;xj_X7$_mHDbF5H9c&&!44UzY6R9|fiK;+B{4+xIhe~~oe|tR;qL<# zc$Dk+)tV)$Hg|a;fpPl!SVvep|2yhP=HQa?Y%Rm_7rDas%{04R>h8j=((&yMf&5vN zxR$3tt0U7*AIkAxd#e6dsA+*O@dNSW{o=8-t&<24y^TXkD+5mDPdO@O>JoRcGpfc$ zIO9iyZaR>97B4$M{GQ2_rMT5t>J;l|&#%!+y-6=vhNM^NsXSW=cg*1mymL~qH}c3N z=WHx!AWp%oI!$Ln@UkHj4Sa3SJ0Dw`z|^LQXX~XN7tXr$tb$D%?=LSx%16f|Wr;I_ z-`nVTH3HTaUyV%xAuDBk*BfP019yC&xG{!(U-9!q2GuaLcP9!tnb$((GX%#StkVPQ z;4{wVel!jaiHn_travB4&h3(wf^A8CgL;jqPwj7b~Hl*Wu+J|FS3Jgk3po zQsoY3r6FtMf*%UL;|^dUi94UyE^1z??bSO)s>zTu99l_ltXzAJgXmj5C!|#J9iHb0 z7M9E^3ni&7|0)L`jGj3UKFLL8+cc%64%?F*`NmgqMDrF*e&WCZ6Mcv6UzDXQV9tS| zLI-NVEuoerg0jvoxKxmVtD5OAxVru2HCfz-nbJ^5-H`T+cfJdCT9-m|(&w)1+RV0O zyz1|K1KD%b*yu2#|H924?QGO(y3ib^MvsENc_FjwkqRhd zn*z#(n5pITp{Wekof$rZC=26? zbL=_99pO1W{F_bphL&UVWZyPES{Ecgp^Y}`cHQ6`7ORSZ-RlnUmd)sCV?Z6rX^NF0 zD+fi&lfTvR*rbB@!iD{Pyb4^M)t#aPA+sERK9ui7?Vkiao|`ac9A7_Ko8b#~D-`Iu z431k)M;yw@R!tC1d^;HwC>SGr%QJeJMY|{=LZ&gfzT-67!+lXH01Z<`675+T?>#Z{KY> z%+aBn)~6djAJ}zUXSUWpAB}yCo-8;q-_EF86s;r{E091w8h5>935==h5;^>4VxAx{ zDt?ECbEo#yhh22e%k&TK+?W0}?Wy1pjxaYLP%F2GW~QLKkPNa8d(}@^2Ws5qpiUe0 zIkgibwY?TvrdssN>mp;5H?gSy?P)lF;rWv=6gD-kCIo5@<_8}7{#&UZ=eeC1;KO`Z z)^8KX!pLrX^uon*d~Z1Y$_$4$^sMw5^@WNTHw%4>?^^<1b^Rr$`(}4uDqHZ*J;l%% zyeZ25Gj^lVgnbo{BeanI5EUxlW%=3v(HunQ@B_n}jK?trpI`3_buYwOA24z>J6CH{ z5;%f$06rS6&JjJ@8~YmS&^S_shxSANycJy9-oW}z-&v7!jvS^#_&rjaj%j2}E)9K6 zrbeH4)RG2p#s5ycbP*G=&(6L1VF9-17I>3r^>wj}5n0#}zAVIPS^eBfkm#G(p&w9D zQXvG>ZNi&k<&Q9}WWnOd7h;^{pe@#Hc=pNwDZ`+hLn6U8=Xi_G(f3@@KSB2{7n}|M ze$kudDmTwr3OfHh0Sm768b_gF5@qtK#jX&5SCL-N@Zwk(J+Qq|gXcHBB(}g-^A)#| z1@|TW@Z52&+q=-AnH6f>b<)812jZyT#KWKo9>WKZfz>)W&hX=UPZvvXbJ7RQQ!jfL z`%j#W4^?V?T4mg_m0>hh6OGN6KJ%N-_`1Vlo%$~Zvzb-OE#)@k(6HRofZ@d4HbS95 zAC)M2SX??5qXK>$dBqEQ?x6CQz@LB2(eLe>&r_}O^hoD?J_Q&R<@sLL`mpaU3yFM4 zIc^6&mDvMEGcNE{tge`J{}%o$So}oo)$p=K?%z;D?{^GK?rB?I^9EXwiw zGIP`NNbR>x$7A!_Y>H&07`89x2=vz}q2Xc&>pgT+=KcBHWZ-95SPxEGMX#Mf4ti>>=QK7Q4}-NYqc%6C|9E!7g)H(8(#pX@ zY0)>Yr8e!q5a6x7CLJC@YTo=urhd5Yu9$ux<74`2#V4!TBOfA-;XZ!9+3eI4F=s;H zPu3LeKeAUsvFk!nNypvTpl+7PZ`F@YbL#0Qgam&ykQ5TlxHWeBI#6MPWko z+Bp&vK)Ca9z_|vR@#^FBV8b83`ev+_tGqwX{xbPcL1sT&caY$e1Gf9y z9DVt$<#;z#)MmxW(fQAwD?3SO3C6*=f2eNeX=!r@agkKifxh2-_DNibjqUl2{@cEv zi2_8LXS>Nuf%~;yn982#$^z`*zxNm;uA}H9=nnq{WqS-uAN@0fy=m)*5v(L!q7jeB zxI*=b!6qT=G2;SK^oS<*pu-NY4io!L>WV+#{%fYWX=);GH^*n-WOd&yx^p=HiS?V@ zi%~mpkywa#ZMnG+B@}$)ztzVzZcf6MmSW~J%fgRs;wjfUTe!QLBS3VWY>zY76w^ZQ zldaL<1YJgdybG04v>ecVa(5!7``MuxYL{~KC@A?6R|H!AD?1dY_*XR1iQ>+owZ?d? zVDVgZ3XTA~wLZJBPh;*#R$2XhMeCd@0NuBBs6PN)1|6xg_RczG`}t^gs9B^fmEiv@ zpi46OR>^_ZhD}!}#)igi3Ji$Q9alQfKbEuse(t(OETsb+q=G`OM8)OHB+*k|$IiKlY=*KIkMt-i7?cEZ9x3L0Tc z;G8q?foG~Gq7e}^dB9pPpliis|EUE7v;et@L(|hA_3U!_W zO}#Ijtp2_RFS3o-6b0-A8krxkha4x=Dy)+i!&FEt-WbIuNl53~^z1;v;Uvv<>#185 z4%@^(U#v;% zciQm2+*^;EKNkX-1#c8h$xt73a6vyoo5qtvEOv;zO2^jwE`P{w$I+c5g4M%G$Sc72 zp8yX+2^NeM6_f(89>Dj2lWiJ~EMyS4kK{>Cc?uh?xOd4M$xO4x&f!GZ_N}5+CIQ39 zwd5!kQlc&K1)<6`l*m0?skcf4`sW_E9*dYLxe; z9s|nuCU?+J;0hSE^k6MeE+G!I-REkZg&%R$q{s@V>CG89kly=-8~1^~hJRJEW^HVR zVZUCC=Im7x7dq#0d_!yR*3`@dPt|7iQ%dH`JtLp1KoeLVXlp7cQS5FxdaLoxU+T_0OUnF|{Z z7{88c>1^!u3PITfvTgL-?gdHQRzJTzjXb5bdPCuZ;I(ku%4a0v@{t`dobOz&?+=IX z{2p{fEFI6qj}NPW+2n>D_eoDESV;fxZ^nSqrcK4$$f+)MvF90(#$j>8;A@?G%%0Sj zhr7=;0_@8YNUYNfrZ(U`F55{%bt@vUqYJUEeff~PAS)U(jS7_bqVb$uwB3*~OreBAPMs|*^`4nEW{_lLn5i&?Ee0^0$iI>R3<1e*uo3eA$#Uaq-m>-fwV#L!#Ib^ z>(`Z!3>kk<$ofdD~R>x${U)(E<2c zHnZuXdPM7OtBW>12e-&{1Y&;7$))M7zz zpU1tED5WydLpt?F(K??ov=s7h4jp(sNEl^nY$Af&RsqM49Oz5}Z_XFzDa)`4G5Hm`iA_kv!snYX{A|#`s*Gh`qdy;pC)8 z1M}bGpXD45ZfPrn-1{|aT%XrzHsiS915|G>zP}kwp;%Ffyh+DBX=iSX4*Ela!9w4- zNx#dSxWfn}``-5kGXW3`bh(Y7RDkT6jJFQOk%dzcnYK$*m$T;#rK4HcZ(Qm>&S%=v z=kS}UYC#(?P#8~Ff1bCVMLse<;3OtVj2NC}?-x%+jezkxA&LMFdcWHBz8#5oQpuB? z^Z@|H@rWxZbf7Fi2ExLN{+w>|Gclv4Gxi4*OEX&lXk48yCRdxy{WF||Y} z39>leTz|`ZXe4cNvak6=;{3BpiQGV%XRA9(VNHM1Z&u_rFR(Ue40D(_Z3xCzQQB;E zPjK4t6C-eB^}M!Xxz)(2HjPefYX9os*{$7kK1rRWkME#YtJC-#*MGN0cp=9(rh&DE z<|Y`#rJV`}Z4n=q%cOgnsa%l! z_Z^8bFNpz54!aKfKR9YIhjEDJg}&9{Gmf_Aig_|tXyigX?q!yT3y+~ zC3ZMr>7!aRS_`iH!C-0|hM!u0xVAm1jo7k8|LGDWY6zpmi1ZhkK0G6Y63A{Ed*}YZ zf!nhoC8fVUI5fw=&lsh@@61@%gtAG!9qw+i+VXi14M9grJ)TW{1)>=>J^um6mWpJO3zEP~4y;^Ht$5s|$Wkp{zkXy^ms>y(^IR9jy#Ca>^M_NRWt zq^8&NC0D?kgymp8%$Uw14x^o4i?jBq34p@T{6Kw$XdBGej(yBMNM3AFFu zVCvGB3H#iA2O3ryxec1msAu1lNrs@7u(o>a$3pH=3}#_Y7vl=I?f!l^AbbD;RinJL zI0C%3-4-+xbeVxp5 zhe#Ht6E_5IqhD@!B{bbPsenBgMl*TM8otBlu(`mIU4)_I;luoB%SF@P0ntVBTB?wx z0`9pWoP84^)-J*_gRxWm(?CU&<3<1DxKmB+-j<)3MB)U-zyYXLQHW9w zI>e9#!y~0faCvF+!Mr&Cr5)`x$=$(YTIs?hJ%}GuHwnWi^>lb7An}77 zJ(iXG5l~ezf#Sn&OcD?d6s^zEOGa((-CG^>&8Zz{7?V@OwBdDin3+ZLUV)3a!tqJF)il-o*_{eYIdNmwz( z%sZmT^~`H6mqlkcR*Px&59(f}e?uLyiZBQtQSq`$6P2r<9b*AlzPl*^-{M=jFRF9B zs^6L8gj=qXG76x(JQb$4dYltn7+jfj=aQzCp(FcUE!jD$h}&)$Q!nGlZB zR*`k6*|)TIc?;e)7;=eV`AGXnG3i#v10~)|xo_JE%cSl`W<*N5xs$3>NgU^mj-&+&zn|=FRUa>!b zb;m1YKYK~gd>Jq9P>JA$&w+Kl(ac!rJknlLO}q@eiNwMeZF>0MWfe!-J{WofCO%X8 znIDl=P@o8?&t13LCbuLHj(kQ`VNIbH3~UKI^ymr+)%7{%oZ6b8su*|r0J**(hpRK6 zWwjlmQ|56IN34`^PCPR?5ga0-Bsn3T3;^KK6sxwdKhmUa@BG~>=`2CMS067Pzcn55 zzuvF^Xgsa78pGaAcaklJH6t!6y~qrTWuVR9^kYtl<);PVfC%Jb*+cES^|5X_k?uhz z-6W$&=CMJEbW-sZrhI1A3`zihCW<0Vy#K-Y|6=`K9$M6)DO{;4a`b*fTw_Uk2_dx! zXbSP~pY6Sa5-!Ihg8z-o!C(NuR_lJ5sS#Cgx{qRxucDVQ#Dx^w**9l7fLp~z*#W>@2I7cS(R;Hj0CW$-7nc*w z!j9Ba4nHoplJ4;i$RXHgu0e7wi{^gDI9$-ZX&k1N7g zL$LHQmVBHk)g=(dXDF;9;EA{aY|W88Ekgk-NGwSB z{mf~U_)hftc>;wY3$DB22fcS5rL~Y#GT>*0lGEo(Q_LN0b&qG09bugOPAko2oNkZ2 z>c8$^8D*6*%zm|Yb2wnHH)?%?{`9U%5t1}nvqsQjSISqbLl#XTdR7(6{!tKm7N7c& zPPy0W2i^1XMa!?kwQrg{Q)ETm9#dOg{>I$ziz$Q%Ja#6`wcjI!D5Hs%;>+S>!I+t(atteIDA9ZVx5}3CZ&y)Q~)g zQPs~YOvl#PJagIPz#vy*7D~05hWkR`VaD6BP6_N6ggZ9Shlu-kvE2j=cWdO?qeSS2>$2X9HskMFD8$N z%=jk|3%~!91yWDWpc6Z%p1SGPSRCY)1#jXjX`GrSW-@(BZtrf0cSp}k7*loXJ=B!$H>Ntk_0ovnJk?WRajCC2_#44E|E>IHYO zvzz+?>e1u9u_)4gwf$;*mwl!E32~z(zNPU(Jds(YOX)poybNp}vSD$pwwOMOQB2Z)FLz02P-?_c;OXm!CJDpaG*IIbFu5wmI@la8lh4AvMM z`}`8oAkSr9SbX~plMT)V$hiHa{m^W-I~B0W`XdAVShSkGTdH z&zqwjBTyf$*|A?AF{7GLAHj9liV$3!ZSwN-@ibCOt@d^z&1TSODiqBA0Xg?=uXb{= z;>;tUrV;<|6qf&CrIc{hrclgd^vt*uLp7Gl&df|7c2YN>@xh8KKX3BuRLg!(Sl^A#L3$d#f9| zce`Ha^M7A6RoU*`Ev{6F8(l>n$fR%0+}>Yj>*!G1cP(O*!!DouqiA_Y^CQN*q$i*6 zs4$=}AKt61Ooluxa&KlNxxTO#6x1nkKdz;AFUFC{I~g#%(0aSF{FNH4&-Yuhi+B~w zOv)oH?e!+rV>|4cw+LGKyM>U3^c`*e(;p5)2^0;+GK`COz(8VGVgP?nH0?EZ7FJHz zROnqb0^8q)R;F;fy{xV zr*I2`6}g32rdZZJJ;KW{(s6sQJ_>7~YrYo0$A$g09j;0Yl{&Scm)`u+>zseKgq8?U ztVnEatZ3y?c$c<#9Wp^AHmTW-d#;jVS?}L$3H%L&k^B*~L`F^d&IGSx>&MGL^AxR9XR8DwtoaWR+^MEiRO@ocKWd!O5=etz?vY3j7z|lO~<;%QN&v zjHUwAmSPxsroYEguAqLwME{^i={e)l)2O9`HI+5_Gg+J$Otc*0v5&V;PWxk2V2a_p zGjbE3O69wq%F*fgIy6qi29ODG=hb-=b`%M>|(JCyQVYYy|<@mlhHXqNlH-~FL#3TlHo zvPqvY$x%G}%uFjCBJK~hMB>Ile+?iY|L79D;ny<-Dkf34e#0M>bQCmLT{y>=*779T+xAW}3r^5kWMGEsJgY zVYxF3BQ4)O^5hfNW4|Z32H5T!$*-<|w%PwGKNwyil6?D%$E+njrzPo)mx&`U*O197+JEylNz1LvIukh`wxgv* zwoLWnjSeTMQ)+db1d!xifr)5 zKx620#4K?RnVf_#z$tN4?;Z4|MXYW1+xF(N)DZ@d*SoOqw{nxX^MB;=4rO*a`Og8g zN8gCd$Q3!y0A)-S_;Ql#PcSHn3Cm^BOmsONkJfdJ%?;4oKDa=9Z=e<%A|((C`~y|XnLr7w-ynRlx+1ASE?Y&oQM~5attH&C%ESzG8swJb7q=*4VzR>9mkD7)MuBr ztEDcUi7@hQ z?ry66S&0+@+>!3Rhm;thn|-slD%;GGp(0zdSir;7 z)Sjo1g3~xc-gGa|H#}caH{2X8iXshOEeNk5%OR#iwR3HHSEN&azR5T>owQe@Q&>0X zBn$F7LXD1h32NcDr_bW#bZ``Etif=opbqnf=#75@v@41eS;xttFz8l0^pn214<3JT zx>1z$5{}QgH)+dX#knQ&j^%b~^DTIlj@n{<7rmBs4G08!-`=$X2JYy~-A2$}lnFm+ znra-jEsW|Q8^G)@Rn#;HzHHdh@0mci1I9L9v05o%HgG3L4c#s- zJU(XJo-yMqlLBincl+jUeHeR~P?;c+C9O?sK7kP^-tT zb@}B#P>q?;?q<^09tP=CTSTvo_%T1vvi$^0n63Lbc6?Mm@?}`7zT(w;jQ;|1{}xg) z2_GQc-UVB__zc|0FlrL)%N%er^2(@Y%gcVgAnOgqtCNjya_<^cMJ~IG3TM_vWyB zn;wJ@jUlz~wI+2Tq7oc6I^9r{3+VJY_yS(zMxQ4MkOD{;+d65e171^YJWs#UA{up; zLg-YL$rv+BooQh;JZfmii9T|TLF5(b@oobaP(g?s+y;e9_UB|yilIGBOXb+!dU)Og z~lbOAA*|zFKurwiKl=|UgtvlGCwCpcp zHf)dA9jB|NgAwN^En`CmK4lOBqKeIIUqi%>a-scbMaElY$A{{C%$ilp;QawPbgIp! z_yLTr=zK8Hbfw-Ne8i(VwPY1o8dU7Kf-4YzZm~%7v0|1*iyMNV@yxP%Dq6~I$qn00 zkVFL;h05SK5DjStUaWcqPdZ$vWi6MQN(aMTA4b?LhOv9Ydghvq*EO)$zSyUz7!F-Z zuFawHVy{2h?azMa8HjOz)pW|05_+L ze;EX{FG1_<|21mEo0{eMIf|w+NS`q%v)T?DX@)Q_BasQh!5Z02Y};&ms^pE%6%1`H ztGN&Ud$`PA68nr*gCX)2{gB}X{S-e)%qN`wbPw86nyyxb2)E5;K9RY3#Uj;R&|_L= z?GE!BZQeLmhl?E5tDn~|Qjd$bTnli99BcTTzJW(9o=ChO^X?fGQ|JBC7qUj3R6elw zI@$P1x9eizouSV;+h4)2Z29(*QZv6ZRP=AZ;9U|O{c*;(UYX1wdZSrG7>VT_z`Kgx zu==#ecPH5Mr7Y|f>=zgE1@Tn&AK)T4i>2gm_LjRrRni8c#$517iv>oP#J!-~JuET& z$YvvU`)`wnk@)VOTTSHm3SSc~5h?mBpJ!TFMX}kGxoZxho1-jDr8BjqOSkKQU*ES*3^7Z{bySKI6rqwveGn zlDuh+yo1b2Y6x!|EOkoI=C|F64m!CLy)(%@mmOuCY}QoL%SEw2WT;soEh9RXb$hze zI&4od=7_T5@z(<0n=$R`j@#=rUh5yqhr1iATY_%*dpz7|g@oHVW*^dHO80MGX0YeM z7}%cJ*aG4`y$((D54w7a{|y`;j#_G~(tx1qpFJ5l59a_MphmpsN+;83EOysBPMRuEQ%h@} zKiMOQz2DjuiSHd<24((m@>Jvk@(RhqfYUcWaC^1%4#$O-HTLq3_WkHVk_*$H7mw1=)i2PFscu!(3-6W3FM<~<9APXXiD{F-ZY{ZM{ts-7h40j+1qQ; zpK%g#f{ZT7Ha+ur;|)uy`yNhWC81Ts^8?{XeoSl$A*9bH%xEKd!@ zKm3mPw0iOQk%T9#$}_Rlf_qK$BJZz*1%$P8|Kb*#sMDhu{9kG!PBm?pY~a6pA1C_z z6bpM^u21SG?3TIa5HO()hL;gMI+^?!{xXYv4ULsrKAj>X!b{vSu-*hLEw#Wdc33JZ z&XE?9eQ_suNy-{>^E#v~85|?0Z`ZX#K;hKL&o4=l7%v9Y*PE%ElTw$m7niO6tfWRi+em6ylPXgWhP`q^m+y;<+=vr{)phEDn1oFUP@6 z9PIO!{)W-1TO3{Rc&-Q9+Q(pN{j|+vVNg(8>H=XLj9%23az!)AOEIC|o8~Q#)gvdg zZb8`@hZj|%>dkaNKcZle=d;I|jg;E}FXZ0eLEhG@57#@@$T`_>KG8X{Em82{i;LC$ zOY@FB$}ojC4c|J_++ayrwcd_|mht3cd4)^mSz%-U)wsVV+e+~3veWJ9F$F&}rq8>{ z9INLQmNUy&MyFziG1q_?Ko2nCCD9?%=+RLq%=?oU?4^wnem6M;Rrp>U%c}qMErbMm z<(Gf%I=%VLThb>1%vId>o?(4+fStMd>wK9%yToDrG(H$^RtWR?6;p!lu3$Pso%5R@ zo^%&!8NzJz-uY+UE;8TNsQb_vwL&OfM^v_x;7)ujr|BikVQNd_DuX(?pWv2>2kb&T zTyG+e85%c3hWH7Su*GB~hAZu)tc4O>KLnt_oN_nexYJ{WlbtEKoGVS%RK&E=P=%3cj*v|!-k8> zYFmSc)*bm|UFC|^@Md6T*s@ll*TFI5)5q&w(OL$%77+HCDj{IugGu$B?SS5e2AAfk z)pYV-qsyD!(z~}A#};lM-7{Pm+hF+kly^3!0iwToUd+}cK@A=F!A*FTFXN!G3^5H( z@paeFe~MBc*2MxJ)}pFtkO?fYUfx1&KU*eh^2Q0~KfE{yy{(>Hq-+KKuM)q-e;T#Q z7{1sT7wEhrJOk9MA6~BMND~BpbZCXQhh8BV{Lm zct@~26>J=73tjb~X^F5GzlmQP6tauht<(w>&CX!E68G72LjDoWeq@;{9^dL$1pA1- z5IH@CUbuFgm$?8;#PhRbAym38=ImgN2!p6qWwuEB0Vh z4Xm&=+t{ypub5%|oSKT%z=ILDyRY|;h{ForWbL#PX%zW(S9fwe&Afh|nA1RI1 z5BtS~k=F^^h>gL=qA!UC4H~nP-Kie^bSzXmi$8nHP%5!i{_+qaZpesXewv^1_3I8| zdvW7WI$f1=QN0C_!EC$1vhFo}>UtsnnE?Db!X_2PWR} z4_OAn4mFkA%Dr24rPti4RY`xs0sEFUbO=u9ADKn9OuI^|=QgZX`Vz_`M$zQpgEA(O z1(h$Pe<+GoBol+P1F!miEURPj^ol7u!l=RJi92;~-kRPGQKhB*4)k8yB;p2`t0Inv zdCU@9MFFOpuR;zgv2dlyVNscKBEa?r#lT7)tQ;Meql5=z1K0@QEa>fb_D+Z;p>^dF z5UCI!W${UgS(**%I>a-l!Qkw8{&w$+%3}3=cjBbUlOo@Y)vmFJS(=YRJCjoFaiYe5 zvZd;Zn0LtOTcQ-O;~04V_6e+*Jo3{U(%#r-|KVKcbWKlRMg4)sKt;G)uwW#89g7QdC=l3 zr2dL*k@T(rMPwByn|?_awj1q?JCsjxbCZeF`Ddm01o|`ReI^58xZ!WRwGe{w7#|~v zvcsJ=+%q?)AB-%wZ~VVo682Sd{nJzVHxTg;>joXxjLbdc^eL+4mCh?4jB=mW2*Ajq?)|(HoV1dfoY!CNb55TTDN7hoW+t z(g6;LKWs7*5ZX_Ska6S>)&?{iED4a*cy(Js@EL0U3Ne1ZQc>t51xx5M*CkI`a@mK=K^&W0uI|w)5tYNYu(Fc z6)2|z1Q1B#M2}+~Jp&W!?Y`6SS*Q9AEV7R&GWYrCi}f;iB7x25=gc9uyWm#4)$Z8J zf%4{|4+AQfgLZJNURvqEO2K2wy zG3W9Y&x>OxFxWq~Tz{NZza;e8p#H{%)J8BY+H&_|RJ3U29`H8}7lg;r%vw<6Fl>+Y z{Kb*iFS6Wm-E-*?CHl*suQ)B3AYsFbrKwA??^^tY7%Rqb4;k);o|Y@#ld^cAO=$xOdUq7Sw9A1~huZ*ewvu^ziQ#w6KEr-FV@{ zM;@Oq{8h&a4qy?T`PkWhqy1cm>PiWozGZ>|;-l3vj}z#2%drCsapB>U-uvy?-X6(U z7)=jd$V{a_+(6qm+In@}R2Sn~!gA+;h4ZF!lVa9H293RZBFPF$Yy#(Vpx&wi^f=3_ zNdaK0o?$lrnEvB~$iQO^v*rhl%2LnyCf<^l(1f=wxpfac_F2K9ibc#P7B|n>Kpx>w zWPH3_iEdZ3*-t>oO*R1mkm~XT4vxaC_Yl2HCkbI_do{5cof!dRoE?kt>Rsb!CfMoP zYW9Hla}0~+%7nSk<=9io%4xgN^(Z=ZMF3y>u--52zWKIn3avy6MrsXvFUfOb??d~{ z6ZU_#0M;^cpM+Sq`c+n9JH6Qfsz=9QFDkbl?|e;Py}?4ya&K?1OZe!M|Hyh4L^uz+ zq2bKGi})DpCGx@O>}a*eSa+_7Z1#6xjD#vRzLeI3~mlrBL@TZlipkrBHSD6Z~@X? zF_g|!jj;SMwq9|39e{F@f|Xw$MHFq>E1-3aa|9M)FW+R#5N+XI7l`T*x|Zttdf?$W zM7c&}rYa_FjMxB^N#w+Lvs+!$^pPOI0_r|>w$kOOKZSRI!L5l0``piU6`zi4uu)%q z9zT7-5m#>vl2)YHoh(1BQ(dO+$s^n$)^Q&GSF)wB z=|^4Qcmb4R31NE& zpknREi;{eK{eOjJ{~7RRJAyBXb_v1aNME!?Dn_I6X(_=b4uh=85Tk|ho9rzxq}Y2X zQR-M6mii|@!>FnPiA=9*l3;54zs1VT{)blCVH)guY${`-i+{T>(bJQsGkL^J%v4Jk3Hi_^fx#(cxEpTAIOD%E^5WAB&*AcIRLFcOpzd`yGNFOj2CMGEZSckuqHqxRGdk|2f+8_Rvddn-fAjuh+3Ro;)&$3FjhGUamy@Hvh z{|xZQ_+CSc;S*eC@0KXggIl2V>NW z^RolT1c`e%=;M*Ggv`FUseHk74=2Ih?OwQ8RDy8gIqQ_54x=m`TqbuS>vH7dpEzE6fO4+y=WN`Cs9(0Y3!&w3K_dmg!6O?WEo$tR35PkM?SE|hq^Y&`Ec&UC{Umlcf zvEv?8t;?QiCb!<=7wz3AG@~LOka#rC^HdW$o~=%OMCTlrI2bfA4h$hbfx|au+_#92 zQKVGb>Orc4!D17bjPutQtDZU1FzX!}Y&%Z>8YkmNqDw>`;p`g9%F&?DfS-Vb?txvJ z)rF|f?+CnVNRcLpMIsi`(4VC|2EU6*mIyi+q-p$diGUKoc0lEgXh6c~GfcEykpj_z zMsG`y(H5B*zje}~4EpR*P6r<@h z_fOri6f3jkD-5~qDp68GWCfIf3-WDMt~m1J)yeqe%)1f=PVe;Wz_aPIW_N;sRLX?J zw_ee zAvXdrvlk3Mk8sq@PQv_pzY(o7?*c{vNWgFIuPCEtjYkNfOE*;`fV)8^kob)W)dG|v zv+Q9-+S`1eL^5dyViXbUkbQiD?=Kq;`ll9Z1;qZIoc8^daX+W&@6UBE`%l~kGU_WO zrYM5#?H!L@6~Z}c6_J0fb$zm@{K(!7F_>z1V$^D~s!UN@_RJ(dv@vgU!h*OZo^tu0 zzEH}|9k8btRA0sFY-lHq@Ec`oK2W|OeW0ShM7TwYG8{jpczWb#cK3+*5ADNhD2C&XY}8`l0oM+MG}Yo~ zEM+0?9xbYqbZE>Ym4Jk@x7h;ahBVL#Hc5Z5i_ZcN*VX}gmIY=CdtV*p0^R{u9@>MD zcP2i?R_;>D2o{ryE^D0MF;qlwq5if4NK=k7dgJP909*=(Q>#D8L72n~S%=;m13E@9 zfMu=QY}mqMDcNh4KJh`L_PniAlIbMGs|-udl)xfZE3;)m>U;}^?$iuk)PyxV-9bO1=zcYpsgGo@z z;6Lg0E3YvO7kpPAW7iB(4v%OC_0M8N#qKl##q7YRMNHYt<281LnyDH6nX`tD4~IQYq=420-T0PRk$@GdBY5beLPb z#Iy3JJ0k`;GpeT`k23_l|6{<6uD^`GeZSTfA@FLDyg*3D|ELb|BSZ(;g*N_yEb>xg zj&-8C0XQe+rz>a8N*YyfN^hF{Z zVT8u&wQ$mmeBmvGQ3d>DPTXnfT6A@=U%%*iUhw^UgYWAEB|eX38X^mHc$@F1%0#h- z1O_MKuMHPsA@G2vE#|9ku5-Ji_hke{skP2PfYUF?!1Vx4%h!`lP;E29@#kVle1ooVhzz@x;jY-qceup_ zMFbf!1dO{O>(jT56pw)d)%QYGx5=`d%*U2Op3KL9@;Rk8zuVJEHB-I}%UA3~vD?PB z{7(@4&{aAjK8S%OH9p%-gjm5VJrr>`s-!(btxd~IHVx!D#1miT^FxL5d=HCd1NumM zP9Oj8&0Ny;|I@tbtb2;@_b)r`zplNhw9a)r)RU0P?3XDlmZ8jnuZ8*2|IW5&3h}0O z_LLwJe{Ul(H&zUO2iQNjJAzkxlJRB<0HDms$~$LjK7f&80@bp>@3GoCg6khxSE*@C zcS=CPHaux>d8TkmTn>bI>TtgsmM-1*RoH{nRuNjUPo+EwVbjl=a-t0s_ueVh{5Iv3 z=C63vLd%qZ5LtI@D%YI~%po2RB`sq{rB!r~uaX956E6Y7+qNQ(shrbr9h&8GVQnND zBCi>-x-)Fh0#=7svONKe&KKli4X{#;k2U^v?K^~|MYt8WNkJyE!oJAK!63%|bSE4> z-^Tbw?{)I?=AVd3=5-Qm{oq2TpsfV-O$nPb{voBeGDA|&tJ;08;La2SX+W01>0JXY z_r-~z)y1$g;-|?aWim3^qSQmLTNM^Yic_(dDb6XEUS}=4+4qHTu0fI_UYl&;uYm$c z>b~)fGGp15X}*&rjZD#ss%xhVx(Hh#@7cnGF?xpqS}~q2V|_Yj4&v^X4Ki5^s~8MY zr@{vozYO0}A&6L$fl*uIga{79Ujs)2K|Z0A`MgWOXen)H28n9tezVWI%G@45tyfM(1Ywe*!lwVb~I! zD}KC6SD;u6tLHm+BZL;Vs!5*Q$SfM#CE<(VO2?h^LaT6AtC5m!F>HXaquytsFJfW< zsXbfM-7AmXKRb_(hbd5P5kci>vHziC_7W0q{jBh}_v6vv4(Lo9G$P+vEU~*Q6<+T- z{mbD|?ayD7IzM5PR{K*-Ej1BF5xLD~{5X!eZgP(J#ZYoNxumdKH|3e*vpSJgaknEP_gTc zAk=^$S-I%}tHhanivC7GRc5lYgs5dNH2^c9N(*R@AkIxzne0j&mUm@#WCze&w-y+AwZ zM=IoqHAdN^{sHgC*ykDN1%0~-sNc6W=j`k7?-Id4DWL1r7}YPH5d0h#rZ4t=G5FvG zs6Y{chCbp0T9%8&IVYn(CZHkVHa-Sle}{$0ltUq$+CbN#K-$C`c(E7d?~a@PCJU8m z?X-IBbMEPjZ(77R#)G+G@!f^3@8#5KM66I3R_yp#z?WfCbSOscG8=JK98p@_;-&V7K@H&Q->l zcz_yxKe)F!{cg6vlb$JYp455|Y&jl>4rd8HUB|nYFrRxlN$>p|Tl6KP(8RoJowu%j zc#)2P@-p4tW6d@^)E{<(-yxUWN1=(+>MFuh*cmkl`Gwi$=&MKiU5mQ{Lrj5N?1#5N zeSB%Gi~(7kArK=l+9eJ(6q?ahvI z+^8+AnfAM7UKim*)fk)q|$7@W|X_s3H0djx zf}P4hf`ejX18)Y?F>E%l*FS;FvLzW23{jPfMx2A`tGx57iOm}*b{IQQGv^?9M4~;6 znhF671nNxBQcC1V-5!UY&}ylT6}+KCsARmiqBF~|PkEd~+4)k1zE{lpx=Bc@!3PJq zLOw$gbhk!7)9%z8=mw_0iVdThVuECfCX~poy%D{eq6?M!&&JsfEHv$Zp1qOX_cf*} zg~dtp#-L#J8D3$PU9I97{I%!4fsVt%q5b}{9>wf(?XQ`RNj;4dKpNhAk|2Q==``XfsTRt%NlY44pH73Rr0c#Ch$Q2d7o%tJzdP~}4ZIfk zJA9^zL4wm`tSpUU#&}EZbR^wfjR{_1z#L9Z^Ln~mlHfSn`RF+htWAk?e707?*U&zA zT?y~y7Z&GB>R`2R+U(MYvj>emzXm{5W_aq0F9LdIh2>%I^|-9gk}yoz`j|hz*h`D1 zd~uT1AE&wf(pgy5x>|`d$A=Z#J5Gtyq8qeQiuUYAX}@9s*y1=pBI>I}FMw(u$+x1r zY3LG($UZSe2Rxd|EpJP*eZk1zCUv>Rj9s$Y7?-|LKNCZ`O74#gX!F)9=;yMCf1Gmo}?7DOcw#8i=X*0Ui=5ape=)Up*9c0#=j1!geqboj$= z4*v`>-1s-&(b0hU)+~EN`2qxZrK$KypJ&hX%VI`e$*Kuo?gw;Pft>vKXZzSjFnLqY zMSVRewZHm(elxSbo-#Z9c#Y)Jgx$G3sQ)*}KZC+_ZmPL{f}HrW;*14bm5s%hVVj+g z;nJbctb}oKP9B9(LFU9F%gl`ArETkGvWni-spSYu96Awn?GwEsp?-MI)u67-9(<}> z>AS`u>}TNk5$3h<>k-^D3HiE~_#|u}gh#*SGDr*orBEg|B$fCcAKGuF%A_rZFBm^Q zg-!gY6}d&)?F|W3A8DtO{oo@9ff+o|%)B7gy)?vM{u>_m0P9$%o2-+`$6nZ6Mk@%r zKpl9ikOhvqia`~yGF|Fq{9~BqY@16DGk#ccv$UU{eQZc^Bxv&Crq4A-ZgnO|dxc0^C00;D; zsnb~VgCxNIkaM4Za8(4zoS>J!HQcy54HQcg^l?%3X2xgHrGB3obbHi8XK9-`-DOz+ z-iaZe_T#>odz~P1X9r?-n-N@@>vQ^4*k?SVOm^4WE+`|N&Y~x{%ZBJa(d~`Nx ztzS$^WPkP*&V4l>&|I2m4oX-$1~>l+<|19oy@))!4CCDz{!OnVhM+vV^fO#&6ft%Q zqvPh=^ME>djGJV6hgKbOhgRMz0}(B2jmleQ5c6w%4O(VoJVmKdvl!3kN_uqhGDDKm z;xq=O$a`Aa($q7JH`Mn>kRMqAWY(%#EQwF@2QY#MvpJF77=`S9_bn36n^^~~Ll~vm zq-L*s4K~O?4IOqE1h8Jo$5buS>{*8{7b zrqnF&jSQfq2^SZZ%~}Y~<$`II%NP5nScz9rx;G5m6$!(&R@W|H8Z9v`3Atwk>F!`VE6{BB^kaxFXl8r>Y{aaSXlVh4$}yZx$hNQsqe5l? z&xh5~+&OdPJCyBi*}i?Ox^JzQfN*8FZNkJl-n;YswIyF*YG``*_1D&&A5B?B{yOaV z-d|Xq8Frp6-QXU@1mu^Sj>B@io#nir)sr@;-M2DHm*raFB2{rJ*b1pWEQ`XzLT}|Z z0hYirfS5!tR_~gOF`}ZJtefWcOU|t$E>_k<>+>M%*YH+Qb5E}kIgxn~4}`Ig0hLh& zC;(L8FvL@`G72nX0;44WJx&CXa}l}3mfx{wXhW)(i3IPbsGj&@Gxh^a&g)N`1|}-q zxBd4ITF(oq`CsF=4NFK*Pnyu}eF$TJ-f1$Sh54sy^W_Vj|&+t)WT;k;@5ZF%14 zREp@5BtMcUvoGGl3Vs&~2yyu>Px$iWwq$qs^UsHi>!P5nv4S{IU@@+AxDt{p53zcC zCCWJLyVM-octa!*LA!z#>u?+=@??pFk<09P+tI5$Dcq1KxcQo*B)@LL*v0SG@Srll z&qaH`b+M)gf_!dZq7fP~@W71B906I;Knr-k10&ZnTpNe-aDq(GGDE-;T#|ijm;frL zP!iCx^~`_B0-wSR6$i;nCU*QzxJ85zUVn=%>n%|B=s!sQDWSt6%&HIicZy&??QOsr z=*;Z8>`W=dXzvyrP@7tuZWQI;KP9$rGn~^(u@GnQeiPO@R3=(oCG=Bo=AnyGcjv@g z^(+;C>PfiYn?3KVHFCQ%=9us9eko@LVZ0NcL@2N?!(LSurZkh?VG`bO5u&(P8oTnO zC>V~o9rC)e|2Rra4G4xd(!?Zw#A&1^r4Ud(pSI1 zK)%WTyGZlDI1R4M*y!&C1$UP$gK@OI^51U1ulwvLqoZP@oO-pe)Uje;1<3vuNq#K* z#f)l=m8yG#1PKN* zYf;!3q`d9CKJ?ZK3z9_rz43njca8fr0kTn$(@hDfyh$(5!NP<9W+LzB51WHVcOb#n zD5(5cp_l6A)+0qQfgaT)oFvm83%^@duIiy$)W)ICGuHF|d;i>q6}>u@^f$Y2qg;aQ znIQ?j+Tz;T7*9cb7(O}cZ7Zt>Ymcp=IZ^yVEs`?yuhUtegZ&C3_vC^3>!Z9JmGgIS zb()seYJ15RWHNu~COOi8;K60j(}Q*yI_NF`uFheeP5n=l=j^`M%(4>g`%*RWY2LP# z58}(6$qv1{gDT2~V04Yirq!U6DL=Y4OX`vSt zL^`1csY;b1ARXxLbazrL8hK{s2@={kgQSSF9SJ>-b0= zpwdP6NcoMJ)@!RGnE&JDWn=|?uDhg;!8IARmkC=T?Sa9IcyL3dGvk8h=*wX^Rs5eae zGZ&s6rcF)R;K2T@FCJ!=HK8_%*T1XftmIVdW)R8{k5&`3J9HeSk7CnS=GZ}XSX_>g zeDkM-KD~WisNO{z_e)L0${AD|=G0j$&Pg#dPNf|SpI$J2aI{k{sYcfy3%yhtOhq`N z&$a!X_-+kca_dLFyoVq&Z|lhy*r&~))LKbV?n^!!5_d^=xc#Y%1Ov?UXmY--wl<1@ zh1rl=0Op$e;zdY3VPRq`Pv@QH1|=j1CH)7S$@iY%+9g9L?su+>JCoo(&D3U;16lz$ zrYu0?2QrR*J-4sFiiW4f0eK_(MC9Rh<^{7J&JJ`=X;PA`O=GWvYVFQ?D?YjToi2X# z+GwXMdUC^h44CN!*K5;84b-MVW#4T21kHwbs7KThk)^s7qC;1A2ybl=#5kqP0C~Ad*k8Xlqoazw)b2A@q$tm z2`XaepvnB~rA)(waD~3ob!YnM7&jU4rp=1RUQ;+@|YyA^jV zIwm*1@IQh(4{<&oFVUVJ-XN%i#I*ZpR=z1tTMG;PV$I4+c>RoFQTbo&0@;d%0>r`E zZqje&F8Pus{ITK1Yr~BF+w6>es$XJ8)$c@ls4g)q%wNpCzLl8^3PRA9f$>3f@b!@> zW~q@K&fB(qpYG#0S_td=I3Ci1aH!?8c5vzvLyt4r>{R@jk@Xbw$p2+~Z+~VcW<~$~ z%ZF@6kWGDitYiPPT0{M%2Wysc@t<+^Uh_NiBLa=)?WCUUg4^5|f3dh;OYkxc(RROQ zw~4@yarMR(y%_A6CT{fCp8>6xS~x4Gpx+mI3~66BxW35UYIHQiNLlVav@(@N6Ni;; zHxng1(%UL}Mwq^cZO*ZUYV;+A9`q|uYX#%aZ1s&os7ub8Fa}}{zBUps#I0V|yd5=% zsap3I>HeyRQ=4C?Ss$kvYk~()Emf}1q_+#sk#`W)xA`teO*!vw7FV9l0kRcgyip%3K4`sQsW{>Ds^k9lIq#mu{W+Zt0&sBn!BOa2rp^{N!C5f|*li zSTdrwW+Bjc>Ap)a)VADIj)sSC@Y}Hq6${0F4Ujh9HWFxUngF!aIeo}KM)@efeTEbn z82s+ONg>)5hCg+%rJMjDuy#-*``_AXw(oij3f%5yMNApeF8~zjbV>OkLgArQZx;!D z`k=K)#+i!O%{BQf^o(0wob*Fs7q(=cZ9Xf%jX+Rg_rJVN0Mi>=BnAA<$mHLNGzhFx z!7LK2`fx@k*I#EJi@5JQVUEVV?AQb$DR|^t%CoW>CvyKkalMFBpHN&#)II^FwVar7 zD)BHGS|RHI~RXDk2+o`Fg9||A&rp`<_K#Dp#22*x`Q;=O24}Xy< z>J1;>(#}8H)pB6#wiRdcI&kAn7tD8^(Whnd(_G1L1CU*ja%i&a@!D*cqy^~)io&WM z=Y>!d8uVQRHfQF8smsGI9m$b5@g|Y)0fp-X3qoySm3~ACU5XM| zIQY7VP;s4Z`5~fo(toRoO)6LRumuxzXKssqV@PQPmaWuj%Vr@G76S--%JvU$0rFlF z?O~jy{1maERS9prP&0`wvIrU1ErI(qEEjw28EvAUrS5#SOjJ7X1`!jjli&Ss8wM)LQcf@kfZ~)d-%o%Q zc(>d4Zg%UU)b)Oj?Z4|aDGgL4`cOr5Ph7v^JK3u1UBkb9mEY;CZ|9P&4OaBtc!AnX zP81}D2m3KT6rq64nYQ=V9zaIhzI5N4I9sc4piM93fwxkvH0mCYW|JvtTQPji<-1Fj zArJ@GhqCpo1l>1?JW&1${3I^HwEn_~{e1agY4y`1cOsY$ z^hqRFk8^xD`L@39(@Znr81sdFZ+5l>I;-{w_RBS2sP@>x;`0@xd?lq8fP1*fM z{G=!}Fr7X)QQ4x)>}7u&GZdSQlbv5+f5N%@JF)-qrb1&1yXXfED~?@q-3EhZKPR@M zo;6Og`os(Gb%4+wu8xPHu@~F1WNDJF0YvYqtKxyQw{Ff~+ zi(^wvGa{>hM;WF(TlViccq<7mIgJ=ja^fA#iHPEy8%omFJc+FYz($wTJhu->v~Oj^ zPImBK`!IMr&qZl9r8V(`QM?f)LL0zL)JeQnh#3o~%n^naIye1AY?~xB4RLjLQNA^e zeZ895O#jI}z6*S1acISiC9>9ib%0Bij1->pSc2c~oN3+s0H2fsQ{p9C68||!XWQI8 z7Dj}%4W(WZ4YZ&)OS?S{{_EU zVYQ^MJDGz6!aTrp-oq+xLAycwnD(vHYF4?Kz2*xgV(ktQ@XLn|o6qzCO3X@tXH<`x zUjbxX&FwOFe8aO?i~@uXMR$Ax z%}8>)99PkqY>!wThG;v78y|*kkzqq*0eSdI1(uCxdfzsQyEK!B9WB4Poja!cTClEM ze8<23YJGkyBhjlX9cqyRVMEH|LL6qm+5?~bkJO*BERgR^w1#_YI^7`{yZ!M|H=*8u7_iWW+B))F@Di_LsEL-&4_^58}JcexT;cgxE z9=yp`X%2Ok!de7x?1^}gqC_;rHFChjnib-!VQS}CpCc=oz@2;^(f0ys)xsBPoL0Y< zuHVHC05sRprCJZ?Cunk!$Dx59iM%#&!Me58@6$%|s=Fr>G_LF-sn;x;Z2bubY2I+z z`9#ixWD66Xk+VbZi$m{&ZQL1->C0Tm%&Aw?*fF7OC;iV9qxR8;*=?S7XvJ$8JaAM*<5Qi@Tk*FSq`NeY&Elo{LS3^?3CC)1{>o(SV5g#u=@}{p% zWH07&jb7&72EhMsBvNcKsgjI^_QQX$r%AqlY-zSP$7Rib>AwA7WT#uajCcfjcxxp= z%V0Q;#!jKzV!J9~uXG3TtZpQ>l4t*$z@v9PRO7`;JPlWC)4wL{YizG`roQjneH2<$ zseGA2=Wsiio`;0JE3lxHTb%wQ>P4c1gQQ?~g14_lkr|F4I#3_^F}MVE5E=hd`*&ol zUVlYN^M{)YC-VK>=c_6~b53dMkMeQmgO=fRfZH)1)n-&^v@%P|3;l_dkO-Vm5$+pr z_#*p_fkGi%(E9D;xiZ}S{A?0tq8H(6Gn8f-IdF|WZ~R*}SC=$d^*wTm>^wpG6cTs$ z97V@;*Exi^#^S@hiK_tB_j`=tUG#=nK@OIqc2gA=kuS^r0cRi!T4m{;){o2royM05 zeqB*f5+g(4v2@BE%(RXe`N_u!=b7ct7Th(+hk>m&~r+Z zzpOf0rzfHEZYdFL^199MZ&Zt0mJC05>=oVGP-2al{I1cl#+J9yg9QBBIf0pMtYunk zZ@-p+MhwBv*HHvdTv+84pfzDO>v!v)HpPV%Ih7pD{jfXY3pRA&P|wDme++^p3mP=` zUqzohD0=^jjrb;VgAVrz8chcv5PI50*r{!O_}lC5lTI3V*Ub_9zc;rEFI{o4z#ch40{WWIRtko|1n2ONuNAZfP+Q8Ng&89~!!KRDJ2D#Y@ zEv|gDC&iyFsIR1j~oE>}Tq=_i5RX+>1Sa>`k_qC&26tjdubSSKo z#Z3zBr&FGNjF27KeQ~B;c{{S^fn2oBA*wk+T50`Z;B9u!Y%Y_uPOkd|?JiAX@Yr*r zL>1kySl(fC1B|8eMs0f89l0fx(C9?KLG*RM$mJ?4bT`eT(a7f&&moEWUJd5nd}ImM z<&bWpz=W~6TUps)YW?Wbv8auDiBFk~IUtFNtj%kXZ%}@7=QINc=^zNj`7~bc*%~uP z<^RAPb_#-pILnf+Mkbn!1Y_mxBe)`hqK~|tc%0YMl}zK4j{-lo zh7X?m#_>2yn^4UETN@Beuuij=hl-+PIscvoWwzUyb}v8jE1KYFpEyE1p8XVAyJ(w? z{dsKfXHzWjChH`3B*?yfGeWn?Tx#cx)r*p=P=m0sCeOBb*F}F26e`8woV$L&J*(K# zjrP}YLSll!c2XT%bV&yX_DI9fU*a7ROqlJbsB|1_sQs6qXI-2pICk}5`8C;QL=*Nm ziGNi3Xo$^AZkY%7$^HxSpWKov{gLBP;;{SSLxv(uMm;8^^LtRWsga*d{^?bCZ z)@-Glp!7)Sxh*C_SvrzO^Sh-*XJnN$2!}n)Y8pV6Y$2Ngotc!y zlZp!V69GKizgG0ztO*@NwFr|e8 zpZ2YtF1}+r_6SVx_4lTsjsss8k*ggpXf&`pp$lzMTe)QDFltZG8%ceDPu$Dy z0hZI<-cd`cRcLx17?l`0r4 zB@ch!*<?25IZhdhzb z;_vzn@AQ5b9(Sa~Qw-AVu?Ox*7`S}A$pLo5@6;HUA36pcp2o#$Rp<79|BFbK*08mT7<)v~@!w@poqR@;nhQlK|L|IeECbSl zsFsN^lR87!)^_H7uxo~}{mIqDvWL=<(Ud~d;UZLXSK*X1ltaCeALEcdIP(|8PUtM^ z&Cr{q$jKpr7D(WP8BTa1NjbGZXaWyMcCoES%L|>4B~YFTM{3KDoR^Kg=4QI`kg~b# zOK(OR`UnnBBr+cqhaGEHo^C_6^cmta$tW};#yi>a+_esweb8CF9j?s_Un~X)ZmDzw z)1`lNkl;coYZ%7)44#XnhY!SZV-1!Z(zOn~pL9a)IsDYLm`2bu9*XnOV|Y;3Sx4;0 zN55t_az4++CM_T0y4H=B&TOxY$l@xb7A|73M|+_n(sDS&M*+{2QyEVIPgI4AQ2_O5 z=Rk0?)Mo-&O!*JC?pVsRe=~kODeiNvx*k}{a_;Sp8dd|=PPQILnJj0GwbAbHdxvhE z<_b*Pp&P<>GAC%KN}MJ1Gaq%kX+M=Bw)ISiQ*}l(%4d{(pvX@!p>0y^10n`$5if`a znG%F=)`pXW6cA^Ie%ENZ(4baSx_JnPz@Fa~%TOM>@u4Kv{fSky;QymX`mlB*v36J8 zd*2cpC((Q_Ce|ozrG)|_X)9mheZibHBEnBSu7w_6VN1C){z+hf%E(mJf=6L6=`@n09OZd_tbdoA;AVqR%M+FgJ` zQL}!{@5{g}XJv1Yb3&xOiuLX4e#7y4Q{8!~Yp}S_G~93Ym>gVA#O|!S7vnmdJwC&N z=+b@0p_dB;zXW|c3$t_U@fPR!JwI`^3lh-PQal+j@sQ@!H5AQ=TK$LY>ZNc}Es1y8 z;uW^bZK?c5w;z+`(*aF5F*Wh$_1N^#;!5~@<*^L9{N34gu(3gB;*#d?^P#RCXs=Z` z`{$l#{C)-g{LnFTm#CX5O8R#V{vPgpBLVINr*Q8{rq_DA$8zQn&N)MN+H%Ep2+m-0 zB~m7A`|T|8+8gKfZjq}K&U>#-OIOfI9!dI>1?UKTmwAJM);Vv#c-s7xEe(w<39QYT z2WTl;Ex+1r~B&K9oe}C<|J3Kj8t06PSo6)k@%PxN5V1KAp{H8|(KXBXXZmT6h&w zm3PyHfwn(&f9(!9%rO(l0Os|`GCW_g?tA#-l2u3n30*5edd91?k5F=!p^dU1Ga734 zS}6@#5YHWSr?gZf%0n)WU4{CMS5oJmWZeAy(VVD+bg$x6=ih|S^C+}UPU`odUMh&g zgy%-i2mRwkDr8_&Us;!v5)xnk_j*>oMeNd z>mp9p^KZ@F#-DtDZ>{*iGB8@8_lr#EAx4IKh3_d_*aN`RcHIjc-R_3itVUT2hG(qQ zQPNK_hOX9E=@EN zb$NLpzOtH-iVcY0oU@1-z@jqQu#VP!=C?EChM_3+9l2tJGauv(4`1H=aWc1s-X3R> zsV{pg@1NhyYiI8F2g4I#5jfRkjN&v0!C&sZeyZO^@vZe|j)OdRpnov9t_@bUuK#7q%L!@7?p$0qq zJx^NdN*ugS=PIPo4ZLBoUp3dZ^^d$i_nfEo`)fD+^GW^h+Fty}79ym?um80uZb$j` zvY`pns(o!Euh}jCqPx#u{gh$nmP+v_=96|^y4#?XvGWJ?FoDz?c=?uNP+?@&Z|j$v z=f$xuOo%YdDp2Sjn*q(_`qFYb(vMO(uJ8FCP`#@|J;J_|Q3%H4R}`jlG?^s2!AAbi z>F7t5*$p})S?!G*+-qdmJkUTPq!bUyt0K~m?1Sx{ga#~-K2xw)i(e+GfT+Z__Kcb>>?8Rje7~0p`eKEmwS&{W~)4%*T zMP6pGWe8-xdP=57CJeG|&88b7)RN(D^=Jp~18x!60YTUcxu9vN61zJ|cMm=V4Dh_h zpZrRar2?jRCsStJK3TX&EJ;S(PsZg+keEq67Z7cMw8gE_M-xMCfaLj^Q5964pvUae zqAJS*5K;rqS8MPJ-^IZeOlHtgX=e$+zevlT6Ayq0_w^>0fQVy-D=PrRvhK7sE6{1F zR~Gm#{#F`$l)a35wa*yOMZxT!HbcOIKj@Q;`iZYu)cYz1ShO6cUv$X3bYJ{!hex!` zDHFevV}rUuJ3XN$TdyeqZ}ovO{FSvT?0qD^2}3n(O+Ai+6_aaT&QS#ZISYE&iclq8 z;pfI<0i_T3rqE;!6CpgWYskiU_SD$ci1#m)Gpt#AC8^h3;KU|wOvd+l`{ozuW{9*yuUn!9j>Tr_y z%OA90qoQbBY_^32F}-~rA=k}C1c)7ESUNBYa`Ai<#D4|Dj2gqH=zgD`2N4K7@FfX%_z1|(7f0hi{TwjfzPvP;#l@(H25J-P{ z4r+N6xj-K24y~s!{lY4rC)aRFBxdEUKsPKedyba`sXdeOn9Q2+WmmTs=u_Bz^2~Z* zq_*pE2WiKhj?|L7cRo1=dVPk#eDo_7<$!(#1PhPC?4WplWY)-c(jy@#=c11Zl zmdh6D&%o+tl-d9t(rj~S7jM~?NdQh9QAQm%N`(I?tN-&v!~1}97m2;162}*4=SX+R zKu#lF2cq<~se^ALJ??w$F=bZGc6%R*<}{xaQp4t`flXRD?Z5jO2<*fMMw5ef1Syoc z7Z4+ogHIKjuJqu}d~^I*V^w<|!1_$q)-81__zVPh}G#=P+Mp-HzP zbu^Fu#Jt~u<`(DPj3)@<8&h_ZVC~Y&$9xbE^6GZ@0xPC@E!0vL!?tKc5;di@pjxt8Sy>ZHkPK@r4i=bmq z^PAI25@Q}^g|Th6UZr_puuRd!AHS3X0)YimosZEEH+x*CIvW3~zpbY+Y`nCQT4eePa#8@4o4jQVe>Yt{cuHmXowFNLisuEJYS)F)V*|WwY9Wpu)~kIyIx-F z+I+dk<)sVS{(;~xHV1^Evo2?=q<{W&HhsgqXY-G+xF2;!_ z=WS94jUuyB7mYj#TEiL$4roJ6^25 zz%!brH0UKPZR&zg9#zx%zN`y^5Ok*#J_|*8V##i;%NbdW`;RanazxBqP7z5wj+INhDA}kK%=wp1iPlpvb#|hIL7;f z_8nv$cX0c7(n)nzWILcfTpv)E9x5c%TfsPMeQ6#JVe4S(xYJ{81mhlZ@3@0DIBl79 z$+Cqn0ua`2jqVAdAD#Hky zea8mhAA5i#gE0uP{Up3wJMa-ro#0-4aT97`VI~2Dg2;YdBu}$ax^*b*XvCon(rR2Jm7mf# zGbTCt!n5=csH3#UFb&*-FUr=iH-JUU)0>54P&VJs@4eqz62-Qc>SFkCe}b zxbhGb%D_)LiFvbGo8JwiNB=R3_@jzi|6wt`e3aMp`CMB_fsI1jPrKyH=EMsStlQ#q z4}=*vZSZDD|K_6l@WsWeYJf5xdN ze~#J7B&E}&zsv;fkhp72uGfP`XC*VmYKU(oKxzpk4ha@K$~S8i7wmkn?!Pu4tDxRN zgy8ElVM1;@$+?bHtgyg@o1t(*o@U{@iN(Fk;32j{#u86ipJAcHXmRSRq@jL(YK3_p zudh!xgXfmzG}eo*ZT6l6>{ELrkbZ0I2eRV|NgO)XPTl-*wh$FDbzUWPl^51;UlqjJ z3WtQNbWtUV_7+)wD^R?~)C|CDb|f+Nn{!O~iQcA*>G_&q_r@*bt?kCNBUEn+02NOs z`X(D-RYHfHy0oBw+JRc7s373y5IbI6Zkkq ziPQ+#HAjnVr%S2B>A#sCZ84>}x(E2^M|<^@Fxs0P|fYO z1IFrF_b8AD$tj=fbtluBDP_o`NsXw)?`=`Tl*ckA~XXy!v^5eJp@2LC6X10B$t$pODWcKy0H;lteC5TRQ0vF~6MFrwPQ0Sik-KX2vaa z=gC~VSqCeV+aeU$qT2qvgfzp=2OwheTQJpyGH_A9)r{|2{*L_EBu%1>D!|nTPa(~l&kld@X%A{DWhuS&hF?e+yiXR24F@z6QxOSgv6>E%n?;g75U><2)$^@a z>uer-;nO4M=AOng(Qw~qD~Ozz1)_?7996$U@cbzOj048)`p5T{7Jb|Vcva!%+%KhC5IKjJ))cXF(>$>|iSoN_v|&nn6>NzBmp_c%xB0Hu zyv7NWw%TPT;@x+OJ*64n)s>pA`cNn-haUfG_RTzYm%e%Co1gXVt@l^mC7-psb#eyX z$z|?Zc*Gtu?K61vSig=60+lji?2OtEhL_nTE;>mEUvp6pbUsG>|^ z;seTb&!sU^*d**@$ z98Krdc583gm%#xZbF96--{uesE=iAEsVsu+zmZqO6-DnKoG;`ee}a85GP5`aiFAtA zld@A>0=03b=jL8{!AenScF@&TAN1mG^wkOy-GTI-=5Q`VIP|akICKnInd!-=I{s`# zo4oA&S*M?D@Ag;3S9`5e)g^KIRd$~B-l!I$WRj-rc^3CBXg6FUuH%UojVtW6%J1R1Z8pFOxaL07Ko zw(}jfS|R6rUVwKyGlyNJ)Tg<*vJn5~>;cX-0YF*Z*D(zK!0^}4$mN(){3!p>|EPU= zTi|@E&)&V?y=%SP{h)r(@&L$p;#YPl(MNbad9G=1U1eVW%m2Y$zjEf{cbd&;$&i;OQyE$4bSLj zMzFB0Eozzx7_88lk4q)bcO4)=vZ-#nbve(`&k0jS9xK!gpo%nVgxEZ7fpxT$lTPYr zMvSXLlY4Hlvx-UTg((y=8Lz+J8EFKCbaX$s<|8?{opsA4l?Jlt4$ROcwRLyZU@iq zl+i?k0j+dI=I=A%{t|eTH)I)!xT?%k1tc4!;vi&Ir}{jHV5F87`YkfvjJOgA0fx^^ z-#65W0d;dXNq0IoPHgiD{gr_4kNPE3<;j%;UqXIG}sxBpyjOz1_gndWXd7l%x zSq${L{lg!LU%G_`=AU!we-@)q;Xn!Bi)qZo2#pr>&Xc!^4Sq~3DdYWAXt-6($Tw7l z)MA1Tq1ptih10jw@wvaR(1WLC7mE3Q4{QK833!Ro>pk_NOw^&;BkJd4aIg4E`R>FS zuFUC^>+^{QFu|@=*im0fLWGaJ>tX&fjU>Y7-0wc{9TTMukw>-v@-wqUMoNc14?t}( z>$g2Ah5&J-ZSNmBKa^Mo*P0sxr5x-SHFq&oZ>{0CHTpnj0!U(Z`NxhTN#^R~I|t?@ zFks}dauxJ}g_JYdolL-}zOujJ$hZYH2~twt{Wz}CW{UqDDZpAayIloCw{8)z`buU_ z50ZMh<8LqrFp4mLfT{Ej(^+x2L&;*`wPpB(Z!e2PHPPD_`? z)j)K@$)88T&}6ATk9(WR#5#VyYp=~#=i_;a=X)=YG`7w7r;QY&Opdc|&qP6mV8{vL$dTn-eb(VHcu7)L^%-K_! zaoT_;s17=$lfAG?7DFCJ?+S8yWX&%v#^GtAg`ewS(msV6zL`d=fM~s_#=aN0;isN^ zYYY>Y8c=7J+(+Z3Qa{s3E|2YKA6*62(^;WqvyAM_4~V1R=&wb+`0*sZdVo&1+AFa| znaL+N07YXkiD}P1o(Ri%KbZWlgZiW#J=ymdSAAxEpRD@gpR?Q#y7r>oXPG@&_|MU9 zdRDckvpkUYEBimUxLzb7x6f++IqB$Ox<4&9g~h{n@>sOMY|{imU2 zntp?3^VuK%Q@tmA5Zqq?ua1l8fUwShk6gW&Tg+4LC$xf?iz_(@4*;Bew20J_AfiXx z5nRoDCv-N87FiOWsGfiKGiF}2NZTeF1dD9gZ}~82?Dk*~sRJW-QbKcu?Vtlnwi_IP zt`dD9D0*u@umrCS6X0Opsdqp;JF!eO%3F~&&9o>R`#@uTz7RkbK#2t0Zn_Vlv1b1J zF#I>(Ik>FCCkR3GNan<4RQO6Tl64};M=h|V>HdV`?f}icWm%w6yZ3$CuE6&8IFt;! zqup%Zd`W7aK3a(`eEtQ{Pm6e(N}D|U0zU8-?|aBi@8duMxYRzp821OeITLxKJ;!$) zxl{%L_oKMtgaAaPpXx#wz~1`O_MY~Me)P^r_&*Al^RrAav*R&Ow2Cw!Y!J5M5BNRl ztl`g5zGUQ#C%j_e48aShRhyoa_ zHRNTdd@%c*Ez|>bZ46q0TK(b|%(IPt^*lD**R@{uI4C~Op2XN)1v#Q{TEpk-_7wdq zxi$3uz{u(aWp+u*S9~|}MtX@o$CUc)k!hbD0Fp1gcfx6GW*w~i~*Q>cfzQXSSn^QdIIYO6ShpFOQA$cLE8IHn&Yk>^mD@{OEnYL9=3FD6Y= zi$1_a?acYnhdnaRlj<>rrdX+^;Xt(x9GIe+b1}#-Zm4hIFW#`D-wfz@(#6pI9>f39 zBJVgEwbtaUlU}#-DLi$aDAe`%P0O4e;&fOl+iEbGV86>Btq4*Ad50UIKX~901N$DkfyDMf`x`L-F8KnM{pv z_|0M?X=yhZb4bu3IQY1SF~z|< zA?E7(!dvus-2TD8yAZsNR(PW3>?(fRPxIhEP3GUvgjhoE9&?9lQcUmDnuG{JS|fhz zJ?j0t`>r>h)^x}5gj?tBGYvuS$PQ_D_v*I>ij#?(SjWdWCET5h-Lxg}Gy3a(=Sd&1 zNvvDCK6n~^{_6>jL1h}Py9=v-cW0b^|FF1@MNxlo{>s0NG3o{|xCd*V*O(QRnFHoW z%WFS;y>tbBD9m@Q26!hB(SvA(Xj2RO7^;`Tf%hM-fAMj%pv+E^%J?m-f7x8vNmYd4 zpRvHqG0O$_Y!}$v4Ad`mfpc@I64 zQ^0qSWmb0xHu1q++Dy=B^`$Tyryx)!=3IDWLd2mb&Nf~6bPEjD9_eI{7t0_5HZv69-zj*as@y;=+*oIKa* zN&0bmkFEJJl3ibNVMhSi0Dinz-wx`5God5*MQy%O@Pq}%BYa?$zGaQ3nWr0UI&-6M zz3y2o^h_3*tf?iJ9`KQkRJdCcbol;l6ShB368MXpt?c9`UW^qYDFu7#--qHukiT#7 ze%SsaqWj_a>cKKQ0Bg6A&gqpbJ3yN8b1yAat4yWf2Ut3tzGKS(XyA`2i4f8Sei-;J zl@qCuOmI5IndE*IL#HpCEE4xe-tV@1$+wNh`8lW-+egH4ADP4v+T(HO zd8BcX{f9QaUz5In6C@~8bGmezjoIYxc^T4Nu_m*6)o?&8Gp;G5xX5QSlqPPCuLu`d zM*m&hRh?D1?$N169RIa3-`W_F7*I?rg*-My87a%-OqeQ_S8PZ4_nS?D7BeVY=&$6B zzNj@e==IBX=G`~s&L!lJ*X&O&8xK=EX7cUKn>G^iU#>AYS0Z|y&mX^~J=GG>_CZMc z;p}QJgmRu+be&N6E$?;jDPEcQ&-dPW7`7tgfw#xK+UDy_iHZF)*mq1huPoMb zHhXk%e%7^xr(rs4@Gb%`Sh5$PP!r^}P{KCnHwZcd0ab%?+r>a)(O#`pgLrKhN7 zX|g3zOA*#qii~{^+Cty>kL3W4?a?I9jD8*c89&(#|8!a$TW^+(DFF=YK|9Ar&eT^| zOPhNstd}kt6y(-U)#g#Iwkjp8#wx#`K*~qC710Fy!$s{m#&Hj#M!zQYBi)8@U9Exj zOC)j~K_J+0J+Ut4McZlJ+iQ;AtJoJ}6F1j|6j9&RZiy1zC=-w8$}X(m$eL|=Gsr;o zTd`7HKaMDpL?R+SG_%fdfQ7KH>mpt7L-<&PogOe*Vc+!QS7!90==3ukI$XAu&bdd; z8}qU#fW_pbjPPG)A+k_kbp1DzwC_#1j#_d@tD>b%pPryu!(tBC>C*pzhjb($HJh3I zP+_Wt-Y82ePhABL^xlry>9ENh_Q9ZRtae>VlDvI=fy_>&PJPw5L7vQNg3Uc{OlHXT zwA@u&7qYESbdY}EeSjYY)jtm?0kR7GWYjrm?}W#ar2}jW}PNI+bWvP5zP&MkGBfvGi2zoS?+CB>#%I*Uk0{T zAL_7B7Sx;zqYaw#e};#QQC_Bs;wAigs@8Q|4a0~{?ab_0oezg+>D*?@Dwn?lvJSPI z%Thq96)#h(40pL!-@jbD&Cn3bP2M47IGnI|_4vSFMB4sRW%htwWVJjf7oThur}AO`GYeMqX=B><2rFRMmB((c#bJ?~K>zEK=!5 zd-k2Q3?@d*&kQ6hx&g43U{{J*J;se$Jqn+YWYw`*`OdCh$`ui;XTDa%>fAxz;$r=&JH8vdIq&G_?!VH}LBLR9r;E3)y>ilOh-ge^ zk`CWJ{^i_STYgz9=wP(*SbUXUmE&>r878^JYh^g(K;mF8$-%~R?o@ckHc!fZ4uR=* zCpfrlrUWtlfUjAuGEO&5)A&t9I9kkBTr0o(+jGEZ@=~HGNe{l!V!dqsf!QE(5RS*A z!SCv?F6<<8ZI0?rzH3QY8m+@g-(8E5{qGenN~R%ZVgYE*7r|#7ah~LeAomz=Pn-|( zdulwg%2Lpxfl11!S44|q?@J}S#{@cU{n@suAWXvr$k=ga{F2_HeCKMoP^xwig(M0n z%Kl8o>!|vs$rZ|1f0A&kubUrj(5MjIfB`?lG+{!fy*ofE)tI_g4xf7; zMeJXvRhLF=l|xduNKbjmY@MI6DM{TBt!-7SuxhRmQ5S!{3F*51iTKs|1g`EWv*j;z zu5k9a#4~tYFP*$m$lga6uP$$XWOhNWx%ao$8bA<=OhzXrf2jW_Cb_BsvF79I-bP75 z`QGM+ZzrnSIo0v#vPa%~;tg>BuE|&;u{=k+ggH}sdW6aA^l|uLWkLzH1+p3IY(Ms) zso1Cq?j4tUFe9m5BQ6c{R z{vam`tLn&C^9O6OX_4(8R zQi0V--*0D63}97Wo6HZbe7CC{*DK2KMKcDNMBLbUC-*O>4(>*=Z9Pr`+dXXtgZads zBMna>s|`+Z3DrMN*^XNBk?)C0g{L`KE;r`9%7@>c?f#hF(S|u3N%37WEEH4hx#m=B zLI1A&HN|<<4ARNZ&pP#LCcU@*tOa~1&)r{p`d)UzR{%_joAk_GL;{1^1s0hD zB2#@}xt~^&dEep6&?AI+3~vCd6-6x6d{^fKOH|Hww%Nt7>uUX)k65z6E+tyV0)3@V za3vpym{<$_Tb|i{dAMn};^}%-4FBG*+cs}x@%+qHqhN5YRGz2gU^H(q__0M;s`|w! z_s&a9qOyVWEk|Qa>^m7N9K-4>zry8TAUMubygurs(1opEl|lih)sW#-VX|irrjMqM zce(la#Y4PaW1S#gIpNA_mElR;Qyb~0nZ{M#gJU9N&mU`59R!%Q$=_v?nNz$^Vs*D6 z`^q;xMoT87qF1;uV$?7mXv;jhJpZ+@`D&$Cyd~oOFkKIu$!*hvh|)_#`$o;0zcO>i z=f+IjX&ys)TSm)iyaYPd8ndn^sk0Z=-tJkP{3(0-T6BH|(3d_LSNOuKJzwnG<)0Wz zj@PBA{!A@QL&hGR^Qu>sOV&y08Y<}rypRoNoTYWTIsful?(?zv@|Nrw%geQlY%Dal zDKDh#KFfof^N4|2==dI;84h2|s4-RH;~#c}l)YH<_jC5P^|OlO>$FLh``Z&NoZhHB zO!d1nSU9=4PoxbMwDX+K*FfUy>*OB3bYJX@&D&Kr>EbgB3xHm4)yd6Q3?sqm>KKz| z!vFtyW9^T%_wN9(rqdoT%Pr`f%*@wgt|)lv#ZD^p`_2r8|0vpBi>{6n(r^4Z)3U-yU&pzVNoLRR=><&m z6rN-kAo$hg6WGpGob2yZ=l&4Q@FB+>IlVjR0ixs8!G&e{Kuo^fJ+g9&&EN%&^ zkNRqQ7O%y)I}aAEgFW5ha{1#Go^&r*>T=BIWJAhw%&(v(v+iQzdmMt*AM~7;e=_ZI zFaKSOXC0HVmLaK}tDpAo*4gfV?(ped_?nWhw>9+I27RzxXZh%X>LPkF?_v#XQ1?(& zM0m=(s<7+f^3#KwpG^i)jY2K^bYO}BcNq$K`Rod}B;1+A+s;Hl@`HWl>*{8#O(%;94vxMi zfOYgfDRA?__*$)@5yKlseAbEgT;-M}UOW|ccz5l2pcX3NMkNYcE-cdcUm zt|#K>-b7VjuSqV~;aFtrgDolAUxBW9-AmWUg<8=Z-vq=G3o;tBQty_m zUT+_fnvZ+8U0KD)W41PWfQn``uzp3d$Do@)#~t0{g-unpDjI_w5^d< zv7hZVsU}l5A3&1geMV=#-BllVC*gd9klV@=Scnm6DM@6@)$QtQHbs_)cRwFxv0d2oc$D>) zu<-rZ+H1RRh63FQ+fE4D9I*L(O-y1un5d*nl}tO=bEnGaVHlFpKNg(pd6bWn1U;FJ z!Ko+j(t;|0zVmn8)wT;Ox<2uyxikw*v@W0Xd8)lC6OwK-80SH)AU|eQ!Ph1F#(o)% zDK$29gvgXMzTS;YJL_}rRGd28q%jt_G+J-dZS>_9puzK8+m+Y$o+f=Q$3<+5O_FmM zC3ldGZ1vehJ#qo!54%mGeQ=XBLUnHJs(ufG^ipeiH23V%UwE3(s*Yz`teD8Y(x( znYa(*MUKK;LhI=ppYx1Jf|?>vU~-7(_2h{+OL|E^IAyB12sdF(D*F}8kCrStCGVh< z(-?7d;l7B4U&mc^PqzEf%=Spviv{wHF_oup7V_>NmqNGhy%&_B z()_lq`Sv?i-l63AE>Uvus()!bTwW2*CFOmsFilg`()58u1NVq$t#|8;epohZBfEBQU=qB+_|2%;}uX=k=DYcNT2kl9Q=B6Dkj3soXWkU8*_5H8(^sYmX@R z+ze0I0tc;D)r+$!m}EyZLa``Blj||!RKLZIl5SA-CmSfK&f`#lC3!oe3~8_95M8DL z0>tAp{cHnD7(J(VKJ=V-S-&(9eNz|Z42mv<7f?10b}c^Vy-6Ek?J{S1?Id0=A9xV8 zLp0-6!%=+f=}h;-n(kZ{8MkJ+Te9LcR?fo0!XZ*#&JKKViA(eRw|76_&oS!j|F%T~ zjJHg?e-VaQI$Lr!$5K6LBK?)zrP+jHj`#^M`I&^N#1CBFLo)N(CwNj$LD0&FAc%?i zNK~H+Oa(#cjMEP94S>gT{#5eYyg?XQut={FdEeP|k*`eY%L zdA1)QYW@CMKnkLXw&g2a8(t#*IE zla?BEJowdJ#=riV7rRu5=P0L1xr;S49+dc*O&%r(d2We^EY7DFKu!EcQ{kE=Y@bZ% z=dNyP;Hv^!2soR}L_MJostRpiOq#Hsch^c&9e-%|3a7=7IV}u-7w*=Xo0jJrGR!_*j&Sy&C285)_YHIXeN%c#8baDNAuS=NH?4F zZN^A@I6>Gbc=^&lN=D2LTKQA5|NJyK?fxFN{X_lFV(ppQ`aCe;AWM`sH_o&*=Llso zKbDjj765o?oe$&fVs-O*2kI9!e>{7B&OX^fL;sCoTgT=V~Vr6W0S0FLlA zGu@X~QbL^K)+V}dA1hva{5wzaO2C6S+rQQR54dTend6`-#&?7FyLMp%u2+PIDn9KQ zyr;Ok8L`PQ7(ed-;1^D(I&fr7OI_czL&KC6LhYSF`X0^4dF5U(T;C1vQe96r|1yNR zr)v==#NKuG+~KfFYfqzg6e%$^Pd18T~WoTJ>y7dYG?!5&c@$k zBvy1XyigxoG4unE?o#41&kkZKH`y0`)TvwV7r9I7Ym{%Ed*gxEB5gvOyX9xpPlzzT z&Sr|hw^0bE$PeF1B&mh#)b~tr7d-tzR4S`?os=E6&;AiuBx!{o7-xzkrg7>Y33iB$ zAys?^IXBHaWLa*s&szgCw%OwAarxRd07E;K`!AUnQ0h87@F0l*>h289KDYPu4)eE0 z`^ich^S@~k_H3H<``@GLGg_XX8$4WFrEFb}+Z5nY04{1=>{)1Sjg_>D7@+pa)okWP zWq9!RQ)X*0P193uQF0s`$K7Z~Fe%m=qe1g>*BQlaHzI06Cs9>ge;Cd})BnK@&9I1g zPB)R>N^E)hx)l~zp=w2B5)%_Y+%9zv4ekM+NivtL@{l)=^DuF8%MJW+#~U9T-!y zkCF56QEs{JS~%doOD7519km}V*{+$`O+K+_^+0bhFDP$*mxCEb>q@-e8LE>+ zN%=sMsw{&u0i(k#H@WA`q!e7U0BL(nLq}s(W!%P3>UZtm4%&l{;0j;LrZ$y!ukaGq=(N_I1Yw*7_g(KV!T$HfcNKD6!qyTwvn-L(NWZt@^3+;{Tl7gFZY=UqjUWlYeM z*-xpVeNpI>{?~YBs+4IA=9uMGfVTondZ;lA_qQhGs8wk+bf?JEM=B!RO*tY)=3P?^ zKCLxa>&DV#PboZjKhC~T{8f*l^Y(SUJF)D8L;iT8DupVjgL!ZHl_Gi|!vd0xxE%W%}IPu#%4lHf*dAgcK~q5zMq05s|Y;1?p8eYL&InLi^8NG4H|I z|3!%ZCrAE2&y4?7ZZLRO!?*uCyi0z|{KoF-PJXi)_UsO8&yV?*8CH(dJze-VOFN3;Oll0*u?<=x|>xtMRBPqC_AQ} zucgsa6?IX^xd|0>qDZIvv2U=Snz>>(QI?-+xsJXnTND{2t4p@We$K79hIx$bup-9p zsyN!}v!++7YFhz@RpcuSfJnta6&^NY!L4L2z1k2R?m{hD<#^Q~u6J5&ROWMiB6a}t zI$uE7O+JsKAfSSv)$708TR?6=?xcDUAod<8Dg7)qaw|RE)}lX%xieiE)qY?fQ&iTc z&Mazq)9$8=0xjI+QEqN?K4{rcL~M+$|KJx&HZ-nCA=Zyu)4*zRNhW_0;+4 z7`m4Ldc=-2 zXKw@r+e?B0eZfos{@8&0Xt;<5v~j{^MzCV{ln(rD zYlLt%@y|BE4k9xBPiZx(xVvfmlv9lx*ju#}N8NcIyz$;G-B>)dUT*F(0B>D-8^XIu zsw(l3ppSRdcQ}|i20vXE%xVM2h6)qfe~V94?uEH2sDZP(LM5rlz0o>_2VK(+On|bi z-+A%iKN#kl5RB$ovCg!AoCs#o5LMc-9`zREtG*0V?UnO5#tt|Adr?Z+hSN6aGss!d zzIP*~o~n7n9pt<4niw#HO=(SwEWx@87~NaY)Jq0+51R*C5?0iDGSwa9~A*^f+{dKRZ8 zKI1Lo%)gqje3`gx&=6kE7OF4wX~Uz|Ugh4N9U5d)Ob0Bkai#^X8TrR!KzW)}`$t_v3gsGLDyv}~a2i1#a<6noflm)-LXfIxwimd^T~HEx76OvZ`S z1pJyF6fH)3>IPbD-^_sMbT3=EKTE-!Oq0G4Pyx8L!RiFPzH$LCNNJQOpV2vvvDbBE zI82xxg0)+{uL`yBGV7#iR|guQ7zHiOt^TvxbCb9KLy_YprFrrRpl6z(s57H0UF=)x zNa}Kd^a&Bspy7i;5jd|k`H>HA0(U|vX?Slm@B84Dts1|AoR|XUBj!`&y^^>?uFiHN z_iHKA5Z2W=@VpdO5w(FEglV&>_QjnbkuJ{CrJh0bO5uxdstW9EEVUpnG35RL^XX-H zO9j!rnLQr#Mp^h|pBl8r&4W zM?PqvYm} zkoE(_)+h&0Y*viWa{Rp(1)5$vo;evdTXbgb_1?5f{$!6RgWeE9NhllC4YewguZd5`2cUPy z%|VbG08~@7-0isf$9HY(YgZzW~Uf)UfL$JA`VyCKV3-p&h88-4vp?)h^boQ#!|`90m1ewp{wes(GZXdd>4 zUp1+3KGz@59+)LZ(t^s&UTZX9d@>7%dm>g0r24SL)?Z7n3$l)QS70 zr7+-azq=COn1LW^Lftr5_5|m(D+aP6)N5H~ANDWkeTY%=u zIK3Dm+T_Q;p>6KxQiX(D_Kw?`J0lv~)mFfslLz!Zb3q$vYrY;JG4|xQax?oEW;@`o z=$jV=PXr%K-`Srx^TdrTYJFXH zbkq^RD;BWv(qeW*Ez7C4o@FI9y1P=ci|bblJP^^D5I031;IAg!No7^&{cFjtZ7?gu zvd>{31U@J5OYygFBLCOh>t9R<$@yQ>_JGY}q`qldV2gT`!G%Sw0LL!d8;*AZsNI_7 z_aX8^B7JFeA5Z13Uu8ExkqBkG8%jJqlKF6h_;98B+Z=N|wOes{#w&B6)vGf|;gvt> zk6XWrFd$ar2De_)FDgF`fI#U3X3L^C zi@B#vxCQyS03K%`WY6`;KI=p|5n-in*IEF2-z&ajKZ^QW!7A##Emd}!R}^@A6nE45 zC9_o+&v+FUt=3Y1#k^oI;6Bw#@Ia30c!o(kYJVLt4LEPks+=q&cO3QCbQvcqIeL5cn+tpo$Id5%4Vsl z)6E1-_+sN@a}jjj=Tzkw7`C~AoOyRIXu zU80%al>CZ)H~8d{GSv>Lhgp%n8r-7K$qv!a=3cfRU5)<< zsw4L=v(VYt+P|DK2Q{IboFc}#rxN7CFsQ2aI2|QtnT5!;F;L z5qz&rA%Ut=ClPHVpMSb5&L%A_yEhA;9A25UXrEUYgLuA|*MVj#*X4Ix`Tn-;Xk zw;&wXaOwAIHXPv5zG;%9J@c+n*x-Z6LzoeboqB^;4L7=)+tK1$%@+s z8x|%>X2Kg<_ltJ593d)&NvBC&H~iKdpR|YW6OywKw;2_$kiEVTFhC1f0q9F|9Hzfb=%d&B$EC(V^iAp^t0u$CEO>TDu4=L zy5YwDPuku5|MyzP%Xx!k=hQl@c4No=$++dRvM2gOvI^zQljb55kgW$N4k;|BoWj9y z2}kX|P9LjH{nV>`n=Xf=k1|DrHgrmNy?%(_V?T;}sBEe{hDutZEvK=jeidlmc;lDh zx6SU_Ti&pP69!GYdJ%>?7g2E-zpPfFP5cBcUCky4Gyzu9cHP~E-2hmZOu+Wt^X*+Y>J$be2I7$9DPc~K1t*eDou zL2(`j=_IdZXYaT8V=iJ32!olHhxhE)c%dB_TQAz z#$wLZ4cWPk?b_^0f+PFZ=H}wo&~^=LX{NLlE?b{P6P10tZL&m5+SybDJX&{bytNmV!ZZwaL}V=S8|FEqjQZv?PV z55VWeAr#FYJyZL@%{a9gYXi>(wT+8Moh9yx0n5W0TXZ?IIEO(7_JD4yFr~nqF?IQz zpMYsqk3+ULZjh5V+TXzn%z|@WLNAgxV5%&6>92onheb<+RIheKXnBT=gOTJ^w>K%; z^Y7zgd($bh*3`6ei}`;?`1G=4J}sSoRfuiX#5m+@<;=8Q4^CtXe>yG7Kqn1$b<>OM zS(lZxeMh2-A9ZJKJfI%6(b7%$Qii-6EWUd5^(d?Vfc(2UA?Q0!9+*?|(CMvFWI%|? z9y+6c=kkZ%i``DPf2{ou3Epc9fzZ-2Shiee2_wI&ppU&uTlYFeyUCM23J)G+VJWnR z&vFcC!j=_6dEd#hexFDa%#NNX3QNv$j^z z)yNtwlCW%9XtxEBpBn!SJs?<1|M?H-2=$FaPLoDj>f zGFSD{C7m)Zdiprzhi=JvUw7+at59kjp)KWAmaEJ{q9-uKv?J!;57~^RXDT-PaW_dU zXp86W^y9rX%B~`BQ?TXOjet5!Y@?#1PPCP0Q!eF*M*CsR@An?sK_pyXzf4>4jO&w$mIG+BvO*5g-GAEAYOnk` zm+4#Z7K-Vi(72%rzOj-xjv5R)HO~CANo#Jk24PD$3uIAz5t?2)pv^JuV6}G-gLVX_zb>i2*=p#)8!#MH5l^9Yv?ZCfwU{BBZDf2wy!duQ)4}d1x#YEt}r+>I1TEh+`S+#nNt^m zM|(s(YpuZ7>hkatB@i8Xho8G-AoGneujZfD+(R&puutW{Xi>JMxHF%ip4((~v*Evx|L4 zJS=Lz3bd0Kpm|Jr!ny>c?Ghhn*NZ5#(k>Q0CWLNa$L zbxaR=PR%KI1k1ti^4YJL8Fj8$eO_5dZB($Rrb{2eJX z=Ts&S!()683#a|hWM1rZ$B!{mG5f%{W&h@h-W`;a!|?2a?EH|||X^@p$$?vr}6x8zDSwR|zHjDNmzJTM{La6q-Y zP)n53DXH&y)*f#tGAM+Y%z^zMd+Yz+X*X)hDm)g@FBH2W z{Fa$Ie$X12Ec>+iVf*-hWdUR&`qXB2J0xH!93lIo;SUG`U#P2xm+8f__d9i|dez^^ zV;HDuUq=OYF}Uf?oy2n%^MB9As=IuBk+gStlK6_fGwCIno>h`8v9`}_tTE;a1_HRX?PWIu5qEfZoKYf9wQmpK%gPD2!*$AKSrO(rmN1c~> zlbKuoN}(@Z=tWpmg7zJro)Y~Vii0Na_$L@m7^2(c=no>z>fs|Go7kp`?NyVoGIs`L_bbCH^b$?}Dif((X;aWC%`v{{E zCq!AkyhPW+ZYP>q&u*1()^7H)3|8T*uKq?Zk*Z z2rlV;qy8Az+f-qXWFcFRIl7XmpTzuRdu-hPg*tiMWQmq4tZiUY04J8mT#Ih{3A#Hy zs1a$BvJ{e6Wc+9BUD%<+za9tsf&#k+=vRo@E0?YN>@(zfRDtdlQADE3yRZNsZ1Z*f zh+Dpn>p|D+54$aZZ_GG?#%W}+PSvkUTW4qe8j7l~|D7PN4Qt#PkDx6DUc0iLzI!I? zg=hCfBdz6dIW^0jIaoC^dFxlqVvtRr6^klxfN?s)8UxT0=S?}vA5U$BUTC_p!5mL> z(5VO~Qe%%=+U*TFx{;g0aBq{PhJlI~aUmnc4~TTVF2E6bQbVO~G%Id@r9UwL1D)xG zwoV@TajywJY$2KT#`){y;u5ID8&r&AvT{@r==5TH97R@>5D9*%3Tgitc0 z?>!I%UyLr}%;g&tu4V3djjP(%u?8Ol5hy3T%HjcX#_v@qe0W9df?0`7e6H;GM~7|x zr=A1bzPQt~TJ`w@0i{UT@8%rzYlUP#@*nw`+njQPS_k_kOF_zcgw+eZKf6dG@U=|e z^}jR1@bpo++PT|hBXg+*L-+BnOxuT1%};$ZJjrOa8Ug=D%O9XV#V7AFLkUXPBg22B zAXaG|fVw;Pgl|{!ioIR_&@fc3JE-mSAvfu~RtHj&*g~oJd&d|aSYGvt^lN`!5=bf| zL?+PHyu&KrCZAs*EmN*YLq*X)i1+K%GU-3*^BO-0->DC*j?QWSY-XVzAV;*usF6FY zB0TF=n0xdjU}#t;^(|wf5Ucy4?DwOtWde4QqifIVKqgt<_1&@i$p()o?PbZ3E{NrS zaa>s$j8A#ud0<3Bj+sK6R?ViK2MZUpi;G2r;hqhCw_E=4a&diW9J$|~6$tF_Dp`8Y zr!^deq>GDx=Du#;iRU|WnOLbg17{a?g6 zJz2J22)j_HLL0B)oaX%(E?`?p?WbD_e9TXEnWXL%C6WL?K3rXwZ(96E9Y&Z*(_7SaBukDgQ$Gw zp1vl=UB)jX2Ic)y8;|VG&)Z!>+ZLe{#gR#bitvTqa6pA4dFQK<(}&VZ9@K{c_Udn3Tq!wIPAO zHD(fjZVp5_-`Q*Y28+-Py_E%iy}-N_bFnG@$L1YO)^QKF^SlbSTgyT=L+qKHv zvO3|}q4?CKk0rPs$8%@nS3rk9?EA&)q>!CMA_aRjc_8arLVL^OjE#p8RApy@klvq@ zs?b!Qs%G}%Vxx(?$%;^}T6sr#j=JI(1tBzu*mmkla9v)(aeGHYpm^{c{VaJ8MZ-MR z$xkrSssJ>>(MT7+b!p7Cl27XbN<-fvFa@5Bwv9&9l_&L)FU$nGl_h}qPDdaUD!ly< z>|_KdFPJ~+y1fdW5Nw7@KYmdr`^fU0ilRR{Ya z98|fd4-V|qujzOK1|&2aIbTFS(y^F@vQG_3E&0`nBydnKFXXkn>+TpqAUo(}3L6;UU!f401@WtxuU$(}>Nw0cG_n*oMGso>P*W9H+e+8QIEXtvV-a{4sR* z)}>*2VRz!*i)jW^&o9S@J~3}!?(y?NLf0I>^`#wnDxYRIw?2?@e@I#S)Xw=nyh?BQ zx9=?QZ=Q@0;@7FZ#fTw zlUJFj35<1JT2YZRPYlnxLf?pWwRv*W^SE zL|y)zTwl`$YGT zRB7&CTKB>?XxiRYch4_yRR@Iu`?{V+2LE5`&41P%TXBJu=gsYakb%q}+95CwCi80w z+Km||)gz-*-f13(#d~*VUUoPoz=4D{znH4Ne-TtcFX)C~w z6EEbmmp0C~G<=5JB%&GxL{{Gkqu6f*ncoml9_yPx_?DxSyrN6`E-7cMek+83#(j^w z$8}uLy#Cas$TKJQXVlrQ%Z$$NE*5t`if5K3v|X0<r6V!Y73I%! z%2E~$pi8A^lEgm68kX7*gL$tSZD~UM6` z5ARblF z<(q&RH;TXL^7>rIA!u{Y_7>GXxm@|F{x=&*HX(oa?CNe?r4E)yt+ZFd-Hsa7t{(YMY318nZM?YH~{u2Ew5f{+M}#wecCVZ?T7jVnE6%x^rJo7n$T7mu3x`Yr(V#H zgCjk8ytzf|FLD;1D8tNkhFr=TDph<86L-Ck5+)U(sm(E1NT@J)$x?XoMtby`#g-rO zNN??aJ#1rdy7mXe2NNo;*xbYVM+mF=IntjMR2IRmK?^DU)gDQ7SZ%(qQx^og~fBr3yEWRFgG56a=2G_~@tax8=u;lGtq7||Q;TVf9 zD2N_w+)z7SEwaTSi`Du2!|8vmEFzWRvTVFEapl7!F#PK4L6*><+{d=gQiIN_zvpgh zcf!J<*()E9au54UV$EshqtP`AI(e?d#oM;#DM~(-qd*X#fGA=LT5isW67u+0`9??zdF|AN2{36 zfwRsc58u+e(hs~}-?qRBmmbCd;o9U6M&1Q3aC*nt^4&=G-fHTJ;#`cDTfFJgp}Kc= zS&sRO&5^mLK$JMok9%lt$ZT!t6Zy_#ZcDYS0jH|6)pH`r)wu?Mw<~Tv#ma*!OEP}P>A1+>2*19%C!sbM*2V_3z|INv0GF_P zusVXcG-p*nzDe)p3|x*alT}!L%Xc+SE+##TJsG1w=h2NUQsP1?Wv{5Tg=48ueg!4R zci0Kylr^5@W_#r;Zd2+qE7Y#*9@pr5q(O2UkbTY>ly7}d-lY5opuCrnjF<%Itc#+* zhlI%8U5*fO7j@}&n2}~rII3`rB{ci4UIcz6Y*kY_S@$-J!WF-l5Slk)J%-m^eK$Ny z?Q8nfHxlDNMuF)OAkan-3LT;nk>0(QdH5o#ULkjy^v?<#wQl5g!;zZ7utXu2PaGvh z~aI2Z(Q6;dzt!ua-Cj20w83L8vA8a7I6m@Gz*a=q8 zX-~EbpoA7qamH#+SjistsE!sdAR;cb&-^&DaLzfFrEaFO8@*SoFj&swU7T)-!S5w) z^ZiAb_vKh$Bwi87Qp7r2g#m<9Nn@(o2cgtOO2Opk5MBF^lPvmz0B|`3c%Cn&)uH$@6)Aq>9 zQV1T7%N$dY9$JnISAwM!Jd|+SR_d^`y}lAa`$C=kWwU9n`EDCoU%w1q|AaZ2Hs{@i zL{kpLrD46WttZ;9-S5tAi9fPkr_q(@35~QRgZHkqCC@>=UCLy#<1fG3)`FzD2>Uun5-3+K!7M7Y@u=*evs9Ut05d*^%D`R_`3{ z4;lGZ^r#03^b)qk{dedC7dK@q0oDr9vMD6a>i5iT8=zoreuK)jiX+u&c?xqy?Zf51 zH@l5Z3NUzj@M}LK6lMcaECDbQ>Ig|y(NV;n^3qJ#{1i@gWTM(8Ry6eSL>=LPC+KYP z(+nDP?ySy6jLP&*W8v-U8L@usG5pTGBSoFNHk+a}O-^Bfr*b^ck{%lm%62TJgcnMVgr85R`9g%Csf%@ckR<|Sq zXHFsB9Tm!@xc7w=;DA2_3{g?zgIL~UVAG(gm4TWsj>yO9a=X}mNnKw*09wHxZ#;2V z-MRa1Kz=ZxPt_Ybkv6-Z_gV0$!FrN;k+~gEpZ@mG%1Nav-0PXJKS);yDU{Ee-Ty?^ zs_1{Z;d5WuYkXr+A1nut`x$D$X)H+$-81s!4)~W&q{LwumoJRHoze1}e!9ti<4S1b z!E#GG+O=2>u|0|YXftNxNAoDITam_9MeUNs=1W4cvsQFYbFQN2K%@~l?+azzBqV!1n zE0N2rtJYGUxbbG7bs{aTal>XNwt+C)o3#5%x4nm5oA#ot!no8YtYK7T-$p`YWp<{;E?fF>uQjCaA@Fr=Y=TW&Tga8D|6B{hodBH)pN~_qDIr--D$+Yro<+ zjCkH2(xh82{xzRup+z2vigs_hnc;V#d`$1j(1|@L2Yz|Rto=QXJT(iO&?8ZX{=goJ zywnH`SjT76b6RcVj62NN)D31o?ZtS9nrBS*?mC1`vR>|0q$Q44(n$AVyhDV{7)7Jr zX><)Cu(q*vrl2jSd?5L<&6nQusS=r+y=Pi;PwbbZ`N7H{$7<~O(NK!M{|h52ZzR~T zA*ufVt_ES${6~R+QZSx!Id5*F^13!t5XE&xeeW)w6?iEyb&|!i?XmawDi|eJRceQV z3nfRs)2hC0{#c-cak|tc4W(DYYwq`C+=n-O#CagFES=9!AN5ZQ^l17#_8=v_>{*|W zz8GLEt#w#^Q6F|)j^#bb>U{+zj~5$NbkqHcf+<_d`F*phOMm0 zK9cYmd?49a5WWsu4#cDEJ@rMZxe>c@>@ym0z#B7o8RI*^LF1G`D%kEkB&omJ=kbg0 zD5wzocnqGt8`qGVuAAhmq3lH{WfXH?tKagS^0D%$Fa#EQ#&Y{cH`hcIB|oVzS&?ma zZVj$drA^_fc~b|D5*yW>M875ia>nohF=BjmwvvcU^RVm+bsQ`oS_5{Hrrm2=UfM!d zJ_9wudJ@4Kb8j26V^zOfDab;in#e+WOw>}L*Y4N=f_Z~b(zu&`K97!U6Ho+&oD-iL zaS$wBc~i-1x3{eD^8=mXjx9Y#*vf_aBT*YSN6oWQ_3PIRhW6(_4j6{aedu2p{1wM@ z5G{|DH)a*O!}=|L|3njQ^w7r2t?b?ajurZ0H)#E5eiEFXCDSf$QxeO)YRUZES2tw< z>mN8&4FNJ^YWu6WN_Nic)5 zM13?T@8y}+3z118d>loS^0y7kym!4?)VuVMOm= zKcs<```pM1)xZL&Kj20DRrNjrFZ#JVOLQoi z6Sg`!^E?}*q%PQBn|_h5Wwp=z?H6v^cngdEZ8y~3KB*jpox`UieQScq;dTq_Od`tL zA5S*9)r=)@$UuxGqSvFrD5N|M+{_Kok|T|O2oAv`^)vq}d8UbI@6D2uD1=_oo6nY4 zBhh>MQNo^=I%6{O;#Hb)j>7yrJqG%J{rpJ@rgVx z=K5jl{2OoxiA!1eGB4X&pPH8^j3=~|LH?(D^Z$(T`LEypl2&$uX61V&S7v1N9?u3j zU5eTfpvdK!eOs?9jlFIcF(2eEuuP(@n>CQ68dv2k+*n_`(PRD2U0^Z(=yUiB5a)N2 zmqnKoV>xfPIHUH~uTFLmcUEV~7JEmhTat;zTn~S3F6&0(LG8?3ZI8{FVe$vU74`u?iKnjBD@Bn20~ittiv2AMWSXs}lV^H? z(9U_Fo+Y+WzYJKI+y&%y%^%QF1r$t-Hp0YLG|zj=2<*Ty)e z0YQrJu!@wL+YYA2=adDGIG&!2F@a6+)?SW*?>Q`Wb?YX*7yGhRR}R$91nO2Uy+dth z4{CS)KHr{ss=gNEfztiHO$njlTJge>Sf8n`Ydw`1)hc(DUCPr52Y81q&IRLW2Ms!ePhLdO)XNM z;yTFL(wAeMwf;U`r^T`k-G5$Tu(fT?S_+e}-4hFVox8|a_m+Pe1(Sy)&mD*jxMmEy zCvX7#Nq}A*+|cX8Qo{=poI=63AfvK^@jj7mRDgi?=RF8-N-tfauc59h*p06{1jYyi zwqjCtrfODZn?lJZq@{PIwzAC?e#-{Lez)B--|Cg2*-m3MDnEW{lQXn>n3fTn&mGU{ zdAtqx1?t&o=uV|S7gwZPr@`I@B;n0jIUIq+nq1K22IpM)tCQdm_Hdib-2h8K2=RSc zQM5Yd|0C=zr54EV(VgPo7($Xx_Ba&j&erZOqzXozV z9><38qN!>QidnE5L_g83_P#NY?6p{sQ0z#?3CoDiNqG{18w;XwBe$hM2V#BMc{{IQ zUCDIXq^QV*5pqw)gf^h|0r?0kbI2Z`IS<>s>^mT4$GC6X-36bsU{(yk{cAT*XfNZ; zuAmKLdw5lUvZJuVK)=mGwE~k;^qEw$g&)2Q6uQNXkKR#xr987cjU{JW>)%VHfBM(qAiWcZ(Ge@^sg+rfK-EdqEkdy!O;yF;{E zrAiZ^9}v@9hM|N9-^;w6uU6IX&L-*e)M=wR9IeOax_vMYbyw>9D9#e=8Y1*OGh72u zsl<*W6a4kAOGxQvSx>f?(+1ssqT7{EGxo%rGvy)g+ znQO#1^qQwB5@gCAM-H$XgMkH(bcX9bN#o~j4^d+%A1v;2Qpx*}NQSm*SC@hq0Ym6b zCmziG=StC>km3zMra}+TpfYe+%%NIG+$crsI9iL3DK^0jUynmj5!s(tn(g@BOFCPD zfuqdV(}uOv1#3QhbX<3KNcK{(Z7^y)iQC1oMW4q}QvC3p`Ijgkpn1)QTk? z$-)A*(4(|r^(3je)8D*r}r2Encz*Tvy?a3<3=(y)3A zKlv_0MN*Ojbc9YipV5S-XhkYVn!m#ya&;cyNMd4y`eH$C-4*o*p9_k)gSr7I&DBPWzunzW=8+ zY!o{R>rN>>GFgVIi-7&4`L%!I!dH^DFA+CJnyX!H889C%|KkqxN+Nq%YpM?Z$oNL) zX!b}DK?QT!4mr)~yuUj@IveZFW;EXjPPFao-Qj_sZYv!!7<$@aCuZ_wKmpSqXp9HI`qRDSk3;9$>%dZjpl|K^>4$hXWi97M!BX#UXpf%8% zi_Q|06#b{|@fPK;SQjkS+VZV2@y1cd+@SgHzQ-&dX%#t{ftfCbzDAqBB8pmM$757uB zm_f%qEJ~UO1^W=(ET^`3S*BE6-n_mW{AVJ0_;u?taIfbRDc(^F1tK|yEjh#ETPXeAdfF@gLH0?uw5)%9HJE8YlC90AMYAHN5^@sbY&lHn zIv6nKIOp$?H;+p458HA*RGMXQeFD_n4NYxgd->(A;uQm8`-$`%#>&ag@+>yEL)wo; z-r$ZWyLqPJYeijIhN{5P-W*#cWEM4oTlWpCknc$y<`PU`ibhke6?!hX!kvmEJulWt zv4-HpW)3Y=XnVX%W6?IuK-5I5=Oe%c!W;>Uz3x?olTMuM8%nw!!cr{-Ne7?K3cy+_ zIdSjJD=T*i01$uVXyrR!?t8n7peRNbtQ57Iy5!iQZ7d3$*;=H0_TP)JGqO>!x+vq{ z_Z_XT>rH6-eGR}*9TGnp^wd{6Km4k8dwQrVp!n~`&{xBtY%k|{0q14w5$5eQCv%up z41yP*82t2ZIcN-DbD@hR2zL83tL>=XN}k%F&E{zb<3KsY$f*wc{|*xWzyFy`V#`gQ zsZP}5qNDNfzhwdN;EBO5stI`LWr*U?s(q~89@yB(^B#d={`roi`@W^x@EOan;KltP?8BJmw~Y3@Gz z3+8CrlK(@6SJ?I6ntx+>JnAtO6mHCEZA5#$|Jyv*d`2@Z7|a~f4fRj_nwb}5JKR(! zZAjh4y2&^9oO!(j>m%bMW?be`D&jj_|4mm%CV+i3K-?8S0T`_(Logn)-V2zK_WfO)!v2s+L3LVgfup3RxT4fxnty3`5@>(aKJpZQ&LEk_Bc-y<^#1-R zV<)n?pgf--&kGTm?aY1yqF zj5WW8djt2g`}Q8EXY#}Gx>KUA9yi@%fcw+ksa8b+TL-OYo<4VHtx0v0JMM!4mD=C? z9{sY%F<0~FIz5HZMx=z76OZBpp2wY|*s;G@1UXU1+J`RxiF!-P@o(Ts1Hg$AkSC&$ zRul0O{kWs-3D2|6+Dk*^cL1?%RO!wSg``SA-XO7SV#Rl);18`OhKgsg4Gt+MG`HT^ z7s-N5K$`;tB3EAx#ro4%xeNyP#jXMJwCMBwd8cKb$%JnZ+=wtV{j-0H1BW)0M~jCw;$H z;4Ix_3c+XZdL(}((D?M6c~Xunc$KD0{bjgiS9}^~NQ?eWnW6?5K<3`O@hyL7F3Q=C z@*KnU16IuAlkbI$$hc|auhbf-Ha~2qs5!7m$;g+GxCWemp8~8r#Eu>YO+^wJ8T5#k zUBX#=va2u}2*>gNDHP;?4hi|swU7tZXOh**>WS9Gfpw`=iy!U4l(O%3a9J6e>r0GI z>)QcX1mj=XXN0f;9Iej#+f@VC!l{Qk?jBY!g<>i;!xR6(YHWRLkY9a}O_mgM*4J)M zPTbvWotW-Rs8!B=eD>`d^BkgVZ=*II>@Mslz#)0PlmG?fv1d~^js-+|O{bpxR9J7; zUV&WS`)ylVE3P)6%!oqK`WV1sR=J1$A?vaK6S}W+e3xhrb5+EnQDxVm`qwzGG8wk# z8nKv;!!#%G*;)kK7Rg(#O0mrn>n;Jx{%Yu*l{|*den#^tN2;E`z|zfjf81mOdTFjT zi{Q_AUe3Eiqq|;)ZcFTICEq(1@YxhV)>U&PSZ02Vu~dD(MjoBtv;XSV&}ed3tXaUG z$L6si2Dn=J>$+&^rw-!QNIqW`_F+n@mZv82zx*&CWc&#B&4aV8`?hkRS;(J4yD-Zx zoSopX@Onn;5>PY5s7;4*3?o5w+Ic$9u3 zey>`Ed9c6M{4wD!pw{h4*vn-w9OUirXU)dV&4yk2v8u~<+ zkK~UZ7_hWwUeS1XV@G~p-?{2ZygV78Z8Ph06@A%1*BnK*rM#j*Y(o!h2^3RMzH>;c zDIMYLc+)D*d@YRO1OUEz;QV`hl)_Voxg0Dn25R~d)j@0=BjN&PpUZ@yTaRr}3$%K# zLk&ot<9~)fWs+s}UU_;tX)pOMTjBF|r6G>`NY*!$*`3Mf13VX}V@q(Iff77s!05To zemA;V4id1|RnO)bHgwhpZjQZt8R*qgmbc2(;y;{F_AmgGX9+Gh7?HMV1G^Becn#MCgrr!26Bi zZ8E>hg`heK{3u>amyIA|iRCD%dlu4caVM_R3WQ_^;YTF!?n%YARU&+j)Af;Nu7z#x7geHG|a6u+WvHKV+fsxb)o*GZh z#>U4X_|-0n?*}n&#F|G39J*YZ=IZ1;Bo(vJioVCoxFXTU8}+?tJn)za=C6D0&%JJB z4&Z2zYzw#$R0 zL*_?wn3U%$e>Ohz^Xs6O_pfHZ_;2;1t6Us^XQ=EnocKW{3FVw@M2TTH7 zzN8q!`Tek7EPa` zl?cqpixf##sbaA{VR~!z&D)kpUH%F3^khs;a z`1xR|3LObW)Z&>DYhy_k!=GBV=>0DFtOq`ir*%1YI7^3f%Rhl zR^j>>XSwY67rL82o*aPzo$x&`z{^-LEyr)M4!zJHP@VfU(> zMfJ<)fUryLCs=lVaOiR7;F>oM5gVwj#8h)c-bV{!Q!0fR619&K{ZZ?h=pMBv2yK`h$X?Gx*2Q{{XaB6I6Q_6hSuxU)$HV|1cjo9it+CsIE0dk4m`ap=b|Z{@G6RS%Q(__b`1isVC}5%j&` z<;b0zn%h>2*HU?0RU%?51`12Kni`^r+1?`AR0uiE5M=u;6?~ee`gH{gm)qiV@@P?m zxgLn-R1jrMg-TAM;RT2M6D@m6&lppszO49Ckz$p(4Hy+g&9lQzCwf-$%U&xv2qs36 zRIB!CkyH4&!Ti8V3$Y!%diT`UCUjJCnIN#loB8|4>}|09)I#i@fHtp)8Y~UR5mAXD zCZ+3MkY7|j_`T1_AnYpDD;Seh-pcR&^_{}I5)zXc(cnlbX~Qtbn?Gwft|89@Ra3R<9LQdl>T62HliHhQCeS=O1zLtza)Ea`VZ!vyx z>k7MT>xR{a{T`yI{0lS+{7m>9_ZjwoS>91&$4Al#ujelrJ@78j z9faULix9|uxGWe9xcYW>Ovy+cu0w4BGyJ#h{-dx#l&uKQcLw$X)3XSi1$+`Qe}@`z z$?!v9z76sJl>3Qhzzg18=@vTS8NxT^caQBU7a#!8Kh z8cTL5CeBrJDcH^Xfag!u!zk8Fi(z6azyL%D1`lKVW%;>_RYR7PO5}xadE@$z^M(gb z+>(ct3_lVocT(bpF_gn{toqbz=QFS1v&%*?wwL9SIyct|2=!LZIg2x3lY~`IA+YZP zuk(UZ$?cdO%SgX>kE6v-;Vo@LMPq-p(IUii6e zkgGyFa_wfbTT7I_z&kSf2DD^+_Sc8Sv5*C>Z3}*;6~yHNNPQ6s3wn_+q5jnF%d7(% zPkD1AP1xa!Lm(pYyX=b+WaKY@-tlG8y*Qpe>Wzpe%D>c4=H&wJRQV=M8H2;m3w=S@ zyeR@UKJH|xZ7r9T8yo%fx_l$?qsRL(w2;W?+d}n zF?x4vbN_^$_o0iDf1;khX2afzgNoBx`=$0_2L|_+Msa!uF*EWJ_fSO+29D*Ln6viX zwmS;dpWRGfw_k)uQB(-|$)*PrCm(B7;#oLkm`09Tp#<3n%y$BJD6TuF6Lp9TvaSyY zeODXzrF`n&1*J#;OUEk=_GU3@G!_W=4Sc$H;wYPo`Bl;MDGvQdw?p=b0AB)-^RRsu zx7K~FygOoqRo(I;;Q787bzv`}pn51VIPZ_)HkWHIIBGYyrp0zCv~w_1ZPHeL+(xC* z#es|htUQ-*9FGXzhOUQ0Z7)>ep6^0V=H8H<%fOcr_4&j?Q zu=W>ovq*o|lAH1Mt+57l?p_7`bSZ-%^PQDnT~_(pMjqeBrp~{;cJMp*Oo)cbpYRm4{^#_r+ykz*j8yJ+UF?E zVmqn=3B6-!3vpn%LIkhSU9PN9Pldo1{5>omsP0U}HRf?Wv|0GV)i<4g2;Umo{XX=v zpHzwQU+KPd>c#lV=$;|qe@+{*#!iMf{>!=Ze;-3LkFh0#I5x1bBGjmS?^5)?wg)!` zLcyyvGga#9bDY_Ss5N_YTJUpQD%eFtLlEuuZO;OE1L`1%v(oeyae?DEwe%B{4})G1 z{KQY$j}4$JrD63Z(z?D?Ryvo@r;d54x199$(bwFGPGx--z3}Ds_J*n$HO^hK@9CEg z(QjwDggvRghF7~X{b1Bf|J{3;$}q}(o%gmr=na)L@}JkRA=_haMaav?IZ+N1eso-B zpjMIEQ0gY(m(LA_Y{>U1G(X+TI%&n|9Uw4YrF41zVQX#BW{6ZZ8QFV$?ln;@gV@a< zJ($i6q5Dw8qtj7+y6lR<|=sPv))+ZVsbKrPtVJ^V~5w^)6nm-xJl#L38Q05 zDxHNj!doB@Un;1eX%*@d7ll)Qac6O2N_3Wl^C4*}O@=F$!GaHNv4U$N5 zF!|@1Jvf{1NcCe#>QaU73SR3eNkixUCDdnt?lJeR4mnF=n|}(^UYQ5aV3X~ycMgjrF|UABG#vyc>9Ml<+pR z;b^+%0y)%7jPFbw0!JA8)TWa-`81;~;9nT+>{BkiJ>0pUqo-WH%u_cBI=+>-nWst3 zWgN~B_HiiunO_TQKM_M~Uy;iaXX#iy6w%2(++w zIYIPmyOTTF-t!$nQq>B=v*uT=OQPPC>NU1+kvL70$^eeASe)6f;$3n>OZXrR@duOE+V{cYiVnUBL8@7d;ObWic?o69ka)VP-afINTGGXE#7u36&0*FFDF8PrxB)5gY{MsWH%I)JIh4-gYYP@&zVviv>x z*68u&hPJ}bLGpdR*DPka=I2=LHo%(ii2T_-yZ<7Wv>6;ruOgSV=VWC_!LF-NMMd%9%&W4)w50he^`VV|R>L+{G7v@RiYvL;lSm+R@{(=$ zIq0)fqn(w6#m%Wx%bN4i2nMOEq|F+`ky#Tnd2p0lSCw6m?U%EYh02TOH|CLEELTGw zq_&LN{x;REe=QIH-8=5h;n>}e@^9hhynQ_nL(Hc=A9&wN2?#RIjB!1)%r!l=1g9$x9=2g8=5sI?<@(!gLl2oFm|>AjZIb7hq<1eh)?&dR+-+s> zW&BFE`=^c)L49@Fqx!X94qTWZDSV9rru^*oQm^jqRH;6M@qP4pMrcEgSWL~7ICx+| z|HTRic|#~5NCSiwUvH65V%-4OOeB}EyD()RyQgK1vw1)f~-<}kH%|cL!$nkRdQZF2kD=d_>KOXX_<@x!3gr{B2 z)Q*WUm-`*0hbBNhT#8gecDwnk5f8bdi8%Xp*_FC5~Y&{9AK(J7Zc=pl1-EeE!? z7d+hSq2yRF&z(`ywKzp+gvx%QMVVfUbnnN_cL?oqR0+cS>-?CUPZ25$wSY~AYx4VP zTc6mXgVlsQ(#+&9e7D)QYelZ7NnW(|#!&Tko8GSY-%gXmoflvw-DTy2_}F1Bg0m?~ ze7R)yPcHLrehwj1-hZ+HSb33k+<(Mqc`l+_VxC=@)o)y%3=4}~Y_?xq{JvO@+EtqS zrLIs++VRpfqOAJf5AwGzzg${)6rWv z$1FA^F3Is~yOz5oNm;@-Cak4Xd?3ToB(n5_;bAHKejCeZ)gJxUig5IH8%s8h^p(Bl ze{Z4Myp(@|0WlJvQGRYHiX*j3yrQa~6Rn>oJdJswSe0yFiq0^WH&i@HCIuTgV>-C zRzCTi=DPOgWjA?+^k72bf%!6MZB*6^RhcVY<0}Jaa2c_|hlOmBSId5Hdh`q#6w3Jj>n}l?vAa`ujcQ+du*j$&VLhZ$s!d{TNs4JdfF9p z_1j)#w5aP1>}Lz+>rfS4A*RJ{4DR{viRWWQco=cu?+Jd&5fSX4mgsq-W_{3!CJ2ku zSA)+M?)F25Z_?EGhT@2(dS6`@x|Y_?3?i=LmwM>RCXTMo;BE(H)lP^FG|JC&zlhWG zME@aE6&*^NUWAF}y=XFJ^!2LW`ncd`oAK?Fgf1*Jdq6hG!JL;+mk|X!S6N+U7>Ksf zkbL948|kp~z8bBzE;bMmw0A~a{noY@_YPRYJa@~hn(-?d!zRe zmV8U{@Z)oqts(wSCEqW_RhP!CguF}qJ86PhT!5J!{on~LseD5L+k^-}hmDss)o*Ue zz48VkJ0ig?c_52>jtZB7?M75nD~C(>(fy9OPnnjwOdc=X=i+DG)eor=3hINBRzE~D z4jEU_C6!d`U8WTAV#6kRC`p|iuE8VE&6zi6R-UH!r@sTYHLOzy7emdTy0eS~N1)3@ zXCHrCi^xWP@SJQX@Qh#&@Gr!Vv2qyN_?=d$C)I=B;Mh4Zl)5ryE^8a@mm&&08xU*h zq53FBo)O!+GCT$-E^YQ`Uyn3HC1!NWTXcnuAHQqYvxx@vk7zccTL^f8hS()+&=$e-J^5>p&+JRyl`#;%%O$O-Pc!iow4Oqh z)#gld-<`i71A%q~TW;2WFGQyS-y1wjXHXS?x6?7l2C}O5_(H&N>*}V(FsO!5Q8|6X zFe0XKkAcbZV-PGskXDvn=CH-}+Z)PzrQP|Im&>*1JWG!COY;z~`pm}rRs_`gPJG3o z()4MN1c6EI)3& zanz7(kMKSkqoHIw+Al6Q37ahzJ^t;cexRDCQwB3}7;JKBe!Y`MT9R<9ZAiakri{B# z)&I(`mzHSIh&7OlV6O?&|0fbMID|0#Nc*PSl1-nz+N8RW{y&X{{6J;xh{byCb^uAUP+2MZ;6QA~j1+1HzOoQgn&mVaoZFw)( z^*Ao{>NVs#v&$U#?8|;lR|`Yfo~Q0GgKu))N$K1!EBPaR;mw|$Y)EW@x6d0CbUoG7 z2jsnrPdx6SDq#(&%72X@TZvcGZB5#{vN~~z%_2U1Z75fCAqEEZr!U~)JvWZybEtaR zK{eM3Z-mW6!e^|GTEsvGh?*i@qKB?t&+D9+z!Z=Bxt7V4p-V+3-Q%vGv9-z?CsKRO z@R<8y=f>9~3au!6sLD@;;4nA7;PbNP?X;gCZai_V%il2lY^U9k@xAF>Drh+kJ|@6e zBt4H$pev=Y`7cYsJ6STZm)8k~9k-!;Uee1}zeka0clWbOTOQjOEO`D*(6aN<_G*L}Hj$BV)}-b%Yb zlQ@)1WKUlFSr521{SZsL+WO9QxZvH%$qeayJVVc?6C0xJx zZYZL432{v}RDRHtfEqs)DSxDtS;ouc_p}%ZYmTACK8!RTz5SwmNn>umm}wa!lpll1 zbzt_~tKJcptDsZiGdGO>pg1xP2`WC1igUZ_3vJ4!JJ#3e*e8rs|Ar%xt*S!P%W_0y&>>j=9K2sd>D|1t z@g>Au)MLgr?#?p%&Z>S3wLD`?S6;$i#TD%(jT#bd(mHNw;#+dU1Th^|9F%nrUbXN& zpoO}&!+Yr`h_?JbQ^7N3qMjjL`%)OzQ*RC)YaMQr-(DGQ*Ig)a`8lpYn$oNEp|8|O zZHjE|q z!RmL`$NWqu<%UXB`<6_@#%Z?!=vfBJr?j_Gv2OnQ@m3W9ijGXR`!Uy6|OVTF;`Kaxo+` zU?SpA<_c;B&CggZ6AZ|bK3Wn!A)J=;oXcMj+(~l2#uyUBjhQHKI}M$ei=o4dJ9s>&4)H!>@GWKs1Om9`mU{AuFzxUP53(1m-rJj$&%+x;W0 zvzIBbgq$R<+3Yu)uf&mviMoYJr(2gN*}DhJhUG7)qbBG374%c=okC^uBfkW1Dvjk6 zCKvU3s~+mC9>jv_gA3?DK2^FdY=qekm@HcXy`9MRa1COX=V1Js?`Vf6q7{^MuE8Ml z8{1EjGRM0~(PY4&3Q`ePj16r>V?p8kEQXrprejd>Bx#`GG_0rnH^Y2%$=cg6b)|s) zi2>g7MLDWB&ix@F!|$2oUS>T?4X57}(}(pbD}nw-$B>;qQsHWUp>M(1R-w1-BT}a> zghP5l66#d0>y7C8yTmOlJ*%OiyXsv^VrT230`vXOO}Rx+*z?fy@D~8 zzn%WIuLLLgb4*GD)S8%kU5Tpyi!S4*|=5s`!}i!rXwMA`ddOCE-wQabA_+n z4~asg`2qj|2+mN3Y0^Ph%{Wi7Tc|CGQ}f;*r_9}#SA^(Yj3(x&V!>%CdPMj&S*ta>G?{`xudP$zvD4C7rzmVpEj(V^Ra&oos` z1Trdm$ZfHp4O>aPDmlK{LNMOCsBy$9z%z*Ba{MK2iBf-Tt3qwt+l4C{HVNP z|8MZGbkU%N9R>6)**oM|Y+#4##VO^y>jconREy9oCn1<)nQcpO{NxJRoQ;Mpcodhu zBHX&&IIH~t<3cr+N(llXPv+A|$k+aT8kpzH>wFHPpdt-N#KpdWrPvZRRJb57ml3V4 zz(qoduE|dzsj~2$>d|5QQ2$SyNBTUt`$)T$5|HBxg$T0K=SWw{aE0;QJm2>L6BYAb ziK#Q4fED|Z4PmLA!bPf50;p_8gO(up##`uqYUI_g#GY$(Xyob(ezxOe<$uo97RH5k zn}RHmBcMqAxr63|++%E?gBm98dd;w7&tNXr1IH>2#B^*hbx=(ft4R^N8x%boy2oX= zJNUez-lOlCc~vq|Kg_d3Bt9l@@$H23S_Va}p<@de(H`ShBa5=?L(M5WT{!%qYr0%f z;8GEFmT{b@mm5EER5<-!RcSU~b20*K+X;oi-$+i9{s%sz4+RI8?F|HqUeG)8zS z&wmsZHs%@iVY5FpMaiGVfl^*5flWaA9 zJT9BFs&rLiW&K-AWDqR*G6^DCS7luB7xF>e*&6bfvESN^qYWBTJR+Lk_;BWf+{*~e z^k_esvqf&Fqh%3yl}}FttNZA+*kfuANi|xH9DIi(3C>!KSny?^@lp4Al`<|^G!b60 z#~;V1$|Q}XRIN2vpM76mp%3so+FdfA^KC1eeITCKf8~U3rolc9u%0rIhG>b`F&lu9 z&x+YaZO8RCxs9(=Gl`1$YF{rjz!D3HIJ=$c)& z`tCA2iUms1ch2eoF&$;Ptw}FE{23)K{&DteJ4%lcLH#xXE2yf@uIW7ATw*{6-|%nx zGZT{B>yrP&&LjDcYgkCK{?mVXO!a!pEcA)zdBkF%%xH4m&n~KoF|nC0!(>m6n0J$V zA|R8xxo^Er*Io_`6k4O6wv`W;EB9sT3d9#oV z7*Z(wP0kPSk#urW@~JMU?W4-7Roug2#!{cvLF3N4KN?Now3Th zK1QG%bdF6Mv!^`7b?^YJTZyE;(yKBsJIXMGS@c~HD76^_;dYFj)p?E!-MMt_N(Wxv ztj3Ha$A%%l2Ph;l zyu$nW2FGIQX}!1^mrlB@T2?=KG7Ui!W>I1+0c|R@ce%79CFpi*TV>FeNjFho zT(?w*f|}lc@pL6r9m66lzmicNxnFreQNx(M-aCX3XH(Moxe|7ZDN&ZEza^e1VD$cY z^yO;kvAvaRkoVu^1f>P2U^sx`cLB_AuOf;Vmtrv5YyVt!Cv~uHwkC=?h+62qzNEEx zzd#xQ@Dy4a=uK&gS8#^EpPY0k_|qtB3#B7sLOdV-Whre0uk{ zvuiAC`p170Hk6ZLo11Z@<~chX-D$k0<4CPJSxU`_*OKq{Pc8~R+3ElNP-Af8;cnlj z?qb(B*Q@k#IHMa91bAO5k9ys4AbmfP+Ooj0xIam>6fwCWhSH|Gj*CqWp4~6CtptAh z!Xw52+5fwyOIo2`>-Q0PFU^Rca{5%^y(b8YoHGw&>8|ufH0?<@ zt8z#=t+Vox$IEk8(33yp;lI!-vyNhVN?84&UGIB-o;}bfx*?@q)hT}uCw7(DUVM4n zaXQT1YWCB+U+L_Ln4kIvBINT7{6J|)Hck9afb9+f`U3o%&aqe{&fF8GJvK5{nibbg zCy7{#mPacSQgx(*t7@lt^7Op%GW*$-`Jpp+cOkT7FiTVx%4s zoToPv1v)+H`*(pW}zrfy9ji^wiq+sJ6$9QJs zl_Cn`ZCO~Tz(ILx%tbhrc@E1z!>azGvpSV&O*+;rZorb_k~ zd@Z}bBOaZ3n5ui=W;_rMM+hm8#{KZT70P-DZ1BDeUi3MU!?T?^_MvEOFHWEIgg;zl zxA?j*r+VI;QZlwAamrD824>*hCkA}J0V3@kD$=N0Si`NBnbS}vf{4$Ce-kQ6dFCJAB zs0fyuh>MG?@E=B!&B7E1=ri4L=ZXao2|7o;GCrIGwcnIvijTc|S{#sOYF&STn_?^} z$>$89;NZe(6Dwi5^;Dz5+SKnyALRssYtaAY-uW+@o>g7dwom%;|7}k=8{t-^Xs%OB zDKe7*TjQ@Y$Lzi>5NoJr@X8pVt4#t_G)oxolEvE91^`g zP%vhN$?kX@Q#ij}PQS2fzmE;FHDT^*3jv*nA^Ez>f#fCjO2@MCbpn~ep6iE;3rb|n zT`4aiR)PWb;Yl&b%0pNlYI$u3}@h0oe}>f~*xWIE?^?te@t zJ@xuVv;EMhC7!b%DtW`n7Xnik+rTiw=K;7mv`yO?wpA8{`cH~ne`K1=>V!=V|3rrc zlJUUvseihUTpr1QPV~q%9%3S=ylK_gE*^tkW|M#$-;Dcmfg%JW5G(GW8TfE&ckXYW zeLws83iF;ed>pG?*j}ji+_`faa0OPHP4?hSMg_|xVkpBUZT1&~>vwUB%;=vf=DBvr zuFx7w-K+)@guMd8651aFrSLZPm%_r_orK2KnWD_u(~Rsn10IEU^WKbRC`Yhezme*y zmEI*&(nz1mm%RnE|J{joU{?Id3a_DCBhg_K)Up8shx)|fe;HXCrgCJlab^gsf4l_? zjiA$2hIYQc7esGZ=VzWQeM$H7U!nUg24}S{3twV=D3;qRC*{hk8$&(W>wQBD^?2c+ zSkZ5`fRTXg3CN@GT$t*xr=ZMhmHmI)V?FO3&!+1@%6^UgKKGIFTE_zY+llt;_r}WB zGtyg*=i`KTvP43BA-T?&Qe^-A~f(FA1GZ>N>>#GJ8iX=P`wSv8p%^j<$KN zZs%?1ryF_)^XDxx8niq4U!*DjV-KC~gGOcjIf2(#p@`SII|Oe3v9(sWSVtX>wk&5{ z#BrBX2!n?9P1UnSf(G3twDimrSq$!4j?;<_iWeh zVnFOWeHKV#gGB{F6Hhgp9B65fp}Wbx@!4V;H}NiYh}jygkC_s;bM|Qu9a}=VDD;H< z-B%~sfN)W>8A7|;gP^V@VOyLFGWVptB?E`-=?>q4Mgf(-Ut0%5RPNsOHA4SrZjzmU z?(zEaHr`M7M8rBPEf)5g?Wh0~f7rrz$I3Gb=<_ESKOvy(@#I>=8j3Ion`XfX<|^AIEvW41@@rp(lbKp zM@FWalE_`BtDu!7(9xk|x+~O~@S9)9J2m%(E!owGpyue2w^?;eNup8k=$#`IB8ez~ zv<$Ly18E3KhCdps(IH%`55>J#Lz)sjgSw7?V{9bk*yJAH>&d`5V2n}Df*OX<@01d< zu2k+P%nW+5)_TpiDC}^ehGew$KkaS4z&M?RG+QZ#`mF1I`Q=gg@Io}Qc+O8>1R=+R-~5qTZbCpGHM0MaIcEt_}{N}aj{K>tZwAS;06H;iTzNkFeUG; zj8jN1FVg^c(N%RvP?Kg&ri$D8`)o`Y;B5~h7IGxSq3l<3PbL|w_8tesSmGP$O7PdNq%u6z$SEG1iBClDm@{rdr_Zw&>+GKiUeGr8+p$t)ypWS z@4#vtwtoz%$({vQe@Dm3eCLG9m(T!+=t|L?b_P#J}nU!t{9 z^5TFG7Pg;yGT!zB!>lsihrts>70^a_DCYJ*D#*4JP@4(g8?dcCPx@Nz39 zarwO%MiWwQi_4Mja8B8x&m`D%`O_%^;k0yrof5yk_WZ4S`CJpz{bt+x?H8=(A)c1r zVX=PC*&G7u&wPI$6R)T%;`097<_EpficV%dPxcjJTkKV`7@^ggY7JVvdqdb#q&zLv zin%IuN2(zLTiFbPEliLdnWaUIdN?M6hUuK=~xIY8$PP;GH^zJlt zsrzgiWk2vZgm#VlvgWj+gH|gM?>4tuTaesE^F?ZqEi1uJwTh&%2ylz_8J3l?xfURK>3 z2%qJPZ6T^e!6UKWqjApWv*c6;tU+I(v9Y7hk6yIsA-zmHiq9RkQ@!6`?pAnx7GNZY zEh*EW`Bf-~9^$`AOPI$-6`hWV(>;-U+nmf9bQ1?EFF!7R{`HKc9XiWZ5Eu66>UMZ9-fx z>0WR|mfV@tTV=$(I|pUP)yT#hV-S*gWyt2p245rwHMT=VuIl*Y*ns9UW$AWdQQ+cz(6hAd~lGzPQd?*uJ?{-`|tn# zTcuW2RBNxG)tW_15wtN|T1wTXcGcb@LTzf--nHA>dnKsad+*qL1wlxVlg~N7bNhX- z>s;6E{a5}?Uhh|)KuCS7i5Q$kG#4sUr5UOyX-Pw3C?;_%?nZb6PlU0~bP~XM#c=)=V$%>SyiGhj~ecGd`|;o6RHzE%WXwgTv76!2!v>e)4s3nfWD)YJAzFM zWfmtgD45v!_0o{-1f~e3YvfIrZF~S)!OeOH#;=&HLz&*U%h_bOP3{tQ#!aGGAbq+? zfi_Hy=GI&@3JPo3%Astm8U!H%|M0gPwUPQt2d?vgyIEYjfk-76cbf!-6}Q4tsK%6> z?u#-Jc$PejlM+LB0##r`BLjd`Yy&IODbn1nEI>dh)zJ)J_~zbZ$V#@G2Vot^sahBW z@#pXsv3N_bu@VgM3b5$&^kD^5j*Bt*Rx-R_d;t$|P?L&*GY1kQ#WVlPb~EN`B~mb6 zZC+O?BK4oLg&iM1=0fKUtlt@38cZu*NaLO6+>P9bMO3 z>{94{X$#J3Ky{|JgX~!VU?t_Jy?F`B+WpNJ2pO-1=f|-o%dVZ%s8B`aUvUVoAD%2; z?jKvUK`ScKp+dfz=g=EH5uV`7FKIY9ZOvQV>yL-x0p7g|<|7Jh9b`*mRoh_1@tZP! zm_qN7&$!VAh+Th#u05-KK~4HfwfkhZ(ZP2Umm;-+a-W0X4hm&u>!E8SN{xT1rStTy zkf)^GVs6$bO*M;KtzlgqD&FSeL-4CPFO*vJkkd+5>#ar)cMWOpgrUi`Lez!!#dKt9F^kaujN5$5Jl_08ZsBw>I107i zG!`5gP}!rasW}1ouEr=E@8H0HEQ`a4W&f!-$A-pmx!Qp)mbRu@a#_jH8 zS!$_FQMi2XKJ4txEKUO=P^|Zo>2&E<&?kV#hy)}Wzgtl`EIskzD$`at-&MdpQDK$8 z;QG3F(SpV+_}_RVFoJkK zw0>cA0E|tHsZFi%a{A2?U&IwQDNTwdYg^!q2FKKh%p8SD_;ytCGe^^rbB}o-CZO!ncbPf6$5iOvf(Y)*krG zNL!_Hn$(mO6k+m|o*jLD;QW!zF0MI3Z5H#1jMm)aAx$+pJBF*}-Q&#^x%5Q!njX#G zUf-Py7tsDjpH4r6>B@4RLgQ~*%jiIs0E-FH)x$2&0ZFAP21(L$zAT)OZ1W5cSTJ3Q#WXNoQ8VC?Bamisa*m=w{brv+8-+iGCGm-*%91|4zkx9QVewp>#hcF_S}Y-NO*Kg7lY7 zbER_FjYJ-4|{-jngo)F{M+Yp-jT zK*J+3f$lQ^wx+PFpq(#sN8T_e4B`$%=O-(=QF({=C>*TomZ zUWd{Dq%t5>#WDn2*k`s@AqheN6ZXAyEn6!cxNOLN195h3UiT-Md9$kueG?+1s!jLx zpLy%euFg)Sz8Vr>&gG+3HotE+hN{~o z*%40^!cGd}ChPV4Syewq3F5a7#;A!SEBO~bM6*b0B5sZ6vo&2B78yhN&y{(yv|$@Y zh5+!353GCpxzN?Ww~~_<#?)jJ03P_Q=A#nSI;bXS^nfRP^KaFVjOcL7EFH@BkRYns zJ6k|=t z95jN|y!LtAeCqiYzNxh@kb}oP>;$F=hx;nFYx7&t=AmYSL^n)hY~1zKrK7~dC$`h0 z`SL+iYIC9%#Xeq*=|c0hxNb9j%m}7^6`gOc(;Yqo_QW#h)_J>ei5H!mnN(wzGTo`G zAClV`*HE(Mmr)!_2xaB}f|aoie!oL!6y?CiR`%L#BKns*Z_!5C`fhXsegnXywUGL> zq**jXGO4EE=zw2M^0(@Gte%gZ3qm`q$vA7``rH7ALe$zl&LDuEpNO9BsO=j!%;1gp zi=2(aiEh=W(sst@m7F6!_~xU&OhG>h)g~g}KATwuIcHckDyMR)im7 z@;E;CPF8|u-+oDvVM{aM>7?to(yEf*c(XB;MsQi|OaPj%jv(lzN)^}-1QVpaYLD~u zrT?w-q`gHnaLW@E3Dzx#mO50}1wGK_1@6f-;sgl*jvBSPjZ_8AfM(!uLWodqlz>-V? z`>M~h{@MtI)x5+MxRtBk>W-qQNBN7W`ssPsSgSrC@mM1Db+pvaAW!#h@2P$0AC(nHcc6}Z~cT6*( zbdW@qX_d_FL5$w>O{U{-u|sWnF1`F4WXzJF@D2HyS>E(Q$A~_m7H^=74eO{B-!Pck zxl`OVk5V;^4qx3q;x*GRg?t-e zLQ$=K#qFsjzg;jdADK!q6$edfD2qcwX#x*rzdPu_pLkjV+1IL${HZ7y3Bwq{>1eg| zPMZ0WWb)7(h~wYrml;a)xk7s*(i&w&0~e}021}`IlHO3O9MU20g_e>*l9CaIS1fh*k5`&7WPc^+UF2Ngu9023N@knHoy6{oJ^- z9bYERljZGv5w*tZ_8!b@Q)fl15vb3qKcaXB^5|~c(cKgUK|8E;K7e-6*t_f+vKS-k zLD3g>1DY*OHeMDdMmU4~#8`^H%YuE7Iqcv;Rs=10PBG=UPT3d#1u=^G-m>n3mDIT| z61Z}ss#cJAZk+iGy5v$ivFU=?B+O2ql@g+=u%0ie9}RwyvYE3%_8wy5&>?m!qQPQA zDRng1YsKHElV0(_i~*Ta8yu)?ow|8SUlH~Zb-M9h(M}(+s4uAD`BDR;u7Q&rubOI; zt}hpI0e7tA&l*;+#JNsTx~QVzA5zSY4P^TfWQ$FBAMLts&hW&@AJMXG)K~N=C@;4k zlbR?kThB9E=8>&D2y&6Dtz|C06TOfwWIVu!uwnSX;*|wiSUU~*T5-m@tJMXwg-X=c zO4P2`o&4KN_5Xc5>;-%#KIHq0QgE4KCtTF0uDUN0>IKW|ea0eS*(m<@ei>Xkl1kjb z7+n8W^sO<2B&IOgv^U0n2%6KaZBY^9S7!;lTD-U^%Rw%8P8hq8tSexYt8QA%dYxkcM=9`*fGZ_EPc+UVTgL6M*)3|iQKB!Vj*nVf9;2xyT?3tJTF?SFK??4MhhwubMG!v-Q1RFqI?hg zXIOA-b=U^|^@-(Ld%qv-X>14!YBCm(o3l)VmHKBDdd&Oi>)yz)E=W;X0kd$!P`X~Q z{FAE|ou@m}9`_yvQXL=rz7Io6;P26RpC)ME<#zkHIX;rKtQ&7(^YEF~>~J3N6Welv zVn{4o-XN(MXg;Ozz%veSH=5oW_Tou^{u9e zr6`3;40z|fLq963Pxz?!3(z(Ad93rx=EJ}8*esbDZqD&i)Tb(!-No6YI!iD_UzpsUozI2PV*@&f)+17+g`Hy#d|Y7Keg7`0o_ ztmhJb&EZWjE(P}wz+yeNX8977L_%oMZWB^U4!4qHanGG9u zD%ENCR;j^xP4_4NT;`xGngk$8B2F4O~}#dAxDUcCPo5|l@_x%VdQzhnkrP<nMb zxh@6{^30<5&-!o$`t~ye0Ox^*SS5BRdCWfkBJ1D>SM(m;kRpZEu0Wa-T=qqlYrin^ zAMM#dhEoHG0k#H1?H*7J8lTTjHI|sAbzYPKgE5g*#;Kd(8z32O#|)k~xwF0w%EVhY zR@~S7_r<zFd_b?9xUeti$ZB!@9sY5Z-q0^?{n%S%8FCsB-K^v^ik zma8)%0%ht>#jiXH(-}nqZ~}HZv96UR5kUW|Uy9+Ctza4lTFI`J&l{5=^SYVRsP9+< zJ={LslJo^V9i?C5||vh;)qi=q3}f}2TtH#mo`HZRciJ2Un!flm#9Yz=%Rm2ZyV zsj}fG%G{N!A+qx&--9mo6{GeJDBst=??yUYFOddC7;r9AXb)^|^3QkK*wn=|qR4=u z90r1cV`ohVdc7|W3A$D-ZT*s_%kL_0wl=8?`eDt-2?w+M@S%H^C=%dpm8i4DPsBSb ztkIx69xxqEfV$Fe1`m_O%@nK56_SW*n11I=9V>Gx(;BZcDs~xo4Ew}bk~pgd<8t^7 zF#N?T72{theMR^)AXhHwfzSi+JtqS>ks_2|AWl)ND4M6dF}5D$H}OQ3Pwk~Ox!S9J z^Ekv5^8BslHgp<#O#=B^Xzb*LQj?YD#G<))GanVwx`off_ z+FgA~^ec38wqvm8funWJm+J@cs=*!mJ1LtdFBd{V_uu!5BOT@H-h}?5Tv_hpS=t1K zBt;f($N?YG^ii5u_#A?@(nf4){f;V zrD^^fg2@OAD}Gh}q9rM$I7y*pha@EaXzvm|BoruoygKcff$gWH1_qM7`Xs53rUn9N zM0eym55*MQILrZ$$=GsOLEdWLwChgD^!#6F$X1fil?5E&*6&F->i0WMh@Kh$A6a9*2U)*ley}x`}4zUV7riO1yXT1E0 zw!G6b1>U*l4cwnJEh}jo7@7I2yH26X3Y&e1PUptCEo0GV|JI^6UMGzlRh~8kg`x z%zbXtOgx|%^64aG-O?L*nxyz{Eejth%JQIFKHu74O%o6FZx&hZ9_qyeQ*jfRw6D!* z$w%u4xoi#7#$mlr3gbPpwNRXU$b@?YCMyECU^dD& zs0|?(j?q~-uqDZP0J`(v1_l3C$(cp9Qm)QLLYfnuRRLSTwA*d8mcsC3L>$jaRdn3D zRP~xT0#+vOorpE2-xmwNA5{L3Oy~L=wPkiDM|%8bdKuzurf|-_Fr!fk7be@c24|E` zn$v}~6E#-(2c&mS)R>pOO*X-smLR=)Ny>fdEK!0ve#NK~<4SqQd#VjEYN($dY;~)tkM1 z3Z2*G+Bn|>WVPnYB%eIn+emXT8hud}*G~w$35tKE*B5@Dj!h4`CWV5dZx7-X0O*6F zO~}W}+Yrq%8^r3VG%V+2DCBEFBTVd>?kxYEYB8ET#%$cW;R0D1&bK|0jFZ`&q{w?= zw<>FYLm7`EH*)B$mtobgsf>64iszJ$-3;@Qk}HK4u!age+34xK!PY5eJ)a<&JtHoh zS%X+t#G$A{z8)2ll6_=;ot|aG_CzwFVSa-;J1t0GoO-voV2!tz4><9cd#=Mw2f#j;$JMO{vuXRg} zeQR&X}z z<tyt4B&qF7}12Fh-MK8cC9t{BguseCN^&{Y0lH*$xBkXw>x?SO#(*<%RRp+r9$Z1u#@l`Tp9OCCg zfw!e4{eCv=S(jDaV~WH-wVE%clPRVX?)qzwlX=6ccC`nR4sB%Xq^INB}DJN znml~E!5I4VUh{+wuePLoMK!pIQwtymt}bmlXheb~FmyCFh=tv5<3CqyODQ-m3b zd&NiWw}|r-ouphHUb-oYnyidB9F#La60RQ%HL*RGoe$c+~7w7~VTu4%%PpA0X3R9`=;2 z1o5iw^8@dnA)%;u*o2RUHBd=;zvF1Bou3DG5`V`f^69SAA{dF3Z-u*t&h9#w@^Rj} zXv>{qOoq<^_&`>uP>(XF1XA5q)+Z5P-GX_*3c6Ek{koeD$H#7hKScm9+kW?=s;WF` z8sO{k;nlAmacRcXfXKo?-KNdjAuH}0#>t+b^mO(>pi6e&w?<&05rF5_g zjPl|9GCxKNiPbrX7V@L^?}qdx8F{~|yT&p5}c3MM*WJIe&XX%X9@X zrI*n*cC+~3uJ~|)TFUZvya)>33xgTMwEeCW6Qzh{Zx#WC>z9 z7-=j@mupJT1+Fc^oy4r$_7#xJA1=3CTG-YJog8%h0hqYI?u_$3M4MfaH0tVXCb23h}FE$>y z#BFYfp#30nY5lLol0L7ZeDOGqD0Fq~*ai*y2jrGXiCwcw&EggL!?<A)M1zzE_{V^Pjz|*P75C z9n}^tQ!t_w%DQ{gb&%lIAb_z9biXPUPXsZb=mrQ=lZDFi$op~8A&Cn6Zd3ZQlt_mm zPMl^?d76D=jLa4EI)7DwAD?1%S=zMS$=panZ^UiBK#Tm)=_hW zmnRrdSo%jqt-GZOd=}er&lHXIw2qxw346g`rjHFE23{t<1J~ zwfy69b(HfTW|j{YeiTY=POc`SA-%Gt@iye;s~t|2wIUNunrFT7cSpd+dFYwvLodz3 z0#8|V1L_s3>(v1AuCBlG6M3y%7HBGU^ep(~ps~WUh18+Uc3hzFqL5-M(B+zwVc5d* z-;fY>!{QhjLQFbu97j5!Pll@~M&&`$_fL1OHIr)FsKN${^l&E^?0C;-?N}Icu*v%; z-~fBKuUU*^MM`#skrBg1&cb`UpEx4RHgs`yrb|WLN<)q$& z&551SrixVmp{*ek22lIl0R=KO3$_|9*M|_OZ^|U-&_XG#*Yxq{rM$=@Qy-Pl;hKxP?&I+1ECLpq^n*(lf6qkFDq24TkvK)<87 zCyOs8kBdsb6}<;=5MjBJRP_{kqQ8pM( zkcnZEArX;;6`Q+id-8d+_~K;CM0_rF-9!JO#IL^pSK@r>ISEfTd zE~w|m0$m6r6FD*e3;ovHAFvJw#TRhgT-(MZ3WkDOtQM~d&>6ap9E;20n(FBX+@%F+ z4xxz)`}M0)7F;XWge;KjM0DERe}T&Vv!aPEU~g(`%5=h7ub*m642aDYBZ(*l(n&IT zuyokUEzTAa#=v67{_wSs3Wd}zFt?Yn2vF)ZIWUd=gpNyKlArPWP}_+akd^)&!+T12 zbcpJq_mQW=YrIZx)l#GU==WnT84Nzb^{tT%5#93`f%Z0bzY_LDBds0LaIVt)qp0e& zBmE9($|mIpQ@wS`M&ut+-N{C=rQdtqDmuX73Jl@AJIC|V)%;GZbKK+?%v$3 za)$Gt=(M&F>WMz^la-$y*)55(rHiNe(Zi`S3*lq#q^##?;osnT+pA)`>Q7Ny4^NC6 z_T*dAhitflggHn;))J!ZD%5JNvp-1Io|a7)QqheOlWvm9vaEPa@^cSatSTP2MPztQ z(lt;N@3*iKZ;?tfgQABMb|Ct3DoWyfVY=wMnMzw;DEKRC0e>2cWXhN#tsT%OpWjox zFGD$A#|F&?gtDndjGy!}AwisFm3eOaNbi8p6%Bteg);SJYO9*l#VBRwQn3ZkG5dwO zz|R*R-N(MNT42P~nRSPYH8l&Ne=0-v@MNgNiYp0-0cw?o<^~Pg&4zw@W)LxxV zldOuEJte<^l&u67<_(>yB=~`o?^|BgC)AGL=3Tt1mb-{66sija$KqVN_*g1*=SJf4 z4JMt}P>9m)dFHLSV{{I)N7rARaSD5eN7RoXdcyL!#V+O(=XceNi%R?7M|IH>-^ZOv zdrKcoV#agJGN)Fb+YZO7u_MbMrzJ~q*q$xyvhKiYs`Bo6q>?Bd^@|0dq$t$3b5ZLQ zmn~#rJexhczo3p$xsbNg6i>g*2)Xae!Cc7JYe~s`)8u^U(oXyIJN+-$2W7Lt+BhVJ zhcRNH&pN3^XzRPo-%cykMyL@^bm6dsQ`%{$iuZWZc^Vyf|MUwrV$pJLUqoq8gG|Ub z8kd$`cU5|dYqY_qck^$$QFaOTN7fk68t%J&T2Pi4vsy@uF5RgUP8Rm{ZQDP(M3|20 zmvl8Z#u6l zLA(2!uroz3CD5Oxgryt$XX+bK5iLW#MPfu&jY~+67pzCWhosHwu1n7_e(-?(&g5?6 z#r%@RiFHd{*?*DqF%dJ}1hIwW2s-L8xNdxQQ101GD#&#B`tZJND};PXfyJUbT8B5B z>%wGEzg+Mbf-#V!e0e;d8AoCh>pSQViyHLz;K77Z-H3MHR1pc>Ix< z@q|)63>dq6ZGb*mKnav#eBSQD4q*`f(L>uB%EcTj!yo$t+GV@`!%OZs(0NLwXYJ3b z@4d9(km`Ivb%^oj?4YV8o$CbqJBsNUJ-Lhc*E(CXil_;diiINg9FD02ZT>H*_{x$P z#@8PR{z-wk?_D{m!^0Cr1JY$*cJnLtTY_6Th=VJae+M957s(L7X6aK^f405)n0OH& z1SY=_cf$DIO2)}>^VT-03T#q8=^4WAmvui^j$ZjXdCiYvUxL%5Xbc z;YfVou;3s&hJnBYP_?GrP=9gJbFb!>iD_=%d!_5fz@<8}yOi?jC~MfO{tAd&>wwg8 z>36pY+#*KY*<#kV*Dt)GP1=0;Ir*5H?e#GXWib|(1S$4-7aKLjb~%qRNP9EeuQdDP ztys__y z5fmvc-ciZPQfcv}eYb(_58>8wa=(d3ba&c3!(>7RhG1*F?x!6USeo=?%7s zoaM8|C3O08cg8m`8}Mz{>ZWJexY(Mp0zqbP-boo12Xv%F;|Ui`B#D`Q^{LwqS~bJ1 zRJ&H@3;q(gEJj8HRkB^0^rVrXZ@wPT>YADUg@58(MMAs(vAII2n1T7q!+7R+qP8L0 zF^zNI5udvBF<;S7_gVIm9SFR{g>%@8zRQI?T>eYCQ?y@p5#p6(dFZL4J@>qEbM!=} z$gQWaY%kzLTV>tdDK~y7D(TKeS)GBI4LaR9BJ4A-SYkaL&7V#hi}O2E-+p1li`3r&m}V?er?%cl^wqSQY#$uJ=5aCPw#!)Oe-pbSDx(HjTpLo zZ3xX&V}!wl(TlZGd&4D_8>vV}iP;r@(V@M6pg{+jwoGtgm*M`SwfI7hcfx{uh(Ty? z4ti=*f=?1#z4&D32WEt{R)_P>=`P}Sf`kfgK=<{W%CqP~6HkSXkF39g#)mrHRb3l* zOa`?3DxOsB94=Xn)+?>C^FNo)c*-UgO#t(p);0WOOBmJ)AsDJ~o>tnUD*ASRI!oWr z)OQC*8csa7p3bW5^)TqvU+}8_t8T|UKY7;hU#VNeJ9s*G>E`i|i~K7UMGe~`da3lgVr4VXqu1Foi@P>}wk&gi6bjbWDC{zH&! zRQ3`X(*<=}G?)|p>!3W3hxbEB3$ajaX$ z+PJky6FRnQ(gRd;IjXQJQrw_$e$FwVrZGdN{B7MItWBr>d8hpql^Aaar%u1D<(=@| zzhGVO`sxqXRlPPA$;eyt-~jtWX=gIi?j{6YmP(r7IaKIuLKm3zom-p zlp-*?jjx388)^o!aR;rGX>YEM$;Hb_eB&#KV>Ezs`EG>pk@N|2WOnc#9mD^ z;Ah3WvOzD7dM`UMEsKUpGV^TymuoIV`;$h#S1a4a23Ic47$6~Q#xQ;rbXWRp`q(hy zr`TXXOWd0vxyvb=zS1yvAmX&6CdsCLe8_cpGj;HJn^CCyW`dLu%f*{KVDD452gaD) znnoMl1%+EW+_7Sb%C3=K)t$UW#iJ$7*c~Jxu?0!Mb5#ay9U~9OzPU{q*6Eu?KJOJ> zUbBJmmDZcqy*n8aML7&r+!} zJx%t~^H7m26z8>ibYs%mIJjIP$xMP+YorS z+?sihEwnj#u0N^w7gn7&x%+yoRx%MWh1J~u{5YdjM{CY6#r62yN5`HJCr@bBsAGO1 z&I)XEWH3c1iR&qm5xxH?^k?!qET<_D;_ipqo2fu7(oASao`@?#f!370sH9d8@`xxD zv?IJQyL~}G#~94!T;|h;^(x*Pk@}KmgPVo^=PeVwk?a}uk~Tg5BUEll>(vjz*~r~q z0n6vs1X}$90~y?BBet20NpS#-sTw-9YX@iQs%PbA?HQPobC2XoNO>L{{CQ9B5goY2 zAU4(y3&{9Y7I@po@q_rzh?3Ed8=QhHg3xHBgp!zG?{v`F%fFZ^VKJysIsj3iV z&h8)+$V|K3Nt1T}KGs9KjScf2f>3LU5+@k>X0NQUPobfzo7sH$Fn|;>jkMWpRPv*# zpr6GW-CN_*F2{yW7wgC=Ldx^O-HkmuHslMu09$WL_6ZrEOicSo6CXiq=PO;XN48g8qM-Y*WN9NLSv`GJ zfnFv(Y?Va03m}i}NmJvdo+8s>s|{r{@)L^ze%rZN1Gy}>^~GG51JmT-T>jEcJj6NZ zmcB=!*C)MNGRU|@anAR36&guro*_l6eDPHm8)->s*RsgF*7V;QA-KY&5Wr+slU%P& z;Q&LZfCXj7P;P8UuJfr<7R^NX<~eDX-cOGTs4_TMf&uo2-gd^keN{D+!`018t^#D40Uf+@iaXlE~pB9 zC;84}Tc?I< zCb{jec{0WaQX0NrJszTYK3kF{_P)NLO54y)t77|im&MaL-~VT-`hUEyzc~*tcP5Hv zBR)d@<+ar&_lvo2{{1y>P=$Z$syO9oF)Rz0b-I|v8-AEToaMBU(l|$Z*K-qbws+0K zdDtDOemZCtr?kNZlngw&(r9B^j0w67UnP{Xbc3?ho0-TO-9Y1K=8Gu7`X5ct+YbnO zN7*Zajh`GcI%DO5wyc1i@i(iqIFpqIt&&4thqlUws5eNgU!TXwQOxxIRr9)V7$Uls z0D5?yP$0Z@>8=ud6+n2wzBU=>^E{Wq?a~PCZ4zsGwNaiocsyn_P7)2kKw z=HaXB>aj+J9MajQ53Z!|rj&T>dp(cio1fbymu9sJP_eDFycy*v_Pli*sIb-=ZS`Y_ z?1?$es9PVPKQv1!X9{i)x!YI=c2#}hX<=K@L5GB{A|hXa;~7cYC&lJ$H8V??j%TIa zI8)e;w4+t-^6t}N68G+e=qJ1^raB)BIVjsj(X$#ZwU!Y9~=0NPd= zZXZ2X!g$;ZNebUQD$>kMMG=-NPq4wtiq*eJQ-U9-sgFu6{;Y~3Kc1=(j(dl_lt5?_ z-x{G%o{69VeY~4#W$0y%Nt$j-f&^T%Ud}DLtH=u#44tzwMV!6Wal=Z#CF|2#q3R9y z&a`!WTG+jM)wZ=Mm17*bN+q%Yf@JmU4BYP*QdZs!54d;&e1M94m!|ERhkt}-VZBth z4T2qikd;gpdg|?Yq`}50r6(?#9YLwtXq#v#iS(o9jH>AKKTvgiTP zl#I9hrnXy5tOl}d=dKf$B+MM%iez&UFQ;buZj%?OZP6kyDX@O#`Gj?>Gzy|N;)^Y^ zZ7(07km9~Ceq|LPrpJ*gKKnUWLojW*BC6bw(9eEjwNDHshI=D5WirIs`!f!)C)d6G ze|xQB>OLH+mV{QU)jPign~mQfwi`D} zeq8wfxO4uG5JZ)Q>=N^4v3;cU-;gV`EPg&wWdI%CGH#(`5{XBy)(B(rv?m2ibu;vp zp4l<}Ho*Xf3DiKXR`*u~X08mt4DGt5_F}wGPG%q@2rCq9%ME?hj-EX#mXswvAb|)l zmK6zIqwwxi!Ras%<#~5STICP?R7}t!u0yEtq1>}eiEwON>j7Qmr|3WfB!Bx~Db3F3 zM{O&wn~p{LT(ho^lbWO|hh;gr`G*ABx7~oIcP|M9&eM*4Y4isG^DL3Oc$C0i# zr4%NJ525}K2wKL2Qou{_h$N5eDZmrVEX2~59c(?>LUNoc<;g)=pdx`%RbGIC@1aML zz~#8Qeh8wCEthgh(s;JPJhc8o&K7XaU%%v!d~ozr!3(x$#=h$w=>Z(lVT*9HJ<0xF z6-s7Qrd(zx_lWD63_eWFRh9yRfRH7nfd#LY38dKsusf^U&M#z^TzoXy%_>W>x2Ag= zks-A%q2y%^^y6_*<;n4Bfd>&8;k|s&zPI86#00af&=eKKMGdY#qU+p_H;QVAT`aO+{`iE?k8uR6YYSP}c?*y5=o}>`kP5f+#TK$V=(f|gbyfA{ zsu3Rr@~=09lC3-mjX*ww`MSU(V`mPwxytm;{GZAdQw$Bn(T{xCT^-?TfvX7Ad;pei ze5(Tuf!E^BIEv!`hTmg!(}lOus4I&CGi}(bvq*E*N7%8$A&tlY2~$R(#T^<~g6{G) zPkVim7-z@Q*Qat@zj9YFrqhvq1kKIO?Us#;K1&ws_gwdswY%b3@lsi`gitDwJnA8E z&oiWq#;_8&`t8%nXZVM#K^3hmM-bBOGZ8xCF4m@!94Ya_12fG7{n5+;u;V@8Zq{x`!948rIzZMm4kL8M zo>@DphH~v=F%+jU$bh8zRMNNqvhj*|ynbO{MSMKBaSPRF&h}oWk|CQnPb$M)ZbyEt z5tZ(>s^qcR&7!b4lYO)l*2kx#za>1i`G*AuJl;0vkw(;555sK^C8H(XTspk(7e>0h57aUHG{$_wJBA1~QMDRb&`KIDr9O#q@x1tT%zOu%=|tVD@JY~L-f0IWpyY;2s)eW#PV?*`f~ z_jHRr1phIjhCXQYXaNL~Zd|@?&kyoqtJd$jWoxwdS$VV%eA}K$XdpWH<%LCC4JZ4x zcxLwEoe^&s*+PisZR&}J%C9JX1MVb1M|Vbs+S!EFYPRz^x}(a~W+1gY|7RQx7K1Q-Ja>T!ZYP zJZU@49Wpye%w6W7;w$_flJxRS^Q!Bp41rm|2$<7SK`qSb@;T)#&4cdqK1le$t8qbl zFN~85Ixn9mQZ;3V;^a!fW6+mAn+L}(%pOR}&H3m>nBgJ{(?2AU85pWD*5viZ#Nxh=IQiugwTSVfcFmeLkF%fYJ`6OA+8&g`?GZ_4JU0My4AsXD?UL-@fa>1z zFa1h=qyGz_f1Q&qLZcSS?_cylaQN?Y{!mKAn{dJ&)2OR5u>+`n8}8p?RcK%A2Ui` zn{TB!7j=LBOmS5{byiw4O1T>{J zTE>a}x^HWH$TUM`u+IEeASAyQJ-OArlA>Kp=2jZZkYAutv=012eTs%F2PS9rxDq5 zT)dk_*Q7&apc}t8fB(`9}xYFNv0;zSdY()yqJB zJfPH$$&)dgAkXS&D{2r}-JpM}3rsXgYtNbVzg+qnhggwhAg(wR?0=x1>mGf(oQ$4C z1WVft-OBEG@bv4Q%AceRFW&z6Dmm4GWhA<*1MvTm)G@1aLjk9!E~p~e`WBj(!NH-% zAZvHK9(8vQa6o=?OHlVYUNq+A&mZrY$7|BF(?BoZ9s>^EO4^aae&4An?*&mESblR$ zg+>$qB;&zjr`8=3TNO9a&hPnTW?m@iT(3Vbx2U{9aq8NP(x|wHfG_^uZ)mqj0onZM zJ-x{sOOn1{uB%L?Wp}3r6>CDfkt{1DM|7Hsntwh8a6f&BWsTy-sVOi{p2|KNI zN7667Ffqrt7F!p-HI$(_#9!%ru4J)PxcWSM+ba%%t%N@tOyBP{je8(*f#=%RCfmEO z^U0nibVvkEn`SrpHWun)X>cjH+IntoI8bsRRskZVST7X1eY^6Ooz6rh8}W9%y*pJu zk?#C>r4jM#Kl74zZS){S-9&ugj{z?e(Vnk>M-ikks>t!b>^6piKPKKT)I^rGNCk#TXxL-G>>I-pP&1=|NmFf+t zzBlD6jNplVXW`Uqs6xusDTA+f;(UtAC}uTsZu5I;(^e8zJe5JyAP<%GmXqI-o$Oh$ zmv;7orz=NgCg`4)`FR ziZ@ToZbT^g1xD%~#;9ydnRdXoUXdoe<=u4*NtYP*tbM;a=0rJYdj4y?q|E9Komq!( zC!2QPjbh(zd;`OY`h-4fgP77JMGfwwCWZ+lgq3yOJ2Mz`hx zHd*SG+Iq8g`2GYH-`6k820vrki0Un_6HKLRoQhrQ76{DGS^n}x#>1ZPQ6x`?UuZ7f zEK>Vb7V&V+r($|l@qaP)UQtbT;kt0>3IZw;1f`!nhaLzef4;HDKh8e;?0v==^JZn;fX^ktXZYG%L%3fCQ0eGa9^Fi0*t zkosDWvF{D5O7E3{pcg~r8a$K`6)9a2O~qZxRdxpuvMe_#%3(9JphzA@du&RtDn{h& z_i<6tPr9q|K8EbRp*0@;jZ>l~FF!&c&6giCL_|!_!ZcjB$_0B`xI4CkKiT-Hm%wy? zooHXL<#>B=uXF+HY~DaVD|g}y!U>;yHU-*nqVZ!jy{GJ}-kR%ecue!?Pa*QSc-XKS zmsJ9vfyzh**6;zunA``AClf(aAN7DGuCVP_VC>1g(zxn%C$#Sf>Ync#kegxVuHSBt zgNbP8xky~p?Od;(?`77lgv}18cRj^hD-p)$-OB;#JPDdLlZt>($v5gh{kGuNsDK>y z^F;VMbf+o9n(u=`VpuD+*TfflXBUR}YAM$KP$7LQ`3$jFB&-OnuC9o+6YKIpB)D01 zGjVk)#A*4ZMgp>-?@BQA?~~W^kG6{eBf(rh7{SrkjRC84X`f^SM0JFm5 z)O{eo7-5OB5oh|IyXmINcX%+DD0`x4VmC4=#ypqKRnb%+u4MJ17r{Kd zR8*JsWm(TG3Ard|8GAL$`K=v#%6@)a)@jm?Y>ObJy0O(({#B{R4EE^JC-A^lW+%Wv zOI9?h$%`{iL)6Rh^;L$}-yEWBShVTPsz&5j_k1nAyk1X7hhX!ma`@5FG`Tqx%Rp%T z*inQ|;)Q4U`77%mQ##o9yCZISePMAu;F4W(trVX_At;Rm0|tp&*4!0A?V!=>v6Y(m zo)zwbmhO-;er|4-3Kfx%__#Lf$)KK>0I1wPml&>+8t+?rDQi z2DLw>nYOk+nOgOac-$4Et}32kTx$DDYN;2uHgMzJ>%}Vm+LC;(8Ie_7fgia#BJSup z%U5%KFbPJy!XKeNBO|3NlcRG@2OO!%+h32fm7eLIP4SrTGLtEpg;wNgoG^t)TFo-q zMDW^{gy5;ZPOBitv9~ths%NaJmIsVatv%4XXwV{@nw6D)ZkO?8>FqYQ>L0I@D~~PM z3z_RQ1O@aR0+MQde^ifsyW@Z9)M8Q(xf1@{%1(%70K>X>DL*@~VWaqzqL>rUvC1Z# zBZ&V^duY9^l+EYy03tevAk{sqDf)}edWQ*{QjpC#J$CX>ob+uNTdhewj(3MGoiZW7KB7j%5F?rAT7tc-}hO%(&_6caEmFvEosB*}9z{bNkJ5d|;W- z3|BK_L7TkV`c31XDpfu@$jagc-|W*)l+`ah`fu`vM56VJEoEH(S16%`yt>G~z;x1G zekf79n1>jRKON*fd{-hpWh9$!cxR(0Q5d5PoYd-xum|pe5X*7#K${XjyE21JaGbiJ zcCTPSxMbt&|9(Ohi@Yrr$r_>e<#;vG8#PtGkO%qzky|4;*cE>e%xOt#d+k7~jsMjU zuV`t#Hna)MV15wA45~c*W*6`b^B7M>stTg +}|dWcEKv4=}pDY~Dr5J?6k&RA=l z#JZPNg{s~oXd1v&nkuOV5cPvc<@uJn zT`uufWFjB4k!saWG=rF3Jj+z6r5xo-62pZ+x>aIhs19X&GuJ|Rh$gel+EKiwfZjOr znCZIn$QupAWd}-@C)Jy>K=;QzYp;zHn9kHkWed*KAI$oei}7JUvu+4od<(I?6q)ocAZI0oHKY{<}eMr`i@BwE^?-i z8hB`CervBzy}}C(czwi3>W|MPvN3V>_ot&p9*02&gas`+qZDGf*(Ip@AeL&EW=(jt?Rn(76EI*5#r7xQ^ zxV%o?9=4cjt2Af!&Q4{IU~t^v*nYKG=p%!e0q(MViL?@pW0||oFYXKyO9-C%Qg`po zxn&^4KGI8|yioy~RmQ$A`TMXW#|+TdZAmMR-jcQhW>LeQu~dr1@YyX%Id#4!1-X}3 z8wE`)lak=#)5CCtk(;Tv(D!a1QIhn&=TTYP?u^auAR~o1l$Do2G@h-^T4OQ>Y$!_ZC4@03#A7(yeFAg zv4l4tITR94lmx*p-FrEM(!i75H?EA(vtFGp=N)j6)6-i{=_G*jdM$-WI2i5(-!-M;sS8KLjIBXT0&94FG?2x7_w&DR?UUkdR{_E=k1j-Ysd zj6JMbiQPfi_QaI`S$nGd6!5eCyT$SnBj51u`wf14yF12vjjkmhR2b`OKeR#jn}ah2 zMo104f?8E0$!+p53!_nTR%*Lhxg(&>QH_O5Y-sDSV2$@(Vu#IbO2pCC5e)x z(W*m%;q!`>+kz00*kYTG!MuhD#jnn8Rp?)iU#tL@Gb`4m8KSY+#5VSCWP^^#1@5Mt zo3UM=U2pdt#tz|gjk<3?kS@30bbVq*2p$W*epKE4b$_+9AK}rB>JGlYawC36qp!}U zui2DQTgP?fAh@J9Y(~SW2_H6btB!<%;=>ltBT-te(g}W+?pMR_J74!k;uo)PSJ!zt z2wrxS?i_l#U}i2QS_m<976yRaRfob5e_xY$-*OD~e>j{sj*Oaq%R=gBsMKS7wRZW> z)8CCuQ7nFEUzz+4KWyUru~(DzZd`B?cdhxbYs$}fMWQ$Bb)d6tsxDPvDpL$FGafF^ z(8J1F{%AGm{6b{Z=Le}-3hHtmm+}4J*hV|0e_)uwS_jXsHq-nSuRLuoqW(3N;2FOo z&JRce%4}|~A|pLFr$R766ee4|V(*n1InUD#<7^Qe1>jJQeci|y_nKu}Gd9b6B_?{o z<@Cr_o0y?0HU21tmR|4FmA2})EyVepchNYs{41GT?gEfwrg?d#q!A&GBX0iGriip* z)^qDvn$@t*;}PZYj{Go_(uji2w3+kaO~*Qc^P3OtyBE<7O>%oC@MKeBAhp*u#^;V) zMeryN1G^K_PA-jR3j*QD4-qQY8(5uK=UFGb`>M1^#V}*dIdk>*PyMkaK8LmNfm-`g zN}S?CJX4|+ys5cOI5NN&|Gp@7~m%t5>sSn)J zIwJe#_~owJl|b+8rTUO>35p?uF_VnzD=Hb+=P>EuFH=%NWA{GpQlWzwE3X$nf+4l~2JkY^^V>^{8{emM{*1O|61$6{<<{7I zwo_U}whvKFIK=OM@gKoY`O4Y^Q)EI${Gn`GrVlW(WaWLO!%Ru?$pUn98EW!ScI%C2M`<_{aih_L9ahxUM+cij` z056~plNSO5MSN%vPr&z<=hFB@pZH^gRk6Z#u1>H$Ge&#`8L%pgmHYz)f?COTH zH0HLp;+z|X8|B=dY^Q_zlXdY7p{6@zp%zpD6H`FC$I^u}n~9*WXRDjH(agnKHzmTb zJ6|X3aToO(thn9WB@TBrN+>ZDwbG3cmC~suRLDqp*s27QsM@|)5&pE?6;v+X?%})d!xmEqwl~)GxH4}Ogx5tv$ghu z?lHm{ZCerYKCYEbf8NQ#R&xoYvQ%GhbSQf5u&e63zHql`dFaQgx|yMEw`iO%rB@T$ z=7jFf@P4Je$csLQQ5F?60Wc<^Y+{S4mbRlhB7R^gShCMaT+yD4r*T-$_1IIj;AA7j z^}@xAUMAFQ)~FTm_3X3qUJ zW*Mu}BGP*7WSlX|DH9@ZSx`7`U(nrSS$Ty}PIn3M4s+J9 znB^v)7g};-8v07@Y5whbw->7*SEfUnC^rA5)4lWYCYl)g-tKp|app4_2dBPsZvuPE zblQca)D)$X4eye(%yzb#mL6}HJ6YQn_b313w1vPpnJKOw6q%LJ8LMN+oEV?5xp$^> z`-{_pc3H)In5|?cXk;t45_cOW*+Ojk?z0Xrv-VEUp|Co0o*P;fN2-r1?qbyh{5S#J zNj8nbf;R>Ln|}s4%DDdPrtnRlv5#d};?ob2kb|;otf>al_yUSkZa*ho$|` z*A1RE6HU)Nn|wM}#X5sAij6-Vlq25p(()r2-4|_ohMo2hQ}h6J{niCZiy{`^`yzD` zS7g;(Kc+zkZf!qd720Cc7`PYv&ELRoZ$%!Kt}%82|A37-cU&`e(Eo!>Lw?M1#Z%!A zcX6>^;^4j9BbN60X8Gjno{?@{salNeKsI-g6h^k=f{pD;NJ+D^*HVi`kC`m2FZo;8 ztib2;RfwFHq{mf3+>fIih=ykNzCk**S1I@vdeO{crmIA?HGC1HQT;P)(=FDsR@zrX znN-9MREkmFV7s#{?e{2a0Z_uG6{XA2O1|9O zV0P@-o&V06dJH6<3dP34CP z-4+32h|pH{gLuYqGuYQe1-60Xo37V#kbW>&y}+f1hdAv{Ne)1p>(>_Ij8@3d$H*^Z zk5n-Z_BLC^T>I@MWcOn$K8n=t78IQRO}O86Cy`5IpbXDB?E3q?p_GzuXVrYBM(EC3 zUxd+-;N>^f7?F!1Q0e2ZPQq}rZA@A#|m;#^4{jG{&1LGxaU^4FVWQ- z0}Qf1k4kxB=brUf^D}+`!oZZG<;t30#dWX{fbLA`kLMc$w<~2gR^3dz$)VT`rnlB zk-?6D5)|5;4Ul^Nz@1HNz|Y#oDYC(D!2`r01~dgVOO(j?GnxR=kYWfRTZ>~AXiB?~ z>Zi~~$nyufv{nVX|2&9{D7TzjDU&%@FYCQAvDoie=)RekFGV^pW;~|2QjMd><^EtJ z88oENzVuiD6>6o*e;2tFeA}!%uNK0-SSX8s6$U?9C5SP2fD?LpV||H#415Ih`+;Aq zgFVkK*_Dr^SiLN&toSV*5}@O%(~eXDy6p15n8!5lucT7~zI2Ag!pZN#49ZQi4Hs?X z+!k)a`f3>^+*VE+f}icIOV3qX-}cRsnEbVVPc_=}WWjtXAL-D(vH6>O)kx(um4I%c z8V2DAK>>DCRpjtq;>A?UzJLO$gdhPvEiVSxv zLqxV)?P4?%0xiPi8%%r1to#AI7@B(}_RKV`_TP(hJ&kl2W%jujSJK0S|J=HW-U>rj{5x ze@PK+{~2jUUEQxcn|*zO4mHcE+@mc`omgrhRR_L$us))Gb^U0^Nj0?op<|cfoo^`Q z(u<@<)Sdp|oOdYFxYxpAOX4s>Qu{uI4h4i{vYiU&1{vp4n|w%mEwl^;no?(aPJg@q zgCYeZ2Jf9SJzC|r`MUGZ&y{ozUg71RN(r=dA$lTVj|oQ9Hre-6iwPx<&GSCeX; zRq!n+U@g9UzmO;5Wxt%u`;KVhubn2Zx)23lyz8QArc+99-G~yFc)7fKW95!=~2^*Upty#vsY468?$9jlwaHGH0+{{LqI%q8GS0^XH% zaADV}W|rS9Ku85h%<35JNB2&m1Ol}_y&PZXP9t8fy8+73wcHRvQCIDH_NF3Bf?5fG zOBwD=oid1VvvosyWz}g;4gmq8$#P-ZeF2eoax8blCGFdzTI7NUa(%s~b{UjJ4Xf|l zsBNxR>dQ*|WR0?DX{H}X-gd~3U?;_RUg${|Hyw*)zyb|X>)^~+;|r-|8P111S!eeR zfN|a}>os0Q&MCJjph}~Zh6)=X=ts@w;tjyD^%R3;mZ9tIsY8Ezt`|%hDwDB_LQ;Sa zKQ{Va3%o$G<-%-mE-muhO+LM}KqD zsZMcVNDd1a!$eV|%6<*$%T8(@Z$=kQ&l9TgP*ad~TS4O8fZGj2FG~V4J!>p2r@*S_ zF8|W!gfa%R)Q-HR?_K0mK=Dy!hz>*rNVYg#kX_LH5C9X+t5}+iSFJ0Ih9wLHpdxp6uMb5)>YNQeB6J@UK&(8^q5dnx?Y*f4TvV@-~=L$o3RwB zN(P;!LRPOUYUI2sJfXGqB(Zx9+^DP%}!|rq}2$cBR?KA$eAU&Dw?Z4Jg|7zJ;M$4b;Py zNa=vWk^UzYVPSHE{#YGM-w27alkF2N2q0c+{_H+%(@ zoZ}zq3p*+y_R(=QgMxAgVC(0npC32XJXr^CU$!Ohb`_raCOLhfXf^SCbywNvy>h2vcJrE42C1h2ZJ4yRJ0S)ET zrDf+Lqlf3o8Q3L5@bHVB$F;F15$qQbCE%A89#|8(PCv z4{xjSNj-KZ{-Q-n%*Y;W7twt(SOIMyh`}C^YUZ18J(!6#Itq)qO*sYB>qKg`6Mv&0 zv)DCJ3`77OrCg-MWZpkw)8NysL>2&jJGimL@xb=ND{%rlLpD^$&g9Hmy^IrgFk|`y zy@x#S%SS7t7`mgHS5v<^u^3PqBNuaQGfRlJfy*}uQ1nAP+Givv*C&P$M9yaigh`m# z_pH~Fa}wbKJB{#VeL`QP1&2)KLmwo3%&j0`=YdfyYYH)W3o%gJJSr46|B=uiwlVI> zcj9+iU?`}^va-RqI$Awz6q-nP4K2yb1-dHT4+o7Uh##L)2#wip=?ytT>2O8rBShfa z@=ryf(9l6$LcyogRUaI6Yw6E=?bJ{o->U-IewBr!$}UIr&6G~d&f0*m@BJV|%OSlo zott&$Wlz>}Z6;$;&{X)&MtQ3Prwy)TBxtq@0u328YdqmnD;)XQTh2ZYl~rrh>u^760kKi;qJbj$}Vwd8qea{|d&xVG+aHd;vd!zg%J{K z+NN2aIoj6#!LMJnU_=)-GI-_2Lqw1gn?$sA;7%9QvbuTm;(I>@7l4yzy0oBZ9G}k* zTspG7mMVEvc7DWEkl6hr80L zaEaJ0cjl3`i+n#on^*^+%S;Lj6~{^}zo3!}-FeP{*vg6ywH6&HWB7@06*yd;=iIcB zr}xV;nK1kUbKZ9}WBR9zM(-4VRSgAH*V*&Gz2mT58nIc1ZnC?t*-lf)IY!4ZJq8Gi zvQ9apyEK2Wcy44x=H0yJenRqS4eGeN)8C0~lYGd$!YH4c&^+S;1TZ?Bp6Bp7Z_%t> zc`yqV=y^q9C{kx!OX8HX&Gz#c)#K06S7@-;c~SkEA$I#4yVp0L7H>6GpGIi53B4B?gr`5g=3`wo~JW#D^0D7 zfX<9{QjGA#$#vM)U%Cc%jKgL$(XT+5%vIN@b;7mn4J<6CjW~66!ZVkqoY2H9MOYCz z=k3i&!t#!@WA^bVIlLh3T0jOJp?~Rq1zlPucia>CM?arNOVX+tcglvW!O8y?vt>$A zX_0l_H6hF&gf2>%0k$lB5C+Mz(lRdnw^M}aY*>~J3vH1UqAo|Z_(ZA2w%v5bAtT)vBy6{eX z?{N1{l>HlI5F*rdJyJ-j)sda~kO)5tnC1f1L~xzAh*nyQFt9pzO1w;cFK!69efzhgHCweVRMrHRG8db9#}E?kom& z7tcEYlr{yg#@PeR8KBtq@!Zr_-7Q;mA*((>bSw;e?hF%S^aHF>HCA1HESaz4T9%ny zA(Q+&CPrTjdtl`aR#+3G#$A?fY*lmhV6N5DExQoyi}u%z?b*|kD240+zyDD(*63<= z9*(MnKKUN|x7ccWDf8x7MM1Xz)5sj28`2n6Y4f6$Q;%}XJD)g()WqiyCyBoUZD^?ULZZl?N=fUzj62{Zp&sKd+ z*m=}KHKT0Qt-<8w1{QfDe|wtuyRxno)B0|OHH<9qJKb8ZQwz-fN4#)16=#vi-+?ITkyk(i>UCY_>xX##VK(pLnEb|}FKOfSG z^HY<>__Fw5E$#X5m>W09h=h7=TuAyo7g4XR8IP)G-0HjDtsHc=yYf-%$?!K*d&Qu| z=poW}K8Js%Ze`{Fh)euev?6%tVg=XqFNsguW92a{9Mg9r%}yxdY4*pynj3XIZ zWvH)Hk31$p%~gM9OD22(mN$)cCigHWYGJsfJA!iuR+Kg0Q2By5#pDMU$Y{|R%2oqhtqUja5oTi9||qgfpuTL!g=x-nbX5R`74@R zYvAPYJ-E$w@8*J)_3B2{R=Z$J+=;KO@u+3tUQNi|!a2mTFkg9q|4Uh0Kt3}bS3rZJOmoAVIv;2MGm)Yu zp7HtNh-&X*oV(Ltx28tzUT$GXIVQs}kq zJAHtD)SC4?ymRu(jS)^kSi{kjTC5hAPX}*a(DRRNoeiAK+6#qD zjq}*3w~-q93?!3?**E?xd91bL#)LYwP|TaFqkRTodxWUTCb zfs9n9Lf*%+o^}#YgzG=4arO5USL<->KNP+90L#9`*ove{M{352L zrm>sDi;eOH0D8Es2Ki#`DBI~l2O%E)Sn~!+VA9|#*UGJ|&wepKot-?%fN7fg{Df{`07u*+i@jc%yQ%Eume79rVi<+?)*&ld8NVfLRs4@M@>y; z(-n7_nUD1T^(&EmS<5Er(_vTMPv#X?9cG@nD!+%NC>qxV5$)?|#j{LylN6;-Y;VCF z4X&g&H(gB`SBg3K#?!s?xP>tH^c0WQN==0iBep3P_sU{jqk?Cv{seGUgfM$3Q7Y~L zTg#9li&ysM9VgygEbk7vWMaW^4lffT;3WN@%@F^$=cbUeyJhn&hX>M&XC4Ax@PdM? z-dv;thmP!r!N}mIEFCqYQn-$i!yA5=HLu3Kl@x zr_|g<|8>PN2~uErj&8WU`y}8?iz^z@1c*LzJY3Qk@y?r~wDYbPGyKlI#8)rdAq`3` zm!|*Ah-(q?7T7Z?mRd5^43}Lu8C7f9<|E~-S!!a#y!%5J$IQY-gR*x~XbEmNfP=Q4 zjqCfU_8ymBRgueYefnine?;^b`>3y_*UiM?p>p4EmP?6-?nn!6rL|LsjoDsl?xDO$ zwt=#w31aw;AwgVu;zqe!Oww%`yq*YLB4s0yGx`HPY2$GSf+SR%de^h{eEDgQU4y!x z(cXklEqv*T9xq4m=NscM6DieY-NJV2JD^{n8QwJk-_t_^im4ymF!+Gr6k#zt1w6F< zXn0A#09j|LwOZNJy_h)3xMY01Aj?ZQxw+v>{{&y(sa@;0gQ{+k-=E?+Z|sIIr5<xxK`YFh{45jUf`Rg$;Vrt8x9Y-6I^P zs={80_ng3;!tViGa(qKMnS5imK?DenhOYaPPqESctVk$4Of{g=R?GBZTvM5da3X9` z0eNc=z4cF+D=zrTz=PcJtnbjpTRzJPHPcz~7o*(gh^~+TS%RH^nA`tAp!^?$3e(w{ zGtzO4XDd8H5A(E4eB1d80#;Ep^v0Us8|K~wi_%LtmDS_QLSl>@wKPiSQzKbmLMUMV zFM2JjIgHv>&~WIuToYtJaL91;-xl_w<#BXzK*C~@rRcP3g!gDflpdp-S7O`ZQ-%j% zF086($}cs_4*7#NGa6E>2o*g)=dbp5s_!e>idx6<&81^IH(r>G0I#6OiW6!Ih zLbfDDYD85Tix{c)Gi7U-OxCwlwMlQbGpI~5->*8q_%sk@8?^4#%l{#^{bf4KbZs+r z^po&D(eXEDBPU}!gg?qts-1Tu84bynTxQ3z4qFA=p1o`>x=~h3oUlduSx0_ybNt!$ zwV(g1=z6jR)N+RF{O=XM^Q=z*X;+tBed3f|0e*Yz-GG+TNLM6mpD{{XLi^oKWNL@2#_$XsHlB^`XnElusUV`y~n=F;UA~Q z^}uNiWSp1;4}??lir7}EusLY@=^1crdDTqz&B}t+qk;rwUD~1n%`i#J@4;rOLQFVF znECYl>bl^NGA(GzN7t^tnf0P4t39UFuH|DD2Gz1ZAwR8=jQ0Cy=bZxU;@cd!^m?7v z*q2>If9Gn7_T*qL^mA z(hONLSs^cDIB#~)X89Jb%*d|QIR(M`D|5twU3|``84Bj>v&T|iUr4PWY(idG-TJ)z1MN6RO*N!Jh5{uDLG*W8t8-cVUW zc+32ag8Pq@J$nH=MF=T)-SerKJbRpJcYf*2uqTBwn+=dg@U)bb#aKjkoe)9 zLJW*UU%Mq`?v_|*(C2fJYkwatQMOG;0<~1+JJZCbS7FcD_ClmJh54P6n}#3i>BW_r zEMAJ*`oCV#u_ZU;`so|jBx=#(-9oZ5=so1&v{Rzy`=iOvMruWnr+dHHI0S*kKX1pb zM5N#OSD6tsY^WT#!x9cUZ07ct)u7#_thFH5#gHD`&AJPhoC%Iib-C4P@F8!y;~_gR z17gx=0-Tffs+ez7{g9{Jq&{Y8BR>^BnGv3R!zqZevyA0--t?lrXD4FeIOm^YdsH@9lVacnP z0z!Xfq3yG-#h&CEaw@PM8}RDed4_;;X9pv6A{D=680R#(8Z|sQ%brXLWN){wX1}TI zbYX_YJWjn5uJ)li%x-M^PbbdBfkmD(>S zldY&3sYmt+zRU~e%A?Or`wpf@p9QdPy4VJINFcv==|gV6~mZ6@$o z5-ym?_Fe?!%TQV$S1KEPK7EQ%yN_60FQQAiME5W!GC5%Maz253?k4sD_r@RhgXbFv zaY69>p3Taf!7HyH;=QZj;W5p?KVP&b1Q1jJK3xGtNLKyZH7}dS6Q>RZga%;7x-Kte z-+Kv-X62OJu_RaN0iYS-Hm8z)$rUQ9#oW?4+3Q8_ofqfMWyX%^HxDm(gnfW$Y3XBM zER5AZ5S~5E8r2eno=%3`Kk3t(=n}BhS}BOHZL@CAFrP1d0SJW4EKz!IhEDPJQ)qA zOZWtX6i0&hCfvORaPFekxHv;{*pa2iwvzG0hhNd}Lk5qB1yPH84^Z9ckaio_@;kNc zE6^78rYFKVI53Sdork7=vfS5FqodAX=`;|;6>5XrYo~b=@!`e2$$w9V`APFn$cYb$ z+et>Dp+6fxkTny&^Yi-sdOK3q2CHUX`oIa*TJ`i&IPG%|@Ce=$ij4UZP3H%~y;ZJt z2upt;*T5~F(TA7*b)(N%nivCer=9R`(?-IzL#R^Y5%h)WPTHvvrKP$w&+GpfG=i(? ztQEZ402})%jL8h%fdX7 z8~UmA;%@O3Hu{Z$7jz#;FtAxJ;kx z2Unn)BS>B?j`6OlKMnpi4C;-kx?6X~|6#~?!#SeG_KTaVQSW8)JwdU_++%5`OU;!U zvI`m9L#L9;>raB#LF>jgUx;MQxyG>;toU-95y%NzO{NpBr%ckbP-QEc&@Y=g_|eAyy4Yx0v$GAT6VA6|0=HAwcF@1 z)$r-v14gw~g?!r$kzehbB(a=dGt-(K*>>lri$$e6M5N|DYY19^25-2DE62!6=f$*9 zl#-#!;6DTyg*bdNKXC889t-8==Ak(l{JBEb^Z88ks#@)PFsPh#;_KT|D{I4%!`&Ng zkpHeJTnn6n3;Hq=pyJc>8-HL-yp=oBm?VwdO&>Tag_gt|Ml}6n$#m4Gxya!)1?$K6 z$xwUp>jXSPL&W?psgCU9Z=1}G;3ati1Tx5=sO#);+_>*0Ztfz_4!LTHk4%xNy;K?x z{@8leW3J~}`dV~q2cRSG=cW`p6B!QqhZ!=H(9byyBXm?$wG;kR4=s^ws(IbV_IrM z95n>)UVSv@XUA`~6}%YgymkNjpD8De7YI&FNJ9b0ZDHN`DBO5cbMf6$)N#nqqQ7Q- z@BL49EF{fW%t_A=xj?AJ9V6IHC;1}k?Q6aR|dpa(%yp- z{r_SJ!4{@qr7Wr+(7Vzrj#nMe*sBfR=W!kMZHAvsa*qG|@EaNQfIAeS-NUxIskX^q z$lO125NKijtVzl1S$#^j+8Aiq*_D@Kv}<{YsBx9@8KtpK76 zqv05;gZJRrQK+5pMoZf3`Wq6lhI!43m@_A_3`0pQsFC`7L^IeB1H`;m7LQaDZry;{ znKmkarMO$60(8(6;_8CxzjC<3aPF5z$f_z4*zRAiBb=9FX`!QT23pm&bopq0pjN_J zMWD*xd8UphQ42G*Q<@OM&s5T0_4@wSN*X1O&_Z@8Vm1J3+Oa$Hxs3Rx7C? z4v-_$7J=d>8+=2k9hpM(vs;4Ym)pOsHz?e~STUDx7gO}V*B&CM=r_tc(5c9+P*m7X z=(nSs7W1qO9CkY{=!9wiS&0okfa?}4JzSa^t+X*2VbW8C+GcU6|D2NlYnte**A}+( z^T)6eAAS_?ufBeK=#?D+&Qka-A}d$`f=&lbV-~77{(v;^Jt*p=i&6wJu%e@J9M?Kg zD0QiQC3wzw!0>X!+{t~0uZ%DjS;%i7Mk(>eK!-rBSJaGJw$Z_r0v>0Dhvi)cS(SsW zQ|C3sYi~K;gd5sKb7(|&+JT>~s&H)59#0kb+?45*dSWFKE zJeZw6Z!Cf&hOW-SPp7gbJ)`++4<=q2&-7C1H3PLKpku^mzkYBvJ+e$3e6qYzdc|RD z4l)6{tnU+0l4Ch&SkhWAi>BK_w*tU@o445jJ?qTnJj2wU7I&s)scb6|8N2$HVgng;m z-S=_VZgh~iR?HPP3irHnS%c?gb|`8uzVFJ0>cwBdsI8X*hhvll!&4r+ri@fy3>(+N zH(Fg>EgBp2SXdY0IhrdQc2qKEExag17rW30h6S@#(;WeNP`T3Ie|UIBL$N{4)6#S} zgBQo9Fdud<4Mx}aCEqsffvW<7qX70>S8n;VA!WK)YjkwEwy)v46mpo=-09(>KZ8q= zWpjIpFekrXOKoN+dX@vf*)|$Vjtmm))08rG5J)GdVCIiGd0y*5^3}KEpy^@%s3E#c z!=0uTe8l=5B1=Q@)5$RA_k<4f8yT+RCA$hmSGqfefkV8Lz zrut{&Bd4g@3-~Glo1?jp(Kb4YCuHb!~)0p0Ka^jabIYTJ9!SiM7CT5<8{9SrxIAn!jr4B!Jh zsST+O?uQB>)PDY>8N$nI)B zKbQV8e#`L<&DeRb){=fSyIbQKjQ3VT5`))I(vl-?J8uyV1fdnL&fOS6?_2q3H{fFx zn*3=!m{e#e8hbGWR5$R8rQM@)>kUCH({ubka?GaSCE9gtP_tGYu*!F9`0HeLfK0CZ z&IjCK3;6i|BkZiB+UmM>PjD?(T-zeWp}0dSQoN;w;1r6x26tMDmQq|oixmj&p5h)H ziWm3bfk5Eq{qDWzp6^^6S$`ziBO@c(d#yd^T+jSHy5brZRBqR=AgkLkS$5!IURlnB zxNVYOCx3_~B&k27HYM%&r|>xF=WRnew-~LngnY%S?5&0{_`!2$=}%)1Bd`L3KAE!! zu$ZreJW#;bvIj~0N5};5#ge0kXKoL}3KiBJaZp8p-q~C(4)8G!p)3U(?Hg#EBp@1) z0sS5#0hhGCo~?Sb#MuEVDQv;pSULaI{pf&NeG$mEN(X!9xD)*)(Yfvo2sDO!54}Eid7`jfwKdqxN%5K@sK9(W9`zSY>|c?Z7j=Mcl8mPD5 zqHB@^2iI=;eSFjDh;>Ff4_ZC$$_Cx%`r0>fuh6C@+}`Kw$Tes2`I)7}2Qh?PcNdxj ziN3(fIYMdvLhjVQ6VwOf`mf5K77Cjk2#?PNf#pp~Le{WYp2NnpvY_mz1y2Ith2B~X zW~iCA6fPG3>VG_|-~e>t$;bVD=g5oU?~d-x?>e5=B<3O2N%QJx5 zEez^8$LrpCx(rWszdm;=x>j9xNsVVb|411tp#hqpr!`*}P)8&r` zvrmEh!#tDI&1gMz*>IqxcJqsVBgR}SUdFKMvmu^-tPv~rhZn^KCSQHGciTr9_Feg} z1NsJ>BwMzteP6jRVau{nZoFbzE%_~R!7!1;4OxZ{v}w7P=6)kxeq8E;Ncgbvl93_r zf<=ck!LG#rPCLcX5%gaIoBu9gfX=i1(+2;+bs8tvs0VuBAM&viQ=Hm@chYEnmv1g0 zRw?((&gWoLY^Fb#b~mB~ar^|d{nkPP8!PFRMDO# zmnLl=(t3~V-P+%hT%>ig6cU#pJ1q?zDZ%uXZ|b98z5$qYmHIt20`~xIVosp~T~Yv6 z#BvbmwQvaUK_m&LVROgBa%IT!GCjsy*w($;+T}Qu+50aJh6$b7Nsh%nhD{C5H)<`v z^ˉ|cb(y8(bEC5>Ilj`E`J3&rj9+glh9SgZA{Dm!X^oJ*OkNEHFp{bqL*W6K zF1AA)t+m?n?LCI9f&_V)eC~$qxgK2v%gbL{buEDPXMEnnw9*2o;inWG%L2A$71eiV z%gSLEAuv$QrQF32motUht)~x!zMw^0@G(|NZKmAv>Z-L|Vz!F@xQ{;(_MgBvs|>?S z{K+&LX8OUHP%Fl&E-LU0_w`05d&PBM4D18)Sx9Q@QfB~8_%bLmBH-*gVAB*(eQ}0m z^_yK)RYIPoX_E;mxxSBeSThbXd!8OJ$e#B7)8-B(rC+|}en?sn-OO_5vvb0Epbn;M*WI~*?&j5ctUy769w_AgoGQt2 zOy}scyId#WU21(-OcFtc8QD00)zdk#vu7G>pq7E5qQ`$XvRsUoxWLS@=D$q}oKDi% z%MsfoSzP;pmiPW5S@is|*`wzBXBAGbnrl`weP`m#Tg2aNW1&Ch^tMCikOsr4E_g%3 zoV#X=F6{m7s_?Nv?3l;i2r}qwAgJX+ba}Q|1BdoO&Qpnm1^;68DK&C|1j9VL;W+h5 zV&CQ}E-}`MKt}7#%oXi?aqz9*J7ai+YxC{S=AYz;p|T2ePr0Pkb{xTZxa30)VOW_9 ze=dpGcFV!}jiS!J2`S+eji=%a9qMmp?#zyYESy=)^06yzl6{Vz<3s)2|CMj?EbIXi z9G`Kv+E8fZRTCf%i8JrI$imi?IeS`5_1-eW%s_Lx%hjSHg#7QQJ7FD z;qzx0to8hQI^xb_yKNP>L*ku(oS7R7K)4Eg6hwFOxLzyd3IRSA{hEdr;^wBA0Svf- zfpYxupn2!U;|icD$rz?oS}zSY*%(E7_53#tYTzB(BMn`Y0Ch|q)u1WOKCQL>r{-K^vYN%%1 zoTW06lO0cO-CnekZB(;>dfM;Uhbb-MH8EbI^>jQqnSp%X5@)vZ2V-~LEG@qQJmky0{f<&I^-6WWc=em_5`QKVT$@ z)$+?pp7`$opM)=C@r7x)UUz)+F%a}u+>~_9I|QLsOHX5CG0Rq#N!475o6IB?T;V_! z0ou@dSKiMvx0@LG>{dz06f}-MVMtW1$mz#bzR>m~gK_hl*+xQ%+aSoRM*MkGZj6}T z(MSp7%$ci*T4^LO)V?js1DygDCzm(a#+vn>18rtz50H` ztp9Y`=*Ciebev_%)s_Kf;ybwW@|aojfrcl zIPn$V4b0Tdn__uXiNb5^(AEW<7pCZaytOGyw0M~*RGMvrV)Ol6tEKGNTXMV9hxbWI zf*{_du$}!NjLjM9<6RblDr^h@w*?)oey&dm=WdzS5Voi+2v$2m-ZyHpfo{i|%`NFa zM|snQv;lScx7sX(BRvD;shf|P5dFfoN-rbdL5}2Uma{k+G&)fEEL7voeq!N=V86%| zc;Y&{#h-zohJn*RahK*Fo!~8_V!dx?=UFJ+90KLh9_y+d%yzd)B;to1$RpP@zrm&* zkDGt=<42jc;Kd+><&5iCrX1>G?&4^_x=v1@vKF@rvvaNo>2t8#rJW%U!Pz2QP?NMud?ldZqOfyYB`5 zfAS6-)S7BN%TSlJv*L%x(Y4k$Vo9MmrbN{b2VLAbrLmXPU{g|K+K{Y)Qqg=g7HdtO zA`gDSn1?a1a=GKM%cch~c8ivh;7B?TR7Fbd_ZlkNln zPl|060~>(t!LFSs!cY^=HGoN*e4fKBhOjfHmqEh8UlPoTd)g)fib`^#*_k=BR*bJX zSUP-FELrERVcm(4T5W(#rxbG6WrBB_2Qi|MByGj+_Yddl`nFu*Prc=b);Fx=;v=`c znO=jyWH}07T#>7>9EE{w!=4ash2te*7;mZ{1IKc%`>9iIj*zY{9VSirR6ijQ<6|+Q zZWh-bzdD1yIz#qlYlsDmC=9CrvrQ|t*kVVw^~z50umTM#P^c@H!|}izQG5;}8+XB#h@VN@uaf zxPgaN;Im*~jG2mIQBl?WbD8~U+<>SDX>e^cCLQb=dJMygisHj6NRZqsIPL-(X^%hr z@zz6H&0?elSeD;Kgf{pWo!era8#Z9RSHe;Yqy8~eXmUsTFu@u6naJ9&w#K@*A4!3Y ztMXenwbM4+T?O6l!joc)Q6&Vp3Ri5zg_P&G6Jl0lc!lHwe+$qL6nDlgb`}W?+{z~5 z&<1!e;qXNCqDiNLeIob=9T#gyDPds~W{TIYx#GRS>;Mr? zgJZ<4g&;R%a1J&~6>p0gcgtbGH$(+A(0*iLm_B)Qg4gSIb-ljbe}oy9gv{Qs^_KgG_li_Zg zI33OoEh@2+kz90RoVzM~b^vI~&cG~3l_Lt~PpUIfN<0o0=we2@pXz+dQKPi$&WMjuV$+ z8w|%eyd?gpYyTy*>q*!_77inf2H4|ov}{O;e56t|+&|=g1YI3%TyDscS8zj3+Ydp1 z3uAiY*oyEJ2T~UXUkbl&o&;YHoBNn2EQLJQt#|(T=y^3JF00{2_&ZnugwAs7d6h>l zI~k}^Af)-$cuA4vG8ybORSW}~%2WO+WiYf~4R5x!!e}04(r`$f#n|Kk>;$l(9+dA_ z2Ukr>Hq5HYXfSAAJPw=_xp&MN9(_2IKeIgQZ-0?4C2_gQZx{sZ#;pEGy#0*?*pI4# zwp_I-gsg(X`hK_<661#{PFC08#0G8~*qM}j=NtrRVSr(7P&MNL{Y9u540x(9KGm0X zJA_v%gOv|8^X_C%JvgIg(X|;I@i1Htv!?FDNNHlN^~^1NuZjTh_(f#o`?%1}zo~4v zKZ^bEa}dNtsaU+6{U1 z=fZDUH^5A+2!g)GOfL?^Gr&$iC(QPIDbqRNiGz3NH+6%!-vo*umG!;7*=`yXLtsp_ z5uadJsc(;!U?ytNzHXUL`(u0%g0xBg5>JZUZ}HUu^0R_P+wXtMn;FheZA}RqxTZHx zt2}bwqg*aQ`q_%n|Ec=BvOAOCn7U;Af9ruO{-?zEW%9~u?rAE^FfSE49=D^oPQ>2* zjAJHs*2zmeQ)k9^HQD$e3VWEYX?H{)rDb5(^3l=|0*wIGUZqPN!u-JdjR=ET zP2{*q(2Pa1#1_vW4y!7ZWXy{S7#A)v<4*}$Yq)`>nXinJIm)>66b!!7uh=2o4CK|% z*p>)Qs0ZH}RuV$l)eOhNM|lJdu;!{9i0XccmrW;cyi9l02heg=d{1t?<9T=J=xCw- z0HWc4m$G-Ld-`4XZ$p!4hYZjBWk&<0njV7UTL-RR*jjzUu{lMR5#u8SFovr^rr^QNAiGFT6n* zmn(esanR1Gj3(%>oPV#=SB$)R)Al~ifxs#G&hKZp2SUHGgKEwo`{DdK^&#Z%mknI=9_lrjb7Y6t!REu}F0KRMte7>PYDCmVB5V{l0Ial#L-@_pF|o2@TXlNDwF{vVz+m_0O- z{Lryh6o~ER{mQFm80X-BwW?lM=tx0(%WkoPQN}AKT{(XF3;(R#V!gL1Fjx}0)x2}7 z&?~GXPg!;CM%{bM%c}T^5J*UJSot**K+*NbUB1;e@5xt>>%)E3_4&JY z0@upvhTps7@eFLnEcDS?Be8s~hTgB0&`VDx*YAH`k3nXbfKxq18WXAZH~l&ldBb;N zMArhtBB|( z-Q{^;%T^>Z-`Q<>2eK8_nS0m8QZv`$5uqiX-wUQIB*`{nMMU(H;AT7uCwg5_eV$~;1vc6 z_4LlHRFbT?%8*;jsxMY2t!{Tzoh(45>+XAlzfdY;q&73R=W*`H&cRgU zRGA@;5H($A{64so|{W#u}{C($Sl77V^qH?0KU;iwQ5|m8FWJQBq#rciVFcHO zj%O}E{z>hQ_yGReJE~hdrOnnzULPXL0^ThxF?(>Yka#-l$Ea3M7^(tTDyzHRaY1og z`w;117~o1h)hx0sJo}^b5i#{a67;pp>m7n757Qqy9Q_`qi^crB{$S1QXIMjWOloI2 z3Oe@u(Xop`SmZeR<-#HRddp&xSm%Av3arliOBcAp#uHTNJYD=;@A?~B3XN8Dw>oxU z3W-?O8yJ3Mv(z3xaT_++fY4;4uJfA`f}g;~64~=>{cyHO1g2q$0!K9(h!uq|R2!eJ*0K@JA0W;!Ex%QK zY^$(qFKC}ftV3>uuG*{9?MaZydd6+H|X1H^7cjD>9_2{ea%%@9FL%LDAw&hb?D$$<4Jzg z;{AHZtq)j>3Ba{>|23PA*D1HnzZ+#g)y{P;48DF<{Ww_4ttlaS#rGM~jF~k!N(%ZM ze+X53I@U!k-MIXmVBcxC_nRrlDD?y=Z3<;P1L!l%LY9{eI7fI-iVPehSDH z9uc%ce2)G6y-8p@*Uf(niF!Ada&I`cwc-=o4$mWpYx& zY8*7~Gd-iq&=~rZa1XaV6Q!9swZ8XwbW&*<cY!i3KZ?7`|9u?YtJb7c9S9RV@I?~5reKA{Wf`l_M52W(Tew9p;t4P+u zwzcLjdJxl0C*9>i)trWF*uk9e|43zlfPb-|Gw)>(<4P~gCubI1;cn!O+v5LbdGSBH zJmTC5+B^!a;|z9=^umzcjp%A1#5IXc1L6w))Q~Dd(Ds_3?Jdp9$DiWSvst$ATgU~w z^;E4mnR&nx+evDYLKJ!B^m&qA(D>e${)Y)I;mdc+1e|xJi$04?EuLeozna2v^?X*m z5ib2X@~e2SUerSwSJ>KPU!m?_!vyNCK13Z7`8QRb?Gx4FHWsC^x|v{s`_>Jf_LO0YsN%A5c5^& z5+>VuuJd06W`d&Ntj8Fkwbo5pe&X>lom5?D1_S0X#!FV;BH$e}bM$!@a3+_kY~>P@ z6Oi@Hl1t+CBn#Lp#z16O7z!P;?XvkM)_~bA=(lP6k}L{oz{7g-VjIA5jD0ZZXj4ek^cs z#(CgeH2bDcQW-{DGR_)aoGcm8_npFR2EcTufJMG(JG0mFv>4Dd_WnLtVLl%1Q`Bh3 zyNWJQN!xzJO299}j;x9cG_cqkzu1|0K!hv@0`6?tDzlQeyX`Ama_A%_SN*>9a29vs zPM6cE6~*(W3p{Gdl@BcgimTvmmbmbKYOctU(@l*%{160Ge^`CM0vV>8efJ4l9lP;P z?B#WHXp;t|-6KLoKUUdgl%;r zuXO-vedX6Cs#w}kN_>(@%;7x#XyYv?6JH}N&E^oxaA?~ov(U2MNKTxA2*a|9rpiOC z`r;qit20is0{jg@=&1R}o38U9{{9fqnX6~fzRL2SokxS8k_m=$$M zZn!Er2f_IE@2ISM5ZQc4ln>wTpl6O_ z?vO{0yq9V!GuwW0+0Nclr!AI{Ze=(PXBNOZ6DoEqyg&VpsMuX@FPReh!}!AeBkES+ zOd2!6Ie|Rki;LO!+Omgl)v|hL4L=GK@{K-&hRRNXmtn_KRH;x1!a2chR6Unjl4mKX zs%bwHMtF|ZE{69t|H5lGhkFV%G;e?8^uLKn?I?T?)GV^^+{)gamFpc$nCQuWMWrvJ zHR&xxwGyDo*PPx&HWMjPN~o}dnV)Gaz0`%kCAB$(OaQF^_rjm)CK|^K_fMQYsk8zY z1qZHnXIzd76b<8SC)6nzj!d!bUW1t5q7O%S2m|l~N>*q5&ylYtNca7)KFvoN90UYi@ z&>cqlqH8Prj+4*wXSv67of&1hL09J19q#;9H^1Y0XG;7I578dvf|=Y^_Mct|3~sO( ziiGege27tKrPG7aj2gH*`s+cJABf-Qb$exWGQUQ#5VVN|wDY9uFEJ2#axfW`fUuqL z&#}3OZu_9<-B@yWC}nB_qzYTX3duWdzDg?X5a{x$F}85e6YzsWS-3#ho0G(=m5n+y zbZN5sWSL#xv>#`Qa7~Ba^rIIDW2hEu`vA11x!^ChNnE`Yz^0&OAwZZXxE{-(SQ<^ga!+ zOJHOn94Fh>mR6LuI++cYOv6Jxj50{rJFQHRo-N~sD4HKt&6C8JafCT1aq?>b`VSQ+?oNsdt%uAm{j_ zIg9$8p$kIZ+rvs$W3coNFj(oueW+ECA*=Jc`)e7!u@;=hrq-hrjgqyjyTmxC`{lY( z+8A=hq5vnK$h2Amgn#Gak|=^JlPfLSN6b_e)E$|` z!^-~^DEod+;)f@wH{3Y=#rQ2aDRz!dkJSDkJ(JHR6Mi7yfGabnGHxme)BG;dh;!|E z#6Lp&-1Xj{7pdQ0e|AjDCX!klGh(Zmdr`LEWAZ2a?ZHoyWL(A-hM+f`ztKL_AIlS6 zbOMlvS;P5ft82S5Icri6VIx^D%Nv`WI=%}y!?R!FUEW6A$X>nLwC#>-SWUef?XCTo zi=BSi=nLP>LtRXm&zN?)@BOSMq)1LaJ&;6^rLFjKj7#4%&C+0+ZphKA*~AOTGF8Ib zV?wONc$vJ$6_;1fB>i4NWnq9J18wwEc?fc_32FzwOQa2>qpWA_wnm0IoZ3VJ-1cP?lrv8~{a2a{GyMi9<2(_4dmOaz zn>&nS*L3gCCf9$R!ZyrrCT_ck3^ABMZ5>hdcfbZ#tBFcB`YPQY!SIXT*x=UO>V1j0Owmr020)8#)AP>d z6R%CY%2x!)&%rw{r|O@6x-w6O+NEH$3xB@mWu(HON_4^}s@t?7&Cfe-{l?srwYQw`Lvn^Sbj4 z9|8-sd+9}P=5~hMVZw@ZIJ8FJVd1jFvlQa1Opy<^a2eKzN)cDU|jAeeeouo)nzGugfH`>!kqTTdhF(yAir`8!1=z>}rB2#=c* zO5Sf6d2PQaT^viW-0_!GzATGLxM$Rns$O$#+&eDqa2*hUhy#4*4r?|4PLpf`{H- zKcY+wv~MiQKi8 zN_Rg^DE5Dh(qx63T?_ARUGS7jq{F<(EPsfs{unPy&j;U&a>R$OxBzVKdv}|)@Q^{e zCJPIzdR%S%JFBrZykiD;*QQss>+XDm7|}{7HYh7GmRB9gf;NhPYBCOc^?j{btf7H8_1lHc4IOM3o5ZtV#r|&77#(V@i^gzJt`nydnjA z-&OwYeS3`COK6OD_YafQ!Jn^~pWDX%>IMnj-pK5+x}C^s56qEW5N=HFd=2Oj&_Z%c zY~R1Xkj2@V-^n;#4CUD~+tQNtxFM6V8HhQfYKB9&Mc&+{Q0=YzXWl2ac}O;Krpbe! z>0C|uZKYiCbb#h}x?LZ4#LjcdQGdCi?{5w+(8(1T8ujD~*Q5d*v_Gop*<_wn`&m8t z3<4`#Pp_+{2v%`1W0^2Y!Cq1nNcN4MS%2PKyR7@1i%ao~mi;z-!o=oy&_vRp$TzaC z(t~F9v!^86BOL3|oj>1HT|A=@n-VuB+R`jL2U-3^twSI5a(Oh%+&TqerDNx)I4T!v z>9UyQskMbq6*OkUyr*p8WUb9uH&!18sd>&WT7M3`Jh_LIEj+D38+|aXs2VZfmI!d$ zf%Y=TJV_o!1>pwi9LqN)NT^$YzpjQ{Nv2IbKkW47)Zke`1h!W#Qx^?hlGLNJY1}Qo z4J)ri1rhc~-RKo(v&=Ptb++U(R{b)fo|4TdVsm#2rzD2G^Q~~}JQGb|`j2boKb|CA&*Reb*xOqjI z8H_uDD8~uoh_pX1SX(Xge?iPs@f6bAGfh=I;sFIi5e?a(Uo6<)B)E8}aZ&D8*Jfc& z#4$5ppseO^hJmsn@4OZtI43?pi>>|4sfi3K;?F_pEbUUmOq&kqBoQwMkD>(4f?lRH zFu%lWzF$y0{zy|C*4?=IGa*!Zs=;y~)Vkr2{>iWeCY)pT_lXA9_dUo%y224BG}PsT zd>1k+1<#Mj(Xbeq6ce)rl8W_+x-4%4Zv=lohpR_)Kv=6mrezZ5GtFKllkM5V?l+_3 zMwGx7^`-JVnJ-H6{nU;v>_*}#*EcIMPCPZ&u6wiQ0s|mab9fdZjOv)O@PzjCSL0IC z+fSuK(c=+KdcHb;gFpD!Y3xrcb*3$p3iP+6`*Z!>^!K@C0%>Lw6>3kuqP}_M)M;EZyfAd+;(0Ox6V-X-S1DsZ_dY5cca9Lj z!(z};H1KfbN{A>^EA}vAq~tEXG3!sMeD58iUMIM$zEv8ivn9gA@}T2S#VPh!pdT^& zzZQr8IMMrr|2olZ*3D)0Y8uuzi-;=MS8tMMg>3I4-YmJd0%v`t4cATR4(RLDnm5!v zMl(IqoLY|?0jM)cBuU1|3E@2QwIvVgRSwe}`Y;B%QH@9OV~dP* z8Y>xO!`p4-OpVg~MPsJqp2bUajy{pMRF zQ*~#BS{wS|=ApagC|5y;?eS1mqM>KHr~h7i0S*0>`|8WE*ifcEwWFEGK{4Pg7@0ixis|!(dL&MuCcEoKRWIsJF&1dHpgZkO!AB@QtS9;(xj`^)Ji#8gWkTI6tb}psk{_(DtjCiD#-sO^}k5a=%G}hZ1pY z+MbUmxnc?yvPvc|1*Y<(u;QKBf$JWmj%lc?MFFxerF=vLEZNDOULjTRwqnZ`4apl5HHAH%@298OBT|$eKn6Rs9R0{N_sO{CQv*@pX_(EivCYB zLX*0W1K>(+EE0{ikD)6E3;nFDl+d>MG^HdN+nFTUt%t+6N zM(eHr`_$75@(Tg{uBaeP6E#XlqxErvlP9t=z;WAm$EwkZG+66ZTfVgy&%C#uxa2Xr z6|4qVo~#(G9*k*u#&>}9Qp2P+?pp-i_?xc;WcGq6=QXi+=XOc=tp0!m!&=lsJ5nE> zct{ImpXeGK9QtR35~Tmyi^rma5l zVIGZ=-uu%QDCwT;qsCP^f~G%P63#?C>&rfid?f25xw6t*)fT_Q*|xplE3%)6>At;U znJglXR@zJijP#^m)^ZE{)z0jTXJ=%ToBe%x8TNN&5Un^bFCow?rgbnrrits$$~mL z&LHh$N)FBRuRUfQQ5MQ=qhgB%O`f7ZzIg3{(tTgjN8pia-(JXG(Bw#YtNW3W{)h~Y zERXo->`dEWYC=AIV={jD^lMaS(t4E^Q}bdd`R$Dh=)X)j^vn4>Y?+@e8R^2~dY>qI z^*eAitgGjL{VBDZ{PiJ@u~p`ZZb_u#`V8Qq;~Q|dRU!T?CO~!ACf+i|Me?j^V;$}G z{DsBTHJ2|?(qDwHX zzCMHXO`C(3h;xj05dICWRn?DBYvE=XfYUvYHy{ZxA~D)~3{|Xun$c z4r^F+$>K;KPyD)_16s-8jm@xlxvDH5p6&!_YG@QpTgBcN2)mFEMFM5m*Mxd4fhcF9 z%ku5IpkNw_f18B=nvj7q|16%u2(~fq#HV~0i@Le^><=7@1T(4iAqMKd92Ocr+^ruf zPN?a}mCcGIvIN%$X+G?wr?=KE$ud4joL8P7Hm)X|3v@`Ri>Tcv-og_P*mX^jW#-Cy zrrkqBKkg|kLUG7xi8}6nzoq)U^@+hHx_zs|_cN1^+Ho$LKk|odzl{~q_e>=&T2Dt- zl%OHHZ_&BYl$b$`x9ZsH>o@OkcspW+jWEY!i0k#HqR4#@r(9BGMpivP|GE%$;8JX> zc-P6_?&K(zaPqAmfitpeCA{B1bLc;|U$#p5akrdIBz4s2vcPH<;H?~ph;84fd*udf>O0}`1}FFj%Lg&sk}QYq2z z4>(PAKj2aRQo{CN3C9B<(dyz=uPLqSe&&FlF==>q&(fS(03TDW_Q|g|`RnKgMU7m5 zOY>H$S1!TR=q6+P49v-<%UNSRdAB$Y;jK^*riqegd|mTr&nVOYuU3Pdz}&&blSdpD zm>jxU1mnfq!81Wd&cWaKZ~Msd;%STkt|PJuR+#@B|Iee!o&bokQYS<7cFHJ*zOpaM zv-_t?wO0x+dDm=`j1$}~-cI!Gk5X?92j9b%Pxh|&|C+8Z z8jNV{S^p&_D&=E)#WyKGEv|NlLYRVj0X1ibh(duvz)j46{f7Ky7RI{3)3L=&5d~;? z+NB6x^zV9MXTn%1$c3E&BiL*5_11B`w?KtK^}7slS2GF^_rFrk3w6*Sk)MzD+~g6g z$6r+%9DZBELN)h%0Oto!A;x0?iXB}_`{f6~br}QZzri}Gn081@&SHI8K zDO-;zD2oNYM2z{ej!FC3WxG|G%(}>Pn$dA32ja};ndB4DNIN=DQJ0?2&zUE#n!78v zTxH}Z#LQCE(R?A$?|a0dJ4awKGb|k!B@hYKQ&;1A_6Do6ZQh+dcRs@^cHaz*OMhLKMNUOl>Hpo2cxM8tTmQ#7bNTBYIdTC~^-O=k*Me4}M4Tc4Si-GYA zf`SpyVOA1--;KU_jfij2%}vRDlcYkp)oI?+?w2v45toEmY4Eml?Hb}f_4ELs4(*4} z7j9cEe&HWiL^XceBNBwxOCDZr*f?7q_?&Otvy-ES**r8%UTPcZsTj68a$L)FTZlbP2pwFIb(+J_QRq-b6fSSP5>io}$Qmc8nJ53-R5OjUthT%g4Wr@>AlJPXd=l#X zH&mnJ6At0+Kjl<_b; z$`@NQ;UxNe*pnQOcFN>MqB-Ij`mRqsHx50=Vqt;XWbH(J>(NR+2|VxsA^lX*N9D5& zwYfoTR9nL|olFMiA`;9u%M~72?GpU=!#&TB-!hKU*Df@yJR=zrn_lDnkPS&kEPBuR zzIXgtLAh8_^D&!$qAeddnxbs=WYH@EorN+zfrj#dmx{+{Yk|N0R+8C`NEsA;*Pvm8 zr8ILV(XFl>H#QWWr;nk{)mHr+h_PZvS!X0w8p2CF<~iU6#bjqqj!`H`np9pQotdTLaL9O`{D0SCy3@kXixbLPIcv#1xBIIZ4wn6?3)d%8@-ACoUvYugrd z&e;N7T zlXGv6WF+%~$nDTul^f{xC$Rg)gld0+^l>`xnax;shKZ{1z=;3vcK=KDy{C_B6OHGJ zbN#umRzn`}foQgSh?MuepEmw9@<=%c?MoO|pJ!GTfRts<(C7>Y%b>IE}|D z6|rX#Ue2VNEozrHKQGGz?tW_8$raDoIbWxw^2f0kEWsaV8Pz@tI5kA9cI$1-~^F|JmCBcE^ zqVqeT^wyW%TI<-R^E7bW?Wazrkmi67#Psv>WAX=(3;VLL8^xMy*>fUuwLPkP`%-}7 ztSw*4n!y9^IN|GQSP(Y;5`QPUxz;}PYY;XaWXHeCrS26&LbX%32O`5Z_w`Zar6jrc zKM`l0J||Y(pZ!W5u$)8jB73adF$)@{PT@u7?sn=AlSLHpJrzbI!FDI|r%?EXGkh^8 z1$4NkwMD%2;`ZDJ^)>0Y+BZgp%E~pF0xqGc$R=g`GVS3HW^LO zgKD*PVs3Sfmo>yJU$l3|Rc!ntACh*(cYhYRV>6mfE|2`HJkbhb$th1i`6*RC#W|NK zRbx&IRFWZ(lrq1$l|p3QFmrgm<8HC+?PktS%J1!nyj_Zs<1RPOMGy`3 z3#%@%l;0atJak6Od8%9%y5FsvN`$#2@MOdc~GxUOV?f_B?b1g&IcPgadB=u ztXAG zz1mT~otn8wK5NUj^qudomlbk&(vn-CpGoHqRMs*|D&mdyZuWwJ2BqaPUw@U^jbk|8 zoPnZSw%b!Zk~=k%9XzrkiQxFmq55`~M%FG%S&K}!k2p>g@gHA3x#$=r!{ZW|q}1(N#a)`wofswAmouxYoS6>GYaH?H z?_ReN#vfJ8tO;Z75}yc;8zSgCeJLzF`*k+iw!1?Me zrPk*%Ds3Ogl1Kp)pT#2Ax>$uHAi_2yYN`IlF3r{!d~x_P>JhL4CB|87l`2KH_4M0} z5vT&cpG$&5ZW~Lq22AeU>rmS1Vcr(}!5(^t>@+RDRO^3l7?0jd3R5T0;}bb)Q8&isU8#L1kGssInU_GG=iF%^A3mP7 z3hxTWcIQAm!|NF|p1 zAv(fBvs3Zmx6n?qTZvr6ZB{91VP#LR=;VWshiXgBF?DG@*K8s4`9m3CnhsNB;aQ*y1ga3;@H&5zN2E*k~SDWQ45%SmG&QCcC zUf-;#8s4BHhd<^TzVA#Li1k0sB0QCwQQaXc%{pL2eB;=P^49(=rKfYuE-zQ0L)WBo zf3ikbrF>@tmRM5lC{XSYw1Y^Lw7-)H!0x;|Y)t!{kmT=r@3WIrq7{4@NoiT#k-Vt! zj#G9hZAb;V0JB~*6fp>3bzQ)kb9kF~FKxe0bqR)SQC|lE8t<~_cO*S?Y_sQRVBW0E z5T4H@Ih-CaTkCj{4^ zfeFFgCBcF_1P=j%`{3?wLvS*<4n8>FWcRmwckkXmzN%EJYnXbc`|Wf3*mItK*}r${ z3A{Oc#$DjUAMtc+reallf4HA_yJ6uq`{1O0`|ggCkV1~#Ti+P1N1nzdHI8oJkD66e zM&Gyj7{?!uqkU!sl$r;9iJ*x6!iQqJLC)8dgD4{~T*3a~xfcHaa$OJ!ib#J&_0!JJ z*^S~*L#Vxu{TicvMWcmIcR;d40`AMM-cBillB1i!s@3sv2p2a8vnNYCDBMmE$kj6Y zI=#O8=RgC({)kz!R5li+M_p%}ZbQtva=Kt|CH|uBHLBovLuanQC_6N)nTdx}Q&p;o zPo`8kR+VVOrlsL{7P>Iv&d_^`Y@v^^%JwSDSAu>$k{j}RB+u>#3yAx-)voi{u)OP~sMcSd_?r-x z6)h6iyP>rQAH5YvY-v+xFq9s0a>#U?i~jySIp=`_D0F>^nP%!_jAqGnGjd{>{|4_S zQOs1CIuSbPJKneTn9HKmtAdqtCa$PUw ziDc~2Xsa^s`|6z*BD)Hby5A7J@eP8Z_n62Cs!;6}-_YxFstXUjX}`3^{3`0X1X6Fv zSPG{1+1ifIY1SXN2=t&R5$V3TUA@ufOP~>H>Ovy=fNnhB<$vIC40o~Wz(DFAz_dn<9n>f{*E$HwNS%Qwb1#$1a0cUF=HMRauxV2VkzVXFt<4jZf*$H69W(o9-Se{G$Zm z*U}|1lgPNM4D8Wn0XDQKQlpCBseS#J#4qE(A#1&vvN(fKHkZjn5sPaQ#!u6MBzOwS z^w&^gr$Hb%Mwg-vbQJ-9Oi4`q3ZSRI5KUjDF?YpT(F|%?wT;mD)`Yc+{T`C? z(Ic(LP#oAo;B!Ax(F3-%KF*WCycnZ>h@NYflZ=%&UBIymn0O6!5^SwdRv+-S<9{;< z@WVp(5cIH4HI2U=$I-`H!Al0NQ4SajzBBRB;pL755cj;jCXhJTmRf1CKAY{wAMgC{ zU{pD03lHu(s*H#D$5v^R@Vx^*-HVEOyq$z;sy?xJJAm-E`x8itjo6OAhb&m+rJ?sY zU9r7o75vsnvq`6?rZ(Au>Zmo~J*ugZM~_13mWcKDu6dEOZ^)Sq$T8kfVJ-YvU+N>l zk^z|pBn4`f-lEs`Q!p2%#Ry6kp2G5#pL~6Sh8?m0=w`>6loni*tUKlA)J5?ZDY4A2X%UOUihX+Qp;Wo_p9T ztKgNWO^y%1Wp9b`ljQxIh-}Y^aki9>c}>W+1ibHW$#Xr*@i;e>3GrMt+#~Xhzu{Z@ z2P)Sk$4RB25psN9>Z@^oq_@~r-@~-gu(k zN~SFj=|Hmpt?dhmUFgJa$EcL{CHjoa$CcS4{vlrYUIT6-r0DeK;?KK+DnD->Ix+` z-Z2DIR+{nGhfMR_{5CsM&^RTI$E?7AvJhN>nUy#+XAvH@w_nJ@#4k=HW{@f6WV7 z)}%mdKmg|9rewoPQ(Nm&S<`5WP1UE~aq%pC7zUh2U7)$B7!fAiGQW~-)N4Y*BT}RH zflldgy=A~u4Qn*ahni+Olut+F{?MC3I>G3SFh7#+7&TT3i!ACDOU7{|FNl zH~tM<+MtC)B)!0-1pcPu_u@~OI-q#F`R`a`=K9SWsp0+;7lL*8>(2X=XU#IRz zM5Cq6RO%P$=WNy@KPCT>{{1}_OwAg&NA~kdmsLxXXFGe1kTtoVXxV#6}Ell0Zzeo{zW9B%WGV!61q~IXQ_kjIHncX=9L!{RZcnGQTCMxly$mwT z7W4XQN^9xOl^@|zyQm7aohniz`?cqL)jevCilvx|&<*#q?t(W*Ml_PQI2nDY&=LYYUVOKZq?c^pBw+B~S^2Cg9E2EIVO*2kp zGXFgFENk^Ekpn$p{NX^pyW-aU)G;}vKjFMl{X?|lZREvDL)+uM(E3Kgx+olzJt^Jw ztn~*WzT=qK#f*?LY@Iwwz!k-Tl>@pkQ!D$;C8RtFpXrLNaod7tYv>%Ky4VTPoV z7&iZmSE&*wwbKyO@OA~Ib8)~eFGriu4Z!8TpVIy7%>hds1lLINF;r4nW+(UdC`0a` zpYe4WUa%d*(c8{N-EkVp)eA}gb1a_6{yM5-Y<;A4Vu+l_ONf=fo~+sZomTjlP#p5) zA&09tg+6HS&meexLh^nM%`qTkE4xHlO)-Z(4&kOg#9}X`m&@$t1ajx^#Q&5$>v8*{ z^fErDYVP5-9|tbYsf>;vx2NQjlg$}Fec?ond1a_J{+i8HrSXv#?`D`ei{!EK?$k+e zNiotb=AHMLdmBLlLr22VTQAj=`v=&`NP=1)=C}m;_TIv?Bxg+V$a=^f3dWVU(p{_J zcyrAVNamvXT&G=;>V@hX(OpgrZ~Iwqoba3W6jzUMCIZ~C$(pu}AWR5q_^mtqTBO?7 zX?X5lN;$?1foE!FPT^VnM_;Qxlw$;*9@dOYoJ99{EfC*^)uY!aQ@x$X5R0MNp(BEF z1fG$$DuihS&u-zBTxA9sTvyp{xAvOtOyuq^OEGNSOHH(Dme;_DD(vd#t?tFcjNrKq z!!JeFpU{>4!r%=cC?dwcy=qvHk#C=@ECR4)OA5b~aCAMG^qou9Ut%k7KK<@)xu`LQ zv9-6kWY@54Zjh86dqZVc_+31D78#X^^muD3%W0@qTVjIXp#4XfDjbp@nyYL z>Z?40RXh`c(~dJJqNkuP(B6H=Q|mYp}44 z#h#-ja6PA{W>Urtbq8)|x~oFL`7sjd5KZg7y}uWU{um#h5L~UswZ*h6*R>(vt!JXK z6=TsI_k|?s-?BElETvw-%S(0P2vB5b-#09*uW=ktR4f;)-frEW>T2Kkar?Bw@dm+# zScW{6<22vUNP&=qg>y@Y@L4(i)%!g^hNSvDdlqF;XvM1S)GMM}5OZb)$@WYC24acn-wg6&8@c75|()EnTXsy*B2ABU(qJg#!=F$*?#;Hq(!&Fjh~BZGm*(} zU#Rru9ztr}6KmuiwF){YL$J zs`rN;a5O$->s7#2B%38pQo$}4MoVFFi*9RuTu!BoOy{b7(~AfCeYw3bUGCRri_gPd zn5mqVePp!5ee3$X)G%;xSp1R7BOS9dWyf%GiFED+i$`P`t?rHJ_SG1ZS7;I4!q_q% z>H2h6jlYRJYRMp*?Q`RExh0~%`k|j}r<8aU1&Ly{UNSx_t-P}oeu_jVO4L-UDJF%q zNQxg&5hs7t4O=E2on5KyXw}Huy1PC9N%DXp%`laLudb#07lyJ={Ta_+r}rH>Ay zCA@Z<74Np(y^BZg12VQ``P}RRK#c81jGr1bn$#p8JiJud>sA5Dr42=t2j76rN(>Km zL$~>7<1rZ)vzYBb1`?CUl=dD{{M)J{Kc(bV|G18}I^=QkH{fghi}6^lsMHt)WyOUW>nbxIW$*}khi=%E-*+!?qP;WficN@-gmSsmk_<&N93->upx1^I|HC&a zQ!=@lh10bBgCM7`jb)h{_XBHEnlr;1b_bv3~> z`g|ObahP8b#wiHtnMXdOmJEHoWmHNjfJCJbiuhtDh{Tqt&3S_=vd-Rw@1pybVrT8g z-&VQgKfWhILeCAW0QF`I*y(!_)w(Xc03Y~dPbTA;;W-K`+{$`vUUTCGp4ks+c0}J$ zNxN89_mGIgF89n|WnbO`E>ynqtCn|MM|UNlBrxDQc~(?HHg5yXSE!lJD}AqihE9iI zOnL4V7uJ4JY=2|Sq$zefK)>6%ptEYQ_`L#N==Ro3_vv?l=AJrqZv56`yTUqU1wp;u zhIWr4&8Pjldf&nfuUbLFw}Xu~sEsA=oW~`*kRJ)|I!Q#_mKi(N=!0dkh6fvk~mVIzOPkB(?Zjabapc>i;3*dx)6-iYsci;Du=Ra^92z{|B~C z`CN_s->N)YX*CQIvKLrzuzlUfW?ffu5{9)Gy{`BafF?XHAJ!fRs4m z@!T5X_qRC#BzLtT-E+oXFD{c}BkPXko8)`Qi_4h?(WD>`lQ zmsLLUpMLCs>Pydl*Ygg0K) zP%zhrmFT{Tm$0NaGITXpxzogGY*s}0z=&ss))?BSw||J=^a#fZ_C)Fyd{^aVSXm$P zik2IBl4OF-srXLprDvw&iYEX)i?ef+xLWaHx57Vj%2U0(qn+^tI|VHIy!DXb@(U|1 z+3#DP4z?9U zJ}NZYd7EG=0&~32l{o+D6GI?9)}lGLe~=zp@*PgGx=S1$6liZ7loL2E453}u;=2pvgg?AkmlB&uE^Pn zT21loT~A&|voieBq3`YKC7T=aG_56GsI{UCZ0!cA77i2AXa#PcDw{)@&?l|ZMn3H* znIa(*ki8>r!Kqb|(`AyH7_ZrEfY$6muf^ZIejU&D5ikAPG%m70ERVgt!Dc^mgD?m{ z*lhb6kAPliTvUd%F%*E0+_TZo_agMHls~GMQ+r?|(!gyf0--gVsqZh`=0VMoP!^%)GwH7&Mcy&Dk;D=@Js@>)Aul2ww{lJllD1iKN0vvAIxbT1b=LEW_pV1(v{SDot_Jra&PGb#Y>`Rj}6Ymr-Vw?Vx zyHNN&OeZ0w600*_HKo^SXN(;8Ou02|vZP-Msh%*(m> zDMhgt`W#?7%pFAE#UevwW{Z9NGfNd8=YjF9S-PCr9vV~+|2JKK(8s-g_a~NgWr@+3 z7#rh_p7^wi3}e1Z$-^m1YahkA`v&o&R}DcreZR$X>F4zrcYk68>K*wjnh6JbaOJGb zaAs=i4dUbyVp_5l_DA;DIE{bKdC7K4M}w_N436ANb0Crqnb3kf1yUvmY>t+~5-h3q zVG=aN-?QTgIn4akFc=doP*h*Zl-7f`8EL={{#&EYxuwuoY%EyEL3VE!O|wtS)u{oQ zxL!7lqQi<}b18hLuL+)fdBJR#;kzeGIloQ0NoMxOHbF#zqawX(V@DL-s_>$G8GFnqZ(sj}p`NV2wlT6u@oJ-f^2Xed+1*P$ zY4=3_7Z;2H6$allYADL%4ePvehJk5{~(*bx5HdCXB=}X=ETgqlRM)YG6Wl$tAMjyM^ zuM&i4kLXzd6Uhk&4bxfH#_FaRVvq4DgT%fqFYS{^^PxV`&?{x5YD=E&#?XfhCzVNe z9GD(LxxwLl9rr)e&_%7t52D|7z4z746~{X8p7ecuV#oi@fg=oK1{VoS_oUqCM@I(< zlqA>~t5SFd2MLRbM`}Dhb~ORL2VsM>I@R2i4@1G082ci$L*Y>2H$W1m)TZxX{o-NH z1(thU?=08T_*LQ>MtnkkHe#REFFY@Z*o~WvK}H%ZI!$C^%o|$@tDlyt8%j^hlbX%g zVK*TXdwLw5mc5kMQ@(?N$NY?fxPo_)ZyG<~ z+f_6@+<;`XJM5K&Ebr%jA^d)*f-AgPapV=j<%#D>#KvJq)jhV~eA(PRdDoKI5x0w= zJ>M@#8o3_w+2A){cfA+Y`$9`)!l=G|)BX5hn$ zPa@}YB3ob|*YUJg9UmIqaU>)vc`UAcSbn*$KsQF$hCdJ^LcjMGAYgED|8a@$QHG;% zJXxL_>3G-))||BB+tWpCi2;)@%eak}<3jpS?${88!Uc8~9Qb%CQ2mMC2&}-Qp4ADt z3}CY_e6>dM94NT-T=O#D!ct6j-1dARu2>?h_(hTOfd-S@rsg?CjO4|P%lP(1ODe^2 z05Z8{t#J-@g)6^%q9w~wrXxXX0~o}fgy7teB^X%yGxUPPE`UEeE>WTF^tY6R)D`WZ zVf)R?+mLQ-B^l8?-g_GD_0U&XO-kS`(CUh!%m}dB)=y=htQ(&@y&eQItA1ve^9?1- z`Ga|46fD&F+MTaoj8#qcL^%$n5i>$hpOx%ou# z(3~>vVUUUJv5l)@6I`pYz%>4wM$%>9L*QN^uH}3oC68y=Wz;KW(MWe@Cy!%@Z(~^Huhqrn2}Zj;E}1zRH{# zgQ=o-e%puMZPgB^ai~Q;c>mr);{u?EEJ>4FqeS63!@bX3ek|S&zqEkAL*hA;%9q%H z3WLbcIvfM0){$$G{G1%=)UiTd`91nz>m`l6b-aEma+7JVnn-@r$HigJm_mk`H6l-( z@L*!aHKQ`=OKZmC`z_-3S2hm@`(LR1;pk2-t4D7qdY^E^RzKt5+Y&z0M|-{0cx*Ge z53%F17hJ$#2qbMkEL|6rJOqiHP)P1=f7n&aFGTLnWE5(9!HuA#58fQ@S{TNUEBOuU zm~--0NJ|@-ExcF6fc2;ZF7rL>v}|HADf9+uC7d~%!X0Qg1dmg|dSHjJ9UokKC?0uN1sr^H%AZmA^o@DUea7#6Xf5o>t>wp;%#Vn27wL_I6OHgUTl6{Syu`;v3)w4>d zRaNH90wZehqFe~~Dr;y}3*@-aUWIy)M@jw-eq?o$Zd~&0d#cmf} z{hA5+IWnURQF7`PuU2`TBloaZF{p_0g`;03lOz{L*sZQ;l1J&2&y{_!CtW1F^kFB< zfrRuQ>>5J@E*KpLGkD&YuO3!TPmDix}Ek z9b(FsCq9Gki$Hc*f&?8qOze9&3&_%H^ye1=13xu9kJW(~zf6hGrRL~S|h-9vu^S&j&R zph&I*s>evkfQB3?h9hna!hhBt{_Cjf;F|6a%E_}pt3A}Gxq&Ex?{84Fb97Bhr4q_ zcko%^p;#_}Q1|hOUCFbDMb1=CfQ=e&3WSCj<@WL2h%?RM(pE`~N?Mi{fhSRFIR+D2 zpYV3pGj@Zz$bwKPS;NEGrpNm!Q0j$S&ql-QD|wL7=-2nVB`53lRQdHYG#u@IKA$r{ zVxIudn2wjKGD7K-p=h>dJ??(z`9eP)PZ+i_Aom{dtZOZ8#Nmp-azxaHQkJ!hyW?I+%<=upK`;TMs5Q$ ztQREhGC)0@Ln-&~`M;nT_AIfVQ+7570Bu7|ZUCi67^O8T9@m>G`Et;ASuLH-FPmC) zW>Q)x{_5iUYw$aEh<{xe^z4r+h!(CX4Z;31)LT-iWk3*G-fu+h6zh;vD1LXP{$Oyr z7Q?zGlR6_J>R=T%13c9dT&4Ah=(uVBfZM9*HH@+?deXf5AVTGR{`Tnzr{a@SU99N` z+^<&SSqX-5f?xzsq8Wz$%&o-=Tvj4co^ z6tC^*wE+_i1P>G{QRYywfjI z8#Y174^o>4_?Ly$dh-S5WuRUg3@9EJ_fxAK#Z+OHD4`@9ZW2BfBCQloQK5Le&-ylF0wBX|W|xa12|)}(-oK$!t}*7g zN1(_q)g31uu5rVcrD}S7NE{PzlDuy^-OE2Kv}IQb@nCbZPf7IxEq$p>W%wI$2lpr^;SxHYxQw4*zj+%6jn`JV?-? zU)TE0akz$ey{@WT^SYwRPVNBY3SiSUY#Y1e3tz~eiAHZv1fJuIL!a>31iI!tmJi~H z0^?CX9AGFTHy6izHOZkgA5{{y3?jEny^NL`X_g}26!&x< zTqlOa8N?4h)5RwUbW?n_)wdgq3}VyEOV z)`HLN;;L%-_ECHi$|H%nFr+i_v2&B)ms(WuWe7%d-r3R7 zyjMX?I<-rtPI(_m@Uwv3Vu3(|+hIB%$+)Q}=F^CVX|GmvZ*)i99om*-(I7aF09IZN z6=&WH>YgDVam$g^$mIW|3dl)Se$wn~X21XP$B!3umS3Z1f~D@!6SL2Y=kWEiUE@-l%X-4*jD5IQVvj>p zhg*RjsEGiZH`p7p!kE)c9KanWTEiC4`WYO&IA2|SG$q5aLNS-DYKEhs5FSV6#>;q1 zCZy5U>WMzLnszwbiXK8FFk}~nFbKzYL9s658B3N8i-|l{c;Og*{j+*fTltJ{h7K%j zPi#)!&xOCp^H;$vKK%YZr0YIP_>(<6BTdZR6%@Z7A0OXCuJKel0+{v`))B3y<+(a|Eye{bA+9djc}L_Bj_a3*=!W2%i5Co==PD&Aw88YHyOZXNPpZ`!^D-x zYDb~8MiH~Ba4>C*7i?3rA@99Oc8@)$rY$1q=0DBF`F9qJB+b)B93d zLgl*wcZxcUoX)n`8LN3rS6&B$Kcc))((c4^I(y4SG5J&jhj>(XR$#hAn2zf(PAFu_ zkMx}~OdFl&+6(`YWol&G$zc1z2j{w=&W0884M+&D!J(YsGMHJb!eFvfv@zjl zN6tt0(Vk4mdr7(_PaUEGlwoz5mSv;d*@iG5wI&UJmhHH4o&IF&X46iwa4frxM#wjz zdnJ=7(MLx$KHvh|QPX}s=yIX`o7!fJ{cSHIOJNHkn{h!n$+20yg3YP!M6KSm?lM^uC_A*?gzIVFtpShFJum-f5;?{15`6m!RGP5gE=^%8gkAW6~cA%HIqR z5>Sy`IGC>|%W*yM3iaklly2|tHCyE}oBrAR3~#&a=!16#v{Zei82=slWmIIrjD0R`iVx7i0MA5Os~mhmqay`w zSRpbls~;B*-LaTd3`k~kw1oN&Rd=s-ZW4WmTYu|>i~1p@`-T+s#6?Uvwa&*}C$Eol zKh)+{^Rf2V-?UXlQ+6Z9MY3xfI&6Tx%~A)}J8zfUW5yXdE68;Zw{I* zUO*_ya`e_wPxfZC93N|(A<+s}z3~2x7y+XNg-5^MD$}$UjAs>q1mz-nJC8snF`9>O z0%c9p6_cEV^|TO?_kKu8i}d~14T>KM8{Z_|B4n`#ZV!kHZ=5B?oLvu{02-VY(A#xa zP8Ts8(;gyjuVS&YeUv4xQ(Zuz7-FUQqxReo;eVIrX4rnQ)_~6(Z2s_GSIm^Sw3 zKscHY;>UQdQswbcX-KiyU%b$3Cpvc1$4o>7pb`AgMe>|TA4FA3NjAt&#))6ouD`Q> z9erkOgCBYc()}QTr;UjMfi+by8Rf5(a<=43QC10A-fHYCkcH*W57j$mQS;$I=)aC6 zdGB?37ZVW0lmGV7QSjMz{uec4EQ{U995mi&`0Y}Y292%iRPbUdjX!5>SLj>4hoh9$ z+qXyl?eS+zc=M<>hX-lAh5ekIk9tj(9RY#qE~g(bkL7umR+@l4b?%&9JA$9yFA5WJ z%-wVV8Qb`8Dx`FDb(TOSkm4gZ%Nswn_4W3wMT571?;`ydPcu1N8XWx1*VjL#t!np- z+exfu#FPwW1AAoU%6-IFQyM;Qp0@p4OSb6YBmrktZmNGc`{aOt&R5{H?y|Ly#Kt7Q zI-SbdNsC6nJm@bD)-R7Wvu_d&->oF|tiDHSiPIC-7ia2NbFKFnda}~!n`Hi?f#$9w zY{rjL!Waqa7fo%i=X7)q)cW)^vx28uO~Bu)+L?m6`yE! zT6;kOyMEq(ro?|W&hx>M+4f}7s=a@xJ^}uK_Ure0p&zEc0`}21YP{79FYzmvEHb;{ zeE_U*!oB%g<6|bah=lL?$Rx2=)d>3`Q)9nJMl=LcB<4{w6u1KtwmIXpMiK|~H*Got zV;wqWW8RNZcG8FKY%Q=!^k?-2aOVL~$L04^0;Vmol6p?j|1ZF)>GZD?$;MNJ|99^( zP(=>Gy~+3XG76Iev}W|e59+!N7jc33 zgDx?fx7t z@>6`R)#-nb8u$dWL1*t!h))YGl4nro z7h&gkt*phdPp__9FlIQB8tvaL*4x2R$r6f>QeH|a9KLhuT^Er>K!a?IWAbPmXyETW z3;#GOI<^>p$@r<;hd*STIu?PBGZ^~bc_8@Y%ldj?uX5iaj!b}CaHJv_Y0PdfcnJ!E zf73M*;U3{0iJFOU^H`(Z9Jk}Q>ET^3Aksx(K)cC)x27BAfA!ti(!n#u{3pdA8%%0Qe{GDd5j0?;ouCYg_k30(lxq?SH%i`)?9;J|#<(&;OLfYV?5?^fGyS z|9hoGKcg_%@AqE!f4X9SOzzkJ$Bu9W^qpgzd)r^1@rML}nb;CoPx7{k#rDB$ujr1O zo=41%c#-DQ79#BOG3W0P2A#UJ-Sn4tce zv$82KL1p-m73$H!U!U2MAcnVV%#-MC}#wUq-N2rCf+N3T#CQPSs225<2uYxL{MgO-^ELkc-OlJB)gzQwsI6QG{CR@lA~w2k*b)I59|WK`yE}D{y_0#C zp&r)qdhZtTd7k3;>|wg#fP)qfozaL;)y7`GDT7%g}6mxTWD&o#26DQU72(61}Nn|Bt= z3BdY5k$)t@n5^bWW5vlD(Z1rKV|ah7v<~;$!`lt-`#~q4_91zg?S#WRY%!Xu;^IVX zy3dU2f6!Ttd?C%g?IMOWWqgP@YlF3>O89!Y>@Dyw)B=g&gePHY)V?k)A~vt@c68b! z!U>pPHb+xVlXbabegm2#k*k?*4kdBF|55qFrZCfN?2GUu$Z_2Q5Hk@e@0&#vm?S<| zjWFU_PTVKUQ0^m9s4>eAagr#ETmRs*OF8|&7TbYrD}ZQ#Fn6%MKJ^#7&3h)Kr)1B1 z)2HOQfinq{EsIou4d0zX?kcw%dKPH~->tsbL$p3t`u@I=hHnb(eg*~cNkb8FTzj)R z>uqRMVJTVu5|r)72Q@as)FI!>ZqLI{#J#^c>x!AFeEwJo?~_+R3MI;jas!ne|=_AkAsW1lIWfo%)>*6#_q%UTQx*Kz1 zk7o#S77SinjiwiX4$jI)Q@QCkXInhaE?}|5<;%pJ#uStyF0XcJu|)qakN+7<*)f~K zc}66q;XEV%rzfVgonU)D-K3+tj+i2jWD1XYe&<;%O}CRYm2jW}*?=;Yn?nR)yDWn{fmQC+5Z;~`EM`z=n>04N zy$zSG|EY|ANN$Kmx7oSCKgAlJB0*2IkzcFUO_^e8Kr*axGb%MCn{1hE^6-6cbFkdZ zM|FQ@4GDVkvL}78U3=tcvR)<9r9allEnG8Nn8|I$7v|zKspf}&3vG4Bn)lomy4*;} zuPP0&GfJJfioxi4U6vv4u+{-*O@V3Yd({f>=R2xazk~V0w1HDuc8g@V?TireA$hsj*zsPyY5~9LH;iOEpSpra^ZO84;MWTRx zn^nKtLvA>q$PQfC@!jXg()n3GOo=STh+pbD;i)Wu;*X{ZloZe4v60d)Etk3L=L={M z3MS+i+h29mx_gYKyT48@>U1eM0|TR2S=5%|ThHByR6ci& zkqL?9fK70K<)mE1aaRMlw{x)}tiCK_JtBjtpEN}R?~FL9PuklhT2LXm+4ZHsRw!Y$ zqkCgbuk<;unpkc-UW~2Xn%08X=xRu}zp|+~Vvh;9r>`l6KM>=9ex?5XJP%wpO{%`Z z{jSMxDj6H;zQgPdpMTNfgm;4c#`Y1$Gerd>A|n%AIf?pOx(^rXlz@olhZ#_5^}aGb z&zc8Lj<09>o%Kk@kMCOkO%(%|UiHXdwXI&9ae2W%?aI|VWN;Fp{JQS5>7$WNrTCGtt~jczx`!JWW#n@_;kz;p^l&R`1AQZ&!v-r(jT@C zj`Fla%L?=~qp_BBd8bFW2MOhex8Z8YJYfBBedOjKRg$}YLAB$h>uS6t{UFLy0k@I@$rwR5GpKf!?QkRt~p7;e$Q!3xD^`ua19m zd!6s3!pUV6Q_k^n?p53NHLm`-m;ZMty;hVd_ziMNztu zP!RjUmfo%870k>p=Rq+!`*A)=G7_xl5e~M+)_1Ft6UP|)s#Dw!8lTj(x8Xf{SV$j; zmO3j>%$i}Sg|+Fv$npp4IWEA#|GC)@F3PFA3fes?`LE{E1%Sy@0Hl;s9C*ub8@|+l z{IR8-3DWKSO)~rT;*hV1cIOjRtT6N1w#!J)wp2rb8n8Y5RE*!`baY((Tr}L&&J1j| zV++Fz0TBF5;rDNV6OkoSfx9;DM|j7-ik&WWU0eu*R{oOIzYkm!;6SvdYeOT}Ka;?L zFxmk08CC6|1SXZwHDeFj&-huQgRz%5KOMSDeend(t=I0x^sPyLVG*n~iJY3!n*3(D zPIA8$@9|+|Ss%^A&Cqk2Z*zhnd6*@R%d#uP;C#WiRSZkqom1-yj zty}fuzPy;5t|J^yS)_EK`zd*mB*m-p$#m2h*?38O9Bydz_RSh24Yty%yZTYi6JKb? zlUo}KuYbEPF3gHBa$n|eayuj&zM!IgphKm+2xFGjh9p@8@!_5l~m=^+w>f)*cKHrlxH#y=H83GU(aGL z>_=%&qY%ZRdglLd51kG@uU~cS2OaH|Ooy&N^SkPdo#sEHIK7A2ikUfWPvv#Zq(!g0C%Hzmy(W=g0l=mz&%o{U5hGEl{oox^ep2A1^A-i+!Ms z)(6jq6}|hXE7~X%R`hf0f--uiEDI*>OCBbxwT3&I+;hRK^2jeY>;fv;_GRRXk_rlT zn|fD=-uN1>qSJujI1P4cHvg)j?O-^Q&xizKr+`VfVgsCUsa5S-9Ae~W1inz-p`k1d z#Pcsy%}g)-1ju)XuIxi;B_VWN+jrsXe;L|;4qQL}67N$6Bb>k1grkh0fl-CN-)a8^ zb|G}LV{R!e#0cjK={3!qpH%#^wT^YzIz#m^gJ2!RHP7V6n)``4Fg}4$*0jDL6tPZQ2 z7k4JI7v2)E~X(O*@X zKpc4lZlXZ+sv6ec8Ywl zL=*#d0=9M=a;YEryNnoe#hjsAy#YnMdw5`PnvZ_$N7yEMo$7qRJD=ygJ+?2u?32}V z=6jv>)Nlf*0olQH-7HF#lT@6 z^7fk^(9Fn{?Fhf0_mJy-S6qqBb8~pUSJ@Ap3f(a>Ia6 zJo~*b9iqhMw(f@(nm5J-&IV51^Jg(Y`!YkPKj;3Zjr$eq2j0Ad^ZEFCL&_`u z%rr^iyQT};Q;ByBtoN>nfv3*MpKkNt z%~p;!0sMI-)Y+JS?aQ$=hUs8~?d*33gvC5)@RYL;0i0WShZ%hyALKW)Q1{<_MZd4L zh!vi}m`h^b_4>=Zd(Vg1lbM&77ZnW+`@5<5@3Fc8I$tR}imUMdSnl7a`nT~)23%NR zTk9qN{j7g#?SKBN4n&8$AN(;xDF3D`_;)(y_g#ZAnIc}bUSECxbJPBIvj4TlzYk`} zeo4@1zLWI-??T{0s*B)fFVXhbUj8}%x`cujW?`^&l7vfn_<1 zI@(bQ#p}DLOPa#vG5_PYawLAqNOo5J{(n7Jy%2*YQNSMV?FrhEJtY_T47OW*`NXaS zUtJJ62y{JNsga+EYU3Nr_g#^kwn6V~YqHvP-yLJxQe^e3Ud_A7@3YNg38?UjZQZ{(+7Jhc=lC3-Sh`QVOa~V!1A! zydr%+XG>wubEsm;={2M;%KY=t#Z8e$r-Tj79+99;{E(8wM#kBi->Hx9`Ho9#6@-?^ zIg=+^Tf}}xpBJO^%m1Jkg>U_Hc%1oz{a+5d#7iU)&&#VGkz_l!)z4SqLJ>v7{BoK| zNbl(NwwylWM!@e$hwAHfsea+2eK>At@9j-7BGN2WjpFpXD4B%2*1B5y=@3)E;u~9HIrkVjBe)bOnqw$*~HHY_YXVD z;I?`Foz+uKUEJUMu+DKF>PKwe{}})$c6Or89R6AM&rSK`7$ioD+EbD@Qv2_dtO$UN z`w~w>XHdrdbYpNo5?o=@Zc%lcEH^fFVLj}QibX*J1eXGk-u)~{#y4%gJV;YLtR3dy z_Js8OaL)FHL|T8rvsZebNf&osM#>9bos#Zi%{#FOuNKByu*x7gyVnyN8S9aR3-i!l0Y3r+c)kXZ8^1&Il40zSo zl~&muOIzi0eOepC)%u#wJ@@zv2RsV?yH@`(o{|0K%KemePx_^AIRf~{0UzvqY&mLv z|89pjp445hE%C|e7pM=j*X14|fd!)XY?2Nt(xG1{B@w%YMzhRO3T(x`-NWzd_^RKo zK_13lAC@02DS?p%CuMBz3|?P>17x$j?oJYy6)}c%yRrRG2d`qr+Ig*2*$i4mB+AY& zUyGm*#4P#yk0hsh@6ELlQHr=mq-6U`e2ClR`iUm_=y|@kEV?k{~x@esTO4746YBF)oEeX0arqBEOb`>dc4_poxd;Ho`;cmi9}q*9oBg}J|Fqxp>? zkTfoBZ50CpPRRG~V^WF^u24_^P^cVj+~+R)x*!wQ-=H$-e|%Sp5edEhkRdhN<6>55 z`|d0uY^aewT9l(ckr67tdS^x9bM@14M?<04LJ!G(uF+goh}P>B!$TDE#CWEYB34`h z^qJlbT`h#}`hBCV-`&s91kA11dfilhBixRA@a`+QIeSBow_ghQw#PG4X&=Ee$ik(D{w; zdyby-{?7S-*Y#Xn4+9L(tiAVI_qx};*Umrxxe@F|R^y>Ntox~+5c!Nd>=po7xg1lj zpDkibUYhU#)@0NeKeAYXfw+Tteyn3iaqWFDwk~U8hu-kkk;2%-w*dp;>6_|NEELEO>fT*vyp?5Iw!YAjf*WUe4Vli%qWsF^CCCi*N z{GVtpheONIbu+vzz#X47`A_0Z&Yq*~cxEYtI42)!q%?64pzblnO1%Mh@YzWyc+N5T zC3654@ns-a%^{?-H!G!}ut)RF0@VddOUQ*@zo(^oZ+|?@RXug|R&A^^L z{6-Y1S?|uoM)QrlzkphGcD80tvSq)1mmLU7llhE!c z>f8g07;bbPVMrC`^bsMEcS)mtP_jdDi{(C@7;-Qp zybDI7jG#f{|nLrhvYGM z*gA0ZSitb(IwKdIui-%d4c7Wp0pm>wPJmNwW#>idrmlcZ17nHyjZ z<%S*eTQ{~&)#JCe(yk@HGuM9SxifLBOwcQN({^$CM#-m#;GTnxt$`GzQRZ8ZSGO=T zv>n*7s}U|d)dQy$7gp~uN2dNy2vkE8uDb+Fd5h~$|7**Fw;0$1x>rXN-q2&)p$>CW zH4z(-;ugC1Orgr|_xQUbaT-}HyJi*U0J^PuQA)}u-pm|t$vw%v#NJ@Qo+2K8L0#hD zmwZ!+Fp*%n;(f<6(f<-`_)%>5{fDj64F)zMgyv_|b)^S&z_UaM{WW<_xw*x-jab85 zY8+f#oEs!0N|0^`S>o;(4uZE(%Ir`~CfI{nkj1#OU$c_tSSIn^?2 zzuy>MVvtFz{vNe2yw}*-dSX;fZSE-PcYmYK@@z9s1HM1eh;+B~cHjKbHT4>P>Z%wN zjPf%vqP4D4mQQpc)+sceO|U23OAgx2Bc(Sq07j?OkzDxwaCGPDS&h{uTHQ+rA2?q$ zI?rah?KL7=VW65^K;twA)c{x;_`;@U4?pXhkU@KpYSRqMp+kZtZlGo(6`R- zj6oBF$~TS-APE1<1ti0w3?T0HdLp1KhokgCmulg$(Of{DD%1>X1NbsXGewP}P6*+6 zMQ!`wzSC|K#Rxspb$i!v7mv?z&N=lQa)+>;g;rqupmD#y{<2IhD_K-Amv;i4DF8kotA@pRB{>`-S8f3+JYN*pNb=wUP$ZcY`ORv zT`Z%Zb&mA8s);?@5pTp&3^IVTFR2cTjMTAS46%8{*8sJ8_6YmtAkFSZ2q{b zu%h63O2`a1an3FXM!+5ur8QZqZj!A^ZiS!j`X0|ma|PBPK>1X=ofQ$4+Q)b zFV~L?Y-;7+zQwx3Xa&^!g5H$PjR%(P#zm+qav^NeusMjDf!y3yyVAQHtyIrkwDwNe zpr`OilrFo>+}AgyBo3P*O58A0&JmS7 z*U0N_i8@@Kr$y`VK4AFa@dE^IUbi3Nx|CC^?$u%Xl{gP>%pBc``X}wy79Y(Q>$as5 z*1T)A_VA(<;w@?1d5Vj{*6Rra1Zrg11!3fObvoODELdZLj7Kz$oiG)KBjZj_`1PPj z7C$6kvee|9N}p9^De%2SCQ>6uWqL&R!t{`($w9YvxaDM>ebPaAmClbI@*sd<2$?a@ zS|xmK?u%>*)f^u?aj@W8wFIxv`Jjdnjc;78_`^oeMOKCRqmZtVzEu9F-OoF{3^B3X zak5!p9C#A^*iP~p#cRFy2saF))&FFlTy|`u(f8C@Ji7P0j)^_G3|dA< zz-Zj!>vf!3G+!Cyf`~NNIPu`RHd&&*Af*dC?ee_QBM!rurd3VpBv;YIvBxG4~x! z=qxl9rRwzUQZ7P7TI|*I*Sxi1!VQ#YceGEQo{06CQ4dRB<8H(9)wvPZvNf~M;EXxh zgUC#oX90C4*x8-qU*azLYhOS}4%M{Y4-0Y-b=?4?V%S8!A?qS^Zn8N9PZZnle|+eW z>2Di?kLR1-+qS5J)&(J&;$$=yDsFF1;jx-iJ3KmnN|jAWm9FZ#zSkc7xGthENn^-K zQ3!jH*GQJtMx@+7Eh%o`bfJnvTxm-zKIentA_v}ZeLcX|H#^`7g+

mjq7Qt?@5i zsqyfUA58M!f^A|#=8kSJDAUM%q&S%o&p*0I#W^u}R_kPO3~}LS;@^9@{)W||+T{95 zUAhrhAw`1`P;x3BUI-LEfw+82&}mS-h*>$NZ{0l8Lh+oCLrN-_5{$OavqOiR&(R% zUSybd@>CBIL8l$+hIHG0f0>#3dM69K6O@LmH9^ktJ8sq3+jrqJPvv{!a?}ikh4af^ z`|7vL?ESQnH@yJKfZn~$0?-!jG&SP*#xwt+MKA) zCEy{4<#wa{5n+o^wdO`G5bDc$=3>a|b>`1##7tR_4`5chZt3rpiXr6OM~ z>T(usNxj3mE!-)HI``n7F(gY8*jfqJ|Hgt)UL78jLgZ(rRZflY3?eQ3XoSmKxLdCs z%sk)Zvv$1<#muAa6KwM%sa_0UojMJm=pc-raN???97am$I_QQe2eP`x-fgIq+kYXf#lT!;8 z8@uC+Z-+e>kHS;}2G<{@N7L_En>dBc;?z#Qf>&9G59fjPcDf#W5aIAG&gIIDQDLp% z6Z8(vD~FP-G`-bP)b6gf$H0)oc&H@*bZQ0OKEi6a!7+GVM=8F?-BQxApTUXVr`FB| zwO^Hxx`eyf^D6k&v_B;#A%)z8+XOE%wd5UU`2M6D3NG1tNF(aAzw#LgNJT(I*AKHfBOzKE?r%~D- z0jM90%RqQ39cI5IJ61@f*|}!81)eyQt!8X{_0Xxm-hmgVZW(Zbe3|7^(~|bZ#+@i| z5M-Qbrj@LkY6{8Yi_HGp3d-8?T+!f1|#i~^R&-_9xVl0@WG>bVi-QQDH(_8r83ukw| zsogX&&mQI;O|t^OxY+kL#-iZ}G2!sD7VAFj;#Tu4UiT?CHOAz3#%<_9s;ih0^mwTT zaW#-;eJEU(8f5G}U6%Oa0i)g?X~Sks*exUK91(fltRdYi^9ZArQjV&Ih61@SvR> zX86e2kq)}+oP%GYnT#yIPQ=`m8cV<#_zkM7@a%9YU0PG9i2}z7ml6oUCDeR z;goDGtTTCt6C;Kx=RvqDpX744-93o)347eE) zmfV1&;B zkzvUJLclh?GPY!U_JVNE@=1e%L;39bvMwk#b+N(5=j%iD@L>feV{FpVUNi7DzY4Q@ z=#&&K+3Fd6lB$6GxNa^$RZShk#rypI>_@q zFHY!r+*bf_P!9;0qg;Y>gwFs!NnGvMnGK80E82`p0*ZPS0mflhj$K3j1q&OS_l-R& zDb)luYc(9ZlQ3lIf$g58Lm`!Mnn|L?1A26DRN-`H@URd^s zD+y~&YJ5e74vK%fDBoZdZT&F`MkyAe6^Q84$dkos#5-_BNwT~l*&v3P-TL8Y(5Ath z)ToSM69KQ_7T#6uD>}0p$KZu&V9fVPeDa!?Q;4YDA*#iAMyxe;fjWB+#g7aGVY|o4 zz2XdP-x@@1i->UMnBN{lK>D)sUszwm^%KT#z@da1(<1|+GL7tz*l@T7wvR6%=Xl$>K@*b$iOqG>MIWD zToy2el|>*RxCDFi8qtW{?iHV}QU~7>d2x8UmcBOQh$TNa6kTL{Q7W*_mKK~zDnl!u z1r}1coI{`IGeJq_Qlf2>1#>2bAHsH1cIU%Rlay&SvY6gq&kZZ9JP6rg9Bud(vu`R&C=or;`e*;pPYEyjO#K9lXv_ZZbD-y z@KZE&lDVV%?DKzkgEm?D0GF(ND`&6p1lOE>D-n~3hzLaJvg}wG+a#VRB2=4`)h1{sBoM3UJad1Bk*ir zxa0URsM6z3SIKjLdcL{w7l-6h&%1{80*kcT1_U)~t#ZjS#~sA>*w7gR7SqWP-9h^C zL!oMHs`I|9W@vqGtIC`p{1YM?!Yu!xIA}CiElnzJSj^a(cfgA;rH(Olv{7x4>is~( zRLp$=Oh_<0V>u)W+)vpD zG=Av`kqOfs91Q^mYO_%C+%Umv;y4*4UX%C7iSZ3JfRHZ^oh}4uq!}a#pcy7iiW5%4 z-Q#yI`l#b~0#`lztTOzkv$?na0%QLRX~C{PM?})_S>YceBG)z#`ba>R+$2X=r?G{v z!9vU?;5a3$1mbVmo^ zEG)VAh#LPKN-jK{Th0vA5A)7lr4*QY+jGyiMr2_e&?#d~v&uX0d<~hC5B7n(=#M!d zAZ3=cb&a2O_%Y+2JxD>ug=`^|z)Q_!dkc-&AE%1felL7J{U*t{VkSBB6p`v!lQ58| zM+frXxRfY=Oy7vx@#>ZW{YaRq7|yxw2#}!6a*-=0r1QM#>e9#nc+MU4^_i-fD?rJZ z=(8FPo3t}pZ9K~`nqEss>U7jr68{QsbMcc2S>2vb-18TF+yDc@R!fL(BS! zyQv~`NbvqHHef7Ku_~AAf>vo;m9<2RB$I$6cFw2NKFs#m9vW@6ZkwkMraB%XReao@ zMz(sZF3A6W-&z8J{}(5?`>dN7KAA~qu^(YpR%2&<6A>?HRpa_tmS#A`4H5wU?)vb4 zw!bx7)xl#A_~NQW9_&=1YL92iH8dO|oc4{KV#%9xl|K*r?(VAOme!paoD-v7d}CUf zbk%8WB7jEE__(FxEwDjxbfN)TY$SbTDea9vbGG#>HBP z#L6O|mZ6$tp^7Q3LyoOy10gd>B`acKlZop3bDb8E`^CF+6AtM_uoULsgU1tj*M)=kh7vSq7aZgFybo;7m!brU_+Ym;7BJrH^Pdw4b+7_0#x{NHo@+^C! zB@9ZyW4?;&R*ZN}kn?xfrW_H#(5Ad$_lozAm9;BQ@nIm*1v4qow)*BOBInIRkC()Q zhpH6r_)3c$bxu9LFfm7WHZYK(DFU4Bt;47MH1e|<;FG7eJ$~1ViT1KD_6tuxhBwk- zajhM!Ff_Yz38x7wa(}B=wdPCj<5}ovUTQ+Yon)$2Cc$F;*;tdAPs95S7M|qUCb1u*^dM4tn=(4a*#^Fy~w2h{1_PvUJ4syHQs%Nq(+e(9JU)0(_Ht8@6m4?cEn$bjQqi z@fNT4*mJZnf`Mw^4*F(-gmlPlB+Q)Y92nM8SrP)6{PNnx^k?WW{=pX&hRzOcWr`M$ zX-tG~*8gX!{)Ni_Z^8*QK@<8>$ok2?Kd9e@035F2CpftTO{A=u+|EzzK7Jao8ls&R<}GgSLfGEc4aw(TYIxJTZcEVhB(e%)<_~WG&)kQn;3kaxWsE>(Rw|1 zhXwBJ`Qjth5Z7=8vzmd+mZ{fKST=vG)0J6G+-tyyT@;(pxtfQAsX3qMLeF4;O-xV; zud?G&l-rXN%X`rw@d|k+4GrS0iZLsti$+u9NbHI~?1I_R*`D-L3OP1EG-bZAwnB z&EDx{WEa?CZ@B>!-m~3AAHGDP+iT3=ymdsPo2YISTI$YSo4G9uBT~aJ68Ui5;>g>3 zcyXEC)>}oIEi{{Fu*^8#ylAS{%{a`1CKclIG{E97ve}{VGUAl3)rPc(K;?k*Hz+Waa+l0-2-#GL|;$ z&cFS_|Gpj=B#$;tJBWNU~#phJUE= z&o=vIyk9pl$>`a~uJVcK*DL=&Hy=y^Z!io6hl9QUV)kE?`5$lYtI1*QQm{Y8{l}mF z!;6}NKY3BwHTmZMwc@{w1|X1~g9Y;>oT32h_lTWX6QcXV^@{f8np|7^e3&4j45YmM zsBVj8SD%20=*|P9rzZdQS+C@=+OJIwUOoDY85bN`7P^}k7EB4-{IN$mjFsKpYxeZH z^eR5mN4Clko!5=~|Nh^9d+xwacJ#yT)_soubL87v)dC#u6Pa}LIl)s>QXHnZxw&h6 zjvZ<<5)v$Zxo-$yNv{EY2FS<OcqR>O9SKt5{k^b$y)D}=KISajHURh>W?SqVN9vEgyAFQfl+{_FBf`}2ll z9g_u_Ol0ZiZZ9_K{P1Gna%Fa2CJ_}g+0~__s;UZG(?^5J*3#gCHVD2x`5JpH@Ru&*UnL%-uS1|tA%^=R0BY)*k(1-e(4+sQN&mYV<+M0i@WEQLoi{W8 z^lb82#wQOoG-`)Z#n&QC{ro8y_Kg+y+3GwbsCzZ1d@#AW=siK01uL=>^!|)x?QOQK z;A`256#vhxF$olyZ0zjCXnn`^6M^xfKc~f?3;(}k3grD+1D`n6bo^y$vOtV(W+D?q z;nNk?r&>0Zcro9j{6pLYujP8bY}v@LER6Jy*;)7}`!-%Bw^HvTk9(tLzGhA?3D0G_ zU)^Q;r}-I}qbSGvA(l+%`<>sTjr*oec1@knCU|6Uufj{2{tc0^(7k`c{rAXw}+y4N1%h^4c{SK7zuDzYwDDSo9ix*S; zgDJjuOOn0{36;#f80;?mJM{WJ=UA|=InciFngdeJ_v`JuaAHD}J-X8GnBLI5Fluy9 zu%Ex0TzWA*MO&!foVOFIt4}+P$9l`t#^#e0_RB_hJ@A8Y``NPg)!~%oBT@T_L17^= z5=7a^6PwRZ_zys9AMy&5*--KG{vL;-HluBf%QF9uk1LM$P*>ug3LpQr=?Ol8X4^_y z8Bd}>Maiss<(+4R`YMu!WiMY+)1f0td^$nJ_&AUUS4-q>ReZ5tWq%9(Rf6cNuY>OB zzOfnt$CP5M&WQnaY3cO()5JZ4oiriV9Fmcj@T&8tb(xHTE8IC&YdpxawwlH5T#SLE zX)##Nx|AcrP{$T!5mUaRE4x_rZF`^Iq3pEM8rF7wE^GU>>a(S}T}$iW_GZ_+b1c}J z&{5_&(+n-e|GYF4J-W{>A_w7C9@jjssM`Heo7GO~Fl5pOXx%CY-* z8-OT(hCpaW|8I{ZhshzQ<#Bef;eIGO2}2*8X%E!qR!Ecw{n&xkT0|)n>)F{A-M)R> z?B4wc(XU@ukjr|`>sPdi%^WV}dEpzS5U!M|TYGlx_KK|h)pZc$;j}2UhcG%4P5(&Rq&Oj`+fNbt=qr8b? z*vzJA;m*FQKt)_bx;c8kQyJ52;}3?e^IgZ*+F04EzR+e=X!FG;{Y1{%OLYt@yvW)) ziUDwc9Oq-_m4dGB>4s?fS;_hJ&|Fl47x%}jvjG9G-ny^Zma2*iE7DpXrNQ;|KsiO$ zt0$h9Zt%M13WjglAux@-c=O$Zm*0*g=Zf!>pZooIU^`KeaPQ>cn?uXIzU4rJ^gLQU zlCbD!406nXU0H7H)}nRYB_SbUQez$ygDDQov+Y3B<4J!>Z~sit7+&jf#`i8y=0>Cp zC!GJi?EGABiz(=x|M}j1+nAQG5zm42 zUO(bGKCS*|pow-nffr~4u5o7D|6YMyY&cDC?{Z6g(XX+yN48uGDahW}cXfRYx%i@U zaNWV(h)=dq;qIR4Qe->n@I3d?4QQb84#5lSHK@!go+6#2VRb*kcLB5Tc}^(l^|r_s zae0+;s#pyn>znx#q`y5Z@3DHFA?eyqn|yE)w}RleTq%5hcs`Tg)aLg>YgWKp$b%KR zL12vH0>fN@m{>cm&#@x8p5nNMkXKJU_tCaRte&=AX+XFEx6B-q&y`mpT6(b)fbzHl zooKhYJ{e9go}9KecnN}fC{97#rUcJP&5>v}+HQKO+hKZZP^5TmBOg}7XRvJxwKtZw zO{|t!#A!Uu@G&$ABV)1y1|tLNU_f);^X@Czy@lZCvqDTW!*Q_1|2m6q)AT(l=h1*^88!;aJ%+1AYPzuTe#Q$ zE_Bnw*njrDS;o?3$UNDPT({pA|DRX@0-(J#K3mS^Z`ZA4^%z=uQy4N5DAE1na4_HC!L*5wRu(rDg~6t$lcv?j86>N;_{W+1H~>ln&j zPt#>|6xOkmOJnq7RV+i+I)+qkeeE-NZq6TOKXJSimEP9iu%o}Wz5^MSaPPjIG^G$e z5?s zN7Od-NQ8xYfRIG+U)@TWQo!+#zm>}(Sui6%sFBR7=^*cUke0n=Z*?)>^*8aIW`Zoe zY}`qt=cQW==j@2^M$Xp4mXwKEk3#F5Tbf{fkY$-GOuZZYro;Z{8#*S_{7^v$To1%E zfCBy9m*zsroW~yFpL7)AzI(YzhF9tU@y2xD3cfG``WV4sKL^9-1Ec*w4RnJqb4Crx zFGI+I{Uo_I2&50N%-cGvF44UN_yCu@J*hEF8VXs?)ILZF24L7P6%>4AJzhpGCH}Z4wI<$?SEcw}rJQ zPKsDd8V#c{@g4hG?uR}wd8Rp5+FXjFizYy^}ThMHRK6tjZ;E>G9oiQo;_K5L9? z{e0wMc9LDXM7>Vnn~q^y2@dmZ)SwaYt0(V>As3kNX8S^&S`EQ`hgm$*A~n0Bogi4^ zl07y-Su_PxO3vA781pu3c=_bTn(Ps9^@4G)n?{Ttg>`*|8c7VP;Sv<#J%rBtxgabX zf-dVg+R_JPgKXJ9ifBu(qGkhym;KMatRPAEj@;sljVtrETyD--6XB<_3bfia3f>n` z-tYoMg!!N5659^#X}OXq({6_*F`3T0xo^^Fj+bG{Fj4wKg=IVJVE`<*iuA_4DOX~l;(Ic`ny6J&n|_$rpk zGVWNe)$9zMHms+ShS9rIkCp+y*?OUpYGjR@zM`RYO)m_hROu^Kd( zDg4xrUfx&T;(9TL?Ed+emoL?!R`jj+iF|fwPwSJhH*B3t z$dXgLFNSjVTP`4QYi3k%mfW;X&uBI|+t>e%zy4y5pE*QZJLMbf6Vr#>f95Rc7lFc9 zZ#-SRNigp+qP_^P*nF6Zg#hXHn4MRMK7uk5Gw{OrFN>!#qc7{TKf@??C(4|bn~Dp- z+ZDNdsp7Dl_^&O4&iyG?f$F$Yk+AK2jiT7> zVpSlNkn-i)L~$a4wE*rMRMHJD(=uj12my9U)Cy>uW|DPHTaKsxbDD*=2?G|UL;yKv zV#RMu%9*igvT?2H$x5mZm}ltcrAtwz@7KK?c+RQBuSdu!5a0KLAWqH6$tf{D`NzaY z%~0Qi5tkNc&hDrEABGI7DdB6vGHi#jDjnPs2qfYn4VwYm!U?VdLN29 zuGGpgl;ULlaiCAosm-ZYrcbg(B2;sC73g=_NxnlGY8T3-HkOQqR(Y}Cy=#P)=GWFJ z5mZ==dT?;6TWr9PQ}va~IkSue=i40?%er{b1x?-&$!lMleJ_R%Ef-$k=gvip3@CWy zo}jf8dL!+Q0W>ua1jpNXvsuUN@9J_3HF&aT@%{FZz;z2;QUB*8`^T$Ip6U&T@93v^ zt=|j^5qThk2a*ZO)8kuj;a}l0d~d#m@idN#)}lYYJdD|Ul)HFPr^Zl13N=_+q*FQv z@b{Rp&h&d>X<-3RtMO}@xnR#E!K^m>mPd`BB}Rya;DSD5dhO++!)M|!#5y`rY6L53 zL`bF*bK0||Rglc9S#Rq@6;`+8HfC8Bi~Mp_o(ss#y)yAB=F_d}i|BnzK*6Z<`Q5A= zYUp{R@jWTR4)6$KHeI&~aM*m*L7W)zh_i!Gn#|>t34gK1tus^%d9rLjj0U;G^KD|> zT^W(5QH6@MnZ)_KFfhN){gd_BdC26@B8)aGrBwMGHF`xos4-YJoVJ{_5$4!hO#qE7 ziMmPye|;!MiNa{aNfcc?gB+Fj7V*y@X7gj+LRp5Z7}*YLO(2$~ia`I}&-sR}_486; z^(FtF6#L_&;g&zX^7p?`aky{f^k?{OXNu~Zujd2}s=zJP_LFnyL%nAcUQtlIE$Mx| zJ6QI`3_R#e4clAxulZh>XmI$x+Ky%)ccmfxa+gbYpS%l)YfpzN;UC9NHiX77N+kGz8NSbVcb-Z{kC&6SyzCu!-Q4ZMIby6 z!r##6-Y$B9$}2EZ3*?31JsvH*I!b;P&`-U6LJbe!{bd2=T(M+XFTm} z?5c`QLtsNAFDTfGc4GtZIKPb#M#(?f4sb5rnU^hX$pa|T$)uRQ(PruA52i}~%mi;p zWqE}NAU=sEmnl;{KdLsG8bLR^JC#*YEL-*>Xu(F~R^|#xFr|QA!?^uq@Pa|4f@p{4 zNKhdI`1|pLcS!ZEx}MqVwUJ~ zQQ>#w&)sE}CrP_SNzkF@Hs(j5TNWJ+@D{h9M;wXEac$rdQ`fo0BzdiS8i#tlj&nBZ z)LM7hF;t0=0`qHTL}W{(*y~sJh*`*@x|fk^!?8uJB8=Ix5O#LS%2Oi%J-sbGYY*q* z#U8_d3g2j_BgcX%vn|H_P3NF@USMc9^#a}Aqpp?v^t{~X7|~XwPxB`=^)p8aRM3zk zTTt*P62Iop%F@#^k1#nn3Gv+vTqRuH ze$fatu4K_Y3tR1=D5*ac>aAM_3fs!NrsMB<9vy5PiQ?!H72C8m5l<1f0Uxi)-;M66 zAnUJGPjsAUs^20X@G^@Rci>K|c)Y3_*0z22o(HiH3RzNvk6JPv^+xj@;|UyVRjsD= z00DaVlhZ1+U0qFA?5(9yy|k24#FonoGsT9LR%EGg8Rxb^MPs@?nph_v)_3-G7E{c0 zj60jw%)WjTI=Bd{Nt&vSQ>k$8-=xA{t?<(jis%x-3BZ*5zbcKNc5G*tqj+pSZIVe7 znd!@@ZZ1I-2Ylm*PW^P0L37+6z79QFyo>Hm`#6lNzsn^qQghf%^C%a+6M<&;tnw+7 z3(;f%kC>>0#C?|G8y~PoDyh`Dw-xLx`_boo#NZp!8?%tv!J;}(2iB0Xy_u~LqA?#V z=*;ZKhQza+R{kve35~#{FSYHrm0wI|rePyMr`}HVDYG*F5A?T)E@Af2j$@{5kLAK%+adPKY31cPPwS+NY+~D^{X^E>QDaLN@@+>G zQ@Y~6Le9U%zP9$C&m|ZifB)BW$x(igd*HzlA`)SJJ;?n?T@7BC73_4whczk4NwPy3 zpW{)lέ$awH)@iL}j8V#%~sWuaf?zkY8Uo_`m_2Mj8KIpL8Bu;Ms3mXI3uv{Y& zgXo_vIkHN=+$!0|>=&f}5m?O#uiuF(M@>nAzuR8&;j>u058 z=+AfoK?@q%G=KbSrYV7DU$!3o%Ky1sakx%KFH=L`bf7m-J8c;Q6Y1+l)79N{anNsf z&9nd?_XXVI=SP%nYO(%ag1`PAeZ%z%{gyPs1`cp}0g!yE&CG?uVZ_hMc( z3&BD#!2R%H&k;DH%0u6tbK@jy?BfsJ;Stv&LJmpCo-sM?AKC3w2ssa`SUn?AC0fq^2`GX1_{oA14&*j!A@jILsru zCUaGj8Z3%3Pp8D^bxej6a&7RShIU9ib6A)#_r%LuNpFf(jT=%VnHM)+?oy`9^<}uL);c>b zXyS_{ZIAk~kfLVeQ5gb8EG=Xwb#v#*Me|8Nk9`Nc{%G`@M&nKe_#!li$+fTGd(q30 z)~kkDzj=rQZw%>-)*XEuxF{4gG@hl1U#MSQ-~#n=niTMg-ak|AR3w%1K)50f8p$03$Y}>d;X9a>i-Fle|{T)sRH;l;gmjb0s4Yc#CU6JEVpMI;*2-VZ)}NI zhs&5ut<>HNT6{cj9gdBt>qWOb{&D2OZyKt76f=DaxR+wi`tf+qb+?&{u+9|3mvL8r1T9iWSqHBZHCiyX1Czf|` zIai7d!^#|^hV_X?RW)NXx$FFb@rEIdzSF`!s7`V|y2XrZayDUYQndVT&@vm;Xt}In zP~lk)v-0P<*gp}Dk8YO?sbrjr2`n@GtU{`)=;H_HRbq{06QVjdAim@ypA^!jJ(IGS zxm!C&wA_dTNxtV(bMJH^xMXMi#|s$a!bf+y!{?s}cfA)CF@0^aZ`lur}J_yQ? zN2`F9p|p|j<5TF+d!gOHJgdrz|NI z&q2;;JNZXW4s{yQd!pPMV(WSUU5a95?y z!pC&tcGu0W2*lJ2UV-)b`F=SYMk(*Ap%AHLa{=7-J&fewiBcf;3@goq9j_LaHaL^gi`P_+$j(16HQZ1T zt=*a$vobfN5~L1w&s$fMkB-RJUy5OT&bWN@a!A|(@+DhYT`(j3q9_c7jg(`)OI4)! z{Np^=#QysQXQC21qMGs(J3+1R;-{bA-Cpw6=oamg21X1lVB&{zd_*?WD=6(jtEY6KO1Yd7#iDH9TEebjnSTU4))&jwIL-K;5aPI(xVK zCbNI>W8-JDd4s;+?kKYxfaCcx#5)@fw_j?s?ne?kZW~5{@mkTK{^;a`{LwVIENIPv ztphfZy+yq=NslHPkKxWyq?h}uYw@!rycD%0;(e!5p4RVP>EC4N@2h7`K0 zLeKh9wcTD%f`53We!B^^Jsig5yrf4A5)f!!y-9!4hOKV5yih7XuRmFA`+ea6Lgx03 zP>s`4G~9h_bP|6w^BBGHFD6jY>wKbE9Vf4Dz$-LgBmI>JOB2f86M~wycHhvDo%W%% z9+_({#(_2~gO#k!(twxAx}{IX*cTYvfK~>z4m(hz$TGux%>jwP6m)~qZ8X{20ko7_ z#0<&wznWg!(|bABR1dq~?%DI2uI2?gCyoFt*@Jhq$1VG8LZ#=Myec7w-*qOcZFLHx zwi3y2YjR~k>+@>urp?hk^E@0ZBx8~UOdPbGqI*~j>)-twlQV~N7k_t7y6X0yg?G(x zw63P})ZtjpF6b)C?a@1*isK(P?YC78W+JxBs^)r zu`l)tU2$h|ZQkFmJOV*SbfFdZu-SO1l#4gPOeNiE?MO1lSGg>@T4)Dmqfe?pi#svN z%7P3Xb>ryoR`hgR%zfJ%(iSrH?B>!9#-?B&? z*6X8GqtU`7J}6JU2)xaevGwc%RYRP8pb}myAiW3WQ%W`(o*X#!NO6$Am#|RfyHdYq zhtoAxZEkn%1ues7pZoP^>a#NEd7JZuI-VHX;yqn)(j(ZQ;x z@!vFRf#H6o%_rF|rYedbax@X|a26QIl(*Bd1gT0fWnQ;!LAOXyYKuqco*1rd_7-)6 zoE>8=4zrSL1Xq~kYGvC(y$lvxlclvudu2+L3Q5`|bC_XXBEA#JGTohIJbPfAkQb}g z1RH0ETT+2ZmY$Gmo3RctyQzTsrcR@CU?N@Ud&`4`z|K$N|BU*kqR@b^8Em8YCzkji zNC{RDkYu8uHoG0%$r5hf{PYu5nCIXwjfT6`JKT`eXP@Rf6R-D!q9Ii=3Gn7`1?~(l zq^KRMBuQsLT8B~~fI+qW7Sv?8U9}cHa9sktvm?tQM}>7mB2zj*NG$Se_Z?P}16L3)Qso{^hkO&^ zqWji(p|w`7YU7bkv98&*$LY!ulaka~jzq5jm2wT`x`6hu&1}Jz0BS5`njFjZ*2H}_ z-h(!J$Ey5AX%1!qhPc2dV;pT;iIb_BNDn3^^#yD)SHxKu9_{;-mwXCI-$>PJ`Hfog zmlrV`eCyTGNDiSOo!oZDweApto&FhJ$SJw{T4$vfYOl3!Y4g%Jzi=0$2i;6LU6*%n zlJ(oaFwWaQ6*tH7*^Iv+Tu21Q0XtU#9kucFc5ivkU;)2~K_nz4l~)GT^(b*_8JbVY zYF5J;ul2!0PuJBlD&zr!enVs~BJEXq!XPzovYn&vZs1`s@$vD?Z+3)TpL<-kRn`g_d7}sxkxtaNM6PWr^#-g%>zXxfmme-;l za!!i`<4c(xHkP)!qp-F0b9V=RKwpU4)TSIK60Qlu%$XtkUXWy~7vQk|_S=I$aPJa* za~0BVS{4>)9Y|m&s`TTKj7Z6L4tZ%32K!uVt{f0!n%5MDQHD@dacOP60wD!TxrZ^E z@La4#T<@Zs984vBxQS58)@1_7wd2`3ryQS!c9TiFs3jrP-puloe=D?^I$}BhkKpY! z#$l#uvQAQ|cw?i9CB2&?{rP?&vdHnA%b?LIdglRo^=%$uyRmmWHRh?)Rhh;W71fQp z1F)nSM3s`kVP`J2mMABKy>!ROlZN!bdS$vz5JPqeP4c=cFZtrjT_5E1IYB8LEsd90 zLn=YF^8hzOoR2%dNd54?t{k3i(4)kGWhsV&+T;DfCEdB`kZz>AySwYXe4Z`)zW2NR-tUjc zbiu*8u9@c?;~eKGy_tlgo!lXF?45H|d+uvMqm}i=-2adn-WFPZR~L)6OxCI>;j8wb zp7cW3?7eK@jrpyUTIh#b>O`i}iJzUt^oEwsyJ?)JvDB&DGXh^(2Qz~>HZRU*P;JRI z>ci9ag{9U2oDBq;5K}W09#&M3gaDcaMmjB)-V&CDCe1>72!>h{98DQY zU8(_af+Z*vd>9(owk>L4+GRA=sH%8Av2X6`Bd+ox2q89sYnG)iv@E!=7-Iae_X&yK z-`Ud^F+)8A3SN`xqV}hp)sc6q=KO){1o3cjVZ~6q>rB zt2%VXP}iQCe9NjIoZ{L;?f|td?rkKz^d)Fnl_K`_Uf=0XwY5dULnuujDvUXgJJeFu z;MK;=)ZO*e>(K@z0uT2tt#w#bXm>1XIM%10(&UiirDwF8HgotZJQgGUjV@;<7}r-$ zzD)S+HW~db&tQ@dE~ZV3?cXUDC@-zQNu|^Axk;v5W!!+zGEJrRh($T{de*+g5#O5F z9T0rJ=gL~b`KLny(c2vcdg(KVJiK zt$N1`HF8$0tww0pxw4Jw9IlSX3k_u?I^3F37Hjnr18Y940C}smRy{1jD#7hdU+_$i zj*b*_O%yPuoyi5nMFcMacKqN)UwADVP1hNsd!60hc5;=L+ihunzHlhEMe0augX;|X zY662bIOX-ko(YVh7-EJJzqVe}=D2>!5n^{4L9@AUAOr@?Jc5N7K+fVBf;b!vK>;rG z6l3|E77|E}wNSol=S0u-s?X+K3twD!-|}1C9v{4A$Xeujjj-Nr#Wqq}k6>F|_PP1y6M&|Y`}E77Grl4M|O_c{LrYy%oQlwIP<($iGK;7Yfj-aGa4&JBmQ-54jJ zAE1GkFp*ZF?QLz!RJiLi^oI6?Z5Dt=V#k)9(qfV`iLE3xzs^Ctqm#vv;UR9u$e*K&Mk2r-`!j|z9Hp4 z>0{h?3~7?RrIvk^$NUds1Qr4?bFdu?Gx}cv2AMx}Sy?$%tzCvx{9(TR=Fg$~n_=yI z)y%xT+0r>pSM$J7>^q{=^&T5=R1BGZ!VJ1vLY9*1=k*w>`Ym>d{g(0!`yPBR46EtS z5_;UqnUqU4xTSAOv}y)POV|3-PrPHGJ~HV~72yA_1)#a$d66}I6I-Ku(WnX6Kn{0rv4M`#f%p6^_ik|Xan{hnq;%b z)2eY-HT!@t^BE-tJ3@wn{iu)LJ{-WpVPvm zA&Pw_P?sfMZUr{UCKX}v%&qGCBakp-+TpZ_6jIwKzKxP(qr5O|czH!ssm zm4x6&jaf~avpC;R4IjjxVphzxA9@f??&xXU@%kj_DdAekC$4nCq7qMIm*VbtXtokR z+3a9y&C{=bUt9~9#XR5X6Fj1V-bUG4k-?hX!7{R za_2$)sD}B+WIG2`7EYFLryutT0L9*6Ghu`GRZOFYE_F&V$uTz(r|^K@G5PXoNl%kV-!_(1B9M8 zH*>;CSMu78&GzeXzf=SEA0!9TjyFzb0Ih$~>g}B{5sjVQ`?-;)cbq?6?$0Zzp|RZ%F>Ff*{DDnx{o#go zS&ylw#Go(L8zhpg2CAyIIsZMsUO<%JRtJ01edVP&ei6sD9SQuOI*T z|D*9?_m|MdAzS^~pJ34c1bKiqS>7*>W{ff4`d=U6KOg6R+o+rXFcdOJKH>GJIrWbz z7EIy22mqq7C<_cL#(6?%e(6Y7RG+*&FQwC?X76g|g^U~s9t zpJ~*2@a}YbYCKGpel}OSdi<{cYJ95(N?E9@57u}5o+Y55C+#!Hh}PvJRQ5xJy)BcQ zPo-N;Z_>V$1Hm6UI=TfG7M3EE?om?=nZxq{UpCo9_pTmaFTAf#_3D1FVgcC@kil-> z;?S&97~G76vUnzg#DX%R33y6qQ*PMzxLht*_L%di{|KPogc#28T)BB9Iji^w=|kN# zmvMEtxHUGfG$QmxMi6DcIcq}<>t2f z#)3h7<ZcFfs49}w5{8h{Ti5=N9h5r%F|6>XK zS_SW+&l_!3BwrNjJZ6lc5$BhqS3 z4l#vVRS3nE5S=?0wMMgCg}jeb7B%MI%x9}%TjZg=R;$rki3pPy#ec96GmTd7`M!rK zv)dBpn_Ld@L5o6hCvc`@zf*RV84+Q(OzKw0?l2qc zj>J)yTXuw1>H{3rFT{NgKHaSA;ok5UWkRi4KM89J40Z^H_bu3Pk!9kpSN>?mqx;Td zj+VS*JXgLGo5gHXNQLL!4?XYh4M0`p`Q=P#h4CjC1b1;Y2{BJXv9Gh=S>Kj!dxmhI z4io&tteoYoLylHcqe7wT7~aZJFd8K`zTIIbMe`j1oB|#J7V0w6(&L8j4u$^2Y#jqN zec133&HwICX{af>9e?3=72$1%B<@o;%88Pg_K(+H7M`cfugN;OaoEa|EZ%Bs)F!V2 z<)|uq#R*VPO#<_CtB zP*P+vdV33E2myibOVIcSuK300s`dvI7KOa!opH$Qt`@R>$! z90d!@SWHYz+H36`D6M4%Gjmy%AtTMEFR zbs5Q$(wMP3R4mq<>j=j`P;bHGbg-k*xtJ34+}hU&2w>Xevj7adQeETSr=K|9O1hy> zL(ENq`BaKVsfY`as1en~#D3Hp{x_+*3dj-vyRS8&rc~+(9AZi~w-G=0G6`>PM2_!H zLQ5<#wTt^Q`&B1CO{W?)7))Ig=r+*5VHc5@GzgUJyx29CTGC9W*AI4om~(X42eLuW zE}d@d`!JI(XDr7nMc(XqOdHd1o%||5*D3qG0Fe4X4EnL_RvK>#u!UA?$_=I#F*HkH zs>vQ~uh!6?R~-_DDdO4h0<~=Cowi73UjrnS0_DnZ!?oOROJ&JUY@cmFXVKJeh;j4UL7{4G^-(Jo;kLvb^d-r#($EYP7Hiav z!xr4LwSRo|L%%oHet!zkMoy67tx^dFP^VN-E+uC-_g<544u?ua*pKBY6yaW+aIAUo zL^qqJKr#5Kjt`cZ>78wl?Uy&7O#w-*5Nu|X)$8jYFYz&-FX)A_cPt+{FI&HADL+(6 z0Pf>sZ5#ejEHmk!_Am(d>>OoA_azM{LxFOk^1k{euT!O%_` zjL-}zRlrTvPI?N7NLU$gswxBwyQD?+jXu39vRgU6R`<7BURWaVZ>;veovp)RwXjHQmf70HYKrI4wy#K=!OMB*~oC&@$)COFx|AdOQJ@iAS0_c zpyraZjllLD$u{5LT`Xv*fli}Ml^+M-zZ!tN5ge2xJ=xxiq+Ns3N7`60x3q$6nX^_paQf)CA3 z_RroL_btTv3gf8!^4C0usNc2>vflNx`>DtPXEvO*)CJwn#w0m0<)5O-T`531{$J!1 z4D6~&4m!GOPnnMoH44Jwp1pdu`IJVb`q96phW9y@FcG4(Y;5pEl`ztz6euoz<)Beq4-CGcy`Z=LWv#>;U%~>WnW$&~`4u*{?#*4CZh; zoIM+>ZzJ z!#<~B{7K5`?G8%@ecC8l@ptALBGNY))K6IGxP~n2NpA{4GtLmbsHy4QF?3JeK)+_> zWHbXs2Bx+eGeM&_!eF{sURk%b5o?~;=ETr+?*~?HUbF~gH?vPc4QTqi?mLdFpufr{ zp8Ik8+2jRuzF0gdTak@EslWRdx&hKOm%Pl@A+@Jr{m?K?^j0jxXuEBc(Xc*0`{;g3 zdN=62wTKG}weNIkahE)z9elcbzFo+Mv}iAl6l1$Lp06~R$YQ=-1nV!op4{+yr|+-} zRS__Q+lE$%U84MuyyoEKRE^?}m6gzv|7Ngn5V{p~qPoKId>%!HYpDOB4j@fQUyr2p z>J zPNTuap7cpM_jtdj=}?9_Isfy|t}4>xB?ojZ$7 zfrhQ3xf;YIqJJvhTtYFPTAi*Fom%xZl1UhjhN?>432{{i4du{c*7viOe25w z`Z`RUgtG&jz)0i${mnUU%Z{+1ZxY-FA$N-%m&egkK27&x-nnr( z%#NcEY$W8d)Sbx%#xO||OThvf?=|a=dOBE8+6xft$#U+_dubsr((Tn)O%1*S5`#{< z3oCZEx9*Xf zWY7*?esT@Bao2TYAVtI3;{{us^+b_|hL((vTB`AL+-_8FaszxIOj5*3BlQn6xHLRZ zSprYJgor3H%$y2T-Dv$dNpYX zGYa{NHO@{dyeG0;>&(3?ub=i?4Q03V4w1iDimrQ%OFVTv-5lCi)^LN6A(t0nF&b1i4qx?poM3jg-pc@)`)2`Xa-!?%U1m{f zYOxBBz|cP~O_NE#xM*jizi;(Fk-Cmr?+Q`MU3A{gRc{h=mY#^AzeR%0 zrWP7e-=XsR4os|R!Hb2pmfrV*bZ`i;5K%Uan`E~#g=QPZHmWQ+Cxy?5m8gWao$LM7 z=zG2b#4~|4N(qV0nKxbB7u8B!LPcnZBk|ZwCZFz>prw7kDq;}0Ch+ieZ330^feIhN zK;B2SEE^>({mu*!an{11^*gKLG^exMbs=8ZJhxrwY1tB63LntPTo&=tC4H{?s#t5; zC4DAVC*2uOmM?QtJR*jW8VE&77wE&8is@?&Yd-x7Y^wKA)dNtCuwtD7IegLETE~Q6 zaXhr*_}yOB0*7oY7+|ehXCH{(dT6_%rcbeQ0D{2c179_NSHPw*EoCOjxT;aka5Y{16#(~-^qKWVS= zNCG6~ihhCRVQ+yck+R>~VfJ2~vthWr+WXkY8O+uQxb{*&86}Y+gZg#y)y~f6Z zYQDYic9*o>GPvpW%l^ZkxW&a23PpcNq(FQMR5dE0fqsnh1f;ycvXYWmfVw6XzW(lg z-Mzn>*?#iW`6^1ds+*e>>7g9oaZvux_;+L=ff8|tW!iR{_4IGiP^?z3XCtu?>#M_; z(#W6K-p||ley4^{4>cwgQvGDrf+5Hlz$Zx={kCvy+3Y5yWRVbM&yA^3qEabXB}yCUM~RaS~MymictvH6rXC2sP6w6DBbD z6?ixVijZ(QE$^L_kdOu1$B+35<*z>?ayE z&I31L;7}yvGm>V^kPukDZ&sQZ;#5ewi)t?Lkv{ znQkn9e{{RE_kA)PxY-8p3ZzmZm-5~ZIUBELR8o_Z=Z8^H)#Krg7O2FKr$&5G5!ZhT z`a~NW@4iaCprT9QO`cm6CjYfQP-T^NVr{dVI5!WB8lk!-zEChQ%v^a#FdY|pvvN(< zV{>Y`T?Gko-=ze-8=PuMqTy1k)=(z3G-OY@F!h+IZ-iVk@05gJ>KC2p6pa@|-E?m# zI;O5%sTWBki7vTuRjpb6(_ZW^6F%=4z!9&wuhsSMm-+g{#v!83j4?CDd@jozSw?h; zM1o??+`MITMTjCd%{Eu1c>P}dEYJ5)yfe=MQ!rr_E!Sqm>D4wkLS+J@TW#`w8)AEN z&*EJf`oxw~WVCpzRN=v4+^*GP@ZSs(o1w?)q0pOmCZC<{{pDrVtQ7O4EP8X6ttq+<9&imA-)v#t!e*CU}`Yw8|F7e-oY!nOl z0{eAY=Wma1nI`n@!#8vb&tZG5(W^>pNv+X_I{ZKM(JxC$TK{H|EBL1P``JHDi~rk( zt9e7H8S2s&YRBMTJOls3T=8$eq{R@x1MwDw;^_JKp#P7?Av@9`c5@nvGV7xa>ERlZ za;a`Rsl)!66E9K(<-Zt&{eIR_{$Cw)nC{&5_%)R%e7ERmXdnOv`pBUzWYuu$`Mnu- zVkA8{I9M65n{aze$OgB`Jazsmv?_JKzy05b^nYK8C(P^lVdu~h`|pnR<`8_crK+lm zeYV3I2xO%j&7OgCs>vu~m5l0|@5{31{6jxlb`L9881bWG5PeZ9I$4-!+lwA6PHQ^` z`@uzhy|7T+r>^2BHLeu#Zy`$gc>?StIc>I#q@ zx1YJDwl)o|8l<4sILvUVm-TMFF?Z0psC&aGd?k92(x%D9YW}ZP_`k+jkNV7`nFV+5WOPulw0Jipq%gV&PNyM17kX@!%yN3!?$}8qv8qO$4=$x~8LES5Y zqO@^zf)1f?xj9ssj1W(Vy=Uw;wV$4ov(@%wlX`th;q~-LY?Vr65^GA5@jMe@Ha6TE z&b+3k`I2=_O=vxp%4V%QZ3zH@$hCdeVYJF6@Aeowag01zEoRx6J1lLHX!SQ;2CVBN zG(F<;7tovL{9Q_0kS~e$=NTSf`ac`qiNCg3zOZw(92HXmHXk3w(7%d43P80 z{!tssL)dzMQs-OOU99kjoiuvab2G8!9;U%j5w5+GR_UV@`N6=0)MKg4&?4HU3c7AG zu!D*zh8Rc#>>NiPT;+Q@9Qlzrc%2Q(qw!GbUjiOP*X_$yL%lKl?) zUY(t6?UpdTX~!2n)DfNu0!MafG4pL#Z(>~8#;AEuUISy-UUNv$gqAajMcu{xA~ynQ?>m+%ti&draFxko{)VNe#lD4ZJynrkp8C zidfPY*NDrQT-q>F>BGF>#Xi|YG!w^CVy#$LlG=;a5nMGbSK>5YZrjXenD^%(`gGt zq6bnjHs>2$%__$fbHjD6Q|QpAcSdvNUBrBj=nN5CRyxCFHtMzz5w7`U$AJ*9iv1X`A#z!+VZM=6M$XfvnvY>0e#`-L# zDa_n)k{JRN;dWZQZ|dMYs4wr~CKPv^aUZmETM`(5N+W&z%WH*ljGC5K<{0CO{nO#% zwrwa0Z$wKu$zUoz8{K=+>9<5;5?J|xb5sHWiW(y#KIRbO!<>tG3451|t#Ub6+*y~p zz2&hu&ER~Gi@HhuLGG1+g&WO0P7qT2fmn`I5(5dg=(o^e%ngZe>t##+IKqOkw;qo)M!CsqjUmQA6E6*m5C8rO=^mwgfvk=^fHmrNz|oraKWYFLXHF>ZbhLPvlR)9 zCl+>5x274^{mDGs@3-FC@E;NkU`$}j^Bf#Z!yfhphLK>$UbXYcmX-*05Q#+82z4Dp zLEA)&stQr~#9-hBN^W3hP}~H5EHVZzkR}^Po%rDZe3;3?CX)`Y3I5gu+^sW==5V(p zX1GMcq5#Xlb>`s*?*0>Q<^Wf~_VZfc6)@^NsqW`fqgqWKcf;=QLbn3WMMAM-I;xI3 zaFi}2J{@L=MJ)ryK~hZ{z}RQUQEgH(ipKmhk^a|n=v$)Kb1UXomXAlrs6A95DY4-R z%TA|@`HV>&8;AWq@=9j|J|2fd>^Id!;t6drl{VrtN(pYz#&{eI9&!M#wGgh;q|Vmu zx2lCOEe$6fyOT$O->5-kX{L6V$GU8|L#{~eAG1;x}d`qr+X&7M2ej%z!~HB5;C`!9Szr5mb-Sp-E|x$Z*La6M+Nht!A7;;g1S;zbOh9G#uRe*3B_8T z26K2Qm0iiO&LVyvlZNYVmS8@&p^v8sx>?kEz?Qk+(c;(A7}w(Umk_qBygN4zT`srh zZ5qFG96thpX&Q@RmVAiC&q`Bu&z-`dblVL~@+r3;35LS1q2&pyE1klmN<6p^XitSG z!5BZpKT#86J`L6eEr#K7vVe{VEhFk+l%cH*={KgSj2=$X9x`0Il&9Y%Is~nw+kefg zXYzjSp+(Eo7u_dvO&A(cb_-$SF`s5COqr|Y@QLFIy4(XVJjqR47g?nK z2_nZhHKzx3_!*|*sfn2k$;pG%_Z<&^9LZ-I-xooX>TV|?cXy`PMGnh*euX}?K&~^) z3$FvL9|zbrk}ua{lsabfHm9H2QQtX4m+TN)L-1k>;(7TNlhdruT=Hv@&zaU$7(mJck z|8(RUIkmIpl-tqxz0Hm@G(W|6smOH?t(*k$0KIAk--8VVFBADwFxYYAOk}Ugv*N1| zG4c#D?O@w<6Vi8;pU6)oM)w8ZaHA%fm5G@_rVPACN%|Qg7Q3{Bs9G-g`^)jpb|Wf< zj>^z28~wY~hUtg`ABr%roL+DN)8skRMykj47I8vV++sGJB^#h6lF8cCkYgYU4|*az z02xdEjfR@44;5#D&dlwd!`uBqHZp&j_KK*xOj| zhTdGrU*Z&{B!@r7T90$!SEE@es#yfi&z<>T!SOL%D?vcYQLK$rt|?I{NqR%to#6Nt zj0!e;AXmB408OMiUT^V7uJx0Qlii3H4Md~POGSKXx}O@WMPwa6h}$ocf4U#MmyV+Fjh( zEj;d9YL@kBWW9NT-UzW(gwd5|gkb{43N^T?mnKAlwuZQrpF{pdsGd?F7ZBB5O+_x3>Q*%nv*US;%DjLTW&F=(F=;@@`euKyiNSOWsK6wMlHAXgiT5W zAyWL31&?1&)tQx1DiV`xE3k(Ji03G$1rguOiMPnR)K+&8K{_bUZ-WWjAE=h3xrNMW zy5xM1v2iC$qL7P-t`wR;M<>K3 zFK)clef?Fk;ZUh5*rqV3SG5|@(K`O}F(#kBKmci>=kGI&fsAA$`Nl5_^3Loc)Qv}x zy)%@A33)Sty|Rk;x zvs~U)M)HD)-Ux=Lo!P@W7Sd0tA@Kb^z8axS427^z#L=_0_gOWj!gqlc2 zqKco4J*|boa)|fp0m>=h(+2TJd0bCa%oJ&zImRRK^GFiV2ZqcDa(LU44{XN|vjZY&$73(t9LzhUU zXljyz{U|SPwVlO*xOY+l;$@5&s_)ApY!3FSIwe80Wf0)EEQChoJn}Z@_r?bBJa6@G zK~QLCNq$sAp~ zxFMEG*)7y)hP|HWi%h&0-E@!9yk;UyC%GQ@5KT*-$C)7S zO9JGfh`?n_WA_ytG^xG~lFV2O3jUyvc2}RExReO>kiOG_dKhE^2lNXyR)ON7WLg=N zB-}*Yq#n;k*Eqr=-X@;eCnyzM_40I1Sr&a<=MsS!TVBjL%H$?4IB%p7n>!B?^mpc6 zi|Vf9J-_O$bbk9~thUXS9F5H<0p?SOIIqydF~2w?jhwuEj>tpbjoTYhlaBDdte+T7 z)YrPWG>@0|e>C!ut)LI{B;DG6hj-t?kaJL#fjL54qc4_`$+2YC$*Yt5go@1PaKyJY6UTlM!7*{OqZd5P4UA=Na ztjy9nhDrwGMy3#Y@e3wNVjP(^*g0tWy-zG^kBUDsd2eD}AIUoWadgYomg^iK%ZG=w(?JF2t- zk$NL}Ph4r#K*Cut(qIAJmp+36q4y&%jq}7vLo?<-4xI?G5e3!IuFr8bK>xVJl27$C z{&27NhpX1tU*Q$uQix zHDIImyI#|cmz{mv6X5`(;H;JNr|#x(K(EmtXO+{@@#xhH}%{zN0o~>m`Tc_ z1{M#8dFLSk@OIWtkwhd4|BMjft_CdaDrSp)Vv*-@+QS!wNb~O`bruRZ(Ug@e`wt^$ z+!YpwN#ZN&1hCiMLbz+;;@Ohdv-8M0IHLQZ*z64cV&W)QPCEx4adIM2ku~yhG)F$e za$00Z5?I-Ry$0L17Gv=X@}ATrU)3bK6hvbyzwVmmIFQ54j3YZ903z9XPFDV)`D`g1WS;`U_K+6_6Lijf$ z#893^H@5>9P55diDa*#eoAvUtgEIMhJj-7`Ib7L6e@*Fw^EJodc5RF(gc6;WdTFZ5>lGsJ;PO_;$L=s1@@uwen#RJURKCP$G9k`kES;KheD^y zV0A*qoRyeL54Ec8<-0=mFV*iG82zFLyDWw^@C!wyUR~6DV6avn<0#n02;){5PD9Xr zNC(T1n~%y!z&1Lzrw*&F;A_&|OOf;~#EKTHXjh364n0sSMD=wZw1zy;kVImnhahIY zv%1nau}=QvB> zz1qoaXdHDk^d32JbSTge3^q=(uKjDc_z0ffSDD4%&uj`&o0gVp7SwI$ZdJ4Xszt5A0JXp;;zP zBO6>0Az??620~WrM>C$19SRlw*d`yu!$_RH=_wDQKNiP?3bXqus-7Y`LBJl7k{LPH z%PdTc9cfQ=*Gg0tW<5gc{w_*oC2j{tY`#?HL6nBj!8nOIU@JUOr(+7UJA1{JxC;>? z_9TzGXh!JR{@dyfY9Xw|DSam2mNRlrX%w-50e8vY!iaJ>potY2$3<7 z-z{o*!o3}^CSX8O@=dlI1GzHO>C!ss)ESIEiF?5HIjgop0!N6sygxwHurXJLGvkXe z7s_1n4hCe;{5L}VpD5(7HZ`*$%-^T$hY8qspp z1nhiOfRS4zjf`RHuh1$uF*E!jzDl^lS4NnK^l27@AqGOuh(@0vx0tt274&gBOKRJu zNdH_*w*jH;UBe@WBod0xy4OL_VB!da+eRkKX!7~Nw>oN*nhW%L0s*B#rVP0qCDlfHGla$(?5Ie zuO20Pr~Op@No&$$C)&sH#fq034vKGSMU6&Auhu~Xh-pbAX6r+>1vDcmu#iCMp~)Or z{E{kL9Nm2_wJ_4+`$;TF8GfDBjRJe$k0#d>ndHu5W`r5CZ+@Ps#AlY~NQ*0UF+V@E zb*(`Vz(|5CWE!E5-*s|SOj6xo_ z(%&q~Uu(R18+P=b);quWfbsEV-x8Say{W_# z%rW5Bn7L}v^P6G5>2*hi#D%S$Bbi4U;BWotq1;T;OB;1qx{@iE+VMLxnc0Z%trdA< zt#&e1oLeV!UnGrLoXayC_B$H?@5d>C10eJXzwAxdzc~i)Z~`yH2PU~&y~IOul*>_Q z9$K**=gOO0%RaP!r>MS#A(G`0t(?;R`;Y$(Jmm2PNFUNC$HsqJQvdushZ1HdD@|NRB;T7hpFMXyI!{+^}YGBVmA`!O_pb47f;@0!<9 z_eFNIoPQ78Ke!{{zaQcNs&ry4d!sbzcUOneG#|p!f!myO&?aY z7JV$vjyedf*C0f|y5Q$|q<*g=L76TH#AG%}CN3_nHw5;RRWGPj7|hytS%__V-Ox&?{AbR=bK&}9Q^^H!H@#D%aHf` z_m2-d&h=Dm*af6t>NXUp%p z$U=BoET_O1sMmznp4iPc><=nC#A2odJkCs8!dzDHZQ8Krj*Jm?i z00pH+trStz^?q20D6Q<9fFzm%2#!|i6Mg4ZUos1|I9mElg-Urmy}ik9b>~}IIaO?0 zo_i;|DXUh#U;|?iPIR&dwsV27&v{Pk{W2&-cfLSnC`+$XnagppCdb!qh5ktGBQ{*MZ({f7UT`u zrR)dM*A_HDJEex4fuT;m@qd0XW_wm17Vi*iRCH30!(tXsla_zQDPdb9Nefe9GDgwx zj-U7BOzs)}I{As;^)JS6qA!6_gjSy_kEinp;DWOC9(FK!ceraFxw+qq;eWTmQP3|+ z`6$=9?{O{RBYm|a+&clo!hLT=AQd)VaX6Zn#{e0Z!-KaV*=-sZT!idg!m`z&B#>Cr zZce@HQ?}c{?<+W+o{X^CV27xWF;C0^@iwwt*Fag8lsxvvb7Td0;v8%i6I2P}9>k>4 zG*a0yzRtudvxE#RWb@ij6Y!q*w#e-bGgUH#)e);>r{wZrNt;mfY07k3SiNaMlbAf( zPqeAE_H_FL?uZifbt#lQzA?K}d$7A7AR!f2B8} z5?W?xT#GEL0L@g?)qWhMBo4vJw`@C?(~#HNBe2`p!mef-!bF;kmP<)0UJ>Q#=rF8Z zy>P+fXiEbk@%J)`s3QASTBmyxv~!NZFUH-62h>Z4wdFYPPZm(L=Z_?>K1>eMlCRnZ zDu*2{VdB5KQIFF^_{n-kCOR#}I>#h7J)!AJow&owH%GN^>%MIx#Uov}yHWa6`eJ|X zd&ByEv-dN-S`Wit2(aDuC^ zIF=cEw}v}=kPsy;7jh3$@A}Thn+`0})OcxlmzzCehXwg)bCK>!R!vWCt;j~!N$t;sS-?u!N9%nZCN7bPt>>%M5WM2aJay#r5t9CL_D@S?jAQZehpd6o5s;2RKYVgHOU z)NX9uL0AZCCZ~uEyiWar_sfp%?6kK;WBcI)9F*sBbqic)qnP<;Zl0HS2c4iet+zA# z)q2Q=mg3u~jvZLm(+P$h`!~BNDWmh@G&RKI^4Oc?$VTO8Dt!%7qvt`{$;euq*PBLp zU2~2kex8?e2OYpI7{96dxMy=TQ{s#BLBlA`@IjcGMNkv(AzyG$3ZSp5^djl0^2=Cw z2Qt}Dzi-TJoDq8whR?}TRChXT;_bRr?19D!&>OY;AP~`mx*HkiZiReumaBOY*?>~2 zrzUyD28nkkzR7Xm?^*!ts|UqJHSZxa&Ksypw{OloQ}!# zb_%Pc!H(F*og`*e(%4t12kh{yh9hMj;bR_o`a!`LF9a%4`2O;m$ z-R8O8{63T|lQtd5n^N7+q2@RX3(<7i7yH`28x<3`*K`01pQsEs>i!#k}xHU~fBJ z_k&J=LcVMpv$lHmzBHy+7Nij(CPw3nBovP6VD5=HWeb8Df6=wt36chf8QZ~2zhS;8 z59h>TaZ65ZzPzdf1kN_a;CJ&1#x|YXY`N((lq7bpK^)L@#_34@Lh?2TQY6rw5(DOt zc695t0}l-D(TVCH6g{;)%UqUg@rt|cY15V0LEG$KBqrYBtBGTKKFlnHNsu&E$$dPq z6KkIjer569T6*{_dWYm7jC(5sGe5^jPV?aq91@AxB)fN}B)&K$zGVuV{J}koSE!Bf z15##&^1Q%co>H-y?a2(e}*5f`wY$x`eOQ*$`ILOsBmGCQ4e&AvN zKoj-@xD|STMd+x=XqnVP-&05sjDgfbDDi1TCyZgyip%=M%WHVV+#5h{MVugke``QC zYME8B+y@#KB>KK(7^n$}&$$w;b3@?0J^UCRXt*EKSQCI-D7i}Css0!+{iC5s^34eo zuwj>OJXTge*kkkZ;&vrtV@1pGtWq%ZcOT z$&bfo{%!jU`?ZwwvUyuLmemA}_Nx)ro%j#&#K-5z4HyrbB1hYBv_iQZu9<{hp0@31 zVzC1Xb@<{1?hih2y4>9jJ7{||^19|<3B4kWTut{hz`iPIXT^@QNGT++zi0%)s+bR{ z6hrD-NEsRM26I~D_^FxJ$YQf<_HVB`c_U971oiap7Eki!__IYlYywL z9M=iKa;yLomFWh8;w#HxD&AtzUDtyK)}W7a4D!{nc7vXZsz(!O`eE@TWfvBp{H6@M z6;TCW27$LVJ!e&O4r(s3fu9CYhHfrb!n4nVpxz(HqV{oF5(XX&!NHH3wqZ}X?89ih zTBr!xos(>W->$#j&Nse2+nJC->i?2-Is#)>q>o$C%F2+`2pLVB2-G8Hve*7`HjCpk z{iifPZGEV)Cz=TX7mqVyo8zh52OEJ+&3a4j%%V_YJSEhv_+bJ0S0u!8rrw{>cD@q+ zAIiQvuBmO?S`iPZN0HE!PUu~F2ZaO(ReB8|h;)$NK}8foO(>xwp?B%MsPrmb>Am;f z`L_36J@=e<&V9e{zZG`aN%q=%tvSb-W6WoP({S)74b0pf`lNfByvBE6BP6-1W0NVk zTH=u#k)PdlG}LW`KS)G*YaZ@(IQBLlj#(3ACOIlOF>@+|j*@+^JQ4hp@V-y)VT~N< zaQbK@liY1&=Q_b%g%q((e|wZAY2BgbkZ|J{BBAffDj(|3j+FanJ}&lif;N6)trAL85%kpf?;_pPUJbjqJab2fd#y^O*)vo} z?{|{PH`2b*AtT{JG|^*-ksXeYLs8tMEwaY9vm@L&((I)vY0ZHRvLW4RY0xBj>ah|@ zH$N8I*~=o{W;EkvsL)$|22@N{Cs*2|v3)6c(%E$!^6*vh^s=JP1G2}9;M~AXic~ai zC7R+uWYlRuaX@^|h<%p4NFj|&(lg5-Yr5VXUC;JvAa(m6id(h)U(vqOdNO#3>C}bAudD|vVQi>=(T(*I6Os0; zvC`qK6I}w=A_y_}9#LSf|LEigs}U!5$>ZiHezQxutghkx+~{m2DJc8mXTk8#krESb zCJGwQH?IS#>-iO5LVSgkLIaQkiQMm3PgWxF>)l27buunqfPAXxnAxgC)cW%R?;Q>a zGK-a!vy9vua4SBRI?ces4M|U#HzEm1~bQZbQv%2 z_F_GhA7smp7aBHjd?nn47CZb#n?Dghz-(sGwMR4RLe}o1D)K{8`?|5afowGWo@12F z?WOxA`^{WnA04$A_fK*4xQ5U9j`}qAxQ<{FrOi08z`ARZ&g{<}>%DoiJ)!jz*MBUt zzc$|=1E7#w5X;S!a+2p~+?N%Ey`4bns#4T{2R#^8wQEQpVyFmmneN&fSIw|LSxxI;b*&9e2XSDW>7(bkY!B`@ne-&sWLo&!RX){!X9s$8&;Vf07u^FEn@ z>d$uvIl&=sx}+4sR3jHwI}YTy>M}Ri9;e$-W|>cIA`TPM&S+MTl6A=r$AGv`x$Zy{ z<=j0uIYq>Ex_xof`Upyi7w$yP&W|fZ=MX)8HLM*fycpvqIYP5t9oU^%F_rZ0tM;y4 zHAZu0Zg=GtwK_6)8-hjq0$E8LiA5fZfSB4$h?Pn6T0}TboOdTs>!Kq&apx||GI)(E zQWgc)wsu9c;?>xeyfMyI<%PrU417FPa-rL%@k_np&VhqA`OYQCzO&65JHX+AK70^| z%IoDR{Jyt>6X%?nw=u@+p~Ofixe#{;pH}4yiEh{^wIx6aI?nSnuy6X=_nSqx1%LUc zW%mQ>)y$lHKRwmJG1|SMLE#I^(Lw}BphRV+%Njp85{`m%ru>+U z&m0--c%raeS!6ZKX+i{4AWs*RX|bW+L8fb0mVG+vF=msRdirFZ{#i>!8k{!JT2 z7l0L*r!G%N2DDuxr)f9#scfs6^W%fv66l{+rL48~hRuwL(=frP@EP-FeTh(ueq|x6d z5$bYIOJtbXui2`P4~-a&wf`z@5QeS~uYx>KP7vfe@T-K9@*LeSw;nijjB`!%VW{Ip zw%@?Hr@+Y;OeVn59cCbB6^fgIw;A$T_Y;I<0Pjd9{=abkS((0R+2>jV8oej7MAyL_ z$L~vk!XAMim0gvFDx8of^8vVizv``zXK|^$11_bEX#5!D9uX1AZxRC~`2+8ygA|p+ z_{ENb(uoc*7JcJ_MkOaI7$dcdUU%mwkh+V*c>B4#4S`8wo*B4fgrAu34^!sVyZeEx zn$TTH4jJrkN}K-J;KPB2j6A^1Tr+{I$!X=M29cAATWgC`i1Cj<3e4?8xa28-;NC1Y z`+dG93d3UE;p_Q2amzk6E9W8_l5EMGT7%CCVAY@GZYWxC?u;P#)abXED%Kj{^@nAJ z%~;Sdhh)Obv5XYRRD|4`XF&fxarAFF0~$xauZ>HKPwAnM{0zaQM2>VonfR&c9wD$RXCRJ45`hxbkh zd4@z9-`r!4fqQRa4c5deJ;b+<4tyVeZ#B!Rg$W~OolB_)ajSTVDFqGWKGHM&@D3M&2?5+my{K- zT+lR_<2;d(D538Bg-;sfUN>|UH!Cb& z8pM=NxrE=^Y^mi3TY7*qavv6-7BdR#R~%9GCBDcOACsM7YpQ%_5AI=VGX^7IDi`+t zS@SD$x$&n1f-9^?-8;4XTt^Bib`ZWf$g*ab;gV6AzRkxTy94KHiErAM3|?0Aczf9& zpSyPyeRg!`n6K_4>M=uh?y$XZq^Q4B*m-a#Y$#8v2Gy-&xPx zf*}3WowF12hQcR^mrE6XzjIg%z~?1?#g~5>3;}>*u8P~2pJ4q5TY|@wu#X&x*>($F znmQ@h2Aex?J4j@vM)`*8;AXHT3U=_nx!u?9lCs@#5HOg|IB&&a4X}3J6LF?OyXrO> zVM-2nx!oSBgy|c;RNQ2hnRLJz8nKE$l`Urbk_+v573u+MOX8lSgfkysB~t2 z^qFz#p2^?T@19$yjfwR;sn9E7-}=Q2{iRGp9R#2y3cmuj9|+n&x=^>E@L-hmAj?mdfu*ASjdth8{8rq7rfY)7)kamEx0~+-^;5O+ zf|Z)n+A+g{IcLwmT+@HQ+%~=c@!BPKR*mu>srm7nTiOZUpBg6;|DHAkzPA?)J0WaK z9&5|?Ps`1pS(IP--j9KiBEiRN1_O|Zq<=i=U#c2C7BR?3w z1IFc@U-L?MzwwY*rVi7uO|z$0IEi3l&gs535`;i36nULE4C(BFVgSCcc%$P?XU|0O z#=$?NUH^*Mo!Z?aJbdm&z-`FI)D@;yK)QOhv+Z8G@?JbtOCC`UtegN0kCnsQ33P_Q9 zFI{L*r-^LTDIR99vl1Ek@JtG}h|sQm`7AOrx+P%d3qjpof$>M}FI*h-^ph)u3`)cf zk#*^oW;5p}*>zl7^<wuDR z*_*f=i1Evx@60;YYO6ZMK)BOglf}6%>yBpU)sz*T?dmU2mj?Y- zWT+s5j!CGNY!fOi&1Ij;LgQP8Ew8ro3+=mNg?Jd&e1@&Y_;pKdDT0XEWK9Y-^-MAf ze?v9#WGIDL1iZ`E zPbKX%x?!bKSn2b7tyQo2;Ik$3k88@as7~9^^b!MvNBRblZ4Fys8`{u=tKgzL#C|zN zhVFXsTS+A_J$~XHdSO__c&%wCA%&>xaGp8FsV`u}-EonwYE=DffL?5k6?_y>=qpAn z_bv1RH{GJV+a-XsVq|S-URl&w>@9M6cSO=@1WqRkc)B3+Y=$w=u6PlFTRf-m4*`Zf zHg#(SeY$6A&fRVJw6l6<3HUhcb*>4SFy{^5U#@bFGkypfxOv3-qaUNZo{?LtyX8 zquw|!TK-9gPICa?=h8jMP>NH3h|hLQu}1b&LQ9-IKVfT&VqBAT$Q_!=40uhcqMoRq zq`me?##}YO!Qx$1@=^t0p40mF7Qt+O#Uw&Aj!{%EiKv%NVoBPge4R5Z&Q~9>J0kCW z6Jv5BT+Te$eqd=JB>^bo`8O*6GF87`4*n3Ix^ReF{;WBDnu)6pB?XhAIfCg2-pgD> zUjVGjj@n|=`lnP(>4xOVlzU&6%7ByERu~1r!UBBY5U}5i2++p_3||2lqnxWjM%||O zSxcA2fHCT=wavn7#^m6m*5E*~ib>(b`m<19jq zv$NfBx_AjCxSEZ#GPZ+W_$+-h8CU^|Q$-mR6CT*rAL=@7jPe?paV9{05bn({f0^$zkn z(Z}Ay8wSdpWP^nW2W7_p57nMKR)>>F)lTBhk~@VCSOXem!54}h>fY}dLFGBUUD0FZB`kHO<7$Yw?_6qyngU) z>WWfA;_BRO|70oEPnAwU4YDl-`jkoKs_*pO$d5XG@5y@#;-&NBRxX9zy_%_GX>x~o zMAo-te^W>i==>jf=WEkHJks;g9W(kqQIBX-_{sw4o~G}1Db7+<$- z=oUz=X0=-EXpHmnprV1kz3S-lER(-{$|Ca{6!rT~SD6f@x076YmvEJg+y?^yujP_K z5ewBovRn+~`&cpWjiG z`WSo#15>F>Jw4rwHOp{J^N=3>9B>G;xOfe*r-I@nv%^A+7>XY-dk)_uNo$jDX%?J* zn;^2_ITb{pBt(B}B^K0t28%SL{iJ|cxm_j?e@9T`B`LD4I|qd zzg5d~Pi(s}Qj;_`)Jyy-QzE1f)Db*pxPNyhi?OL|lUTL=x&eVAKK;%y{aW zn_qq#n{%ZtFfCcY&LECQ#B#FyYtV1FdQCg!9$Yit-6GGq@IUMOjc?>Kokgc{jEIiC zh_~r4g2~a>zc$Etd>*Rd#HF$)#;Y95Bed(bL9>ATwO0RW&^Rgu?6w>3#FT+Q8j>1HLK5UVTSgU%Vie6R?Ue)zS?V4#LZm|3tL=WX-IZyntBV0qZ2q#8$ zjjdQ=`5^*Rq8W08R|laYvp&!(gBhTT(lKkpj`x^ zG+XbG_}Z?|9Ke(^j5f$2+w~4MDGFIT90=NnrNV?+7FnR1;Gwe%=Mg9s^hIcdz7^}r zuu8IpoMFhfo|}OJQpN7xFhTHZq}LqXcMjCIONn;dQ}1)CtALj3>103+DIvH~8uP*P z+#loZ3v3e1SRSF9H&?tmLj+nJ5k4Fm6I09McMk3iNfjY1 zQ}9?ZbM}@AbRNFxvd`HxT>p8`xM$DnewkmS!#Prh61EbDtN?B_T*u9#R?47qM6g{d znmD`yatZ1V!j_&z-HtoO6F)W*z1SaMM#Pk#t)ySatjMgGUc(^V@l%5qnso%$%tfYsP;YGQ z%vW%@9GxIx{6wJ4gEVg~rd9R6(q?E8#vm|Mqrfj-l}6q}RjyOcuXHnLhu`WIc0Hn6G;s~Dd@;ny4d6TIn( z9GWa^P}0sC4XZo7Pa|#hpcb04pE(Lpu4!5f3kT}AN_{}BSEzY<_Prv;Wb!NJU36p@ z1ncTjpaF)g4+e^WBJa{CC`aQ;f5o3^w;xTVjwEt}!_jAEUE^do-Eokipp7$D(CHLv zTx6?A1`(OWbeNVX9et#gv+54|9gr!|}8 zAM0z{uvxB5xwlTn{>W@sA6##;vS{CZkb3_+G0#@W9zO+0;&jKq$b2zN8_YHIc&5=I z0+s>d3Rq94b}31-`9N42X`&=Zb1JI|XQ%NffGmMv@=c3=N0VfZ>J8}rK~*IU-35G5 z7W(3_VkZydx|R#am^(gG2vF}>ATcD5C~a90mvbMN=01!fF_3Ky>puldz9`&_hi_h{ zg3a+8brNVabv#L)0fcGKUM#P@ahr4NA*zFLcqly+U8ck}f?R$0Nt(u=w?8ko|M2kZ zHyC_E$2bIc+!isOK2ezMi+NjEKacvR^oHbn`B{%hX4W&+$5OdELv<7wrn!33fig6l zcuCfr06*>~xvEYsYbIaNiYJix!LCK<#ue9}LhX1m271LsCVl2YmOqq*Y&9$;eUqL0 zZpi$RIo%kh$6-ZveesUJ-69J(8nwhe*7aVLF}!Y&LfFZC+-1yW2ZJrKlFTT3Oh7-b zw->@RlejPWn7EdF$@Dsqk?m(nG_UE7d6XJB7!@oWTJVI?Q0)IxCjL4K7a-2)$tQn- zdRbQ32zoJ~3mz!mj*GhIbo?E5(t}|PvIc2I#Gz^hQ zqavqkHm^mHXjfRK>3a~7oTlDCHLTk#0|*rRieVAQXbjR&4Z_~{>7beR&fqC1FNDrd zMl&SB$BGyeQdqr`ahx%HNWt&rhS;P?+X|E$IZFZu!gRcspWrkn%H6ognLoIeUi6~d zX!yb=?yZNZ?n;r|clo?6i_GMtrmYE(5AIwc%qvV?uRHQH$rFV^hTT&^sKyqcyI*lv zRNZH^_{fZFg>96guE2P{Bv1e9<-$!rHn);<)2G%;-Uif0`IEE<#@DkG12;|Y8V>K8 zUQC~Oa2dT_Br--HyuuqMryix;ktg#zs4;@C!g*z6aS}%!N`sd!V`;na}Oq;p3hyDpApROUzY?MC^DwwMeVAp*6H3 zIis}LjIl^oZdPuH4Dq||{VTWm8FjR|5%$muW72~=k)v+3>FPck>1a$Dh9K}wx|de5 zGisP>!l7ovIO*-sM#VTNOmzFP6DsneUB|4MtD4yUyL4Z1nE3fiLRL_*KiG#6_DXCU z-H^sxmFBxhzIHb`zs#$*W*M_gr*qh`*DF(n&D~cQ8RWa|7n5G5{1C_Ls6MMKFc89^ zu}cOrlL$W-)9veEk0f^8ZhUQDkjA6TQ?VO{Vsn5-NF)Xr}WDC^2nS-m&$nuqgjiz801%N*C&6ckOOt__4xY=K& zcf>-`cz*K*XjzTU%kXPV;Q(pN7;BsxrqcU^eNoGfQ$D^YYJR#2NR+zieuGhUd2|Yx zH&irDk>|^=7a!hlLq(mm#?|Gu%b%K+pD?^ZAGpD8DaDx?@IM~p?++qKd*!2qT+w5a zOXTyC7$hD3^6swu6429yRBHe8&FtjBZL$5YQb5(hVyE1b&~qCMnk?Xf^zDIR?d~TS zgpN#%`y3j3ILUqX?*pDZIQFVDkp5kXERXUPmzndPe<8V&_1LUh%8-5cL;QBi5(2gg zKcPw*#^5ZZ{7K-)ULfsW`hNt&4o;Qbb4CdOYRT1hmXmTR{cpP!upV zeJ(~0=RzOQesowF&DRUg9^J~YQ6&v~3JCH`{R0vUWnuF#yWe0#A4M=!ym->#GUDs^ zyVu!9l#)GOz-S7{H1ZJC%TB)-V4g8fzv2}Gw$~{tW1>J_8x{yGq(WzjJ?)G3_df_7 zlUImn@rVR_IMZ-#3lfG_H9X&9y9~lQ8(`6k5 z!-vJOO6ZqhoIQ5_vW96KoJRNSI_*HPPG277kzVE6il+SE_N z`u45u2AbLcCyc@9nD*6O*C7q9^s5Wwhgg>tO+VlBKj7Oi{f`PFbW+CF&%f8d!3I2r zNXcv~pN%^&T|r6m>Cft}T+8WZ5y!1lRI2+kJS!!_Y;_(Q9fouu$-u#$c$Q`^|AW`8 zbe4c!MH@I?=zXN*D;j&4A0YKJf^dFzDxe#ZzBtQ$?ZIU@f)5X-rjOzU{jMTc!w&E; zp6wq8wKT5M-bgbMl-0yy7?=lT-t!M~^*(R^+K z->plIAFD+4GC_Hn^U*opEm7cC&Q#+AU!VA?5;}T9uXe+dOW${;ip`T9{eEYDU6sPn zKWx(?X)`vUS9I~_YW&(tGD_$3ZSno0DzLvAVdm%yQSyp&#meDPiSrvmd&$bIFfSh- zuVb8pcODk6Y<$RY^;SRj^2nSP_wr8#%vKzLZm4{**%x`des8c7E5Kx);~=1|cjW86 zF?K?Dud8_d@SEMnU+Cta2GjCCJm%;nuDRO%3^cbJ@E`w11FB*5-!(-XUyNjgu`FyK z$8bCA?nk@9>)61k7!51dJN>t=2hDfALE8bQ0e#<5g%GU5@bC_YpuM&peY7{WIR|+r z9KvnVm#prZ!X0?uU7?|E-b-wQB$W23L;)3Svr6;kq{leQ1(_qOJNn$KH0XmZ`$N~g zgOR0~!P5z;HR9ftM@hJttHF9T*JGZ)G;KK%3qF4I2E8H`@n7sBx9kZ*F!}c72od$NjyOx@scemnW zzP^Aj$zg2Re@141x-v!@fOH|3dk6p59wH36W)Z+EdGA1lbOsi|z%p811Ym!IrO9+e zcY2p>MmsiM5DqQn%xg|Ad39F@XTHd0F5KlC>>fLb8+WPC032)%v<4r@uU1G;;XdnE zGOLO{n~rx0IP3-sAED2Bo$r5kkKYQLE0LSPdZ=A;!S?RXnLNcwudwnfGo{fN;*oKV zUWquZ9;Fnzdimpf20QHA?dfjIq>I< z=-+Sn7z)r_1~QascE3o(|BFmwdnJbRr>Xxh|6oKx^Rzg0{QZBPJ?B=Qb`i$I)0ymG z)t=!(2TnvK@Sjujm+@<1830o45#z@D_A@D%p2H<1A(2s0QBfC})+OhBAKug%&3;yy z;nnl=Er0i&R>=VtO!%lx)ache8iyTTbwJp!r>Y7fka$3~N5Yn)lRkU_6lk=d=;iy% z$~2E7aU8FzJpA6>9asch6!%hk&lAVyYXH82iJdhFdWX1accJrYX~!q}Q=0wDC#G%t zW>tgEYxl4FNDw9+UFn+VeoP!HOAK4O+~uQk6&-0GIsT92=1Q3_mm#gmJy9GZko?@#hNG;VW3!-!YqET zTemb|0l|24+rFa*cA&q4<+XU zmyHx#446;Ud$Z|P^KL9%0?N-95-V@QPNXhIN3AA{P1V)an-X+Na=^K)H)*^JzV2u| z@K&G_FFORa^=(7GUKRSIS&l;%%85A*63XQd#-?w+(~r^e-z$AdxpX2658X?FkIFhK z?+yLjw*GV-fVunN0^G%Ajyo#9W=a_HL7}gRmJWs|a^5DmlV%6i(YeS9H@EzrqtS(e zzztN0_*l*8x?{0bFHY}bCOkIg@C2?n_`g3Nh~cw(A>3m_YlzeWdWoWB4dR*@i*Hwr z0g5iVB4QR&w6NEt``HF0*RH{b%epQ6_cEbl4L2Ha`CN%>Hvl1BIS-o%6Ws2z&>yRhNmsN1>|zvWQNPG_@d= zeg44|ZpFJ0(sZ8yQfW3{{h7%JB;-|wV6?^iwz=1Kbx|A}0~L0{JzPzkpFgTZFbo|@ zd!u`k8&~JeQfhlu%U<&8%d{`u9-Dcv7iZE%kz`tc9?Np~7VmL=rq`985%;Bwc5x5r z>3~T$08g9#F0ROHW*+Z2ICB)?qZilNCD8%CAQo&9Jbq!|SfEq#g3I^ve9(|mxw`S+ zl{0_6`i1-aU1OE@a27rT-uu8zm10PHqYvJ&CE3+|id0eT&j`$jbQCj;_VOK-mTRI=>-SnUp+IQ0F=tmbUp~RNdmg zzAzcy6*lf_h>(_Uqq!3gL-l@rKq|jXv$P1??`!B>lBW(*PP#EBII241M>s&ZDlj6H&q52FXk#l0%iMoO2}`Z>!=pSRD_#mUZ` zC-uuNajQs1N)m2;{p1%hu85NpS~8)(O8^tL?TR^`3laE@D|iI%qJz>;@O7P+t$$-a z$xP*SpNCE^9;`rb{XVxr|A#;3g}`?@*-fuDq)bcF*#^m!$V!^i=_Q~@5uk51a67e_ zkg0GxNJsCQa_NAg`ztJihZt}3dmL=SDTef33f|)F*IHsS>`_FjXE>=z&^E0EQe7}X zRi@m!`BXTV#asrnoaz^;HtkX{JnXNnP&y@NCHuRNrP^K7L?m6_K_rkxkZz?UQK7gs z=uOOXZu?Yx&`V}}5shn3mLl)8 zg$0cv7?L;Kulw{H8L$C#188P^3qM3qp7ypjLWtsDjyvUdyI!V#B^$MfIG#Zn)%gne;xYd^$E! zTEK~{?iJmEcr8`V&Ef~@3@_Sb?f3T9pS&Ok+D{aX0GvbHl)Xu73!o=Un&0WeA-``Z zvD0)s10`vWFRUYGq_l^KVwl<|t3&5&w^*uOlQ$~D3=Li3>(xt1Dmk82kp8luG*v#Hh}Rx@qufhc$M<$mVQ5e{X**k+vof8_dw(fRQ=>rQr)Pk<%w zQt~As8c@es*REu+La}H&^eSw~?5w&n6TMx$*7gU~I;_Egb`1;BmAfeUS)ufDTaNa3 z=AIhaS)8hnJw?DD={fbAm$bL6Hg`G<&%ujuV;ziy_Uyn710r1akJgT;U~aR58mAC5WJg+k4uH0(UPQMgkVd=i26&^(mz z1z)$!JZnQBEiWg2?Hu3x$>BYj)6L4cQ0Ccad+IPlO;QJg``;{c^ZWIUd|n3gBil;b z`BBFd(9(wE*&x_8sx+Z7rM{K6XSYX!S=>@Sq=GjA+a>2@aL-D-y?rw9wEN_Y)p;H< zjo7_0H{NXjr|lAm91QYoG#JExnw~H`mAOT&8h8qSWM}XE+{l0UDp8<3P3nb#ZlP<=TO+%`ViSN?bPDAQ*gO4_=54D%?~5mXzFqlPwYsDQ z+Ocwo=n`FOl?eSoeMrlla%e;{ABo5z`()ehR=b42>D#g;G>)o6(ze_|UkT^!{Bp|P z4_v>}F~Po{3uy#Z$w#sSMrWu3_c%=X*=lSA%KgLQ9cNgPLL{3?6};LBHfBPY9{Nc7 zGdLW1{KN4RRRZY;>jqXsnU1~&-AmJvp5N`}dduB+RZ!14GUt*m!XUF-J}1ywi|Up54X716x6 zze_zKf z3}ecvDZI2)Hn|LF5>6~LW3hF;hgR5&gk?caobA1-fSuQ-dJ}73VJ6e<7(NF^*lJSR zV0UC>kETP&?hl}i^;T|OWWPIY;0z2@Hw?~=yO3^a z-_mWFf+C~xM)X*!q-i8c9x8m7N4DG0k8jq^g$h0o6PvXS$C1SKrGw9s`JAXcmQw()Zn<-Ul%ND}SauT*Ync!@s=D;*8(?cj8zzbx zH7`8)@P38<+VJ86`Cd?Unneb@pPM#8CxV1a9-B)w)`Jkj!JO-9<+DxW5bN|c%{hZ| zDam~?*2%`VZvIu*q9Ev@{dujANEhRC{#JAJ9=Q}X&u>0t|5%64O7Qaba+JHE9s`tI#=yyJ~Vvsv1lx)n>Q*P`Gq*KyE_U_by#lyPt-(Bm)*h zoO>5zaD;TS0lNzWegNvpW%kNX=h;lPU<0?yBF1L5QK}jj5iB0cP&lRQZhM~!e#90K zYxHwWy&SW#&r&@EJClHiohU3~nGc3Y&SVQde-@*$C0V1!uO|fPpM1Jr+1MHgGIo#7 zoY|4?+o+}3P_v~ka?>Ps{von)kT!(xrb<8#!vx>Woo*lECi2egVl%{@-4NcsIr>`W zfk6qCFWvMvnf+JAD7KUNq^UDsFo0ctD0-0}ai1;jN`o%*5`)ec9-3y$FG1E+13FA? zK@SzGO#wBV82T;SSeNrW_nT;|m;uPyqIz#FZsYij;FJ&+y8M1gX}3@)4+ADLkaE!j z96$xE;rp1I4V%|dHuC{UcI@jXY*eJQ6$N7DN*Ifxr#-!}Yxy(X}- z0tj1FVAvm#Fc+4C($GzOK2KeP_t69gbbdko!Zp@r_PoBAwRG8)AM;p9UAAuE1&1PZ zpHBe3%5}UjZR{Z_#9<=C3JiPe`g?LzzW_nIXLq+i>j0=WKo_#cf%-&9ryXr8pzo{! z(oKuDO)t|h%tK%%)bKxrI8V3|J?T2F^1o7P5pE6{RPs$<>fYE>BSs^P?Fn)jBMtL99u zQRM-n7Htl5Ky8b$!z=Kc8dk}N?pg&d1!rHb%(mD*tmpLbpEplTzyoGBHPas3>y8Jh zeR!=pI!maV_4Kko`u0uTaS8+h?|nKNNZ|X*nv1Oxv%~!t+^-+|b>ADAIM5Fn^F~z=)gl1axQ2xoocX+8 z!h=6KwmNp>InI-}?uqtepLhO!+^j&2&vd%>;n}adAm*_U!{bQKn?exmRAa*kCos8l zM`nb{X6;Qbt!(Q%@@MxbqEw^bwzIGXr7c*YO1w)mHWqY~U2`yZ@l%CBhf2`(B(@p% zF+V&89TBO%kQ)YWG<;OMpKyxuvDdDcy&de@Ri0}Sb*D%7aP;?j>gu5hJ51=2RQ=VB zkt0!)hn}d)Bk>ETE=|KUK#yViQT1_&?e;CXwJuR@KXkn=OaJbJz;BbN#`mlfylY3A z$mN=&9uX4^_ziy95WO|hm#~S#!d*hMW2!8wvovFy7!ZkySk>AP9NFF1onBv>{)B7)f`UDj z1i&S1e}P{qa0l)6=R*i0It5MPF| zpa^uq-0PZ6#A{tOx6(z}Nkt3vTcT6T!=jaFy$r&yD{p;1-L1N)pWpY#Di=B9QL5M_xwZ`J(h!(O~G%U{lyXR4!)rMN zA=7PloxOxGLV{_$v~!hQ->b`=H<#w}w?)8=$6wG_+w-kIonPw>u+AIMWpc|Pd(B3+NoZ;p+R{JJ1;(oX3+w!VKAKmx-XiDR@)8@hVshwKN zub8yy?4onip1tUXUv|q8iYB*d&~c;#-4j+~=Ptu7V-Ewg!Pdy!!MWJ3gJV|?Z#A=m zq}Sg)>X8MdOAl14ai1@SZwaZi)ofN<2_FusDW}`V;`H9!jkCe#G5M(My_mR!Y{(q! z9g(~W?mVv9DAyxh1FZ1j>^6J{*?wtB7!tus@x`T|DT_b08$JRZ8mdJc?9-v^;1|6z zJr#N05PpUJbFuAXD0muo8sQ}1&HfX^ehqp|&aP9ey<1T;-#cD;66SlX4?0*KRQ&4LV%!s&JV>EO&N{@e2<6+Ifm+JsF*l29IQ7apiudG!7Cdwor~I+lI5 z+5J=HsHY2Ip`Fe?MWI~8_+@Dd8Dhq4fETqmM|6Nx?SlJL!zffZeci5CU=6V@Nm>5t zBZ=G2$6x5d#4`$Fp4=P0H=@9|csT}plmL)}LM$nNV4&DFs zb3uAb>V`h7G9EB>umL(H>b*f$arPz5AfZN<%Z7%`*DtlZ>t^4hXrJG~S(v2O10-0j z!1|u-m0%*8?4GRL#Om*eyMP&7U3uDGslz)U&`Si0#x=oRP1@Z(!E_{R3zOWu6! zwmIoKaJ$r7jqO_6B?lVRC4=9Rtu6fak6=UD4^4^)S@N&44kj7w`%gR3obs~>^-Ac? zyYYM$GtJa+t+cE#HpmHNnj?IW9o{blV|{A}V~#dhr|=- zK+uU!4^L-*ZEXr4m?(IyiVDJ1-Ng<{#2079|2Xu&_>y6|kD)V^R{Zc|N0Mc*Z=xn_3$6!C-~8ql3(}cFJ;)@4_vGR7C3`r{{>3N#J;`iaN0*u_i`&^;=C>qL>|;e5S7^)Bw0iDV?|U07U4D!EFD zPA+|KZWhVC(IGDRa9C}#Xf<1+xiPAe?{T1=bs5d6rwN9R;5k!Gc785+wCaMqCKPiq*!{q`uIhVLac4 zZ$GHgDm`L5VFD=pi`;f*vovyD)N|Ob>yh8ed(fYyn{L?^!^M8Nl|hyYP+rX-Z45v3 zo(wFF9aHp_pIbB95J=Yd6yx}UOhF}%FM5JmG;&+Q@gx)kFlw1fFn*A!g14M)^4S8p zzxOJ&+ZvzwecAcgfedJPjwM0QkeT=-Ry@5%vYH$ZBxUA1>KvW|c)hyWB|4mr=Swqf)o>(qg>Cgwr&@!7b zerezBC!?E_sWNOs-Wtt=p`KUIcB(kwH7#OHZr{Y71RbzB4p@CRyCDlirdask;+Oxvn zSNwgdIvo#O?{h`uQRT0YXD#F!x81i^s@5IG1VS0Ft7UCWfJ(3(P()-h+jPsSgDEfv zprz=Ayeq3*GNB6Gs4C zFHzgn9l&+0e9R*A_zcK>=YSI9fSy%8OFES}+UF}b0FNZJZ1}KB11S@>~`8O(S|iGBWdSQ0O*)Bi`slY+8q@s zx-srJV2%g0A5u}9O;|J9)F)9HcuD=n?Q7%fYy*jdi%*_g&0Ck}OXlAy?a$9^_lyB_ zT19KNE~7wMfR5|2u>)M6=X0F*yy!?*?TAZv`oqX0@69{uH3s4_g-bp?2|_F1=LCBx zlFu9c&>Yk1T2nN~OTq~z4Nf{^_N!6i=+@Z?$*F$?hO9tLx1lB4Y#L0er7^BR zyA}w)Wj|epLL8wVkw#qqeR&5C^tRM(f>^oImD2VIwLwl0376XhQ0EOr8|Z>gYW6m3 zT6;X#k*6623K}Rxo6cLhR?FOm)4OCX=7Cn=cgSGHI00pqY~1cCIVG3K<#g+^374Hj zz)wQhWi#QB45q7;D99!5b#+l12FajKUt+$?eW7$dAK^qH+uaK?l@(g0YQ9OUaorX>QFpm8Rl;1|hOS%%~r zqT0W=Fwa&L9rs2WjRVSuIS`lFd>gF^#%-f&tG=i^6nb>WU0HYe87b9?m&?_qeMZxE zMlq-8 z1IX{3=%%G4`%tcDq2GGBxt+DI`~$vJMkX1jn%sKrTZLAiw}>jQ@97NhMUR~g{QcI)?*t%ElV6js8U7Tas^elo zk*{Pkfi}<55z&blcuhG>6!=V9K-G%Ru3N6@v9Q1_clZU5ekYnKOSq22;xY(L~k>ZxHEAkvP6)48_FQP=B{D^}N~&D&=tk*0wOUT?vT0NU^orGQ3)Hf5uc<;F_L@n#Hxg7~jzxrlVF=70C z$D_sde8X<%Tur(86^UW6i`;wB?feQ%4c%A<05M$k{Xfp$GAydK?H^V|MNyFkr5uJB zQYECz8DI#JZV(WL?yeC9Wk?yik#3|L6iF#*q@@|889M%p`?+=R{k+@f!~4bK;t*!7 zblkbfmmHY`6YrYM>G>mstc?pu7|Hn<=j+PHhMNeNB(h2Ln|FfL&==O*qNt zahZ`SG4ws3F_n?c;nkw7JwfIs%EObrc$-YGm!3{mk3_$6g58*c?vt}~pWO#Y$3|Yq zSXl|0NBVFqL`TpV(J`5m?0s*;%o{t@2GU*aV@f0mY+l+1OnA)UkI#+*So?V%+xYH# z)G&=pSJ0p7d#z;5(0)ziZo5Y`3yo2(7&mz5x-q0~^r6DTx=fMiNV+3H%T=<((Muh0 zAur1EkODvKRk?EGq`D><`m8sCdD^~{JuM7Z*eUGu;D_5-lU4rNSdc*cTwQ+Ob57c> zfxv4)%2JAB6PJ1$KR?+wrMFAWq_0Ey{ z-xZ=~Fs{Zb`DK1&9~%6c)H%MHsNbe#o3w?{4;J=zDE9+-;LWB`tcM`;?B0~J0WpfE4Lq=?#HoZ3y*%Mte8?-WV(F zY@OMyT0#ox4EW?!nGHk~9)0>kpkN3{%3QK13v&Zw;&b@V_M#i*9O~4!D@Fi8FZjlU z$Pv_XD#H21I&v<=Z-Nk@d?#(uiOkk-c}KLA2&~dd
lRsA*;;J3LyVJB7g9$cqJI0)rQ+d_SsbXYAIsDFJqtRZ3`GSe-l-$2y<{1n2l z*MUf)l;f3RK#7oqWdqtZxFvmU%%_;1hd%%7FU8C{UpzN*jPJ26EBbr12`v z2N;vow5*h*MA?cb@-z}c`vWf_sF9wx&?MgS`=J&l9Ft|&wn$J5(>f0FG9BHWmv_K> zD9b{BKM!~_`*wL2_?#(#t%&`@l=?_;wpA*^AMa>{VOuk=I&oN8a+n4{J+^Y8z#eAV z39ut^P0>q;DMXNM)pl~!f*%F(EgD~*Uk8jc6Ty!;AHMHTa2zOFsck(Fly2DRq7P`p z_yxK++T88@<4ToBd|*>pJ{0QlxBB)g^<^ljXlGObGn}wi=@_4!L#=FPdzQ8=HC3M! zl7Qcr3F+SSK87J+o+4SQO?;oI+|e8Nxdu@Y|SZNqmz1D(<5e{VHT^{@hwWG zksqVw_*BC@7m$>knMd9)HGLw2xYNz(eO9e zM3VckCS1*-pc5Rhl*2xrZZA1#omvfgPni~97`fXSVMdhZ#;yVn#esCQ^^`e0 ziLV^!;I6gM#zXm_=eSrJ^a}aeEcuo%ctc`~UMuogcHaIzjIna4Hw(xJi2?`})Q-t7 zM8x_UwWY<*w3OmsGjHTYUolxd5=Gxyf6(Xl9?I*d(nnhT@^Y8M8%u`Q(fx8^qqg4g zd{<}QNyh=OPZo-Suzq8eQtFlsdu-?dK)GofD6RAZO=Zc&62-6h;ey=4YW=69jyUK% z<5%^p^P|cAPrM{JZ_$OISdzp9Y=nEe4BFp6FiYO+>ii>??S$ipRM$QY`pXtkE@k3w zc7%ymo=E{XNQ>L-?oh5;IF(io#S8Y&+Md+ysYLn_1Q@EYl1b98HT^eupRu%J(FkdqFEt zx<^ehg3;ImW-uJ~saAEQPk+Rx?zkA_alH=&Nz1Dus-zwA#127^`MvB8ei>>s4KHz+a&&Kf{g zr{`b74UT6+Z7sQJ|fZk?x%-8Q#}0eGC9Vj=Q9IdGbM6c;3y2cf4j1qXegKTXX`$miwyRT zW~twOg|C#Co9_bTvZ+u?qQvkvf>3_pS{aoGKI#zrkKSlCzUkbdfU`s84D(1LGbu+F zi|sQR#cXIaI>aqiiAMRoULph7LdN|8J_K*nBZASbrkUOXCoj#>vs}NW?JSMC)r;X( zBNE6#m3eFz;Y+!_-vh*Z)|1)^SuTGA4=i8qlYW2+JD6t+D_x!?hJWQxXJbGToyMo< z9c5>%exO^as<=wjCd;sXw+BxaV{9U=bQI6|8U8>iM)TpFt1WML)4E2OazY%+*xULK zFa%~&5UMMCK~iqA{e?wJ&}0_)l$e>1=0J>ny^@yAhw`B5=z|`wPdedpOS0$YV9NHB zYTmDog$1s+_K-yp6ZK$<>yRN^o^FU8dy?py8td4SCpFCYi;wh>P83|MDdj^d(ky!8 zR4rik*-x4M$otlG$wI`3ln=Zd$Yv~;mKdfLhF2L%qUX}zzonHs?C7;w$FG+AAt>g{ zDG?jd_mk_IsHL*#eyI=LzVTmHG5_Q#TwvNxk^l?!7xXf%h7(!7$9eT|uxPq` zceEjJbbUOt7rRB*87v1qJ*ZV4&8)f=2!O=R3}(p+ikNwo!Rt9$kV^C0GsS2<=sHM5 z-|g(s(bFMAAQL%^K7GDAK-N-}sSNiX9$GAvLCA^wZ-?^wGAgz$Po_mm#5p-u0#S1@ zoSJSs7fD-Uowq_wnksLEevNZi*iKmK;Pyd7t(6L$kPX7W>j*Z;CwB z-m3o(dLUqvD}u(g@eRSVraee`)?KUadOmrh@L_kJJ2{eloG%~jTg;5xv{7YzpVC@M z=Ts)y_0r<1C{Klx%i!5SGQCKQyKCCtv1qx(ty2m->V%IGKRPvnNoS>cG#9&o15q{W zY~slJevwj1J9SvTz5E-eJ+pF_G)c#Hf9;TK~;Blr|95FGFRbU1t$6tEIcJDkHoRcgyI z^{0@L=PytX{?;mTV|?|A{`T70bt(!#)NbjydFG*5q<6|EGu|t@9|XEZE-lIPO`w#A zVJlbWfD~4-H<7Kbg^04yXZQg%NF3#mxqdPL#D;FkT<$um<$1Yr5F2$Gt@+FA9ZrJWum*M$C2k%+efS6bPIA^9fJd9Ce|*f(n%7xx;$?($Pv~i zAT@(758~&3$Bo~!+264)U%#3^~T_*vNb6k3%X ziGPw;Ewi;j4R1hRyA{swG}_ejyp5LmuEVEBTrhc*I~)Mhqh%%(fl8b>!!Sxo$i>)E zeZqcDi1DT)O2V-E$0wc?9m>$A4NtFq)Uln+oaYZe@>c(1Bcp(M8(r8|!|AX#WOCQ~ zo>4Y{mDJ!Eo|)0_#W-4H~7|mm{cbXo>zF~Ms@&~hp7xF;k+T!m* z5_{++N~x8pdZ_@Cx|tJ){ zb@Tx}uXSD}YpmJ+TDE6No54b}IUCrgwc1bQH2y643A56^a0Y718t_{U>Ay3b&GQOE zO}g^6rWkq-V%BDD+I7c%skD$>bUYlK0sCNx76{FH^^A@LenH z3#ZwdPCr@ra8(Y72??P*4C%oF5>ltTG5H@ld5xcR{3tCSwld0KGI>V8T2tW%au4eb zHD8+s{92^shiVnW^3z|gbH>&t;yOJ$m!pMh66K&0Omyew7*qt!6X)yz8_tn?EmkDA zJFDKU)!HPu?|nBrhQTC8`f9$El4MlFv!2-j)*m#C1}@1!EFpuBHpU&E7?drWsxtRc z9*TXlKS7NA=BcNKySo`G60jI&;}nc6OBL;{nRz{UJ`T_~Is`)XeD)F@f;&qF4|^0g&SBVhI;sEeNi)m1^8TQdz(GDui9a$N{tiOmYSVm2Bp>@ z$BENL_NEo{4#6Zvk#$4mqrMQ6j-dS>wXj8c2cwcpN@`~G^1>TucW)^(Y6Qr6oVCO= zfr99R?2*YZPG{gur;jT= zh@Q96I%xbXS#<$|f)mjEE#bMLZM0r=QJpvTm;02J%oJr-1K(3Iifh+6LPGSYSnOhD zucM~p%FQG5MP(yER}Es6CrjjgSA<|so`s!cI1acsNh{5pYbuudn-<#nrp7^d%DWq3 z{&ywg&`Pn6ZAPSrak88lE_#f8@#AHY{>HlFKWfO%KDe~KA!rpRDhLFxmpojW<}K%` zL_{{lWluEq>neUr&{wQevuL2f+=>b^(j8`ZqORutR$j-ZIIbxdMS}md=X0Eec+8nz z6IG6oBE$=#gV5U1Sdx;Zi{jAvf}3$O(=jYY^0Cs4RJvJ%!t#0QfmJq1~lV#)zWA88{K}WhHa7pl3v10-XvDk7BQHbL}gnW8Q*6 zVMPELIjdbC&^*T@2sogtB?`hJ4}7ZC{q;iZl8knmW3pc;i8+LbtZX>laKUVWuBOHs zmG4r|F?n4tQ)m_y{i(ctaQhy&^y)1I#W9;BDVARmkQY&cjXaLa-}ufB=9HsQfKKwk zX*@bQ;@~{$pRp|}V4O$+%}dDj)3QrvI?%#j#f$#^%f1R9E}01TX_cF|eKeqL+rJ~k z7jkf>XqGsJJeiB4*!LI$F zus}>iz5@FoyktL_U?1a5MIX$4s+8VyVZ0fP-MsCeXWBBsx%_ z$9XY)oNgqn=BM(^7p(e#=T(s*M6y8aqagdqu8;3&=eVK=CD)eUkzZlXKkwvUMDwlG zR5#qtuq_bkjp!ezVii(%7ahsEGwu*6nUFnI;m+aa{r;z?lPc+v~bT9y^51 zn~AhCd65sN*v zrQT{Gj`6Ng=aWx&C_Aa;z05>yvd(Uf&YxvhwrUun$L&ORjOqq$`dZERQBTb{{G9lz zE=Qbr%_xmj=pN}zapw1WiH&Zvy&sNkf6*_j%rwF}kx3vUqF%N%{kxw2UjvJa7&P9; zBG$hsPtUFK=;$=#e9B6oy=po6?V2}+uHpya8f%ijo?#91%wUVI7)GapG>=~*`Q9UWQZVzK|t^*m|)qu3(69`xMUMgdQd zgQKH?2loaJYPMGeIHJQmH3?wjF8_mDtL1Yg@HbCwe3id zJTy*B{v3e&dE^%h<$ukkJ|Tc;7vbgC^8A9k4~}lo-3yb6=zqPvn%rH9fX?6Ri&{s2vWQ|8LUE|2o{i{P_Gb5Z9;vDt=k^-_h+~ z=k>S$1^(ce|8GD4+j{r=&wOrPFyLNKNbA4-_Y?lBO8>R3Q{ln+>m##GaamMzcdMg; z0JPlRg1MXjat*)Uos7??fOCtk6kI&~y;;nU6a%pGG$6VzY?1?1CA|ys2x~fzY=~r4 zM={8fwE^nNwC5Dcjkb-pA00!ktkT8ck1wpTC5{Xu3->jXSJOg!G1E(OFT98k@;3&L zXgW{-!0osJ1*Qe^ds>+Haqr5t>x+m2`94k!NdV6e3P9S100y2T54fAAd8bJhznH4i zsCpqTAeDTgQlQ0ikJp+C2m%W@bXbHMmmh%S%~H> zKXrKV^E(D`pdTi`oCMR8V?LE=CSOYySq|J#Inz_iQ)72M+u08i*>SB#Vw4b8OQxMJ z@7*oWIXM;QADx>0dT@Ww+kXb6k*}`W!s<(ZH~UA$@aTMVRdV89+e-n-e@lteqBYKI zWU^5l!5OkqQ284pGLbBSl8U=UxlCc)4vRqtExnu}fK!2Kqn5d-Sy#*j6A?60;IV(< zJE{`qC?V7xzDo^coC%E7ON9*JCtAwDXMBVRAM}sqs|G0 z5GK5|j?#p`BCYIbGZhovRhRGU-XORaakM;9?QoPXZ!qcju}c1jbJ8>-lP=ZI}J_Nearw`=@@3Y^aYEgO@U&1f>W znbKf^_LI|(3gXUhjjcq};r!~oRo0^l zMQ+n?5AU(uB=0E44v)7ksOu0LwS~xsRU3g_T*f>$4%U*-siYEZC4!>xtjAJeD&Y}v zj}0UoSBF>&&*y08b^$@!TY~#h&9+WAz8~!}RWm3@z9db5U(UlLDGc&fy?$9Heg}Cp zQ1xRmKJCr?+RF|TPypeeG{@M8A~30{C9J50*@ope4UEWb_{nYn>+ILnqR@rTsFug4 zbgfFqueF;+tlsxP`35*8cyEZH_)`=0eheE+9+CU_s~@|!njHL&g`@zh#gM(V@hn6D zBGVC)-&oO6+rX**5LInM$pBY z%43(X4>89+H_}+c;qCeP`y;pQEDIfzbA05z@r{p00uAOvU+Jc7fwq5WxPmYbM&|X| zDqv%_MO4_$(7Fica|-hmSlJzziv$qKc;tSqDcH@AJ4wXB1d}G!n*=G~3Pa)j2z`4C z-j=uGLW`B<-`xCS1n3t-e2N-rZ0h#3x>TWa6sQ^N$r=WD!gyH(o5f(68C!y=D3(WW zu8T7yN@#Y}D6Ijy7EJV+l>u{4dJ**f<^oNVTe>e-hWvO1JfzZUfN_ZWv8%0soO&DDLheJgC9Zz@N+E$&ICbHk;Gvvy*Ww=;ekq>GUyiBe?yxtL|9(dJ4=g_ z5%xC0P)-4!PXpC}M=I-NE!F4l`O!>$nUMaB>0Qrds$SaD&B<}YK=yuoG8;hix4SaH z#5-;GvP(7Q6)`)eVI5o>wy>fufP4~tec&`OTPaMv-%Qg)+- zPftjFMwN)<2uq1%(hUoBs+qSV^Q24^l_JtaG|!{$zX4Lwx&6uLim(@c#wpO@C~X_+ zcW^cN_{R+EwL3kg5A3w{!-DVz>H+IS0p}GW+PY)wy1lQgIcDqnS29l72c5N19}%=( z+?l;`q@sN5Ri?S7?FhgZ^{qMkoCsjHIs>@QT2)Sq)Ue_lCRa|NK}b}gE~AfnIp21L ztzMA0`O4(}ccvSkUBE-$bY>^T%^P&x3v}@1J#?uJT&xjjH1*kp%g+LqV}b5Oj!emJ zCTxl^+Vi847(k%vrgz__#*C_Ar{|FuX0U31`aHxP z?K}xStr!E~WC_5v%b~Y-#eIbK`3@v$i2j#hsF#Dn0nMhpIDNg!E5{6Wzcb*)8QGeU zibw<`w2HJq^byDDU6@?@hCd;F|5i74_KMO`2UD^fr-?o6pab_sa7EV^FJv?qEnQ-*nHzXpJ; z{=}htAQZ3KcQ543r>aB1kaXE71a;kU{h5{M19)AA@21R+QU{J2W^bp%1-nl9CoKR8 z=3W*M$if{77F2+whq?Q&ztxg*4N2EFFrZ2Ag@sHqtPHC`yvU`u%Ohe0PnXl?f@shA z?(_?(Nsm1kI?FvPdY;@kqve=5#9*5zb0^8`haccbwZRksqDe7b2x(cpt#3c1y2S(& z)yI}5x3t93?to6YCY~uB*E8hqpRBvg)dg~f*yWDPD7M{pIy)G67Wf7n5N$S<9@n!{ zfWNf9R!;nivu{9pgnHL9gjQ5UPX#QnDz?E^h^N{Qu>r*@{D_^SAS{1JWiO4cX`eO& zSa6he7l3a^z^B9%=JhN{m(!n{1fH_n?=(8-{_{yPjE{TbQ>IDM9OBfL@J$8 z9148_c%0tM?GrlNYBKz+K7M>&vmf5gQo}RZNvsZ*#%&Zr5L6(1%&Qw z6{h+Ch<#g`_hwQ+o$&6*FSE+1ygbfoaOU#PtEU9PCIPw7DE7z+fl}l-pGsc~Ei=nL z-;J7S))JQ|sQRU3Z-E~Em2_~224{?Y5Y*D4WBMXju2tq|g{m(DDALI@8a_)F<#-xL zfAz|K`{a5%clStA}Nw@Dpe}< zU>&fJTZvn8CbBM);iX~v0Qf={ht))IaaPe4aGhv(%=yUd*S0y2x6qRC%W>O2h1v2( zeXLyy5j0FVnv^pu3Kd$2AlX7al(etS7rdNwf1dMkkcU^!!D%Ch8}Z zlbmR}hveRRfm3zP7kqpu8yAPeY)$o@KeEkvF4DK;|E^xPzCpq|W7yGYoZpXRT|n8w z@Y0A7DsKfr1suY4pgyOX{zn^3ieuWTK`K4a!tF(>6~|shUrSU$&^AT5OxZXGMFnd%x=m(L*IY(tiwuC(YD!vYBnTAQqOAu59Q5~&J8bH1X6 zVY5Vpp;cb$W=(Dl(&civ9QNdWvg0R!MRqK~<0zGGf3uJWIfS1eq_u_b54}eItB&rgA=WrJ5M>B@L-K>}zC7G}+yr-KSa>4f;Y)b?#3u zozx)>Qmp^EXZc+Pkj4N}d90h=*o^;f&py4Cq{IJkEf|x|<6V9BH8M~7#gHQSrRu4Q z!nXe$!w?VclUDH64)TWNz4DxI^z*+cU|LyS@%7rFZfmuOYnA)xzaiM@T-OL)jJ z-AXDiiBXfHXFJI&4~^*L+nAg7iBUy}vTK_KT2EZg>fFpughW~Bop*$y*>qxBU+U`4 zKh8-!gk!;Hqt>j&k~#TaU!gG6<5pRsrb@FDADJy7vDI6&EPaw?o0d0Vi%oSKO6HhS z(y$X+*ws>GTt%`H$qG()Ai5|l>Ciy$V~Q{vGoC=z0{>F4V}Ijt?4^mjS@~}QUtHA4 z=mzL1n#N5K_M%eJkyk0o^gElyfN&qzm-?^0kK6ojElzDpTyf%WWir})D!xecDCkz^ zY18adfo;D(Vt7S{JtH-WtGr8Y>3K? zG`l_FwnNsO9rlG}jZb3L-y2e>+B-$t=~( zxb(jI$)xR5xk%hegJ|8^Xf5J>wt@m#7UP#JIcek;$9FSaFXU{^$r0BMqZ`lbLr5}= zB?I*`@U&7NhXR>@qf&jL&@r{SIuLVMV?pGYi!$u$G;%~2;^(+gs5=(|SXnTUs*Z<| zd?Ruw5OfYw3;0@4#N5p&FbpNE2qvi?f8HO2gP$5z%IpDycv99Drt&Ad9{ex`e;Bp_ z{OL25_R-t-2>q8c2K#%3V18%wC7u7-O>F@N7wpJ`r)&du!^CH$6$lx!jgPB^c546$ zmU1bX*2ytMWfbZ|c5{=PAn~b=atWQB;6)3oDim5zl+jr_psTn*^)!OWEYO#MXx~m) z^dX~6)Dl=$e-Bj!Jb-4M_*bB}Hqs&%G!K->eY&dIwBRFh)!Kw>{4j?k$HMT{fv97J zn@es--j;bh1%yNXFZxw%GM8?n0>2rr8G6TXC3l5df#UZ8X?nz2Y&9r(B^mn~1(C9ptGgJXI>fJS@AEr1R0>tV`pV6kOKE4p!Dz8PghG5XSft8~XGZ ze>gg}C<^8(yR*Im7z3~lZahV2kwd(=7HG8w_Wgn43ZJ8aZ;>^1E2Qz1otjC>B^Co% zZMIKK-=PmJdjDcl$zt7EIc{7ylEvjoaNvRaL6V13yeOO|xrn>-Itw-S+mA0szWt{} zy8O>eA|Fe%ePxj)y;`H8d$OiTjf$sJYrXz)!bn(+~MM7!mESo%#xu3kv|LgcTSutOz<`NPybOoTw46 zzs6nDXXj+TtOGh&LbGwhJqePoooPi@FlaFxOR|F_yv=jHbVK|CMcJ|k7O84QdQS;`0?|~0#}oKvCd-mXNEgMp@rBN4 zxDre;V3u1x0}{n|Pt;rIf{V~m&-||(f9;q5(eIH(7V4mDdjH({6u7yeIw!J90a$Gp? zEQR8KIl1n!Mk;Mz=v8#O7wD&zhb1lOmEo6OB^XimT?s#Wa@T@0_|tmwE6 zDo9#bce*x0B!LMNV;zy{9KtiJ`?oHRzrQ5;Sy`(f*? ze!VFEvyd;uUZgBd2%o)Zp^XOm@Ry_V{@V}!q%N0Ic8Sr7txfv2pvPW*46l`YnYxV8 z{I@R3fi&?il5mX`w_a>!DhmDiPUyBWsr+XuNOy6L%vFb^bWQRbOfUOE zH?p?^URi-PhyA6Yr-XKI`}GuO*s*1I^Sge! zLeYcmjSbwFlX#LkJvR=a+uIvzzN|}OpZO(t@f9&!33S$Oi-#RJ(H-;dn#+JIsTU$v zPWb4DYtj`Z3URr4j#X?!uH!-kTi`&5_amCNgAWR4n?1Di{5^HdyWJ}X4f;IPNXWJ2Wwk?XVlK|(s}{N zDV29Z3HES?lce1qr&_An);V}dwb)6Kll=_d$3JEd-jD3fa5Ixjr*@)X3jM5umK%6f z5kKs;^2-aLx|K8zFw#<=Ewp$!W#$M}U;OBr~d*+)j}I>is54>|$% zu^7%xl<>;n=meLDnVCQ|Uw!3c=!<|^lWAx|AABg8?`rek(`AFpXooDIGe};SZ|dk> ze^RNiG{n4-br!fly_0HNXv?wt`4K1p!F)d#Y}Lt}>te0U zXl$yE&_QfbQOMe&Z)IB3;PY2%gvIVgh9aH~&T5b?9(tPp)IaC)>2Hd-gC9z29nCXJ zF08M1S`xBVA`w+Ku~UMXKeV;BTEg#L@RnYaJHnKgcbp#mS&2gS>HZP%%<6xAI(=?F zO<~3mYL;=VRu#xgF9Pu4-QIg`H=7X#!WGK8iJWY}tXJ#j%ER?rsQa#6mSkDXl!4W2 z$ypVr!)DMuHIC;DUIkw$EV^ogcyk&J;dPRyo?>fiS??7NN5jh3ks-k=E~4GLcV7GXf^@1^d8F`K2`_dFx?7PfAed-Upi- zK1C8|_GW-&cACgC=?_p>{uAI6S8rzs{tkM5=u;H>ieY1FX$E_3Y^=*Mv`0WUmx;+ALakgAyhl3BZQ6q zswbG^KLIMHRHY0V#p>;)#yQDJ0GG==GTvWI`@c@(`Pl`|*XXfG`CEAsA%5wDcDeab zwq|Km^Ll_v8XCF@kXid-s>+iWI3HlQnhL;G;vRo0W&eX%GH(EAaOW}g?#XWrB)X0P zuj5yAxx7gI8^~UVY{myKYwY52tlkYF3jKxxtda8=m7gHeX*=++kJAx1B$! zJT-Ci{?|(Y41@7!ZXfL(&;IuiDJR6t0Vf5FkaD5Lo>;)<+{?;wy`MdbrG)%}PQB#q z4i;Ue%MC|t0cQn74ko=JtVIWIfN?4thR5_h20n0BiF@Esqp;I^ zWo?4D@@YDc%JV@wIzVXz(`?FP5QL+oY%OoH`^I!gqtLL$J`%>KI6W<|15rioez$y)88W9 znWJ$7hBvIn$~3!TxtMwc_k%`VOAF@4^qm9rbv=xOs0FQq^8_|d&WeG~Xx1Da`|xGS zDUQB9VE$z=`^(>z6`N$0!CP%l-$hZ`FvBOb9$RLnZ!hKM;k?_I@-(}OuU73~So{NaLKsWctuy#|PdJ17zboMa?iBU*Jc z(|8z0$z<`AYg{&xUf##)ZozF}!D&}Zb#t@(VDRN_vF(p0@T})i-sjRQa8h?+7Uo<~+nP%>Wu2ucPr$>6e zFOruM8~7yk|JWR`0OD5l!vE%Y6`_m+I6s7bjbxD;P)kfzZVN%zs4}Dt<1g4WIc8kr(T=RXmB+3;`*Zrc|V$3;lkK8-NW;ql~# z7iYz^akK^-KXw^Nn@@3>LajMZJh~&gUKR7uT1Uusf3i6K<$7zp4b2+>w=!WV-}%r+ zMZ5tZRE`@%tYZ}xGt2;2P!vejveo6#1+51!p z`2^5O)er}bS8G?gT6}snYPUaWga*Z&d#x7u*y^zuuzRRI+la|JwPJd80^2KD-vH7N zk{e|Gb<;T|D$*Jdb&leLUevIx$|2cXSkli^8M5TC>0X7tPX$`#GC65kE5@jmfvhZd z|LJS)@Yn8KyTanvxb9fFKDe-a%}G`u{h)B}Khx?C2PHqfJHUZIXCo-p`!{ve@6`(! zG&}>|^7>3xp}+l#Hiw9q_fiHBJqn6}x87F8@i^4rs?33717;C{{X>f#Duqh?@JSY; z90eBk9g}!VqCke%c@T`<#+5t%;URn=j)s$MzT+nRv`i&_;y#c08%)igiK>Lb&P69f zMYGk2WO*Fdi|r0TNEWoN`tg^(km~l)a;MXTC9WO)Jz1 zlMZL-3qN!}F~eC6yhK>(`R;BRV1Vir^i7sXdd#ZgJL6(cqBhZxp!D>8Ut8jOKJhYJ z(fa1iR6XeZ#PJ?qzV<&fLMfUsMi$AH#I?C<%)6;q@PEKz^e~Vwy9G#pUJkSXt&qwyY*Am1ac9+;0x}>rz_eL#iKHSD+_fzt5mdS6&(W|A zM4(lYx=rLbt@8cIFP-&$dI!Z%q(8`i+)O-h@(c*SiUH>gDG){#37vcXEL@%~1sI0h zlI+;0zB^9p`qZH!n_}-zoGX;pA147T95wE?d%b7q-6H7e*&z@NNm!E(M#?H~cq05q z>w&0CWoq1q(*>d{wGz9Wk7G7&wxMQE=V;FDJ)C<&9%@P7} zhjLXPHv(p8x|}7<7Sluo`8%qCBh+i9@O+ReH!3|$og|eku)a06!>(!@wRWd6%8v}^z8NMd_hWW4~OoWvwv!riRF z=+EoR1=XXxbc^y=ndxIM_KKukQ+lm_-vvmtBnV|n_7-v9XT<(o*5KIUw%ALcU_r?? z|9Jo4&4B8I$dW289V+;76IXBZ<3wR>g2OB=z;ch)^{}FH0HP>ItSVbx6fBLa6E+f< z7EHg>^WwP&LEF6oxhErk7Hgz(_h{QRdQBY9hZi@#WETi(2s6N2pfX6s;4*5USZh5A4!6h_k>D>^)|vo^GIZ+5&8&jn zD~s(=l_tV$rVun#^!+Xl!i{sS!LqZJ4SET#`qQ+{R<+J+=u3-KIZ2J@ryFg09&3@q z!;2nrzMPy2->zF+ePa5JPK#yosLpMtKPITfQnmf|zTvw> zmuG}+1hRWc?t_Xe6Hn1C)56OsqlT*m;mn04E171uQr~1jRCj;Ql2l8xDM@jDBUqTO zoVs_xu^6=Jxk znD=mrD+8KbT$|Ydg;@|B`e^VaVl08XC*G8O4S_9b9=B;seEBdn+SyZm6_fFnpp1rh zO&WXAO?6~QcQWzVocU}PJOkLcKECmC_=+SS*EI_hVz;iknDBoRz5m*3eTu_nS?Tt8 z7n0v$Tuy)DgED=421F0zbJpD@U?w#J0=xUi5NBTo%(Lr$Eh75-m(QjHaSgo`ef!GH z1{fkGoB5ZLXpg;J&PR_0Yb6O_n5oV2_}M9s^`O%|(TAA9LSj}mbaQn!UASZr1&zAy zS!qN~bw$qr6C_gV7HtxX)4;u2=q=@=-L?B~L{A=CxvY;qS~RWir~Xxo5E*q@vj>;e3M7Lg3Y{xLhSa!?3dYLA2QNaI$BLLVB?oOd0N>)U_cW2thc4Ip z1N#fD#yMKlO0IrhNGf4FRj)&eeg$Qy zw1E;_p>N-poZa40)ajST=MqkxSo66>2+(s}1`x4{6!PPPb2WPQ{maPH}Uhw5-vD^@IX-TZ=(b!cYd4EpaEjiRw z2>Oc?LxBlPB$q`bQL={Au_coMqj;-Gs#|fh2JPvVUF_Lr)pJOqW}EAU6<^$^@YYZT zuZ!JV0au;GPHquaiSYC8oFUFMu226qPwxYK%_MofuQTtKV&}>M5>49@D<;vZnN7(R z-5?c=_1yUQu*<%~P%7~b^PfaWTpP3HRPpFBtb5+m6sW5X@+-!IN> ziC5X5-rl~SQC1wSGa=f;w=+Qjge#wH$FZh*9q$F~WiwnZFPXRB%-U8Wl6Nxt{Q3~G zedR|)3r4473KKA8#lhcouYOlyaE&O#L5~GKp%T_M$bgQ+zSv94=F&;NC19w7HRgDAAHH3v{*3Fyrtks$~OW$*~$}$juzK1 zxDApxb>Of@CckmH2OCQ}hk`9GuU`Yp10E~rqsEmO=KT?CE>0ZMRAlVpd5v?{0utifRU%i(jzUT z=L=OZOHJA0stU$?KQ&iM%Tx@LvnPzvmF?<##`Q8UIm2ox=Gl-d;BN8N@I|ZP4FK#) z45k01Mv{y;%l|rhw+Fi4 zqauLa?SI-CwZeC*^scw}{+vaFC&6#P?RSy%pTWXg;Pk7jRgwOHqfk~^{)G&DG7GsO>GSaWDXl`J?^ws}<>v?{`eGd;L^^@g( zn8A$x$P6o8Sb5^BF~D{;^{Ha~c2=Kae|gb}hw2`q$0;o00y9!2t`xxe)Se_zhu2cB0h zeAF&4)AawkSN=H}|NDx7?bl5l)y9Ble?Nq0I4Ulq&ERZ-KR8&nVQb#m$6su$`|0^KOQz!@dmI*Whc zF8`Ri=Y@d8J$iL~spEGy?IjN0G{Coq1;_Ci0lhEyv09-HEY$^8sI-l`4`jTkvFX-u z1L->?s<|qVyR8gE4gJAv+3YEeN?q$G+F~!Pdfi2mvSJ$XEd-NR5C72jm76IA4vgfb zP5xbDFki>LD=9s3b!Vv!U=-|vHBlVHgvMT5IC8BVX|T#(RyihMUYDZWd?X7d@5ofKhNsgj$U|7Lzm0$(o`j zV@sG(2QdFBc+6Em6KRNEjS^Eu74$9Eyt{otm*(8$SoQ@+ zStqF4d2Q@-FI7F;XP1we4aE9;f(OQw)rtRpgGVr3bbwc^-3ou-9Ts=R1PCel44Rq` zzV~tl0#%H80E zyY+Y@Bxc!R8p5u{P*u|Mi`pS5?lHqyxz&9qaAg$4%P|;ea)8|7O!d5Q*+x|c?|5d6 z%e)kA%dp@E74p18!LSUx8QVrn3m8GmZU+Y%$$`i0PgSBxj$N0Z-;vsA@G|<4&V!Sm z>+KKjX|l4K%Y1vL`T@_j7b2ug0)}wn&99Yx&`(%;cjRZqCmF9ZD%EOT)+f1AO)KPT zOXowFpO6+YB(*a4lipFg!jckbxdi<9@~#c2wJu!#id)FE!Jh#e5?UsR9CFa?TZ;I- zH-~hdKo9eMD`vFVh^WD>aA&s(cZnB3&w(5$HFvjEpqX~=Q1;m24}Dah0BJxF1DaCR z5C8A?U}=jR096G#byqZZ^DK&jtSZL&D@Hv7tCk9pSCuTfOIV!8y?PxfF2D87Wh@r( zo^RKn17w(u^1LVlAjhYtdb5e|2Vf<1;qrRsywlwW)NvH5xzi-wtYMLU_r2(r-hbr+ zhf0xUWtk)-x{N-!2LYiaZej?DOsdNO-gqX&+#YqO?qI$45qx{K{mPy96YKW|hI(&x zEbGKQv5M=5XE}uiF1!#~>J5NhdLZLy$zJdJet>1CZb#{oD71Z>jrf6VGkfm?LmpYZ zR7+GB!;x^MMS3*R-AZl>!9MI(%MH45_gDT84f`TAv?D~ zXtzZvj7Qn=daaZKtcpwRzVLwbbTrU^>;8Y7eRWt=>)y7yG0?5FC@I6xB_SOuGsw^- z9SYK+bPkAu49yHFDag>>4I-T~bcy89okM+#_Z;14@ALUy-}U{s)-ZFi;#tr7J@@a9 z%zS;b2U*dDORvikm-;?GOLsl!zeS{V)BeIjDENYMUN&ZtJ#fyHnyv+-mI)}~yK%5lcOPswogGr-}t*b3v&_PEclwDf$iBkoec>b z4S4!0zL=|uSv>61q+y)3VNUA6Z2(J|ta1(|1C*BBo{P@!K=5&ZH(n2{e!{6JIf!Z= zJ8s8jK#uj3?e(f01D61EnB%f>!*_U_`R5zwhW+va!TSM-n$p>n`n$Wu}C1C+!dwI}8cU<}zVTb6~RFidp=(qejKJihD zDOCzwsF(i~@b?#;aRr`&B}T&2z?$0gvtw1#O@3S=;pFj`>$ItAi?3_8q+$t*Dl_$8 zJ=Ubp_=qJ@6h)?Zj=l!`CW!~6=hpz%yB^c9w^CZ(Z3gZs`TQwL4TwY}0R%(R;tHWfh&#qX)1^ zd&H-GG})&gDfBhRv7Opm`xhTfxiaO|E@!D7gm2BN?rs4roX8iJpL*DFrU>u6Q9{=rs~(*CUJsveotW%dv193fP|nb*3f1m#roM zeAmA{BsZmBI6f;$dzh7FrYoZXRpP{8ixtH`?mI`EbYDI4(N18hgg$wrtRL~PT8}3; z8WL%xo%Qtw4evPj87n)OPE<*qP>yHW_x@a|C_xok+>8 z^#gUm11Fo~o{T#3}#ujiaB$#0#un=4Z`OMfd5`5d8oJ{#~z|8<@?XR_OhAItg`?Hm;AyD^3AmLR1PI#vA+%O?WEnwfM)* zd0o1+)6JExqs~f%QB;uczM$0faf2*@Zs6>1A>I|@H+Y*>ay6|#7ha!G#E-@4d>49S zSu+Rd{8QS)8JT756mX<>0xP|XKXGWOvnp*IVI_>NcZ;|M%q{0h`nBYVtl!&^fhfo5 zkR{0Ct@Gh$&j)xy?wZooK#0Og_%zI4X6i7$&97TbIjmZ^MN_nrxAks8*gEA#r-#iW zpD2Z_^u->M2v#>)n8AzyvJPUw`MkO|0(78`-ehpxy-97E#w@d3W;4!jVOH}9+|NAp z5??a%#QP1ji?}habH92SY5}OY&P;* zZJ&}-C`5a8LKvZ zcc`j=S#*+@xHfAf*Y?MEmmD&y@WK)h${-VDd8({b%C_AVqN>S=Mj-pWJQQ%1VQiOS zHJxMWy^2LXjTLgqd>_Qn=p3|=#7Ioe(#gL^*q!>Gv6*-0mi_I80>(+c?fbBx0;tqZ z`~u=7p8YduFTKSQL0?VDSALdsqLu+KNUtcIzH}E5$*8z<)$XdGDj~N?=z<1pvN!G+ zQKDV*g+hhi`_Fi3*b~#gL-s)a_~|Y3AJf&p)~pdsO1bvf9#88!(QwDILnBHrL6H@p z%Lhb628u-7L`i6F`SE}V{=z@&1h1To2WC9IM(2%SmLm!baEZ?lda5Wf>&I>8mw@r8 zfhic%>3oAW^^FKjA?&@JoQUPERLk@5Mg{Tn1JKc!HHGKnfew?p%d#jAjF1>Opp`A_ z;6gh_6wuLKFYrxqj`Zo8BXoVe^y{6Y0lUsTl+$jtp*fnl=L4!4av6(}GD_5s`Yy0x zG^%cw8nq36SVRk>rQ#o7DFy?7Hkq#`{imwX2lZGWT}wevAs zAl;AgU5sgrbra{*?L6NIW7^?#@nfN+)0}>$GCxZj%jHQ|Y=R~B7?RTlB(XO}e4)k}r{1`!%eq#xYk_64&}T18jv zq5}D28>0f|=AUz(E&4TSXGu?AjwK-jnrB#Czzc{8M}&t(Is&qAzF?<0scEamG|}qjTtn4j{4$J{ z&M!<4y^Rlxf+{Zw7diH&_`-@*2rf5!)Yy|zf5dcJOi@7@?K~Z!MD(wY-dLf>hVTnz zwwFI^6{o~ucnmzwj+Tn)Jakxccb=kW(fNTT5E}dLM;2arV{IxiD@3Ex$*uN-*B1`w zMSUKQ@4^!o>;`*Cw_qZiae!&UMxzR|Br;1YNZo^fq^DI2>-u>ex7;UwY(GwxujK+? zri*|P$y-V!-uaLwZaC355TICN;lGUN2E%YpAkQ|%6_Vy ze#hLhI0GaTvqz>)EFV;$oxUiDY-pSDpoZ`w8zKgxmQ%}QoIN~luW_LeQtxtev&m9C z`(2kc)+Muk(8fLTKJmDm{00tJ5?^y^wja`{pAj!}b-kQfLkFD1{1Mu-nSXn$(WsJ> z%VMsiw=yyMuVef>lDa~y*=xWuoI5A>*Ef{z-vF~@h2-h$i3{7o;k}Lm^CL{9g=KoM zJl&fsrza&J+fWldafIG~=CV;1QOS8Dt&i;I>^$kG1xC*ZzsR{cCb-i1r2e z;L-C66|}$pTV(X5zMufNF6G+!Yws=%*^-lt=-#km&T>|5J$Egw&OF^d`t{wvZEPCT ze~SO`^P&Eqvr3}8+&R^IJD2izwt)b}OEVfcg#WB9e%{J|z8HUg&dLD1AZ1*~C(M5? zSbu{s|KgARfBXyY<;bGp_5Wa8dtC7bm;@e;eHcl!>W=#HfZHz%slQ!?pLa9TA7~61 zSLv*0|9l=Bn1~;r+$AG}?om7fiNmgRp5^J6vZ^ns<__R_8CJ*Hy#ahmG8N-6E$7R+ zxI0O`aee0&9(8#?fB#?aBQ+=hAU@y9bCdh`5ft1fetb3*c9^SQD+K_?U|8qO%naC- zZAP=$#Bm@`Ps4GzsmNINy&Gi^g%tRl93|MfSOswY+KY^l#um+WCyHePc5=IL0MjkB znD5{!$NS#4<#9KsGJo^a=7d`Rt?OjB4umJY=8oJ#G;$0E%Xgf!X9DqDC1%eRL!LY8 z)BJ|nYsCuOF?oi?onKGw85WNa1}IiSM~h8cCMtIXsw5s|X#{eVFW&`Z!NH*Rn#QMb z%@)M~R1bTXr(0-94STLx|3)k!dtY6KG=x%wzijav9h8CmW_}~iU_f|S5mjT-t;xxv zckgmStBz```U5x_wfxjL0DJ-v^7n!V=RQ5y9l{@ESErcb%liBldHcTaR;H%T*^>|I zhGLWTcNUh=Z_$C|>89z1ek+6dNw}-6XjvHpsSHhQXIa7qfzd>SN+C69`{)~IuNvp- zXU^jtVq1kwm!MOR5yjB~@ieKEuRqJ-YQ0^s2$us;@SdAARxSal)Bpo(E==vu!(TovdR5ff_>!U%rMc<*&k+!wAGOm^}^_y{-K8Z7(l0v9aJsURu% zd}kK@?R8J*c;!?UDbyI=Yt@gBL$=WOgf~U;Q_8560}XJ(Jzq!rYTeh7E%;nRqrI9K zmy*Qei1A){JKV@Cp~^9wwAWG7X>EvuJCz38V7?mnIxiR1TIbXn{pKo-X#PXM$wEQM z^Bm@E?uW3|_sC#VkAMc=ZGJ`zPemM$U3Bhu<82d~-O>&lf^fR!b%`P!jlQ?YnhhvE z_HyqJtMUmSGnYVrpWC{^RAAFnwKu$@|JM|As6zZ$m<|bKGf-crb}-|!{0_>i-X8EcCrne8x_E!ZxoBYk?+7uxVuC@=$TybsG zdEH#zBQB!k%n*?3426QY^j6XkH$}aQd1eu`bmt6_^r>%=+lGA`?N! z;~!v5sVuKorjw=EHr1I|C#*lT{o`|p%s2;tyi3W)HUSyNGjp^j4}uTE05J6>U|R1i zy7~A7NZ&ThYH2*m+^FI_rSBm7sI6IXmkMzRKVK`KJxfmvaHsJSWej||PTP2YXtz2| zaPwsXd_uP6vDZsj35OMnujmVfBqo`&MCT>+R#u*42Z2}2x|Zdn$UT*N5_@*_l*_^p z27B?Yd)E(ceUYZEFsZD|!ag9H8t|mk6MMS>9t0!pe<0AwyalgBsQ(x#CH>`QQ7#zi&J84m<mGS}RN`FU@3aKbB=GC70`ln2C?vh@ z=qPL^x88?>C^~{X@i<0a2c5N^z2!70$SJZ>BdCTtj4TpYjK-6~!>UNK>ACIQj3Lbo zU4Dgo@Y=soFK@OMw+rh_i09o87SK%Pd7QFUs{DD|M0=lB@S#*a&O-Y&>r#NvvkDcZ zbUjjYSs7y=Mik|>h>!%~=C?fwvr_?_Xi>H$xuwiH4h`+a36rr*+FbB-++v-AdV~$^ zyH?pM5W_^AM7Gh~Q@wV#cQMg(o0k0+Ji3DMgfJVT?)pfCA_+{uU>K9~HhK^ClPwL=cotlC9e>b=gBl&%8@I7yYnW z_)Is4c^qHHOH}HqeHDh4zKz+B7Vbcmyr>PHz{8(-?RC1MY>C@tMvfe>0b%j{D1OXwqGAXpy87Q3AU=d`w=@z-@iHg#t>a0;v_(2QZm z@futeE_2<#W@kV_2kPSa&{|tJFJnTU>qAde*tK~I?{{ZQ*W#vZ&b0>!CUTgYdUJypJipI#5KK0 z3>2CQCnF9EN>7I1N&!4Q7ff-Eo-ftVZ#SOhgFYhA;Nu0^)@Yt?%>;%MPT2yI`8c36 z;V@8P0^@94-v)k|N{A`+_?}>7Kc;v#tgLXL;s-*WX21M)O*Z!0ywy)3kU%=?rEVJ)?^?G zBx*25=8LefIt~LU)sitXo`dx2n5?-6QNw%im4irxr;2$1i#y9xGFO?G>}Ks>LxmWj zN@WoltGT4IUCQigk23d&idlO*FOKb)2aSkO6A6*e4sVr03&e@^Q6ULjg4jvR{@Mhsl=V!2+60P4Hj@rj@=smIJR~U%oM5!(-Hx$d zw-!%YdEjS2s?%eM=9@*lyt!u&Bt@k=5AgaR7SKUUZqt`C<;Snndc1M-fA7hoo(DK+ zsZdVGtHRQyPJdH|%YCBqmcR9kc{t)fOzVEgKK(=?Q&6H7PQ#92bSDhAB!KH0uf-So z$pn-|2_BCFp?J@rOA5#^=rob9teUk1`kCj}sOfCQ>AoyW@Ii#!3g?rfRo>pz8_>KF z9c1}V$;o$orqnjY8B?TxG+Rpf=eZ37ve6Me%$oNzT6uGKXN}aQhou4<@7BpRUhjT`eAEKiJWdQ|@1wi$lAE2>vl;Mp@!c(hEs za!fh-<&!js$@NnBIejSP8PwxUv#%3EtNKF?r0i#rz_#R+1B$#Zb0(g)sE1Q?t$a8=g(kHyKbDIXF=0O!APcSFkdK=lTv`Me_2cr#WG^D=`MU05g zA5Vqe^2GJWeBPonVS!*n`cJ-ip>oy$D@WqPrN>_gMmD8pUqSusdToxe5}$*?o9$Dl zHbDcrwE{fk`8dUaE#mg>L}P2`K9?|rfPu5#i5l^_6jW9C zTMm^7gl>u#(I?WBm$2cJ4;af{m4PjQsX$%6bd*ffS5Df)06P3YX`{rti&foSJr1xr zk9&1c>=s4z^@dhT*V2YW^M+f>m*xO7y&i^?gR|oeMWX6~l~2;9>r9S_2X*sNI;eOC zV?M4c4}4fkA1Dz|AN;~()b3wFTa;+4T8G-r$%lzDHFOfl=tTImyI&E1)tGnCJQvw@3aUC_~*$guF zPu?Q)jy7b-gfO*`Xl5KGO_EqTyD7)GjqzTw^s?!WwibsQ+{M;I&<`O7|`p|`12T$McJ z>0!6ee4hdRMDOSiQt&7ZWkAm9G9~ruHmuUm^D1|=>AreIRGW%e&yQwA$kBXiTXT-= zh@C~OAMjy!0TEP6d8!EN-e_0FJ%hwQDmUHb>i_B@{Nu&BE5IxHS5fHAD*4zZG@^IU zVptA^um!;0XoO`H=o*oskneT}8QXBji=O1JA>9H<-hTKl`p*ct&kr|NJ^VRSyn(DC z+3i)7!MU)Fa_XFFz#Mg^tDz|@jheX+vFi>~4v7HUl(M6AXHUkonV!bjy;pfOl}%c` zA=|=@J_BgSg!@=TyCV(;kEXb*5+HB5W*zJ z%kGQ%?#-oMCq@&wMx=N)aOiCkh8j)BL?!r5`xAc7YN=cJ&&pVWZlU8g$n0r(_x)p; zj+`c=^-AR3R*Lzq+xo{W&BWi`kl{an3g|nMGd3y%_{3x|E?oXHKx$M`Jx4qIEyil< zQ%TPO+q)x$Js`UN$(hRbsWqDXI^u>tClEv7>E>~eQ;cyO^KV7G_MpGJRHfCCMsglV zD{T&POkW<8)_TSD&Jop8h@RsaZyS+d!%)HGrm5EHd7{Yg64tFsZmRf+uj%t+xsLA> zEG21e(~U)uc6Z^QAVB4SzH4iD!ZyfB3*)Ej!sz;;;%+PKS*@RsgtbAoYXWkxq+JlP ziWa|GD5tX^_In9sphVa#hCOrntYenNx<(oGr>rG9vb4N&O;6ilU;> zdIc%BTi8M~gLV`_-=|O+o->`IeGX{FI=bx}0YmZnz(h9b!YUM37B)~NXMc-8dE7ul zcv>vtX+?DEB&CebNrTuyDqqjB<@&ht7^B`pWt0Zn8h2lq$B+i$O9*(w{f9TVCvJBU z%z`V65|FuMlU&wUJB37?1T5UO$u{aF^@h>e#TZ<2R%)6TMBn`W6nKaD^d7e>&XiX% zp8C=?1{VsbY0pbAQ}eLI`emNyvoi4Zb=_j1OHvzHyEX4N4=b`-99^ zL|vu${oJ(Gc3U${ zD?Z09vXN;8o2{iC!D)xY?sVVwNP=u4NECydNw>NtTJ+QoSnyYl9ci9cMGDg6kYBLN zSG@_qqF!0zB~fpn+BN|NkPJITL@I;t&I5dpicpOK{ww$BIz+2)=%u*Z>w&p^E$N?| znth)KL?umc#NH!-dE)l+){_d*8?E%)coJCRrQjGQF zSx8h%vZqV?2@8Zdcn9D3{$z>_*THXXPrd92)PrzAa_>LA#td^H;{DfV+YIkjuKvc1 z{Q@ev`o@*!`!9Qjj3&JAp6+(LD-sXS9M%j_B>+h3da_+}OV#J4av^b2>T10uDYAkQ zR%Dt4uW~3Eo6=Lx_Nt!#0KP;3be;J^*Czuolgi4UHe^+ld(=pm%6mk4$7BkEpW~(^ zWMe>HERX`8jTLbB^+4uSxiC$4^*s}5R9%W%3)UiJY8FgLDH}FPx8)v%`9n1XwOO;U z5T{yYm_nDY#=3YO{$|pkuNLxo;T?kh-AC7VM9sIr-Dh+kt9E{T0m^un1dut)uz@YK zM0HF*#bYW;&0UMAof|OaKf%#~4Eiboayz*ch$#Oe~XEEf&w+Mznvy%MwAmB1jGE>kp>;(i`AhAUK& zPz~F?(W5hXcROidYU(*H(HPaN_#1-I!P@L}ciR<%GgNhSl)J2p=OkW#a|O z?*ok$$bvSdCKgZ(LaS-Tl7f~c2R7Wr4RR%_kyh)m%y2~t9bB~?RWG7~brtW=0Kiq- zk4n_o4TI&aD-CjD<8v+S$tW2o$`a90?4YwmZ;yMPfzbN;= zs;`TU$Irn^@?NPhuba66?~ij@nrQP6zm94Jq`X`&5?QaHcVh{r^Rk)^)%vTwWk7ZL zY>fd&u;u$_N2V2!@6F&XARZzyZ5gZR@Mf9t9b51FSoe&%78I&^3%95-dk}3vp-1)- z5lGa*mMN0a@_|75Xu>6`6yYITyqDn-KrZQtTpX+LvDn}%Vl2TRAGGFng#2hz?)=Xpz zR~@7pt~0?Z>aO@{Sr~nI^|BcwYu}N#A%37vVZ1)CbJd>C-p0KhBTO7U(I3!Cm?zy0 z3QiJwKmE94bGTE}Zt5fbQ86w7>Eyyl__^zH*N*)3fy%-FIuxN>N7;41>!d#Z{X^`T zQdo7#7yD;ToTtwkiwLx2>Gb%XMmc2=khe&U2ZNU@?>G{+9DOgYJpib5PU}@Gc@FX* zck}2St?k-*w_S38!v@(Uo(yzJ%kOFj-ijYROEpp-8BqeYn*~nTh5C2lyc;FR9xDzj5S9id3F@h=DxJ*~-5PJ67=T;PpH06p@1o zo7?7=+@eN85ormc*T#O!17&7V$}OgUE3v2bBUIxgxt*vXDWHSw-zEAFd#1M!Sc5Jx zHd{qKrpjiUu99L&JSvYnwH%UGBHNdt%woK(t*49#41YUQqkHH~OVoaJgJr0Avtx$k z*=G=`|4G+XmQook-6NKg&MkHlp``sq@+(`j;!#pPs3DYdV#uwz@sWAptby7~s|e8#idCGB z0%`g-Mn=o3eprr9+p%7F$C_Hr!iTYL>^#nj{%xfx!epK9`0$O`vrDFp`u}q1vO)l> zVgX3Y@vkm1a9OiJ-o2bu$*h>In15g720T`>%dd#~vZW=Olrlw8q+bJ#Z|N?$Y2+KS z`l-Nl1l!mnZq5_0kd8sA@>ED!j&II$wH8|$Cp7L61^Qx{Ml+0-PIzo%Lg`66tH{^D z{QiP^>5Ek*-kJ~|;=T@3_!?cusKE#UWW9sOwM={M?bVO4Wc}%TH-|I7Rvu|X44hPb z>`_(1`GzmqyQ1S-TX+hUnrpb)pId)LTJokpd>U>0^<{F3uZZWB>-QeSXv}TBd9BIy zBeq4Y#oIml)&a`MRrE+-eN|_S(<4GWUkf~9pmr69hK$^It z%hKCuJiF7H38i{|hngABGJ9d?b)!0RN{ivYU87$YM(zdRZg#mwXbK)W`R`VA)&n3s zwP?}E8_c4<*xWHB0ee73!=~F?F;pIEv@%}bBcA%wCZn;afD;wC+mxhcmufTZ>brOA zAm14-2G@FB`%Y@dHtL3+_zK%*uj9^^;&>X3l?>myLmhanpsTMt$k=he@l}1$M38dffkBDIOW>Qe+{~S{Q19k z)!-K-i*p)xpMPLDzuS$&2TrSdPRc#zci;HO=g*TK?`26qLcjfF54^CaF96!i!4!6Y z%@coCBHRC!LjCVUeQZnz$P=~JBaVMHBsVkh2GZ_%z;;{8~+iCoI1o`DI9qCBUI0Ml*-0(3q*pJw;y!&iGeCt(m2%hX2 zkmUf1rk^MBcN)aMhAHcXVzt9Qe?s+VkIVZuVcYh>q%$Kl zJgwVs#o7r$hN_Xh%N63bxAF{`x}kkFCvs-FdF#v_Sb&y)4*+B``Sjk!4>^PGm>5j+ z>$M+S4CYa1YvhN_GcZu*gs&9mj3|hg)tyq=b9;9@eQO%CamClnqipBEAMOgUr*P@i zvx3$OZY94>Z7Sddj?wX>%db)Om;vP0;JBlemDSz021Ry}BOve-1<1q0hkx6BKIg)>UMzjhl_Q{UV?Xw(&> zF^jFQd2mN$H5+!R|5}m1t2gB%%P7c(3Y0*=3ImRUsd2;zaJ7%)Zc_rhgPqSIKBOq8 z_0`e7RM#EBLmwTlm<|8WXCL0R&3!zl>9dF z>&<{p6;mezH<~!=^}W<9yiIaHHfj7sNt&k52hHfhPu z4+^-;5!;Gk2n4^QY>gM%nMo*TYQ3xDAoo>Iy@=gE2Nz7y475R6{65Xz)q(u6#?%pw z0dg|#oi1lvuE-t#cz=kMBxsHRs6;OTdj3V~3lR3|zGkal#lqtPunD5ZH6(Q=kM{xr zE^$vkY<)7xgsxxTvTcdg;vfJ`9+< zU&iEsHX^7Ah@nw^B{~y@jm*$XvCmX=AIQ%wSt#jzL|D+Kchjz-P+#o_)jqc$zi*k4 zX?AXz%rTJNnMKZiCvYfNrxl1RrsU8m3%U@q(E!-jfIhY-L3O<3$u8Hsm__}uC7>Tc zNY~|OW`OfeO)~)WOhN78OzC@6^6|nyehb1|UIdLpr^$W|>a53aGg{o_#~3nwZUFIB z3Vc>dT(JVLSbF zw_fYKn%4GJV&aWt*EiQzDhH*L#R+?(bHE6y`gOfn*_3&@8PllT?z#l6$3srB^Ak1l zmxIzX70Kf6tX11spfC7!f1C?eVgNuHRRXQJu!UawD7hbUpO+DK!6Qxs zJQ<*`Hs8BR9gJD#gI^Kl08+(Zf?Z5krA}4I6H|_SqgK!O+~N0Y_q&Fnu?XY5y^L}C4j8) z7#xLVCN4&*%<*ho+!DjD7j(1s@1WX=w{I9y?h=Ur?ez!NJXiLB^{Fh%5$Gxg$L;Za zNpuq*Jx|ux|AF?Y-Fx~+UpdguvUVOdCWkil!mh+v&v9QVOG@eY?|~MehFsStDwjlj zca5pH#!D@S)sk+!tmBPWbTb155tRX%4iDb=^QFy^(;w!orf!h&#J1^UB^`AG1IodUG6SYCOc5HuPy#FW({);aAsfdJ`m8=^5^&8cfv8FvxZby7R zzc>w;C(3RBLDZ*m+MrZ5{LOmg|en!0+v?s&$JxFH*yh`_)Py|2$$ zcU$5jK%l8`ACbp90Ze7@B$es^3wD*$Hc^R~N;j>HOWXjU&Qx;pm|pTDz`F31&GxKCpbk0qg3|!xCIsYR zE_Gc`mQ&kaakHI)q6JLF4VpNP5qwe@JL@J6!+Xg9645m;@}l8w=?-D2s)ZxYyTMZ< zGi8Z)cv`e2z(dMJB9(6i!rm|5YL7Er{$EriK)sgeSN`h-z{-6YsDKmfC#yfvjtiZO`A);(Jpn;kO~1PetDy5|A!kn5^-oW@J0-M| zL%Md1+39Vy2Nc5)4M!*}&o*GZsa*mDQ&*87(F-JH*yB+lV;L*69$y3|SnX#E+oB+t zE6t8*ZG5X!R9jc2JHT^FSHrA6t3s81Y|{xLats<^xauHQd(V5M+q!t}ewy_HrAYz~ zaB7|ww0?6&h|Xkmi{9-|eJwSIx*H434?MIW@5(zY$sherDTTzpB|>F{UBEMaia-E2mHX#AliVQ*>ckUWIasBDiY%JeOTX zu$Nv~wbB3c0n5#z`~`~IrK**g`|X-@T=skGKs3Zw2*`b$xoR8dbwXdNs#uhx*+}jx zr^Rx=T#Bd`fz`dEDm-2%Q|-PtAKl8*N)rdBZXJ`cC{^K`r{${UyT(EszWeQ~^Ek%` zR>Q+Ta)%#ZiuRwMh>DJ5x}4JVk(T^&kQ@U~l&Qx%&^K6fm!Hw_vKDkxMbHlmxN{9y zDeMK^V2q79aw8D@@fQ3hQ?~YLVL$_eHaVTge53}WR*+R1z*fubt&E^b2;7C<*r^?p z@7=jlyZZ*vs-uM=>;eNPW72wf{Jyq*cZQ8Zro8{So@Y%<7p%!yLu0L4UO<~kcm9vZ z{MW8D(DPZn{+GK6hUCF=w94lX3qK+~w1r=52YFe(TbS3QHj=7OVQ$x2QWaEE83Li0 z*<_-g(fg;dah_T4hI`-^oa-sCvp%cucI$aQ85#G*#9|TVsc)_V)ZdicI zw31)NDjwz{xmkBOq+{D602sZC4y#MpeFVeGHJ6eV2Spp6(Rg|AMFhoVFLn`t;|auP z5N1sH9;^OLQnD#jk=G9HL+=P6!8*?w$L&P)ZR+p{KS82YW3bMq-Mrl>hn}uKtnw%aY%)I!ZZ`Z8uFF`ugM3Ewag4q(TAcnZ@~fEJu5@2#*KJWiBny5E zyI&i+@KuT`yn`Y+xWFb~+70)iEiGx6t`j@J^1obi_P-GTEUq95si+TeEBVk~{o2`$ z@~K?zTz`}9xK?!iu@Spsku*v(xlu^_9&)eY^dPO!-qR9FBfc}Ix^)_^7!qE8y2dB4 z(H|;7GbOkXGhz)mqMnQt+5%LiR@HzTbqfdep>P6WX6Oc{;m9g z8Rbzm@T2+Y&yZfSqI*agy)m@B59?l7CBWpCS2^OS9cXYyqZhIOK_B*kFR~q>7X=~S zp#~Z6sK<`SIt;X#<8dw}niD8@-6CfvYNmhG>vVp0s>=89U38_-eM%#@<;?UH)80gL zN|r9F){;KmDbto`2KQ;LEB|{*|F2JSWIt&GW#rD(lVP!CG5agyiPX>!8MisraoFJOtEvIR9%2ORxlQCMFPBC*fVz2+ff3f%ZwEvh zxV*GZ(2p&5$XQ_QM%RMwPH7}D1NIe)EXhPxfU|S^^C3=m*5D06{E7gy-`udu9yJ}X zc3q)=8)Q9EVe7Uo6fyv9P>~+(I`EloQy)TBoG5e(_f@7EE*w3@+nG$Jsowy-WNFi> zGicLW4tI)mI?9`m=pLX;;5{~@msSV4m=rXB5kBnS*; zYMh^%i3j8XRveV*JREora@fzW+*0{Xd?^(<@bHCI$^6gjQ)l>tmeNp8@P%LbNYS zl%8gXo;_%rsLlqX36{;n!mT_XbU!n&O*@qzXZ~F+ zb;Hn~*^v|NLz59vu6sS%*UTvIMP798JV9uQ_e9$5&Z*$a_i?YOeOP*ldP#jHES!PP zr8RZ~lKjnBEcz~ocBXP1F?)*S}Ny+<%U=OY$8cvK!oaX|31ko^bZ;tgrIGD7g~ zCwBE1%@oG)Er6^u@>+TN9O3s!vsRVDlDf+(e#}i6H?-YNqR4r+6-419X?B0D6n`zO zwk#=!7MNS^rF$~u4RM)vx>(c3m{Vz}S`Qo8DG*#t*f}sS8g+}IWTY2oSZcuBIW+uw zgZJ`{O{=?i6XW(G1CCueg`%-sv_=W19(L`mBYB!$a7RJ%OxfMF)zRW`r8JuDGQ&)l zwE&~`@qtckv4W2T7wo}X`y|$~wcn&bKJ>nE>xIPCUlslHfXA@*qH{A*1iG=&DeBcK z)3QK&A5}=vv41ik~)|P7{K;BucW+(`rjcB{}_A!y$c9Pv!bVVf9XeoL$uxfV!pfqw`p)%>$xl%$uWn?f11P0EAQ$76d41k1%fNNR--goAl zyjOpLzQ4Zz?+qmw;0&jMqMWz+h0%HldjrAFtz92!TTYH{Nz@iuIIIkbMR9SBGUEp^ z=V@iD=b-rX0W^*&Q4-HCS<|EzFtvxtaT(N!s(W@EQ4YFl@ObxzJ@(WW;CDL<=akp+ zU9-wqtC1)#t+N-5I?%8ZNW!9jb9z9r2^e*`y8QBS{DdNEv%7I5Vms3`Vmv&VA{(7Y zT+L>+W8=)DDK_ar00!h5#1(PNoCa)G=J_dRpsagK$NS^2 zpTYen)ODBn=4(r^>S^;W^0d=I%K^laYFg7fv@FSFp05395yny` ziY%ZYU>HzJ$x>)mD;PM60s2g}E7={1rYTr~(oMbOgo(RT`8D!$a8BQqRkjnFoQ->H z+hPXCC)f`)zcpce23TZK-Ff|M%&AFTdBk8m<+hT0*g@ylJY45#2j~Zx2(zBQPEggbUdRgM$ zx7&M9W*R<(m{!V&$-ETX-(oKgHBB((AMS*(B_;tkJ8(m<)@@J4&2db-;KdU@jI(K` zzUQZIK=G4q?4M{_Cvc?g;cUUunD|t0ti9D@QKX%_M=u5N*`GU0CHbAq58xLAu(6$B z&C8!dTWR!0M8_u#^T?C;PI5D5BZ<|`1=H7?v`iDo>c!8oTXW%xklfg2QsnF4ws2Wr6jJcP%i0k&`B5v&?K#Sl?xTRM0I{Y-Sjs==O^3sZlvL zTrQmDtZq_i&-mD%{;YqY`*Y&lKo_9fQwRKumJCiUJowz5Y7V=2VP~G$F5cO39ADUt z>LXz3GYv%NE^z3y;Q3E83P-PWM{4%?TH}oxrWVbSE7t)Mv#`{}xYT>YnvAeAz&_7m zeFhq6==&-Tt;wkA7=1)TLf0wGb$gTevaAow4C%*?Ep}z#9oX$8?&tV_82jqDD7Us< z0~JJ(MiGf&=n@2x7MKAB5M=09X%LWZ5Rok%L$`EyHzK8!w312>DGfuN#rd}Ez29&9 zp7Y-W{Dzr%)_T^u*L7d9TY4OtSU+Ju#)kMVN$CWQU5-f;UPW5F$(BSd zmkQa;cR2!sIK4B8jR8h3fP#-}6fF>PD5?8f#-uQ4iXCy{7M{0Jlr%1-D+IEr7JNCX zL8+8$r1^+KRRGtO@NO-S<$=yZuGv0J!k)sOtFMJ>AYMbBO}fPMchnjd!_) zL1ylIwPou}z)|bQCpPJ+lViP=#lB)@^N5oyj?l_1*=CXz_DX(ucKTR_N$ErWs&P?E zCB92i!~D(}zF+4KBqldyArc}-KR*J%TGa17e0q5JflSK^q@MaUE4;;e5~v>gQF?>o zq>5yH0!BUY<&f%PWQ?LQFRszj7rcIllcNK)h8;;v&pY>*$qQ7^1+=Gp^@4y*;WTK- zAMecb>cqK?pnkpa)V)l3TgWZrW{*LF&$EJW8XVeRZehAPA-;UVsvM7P!8)hywdKQ| z@%zk)|ApXvmVG@~_df>4c z_Gr3l=EeA3OW3;maZ0HE;LI%%3I-W{1!-u#%91#rBx)}NXc(JsD(nQuS@`KD*vM&R z8$8)bof_6`KlUSamw#h#g!BDM&2S>{7KDCUVE21_bO0xV~-DgTlRp#kiU$CHIJ zpk58U!?cJj$Hq7C$AUYqRWBrR0^VEn{pVt+TtJ0&Aj|9S)!_>l#!W@+x;>Kd?3bJDf)=SS_dyBOWhH>q|kaMKqRc%zU%~I z9ynUg(%1oBsD0_lSg**bt8}$o3%eU&MH!*n2b|SY#NXioFZ2b?rI^#lp_}1G+bdj! z_Uuy6+oT#TfJUfJpxj#x*mx|TNi`_lw)?n;%OmQ3Ro(x&^A<%uHfd-nkJI@J8ua`u zL*2VstFQ2BwBvEV0Eb4^Bb)*f&;gXdHuK3jo%qaYP$jFR^gCImzhXy+$|?g@S&DyN!-r2giir0$=F#6KgZC1N%=5XT!C?? zH=!jDwBP4h9@8C%J`zme3eOI(`it*$ejc9MnZr1Y-&u*YG)I%JyH?zx^WJx7eYS;)wVrYs+2| zS>w;s$o;0mY@~pxo2##(Llxp2+PE@hnwyVwOJi@2ImX?oTTtqST_94IB{v?0a8=bd zs1n0?Y-|Qp`{k0r3Dv3}!9e$^D|%7DJn>aC&IX%Xrkb^z&dcxQ9nVL_B?K^)OM+9B zzW-K+G#SZ&5IErFJA7XEH2`KV9mm9r{H}w@bp!Q5RwiTB#f~k%@ri8tq$;3*9N-gJ zsWI#7i*F!qA)2cz?G0)KF%la=NLVlG=L`2KHo9uOKCKUn`VbHKNWqhXV0U6YVr|)! z(GRhE#E3EN>6Jv6HQ!^BJ4f$;<;+!ndjP?-Y2gUWZhYLEqPooQ5VS=S8nCaK=N1K^ zo?`P#3nsd4LEk2A;^ZR-_}ziHpd1;|#C&_KS1%MI+^I#J@T5*8K@+&COoBI3ZARZ0*PQUn6L~hoP!XqPtZ5gt334azaFfn0ZiC87{ zWp5$v_eG`R^@hZo4-{zEabypviM=$4i5}H!JWhE*Xqd)fF!I4GHNQu6l<EinJ39OU;UUT}{WHKHPb6x$mQo7E*y|Lq-T=^FC#* z7JcQ~{J5d47OtplT-y7Ldnxa1ehB{ajDHR<-uK)g`l%~7+}rAMPAgz0xX71Teubd? zdn(+7{aJXH;gv}2T$;YLa#J|sk%H64G#v51Br%;m36RI*QO_QvC$4> z=+7K-K3}Ph_S=i?qS!b3ZF*aG{V)mn#;q?tRm|mhVN1}4W!M7=fXS2kkbqSGE*?SY ztxWa-%rp3PMLYl}W@XPg!X&A(Tpux)t#~6ynasIq?nV?B=YQCG+)HjXYcS#Pa7z}>#1X%T;q|0RJ82^%6?o#={Yte8`EWGkvcb;{MI zETkxb(aG)rFgub?j=gl_$(e?>3`PwnCzDZXM7DLwy99xq6wMA(R+4ozOuSF0SAsnb zWVXYb#M%fhk8AWbdMJ!89^c}F{;^&v--QauP2JK_X<0|d;_g@@9y&Mg*gWs~K1!&K zSVZ^`JP8O%y{|KxpG z2bnHt&2kV_bm+|w=L67?Fx%((lESqQo#kI8=KFOKp+RHj$Z~uPrFc6s5WNd7GJ6|hK^)6w*S0;QKo|)v%Rk761v*z-h z0FljuU_HjXkwLaRL!}ZnoB3Rid;~%6Rg9gej2@QYk3!(sMD;G~jVB}z=;CYkmPk%( zc81TI^L;SnatL|BP?PDNVxa5oKs{(4JJm=8~6_iK5! z!+Im2ysq54w-8lGOZ@yOY^yhT4W;{lF2qu)Hk^!m!Gy<`Cvpe+fiyRGPl_>kXuP0o zq6qF^wHE9V;0;cjm|npXNAk|n*wW}XUnIJ!m4q${mhxS91U|BypaKsUi@{dkeIU=l z6kdHw6kZe0I1ap7=ze^5NUPS7qmJO)!V060-3rN>+1b2!82TyRzs>-m&zT(?S}3KP z;!w?wBJGp8d*+P0oEDOC3r0c|7;ry>GCTfTR63_#2UAWA?`<4ek!sSd+eDnQ8jGNO z;P!p4zit*Q5?6uWwSAFKHV#IRxo$gDJ46}!Z#(2`oR?glrhde)hMVL+bWnBsynJ+S z&bIyTs}9ENzDLt0Rif~f#9M!oz?+O@UwgP9IQ+-OSZTbzssfb5H*EvMTjQ`&yiin5 z;ESE%cdAo*-0#l;eLkMAxtFC=DiNT3eO_1F*~C@;#a?V~fiyvN^|Bkuv4FNhRB1#( zWb^KAIHw9L8*%Ct>?lHHwD&l>ttBhL-fMM^8`J&RHlLm^h2_L7 zI`l~1UhvVyGy(P}L-_-9LD1hotHW-DeU71X6N3$qRrm@T`VMw)5e?w&@JS@IwcMY% z$8T%AGyr1!!XSZY4sXo%O;Onz6P=Lv9>3c6XZCH4jz5gwmLRv6M>yE4XHnY%bTN$o zKlW|X7trd+5?1)*oiLX>YEy+uswOGcxhtfB=dohkqF>%Hr21>poAl)_`60gHnT`tAt=cE)f;*gz2 zu27R^x0Wj+_&Frq9b&N{Q$%BRFar&Zf-!b3odwt-HD!qHe19(GXCVqI)m9-7oA1WvaC9Ix|bS+lpsp4RUjy@<|Jp; z(w*|oR!q(#(Y>qQ*o>a!_T(VBm}sOUOTFrxOmULOkEqp3-LBQfylF8Ssu=t0B=dK~ z(=!LwM9`#+ws2-W{{Ut<#MdXw1#?10XUlVl*r!XFX;ID1L*7R?k$Y_AKf)fzi9*f-w(Fmj7{wJ zTy@j?ACusJ|QEyUM?&JkYl-|z^Qh&iW0GzicMf|#jJ2&qdZHsobbZH(&2wW)gRB% z0U+IJJ;CMtu055YmKg<3Y2XOoEMbENhOc>A)e?kNb+hpBGmAFU!5k91AJW5bCEh7JM5obnG5bjx++;;@y6hFSjh{o>_o?^b?7^+gu`#%>s+06KG6EjdeDUR znFvq=dp~NP&)A573tZToN?KY%^iN`M>k4fyF7~Huvg+y(c0$dU2eWf$hM-a0Ma1}Z z^nSo=E!eQvFSihrx@3=dk@J)}Kb$e2=|JFk!a*;z#r$T%D5B)Hr!-9p*`0u_lpnSh zF^^~VnQ^|2+AX(f&a{`tNLQ{+=s6(}CT^?WLS|FAX4G{*xusd2xqm6gK74umiDreY z8w;_%Q$leM=DSz4kb^}|_49kquZld+dXdb%D$iEgu@#(f3aN~(S) z1*(whI@uK5VmOqYpn;FD(!`&1W0a+^1p%lvA9trj*6LO(_QwKwCCCu^NF`bW8C&*# zwocaFkx*_4KQ;v=j`Wo8DHf593p%evZ6lOUX40eD_WM#(&D(>D9s5$Uv@_*QJvN%X zvvs#iW3V<5z(WRQHFEmnmO`cbvGMy2MQbch^IF#f9Q{wRF0qva`FRVgu7Vuj1 zwMV-aNGmEE^ajmfha+h!6gv(N%zs=(-K8+rrUhI&xb~@=nV>P+WWA)d>d<(c8iblJ< z`LUmU4ys)v_p%>lTC3gaaoh#WfovED(jjp)F1Nv9b$~$|H`{fGt+HkK@-+~smpa|A zdj!!irC86UlA2yS#?UzhcJ-h*bbC8Fs4k{4^r|Nx=_f3z?~)03s!v-7*y*r8OE`>Q zE*1vOv#)?GJkWV#Z`?+n`c-xmt*sNEXVhIr@56zuf-OD?0pI}WpRg?p2?J&+9+HYe zoq)$V>`%Ib^vINrAv{ZWFx3Mvo=iLX+A6JmlE=xx;I+~3@vbl10`6E9Hh6#x1IMKS zV9$=fx_x8e#O+`Wpe7@+_uM&AKBFK=N6@Ot?b{U zY45B4zzDYda21*ZjU&!KY>Vb(awhYHi*nOcNZkIni<$Kn8#?5XOHVPH#<#^eSUn@dq2B=+qcqP z`@l7ftj8S=JC~g$lCFtvXYu++p>z&QA;0Z(L&1o;%PtGC`$*#<6C1^?T%8N z!pDc1P5}%#!A9}UrgbTcodrTJ8H2;<7bhF(G)-IWoi{taB z&)kFC&?@>)8w6=B5t?)w71r-cFKo#E>=H^h-Z+kkq;QfJ(s6X0_GK9UJOW}r_;GZw zmT{dkoaT+a%=&KaDkeqU!>=J8b;qDH!v@n&-r^7;-C9-;o%yDf>%Tk>=M=l`6wsAk z2Uw^Gt=>c-0i0)$;5)R(V&tWAr}%wop@#8VrCvHOZs%q>w|)OD{LX$+ez)Qu?h9#H z)+MtBGLbA?McmGjbEwu%Xq8GEGyK9rS#hqaNzgzEQ8aH9-&+solLM8{hhJ>v@MHDGQHOQn*wNnQB)AWS*nsN0Y=mfepsZX+Z>J}3FM4Ojxc6W}6^}l3+ z!y$D+BIvY764rqgYt=J&aA>9P`thP9I^M?pczKb&*sflGl@UHm=?o&FL(?`Ml|LCZ zhIlCU*+q*)_p5|PCV&=F4N8B9nCBZ}had5|KBq%>o=JH6tDfTa+!mob_Ut!l+~Y59 zd#wqvosK{81X^yx=|wX2yolLc&wSU6tx}juSLDbxf;nzpOiYfcc{fglwJ0VeDb;uN zCV9&>Y4J&54-ZwKLh3vFLaGmUmHBP!1z*GHxX4TdB|_I-mJXnwclqkEUURQ8p&LP# zRGN#tCTtR-I=1|6DT|EIrw!f&36oronIDx>gPP-Z+jaYsmicRCuoJXlYmYi33AVuL zSom@89Xqt-1NaBpK!?FjZ1Aw^QUKKfr&8Z~K(NpAmbHe%wYwj8ARs>_DZW6m7REqi zC3{NHozCIpYGM&8@SEY)B?nKdZmi~ypz}8SOMXwT)Hrb$MK3dC3oC#0g!j9W`#nsF z*H%kpteZ!)oeU`I+9{a`qjV#sEM;ab-10e;b4Dlq64^q1mY_e%dsQ1yOFW^*0#XXK z+H~z1xjpHqnl6Sq*#&&My2=!GljUAjErO}=c%g-W2h)E5JV~$dWQRCGK=(y;7?cw2 ziV&zzfU;frp_$Km>Cs-)F?JOpo2s#Im3H!u0LhL^R=;9nHgRt`T?eU@zAor>iK29O zwOK#Z=Z_}PI8{~7s|&%9E_L$;t90sBrC7UIaD1Z=d5T&MP%QieZ25j6TI0|fDI{?E zuL2A}={FDkpC!H0ohCZ7KSzcGM^vX4(`@crzj08}EPx5F-x`^wm^>jeu%Vm+9? zjqZH6K)4}&w?iAo&9!SMq}ny%|GvAgy-ZSc8{$P!54$lSpW=unyA(Ir@33fq-7mJc z*hlMY+}6R_51Yz2c5QI!cv&D5Yg{0%TTOa+)GQ{p`WrRKQ*dZ`#YZuDepJco!YaWx z9Zz$QJ&h_RCLxjhcy)(+%KRoAGAz64bKE-QuUC#m2=`4LK$U%gH52k7VmPW*G*Y<@ zY=cnd`5m21gz9@z;ZFu!Gvxy*Vz5?zfVlfrVj4c3zK`Lo-xpQI=M{&9(^%(prLVb7 zelyBc8pLLspE76Ud$)3231LW5mDc{Og~JVb%@?$y%|xT3W?U-8CAZOKcIcOuQ3!ju zw>ZGCDv6Esxhg@qAf}xXvn;))aGlPkU}o+#@j@^D)*)9TyTXd58J^Kw)_yX++JyO( zvw$hTUAk#foUZ!$IxYNmVwh=XBwLsuT}f1j#&zomQq(1^%113GEYbI$N-|4!dB2GfO}9Gu~!5QOLz`*JanK!)B^}7@w`n6?c8iHf8F3 z=lhR~NYE^EtX9)Hmqdbm<&Jyl5QYfI)l9j4u}iWM{I3NQg!Lj*NEQ}(GzqgG@rNpP zMX-=$D)!ikM|`e`bsk*+1!>pR5xxCTY&y0=3n@X_OL>K|={3K|d&zckz7&+HJaX&% z?INh?F?IAyGpV-Yg;ufwS4TZlA2lR9Q82>P5aO-dfAT85oo;o@F+W#2ZiJ{#w*4*dam8G9AG>*J@|%4<4__F?bTlf}r*W{REuT0B;b(%> zafo_9L!Rh?L5E8`%IuJ1I501#d94KBChU%*HH@L?t4n(&5kko00+=)D*KXq%VNb9c zINkQN3C%hi7jz^+C9o}i${%%NBGY0n94wE?C>*n>WdlV@{oo(=*qYaqs)a%u1H2gN zQBhgC!*nNN3iI-SV`97VwV0c2r^ioe9ZVk$#VXZ89R!q!O?K3zU!)T0XOj|#;O!m{ z`5@TR^pP+?a@*>MV88y+-$cFV=hd@|5NzVpp@I8<4cL1MqAWFn33XP}?pH3@1}W+ZypQ&$e7sO4d$+d+w31I>c<5*BHMN zoEoSd9U|gm({`1iAMjuJFnvChPCtB*KXK^WQ@s$WiM%(%>2=j_T<~;zKoK+79r4C# z<{DK1oPYNVuo$xE)v|dKZ}s8IhF{9PK2t>!I@eQRG^$rf+%c=9u=&Sqy5)S(I9<0* zq#K2vE=hKf{h&g@$w#W`X_mqOA~`|MKpr`fG#q`YchYFGwb7s5;_Buse6dk<^xLbK!L^!rBU+CjAH2$sNrZu6}noA~f< z7#5YoxD}H!cl)N+^|1%@w&|Rb%whbo!VXA3tCaB2fp$ulmxQ0vJn1oHINdc(*g7o_ zQPDOb9a>`*V-|N|ltjmep~$e($opH5FNNjs_j=0zwm+8+^i~|*A6?D|YA)cyCF5j$ z)nkm^Of~~muuA?I2z)u!BuoV!_5c?6|NM@Fx!B--rwdG-?sv*S(we6Tg2 zi9Ie)mx-r1xK5)H6(u$0Zdp$<2KF-(=>;#k*TF&uv&JlayWS~mmQ}l>#*=yKWnXZ8 zWy05u(-#wRZ0<58Y^4&`Co%7=x}ZLWC(uR73oXPOv(gO9FJ}m23OxXe5a``gYI{g6Khx4Ql@RK^&scJ*h(l zq8pkXX15MeASmciUc(*!VV=vl5%0|BKk`9ZvS$N;FKI4DZ`X)=#4}J!6f~V0^;9e= z_e2Bg3|NPE=bq!VaJfCeBaCdwk{q1BMjcJme8*EJoI{~*n-?^mu(&eCGIi&B9Mha6 zPD&y<3A&S(PxReh^ecujlZytd7`Q^B2)a593M|tg!zRnWDK6-XTrZJqzk`T8Y;=8? zUVfD9kDUngrUE*{8XmwV_7$K@vK@Qo+}}*z#`=rqm&bMKsFCdAkZeCmaSM6YpmM$j zn}q9TD8!6*chX2C|3H(^uq&RR+|)$q`*jUmp4M7YdH-FG`kyal6UF?#u`>yA+okCw zCi{Hu)2IzcYTMcDtY45OJ8n#}?f*zuVNKI&&TPsn9vVIq(H!{(OV8~`A#_B|ys`je zo}MLv#X=BKZL1u*@!fSLe(IRr-DacJgl$Tzy%CXPk|z)Cbe7&#s4>;~ z`0j?U_h><`y9Oyq>wUNra=6dA<>;VWn$SPhRiG>Ha>R8N;5z|wWL$)_Q$zb${kLUKh80R0Y_8+GUAHaV0^O{R7 z$hr*UXRvWS-1~U@r6PW{rg^!thU9)Ls>2Q=hPU;}UwARhe7>^^c7T+>cWl!O$>s}o z4l11jX?3HVC4vxIfR_J{L}VAw+Fwf|B9PM$A&~ z!09`3#sS<@j(^JWJbBJMB1h6J2S$F4xEYh@3r`-7(Ta5+9DhkFr+rNXF(Uk-ML+ka zDb}KSM8Hru{xUtM|68&9G_|Bs$nJ<&;>CLBFe55xszRzG==!5= z6eu(G6Yr4-eNyugJ}GXGh6P*S3+U8nHV>bS5)+!?WQf`nr^X!+)N2rd8bALrDN3lg z>DF>AanA!Qlf5yd#C!FTT(Z!Z)Yoyz6BzfxmPseomv@WLu~KZ*uSL7~Psv)y$2IT5 zPPx{b`6~{D`c*A@g=9Qn9APD~??j@b{-*ajFQLyanl{fCuq1!8^G?d=I~QU7VsOi! z2&@7^q2-7)P=}xLCw%SR2)L`DAVVjQcv6z zGItMLVWfu#@y)%gf!X4*feOs%y>j}WetsoYEh(r5QbcS-5UtbIYx*2BT&h?$iIiz&4ct0R^UBbr zv|toWES&m_E`7fI{?A1#Fk^6IIRBz~oLD8VG3+Ks#&Kg&SDvcrRwayD>3k!S-i$IM zk8#k(`` z-#`1`x-Wlzr)N8$pHPQ!=S__H|NUHf#Gap7hDQJP7VjzWvz{i4#m*7dlUcF}py^~D zE&Y1z|8-o&kHHDDmj#ah zdyR6_@<(HWNJ>=0B7=yOLb`Os_e!`ndl^%Bb6NUL1E=;!XQArZy{C3TPIxE(&QW-p$HH-Q~ODhMby86$j@y!mTu_>VcvdX|f1 zU0ij}`*~l7|Co>_2#}6R8IG1_K}2f3UULf$;=04)7f#_jC&fsiUip#=wJ}1IDrk-E zDkYhYtBIEDk1K$~%<(DR1fj$8a+F){xZ5(NSa`h-o$<)@a5b!|W~0|bPK@lLvNA`@ z;P|&v8G}2Auv^QIyCP(Bb#hhwAUf0pf!GDv$I^uATehsdnRWMf1y!josr${}nR8nc zsn~KCP87+`{1Sw$3Jx&uOMznosm%_A=HA^w&Ty^TXrFYs^~nP#o9zn{@1h@By^xK2 z$hPw>U$YYGeP$MLlbl;Blg2KzIldD&xl{ZuF(#|q65*}a@yz|f_L*)TNuXsPgvL6X zv;T36{^!THSBfkz{d&GVdH#5;pfDCKtmjN&zvx*!dG&7lskRe5-l+}2>AW3nP_Pki z<3XhPve+O;l3iJKb_O4QBD~u#Q~c3>thGoUZF>JC!_|$!!UOa~@hylp1w2N4!G6o|65p ziA`-8n&=(6;G=k5EJ9C8DaF9o&q$;)^WIp8HYQm+C@&#TX(7&{#)Po&7_;MVH=6?Ri7d7sYlcHJJcI@tda59srBY}dy5ocGoe+MWxiN(5fVEW`st9RA~i z#VBFmmqA|Gc;bxjc?LpeO6j(6w1@Nu3uBC5)@`))0b7nUbTb8LH%wfAdn;Mb)=PEz zg7c<1V^ z@XF%1TvglkK3aMy{RD@l?2R^$lQ4bqz-1PQ<9<6;=9W72V zo7_-}3A7TSCDnL8{9EYw>x(Jbsg*Zbg`Pcr%hqnlg1pD%FH83(vLEEzfS6zjRK>Qq zhmQf?Fg#2T*$3=Xsj+QwO^8R#$97D<)swWqL;=w5JYC8yB+j3D zP-BZG1icz3?w4O*W!rhHzU~?N*JYf(X!vX|TyC(|E&6kE=T&1dE3wKk2pEj!sX=4X z_FJGnVDJE2o;y5`Iq1dP3(FT4-h35<3GJ_x_DLX}zG9nL#_;G;xB(4kO)J)U1N%G_|Y*|{IQmJfUZ z+8&;{7&0p?)o))AC#?n>!xMt?Gln~1p3k#>uD$gs5#U0qPEaK^w2uuM$IOe^M3<^F1D|kRMYX##+>?Xn= z_@V9*1FlX1$(?{SLmk*PT9o8%*^f`)A9gAZby?Nndljr3#FD&WosL--BC5ZwQ zGKS3CN4I4o&axo}BYvM&p9y1W0R}-C58O&o(;U zZWqZYcQRtO+e#eWx--xt)_8;;bS+f&X6wO zvyAS)xjz2x&o5<)8vQciRFgPhymi(Ehcvi^s&qo+#@<2Z$A68T~vA9WUZa}~ettk>;l2&5|R>f+G{b->3J!TR7<4=pBU za3$@Jj8nl8?yTPfzQ6>p?gpXid4Ukldx&21v(?Ug1J z`9auYO8s$M?*f9pLSbIFfcw!t_00#6aKKLX3@w6P6FJ$R$xb{Z^^Ego-E;s*D<=?c zE#?f)!Ky)3N0ZLpYlfcBnq<|uQ|gOMRa^u1L4zKV9fN(m=Eh0A@L?2r>TDoAWH+9^mL}POGG+v*k_KWYDMr{s?G_lrVLXXnQTPzV?7y zm;VbSXxzv5x4$w@VKGZjB1u`b@PU>ypnjL{e!ipzIBme;qzG>FD2RDz0SQ!#K`x%U zxGeeY*JxWxg@6YU&XHmm4G6?0hN17REo5Sg77!HGU;{amlVfTECYAt{vG5>Pje)jB7VUS8UP`{5-nO zH2Nk5|9jQiGzz5uj^>yOxBOoR?W=^318CesW%o|DdW^@jtm19^KQUoc5hgP~Y28IF zG`v|zbp_)hpg|HrN6Z#gYlRAh7OT;@SyKHE!o>Do`mzIK)lfL!@>`-5zZCLsBBJOd zDv$ji;lg{mem;VaxvG+eu_pK4drdce#Pcssm1qqd(YeczWFx0RAD-Gxmf@vk{>C3&Yc69+55*0zWODRCye6Q1&kp7TPW^4C(5C4pcj9DCa*6@$T zfMC?93O%o_&;o3u6kn61)QPR=jvs>8Fk-VHpBP3T@gO_L#GkvTB+|aiKYU0^7mM3Q zOl{zg6Z{XU+xM?*>ASYg@p^C5J=yjlphext2s+U|zZ3s)5qV}B%YAG8e5!_vUy`Cm z{us9WazB>G@(!>dL6%L!;FK!<8`4{Kb&oz+Ow?rBfHO8rU#p03B=q7?v0^6dSu!TI zCISs|g(zT&+iE0GB1&L!dC_HvK|vDpT}C6)X?5 z2$62V(xWGr_q(x9a4-1`vMTc>n8Qpbd)li-IxECiP?Y?Ya}WH-#~&v3x?3a#rxWc& zjui#Z8n8V_@(u8ck&AX#dwUC8i}+~IYpF?U?h-VrQx5RDl?2^?Q3HZOv)7y5>&<^d zlKsg8c3coa{g=9*g6J_RO*|=kJdL`N074@Ms;yAG$n0WLYD6X}L5iDGNV0LsSLgb% z!u7puT5?qLE+mjw*TnJeLvwOC;m6}iCx-g{Ybu44^@@HAe13Vb=Fozu18Ps3schQD zm?jTVYMH@iMcn00`xDle?Yo;xxXafo8)Xj1MfRM7gy)4h#^f!c4z>EMmbQw=Z)F#T z_WX8^gZ=Q*e%!%+)~}QCV?M}JRu%tL&qni67F3bJa-(@txmRdQSom5+`_;QJ9yoVT zf&gzuWL{LP;(CU=blPTRcX#`f_jQDiM+v{l46f~IFIGOi;W2ewEAs11{ZEpwnj&y# zC}f&SD?HEHdLRB+-9*#*net2gAx(&VCeRHL`f{YW`m(aeo!BeiSQmcs%#OB*d6r|O zDhH!IvF`*V+5a{iKO4bAd!mbjasBJP8EHb^TE_6m-)#R?SN^l0|DVb1E_I2-qvM0% z-`p$CYk_~iXvzULA$3b%YmEMSufHRK|NDAh6u``<@2iBOf8FliAQI>u>GT+>j;|olJ_D_jQHh=}M6qiLq7?Q@ndR6mEM$n9$+) z+u3n;kBe&X!7`}bfYWWIH^P*}=+1N%vcm@K(srCE)fi{`Z~ z(Ai2srb~Y~AWkc?Pf1x)QQB0CZ$FTFwxptRb%9fLw~nN{bLZcO@Xv9*xZ-j?Oz+2u z9;XrR)V})Be4Bgmg7q1?;~Y5q*-Kyrm#`_*VJAg75IX{>UysCy$nKmOioCM&Ih;YoDS8fN`HfcP* za1h-(IO{tzJuSoTzq=~XQg^V0YROkAA4QfhS0;gu`q9ZW?h8+>SF59TNT_8*jzv4=tQgVp zZ@Bvgi6XSpHOd#K3Uy5fKn(OY;@Gc6ga1~sOcJ&U$r3rYX*hIeJ6rJ%tEq8MId|}x zCy48(#dtgc_`~J+x}@HPFfm<{m`oieo{FXG?a4Q7ScD`7%V5vwHgc!li*_aQuo!m7 z$E0MNbe2DUzp`V~m3~C<{bV126)Bz#%jC}AJ&)%|);Jn$pvAv!u>^~MA0z8Hw3?q& z_zN2UEj5oNBD51^wIpj;)~MmN}o@tBoKHSpi}S6P%HpH1Wuy&~Ce(Y2@M*7q^MaNTE2kS~ zyMLy-p-9_Qt6z9zLHILe=b`KTL(p#0oBZ86u^$V%fsKZLvqZI)d9N1x(4?OmF{voW z&+fcE%3V-(6m0b^ovba&Pm5JkPGly2aloinsavCI2>O7a)F99sst6;lLr=QQlt<|XiRd^!&l^dVlnr}zYTM#77*q*Dgwq-4`mbAt z-@P>MA?22`a(77-8*7~c;jw0Qee8%dhlP&+mWJ)>D9_U3#W!cMGUbxQHhBHf9nX;k zTTd?@qe|R%SH5K@x?P`n`sf|@Zfp%h_6!BGd?3gf^W*nt_5THU#1pDj;fpG9l2;m& zt&Wl+kjjxE&N2*+9o^QY1Eo>kU zKI`sBV9`tOeg}oU97^9|!ch;URc@W5g%yqYbmfP){!AF->}5PYs53&gROctH-&0B< zL)rL~W!-jrfprQ!i9qS&hN()+l`}@DQE4}F0@gh<6s6;LlP-UcfAKxEENM^+)3BqG zS9yZ58fVIEQBCql?3XC4{BU)nc|gAX?&*PiyvHXxPH}~J-cz(Zr+fgOz)}`;e^OO{ z!@hQf&<46%aJZE;ptJ{qSQkroh846^)`S92j}+zMwD3nsTeVZ^%j<`2cQ-n`Zqeh! z4@GSmrfDp3f6y2kHQ~4zBp@M4YQmU;y z#KDL$rvbEJ6m<7mVELg!>W%pt&R;zBe5N5n`u7pH6sR2t>IZ2fG#4x3B4mI&7yZW7Jj9CHVMU2%}P3EcdM(ZN|htH!Q-m!2+t+KE;JYtV{Dzr8mmKq5gNk(<2 zDe5q8cngA5x|3f zB-6ZO2mfJFy;{MkU1C86zeu}=-?Rt(cer1UKg#bs9H0&I(Zdts&L?m^S@+-&#?>o^ z+OQz%kCjD~k@=bW_iZbX(#u|S;qro8UC^R4qzroGQ#<}LH-CB!V8+MLj0Ka%O6XRh zU0^Tbf=KdWuiaS16Uh2oMft$PwHlV7kt!*p7Hc`Gya6p0n@g^$<0BoD-P_MDGW8gl z<{MQYcH(JmLqEc{A@4#QF7w_}wDro2+-)`}(vGJ)XM# zPEcZ3IK>4(tq#EzH69^7+BLSm4iPV0XFEcR0e%VHxWR>N2p+a1Mf^5{tccq){dBW> zoAa;ZPxRwz$m?e*O8FYqN*78SjTMSrKNI@#5B*fo(zn!P%K0gc(}nPR8lNWBS_&BR z`7Q$HON0BhDW10?_vyH-B;Alm{WO>=`%$W&)c7(mka?&|KHGk>Q~1@Wb`@DW1M;VN z#w7bnlsM4Q+r2wPS=pJJ0(+>(g0%3fyv%G9?%YyFxhq>e4~!v~_I z)WWzhis^3}w(GX0P2p<|dFB4OGNVH8%evk%wQhH6&^ji}chB@jX_GcabeQ**nGp6J zM@+|Zs%7qHG#=4ShUhOB7|T6jWPh|b9-SOsUr%?y=p&Rb7+hgO z+$pPpCkWEU{H*C!l4RN0tqc$;gl(|}Ym8vI)bXrAWKACOx}Bx@ z=xV;+lW!)8JFlzHE}EFnj;($d zYh8Xlvz}Bzk9SOm2Ar#r83oHW98sy}f0KzXS8)})PmS5&wdzfgwK zCkK}9ty;o3O~%cipO*_{#BiP9KWq@6D)Q8Fah6J63$?L={OlvGy@5Vy5gIaEBW1H6>f*o zx%|Vp?!f*U6`w$Nac>dW?Mr>)g>nns%61Q zgv+=9Xu$e-g}`7zC?1ECSW*M}qq{cZrNchd7Y z!)3&0PI?Y$I~>CbwaVx>Z#&(-{Nce}K@W6_1ufhoQlm?DbZNLUBHDY!sBRaT$^5BY z)s+k%G`k;0OLw8<>iwh5XzvB5+9UjqDJtv8=6V$Fo*ro_ng(Y=AaA47l31au{*ki6 z4spv*&}yU%j7W^1x)SfeI@0R}T)V*7Dv&KIJGerKXyw49;|Mw!2{^yP^ zZdAcu;$J7zaNJ9X=*TYH!+Z9A$Gal;6P@Q<7yGOAT$2Y&O>TbA9*98NOZh#b5On-M zgne~XlwI2|C`cGc3DVMygmg&{NOvP8-Q6Ial0$cQHw==}9a4h~jdV#3=k|Q><6GZz z&RYC2u@?8t?0xTj?dw+x7NZ`mnmSY{^!D#SmZ`OuHql-tE6b%80=nI$oyMx(XzPr* zX6oWB==as)(u-V_8rLXlDB?V|orlqF2d|cZVm*92C%cF~9sKBt z=B2-(Ypt!!WtvyjTA|-_lrIR*rDyph&xZMT*{`aUbpU?Y z;r)4+{~>N;-A)1X19LIOR1PnU?4n@erq-_`!XR<3lWz2{y&|Lf163ZuA0o}hAqW@@^6d;8^ShPro*lqvw$XvaL z`m*8{5Rml7Lb!Pwmo4_2508AqIIZWRR<0HpGQGD3cV=2-a2l-D>0^@79+}6>az=~` z630?YobN~OPETE`43;o9YCs$7=IB>+N}_+)j1)M15gY~8oNr^Ja5iSd&?XnLTEXT~ zI#a?&Iqw|ir?oobXSdwL6o#OH3AcrL)N<lwWXXp5=)Q>U;uG9#n<0&*62BW$tp- z`5@m>jpWbPt5wk6@4RzG*;>Z&*z<`t_y$eQZjv_j$?#&&$~&9!D9-SetM4=~RxGRB z)@Rj?+A>__x~(?A`uz~9h7g|$6vih3L@CUd__ zaNUGbVgpr0I>L+_%)nJl-=0>SY z=FH=Su~ZRX9TdfZNKor1xZ*cXmVTOy^Ou9oS5$d?46|p<03p4Kfxa$HiB}n_8#`b` zbwo|)%u>*xWIP@#oJq;EDuPulbw)Xr-0fEGY;~PxS8i{64d3qExca=YNs_AS5EFao zK9oQQ+EIeEkOX9p0*NqbO2QP8A-h+X{)h5D^UGk=%`gus|H~H0`7LesfS^)xW9T*@ zgDyZ}~DE+P#&X}%E@P=Ps zF<6RfuIXU8#ZfEEb-7q^QWe7&6O&KVGJY<}Dwnt<)=~-wdv@riQ4A~o(%t)B(LS8q z3`H95GU@)U_;p;aRo#oXQ#fxvEScYkQesBEb7tPZF#Q^&kOyfWqsJ--_!f$?&e)Vr zmPx3M7l~u;!AOj-@pxg0dLS)iC=hM8Hib0y8_f9yOJfRGZqoioK`|VbDK}KD{_^58 zJTuQqB=${5aTD@J!Y~Ga7AS{}wk#aiVxp+{K{cP<(HN3=Nn?@mpuA75(Vg#n*KFYF7guts#xGqR8j$(vX@MAvkxK zo)614(V}CzxAYGprJ(-@g1d&gX7Ytm`zvYcue^8)Kd=dm;2#U>uN*Y8&*&6>n37UT z8;YLdB_zJxgRHW<=`0-^A_W09c}DM~Hx*BGBJy0qY^WY3b-t9ld&rEN>zxJY&czz! zYM|T5<5A2`D{OCV#qBqG*ZCNM7I4?cN??yga*yv@Q0(*pt#(w?#@Dv>N(}PqZMcap zt(8ORJoDzGR3_*V=J5IB<1y65~KWmbziHt1lvbm4_*Ta-3Ldt<5%O}1J}!z(-+4G z-<=leb$RK&hb>!|ziV=Y)PG8I1e~}}eMsgpyMn~p{|B|GCVv!-pojT-{tsydsDR7E zerI)4`;>K3|KoSkh(IL^3gx7Hcb1O^gZ-?NlTp`a^evO&e#7?^Y(=|j`dlA9mrjQ1 z60;TOW^^|^w(uuS4t>fXXReBE-^Gnsy^?&6d~YqUoHv=Tqkw}m^RQI$bMIq|iFWrH z)%#QF)GW${yEs^+zse>%#9^_!zRHKLK1V_F2Z8i<{1T21L$0;rdq~T;6B92UGtX%X zytpV~EGL^~Z|c|ejm%;p_MMsy8V+0zy{RSJc4?d(?D-jrNtd=yPsKx*>HadH!LOu< zbn*Dw+B-@6OXlC0c$6Fd?y2KfxBW4C(6~VQ5-T>tX|c?a+GLi9gk_$wEv-ZCPoJXF zNS2bMo}`|&e@e4mVa9ir63t@!YvU&__?yvF_HL(x~!OrpKd`19UYfgYw-7%r-O@~cTc7s<65#{ z>9_o|@cP$NidPjt;)bZFACCM5UaSp}`+Z2|bCuH?2lJ36qUWjjmb-f|HIEPurjf@q zbf~=7DU0S5QUmEw%_DP&Gd(0bUf1BeEvt(9L21bs{#wcY1H${Tb_>vu@9s~XZ2#04 zLgfA;Jetk-6mq+5&pXHmZz;l|-C;CIWrI5C+nax9-wxC+{w8QREUS%H9sk5m|MPPH zUVZ}a0tFS|eS8_@-umbI|DOlIoCcWIu_sG7E+jE;YK0sO~X|9ndO3HV)yzvFG~ z{y7|a@%dB9Bo$+_NUy?g>VCPMC_?`AZu!?y`M<}JqGn-oZz1?jPuT0bcWk77joS(a`%m+sHh;f693@`>L4cU+|g#_@0*dztM!BPcJtA zamlVlX#`d+fbCqY*CD|OFpov_n&OO)$-`Dnbl+NA_Wq`51JO=c{fXoev!oHEBB?xY z!MKS|QL1Isg97qr5|5OdYT3B;_lGi@a^3%q*Yi668&=c#4z)<`W)7kvO>wUuX6 zwYG3OxZA5F{j5~$@Bm`$C<;HMCX6vG`M6K}s{;4M35*qhYZ8+N3cO26Gjv+hIFr~xqpES3Ti`HD$d8){&~)t?Txv=#1CtXY!cl$J-fc+u@def(8q!*W9jS=`*F_db`=^9?xv$JF`r6w2Zs07>wM5VvvtH9HZpf4xB^O9y^WEP&R> z=Hs#uJ6WO(b^}bwPX=iya%Iz;4HqOuVY&xbM-O`K4?d7z*$=lTHFhf)pTj^7vCfR+Bva$ZiUu2qa;vc(H4C}O!(t3qo=C5^!1^D`=PuKBw0 z_PG3wF4^C!vUtEKlZD5?+o=fxBaz!4FPs-kbAy`d*kU7yEcU{gI&4 zt0BleQ>ORXs0PIK2p{-#eP@cETcbKDk74BAuS0G$*-d*hFa&U1?{A?eVYvn7pPQNZ zgf3eOIU2`cTIM0&HWx#lkr4H8%=h|P0h-xLJvv{+^i;LXZ@M_K(BchiykB zfS+9`a61%15uNWy+!Pn|i$h*Ym1XW1k6Ux=X`EhrZK(@(wmUiyM%Ntt(LMY-Uie#U z2W-cJc=LZ2p9F?SeUqU;DjO)a!}r&HP|e`hl2}z{$9k6Q3W;d&GtDgvIe~-n1)mUN z<$EIW2Q_fuozp^fvVNh-bbpl5U2j-HgE(+{R-JVTTx4dfh%%ea6`x6D zLUSFVP-s=#_o_y`O3(fi!2I@&L^?@GVV~x-)opW)K_-a*W)Nu2tZma~ZQjcmmkKun z%fvxS(@NYUU-NOQOFkBVO`#?fUk#7h;{3SWyx|jn8$wlQ1UkjoWcDH|wrv|;no2y&#ghjzRT%l1JfG0fs;_mF^ zlF+s{Op-)XOMjtLc7G0p-m}nM{bj@zI=1|4L-5DPN4b^Tv{Pxf#)XGmQ(xw1J6P4O zh9n5B6LJGd0T*ktrAF&G$nv-pY!T~MgVTc@$^9hCKyi_Nugz>+2xj4);CsqxTUh}l zzraF)Ao-gT>K{jcJDUFsj3a#hCU%cYmrJYBER)=Bp2-5wXdqH8bz2Qf{b{@b0f1st zCYs5=Q93XCk=1L1Li94trp3f7n|A3r)muzu@WU3D{ar~>e}9@S38}QlDiGDis{5!^ zX1?+y0$VQh6+mj<#>$<)hd%Uu0F@2H?>-geW#ZuhN5DzhN0;Fc_&aLZtNUEJ+d%<%olbn)rsiVKega_4d5a@r#J6|cRnIv?cjG)D z9Y1UFDVh1`dFzYvuk4G`v7S@ekpi~q3lBv?Q7e~=4B{^!HL>{{PLbvB{NQ(2 zZ5N4u2n8SnFpu*PBPhRb_Xe|43>zp`^TpV3jWn_JW#q~2KaFJJrO9MxGWzpKugBMS zKc~dwivLzhg9cc$SUv#E{$MT7D_0=83xn>azG34?3^aHT z9HY2IBls7uoXBY~-=WlJwlS+&iqAq6-fyFJ(;rd`8SMBdS|H1*D^`G%GBlhPk(vFKp}XFKbGS zkLBVz%zkQxk1TIze>NlrZMkU4C;u7|@eTFrzPGe#%jcz`7IZ+xTb`Lgo@`hj>7YNn6Rv^5NaoBn z{}>bCxPcVEqUz=PU1z*;4a1Q@imz>Nnu>3l{){4arW7*c4Z`3d3-#Rbq^2jyk;!Mt zz4ES*A3Z`#i8Ry`3`Up|39EpKQ39%zXRDsz}XnxN5+IGCP+Vq1)(me^=q=#FBkxJioo z-ne*lk6JqNzY~Yo3OL0G82V2MlG^{QDf#XaS36C$Cikn4WxYg_B+MhuEI+7_5%<2# zJCM{obsjLi-AC8=U2&e&3;4}ij$p>}{+;Vblt&8_H?0bhbROLqT^gUQVIjxNn4{_5^CBhQG{g*DIKJf-+s5bKbK_IeDj@C&AB|z zcj|-fM8&IJXO7VQz2Xn&;eZPj++o9(0d(&lzP3d~?%hVem?_x86((E=$6iSTG$;=) zs)BzLAvMPjoP8`;UH2INVUp?J5G}0M(Ps%`4s)N@q*32fh+`wwRzt-zq@VkmNQE}3 zeFWg|{AE(JE#-=(-v%Pa`B?Pa_DYi9n1eiwhg1g3KI7)xp=W6J-i^unl6%jIlO)k1{$wywk%SWgN z=nkAhQe6VQ0^)B}IhIgYdT8-(LhQ@EI2()Yy;&LUZ3Z$r(r5}Z#e`Ck>cbh}T z>$MMG^uEY&U8k-H@vNa_F;9%`PRI;@B4I(^qCt3dxMUN79;eli2zRO3N(&bRq3LRu z6qh^j!CQal31PI$B)ewD>iC=cx`kMYoWT<+nX z;eeJ!V*A}IORzianRJj1qeX@ckWPf^O<8uqZJ@QM!e4XyQOu$kGGC1pYy4zN}(jTf2BR6(uiS>9e>j&!d_{u!n-~2 zHQFvN5 z4UmI*TW7AC;qvgeQ6NyQj{J;E*33W^|#|hc=aD&g$_SRAWRNl^+g;oemoQGI9sX9JmS=P znsyN|5B^2tarIa{oWi4J0E8xszJ1{&55L<_VHu`JEs2y-vJii zVg0_6dad1$fSuVg*JmW>A4|ti&Ev?iC8gd*gP#?=6iCaJXb_N`%hF|(Evv#*5~fMv=C|coKQ}0#wLitFyj0Q9$n?l9;6|1}=@iUXDF&~-Z<*^K zJ!=-5Y#hZgS<*eVET+`ZuZT@Wrlw26lMYpskS_PhrIpUruA1=Z4b_<=Uez*B6PhIo z^(oM~T!Qw0hurGcA56SiO(G&Lvj@4#zG;lxAN6obrnJ{ZTWGWCBgn!XPPJCzM{D|H+Rg+3ZR<83sSm%8N-A4@1 zdDrp7K0wnybDKW940~m&7y9X6bV~oeOq-yoOx$So`TFZzCR<9Q9-~mhyPO;6es}^& zw6Krj^-ju2=)QhHD1cYmU(GrU8NY`sER#@fa;*fXTB#!a3^(bY9alaz!(-lt^D8bf z@$x(rhn;7a3*O@$adw6RI`=VrvaeF!86Ri=IzWcVSw^Xq)4nbhg;AE9mfB{1*`N3y zaPIQvN-0i{BJo8^ZFHci-UEkfLc6m;y>n%^ce&1M%r$S+xc_epgx$I%u{*S8Ax7J0RvYmin%2=ndMy zKzXK7m>IrQuXfCgRqS|fo60D8&4q#4I!0R^J!oifx;Hz;bM2;_g53-;1AFijpR;Ey;6Ihl-K;QXytO zZ5JYDB|l2?ahbddRbc+0tm833$RO?)LiTIa{sAj!*t^@i=O`8hXJOm{e{eX$D0Iog zL)frZ$se2eLmE@lGFt^2zuj6FWh9^LA<<)}EOJlGuh;1yt*TVV-85fM$4K>8(<4D} zvuPmKtX|^y*`SXvl;L8wwdQx1upAf3t=g&>Ztc1eD=C2?z~RzBf&+U{X2k7&kohO@ z`hR<(vg81;^lo?Qyy34Q){-*#(JemN>TFry<)cCOg)8!w^j8z5atA)AmD#fA(aLWm zFF#+L3==c*n+5gv1&P?;r{@D*Epf7_(sPFy>g1iRdx+I{C?fgH>j^vB8+c3QF>RF_ zcEp1VJaN&Zv--N?qU3oRj$pHoa}0CY=ETtU!nd(sqAmsolCVmYsoJ%6>N;);#TI(epYLfuV1nIGsjeV+X=r+%tD=vmQsEX({cQ@zNbKqLMsQFW@ky`G`*C+$t-M$ z;wb{p@dTr>;M){8_)aenpuCY2u*N*l#IM}Zv%7D?7Tz(9ZgBFg9gR2&=)MY07w(!=OJK!tayW(=@)o^m~l{ z`_JHj66j>R_#Aaw{B=MwLS@v`A#&&bc(=fPnM?socN~u?Q7-D0<1e8BMHqq)doITax#=TwPsp6Q?%mG%QCxJ196DS1TY&^sY(iWuuFnQ z#7AlynM80u1|5t0O%}!&?}Vdcwm+vDRLU>C`Qa5vYiJ#(L_yK}rFsMr;FcTJR`^Rd zy$-qX$IOhU@<|c89r?^ld5jch)`(eA1bDWE7bfh5u}K7eN*QSQ8n!RSSU1k^W`Y=v zV63y1yxns$7(P=-B4@Y34YZ}?Z!HF#r!#T7L+I`~f_3~1V2EnIQ0^`x-Z2)%P}R&hitjI# zBILX3u!)J;fMaZ$6yt^UUOKD&OH=}5R_L=ryB9&IYSH#20}EST(t;u1Q~-VPer55? z5-m5qJ$>&jcx>7?_M3brDr<^-8ROTt?a3%i3u9Bs@ExN}J$J(I&+@{tYFqtgKJBKB z>6ZJvW(OU`!Py8GCtZKkj8Hz+=`Uh**5wVUVUt`WOK^nz#M9H)E?6}+Jx6*fZ7Qm* z7X(#AzRY?UCK_K~{B^B=_pI2YKK3QRp4o5&yu(Co8_jW@#6TIXWC$+!- zzY4$5X_p);Rox`5 z7F|Kxk`wNx4dIV%-3MN)r+ZU10fHQ{#R}w$^cHQ^ls`&asi-c3?s07#<-Xr<&Q@5Z zOcR=5juBq|f1 zp6~=V@}H!sq|0wx!jKGt0%Pw z^Y!<4OZ2xH8y=OeCeanIDgTgB_1uWH$>515Nn>IXg z8?>7Z-j8UC&%=oeZ=+BxWgRQXe5Cy6F8Pmn zRc2-#2LcIfOsXmrxY!@-6|85!PM)nmH9_m zm7V19vn=&IPeAAkxIig=O%TTx35R2 zx))6yJ_HnS-s?X?NJ2qa3aVvqm}8r94Hsw3YX;;mqbXu|snHAowZ7O%scMm2oE$23 zAUS5n8P$M=w1}#j$1XCKj+o;qkK{loXMrwOe1Pn2yO8$j(=b)h)9_0%g852ymO%ze zn)?wYLM2pe;xr}HeUDcl>8Th3=Ccb{mK)<`{%suMk~8iQ*f}z|m0*7qNVJ9OJFBL9 zY^B%_R5bMuN|F*2+BRx_$lz}|Z^d^_$|p3>J$rXLNVJO`27-vqlgE6L&C1-MnGZW= zh_X>#8hIn1-V*0=!yfj1K+lJ#hR5RJe)^7(!-gonKkDhm+vS!Ql_~b7X3w_z8pyJ) zU#xv=U(=&a|6W*yvFgb(*18tJeGH(sC=b`;%>ZjWPyJ}s+>6|{B^aOq6gj?*aQbmJ z!!ls8d%MY-%#c-|F-RnR7{<@FHFPCS`OeUF8_-q&Qac^Pt93x>1Fh`j4X1RcJ0@ZS zPI#y4knk~&Zw4dZVo!D+V^EsTN|VKL3lfv5M9ki_%#xAb;JFy#i z`f1`^K0oJ_;s^Y-@SOMOWG{A8W%{K)C$>*=1^GCV{+yPNt?U3ys!o1{koNyJ3F^TG zT#Bu+T1Babx5HRqO|zm17Z@pTZmEVr%?k+2jsyY0ODG$vZThOEdekhjJlIqS>KB=fVX7RBw(hahF`?y!=>@U z7?Ji+(HMrFba?dn!SBHqtKRn)fB-JHy812iI__YQaUR+5%j{{67_>MOlc(NMqyoHx z_vh0EFT8oZ+}Z*8#K}qZ#}YUYT^t>ZRmnuT{{%debrS3azgF5-oh6|dpWa^qaPM)B zt@l`&EA!ecXl>m)^ZkZ1V(S<@;mxDSpk(nC4*?HK|Hwe%!WOb1x?$Lq^7^YBnG%XO zONGis_-tkhi`!9BOX;nI%wj=GS`Fsd9e|n!e1U*a;0q%4!b9z=h1xzHO*wKM!PDWQ{^)$Z>IQQ=T5*MeX)^KgbnV4wz&jaqH7&z{$v^$LhlHj4Xc zxBA;tI~TA_F0^1*G2%a&5M>n=smolTNFGK%D|kX**W)ag!bUZyNa?;xV*$QDfejQ% z>1mKjeUztU!UQZkcy9pTnH+>0;rvri^Fq($9cZwj-vlYmn{ghoWvm97AIpOt27V$q zECUW%VmqfV5iSzs41)m<=`vs{AGebMgf!P%%+d=aoD4BkAz^mvo)fc@c(dzov5Sci z(?ud|Wqu?fg2A^JX@9F3y^ByVIDGM&|E*Z~m&%9{i2HIgCt3Ydna~a(y<*W!&sRSP zu87|e@q1@6qk$RKK$ShGXngbtRAj;GcAQOF^NLBWw*)<)#36BrF5~F8ly&K#-4V;; z{^l|YO7Gy3kiYjtz_WjrYb5~*2F5B-*Kzw82Z40%62qN>5U=CJqU1&Js5l(`(IB=(3Mp|&c-MMFf9+L zCM(s>_Y?-#C9o3QnU*Z#K9Yjc4=D%TzQs!RzeSsL#sPgdU2%qaqYXy*-tR9sj|;#i z@}k2r!;^I+<1lyKAvbW5+6#u!+on_*$w98YOt16FW?`69d~(OZ&3;}Z(hnXy{q#!v zTFSHE)>$zijaB&CXVA}gvpR4f5Xb)7)+fGqlj&*&Ph7f=Un{o4R|)b>O^gAvtzfD( zkR=^6%8TY3RMZE4hEwwNvrzcv>+KBi1|4Qr75{^m4s)fsP2A!`=L6jBIMZ_->10{D zq+B0ZV4KCy#NDu4J`9q7F|$y^m&kzVjx z_p_`6y%~TJO^l2UmV4(Uby}|zNN=d6^@Z`)c3igDbL_!I6$clSdMd^ilrK3QRQ&_d z#A%ewQ?8<;gzh&jolB!Q-=n@|FxNaY60^F!JecNxS@siB7WX|`u664x6$bl6uumr7 zV1tA90lL4ZcTjbk+NtM#G0P$7P4*@BK#Y{a^=R^H^j_pWNz=?@^qvc{$5~QqO;q!m z)2Tdv%XRuhMl4HjN*L#gMcIOGY!(c6Ftm%H zG<5O6^*dDovjl?UT`{0$Ri`ZHR6}2a0-92~%`+A8k8tU3%o5i^ATGV-sB==`)JhuU zVKl`hub3qpT9|kzYDfN#?trT6l4mDdqaNx*7f>6!vFfs9TQxJM4A`;3;Cq&Gpw!hI zEJyAAg_96c5_T$?Sm%)a_7kibR0A;w8MH>rhhGEDuvp35wvA&uaa$YaA5EE4k9_mb zT5LE7cauG>>lGt$vhbkpG~(Saz!N{;poP`1DsPhsg1}LsOxiD#&ZwHXFhhnPfc7Q% zHFMZBcHi|pSSM~w9G-Ep1T8!;#fk~}*`SUEMqPUhs4W}S&aH(&M(E~gpQL=S3eulq zHhi1)?hBFHkg)iiOiGh7_zNt96d&ywPOjCY>itxgPjM6sG;(Wpx6){0S0ypq3C*MB zr4X`;Q67D{%YU<#noJ1o6QYccJ$l?1vhORa*e!~)dyfs0BTvP=@NK_bT*%gLYF5JR z`mN=d6q`!qHkpztB2+bWH9;3im>Cp16}&s{nUsM!DL;Hu$hV0N6pC#P)m-GKwU2S4 zBEYBPm$nq9aL_zUr8O{Sb+}SoK?zl%WQ05=_vL!^35n@6WoFomg(xo*RqybE#KX>y z2eWUuCOyeLp9Iz5#nBGQ5AIqXN$k3D+wh}+7IxbkQ3C8u85OpwmGdu;Cx^;OKk%BP z&j(GdWFt-7C$7Bjqe>3S0)#)8JKvU311SMa2fIAg^+ zv{ zL+((vqcioqZuP{=T3!)nzXnwqq+?7t7!}sqEq$1* zN{EahTr*N?Jkn|_6@6Hwp{fv_(uWW<;VZq)shq&v?d3Pu)S<38`f10LPkpj&diIsO z%r50ghr(IgZIbr7SJ>_CQ7eNtDa!tBNhJ@I(f-cYP+45*x+q+4^~02JSZB{?xV>Epv-g`tr;MT2kFIu}hc=vFvCQuEm0>ueq1xz} z)#Vv7=S=$tohQE&MzU2^7lZL~oLuQv-ZbWg8XDrw;cLJaAjC%d#YVt(=)w>Xw1P@b z7vRJt<$8Bicc?kvllWG+1ALXnv;9-Uv#;%Hljy1rY6}oi-1K0`U5|9pqLHfwD^9!$ z_OY%Q$&%e`J@?uXgAr@bQNG>Y>{o>hyi?~G_%SDI*QniO^W!syV5sA%P0s$Kmrwor z%p)Hym!{)AdUM4Q9g| zHtn_O^Qn=82!>xS1;*4;1tZN<3-w>xM$C455H1Rumb2Q&I)AMzXpvzQQN2y(n6097 zW{d5Q{Onq+q#8pgBv@$EDJM*@AWdMJTiWlKJf-aVij0ZQ480s_Yn^fIP)7Ny-UQXy zkER*U3pwm`8D{yewIRlDDa&15ZA{4NmV-4TUOnT^fV~*y+Dj>)TqWbY9`eKp$9an- zDV|D@eUx@0&Hsfp;=zVl2F9pda#r9i#2(t7omsJAD`cC>O=vo(!%XkeY$LW zH`~fag#KRT7=ElJh)lLm8jnl{-F%JZwqMF~3JCQe0KeUSj_`qJ%}I6CHVQridacvi9L(cO zB%jTP@dm+e7h|9%%Ee8Q^h**9BjGm1-X}MN(r@S-4}Y{K9Xox5JN}xogJU8YAY`7u z6hmp5Phr7#W!)`(jpv=slr-Hy%(uz)UlZ!D+2vo{wU>kzVffGa=I>RA@DjC|^32xl zx?o!rYI_?)@r}f`h%xMI%OW$0QGIB#NqDa4NeKXE;|18A-Z}b9lgc zmo!JS2Jwo{;d!JHG>o_NucHzBK zeYN@nr{x_aUdAOjJ#npsF2KAA{d`^S!0q_!4~nmy!2#(Ab;AHH%8D96M}&+Xah@%} z3F%8iof6yl^r{-Pdd;uxuLHb9gYc=w#zCt2>aawXOqhbD^tR7cm+FHOh`lm!*%r_xj z_=S$B@~ay>H@J_znaTdxqd{}u?GDP)8h$^t47o+EB+0HH7)iXXF*r;LXc@^{mb6*> zIAvq~p1_!>scpDG8WNMh?&P<2QYX#h6~@v0{%mh7j-oYa>O;Izn%l!c6YQ>~VkYbB z)CT70tc+LYcT)B9e*SMrmFoPZ6$J;v?{%ke$8pPlPIh=MDDT$#*Lv>6pQydW$%yw~ z+y;`si4*TN2-a^ha(vi)*#O%i%>IW zgDrsRaz!IuGV1&&0itDIh6v^|PoLhf>HEw#!A> z9XQE|%Ie}JAWJz`ysQ_MHre{#hxWnSPuJk*+k(qNA{GRu`KQA(u}a+YlMN!8l_&xG z0<)vd8YoGR?La3Vr1$PO0|riH?r+gE9c}C`YB8!u`1`nhb}_Q?Xyx4ddo+?Cn!@07 zcIc1GQ>v2p2_{A_7f za)7j}6|!&B%+vn;KFZE;Te+vC2<;NxtpI@l@z%rpUUj+NYqwSb@Fug1)~W8516*6C z2_d=X&0Kmu?#nLG={aBvpT*QvSLcMOIYAmTP$X9U9@AQoW0FRk{kzVye!?7oqF#37 zxVAxeE&a3k-z8*DX!hcd00=IFDmp3JOTChr{@$iXW#?rHm*AITHgtX<5A#OEqa7gx z>p%kno8?>&Rw34jsDu$)+JeKxM~NYWv$qXho35!@T*!y>dY@4SeCncRCJ=Tc0xXZd z1<8ELZ4KMwQ8@ghL$f43YIGUz z3VlwD>O9SHTC{Ra1}V`0WCi)w_Y^OrIwqQC^K9B78s-yq|B9Q+jt@g&!Lv<8|SISrL+F zrnntZ_FF#^UesDAIQ95P!n=$Gr+c3KEFv;!f#@7W+5_t26SpM9er`{c9W8@SLjw<^ z`zQs{O>;c55t=1)Fz@ZIm&5(zBoMRtLT_k4EKs$VIZ{+K?<^$r9jWOb<%GK3;EJ>s|6>ySKhH*h zb~Hcueek0(czG6@>9HszT0{}^;`V1lT9Q0Q2+15B|J}snk6GTA)5~R435FVS?=`Y~ zu5p-^xStVC2rWBrTTgn2evZ{>u`t1B_xPYAXDj@T-ht!=DF-d%q;0@YGo~-eQ+(>L z(o4yjQ4y#cj=237`%+Gu3H#vqAtEy>XW5%S`i4*R7a}AcPUFj}iEixj`+wmUS#1>JdX?s*JqrP`ePdqR#McZg56 zEjqum%k#6gGyTfsk{T6IHE?QO&UepC@tJ=?D_6&9Um9+xKeGbtug5%Jdjp@iy`#(|RR*8yiw_xgAtW|1E-EOK7nu7$jvDWkx?ZdWIB^QR`m1V8%YNiXr4s@ey$SJ< zr3F>4tcIKCfM&g@)>t1Dudc*JemguGj*YuUsGGZ-fIIVO<^>+n;mKCo$NDZ;w3TA(Lf#f{nbfT*2iduV zws@FXj9I>YoKK4L%@d->p=^3UnZ&o$_{z*=Sy<2}n=KPLzPZ2y@l&Dmx zU+-)Gnzf(9=eM>sb;<63NW*c(?AKbTgb6stjG5RhzMA~C%Wi~7Fa;q<>8$Y$aw=p& z*bjdcsEt~h_vYdhlyW^qlswMaFAAX)PA)K7$Xekd6U=tcamwL$d_GNWBmwK=C7I{o zf`CpKb6?vk#LuM?&YeFd_T3+~KhG!0rX7yVKM656$rr%LBKfD)E^De4 zr6IWmJ=a&3bkW?)6Pg*cP5cQzUg=c2y=MOQBKk)Y?tKg-tG2((bT>%Pg9?A#{bKDoSz*~R z$MQ+WJN5mM<2mh>M2SXFp!MZko93MmX-Hz!btjuk8p0@p&2(^AH0e z2(lD(WK_b2-=PPGY&Z&pK(TcCWU~ZAA#o{qkFGSWoCt+GUoXi&KrFx@fAO9QQ@67| z2R`wjf_HIBZkBda!WXT$WC(4@=q%_0eTF60C@@FAb9@Fw*5KmnNin&OXx%CCP57~XrPu3tJo{qoUHxfYarAYpTXuY9=Gkh`6N6q#qCpFVyw_tljYqiuBJu^zt| za_^?+mm|eaMKhY&VOO1-(H_pu$L62e_{rX>VpOTBCPmhIB-4nfdpDgC55pTSsm4Kh z{A5=s0_UO}Gdd@`u6WMXA0A#m#axpX6#QNgw_w;ZW_ZNggu@xaGZaIDjMtU(DUxi;di7JLmN>E zshpnrI%?mMDC@55d$8BQL{z(l6kK%bCN>sZ)}JrU{|{qd9Trvltvw8kbV)agfJjOY zIe^k7AzdQfLpOs02BnmAcS?7NbeBjE-6cIR@Qv>|Z~d-w&h`B{7qIsp_VcV~t@~c< zzQIlOj1$+(AXxBP3bwa8e(YzNzO=Vb15G@+QCgjj%^fz;NaIZjq^Ff%pV*v5)YKxq z>#8Cr=#gNjZNsusW2Zlo3esnwOS;O2O0DR^;6rv^wdjUd?^`c^4&NO5jr>~ZY3pM9 zD2Hva35dLZL(?xIk=UIzC&v)tV&45$)T#NY;Z^$GTb(q2LA<>MQGRVpyvon&OB()l zzfuR=j&B4X=Z2HGfj^gu%5YiLU)nk+RukjTKL0uMfO5%Pd z-G^ppY_*-9b}UJ|hIM<3XwsVsu(&npLjgrBrYb#GBba_1X0398xx9qzrh-LlMh zUR5oPP{LNLM9Wp#T=%p*JkE=GAG<;OCL)vJKeYh9p&PceBAztg-d;bI={eqEn7cGS z_EgZAPyerY^51|N=mje65B7Q~&hlrtN&W(yZ&%77?7^hPtN+5Nff$UpFcLxr?6=m$ z-D%HNIr@#O1+D%Po71?XQu8S-jKHtiw>m4ylq|$cpZ5cCl(TI)1-ID*ig+091{qfO zh6Vtp(;Z3jvq5Y%lyiMMR*Qm{ zNSdm{vbo>u`N)@4UQgt6r@#~lV1Wo*i&vSuTI(oT@qutj&F=Xt_d&F#k8w|fw4V=+ zEvgfaEYGL1XUsQQjqI&R8dxfR3`i9<~w)#Lk12r_CcPQgtU}gVyodlw+G6bxTME^0jq{UHj+sA8|Mks zte?Nw>l*2$Vt=1A9GUeD<_JEQlfXL~{Tc@vhIXIh!u)R~iF}<3cQ;lTl`z1vv=l) zjgL;Hh$ZjU2ZcE5r&3OzH7$7HZr<&hnAK`%Pfz~rJD1Wb zHWHoZy1a=?>4++d_#|SvgL1}YK<>NkeKo6g>kJVKLy!e_EvbJs52*TQEl>fZQHP~N z=N#GB<>6i5kFrLGJIIC1n^J;@0L`!UY`?Z z(7Ud@UoH!y|8VVLKh1S>a(BzkAIn7P$uY2r@=u=E(b|QqGTq%?IIkV|^eEF`h#{4^k zkvfC$f^aXf&yW6{vHpc+-jo7d=VP8+-HIOK$)QL#uhraytg6~H!+MM$uZ`2~<=WkH zLd=6!-%Df1#dF^Ss*7c>)W^;P=L;y`qnpP{WrVqhnwV-{h_IkiuZfe!GnZ z#PeX1Eyek$BQpiS2_X-Ax_(X)+bTGVMqO$}@}0IT!{^s1O?-)~rT;CCm;b98uv^0f+s2 zu{_?wp#)Hz^6ee#q5T>E{uLgt^kMg*UwIP_pDSL?8}OXGmU@xWptSyu+4=nQ%H@L4 zQuuB=eC;!57WDTV|D1O+ay2TmUPF01@*U7+s;%$;?7aYUBoZK`aPsdr(4Qxlzf4}ke zyqqAkqdd1-@t6PO_k77{!lwRgJCXwX+kH7Um6L}96IQA;>dYStH1fqhCX!6kv-ucs>(8i*J2>_gu6}bl(e90?AqFL(P;dkPTci* zr&BAok>u4Q5!XB4lc5)&l$ya4+~zI^16jz~;+!Kc8OR(HYpqq%6k=V@KZe*9F0a^{mx90S_^z20HKBFHC{|EZw?q^DLYtSgXlulZ!yEc_PT z`dyktX;!|@RTQx#xKYZ&!{X2V@uL_8t>jQ}phScpXT`qBIaONf@iTGFCSt`--y88J z8`9@WNxuK7I&AyrnPAEYZZv_5CY4}#^&P?TBFI+bY=yw71D(dT#Mzkr!uyoOc`I+Q5YzCwV z@I`Zd;t#6VTf-bK(r&lz`lViL7=jf+KG3BRZT2E~r3<5X6hC1k{p^~#Cb`|}hr-Mn z`B>0yLh_Pu=4Zj=6rwiQ_N{K2L;#WFhT0Tuf*9$yHw*;7;|)YgBM7tM(xG#{aS)_z z{~&C?UO8!V4mBygS3SUGwy8Y3zJo~BYI9jVn%Ybc+XOie>@4*mJr@M%>vG|?Y~u1g zP8lzl1)<;=FJsrycgpJRP=Ionw}dllTB zlPsZlf=|NfZl8j#i^9&Br-r3#CQu~BrKl6iZ_LG4DFP{)Tfw65RHIGF&M3yZN*YPS z=Y+zDB8e^|MGxM!MZ6Awx5PYS(foH<`6C+rY69MCZ-e7O-wXpTDX`Wb{<)EE0U&^c zHyY1eP}^#EskSH6jzNfPnqs#o-F$kcoBGL}-j%ZCPXa8av(?w&fcggpdaldMv3d@8 z-UwtBVv>b`K7bI_{3qd|Vlh41RgbOS;|<>s_;jKBus#1=1vX`R2x5U= zV7}o)C7PRi?3vITS@>M`yC0jycYY?nlFj00trp>miRTHnzQi>`2JXKYwVzK>^@#d< z6g;7$Bs}9|<%K8thnu_7O~|Rw0xrv)1)2!|e2sr>N*V)L7EKe{w9{WliY_do5FkX{ zkO(&W_VcJNbuNr=SWHN(D1}cO-Nr0|%czn%T*F0b?Az0Il+Jg(klQ{&-+HRZ{R>L- zuDPKPU)7Yg1OM5M8suYgS-q3<7|XkU6{QUNx%w-V`3!C`fka|e)H}y#4hF;vy}^Z4 zMDob_=$wF^T+aEYlW$zTjigNE4GP|LTI%PCxsRp)l-pm;V-xZ!-nQK8kfW#C9HGgY z44Z!p%5u$)qsedHk~|ypDDrLSuZX%uW{^e*``Ti^lr`c-4i@(`B523zcNC@WDEa)= z8mkgozos^heGcd%{b6Hon|vk!>d8dgj9zym$mR;ybRQ#M9sH4AX}@YXmaY})?kI~Y z!QXEtoRsQPd1GY8j<==Su#uYTq(@IwYuvnPr$Y$ru)G-A69Wo**F zn?l-u3KOZimKDcvkR>V~aYJ^|1-2VdGx*C4kd{<&gQ%Zz@+IZ$dk>U4iC#~8D2x2~ zqrio!sG!{%tu5UtP)&0$2?S{b=!8d`pWEe{c9SWq$5RAdenhEkEJ^-`AeM}1dp=%1 zMfbeoEYZ#*~*kLp8v5>w?F+ka+9&jE6^#c;jj5K>C?{>39l9<{mfSoA% zusc;0X$9uLujR20lRB!dq%Cha0HgQv%LG8~qlB~UxgJ}h1XL+}W6QutllbbhoY`(s zgH4`4m=oUO4vPzk-A-yQhm)w`oh1uK2)VmlI@1dIZx$0EI#o2f)j#j=2nkuboa}iX zb$q4Uxc7{vcDXgN{8mnUl1u1K)iNV;^B(tpcmmV*s#9CUs+hD5z0!`CqoONGa;>g$ z4m9Wo4wP}|2fl&hLA*MHGv4vH=ilqM7(~9)v{QZ3y%+t92T=BCn93m=nKC$JIZQ%5 zAvcVPa4y?sC}R!YKLzQqtv+xU)OVdo(nHTf4q>TJqr`O> zlSF(!>!Cc^p`)1%a+-`HH*`g5sExiMCy@@!MLaTML9TU4R9hv6aS5|X`SF`cPAfm@ z;k6h)=f78*52a10bL>BUCAts(Bb+2>0gsoo{aJJ1zMld~26iu=GlN~O4*Cd!j>#24 zLoPRq@aspS_vbBW?zr;h?>6$>C2ZJ1TnnT#Jr>-W7izgs#r(h%J*B%J(-UuA`1Kqg z`p&AhUHQlCWZQe72=)!mxEG*?iXnI!-wxb1k(`{ms<6Kvf$65$k@ew_l+JhgP<2hP_EBF{JhzRy4Qx3EJ} z#7*c#6_O3*%BH2D!+$KB)V9=+~hPH)#mDQ zk5YYbhMJIj!?uF6IX~Fe5+Hwqak4#h-<}rLD{kxCx;?`umR%h!EUR3C&lehrM}Y=muQ#|k3X?l?A_t3=Xlw*BoR+){T_W0GJM<~r>@*4s__QiQ z{%Bc2`tQ$98fR-G4zijX)zwhu3{01*Clr;O&s}S-P@dhnQ|bPKc4H4kBJwOXz&b=; zw=dL%ovQl{SuZ57UKcQ>Cii_(X`U!G*vi+6Wm?B`%-RL$rqc~N^wLInm*e+48&fNw zkDEFU(##sVZd)Q>gG)Acd}L1&p&>4=0j-Suqb;%#)IOuH+{e9*mFel@FKHv@bG=xXUo&5uob|xUmfwyfvGP7Nh0*0NP{lSBo|d+ zmVX`y`4hgDz?kJe$y^`Qg^UH3_wrP_+S|{ z*{{vs*}Kft>44HqOZ@^VJG@7Lch`W}!ScQk-O6xYv`7fC1**lY1vjrQ-4QVK*LV*s zc!se6%gr&2e#>nfEsGw$t(|jXNKMJ7_qG3t;?+7^j2fTS9le*MB`&MKML4&cg*~sI zYg0>i?jMs2D*|S5?+P2n1P%HChjomdrM8$EvHb46dm6v8b256^Mu@q6Ie}_n#naK> z;KZ1*ohl?j;But9e8XNgt#RqT+6;TaB>T2;7W0w+#@C)$@+K%oZ+Ll4(AFx-venpc zBhh*D?v`TOsqMIX6k1&RO^?EuvIuK@*)ag6rrFtfu}ISxc;iyQZ2ey5OF-HqPJKH= zwJploG?wX|g}V9si$1FnqlW6FLL7|o@mJn^!kJ_IHr(8w_ zzWpFV5yPU2cd_VWcL^E2?n8NL%%V$!4`MEs2=}K(T3dWkE!>B9-(VsX)`HJ6>QNGx zZ%HN(VMxSt&ccs&YfttA<@IY9Jm$8V5gLrwdBtU)4O*VLAzqS+f%=zjmhM80)+6tQ zLM85wFWQ(4yi_y3@GtSj%Es8)Hych6E_z$-F%S~LO;vq*&;{W%s~fZE=PSeOX4s5e zY_hPgK_=~cLckdV+}Y{4vY;6ml*R$xxNyTQfiOHsUDeSp!^K3(zq_ZV^<-F7E?QJ& zTLkPmDXz<=>_Wi+?R}704Ht^8Pd{BdbWe7ueeVz8sY=~_$NNX^5=7Q}ha&Z2R`PSJ zyZ#NHqjt=VJ_=$BEPciGcgA<)PDbQ_q09ND?s4!#kq^b5i_M^5*udF%N^Rn4Ap6VS zxTJ;|-R5V*yO;|And^;D{jDa4*n+=*$^y1h>4ISNW5#N6~z2Dh9L5Kw6H+ zV;vQO@jhUA4l|3<@hh}CH@0QyZR5z@Va zX}>8x`Le}QP!1uvF71PSHupVFVZ<8qE?}T?b8Y)rMU8jFV=UVQ{w`!$Z36SvU*z=#BmU9Jhl z&u}a!=YT!q_9rg)Tc(^{#tz^4Dk~GW7b(fk@$l6$RI`!CPm2VsBfH`#6%@{$D{yq( zhyq}=-2=iDvc)}@#QEdWR4}e#wGnHxsktZp-b|pA$ZIbAmDC% zZavKCc^cOn@28iJP|d2+^eAQX zKJg6i9;|s`uxb6aoxi7c>S;I)WJo}Hp?xNT_@?ENj-GigQEn=@Q8szI5%U``5Y}Os z4_J!jqHZ5pk`~>D(WF<_V2mob-=d5LWgidDN56{2c;8X-AYB* z#HBP?_2uH~zOG$#gy#Mr$!XH&(oV@`1`Vqc_1d#XH|k#Bv3jx&&wt)&mkZY8?#~r5 z2`X8IVcxqxvl5WPp0Lgg%p95`H@$xuH{a%#aOHvxcp5o~nqEVR!fzI)uFtkM0cL1n za)?gD(g+NQD2~^PWjw1;K$>em+p-*NYNJ#?-=JT0(Xd$vb2qra&#A$?%SI-J1T1{N-IB{2A_QEiw-DQGPpotCazc@saJB*NVpbsAl%96 zjyovOBw@}|v|~z+-usbqY=9_sGt`(|{$h7sV^OyKnhTuT7W1+`=Y3uabJ3eSc;*IQ4hx&WaO>%3CQ#nbAe~JgSfJbd^b+ZJz}>^qL(jd*z8Uy= zgY$q9VkkRovLR+%;BTe0qzZ+MX!_OijOOD;!k>=?cS=z?p+JEykf2~eP>+fzEKljFYy}yuXQx%*? z7fc!Uv(<%W=ciwR(R0t$pX+bkXa3MNIU0gnKIjgh;L6#A^F~9LZ$O!8@Rcd3+e@;H z*#`gXik1vkXNuA1PnL3RDW^AUf;#{eW>7A2vJ~@04ZvZ~VN1fC0D!yj%f;T$r~IVq zDOnBBrI*x8G$^C7A2LZM8dT`e{QjYzT4gUaZiY#`0@zj^K}o!<^bW)&`7V{JbM;>D zH$lZtjk{&)(l$^9cEe|L&Xnv=k8EM)@sylIeY(RMwy$mPMEHbwkQN6<8y3tp2lw~0 zQ$>KEC70(@8vJyu8IDeO?rvCv>&cx!ux#?reC!p?oVvu<5k+!IASw z3E@OLA?(*v+*a>8W&^QI+f4HzGL1BB88lZK)fqO^28USf%zqsg&=umF=HA@H&23|0 zQDR{9$8D%{S?2oW!4P;PRZx7=&AS;Q?<`(szgFkQ`3r)!`FZy(+%MlQ#=p;ku$Osf zYdOdq)IKAj7MR^`7;h!7Q^wcM<7l?SI>ncce;V{WTQ&kpZ#=q$&E-A|AVoFapnB2^ zOMgZ${hPe_ldk$r(PRNV0N2ugL!rNFfPe~&j>W+8u%Mka=UWg(n2WiKK^f`eCl7e^ zpGfz=O1kqr89JW3*OA=?2B;2%d?bzBwu*}0b^8KX3V;SIGF3F>(uVh>xoNmHI+j5P zk7qS_K30?8|fSdYJ; z&`!2#)!t|V@t({m`rnMyOv~1B!mD!UOUb70^iPfa%ksdlc5&8-g$1p!;Vq?4rzx}o z43J+~e&S9tIZI{_*g+40YSX)Ib27*Tfcb zY~P`F%3gf3n6Fb_Eqb(?bUOb%0DAJ0bd)7k7_9`uLuk0()5Xm-EwmRDk=#&Q{q0IQ zIw1M0U+J;jQ4-jbY*L~_;6hFgA*z(FFn|%dO=zyXoAV)$;{+jb{GDVO7m1ACpt;~W zijN%+nr~wZ5j?pCdVxI+=UU=yQ_X!84920Z^p(5$i<7GJ%l|>f|BbQe!VE$6)9ZgP zp%O@|HULY&_k3`)(LLF@FIVRoe4rL35b`!n9F!u9N62S2{GohLDxTd$qETz+rAE*f zYeq)*_zi$%r2c%HslqtT66@x{5=ya=_EE+~>U_==NFL^squH&kq`$fL>@}BuaD&T; z@bX(8xq-u8q>`KWR;Id%4NQT}f4GYxj1wf)Mg(V)j~Hw&`v@>7YRWgAnFSt^O|T7c zUVWzh3NSy?70R8kFwCJ-JppNAmg(0%)!~wA+>wbCUOKCcOP_0EGFJwkh(0SyGd zrDDoeC>PV%jltNT#Zo+vSMu;}NV?G8*%23U!+NvsSIWVo@?lHJ#Fx`Azrk~wyx!w| zXKdaTdx!bB!cr#b_=Q4L@_L@XG!ke!{n;QPw&R&+#5N#T&XJ=Ofit}7!Q$Lm#%An& z&~Ox0HA0XL(n5Pb#orwkTYFuFnyF_?kKqdPy%{}4z8<1d#@X;+@2Afs?H0)0B!cxD zD@Nd3cY~BUh)zKwfsclQ5ZBnJk<$%6ChAG>#!hsj=kAdjJ1e%qNfWsPbBZy_JZjE- zu&Tw?k zxyyafeV82_ZIk4Z?@rsAV=rN7Q!YvJy=T3tv|Z%n?z1Cpfw-YF(x3xDCy;Rdsgb}N z0AN%WUpfH<1HdN&=XK8#E*t*ED7PfBdYwV}ztCE?$ju>U%<{xx;RX!67qkixB& zEb8zV@cRfPe<$jX7(BXIRgH8UY`L&!@NBv5o?G6pYYf5VZWSY?;OTs-C-0l(q%n}Q z>yMHHc%=tt-nQh9M~|Cqr^9&cQp`KOXQ8;PM9T{Ij)1I_1HImWzznFmufC-`7E#WcSXSBY<{ui_IJi7`V;)aoO^qz+H4AEYZ?Yzf}$xhw=WT0!x3F0t1 za-%L`9i}}EDhSv1J6KnHg_`6IPq;Sq+DiimvV}fRTP_1r8zBdVcm+b0g+ZfvBY>Of zQfo=*1%KU6F);Tm*5?b@^Zhi)#IFCVuX?_!S>w1y8?$wvSk**qT0;GES9FHVfK{xr zhZPM8@C9?|j$pK-%+wF_aq~|b0pdC~xv=D!gTZe>;teTi%Ui0brsB7EF2msC6mb?T zJlX@)c*@xRbtA&9!EH&J>y^es^f_E?Mi!kT$(kq;v<+;GEGp+yjj8t&J{K+LAABU( zwgTR4Z0>uFN-e8w4>fmvCxRgl#%-eK>%KRL5L#KQZYJ4=xh-1REt&!^c&4RorU)-{ zRD!Sk-T;o|I|eC0ZrEjYM z^}&SWSIdSPYHF~Hc*U}|2Qe5)5#vAJnCB{ zB?1j4G{b33=2IGVRa1YvN;R{1;tpdts#`404_b9XJ^#GKniA;pz~XkyHn=z_4`n)z z%NT*xlRgTj_4M0x-WRyTK^ccx{q)}SSdJ8R#HKs{$=(=z#ia(IjGiucNI_cYcYo_$u2^bYty6Bm3FHB$zPxPGrHb=A9k69foTc zOW>U>np9O*ascZ-^JB&Iv80TpORJ`SX5UjZ%nCOCsg%~3$&m)=oBKJ&sy3CYp@Va` zz;A=e^U4T(Z3Bn1hKqpfkT6hr@sl&&{peAu8$IQ6aM9sIaDDpj_;Wi+&_439)u9%e zd{*wp52PwU_<3@zLnoG0Hwc)_X4{9RlC;+`tIAKxfytXKBLtf}M>%Sc7qr-MxA2RV zT*2PcoCdWsQy7ub2izQQ5k%3P{gB@0{BhXb=Ob^L>BgjpGtV^`WH1W^UW@<`x)7(K zQ{R{qA+6C^Q)9#SO-dWNBXzV&!T(aquT+HvemI^BcGPC1cCB-(|I5f$Vrqziq04FEfeYs z!x~LPQ_9jU2KT`7*w%Dg$0a>rDZppv!In^l#86CAYD%Xj#)WNR6h5ebj6%36ZZ@yH zTFKwUCID_hz56VVj*$lePxb6ZIHR{c2;*_($`5eRJG@i&i7K645AKK?TZGG1j_OvlxXArn0T*nJABG}4j@a3@Wd;>T= zVe9ZV^-xJ|nswg|?F!B|lsx@f1{ZD2>=QeCzZ;w zef<(c*EM2X@`pE)xC0-G7%t8_wNP%Z&oq|ayuUBZ0GO+eYDM$WQ`^LWf4oizV`JaV z#FkJ%;x*@TMHaH}3$q|gD-4YT-xMMxZ3hG2mO1_huk|+oL8FiATG#^^m*>q}ujIwh zweQCD{}sgS-9P}z83NP!5P)cFxg758{ zHBpI~wpK2XYvI8(`MfG*n^4}gHNSHgHQM(D9x1Z0SG5`A)oGKgxILo;3;*|%G! z(zA*DKBkmp9XWuav5lV=n3V51d_9~^TyQ$)JFiz6uqm1BkU)ItPWr({l35S2tep_9 zP2MamG`+fyHb$9<&^F_8R%=9$L(7Itvng^b$C6QEP@^}nT8wM-(0MNcR@#mEt-`Hk z9!0nc^kyp@cnP!YHox9|Mg`$>{h4R|&>3&dLX==>?cqjqhLT8n?B?ZURJHha;yEjR z<#n{bgSw;2G}+u;e}^ztAWnCbrVuhBj{Fq!)-s{bS6M{xI)+ya%M{bO_KER-)z>fq zHdD-_B&}n?f1U-f;G!V9cF@_NkKv#DSCANVAA-jG4{J7_^ya_7r0T~(d&K<=qGARGF%z4Hm^ zj$Ccp=_jPZo9bb!CnLO{JjJbcO|HeS4aYQZja^9ddy7GHC-gD>h`(8_e-s0M6q}|C zC?2-lfZ?#_FBIb!3>d^`O59!tjk9eSz^-36o$%v{F5v?5!eX<6^$Y^_G3xJ2MjYq+ z2X@~_0>**Q0)K1{3PYCRi1iQ~n8jS&1Ri7*8PlmioK z{o3lN8UBW}|Mdv}%ZI>PRDVn0IhFJEpKI=`9KwIH@q0@uuI zMjjr|sv#jl_Ln7C0|}hhGxb8;FFAsbbCnW8?=vgO;!|+zR~vJlkOSx`rWzjWS6k~g zzE&vFj9BNamHM%Lq8MQ{L)~2^Mcu23O-M=lomyi5IhX#g8VJRO7@}qg((P6_|NLep5D5)NSa#NPA>7U| zLPF8Kdh?%k=Brp36r6^Xit$h4Fj+vbzK3SBlZDI33*Wch5rG6S&D0qp9EBB+aV1>m z^@9nK3MUokCvklSCW~kDja54eJ(W%>Qgky8mI+bU!jI97Ttv}1VXY`A31>Z5A$Mmg z8@j49)Uiwzi3Y)NNO%)Z`@;eQ?YB%%M8g1DF#{6AyS-~VLYI$-OYN=N_Z z>A&dsUQ8T&E}dOM$r~a9iM3JZUu^kdpP7~V)*HoQ*>xmPs;6=Q%~7^*>S%Ib%+0`N zAbh*2GLlBIV{7Y$MwIxcmB(8R$m98Pzmx(o&m~EjLJi`5)Il*bZ zJYb9*;EHl$B9I(Tp<)TAqfty?r--)}Mdn0Z)48eZW=RD6%$BRaY21C7(zH8kClk@= zZrS@%#6?V{Il@peSWbXnBl=MgQAFOu}JK%^Hnd^*rei z;XDDGI0I*Nj-1<`r`8;HANKrb251MC&|zgW*BavXOplX=DhFKsu(x|yr>9cDuF_Q7 zm8KoR1>S7peh|8k?p&9mD`Ma6jQ1&~-4!{;&*B)NH%${@jy#GUuF0A%f&KsEwKoBa z4Ice49`^k!4x#2^60`u9S_SIEYDuXcv(Eue+CS~0JeEnVfzfKJATSPJr5UT(w%(5Q2zFek=Tr&cfepYPFOjvoBeZ6^jkpmI>s+R24B8f zRM3|*vfz+s#IOOJIQAa3AQmE$tuN;eEMA}z=7JdHiRB2v`uanVAh01Qn?O3HBO-UbT6yti&C0ZR~Ts zUonv88~OMEv9{UwoxZg!Eo=sCw1n(mmJAIyVBJ~4}RTh=icL^MN zv>i-r*2!*pHyE zUOidRi9VDq?qq8$+x!LOHJOw-ZPNETJ@YPqJ%wn`fV@M(C08|!DKh@F8DLFk82-ne zoVw5m>gPhGB5{IUY7j=W-ZBm%1KFd*t%+hCQ?I*(UVs>cWOOv2yo z-J{g+d{C}MZxK5awA;VVQ0kyQfC;5FuLYvx>~Xb(Sl2|m&|S08vNx6Ely#iZqzN1c zvqd}TWqJ?}LTP|GJGP^18Y@n(tHW}2={Iz2s%fq{OYCuyNh7IgoOI0`^gx3xwI;G$ zvL2MOPx@|QH9%N(iPN1vA2(VpiJy(uckgRvbJ?5B##%czGT~8*pMw%Vymf^`?-_T9zCyzsG-2^1tebK+rT8Hwlc;sH4OFRz|Y_ zhVw24$fy*@PDYnk*)J=vTdT|lD}Lp}7E%QuN7Gdt9)I{8szInmB=7fYN~hDb;~N7; z%i`_LNky_@O8Zg_N`rS)j>s*?)SA0N;x1rZf%tZjdwS1m_Rbz<4Oy?`*!k3lDcgmChugET0Q*8F>h#L9k9=hh5W#ec5Cc2B=A+u`n}+wT(eA* zhgnd+7~EKF(#*PrHb%jkw?2Ye&==KFDe8g&u2s&U}i zl$lk7`pAS2stYLmV6hVT#oB)to$#5^k*`SDQ&44wWw;piy8X@iVUP}h9pdo4g2liTESzEbK?y?eh3+bZwX6j`fuKb3+pYgQR#lgaAtCM>K zy1(4k>?Wd!y`Jz=_3V4-zelD2Rf9wqqZ0WtQscj4;;$Cq!#98|5H9(q2s+A!nRsIu zrB2Cd!os?&0e+p(V+P!M7QF&J{>+?(d%EPgKo%*sSHbg=@mKMP#7C}?Y&GEr@ePQ0 zgRHqz8CVfD&}iB^wcv?!y=$^yW~#=_$}3vVQC)0dmMsN<#vRK$EM0NUgV7ieL164a zrRPYR8OkgN*GTe`kwfFdsw}Xp3AcL6Zj>>P!;-e^6+YOh1YP7k4iqXF6LZE06UyLW zJU4~4`_lXKM>a*wH{hQ>wC$Uk)h`?5TqB5dB`8iS1p!@#ff|G_Y!|~~i@c-fD<{)w zo97A!YZbec=5I%3GP6yW_+eTa!s)**+QP2s1I6%2tnU%TjEg)EhUPfu1*EiJh@I>H z)EF&mf+I46V>eA)p1b7-q{dGJPR zq$ro0*ik!H1lmygRx>}zR?BUq=*m-fcjG+l*p(Z){1JA?`UiLkRcFVT40x{V!N@QT z%Q~I(CX~l2C0mcD%M@|>Q@Ye3_mVB4Rx~TLa=$noF(G;Mhladr`Ld(^wcdO4D>=CwM{%SBDj0n;k#iI}hx{-<_*1qt zmt_t5#~*ho(*g;WSLo6;C$yPVGrMQ;zC>7@vC2Ef0ar9B)Cf;Fr9WleS7*V!qNXu z^V{<>AO!cnFML$0v|Wde4Po(*<8=^IYDf=0e!4XEOkuS0ZA!|GFc7Y)KD)FlpmQJz z%5X%PNU9qV*=5zDg|YU5<{*GGY1m)`RBt8GU-77>wEd@yV(LxEd}R9^A3vd^!BA5Z zWZ(jelF!PXm=m3#rx&F))&9$Ae=cmtme32V6kQ(!IatCtVZr_}Meg>R%K(vpDCq2b znA;5sz$Xh@FwQu5Ej4vDOHcvo<{IZcBL--FCPa4x-|H29IlSTkdN-mTxS_z5!E&;k zrGqnWmhU!dfXxy~v^Mvg(bohFG4WcB;E^G)4EDIsFFUV=nLa72_?q!lAi?l{8j-xj z%i--0B66MU_j4J9-`2&?QAI~OT93&V1{(}Ch-jJzs%C&e&QCX$H|@>r!!Zlqor_Kt zQ?S_4a=MGTWYe}sEd&NqGO}{}#FH^D$VF;1GM#B@7A>Pe6O5S|{oV|(Kix3^@6)hi z9#O*lx_?T;e?5Y&g^V{RwVNw-Y%D@;SF>8>r+d1fx+GRcZZ9ZVBkGM`*}if}&T=1l_tYN^9IuNo*35EROL@^NDpCrr`_* zBuNCVdkBP3=!{^Z^cPMzJ!7}&^R{O)QlJ>}*kOrq<8D}S5p+Ub@mM4qf7iW@^iM5- zew6-L?3;X}cl|AQBgHfQ=u^p8c^+k*p$c-I%hBD*EvFfNal{X?IN_Q4CP+#r@A zzILp~vX6wjd5@|J8P~3W{_VLfAnZFfuO?|m93DMoq7QD}>uZK$y4&t($tJk3hsgZc zxvcR_=~5Dz>ciV7uY;}StZyd>6l*@Zx&=c_)p8BHyA;J$1avqGLs)U%sgRErKOF5& z>4MZrDei}#d~W}mj9(8;tp%2zGBB$6{aOwq#sId#9G?Mmg9hqL%!TROQ#S^Y%8nc0 z;15A3`cUsIHJowwa;>X{^%`8+QaO+VkSiS53Gf-#;y;;HpcC0 z;Y>(O0`dt~*fqta*z;knSGDt*d{Yc?D_p5lSFTp!NgW1OrOgizj|jqx^Y^xO72{Ti z9GJE=9S;1`=)>av#SbccGBh5HP&D7jx}$$f97tpsCbXu9U$5avAm?2>{XLiHq|Oqd z?5ZQwhuNw{sNmp@2wC!&PO= z)Qo`tqs&MmJ4%fa*hP&&{|RG2Bwhd*A03dI_eLMeJcTvi&HGq=k#K-2Qy6Fjk$(ZD zU{D_`01PI0kDLlpqIC=d{gw6nPEj=6?(epl(esw-d6Vr=QZ_QNTwcDpwgKxiR-Kd$ zIt-th_!~r(uuz)K>u!E$Ar#+urs`rgYD$@+XEt}sS6jD(O(##jX{v?nV_>w!qr1jt zJSdaD_bFo^53NEm*xj8*5YK%rZC;vNLc!e72!daMsXTw{6o~tKwzU3v*{VMDag4rC z(JUNuG5(2(T81-bZU#$GZqQ!tcvk87EpPsD%^lLIfVlvlpN`MNo+AN3bHbE8(gXdl z^48%YBmkZn7J7mq(1Wulp6P86R(v?LRtut^==sglPy<7sy@etCjvF=~4t8QIXP7

&+8maIbgu3%wO1usi|M=Bs)bSrgUhcY!(+qg42AT z2>cpVUXqwV9okkKmtDum%5ENGL=e4aym>NXmyifL_jBe>`E6r;NbMWidEt+21}4aE zr1Ez=PIT^7RM@+xg%ZOAu&nb%>hpIG;l9Jfi6Z7fk$FmPH!P6kq~#>DMZ;Ti=QW@n zTJInQUOR|VlOf%Ps$fn_1pdum{$SrTu1Iu$;HqiBB`+V7N0_3zbBVSG7;~3rM~eAt zAQ%p?&*0fVsGW2CI#Pn32qyS{guQiGo7=WM3>4Y|-KD|XB5g=;Deg{?;8rN^THL+R z(&7@_Ap|I1DDI_Lu@rZAcMAo+?0Zl5zUThVzTZDQ?~~*q>wVYCTyu^&));MiS{u>z z!Ey3@XnM(`vlpkmLp(?T`H@`Rz!CrYDdK5Na^s*}A(>dVE=2F$fCeGquDQSb~Dx zj$)xnv#L?^N6xf~ao=5=#3;lWr|OU6ZDB3ef&I&ATKmz3^@=@$zWGr8?6V6v}I`WdqJy~HXi z#ldOS&@q}Fc;T@9Aeo()#a?%vtBlr4VcL3_xfVuKUx&fJ^736LKMmf}6kX;+O9n+} zvN2`KP3Z=UWl8aG=%ab+BR*mp-;Q_6nmA4q8eMEL_0*K8*@OvV#@F&DvcJ90^*_O; z3tW33x50o_eLzpbe&oK+S!ULZ`7GR44^b z2E_joi=0HKB{ns`J4~-9VuNR3r}04iL2w)w-Cm9iCCN1pUmRN8J%h9DN<5X$ zv$D%jX=SI>E1bIN=KPi7tAwhbVpq3lwE(RILa)~5i^p2}E{b)AC(v3|fgS#!8mkN4 z_x|_XT*@w-a+<|XwZ*O9y^35zr`KJT3|@Z zX1A+&9N+2IN72;Z+2^jej&05$`CQC65woseULnj%jgR_eftxvhd0=(_mi&U#<#C&& zt-eFsl7;t|cgIzd3-7+^y}y2lP^a#W225Jq8h7DFjxjSx8N}CczLeC`?Y7 zAX~)UWMYv$N1-_^aFp2%k@ysC(cPZ?9GvNj{##XLkSkyKoy(kCPNiO*vgo-sw)L27 z3UixJ4Ml0)yFm9g^H*rO+6OyW;#P~Z8_q??Ci{kBXWvtc$vZsr)Cj48@8pE}?3{oX zquR1Jzp5zUH{1ty=KP^fgZ_-4*jOiPpuxZDQ18?eJ(qsanWk~adz0ytpA0(N!4gxw z+$`~m=DipE>VFDQA$U>2y61M{4pEq+H@Z5QT~CpZgZ%f_p4}eML`xOy(hsov1gnYU z5{L^}_-8L?`^ztqsVG6$^M)}OWeyFrH=4`WL;Rp;5u_T3xzgGNk)Vs~g#45`y)!D% z!yjnHZX7_GO;b97njZm)t36!-LxX?z$qAYw-t8St=-DKuw7hLYWO+<7Tv^k$!pCo? z{N#&>`irJ0u^qFqt86uK&I{J9?+^S=6zNNMK6uumt%u!RY3o|l7FIqk9CjVO3lQVM zs48FQ?i%V7YJO{(Ip5`+aL*#8Hp#ipGO$QYO^k8kR4kAD!6I50h4aBH6_4~X+7K8dxmZEM;t2hF2nJIn|lyt%bWQP|x2)oa%1TXfj)_W7B5&rA5PfqPBhFwpt zTBv-jz@K=w8a`RG+M>Quw4H9z=#RWJp3ZBH_#`s)U>i=U*U_pqvf%j4H{`E|)W6la zMmWd8Si#$4#T(u06D~z{)?JFF;oQ*_Cx~WREnMr1x}&w{$~ypLu3y@hv=kRl`CD!azWbv--6vU-#=znF(sy~$Cd(078f8+|_C6UFkw zAKlc_ydV|z=eav)55!A%jrLzJ61{Loh-rkW1y!737q-y&eT5fc=)MWmo2`DwvmTKF zZvlw0&*tRC6MB5XaB=5~S5IR9gAAMIbcR`hL}-Uadq(9&!21gqQ&Rw zPb~$`ivsQh^_)9NDh$!OIoLtbKZUAUI18g~aS@4R8VcR&)KNc2NxLim=(z~&`WmNK zqrNKJtkc@)NEPrBqb>tgz)9?u?Q64GjB>ZF$Hy2Q`07 z8PkEBKD{m%oDe!Zz5LG%GPZK!(DNI5K7Pe=VoeP#^F2fO&Vx2e%1VI?Kb&*i^+py( zqaSBDr?WAED@nwCxMj|MSjt=X9OISG3l@sSbZUkOhFMRR4<0PaQ^uQ$mZ4c}EHh5C zYKiBLq%J~kN4(-sG3=i`S6Y5dDbOL1e2}y#ba>HA*IJPBDVfLf6-LYe&orjWiAP)b z&ijfd@uk_VOzZb(xw*_6x5V+%yH1mgc26U(J~|QJ`@EI)o3$ZUgXLRr)TX*Im|;pA zCV2XSY(do*dH5eBD9{@#{_xbP_U~x-HV6*`_6+~L<@h)pOKgm*U~9-YrKb7t7iUhE z9;|7cR56t+GO9x&NT&_-g2koJ;=#V60fNh(Wy2=O3i0^<@vP9dezZrm>J?z773G$hww-<#SpLH==gq^sh2y9(};9s3YBs0JF<(#eLf8 zV%}d-Uc;J`IH3~-Tkdze?R04jM0}Fni(yUWSaV%T3|UE-uliAkIfILh^$eG5nbyHZ z)V}|%A<%iAy#tBvjy58{$C~v*(zu; z#0eh;$CJ=BHFu11Ek?56h}oAR5{yeT!FMV5NZw&%&?LNd$FS7e5==MsZ;!_cX6*0~ zRAF-fZFaaPy1X|ZBib3}xF+<4&N%nw<0NQ(t0EO$aoT3{Gvcq!EU6ro*`6~bccHv;x=heqPPX6Xbxf|y1m9KU^NUET(ySR-rYc3-o5}D#Qc<-4Vt5GUN zV?RVs>j??(S%Yhv`i$7hgD!QgBGK9bw@tC9y+o%kSu8Ii*Q%82tJ2^3o;&R#qq5Gx zK9-pJ7X9fi+5D`#$SPP4<1UFv3M+nh`c{^jlZSN-xQ zR#VJ`Cf#g%d;TrA)nkc=@y-)7IE~jK2MKm!HL79Jt6S7+WaEGQ^Wy7Ici>*GURV`N z>4two9%Ww~A!TKJUTJu!Cb99_B-8RDaqXWm5j3EVGui{>4!T&1#YyjAEcU6Dl# zsw{ZE9e(LTA@=H3njR`_y}#A~tvBW0}XI zHjm#dQf&niE#3pkEGAjLs`}1esFyisa6?2gNq(5L^tQzNPO5OW>Yw&Go-j23QE z*56!qyr|#)=?-!*_c!0qc+=ALl4O_Q^m7VxXnFkq4&Xn0 z^k36}BZZy@EN7tbqrax%cb)zBzx`kNK#7>D{Qr09yP6f)fM;g4&5Nx_=TB{X=dp(cK7 za&^Esu5vWiZh1T9@J!3y55hac9IujrX4U*5Ps(Kxvdh=GEb6wEL}b z7g~m|qMPdRAJ2LE0~MbB)M!!5dzfs2OeG2XJi93V9u7L&nTVdjRKtCZ`Pmap-+8_( zE5?LYx>fV4ae4H@ffIAknS@cws7~xly=*M7;*t@Sm$xfGh++EN4&hh$c3Z~1e$-+* z2~}Bx)DRiV&}WS-ezl@?m&9gB)f>-57DmQKWigNp;6W3Ne!Vi26+%QL7Nd{DC*ooi z)O@{$JcO_w`J!!S1IO@&y(ER6(->TAKpYOLT>5YP}(kS)9|imJ`vm%_&mFKLD}zu z9%2pWP2AN_^tXS1_4&%5`;idSLdsXS|@`!y3Vx&46z~I9nGmC$E<%GU(}7X%S9>>BBs%@${@~YG;G}ng3+N-iF=F zh<0DD^xhCcpWyy)%iO>O?B0a(XYv-lcTJt z&o*;&U6NS0C;*?iZO0f1onX~tw&My|NmfYa{1_{4jp!zcaR5$QM}idTP=zLlFBX0R z;w!e9#c6OyTgn#R+0Qk0&+@wr*Ga*EBxG{_FD3elTNw#UbyONMxnJ~!RGBM9d=q*S zMFQ@Nnd`4D>RP2(G22SM&$QO3c7BQd>~FM}-L6sK64tJkaa3o4VkWwJQd_pMkc)ct0V7hKT&zt4^k6?et1tU#$ zmpAz<#78V$vrKjDS|E_ZW)d;z?cI9zYiorF!E#?4EF+!`q;sJ0aE^YOps8&qrff;@d>(*l;a z&st-1L6mPdkTt0z(OR-7mZsars=gH$N~8mtdS(*4|FnGSt7QQj5tsEa2<_(-j?QU? zT_T_JDj7ap^#7hy<+bX6WB;Fh*>*Sshwpl;M2L>26@S}g_mX2m=%7HB6o$f?N)P5Y zTx5gO!!Orz0k20?Uwd|R2z7YX*$(OorElXk5egOTjJIVx-_i@ z18ZK-HOO_ne41oK#SIRiqvs$MpFn7TQA*)r2(?=e)IhMDm@~s&wrKDhxP}NtV^XBV zX`aj2=tIW-H^#nYoj-=TaK1lQ)$1r98n6FFK-ce23=J}A2Dy7^k}_-zaKx# zs{^9Q$pRJQSxUCP=76XxV=Izf{PaapxzQ$HOKZYJ4FmirShfV0PLR1@KOBfOkoncj z@th&~WZRY+_L+Vh3oJwLWVJ#+ydN_E9s6;dh75IoXr<5HZN-d%4|qz%uQ$HRe;V+nMPp)|g!coV zA%_^23tQ|`9?1tfz^3d1vJ(r?P_gQ5r~m#HMDMHn2dl)65{4tzvW?{WZ=Wt^MJ7fv zy~{TIxg6$&cqWbBpUyfSkiVA@j4I4M9CUm0#6>t5Il7_dobF2rm@h$VN__~Nyj6?6 z(m#cSXZ=DO5f&(CO`=U&;d%Ztv|A}VFJk9&WulXdt|bFl|Fa9Z5mp|NBevs~p59;f zfGS-NvvU*K^g%};_Gu2dS}6~#VJ+9^z@ow`ObzvVuk3z!uG$(SyYJ-#c4d=z;x1yu zBn%vGTG=rS=%&s>Y?#B^;ziNjT$q987%6{huG$PVN->s#qJS*VcA`vfoja*tVjUni zs{wNeXQ_?gMW3wyX+p_6P5-gw&flihZK368yN|7#4%QlPPpC_G`)lKbpwUA$wMIrjV>$-0N4y{)fAI#XSlUmix)~#^IYPO#b$r#E? zK=1AmM2MiB6dan4p(x*(NZziIXi+N3s;)#>==TI@T1~`vUmf{vz#rF2N6)mP63U`B zr;4?H{puiE5kGS(mO9jx{Mb>C7BHm&ck6y`O)~IhuihPN^mydA5($zPw26}1A57Sk zj#uL$)H3tA7i#;#`-iOVy5#A8oocR0PSlnIY*qAvK#9`L&m_A=harJ`wsF(oyG_v~ zuz|vVl`wU*a|CT{4b4dv?M30WBaLeD6Cr&lAB-mM?5^Cuv0W$ z|M)iJvy=O*Q#bL`>-_z01xRsgfzJmaNF^a|zn~qUU3NMZHsu0pk1cA7X^;ZYL>7b+ z6ebkXm2$M=k17wjXd1d$3av727*2c*_k=V!Bj4b!3_Zr}JCmy8q%!1KgghT~QfTe} zR1d5SUCrROeO*L{ms!7C*~iL|dgCXo{Cvv;yMDm)yIXnfPtLll^|Wpk;gNmG{7(j)@`lB0B|j==QV8=*foSD!|M1?g zpOlO(bOVta`fTO#xwpMbMpRYTik_1CM~yj6hhZt68cGzQ+uz*G6-{_t`?$& zNtMz38mIg1Dp}Wi%^pJRRw}#oH|Iw^C&=!6!knJ2r!f18+bw0MaI?)mm@&eb){dJY zNk-nFg+;X%DgFQ~cQLE3+}Vcio$c5+vbay#)n3XT1HMIU`lLs z!Ld?fKf@C>8*s;`P?+QO&A7;HJ&U#J)qed-6sTmW?N>~L?5sapR!D!KF-pzuVj}&? zrtH*2{Nu((GY*c#^D6P5G#;TvkX>LHS`t!V4b6^a$dH_Dp?RaI!7^0cV~)*AVI93m zi8UZxg+HRgP#T zSWWo*E=ykZ0R6+`AXiqhHkgE{S#Mdf42XWoRSM+O0214%<{u z^L5Ejsxt2YnW2OePVXf;2BA%R<0$!q z9W?vVrmWcRiPQ6$k5%UwT7Kxs z5ypl;lt!uXMel++Qpgx!p>2M;Co2@OTL?{B7^$kDtRd?Q!lchSD4OZS9%Csc(--=o zO&K{FV<9>~2SD>fGnD18k2(YlX`$_4O74|cRKRrab$M(azn96z5f~Q24zj5uQCClH z!ui(yUo%h z{wsKkJ*9bfe_2y;xmazjXgZD?4qby9;=?7BH9Ym2l%&*%LYob(THkc6zRmkAyksdF zt_;?i+9BDJ64w}r?-0Am1?-|8oWkCvmEg-J?!WnUi;EPzL0O?3adJ41wE| zT4Jn2rq^M;QcQ*jjXor_goi$AyaeucF(T3kf)eHWMnQ+#yBoc;jE-+q7 zfVRO&w`kW+m_qQFuOBVtx#ZoY4DQY^vloNjDNz&QX|DPvz7vNSNZ< zOF`op+Og&>h2HwT)>A||$N>>`Yn<(g8)3GL@)0fyW~_itsng>%-1Q(ni>L_6rIsfZ z3U}0-nLwx5?_Qqx;c?WeRRSkFdGwwL9>1S-6NmhB^1_z?95)H+Q9Hv$ZntKC z7gOdRG4S4Y9_Oj%T6gH?e(cs-K~PqM?N^{D@C+%{U}q*c?5%Dvlw_=I7`mj9V-lQz z^~alfjiAyzAVX}9>`(&EHx1?#zE2^xEIH#4j--nED2aH}mLgb}e!c)OSXXw}FS}W> zK>qQtzab>opv<)kVYUx`IcK4djtHroff%n*hLsZ})0P8XEsz@TnZt3Y@61wBfWi!nsGCE(+ zt)bk{1&keS4_QWnH|TfcW)+v?B{b+(fH(|R{NuV>?T3l2x7@4^zm6xh;jU4j`A4{& zqI!v4#3T&Pad{d8KB79ya2+5f=OFcYybVJBELlU^uzQU^?zL#RIjLLjOzu2a^6*GQO#EruY5>)fPn3 zM@S~YL4U!Q!*r2cdT01YL)Gb1;nO@!U<_aeJVR=*Vfq_k`EQ)%ufKsnEJ%Pc*B^hs zO`nUcB9p*W7E%#MbAG@lvM*dFJ?p%aF;xGpB$?aNJ-(dT`iex&PA<#{^aodP)whQ- zcw5;_nne^@w&fbe*y();VO)_{(CP+DXKY`8bjX}=0xC7=vhQT^L@?}yT{%|| zBA2RcQ>Aw>3}nw5dh-G9cUMB(^M=&fK80M8RJ_-}vm`jk)mOokP`B|tFcYvTL*bz} z`qNU1G1$p#4JJaiP(Zsp=&dX74)nPWIZ+w-LoO;A3`cqI1x6(IOPnXQ-q@jjwSdkH zpr(GKxO5%G@9*dJ><@;eH^08VXUO_vPF!{MD`=OY#~hV?7ya%{;o*S zyP;7toeJ^!mwD4y7{3=-U?mh|=&Itw4*Kxb(@(!n>xes{quWC=cg(D<7qQ74eir>n zam95eXare6CN^zsL`~3rH(ssx7;~u#POroj+S^Rx>?XRo?-J${GGZhWQK_NovAv$tx`j18U+*R?+yC^|&zTxMo zb8oEkWUMIDp!6aIr_FaUmvgeJNgGy%GoggWJ*@CI3?a7bu(0iv2P^8s6eFs!%#e6s zXlPYwvD>3q*W0zif_zdo`rb;j`s2zzleVQ#G7e~vNv@(F@du#(f&AoS&DBligx;@-<|9*8oqNlI1M!#(CrS%w>;(iE?jY}cvyjd+wdr`&pOyc+)x>pA)H zDQ)ZI1(nqe6^OJ$;po(aO~B$zM+k|t10DU|u`ulCJ%7|lo%&X3VF2WZ2Xx2 zBwO^-Y^dk9H!q>Mb7KN(eG@TEOym_o0XFBk#<++FwQ5?I-R1XeZn!xpX-)5Y#N(xM zC@yFEOuUA%t2?&!bH3He(zS#GGQs2u9>nE(V(t0 zC=g$#f%WT(&M-gvzJ#3s)g|cT4rFAjrt>bwZ`JtX@>95w&p!ub3Ih88?IGi(3DETB zcd55-L5$8mXMikXqy0~ z*d9c+h0w474GhpBYq9-&^Y$W^oNhZ=0GnsIu6o#$s8fO1IT4wnn)!a=Kd-?y?9&TL z$$#O?=(rbHsqjK((S2*0MJ`8OnV*$qW2ieTti{eST3?w@Zp$hlc5uxNZ9{IbY;7@n zexa*I0tl93f!)6_+B@-v!2@jNWc>CSMa-}g3VKXE+~or@O1g9uvKXQ?qNI?V7FnI%1aqH+Q}30(e?fV^%- zwOYfwTXx->g?z3dDeLq25XeUkR#jNfK=Iva0jNDyzPCb#_2g0t77_H0;&j&KC>d@; z5c2{;w7?Y04>7f)$Gl84`~@6@Y3zf)NuxIUqiq4s5!IjIiO8nI_T(Zf1-N=6w7n%a zz9(epI|*iEZ3mbkCd+F%)N`woEVps^O;+)Z?UYB-!*yN*KkmF}s+T!enb;op@@oAJ zDld4ab;(n%Iz;bMhW}Xb-K%DQsvb>}BRwtTIF-)H8?^V=z-hl9mxrT zbNuVX!P}@% zZh@myGRYPBOy(D!!dg|P3&w-Iq{=8s?bct%eM}cDw<5+@?6h8RXI|Cq() z5z!Zj9ufzW$NSG$1I5fRRqtCeffvJ3G#lSh?`^aoc84EUzmvSf6~JO^a}W3& z8^WWQ!lB7w`*ydb+rVk~M?t6jd&7vR3<2AP;rmYQPTd{uGY)iH+H!Zo=sJxAl}!mO zi~|x*P1H0Y9P9C>@3eyK(mxR4h(lIi=H;$3_^hf;(}%$Vs3WwvnDfvL6?SNBc)T|> zb~Zwz4W<_d(sx-xk)STHodG`*@c}6%?*nZ6)Je3Gs=95m`I_s&$qjJF2kv^^Pr3X4g`AB!egK`A<+P3WJwp z<;%WiE&IZP>&I+$YdQg%ezyuM6o}1rypxxZ#c^`CPXx# z%+g3#Zc|TIYv3e)qM`SOQ1k;UVRHPUDaleg{!oQb(!+V~n`^?Wuw5`7DQ=%gqmc5K zyr_#{7)sVmilLS6ielx3aedTABznun+$f~WoZZU{)l zzafe0Mp;R=>U~c~d!wfTLk>ohUOegTPvhwaFesXF-qrYPwP$Qvpd=Z;@=SBkp{D$= z_eN%^l14W?;wp?Fg6kntnQ%6{7j;`Rzw1~$+`|Qa4#h{KNj=`1tw&mVP7suXX0!L% zaDY7C3~KV<%H3W8bnEWG@d3-b)_Wjc_J4Kns6#Q@3sf*@oQgGz%VgVC*%z}V<6mE7 zYkzSRpLOfDJDPPVF5nv+k$T}Y2Z!KmN!#?Y<`E-%WTF6GQeM3rof1D@!DRsQqv}Oa zC4geDr5UYB zhsxL-H#ASIk#$X4LzW**8l+v!Zq+-?IU!dy>ZoO7LR%s*W2jz6S;*RcSl!#4v!wV) z*=D)0Ns64Ffrc<*bG`LJ3R1Fi{QD*1_XJA?L+_PcP z6*XSZ9kc!Ox~><9Qz|4-8z^64g_xE%+m-k6F0$IWzd+`XqaxNb*ITS4sr9<4H@}j9q;|>6zOVx#NDSZL9r*f^r@hE;n-D$Tg6nBg5u4Yy; zcMbCho#%cCf|ViQ1n&7*4tK!khb2etQiki#h4K6^&C&lkcQf(>8(}uJ%zKspW)O_C zV=)YW@jOrl0V)|}F3JdCrK@{VDnJ)9`qZb7A42O?q8Gu?nkv{#qI+4%c!m2g6A`Aq z&XTYHYp7sre#6x1ML?6gqF-6~*#cy`Oztt+@g=Jr-puvChqu3~m~kyMn76Z&anbOv z5gJi~-gQXwsNS+kIOt0TO`3_0!ORuUz%!-tSpgy3Ujx2`|K~|WgMlS>*e!#5wKW6% zC;$2}{hrXj)6@UwmCN#n+8B3Qb+i94!oP<4*TuL2dd#*5%}4!zz4ZTcvDgYU!u(~p zx5ny-QI-bO%Z=l<8yxeldnjvf7XSr{3zHud7JoYB1-X zoLBul^+w!SYrRR)j0sEyC=w>%lV+w<(c5w}2E!ITW}Pa&L>ArD=>#F<2FW%;q7xp# z%A(t_?w+T=(?IPg zWDW~CpyYR6eKwOIG}LnQQMJW4Si8k{3R;+qg6FI{dEu_1eO(cK>waem(=3KlWoCv8 z-5X6&2f5|d^#tQ`R}NCF6B;EN4BMl{Wcceyg8c^LElppT{p5`GjoQ2~ zZ+emUv+7$*V!fd)3!^u@$iarTZrlGn^?`RE(ZM)Cvd`|X$1^T~^^nF)wcdHn6fMsE zU%A{zN`bCrNI3CQBYlx(aiSTZ7a*Q41&4d1``uKnt*h-;XyFWv(T%*Y!!^D4Xy!%z zyroiFV%asC7gM#)V>gXJ_RvddBz_C|OcKIW-5bQHpG_^NSI7p8!w)7|as0z=EgWJ1 zhOkbc4_B|F#eZBZkp@q_^mM58l#PY^6Z}2%YKrE(>3M|iD2 zlgYUQt7CKZlyi{JQcspU!%cI#jD!X`3C2S-Xl)X&UTX@PonQ^h9s0$Mnnr1Y2bWS& z<7ZXME899|dfWrXIqOn3Z`XVH!bcx(MYT!(e92)DTcrCY3&L5`aDvA&g^1#!9k z;gYw<5h-j4C#WwKAF1Yc8`wn?t7d4^I_%L(2Go({fZ91%b;ldRQa^pR*^w!f8pbhE zP4(HX+vd-gv`Xp8`9^cx@@iOuyqFTY4U$Mj+O;KDHLwgFiq8(!Ph{ zqcNwuXep)$7`?%ZrKud#ZhAJ%kC#Qv;;5y=r9$ClJWOcWp=CS^y4f%GZ75@q>P$CuHfQS~-jS}RpQ ze*yZ5x*|f0V9jU5;F}!KTeMmmyk_-nrm6bCCw@Qho6t>&5T__qC%OYT%UZu2Mr?i4 z_!Sv-MYzZUx{GN+bD3U`*67v}&!zD}z5R>okrTpGcVE6Q$D{k*1({y7xJKHQ(q+hG96@3n*F%rwRXgxf0JbB|8&l^ zRZwodwUo{9$yC!`%?#~SpZ4>uz9$H`fUC76(-B49$Z_w%EZ^fFR?}5m4c>jttp6i% z{T<)Y;q~&47QMUOMgFAxi%n6&f*qqBCK%B*Fw^;QZwCCW$_Y6@%+Sd7jMthmuv$v3 z*!j_O9Nc17^&I6<{uUrY9&4eZgxfcp$Ti$tV z!|Qgu>gjd3xcPN}XGqOt`*gyTXcq+zEadS#_$Y}8K*qtd}JQtOERH65V+R-8A`q0o{-%2rdDrbo+@(?T+D z-{KL1#q<^J4H1i;A(GV8H-}B`PkxxNywox$50Ye=?5P6OvTMnUMp$s-3(x$gtvB0w zY*H`YU)?+{S%?%ydtWzf%Htnw-6|))5+6bdk6fWWRSMXjK6!o9^IHpG;dgQTzY{1U z%|DyG$A@&kms}u+Lbl!&oc{Y$m-PaTcBo1k(0HRig`q-66hf;eQ>a}b>+Y3lN9#aR}zpiv)AM@ zsyezGYMJ@;9#~p5?z6Ya&+JK)ozgfn;p-s$WnRk+lDnpZmdidgAIl%s8X~MlM}Q{q z)E(5!EGMfgh2}l;kU2Yxz&6!0S7o>2lqplM6Dkah@5EAB*C0Mn{Y<)?S-3Ls~XdHAG@5iGd%5%Zh7|=zC zW6Pi19du|#!vQ;15Y>s8SD+i7M>VgxHoiY=^-JTa(8fC4*0m4CNAlB&47IdO%=!Cp z#aAKPObBpod;QR?vqt(Go)fWTHn`dZX){T40m059!9Fgbhpn&-!mljP^3hAw)kao9 z&m@_lFFWKu@9Ru~=7utqO2*Z0u zrotREavpXz-rZh!-knY4=5!FL))NEibs2`8KEhvS`JlF}3SDF;=twlfKg`*D9e~%u z&E#mB``l+b@onB;=0%^}9ex_^#*i~dJ*~UDWx%SbHzSShLNc_Ikq9c7?2|&Mv*^9# zz1JRqGs`b;4su&o=P?P(h==8Be+o%63Al%tIa%%{K(UYR*~pKYFHm|Yz#rX@1R-N; zqJ>XY!Uks*3-bf~h9C@;H8rSyKs+K|`j)EXiqd^lm7(aQw~sZPjU>3K^~0Hcm{k7W zM;&~uOX}MBXU(8O0`+SE%&CCN%S<5pNxmygBOM%7a;J&g!4ltoi8cod5tTPm28f=s zS+ppJ&#g@uW_>sYZ)8#5`JWC=%00S+*F2DuI4E=qCBLB?8hh55iW+oLx>x#LRGV)2 zV$NehQMKOpXc2HEQ3Hf9Je(8oRucKyEV+3cj8R6T$dQ*j3?mw9422H@ifgx9j#`eo zo)>HyuCldq@`mu5q>T3V=)-+OiT#xfRk8!H*@w?m=cs|7(l(qT&Z++Te^39v z6HQ*zp=)CSqKUsYwRnCkh-%4L(QA2lk@#GyT*OOv{;ztO4>do$(%Fi@n+2S?5wpv! zZu^GjdqKl}D%3=gF^_0b?x6<69eWCt2MqN-*~3&{3-&LSMI(s<&cBiat)-dFoRsrm z>vbustPFXfm2+aM326+?EY@*5az^@v^tw`%s?Fuw(^|v>KjK3^`Ylr5g*-27VBANO z8RKuC{%Dfos0{;A1m9XPh8@SCZMc|N>p_rCbRVLvfYL=F43T8eGHurtj#2)Z{)MGeoeG4Ul3N($+l-kcO+z6{9*$yKGujoPNB;r zw@Zjh<+G7G13(uPiWa2_y)A!jYaMao?oU*g`TOjV41lr7iYOUA8>;tOg1Bu(Pd*UA zbEQnwoq*50qR~umcf#a;3mV)$7I4rT{1Z{RLWG0*DVI*bns2AEKHDouS9|!w8NIsN zH}Bfxh<`|-e|Mo+w;D+BnVvG9`3LrH!R4dlU-tOD@%)cO=f6tH8_JO< ze=nKr5+Wl9!`>Z919`%?y&I;W)M@DCYnX;Uz-?zV3JR+we+^>A35~aVMHm_~%0sBO zrr9dt%$+3ht>eg9u3|6VAf>7r=W)F(-wtqfY)URfsdq6r-$ zG`+{OUupHP%C1zk`%G|!J}|=5f{61Ags3=t^Fd1#)xl2-Kc~rV`qNH@V4E?YOGtxS zSnCC~u$&{-g|sD{P4g(I5E|2lBr+bA{?N|ldguPSl9Zj04`s|19<8fjiN@m9S2r7O zW=kmtGrb-HIx_gS>u=Q1WD*3E_;y226%!aq+=LG|2Bzqi~6rB^M73w11<$-O{>+*{)PbpE5)<* z>fr&yF-l&Id+s3*sJu0Nj>qFmQW>AV=C>Hg%w1t%_n%Ep=CQNU8J(>+gan&BZSqY4 zrF76(rvubVs|>gD!rBxez!Hgyc!&rXw}{>tL7Qu_1<@68xxMk2$0eq)wmpdN0pqyh zasBiRAvAzqhEj6m4#^X#5>xJBINp2S3x%3Cuk-*rN){(`#2dFSc#xc$sicb#)dr@(5`u&zPopy*>|9dc=iD5fhR`hFQ)B zG_9xdK~=jUsk#X}a)D1(YntLv{7L<=i(ikNshx%QF8j%-CJ)eHY#TV3%jX1W?Im(C zmN};9QoE1iOg5BSKClwok`gjQ20B4|x@38!|H@H%AR2w3z-(e92>2V) zHN_4&rW8i4@Hw`98w$v}Sq|RF(kxoK&%U@QIm|w6g|^z%L@hJI)WUS)xzIcIl= zk^jYx;RqM*gsaNo3T^0XY-S%4!|c;xeD23SG;#UQQa(kP5iEYxp|h@xoq9Ok4R%Pf zX5BSc2s2cZRS$^kShnnMMYB|VMw3}_BH6+XFKSwW#&>7s@{c43zp^yoAF z9Jhn$JW&`#A5eL{?=&h$2R5EZy!je5RW|dfN6|niKvq|cpXROHnSwA@{B>5akely% z25g6)ir?9cu$*q&Ygwc+fUP}gBShn8Mwt3XqNnNIrlN~9r?XFjXJi?MuP+X=5Kc?U z!7EPvO!!;Atny3i)8Q!4oQy~uZR*W?Kx5SkUxB|gA5mn#x7SCR2=dr*WvN%K#r<23q4zEw6cQj*3B4mlI*3SbHiU$l&^tn?QlxiK zq*tktUZqM6H9)xA`e!pa9zBMtf-KpUO@75cauU=c(W5`8O=Cg2wp?jg0LK}bZE>&Uw^xU9 zflQGZR;=F~*0A&l3tC3x^rOX}lu!)u`#WKtTT`7^y47IH$KU8{$SJo@b}x=^ECn*2 zHdKIEj`b_~P=|AX(K0= z<2e#tq=%3&FiuDrE~4CRl}}`!V@%5)H+Tv@8_oANe&eQJ>`tA7GX=Q?gd8d5R*sy$ z1$Kdgk59@%_8yaspi`g8PG5yRE&UiQ%B%!Wr(>&DHr}T8TWAK%=%8;vo^VN9Ia3&W z#UP)3%4wg(B-THIY_&i|bU?QGCwcf2m#nTGF_!rW{@V0+vS-I2ebQnd;-^`!){k=% z%n;8|JMM90sdyi~wUoV+Hwumrl<;+TrZf@rNAtAhzN(O_k(DIdboddD?h$U^(*FoI z^KwKzyDV$jr`o%z&^B7)lgo;<_Hj~|InGAyNL-Q3cBrWYi1O?GZ%FrNLVPJ<&pNUE zK*|yC!3&Z03EK=helE&|uQ;n`m=aT~X8cJv!^$7bA5bp@N)w#dP}jYawv-#;oV4{C zZX2`&x{%-_gW^&h;dpT)*Kcgya|(AS<$Mn(L0fJqHd8?v6vr!l2AHFXojzOGif~~=xkpqAxOVgtg`!p zIBnuXb3w{JD>OqWp@7%wNJ`{_|_jkv2+w6C}Q&H6ioF75>k~s7UqK z_;8~7JoiHBl=)uJLHQLt)e~9gKQttA1h09D%CE4sk~{@(Om5Z82?lz$X>qCmd!7=l zSiprtUj}j#e|xmF(Rq(HMZ`XyaCosDvR_qOubc~g!CJ;L@y>rZ1XNI9wM?y5NMXJA z0w%W^_5LS&_~;_-rOUjpwV?z!b->oJy@fkEm#FY1Z$Lrubv6+RF2~xXWO7utMr)x zoBVT~5CblrgOFF~=i#Y6okU&!eP^JE6gg&hYDy)R7j&!;Clw2(*Y2jS?zLk>b8Iu3x1BDG?BQ%YOt`{U|sxU}L>4WSr* z3c>T&EUxy!Iv66$Ebk;@Y?iqSQ$njFIrAiSAV-k&AtFW9{&|X zprfE#;zfd^yZI=v9o#qw4sX5d@ARjT3E&C;^Xn7MZ@1^iqHA0Kobob@NFOZ@WXSOY zEkx-o?A~J4+*_=5F24Nfe>8izuz~w#cnOK#f zk46Bw{gm=zP28|N`B<0}s|q!8`ia&T-dK6D+tqPj*X!HKJi6+KR}92M;xKEOmDSv< zu<7Sjj-uljL{0vXgR@GVr@AvD1?SAm@@kY<9WSK2%}$nRcPhVbJSjxd4shF*nVEdM`Rt--2GyMxxzB@T4l>-2e63 zf+Bj00AjN7wGi{7nbF8+EC!JFUy2a`WOjV`?|jbao#Fpq|MD*RqZ3dH$7aQOf6cuK z;}Y+kd6UkwRtf+ z?~vE@fmVj<4TUMdnTU@m)C3}LxFQDqVbdFbkx7>5abC(C0Y{WzG9MeAh1-wlDe4B< z=C|L$ysr`n!QFYlmMh$RE;KW8DLQu;+b7 zMM-l?1DD@gLN*CBOTYYiA^sW!zpm2-K*ux&&IOgu{_%E?^l$G-_KDmiJbKz{=WD2y z&hALHEkY36rsd*=ItAqjo%RIXA_Jyp{i*j`8g{4i^_mn%^R={*pTled^ueaxnz+}Uj?)I&jsv2q)oLKBH@_BI_2hKR&0nNl94u+HQYyRX~{)9K0kC?g`?clv3#Lo57r zouDSaHMLDJ?$I9Q(U(Jt67!NJf4-W2fYBB&JzWvR){O#^_<<2kn?2vl8LyEfpvcZW z<>e=FXDuDH%9Z#GDKGKuPhJ;w>qN5r>A`T394ie<@>a_Ckw|kRM zR{XRd54JbBwxsdd1LYSf|6X4J^- zW8PBQthyQE_H50t00?-%$;{tRk@55N=d_>8f`sMk6&odY78zCyyZu<4`&#bFplaN( z`ClG9;F`~eFn-!F9|{a5ozDCFaXNoR82tzsa*@C6xg+KF!oT~bGz;nz=pJ$T9&V(8 zw;JoPmH=&CW`QTj2{0oGMc z;?v&MQ|wB+6pih22!kSTL>lX}DjHFkahub2%26YiGL5i{tkM)sp8_`98Io37C@Cwf zwDPs_)+);N&KuHVY1~rO((uO;grjSd=*^K+^MJSxOWG3iI>oA-($-TZ#K(_xjuyOO zZH>v}p%i?@0>p{KO6k;_mL(Je6%P%5Jgf_(Y~Ellg&%KhM9DtWNFw`{uVQjh(~?uS z`#U4?nE0W&ULd0tX%@H;>yXLM`4h-D*U~;_zHQ{a+mo|wyWwv7v;noX(CH1t$wZaD z+`&?l-YOl$EZ3i>pY<>KCwNvqwmV)MV&2%iO;Y5FJ6InA^cp}^Xj*oBdR_rwrBLU! zGb;la4<@YWiI=vz{p$*tdF9?ewCtLh%4?$blPvJ^7)@!mhZ}W}^Yy3%&Yojwh^mH( zGe8-6XgD>@+${*yn!Hi#A5J47wC%n2f#pM_#B%h@yQHbinsPLvh4~sU+#;<(IqsMe zL6z2+VYF5@u=r~d?uRfdqJ0Cu-DN`T_FX(_LAGITe0|>z6xQwP$FmRkWiI_q0{7a7 z09{_+(%k{;WsAcxzf{L&%bIh8u2EFkZql`vmto~Povu!!=WI*0FzKbH`fi(oUrTUHV#Z)u2|BFPE19zr@L2bD!PWi7HLGDX zw5*-Vn2>Z*`yjP{)V;cwuL0d<-mwXEN(15(w)8;U`giLXb=Ugcp_cgJ3bhId?@x5x>}o&GMY77c?L{I0g2zcTt86K?hp2 zxy=nKyO9agO{YLNGwsoLuet94yosXq!;a}&?cU}`<3iKGBb2kN!?F3^C9+p6cImpL74v{CFmzZGGEshpwLzDq&!?6R`UQdUqBukyxK( zE976Ss=vjG5`(ajL(V2_hrG_VV!lBr$`#uj6(Eip+LN;*L8rZs3Y%HAy3UiKRNDY< zRMsDF+>uA-WzO+JGUs(X3s@Y8|43mPs@-|@+mJG*@pRHr5cigN5g@~3EZ*JU_iA~2 z7opBd#I8zV=G9I)1a`LN7Jbgz-BB?pCwKGs%b*PPpel(c`3UL8lEq9XmC>BDzByeO zNxIRE{ffrzUW{;;uwlcTk0RU`5=cHVa3-?VuLc$%t-n*%Dfp(UItxu&g63ft^8R{9 zOl|Sr2LwefFY;@b)yCRe&x52*=+|&3#a*)3y;54cpR!F$Qlx!ekky$CCU(s|>rc)R zlpVnie^3ZvNk=wNbga%+P^FuL{F8#H+KS+V3>&w9pK_{DH(K(;(E;WT36`ZzM=DD~ zN?GT~_OwGtXw-q8pHwPtWf&A`_JV)lZQNdUICDnNr-i`#lK-pmasA! zEjH$dNOB#C6q9JBs@CoQSOlzimPESyXvmBj1J8hVU^hU-&{B6W%wn?>yC!oqs-4}L zo5Hp?)vTV9$lUF>ORChCix?>4Hhee_P~-wPKMs+V^K%x~RKUi`Zc6V0Kw$YC{$UBw zEna)^eZ2!EiireJC1IDLk6C8iW zN1d~`e^)TEG6bQJ1DBj0$h!T=EuAu_qzwuE^Q`848wcdZ1B@#P#x&5UPls?h0U^+I z0vK~pQyQw&8yz*}Fve`EpaL@2+N1!Vkqwm>hp~(eM&&0n3tzJvSTJm;B=n0}`Jw#F z#?|zbB#X8e)?LFzlOR&Vpz?esXf^GNT;F@;@ie9nbtCkCZ3!s* z1oIcrRL<8XTJGO<<#`f}He&KILC{ZC(M67>Ym2HBZs%~2iA$vGtMF{suW|=dP8*{EE~#8sW}$g#+2Nfp-%K%f`0iOfy$c`Pxd1??6Y#tQ2T~F zllJGfqSV7Sm$-uwtI%Z&*8YUGwG_%=)eVPXbLx0nufFNblo6+xS&0nh0O1$A98H(H z?&-N_FeNL~eC2sF)F$zCfER5sk>&PKSzaoto;~ZH9>#9^X|mVVn@XUB3F=yo*@ov- zj>m$74;Eu82SY6g*8m%(c(A}U$)`}`@hEh_W^oM+VGZ6q1R9-TwGqwvkK~k%L0+!W zI+u%K{8@lgAoPTcGyHQC)Q^=IBdk`*7cdmBywK2|7~l=xhum|Qu>$lxH#pVn?MswK znV)Bj?A&o@l1~^NIM9^BS(_EvFkb|Iv!!YUb7-HSep_-b;3pMvo)o$1aD=z{-ONP6 zywd98PweZ@t@U4^!AJ5>SIpAje@iHOI9?a(7Un902^mS@+qus5!3hSdH5(%v*aT#n6g}2Z-WuJd#&-X`vXX(>~Y3r zn;m@f2;pnf9}vrT;t%1dC>5GsXq%RW5k3Urp5%N^&*#vAJ&KAsFF{H1DeUa_{JfQy zw)0?>v#0E-`T}Ziz!u$!~@iLFV0Ek^mLdWrtz7?ZMftIoKywR|Ku}k`lQwNw9%+A@)*dKf3M@j6j z2tlpU`=i>L9p5!OI?j_aR1MVCNFzrv#m2^@Z|$@oH}tu1tD5lz1u(%pU>L)z5%GOP z&5%QH{q}5!a1%Y{m)oCu`LxuBS|~tzoVqOa9DO!*lkV4G@%g&5EvPFBW?P(a-)5Nf zF;KyMe|EN&oj|z3a#IBN*mGsibyT)F1X|s6fZN=wZkxESvef|d6l7>pKAuwXs~4h@ z4}Y_!kWV&o`vJ~6%Ip@<@1CSz*e8crO_d#PxpgsJK(sXQYou^c_a)hxp$+_Wmn(awzPs6 z9?v`tIoa9?OnA5CAE7Q+$_?{)54+ZqZKr)?mCiJw8Wg%^QW$yzR9-*ctPCqJq8yJ& z+C7ie+joB~73p)GW177rj}eLd1YQThCO#&t&I6h&&4Oh3^ba40qR~Y!E}FE~D&-k^ z8DADSAjn%5B1m!*Hy4-d$fjTK#df*HW6qlerY+EoOjXkHrXC?M@jCUz;(>^4foQbFTy>daRYa$bNZPnwS}& zsTHTpk5hQ(c-gA{k- ze>!Kc^(nPGl+@bXjL5Xf(?4Q;#xTE!m}I?`h`0ah*KP?tO-j_)o*JQSI?K1V7QWfV za*g%6x$eO(X(t^uKS$Gn!HkpvDbsm8THMivQ!tbVe3$vh&NuqD1B|Y_um879Z^%%Q zy685{bfgmKGl(-q-}i94&tVu&hSXr9Nste~6I>lM#nW{iHm-VhS+F=ncCa=H4_;f3 zBmHvb7-e@v5(xH_tT^Ty`b;soJ3SP6;qSwy$W@+vu!gqC6>v#cTCiQ|m070cPuD`b zWdOp|*XfSKawE@DwN#;8u z{%?>NFgRX=GdZl=1^z}uei=p)MIbGt7elixjc?8y<2_@J9y{On+ZqD|jvI0+!VOPp z1wYx4C3k@&vMGYUJBH1YJ;}(`WoAi$8fek`t$h$b=wh~VgifVTDtXms(N}ywR}u1x zhfR~2hRuU+c}BMJ+N2+urWMHOL&f~ROxUsu)_*+OgPad{h7HO-Fy|of=u+ixH$%Dn zvM)hdcyW~9DCjzJ>1gn z!`CZiyo80*i*m6Q1c}eOpKa}Fcbg8&AFoe|<=Q*foFA4Ja1R@K>D619{e<_Keb%Nd zFgB_)-`wG1`mSz|P=X3X#xs_F@QKuQ*m`W)(NqhzuLJVy;J}`wcl~7!M>B60kiVpH zP+!1aJN44j3&Co@u5mr8^Ze<+U&Q`=C-dhZKT_qNtOz^Yey=^*=j^4`ybQ{Qt!CSU zDUT4lCoN{vZkVfk-xQ8J&HQ%AMGG;}^SV6-7g5W7KYH~;H9I0Bd-1zckPtpyYbL)W zJ{7IVF6&!o*?dpxjjUO0K16b>$}&|@sT{zRucl>@va(Nv#AAjn*WaV9c7~~njXQf0 zia9TbS{M`^F133!$eI|qPCu>k=Y2UDGnUAWn<+Z`iHfi5lD>OQO zk3uW2#ReK>P}^%5sUf=5Ku`AXFqvtd<&d%ZMI8;uJVG7NLNI2m>kSpwv+kNQlw#9v zN(Z{=J%VB@8^Sz%lY)-mQ14IIzQFd-l_7>8T3$+--bC;dFB0mG#G=YEVHU)cW5k0> zR|bCNaacVR7Wrh^h3{vt--%!+Np&)q=MX)_w&Rits#I>HfO0GyBCm&W&i~3!~%5R{kl0(f1c{&eFwa=c8q;E!7 z6Pa&Jge3Sp?-T99ps*IQK78Ry%iBj}o#)N?i=80NGa});En?x=vUL671ehE2|1pi7?A;V6IO(+ACjG1Vt67Plm*x3`hxrU| zZ?up!)%+w6YWNXp$1@>fv$0%zQEfczsQy*dc@n%|Q~hqdm8CoyHp40a-IG?(%BecM z@g>Pu$!;vx0@UMq^Nm{PsQOTIMQEP`nPC`9pIw-MA|bOpToQr@c|$++9zIwnj&vWp z#G*_?$LJ9~sm01_XlLP^^z@R@E(zRpooWKhcSXCPDLw?+MngO9ZgQC|7Y$0M%buRh zqA$CUkY=be{0n_sEGHuN9PHi|yk?`~(NF#KeHSFw=4of6;~MR?FN%^*<6pchC^=PP zw-YvE*5+|!W1+eoig?eTqnw9I%Yvxd57yHpIS-y`gty;oj7BI+WtCtJ(kjPmSc2By zD$hX?p2e(3)3;&Q$Yo}9j$bmvpN=arq^1zm@2gh`?@cpoU>n)Qmb#BiCa2h$hF`olL8=+1u=H#kBGPitmjq_6xj`$SVj;859c zVPoz0!klw?_8H`Cgcuqy)iL=VT`EI*Sra7!H&v?ZM5algL5&qwNeeY?xaw`uci6~l~1 z1UGr5J8iw)=+5^gW(zb2c_VJAxG3l@xVgZ}OLpCX@8&OPC((1lGyL24J4b)$r*mWW z&R$(v^%-O}-yxb;`I&#hO<0z4 zo<pln?5=Vzq29yF#~@D96l= zj50J?XS}J6c9A%QwoojyUF0>7z8|D0G4{E$HJV;WZrFDiY{l%QZu@Zr9QE;E(VsRX`$nXVvvOJi%LOk{Mz;H)cexywB~2BWoINRL zu4YN=M}ECIUg+tw6%LuI)cC#`*D-Dq^L<>Rr2F^vH%lT3i+gKff%!_;u~|{_E++c% zw>Nu#G|-Mzf1=B%SPs6!+Omq%G2G4G#kDR?qpeLBR{i^=__x)&-A>dF9uD#j!kRlz zX*!-p`m-IroHZAZ+WEHu{CezHJMci8=wCZ;oA4{cp?sqsr&V;Tsj5 zy!&>C*KGExa7m>(_f~IBQPL+!=e_4tss7Y5+H6o6kboP*=|JKOf~~0O6B^kv6pE0M z_07xtXX~KvBnzW4@pUiUjGnEe{pQ9?cDF3~%uxGsR2$X+8#j2Vr!`F0BU%;Z#5End zxK|q~!Bkto?VM(URlg`*H!0+&DO#Y z*(vt<>tC#{e-PoVcAJI0V=?)O4NgH0$Vy28KE%j0a{J-~&a36GEB}ALFem4j%-q@> z{M$g_-}X{}9S0l+cwY6cMPUDdq0VQVG$H(aJ)7>>E2Z9bDvHa#{rMKpM zxAuSZzSRfXrJKum17OX?Gh&{LF@OK`|AiH??J|>ox`IbO^1Juf2V#i7l2r}MQPHY$ zs4^&j3C;8%{nDGjZ|rQ53M3=(n^6E1e)ugQFoLQnIHKUANsdaPQKQ|EFY{~Ru*<50 zXY`kw5)`t;viLosW!q@di{H<^r)5z8G5!2W)By9)V?ggPQyXO#{Kwlx7=XoBp1yW_ zrE_g4yG1xGS3Lz>Y~;c6h8p1U!|C*No^MoGwjV^kD$HE6QBA;S3OP8Fq;peHn&t&w zaPX&BzbM)1UlMeHBF*pV*UyaJ&_T6>lspFk{!-mQO8JdOrT`d)EMkbCICl`deZjx^~Q} zP$#=9m~cCQGCs}`UG9AsP+vs$=zi?* z-&>-OZOq-p`KO*OxKo-+IV^X*L|D&mNqU-azSg$ci}F{0dg((a!YMs~p)}Lp_Xo)5 zR#|M-Wv`dDUHY7*%#?PXMntYJn@_y^#j!+7Bc35^XLv=zsv|t#u;Q5!v6W`ZL*8ct zsY&BqJJ$y1e@;}qwf$I_POLgV%uzq^-yaYJVDoSW{rdqN0q#B}w;n>!ssk`gHzfg@ z$itX`HV&Zz*STgv@7>JAvoU>c$o(zoS>wb?6VRhO7_O}$%lGhmW-;M@Yravjk-xYl zcyTD(cJRdd=XY=S(R_-4dY_QHLj~@u6iM~g-KbFpm_tF<8`5tFy@LBx_KF*8h|!N? zlf1);joKk?DiF-_=&@9O#cIT?X_5QpXVzrEs=cpKdq34cTNiSdyuD9w)liBjQI5x3i{w=K*rvT` zIABOxNWWwuFn&3f504D`6nTnWW!IQ)0LU^306SQs#cerzDxy~h4)z5P>z*8|A6C94 zU)sAy6!~%8a7o5o^#QK$0;bu0kxP6n12Y=wTk^rxtjX^_0j8`rp~ zC5v!E4&58O*-}_IrCp|L^Rrjoo$KU$`UC$~{=L5Job~xUp{wiaX9L8vG*QDCnMiz* zvyf!QTT~Qy5JzT~&f_m+2oXxKPHdzO={jT6y8{(pg7qf$n4JL6XT)MLgjo!n+I z+jXlyJ=5L!lIEmsi~rPa{+i@IH33!^vt}jlR{z@L?p{8&NLwy6ZO{PRGz0=Y+cmQ< zx6i<(W=%^aQkNvzEN;E=*nt*-yXUQs?Zx)>9e5NY?~z8y9-EM%+35qlB_C=c;f60F zW|if@*Mm6R;#BiA(ooi^BEBzq;{5w^{G#ZgW+1mtN_4^YH^Aw;KZMo|e7*%|U!3zb z_1SBG{fd4ce^%$?yYuaX0$G=YWc9AaNJoTKN0FgDwN{0x2>q&d^(gY2<4}nyPt21( z0?PX#S0IgAN7G(&c4&NbqdTQN4rvygQ(;}3*;cu?WCevji1gZ=m4R%V1#VTjbs?2H zSm!PS8v#S(GWWS=&a{`oWKUI1JFNZN+!v&ctDL$Q*7$A)b_Jfb8<#dG%eEXJO?`3b zbEdcxzDuXOGJP-Q<6zOTTkf%oFR zA`zaLGC1(t;~VW{5FNR^vx>A524d3ZPD#s>1aXcbmBr>Qfs;$wj= z((a#22D5|BJc*>mx9 zE&9iAzg3g&QAGamaSJcIE4}*}h&h7zhQ1BF8*}0csGy$T1!lU4_4^%>``m>`*KZ7+ui|) zH1Rfveze!lZ4*r}r`N}C=np+<-LNOz{z`m9#VM-k2*ID>^K5invKsLERykkDP03Q< z92Ycn<~uzd%>E@p3D_8|#f}?~Km&g~m-qek z5Q#jDNCqE`oDzfZZ`Kxk;0e%q=&or&nz`KB&+h?)GTQHUv6nb~Y5%!^*Vfw~%QVL% z#$#U6vKh)e>AM@9FMW`oZMmA}iEz#EGNW-nng0TpT6{>oOt*^AkyFa@UJbmkd`-B0 z6-Xr4&Qn+2_bK3F&gIu_xl_rvr*J$?{xvS$H@$71)BM8WXK7hW#VQ z5M=1lG(7Nq2wTdAQ$K@%e68nDYIJ6o7RYK<*^=B@#=Oy}${{W{HiwT`it)AI;RYpI zH@(mg&SAFfECsg`FK2)wLLs+SFVH6GfRF%HQtVL*O1iN|GngpI9P#Bl*pV4M5yGQ5 z`l9rIb8p6=J--dvTwbehavsr5CLd+%ucN)vvvz)SS7dW{NhRO(Vt)HzbKxzunK#q> zjdZ#BS67GqNm^*b-7krh~3|;_tflZ!VVoRYCmYg@xZQF=dnae~2k9DsJj< zxV^-#@Wc=I}> zDsa8mJTj0hPCG8XIu1mouVP2%alSWXMw)wvW#X>h=w<@zw`f>Ubdgi8BsxQOzji4r zm<2uUBE9$tGKY%kwqFF=U+ZA47lML8|j4WwNutH~AKn9osoA7`pnBdP z(VZzj9LN|u44R*M^1nwdw`MUUBzK(RFS!MkgM>PzAMqxHNDjkBpr`xvnBA+j^nVp+gxJ>&5Gv9`#=fT48d12I5j2>pRq z=~sWpkBJq8-?dGzwB@_}_LZn>%B5b+z22eYY02P5!#Dk*g;6CH?dW%B+X=H+;#;U*?(?1X6^rVL9BSCW~)w z4>*36Ih~(etQyL)uQ(aHyf8;;f`iio`vmt;StLj`iGE%fGH*5Xpy{aaV^%VYJ$H9S z1x3!;@Mfu!6uf{QfL<&Fu z)+!Y3ECv+^xlwb%;(gsI+)hQI{Ry+a+_<&x$AN%@gN?C%xoh@jzMer%vw&3@l^{V$ z0&SBTS5LuQ5*3_Atn+iOeqM-Cm1|`6+mwc!vvRT2u-eCR=N0>1_ zKIJ!ks{lAnxag0%2Xqf9cr@j5r0vp}@(--%0ZseFp^oHb6A;vXk^5i-zW(8k&$2$CV0}+66$B^Mj%sb0@0M*+AL$R&`=cxdJ_$eS&Wq0R^I8d*Z|ot9I~6X zU??~>GF;cr4Wpf>1kLqbBKMDMt_O)9^>R zLG&E2Sh1itiTTe~G$;guiEM5SC&`LyJOI6i6R_cu>@1sA!A#6;*weiC|H?f)QTa?z zOA##g*L>I`^%~aBO>V;VR#nsCt4vOaP6O)Q@JEy$I*2W6k1ppfA1|3MMcat{&HNoz z2Qy}$2BWiF7O)GRcY`)k>p!&GHeAK$U=-&;Ry_1kIh zMyy;sAuV^OSdh{mj=awoUzy#Q+oiL-c^r6 zqlg~_$SfX+OxZ$`+1EdT3Hu9hv99S*dEVMMw`PVR~#bZ(Z#iQwUh5 zKgRQy%JkfTGdl(P9e;2`PT7%!Uq8TFh_sE!SjGLO`oLSF;TE}5>r{W-`g&?82tuSc zUL{X6hXn)~hi~DoY}bUc(g{ZoLabXn=08)o^~cd=R<<^Z>7qACa(K6Uk^$SO(TCSa z>v##D$2Wj~l=sW%RDWWSP$Lw`qFfKVlFO)utWwrVB$x0@wia7YUcY^+YGecQYAN=s zH*N5=S2vq{F>nwOo)bhb`CXs%dtR8=Gj$5VGk1g?3m+D+>ojnAB!HQ3wB>q&ni z2TroTNwbyKdlagY75fcD95jV;fv$7waG=BsQIb5H(qWjQ$Z@j3F4kpzdt_?Q8xcns z>{>-S-?cgjlL`gA%eRckx|$(q?ZdqfL=)RaPO*bX%u-Z3>Vm~xpBF?@lka(_#`U`WS3$;(8oQ<4i^kiJZCk`-6}D< zoiMDjA2GoflbS8y1rsDk_MWST;Rau9VT`g9Ifg%0dGf8g?RT@^aAeaisXtjfc%eT2S+e)-8jOuoZE=leHUmx?RU)$Tz^1yieoC|{KC1qIO?sNrDx@K^x0fK=b(>$M*%s>+f}iMYEcj~R z&z7826+}8ntBR>z_D<&}ZEiGBy|>q&>Zjbbs=Of0hv9Yac0c^nvFvXh!~fji&ys-A zQ1jm~jORUqP3xbN1_FNN`I>g0=&emsZb}H^)=T}=u418x$#u> z9y-gu<)eoOH z3*nC7A3l_YMY3neea*2&CYM<7YiI zXCz(Ejv9A>Tw%8_6l~#n*rJQr9722pKLN~DKV|d8qFKv!jy;+~N9XW3%#b{3>hqX8 zY6Nv3#AkwzXWU9)iaUiwW44vKPTFJZACzZ~RkBJy7DVw}Uog=fMq+z};$y$jvG5io z{9s>Azn1^|Q?gm2l?SY0n)(jw0WAD^ju!?j;@o7+@KW5m=8_{|qSSEr9!Uk|;~C@C zNoB{&yAPzr<2NKfv)@!2n@hgthFAuNf?y9EHNfB4%1X~72r~LYaZXr`54=L2=wY)R zAa|A%LG=Ogid6(QP5j5Zp0skVDE)d6hyY=@M?Yex!OD! zymykini4faeF5y`(*@lY+eX=sWjTut84^9g_U?C1@8139ae^A}R0Qwj61jr~u`c;L z1an_fZzX%4nqXVxgMq4RnOyR=LXRb*r=G3y5s z!0MgMP+Ds}C66-;DWtmjLE~E(MW>ju_b}c7(hhQkLjChVs+`Bu9{Q;#aiwhqw&_X3 zi?civXRgJYlcrjc$J{@*n8-d$9dA-AZM6i6#8GTHXFHnqpWwf<9SYghXQ_$l!6dgH zxQ4qRSaRo5s&WO(k7%|Yl)77*KD~wVFK_!{na1yK88F)N8nj_Ij1K*-V!k>OFpCHsr9JHE3>FG*_lP zafi!Yks!*8*A@NOoOtwXIX;vXxQGhCdYzB?cP2Gw9{<5J~XXZRV# zox#n@qd61@qlOlPQgQiSKqZ#766u=g;;~Fm#%rna$ZRH-+ zX0tw;z!+#DB1CGCh;UwGUzN-|+Q|#$IU&odw2<_HXoKFINbsgSw7NV80Bt!{P#1KS z@%-!XJZQ33bXV}wZ1%wryNVtDN%?_fPP)qnAN2$@{^K~0?EL&&Z3-Tcl#5D06Irs;9LLEW-Brb`aTgu)n!?^So&M z`AXxx1V4mZelJaDky4+JknR7d8-63_VENplY27Zq6fQihpnmmG>dIxw-VW1ceC@%xh>#ZunTzf;W$mBTTm>OoP5TBBS6OnMV@ zkRc?+_^wTa&c(KPcL;(XxPxFxYsv#D^~&PY1#mbXB+ z3o#33c8EdJUe&(TmuNm1L7&cDrbxlQv@Bn^2_bWi4ODrmF1c)mc*GX>(7lAsUWvxG zV=PjKJqI>ko66iMt^`s^Q66o|>asc!(DPk<;>>XXdAaXDR?G{>7+R)=KEn(2;(bu> zonO-Th1fX{G{k&oKK!nT))v>(2EBm4W0;!0ahm+3v>C?69JRg*SE7esuz-kR=*=M& z{=R#F;etD=W%`E6?L<^_GKXu)ZI9{@f>OX5HJ5s|OPVzQr)|3bvlK5h*Hmz)-P`9O z{1~DM6;t}?N2##yn#=rK`I@GiV>j@LjIBBEKGESH4o+RLrHC;w9%@OJ# zyVd4QVwh3Xx36SiYT@ey)c5-Zw>4K(Oj!gl8C}b#_4?6GK&I(GZ|$G;C~#kkG&A4e z=c~5)-8OfQ^9TseNyFr%B?xM-AjJLFA53&(9gI9wI*Gtbr|azjXa{Twq@<+!hyL~4ugQG2ficbUJh{Iz7)aXJ*i^K zkIqL!3_`+C)tfVx;N%U)>S*gqhy{~hfx^Y~d#?^Fxx?tBaMRaiRT)P@=JwOl#5f4S zs_%iIcEJnk!b>(X$3vFmL~5H%d5?O(7>0Hdh$>_+J?RH`%073#3e=JfIh#4 zMqZhvpxgPIYWR)(`w)>hfwxjamMp^`wB|`F*&`~Z(3Qaq?sfLZT-{;O(>h6VL8iVo zZLkl@swlm!P*=1jm?PMkMR#_E4v4R0@6H(8$6O2}h6NEV;oOD?DAe&8C~!=}2UTF)w>28*@ONN}boT_E@zk2IE)BqszC6h+XpNLQ>;v4%0A5!1YhND7yccU`mQ%GRW&_f?(%<8_SRuht!?|TB8uonq?MKq z0ZFA17+~n`kWd<=q)SDZp&LmVy1P>(rDW(vx`!TW;J0|+E!+J(d%xfD{dYTf%&fKU zSl4x4=XIX$XvHkk%N%${jH`CZ)d=R4@+L1%O{tXwKg_M4q9{HUYXjf>vmFR7!`O5U!=}h0;DNs+7P%TuZExE8=c{vGNz$K!oHCTOsDrYi<28eM~7_b%tD0OLf`cVG0(=yd$nVZ~Qq&UlQ>sMazvU81%V0nMT)%llo58hRl9Ei7C*< z3C=4DW+V^Vt>GG8IBkguX9@HV2MJBB6Lx2cgw-}6v-Agx2b#H4Fp9j59b#p!C=uJ3Z`ENh*(LD$^Uytpd2bu9av$A(f9 zE8)1KE2vdTyS9qac3}$lr}F$qV`J8#g7EWCfB`$HR}1DYDv&MYC88d0#dAYvAj5LB zHQUNy4IO11_;Bt*ufff!HWW}I-Z|d+hHcy$fTN^?RBL=N6{~A{@62V%vcKfunRwS> z|6z9bMN7n_O|G0FO1G-Gq3W71{2xcn2*7MQO1eHIi*G&DBnsA4&C$-+Ze$ShSRPff zT@f=rk?&}uxHz(CJzwE@(Lu;E*-F&-R&k<9b{=ny4C_=%V_ za%-r}H0UwUQ}yWW@#8y(VI5-kmSuYBq^AYMly|0|&jfVg(Py?Jz+;3l%W?@4SeW0q zaUohpWpbbM5BhBzF5H6PqzsYm!GVvVcQPqYP60vfr!gLx54U9bkLs+*&^~jIV&(LI zyC((EPlz%%o+;qWRyfXbTa7)-WWYKW0$dLcH%3D-C_J7`RN1B!B6~h_5*RkotgohG zh78c7Sbp5XDKE;ypsKE{&)snE{C2zi2`urH)Kqr+!+GC@g`3&e>qde9IHg~S0S6BW z$1eG=SE%ov^cNSsD4U9y@AvcoYpQ3P;}tKTUP=vo8m`^Qhr-OZS{`w~k$#$ZA`wJ3 zO_^lgCQV?x7!YnZ@!7Qf0??BeqkZM9gwJfbF|!BMzQ9#{8q3KMo{$xFGK%{hi0zg7$JkRbJopb?-2fu9{%XY-WjoiB< zZ&{mvNyJSW{8Sd+JCP~q%CWn5HXEG(Q0CgaD*I2@ zIx7rxXnkLDhDG2wlr8s%8WV84uRk_Tcc?y%kbxgzW+f936WE=dPviuwdbim*|>j(NP$xt9C%+6J)d?ptfdx&G#RvoYt`p(B5hslrPcdz{&|4YB)dNU+9W82x%BTx>ev%Cv$m` z6FN=niUjC7$MdQF?OXtWNR1go{VKeWnO6L@=xCiZ0d3DiGlB{vU$B7z&i6~V^W7Js z%1EM!BJq3u8tF^q?px7RY(&yyo=e9Ik=39Z6d7A8KpC_>l#C>a`vNkN>;`Cr>p6*K ze2{n(2|LLG+#ZR*O#K?};-mta*hf6zy)r;9ULpr&TiD1Kay(Cz=122W6fE=+aYe@H zrg8ikcl#M*3FPLC8e__(!aNEBC^PC5H3=0)JVK;)4%9>hx&y+fLqB*q3ER+K7>?x% zhc)SP7JltJ^$JpVA-r62oflb@KTgY#Ixl_M1eofF>B+=azYLklEibM5BW{K zfj}Vc*G&JGOUH@uQtjA1_-fB(t}y&pBr6o|Bk-2hO8tke009$|V0jGMwo9wEQiXgT zgEl+!oz1i8>_J3biNy>_4qteAb~}zVVoDoulZM$(GSwc|0@4SpN{h@B6_%moIop7C zCTXn2EDqErk;7QRF}w%n7`a-Ii|n9qW9S>Lt?;f{2*ICrkAc0_;*aC%Lg6#Iw%4q* z`$jZ9445%>k7KyV#%xOOFFT)0UQ zV+7$>k6qW5wiKH8{b#$OX*J?gDBR)|CMK5>_>Pwz>}V9X1`q$`xYGWYXGoyI4QXG{ z5vXeX(HW>($IHMQVUB%3pPYi%QCU>(3BvnCCNYO$!56n7YMQo;o&n7bg3i?viY9ql zy%3`_e*^ptQ+h+zgkj@RYz!_03vb>XazkhZs3GnlD*(}=H^gUxAfay@_vhf1Gh=k< z)ep4h_J!m}4{fG(#P3kM`ZH9#z^UsT#~^p11ka5CO;!xku|r}H9Vp7J#yO_@IS(3u zu&XZOVCm+a)6KL_XY$G~Y!eUHCc(4VA$GR7pmS4DI-Z{FK@sf^PYr=U_CHN<^Si5L zlfOwMIr-P0o4vu5j}0b@OSTK%iyDs>>OYJomIT62b~*uXQ2jy2g7NOA-9Yu3Qi(Pr zj4_%y8LYHu0cp0*a_sDUbLuJw`yAEp;FO=+O3xANO6dood9$TQ z!)CpIe>ZxGNa<@Zt=kzRXj`>wZ1(b~%7RQu$FdM+68d7hx>}9{3(_tib(2%pypY6f z##DyzxeD>j4JnvJ5qs2VaFN zAKz5wqCUf^#)tE+xQClLz&SSpfes=>{f)fQh( z`d+p4611e!B05{M%rIZ~OVp41bP|CVvru9=H&9YcUHjs5FCqexoJQCO6?f}pClHP@ zL$8qZmaf5CGPt5%N~t>bVxGtj4)7O^wZ)Jav*&LFQY*YIrQcI2Xko;1bp}S!#hOi0 zN4L8`sdW0odqhKaVLhrtCIk(k%IG^dQ1pu!xU{nh@mj+0(FjoBu#Yy=mu@&c1Q2X^ zesLIXe9OgcT>Axl^KpasN4{CfP`qd%V)j3vle8ZZD(Op)iEq^exk!{oSe*8h^~;+l zUhdBaPUNlXffh%8xKiXFVS^8-JRZM3jbgMrbQ*25k?uOf%kY(uy4;+wR7p6I9!?mG zmYSw<9hSuFtxIhsql&K~yr)aUej6)MwRnP6F@F8~>6D&Qf7FMN7gV`9Dbak-?-^HH zxufY~6uyp*IAfa~> zuF=*#5JD&uzkxpSoi;#t{D}!&^w|80p;8pU4OgJZbn@|Mimy(CJ zqvc*dVg_2ZI9a4w$dx%&BcdNM%}`Zwd=q}ut6E0@Jtk#&S)ZfXD~&sUE~>3C0J}vy z(yyew^?|!ju>eCyQu*OY;%j!#IxBv(snAYMeJfMU1Yu52st=H3L0ROSJ2V85gScyn z+MBz%mcp1GLe6d^t}S`2BOMuXkioXdzF|oH5qw)N-V`p(ri3nFeXOtSk3j+y(*KSn zUGw6{UR;4n4!io-0kb{mi>PV@yB?pZ6_;6)#^&A@y>Z6VHz>E@g-;1hM4-0&w3N(X zU9}+YyyXt#{wbpS7TkePu)T$ehhGPeJGt5CrZ4d0szlPsN|`FeFNQ`H#*`}JG}vx% zI@u`EJPj{#2P%}(-e-$=3h7)w)E$6fC@d8C!!6Je*L!%MkvM$Jh#5vmQqyxM8Gu(oSORA_KDvlXKX^jtO zq$++!SbdoFe7-L8MY%9i9JLKltXS)|iRl^NSNc-LD*QP8#==#l0njP$SfFMqyG&&qeqs=w=4>)U)71zhN1l=^eBjbh`(RC+=$;zX#%@Ps zc`_A_9HT5*(!1jhLi#XTwif4@Z6%YZO7m8c7j>EB0h(VBcMjv3fXdAgkL$VgD2 znQxr?fb12@Kp8ZuVZv*ygJ!$ijkx)boBBJW@4c(Jcgs ziqF9xBhouTG>o7owu}mgEaqUAj6jo-xCm~C!H@_FvhqR%e%I5H5|*cAv|3;ay|GW+ z@>(j+A>x{bYZ;v#sZe-^V~jXCbLx>h=(aZ)HQ-g;O6O%24rSs z`ULq?*ZLB){b=0Ki)l+^$I3n-We#d1$T6t3REW(ePPN~I{zTTol!kS-_mkVPPk*|% z#GS!LKiE=EQx(;$)@AI$52^o&lj_{U4BwMCid-n92nkv+7Vs@7hOXLA?DqxE_SO)& z;JlQ*XFfvsM$c&C8QX6)L=JR;0LOM9MZ^fc^MEw&0yY1Y>Vn1YZ-;>|8N`R$$2mQ3 z&Ee0_efz0>Y48J$x8j$Satue~4&iLZ6HVTq;rAjlPj-W!t<`r_8D-7jI4sKssL8B| zD`6F2)!Vz`7UtL0$tr~e(k8r9X3`eN-8hLDsjh-~g@@(Q)SWWs64dyuYEwUM;{!mA zv~CVS1s39CQeXsgW;_U1l+Ya<6@@JEMi_e1`i8gn)WpE-wA|w=#s8p= z2jc~wFX{SYlMy4BP9uchb0Byk?B#SSWgSuq8neY_1I*wYgY+wH=Z4>0S(IAo4g;3c zv5c`|UP%0SQs8jFfr}IK)&giF7#gwbOY(Zr&PxS({J||K+%+BVD6~NShEjJ!YoKt9 zgYe!w_WD$yu4SP+^YrNE3g_(2Lbh1~*n9KtL$Zv+TvvKM$6858HhI-k`%@!fY`sOE z8n*3JfkuR1f!B%PmtV2!f8;8PFTHi`(08(QpI!WDrAQ{ddCvI7BdMfapnbTi;gU`a6Zuwwm}cWlAK(b|&3cLd8X5D1usV1}~I znBZ2HPYh*=ZDWEHX^Qii_w}#;IAW)BFqH39T~>WLDXzWz{;k9! z+$Isut`aXjG8_#=y~d}hSe{?~d5a>VGKBo>?vJOVXq$uw?vzyJz-5&Zf+CmI;h#>F z$6|Rou#<)|Yj-cUf^HxwkVdR0oM+WUC;9+VL@)TLnddBkaz-;@s-t~oEfx_>?ekos zA`rJ^f}`@t?(f=YYUk@1z=}Jc^!_@K%Wj%g};m}#`_IBWI460FfVz$xFXu8h& z;*tCM>K8G{{r&TQ24G+5Tp{K$2ZGnP*vv!e6A|Vzf;ctid+E@cV`^;_{G#x+16;oKXY_`-;=+_R<8l1QRi{B|FvQBbxifo z178*pkeAAYJN;j+#eci5;^?cA+v_>! z`p3GtzOTK*n<^|vA%K`~JJ4+$$u$GVd*juUWgpE{;xS&zBA9sgdnx`ueh{d`1M50b z-zDYOve=YDFFjA&Ugp2;H+34I_lCgGo#8sh?oYm<43(O}&Qb^lOezUh&S#M@y9K%ui(#g% zB0^?b-SEb0gL{X}Onh;jb2_#s)&dt})B|N2MVjSr4I@g2UiK(U(f3+b2ooi(Qd0 ziQaf{aRjm3_b9MkAMZ+AS5{&?Kpd|o75mPrS4yJ}CLO#}Q6XwyEk9igUS$ohE>Np` zhg%s)_*CkBB@~@&EepqFGfyo`UNyWL#H3NAL~SvWOR&%p8XCx2_w)#GA$)<@EL-TC zMX??U?li}78%x9!p(2UnOY+q7Voqh&U^2?8MZ=A>>-`%Tv1tho7;#LqSmc>=sgPSv zP4YnF@f|?G_;7vr%1T)#>8Y3NBkHQ3W3`AZs-64mO0j$gpQ~QB@vt44o^8RiH-{l(zrhRad-y!DCCilfTs;STZzkNyvPkc}>r3PXx3Dfg!4Tvcke!W%;L*2# z1u7(1#9RSD*X{GGT2AH*t(^YwPHv!{7D*?k?EawVhqLcd#i7V;Y(>h@9I-`y*yFD5 z5{XkGyvRQ>c+-7?i0;4uWp(QCbKOAm9{5<}}*Q@gT_iazDjx5+IIR)0TMI zUz`lsA{rLx0VQEM+S*LHB;s2YD7Zs^8(U$MP^}|^e4!&a@MiA*9MD$KFR&}F>+}t4 zAk%tM^Qqy{*az%(EPxpgC8evaYWz5|QPfB*+&B+?v6!6(%LLwTr6=owZ1Q`^D(5L2 zIj%kv%!-DiNwzmK_0z7C*1OrKFD3AjfMSKthZ|^d7!SfqrKU36G|^5bfWz-fc7baY zd7JV4XwtT$j~_vLW#w&jR1Mey8`fsUGUlQJs6zs3p>I8mxKufxO zc;l4{z2G5AY!7#L60n}8@q$oEusV-^BgCij1!HghYhnKhfURJCb_xCUVi0kqSBz47 z`_a*S2WPxaJ~<{aQD}vxm$|%;b?Kt%f;(ot0m)j|`V$wB^9(r}2XMv6#*4#M)-G;c z%aob(4TBD;4CwY?jYDEu=Uh#Ci(0}}tFT#Gg|}_>(S%uAw&5vxs%pP*?0LgQyyXGd z5|g>bu4G0FiR?jm&|6q2Ye;P#MLZ(md1tlxq@+H9X5R?H_QrAF)(dYd8uyeMT&kWc zrj>h8Mc9n#=M6+SQW~wSK={3PHv@F(zwHj^j?4tO5$ud|TuLpWKy&7VWckhuP>1kd zCpEk0=>a~wti>uJi?*5dc9-2H3fUpU)}YE1>JH?qqH(MG6Fo`%&w*ehmdX?0;|l?G zzD6!O#x#iHyT2u*zadqcR|@Q>zbj*t;%R2RXA-YiR}+d!k5E&~Rh7<3g}hk=F)F*Q zTKQ-c=n^FHIYFBk?44^Dt>_CX+&2LOyOOhhNs8bHr}d)N6H?-O?t^jznmEA}9tYuY zu!h{4P3+njr}SevL##OxTHh?$c>ERVZGDG@V7rg-pUO}!B55bc(u6dmPJC~jAR|08 zC>kKWJ;!{uT&-HVRTCk!!sKK#qARYkzNk!c`OLQfOeyRlvdF>_cUSLTPHK1=&~1)* zWS+t(ev$0D{26?=%*&Qckm04Evakw9jttE+6o9@uQ+b<<5u1Iq|Mm%M@KO27i;c@= z_Cd=3A8l>SzE33y9%SEb8&=9OQUbe;Rjf7GG~9`3R!g%OwpdHrr+Hr@3Qm7!4$G4f zP?`aH{LBVwok(F$GW3k1yI-3w1s?+b;iJF_IR<9@Y&+!Es9>37FmhOs?^xYNTvZ4o zWJDpy>4|x4NULT&95xFMe&lZf7Pkw@?mzuXWU1~u)v200td&)YkKh=b8(ECX~=8l)oVkjA+#XryEbmyQ99LSF-w&S|`jp+*@vO=jb+g^NBKZ`z@&Fa!tV- zs!_3hs0pgYWA8y01(N4~VX?e9s*%nw>Rbccg>ZOXX(W@(NQROp(Qtagg^L6*j(*Xf ze?{llfk?gr5OjNz1Fk-Qo@a^=FvFHVE7#aZ<3Fx;*&cetYf&z)Y*#P5ngjrDZ~h?T zqmc+9#Q|jDQr2<(0?c5lxvIP)fJC#<;h6DymVNmsaeC*g@3V+{&KU|`ju0gp#2f@~ zVSS@8Fs(v}&5x^`o2I1nn3#FIZQ^T_YVPW+40)CM`f5%fVVjsVn_k|#tydL4GkX&{ z3T|PvTY&^Gj=wV-*TbjYg*kfd0v+k)@YRu#soW^(l(H*_7gPId8M}lxin*RAe&YK-6sQg{JU!=Vt2VSWxq%VqMsv|ew! zXa`wU_z%tz*V$9`_5ENCeaMwSLd)&@ z@RitPPaY`E__`DibyiuvJjT^>qrBN@a90QTiCTK1)npnJ=VUsy?H3GMK(Qp6%2}t< z>hs9W<V#zqvp10B=2V5m-iZ8%He z4>ExlTX|WIgIfT@=w(C)pckS%Z!iBXnkOEvt@JgYNI;_Hv*`qjM4@?#MHxbVX#rdrCLobC1<`U` zLhp}zpU(ziACh&K@(PxxB3|G3#K36}>Yr%x7=7%2Nw{N#Wz=p1tEd60nzqX^gDP3R z!2JGiE-dcjE#~rYEr_!(V5Y&nL*%vbPiK(}tod2ozbC0<;r~P8u8kM^_4zR=uE>oi zwp#qlbV`-OCMZGV9Z16eir!B}rL0GGh%95E;+72QPmxi!hFlZ_a1oYAtjY-@s z8aWdvSeVqq_EQTF)6PGXA7!AjuULl54FslJNkE^JtvV+w|5UEZy*RFxq6*~pao(PM zj`=i%I-k%|AmoaQMVw;Yj>r&J&Nbp|7toV^rSotOd(mUm1t+Q7vpY~Yd;iPr_eAD_ z#l0QX29t~y$;ML)Cociu@jG1b{XP(y?Ad1sC|u{Ha=4uwW{2x)j4~K&awCL*GrRl)BA&%Z_oB1s0M{-)FO?K3&}F=s}(RQi=Qh4z9-k&GxbvzhM}4e=@%)@YQ^q>CAKW(pM8> zyTOpmDT?r>buLW3Q@Ivtj_TqtqxjOybejv^N>)$8!5D`h?~-M5HQwrzBq;oJnc?x> zO1gn`H2it#}T zIdlc7%jP|^iIls$6kItwRhyt=oA$va3o}XqEoJxv*5$r)jfc^G{y)x?EP%k|-&Z&p zvM9Xf8~z$hQuxXVE|#ErhdBQk*6}S61Nwt>{L3V-Bdjq|bbI_KNyzkG7`^o1%0#Q&c2>w~iL3ZhSbTZ} z{X5&u#iFLmCFH5=^7a4yeUKsuJgNTV9QVIS%~15GUX@f<*sswhpWFm4X!_L#<_lI#kzQhBb$|Yt3$zQ+D zhAxHCV3_koul}m<4*;-9E^V7byhenC|7nH*oQ>;dmd^|q3B~n9Ghm>P1YYDR;uAn~ zWBcNbqnQg?QM%Pis;W-_3%$nx|NTN%rIRWR9^Xpr-n-tPY1@}3wLv;KYpMtLU|!P@ z?RD>s=O!ucw6_-QOF5*OO8KXk+5f)SnoT8|(T+LA)g;@maoUp4M2}v70x(r-e!OGBl|6fy<+1FNMki-9oU6ue5D_IcZ7B9Boep3_ z>e0v1R*fliZ8RBex&9|^DpPQQWXR`)k{Y+u`i;KgC)RwA)S4n*EU}PG0BekRI8K*qP>l= z9qWOx*&es=r?joHJxNv_y@lbCSybb&B2i&64EscGFS1>z9>rgz`zR2>?B_a^t7bXf zkivZYugCGNEAlPn?t@=T)Yl#)@;+O%&7x%Q+s^@)loW|TFVoiVv}G{(1attVHflCJ zpOLL;m_ucOQ;eH_Dr{e-fe-@w=%dQIjaQPKA%Ln}G&CbVLN?&XQg=*7z~obDW*Hx~ z$a>K*R;~IM5XSWefC+%9)vwr{x23M&b=IF@5?mwy29jGUu z1$@8@lRi#x1XqX_)gErd-Ww<9-@@;l?JjEIIpUr3sXjd2SorCV2<}Vbr)QT{edeHB zV+2~i^|Ip;a|~N({JO@iHf3;GX-mkidEf-Ou$RXaaxoIznB>;Oe#NTErh1~GR+K~G z@ld$>cs~0Hx%bI5BEl+@Yz0w@!kOc9uy*K58IPqv9~;~C@HVMQKsc}OSpd@?Q3a4& z1HbEflfP$RsPQzMJ$cr#YFo42<>pp=)0ZFEshX;|)_r2Qfrry^IsRnp8#629g*pBd ztIWu5=Ud>Zde{9pAy2o6jvDW#Ykkw}6zG2kR#Lzj{x`+ldEZ{Z@kLauHA`Yfd&74u^=-Q00cDd;{FjuVjSKx90usM=F9c zLrC~}fJAe@k6n!8-jjD%*jgEFF>Avr%rW0IMJOY};<(t5R;hgh=#ma1A!5eAJzgUj zN>lSf-n{7UWP5LX+ZX5AV8rEd$AD$5-n?%UiUo6yb-J#D6?G&eu6H@zjz}5 zVyiqZ*G)s}#`7?MGN#}iAL6t*#?B|L-Fv>87S;DTse#5G^2}>{_EO%d(FG1R-#puH zptB2|(UM~=qZKwVfIlT+Qa zOP?y#;H=+!zH=c&W}y30y)FdTg3&?)uF!6iR352H9bZ+uZjixX@KNVJ=4v?Llz4Xm zukn1zWhdD^;s>>|D}hpz#RjmIM5?Kj!i#`LPq#OW{O(7a*}!`r+DyB|;TNF2$T(0X zzO4LQ@_5hn;{4?0qBXF=Wc=6$>dL9#S5=aWikvHF<&ghDS;4uL^X*tl=blo-U?w0c z7sDIG;_72$Dk$=m)WCHq+7UtJiPH*vv)tKd5_nB0dFHF00XNE2fAaXb)S#Ci?qux7 z{a^gX|3a-rZWr8oD)ZP95Eu6F`7AzT3mPNTYbrb+HLx|Ai8#dZr(+OEYk zo6a;|Y-dYsX}KRYbP8zCw?AUqeWBU(1GrS^!$pPl95!d&21e!S>o)-^l&SaSncWgV zy6P83IpUf$X?(Ob?&AFZT6*7O8A9Jq>qbF&Qm1_8^<_6eif#`ngIgMVx#PdUpHTmI_SB94=i$1syr;oZ1MagWGQ3Tg`D zj9nA(28tRc?IC(jGqVkI?_Vh3bjs1Du{Eyemh&*fibBNowVUEz>Q$1Ub*h_KyH9)H z9eSee9ZxhVrA}pfwmwnzj!T(<{VaKVni0tK4gJYtOjtG$USAw%1<(Pp5chP?DUvja zV5lLKMskP;j(Yo^{GG@Sm7{^jZd(-bY4a^?*|Qrh7n0Ez=U+ZNkcRPy#eYG7I0bc^ zJwM){gSsSA{mkj--;47E>h7JHs9B7FX}_!nUd)- zv+}(&=d#s%PFR@zuv?uqaGFM6D-wxto+hZ$b=Kq3z<)N-5amE)t0N_ZIt<~T9|jr) zJn_5S0XIIx#R7$KG|jqXgo=05eqUUkWA`D!?J3p0^#Kfupc5!`6JRPbqA>mlaD!%g z$}n1CM|q@8J?%R8fqC;+Sv?l6orfOJJa2kzOfz##8_cl499{xFu%_g#6fZ@NR!!kb zO4o*Go*pIG$}`$E(X%JYkU+FQPT*Z0OAe_XEI*MX|NMYOyO^@TAm}`U@|LU8`i8(p z4%reweGM6j@Vp$VZ5C&(8XoIx)^^&U!^xJ&N%pp)K(9{D{~Y*(mMZ4ZExew^Nmz+a zE@+((~-@agWw z9=brbLF+;pXO7jdACmyKJh8KbuGGpI6>)wzYM@~KIM5YmSjL;0z*?dFoG~jA7l2n> zv~Rg&Z=0XeD#y9Uo%|3srt)$f^F47$>@@z@$qmMPi@wud<5Ki12nPBHeBg^}Y1&vB z+=b-BwC;Ht1ra7VXL;u1gKgcTAasg4@4)K)@LjuM3W+wAs%?@c-YmVuce`_|vsp5_ z$UuX1hR(*iEkeC$n-~UNnzh2ysa)&HN9o*(O_y7?mbR_qfN0x7R16{5{U>c~IzY3? z2++E>2R&3}v}Lm12SYbexve(O4^P5rMh=PnT}x(cYzq!$RCnz?3t37)p8-RI?djS! z2U_#Y&$k@3m}=_JlHKpDZy=w~#EEn73mnXSSjb0sJ%>!R@f|tz`nzs1F-q00Rcf<2 zrG6x*`W!)EL)d&*e|ZXo)7-0S8VBQ2P$IVYu9V`owDAB4$s~f zQkLlKdo@|)@n+c=cn{l#X!qg{KkT1SWv+GnYt>ckivIH-<>{`Q1VvC{`-J|66KR3n zJr#C0tJa-0hcx?)@6xDx9wwlXGAHOuE-|x)-;svwpY^GkQVJlt7wZ2CbnO4=G!7IRon@o}MR|+`T2?$`UFu z%+e8+GF<&?5oX{6CK&E`LX}Ee1ckZ4Fx!^O+5S7Bl$O((nIrUS*82F>_%eNNs&~j~ zX9YyM4jnYMyifdxa*<-<9&h(6be5DFwy*+SXZSOR%SHDa;eooD4?hD=O#bci(%gMs z6H9KN?*Yux3pkr!RJnHtB-phpbJ|f4s1hT>hNlh3B zu~qw;zezFwN{9dVa6G-PSz*)?3S2t-o{dfb9dSRy_q3s6-GE!BWM7YsO*KtdQKgrcOqn&nUcibDr z3__}_t*FuDC9Cr-g0&MIi9j3rd7YDI2PZZK1@050P2@#pEJNQTYydU#APUP~1L@l^ z(n0lBLEsF4!4cbKh(^X1WSePW|YBf@sg!iQzHC|qv zMV2p-e}}~YtPuwB9XK|U-VcR3Jq*0%h~OFV?9^^6&+tZni|zS*tbgLGI0ki`gZuLP zM-rMVCt32>;OTYh{^#IJl#hx?ENth~^^xaFqX<@N1Z3GEfPFG;$cyz>m!BsqH9FuY2RrBBE*m* zbAYJPMi8Bpi`X+uvdz2&6sHGX$F}i8C-e%`i?E6Dy@%ZDqgIl=_#O;u*O?|dsq5z5 zoma!vx|=)U#uBk<)H_QqT_oUodQgq%_m;ONuSL!rPgFG$XqaQYLf;jw=)#HW&ubzF zfZ&@@*5zX~kT?uZEY*@+#LmZ*>tLHPvsE-Sv`--DF?l$eC3Nz2tcD`}ap~5FU5>dF z#StmW<^A)8f~xl0!YK2^+zKtpylL@_3s4`6y7r7T^rGibD3zaL;yZdZU4YU|cvXHH zKTtl7y5m;6%{y}Yji8=5^Wnn+{B1n_{3V(1Z{RG{22J}(h;%m(jE7w{G8|t5~sMBvZ<_xtF!;du}1)KG7wFPR-LaK1W!UWiS!(m>UUc1?*eVmS;8T^{*033 z`TpO3DJr}Q#G9Md|A-qNEPkgiUXZ_?ad-=x_1KWqqtnptI29w4SKz31aJQeHJmg!b zfV{bxC77xp1R7z$tWMBzKXi)JK-k56>Y}sf`0Y`ti`$QRvzafo=wqvoibwSaWWpQ! znVcN5wx`oRi4TT3&&r9$m6xB9J1X|X`qUbfYJTk)P;ZIr>`tR84S4IZ0N4u`nUKJ? z1PjvQ(GyyUM2W)BLPpSSXmYrvOScrk3xwJ!NITHv_O2gWIzz|L2z?cN>nX7ur!%H# zgc-~U)!>xV1!{i{{(l5Uv;CpPYJp% zND~HDX-HYFZ_>ZZhuVu+?yZM=aHp8!59li3z73f8YX3ark56ACu>~F`afJfnJ*dpS zJec^~7$2Q;QFouq&o}Jxe}1o^;)|Potz{64fwpYHVj4p20U=(li)v%B)^v_N{1Bd> ze9VA_Q+TL;=nZ3ef}n8im;2|;Q@oEe$xl}ahhw2O4i5plu>mEl%-xn|S1 z<2Ph6_v&bRLIi()RQ8qRM}M|agWKTIV(5RnHoxKYWwo4|a3FU_rt~*{gZ(fb`9DhE zrZsdQ$=tx~{)U6UEnG-~%}NCdFP~B%%_2VwE3aYoz9HF2rJW(B?XN_?R13oELxeAcmFznaoNlm`fxZPsoSGTO(f zE{WrnrPS=(+)QLm{Zp{i0}TL%6?_)NuAyRJz)uQ%*jt@`{u3f>#tY2YtG{N<5UrC2 zT`A-S-7sJbRF1xR6T{<){N=>w67g{Vrn;?VnooIZMT}q&bmg9s+SiX1z1oknNM~5( zk3|Dt{A~G&b+VZ0X+JBtzE1F|TQU~^!2D)s8#*28Mx zEs{C(j47L9V)v}oVq%SSHIxVZD!LrpVV>5aX-&KHW?!7N+P&kmSW~ z?CDqP|1_<1m@YlrCmjoYxSX_VOyyofR8wW&<#eJuMxVmlj_MNxbJ-CN))d};M)T*| z777NUk1U)$yI*kRRgwlYI{*?h;f0yk96g~d^Z?DxnFjwD3m4XgX2m-7L$euJu=pS` z2zz88*-11%c?8|d?FYOXne%g?Mui)aBemz8)S>)+>Zz(sI)UetbQglWJ$tfIe`Ro+ z-94afa{aYdym*WdwIKwpuVdfcu%YFM)HI)fHazxjaedP1&~8-U<1US7M9cE2^2rzx zTh!paCm%4fj9+_m4b|p4MV-ENf;>vsGot(%cnq3S+N*v&dA5Hf`9(2vd7NOod-6nZ z^rxr85y8m#lr_vFyfHnvFZ`>YwXpevDfcOaI6Kkz*%qFE#kT)DD(kyT`N`!8Z!C)r zG5_J_<7g&z=@gB8O>!A63~tcl!pOKpa^FTQOF~fIHn-8zdPRx)%K*zj2vpn)WUfk8 zTOE+Zq@|j%D-CCXh*dAyeyQp**QrA3n-)lnU(Jl7gykhH_J|`Ep$rw*ox?*1R>i%l)>LMu?Jsw<7hf@(s z>X7|gn10rK&KYl0{-XC^P`I1kG}Ewi`YAUx9bA3i_aQD#bsgRpzX)YBbMummY61qu zdu{hKq!<+wmD8o{=pWLf?S6FGnJSzGsym~lZ z_t~EM4t{LaPybN^Ug{HUl-2DcN^u|}h@B099(doY($gj0dS}Chb|CE8#A@i0w$(~- zUH-Yo|E>li?9{JrR>wKTC0x_GcMQ-zez>y4@O3|Gk~z=gdMI+RLVH8>)+k+&lUL^^ z{OzVtdjzs^wP4mLBn6-|<~Nda z%QjEZ67Sce{{S45;y7MQtL7-vLVO8tJ}3M+uhtLGkU`;!?5=ZE{iELdD?C6er5@5; ztNm*m`pQZAgf(3`J=NFO%T?ix>e67EgeZKx1lr6x`T>^k7~qLMe=w+^z;-K)o{+v+ zW{tYJ#`k_)=)c{?o2$EUK%9;JSwa2s2v1~_QKRoNim_eqxFMnM{tXWXfS(2d$R2H1 zAi(n(7vqD?an9wwB%QGPr|yVWlK9^#8o!T4*lFiR7Xr;YYR3Os7mCD~VTcO1!}Z;9 z)0DO@`jo`hS-=lT0x{E&rj#bZ4q*29#EDbQ|LUYp2Ydsttb!Z1jsL1D`x;64BsP6? zp}XYF04CR*_+~W#G}_HW=reVj37FNNev(|F`!|3;uDSimtD7zhZyj0wy3SW<32`^j zp4E6u1``upwGb}%CSZiTnrdA1oVKakf;j;;A;5#l2Bx&Q@n0S;qa7B9B#_It8l%Z2H=P7n3)$B0zSFHxR|BtWtj%Rc4|Hn(!>OfFx*4|XL#Ee;c z)g~y~s!dQcww78oLv5{9yJqaFQoHuvBlad{{4V$ToO9pz`QGRE4{0AB5%2N3UgJ5M zgZv~ec7FhM!UIKOR`q{6eE;;mi6F^cTG6+*DX>lsz?&tE`HXRYzXRIb;Cb{xx5)4( zFzv_!M3;UZDooq{d8Yom?gXmO6ATXb4PW24GXsAz8LrbD0g{L4otEI+gEMExTgg*R z1-eB_3w#13{y^wUfHnh2^*1U2;=40}r!L75HT_@L@W0MPKd{s_tB1ixe_%gL>9B*` zmJeh)b*VEW0cd-4X+`nwH!zvO%G76MMdM}l`N`yi_~WNwc~-R)%G@+h>k2@{BG~5{ zS#Pn-RAXV_YTclkD9igt0Zvu*6$f0~?M;nd+it?e5t{NCOCYDIS?^S;G7;=?v#0&KYIANp zdR8c7fcjRk)a2V}Se}#781UBW{Q4GN2s>wSXIeT>pl5lMF(pTPT`QLLu=CvAZ?2l1 zBOS&GMtJq*wFZ{P8BD#pDd!#yQQWfrSmU8}P z#0}X6Oa91XX>yk8JG(68>KLUz>zY2CWMq0QT0LWHGQTtBdeYN{cR=o$;)OFfE>O7p zHtpZH=|9hezp83;Xusf7vr&hC0RcbaKcb8j_-dZ5)PbyiE`7Hc+WBd?;Is744_2iR zQV&OKt3$C)o7Dc#&$5q1T-QL#Ec-75*OS108uAUB7QyS;k5CF^ zYtoW)>8WjS>;2M)y?^Z3cUHjsIKI!#p$J-*l@Vc^f_tLFcYZyG(eB@2?R;8mXs#_R zOd=fl`3xPkX6p060)XvXKehg1HxQ}(J>6kraev+7EZdPDb=(ImEwL6o`L@NGuQ7be z1m5kjFLRc7;2d*S^R2fjr$%+Sy+&2<6})h_#p2!FFzZTdmdqM5m!13Kvb{WnNcavg zk#f1GQ)Kvb#`o&7X1jJHVB-vkuTen9^@|NJDdv-q107dQq${7(_&(06d@)loAY5lK z^LjgVY6scIG37PbMO%w;w|7iW1N(Rn^@~?Fp1A`Qgj?H2+YM9I`LVUgCdY=?s2hDr z`(Kk!7vmtcUq@^T4?->hF)|k8rlCGhF+A|#H%rjbK-<*8dy6@br_UJqvUN5_^6#Zl zR}?g)Y1M7iQ(x@0muU}@SMs|4S;740r2}3!uQ0#B+gO-ig#J zF%Vc@Eo9!StPLt3raH8I)L`=Cou+~Ly+D-W(%@N0O67Sq%f5oyw9@`4RoT^E>8Ov!vNOaeb9}zs0XA^ZAK$+`=aZ> zyFe(+p~;G8=8b#z{C7LZbk(9YPRU$}e(-&1L4m|OQz?2I6Z@+vmr-M<$p&e{A@+zoS`T#Iu|QQ=82Pv?8JwkFtGIVz!wv8+F*kN}Aq`HW*QS6$u1*Rng21Tf7~ zpvRHwg&=s;{k)`fj3MMM4s&#xuN}rSg8ZfT$y&{?m8$mX~l$J`JUtY+?_d}-PMD>b^>9vUC_$6 ziAK8f5dlAx($mT^waYU_jg`h&+4&UbkSYdDnp+3U-rS&iJLj;!!gP&6`JwsmOnG|R zE4QEI`S*H zR$n8O?tb%S%+_4Dc&(i!G{4{_7kI6JAeZjb7u z>1wZikvtT4$bUEFhLp!usvDu847)WC76rqLR+04$z>RGJa`OT|; z`<@>qFkfA9=wzR6zcw4PTjM)AjK}?1`}=slv%k&At1i+EdSbPvx0h>Yc8q2S1p?>> zekF1_9GJ$~0S0?mAUNumQw%pYFb=#GC zDcqU~-xSP#AQZiG>VcO1n&^3XPt|1GoI0e3^>$;2P>*ZxXNRHnPZ93=O@5S&DtbE5ChDbSGsWFts1Ea2oze(Y{4U>h()g{wJ^3CJDU4 zHV5kO3Q)Vw&nv4S&oe(c1xF&l-kbh-ZBnqU8JG2Ze#NZT$hz%MuyB*lo|q!I%hrte z{Wluv{@zPJx#L`eFEsjn_3A{}H&KY7JG!YMJ^4#v(Kc*KE3<`BmWmlx#f_H-Oi`^P zhh;cJUiNi77*5pFWoVh0wDi4h`8y9l&PyM2qTICU2j!ia=|*FicE9JQDZycD9w<4u z>R`JJOXpniMqL+gezC98;pKEN1*;wyKBYd1o^fhVEEb$2&b?Tla$d|MRa3a+mul(e z$D<*}V`tlpfW@lEJd!mIdESHw+qoqSzkQ}JO;kegd$cBz;7I8-d15%$~T+YG67 zuF994PaB(xN9{jt7oP9j{6O6Nw0i4!QvNDd?L(adlEq}COZ+C#x&-f*{#e)p5a6*u zX8$G+)nYrX%qy``$b92!vs+;BwhVn&Syu!5blpM8nwLw-dR33$8q~u8oz&F_ffP5K zt}J2NhbO&qQ_V|F)=$f(FsZIvq`GM_sd_s_~p~;Ed&x2rg!n z1t;|9L{HoKURc14EH51AFVC(pe4&l_qB7+Y3HV|v=DS+Ji1tv6-tFTC!ZF`~p8hRh z(xwc*$ex-47n3;Vtf2`Yr;5@_^nD5C7v+E>sAjNFPE_6TYIMTobL>Z#SJhtIii|{= zrluz-hy?cty{>haRJDHp;>i_3&-vO48ByvMp8_u zlvRuGhdWqk<><8!E)g%cePjpGfaVyc*m0);sKl=7&eoTf*y<0q0X0a6`ZMeLNu6N_!}W?TV%Kzw)Ul)$5nYk5P*XvWJ`!>O_nirq!| zQNCLy@iKTSbIFk<e8fMRCDt9bRt&aingC?|rCLDDVy zCON~t$g;QW{Z*D|(c7wF4>bmq?dcc41a}mB?W88Yirjz$q>Nw_aea6kxwOrd%Bd@! z(o2S*V>$B=fFaxwD*bRRZ`rF;M@X)C{d^g-STE(08%3f|#gV(43TRiRoOPM9V!fBh zFxJa zRX9Xx_wp2AtJ#UVDAL-RZr(Ci{IT1bM4#8J@+)qCa96*TX2NT`6#u% zANjy~ZP`0y?*qw0h?yW1x_1N(eS@d!j$C~+!Vz6HMOEVR*nGh@R3vU}(>wAUxfkTH z%jdY9-*89>LsTBg@quWw5dQ4xYr(MzgjlK!C5~@>1XRUk-+{N~As?O*zJga~5lnri zh&Eh3b*WirROiojsmG1GH|+cOff`VOHsgFC_J1sw$7BCTlUFqkc7P?8y1l<+Cp{ zyfB}ba`H^~{NuVnX>6v6*B-tE?V-d{ztnKINqjkO>(B>03OovdgT**PVv=NvpN)lq%5a{)Dq3wDDmJr@1dhfZ3-TdXKvxRgH+{Gza> znQ;I!8?VRee{A|``*UOc+IHRNWLbKc{Q$)v`9QK`>7kP@-jv>kO!{ubiL$|$Gxn4) zBs^RJ`nz4E{nt(7-|g$Z>pZz<9mcinkPEJ(-|a)DASF=6eiVU!*vGB$`n%$dw(v%R zBvrK`+nIMGWsOH*wi@{*6RjcD8T|?6c|#uV zoGB&a<+;oa%rUg-P5*9%{A*+X*zFI1%4oA(Q`D67zcQOD9Lfs5^mI1FZrYvIE0ta& z+#Va0s2>4(T++Ts6p%q&US^3}q##^Y#0=X#y`e4@#Po!1InZq;)PfunD|M6{=e*Yr z^LTvYN`9H5H(69@nef@8i`@qFfS-?BuzQXMUM7TqBSHp^8%%1SQQxv;pOQoK(;}WJ zrnG4j5%Ak@FfQOt1JLE^m!0i7loHEhjwWHS{sz-K-W=u_j&oGYs&&B zy|8I*@&5YaA&=9i+Q)3@mjrr~t6~#c^DlOugPmYB6h{)z5>Z+;j=hX(dp+-+X-H`2 zZHi5NPN0_ol5O7#Uv4}$t}#hqXdUoX6dMd9ugT75Dk@o4tmn}-t>SirSOrc&tOrr+ z0@5B#jIXy|m@*wc?`Q`!Xh(8DE!*`~Jv5hYT<47EQtG z?VX0x*Ar>ySbV9_ys4%`UqC5v(A%VU9$i8y4Ggd;h?X{g2B$dP}o9c-TD1hrS8vbqK7>>#705&dqlE z9$_VUWo*|j7)0TN2_%ZKI57{!ji}(c$2*lv7W8bt>$ypcO~jT7;7y&FmGWcLB7r6^ z1gdB1Zbs=ik;;iqrvPYeZIP%VW#8dwR5tV(x@&J*Wr5qn zPhHd9p|j4Ro@7$N@9HxS{EQMkiwC+g?S|xHnD{}cne5K|I#7ZY^qWQQY`(Yuk04(e{Y)r+As$iCQF^|6A=TmRVtRjvWdLeA^{t?SA z!+>jF-(JrSHk+G$DyCtaz>$|{@Um13!ONk3;_Cvp%awr3WTue7NnE@*FAjt~IhK@- zolzX&kIkl|MD|*1l+dq=M+I1Bj(`H26z@@P7vin?;m%HDuL7 zSKC)#eTJ<4e3(Wblnk+M_N$267kTdkD1NE*yZUSuRkO2L^*qP1e!Y@u6R)Sc^co8RTn?fcG0z0z&&{|2K$52a`GBGL=4<~ru18` z*$b*>AT6|bpO%y1#V6c-H?2nbR=+;^hz}i|lVH`GSMr@aA9e-j!}wyjZolX2eZJig zv{6*_u`%7MxhZzLWAc~cSqQXsiP}CJ`f-OtWtHY`D?M-ZBYXZ0a#_+mdNcrMEGz+G8K-ej9swJcz+)i*;RL?a$ zmehr)LHjrK6g)cI9wK_kHs40nf1E;XK<_MexF<=_QBS!Wy-y~j(FC+^+BTc)iwygv zJ)|r*XnJV2ZOgN7!@u)0tg0pGKeJLV)+sZ4(6U43l-}25T2UAod9&SFIP`nqu)NTQ z;X|Pf|IVn+w@Eb-u}TJc@tTp}xSV15YVmAjd3crEPjv50AyW}dVEPqPR z#K867UU}Ok^}oMAeI`}0Y}i)R=Q^u9YOrJcR&g+edWq8Xt0ndoFPp5_{i-A{5o9fr zdM}{QA3$-NJoYp~9#RdP~ZjOwMcXD+G+BwCEEXX8zo^UchPH-qd-k@_JjZb*yy$r z*!9eU&(WK)>Jq{Y;A6ny)@iFr=x9LgZThTt(O%krC5SHu0TG>gEbj*?Wx%(L52u`m z0)d_(_bz(RQXK$Xsz3cRKQDF_>x^X& zNNi({qw+@d?^Sf4hK&7mLL}_l!MiVA-^@$gPu~=K!_M!U8Prl3m8;ZT#1~y!ct+X2 zrcDs~XvPqG|BmokLOwmfMTnz}iq25Usrt(=umovAS=4k_m8g>XtN6VhhM-WdaXS>6pBy#Ol=7d_habwS;ZU3E4@Cb&>fg znNsOQ&*#0Zf}noKxt346tH#yitgNfI~=3;aNUAc-otI=M5re~p8m4TURMaDTh&jAdP zS>`dGgx{j3s1|(VMZJzSkMt3STyzrP=s2>RQjjaLKy5a~x5dJ3v_u3?I+NnHZ+%Y4 z_rP&$Wb~32ftHpFrYzY=d2Wg_x@lY<>(UEzKs{&Q7r}amg+&SsHONe2=%k_)h-%sje zaF05s!4MQxA;&zgn}}%hMn=TFKm^`2xBJWgO{(2B>%(ohya97;uzO+=S(ppKhF)&@aMZF(rn2kc0sVpJ&+i zqz%9PygV~#)-Q=f*yk_G_bC=D*vJ6;ScU=L?2Fubb}4pa>4~b?#CW#oJM%84p+DoQ z4OZ!8UL4wDi#~lPx}$Q6AQ>U) z!F*l2R?MG?EhqI)qUl;1Y2)#!lD<*00d=>VYo^S(yfR!kEU^AD;@J_XaO1X1`k2y| zkDgfzUq8kpa)(RrN)hJr{9Px>MP|@~Cg^=rH_?3Z{gb}?Y#M5)zOS2Uh0aR4GXa85 zJd3qG4b{bHpXa4I7$R}Vmzf~7XVXEL>KWH*rq1;TezE%N_VW`1F7xLXB6^*#*ONXT zr#p*{Gx`D(XEHc;*RkJ_@>VtB}H7H@}C_m~?LD=hH_Tmy}gw@693dYCp z4^q9chrqJK&3xY_JOITWARvV3>jkb{v@_VpbMKgi;?4&O_-83ej^;g^J9nXy_)`m@ zvCMVcH9X{J1}%~v`IZCPbb(VR~$HN>B46HU$s6lS4b z@~AR(i}R5nQ)v=tmzFLAr}n@V@0H)k{Z8d*_hA#}=(27wiW~L7TbAvKJvl3baqTcV z9q0WZimHN{*t3)s$pLeI{eW$2yHO*C&kpgER6>xzZRkPJ-4&{WJasOl1pUK$5lx&S zlZk%A-rgwYdrX)G&exYhEN_}V(-h?@s%&5D>OOq?BiQRE8lQsnq!_2BYUJpSB5K{O zh}#lg)oz!F^QH$yv+P~ON|NF{i>-Z+`|63ms-&Myl+DKt`?Rz``qkik5>Kg6ZS^lf zFUD&z@KSF-P$f@LH_h*D1C@JRN&Q7ODh{;-;^w$>{Em&;`dlh z@Ov&xYlmgr?Yee4{&eURNUM7I=vnXUwCv?0?(D+nv`Ys?eEkW6cjFa|6a((N+Ot_c zI)B|nub4+$^l^7d-j2DQeA21tHA|??shtsXG&p!a{>K%6a5C%5qe{XbChCljZ$(p) zBqM6xP@G<{%hP$he4?%YcAKEG($oZZui;_lUOJD0-v*=C+hL6*{9a|6{Uh={^DL8@ z6BRy-UB+0T_t%`m)co{UWxH#;P+y91oX9-9;iXH-bIA&uQQk`-#y+_#x4E1RywSgi z=znnXfhY(JHY&W0y+~M^eGdg*^!QQFGw?M6X51O2h(O%CO2RlEx2FKeZiYKa&0ZU| zR^BLEnmgl6?AVeyc6Rg)hE$_260hJio2~ervp8Tz8^(uZ<~_aKSv&;V&hlhR9$(U2 z4NkSq*A?K!Bl~!1o}8aJvD+$P$J^e!-~08EDkNESS|Ka#Cf@vNn$t@dmcCsUfGg%3 z{o513YPZXG4vN@!#(`1w2McL{CXy$N_DUvl#)xG=qTp@)eu?kT2ZmKmCKVH2SC@+r z7!HbqXj5m@gxZY@&q;Zi8))2@e`AFMvOhFk={A>2)_PjYL2!NH2o9Yk6V{3+EM7TG z+y~OX1PLJ#i5Fk?aq1E!ofsr>sBqX#^lQ%63&NDkr`1T=NpMaaTC~)~pElf?0tC-$ zWcyTMgIe6!h!EamssAb%B=Z6F#2W3lbwpIycdUsXJZ8Qta*%))r^;jXehDmSRuOK4 z2X%`7%ci5PgP%AbSh1$gyOy8O2-!oY7|X2u_jl5~wvqW|v@G75-)zQ4om%E0EQyj& zg$ZW$-k@}0TQN=5=`_tePeY8$U-z6u$WF`}J4(?EH~ESk_xZK~^<;FK)6FLl%I@@` z-`>+W$;OQe5ShjAhtO!a&AOSYL~k6|cJYRpDqpaOV+#i)bA~(X82cJ=ycD=4<*p|j z7$vq{qb<*~b&w7U=+kpwDTq68V++obIBO-f_(Ickdx^D}SKjfKxCO^%$z!CJ&f9U< z(IvVzaxqgr^PZSIsAAxL#L@zMF&nYK7-}BH(f8=)k=@}GM!H4d6<5P=7ILt7iIY=L zyiAg%yHN1w-U09n4tF>pD_KUQY=rEYoT6I3YW^^uAEycc%=(aG)p=bGkUG znCSt*j1)8^o@MR5r+VnSRMwvL3K;4?aJ^6(rFXsaoYnvd&DvXQI#u0t1t=Zb3}4iB z;62L=ug>`ios}Qtlie|}pQ%2g;e|>(2lsXWgLEDki`({$c-6GeIpvqqfv7HFF^jXq ziZfVnNiR?RiGN<3G6VE#iZ7*|AMw$bf*gC?qeDn~u)Wr2d$dyMMYA7xJ@0cs$bIAG zRTQ)eAFA!yv&GJVQaWrayIV!L5<<@6%EZlcacb^{v9IM1fX3|tIesHu>&jiy-(>W^VU9{tTAj6u1 zhcsQr#gdV%pQ6&$w|+E4okwi|p-71oYkzy;ZBah^eTeS%WJ`8I>!2k$C`nxx-{JHl zw9y-;?1l6uQHz2seSA`vi?b*Na!gNnq@(K*^QWLtuWc&npLi1Wha-pc8^jpO1sH@p8@I{+G& z=67pOwQtOe-5iIKI8E63HH=^ZhmIGmse3}?MMP=&z z3-f7022-cs;N#l6Q}6|4sCV}TQ^?~)W0SxUZ_@P#W)xTn-=1yo>i$w*(dq2S4f|bz zU!7UCQw*&wsMrD->%}#C&YM>r2cAqC+sm~U1RGK?BwaE}3nWImcVQ;1e5xQ-reCEF zhpAr5hrgb_MM&GDOubyur|9`03{n1Tqw8t+i}OP7XrwBtmtVfmE;8)ZogqZOGF?T4 z2)svTG#gAhch(cc9(iqZ*DsB%a2qpwe{FjgSb>{@_TeZ4qrXj>#1W7+;>vTX!vX5E zMcr0a7~rqeI{HF$Tdcb0KXUc!jIIH==Oq*o6miSW)TpKSo2Y^?f5II#!O(P$W_@&%zLn24_ivyRrm{(tqzWSt*JU3m+}SS8~NiR5NcA%%c@o2GXfqJr*t zk4y)9yotfX>4T-o+q+p z@->Sad_>MxE<9_lv!_@H+89!uR8!X|@|a(^AbqFh;0@r^xSc3#Qfw#t`Zzfkb#UQv zFyMV0>jgy~omLaXkztRQ+Z}I?bJWURi_Ugto`O{}^of5JOJUAG;tMq5hRIbUqyKi2 zHyCzjNt%ud=f+tz2Jjz+sN@46R6-#|@S7>sJ1?(YM#+eqd?? zOZ{)zFI0r1ezYMh6^n3vxeqt4#P#dmZUxws8dh58!+}qzErjI%+b5(3GH1+NEulZo>brzW!8W;Ae-rKt%XWb{sQ`)R`E%ovZuIG=O!PXmFEv0HNskY7h*^T};T6f=22$0zq z6Oh?pH%5lJqLF)ld@RQ1a&E88j=rbqAlA}X_%BE262|M$)_-aQ{;97-{T>Jq5kLAX z|L@(+u;~gXTWIH||G?mSJ7CLx;h@o-?yKC182n!dV#$0qAbA-|$Hx8hE&uraEV0dP zj{WxGB9CjYv?!3iESQlz9j>pOvv2NWgpFor|M;oDf8B-SgYkCJnJaex)i?rXigZ{6 zU*k$f3JGA!0FqTum)jJRIvIL?U)~-GTh1z!n9YrB5tX|r($9Ym^42ScCP|AkVRQ?j z!taP^Kj}J*)O#43xErbeZ)kC|8vu4asr$WO`?n929C0IyL)zX0&d#M<7&2U-OTN@m zq>(8NdZUH^Dm35Jik5kf5Rmew`0?)6fCC_ebL6&F$Xaf@;G{jZK(1;S3n=#dYKg5(-%k2Qaq;59*gv>$&z*xD@6GKf_fGze zUSRteyT;0Cf)TS_4|v^9A5XIFk>_#;tUn4?eReUeh3$||>!z}>v&h#-DI~EgX+2oM zp=BO7Rq2{6sM^Av#hJC)su-J9n^GOi+Oeo*X6nGKjlW?7$KK!&%Mi4SsWHS}9WTZ9 zXUj+Bsz-K$%yK&bFUpOQ_TIX!9LnEDa+kPw%}?gO z_h)E+t~pcpRdS_u`z>Wv_dXpii1e`RNqK-r1)% zM=MGUMDaDv9?-pEL?SqX%5o|+!PXN%a=YUj)d)&wQ%|8Z;@Uj01jYTsHoveSF1_h) zq2WUNw_6GXv6Nb)4sqpGl$voZGv2nJMWo`wPTKhvMcu>wuPLXKvuyx0d!enMB=YLw ze0Fb2OZ_Jq(i0LZaFQ~p7A8nYG2LL<_oPHGU4nyRH!7`nEHuF=i~kfqSL}_mQ7OLp`)@kRb=!;b9EKNmP&R`=j{j_{PslxWCWMOLtYC! zNAsosjVOeq0H*+wl4fXCKzDK&1Yv17Mv_X#{-suYVZjTUZy9+3Qv$4DF z0NSMHUnV??_HT`9yji$H;__ z;6hzJ35@=qV5DXuHUJDwWVuT9@5e!gET|b-(^&syBiWQu>Lf#u3v2(7@e3n{&T}c+ zDNLGY@gr@vRnYt^Wdti5Z;SQiySrMGhSgTFjRd5stE+`^eMAi^;8pQBu9{gouU3uA z9I?GlE=6t3(hnjnc#RiFJQ=7K>O)%t>r!&eQQa(2@;O;q2Vm<~E73@|vews1MIx@| z5wfpwUJ;HGApK4?h)YhtytSGv{QbJs`v0jS|JbcDN}P*Nr)?RlB7glMf&~6h6it({ zARks@2^9Hwi;RSuw2b)2V}F~2s$X7#lEoSNpwNdI*DPOJ!zh!6tjLt=8mH==Ng-rF zNAh{DO-Y0^Un7_o!9;=QpiIz=NOLpc)=^lEB&1fAdeZ}~L<68|vEoPl_?2E(spcCzYy$%=- zUp(>UE+BL5z*krJu!PUtQI6o3_gBTC9%;z~RjJiwbUW?)wVSq8z?HVEFnq z2rQBAi}B#r$eYByOZCM&=c&!eMUHBNEh$NcIw0^z(zP7KlP_&%V2pMqe~XOR-!bv{ zeyi+9q-dMN;bo}oAW7$B-C%JYD^?;+gQXP)+1Ycx9LLcQ=$pH1*v}t4xeRKZks`c1 zEo+tvgm$tkkG1SLnMC6L`hndg0McsK$<>YLwkyBWK(SRxx9k8Y^saj!SB@?KfVHU5 z#dbEt&T^-)_xBwi3ODgX4Q_3A6!l@Ubnjd~p|EO_u*EaOtHCIU+Tcx=`=|s(QdZeC zX~|g_0Bv$Zr7k9ts)w5ql3&gkIs822Yf>pF*1oF!BMJNa*Jh&Y?BxCLgQ|b8SNIKH ztrn!9c8H!&ovko7egvSYtsLNu-kzSOH!9|eITzvsK$hABOi++%A4DU-^F?y_bq)J&g#54E&Grswb#7|CNh|Kbx7b30Vkk*X6nZBmJnALX01NuPknTF;!NcqaG!9fReAK6CV&a1GERN z#9JV4Ya=|mTtSC`WqFoe-CGXd9oX`*akhtXWw_*i*z!v@GG}y}xK=}@^{CoW_s6k1 zjq^25O}9#%Rpi&t!9f!+5i~{DUYECYrh0r>b)B@}AfAWwiYy*MXJH>EnS<;ouTMgm zA)|vOWxAZ$uiSCSjx6hwO@6MlW*>sO=IdG9qH(52xhuCp%_@`*WB2!L{f}jt4F(ou zN4jg{FG8O!33gDuoV%#_ zlgL?e)jvl2Q4vCV#m)R%wOYs5Rg}fDxnpXSG1Gv6QI1_wyN7a`G3FDt0t#HoUX-aWfJOd>Dm7s^kz4JntviXzu)=Swi^Z9;1x-6OG>s^u9&ae zbe55`zWtS2jXcNug{~nozRd!a=p?}x>)v$~^{W<2zk=u&$6_FtijP^bN>#b@nkqWM zLBfW4XkGq$?L~%3f~F(kLGoo`!M)>l41$wU%1|8ujltiD_V#Cc8f1T#otvW2)lU~8 z5RbT#I^Ff{vYfU(rjkWx^M5~yS$D;O7C0ttu0H8c-H_%LCO>dY{M77teb%AsIdMVu z5_9$ZMAfU}#!c{uT8Tkzi&1=>= zI~6nh)9qN)4S7Ao`g`O6{-+sz9X!r84g~*N+~jykCz5B5oS-ZUH+nORuDI_EH6zGR zek^;|MW3TBIE|{z36+gL1vlIkj-Cq@-46tOkE=R6l)!V{u1JPSFIv*EDV!RLeSy%Y<>%X^;$O%h@1>8`f_9^`x$)wkE?8X^fl}XD{ zQm|iEtbJkvs~sq|vS@GXzdUc33~dg3lI~rUgkLXZ$5)ZQGxV(FZzGBSs62m$0C&TD z$iV*VpNk>c&+K=@07wTvGRQ2fT119fM2Rwl)&jVk9*AMp=7cXS8sbtJWDW~V&{J3> zg1GZx4%-Vp+npD~YB(WQnK1<4Lb_^R5YQ{ravVA}{{9r2{z`{!qfBhFSi^NA<)znp zj%tlS%m0%aZj`N)MEj#i1rlKuvZQc6v%a?XaqPz6} zyXXV*3wAS{#Wb!uC*5 zjq_xJ?*9MpG65tiGurhZe+dYW)#DI9ClNo`U-=mcD*%><&BW()+5PI0$Q%!;eXzg3 z&;tmy6M`5EbPA}33r0hPo=ksnT3j8rIe(Ih5E7*lv`&$o>`ql`IC$M1vQN&{#!iqD zHv>Owm8bXq=!2fJultoOF8VB-GCJpctIo;zjo;W2@y2YihoRdy4y@z%rUGu=t~kyaB#uZ*@xGu@A~wQH2DQS|ht>tpP7 z)=fW{k9&=4pVXpPNlr4TpIU+HY#R6h%?>}ndFQOs`sZDs zrA&?Me`kOHic)dJ*KBJA`LjoV<-=8XupZAaj)2~|cPy~L@)E)@mr+qnk>JPHBZUuo zJ{3iV@iodaL^B147PCvCzjg5{Z|FsDxR$jJtqVToEG?yY+h z;rHx*_S89IF7#R2cLLSL$wfEoorhvxh?y>|zV9sang+@}jnMBzfK}4wL(SyUt|Dea zx0u!BTvrpHZ6x>{1&K0*ZEnB)EwxuLixCuY+enDCS_mT8JDI(r8!fn-o8senu|MTJ zO4tLFq<37+?&8YglZE+9$(7xvK7`*)@);yC6T5Zyh_z>%| zH`!jP-Dhd99SDj)*?_XrWe`J$K|umVtiNtmYy<+JWgDxy(L&Xv$E4zi>_Zx7u2&7|Hc7OdKMvS0A|ZIQK8X9t^{UTB{D@s;A?M!71~@q2K` z)4G>?S@>};;~#&u`Ce$CsdaB`g~#X_?eMs+`6EUSh8VXP<*MUs1S{6bA;95FPjNTr z{@vL0@w_rWrRlvQJFCjRnb#J%D>ES}Ch<|XfmB}GsfZfyR6F2qd~eqG>et{gDGQ|o zpdm!V6hK^4!^@?u<++KhqQ^xhE3ED3L%Nte(BZWn(M7NtDXUeUqOjw>5V`XKo1-edO zCay`WZQR0v9ZYv3pMnbJKPW^tPf4jQ8yF&B!|50@ykFuexvp&M`i9n!%P25oaF>Lk z>r+k9$*xz%>UQY`68eS5ZgHPaURGW{2u?`jGfP@z=B`X_CdmH>C@G*%K#bjs1(g;V zc>ixtOBeiywfD(Fi*z`-97#4w?^KCZprc zM1Eb_Vy4(xvrKzn%#88LT!tWsRjFrynf=*BJBMWoN%`_i6V_=9pG`vqK);#pG{ z&2SysQ9!eTrfSl@Ki3&`qSrY1pnaPh6jd@HvUHw`Sw^hYIGiuiYtfmnCzS}=vB^8| z5iC_4rCn6b0tMCgvdz-P$TR9P4dgqkb8v9QGjO9)@vH%%M?_d{b)-cKjsuP>P5=Lo zT15>0Qn*^emmm9O|4yTt6PQYMZxnM<6kyn}YGPU>^zwjzkG#|_s@J`-g03aZ+Jc3~ ze>#j>d?ExfrY>`XuG-9mqbNiZ_6kkyxFE*bHxc}=2m)jr;N@8FiY zw1^&1aIbLdf0P!{y6U<*)9a3QG?eQd;}!RM%+#_(IlFcI{JV*QCh; z&pA{0K_DT}@Kc*Cp0p)Z=;bl2QrTXFfg1IGz4979McLRhYo7N5Hd|C(nO-PB0qyNh z(eJ(xq(P>{O9SwB&P5}ch9=+a))H%*ovM+Q!16GKX*lvzvB~FWG>*I9I~02$F7Mfe z9xY!A&4kDqs--$++s1PZ}cupoou!S$*HTS$W0Y!5#y(_Bti^w9hc`q6vlxA+eXg=;=`j8gNx zxtNJ^iN9uV{s7xlRd0bQfCuTw64utK!xc*@{I-!5h0-E? zamfhZsc4z%G}**=&&+bbR zTMCRY?DJIzoBU1H@+&=4AK{{Q!KAS|=}2oIre_p!Q?s`O{!x<=nDq!@iTZ`PT_KPD zDp`yYZxlbDsjT9~Rt*{+`Ow~DVsDr(6N@2oUZJqRHv=}~AWW?7i zfxdV%{IycH^BceONcfxIrO`M8C4@9zheBU`sBJHPoTw#t% z8kqlno_NGEWg|efjruzLm4zYIw+6J}QH67Sl@}q8-l1<-aG6n$oTaLXs=R<$<7I!S z%512K;Q)V~*D|o}N-#QCpIgGO!cRH*$HYvs<687(=`cI0_0K}$#chxzv)#ZK%_)y| z9;Z&fLGx=Tqey5_J77PQn=mhtDsJ=oa5CEz)*x|G?X_4WWD**gTBrQ*=dC)yCoaOF z3Caj=MQqO5>Q0Wj$r&&CAFQe|&S>>fXzY63vxT)5z~KF!ac$m=0mq$##`iQJVDO{d zWiwQi+`_#0yN3{?N7J$uck_e-=$3;$+z@q?B*(Xd9eft!^%gh@I?00Uf(&GJ_EFpQ z=iAY_j(zHovo}+2qsIN2GVduLlAL`2a;9R_mPbv+AA7DoY9%d0s2)9(pcMn_DtEV~ zhToW!ES|C9MKb&3!z=7(C2}}(_cVk9(ZZ`4l)|?9+6es%piR~`0%|}{IW*<5vGFtH zv`5iW%d|yBMT43+An^k3E8!3N)rAAJCRqrZSW!FK3sMg*$1N4P(;k*3eS(HJ%1jVht61|1)~oEArs{Q{~G`+Hy~5`CZ;X-In8TxiV%QPxzdlNSptEe0^0wTwAtn1W%Ac z0zpGTaCdiicL^Tcf;++8T>=D$!rck3!QCymyS<&hNBW-b`@U*J{Z!SOb4?p_j9<2} z1X^^N1gcs#{3)Ia5o?yNml8)STG6p|eQ-7P4rQ&svgCp^vF&(1(L!dGk)QAo4HAKU;RQ_3N5n zwCk|;j3sIMa)@nIz3gCzd!D6)7P@729e>+9-69&v^xRoBBC*oo)krx**XuSPO!{uf z7+>Jd2Ou8Ut^ul{Ml;@_!7ZI~pFd~;|B5AlKkxwq_m}lpP8q3Ie+DBtAOj*^XDC%| z<7YCRm%8;#B%dsQsIq%}x0yc05tIrP`4I?qx0S=$!f)DW1k4`K5L&`=oI4(FE5d#b z)tCtjHn=Q&Il?t(^76m>idGlgDOI;ON#19z$xowuCD^y&wCv8o#b;O2@A- z;!!O^dNGBuKl^Gh5L_xc=@eN7D1AuZe73D#^3JJWI%Aep!St>9}<(!C7Q2BcDvlo-%mY1=Ycn;MUy~v$x~) zOs`Fg?VW9vrzSbolkq-L23UvZ^5h3UwVy0trj(aNtLv50BRbT&A1l!GVvXQ3;l2^Y zyE$=mLK4d2b!Mg`qA0}K0P@Z4fsW9V0hXbBq}p7o#acn$JF+}+L(Apg${cUl7kKv# zKXU2_tr4GX&qOB_^8cyU>Vd5qEiJc^!@r23$SR;vK7kmU$Yv}__KeSOo-%!dQgmk{9QIhPa1rD8 z9X>UswSxRGfg&lZ|vqh}O7KJZtXfZQa9Bwe;_Ws)fmX+$>hs|oq zu@8J+ae3!$pXHn=|1!z{_3-TmAk@=(xErGW;~V)Xh<*c*H}dL)!IF&=Rg(@S$TyrI zzK7C+#nDac|4(Li`J0)KhauyCD6xR^motPbk%P=`*=2j0!>xlS^jW*0Sa@DSeX`@f z7Y+&^oo4>;-;hrn=xWvzU*<*r`2{7&e7Zw1djT+2wtznZl8>gq{cPanAru^Z#Oqmh zpSJY)nSV@b|M=5qT&n$*jp>mGLDL^SN_4bWY+fL*!Fb9`mc(OzdOa-K=5}yx4F{!>o8a-UIupmEYDah`;bt)05%B%qbbPN;Pg@+)#7o$gUkrEvqqPs;p65C+Y7@y_D{d7>O( zlbpTbE9=1tiup{uiG#;^Tj{ja1K#uPPK5+z9guMLS*D#eR94tERw7LdIg!sp+1a0- zab9a>A(Q*>Fj{*I{<=R9d_G_J(@_5NL$)FVpK&EHrS9)WJFsmNlbNDv5SW#4EHMcy%2)oGbrv-F>V7 z-ILOC9XR|$SIab%V5ekTE1#WT;6RTPk$ZOsi)KQbO5 zQk8TL)1OZL>)rBzL_J^EAV5q|q*R*16Z&ypIf||K!hKluLbyw~-QY#?;Vg+0*?aj& z%Xj8pJ34ma7l8Vur(-A3^ZS9^8_{$S1J&h2;E8q3btZODy$`WH1SsHNd)-QY`Sp{Z zW_v4F2F{P@74gJ zw*W_(I<|bP>pAiA2>ugiaHqrOx;D11)Nm;M^Lq@V0oh1q%JXcqc!>(<{>lRFd@I!H zB9+2~<4tYKyl^ZQD&}$n00pe+y99KiC%&k{y9mM{-evYU?anj9H|2$!zpJUZ=v7WtyzZZuf`2hd4k>@bDwTbR3*m zhq~50!s`Rc1S)Zvr4(lKydS-wL0H=_5TR=qI|;?T5Z!QW=J7_jMz|`t2kEVHk(0-> zLD~sd3srS6?}%otUV8A}Ybd>hH8|si-HH7CbH81Yy*EN0T8%*`Y%U;+LQGJD=i}XJ zme4(oc4L{h?Czojg z0Wn1!7edNkCJ=^utB$&k^;5gXRavQ2i#$PGtwg0tgo_;HcvYfq3*_)US)zCt`A>VQ z^zMC8Y|lfC8>IP}_`OfRMCC;RBogWde*Heg`L3cjCI>Un3OTq{Qh5~Z&SUU$rdL*m zlNyQlY8H$7+PDtTJ1fG?cpbq>!y(zO*=)1swN#8Pl}A@Dg|!P*y4_U%Zmp-IUJ<`3 z9Si^z-9F7UM{?E2dl{SrUtYNF(5-JrWG~a@27VAvGQL=;G#V@*GP!E^c^zw?V0woE zasu?+$G(fl{-UDKRFH%m@}r)vxnGQll7cV^fekTUB-{qLQa}hYG-Hoa$mq(aAoO!n zTcW9pjQTP%aVdz2ja+0+u){Yn@w7h3mY8UYLW{LQS_$(2wLdX;!M%*`*x2& z^HlT2e^J^w2b@sdZN|!u4{~z7cE-QOZ{E5mt%K%rav?FHo!_E4{|D~Vrv^COd#S&& z3^HRVI9Mu^kv*djcq)_cU#6z8`E)DfG;9u)Q`#y&(Q(@!f8GRON9QKP!LEonT^aWW zv1tjo&i3r|*Sj;c4SdP1nL1rDgTsMG!$ z)c{xXEefM|Hb5NIim;Pc$P&Zppu~H!_psB~J-}ZPVNuwt;$Bue1 z7hn|B1_vEWA}w)wmda9T4UR48}bGS>mhs*#4NlpL`E@jo8`NgpT*>0$HE-+AsroF`xSBUHVhj zN3Qc-G_bv4Td2yLrGK~__HUO9_q6#txor)90YhGxW5mP;h;TO)1aUG@eBRcGRu)+$ zPBW_*&|rBdi-AI|86 zx**InEo8Wf@Ol_iUYtDI9bBnA&162_^q$6MK6Bx_o$%KX#k_Vl@sG;;5{K0w2R7n| zGdZ-kq?|c2iN0bNy`SCpejT&wwg%8lIW5^qzD-!2gBT5}DN6`Gf%j0ylYOoM65@~f zG%k)HWkAIsrAtezeTazbycO;ObrrrMY&Nw14&rwY!2GG;OJspj7^>X0(#qIqQ2ASI zqUu&)=db^C0iZShOun6izKkQE@X&4%shQ+sH1BtEUw+11McefP%2z5$xZId~u^ATc zi=5f>!mVD*9KkwuHiJGgd-@!2R(i55w}oiSCPGg-ml`dWja4PSFKZ`buXQw;wg%9T z{uuCLhHZxV8uLhY5m_q)>7~y6x)IT}^w=(%MkizPB;r3?{VOs6KEICf4EwM6B<$l2 zGdM`x;$$QhOU7w-q6wPX6BP~ac$=CS-@)Sl>Y?ah-g=l)@m(FA$YPDl!}RBEYx=O#6>Q z(+Z#Uug)6MiqN}Oj8IQzRjtTVdDG_$pf9(;5ZX0b*?Yc+T&XC!Iez``ao$YYCoPUe zN)N)b!as-6ba5N}90NFy=A?vxjjY31tTcA7*#HL=BXYRBw~LJ7j5o~iw?Wiw0U#|k z5q=vZx@4oE^27O>(8JmV$cGCC8AAjb1B7*^$KJc3SLh=+0`eOQR)wvC-+J)EzP=yB z_QC2%Y3}YNXJX4rH(e10ScK*SZv@?7-eN`Jwhis5p?s~}kl_41TK7Q}_jZdB?#Z61 z@!ZY(bqP;BkTK_}m;L!FQuE*IZD0?s1P_B+!_w~Wz$5hy`g7|OsIylJBWIYE9woF8m%hC9rbWP{HI`=Fff#* z%`Hw#gfh`-b$3Y-IcPeWX^V)B$4T<(c_K|i2_+_uxlXkCy0nR9G}o5l&Y+{9_E|_^ zbBn6W-l2g7hr->OXe)V`M~di1p&*t)5%SY?fL=?L(AUdtH+M{GzuIzz2M*>=`H92q zi$)#Oqn=!1d8%SJOcpvJ#!HNsNhhOzQXX;;bFJ!RxfFU~y4=-mk&=%OXJT6_NBJj< zO$U{d8kt*gz35$9wMH#K&!*(YNjoxheq z}{A^|%UA5|b4 zAWGsBme1pC0sZmpBH5n^f`idMwh}(5jH|%8N^gxk?9zIIw$Sfv0YXW6bv-xH{<(WU zyRIXrK0@0P+_W5knYUAy`>cClw?Qu3CjQ}Y?$*Np;G@&w9m2Y?5xfr~@eR-O#YBZ5 zz_Sx=_c9Y8;1iJ!P7NA6NbGDkGo^gXLDYvDlN{9#*Xk#1+)iMNKla6XOFpj+C5W6# zFicpjlt}byC({cbF}~@R4F0m-yMK3(E3LaE(bkC5&rL|XOQn`DjPcfq-6?7G4z8}g z<0kymp!L=H)BUk1KxLrNsy83d^m}n!_Gpt8T_4*A8Yr$XzN*>1>oEE^N@>~l- z8`-UAG4~ZwB0%1zp#XH5ub;S`J2J+@dLYM;VDY+sv}B3;e#B#>Bz=4Ahev(^N35wT z#?o`~u5jjUqin9DkJgJ9d@sa>_?2i>ze7h1Zr!7O5EgNr-fie+gw#HT3u1@5xV|hd zh#$5sMXxb%bo(oP`~9$b57a^r9tAG{;+Fj#|9yrfzDd1D6c|Z;4STZxk{;i7|by1I!N#o1*7h? zWL}0v>VwMfvasA@pwQ|qMYAeZvRKkyw>rY$Ni7j0>XdtNj z0#ktQ)@|3iQ(m#Je~@P`qx0$@)l*-$I(20eMFdLZAQvC%jer1=1<+UL(DAsO+Qc>H z))Dw{an6+P1=l^<0<7f{!)<^a$;SQWfmJaf)LE`;XW_9MvzjASj4zQC#cm@COZoMx zAZVX@H1jvFR#TXZV{Zmqf=rLRQuD*rDO+!GR4K^cll;=*ki9-DO=XS5c5NUDg*zSA zd~VNetRqTH6nbe_Bc%H@+)<$nuyqoUr9kJJ*I9KiAnfpqb6tJ0`NshEW7O|S!E7N9 z@gM0vnJE;OO^HU0##;g&uHa@^d}ldSZ}{6ZR= znswFN&pSu;K@WLtAWx7L$OI&w97uK_0p$jzrd1hK3fCHhZr%3iIH`1F2~z;lhsSyR zl@pm~Dx|&l4Z`|yx=II#W3l!3K=Ms&LUXhV=ogT&huUHidCFbqXL_dWnc(=LXmwf$ zLRNKJT)P2`-*{lFz`^kR$P-E$FHq1DuYzCLOVxYZPLGjvs!cf78fagIvJG(rEhYD9 z2{m>P1MWkX2h|!=ps916czb?+fjVTk)Vr5&vfg=no~>fJqp6lle1*mY<3oe4PM4!E1_$l!5sYR&+>kQM3 z#^Fahi~Ev7W40E#8!2U&`FZ=$`Bxzt^g{Bip0?BKyXvmbrF9}6!ei}-S|Yt8RV7`x zZo$9!2>kx7!1jhO$plXQvg#D|&l=AMEbyuHM$~3AC_lrQDuTThpoQ+Fq!;eafD zm&D0x-9l|ik`-S*s1B!V_hRF-9$ng+CJYm36OOP!Ze-CCJt5I&Bp&r1>$CCGD|TU9 zTuaK1$PQV*UMeR2^IA(qEQvh=2>&kVj;r*cz2WuuhaU2~+_U-V7@Ii_@P+$UkTyl4 zi7b3DRer0*iEBkCe4@%J>%Q0>R5a!o`ZhWg9MtUH<$nIkkOB7%VZs?_s^~AnuE{Qy zM`1jRNV-Am>0v(|&u3mh-^N&Zs^wI;?#qn#m(cINuMi{(KKPc-hJ@?G?wQ;ddNs-M zzHWjRhQ`1!-9?Q)vikmXY(08#$}#>8X+vYweka4;v2AB$`TFR(*_cB<{A zw>68Qk0QZ zOVzAs+b)_B2{>jY5-5scKe6;!=ph*(Ze`(4Q*6_13(gA&4>SkR??gv_3HyToeNLot z+|g`cuu<%mt?o?bmRX`{{cgXsM(ZRo-YMvOGb_h$d!lp?*+rk%8RhN0^uF`E(vFfJ zUcbu51-x=Pl^+d}A`a;z(Rh6A?@mL5#+WGthnz>m1*s)@S{YAd;Na)=xbw^0BR@S< z3u3?1Rw0c*94atyLOgh{C`Vk3awwlstKV`F$zy9>SxA5~lZCjJsQkF&DpTqqxS71! z^7L4Gx)!K;oS(rUwxW5|x_~r3oA7I`KsD2AS>p3yI;C$?IgC5OdXrL@snh+zE$&Ov zc90F!-!H4j!tL;@ZJ5^9!+-z(>eWk@_cLX>CR0LbtylBU7VX|oj$)4i(`Cn`Ax#}X&EC)=0od%VQCh(x%xaL7XLY1?VS2@3->+!Stg@cwmj-Ygn)46vr=Uq7Af(3 z{BiwdYL0xa>Q!uVg}LTZt=y27r*X-(`1xoiSY`B?gd~59f$?pGJ*hb=63WMHniVx^ z5+}5^H>r2?n=m*hlGW8a!B9frVC*u*gga-w;2E@i2`&oWmk2E%LAu`7!vd?eBfwN5+94>PTJ@w;xlJJ2PCrUr3k*Ynz2-rU zYPNBWS_@NIo-4zoUIvp9Lrg83XpgH?(X)b+mdjsbKR9q_#_l}tg5zlvc^vR3y3nT! zKiaADdY!JL6yq`2=|mbqRXJUW#EmGbY_lY$gj05RB*mYzw#vlsKWVea)}%iPF$kF_Ps3y4xY{V zi*f!=lNNlac@WJ7yu~k4zq8Nrkt)iEXqd^z)DwQMmFzG)NV8-Y37RD~C)fr*Kd>uh z!2Zl5yAX!NA%yJe<&IP6O5HpamBXwKaxjTrV{km*IxSb6b*{tvcRSyWiI%qF>*SPK zMR*gf{yvMpUZOlfHm}$omvN4h|9*$~Lwf*Og~Hq>F%QKiZEC6oSP;qD`bS*2f{y6~ zn=J9h2bUcFhnRN|asmjbLQPa@w`boXK=f6l^r3_TR8>RD^z1g0hxF{Cv?i&MzP9P$ z{p~TFjjYqm74dP#WbhfQXRD*Km5GN~Dhz0C^B971`33NdS#2n_iFH9bXaw|04P%w( zDA$fuUzJ*vd)&(SeKpgDdrQX~y$;IGkS)m{HC-+gvD;+mB{f1X@RcjSKa$nmnF~Sb zx^Km=5f;|zxKWo(OtPD8icyx`iRBRFVC=h>Pv&)*?4Sy_q_Yp9k5rSVp3v@St05R2fz@yn9D(G>NSV1=T&n0 zmjUuM!qN&Nk=YK4iAqaN9LUvqUsYGlPKJ4CuGM4aWNExmt8pTr;C6;**GD+5Y zSqdDW>SS-pi>iOTGypaPeb{*Nv^k4&uT+AoJw+ee?*+NjkHxeHJ^19gG=vx&1$IVM zOi z26dX~Z(N4T5Q~OYGq3F-UBQMf2gp#iVwwRY3pdg$TL0K~7TtV~hc$WV0jtC`0Wz4O)9 z*3dTHWn42Wo=q*_>Kk9FTM)qX_ z8JnWj(5CU1J6|un&#W&8OFKJgjjHw;9goS$^yz^7+!bb~bo;nW$SklAmd% z`lf1*(OAs@)DX4jB-yR0EaXl@?l;^m;IOv`PUQHxVF*%xW~NzT=ifps0La0k`QEYQpBV%r=kkr{-+njqC*u+*(i|rhb4Zn4rkxLt zYmpH$j)7Bwn|TN^dWwge}efcu8WNIsT<=N&kkdd=(-E~GGgE4VCZ}l8DYvLWQ@o5K#lXDkEpcdOi*7x zt4$*{HRwU-WA0H9y#ZC`9dhuZijYNM1YT*24%ervqyt_5};SA@_RO{f#t_CPDRZjJ78nB-$FZelU)tM+_rLzqD0Sbx_SX z0=MCz2#F6YIMPrc)TPO;@!QjY$i0Ya89>=vm3@$TDen=}w+RETvmJdnayy>0Tk19D zXp@1on1p`e$#{-1Fa;!XFWbuaO@}dA`_FHWU4aE&R(Q z+I9WB`x=2B6+@7C-(p^1UA1eCx!N$c@|TQm1k3}VCG%A=xp^brDJ-5b8idvty{LSIi<~3(Y8=;E8LE2guy!Yp>ZW2D$%|+hhO@? z+0&)yD0y0gSfp#AZD`yQHW2fO)5IP(uLVTKU%@YzD;&jI$2QglDK#+)m5&=!7KZYI z=tC;sO)=K;U-IRz7v0j4n?x3{%*fk%?Kf+ z&)@F|tU5wD`HtzhN}*SWR6l9IUOJDqBfTafc=%0p$~ZeJ54I zl{qZNC0(Qe?LCST*_gDW!V){ zZ1$}`>&jalkq^$S!Cd|YG&I6gA?jk*=v7#1r$XFna$a=NwYbrkIho&XbKpLewCZ2@ z!a`XPb#EO~CQe56#*yl(H{|zpdU(H(X@^rjK__=amY3R;gftFN^lP&kF;Egf(FxIB z{v^2bPGMD(;AJO$Vi+)oTN_hgH}DXKlFeip4hhA|TPgwX28$B(is1Kj%!X2A(7}uy z{+Gy#^EyZAubvDm15L z4&Goy!oe?Un%U@@~-*u zea6qa>1q&ihNwJ_^${#ke278oOn#z?9o%~6d8|%%e>i1PJc@JUy;SORiqPL%7fG(K zHy5Ir&?Qqw@5kCIM60oCP6#tNV-p~G^kMUt>)!4cX1wH=^g7+mzcN~BRSBx^2Ius@ z25D*}L1MwI>q6|~(db_5vQ|(AF3eldhtycY zeZmPKv`IYNWIo8K4cb~Eo1gtRGdNdcV?1I*OtJi9Ib=n-xi<%FlCc(wjf|IB;yCbBfZt zW=0in)+pR>qa+8vatht^Q5!DhIBvW()&%QU`UXt~V$eEADOL75?V^qo1!KbxJGUy( zL=Z9)vJ*B*2EENyW%PQSvTD3Dqtva)2EBg2#ekq$ptSscLcSN@oV4%qjA~1p5_7^o zw}AVx`TW4Kp}}gl+Ei{vWJteB{<4`*h{2G}>3hoh5o&MZY`clJb5=Sz=42RY**YaA z20X59@NpNtRrcNaJ|6VxwXT=tkMAE~G(THSwr%u;S6$j&rb+H}X|`S^XqM!hY#<4I zqD31U!m{7T^>-+{Kdx&Hk<@}%%*l~HB0|S&p0*xJYAWap6fhVzZ`KbpSbjo z19~a?0S~;2u=>SWv03u(6D~K0TF={r*ooAPLe5+o|EzqX#!$R3!iAQuS3Jyn@mBhE zoKKktDOrbwgPE##Q>VbRz(47vu*|Htqq@hp0@qQeB-C(WMEfi zd?16P7MF)NQN&pZDLHtaGjTjTtb;|xP@Nqiy<4v!TI5Fi$eSRZ*m(~VVOOQ=m4 zMIW@1rqCf^ww-9_yo#v{m47ZsYjP?K_kPn%6j@3CLioFXTkln!8<9OA4u!DW~c5B*@yvR#ez^YpeKO*(&hYO`9*T zcdxlhkp|cp)o6*nj*@?`7Ndq_g#XiFb@2P_@lM|am? zysppFCx^|}bZ+>M3y<$k5Xc%XoMf9t|LqWQ;JWHPIY&a4jWmmz2Jv<{PZZaC+!v#G zPeeC~{^+yJ62O(ylxR2g>`j-NkMdqi$vv`|x+Vn;7_nHaJ@B3IqyDgYy4gTZAab*N zn2F?Z9nElGrw7E?BP^rLn5Go^c$BIvNZ#Tz^#xG0S_Y1!TQ(?l*AwHDoF!oHUyL2j zLo-w#!xE@bcPCL(pV>@@y?1P$%!d|YV@Uv*mJjv0iMEeWKrN+vlNIL2je{}YdvaS& z!7SDoyTKl$zE0svZGx@O%h+TxHuRwB<3VO7TVGwzBX&;Fka-o$c|WdAf+F{*_8&0F z+mizW+RQXbqy@Z;-_<EQx?y6_ zI?f=n&K3eSX|6C_Wb7H1uyyLy;cIoNyF_p?X(&}XRV5BZjd$G0%3IveiD{mV=@TtY z@uDroR{?Lz+&1SMO8c&}6=a_iU@-R(AbG-4x?cSsS+pVLl%Ya-1UZ4obyuBU0gI9b ztlEyr!@yQ;F7$IpZ({Lwhvqtj(aojJO7kyjs_gWhvko%*Lo{uS=N%R(_I7sz$ARUEG`pAexZ zN^@TtoSQ%Xbl2q#FqdWYRg*-#oS-FE!OkPayA9 z-ibrY2aC+LdNrwo{^8C>R(d@BaXQ% zETPltEWVR$sT4SZsS*zs9O9nd(%tH`aXMK2N@?n)V10JYswiQ1M9BezS7TrV3`1^hmmV_eoAkCi>53p*J{S)S5OeM#i%V~MDxmOC65HZ3^^LC+Bh;vv9Yo1fNe}r5wPY(|f+y~)Y=U4K>j!&gd;30Wi5z_@S!^TT zN@law@6*+3i#{(tHpdve#RP4Q$vyk7tyq?L`3q;C^H%d=9qn=if!$)_7MC{hQ&*6l zACJ8RwV^K?NLZ@=X=qW=C^pbGB8{m$@BZx7e)vkn=gz5x2S{2j14;!J>eZ%Uui#!W znJ1K>(&ci^U^u>Yaa?wG7}1;Amj7!8}uuuMh>DYAS3}Y<+MfXH=uu%60wlDOyXx z`nbbzkB~cYQD@@XqBGWWz4E<&5Qq;Pk0cmLfPE4@-B1!X(8<(F@A4pH61d7OxJB_fCC|- zbXvrO-!cxO*+yeg5`!Nuy=XC4xe!eqS&6TzO@g5vUY;z?fsC1$()27+%ayBEPMY$6o`*f^E+ zyoW!{#VpP$cL%pAZ#8PH@Z!9xavevC>>VhoLC;ZMHF0CCpEq#yA5LKjn8ZFQ$1Mi1 ze8!ptj_$XnnoKy=+o0Y5u)?e_^oKBalvPC{e990uoD_*L@cCe$k}4 zvwUoX`v)5T)5GoSX+1_Bz1Xy~E@i{m^wCaN594}Lch4KCsCWC{sczTRQ15^B0x>$u z7UkytsW)~=>b)r%WcG>cX-0n|z}n}{i= zhE-wW=aK@`A1S4`j>m{FfsuwTWM$dtsOSYLxbSv!;|0v9ABcTps^rE^VUAf`6LJ zs&3>9oWdx*dM2)|$%#_^Zi%baugJ4eYdHt;iLRP$tpp1jk=*+AZp-zyf*;0g&^*uj z^XH&39qItAm>4;gau^&7i@E%(Efm`(HJoW!)APn}O5B6ri{?I5B3&m~L{+M%D^jGy zD-c%fx~!Aut3_uEALi@*uxQoa+d}IPL@+5_q!(Cz7qj1w5#lALJEz1gW;#p35;vzd zRpV=yBc>hITrKD+W)fivn_VBIe=HrnFf^}l%|&=!)U$#UZMvY?hJ zlI}Dc1omI_=b0(RN(UdJV|TJa*L>do&}K}s#{N|wk#5@FD4iLF|#2D@Xr5ajX-zligSdRkEd*)~2b+3_M{ zJip5kHBxYi0%u=^^vAV#*PehIHf)aUp(HSWzv7&J-+$KC_%QqTVDOKtXq@zw%!~Zd z`}LN;t5P2(xUS*ehub%Pi1Pq6RDGu+y861H4q!rpOD%5$>6kkRVISb?b-$RtnXTfZ*?v zO#16tzVk~rUCP22AVn0_(XkH@dbqvp5U;Ro^fwZCAm1^Vd2jC%^xi2<0^faW}Jg>16|*J{Ygu#fG6OCHMS|Z zrYS|t0qG#@CbTE?KL6EfpT=sv9A%xb&W7rRRzuT8ZB&@bQJ8s?7MFwHr!_9wk8v#l z+DB=P!(%p6`VdDLpGc*SI=Neqor`?j_T0)G_eT1TLGwDOHb>sXlzbA4z_j{3MjNB? zP&q(h3=_ZDOW=izz7+N2f0|z3NuiR8U7+uneApJ3ct{|U3zX-a)J-juOf!?n=tWrj z>-=1Bxt9!NQJ3DsK88)5{uKux7TEFCma@Ogl0Q<`a$V4k2dP<`%6|O6mow#Fpdg$K z6e9}`%y+j}JK8ujVuqoICGkDUHq%LeuXuaij&ZJ{_Q_yM2 zh`{|ecd9^Ef4MnEZ z1=`n#XBph3ag+H(fp5hfRmq!u3$?oFZw2n|25$(P_u*OL7W5P}1wE(ZT;FG3yLF3N zlwgIEncu$U%Mj>HP<;?aufak9l0{ai{R)5zo=&^qo>l4k#bN<+;x{tq4yTgI>8Ltk z;Trm~0VnpUy zr6;*-4h??<463@gtqTHXx~=T2cM(ENmV7e3qi*%j^f_&uuOj#Y_`P8hkh-3&?}kDf zEUXX8uhYZxvs()et}ARG4ji4ws+^x zDVZS()cQO7MT=#!`0a$%0QwHZ@91r*ERT7JyPN!?AL&f`iESAkZ!e0=G%y-6AEXc@ zgJvkp+Ln95u=EUsNHV4iW78?Yb)`Yg0aL{b-cOIO8$uQg>76=i&K8py4?UvW01#@m zN8vT9LO{mv+DvnA*gr(xJxCu#11n;s41%brYRnd7N>q_K>#{zk8@nD#@-rO0iM-*dMM#L zS&CaopA~V8OJ(2KT{yNn`{khtC|o#~#mInbT`YZftloso)iyG0@E9IEOeiA1CQyq{ zRhQA_V~mES+CONUUiyGiT;NUUPbee564S#xaMIAh%xIPQW^juY;nVs@LEN^p0m^AD zVveqZ$wEcJ7A-I3OthdiUxnDLA^%_g7I{b`p<>#I!ICYL@Am`9dOk$R-)2x=vQccf zoNv#`DttbF@xnCh6kuLL?ybNNvKF%uvl6rD;cLUn`JLz+zJ*%n=xOX)>~McqW)udx zBg6G+gL(O+>RgXNOZdclKJ)3IhU0%VTMco4A1d4Rxaj(yhx$;A5_R6cgk{aJ_Qplz zU;!SyH-dhOz}_S`FchrdB>nxNn{);Unpyt{NBs?Uvy1KyvlEL0GqdjUiV_d>T=3<&~a&THfQ{tUy zi6dP-{#?+3cHnVBe@uAZ$>svbz&8sc>70S*JRWy`&4_-?w}h&mgd_o8p1j<&&>xiFG6!VrA`Y0d)k|~{BW6H#>KOSoK`$A=K=L< z?Rg?uWWA}F69FiQu z_fsrCgg=XN(ykT$qW=P&{2n{u%E1ZEba&l$SDMJG zcz+8I$JtS@G{iWq{fLqQBp_Wu&`HXMcq&qx_yc{ka~&*taxi45!)W)v7F9xbl^h;DFm0U@NCs$Ke#sn)f6MMM^R#rSuq zK#8f^EP`(lKUta>^gvDQZ?b@dR}#E;lza1IZ1!NW2vbGj$d}OTJ#s)%-KUWKpO)l? zn|uv90a68}Ppc}8TlBqZ??KCop10iyIbh}6AcF#8yr-8qagFtMBv-Tu+I@=pyQn#s zs8{`@nQw*65^1zwEl1OZLm^bS*k)--_}v(G>stZ*^dACkJHoo%tA*9$YEioD?Vk3E z%Y1#Y{6T8=$bG%^$59>4f~e;au4Uo)SY$M+i?3mks)Iw;q!vOkX^{@?czG1UOsFWL z`y!C%^4l;jz{7}{e1g7>8(5FKO z`+v?Ye6)dbwGyEmwj>UQ#bLIxr~`PG<;H*W1vsWhV16$Uuab0-$k+ly*%xAxapo8$x-tdI zWFsUqk+r(-5%_(P28~&Zm4@P&R5y~T(FgI}1$t0t+qfl&3fUk{C8`pWTy^JXYN$4V zkBG)WsHnXiD3OxP)2ObP=I_sPXLuJ)?%vqGc^PK*u7*m8Y~T}mwMmAH@dt^Z+)(~B zz6Zf^fxLBrlxrmL6rsHB&RhC7b2v+)iV@O=aV?wtwqXmVLAv_)3aUfM>}Zkl7uifC zE68@xG6$;~3Vu1u5Y0LWv*|c7E;1I~ho~Q9NwU0;7eA36g)zdim`D)g8KIaCLFY-M zFf^GRKBo!+wZHx4g8{hx+134#r*kEEHQlyT#_usAiQs={5q~(&1L*fH78IEI_q%)? zLf+C=S`XRd?&rfZrM9toj>F6|v$;#Oh(as<`Dw;@5u6>BL0CQXjHfJ%_#M*3Rs`H5V%#=VU9XV_l=hBDln)L9@hiXPNmMd-oeP@E-8M+F^w9G>S~sQ zo8Y0L2;O-!rYW*#8Q0!*FFf~l>@B}mo9E-nt^co&GISf?wc$Q14Q-ZY-;3e=4ooN3 ze0*Kjc@`Ay@vrrz95Yjn-}oI<^0^I{-A3 z65-0{!sFj%&21D79(0D%BAWfQZhemuG+Yw$jB`eO90r@a;|qO$=)aR$^Zh$9$R6ia z11zDMBJt5u-SS^rx5@V{&_Z#S zq6ri&P~6>Ji@O!q;#P`#&_MCx?(XhT+}*uMaOf}WZ+G8!cfWsea!5FwJfCOg&Ye4V zLRvg+o9Sz1p-T;pE8$6z%iUr;Btowqe(JZ|7sd`Oj{sTpLBmFR8uUAjf1-H09Fz(L z06E6Z8%9GJmOw_v1SHF2c#L3_9A@2eV@XqF)?e=gpyAmC>frA zBLLcqIhH*uVmc-7Ig21*fyqKl9%93uXs{rm_?c=I0bBd&<`Ak&N0ino%gWR%Pa4Xg zNoP6Ky!crY7!Zgo?hrnNyNMHvlfWc;LIvDaLQtWCfY2tB?;FKasxP6*oqc1%!!a6qV!F~5dT#WcmrMvo2^(fVGDO0%; z{8>r!0-NvUD@?Q+dv9M&4Z>;tU4_{LQF4?sqKyrrTDgXRX$MNPt1VTyO+J~{3NXCI zQRq#oCnmjK_+CpKNjcT7+{o4oG4}7=_>Y@j;rWs@JvrSO{&xQG2!aNinDt)Dv3w7* z%vnvvwpn#1SQx-al+DZ}OfJdgRkz5S8OL^=&kXKLgJpoX6^p=eJK+ATG}8~693A3D zkePApeAn;}Vvf9YmBMdP)w1*}! zzldnTyb(l+3Xj+w>ea=IX-?70C$r%=_k>zGqvLk0yb-aHC#VBP_06g`j~n*-Vx7$h z{oq}fS8r+pbG@QSjpTRcJ%jBJM1H7U+yg&YrSwoL!f@zP}Zf$u$045^VPK{M!uWE_bbhuER6Z0r!`@9j!$dqq`p03zMl-Uas7B zDJ>+H{DxyHl+?VTBiO#jG51s_tfTWS6S$6uGs*QD#=fVm2gD450oPS7c+XkI#f@IB zvxxx-O_IEyXsJ|r{a(-i2CDxI{+uw)!5wYh)oZQnyx_k-Fb{8Dv%g(PH4&*SlAJLy z#(KCx>8U}95pd`RbJy)J(l(-w<&27*Fy!UgP3Do8H*6qi%AC}|17zOs7<1<^?P*vN z7NHq|d6^;|sht{e6C|m#I2B63-1EPCB(tO6U|U^F^%AZoS7ynlSbO!?ne$xJTpNFJ z&go~p&zN-)4apl#x#pdXb0dy$hf2VWS5I`Q1f;h$fxC_10^e?tH=%);QLfYahoKgg zXy_k$@bxMTI$fl80xX|?y%28bFv(T4sJBh$iPb$5F7`_j5HbaR?dlDVVx6i?V*SX5 z4RljD4ue`5J?$i4TJG-rKD|3@+zxz& z$ywy-WX?|r#!P8xB9Z?t+xpb@(Dmq|FrJ=BVTV0E2rF0e0U+MGx&QujV%vlT&GL^)NJ@ z^H(@%;tqe#hcF%nTuEm|FV25q>v2&lwEnLytHSjqc(^vW)BF`YZiCScSU%a(p4#F) z*Z3t>W#Pvw7E$E&M-EJT)NT+I?hx;Uni_GNZq-hEOzJHOwNA&>eN4%>9?Bk4HZn^1 zy38&)N)&2=X)I7cb$%QD=E+(g{gpQMipJtYZ8@Y*?gBO~a~_YVr39Mqgul6S$E7}$ zXV|ILK^m2R*;W`v&(^@OjaQ|Xo>sW@yI>JjKf?{K-0+(Ovzud=vFMA|ngDvy`>lGF zdpQ~NICtI3HS)H2fo4ueZi8KceiZb;F6{5vRgfyHvUg4k5_avxvn^9NYOjF5*)ckh zb|N!>witt=+1>2J;G@XQk&5VB3`=k|)#K|#ALVe9y|n6W)fi|7DTl=P87^ORx_GoX zua6e;f#1Txw5H)RFN+McnTSPzDo~NHF--w{20rYzy^s5hMxjq12s4M`N;1k${%G+V6-%cEict%x8`*zH!$oW>b|&<1c}=gp=?9VCdyU;zT1q~efe1r?waa6 zW!~xVsrXRd8fwx91*WZJ9sUBq&FQp}1;?e`NUNU7!AnupUM@Uh?Lw`0h5qWAdB-1| zz0(FJh1ngt6cX8Fs4?CO-Hjwyhx}TyCWr3SAfAVbDbawge6g+^P@Arr$oq34V;BXoB$;HbZ_FE6gT9Adl92qI6q_D`uk!2Uj*M}JNuaOO8ZtY@8`{(NePRnh zTh}|!#I)3k8ib`8I=r!~=K&FSC z4+R&(i|V0$-YorWiRijSdTr?}z2V)FWUTwqy$~iZ=-Sl69WpnXjGS>*e!c?12T(U? zU|Ht=6~_M|@$(FVfa=w`iC3{V9kaAgCm?tKe;@`TK?K3Tp}H`HvDi`O zJ$e2>>fuMQ+dcJ1ohUVv_)>MavA(9=^l5cR?Z_# zel^`IrlG)v&1ZGW%Ki+o+7DPwU*A!jW|p_tX`eOrH>Ep>+vByWdV7hR?r*(l)#ZM$ zRnsW@2_uLo`aoS0U0Or7o4EC9FqvaJgxr7p+~jMr(Waxx-5)N>j_wI+PW^>3BdQK`#j=cF}MnEqd^`tb@Ax_;oy;_miFkV98eqE6a%_3D2TU zJbmyr#MlOvtlu=A8e*+*Yyz`kf=q}x?F~5dBB5H5H{bDUPX}ViVU>^ww57_L$q9&- zY*$;{Utz}L)-q<$LnnKUm-A`Dx|j9QUK`{O5W97Le*;VK6dB()Ex~hgmAsWU{%QMb zws@rQAM=dI|07`UArQ?+x1Zj*wFdk>um1%LK~dhu!S7Q-Nx^mU0;Vbk>XG?em(BPRm(Ndzk^m6vE}=Ges^F z3F<)({LnGvS+$;H9U3M)DT3u(Z%gLXoluvK( zvud87YF5G5rSQy_!yv+s?UH=h?Konzt3T&kH4Gc$%jj^-SMDJqq<}mH?i1Ex#`@8% zgc~x9aP){yQ4?VjBTy?u)vOX>Gv%{7Vaz~rt`0*cJ3`jCE^P2jr|PL7+kjqt1AbXd z_95QQP{DVA1we*M<^UyG3%Y7juy0eIOR7Qm`nkkYM_&UY!@cZu9N5@hMj7Y~UG)Q7 z7y$$J0N5zqDZ@LfmuN7dcQ)AVayyUwV54iW+U1=UYbWzA1p5dfM#pIX&W_?9YT5_9 zI?P9-4h3YQ#d0?XonkzNJ8#c?LH*1m%IqClR)jYFu>17)`}!h;ex`xa#LxMl8<)Qi zG5mYf?-_!C{sv!*#k1~M*kMu1<^Cd#y$Ehw;~N<3>PQS5q3N!&m^6T zw#Qj*cHQk|Hn5J-urqPjiD;vZ9&i(z8Q-;Yeoo)V;#Y~fu5as1nfkceQN!88*%EZo z928*rG(VByP#vz#0L_XESNWC66wo)|SMGP|%IA5!@8Na|iL{rbV`8a>_`asgCLfFS z9`OkUT;X{?Xc07`w%wIA3k%?%Lpf_RiLiilYG8GU;n=3@`9FL*cV9$$*ir*{3_^%0~`hI?VuhN<`peTrhwf z3BM;=ZFfhqn0$2G5`QnoByD`}-{o4k$tl7f7d(!&O@D(hiT8$ioAoKLJ!U?a^fM$A zhJsI&>D-qlI>q8*Ql9p}mu!vqtogrg=x;Q#4m*k$Qu^QL`u7}syM!@M*<}^CL!aZ; z5N@{6kSsH5mW0DtH8wN^aoUw#`bc>Gjm54mb<@#lm)=MwAElx&PFy275$U7VnE%J% zd)}u#CYRL@D<^$CX9(xEfNy{;vQ5;4Cal_HqeABFG%EELd|PjT3YHXmNVg4*^ip&# zCV#6o2ahn~Se3E`rur>CMos-t>!lc!bUsoQuuZL&hBRtYkR-xlDxQJ7Cd|n(lL)`^ zdhU*Z0z54)FpI%o5!NO7MHrMBFk8|6+e4G`^i=Z}L^X`!yZ1?L%5m^pS&Q~h~tHkF(FROdnCbWm9aL@|9F?;u{N6bV2?zseHd77y5EG+|^Y zQo?bH_(5Rm5Q_OhSyuo{AgN9K|C(BaBH!EkgVyd*nZNk4|0t~=0$zz~jvX&q-!oSW z59?J?MQIz4^Up0E;^+4*_ zQnjl#P|-0kif7b?%=@Q4NDqw_DsQqU5bjSZ&phWeRj`MV>WFTy^3|_ej?;|UYl*OV zRV*VLYfqy^xLre~y3FrVMPv=iFfQ@r&UzfSU>rsrD4u`-WOtMqZPl`%I8hC-O8ZdA zao~LKKBK8m8WVX#8Uy{z5iuIC!JJH%j&703fa1WA0gZ{n#h@Pq>>%s|-7#ku#9be+ zV^6LW#T%dfO;?^P4iU#L~LrvJKR z>!c!N=!W6Ai=7Fmbw~_t{8!{oc_Xt=KUs2jy?;?g?Sm)lNxL3KTp8;7sJ_%I*DBPU z+qqOiSlTMRaNg6{B%u)U&T9=tvcTEp$0^h;J0=s&)HLXvx-Z$dtYt^P?ZUyd?*Rd_ z#@>Y;c}&MhEM|vc@yb=|A7DvqA#fhU7jlF?HH&WR{ZZh5H)oFI2oai*ku|KzV4^&$ zAoZyTl1tIzz!>V;?0x#gkc9+QZbMh&&Hi+@vRe2VNRM$2)-^E@XiV;N{;Iwc%$esM zai3|U6t)R!YS+QF8z)0Dj?iD0P;c2nZ7%zwkU~|3CCm)A51}w}Qvh((tE+po_qmb| z%u4|$L${DB5nqq6Ng8e*rh8v6bb2#0#4{nx?RyYxf~z74IqEKPSbp4h*g+So`qf05 z8gWfRE!gnlx1qlI$U9`N*u-_b~h?gT4Vn98jN?liiIz2g}=?@y;K=1!cZOd%J)H*zwVu&htRjtp^utXmj0h) z<{RR#P4ab@s!W{@DX-;OPQ`$PgE1ki;hVm+RqaO)DzIIsatg}`e^i?E{~1PawJ`=# zxx(pn>z2oOA6f)eT~4O~HGg)#ogL4U#~usRd(j%9FuTZTJg}GP8!EK0_o*?Y*&Oxx z8gmu1S4CQZHFJj&Ug*pkh_WoZ#p-fj#Cy|5903Sf<8Eo5Mnm+fZ#zAD%$zVBQ`wI- z?fH>5}F<&skv7Agw z0trb{W%F8iQP@i)722ca0R2XOne}WqIbbD{}j4-x80&lj$yZERC=E%&xNGhSc zizYnJYU;7F8!0%;gBf%UaJTp~cN3H*ul zaehF*SZ;ZFvE{?q7Pk%l+1a(rEZCPh66JS+-oV zPW!4I`hS4ZF+!ZWejAD$CmAm-@ZIp6LyatPJL^096mA!0OV>)A8Lg7)nZG0oJ9Zms zKWN7$FzEHZzxrW?MCoPj#NRUQ7+-Gsxk#-R+SOog!R$|^a2>3Ls`)wez1dofv{07G z!+-127~ROn)Ztt0uGBAMMmfArQwi9x#&DU_bcA}4NQx_Z<%McJ?BfV4ly!D)N0jk^%F8DxdT0ok>u$C5b z)+|~XPc@9g+4FIYoVuS0?vpzpOY_Ve>pR#}OAZbG7oOx+dHXYWj?nvTvOaqOIl}2^ zC7;?&4yb2^Ks+IfnJk&V?i1nq|4dYMki7IBNkn$v{1sK!Glaj5j^17FY3&SsK8aTu zM_w^-iW!wq?ff~{#dabX;TM;PS`JP-|2R*_vQLiyFA zoF$maFhxmSls)LE8L~4cZmCq5od=S9zD4WK^f}k*PSZiq&#%^CpfdPYs?Sx@Wp25pw8O@s` z!E5x;Bslrn_==Dtj#m_Poqje*Mosux+1kTjz?QSIuaEoS+z-}%3n#Lr(&pk94ymkFY3c{n0Qgtd<}M{k&X+~-5Q z-r#UFG+<|JQ;|~8USc1Vq(Cbe+reSB-NKR|50-6m23`W2v)>LhpoQ07R~a{iXR%-mvAcVs zM)TQzz^4=-U2qzq-{<+1%(=cHsaTxxAb8LD>iJWdWR7Em!?=Ab(F&teBX}I8sm9pa|CCh*<1evh{P)H3-(w8`U8)wk{dOTi{ieooC(b%|nmkuJ z0hKluay0j3Xv|^DJzJ_u`4V!v&@b~xnc`*3Nf8}OG}txEvn+nVB_V4qKt=`c%NwL zfBB`*)sfm)$)<%$s`u;oR`e2fp@kx!&`=eZv_PT%sMX17kd-w^qAS@LyTv+F+=%Hb za0iX>+Il~Td;0n=tbHKp2;Q#EVuhjQll7#}<=tMEFLed*eBiAY>tXJ=b@~(o;a$Vq z+_95dg5i@B9_Kz!jH8gb1`>|nQ@en(sEZgp-UY?oEI$qQ^R%i;FKdoACt`AeE%9Da z?}7xktbm`k%jQ)ymdAZ{n6T{y06zvo|fnze(K}d8@&2-TU%glWmc8{1GrA zup9*Ic>!8B_lwj@^BU8*0)oAOx<3YIA1@MT!{Ej4haLo@9usM_F+LpmVUFIE!24Fk zbFr0>TVN*ZC(XHw8J~oUb30*Ksk6>X%)%nf)rkAdl80=IhVLXFP1Z^9BWRQ4Y~YL~ zL^GH8omsRlCTFondcPh&G0H?_UetLXIu(Lqyq7Rr=Spv*Ig~@6p<(NJM-z9=jbF_^ z1})(e6n8JH$z?t&czU`1{CHO47e8u#V-;YO`Ojj_!1pEeJc~~s{iTS24lN5V zV^feUYktWv{vaJ+Ra}0Wg&!<(JmsUm2!GaY)vE7yt#DFj;Zy>(tD#p;j|U;TIV*no z`HDU#={u;hofcPDiY6G5`g8-ak>AAlo~+Oj9MYpr$6TK(IZqGdfl{khcmq$S2UVsv zAR|iQSM{nyy@?Ve7XIx|vu}NG(h_LZ8LZX%Bc*k8%qHHNF%{}5GC$Gw+7s9)gF%~S zJr#zt@~0nD>Me0LNw0klX{=nXCT4fyRjiXXkA+_C;YkgP-;OIEB!aZS{F`}kqsr{{ z2UHZByf*QPg^BZ!nv+JTb@k@#WoufmT;8O+mi+6~J@c@JyKH(4e83N;c-pk8vE za?IY(#C#fpEn*?22zMbO_yzx8>k|Cx64ps|^hd4o^BUXQ!Fwm~R9_!bR;Tja+*F*a zOl8zj#uS*lVwm;t)!6Om_G&d4EgsJq4iz0P$#}Lz zGq;gmhRip)J$dibZjiu_vM;eId-TeOK{Yi8z9Zgb8B8v-g`(xyp<9C`U$F;m50L!4 zHS4c)t?z|9Jzwn3{>nA$2#?j!?%U(|=21)U(BPr%bbA8NU}UJ_av zHhYAL@y1K{C~|JU*0OTE-2m*aJ9*#F!@4dT;)vms0)X}x0qBNK}P(jCHAh3pfkSNsp8k_D=!zf88w|j^4!&+ zuf%kY#F)6?B~Tf)y#Tw2AIca z_zN%~Xe%w|#}72c=eKje2=L-KnRh$9b&ZX5|BrrtR7d+8zqF^K$9jYHt*`$MGJdeH z{0i)h$nlqIESwM*?mS0$j4*|hgpLiD>heHl9>a-pL*unp-tQwQvp!KZRqeG8TG#>Js_~PlNPO(TkWa8YoZ(gu>gipg_Mr=NdSBuuQ zolR_>&1RLiW=Yh9!j@*xcLeGc1WfQ&u}wq@C2El@(nnY?jH4pd@7Wzqv+@@sp$z?2 zLd#}HFyp`C^XKVp;p57jK0IWK>u_s^V;Q|qO$p8)?m|!O0$6;&C&x&j^R$t(83=BPOaRQd0&ZJlv-xaKur@ z7CSN708?z@;SDc4Nvhv7%fmSXASgHtIkZJq2(wT(MfgC*0D45jW%?;fOYIO{1a$-l z$uA`D*SViMY*@EXbXKTTC!lgnQ@tt^seRHgT}g9zyIdRkX_itg}P=Pegltrt6EBDl-N>q}WLOeOz?!eAw^l|&V{EFgjj-A&Q0CLQS6jNSai|M&^reK==(gj~2x zsoHE-&^DQ)Xp+aSWkMdu!Sjai2JXX0h9ADT8wl<uZdzLqAk0Bu_ta7axP0G zG@9PwamK$#1Z z{7A2iiSzq_nCIc?uG=8;e7Be3&+|o6SGCe0INWrZ5lz9NaP(I3ahL;aP?X^sm>lCmjRWFDUoJl2Q}nJukAa*WTChtC!<)%t>7Dn z!`XMZ`+hri{?9=FpRY{Z;O3W{{(_NEu)IQ!ez0n@6g!j0mD?3i5QjD**u(U#M6>$M zMVxB{elfm@_G-)B_p17I$;Cgsj}Qc;I- zYqrsLrD=m79n7)W%i|sCZ4@z>ff6&{B!E7I&j1}YWBi!7M}#+tUIVHIwdjN&OpiVV zA4k4jy-M(E_$Iy~)5zF%3tTon{BGXY%6eL?gr2=`DodR#5gMPb53SS?O(nC-HCn(m zqz~_xAg=#~;{UVrVxW%D0OO{P@RxnZIzkQ-T&%^IiTW6*qk4A)$%N8GlVXHSz};pM zPS;Xs5YZhh7x3xacaJ`a6uXp-R<*)G;K_vE9;wCARIy?68Ed=;<05rwA)5_zqqTsMgncc&nhu|zdU@zqY(qdRZ6-XlBG(h zkM+RG$9f)Cy*JiujAsCR$58KX@b3evwWwfzuw#oUfryoiVVtkXmPO+YnzDNPUlFky z2r81go=tSG#v#_V>fo@Pw#O!k-i5sfH#AF0NeTHOF%2{2_?)e_`WvaQNcIA7&~(We zZ8HH8N{037kDG~I%(Paj=-YML z_ZN6?7#p(Gf=Vb+E;umTr$e3fSPHoF5e!Q**v{woyp>!Q> z6caAKgo=YL1k_u5=52so&g&rEE@Ve5UB^=|&;Y1a88FUs z)}n~#ook2QGcD3++mw&qcJ&(Ohw*>`zj`>1HaF&I<@o;vasGDh$B0n%x@#aP|1V@L z*dz$`<{K5Fx!Zt0(|o!|IX-2Nw@X+DExPTWn7W;@@o zA}V0FUy33}sp`z1en~T>&qdZNz^_Ki#rIxc^%QCK5^CN)uC@t~+|#nO3k~Vm!-2>5 z4{3YI3by`%pj=YExjcprkRu*%yVfEzb9fq=2Vej!3sX3I(FTdx!oFBXhOA0pk8?J; zwC&eS9hZbNAeO~R6x#($XK^crt-TD~(hk%@mcr1yx)anFm!9r5;{Y}QnNF0=8@$3wE(Qjp_m0>iGsA2bWmpc8z!V28Z9G$Y+mt=(Q>HK-$)$|1 z<7DPCUPUMMjPs@A%QpFY%qi11U5lZ8$V2!>W z3O$;ZVQB*S1p?(Hr>I4@-|L-OBz;}@_=N8J0%e(l632%30haSGAo!UW!DKjbB}BVC zlxC#VL&jJ~GTjL}s*AlF`NRc3rBM>y=m4Fpnf%n=^nZqgN4}Th>1O@7^snsN!4K>Z zXNA*z)5zX-GD}#h`+y3Bk$KB8-srf82**gcdmJ7I=In6V8>?fy_q9#PF<5~P$j^HP zjS$mU*;P!ZgsKS!=t2!lY%1fETg%${*$RU;H-%$`_uH;F!#B9)GeY?z643p?5++R7 z^ZsZ-H_SjJfF9tCA4h1IZbDinS4-~P+@bt2Qcokc&v{OcBXFxodC?3vYyP1yzl+Pa zpgJ$)Fh&^%4V@``qTVmV$MWp@z*xO#oGQbIyBqD?e~ZWDq#S6a?|#bFT&~WTmi#$L zH9idT9PhNK4fuIKYgLYN@EGbnra+_zf!G&nDs%d&#R-tanX_GHEe=6qWZ)c7X&AwHZ2B@;NGbd~{tknK zs}jCQjWFEQTS%O5L7$lJw1_9Dqrk0E+$UsS5;6PZE}O^Iz9Mwa4i}<`io*mQrC>rd zyLSc|@l3JbNp?T67-zL#MOS%^;bR4`pZhiLz8KOGkiOm}+9hZqJua&x5jRTUGP8@U ztJHu8U~y9FymnG-X^jTE{kD8iNGU)_DH4X7lpFrF9dZxmQ|nx*|; z%><`C)OFa6^pse@?B=%rH-F8Z*o^=Tv{@~Xr}zK6!@eJ298Ll?PUdc=blH2M1zypN z=;Mc}T5C&TuSA@|AUcynW2clOYuW6uQAX1*7%@%w76n}H!P_Mac%A6g4zPr=v0vGx z3jMESX`C^%UE}o7TN|vz69{EfiU@08k0F7Fu3&La>QDyNp|8U`S|_f;#rcgu(?{cvndH-V zZ>%@u82LQ4=f-ypcD?VSdp}1OD-rn~XA@3kjANag8ycBSbl{RwfOkufZIxQvX#^+! zBbn1>L}HM^2>po2i%1^qAz&I99*=-FQsL6G#=gV~4saHP^jT#g?&ijGMcpA8uhPUb z-)vNVZ=xFTe66NOLZ>03F|P4Y!70(_v6TwVFIAL8Iq+Ht?iHd;6V(TPiG}ZS*pJYy zQ11??tdvUVrc0k4=%WDFEUayD0`WUyx|MB7eAh7$)zA&cMF)!Xeq-i7?(X>jSmWVb zc=yDE4U)bg=ZhZZ&?i&mO1?wsCC0K`j_hc+DFgb=tlTt$weXI_IloVJX_38Ce`n}k zTGA0AFCt2N^*ci>-+84G-|geqZU>*}ZkU}}1O=9v+Vc;7i@SsW@hM6FSC<^yR7I=X zk#npB%JK_ars)!QDK0)=jN{a`$Vo-%%0;)hohvPfQDWmq^&`ICCnS+9PP2vVoctIP zyuS#0D-~XON4zM*6@74i&y4}X-}*vi-Su45&?(|`3ov_{@>Et z(Ngcedfm%<_EKqCrcp;*+>`@-jYX~!)PH`^laZC-rSvswtJ$e{ZKJwV+GkLCG>_Pl zY{@x+J>V$C?hjihs4;s+0A4D7-?fRmNwQD5?^rMBxxi53uR4#M=TV z#LXWlxcj8?St$NS}h#Tk{t_Tsxk^-8zq8$!3Ih-t!Yb2Ttx8H4{ z5lh~7&+n_d@Y#3&7+Oqxd@|5>8;6f6yx@K8@siU*-RU(CXNw7Tc3TgEWHfQ+=~d*& z5A7OTBa-`Vye6;j8*7ql2efo%K$0I|DI@%IaP?Om?^iX!(9B5N8;=U+SDia<2nN$586+aaN}H)YKH@jHa-!jQ?*NssBYnZ*2V>--X8G)6i&& z40oF~#Mg_-VY`L)D}qUyH1Ho{6#~51>|c`GUCl-g2)y;acp1bn`ufl@a7dszuMC?&uIz`ETZaFvLe33qjgJ=R0u-2*O8sjPF>-_o!T@i0hu7HuA ztEJj8{Uyl4Gr)vi_A5!$D?Oflb~zkOD;cfq*Nld`ZT3W+)blj(oVG|9zP1dm8BK}X zYGY9s>0nTM{M{Jl8P)v9zlOc!7c3omEqV-k(jBYsXUqi|+1oouG2i?yJVCA1bj;`V zknAYL0P1K)xn$l2%b7wfANXp@Pk+imM~|^P!`dVm#npLo)uu)8RUFZq;Ao{(h|J7c zk%!`b3S%1roc)Oh7g!97GUD zkhKDG!4_WAQkuWHHPBLV;-x)Gbe{Fg6yJSjopsgsU1=lc{N#4HP7?xr_ zb06&IX|KJr{q8X09C2~ZePPBRP8ZlO&?cqrVZ-hY8~+^2fjK_4`O z8}#3e^aND)27Jb_o}S|OtG1axBaEE9lGzXMF$bVeI*Ql;JP|rR0p3CN5T2p>k z;ex3OWS#6b($|7Y%CsZ0$;{gRL6O#jn__+)P^;YQV=n9Cc_yeU+=_p|@>B6g+Vu(L zOI(bDr6M^(LTVUX|BlF^88ZnYL%Kvph0jm8=u#f{jeAfK74xd?VK=2)CwizhQ|CYd z$4^W4G!wwgarF5KBx2o!pkq`d@;EySD-6oY6p+%WgoOrc**Me z3!y>z{pG8^5*G)yR@I|f%+hc+yb-6J-B z7~k#blR0Qd{iA!yQz(_zaGspaPt~yq_eLEdMs$lsX*iDU+fTi*jM>4JWU)wibY^kb zd&I?5BZp-*1cwUhtuJG zA0ZMEB9Z+vTmY%APxM2 z%mwox`sz|FmGsjKb8+@aHZZ_$(DCgzY<{E9h}l)8+4jT0{H@_|^xTVFqUV8J+(5h~ z|J*m8^p{Kx*XxNBflQYB{H1@`h5S*2)99Zsd6J1}sts!RCuBbMh1)zsN2vUmoZOGY z;X{Zq;jENFdQ_QqT~cfi4GDD9F;505E! zZ@U_jCASlSTp6*R`;FCR3louqOWzE;OPW+O@hLV;SDG{xYMqmO7_ka6^NsrP5)Yj# zCEI1n+7_R0mYrPoA~_bfT0NKEL0SJ;>>UR0mWNsGlZ2bK`dxbMMb=tvC<9}BOm%VF zHKkDB1XNTy>04t41-zNIQ*G=i$R7s6v#2 zBUfSoE8H7W9BM7*#z@qyAI^cXJfuz$k?}a$ROgdc$|d<>@un_~ooMy>*ru4*9i62l^*CWWVX4 z4qGIN5Phz;nPol~+r6?h+mw>;uBXczbBrar=y&TEYmc3DumRdm7!{^Fw(cz@ife8M z9~AlwSHhR4N>hp{t5B_G&u|#q>JVD;*W9`xM=MKDlvP;3>q{a3M@W}gSOXl!595R= z{Q4cSOkB`sYkCYPssU#A#ARVu+$`GV|79Q~A&mHQn;C=yba4M&RkeoW5(VD8D?q z(o-$MP|=}8{a(h6+x8%Md}jt8Kw{5NyoZeu`de3TwiHwk>Z2OQY`h%hXim3lKfygB z^6n11yL^6H`GnC1-F%B?$R%vzBvK1;C*JDf&R{22SAIe=1t8%LpdMf;li$fKnd9k= zGY=PWr~KZ=SLVwqm{?|EsOMI&x7QhT)fdlg$-}A-NBWr&Bwf1Yz7cSNGc^m_QCoFn9kOC2iyIJ^o z@OOp)-0Z9W|AhSW54;vx7Z7{JsKun9g&w1!)%3NoHAS~weqr?TUXAjPEdMvv<=xO~ zR};hV`XH5^3r;0CB9iE;Py@P;z^Z_d+Ph(J^KR9?=&AdaQoS&RsVl}$^&t!>=d52o#bw;SQd@OaNtp3 z2vESzdI&_=ArQP_FI=$zl)M}GjUe>CSMz}*e3DxNnWlW*mwk>z`(0+bXnZ??w5dIwK4Xby7 za%+<|t?;dNqk}kQctDR)W0j=l=BsJ|KA`Q1Jpsq3+C__^c*hLbq5x*QB#YU-+kqfY zx^^x%mgPhVfO z#e9D`1w?k2kazky$%uIWqf|PJgVu zipMwahJ^Y;snaQ|FgH_}>nYOq7S$TP%ue7PA_J~Rv0apSx!N^NKE#Sp?2J)NCa;06 zuINk3siPea@Dk@mOf6*H14V=UH@IzLC5pna`)E09W82$e?y>HB&oY?@H&K92X0h7Zj(b{(6XK$GLL$hlN@TEn)M;GhH9dXtvP8OjAK%4swQXvN6=?$Gj7YOaxM#!h=KA6Ea_3Hf zwmGLn%QyaE`#>e{wxR3I_81ty9$~hY0P-Y%b80*Ndt;TJxrYQsC`D*ZqYJ1J^waIP z4S~Qaaru@^Na0dbZLvyw+fv@z+Mpx;_X!#0cIxrCJ|Ggt<~zJZo&&hv9X@^)O0ar+ ze%SGo+??fX=@EnNRG)WAoou4^regwabw*3MLy` zil66xRO$9;ypZ@|ATo@foUR}GYJ$l-q|QkD_RRbg+Ew~0t$+^!91an8>v`{G=Ja>k zIO%VxYQ0-GSKf9_ec?rZ4sbSUD1SulH+U0@BozMZ%NXQfs^1%UWdG4kDm>i0#D`JQ z`heT{umS5z*6)P2HzjJfQyAZB9o;d!CH~9ync?qD4J?#@N643qs!R_9KMKP+b8U}? z!n2#iIvC!>M=^0Q4-@>Rgr4_0VsgVH@C_$Vt*fOWf$lMB*;Azp;lGdgp9kKt5%`K? z@mO<8m#w$TW-TjQyV5JUKCvZdC--!as=0B8F0oNGCLNT2fStl-vpA30CK>Y+h-cjI zd)v@C*1uKCaMQ1@=UuBkU6TADq88t|d37K`;&2lR*LvDV*!t#3S<@U9TPZjq&T6YV zzHM07wJ|2l7-^zk%R(D-;c*nK-=spP_BBQH*Type;M(rzK+6NErz{)X{`b04b z)vJvSh!kT;%b~Zbc9#&i@*(WuVbSyK?$LNUBmJypi#|Q{&NJ}0U}9K_w^9J(MeY5x zG{se97%8v1+Q|IFcP8OA%m%HS;QzL(9<8 z9YZ$)LrW=0cY}2I5R!tRbPOO2-5nBwbPg$u3?+T%f6m_b>~qik$d~!T?|q;3uC<=E z{24x~gtQRCbx<$0e_+#p{L7U!uxPx{T^;#y4IKLF@FzHUT-^%}r!a*$e6rnsYyLFpixq%F?0+5c0QrygG@OjU0&RZ*p`$lA&;TZK zXKuYS3OYzWSDGO%QOq|hpk4vZ=^%1WFcM~98 z9h+a1`}9Z5@;3Wfmy`5P`Tzyj_yk*cfJ^&kW^8t4QFb$N$lsnerAgMTc3XuRLPMV# zVBArmSLSjN-)U(yy?3s@fjyx|HA=xSo3H=UTsL5QnvOzc%e}rPV1q8n_2A{U^Hp~8 znJ*;7EfAyxgU_tM&f#Bl+D8Utt#Z9prx^zP`;}2@FL>9W%3wkxZGgu)d!b^b&^9(9 zuku$bEeM@lw|&6~I#YT#4(JUiyZ@q;h=iw}kQ#9ctYr~juV^we&bNf7*d9lT?-r6+ zUoE|)4eXpb+zY!t>(F-(CQNu{i!Et!8k0MELo(yug0+JfO7bc>0&ZO@4X{mq@wA8= z|61KOf=X8&#$OL=2G%sU{00Es+=8a6oBgj)*7RMkD^&j%+xS@A#^BF0J0ot3SIE1B z!9>Z;wX1Oa74=P14YC=Zb@zCaSIvV)bC|r!$444VN)l_L9=ps#ex2O=XH0!@xlYWUO*Brgr{pF#Dj~5k9!J-21Fc&kTnzT&qYEexkzG&f;+LD%UoNY?7Gy1XFp@{5g)J6X7fCO- zE!S{3nlO8=k-F?_ISD9n?z-$EwS~EAmppA?I?vbN4}DpER+;O+p>Xjz6;WW?qEkYD zb1d}l-=mu(bNma?Se$g0>G#9_I3Z&nLR<3B0Z*DabTxGb6~D$Aw-T(7$_D(hajTflurDrJzNn6@WVK{!q-T%wHK1zH7D~@21|UcL&LHC|x@0e%Mo?W4q#7DAFKZ8`$)lV6NmQxydb+!P`FV zag+@V!fg26R}I|NczdT6=}z(fo+kM^GT1}9?~V~NCH`vV{bXvvZ4YdpCfuV4IQeZ( zagvl>yZc)obae3IBQo_gk%gVii@@Bh)e~hiI8P5yGDrabst@KvZTD=1(90!0+G5p^ zavHQ)kd1qQ;#peR3jEi&%o}+}phz2(XAeJCV(dOkPzVv@ww`!OmI*eH8`t5k|L8_d z%Y(i2BVlX@17IS|*71lOfeV~Exp8Q$`2oaIt&Eo+p{_;J+~(~qUC%k1c@IpnVHWRb zGlTKHGPKn#=N*b@t3o~OC85Ss-tQ9EBfWy6N5gGipvg{%yMA4Y-btf|OZ2{n&y+e> zEAP=k-$-e3XEh(*tN49@gy7TFUY!`a(*}MA#(mLMC2OtHck7}V-SAi3%q(k-As_d5 zan_|~7pO|nWYYztZRth`-Tk3E{USv{16ll~c^G%8p$W@O#QA4{}Cs&XrQm1@01)Nt!{rMz{$xp<8fzPPHSE8^~1 z3$!@8Yc;*Wo%}5dZL9cM(N-hub%~2cG6f6_t1BBRqOAskjYR5jDTz{%!5PIlkpMxr$GK+kc=ob!>MHrW zo#n(9eu6*+aP%2@O@qju*!^C*3NzZpY;<{?_0J}IJ)eB<*5sR0r7jaXxUuGDX_Ws9 z*X1VtAWVl*0lxnpY=04iZxdwQe(jGBo+JoR-CT*sxj-V?*VB~<5^)pg+aEDs{#8fZ zk8oQ&$Wfhno1h5<^Cz9IC3o(P$eTyJriotPq`AJkE;$YLOaLWFGDu*d&2Hs&E;|%3B?gK@SfkxEU9*VI@5lB74H&!1}s+C6>IS*xMsYPz`6=O z%G=Hvk~#pyIqup9YDYx#%bDK_p~wy<{HG7=xa1tW?_%x(;c#-AnnI&liN_ValeT(m z(wIQmNFOuqkyJiCcl?lokgP4#A+vLLF8=Iq~nDl6#DvetVHk zEEkbJwq=-{@0NyKW>VSO25T2~2K{8#J45`lDzw+9^Z`HO?S9)-ldn~8Jb5}U{yMA5 z`)ov2u#u96;6{#mU;IdAm!O1==e~HN@flEsyhbM)kvo&_9X@}@qCoXczYXP)tzWY} zMw}h^fL#!s0p(XQ!2%0%BJUD#QAjs*%unjAY@kI_pGTN8OHM(6)Z6YSS_SD@8Y7PT zO!QzKL(PMi>`Xh`=6}W`Js!gD|MgY;59$fMSKKIL{AeUm*V4Tt{648FnEYgnr)x** zV0KLMY-P-R#2ZfPB>AzL=V*f))>0~7Yh?WxFucdK0^76LF%N>X7}l7ga-QCUfkf6= zBNa$tJI0T2e~*7>0nn5LM&bm^V)uw@wW%+Bc<=D$m45kFtk#mE(dpJQF!E9zHhLp@ z0`O$6Pm){Rbm!obViYy<`ba);npS*$ zyRmjd_oMTVitG;G=ZbCp|M5xGV0kPjNU-%NdQom|68D3Pc-~ zH6Q`|8Y#2J8#(`azuoy@{h^C`%c;%K)pi$GSt>EkdKFsPj+U1l+ZFdqEgDU%JT}2A z#cqIz$n?m7%QQ5sO;Xnt51KduV)qJJpwN&yd^>I_G4pYUw2-}s5;Iw6ksZ=e8b63h z((3pYK3)UHDO$iK1tAtf6(jpPi)i_=&-Vyo!9Po| z;ZqapWJY^Oy}oopUF%A8XzhA+JG2sZA0H#=GC4eomHCB^kOg>Os0|spKpUeD`o2?< z6798q&9^>e2r1p8pzuFym)j;gG<$w*^{0X*wm_NTp=cl4l6N9Q!h2=WE`?EU@ zdg7jIE^?Z$l5Z%Og8U!Z4Dch~GN^GxpC?NKJ9e-x6lc?u&I0#q5hl7_LFSt{)07k2eDOPHMzoqll>=Ud_Ut$-z`BwcYJny4aS7Z_KO zWHMRmwn|)Q)SWE3zv<9>J*XxD3H*6cteYe8*!2iQhwaK4{Rt<*NUo$^30L`GIMM30 z+Ht&mE28y}|Fc=-Qf;{;_x9dr9hRA8wwuGwO_*t<20uLda<%5s_tPTAZFEPJ|KF4I zitw$ea;{MRR^Nmdt(YeSjW60^v9;Qy%_{Ur`j5xL-ZuVf0HWhQD=I(OpUdYlJegh5 zOqQPK^zXKSAM&LxiIvxPD-r-feF9gDzbS)o_5cy_y&urS%?CRccX8w$qeS3%T7dG3 zM5eYBWC{F)(4;eaP;_wn_p7eD7)1$>@yuL#bm7zzrgvM!JRLhztL_tm54R*vV5|0J z0EW9k1}@+5uSl6C!1zqp;i<=eRgGs>@L3b^ z+UxK$)>)dbE>qqY3j*|WRBEROdlKcB>(9U0cx+r4OnQjjN%495nP|SXBokEifLLrX z+qJj!xNUWW3T1Hg@achBuRe4}4A8l~%>D2XEp9lIUzKQ0Ech*_8m6HinbVz?gp~Ko zdo;+!%zbUY)mNrX?{#+nMd-PNGwkQR@ za^|0*^R4TsRDy0kaNMb?jQFHtX#%yW^Mk%~GFy>G+Q}1sC&(Zda{gUIOc;37an;(c zI}hc_HXD7fsxzz!7f1Df>SwwWl)8J$j%{J}o(VTKM_KJQLO=xTMoq4x-&*HYRhExo zdn-)~7Kmy`BOGCZ9wT`h*S-1bRb~!4X#&O|?}m3t!=fU1;tjIT43!G0#XMabY_G+& zRR`l#GFv=rb^4-e(yHR7bVN%kKSv7THg?hn?^CG~E}pg?wL8=n0U`^@Q&&!qV?h=i zZJ}G-`nCFFKQnbnk>^`NPVInu3BuoO$~uyY5r3^VSLJptC}s(13(U}OQpEEKt*cotOASE&G&Hks zq6F@1$y-|J7|e4;_D~)!TkC$$%E;i?weSm01@T@kvHPWR`>Y)}lNA--O1iYG;mB59UVBKzA_9IveJQPdpV zpdp5Bo&iI^Mnp5W#@kPeGNo7{)_n zbfAhb?Lk`Gx%@n{>WW)r<4l!n*-;~yKAYcXBT7yns5cVTI~+U zk{d>h#lWSJVt*Mp3N`B>UY~s z%5uU{j%zrLb&4&@N?YP0Fu|2FjZD&2@?fZni{(%@U7L;Ma>IyqQ8t>xW=zoM8JY{< zc$IURv>;iMKd012ZWk;UT=kR<*QLG9b*&$D%92dc!I((8vue>wwB{*+m)9{9ulaPFLRo{>EUbbq!4#1!c~z5>qatl1KB#7nSPHRO<;62tcG?evn9+8CK|O1* znW{Y`V`0rbe!0RyOY%I0ntdS^p(<;pF}gT!Xnw%uLS5*Q#KtGR|8p#e#}}E7bJMv zW*)cLtDEDZE!wB>gb8d8g8On9Gd2_+tgY&kUbpGMI{<3dCI5(`ioJjG&Zc~_8Xfkq zk3@BGq!&=)Ft|F$fieC_Ao3{=a*1FG5VD{mdbc=4e|yK?r&Io0S-0XlVs0e8t3&#J zt_hX%5>yc^s4q1s|Kv8i`$Hj@v1H)o&_DNRXbA07MR)X45yY0~(vPNtW(_gov&kMo zEwopYwG`lH+e!)5-*K>~imO<$nS24PS7%!3tMGjBHWN5Y-%#*E6XG@7+h=c>2m_Ms zfF>0h=HNv#gOzSkfIng`s(MP$px$UdhubW0_}LPlwzcArLA9yY0GrM1kHAuvaak?D zl(ORbbTI}covp{ue{eMPhjKdt+9Uvv-`O8sjjq4{%=TDCQHzzjgSj7&E2mH-Tg;m` zN~?~9Nrv%d1z%6=3b72^t$Fbos`_*Zlaecvt{VB`!QlzhSbup#z$L*iNL7qXtq}$n z^oFymjU3hCH&ZlUVY{zVMxH5{rg!F!`YWHIwR=ZAOp#6pG)s8DI9XpetA#1qao*Dx zd(fhmMbrBt)IKLXBSp@zt_Up5eB~dWMJ28U@PF@IioGD{s?VEXA);bDUI1*y$8>X7 zCi*mD8>X+9NrTrj2^6tPj;_{25QX@MJviA&5mv_mW~YS862Ipq4s|pItX8yYo4c*j zDP55Gw)Zo7(nDCb1X)zQK9Ldy5R%ZBvWc$ijKz$f>!}`$$bRDKJq3>yaj19fn~GEitwbsETISFx|3bZ1A<{kN9iTX z1GYjnt@i6+j@a5XBH9sd_${b43QD7Pu+nOw@O_kNtVUQN$3x3kSCb4oNnFY5g}ibu z>C633|8*(;SqF5tyns;$unnysX8`mDvhzLSfZbg}V-J_Nh^ySfwSaps zL-T$MVyBN*eKSv-tVU}zjD{RcX-@~pofp$sYH9|DIN@&3(EdIrY)XMPk8&zf`}Nv! zsI9p)^5KqUhEXjD+cnJp=m`&M31_7;$s8%pOjL8KZ5{n-NV~(9AjkI;-{?LSYh8y) zv85gGg3&aU?KSIG{g!nTh6}?4+;S&2%fdVHwbV9LwDOShRV{_XYwrA_`Wl#!gzS?q zG~WtC@9;(qs)FMyC9F;^$e-Tb5o@)41qdFoyWlmIR}KEv1;i-DydJ2abU0iAh}6eL zVby-SR%1(DBj`4>DIag&^WJn*S^j<^=kzs)qxhWf;#!n(vl=c++DZA79Me zSFt&`%veU^mg6!mTiiRA!iW#*|FFE|+2K0*#OPi>T#83SjOp76EdPYh@3KkdG|2T@ z&Vm8TSSLEzbcT;(85+sg#TceCb*h4lLFVr!LmIHN*8C@9INMFn*bar!e#w6b`A?nd zfB2jK7OyU!hJHzV!dk;a)Ky83j`^+_i5T3O zeHjY9GtWo!i(8udXF)~EbX&Aci3*;VX@Z3GJ1+;8F)$!QvJ7wR$+-zbGD~^jkaRT_ zt9z@+^GcHH!Z->ijw8z%*$rLc%=%mfR4FL=6sK)0`l4z8gU7-MKU)?gvmYzsNdYq) z)qpiBM>C583|44NlqGllq(U{49cU&CJ($>|J3k7ayCd$xfaT%sKnyXC*s&OyVC&e3 z&-(1U}+(npyO6(j!oe&a^M=&kIN+dZZS^GLbl z<^P8C8!3zg)Ogm^&HV2q)`)Evp+i+7l)?lLthB86N%^Sm9%eKW^1*zYiCjbLa|*&p z;SUYO1j#Mkr^=y&%n8q+U~4^!k2ji$U1}iq0-h~m1f>X;lm;{N zwxqQ+K4E<_JDnuIl0gx9jB-CUMs6oT%r9y&?{jleyIChd8sRRb;~HQ$(9I}ia^5%i zQ?E3G$Lq|@X~mLuDho<-L;JG@5H!rzv6h=ipjKI#XPi7u>S;2uf^sJ_T5F;lH*co} z7e3uER%)9dD9*reAL|fgEg7$9dn-CW7exdw_>3Pv-0o!kKo#y)8bSO54@X@ ziuM9u!apflMJK;T?r+u1tDN@i?`+RV(H-hW&6w4()@7yR$hZziLR_sAqIpZ{!F!WG zC0-m^D9>9WcXgBvRxCa+(K%V4(c5s5wLvg-;xl;B1?D@!F4mUg?cshnr~ra6FdY-_ zNkjxX;(3n8cpJfz+Tz_H?Q5qZ;IIiWStb60?|4V-zSrz^W*5N%m{;D)aQeA8md%p- zBf(9p(O*ml+mM-u|ABY^+eq=>e}#n0j7#jg5Yh5wl}>}OQRVML0U%Bsu?ST1yqie^ zK*w9*!L-%Wezno)>>hR=M@Yky(#3w~I*=`^+DiouzSoFbJS#QjVn`#dd|RbAm67(k zPTP;Za~xeVcSIJamJOBrXNglR)dq#^6Q3H+IvisTC}?PH#+A zH^<;huxQ{XsTAa=&P}1#k5#I1s^!;_RjG84fvIM9t(dKVrWlK|V_m2}_LiB(p^~=U z1G8Z|dxO2SK|O9s0xc(;&4vg6<>?Ex5i1TIGU00Y%nj|pMv#SYbX>XO?D zCgW&@@tlwR1I$s^&&E3FBcJO~(lNKm{J3+^ouBhg%qGB9sRf}JQi`WCbfclt$R5;s z{veXydGF$6AmF)s*Cg$Dfkj3h5qXkixaOzMk$5 zb&eQhZda`1<4hpPP}r43%@kbFliNg%SI@A$zUuq+Fk$b>FaI(fsHb;nVZc6nS{3@G z3wQLGZyRjKd4@eW`KO4xJ%jb$cg%37lcFElH$7U1zD6 zhv=G_d5lEz&!}y(1*ZsdLmA7tAGhi6o;vITz)$4^<&xwwttL#2+~O+jA3h2Sh(vbk z(H{5nlgCnO3KEbw<)e|v`frdN`X7UZm0=qZ#Z=7 zjW6!WvWz70hDQ5atarib&)um2pT6%+uQ;J%PHGCbIOUOY+_Q>Rk*V5JUeVugaQ_<{ z|A!ahf8X)HFwv8^(ZH&&NqjgBYP^TW+_AC(%u6IA&&}#>YD^lu^Od`4%@;ByWj*dffza4D6U83NR2-Bro&F!77;2HgVS=l8<&7DD0;+Ru zgA>ttw3d1?(}6Fsk%KzdB~?j=YJ?{0^D05`@1K0X_m5XIj*($4@nq14wYF{%2Qv%$aO7iU`HAs_@Nn5?oLlisiY zr}M8L=`)R=E}w%$aK;rl^rMF_m<=Qcex4KqM%)A!wPpK&F9F;2R4$<8pDv_7Xp+148hWT;WZ!wc8C_F5 z*pEh4NKxzRaaUQT?)LL;374nE2)YI2h}QtBmWMxi&X^!;nV598uZK>69L<`97Vkr9z2r>68*&1z!0zD?D5`9F7DK z@6P@$q6@(l^z4(CVBVe-L;v$A^#LLZs|#RNsqLxy?K9XRG3$M31PclJX#u0{{ryZH z;a28(U|m1n&g(@6Uzq07*Ci~>199DxZpLc2#e_({`A+iTwA^+u)ok$66PU(wi=s5+ z_tUko0p8vqnZFZ!_p0TqQmOw}3j1GYZ;L=A&Q!))qd|VYi;p}3RY;H_ZpMv^iFd7= zN%5)ljoLQp2>Svt@ zUuFzt6|_$7la|EW z730|jmq>j{m{p0>u)O=RUtv|r*b!Zmj;Z`%HUNHU@`@=MQp@hk_(|hmVE2I>G3*PLXvklkz&8n{D%NTd$J$4Kot>_K)Hpu+SC{A7PZ;W}{9B zez1qq%e%B33;7(a`rJ+?K;qY4l3V;<;xynvJi-Ac4t5e8H5$eO8RYon!)jWRa52t; zpb!{|;yZ`%AMdH?c`~o?2jvEFY)XUxgz_!2UleP;B`u7|LBJQGbu`s{`@hd7J!r+e zkZyjAW&&|w(1~FiUC05;g1K{UYWY&*dG~Sit@WV3ge?P@;PyJSlW?#}65A~J8=ikTl*ZImH%NB&(x%ngtL4p94 z?;{=rYI{z|(yreoq^I1ss10TaSo061lz=CQT*!+XQH$4W%hbgOkjP-tH6C4^sIgv z<)zcw(W5)bx5uo>HyJj;zL0r%D8YNz&l%;&I{7CfrxLZ5V{8pq&nMUz*NU-tF->!` zPwn*2`(z_ViJ?mPYJU2U`I1S_oF`Yii=JL?71zIAum1tvXhyJTK9rxdkyoScBG zwSbd13C#^=n*dO$%-zJgHA%w$Ge+Z(bz~b*1gciwJQH+jZ$TgO5>#nn$Hsxj=-MHt z*~J*T9&{||(*W^(FXXU0IHr2xz+qAuQx*8;G(>3xtvQV3V}Cv^!x+=nzFS~n%$yZ; zvd4)D&JsV`-%7DCP^ji6VN{b8`_xo-o~cDo3Y00zBYj&%J=a_-u7_g-wAod~7T2z! z@Q7=#0ag+LGoFubegA4oHPd+jb)+ithLAmt%b3*f%M#cG08@_zRxqG_P3|O$0TMun;}8FB!tQKyAL_X%7WTyaJg%%%;(HtskKCSM!Zu)7;fO^v56utMm7D^4R2$*tRF}{O^2@j)(sR`rb08uxc1Lzngev zXoNUNyT)w|c<^bv-Hb+DwB>NJ_aZ{0TVYlMM6ab{BGjog{ocDQAfDb!pG~}NU#bhv z=dAvNIW=rD)J*lQ9*xxic=AAqtkZXd0X3;V$P>@^SlIt&_I5Q&P3^z34P;DsT5=Mg za=nJ4B$F5PAT?z|%zOqGpZUn-D4~DYoD3>njhPINtpJLa?d4~U_6m-wJq^ohFyXLg z?y2ALrdy=-Eh#3`yx7kYf}#CpMSSH6!@V^CDaMZ;BctbR6L`+r*W+w|26fOJY!das z<f&GfA)6W~17?**HpH5>#$6;TtGDFu}2gUCUu!dlWram9WlI-KKM zecf`z&7+YjnzzuPA#1I2$Jl zMY^RSJ^pjGe)x3>b17WjJXRi&b3Y2^em&Pa^ zdgU%{GPOe&Nr}S;$?cc6uBRYVyfs?s%Aw(0hmVo9WmL|WfNNibkP`obRT=TOT4A$v zKzU#mz__N5X6)`~Z&EAim34AuGXXxTDlhnqwN*!sb-T&Z1`acs4PzZj*-e=-c*4ZH zBcXDO>=;|y-P9G^(P|}Jyx?i*bAWdh%)>gp=aP9EsS2xnZ3skv9@$#>O<9kQXp zs<+52csO^5Y;;K8P;KVkN#wC_VXDL~zcEmSD2+>?V~E@EQ=rl{7jwDfd>gtBO|9g@ zn#I-trLPurMm6=s>vD^0Kb1-hQDK=P%YirXy7?4AvcG^b<|NnA+j5z=Fmc+Ropneown~2`bzAPD3tSJMg1hR}(l0ysvjgDb$AZ#eEJs zBv-vcj-9eB5T~coqi2dgKh$U;@K=Subh^h5P;R@P(8uG&>%-NJo^DHJpIR>q2_gG? zIb@#m{Gg~a@?s#!7O<&a)TItD$n=S&Z{j%2YxTNsLaUIjTq{j*p|njDmE_mlm?wAG z79Ab?n`U8;-9%6zU!cbveN(SlVyy{#K3V?SbjY79)bkF+%$@eRKK^_CfdlL&fh3KT z+ikx&X2moGQd1&iI9&jODuNUp(#f~aGi9FKHq=uz`9fPj)YY1E@4g*Cc|omXkw}&- z^TW)z_CS>){Fujpgh^pT-^g$9H9siU(Yu^&hHHg>qTKG6C))RAi|fSBAEl3biFnT>#8FPu(_Hkm=@m*fw|Qe$rRQkv z)_>RcLOwkP?C#&~uDbrNr+n=^@oO(>>-0%)w$C#-UD=;CIXTKtuiv?~8zB_tl{W7> zGwHdKt%V5BdIHF7Z(OleyiOcGVdf;=Ts7Zw`~->m5^hTIDI%&(YZx)VtU;ELT2p+x zyx;Hju(w}X69tu;c5;ZvJiwudV&^i_`t-GZ>lDB&_IxI}q z(iWsWL_JC`JCY_h-lH6M|ACK1hzMewjwOlwp@l&*vUzMS!C6`c3IW7q+#yCZ_BwrG zEZ=}a!5Ke)Xu}kuB7$p)-K>vfYqV&y%Sg+R-QAFc) zsV8@pe_8T?q#uDrLGbK5Wy|F7rEE{PTCZ=UWZ>~AiMJUlaX?q*s7;#-Oow7jMC%xw zJXG8wvn9xeR3mqUSl{eVF38N4G*Oop*TzEVSfAdGv&DJ#TSQfO57(SVNUzsS9(&j@ z4{Ju2cPQTdb7~TzlG5XnO|iB)9~^=RTz z0E;)b5{t}>j^3J;&|hRuuRJ~V+NZHsvzPkFTOco?C$;Th=(qN^;A1lp>CS9~bY){I z?g|A0E4q7^r#)W%=hw1kQf@2j8NXd_J?{%i}EAqdb=hDf(fG?AUz&Zn$!egf&vHstT}EBgFZfntbrW0 zqwYFRZgTJb4n`3SvI@;At{;|Yq1Mvc4XZp{x_+*9sfaoYm^5z~D7r7gh2z z)}8A%q&;RC{~+-smWsOixi4?cpduSNr;-=q&7+51qFUF2-5s8nwx+~oXI;oO{_)!{ z*i-7=n=(01oPB3EU~lEgYzc2ZYGeBT!MaMh@y)z`*?UtEIG*@x1x*plmY4Mmcs4$* zICGco9VPZ}ruu(IFBRe6hOdY0@*hFNCm0}bD+YnpynKMMV~X$>NW||4Cnj98l5CPv z4A6r+H!wxsel8r!3mF2u*0F&fqq0HMexKf=b7UCFJVy%W{NO2Tw3Cxty!FTjamJrZ z!tswa4{qp==FzwbCK_YKa8S7dAZHpa!@_WxPTfJ~0keLt%XJme)aJJY%%u-ueDNUW zfg@ve_iueoG7PsbZu+(a8uL9E&03t-{{{OWY0(lW*^7Pd>&I4?E(Uj^-Y&K}9SIp> zkk7zAvnHoHCg4W+#~A)W1}D=$W8Bsz2&u^KR8NVsS6>J6C$(EjY~;ELh|M!+mA1-> zQ4MAHiiEocJIq|9JjZz7@_d9k2{!q)luMOfa>$M1i!$-(o^P1djkAXC=Nt7@X)rH+ zp~A~MMi$3l!sWu@>epcxZhWcf)CzxRLT;9|Hks0Hd06f(Zfd-dl^<$iyp=9VTj9fe+z?)M<>CghKe6yY!+exe;GS z#^mV-{MbU&1_XIZn(Pb`i6dBxX@nTg%yAs_V$3H6*4$nqg$ag>+PQH!Jwqkb&(lES zbPc}}`bDCZUJW*BXRfP%@#h!|nAL`L=AWB*ov7>!XXYO)dRFn}NDLibu{QZ>roFF7 zkDPV^uv6kw_Sp#_Oohyj46Sg&-U&EvY z4u!-2R}<)#Vsh2S-l${vwYQ`v+q>%Ya1`c#)dZm)MT-Qfc?}FR9V>EZ8M(T12NQy@ zr;*?%soyKCu%Oy3L5&!pB{r7rvbg$Wzkvx4H7gKfs_Lt^7VCP8r+WvO@lIBNhB|Tz z=WuVjFM&g1t##fyvmxt<5=Hlf5*=f*-8Hjcbi6U83HOP$;{J*LUqn!!PpL=9t8Ly} z*$`cS=a&u6V2}UWF8s5-pG3P{3LM{hWl*(4n$-=p?DM}LARe@k-J+!+i4We=md!>)WIY7O>Su9q-TeaUjHOY&uRnM~}rq`#fEzDOgB=ec*5r2tvzY27IJ@0(~ zVt`*1Y$S{I8B6J4l!mGQr1a5Iq>@34nqVg2_aogB*^=+;z;KW5+-=Codgz9X(Kr)F z@~vClsAS4_Fda(H|La45g>d^&Y0we1m0RoO#N9Fc)5SOQ$lt?o;rj#&htN(z06heE z8RubXl9rEC1kG>sfmFY9tL@V|eN!0Wd z2a5FRNN3O{CL&5(Xz9rj_AU9ys~F>A@uonKAsx~37;ISoLI27vnXW*an*pDq)aE)@ ztDux%u#mn9o1&+trE!o~dHpApg4I;6cs{BKf37cwFD2t2PcK5FU4J}>e<0dwL)Xvg z^@9o>*CDDRGXNUkBdoX?!B9YX`}LI#+9uWf*pgrTjXFE#4INM3vxW;K7F7LM&bY}1 z!CzT(f-I;f-2!LUK%xnVo+7i>R|^6r;Tg?!;-tZru)}h2Y1}PHq~>RK{13L#_f@O2 zG#FtJ2TPjID2|ve^o*be>xvpXh(VHioI*``j1Sf2BN}DOGCu8p!0lQ@0}SOTbT1Ew zhG%g5i4F-aMf{=WTzBtH_q}vzeAq6|mVX7Yr!?{7h0euy7e4O!Wxe-|#3e@}_CNg8^r|$hC9=<1 ztSw^LWz{NxsP7N>mrgJ(p*PC8Z7#&`NM7~gn#sZ*3d`!AuP4&ws|UWz5`@F^#r%Xj zBtbWT#7VI+!3-r%<#{Rkz>TlN{!PmrS2qp>er)mTW)<#x6L|;1DydTOK(X84zeQRe zvAwJtyTK7vQEY5RM8aaXj)o2HaBx|ndB;jh@coJ>;g@tc;j3CK<>B>)De);%;%POJ zuzySnR!~(*73viCc<}Fq=30l~(}A_H#)SX`tQUY?|KZ&;!EHSPSL^Nh*Qs4iD2E{1 znDv}vYJ8vc;|g2(a$S+Q7BiE7;VNEiiHLsVqS=mZ?(XP-=7*HJe?aXm7eU6q6_1GRe6u{=A%<-a8lsBD#3?65I81z)xwRk>z#ybVQ1;})6Lf*f|0QfENYX>Cv8*2 zqgfW7sR6$S$X8iYM@bbj<(9ld9)pD6&jW?cOIF`o1i^7QAy0Nz%wt@;4a0eMZ1{d?DmJU!+Mh18#Bh|XoR zkfUnu=sz%hUrWLl*pg~CB3-bky%)%tu2)dc`<-|m(_-EpgUikLg%?+N&}$r{XWKvH z&kZ?V%-I6I){jrV3VYqs{ner|BtuAPfjBAUTVeb->vw0=7PbVXxLm}AQOchW#AqYp zfqz|HR08;Gn)ESk1Gy^qas(axo5%CQJz2aZr-;wWUO`o(K7#7z?sb?i4v>xpx-CpQ zn-b`VNWjGOg{!pdRRV^~OW2J$p!pY8W~-h;h5U+Dy@|Pk!~)@A@%>syGg1rHsq8}0 zP4sDxR?X%{E{I?(WvVfxDaPGY^^6)ym7rq%|6MMmK)X%qmS+9<>4$*Zd$}nzz}?yv zD_Hd(ZyN;bPuEEC;=jc2{}+CvVgY#2_?)k%)@Wh^@OyBsNjnch12LF=m^E^&SJFz= zR&5PUH&sTZpuDt9y=VVen)c%QBcDWl26D(9JEc~)#5sE$l-77;ai7=^GzDE=EOd|_ z9r3hpD2ALRj#YU{My&g$hN+Qrxo0SJ8ocq1nEkNeeXS672@!nHWCR1O!cQn_4X$Ed zcb;ULm~y2~={wB1!gr9ct}2VRQMpS{YK@V?At8c%rV*yRs{+soh*v*hmTL(bN;(l3 z_`2usOc>-bX9)aYGHOL8cdcIfXlkoZQr~XS&mdQ2IlLYPP&^Q3-XX@9+PB6lr% zo=WLH2E9nmvON?yWFzb9FXdvU>7)`Gzb`q%fM-(alDiwk;kjI^?K74%A?1>;P{9jB zvd%!Y1zTtW$ko0>;a58Y+I=1_w<~!JB*+;3@>wq|p~{d^L|U8vrqZIeoOV{hS?X&4 z%Zah2XKOFOj1}c=JCXp1xP{Q7ui~7#)c@iFaykPYP&ZUu9V@Fd_W*5FKke7c^q20` zkV2{{#i*MPWGLA)C)J% zcJ(D$%X;u_^-w}<-CX22i=>0PvhflsAXnlsaOM)H^)cl;O0}FKR1h-Qf`sZ{x43Pu zxGcT-=*73Eq9wNCCa)|1#DjK~D6{9BKJ8c4$38u)e?NErJ&wCO8UG|>zh%8vA9us= zf2mDIZ26vbFExd=l+_I{R;%sXSqa`k@wJFzui$7r-B8WoL)6){2aVEMzeT*cR(bWQ z-*!keviI7KavIvlw_cP#-FP}wvbYS>erYeaWCz>K_SA{}iodr#8})kAU-fvyScHBi z5@8o0XB41DZDG(T88Ave6XD*6&^Gu>+d-G4LR{mK5aF;X(WNJrRJxX5uwH_D-FLC? z)0pQfm51Ba=TjyOAs>CY&PY4@bn8`pjL`qx7VN_aWezj6m==`fKh6!@Ph$>Nx|~?IbLA9@ru~?8pRCWj7JjI*yQn&-xI}AUD7S@x)lNGyYpG+Z&*K+(oLnU z&8UaJ6RH}5Y^*$t2)3>KI%@DzBaf8{Q?TQ%P0agwz24f#!-3E@{-JRIWwr>BEglvB~9UNhBU z3-=AZt{hoyQJ0K=`wEFx%8_GLKJEuvL5&D|@znicQ^JCN#mTbm$5r1iZ5Ay}BnACK zQN0ta#U5!^>qNp7xW9bN{RXPF3xsWp5?BN>yWT2DLJ~iVV>^fkd(<*2?p02(acBzc zuwR9}#wF+WjE5&t8;%mR=j}Z!pAa_aoZb0OWkq&187RL&mJULaw+2_4sT5f z?75%17?#7$|3lYXM#a%}X`pCmAV_ex;O_438lZ7^cRDx(cXziC+#$HT2MF3|6N0YUnVKNd>G`ks=iHI2Rh`t(afJ;)Kvn@a~m&F41I zRT(Z-ka5>Jm@kcG+Aby( zWqDdk>f`Ps>D{~J(dYEtPWCpE0YGxg9LRo<`&>Aw+zd2|!&W||+wef(DVZ?*a!KeUpyt(WEY91W&NokhRX zyh0F0=0z!y?cgY|R%q{r0n9(h!+X%>a&`QQ-_$zIgf8S>NdJDz36&lCiW8jP*3)KA zy~)hxQXfS{!g_)z{sLT~$U%ES-3L|meOVSKY{&6`H!K<11*}X+?<9mB?G1@%oT+l} zCx^An=S#bSl@!7878f5MCUjFWdK>rW3FissGk@ApL`xbGd%ojD`O{9`^r>!aB2l`hB8Cn>)%`1>QlR7FfWvdC%g!PIc1K-x94F-uWQll$fofO%t6G`aP8BUH&P4Fq3dl6bTiO5sEvi5yWkpveIVR1`6J+LEf8$zv-7_7G1BNJh2S`Ot{@ zf2G4;$Oq7+yQ6o#8^iU#Y!NwFS3SvQ0w2Zq!tnZt%+x-L#dxr#jkS4|`K8_{ayf0T z-&Jc>>u!qU;Vu9qg<%RmRw%6$R{yX1?j9+!mZZlubA+TosfaYYDogk8H{!=+Ake_g z?;#PaW!ilUG|<0BucDuf3+U7ONA(jJ~bisO7Ny!$V+5dWw06A>=)f%Ft&alBf zGGcLljM9)yQRLG@qyi-RUFR@`33_0_`L2s*{z=Sh=3RC|BlVb9o>2?jexaGH@VCh8KLBLXf6VJRpd5p@o{|S{e_}uSuUY`Hx=BKGGHuSyg@$qOwU&p%! zlMav3F7f~wq%TqLDDbY8)rvkIfZ%A))e1gURnn_p+J6e*p(i>0uz2wUptpnKqo7%e zyi`9pyip`v`$bTHk3nZ+c!GvPe4=6|ouTYBw!wdsqQ9XQaEc~rnVt@RZQV{$Mx5^X zXX{kqCn|ZYeTwGEdI_-kV*m1K3fIWp;O$Oi`3qY_`NUU`*USA^VRUfX{ZRF4s~4K^ zP0Ev0$szv^0GR_0cO_we@WZPbn}Y~8$-zF_`E6UuW23@)4BjZ5h9g5TLsy|HNZA@w+6k~Qk3Q8b});X_PtJd`fqMTjJ*H4t!q z4oNw3I8mStvRZsF&3v8+g{2g6iK|yHLmf4nHYxl_-f1{PV)4p|Y*!-zqd^UKX6``S z3xmfq3sf^Ij0IeOnlPIdd!6^JN=T<~;kr3L{x6v0|6}3yzLGmDnwpwEe>KZjFrMp0 zoh_1ze$35hgfkUTEwxsv%n%%@3rLTYZJNOUFE4*}-_y z{%ObA?aUqQJLwSHoVH*6v4=0`(b8cf7HV9&Ni~=lLzH|3i zIlmB56J4?uyc=}*SdV{~vN=s^2sroGqluPW@A5pHAL@|ylW|e3F9-qt%Qc1=s($#5 zeUBh5mw@7WWxtw*^yIdr5?Ikdx=Xee%&@bumJ19iUus&)V-FL&t>JA1{N|d zd$UP0_2v)ItX2L4zrUv9n#Irjp6_|;r3yawmWr7>mdI~q6rz0>3OdW;A6c|su_<^e z82E7{^IfN}K032_Ti!zq0;5kvyTjN*FM_;eytNZ>kMyg;>0l{R-2~lYh)X`Bjp&d3 zNJl&DOS|u!Y?eis&I#c?5DMKae@{*F&wYqAWjOZj2Bg_FUD@uuWi+%%#?Fi_-kNQtqVxW@EiB8Vb(hyWT6J`M)C_XcP#foYky4v z_|^@X^8Ko>wb0@JHvutO^JixOW1!SMNpj!G@AJmB2KJV0u42{M2B%u}GDZ9zG9<_1 z+pK%q?$I6UE*!oUH;8-o9%>|7^yQ1rHPO&H@voZ3-3fZw7#R3}s^@csU?8^Y z!s(!L2_8GjyM|N>a!8tzmnx*oZ7QN1-gf|6(R{9*;U!C^Gg$i^u-Y}NfNa{jgorJX zlSd1U6#Y#loOM{SitqjT zNPCt~%-c4CidO!2{<<9Lx{T7eb$XUcVdMAA=u4=?;z1zfu9tGchI=Li8ECFfEDUj0 z&-XP+6p0~CNLmkJg|H%+ehdi=JKxvEvvRKfxCG#>kBmccHlPAv)|sSe{S#zQWmR5;BgJxE>^0Dg>~hgT=^vJh1r;b#VV~@APm; zN{B0~;8PKOkjkyjJW}$%oe5;NG6q9zpgZj=1a5hic6gNCbfQ{4K@&#wm0(WCn=*$Q zolGMG@t_mOr#Lf;3GKwp!}$)DZoD1gXKamdAF zNiV-OjV-5y+a*kpqwPBr`TMl$B!at1u+Pgm<)ZP&Z}#cl1%(=Xg(w%`LSKFFiln`X z6x>w|Fd9zyptEkN)aeH%>rXhRjA<45zH`FVxV8ug#L(xK_2V$ucVFHlX^|_XJOvsf z4pw>%aDwd^ze%w~yLP)YO6lT^zISlPOP0{Yc?|h-0l=+ncxTap?s!T#Z;>qc^F((U zjZ@^aPH*I`-T0Y3%jukLU4zx(MW@-(5&89~9sS+UQETSfpRp>oQ(Zia-)79k=2he` z=MCo$5p{HO%*S(9suu)OT~fRlZ3cWe`9HV`14cSq9|p@&4*R*f`NApqfQI{t^PJf! z1AS3rJQ|1JCz{vR1B-9@;)z==;G6&rHkv7>( zqVT(q*^!^tx!mGz&xKXWugIC~l)t&q0v==!W)fvUAcO||%*zMq=le3d6e*G=dimou zNfA&y`8yYHl<#sDbyXoVWyB}hAFfiL6ai>M%b;_e&E{7*uR#KOP|6)UQ~qliTl%#k z+dV}o_t(s`Sfts$bhq5@0m4s`N4$8Nx5mBFt`vobjxQoil<{Zze+wCRNJH>XJ~Q1U z3%BQv6oggY-&>yqn|}@fJh&Ci}R3+Z#h`mF1m=T!`7v7 z(c#S@b3&)2K_T6&Ypp%jpfACKjX?(Ii_Vp$2a|4-dop$0T@CSy$9M^ewk-W5X(P}S zfd#pI*CTfbt0P^9H+%?y9P&{;tDd%W{f{Y9batKf0LmAFQXyfvzG2f?_PFGR)KGYk zPGB8j`c;XQ+TR6QG-R1HWq*?&@R3IPN7?X15A3u4IJt8B!viYBjB$Su#Qh3=Yv#0t zQ^fMS{&W&-HOSI+s@K%n($`FbqR2T7FTVZkIS&Slp>Ug!%L%XAVMstR7DY=>OV7Yp z?JOMA5g+KpKz=!1Vo=Gqy`u=&IGuCs>hwIn2y0xx_vlZ6P*Q;!P~7+!7kcOYWShP1~5C?;Km7-41hw>aW54AUBf(g^@1Ux!_U_3fV!;`+j#P^Dbo> z_Pa@CP;V&dkE2ZcDLkE85Hs1Q9!2;e2FdhYHd zw?p@g;X+uSEgc6H$@$Stm?iTy+ep1s|0E$W&<@j&i++c7g@SkBow>_f-Qzep$XCVj zfZx`??`l1wD=q#g(u2i}z1NUZ2M8hqSd@K1I}isIDo@u#SG@-$%=C%t0_SB$Q+rN!8 z9`vL0u14rTXQegU%kH9G(+u8~<~YZC83QMzuOyF<4nb!wME=SC9jnEdV+Uj^t$#7+ zL+?0uXLQ?PZ_gAom7U}yHu$he(=L*3&k8mYFOvu!%UisXs2TpL*I{2JjCaC+vr6wdS94A0N8clGJCX~C|&b<=kv*IAq{pBgxB zp5}VY!$j|#`>g?k$`)N;;D!1qdbgQZuL8(!CzU`BZvhIzNQEbeTD%uLvN#E0pySW~ z?#*6;%-rNW^Np~|#+B#W-WR?>-qj*E^4OjNkv*$gPi39Ny|id19QrnHaaE)bR6j%t zMQ9_*D*`kG>h&djAEHbKDA0$FVr1W(wc8nNK8=fW(T1v#8U5gur8Rt~GuxU(+5LE* zQ5C5$YTbFL;a`$Of*Fr>wnkDuvoW~hB$*Tvcrr>fP;7_5-37Mkp&Px*O3e<3{c3Hrqbfm4q0RRN`q3 zcI{>GN;So|T>1J|KPl@pg*I4C=Nv{J7BF5A*NgmX5=aCMICoSkXY(71O08LGpAsTp zZBr8hH~Pa0dxd#g>kZk^-|i1JFKpk$rdR)^q*~S2LHczxSF1eE z=j7pF!|L6T!8XdTO?A)!FaOFqS%o?Fq=zQ<&1AAX*m#H#f;4pFU*^zwjVkTDfj?fM z)>tN@t)1Qam&bamn^b5umPmM=;jw&dkt#_JXx|Ipnp&|w zUoH*m&N}4``lL%8#&9$BuH={A2oxv6rb6pf2!9F62`yt%_LK+u$0JQGUNq=DnJaXN z@T6OuMy4L8A$c2G=xAORC(WfBVXPSXPV~W~OOH*A1O^6%;KP(Yb+?jmAM`WgE|5(5 zknjNS4SikHHLgCLEuD>f(x)F!!BEBYh`@|z`C-_AD!YcvmfRTjP@M1GMH4G#jyA6% z#BH14WtZpzbs~-FhN zZfO#G?m3NH9oJ@5Ld53t3BaKQ1wqf6fi(HuulO#+XUc7w<~_AOCcA_L?mhtG#!B@p za+$Z1{s#IBUJ&4EV)B()%be${k(rT+m)PtPXzf|{d-VR;$Mq%S7q#=)IIy(-M#YIS zH$256_oG;jDM-%Z-NiBP<*Vw?u$`|m3|FVRblN>$e*@y$`T#fgXV(1FGX660$rx{? zEU&)$-Oi`ZPmu0!E=jvR*Kefm5w3LcKJKg&F9=EvRsTLoHi_)*qY4y)YcooTuE(`=LAUQy?!hE1YlN(9>QDoN!h+--#Q+&`_qN3$AjjrLeiE}wxu5x2y?)t@W zmqy#7ghFTClh%-OFRpFil{-NrwI5G0^x^L8jQ&g2A8M7HKgx4nPmR-;l7IDP1b5Sz z^&l7+m|ek*4kK|jb*3ki2{4UkGNkSAx#_1_oKC0MT_O>p6LeIDl`Rfk^G)yg{Le}C zHuv@`<=QVqMR;Pg=Hy{44&cpd-THnONsN+X1NwQso>g|A;g5GARUmo!Pu|kI!;Zy( zO{YaeM$ZB9JSVJL^fmZq?;#98=``68y!f`Rv`Ye6zzpA;ueP$EPT_6O!#G1t!nn*s zr`-6EGSB9pG&#hWR17Q&+H7I{^|Dw2wVQ=Bv`zmty+ZG3W2`tiWUT<7xPB4fND(b+ z6jsVl;Kr6^<{7$~btbD!;v@nU8?p*u1^eg0v$WjAoqGFLS!W$>so*-BX)`RFVrCya zWtsp(vtI5sdY>=vumg6K0oLp7SK)tm52t>Tt|)^de(t+Q@@ zlAz0dhBk+&8-<9-mBzC6q9F`l0$HxAir^dNmtiISlkwDb7>D&NUdNn#%s*6TKR5ka z1Kv1<-x%%mcd%McXZx5EL(vJ_f8=>)5wf{|kB9a)Sgy&7@Y~%_e_7wAaF{l&dQhW0 zYmU+$&DmxcQj-)Et2isDdeb!fU{iNYTz*~Lgh<;8K|#slbV=npxYxN#K_MW_coHRR z>46Z4oCcJzZO#y;ggrnLZUnPBCLX{wKiC_PavKLa`6%n8_%Btaua!KExyH%?al!5* z#KMXr&O z&zt|?^Qo7Usp=GE5>K}`gjLRSlNrc-;~B#_h?T%mtzorc^Ez`yh=6@ROu(qlu;#FZ zDU)~!+b|~KCp&$J%CEk*F`%Nary<0y$d_jOsA-ycrm?t8U%Ftyu33s{8~34{DwZ&9hzzE?a4c(hF%j) zr>|>HUP55d2nsrzo&p@ZfH%4L(I`xL2f&okK1~51SnuuPOWT2Nim zg#xEj7rmwHQr>G>iKktqgqN7CXpsTG^y4}u)ixBJw7|Pbe@In_@t*8*x0}^lN2@GE zMdbCj-miijl$R`)iGmMSd53ve_1UzpU&C>@c_OX-Tl9GDehr{?Sd{=BnD!YwO0cPM zmkKgV3JA$e&p35xOj0>iw0OvHQ@UC1jt{d8+!I@QrA^$!{sQgc~XCOgs0GTRPbrj z%Ojsrcv30Cn^=J!yL&17w>LZgmA(qh3$=c-Jj@kKJDKW+aR z2z?APei-POVes)VJ<_5k=rDl2LR~M*=Y?yfVNpo>a8a3vQxp*~y?$I$5%%1uXT`;6cb%Tr9K3c}W?W0+xzfwrx zNO?4ala=rO0)8_$(I2dyYfJn-CDhh(Omnn@inJ!`v+`HE`yXc~k?gq|$Bk9La_-bP^qPc)mBkjmtk3K2 zeekEQpN6BQ)^Wc0oR`guJJeK6i7&e!?l|_m`Kw&cmsN6&m`q>4Lji3vd45X{7;;hA zE}s%}ahvQ9nJVdXT%&3`x==9w{Nlc> zmfRv?wpVr1O%Ca?)vS6#^^7MK0!ELE={fl;w!gbXyC-m;Ad^buf6%!DOfEWrgs?UY zZfK*X-&*QG(XpnJV$Mg3e0{nZcHS4p>y|kP8h=f%@bW~+>TEbp1cAH!Hz5e-yltWF z-<;}R-YWkSI0z(nrlfG5 zMKs2-6zGzwP4TWOHQjU<@>K0)OdtmWgYw9%E7uR7QpPL#UW%;j%yw2+I&XiWsPx~Pwf;ee@< znycq;)7d>+Qv870=#jW~d5pUEC|`um0v;E=PW~R_}^~vYw_`S%K>T7_*EE8 z+dC`jlsypuJVHlKU{~dgU%2uqJ!M$Z>$+JNgA~yY+v2+7_op?{c3jyFz@}-@mZ;Hl z{pulH5?^` zbKGTjY*11`OCcqynnI!el4o^0{Z$87Qa^#+D!}W^2kf;;XZ83n!za^MFC4HazY0L{ zgdai5#1{8afo{71QU{skYo`@>t5t(@YA1sxgG%FJMWXx_YUP(P`-?>0yAGV;c$%4# zer*)Al^A?tF5rv>^HQ!j57a_ZKft;mj0M)Hf!kG5h5l&7EXlTg`RU*A~?*!4V>ODm!jDd6n&kj*5S5? zyW`Q!QBZ&R2Ho&Xc!nAVRtLd}9-}udr9^oG8L+mwbZ4hkxbB1(dy6;!*2D$}K zu(Zf(gHNtF5cr&)@~)bUe{7XQ)hq|6PKN~dP8Y+pAf0&qHVNnTsysQ$IV7jAwghC^ zm`I@LzPyxyNedPo_+od{^c)d=1~3myo44xEOKhl1obWX{HQY+&yQAj7PXCHPqdAJ{=Bu>0n02` z0}JBG_hadPltCny{ot|#uQI6+*roX0p`0cX+*o~Pp?2Aq0b$dC7Jt_Oov(jI(mCD8 z{+BX#*%K{=>2-{;GJS0KJlUU(sUo(7hc8oODYp+H;u#-JgHRgD_kXuQuks6B>8VEQ z9~KUDiYi&9$m!bqc~mqu_!BU%EQP)bv%O^n7*UoYqeD#Uj&f?I`BZe6drJK+$@aD; zy7yKEK-aqN*l|v|T3~=aPwX|#H}`zWJO79q{JR@~T7ItV1s6^TO;Q=ThF7?o^-Xiv zlhPQ>e1EQRO&*v_oel4z_qmM_>D~(=OA3jYi;k*-_)4gss{+MD8s?HDs#onRPGf-6 z=bSH}@sU@yr8xCCU#eQmM~(|%EJDM1 zCZIJA+A&>goP8fdyv-E#(12uhQ zgQ|M#`>ldBcjw?5#r>O;v9f;DCv%3vMPn7Xmjs(GG#D!B8Ot*28B=t>u6|{)P33rpy~*^lWM3Zm#5*GOn0pjB4`hfw3$r&&e#)&1V<2_Io6Zo1uBTAAwgfeo|5SR?+pI|(zQHEnXA7i@jf|YbA-o;ar(RP+C%82=J||Fv-xa|jN9 z^dJlqBlXAnAmpY1$nPfZm;Dy3`6Kjipe?nQStfyrR_dXB4j1%Gv2mT^))#af+Zvtf zw3|=oU8o6!q3WF?fbDhG=SmdG4rwxb+O3R!zMy7FLWdR|tPCXy?=n^O0!0j2O=O+E z9Xf!+;_BS8Ap=~eEu2Dd0LSm&J)s54CO{)jMj6;n#Mhq}+Nv}TLp~~>3w#h!=9;1P zlF4qEF6kF#5(E%A;w$u#kSTYyKaV6am@f2OL;=2HZ+=zj@ks)u8a2w!a5Bkki1QH? zF_{8)6=$wZ?zt_Q{8S7(<2@tINz$~E?v|QiwERB&NKBq&tbC{p)D}Beg)&`B*X2z* z(^*E!O}4DQNz0?VPra*f#J+!AkMG27Gsq7?Zc!1_3vG$?9l7hWA_!AC1c5u#Qc@&Q zD4N5ufIb<$b+#nPw?9fLiG#U2Ot9$*rP;eFGvatId;a-WO$Jd#z#?YJ@79J}mtiZ4 z3Mk7jUc6KW822ayaAaSOy7*)gOh{@>ZyMnkPi5*b5GP&reu4NMsQ0yY$214mcjJy6 ziSzp1J{rQjA2Umy@n+Zu8!5>0pqvd*i8BvOnGCoBoQ76M9j!lz#BxQj#XJ#1zY+D6 z>Q3r)V~QDc#~StgtTkI15X|bicx-`pR~$V-6T;5#4;gH50U{-g=sT@iN^Xk}xbg;6RH4on-aigd4lTeD^C8 z+4ZloTZV|5=r)#hPK3jwaA)#N0M}7X`>y_VoAaH?rVvFy2~Pjl`)-cPXi7wz3eglV z!y;O&)O%;0&yAR5JG3C*5x2T}LzWu*_tW!8g-Ku4GI&8nK<9hw*$!(1D0DOeyk<_* zd4S~vax0cJV#*H#^22=XIco(t+X1L!{=(D-KJnhSqQZGnrYKJU@ghbyZtpQnQ!v_~ z6L`aVlD_j-)lLtq!}pmkHh`KDXdC`?M+4hr?Su6YV7My=UE?c4a#wRD%m<3|U)Psm z0J+67KT@*ag48BI$lMXP)?fh-*HoQUpv<5xU@Vy&bbY@Cw2s)u2f!2M)oO~B3VH8I zENC>ErIVE?2y)4n;YWhD)dlZ=Qqy@cY`v*lf3mhGgTC5u7NYYfn~ke##b#S}_birr zp7PuL)b<3f^>C9EhZJeA-0v!o>6#2Hic}yDik#Hy@oYbJ%xG)G7!Pwu+S>Nj3hcPhwOR=<4uc4*Ju)Lg-=E2Iw z#n~!mHTVwN_lOPcmqhlJ-LM~%ebso|S~_U$M)n3KgMRd{52C$CSJDzI2~p)#qapC7 z4VGij*4-ao^^rBO*39!ztq47fowOb5=^J1FO>jaf!an5z{H_S(es=%@Bsz>ogoMRh zggxOn&v}R=y3Mlou31hh*+MN_I#y179k3e%4M~{$E4=GK)4JewDb_v|R=e$Vj&?PLowpvvg*(5~58L57`QL8-tYE&4pY+o<864G@xhmb;(bmu*Up0q6 z!^v{JF_ubb#tT1M=P2ZwVd@wjh>XE%!c;%ra4D)>eg|0|+zh5)=UH&XTvd}*pOQX1 zY?OgkS#3@|PZBQwblL%zKO~)gcBk7WXBV?wMqV=kNi&%>M+?P31cKLy+2CuO%+QGJ zKX}`(a56CQ)hg7WbQ&gH{j{h!R+)Sje6Bop#|^!=HzElJs)Fj7(qd(h3r^|By?%^G z<$-3{1*RttACf#pE7^-u8Cr)n6D+f>S05?XU=Fp))o>c0hnHdwIM;nabi}SP0Dg=B#MaFZnH(q42?F z^RWD?6NL5a6-8r8H~>BW$2?zo9)a!do0r=+AKP|8gto6-!q1$r8z`&}R-8h2GJ5J{ zXS)4|Gurdd4VIs{j=axKTEnvdUr>L6k2F-IFcY$Zh{6L;sh)e}FhBJ_Bw}^{p*a(R z8$K&^Sc6`OB85V-bJYD>T!2Uvfc3IQC}t$o~^vwW*lLxk2j?W9%$*SvK6T+NJr4V*Dx*z{~RX1Rf}qAtj!E91)=~uE9UFnmbne z^L%Zuf>sARvc;7 z8~}&hS&OdAL^BY(6WI6pS9z97THn(x%9OlqoO)j!geF#|ulbA``d(dYqrEK?HWOBX z6=D8fzxA}iWGm3$WbMQg5FoJYJv`hUbLAm%#O*K;Cvbv6z-^6ZDIGgw`$_R=)31@& z5{c|@fF_F8;i;Yz$_db@>I0yag*yArk|ZFInHhI91=RZ>+9SGPa_b21zizDr9fq7=2t>H}Dw?3Oufuw6 zU_fSveR;g{ehp@UjT*!`HJmU%AKkApouTWhcKs9VHwa`wvxq#XIeGplme z8|{DIk56eDhJV?`l*|qUmBa;T1V)g`NKnsywP4SB7~T*c03R5QkBQEF|8ySuGFcz3 zpAgycUeP_&kS<)bQ)dWW?+bxl{JE4xE@wb1EqfdrOc@AF?in;e`Un0C&IaV8m5XsG z=gG(GOrYKgkI?Y>N0`&vp`c*{uZ`xaSlh$TQ%8_KuINKX<*T3JOh2?1^Eq^fd^Py$ zk6%^7#;aK#4!2Q`29AdEXp;$^TB77u_*|jV{X_Ey3_t}DO~^aokKe9G#`RGky0z{4C{hi<-7;V%iLOrt zIk-KQ_2mvOFyj~EoAV3u>(kHT{X*kgrY6hM#ZP}xC6V2*6&YKl{yZVA_JPT<3`6g* zGh%2?xwEh(|L{brz|Q|Nzr=-dG+^7V#6Pf_rBCxMM-7(bGUot6S}nOj=lQaU(we{=f5v3nIMRTa;UW@V-gF>z=al9 z^hSK8$uIe3=@5bxi`_s^wnSMB<$&Qj+DJ*HRc8up26bvx%8J#(7!D9ld+(A1{24~S z0PMZtEs!?h3sJ1_cF%X4$!fC1vJ!romu!98juBA9P$rDOgRfP1T1!`BJ@NBHqW|_! zoMO>AKca@8HhJT|T7*4+Bre_Sb1q*UuWK)Nb-?igAJLu%3!}*QQkFkSj~6?@nw*0b zzAf)RcqiWU84%tB@4wI9qlMw&#Gbz+>pQ-LFM5PZ_ys5K@Q1XJCxG5w{Q9d~*Rg^` z1D4^wy=1h1(ammOWP7z6-mRZJBed^yfn&>qolW6~BKhHGXE^L;Eu*B@{B3tN=yoaP zL91?F!s^Toy^4;^!VQ8s#gB}!rYtlHA^OZqVO#~Wu8yrj2Hs<6$?-RQaQ5YKqBF8f zWC4=~m7P-dj>G~Oyq_8EGN+01I*xxH?eJ4gT}?CC(swAgT|Zw9R9e@!?6A&TSA|%I zN=B1uM1VaKA;o$Po<1ld1C_}t2Vu1t2->0oi}#G>jx^7Tfd}2o-;Hfo1TzCF5DLn! za;OWaKo&r;y78hNzKQPBXIs+c(2$e9gG=VA%B5s;yb;&|9g*pcFa@`+ZQo_ym;1E` zP8)8Y-xKYdPr~V)I8dHbWZx^F;Hx7>MF#E}V@1NS0USNkLyxexYZ3+|^c*ZUhF*C% zO|7xnWoH#?$7kWB{=Cyin+hOwKx^kPm&nymkb7}3}q0Uq4OlgGfS8>~tqBA|D^DUAI*cMc_M zuu(M2-@o7Tn+l_G&6zX!h$iopSl)1iWi8xOt#W4!<`DKD@0Qd}71I3WSoV?`cVd_> z5VBHCrM|G~Vf&Zoup2yFaog}Z;@}otTuJa`cu95Ic4_xm;J3o31cqEnxIV||zHu~L zs`5)`T7nvWEI|LN&?r|W7D2;Hk2h29sirx=q&u-X!16RaCCon|*S#z1G9M?p=OS`e zT+9mdv-E#_Up#1f#O||VE@$T|RV}LFeYw{WW0#qS&=3B-xRoZQA=aoW4@a4>SdG^|s-tY}0S#$5lfR^{wTh4sliR zLy{NgP^GjiB1|}?s7_p)2sCSTcmUt-yl)ANI`|DLc>&zGf)l7&V5MK?Ae?5^mn4ZT`-p^%1brheQ@XvPclzq&oBL1R3D`;A^Q;#5U04@DHMu- zxW5tzKw_ZPnl){UhmNqrez)pi+6pTvob9{&^*fP8iEe=)kPM<7n-}$sg$-6=MdYFO zyw7Ru2yXmGX!f)01WW!31mo-(Cs1|v_{kAf1Fy&L)DL{odNLH>Z?@Kut+-aa{mflO zI$-;#LngtIKx{pNl#2aG%d4>GLxJCm#|`?PT;KIfXVP!et-F=eIkyPsuI7;{Rpdv zib7bWW{YQ((VadVX1KQ#jsb%TnR{Ikpg-^2XZYf`z%L0-j@S|5RStO>T+Wr1P;$cj zzOKu$Lpgvu2q%DIn6|1R98SpFYT8Qa4hV;xZ7aiIy}T0$?17vppdyT6_HFhNeRs?K zw5+{%<0g7Jd_Kr44F#1cE#z&SmphOrA+fqEA3R#aC-_Y}bIZvkwG5=ey4;l8fq9;^ z6lqg)BQ)^6>qwBUjlPb)v|Tq3zuZFJt=p{ul1X*2gJqPZjp79CBNgLahNb!yiX)hl z9DU$8pz8$Tfu1e1A%IMIPbMGwh)#HfP!~89w-8=AbdoeE_Nq?)rg(PBw6Oh#Hfy`- zlmF5$P3RT>fP>!r90>-GH2W|9InsRJsNm3)tc1N$FU<5gk54898Fyi5#S z+i^WNAG?hx@q|uWgE~f7&yp;X=ACwVgq|G6d&nynmc!?#sa2_Mgw}(-M{n4xP#i*} z3ZLq6oRJ*OW56M}FqM}>w>v?LgT*O^G2a5xsM3<3O9V@-hQL`VqyzU$(4u#HZqt!x z>w!o3Bk?7Nc3HtaXvR!7QmAZ(VVXsRZ&&%V@C-8G1{t>)tWjkP&J(9U9fz}(s}GS? zW^}}V>WFR&B`b(3>>)y3n0x{VuVr_*`)6Np9*PA52lGK=Zo9*=c+mu@vD#Oc%2Fm6 z0aMW@Y%Mh1T}~afrUqE6j#6iDdn6_fhZV7W;j6>BBfpH}Pp;Aj?~>slFJTt45BKe@ z{&K(bqwQS$n9=N`TVO{H75`~`|GlDF5a>~$(%^$rv!(@Jnvw^M;zSUq)=;;{8Ca0f zgq@8lmZrRtCFJDf_R_Lhd2X5X-Zyw;uu?w`&+WU&%c2}76vbwsY*v$LLmD8t5o1lV zI%R|LgEFW@TyyN+x19Wp6G9wH3{y-;9QuK2Htu50YExTw`^kYeyeD=oei^36(N_qu zn)R1&Zq(L3N0Zy;$bp_6oF~la(dW)wO#Cup8~P^uf;#lRjBG}DBFNNK8UZJgJe-Hp z@&S_OROK?Hwlu5ge5Ug$ufO@8M`#ZH~Dn(mq&8)I?#%0ms5 z*9d;e%?=VGnB-d`23`3@4CJyILNR|5PMS~_$ud)d$PM4QaA!p%3(zKhx8Ex5kz zw1S+SO!%=cgV+8w6d`(z_qBKl=S(3K~DCiQ` zy%NV`o=tHr85=a z(67gRCmvTC*Sut+i1w;X)43e|l{D&v*nc%%u*vrpJRO}@FUV@*^IfO7%pfYRFZ>M4 zaN(xQsg3*NgS#^@PdEitLk}VB!YunrLwfy6wISv2=A);P?ftLT4=#0Ibc0%`RH|vN zXz-QgFCP6T2@dhfK`pU-r?KTHYag0`skA!Lb=~6!^}MH8PUBWz1C+ttdPMolakwPY zo}005EIk@+SWEXO9J({?;OXQRmI*r&Q$D)v?b0ufwF|t$wV>-a@r8 z(Yi~r3rk0ntH%G{@%-0y=uD72e4xSe(*@@p)mvv>6=!9&)?c4yX(i5Y$b>YcX-J>T zD9*PjMF?xzO+!+ZvvHj2K4QW*4R3!~P{LoPixEdVD+dqXC3{6JY=bbWaC&wQ>k{3XhKr!NU_)h#R3*Akxtuy4O0ob?2F6GuZG>|7R*yxdW6M(2-=_abLh z7$G7Ub*OyGu_dG25u!? z+VUG=T)^PH*&2qbvX}eG$a>1b(nfYX5fqkP(@w4Lyrgq68~EUwcPq43Z(P}P@-|&v zc4lwJKfP;n8u=;x=^eGOrV^cRIeQ|ZosCT?@nC{>JfnHVtL?3`P%LOQX{LY_!lNm! z+!CWrrk`awfjMelTY5@ZyE}N3Z;l@2kG|;kJ_fps`uJm%*7t!)%$KsHb~3c zW6ZeKgjW;~)*qD;4{A zhsE^6_`g>7eKV2s$yVDz4nL2pewB4@;wGJl<1lz1vVb&zMIk#g87=J2_5aZImQihe z?Yeh@yIb)Zv`B&C4y7%n6ff?j#kII5c#9V(rJ=Yx6oNy7m*N^cxJw{7A-w$ev-i87 zbM`)CeON2`l94gjn77Q|b=|K@#f+Nd5gvcLzja)hE?UrTI}p7AxFTQY0xe1!%RFnK7^Hq456(i;jW^s^U#yiPex4?B-AD}CJVPzfR#=P zQYCC z;BNUc1sK`P9w<_a51s_vEE2LaO#wu(bHv-k(@@|X zx%kV$l>=i(Y9OEDvXl($qNKEg09=IQlIv!OmZ-2>Q#9tIG*t@1w-LS9x<4e{d%nKy znSA|teyH~DB_JT`7v~Osfq*2OSQq9SU zFuhiBUr#3~qF>qHwBe>+6e>}YE3Zy0Wd ziB1^^%b^vZM?~6wPYiF-Uu#Dm|KU-91T?~;w7t=ETb0B7g;je&9B2-{kqQtLxM~O zGEXHmj~ECE<0P>cDF4|R)03a2&l(>!=^k^w=0BcHx$uZa$zp87QUZ0Zrj!BePveEu zDELx)Up1Eh9B%yPi*O3D^8D?*EU}XfggHHI(mI~IbfMibFx%;EBHpFxyl6Yk_Kf~8 zcG!C4AlV5`+i!Obxrt-Ls!vrpRu)*^_?gO8toWck|L@lB-DmhONzGzFRbN9zwG5iiU+`~<&k`Eu#y|RO9D?qZq|$~ytJ14ofTOI|H}&?WUbSM?K}kH z&)DzVTD8Y7YAGv+Iggur_@`-D?s{co1zI#%1P0YFc*QTlTLI4(Pk)%_Imqcy7}ua<87L*odG-gaS|*{;#RL&YkMX{hYBBBd)sOG3b%JgUKx( z#@Hd^IY;yu3a+UEc3jvO0z^uk+ zzS_pF^zh0Ez@8E;1M239AO8KNbL=(O;9Qz4>7gxK)cz)^h#?uqMzmT2x2ol5a(l{cZLOpdIkjsJpM6da|on;SE{|#*eEqD}k zItuvMQ_Y7lWm6ca^PA_mWfD7_5w6Wu$FptzRxb?9TptvKZ=Kl+xx7i=t~XKJK5G$A zIxidcTpCmeFm)l-7y>>qVTW(A07Np&$wB%!uJcjH_C|hI9Tn;_8--$?7jgwC{3US! z92*hZfCFb66+6vRAU{5zzB%trw3YLFu)DX_S!XiCP@b8eZac+yHl!OSzZ+%^sGTg) zC*3Vah{oir71`ODP81pLxENPCO2KF+i?oEvm_-D!GQpidHCF+_FG>{R%i=~=dSH*} z^7=TZ_gM#S3ZF&0C~wCzJFJbJ@2$#R34p$~G#~AhTHVY>mLat!)s*#h35Umk*#qz_Ix)1OV;PyyC~wpFk{?GZv zP|F2TSOi|mW2whyzAND`*d@gg-vDxu1<3erzSE<^bOt>z?0C~Gz*AMW9x3P8p-7?T z02=}lLNnrV6|kuo+1KWy=XFMx93w-Sn@b@wb5TdVLfuM?04O9 zu{8#uG9_gW>8RWFit)xWyb&W;wBF@2jbCw%J7kDokLHbcZxg;lhW^isfs2rb4IqZL zvpjepOYF{Ioy}lvq%~e|5|Sc+lr^7=5&kzW&w_Ye;n%exE+1JGr_259WUZHa+<)^u8UxYfd z!Sn5_m$5#sV>h9BcISOyqW+xli)mVoFb4sc%rBp_nQX$@CVNZ;5mO#$G!kHUJJ;;p zz>=^f3C|y_8p@3*15^QiMm{c~Cfrht(RbC?spAKTiV$8?Da2XZao{EEJ@ga?_r#@& zEq<&S?BD{!Sa-h+--bk#7&Wi}-#C+?YQ!v1(f|k>P_zQjB1K)UA55u81r5P}#;&ki zN9a~d;QC!Ess1$>77CQaqANk+xAUJ>eVEjy`~g$WxnvqZzf(Zj>^&++WB7_gBM9Dh z9dSPLa*>|Xo9=Rvnd)sbAr7}GF#N7R5+1P7@8jpdH+{h;kH4==f0 z&EQJK*Qj4vKs>p9o6JZTsVV>X{4=D?oPzW8>9HRTq(waUrsWqwr^O+MGXi-D$RMz z0#<4O3GplG?YaVu!5ng1XUYBgQ{8fc zo&7Z{)!B3Liy`M=v8y555_4rE`&I{;0NL5n^=Zgat^hOqxL1kMlj-5aA_uWSu z^AjshUmPyv$61D3YR~J5a+#C#6x&mz#_d60Hm)c_ZM^QGE$d(it$Ko#&i@v}Timif zr1hcCoGHHlk6PiM>Or$7xJ0)!EUxtXQel${-7(@NZ}n3I|6BzPJ_d(OTdkI9^L2;} zl7f%Z-je38Z3H-sLY0WSiWM@k-pzd@>qQM{qwNtY_O z@41L5lO}i&0rHGWK@!J*P-NB)#y^s~&heu~`^$Qch``x8Ku|tHw9 z^<5~?<9#;8 zsE0&tjqwyk{;7q4D(I0#1|&n<6u$SeAp5M2IfHfyxdRx;%!2ySWK9!-!y~PX^l3OX zP9IztC;6)Z_W0`WTB@*Ytt;XUufVzjqxm&N(*>D@HwOS^4D2V&8N8CQu7z=#9}jlo zu>taA7v?ErbyWDb43xvAzKS#UgYu_>w1w4?zwA@XMOG#0vKn0m!RAo}dl|Nsvk`R) z{iae(37>th;%2vS)=nE2iL*`wYd^v^7F>Y+r<-M7ErD+|)ipKvXRK|*ohbx)0cA5s zHj>HJ4*=;{&)cZ42RZ=IWQ!aX+{_($INGy2f)M?2uuKHC%O_67li#0r?_>bOTt?!~ zUhH}?fmbU4(B^NH=&WT6(YWERysIA=Gs5zq!R%fA26o@6$zZ})jxOvQ2@{K_oE>_s zzZ;mB&Ut6;pqn{Z&oapXMcwxAeVHl43H-KU%%eu>$KYRVph{qF-d+_c5fy-ie zC>||ip7*~O5JjjsQs*3-150_rwE@q8jCnt6tPGAaZXXb}*8{@faffziJ_Jj_3Sday zFwU$qnMB@<#b6t=O%zgM47#K^#>e1;@?+vmfE2O-#9|1mMq!m%_I}DEN;C@eiwgk3 zQxG5}C{GN)NxY`A9!E)XOEXeluoh)I>m0*%7u*smu%O3KPf?9){!5OiGix6AzYc$u z+%R8FgGvYah>M6O-atTLoy6ymrbUW?3zbK%Fhra_xFXNIfdh!ms*M&}5PqRHTQ?CyGbkU*pQbwZ^7FN} zEq=H_^e5@bt^*LzWKsl4LO$dK&~=IonusuCS8x`*Sql)U$}b&pE?4p&d4G703gYto z%xJXv?TrXjDfm(ipfOpn|K;AnQ7tr5(5<4<8M;O(gF&T6`2BNkyLgUiOBBN;H+U)@)rR#)5N3(BVB7Qcfn1ZCQ*>vCg0jvWMg=2r$~5u5?1jR^x>ti<7U)6@5o|jM61o(#HvO)sSt0DuU1MmLKYJc=HZ2Fw^(?wz^-q~;$p24Qr_|YU<>&x5wdts}o%Q8*mnFH{TWRZ5b-&)KHmhIu zq@>K1e=HM4g7QVs-v5uS{r&NC7fbh||LPL|pZ6I_O$BQDMcx6>Z90N_5%(olkT)a= zX+hz+Ru!L1WuEmGB9T22>6AX3f0*3+7LT$3=ZziDRpkXU{g)Z~gi2~ah@2D)u623v z*|a#|btFK-1K)%mPW_$_m-LGWL{%Ult=84A67Ur925C@`gUgB9$PZU~u1%8GI`t3a>{M&z zCbK49p19kpk-FYf#_@Xyw`RX&f>HfO(g*s`Jq_o_?I>a_7Wt9Cl!vfS!?LR(DN=oO zjhpd3Jx9YCU+*tY0*=HK{6*|UjbRIb$;q`FiY(=H8$~ZWa|Kx42L)IZb?Kn)E%_A^Y{CY z5hYMZysj%tP5U2X`H_#&g%CYva z32aMYyvgpI9A9yBu`X|;M13m4@VBC3P0UzgEBa~Qs$R{es^ z^tcrCKYgdUuXg?7+qSh)@vp252T{tB3JGH;KQ9xs8~LLz-`;4rk0;8sTsG}?6nD7` z8(|@G@&Nu7Ge&dP9vlxy{e;{qY4nVIZ^%ot{z#9kZlN|ztH?7Z^^r5up4UJt(NMxs zSh;lI6?3FQ6{Nk+ZWr#&^|{Js?a#N-VNde_CD4$Bqf{cKC)$`py`}#@&k+Cp05%$j z@U8cEQa)~H#F$O+;43LEpw1K}|LblJUS$ZXq?57wmx3i5;e;hMplfp3%*hDA>IuLJ?e z>r`pycQbL_j=$T~yy5XBhb>sx?GXoO9HzepFO|69523tS={Ls9E*CVrJbuPy5Xs@q zd#+&C)f3si2K!@vrb79}heCZf0`Csxz$tkfk%0yAlZcT-49WiA?Fmoeoh5dW>|u$+ zmLlR3>ysYapJxx}eSerT7+IN}TU7{jCRY~}s67oy4(R<&r%>_(Fx{&ezYhdDe9P=I z_cb73J|0?mVc$^lRed)KK3(>+Mlkl;>!e>QL5bL2>+BFIz|ec94=pKQR@U~{Hd7;b zKQ7`W3l{f1y60pCAmn%pKxSmIV}9X)iwPgKqFZ)z zB%5*e4Kh?A_v%|qsArjBRi30vWy5%{!cETe`KP(?^KQx`s)ByWnz#uTAY2Z{xgEm~ z7prCD32Apjs`AUD0122X`TVoA*(}e}i0k?jQs69N%j!&NFezSfPXB(S0$Kw6rt);| zZcrS6G?@jahkqh853c+Eu4j%TpWm*A{R)K&ULTjQwy1ZSY2cfKjn-m&>GfYO?vT#N z{WxX<_J3Zz7tctV2#fm`WK40n=e^RrS_``=s&t5EEYa-7;q0hHP_N&EQbc{O&Vi9&Rrm~F#7ul|Q5Hvpz-K$0@k2utRyGc%0X+|j-=3j)N4V>* z$NxI;mIU?Yic@y^WIS}X)EQu*a|#;^y(KCc$xPgw!QXX+pjM911tt z7pYDWXQ=uxe}XJ^2u|vwty+l$cLSWygcPh)e$K6G5=U#}w#v|)y6w!k8`V9IWAT0B zNz}oFotlD#XU?{LO%PE(FmJ(QP*e-oD|b+gl*1jYxP%BouwvPpt`D-sjVc|i#7x=c zU-(N$hT@L3UO@Hy{Y~E`mKMvVcs-;N|EWYYHjbJ+Z@JwHJn#0eGlwEY^UE@qhHW+K z+_o96QUIm1OCgn4j~UjW2M2jr#0#alw!+JgbJtLCaiYSJ?T*kX$IX7+W6C%1q~suBZPCraoISa?8g zDmU8S>H669>uQ*%B}>)qr7=y+X&ch&9%IBRtWhmZ%+leVy*ybJOxnp&=c@IH=zuF} zRKQ9x8&{7ZMp?}hsS*@ipXXfnDL})mM3K+cQL66peLYO->QYZAFPZOg1A!Y|)&>#_dH9hsJgdQ2Rn#&N)+c z{gAQuTjdY+I}xQTZaH8eY0@5$clO)k^P?YrD$8J}E1h>#8F5)NyJo3ECbZ_Ev{W=3 z)vhYV>)OIG_7O#|ab~{# z%m@8N3*MR~OJrH=xx;0y;YC`x8xCgmv7~iex6xG_ox67q5x6|4ujbGH7;O@ zzQGya_WBt-r3h+osAxGAXWbpF}3e8WZERm-USp15XGgEZX#^q)tyR9fgTDvG^Tx5zy z6CwGA1NOACsM=}f9rE~9&0rbtWXJoo&r<94CS#GdFI0E4waObe?uR5`4&F#E^yh7c zY}qpi3>)btb&N#-+*34ks$R&a`}EefZPt+a^Y0FQo?+C>st_mip=mH-t2%mB`(B(d zxkiqEJcM&j!)j+lZf(&!XlkmMa`wk$Dr@_F;3_m|0wudXG2R)$;?%KBBqF$=Kj-`R z8+sA7+}Saye?ywo{17nC@`|G^^K$~cxQZTrMKp!g7M=~?_azJ5Hr^?r-#;ngxLd(JD-g&J|J=-%S+4vlaLe0Y+F7bklG#YEptjby(%mq!A#`6Uuz?aN~ z_?M?eHLp*)kMd>`r0V&D-rGJb#igQrnQLy89&|=;QHA~Dw0ltQPtCK+%=sJEM zud`nm_!j|Wq{Q<{p326KH&i{}C~>+qA5qR*Uv6)}QCJAU1SlFM`ihmig{3L5{IKst zt~XYKK3)p7WSt^o&UdPwT_#s6zDS{gCKECSRg(NMEct0V3;K}NjmorAU?yCvaT0_o zfeMe>Ly2&DDh6xSvm`gyi>~u!C$Z z|8ow*{z`bT0e9`g-A*;zg8vHo`2E0M({S%Typ5KEDRxEF$u|2{iBI|{QENTw{%64yB2yA8Bfiqui5#=9ZkFTjU;!BQq z2=Shbu`NDZ)lheRSyOV>$OYDf0u@XEM$auREU>#I9N4QI6!LP^@)8^Q|D8e8KjWR)UBrX;4!|W}lyVIkLj`BZM1q zJNb34RTa-&MaikD2VBSx%#N`VWQgNTcm-y{#X_hrVZ0ExH9*`)BwEEFTyCM4LjO!znxTwRgcRJVwK zMRSWEJ$b=`GtGTlZrsnRXtPqLB2#?xC-Z!SN{)!OgL`ZEdjJJszJ>a>KKdd3;X^$B z+o1MFv`LH<)FC3JeD*cfpwGnX`Zj!RX`H4$_e)2AhFT}`Lm3fG4$THOj`n~02vreU z?z2)~U$!<8LJu69r^4OlBDhDn^l@9Dva?v}QE|uSvpc{5*Qvh>DOflwN2ae~5r6Tn z7gZn{f=dDUDW-N^yZ^XOe`o%TWsd%5bveIMQ=NI=Z|1_`@n5aXk?e9xrTXROlong( z({d9(#SWOV3l2&E4Lzr#H-_*T3<-_&tvG&>qw3r>L+l5%ouurZ<*oVGYIsZRrtJAu z%JAn{1|}{62L=l9KMvRM74>ch*2?}{^>uevPd<0nq{@&YoTdoGhv0xojw(Wta>g6c zxeO6femnklCAz*}wbMbyTT*O^$nel+ItrXUwtvbw1c)Qzqdde+uR+n%BBZpP4TW$t9``(ShI=3# zj<9zMHO`yuQDt_r`uTYlbZ99(McVg8?|14Ut9e2b?5I49VueVdlt8H)_tT1z^!ZpHaPIql_b_H;rOCSLMx*^v`JIw_XHtM4wxk$L{FM#bUa$Wvi`_NZWHQRyh>1s;-tILta=k`j<_m7vI@TEJo+0g5XV^we_29_ z^Aeyk^5ly6v7DkVkO-)nIoCUwwi>#Wz(HyJnlt9;wZ-JcJ5|(x!#Uo8LqH_~AZ@rs z{nW+eN>0sk0A`7|$fx{pDxu&|7D{Tm+KfcW2AAUT7&CPCwyNHbkJAqt@D4n-Yl1{R zTj$04K21ZkIRpimvx{>NDhsZcZrf#k^TBf+ulN17=(i6YAy^vmp8r9mQWiNI)4eg; z(j>scE9}cqmC~z5GP~1<@%WqcDe>_5QGuEi1ag*c4R+lS-mhM3b}Rk#ME;!yKn3h4 z=-w`yn$AY>SIS7BuE*+NHg7LiY+uE!6+2BLu0|$;;OftH{kz zuAeJW%F^9j&&G=$?bT<}^|T4}+4P-bn9TqG*zsR6SE!ruJ?Q*%@ValDRir2 z|NKvENJm(0yQ_N^pl7gvMM6B=xhmj*Ku8YFCKe-y4$ORNt3_*}rVcUpyE(Od0zXu_ z`07U}tVUwmdYJbOtRVPA-|xShFr1P&aiCBEV>A4`mgOR1&>0a zC$3{+J%YuVwQk1i`pL@)kBuqg+h=5~)AD3i&J0XnE1obh7HXuiPjJmx#kW2Hlo3?9 zSGwm}x#5OQQF{bS*3bL9(4Fi=k2Nm1M!3E6l*pJGD9*w zSW>S4Hbss?g1cFcY95uVFjw~||8l|W`^JHYOChp?#Z zJ-|%xH_&J5=6ySa7-;6pZv=1<&L>Ib*lh)32Yc!p3Lc~vpKNy-Bc`t+Z@94%pg57F zve%Y)@#PPnZ)7}}e08Oc6}U;?8EY7a-pHN#WHiSoj5V7X$47jNI_$+HwK0ENj9-o# z6K}DMT8-iStd&Zac~=4+uefg~uGj8FQ;zRV2(I3{$A3sR&x+C|z#6fFRFOf(0Jc)>7K;Jg1$S<*spvZPsqChpAg-s12!_Uk9h0U0}44e4~|*YhZ$^c+;p zABUac9;*yYa&mH)TX#TmVKT?uFDESmL-szKAnjXWQ(sweY_fpOJy=ZP$hr1qROZiv z#Fxh^Z;{20=qu^T=oWiIg-UA_0(@lj3H|dF(vcirljEUtbt(Nn(n?Nui$zJzMu1@2 z6o>VF)*>j49QX%$?)3tFMC+KehxE!<)by99mhgQ>z0{h*3}0fn#{z02&1Ffrzz)x8 z0gvwb!DrrPo{r2r=C>sbQ$ziMzScgKi(D*bvucS>(f3CEl_VwF8EQda_3Sxejl=ZM~Tb;dAG@5KQ3 zwODwS?{MvsBxff5!4BxH_G%Z>9*-9@!KYW!J190smXv>!%b|M1dQVSY1&5i$H;MB; zaZtIx#%o?OVfD^#uO4aa6ez>eQCwxj-r&&YUs$Ta*d27fBXO}Grjq(`!o%?t)vH7q z)4liG`3LH6|1GKbY1=Y)_hR04!Sac)UwDcE#+A&oMU1_7aHY|M6k`!&in83AHj*(H z$2V}Dzll-$Na@b0N_}`1vkj%PuWL8ibhHG%orw6%mau`!{K$hecyPB%NK^8zExLA+ zcQOq`v;_|vs6~><5$(*zrK9n^O?WTjoW{_X#uF|;R_!GLGGl#h) zaam`kzjqxSb>J(nb%b8oJ()k0ToAY|%W+*l{C;aHM*(8gxkMdzpRWE*y_tk)^7y|x z{PVE4rmLUMx=w<($chA$4UeJx5#cwo~BLo%5^tldm-w89^w9KIQo#@{71gN z-0k{o?BO48%GcM+%74`{XN{hjU_-PHwQi~yupfE8aC{yGVl>yMoAUo@y$L@3aWhL3oF3}0BaRYVtgbESUy-vaWz&wp%`I+j6KItHXj1ITnB4LNu- zGf2u2*8j{>R$WChep=IA2=MHfo zL9RTt8ryd7Wz!ldQ2Er348>mbZt=cL`h-&)IJ%MC^li%ddXIK+C=lLyYZBypVpx}c zIl?_+<{w^t0rjO1u42(1oK)!)A`a}iYbP+IW?zww+cRdktGB?;g9#(PkMKRe-F0bk zquaSTFG$NtQBrB&`#4MXYFwww?y;=j?M?Q5oKMi$9?P6vuo7i#K-HeTK(S8MQaDXD z(WQAX?y+%|Clhv1_Hg63C2Iz|1K{7z}(}+6v%(Ca48I2eRC; zE$hj}W3!y0JE`uDBZ3T2okCG6g3|3~GPvXI-ApJ|yjXjn&W$upb#9Iacq#Pc3n$?iEz7$NM|Cijpl^3=`kc zb^LC&+GiAe!DPLE->8;(<=s#&=F{&ZRU7k*=2(m)0O9U>Q;( zzEY;6a_(%JtST1@-o0is*eqFombK?Uv`-p>SAN4smT>uF4aC)=0`Y;ZwbF?}KB~zd zdxx{SQZCz=*=jj(Z1{5dH`|>^iYD%J*iniKtp7v`x?v58?D%7T4+u~)ocSMj$Og>z z>L&+n=)W>CtUch5vig(Lo&78A-!rIxJ^$T=;{d>ek2s&@5%(D8PYsRiypm4z*DVY_ zz-o#Hi0>?nWTC0ErLot~TF^D9N#6P}dg_!Nw~cUyhI25#&jTJ&1^iS>;N zwES70G$h3fA!?>T_uVQ)pO56m$AyG`lAwl(Z*aul@$*Clrg1a2H#+xv<-qm))PG~S zofNlJ9I?$V)vuUDKYwJReB!@T-5cQ`m|xJ?L^wLTMdDL_=H?XU$Ku>%H|^Wc-&rSp z$m+FZl0-;meb2?ycT&QP8hjzQBA@7hKYaStJ95D* z`bGS9OX-G7L3l4Pyt;E#3hCC%rldqcGw-t+Ygt-e7xls<9E#II;%dI+3Pwhp8w(;f z(*O^O)Ru2HF5dVbbu;GnjjGx4lA{FjseI^n<~Q%WUQH&5W^Hq0-_AYtJd{3PI(!%W zJFr(GkQ)du=I57*TTA{I56Qqs7!(G3TWS4)*`3)s!_@mx`-%wMT=C&xUennd_tGZY z5Ipm=bk@O;^nRF56qVP<*z9{#y>@@WzF+Md^u; z?=oJJo#vmtdteUKg92;xzGy6|;A{nyzq2t06;8>3NCKqo66P8In4xn!Yyh(ZZc>MA{gEFUf8TD#Bx% zpFag!_oQE`eCo+u{mW`VBT02`d*VXr|Ix^Y_0KgVym$AP_WuSJBz6YB)u(2+ho0U;9 zLeReJt|3dWhqEVjb!VM~hgX(pBnrZJZDq`Az(Wry1ES)TLOVS0Cx_&Yx?CBJYMiLs z*v{^dT{Aod-ZS?+Dz)XZ+UvIK9yLrhkymBQ-f!Etj>cgf1xI(LGU2pwGS6B4r!A|W zNUw&TCz3uRioY*WVVM7RfCz!D81BH?#Uf~{IZcq|bE`!0 z^%C)Lbdv}j2ef6E@^ajYkw@;oIn)t}5K&IY`@BJpClR#mKOz(Vve{MxZr6_Ft!&~k z@$RPAN-fV4yd;bkSObxU@lW7EJf6fwj zZ?ht%-PpO=iHQ*I&*zSjHlVQ6T$5X70WUR6T8uL&oOjz~l9vLu(tUdFS$b1^4ven* z71@FP;+YWdrg}slIV1yk-{Er$oQ3aNuzfV2B4h6<9=b^1h(vRwHT%%Q=JGSzH ztF*_~2#P6^xXE*u0XTmrs}YCge!I^v->`ZKyw=2DWGe)j(P6#8Vst_r>Gwq zx^JrphILy+IYfAH@|WK~_TDz)LElGb=ZGat-NM?bl9K-K1I_=A>8Ump?@RvL;(=@i z0SZpwlEdegD-(v?8lx? zlxUIsZHvt`4ct4!e^MT=dFmgPr?>V_)U@MatZ!&2+Ppa)^}oO2ES=bDrWm$CpTA=TNHB)OoW5hK#l{NeNsEJ-~o zr22{Kvt*^-tD2>^d*5+)nt(!xt0(s9vh<(}We3-Lw< z`A=+^va2mYYG($`*AS`O#ff)gYBr1n>pYyEc% zQTKFEOcmmNk`Tqo(A&Gx0Q}wQsoU zkjc!#U{C}p&JVN@4HibR7^dI;6Q%irS)a(#(63xc7 z_WiKRorReTn^lkkOhScDJ`G4AzYrXDvP#U+MN`;43rfQ^X>#<*6#W8eHxeu!X8uU# zUWt8!@0l5JqID10&B&;d{CMBe$DH?Unr7w6_dO0Z3n@(kIdts$jPs=;NCg=G_(gCdPbUYWY;}nh=k} zaoMT#qLJA2>;6RT(ni*Q2Sxt-S@n)yrw3$6TD>hYt-KE*jO!&?5yX~>e^*A5Y6broZz970LiY8*@zRgaP|rHqxHlHU}>7r5UH6(&x}kIC@*@NWNAG|H|@nGOkk-~YUl8Kxk{aeAo~@ z&5j;k5Sq!vTuNmW?y~uK(O^N5LJ_yS9i*N2mD%W-fplrZ?^L-7$NUD*j2wR(f^`SY z5b^e>S96_~cV;{8gIRNgn-__RiGO5nw3{Og65N~Jnung4!T8cef2gKQ-bo%^(+_)t znmMmGTGqKD|F_!UU%N`G@IOWldaik5D_M%Tok7XnEFQ2<0Ln$db zfd_PJ#kgfDpE)om2XQGIa)fMjdR&KTSw}()_ZNLr<69avGKnZi*;O}`b;eY{f?s{O z(OMSe@v9z449`4!q=3Yr_F*Kfqd6nsIa8bITpcw=&8Q$>X!Djd6qm$0iSy419sv!2 zb&e9&%00asI4Ex*udjgL8ma2LW&q?N-U{=$&;Lr{@5Vs>*K!y>) zk>U?vZtNCu-uvNJrrV4NHDHtSAo5;uKdnU%k(wGch5oW&F-M67rGTsL!lOV$K&gAes0}fm*bu&A56kLV zGhZ-ArNnD3FLCpKd`0iz(Upn_c zpuIZ16?AOdCdhsZZL);LmWFxNm{HnfO!EHnI4)k!(-|TvOkdYV!^o zMmBQ4!?dXxxR(zRz2~45UuMx&n;rB&BMSw#oP00UkfR!X5FiUV_G22L6J zd~rQFak85_t}|j>Xx8dVDHo#A@&2J~wK|JREp zmV<_ezt9L+gj@hDW_YTC#hFR;nY_ZB7n#w|v4`gij2Uo&tSt1bY12!%&m+!C2t-5v z=;g&`gL=rdflik)xwk6+P_Kdfuqx7;| z(@tcYV%4u4il89euU7VndS24_XzTpWcP(7ti&AEoHVso3$0ZVH9SmujYJ{wjIB)|; zu8rYl!R4??x@(A(uCcy3EbXqA7@^DpSI7lSF46DluIf`Qiw>lLzREj511G7@ZeG{! zGn)C_kCSc9beizx_c(;kyx=moR6SdB zsLKl9EzcwLY$mQ;rf|yU<%PK86PV@LP<4qR?{?%3BUB$A>4DTewdYPRIBJ3Lo zj}+Q#%D4$fv3bwRo(AfV7zo!4N;)nv-|uF@<I_ zAyDvcoaS)(Eg#Q5$l3SZ`k(&=$NVSCs?rjc)H)z4F239f@HD5%if51%O?Xj_T&*Q( zbmYd%(`NV`AGuzBx+Oy(eN;sZWvox$VD`_xETw*(DEoT0Z#*2~|JsqoNVJHpC*FrU zCTRCq(BZ0~>fPX#C90QWFop5>-r$O<$E5Bu-aEcUf~{ux0>;U|=>~$^K7VIyB4I#0 zqfrK;AIe+PM z2?i;e13!s|-8|Z_UD4+GsE6AZR3bPd*ceFX{={6Mg0)Jm^r^R$RUx9)&#mZ7wZ33? z&`-O*C9svTEQNb9+cxuRzd)~rU9M%r+V9dAnf?bPtu8IkP8tuF8?0@oT^mP8`Z?m7 zRlXcFT=5fDI>Yu0P;0dDy^`ocxzr?0Gty%=+Ie6)rnO~Iv~RBF=ybv!(&^XW|S`gh=>+!n<2^J0l^YPtDD@gFdJnp&MmYm!o0j^8D5_HnkC_s+)?N zA1F=P!k}X36t|d7`PE-V>-?L`{|h~Khga|n;?IDhB=9KuLGP4!OkTKN{-R`Woiti!aDzZu}}-*Iun zf0POu9~G}Q>UMUV!0OV@3>F+R=@TE3y+HpNj3{{8n)%1OrE=KZ?lg`~Rh*lM+*ng= zb*iw+a^97t4MV`w{T;?gMz~hLuW>v}ZrkK#WsEUi(hDx<$b5={#!jTxLWU$<3i_GtX)x#Z)YxN+aeS;Strf7bNb9TXqgTM#(e zs{ZtgQP$%OgB~7&UO>F`e9HB{yL&5(_^{REcX*sGnMkKQP=4_2nT>F7vt$E#)-O%( zU*Dz2k&LSsdypK_$N{dJA*wPR09)s=OeoB~Jnr#T_WoOa@}N0qj5@jn!Eam_P|>4nkiq>ce2v7QyBiVzRe(V zy|(21PEg?HYcKJWo%_$*XkRsP_HHjLk^N0$&>ON?PZzP{d9kkp|4MPH#n;KBt|_Jd z$qkugTBdz-+rM7(Eq^MwEsv^A`7QL(u)o+?aXRw;ig4lO!=U5L$aMO~{Ji&W!z3kA5Nrwzv;_euiQh^OSNFRmS6)bXXFUry{h9bam`wX zDtgAvc#gJ)n~TOe#P2vJz1!;cZF-pYy~XK8!!{^sU*j)xyvy-s=%x3(CHyuz)gD?k zT-X%A!GKe&qgwrd9Z%!Z^NQ~qn^uqx3x zX98eyBj~giv?F?)hs_n{cO&AeBlgdKS#0&NVR?K|Q2KvZ09cs>wLc9B1kFC9{M7hC zUZhM)AdBxKq;!3-dom0sk!*EmlSvo{Qt1lj*?_h!KhSCcC;c58=?pHf+C#lQ&!6w7 zLv`zXvi&yV$0#PpabGn5*kn7|N9VR@`Psa?PUzplW0AjF^f$VU0{Rw&`lVfVun#wM zR|^E^vp;6V5b)6yU~9_<^bec8MD|>-22x}=j*n?tYlb4M1wNXp&h_-x5`B&%Ib$C4 z>1Ip`8hko^9^sIB>%VBgmKsAVFtatITq?;U_yKE>_d$SCo?`ku(^>6a)ZWsJh8EtQ z0PkjCxvq0>%^yx^TN_ zkw|avewV>5u1lj!nH^~6<;X>iPb@^}xS6`7=K^Q#ZJAA@rE01TM1s3$d%AI>{*Nc? zcl*w!IRUeDHX~5M%|gAE5Nm}p=CSBUtoAQGZ&8mmf6)>OG2C1*n-&HhVdAD$zF_(_ zVy|hXH(NJ2JDcry{Z5d*(C_PT3z){Cwax>!_DfDG^siQLTEBFQr+S7sAH{X%b zFZ{0yLjV%WfT7luX{FOngU5cpyIi}UsF!%1Yae(477`v>O{=d#~xpW9#p7@5yg|826-OuVmZzcgt?6KVRZB^dq`k(tM9k zPBgE}lhMz?KO+3)H^hB#STMvY+cU%W6mj)#(j{i!xJu`5a^N4^DpBqEIbVS)|0kUZ zVjZmOh=;x@$)-bzZ+D|M=kyEB4v_^SzsJ9Ik0kwV9|{E*7NQ?SYOQ?veDe#MCG3aO z>^|0zPx?&yZy4?rQN_mi(c*f={E=JM}}_t zEAK4tzT3?89?TdmT>7Z&6UK}WNcu1p^89UeB*%t84?ge5PAQ4>| zl717S4wCBkS+EZ?SSh&23KkB@m|p*`huDMo%HT(@#FhIz)R%sQeWZRfQ0dfY$}u7* zc>+LC2Mw#i7oEYC#&1|k`Op5)dm#dQ|WFqn2*T&|} z)r5xDzQ@)O**N~Ka%*L*Or>!pUYmxtT$O|{N((#BK-h}K^jrRXU5MYaH+ZHsi5T8} zvXvVt-Ss%7wA0ykxR}J*cbvf_3XT>$YcEU&{W(--x}RUhj){-T{F{ucE^$L!JG+V) z%dyzzK1$f`Qi862&uqYVYzrpJ*1he}Vs3oJ@SWerS*Kyp%k;SQ3O^PE&@R_{ThVT~ zjWyr+K?NT1{QIYuMAR9;he(Lrsp9RTCDBN8cH5YJVu#Ww+nX}s1 z%ihP`+k=4mw+=Df3L__8ta1N#KUC1zUo2zr-Jn#gxX8cjWB<_h$D2`8DjyE-F#gRy z5b|uej2pgFT*LX0n9Mvjfd$!(feW&k9<~)ND2drIL#^*f6>{2wW+!|lcHDaQq48^X zDVvk^#l+btzRLPUJ|UA_-CDvLSL7F-W_cHT+sS91+Tf;(gpEO67}4Tco0cPg_(8G6 zikVlh`|HBxQ}EN9X2*ZiDLKctQ>`Y6@So5bk^M44e2qOz3!LdZ)EupCf{Kd`?{7|f zynh0J*JGaLUbZAAZJtx5~rAw1|weh#!o~G6qD|z1WbGr6=cbhPn{Xe|~?q_C_ zROz>G*N@MXGaAmugX*0Hzh(P+%p0h9-?loDEe^RHCUY`#+2Aui>`pwH~$wz7SDYBXxW!%e$@Ezs{obCBp#6rabgX;_LR=12Yd%lYKP$?NDz ztFOI!4HLZj?`M2)s6_Zd>K<6MA`r~8bRC5oN|C;1^~XuW zRjk2VT+ycBnH_qqd$V7?EMp;mOw^lDu~^1hRucB_M9D*4i?ia~L06BcHRG5=i?WJp zLFF^H-~C~6V+Bbm3J36e(v$8^)sAMt#cN@ACexG)^QZm?i}4>^`>+41SZw~RmC(YZ z5_Nw)@Nsycz*ER21l(<@V&mY+;=uN2rbqR@<+}O42H8Fsdg1w;9?GPHDwcU>6qxJ; zbvb+_P6tn(4l>aYS~7$^p?HM_g-1j(1&Rb31vpSvY_%7J2Qi~42VGDl0zxI}7a&vx zH5=)8JYc*m6#C=%=J@XD;>1~P&B%HCamm|uf9U&Mja63Wobl4JiHu#Aed#xqY7ZJu zJ?+$jCJwiQ`x4C`AOB{$W(AV>f>szRDh&+)gm6M=)YaA*V^Z>Jw#!2(u8Xe>VSvDx zq~|M?KK6K$;^+I*a@_I$sXjb1ie^xYSW$--WK5;zU=N1S{_Coecz9_qsumDXgELr( z!f?;a6I7SUSZSgHgHm(G5p=M|Uz4-u_m=_2l}^q#daS*Uq3!)<-;d+oz7cEybU)Kr zZ_Kqc0ScPHg;rFJcPF3f;P{JQ-lu`=LmfqrNWOqkF!CJHcT6X^Rv2c0Mr5NXMM%Fb zifGrex_)5*?a~WMb@U}a7@ptVVM7HafHrRh3XlRQD>eR+B8UsG?(41TuuHj>S8s8* zZzvd$27ZU#KO1_O7cdmy@i3a!W>H%A0lC%?uD&%J}sgaW595`Q!-EWQBQ6HR>> z>7<{`v(_ZDe~J12{gw5?JsIC;L&~5HJsaf`_<(}Phw-!f+eof|JT~JrlJB|&vsizB zR6RqZWQ_cP|jJILiIDiT$?$g zQ-3^T=v=d1cF+hJpB3-Vske@MwzRtM{2N24L0I@S;{Ve4ZPuVhkie!76mcZU!XgU1 zzrD_-VXM^Ef`t6?`kK7*#*)I)y?Otj0igf3mYx89H29A+d{ptc?*YeGb6ycggUDP) z|I@V7Y%_7qJ$)pyvt!=(KyL7TQ&H@<-*!Jz>ish}+Yn%9TaL&jJKLG=roc#0pHzMAkB@E4Tfhe-;tCcT|YYjS>sC)J?X3h1+Ic@l)dH ztjSZ;)7ZC;08lhYzrp%tG-A_*NGohELx#O(DPZ%B_Ah0-&G_#!%nc6TLOlb{}&TyHNy_XsT@ckF!@vjm{AmUt!hTW6rwI; zbE)>nTgW;N8#C8GffS=XKoAX@4$yKaL*%d6OL$1} z2Cl(IAH97=M|r4Y%kUPaYa6n8|3D`|A|bKOGE=028k!e?k`4HU;Z2n}g`xvwxGx99 zp`fr_=Y7vdRAZL2*BG}d*}c(LrWKHbc8 z$iF))lVWIjp&~k*bXN}hC)F&QSOL!V8t5O!5-Zl5sMJOAHTK;iyJAl$sGO0BiM4CBweJ$9kbF1G|a5;Dk}9H0Xq;FAm`coe@)G0_PBFKwfn$Wer+~ zMTX)OkV#bIl@J~eF;f8_ZP}BhsezKn2JxJ1%!ywyjjRMqHZQqd9*#&L9&gMR#975~ zhtMLwC90{Z$J5+02ym(X#|&zHjuw}4Z|wh2$F{!~$>pBI1>hEm6~8=MT?(T4d5nsa=(Ic#`lsLP%`=zo85 z=g{kUZ1ksX@b%xYvQ}T|$Z`e*(uH7H_Q>IW@YZwa%NC&Q*opi__LB}oGs-sh*bT&~ zA${Z#>WP}OSrB*{IbW#d5KAN$`m*B;zgo2Xg71mO_x{N{A0qgqXF=9Ly*g5^59$0M zR9x!YUJ-S%dsfc4IkSuNT=kYe{)j&KyL4Oxcj7=DTkG_wfQGctz&acd`<&o6>PK_s z`ua`*V$9eCBXqPTtsTL{+nH9!Z0v`Bu_k>|JK!E0{oYvsQSdAlpn_3lL?88Kw0hqh z({P$@?A5Zz12(OlVz4tKKAnRi7QYT7ZF$T@O)_hI;3Ko@<;~Gz`4e-tj!Hl?5!(4< zuK1fu#Hwu{Au@_krIv3*WH1f0F^%4YaEv8;J{bJ`+*iO$E#j2?gPkkU@+(uN741u& zAH{u^eceM5F~bI9;lewp>^@rgM?IR;Fc zULi<}u|7Z3+;Z(eo~PnPA7Hq%*g9y9{4z#ciHdzzN5ErAe0g<=9P&d@5Yqu4oG6Dh zhj-@Yu-s!<0!gPbQvS$TU(N$heX+EN_;>f2?n73^m(kwXqR;VI;*G_cEM+38h#Bs zP14r$4%U{v+>cnku9yr--p+OuduzJ>zTe*o7^KwEDBJA)lpiY+>wo)=53ProI5pOx z)^2&pSwSvEzC8kKY@KtgW}%{~=N3y^TyOO5>bi~`g@eNSGk7_((&t{h$uaCKD3>y*WDa`)AK$wfR(Pdgr}{`j-NggG zQT$%8w8}oLSbQU{nGAkoG~Bnl#BhWQCBfHWk^}%iVQc*(Z_V!#)jueZUGeUstPlw^ zG4S1nW)X}aVvZ>0it#10<=0#7$H5pYM5^`vPmj~@N3p3SAIJGz!}~Izs)@hw2KZn_92uU_&;9!kOCrQx;BmKXbf}ux(>YqgSkcC!H8j?$;a_( zsTQIgjGmiTdw#LnCh8;cFD9eH9Sa<0vJgx(&Kqs2p1X3C%<8RQ7wU5Q{bxp1^f5oJ z{L3E~-(>nUaX=s~92Cy6w<~K%)gk-k{&l+{k7Zp6PjB1=o~IyKst)|$0q@H4m%o}L zk*B$whR?yaD+GzmWmmqS`?}1WCOnT`% zP5WI12xk1WLl36aerc_ymX(J~^r5*Fo+*mIo8^fgeQ8D}m*Jm0-foejL=TzQ26r2ejn^Wa@-mD;=rZ{VcWB=h`u zJ60ZKPMv?DrynVYs4gu0Tjdo+A+ykTf@S#%`hN2$S z$CC4)FLxCi0O$`y$AQ91!;jf1!-E)`F?90Fg{oAc^ z$$=~a|MuC;^f-9A3juJCqWHBT|GD7Jw#$iZE%c=QhV4}Q9iw{YYfYYsd?e)l;Ub61 zb??j9ADB2|rgH%xaz7p5D7pp0zSja^k$!Ze@RA^-9=^-Z zP`e9nc>PI`T_BO~3cIp(E+xPKy0MiO*Zm8>b)*T{Y>Wgw2d_Lq`0!4jXIh-pLl(^M z*lq&1`RkI`qFElhR}f+))4%%Gh{;nGUD^v^c^=^_S^Ipa{84QbeyNH#jyfiWe2J1J zz?+M@23g@1Q6&5Sb1xuZ$~@`ZgHyAq81rFqyjc08X14y)N9MV%I!nfHE(_Pky+V~8r4Egq^ZTK_R2>Al8E1WA z68ifmZLC}dB{Tb#EgVm<-ZeGsYiyZ2*XhU4?10A3-Qoo`J!99Tj^ZU0SH3~JDDk3% zt~!T5QtCH59<+!lAtOR#`h;pa=oT-^*T<Qte8Xwnds12KV;>@|p^*(a)1SI^#|mXMdHpHN9HX;i~q%fMJWpbnf>4xBGR zy|1CPxt~wJph}~bpqy;_f_8q_01fgu_ZY?Q07(Y1x1Us*)EA-z>x3i zu>1n7qA!)k?x1Bml)qT^DWf>L%tGuPUDRnoyB_s1)kbu>@*(pSAN&n9vgSM^%lF<% zo0J;Cc!7w(lxC+ram?Mg^cP&(smLrQXuCjN0Rg0@HY}(gk!N;>&qrD?#e9R{?Q_WH zBhFEi9ZpZQbt)wcH$+H$ASa4Go88xrVUOj*dFkf2UOnZg)6eBy<;w8RPe>>0Oni*k zuigiTGXo6)`wj9#Q~z3~7gf`IxkZEfO?fTdAvjJqK0DT39b80>^M<*5BzC;3uaq(9 z7<}zL5tkaMU(GMDYn6k4{%)1}N8%igc-;<11X;*V10{i<;x80W1};bCu43_=qJ0RO zrAW7%oO}<9!}$t2&r-x^ybtoM;AOB`q)+O6 zRRU|DN)R;@n1PXzj8Fu|r1Y56n!+kABqFFs*Q^jo{Ycw{_PIwfRXix1`lvPMF3%6? z`P?|geERRug93Js0C^uPS{A1fzC^=AeYS(_=j0Fm3j{)6klO5hI2v*^J_Sh;w=b42 zFE1Qz;orEIVRx!F_+MJ&Y6gH7T%h~bc1iPP&gbMvO^?C06_DLjRg7{5WHEqs&V{AS zIawL2Fl~nSS*D7%Bi8$srj4B;{HJ=G!(l&pwAuh|$S;%c&yi0~z9GYjO>@*Oet!$T zqwek84H6HH!Q@a`#gWa2d#RD&L1;G*b+)rPx6(Fxe0jsrJr5zRh#h6BJZX&f6+%yY zqZF(|{f29W8hLJUsG;JA43_|tZtUWFGH#6l;anOTIUv4Ir%1xCl_TK>I3Wu?Em+j) zBwV#HwBIbc?t=?PBLjnL;@039UKK|Qa^{r|=8H%7eCRi&X1N_2(m^U})hAd8oCi<< z+X14Uf`-sYf3oH*dq1weH~@;&BM1QwKyO$*pq*fakS_1^ywGRjd3(bEz`d%hL=HDX z_??C@P;IIT?6Od-QC9!1K@no2G3tZ8ilr2u*uugAm7$!xhVYw^nvlZ@jiM9fL}BeU z_!xB_3KM%l8#I|KkIox?yGN{c)1Mvo=L;^!Wm(dvpDd{MMPJ#rMo<4i@AD}$lM@7j z{Gw8N84;%CwkpBr2Riy5xd^UtO^CU!6vZbFBmRN*!5@ESf{mp6v!67fH1`8EKR{5@ z%6~tQ2GPlC?-LlUNeHDmHLZ6_`E3A;2t`6U48u%?Q4f0`6uARDv$wDP0dqUF%{!e6 zZyhKM8S$6K2yXGClzjVM9$wtaKO}0)<}e1eO*pbAd$4aXqcjG#UdPtI4()>^Z~|n2 zE~iH_qbFEQ2Er0qY@_`W;7SR2gCEUFaz8GhvLF<49Ot&zMbVJlwF(khHykR!Fs@kt zKA}c^m&LUqGsBWCu&RuIeU~(yD$A@O*R<1A8H)s_fA0u5icj%{+rf>NEhkh-cx9*_ zA1~L;Ff{+q>-?Wr`hSe_gi_uLe`RM|FXGT#wCDzZ@Q^cz@c-x}cXVJpA`t3TxT%#D zM)!Dt{0N}r?!2c8bV`l4DR5lI8RFEF%g(sE^b`r&k+XEW;M?GzZgQ~~JuPTX7FM*g z6L}Q%u3h%7H@}Av(UBNatVX0wmdC$Em=LEQ~1 z^)Sh-sMb>B_8?!B7NRn)`agexQyBnZwn3F5cU(#|0OlZuVrKaKshgR96Tk$(gVr^n z7Mvf=O^&FM>P)}2@HL)($}GMVV~Jh7+8|QGTrwja11<|b$#i?=s-rnbA*fENg8*-w zF-SYLk>Fr1d$!SmhT3WFtUv{nUxGVSyYFz@{YnR6fJZ4KfF}@!xj1x3^MweSVh14^ zxv7H*qYtftNl{fW#q{ex>xvp0EgFDRUo)`ZKu)miSYplU#U! z8Ab6!OF2DGj0MlXXonWyVCNaOMR;8=aKtF0M(3H%c5tJD3}G^NRuk*hM1hV+J0W|@ zn8du)az|3IT+PLdHpClXxPWMC7$DZoNip0*>U?N#uqM?CG~29tbCTtlU+2M$QDVL( zrM7uo$=!X9-4_Oq1>PEb_u~8qZq85{jdJ_CE78by3pk2(6{j)%+lsg6I`EJX196yu z&!-#S`QfC?@NUOGsV>y~Xniz7_q{1JbidiWte*b4)fS`tzWT+Uqqz3$PDC1{N-w9j zGX3_F33$IImR=yR8m(w;-nUGG44+}2L1Z~S_2F!vcva@QC1O4(2{}MqwnsAe{n~H_ z)^8a1$eM$)^34EM2Fz51LbGxyC4`0<1%BynEttzgo~~OsGWN93Gf&>Ic8h)1z?J z$#a?=sza^{ac6{N(oCuLXg`LXx6}^pZ)rUL*d5FNRZGa+hKitc+?o%?C2@JM^WU0` zIfB>S#EmW+Iw3ToJ{ze2$(1lDggZ!q@ei4TAL>dE6V5N?&V^s!T=Na zm03DASN(g}hjJK{mha>Du8eb!Z1uD|YpK&qd_tm09s*)&&az zWTs-7v|sR-rBs=HH)>NuBE9;?={)oDrN6xMu|&|I7f(U~wIub{rut~tS+v|Hk${L9 zqRT7iV4vV6*o{R?j-lu_olhAwWe(*Ck3@AvvU2a11jTG%ACeW2eYLxeboJh2-EPv> zgD;r}A5j&1e=$Nd-+t|q1Oc>&g@TJ$A;GPg_15v&m|`EZ?1QY(twm%zR=5VPz7Bi^ zv=!}w`%s6~`)uJH5JEZxBQPJ32r=opX?m0G2=0(R3MZ)li^e{xCT#oz2N9j}!vKTZ z!vF5b33s92AFc>d?_h*nUB`e7zAnQ{U^-bPb(xsp!Pqu(Rbqlr->$irwq#9;&jsi9 zR+t=&7v=ShD?l7ZlmLce(?(cIsL)p?fC@5W)bSm;q*~zzYR?A zx1OF)zrZprY}yrT^L^jT(;IZu0;(4`H2n)YmiLe^Wx&0dI`lZMbOD}%^1am zX%8i5E~pd4MAuqIHkE(hBHZk3#6BZt?`%+{&~_$vRDp=ZnnN#4bto&8f`M?dKoFZz&e4uz z=N6@Czdye{r^B7ehw_Iz5a)@ha*XVK;E@#GKaHmEXxG(8_24Z9LG`Sm!E<`V8GoJU zuPhpAs!2EBr1{ZQ$B-k6#Sn+MZ613O<*ZS_D5%!m!LHnXXd|gz6Yt^>J00+VnZT$+ zLBeIy;llJ`#X?kfY0;otf5upD>n1nyvsmAN&=u*0gpxZ{a7+wtIFZ|8aFxSh^sqzs zK)RYg?if~AHBMm;Tr578dg||en+4QAC(vawc-t&b6%^iUmwj@S#6V-fYyc4n`>>Xz zqT}Irl6KqlK@2{)b7K%N-JeE_s)F+0vF8*%hiU>_&5Z<-WN-sG0iS}Q4Pk|bfzlsmb*=b*>?57s_ z1Q=)ZPy9cWl9bSx9BEzTwisL9%+q0-3e6(&-3VAB1iQ=DlwF>kK27|)P-|TOvTGfRQ$yi)2PaL0+H`AH@s~~VgAwKarnO>Q* zpNWAr{iE64S+^R%z%V^nGqCk-Q>@~%pa0HZQ5E<^=foJ$~dFnWYjBf&_rFKs%`DZW~lzY(19t z&!YjTh=sArKanXIfXBIcBj@j#%gxblh$jaMQOjD~Yp+z_TLt4%dTy@t9{hAo=H~k= zW4nWkSS#IW=adEGLBC%_E+GrmG}Kj}(ca9`4Ei?|4w~fzIPxt_ARkfA(RLy~Dg=-P zIiUqzpoZ1SFTYa#1`t62{E2800pePyahgz@B8*za=$IF@2>D#!)){&mfQuFePT!a}^f!Kq=rvP8u@K+A$hqt?|}hiBH>kHMfo`*0^E z%XBfjBC$((W>JVXbxO+H3hmv;6h(AG%vK!^arWsJ{&*i96Uk4^ADsg7e4e{YJ2DEV z7PivHk^R_yxp0LrXMkm~-Qpt4ivcRJtE`r1vi$SeqdzS)&#@8x6RE~mD?01bA|H?~ z7LqL{Q;a8}lJ#ee^{teel6wf!1{+X|xR#Xm`h!$yB+f&4=d5@!I`}TeEHCNyWSPgc z=jEuTLYK1g6i^`)?c&@vbXlS=&`a>|CM(*&tm$>33pNv=9M=?1LxYwRuS>Vah_3ek zR`mnnpxqT<*{GD~<6|o<&)$@k!#8sOZffg3)Qps_;hJ_O@RRY&3&KnL_-R!UNgDa_ z%M+g8V01e_p26?<$ejz{xg%ANTPHZanmGSeB1E5W5QZvgLQRVNi;xGY1kf)(&h)cX8}I(Y=`v3?E6RmN%s{u#t=dAMoqD&(>BYe=)NCa^ zw$EX$=UseS6+VUjhl8xy;>iT5eU7#GZZl&6jR7Qcu|_I~;c?)_4gv{1YI@ab0BAa7 zJtJ|DjDzPulGHtQMT*AQ(1?@kO(F~QB+z4V6C#5&xevcOOw62M+TGWx154%Ne$m6!1?q@g2I8b+s?90Y-y7c#K}RNXpUpM%^xeMhQu&Rsaf4tzC63daB(=FEOrY>5CV|PSM{hIE#~Cj&R{-Lf zcls-MS)H2$DGgFF zgOrW_OQaWorBO>J>l@)FYtu)-AD;lT#C3Vk-F;mUOo6hjg7#Rm{n7D7fMso_Bl^*< z<7U2Z)D6sv3P-wq;~g^$2rN5cUtvygmG6EF8yLN^_zd*PU)O}UY@ zK}>6AF)x{A_=tJJeFrweQNbhV_7%Wnz8Y#KIRDP;7Q4rQa(!1{M^1`cP)DNU0V)3F-rP|0o$BHB2mU=0FLxH7M z;pcQiRsuBWzq-SKi7o~+y{I!h19B1r4{f9AsoDGEb`>ZO>y$Js?Y2cW!o$`N$~EEN z84tqoUx~XyPI-0%Q2aSR<8$KC<_~3TN&OxCd$dHyS9r6tNuM5T)CDu$*Z`485h8m% zEhW^sq%)_KsiR1J2&4?Q*R$;o`1C304Q!ncd4v1|K%)IX^B6xN;U9^0pWP}DmRkK3 znn0i8V?L|B4^`jn zUWrwEN$+Vi{J8x3dv9Y{JZ?S>dc!8~^+r->Y*jj?D6RJ4dxrS{r_`|wG;<8^yY<+` zTPH4wtBmM)IjwiQ#90)i3CaD?*caH9JW<|?Xn?AEbB7+#=0*MXgik7h>SB`i{qmI)w(KVFSH_7aMaY0kB}mty~W)( zG;YclPdhWlzaPl*u8-_`nVbL=suyS2_RS_+^eCS?)5v9gXjAEZo1M%NR915wtFEXh zlFj9mZKh(R@^L`EJi5)kFZ)t`;wOP|=)&G?Z0yGY8LsuiOScgF6{u3k@HezHqsdjQ z{Vx}8BP`1oO~soQni~5*tMSZzUT4HDaZsep_av#?Uyd<?|!Dob#am z(8M&qLu1s!wh=B*qhuV8GtujeM^#i?x3?d!dFwyDixx&F=B!Aw@9m4^Taul=QNw%S zJbnS7M{>-F>myZDKrt5%xirjT8$jq1CcGo6ybqMBr z{1ry8$VX8s-?j1GI7LyOMo!D5vy9G2-2uk{nSfG2<|M`aW}ENB0Uy)Pf@9Sl@$^?A zXr9rhNsgaJyJxSQ1ei>BGSRseMF!~FQ`$@LoR6a%8)?ozH9>eENHN8~P`5%Ibg@&a z<$H-oKUL6oCw9A;r}g&BIr;J*c)JVQeSZ6ozf>F&2jKrlaQYwN={Xrs1=(N&tfurL(r0vJl?gZuc761P zk45$G?oioOZ(iOxEor4+N_i}#F)A1n{32T-b%-G1GG)&8iFg>RijO80n0?Qf%_k7|ix7Pp-rhab*<8@D1AJlEg3 z?4#mCx|Qsd9rvZu*1n*ItFa?%=ieOl%rQeS&8ID1)77Jc+3{fbU5SUIx1MQ9Y7^yj z%(=lo5B)42iKiF4S?y`vV0z~ljM+?HSuSlj6VAA1SUI-1!}7fZs5*natTwEIX<3jA zMac1BVcC40-GVb2j}8s)Sc6fk7vA;eIx#nCK3Yu)W}%E2!40Op%#OO{bxqN?N|Gik zNtEr=JW?^QT0XsaX4RFBqc4D)LPx_!ldQkx3#x=TNS))Q)(sosKjnO~EX!Q&x9?4J z1zU6<)6p;xSC4X9rIv1`s=vN&Cbtb`OK2|%@i_i`rK_1ODktLFh$F&QfK5O*bMjL} z$xB~0%a{~fHxOUso$0--|6Msh>~gQh5Z7r~MBLOdM2N@VvM;ic&=WSYrm$q^}v z6r@~e?~U1S}OyN9Kj{!e8rz6{BIU072gS|;ee_qZwqTx#3eU)F z2rXfD?w~w*Qs;x@#;Kb(we-TyODdG7#%<~OMVE1(abIJUZc>(@P}(-Ti(`|?YtZJ+U!0o*q`f#eFc8wPkJ#54fO93 zvbsC8ZuiIDl?DOt;z?5tzA@vnQiY=`yavW8Q~ z3x&Go(RRwug|Q;@ZDf!>U)4|d=XMvA9D&$9WbNoAd~lM%!GX&4P3-gBOuv_n#EjE7 zdT#>7O%Zw0O+MDw_{8Gp_q{9Z0k#R|=gdB#ND81Ez$T<-D2emTHnB4Y<^E&)8q@_y==`z&#{eh-A?2i zt@YSwS~b@tv>|`%aNueeBFW!&GNpcLlP%8qZ`^Z@SIQ1*aI<783me z!dJD+C2oH0c_KT(R5~Fe&NQ$t4b7eIVq@RGF&Yxf$KCjc?wh_V{mkVz!rP>)kllUe zC^9n@>(^r*whQ{USEm!pbSQt=Fn)8=<5w{vb#_XTqD!8|n&ZMa5m_{Cho&vwl_AWJ`=>0QHYHV>?#M_|UPQ za@O?->yV8Nb8zZfaGO$=s@kWnnM94Q51>@W3g!WwUcAlyl0POcLCqvX6Dr1l)53QVvqcI?M(srkGc)$0-z@|>CDOK^{f&;L2Y`0w}d?} zqeRKy+HNp;M3eG#wPuqQbN4`F$S6$suk1J`+EILN>&VGGs_NHPIs+FQzy8AA{OITP z!a_7h4;fsHK(BWwdj-mVx%XFk1V=YQH~H(_1}_mA?q zKQh;=C5{{7*;!}ucJD8yCLB{@1a`mgcHVqma9H0~XJhl?Y;Ly)uCj;;!LtrAM;}Nb zV)ONU7R?@+J$z3xPwuggY0I*M5m}K(2~1vy{0D!Wz3~)b;16s4?PH!kAi)CYDTanf1 zWF1hH7mREPRs2K*opywKN>|Ae)++4B3Qs`&vn07CeiCF2)wXM+Uz?Nt%}!Fwx@Zu= z#$n;2KL~6#dLJ^sjD~*otzo7yp5DF=-bi8LTFFJv3iwBo?Pn`y1nc}@Gdm{IU}xom zib4{<&1fp)IPOFpK;{=szjwLPg#v6}-&AfA!6UD4z0|Y&GH+8aZx(3}I6!D94%w$EnKWUP z>@)%Uy$M`W?vB4M<1!?|u@nFkoGxs}Nncd2K|lHHpTg zsYugo?7V!!THbfJ2d05|2o>2;`F-hWPij!q!MIOLOTINNba!G#-itc;*F_W+4S6yV z^Ecau*5xBMmQ*4J9KuBMbiVOq!>5=xhV)~v+i&L?c4as^~CE)Qy`Qupq5euu7Xh<#$|`Vz6EHJRq%fl(&* zUW7-#1AE&RBUQ2a&Vgjj{|8ij9;1raxMN8Ui$qt&vuCFj_1ZgOiFsz(J^k$DUd9*m z$|)I21>aWx>wfej>Nf5EdEllLO$S7fl8|CKGRW1C3j)uhdh#&$+tI`(LT$Q%j_Bvr zU%JBIZj3jNh{@e5lpvUFc$z}QT_ONeK5`o#&b128=~BE{7*WM{XO*p6Jw&kI(_?2D zKd+#@`i^z|>imXVZ0qy>>9>w~R!-=G3`!tV0$`QQDhcTGfgh@wN5=1qUJ&1Fl%~zPPi^$WgG2U>s#?O7cU}< zrLs?t*HtU=SJcT+!?H*AbeX|!RA=2Q*+hZ}KracF`JH+Q1<8^I?W&$HbSut^*zW$5 zPj{8nwROo4Xz28C+MF{Gy~aFo|9aL;OLZo>Uw$Z*dCZZC>;&adAMZpB0~Yw})mTE+ zK>Oou=~<%2m(+D^x%-y z?&1Z#G)-iDzSr?^VBkr$_97gN?*AJ&*>lM%Hf z;sPaIR1$~9cL8-glrGd&O>X+Txowv)0KhZF6ytig}xveT#(jS?!@L`A z8{5;oQSw&_Ff1&fnMC_mS7y9i^izVS@Tv#%%^7>Zz#_FjL@R6lsb~-K&bP}01-Nhh z?Zwm@;*33|p2q*CFq8TC-m+Y8PVpFFrkPmr3z4QdR^~V5ie#U5@Ry{|v^hosFqKJsuh*`O{hnIq(RNx7rf78)yEi1p zpLPGXSB|BwVko29I^XVU$sdQ6qVD+9oz!LZ5WBoREsZmeI9UU9XrlEQF4dPmR5(c* zT?|I?#MKCVOA`LZmnD`k0x*qzu`~Z+P=P(7a^FZAX{>w$oQde`K8w0G|B7cTw_Mp? ze=D*jrlvlK#;umu1~BTd40BR7Oj=L_ocE>~jHyD`45GthwC9m1FYH+Dm0R~YHAIOO z+mU;|zh}2O$|Dz*>>qTUjTL89rhEaY_(`AF#t%~Zza$0u+jIdp;yeVJM@6%)E_pAA zm~EBzT5m~7xF1)%bj3tFOqN#fbyVUpjS{<41Nb+rd|p~hY{2&;FT34?nf|vP*Z&mQ zlt@Z>msf=A?6RdeSZFD_@T8M}ube~l9~Q{;F|$~gM1y^T#?SXDfsZfWAFBnlUiFJ& zs~DFYCTTYlWaBTp#EP+v2~^?~X)pWK3@3#$6q&%=yd9eRD-z!kufKs;8Xt$=FTrqh z`Xb)LLKlCE#Aq}d@t$ZAHP%Z5KukjTv+-PGZL5GD%??&c)-|y})4Im#E!3z#un4-$ z{j%k|X?@2g)d*5m1rW63Ep%!LCE}#|Pv31nbM|byW7{rNFNSWfQ|Rt;!Lj9x)B$s} zueo)3p!=8#C`oGdgCx%Yx;pb#%@iRSo{+_R;#FV>uY;kk{#94$f#D$h4%OkGj=)ve zD`auxW8We00T>Z|_CYr7N+ea7KpXXk+ z2@5!NhU?aUb#VS#$`*p*sLk=fPM04(aq_$b)x2*w)ll8$<_>g*n^q3g@KkQxv3kCH ze7$H}!ac4O2_puu_8)DdU+WCL#x^fi zffwsmKOhsYTiKc83+~t7HsvHDMD7rG&-BKA+-n{lV$;|9pn!H*a8_Q zMb}#fwH3Ahq6zL&T!R%U4yAYqUW%9E?p9n=yg(@hiaP|C;#w#KNTGO(TXBjz1oxZw z-Z^v5y#I6O`LHwDGx?C@S$nOYJ!yV#F_M!pj~b3@vu&8-&%9oaII^Aiwe8jN*Cl+P z*1CTBkF_B(TIqY)e(vm>Tdy7peFM{7%&SFHGO{E1;|D5O&Y(h+%5g$at?-*?oN;1^ z_JHET3BZXE5zR}71mjZX>{|`?XhFNsif_csh1iw_n#nwZVKJW>t(!;0tZA1oR(5WL zaAWJ`sr^dF(eZl!S3CUQukmY-d;!y^6puI_eNjbHE=Fe4|v z@wgGXy}U3^XTD$9r(eyqe2*E6Y0=w5B`!;J(qtQxezb`<_(hr8bIlfa{e>eFKo{-^ z^fU~=Qia|pQlayP?meSHGP9FvF>Y#!0(cz(Ew43=6L8^4KQw-rxdJQ7>D=-ak>rww z&beuciFrO@!0_axq(!hJj*NN$|F}eH=;VrX?xadG`;S|Wp+*9&ACYi)QgX5><6bG4 z;P(Oc5AS&H`vp^?)|zxip)K7^E}bgPVzKC!yPLuvN<$eTCCB{_({q$i1@Nv8ZXUrV z1<5DI#B}#Nb4MXXRw(C4GUHdWYdwQD6BESyFFf2bwvdJQKCX@4Q=(tUBMy9uol`V7 zur+sBx5tFNlaN2!DfVQ(YAx_lI?SMCU;B=C&M51|Z|!SmxWMVHt>=V(7SCHv2t6Rr zjdeM1k=5mOE?FCiL%i4tvAJ~s&BeVH@=CLQfODgTOVZLblo}J@IuaApCpv zRCCWu?YKu!&DeL@TUmeJ7RT8U7zL!mq)p^4sleybB+c8+&6(!}PZKHV%jk1mPc*D! zE4h69Ue_ZAVb<&(geZrj;)BKFNh*vEA~4I`hac;*bJl(KW>T3P5C8w5SN=EA^1oh* z?TDYm>&g(i`s{CY@i)&YnB6+aI_F$-wtP0wOfa||a970Mlzgnq)Z4fJ+R5$9;=& zA4y2(hd3R@-NLW?)L+$9idg)Uhcv)pi0&&HFl@|wvA#eChIzND?LH_~nMDuc9Gq1Dd} za8na2&%A#AR=$NJ&wDK`^F44ZQbX?Vbo^xcoeR-!rDPfrs3utI`(+)%tmJtFU(;*m zx$)JZirVHhAk!~b2B`5{KE~8x%ts(m?K6w}b9v&wEKAB19d3-XS>H%VLH=$)E%Sl_ zQmQ@ao`C4OX+XpdS7`QZ3*m&!G96J??3G{&8RwxGqA`3iLsn{whRK{n2*>tM)}M=S zt|*fzOp^eD`94njy->H^X763Q<>G$&pcPz_+D#xa_7I9Jwv|KkRNS%KvnN>H$KdHy z)KLffzI{C?FaVVFgMLiLC_KD7|-tNyx zlD(>)bD$G%K>ab>ovRN~vT)sBP3x9QV%AJicW)vtW&K|fnFMP*kzxam{n@GAm$3RbPxt-p^)GYQ} z2?YxoiGRe5TZ910>dvm`7qTEy-9RE zY;+YcOJ~Kb8fzi5Y6G!l9X3WP z?5X&Xei7F4Sr2EUjG+_|zuPKvmkZ>L>&Nb)RBjXLWR9m+^`K6340zl{9L-`Q#@L_g zK@rn{OYet3l@9z{E|X*Zhr4!M+gM>n=#e;g8Ln(BaRv`!RNCBynI+}^+heBtx*u+< zw2?Lgwam#f6Yp44NYt3g57R3;mph@cu4NRf%BY7;L!CsY76&7H$7{u+vX`D8vuf52DJ~b*}Bq~w+)jgsd zo}mJ;E&u{Pi<;DAw>hVbVR>IKx^gIKtiQ89q2?_oi?TPkGwrOtI>5pHpJw|1@16Fa zVQOey5{F8iDLmA{INDJhgrBs!cYF`-69|*XPltvVjCz#fs^3TRq@gl_W*&!zt7LnW z@WN)NXhp>*_okgKs9Ib&YI_MU_lB2pm?`CNpM~LY+q~yz>tQ$h;lILz+PsKBai4y- z`SjWnNGp93?)GR1UfIUO{$qsb-Bj#@LOxp}e>rkMYGY&FC~W+**{vPSt2d3`?VqP= z1;c~B#y%NzH5WrZ-k{xA4C7?$z%r~Ue6I+rZ*VxZw7Qyw=1KJgD~A|)d-ewkm6S% z4<{wuo%*l)yuzafVy~EF+>b0~jfbRJ&7JjXlL+{m-=tPb#QRH)8$3~&{!`xB?s|G0 zR!p&p;`^u+tTzZI$Yf9?xWX1Wq<=ibr8BBj6RUp7L6 zdDB{48KL{=4I{~mA$+5^JteBbCC;GBJzH^~;N)8)h=m;ZOulngwWd*3c~<4>WaAHe zP_go(Zrjg0t2E?x(lTJ+pQDtl#PvZ@{Cru^t%2dLm18rZ=9*!a!)Ym;a~MB=gl7po zaQD9J>FcK?3D357Uk{?0kQ*XEj()ai;Br!~~Y1LRfQ1c(l$pfN3AG+A?+ z{X3A~gCl*bcmk{cX99r#c>f{Mjpvx`?HpkiPqOM=*GOI&4l&0(O_^u|nNyxa|E_c% zhZ{Jz(nUQBW{ZlNoud_Xb-LISec4A#C+gA!lMdL)H8)Ad(xXX68JdEcANc;>nUS)* z89MV#>7ylH3Tokf`=n`}Su6;&el~-?Tzp9e&b$hejZ;54XLwlhlHH3pCD=(j`H=yO0 z5T(Lmc#YQB=amK{#QE3?x2w5C1H){5eFQSEYXDKu76N*) zv5vAIN-H-peU-7iVwdZ2 zbC2nUyGW!*tPx2 zY&&-y{@EcOX@$W`ZcPz3FlKox_Bzeuhy#fAO`9h2v^Vrt(_nDwZKPK~3_3L~P+YLe z`eo#G#yUDNF;DC{wE)moWf+?kOK&6NY@;`0M45S&2SGS1FqA-4L||)OwV81acvieE zr9>b5EoE3dws`|M*DL>w#6JVx4u~G7+ACHcUO_C4f0?;NI>L~=tYf+BDAD^$D-*E_~B<~iFuLc zMh7jSV|(RQ9MM}MEY#n*DC!&v-`|J59W`p{98jM(YzfYlGHE`l0dOC)e5FUf7cQt$ zzDj?8S+%RzFs1$7VuXj=1Rn8_FVw1M6jWLUrwyU!ivK%R7(ripHISENiF53OFe*$? z)1>xm#kkdnBtz4_Jw+8-Q}wA0{DQY0c)0wyyWOR4=jp4HMve2o){^nju92S9>U3RF<`a_=nv@&nWYCLtB zNnnms?x_{e1)${)+t9tFd^22M$88*heR!`bwJ_Ph74JI%s{ho!ZTn9;avc$ty9P1Z zV`@`-3MDE$Cb{kOl6cKlIM;%8J7n;r#da$P!@b13<(^G^F7WX<=yN9<{OVbT7l087 ze~?T$-ZBj$M#haORQevy)2#5Bwt0ITE3jLhRX^i&XZo*NwfG0&(XgOh98crTwg#EL zs9Y%v%8feacIjyyTJk?+$d$fXcz-S&@_;!7JGcr&LBes<%q zA)mktBIY}9f|wI1QlFjPR#%V&Hids5blL!ul=p;@M(y8ZO3cz`q{ryb4V)3ySkPT{0OC)4~b^H28DA2Sxn;9J(%Ijl= z(YKn6L!b@XTzwc8A&_gz3>rfFg(U_d7MS-W>=C@9{#uSM?`8F)CTz`o6~X6@pjo2G zWaj$TB$sOE5#&{>CI~^nigurgEUpbPm@2Bg!PIW30`7#CG({9aafh)2ei%H~EWB z7kBiHywB?@V{e0J4mRocizf2O^hBe)pD`IwE&7b076d+ckUm~05TnoH^?;dZeRxAt zm(oq;zyejrM)3VzKJ78bF8gtPe$1mv$sy(FnYBoP-F02TQHyX1DA<5V@rl!NU$iP2 z`-2%(GX}p4ygOIlZc#PIeFT10xg#$0JwH#82--IQXh6(Q4us;X@cpgi5r^1a1I1W- z09FI`^~G#{zvoJ-`X~qReOSCGL>vJ{FB?)cnY=v)`8Qc6r`kPrhLLzbNf{I^ zj@_#ClK2*T-im$f9J5g5(r3u!b z@08;yIp2w2naKr7G{7ruQSdNVJTEDmU8S0O;8IC|YRoS<+1TdOhp(M~0`@b@dOJ$= zX-+|csgiCDY_WRCHc4WCNNH1txjp-T*f;Jtsr{!~YVR$Q2!r$0pd zK8yzxOT%S|C$AXXq^SPbi{2)8cz_DN{-0;g|NZ)W6@o=0=etm`A@c%Qa$?8yo^O@P zIqj8`cb1$`T1&baY8s7ja#H-bGJNJ>5}TOq{zAj^+vW~!U8RT$|vDKp4*zQS}!nc_-dg2FtS01d}o2Y#6=D!-A z({@v@*|8Xsj~z6lTH=oq7=PKE|0GnlivUZu4e-6N}I6-@@Yo*>w1X%Mz@aRLX7QfUR&cm?xa45 zh1&zldmGhg?3tP*H2s4=H?KoG2e3xt>{ag)wZE$ooRCet)-)Qq+1{Uc(I_CMVNza( ztF|AWiff_>yKC@Cu-kt1YcP-7&z8_G?2W{rja1NGn>a_hNfCG>*(;@Y1N#!_lp)~J zR0tMWv;QdPMM>r`jKQM0!}&qu#|d{m-&d6`GYc(O;IT$j$*8ik+*tevY}-i#p67W( zg$$i>O_MDPyLeX+$)|A6`1AYE8nTS@gVGP*RGzDioP2n#9qqyn8cl0D2|cEm{{P17 zH!~gE3wjmr8ql@_Kd19n0->c3v#Zh9dB070mKAM z@MA0bzA5sa`m2}*SF-isCsxJpmD|_I=l3lQ0w(OwJP8IOw>KnfyN>wCoc?xj+bos@61W$i z8DrP=-I-mgNGk1D*8=G0fVQ(YY^nRPVJ~8?B01bvV>+ogC&`YfHJhToE1b3akzy%# zP~A&H2>lGl6l>!<3G6e@v7>fg&5M>$;iK{`xaW|uxr@a{h6Jxyf0Ro39m?}a{)E~f zq*q#{JmZ==)sCWqLd?e>Qkp!p{FEKVM_YU29S64IDRa@Ys>bmC6ws{u-#F-$l99T2 z6K`|V01I+^{+l=W_?2U-=-Bc)03JU9V?;&k?FWTE>yCRmKDw*6C}5c}9uGh|nI3Na zF`hGayY#;8YeV?s*-sVcm#C)CW!j6h*!?jU2N+E3hO%r3h{8skn1n`(RlGly;~g~W zeW#mLRRV_HLytv1gV!Ifn?vV&QZ6xodj5Yv-%8NZIHx$E8SfPGIu$p!fU9x)l*zB? z6RO%A(anxG=t@O0@&eZ|_uc=9px_7og=(XxcDuv*8ds#9F0_f_By~Uz(5x{U2&(=5 zi~+H$_aYWMgDeJ9v?z8A?UBJE0gEgb28VR3Z#Sv^BA=^q^wG<_F;ia zD=i0ioeA3?T~ECbRtm>~j1#xs!TYs0Qjb!j(dYL}6VLZtjT%$ie)Q7_mo9W%`RVOk zeVnPBmDJPH298MW^8~D4%>J`*fB%of#kj$yUc_yDC~FrRP(_;B9>Tt{IRMR=Oa>{( zf1lAev7BB0P-zT$e6Ub7vr1XR{8Ge}X*Z(5@x1*x_IZJiVp;tEcfGk3 z_5?Yg)Cg<$_dGi}b0`3XmWnWe%XL_h#cw2zYu~4{d-4h%`#Po~@~nsZBd!pC+1>7G zw*x++ZaBHG~9w%BeTnhFjXV zzbXe^MtCIL_ih##J}XMRoEEno6#l9zrEVEZZQq0p8jS$t3(K5RJWRL z!szw~F8lc&?1Z*4qE&*fSDqH1y(IHy{8Dq4YkJ)G_Mf7av8n?uDe*6c0VV+^wnP_z z0u6T+h5JqmU`@f+(vv3N>f!d{(7rkZEbEEDu$dXzQvNXWl>-k`!D!|;J1EgKL2)Lz zjA&+=op_cr+iOamZUCDUCfzX@!a>DlqTpg=TibQnkQ?MmR~8-wK5z-CGHW*_(1Z}XlUm%K>!<;2cME$x zIvdH+$TG%dY@%#q>u3_OOkeATm}skhyf|K2QAdNAKWr38J6jGg{FjJ}M9kg6gXs^@ zViZh#d%OPNR2gsml-Ob3%>9xbb%M0$+646B5)f-S0oH>TP9BOaVSeqCIb-I>M6;JJ zjIc~mtmB2WgH~Uuxc^rR`b(T7&$3R16om856-BSy`j24)iNlk{VX-R$%+kSx*QAuK1jS4JgJ_+{`?ThL z*kKOP2B<3nyWkwlPxoE{g*qI@FA_or<(oC7#wBomnZBsif>YtH%$ov6*e?Y2TU?xH zmpx;0`G{2@J&tHewO#j~?M*=e&hC9QdheJr$JJE;Z3ADjTuj6PGAfKcF$duTtw<5`Ni!7{64==}~TViCe`~h3)Ln za9uG3f9Cjzcg(NC-+Q>@%18y67&^YVVk)}q;4g28hUiDT~EPxW)}Xl9C=NbqKg(~IK_AO>+#jIbZ&DG@!&mwl>orukdbTdM3FKlg7O}pcDZ~TLM7-1vGpFDEdb!3xx79{^ODK{s<#R@T~Qp+T`+)JUWC$ zU+kffH1SgUYrxKe$!O@+#4(bszmgo1VJ@!D=78E0RmR)K>eZMy^0@sH!V3LaoGS%w zm<;=c3(&}z*vZS<#rZpu6RmlEpy3PcR0iqjA^sja>9{T}D4jC5Kb%k63|BlSdfQk0 z0svLO9_`v;kv#qv!|-Ic1Do0Fd@!gO;VLsY^BQgLM$;dUZZQj*PIC-c2)Z)F1vb-c zsNV&S!h9cW)Bh^oHcLGPZsSVnhq{Um?!8xsaT-;mpx?k_70Z?itfkujqcqWYhJ$}{ z->su59(sjydLE66P92)AY`1@TzF&Jdhz;_-3hH6-n{!mpY7Kx~g7gEn%4-O3T|;iF zTdJyHXGq&&lK`3Nh%a<1{3m`*x0LK(^RIR+pu1cc*Q!ri<`QQ`Hq3?%Yg`_3sWPDN z0VBW-(xB=Z``<>FJM14skil5h?a0L#hYxBU7U`r?NqNfB8I%^bJ~VsiNlWhf3da)UWKo&&Kch)nA_yPywSa21LJtnN8&LnUA@ zU2{x>Ce?k0hU_6D5qBH`9OT|1j>bo$yBIHJ^mZkt-}IRHI7qPeygxwa7cO6?l}!#2Fjm@+aM1(B(E> zV83(g7leGM72?H4soP2?(R(a^c4@}wV(h7Tx(KCSZ};#iwk=)NB~;Aq&p7#9qBa#; zGi>YXp+b_w#?t%u94fUEs{BbWPc1V2wRMEzX2nPi@}tPvZ*We1zamoq5N`SyEf*~$F-Sf$^C+EJafaG|o&AZ;It@bo2cOL_XKXDPx`w;YcwHegY zsDaYy#t}VDcqs>a(G<+a*MG#&;$O znaE^pRTE%h{SW&f{XIPn;N<61Y!AbKZWaTv1q|3e!BxYp7PzsnoJ zNkfaTb!*Htj^gGXP#5lF_&Q?E4$a3N=QAcbAOE_H!nNrPX`~X)FUb~N?)Hr#?&>Un zjz#Mu@*^sLzO!W`Q__1CLdDmX9lG@CMSD)DDImWONp$c65aT{%Y98<>tkQoQO$$`{ z@_3-JC0B|WJMb!3gj~R*aiV@ifc{#~2Mw&Ag6)+QTAzmU$s7-GBmGOz-LXj67De{6 zs_ybWJHsDLZzSOj(W7|X9@w&}MSq;$+O$uKBG%D*=TJK{sR z^hijc)=@+=SCg8Do=~lotCOD6>ENXg-=@O!`7MM(4Rymfpv^Lhuy3Je{zhm!vQ?OY z`Ogp}2;zKRNFjDT&`O5(#WBl6KZSq^DOOpNX`JQFm=fJ~{$BREzp8w_~)4c!qLCN}gPrTor4I#$u zy2qm2t)XUvv}Wk35AwQ8R^meednP;|{3)84TIj@1i6axDZTdm`T^nlq5fV+VrQqqA zYQvU2{|4d2{srR7YZ<3AwhnO|25yjdKIT8h2^{QX}Uh;wrU4_*({=`jJrdXAABnD>zeC?6&7^QFkAs>y{nmL4CCb}Fn zyEljqa$;FBsM_ui5*-u&@DVxDp_D}pF?c`!qXph(8ctLnvcrJE#S1!i@C3QFnzia>j@+{n9ut6Gf(ljE=Qc$ z3o9`8+OW~i>uMWNB!smBiOAzgo)vE!{ zArr&(i;KjVeuK?Aqa2NO8KX%GGF2k|1P~YyQV4~DOrPL3GvE*n=`_qwQk4M5=X$~j z)AN7r+j*wZF1O0c{C+gG<*XTR_&_Q%l|LOpQXVH2O}7s=cxsK5qMLnYW^f;NQeI5C zOp#!WuV>u7D_3PXWc^QHS?Y+jZXYddHE8qHNSC>2!OR15ke-ujvqTaKcsPS!h7ub; zflrNPUa?kVpC(Yv;2v@yyfP3E9!QA&lD1SJuBe*7A^X{L4vzLydds}bs$UymsZixO zTHE#hct5l50Uia;-44vhKHV`PmT->_&%?1u9;1Cx<*zv&48M=&HScnW`g#=H;-cPT zpZ~6L7J2y%h-RSJ2ykf`U8eeUY%)qtUSB6#-O%IEm`1 z7tLkd)`nu4DwT0tm-Fa;2d$tH_YW_G0Zk0MX+QtukYxGPzjie3>tbQuPNeQ}DFzq2h%6Iyc4>7TFsDTOBGP)7y zQv1r4PaFrrWF$B(BWbuaRX{282kEwvGfN~E8Ohw$sF;f}?VJB8mKAFiCutNYUXZ@k zG^Cn#iE56BuVrXpH~Ei%c1}|)bo}R2U@|;x1a#~`ciYO~!JZ>yAYRuJ>n&-lIrcML zccMF}gaRA>)uL)NhvvjN`A@FoC{S%BSW;-(X#o8MA8Kkts9AloFZZlb&psI1>YCuk z&$I^tN~I4?dZxgS%Q*}Yq%i-nx7Cw|>X30wq5Bq$x@VkEAsLf>$-}{fC(pU)_ks5=p(ZZpbd}*NDN*61xc+JC&NV^GX$ma1i*^6Pb+O02(9A|YHzPv z#*KzsO4*%blk~w*fRD0zT;(Fv}gFk;UL}zwSDvuUg==14WvYE)@&b{2= zyVe?IT_-{h1ZO0>y{*sVDhdun*n5N8mQR{ETvT}Z zLAZ{F-=DP9hJ}g_+25IdNM)$zH~`VoLmp4fAf-5YSMkA&v{zkae$k!QoDosf+yY>K zMihshblh+CVDy`lX5p!L^xT|(g&<+h20$mZi zXw8o7I5}XA>h`0;NW{A78bC;4K<)d&*LJ^7a+`#!XCESip$w+%T2Xa1x|Q!*`qW3f zEezkjZI~A8EbaD%+1kHycD0Am-2EpbB2}^m{s$&Jj1_nhNx}EdAk@Y8PGLWWGF>pw zN6a2aE2~JvJAJUxw-Aso+HB?)9Omgig475yHVZ_74$bHyvv>v)YOC+DfJUqsbEzZ_ zb?*@BGGWD)8186aDQ3jwgs&2!n9RNkH;uS6N4Edrck3BM!=e245UTVaQJhRgCo2XH zkO^IgjO9l@9Iu~qYG)QLfokw9F<~?!FSi)(f86ki&+KPr@5)*@_JTpRrD3B6Lrcxx z6{~Wa`wxl=RGj{REyg=~-cieL@qNqI+aI;hDy-|}2)f2fV(Mr1@S26gAu&BZZV}0y z+WXY$NgVuU2~*gd4RVK!WtT~v`6H8du-=$asrAdjb|a~4BgC@OspUt2VD~#4yqrOW~Q=*_ijL9*8d2y=*;oJb>h!<6~yZf`@) z*@^3xkNJ~GXYiH!POmXfZ1aSGai`a|584v~rRWOmqoioODYs{T0SFdzoXQNWLbQrJIh6Rf?K{k+YM znUR)KRX99ZB0stLa~LC@3-3p)pP+<$EaJ?%sdqSig;HIkoD*S(wPx7WlJTk<46p zM$i{rS@n={x+$8s`H=rAM5jU+no(-zsZw@N;_1mBbTGFV?zdi5A^y=Eey#H21z6h~ zCDO>j3nCy#^6FtfA_|$3I3j9C-_m9jSbbdOxMFT%|*ONmb5rK7} zn{F=kH&1SDj;7+Ss)JE-feF<_+R0K_DGbz}n(tq9nP-sl~KSK0x@;(5^Qw zO+6<#W$ms^bji-FKR}Gtra;4E^pZW?(Q$z--Ei0eYsG zK`2cynbl=ko}EM2(sGS+i#0<*p5SV~99chTRYbsdRpgxj>BH3d?x^TiiHIP2;!Dz;`k@Vqe%_k|T7_r7RuGaHUwJ`AMokZHG@i(;b)$dVtEy zX-dc^qJPpKw>!I>K7N-H{+SH;$zy?02PF9T1dM5ILEM?353Di%6#vSF(i>(I1CA|G zhxt$I;EC7w!2FkLp&S-uwhs8q&te z%6?~8aeuPOXBZD`f4NaVYON;5h%EG)50;JKqq$T_pnL*WM3bcrP zV=OZJJhhgKskLgM(0QJ!+c7+qae-t+k{A%>$@mD>6W-L7L1C4_$sd z_(tYhcxp$?#YC8Fgu4Sg2Pu@4j4>xKZYEH^Kp;$=?!ZxYVLS8vf}!Zd?SpJJi{>Yx z54$C(h&=ja(c*jgu*D3rZ0l^}VCB)jP~ipzWn#CahCOU4a=FSg zJ$-?^e)L>ENol!%t|W#ugK6mbXZyZ zSsMpG&|)5;Q;FK+FfPUoTF?xxj=+r0iPxF?*2@Xrf;qSnKSkR*MhUX+Q`mU(@mq7) z&hdLx5@b>H=?`Xmq!Ro^DTj9@mS>Yyg__I2?3aIokH6)lkLK)fSNh95Et8pEDZr|R zw%M;!Z~&8b^;W&oIPkK^zZc|T5+^bbET?c&rF_~hpuq$iRp5!mW@nTiC}6=;Q=V@w zfSiW8%K6#oUfZWK9t#xzy-M7Mb<)~8@-tp) zcA-O0XXQC*mcOR!c*f-eta~T5%l%`glJ#|rpd9wdU$@$91@oj+kdz`yX(_hF82X59 zv;6~~1n(s3$F}t7b-LT0J-G1jZipqsfxCs$k{a-vMg3O3T|7-TF0Sm?;ez$J-Dd@D zB~L8Sb=^b-8BK&}LcHfc*PNSpf%U7z zP`J-nEJki(B#4b$)I6x!xl*fZfd3*Ps_o>B5-fxDnb*&ZL}dq}+MboBsQVhK)-E$I z-M5}GRgD=RZwi-n(U5~tHO&0@8I64 zo$2{C!QAh+--e2ZnhTO2xqJkzTE_D05r4vk)2-?douNyal(pqUT98t2Ygr-kyY4a!2LL^Ha6frUb#K)|Hm?Mt%SvOAFPA+fH%-jd7} zTX>OjoO{cPZ)N&V_3T%r@#AOS_rbX%USqV6ij*Q2kb+ILZ%%^?#h=eR2FYguE(Q*I zX6H;zhs+ET*IJGE8*5Q(0Y8RbjWwbv9gy?VSC*}7_e7P2i#LT4mAP!-&7WnvZ4FK8 z9?l7qoOSyQc^u^FpJ#tRajmG@Mu)dHB>4d#{KJOY02kPi5Q_bSNWyq(WxTfRj}3lpjVZ2hz{|Ulwj<(@ijKAm^T?4 z=}9c#M_v1TJ)lMh%OWap3>UW1mU{Z2^;2#SyFpQiVL)UkDUTSrz3@(E*O~dYQs`AM zpcF(Vl^ztCDC2+mmj7h|j}NVSIrfjR_cMM)#D|ITXDJ*WagTrJ3aG4CMK7*9cd6&0 zMim4Sp%|u@EgMi~jdo7LSXj>bGH|Jt%JXS`x!*)kG)1&cao9#td2f)H<|Tldc=bFW zf!59voxobE)tDwF%H3&?GLD(O>zwYVdBJ7;QvAP+Bismt$Hb>2JH7ERIdfs~g`{w4PsG>oS*-B*n*)Xdh# zd-FLNx+wQC9rpohK{9s;sm(s>T*$2)0~0TYbkUV}bj*Ku-qyz~+bwCJhGBkKLzLs@ ze<1~s%mmPvyIyj>sP;8j`yI1I4+K}OhP=B=ukRmIMhgWVoG2kGf#C#en=`u^>C}3% z*6;q=l35g`Afdz&*ZAHkh~A4NO|e$stod=xkG&UHUoIuuu49Ewf+BmZbJqJ}J*dom zGuz(&OsWHZs`(%p<7y%PH7QPa)uZN z=^RQxNkIvNM!LH}L6Gi_Vd#Fj|L^*Lxu0jPcb!kyTJvdU&biLn=ePGxhn}(yxQ}!! zpEwMCy3j+w*vn{svzSUkbRYbUmZzHTn<^#E{-7u77 zMZ`^2qr2^5@EDln?h#+_?Dr(a^6rUeXd;y#u9MK`n(WogxPB7&YQxp-XP{T_QUuff z4x{+%l*tDS*w4w=<8es-;JnU_D7v%W3v|B9(T98%S@MOYk--P^IiRlzRwgxUbV0Tz z%r^d&YgxAnG+Y;_IgEF^WVs-X<}?#|Ku`Pl*m?vw<^Rx{cYLUx|{YsvXJ*? zx;+c_o5#5~40$CsLKmA88bJ;nYR*MtjKh4I&dPht&ysb0bmcCK z7LqAOI5(yBvvnqCy^^Kx+=Dy??=9C?@3vo@?cPVQlvepJMOoC>4*Ma>;OEbB50v~6 zPcObC&$?o={TAb;&GCi?4#27KlD3#ANj$v**JKNKY@?P0$2;@)HObk637)XryvE}0 zz@s?n(x4#U52wbf|27^oFirjXX~xo;3Qb)U>>jAi9b(_RIUh~dtOznxx-il|N z@TBC3#PKtz!#wcq>Bz>24&R$Rt7FuyUzNl(fy^s(O508F&X{B&aUZ~Tt`vfnH#mL> z2YmVT@qqX#6H+NoivF}@ssc+E%lrr(?^uwITsI@=hbZ?vD?g@c6=!%otN zzTF?D#tRss|D<>3;Qt#wgKl)}4 zJ}oIGZoh-CkQ^uk)W`lpHZc*McS$FQ275Jb#}+sMQnVAITS5HQVPoUOfri8MamOKK zo(Dvm7dlA6t(kL)p2lmj)Qut3w~){W5?^Etfc)USnNMzulh^MU^{C!r9|$8>2twMZ z%LY%`+JS*=$rlSn$=?7b_z5iEPC3Ntxf z9X^qBF#cxP6doHXJv(#IeDI|I=sgZMuOZ*r7;!We)ndJU#;HVFe8P>CMtFc-cHo?$ zfZ6sZml9PJ?NUk8iJ@=wsa}IgjI1T>(%E;syr*7J_QtDFmWh3yd17oiH9U^~N*$Y` z`D!@g;~KOcLiYHR(BM*E+CN73^{?qp*dbO4AfS2kHo{QwicH{x?|wxs@ze!Y)!Sgb z56N8(V=vT**nlYQk?HF7->Br3%c)^+a=j6Jz#- z#PZc1?4bmu)sHv*2|)y?zI__AmgQg?N{WyAzjesF3%G&l}I(rzRZ951Jh` z9$fe&ufDy&*t-pG>X$erD!L6A!biI8$=p?;$C{~+SK{sf0Y0#1CS5BLH5+<#Ww;l&~{QNSa8+8zI-jq$VDYNwI zu$Dp8@-ALq*8J-B6})n2KB z^MNZcUj;nol}n9t{UuBzh{iflaU^@+lwaQe=4%>MFEc%DgC~1oRB-fdkQTbR@05Tm zbMfrt+LQ=vJQdc+=F5Jnq^vrI(@Wo?o%S}X%N|M;aDCX5ojQA0EKzC~^CUmYXOT{} z+-`wRZcocFaC$4?z0TB@X_XDbffs+qn$P3Pj7yP$v@Fln;M>i4K7+>6j}sdMyKa09 z4F&CEQu#gO8Rs)KRJXf|pcXO~9YN`N4g*=Kw#I$d5KgaSgPv1SUdG656r%z3Qrd4& z+~U~kl*=z`MW#>j72>;Np}R{*^9oJAy>EXhlfVDa_CE{w07divw%~wqPQ?jVLD5BN zs==*(+JCZJx-6D3kElJmk_hXkrTFHH!ef)DR_hFVT{ETUuzn`D+|BY|+yBCRNGWeA zGkfZr?ZOsv^b+i`!)wRNdmxvlfAWrw8RRhX^Z+_}FzYEpi-~EiL4X}cn$e1r77J^3 z$BlZ-;Kf<@mfLMB>O<}Zt8D%_s-$grAcRq@caFt9?Jrn2JJAu6&2K~qEfEOWeN8vB z5V$9PRsnpBSRFG^Qms?67YZ`mxP7vt=l%JaDz&Kx zYPAtBPmNB&FD@=czUij4os+`PUr}}e^y0EpL{LC9TaCkRlkFx4`8gXLNqd+1uX4_h zF1rygxWt}zE#NPji-^$L*!4RcxA)w{ruuUbQLr8@s5vc>5lw~0?%>V-6>9Cmp4~A; zXbeHVKTP$!uO+FH@B^yindIh2K&lCB_Oo1}8Snw&8rU+U&y)?L9&S+-AaS5!!0{i$zi)Q4l#)vh<2E}rIms-Kw9 zD%okXvTOL>xZh92*H+n55PRdRzAy*7+S}h;iI3Ui;nq9hgi~Kud>Y}u9Q@s$wBmpK zHjOv0jhMj-e%Q5Nu~XtH)5V4EP(EB+7?$k$Je5OH6p?K$43@_P9QG;w{v7j#=B7Ck zsdR`9Xuw+ULrY4MeV5C@0;6izw`r{0dhSGrQ!8M^wuY4ejjr6)`O1EW@4|_=xxk!H zJ5M33N!o(Q{W1q$Aa^$%!E{+f1QW}%LQxr?2mQ_uT-h|sSr7q_(iIz5-p?`uK##4|uLyW(0kd`x(go;qc*Zsh*AfCQamTjOPg z>|$LHry>pn5Wou@E!-a*EIlcEJc}f6=b^67^sT8X%$sEWl}rLRNC>x*^nHdz_SyE= zZ1+`;X;U*|J?gm#QfbAr$Ni&@#|(=HnxAYn?}fPRn!0dHKZ`LQzH(+FYz3*n1l(?L+wje_)EW(k<_zE6pk! zalmxEp0N*ycP8P^`@Qi>W|sPPL-|zR$7Je>ktZx|8|ON3v$)W_VpCf4T2bBklrKPS zgt_$IX(nxaq*Fzf&5N$Me0CPzP@RrFqIR8=j+K;ymGa^`9o`ngBy=WlvL-ZiqbQRv zUlX^TJST|zn(2=Y#ymU%k?MF>7kF9QqG44oj}z!!Ex#wVOqA^nE0Iz@liYRy&FoE| zC0^n`*p{hYzTfokss*KEt!7_Az3c=Eo(Wcvh2YSRM*7PVaVID^p#m^`?b#6neMiw0@d0>|4hH6Yf z!$A~Rqr~cq;76ev_U`5Y>ZM5R9M6h9JnWGLGr9&9Th=Fawh;*h1m!DXQ9 zu5(@4-@f20P>gW&AK5({?zSnSr!j{#33zP6xdazz^3D}JGJ*q{OT`?ab1Qvc!wHQYLIa0p}_D#M7m;^ug&RqQd>22^F zI^|#68sh=>mWXyYAq&x=f4f(Wh}BG~$w9tqq-=SaZs8^N31SiL#;Kx2dPQ-u3K0{f zQ(6a<5>Lh+;w=hzXgj@aW!P-L&c#az#5^jz!XjY6D)ss^kJ;ozGHolS9`nF!>FT;;kIlM%3h3n(H9wVzaX~`!+J|ES9?FSgyLR~(O&pKX&aFcZGrYnL- zJmms+g95EX_!eIMrq&RR6j_$C|G2Yd8*&Vo)t6b7P8bMU)}`4xUicP9<%|&SC=qe; zOc4m#CSv)btvi2J8U)Yv{?zSJq{y^l4*>$gsEyHWzQ4llNc~0y&dy3cHMqFfb$y_g zNsV^H+d{O4P|9Bm-(&rkn;|s2x~9kX?bX_TZpfU^aIQWqqQBiPGXS;8tj|IqW0mDM z`0h^}%4+sBiz;h^#oB!NlN|2_8_U9O9E~@XGR5k=RfQ<<%{kAlm$waJ8 zIH2PQXM`Qf1Y8eKR`U1tUokD|{?}dbf8Pz?Ka=t#oC#mD{!%9;qI|slYcON$n{VCZ zOSkc%pXoBQ6F>ESGrV0ka69__Qsh-ZeMJ{h17sf2Gsh44G_X2!ngwO+AJ~k=b4MBI zo^+2I+2Ol#BrJWXna8MBT&0}3z}r&{=}Vm<&1N_v)@AI*qRc(=bWo!{vPt7b7iYRx zyae)XylHyz2Yovmq;y`Trw|Z>;F2ol{myLl z_YAJLU!#T>nB{BBF!!I>ctv+`?_H*pn3#{+{T^XM&79HMoHb^r`W#SsKLBb5JSLOg zA<7z~clwIt6mV^~QTy)HKiM7~JOjm+p@HmouyD{9^b(X&9C)(3aP^^m1l;&)6_307 zsf#?p5)Hjm2}sW}8IPLr*L`j+R*38($>)s2DV)Z(UQO^dX!Bw-9~A(zmVbq`*zP`} zd5c#@2ZUV|BDPng075_z5WndW8kCqMPT&*-w5nQS6EAxmaW^fB$%n652s=;c{C{%r zG{0G54Z|4)@>E^o4(zFAzS_3tT5SxSTp>uu+mqcXZ>y`$H*w%sbKIpg~QgkCjXKcA))1s|EG9Tu85`^tiZsOe%T`hZtL3)wgWpOi!iT z`T>4Dk$k$Wg6DC{-WgF5(J1!a=#%@Y2|rpFkd*wFw(;o3`Vcr{X&=usi_AvG=OaoU z1OjEWH`qv=^MR&eC(tMf{<$Nkh8gEjm)$6J{$8eI#3{ShiEWV5{IKuV{D@~a<&Z6d z49)QQ4}2u77#%JqOu#vB8lS6zOmJ*hC6nN8(C6 zb3iZhb6zfR!h_c8Hm)DN4g8u-l5qAcZ)YVb#3AnlV(RtRvK3MKNB4|qE;1ie0F5xf zo)sX=I>cAyoF9K*eTCC(`B*4>bc>3^UyUHeQZV};M^updCL>l;gVUSde}PGp;SUd3 z=TL;aOj1A{=k+E3Z#7-n;{-Ea#CB1bC)BE39V;-5>u3)gbr_3~xBNZn{0PQXNnD^G z@PIPlmz=vn@ZjN_w!c8kacplT5YvBO2|GQ#G9cJ;ES38)Tg@b)O(wgG6)H!@AG(2; zZI-~_pU0b^kfF3L_C-GU|21UvfeZ)6FHaw`Ca}8&9dk~n``*`wuO)q;Zy0i+X*if~ zm=$;X_fK4EORmH?>sN_-o4DIh!HdZsFEtOeJ)0GCU!`~Zr@KQ9(HMsOvc@k&tBEdA z33;?E!WD_<>-f42Ya*tC31f}FPU{;k64lIY=$v}`g>+xDvH41enXo@%n-?;(>+NDg z*=~0j>%MwHJ0{#-omO5F8qW`1y%Oo4=O1~b=x3NJoYtgBGvK6lsf}xRpuxw+7j=oh z_9ol|%lmNl^ZiAH;ETqkDbWNm^Z9NI``Rx0k9M}la_u=jnfI3 zv%KM1N++0j%^dNvy%Bg1kWnN(Xzl=r&cS+EMVi~+Z~)r+Vw4E2OJ9e?B0;Vot~J)n zO(IWS#IVh1SdKctO&eDX0r2#qY%jwn$yjoWiS+OxEV2Dad1NObf@WVUM!kzjQKO9f zL+yuk8OM0|mDi{)6))tc3XJ76YKXsweH|yEEB5@6sKFB}bf*XC4eTP(VPJ<;cS!*3 zbx0^ca`*L1EgXz0=sLsa@ZzgKP%AbAH*S?xV{!4GcCr<}Yv#G!*3hyD;_f`Yf#u zD?yDhQS+F%3M~Ki00z!?L_dc5x|Dsxmhw*1M_9jC@P+pG8l*^Sbgfmw& z3Hk8_NMN@s<{x!JSg8J=*j=`2rX5^5X#yJU`zCAH+J_vy_yO#vNqm%S;ZVqNZ|k#m zwAss6c`CZm3v|Zn5&9=WR7W-V-6yZu*ot%*h(^QV`t<+Ky!0~wb&a##y= zy8)CK=+U6){7Sednr!17*AB!Ne87z-2VMkX^{8znE}TLtXjdeA5RJfN*lyGDZ_Vbw z5<0YFu3%Py8#$C{6U?oYKFPF3f=j0C4}{ovhTz&6FbcNSn-0qRj}xKBiGd$1KKtqt=~GbF3Q!6m zi3uRh-%QWnHAA=6wXtzs|I8vD3+hrM-i#mW1*?dE72Hqr6^Ii0xml#P7Uhfd>i>=r zd6XAu1qxik(tL^iI8n>}MT+H5PIytj+S=6j%(9D~XA;X}u!2)M2dlAfU@m+j86(D{ z*m!&b*ad0Iy#zn_oDYM^G_zaN zx-Uv%d~9>9yA?MBldJ|8QJ4*;&6wSCV>~qFbRG?$e7No^s3#;TDQN+jQhbmM|AUpO zc54FdY^Q8xqE6G3@HUl&2t`x&K8;Z<+K|I!a{2`yrfmr!Ey-I&y<0QT9Ij)eM4FpN z5!3k}!?=<4e5S!QeM)&2({|9%uLV}CY{EV(g43)y!L!FKg30fyH&6^S6D>mzv3v)J zkw4TE^B8x#m0I3>e4eBLx1jiDA@NUSt>6FC(gdPn|K>==GY?iKPt0h=`_YtZl%e!A zf2~~S_4m5fTVlD&4_Jw+#;x-0O4O1L&6{S&mLrM;*&4=rsv;LyLKXtKSx@3)Be1xx z#q0^1NL?jW50Ytl>kGe9Qyd$lJXmi|Y&C5)yNulsCg?Y#Ut?FB5G&+d5NEGpKh{zi zg3ARrveVPwuv~lc%KW+3wCt1UBT5%87L{en6}JU(b7k=_)&!ql;qu?-mZtxT;{wXg zHdZ%uJtEAf0^~LAwpzgRCdy9~mTD6f_77)|5}8)3k`)sx$wDdu(DNIgChFw=h{wwO z7s2-5L>sdsW$S$QfQG{WLve}T5;+)I)0fd(*X^7!C+PC4R?<2xS*>UKYL9VaozJUj z7}5FD5;`>GcSURT*-+Go)w!gdU%)G7)j1Sz4F;-!&5r6rbp%?_ioThxQO$%wuycL2 zI=i(CeO&Y3P>@5Yqzn^^5@ZWdq+5`r(>-ooej3Kh!FOaGro;X->CiQb_>DGYw0kD; z)~-dA0@Y|*;E7@XVqjTgeR!YdHa1=Gq4mnctNEo5GfJ(yk0wBomHN1*?P-Q>e_n(` zXJ%+t_&E)rDH=%8j~tg#!Bq0+4};}t{ZNzh3F9N;PRR24!dm?&r)<|l(O_Eb!`h6W zqt!i5W56Oo4{XBP7^iVd$Jli25i=J0{e?(~^aZ*KXG-$rQjc(N(j=1XfQ1SVTH6hM zuswlPly__lCxFDUq+hRgkZD<7%I7g1#~kf0{VUXEa$oJaB1J)=#F9Czx1BC1vJ#{S zqu0HckqFlW|#a$&Xp5j+LR0Z*e&tl>^U+qe+M z)txL6j`eECIN&cOFE!DENm(v3^QrMsrToOuZ<`yzmf53uQIy<%KK^XJI=E&QUikfS zGu>kbrS>aS7!Mbb9m8W($3B?A^2O9)A=MCoY7N2%n$_jC*g&wA>Zi!i5}_o@ronD+$<7=c?yTJ&z@D(i z+)zENk5gPONxc;%i)Pd?T-YheRWLPLcbYQDb%SPiyXx$BKDcIS0_k5luuT+bE`;2>Q@w#HO)2H8$k z8=^5(!O^D2N#)ww%JmeC_xo2}VROaut~v7XHiw2Uq@9^(=9)-JI5 zj$<*$>L{d+;lZ2k5k|*vizn^ zN)!$c_ak1$&8F7n)N&Z8HN59o`(XIJB7;@lx+&ITZ7oohw%rD-@V77Fi3a0`l`6G4 zLGUWtxZ`R6?awAsxmk!!MWao0?;lPLOYz+%39}q>5jU{UHM4unf?e!S4y0XN>`JKI zwSuagJJlHJN7N6&DzXZ)wTT_>0d;gtKE+dGAZTko&#sO;nyMv z+ee&(qPTNG1C>8NpSFExQMx_mF_`5F!SfICa6U;BN(xQgWoCPvtIZos|C6%)NFE+E zp1?xYVJS>^!qtmEIFF$9ANV#a5*$eTMPlpn#hAkv;xO7fil&|0Ug-XSy>Q;ExA*EM zbE;4QY@(uu(|=u2a~M?rHVfOj)f)ra2TFkJ_JiG>KG{G7sTkL42Q%q8XsZ1-uu225 zU0x4TcY>gpFrd+Qv6Bo0@;Cqu8W&|-VvCQP`PpJSf4(*L%0Zxi zYYM1X_8p`Am>LdbTNb1kJ6x*ta8XL-BJv@{+7cu{;+f#!M~a_oOEY+Ih`e0n-uE%zh;KX93Ojcq(dq~XFuk;#Dfj?a&sf8S9% z@1Bi#(LsOMa&2|n@5fDAd4Bj}W}@{(m568404L5js{7fO#OkDmcNohcZ6ZeXuiozI z#ZJUbL}GJ~ErcwI+G@|R;!~HKS#GX>Wpn&irtcp~B-J%EM(m$hy2da zD2$7QeWmvnmR&6-n_V-NDY=Z)5qj?TD)Ic|;eCWYPR?P# ztHwowGNv10OSSpE+Za9t$SRSf@CECjRE1_I*)g^VmK?Kf@58k*x=ji%z#FX~fhJ+v zy?2GwsmbZfov`L#7aWWa_&!gf=AeGOxl|++GlsHq!c7_|e{XFBP7LT8}qB@h$&MFrDUv!heC@{{dM#W^w zLkD(NF?L`ksVl~ODUW0B^yk1DPUGK~2k1~Ce@Yl5d^$pxY#noHJFO)3tlS|GC~)FL-3RDgJM7q;Gw@etarR+PEpB zx13fc?LY!LtsKz83o!%R_#9D~g2K`5jyB>XDZ=@@sx6o(Mlb9LH(HMdjt1Iy4m`uCxCB*gcX$KA$fXPfsPpC6 zD;)A}1Bt+2%0WM%xQ?+}V>_vW0ggJLSP<=o5GgPvyx@sbMeKLS z7C7>5($X{R>MfefZMpM6=B-tOPu9~S8lo=3^g53&kF)c9$Yr3MW}3hXJoMs=TVox6 zHI?J>0rALx+|x0lTr5WXhKz!WFbclAm?{81dPCzT?yRN1s6G$KKBz*ePH0 zW{cdYNmYCDAl4Ha`OL{yvGfmVhFqB)vbjSJ*@A+?YA&C5`+sGFbcx}v=uVe+l7C#U zH_}a=w09^D%Tv&bbC*tpWd&9RQKjoH(*^tA5sq;SkEv>cDwDB4sZp$%oI8lTe^aKd z{36wn$Zm*_V}Lh3jQtDU@>i)(2JPJxlE^)wq)uKlu?>jR=RPd3AB6$WP!LD8y&tO| z!^Ikc=EL2laX$QBBY9f<}jm*pr#8%SI7<+_69K$npKVHjsMmZ@kp5ay(xHcl_OLU#9gB zle8paxqwYK`%!smvRM;km%we-OH9P#>BqEMml+njk?miCYCKG!MtefUq+6Rc>x3%) zTVlOQ1lJJ(JD|q5HnF85s;*{xPwpxPv9hok=IEaEGM~Jg)Ou_7sUIYpD8I zzEN?2&E6lQzw{peG)a@mA?E-SJx&Uk740$DA-4duz=$bu69f5#LtIl8NNgXns2~0X z33Uk(>kXc9T5NQ@qoZ4gId@aIN5oo=#|VE+JE#C(^@g;;vZiwp#I`Q>>6NF0i*X>* zgD2$P%R~R!PyC@wDTjA8`U9AVk?`@;(*t9wjRa97z3% z`I5PIpQHImMR;>#!*M?|XD;w;o&{Axi%c^i61Q9A)vrid$HHoWX&UK7@a>V!{9;w^^Ds^X=^`AcAC ztR`y*5{+&YaxR+Ux*B$XlNSE&akEze#B^xEY$iZK4c@)_D364w>|u#&lj z)!gUe7Xkg^#F$?*p@MLUz@!{P^DppPJD#ehfV@JhUAz-=?ED5Um9xy*m?qC%FVfkN z*3`&y?)O*xf#uk8>r{Z270`*Ws{YMy^?>N=&7Q-FMWq7?sE4C5Q;3oLx=%kPyccrj z2A$SGdw%K$Yu9#H0+Wk2RyxPQs=YjG2`~5mpxrgLFyz0PdZjVSW?d)r@WqeVb;8*; zTCfezIH?4Z)rCo(e=8T*7aI=)D}Q){_E!?|6M1%P9jLTnrJon6Z@wApc{B@29fzE68CChL= zDc4cwpnCQ^@-6>u`V-f0F3b#Aa(gM`zG6lxOtiYkHMq5Z6hS4)75x2;!IS#0y7ScMp;hBgboCjf(532DfBD?Z({)==?0_L%mdNBB-ek+U^UeWo^$9}YbO5#LiXZ7i)gtq?}d&uMe zC*oF7ARnAEdwh>UmO&$qD@=0}d_sARmEE%%V;`rOvosC~G4@yyA3ra1jcFbB*qdGN z3Yj&u;p%$+e0fsXvWK|z5jp|I5}Ss9r${F86qDCKAb_imr9t;?Z7m&Y7{AaM`!-&R zU%&9f(iCw;)m~6foX>cOe#(&{*U87k_~!GmF;#Y^J>Z3HZnPh_+0|*B8i}O_?Q@O4 zg3T1p*7ogZOof0ae%x6~MaIZ>p9TUjZ>8kLLM5G!3u0!PTYfl%>ppcP$R-BL^w~BR zM*jfTt#Byg#SkLidwbjmj}caO&-*KsJX?E4$Yv!zH~PRuBj9V$X0mJX40inPqyDM& zzg`fjuuk{bceql*IhzvAAUkfgtm}dxMr0y_h4Q{<<{`wSX_I}}eocXP$8*q@mO)wW z_l|)Hgs>RuYQQ!5gQVp13i(x55uP(!dCRzpj4Gs+9W&*=Gih~_0q@^8_DG`f+vRCF zB$Rp|8b4)VRg|1!(mYtA;+-Z)dxsUYN(B&~6D zV_~rz4BdyN0 z?=BKh3+j*I=dM@kmGbSYTo$Ag+(c}>F$k8@xe*|DNyaYJPecYR z*TpdFdvg_vd3%>9bJ^BTSgOBlYpXzV!M!pwUY^D=5rcRYV9v&(Tczzk-j@!V?9F*; zCAt%Ykm;cnS=s13ifZ}%z)KhEzB0JoXt9yuvxGy08g6H&R((!gPeBr5dyWz+|EoJ( zK9y9LM?Bd(;(clNK+2f1E#RNHOGfiXDzO95N+c6hR#vR_v0}fZfob%}|Nf16vu~Hs zw1>ANdAwDalR*4Lmx&1Kcs)o9E$xQKzZ3BpNy}rp9y--n%_(&f?ox@7ie~J1#rgb2 zYSWKxKlO_cFj}M!COyqtqB6pDdu!F3dm_$DcYJAb9UZ_L(~$h1DeEZx2#*l^zlNQ5 zaJsbO-^sK6=(D#o+?vd)j+W&1&_rz^TZ@X9X6CI2%tmES{6>umk~M53f~o0asb_St zkJ&BBVH)M3V_n2D^_y`*si*^|`Ay+T*n?-#G~=L4@9n=4zxYgY&WFUw1v{FV4i_?G z)>kA1=Np}va??DmbZ*pjA4jm@v&mfiux$P*IJR=^vBYe|O%^CQZxQxy$kBV1U9OvR zV8nc;eB#4|#07rDv-i4jz7_pU!v``rx#GuNv}4AfKTbN2c(z(K^42-1_HjpPl4}{o<8_=&G#E~t#IPOE=|Y9)bP!2>C^?eZ8ohO!U}cdjkj@#TW7M=WtH1M53lIT{+sN$ z{R5kG{E#c@tw+Pe#GyViBl|3D6?IhuKlr12`JRj2@*J@Limf`zwB6>(G&<^k$om{3 zQf(U3Q54e%yAsu5b1W?W% zuN^ccKI}R82wkG2er!lsD5o-`R#puH1YFUdp{~Did+wo214zro`m{|1!@5#y{5Z7~ z9#56*1MebKSy?EILy(9CB71IaReFMxo4iSdr)~vqf6la*$5g13wM`>*Z-^fW%>U`H zZqBA_$>EgBPG{a65Z18VzXQ#gzeJf?uz|`QGv9^#qi-8-s7X{}s3wlg!--`vn-u%K z`SpH4`i8vII$TGL`-d-4l1dWGCoB)F(xe0>n191+0>1D>71>3u668dmX}zmPixm@+ zW`F2H$KY>bC^Kkp`Mbkc==!i~A(>c_bDg_EB(m8y*fNHie-<*G8iqr*X=}&v*yUfM z0t}$DlYXzCuUhwO`dbWtWrD(Rxpk^kV)?zNT|(rku9=aT!8nVZ*yE7R@c!uN7e-^x z5)`_7xX|Wg(f_@fmk-V~V0H(r7a*ceooxn9q6e4Le2|J|5^se?)oH&E6(av0MOtEG zRQgrrV9qQL7~lE!VfF-cYkwW+FQOVpZxbu77&(p*%DvpoZ|@E8O`pez1*$S9%vX&| zDnA?e&^bTpKW|t5P%g$GJ$uns1t*;Lf~7 zgSjZuR^LO8i8wYolZpgb!3#k+TxUO8zp z^J%Z$(J#Tq8vNA zOJoiZx=LuWv#YRB@9i?#9Ow_> zPOiBxU1kh@C}J0h_w{v@?j|0<6NuGnm*e_N7$B~^siK42SkF+(zixajcb{b~cNZ&o z@Vr}*?H93W3nGMG{8jDum){Etcdjoyt8x0?FuilQm-pyIipchyqZ?He!~b<$P3AaW z$t+S_5ke|Q+fF~$>M(O$VOlO5P4jtFTlhxz_ocd6_DNik1ta3@3nZ+)CN^t|u{{~+@(um^{9YLv47 zGe2%Vfobi9{5~#S391pF$o+q6SztO?q5Ev9Zz%tBmpc*P>u0}jo8P~;u%X)~AhD>h zbB2IZc#SMA9g0PUX+FF|l;e%1urw)gJWKQVgB^Mb-4l~ooOZF`*wb%Omp||hy2|)2 z*m~0CyWqWmqTeVPJ4p6B!N45|(iz^~UhI!K=6Gk-dmXke(84_}3p~{xd8b^VPJdc* zE|%0bQtt3Bck6-^N1$tzXUE@5FN>tY#&3)IlILP{<@PLL+dPw|%$*0*6>Sl3snZqi z@TqRTwJx&<(}r5P@s*Bz7pU*e;y~`)mDKltNGV($5p}H3C~f>5(!zjx+HO(MR7L-7 z1j)~aEjt^~MKv#a7k?jct;XR015d>9`=BUFX1)1*S9Ed--7)8VcOLPbEdl)Y{$^vr z3pMAPBYo6(G)qTgzUXj!p6|k~mvmFtLT&6ZhXj>0H@*xDU6m#y8O1A=N74Xvjo6?! zkuWg&c&}!mJ{3#?(uFgEJF`mQOA<(u4g3};;u>b8VfouataO~9RaEE5>ZKUa+h#yE zO3h4*l9RVU7BR~Bonv5lx*1P~uykFqD+~npu%JQrwjjpYS1zQjPOV%RtaHp(r;F}6IfMZK05uDBpzhpuW;q7g7xzLx%%<-HWPpBW?QQ@IvsV#b*A z5+{$%z$kh{!?CB-hz#AN>{aK!C~ss@A%&jzw~(ChFI!*D(v^J|7%x41vOhUu;de4o zlGi9q^E&&W{=z{*6%bD3oPx}&WuU9WEHku25@};c_HlpobBI+@FfkaPt)Z8rB9d?Efv#1aNUtKq zF5EAHirPRg{OCY)^0{t~Y~Z!`We=_Ki^F;U1HYRx6ok$J;9R#3!+w|Ko;#u~Z2JETkJPY)}0K zM=vB7G$AD14bRc8Ujy)`-s6C>M4)dZyQO{RV{^=oW7ni?g`@JA0Two*TQWAQdQz`%5}9uB+}ZA!N49$F=5pYv*%Nzs2}%SeoT_8=m}* zz+8P@P|J0Nv?-&j#QeL6ovGqvJfR)J(WX_*z+8$(a)1R^NnQ6rrHtBq`W$w`7$bmI z0_U3buk5L1;aN8y=G=J^QNE%@ZL(pPRp~puK)wM!U4q{g5L6*9$jKzK}O>zXad2Nqv}O~nNZM77HJ(DBKuqJQr92efEJ|Y9XKjG zHM*P+A7Mz*Jfb8txdXt}4jw<3|->>aS;ix(Q;$JSzC9{IHfes^$twO}C!^29E`x$m@{b;K-wxlG2vF1f!SoT^r4R-+GQ zhRneWSGv}i!{`{86KD@qF1;hSgHEmPJVH}B-&8GZSYG5U(lUR4BLCKR&Lc)zZ{D7N zRo_(8My-c{GCxNX`}HHv(OoT2Flsii#(%M-VK)CV`+Ux~q_&?SSJsF|U0=1Q7+f4N zpoAfXE6w}NdGGtdZ+}s9pZ;t&uAv$|EyZJeyS6Gmts7|0BKZ6j!wt7zm6ncA4)>$S zCleG2+L*u->zuofg13u%_n_$}(Ws??O*zO3@CQsm_Gs2jJ~H}JrA=b=Gf5x-nS~Nd zLslWhOPfwV(Th3h)u#zElfpq&=qZjtiA6GIhV1QH~6utm80C_+p5F!bo zC0^8QfNg^ny~$y^R$K&CT%b4a_Ke{9SXwJ88Zc96z*bD~@A0rRcBG*7!|c9T64SR@ z{`%RM23(qoi7den{>A#R4y(Pv0!D_$mkD8Rkx-F;B(#jOU)`;Y)T;dV!e|<21HN?; z4c&M3)z$|EsR5SAB}-H0cd3n$2H4HoAI`Su2}xv(h(M%CKj!!(GrvM%I4eIN{U5^K zJDlzKZU0WFtthoOwQ5rov1+xY=umAD6s1*rC1%vDy-KZ^MX9}sz4zXG#!QG2EBt() z=Xn0P@B6ub$NQfgNB+ujd_H+!*Ll6J^L&GP+j33;)+9W-2@+kk*&tx-pkXgDwulZO z=d$m?Ly|P6{;T_QEjZ=~Sza3?iw+%#PP~j!*85>GQ=&@ z^WcEX=7f@QW1-_GjY5l!M9&)8E+9vPFhIXDsSK&3dt+L`> z%d(N5zbnDS*p{3hYmO8~!ZPo(O`+u^?DK0q1(f}kD* zF=jkODr4fldEri{Z?07^U4-#?Pq`ciKyQdR#EySrxm`Ay zmLKg}`T)Z2hyP*eh2^bBDJ}U=!ps3(0kJ$@A}!SH%9~AiDo1bb^d!cSCvVJRMfGa! zTKE8VbGfY6t6?0={gXdJWIfOu*!Md@{W0t`^k$qi{;zIy;B`N`_wNl%RlxH$7e+7arObT zNI2PlsmPzPQuzLN;{-f{@>hNFAhgA)8mrlw^Y}7;(ZI6=@DZGR?o1b3AQ7XAKlZ*gN zh5Nzf*_u}#(j6)xf|lp@BBC`>O6M&R)Ox^~)mE`|EspfLGr%upB5D|&H-3k(h(ker z-xL+3H7{3Dp8%sDhkX3==CuJcur@~uubZJ$6BBCl*QY7-a2UcN`ucWO_18#s#AYuD z6DG={C(M?SMgT5(2ytvWtF|y%FUM0p0`vY8$*`jdwBT{20ld-izS2i}H^^x!y@2IB zx?F3G|o+6a=`Sva0>4Lv1#PQBn6hi3H9m!I@2ko$9eMEduMpln7wkPg`e@3t#rIYCSaer5ZFe-tfU4D9_dyA4yg;0?HF`h(-mBSZ_=jr?At{l4YnqYZ% z)IPmlID>eb_bm=3*n{EVw1?+xO4!2ipUA5Ld0cg!R>*7l42h@206w5pb&Eb^K|_0U3dK!SjAAoj`X zvkaI_8~x*lo^&$9T0Ii(D3G81{NitM@eJvhcK~&U%@<$)lD>UB+{;IM!$3I;zFUEG z!xJeW2{0CESrZQAz=1OsTmtVa{;@H@rXU&#zuFs&3C@vWKLvjAQRUQ<=@G09Ld-Au zAX%~1%CoU}?V(*jffmw?zn_nm0}_j~sj7y*p=adn>U$MsV2?R_YJgG%Cyp*&eo)qFpLE9V7*tX^kc^IaPCMV3sT}f=Q85GoZ@Ho%xsoM4 z9N-quSe0i|-2Qh-Z^!Vqo)wotVFY;;vr@bKYsP!gQjGVu2VdS@xfao-2Y~(_>hf7V zPSk871N8b?nDxrnaqb1lXkiN~s8y=%!yl3Xs_o1KRR#Bqoh3kf9~=PMS^Hya>5<~(bd-%1GuTP zMkaAN)5^f00N!?38O?pNJ|QER>ysA}IT?GTUkcC|?e4$6OAe`FT{2zT64}wWF=4*> zN+r8PopwP5Hyi{jQ1bB}%Al8$+Q`aJ=LF`+VhM&|?K6IV7@_!ZLTWWDhKO`Slazx7 zhUbOvaNwfb_a%6=l>rq~$nd*VgNLlIr>V{M)#78(S%0Hu$-8;oJo|3@4x6is%yfkn zJ5VLBZmCh1rq(n0KdhHlamt#{?tW6*elo?-(&wN=jz10QDgr1@JNKP7e`UDpl zpny2gA)na&k`*M}YfOq>58K*+_K1$W`9}*mEN)pAyi+Ko9v*&B0oU%UT<)y27KgTk zea2(v4QJhJVv-&hoLWjGnBdLKL>4aM6KuQ5VV=8}o-q@aew)tpCn^OrF&yJSmTSiWwzPkpR`E=UckBl`k=f~I@}5aBk*ty ztkyWfM8)J#p9~>`rFhc9gDcycy267U@xL4?e1h)+ta``=?l_Q777Ki29rHTB$g5qw zb(Q+7Y}`XEN^=o;4fXIw9)IsF2}nWV+lJzlCr6&x(`l2-BQY6$sp2dqN>FgOUD}34 zjsCH?-2ekNtqn8uP+`UXtelOf4xz?bR^13i-dpf`WHtTIB@jbf*t)q}+(JVL1JJP8p8u zzDR_C(1YGoa~#MC-9~dB!AdJKh3l2}^#3kydk5eV+*P2Tr*0YyPj!n@~mOQVgo|``QmBUer9^PD1fd3uOGo7E<1^Fxc2?@YB$)G*A{!6d znM9W_%F-_)?55c7IIb5NoP@8Qk`Hg*y1@B6;crdEGcod;$D;L(z`yxqiml3#es+9}Cw`Azz1vxq zbE-96$awt4j}fO_>++%&V%cX7m7;Grn)?_e{Hz`Yp*!&&W4D@yX2c4d?Nyt^E{~bl zWxCEOSmo->BM*u_wapIL>&3TLchEFPDXC4-J4s4|4#P^f|7<4mW2P5-yagsTA)Ct^ z0t~Mr2)4$Mvv^5DQtxDy^WR`Z(s-#vlbL$gZNpHuWcTo5llzz*V*m?Mc*M^K9|oP* zTpTZc1A6873R)Zn;+f0r{FY~8Pe@!Nk=5Whc^%A>#f{8&uh`}17IO%i3*QZ=W_pVc z9DBQVm3@g9qcrGZdpYqpMsg^ag*R2o>>sjFX>{Tx*tTM#ix>6v%WZLo;;t<=htlxI6a3O(iPSvS-HqQq zn47*@KxW;v9;K;cgWCa!BV2~da>f45e+bM0Z|XadA+A*?n0>Y0O@4}2Czd=^dZ~ZT zLQEv+#JMYc2h~Xrk0Y0Ue^CV2=;;lDm>BkuITt9~YS~uaVq5~ZA_!I^(|EqSeI1;A zKYEvKFr)BGFy6SpJ=ikK_z7ni^OIrFIHQtUN$~o@AHX%)ZTtKdrxqD3r-vEA@=FCX zS9jM=Zsp^Hhh7rC`tpjf?0`e-rvx#Tkzv?Zz-tmL$aza!)aF0G>&~sKQAG(7Bsr_r zluyI>h|~X3pOeXFP>+ZwEk5xujV@mw2WI#wf6Dk3$5IDu1i1@WA>IvU^XM5*^cf9~ z{_pL;84u~h=e_EH-}GLFor9sH>-FrSr8yz*v+XAQy;Ruit-9S>f@XHVf(ZdkinrfG z-V098ovs>-QXIJ(-Ey^r-Lss@?rC1x+x)SdvrWb?djDD^AXB-p9?1L#C>fu4Y*Z6J zYhSE>{9);kl|P!100Q0gH~Z#J0tPxqRl= zKksB%KbMH>F_S?_J%~2!;TZV)H%eOn;?Yz|B6dpFHTu35Zuv3E4vd@ZdQ8(fzoqR67Tx8?p>LQz@qX|>a+*P%BY*rNW(e}1Zg)iAM^I#$J?v~-@A z@t+B6_aAKwJ+HI7AV|xejIMu?S166{?hog-!xV=b(u_vlzqK~25lt4UZUIXhb-|_O zht80p5T{lXECb_896Nfijzp0Mucb$MG^=wVHQm?Ahk50@HfN?{jQfT^W~3;9P6ue= z$QDf;?Vd)b$LTI4u{O&B1wN7T#s}Q}7oXApG5W~3QKwWyGt!EqEd5RJ@>-XCBpE5nhO3LBbT zJCtng6aBL1=Gk;DYa}1vm})pSri&>B=4kB@ndkZxABj8zcMW@zo98L+2_9@r2Snzj zhevdj?Rf7goxns=ku$Nss%#GL2_#3|ndOQkr#oxd+>MBXJEY*o9~SVbEIny8udFS5 zhm9Nu=R&vepKr?8M&~D%)&br@Ix(paS!tloHV-to0NS_Ftsfn^{N7<$%K7`-L5#X@L$0;a;j#2#6L9XHI8<96H z8(e)gyfla80)mVdkuQ4iEzchLk6usMI$0d3TT&?}23|us{e`+#SjkP3)Tw_;FaS)I ziv9$nN0?p1tq?f9Mc}(^}G(>V|Ref=g@xyd-fnrK3F=e z2GRq}vcm9c45)Fa*A{Pk$Lfl9T7nJs3+H? z4?|u9nu2tp0zu9DJgJ3eW8W*+Hh93g4akSr7e$370P>|g$X_r z(i!Llm05-v%7G!wg3jmIsI@|s_UMt<&l-+lypbQBq&*KYp|8C& z;qKDU6+Z^}wWitlaHd+|C#eu-(n^r0J=I{#koOv{89mX>G_kgbdT6Q>Eeeq%<$W_^ z(fwFOXP*(~ln`uxb)dT&HR!wsE#{lDu{?7TP8OAk-07YwlGv89&N}KQzZF^;_%}Qy z1NW}ATlcr?p~5mo##C${KkNgqL#{PR8^IJimzEuG%geO_0t)X4~?@^T@$ofXYL>?jD=> zKe7D-ms$#L5#lkmd~4$5`KiPpOMPFvw7jSuQ*H(1k=Gy8h0pl#Kf8E~&z>;$ygg=i6X9Xv}5vm%#nL&q4j{F-zTF!z)&jMdin)k4h zngUigEAKWB6yGh-n|M7itmKd_O?3LyR(g-JES8ajz+B*`GeTSQzI1B$%CjHHr@T>( zE^mYCg(+RfDHSK;Cbb$$#I7&=A4U)H^JjcN&@KL6cx;rkE4=t`6@PKAPPZ<>YS@hu zarnnjagER*=bP4GqB3xh))RaxTb15WdwW}Vhc-ZQ+X{A;+N#}v$3+R^jA)J)1M>cX zY(E{C_V%-Id&uY1k;246e&t>Iz@$_G<Doc5c8m4T9acl-lXjs zy!@cIeisuG9^lA~s{>z-lmFf6n1URZxBYY3{b*G;E=7p&oMkS{Y$MK!>;4v1cU4uh zwu6N4fuSf__hWqn*|vwp@m^+#Ye7B>+PWvuFG4*Piw6537w#B#HnBQB_MgiO?SNFV z@+$gh3f~8pkyiq?zwJzio=UT}izD+>&dy&kPq@}X2vub+!^9xL-_Y8Sha3zgWV?Li zyrv~PoV#seL-r`_vbCOrP+*CcpsggNWRQ@vF2=k=n!026b=LZ4JtF!URLF)WMrP{;(&9F6yl9d0J13 zFC`G{g;v2Ac`T- ze(yodoc$0}$F#HGDK9Z%s=UC69{RCcI9?AiA+p%Gp}ueJr)ZU~uvcUZa~)?4QN~Z% z4z1`;;~wg3dkL#@Dq+=+aqhcMpyd)>_!p~96o6lG7VA|K*V4xAbse4Y(r*3es0`xQWw~<7966YU!eXxaz%8`xNK? z{wiyqx%CRsoZHiPr8;ugj@Kk(|`tWU%bC&`)pFp2|{5-ggRi+uv@*FTTi8`23%|10Qwo`D)kOS}YhF3&IN$@O1{ZK`7&r`#jJ27>C7M z;}gtELeG>gZyM0oQn#8x%UN>y{a`Z*lo>JcU3kn(Aow{@9q@cc^C!LjnPwX#Oq>C3 zmCmEgOnt==!74u$JY%{1{aLR0(_A*PUoRDRP3@(2*Zo)T@I*+o#KbVs`jak!UBEw} zQCBux_c>G@2vsI-)_p9pVtwbEY&L38Y#MVpSMlC+D>t`pvRNJoVm6walERc)vh_iA zBY%wje4$>cXW9Pd*V}WgK_ul|g^0LW%NOy!N6_wEz8x-*1!l(_xS!ewS+Y4et>k-zQaiFumOnl110A_V(q=(CL`GZ)k)(yVpqLEvkVH z0Oq~%SS#zk&SK0G5{g$e<}CSV{q1jK(^kRYsUwc9G2uJ4UNW$Tx8aa85ZIG6|?L+-1Sdr;tC;-gTCS&qY4$^#nd zDDyMhZ2M)Ot0Ky5l6-A;{$V(*^7IbCxNv5OtLq{fN%Uzxo3knQy}c>^2?>`Qc|i!i z0B&@$k2(hLuf5=TOoGrSo?TWnxVOFQ;TBE)QnVQSS3xPv-a)?Fb_7q{PvxcI#!*T= zZ3~5J7DU3f0h@oT;yLxPd<1!|c)DM)_{x202R>ENMUQ!}q|I?56I*ohh!T2+F%sdZ z>Ao`rY_dwd<3}Oc%$!s>xuoj{5C^wOFBzLf2B z8#Y}Rc%FJCjdk6isoPA!Eyu{5r+5>KL%35kSsVjWc#ZpSvR~1*!Wy+?qfpPPqu)|v zf(Ez~dnn5LaLjcYO)-WR{iwZdQaHhRuJ9bWfDNgb?p9LzN0H)VlCR6z%3wvl4a>!= zCGCI*2PF@Cv}Akx>#@@pr0f56yg75rA58=hD-7M7%pY-l@j`qgUd-v5msS+q#@r0} zS!1iE4-sU%p#@W9Gm+@l_9|&Rd0WC7ty=&F#u{${Gb$KfHd(LQh66t$BLT(=dH21o zC3fk7G%nEyKkUMKWFkGY#v!dlslvr!d+{Gc_oazrprDAVA$#Bpf_FC`OnW6uno%0Q zr@tCj?@$rfnx$QjvxB`Qk4;+awl}s8xe1(pPv{W7SFthZ986x{OzicS%Ul+$)C$?i z+YmfH5DGnG2ZL1T4HYEck&cl+rK#C~2wGdRH=l-Z|V>`tr zx<0`BE%G~%arh@aTKb5C@Tq~Wptrca4ojWdv877H8Q9~fb5S6v`Sfdq>+}JNWacx< z=gC*d?pVK_TY8e#=|x;`o(KqfXd3KJpN(WJyT9%dqZVJCE}}S_;i&g+6UVZ zhK!Wm_#s3Mpf0N4El^KaXVFWL8&IH&1vs+eXD%dCMw3wy${kTR39$XgC(Y|9hXWr_ zz>VLP;tMd`qH`WU1SDI*pX6pQGXec+lp^C z&p7NJJwa2@=t|ks8QnYm^5&V)pO6IElaQ>Z_#+itNs zjx2rOmK=v-Rl?R~_16R?Ua>+<-OpQz+?7I5UdTM9gM|L39Hjwq(JSt92HP7*Q}%HM z;ByqKyUMZJ(E-FAS6DUj2gy%J*$KqM=2p%oROf0(-hsq0@i5;d_0#(}=Jg*3$EZ9@6L! zO-H#lC1^dw+T78sNp_dt|9*TZI>P17@?|m@@lTJBw$wYLl^o($Lu2~cRcDlAA84c? z)6tY=HT`f;x{Q?#$TIOx^@a4j%W=~>D~}NuMA=$MxvKy;8bqMBD&=NLz7i%}{h`L@ zZsPXy$R(BzCN!{Sw5DC8 z!KFQJSkZSd|J{eFo4r*)(n?)>d!%FHYkDfo8O$!S7t3`dhkSMK1LqaUW8))_a+}xj zpaFo{lzfE9w4KbM7huuCWeM$G(3|zVw zZp-XKIoVOX9$U!}0iE|u<>N@DcK7}LzM=C zQkRTso8fS{e-xhMelOq?SH|MwmZkw;!0j(?ntmc74cO#Ie163=P`VDZWv&11^s^*< zC7KmdAbcxLQ}5d#VvkI;;wAbR^9$nBfwoQdg?6?JYP)+m#(0loWye~sgG z6hF=~J4RM|PYdCt2p$)PaM7jM9`ESV!)9uG{-$FC(DQ^jxEVUbc%Mav5xdUq1%qa6 zBWfu;rqk?HK{fxRCb(N`v+*-3oHki>9ihF!c6fa(ByH#(A=M{ONCiz3!pul>oCwPj zN=tj-WR-n)*cQuMet9h z2&2P52gJKwx(VV}lK9x$?FoLAG@$BHxsVf}FXQjUJR(eLdUWpG2w>%P#MFn{gkEIe zN-`INHd9GkFK@~d=dK9?ug8CoHvw_l(+WQA`il#DH~&(+F6-(Ib+5k2?5Rb$d82PX zV>=GsyqX!5-kYyS`{MQ%qo|=PwavJq1`*Gqq0}QIk(Gn1b)GK!qZCi{V$nmf6@#Nk z2nFSZCfR0wrzc-wOC|S0a5e}>$(cp-m*m^NdM%&)66h(ZYQG|U@}Ad^(;TdXLgI1! znTJ?PQ`fcSTd=YM#{CuD!1b1u(w=g~*7z;G?sLy;MW*PsAN~}#DJAqVt0 zFh;1sC~U=u3=SPO_%!UUDIc^vIPXgt#-m*FR_2iFcc#nlc$+RFpVtm@-^{+}_7czfko8x)F>a|etOG7uLb7qQf5b&wqmg3YLXh-k!J%#la zdoW}WB$VM1P`x-s1j zr1+|WKTp)TNNJPx4t(E?x|wu09(I-6X7bL}q%(=fj`s|___?LG_YWZEZ8Pz7_xt}aXI~-Q56ZAcXVVRv2`LSQ#R#qoxG>?==a|7+H5%P_;h)26$ZharGBp`y z141-B(e*Yp&dL-VtwAJ$k0-XjiU&+K{@^3#2!f!$vzNM^G3Y^iNV>aMA{pG1vKa@d zvKcEFP4SLAR3!;dsHi{jzlAra-;O1QTHV>5UKzW8Q{Ggk!Mhw~s4L_wwfJ@`MG=7S zZ;1zJ`yIyM%jn%}yx2TkMT!tR!H{yLV*mkADoKucqK9?4+AZNOK2Szkx2S)|YjMG& z$$aT@%n{5KhifTM-%dE|D$N{1I*8W~++22g$#Rv#Xi?!Yya6 zLN2OV{?-~mydvz?66L$F_^TYkQJhp-*(cAtGIo7Ld?%6HCUs9psakC84EQ;JK?${( zj-BF>T4*T==ZO0*#dZ>IZ^39Dr65j4Q9Fsc*xf89XpHPx62PQtfoZC4sP!ah+Ns*< zz>fUTulRm`?Mp=3vd{=2ctk5h5Jx}u%MQ=WPZNX-=T?vw9XXb>Is~bsrt5&Uo}=pY zv?UXPYu@(*@J6_xxH>}6+Sl)PfRXyhLvUT!5a>;>_xkH@QpmqW(9fz_qkF$&r=?(` zXp;lSk|95JyEj9%yydbll5h9lM!6&|dpNrv1m^vEyj%x%5d)<^m6LW{5^WpAqi*gNNWW_FF;QkthDS3qHeowM_eNuex||Q(olK!uUIW8f}r5|D0+K7m;F*tMt#XVA#^&=I}ja(trQjv2nBPP_f<5H zGW+9O-a#SfJnQ;={Sd3~#(CX6Tt6xR@&M2@BaJ!S2z0a!(?Xh z3C{I3#777poykwWdz(l#a<*AWI4A#^#pE$3ufg+>h4uB*C!XPj^xcJye<4Xl*qEq? z(TPcuO-aNfW$yq{=23D5hF;qvs8-0{RQWYVh0rTQlg5XBl4_*?-gEPOOMd#P`0mbR zl7pUcyD5OgS*IHLM!3r$z+h(dKh++TUE9J_EQXWN3=88OVhr+4kIo?a()@f$sZB?M zN|J6~Q;+`zo4N&Mh?*j<&-vYkF`F6RufME5zvitM98K{`cOM?RC8k#U*0g@_c2m09 z5v_kEZB*89fSO-RN>O;e&Sir>7O+CsuO_mOzLJ?9TO>7PnHy}{=3T^>NuPWrZv_}; zE{>!>=voW~`V|j=>OPp5xEnreNuGv>tfsr~4=^4_b%xQW(F~VYtQ8r4Ef23MEhlF9 z(h=CJ3HT>l9&H);%K&B9w-k#AsEJ5ir3Mn{{>_vbcIb)(v>=Od!i*g!a zRVjFnKcOnVf#7~W>6ZD|2f5lIz!{=*ya+(W$uvA2_Acy~4_v{DathD3ILk`8IGc}CAwK|ci7@`7nx7>;Xx!so9qDL(Uy$= z)1Nz$;7dJc>ZRAm)Z=kAj#*hW>7_A!=3jplsZHde{*pS42eWXzIvbtsA@PmZlJNcm zkio_pcJ?h~NoXO%AcQx<^X6B#JUN36gUrJiC4dOg5Fhg z%O7?PQ-0sihH5KKA=`eeP%)F$M0R~K>?<;S%7ppoy-_$s)_7X8{=fH0|M@m?y(LUU zP&Cnr9Hpyp`ebo4(Rj`qd!;nAly_&M9ygCJHFsYnKt>#T)o!eXX+Hj0#-v9UZwgHF z*-ENE#`}EDpGlk8qiDna6U!V`RfsQ_>bm>4GuqQIe6-)HWO@AUl>OOqv!Ntd3K6hO zKcdQS#Yz9m)0TV-+Y#O1(Nf8+3o0{I>N;R8*W9EAGTTL%r9Gg>XPDWz`fyfiu}#3G zl%bRC2$hd3=!IoSQ}Y55g%A0R}6m*AriL%Ec;*S_|vb~QJ}O;Szz z20oIxoeZ<@w_5E(y3ZE@YB%shKKaeiP!oDp?TgEKwgjz5Db{a@Q!c?T><;#2JU+s{ zT%8u|u>v`VW!J+|)eDBQEz=}cckVQ@SJb+UjD$w;IK8}XKJqf0DSCh_=`UVtQm}hJ ze2>|#2}-g&KtoLn9k8GD|Kwgbd%XN8=3`U8WVf^3a==7Y&zE&d-&#X~7GjuP>_VZb z+reAiv)jMzKG3AB0IO;%etVVGq#a=geTY@Pw!PoKo&~d}7P2cC>B0AO;}#*)UN(f3 zmk``w_MbBVswdq7S&xtrv8>GlZ59-Quuk8PLS%_r!eOuJQa^ZohCg@(5bL}$xEgrT z*CZ77;G6Zg%r>B56&T)msZhKfC`2b|kWAKmG>CQy6GB*Hx6O53483>57SWWl1@apu zL|6lFBoDWgN<(g{Q^5(c6(c|CGVbQCLI0kF7y-3_3VOZ{9!BQb-#*W`y|P?R>||gk zed;+9qv>X~wYaVz_;18p#FG#onM;CBC#D<<2|?F>k&8s@`?#qo@X|umSChHe5ug zA`f_zo|xK%=QiJEj@bnT%I_`w)r{2z_Izo``^$+G;g#KV*-yVPbEkL&mlKO~=BdBP@V%J~#uDSoG^TAIn3 zLad3=9AvTGjBfJm2M?rB&fm2RiP#;VlXkR=O-X}_jIG{G)fD*eyjk$=p7g>w_oAls zY~|HCU-dTJ_wWa*%Zh#{D7{`4kPh+Dm3u2QKJeC^KGj#n-4~$(ZJX1?cI*>*SZ!=9 z0Lt5j@NM}h^dR2NR2>s89dcSrAdvgz+_m(yQ$0!#dQhBXp~6^;kW^#~znrenX|4Txd2mvVdY1hTM2 zTAD%N$W<}yQB5ba8^l7tsbXwee%y<^O;em<{Ym1<(v)@px82D z*zS&7qs_O6>BG3hrYgo+RICb#GM>QQUEp@}1`k8XGfH-h41&ei%)XbAKwXy+nMUPd zYV6SzJvlm8QFso63Vmf6YR1anY#&n0Em%@Gy~2%6`g}!tE*- z^GI%6!F(NIB~&*twyCgQ0(1r*(Qz65ieAsN)Sd2aD|E@1mmy<2>-A}-)Ib(T-7GSL z=^CHcmmE|X%+}DOb%s1UEk}RZv{#U2^L1N|20D5?b(V;_Y0s97vSLXekn(h6XDu1J z%9=;=6)7~Q52dcjIvRBS#Fp8h`w%7j8OV|#b>ZO;TL2tK$w>?fV&_>rZr*J%FZ&T| zN=U>IJkgh_tm`DilTQcQOJIs-L0LigI!GLifpvbZ~SYI zv*u)Ey+qZrQKo{+MBQGWey;Sqsiuf`E9yAl36mh zw!N7W6JGN`dH2pxBtm>I6crVG{g>J2_7Jt59l7szvyZH=7y>DH(t~G&YZfq_8I!k; z^X%`FfEUQCTYk^;p^s}tFQM?>u83Y z%Hy4Fl`CG7@hz-d0^>B*+n#{gIC2x0V#K@=E)dj&LsTPn-f(IYZ1&Oq4F+`;}+~AI3Pw1Y@g5HwJVv0FfM`?GgDUSa{cN zViQw?v#7BByju2!SdjW}I`)aG3I{X_1CV0LKj)nEz5_SuY0 z`r4|L*SYuNg7f_yc%;xH4)-qSA1K7J=q}vwT66K?>Xm2qt1pSp1@JgsnWouGUvSjYa43HCm4{10`^K1gOIx9Kw=VDITzs)t_`c)bX2XpQZ_AbUSA*GvmU@R3ZHV@LIJB<(x|D8bb;(u^ z7P88E$EOSNPtK?nl6ed@K8SI?bN_Qu0a-0Lv=*DS`S@XH2^+4?y`E?h(_xw{z7Eo& z(;+V&_l&rFyiAC+L9VCcZ?JQiq!)(wZ**0pg5*kuU58CL$9m;(`5v|)KLpIkSFot^ zO|O={g09d6)sd>=^fu)k5~5u)scZF1_IKr~Z4A$`q_MBmu&eik5}N2FY)RgI5$`7v z2Gn4Gj`J^M+r02PZshjv?>f6xweT8vk@evmby%E(wpYWv3V^fxZr7|7_x}B)Tz^B# z>AYEE&Xxr%cwZzha($(I@AQ)i8aKMgY~(g5FYOvF;z>8IGW^PQY-bg_m}0*Z)9i19 z^Y=yebJ3tfM70DOhRm1B2(ed|$5Aiv%r6Ni|A>FRF%%fw-njaOF?EpDFZOWNPCE4v zZpPkhqwb3|Z2j?f-tZn=IAFc_rAVZZDBQx75W*U^CBNmlducCWztH2JK=El#_vCS|&Eu$N56BjPl zBKGZ7Qj}Sya^s3*=!N%_AV+q*x7{3F4(%cR<6m|eN&uCp-o28b?+NdH2&cL~R~ABT zJ~j6NQnhLDZT~&^Q?%(ZCP^-J=YHGK7 zVK>eaRkw0|TrY~My5bk4ay!Gx;~Es?YsJ1_6dzPx1lko07!o|}uYFJX z*f~blipkjsK!h>7fr6Yz$7Ak?eaa#bcE|EDzVjo*JnW7W^$)6eQ#nTH+yCT(_Vh#AMTRtozXK*hqEK>n3 zM|in+gOWzOn$FUqFfX|KQgef-w`0_&Q+{8+svXz4+pI)xM&AA|_4HlOABuH(!{Hkz ztxz6Ze77fInjo5EHLp^?*t1)$si0)+J^ZC=di-YXD047=XIs zW6$+Eik`tMH)w)q0;G7l^I;We=a>FwW`be=-)2;lAOKR{%PYEs=@+W_eue|*4_rhk z9YKKkmBFEjP=(>rpS;OW(Kt#MP28!dWj`qnjaA!E+-xg}&GhvdyXjN4JcY}j2|bIt zN7YU9q(EZ#^yUol6j{6ESv0jOSKuly;`{+F<$h1O=EJv3z>&V_BD*%`EJ3E=_}!t& zGFkR_CB;8K5^V~vXug2UR|tMSx7fEyLQN8wsB#id~R$8Zu+Shg{<-tg9YSvj08qrf-unPvu0~4N$|vJ zG?48NG-of3`;Thzw1gsB{3+|=ACc*B{&0$Sv7ssVxios$6vu6 zDpgnC#m&mwI|t+!gNEUAy$1aU!=pF86;7~)52o$%zrlxR$JlRQzyHt`^#Ck0LDOp+ zP7|0L0?R{=$vl1j3TagISOqbD5n4J^_qnU=5$yPmfOs0WJUC|9ZrR?e%JAtZ0Hzr7 z-B7tBWu}ePSJ?pB=cq&Z_&Hxx(Weo-quQF^KZYq-KzSWYYv91Z^`Wkigwgv+; z+WeRxw;?q&x6S16zG0xS+Ojl6Ej@>E^v1~9B&pA-B(_d-UL8Gi#k|aayf0Hu1YI7< zw0xa-_5oDB@;Qta4wj>m%BczeG&OUhPjr*@$wUENWaF}vGpS^50_;ibSE@BaVkXKu zDa#*IYY3+_{VY`xIjrr|74ARI>IpA<0ltXeNv^Kbovs}HeOm4Keb-bJ@DILM(!e`U zCp3T1)V*Z6+H)5JY2Oamo+R`zxYQ+*q?^MH$LVZ0;fm~C$V6FK2Y&3&y?1&+*SpLO zm8pO^q@=k$o)5fUNm<^9Q1q7!yF9~f6mQcRzf!k&s|b43KDI7zT#V707CISc8&#uH zc>iS*Y8yQ*d!vtg-?TUPbu{a8GFT}8u{UZo!ioEKa&HU9^s!yOuI|0k#Ou?SX+6+i z@^{U=4sO(~*&iuv>zO^e?PB8~ubD`JJ|PqB@v*O8k^t}4yYvZ^N0)Uw%kgp<344}O zd~(?avo=f@_}>Sh{tsR68PsGKwg0975kZ2Y6sZb=N(Yr*EEGirK{^DKsz{R-YJ!01 zL+?@yASg(SfPz3E0i^fdB%yZ*B@jp;oILNDGxI<1bI$CU%p@N&bAPz^-s@VwbzS_W zzJLGIx{(QB!&H483+w!4`U$$|Pr<{~MFk%zwo+s%q@fc*?y!nz#r=cyip<9;s!Cid@2d5av0oYwEEy1BT2 z#a@I&hsn~@>GnPoZ)!*DaNBZO6~YbK?nsSRz~D=xZgV_@2?Pb?9z{$4>PPde^vlxu z%lm0LD~~djSw%L>Xk0GK#jn@539qf`-!ZJUAQUdm;^pieyyvy{tKiA6H*u`ikBr&u z1nmU!;F9F8Yf?N@i1}o2Ydnxmscc?OH06<$!^qm-qdIjE;C#Ey|+TKHEP~%7deCMEpF(C-VvM z0*WYBez4_Xg{P6!(EPS+c+r$?a~y-Je}kpNqH*p1s12HmI3=E5OYA#v(4X%RJ*T@z z@|yM@a^#JQ6x?h$*mw8QldgZW%7kN#XIM#>$}Ra!;DAm|aNGdo$g7@zVl{tdMF}7S z`o^Yz#`W1v^-H#AKYMSKGZvOVLGErn_I{Vn5n=ZpxdgSpVlptgvdrp_hi`$tCNr9S zx4{zE13nnY}Po1$<+Fx4_Gv{N{&5#V<7oTf+%$$oZspHrR9Q`TCO|~u5;l4QD6CVUf zIBWPFlCC1EXQRcf*<3YMhIF@q0;1yp(noI0HZ0xczc45{f zW$Y~e`sEoT^t=L+U8z;tuJm;9Xn#5VS@nIhw;k8&_WCri5^LXWi&Y25j(@R@jg-Dw zR5Y#jqV`AKdr_Qx$;2#|SJ~TnK;gxRbjQKPdsTI<_p5pvcXv^~h?>Pz@c{`dqewp< zs{h_(wgyY|#<{hrRJJi%YHaM{>Ce*P(~UhX$c|S^is|Z|zs_M>MpLeY;MbXwou5qk zvqEZL)j|XV@~6m|gw0fQ$C|;6Nr)J}ZRH)dh66a?(0+>9p-lU>@z?Q!20_Sz7_y3g zl4C2KB4T$gmPAG2`d1T|8def?rCW))5=~d92K&FidP_K9A`S0qQT!u~tyvUAEe+QihqJV~uZvwt|W*vR=+w#~Fn8>vZNzu#R zHpM=|?yd9V%Ok`oYDQI05>D~q7g3V45vwJ%n_++JVb3S|LxkFXN!lk$<#fgcL>Fv5 zw45UTUd!41fdA}2kJ;-L5A2Ei$X1j$YU5+TyVCzeVS4zpXDiS2KjLNM`}_Nsg3CSV zlQ?KCh}MhTu#{+Y3+SL8tz7tcaY(@{?1P!=NFO~#ZjkFF9{p@y^FIqGK94hFL>g~~ zHMdn_JH)cDqN4BB?DK+Q=0g^1t)bPTkf59~=-*ShEX-~5-S=z1WPzGjm^kp9tekng z#mu6p8=ThEhq40o&WDMoJr5{-g?(N2$;s5i;gy({(AT;_w@U*g{cWBEpZHTkU%!7X zQrq6OYKv$%K+NOT+d>s6UiIAs@OvMD6MZ!Y{fUA{42jFxP+Pf8@9Ajy$Aq3+UVual zVW=)rprHs;ta{R|$vqM3$2B_`NN#LU5CT|8*fzIt!OUU_=kr2{v|Vf5>}mCS*`iXw zzpdDw^O~y^09ch0r>XcIZ~a&)I~(1sUn!O)*^1JP8G*Vrd! z$K(N+#B;Hq*?En5Ypb!H4zhY8$i8@tIIa7;M{wN{)sB)bf8aNOG%ec;1m)yD+dQvs zeW<2~oCh%krnL*kJ<^n>boezGaT@gSX;S~$&QC*n4S}cRMLC#0@Jt8lx}#*(OiX|b z;2(SWS{N!I=^&;m&ZiWbyS6*-%nZY-qpTuQ5tz*f9A$;YUX5wbW7&kbJpAetN zrAR7di9-xphMrq27G^KkevrV4E&>ptx=~J0U+PPjFs*xlVvW2GN!4pP{cG~wibmu=N%{;I z*9mzS6{$1#jUiOBL`p2*{4=!GS)bUgj+arykWCjx+m;9x+FthC`eVP7ec{+pA55Q) z7E8+z*0f6ajBp}PR3BnhZ+c`PAuQx%eQR^)2O3{P?1lqgxQxFYXe_H=$~f=Oj}b>w z8G$0=2{E~^q9U&1rG-5fQ$1z+{(A29OrP+q<7@8!b9Uq=F?0p5#t94W7H{>J>A5{- zHBCww!G{=sw!Y4CAF!agu=9k}b(KrboE%mVW}g-^u29=+S+9I(JE>O{ql0Ekba61@ z7je4!bOQ9?NV*`56lYaLfE{@E(+)a;G>hnRvn6M*u(zu@2mJmE3Dfi<7(d8)47oSv z^o91EJ}71CV}Nk$J(S|3QB^1_d3An&?1HVF-AJ{`{B%pl0ywU-%!ga8OS zI&_N-BggifKfs~JVr{1-R9XFiqqH?`VAL9CBl=xI`cUNyQC5Pvc&yOV*2-(<((24_ zx5wgGPg_<+0|#H$#0K?;OajmF(?G_ZD-!yWn^gp&z4@@x&Yu$@UB&^`Q}`m;2pNIA zkk(rKmah6p!TbS_a;LEMed^QMY)bhmN;7OTJ~iR5Pq2N6hN(L+Y+Kt8ja#S}!N3=& z$J1O8hVd7BJ$mqYbnq#)B`~!BPh?Zfq0$S{NZd#4Rf3&P`3w%=qnFgYQz2 zSiqf`OT?y4jlJ}(1;lY4^$o_8d@>8I`!!~RO+KwhBkEPQKM2=446*?RT!9jRDji2G zwKUPUZXxp;EJ5`u;wUNGTSE_@O*^Qb9t4W}zmWR1Q88^Z7mBgO$ffn}Oas@pFCKOY zpD+EnR`j)0<7rJXy56^%nuh(mA7R7A0B0iYAeUy}{MBB&-*K`=8)6b#Gt`qb))ayL zIApM0O!1q1RdC7Ol8Q@$0tOKvQ4m`iEMV2}hRnxhl#Ax`)h*_Jw1iOXu9c1dVhT&U zk0&yi9N}Z_kYaq6oxx-7E6XsWP=boB>NDzi-x5d{2aM8gFhw_wyN z+s0?qd!ld)*0}4;Ww0yALwGdF`l(h0dEB7Bo5c?PZ+C5ObeF~YONyxN8mzVCsq z3m#_@lB=xG_YLU>9X3yAbYT0cvD4ORfjUmIxU!vmtSI0%f5z?IJ>qcrQKb5F`%mQE z)G2ox+zcocu_!)$9&v1E-rp!*gMdjq;axs8=Fis$j8@9IC)|bA;VhJO{Z?4Mgq`+g z*`huC+gWAyNkjV5W1Q_->zC8ZlnYg(_)L2Ez|IZVRoZXkFu+wPA7 z{V<<+)X51EA-y;t&7#PT2fm*!egIjYOI(-t%jQlm{$n{lcYc4+&LIZMU$S3K_-`*< zfdf)B;+RGH9?~A0)MS|(1O9iRRUk|fOVSguvJdwX8R@aV^xyIpHHXjx72l?v`QVrM z04oPzNhn*m4%b_*{!bn)eFr*+FFxp8iuaVbczv5|rlQRhYjKZ5kXnuPac9xo*%v(4 zOavWB@S-s`jI4MGz#t#+@>8YR@VWFuIN+}B(i7l(IP7Fr8ey(^86X=ci#wO&G>J6S z`x;G#`~{Ifx9|deKfcZzANL~pppc6eGPov3=Jn`11jkIbMz|#Ek`P1tPQp0_3Ba%T z%9#yH>7Yu|wor*J6yP`8(BQUpoO@-*%1Xpm?gy{!&sR8mWJdqUnz?k&#hm>8SVZM4Vw^c(m4Ct{+_mY&TS!#`DWS0Fmlk#Li1^B^F3iLxdW`hM)r;I$j}t zZO7$U|3noEe2j4dmIlw#6WEl!A|Zg!Q}g@XLr~|UbE+z#Xw{PqF!Vtg?ERJ`Zw~Jd z@Gz(Z#$n55z&I|Kia90;3R$7SnaN+D&PeBQX)^p6mI9myFpn?7+vBfXTc}l=KR)3;GL>b&3o6n}L4frr{=wSG&K3}F6hTTen77$oIR2aeX@wKf^f!1a>Kr{pP#Z$f(aw32*8 zqAMA>=xDZ@fYLA9xdUWQ8srbdMuuSj?v8=A=>8|ma043|!0P2!;&bMhyGzCH_MWYL z3B35OB`#$bJmnFv-sfU_Vf(qp6}(O>nr0L%GkJAScasyK{OG~Nq_BgL}~>Obgf zM@O6^z4-V*B*#nh-!8RXY6?cFUDME=E#SKd@2Zvi zfnW0~>y@4Hh02Gs(Ur7;yOi(NQ`%)KGi$|Y^`@{IZ74TF+01PG{{zs18_~~3L`TE- zPb11h|EYwxO=bYdul)>4mpv23>)XH&MKkg>3fVmzQjyGl4BQxLqyVwG8p1a&p6jF# z2brnaDVjda6O zz!(nv_G=&{-?Yt(&qK6CVut>#3Q$M?O{KHlOjWN`npi4sxDvlazV#}hjY)?kF|lX9 zsdy;NAfM8Jl>varCL`Gum zmUKi6fgT5c;h|kBW{}m}{1@3WrL0oQH%IPPpxJEY`AI4_`TvNq+zNNn=>$m$S2Sjh zW4>5l1(=cUN)3N?t+%a;5S)zNZo10)s;!hQb!`&ye;+FU=coHkHWK1t{rB48|Btt% zUy<&>YAg6m`@roT&spxX#u?XJPdh|EV*ts~L=MRIU5=-uIpx7bu`%Qq48WgSDnL}8 zY2lfGR$tykp8@=Mp!rn{R6<+NK7IaJ!3mjqRz}g3$(G4>uMzpEQ(XlXs<7uAwVc`C zGe+Kcwx&+doRPRmjaVWdATMfk!}7(Mo-^G9#wV{gsDf#!70DP)*d__$e0Olw;fbZ@ zhpaw!^!PM~KtL;?-X%Y~d9Ggcv1DII?In=(EL7x8Wqhv_QxL=J9sp$!8F) zfrV@a_5sY^4Rzfq872(Uth-H!elq-lRL+q1%Ty(h}h%sOY{$BX7i z<4z7^A;Ywhs@P(}nmIa#Ob{e4E(2}je3BkdN=MN#zu0LRs+RF6pT^08(e%570(ZKf zvSM{(oBF70?P6*KA}SJ{9T&Y81>)?!dd5G(R3}Z0Z*M3;qc--~LL~ItN3rF3p5>d? zDs(2LS`+YmHgof{UO}>Ww@ibvQVA~ThREqOKYx~oCQ9rHbs;y+IRVbC7YAW+5;ULp zH=nczemn__gj_Fy;ns4B;}{OJl>IvoANbzw56oN8)#xPbB~z$ z(SDrCIbD?ojq3BH*GtGn$_ss0FE(>k;ay5Ul1mA85ucJZPtyn%Ap;DR+gSt=5|3s! zd#R%#b(0SuJ9+}kVLm?)8mkYa+nXTBlAn5_iAZ(Od;(@)ztB&h74yC$VRtR)x*9(N zr)kmt&9R0aUi(~VFvV%f4_8*PV!{}6vIdQtDGI|R0mnJx-teTS6jbTdP`=j3{!fK< zi(X~@pNn2`kr0dZ6{?ax|EbV4=W&@4U?9K%_|R^f2!rPcvUcvjL_)_|FfTqpyuXNL z!{0LKn%p%7TyyRe$m){(ZOeQ&(3F*irB3v93RG#%x`1%ky{bchwClHYbt(1Fgt?TC zSaV4~`Qvq<2K>p^O~W?Tp%Q~F#F!6rzG{AG%y-o_@B0dkVr>5rDJA2%lY76e3#=YC z2p70|3g%&to2^N7+=3%|IoQdrJK^Bl^h~Ph`}2%7$sXOz1)cHH zS+*KewKm4Hv(y~Nc)>AXYNML+Ih*z~+)py6u!4#5>?}Xa=_|2qh~k>5nK>#Lvy0R} zJdGl)KMy{qYe`ADbGRP~&;YH`92=ltUi@~wBoag@@!29;dD6jA~{5?Q+&oG zE^BhyTO~wXm^vYx`VgbHHj@ncEn6x%vrTkQyI=zkS-R`49@j`?%mEaCb48Ycr| zjDx-asWRs2n;C-5^APvb+U z-XpK3VFJ&DU+hZmL9D)<+d=}{?w7A&_Mv|#*T)nG8|5pYZ~4&_acMa+bIY4&jQmy# zdqnEIv1``X?{61A2@DDD0|@kNn;FBjTgDLnA?T_&{IUM9rBA%TR8(fQ8vnv8_kqZO zP;A-Git)DtNv=L`<-+Xy^3cIwF#hLN5hBKrwq@?0wf~#)xeURx@@<#O_qMZ8KN+0p z@+AF~eDXgp6pl9n>>3-G7yZDc%`yf21VShhCQ#JwC~3wO>CE1TY7C#FUmFZnp%(7D z^cW(O)1ytl=;xBQx$o=`u3!2>atYit2Bi9c4yFZW-b@0x#~4LwB^^$#!P1A?eq*0C z6>VjBbgZ`t6UBD=r)6!sM}YYz=VZJL?%i|G3N|}U{?W*bSP-7(2O_?);$&1`z=%8m zsAj<>#X%utll@UCK3>($zZJ%Zu8f*%A>#q83Xoeja9V>C)feJ(v(_ejJ3opoZD3aq z!!z(#QAv7?@f4RysN&8J!*$bENM+<|=Y)GQ7f~44{*+BO*bJEzqp|a`B5jc$DD~}8 zHu3DZuj@hk@SXk6sNN{2Ilc2V^~~CS&j};{;-8DuiAqvzGWiXF7a!G-*U4oX(#Dy< zjFT4fX+(aE^*;rp zDL~q;K&N^)CNssTx%=$1Vtq}8lX>QIL2p&dbThZ=i1;$JG|O3E{MQv>>A#ZiT}Sx0 z_fF;p{t_h-gy3eK*G-Rs@7G_xyV=F5QIZ(^T!XuTWuRpG^h|r84etK#1EvAf3n9l| z1I@-soc;bThxVb2iQi(2clnY+^Jt`kt%~->m*(Rh)`$1Vy1T;(EL5mXlI-&AY2>ij z11jT=;)wz2Xe^R{bUKC7@e0T~B$}JIh$cmar{JmdCLG(xtfaK>gQNGq=wTk6#Ke|$ zn}rAg$j}P+L$4d;?FA*VD{UGA&>4tfY(w7F%mhK?(b$Cx0SE2#o96i*_DdOI^uesH z`@m|QjOxL@NO||irE%Wk{=z@=Tw2YrPe(g!NABAG*zO~>H!<06{s8iq1o4%G?e6-X z8r<8u!kfS8nC?tWBM^0&;}Y0f;-2)BNNd06E5)D*rk@OSgzpa9 z!UXvku@r5V0O?Ui(%f;TR8N8JW-Q(`&l48SsvEx3A=E8lpp*dX%$4x{#2fR2$m>W^YFrszHssRBdqF4; z#Mu~7z~*PQj|86n=7tt(0d{2=(9l-Zl9CccM&w4Ve>FlY8nGY@`GLcMRz5b4rdjFm<<-pEQHu)xP=%#B;u(T zw>t!9IA8I4@aQf=&n#Yce-Ic23Ike9o_hd(N#5U2F&KzywKTSY3l-_q0a279K3J6I z+*-<^g}+MCG5$tqUH15!E_m?M5!c@|IEbj8rZfRDo=Lf`Z($z2`I@ zO*)}MzGZ4?lBLO0=rw3RR#=u6d(%B>c7r(8=}g)CT@3kk*8!VOa~)5YW4l3- zmv;~Q38xK!2Kj5Je`Z_U=Ob*Iwf1}oBDTtL)5Y_pPXzqO^7^#3$LKSd^9pvzPU(%` zc7DMmn|9LBRch3=i#`)kD)W@CWPh(#kR+elX-^*lhDjWo_Glg)8v^0$4q{f+kBmg? zCA^-rnq@-c3h0=pW`(i0m7*_FVJ^3?+Kjq#L+&8y+G+Ykc82Np9CKLEBTUO_yg!mm z&X_Q*>$PmMWZ8)g9|;i=aCaNSYNY>n^SG1PfK$A1!sqkV2ztb+}fA z_zRVtpO!|CymX1l3(W;t!}?qdH9 z*B>%qLWD~}7-v-fUEGhVmFk8^=-_z^NLzD!)y@B&g)lC*$MFU#((X$9Plkd%9d46$ zx4se}m^hZPpycsBhsVybO8C^YNyOXWqM2bv-6Nk_=<+UWr{Cu^Cif@cmS z14I$`z8@(b%ql1b_l!|3HLe!u@~FT52Pi5SiGIHpY0+cZ`x(=@`&tRT;OD^$dx%dx z81Y1A9R&)5g47p+7lt0rZgLN{>*mSM1MHGUmf`INS1{>HkQLJ5d|c~w_%ipUTVq!D zo2VVy+-U8zj`2@X(P>I0mnqt5G-GRhei7TpOKqmcG-tVAHLq?(`+w|O01#lsy`$x2 zi^EDT9uv2%-ID_LqStEg#J=8=C(HZ=LNP2dXBsYl2~)iXU=m)nC2g1M2!4F_gD_5g z>(H0tQMQDAttns~aI!hlc)`N!jYe}OTWsvf{3c~(;UMKs&e~%%>h~QpvDdX0Ay0@w z-efD{6VtuK+1E&?i~mxT4uSgQH+eSETbE>hpHx|b82bK})^A0!oMFn(d|mWiCm>~? zHT^nr{#+tMHJCe5rjXLK$KE3#V_!S$wGUvIc)oMu?+fj# z43uH^I(zG`0_1P{HQN;aSHZw!+9LV;%Gwt22jF$y7sh!;rQb1Y3>SF{)bjHH7_PW{Oz$ z!K3-Vb^JMxYtI&fN5f0ih?u=jva4%#L+rm8_@uudCCC9#bIHW&`;=Xuw9oR%GNDEI zFsv9ov56(b)%q`gMkAnG%R4so{&ksj-A3Y8ID*ec(@RLX;xKnjvnKv@BTr8{l#s%v zaWK9G-m%4M1gvCQo+9c`Y16Q}4Z|dF_qf>Ep%~x>d-}4co=yP0g;;Zys-Q)tfP?(5 zJua^gBXR>A0*CrCTdrto=DXtluF6TJu}MT1z8dR5^Mh6#TO<*HZxk8z@Lpi3u8^} zC$@-yuYGs-&g2A{sTPLz(VL0nPWgeqIj8?W7_E?YSR=v1?yrX63~X2&(9M4PXu-%k zPJP!yT||sHYUcGBlzb?(e}2xPF650V7$na^3{@dw)R+p)-(m?yy`AgS-Ft{rq-=Xz z?xoYhkYi?jA02gjL0gcdGeG-k)SUmJV-4s+ZIV1n>$bfW3{Ef-P(Dh~K2Z2nxqb?ySiy<^|SAOfs zjNag5{Z_-iTe96VA4jGp7f?2T2bJWf>m+;7Hrxn%jvmT6tq?5{p%2{ zZl*!K`ka|L*vr|y&ZQyo)y32AUPatKVo@QVGD$ku>HpLzSF5Z?g;1=cLazCYsh$>N zqYYY%y7$muIOrLnN_V(q;zzugl=~JaSq4Fiu4=yMSahI|DxXW5jjISXHt=Ea{8_;0 zRv@uP{Kf0#RTHaMDTA$T0)am<2vT*iDP;e2Vrv{Lcxj$2&&{!+7qY5TT1~EAvBg8Xt)W`Pj{E#$6w9_gf1)S< zUdGcJbp96J7xOIkSN2~yH}b)HN|iqT^>q`@V4h=j1OL+APQCqh%XNVu^jaawyEygP z)N+s&05@6oB6<9%@*V%J(SFb=0 zy(}o$3xO(@%{omN1ajIX%MD6-b=m=wl3m&2`)=p+1;&AHq55w3W!)+alt5;a_blA3 z`*)rrnHD=Ca0`W8n?Rtt!x|K}$Bt1T2oEv*$bt z+bbZZM7v0j1eT52kzMc^RrvKMrbE9?<6Hu;`?YpK+JgxyLh+sec4LET5$;2Db;C1j z^nS{YUit^AGr@YN61JdsBX9o-W-6NjZKH1eYPtH+RlUZ#dUSFbpq?m6bkd;%7SkO&gP)~$b^AQR zdT*d5ez0Yy+?TG;{!(Q0^>_spNIDm{Vw28dXmXZEHWukj=p3g+c0yvx|Kns-^oWvGDKGsV$(UUqi)+ zui5g93#J;lWH;045@qVoszsQq<*S)>Qudug-tI8`(r{pX?P9|o?6Pq!eiu@ZW{T>J ze6}itw_K6E>`be74Y!;)gwRjlk1y|Dr4AtL1!9C&u779#VNIYJ$J)pjoT01-f3wMy(8GC zZcz;Ej4Y+)b%wniqy;|Vlli8~8I)sDZ{=@^DDEx{f01~;Bhsf{y~um;0On^k1Z`Nx zq%jp-i=?xdi~Zs%cN*#eKZ1**_kG5!$4-`TVR>Vv^)Ki_dnDXt{Hpi_BwdV41K|a;f|6GXyrf&@e z?x83=^#I+nOfdJ~=z9NFwD%U*y#LzG_iOF%loBGDU&@FG4vOofPv)qVDfwkZIc&Y% zxQvqNPq$n@mcMD2pxm9e)Mep>Quz9KzwmxGpFHPlv{&1td+%t7m&4~hD?h}atTJpE ztK}L$AzzyE>^rK?#D6FdtMJ+GB(Y%0>q$U`4s1>FoYZ|vMin3F*pzNR)W_u&=k)4a zWk=WDL-pN1wqpFSyo~C0v)$3aU(#DDOik_j(rcA9ckX7kF#<}YPG-M)%@9xNa9R&9 z^b_PCHg!^eSVD&wb$R?t*hvtnyMDEmw^rY^&X_swVeI*aq-%1=_}Jg&U!s+ zbbXaZw#!mfd2Se{jKuhA+1W>CpNE{_Eu&n-Kd(nObAB#I%)s7^3mY14h`DLqV_Khn zR(O{%Bd2ZbCpm^DMQAK7M}Jo2+P7#(C3bcJOw9td7V1PZy)P4VG@$YT*_1g9-JDt=1`>r zCoSEGo^q)bdzSUQI>xEw00K*^EyKv2IvE2;*X0klz>s~)83B@r5Ew58`$xi!pYL;F z>XG3Q{w#UBQ9cF}zbg<}Xh!Fmu29^dOd%a#Z4I}LJyT|+=nI=vBP5c!NGkoPPK(^QR z2OF6HaknmR=Kp7;*!CwM_m8dU1Dbg4?EE8mX+uK;DEgQ(hFzn;4i8j@5u+N1=6}dSNw~>f&f$NoirG( z=LiG?Ah{ko=ft_!zLK2-A+eNcqHnd+uY>FhQm;S4i8AumX$Hpf*U%%4BkSjM*TJys zCFe9~J8on32Wurk>Z^jMD~>&FB6hAsh()l3oa_O{k|1Uar?U0 ze6;Pb;N-owNkE)?T(@1pXY28D;nLOKtC1X)8GjXJ?-_>`dNJ{1n?N8dc;pOL!!C|V z(DZ&@(CrxS-r{nzli1*(uDCUSrB|mhK5R1@cAGjH2Rj?r6#S~mc$vp=d|=zd;^PsNd_YbhvE5w z9>z{Nol<@x&mun^A)ih(-}tH7dM=Ja&Q^p zGBMXYQ81>zaV6`{CH`ngV#C;S?eZ;;bhg)(PRja4md(Zg;>e&90soa;#)VQLmm8{Y zx4Qv3?+N-^kQ6ZTOW5}xD?;v+y1fuh2(US>KAa8D&Hq=9D%YFh_YNUKTD(00_V^a< z$MiG$dqBI<4(XAw_KL0dDXJZ*zP~19T`*R8t>obM@LkL`y@m5izUPe9JfpEb_{7%i zy_?b@DOci@(xfDlwsV%9Y`S4_*XB)qj6&LWP11eK_?FAW^$#a9ukzlrY0!8PVAhmsN8R} z@IQO%OiyEI`B}gi^qC-7U*q!$eD7JTXx4SSB*(t#FOO&mj0L=ASL*lNKV5c(9I54m zsZb!NWc~5(^i|;F*qEK8yyCLS7HDa>XNDa1*o>$Q8pXB8p~O39o!@& z(}>r*+1;w};ma9u^}KdDcKLSBFUD)HGgX<}4L^u38hXl!jtK(fH429BgT3KR55|mJ zDw#g~R&?lAr58{xB?G}hl|7wpd(1$j(L?g;My|IG>raiI203^AS{A!E5B3Vq`S?`F zP4d1}3{n-ur+i~`=Uy0)_}&)s!bG<3B3Q23PnwzM8|zO`D)qPHhxoRdfMjuKaAM?@NS*px-WXvvd)EGBBS*m^Za2Y@ z!vy*;eX7)0^mz*zJO{uS<~zn9QcfNj(%ATU@{hj`^@%NA{4{Ss#K#faQQl)rns+H(ngmO~ z8d-tU`INKcXl?BPJq03E@d;-USu)OSj{)7VCaJ5wQdvK+a!0fCHU);!kaxUiIah$a zs(*vSW~B}jJ*-)(%vCr&7C@uroanaulKW;&YVR43~LJIKj5cX$$*qqtUt zCNdl|UUjKFROCK>tqBp!ej~zPqAVZWx)Zqrs2T^jN3m(6`*oGM`?nId$&DoJg;l}a zuvy5Lw4i8A6l-qvt2D;*n)B|Aw%R_@hP5B6jfvXd!(>OtYQh9C$!s^LKyhNi3cNw2 zyy;yauk;}qTjy0Na}L0|VIo#jq&!}i^8UE}IF$1vW|*Qq*!c6~dDv7NCy!Hw6YEN< zSAYZURxcjd;rwLTyhPBud`&R;?bD~KTq)Pk%aYSq>%52mK8gIBm*%6d#d5i$p4ypT zy;iw=Wdd^ex*1E`M_0f>wl2phtK&@{n=ATTL*9EgU;Ri4`j$7TrT?o%ZPVuoKYo8@ z`QGeicBSI^4<*F;%%2VnBh8_N0OdK_>2|2r;{_*~)jUS1@Xia5FJm5MR<_B@1+`4o z$fq&IwKn%F2?pkEDX{p+XB~fjZ>jnRk_N&x1rOcIqV5l?BuYH6g%z{i?E8D-y!5bb z-f+}Lk`Ub}+z_Sx3|B}>>P=>hN|z4Br8tH3pgGTR)?be5D}HusQ_^R(=UbTj_ePh` zuK&v;4X*b;R-Doy9}d7a^@7&>;wd{LrhEp6t4@^WCr>}A-3rAG_1>~3qm%TveDT3# zw_Q8nr-wIe;tJ4?3KEeQ5g^k^*X*YjKW#cKz3TTLQN-;EgC+deAl)<25T?N556d5R zj;nP9%rUY1F$Ful*~j+PKB_qYzSkoMR~}XmzwPoFYIRmJ#^Lwu#x30!Q|g|8*ojBK z&_42i3|^(|3x@1v(k-61CN@v&2tLF<)C1g?2+)PK=4{$_q}#~tF$q_!C@hc|H#W+- z^JwzMix=pR)q{Mq%^Se*K4{Kw7&66%FUX_XUiF#iqq-3OuzCGC=5uFgc9>v1r@oT+ z3(OPWN2jGykl*skBeFM{ClTlmV0fEZw@jC2un(XVYR}hkUgrIaPgex{n+&>tvjzbt zv-p&3q<2l56({$KrOw)t7z^XW&Wi3yfx1f)BAB8(w!Raik*|s!kFA9Z+HcEQ_1Qct zu$W6*!XX*|acX7YcpC2swe=%x-whbn;GksJ-~}27uU60*=PzgW-#pEU!WHG6?xwko z@%yf*|J-TSaysQybBtEmA`R6=aIDUh0R*ZYddp2`dV!u}FyAZ5dH;_W0OEwM?`~j} z_Zkfcg5^Ai&+B++6Fl3t?(ba1`w;8(7#J&TV=Y}GF4Z>62?ET0=65AT$Gw(6*X@H@ zZy=`Pf=j4=oP${xk!N(v4VOmkz;DKNdeoi0oUU|y``9hi+4RlQ%^bkNV%3nU^ms~g z>--K9cF}zSDe^^$FTUngi*bd%%i8g?1G_*!@0ohwmkslVhfBYCLF%XTC6%3gv#Bd#|8- zLtUlrhph~bUb?JW!Hry&u+HyNrTz?DRE4&`t3l$yaE-%8D5ubw_CH?zFQKiEYSkq6 z?jXAq=BHyd|qOIyRP8t>8X{63> zp)|>Kd;!+yvk7@Dm|cH>Z0s~Bqb~hk+{J*U*7HbV*|~OJkBiQad!gK($oCAta?y}6 zU0)rm;)P^L(`Xx)DiSQk?Vqc0#}+K z{#bdtrCk+1X77QJ3^!d! zl-McTmtgz>a#z#nP~h2rd<{WiU{zOPaR98^p9dPLvC#E-rNL<~Y1gP9bfu}~ysF2l zNPUH^8{MNuD-PLU?7s4OSz_X#1hSnNI8!Q@K;qo`oO)emvg|X8_<{C`_h~z<%ostT zP|jX2v0mGM3ixAE<$Qh;V*kwvuzZ#^PH*~VOmGy;K+M|Mj1QSJL-W3)P|*qYA}P z)7*4}qYwPQJ3cUO1TUpK>9v3B)P4UqGE!r>=R)4ZKCsy>*7RCm`mC(7jX?9?QQ2Ma z+qk%dy>HyYW6{8qE&|P0_8-X$b|nS_m^a*$MG&F_VmE2-_Q4ppkNXFp`yTfj4X!ZB zFrwH?55{)p^>!CuI&CKh`a&77j^i;W#)gK30Ys42nnebEdTsE-mSFNG?Y!+#EO&&@ z4rLe|4_s1DX*g>c5CXVlOB$PFeq+-Z_VT&OSS&Mmf@@wz$ezZ1mVmldov(HvPeIf` z3i$=*=cu4}Q%UhVp3c#O#Hd-0@kULoBQk}!Rc+(vtNG;u(;Zc;vJV(ResY?o%L|Qb zB+tP&fv{2i!q?i5u3Y1-zr!XYA~Oo|1YE}nFoX<~xlUvdkJJ79Lu*(vOp;C4i=#bw+D=(Sdt))%&M?1|AM(SxjllcVBo=+Xj7 zGQuk-8+)>s{#8&q;2%<-`w3OK6XJ2NHEfx9KOw!Q;<{bkDHRK%?H>LT`g4{2mOJi> zW^d1ckuqkIiZ}J9Hm)4s1YYUp(X^X&;p#2d62>@2+PjTk_u`c^WllmE;zYd?W2t=DSNxxPaq~ zirS`Znl#sTIz)8a@B2!t6G$#ESZ*0Bk8jnn4~=G2v}7!iD*zAsKL?@O{@wQ|03@7w zPzwhY8lHpN-jwMG&UFN8c&A1RsrmNijbiRr?<^!D!!f{!SE+GQ;KXjm!E~`?HKzp# z&OxehEcAho)DIc036!TQR873wXb^Q-AjxunTZU0F(Ka@PNnUPU4rzHntRGQ853+k8&|ySU8anuJN+$n2|n8sa)dRpfY~E1f|h7z z&_8a6YUI?KBO{f~=k}>=yEw~hbcnrw*B7gBOj#pi38kDrrt3aL*cLCOvp6$c?n_pe zPMl{<BvQLOWtY1HXr=#MRgUNVDNgE4dd2l z^4d%VFk5orOPFBCmxN7_41q&)r(Z&#QfNWkJUR5uj=}z?=zt|5Ww`qwuh?GW_kp`a zrzodbGx;d3@GdJUTk-l|i>+1zjpPSR^_g%T3+29i>ms)Irc0c}OMc7#RZpr=huvHa z21rL(3)&d+i#I`-&QPh{FLql6Pw!ZfFnPSB?yIbCH5J;6or=9N9;=DVWvbp$Zi#-% z_Mx0goVoXv?eyGwS+`;6Bu`~Fj|0|%W=#u+cHu9PTHH95g8wC^DHWl0%Zq4}P@n>(+xk4CDTP&V2~) z2Y6JUyI!fSI`;k#p#2OBraW>+LY5YM)AlS{$?-MnelbISz4#2_ehv1uY9)zhNAV@= zA2r*uK-EZrkLUebkoT}^Gf2=|J!(CiXK$hS{UQ0!HtVOQO+N!w1a~!0g`S3kGpR@k zr`f%t3UY3TKX(^_`Lb?b!oB#tG%z1>d!@6hy@#Du^CiaDP2&Y#Pm|99@Rl1LdOI4& zI?nnBb1r4}xE)>q&KR+K!wWbriuC!(1Njyq2lI)|benv27Om4oY=0ollL?AvvIlVX z6R<7wZha4AG+Q%Sa~Q!4&_30QXPEtNW8B%V6TIWUHPY?8=GW4P%A#YzUrpNQKD_|$ z9CQWw*eqROd8k>=`6);PUx_pGd2{*4`a!qOfgs{SJC`Pu9_MTQL1H?4eiMAgjhko~ zSf-zTkclPPsQh1SopoH3;rs75Mkz>$(kUt;-8Eo}f{GF%(xG%CBQ|P7N~OC;3)0dt zV1k6yNa+F64I3Tf@H?+_{y69R{rB0PXaDTJpZmJ5&*%NYC7hDd`KW>4uY<&oDSOed z6#|!KOkV;pjW2R$C+WE;Uq{$MJghCHJ*gX9`{5duvZ@T_SXkT!Y9ziq2s$Q(H7afU zsR0TZ{$a1jV}>Sjfn@VZ`idZhh%?;qF+?bSZgi#v;AJ`hl;K6kj7P!tAi1=O3D0L@t6c2oiS4h-I3HKY#dZ@1CkrLW@2z@Z6Gj$&gZKcup z`-TA(n>MsQAGXW&z`-upbIM^H)+{2vG})|XNqyb*ay>?^4cY@g=uy4!e%T2G8trd= zWxu)zRo+r!=0HE@&Jr_~Zfw*A9~@K7tDF9L3@-?rBlhSu`s5~^G-%(GpNVtZJN~ox zQ@9Urs^byuk4rkM!&%0~`VXzeFB>r?8MyMeZ(s0xRh8E5I7fuKmD5c1($}BQq8ap) zt)p}nN;Urwf@wbY!-c~hLZF(}eq=XATyD)bJ2DyxCLI^DK`$cL77GY1!%1HByHXpq zYqn?ik4=LGZ!)t5aV_1bSN8;#`@t!A+)Fnqoc+{*k8)ZvPg8O){LM*qE+;PfpJi0YQ~t z;QK}{IR((I#tQ+TgWi+J?@?L+7InJz3TFJFt}ovcEku_&LgRsy@oAP7SNKM8Zpv!UVJpB$j|IgZz}qj#4oxslh(z7O^Fq0 zGY4qt?KpSQpSp|z2&s^8`tmKX1;4hEb(Zv$GdJG+NZM(?`URLI7_CSC!7?2ww-m_~ zql^orZo~M$BS=7cHxo6OLNtxjrPs_4kH##_g>1Wwfb-Qs@WkyovHjOu*VRsqA!5#4G(Z z&6{j#4X(AYI>lIjjx;jr7a7RqS3MOn7k&FAfV^edCOuY zN>oqt_HABAWE^-11IYE>lH*vR3*Y+{F~+Macc^p(4fkJ*T_vj{(deMyFzLB9kgL%& zVANyogGZqeTjzrxiw&!1r_$Ge#-U$fjS`wyHb3zB?iET54}9@oyP8t0GxFEwkKhk? z*muVsRPNc=>{(_2viUk4IF-kOyYHZIGTd?3qsL=dDHBKd46nGYLr7ZHBaA0~ZA!hE zX_4)Hjz0bQG4>RyAhY*ztrE8lNLh;M4@W}7yMlqs+G9@^Qk`NxS-4+Ru0i~E?o`NO zL3!atf%yHi(q+z+!TxFAvys`4Ll&mTv}$F_p$^qdh*)R zOQm)W{^LQ>E1zC_A<<lyB;VAl$Q zKY-%{+Q2F6Bg&QY+6v20dY(-caQqkT(*L{0St(3!P@I(-mf!DE&$Dv$+4#X1roDX~ zQoZSUx+OfzcRel<$!=0*<^ZAr8mf+})qE)5??Eq0$)|2m9QE80z9XiZdt8Qg`%`5} zjcDV3S{C-n5%a?6_AO&jJ$qV3-(BW~8bTnfMQq?^S~r7g*6=M5W+G5$;vL-^sjQnd zvU=3}(5^>2E-%7!yG;=ios?Il*RfvL5T3Vv#hvete^ngaS8aPP&U%x+!5+UqMb>Kv z5-~F!pf170x#uw>)K#zYHOJ<=*SbVY%3;4ts6?mud2+mP7E#VC%pT=bvJrcT)QeI{ zx>ufanU^IBQ*C@!+)h-NLX{- z=Dqj@Y`-QTa4%%BG>seBWRP&)aQIWd=mBmne;nkwvyb zX;K6@t<>UAm!m?74Q$emn>%NlWh}slfE(e#b1(T)L@f@?4U)yQ8JqPVxs4>~c@%dL zc6Iip(Gb`POvjW<%OX4caAR_W32AtERn(`e61$oXpj0E*(g&OO>+m-TUnAg5{g!3$ z`F=X&g$8m^K#GwBv;*-^@p0;B`1iap@SCKDdEWhv=N)m<(B9Q5(cdkfrHvF0*9+bSd2> z`3%E(?*-D;6kJ0?9vn!?W%A9hV{hX;kNau}Rs&3UVu4+n+{is9db*=1uLl?dX2WNi zGi+whcCQ`H8~`Km;uuBr?H-mF9Xg3+oZf5M%cu7={RT$ipE>nh{Ff&{GsOA3^+kuH z{xJdslC0}y@0A}gGyg~9Zas<7$#SEO5D`%GexT}3p@Z^AR0qa5YjiMt`Z_(AWv`e9 z7k8D}+yodeDLMoAf60#D2?$_`-f`x51!2w8fzXqJ?t-F4A@a9KpU{y$Va;nYYGir( zRz9zF_iFlhXMfo(l-b5SU2YS;{IGDU~tv^R~5s*@M&9_hV*?4_>2mfh?}t{ zl2DF&jvmo$ntcRsSC2^Ar2D^(nO)SBm77*@q~~Zvh`u<|fcz^8+>p`y_cBxL{LUDrY4~aqh>&kQOd-Ve?yVS zOTX%i+Al^=jTny~h%_^`uyi|=n{6MVSEXJTD2}YB$XCBi!8nDf!WPvv%V*2Cb)<8; z#un@A{1cyTw;5`oK`CN@Y`*`_F#R<(+rEICsYvHvRRn0iU5L2hYctcjjI_S{1ro7W2ttJt#-% z-YS7C$V9e_&5G-vjRlxP;L_(_XP*(t=e28IMxaEywUm{3VIpzaP^v_NaX0$% zy6;EO=&TEs>_}ev?*GfQ@s^FFiS5|qtiGdt|Sht?fl)=m`w}~rT%@l zf?x#S7;g|;;^~I;<w;NDz z|48dXdD~~G%*IGB(#dJT9nw4h5VMbQKAOhc&=hfpB@xRTSb>2_8t#>q4U$%YZWteLBmYa&rN zu`B7;IpkzKn`Bq_MK`tIwynGtP;CdOV3$fZ7Im z$UZCiTXkM#%@=mTBOH>C&anj?5OXXAGOpzj)0YRCXXy^@Lhu&2ClDQ9&^+a=!EPF4 zgV{RYVH;(4TiZ?LFG!WocFT0WW~;@m^hszqTyy`k-qw8K$dJ4|xKy7;`HDl1!_92J zZz%ggeZV5;&uJ4iEn^NVnLpE*-WJ{ew>GV`-sBbCk`g$6Ls_lhKKoA5zt4)e!t?V7-7zWT~`@c8ho6&}jsJzW7V&Q6a&{a#zrFwt^SH8&!$l_=@?fn%O!etxOW*Z_z@+{(>vdQ4QQH(q=##mi&Ebb)Q2dmFngEU@G>}U4D4fnF*jT>L-esAWz+3Z;E z1gVfucu=bB7CFjyAs3BeD&OmGQySqv`!4LZk%G{+3{@J*6sn!biO*GPv+2=-~$se3FkHTPdOqW^EJiU|d^QvOLr=_$V^Yx_KKAGL5x!eDqi=74sEm?PG?UnncaX(iLS zC$AkoYGfJJ_r}7}3XGP-v4TK2eBPu0r%+tiTJIy%uRkM?`&@KrF_w`qs4;xMqu*U@ z%5E`8?Cs6s3kZ5D$cUUgciUpnsBRiECxgV*%B`$F^ySxF3ak?0l0WW~P=7Qg@bS^J zR$9?_UypIu4r>#r_Yt4*{Yyaa4CCJ3Z&-xz-N40$eRoD_&!hO$*@M-{ARO^&_yszB z`@E~L2@>9db`SDJKVGfstmnU|@~@FRU^fr1NfN<|b(+q9^^;>ka!4$Z*aAh`)N;Z0v!UsEtXhE{x6#g z8`Wc1cDvua45l(5Nf7MUP(FPE`~~Aa+ErGuSm;HvSofv3X(}U)iEJWN3S}*4J%G@*jXCO9xsn=l5LpYgMiycK|=PV;+Nd&t{=3yW)HUtb?0;`>E2Q zcvi-Rg=E3bY-p7gaq&S(i)PvyJKYOg!^VML+LLE|LThyPlj*K{FfvFEmJ#|w-Nr;h zhVoNyAfxDS6+xNWGa1oPy@+Z!O^1V0D=sC+q zRt*NKJj>Tu)D;OBw9_f+kZaPDzGIJljteN0uozC}I_J;fr|2?{&oJU`IwvSiw(@ zj^>!C<$tG5I_}OlxouElp}!@(jxP>-3Hb#y8|NK2gwTZRel|E+uA}82I+Wg|&UWXA z;CoqqCrH~U6_bmd;G z5qwcmeY`t;^|9-n1~tC!I*av)X{(eg7+{1RQnD(j#Z31)WSuc1-)y6rNyg-U7izBO zhk51k)AfYnU3X)j=;z#Raw9@#fz<^YO^x8)<@^H1*Dx*sr;%Weh`Ywz=wilGg@j_i zvq7k%`h)iMIosT*42n17sP@imEVD{vSyuDz^8)a3$g>^@Y-ZR78&G7H>8C!$Nc|Or z8p?f6(UkaiFq3Cie;e?5%}QK;Uc370mWdniIi3A1g+=$yX<)}hmn=B| zCP}_mHjkZbmqC8l%B1#E{HoTcY{9M~(WxaA|2UPuQ(RRiq(>uFE<};5l{!JQ0}$T% zk_)#cZK%u~h><_QI|*> zA=x@DLb?W|>;1hTp|3EDEW^Tf5k~4)iWJ?qwSxD_l2xvmNGxeA(Qu;JQe!8qH<{{$ zWTt+VUF@Df@8N^0FPM`@RNR)YT_{Dnn5i#5ypaC8!=J`ue2G80Kh9E~K=G&yqK$Rm zhVQbAaMXNE|eDR>KH~WtHP1@pRQgihMb>=1+@0Qn7bQWr`dV= zl`qqFK%Q{$Z|u#(i2S9`aSe!7J$z7bNsl>dT{E_%ay@%30hvx^&=RU43a*Y5is!* zxjrdD>-l8P#0#vC;SRL{_R>r{j-;SZ{V?Be-S)n!0o?E6@^dF#&d8X>j1xeq!(s4| zvR5deRn#d`ECX72zA}aN*2rzTdnYHUaNrh_v++-|gYlZ+?2&`9gQ1@^-(JoGDCMK) zHp>rW@cimZ$dU#M%#y*DJn>Y5so^0<^s5ttZ9oXWnbNlIcS(peG=8%uK~LUFoiCy` z#V7h;O61aQ|05qQKx#aHToZqjSufJ2PCO(ee*8zEOY@;80PmA#5q0jsPq-iq{PF2L z>z~8Q6~iqD+dCw#GQ1j5^JhZ^*kr36h4T^#rL4fClG0t^)QX8Uy80NkV^iV4_`#Q; zFvsuLW^}povkA`lc8{n#5cu8f5jKj+?YVB0(H z>;CFDuo{KaV~wTpjsqCeig4tqp*}7B=xKCt4;Xmom&<3_=YbcAP{yl#FJ^C8t^dwj z+^Nf9Ii}c{BPjnoWQpfW7hw`NaM-~x2>=Z6qSA+NEWgxghAr!4uGUE#WIc&o%e)S< z@$m3wiZ&yqJ7)(a1kBXTcB;%WX8xg-I25pl^D%9QTwav8=hM(@NY@2Ud zSl&kPZeBm1EIY{z%f4(EWtMl<4PW>Ga~KL*4Lurne=sCU95*-?74{Ai&@fZJA(GG3 zfN2Wx0xoLvGW+VUcJqsO@`BcBP2GE5HNQXqQcm1}+q8z}(+pcdX*ndZKSnOhO;77b z(`b(RimxMZBs9*2j#xPJP~ud1TtX2O?A(OrKgWDd9tAtmW~;hhMUng?hZ;p5>YL?p zGsWW$jRWVF`j+>w>Qs5k>(D`hL40(-%pBSgS~=%`o?tWo+rUwc*2w-pOHEPnPv+IW zk~9o}Rsn05h0oo@F%g&;On zW0RTW$3+!BL>)sm^G&-*Qz@i*X4N4JwkWQT=2#4-1z;Yx-(4)EHR8HCwV>j)#k{vc z5$d-YPf`nGKk3$jUwn!8t5y zOWIKfoe|z|l!He^&~RR><&S!PH%H!IYEC7F2vKanSOW(vYGl2dITgyeDkBv}6r@r9 zKxb-5coX=7In@3%1HK`(JnsFuR!fm9iv78f9%w9sNRg3W6*S*N1A%|T0!Szy8U8XT$oP9e zWq!~Ah-e!ewrdp1JncgN!l?V-dmXsi>($uHB>{cgkR;#FFh!y-?Q&;wD^YJbev?19 zkME_~RK~?hiT%6}56;2t6)71i$_h7{;{5jE?yn{g&6FB*mYWWv1YmUK3*TWd;>rhl z_J=R&xzgE_TD?~j#@?(bkFLfo=Y*>w%|leRu326&oFg|?gXq2G-9IkTTxriSJXV>{E5c~aLnYK# zeAwb3RlYcdLyi03pc-|^-|h(?(oi0?V=!tF04!W-QOc#&)k}idmnO4#U9AvY_L>#&RF)#GQD`gmA9KGPn=rfR63XDX2Y(syq4L7{*-XSiuWiyZBavQnF1VQ zzIsIsoK zIA`kbW2(xCm=^f=(dQ$bI2oHafwUfu%e&yj&Kg5uT;p!J4q~?aOpo`ed!i2Ebi1S- ze)IeVi}3msqCE)I+0i5o-((-xG^|G-PS+$pH(ig~<$HG+%B~BCW(2i9us0eHb#mcUsBzMvAZ2C3%(T;K?b4Q;aVaC0m@Jk~^^S>M%`8qKdY4WOnVb|w zPl9aXXzc}J{ItCMMG>)oPhif#dCj(;#|2i=Yoy5S0;(52|1zVb%3B!czo!MQZiyQw zt2GJ}Z6bYK3d2)7XFfBADWjsm?@|@BZtH5 ziBWoZvr};hw5e=|MQ^-V`vBK!*3+0maHWAdL$#T>F2!;@{;YQi|5IUzeF6z{^NBqR zkpei{$?}UFEcxMalogL=ocvzTloUN zvtug*wa&(J7?2+HZaFDCfw#QgJi-s%EANO?oV&^B`gn7U9TXyTQGHVQSs!D$J8MBw zUP<}u9zRt8I@Cvm{BLud1-;Z#Lb;O4=%qa>1J$vi9dhCEGe!)Q+W5Zto|(D=I2RCr zQiqjt!i9#bU8zJDt`YtdRbR{Ch!NpM1ID)xqB^oytPVG-8jn$a0PIC0Q z`V^(sc&bwGhF%w}TlsOS{$%#*F(Pk0&%3#$tDe^K=++OSck}nn6f=VzkMEnW7f}S% zX@;J8&xz0Y`;guD(=7TYAG70a85w2l!a6ta*k8ULLs@!42?fYkNLJuF^gq+QN0*A3}C$-7#r-(WY$r*A_qs4_z`a)G%upi(Vb5mb_2!&CtY;{V zrWPP7Ts!)o{qFf(xxpGqV(y5a<+ro9yPzS8iy0`EAy+k=Z81D;&qst>4B>am_3^Xj zf~r%XQeVpDzONtx>4v2!qm4}^g6u*@$hJQKk{_Ag8tK$pY)5-j&=x$N{;14LGa9wW zdOH;@rcopL(G|Iqws_s;H4y_#M2m;C;9u$4&fpB?stIH&l#AneHV#%E<>C9|y_WB9sNs;Ak9T(RpF(vHMIVO{4n9QoRayPi3O`yIvp2U$8-CXt(214wURL~iTi{n)(AzS-xN`ZgA8j)+?giVJzay54 zWyU-pnFM^fuGtpZ4xp-3z&;x-RT9uW_*43WI4;)76)R%N5A~}%>lF)n8EFr${whg zOOnsHq~@H~Xq%zB%C1WtAm`ELvIrIC0XFOpZ(n0a90PeeOb+rK9yM@YQ%P>c2Ey&= zSVyg{Rt;Kefkkb;MFPTl6}(U#arvAd7BeICjwFvfu~iN)sGdelpZs8|FOE3U%zU)a z3>-r(q884qMcklYD-{VrF-$<~w!ASKh)C8OpFPVE#{@ukv!b@tv*Bbh0P3=7_YZuI zcu7U+%p0483+{~h1FF~E7#<>@qs*tBW0_B2Xe5+r;CP{viPKdoZ!OqdLsGNZY z&(mc+L2UKmxJi}4hy1bB-3K4rS&K)0(GKq@U+GG8u|pHs7_a}QxNvFfait^RY35gA zU+etm{;Gx5-!X@G^-OBug=~2bm~awY*tVv1UiBQ^{h6A1WQk!G_id__)W=k^K{N#* z20|sa-eBel=l327{7`qI%`)nm-415pkTWlDzUh*{)tUJGW+#MrQ@)kX)x@AonIq%w z3fHWJ4HV(~d_%6t+fl=HmLyY-0Ipw2b$CVkeW5fk_{V>ppz-ohgs=dN z;X2B)rv9fLA1VK_Z1K(`f_;JGf|akk&Rcn{1XUyH}0Qd5!+qJkLZGvBYUMzZ_)K<#6IurWGj2IKGr~5KX|& z&3F^~my=~4aIgHWUZDEHRoZwo)gP-aG&U36V#Y;h6DvqV<|e|zkpn6nYFYvhNj%X>8l1Zy=IOO2?g`JqA_E{jJXGi-I<1$im3>u= zSzGl4d92ZC5ST(-oo^U4uU1U~k)*qUjnBV@rVh|w5kBlKC;s!}^lvP9Gqv6*-@mY- zcYLuRP;o5HZP8=&h=({vyLPwc<6i?Cp=DF|q38K;EEio6=SI9ezxRfZ+bS-Km)R(s zRCTOAA#HGboPCoB>=$QU7TM#jh3LNP+*;oGl$_+Y_@$qy{x&+BH4 zTq_7P3X&pZ7bwY#`Ua!jgVLUPWOre(--$l2`oy=Too#t*j{Fo-0Q@-FOvfdQ6rq5hIlMN) zKfP^r=!rF(T#=kFKe~>WAM3{ifWlBSh^tGhfZ$+8f_011{%?lfne1C$Rt{{Z^okD% z9s*>ieOw+Tf4Be>Gp;@S1-_5v^;!QC9sWzRBKDJcG6-`rav1RUZfY+@=hf{~eGcs# zW~Hglc1x?6LffSiGuE*IxyS_zSZpJ+ovP(o9{9RgfU7Ra!JcsjYL_~BL|TH`V+C&s zpsM9%OJpY#C7wdLv8hjipVinDvFzpTvst21dtP(!s?*k?#V4nxXlg>}n(A2V&rX)6 zhQ-L~G>Lx(@_t9%{tA%aFIO|hF9bOo1b%P2{sm|wWDf?duXv*z6AiuBSBS`8P;z#d zoOyh6VJox9g8x2Av*P?tUEM?uGLhnfc-(KeS#AdDUL{H0VbVHYGd_R+^d&+O!eHL* z)#(8YI6fJQO1*B9Z4PgVkiKgcgA9KL)<)iNt#AieI@RbeCG$qw`V&Vor4j1W);A~k z*oC!D*8#anq`oG0HDllEb`F7(?{8)8x6gXH{MGlGT_M6+2RfljfIq>LRK9W79x~Li z)IESdzzlXq(p`JHD|I$w5a5UvqXT5!Jd9JWK^O{SPQIQ>D`3E-4!D8;Wk8D+4$U3lT31$-J@e{eR zrl5|w?d}lSdK*c@;W?_^|Jb2a7v`#lF=x|%SD~FIw$o&clqPsz_pD%x(6F>l*| zL74qi6D2h1C`n*G)5=|a>QQ?C^S|MlmGCi=Ec&dq5M%@-@4>Jh&i~p0yRAIT=~3ho zK*sp!Vp**IHO3E3&WQ)F(ARHO_A+8S+ExL{fP1GwpUIH3cPh-%5+i+qNq~=cyGMn^ zMXdn3n0<~(CXV|15w+_Sdy_6?y|DWZ#Vs4H(t0fkk+&8RQ=y|nhnMNy91pgj<27Em z^_$m(%e-UUwzo)pfp?cTf~2iA+4Jf!9hw@GskBOiF-$J23!Geuj7bL7b`+ zBDQNCS_q3=GI1S*qn$mFNI+|t+JHz!ApnpmmdUHlBgif*m_38=!2tWQRaq97Z>0IP z?;}H*h?l$lf3NZLTgOdvQj4mQ)>LNY133XM&eht`k5eCh4pqhs)x=tt2huv1-LSpb zH1V_}vikYRi$iv=e?rysigR}pevkG`Nm&y7*XIZHAlOXQ<7a<^l)kGmiW{fH6JG1N zc&z@95kBS(I9pvWs2uHh$#dqpo}a`RtO6m@6U5 z+IcC3)-|ypkzluGZs&Mj{-5F(%!|%|g)rlA%Rc+2k^ig~%q^E8Uq3Sp{-OBX{49fN z_hLYye06u0gbqkc*Y5WKLr=1UW~P<2D~nuRSijD;0Ye48@aJtInJ@Wnh`OpH>+JrK zp@$NUq@yU}NnQ)l@7dIp``1j~AFsUz-=y-9P_y4L_sRiyDAPRpCVhT3p2k8VPog;{ z;{zy$FG{WHhao#wQE=-jXFy>vqe(UFKIiH59HXmeRs2_2=K#HnCHGgYS_!gneZl&|1G;}$k8=fB7a5UBp())((7 zv#Tj%7H*q`143b(hP}qE=;LQ#k0B4Bk?>7`mm6gL`EX~IhGLD}dG$!D2pPB1LsW5? zaIJn7(K;=`A4j)m6@papys^WsQjrTatwl1M-<}Vx;{=eu00ohx%dgy}j`oPC+ne1# zAx$Si#q-Vx3^KdEYZnB41R7sxIG-C6LaBx7=5`u3PFGYb{GtRN9*1})Al>FZ$;0u!Ni(;|NhY?$vH?=g)j8_BR zn2FG4!JjgI_T{G{9q8S)iy?I6HX*)HD<^o4=vhb=MV|(384N-+fVmLed47ZYaqbkh z>RsJ3a-F=#-LxF}P_XSfwI5(&fB}-}2)Youpu^AT5AlV8m$Y}~fV(D{0))uMF}~Jd zrls(f6soOT&LR$t4r0OXD3^P-9wj~AN_R&xG_w``zXnTH_GNGLm|o+i;;Px?2W z|1~Knw$w3&#vZvVd8yuo+n!JU=Q^5iU4T#lu4HB$2(|yILp#Y_h1@&Nqg@PF)S$*M zN-p}h*mbHWPu5>}9+u2&&3|XVpeSISamX5V1hO8@c#Qw+@6u{jN8d90GQ`RJLD_`# z5&3P7)3iCsVp7XXJI&w?jc2 zW|XyI2&{uieop;P8J*+5t*C(6VBJ@}us~Y=_F)0K0t?TKay@+ctzOe-1*z?i%gj`q zsuF4Bm!elX0SN%w^!bV07umaE6&q1bywyL?+h<#B;nnX38C}kXSiiR7%%8bl??Xh} z9#oU2Or~pT;s@pV|5g2@#6r>dPtC6q?6mP;KUcj?gFbc!pky}`FZMF}16`DGlC=32 z7Rqxa4NJ29%()bISRFoZ0cZFy>sPnPKLX+sZdNdY6iMDvj>|LB2`q7n7IK0-VFx^b zVFln_`n_Sr@vYq6E_#fp6}opzz*`+Dge0BUXSU2*^#%rvhs&^-zh#~j#x4tUJC4C- ziIVf8$S0JmQ^Fp=T%3l14#nR5;iJ$>dM!N#0O#2ns*>Kt^v7f72T_XpU9YE75&vLY zcAHNt&pWt3ov5*1y@inV+-q;JTeGBCI*-R zjweu*G~6@IkRk70`19k^%4PQgUn_X%5v3-4S6mf#%beeD;HR6t@`EBf^6|-AU*yZp zqc4bgrMNaU09XzAXf7P}%(NNpRD7I$Kt#TM`h;)-q7-NXWSR7{&!{4`oLsQA4Uw%# z*Lji2LE7;#?H|3lN3;K8`Uv#4)V?GdJnPDeXRX5;hqFG|+5UD5#ZgI@aN+ir|H}eU zHaZEhnTqJLh_qW*S#k+4(>#%9EQ@KETTN|}vz+rwlOgGGO4iyS*nA4q!cqNB^DN#G zo#!vVhsS?lNl`Iw zI(8Dy=;er@U|L%gvURC5d5uqtP$@WHF`?4!?&BU6CzoCQge4acV*nAHT@cdbg8w$W zsBrB}pkd*~JTAgJ5lg%sUhm)8x38-p$qe`-)$CKIYoPy_iUhV#VlJ>}v^&z#X!}&j zLLl>OjRoRW+MRL$u^C@~JX_})%CfEl;_QB?fNmQqiQ~p-qsU`YmaD6k+`6cR3xrXUyLMLc{7(lK=A)2aannp`z zsdby%;}7yT)GBJ$4)o<_jITM^8E95hc3+?iFs26@EvoZYZd^rw=F6&;szR(E-%f?k z1_iIEIMSMtnr|mnG>!mh81Q$#{8~IYMDn0TWGEqiufPE=-}vSj=Ps;)ZV57~UYP;5 zfDeG(9y@}vo00}bgy$y{Wp^%zf|c@zg#xOj@mu~2Trj^yXU;2$`6*f8P0c^JGM~H* zviKY3_p8hB!DBdK)1fq%W{-WEvWwjtMf1%*5Vd()Kn)3u|GS>Jb59J-#BT>|O`N7u z!>RfdDC^&{f?20Z;lyI3LK#v8O$U5}G==1x71ia6_Td|C`s`0@{H7+VOltfW|F$Bo zNX&sLz&Aa>#6JbXcEOE*-!Iq)I7$i8zWSX;51eH`esA+ql$w~Z&swF9*lFAx2pZ2Q zJ?*`La8SBx*iWUnZRqtG@I6ZL2sYG=82MG#1W|McpiX?|ft4UvbeQxWcGK?$GTIZ)Ny80qXzc2%MPx=qdCoTh13KR*PKuf>Vr_ z7UI%6%?GS5-F8`{$6!${Y!63wOJfZ17@ZTfuhiU2lC#s_#!M z*&o#gX(r~snf=d|lC_NK#sIVWbECk<=sjuN)-)Nl&*9i=>Kp0F`qK^+g|wHVucpK# zY*OSfqf9GvjLPFWy;C5IgEL%dYOP=YscNV&sD~Ud^^kj@8JLKqu*jqNO?=(lGqu_#(jXfRpN=ar)x{o(a(psDPhO)UsOgac}h$%bYfp^sEn^$b&X&DjJplr(pk= zZWgy!H23n6y}Lhp#ygg-RQ*AolKD(LUz3YROp<#Hw=y#e+kS5Ps5f3H>gS4t33v-*o-$AMAbHQTzkv{o23<RG>cek+-_Kj}h-!6Dv zmNfJ&7h-`~FiP-U5>|cnB*4!Tox>5ajN8&vL<~A~z0zTY7PaHA;K8MCk{icp25{Ww zFVXORs+3^V^-FFqu?(18-ZS%hHDDBDXu7%-Y@;~)*Lhx8k${eg+8KI|sXo0Pm=P1z zGRJ0r1P=dIioADk(6j2l6z`%7kR&PVAI_jd{?l{fvtNT6LNgNM( zdhr3PDp~&T&>}-Nu5a7b{oeWbGOHK2s+>O&uRc`*)mH2N?}DU1K)y>X5q)fmHVx{M z%szY-p2X!6se?ML$j72Uoy>lt(D^Et^}@-|*NU^wqVSQ>HST6_1x_8sEV{z9FVzJeLgZx9xE*Eo>5gH0=-V9iAnKpwR}73zKPFm#*i=n%xWF-ZeT704E?( zLwP$smhlDOmg5!j<#b0h;?0rW@~M{^_&ic}tD-V<=h=P^cqa+Pz>Wl>!LHR|+OnGNX-Ien-T?46?V_QCrx;py zLogj&mJ^Lt>i+=L@)MlQoTxEa6l*xw^dEMNztkA-CN^fwiJXuez__^&uQiK0Pelo@ z$#Ep!F-qxio;b$xUjOSfukdNUlhj@j7wd0HoSHZl(C9rM0D*2NjcCTH<%a`IU)^Mu zdkMg2cBI{&kTyDkkJTZ_t0x7s^;*&Rp8P(-0Jy3_9{j$m2t*-$9Sm<_H$7R9K3u{~ zT$h1iaYZLC#u3>^pn$C^BNZOdvsr?Zm(J8Jt>q5Bcma~LJv`Y32?C&c#7cG)%V3_c zxlw^AL{n*K-oaTyrCXSQZ|NGaoB419&R z3q>PsQ7xCe1sGFId}Dm}Y@2&;0s9Br!@B^%sPp!)wfSpD6dMP-{#3)Zv{6ElaQzw{ zFiMb`oBq(%hFBcDeiOJ({oqTgcIlKrBz6yeMG&FT_vnJw%c@K%2J(w0{soNYw{efj zTm_$xn+#K6&UKL$Sb5%})K&g<^OczL^J(Z-v)7G=*9EZ6ox8NSjfB%0n42^6WPDQH zIoJSWj&P`c!f0KR46T& z=ECn^m`R+OZ*6z@88ALsi@QFFhK0X+Hzx(CKWcc`Y6)$F1;*(tK2iN+lMywWl;|bI zIlQgT@QMxdSlJ|Rt|w3VAaQGav*%|)-2wjQlUrYw8(iqa@cCYvrdBr&BZCm+q{V7- zmPi!Ir+{YUY>`c1Wp{fs|81#-)b2Wa zyotVBqh!kb!1Sv&My=1hhvMbrxFDDA5g&mEud4L^;eqyTI-`@~<9x34ePs$I`}l>x zGlG~XnlraM?Ua&rigx-eK;OYNa+L5xYeQ$T;Qd^|@Q*07mzUj#V&I$@S`QriRCn*^ z{j#2}FMt2i|5WUZ2a?dTNHdG{eeyfI?~Ajbl_|e!5+I#ZtMU8ybsH*WAeK)3H;$%R z?0?bqmSIhY@8ACh0wOI)NQ;CLqa;TtEea^z;7Ab=MvNXJg3?mbC>=7o8)?|+X7omP zj{5UG{>S~`{{6o9vpxAd+;v>ndA?t-H&>%TS6^x?9GUgubA8lvU!Glk2Ksb&Ql*M- z>a>2$$^PEtJ(sRsS1YTmG1$Q0mc_D{kWVG6)4PwG@`XjSl}IowX3t5_NW(_R$O^(H zL!!URxbMfjq!4v(J~_b5t8u4E5TewGwlYugL%)t^kG3Q5UU|#50RKT$#CK|Xefps3 zFXs;&ygbg{$cg$f#T=6UZ4OuUqenXyK+pw@RT{35Ax-l|_BXS2Uo-@}ih}YmL*U5` zp~aDk2!F4DfbBAs_q(ElcP-orD=I0rkmw9g^hL7Y>9lnHT-B}BxQ}01&rw2(Gf#Sa zdzdhWSO0cBp|r}bkA6R}Vx5Gz${3*;v(;WdakmVK1rnG=I{lu;uN)DPSK(x_FUaQO zCD_!(6ZI3g-gnx$xG<2{xg$<0L@Dmwze4d%#4AXGUkx8$d^@<2;c?G0tPtlat@CGM zb~|4hR0dX3OhHkYL?G(<4y!X7(S4}_Grd+m#~-Mdl<$3i@O&qm;UU)y^ri%0qna|v z-^do&dPdk<{4`v2aYUR@Fq@m$u()J~=nNa#jg|q_k18 zSIV*OSbtu*v6b2h{na$rwBV%4k?7_2b&<^>91^cT1Ft;G zWki64M+$<_oEc=FZ(fPt<`CR?BguZG8V|AY)%sQHll@XB?8)q;Y3Y3x{7}F&my(SV z0bC39Z)8Ht#7Jhva*-`?ks*LpQCJ`RUWZRUv6eV3M69j1dPoMI*0+WDF?GcX2=le!&=Jr<%a`l`om5=BXS~jCR#at1-8~i`^!LfSN{_*OVO%WBA zHU4C+MOuqF|H~cg=FG6ZXicM~(Y2x-_w73EwQ0#~k(yc?=IpGQ z#S7ipW0y6>7JiFq-=o1W+rzuB^)Xzn60(*5CD~(Pwfvtr9{XK^$QtKu0rxFK$Kc%H zYjeXYUodRx4ESE|i4?Myg;)400 zKC1u5%wF9&n^YNn`9U;aw1@)Z>y|l_;BxdEZJ%!`Unf^I{_aJtL`k|*)!PzwzkgwQ zkWBBK%dClR1O>S}>GzMUIqz~^yZS@u@K3`G14$%Y{YHujPh+~n{yd&nza4F9kGdPU z(Q-ZN(C0V4X|so#%w~ZiBYs@wq^1_-eIxY|03<=(pCjTjj%6<8vTv?IX5B=r#j-jK z5whXFV|o`irEVRE={O?*Y+ceQf-?;uxN?6lE+^5f+R&p8L?;<=y?_vhM7=n*fGGcs z@f`|=B4s(07iRBB$4z0q{a26W0302}O_shT(9p*4iQ^=JM}FZ*U70&~tl4xt;nt^; z6BE^ug4vONIW^Mn;mAh8=<*`u^Qwe*ZnZv2y%=XmW9_q|+ z)9;|m(qnDgaNGYuF4}Y&maUn-fjp>uym~VH0>y{&?Al8A6Fa*L#Ma)4s`~jC_?iY> z*90t(gb(DifxOw3Ea_v6@2&MluY{e|rr*=~BNE=G7;tXftp7UVk=o@YM6x@yB zp7%Gwp3AD%cjoZ+k(eSOC`CTR=>#2-&B$>E*9R1M!rvp~sheZ;C%1gKu5&2PuQbjL z7Z3wScXo01G~Aj(-}9Xwcl+@$c*RI#JQz|azT?e~!W!b?`Lm-|8}OXK46=T*t-*ep zUJp^fJkJVM`dT?~$FE*xp&uetaM=-6J2UwKBX-6yRQ1Ww>*DKY*P2EfALZ8E&1R;^ z{?%fWz48vj|L%7(EhSf~N@4xSgIJs1HI+ojL=}DVG}Hffg!Dkd9O{dG(462K!&$C(%yIaY`=*ezu)C=ZM>qfH%*xE` z*zLH7W!mix7R?=EpHcVHe{6c!)sp6B@>xbanR|F4`I!0SR$1i>=O(kg@gwBn9JC4B zz(htNzP!L-jvb7<#-`Jy4YN zE=;H#J<8;Hr3NH~sD@LO@#+jo4^kUanaDmEeP3hZ;7ewnWYQ%#7NzuD#FZ`wKTd@>%kgvkn&$S5%*PHjkQQ2&(x!rJ2*1F52Dz zEUIu1%)1$m^U3VD5e>9d6zclnRuXNK9wDLJRudnHozJ4aYD>$pPv@%1vNp&R__IYM zp6cR1UWu0(+1(|NMO#7CKqMt-DxpKwV^0Z#YJKXURg z_4Ye`8Im|c&uG2KOMz*4_?X;qFrvHh&)5r%K0#UcV(-I7Te;gw^+K8@8#D78Y_9P|xz8gJ$#nt$AG(<58!VxYHJyS^iZM+fkxB8C$a6~n20)v8E}-*XSQcapjZ>sERGbPQ_qm@p~v5ruDy zF0r?}P83hmA6b0`rZzwCki1q-gDRfrluu?}R1Q$t2YCe^XfiU1obwXF>;y_IT%E7F zS>5fjAkZB1>v89`?{S&)GdfrQ4G~mf8a)*}>vW zy2AO1o5A9EGyvr6`Sw$t-+sUB-lY-%s`uC2hT39nV4io( zKY6@RZvZ_U2uUYsRyPR{f=@$}=t2}}DZKP_H$Mf~`fOgixe0nok4|iroFpKyFR<%= z)~k(2-Y76q=wQlMBl+3i7+uj>F+VP%98fbCU(LLE#Qn%LO zRtg;;I*avn>;Fmc&(nHg{do>PAt}$E3R?Uib1d3?Oxvcfj&a`Fz0VlsEsc`y-vI0B z%9X|q0+AmuR zTKD;~wGsr$LS$F`gr>UJy>0a{94z3nRrH1|)K7a~s^2SB@~c?(E&%zL!G)1Ew`~-!8MmQg zE^vVS=FUYvi@0NokmK{;PoUc?p;USjjX4RX)fXOz%qiDHcj)@+hv;2~SINUKFM*Yw zo&nh;rs7`hpXMJf!eX~8D#wKTMQt;@KR$zOnk<0e!CJ3Ri7L(}6@~PgX%qx3U_X7g z&)(WeT2S7|P-``tzjBkI^>1PtvO?d*f!KO?mL%orwEn!+Bq~i8!=A%bV2Pw0yNBT-M2=#-~oN)#QqSdPQ%I*A_S9UJlstrQLa^eB%+16g#BD9^}{L4IvbmAO3UZytL;xJGAg(g%}GS7~LgztjO#*WvXvQZp1Bv7>zIiEDv< zBYSF4$4wY#QosO1Yl@V3AByL})jTgW^|GaJ`OzXm^2b^C4zP`@=VW7f{NCr2?(=z& zV}NighNQq2-6M1@rgFTu5KvmSpOn3oa*@E4!U0o>Op?UAKhAjnjmO}^Y7O!c^ea*L z*39ku%@nRRV#v8Nrtl^STDj1;+4jN#ho3*L0-xys@+<0Cw5AsO_?tL1oh1J!n!L^K zX>#g9Lrz`l>pUaSnj)6Ga@-9K9HxfP%0XAF8CXwtZi~!cP-E*}o;~QHYs#u=t?;6D z9c{Kg70X({0MXKoVe6LTD^e5^p2a8}D8d|EG&v8Qe-VIr&~o@7*w%@NN$BC^MXPg~ z!m8&kVq!9>WMbMd;4L<}5}p?bR00m-a?SfOUe*Z7HIgv1maOIr>)|7g(V*E3w@x<^$*HxXtA}mcC z_a%?{ZhYMq8jxWz=IOs0=X(Xc{Q0Fs-*tug0}5A@o?;PJ1M4TEF$eXOR)Ke!JJjw; z#k%DM!Z)Yxx#hdtU;EX^Wmsu7`*R*#)GiDOD(`us1OnAAei5e7VSZsodoiTBv2ANd z{&Ka=k0pd8WWntlx1=95iu|W@H->JH3PZCr+WTv3mqPPSgYC)3GNx~r?a_2QJ( zG|nH@!u}516a_6#MY=Vmc}|RrI5tfld1EiSB}+~=Z^wq?8DzNs7 zscGYu92eG%O=ww-TL&%~3t&!#BI^j{sBajVx7|}mxmVNA`jd{B$}Nx;Jq=c-pQb9D zW%@V4d*BjlPt0DUT=oik&R!#$B?`ur$(ye4f9)Q*7ce@5dQEhjB39$|zvf&<K-S*d(29LP4lb%kPH%NauXVx^InS| zR6MAL@w3*I2xZGq;mdta(q}kyp|~d>o-x`T>TLpc74L6Wy?@@nqEA2EkB8ic)?fVz zOJ;Ry@q;RW;fdxhogXNd-M>0Lxc_5f-YyGMMh`@&F>VL_`+Tg`_)X6gI{5IF(S6C6 zC50hxH9MkC4+r8~m9;yPM2nNYslyq188sPr4$^)Pi^3XYi2VC~@HI4;FW z@WlswyX_&PkR&0YkG+a{NoZ!~vdS3UE-?_+ePhzfnEp~W;rj6DhdE%jYEWUGpsZR} z@q^uciF@sWl+VJb7-AeY;@|0iNMyV_b_W6l_;*BXGU)r!j$Hlcnu51~ly13S|HHp$ z=Xd#6fa3QZDwm(+guCgaC#4UA-y7OUcX;UPyasrKBAk<1`UOcI)s!lz6O!_9JS}FV zlu3W?V{8f?*BvC46l+QInJ~<`LKIgULG>FS?r=!h0v=n8{7XWupUq3&sO%cv*UrKp zvM%>VGT6pl-TaNM>;02R9VuI1Ckg#k_vmlZI#E=o!)X_zlU=UbHRfJ@fWm2O3bzFo z52yzMBY0_kyMp?d*kQRiz8@QsDm)e6I`_tWygxV<9-Z|SAE1#rtt_G8GkgB2X;HrjS5bh)Hy?|m z_jR(mfQr~ix#sL5-_&RFXLR_!X6fZ#nn!;W(;W2)nR7yBl<#b!rytx9kJF1ZR+@IG z;90wMtd5HCTuFL7t0%oHA6@$ysLPCE3gfYY?O&8@i`f++^eu zO)Z0MHuu+SfUYe~<9azJi+hjFuRk8SoyJwr2ccHf{xjSUK)>`)45m)uny0r{^h3w` z5JLBOZ{i_`9CKHz4EkYg>sLRA@s)3V>bso^!jCY9 zqL#x9fZDJ15hmfgeh`UBd&{fa9y#H!iJ{1u<{Nu*oK_lMzkF|^3$+c$BuS&M~3T*L)BIP`|dg9YN3c}6(oR50|$m7Ry(-blE9q$DZsXO z5u9WCc5|@AXGE`qc8`%or<-8=m&77I{>3)2cAo`dqY0M4qH4-vncPx+GBJ3z z94KWSp1g@)>qHZUki^&9eu(-jjpr|Lw_P5L7y2wb<}bJ5O!})WEJ8m#ik5BtL}=v3 z_4YdD1)foJoGUDXnOXj%9Pmf_`Ye-Hy*pp}^Tk?98uWS@&TdS|q^F@DkYdyS zHRNhZpn+!pUZ{^5uG|a$$nACC<$KaL(oYnG622VnoRGRR*;uaSktgmzNUHLvaf!gq^t>%L1W0Gs&gOfumY7%>-ndGL2;?Od3{y6{42hCw zTqJ?)zgI^jd6*YbhqZMcwC?!bVp&w;lIL<62sX6F*s3B zrv>YjL+MS+k;mz{&+N|#`Xh6%zb1(Zw!F^2w@T{jB^S?HoZ~jusCizu%lt3bx*x$qV6QY!xJvC^8-oOWe#HQCMSkYTr`Eut~D*3m2 z&cvbfAU0x%7bi<%>%t?vFSpC^yJ#t}b>KIJRl50;qdsNew3xcjE~>8DH0I)_0H&4h zGHtz9mzktC#aUD`xLW-q{ULcUiYFc#Ny zFRrGqRpg$_?`!_FG=a<2I;!S&@1cNw%B~cMo6|noL`Mi*0 zMlBMWKi!ynnJDna>;SMV$KC&Jx&o~S5A{^h8>~K2w&&ZXF0UNEb|LQKpF(EOpv}1b z_xnv8f#De;kGUjCCG6yu$J+<9aHE%=6JitCnYBbQ|4wYW`Kk5cDau0hjB^3w6|kS0 zA+|CoGD)A)M(}lQ{B~`92}A)d-N>lxIAW!|?pTlSWLHt1YAhY;q;gK4NcP(B>m#LJo7_Bc$Q~$@L~9Y32pO?bl*B~kg9k`n+Rj^(QFb6(*-oEE1QAO5IwKbLAHS`G9_V+jfrWA zlAiKiBL|Y$)Y0PMCi%Q(k)bl<@=)Ylrof)Q+YNFc?_^pI+?~1k`fnCNQ0TRtbxAR} zphcnHY_Fz;pXl2+{ETYykpn$ch)wnk_JuVSw1H(t$ zy`0Y;ejGoE$M3=O2Jnge6U;9$0}h+qHQr3NwbE1Ng{sglCIr@)hu1Dd#CX=w7dl7% zF4Y`46u$8RUkQ-0oj*W)h3#DN?@Ttc5>4&9v}lKqhBq^IEByMM7^2fce*kPeJo!%L z)dXk{`fwiul+X;1bGY}kbx&<1qYe)YRE9D0KkPU#$E&~ZCBwrquG+IbKU%Vvix45m zm$J(6`!UI!2^Xs0?o9Fse{(O>x_0e*Kkp=ngTIx~Vnj|};B$g!stbnSm!ZQO4)O&~ z32qBN)TdO+x7eVMV@LuDYTj8T`(6Q*S428I32jsV%7KtDYt8sK5?*Gz6c#o zERiISTJWQr(#1BGTr+Gj<^45^X@&xqs9L| z5$d1eJLfVO_Kc$T*+&3ksWU6%cHm2l%%2ubjOQ8v0=~>i;yUD8ZIpZ^vt_FR1IzEZ z$DkzfpZ`t2h&T%+kcJXf)^dj_+)zoHJSE}quiYvcZ0X>Dx-BUjrg-vd`v3HDFM)Sp zm2;JJ1rb+wte$#6-s{^u6qB1ft*A-j#m+xP=3h^s8Gh4b^%b7R#`EhutiMdh06yH5J=P0oo`D4d9({hGLok-ijSK~=g0d^6 z;I+pWr~@zo3s9e*QfPq(+qd8G!qru+)dd>bq~gW#+SzGI?Y@>?lpK^yvt7y-@X?e= zVm|r;4TiV`N`3X65O)*|U>|+}Kw{Wg+D_^SO!V@u4*iqASv7j^HQjEpa;1ptBOM>D&1dEX6fyf1inoSn>+e>vfV6qmT*@&`?CGXXj(JFC~>>~ z^(jq}Rz8;7pJOSRo0I55MEp&{*6LBoI=$BU7#tC1b@0_zWXK)8-p@X*e;&_w8q=(d z4?I3>S8}u44d<};fnW9boNZ@~WA6RL|-DsqG zJV8amCSV)`H@zu8nU0rNp^e!0@HFs&>Z(vG}vt*z- zLob6UgYkHq0sq(a0ihv$iS5K^>(~>ZH8QmA^z6Xbn#W8~zI00cue?4 zfe$JOb%6PRZ_)c>bG19up1zF{{w!Mf2381R_RQe4RGu!SRw_+)<=cZ;vwR1ZTpWOH zM#78-6{3$=n@K)!x_R3gs}GH`e19%|PxRs=xYY9;Bc5XG>X-nhff3qG-pX}nJ&>W} z;91y3aGJKjY2+C$?eHWW3^|un_fb>sf$&@4j~fO}CFNNn{OlE>4t};^a)5O>LFqpb z0=&|vUW)f(oLY+kZecAb*5AR#$M=-7&j2qlj$~@-?Nh{QrKqpOkcj$A~RbyoIdNCFuG~omDAPEL!r6 z9UdlyO#JX4dCL|k^M?C=w1q70wOj4x*~i|a&zQ!^Sf_Xxy})BcB}8Oz`>y3$ETG5a zLx%W{Z~&eP#gqdAlQ2+Z-p53osni(ZWthwX*H5uRdW+Rxdv6-a939FYxUKTv-^QbT zV*NMXD=P0mJ1K;2h4!T1 z%j15iz>j|s_P02oq`tZD0VaOk_T`AiNBd>0{XXiG0zJHoSaXjGQTcxAe=axv zmkNDfO``Qwav+q-w-M#n>~&X*u@dk04timoC^p!VA<){j4si>7Aa6;C5bC0@P|F^( znRBT>HMnZIEy~nQbV-cS^-?u}bPd$Aa;z{ySD`|y=`$WV#)XHTAw3 zztD$>As(}>&R%E}L8^|!Q$x?v%Dbb0lOAJK(aVc*da8r#19~5ZrXAA(5#pXN8Tl0^=^pNib0W{(!GO_D%3bBq zm(-fiYa7e}apwQ-^A9{%kSd*){nOxkdpY@r(ei2FlenGQoTUz+xA^ea74aw;oGQ2u zy6dKtf=-*5S<^*508Eruz&Iyw-5KftFJ&R1WD#QEQM4F zdL*)kXM_dJ=0H0~njq?kyngVti6L6C{y~DhN>ato63v@*O&?oT;~vknlz7l;$q=&j zlSzSP)_Cwf^2K7$hMMhCzvhb4RS@5)7oXIzg?wBe?}pc1MI59`PTm+|Wft(no7=5g zNvY}@)sW%9dZ(szYdXA>1i7~TDkRaROhP}o(iJy*jh)1!@Y(-J$4po*kgEEKHu!G$ z(Za_A#7qdscc{~!I}8(jHc0B@T}d>DMk;aSV@7H1vz5B;m8#SB!Q77#PkUMpQ(v>d z#WW%R)ML1X7PYRcG+H`h<8G1C&f+Tp{*7N*S>rsz)su@5jkP+{d7AD1`f2@$p{^j5 z%*x1}!`#I0C_;dl=0|GkL9|lK>s3l0><#_LyWblDMmSQ)2#D#eD0;$W;b`;|W;v zi!W#^j}wY%{_il{|KKKA6Y))HH=|N;93v4jrxL^&=WgIC8~fa3*G(H#lmGno{xvhT zz;TSgO2DDq8NwDK=+EA@8}LZsrey&pt^9^X*_3eX%afes8@ql(IoNE$$;w)NGK;kq9kde==#v{m{D3Fe8 z>y#d{-AO}e^shgDavHRfbozm`uFp1llyKvtv1=LqN3S;7jN{g{g|1(|3g9AmMtFI< zd}Jbci}T(Q3vpDVP2(!PJujt*A-Ea$@lI8P@Gcvq%G8r(`2?P>{QcPNfDoGyslVuY zVAmi9Cu}~6IQ!o85}|QNSbpfyyJaC}xRwVzH1mX8=nQ-x&(GKF4Wkzi`@EVg+Z=nt z&-D2s`pypF@pkqyH{d*?a_LCuImvISx95&ggPcU~##B#Zb;S095`X__GPYj}w{hf@|Ltkv~8X?17 zBsqOF9&qwTxjM+4z@A!e-Jd3d_8TN&cN_N7A9`GFLj^wh*RE)$%-*;-v`YKey=_g# z_FbLcCGg^*B)af-es~X?821Y|0c^3mhe#z_1D!PJZmo6+Ag=K;*eb6^{*S^#yoH4mQTJX(su+^_MeXXR|Jbuh`@3$WaYZPBZ!z4ya+~dbKB?B&j=v zlcp%xP(;_7V?OT4TwWdZH|K(s(N({ZYjj-4w-v;L{j&!52wD-rFWu}<6`g+xI#L$2 znYF>*d66<{BVXM`?)gfGURg5&u%`-Wq09Uq670v-l+%sJpBMn7a?)mH)N2>-u{Kf@ zYJCVP((T2zjcdCdh@co!zraK3RIgt+y{tr5JAFpi|hIG52=waI6#R?^k z`x3=u-Pk&d164n>iHlay&6rrP_TEy=sSeyQ`+@r}NVL?TehL2UpxiD+PX)dK{~^45 z9$MnGSVdVQsx8)YST?DpHu{YD2#4dvq zTTlFHrbC-Oa~t?sre9SC2>3QhqN`Q9p>&JSi!1%U5M_ry%i=%-zjB#_(Fifi)p=85!SCoIPcKB$@BtFayP^Ss&JdFHv+ki(7#lxS#^^mD@9i&u`QUk^j1gJPb%2o@Kd|2cX6-{GwP>+xYk?rTC`>P$}kVd$~L zc3Co=nQxusIg#9R<#LCT=5j-;;m%~Ay}Ab2CSU#fvQUD%SM8xj{Z`~`^55oW_k!D{ z5Y}*&K1Bi^m%!g)f%VZVyAH@;PHTac-*>M6g4riNOUyBXU10lj(j$zi+~p}hRrJ!# z*Ey4C-^Qfz6{kdw`VW+4qCTGY7HVcev?@TkUo z-6oLWQSKCfum9qnS&H9ELeEVazBY#UptMPlU3({~?!!!@Y4{ZHy&=j?mrJ;UKG!|= zdO5;1D1LtNFBzpO#Occ+F6hwhKmo93 zU9-j$TS*eC7dl}M7<aDO`9ZV*QOrrRx#`&IL@?v zEI{U{SC{w^->u&PpqbZFttC2GfHsNgu{>=l)ENU>ijVPfOxvdVgc@SCZJ8q}*Rrx` z=U}Cy9REUh69d?K?;N?sWa&KOZ8CF5ZQN6Ib&6a(kn^J*n@f{C%lw+4tWRp`gfFp| ze6g_=V=scb?rm`fCyGaz{R$~MTT=k`oL;VhQdoDYjiJ7;&I-4_E9z-w44s5oAtoF< zf?f`bz~4A#T^yXk8&Y5XFA@x}33ZT~a`w9Zb#&?#m3r1AZ5etuNojgq@N?F5k{N@55BHs%U8!4?2f~ zIJ1asF$^Dbck7G`fgWl(T-$<__*nV0!aA4{ed;<7l02(@%*gos%w605NsX9 z{eG_o1y(Kpvra!F8mBvZmyz*Nv{qGEm_9`|a%>-jxZ8Ynbek=GmxzCx1XX#=%;Zi~ z@&Dko`H5ty|9`edfOk<#2esdEzmG8#IAaz9rbjg_mSa%eEaOZ*1H*&Om&`ihMVfNg zIwGGJg*z*%>Ep+e_l&xV!$9?=)1DbJDR+nKi>}?82lB##%5T4|hvDhGp+aR5KxzYo z2}QfSeWqtZCS{vyh}I22W&*K9Y?nTb&l2DK(l+A-n=#-Jp)RMVfDCga+DkhxH3<@q zUoSXi-%>4M!&J3^DY*OVshXa3!aVK4j-t>CXWy*37C}b_deH181XdHZ_yM@WLIF64 zqCaeD+$&bzP|N)LU{ETzxMtkFPFZ{z8ME`O`_G=r)Dtf zF2;QC5FL(8%1HT#zGkBG!#M}hDbL_R9_G}LlT7*`?2j^!GJ2nk@V5Oqc;}Vx#P>s;zaz`5UtpzqMr9wN(m7(fdApQnPrI6EvAN;w>wp=EjaHpT!o==M}js^~*&ZcteFq=imE4Qw$a2)r_wZuCSHgwH@g#RIBjSl9= z>Y%#(>C4HM2L=*8wE2xQ;moaMT6dtV2#BevS?-9;G()D|7Xn~v&63=UfyEgXmwC5$ zYbFN+5|wIthJPOLh=iChW^QK0Fq0T#$SB!Y!KilP_c#5|ocmU%+0rk%7Ow6qW`>;E zkQ;Me?#^H*Qgv%nO@&MbM&`uM6$)8%jgEWmBCm z3?fli0`f;*2R0y|i<@oRK{a6gc1m-9x({s~M-jck%{qxzuYbcW3T+B7($n<=$hi@B z3=J~Y-!pDrbK~vUmNb`EKXn5GFz@ zfsdd50=gh`mg?tG+%y?^vf!{IIjV`s@YlMa7%*&BUAR{}GKr46ai2M!$0g--P-By4 zS1ST=@vm{LUN=6tvJL74-hhiWF*%4yg*Wb&d(<}L*A25Hqu}7L-zYgyiVf!VO|U5_ z#o+jR-qX3C8!f=BE;haB{Ju!pVmu)}NLnyS{-fqEc>rBoPdqKZ&5JqQebg}(x*(I1 z#LDpv(<-CH_6!$g`Ob{bh(edqB#vmW5OTPiHF)|Kfl+F~U!Q+s+w)*$`&~)u2?dVJ z?>lZO5YV$7uI-he&q53yJ?jbccjy3o8(A4_wRz+lL$_q8hSylnAE%C4=*nib`i|E+TQlRiEeXmA=T|{-S>81Tlkj z?an*BsU1^w?`KNt`mQ%Rs&vs}C85^1Hye}A5hOd$p2!(K-A{=^9r>M#tKR0Z-wfCG^G4DKaDVduus!9Fy-!0q?ajqj;x4;Rll zdPhm^#Ulf2d6y>oxu_ib_lysHkYfjh8=3~a=Ja0a&m9$-jW$06KnC>=x97@Y1Ae_f z7t&+&U2VYPtgB^^>tlDTd2pZfOq?YCg)Ra^+-18rE*T`)<$N6`(VJV%PJsd9bfDio zg-aZ4aSR8s<^t$zt_Hj1Pru}=WvAv0E}LB|&NP#{ut^bqtA1|CogbvxSN{w$#Eh0T z%(_wM&zjE|$7S1Wc&}LauV5`gmVAAC>v1p3KczkmLNsr#ll_%tQR+f9W)%-fJB$-| z2S6K`bs0X*q724h-W7i|`b0Ue->Wl|FA_hFzlk7C#@|8>#xCqisO~}DR=&k(k=X8> zgng4p50dfcYmpT*wEH>6%?Cg<;=FEzg zi8f^!9%S*p=)OA0$MncC%@vnT;E2zBs^i#wulhS=`IJDm%nH>rFVIg}-FQXns1iNzPub~8L1c>^KVg6&6i9f**uF~!+?08iS( z1w0x@X8DJ2ADL;=?f+CavThK!pk4GjjPsiqv-b3kOE>u-E&c0oGf0uPV1{3*xRX0a z5FWWaA@lm(B z0lWS2?{42FjFGY6O`8Sy8PE{ch!HWl8PM#Dya;GnF1MLpOK{eZ-S~%D4imT!0PAmF zJt}PYR#hyuG!OqYD02o*v$Yr5G?F`j#hu~!O6Ys!B&*;3I||7fT8wlrF>BQ;@$vTV z6WLXwT70NFJHMb)vn0RD{(Zr#!EWZCoGwlwMKGHTu8e!<^4a`HZYWqTMey*zD2^TZ z#OdPqV}OWL;vRzS_I~e-H>Gp)e2ji2gVWXV zHtHGc;VU5{DzdR20-#aOfSEFhU4pm}an)uL!ITAxdyRk3986$2CZK!Zf{RMa;1_N? zqrqt)#*cH<)sdWimx=)9Y`Lcm*D>BtqG;5rK&37P4Xj#D7u@}!UkXmC(39Nj+&vY7 zyW^K=0+y9TA61wu2)x*%LXYa?WgUs87)wh(|BC+}-zj1i@C;BYtV#sTm3;`H5?lp; zU}RgR3Js^*)z7r+{AAIpNn5$A-XXH2A`T$6;|QwhF6wz1LMkATiD*3hVN(aAlRWsh zlFTd6Qk>LetEGahx7tr{xE-F0mn4uUm!oW*Fr5DAk$n7DTSW|9v{K=6Q&5?<(ZP5} znn3FTb2BFKEp^na{$mFooBxg!VIfB%R&ywSRG?IQV90wX21IOwVSRU03%S93( z$c$n7R!`lt1wQ>ee*-W|p?RL98BO5$L;NAYpK~Y0=#_U z+FXx-67D_FU(qKRVU7jtf2G!lYxKa3XT4vmuoAFiF_>{aKh!8Vb%BL_S{1UbT8BSbRwXU% za5qL+9J4M3c-1)1+*-RqcDDAiQ_;g26g{bpOj{3|UY&@Elz*AL&48{pv<;oc^~Kc1Vt>i}RDF?YR&@$gW((9H z>*wX`<#t6IKSrCD4z$rHn8_#Kz8FgFl9?|)m9;*aT~?B~NOl~`{Hfv6mU{RkAb1I* z!$jSuAJ@|-aJI|dlEVp#t2*5FTrzLxXi+z6@`{t)uT4;q>eF60*b%oD1|)^qPIR0p z8(#f}FSMGhAxYBCpYa{VaJzi3X*o=6Wo?x^&nemRVEjmV;FfnNrq)lbruwQvB7r_Zm|cPIT-SjVs5_^>%| zHY0o|tKVG`9&9ki<^A-3Yd$Qlu|}P7xlCKq=kCcG6T%GO@B_;KI1w&t^TBg{lP>$^ zgSwocPwR&b(mj`6HUEAJ0Mea6)fv8li1=Np$W^k}_9{6fp)z{jlL z>~i3t*G=3dF(?(xHp!9YG+i`#($GA4-EcVrZQ&jFW{khALgnw_O7=YShW$)eI!S0% zW++P^Yks_azjBoF0z%*yT(GCE!bF4IESZ%mYmTbPVg!^3^XyKV2k>K^1EjI@sFBp0 zN$nMv)qT8=wm)mNdJzXSzPhj8&WBLd;4%s?*bj{mEHx8?64-wW%f_@*%29 z{u$1eAJ@-*WL{W{DSn$?Vltdfghv?#tNI>@l-oUYup>>*>xmc-D(crU^JPe*lV)HGqmd&qisfc{CzZ0!2awM1pglDAxG8- zR+(!|cdf0bJu1>ROPlZ(AJC0=UNt$Y$L(as;A$+g)gzfEcH4^mpMzFe*ye^s$#`ueKvT;SD2-KFnM9^A3T~WIPBaUf-_p-9x6fk zA3jtuL&@j$(&#}P4$==-!Ef=(3fIpy%oTDO5`2=s#m@P_%sV1GT9o{wTn8o5zd63R zOpg%%l*gFcWTgzO3o8^s4(94)^B7_$wfwDiN3f!jNj|%bzf6k@mj(X!N`LkE{OkPO~K|J^AbSeWy>T?6i>a`9at3I`OA28HwEzuSR#SkD-H($dON# zN2f68I^Vst_S=Y8Uru$zvI+AXL-{B)hQKg}Zo5}F;I zJ6WdR!pd1(?d+(-i|PeWK@cwU+pel1W(;FuV7?X>SpA0!+fsNCihYEn;IB^FRK1D1lCFX9TU%|rA zA?EpE2{4!Z*TB?^e*5`i&)xXuIceTTT zK2R@ofSM&cldf0=UDT(&+^YMMD zy&H<9OW`{bd8eTaf_WF1iNjf}-U=Yp*+T_naOML7bDuZdk9!CNyt#lx5+jk)9`!TF zHFo&SS~BMVV|`<{x$zT543L>+pXIay+$gtCm)M&RKIz~Q$1)e(-*a0Q!VL&S2_1ZR zVt0}CuwxqVZ(_)`e}4}QzI6QSDzh4Qp3(SLaA&RyKZt382|+Q(QZ>ZruvD9uUi3iC1bS?hS`o#63tf^a5IS7NJ&Wa!k!YU%E{3 zGh%}LxN_xok?2NmJ?ZjEg-qR=N>(tvR*0y@?7WB$2}&s1x`RDz127E-l*oV_-s`e@ z+?Vg>YL#MQ(&brhVlX_N@8=-yb7WAc=t&Qw7=I|N!^=$E@_t&dH{&aUQ(d1v&@J7$ zk3B2Ec!v6+{T4{AXPK1?3)a|f)w1=X(9#DE@KsUD$uaG1PNfDv7eZ!vm zcYXqbGs3@;4&qm~{SvH!26OWg!gKGPkLiB%R-l;~k|c^NAVW~K&fFpR!zH%Jrj#9p!wzn2D_Wr6q8_!l^h&SNck?X7V0n7oX!G>9#d0@Ihh9=#h5gLny0Oed+kP2sOQFXedcd5ava-hiqL;(cHGkWDbBXt z20pLn{l$n|Ai3I3v0NYPPO_Rb`f=32R9#TBxfl2B(E?n3t=ayMyldN(N3d`_B>3Q4 z&`fa*%N9!li(INMscVj4fkuan{UL5$p9(Q=Cy4Kh#j$FHnE0fgJ7K_7pN)26LVuf4-1c}>e|1bpd59%~eh3b`W@g06+_MQ0sx!rR~2#~y#h13}( zmMRxNP+izc<=|@sf3I91sPmU!w7>5eAW z($19pHD|OmPz+_MGWeboUE%mCzUWeU3}y%8x9vkJUpl?;g~NlSg3lD4IbS(+yT9Ds z{`)B@$aU>cF#kY!nyGuZ^~_lxQhBnh5qAgKKxU8Im+FRoM}G|4kw<%^nOXnBm8A{e z0SLW~r|?o3i19MN2$q<(&1r06%~`AGyh3@tKv?_~O}&s#-Z^xF{Xi=K0bMnkV9o|> z*Tj()imypN?$f|$w|BjF2edQ>Mkp-L$gqH}bc<%9CiD$pA2g%YWVJpUC!(?p6WKr% zY9wvQ8c{pMxfE_D_)}T8nLlyr83x#+AM@~KZ_zHK)A+SbvSAeO{A<^v`4kwKrIBo~ zMoW+SAnQwg#XGF*Pi*p-J^t6DK{lvgR?5;OhX-iw7P?*2=S1G2Uk=h=P`>}9Nt7oj ziRRx`fRBT}ECEjh`q~+ntZ1 zYU_&Hc{WCBxbJ(kQylJVG|GL6oC+CdV411{HVP;WxANt_L_8z(+`rBEu%r3|?^xdl zNcqgQ5KPrNE<|~Bu(k6Ps2aB5+BRoT61Z$r3>^oZFFhZqc{c-ftEsC$Eal{)`f=XZ z05{J|ESVvHg*a{~doh;$x0may*K%#D>=;-v9Z79#$Spc8FBIUg6dZy(LGoNwW|F}bRU3K8 z*eOdiC`0?f+Q>R%0972CJz$(d88%^n)REsC&mlCxZv*_3R^MF8fR=jev=P!O zm7#uA3CBNm=HbF#0Npx|J!5~KDShcv7d&4QHAE)l2GnQkFr8rctoi-+e4N?%mi9ldcDL?w+sBYchFtH#yQbP!(58H8hSh*2UEMNS)%&XFc>8(Z72Hhj#_=h91;G9ktKW9%*K}zG`y(FQ z3wS;ts;i`z!qN5edjodUfGzYv)BgHv1}xwA9EkSPC&qGNSl*VRW&<`m&?MxgCYFKr zaL400_Hj%zf&JFFlc}wzBQZgp?(ZY%*hs1#s~rE&J)j?_T$lKBl2Q4?-fDvR_<{{F zBPnvED`jcLP_+S~_+0YLwI)p|giMR-O=M=Yx0!`L>M0q7FMZjGp30~Dov9wLtW>#P zwSE9qcKOp_A?czL?NYc%dkv`mTOTtC4ET`R(<5@@&;CffG?}wQ`H07lEK`dOaKK{2 z;I(1A6*e!pwJZD0^*p^Nw^WO-vv! zwA)LaYvMn~Pb3#G%VQAFPFVm5GcX_0~e*&xYHj^n+&u{wU6|40if4!!_3_VO)Us7Yq>{ z@{9pe0KEF7QDK>;c+1JM{aDJ<1;BdB%tyb*88ggLxqZ67hg)^&2dJtDWM54>*@yHh zHzB3NdDOYQUjWMiI{k-lyKN2@@e9DrRHUTJ7m53y>w^&)@pq2tUO!8Zc&*W?G#eWKpvk!`P2;pO7*uj4@D(A3=5xESzE@uAH3V zG>k2YdV|)c*N2hmFo|> zk$=35uLBGi{itirZT9L05_wm#{i5YU(DfwIvRD3rdeDDJo6K{g?fvtbVRwVL;NhHD zPIaD8|42w?P6w#ip*z~6JqyXc+Ulcm4a@;jKbe{6J{`C3c8RzUHrkV3+ z{shjxB3)ce*}-n{p60M35AQ=*_2^pS2QxVoLaH(=2I%58$(xT`haL8D68S9$B;dhU zA%;-@12OJ@`8oN)xV|Fu6J%j$(?(u);T0Cgb#1iIv$APm2X6Mifk@LR$-PP;7a*;b znsS*g&=nY_`30wr>W;)&xfWKL_sQ2!tV|n(70N5?e^K*mbqn^$r>qkfdMR|3R6MBC z0jxH-t9SB2q9fonCgwzU$!ehChU8|*#pkEKZ|B%K4FLZgK+BPYQ8ypW4b>v#Sb zc8AB&H2%K~YSejrjcU$V;nS{64JFF+4*B-SMySLE57MSOLo~WA6rXLMW%LJ@<8>Sl z^lG4k9!?nTQy3`Y58}aRyYMg|7Yn(_4Hyvtn_fLqj8vShkD){CKsj3KM!>b;%MxWb z*hRR+;{hro6M;pnq=rqzdES**H$+D&I`7~rjnqO{G%cOuWDYv*_ZYw+QbZL=7ntX_ z5PD|ac13|^o+1LsoK4>L*BE0C91osCnL@J9YZeK}=XfumFAx+>`+}Y6pWS}`r5R!& zoHEDDp)C+lIfX|}QMg``T^$_I`FA}$=)tT@N zq8Q7f=?cKTCW6}Ly^*0|C(rtLP}n>fIDSn6EJ)r&ERyl;N)9KxWh10e;=uaGl9UG} zh@r=xqP61rg$yF@_Qs)X}`1`uC~;8{Erwcm{aCgmGW`@uPzsqsf(#_56$X zlDeRo_$UyDMfPMI|T}5XYTG^ISF(pUh$n5*Myg9BSW5$eqB%!;k)~<1L9Vt1Nh!tu9XYy_@!5g{B$V zXQq6!DGD51{EIXk9bz1$VcMd!`q1}`Ld_yzs|XndbfmpM#N|6vM05lgY`NZ<+91$8 zu)V76)c;IJ+9+Vn-l~7boac02cr<;UiHQ*5bp&&32MUeYv6_#&W_X9m6E_%C@*n7) z#oc|f#Z@NrVF)1UQjGE@ITl9|=~a?%aSENfsXR4IT|M0Lq6I?znEJbTmOro=WLGyg z&;h5exl6Sl7y@wG(>IqfL4ZBeMZK2lh?*VG_THzi)=+ept@d5>^e;*^5J7<00fQ9j z8;qBAw^$l5lpe-Q1Ig!AhcvzJDcTQJ%tO|p`^JHzN!N-0p%>l()YnclAeoofSaLvg zJ0ZN1JE2w*R>Y`UDc)MYAuXO_5K3RV6<`!3;9=wKZY=VH^j`o-iDRaSeS(>3t{fpgF+LXUei|RW@`kdKLbXu_bss7~fe>d>*(7UC=5p9dXNk)?K2uP& zq16yM6`HB)2y|0>P?{xu5?36c2mMW`jw?dDh z2rzZoQdHm=*>hcf?Q0FBjI*o71;B3$S#yny-`Ogp5CSe6-8n@GEl%=R#pK8-s3hB= zmgXlNlEZjUBPez9?<5eXSH0q(?NDK=O76~&(!67`RmC~7*fN%VcHk?3oQ*uNIfe%+ zuX5wTl^5@yls)oboW3qZL1&&@|1H$$W?pKbg=jWq%mBb_*yt677Z47si^PxBLtk|Z zr6mv87ee31Dd2j&Y3lK2z=7Gu2Z;3n@s_g6Ygp$wo?8lo$L%-8Wd7Ct{=LP(k;dR# z0e>xhBjFj(_=oEQcG3*37V|J||7;fRO|#AjbFQ9JN;1U0&gPV{b~@us56T3a)pX@m=y~OR9`9c8U0- zU3;hRBWf-d4~_gnB{?KG{r0P%O<%7ela7f-Lmw0+C)*_X=S5t~XL3?xFm#UOHvL_6 zYeig%CKr+^0pAJjX1tG)qOisgqb*aAthWE`Z>152E@>{x6E^1dS|Kx!3p^Ud3{Fa) z7uQDy&ze1awwyft7ueavwO%tc}AAchz;a?oKt4m5spe-sU-glLFapOxR$Jdzz zBq1fkp6=pJ|B8Xlr+m1sx>}hKL+}`4iX7=u(R+2r)QR|Whr(jNb%f^*hppzlx$s5r}cU`7hY$A_mEC5#!SFd>LV7YKO)q#b^DUeQVxuZiaOpsvYysr}Zfw?WeEGV*EP<{#GxSjY^sY}a*XH%~nm@f(Tm zX=ZvA1NGA>q!RFYBf73k6Eh|6_ae`<{S$Eg|A0XvvOq?)P$G?(CKWLdhW zy6ECvoQd4bN>#kDhbogi*X3RuQuA6*&`%rlTJ@2D4oX~LxFZp24vBzAQ>y^~DYJ;$ z8FXwWu2Or(SZG@Sapd9**f0K=kE1WM%Pr*&YUkl)E>+vR=@|~N2(3wDj%c>d+~l6B zQF-S@k;ocVYPp2mo44@-DR{C?Q^l+tvs7Mti+9z!#l}=7f1sM&*&MuV|8e)*>A(B8 zZd)Y>Z88_K3x=gQG+wz5--LFVWz4DmwdMp6&RkhkPW;v(xWqR1s0E6ZM)(C3IFjT@O`!h5$Q3J%N|&t}(otJv<@rBOOYhg=Mph!`(4k z9bte6R_Xk0$HLq{;_`IzjMl!FB&)msgR@1WNt7bPw-8J!GCFxx0ZI?8j;8pYS;m`% z`o$||HN7^t&&}~F*sQRq#@H6;dPhdM{8w0xHk&-h$&`d+vYROpD)eBe*LuaJlRWAD!SDh4nO1S|*I-lrnL1J%-c7CFq8V0zB z{MuiBZw_4fzgCytGW6)h|EQ!|ati1^3unQVAC(2F-zpt{{ihmlKng^TgfRbafpq|T z8kn278dh-3hgT|>3^KfVCa_*TJ5Vu9068scN*Wy}KT#37A&(>h1#{j-AJQ)GZ((jh zsh&|f>!c&~SNPovJix&FKRm5e%D7f^j`)CEP~XcKdA&s}uxfVxQMq#k<4>T>bHq)m z2Y}W|^xC@Vd7>^6&kemnbnC1*=v{Hiq#qAJ-10Kq%~}3LL9xf;vfkCy%)m>mF#0QN z<5SXTpT=i3k_^I10oKhoh+-Lj`!Rq&LB@oveWj(msjOaJGmWK&e}k z(@{iqFwah1a1-~P0;)fpDp_+|FQv>#q|lRcNO=}v+n9o9+vg9*+TRkBctAD9AT?Eo z3tr~k#GiVj4t>DPSy`kpsX9qjMY6zjEvQMB=Hlxmx`NS-rZZ??3T!s6Kn$EkQ))v9 zRPm2FBv@xOLwj;PlkDeHR?r>RTnZNIEG_YyTjfEIeq-`=2wZ#QsORtuk%z zwQz1x5qH4<7=$f`AU;?;{`d$EjqS+W)jwyX-#>Vd-|vX;e2%X{LWXOqGHdIJS+yt}R~BmN^%Qu_%bYmd|egv)o7p8};d)MxVR(Ly9J z3dq2ssFE}w-dZ`MFxhDux-Pla@Ze?p?~JbUq_+s&CWQ9w)eMC+pRw*c{xbV4(BB^) z8m@6_vOoan8cOcF3PyZ@B>%YBqNQ{jlHhp=FcM%4^~m3$Nb_Khws1I6Vp_zBdg%vw zf|l36YR+s?KJ8~TtOK36_c=@$^>MN9sHJ5?x|%UxesuVV@`kpen*D{XavwV{#9Z?f z$>h?!cni=Z5vW7AJ%-1B;U*-*jGs~b5$`vykOnwPs1(UV^6AlspPg1NAj+QZ(%*d}gCd z_t>mGFm?8QU8RKE{a{sqoOk={oH-nFRG`hz%yu)n1&bO?I<9k=FUwD^$HZVfs20~k zgWI5pRl;^_VQ$snhI8(OvJkdHmg9KcD7Ktcbl#cNM`18KE4-gEKT)4Ou;g8GnIP|A zQ%XPC`7&UN%kRphR+?O1oK~@!ih0_hpXVT=%9D2^BqPq#Dxf(o2AtL~5=U?>R zjDohzzYY^}+c+_z^0-xsrnb4^0_onZ+UFlG$?dzO}jtNc6wi5liA;*$Rrv<=BNuhPt`S++7<%np!<@~!=i7r9)s z|G%_oddmnlD(K$#Fnrv^g||NILz3bS%^O@_%4owySR``5}_OCgIeNMYvTFhwbAOIa+3cw zdL_u_XhXp?G0YSV#}iqj}>`+KyXZQ-24%ji+{8 z`QnF!ejJiFS3bXdJDac%<>vr47Wk|?)qz&a)8tK95)8XUd?xe_-IOkg!>rsjH+>Cu zVt~vpa#9Nqi42WxWVg7TdV%9*xLb8!PnLYxX|nwnV?kGzOqbl%hbmT& ztatfJA;VI``>svkce7wQG4aj@vWPu9mM>!HxK6L2o^tQg*zS^>f}3iKDyE8u_8&>f zVa7RP$F=cYO>i03vMS9KA_g9kWl0#{5@MML+v%0=_pww_8i_d)AvYk7Fe03k$YUN>|u5t!ayqN6)RmG zprG4fZ1nBv$v;1xLN07okflEQi|6Nu#?q~2?4Cy$qtl8socS$YpDDnqNojqgZkUGU z;Q<-@E>v#n9f}#-y7fAeKO}5>{aWj|c%5-JOHO1oEoO%@cs$W#JY+A=QyL{JpK%-8 zQ!_#x)%+{urammPFP=tLVvW3tFzaIL{nX&x{|9sIYiiPX~`&!vctuMpK>q%e?=($ zZ!ST#NXnIKcOL&NmsQ&e$EXPGrN|BWEZywC_g(zD*74qh^j?#L0?)TI- zfg+(AW=eyk6v(t49c^IXI1Yq0;dgTqWfXEB4Q~qdN35~CJ91W}VeXJf>dajkA zlwA!IQPk8O9SZwmcyPH)oe9u!x|OnwwKbc<2yMo?tt+>KBouTP51dHfDX)(Gc7OZRAM(S%5TGy`yLeaIMI#^fe{jSnZg#%NTU#3t=Dsa*4vCj(h&<}(GM5~ZElHe%Ptt*$nnJD1)bu<>3E9uHf; zpcG!=13DOJavO`F@@gfbCpLGDhX?1!#s)JQu~(-dVTha}N~rNl8Fy)0>P^=Dl4^=! z=o_;+%uTDFGy3)Ox94_yj+k&mT=ftQ$79J2qEwYutGGdcWJwNv=PYxtmu5SiAcl6- z(z|4!nOMHMG;c&T%;Z5w-}AioVi5z7OpVXp(9%cD^i`PzE3J_+zS(>QvF|-%o~UK;fPMjzeVy_K<~~2{k^SyJ>{cUFrrE~$qJzWj zY_?XgfSI*sgQ^t-usKm>>3qUc8{l+mKnOY88WH|vJ0nA!wu$dyz=$EmTSEE8BMe=n zXB-z^>pSEJ=|R@nOQgt@1+`ycZaSeUj1ph21+>a;fBjp+)X*4G;)AmYRdD>Ucip8!S?L;WRA3p79`}d^C z*5}b4bSzQy;@^X}pH_U~%0>GC9}0}IW$QhS~n27sDV^|*uz9Wcc4=YD>QSH>t13!DK#Q~q++0GX&SUNRZu$HE;) zh8}Us`YFwUM`Gf2)fep z6jFF)nd#?|8FLG$=5Q%>RTtfnT2#5NHpIp$gM5sPzIqnSyt=To6NKIH2o8|gv3naJ znBTo-q8@@SU4d}boGB4t4^V=9*w3Ac0st#0kYA4dTN%$|@<*kF(+G52oMElf2T^a! zYsN`r%U3XZep=53Lrws?{dVQ$+LSEC*L#nH5jWFdIi1u|2;U}I7Fq6#YAe*f7Lbjw5f`+dfA zGtVbAdSx#}|GmK{Xqe1weuGnZ7HTA8c7cyNJMLW2U=pk)1Xh38LX ztAu5*Y~K8$3C~0jgz99>W3dormw;a1!QM(TF7_C`XOxzeC)GkjvYVLyl)<+R&vb%aFS>=aXsL?3Q$!c9dTW$ z*hoW(V`^tiOWqvch7JAC8X9VQ%V?$dMa4CN{3**zHFl8AGYajL>YDB~nwc*#>NQnR zPVa#;Bir?+eb+R=+Umz6g-2=>U>=4Ou+PaOeOrKKX^z$^sW*~=dX@wqt?!HneB18g zyjc*ajy>6h?Mr{uPL+w^9~>i!@i0Emv(&K&8okhSD}|^jpl4z%1&>d28Sb! z7teN^9Ii_2D#0&9@J=khg*6lNKkGZ-Xk0Bs7bOCIkr<4V)U)LgDJS1~RBmnL&QX5# zJ8g`cPb|Sy?^^@r^JIeag-J;cy0nP0^DOb<*bym3j;EcXVW(aFw@Aq_*XkIov0BK+FRDv)@8n*KGNSV{w2aH?<>e=K0VZzZ&8c{5U%V+M!}qP~&aziv5)t*xfNX z-G1z&|JpCy69qEx#2m8c^ItCUHy~CyPYOpUGWgqVlS72)x93(qx^&nt97%(slfPBi zzDo-u8#NX(tF89afqqo~yu;L0W{%gj2Wkb}b6@KG)V#t} z;iq`es)V;_@X^&qpS1_{IK2J2o;c9f`qpAg2Ykb~KO1{f`kk|q^Lcyv`wrGEI)^2> z+u`0U%fsCZ#^zK6hB>Z?+zEf14RCd3c{Jh0vfP_6hgZ$c+V+s^DfQE% zw8@m)Y)6KK1%AvKStshU=b!~doIZ;>yPP{uMmm>P7?0jL^`>nVSOv%U8`QFjtv zlI#5%Le9>;o&E(uK|ntc=NM?|R=3;aRzE1h6{9K$+tUi?e#=|&3Kc8*`b_jaQFKBE zJ-E>g+QE0JMv>pS6TagP(3F z$v*C(GIK83o~?5zpJ;MHe8rBs+h%b#0uf)Q@9xrEbd7h(&es&9qE?)Pxc;EH95OX)Mg1`5^hfcM|_j|lM z&@ehea#b+U+K#PLDM)&hlM+3Ta=jCkL&km))c&>0vyY3#s$eRd*P2>m$miHl^liQPZQaFpv0F5yyNo#S4!hCxS;qS)2kd(W;` zF!&7g?bl}?Z-%Z#`+x50aA%T^gx}TKv*27Nl%x510ve7PaAtGArFBuAZmv0UfaThm z#e-KWw(ujKetNdLgD1u<8h4hbrlQ^`O&F(Y9LTw3Xp;ZIWnP;i<9ro z^Pk@K33j>pV^HnC_ROF1y6eY}X22hKz;wmmo>_{Q=S!olOO0-rB`*va|I~i)t}3ue zFiKZGwPg7F@X&0oH)_IH9y_0Nr$IycEB(*s%hG?0khXuVo=|r(OArj~suIHAnWq?i z1xkS?L2P<`&sgrT#HDDbfGbud1DO55U3NFB<&EcA1X+ZAHB5z~JK9wP1Z(M)>6@Cb z6t~twZ&ZZGL)tnS|CL8S4>-^k+}ni7G({)v z?D>rZ^g^`G7QLvh&xqEH$%mux<%?bquhh!Of#oLg%~aDYT&RuN1ZmMhS=7hRYDg8A zcZNH2*IQ%Y7lFOqhs@Zei$&?PZ2B_!;R`046poRl-toII|MAlLHP;7p;limy|0@f? z0`79|aTKbp+ZZU;cG`kH3w7~hX<)v|{A|=9V(8O%M_bvaA6}Wi_i`&4Y@axJ`E6FY zFq2Z+Ocle^3=2?B@WnS%Uz{w2bscvUW0n}_mQ^YxDuH?P)m<~$p`(mg7Vw|FCl?+i7 z8}KJMg2L0zdU0MH{$XAbPBxihx1{sh(wcfwD2rX|7u?S%0HURj`r%bWeoaGc_MmT_ zVsvZFKl2o~xp0QvO`pMEL~4j1lxFF^I9O|v%`7DAe7*PmS;M&(x7t!bNV$`v~NY$HtZf%pT~7){NU zn#Lb}_x{xdd;K-W_zg39Bfra}ny=IM&o}6_NSY3~V)$Hh3FAtoL$`huw)PtFW4rCF zm@kBqH`d?bgol&u^1djqyZN8mLNl9xx&GaMqHOq~6{FBLHPv748mFjNzAg6#_WN3u z^CR{B7>d@U4b;1dRkP>8b&=nOmYO@7SWsW2-JRPu2rW+#mQGcV{7@3$o!nY^{6FyO zU8L!PGY>AqEWPLC?VOgAL>uYT4o?2SMfWGFbZY%)N5xqEwog+p&tAz{9wAo4$8~~x z2cKks6NoP-6Y}8U8zyqVFA-H&eH@kAPkNI*_Hc2BQVV?fMhv7eTgp$`rT!D(_|YR+ z=sh4R!N4yd{29MC@s5VkyB|dgM_hzgV8(Ndgfa%s^K6rYMkf)RJZW8#DkNs*>H^W7J9O)=4dbx5?KM_ak|DS!;A6W(6zACR#tYpU895h z<-KBH$$t1M=oQRF&Bip0aI11mItYEk&{B4*VlN8bo97QPpR@G1=kc|sJU3i87?WCo zQ3$AL`I8p>BmY6M0<-4&vb3VhJ)1956>>hX#?ac8>Bb*s(q0J~C|cLev~CyM3eosA zi}v>$Gg1K{+}Q2hFbl%YMzfulATn_<>hVtDmf`=mYWv@!99u)K$M^y= zo-%sM@zPhI$?qYuFHE*vc7O4&USQk5-THxzGvpGxLoT|ka=9P56v1USgliUXaB@4! z9Dd9*9H8v5I>_2T^lRDMpRAB+a(f2u+~W)%NXX$QTYc`lh3zG&fowswMi1vXz?NoO zcgsHmet>*IQ68}^f`{LP1UI6V4^A6JWZYo*~Jepes#+RRfuPBiBlZri0|f%EXF0&Li&J;_M<`;E|> zSp%?7yLYZTr4Txbb5VV`V{D!=dB*(I=i9b%+pslsnPvZMX+Kg_ ziQdr3QJn?H@>2;_5p9HiemCC}_Mv&S{^WLC^%L0ddj%pf!luxs(eE$T<=i6q(}Z}4 z)ek1qE?M?f6zIMC($1?q6H2l!Hdli<4Al=F4EZNZODOwmO5&U0?!}g#9YSdqt`_Xl z?)b4H9ygj$M@N95)l67p5o}1Fu)A&uKMxpkh%U0M7;K3To{}~UJM-05e(+>gbFZW^ znKH(Il4KEEDxa4W`MJ~!wq)FN)~&p}==JV22XgFbwxgYPkvi|FIV(z@-rF=bjW>+H zN3*>-bJ2pRn9HdnyVGaWTazDa=9ch`VNZU#I3Tx71K609M@yU=xDrZ|lP>x^2*P9N z-yuGzQ|!e{oAZO7=%6n3>?82>{gpFY zrM#eY$X%qK>(75YQ(lRhldNO$y4e9=@GnbSXKLT^WqW-neJL(^1MrITh?ME=OC}4a zJ6Fj|^4A^E?oWtr;I5yv%5IQCu!71?z5^N2Q{dy~e`~*!IZSIEhn}bcij0$3WX&E~ z9T>R%BfYPZ%b~nmaRJcHpf?XVQ#4|J#jw9HF~5 zNNKN?fMcf;DcT>d(kGc4F>cvfy;%ntqQ*8PWTpp>>03wwf3PI&LG08zL(1X{Hn%uX z)%g+X&o9Au6BV*hmz9P9V1U^}hvBSG)z(1`-97;-wx+qT+roZ+@PAyeIL4zExWfX$ z%r9aOMmDRosCREC%%Sm^poOW9v4Jy>g7On*w&1(*LxSZBzp-D(0t<&W&WcC4bSzr7 z;0$xadEQ!0X(SFQ+G;PsIP!cYOx|7oky{On;`xHumf8T!h-uc0GOlQSw6^UaPriXjXnZ5Mq?2Dvaw>EwuhWqv`?VuJ zIRa8P#?n2v=z3|lVJY>8-=OlVzl79rfBvAE5u1yJ@$UA+neWgi%dFWwqrN2?Xu7i7 z*Z+~_jx0OM!mUPjo6i~>ONTo(H5OPKkGR*ekP;jr=PSqyb1gB4TGg2!J7vqgig(S}7DM!naUbdk z106Jj?P$Z6;O7bM=8mAAHW(p1HBK9(Y5(aK6QLQ9cq){w0fp-xQhaH5D%5up5B_0(f}iPjeL-Wp_j^ z!I$GDS$DVQVs{3L+APV&+*k%jdDWp_%wo(DgocXdP&|!6rnIcdek)tI*Po~&t?G71 zcF||G*=Q|kY~qo}!=XFq%T#T76@ylF+nm8{n~eC3V6KqqcXs&HjcEJ0Dpds|g*>lq zMp_=TA+~duZfA~`(EqRqij?}eWuEOHD&R)SGQ0pIPTu0`&c+-R$C7BMZcavXy}|0J%9%nw|98(6GYDQ@4ZE;t6vUI8WR-+?9g)M{P{Yq(V*%Vk}^^2c9fgv z4_T&Mr~xI2l=KcpnF6Bk=nol`RQ|6w-FxuEA_}=*nv3f#+9`Yp11NY+v`BPkdSFy7 zC44m14*3$;lgjS-O#xxtZ%Ajjv1#GI6i(hdazkk;4)b`JtbUKn8V(>Bwt#LGF-c)@ z`=%ULeOJGZ2(XyHA9?M!9d9>g?2tR*%Gm`D7ian~@j&y@kpLGKpe6L#u%_>up;sBF znPQCvOFAL-mQb4(^Z97oT})q726GP?Q*7KX9*<-AoTucb33E0LY}i?+%;yH25RD*W zl~z%5I*`i%Q*ej(`;Eb9w+T)^;sP=u`eI*zrL1m!8`&>fF*^9TqZUbGR2T)do_t5z zv0Bcb-wTzh|-;oTVmj>;GZvt;3oQ-}e8F?hvG52+|#nhA9F{BaL(;?WAic zA>Gm?rPAFniP5ce$0(_d&L5xW_s!$`{JCTMW5==geeJr>>%3lPQgpyI{avCj5NFpf zVBz%^9o(At35k87Ky@`-qDJ=m#a&j1vOk3NXd(LDjbNsF&rvH97yf5zO8c6@y@CNw z_NIvRZ{wbZdjDnXpLZ%LqMI*ouZ8rYQ%!vx=0Y$+z|&u6&}+_)M0H`m_-`)+&BeHg za>GB4&C<%TT@CU8KTKYzi(42|lOAlQV=PG_;M9|q>Q9#s86CB+Y}{WcUHWJb=8a^6 zqBFgx)#N%1;cwBzFdo$XIq+-huwrI!Exui2blkS>@GNJ*)mk6O3_j_>(kQ@AoLLG` z%}%Y(2XvC(kY!Zrs3KdQ2W9A{>0$+F!{vudh?(K5QTcJ z=ltfz1F~K!qBmPuA9$T$B0MG`46nNi^TA~HM*LYb0a{kJY$hT@PWh&aW&e(Rd+WIE zM9|6x{gN(HJYdH5h{5B6)wSB0iV8ZD1PGxED(wzgWo!iHgam}fq=XKCdd+?)wSCyM zI6Jjk8Nd<0n-mjyNSE3;wVeBkykpZo#66!a*oa_r=T8wj-y0GTST>!E0hi)B$#MdY zuN}g#g%0Xl4wJ*HgQKT(sb>16lNNu9!37MBA6+6t(yO0g%k(xR#bYlXm@k%P*r2>n zoXpNx4ZkaE=_Tfx{hW@wqd9*&dFu4KXWb&x2;>v*$;rnQ*%}e{n}&;God>_4u?HUZ z!$&y&%{C8aB`kisxHs>3k^&_Ddw$Vl3IaS+LeNM*#juv@yJpO^_E8 z+o<=-@+&F4>tWKj2DNV}tvaJ8k8cfLsKBYF?cGo9W6^fXzwcvK`JMa}V;(bER) z{-O}P8O@u!L$8t7hR^xiZ&7R?B8~Li7hJ0qw4y7Rs$Am$1DRNO#qjpkENF(t>s@as z?8Ubpzn;&R6+IlTUob@z1La1H?^z|ATXjA)Upy`~EUY+l)gYzaooLIJpW&KmAb_M)s(Z6u9AXW9o3a zpS(8ZkNfyuHn_GdERNukpC2M@PQ8OUE^+opJCok(rJ^Ab?>E;Y9{NP3D-&_M7q!Pl z5FEFtp@6kQE;&fC%hp7zq1XeV!$j|$)OO@vJA01pnQfN?b+mun%CL~zx~=9p`6D(a zJhRzSsQHqG@Oe+uh+$*&)MIwQ(g?*EiL>oddeJE`)2YF*))!Xv5}4nxCcwezIji9zB%S|lU4DA${9)okTFKb0S*2*+j)6;V7I#-X&f8Uj}1$qL^M+YV&j z%bRL?J(#%E1%*Ljsu-aLCv&`?J1^B`&mQxCEx@oc#xa6xI(V5Z;c)@!@vy6f^R)p7 zEb|hESoZ>5)&+v!&H=uh;!Y+iUId)YQ{?G)T3HbuVSw{4%a6uW-%|Xj9GldjrG^cc z1qtB8ycOribEin0vdD8!fU7o1kxkBtT+EI$O|n_ftX4nYI(+fASmaHLUgqkp0<`B` z@&CDb8r_7Rs%XCzeel2+yrCOC9%O!e_JMU^-c4PSKA za*&c74bu%P#138|kV2lUrj$(oc!JWS5^`(a3T`nhym{oEgZ=N=OigdW;3S|8Sd1kJ z5x^v^K8%z;NS00#JKHS?908qdr+MqUeJg5?2wdMAmXK*QjP7+KypMG*&l~ygz03c* z{WJf!4Y$XJ^)Y&7appbxIyl8NE!-?-MY)j-MY-!zB3Fpr zZq1X|#-0b6&D&<$mNb3ym%S=pywNY)V~?&miZ!5iMn`Cf=Hi<}&61C5U*``FZgs%Y zC@U|!&elb=%2>aNkZxVq0xK`@s#;x=hs}r$ur3wKf@Gg+Ui{&-qVla1{(M z+CK7#X%mr4)#A&tkP|9nHN;-}_oOXN;H|yzZoXl$bnvgAcCNhTL@!IM zinfbXvw@Bm?<}D7YYo*gkLjv_8y0h|G4F4K6^xkd-tFd3g}}U`Duql1A@!HR z??5ZXC{!i$PR&60-ebDI?mv4RbWEc8v=;;d}CCs(Wh0u|?Ie7c`?a+hvEP?7YwHy-0Eiit9HPGW=HY^yPh%f*{O zNNKSVi7MOPN&1Kwv#D`gcsG4a;-7}E-a#``Lsc>R`CV--92tid?siSy! zzI4&yYBK@;0J>sFL>JTZ22Q+Q8|k6&8ugjEU{`S%QWX4?Zbzxvgf3ky59$Fz8ij@? z$Xabhs4m8kD)i&(0)&(|aNIIEr4(WuU=4YmW-C$cX!L%y|M za~l5%`6W1yY3_;qQ=n#zq`*saauQNZ+LmF>1)Fg8{&V0!%m^R7T|2H%Jb|PUEVc+_ z-RuFHd`$p7OM&&AlhZl+ut5qN+Zb8*qSM`PmN~;SA!AQ&l7K%igmOYQt3<6E(yuvUyUZm451*RMvbg z9@Z`1i`DY~n~3m(e7`D4qYjgdw`Af=I89E%7TuT0Wi8N@<<$cli{A_C4SRQoK4)XS zCsKJ_t3~Ms=M8FX6-wj4Kr~e+4V?VFq;5Y#lwho~yZ>ay{;)w5Zm@SSKEUWkr;FmT6RY5ukvgz$Deq=~n55oEm|-UmX}}PDV$Oa> zg}=9H_uv=FA3o=?m;2DpzxBd3SQy5&uW@em^efIxPTrK>m>e~VW=O;ryCw}_Q52F6 zdC{0|GOPVc_eHs9(!2UKU!h8DKY&fyn2*ri8En+1RT5W9gy0!7569X;uSp6GkS9t&021>g8;1*pw+S*_LGX{Pp~wFo`5;hs>QyAOj9||BWu}JE*Vb!VzCe z1<)f`BzI#BXIx$CtFgdx5UFG{yLrA0!cv{K17s%Lmp{2GKTx|%WRqzq=)&oC)daQ$!g$>ECX3IZ#?Pzr z^5(dd2Xg{5U|rUWxR*Uf7Zt6C-1JJYw#DDjXZsx;(L7fKk`5Hcl2AJVnSg{2($&JF z<255tKkwLu4K%SsE$GPP+aS#JDqcTR_f&qJT8>->E zM@|J!|4I1XqZp4YCTmO$(dL?U64R8S=)n)LW(z92%6{p@nn7&7E`TNtP@(ovTpVS1 zl>UJ~2|EX>+ww9xQ!L-chEzNJn;*uE9YiEj2rH#YSj`L}$~UY1I)q;$cr(>M+%7k| zyF@s#KiGnI0jh3eUX99H;Q^wLI?9CN%(Tx`(2ZI!YB4fVUIA= zAqL1HQT6bRV_76gOe-<~YI^*ie2hUB6Ze8zDAP(ngxxOyc5)lwD8&+cnA^K0IRF*n z!%X1kW4XI6vnxZt&%dYtt!wnshFn!m#sq@vl4HoMtqh`Y!{?N?OMc*Z1jax;;iq$t zm?Fa43gz9l>xx8Qy%NgvMRvX8d~WRk$5h#h{eVGT>Abx1RYU+#vO*)B%OMnc$h2?f zLKDnIxyHM0aN1Luj z3CP!{LXNVXq2;TD#hBijBW7x)i%t*GdL)GsFDRlxDpfOKFT9K&G|?YI6ax~!;D3qu zv}s{qdmkwxI-_^WoA??z8_ewhA(r=TUs$9E#?ZZI(<<+1~tKU22luhEjYAR#Nk5iu>E}ew@&Y&hMtNdxc&szQc^?bafuGsSS`jvpGI(fbXBb1bu8-l>066r#?YZ{vm|*xb~?n? zajrd4^fBh4ZxOU==&=6P6J;PQ03yYLB0k*a8?b0(R{Pf!3dAL0mEF3*mOFc&WL>0$ zK0%Vs3A%lpUy^l?dThlGa}q?H5=5f1W7-1e1&2)SNHgtrEt={tmb0p*1NpA9xR~A~ zE5!bK?{v_MD?=@trk{S~E_4^yq*g&+q719vj63Hro0m?vC6;@1{GzIXs_io$=T`Ga zWvQa}i8q)Q#N+x|O}*JWd=DN?Sxi1UGhpK;0ssHrr|_R0;s3+9uuOt0Ip5fbM&NbD z4h@QdPMaA$`So~l@2)OJ6zN@!AhVrH60K(?4G}0;`{Z=q?e9Ir$9C1+vkPeK zVVtE2`Y}k46VA{$p|9XG=o?!4R|A0>_4C4k+&Pc7$d~l?a$kG}#cUC2o~9X?IzP3! zp0QN(3rb$sP@wH=31dMwZ-(wG>Yx(pWD2VMWR-os3C1Z5C|3u0QSS4aP!66yEFKf+b09zv11)hQ=eWNx?pF2WETrm|rdo4o0%-%#NK74dgv25SK- zYxaJP@VOga#Tj7NIB8MqP8ef!5C(C+;xZ4W=Up_Y0V)PlCl><@3Qe~vO-c1nw{y;c zaBS;8Q1Q^e#lIBj8-FD?9@ee`zy8qIdkhrct?u8N_6P@{=Zhut0pB|3nc6qzy+)#h z0e)NZIWxlutVo+xLPuEuv7mlh*9PZV_EfWVnQ*Y;U{^Vhin+6)_X!~6xCoW^eD?nl$JsV#>6IK+l}VUSyUD z2h?uZMv3m13kE=sIwc`TAse3aFV7etb8)8}B8qdJrq@NCi1IzB$4kPiW967 zKfd-gAcNI1yHgKf6hLaQn&-{c#0+QFz@Gmm($Nb1a)qJl5L8c$k=}-D@X>V=X4Eeg zIFzKu*5yVR(=?RJdpBF^u)x>;0{2)8B(I)bNvMjAOq}zWYP={6%x*00oWNc4DF+Mbs$6nzEoX*)VTq>&o*_*@a4@alHUP;of(Nm{keb30I<{Rj4E`_POa9H zL&^jY=gmkU!H^zFxYn&E-RX3Btw#m%P%q`=T9mx|HR5o8%<9AZW#$F2{i`mY*CG=ePV> zCzOZwlseD>KfML}Hwn`#6ccfNm`dBAG{9M*CrdAN^5I4oEPs4cIl5w;`&85CuCVsc z3*1Xz5Q+&gmCI#FS5P5H)8tRrzDr@u;#9C6d!<~+m|*Y2BWM| zs(lgy?g|dWx*VVLm5hxzsRoJDc+AX|+jH3WP2YdjN*O77rhG2XrTD)(oCAIX*0eVe zC-GlM@qU2Kd`1bjVmU<y(v#S+*9)`~)#%4VY(@&SzPa1= z&tu^YwG<<214p~8?moRObLEJcJm{5HDplAeAd zxHNBWoN+ccB_iLszoA4XH;oRZjBdR3Ll|7X^Oa4Mu2#&EB0#^#m>;3WUW=&y(JW$P z1Rk^__^X}BH1ul)x6Y?bQaT6G_%u3vl0 z8ludGnmv<$Q$}qgonDGExB0V68#=b1Wz=H)(qMA?Fu{2Ziv5V%eFQq7)~2;sz1e4Y zN2uO(Y)4F@P{(@{24om%y=J_hrVUH7CT5b*QFe@?KYRosBEABYA0~Umqzh=azSki! zA2>gpU>tE8IeI%!yIQnqtSLtvNfhyzzt1WPG?d(a+@Qbd5BS!#T!e*8q~+|Me@AnI zVg13kqZQ3k=8ungiTw&Q3;>_BSi)TeLZswQYdDvkzs1}6SRC+@qLkBlE9$2d0czVw z|A8FNqS7aGB2=#jdE4qz%8Rr%U@bZz?;kZuq&s1r3X+rrGB9cI;C?!xlv-7mBsPGgFuSg%7whyG9EeYU)ty6 zm)=Jo!aZDGdEP!sIDM{XM-r%ETcV?cmsdWm8!ZiNfmZZai5i_nYjcH3>UyJps4D%I z4yRPuQ5q6(dz+QA53U_WrOw}7Bz#NUr$2tJWok#MZ+uvxZR z{Alvs50tI3d*Od^@jt_ztW7GMM|p&4XvJbvMtrwgq^Jwba8B}3y|)uadWQS$8NOTk zD>r98k34_#M-O9bomRqd8g=KA`#918{m;2(cZpo1^J_JP5gIe{{}Vm_@2Y;u?7k{D zKmSmp!@f?TF$wIiXh-e=-t8l{ww_>1OK;|3X2{*`#%Xzz#(E6NYYD1rQkr4n5b^Tk zv5kEHxHI0=6N5^?AiKmiXyP7pu83|{^z=MZHRRMtdwcV=+KG{d%mpF~F{+@oi<>EQ51sbx^;O|2Gu^v{&`dM8gFaqpq=K=&6dK{;|5*%H~1vFJkH z%ieZtU6!bo?-@13un{)imd&!-j8rIyEGj4J<9RGhaPb{R5MgJR+)*yAg6un&!I!za zA3>KY`5F;k3YX$gl(>zzn8~G&pSM`xpsWXFaB|C~kE5~R=%yDehx&Wow}wxn5*yK7 zn0dEPxo&v5y8RTq6@2#Sn>5@H=s^CQh}K|(E8fWAkdxthFMj~<^47O{#50#j6L(z| zV|TzyK*Kr})9gB9)Y~YzIX4-%#%3XL}xzO9ZAE>xD&yPi3!gQDXkS15|znxAe0K&P&h9) zGHa#{*@iG1{+?!ntwV-|*_wv=o%3yi?(5IiWbw~YL9Q$ByVrc}Xv`Hq>y9l-Y=1hG z%vKLD`Rn&jl;>a2GUroUQ~QZJ-!y3tJ%&gB`ay&Dp*Bc93W#4XHg%8tu|04g?NhHY`fl=1c!w^i*jYY07$!o2 zz4@vfYkneE4KodF^2#Ug#by0Gxw&u%Hn!@T$TZ0l`#%O7nC2ps3r&r+{ZUR2G!*tC zcqOy`FFSD!wwz4r>}dtkE&!I~w-|IMv9yFV0suo`0MKuu1Dgm*TYK8W#&D2O{rP^3 zMo}8h9%5)uSj!a(hO<8fm(J2CWg_C-iD3BOiO6i$m5cxr0M*SADmo0*^KQk@Fd;ffC|DteQlP&x_&U8D z$o`hcFJ~E89Q$Gi;qFriSmdV5Y@{?Gw71*9y|tpi&TP!ft(%J+aXLLyG=jDXhz#js zvv=)3oA2+Q|8j9wj+N}8E4#eGkpXpHw#!BZBT+Sjslsc0MxW84)wjP9!o!la%X6>L zqDMX8Fmev1E2oO9+~Z;!mB3-YroX!FCHvVOB@&<*%lA_GDZ`S%YSslktYuVH>gFQ- zp6dcI;C{UCFS*wyX$9;bpxsXO9+O4cE+{^*`(pDw! z`))Sd-{CHE1w2`$_PSK+v0 znQPX{j6{A8D{)--r?K?Ew0}znL!7XhbiGE)zX<`odM&F?j#{@{t=yu(_PT~EU#8|7U@Y0?KqNg}$s0$iuD&UKDOZmjP;*bBD zTICoNY8;vLMEmXgHy3}Oe=TO%#09R$+fnMlqds*U3!_x@38Uht@q!lBqCSf@bCA52 zXck*$S>+(I!P<>L&I*rWvQo-Ri9Jw7T&8*{eH= zTD!1qGk@LrEKt~jYpcYmPkGRyf@#aApPFX#;VOUZ?A6%V;Pk?mBW}C*6gDg^{+GW0 z%G?Ie$F~m9X|Tb8H-CF=?> z;RrnIklDIda!djMoa;A6B{5j`zz{>fe6^QpzMTj2j`G-N=xdCWS-iv;K$esA0P@I% zM;wxi{R8_s_SdcSK*D3fmGXz${4W>4)ow+=?WIs7#-GWtx43HBi|z%^Pr?I7Z>;4B z^hd93MlqsU_`25Amto4rZ>jeg8EWAY+kmd*P#&B7@|i#E++7;mavxq!H#U#1Ux=?lle=Im-`JSNA^nyKFHI2a-31DJdqi{tf4G?3fIrhl`%5 ze6c3N(1bHO(|S$XFg+&;EW5Kwg(~Y4-EwbITjWNvs9#~g_{=IG+Nv{^gE6vuelf;++6orQPs`e)40QHmtzwd z2c!s|(1=2wLmMm|eLV>WyFvy3bw~(X+^`3RM{l-x!!mPQx!AFo>F=PuqMmihZe&?M z=GK@L+*O`=!?mWY=_F@X`Zq%A8aos6gX3;uSqb&wL}Y5npPj*hIvhuE7uC^`niA!B z@AG9?Uo7U%fA>h`@BQDS^7xi_o?W9i9u=bdej%Xyi*~T%^t6$+mZ=|0^xp*E&4fh> zDE;?#NF5`X?UfVz>fJ(?u1Y35x1$wcKd((TCDwI!Qm!mFfjuBBCLLyEKTQ$mORJ!L zOo!=ALAkqGq%eQ2(D|uFPdzI4K-uKkWWMZxsQcIkuEpe;I-*)KUf*=~b+eu_Yd2#j zal~p|wvwyASrV$7XVPNPrs8v2tDDu-b1O-o-x^5XdGXgd!!{>U8qT3FMAw)ndxUW} zxY79NXD5kUyo0i7e*ncq)#V>#+s|7v>#iEyr3sijW#3$Fk7iT&%APfW!((T%-iw_7 zHc0qHkCbhwjef*+>DN^ImVv!rHiUL}sLsw>tt1P{ooVnQAWkHvyiA6Ev9b5AUp4^F znGNc#4H6%mxnKI8zMRHC6`A*_c_>qxr%J79c|2;}mH$Vv`mfp*{8^&PatQi+jbLjC zBiD>IplbQ7GMS2woL|c1F#wQ0TD`vxAz1!&z0AFxc{l%3I zyj69h%bog6sVYB&)&TwVKh@@xH9f!t6PW3c4#n9G;wP|!x{UL!AK3}{(sErzXb@L< zIl&V}cSWWQufl=KLM$p9wx%lap6vqZ>ypque`6j9k-YeA(iJ;eHLQ23Uv`{aFrB#@ zrHYF3C->DfyY&fcQW9*VksTsl%eYtY8nQAmEpTHk0L(4&z9}|CLIc-onmIP8kjs;+ z1i5R~?NNoG!$MrQFXO#k<9*R&lqVDF28T&k?`b+K7;&RZjlJ3|+(Ocz(FSvLHv|iseMTyyMr~l?Y3hx5T?s~x3*R|V~g@l6jT->7i9N%8<%T1uxR?V@x^-aHdfUMl&S%Wg~%C4EHD|^ zm2KArr~*u4Xj&Af`*kJYZZSIv%dMkT1M9>9cGsBO6iH0Gk3a-|7H97;yyMR;3Pk%4tutHY>MsH-T49c&`IQ@Ws6GE{ATT z&t(FL#4gSKSxjwjb!F_3y2)dw*+N!|;o2H9taZ*ardC}c26|;zM2y#lS*6|=)q@|H zPb0Fjj2R=`)WtVWUGhh%JU0C9HsW;5x;G{AdUAh z!zT8rq=|}`#mXCQ>5}2DfSxpo5~4yiqdJGn!Q#*-yPmzipaZW-nCG~3n8R7AOAA+) z+uqN$tCE~Z`s}n7g9n6cdQNz`zmw+Iz`^hfZ0~-$+4&Eu;wN$5ec?r$63!ue5c$k|C@SEyJkCvePu_e zME8eY6Hi6Mpw5E#O&D8r(NKV}z+qBgS=>a8ovN)i*{$6aJ(_&%5|ijr`-y6z18Ppl zo!HeyQI6|v>`6?WnKW^DPv(^#c7_RNEaGrMvyyHsdHsm(?bA4N@ zF@>hN)yJO<5ES!rJo^ppHnhw6?h(q1{c|LlTU&BE1^nva`^YSgX^w-E^i=Urfp6^U zGTT{Iaj_+zIEZn9*9Q+U zG3NMRUDy9=!pzSkGz$TOgdVcIsr)A2YjHFC(A{pB(J)n51~2>l`9$`oM!)yBXyde- zVK<-MLb-nja}`2rDbMJivUlEg#WP{(aS}W~eHJo~>Be5!G1wSZ*R0IFNHC!s-KDQj zY5Y1^`&$hMTCMLZ^^nLeA|R&~HC*OwYb0&gQuM@ZE$6SCh<1=E8}4^O%>Z`#xjq4l zM9}C!Rg>L~rbgJwP5lO}-sAeWrC$DsPQP$bV&aGV=o-7uq>Qn--d|= zt!v|~v;IL?i_VwhwGhwt$kEOWs?sfLvjh0B{IXs|SIMMzq*RMne3N4r&J=Sc-+yUR z#e!jjq7YlB(eMU$$-Eud-juOO9P@P5SNURhsrk082Mda9iblQgIErzzOz4fY3sm-R%K6YT#hd&%Ap0L=O$H)YoD!5k?hC= zOaQ8NL)K=dD|?6=gAVBz>IYR;wRlFk9*BYbZqw}VMKJWJ1gm4hMAwQ#iQYuqNR}wa z^mCkk!{=p+g08^D*co?B21g9{EbD&)HUEyyxc`VCgqXFx8pKch=0T}SLg5xTK6e&C$`;jD7JLOy)F!0!SN(C3wZ>NN6t z0V(asD$4k5Dr8Xyz2mxjLhHzo7KXbs_>ZE^u`ZvF$x-v_ZA&XYNymJolZ^Z$h2riq{s_%^TT z!v*Tx7oV+XNNwOB4nGZ9BLECf02yLnFYuQM+v@xs{3y%#J z!%gmdYIYwZk3P}E53#M!p0oMsWg)|Oc7%VHN~VHO-UOq^q(mGmW=w*h#zE@?tz0Ia z3R3w?F28&N+x7-MOET7>y1`2Wo`1>|qS6l4TmLxg8sLW^$2wQR5D$j%mz#$<`n7L0K1ZHXk7kK`@a z!ub4;hr9*0qEEewn2Xhf#t*(}cWfvOi-+JelSFP4w#N zTTRPiJT*=ci$rU8GX6e6d=2^(KyhFsLDlme}?SrxTGSZ`)XwK=y>#qLkgnhA};LaK=b_5{A{dc-;ouH2AJQ zMx!0*Gm$l-*gKHvbhWjO1FB|;kD(!T`uCq3QRp^cqojVWtItU6+27|ZLQGY^IkB>B z_~OH_zB{)rbrnX)^^Fh@i@`pw>@e72p;eqsHHjdDN7$n^^Vy~X zT^0^H{B}6=NS-~wXUyUPPaw?+y#+Na&hlz1?o^=;n0V6KurnAk2g8x=4CjDsbO#cKR4)9%bo{7tNHx` zJr=$zyfNbQ_w>m60VW5}#;eR&mIM(cn58`t6@mT?17+UnZO#;{nVV$a3wm$ruv^9GI++bgwa{!o`A zi1)wjxap#j?4yUd8v5SrpF~C5x7s>jsL3v4!+2d7EFe<9pJ0YWKvD8HlhRKOpM3fES6ulH)Xb_Hvq&Y!S}*k!GNP@=n}K=r^=4+PD%qfAWWsWzBi zxWc;Farfr$f9W>=tAqHDjKi6RsXziq$_~(}z1)_c=PJU^iXp{Ic*pY9spAm&AC*Ud z!Cbm_C6O(vh;~wNu$9cx(voTrXGiP!2@N2nTkUT9`^|b>1-^ ziT;yCHVlp-P^j3zqc`=|b7K|oIKeTibSeMp7{DUp5_p)tHhn5#czA|=Ti>Dy=E-d? zkJC5Hy?fzmBX3WbKrzs3-A2~Qvqv8*@ZX>_j{?knJ^TOe0TDHypYymK2X8L3E7+cV2wF7r(C-HR6nE~ zdmgy_IPdi75$b!LXVC!f;i+g7mcHI8SSz?#A-!Ai6R6XlS9w~TJiQJ;aJ;EK!3ws! zANXA9+96?r}792-w&jdlXc>%D#(H*1z=4(^DR67lpG;D zPAq8o)VW_VzEPCgm9ND36evD9t5#ecr|l2+;L~s0ymdaZQ>%zx0`LKZN3c3Dn@H$H zIX~bt@w;WUJ@A;5!&Cga3b>>U;4EQt_7!Xg-94Uz7l4R?ySwmPXOG4cf6SAq`6LjPJ za?u*zPA-^v_Pb_lC^Q{ohD7iEf`)&azHJr|R;iUcZ+e8XZti5M9ko|};4W8#H1Y3& z82{MyeobQo2)HyZ2Y7iGxULBP2zof4TyPCPcV1BBTR)LRJ!_5)4N|8E34>5%8!Wd+nYMXu%qb{7+L73|)G#R=q^J_q0<6Yh1PJKQ7pWxUEsct^8h@NNB)2ci z+t$a*`WVY)I|rN{H@^v2o$-7!ev$(F>VnZLKGYT^su)Mr-(UTLh9R4a`Gg8MHdUAs z=Cjz19qC@-w$&qX@MpjPV8;DpxEtHeQ-8_B{FQy@j44*cH%T1Ap2fG@uP|lBC^Y?% z*wnB0A)7ChU|UNVi0vOv2OfwIa_Or9hIuDclhKY`WX(3EdgT2%%y~^e7dw*m_VXv1 zIt*Z7yqG3Y5phR z4WJgFY0p|v{l-wDGx=h{NSbx!WStso93M}OA&{~D8St1|Gp$9FeQ;jWToUhHDPez?x_7K`gq7Zmt{cyC6aVTkI3*f{uuE5%>L&0c`}C%laD z1w7U6GAIx5+rke-<9HgmoXAI=y|iXNRum0=9y1UMU6sa29uNVyHT! zy9*(v))=tFJOHjzp+^@~-e(b0IptVL7gvtw&R+h;AqV@m{TPv`3uW|ZXgQ*(Q+y<$qKsVoO%okqkd_DGN-_?BH4hq?0=y@lsZq8`o9MR zx9t*|ymas&*KfWDkB@wCOavz01KD-H!{>D2ob1P0!lNDsgONPTaqy&MnE%hI2tG@| z3=_ilRVG~0=I4QzJS{>JnU59)C?FHP;%&E?Fy_vazi}$z1OB{7qG!+V!~fc%K3_8) zCF2|N4r2jY^ji(Kcpv-;ip^jyd(E1zj?6NH zSi|^E`?>MPzt|G!V2#rWXm^lpF~6uw&wRT<&Uz4lMRJiEu{Anb=sa8g{?BZ$=!<#= zPO^i0sYASQ#(+=uKWi}cOl-y= z1#J{lDd2~r^sYo4xdEQWuExLi*Cx*oSZXI=&rM>b_}%Du9OD~%N;5Fb3?iKP%t^UF zI0qtJVa70bI31j+&h9489$E zG4lu@^yqPzn!UK?=r^zXSTLozu&+Syd0GHFXb>--9G_W{DM+S#2gxNAZ$0bh9D2vn7?yiH$z;?~;OOlk`Ij=&-dA0ebaeoI-p*WU)F-cRq2la$J5P&8g z@H;3`ydtj!_Sw(6>)byWad1A%sxyt&z@P&JnZ@flPzN_+7Ma|98NS9Kc~1xPgxE#D z)cm+lwSD<6X=Jka2T&Lg1;pTDErLu@e>W~n!jC8CzqjPPqW}S9JRPRkRdue!U4E}G z@(_#FDf{is8{NOhBdY$G=*gBHgU{ACIFDg)+)Z4rvI>U(duTh;`@shbJ?)IQTn3vprC$32GK z_6$%a2etG$b|#~kkRlg*(kUk9K?2~%_p}A_LJu45CD-N>e-pl?uaj>z${PHlX`uba`#lS%%s=j(F84X}obLFm~l&%SuOAPDE#V=z!5VdmsD&1d}Xz=?lUXnfoG_|Yml zhBsbp*ZVcz=SRlDe&~Yuhj4eR?z&x(@9Z|hy`h9bQ5p434lU6-y0)K#i^ZXhVX#qU zjH%f-XL7-*1)mVC#i=Wl-b0JNusTAs6wf0oQfac_uxeKx)cR%}5;wLCNYTXVBT zF?@4v61k{h)Vl+dLHAGy31Ai>33Pt2@#(6{Qjm6KiEfE2&;Kq+5kNWxvj8bqd^cj; z>Qp6jpF=0kQe@$?yul$dSf(q*=+KQmEjp|(phBw+8vQz0vk~pq|Hsx@aJBhu-9ABs zTXA^toRIU~ErK2gFdPY2=zo8NAa`v)ISw#+Ih8O;U>}8@Lb}^n zZ>->PbGhM;3lcz{=#&8GX?+CG9(`Az3=H|%Q@@PWiQ(Z0lE^J!vtRmzpIl)&kKDAC z91o5JDx7U7AYwBVZd;x>GE3>3!RfO(L@={H_KN6Q7U2ueMTtQgQv%%gmnkP&`jL|3 zKfcpij|-Z_x|o+=sNdl z9Xms*issZoJ_kAL5UWNc0I0@&a5O192)rlX>BLO?;;E&3phB(L{<6L^lCvId{E5aUUHk_+Mx`9H zgGrOJ+BRy#|M!dix2k`7vo28s>|$NeeZ0uGrMx{`@nn(2Ta7|3iMv`wyOLB93g{1O z!k_-Pumbrm|QvwDgG?arZT->iJIKS~D%EI@V;e+~m$|-$w5{#j% z&vvhGS`OW}h}p5kJVLH3Ct$}t@yf`>Q2e(a(dEf!`P5iguW_6#DkW;j-K_{3)J)z` zeQFr_)KkZewWMJD*$3r*aBq1KMJNrQja@ky`r3hdsxnx822Ola>v)=$U%$4git!y# zKGzTm_RtP=J3>S^?IAv@LmWZ&_UQt95^w+xvbdMf69}m;fZTfz6%w5&a1>Ka!O*nO zO)Wve{2D-1yBpHkBpk5?ssh5!aq-1l=3WgUpIh||dittTGky=LMY2;~>-vlqjftHc z=IR8VzjZsn`yCKEb;P~rlRsfBi$~IVQ*g0hRz}0y#WpvD!|UA@(SN;J%O`IA0#1$FdU@bnmO$mEz0!ns(dl$~RYd@! zeFf6&Z}-zH3Z_4yUL2agVvP>}@MKEK!@pd_nah3l9WWDqGn&Y*=6V`H`UcrE;8Omc z1Hb`W;d&aAL%RoM{>+|TQrc1UI9?XK2Hqq4rHt2nGAGH6Ap!KgzU%A(=(C-B99Bzp z)WMtvd>u(xe%UHi*;vsLUZYszi=0l@Nr0iEZXW+j2b%}dH%aZ)|0NW=jRmSWySQi? zCD^EA6RaPOm;ool;3)sFF6)+G)Sx=45&6;V`^##9tY6f9-36sVi0Akd=O*7k=2tjv zA1M(+@V5pa?@j|wb;^|#8{UQfJl)8dkA%NI%W?=%ESf;(kz%>0>fshUXY;2?UlsbN zZw|algde-fMvG9#U8ggKKZxEQeZjuY5{o;-3Z%?RMm1L&UcO{VM^(`d*^|3zL^8=q zTx}-)&7&8`DF;_6P~n5Qpr5iT{P~7n{~djv8bH6MLoUl%1?J`%3C_6!KB0l5TydId zvpdhf+eo+mT^#I4^2TBguGccXss;6_%>Udt8>C1~{p|sV`c-~>{Y7yzihZHTdX`f! zGi-_U!v0wd6Pk&+X< zcE+!cxV*Q9(#6(jwqa3l<2oH2&x~N;_u@;>fg+wfmQ6`(Ac`rXs&s|>il8qw82c;h z8i_hV-OtnT>g+k;4?AC0*uc#flE~ZE-`26hRdmG(o0qWL)MYYbkxAR zli%Ts9IAFPC#lio{q7Q~=5kz_dYia4(T`Zy?p>@`q>6OqR^@(0@kT~5F>bHtsPivk z+JnWBnn?wu1z6CuAAydbLlQf}kj#TJ?%u3w1{T22#o4)s$~r-l zKb++bcfvoJ5Ie#jzD!Y2AIx@FWyy|78eRQ z^{;C5z2f^F#&5SozbJJrCg8L&xn3hrfxbETLdDr;u_A{dv8)LAtrP$S3*DnpotVWC z+YSK0!2(S_-+Cgg6O87s7lyDWPqe%SzNtBs+=Q;O7AMfoE+-5|I-CeGz+U(jFsJ6d znrzF~A_+vEz&^aIPNn0fh+wgv$@}6fhkIVX#AmxMHoIWTbz;hJcq?VSdarvS>+=dF zA=~CW))49$V;)qe1o4Vvk#ITglGRpgO-!mw(VJzwLB0WsgPjoOurR0pB)@DyWK7N& z#stT{TX7^QxFc^;Q8b9^t@6d*d>{e!(Xu^sZS_iGotY+MZEY}&wl-f3bNFp;TKL-T znUZ3JZ&jW=ZkYc}!mO_pn;ItU{#Amz_-O`ty9#%?#)d3E$k5Tk>Gyp`oa+7<^7_y3 z7kb(>34kEh{oXM4t98@m{UPMH{>?bCLc;$HKwe*!PDTr zN11>g!}~Pnft}pn#L-oaffz?6o+TyAkx}zk%li6PBdP3e21$3#KY8N-#}@C)vW0fI zKkwhQCUCgWiWBa_CK)ek`1%@`_(2}a{&j*?=Xy%yjt6!msK%xkor+deJpJX`0SWHZ z;J1Dee73qklmeXPAE;?^@@D8xY)| zOC0AAtj<(8jljUYI*W$%U6Q;TQVwxdb zK~>3V&Lm~B0weE*02)OxB{X)pN3#6%Neow{-&By&TN<8C_6V+0xCcdCi$z!54`Mzz1X*FrL<}#>fsSral1l_)tqJFn`YP(#-?KPL&!@# zRj&=0HL}K=lBs&hgYl1P_~D0yW};*5p`jJXhlV(A8y*?>v2X>~dbNcBS+4A#%RW7YSX1-iRoQ z0CBIzoX5V+Li|8^iZheExKB)(hMI=MSRv`9J?f!FKIm~iJ#lTf*swyv>KQSi^Y^r~ z;+@WYwsj;O& zAF%s*-*kEQxxC3QD_3t6L3JLC^T4`&$QhF*wky4fj<@-=U2}?Pz|11PLaOZ!yl@&u z{^qAZ@Fqazk?GwX{yPmycNG`e-Jz7{?mx? z8$x8FLE@7{k}mTRE!3z0V)C!Y?sjE=FF7la%}6e9it}v_bn}%$%(+`f+Pao2KUhcq z+QLV=JRyVzJZB`s@(13->Ojj@9qEkubbY#Ma#n8!yp*~Ib767=0mY-YHZny1&GdiI zCJ8zdVN5+W6X52!_2f_rEv4QWm69a3L#1`5(YLV2bgq{fbE8>bwwy6;F16YLQ2*^C^c*S? z2TbplrsF_9(Oh!bcvy|sUN=^6MHxMYDp+KZNW+qQEuhN(0nneqe!Ar1e{W zDhlz(g_(sZw>CXA>ZOZGW0ZM>6uDUOe$epI0DqALgZ0m1U-&+VAG%4PUT_#QrpTg{a zn;90#FCl=NZqhDy#4<{+=8CdH)b7{STJ!9ZIP3(7OPL;wKftH+wbtU<(Zp9M>D23# zI9yeFo&0$)-WP%OqYip4&m$`ap4Z~QzyEw1YWYKY`J<$`!j0f!z#+>eVo%8flGlt; zxO`Tzm2a4%+VV#)O;aQxi;Qh)Z~lDIImb%RzZ z18%7wH*;UmCp(|L7e2IB8+kq7#j|MY`^KLKPE2@-Y2lDiPi;$QV4?f_mY?R2##Q&N z7p6GV>PT9FIYZ)n#A<;#T)OW*NzedDDJOl+s!3O8z_iUc$R1*ucSHk})L3`&7jDVY z>r^AMo-?$V+cYuCk#323C@!BL_M=NapR{spSv9$Jiup-BEibp-_X&MSlOe|`(LFy&p=sEpwZ)g@090e#$jWdS0yDoFu1`@$mt6 zP_>z1uKm|lQv~hMAmi(gA2(J(_@e=Cm0K#hIAYa4>E14@jdn|(6bou!g~27*=Id!* zl;pV21PtOHkHcv>)3)kV0Yfut18P4rgteoR*s#znt!bL&PE~~a^vR_N?@1U=1TJj9 zyC2~(Xdl6;ASw%-$40*t^@<8tDP}oesAm5Q`|b+u0S@Tbs}T(noe*%$!>Wo`!)miU zK!QH{_ym)=B(O;$(yzAd@@37JrJN1}L!6e!LCq5qOJ;Iv?dt`PPF!ynnFe6WPL)xZOpXKTMl4C zlkM~-B<5YeI(I62)ML;b;cLm{IXM39bkhgwVrX6##aRw zyo!kr$p-$AhI37$<4qwMH;aJ|wVl@EfFbJj3`Qu3Z{d_KV4mpL52`PfrYc<|@JVfK zdiCKJ`ii-fG8so-?Wd`quwEXQ&)yG|8Y~LuQ@~!~pWo1=z0A)RM9WF*W4SC|)yzRG znUOZ!RY_te8UC_MF!WDQHZ@*VO>?GiKc8Auwe07Otmc;f6enYehx2!dw$<>HJZ%kl zv;Exj)A3w!;AVZk1YR(zz&nh`u-Ns0%go5oq{#}mM4yWs02OnhC5#?Sq11jISoP0A zCsv(*s+8_KzVo}%jjAq>)zXbZS;PJ&5jx${kE(ikPOzYXYnRL0wi+tK`J35MC{9PQ z9>-ZfOKz*&ciSw!v7YT*Yih@vp|jPvlAJLSX%cHzjQAy#(;*8@&d(DYx=s52GIHQ! z!%@#jyL_wh&PKaleEH+IU3(L!CeB;NB?kWtks43`zo&xnhiJo#TRTv6&8erw0ksl4 zzj*g%h6^eivifJimn@9XT;Fp=+f7>koK^#&@K+tU1{*Dh?mujO{k}7|;zUw)HF)06t&0e@qcK6NQpHTa%A*)#?JsaWru)mW5REgQ8yZB4%=jPz?8HuIHP-jQ$El@$_t=CSpo=~63#9<*1Jx~&B!S7~w z?jy_w7!vcQ&N3fg#y3$x&=t&DgG090XzdrS}p=O9{ z?@#(pin=hFq-)1;G_R-aK^Gy_0uxu|T)N2huhacdauH8Qeak=kYS8qw;=@LQJl~=i zVJf~nEE%!eZsZj-7XcU1b=wO`be*x6GI1GQri=4!mabV_T}`bX3);_?xC}|PEjSE& z(6*-AKg+w8snYx}MW4^bI6BA9>1XOVPeZQQ?dTL8qj-S{n>UIy73E&Vw2V*Zt&CPP z94CSa@gz7EcY?pR?&(q~_FZWTlt+I$z#`pby&n z0IQdaqrewmv}@Xy0`||*frQtlq`6BnIfRy07)E)##AsS4_K5A{HVLwfJSe%Tp=Cic>2m+ zNE~n8te|m-KG^QE2AYQXU87u?v!7-LJh8w{QKIRK>|M@EkG^g|=o#|3zrm8G+g)mP z*{QDMRh0)N|5cTmUxX7s>D*3rTr&v^i9LUiymL)6&Twh1Y<|Aylw2bVs)beP^$ScY z{RnY^rXFmPOMYG%bi3cAgaXuGT^Iv*=LeN&pA~N(3LzDf?}d>9XE|mtMW5O(q(v-Jp+i*ReHV)lr-Y-M;#U5p3#F=NBA z86*7pwYmE8?18|2tsz|e)b@0}RFl0Nz;0-YDpbYR|K>6G-_o9fKvy4qn{~?sFm=V2 zsmc7Iy6w6Lgnpu5^&!3ZNxS&RyCjR%f@UNl9&fXSFQY%5RC*Q*3;2h|GR0_vvd3mC z_!yO^kiJp!8DUN92+3X`9K^IEpf}AvT3-m0Iv>wI`k$_cg|)wla~r13JW0o^7I0d} z*Y4v{2$+9jtJSG3hUF>hMUj=)4~Ka@ir4y28>K2wO!@v*bz!whCOvNBx%4{g2bDv8 zhUxPY2E6K1ji$XJcUS7;`51hi7!QYaQ*y>!7c&i+le$UOskcg0J9Ti{OQ6fw?$PCS zN5`l7>Y57vbiXnTDL3t8vgveTrY;6ciZ`~u!R>86>{`D0OWVa+n_-~JxbuE zrZ{W|1&;x;x50S9a>08cK)`dlGp0U|U5+Lo7IfN%2Q!*6;hB45w`;m$PEjh-3_s5u zR>u`}yEUly1$qD5U3Ps-m<}FxoWNWISDfQ1;tz`CD6bqor0u@AmX)5m(0u(ZENtcG z4VroM>-VsAn}|2>*5FC$f!=kvkF!1=dLCpxmhSzl+Wf1Z z{a+j7Kf3S%@;~Kgg|14KSrT`VEPl)Wp3tF?fDW!Xk$yT{A+QIP9RA~Kn*}eSZw90k zBsASFQzp2XtXY74t(Af8zp+=^iwEcQLha}h3syl$ccUwk)?wNEv>+!zLPNx>I_=$l z(2d-yXbC0eGv>T&E|sWj#1(UY1%OYxlGNl}fu%ZTj>}dWp$EITCGsADrfG+0&12>?z&tbbq+hl@7{Nfz0z-`cZ%kK9d1*f3# zcp+TxiP;7yB);jbKTpcs1n^^WO88GAN~1TYZ8;+X@|n;qMVI2>b0Gz)quve0w9Qzw zI)vwWf;>;iajT+23@HZ@^+5)qA(5P-3-b6LIimYSN?sD7rpBJJy|=t|0~~u?!kx|Q za@wOGSC0dv4l;n|Qb^AneY%Xxw#*sg`js`@`pK_W399HW+-EpwQ_>n9;0_0+nlwC( zr`0X$BvNxaQYszj7zHMvA_#m7_qj_A;k(ri4Vau=ouYzl1g$Ho3txp4(hR5q*&$<+ z5h3=pDy7E=L#S?Eq2h?erV2WJdCfF_B#DO_$OgDwgjPcC0y&Qu$R6|=;o|n@Xz87+ z#?mHK1Zaj52Oyzl*K0RAFaS__B!<3w0v721+AE9`i=6z0QDJy){kziO&0AVJF`X?F8$wgZeyJ^-pyabCg4BN`REfRD-i zd$s*%3ZdqDp_~NVH+g?XMffjgCku+P`0dA2DKkrK$xN3;o_=X=TKphc)Nvi3(+r-u~Kj5eKvZJ*A4X1dv zPzAWcGprmQxL3KjScl7XDZ=+l8kxFC(eA;4 zYoq3mOF(w4D$_vIng$jV{8Uw$U zv-TbqkJ}XWdfSnv9I*uMgZs(rD{JaJG6ut}Mf)Eo?t#wqH9Gmt0oT&B z?4kyc*b4T^hlFYf&{NM{r5O;YrT`i$c=?P{28K*$hFVlQOW*{lCG;WDVTySkuvega zR#kv{`D#iU=i^^hxE?~p`5g9jbFA&)>a(rFSkxH$U7Nhe7y52ClD4?_h1YH&2j3mD zrG3jMidyv+yYUbQfKy)zu-CWgf9vDvy)6S zXCZ**_LVs%l%?UYS}J`c^^)k*6Wze=@B%*~Dar8Mtt{E2{oenrbdc5B!2j)S*A?qr zVGJzIlCMd_9v1mf4>RUj8jcKTgOLJ^VM!sGj8h+2zfrzAHMjc+=dt(@E)C1PYrJf^ z=UKNVA6*S@j=5fh>(`^Mdb{BSCf_vs-A6DETur~=);Et-Ey_OPISGAu`wgw5@D$|CUkP3P&BHyv!USy^>x8P83Rz@fsA z4=jPJd~d7eoiWRi$*TQFJlFp}Zk+!q92xNak+|kVhP0G)HgDDA!?aL&Rp59*6$Bt) z3J%;`=z#x&ou{52`NMmKW_1AP4q|5kr5>l%IFuIf#)OG-S52u7fz3d|Y=X)EBNZ2k zFfwS2oO=9ERguY=uHFSMCx+z0?j^BjbK$3lVqSinTN6O#cZfNjYb^Qpt(?Txg_jx1{R>a>ijY!(~sm4joYH zLR}D6CTRr>K;++p)QQFmC}zsLAL%R@jMAt`;okH=o+INzzC;Sab#BC<++i05?`U~F9DTD&ls2>5zwT>Vw+(Vt*J67V;KGn$YO?zFlFlyFS>aRjb&C{{-e z4tb+fi^x)cf-!}dQe$|5 zjyS0Ak^$sk!itTPeivSMV1OcJx9FlkI=Jr_t(4vhpMP@_=3=K6tRMoS^+w8s1_+-0MAC*BOqiGHd{%krr*04F$wpo_%3K2sfl{Y!nOgRsTg27#D7W z2j-DTRPQsLrSa zUUL+yg>Sysw%vG&I10K9X-3PFd4(>OvLI!dV2T@(MKa-VObetXsD&tLNNwK=tvq*3 ztL*@R0lwB9AD}FhZKVI9?M`2wciHV?{ER8auYvhn=m@IDNptK6f!I+1)!$E~vEQwa z0=MG^5zeJ-m4d6|;W)&mU?r^$%yHv}DIcLme3RF|7&u{`FdyE87nW+g_soo6G5UN* z9+4fWz&5u-a__>g2p4C`)M|dPwsC6LeESwPkDQY7?4$R?QH!&)ecS$ka;E-<6mR4_ zj`I|)fJ~hm^Eq8JR0oSwo+nJY9Pi9hli0WC>tKzyWpW%Z7jg^%d*1Q48Ak>Rk}hy3 zwv!HF^&Yy4)dqJ!9YJ>-%K_$Ci1e0&4Z%EJIpR=obvdbyOZCduEy|dwX%2*YL+hiA zAN9G}MY<^Ar+a9ui?Qhrz{cm~9qGg8>-&GH%KtazzHXL_A*6uVUioEmR+G1x@3Jw_1-z=2&tL`ZwA~DQXVNZ2QkzKY1~;w8 zktE_vN&wJWNn}4au~kf7qIXlGx{D3i=5N+1j@?p`1(OAxBD`HDYNWg~zI(G);Gq~dv8LnE+H%guOz7%1Bt!VF;zVR+_V=i@Ldk(H{nlAIL*iF0^ zU#3bH%C9Xl*%A55YgK_Cf*qZ%-dxi(w}eX}Gcw?>ZK@1tR;b-ZHXLp5H~Kx8#37TQ zUYtuBTiHBmJ%?{GTQHcM%I7heUd@03_d`XgoxYT|E4D__0}D09}LN5$ARz zRwC^Jftkhs5(}XnLd_9=fA)+mQTU`R=mdWnqA<8`wkMDEvh%N}9X|=CE$-xXg?gzw z(fyybDaW&O^-haBPTO7i{O4zIkGT}_k)KJq0sGQqu~IR=8kZUu^xSmf!O!|@PPgw+ zo0*HGcLr{+wM2~nSP1s!Tl)%+6~SMMReb3@(^KY^q%7~TZ6!=6Oj+Ydi;JvL`KB4D z`5nkT7EJOJB|4u_FstC?`~9ElF3EnMX1c#1XF zJKGZO4#uPH!J=`W0>I>R<^!-r5bMu~G;v~Io4gQUan*)x;HOQ=3<8s3$@wQj09sAz zx@fH`GpmMp7TPdl(#FG%Xk=O3cxM|2OzklvAmad|j2_*E;{cvF=oNE$g%r|5E!h2K zv(Qka^?UeU4L?DHtKaR%Hj(xd*}XVdH90mG^d>8}&}!uJAB!vxkd94Bqp2fdl;$PM zTWFjUDVG1t?O#nUQ@M8~bsa{IRyY48{Qc`V0e8B7Zb~G;b%n=Zho`c#QT>on%qV!` zn@6WEK_Th9gB^&^5d`8-8ga#;Cu_fDYlBykRzP~y@BVa|Ld-xg z!#S_7R`Bl<@5Ge(XjuO$>IvSgc-u7V!tf>uz;{sPvwX$2(s~WR71eo9_z4^L5~$jG zqxvWJ%V3N9R%BPK@6d0Ev;OFJWvj)p1l<*G?~>@x3O3>OO}}2()HFkWu&iCPq2LY1 zQBpQ)WTt08kC`O^iuJki(tsF2E>(#G}!w$Q*YbHQ|77e3NdCs?zLT=4NfQX3KgYCh!|zc z{f@NkHM_oj|0IM8kPCk-Q5KAy_3~O$K*R5Fes+8x*avc+RywAF=CZNb*2e>4y?PmT zSy8EJgESxoRxe*@aFWJO`xdcZ%{c0{G1SfZWct(flJTQFR}Kubnc2Yb0gT0l^o)Ue z#+^HwX4$ATUza{jUccsCT9<`3`7xQqSYWFb=6TJ7nJ$y?cFz{i&SSy4w1I$4JTLY@ zqF9eLWZH_Zi6G!i8lGq!&x9ImystzaZh939eg5}o*A{`ySie{QY{3c7RqN1xy(r0j zj-gDt9=Jbx>i7aQSr|Hznj-EpnRv%C=YD@_{W@=BsQ9Hv$Hy@?FEUO8;u+GJG(NV- z=_bRl8q;^U5O(5vC;Hjg93Pl_%f%u7ycWFfoKuK4)LN*FdO`(=ck230eDe2MrV2{V{K4C8!f1vWPG7T)yHw}Lr+ z^{mkLmSZlv+uJf6#>VUO94D7^bqSymquv?y!mhj6aV|sCdhkCe%0)RPRUQ=QsR@kPUNji^le>{^ zPHZxY1;V#8xx}Ru;{;<9 zQtxka#|#Pf=FmSrr~=;VRi+14R$OGx zOX+Qotcm`RXU1;F#1aJ})O=lDMLlA`Ot$Q@hUK3lR!KHEp|KA%uV#kAHml|ABA)Fj z^=-0lQa1)Ji1j|ZP(W1#Hs+PfIig( zLG=x)Hrd{^YgAD5o%x0fV)^*^cuZy|cpz-lmC-Kf7UZO&xo}=rtIm$6Zt9%ijtY*> zus(lO&0O9>Y#!C^09B*BV&*NqtqN-$trJENP}rR%WD3Hl2Kfbw{?_zwv&}-fK-WU2 zEAwJ{aqskC_8YNBE34h-t{kDHt8qv5iyP@+=P0Qs+85#-!hHiN(rMUaE}^^ayhx>D zbzWB}DZjpnS7E90TZhV+_uxiw2A;XDiL*DGhSKIO-8eOWC%mER^diC!qH=l$>yF&O zVyx*;LNx1dD=1^9ylQMSz2$eFFn5>U-EUh#ceBN$pY6uuJXRc~T?6!X&cA52e1pYV zLOp3jN?SwS6}Lgv}6UEJQMf1h3&XoN&pk@xBN>14ia`f{^#Au z>ymbuOP|bPW9tU>hNSd1M5cW5izS`UaK262gosKH*i&4fTS}9>-}=ZZi5r#+OGQM`}>pEMf0G`yXxm8^x&XmLmrBz&^`X zv^tl@n#5p^ySnK}*9FdjpJ10jl*t+lK))@C^o57RTnt~o{YGyGH^#&=rspWx#C^}X zsn{R_uX)JnU|a)=4N|?6?z=ja7(PS^-W@#6`3R?4vhQ=8~WI=t{hCqLMaM~ zZ{oIN*Q*5(x2ppH*lhkY?L^o-9 z9e|p1Xx5#00%PMw%*<3!?wPPeX#5c{`s+yD2G&M#qv813ahl(;Vem4J)>cS-9V3*+ zFMi@SI-}y1;o2E%>6L4Dy^kjd zABqE#22?aAQC6(zd5c3NXOUwlj)5LPTk7L)l;Y=d2jTVD*KiCjaa3u~31e|SBer*V zjY;+21RaPt)3~SN1mM#}oPU)7N~Wcdb{Rx^j1js)HNck$X#?SrHYRJ|f(uG6X_db* z;()C-hc1&5i=H1k#Q)QZ&zoX$rgBdJ!+|9#Irs0&^eViYcUF$qw*xw{p?)QnyL0mM zOuU_16_VApYSw5i>p`D}$=;G0xIBgPhrq%0&Id1=fIgP}$Zg-Q7Ei3!$ zSFqm35mu>AF^D`qSMU+fE7}@J3Ty(exFpgsZ2lpO-W?#!BVTgNdy4c1JMpr(_#Tt0s9GA!mnU*oY(- zGI$2C^@RNy1aGX>m+E38TV3dk=1r!%v1ieuMOyloV+~lv{8EX8(|Kx^KcIt2@PFh% z{x_NZ|GuI588F{`L*fi7l#L>gqiT8~^@H#1`9KS)jf@hsWczEg2@%;d@ z2tC`3BqwUX`X@IDn-o$w5NrjZZ#fCsxF#gf68kvgE`#z6hkek!m_Jfj%5)hA3CIbM zyWolp#qr+)3MlK0Ab7^a6Ls_IDS_$cQ@;TJA36M1ui@(z$QJYAiJlvD*vAL}|y5(^_AM#}MpEF$-6em(N z1d9n{Or#=ncC&HG`*OZ!ONz4ZTv>b=PU%gGqxBL8)=%IN>=9|bu`6tsPqM{|8R=Q9 zue&JP8gk}Y3LC63I6WZzz9vA#FXZZ<#79O*q%-72&L$~G* zd;MEi?fTH_?U@-(np7)Gc`Y@xV_O$gkCQ{VwWoa%;}qir8dFWl5dw6Ls`;tVeaoOL zjHNPBB)Il}>NAc-WeUn}?`U|T=1@JVl%(c|F?%&4cD{R?y(TI&)g?qWMb zj`1a&v#6IO&^Zg`>xM+*F;)9mEoUjuZ}{5{EG8L}W?h3XH2u$5oN4DH`tA|6PIw`D z%1obnRs!v))v*^7_vHlFEfdS&llP$LoBuS(U8tB-+Peq*1TjPje$r!+L@dW6$?U}Y zJGMFIc!QCgvTlTfnkgw~IM_r7A5=*xk!_&`2HXSxeSBUoUG{&%cBL?kmjZ`lx0O=9 z%XHKBs2~{lDm+s2d}5K2@!e%lvR+czMCO3ysVE=|t9U}xxq|XRV{|&3V*XSIg?Lm6 zak!8c&?NRuW-e~HzsRP%&@zXX*H}H5S2cXHB|^$A{6~^qMgJm2D0m1We>y0teI9Q9 zK@cP@8WFdK*MlWBg`Tc$NU8BzVd%XV&YOa{2N#kzu|S^ZIh^z`7{;E4+O4#xCoDMH zm5I`Si`*+kHBAU7)YmZ#S?;ngywuZw{lg259Bw8Uc&ytFqihTHtcnkb!`cggFpFUr zH&m)Dh}_8Enw~X(G>}d?J@7pPD!*&^7)hV+_vyR7>{Fey?Zq#Y4W+Eom>HxoQSbfS zh74P`I?h*`yL|GWOXM}&bsii0oxvm3d##(5-=elZOcOV5zIEijPx#)Jc#^9UYI>vA>hvZSXEpY;_ueJY8kaev zl78d&RV;k;td3gu4E|~YqDJFgW!|amx_p)k##+Hz(SOEKpL(oyp}Gyzd}pHsXSWU_ zTfd=FVoGO>SMk3r?qu7U%uR#CyUI_XdjQJ_5OsRszgsDtU8A5`rUWrvZ9;Q_)yr9V zC^5KVLO35t*5mRBYOC*q#-mK{a0YqJOtb63$(~wb%fO{ej*^hvlwfY-54e&pZ-_J* zL*&bB^kgBEbe<8Z=vRywLy$U9>fJ4M4wDswZK}{l7$BCCWCZ1pr1IqRnF*!%+PC0v z*Cde%-`H)%i^$VI=M1VJ*6bcXZpbiy;O>^@p0>4z+}3Q z%D73&kmIIU<2XU|$HP=YO>vSQLOoSi7aHb$TKN}IXWLAsU}wAG`-?(Ngyct!^&NM< z(AuWPDM)&Z`cjvF8#^pUpl>k7XX7h4(v;iJy*ak{u9HHv2WOCi^!a2$xVQ5) zMYTRTg(()n|7AvdpjRv{njY_kqA$#|AA=Xr2-FgDpbJPsx-$vGL`ie56%3l z?HzVWen9B1CTs>zdbS&&fAoaQ@Mo2^@)PSU*3FnehRM;N{|Y_^?ntZ)sBZzP%||zK z5!+Bs$3!ni!T=^0v=87e@lGGFas*q3UfrJz;SH9p7HC=H9K@BJH$@5PVY;$nk;)QZ zy-sU#DxObcv38Y5-t!brKt6vWe}51Rjq^tE$oPUIHc&YAX^&)kJH>s-x6x5wJH-P% zNkN$S=ET?Gsfdb#s=fwm%XS^zmWfIEb)&*Rxncsy{4$v7V9FSyfp+s+hFZsU2UbMh zIFoyiZ9Ogz^DIlYkIwciW1?q?>tBRMHr4F+&`}Sd=-TNIW`bo#<{4;6kf@%k%b$_1 z*oTa>?+IDHGBHY8x-{7|3UE#O&f5~KRHmv%_l_#6qbIGW60?66ilE~k`D{}f@Z`&$ z?>~&X9#^bc6l1`{E3h$FZ9P}f^B58(Wq(z>9uAv9iv1bUCXaCc4Fd>%|8(C@K;hNw zv)~^_UeIzeZua)!kTw>yi3o>v{F~z!A;|W!bv`qzWKyPt^7ZPThrrj9--8Z}22c(- z^y^|shdF;FQ5tU>HE0BKe<4QesYR6U(+@aGS?>zQ#1bxZ`0Lu+pd01?gweFidVf?% zx#|>sll_93LC@?1WA(ac97H0jaSGo=k&7iVQT5V}yyHK5&LGzv})P z0)1K$n@9A{UcXGc%J3J7oKO1m@R{s&j#4IIRK&#S@661ODOhVz$Kd)7ncGaluK`^*uN zgtkbb&T`_GO(inU{5hrAh_Fw0c=ennxQh1`{{}Ym1iSP@II+=amb0*D-qM$Ll6MD( z%=F~%54Vtcutsdj4_DuXINfx{!XMa+{U)iF*{ind$&UX&Y@JnDT-~;&u@Djn8e9v4 z1TP4|3in_^0txP#;Ojx>^@=&au8Z#yh@Y zKiDSPSBc+Q;AI+6nf!~Cv9|5Qf>X~U#~T3|DqC6>zMKFC`A)bH1+G==<5KwxkRpXp zuUa^!e-`_3H8MLQ{&w!Zqv^PX5cMrW>BkrQgD*r+yZNhsUnm;xB}a9l(@FK!8!@c7 zc*D+_gi&mVmlA#`vXAJv!_*yx`vDFj^(VYh5K2zvyB_z$8ugnWTPLGwB}&M1_V#c8O#DKB4 zETrXpf0(HhL#JOUym0^Gb_WB<;UNy`Ladu=ttndxGo~MpnmUDETp2%&@m_PH+_gR& zRISEf2|*tTy&e^%fWklRTJKkb#NHt`Ex++-eQey%y5}X-W!^{B42aV8CU-KQW{p1& zNE7HJGRK*INsJ7jAVGG4f1WkHdH#Y>Z20v%z%y7brMhii2k4UypYW5Z*^vdUmzwK& z5jnT2Un6LLW<|g}u3rzYP^<(Z2n9dY46rtJagp`}A|lxz2?!0!ajTHN(xb!tmC}p= z?u%#*<~ObgQ{KnwY5wqkXPkX6laaeI5z3Y)pZC9*iUtglo!i4P)ZfFsjddiHbQC-P zH)?)s`*Hx9wg``o*U~5{&+MO@PP+Gh5Mi3pbW^rTp#yUV)Ujj(h1_9 zT0cNZ_<_tfu4W9HHMJ-g_M(eJmf&RqHi(aK14p6ao6p2ku`84ayGh&W5mY$5-Vaar zuCIvL5WPGRMaN%th$Ln^%CCT~ZiX0n5KjC}0NWk*LNW++E7-!yj^-7j^@t4LVo~?3 z=REjb&o+qSd3=fxWK!rOwg4-*8bQ?}!+fs_UIr=~bx@XD^hN@dEGxEj3u+pXa3AH3 zWs|DEGgciy2w0$-U(Dfoe@wf_UB{^yjRO%hv6j7`&Af;aZkoLxXgcr9qI*k048V`wY#(ms4BFH1xC zi;T(7{0W;96ZCLmm7Q8<{*n0OuZv?wq|T@dA;xyugawA z`d#|x$764?5{(+_@&OYFF{eovZ)WNoWf$FBAMHEreeBPsBUp&xy!<3?+o{eS@qBcU z*7&)ZuXK60X9H|Od2=o!Uz5Q*JqVq#A+^@Yyaq`BE=B#j*7#qb?|0hQWC%L65YT_; ze*f80dNfM`j{baHZM7-TBf07 zhoDFBHRK8z%^^cr)`z~@tu0pV<6Jp{{0%b4=1UR$mwrD2JI2jLO|=q0Sobpv0?3w@ ze5@<>@V$AZ{nJN{NS_~uxx1mCKOoFB&Xt!Vy&qmS7(Z^y|HR^sUcS$aKvbfOcH)#X z2xL=FjljOSZ~1Ic{T^XjlcYV!Y43e$<0*{&8%ff|UP#e)n7R(JAdVUL$$G?kUSu&_ zBSYS(WS$q`CP3jr^>nvAKke-h%FF(@X(&eMTt(W&JXqj$P;ER%nNm4g)%Czhn{H@d z%zd2K^7vIXZ>3-GDa78T75tmHU zTz#rimH5H3p9K0EIHcEw78{X7yZJE&x^Pi z!Y_CD8ibiy1HKtCp4K6qtF^$lkTE>SVAbw08Jj{8_S1@_oLzZV^G7yo$STy-qzgxM z7?l=J#{PSipY9c!ftP29n2ZpGrkDr|BMmC4TjH~Lwo~}H!fs*){DuBif(T(Lo<$SJ zV@4K@l`(x+;#iMF0(<|-@!)a|vbr6D*ZJZ~v#OlrzoZJf`RZfEWWI!SrWU2P&Ar|e z6wiN5#zU2Xs*$qmd~)>HcQvVpG9u$zlY=nq_G(+lTOh@|8(-ho1trsQs2+hxUH5iq z(vx!Y&AZ2qn8Y5;q2wM@pS5Q+v!k+4Ch*_*>(N3-$s6`*9?%z8D^kove4M`;!L5Gg z4tE5}tW=*(gw591Upkeavr9(GMn0tFUPrh(-OirqJ{oz zL1t;$fa=eO6X|^Oza5g@;$?Cbwmw%#R46kj!UM#uE$-Lhb1j-bD^$r z$)VvZz8?*uc*`cuUzhdQ!J@8E&Pc53%lYjO#CEf1r|E`8Gpux0`6t=ZM#cxms@WW5 zEbsBz^G(O)3?-VZfVsIHUrK$1IAWC|nI;mXne0E_0+fbVPu5&Kkz~mY+bxK_q8EUL znZKRj-O`6J;5flC_Ed==(n_ z2ndS2`d=UfPb89ZX(UhFBENMYz#1m~w!7~QcKDqgxx###V*VwJ0jWgTX5WrM`h>_Q0!GwBf^KN(({Qp4{b9w#=1+TIC~dTqr7S+|pL?mvzmS$+okp`4l=5 zGh7*az?U}xM!lc`IU_pG=VfOh=jHJH*M#aamY$%r^OUNdW!~#QEz{OzHS*zFC^z#b zkXH`rR4%+*4J)9I#|>`ECrsW5DFJt6Ji%1!r!5zSeg+T^#kC;}dJ4Bd51?y1s2q3@ zY>OQ@Z!+k9`|J#zW^;G0I%ZqWqyPnUayo2enXqu8U?7V9#b*D{cpk13?}I{@i!dxcAQQP?BctuEL!tJ>W_V`_kPJ!<omWTEndt z7rq_NH^rA|-dC4793KfD%ui2_Q?zmh@B{J-^P$Zp^VOEyj3GZ^=jRPQl-I`PWhZ1f zCtxp0f>6+s?{xVQVlZbJH}4tt%58@x;jz{eDvwDNN?T{vnr4!p70gXtuVpa&+4>b~o6{6tU-IwewM@9c;UOoY-bADp9q~ zb_tdsU2PCL!>%GA{?}^%d(r>(kot@i6o6pjGhDQs`kUc+Vq-Wc5)adz#0`x;$MOfq zeYplHH%u*(&JS{yXtO=?_Tbms{qBtw8~ML@lh5jD=$_BT^TLnM?+2g1{25nvPDGf0 zlt$NxhrMjca0Qf4ti93d$dE%4+45lK;w!vZTfuI0-~};tC=hK)FZuJYg<^{Jme5Sj zCXgBuFMfadaW%jPD3pAHEDN*9%N`4ykBWS&91_{MKV@wfA>^2V1(#vi34Oco2Iqt~ z+!_j=52bKgH$S(YwWcrfN2Kh{rN(Sf9P%y-%v&}TYcrLRasz6G7zQ{_o(^+IDpNOz zU9y5RX{oVJdciku^i3W)qs=A*%etR9QJ#W@sr*k^e^TSdG|;BCMJBt@*rh&-x83bA z9UFfy(cq%QB&iHloY8zwjV_vSEZlqsI!ng-@cvw0n#BQ`qU*$&HqCN4qYq${HK8{g+w#v*Qeva4l=;!ss`tzkuJaz}TZJ5#XHNe@c z%B0Zsq^k?rIZ{;nJmgDmf863BIp2*UYup>4RLf$M(`EWiwR4F0R*Z^yk!9I3>zrw# zqH58%vZJS5fwrgz>T;$~A0gQ;pr4dkbnk7aOu>EVL7Ts*&o+gD)5~@E$=auUh(;26 z;{BRdHvXbgNT_^^VY|pHr^+S+5NikD?i;zqmb(v z)3RRvIq=m9SS-fF*3jd#2yo6n15u7=fj9#FMK1L)GA#cnMAp0|mv zSr72-I{4=Z;{wfM1|%x*GbIZIrK3tA9os8N(11szo<1cXPWR7lCVNB+ei%yZ{G|zM zKaAu|pq}9S%%+9wE`L;WZ#)nm(|#L)BjwU|=Uie}8rw5w%i*z>>yWeG)Z%o(R*w*v zB*FSew`nQ{0~=ckDR4pkD0{cZQ|LX|Rj1x2({ed8M!KrwXrT&zLLBIEo@)6+sEI$* z(3<$v-a;w=>g%LmXiai$!<*$xn@!nLf?NJ}d}g(=U-Ja>DvoJaHV@(`f8QT&2QQSg zNS2N3{EckY#Uk0Tm@eLq?{7kH_m7MS0Ynm@Q0blqc8?RTp>Yt}SpXnQpQ2K4e4|ncWJK+|W`EGjd?K#fM6L>q-FbyAUnD*`Iif5~H`NQ&q z=h@Kmx5VtT2b;7uiC*2()AnSS(4P_$?aj4cGerxHfSXb2=b33jl!(Qn|L3pv&(7j; z!zkVD{3RfwPq6D5ufwJ>Otz(WPeQGpBDa^xKj*zz8FjJop``tV9^Dc;=jn%EW1 zhGEI$3#6B0oKXt%Gb|_IO=Awf&Qze2lPlUDPFhzKi?p8HNW!0WA4o6o%*prEOI4F$ z(Y^iaT6yIw`dvU_J}dF272SUVGu>aJ^qVlHx1IQSwsZp^dLlg@xRBT*0eA*Cv%4Yt+rI_<);^&*;fGd}1VZ-H^LZm1R5kAK zN-B+VQPoaeSGoaY;a@`C&b!!ne$H0TUh}Id$SDdpazq#cG5wZiyO#R+uufsud@OS! zgt+a9a-B}H589=M*2bGbH^!KaBIcb>UCr|{1D9NG*D4fldM&+9)IPRp40?>8zLkMN zB8n3ChCNagNQLXZv3cFkm@HeZlFRELsa0-oYqIsEh-r3j^@o;I?l+?Y_F`U7wGWAM z0fC@QkNeO6(S84ky}n{%RN8O!P_O0aA_P9y@fUYDSeB`R1u|s}8UEOGeAu6_fuME17&T~#%edWvdYoVS8K=^tJl-?& z?+w-j!Y&PRJY0wj8q(?(J&#;;T-vt@IaR9WB(Uj%EPrj$J2~*F))WRqd^plK)ak64 zoEh_y`fsErLn*u0R*k1qnv21iVvESmOS^l$mIjcyqkG1O#F24AH29yr>~x!b(0y4H zYx1xN%sz&R0fpo-TW1c3?V`_Jokm>J=0h*1+ zUNx>-$qb$7mxUfD+1h&Vtg8LvM|8lJ6RBc>gv0LZfny_>{a7(F>EEAENtqcEOtGjh zpq#@e@X70C@8dVhrLQw1GBLt$sq{PgPFshA_Ca`Z-#d@RZwu)s@W&*)gPbJJ106E8 zA3U)e!2QqePL2BP)4tFYiFoColYuMeGIpnxUpp&&%?2DmJA3~V=!AvBDy6ut>$UUbyq@R zZ*x7)GM#29>Sf~)owA%6d1SZC*}t07Jj#+~bBqu?@o~TMezvDKOYto=ZC<U-wX20P6MZs)QnIBoXQgu3R}ew&Ch3G=(MRICVi-P5IUN*47JqQ= zB>6E_&G0sTiH#JD!`9IR`VxKaamq8bmQC5^qcZqE(u7X84#%)U*BO?VNiVq=0d3w+ z)Pz}=_GDgC`*g0olzqRCf-W+(8qTan2$8ie_qb{(*OSsbNI*B})7Oi2xKqxWO(a&E za}TA*839&H(L=1J?SHJst>?9#vbwcDvY`B3w~2!>$WXfxYu<0m(w>5BB5vkGk1abw z4{`w5B0g<+Th7G*1fkFkYjQ-hQAPB`q!Otut;8aNPvf*X-^h6&ZBOdCQY0 z=Vd?m+Ak67*l>)@Dl`0qyTa*^N|qoaHU^BcWVR8O~x`^PqA zw=l7EXCe3-oxf;sZE3uIjJ5`fVcVYu|8>{dJUyPX_H7P>g0AfB)H_^Qo z=Vd2)1MxVVGnPa1SZP$R)0z&MIA^gSul3O26_P?vleuL($i71l`O%QN&M6A}YGEE@ z^K{lLbPt?$uLq!#QsMSlupV>Ku7upguQ&AGiyx(8dW8POD4P7rgf2(#L z4dKuLaJ}5L@bFQY8RNdeL=U-ZlwuMK^seqx?HpKT0$&^bz8Vc7?D!=T$N?}pgR+md zuRz|9w(`BRn08`%AB_t@IhP}5_ambbv#@pDw3@K6x@rx5dugCYk@@t%crf!iG*TN4 zuk0&j8xT`3CzWDa^6FG%Z=&qji4m^snsz1o|oK4C9d1jw>LAL%2l7I-<*h7!7U5DMiOu!0dpcLcW zJWu8T5dS64W`q%+0e7`okXdc5L-;(ga#j4Mln@xcO z#jw~YuQalc{`OE#+}*Jh67C1OMO+jC-|!S}YaO1rJ8dNth7Xp_8P+4;m|JBM<0%=j;3uV;oq0n(Iv`A3}}L0C|wlYY;& zQ>kjbb37cQ*+mzYA_mRc6#6XD$34IKR{J_qKK<-_{W-z5yWs8+NplpQqd@(jCihy%m|GHw6Ax!K|OGq9W;@ zc%H78_NW$D36_40Ivtg?dOndCF1z0|$;Psc^6tqy2tH{&ST8Tt-{IxWYW5sFC2KHX z$(i3sE{e#dZ0cw*RF0*ZctQnNVsv=hjR9qvMIeZ(r&o_()9Cv**TIF6hN@&5Lwz7I zoopY~?Gyj83(Z;sq0UZxAym-1d37roL7T>K-9JL;$YQc^eZcj;W_khpP$aOr=}N=; zp__+Wp}32(<=M+wyC?i;gHB#cpBQ!d@xgxj{&HITIYQ{lSop1B%Dv?6vNG?swnLQV zR8|0e-oU_ou8(vF1zYnTRE2c~sr<@NGTNA!#i8e?I;J8)l__`Yw!^-&b))Ks<8j5NqO*7y&#Z3d zwV=zj_VwTZTayJ}od~RsUe{yv5>FD{7>!pUP!bB6kRo?ATIs5vS6!<5Ra)P%IeAG; zjeAUp7%}o0WNQ`o+DTxM6r)+-+Y*MSVTKhO+vXZI4e+;0Pu&?&tBfnaeHOX26{L3h zv`fPr)GHjikmWU@{=@#n0Kegf$c-oC+G8g3Mz$1>2-Bj*=9fWpr4Uv@xrrkxx%~q#YL5U>=UZN*0 zOoRB(A{65U{p$@hZ0<1uZUyNNL@_arZM*cV+f)sO?!HI&FEy4uVDm<_tcQTE=Vcrm zi{J%nNTrWbNvBO8dr6|aNSGA{5d`Y{@Lcz(yxmKNRj)pI<>>9t_rVc27 zjly&K6%_?6eo6ln4J5SrEUh;!s1X$4GjHUD-;PGG{7!StV`37p?RK1Y72y6hDtTg+ z%Cb0BcO_7pGVD>yWL5ph_tdhGt>dz*04%K8HbIf+=8((a?cNloj zcpX5W?!Xxrv8m6^<2RjN5HKSo{M_>RP-b5{jR=zz8PfI}$$Mg|f^B>QO!DbszkMvgLky57&O zRefiXkn1x8{UQ#itV3mmP*_Gvetc%H*8SKq?9)+u(>31iYAcB*=wv6mw4T7ob0$CH z-fl(sTD8t9O?n5g2zN2b4aSF|a^>*1uZiqB7-h|g&06MQHGwW;uPg5*K73r75cmf3 z*d3DMQegZb(4ST1ZR!0T&AvH^lE7;6lh<5^E$O;1*8P>^PjAHbR-x3uG|8asva?u-T`fYy}vEOrn2NZEX=bBQ24z|f|MBf>+4Ns?Z%0r zbfM)sS{9?ovJ0vwWL?3Dcjm1oLlzPEfN}Hl+F$O`zrO6L{aHR#vtBwZQXOPjbFP!t zZ^kx!X_69tb;t48GXA(qVXNz~f_HeFMj_743;~qCMiRF+APYZvIF-SAv7p@y2Te^b}lRqHnk0%nv$1Bfhe znw_imN#XGcMkv3E9f(@le-cEVo*vi_pTb)B`5o;0Q^`6s-`-fE&!Ep>4+@^vfH=}8wi(tWCpaK zj+D@5kz;A1SpPs%?e8uRZNE0exyL>sa>ME0d`M{ACeq=BbM_;lHroQ!0roOMh{XQv zmrAT3SS9tK&5w7N=cqbpd*wYix8^Sj<`;ksFlHH?v3-mrMx|i|zFtoBN zF%QJnE$YTuh&f&Fxo=hetRwECEb?B30(RJG&V1!F>-}FU>ZL;p_HL)AgxbBXuaWIo zG>o@46n)8a!Ku!D`*VwwVc0n!_;QIZ`jz{H)lBOU+Zbb!^A%rgQ@zf-4s-O;K*?va`~b0<$#AV5;O<{eINtzX1v5{R==`Ujv8?)ok-F20(_Eq| zLM1GpX2y`%H0L6W#%EB@2tD2X9d1c*%Ax9emKca3^0(6vqrd_dmgs8xAj~7C-JQ6- zfm{-}Q536YE-11tX+uK3k<{_YEv`GOR!aO!-Prfi6lr+em|<*>Unwhf4wD76T-8yS zF9CPeH3TMR?RDa7nfuD4imR0=6O?bB0wY?n*N-8L@i=9=%O;vEN zT@coMW%(RF-9-nu?kIq}HB8@d!`@@}ELa|qXBxq$W`ZgZ???m`1ReM&_e|tEZv20d z5b=*-!d`U-VZD@BMxc!{aM%9pb@rN&JGaZd&EIHv;iH#O0W+G*^6$|=#73c(fY0nY zD`G<52LrF!{0KR=rSaH)aGKb3*9_ZtngqB^N(cr`EAqC!x|+wnvBz1l{@wQKsTJ>0 z{-L3yV(vc)m;X_H!|;8iiL6xfetv^RCowo!Z>sP!q8*`O8~<>++AhqJVck&O)x(QQ znKK!8<&|A38XJb|0cwy4w&FLWD==yXVe{wK> zvWP=P!?jtFH>J+13z=zjrCc}kd{|gHu&m?MimH;Ejo)xCwrcYqi*$B9SrK#SM&>z#@Ys(kN&G6xhhp`yBc zPliBbPv$Ezb9yB3zU}$iyVZ3i2#WjTwjMeVXPlD~=v)gObTm#0+{t@3tS&R4aords zRNLH?2#`5VL1(p@y`%#DskFk4icoSZo3$S#gwBO_X zi_m}0u9T*5zDexwdq%TJ2(kp~*$G6ZqdQtJMRN0?%0mmR2ddtPvBLBPBkRz%h47NX z>V)x$^BV#yF6mv_uXjc}-46^d0;&T*&q|ph^u09b$VW33hApcEWjY|=TN^l)$Ndg( zAWt5s*LQmJRhT{@7Hx;fxR961^R%w_;r+M3@+Av4nC_k^yYP8t3(=olAwVWj!|-d~ zuh;;kC&fuif2Rxd&rQK5tCh98F!K5?TeA0oNq{yXk^rRL;Z z^wR^0Ww9NOVZG6J$Ep|i9xc64hJr zOMzgC87pciEfv-5Gm$wqb^Wt*mL=Nf%zJzrzjPrN4v;+N#&-2gw@~GK8p9T^>#=gyhUn6lM7j#~_wD1Cbvr ztKU`9|9pWY*qFK+afVYzV{H2gPOs_&NGL+TjSMaDqp4gyzS|a)bg(>LYFT`L`HsWo zH|*Dr%h9XGWFRi2h)B0N*FDTDK-lEruPcFjOSUvUlxCzx?ENX&9h`8y9ZDj`N9~%i zA2Qs2oRjlmneMJ#v?fhsP|6e9Ir0c)8d-$$is}+`kFf4#d$H$xgU(k40|m+VxQ+c( zsH)64f30@{w}~UVygAO~jC&8BQ5z)dw{JdO&9n3VPV?Pa_Dh!{-=j?5(L)ZZa+zTg^TF)BIIY={szE)0jgeQ1hyi zc7ap0*Z6Ej0wQc;ApSBrU9;JF!*ZkLN4=!w>G#TWZ=5aSq?3T0{}4Jwn(L4 zU;`9430;%TE(|#@Znpe>GYa|<2ot5&1UebaKuE6tQt2Tfy2Ley-K^w75l=r5r@Idn zES%QPFQ{-BtVeNv5x@Bq*YLfI(>QP>Vnu59BFqr#*#1>hr;CMd9*!?aVorzbioK`( z(eTvr?c;Y@3TEeCQbNTXs)XJd3>ip1TbC1JR5Fnanm4Z~g;13-k13@gMhZTA@IY^) zvg8o`dl>F61Kgm)YkT?@^hJyqybZHN_oq*Xoh{s|1v)n8PQF>jg0f8@!-!1$>)4D9 zY>+5>y;1zx!OR`57Va;9sz}IC4&|VoC89}2@X@4V|z)nA@%FMu@BFkgZ z^#_BTeAtZbFo0n;m{~+(9Daa=#=rixgM=Yr30SMyZ`9xYAOnT%@^^51cDq2^lN#su zZeicU=-D^FVtKA6-pT*7&^&wCE0c6;Kv}xOn$q$rPI?xn+)h92w|uawMdo{o;fSR>YK4wVU{miuWLUH0McWfxe>_7TfdzP1SK zh*>%rRl(6fc>s7+!1A({l|Jj@+pascqgF}455f?$fDL0D;trx$nw?#6x+_?_~C!wpqm4&UMZ zU*;GEL0L_f49*cLtd9>I%NKF%Grdf3q2o^Fgb}1V!Wvx;J7|ArXF|#6?|*{IbH#|G zV!`N=>aVoF+;bPUEJ{ey{M1FXV%AB{d!-axqjWj>KG1W?V?5#&1))iCz@=H(W*&Mn zHFan^BMV>HC%^)eBh5}Xl~&MKiIJGdb`iFqQ$&|hFKKnb75|I`fYWFL`Nli>8x!iV zl@i$o?1BX*7~o|Ak2J#cU0Qj9PKK<54Zya-L{&CvSLFy{jl^}4n4*baN15LmLOXf< zKJC(0lX?`y?9lwHyd3F-LKIWw6Vpb6_kUeE{>|O2NK34+anRtx7 zwIv|l^lO)yl8=DwG*7&#UgnlF1&mUuztIhL5sPc>BMk@E1LQhzM6unJ0*Ij%gUmhBT6arfHi z#A2inc>o1tD6;s_%0-x~@{f$?Vr+sz8WgJh?iSv{7{f#sZP*Ph8YnEN`%Ds;y43JB z-OYDkZuZB{?-1b!+>W{9{QO3SWShiZYYuSqTSKlT>B#AW=V=`s*|e`0g(*yQSoCvm zPF<6r1L}|mavHW-epPGd05*^ss*0#ZF-_}pPf;1#_BU@L=Uuv@x5iZo4#?(Z%c*OdCIEkhKrbw%a z)eB<%f6<_I@>F2ppn=OKnK&~{{pz;!ra#DTN9Y!9x0e^>JwwX=@nhdKPTIJcXFE38 zobPCYA;$25fV6gX!Z}f3wy|DyUQ4^4+~NbKaiE|t{`JE8p{Bv}KfH`hHC0AMfT*A; zo7Pwu`NTBWKFKcCI{`$CGu+m{X}4A{n|ey^wN(gp1x1QaH>dm zv&fx$j-6kn*~`d?Lv4VN~U|vg}!}MQMaR~U-0)mH#PTNWo}K) z6ng7rZRh1f)XU>zB6QnFZf(n=0JB30#$lXUkGPA6Y-*kTLJ9}OU)dB{j#N9P8T;XQ zKnVCMCfsI7+OmeW?Sd`pOJp;jq;*t6#h1$9!S1o12c6;o!@A&dBiZ2JMTFJ{8xF3Q zS(@MbyPPo4Ah4NAKMAt~e8}rxB4I5f^5Zop?@|e1w)#q%m2;nz)=`@MiLpGH;4@PA zBuypFL2q7;mj!hpd#(P1ebR6pPB=LCsK6F=sl9kIj~#aQPUb}SukU9c?MRz6>pTAw zdA>CK3kDvW)Kg6OYl@B)d;&w@aA$F%#CMmsRXuE(X{U5oo@zRKMw)27b5S%>cXra9 zmoHa;(5aSPxHZ^t4+~EF!J4X|Fx{yl1L_pmdIJr5`GQ}C#P>gvq;fAol>;pu)b;(_v%xO+_sHKA9${vo!VRbfc#3Ka`fxFRYfgH;&%Y$1aKz3$7<0vWgQVHCj&t+_UpIED2IfDBd69G;@}Its8Iz}t_m z5NOdlekl=(;Y4k(*(JKGF5un%0D4_Zhw$epU}GsX(O$fJ-rxiM*^l7LoJ_ZwAFbt4GoW|J(htD$k+v7wE}8{PjO=z{NECjVHap}cjmFvTDhOb6R615BJ_Z`7tGZb9s$7kB zpFrxcbXvfd;FWhUBj`e`B8BvKXk+Yvmk*KWM?xA_b5Z^RP7n=QOj;xGgu1V<&udu- zWaCmw<&RTpf86dJ)!~A-Mv~3>J(^%G5qlC%NAUvR8l^PI>mG8I{txLUg^1KVZMV^T zBmgXH%WP>{LAt6RTGyxnjXSy@i*cW=+g9k5LR}{VSi1fjWV=pEQ=zP0 z)3?*+ny3UC6$}tt)MHD*o&J-ft(M=~+f$qr*sFb91n*i(*jo2>DLi z-#s}8f3k>bEU5{$NF>0^WIEZ?j#@+PcYcSHoh^~kT2cUT>8P|h5Yl)6U$ZyHR$x#% zd|ZN|ty5eei6)U{a%UWk5Yy%c(KGP9MPZrt`nuRF9){?*bWN}PWJvnDgB|ZG>CD26 z`80lRT=Jf>E=r0+^XFjPwxv6ZkGt5s>_VO`3g6LpoVsI7vYmNlQNv_k5;zrhqyA6W z4Skc1;UAy!cT&i|8rrW2#RYgp(%PWEj;4|7^yic_17YOI)%eJbF}4^>(`a`I6+^9H zQ{+D*(-+7se2P3&s}#ysM6XYnZPGkq;ao>RzP8_2*05ya2wfN|^II`C?rE=~SgcWb ziaik?NqSC`6^gH)`I5{y#rHEX_i{1AW$=~>yzD7ILSC7fnvub7@^T2)l(-=aGiQL< zVz0Vm@u@Co-Dh$cl0CZ8A%b7QMcNR=odH8vpz42?q_O6sXMy zQDQe8Uf}pW4XN^1>Xh=s~=cTeUkL$%YQ5J+T zWedD6hGyj&{q<0}|GVnzR(UnW^uZwPYe$TPMP)h*YWYWw!J(K;%p|r5XkR}bNIP$! zlQ0XHw^(27I#YB@ElLE-uPma2c3s;IiV@(lE9_?Q=TUhz`#FCE*2^^KO<+iF#1yk< zDqin|4b%`l)K{Em;fNGfSfl0qf!eQ^(}ME*^yd!8#ddp<6`1b zV3!^EKNQS))}bl)D);Z^U5!hjux&$(djrac*pQ8t;z9`7B<1!xeSUn&F{M0ol-k*H zn$}tuh--^dy1~Jz?qw$CZzlsRzbF1f$oTV=p3-B*t#4&f4rbUpbKLqk6&HO9rqD-#Cw)<3J-#29yCGo9Yt!k@mx8U^RCkW-21HF09>U+Cb-p;TsZVoybgR{ zYdI}qbqL$(0#U{(nr*g<$%%fHj83Dql%dC#Nx zE`R7~X)Wa{70|un8{Sf@PnZ5U43#zoJ5fB68zcZd;X*bG2;v$pA+5qC56qPDmm|5iF=NWA@HLp+{ zE95)*=cKObb}#x#f-;|ZjwL+xq6om(wA(4`OUh0E(iWTn;dE|jM#m1jpt;MCa7%`c zSBBx0do+;ct=+i~QMH$!U?d+FpCg-{apromK;R1GrS6?(!(8woyhY@q<1DI(th-A%_fsz~$aR&Z^$dmp;UfF~W86a8*vhW#3wq}^wZ&ilq6?!=C|Soq3Y(&mQ7?Wy1fYmr#K|BpG$VfmA6LI=oTWf zThgb5{vWx|!-vyLWjH0mb{oWQ=ocD<6j=3wmxiJZ9ulx=Q286abDsP*&3K^aW$j~} zwHxNw@Bbnd)*2lx7n@q#8}vH^8_(XtF=WthVS=p#63|y4sr>fUiFYDDL>ZqOdx#hH zmh*lSCyG{-v4WrdfBkT_x|XZt67wH32Ec}q%00wje4P@YDE8oXGdcR6cJsGJ^Og%lBws!j;}qXv z+AOINfAPHU439NByV=SzjrIXc4aMT`C36#(_Q4uynb(eyhL;q&`9Rg?k?^>Wh8R1F z(yO~KL-Wu*rwSg6mFK+wRWf%CHVsg36?UWTrKOIe#7lZRTCdXBd#%LhV@seZp_NfS z!CCX2g%KL%cl}dmcjRFVaG(_NDYlfD=VzjBy{gXj2WbkJqJ_%eH)~F6{WtzV>c+4V z)(#iyjrFGAy(@hm-2qZ?&Mky}WSk3%b)}0>eE5q!JjgBmuFIIaa%nij*$FcK!vRE+ z+pk4GN5Ys<#o(fIS@$yj3foC2Qo}fz$f=maWanXN`9INg_h_+6VdzTW9oU`R40%|? zZqfYurCG@72+GnGR-5K5I`tOk)a6;yL1Xf`&MMIV9JCCepo`M(|6bdevq@S@sd|X^ZO5@et7!_2}3iBnKw}=h$hwUpp;^pPN zI$mO*#FRzt#xbSa_==n>f-RaI0tdvl2#NO+-%iH8W)BpnTdFdq(xyRX^E7#p!g}BS10ZQ(noEZ+C zmY$y}7ZTkCZ}J`1tZZA+Tdc8BisnFem#Vpx`{+5k)O>h#L}WOTw>e(V3LPap@{Ue$}!~3UUx^`!LJtxM@OMIzYPN>SPNozREHQI z(RTnnv8L-W^}l$bh_PM!*`2=K0$m4y+S&c166|^*qjZtY8>?iLbnzSOiN|K1TFCbO zuoYPnjExjA9z}QHf#{JTN)`s#p*q5zD45;O5ahRDyowxXFh@LgFZbVsKa>5opd@;P zN$|tt9G9h6yyeKrhdN0>n$T@QIyFZQ*hgVx`e3$_0c2N6nGLp;6lvj?wS4eddh0%K zLf8;AjGMe2oukOpCUgA5f#{A>07CI6kYb|gHw*Qb;P=A-ZDGL+vM6D%IFU*p2fWSf z*RJ$pKGA6olbgVP9`H5qw5%+>GR3ju7)QJ)A!WWZ-!Fp$F+LbKl-x{(0tcL1ZSw-z zD4o8i$U~!bS)qQnG1?>tMq1DK!MEM>t^-RyMMS`5J8NLZFu{7yl(~zjFy}&7Figk{ z*^m{6YH!S}%_iy&hH<+5B<`?sJR)_%n0V3Bh?-BBJz*N4wfrG&(&#U60HY>yz0^0$$f`ME?;ka_Ihy$2xd0t zF(DJ?C5xe0By(VsG#?JKCFqf6fN*3P;?Ma#nLdb!W0!J1At0AVrQ84O@Yq~X|7{9& zetV3xWv)Leui-A&<ZGf6jG0SaPeh6#I(q^_kbAX2a-t^Rh~O`OM6v=h5uA{+|Zz|M#52KiCA#B0*qON}9@-9D!o6#T%QvEYw1$PQK5g=P^qS;8A{u()1rFyRzd)Af zlS+<+OVMD{EeeicQG-D=EdPxmp+ijf@Ww=(ZI9Oy^UVr>5OQ1yk4NFPlP3?fui=1; zAXM(?Qow}OkloMz#XV*hMY+&Ge>vGbl*FPrb8nVw;hWYpPcssbVnGqVgINwfMf?j{ zw9v>7^m}Z>!$?uXy>=B?%=hcgS^gfE$~21hIr1GR1#;YHjIv3>F-lufle zIDYXV*s&CQqx|V{qm2OJ_LB}xFGZrK%(t;jU;1Frhf5d8 z%~1vS<%dg=#*GLpus*2z!hcsF+IG~=6vs8}Zb=-FPm+5kzS%DS>QI4M#CyzrJoGiC zYusIfL^ZGC#30w7-w#w&VR5l(GK>B=RgWDw(D2tINA7jgw>Llh`DoVjL%jWH-VuZg z`}%wc=Ze36mp3BkyDYPMPj!!C)u8s=?^X{@nL(_{4<)_ObmMf_VgyNxkL-dW@l~3b z^KtJB92OkOG(vscY8)7XP%zV{PWIg!MNIIKqO&400=cbBr+62j2ofYE$>9wtfzGkD zDD#3iiNcTlLjj^qe-J1U`f#xStMTmzNT3y3Mc>Fs|KoU~ltL@RsFq@u+^a*8fm1SO z;@%fx9zXmpD2(?OmoQm^GTF!yE&>rGg@zuT?_Il#8(><#^&g@!)>bT%zg-JmpAscg zx}%C2>zMl_BL6XBTy|@CVrVDjwNItU?kihq7$sc+mFhsdrrzF`U7zIW4!dGQOoBv? z%B6@m#}v;3KsE22yGJBLEG3h9d-Is7FpKP7scpJ{ev|JR=^06-20eo@=*5o=MbxoE z+vZaF7Yg{b=J06$R)qFTBA4=uZBSHqg2qD7SFiJ}wTKo6ef#so*AcA|Y0Qc7)U^5{z^hMf$OPm^8> zd{i9+#Gc~1-(s>nC#HW!A>gnM=qy7OHEVu~GxY7a=Zx*CvT&h^uQrq{By9q4phTc@2k}>2r%MBrp{}y#B%%0ky@uDeZ8VF$$P$2cM6HL_kQQ054!poxrH`ZvI#-< zn9*s{-avJ{#K4ydvohpk6FLd1Zr^iQv->CaaiJILOwunw5wE1gNiLk@_Q}Ss1aVtN zC=*=1C)=e=gxBeq$m+M_yvy8wMG_&ia;g@tNxDNv4~+i7Oqi<>!o4)$bclK3Jnotc zV!m*?m&>1QYgjiga81~z3&U~8wGFt}Zy1DSSGWHWHV$a7_)w~T*kgZa^`wd%^Mf^B ze1`OrPDhI|x}M;tSfvIR=rDVcY!{N8p6=PU9l4DQ4cKp;DpK$PW{OJLRN!|ZVE-?-&2_9~YuJ}KIE~uo*B7(o z=KWCQK~vu34Xs1jaJwnDsco2Hbmuq(aK0OI;j2(xva3UW4fuF7l&s}^Nm-gP`y`&L zq(pQVr9lIu5@S?(guGQ1q+twGRo#AR#$O!WNfO|1+*veVIA{{gy*N2jXYi|I^P9*K(ohpVWp4nOpd;3$TLZ5;ZRw zeB^PWe9S{ckxYMTdP&vNWX>AJnG^L5vxHH2@Mn8&d?$%odfK+^-PGw6cptCYSc#HJ zbCvLyOr0MrPV=a?=Q>k8gCXfwbn5j(D~X!*KVoxAHMFzS<;=oPK)cTI<>4q-E2dtP zdn|>3NBf%hoWmOQL3(xaMvrOs_eaIl$BD1cfE9w1ig6O;BKa72_XkXimtViT_=-z5 zB^E8uFdo$S*uwvRoxr{}9Z!Z|ak2GW89HlG*hW9wl-pVSby7RkrPixDTUD z3=Abkn7i|nza_;#=jpZ40-;@=*+t)g`&^k4n(Tk={2$pP^sHj6j5&YFRb?#I7w!#ChmL zx_=;Ehrk$jfHUp;^Y09-7(E{HV-@5Sn`)Sm%6cRSGM{7`v~UgprnELK{GYdE1&lSt z7NpUtmnFNT_rvzJOliDFEJeHhuTx}NK7{hf9`6h%i{1H*u#^`6_A6|xDqNKb!}`3J z;~Lkg?o*cEcos8L#i*9mEFI+~pUckvbro;Wi(r0MI&=iu6=q;nO9SKM`5)E5|CB=m zkz@eyZG(|z)73=n*1GsQuakvL&gU52WN1DmdCiN0fL@V?lWI(Wt;SQbfpH{f+?}Bu zn6oV;l_3ax6wipPo$w`kBt2Wu)}Chj)p1y3_m2wB5U=aD%|U<6CzZc+m+H>*V7a@I z@6{(EJ^2Vx0x?hK!6_TsaILuAH~;)Yw^V`L66RF{{L15&H_L6@3greR--haTqaqRq z3GG87^LZ^@?4yAPGRR_REF*b8=iT-<#@o-NJ8vFeC%WD=I6;Q%LxJ1@ACMVC{FaTq zx3N8awUQ{p(@VgXcPnnc-kc7n!)b*LUgY!XduP&#A*=cROKN$qhd<02L8u_$nN&{w z-<8A#HwO=pHgTtp18={_TDJ6@V`!A>@%>@NX=;_BVN=r@)TqYO<8Vh^?Bw-LC#kVp z!(NfNpTR_j->L!rq|!*R=h;t(F}e1A8tII%CRSgU7Mn=GfHz|-d8R#?;8(o1NixM z62rGbpZLq2g5NEAR$%Ey_2#sy98Cdjj~1HZe~@YYShx#v{nLEagHcvomv^`@MNFd9 z>2_{*1FfHE<>{%~K51%OazAP<1HM1{F6KpZLrU#bhMh{}k=;Lz$~#{YkJp}XzLU*X z?SNcI4E0PpMe>=;|KSrXxyAX>2jH%f&UrGixho)nzZJ+pMhAJg~x>St)ufE=N z%nMm(`!%0~g)EsfKyQBGG}@$-X7EzJ&KVa!%7th@a2B2FbJR83{YRkfi9;0sAmBrgC%8|+Y{>E`Lzjw#%!^-<|>T*Z96 zlPGf3@s%)I3^aD9)ZB_xIb^l; zl2&yoUbfh{_@PHE{4w;>k|Hi%&MM#k{$NdoY{C#6d_Kg0+s8M7vcoIOdC-DWOJOfF ztKsKxDY~&6%_LaNW5F*S0ElVn#G7isjkh=)$(QJ4`%s?Z#AJD9pYiV`@IN&h$t8S2 z3&acrF=WEzNP4y7TZg~BBn1>iGNlZ5K74`yy>WJ8BC=e3^6USzz=Gc-Em}I%Ai{nf z(!fqDeaZ$35C=@m^653YjS^qCghfb6W5^HzuPENQMDLm|zTersOE)^C_PW&Ul*63| zyo{W=+>yZr_1wvUrloU$GM$gpehgd_;k$k!UOS5OiqzF}vQ>>j7pem4eQP=7d`DJ%uO{;(Ihu(SRDDKz;v5oyUUuqyqFmUbgYa46= zzC@Z4+hb9_BY{3XKkac69Oz4#1|?eHXT6&Xn}U-0eOzlA{rJOKz!+50cHDYo@ZfQ> zLIJyP;ei`hBlj49?A3$^f~G5i0?HO#^7x|Rr9*tpn`Nb~a;(;+5fC-uc&5vMT?E4q zYa=v~+>Cu!)=PA^?4f%dkVJ(QXo*VMni`qNZ^H#}3k6%Xu4u7-nfg77)R+PL3SGVz z%`;Cx@Cyc60c38Y8n_Bi8yr9@bvMvUO7OGf6kbxeA+fjGr;d5Me|Rx2GC?>En{@)) zPKezYtfNGHL^dPWSo>J1cPHja8*~otKO)uGltf8}8&iflN}eR~lGA+Z)YqmO0-f#^ zp7?f5vCAIXYvgMPr)a9Au;#UzouC9uLLp6Iir)-|j^QZCJN`-Qkh&qvM0JtBB7uK_ za^UX(Cuo$s2$bb!KiO#hN_zzB@Jxb!Aq$hK$Nl)N3ztCu*Yz)uwGf3N2w^tH={z#> z5^2_=)d5C=G!_rn4pkwFT^-Q(Vw%PF?aAscuy9;Y71eHUi_LeFkcEqV^ezv9gC+$D{uUgtquI0 zCE(I?9R$@5Kcxa)|G~%iD^)zf&f-(U=d73Qup-dJ_|R&&nN$(k5JL2?QGhxgG!XD#Y0~mx*2=DUrhCMIVEpO8^|U_D9L^dPVLG8JC_Fnce4X zYmwpGZf7w1Y`!7D{E>M%~t9KnoXa_ zO1_{o?KD|JC;ufd(M5p&5F3hKP!TZQp2<~h*&`(LJ{d=vV)_{a|H11jj+}2m4KFSy zo0TAsm$UQHB>)>SOAfIioqq}^?jO0`|D`3tf8q`J@BVkYkO=;K9cN0=-52$rLe|+l zU6)1n+$#=FU}DlK9yyMfEGROHk-KMHNN1SDmZSRfJgJtQG?7Oeb$ zL^#sywb|nsh$c!uM$S!?Li~BifCjOu46I*Gd@iE0>0=kQKtT_;=M!O&7gja&yq38q z`1VS-guBD*NSch!3s2@!ddrHCXY`Fm%;BrN?u2Z-4o~=uvTN23Nuyy3xl5~eAduXb zFn&#v!9m+WlRVC1{)t0_!0_A@N@fMFitNH+fY-#544hxM$rw`uk=XcutBjoy*^*Ky3>+dfwINQ_r zC6X4&l_CfA{V`nWe}rcO{I!$Q`KyNavDz+n&i-#pSn{4O;rBTTMCSiW0O6uPKte%6 ztLaLI*ExYk1WfQxc*rmL`j@}y{# z3CQ?ivym|KAqVW69u3y#s^dC$6m%uH;lEE#&5E95&Z(~@e!yN88n zE^q0^EVNxNRBRUw*i9$xFil4R&}Y;q{q5A7`D<@V4ObRh#?- zX0fXb2XMn+s!+~P@0w6vF*+fRw~VV{(YWRx;=;do1Cvg)VhRLRHC2q;;yFOu`fuI8 z&%Gc$a>mzX*}DWl!`R;pqJZX)d91MXUbAUI+sh+ z(oBb|wYDtsE%QmhV^6Zi{RO6M!_!wc%w3^qRqZ?7kY#0%6y0%fjud|q5Dvo%NbLg!n z(IS~ntC>39R@wif+*;~ICDRw=ZfZ&->P4GYd&5qAhmD?Nydx-mm(pDyqwQ3KsX71l zB;7X&?r!n8e|d+QnF}}MR&QpG)vL6fQ{%u&a4+pToOgvS8vf}k|GPy&Nrp(Cl$;zq zciH8_`Uc4tx`|A7d>MDT`isqOs4cCGs4#^8zkBk;gMB9P7*Oe0Ob$ zQP415iO4qeH}MJVjd+1#9FyFAJM`pgnv*EzgF}u&%=s1~1a?#$y+tAv-i}=mpvB}H zbuRbAXevII$oSg6b5Vf3TawhOVH)J7u+0)v3%4&2CUk}@Bdc7Cil&_FlF@B#%E3oK zf+b$@Jn}st$9XAzUPr_JDjt4uI_6KV;t-pMZQ&ZTj??xIs#)S!*M zTG}H93U*d~!0)~;yN+;RL*z%3Wu@oID@OA*srA=H-Wy7*UjBAM+~r z-yI5((bCX!TQ~spTP6}J_XBGdNRx7{zchsS{mB3)GBB3Cqb{ zNV9PcrZ`e2E`|kTT*w3NtTm}N1s*W8s|*(Xs^4zl^{mj1d=rIkDN!zkb_5OWb-cx) z?kq0hGAQCmQSufID+7uc2?JW%A78#T&B&eQpH)Sv1zUizny;;$BaJb7z z2Bz-B&tT%1#fET~Y1R&o@N=VYKdBB<<2uplzRX~%u?^zg+Tm@q6ES?zEgp6nMwS)<<(=18n3q(81erL*GQWM+9jWFurS$CT^V1q zQvYzfgh?-ejF-k_ebkL>gV8;F9e8&A_u^WRKs?)WB%Hx+>i(P$s0N23^-*i*bt?} zxkqS-X-wafXYq2_CFv8zsaK;1`3ng)s$|s{K{(Kfm(E%MB)pQX|vEBw}hLL^`zK= zi$LLgjKe>0eFRXFk}nKODe31H%GNtamMu%MHbdhi)+q8>;(58>zVl@6J$f-mRdqq3 z#b3-|INSVcDMZRWe59{NEzb+xp;wX$+=4NBhGV)6XAgA7Z_A!+>gb&GCTMuyZ!VJ@ zGzqMfb1o@7ce%GnYdXGPhmP17$)c?MhSv>SpjCRD5J1dvO5kL<;l3p7oA1b$42`se zAOyQdxLVdxJ?chJOG~TAU(>NG*q5x-mUK-#(is3NQ2q{aP7U~eQvdij(%7NHTN?%| zG&-(sm4B>cByek5s|2p`_JfUz+P~y&Q)LOck~HZ~aR7jzJzB7YHbH81yN5dtH2sEX z5HAN@eV#=1L(KC|wj`y{+w!A$gbK-W$jvKLFI&1g`MlB;wanRmpY={ucZZ)<1$4F) zAb}{!>&_3qJ$@$Ef%fR|ntk?}Q#+N5*(~Yyn~dk;qsN6upVcpo@e}8~SY&={;evw1 z7g^&!Iv0R{l@l7uXWOu4Ad4kS-G{z>>u>+HK^6hswv4Y>PD18W5vGvU$`}6vqv>Ea zOYhYpZ*o2_gZFy{7`w8e;#vZ*g7NQtrPwffY*3KwjHXd@r>zpr$QR`BuX2N1ER-ZX zAx8ycHa@*PwmmR3!BD#tm55K$`tKZ>nNsZjw;BL$*_lp%0T&V9wK=4AxHJdFJ{2id zTvy#W)VDR?I#oG~S6!HA~_B*MBWrH6rG1`(P_!DP$>{@$ZfNsL@NQ7ir zMqNIlI#eZPWoR?MPmQ14J1TUKkZ;ZhY1;C4YrQWxa#x2E*M+Xt$I`36#8mOnu|pQ4 zh}qgmtn;_yK>XnX{^mdAqlPC9mBY+QQn6u&Z1cN|*2Et5u|7HvOycKfy;X6dQC_GQ zoYzM0d8J)q3Iys&%1m{_WZ_aXLLhOku#p5=;QZ*m+P=AHxUZt^u84dAar?Q>mG%## z)g}ZkQmm6T6%4wcBVWa4W%Odkz|VXv8r+=Q=>6_km0p6IsUcOgZhWmTw)q^!3c%fL z(U+Qmk|?M>?jE2+7SFYQ(gzRm2RO~bE}q)4aXg>CIu8o%!0;iJ#+jiW8F=fTBU-?m zE{1x*miMu!<6&IvX2~wDoe9!%XXROVZ2>-t6ImG*p1-?4T8(_w6o@Ju58hCwK!+(U zx1f-iL{H`Rf7u8`2w2JBsj9yAWG@lJ6@eWYJLXA8lMvWKmeZ#t?#KChZdgySbt^t{ zKp6U-g4b-Sg@X!&Ht?5%rn1eKq?WJU^Ps^~R8HLVS^4nFXoy=%bcjpQU=AJCE;P~z z^A4u;F!A>Q)I%V!7U+I1`9RheH}asguoLVjMZR(H(;~kdEU-L3rB$=={M96rq zh<>x^;2+|}*6|Msa0bFF3Ghlqy2wos=1P0h+99FF+*&Z~YCJEoZf{)&Kkk7*)F7J0 z;PMrItjg{bMJnqO6MoTsNHYvK+O|_+I!=o!EK;JD#kt zZGvfr{pcD6^GolSClle?bwqN9w$5W5emp{!)%_~ftt0VeMg;hxGSLu}NDD)-bAg70 z)$I3K-^~rO*cs(0!Tie^jm?y2D=xX>5biSOiS@d2pM5w4r2NgN=14g9%T8jXLeQxE z;C?5P@J29JTU*=@FlasOBZ#)+^fD0vuZO~|l9_t;F#ZNU_+2iG-{H_|BCj$Ok+0p~ zu<|TNR3PEROX3{c=$P#nBElt`4}RSZ?F5GHLOfp37x+S*hf>7TcT6>fd^2dUNfdd0 zyzmo4+ELOrGIBr8MZ1e3n)G7`5wg_6?QtKMp{$57Y^ZCrG7 zW79o)Z~9-$_i+)emN$V?fzx%3KE2JESip0^+;O;xt7S>Rf7csl?RcPl4vGt7 z(*mUX)N2HIDlLy1u6wS3p0oRXX{!eZM~!kJEmkZoqtboCAz#*E0l!CC%l=9F)|UJg zm+e%K8o3DE!O$Jct!i2Vp<%5h4C~5|c`-nQH3YYdT*{~7)5&|8OQ0AJnTQ71%~zdZ zUx$qMBvAIaY?g%3TIGrk9gZNyHUy(!L&I#U65}HI2gwRs)XA<=F#-l4y>HN;lW7|c z|5H4^MM4Z5h-v5IYmVAYlH2N!S?DIL*V<);I%+K_ghu6w`(-g5)hKK)zHjzI*Ld>S zUs-%3wvCl;OmAPh?BogBac@;dW{(~@1Gis}u&wsP86w}Jzi==C2??sxMa|iwf7s79 z*JhW5e&Vt%Sh}SNa3gLAFw2KS`3j1)BLKcFcG@@n*7+^R<(KDs`JPwm;)@hz0YsVJ z+NJ7M%h^t?Q9z!9(J!XGD}2yaLnf`7qoe9J0;uwU&uy|l%pgA9$VFh-=NgXcT4@+g zHazjZ0@vn=;ZA&-8~Kn(dR~0Ky{ZQHjf_tk#Z9;$?^}IuXOLq}pSCVmJbkv2Q0Ory zU|}HBn$pMJQ$V%$zPqU0dcDKQdQJQIVA0G6Ky~~_Xjd~kw1Fx~b zS78(ee4)3;-yh!UAPeoauJ|=EbzVd!1Qb|nXdC8%69#uKsOMNElFzQftf?Lpx$otx zrK_eDs-#-C4pb>vFP%- zV>lzT4c=C$int!x0l@)!Gpq0MABKCL8sKm#OAew$^@UHwdas-`^9L;*hu_jTxb$aF!9 z?s5Ky1@K=fA6%SQ_V*z<)=Wut7kHQ-<`YoiOy{fiXJvQGv(Gd@H=NL|{Z_@&XZkya zQ{nfRIkg6qyk25HFbY6Q@yKUqBSxX@vKQCmzcyBy*|i(jT$n!qmN1 z!vbC_4d6i}D?i_d^A_jvP~ZAF{J~(6#$wM|-h2P*= zhedADNcR@l5?dioY` zr`UGdHBgdP`l2Mp60I8q7Zk*MKqr$mS`RT=M0JtP{O|`7+VHw88@f&qIXo)fb#~Ak z5owCBRZ#7eAp}l4Xp!8mpiP~@fQLmOl)a1DVsd8LUtB8&D9j? z4)boLkPS_rL@%-W6UMiM9`+UKy~1kR8`|Vf*tPz=Uh~%(c+dVywy~qPKAZ`H-h;NP z-txvhV4rL7gBz~@TzjG6tb$RY=OoFcpgW)X2BB!Mk^*eoEr7Ps9Fu0h@_$#o{vDXq zI3b%+#GZ)!k}~LLE-kb?i^Ax%U~<*vvv%%uTwsBEwu=<#kDUpf3gf&&qR%MLwwuR)Q-WoriG1-g7rU)G5_^&pG9`cTa6H#Jud~eWEz=OwTcFrQ<<4B_9v%(&3(qY{ssho#4kHw?*Ch6H zRzpZuA9qY5jrmnsY2M*Tlvmf+n5LwE?nprdv5=3@jYr-k%+gdm6a_=K&dOCq)}CLq zB@y>QRBy-JG4>rmukCS9!r#7Dszj=)j+Cp7X$z!pL|sU@`%+Jmew8m?bgPO8e+VaZ zm-T}Ssm;X367cTNNbrRe=t%nO$KP!*1P(JcPM1`*7tPn-M*^hx0D`o#==ftnO^3iY z4|X)$2>HHS)Sxq|8?N?sCgwUNP5k1&YLXk2Z&d5iU)VW%+!Dd^nEMajplOemJ!*+3 z7Ph1$?%CyHzK@6A!4B^np{Ril0dvGByOsr0BH2AWuPV-{%^b#uT_4M&*)NW z0LyV&FEuA3>iH&zqbCmD>|CPc66*vb=$M~QUTf|S2dv(?--lcZLOa{?!Tb$4ki6PG z-P-MCVzycc#dc%Mrwd(R+j&wIfO25C_r^bTJMWEOYXuwPqw&1qUL*wj6J&QfR=~g` zlWBFz$BQ{!L_;_545mac+Q;fg!A41I)RK=z&$0Pc;&ub6^9APWnDh_NHPGN*_cjUD zh=5TOd}24*$!ih8v@4>FP4q?=1rfkoOFVo1iSWcfN4P)4km~XT*k9Pnf^+`Ynz{JtXBH_us!_ z>3=U^6SU)(fo?Z11^|1x4m&T|`BImu>XE$7*GUXVQ%y_t+XK0OimYy&rW%&)h&t|; zE1folvaPoDy0+@=nyayLX%Jwg99fEj+f+#B6~l(lq13dOMhu4fY|=4e>u01m@?Gth z@TM7J06HR>?cD~xtd{~-OUTzBTpCsJ;`c*@Eg^}08wP55#$F6kDBI^qpcqYZ8MiZ8 zj5P_e=Fy>OjOh%~V=1&muq28X)^x~OU+>U=$~l2W*nu@0YzZcr4bNP~WORWG0v0AH z8fehi+Y?&B*$1*h=lQCI2mA@`5zITcjX}b^w?v;6(o&<=zTo+p7NLQuS6f@|F_tN! zKL81Iw(-M+yzo0Oua`R>L!udXV$!s<%jh+@$0A`K?WymZw@izV&YK zy15L;R!gf4Dh&*|FtxERBmDQ4Wi%d!Yx~gRCe$X>+0uY`DPQSeaggkw3g+uXER?O% z#~}US=QoXQLh2?vwPO*G>j9V@hHHA+oAnvQ-bfde&zBh=y~o*1#+TNbpIkVW2Vrb~ z9_s<)mGv`C2ADubXFL;Vf!gPVVQ=LD)7=S`Vn(MkgGV)Y)9G?@aPN!rU-)9a#}gQ| z)|+)b$n^plHA1gLM$q~G)!8NmC0^WOTp%tz#}2#gFfIyvP0vGmhctliI_JAz)YN7! z(LnZhs*o?=){AeN%T&<}F8PeQ@LE(_iWpmxvd7BX7R4ZI)leJ4^XRhEQ#J zDX}*R`5RgPyZiY6zLV6$yIlpQr_I9MR0l-8pBn8KuZB14Mlw=M0hwm9WT}?JDc!I- zi)5eML#-;Wf}E<;HxkW>?{eB&9OQHN96!pNq+<(ko{0a8Nl|OibJ@_~QuW5I{ z0*|9Zv8H6*8?btCgZ!vUlo&b>D7-!g!_$<7Ti}3LsmS z-7g#x%}CXGe#+2KG$e(eW_a2@?{|CJcB;}ou{;t?IIKxff2T|9}gO;k2G#Q%??kix6+^WW9wHN%RiAUe{t zDpSf(qGSOVsZ_(a_zV~aGPnEN?wsi)xS_(n(l7!qh}opbVHR$DwyCw(igtWd`0hj%9Os z1>G6nwQ1gOrrf<3^k}pg7emZpv@!2lgnBIDYUwy;^_|T>E&!Sk+@3Ooyo`IGSs*r;z1qlu;ad5;A-9ZHKt~wB_;BP&4ST9 zZ9^$b4YEin+@u@A8bX=kN)58|2h`nsYddv;lXP9on5(W|hyU*~l81$kIy3PW%S$s64*S<+IMO4|r%w zLpvr)1b;V&BuslGm@VfAoVHv?t#DQo$jiOg-V#rCDnuo_7pvJ4yjLOud###?*z)+( z9gJ`t9fzNl(0p5KHXmpkC_r9PTi_$dM&2u&&-Apytqe!H59c%dWqh;Qv(`}&b z2qHIo9>?5?nOeVvzK;6>|C1o%zhB^$j^mGr&5}&E44y{DSA2diK5kliy$~U7W299X70rn$3J~wF*C;1FJ7>r_^~J@H#32ZWVOA+ z>KtjXF*k3rX6Rx&^o8oQfZW3T3(0&$=eOZ$+?$sQCh@dgCRj8m-lH~v4zvEKu)1`w z4lH%PFJo7~tk=Mxk21k~ebqQ)H|lm5x5~p&lFgSMVwZWB0>&k z;vL6-Z$;8W=8MlOWSuCqY23AdLA^%Nk<(5{-q#d%?J97tmll)AV+7rm{Z|Ew*zDxI z2Zu~vOZWU-HfiVD(`t8zJE&#%MUSD@a1x64z>3r0PzmHk3oN(Vhj)T(ojL7@3_oRo zn?;H?<8#qiNP`p6k!PAHuSu?6W5Xb^f`J2UOtW484k7JBu>IK+5Bj;KlRtT(z55S1#LxS z+D6H%N2?(`iV~eByw2}totnoBC0d*OTK2bGa!+gD`1Ab7g`~PwSBs{MC*#UkDU#kK z?Txw}zW`-suuS7WsPAriywb0D+O^y5e7oDhu+nCM_x9rdi& zEX?68ID5(rzqoe$TO|**I5#Ps&&O(KL%p{+kfENpXPazlavI4SaZ97;N8Z=@;hNOM; zyK-J~QOD=Hg;dV#Lt`eN^>Dul`NQRr()DqvM7G*KxpLPc@cg7ElP14P>bIQ7T4nD^ zS6HgUOrt2jQLw%Fo3A>`!4|}?6}?s~o5FBMl3HH99j!JNFKu+N3+{Ycx=z;%4pcha z`h#Zi68Y@~_rkJLEe&~JC~^eGD*h|1{O?jQz7i~R=UWx*?@f-YOV`Qzswm+~qb65A zTB1}e?yoR@q#OG$a<(1UNdn=c?Dl@EmRAJ7?waU2b7L7+7urqv3IIYfqtYV|Bf8B{ zLfbbC;A-oT`Qi1u^An9DTBwwk9HA~Av@VWd;%H>KCQc~-XvER z8z6AKTbsg}tRMGEOw{4HB2|$ks+z3F_0Vi`ymrDL%lAJI&1Kgfo*Kumy`Oxi@zUKc z0^x_$GqW+9|K_Z=;DdtyiEC)u>DggWmBeBvnN2Lp; zH-g?Ev-z=d=IDmweXF*lA|1VqXP;3h>gdOQ9m0N8Y>r6k$K=OX%(=|MbX{3YD`vq- zlQOu|&65(YV(s7JVGi0!)ghhcN^*IiOuRD4_mi!06)iVG+wSwvenwxCU$!m1IU3du zuNFbnr9n8Qy_9<7a$Vod4Se=vcQWe7nO}!Xg zy`NXVseRKkhS!z-a*dK%DH4BhI+Ht=W|KJlJ46>U)iu1Cy_L` z=7t3W`0+jSseWIY^H1n-56Tm1bvqzn^u2nogYm?Kwker^`scq6gB^Ngk8H$@?pgOE zE%RS<-!*59Kz9rekc#$`CsdkR#;XyXc!KPch_v;vK%p1x?4B`xowrlpCcIZa{*b@Y z2Qmxs9~NXQx8IKOb#u@L$KkH~HF3;t=)Ehm3B#eLL^=9obC&D{>icQF5p(P77$^Br z>PsLhiUYaM-pk}}DkE0%A9Ao!s0}^_7Gu%tExDA1j-q0IyY&vgg^3p^JDkt@&4Kh{ zNJH$~Nd$A6lnvBBo-vI=G_ez(CU9geh$-8t|8um_({*ha++n1aaOc{sI(3MHJj0HN zSySdEL7FWAzrT8(iiWjW7|_tLBc@1c8;I0bCJZgiwRWZ@csG2H5P4tTOdS>za%-N6 zZiA`}Qx-#0lA<((nw}-RUJ1~I5HvN}X0__jO`EPOm#hPV2(&UE#Dg>NhUP9+d&Ovo zt9j9av+QIE(tac7NoP&=(hCeNqPQfEN%GvKq>MDADJ}_V0Vm!XUsP?u70eO{1qKSI zCFv1w>G`=Fzm{nOzJ%gj(NUs0bRViXsJ85&3*jv{%3l?VVyOZQXzgqTESw4ZyBIVg zRPRM=N;upPe`7CHP4h5>n&WRO8l?n!XF_d}X!6$IQfYs9(0oaFlM!fu;+~G)i?~EG zqWP2}vq-7o{}`lOSR4D)n6||c%<(`QP(~xm{;;TSq&jXUvJ7y%D=`=uWJ5jJ*HG%^ z9lS8jJ+U_z;t_K%;Ib02yr885U8v%vCm#hp*iH|iqt6w)l*XC#@i@Z2`-B;MMFx({ zp$4~u320nRPZqx&HBpDEnJF;Ek)R-8GN^0P&mcJ~jr~qHS&8YJ25?tA$*~pEr@OYI zQWNRT)P0?7&2idPy!Uiju`L~SVw`z`yR4M)pHF&)l98kE*KQ_$;&Jd%tBG zC%k)N74xDu$;t5iX#9-|e?~%UUc%>*hGi!H^M4&1@Qz(eIfU^gH_znnAG&sM0c}00 z@x7DR!t-W0t;eCQ^}--byiO{(qmhII2c30u#arN4zA+C}eymP>wQJW_W^`qySG>eLcYAS=Ymf&mrY`D%^XTBt?k%ag z$tz5xEMXk!*J@jzP^Oh{$pl{m}4Sn z9o`9Z7q3!M@X$+)*_Y0aYU+9|W+1OWoi~9Ba4>cTeJ|`qs8eCdwFqdo+CFLUtLL%A zgqZo&Yfal#Jy7T*cA5`6J@bvqJvEx{X~BuQC{Ocbz|Aj#URiSJ&f2K|^mM-c2jSEH zo$mH*-`iLihTqGFmgo9hk3R9FoAjO~BPBn$hMDt{ytVp>k@R%;(z+mjrsL9IdN+yM z01;GCH=OQK$HAx4PdjJG?}sY;=~zREaYupXhbT}8OQ~HN1~lR>ugGi2_iG5`H{GZ$ zs)z1|Mr^M>(=^2|$8b9kJ`QXD@{Ya6CA@^$DQ!{K# z<+xCJzg`u@BTxf1iqr?r<%K)ZoTuyC{U?+yajawc%mA!hiPg1H#i&6AfiGWbEpI@(69-A^9cR?7j| zyd2r8DCNVbqu*m@#md&(bc{q(uFt_C-swL6?~VFTnC)bqrHC&J_#dZ@zZwxFh*V`y zTidkVEqJLXkB->;xU?R3P*+y(w73rFVxa_c1-+_mgihk$_c9)68AQGPARLetu3Pe7E0#1%cA>I=t#f4#+_JUN5IlI0!liHs8rEkK=(HLs;tUbjk79v9;>gimY^0YEk zf#Ku-34Qfj7_}oO-NvYdVd;f+E=3}JR+p~U38LDJ)sl^ROffS^92ZItOd~K7BVcr7a z?Uefb?G%h2o4T8Mx-1eHfBBupM3Z!P;sIl)AizQ@3=49bLJRNf zMKqYoRi00=`nTYi6uo57c_hDrdK)I`u$i5sP}m_`)egJY>Yt{;|68~SF{V-*z+!GL zm8ml$|F$S&-S8_NOoXcVf1n((=9mk%aI6>?eZU^?4_N(+)-%OkZfBO7CnHHE zpuI64K~HR)&l=-Ji-RR@HqXZ=?_d+P`mpX8p;;uvE%1^3XLkh4sPEj6sq4BTa z|KA{#KbKSr$>x?EYXt_esR_QoZ;bJRO-rRrvr=CcTOwjHSuG=A%Xu<48&;IS$uyVq zKy7IGk5zgpY(;{C-vI6m)^!DIt3#YQ@9hACM#blt&Z~G0JOX~TaLt|{-}43K`+h~( zw_&x}V-YQW(_?xfO%1vB@B$gBMoR9>WwY3QWQ!=mXq#ro<>A+lkld9>O z!KDCYAuH+M03xc3n{;_*jSsJ?cquZ^m3`7#*uI0>G z3*(z8cRto~YPNaE4A%fFTeCpHt90*{h<)3V)R3|U4c)p80SGZGo>kXAhfMq;`Har@ zqGl(vFONmDYF-ZlJsh!JR;TKqT=Y|GYYl|d>-#hDvXXk(z=QI#t`C`uo=XMMvg_95)w^j)4b})hK#Ia-> z110}cAa;3xjP%x($*s^cxZ$l1zcid#nQ3&*0gz!|hB}fHD@RxB%>un+Tw9fTI-;z% zTqe1nJ+@9u_RP0l-#ci>k)!iLf(4FU;!|m!5z0y8xx<&h#ID$E{5SJ?(LBJm{T+=b z4C`42@Fzn`7Nfj;?G8P-%l_4t#l+zRSY%IsB<;12m90nY*5pm&nA!CiH3&=L9{0#t zV1seqK}|VcU5P+DE3BWfF^n@b7yQzdX|%|&(Y$(8S8}^-%HRz{x4fkfGIqtF`NtLO zDxLlDOxr}9CTdQKro(;!QTXpx`}W!N@K;7u4PQbniFM;2BuQ1`n9zk+G-Vp(AO}cA zySg2n(lH_yS_y>i@knFM&Ef4dxvq48SVou^{QEH*-vq7vqz> z0k7<6**i*>o;zQjxpBhF4vx+Y2RRiy-7t3Rl=kt(ZpoWTq~RlTP9%SK7?$qA&RQh) zI2ZIWL;VWmUfVT0y}Y}`(A@HmtkqRXS*-`X6Bq8o%UUdkZKwqu^#da~kthVu7p0JW z=V$_pW1<)G*KNiibYE}M7h?;b1yV^rfW6_ej^ zI@I(|5r+nLwOc1Q36K^0j=P>h8BzD@p|u9!mZm&!1SjTiE}fc?!?1jT>+-rI`Vw>Q zF#Unh=~lT@%vGEWyxn8Zkvus$xdlWvs58}?;=O(H6gUW{(fM$`$yAb%1#gjCG0;*P zs}oJ~Y_k^sE5>%aWBZ!4!*biFy)n#fmpBtdS4?^V#m_&p>(L-rc`;ueIhT(+!=78fnENoKlc5X-}o$`Pv5?b=M) zV%hcj%$=}O=D(cU-6F;GO4_V50Hzy)tc~cuD}Uf^SC^Xiee7*nbr2u2Hj3+17J`%; zFxEcTQHUSWL6@_)avOqz4DvB58*4t#mMz2WzN}y?<1^=|qF6cu6G0S0dHF+?xz=%a zbHXF-H@|@!-I3;%L5;S{OE8Y-PlYC&DT(~HiCy5RXW4y}ein+j1tFCY$AOd;_%C3p z$I-uGk6l;`=5Ws(Fk`Sn@8c-aLRYtv+p#tZ9Dk&92Dj1(DG^(oUdkSC^X~fo3*7vB zK&T~rT{7|eEV5+csI9QbZj|YEoKD4Qf1I*PXt{@_L757c+ja?GA8(x+SR1@mM9R2z z4%4hY0PjTBOzLy-41o=6QH1BPnxcyRj3P1q(Z2n;Wfihuy6K(ejMSt74DXD~u!t1c z(vx6}s|*RPmzbIUmUajcef5?wAuVlC`TxcNv;v6KlaHG^-O<*HUZ|TX+|M-hwag^fIa_*r&Hg zmlGIvH6YI)>I+O(aIWg7xw->{$T11@DJ^l)QC6pl85%Tw)C1?|tEnzIvO)TTK6f{I zdSwqOv88~fIby6^Mb&R6#m+0DAGnmjAz^p@G;~Uij96V@?g8jjQy%iixjUx8$p*uDXwm@wEqW@_V0xEzl+SGRkmyX5hS!?0+!>#>WTeG zAyqY`yf&PgA7Q)HHtaLm>c(1-0aa>P4pFoBo!l2?eV&!f5+c`{D3bMlC^s1zxa;XN z4Vsa}^_s|w(Z%hDsifLH;%N37AP=M5)Dt(OI=!QFjnUFyPQVd%O_WhquX@5|yk*6z zz{~?1?-{_V;bkyUpK)OonNQJ#lF@Td-@#Mb!ZaHeuCYm=on{vYQRuSpT`CX(*{><$ z=E06Mii-4-ro@JG5fM0#suC1->DG)lC)8R7=G)RSjZaB-c^5`SuJd)RE)8B76oP>adnSO(nvW^9X7 z8x}xnjDT4#8S8_1z4KrqZd<||&PkRpG=bdsBrI>A@Mp_nwg6=LPF;)WJ7AxXQUeIe zvTyNoaglHWkWjCRtDobeINpm%BwdzKX}G-Q(q(Pp9^DY=Rv{f1co-9JLVN+h<$yc? zE*kK4^b@NE@mEt`#K)LBw-0#2=Z1oRV-Eb^g>+>D{Y3mefr2&hC+0_O<&+SJ^*SnGIGD@yHZN5y0R*2BX<><&MWF7YX;LqE?NVg+*I5$AA zLxA3Q5r%I558)FP%MKY3@nGC{U}aIp*h1nTRi<+hDgby^x5JRrW#VR| z$_o50%7Vrq5p!05Zzy<$v194o@9|_f$|NzMgr~ZqYnQSgz7mia1c!D#+iEU~m4oRs zxu!y-(!s zoG!?>&G!&`o|5+ul`8TYb#54}LWNDEJ-J#dfyYE8b>& zam^O?&TXn)?(cy>htPjj>=mTzbF$DNe>pLW8Y+Uqe8gixxTM6p{lr8ZC{Eq(otvU9 z^U-4W!F`P)G3ze|YQtW_ue)oVn?s>fM)0c=?Liv5F!1fj+PZmk-05GK<3c;q&)dG| zq8Hky@^8KCPpSMBO*DM&;@yQ(QI+F*)qTRJVZ5`(NI- z@SMlzwAsXo$yL`Uwke~yjwCp(WIp&a-8DC-o!7}|aZ8RHgJjFbiqBCaTQJ$)c%iCD z;{re$;aN~IC=K0ff~jf23V2RVCG2s#iunQ%!)?_&DN@F3Mh=TwbzQb?l*lTO3nwPI z+fAW3VLgexR1opHePaJf_PCb1tF_0lC5|h| zDU)Qrs|I}mB%(U_k*WM4n+VPT)`<58u zUFamr?-=%KZ^alhr#R;R#{q(rf`wl>X-Vpc^B2V}bi!HQh0Uo9qpiocw0A1>Lps4% zQ4?PZ?;vPm5UP}n-xuL4->b718STCO}R()LIEbs>_D5}J)jk(C&pbX!ld3DB=Gtp!0}z)I zlqFR*K9S?QCboX2pvjHyhu_N{w$vKEzT!oMd8TEci>8_|>l-o?5qK-jTa>i+R+`+B zQskwl758N{2v^#*a;7VTyvkT?O>x7VC8MzH|jY%Dq%`?cN`42tw7LC z_KSdZgY`VRH{ce2XlhtCd@(UGQDlT|ky}?7D>J0t#%fx!{+MyA?wic8(92Vm0nm|~ z(2NA+ZkbP_RV4~bM61TU_?_DNw>KzPJ!|qN!P;U)q)4qBWPM+GmmDdzEA)3^3kSpFWW({9nQ`6gjl z9(s`q_eU}rQQ!HT-&<-bGLXv5gR_k;wo-&*L_3ik^}^UvmDk39Y3pl_UF;8`&{-SJ*5Zq$e!2RvQpAHkWm|#M^3Ev+{v}{8DDan)lR4&&={R?XtTL*^JJ7T9Y;M2_a$lMpZ`` zm6Z4*v&iW(L7!BZ9_W^}q-FZ@^dVdN3u$eFKeYs-nec)iY>n@Iby50Hy>W zc#bC+ge+9<6q)f4@M{Cmh4Mdf#x(R9MDlOMJ$EX+V--!{N3AAU567<>MzCZt= zWz?X102q$&*Fz{F_+~~jA4OcJ&44$jn)Ne#;Ayx^4e=myt0;L!*g2mo4Y-RO&U|5* z>(xk)2AhqVn2-hI=rb%#N`|1KfrxNPz=}W=Y1-pgAD#0wV{6Y^-Q7jI2(+_VU;Gm0 zPDPpx76hd^^3s9}cl23hqhX#M+J6b03-mW{eEaSYF11GY41SjB)TBcAJrr>{BveU{ zgb-;PW}E*`>y&Ht7Lo(mhOdAQ4DsnY{F|c$pBGEu2QVVl`oR~Ju}sD$+m(8@ zE97%SL}32@S~u4TL3!Obw<;YvN08!@H%+cgCqPzx%E_pQCwj|w(ql-^TT6S6FVI3^ zu;V8JNk*0?M8mDvv@N^;%i~4Z0DBfYYxLlcOM&(x3yWP&tg`Bdmsn*ngA$D8Vw4@| zn0k}NBl$t`(L_o9UmE20zqNRU`=rLlzkn6uL!1d? zXSlyuC=sbMB{q5Fttp)or z`rS6Z&-!U-*nw|mCeog#Z-YB;bIRj3E>FOsg-Gn+*I+e00M&&be$O)L{LiI3bEOpN zglk5)_gwmI`FU&V`KAv$W?4CJaIurjb4KWReS#D^?!tO%=ex*2yvxHC{ansA{oL+j zr6Y^Bn%Q!?$b#(}upkTx>_vzl{FCHvR%>o|E8;lX_i40)gq;erE2&hoq2G}SNmR=) zpsi2%8`V~$a;MKnhdb?(6uD1l&9MkpfDv!nH(6$;4o$@mb8Ny-W-&Jh=CoNJpYh*y zK(kf7wO#w{4X*5h`T;4zs{F{)CVNRHIfBlBH`NoX95q5WMVu9O{zrTn%{A)8=i-0uSe{7pbO3^|+(VCo=R2eG82)j+clYej{9;G;~hp=DE zuK}Xv%bZLE-=-v7nvp;>)^v;3%V=@gmJ{^G`{?zh#ZPL5b<34`q^x{Y4a7UFY-tS? zUdrm1lnF2!S0b8ex0%zgCEmS0NUV6KitpSRZs*$@^>~;4(0^SW+sN|v*oM-VCLI^A zL|>WBo<5)>t3&w4JAafuIn+|gDxsnb!yeA@L#tRq2LUMw1TAb(=Ka-hpyeTJPE z&6FgG`w+7n^Adl8eo~U^{IzWF`7URu65-T^LO?ASgS~2G0@(rcifTNq1k#|`FR>n{ z=b?ZwM>@CpuumJXIinuag^InPY~SZ*&N;JJa}uQT>X$*@ocj6;&2lwbQs>!$Q^v=NPmNUfQ)#_RUVZ)Xq=@U{y0|0l zIbUr5og?&KJ7yi{gyxymqftl-Q&20m1OPq}*+mOphAyft(~J zSu09;&7F3JGQJ*BUeKfLqLhM~)fS=@K9y1M)-X?~We^rad+>u2vKb8shKS@#tartu zUF!*7>uJqkxpS)vg(d|EHrwq?^zil>qN%mUj}KNlnikKi?FKj-R-{H2o2C^*d%9{r z*-Sp?p1Kj^Om3Vuje?&R4#c%rwDjdVAsptfNZ^lSgr7fQwkw#x?gyzkVb6Vi5*QRI zZTvI|jO{44qllr1SG^Wv_z+TKI=Ez#={aO@K`tD+9P_1v;%f@C0inB%(vJi47 zZNyQCzySD}JZXKBH%3Z9!bEpUlLpH{pChY|JhgSY^JGQD( z)#r6Xg-kdy?)RuzzJ6jj9{qH4GSGGTf5Gb2kghc>I=kD=BvVJRw6BnE=!nW7(YXay zL%wa}R{@!H#`s8rn}OIp?95oJ|GqB%g8m{i8+|aFQR!d_VxvTrIAU=$)b2r+M#azT zpRTNl=IxO{UovFU7CXE>t?905@~v^3du^O%ROeL8NL_ZX=MkGm0ua&bThfu7gXY*w z&e%U5te~*em*wxRYVDlwt63#OH!n2Ta2$wxUltaGXpgh7$1ZfjOWI5Yx0PbJ)D7)v zLg8v+dNm5v3E>wn$e?)&{MPLotaf@JJnvrqv{GF!h)BO6eAfPF7jyGL=|;3isy;k7 zR+yK&E=iaXe$r5mpUqAG{VQRa)#AG#{2-2?{C+`pIHr82gc<1c5-}9n4^ksGGI~Qx z;^@3oJ9RdTwGOB|%pX})mXnhpCz9cvV{qUAiBj>Yc)$+Z$Of21(!SYocgNAI(_xLm zqXgjW|B9I!u=>6La}bSVbVr_~glvFQnuw<;1v=c;`PWYhecIx<#SlI))QIg;qaWKe z$LTkcy3ZVHk=3k%{2tUL>;J0A_y3R;|4S8qMD==n@0d!3mx&-?9#xIK`0i%e9?=;& zAOb9J=9dWbX+`LLZ1_bWj|8fl)O))^wyuYc4c#Qp=+pp9<%t-1nZB>LJb$dGQi9$r)o1R0eGHDp zxg@w4w=)855hToze+i32`Tb^dgiB_@NNQHFSkuW14^xCyweLB38M_P!5X%&+z5>srNg>8vtrbkm|>z z)U_0nzr@h~ov{8gRs$V$Mn281c$1}{-2H9x&|_`sXfJnUz59kUZio!{6N1gBDq`7j zE&zE(eGaPvVwK5czB^d_yJPPI-llpRS*guH9JgC_u#3YZHb&t$X?vQgXR;(EcWkk8 z#ySMtMleCrB->mUL8y^CtcUrN1J!Q1iS3x3u@m|Jc!gu}K(3s}Ld7iNsUKS9+Ne!4 z_7MvL`r*6V62?ZJhZQ+C`l=rWJrvI3<2kl)&_|?9!7ST>gUrqcWkF7bE^#Z=xF7HF?p1`< zd%($sBr}YA$9?uZ8qd4`kjwrB>i+Ae8U+cA^2^{ABQ14QKuWQ?gY{4djAmr_IL}7d zL5eqOxW&Bx&bKdXZA||H6_0)(Nwl+g&#-jbB&azR;4;vWln?PdaK5u&^Ac@Hqh(>! zi-2RtU}x%sL(eaJE4on-=eqg5o(0K5W~Ef^I2jP<`iIn)l_n#R>E}{A*Tk#|2Yv}l z%syq9vr{ZlHkvmp338;?SL!oxzD`M+vDZ|RMb3Vsc5%^7$5KO9P+nmbKCWc>4J-Mu zbnFj(=*BZz=7=y_;ULOnPTFQ9iJf!0MiH`47#Xy9_3ZieKqADA_^#$;w3)Bunw3LLDPt$YkWub?E|+`b!lin2=e3tGY_61Irs z#3kU-x!=diNmX8!lezbZG8t&(*+SxPvDM?(l3-!Z<&H4Ruav~yzA>W@Q9fE(w2&u2 z!Me{|K{xHAHe`IulhSA|y)7XAsPv784YQ-z929{{AI^}P+Gd&Qtm($JDPU5c9R`Eh zSR6C0n!1p6LJFKE z)$Dn<8KNiNZxK8b^xZC(XX>5r^{f_!vI$-`MSQj+d6jewDal2U49y8EgXNM;E5&zH zzBy#AM)?G^f#}@jnJQB5i;%`%rtIuMqYPJ zV6jE??=Ss3kzgJuX{fOPjT47e42Dl1U8WVe7x_v|N5jjZ0~YJbpFkv2xZl-HGmzSP zfGac#_(g6Nhd84hezvj8pJW8}=@65OL#5O^-%GT$)87t%kl?F~ZC$Sf9*y(d>NDoG zh0tjpWzHJ_bZ^!&>=Cx`;%~-@?CafAj7Uu`40E3PchJ-M)U=TJLj|_3Z@jnBJhie# zXbyNdO36APcH|kuS04Rj9b)crS=wD_5(pRs97DPhcLqSUJF603`_5+%&xhTViV~bW zx{%I9`GYcvH%)+U9ep?;b7|G-98=#bnmN{8%XuN0pXb+ygbTl!+7OWHTZ=T!Y0M%0yx&Y)b7>ZGMLP|AK zNoMnLoNn|@`3ISi0iJGRc@HE@851FJVIe8?7eP$R)Rr9d;Ijh3ok8cv-4vrG(Qs}w zUPYfBm~O@9*wGnKql_<-*~p(-(EnS^tJ_pJmXEx%?5Uw;if-;3&vkWDK8p=T3yWMH zeE)#I|3!ZIA0zFQ8n$~tXDD^drrgNE;oBIi)O+5Zd_1dxUKi2HufPFBl$#Ox9-`wv zueS>-g7CN1zZ6?yGHm0CHKVfxf!cg}`S`0wB{f^V5R|;rS`vcbpa$$+Sc*z)h|J{7 zL5KI`2;TRZ0)5L6t}TdFve`_fKIth2@fd&dE(mSvw_-ab;`nT4iqpzD$q-a%s5b8Y>OlNPZ%RB;oF*aqFn|NI{wU@* zMI@+o%n55AD#;(E1C_x3Cb!LyeNv2EhnDpS@oC4gZHe8WSTHf7s3Iw`Jb$r0)vxBt z=4kL-^LPn&ALw%LhwV(U>VUIcdz!Xi9J*TiwiS^XsE@ie+rFxkvbu@9OE4S)|1vtc zDtHUixIg{E@iaNn!hICE*&?(?=8{ONjI$!nb&w^e)4EDt{u1ux>M5DP{s?=$*Ac;u zd2+4*T;BA)!$^!%mp4)r_p=7)_SiYBvgm^yQXryPlxYfcP=bVYZnDmD;_O9c{V<{8 zk^S#2!jKgb_%%;ars}^-N2uyI0L!?ms(PrwOAV@6sLA4=Ra109=_3pX2K{W!kuj9v z7&1e3Y|7obwwn<-VZe%v?Ls|rM3tZ@U2+DVAB@hjxR+18@>Y!t#_R^`o~)K>sSw#u zk_%Chy1(a%eC?K{{tfd7IL5-5tZe?f=#XW@(2!iIkuz2ke%-~_Qu*T}%KlTwxT(zD z6L2EZU<|a4hAQK*)$=h23r15goF#rMpl)0P+3!_+lvr5VPEh~G z_p&@oHjgwKnuHP`)iL$wk52C(_aZk^Ciwkq^KYP`z-UTjuXYTPl4Qg*)aXW>ly;tt zR6Z?HdbL_RraG5J#^}PBpKQo(oGf74X>SZ!;(9!upH2D28T#gq!bF}Q;dhXY;{{-e zZ3gSD07%Ryzk^T!lRr#7Gr+jJ8s9u=QoJtCrPH<5(^726%xSX7pIGr zJJ<)X%naO(@AEu97|LX5I+XjCBi`C%q2Ntq0BG#{ku7Xu@S;_DuO0-Iuqpnkp z-ceQ#nmUcxw;`DDyEYgQXNUf-Bt8B8@4)?^5HE5XjsEq2=jBCs7z8;Aoy-08L1;CQ zArxA^smoM`iyW|1T|)7c{NtkvA1IddZ6}B*AhK-t{I%&%ER$rTo4Obn1%ye01$3+W zHmTp2;bz|`Q#zXTofH?cCbi6)Usk0@7(;ip*F3O#DaevwWKp{#RW*q@f;diICZ#vA zT@K1@eor;}X7c&}+D%=bQN7=#k|%xK6_8-(Y0ezBN|-l&=sVs4AQoXa4c0%>*wYHW z0nRilyfwbRRTod2<*s3>L64p5d&(5{^&#&}7*#4yVfn-QkBh#-fUUDoYAU>d3b}6i zd-`x>mY_b@Ww~n-wTk!N;FZnw>td?g}#39IqH+qpvWEKm0Bu zC-)RM^J7Y?y$cH=Yt&Ukugmtt_eRD})?TM#LFlgYyZBzklrPH@+mfMzW-WY6MKiu( z`_*$90c(c1Y@BJ;Ns2@Yu${j>}P2qcykFJ`eud+KCCGO>9bM)To zLvBsXHeJS}s#2Yj?+D9h%f`#F>q4)kfv0q?Y4nR2QsLB}{Vp;~uX`}!Q|gVyo=nqb zKv7v(2g5Mf4nUhX}`qRzEMW9r``2~c!!aK zUeSERsP5gmSJ00ctvSx$sn{O#-7cn^KJoR2XLr!YH$>aL42pzMI@&|sO1!jW(5$n$i zfxIV%?E2aTz^Hke=&z^znQ++qo$l}KWC(dRkq7uLck@Q!ufXC9#$o#x6L@lln6Rkn z{Pz&c$*XM=|0Dlbx84s4*F;=UEutk{&-Jf7{)LhvQcD2TOl|NhC%6m4e zIA&CHTWh;_d4UzIkcM2+yTZz57W_o-f+lT$3>#wJj#&DgL7MUr}s{STHaJvpvVtL#sP);^oUv_3Rh1Ds&gUc4afn5fXaO1abo9MdgRuWUE0s-LJR-?S;PGW z_xf4@8k;sID64I)OCiQvG4|S3pDvb@;ax8=E#Oh`;twHj9i=<%LtT}}JW)+-5+0CH z0Y9%WFs*uhAK7fStt*FgY-(gSq)$7AG1IQ3C_~WE(zmMLZSneS$8a&rht zbND1P=qCs{H2^(C5>u=v+s~mFuF*2*Q6SStMMlcX3wfE4;tO-{oT0-{))GfIL>xnf zr9xFugypRIobgfOmx;oKE=`Y%XirUXe0OfW(9GG=FqY)bPIB<{>Q zz;a50$l8=Mr1HEgYU0;}HRJcpjKCL>&3UaH7V?$*&Y_cqqY|gBUB16*VvkmlcHRk# zd)_u*&HYzC-$g3sC#pOnxyc<>9Chg1D7Vu~&g1@XiS>>E9Pl?{Nrv>f_m4Nh_YyV} z87x&Y13ivp`sA@a_ZOqPwUI&;q$$uIjcFe}a2cDW&DgX+Ad_n9)*7pkL_&x?t$0^e zTBlAN0}XEH4|Ko&Y2B>>Nh|eN)sGCJnTY08qO>I(*Oz6e?R4}8kMdW6HEBNbGkcVsO z(7N4f>oNu~%}8VEBd|gmYTbB=&p7l#t9U1xHDOdOH~<(QvoOQLps`<>?(c^U}jCydz@CH837eTdqeY%nV^ z6YwE4G9OV-$ih%b1wSVWp7mkR-2`I4s~R_*Fl;}{k|srFe&)^klJENzfMH{sKE>I} z=*MfM-y1^WqU~Uce!g6&m?82!U#2xNE(EdRm!DVL9*D9n9T$I3UmU}`m-^j-r4WD0 zcDXT$|MJ1bj|L8B)}8nHZo2}S{2c8&xadM*fBt_!DEv`=F;piU>RCVk!3zELz!z4L zY+~Zl4`4(NVLU@u{(y<4%y?g5w+_A+oUa0`3?2BAQvg-SCZSaK9{pVuzt$ z{w19Y9$MN1?h=N7@3(7)*zrqH5w9_RrXzJ&PG+hoT#+y>CvzU6&@_0Xzk*Me^JV|( zGW(;^{3vrBgCnD$gc%46>x%(P`^=K-FJlx*vs}sGVp9TOondcqV`r#9Ie3MiyI7BV zry^L#AkK?66rYJ+YZ$EP1MTm2pIhn_0W}ffcYO&;wfm4Og8rjUHZ|uwH0TxT^clr##1~kP;*;!qX=)zU!EOv494u*_euHnZ4JT3 z{LlHIQA?@dLr9r8I=xyH1pjnP`bXL4-$?@F3iH$?eggmZu<#!Utuk;JAO}Zo6+zIE3|$#oHIi7B04E!iw5YPLF`rSO$W~k+Gj%=G6$Zb<5B1< zfwTw1su>vp?F&zW9{4BeVYWu{REFYl9+-ngjrR5t&cr*GDIb&@g4JfEw7Q6;Gr2?I zs2fkjlH_$hBsJEI3=WKCks$5pEJ?S=s0$c`8rZa(U}Fn&VXoDGxHpcS{$vlG$+6~? z|LIxjjk(MKbJ4fACf7cc=4@=?6eS)MAkp?t@R1*R(Ui`=4ZD@*cZp@^8 zO~`(6qGwkVp2QFY?m`{|AT3pK* z5o*WW|Nir@h@w`VTP&uD5!oSFP}XNXnu~j8w704IV;ciVjY?`>vvj+Q|vH# zqD47;`Vu7y7n9Ng8GAp0ngH0dc6_y8Q_5PZQI_1!9N(5m149g~%^HU7%^%951a{P( z(N#I!CdfEK(_2`=t6F4YL&blz^2Sh%AMT7)7~b$dW&HmhuHoMf@K@IbIKE4I^^R(a z!0};O~!vOH*LPOaovNj(Y^KaxasPA#>J_m9o_{2N{lF|h{BGJn0J{s;mDN_ z!yKq$G#vROqcDFX=n!4*0@%^>5Ug=iIFlSX4_$t6iZ1dS)dWT0vXCNaPo1(9*pPpk z9@1$Ha>=h?c^gI?_Tv$FS&ZUte2uGz{}o{FWJ)g@<|-@-M}MHdg~)(PW$A6 z{PCkN_o^ASq!)|&lL|^+i&UEYyQSUHWcZ7eE4tt^x~y|Gde18Gxs*5wnjM`_jf^&) zN}FEs^=tSKrra-i)>_uk-hC*7<7m0G#q>9otM+Jz5uH2l`Z+O3&>>p&{vx6jkOYOK z;nlIzz_^<}JFYAw8R%|KYj+qRMXYUoWo{-fH8v8UN#){yG$6dkJza zzHZ63Tc(W3hDsDTmK7>0!X1`C`%oqpcC=-%XrDGANG2V5dvLK|OaG(B2eqT*vdUT% z$=CanH=2W_*7qnlNP%XCajDx9U{PJJ1hJ&MW-<)oPq+p6!Jm2?6Mi}}Rcw=+aa*s4 zsm(Rwi1I7irK_S(B&H`X?qD{}P-Y((>PlFlHS3a=fV*v~$k|VMnt6ntR-7uTr|jmS z-U10(4EoThBuCezA(17Qh!rO8q$QV?Uz1#-%M^_mJZBD-moquXadJTTwY>^1-r1= z7pl5-fibWiJkaeo=a_#V$e+*p#$hfKZhQ|Aq_zIH#AX~rzVT*5@O3NT;JJAM8p!;W~MisAcO8hhAa0SKk&$e&Z?VTi~vK>;KWLd^qIckuhT=yol2}uI( zcfU=U&HUnHF-mfau%gF^1}BJ@rB%yDFy=(Cj~jIQnLfw*b8eTaG>JK-bTn!wz~GB& z>L(TT)F{l7ab9|+2F|{-9LEqvn+()rwabAot1{wqXZU3q7g0MzX8I!8Uh?06fY{vsIf4R-7ZZ@vvx|uesdhxx* z0)4n(1Y~R8&};If{mG>{M5xQ~e!|xVM2IEtwL}(zS~CxITWZRA-%mEJLzf+;wNtaB z13IWBv-WV=?hh^}^dd>T@?^%Q^Y?b~L$@E)_Qf1b=11W#WPwVcNqzmnyuHkvtJq>A z-)DCRNyW&G6=0c>TJw9{Q$X2zb*1 zGbuyY5sxr(opHWATB^`Fk$Rv|;`CQ6H`EOSgSq7!bVbkoRI7xZe&vbAdGt+6BL-bK z_BYwmrA*38C>gq}xi>20J93sJb|%!i`6dO75Vk5a7XTP;n8G(})F{PWgqO;+925o5 zB3R0E^uJ(Z<44H-s*XqN?81DT;l%Uh*H28uR3}7#$g1ml5V%vIRS~+CC&(V#ASAYz zIAGb{A^2BjLFyQ>k9`s>e@X(@ZfteE1Sf4voW-4>~s z$v4~LdP-`zf zl^Ejg`Qc?bo1J!eF656UwnTQv&1xB~TxmL2(}G(jg%E~8(#V^c3*)Ogno1KWD=vfN zPL4w5mmkRmC`akMrLH#!E6KkGc;U%R4w8FH{bpzAZGw`?B6A{sFRr1?&nXnTAomP8 zFWk5Ee3Ew2*1C`z+Q64nPPKA8W_^j<7`O{9`&0KFbdQwttvvRXxMr$| zW|(Qf=C0d>`#OP^P2QYwewMuYymiqv6{%3S$lJXZrb@Rdu;&0S2jtf>_{RNYn;_Qm z+rs=LhUUyYxo=`m>k>w;ScuI@?qNtxbe5oJ@QX0c^-T9a$Bzxk{=vIxGZpP4{*8Oa z_F|C>ZB0=}1VoH&EA!CTyR5b}I5vPMst}MCyI)bk20aNK5FrE*>;&`l3Yt+g*O`$t zpuuj(j-WDcrN^g%h)2oa4Q{8`gd$MQfBx>6hrp_e7?;fPQ6zphleikqJfCFrJPdDC ziS+TQ-SiViYI*Eit1tv5dFxjR{tmSM*m0}P<_;ET+%4Fv&3Qf<;g@nkkL;g*u|LP)B(kPGyRbX9Z`%vVlI{?T2^9`qcApd6C1) z$He$9cEA;UcA3%qA|skxNT!?5`Rmt?xAG(^^LyB!kk@WeQ+Np;&5<&87ok?o0I?P> z6_RFUvFNFn%E>^}P~GGjrX_Bz{NJ4gGeOmPk20^Y=kaqBpX#$A?{;$>3x)H&ua?mW zIp5ruYYHoqq7`WFt;u;qSC5AooAF9Yuu=h+yTWgR!98-Vie!=6U5D{EL43d6Mqm?y z88BApU{TDeW`dkvYvMb1i|H010$3GJUc_^4?j&1zSd#Ly_Ex5=KNGaXj-8FzT zNC^_sjndr=-GYMT(2c{8!qD8~`+aYH_qq3Z&L6{}o^yV+_u6Z(WqpG0^OZJ9TWW}j7)~CFli>+Tzp$yuVz1H6pCX9Z7R4tI zj0n=or9Tj5oGGxWnH%kg%#j^N-Gpzr-@k|QM|~^I z0q#u=VH8XhaqP#ScV`NuW38We3Liwa1)jz{O^wory+uc;U#+Fl`bdw3pWD**d1t2e zHulxh2k;k8XGoP&UM8Sp`?xAuUe^c2oET+!a(F8f$|FCIG`~U}R~Sq3|BMe?B|660 zQZ>foUceltjBRA1w7Ga}N<3wrEOzk60{R=W{GCS43I48g3ucOZ{Bu_Tc)gOS2s&>97 ze5lRK8b|(Pz~ae+k+Q<<9^S_xEB5gtdA~-i6ZrdNNWQ=Ss!2KW>fsyR&F5R(&K*@J zx@=nEI9OWAQsKzf=tcA6cRCEYqc(mDpUqN6iY&p2Lt!$SJk8N|!=sgL|YF zsL0P>z9ipDpxH?CW}AI%aT?{rjfvb;dA9Y`qg=m8dB(>Mpujq7DF`iU#7%n0q;H1A zC@w~P0B4WS67+A1NSK2SSSLI0@2(|e-^9<&sAB$(-GZrNkq}AVDwmA7vF5s0HLbL! zi*@Uqh~!rFeIloiwJ4aMWOBp%K4TPeGVM^GK1RLR#s=pvj@_ym zcU{a*Uex*@SmgIKxR?US&o?FXzi|F!LISAtp#&Y?r~HJ)R)@0WD!ctICiWihqu+IJ zjUWMOHOy{4wM~aLsj!CZFA`F*Z}WX)6DrMi#%I==H})+F1C3ZnP18@d99FfA!U8ty z<@?wUSZ1SE9iE;bt`3&qmxdj`!FwIG{tC*ct{mS1(;SD=L^=yr+FH&9zQhEU7`d2> z-lx$QS>>%J1ab9to7E;JSye9?yq}ed6^$e-#Pe(G6q>$QjMN+5a=jGs7$J%I#o_R* zvfEXk%@jhP*E_R+kEWSWPC#1f!7cw5WEeS_9^EZ}BN6EX(p<-K6{GX!ms)@=y4MuxR!DXRtNRgExzgnyOXvEY<{54Zc&qZ zNHt>(@)Vg)KOeN{0m|PA7@M4&odF88qggy88wgyE7_}bkOz7 zn;Qdjx~+=Y+ow<8w20TRKcmntPjTgQKN)`b#-PqLE2(S`_CI^|@6c}l58`stuHXFM z->jYj722k%YoxVo{%n!|&Y*r)+-mziy-)I&Ktk3tub*_>j_hw_#&Bs~4AFSsxYz+* z!i_o@241j=#vD-VC}(q*Aq+aJOXVU%w`Hl6Wm|zKG{n(%W!ttJ{p=lVFwh-t`=sdC z?RE_3ei#t;V5)o1kgn-VjVyPo$7WC06aXZ1R6u2I803O+88f<9nQCBp-~RLIvm%i> zvDMQF_dE!*`KU7*SjCq&y}BbGYOhVn&hs!^k`V>3O~ zY5q^=h-LIAyIP2e?7&}zTODbQE@ z;8IWSpn=|#-d79jFi$!nT!<vqMg(x{aABjiWY%o{sDF$b7&0ys2AZd@sMF%!P~_>yYoi|%xs&C0SSOYt-F&0%Vx zxeyf*69S*+4{;t!RPCKN3w9MLKQcKL6hs0K^o4bQsxIn@EwwcPf9a$okr7V$IU!!? zCyU?7w3hVkf$t_^8U6GwvxcSdnlWT04t?g+kEOPR7d%R7IU zjOMh+RxoLy_at$n)J<(fs#7_Qs~bFX+5eH}IFH_>?5DrW>*^|#-f+o}!dg2)_+J)7 z@Wli+C8-RPJDQz1=n>FDgC}UZXFsPyTD{ULF+tmaI!=TeZViskdldifcW9a~9b4(& zve3?s7XUHlf*)*A9b;e=)lx7s22%<2_K640?m&7z5 ztd11Ox@8&i0KYy2a9Bo<$_#i5@e=!$;P56-`e9YWl1YRPS^si?QlTSb(V*(R`Z8&v z4~{xf89_+%Sk=n5kYxf%NkP#s>Swh8gVff1{jPG#sw^erg_C2dJiESh-+H4je=q0+^>P<$1<0qhcS zc{$8^I7(d@W7{m{ElzIqZ5=0*!WA%CKGJ*0KbRl&v8i->q|r|>-RzwWuohVG!(1Yn z+1FF~)bZbM3A$~Et_Xal-#_B~9qZ44oQ>8Dy93@u(fuB)>Qf;0uTvsE$^eqZ9%8%+$>z7}*BUfg;AG$v#T(t=+OCBvZl7}%yWYl|9d z5~nP9bL+QUryxG^9puu;>OuB`X?()`A)K+;e*jyP(yPgc2;rLHrcbEGm14) zYK)M(Zj4|mnq2LM-_nATE(@`>p9y=>c@D#FNO7Rg3d$;Sq1A3$`kx%7GlQ@V3HoGr_z8P@z^I0_6OfhXvm#E}O zkVM$2?Ku;_-ZvgHOYZ-HVZn74qCcQ5>!2hS<$*1H`&-DTmL26d@DnCYbNmiXk4$pk zwML^urq&|i1vWu0{^orMINcfhSHs=?2^kVx=il|MO%@=?A6F}xqTKj1;oDR~eR067 z&i`>p@8*<&u&f2%C5yY?;k69vn+wPN%;Bb{!lYaDN&|(W$$HH{5&XHvbpE~rG`9^H z1XxAgm?0fc0=h=a*C&c?`zNCgWnz>v-#Shf-RR4Xqc?>7j!lI%zkKa9@;5OWUOFL# zOYZqin8oYpBnC_sqJuBR?=klUCX#wS46C&aH)8$_#7juf<);D|@-DzaV!x!5m z&||fDN*X1NF6)*rnX)>Qe)=A2j{Z*VKEF6j<}=^|M`vv#Y>tIa%9cdBPDX?vF!2m_ zej+}k)tKnS;E2OlhhIxkLyk-CFagERPwTwdQzt(Ql+9tF7j=+`+?Bf5^l$p)6uF&puub zbhT9M(1`1zl@7Y&BI>%ysowuz@oS)|LKaBQsm(T7|Bl3g%2&`Mw;27KnMS}{X%tVW zIo*Km42DMLj@!5Nxg^VmS}2<;(q#Q^y)YfQSH$OZ4k3*WE&d8EkCboFU;xy)q!4#B zqW0N8nq#*XyxJq1k2eP9pD+ZgsQMcW>41P_!sB7d8Bo^4t#v=yIgP_-)OdB1_qGH?jk^KIYy$IpBPdOyG4{gjZbN$dIY_>jMqhR27Tk5e{K` za>pyj_rh5|mMqt8RglK}&I{Ahori#`KPsz!6erFw6!u*X=xnrEvv+^P22Gj}=+*r4 zI^-p3ljF)VSoOAgi-F3mgfQ1c8t)QCWrzqgOBkIuCN!cGdH9{-r`lM4ei)9dP0TZE zkbW{G6MyLKTgZbjGIMV9;C5|P@oP0=X%b>H?_!dr&0rp#%r8->m-8*=*~3R za6gEIDf+&5H4`zJp?8kJr6ipkl(ZW%*H=rz2=7UC8#()wZx_>=YdFyG`-muStkhc6 z{k{E3D9a(?lL~gkE{n;n#?wpCM)j|Vr^L|yZ#%}m!5>`XR*2<+!H&q(3{S3*hHc@& zQX9rYMSR>ie)~DDQbYd~hvMo>y#H*SzuDxG0?7$mB-mu?I35<@{^O-ui#kA-YgEWf zY-t350ayyzLmxc|*_CpJWPVxBvD%Z!viJIl!lACX+#H$@n_h1ZC(YVUFH9_hufJw}F@P^z z+o?JUtBo98@!`_Zs6xQx&di2~JgmGh8fOXBRNEJ#`$nAaxN)kVv0tlR+_CZQ(X~V` zv*bH}_>rSgrr9vbuuuBx^JPDvn4?ZOtxXlQLuTsx`J^iQgK3xxyzCZd_PMu$SjJ0K zz=b%3;qBf$L^5<$lMsb%_Kj#S66EK@xbI@+wes*%hNXO=Z3RX?GpdCImI!e0v&T)gv&rJ=bQ+C0ij&)E9HS0khEevb!H@yOQU3zT%L@nG-GduF|uY$&u z9`rfQ;>X%4+~?eM)C%%4>gc`*GQVgQ6} zHv(rAft^f6r>H+ey@U-y<8N0$+Gu0!r>ClWU`;^z#F^m|TY~DrXN+!2+^vU&cC|$* z2*tT3Vh@aeSHuufsshLm>&Nx`rz1*OLMKp}O@ zTjogHk*`B^@k#OYOL1JoELHo>v2JPh6b_1yjm&%-E$T&&FZyoNi&T_|Ps8m8Je~t@ z(wF~WVwZng#W#7F>H%w}cFy~_QwJbaO&}%+y4eD!XoWg~pr1QZL4S?&Dp@@>zSwTS)uK1jTolgr(0lpb1TZeDy`( zn601__yLO7VsusBBD0T^vi?`61;A^ne#5#DQlp7Kp?!3yO>Y2+p;dfd{F3R6+i^t8`Z%;t{mP? z@s*pka;;F9KoWW!mjoH!y=Y}jcte;l$*(1r2=Q^4njkKJwNp~A-7niHD+4zPo0)fs z)hgi=ac6-l)PH=YxuD1?W(5%O>pwhEj2Ko+B9@|DjmrjqxQlW|foQC$MI@~}(=o7X`9NrXgY`%C+c zMFq|6gp6{ftVS%{True{t34XJPa7|E^*U@VBDp(#r=RN8`NrOsU#vbP!8ps0;jDY2 zn4-JJ5atkVI-N7sP!^jm3eEnxBwSARk@AX&VPQAKcDlljv;8=H>82`hep4Zdt%@nb z8euZuWN)&e9==lZJk46VQKpOp({NVXTo^qixQag+Q-{m#KJb4-cIPah_e0R!}QO!1;9!?D3wUd7DG2ke~0jM8HC0OL>8}VEdbr< zEWjn?zweF^c^z?=4~QUcP6e(!Ww-DBf_A=92d_BkX4d_#J`Eqa=7>`WJoDShLTKNj z$M*2`Fc>G;hdum)M0P@cJE;=Q8b=Kt> z_n|8COM=9PijFFahu0%3?^Yv^(BHmq6a$K`T3~WAt!5ABk&zAraGTDyY>am^x9v+_Z zN0nibfddQ2zH)%|s5l&C~B@( zMi@)gmH3qnl@)!#>!-!M4Xj*!OSd$^M58Qper(>&LGJ`el%99vzRTC?MaQ-0aQ!Zh z6>)ggV7GK-ak@Q!Bz)+ezlgV4HeviT6y>C(ZN!&2Sc)K5ICb3t$o$wzIer0l*v+sQ zsiSh8y391i?i4BKB&OGy0!nKFSdQ*k{fem^9wF2iYn*qS&5|7{rV+pv{XfS}M&3<2bB1sXKAb z77OI?f%fifH`L#a!j;O_)}`2(Uxoa+sb0*w+-n&HOh>h!!DhXrxU%~8_V#4yb=I9s zCgOfZ{o|=3yPPoPk?z=uD+vEFYyW&QMyVj=T#6e(Hnzp5Xc4+hC&+T4(rDo*O2KT8 z1%@Vhv>AuS_bKfr-s@NxjNgvUIK8fWuKZq-*VkVsVT$a~-DW^CdE)Jrqvu2N|AZ^`1^zO%RmcC%)B`<2e6t$Pbn1DU*lo%MFxz1+ykfXE1Lj!3*Q%6-1ZD!`$cj;XqAb(njA1W zUj@yQhUtKPCFcyB2)qMKlx?GX#;z5E`I(po!rUzbu!h-ij+OFK9comyE!Tt`%}j(1 zaXg>>Uk~sYWdvFOvHlmfKOanW5>?>)P<61RWVa)V>%BPx^%HWP1FB|9#!k2FL_Ff~ z$G?)|`gy^PgIX@i%2x^+G#hIy_V>mc7CHT2cb%z17D#|`4nC0yLVT|NW*lSW;CVW) zVc!*$M0bVPc*q2HaGJPV0I0u|JTAg`>6~?m_c~Vhoo100R8S~sxqNkCXU)u~hDy`2 z)U|AkwfB=csQSsY^uG?M5ldDjcr^C3U1*Cnc3Nf84tIC!ciVN64+&XNkqtS=Hbz(8 z;!OMR*9;0V|FQExy_Q-%l>3V6QcW^4_#A8j?wA{t1?jXY;(lo}Fh+G3_hza4%pbng zHY*7D5$A<1wH?0*jsAN@{$8D3^n?jW{_=D6Nq^p#P#{=EHD~$2=(t!tpnlFEYf1kK z_(!W!pVxZu(Uo72n$A8b%XKQ@Hfzk@07bNgjhDYwdTZG;O%xiXRLS|uBp@y-#~t#v zyHJ!_3&Bvnp7Y4AQ?mN@DIp;wj;!)g;{@6DMvW?$yd-1{e;9KvT65^#;A@(|#%gLF z1o86C`1xfPOb5$!3=S3@><)MfY?dSZ$XJ#!WSosaSz#WtL!}O1{E7slePa9`7S?FJ zCOv~F$0Jy7)#1An3)R4@eVH-kFvcGP?+NDi+&;oAg?9ORh9SLwvVFG{hmp;5%nzRa zqH+GyZDJk`sI7GPA{x`Digmc|NWW|B#oYUCLSS!D@nnN$v1mIt9(dr)D!DWQ8B|JI znl%t=dFDGm0*hBKr?BhUpKK1#w0hWi(dxCjfBr3(^+l`dpi+E=6jmonx_o+(h3Ejn z@&$lbU;Z+N6tFHcRZL-Xaa><-7N_06s5kuAmOsJ>oOD~q<6T zluRhh0H`*7DZK8-j}8tehOEcQ*7SA<_l2t|S!Npp;P9xUEx<|P7qYUkvc$>Ds0t#c z{s-7$0;I|^C;bY8@}b`gRa?zqnmg}w-eLNY-lf@wD<~_sUlW9PI&f}Z9@@viY6+im z<2X#0YK(q3-*?G}aVV7@=+^W!%s(P7%IxyGc42F|Zi)3i?O}k_#T^bh;oq1W#6jaz zp>tq#8N2OGGqE9WrSV#>F6$)C3jLMK^k%HBi&!@Qxe;-j^2GwlL{lIUGjgr!#ow&7HhTvuDeZiew=L+`BwDLD`wBV^p5Bznelrl0Z_Bk$hW?Hj0?T-XJRX7`5cPOH$b{ zQxW$-fbO#H2V?mch#BQtA-vGFLi@$i#ISWIF@ubDjMCqm=n=SYu@h*kbwjW&uXw9K z8|+fs#3)WKuMZ)EPPK3Cpp6y85fpdnj;p}=xGC!0b?d`ETcI}#zB!hg4FHN_`oed9 z>^FQ@fQb_u56`57m7#GIBuwz;j#b?Ix{)rs_)jhB8S*YegRCH<*O(0nqb;cA=0RG zxO+~aWOc#n9$L#6=g-yRl{=4pcsFbG1Oht?rhwj`CXtgwxpFtadvDAve!hKgik+1B zXB3VGs5_px;3K`}8UyJ#>gxfQRHt)pafpG6w^){np!Oj1xrk)0z#M*HD+ zXr73QCS3r!%PJGVNjkGqnKUb92_WqR}2d*#gDFPgYyp zx^*~MY&mEmgdJ}k1}>(KvVlb*Q|x2ctf{x2S_)48bE<|h(IGc~D}Af>=f03z2y#~E zB2R*rX;#!La<)wZOUFUWARxBFprKEUR=8X2>PXb@GLtnRZw=aLPA>1o4Wm8M_&gRjTJtf&r4-aRMnZOB13Bl*{Yg!ML?!N&SyXK1@LQou1kP@85zDx*{)8{dWQ)@A^lX9l1XalE3_g#w zr;yuoy{6ctIr~)3#(tH9!4t^lBW9!tMULJj# z{#flogRM3qyMs%T9M#L>byJ1epz=)PYde9gR-G;5I^XYv1gDeiCF&X==dod|Jlv#& zQ@S2*@%23dF+qCe#Oc?%rXK>3Gdr{51qZIOJU_9&To!aRqwt^6@f`lBrE3NXW2+Lq zE?)xQp7GhN%Lrf1nXzLsFi`iBm~xxhEX4_rhs9=N({nv|ca-~lq8`^dXrRC;#Vk&I znFDep1)HkMx$gA6bZvV8zuj4jU?;_!6s)tHe-#>9EZjsW^D-`EDmT;F0WUbgBxAN* z$Lv;FbUMt-5@dt*5ko1(l**5Yhz$!bYc?lv+41&z1x_j8UqI(t*HLVp8upI2SKKWy zW%4PGv%dd#Rv30xqrP0Q`LiB3znT;iR-NY99=5Dk=7Wds%*Xz9T&eW^#>y|;3{bq) zHj5slI=G2K85pB`NMbsKKLwl!V_#cPZ?kQBhPMR>Xzm;P2<(0vAJl>V81=k@(TJ)zf996<}W zrg&o_@zlF_7YNKf5FN@OFIGbn^ApJ%12Y4toL*VVNA@RK_^tc#ab3FvO3%A`AT~FC zn|GF59H)n**J^~p()0uul#Gyz(evgk#Mk1Biat9BO8p&PyBT-<*~_a=-21)3W4V<8 z(SYcGrZGVvlDHtMuCR?l-M{A36QwRciQ2^3CiNmZvMT{WR*Hfv-p9_Qeaqzmc`4~! zP*Ygg{K8Vr`L^Dnj&si|>^R4mfOqzQRQ`Dm03+t@WM?p^fpMF*wl2m`=oi}u5qldc zUI1$nzF-Hp2Q>isWIc|6dbal(S{ZhUCS|kZb?c|3f~!OR~Us zLzHi-vT?(tFJ23TUgv;YiJe&SAXuqz9?&S6k;g~)OHO87a^nr~)i6!-sq*#UEdrVe z$jj^hfE=Gg;ppx8s{=(DFzE3HoFVdC)7{Gb{Oi&-QWVb@p{A`eR%SV1Ia&vI@b~`q z31L^RVHLzI4QR^B$UTubiS~L&++jIW@Eq*~cJ^}#>M4P=gv!l>Yc`zW&t4QqiB;mx z?Uw2OQ+-i@qS8kBsY*Ief4J(m2)$2G*6KKnIx&G%oU(ni6-;6#Z6_)(HvJXAg*uM< z{DJnjnm(Zi&SGhS38n{Zkw+P;p$EuK{9*dawr`ZOxy{0fBUJ>}P@C`#HlESVOs$RH zrFP$b?cv)FIxAF2TJ%zmbQ8u7Gi)3jc8SaAdG7Y)MEH930u1;Eiy*3@f1E8_AG*MK zd`q^opY6_m@;eU>VW>_{y;-^)w}(7PqpUqbRA^MtVOMGOf1tlPnGmgCY5!ofh(e~fK#UBs_I3fsjbtSmq^Bi7`d_C79WrA?nf*RoY z1b{IPV?fjSN;rN~-cF`jy!b_~0agtHC$jZ9VYCY0dy ziwB{DgZF2gl-C>aGYRy*+`}#C9OGc;o5^Wm3aGHx!9Hr|TTqn&J=H`6=;EQ&vlZ}! zsOKK<>|8p*6Dx`8ef;AO`705Jop!I+s4C)}zuVD?)h>b$I|f8z&6dH?xR9h@R06@N zc`I-N5KK)b)DK}5>IRIIYgIv9Eg`;$aY3~T|F6M>sqwGa$a4`c#ijFHT1uT>KUgS{ z2w#A2ef8cu&yu_|NgLk)^>@eSz35P*%gcS`QqSGv@VtbBIW4^@H7|*^@?_zHa3@UA zTbK?}WTZuA(z#b(w7YI-##+H*Th*7 z@jfzcn(#a9*cs?jaA@^oUG&XMAH@k6&V;xx<5CF_ICi#jpfX)=g$hhy7!12#xr#>* z;NZe%Pm?x|leT@<{cVI;AI1Dm28oaEi!Z&#uM!fi2VH^m$kXNFo!%-0bD8)SlC^HD2mdG96Di^I1c+wZvvsIb|C?DRyP+fm z1p0+aYS0+haqou-|C&b(?eeCGm*O(6>PN_y-S-cX2UP~Fs~!?0vlc6d6SO>{|CDowfK)K|tsM~9uo};VRyPq>PC2bAQ==k#Kg=ws zf?VVihjZsRv4TWznlc<~b)665q_ZG^n4UolAFbbs0y8S)Y~)$xeT#F6VNmrXCm{Hb zgSQnvCiz~} z!!TnNZZCkKH6YTCqo-gJe(9efWn8R1Dn_1?zLq)cjyui`-S+kulgYNiI$BJHX|F_d z7FLgbn^;V(TrqROo!paaauIDFXc>=aD6Z2cUMku?nUavn)y6z>BEDBXS|hj%04P8) z4aB@mC|mE54x{`9qHP}i&cFY8fpdPZ`JIA_zt?EHYLBr(JQnO=O*0-Ix!Dyao-8O)Z@wH8tpk;ObxrPrJ10`o_Id-aH+3jm7LjY8++S#rog%Pe4ZxE(#z0w z0uxcvHOj5-e|IvL4@26D}JUy3{P)o8E@2F1QH z4oKOl4`5WNsr zHKDQ+XEb;i3t5)<-_#Rr)`IE_*smR@5~jIHlaxA9|D}_ z8GzX8>Fl?B{Y|>@!J5Bt_pO3t)gvZ&#O+ztImOA9I+gjcDZJhYTvL}Im&UOc=A3vC zp6i9<+BYC!P8Cx9?Xaumx<~kMpN#aoCc1u(J62OD-5h1hJJy~P^7-Xcg4lVl!#Bz` zW%qYp*VtF((GD>?6JAgqPG^*~l@6}glAok_UmB7MCF^MCob{|_>I8B1m2`ddzbi`B zWd!9g=XfpzqZ~9vOHEV^uX zdxKeP)f0;JQlYGkc$9o&f{`ss;ladT7bD<2i@#=vaKEZfX&L$yl?}qWo4!U_&*bHf z^X2E~XWCs@hvJsRTrh8X7nh}72F^2G8#h~pr)`S?WePV(^TuHZv0u-74cr0`3K&or zRKcL5LsVMxybYt5KtjBW>V1!Z_(gX%o&O7o4~~|UKymIDm=JpP-`Wey6e>%-51~DL zVOrU{?dYb?;ny{-;2=|0E*mdn2wUw&O-j;9QpF>`^!_aV8BPCyRELaTUtacm)XCyD z&Fz>iH`Q^r55-9h?I0jmBRuq7-|-*CICp6oI0rYptDb9eGJ?fw@t_Jscd+5?Ez(?? zrpI{EyTT9p`LMp|v^Y*y5%BnS0sf$r3@a+c%&h^P5!ORDt7%J0EUi3`Uo>5|-pvViE3GvG zIq1PB0W6btp9;03vpCVghwa|WfwM!i6!+;{%oA)=M(?r&Rn*{$*aE|LL5$#ReS z7%6qlZR~z;E!5j2=02w|fB(%~qlU_VcW*oZL-in89|#o0%h%->zWp`jK!7?M8TrNY zDwm#b^+zyy&)v1Dyu8KrQ3yAm)2t_UOsNBJ8-7DQe5wL#U4k=Y6k)pAMvbKfZ>-RB zn7TTf!RtA&Z|2guk|41dHxRO7T^;Yb5)j~}l`&i$c6Rj)%H^jv-Ioe=ze65hwn<_V z?F(W0hKLvqQ$Uxlv_-q$`XfhriJ}nm~8;9Nz zFr*WwG3*=cdOhnKA`gwY`wity5PV42@)p(~A_>)Dx;+Y6as@n$Xx=f8MmV=CXNaV8 zlf$J!3nWZg7f~yqcEp?NP3}0!%2n1OKSeU`(Rq-Z|2cpx%)HL97js=ar{?M+HPLfu z)*>d*oEMHX*it_k*jPU#7cwtVN?(tQ&ud}LS0yRVh*MrmmvGXy)0e70sl(LmM8lUR+_i(XE@q{@pl)uh&w?4H{q5e>yO$EGS5`pd2Tr z9v~?cWWwrMS=BW*vX2RHrbaV8yx9_KSX(F_8ui$Z$oo7m4m(bZxyquS*OmjXlh+;Q<_yz*qP`9alrH{QP2CrCuX%=6CS4+ z5j{~T$|J5Pi7m)W<}A{rrtcDxk_pqim4odbQ^pm(^8Z40*24b6>)i|7HT?M!+6T;P z(%&?nGAU>oOZoOi5<0$f-yBMu!6aVK95Od}_}_^q@B!63$9zaX+Gecdl}kLsqr=p8 zBaef{{ztry@2INV*z#Y=WHS=;iw||BH~Ne^+KK$a#_nOap9r6CyvcgQUT7%%18T(@ zh1rNHWoH}}PFcq%CH-U7V* zk(>^zU!eaf^+)#>+xh3XL8^kT4g1!QvJP)+LNI3WPE+&`#Ea==(a zNMa4tBP+j6(Isf}S_9K+G<=zUIj$F-TXeZRQS*IkR3*CAkglkCR7-;jqly+1JJ@SM zdLYf=K37{^=`}z3^6QFLd9TGF{>nTl?DT3Q=Jq(rY}JXgQ=3KLjfi8soh1hiL2k1m zcPgZ4jx^BilKWT~%?NAGKHlL-NF3Ru*Jmm4xSx#Uo@?*`d$2pR4~XR~R#H|fRsLN3 z!6C$}qN(`r4WdcNGhyBUOMIy#4d3HZ{wcLWZmn+3*5D~Fd$PGvL#}ThKyeqhJw=8(!FqQpE5(O7(A(B7aC7z=Lz!`p z%lDqJo1gkpV`xJGf}hFe!pjJb1{!&|T3RTQraTBMzp3bI4#;deDp9$rXC}?5xu@pR zFbA=cyL}LRn3USUl^BP&xXE#f1eE=MG%VLzC?bZr%l?}=NZ34)Abh_T*yOlm4*>EF zKc^X1dlv0xxcBl*w3`4=dSqbs>->vD4JGj*w}wf zb67;O!E)!?!oIN6k+z;O`gPP|u}zO&|9O}YRv<4usarb2NzA(6bN9*vVN==b6`ood zOI3SDhsE>j`5|O+{C0}G~XEA1W_@X=9 zFV#c01<%ZKb79yBGm}7)(95jbYO$qJ*xF2S!oEQ_Sp0u+oWHX$ptg}rgG^3rlxe+D zXvLC6nwi|5+cJjv22zPNXP+vP4g6 z^nwLkexhkL4lAh6Y?wbw6~z3B&8%#o*Fx+C78RdI9~`+|++-c-8`f2>tQBo_6hv1( zs&RY`sz2QxtI;D={xJA!Hw0fu4sVbe*(B}uM4*{HaP7{0pYNUVXs1B2vy#9h;SWGV zr<}7#2`uVaej8bx2nR5-q<;4YTD>w>k8|w5E-@1&y~if}dA$Cts-86M8yFTwrmsa+ z@Mj$}*%F211%QuRR_MuXVftabPkpDW`K2GSJRy}2%p7fEmawt%7(c4J4bkQM#?^p$ zge>^#`bC&#$_+y1Zu`iC_0vgPS(4x3W{2=SxLsvux>uI-!bP0<#NbY1v*tM)K8 z0IhNO>?UCCr%5`#PmRN!;T-0giAnVshmI^Tq%JKf7pGmrS~B|Y#O#RH%7=<^~rP7dKP=(mzTYp?%Ce>s$`z@uG7j$c|nNWOGM8 z7SPFY;Ck`6f4QrNZ>H-~80lIB5OkWsF`=TEsS(m=g?hnj8$p5>WScMSQ()U3#F6CK z(qe`Y{=xC0_wCr6!@~-+SjQJ)0rtBsJKJF*>vMmSV{%^*uXaQumH|^vUv=S0p+YVT&-Qf5N_RGYFxBv zTBmbBZ|t_HU3H389#YA?pKh_!f(2pp+=$&xA>fc}m6a+n{8*$w$`krNaiTzM+pOzJ z4YuPZIw9SE*Y5sKdQ`Philp{7%*p!Yqccbhh0phGVl#N_&`!5?>^BDZer394vb184 zr#xz~6Q2DEXfo}yMW%=*PQ*#EO0!n!woFFlkl2uQ%`X(YSuxkUswbnI(rk{}g@|y* zsHKjt{N~_qo#;`}9`-QIe9@Z?u+rYVdw_93mP?P~rY}s-^!x?G^$7#l;Op+R9-hGk z6cb9p;&A7=YL!YmT*;J;60Q!M+am!oc5UMdLf6DFK{SfSPfrM2P*WLbaiOL0s)>sc zW_eSCWLUGAJ(iJj;l4`aUs;UcfeZ*$6P+h{l20{3ooDnHo!3{e^Bg&vnvDBn{5Ar!W`J$J^R_Z}(T_ye z2gh!$lKQrvZ02DPFN8BB#A|4n89E9$22*1Me`=o;NgVtWeYoryvOL6HqGrwDfz-|FseQ zK2^Hbm{jvoxbVkSjJfw+iJQTx-N^pEMX3u+p}gRetyFl~gm@ET1q@xjxiD)xJRXE+ z>p3+*aA_SCSJy=wv^aMvZ|^dk?8Ri}c%9L5zBg6xD-$32^)FbWQO&S3Bq00O|KmzWK0OEV)!qrU{al51Paw4kgd**{TN zr>e8?K3x*z`cVbcJG`{E60+W#q{a-sF#q943hzAsH8s=x61(lZI78pss?yJUQ=Y$* zlAb|sw(8LJmzeuu$N6HC$^sGSD@nPIqpa9!GahxhLx=Ak9rz7W@zH3M-c^df z_cjY?`g>`U*(j;sT9%hR_Q2HroEf}<+iX#Lm(B8$WQFyh);VWkNOa6~?V;9O6G7j- z=l7TAqJ4)#1og8{bE}Pee~!j0O62e#v3&trc`l03^zYtrkCDYd-QOntL25v*{%_dr zuP^arbNkSY#ksa27NE`VPVFX1%&%)HoghmL3HS)_$oh_if|ODBp==;-94EY?70`y# zx1an5Nq4%C6}itdTsHLG4%<(nMUN*H8?j9ina(5WKr*W**1*yuN1O1^+cls6iXs_Qu@S8c-l~egYwWToqj~iUUoAS~|8vNy zo}h5aC}KzJI+!J-gAw)cMmYg9e9TtSmtGl$E0RwuOwIPbM;Q<@#eXyWoeWfZ@IP z2Bn+Kgqp1yu$e|TDBmpY;HZ?^#~ya)lr6r10z-qNWphGXsCzwKaL0GbROr5OKxKYI=&4NC2qO+O+6MwE_ z%ZT8fg$GflzogHlM(_9!-@hb92Ub- znW^r#8O9pC9!Bhbz1ARB_1gB+1v^hP*J~ap_|r|0rL|>rc@);Br}K#p%tIqd7PAH+t9Z8JAojOv5NKJnTuB+~}ge+9@}KF+dk`pony zJO*EJ5{FNWA{SZHUO=!->R9uq*l$RrG>zg_7w*wEY#=x5QtDQg=FR%ui*k6z>Z<=C zgtELwB}$ygu9Oqo+zfn{TzqW9#^5Y~dE~{6X0(mu_`dYTO~*6j3uhuN=-;Q`Khk>! z)ke(ZQlznAHs$s3VER+ocrceDcTy1r>I%fjGyRr$Ese9~%9dHV@};t2iZG$!CEw;Z z(c|Pd_RkmFD(JTFaDBkEe#b9`Dc5rMXu!ZZmMPGNBK6Z-z(-K+Ty(LIn!Y(Zti9`y z?&etV|1kE|VO4G0+khY)0)lj>q$pidDh<*dQqtYsEh22XL+OT1cS}mgrZ-4~bbX88 zJ$mwf_dL)3W3phg)|zw7F-N@P9r!w%?L6K9(NLh3dQhY>a-e@gAUKEtuM$1J&juID zn!PMt5-tB#bXZ_2urMujWE3JYc;8!Xq29Nb?0Wb7(2443cg#>)AzA;+7B*@4d^fJC z`t42Y1H34OznN+BAK}mSaJqCQ z%0@g3sD}eCS>C{1J1=<)9l!nm3AQ{CcnIx@&gM=Ix^4uT&{t?+QJPayvrk$2KWU`n z`czKl;f@r4h-FlHjpD&6!o7*h>yLHBQ^uChOxLrrjA3j>gl|G%Q?CfW@PX)bX382; zp3SUL*6L|wrN38;bR+FYKd9B5-?8kzybj`HPs(~hm(GLS)7XwF8ZpF*){_}YgZ1`- zlwkx1F*qX8gv)zbP5sEa;k=+Q#eXKyWoXx)HDMm((1{?WRnXe{_Vjxz3GqUPFLO70 znf$qq&wM)*0Hc|~4jH(R0>D|8K=WazDQ#y0QPXH*o-y8+*LmBLu@M($TMhrG`herR z)m_(-e-qb#lL$yB*22$6W8(T?UL*U@QSYh3X0L2KP=U7?&qDh267HHyfeiEVuy)fp zXKzXLksEmyTH0%L_5VATGQ^PB7-xZ!lbtasR!4ghplw}UGL?bDi#sgOP&Db(KLHC` z^~vS4F!a3nhY%vjR&aF^_v2$VJ;XbdiBR+9XyNC`LyEOPep=06DdJTmdQF3vjZNQq zO?I!@pux+bG&(fyi7xz@PieLQ1-jbuypaGgPnEL-8lR@4#l*tdVw|p?t)Hj+l>i*e zvw*4H6N&Z4T| zhJbY`X}^L81?z-*y4!DV-tqQyQ^@<-nA*3N+5hKF{+|sm?}Ypb1vcTF`%weF0Ue#e%{vPf<2)Q`lEwKxP1f^E`R@7d zOJB!I&jqb1%(;^jHPGBy)^6*HcCVLqEP${wb%Sl^s&w!XJr`Yr-+1b6hDEe3W)x(1 zY6zthU$_|`*yx7VDttQ$^kWYnK9sVJ4_vX~Kx!bn-uK>HS9#d@B7l4En0zCH6(XAv zGQcT7N1CoXB*fW**=6`M=tqA8PktKo?fF1o=YFvCyu0YZ60V{D+LB`i0ylTvvn-7O zP09Y!Gt=7*qz-?R>$Rp)NcxSf6!9tb51lNfPfa~vZigvy*?7zLkCM!RHMzKW8coiuph?9zBu%>Cx|}BSHC>*HsPav* z%vUGK+{OviAj*nfq5IyPJKm04qxwCO>S0T*zqkS@qGAnyoZRGF_jo@n!PM%GLWugh zpZ_zKMxP3AvyWO}KtQyihL@JOQan}hRpq8l58$9dpgXt?ZaHtoA)8(4Q1D1#9HAI= zH$VAIKc#`KC`D|uf9)?=1-8Ih0&l!%gQ$Dgu*o3J9kxt(1mLwq?c)DfBJozeG>>w; zIZ7vqKE?lq%lh-+vl_f)9E{fNh&?u&?Gy{$xrzk+`yh9nCXWl)j`o1Ad2RkXP1~pF_|F zhLGDI$iANN>2QeVU4B!9tQ%cxlIGPvTN5ejRg1PNsx1%Ia)>H>KT*VZgvP;(wBH~d zSEjefkN5>ZFYmo%WnGE0v?ILPf3&pEy>UAi{+cN!CZSn?}-nLa^N!Mu(sdQ|?GV_IWC0Gwb|b z*HtU87QR~a$+(RdP!1Elo$Jf2R@VBWjTcu>y{^UDAHpzF0bgR$&=^F2N$NarTjP3c z42V+VM2YrX6u|OAcWpIaH+r5`H}_~uTn%(pUiKBJ$xt)binTBSP@`75EQqJOjN3n* zgYW?lcO9;Gucl`zN=PtC|cYAWJ3GZ{n~c9Ev2=2g!DlppSi_2N-+`^5 zL#eWA>(2F7Tg|yJ{AOd+QmIr7u50M>Vu=M%5@y;x*6uj*azjJLT`Y6^ie$B z1_$zOK#Szm&mJqGboHEd*7rR0TVuJL-nSm+(`6J#Z-c??<&i+?64_9TTao-Y2Wk*#B|tR9$I;e4ux*LJi5fGEdIgfRspb zy1YX|;3DUR+2mkzI$PVv*pCtIWa0KYW0?$xQ-}0hTqxy0aiJYF3PUrEEUX4s5nuG1 zb&!4UKCY~4v4)ZR(otR|XfAP|hmx|L$Ae+TX=|)2w6^G#Dhm+y-Q0IO`98yv1G~%# z)KWjp3kOjiPXakO01U#?X%7U-7X;CE8y`$5cz85+b$8brMMZm-eFfS{)jLAdy_<_^ZVQ%%48X9eY3 zAqwox86H)_FF#!=7^J%S=JTA923ABt?aj&=o+~DF4I5LXJn_dBOgsUtiC zD%R&9OF5MC_Y)mVo@ca$8ii>K4m~783_vaO+3YINB+&$&z+lVtH~~l2W^brivqp_M zB+vno?@*P}CREoQSD2yyS>v<7`M9U5ywH6g*as;#N$|^Qdz!qa46};oBpk*OK;~&C z6lh5OG9gNLGJ89INTc3PJzdtIh6o=Y8n8|)lf(@=WNo=N06OKxi;Ii%1hb|#cnIrZ zv`3}e^)n1*4%BS%pO!2#H+n5?YF8RZ-eWd_hDECZX7#RH)Or4iJbpY6qk<_}r#P-1 zfNDl9A+2G@#pLLu>Y*kgcB(b%(JSVy|6%6`RUSUWMOAKO7MFk&iANv%oj~3bUqW;;CY>6MDeBc%5F*s*Imr&se^<_Z$N3 z{x!!?*{F51neqtBc7O<4j&QyrFVeZaY!4Gjlf&#$*ZSk9Ds?Xvg*|UhrYwQCknPPE z1(oQhy+WzkZ@Fu>pQ<<-z`ETU%>6w0VW^qSdY{O;aaqi$K6HzC5vb|(yt_F&oz%1@ z2sB1%0{S;PO;Mbgq&tvvpgq4@;jIsJO||vF&6Ml)tkXkokF1mlYjr^9nCCz+3JTh| z#SJBpOmf^*GIlXXZoS>v1d#au7|h6E1NI|+(8uq;=I#?eZ2nPFAUvYF+oYgojULrt zOB>QKDu`OFcEl#ZH&rLu$|OZ?*qCY7NHj>UY)Vkml0-v7|2ob>&aNgfa0!YD{|?2G z?sRusD=qv(tm8Gl?({zJIg_!cX5ilmL=4=ic)$}+$d6vZEyM?_snjMT2 z2#%y=6@QP?Z4VuCWHAhi*tlhyA3FUj$m;j`%AmiWqrmv@zl`cnSg=SnNEgJUy?L|I z(NWn0qY`aEr>ijZ%O*YV1DmO*!N8x?aEIAzeQP;qzYP8sIRf zn5i^@@&th~QO~lmw&#q9iZyGUR+ziAOQ5_uWP`AS{4LjO&Kq||uTA!bubXk>wy2GD z9bn&f=4mF*)mTIJ?CvTo!}|GYqheQB11(V&bSwm60-AsArN0hZUn0GR5kz`YjQ8_+ zq!)mvFHjIR|5lfY&hLq22ljeb+H{%aDd^;fzF9t7&uR8>be{k?>Da^qY9wFA?Ov2a zX3A5sEtb%aZOPq>-Jwr3w!~`C*5qHwYMFWZ#yrs{dMns}V}MUE?~Ub!sJV0p@kdre&jg4G#% zb6@7fp2w%l_IW@r^z@O|0Y=85RQw<%<4mmUt^9OeD9~dl$T*K};KU(nTzR1V5};?a z(NDZcrF|pn}{*zGBc!> zUiEcVz#$691PO zh2<*(RI+KkmM{2KE-Y^cPhSGyEf!W*L9@|99ws+e>Bc>z&W*d7n`eE9obHo@5VR87 zv5KfCPH8lj3x*74>QxAuoU{5{J}D)iuw%=-V{0r^xj_i}tY~{%l?O+aXrQz?IM_Fp%C&*!)YL$fPlXtsT%CHb=+&%l zA8TY#O*J?&tl9DD&Uf!09v+r32U*>pYpBc8qY1m0r(mIN4yEU3Cx*sz#H`vqXy`I@ z;m@oCcE4uGo5-#K;(`{up%dUY>2d`@<1RJbH|zaveKYCVao3aySu>dxs+O@Q zua~;><&P~Er57E_`OC8_Cq&#VES2Zw7l-4@jqm!fryh3cLrM#a{@YRl0!|H-od&|^ zzW-f=O8HO{+UM7pjZbz*-pqIFa}TBxl4z5y*i_)maEtUiy>!Wa2Nk|vc(`0!fD`z3 z>`a}_fy)XL_hz~T=M;;x4jZ&QG{65?Ts-dCD{}d|o2E8=rP2(?=19og#`Zz%)LSvJ zfQG!fLAx@~<5H+IZ%mWn3~E=&qu;{Re^p$7k0?w5piEh)>6LMQ=`J2P-0thA9I=!( zM6-g-d{5`b#>eMd;T96m_M~Esw6?L*Oq9lhsk47^4PfYFp z*}jl3iL-lMUKh7;vAs8PU%o_V8XJZ)!?l_Tj~XnOf>vQl?M&g9#Dyt8{UEbsr%w+* zc{Xr6en&(v%~$YW^PjfB8<*5UbzZUj=HBO~!7Rk0WouR%%M=0)cVp&1<=!s!kHEN+ zCJb=GU&JIr<3)1%W9Wn_xcT|#KgQH*{P)l&hJ-NOL0hkB(@#TQI21eMAUUeBkU5uFi!HVoemY+7dHHu#as_)j5jkv9N{TLpmyYGQ(tQL3;qx5)u zq^=#zV1DUIo>v~_erE^LiHrWBTJa;fFqgHOS_10+;BBIJ>)dkzb;R;Z8JSqZGeO=79?yVZL4)X-f)_;tOd)D;zlwc6%fDnp)^T@>6g*lX~C!WF>v>aay@x)_O%$l zF4BNiT%%;we7id`J|=CCc)kR{-r8Per4dc;r|{J`pXKFDV`$-*$oGnG?#pv`fx3F; z{4S1D69&xv3{4t{rP_y5_quM>D`MUz`5k-|54Qj?fOvj4JS;z>!oS-FziG)8I(hJU zvQqf(FGUV#6a$mmgzE!%lY4@-mUHoR-zR`7da$SS{^D+@9!fhJ{#OzFGW^T_6%H$vOa`QAWn(fKzt-*u5?^2@5 zQTzmcashbK_m6u@?IkYyMmoLy7#leRVG1cO8UW#cDqIWu;l;EQZiq^Z3UWnXW7X=p zy+}kqtbPA3r%SZ+W2Rlm^-9 zcci;)Qkaisi7%cXoqhSQVf|oPK+|Scj;H-T6Y^F_@;of8ezp%U>H%fiA?7jE}#^%qhgbhd|ifSlXXCZ z664$v_IMI&n_(}HnnwLyB%v(44qC9qoYU^S8%pQabg+Ir!|C31{X~|bA@gIuqoehK z1#s5Vz`i>Uj`rNs<^ElG*t^`(?A`G*NbP<7c9g)aOY$?bkK$8b3{Qw&RER|ciaaCf z@UT>Cn*GjYwG*()gw&{0w?2*EzRdT%kFMAd#NyQVfdWsxFrG+`b7()5F7=(~)md#h znfK0oE3S|0{5-TcTF`D~FV`g9QoG)9z}$XB-9-JJ(kBI&yt=Qe$2ZC&QWC+;zwgK2 z=ZYMz3z$Hgaw=v2-!IB@BFl$lYsONf6Ff{}8I`VkQ!C<<^O*p)JSGrBKdcM)5jfRK z?yYD+1`rUJIw7vGgrCkpN$w&Z;7oKTOrQxlS|JB&rQ%T-+deBz2-Z2Y+d*n!V@~! z*r*AlQD3EbFKTqW6uACgxZ9_YU3A8fKh2Egyp@obKp4$7Jf&+F+Qn&MTKiJT2>c+c z1jq1E7#Jg^u6Dt_R8yB|fP~k%W?1lgILpH$^WjU6Q{1XQPG<+0sU}tOGau-NS z97XY25W=r-*jzlrKS-V~)sLlh8Xd_z{SH*R_`LMr3EM8QH{?MXf}l@B&FX?zc^%4# z08e~{0)EP8Ng6f*!zO++;R)Tm-9-|Sb=5ttuY7lI&WSrU5z&n+DsjCMQ?TqFz!0Ck zjJGlEP9^>0L(6rSM9X0iI`77lGvSwMhEFiDKL2)jwZ;I6Wc&dZu@SuhoZAwGU&h`2 zG2nXy*p@b~eA&FDzfT{xG(0_0A+EHKff*d_M|F*!t{KGu%e3=sVoS~L;ZdG@*I5Ba(WC`9iCR5!%c;}S{ed${{hyAsZuR7 zvZk{%lE4}XLvO1>KjLO4hsWcgd?YK@&yHX@YFQ9gRIsw}DI1@sg5?B`LW)IQHdkf& zV-7*gq=w+rmGE6lq)9aBpqIKI!}UYyAp3bVSeZjm?1pZu?cg&47L%}9cAJxmMoh#5 zkB|-~+;j%hbd2Rh{jz<3wp4g1ch8EEZrI>YTg)a0=^VoDc<6(@pUF@sr)=~b^`@Ce zF<5eNt5xVU znhCBa7MjcCZY1H!RNutiIEhL5wAO4rU)6{0yyq}rA!JQPoXk3SH&8apR3F6u_&4l1 zu@zh+^!$opfAsctz@3ZCSn+Qnfw6StB;m;a2PF=O1nDJPC@z9|M{a*RvQnrsqDY>a z2FVKTz>mJzVsx!mOu^ea0RU(;3A3Ek<9Yc7M~cWGahp_l+Gu0RNIM?Eenai;+CgN2 zLI>EJ;A3K-tJB3%Adinf`R8Z(tfEZgF9s_RR?Kgv)vksISQ|bJ2&3v^PNo{bd zZn(RUb2s{7T1Z4_$eq)2PN7Pn@fMi!x&4h!Aln!dvAxpQq*I!xWWx)+YZvz&Ftmusj+|qj7FFE( zr-8(c4S(Ly72XUaOlu5#Fs7Ih^jOizLTx|)xr&Qh5q=FuP%&pB`gb?v6Fc0HK)+2Z zJ>T+<1$qwyswk}@{|}rmRy2!@74*_7UyvN<8^uvUSD?&9Ii3?GXsai_-~J}hSw!&W za)!kwCuD$a2m*8qTEL*QCJHbUEcEuqpS(cv7!I&MgYGxmtAToYpkNR1N}Ner`BMcb zV}Ri;ihf2S*?DO%-5}OL>hhYA3pDX<{%i^XM?}^Q^OVkZz{*RL)b*5>Qi}OwR-v1B zCaKP87ZJf{-TQ!6ij4YG7rlX3H9e zbiY9o`r2+gE`H72u6MT&M)*dxP|Mv+0w zWjRm<2a~=j%Kfe5{G7*+@DBEe)eL_!A86iWC;|zt>v_31QKFt8I5-FWB4L)gM^qBr zCfxwNZZSYt86OhLekW>njB;S6apU+ z=Uk^QiQK9zrIe(>ri$U}TqHAkyP|^a=T>W#&s2(!IIAsY#zfc|QvKNa&8Lb7G=~Fa zv7Dh)bZk<@#9jPk_Z*Rs2as72VdG})Aa7$c4Ald`?!iK;$j_(wgsu( zO+{63tSexeTk#x3-h7Ph_j)BTT^xJ?=(6ZCbe`3lbF5l3lrEtuhqK45WmRD%>Lai16;n(fOwXCHqq(%gR$l< z?1S?;<#}XiXn7#kq2T$_gNDtl@STlh>l(Urk0UPksX&}hSMpe2LIQh+LXE>V(4dW; z19;gXgyChw;ceE-*B9N5jm>Pq){=G=yR+2;fznofo=$pXVPDXC8qHQE!YxNyl_BMx ze9V(WMp8X23zaV(74Q&Xez)urRK~IcE39_cpq|_tPy-ILd987SPPG(b&*vgU78k#o z)(Up&2Yt+|Oy&tw-}K9Bn1epVXmdsxV2Y$Tw}#YwCBdI6mqiZ1R*lblCahQ! z<>)VU>|uL9AUFHP_yhzOGqfIkcu=R6Iwa)GW(RY}<29@Kn=9M@6gG@t5L64J?>7u| zXy@|nKN!Xhoa%6t9Q6nP06cldHmW7cgV_EVoBAM8Y7KN%7AY#Ec3k^PinJq+vU5** zVuUasAbPtkZvY8CZeJ%x*>kZSOD^>TN|`;iyo&}n%gDA>#h(nuU8J;oX~{gAO>D0w zlhf1m%1U(v53X!q7#!(MXD zc5fn_Ke?`rg~Sab8q=d~6SB@6=PW+ugk7{xT3PH;eZc?vab)9J^#RN`Ua?u1^*Gg| zTXcZj$a}wFy7SNBg7p}Hm*$VWc=vPk1lfkt5mPI7cdpi%MUU6lx?z_SU$E|h$n`S_ zv$pkxJskcjR=@b$wcb$UdITxM%<0!4E4|FtT&*Twu`uUEN{UicyF8r8<$8eFbQc~~ z(BUOlnb^{b(XEMQ_W6K)2cn)@N#l{^nLMI>XvKk+q`VzH5F4hE@VR?mv};ORwZDCC$Cbi>+!$VLKR z3J}WUVGoG?f@bt|IeRC~C@kheJN(CwXG)clhdAWsyyE6mpE&P!ZNR!MUXzb`lE_?^ zV4(#jf+oDaC;J8G7i5y*xXuiW3fH@fO%2*kGe#^PXS4xoauVFmx0de&6+&BsMO3ds zgbyDrK~(eTLZYLcFT6Yl1}_E>&8ctQDDUfwf4T4U!}r+^Xl0?{uRtr7uL1RvxE`+; zpX2v6k*RwsgRW`+By8U>8J{f5V+)|1{H_|Lyz zJQFJ>1$cjOX6CW=>NJ9s*1~ZLZEbB4*PNMa5lbH6_;!f-v{RB~Uu%^c1fr7(&I4gG zBYa(tavYy6rd$^V4bfmSTBh6r^)#Z}Ce13-7@RdkOj3(`00f|+#uAQejRxZP_A@Y# zbqXGqwuJ~I&r`|uS;)p|KZURkX)c>bjk!0qxdb0 z-cvwDm+&&u0R%(5I|!Xf13(K{0Clvdz~s%PIxm_<^B;v&TPh?=Lp3F9Qf{c6k^b zuw5>|5;KyTE+=&JjRf_WGe0+%M}IoKq|!Wp_ggyZK$@54-X|*_)*g_qkANi`h4S{Z$wUMl}8z$N~^f zAo{FkV34I;sk=l&w^Hx#uXed}$m(pJ`|4-lf z&-V}bfSq}VL2UWQ^Z5V#Eh-sdD+rZLnE68^N{|Mx3bI&wN2SD_AG!N0Bx{oK9s*gekwFXco3a350O!CdL9 z{y0Vd-?33LAaWI+x6j@Fdh=f@>@R~}DsotE%s{+z|kI zzdx5N@Y>MKkzY3C-{14kS3X(Z=MqjY_?WUGwbl@QGu6nyui3A~`{RIE2QDtW@Io?< z@v-XL_xbQh@;^?XBi@(#2ky6yUde(34`D+ujaK>1KK+9P{pAG?OptNIVNz04EwK}B zcfQci+_>Ie^W;nu;Z{M2hwPIR6B%IZ-pLK8@1;V=)5nDt5(xh?wg31deKmZTI82E` zb`X5KqI(#s5F1L%J=g&NZfUId#}xy8f`H`4UOXx!?0q~Z9DgZ5tR0_}RN$STySrxk z2mkOdkNfLK`9b*GPcYIwra+3}9!d#DZSt>5==r=6MGl)bP;EZN%Vh&#*_i0)0Hi=k z2?io8uQv`34l|JM5fK$VPFW1jX8nt^@XwPaUvYnX z(KU|cv-2q#c{<1Qgf!^1(gAr(`elGO3#Y}0A5s6tsL%K$5d>cGDNK6VX5ouEB zKkeba-{l*2#BgRodU=;PP_H|^xjn?S>mWbTZb?sW8)2Q(48rnC95{P zUreD}+x3N&{7V<>sq$>2We-Vs7H#O8>_0^@{$M8kaTVwZeNmWUg4-{W6Y6@tPg(1o zMO}k{Uh!mmi)eGfSi@-OJ8&Q*EzDe zlMv_Hm^T~(NF;(+_8Y=l#SUxOx^9_$lO>dO_!~*C`#kmD~!)d!B zR;XN9Q>@#vD0sEQQK(T|ukF4NS>tx{9u*yZ0EZnp#?n|AOLiJO&Yn90b{nOft274% z1_tjtql#*+Jrkc$M#Z01tdnQZu+!F;I!Y6W|M=-$roMg+P!%v2QLYs9nc$)7vzFmk z$$XsFPIKTiN(OPc)3$OOzHRm&FGR`h`Q{83WC~TlyKgrAPrwkJA6+*U=t4Ti)(uHRETG{k>Zn7PKlWEA1e{az_j%h;+_^0X_fT+*fNw-0I^J~RVlaF8iuF8 z82HG38+&n&|tDkDguWLj|}h3 zFo|boOJ9;JpHt-`h5AV(Gf;6pvx}LVnnH}6q6Eu%>JB`-$3!;pPz3q<%_+}RHG~T? zIO=X(YCgn&+=!@;o7o_HbE)uXR9ysMpk|DCW+|t{N7i_z^S+@#YYeH)G49NBm#Xbu zGrSS}OfI&MEeuE{EpA2Ui)5TBxdPtCKs*aGXQvab+7uoXnd((H8ggI5UX3P7-_4{C z?5IY&)p~*QI9S*rkF>wFUZW!@&~fFoo9io=SwzCOw{zOHGqiDu43AO|ji6jcN5RMm zKL7h;(GD+J1(O0$0P+mb9C3n>+`fOwr$ICW?Aevp2bhwhv5)x8Ckh_Vo$irnQ`@ZI zl5$*DI!H=^;)zs{xmerxmwX?r!iIwRUc-Cd71w5Ec6Oeo^7T-H)aQgvjGG# zzOJn}vDc5$(JJ*y>O3!&<%@De(h!KY-5V6q2))FU$jhwRVn9$`nE z&6v^E&o#z;yc?PvjN4<7# ztP<<`n^W!`6QOYDi5_0ZZHXyTfsdwqn>S~xY$t{3mv-4lOW&Kc3_Vt2UajyS3Y^T_ z8~Sw~ElgmFXxl%06!bW}>R-ni^nu0}CHYCNwb5P2NbhtFSxc2}>94Gk&u zXJF2fPsC=|W%lpW9D@DDP65sa34ze+D{~o$=H12cxl+`IF|(!w2Xb%7F?GQH1|dF_ zUaBaMU#|VKl=_^MN})OEyzyX=Q2>^%oj9xlW}U(O@=zyQtDJ7r4kG9nud&!o#3;~j|ZdY%E)w{8S^zo?0jnGdll{b zQ4M=Z@JlUHY(UGiRYN{xP!pe1#PH+xx_S{j>!#hBa$!nVKOBr$9^K)# z-D56gus==B={VU{n(Ou9^eeybP1sh@r#rU$Bu=k06Tc+e^hD1)>+V!dsMvmiA6|~7 z>p`h@j!J24g8`y1~e#=u_vQfF><0mZ*mFf516v`U2yfcpy%SaKxB%l*=UBdk zZ<$gcwaon~fO_?&B&(c#asHF74kPIKtBp5BElWSfv%>=xrxsnPxWhG{2G~Ef6%WxV zIT#9A%b6$}=Q5?&X5I71tXiR>2x`b0PTV#8BSyw-nz0Mr|gv(n`0& z*|hb=Y!oU<_@y`h05$)}Rzf*W!PtNf&J02hPvmk|6zq;LrjjahqH*67lvlV#629?y z2O&U-=6~6~4-b}`X-TSfM4c}t9^QXFd)fa=<4y%*?J>5quE*(&gM~NP8aXmz(A7t) z^(~D@n$x1Ig2D+!)?S89uQIg-YfS4!<|G0w`qgIkCN1>v_U2NYipOE=82UE9JKGtO z8s&XH#8>_rfCEWW&O6X}I>)#)`UmVJX;eB7epXPBjd~|yOyx$Fg*7#f%XvW@s6qSr zS=3y16b~(O+4b$~ZSrVB0bUJB8yfV{eQBRv#=~0Ifp~T~xJy24ySFRvK4XFzaNb?W zro4&>310J}Z94g082VBM9BHfDfu%2Gj~*M0+AIwVT`QQ}w?ZLXP&2~%TpG)^psHVj zFEu~J{7Rkfe@i~FHKxBIf7*QEQyJ^unXq5S{B#+ARDlo6`$V-K_hV+~4BRrv10mV0 zMX>oJw}fp8hiC2rEQ&V&%go%u&&@oQ#t5=AZ&tf=4MQ@K+HwN1)1no7 z4aMe_?QRuo{IrHISC*CA~#f`sMzq{qaQ0(1uvO}rd*wa{l^*J@`B+%FYT$*%} ziZn81u~tO=Y+RkyTOza_@xHqY=$m9 zV#w}Q>9@Mc_w(xMSpKM~qil+)%Bb+~Eos{l8@WAIw^+?Fd!8dp5a-KcLsCFp;dotk z#Si8c+JB^K=w474GdHHDjN2OzhCIWrPnB+k|KA@ydkUX=^_90^>LUvDl8{7fneqDi zSlXTgIf?zTHfQ+|{f3~Z%Yp4x*flc)#Sqy3Oz1{Fivy3zd5V@ju3n zhx1?9*lvDgQE-9!+FfGXxgiFcd&$Z!Ct|-h-<*E=iujShnu~y3X4HPX{b?x*vVa=K zx;RSsyy9|!^~fc->FUQDS%bzFvnHLmrn8a;gOp3j&!*j+GJES>xPD2`Ma?f&Cb(`| z)I?a?*(}fGn-fv-sC}QbaqBuos^xg1uk+qYTP?}0e=K2Kz7XaC5q$0Of4Iew<$J04 z(vNM0hmw`Jpn_RHIUoTYD!USDdNuG?HuR>to6T-l8o5?Z==8}ReH2U{u1dao8B-G6w{be30v_&Lf@j-P#TT%+5uYRG03>)W@jcW|_N|NE27=!zy!w&d7IMyvM z$W!Gyr-2|dUI|%>`$rHX?$Mi;OJyaNX&z;YKr-(o-?fTVn)2#~$w@A5 zgY$VI)#;`SOa0iawoN55M0G%`qQk&Wv&lSh^6u2+K>88}*b_nIDjD47^O2iVDg6Wj zM7TZs2S-2o$k7GOC3M!ee`RT4iu&j>tGk?E*e@V`fsZnq$GU#f z(AfP((tN*vLCWo|elo!QOmsryGCY#hP%0HcBa_BPkw;H$4^AnY4%wb?V0mp3YePt8 z2N)(ha^6YvO&rSBH9-g5Jefq{Q!&^e%t?sI33?wXduqVJkhO>n8C^^rC}5wY-Z>hg z<>@G`aFs1|^ZdJcvEh&r?NGko?f*QZ@BhG8=96&fV;>$e04o~8qTzmerm9VduXR1Q z**r0c!rn+L5l#9y5;vZk200g}J6fvUQm0S_+Zz(GU2@~;5O?gbHAZvc`Xe!rNPFpDS!@CUn=?Iz>Tzb=w<@3)v?s(f_Jh>)TGaOkBCDT5ak9&`njP2q7mOQr zQ4n;#cOT9^XJtiB-*3J!zKlGM|5mPATDRU!6f5sq);Yq99gggNJ!xLrWleLL$1a(X z$~wiuGM$92Y5N?9<&u!cx4}#sLiH`({Pr3;t+GoQF%(;N3ABLg)~;Q^YogA=m~v|> z;+dBpnm^L8K6edtqP5+Lp3=fWUHdL@e$WwX9$y1dnFD>X9K!;;J*pQX;(2zX^95@p zBG{p0-wQv#_eDh60AZtC=(wz%1kQH?4DmqK*)&?;6t*#&?xyQ<_+5c--rqgn@LPZK znbTQLVO7}Nvd6V*2&|Jyenzth^!He^xE0Yac$1DsLRdXvHCZZjvy55(W2f@1=`JaD zzb+10O26#C*;%w@U@ZDL5C|l`aWmv8ky-HnU7cf%Y0>*#j!{nCR0u-VfC*e5U36is zj0QdS{4!YRhT(F*TGc^8Ai%!)w*TpB($kU<*nUW!cEf9PA}F^Hk1kT{TROR@nC}3) zWQy(we_%sSB_}_@G1MV%b3gj_1ssf0+aUFWwBRJD@|)Chfskrb`cseRU!sOgaFB0* zP}pmjxN_xNmyBxIRdrYaIwq8C?oacaObfd=QSkltp1jqz1D&f=tclt!S*L#|!`*oA z3Kfc!YE~Y8vz=%eFRfx#~zSz4k#uZV* z5}QUMPfK;GHAH4+pMTM9;Kb=W61Vbt+5o?2*LRT|+A{OF)f#(fW(M2F_U5D0M{gMM;*`L4pDQ^!8xnS(ajictl2lKy{6&-`AeNIUoea(K0I$<$e=7ohZ`e zB7Cz$M-gERw_A}bH3g}GUm+E6&pQ}i%O;C^Oquk}d%r2WA*CLNroI`l{oh>6Alh|H z&Z%eZN3;;Hj&;N*B2co*E)}D8%j$Fw&NdY-&#B$yrmw$9+aVrB6tfgt3PUmZYC9xz zLo1V&D5e|5I%?Z#`GhC&UpV&(ts5d4VthU={BO3YBi^Gg`jvI+?%iGDt>|U4CEF)> zhU7RtZcoG-c!LyQrmnCJDN!bX?~@)B>lMqOQJ^&kSx@HYmPmWCScn+Wwc7#6ccSxE8-k!T9c9@kvj61-^Jm*lIz1 zE)SCX<*kuva5L-2rCI0Ng{+V8(`_gq0i~!V7Vg3clPBcU#-9DN8_CTSif>J{1M6vv zPAqICTJwY=z&4Etmh8sgzn;sp&aGv$s<+Umcjw=zr_I-J^;mWrBOYwHY|NYdG$wsN zO8Q*M^Z9TUR}QDNVJyjPr_^!%T^~TC^|E<=IF@&lljm`x<3B!m@&@U;X0g~hg8%bN zj~kD%oO7}5^~p)X_5cZ4gIvbpPTlYMQPPb@d^l7fv)y?Dl<|gU&R$jRWsgU%Dv!W7 zUpu9bjCR*Z^D&8^?zv3TikQXQU8U@bK4D?;e7k_u4$iHx<#*X{`ci;rw}s6@sFIVY zG3UZlVix*U9LMO9J94mq21SZ_|2itP2r|P>-@^$Fv>BP%*RmoWxcMsnq5KU(&4=iS z4!mc?m>vJZpj#qBvQUCOCz@q=6pV#is8mWiu?8bSFD^a!n7RcS&Is93tHpNJy8rYs z>=_Y<)e7Pxord=dOk(Dpb8#rOXb-Tr38y}cG&PF}-X@u)E=3$)9=Wyr?{E^}JAI;t zBa(rU_%I-XVIrdQ1}-u3^!2W>MiaOuS}R zA=t)e@!uS?=P17W%rGX)Mo$^3twjR`oSp$rf&&H?+Zz2^FB`cvLVJ5rZ(}bQzSr=t9+u}Gbbk&$!esU+wN)>BocNY1Y+5)%d3fm3*OJ~Sfn zEN^*%_L7euJZvQWn#?6hZ|NFPkJpHY zhtrTJb@vfHGqkL9!*27URuo51?T&#zQaRJ$$%76jJytGIjXrwJxOS#}L!Y6`-968X zS{qjyA$F!f^(s%>5+KN#C{$VJtF8_%XG#(hnk?2PQa1la&$JPF7uk9_L{oh@_F(&X zLq|wlQ@!w5__D^)qtd+G)b;M)M3m^&;W;Z{m|)AL*VT9cVoDMR?{8Msu}US6*_~x3 z&RwU#qcv^Nayv&JWStAe^`sYt*#PqiyUR!`_f^q&wswP4xugO07iq8^eF=8N)cwvI z_agp+l!lb>RJG`JW_B!&iYrzxqf${qzyOej#Y3q?vRPLm&1ZKk9b@k=!-Tbp>{ROH z@QUS*T9eY=$tSt|u>Qu6n6luzTK3JBrlY(n!%1e!Wu%K_6XU1vgEzfmTHonLbyS4b z`wKk2C--w;%zjlwh)m@qFh@nM9RM+huSZjaSb0 zTW((@Rhz|D(3aT2Pg#F^z2cFmR;BmSR@nt|_u9uk5xITq|1tK~VQqD59%xJHSEvC& zi%Wpwr4+Xo0u(P=915jKfDqg%Efj*gTXA>yQrtbbyIXL=-JLr#=gc{C?|k`}gl9i{ zuf5j${_L$AyOcqyymOzb9XKu##P=(Qf}sM{>}T*o>%G5q)J9rhkbMLa#yKa7;>nDm z-2Ph5f*q?~cYagi93c*mnh6yf8sB`maU6V!G|1Md{^G2f^Fbub^T^q5dzwx`aPO4w zVo`jhn~^Gn$8z<(ZX+{x71mF`W?6chq6l2=bca1~1-oVgpZP>yRNEAg{3}6-=!(i$ z526ns%CxCm4U}lmq4BD4XmpX@{F9}lI_lwF;aqOQ=ta!weAMbA-6j!AkJGAEC}2Or z1I0(GCIm#9L`_RUvJ~Aol=Kp7yp<(0v!6V<_Oi#WW6Arsr&(2mzp8;*r_ z_A1R=uJ%EQE8-q6?OK_rH(AcM>ltV@wFR?{l@Jks{Uk@dMEhZhquEi#PEE#Sl9_`V zBUW|i4juWTIe??-6oYq*@sIj|`SPsVmLx#Vp0=oQvui8tmXdUR@9)WP;D!yaO+Tor zQ(T{J6Rx#aRb9oFcE1SbZT7miVZPoMS2|-=p9!^EZ1GZ(Mn0z9d#xLzg9L<)Dslt| zpML+4u+%ltN!TI{yBIj1t+h3Z(RCQUlkovKh?w-cBCpfd`y6Bh4J0kxGD!{Z-!pH`6Wc1tksBYnC zOULaIddXmtu+~@QIJ~w>k2umO4Cg{=QM{HTU~?I}Uzmwf zJp(F+4>~WEfU$LsUes}jV4oL_rFs}8T3{v0U_M|*;p*b{H-M@t4Ght*_nzi+E0b4NnZ+F|WeGIPN@-%(_gARpN~&SEuBF-Ka+g}% zgy!VC13j>6AQcyQdkn@L1I;B7Hn*GQaAaZcCbXG%*c@XT5WHNSR0!@K9T4Wt>nat{ z`?d%8#VCINc>e4!IPyD=JjT=vtN{-Qq6t5fOf0&QBDa;Zd8!zL<=7ANOh_y) zUU1Y8B;#UG;M>lbbVll~>`PGv#ev?10IKAgeGX5=-1!_YHtfNID~E@38{V+`xBb!L zrg(1wNTUpBYaSqzA`dEw^#gl38eS>z-JV`t9(8v59yH(+C&MMF$??VFy%&9ZNj_a? z&A>vE)}FT03#ekCuze|rRI=p*l2*?eHhWmob0@?*hOdX3(S+5r*5b^brDs$Z0G;v) z=H1btfng9`_a5AYN_I^HbjzG7-0a+=h3ULBc+iVG%Tc*ggN!QdbFjhAc$bU&>xFn6N5unwu%}(Z=+VQuK$oysE0V z5EJ6DY`*xsoR{;_y{TgPajre2|H0Wb%a!y?`n{oMPaXK2y;AYJ?<90#`3D1noopas zX-CmBjhmY;I+cshVvH$2OS-DjD^$ZOMP0HU=Yl?Q`|+)O=X;}!Xs1pJPCZ%+mcpO) z3pBnN$G2ybbPfwv^%V{r-;TOLFiqIS6GWLWrH9kaNtl#j-{x>>CFc4A96oCI@^y9^ zM_2nDBGA?H&Q$I?{sJn*@ay@o`GVd6yphk64rf-tyq59#V6Jyb9HsP zYoGTigDj*4Wejv_Bs+W6W>pO5S2!AQM+qKZ1fC3r3>0d$YacX`xr0yVnTT!JP&i>O zu829*8l{Iu(R>l;KAaN2>qX3A9I*~=A@`TrzQJDZ+c=${d#Bf?{HZZAP7HR|6FlM6 zR>~c%@lAd~m8);|*lFNt6B1VGl^&k-JiYX2T3YrP-2UoON5-$Qy-zS2Fu%UKPAh8c zr1BKX+RDU$=wg0?IH0GujWK5@2Zc`LgsykXIi-;V$mhFw4qU{X*MQENbWr$Q$E_fA z(ffzw+b_>P9Y2lYO1$FVs71~@9yH4S9nQ?62$Lu8UZ9^^U0{YHQ&9SvHTmg{ckH1v zWC{ZhPpKkMOlZ_JGrr$&ZTSV~Y1EF<^r9!kXFDj}Ey*%%Y}yB5?2P@HkK*9!BxMvP zw!Tbl#Rxxrib$^DR#lkKvXPnyv*w4c_eF+;+=64#>dx_%7I8gKSu`FwiTx62u7Umm zy)_COTv^`0$Zi=hPpEy?3-b@_Sm=lLGfIX;qeuj_QM7qy^B&hP={R9cSEoNPC-)pC zX)4c4Cr%0(@KBDt^BS89$&5=CQEdj8MsoWwcgxpkQJ{5FfvKTu@+KARU*_$cV@ z-ocuLf_q~&Nia**Y-v?O89CjYehIXA*JK^|)uJk&v#ybDUO%n%-nwJNX8^}kI&^{% zA%0$`MnMoUF=Z7ZB@&vNq{QD?K`Mkiv8Vo+TU#I`9&t95O2NeUtAc6MsMLB(zfNP~ z_i2HU8W(<8jYqkV-!DGL+WD#Vgq`}F3k8q1&mfdCqw~cA^-<7;tVrelIuK~jU!^>0Jfc%*tgW}e(L*z(%RcYB-^eQxseSgz z$3>4?>DhgIN1woX{iQI`Fxg`sA79Cf!i?9h-KDbA>YtK7ZYK;440c=cYYu47HhM=% zcG35TEow_HzZfu@t-5nwMi@{m;(>gn<4PoBzl;O`4m;Ker*nLM1fDGXc?50>nW_9d z11N{AJ1&tih7tRIEdruN-W+IBl2{)iZFlQ*xYz=fjWq*7agnN`UrhTo$XlZ-i<>*7 z1Ry&^5ybbc3&d1b{sK@@!)j2BXm9(?yf&;o^?V^@K(`M3uBLPvmWO^5c@pXIMkN6Z zPx!AafD~m7)A2hm684x6b3bi2HaUoh^*o&4AmOw5{q%t*P?FK2(I5C-Mfl!2-ui7* zwYD3Qx{U=b&PHqo$A`Sy`_RM&!JYPptrFG9-Um}I{S~p;?QV3G5oK59Mp(aU5O{vw z5qpYpx1at->;AzI%b;h@G}pXx`>5M*3BG5~+dd)e%G7q)YC3aO=X5BV(m{7%#x_-H zZa!ImxhH=q+ZKuk@8ZX4Z(#avbUOD)A}Ba1%0yZ~uhcLzM>SWOH3nC@Zl`L-5L&q9 zx@?x+j@II>4ugyh+ngpd!B62nk|MVaC(9m)IxKxc0s-gsz!&f}K#3z-XzSYb)3<~D z@tls7)%1Ok&_SqnjCaZPlfolGaezm9oFZ3uJ|H+6UsDZ~RXTL%@D&%-a(j$^aJ$Wr zx-y^H1P8;?NA~{uSXj1H+)=oxJ7~@EegF5BD@~FJug}KikhbY46`6%H)($xIym`Z5o=l zt(;E>9#52YTwZrGrhvnU!iYN$0F4bP%5Gkxx;6>oSj5(* z(?hfS1uA`##B$H1vnkYw>}M@(q3I}0&n5OJG^Gry|8HR#^Z_lB_+RnTquKh2Vb$|> zABBz&#o@>WSO}R_1HZ#ul~qN7Am^3d(YH3a#PUqAn_4iK<%1C8S_Wd-n!TY?Bb$ljER?e%|3)Ig86bj*B8Dc-Xo2jp&xQ0`*9JiE zG@qchq$m-dbM_zeHpWu!gcJmJ3QVa@=&h#m!34!oe8>+N$LYXmOKR_BEDv;PXIgrz z?47RI38*l{HAklkt10B=APlIy<9mR~?Gx6zT8lUI88!?ZG&SK^GeU>oag_bcF~`P1 zi#89A!tZ|M7x~kJoNy*cTf8H`BrPSZO&4;QY>Ei(lkm!ZwaPvk2xB=d0xBrS1rNdT zTWFA1=vYQfwQ31)}O=n)8^-F&$ybR6-Dj?^o2SGR+(R8ifo(7 z+NyAP0<4#sXTl}<+$e@GsPxT~0cVhUGk((xhTI^HAE-Al_^ z$dPAF7H01da#b$S6yao6H6uuua*w~tK(}jQ=Z+K5I;MH|w%bU4$<2aP{&)=QbE%?R z%j=U*A{ZfAvJHnU%)VwLm?r^n&FwhGF#BZ8FUo)bKD@lD4pO%y?z^r|$VMpg;*+Jt zFVa@5_9ui6q+thJyz_p+kEaB6?RBlUbB`juS2;l{2{J>*{mXLq*2x~69&psNTGd=_ z7mq2rkNJf17NtIWojTwc$`W~N&Bks&W1dfd;X2ZW(C5DyV<~P+zPE9)Z#Ub|#9I^zb`{klZ&><4W|+2r0vnahYoP8D&OGS#yy5!Y zcv=HrSqAd!<N`|4 z-%^Ika`i_Y3V=WkNU&;PKtt|`G58KjW-PSq5R6K1%Td6fmT2ls9Y)6;%qAB;Vs{@nEIJY?8pXt zykJ4L$;IYjb?Bk2yDWiLoO^&8)z2ieh}T$li~l0BbC*nIM!mD-?t z{NlD@g0Z9VGPIQg8GSGC;>TeCK@18Sn;5^En`{5cjJGnkDJ!(u=Gpn?6xUw%?KlWc z^2mAd7vE$S&S?(=`ERU#P^g$~8QR5=n2MS+pz3~&FK9NQ5O8dy`3a(}28M9IKkL3q?pC_&? z{r1g{dFFK3iR!#unx!RIc{DQ?huwWs1c299=~l;l|2Gf>5F2v;L2MWT_!_*zVx0Z2 zr%uARsQq$Xw?nk+uugDCmV5$ztG+oR6Rf}OXaM( zXT2AFsB7gGuxe|*;nm@O(#$84Vs{R0;`{L-zD+yolP5FXPYYcyC&{^*uf(*WdC78# zMt5R}mPmS@k6r1m9NZ446_1)N)J0ydv%8%8?io@NMR zT0-W)BKbjbo9XP+Uqs!FMKAHp@LDw)kdZ)39L*>+7ky7H}uBN{#L}djR5_%@wZxc z8!QXReLgUGbXaT+?X(%2mUl7SNF)G=gl18V!|Wk!_hE@Js5g8cnVW&ztHvyyXneb{ z8Y90Jko*^>%C;_JSa{pP?13C>@0m%bKTE{p?Fa8_Ow-)di95@#aR)3_$2Q8TutqSH`eL>b!?Pvk$t+?`#Ra+pA(P#pM8cvUki(b2YVP_R07zB zGf26iOs6Nyt1tT@9d@aQ;tF#%L7A;R{q+uUXI36Xqn9=VBRk*=BCJAL!q)=&%xymjrOzs2|6hr1z z{_lSbNL&zKiCk}&Mt&eP?-rD|aCkkC7Js7#{SVqjl);Ni^&Xn@(Q?)QOYzH3x5Mn0DfZ-Kx1&fqx~s6xR41Vku8=PfZ7g6<(#JDlGA zG!?#ChXFwb`dhfyHY!##JAxhPS-0A?#=mm`AAlEB^*+h{Jh`~nrFL84;CocAvmEIb zQ#Pd*Q)OT~wMahgm&)`%Nsgep4M$fjr3Sxla`YM{f09J6^%7RSK4Lj1$!5NmpGgTK zjT+DcK39@D={o8>d#AqG7S#8P*!1LHYM))-=3Cz?;UMbD7N8Ra(j1~g3J!%|W;BUq zcYOR=!x-!5r#d;esg+>+r4^%8f9Iv6_is5@sq{}38)MEc8BFm+OU$CH>(eajp973w zSq@OTfvSnvb#RSkVwB#S)_UW$sTT$V?`GSXyQ3d|h^RV-b^i@1{g0>^It_F608JSxWl;Li!Vh}Kd{N{W zi3f7H{R8f2f-$XE$6+xskAX=8kwsKJZrYd2+nFA1`g&heMfChM%05e9>HoSEF&QAg z4HDm6AAQ0M2OeYl_2;>aVYXPuh58&?>1Pt!c)6mR2UmnZp49*X{ z_Q1FS28sh!=Gj|v+pAAl*6i=6cxPT*&z`iQ``L_FCTFkq(DDC9+FOwPxz)ug33A?< z&eDlmVURaG`q=f3;MU)W0|sU z0)~+3IAob|q&kHWeW-D6d}1Uw{j^%HI-4Y+_xG&6$F=Nuqc)5OnlC(I^O$_uy=%{< za0`Kwh4krjZA$aS;3OVPEt{F+1m7=!rAmR8`5XIM*Y^jGUgWEM7Tw}Wel1w_d|z`9 zP6kC4o%6TbG4$TQrA`)fv{D_dtOC@AIqAeWxGvqjR7h=LScxGJ>RY;z?3!f+WIYd>I{cD@_yw!=e(&haK|NXnFgVrIz&~T~$EC1~m(7yqD#wvl@KS+8eyL1N|}eN#puDQx;SU z5;OYx6s!I63(*HN!6x=$ArR4~Tsa3;UQczYeaC1HM}3FqPS{*C>-35PQo~0Z(JVzp z%V%rRpIpU{3D{Il&#$(-&TK9J7kbyC7L#YY;Gp+j@1>ZwnS86XnX*oat`<#dZ{#l; zO&;v#)t9tIn2<9 z5#5h<1M*2if++;E+_+2z0v+d_87Vegwt?9lyFkt;lN*=S9LFjTEEj5hKIf=t$U1Ni z)W(cTjvGmi3eOGNOs{x=lShmuwg(S}m-%PP0GNR8J+e@nw=y7r@)HS7%nkuwoI}^| zJ3OmJUch6qw)P!PEiyQCCv|&;QkfG9Ok;IR{KxU0nt|7~kLN56vz5mRf_QvV5U(Ji z?X({3k@Z^u^H~8f3HepOF#kE~uo##RU2Q@<&$MUwDq zvqhfjw2n6QTY8$jw*g{u;;Gv84oPSNm+I6HOKmFn=E@O(+7ha#=f?1J*B0AQn0_9; zeRC3VZ&nWH?X=_Ohs{un!ozA!G2G9Vi(DKv)CwXeeX*>JYr56*q$v85(uHN1q2mH>-`CgM}$b$!i>SdI%D6O@;4|AtdAQ$l` zqA;RQ#GJ7XfH}2%mFR7W#G=G(5;s&`fTp7T03VQ!NBt6(i#6$4fn>3Jn->{%ys_IH zdh;c*EztL9+2PlVMD#&b;OMT>Kl;&@zwj5){;tgXl{_2QG-b!7WeoZuDKl;|LOx1oQ%?{WsVbcYYHTgblB=x^L= zby)C<9f?ug_VaJFsf37-J^+{5?+nv9>>@d$-=}J`XTu(18)gv3H+(VkIpdv3m?YM> zR|Cz~Ra?Y8x9_;kw@F_7lEHHa8=%Lzu%4#PJ2ohY(<5);{1tG|Tc*P-;H&>mw6BTK zF16^lt=B#eO)T}j=jcL&Uf04?oR$&b9ME)J9rk%&Jt+cOc_nc_y3B64S6RTJS`{mXMw~{b zFDW6*sv`|cdSC9-%V^mPu^amS4_$L3ps!?11f&R^1KA6inMkIW)soAa+}IY-Q{R_Z6t26_U;AEiS_Om*d{)6oUf_S#bN^Q zymP2{nw$f947=5n#BE{MGr3D9aazwaUvUz6Oyzgy&{p(r{Dv1@u&(#y?hL?@-p`&W zmK4mwwcZ%|Z@Vmkr~+ZrN+G{@)Y?sk_61P}axX>%e10&{%ufs-U9WcCgrKi>D^zT5 zMQrYFk7Nrsw8im}P^%_>A{jR*7|)^%lNHN!4f8YjZ7#y(fn7X8KWu)+Dn zaKZgt{?={Dhj^r}t>Ea#*G3>$3zDsngu(b)!MIg=<&^=e`}LXpzR|?(@qsN4{3yW7MiwZ7Yt7Es&=F z+J7W){Ha;Kd-<{ggWSXU)Fd#}gCKwXvOvX;o4H;be%cbe-bBKXFSWBQ`r`TNdZJ}P zHUg^Z!F`vHH)hKn5BLrjzdwlEH>;(T{yy(1>H-u4iOv(6oD$HCqT#0FhcvLuFUqcU zvtiG`PpRrQl8-XTqaPhKxsDBAO(%`+v zZ|SwkVs;`QQ8zpcxsV~*tkYs7{p65YB-o}V#%9ZAT%?zCMCKKRJK|Sda6MCI+zZB{ zLx;!IU9QwIa(v_1qb6-Gh637R2U+M-I)Q@>Vlu2>9XvGYnonX;z9HkiPa-oZTeU}F z+e;ejSRJK(oE^dU6v+I#G+%D99k9AW{<}nBIGn@&oJLAtE7}X79MiE;8CYUFy^FW{ zpdn!gvwg4H>iKW$S~`q3@Vh}&Xh)8#?f&J|xj1;e1xlE?>8p_tBLeHHyb}-Xwg2~` z@#f+`NKk8a`67wL*axC+q6jnB-BMrg;_0nVy()u3DQ$Z4nWOKK^j-ySPhY&|OLo~t zY-U(DPGt}r1)$_PL{nvlFZN&&vL_=a0|ESxFK6@=x_^Pj@_Okt)o5&` z@0zanb7+1R{%l=G?<1Rov5h)AWaLN4w$5Kqn2%)W24ys$CtqU$OSbh-W>z>E5t3~w zRkNO$k$tAdxpUiPv2I!Gb~QpV+|=JS`tU0ZFqD8a@Zi|Lh2YC=1cq_eLwr#9qZQUK zWTk|h)xetFqQPC}LQyl&^&A`ceHb|na@ZJ5Nx8ZQpJp86+B@w0P12@wb@A&F6__)& z%G7AK1};6;ZV5!#7H3&cV2%3?R{Z`=)0$Zx!h;)%7yn`b2W4R1TVpQt_`fz(ukiP& zZkLa@9tyVNM=`6_8SICN@^*PlsGVoU2Z|{0BF#{65*3))!D7nH>- z5-NfScsjQkgZ<_tr~HT}G-^x|hmNNMBCNI^A|HMaNeEcjnAkOn6whdCmP_a%T+Ox5 zFD32T`DK@{AQciCYtvwkZ?ElXF2Xr_zo#bhTjA+AYu+bjN4y^EweNXA2Qst(+M(~< z-+iA`#3%OnRgK9fRQRsM@|b-`A9wQ5q}txWaGjm8+BqTmJ#+#q5XsPWzCC3|1dj$| z?9J%u2lnebxkvxZI%-qjhiFHSETW-RdZcSjey%hO!gMH`#UEK&@}y7^WvO$Oc0rL^ zBp9wASFc-vwhL_Nk(xh<$Hg*3l+~`;&fH}2@O4nJ5!-WT-#&Dg5zF8+&aDxc`Y3r` zI=l0_dinhEoae`hMn|K@l8fOPn3OwPzL?B;dPU(LY{zvXWcDairfDs`MnoCBhvY?B zS|@+Ii8KkMI|Z3WAA_%s(`<$3J~sE-u-2U`aOg0Lf70gPEwgE_Vq@5jP1BE(HAWIx z>l9##Q`9?#Y}J|QQ~#{3E7B*4$jN^Bd-k>`)i}z3FoJpL(OMkYt7e0N)+fb*UU$#_ zw?ixBZEi!*%X^9+`M$KhV#ooUcPb?F!(@;GV3d%{+m>{%8|fX3T2@b&<8J8-mo3pd zY5dQW8U>+;?cgXL=J(dUNkd#q?MvFyVx$oo^F!>}CAEZ6At-MqS&wYCgtun~VEnf) zEQftbr#R0{W>$N9%H(^3*VcQFtyyOV29xd#7+m>&H=VXfEv$;a>A>p~C#HnZl9-@O zoXc-^c3=~FR%CJYajzS`zH6+dSz)~=j{NWXCKZhLlKGzPfoh#y+=bh88{f%pfMGtR z@Mz+<>x?qc>(R!TEbRP`YaE)t$-fz$-<%vA{c?p#l&=>?dbY>dVsA&h?UHp|70;06 zDBDgBxy0JbzLs*Q1HYzPN^pK^$Yhwrd_AGk+DPl(z0TWb5}hw}?w#@YAqRI^iW{H$ zM{~h`*T)cHi0-=l>3w1r1>Gw-iiS{)qSU9&-M@Py`;u}3VsPQ-%2b}`g>9RSPDY1|ljb{xD_MZB$>Tg>0dlZc6+rLu6OX+l)eY`$LggI0Fw8qW&=Etb zIVj~IDwk4zQmM06?rL|1V|&J_KvDqmoTh^Zo^;lx_4jN)SauR9I^i;G^Q&23PcW)( zJP(ekkn8R#z+4RoID{e)HWzCsM zYY!CU2N6DKzP8eF21w}rhs14y)ARYTh0T#lXxhyzE&4o!@yp-Ig5C?{(HRDhx=bMD2lpf}}nu zV_Oe;YoqY7T|{p$IZJ;B-!3ar{|VzUzLs+3Fmab-Vc4%cylZ}49sBQ zTaVT6crqwT>|EF*qoI9CFV@e3d%E6Jig4<-d80y*WE$7j!UNjFC579Tu|8uTG|ThM z+kc=bkfEL=Q2IX1EOxK}<`KTmnU~^%7a(Pd!2R4C>~F2AQZ(e_f6>~wKwIe*s_{{5 zR~g|UE{f)>%e&n+cWffh2(15cOs7mcqCR@?ywN4I3eN;jggB35OnQFUUsXklgLNXR zHwrC324XC?Z^)l58WV5E^Mp061aC5wp8J@j1nm^pF{cE?zDf|+pr;|Ab9k<@@Nv^o zifv9@@X30=Y-etOt@wh8e?NqcW=wt`$?RYE02oxT@2KLHh;v5gSB5#X8^?tjIf^yS z^5Y94RPwK-rWK@pnZ|`Gp3wL!pUSdbbVX_*R*^Qf?BIz+5UscUhKT#|Lzl`<8}UW} zz(PC>%Z`;F;n|3UT$kK_P;xSuQINyU;1|W(;rp?%-99+jR!|zt)7vY%VVQGPHmK+U zLe9HD{gv&KqWNiQHeW-#i=GTfb4y^w7tmWUI-od<_!t{7`KUVrBE%CxaWEr+qG^6n0kat5lrC#L3cT9%y1$8O)i3Ns| zT+kwEM^f*3M?-S%6TH~F1Qd2>0yF-3??3uU4|0sl<Ig|H*)cdN7;01u>DO_HD^y5~tz?bEWle3=Wf(D(N0C|~a^}cQI_wn%_O4kFPO4iU<2n|i~ z<>`w%6$BU9rTh`6!TcfUNpw=9S1 z3BHK8%p$$x1CO-Ca&j@Jlec#gdPdbZ!o6bycT;Lp1_jU;ra329i_PdL@`2)p3&S3y zXNYh(NecYC@U7=TlH(s2jL@x`p@`sDj_nalml9sL!RATuC0 zV)$*^o2|Y357L67-%Y#T-Hrxe^7&{>zh8IJD1hQ1Ve4J<8!Zov@}fVbQTc6=ZD%Pw zyZon4@IQeeg8;h2@7OIbm?#b1kdPPiHxnuWD21D5Xwm=-<8A@dd$ky&Wq4S$P7`&6MI>X%4eJ$!J0#K92zb9#r6B1)zXujQ2JUU$o z>9jnb#Rn2>ni+p3tmuMC=P&9PB<29YlOeyWwv1ETo=no9$eD(YeK-A48s_^eF72Y} zKWg&%VS!qyoojL*h!x}gM$G^sc>h{Vr(%dOPw?G%aas_0enSDDF2<&QZ1i?_ zqkE_Oxr9EVp_1O3D_Rk}kA`qyBzkUT!aIN*r}&tj2Nv_ z^qvIXRrNpC(|>|xfWzbP`;(SCmfy<^*LP4|c9Z|vGy_N7>JtM1-$q=XY_!`Wb;(!= z&=+O09086C?u_$pJB6`=Fposf`C92N!Q0&@D;Gw=fwyNfqIs%C@n=y?5u%noV&rrf zRjN))Kd!X1>WEkpt?96{`{}_TkxPKaM=ZPt&uUr?VS|oEQUtiCyJ+0{I6UJZoucn| z+nxpVzQHGP&Mo%G+6{YlrRT}Pih@S~Dc2RbI@iUa` zP2dY4VjwRYNW|!92H(@qIJ!ID5DmH9K5_ENv10ae7v+z-D=e8B6g`paNm;K4nZUP~ zNvv4)DAp+TsiO;OZVs}O{eQ1+8%yYSba8i*IAeeE#P0PwD;!&x23gkjkBjj$^`JqvecTn~vvlY2@EF$}UI4Q&}=qXj5CI=){O(Uvj+z4L=XF z^3h2LG#s`SVZA4!Afh-O`Ctj`{IWEI#YUhMCE5uWxnM+f#A_-@2CXD zZQ*fc4G zT1yeGyVD-x(BemiJ(S>&^bQRsu;350iE=-|gYQC%C;u&>GyYfh1Ys zO#GvC0!~jE()$@a;h4IJ7Szr-f=He;%Mvnqh1!9PM(?G|ZN2Wcml=?;(G1tf=i#^G zB7C(M#rM*Lksm9>ZLOU+yK#`I;gEK%nD$dB%0z#-u3Fo&Ts|=LJ>PZ!M_M6-AJW+; zk@$FxPY2#WD-f>rzN;YT0Q)h^O<5~R1lC=^TMa2O%j94coV2X~o2YQK&F^QN($JPN z8+MwI9chA$Mk|mRHrEZ653HyN1<#Es>Ebi*HFK?*xQF&_l{{A?flgG?M;;Z~#E%?s zg6zn8qWo*Lv#7~!ZPvFPJKiTqUwFUXIpc{|i4qBn+TqiFLJ}4)V0|@#XIoP|G`Ya4 zLHy!fOlcTt&zkJZ-M$w|&Aj^GH{8aQJSqQRT^viOx*4m0FvI%u`;WjxaR!07vQ+aU zSM6FFFO!MsI=WYh8Q&Ng?4GP27_v5Dx6qbcTN$8-M5u1YUS##p6R+6}S z)IV<|ut%fD7h>q62gChz_4epGeq-ogb>Y#yOx9Q_$$GBVVbT-9bMx<_?GMXX7G*T4 zva@lAU;jl1=y4C@(vW0dA5zr=a_p6cu&CwPMXH%@n1d|f=&V<@J<}y-2{$69Wbe2T z{&7Eah6Fv7p+&#LOIrOh3LXV?T@drj&dB;v&?pg^Sbp@ex1we=VNh01ZjKz|I5SCO z#CX|h{p$-86l(cS?~G0i1mcq|U`p6lqimCGd)ubgic9wrv>qqY1kjjAPkh7~4)QRD zo&8&%QaO%D!~0Y2$j9lwJy)vj-gc!bR$%4H06S3Mm3Sg@l2VKghW7r&}Vr&9KV5QsfD?FXlTb1B3yy$n)sl^7ylU z^`sgDvMmxC=j-l5*Mim)+K#0=NCO>x40BpCq+V{a7qeX{#Vx$`S$XuH^W(jSpxMkB zX+H^NW8tMz&=)+KF!Xcb?Hs-js5>S0c_4z2fsyrRh-i#p+)CimYI;bp(R1N9h?dnC z!WJ6Sik{Zt;SBkDiN7l8(ZQp2O@ekiMCZL`y|LXfJARp%E8?eMIO}-kUMV2J6j^i< z*#N*}5s>-y*-lJiCtntve$u9E0PTI-tIlm`N-DyK*K!9bM zd6g%4-B*=&=bf$Y+F8gE4f=SbW$N)G`80~{&wYdDxB6m2NLA10qqTImsykA=Il6*G zvecfcsBjKc@#0NkIQ3w_gRwBU&;S1LL+|RWyUFXN{zXMq;)CBJt(j{$6-%>J3?w_l zdo3M-$sAk+SG67>bbME4z>_M8fN0uMcJ_vgvdu=zgV;A_-_Q(FgUOBHMK*fZQJi9nW_ms#h>&nwsW_iTofGlzx>39~M^ChFC0)v%uxuDC_yJmAFRe0AMu zy41S)a_RJ{mpxz(On#=8v#@|hpO@Yo_oi31wJ?Dg|1d75X@>)m;@(!N_O=Hq7lsWv za{D5b!U9&cM;#Xk?T%)*I~5j1HUoArq6DzSU(_ET;PF;g(rLJ$z9cIXc(t z{ZD#T)kK6kG@BU#Q`<~ee?#`RRkr4 zANAD+ZpsozS;x5T)rMhWisfI9^{x-7DCke`staSFkUG z4g-w%t36r9A6>k?SDL6g22XVOXHxS&TiH|y?!`My1IjOlXD%)gNio53x#3M`7&acU zTnuMI1l6D@p%;=`Wll=*MWpoFcN!Y|D(}g% zKJCZr9Qi0+S?CSzVG_KL6CUinXeI2D@v5B)@B~Ti*K_PQ?i6jNySzW$5V`F@Oe-&C zc1qtg-iCMvu7fI5+z)?&U)?Q_sigaKc&(h;^LyUW{tA1eM7t`bb>J9CUZ1hf>^Yd^ zC@GE|b8RZ*UFva-LPiWtN_;z5Mc}J6&A{rIh`N)e#fw&JfxLoW@Qb0JrOI+y-4b#F z=WX~ak+uWaJ$Q!BC49m!m#*&LqLg#iL)yMynMemRxc@AD7P;eG*R%n(s?ngyhi|Ye zcWtwNCM;T!dAPi(20{|QziG#oYyM&GzB;$s+QBd1Gr{X|3=ro{ZO6g7^;x#4RdJkl zLwL(C`9@npF;e2AUsB{@m>#Xt`u6*^xz7hiJDr_5)#aqAa7YPMz;eLBE?2j@TfXwg zOT@D`omo2-0Lp~bZRgqT3M5@;g60H!?fbaJNH)=0ALE+T)q~I5P>P_=^Kjc(?&zgg z@ECD?}U$P*QzXU(PK66U_C#;(WM+iyV9M>^C@g za9l)ZIU@?x&pS;nIKGMVul>a)ek8905x+f0PKH<4) z^?72r-ls{XYSK?S{)Q74NlEIKg3Wx}Jz=%{vn@K51RtB-;$(ua&p9>pTJk3P)kMGj z)5MS)-vG>}nF>%*_z#yBX{zk4B^52=qQ&^>3YYEqe^Q!s(6k8K*dqce3E3U1FlF=- zSM~f(0fffNnyyf5ty@!z9+6`foOTT-&-)J6o41~^gcnT=QDk1{4}i37Ra^@n^t#kj z;k*d1ueYu@Db_o}L3Gq`!-LlcJU3Z_bujzCJIoZ8$W?jCau>@dfU$s8NTwuvTdOLz znerH-dpwS;Asb;t#h`465mHvPf!6rg2~@d3toCX(8&NiKHpP58&^w|S(yrQ>x2S;_ zQ<<7gR{LX{A9>iT|L9sX?vQTR4J`*%9~BoaEjk=&dV4zC~a(g)4$DoC2N90;iFJE zpzgu2x5By@w#iPb3?R6;KM9?H4* zJu{b)TNg;qv-LAg>E)}Yfc;CY0z4{Ju#EzOHDpVDB_IU>do!S7w%f{3ifV>?lGmt z`^ohWF4qatFhJ$2Gbpv5*Pn!$&0RXigK)6D4%=g?6W!5w5UMOJW7e4rVa4e*{Vq}# z(p=z9sW(3M;IG*+A;_XUO7RreckDf^44*Pk+AS}jX)Tbe8l85d{183)5|hufhTq9a zxv(Xyq{-iz|J%vhKbs8>S3q6OyzGQ?;8i%R52mN3ThDWcCgZT&8o7M;73ilUs=9q$ z`Q~~@b)(*SgV{cAZd^`(Nt&pudt?FjwRA@OU@8mqR&DFuxA6qwG1YTORV3uUYJLVj zUGi9KSKEK~WandJ1;VLsx&+*2xQ^>r9?5v1)Bhw^bcm<9{1^xar#b;UjVkWTPo*%H zhQYsZ1dmWnbgvnY6oH<_>Ej}>rMPTykL_ciyoeuxYW5$f?1vwr^JL%d(u74Aoqiwc zn|m`s;Go$VleOM_x#8Ejjm9NWn%%8zQT-#Ebi~bImJ&Rn-O}^1&qJm ztYG4FXm&~M{bEFE23n7^hmlpsB{s7Ke3BI$U(@??vo#A%d?9`%<2?B*?ufoBk1859 z4ve{--q0ClK%9u(*$h5NdvgN0ik2Ad+0M8jrM1ZQ_+R+XaOqUlc}cr_<Z7ddG&X(rD_hjf5dPR+cqdh6A0^_7g`(P&Y##tRUuA<2O|Iqc70c~wt zw?Lt2k>Kvq;toZNl;TjdxD+R7f#8Lr#ocM4NOAW-a4lAx;O@a)Ue5XMx%XUoKl5v6 z@3q!kbB;OY7-C8*w5Xl~8U|)&D!y}Hl7ATvF=Y6uWs4GO!M-9@#oSM->MMbDtmCul z-aJ`HxFlLhMPK)IXAKDT&8lW?&`N9$bbZ03O6OWC_ToCX30Q$Do_U@Ad0&}i*a!R*G*6%k3lfl?|-4Lz71DQX=B;Q zFtp43!p1)Ng+*rVV4hah`KJF{%Qv_uwo8nKo7J-H*>4Gv&%CeyCHc*Qj@-D-F@l)s zEpY*HSuu*Z^ORZ81|Z;3NF-?xRB^P(-6|+I%k|AbxiVuZc0@|FLqcz%g)9HDxaveZCg)-Kg z_f=vBrU^q_a)ZLE=TS0-!9G9r?=bwgt*)yxqltA;=iU`@2)N9f8b6l%U>nLE zRBUpV$DnA9Ic`07NATy>pyvMz3;PE(E`a@y8w=hpA5|ABPhvfj4t;ny^6xurSSE@Q zJC$7UoM{D6r*wa?%GPFUAU5(6J9@fmbzX)Xg~L5?h`uH%P1@}o?mBxZwnQ`ShBYZN zu+ZC{N+O&jq4Nd4Tss7bG2BSvNba#LOqF}-H%C$x(?mv3bwiStaJS3$a>G#(!}4qS zb7@L-h+CDTQd<;oJU}fOg0py5az#h=UTW=MzU0pvYjjeNEZAU7P3c|W_eM1gd&Wxo zExmh^!l3{)cD>e2nv|ouK4xU*_MwrLa!={jEHcwQ~;d`FcqM>{Ndtk-DdnWqaP!zmykzQ>Ku5U`1_7q-M} z+|fFQJcQ75ik;6i{bYo9Y)%!L1)Nxqoq|z$3{dUQlz)DbG3(4f%Q&T2H^rJE*v{-0 zxRc))x=e`S0jo(;)z_HYC$OXdtsv|O%zXc1jOBxxcz4jVNa2i_HguNRkd{@SpTCQ_%X#6Z=$M5=ADqQI& z40a3n1+`hUJo1cKm!>o)-1E*qt+SqHYt_VbeeeF5I;1>C_A5_idG$UYDPtGaAeB`Y zVM$5#d&_@RQzl5uaqYb?5X*WMlcW;gTeG5fgqh{^(QOVT#qblJqLdx!U-Wx)ygGL! z4gNqb?xUL?2A_YSbrbVu>C|85Jy)}cXW9y?PR~Q7NVp)6%Z$_H>83j)LGQ+Qg%PUP45y1LpRK@@l%s&MNYVsf;ZZ zL0Q8022B;jX>(iJD$lsOn7_0DyyIj{f)0M|LhUkuznje(edI%_+!8x&8X}3aJ((Wb zHgESe9ugScXX0vZf4un;cx?QFfyT;r2R?(Xi5t3$&&=cpy*MP-=m|U?KXkJX4zdh= zrYHoNL7l-lTCOthV_Fr%xAVjcbgO$8)+$tcv#5SRyl;wcH$D}6JSvD|g8RvN@a%g$ zpXv;qiWimbaD2wI87HrB$;06(w;nI|A;#-7giv#z3G64#$vCkUg`~eX>=c9$w}|h7 zk%_}vpz)d*WWC&*Cp$WD-iVjsC9{FvInyQ%%Eq`I@#g3_nl+D@5RvNRyK(~ zW~&qQt!vu(sYBdZ?+1oz0wjlCT901`>lGzinhO#MILUJhs1D%NA;m_x7itFa$B6Yz zeOPj};rrgE{7lZ6|7shy!8QBfJNHJH@u?$ZYe~V_ZLvH~x6X?nySG{%jY)2ofo!{l zdPts)T+Hhem>c9Yc`tD}@=U2@?Y0Y5*9+EqWu%3h|1*qk7Sndpnvcvp-0;VZz8N2P zFBR*odX?E5wZvSy)~i>oDHgkxE%*MggOS@NGXh{!%eOK_Va zykr2-mHw)5@-4b?g(w{7JuGjr9}^rTW(zn6C#cpJorY1C5iaR^mo2GG(PV2qg+YAp zt{Sr8X>kSQI(P9rR6`^+FcuNGB{^xK$vOF%kanAOmFW63G7?swi` zLUD`yOgpmFi%mkNh1mzVlj9!-HSU(Mr8hoI_U9sS(`Dd{k=?fe-iCCr7@kLo z?bMB(?=3Q|M^X0y{-ot7??`2z5vZd;IsM}gH%@=>E>i|;KudFw5poZAvA;s0%H_!S zH`8kPG`K$Mv}LfiO``prJDc+T%zT5s<>I53FR1!`BUxQRqhy{x9v_Zc%9a&5QT&vY zoFP$e%V7(n5+^}ow^tDT61WT62T@-nnok)Ik6jGpfoz=|o%`(p&&uHJ{v0vng-*T1 z%6D}4@ImMUG-au(+3#>a#W%H-1;NNxS#HTmGf2;F*8)*6?Z4jgjBfPP$JD;wTMj~z zBYCTvo!3_VcC-@iooZ@|k_!{P=*iJ5by^E&whZ=sd;b7u5lUrDy1F8%w4)0lGOr+K zN;=TDw-ELUt|KkQfE*+4Tmw;IX5gp&O&}y_CQ6U%I-y|yZRLHF$HiF4Ai(c+>d~1K zSFf5kzCS+faJ&16AZi)3^ns$L%JjYuY4O3=FMP)3r~SmYorX5ub2U#hzpQ^g>NCF6 zpU(|=Mj!hFL;bwWqOz6Q5ON+BY%iaNnigcb63&P%Uc)5BGlX~4l!iPbuQ&WyCsPg| zI-GN?0P~==Gk(H~(dn!(-DK57yGfn3q+X4o25rDiXck<7fiACUAE&kTq5NYp2`FLa zXw&-)E3M41#b|)#UF(fyYJU?P0y;cYm8kP(XiQF!)M+x4CC}w46>y}-ffG2z_`_OK zcD)3wT~^C0L8bDYd=7r7uS>=qe(<~4Ot~zOSuc4!XD%toH2=Zy zC|cOD@Jj%zA!4$DH*s#mFs5?CBS;wu+g)j;A4@_I5bMxL(8& zJRYK$XvfYunglp$OeT0y-gId?h#8S}ma#kwPo!)hEw{FIIrrT!=RFFM*F^|^ladRY z$q4oJ0KR>Tt%Rzt{(LI+ZWn3%DVjtbJHzc+N>b~X!eaCe3VL)P`q854(1^S?KPbIm z6nK&kC@`&7VQZGZ?$O>^^5h`7$3^!DHGbTdL~D-=#yaB;DHmoPWF+;r@AVXc1Md2hF1u%x z>xeQ2>*GluwZ0a+C=HfZ<~0_|L(D%;+8@i|LW{UGu8Xj@g`9~nGD2$ZMn}jU;{3M= z@YmV}bY)0JW3=%$@&vg`tX%BEVeN!)y9OvXdfyG4J4U#%3X+3AKi;^}7zvXUxwX8D>*@ua;}r;EGF5NH}^8qC+YSdLD8ie}92d~V}8 z!LuSu5xu&MJ0G8fUtBBm@p3gu>6-5{hD7+cC9AQ+rczGSf)R-nmCk^$bp}w1&HNcb zu4gcqvx=s?7`rbzS&(x^9(y?(@L5$IZCejudon5WsaJzo8mqf;l&_9j$I?}7_g1-a zPi9?^PGE*ox*vtsAb2*0L^Xquk&EcJFrf9D>FVV^u1Rj36_R<-?9OJit|DZ$OW-X; zdUlhPp6rY^l+O*%pF6t8@$!romCH9$Tt@c~=e&?7jj-Wb%AOsy@u&X_oqv8fniRYh z--s)=rSP!Ic<#%7;-xMZQVfV8bFA#=Cwvh;D$5RQikOd-=P&-(IXOUspOeUyq)hNQ zTn5&j@oP#Y+d;;i1QliH7;Q{t-!0>8hajmZ27t%qSGaHDnU_Fv^Wiuw%w zY}H}R1RPzHcy>F)5%1q&MBKO7l~=t7^xn2zXyYoC^wYzI`R01iiokC=9ljN2S4%AV zwJct5OQ0gAy4y`vP>)1~^&&KaML8fzg_}H{*Y$C7Oh(}KO`y+}#G@$+22t&%ZGubK zFbVDVIjKbQip&n3LH(-(OpZ!Vj8^YEu`6Az%?Gg%(QW|3%P+VQ*NP+_4dFX+B~|6*a!wn`GTG+#i4pZdqJW@;ntH?9Ps%!uZ5 zk^05I#jIE;diT|jK(Co-Xj4}Bvi}iNJ1C%v(HxVScjKsS#RK*q0Z#IWCe|E@>zM-b zA`0d-wCl->2eha1O+d?2v1R@jDX;zSJoM>zH$XghOac~?(*n3E#JHd9I3qy!Y&M=T zqEx0R61V5OoTwqa%eai|_x>kiX;d8S zJKTb}1A$k>+^adPuawRH|Hb62G^%y>#+4=OMQ=C{sqRTEHK5?@`=&KK{#!HsLMrbT#| z9RAytq_Pr<4CVVK`$hd-Y5I2*p1(qa)jC(k*gf`^OGw+?YJNq`7-yx^*bMrd<}hNE8b*?2}x_Ggi} zKs+1ty343rg3USAk)>6@)xfr*NEjrnwJb3v9o%l-7yZKQcvtVEr12t?^EVtf>o2kx zijz2=A)pr(V^1-;7#Eb%DzGO*PvyTwQ3@(#km_1ji)OD!Gm#9DW*FsC8(v`2>w?d8 z_tuou@gzexJZ(j1%R|(^0>?<4!#tWmi^3-aYi1M1b{!^-Mze<&Z|D}dkNOT*XjVqo zRzTQ(g#VqaK0OZ*{lkirBn{R#M>5HqrY0S@K3xX2FF`f|`+oDQSH(588cB6v&Kz4@ z^4w;>yY9LwTd&Ic5=O{m!q*g#0;{%A1TM^S(@p~8!P+*C$)}IeY5c5c4RWl^d(Y7= zN$6g!F?Jq`qPNeza27hMsBjuh2ckisEPSV-T_GQwJv9p~Rf?SsTS}9PXJEsO|1$p{Zaz`(z@QZp1Ycws#|9lbvyk?PHS2j)!iB# zK@4qeShU0^kn*akhxu>dwY>HGx~wI%KQt;K!KbC*_DX?d;pOPoJ%&CptSDZ}u;TrQ z4pu;1eZwoAgWtavx(>FRJqCCQ5J{!c`iKU3N$LC8=ovYAWeedM!BjAz6PVC5X&ULbxjrg?U7B0NLQHZ#3_7-zZ!!Ce%;8pW#e0 zNy~Z0IRdI%-UkZWPO``t%z`v(H;CsI~dr96y<-^~OeORZBD&Pp7B2{Hvb&>yHO~$&$pzXx9g3i5g8z zOfcAURQW&dJC_)?L`U6kv3j4!`43K16?ZRfO021u8+?FEF$6N{xFdHYH<2=-zy7of zKwb+6D5TYz&?sH+M51SkzUdzkqm@xJWr z4xRr&^<||AQ0DQD??nQ^>*&w|bU+tuQS|>(@@lWUuqZBE8?RZ0mVAtJ;3K zTYFr~gF})oC(X0e!cH$pAakQIp(b4H>u=APa6LOyfNeh>3YV*>EX)mW>FGF|{4wo# zV&xUV!RV-zL)`*T6P{}~h6vFN_t1aF^nP|^KQ@HI-PYF6`G*F1J{&D&YWWlAr%4V) zA_96-7&m2~dog#xedxF_9k8RLE@XsBiNx_@UoiGvGB1%1GXjG&6t^RcTgu>_9z4aRZY_NL?Ou}-0n5v@3h3q4Z8VCC z0W3Q<*o^18>*BHNeY&$irh`6d-lin3&Z$MK@?}S1w#S9|i~OU+`M*;3k003nNS=J8 z#}7Z9s9`CHj9(N*KclNg=*p&AF!8h{d?$_aDQNL1RA~Gq5Rmi6x;aRtd!%~+DQF5M zjjB{h+r*oE$MVqJsf4E%549=$a9n)V#eWcOB2w*F9hZEZuAsN~hwWeXZ2LkGEkWJ- z{SIDNm4ZSipyvi1pJTEhcgcew%K^*_NIWj1k)&7G`JJL*j{O824ow_t4go#39zgZe z4z`b%pS+RI#l$lmS1gc z$o4CT??^Fu&vp{ZeNQOG+B|p*R$HT8Xn)nzuX6_(M%PG85*~Nz9eXIHaMVji$Q82G zDK-rzb#gc}b zYQ%%AK7;k4eaUZ7A>@8r4Gzz-M$|i-NEX=`Wr!HtkXnNjHzsVxx1HYJB9E$!;Vp_lP8x93KNfXD!{M zWRz?7)N%MTn@irXrQ)ewrQ(A_J?!&^$-+Y(j5?HzkHK;g*Ju@)kSjZyHnh;JB8t)f9=0e9>gX8YAH$9UqCM^&!_Tl<`&V7 zJ+|)P5uzv`gTQUiRsn1M}lBIm%gqpoA0`<_`88Gk)|>13Cq z0-fHr$XLHDcE*5NgDdcg)2fhjVo9%X8N&!T!oG*~$_TvTfGq_U%P~;pqMk&Df&^9Q zVC?=k5f7Jxtbd5X*98Ooj5YL9IYY4PCZZ*l=Ba%@32|<-tR>v2+a~q`F5PJ4g_?Byw$rt|Ep9b&#=aKp`VH7K!z5w*->G2f`Gj6%=Kdrx z))^=z3$AM{r4^(Zp>ddFp>xT?W9H8KBe!O=9Ys*0YT z961W-pkXy+Rw5yMMi#125#TsyQN&5cy6#Fv+ZyfnXV_2c|4|6Qk&Xj&AIP~-s6$c! z{&cy$o@26!vgR8PP3%>tT;nbmo zt-XZ%*rS){tqW!4iXc?!o(r#1x^H%?3oey__=sbAZ|wAMg}RU=(#L>-jOF(pz#6v% z>iSQz%;j^dWZvf0@dz=uYjRPANAnJpF-O+?#X2c3jzld z4_dllmh5`7=S3R+pGr$}!6uswv(puNQ?`@E7C5Y0zlyBB0rBDKSYI-SULqmj^}!f5 zI8I05IwB`!{c#!yozFwZKTw=1Q!9$+*9l@eI8zlzmpa7o+y@kR4(7>MDO{K9S7dKa zkOVc)m1TAh{%&rIoepvS8tI`yRF)jC)}*xhO=4$xS%BpQZoT`af_|N)^6ZwXVR&1l z8`mDK_O_*TnCvn8j~=8*l<-t71Iz%t;PBjFw8+#^5S~$^b1ThM>2X|+I(U*NtjpoQQaMEC*cP;nMg*)jtnpV}E$+rW%V82> zIVW=1KHEXDJ~SyO8WbiM8hzLsK1Nq#OtB~aJ7aCA5U;<50SZ3kJh8Ra3}#1hR)bBU zU?7KCOM_#rI||WUa_4DYnVI&_kNVIyyBN4cW^ZrVkfSt&3ZDZa`Cfd8Ic9L~)V=li zw_;aeB=Q*lSHJTu){3A}xXigp663~5vK5nQW`iQb;n}3dWe3y|+KMCgaag~u`XxTI zUZ{D@3)mxCp{m5KH7?A3hYc;?Vq;joI2CY8(wpA@<8mOy82hl?uyy{n^*Z;$|G~|U z6=zJ&p>>Lk&w-+QZq?Yw^lHI9L+ozeZd%C=msEn9e=vK@)3dPq87Yp1%#!}5v(M>n zq5hksG+|)6p5xVEs<4lRX=5d3lAs^jo7&(gZGn z)1g6}LzDw51o!-qJ0=U?W5dp0k_x_fdn}6pm;Z1${yTJG?m1{;=9L z=YKlD3{|>-W>V?*S?w+VkL7hb23%_)uY9?3e;E8*dH*Lq+3$wTlcfqz#PS9(h5R2y z>p`=|rSszrALi&C>w!aUbtjHS7KHnJRfsYCb!3DI_V<&az=8MZRZ*BP)5p9@IAf-t zypKC*#zx|~=9}zvO4xDqWLA<-+r_k3lTze;q(LQg<8{qaob(8Sw!gbow9vNb(RbN$ z8sbI8_gPENYXG0|Zb@Qkk0@Q&!rirFsI+B_vS%gWB4cFle6pBTS2$klWYEW8Astit zKa{w^mKK>5g-RLmj++I5_R%upQoIR{g35GejHf5XhYq$C0iynn&G#-XtI;9{(RXk@ z6T0Jj(00U#ghY^^xFV2pu_!?+PUlq0^8_$|!{W(7|Mv1|Zh~yjXqpCLKfO`VWwKn` z`tbCWPyC{^CQ$d+#nRPr*Rz6e+M* z5BIZLq#zd<#-QUjIpI0unE0QOJVF4?Ed)MZxqCuHK zRds&Z!|!5`TZtj#yvTeuQj1Nyx`sm_Rc&8+woP40a#fs0e3@3wkApN3JLs1urzMIEojI?ffVBo$&`@ZkEY`wat zyZjNiPd{!6yZU)T$Ct9=?iTOI8&xPn6}D*-j@hxhuVW(Db;b}!&0By!B$gRCG+%e9 zo@7WzoBHsK;g!T=KfOByd9i|lh>rLhXz-=`s!d@qPmr|(?a9rVs>BPrBg@TaMkRJa z+ntzEzbYGyJ+k*9HpjB zsT>0x0|uKQqCKHF)Ko$f3g^gg7i878ntbyY;7nMxf+ZQxbY{hs?JJWD{!?`L{qvto zktumZzk=j+~#sfF@F|~Yb6h&djU84bNb(S)libvfqGF_^hmR`S;(Pyvu z#LDiu`KhLtvb0|6jsNL|UdttHdA8Dds0^6EQ`{)`bUJ@IJm8)P=C5eFvAnxWP}M^T zUR-348LB>AkfD(UQ{K*51+cCrq5Byq(>eK3N>e=YoXzH)tScAdP_=x>@nqbp8eWN1 z8>-uzM9)2m{B_^q!MbraKKOLk+$q^$x4bl>y|cwk=y3DSP&Iu|CXTZp*@k0OEwUbM z&fpz1D8;D3CSmw@ooNJb7y7!al5eNB>SUcS^D4LUnuA|(Yp>bk?59KNZkgvQDG1>` zd?J)^5bNvDs2kVqkcUyx%hddL1Tiy7&{qFv1P=kIbg);!IDK$!e9EJs@#x57j9!6v zwSBB0xUxjOESqQjam?lpC&=}T+|i_am4!zm8BXwVULYpBkofm+`)8jn)())^A=8ek zZu#fmkbQWF>o-KsOZm_S-mT|v%~QT#Luo1461+@lp{^ApAJ*oeFu!u`+{$S z6t$NOr0$4_=QT#fMGzbo%MEc|i4~M&Q#H~}_w$_wbiKpt(W-+?Rgz-AszvsHRSPX0 zytG9R>aPH9W<~tbeiblU+q2Lyw6J>liPy~G8Ty!c+YM7Dsyd!Dmdri>`Dzwi%y``GS`NAICet*YWQ5!!vEV8vcd__^JDW&*#U*eAbu4qg zIjvW?;DnESE5G?sb4nVjo)Z!K0m+xr6Z9=-+cozV(+HeU_Y;BhbjM9hD|?x-`vTs& z#?J19D;4_neo4iFo)g!v3nedCiD&nKo-Wm}t)&$IKQZf=l@a;(-lk7FSARl`#ddD` zO#ErS-Gx{J^KykacE@DxYhf{V!)MEpZw>>*1BDPQ)xex@tp&6zYvz58_gvb1UqU!% zHZ1-IN&T5n%t|1E3+cm#lW@Jwt`bUB7H_BXCr)hbOD_DkrCT#HF5;Zv1244nx#I8{<<-uU?~D1|y(RF(Q8`@@K4u0-@Tj9#Y43|% z8b`9ZyQUR)DDwoEi^LATF0~#ex4;CX_+m(fe`ouzp=ac{;4FF=_oMu}-kd;uR+<#F zIe@VkDdx1DRezgqSDK4#EczA_2Uk~|(JRucb9#t$Q<1n@Sb1}QG+X69LH&rkhnL;_ zSvM&zHgX$gHK^QTIZU=cTa>_WKhIZ7i1F3tTq@u26l;ATaxu4Fd*5q+y28;Ii|peC z8UJq*we>e2(5TDYT}#G^@$5`R9GAecf=%h!=-Dk31o0Ut2thu*b}6E5qAloy^uuR* zg?{6*+1ruAFCm(A5>(3@*ZGD)%cp3tQ=$SaOtb=}G{8JYQwGXnUujd__KokqYUBTl zp|Kh08%1!+YkBjX1r|dZ!p|HnSWubSSegXH1>dICW4^wr-ZklYhHVm_IE=_f(%-L_XF_^fJJ`psxL!4YJ9Ukem(wUYH0O zpdUXT}g!`v{A`h9X3o+`aT(_WWSIll#t0(B+&{f>vWwA-^7wbMH;t4yqiUC{(S}F*>wTjuDl^l+>_aUmLHtTU1hHPItcLfHsRwF^w!) z^AhEyCcQ6*irL!rsYrij&#mkW`vlIY5__8y6FT@MxhlZuUMkHDa2UTi9v&4>6R9RQ zV$#b($cW{bSlJ@qM=G5-c4zW+>4pTAGUpx~1XGTCr)zMB&N&91HU|u6Qs~q=tSz<-9IUBZRK-sGx*FI-; zg!qW3c3ecFXtV~BTt{64HX~8H+YVh%E5W2~H&S+o5HSd;2+e&bPckRnR+YGvvwh5& zW`&VhX6X9g59ePHZ|oh~#yCT_U&}KdCkv;vO+>I)850S{2isG7JD2dz*iEg}k}^BC zRwZ7MD$8mu_Uov_r5|rf?gIyUdQ9pwpSNQvI5wT=g?AOv-V@?eD3Of$6+dqeCYjwM zS!yDY;@lp7^o~CLxL6)*EgL~tLrjp%u6!8FYL_z7#eCQOEP=5!kXddjAD%>g5x*Zh zg6wnH%{9BFN}8@Ql=eC@dw`yg-puc_cWmq&h_3f7+PVQcr&IQ3!KV&&+81B-o;onB z@^HtZ$O&qIEhLb4j3aa?s`1$ftU!bIE09mL6Q(hsXG^=(!^eteEv(*%yw>~ z$ZDs=YWXx+U|4k|H2{hObNA{q_xG7u2a{~hS}t_nG4?)8Z~$Feoiohs<=(`eO)$Ns zY?TRloylqR}5N`xjna6)&=l|R;tY{kt)}pHMhw_U*_(;H^A-3-)9uaPho8&dI5QcUX0+iN^8^Utt~H zhHE$5SOFdD#6)zU(dP`|keAa{zz>SbP;*wnf)DYvS{wXJC#QRhSXBh;i}s;Qb9%M5 zghWLSlWXEjuyr$Sq97h7lhv2B@tz(L@F5$!p>JbGYXXP#d6t5EG)He0!Bm$h9a$^s5j(|FWKfvS`f~Pr)}efYRVfoPNuo-I06&)HIx^y2z2l-K^VOaOls}E< zeu(psF1(bLvA`G3;Uz)yh=&VPmRl+;SnzDa=^kAlyV?<-b#^PgCD#YmF`0N7`#7gs z-`t*!mNkkp;G^hto@vKl-xckZX}>G`z-viTGOJ$?v@^C|jsw8RSbsr79ouZ|_&d}U z1f`8ihBnymcUxc~=r~S29T!0rZPobR=amJ6bNtdXmp6sq^z7=UP8!!cFJj2WMU}|1 z+%M;HMj9R4&}n}bQR`S!bNM;0e5Y;a%{QKq!*gb}RYzQEJFr5s$`tLxv)>)sI4J(! z_Rd(h#!^`u?x<`${~ZfxKh2;&S8X9JvGlz%fMVT)l08wkLS9xBW#QkDJwGLrgw9v^ zox+aU;6X_98})F89j2s8uto8Qz2qA&oC%?~n0hDSz=_iD?1s#$daVtNoAiF_fi}jq z$8F33NwIJ*JK{>}E@_X9UJA5)3h2JKzm#`a{hhscNex`C^LOQ*YuN%ZrryPRXq}Dm z9f&yUDqU+uax`m7?P&4yOY^YqM}h`dPC|(5f8iyc@n?yVAb|*(&bN^RFM=t$g0%~J z&gy*&x6s|`u!j`YoBXAJa#NZELI}5X0|HU(^JPjA;h^s(Ll~o7XHJ`_MS}v1_t|F3 z;oIMP z+IY7Qg7bQwe#FcJf@Rh(*G%rmb&R;X7p*HUcFh|MT%*L`KDATHl|Cc#%pW|$r~JW> zUi%gMq{ky7(_3NmSgME(T`>sRO(4&e8>k{CS^u1@cx~LCG+L8k^QWqtJ^vqaG4&cM z!ac=WB}B-kqW&jnk8tj7X%d)Y*6-=z>QHd+OKqQ{cmxr9^-GNcU31UgblZ&r_#c6^JHFV{8+f>%q}VM$+rAvk<6I2MAMl1lLvMX=F8;HU z_#;C3he}5GZT@b)#NyOPuTo04R$&~PRa&N3H9@cS@vGDmbp_BKnFkhxxEwMK4V`SZ z`F?44OYRgg58|PZB=Zd74iY%sGdnP^JI4eV#-v<}Y}AY%OxsnwxbbX|_la0@WXTXd z`C?_^To?W`#LAMpF8KOxiQIA4C)^&G!B-V+yAQX%tt$ukZ!2E=Dw=(=F*K&-@BaF@ z-t1O`$pIcq<}k9~&i1KhS8rua)K7izWsoG+y7N!4_K6-`N%ILl3Z^g>Atd4$XHDC8 z5fMeBnKolgB*xCU;=PdV=1}W&xAJL2uv1!V%?w;uneAS~V|8Ao``(jy7o7&$>g7PMh zOJ?Z>pq1nGg=Wjq=@2lllQ|_G)uMuT1kEVcX0St1{1sMJ!~&Rv){T`#^Xvwo3(;@p z11(M$Yq3(?bx<3!mfUe8>z*PrV^o<#9;O}Qw_!7j5KZ;AOaY8%rZ*cr8JE;9B zr1}o0Z(0Uw8ooyp#_D>^Jj2no3Ete?Q-L$hR{}(>`*DNg?JV;d$Rvu_buBhOGZHMu zFy(ZrKe_(I|85+w8WlTYo@DH`1onLMotX0tRV*(cfLyyOyxoA0TIIEN#=wYGWJFG`pkdQ4*#N-{2MYG@WA{B7cpW(!vj_+ zC99y&o^B5Fy@^();QMXK84D+2H`Oxi032WYKO)^S1j8yh&oHWySAPx`vkBL{(k>%A z;*igdAu%JdD7ph$?pT2t@T0(n1Av}aiXU6BH8us<}fP* zDR4GT`>tRo-)57lj1ij=z6HAJa8+H24)ngs6_|L62w~&gD8gqBskY@(bn0~_SvQz; z76GG=N#Ne#eKCh95Io=kce~IUxt};6GTPFut0*s5(Icy3fVV{v5XA5&=l^EZ{M&2) z`9rdt3I6U*%|SoSWHDJM4@LJE@=IFXv^?+Z`^7HDmY>Ydl7BU1iPS?~aDMG0stIWCmz8(?twD{U_= z87j;?yxN|=-85{>eibOX7Qxwhc>|}qi=FM2xW}J1)2#poJtUtVL#UY!aVSNFg7SLJ zLCu|KM&4(`?x*3*^Jt!+_=#%;Lk;}kq->^&vG=bag0yc~z!qtR zai>7SIx&t>G(85VZY2#`JF&4()kPw+XVz=Cz)Ho%%6F1LQ+qk->!`kKh*ath#$Z~M zb*3&y^40&!P5zdV{k7Wy7TzEfE>Kj_yI%%{djRr3axYzFR8Kph@JbS6qfNbUTare)H`0%Jgf_qTz0s`CujgE88MpAqAVN z!yJC)h^tBfw~f7Qa7*#lLKL~Ecx@BK&TjYXji?5g6}$b8Px=ni_seTUsC~vbL=S6M zWHUKCc=<9XpD0d|ajic@NLfoNbp3BmH|zZ#yzJm{0QWOGt)bpS{C^af;m8F0R;s;s1l|)@ zK9F{fDgtOYo_;m;+5c*9{)uG>rT&R&xl4_0`nG7wurR%~o&0HvrXN&c*yxn=;?bw^ z!oTEO>-iey<<9z3eP=Mn{5*fj!R!e0JA|d=&7818I#Wjp%Ihkzv-5;$B_txGnLilI zA)*WsidZE%qb~u5=w+hXX0{0h%3UV~fX^AV)~4`QPNQdwyS9;0vPNH2O~}0QyQSvk zI7hb;3cDFN_Gi5?>t*aB->*y|#?a&r<`iVT+M9?G1+?Ks&nP51(9k+OG`rQCT-uiy zwbW~Alk6n{=92f8rU$;H?90aqp3V#^`h1mHaBGHXv1$k1mjh#jI?49Mi3Uo}GVth2 zbAlj5!1-B^vu)^t%|zgL-vfDO6xe9ddLQ{3Csq?xLstZXFDV{LjBy*D$G|eVnEMIE za%u33&CRH2$;e|772j)k;VFsxs4HB6=feHyPpA$l;Gn*Bz#<=ZyyZWvLLX=)0R=of^G&_-CpaKn*a#Gmw|PT^0L!MZGl8dFS3tm(M^rQP}wEBU(of zM*i+B&i)yzAszQR@*dT%ajnkTw=;^9xtRh>q~V$}P;YbGxr0Mp72}8oj}>H)N+dZ6 z@A1=@Fqz06-<+<1nhTvRE7AIh-G=V&CgULa4vY6i!AFb&A~tZ`j7=nRIFQP(Tc@jKgVJz}T? zbcEd$i8&pTigg-*uT^QoZO9q(%Hn3s-43B_>dBR(Zu?U;n*bvZ>*_$R=8e7lGHgnb zc~%&N8rgy=h~%CpCm<}D4)zPW8FvTgD4;rf*7$KwnKT*{z1LRwvd*4<{ekhMsTz69 z3~-!^kVbDxQlimN&OUiFXya0pCnZc@&YtiN`~iug4Oy8Hnb)~iceOBLSC=q+Kw5uNp-p4M-|dXoL^&fXvn668qvPzhHd6g zQFrFvllf)c@)UcG2tL=BoDklB=HV-S$d^nA+XFw&Nj)R<=0|$!UFW8c%d<7R?RV>` zXJWj`_-#vnN_L~a21Q;;ETOF584E|LgGLQ1P>RA~pHaPfY6nu`llhS`B>1v%Y0d-@ zx)HV=bePsRPRb6XM(dR#Y7wIAoyu+aS3QTVS&%r| zMZeAo%-mE+agczvl%Q`b{^}U8gQ#kkKs>WWCqB zUx>Y(-v(V(rn%HP;&B#v+{$RH(~H2`vq5}j)K=PC__TteBoThGCg@iA?M|7L_;bz* ze5B|fx5Ne$k_6G`6SJw@W}quuk*+JN_8Eh0fJ)t>h`FlcgRi@eeDYdhI2T`d!~5ou<5?A5x;3thVbI{|EiIcoNU31=o6Kn$~kM)I;x zJmK%O0l=Ug>RuX?7f<)n`^`a%7r%x3mgcX=o2J~^$je`y%}Xu*x-`#ft?R4nS+{T5 zG(tLm#$iuc}pa_1Lr;5_h%`5h|`KqZ22BF{G*Sxumfh;=?XEgL1^rz#o zrgO_&a-(Igi}=%>UAIxkoMapd`Gwt?XMr*wB4e(%z996ky_eC6w3Z`JY~H#OT>L1) z-|Kl#{e*_;Knmj;QP1Z(81(bo>viomKTzablGd@qbI5?_P3z4b4e|==JS$lqJo71y z{dCj0Uq>{RZ9c~nhTGJ=U#&!&X775Ix=q+K?`zS?o5KND2^>$s3)I>DfDint$+^kr zZZXb+`E!Pqj>z|m>*>O*>W=H4njqEsYilUVimxx7(b7Mes()oFPCEdT0(vW@FDgtg z(GD}yoBQ8Z$9R2vv=CE)?eWV#RNq^Il1=vCJ(qchiQ9H>^ubQi7i}vI(?za2= zyaoBDnH>U{hQcBF``ntk(^e}N?E5#;1oVr~w%0P}mW73%EGb2fy73Q38y3tQUy$G;n~3^W!A0-pHvR8^ zJls_H*X4ZkwS?rEXj+7Oswryk<-sTT z_0o7ON<)9sCB--JN62pfN;Ahya^DG~kFNZRfjA;;w&PWmsGZ34$R3JW%KMd&ThI&pSD#H+{=m8eF*=nTTPk zAA~|jcDIlpQ{dCC0Or8Ql$q7-zlD(YRRtO`x57i+tGaxc0WtU^arvTI1e0^a^3IQQ zzW+zrTZcutw(G-)s2~Q62&k0EfJljyv>=_*-6h>!f*=jj-O}AX14s`r(%l`y&;tzd zd)#}!?^=7WwfFkIKRAv#sONs}xb7>?>pblar6U>No3#^g7l_IhX%r<{Mh2=&VVXr@ zK{!FDl^P?)0~XiETeU3cTUWnvZ+JQYUl+`3fNEGeo$KUY6P;M=l}zOKQ{&h|w+ys0P2j4h@XhK-|SSB1U}Q_CK7d!T$0X zF~qoG3MB0ImxYCL=a~;Xa(4mLZLvh`8>iJs(QkI6D{iLN@oBa|3i@mOz6odzcwNhr zor%Z#%o}!p3knmZ=)R+i_YR|LnS%RrvYTIua`gw*3!!<>=DSRLSl2UH%QvYvr><8X zf64{DFUEOW{@sNpXE-XDy}UUmqSA6_L!);tq*y>&I519CrCRZJa zWVFhF?#vK4&0DzP({0%Wat3r|O@k7WHd^4v1EORu6fR?YHy1m~DwK$Ku3@#Ys7)B0 zm#DT3ieRS$`#fbn{8_h93!QV#<2}4QQq~mIh1FVG0&&}<5*N869wu`~&*N_oD(*@^ zzh<1Bl#FIIl^MZdM|tA zpqq}$sj+1N3cXtR`gr=;Mk-PBCliVK`N3sjQrx>UUuX9VyPD$mr+|jVWOfF>Po;$> zy~t-Q#(tx;4?FMO4Xg(g{2u6AZVaY=?U6WJQv*$@lxmvtu7!owCujM0#e59(e?`_r zq-i7Y`D-OCmOAJ)f3+OY5%X*C^8Cm$MbO+CG0j%((<*sYcT!xWG?I1O-??j~?pwP> z6|Yh=%}%22Za)kBK^k;4PiqfHc5!>GXeLWIq+LN3sO94MHE;+mZ>D;E=ck17{M(WH z*Qo_^=K`3|f{N|R1+4r2dJ}xY|BlhWJX+1VRxYhlzmVEnYd2e^d=SX5-h#WKj)-2U zDPUPw?|yE|-fZoTMzM7k8zfFx8rbp8)X+c?Q>ia2`S#CN#=WGK~ zOYnL+!Np`_%?+us4O*G<;HJx9y4|~^)>)(MsMkU)XvozzT@jtn!F&MOeHXLQQcJC| z`2(6%g3^f2FDeTz*<<-iFzVNrfYzV83LTuO!KF?DTga+2JHC8`_C9K6Y0>~8hSNL= z)$ts2OR@1?8c_eRl+V<(3PN{3k)0$7ie>=X0u|g&D&K&xLi%1Ev!){TgGS6pMXvjQ zjb-9ry>wtzmK59?Iouaxgsj%2(I zucppgUu=nQyRQMz$+>ukM=Nb}cO^*;BaC>!OULl}+jH{2Ebxa?N&sP4>Ne|D^`}D( zT=f*r_@BP1;6M()1K6jiP6^eV`)drIS7Jp&=ZuokmBLiCl2rtcV=qUuRFkUbML4`{4)R^j-qk_-CAsI7K{mt70#xn2^@TDR_oc5ibuPDW6$Px9<>F#M>`} z`(5z@@P`ieIu(-3;nuW2P`@%iK79GSg7DPkrGZ~2BLkBqmN|q|B*AK$`T<)O+ey9G z_AmAj443f0-r0cUzl1)mIIDb^PzmhK*?=MBH zt-`+@TAa@i5?ke}!)L+*00525t67T1Ke$>Be3P2|9MQ}^WTwPmA<8=RXy&;U?qlsx zyunHJAV2P7X)?`b-bld>qjl`Gvi%l~r^7_drGDWGrNulS;VNS5ia|lIo_Z0#O!(d( z{LWGV{78TG$sPlI&baS(NWP}vGWj7X0w|@?#>uvmi}dIUeJBoZ7bE&^Q?INSQn7ab zPP1BOP>A?`v1XYz-d+4)W}ZM(mhp$&sKa}Y<*9n8goM{Bh4ZxmCG6Lna`U}J00CfQ z`Nz(m1jd2+*tIV6%b6M<$l!qhW|D#6G^uy%5>$EDzLE4Jjbx>8LpM|Rp?KckNHZC}{N&;E*OLnn|xflU14 zjdhO9c9S=7R@Arm{hV(B2iBkTZ_3jEBgDg7D2ze2h-vH5|GpTjjF`jo^ibB}vE=(R zd$C^;I;4OCq%4n#w1!x5>S^K_@2UEZT_=rlu84b88G33Xdq8IQ)BL>WnG1J~y%O5y zy*`rt<9Z5@o*vXXSal;$IlUmp>}_fPezC9 zwb7r@kE|s>Bf#CUi^m{QfJ&UGh z9{dYD@Pg~gLrLYyMUnd)b06B*k)_c2HxfMBZz6PgRG2$jJCLs*5Ju&z3Q?L|5=2dg zyws%p2%3F1lxM)d!gOv=eRdhS2mE! z%@OmJiM$k$^)U(B@8=_YM6pdtmHvZISk)9ucd*-5$h2L>{>tSolcIMfA6aWk#0v4m zwY{MC>rL-}1=D|&QDhd&UwyAIyi}=YxSPvtF$QOY>&E(&{q=}Z&|nMMKFqY=8AqH> z+`BgNzfbu6buFy4X@$25-B@K|I}I%sKucO~yF;r)xcSOw(kzU3>iTPwnXC-GcUWL# z$hz4ijyGln=Sfo`a2|u-NJIsy;ZhO9Xw=RFoMIJC8=twn6o|_?WtJBsa_I*zR_skDn+kAqZg?;3K zXG|kD*^NCAO0;j=O-j_E*)j25RxO2iLY`>IIkLn3@b-#7j02PYWj4OGDR<>!vYW?y z6{R&DK7dQ;WB%t;FqtUE`uVR%n2eY#C*||aX=;E)p8sN6DVI7)gxWIj88E#A7&3d4&Hb!!@UIi4FOBc8@&@z!FnJQ}{6+OY2M8hcMFn5s%GRw!aj`0k!uic|M z=CZ@N`sQ8Mo&sz*ekJkyr#%bT#^lf&NNoIvvue8wD=+bvdUSc^j+ zzo~Ybjagi*_OeUN+~&WYbSjYM8v$eU(aK#QysnB%{gyF7PiVw9Nv}JJ+P=P5vJ3?p znZkkkfehb?;*Q7V!FY~F-F{n0L+YM?N~Z=DyWL(zpCym*%YbOsuH?+xbN~Y@In*LG z3>oV43E8k9sCc{%>Evb>WXy~?DDOlQ!PUE}0!sqxo4HrkLVm%}EC!m*-kgK&Mp#Nb zR_6fKjGR}DDkbsADc71*mkZK36hM^ogww(T8nN4HL7Vu_rsBs6EfH6iUeDEmURPcqfLvntWeHf4aNojc)%JY|7MpS-_i ztn9yWUHpgpYom*GI9jTeoUaXFS>HYjt&~r?bqrL|E3vc>2@oM{W}~VvJ8IR)YEbrF zt}7JmG_Y$;4X;@oLz)jdp>$UUlXbgB*YVH>YM!URp{UUzE^amhe@46g2Nd;dM!@Ud zGc4N@iz&O)U;N}%Wl%CQt0u{bC%X-K9*K%G78{cTy*uCqz zBw|kWSfP|gOOUKxhqX&~^{z;MXP-C~Bkg0EW~+@i-ZoAKi53R_&e~rvQqCDwWXUp* zSh_V&z=xC=GAdR}Lgu;UT`$05jPQPqS)rwZiJ;!+h$5<6wui$xz*Y{xVp=C@27@Tg zs+vCmKAHpC;}^x%yX@3h5Z8pHOTX3ZtIQ1VtuuP}tD8>i(%22(e2ohIP8-DTN3k3@ z1?DS|0d`Yhq02>AXH1L{xn~iev_LSCV8$EF)k6meYnW z^cq6^&V@l42fJa*tiB8g#pq4=+3f?uio~Orhx*vlG2I5lOT-lk=nw$)w{{t$R%@a5 zo_q!C@5vn$wJ>Z47kB z&Y#P}?!7a5dv{Vb|EI`0vfhptNS>o?CkJqL!!WL};TVJ;-ZmVjhe9Nwm)1#u^po_o z7vsNO_C;L^ygRynb%27W*#r4ct|}Xo{?LXFw-YXgKzoC(&+U;|tq};{DLX+(vy4+gQwg+Y2tA`% zsk2DZ+RT+ptFu54B*puMV)kCj8v4o9K0|+sU>=bPtGVlWEa#FE*pw3DHhbHsPApWY zbw1ZzB5t$yiqx#jUXMQL_46?F;%x<0-DYUO2KBlvIl2H=A6>~4Q6F)*yFzT)X;9t9 z$(eR0-Jtr-Qpku9yLM;ZYF`E=n!Km`p*=7 zhJyaVvDK8&;<+Pl@7gt3oN7?iv!$QJ8S4{wDv6XR!o+D@{fuby&`?zD$MBS-+2`3!;{p?x+k}%TKOPM|7+NbuYUv z^Lf$48Tt0`et8A{Q%>IQHqg|L*NWGU_iK1q{^?>;oo8Qd zdj$Or!(o@(qXka{c>@lD=Fz@J_nn*bR3s63c5Vgi6Z6+9;><$!l@jY5514puQ$SQU5Mp3+B$-v6`5#0Im$2Lm5s*Po#HA)`d2P6qqq2_P~*bq{$`x1sH#7EPgnDCJ+M zov`=hI+HY?*~3oeagB<7Q!=)hq^Y~eZF0I>d>EF@ic_=`q4d5OVhts=le=15PcD&e za;gcMUyEGe-glP2aKchhl*)Uus(JRNF6POsdY1+abp)P3KxST9?oR$i}0zWNYS zPiYTun2dq?S>l(e%xj?@4oITvN8()m zBk$~xi#>Y(2UHtGYicfEHr{rBzMU;S-By%vRW0mEy>Q0g_T!5n}y<8uLsQHas&8N0m0GcpQ6dLzOq--KVuT@w<}r(esH(X?E5AMT*~rfijh$jmu**>*^YLF<#2zxu*`N_GN2fj3`nMPAtY1rtRT;1qwEcLHIe7*VKtrNc zd4T#&@k}p`MwN1jMXnv4C%a7s=}1FWs>61Ho}KZeNjkuXz= z(0s@`@k>F*TQBTtK(zEedS7|t<|8k|+x*f`Uy9fB$c*;+th4+dlIS$M*y1@RRtv0J zX7E^9bdwksFN+cwgZZ_=)gR{>sVVRinT7PILzMfDQX8en8voRWO2P4D@rvF{3|FB_ zIdz{KY!nRvL%^m2T0ZM>kgwPuU1rUOQfre`VAe$(FI&a;2T&g)-*U^&-#!S{D*G&! z60$%%bFayAw7ny}vImhDj=t6jz?jY6hd@08FQ#@bjxHV3;_J5mDCGQCA^yGUZ!*iv zD}s9(wu?#3wxGCZbEf6J!BlQvo2M#Zb9HL6T1rrrG3*G{d3}Y58Ii3sEa53Do-NEv zcQ54yXwk-ZimNR0rcH;d3+CM5yyF6x)9-^I55d1%M(IlN;G&MZpFaZPPWx6$Q;#k@ z2N>!mMM0iO_kDpEuPcad)dx&N4^hxMQ8L$#I9SLT*!BL3ZLbC1^3f9jE$V%Bl>W2N z<lhKAD*8% z-7bapPd{-aWrXg<3xr~k@&M%eV&_v`6(J=aA!%ft?Mj#40ycxgA_;&cy1$mF`eP7{ zgj(~u9b+#&IEVUwBDtfBENiH@zbN_RoC*jT=#e6gZ1qTRx66?W(FB675&9TgS30+1 zSon=!ID3+-bIg&_3amQ?KFNTyJPKMqeCfsQb^hP;egEO|?z3RoDPj!nFV*x5fL$xI zs7NAg*q+U}ygux;(jZ`e$X)7=`ZeeZvX$jW@|c5V=lu`w@1c)JoM5ERlV=Ajh-Ry~ z-Qpv7ozkJprQN=+I|6V!Uj==pk@(&u)5lTUpk-zjag%~Sxf z$8JTpI-P5RN`ZVQL!!8R zuA1?oO{$>IMVFXH^Owieb;WVA&-2H+7S&kgdmy`ep6HT+bZ!ppW*t~`Wp4X|JO?M| z)c7`w+2mXE=`84_7dv&d;St|S zbBt)Q5xI6Vc5@))Sep9v0d_7KS$oXOIyOvOVb``-SoUPwpW>bRVrZXi=Y3wnYPXwf zbYvmY?O?h1GxEZY=+=CR%fd!WD2nd4iw&V^b-|L=4YmARf1Bs`F_#M0>R8}hUGgkS zXV84BGRhv{0|dlz&<|dc3M6b;#SYSgx&;xt3 z88Pn;52i~u$8}X&=JbFFN~a$xAGW-`d@(#j#YHc~cLCw~ z8JC^qPMEDA&lADtL(XA@wBIG`0g@Y$n;&6e_r0}cw6{i$qP{udx#1_^dlyvMEVWbM z**}mqK&JB_=z9DyNkC`$K3NSwv9X`Fh7@U7uRw=g3u1=8cni6@>1Og<@BC|0DuCiQ zEa}+?LONy5b9a*|HIsDnIoWN!7C7{ip1Ewz`O*4aJz_qEJgIYh>bq%Dqq@oL)EYtZ zV1$Az3t`M#be7;MyVZDq9}G82=@J&t_;9KrToHQ~%6DmlXN{Xb?-XPT(9x8?1NGx& zRakPf`WG?gl<0eSo16gS-3E-xDIVe9-!suN=pq zYZCwd+>0{WGOX42pK`T0Xz*};(QMJEc?!=Qn_S?gyI9b9%3TGfwE8i1!{R@|lL@?1 z%7+F1M%ayL}Nq%G#6VDuLP*;JArE&0R!09Vg5nLP-yA-<&yV_;jO6AO!#{=Ih z(P5S2CHBF%R2+)WHhk}WKE{5~%y7=vhU(Nk zIjg}wYY)^3DX!c3<2U|weY;@)ZUT1tX4XVLLBLC5-g88_WCm2hUYcy>eT7!b@?HN* zyGA`Z-L+?$-W#2(bsKvF;E2ufIgW$68+z$1#vX9qlM z8({{jUm|6CTIP5#LI!n$@Ta2-RIajCu^%+#=3|N+y^2BS^05=nse=vTY4ODEwyr_e zqa_*51?HM*(Go$>+m)-`#@4K8+7 z5Z(3@Z|kW_FhC5Q5574zc1?S=D}NU-V|?KpZ?7DJ1k;>Hm+wr!po(x5jD2-1e{bkn z#Nu#{WPsbj<&r3%&hfSG?UM|bM^CttD*v4D`4@ubUoEnKR9S5>189DqaU9zw#~t=$ zPWx|jC-Lqjz~?whpCZ5;JspjXxFc}J|I%VIUoOu1t*X8s4z_KIZ+feQ z)cq`i&rd$58;q_Icb(_2WUgR7x;bLO+T@no4Z8||W9wZEsaqh)E(0FI zdm@u`(4e1iO3b{wdgj)G=6Ll~4&o>G+f|gmR=0aS^Cj*=mWREKE9WO$;jXZ_OjU{? zt=vTz@18(q7NH-%@CD~_-RP)he3@WEFJt<9w%jNBf{IOucm4~|?vEJf-;>^&DNR93 z!$h8W|JKukLbaoHHFabhL-Nd>N#Do?(kkao>+e{tOYd^-OU8Y;Wl*gw`{C^(k@3%I@(!}8F zAq&(A|NrqYU2hyJgmtHmqBWds<_Pz`TiT)yMsLU;Q}92>_Sc_yeQPbF#z01%CC3OI zxgH0-dpk2_8IhBlJI#degZh!Dk=DFdosydIr>xN5Z07$lA0HM~@W0@DhY->kZ<%hL z-XKz4Q?!&4OQAoy`j4cH-$nZ|V?DUv$gPexE*r&v|P6I?lAYy77{hDs3UJ_^bnm$l6nJuJnAlYE1*0QO1M;IXs z)^PVM?X|a=A{Ez3KeBjjV9)=&FV#2|?+XSN1;#Dx4;Yw#_i^#+Nlz0-ZOWTBZ-NV~ zA?FZd7Twm?$>xSincmL_n|vIx@uC6(0-(M`EO(u+9)54!J;O7sfHrZ9!u-JdB`p=> zWNhzFf2s#>3>8Wzv(8@BnC~?6laFgUnUJs?r8sjGdN^Mc!?}=W2Y%GcaP4ewsUT=Qhp35m3h!-zeX6R7fQHKfFsjo;CIvYgysCi##+jr?%4~9Tq{_hL(pUZWsg?Yzvy83)64bZ;qTP~2u zs;#uE`Y}_RKP`_RuX7&lvQtv0Km0@7Ru_6Laj%6f&CN`+Si9v7;5fXNt7Bd7PkTzJ zA{x#Ed_$8M=z|S09!L@m`ca;(4Ir^zq;ffjPenoFuQo*w7Im&csZGuiXfIULrv0K1 zZCJIDWrcQlxMPe>#WdmeTqk}MVM0!nks2@ZWr}b>oJ8SM@$b1#Zgmz;bBQd*9YE12 zOCe8&JIC}%PP!A64CdMR7}s*5uDIs&3Gv>7=S9_yhMh*A(TS6`!ix}F9gd&H^`$d| z0Lf36$Mw-c5uhFpQQ!HAS|A6cdLp_CHGsZdHYxkl_k@0?US{TmGptZhYBHy1V?tTD z)v|JpktBORe~Y`OJqmW^0!f=88Cdb5NejGjTu(g63m^-Q3%+~GMQXXdQxMi&s<&8^ zkiFw_x$B|7V$M1HPNX#YVw4S@9n>W=F&cmjn^-=o;Y@^XESkVQ&#qR;Z(Kmx>l2!$ zJzBGj<~!_Dws+gooi{wj2SMX2M(I_xQyUgi>CV0L_T2|=njVZO4=y!(h^E}a$8QgU z9+7f&0DjWRN+83K+Cl(O;e6BRxD&Ux1E@VLf8ZsLJHkC7eKT|gzi`r7H+V#5u+kMK zPHbYZ|LA``rvG(#%Wv>|%&}~M-bbw%Nu(2c4+-Ud#I>1`pZ_{S!}^&9 zO&iVi#uo8gn@^$SH<}N4>ouB>+i`8LIUx8%+8(x-*BsEGt&!Z$Zznqj5WmA$?pfOI>li$oMNxwvpTL6Dp}(jxt&>v!m097_!C|Ki!-`jnVZufP1C$K?%~j4D!6_skq0qI1N~C zlZ!AXG3MB$YCmlNmui}hHNIGtzLCVSpILks(&FKIwl@4xa4O4btJxK)`%8YfE_qyY z!Yx^H(+M%hT~oH>7T|=)sv74pI$TwxL32#PBPjJ)aCV(T&hFq6c4Rhk#AO0=Dk)c? z7Hm^iA;?czjxh)145~j5QT7f25k-#u#nR6~hvo3&Q&&m(^txF`TXH_+!E~K9Ibmg7 z1&}~9Y%bks({HKS^8o;WqE&SkQ|~Gq)7QNZx07HrqZZ7+g*ul`uePD>P^oT9os0(h6=T7Q0fD0!5SNzPRN7(Ta?`M((O zKg>ESJ*Ml^R*{MPNEGGVo8H=wcEw6riIf)LUCnO~U!=*?X^e8JPqv!{T+enHodn0) z2L71efWLqBO^hn-qLZmhLcH5ste$r)N79X){@iU(n5Z))ktI81RfkEu@}Bn%nt<(M zYD6Za?kR(7S;v8dc$E>Ia))zSlQQnJ@2_d4R(sKkrbsIdy-1+(o|ENY{0B4!7NkRq1+*qaV_c_cZ9Tb z)$wM+8@(y-Um2gv*z4w83?3-8$fno`_D54dwwo5hUV;)P!bo4>g6Rj^ucYJ*j~}Y& zkhXw@NQZXvr&8NxD1UWg4!OA&&1+4IQC=^vCo8Zbeb0|pt{1M^=RFWL`NK6Z@5_}@ zq~V!{H0a40hTPZVp($O7 zd`1$QC2UQq)LfKkUvG3B)mIbR!m~#M1_xQfL&B)lV5B#HBWgFXo<9Tq*0$ZReldAL zN^V*qhRFFhCs66U(>tfqMM|MQlLYl|B!S_4G#77Nq zurmDmq|7#X@;uG`5o6p0VG-dEUbfPl-JZx-25E-XMgizjjqJa z<^IpdG`GBx(i|lhX*zcozdn|MM|nHwO*J2>Nwge3{#$3`kG=XKBNGqsJ4)|vRM*Pz zYcRYcoqFA!9K4o-I(Hn+7ETN?%R{k~&WL{*2$iHFc>J7?r_W&=8CM(^9`B8wIYmTVNhd7=V`vo4M;4-{ z3?jmQQavbxo{STC?qCnV#j!LNovPoDq6r7iv4jU?Vm>t;`P^HU>IHa6t1U{fhlaMD zhZkKd|mt(&%T&kpYp{a{lTqj3KIaG=c2tzf9r2 z4Q!W9y{YUxO>LhmX*_GpZcP3JucG>squ<_A06E0|u~x|Pt>8;1EzyO>Yx0}3?#)uM zb*cL%S3D=93Z{difk7cTE!m+up9~vcc`>Mv;_tS&FoZK0x2Tk%56=NA=^459xLUQC z@`$Tl_ma5laKc)GQ;!xIC=Zh);vi~OjkP?d(x`l5*?tfC;Oc$5XA2;?wsjB3%An1X z6Tw+uwoR^jCL{NM___bN^`3)nq1#%N3v2eco9c*5xw$IjinS`Z!sQh=AM&Hsc#2v3 z!Dbf;hSRPfZ3cp{tuxsWCQ)B?%UH?ARIn}DcUS-w{mWe`GRj0;(<-KXmxgviz7me# zVGg!}Qaro(#f$3rgflEjMNaBD{m~Ob8Fb1VRK@*t%bXLA1*3L({ewY+ID| zdG4CSdH$K_Q?>Im?;Gdi?^u_W9c2o1?qsk9FK)iF{3Y>VV^WG+C==mIFWIf4mTP=a zdy&Ij`!h^e56BW9V;_dYyF2O^{ zp8o@-T^6OYdw~^`Z~~Wnts?07=6adPwq#G*r;A6hpg@b74)fftqyUO_z$$F`I3BM? zicuk*G1}n@H>y6Q*WCJ3c2tf@mSvn6^9bY27wVY;42Wo7Td2BI#tLr@xg z8|FHa2>RY+iAr}qLg>8Cv>Y_N&r9*hiM145kZpW*XkY7cuzVJl)t35b8o$nYi|EIH2QZA{8F?7`7z^Im8Kt^8!IQnc`)1zH>yh*sc2a|)5)$Jiww}ZX^E|mI{b;H0!GyAkqeK8N|=TfpsRVAI< zio)sGofCw$oQk^V~>G?SYTD|RKon8 zeYCWN_0d13c%yvF3a)|-x;m1B3mxunbm9^f#+&svOJg$6Si2NZEw=@?rciIWRcGm^ z#!U%McfND@c8c;;0!^a{%3?jxaGmRSR!VO+?@Nk_H;i#1Io})AfDzK5TwFF~ZsCwe zv2Pud%tS4y%|HPS#~zyb=8W^V&mIV~$jZ&sMuie)W`mo_8&UIpbf+ zFAL+J_x6r451YDZF~*(a0E=7ijE;IMH0~aNlH=gvRAi-_x}vIOpPI;N zhtZFNxzebY_SljFvOVXz)g(Hv48#{nlj=IxX~OyWax59gHR(%vz0*-g%O*dET8%fC z&ExXc4QO}uZ&}D~M+wiW_o?4+0_+`sNuUwRhyHhLn?Dyc2WM5I&q-~`rPYJ|V5kF$A{N;RbEF=uB}diwd~ z;GM9x7eMr^(6?SHk-6(IOqf1#y&oVhLI&=2{&sqV_>tega6RD-ex~+=uZq_M>NsU& z8ZnPFU6_W`*4QzL8%PQi)H!dKQa@`B3M+Y81}05uNwYdLA$X^)zwErs)Jq`Vh> zXWx=##3UC}xuK}|^Orjg_wt0jH9e#8h+^ePXJoE?5wn>4{5LA3EV$zFcZ}<Q_R_9x8GEmQui$m?fk5oOLWxsD^{Ji_(N)bqXi1yco)YFF2C|>@! zpI+3O9=lHKiw8V9q8I9y#&UIp<#3)ODT%GwB9*f0h;n2+X9IcJg71WBmgl@9Dd#S) zs}@h*^vc>`=fss%eRy^vDXB%lE*BpXQgzb64>ONg;Z5VcVGGVb-I(R8V#`5(y~z7# zmz@XGm8g~5$s#`EjnwkcP$VOvWtxnTvf+lljlM~9bxq#ZumJ9%-0m3kLr-F< z2u@hVIKROWtwX4Nozkl;TC48Bml?RoL3JAb>9`bZW!@{6_Y!hiShTDIxfrWI<6aP7 zw$99YlVh(SVbanmGSCz|@14o(YaNSS<6u$nc>pe1>?W&kZXSVntrC$Oq!Y2D*sERE zX;mPUnr*^OTRA3|NXmNs!n);YxITh@>P%F4Yj6TmW63r_8%%LZqB%`>f4ozZ-bicV za6GaiJdIZtP3}CDRxPsDFjvNF&RZr5wi=jXZV9h6VSg*{Fplt;x{o)>r?d-ix%+ADj0t9apUuHcEtE}4y8 zY;Bk>$`s<|)hv^jv9|#ACdu{uK3BKHv+y>5|moPt+h)2f2HPr+lvoh zUw&7)WpOZ8ZCVw>H-SD%^Ejj(D${{d!Rdve-cygM#?^O2F-n2Be~;HK_w(3B8d?KT zy5m%4&`H}~C=t^{3ZN@wJt*BI5LnffV%$esTaE4`3i#qzVm8h75lZxL4i-dwlSVuVw!LdLh z46+6g{ZfY~)WVb6`vcb0u9uH-6yud79ycpT7PG_>PP^|my70w0CKJe+HE>8)I?vBG zh@Ywj%EYQV%>4}Kd3Px#Ohf=778aIb+pGE2FSlK0?Q>KADr_ zS8}eZTSf@K-MPewu;0O6V@h?mn&v+Ti%*1hdzAcqH{3Z?&+=5wk`w(4pdZeb<>L$| zG7yz@=U*e!Hx=J?92_;5mY!ZYUtSDEC`Zl6;35dd?*$_3yU8Pt2vT_^Fh}wG<3oZ* zKBQ;xac`4J$Bka)j8BLeXqdUphhv<2a7lb)`u?HLrKa_y;+2mAR^>Lg`Z%i1Zd8AC zc~o$0!(*U(9yWpM2aOx~58Jvg=t?R|Dog6ZCa2V^6xcNOFD4@)b5u(VsgF5VzY`a1 z^mrx#dr4O=1xGVt!}a{!9tv4s=Kbb5Sdhu!JcmjS26AyWI`%K}f@%|Lb<^^BGa^Q- zRu1~x?WRq$TOLiIBBd)H5t3Zwwxe>iH8sfO5M<_^EEN9rx6`>2ExU8|b?)WysG-huhL7g)x2Z&k zBtx63BOUgr$XKZ8s_cr!9kz*}#MZC3rwYPlV}#O}8n`5`NGb4>G&syzKG9|ajQDAp zNzvh1HE)5<;NbYi2oBGh$Qtw1xW1@@1K~~!VWXEegVI17LaV!*uv3ewN~`rJg#bQf+-^XWXp@eNvnIsWW~t-fDJn9RsG`%2HKDju*^hUlTMk7TeR&G zj3`u#9!ep|5f|6t4QV;$;Idb-o;TsVr;~~s53fG7O)#VmbUV^lw$y?fY0~n#Gyd_G z+D*qge16NK*U)FC$Qeq^e|>&Dtz~ih-Xp1@XhPe#%#x=sx37#nE!5Ugk3jY^w=6ih zgxbgKVDjbA;RAIiuZzfM#)=WWJhLtQbaVte8{v8h&tYb#+yK)uz2? zo)uY^;!l~*oeFwXl6a-svRXdpKvg!-F}v7ojlk<=6K!t1xuyQ~PR_>CMS#RS!*`0g z46(s@8YwY%e0S||E~n%2jb_z%V+MxpGESxH80Io${7>>BUitEB=oE!_?iMco>V_B? z#9(nD0mX=&&nuY{H@h{Qjx}ZHlX5@jf1bU~5n(T@qpDGPJ$E1&q#Uu~zNY_d^MdZF zE5fcm@iT)o6*Gr<>N>Nk{OrkW`h@iqf^UE;S)rnus2aWJ802dcc3XO z!0!U*9ny{(Mx&EPSc3N;3UV+b^{NfW@?jEdr3D%HIZafj`7sZVQ)%;YMS8qUFu^JB zu?em=5&7@z;R(`U0lwReG}x;-y%_p1J|8t!JXe+-d==UN0s5Fahidmm?CZYN?4MM0 zmMmOV#yHxx0LCimPEEJNeKVrGgu&^vW}^xtq{r2-w(h-d3mzJ8@@5%SB#t@CKzvpP z?#{k3%6#+BAv1wbvj~QUpxTAn2To9ZM)`**`GRj?xYL=ezEoz#*q4)a`22#?%(!Ln z_-ws`M5C{NdU^k&9VdNhF6Nf3bx>L4^iuXtF`Q|Clx3D#cBJ}jk z1WXc>whNgeHm>P|c+=40z6vLG5|46uT^$DzEi@JWsXC?U!%vFBL->o1s4P>*C)QeT zKbCUjk%bM>%d=}0pTOndmQRf=hPHt$0BbFJ!Zve#^Zb0R0#ua3=BAYvj|}Q`uwu0- z$s88V^BvEUpJUCPPSR2jFmoY^m+DCJhYfO$Y1(Vl!S;e0jOjhBRF1^tAW|mkDbD3neoe+F-`h@2D^bACvqzT zwR9~G(exvismUo~8Q#=hCp-{i5ZuoE54Zg!6o+*?wVU7DumisTM#OamKH56#=kkroece=4Rmy-3=2SyIyAL?sZ2~HH{Y@{Pula{Ro&*F3BN{h50u3R;a5@4-v-E*>{@Rv?$5)Y`@Thc2+_)S3e zCOLN|e11XAgg02HxR^?8 zrX5wh-%ugK71;j}Ph$9JfhG-ZS)7|M%~YF?Y>pL8@C(=P*%>kdhTT2&3p6=r+S+v_ zSK8f^{_g)>3!F-2I76kP&7T!AJV9nGiHn*c=d2{*pTKP@ia*(dB(X$<$; zJ9q8~J@fpzB=bu(9Ll3W~2;Y@rH1J8)i8_>V^sL3rUXIt>W=}#qMR`#DItD+#oeX6O!zODjH3*&( zb%&ac49{(i6{&#QX6meEE$`#v8jSZRa+ewThHBvWct(E7p3%De>OTzt@ri_mg&nnF z+g1QhjThBk(^m5xj*sGm)Gy{E^b%DXU59{Z^O?NsyE+By{o5WC#a5i za<42Lf>;+BW6$%SkEAMJQw6vumNz59f{&mV-dRRP<8qWQ+3mYR>w$z<7`1d#$E10w zI6ky9Cr2)8;)2aw|2P3q)ii=7Ty7W1DJjKbscYfKJzTu5=%2t=B*<46S%K05^PRdUu&{(?z!1Hg_3#7r+5tax{;C_$nfyV@UD&6 z4owUOk7YO?(0w+GKa_sBhLK+TY}v7?F|wd+Q>c5n=w54kmK`uHD=2*v&o`1=O7 z?$=LVCb5{+Nbs{iJe3u(~?+0s=))dSES;%wCCgpQ+mUBfSh*UOMuTA zP{=-acLF4N0nqh?b<9)_!aITL{i`*gUh%|Efdlm1T-_5QH)kSeoT#{Y=1ln1z+f!E zGV$45e!s$d>j(zcELJ%pjEvt$K|(Q}tQmLsugU-gk0n>E3G^O3f6Y4?gwM&4r_p-V zOnet;e^1rAURds)U-{6fJ5-KzEe*rXoL<{Zcfdkx;dB(LO*=u?`OBgTDoOOgL3*RE z%gbMe(lXB;uc-sM2Dy8tIsj0&E-EPjmHrrc^E0cwQ2p*&@gsoANJ})P{6HB4`t5@r z?y*4tozg2j?(D^<(+c`fP^HCC zWm~>QSC75}(<9+rz;Ia?;doSxFF~%h-AqLImD=wrv%JBOaIO`kGW&yy?@v*X8V2kr zM%m)L&WzRZfs4QSe1E$Ew17jY+uK#=^DbfiFTi{PlZWR7bI6N{jwz}~*<-k5seJP; z@2B2ejJsxCGsIV#1?zvl%U6t-e}Q8*q!+yF&owRgpTT*OXjd)!0NQ1ekteZ4;zl_t zqRPKKCZZFy@p<~~S@3}t*PPH6uVOOZ0?;`Lx`-Ue8!2?LgG+VntWVmWF@~6jwS1Sa%XPs zIS=X-!(Tck^J&tTwAgn3RZDw~f!dJ~tBOQWbAnxl+6>;S<`?2YhBJN9YS4-*NQn*9KMn zr*_!@IBTZmK=kLaf8ei_4proZKrG1%4($8_KKUIR%=GcXyZ=UKCaBOF=3-0JzLM1>w$ zRd(O&jcKJ>;!=I<2dutN&*EsEtxTqNY3ZmFwes6tO#(`Wkg+CcH_B?KtA<`zjhqV6 zb&muXX~2=62#WHg>*fO-MHMuE-9CCdXe3odRbdKnQ%A-)o-sxi%~NYguozs&;?yQU z<4lL<5bnl_TxkBag6o0ATp8_j`RqfK5XIxd;IrAM5yZO z3R4@Exd1&zvd_)v)WV>(7v6MS%);HSis<*@k5w@|AmmxrbmY`C5Oi0tGry>hPs#*X zEfSJASHwNtxjoT3L^apMUVVA=} zgh$+wN|(0oZhGp{Rl09EWE z``H6vCAciydLP@Tdi>9T+^v9G)}7W+SWOXsiqw=L(9RboQGFz9Q#= zYG(3@!fm_jF;SOQ&A$9NI$5$4r*#brhykG9B*F&`Q)4YByV|w=LIk5IS~~<@9Li36 zZsiLls^oZ`aRPlj(^EfDT23?Ues`#8J>2T2A}dMQ+`?xzoA+ksAmbF{K4bPM24j!_ zPFBu*i0{I=oQKPHeCgHKeL3ztK19tTr!0pPk>Cv?d5}+60-T>ZAaDa^sX_82=W5|= zXy=K5)P|cqY4VwQp4E=$k`4>=1qhLQo_lt7HXR_*X;+Sc?QDz%{L*aw<12B`FR+qZ zx9ja9&G;uUmO2XtQ_>qraP`1GP*a8&@ma(nqgq=G{8+#OInFR%#V*V(kMmdGZ?%_w zoiz!@a?7EMu0boOmwa^DAIPzW;rU`j;H(7XvdVa@L>KXxsv^w0RKx88Nsku%wClQA z;N$(qzTeFO{mQPopUsv)s8vHD+^>O2if}+3J*zwO`^g?iP9(h<)=bemhx=Vx|F%4t zs8BI8@LjmZ`6f;@w2GvQJVr2w-hpYR{x37L1^M^mHYUt8)-rA zON)a+-nPG7urjhdcHkyKD=H8yh5229m>R=dy+kWJEOh^Q?6`-^SG_|C4tAudP`|W} zM-zpSYgL)L;SJguTFRk*85fll&tUr@!>=dNoYx1bPox>H5}W*Vd>VRi3d!MmQfNgQ zLOo%0sx?BK;Fs=)T3zT@IN(7D%~W)B@MEXhRxDXoe;hP=LFgUelX1khwcB2UcS#oX zHcp@hiA)FnwY12V;u&wa2Tf0t3r73UgIm0|JJ&Us>s}-WBe`)P?aLmgWbw_av&l?E zUkch#|6Sg8lxyg}S}66g^&7;+Tl0RtpHf^%v7EurrY&gC!iKt8jwRbPdT^^J-zCCO z#h7iJi;A$cDC7$e;~u7Lq$?+4^s$Q_pX3&enwyF}pCBX?A}o`fpYHe-fFOB;(s9 zygv>XOo>fg7B+Y<72SO#p7xcMfDr0T{xhJ6BB>e2=1ZNl61Fb)EEIo1##)3a37Qs~ z^WGa!ffAFL+oF7vBs5alo4ux^xHL6N%+^#0GXG Date: Tue, 5 Mar 2024 13:01:58 +0100 Subject: [PATCH 107/146] Fix #1368: Modify datatype of pa_activation.extras (#1371) * Fix #1368: Modify datatype of pa_activation.extras --- docs/PowerAuth-Server-1.7.0.md | 2 +- docs/sql/mssql/migration_1.6.0_1.7.0.sql | 2 +- docs/sql/oracle/migration_1.6.0_1.7.0.sql | 2 +- docs/sql/postgresql/migration_1.6.0_1.7.0.sql | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/PowerAuth-Server-1.7.0.md b/docs/PowerAuth-Server-1.7.0.md index 90083ef11..60268d281 100644 --- a/docs/PowerAuth-Server-1.7.0.md +++ b/docs/PowerAuth-Server-1.7.0.md @@ -18,7 +18,7 @@ Following columns have been added to table `pa_activation` for FIDO2 support: - `external_id` - external identifier of the activation - `protocol` - protocol enumeration: `powerauth` or `fido2` -The data type for column `extras` in table `pa_activation` was changed to `TEXT` / `CLOB` to support larger data. +The size of column `extras` in table `pa_activation` was increased to `4000` from `255` to support larger data. ### New Database Table for Application Configuration diff --git a/docs/sql/mssql/migration_1.6.0_1.7.0.sql b/docs/sql/mssql/migration_1.6.0_1.7.0.sql index db82de320..73e04a032 100644 --- a/docs/sql/mssql/migration_1.6.0_1.7.0.sql +++ b/docs/sql/mssql/migration_1.6.0_1.7.0.sql @@ -9,7 +9,7 @@ ALTER TABLE pa_activation ADD protocol varchar(32) CONSTRAINT DF_pa_activation_p GO -- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::3::Roman Strobl -ALTER TABLE pa_activation ALTER COLUMN extras varchar (max); +ALTER TABLE pa_activation ALTER COLUMN extras varchar (4000); GO -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::1::Roman Strobl diff --git a/docs/sql/oracle/migration_1.6.0_1.7.0.sql b/docs/sql/oracle/migration_1.6.0_1.7.0.sql index 10a4f6da1..bb430b3f6 100644 --- a/docs/sql/oracle/migration_1.6.0_1.7.0.sql +++ b/docs/sql/oracle/migration_1.6.0_1.7.0.sql @@ -7,7 +7,7 @@ ALTER TABLE pa_activation ADD external_id VARCHAR2(255); ALTER TABLE pa_activation ADD protocol VARCHAR2(32) DEFAULT 'powerauth'; -- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::3::Roman Strobl -ALTER TABLE pa_activation MODIFY extras CLOB; +ALTER TABLE pa_activation MODIFY extras VARCHAR2(4000); -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::1::Roman Strobl -- Create a new table pa_application_config diff --git a/docs/sql/postgresql/migration_1.6.0_1.7.0.sql b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql index 5a4e29ac8..bd6529245 100644 --- a/docs/sql/postgresql/migration_1.6.0_1.7.0.sql +++ b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql @@ -7,7 +7,7 @@ ALTER TABLE pa_activation ADD external_id VARCHAR(255); ALTER TABLE pa_activation ADD protocol VARCHAR(32) DEFAULT 'powerauth'; -- Changeset powerauth-java-server/1.7.x/20240115-add-columns-fido2::3::Roman Strobl -ALTER TABLE pa_activation ALTER COLUMN extras TYPE TEXT USING (extras::TEXT); +ALTER TABLE pa_activation ALTER COLUMN extras TYPE VARCHAR(4000) USING (extras::VARCHAR(4000)); -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::1::Roman Strobl -- Create a new table pa_application_config From c33f427ee263fb7bc72e464fd76a1a60217b41ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zden=C4=9Bk=20=C4=8Cern=C3=BD?= Date: Tue, 5 Mar 2024 15:34:25 +0100 Subject: [PATCH 108/146] Fix #1376: Liquibase on MSSQL throws error do not fail on error --- .../powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml b/docs/db/changelog/changesets/powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml index acece2348..2f65f7bf2 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.6.x/20231106-add-foreign-keys.xml @@ -3,8 +3,8 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.9.xsd"> - - + + From fc153e236b7d900a1b90dc4ca1dd7d73393a1518 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Wed, 6 Mar 2024 07:29:22 +0100 Subject: [PATCH 109/146] Update GitHub Actions to checkout@v4 and setup-java@v4 --- .github/workflows/scp-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scp-deploy.yml b/.github/workflows/scp-deploy.yml index 66459f5fd..31055a389 100644 --- a/.github/workflows/scp-deploy.yml +++ b/.github/workflows/scp-deploy.yml @@ -7,9 +7,9 @@ jobs: scp-deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: 17 distribution: 'temurin' From 2fba2646dce1da4a386794c65978ba8f8fb5686b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Ra=C4=8Dansk=C3=BD?= Date: Wed, 6 Mar 2024 09:16:57 +0100 Subject: [PATCH 110/146] Update GitHub Actions to JDK 21 (#1380) --- .github/workflows/codeql-analysis.yml | 1 + .github/workflows/coverity-scan.yml | 1 + .github/workflows/maven-deploy.yml | 2 ++ .github/workflows/maven-test.yml | 4 +++- .github/workflows/scp-deploy.yml | 4 ++-- 5 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ef4b9f57a..a53b0a67c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -15,6 +15,7 @@ jobs: uses: wultra/wultra-infrastructure/.github/workflows/codeql-analysis.yml@develop secrets: inherit with: + java_version: 21 languages: "['java', 'javascript']" # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Use only 'java' to analyze code written in Java, Kotlin or both diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml index 8a887f339..303fae90c 100644 --- a/.github/workflows/coverity-scan.yml +++ b/.github/workflows/coverity-scan.yml @@ -14,3 +14,4 @@ jobs: project-name: ${{ github.event.repository.name }} version: ${{ github.sha }} description: ${{ github.ref }} + java_version: 21 \ No newline at end of file diff --git a/.github/workflows/maven-deploy.yml b/.github/workflows/maven-deploy.yml index 8f31c6b75..f099c4cc8 100644 --- a/.github/workflows/maven-deploy.yml +++ b/.github/workflows/maven-deploy.yml @@ -32,6 +32,7 @@ jobs: with: environment: internal-publish release_type: snapshot + java_version: 21 secrets: username: ${{ secrets.MAVEN_CENTRAL_USERNAME }} password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} @@ -43,6 +44,7 @@ jobs: with: environment: ${{ inputs.environment }} release_type: ${{ inputs.release_type }} + java_version: 21 secrets: username: ${{ secrets.MAVEN_CENTRAL_USERNAME }} password: ${{ secrets.MAVEN_CENTRAL_PASSWORD }} diff --git a/.github/workflows/maven-test.yml b/.github/workflows/maven-test.yml index 6bdada9fe..33932bf61 100644 --- a/.github/workflows/maven-test.yml +++ b/.github/workflows/maven-test.yml @@ -15,4 +15,6 @@ on: jobs: maven-tests: uses: wultra/wultra-infrastructure/.github/workflows/maven-test.yml@develop - secrets: inherit \ No newline at end of file + secrets: inherit + with: + java_version: 21 \ No newline at end of file diff --git a/.github/workflows/scp-deploy.yml b/.github/workflows/scp-deploy.yml index 31055a389..d44d7b5db 100644 --- a/.github/workflows/scp-deploy.yml +++ b/.github/workflows/scp-deploy.yml @@ -8,10 +8,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - name: Set up JDK 17 + - name: Set up JDK 21 uses: actions/setup-java@v4 with: - java-version: 17 + java-version: 21 distribution: 'temurin' server-id: jfrog-central server-username: INTERNAL_USERNAME From c30195e4c09f8b4114e3daeb54e5e421c3f585be Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Thu, 7 Mar 2024 12:24:31 +0800 Subject: [PATCH 111/146] Fix #1386: FIDO2: Parameter externalId from AssertionChallengeRequest is ignored --- .../app/server/service/fido2/PowerAuthAssertionProvider.java | 1 + 1 file changed, 1 insertion(+) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index 31b4dbd8d..14d4f800d 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -80,6 +80,7 @@ public AssertionChallenge provideChallengeForAssertion(List applicationI final OperationCreateRequest operationCreateRequest = new OperationCreateRequest(); operationCreateRequest.setApplications(applicationIds); operationCreateRequest.setTemplateName(templateName); + operationCreateRequest.setExternalId(externalAuthenticationId); operationCreateRequest.getParameters().putAll(parameters); final OperationDetailResponse operationDetailResponse = serviceBehaviorCatalogue.getOperationBehavior().createOperation(operationCreateRequest); From 208178dfa4f156c084eaaf874c927686eed89d1b Mon Sep 17 00:00:00 2001 From: Roman Strobl Date: Thu, 7 Mar 2024 12:43:35 +0800 Subject: [PATCH 112/146] Fix #1388: FIDO2: Reversed order of parameters in findByCredentialId --- .../com/wultra/powerauth/fido2/service/AssertionService.java | 2 +- .../server/service/fido2/PowerAuthAuthenticatorProvider.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 2efa15b75..231c94d4f 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -96,7 +96,7 @@ public AssertionVerificationResponse authenticate(AssertionVerificationRequest r final String applicationId = request.getApplicationId(); final String authenticatorId = request.getId(); final String challenge = request.getResponse().getClientDataJSON().getChallenge(); - final Optional authenticatorOptional = authenticatorProvider.findByCredentialId(applicationId, authenticatorId); + final Optional authenticatorOptional = authenticatorProvider.findByCredentialId(authenticatorId, applicationId); authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); final AuthenticatorDetail authenticatorDetail = authenticatorOptional.get(); final AuthenticatorData authenticatorData = response.getAuthenticatorData(); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java index 4213a059e..c9b64b0d7 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java @@ -123,7 +123,7 @@ public List findByUserId(String userId, String applicationI @Override @Transactional(readOnly = true) - public Optional findByCredentialId(String applicationId, String credentialId) throws Fido2AuthenticationFailedException { + public Optional findByCredentialId(String credentialId, String applicationId) throws Fido2AuthenticationFailedException { // Find application final Optional application = applicationRepository.findById(applicationId); From 41e5750ba823dc423f7de5dd53bf9ab8d5e57b85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Thu, 14 Mar 2024 16:18:52 +0800 Subject: [PATCH 113/146] Fix #1391: FIDO2: Names refactoring (#1395) --- .../model/entity/fido2/AuthenticatorDetail.java | 2 +- .../model/response/fido2/RegistrationResponse.java | 2 +- .../rest/model/converter/RegistrationConverter.java | 4 ++-- .../fido2/rest/model/entity/AuthenticatorDetail.java | 2 +- .../rest/model/response/RegistrationResponse.java | 2 +- .../powerauth/fido2/service/AssertionService.java | 6 +++--- .../powerauth/fido2/service/RegistrationService.java | 8 ++++---- .../fido2/service/provider/CryptographyService.java | 4 ++-- .../fido2/service/provider/RegistrationProvider.java | 4 ++-- .../database/repository/ActivationRepository.java | 2 +- .../fido2/PowerAuthAuthenticatorProvider.java | 4 ++-- .../service/fido2/PowerAuthCryptographyService.java | 12 ++++++------ .../service/fido2/PowerAuthRegistrationProvider.java | 6 +++--- 13 files changed, 29 insertions(+), 29 deletions(-) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorDetail.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorDetail.java index f5b52c76d..8cf81dabd 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorDetail.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorDetail.java @@ -37,7 +37,7 @@ public class AuthenticatorDetail { private String activationId; private String applicationId; private String activationName; - private String externalId; + private String credentialId; private ActivationStatus activationStatus; private Map extras; private String platform; diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationResponse.java index d09e0040c..550d8b4df 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationResponse.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/RegistrationResponse.java @@ -34,7 +34,7 @@ public class RegistrationResponse { private String userId; private String activationId; private String applicationId; - private String externalId; + private String credentialId; private String activationName; private ActivationStatus activationStatus; private Map extras; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index fbe39406a..a8a41cb22 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -60,7 +60,7 @@ public Optional convert(RegistrationChallenge challenge, Re final Fido2Authenticators.Model model = Fido2Authenticators.modelByAaguid(aaguid); - authenticatorDetail.setExternalId(requestObject.getAuthenticatorParameters().getId()); + authenticatorDetail.setCredentialId(requestObject.getAuthenticatorParameters().getId()); authenticatorDetail.setExtras(convertExtras(requestObject)); authenticatorDetail.setActivationName(requestObject.getActivationName()); authenticatorDetail.setPlatform(requestObject.getAuthenticatorParameters().getAuthenticatorAttachment()); @@ -88,7 +88,7 @@ public RegistrationResponse convertRegistrationResponse(AuthenticatorDetail sour result.setUserId(source.getUserId()); result.setActivationId(source.getActivationId()); result.setApplicationId(source.getApplicationId()); - result.setExternalId(source.getExternalId()); + result.setCredentialId(source.getCredentialId()); result.setExtras(source.getExtras()); result.setActivationName(source.getActivationName()); result.setPlatform(source.getPlatform()); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java index 975efe071..e8a7770cd 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorDetail.java @@ -37,7 +37,7 @@ public class AuthenticatorDetail { private String activationId; private String applicationId; private String activationName; - private String externalId; + private String credentialId; private ActivationStatus activationStatus; private Map extras; private String platform; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java index f1f2944f9..fa528d6fb 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationResponse.java @@ -36,7 +36,7 @@ public class RegistrationResponse { private String userId; private String activationId; private String applicationId; - private String externalId; + private String credentialId; private String activationName; private ActivationStatus activationStatus; private Map extras; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 231c94d4f..97bea67dc 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -94,15 +94,15 @@ public AssertionVerificationResponse authenticate(AssertionVerificationRequest r try { final AuthenticatorAssertionResponse response = request.getResponse(); final String applicationId = request.getApplicationId(); - final String authenticatorId = request.getId(); + final String credentialId = request.getId(); final String challenge = request.getResponse().getClientDataJSON().getChallenge(); - final Optional authenticatorOptional = authenticatorProvider.findByCredentialId(authenticatorId, applicationId); + final Optional authenticatorOptional = authenticatorProvider.findByCredentialId(credentialId, applicationId); authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); final AuthenticatorDetail authenticatorDetail = authenticatorOptional.get(); final AuthenticatorData authenticatorData = response.getAuthenticatorData(); final CollectedClientData clientDataJSON = response.getClientDataJSON(); if (authenticatorDetail.getActivationStatus() == ActivationStatus.ACTIVE) { - final boolean signatureCorrect = cryptographyService.verifySignatureForAssertion(applicationId, authenticatorId, clientDataJSON, authenticatorData, response.getSignature(), authenticatorDetail); + final boolean signatureCorrect = cryptographyService.verifySignatureForAssertion(applicationId, credentialId, clientDataJSON, authenticatorData, response.getSignature(), authenticatorDetail); if (signatureCorrect) { assertionProvider.approveAssertion(challenge, authenticatorDetail, authenticatorData, clientDataJSON); return assertionConverter.fromAuthenticatorDetail(authenticatorDetail, signatureCorrect); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index ece894b97..48a1b03fe 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -115,7 +115,7 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E throw new Fido2AuthenticationFailedException(error); } - final String authenticatorId = requestObject.getAuthenticatorParameters().getId(); + final String credentialId = requestObject.getAuthenticatorParameters().getId(); final AuthenticatorAttestationResponse response = requestObject.getAuthenticatorParameters().getResponse(); final CollectedClientData clientDataJSON = response.getClientDataJSON(); @@ -131,7 +131,7 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E final String fmt = attestationObject.getFmt(); final byte[] aaguid = attestationObject.getAuthData().getAttestedCredentialData().getAaguid(); - validateRegistrationRequest(applicationId, authenticatorId, fmt, aaguid, challengeValue); + validateRegistrationRequest(applicationId, credentialId, fmt, aaguid, challengeValue); if (Fmt.FMT_PACKED.getValue().equals(fmt)) { final boolean verifySignature = cryptographyService.verifySignatureForRegistration(applicationId, clientDataJSON, authData, signature, attestedCredentialData); @@ -152,8 +152,8 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E return registrationConverter.convertRegistrationResponse(authenticatorDetailResponse); } - private void validateRegistrationRequest(final String applicationId, final String authenticatorId, final String attestationFormat, final byte[] aaguid, final String challengeValue) throws Exception { - if (!registrationProvider.registrationAllowed(applicationId, authenticatorId, attestationFormat, aaguid)) { + private void validateRegistrationRequest(final String applicationId, final String credentialId, final String attestationFormat, final byte[] aaguid, final String challengeValue) throws Exception { + if (!registrationProvider.registrationAllowed(applicationId, credentialId, attestationFormat, aaguid)) { logger.warn("Invalid request for FIDO2 registration"); // Immediately revoke the challenge registrationProvider.revokeRegistrationByChallengeValue(applicationId, challengeValue); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java index 99aa411af..c1deef15d 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java @@ -44,7 +44,7 @@ public interface CryptographyService { * Verify signature for an assertion. * * @param applicationId Application identifier. - * @param authenticatorId Authenticator identifier. + * @param credentialId Credential identifier. * @param clientDataJSON Collected client data. * @param authData Authenticator data. * @param signature Signature bytes. @@ -52,7 +52,7 @@ public interface CryptographyService { * @return Whether signature verification succeeded. * @throws Exception Thrown in case of a cryptography error. */ - boolean verifySignatureForAssertion(String applicationId, String authenticatorId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AuthenticatorDetail authenticatorDetail) throws Exception; + boolean verifySignatureForAssertion(String applicationId, String credentialId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AuthenticatorDetail authenticatorDetail) throws Exception; /** * Convert public key object to bytes. diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java index e9a18488a..3546ea399 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/RegistrationProvider.java @@ -59,12 +59,12 @@ public interface RegistrationProvider { /** * Verify registration parameters and determine whether registration is allowed. * @param applicationId Application ID. - * @param authenticatorId Authenticator ID. + * @param credentialId Credential ID. * @param attestationFormat FIDO2 registration attestation format. * @param aaguid FIDO2 registration AAGUID value. * @return Whether registration is allowed. * @throws Exception In case any issue occur during processing. */ - boolean registrationAllowed(String applicationId, String authenticatorId, String attestationFormat, byte[] aaguid) throws Exception; + boolean registrationAllowed(String applicationId, String credentialId, String attestationFormat, byte[] aaguid) throws Exception; } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ActivationRepository.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ActivationRepository.java index 42576c226..be74d5e4b 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ActivationRepository.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ActivationRepository.java @@ -191,7 +191,7 @@ default Long getActivationCountByActivationCode(String applicationId, String act * Find all activations for given user ID * * @param applicationId Application ID. - * @param externalId External authenticatorId + * @param externalId External identifier. * @return List of activations for given user */ @Query("SELECT a FROM ActivationRecordEntity a WHERE a.application.id = :applicationId AND a.externalId = :externalId") diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java index c9b64b0d7..526cc5971 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java @@ -207,7 +207,7 @@ public AuthenticatorDetail storeAuthenticator(String applicationId, String activ // The device public key is converted back to bytes and base64 encoded so that the key is saved in normalized form activation.setDevicePublicKeyBase64(Base64.getEncoder().encodeToString(keyConvertor.convertPublicKeyToBytes(devicePublicKey))); activation.setActivationName(authenticatorDetail.getActivationName()); - activation.setExternalId(authenticatorDetail.getExternalId()); + activation.setExternalId(authenticatorDetail.getCredentialId()); activation.setExtras(objectMapper.writeValueAsString(authenticatorDetail.getExtras())); if (authenticatorDetail.getPlatform() != null) { activation.setPlatform(authenticatorDetail.getPlatform().toLowerCase()); @@ -292,7 +292,7 @@ private Optional convert(Activation activation, Application authenticatorDetail.setActivationId(activation.getActivationId()); authenticatorDetail.setActivationStatus(activation.getActivationStatus()); authenticatorDetail.setActivationName(activation.getActivationName()); - authenticatorDetail.setExternalId(activation.getExternalId()); + authenticatorDetail.setCredentialId(activation.getExternalId()); try { authenticatorDetail.setExtras(objectMapper.readValue(activation.getExtras(), new TypeReference>() {})); } catch (JsonProcessingException e) { diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java index 535c0c2a5..ecf20f266 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java @@ -51,8 +51,8 @@ public PowerAuthCryptographyService(ActivationRepository activationRepository) { this.activationRepository = activationRepository; } - public boolean verifySignatureForAssertion(String applicationId, String authenticatorId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AuthenticatorDetail authenticatorDetail) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException, InvalidKeyException { - if (!checkAndPersistCounter(applicationId, authenticatorId, authData.getSignCount())) { + public boolean verifySignatureForAssertion(String applicationId, String credentialId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AuthenticatorDetail authenticatorDetail) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException, InvalidKeyException { + if (!checkAndPersistCounter(applicationId, credentialId, authData.getSignCount())) { return false; } final byte[] publicKeyBytes = authenticatorDetail.getPublicKeyBytes(); @@ -81,14 +81,14 @@ private boolean verifySignature(CollectedClientData clientDataJSON, Authenticato return signatureUtils.validateECDSASignature(clientDataJSONEncodedHash, signature, publicKey); } - private boolean checkAndPersistCounter(String applicationId, String authenticatorId, int signCount) { - final List activations = activationRepository.findByExternalId(applicationId, authenticatorId); + private boolean checkAndPersistCounter(String applicationId, String credentialId, int signCount) { + final List activations = activationRepository.findByExternalId(applicationId, credentialId); if (activations.isEmpty()) { - logger.warn("Activation not found, external ID: {}", authenticatorId); + logger.warn("Activation not found, external ID: {}", credentialId); return false; } if (activations.size() > 1) { - logger.warn("Multiple activations with same external ID found, external ID: {}", authenticatorId); + logger.warn("Multiple activations with same external ID found, external ID: {}", credentialId); return false; } final ActivationRecordEntity activation = activations.get(0); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java index e9f57f229..1a97d7747 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java @@ -153,7 +153,7 @@ public void revokeRegistrationByChallengeValue(String applicationId, String chal @Override @Transactional(readOnly = true) - public boolean registrationAllowed(String applicationId, String authenticatorId, String attestationFormat, byte[] aaguid) throws Exception { + public boolean registrationAllowed(String applicationId, String credentialId, String attestationFormat, byte[] aaguid) throws Exception { final ApplicationConfigServiceBehavior configService = serviceBehaviorCatalogue.getApplicationConfigServiceBehavior(); final GetApplicationConfigRequest configRequest = new GetApplicationConfigRequest(); configRequest.setApplicationId(applicationId); @@ -184,9 +184,9 @@ public boolean registrationAllowed(String applicationId, String authenticatorId, } final ActivationRepository activationRepository = repositoryCatalogue.getActivationRepository(); - final List existingActivations = activationRepository.findByExternalId(applicationId, authenticatorId); + final List existingActivations = activationRepository.findByExternalId(applicationId, credentialId); if (!existingActivations.isEmpty()) { - logger.warn("Rejected duplicate external ID for registration, application ID: {}, external ID: {}", applicationId, authenticatorId); + logger.warn("Rejected duplicate external ID for registration, application ID: {}, external ID: {}", applicationId, credentialId); return false; } From 5a1cf8bdaf39e55e4366e60d9426f4c45e660d04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Fri, 15 Mar 2024 13:22:37 +0800 Subject: [PATCH 114/146] FIDO2: Basic Attestation (#1394) --- .../AttestationStatementDeserializer.java | 34 ++- .../model/entity/AttestationStatement.java | 5 + .../fido2/rest/model/entity/X509Cert.java | 40 ++++ .../model/enumeration/AttestationType.java | 33 +++ .../model/enumeration/Fido2ConfigKeys.java | 1 + .../fido2/service/RegistrationService.java | 4 +- .../service/provider/CryptographyService.java | 5 +- .../model/entity/ApplicationConfigEntity.java | 2 +- .../ApplicationConfigRepository.java | 12 +- .../ApplicationConfigServiceBehavior.java | 8 +- .../fido2/Fido2CertificateValidator.java | 203 ++++++++++++++++++ .../fido2/PowerAuthCryptographyService.java | 157 +++++++++++++- .../fido2/PowerAuthRegistrationProvider.java | 3 +- .../fido2/Fido2AuthenticatorTest.java | 116 +++++++--- .../fido2/Fido2CertificateValidatorTest.java | 128 +++++++++++ 15 files changed, 703 insertions(+), 48 deletions(-) create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/X509Cert.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/AttestationType.java create mode 100644 powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/Fido2CertificateValidator.java create mode 100644 powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2CertificateValidatorTest.java diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java index b99b6392b..db112481b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/AttestationStatementDeserializer.java @@ -24,12 +24,16 @@ import com.fasterxml.jackson.databind.deser.std.StdDeserializer; import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; import com.wultra.powerauth.fido2.rest.model.entity.AttestationStatement; +import com.wultra.powerauth.fido2.rest.model.entity.X509Cert; +import com.wultra.powerauth.fido2.rest.model.enumeration.AttestationType; import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; import java.io.IOException; import java.io.Serial; +import java.util.Collections; +import java.util.List; import java.util.Map; /** @@ -67,6 +71,7 @@ public AttestationStatementDeserializer(Class vc) { * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. */ @Override + @SuppressWarnings("unchecked") public AttestationStatement deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { try { final Map map = jsonParser.readValueAs(new TypeReference<>() {}); @@ -81,7 +86,34 @@ public AttestationStatement deserialize(JsonParser jsonParser, DeserializationCo } else { result.setAlgorithm(SignatureAlgorithm.UNKNOWN); } - result.setSignature((byte[]) map.get("sig")); + final byte[] signature = (byte[]) map.get("sig"); + result.setSignature(signature); + if (signature == null) { + result.setAttestationType(AttestationType.NONE); + return result; + } + Object x5cObj = map.get("x5c"); + if (x5cObj == null) { + result.setAttestationType(AttestationType.SELF); + return result; + } + if (!(x5cObj instanceof List)) { + throw new Fido2DeserializationException("Invalid x5c certificate"); + } + final List x5c = (List) x5cObj; + if (x5c.isEmpty()) { + result.setAttestationType(AttestationType.SELF); + } else { + final byte[] attestationCert = x5c.get(0); + final List certChain; + if (x5c.size() == 1) { + certChain = Collections.emptyList(); + } else { + certChain = x5c.subList(1, x5c.size()); + } + result.setX509Cert(new X509Cert(attestationCert, certChain)); + result.setAttestationType(AttestationType.BASIC); + } return result; } catch (IOException e) { logger.debug(e.getMessage(), e); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java index 299da3af4..9bddef957 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AttestationStatement.java @@ -18,6 +18,7 @@ package com.wultra.powerauth.fido2.rest.model.entity; +import com.wultra.powerauth.fido2.rest.model.enumeration.AttestationType; import com.wultra.powerauth.fido2.rest.model.enumeration.SignatureAlgorithm; import lombok.Data; @@ -28,6 +29,10 @@ */ @Data public class AttestationStatement { + private SignatureAlgorithm algorithm; private byte[] signature; + private X509Cert x509Cert; + private AttestationType attestationType; + } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/X509Cert.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/X509Cert.java new file mode 100644 index 000000000..0f48c8db0 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/X509Cert.java @@ -0,0 +1,40 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.List; + +/** + * X509 Certificate used in Packed attestation. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Data +@NoArgsConstructor +@AllArgsConstructor +public class X509Cert { + + private byte[] attestationCert; + private List certChain; + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/AttestationType.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/AttestationType.java new file mode 100644 index 000000000..27692b2d2 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/AttestationType.java @@ -0,0 +1,33 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +package com.wultra.powerauth.fido2.rest.model.enumeration; + +/** + * Attestation type. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +public enum AttestationType { + + BASIC, + SELF, + NONE + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fido2ConfigKeys.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fido2ConfigKeys.java index 12a31c990..1af59057f 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fido2ConfigKeys.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/enumeration/Fido2ConfigKeys.java @@ -28,5 +28,6 @@ public class Fido2ConfigKeys { public static final String CONFIG_KEY_ALLOWED_ATTESTATION_FMT = "fido2_attestation_fmt_allowed"; public static final String CONFIG_KEY_ALLOWED_AAGUIDS = "fido2_aaguids_allowed"; + public static final String CONFIG_KEY_ROOT_CA_CERTS = "fido2_root_ca_certs"; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index 48a1b03fe..0ab963d2b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -134,8 +134,8 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E validateRegistrationRequest(applicationId, credentialId, fmt, aaguid, challengeValue); if (Fmt.FMT_PACKED.getValue().equals(fmt)) { - final boolean verifySignature = cryptographyService.verifySignatureForRegistration(applicationId, clientDataJSON, authData, signature, attestedCredentialData); - if (!verifySignature) { + final boolean signatureVerified = cryptographyService.verifySignatureForRegistration(applicationId, clientDataJSON, attestationObject, signature); + if (!signatureVerified) { // Immediately revoke the challenge registrationProvider.revokeRegistrationByChallengeValue(applicationId, challengeValue); throw new Fido2AuthenticationFailedException("Registration failed"); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java index c1deef15d..6b1939343 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/CryptographyService.java @@ -32,13 +32,12 @@ public interface CryptographyService { * * @param applicationId Application identifier. * @param clientDataJSON Collected client data. - * @param authData Authenticator data. + * @param attestationObject Attestation object. * @param signature Signature bytes. - * @param attestedCredentialData Attested credential data. * @return Whether signature verification succeeded. * @throws Exception Thrown in case of a cryptography error. */ - boolean verifySignatureForRegistration(String applicationId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AttestedCredentialData attestedCredentialData) throws Exception; + boolean verifySignatureForRegistration(String applicationId, CollectedClientData clientDataJSON, AttestationObject attestationObject, byte[] signature) throws Exception; /** * Verify signature for an assertion. diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationConfigEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationConfigEntity.java index 8ee8cde1c..4ead2e163 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationConfigEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ApplicationConfigEntity.java @@ -56,7 +56,7 @@ public class ApplicationConfigEntity implements Serializable { @Column(name = "config_key", nullable = false) private String key; - @Column(name = "config_values") + @Column(name = "config_values", columnDefinition = "CLOB") @Convert(converter = ListToJsonConverter.class) private List values = new ArrayList<>(); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ApplicationConfigRepository.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ApplicationConfigRepository.java index 9694f2fc8..c3bbe69e9 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ApplicationConfigRepository.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/repository/ApplicationConfigRepository.java @@ -18,11 +18,11 @@ package io.getlime.security.powerauth.app.server.database.repository; import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationConfigEntity; -import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationEntity; import org.springframework.data.repository.CrudRepository; import org.springframework.stereotype.Repository; import java.util.List; +import java.util.Optional; /** * Repository for application configurations. @@ -36,8 +36,16 @@ public interface ApplicationConfigRepository extends CrudRepository findByApplicationId(String applicationId); + /** + * Find application configuration by application ID and key. + * @param applicationId Application ID. + * @param key Configuration key name. + * @return Optional application config entity. + */ + Optional findByApplicationIdAndKey(String applicationId, String key); + } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationConfigServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationConfigServiceBehavior.java index 47b430f42..3ffe86719 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationConfigServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/ApplicationConfigServiceBehavior.java @@ -32,8 +32,6 @@ import io.getlime.security.powerauth.app.server.service.i18n.LocalizationProvider; import io.getlime.security.powerauth.app.server.service.model.ServiceError; import lombok.extern.slf4j.Slf4j; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -41,8 +39,7 @@ import java.util.List; import java.util.Optional; -import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_AAGUIDS; -import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_ATTESTATION_FMT; +import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.*; /** * Behavior class implementing management of application configuration. @@ -180,7 +177,8 @@ private void validateConfigKey(String key) throws GenericServiceException { throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST); } if (!CONFIG_KEY_ALLOWED_ATTESTATION_FMT.equals(key) - && !CONFIG_KEY_ALLOWED_AAGUIDS.equals(key)) { + && !CONFIG_KEY_ALLOWED_AAGUIDS.equals(key) + && !CONFIG_KEY_ROOT_CA_CERTS.equals(key)) { logger.warn("Unknown configuration key in FIDO2 request: {}", key); // Rollback is not required, error occurs before writing to database throw localizationProvider.buildExceptionForCode(ServiceError.INVALID_REQUEST); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/Fido2CertificateValidator.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/Fido2CertificateValidator.java new file mode 100644 index 000000000..e07a34019 --- /dev/null +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/Fido2CertificateValidator.java @@ -0,0 +1,203 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +package io.getlime.security.powerauth.app.server.service.fido2; + +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; +import org.springframework.util.StringUtils; + +import javax.naming.InvalidNameException; +import javax.naming.NamingEnumeration; +import javax.naming.NamingException; +import javax.naming.directory.Attributes; +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; +import javax.security.auth.x500.X500Principal; +import java.security.cert.*; +import java.util.*; +import java.util.stream.Collectors; + +/** + * Validator for X.509 certificates used in FIDO2. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@Component +@Slf4j +public class Fido2CertificateValidator { + + private static final String FIDO2_EXTENSION_ID_AAGUID = "1.3.6.1.4.1.45724.1.1.4"; + + /** + * Validate a FIDO2 certificate. + * + * @param cert Attestation certificate. + * @param certChain Intermediate certificate chain from request, if required. + * @param trustedCerts List of trusted root CA certificates. + * @param aaguid AAGUID value. + * @return Validation result. + */ + public boolean isValid(X509Certificate cert, List certChain, List trustedCerts, byte[] aaguid) { + return validateCertRequirements(cert) && validateTrustPath(cert, certChain, trustedCerts) && validateAaguid(cert, aaguid); + } + + /** + * Validate certificate parameters based on "8.2.1. Packed Attestation Statement Certificate Requirements". + * + * @param cert Attestation certificate. + * @return Whether certificate is valid. + */ + private boolean validateCertRequirements(X509Certificate cert) { + final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); + // Version MUST be set to 3 (which is indicated by an ASN.1 INTEGER with value 2). + if (cert.getVersion() != 3) { + logger.warn("Invalid certificate version, subject name: {}, version: {}", subjectPrincipal.getName(), cert.getVersion()); + return false; + } + // Subject-C: ISO 3166 code specifying the country where the Authenticator vendor is incorporated (PrintableString) + final String country = getValue(cert, "C"); + if (!StringUtils.hasText(country)) { + logger.warn("Subject-C must be present in certificate, subject name: {}", subjectPrincipal.getName()); + return false; + } + // Subject-O: Legal name of the Authenticator vendor (UTF8String) + final String organization = getValue(cert, "O"); + if (!StringUtils.hasText(organization)) { + logger.warn("Subject-O must be present in certificate, subject name: {}", subjectPrincipal.getName()); + return false; + } + // Subject-OU: Literal string “Authenticator Attestation” (UTF8String) + final String organizationUnit = getValue(cert, "OU"); + if (!"Authenticator Attestation".equals(organizationUnit)) { + logger.warn("Subject-OU value is not valid in certificate, subject name: {}", subjectPrincipal.getName()); + return false; + } + // Subject-CN: A UTF8String of the vendor’s choosing + final String subjectCommonName = getValue(cert, "CN"); + if (!StringUtils.hasText(subjectCommonName)) { + logger.warn("Subject-CN must be present in certificate, subject name: {}", subjectPrincipal.getName()); + return false; + } + // The Basic Constraints extension MUST have the CA component set to false. + if (cert.getBasicConstraints() != -1) { + logger.warn("Attestation certificate must not be a CA certificate, subject name: {}", subjectPrincipal.getName()); + return false; + } + return true; + } + + /** + * Validate certificate trust path. + * + * @param cert Attestation certificate. + * @param certChain Intermediate certificate chain from request, if required. + * @param rootCerts List of trusted root CA certificates. + * @return Whether certificate trust path was successfully verified. + */ + private boolean validateTrustPath(X509Certificate cert, List certChain, List rootCerts) { + try { + final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); + final List untrustedCerts = new ArrayList<>(); + untrustedCerts.add(cert); + untrustedCerts.addAll(certChain); + final CertPath certPath = certificateFactory.generateCertPath(untrustedCerts); + final Set trustAnchors = new HashSet<>(); + rootCerts.forEach(rootCert -> trustAnchors.add(new TrustAnchor(rootCert, null))); + final PKIXParameters params = new PKIXParameters(trustAnchors); + params.setRevocationEnabled(false); + final CertPathValidator validator = CertPathValidator.getInstance("PKIX"); + validator.validate(certPath, params); + return true; + } catch (Exception e) { + logger.debug(e.getMessage(), e); + logger.warn("Certificate validation failed, error: {}", e.getMessage()); + return false; + } + } + + /** + * Validate AAGUID value for request against attestation certificate. + * + * @param cert FIDO2 attestation certificate. + * @param aaguid AAGUID value. + * @return Whether AAGUID validation succeeded. + */ + private boolean validateAaguid(X509Certificate cert, byte[] aaguid) { + // If attestnCert contains an extension with OID 1.3.6.1.4.1.45724.1.1.4 (id-fido-gen-ce-aaguid) verify that the value of this extension matches the aaguid in authenticatorData. + final String aaguidCert = extractAAGUIDFromCert(cert); + if (aaguidCert != null) { + return aaguidCert.equals(bytesToHex(aaguid)); + } + return true; + } + + private String getValue(X509Certificate cert, String name) { + try { + LdapName subjectDN = new LdapName(cert.getSubjectX500Principal().getName()); + Map map = subjectDN.getRdns().stream().flatMap(rdn -> toMap(rdn).entrySet().stream()).collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue)); + return (String) map.get(name); + } catch (InvalidNameException e) { + throw new IllegalArgumentException(e); + } + } + + private Map toMap(Rdn rdn) { + try { + final Map map = new HashMap<>(); + final Attributes attributes = rdn.toAttributes(); + final NamingEnumeration ids = rdn.toAttributes().getIDs(); + while (ids.hasMore()) { + String id = ids.next(); + map.put(id, attributes.get(id).get()); + } + return map; + } catch (NamingException e) { + throw new IllegalArgumentException(e); + } + } + + private String extractAAGUIDFromCert(X509Certificate cert) { + final byte[] extensionValue = cert.getExtensionValue(FIDO2_EXTENSION_ID_AAGUID); + if (extensionValue == null) { + return null; + } + return extractAAGUID(extensionValue); + } + + private static String extractAAGUID(byte[] extensionValue) { + if (extensionValue != null) { + // Skip the first four bytes and extract the AAGUID value + final byte[] aaguidBytes = new byte[extensionValue.length - 4]; + System.arraycopy(extensionValue, 4, aaguidBytes, 0, aaguidBytes.length); + // Convert bytes to hexadecimal string + return bytesToHex(aaguidBytes); + } + return null; + } + + private static String bytesToHex(byte[] bytes) { + final StringBuilder sb = new StringBuilder(); + for (byte b : bytes) { + sb.append(String.format("%02X", b)); + } + return sb.toString(); + } + +} \ No newline at end of file diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java index ecf20f266..10e989ff8 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java @@ -21,7 +21,9 @@ import com.wultra.powerauth.fido2.rest.model.entity.*; import com.wultra.powerauth.fido2.service.provider.CryptographyService; import io.getlime.security.powerauth.app.server.database.model.entity.ActivationRecordEntity; +import io.getlime.security.powerauth.app.server.database.model.entity.ApplicationConfigEntity; import io.getlime.security.powerauth.app.server.database.repository.ActivationRepository; +import io.getlime.security.powerauth.app.server.database.repository.ApplicationConfigRepository; import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException; import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException; import io.getlime.security.powerauth.crypto.lib.util.Hash; @@ -30,10 +32,20 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Service; +import java.io.ByteArrayInputStream; +import java.nio.charset.StandardCharsets; import java.security.InvalidKeyException; import java.security.PublicKey; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.security.interfaces.ECPublicKey; import java.security.spec.InvalidKeySpecException; +import java.util.ArrayList; import java.util.List; +import java.util.Optional; + +import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ROOT_CA_CERTS; /** * Service providing FIDO2 cryptographic functionality. @@ -46,9 +58,13 @@ public class PowerAuthCryptographyService implements CryptographyService { private final KeyConvertor keyConvertor = new KeyConvertor(); private final ActivationRepository activationRepository; + private final ApplicationConfigRepository applicationConfigRepository; + private final Fido2CertificateValidator certificateValidator; - public PowerAuthCryptographyService(ActivationRepository activationRepository) { + public PowerAuthCryptographyService(ActivationRepository activationRepository, ApplicationConfigRepository applicationConfigRepository, Fido2CertificateValidator certificateValidator) { this.activationRepository = activationRepository; + this.applicationConfigRepository = applicationConfigRepository; + this.certificateValidator = certificateValidator; } public boolean verifySignatureForAssertion(String applicationId, String credentialId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AuthenticatorDetail authenticatorDetail) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException, InvalidKeyException { @@ -60,10 +76,15 @@ public boolean verifySignatureForAssertion(String applicationId, String credenti return verifySignature(clientDataJSON, authData, signature, publicKey); } - public boolean verifySignatureForRegistration(String applicationId, CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, AttestedCredentialData attestedCredentialData) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException, InvalidKeyException { - final ECPoint point = attestedCredentialData.getPublicKeyObject().getPoint(); + public boolean verifySignatureForRegistration(String applicationId, CollectedClientData clientDataJSON, AttestationObject attestationObject, byte[] signature) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException, InvalidKeyException { + final Optional pointOptional = resolveEcPoint(attestationObject, applicationId); + if (pointOptional.isEmpty()) { + logger.warn("Signature could not be verified because public key point is missing"); + return false; + } + final ECPoint point = pointOptional.get(); final PublicKey publicKey = keyConvertor.convertPointBytesToPublicKey(point.getX(), point.getY()); - return verifySignature(clientDataJSON, authData, signature, publicKey); + return verifySignature(clientDataJSON, attestationObject.getAuthData(), signature, publicKey); } public byte[] publicKeyToBytes(PublicKeyObject publicKey) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException { @@ -111,4 +132,132 @@ private byte[] concat(byte[] a, byte[] b) { return combined; } + /** + * Resolve EC point which is used for public key in attestation verification. + * + * @param attestationObject Attestation object. + * @param applicationId Application ID. + * @return EC point (optional). + */ + private Optional resolveEcPoint(AttestationObject attestationObject, String applicationId) { + final AuthenticatorData authData = attestationObject.getAuthData(); + final AttestedCredentialData attestedCredentialData = authData.getAttestedCredentialData(); + final Optional result; + switch (attestationObject.getAttStmt().getAttestationType()) { + case NONE -> { + logger.warn("Invalid attestation type NONE for attestation format: {}", attestationObject.getFmt()); + result = Optional.empty(); + } + case SELF -> { + logger.debug("Using public key from Self attestation"); + result = Optional.of(attestedCredentialData.getPublicKeyObject().getPoint()); + } + case BASIC -> { + logger.debug("Using public key from Basic attestation"); + final byte[] attestationCert = attestationObject.getAttStmt().getX509Cert().getAttestationCert(); + final List attestationCertChain = attestationObject.getAttStmt().getX509Cert().getCertChain(); + final X509Certificate validatedCert; + final List intermediateCerts; + final List rootCerts; + try { + validatedCert = convertCert(attestationCert); + intermediateCerts = convertCertChain(attestationCertChain); + rootCerts = getRootCaCerts(applicationId); + } catch (CertificateException e) { + logger.debug(e.getMessage(), e); + logger.warn("Invalid certificate received in Basic attestation, error: {}", e.getMessage()); + result = Optional.empty(); + break; + } + if (!(validatedCert.getPublicKey() instanceof ECPublicKey)) { + logger.warn("Invalid cryptography algorithm used in Basic attestation, algorithm: {}", validatedCert.getPublicKey().getAlgorithm()); + result = Optional.empty(); + break; + } + if (!certificateValidator.isValid(validatedCert, intermediateCerts, rootCerts, authData.getAttestedCredentialData().getAaguid())) { + logger.warn("Certificate validation failed in Basic attestation, subject name: {}", validatedCert.getSubjectX500Principal().getName()); + result = Optional.empty(); + break; + } + result = Optional.of(convertPoint(((ECPublicKey) validatedCert.getPublicKey()).getW())); + } + default -> result = Optional.empty(); + } + return result; + } + + /** + * Convert certificate from byte array to an X.509 certificate. + * @param cert Certificate as byte array. + * @return X.509 certificate + * @throws CertificateException In case certificate conversion fails. + */ + private X509Certificate convertCert(byte[] cert) throws CertificateException { + final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); + final ByteArrayInputStream inputStream = new ByteArrayInputStream(cert); + return (X509Certificate) certificateFactory.generateCertificate(inputStream); + } + + /** + * Convert certificate chain from byte array to list of X.509 certificates. + * @param certChain Certificate chain as byte array. + * @return List of X.509 certificates. + * @throws CertificateException In case of invalid certificate. + */ + private List convertCertChain(List certChain) throws CertificateException { + final List result = new ArrayList<>(); + if (certChain != null) { + final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); + certChain.forEach(caCert -> { + final ByteArrayInputStream is = new ByteArrayInputStream(caCert); + try { + result.add((X509Certificate) certificateFactory.generateCertificate(is)); + } catch (CertificateException e) { + logger.debug(e.getMessage(), e); + logger.warn("Invalid CA certificate received in Basic attestation, error: {}", e.getMessage()); + } + }); + } + return result; + } + + + /** + * Get list of root CA certificates from application settings. + * @param applicationId Application ID. + * @return List of root CA certificates. + * @throws CertificateException In case any certificate is invalid. + */ + private List getRootCaCerts(String applicationId) throws CertificateException { + final List rootCaCerts = new ArrayList<>(); + final Optional appConfigOptional = applicationConfigRepository.findByApplicationIdAndKey(applicationId, CONFIG_KEY_ROOT_CA_CERTS); + if (appConfigOptional.isPresent()) { + final List certs = appConfigOptional.get().getValues(); + final CertificateFactory certFactory = CertificateFactory.getInstance("X.509"); + certs.forEach(certPem -> { + final ByteArrayInputStream is = new ByteArrayInputStream(certPem.getBytes(StandardCharsets.UTF_8)); + try { + final X509Certificate rootCert = (X509Certificate) certFactory.generateCertificate(is); + rootCaCerts.add(rootCert); + } catch (CertificateException e) { + logger.debug(e.getMessage(), e); + logger.warn("Invalid certificate configured, error: {}", e.getMessage()); + } + }); + } + return rootCaCerts; + } + + /** + * Convert {@link java.security.spec.ECPoint} from JavaSecurity to {@link com.wultra.powerauth.fido2.rest.model.entity.ECPoint}. + * @param p {@link java.security.spec.ECPoint} from Java Security. + * @return {@link com.wultra.powerauth.fido2.rest.model.entity.ECPoint} + */ + private ECPoint convertPoint(java.security.spec.ECPoint p) { + final ECPoint result = new ECPoint(); + result.setX(p.getAffineX().toByteArray()); + result.setY(p.getAffineY().toByteArray()); + return result; + } + } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java index 1a97d7747..a8a315fc0 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java @@ -139,7 +139,8 @@ public void revokeRegistrationByChallengeValue(String applicationId, String chal .findCreatedActivationWithoutLock(applicationId, activationCode, statuses, currentTimestamp); if (activationRecordEntity == null) { - throw new Fido2AuthenticationFailedException("Registration with given value not found."); + // Registration was not completed. + return; } final String activationId = activationRecordEntity.getActivationId(); diff --git a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java index 8c7a9b9ce..dad92aada 100644 --- a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java +++ b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java @@ -62,8 +62,7 @@ import java.util.*; import java.util.stream.Collectors; -import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_AAGUIDS; -import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_ATTESTATION_FMT; +import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.*; import static org.junit.jupiter.api.Assertions.*; /** @@ -78,15 +77,29 @@ class Fido2AuthenticatorTest { private final CBORMapper CBOR_MAPPER = new CBORMapper(); private final ObjectMapper OBJECT_MAPPER = new ObjectMapper(); - private final static String RP_ID = "powerauth.com"; - private final static Origin ORIGIN = new Origin("http://localhost"); - private final static String USER_ID = "test_" + UUID.randomUUID(); - private final static String APPLICATION_ID = "fido2_test_" + UUID.randomUUID(); - private final static String ACTIVATION_NAME = "fido2_test_activation"; - private final static long REQUEST_TIMEOUT = 100L; + private static final String RP_ID = "powerauth.com"; + private static final Origin ORIGIN = new Origin("http://localhost"); + private static final String USER_ID = "test_" + UUID.randomUUID(); + private static final String APPLICATION_ID = "fido2_test_" + UUID.randomUUID(); + private static final String ACTIVATION_NAME = "fido2_test_activation"; + private static final long REQUEST_TIMEOUT = 100L; + + private static final String TEST_ROOT_CERT = + "-----BEGIN CERTIFICATE-----\n" + + "MIIBgTCCAScCEA0YfqmbKSw+gKpVgNSciIswCgYIKoZIzj0EAwIwRDESMBAGA1UE\n" + + "CgwJU2hhcnBMYWIuMS4wLAYDVQQDDCVzcHJpbmctc2VjdXJpdHktd2ViYXV0aG4g\n" + + "dGVzdCByb290IENBMCAXDTE3MDkyMjAzMTgyOVoYDzIxMTcwODI5MDMxODI5WjBE\n" + + "MRIwEAYDVQQKDAlTaGFycExhYi4xLjAsBgNVBAMMJXNwcmluZy1zZWN1cml0eS13\n" + + "ZWJhdXRobiB0ZXN0IHJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATN\n" + + "dy65xbpUNeEzQcq1CgF6yGpGw8eUD3+Udlv5yjjraC26D+ZViUqYKPrBOnWNFxk5\n" + + "F7zpHlZlRowzQUCE3f8iMAoGCCqGSM49BAMCA0gAMEUCIDaeeaAE6oDfMoZNwgFL\n" + + "AcsJepkapCIreZrHLVnc8jWfAiEApZazduIuvFDp5k14YaiHJVZGsbuEbQ/qt/zz\n" + + "jt6KouI=\n" + + "-----END CERTIFICATE-----\n"; private final ClientPlatform CLIENT_PLATFORM_SELF_ATTESTED = new ClientPlatform(ORIGIN, new WebAuthnAuthenticatorAdaptor(new SelfAttestedPackedAuthenticator())); private final ClientPlatform CLIENT_PLATFORM_BASIC_ATTESTATION = new ClientPlatform(ORIGIN, new WebAuthnAuthenticatorAdaptor(EmulatorUtil.PACKED_AUTHENTICATOR)); + private final ClientPlatform CLIENT_PLATFORM_ANDROID_SAFETY_NET_ATTESTATION = new ClientPlatform(ORIGIN, new WebAuthnAuthenticatorAdaptor(EmulatorUtil.ANDROID_SAFETY_NET_AUTHENTICATOR)); private final PowerAuthService powerAuthService; private final RegistrationService registrationService; @@ -109,7 +122,7 @@ void packedAuthenticatorSuccessTest() throws Exception { } @Test - public void packedAuthenticatorInvalidRegistrationChallengeTest() throws Exception { + void packedAuthenticatorInvalidRegistrationChallengeTest() throws Exception { // Use invalid challenge final Challenge challenge = new DefaultChallenge(Base64.getEncoder().encode(UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8))); final AuthenticatorSelectionCriteria authenticatorCriteria = new AuthenticatorSelectionCriteria( @@ -129,7 +142,7 @@ public void packedAuthenticatorInvalidRegistrationChallengeTest() throws Excepti } @Test - public void packedAuthenticatorInvalidAttestationTest() throws Exception { + void packedAuthenticatorInvalidAttestationTest() throws Exception { // Obtain challenge from PowerAuth server final RegistrationChallengeResponse challengeResponse = registrationService.requestRegistrationChallenge(USER_ID, APPLICATION_ID); assertEquals(APPLICATION_ID, challengeResponse.getApplicationId()); @@ -149,14 +162,14 @@ public void packedAuthenticatorInvalidAttestationTest() throws Exception { ); // Prepare registration request - com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest registrationRequest = prepareRegistrationRequest(credentialCreationOptions, challenge, CLIENT_PLATFORM_BASIC_ATTESTATION); + com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest registrationRequest = prepareRegistrationRequest(credentialCreationOptions, challenge, CLIENT_PLATFORM_ANDROID_SAFETY_NET_ATTESTATION); // Register credential assertThrows(Fido2AuthenticationFailedException.class, () -> registrationService.register(registrationRequest)); } @Test - public void packedAuthenticatorNoAttestationTest() throws Exception { + void packedAuthenticatorNoAttestationTest() throws Exception { // Obtain challenge from PowerAuth server final RegistrationChallengeResponse challengeResponse = registrationService.requestRegistrationChallenge(USER_ID, APPLICATION_ID); assertEquals(APPLICATION_ID, challengeResponse.getApplicationId()); @@ -184,7 +197,7 @@ public void packedAuthenticatorNoAttestationTest() throws Exception { } @Test - public void packedAuthenticatorInvalidAssertionChallengeTest() throws Exception { + void packedAuthenticatorInvalidAssertionChallengeTest() throws Exception { registerCredential(); final Challenge challenge = new DefaultChallenge(Base64.getEncoder().encode(UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8))); @@ -202,13 +215,13 @@ public void packedAuthenticatorInvalidAssertionChallengeTest() throws Exception authRequest.setExpectedChallenge(Base64.getEncoder().encodeToString(challenge.getValue())); // Convert clientDataJSON and authenticatorData into object and supply encoded values for signature verification - final byte[] clientDataJSON = Objects.requireNonNull(credential.getAuthenticatorResponse()).getClientDataJSON(); + final byte[] clientDataJSON = Objects.requireNonNull(credential.getResponse()).getClientDataJSON(); final CollectedClientData clientData = OBJECT_MAPPER.readValue(clientDataJSON, CollectedClientData.class); clientData.setEncoded(new String(clientDataJSON)); - final byte[] authenticatorData = Objects.requireNonNull(credential.getAuthenticatorResponse()).getAuthenticatorData(); + final byte[] authenticatorData = Objects.requireNonNull(credential.getResponse()).getAuthenticatorData(); final AuthenticatorData authData = deserializeAuthenticationData(authenticatorData); - final byte[] userHandle = Objects.requireNonNull(credential.getAuthenticatorResponse()).getUserHandle(); - final byte[] signature = Objects.requireNonNull(credential.getAuthenticatorResponse()).getSignature(); + final byte[] userHandle = Objects.requireNonNull(credential.getResponse()).getUserHandle(); + final byte[] signature = Objects.requireNonNull(credential.getResponse()).getSignature(); final com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse assertionResponse = new com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse(); assertionResponse.setClientDataJSON(clientData); @@ -222,7 +235,7 @@ public void packedAuthenticatorInvalidAssertionChallengeTest() throws Exception } @Test - public void packedAuthenticatorInvalidSignatureTest() throws Exception { + void packedAuthenticatorInvalidSignatureTest() throws Exception { registerCredential(); // Obtain authentication challenge from PowerAuth server @@ -253,12 +266,12 @@ public void packedAuthenticatorInvalidSignatureTest() throws Exception { authRequest.setExpectedChallenge(new String(challenge.getValue(), StandardCharsets.UTF_8)); // Convert clientDataJSON and authenticatorData into object and supply encoded values for signature verification - final byte[] clientDataJSON = Objects.requireNonNull(credential.getAuthenticatorResponse()).getClientDataJSON(); + final byte[] clientDataJSON = Objects.requireNonNull(credential.getResponse()).getClientDataJSON(); final CollectedClientData clientData = OBJECT_MAPPER.readValue(clientDataJSON, CollectedClientData.class); clientData.setEncoded(new String(clientDataJSON)); - final byte[] authenticatorData = Objects.requireNonNull(credential.getAuthenticatorResponse()).getAuthenticatorData(); + final byte[] authenticatorData = Objects.requireNonNull(credential.getResponse()).getAuthenticatorData(); final AuthenticatorData authData = deserializeAuthenticationData(authenticatorData); - final byte[] userHandle = Objects.requireNonNull(credential.getAuthenticatorResponse()).getUserHandle(); + final byte[] userHandle = Objects.requireNonNull(credential.getResponse()).getUserHandle(); final com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse assertionResponse = new com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse(); assertionResponse.setClientDataJSON(clientData); @@ -292,7 +305,7 @@ void packedAuthenticatorUnsupportedAaguidTest() throws Exception { @Test void packedAuthenticatorInvalidAaguidTest() throws Exception { - // Configure server not to allow only one AAGUID which differs from registreation request AAGUID + // Configure server not to allow only one AAGUID which differs from registration request AAGUID final CreateApplicationConfigRequest requestCreate = new CreateApplicationConfigRequest(); requestCreate.setApplicationId(APPLICATION_ID); requestCreate.setKey(CONFIG_KEY_ALLOWED_AAGUIDS); @@ -385,6 +398,51 @@ void packedAuthenticatorValidAttestationFormatTest() throws Exception { powerAuthService.removeApplicationConfig(requestRemove); } + @Test + void packedAuthenticatorBasicAttestationTest() throws Exception { + // Obtain challenge from PowerAuth server + final RegistrationChallengeResponse challengeResponse = registrationService.requestRegistrationChallenge(USER_ID, APPLICATION_ID); + assertEquals(APPLICATION_ID, challengeResponse.getApplicationId()); + assertEquals(USER_ID, challengeResponse.getUserId()); + assertNotNull(challengeResponse.getChallenge()); + assertNotNull(challengeResponse.getActivationId()); + + final Challenge challenge = new DefaultChallenge(challengeResponse.getChallenge().getBytes(StandardCharsets.UTF_8)); + final AuthenticatorSelectionCriteria authenticatorCriteria = new AuthenticatorSelectionCriteria( + AuthenticatorAttachment.PLATFORM, true, UserVerificationRequirement.REQUIRED); + final PublicKeyCredentialParameters pkParam = new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256); + final PublicKeyCredentialUserEntity user = new PublicKeyCredentialUserEntity(USER_ID.getBytes(StandardCharsets.UTF_8), USER_ID, USER_ID); + final PublicKeyCredentialCreationOptions credentialCreationOptions = new PublicKeyCredentialCreationOptions(new PublicKeyCredentialRpEntity(RP_ID, RP_ID), + user, challenge, Collections.singletonList(pkParam), REQUEST_TIMEOUT, Collections.emptyList(), + authenticatorCriteria, AttestationConveyancePreference.DIRECT, null + ); + + // Configure root certificate on server + final CreateApplicationConfigRequest requestCreate = new CreateApplicationConfigRequest(); + requestCreate.setApplicationId(APPLICATION_ID); + requestCreate.setKey(CONFIG_KEY_ROOT_CA_CERTS); + requestCreate.setValues(List.of(TEST_ROOT_CERT)); + powerAuthService.createApplicationConfig(requestCreate); + + // Prepare registration request + com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest registrationRequest = prepareRegistrationRequest(credentialCreationOptions, challenge, CLIENT_PLATFORM_BASIC_ATTESTATION); + + // Register credential + final RegistrationResponse registrationResponse = registrationService.register(registrationRequest); + assertEquals(APPLICATION_ID, registrationResponse.getApplicationId()); + + // Check that activation is in ACTIVE state + final GetActivationStatusRequest activationStatusRequest2 = new GetActivationStatusRequest(); + activationStatusRequest2.setActivationId(challengeResponse.getActivationId()); + assertEquals(ActivationStatus.ACTIVE, powerAuthService.getActivationStatus(activationStatusRequest2).getActivationStatus()); + + // Remove configuration + final RemoveApplicationConfigRequest requestRemove = new RemoveApplicationConfigRequest(); + requestRemove.setApplicationId(APPLICATION_ID); + requestRemove.setKey(CONFIG_KEY_ROOT_CA_CERTS); + powerAuthService.removeApplicationConfig(requestRemove); + } + private void createApplication() throws Exception { // Search if application for FIDO2 tests exists final boolean applicationFound = powerAuthService.getApplicationList().getApplications().stream() @@ -451,17 +509,17 @@ private RegistrationRequest prepareRegistrationRequest(PublicKeyCredentialCreati authenticationParameters.setRequiresUserVerification(true); // Convert clientDataJSON and attestationObject into object and supply encoded values for signature verification - final byte[] clientDataJSON = Objects.requireNonNull(credential.getAuthenticatorResponse()).getClientDataJSON(); + final byte[] clientDataJSON = Objects.requireNonNull(credential.getResponse()).getClientDataJSON(); final CollectedClientData clientData = OBJECT_MAPPER.readValue(clientDataJSON, CollectedClientData.class); clientData.setEncoded(new String(clientDataJSON)); - final byte[] attestationObject = Objects.requireNonNull(credential.getAuthenticatorResponse()).getAttestationObject(); + final byte[] attestationObject = Objects.requireNonNull(credential.getResponse()).getAttestationObject(); final AttestationObject attObj = CBOR_MAPPER.readValue(attestationObject, AttestationObject.class); attObj.setEncoded(new String(attestationObject)); final com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAttestationResponse attestationResponse = new com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAttestationResponse(); attestationResponse.setClientDataJSON(clientData); attestationResponse.setAttestationObject(attObj); - final AuthenticatorTransport[] transports = credential.getAuthenticatorResponse().getTransports().toArray(new AuthenticatorTransport[0]); + final AuthenticatorTransport[] transports = credential.getResponse().getTransports().toArray(new AuthenticatorTransport[0]); attestationResponse.setTransports(Arrays.stream(transports).map(AuthenticatorTransport::toString).collect(Collectors.toList())); authenticationParameters.setResponse(attestationResponse); registrationRequest.setAuthenticatorParameters(authenticationParameters); @@ -514,13 +572,13 @@ private void authenticate() throws Exception { authRequest.setExpectedChallenge(new String(challenge.getValue(), StandardCharsets.UTF_8)); // Convert clientDataJSON and authenticatorData into object and supply encoded values for signature verification - final byte[] clientDataJSON = Objects.requireNonNull(credential.getAuthenticatorResponse()).getClientDataJSON(); + final byte[] clientDataJSON = Objects.requireNonNull(credential.getResponse()).getClientDataJSON(); final CollectedClientData clientData = OBJECT_MAPPER.readValue(clientDataJSON, CollectedClientData.class); clientData.setEncoded(new String(clientDataJSON)); - final byte[] authenticatorData = Objects.requireNonNull(credential.getAuthenticatorResponse()).getAuthenticatorData(); + final byte[] authenticatorData = Objects.requireNonNull(credential.getResponse()).getAuthenticatorData(); final AuthenticatorData authData = deserializeAuthenticationData(authenticatorData); - final byte[] userHandle = Objects.requireNonNull(credential.getAuthenticatorResponse()).getUserHandle(); - final byte[] signature = Objects.requireNonNull(credential.getAuthenticatorResponse()).getSignature(); + final byte[] userHandle = Objects.requireNonNull(credential.getResponse()).getUserHandle(); + final byte[] signature = Objects.requireNonNull(credential.getResponse()).getSignature(); final com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse assertionResponse = new com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse(); assertionResponse.setClientDataJSON(clientData); diff --git a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2CertificateValidatorTest.java b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2CertificateValidatorTest.java new file mode 100644 index 000000000..54700a478 --- /dev/null +++ b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2CertificateValidatorTest.java @@ -0,0 +1,128 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +package com.wultra.powerauth.fido2; + +import io.getlime.security.powerauth.app.server.Application; +import io.getlime.security.powerauth.app.server.service.fido2.Fido2CertificateValidator; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.*; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.context.ActiveProfiles; + +import java.math.BigInteger; +import java.security.SecureRandom; +import java.security.cert.X509Certificate; + +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.util.*; + +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; + +/** + * Test of FIDO2 certificate validator. + * + * @author Roman Strobl, roman.strobl@wultra.com + */ +@SpringBootTest(classes = Application.class) +@ActiveProfiles("test") +class Fido2CertificateValidatorTest { + + private static final byte[] AAGUID_TEST = Base64.getDecoder().decode("YnNkZmRlNGNhM2Q5YWEyYQ=="); + + final SecureRandom secureRandom = new SecureRandom(); + + @Autowired + private Fido2CertificateValidator certValidator; + + @Test + void selfSignedCertificateValidTest() throws Exception { + final X509Certificate cert = generateCertificate("OU=Authenticator Attestation, CN=Test Authenticator, O=Wultra, C=CZ", AAGUID_TEST); + assertTrue(certValidator.isValid(cert, Collections.emptyList(), List.of(cert), AAGUID_TEST)); + } + + @Test + void missingCountryTest() throws Exception { + final X509Certificate cert = generateCertificate("OU=Authenticator Attestation, CN=Test Authenticator, O=Wultra", AAGUID_TEST); + assertFalse(certValidator.isValid(cert, Collections.emptyList(), List.of(cert), null)); + } + + @Test + void missingOrganizationTest() throws Exception { + final X509Certificate cert = generateCertificate("OU=Authenticator Attestation, CN=Test Authenticator, C=CZ", AAGUID_TEST); + assertFalse(certValidator.isValid(cert, Collections.emptyList(), List.of(cert), null)); + } + + @Test + void invalidOrganizationalUnitTest() throws Exception { + final X509Certificate cert = generateCertificate("OU=Invalid, CN=Test Authenticator, O=Wultra, C=CZ", AAGUID_TEST); + assertFalse(certValidator.isValid(cert, Collections.emptyList(), List.of(cert), null)); + } + + @Test + void invalidAaguidTest() throws Exception { + final byte[] randomBytes = new byte[16]; + secureRandom.nextBytes(randomBytes); + final X509Certificate cert = generateCertificate("OU=Authenticator Attestation, CN=Test Authenticator, O=Wultra, C=CZ", randomBytes); + assertFalse(certValidator.isValid(cert, Collections.emptyList(), List.of(cert), AAGUID_TEST)); + } + + @Test + void caExtensionEnabledTest() throws Exception { + final X509Certificate cert = generateCertificate("OU=Authenticator Attestation, CN=Test Authenticator, O=Wultra, C=CZ", AAGUID_TEST, true); + assertFalse(certValidator.isValid(cert, Collections.emptyList(), List.of(cert), AAGUID_TEST)); + } + + private X509Certificate generateCertificate(String x500Name, byte[] aaguid) throws Exception { + return generateCertificate(x500Name, aaguid, false); + } + + private X509Certificate generateCertificate(String x500Name, byte[] aaguid, boolean caExtension) throws Exception { + final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC"); + keyGen.initialize(256); + final KeyPair keyPair = keyGen.generateKeyPair(); + final X500Name subject = new X500Name(x500Name); + final BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); + final Date notBefore = new Date(); + final Date notAfter = new Date(notBefore.getTime() + 100 * 365L * 24 * 60 * 60 * 1000); + final X509v3CertificateBuilder certBuilder = new JcaX509v3CertificateBuilder(subject, serial, notBefore, notAfter, subject, keyPair.getPublic()); + final KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.digitalSignature | KeyUsage.keyEncipherment); + certBuilder.addExtension(Extension.keyUsage, true, keyUsage); + if (aaguid != null) { + certBuilder.addExtension(new ASN1ObjectIdentifier("1.3.6.1.4.1.45724.1.1.4"), false, new DEROctetString(aaguid)); + } + if (caExtension) { + BasicConstraints basicConstraints = new BasicConstraints(true); + certBuilder.addExtension(Extension.basicConstraints, true, basicConstraints); + } + final ContentSigner signer = new JcaContentSignerBuilder("SHA256withECDSA").build(keyPair.getPrivate()); + return new JcaX509CertificateConverter().getCertificate(certBuilder.build(signer)); + } +} From 8fac2a9e59d79a4b38b9ad88f06d76f593285d35 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 01:41:53 +0000 Subject: [PATCH 115/146] Bump org.springdoc:springdoc-openapi-starter-webmvc-ui Bumps [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) from 2.3.0 to 2.4.0. - [Release notes](https://github.com/springdoc/springdoc-openapi/releases) - [Changelog](https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md) - [Commits](https://github.com/springdoc/springdoc-openapi/compare/v2.3.0...v2.4.0) --- updated-dependencies: - dependency-name: org.springdoc:springdoc-openapi-starter-webmvc-ui dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 23312dafa..071e2dd39 100644 --- a/pom.xml +++ b/pom.xml @@ -93,7 +93,7 @@ 3.0.12 - 2.3.0 + 2.4.0 2.2.20 From 95ddfb97f5a66a231661f074199915719770d1e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Mon, 18 Mar 2024 16:05:52 +0800 Subject: [PATCH 116/146] Fix #1402: FIDO2: Handle nullability in REST API requests for initialized collections (#1406) --- .../model/request/fido2/AssertionVerificationRequest.java | 4 ++++ .../fido2/rest/model/entity/AuthenticatorParameters.java | 4 ++++ .../fido2/rest/model/request/AssertionChallengeRequest.java | 3 +++ .../rest/model/request/AssertionVerificationRequest.java | 4 ++++ 4 files changed, 15 insertions(+) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java index 6357face8..8c20106dd 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java @@ -18,6 +18,8 @@ package com.wultra.security.powerauth.client.model.request.fido2; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.annotation.Nulls; import com.wultra.security.powerauth.client.model.entity.fido2.AuthenticatorAssertionResponse; import jakarta.validation.constraints.NotBlank; import lombok.Data; @@ -44,7 +46,9 @@ public class AssertionVerificationRequest { private String applicationId; @NotBlank private String relyingPartyId; + @JsonSetter(nulls = Nulls.SKIP) private List allowedOrigins = new ArrayList<>(); + @JsonSetter(nulls = Nulls.SKIP) private List allowedTopOrigins = new ArrayList<>(); private boolean requiresUserVerification; private String expectedChallenge; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java index debe022fc..92f9e516d 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java @@ -18,6 +18,8 @@ package com.wultra.powerauth.fido2.rest.model.entity; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.annotation.Nulls; import jakarta.validation.constraints.NotBlank; import lombok.Data; @@ -41,7 +43,9 @@ public class AuthenticatorParameters { private AuthenticatorAttestationResponse response = new AuthenticatorAttestationResponse(); @NotBlank private String relyingPartyId; + @JsonSetter(nulls = Nulls.SKIP) private List allowedOrigins = new ArrayList<>(); + @JsonSetter(nulls = Nulls.SKIP) private List allowedTopOrigins = new ArrayList<>(); private boolean requiresUserVerification; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java index 07a91097d..d307544cc 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java @@ -18,6 +18,8 @@ package com.wultra.powerauth.fido2.rest.model.request; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.annotation.Nulls; import jakarta.validation.constraints.NotBlank; import jakarta.validation.constraints.NotEmpty; import lombok.Data; @@ -39,6 +41,7 @@ public class AssertionChallengeRequest { private String externalId; @NotBlank private String templateName; + @JsonSetter(nulls = Nulls.SKIP) private Map parameters = new HashMap<>(); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java index 09c20505b..1666fba40 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java @@ -18,6 +18,8 @@ package com.wultra.powerauth.fido2.rest.model.request; +import com.fasterxml.jackson.annotation.JsonSetter; +import com.fasterxml.jackson.annotation.Nulls; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorAssertionResponse; import jakarta.validation.constraints.NotBlank; import lombok.Data; @@ -44,7 +46,9 @@ public class AssertionVerificationRequest { private String applicationId; @NotBlank private String relyingPartyId; + @JsonSetter(nulls = Nulls.SKIP) private List allowedOrigins = new ArrayList<>(); + @JsonSetter(nulls = Nulls.SKIP) private List allowedTopOrigins = new ArrayList<>(); private boolean requiresUserVerification; private String expectedChallenge; From e523f475b6ddaee9c2c4a16d4c8bb0f2bf3461dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Mon, 18 Mar 2024 16:07:08 +0800 Subject: [PATCH 117/146] Fix #1404: FIDO2: REST API request / response class cleanup (#1405) --- .../model/entity/fido2/AuthenticatorParameters.java | 2 +- .../model/request/fido2/AssertionVerificationRequest.java | 2 +- .../fido2/rest/controller/AssertionController.java | 4 ++-- .../fido2/rest/model/converter/RegistrationConverter.java | 2 +- .../fido2/rest/model/entity/AuthenticatorParameters.java | 2 +- .../rest/model/request/AssertionVerificationRequest.java | 2 +- .../rest/model/response/AssertionChallengeResponse.java | 2 ++ .../model/response/AssertionVerificationResponse.java | 1 + .../model/response/RegistrationChallengeResponse.java | 2 ++ .../wultra/powerauth/fido2/service/AssertionService.java | 2 +- .../powerauth/fido2/service/RegistrationService.java | 2 +- .../wultra/powerauth/fido2/Fido2AuthenticatorTest.java | 8 ++++---- .../powerauth/rest/client/PowerAuthFido2RestClient.java | 2 +- 13 files changed, 19 insertions(+), 14 deletions(-) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java index 4ca5d1d1e..3baaebf02 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java @@ -33,7 +33,7 @@ public class AuthenticatorParameters { @NotBlank - private String id; + private String credentialId; @NotBlank private String type; @NotBlank diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java index 8c20106dd..87639ef09 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java @@ -36,7 +36,7 @@ public class AssertionVerificationRequest { @NotBlank - private String id; + private String credentialId; @NotBlank private String type; @NotBlank diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java index 140cd708b..0fed2fe64 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/controller/AssertionController.java @@ -107,13 +107,13 @@ public ObjectResponse requestAssertionChallenge(@Val @PostMapping public ObjectResponse authenticate(@Valid @RequestBody ObjectRequest request) throws Fido2AuthenticationFailedException { final AssertionVerificationRequest requestObject = request.getRequestObject(); - logger.info("AssertionVerificationRequest received, ID: {}", requestObject.getId()); + logger.info("AssertionVerificationRequest received, credential ID: {}", requestObject.getCredentialId()); final String error = assertionRequestValidator.validate(requestObject); if (error != null) { throw new Fido2AuthenticationFailedException(error); } final AssertionVerificationResponse signatureResponse = assertionService.authenticate(requestObject); - logger.info("AssertionVerificationRequest succeeded, ID: {}, valid: {}", requestObject.getId(), signatureResponse.isAssertionValid()); + logger.info("AssertionVerificationRequest succeeded, credential ID: {}, valid: {}", requestObject.getCredentialId(), signatureResponse.isAssertionValid()); return new ObjectResponse<>(signatureResponse); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index a8a41cb22..8cc419b92 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -60,7 +60,7 @@ public Optional convert(RegistrationChallenge challenge, Re final Fido2Authenticators.Model model = Fido2Authenticators.modelByAaguid(aaguid); - authenticatorDetail.setCredentialId(requestObject.getAuthenticatorParameters().getId()); + authenticatorDetail.setCredentialId(requestObject.getAuthenticatorParameters().getCredentialId()); authenticatorDetail.setExtras(convertExtras(requestObject)); authenticatorDetail.setActivationName(requestObject.getActivationName()); authenticatorDetail.setPlatform(requestObject.getAuthenticatorParameters().getAuthenticatorAttachment()); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java index 92f9e516d..bb83a75fb 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java @@ -35,7 +35,7 @@ public class AuthenticatorParameters { @NotBlank - private String id; + private String credentialId; @NotBlank private String type; @NotBlank diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java index 1666fba40..95704d1e6 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java @@ -36,7 +36,7 @@ public class AssertionVerificationRequest { @NotBlank - private String id; + private String credentialId; @NotBlank private String type; @NotBlank diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java index 17e123a30..fa37220e2 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java @@ -29,9 +29,11 @@ */ @Data public class AssertionChallengeResponse { + private List applicationIds; private String challenge; private String userId; private Long failedAttempts; private Long maxFailedAttempts; + } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java index 80c101085..461a3f5a1 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionVerificationResponse.java @@ -31,6 +31,7 @@ */ @Data public class AssertionVerificationResponse { + private boolean assertionValid; private String userId; private String activationId; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java index 334027cfe..37904dd53 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/RegistrationChallengeResponse.java @@ -27,9 +27,11 @@ */ @Data public class RegistrationChallengeResponse { + private String activationId; private String applicationId; private String challenge; private String userId; + } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 97bea67dc..6ae26c409 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -94,7 +94,7 @@ public AssertionVerificationResponse authenticate(AssertionVerificationRequest r try { final AuthenticatorAssertionResponse response = request.getResponse(); final String applicationId = request.getApplicationId(); - final String credentialId = request.getId(); + final String credentialId = request.getCredentialId(); final String challenge = request.getResponse().getClientDataJSON().getChallenge(); final Optional authenticatorOptional = authenticatorProvider.findByCredentialId(credentialId, applicationId); authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index 0ab963d2b..b3ae8acdc 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -115,7 +115,7 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E throw new Fido2AuthenticationFailedException(error); } - final String credentialId = requestObject.getAuthenticatorParameters().getId(); + final String credentialId = requestObject.getAuthenticatorParameters().getCredentialId(); final AuthenticatorAttestationResponse response = requestObject.getAuthenticatorParameters().getResponse(); final CollectedClientData clientDataJSON = response.getClientDataJSON(); diff --git a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java index dad92aada..7541aac2e 100644 --- a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java +++ b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java @@ -205,7 +205,7 @@ void packedAuthenticatorInvalidAssertionChallengeTest() throws Exception { RP_ID, null, UserVerificationRequirement.REQUIRED, null); final PublicKeyCredential credential = CLIENT_PLATFORM_SELF_ATTESTED.get(getOptions); final AssertionVerificationRequest authRequest = new AssertionVerificationRequest(); - authRequest.setId(credential.getId()); + authRequest.setCredentialId(credential.getId()); authRequest.setType(credential.getType()); authRequest.setAuthenticatorAttachment(AuthenticatorAttachment.PLATFORM.getValue()); authRequest.setApplicationId(APPLICATION_ID); @@ -256,7 +256,7 @@ void packedAuthenticatorInvalidSignatureTest() throws Exception { RP_ID, null, UserVerificationRequirement.REQUIRED, null); final PublicKeyCredential credential = CLIENT_PLATFORM_SELF_ATTESTED.get(getOptions); final AssertionVerificationRequest authRequest = new AssertionVerificationRequest(); - authRequest.setId(credential.getId()); + authRequest.setCredentialId(credential.getId()); authRequest.setType(credential.getType()); authRequest.setAuthenticatorAttachment(AuthenticatorAttachment.PLATFORM.getValue()); authRequest.setApplicationId(APPLICATION_ID); @@ -502,7 +502,7 @@ private RegistrationRequest prepareRegistrationRequest(PublicKeyCredentialCreati registrationRequest.setActivationName(ACTIVATION_NAME); registrationRequest.setExpectedChallenge(new String(challenge.getValue(), StandardCharsets.UTF_8)); final AuthenticatorParameters authenticationParameters = new AuthenticatorParameters(); - authenticationParameters.setId(credential.getId()); + authenticationParameters.setCredentialId(credential.getId()); authenticationParameters.setRelyingPartyId(RP_ID); authenticationParameters.setAllowedOrigins(Collections.singletonList(ORIGIN.toString())); authenticationParameters.setType(credential.getType()); @@ -562,7 +562,7 @@ private void authenticate() throws Exception { RP_ID, null, UserVerificationRequirement.REQUIRED, null); final PublicKeyCredential credential = CLIENT_PLATFORM_SELF_ATTESTED.get(getOptions); final AssertionVerificationRequest authRequest = new AssertionVerificationRequest(); - authRequest.setId(credential.getId()); + authRequest.setCredentialId(credential.getId()); authRequest.setType(credential.getType()); authRequest.setAuthenticatorAttachment(AuthenticatorAttachment.PLATFORM.getValue()); authRequest.setApplicationId(APPLICATION_ID); diff --git a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java index 3d7156736..c7b170634 100644 --- a/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java +++ b/powerauth-rest-client-spring/src/main/java/com/wultra/security/powerauth/rest/client/PowerAuthFido2RestClient.java @@ -240,7 +240,7 @@ public AssertionVerificationResponse authenticate(String id, String type, String String applicationId, String relyingPartyId, List allowedOrigins, List allowedTopOrigins, boolean requiresUserVerification, String expectedChallenge) throws PowerAuthClientException { final AssertionVerificationRequest request = new AssertionVerificationRequest(); - request.setId(id); + request.setCredentialId(id); request.setType(type); request.setAuthenticatorAttachment(authenticatorAttachment); request.setResponse(response); From 69a1255c26138e3d3c1672371febcaf3ad6b2330 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Mon, 18 Mar 2024 09:09:21 +0100 Subject: [PATCH 118/146] Fix #1400: Document new FIDO2 APIs (#1403) * Update database documentation for FIDO2 * Fix #1400: Document new FIDO2 APIs * Update REST API parameters for credential ID * Update information about REST API --------- Co-authored-by: Roman Strobl --- docs/Database-Structure.md | 15 +- docs/FIDO2-API.md | 450 ++++++++++++++++++ docs/PowerAuth-Server-1.7.0.md | 7 +- docs/Telemetry-API.md | 2 +- docs/WebServices-Methods.md | 7 +- docs/_Sidebar.md | 2 + .../fido2/service/AssertionService.java | 2 +- 7 files changed, 472 insertions(+), 13 deletions(-) create mode 100644 docs/FIDO2-API.md diff --git a/docs/Database-Structure.md b/docs/Database-Structure.md index 5654bf88b..5e6a076af 100644 --- a/docs/Database-Structure.md +++ b/docs/Database-Structure.md @@ -109,7 +109,7 @@ CREATE TABLE pa_application_config |------|------|---------|-----------------------------------------------------------------------------------------------------------------------------------------| | id | BIGINT(20) | primary key, autoincrement | Unique application configuration identifier. | | application_id | BIGINT(20) | foreign key: pa\_application.id | Related application ID. | -| config_key | VARCHAR(255) | index | Configuration key names such as `fido2_attestation_fmt_allowed` and `fido2_aaguids_allowed`. | +| config_key | VARCHAR(255) | index | Configuration key names: `fido2_attestation_fmt_allowed`, `fido2_aaguids_allowed`, or `fido2_root_ca_certs`. | | config_values | TEXT | - | Configuration values serialized in JSON format. | @@ -135,10 +135,12 @@ CREATE TABLE pa_activation counter INTEGER NOT NULL, ctr_data VARCHAR(255), device_public_key_base64 VARCHAR(255), - extras VARCHAR(255), + extras VARCHAR(4000), platform VARCHAR(255), device_info VARCHAR(255), flags VARCHAR(255), + external_id VARCHAR(255), + protocol VARCHAR(32) DEFAULT 'powerauth', failed_attempts INTEGER NOT NULL, max_failed_attempts INTEGER DEFAULT 5 NOT NULL, server_private_key_base64 VARCHAR(255) NOT NULL, @@ -166,10 +168,15 @@ CREATE TABLE pa_activation | activation_name | VARCHAR(255 | - | Name of the activation, typically a name of the client device, for example "John's iPhone 6" | | application_id | BIGINT(20) | foreign key: pa\_application.id | Associated application ID. | | user_id | VARCHAR(255) | index | Associated user ID. | -| extras | TEXT | - | Any application specific information. | | counter | BIGINT(20) | - | Activation counter. | | ctr_data | VARCHAR(255) | - | Activation hash based counter data. | | device_public_key_base64 | TEXT | - | Device public key, encoded in Base64 encoding. | +| extras | VARCHAR(4000) | - | Any application specific information. | +| platform | VARCHAR(255) | - | User device platform. | +| device_info | VARCHAR(255) | - | User device information. | +| flags | VARCHAR(255) | - | Activation flags. | +| external_id | VARCHAR(255) | - | External identifier related to the activation. | +| protocol | VARCHAR(32) | - | Security protocol: `powerauth` (default) or `fido2`. | | failed_attempts | BIGINT(20) | - | Number of failed signature verification attempts. | | max_failed_attempts | BIGINT(20) | - | Number of maximum allowed failed signature verification attempts. After value of "failed_attempts" matches this value, activation becomes blocked (activation_status = 4, BLOCKED) | | server_private_key_base64 | TEXT | - | Server private key, encoded as Base64 | @@ -181,8 +188,6 @@ CREATE TABLE pa_activation | timestamp_last_used | DATETIME | - | Timestamp of the last signature verification attempt. | | timestamp_last_change | DATETIME | - | Timestamp of the last signature verification attempt. | | version | BIGINT(2) | - | Cryptography protocol version. | -| platform | VARCHAR(255) | - | User device platform. | -| device_info | VARCHAR(255) | - | User device information. | diff --git a/docs/FIDO2-API.md b/docs/FIDO2-API.md new file mode 100644 index 000000000..9a360a6c3 --- /dev/null +++ b/docs/FIDO2-API.md @@ -0,0 +1,450 @@ +# FIDO2 API + + + +FIDO2 REST API enables integration of WebAuthN standard into PowerAuth for FIDO2 authenticators. Registration and authentication ceremonies are supported by this REST API. + +## Possible Error Codes + +The API may return one of the following error codes: + +| HTTP | Error Code | Description | +|-------|------------------------|-----------------------------------------------------------------------------------| +| `400` | `ERROR_FIDO2_AUTH` | Error related failed FIDO2 assertions. | +| `400` | `ERROR_FIDO2_REQUEST` | Error related failed FIDO2 request processing. | +| `400` | `ERROR_HTTP_REQUEST` | Request did not pass validation (mandatory property missing, null/invalid value). | +| `401` | `ERROR_UNAUTHORIZED` | Returned in the case authentication fails (invalid application credentials). | +| `404` | `ERROR_NOT_FOUND` | Returned in the case URL is not present (calling wrong API). | + +## Registration Services + + +### Get FIDO2 Authenticators for User + +Request a list of FIDO2 authenticators. + + +FIDO2 assertions are backed by PowerAuth activations. + + +#### Request + +```json +{ + "requestObject": { + "userId": "string", + "applicationId": "string" + } +} +``` + +##### Request Params + +| Attribute | Type | Description | +|-----------------------------------------------------------------|----------|--------------------------------------------------------------| +| `userId`* | `String` | User for which the authenticators should be returned. | +| `applicationId`* | `String` | Application for which the authenticators should be returned. | + +#### Response 200 + +List of authenticators for provided user and application. + +```json +{ + "status": "string", + "responseObject": { + "authenticators": [ + { + "userId": "string", + "activationId": "string", + "applicationId": "string", + "activationName": "string", + "credentialId": "string", + "activationStatus": "CREATED", + "extras": { + "additionalProp1": {}, + "additionalProp2": {}, + "additionalProp3": {} + }, + "platform": "string", + "deviceInfo": "string", + "blockedReason": "string", + "failedAttempts": 0, + "maxFailedAttempts": 0, + "applicationRoles": [ + "string" + ], + "activationFlags": [ + "string" + ], + "publicKeyBytes": "string" + } + ] + } +} +``` + +##### Response Params + +| Attribute | Type | Description | +|---------------------|------------|-------------------------------------------------------------| +| `userId` | `String` | User ID associated with the authenticator. | +| `activationId` | `String` | Activation ID. | +| `applicationId` | `String` | Application associated with the authenticator. | +| `activationName` | `String` | Activation name. | +| `credentialId` | `String` | Credential ID (FIDO2 Authenticator ID). | +| `activationStatus` | `String` | The activation status. | +| `extras` | `String` | Associated authenticator data. | +| `platform` | `String` | Type of FIDO2 authenticator (`platform`, `cross-platform`). | +| `deviceInfo` | `String` | Authenticator model info (vendor, type). | +| `blockedReason` | `String` | If blocked, the value contains reason for blocking. | +| `failedAttempts` | `String` | How many approvals failed. | +| `maxFailedAttempts` | `String` | Maximum allowed count of approval failures. | +| `applicationRoles` | `String[]` | Application roles. | +| `activationFlags` | `String[]` | Activation flags. | +| `publicKeyBytes` | `String` | Authenticator public key, encoded as Base64. | + + + + +### Create a FIDO2 Registration Challenge + +Request a challenge for new FIDO2 authenticator registration. + + +FIDO2 assertions are backed by PowerAuth activations. + + +#### Request + +```json +{ + "requestObject": { + "userId": "string", + "applicationId": "string" + } +} +``` + +##### Request Params + +| Attribute | Type | Description | +|-----------------------------------------------------------------|----------|---------------------------------------------------------| +| `userId`* | `String` | User for which the challenge should be prepared. | +| `applicationId`* | `String` | Application for which the challenge should be prepared. | + +#### Response 200 + +Challenge for new FIDO2 authenticator registration. + +```json +{ + "status": "string", + "responseObject": { + "activationId": "string", + "applicationId": "string", + "challenge": "string", + "userId": "string" + } +} +``` + +##### Response Params + +| Attribute | Type | Description | +|---------------------|------------|-------------------------------------------------------------| +| `userId` | `String` | User ID associated with the authenticator. | +| `activationId` | `String` | Activation ID. | +| `applicationId` | `String` | Application associated with the authenticator. | +| `challenge` | `String` | FIDO2 registration challenge. | + + + + +### Register FIDO2 Authenticator + +Register a new FIDO2 authenticator. + + +FIDO2 assertions are backed by PowerAuth activations. + + +#### Request + +```json +{ + "requestObject": { + "applicationId": "string", + "activationName": "string", + "expectedChallenge": "string", + "authenticatorParameters": { + "id": "string", + "type": "string", + "authenticatorAttachment": "string", + "response": "...", + "relyingPartyId": "string", + "allowedOrigins": [ + "string" + ], + "allowedTopOrigins": [ + "string" + ], + "requiresUserVerification": true + } + } +} +``` + +##### Request Params + +| Attribute | Type | Description | +|------------------------------------------------------------------|---------------------------|-----------------------------------------------------------------------------------| +| `applicationId`* | `String` | Application for which the challenge should be prepared. | +| `activationName`* | `String` | Name of the activation. | +| `expectedChallenge` | `String` | Expected challenge value. If present, it is checked against the actual challenge. | +| `authenticatorParameters` | `AuthenticatorParameters` | Parameters of the registered authenticator. | + +##### `AuthenticatorParameters` Object + +| Attribute | Type | Description | +|---------------------------------------------------------------------------|----------|-------------------------------------------------------------------------------| +| `credentialId`* | `String` | Credential ID. | +| `type`* | `String` | Credential type (`public-key`). | +| `authenticatorAttachment`* | `String` | Information about authenticator attachment. | +| `response`* | `String` | Authenticator response (value provided by authenticator, encoded as Base64). | +| `relyingPartyId` | `String` | Identification of relying party, typically the domain, i.e., `example.com`. | +| `allowedOrigins` | `String` | Collection of origins that should be allowed to provide the assertion. | +| `allowedTopOrigins` | `String` | Collection of top origins that should be allowed to provide the assertion. | +| `requiresUserVerification` | `String` | Information if user verification flag must be present (if user was verified). | + + +#### Response 200 + +A new FIDO2 authenticator registration. + +```json +{ + "status": "string", + "responseObject": { + "userId": "string", + "activationId": "string", + "applicationId": "string", + "activationName": "string", + "credentialId": "string", + "activationStatus": "CREATED", + "extras": { + "additionalProp1": {}, + "additionalProp2": {}, + "additionalProp3": {} + }, + "platform": "string", + "deviceInfo": "string", + "blockedReason": "string", + "failedAttempts": 0, + "maxFailedAttempts": 0, + "applicationRoles": [ + "string" + ], + "activationFlags": [ + "string" + ], + "publicKeyBytes": "string" + } +} +``` + +##### Response Params + +| Attribute | Type | Description | +|---------------------|------------|-------------------------------------------------------------| +| `userId` | `String` | User ID associated with the authenticator. | +| `activationId` | `String` | Activation ID. | +| `applicationId` | `String` | Application associated with the authenticator. | +| `activationName` | `String` | Activation name. | +| `credentialId` | `String` | Credential ID (FIDO2 Authenticator ID). | +| `activationStatus` | `String` | The activation status. | +| `extras` | `String` | Associated authenticator data. | +| `platform` | `String` | Type of FIDO2 authenticator (`platform`, `cross-platform`). | +| `deviceInfo` | `String` | Authenticator model info (vendor, type). | +| `blockedReason` | `String` | If blocked, the value contains reason for blocking. | +| `failedAttempts` | `String` | How many approvals failed. | +| `maxFailedAttempts` | `String` | Maximum allowed count of approval failures. | +| `applicationRoles` | `String[]` | Application roles. | +| `activationFlags` | `String[]` | Activation flags. | +| `publicKeyBytes` | `String` | Authenticator public key, encoded as Base64. | + + + +## Assertion Services + + +### Create a FIDO2 Assertion Challenge + +Request a new FIDO2 assertion challenge. + + +FIDO2 assertions are backed by PowerAuth operations. This means you can use templates and template parameters. + + +#### Request + +```json +{ + "requestObject": { + "applicationIds": [ + "string" + ], + "userId": "string", + "externalId": "string", + "templateName": "string", + "parameters": { + "additionalProp1": "string", + "additionalProp2": "string", + "additionalProp3": "string" + } + } +} +``` + +##### Request Params + +| Attribute | Type | Description | +|------------------------------------------------------------------|----------------------|-----------------------------------------------------------------------| +| `applicationIds`* | `String[]` | Applications that are capable of approving the operation. | +| `userId` | `String` | User with which the assertion should be associated with. Can be null. | +| `externalId` | `String` | Link to transaction in other system (i.e., core system transaction). | +| `templateName`* | `String` | Template on which this assertion should be based. | +| `parameters` | `Map` | Template parameters. | + +#### Response 200 + +If the challenge is successfully created, API returns the following response: + +```json +{ + "status": "string", + "responseObject": { + "applicationIds": [ + "string" + ], + "challenge": "string", + "userId": "string", + "failedAttempts": 0, + "maxFailedAttempts": 0, + "allowCredentials": [ + { + "credentialId": "string", + "type": "string", + "transports": [ + "string" + ] + } + ] + } +} +``` + +##### Response Params + +| Attribute | Type | Description | +|------------------------------------------------------------------|----------------------|---------------------------------------------------------------------------------| +| `applicationIds`* | `String[]` | Applications that are capable of approving the operation. | +| `challenge` | `String` | The assertion challenge to be signed by the authenticator. | +| `userId` | `String` | User with which the assertion should be associated with. Can be null. | +| `failedAttempts` | `String` | Information about how many times this assertion was unsuccessfully approved. | +| `maxFailedAttempts` | `String` | Information about how many times this assertion can be unsuccessfully approved. | +| `allowCredentials` | `AllowCredentials` | Credentials that are associated with this assertion. | + +##### `AllowCredentials` Object + +| Attribute | Type | Description | +|----------------------------------------------------------------|------------|-------------------------------------------------------| +| `credentialId`* | `String` | Credential ID, byte array encoded in Base64 encoding. | +| `type` | `String` | Type of credentials, mostly `public-key` value. | +| `transports` | `String[]` | Allowed authenticator transport modes. | + + + + +### Verify a FIDO2 Assertion + +Verify a provided FIDO2 assertion. + +#### Request + +```json +{ + "requestObject": { + "id": "string", + "type": "string", + "authenticatorAttachment": "string", + "response": "...", + "applicationId": "string", + "relyingPartyId": "string", + "allowedOrigins": [ + "string" + ], + "allowedTopOrigins": [ + "string" + ], + "requiresUserVerification": true, + "expectedChallenge": "string" + } +} +``` + +##### Request Params + +| Attribute | Type | Description | +|---------------------------------------------------------------------------|----------|-----------------------------------------------------------------------------------| +| `credentialId`* | `String` | Credential ID. | +| `type`* | `String` | Credential type (`public-key`). | +| `authenticatorAttachment`* | `String` | Information about authenticator attachment. | +| `response`* | `String` | Authenticator response (value provided by authenticator, encoded as Base64). | +| `applicationId` | `String` | Application identifier, to verify the challenge can be approved by given app. | +| `relyingPartyId` | `String` | Identification of relying party, typically the domain, i.e., `example.com`. | +| `allowedOrigins` | `String` | Collection of origins that should be allowed to provide the assertion. | +| `allowedTopOrigins` | `String` | Collection of top origins that should be allowed to provide the assertion. | +| `requiresUserVerification` | `String` | Information if user verification flag must be present (if user was verified). | +| `expectedChallenge` | `String` | Expected challenge value. If present, it is checked against the actual challenge. | + +#### Response 200 + +If the challenge is successfully verified, API returns the following response: + +```json +{ + "status": "string", + "responseObject": { + "assertionValid": true, + "userId": "string", + "activationId": "string", + "applicationId": "string", + "activationStatus": "CREATED", + "blockedReason": "string", + "remainingAttempts": 0, + "applicationRoles": [ + "string" + ], + "activationFlags": [ + "string" + ] + } +} +``` + +##### Response Params + +| Attribute | Type | Description | +|------------------------------------------------------------------|------------|-------------------------------------------------------------------------------------| +| `assertionValid`* | `Boolean` | Result of assertion validation. | +| `userId` | `String` | User with which the assertion should be associated with. Can be null. | +| `activationId` | `String` | ID of activation that was used for verification. | +| `applicationId` | `String` | Information about what application was used for approval. | +| `activationStatus` | `String` | Associated activation status. | +| `blockedReason` | `String` | If activation is blocked, the value contains information about reason for blocking. | +| `remainingAttempts` | `String` | How many attempts remain to approve the assertion (authenticator counter). | +| `applicationRoles` | `String[]` | Roles associated with the related application. | +| `activationFlags` | `String[]` | Flags associated with the related activation. | + + \ No newline at end of file diff --git a/docs/PowerAuth-Server-1.7.0.md b/docs/PowerAuth-Server-1.7.0.md index 60268d281..a6d836d79 100644 --- a/docs/PowerAuth-Server-1.7.0.md +++ b/docs/PowerAuth-Server-1.7.0.md @@ -26,8 +26,9 @@ A new database table `pa_application_config` has been added: - `id` - application configuration row identifier - `application_id` - application identifier - `config_key` - configuration key -- `config_values` - list of configuration values +- `config_values` - list of configuration values serialized as JSON array Following parameters can be configured: -- `fido2_attestation_fmt_allowed` - allowed attestation formats for FIDO2 registrations, unset value means all attestation formats are allowed -- `fido2_aaguids_allowed` - allowed AAGUIDs for FIDO2 registration, unset value means all AAGUIDs are allowed +- `fido2_attestation_fmt_allowed` - list of allowed attestation formats for FIDO2 registrations, unset value means all attestation formats are allowed +- `fido2_aaguids_allowed` - list of allowed AAGUIDs for FIDO2 registration, unset value means all AAGUIDs are allowed +- `fido2_root_ca_certs` - list of trusted root CA certificates for certificate validation in PEM format diff --git a/docs/Telemetry-API.md b/docs/Telemetry-API.md index cba52b8d7..c6ea361b2 100644 --- a/docs/Telemetry-API.md +++ b/docs/Telemetry-API.md @@ -75,7 +75,7 @@ Request a telemetry report with provided attributes. #### Response 200 -If the report is successfully prepared, API returns the following reponse: +If the report is successfully prepared, API returns the following response: ```json { diff --git a/docs/WebServices-Methods.md b/docs/WebServices-Methods.md index 9ee46c9f8..ac9b6772e 100644 --- a/docs/WebServices-Methods.md +++ b/docs/WebServices-Methods.md @@ -387,11 +387,12 @@ REST endpoint: `POST /rest/v3/application/config/create` |----------|------|-------------| | `String` | `applicationId` | An identifier of an application | | `String` | `key` | Application configuration key name | -| `List` | `values` | Application configuration values | +| `List` | `values` | Application configuration values serialized as JSON array | Following configuration keys are accepted: -- `fido2_attestation_fmt_allowed` - allowed attestation formats for FIDO2 registrations, unset value means all attestation formats are allowed -- `fido2_aaguids_allowed` - allowed AAGUIDs for FIDO2 registration, unset value means all AAGUIDs are allowed +- `fido2_attestation_fmt_allowed` - list of allowed attestation formats for FIDO2 registrations, unset value means all attestation formats are allowed +- `fido2_aaguids_allowed` - list of allowed AAGUIDs for FIDO2 registration, unset value means all AAGUIDs are allowed +- `fido2_root_ca_certs` - list of trusted root CA certificates for certificate validation in PEM format #### Response diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 508f63ee0..ddc7066a1 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -18,6 +18,8 @@ **Reference Manual** - [Web Services - Methods](WebServices-Methods.md) +- [FIDO2 API](FIDO2-API.md) +- [Telemetry API](Telemetry-API.md) - [Database Structure](./Database-Structure.md) - [Error Codes](./Server-Error-Codes.md) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 6ae26c409..0a900e396 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -95,7 +95,7 @@ public AssertionVerificationResponse authenticate(AssertionVerificationRequest r final AuthenticatorAssertionResponse response = request.getResponse(); final String applicationId = request.getApplicationId(); final String credentialId = request.getCredentialId(); - final String challenge = request.getResponse().getClientDataJSON().getChallenge(); + final String challenge = response.getClientDataJSON().getChallenge(); final Optional authenticatorOptional = authenticatorProvider.findByCredentialId(credentialId, applicationId); authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); final AuthenticatorDetail authenticatorDetail = authenticatorOptional.get(); From 87a45a8f20d82bf0021c76e6f88cc4f34591db3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Mon, 18 Mar 2024 09:16:41 +0100 Subject: [PATCH 119/146] Fix #1374: Personalized FIDO2 assertion challenge (#1392) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fix #1374: Personalized FIDO2 assertion challenge * Cleanup the code by moving user authenticator lookup to provider * Prevent possible NPE for empty extras --------- Co-authored-by: Roman Štrobl --- .../model/request/OperationCreateRequest.java | 4 ++ .../AssertionChallengeConverter.java | 69 +++++++++++++++++++ .../rest/model/entity/AllowCredentials.java | 35 ++++++++++ .../rest/model/entity/AssertionChallenge.java | 1 + .../request/AssertionChallengeRequest.java | 1 + .../response/AssertionChallengeResponse.java | 2 + .../fido2/service/AssertionService.java | 10 +-- .../service/provider/AssertionProvider.java | 11 +-- .../app/server/service/PowerAuthService.java | 4 +- .../tasks/OperationServiceBehavior.java | 39 +++++++++-- .../fido2/PowerAuthAssertionProvider.java | 48 ++++++++----- .../fido2/PowerAuthAuthenticatorProvider.java | 5 +- 12 files changed, 191 insertions(+), 38 deletions(-) create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AllowCredentials.java diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCreateRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCreateRequest.java index d6b5f1849..af084db88 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCreateRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/OperationCreateRequest.java @@ -55,6 +55,10 @@ public class OperationCreateRequest { @JsonSetter(nulls = Nulls.SKIP) private final Map parameters = new LinkedHashMap<>(); + @Schema(description = "Additional data associated with the operation to initialize the operation context", requiredMode = Schema.RequiredMode.NOT_REQUIRED) + @JsonSetter(nulls = Nulls.SKIP) + private Map additionalData; + @Schema(description = "Whether proximity check should be used, overrides configuration from operation template", requiredMode = Schema.RequiredMode.NOT_REQUIRED) private Boolean proximityCheckEnabled; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java index 112a083cf..48e97c35a 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java @@ -18,11 +18,18 @@ package com.wultra.powerauth.fido2.rest.model.converter; +import com.wultra.powerauth.fido2.rest.model.entity.AllowCredentials; import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; +import com.wultra.security.powerauth.client.model.request.OperationCreateRequest; +import com.wultra.security.powerauth.client.model.response.OperationDetailResponse; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; +import java.util.*; + /** * Converter for assertion challenge values. * @@ -32,6 +39,8 @@ @Slf4j public class AssertionChallengeConverter { + private static final String ATTR_ALLOW_CREDENTIALS = "allowCredentials"; + /** * Convert a new assertion challenge response from a provided challenge. * @@ -48,6 +57,66 @@ public AssertionChallengeResponse fromChallenge(AssertionChallenge source) { destination.setChallenge(source.getChallenge()); destination.setFailedAttempts(source.getFailedAttempts()); destination.setMaxFailedAttempts(source.getMaxFailedAttempts()); + destination.setAllowCredentials(source.getAllowCredentials()); + return destination; + } + + /** + * Convert the assertion challenge request to a new operation create request. Optionally, store allowed + * authenticators with the operation. + * + * @param source Assertion challenge. + * @param authenticatorDetails Allowed authenticators. If null or empty, all are allowed. + * @return Request for creating a new operation. + */ + public OperationCreateRequest convertAssertionRequestToOperationRequest(AssertionChallengeRequest source, List authenticatorDetails) { + final OperationCreateRequest destination = new OperationCreateRequest(); + destination.setUserId(source.getUserId()); + destination.setApplications(source.getApplicationIds()); + destination.setTemplateName(source.getTemplateName()); + destination.getParameters().putAll(source.getParameters()); + + //TODO: Use relation to activation ID instead of additional data + if (authenticatorDetails != null && !authenticatorDetails.isEmpty()) { + final Set allowCredentials = new LinkedHashSet<>(); + for (AuthenticatorDetail ad : authenticatorDetails) { + allowCredentials.add(ad.getCredentialId()); + } + destination.setAdditionalData(Map.of(ATTR_ALLOW_CREDENTIALS, allowCredentials)); + } + return destination; + } + + /** + * Convert assertion challenge request from operation detail response. + * + * @param source Operation detail. + * @param authenticatorDetails Add authenticator details to be assigned with the challenge. If null or empty, all are allowed. + * @return Assertion challenge + */ + public AssertionChallenge convertAssertionChallengeFromOperationDetail(OperationDetailResponse source, List authenticatorDetails) { + final AssertionChallenge destination = new AssertionChallenge(); + destination.setUserId(source.getUserId()); + destination.setApplicationIds(source.getApplications()); + destination.setChallenge(source.getId() + "&" + source.getData()); + destination.setFailedAttempts(source.getFailureCount()); + destination.setMaxFailedAttempts(source.getMaxFailureCount()); + + if (authenticatorDetails != null && !authenticatorDetails.isEmpty()) { + final List allowCredentials = new ArrayList<>(); + for (AuthenticatorDetail ad: authenticatorDetails) { + + final byte[] credentialId = Base64.getDecoder().decode(ad.getCredentialId()); + @SuppressWarnings("unchecked") + final List transports = (List) ad.getExtras().get("transports"); + + final AllowCredentials ac = new AllowCredentials(); + ac.setCredentialId(credentialId); + ac.setTransports(transports); + allowCredentials.add(ac); + } + destination.setAllowCredentials(allowCredentials); + } return destination; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AllowCredentials.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AllowCredentials.java new file mode 100644 index 000000000..822a02e11 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AllowCredentials.java @@ -0,0 +1,35 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import lombok.Data; + +import java.util.List; + +/** + * Representation of an allowed authenticator instance. + * + * @author Petr Dvorak, petr@wultra.com + */ +@Data +public class AllowCredentials { + private byte[] credentialId; + private final String type = "public-key"; + private List transports; +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java index e5867df3c..5d795fd07 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AssertionChallenge.java @@ -35,5 +35,6 @@ public class AssertionChallenge { private String userId; private Long failedAttempts; private Long maxFailedAttempts; + private List allowCredentials; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java index d307544cc..c72856fb6 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionChallengeRequest.java @@ -36,6 +36,7 @@ @Data public class AssertionChallengeRequest { + private String userId; @NotEmpty private List<@NotBlank String> applicationIds; private String externalId; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java index fa37220e2..5a85ae631 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/response/AssertionChallengeResponse.java @@ -18,6 +18,7 @@ package com.wultra.powerauth.fido2.rest.model.response; +import com.wultra.powerauth.fido2.rest.model.entity.AllowCredentials; import lombok.Data; import java.util.List; @@ -35,5 +36,6 @@ public class AssertionChallengeResponse { private String userId; private Long failedAttempts; private Long maxFailedAttempts; + private List allowCredentials; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 0a900e396..017bbce24 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -75,12 +75,14 @@ public AssertionService(CryptographyService cryptographyService, AuthenticatorPr * @return Assertion challenge information. */ public AssertionChallengeResponse requestAssertionChallenge(AssertionChallengeRequest request) throws Exception { - final AssertionChallenge assertionChallenge = assertionProvider.provideChallengeForAssertion( - request.getApplicationIds(), request.getTemplateName(), request.getParameters(), request.getExternalId() - ); + + // Generate the challenge from given request, with optional assignment to provided authenticators + final AssertionChallenge assertionChallenge = assertionProvider.provideChallengeForAssertion(request); if (assertionChallenge == null) { throw new Fido2AuthenticationFailedException("Unable to obtain challenge with provided parameters."); } + + // Convert the response return assertionChallengeConverter.fromChallenge(assertionChallenge); } @@ -105,7 +107,7 @@ public AssertionVerificationResponse authenticate(AssertionVerificationRequest r final boolean signatureCorrect = cryptographyService.verifySignatureForAssertion(applicationId, credentialId, clientDataJSON, authenticatorData, response.getSignature(), authenticatorDetail); if (signatureCorrect) { assertionProvider.approveAssertion(challenge, authenticatorDetail, authenticatorData, clientDataJSON); - return assertionConverter.fromAuthenticatorDetail(authenticatorDetail, signatureCorrect); + return assertionConverter.fromAuthenticatorDetail(authenticatorDetail, true); } else { assertionProvider.failAssertion(challenge, authenticatorDetail, authenticatorData, clientDataJSON); throw new Fido2AuthenticationFailedException("Authentication failed due to incorrect signature."); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java index 8577f37ef..b201f9598 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/provider/AssertionProvider.java @@ -23,9 +23,7 @@ import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorData; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; import com.wultra.powerauth.fido2.rest.model.entity.CollectedClientData; - -import java.util.List; -import java.util.Map; +import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; /** * Interface with methods responsible for assertion verification. @@ -37,14 +35,11 @@ public interface AssertionProvider { /** * Obtain challenge for authentication. * - * @param applicationIds List of application ID. - * @param operationType Type of the operation this challenge is for. - * @param parameters Operation parameters. - * @param externalAuthenticationId External ID of operation, i.e., transaction in transaction system. + * @param request Assertion challenge request. * @return Assertion challenge. * @throws Exception In case any issue occur during processing. */ - AssertionChallenge provideChallengeForAssertion(List applicationIds, String operationType, Map parameters, String externalAuthenticationId) throws Exception; + AssertionChallenge provideChallengeForAssertion(AssertionChallengeRequest request) throws Exception; /** * Approve assertion. diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java index 6608aba47..064cdbefc 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/PowerAuthService.java @@ -1683,9 +1683,9 @@ public OperationDetailResponse createOperation(OperationCreateRequest request) t throw new GenericServiceException(ServiceError.INVALID_REQUEST, error, error); } try { - logger.info("CreateOperationRequest received, template name: {}, user ID: {}, application ID: {}", request.getTemplateName(), request.getUserId(), request.getApplications()); + logger.info("OperationCreateRequest received, template name: {}, user ID: {}, application ID: {}", request.getTemplateName(), request.getUserId(), request.getApplications()); final OperationDetailResponse response = behavior.getOperationBehavior().createOperation(request); - logger.info("CreateOperationRequest succeeded"); + logger.info("OperationCreateRequest succeeded"); return response; } catch (GenericServiceException ex) { // already logged diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java index 056880c55..19083ef6f 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java @@ -89,6 +89,21 @@ public class OperationServiceBehavior { private LocalizationProvider localizationProvider; private final PowerAuthServiceConfiguration powerAuthServiceConfiguration; + /** + * Lambda interface that allows customizing the approval of operation. + */ + public interface OperationApprovalCustomizer { + /** + * Method to proceed with approval or fail the operation. Mandatory checks have precedence over this call + * result, so it is not possible to force approve an operation that would otherwise be rejected. + * + * @param operationEntity Operation entity to be approved. + * @param request Request with approval attempt. + * @return True in case the operation can be approved, false to fail operation approval. + */ + boolean operationShouldFail(OperationEntity operationEntity, OperationApproveRequest request); + } + // Prepare logger private static final Logger logger = LoggerFactory.getLogger(OperationServiceBehavior.class); @@ -123,6 +138,7 @@ public OperationDetailResponse createOperation(OperationCreateRequest request) t final String templateName = request.getTemplateName(); final Date timestampExpiresRequest = request.getTimestampExpires(); final Map parameters = request.getParameters() != null ? request.getParameters() : new LinkedHashMap<>(); + final Map additionalData = request.getAdditionalData() != null ? request.getAdditionalData() : new LinkedHashMap<>(); final String externalId = request.getExternalId(); final String activationId = request.getActivationId(); @@ -189,7 +205,7 @@ public OperationDetailResponse createOperation(OperationCreateRequest request) t operationEntity.setTemplateName(templateEntity.getTemplateName()); operationEntity.setData(operationData); operationEntity.setParameters(parameters); - operationEntity.setAdditionalData(null); // empty initially + operationEntity.setAdditionalData(additionalData); operationEntity.setStatus(OperationStatusDo.PENDING); operationEntity.setSignatureType(templateEntity.getSignatureType()); operationEntity.setFailureCount(0L); @@ -212,6 +228,7 @@ public OperationDetailResponse createOperation(OperationCreateRequest request) t .param("template", templateEntity.getTemplateName()) .param("data", operationData) .param("parameters", parameters) + .param("additionalData", additionalData) .param("status", OperationStatusDo.PENDING.name()) .param("allowedSignatureType", templateEntity.getSignatureType()) .param("maxFailureCount", operationEntity.getMaxFailureCount()) @@ -228,6 +245,10 @@ public OperationDetailResponse createOperation(OperationCreateRequest request) t } public OperationUserActionResponse attemptApproveOperation(OperationApproveRequest request) throws GenericServiceException { + return attemptApproveOperation(request, (op, req) -> false); + } + + public OperationUserActionResponse attemptApproveOperation(OperationApproveRequest request, OperationApprovalCustomizer operationApprovalCustomizer) throws GenericServiceException { final Instant currentInstant = Instant.now(); final Date currentTimestamp = Date.from(currentInstant); @@ -263,15 +284,17 @@ public OperationUserActionResponse attemptApproveOperation(OperationApproveReque // Check the operation properties match the request final PowerAuthSignatureTypes factorEnum = PowerAuthSignatureTypes.getEnumFromString(signatureType.toString()); final ProximityCheckResult proximityCheckResult = fetchProximityCheckResult(operationEntity, request, currentInstant); - final boolean activationIdMatches = activationIdMatches(request, operationEntity.getActivationId()); final String expectedUserId = operationEntity.getUserId(); + final boolean activationIdMatches = activationIdMatches(request, operationEntity.getActivationId()); + final boolean operationShouldFail = operationApprovalCustomizer.operationShouldFail(operationEntity, request); if (expectedUserId == null || expectedUserId.equals(userId) // correct user approved the operation && operationEntity.getApplications().contains(application.get()) // operation is approved by the expected application && isDataEqual(operationEntity, data) // operation data matched the expected value && factorsAcceptable(operationEntity, factorEnum) // auth factors are acceptable && operationEntity.getMaxFailureCount() > operationEntity.getFailureCount() // operation has sufficient attempts left (redundant check) && proximityCheckPassed(proximityCheckResult) - && activationIdMatches){ // either Operation does not have assigned activationId or it has one, and it matches activationId from request + && activationIdMatches // either Operation does not have assigned activationId or it has one, and it matches activationId from request + && !operationShouldFail) { // operation customizer can change the approval status by an external impulse // Approve the operation operationEntity.setUserId(userId); @@ -288,12 +311,12 @@ && proximityCheckPassed(proximityCheckResult) .param("id", operationId) .param("userId", userId) .param("appId", applicationId) - .param("status", operationEntity.getStatus().name()) - .param("additionalData", extendAuditedAdditionalData(operationEntity.getAdditionalData())) - .param("failureCount", operationEntity.getFailureCount()) + .param("status", savedEntity.getStatus().name()) + .param("additionalData", extendAuditedAdditionalData(savedEntity.getAdditionalData())) + .param("failureCount", savedEntity.getFailureCount()) .param("proximityCheckResult", proximityCheckResult) .param("currentTimestamp", currentTimestamp) - .param("activationIdOperation", operationEntity.getActivationId()) + .param("activationIdOperation", savedEntity.getActivationId()) .build(); audit.log(AuditLevel.INFO, "Operation approved with ID: {}", auditDetail, operationId); @@ -331,6 +354,7 @@ && proximityCheckPassed(proximityCheckResult) .param("activationIdMatches", activationIdMatches) .param("activationIdOperation", operationEntity.getActivationId()) .param("activationIdRequest", additionalData.get("activationId")) + .param("operationShouldFail", operationShouldFail) .build(); audit.log(AuditLevel.INFO, "Operation approval failed with ID: {}, failed attempts count: {}", auditDetail, operationId, operationEntity.getFailureCount()); @@ -365,6 +389,7 @@ && proximityCheckPassed(proximityCheckResult) .param("activationIdMatches", activationIdMatches) .param("activationIdOperation", operationEntity.getActivationId()) .param("activationIdRequest", additionalData.get("activationId")) + .param("operationShouldFail", operationShouldFail) .build(); audit.log(AuditLevel.INFO, "Operation failed with ID: {}", auditDetail, operationId); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index 14d4f800d..62e7a53fc 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -21,7 +21,9 @@ import com.wultra.core.audit.base.model.AuditDetail; import com.wultra.core.audit.base.model.AuditLevel; import com.wultra.powerauth.fido2.errorhandling.Fido2AuthenticationFailedException; +import com.wultra.powerauth.fido2.rest.model.converter.AssertionChallengeConverter; import com.wultra.powerauth.fido2.rest.model.entity.*; +import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; import com.wultra.powerauth.fido2.service.provider.AssertionProvider; import com.wultra.security.powerauth.client.model.entity.KeyValue; import com.wultra.security.powerauth.client.model.enumeration.OperationStatus; @@ -41,6 +43,7 @@ import io.getlime.security.powerauth.app.server.service.behavior.tasks.AuditingServiceBehavior; import io.getlime.security.powerauth.app.server.service.exceptions.GenericServiceException; import io.getlime.security.powerauth.app.server.service.model.signature.SignatureData; +import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -53,11 +56,13 @@ * @author Petr Dvorak, petr@wultra.com */ @Service +@Slf4j public class PowerAuthAssertionProvider implements AssertionProvider { private static final String AUDIT_TYPE_FIDO2 = "fido2"; - private static final String ATTR_ACTIVATION_ID = "activationId"; + private static final String ATTR_CREDENTIAL_ID = "credentialId"; + private static final String ATTR_ALLOW_CREDENTIALS = "allowCredentials"; private static final String ATTR_APPLICATION_ID = "applicationId"; private static final String ATTR_AUTH_FACTOR = "authFactor"; private static final String ATTR_ORIGIN = "origin"; @@ -65,32 +70,37 @@ public class PowerAuthAssertionProvider implements AssertionProvider { private final ServiceBehaviorCatalogue serviceBehaviorCatalogue; private final RepositoryCatalogue repositoryCatalogue; + private final AssertionChallengeConverter assertionChallengeConverter; private final AuditingServiceBehavior audit; + private final PowerAuthAuthenticatorProvider authenticatorProvider; @Autowired - public PowerAuthAssertionProvider(ServiceBehaviorCatalogue serviceBehaviorCatalogue, RepositoryCatalogue repositoryCatalogue, AuditingServiceBehavior audit) { + public PowerAuthAssertionProvider(ServiceBehaviorCatalogue serviceBehaviorCatalogue, RepositoryCatalogue repositoryCatalogue, AssertionChallengeConverter assertionChallengeConverter, AuditingServiceBehavior audit, PowerAuthAuthenticatorProvider authenticatorProvider) { this.serviceBehaviorCatalogue = serviceBehaviorCatalogue; this.repositoryCatalogue = repositoryCatalogue; + this.assertionChallengeConverter = assertionChallengeConverter; this.audit = audit; + this.authenticatorProvider = authenticatorProvider; } @Override @Transactional - public AssertionChallenge provideChallengeForAssertion(List applicationIds, String templateName, Map parameters, String externalAuthenticationId) throws GenericServiceException { - final OperationCreateRequest operationCreateRequest = new OperationCreateRequest(); - operationCreateRequest.setApplications(applicationIds); - operationCreateRequest.setTemplateName(templateName); - operationCreateRequest.setExternalId(externalAuthenticationId); - operationCreateRequest.getParameters().putAll(parameters); + public AssertionChallenge provideChallengeForAssertion(AssertionChallengeRequest request) throws GenericServiceException, Fido2AuthenticationFailedException { + final List authenticatorDetails = new ArrayList<>(); + + // If user ID is specified, fetch the user authenticators that should be allowed to respond the challenge + final String userId = request.getUserId(); + if (userId != null) { + //TODO: Optimize by fetching data for all applications + for (String applicationId: request.getApplicationIds()) { + final List ad = authenticatorProvider.findByUserId(userId, applicationId); + authenticatorDetails.addAll(ad); + } + } + final OperationCreateRequest operationCreateRequest = assertionChallengeConverter.convertAssertionRequestToOperationRequest(request, authenticatorDetails); final OperationDetailResponse operationDetailResponse = serviceBehaviorCatalogue.getOperationBehavior().createOperation(operationCreateRequest); - final AssertionChallenge assertionChallenge = new AssertionChallenge(); - assertionChallenge.setUserId(operationDetailResponse.getUserId()); - assertionChallenge.setApplicationIds(operationDetailResponse.getApplications()); - assertionChallenge.setChallenge(operationDetailResponse.getId() + "&" + operationDetailResponse.getData()); - assertionChallenge.setFailedAttempts(operationDetailResponse.getFailureCount()); - assertionChallenge.setMaxFailedAttempts(operationDetailResponse.getMaxFailureCount()); - return assertionChallenge; + return assertionChallengeConverter.convertAssertionChallengeFromOperationDetail(operationDetailResponse, authenticatorDetails); } @Override @@ -112,7 +122,12 @@ public AssertionChallenge approveAssertion(String challengeValue, AuthenticatorD operationApproveRequest.setUserId(authenticatorDetail.getUserId()); operationApproveRequest.setSignatureType(supportedSignatureType(authenticatorDetail, authenticatorData.getFlags().isUserVerified())); operationApproveRequest.getAdditionalData().putAll(prepareAdditionalData(authenticatorDetail, authenticatorData, clientDataJSON)); - final OperationUserActionResponse approveOperation = serviceBehaviorCatalogue.getOperationBehavior().attemptApproveOperation(operationApproveRequest); + final OperationUserActionResponse approveOperation = serviceBehaviorCatalogue.getOperationBehavior().attemptApproveOperation(operationApproveRequest, (operationEntity, request) -> { + @SuppressWarnings("unchecked") + final Set allowCredentials = (Set) operationEntity.getAdditionalData().get(ATTR_ALLOW_CREDENTIALS); + final String credentialId = (String) request.getAdditionalData().get(ATTR_CREDENTIAL_ID); + return allowCredentials == null || allowCredentials.isEmpty() || allowCredentials.contains(credentialId); + }); final UserActionResult result = approveOperation.getResult(); final OperationDetailResponse operation = approveOperation.getOperation(); auditAssertionResult(authenticatorDetail, result); @@ -241,6 +256,7 @@ private Map prepareAdditionalData( final Map additionalData = new LinkedHashMap<>(); additionalData.put(ATTR_ACTIVATION_ID, authenticatorDetail.getActivationId()); additionalData.put(ATTR_APPLICATION_ID, authenticatorDetail.getApplicationId()); + additionalData.put(ATTR_CREDENTIAL_ID, authenticatorData.getAttestedCredentialData().getCredentialId()); additionalData.put(ATTR_AUTH_FACTOR, supportedSignatureType(authenticatorDetail, authenticatorData.getFlags().isUserVerified())); additionalData.put(ATTR_ORIGIN, clientDataJSON.getOrigin()); additionalData.put(ATTR_TOP_ORIGIN, clientDataJSON.getTopOrigin()); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java index 526cc5971..da6dd9073 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAuthenticatorProvider.java @@ -294,7 +294,10 @@ private Optional convert(Activation activation, Application authenticatorDetail.setActivationName(activation.getActivationName()); authenticatorDetail.setCredentialId(activation.getExternalId()); try { - authenticatorDetail.setExtras(objectMapper.readValue(activation.getExtras(), new TypeReference>() {})); + if (activation.getExtras() != null) { + authenticatorDetail.setExtras(objectMapper.readValue(activation.getExtras(), new TypeReference>() { + })); + } } catch (JsonProcessingException e) { logger.warn(e.getMessage(), e); return Optional.empty(); From 755f0bb803d91f984bbb0088b8f85eff4444767d Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Mon, 18 Mar 2024 11:24:10 +0100 Subject: [PATCH 120/146] Refactor resolveEcPoint to switch expression A follow-up to #1394 --- .../fido2/PowerAuthCryptographyService.java | 22 +++++++------------ 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java index 10e989ff8..99a868639 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java @@ -142,15 +142,14 @@ private byte[] concat(byte[] a, byte[] b) { private Optional resolveEcPoint(AttestationObject attestationObject, String applicationId) { final AuthenticatorData authData = attestationObject.getAuthData(); final AttestedCredentialData attestedCredentialData = authData.getAttestedCredentialData(); - final Optional result; - switch (attestationObject.getAttStmt().getAttestationType()) { + return switch (attestationObject.getAttStmt().getAttestationType()) { case NONE -> { logger.warn("Invalid attestation type NONE for attestation format: {}", attestationObject.getFmt()); - result = Optional.empty(); + yield Optional.empty(); } case SELF -> { logger.debug("Using public key from Self attestation"); - result = Optional.of(attestedCredentialData.getPublicKeyObject().getPoint()); + yield Optional.of(attestedCredentialData.getPublicKeyObject().getPoint()); } case BASIC -> { logger.debug("Using public key from Basic attestation"); @@ -166,24 +165,19 @@ private Optional resolveEcPoint(AttestationObject attestationObject, St } catch (CertificateException e) { logger.debug(e.getMessage(), e); logger.warn("Invalid certificate received in Basic attestation, error: {}", e.getMessage()); - result = Optional.empty(); - break; + yield Optional.empty(); } if (!(validatedCert.getPublicKey() instanceof ECPublicKey)) { logger.warn("Invalid cryptography algorithm used in Basic attestation, algorithm: {}", validatedCert.getPublicKey().getAlgorithm()); - result = Optional.empty(); - break; + yield Optional.empty(); } if (!certificateValidator.isValid(validatedCert, intermediateCerts, rootCerts, authData.getAttestedCredentialData().getAaguid())) { logger.warn("Certificate validation failed in Basic attestation, subject name: {}", validatedCert.getSubjectX500Principal().getName()); - result = Optional.empty(); - break; + yield Optional.empty(); } - result = Optional.of(convertPoint(((ECPublicKey) validatedCert.getPublicKey()).getW())); + yield Optional.of(convertPoint(((ECPublicKey) validatedCert.getPublicKey()).getW())); } - default -> result = Optional.empty(); - } - return result; + }; } /** From b00a1cc80cc9f43643246f50eecfa12daf087319 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= Date: Mon, 18 Mar 2024 12:23:03 +0100 Subject: [PATCH 121/146] Fix #1407: Reflect fido2 changes in client model (#1409) --- .../model/entity/fido2/AllowCredentials.java | 35 +++++++++++++++++++ .../fido2/AssertionChallengeRequest.java | 1 + .../fido2/AssertionChallengeResponse.java | 2 ++ .../fido2/PowerAuthAssertionProvider.java | 2 +- 4 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AllowCredentials.java diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AllowCredentials.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AllowCredentials.java new file mode 100644 index 000000000..b54fa8b40 --- /dev/null +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AllowCredentials.java @@ -0,0 +1,35 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.security.powerauth.client.model.entity.fido2; + +import lombok.Data; + +import java.util.List; + +/** + * Representation of an allowed authenticator instance. + * + * @author Jan Pesek, jan.pesek@wultra.com + */ +@Data +public class AllowCredentials { + private byte[] credentialId; + private final String type = "public-key"; + private List transports; +} diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java index d5f7687d2..bb3d3f49d 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionChallengeRequest.java @@ -34,6 +34,7 @@ @Data public class AssertionChallengeRequest { + private String userId; @NotEmpty private List<@NotBlank String> applicationIds; private String externalId; diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionChallengeResponse.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionChallengeResponse.java index 30442cd95..2356f987a 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionChallengeResponse.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/response/fido2/AssertionChallengeResponse.java @@ -18,6 +18,7 @@ package com.wultra.security.powerauth.client.model.response.fido2; +import com.wultra.security.powerauth.client.model.entity.fido2.AllowCredentials; import lombok.Data; import lombok.ToString; @@ -37,5 +38,6 @@ public class AssertionChallengeResponse { private String userId; private Long failedAttempts; private Long maxFailedAttempts; + private List allowCredentials; } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index 62e7a53fc..b304c466d 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -124,7 +124,7 @@ public AssertionChallenge approveAssertion(String challengeValue, AuthenticatorD operationApproveRequest.getAdditionalData().putAll(prepareAdditionalData(authenticatorDetail, authenticatorData, clientDataJSON)); final OperationUserActionResponse approveOperation = serviceBehaviorCatalogue.getOperationBehavior().attemptApproveOperation(operationApproveRequest, (operationEntity, request) -> { @SuppressWarnings("unchecked") - final Set allowCredentials = (Set) operationEntity.getAdditionalData().get(ATTR_ALLOW_CREDENTIALS); + final List allowCredentials = (List) operationEntity.getAdditionalData().get(ATTR_ALLOW_CREDENTIALS); final String credentialId = (String) request.getAdditionalData().get(ATTR_CREDENTIAL_ID); return allowCredentials == null || allowCredentials.isEmpty() || allowCredentials.contains(credentialId); }); From 03a8e1c0f8368ec51c24603bff17325f74c437da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= Date: Mon, 18 Mar 2024 14:26:17 +0100 Subject: [PATCH 122/146] Fix #1393: FIDO2: externalize authenticator configuration (#1396) --- docs/Database-Structure.md | 25 ++ docs/PowerAuth-Server-1.7.0.md | 9 + .../1.7.x/20240312-fido2-authenticator.xml | 54 ++++ .../powerauth-java-server/1.7.x/aaguids.csv | 81 ++++++ .../1.7.x/db.changelog-version.xml | 1 + docs/images/arch_db_structure.png | Bin 911303 -> 534224 bytes docs/sql/mssql/migration_1.6.0_1.7.0.sql | 18 +- docs/sql/oracle/migration_1.6.0_1.7.0.sql | 169 ++++++++++++ docs/sql/postgresql/migration_1.6.0_1.7.0.sql | 13 + powerauth-fido2/pom.xml | 8 + .../powerauth/fido2/config/CachingConfig.java | 41 +++ .../entity/Fido2AuthenticatorEntity.java | 69 +++++ .../Fido2AuthenticatorRepository.java | 32 +++ .../converter/RegistrationConverter.java | 14 +- .../model/entity/Fido2Authenticators.java | 253 ------------------ .../service/Fido2AuthenticatorService.java | 86 ++++++ .../fido2/service/RegistrationService.java | 15 +- .../service/model/Fido2Authenticator.java | 50 ++++ .../Fido2AuthenticatorServiceTest.java | 97 +++++++ .../powerauth/app/server/Application.java | 6 + .../fido2/PowerAuthAssertionProvider.java | 7 +- .../main/resources/application-dev.properties | 2 + .../src/main/resources/application.properties | 1 + 23 files changed, 783 insertions(+), 268 deletions(-) create mode 100644 docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml create mode 100644 docs/db/changelog/changesets/powerauth-java-server/1.7.x/aaguids.csv create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/config/CachingConfig.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/database/entity/Fido2AuthenticatorEntity.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/database/repository/Fido2AuthenticatorRepository.java delete mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2Authenticators.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/model/Fido2Authenticator.java create mode 100644 powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java diff --git a/docs/Database-Structure.md b/docs/Database-Structure.md index 5e6a076af..de4fe9ae4 100644 --- a/docs/Database-Structure.md +++ b/docs/Database-Structure.md @@ -610,3 +610,28 @@ CREATE TABLE pa_operation_application ( | application_id | bigint | part of primary key | Related application ID. | | operation_id | varchar(37) | part of primary key | Related operation ID. | + + +### FIDO2 Authenticators + +Table stores details about FIDO2 Authenticators. + +#### Schema + +```sql +CREATE TABLE pa_fido2_authenticator ( + aaguid VARCHAR(255) NOT NULL, + description VARCHAR(255) NOT NULL, + signature_type VARCHAR(255) NOT NULL, + CONSTRAINT pa_fido2_authenticator_pkey PRIMARY KEY (aaguid) +); +``` + +#### Columns + +| Name | Type | Info | Note | +|----------------|--------------|-------------|--------------------------------------------------------| +| aaguid | varchar(255) | primary key | Identifier of the FIDO2 authenticator. | +| description | varchar(255) | - | Human-readable description of the FIDO2 authenticator. | +| signature_type | varchar(255) | - | Signature type provided by the FIDO2 authenticator. | + diff --git a/docs/PowerAuth-Server-1.7.0.md b/docs/PowerAuth-Server-1.7.0.md index a6d836d79..34afad761 100644 --- a/docs/PowerAuth-Server-1.7.0.md +++ b/docs/PowerAuth-Server-1.7.0.md @@ -32,3 +32,12 @@ Following parameters can be configured: - `fido2_attestation_fmt_allowed` - list of allowed attestation formats for FIDO2 registrations, unset value means all attestation formats are allowed - `fido2_aaguids_allowed` - list of allowed AAGUIDs for FIDO2 registration, unset value means all AAGUIDs are allowed - `fido2_root_ca_certs` - list of trusted root CA certificates for certificate validation in PEM format + +### New Database Table for FIDO2 Authenticators + +A new database table `pa_fido2_authenticator` has been added: +- `aaguid` - identifier of the FIDO2 authenticator +- `description` - human-readable description of the FIDO2 authenticator +- `signature_type` - signature type provided by the FIDO2 authenticator + +There are initial data included in this change. diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml new file mode 100644 index 000000000..d52d59191 --- /dev/null +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml @@ -0,0 +1,54 @@ + + + + + + + + + + + + + Create a new table pa_fido2_authenticator + + + + + + + + + + + + + + + + Insert initial data to pa_fido2_authenticator table + + + + + \ No newline at end of file diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/aaguids.csv b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/aaguids.csv new file mode 100644 index 000000000..0dd8efc5b --- /dev/null +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/aaguids.csv @@ -0,0 +1,81 @@ +aaguid;description;signature_type +"12ded745-4bed-47d4-abaa-e713f51d6393";"AllinPass FIDO";"POSSESSION" +"b93fd961-f2e6-462f-b122-82002247de78";"Android Authenticator with SafetyNet Attestation";"POSSESSION" +"ad784498-1902-3f54-b99a-10bb7dbd9588";"Apple MacBook Pro 14-inch, 2021";"POSSESSION" +"4ae71336-e44b-39bf-b9d2-752e234818a5";"Apple Passkeys";"POSSESSION" +"d41f5a69-b817-4144-a13c-9ebd6d9254d6";"ATKey.Card CTAP2.0";"POSSESSION" +"e1a96183-5016-4f24-b55b-e3ae23614cc6";"ATKey.Pro CTAP2.0";"POSSESSION" +"e416201b-afeb-41ca-a03d-2281c28322aa";"ATKey.Pro CTAP2.1";"POSSESSION" +"ba76a271-6eb6-4171-874d-b6428dbe3437";"ATKey.ProS";"POSSESSION" +"1c086528-58d5-f211-823c-356786e36140";"Atos CardOS FIDO2";"POSSESSION" +"b6ede29c-3772-412c-8a78-539c1f4c62d2";"BioPass FIDO Plus";"POSSESSION" +"77010bd7-212a-4fc9-b236-d2ca5e9d4084";"BioPass FIDO";"POSSESSION" +"be727034-574a-f799-5c76-0929e0430973";"Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)";"POSSESSION" +"9c835346-796b-4c27-8898-d6032f515cc5";"Cryptnox FIDO2";"POSSESSION" +"454e5346-4944-4ffd-6c93-8e9267193e9a";"Ensurity ThinC";"POSSESSION" +"833b721a-ff5f-4d00-bb2e-bdda3ec01e29";"ePassFIDO K10, A4B, K28";"POSSESSION" +"ee041bce-25e5-4cdb-8f86-897fd6418464";"ePassFIDO K39, NFC, NFC Plus";"POSSESSION" +"5343502d-5343-5343-6172-644649444f32";"ESS Smart Card Inc. Authenticator";"POSSESSION" +"61250591-b2bc-4456-b719-0b17be90bb30";"eWBM eFPA FIDO2 Authenticator";"POSSESSION" +"3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d";"Feitian iePass FIDO Authenticator";"POSSESSION" +"8c97a730-3f7b-41a6-87d6-1e9b62bda6f0";"FIDO Fingerprint Card";"POSSESSION" +"2c0df832-92de-4be1-8412-88a8f074df4a";"FIDO Java Card";"POSSESSION" +"f4c63eff-d26c-4248-801c-3736c7eaa93a";"FIDO KeyPass S3";"POSSESSION" +"9f0d8150-baa5-4c00-9299-ad62c8bb4e87";"GoTrust Idem Card FIDO2 Authenticator";"POSSESSION" +"3b1adb99-0dfe-46fd-90b8-7f7614a4de2a";"GoTrust Idem Key FIDO2 Authenticator";"POSSESSION" +"aeb6569c-f8fb-4950-ac60-24ca2bbe2e52";"HID Crescendo C2300";"POSSESSION" +"54d9fee8-e621-4291-8b18-7157b99c5bec";"HID Crescendo Enabled";"POSSESSION" +"692db549-7ae5-44d5-a1e5-dd20a493b723";"HID Crescendo Key";"POSSESSION" +"3e078ffd-4c54-4586-8baa-a77da113aec5";"Hideez Key 3 FIDO2";"POSSESSION" +"4e768f2c-5fab-48b3-b300-220eb487752b";"Hideez Key 4 FIDO2 SDK";"POSSESSION" +"d821a7d4-e97c-4cb6-bd82-4237731fd4be";"Hyper FIDO Bio Security Key";"POSSESSION" +"9f77e279-a6e2-4d58-b700-31e5943c6a98";"Hyper FIDO Pro";"POSSESSION" +"6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d";"iePass FIDO";"POSSESSION" +"d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3";"KEY-ID FIDO2 Authenticator";"POSSESSION" +"310b2830-bd4a-4da5-832e-9a0dfc90abf2";"MultiPass FIDO";"POSSESSION" +"c5703116-972b-4851-a3e7-ae1259843399";"NEOWAVE Badgeo FIDO2";"POSSESSION" +"3789da91-f943-46bc-95c3-50ea2012f03a";"NEOWAVE Winkeo FIDO2";"POSSESSION" +"07a9f89c-6407-4594-9d56-621d5f1e358b";"NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator";"POSSESSION" +"a1f52be5-dfab-4364-b51c-2bd496b14a56";"OCTATCO EzFinger2 FIDO2 AUTHENTICATOR";"POSSESSION" +"bc2fe499-0d8e-4ffe-96f3-94a82840cf8c";"OCTATCO EzQuant FIDO2 AUTHENTICATOR";"POSSESSION" +"30b5035e-d297-4fc1-b00b-addc96ba6a97";"OneSpan FIDO Touch";"POSSESSION" +"88bbd2f0-342a-42e7-9729-dd158be5407a";"Precision InnaIT Key FIDO 2 Level 2 certified";"POSSESSION" +"149a2021-8ef6-4133-96b8-81f8d5b7f1f5";"Security Key by Yubico with NFC";"POSSESSION" +"6d44ba9b-f6ec-2e49-b930-0c8fe920cb73";"Security Key by Yubico with NFC";"POSSESSION" +"a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa";"Security Key by Yubico with NFC";"POSSESSION" +"b92c3f9a-c014-4056-887f-140a2501163b";"Security Key by Yubico";"POSSESSION" +"f8a011f3-8c0a-4d15-8006-17111f9edc7d";"Security Key by Yubico";"POSSESSION" +"0bb43545-fd2c-4185-87dd-feb0b2916ace";"Security Key NFC by Yubico - Enterprise Edition";"POSSESSION" +"516d3969-5a57-5651-5958-4e7a49434167";"SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)";"POSSESSION" +"8876631b-d4a0-427f-5773-0ec71c9e0279";"Solo Secp256R1 FIDO2 CTAP2 Authenticator";"POSSESSION" +"8976631b-d4a0-427f-5773-0ec71c9e0279";"Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator";"POSSESSION" +"9876631b-d4a0-427f-5773-0ec71c9e0279";"Somu Secp256R1 FIDO2 CTAP2 Authenticator";"POSSESSION" +"931327dd-c89b-406c-a81e-ed7058ef36c6";"Swissbit iShield FIDO2";"POSSESSION" +"efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4";"Thales eToken FIDO";"POSSESSION" +"b50d5e0a-7f81-4959-9b12-f45407407503";"Thales IDPrime MD 3940 FIDO";"POSSESSION" +"ab32f0c6-2239-afbb-c470-d2ef4e254db7";"TOKEN2 FIDO2 Security Key";"POSSESSION" +"95442b2e-f15e-4def-b270-efb106facb4e";"TrustKey G310(H)";"POSSESSION" +"87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c";"TrustKey G320(H)";"POSSESSION" +"da776f39-f6c8-4a89-b252-1d86137a46ba";"TrustKey T110";"POSSESSION" +"e3512a8a-62ae-11ea-bc55-0242ac130003";"TrustKey T120";"POSSESSION" +"73402251-f2a8-4f03-873e-3cb6db604b03";"uTrust FIDO2 Security Key";"POSSESSION" +"39a5647e-1853-446c-a1f6-a79bae9f5bc7";"Vancosys Android Authenticator";"POSSESSION" +"820d89ed-d65a-409e-85cb-f73f0578f82a";"Vancosys iOS Authenticator";"POSSESSION" +"5fdb81b8-53f0-4967-a881-f5ec26fe4d18";"VinCSS FIDO2 Authenticator";"POSSESSION" +"d7a423ad-3e19-4492-9200-78137dccc136";"VivoKey Apex FIDO2";"POSSESSION" +"08987058-cadc-4b81-b6e1-30de50dcbe96";"Windows Hello Hardware Authenticator";"POSSESSION" +"6028b017-b1d4-4c02-b4b3-afcdafc96bb2";"Windows Hello Software Authenticator";"POSSESSION" +"9ddd1817-af5a-4672-a2b9-3e3dd95000a9";"Windows Hello VBS Hardware Authenticator";"POSSESSION" +"504d7149-4e4c-3841-4555-55445a677357";"WiSECURE AuthTron USB FIDO2 Authenticator";"POSSESSION" +"57415531-2e31-4020-a020-323032343032";"Wultra Authenticator 1";"POSSESSION_KNOWLEDGE" +"c1f9a0bc-1dd2-404a-b27f-8e29047a43fd";"YubiKey 5 FIPS Series with NFC";"POSSESSION" +"73bb0cd4-e502-49b8-9c6f-b59445bf720b";"YubiKey 5 FIPS Series";"POSSESSION" +"34f5766d-1536-4a24-9033-0e294e510fb0";"YubiKey 5 Series CTAP2.1 Preview Expired";"POSSESSION" +"2fc0579f-8113-47ea-b116-bb5a8db9202a";"YubiKey 5 Series with NFC";"POSSESSION" +"fa2b99dc-9e39-4257-8f92-4a30d23c4118";"YubiKey 5 Series with NFC";"POSSESSION" +"cb69481e-8ff7-4039-93ec-0a2729a154a8";"YubiKey 5 Series";"POSSESSION" +"ee882879-721c-4913-9775-3dfcce97072a";"YubiKey 5 Series";"POSSESSION" +"85203421-48f9-4355-9bc8-8a53846e5083";"YubiKey 5Ci FIPS";"POSSESSION" +"c5ef55ff-ad9a-4b9f-b580-adebafe026d0";"YubiKey 5Ci";"POSSESSION" +"83c47309-aabb-4108-8470-8be838b573cb";"YubiKey Bio Series (Enterprise Profile)";"POSSESSION" +"d8522d9f-575b-4866-88a9-ba99fa02f35b";"YubiKey Bio Series";"POSSESSION" diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml index 219d5fbdb..3f01c2767 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/db.changelog-version.xml @@ -5,6 +5,7 @@ + diff --git a/docs/images/arch_db_structure.png b/docs/images/arch_db_structure.png index 711f7b2cea0b91f386a1b396ac68d454ff632341..b93f98f91e9ab04c0c40a37876fc8c3981c1fd46 100644 GIT binary patch literal 534224 zcmeFZg{wfFoVfB_Ie=(v4Cg-O}9xGDD{{LwCnL zV7BC~iM`L>Ydz~(&)V-*l%#R7iLp^oP;g~sB%Y$6pgW_WV0dBP0*+`A z1w{fsQ0<;di=pKAk|Kd$e2t;9CW?wE48Uhhl$)q`P;Oi`0sf(&5~JL_{)~bmhf4DI z^HWs1-)+!PQ2b#i=)c=&0Y9(4WPoqr?B73cq@w=2Vk+97*67ZuH~xIa@B&(++=;>e z0Q|tRmeI6BLBY9u^^J-WpZEZ{nkMWS)E=s+AYf!=!D8^z%Fvj_$-?^TEEI^70PxYm z*xrEB$->;yPQXcs`nrVx@cHU6D>dbH6MHiuYN(S39Cri8E-2ytudi57p zb{00)zt;v%g)&A$ z#wOC6!9YO~MUj`?DYp)>7@*a90f2CmBUF)TdryzF||V%6t*c z|Lc_NKY9~Wrgo^^2!3_{|L3A%UeuxP|Mxz>uQ-5$Dw$0DN+Rd~`y@b%d(LY&{`+u$ z9wYS@Cf&|}D2>+5|M%lxwMgwSqWIJD|J;;YR5U#67I8nr|6d1CCCN|!4a0xV|ALB^ zWR{Aj@#NQtsHmg!SWZCI7xH47-Yoz4r1$l;(4*f^|3wuo5W+oHs3Cvdc8nFZ)%ReW zCtBg}U_Rpn`uo~asGH?_eSaGGi7*$J>n44NB>ZnhjLq;gmv@av|^DB%WeABZ&PkyEv(n&087 z&5t@O8ub1d`BGHibRMr)cYYo4j=m%MY#E**zcO5)zcOB7rB(0YE}uqhDG0(0H|_r{ zIZove5&3s01*5&F`$85hEPtO3$-u-RM<*9%e=!IFW&)zGvbR4Ay9vBm8=*@rl|1%Q(@wunmc@(+m5kYNejafS1(+k#GBVD+h3G(gE`UVr zb|NT5h7mnwC>=)ncT%YY0aNgGk$PUl^-_6u6V(^TH?TKJFl$)PRj5|W&1G*{Pl4if zY*(vc1ExrhMxIjjIuA82iNHhFJEU(hq8@q#P*S;A3pcemH$|WG=i4j#;fl;^WKK`; zcb%W@_L)+d6x1HbiCiA{A-<@l!8>VF5(yJS>^tgpGIyv4R6WWABx-_hdoLBWlgo!f zc4SUEq=i31zr{;NG^=N}+RUp96VCi+5VUB16b&)FbpO2u2gOiS)8u1%kv+VG>GXYl zGXA74P_5FJ##DQ2AMu2b!Uig)z4qG99>Hc?eBcAKXK!!fsKtnZuxH*fqp60H3l*cl zOHBJ}DAdyVLPg(-P_)DZXm`@V0}C-3jtFSsrrJvWY&LkF2Lx&z6b4IX`lniYnUYLz0z~v zAKcsNW;G?i^qgAu+s8S6C;s5cZI|61-jbVmI0T!OOUbZdUB{l;E*#dHFsTsII6cqv zeNxA1_ro4!*d~cpP5AEPP+|9zbep-hh0;#bjxZ|z>D^vIRva!W;_#_Ne!Hia7w2|P zE8Yn_7FsNuEY)it+d?T)5S52ht_W7o<8J#OPcSkN$|6GHyxSnJ0BM2w9${y@5ME;g zS&8GN-lPPgkK{;=A)yD~qW&(XvMUP)*6J6y9wO2GJ9I-okw1!@@?5B%+SB_+EBW1* z%TheWBs|tJ$b0+6+fR=DNzPFXcaPcP_c$al;gnC;EA-1P<2a1vs@96T;ri!;`WYDH zPL#U#{gOzsO(*H9xe!4(k!fQ1#lHR}_x{GDpuglYmbWQjFp#lEA+kp8Aw6Q9X`#aL zM}-GHHwksZ{Aie9-*ui%pP@Z^@nud7-=R-p0zeo__$Mfv1UZ%;%E+0XwY0dQUVO+lD$SQG`t&P(B#W>0ofl=#Mkpkd0=_3p^$w281TY@_aUV{dZPgZCUEa<1mG5cRy+ujl@Aop6t% zW{S+|vqfHHw6>*e06+VEMro!C%9a;FN##CN-DuE?U~^|$aB%Hl-I0QR(m9%est~oi zJo)ClySU(<8L#WQUZxq#zYwWrdz4^VMQ`Bk6I5KRtmS;770$AHZjDEP)BW&(z`bzx zea(BHg}Y*^YE9rJhkp)o2=i5^ni=!!Up7AV1oK`~&upta4yv)No(>T^x_n}55Wk*A z09{ZJx7A|Cq$9~wOd*mIuRCfXhC!*#V}kk@J242s>EqrS6%H|+ARgr;0qz338xLB@ znDqJD{g0q+g-ZA#t&v3+jZ}#eCzo6Jmtn)T2DPN58XUO}J~UQC3sjr<9$P*z0R1?l z8iU>2CIP!R>f&E!2eM|Vod3AjW97jaBnMqDB=7S=y-^I^n~zY=yqfa-}|&Nxt<8pRUc~zVJb;S4<~Q-+Qx?owaCv0|W27S_#OIul*V0l#`@h zfJo%|*PQ&WJp1`@=|zrWmA%v_K0EP(&@;E6Hz+!cP0q={o^8beWnP6pkpS!xST9Au zQ87rvrjI1GFooy0zjOAbi=55iJEOjetuHHAHF%(osY^=pmCWg0$o z2u+g;eqE~7=yG%Wajrwh4OQQY7e#D#3K`TEnVjxOdHpWK?yu@OwtR3?mwPx&C2#O> z9+WKN&4NPgnC8F7^Fc2tXT$KeL5kFybQs5lePfWw8;oS-Ee0uDzKsO8q@B)YNnvUf zy(PW)ctOd9BQvBI15tcOyPtC1sB1}W5EQc@sqid?R`)-K{cDsLqU>wg0#n5=geHWF z{sCk#bPtEcs*|96Eg-a`=~D0Hkb9N)tx;^F`-Q(xzKhqQcY?L_?s3 zhO|9B73^j{!BSDCr zTSvmK4GYspx*JPdra_)9?{_2<6Tf)=jebON@BH|fb&F(>;o9Yho<0UeLoivWoJz}E z0@%~NGvopuM!~3DxEw9z4c-UIy!~<)O)mYuvr%|SS$;ML_W~iZ{6MG0%2Hkzlm)G( zYsp<~T4DWbp2q}HnVrX6aWsXmhvJJYS^y4Jyt({M0!NT0NGINos*B69ZcU#k+Gr}o zuj46wY3ajF+p&f7E;qj6Nc|SrdS$@$M6`X`7Az#>;*WWGMsgJ?n6Y;=Uf+oO3Cik& zOm+*UL>Nqxu{9>T%?$RfC!@a7j#<&u^qu(p`)obI64FKHe~?fe~|Xo;cNWEmMeuZAtE z5EvuweO3(L?boK&{`j&Q_wMSHdH3EI85#y6Sk!sK4vpK9v`)pJHzJcdbQSAr1!+-S zckBx`+NW{Kt(wYL;x0#VgV}2Bz1e2*5mn}~s?aTaW{LN~Fx?_L>v~~#xcA*dc`}-( zs^Sv35;$OM7VTr-5rVf;q!^Klv!MJ$C0|n#XFq*X>9Jtv+WV=hD(?#u1FcDTxFTzx zCB5?t#R3$WG*Y+GII@a*iU^ zFPN${5~0PEVog!)!EyHm322+b!6}Qg5_;iMzRaioBOjY12NG;!k(_$6y47!Ft3w_{ z`*6=oPg!A!F4$9V#B-Y=gbsy1DhY3YDSfjZzxPu-G%KT9BfS}4h!U5ChmTpmj#_AE zS?ztr%RKE0VKUn-4_L=fZ)6c|vaD5ICEMv{+0rtX?fllBD8XT5M2Kas)jWZN-LF+} z)vvE{qT8pRlzzWp?s7(oj-iow4~8EF6Hl=R6ZiA(uZnO5KVW|dMBq%g4}R2x znDJzA2=8O7%m~;oLota~;U6E#7ysN{Ot7-tu>!pYv+5;Y1x1p#(Qk)f_3`M9DB)wDH-n(CVCNmc4c`I@(|5oi~E()tV@}*foA`I~&f|jgh>Hcccb%EPV+l zay3g3Bvwo^0X#X+3q~XL#Z_7!%to+iqbIZ`z?}`oy0hh%l(Ox%D;KNA)i$SU;f)x< z%Dj^Xlb&*eE?$e%v=O3Fg}&rZIZ3P#Yp1cA->} zxh!23RJyK{WXRxStIU|J`i}?1f&xMZM+oH5_-3CNHkhYk@{PWW!Ptkr_N>QQLWd)@ zAb*VvX$nu4c4sFz1>zeuo?&lPeLa6q5^sGWG(NsE-%Z8M18D4kx;LLEx!K3#)HYqYp-XPgi!8OH{_cV9~F&9Q4Pijl`kz zJkE9Ixo7eSlh4gM0N;)HVET@3vGn%RRa8Kz=Vair*Ds9#@a#6z)7wNG58Z*FKsn{8 zg|>La$J%?a*TA1F8i*^Z_7+$@`2j5B!N1Wid{AUwyW6Sk!I9)Jq>0p?KG9HGn(?RT z)ui0<&FEfMtp*$R?5$nGyG!7ft)*GyLRA?EB_W<9>oWr6F=6Hsy&5A9foW5n5ki)h zG%nfMxKaP2NxG@PQ@VnVdltq@Z zda<*oIlA*|>nAEQX{jzPHh+klnK{$QAjyZM(yaMe0S37n(>|*NMXsFyA+^%shHi<< z9wJ3IZn4*$W`AXr2A57ETM~ybE5WLkb@I|*+U~5*4-=Rr#WfUeyWaox<{-ck{39v{ zd4)FtRT}J&5a3$b{2ZB=2d`) zSkB=9$x{p!6SxY_h&fFZLgY!A97YUBo4NA&?H1FkH|qqiQPf*mJm~yLk&$?Q8ct43 zc3*v>U-FY1r-X=%H?jpa9M#a>#Zli^AG4(IgZXu}TVb1(CQ;2OScRw1UmRT38=i+RVyfXMgG7_HOOwwe)-r_pny^5)r%)#74m+4V^ zIlF7C1;yHK#9fx*OM)^3ez4r!5+LOC{)YmV7r1y6E~=YZ=K3#DFra$>LZxyNN4fOg325~ZwkX2 z4a)4sU|AVJG|QXhae{;aG{xwhS2In1eo;L;kk&wJU)m|)kIylg&v)--xF1gP>bh;W z`iV9Rh&E$I=e-`GzT?2ULm^rFEM$e&he?h=9(Hj-f-pq##M0PPjPHCl_I=5$dyaCx^tfquujv-nzbimiRJ_n zUXraRLbWdUf++8^Fh%YB-$`@@3I7n#q7DQv;#GVylo(o~vth{3$1n?aX4t|+J7R0{ zkTp}4nXZ>mtu)XRlc}$M>uH+I6UA!B&Eza2c10}IWw<;mGx#-mxW{4jbcU7Z={Pdg z2Tv~LVlNBFJ6%m+r-KG(JKb^W@`t~0Wb>S7=cAaHK`Gs=^^o)R=?e=(*YE7@FK4po zbVC>#^KX}^*5eE*IpR!txiv>)VS0cZA;~) z+1eKLBu5aIS;~;)WETfNn_vD9rA_ON*Q#jZqwC}lJ^l1InEM*ikS-emU+zyUS@_Oe zF%|V#X+nhcw%gz!Z)REugiA5`%nj^t6u9Uk*+(Ev`V?Ac-_xF;Eq_Zsi9CTxy&U~r zsVq)6Wv(j}lbGvs(_p^%RUBSw9OUk6eR;|Jf`9}0QW z`3431HQ33FxgUn-<(me8wIfj8$|~T{2(w5;^kkG|)G#1kv$)w^L^-o+7UzOK5rZ}J zAIZT zq<=&6=xS&N;)i~P6#xN;iEHj$c34WN-}_mz9ghq#R%WKkc9b$ypq+BEzZoN?UZW)> z5jyg8dnD9io?vOjvNM!TdycxmHnC8+iM6-AeC_an&+0wj48@QFsoI828j}w9g7ncA z>o70eAm?8`unZWLEU@;Vz^}-)n$`=GU}I5xlR=MQij`Troau_dCvzY81RMN1s5!Dc znxpNq(`ky>Szv@8xwoIccOsa@fE7_#tpdPY!{vN`7y&G|{s%y=Kv*KInBtV#fk0%3 zHHbby?HlIZaex`iQc4oY@V;@%o6P9XxEbR|-F3D+r<~=3m#9*MRx9sv5(gN_;ss>G z`JrO<8k{pvul8{*+xkMyWTAo4m{~!8wr71EG9$(`^CsZT_g9Cr!mII=Z=4(|Mr0|- z`;*(EXd?eWp)k=N0_&NDc(bRB53eWApu~&GDhIzueO31JGyduB2UCpeoR)oDZ~E9_ z^;oCrSaXL;uECQu0BTW14n8-n&(mTT!a}{_?S~KZi|W2IIae&U6#LCje!voF@?YL9 zZ(+m>(0z&D0(q2=h3}dsT`$wJwW+Z8 zk+t$;D(QnIrlDMRLu*{F2NP~}#d@QN|G4KsEWkat2AlR@his`QSd`ZGEVR-B4&AcOl zXT<2m3va(yP6x7wS*mGL3tMWL3bI$+Hv-5CA_(iY{LCkJx0>;@C@zoMVVxfzApr{9 zUH~v;BsV`Ls%~dJF-L}NRC_)x4YHTeyrCbNo=srSSw^_Bu+Zk8GS%N}~&);Xn!@ zPU<$r$6L6hVL%=r?~9#W5SUq3$i-fsM(TF=vE%9(cRNw_(iig?PQ#WTZ6^zNFT(%Q z1VCC@{=d*rG1aL;18fAcKKeQGhDjo%M*nP7r8u*3W#KA87SCoNc17P6H*mV2?Ck-g zD&W2ok)lvBVJlCC?VvbW?Wi0?$f`8g9;&>Q;^_hQ41w%)Fx|Ok@PCNoE2f-IEWynR zYKPK)5=669-<$1@Y{JGk98gn3q&_*{wJ&ZCgehMkW|!sgEJRmS4*ZOl@ZJ!|BqDp0 zuN+f^xmE-Ey=Jp^X%Y6cppTx(3EL-?MOPrpu2+CwdtAZ&B7=H5@@BlFuC)}^9uw=( zk zLK+IYC!P1}yV34#pYE?lfWc@W7UipK+#W91XZ7n`yEg-EA&lo<0!ZTv0UBn! z@>KNK2eU0#nF7DWZkB4MtHcQ`ROmqFI#-HNCR`mRwO0XRH&2(jU|w5=UdN3I{@PXD z%`UL`;k2jcN!RnbrwTV*xoek%Hap)+LpLNe!tvEQEUV`(AU*H7tqWr{OJCWze1(!M z`8C;QxgO@X+UGd54t&WE#*yG;Uj5;7*e44ZIVxvCyG1kDrj60g#j+|*F`I8dNiNiC zxwo34V@M%DlPt((v$~I5vqiJsLwpRXfWN8}AU>m)AVjO&TD5nB@MXdFX$bQWBXPpv z<i`=iKM|uC4+vF5RDoZcJk1e0hg_8J?{DFS=$#FP+bh ziY_Jp<P-WcQ^r$B(_O3Y&p zRr2>sblqQxI`4z*e&6%Pce~E?wNm%F?-27%pH3aZlU+CB9xEk619*an{gOLy!u@xE zr4Y&W)N_G7u6BM+Vzvpo2$xRz?tv*;1SWWU=X2yA(ghW3fZDrantR9)_jf*C zCY9{2sElTjt+9tI*y@LtMh!Q1y8veZnL=f};AZe_9yH;*d!QXA_=?w`Iob`ja-%8e z-W{L5;PJ2DYQjMP@ak!L5jDWqKxQuE`rI->uWwx?bTh6Jxj|z1!bdNNAx_qM(^*#2 zb^Nu3Q!oWLL@&9~8+m-;vzJA^eI08)>fZ;J^m`HM0GSgl`DpeH3p&xnle@I(t5!9f zo+kAdQZAd4rWSYdi9PhGC#nqD=ldmHl!dt;T}7Kgdzni{voveIb9qo4FcV9r11>YX zno)Zeaxj8$9=lJC@S459ThGemkj$8A&0et#o3O(@-!~WU+{};K8o%b0Xw)51ug13~KT>ZM%^(fg=Lq%V zRWV7(O1!)uVXH-gD33nssnt-Q%}0bVGg-SV5$}TY)LX@Rgo5^8HHqEKNxq2#eyQpY z(`1@e_*OU{C+KKdK1IY|{3M;~(`X6F)X4p}{fiR#z3h(|!CsFq&YHfyJ98ymU3g*B zY}ij0XaxS)mdConRsdzhV5H1-8p_qw_Lat5NkmZhKy-6J<%NY$a^IhrPe2v=S0*0e z=dDd zJ~I-CUB4TLoHV^}&DN}@W6Gwk`_GC}1Zd%}*=0;Q*HCK!9aSQ^$fzA$a7G@R#RmW` z^u{a$wBd1fUnoJHwyQ!-7hkxBSw$35om{%A=eYfNq!_R7r&t4hkb+G}sQ>i@j23l^os&k-J4IWG0;#qU;(i1&Lm!O(VE z^bE|t<6?bZtIl%%e)?G{a&5VKDxGF(1VM#uwb?de<=Nr{Npthpuu8hHs=53>N7E0N>gK#2f$G{>}lDh@d5zxuV$05Yu5Gk3x~P< zE?sFfxUwf>c%U-+s2{B8XQt|X`xhj-vNdA_0Av4V-~sp-{#@}vd5dOMXQ*nNiA~S8 zR`bUH9KfHuE@FZO_ZI&|5x`mRfCRv}HP`*$vn>ddjT^H&JXZnK$%5TE32|ceiSLw9Y4?)9DBl;d@!vP zt@4M)Wd`JIqZ~Bizu(qaqG-)Jc4O9&e!y*9&3l_~Pa=lX+avR#)mcObA09L zPp7O_-&(P(_argK$@UPd_Yc-AM!XvO!{}zkp>e*kK5VLBVMCGf7N$+!^no{?yfFuhy;0rj zc*A=hH&A*dYtwEmY|T_KkC!W1X?Gdw{OS0^LguSXhhMVIZ&p6Y+~l}7>zvGa<3IBFoZ2D+cQ&4x0Qg=zp)OmZna!&I=1C& zTKMuaR?Q&z~T zo%6Nt9nH!Rk_uLcAb0;<^b`;tDaGj6%4!wAls#yMV>HfQUQAymSbm#%w?>F)B&I2A zP6Fvn#nw{_?QK!mVP#`b10TAAbw4{zsdS6@?bB63*0l?N-wo^F9IvG&tb~n*O>x?=}4kk_yYZB|!b4bQO-2eCr2&!Mq7 z6MCbJp_~|&_lDf|g=K%h_{CbCF3hwm9wO!{xmxr09$MAb?pkJ(w!t_cZ68B}miz}_7 z9ky9!gc2Wweb8)hg*#h1^d0PVk<;#&Ar&A$12m5MDKRI9n+bS~=&9U(87c*OxUjZ( zA^!gZ;;%do4K9rP`pHuTuyVEQdGfT+tgB9Y1)m-&<6S(Zol!da0T6s40A#Vf5Ix!Q7fGz!i7H4>u&U!%9-YP29-KAo8aTmSMRbXM zqrYvnqXmgfv6ByUaJHVTdZP%SOtC2nb~hQSWiII9_c+0NsHve;MKkV*sHud%X^`IIfGrAtiS!1>%)fe zq7$&$(jFjG6x!=B@+;(I3!bp3*xOT6PM;A!&5T22WjgOpDHPNkxU6uvqzu?06S9Zt zHx&i$dL*g2@ESL45C)L~EXWt*v(IRuA3K zMKqwE?|klLiu~{sQ6`^N^I|8g@kWqjhG|A)t6}Hewov&#$e~;O$yqmSV1s7oc!uU3 zkCNRS_ig|`Qrj)F&9C`%fJND4 zKT+EDoxq7L)e+GT zMx?V!+}OZ$v2Bm8YVoMFETUM_>^40UHbO*Zvu0+i>C0s$+CM8A+1ZjJ_r-Z0=W$g1 zj}PUZO8WcUvhEaHh@s#VRDSrzlkTx7SbUfEPs^# zNX&3a9JKpO4xVx-!i^Cn(8JOeW5pE1)5{74smE4`^!$WP;@il)eC4l7KpaZuhdol|7ZC)OsK{tJG;*Wz!Zy8D!nK$|ev{HJn10!Hs{eoNd_iEThhx(fWP`%X*zGUqE=@GTEg7nwhBx)hl z6%rqz{p3)VgB(r17S-A~^BcWD!&Ts~VvO$Q=Mu#o+j>3z-Yc|TU%d7)-->e!bOHR*;U18~T^tUj0Q98*+o;a0 zhm$2V6bG|Q5b$I`v0oGY9lT0(Kot^mlWgkCAYg{LjJqQD)=K&^gIKEQ0J2xWVfn|E7oWm3<~{mRX}81$2!h*QK@YwIHZYikH^0A+>_2@;l5Rk1 z35M44|IHksG~t1T_;MYG@^upqi#BEw|IrRIFO~=ZIJH#7`&(NiI!HiQP|+-`R%*Qf z$o3*{UZ+g1-wC(a6&DDT$)Wo7ims;kpVAglcVP8qZyr<}{9Vw0L`VR)feE~x|DE{1 z!TI0J`QPgJXQ_T$k^h;F|Cz`C`Huhj$Nzzc{~@d2=+WDP`bUvbb6!hZFi8bH8O>iE z3M!VlAb=$;OkZLDM#NPQ+3Xg-mjXPm&LJL|z`&y$jQ>&W-}UZY&t{AMBVPADP^Qdv z)N`8g+XFOa8Gw5F;aTCL>Kg2F-4yE&T>qkrrnNI*Ij+U|I~Yi~BYKqpbyu>xE>;8R zj^}VdlUz)(lvqBP*`fHa0^0mOpxo+-jaaV0)?7uySR5&5xo`BF=X*o$UHJ18`mnyI zyH@EdRjndJNv$e-*a=X1_XEntc=m#c-b2THfNVdH0 zi0POoyicyBQ7{K;wFdx-+1b+$X3ZkelsW5rRj&<%#NA8rV^*+lnX|LQ&(0RlFzYK_ zZ0gozFrE`-C3-m5lg6CyRCbkW*+zHCy!o>iKpjV|g-{4bm{O%uIEx3t;{zH}gRZ67 zZ*IbHdaG`m5mx`uxe=*&(!;e;&VsTg=uCVYhNrIkomh4wDY2iQ@JVf22#`R5ojg;` zcgJx})1;_(xFpf}wFhGZK!9{b=Wbe;dw!~L-+?e6*X=r2!uUM@`*cjv)YJRw zt)JyyGm> zwyfvy&?b-BHD{P)PO@T9vh&cEGm~HHMp`ODXSoUM_%ChsfFhZ#1*3yz?qSDSH??tF ztvr7H5Vbgs<5+e(ph7qc7`@E9$`E#TlcSxXK|<6M^l8`xI?Y%jP@)KH@Inm+@ku|J z0P4OXL=p+dqodjEopKK45Syqu zzNT;rXZG`r>vC_A3#V)0daGUw`3iw?7uK;f+PElXKJy;^$;-X^JlSGyn=WL`oU}6^ z#lri-1?wZ54_|fxCLuGYpiaPjFO5Rcb*)G`xtw?|9b$bfJ!A)~n$o18xwIgYVs?k5q8bA8-OS@LB>u?QY3^9p-^ffl@M5%Mb#q z!i|~J4WO{?d%drV-Nc&@j&I~Jg-SP%mr^$Ip9xm8f3Kgs(-6On?|CFHfJ~2o2N2MV zS@1JMchQg7gD4i1`4{eu7dk6wyWeVDdq-j^8eLXTk+gdt0oEyGTkg8A9XrvrW7MkRHb*I{~Gb8t9edV8MLc@7YzDEwRoA zqoxQz+$7zu;J`hNN6%c}vi+Wd>#BGmQz(azT-;kNUT1!ip}77q!a zhWnMFfw5G1&W`pSj&~N0F}`+2&}Nw?J3p>HtljK^eJoc(Ge(PYkF`5$EzcJ2=5NF7 zCaO7JOmO~?3os|j+o|=@rw+y^QAWP@TV_2E3`l<*60xQ?Hwz!L@0Vt?-!ZyMjX1l7 zlJav5M{L`+-hciwh&=jMK=FLU1*`&n)};;H9YJxvER6&lg5vq<;h{?fZl1=X9LH7Z z1+m~8^LRcRLvj-KcNJ7PY2{vCcK%u@*%?nhtEJsCYHU`#uTN^uPq?HVpFE?b?8OSJ zE3AAa0@QRMZ%`bGDt%zpV__+mTpcAY;lXN&HPC8n#ur(O&F(Ro$}jtj-|DE#tYeg| zEN>~5faBlLEZ#hQJ~^FnRXVF{+xbX)KJ;hP4H|r+mQld2mt?zEk}56`t{HVl@^46X zaL!VXKrYXAk*pW9tUHG^epIZM4bz8phYR}=TSk)^)8`wGNFaMBe3*4pE(KUO@Mrxl4iUAgteNnX-Zw9CGC;ccD zN?2bc&5bIrYpRqT>ZGAgxIWOYwb-tnPd7@_Dz_v^hr?b;mx5` zKx)`m{G)m25&NxiN}Pz1+o*)lk=uzwiL=kKSk~AjalEA~b}_edZr7JuZ-)f+^fCtX z%cq{-wf~>!ORi<9go6u0U{g7eM!7!G^wSxK!7vVlLYZ>Cfa>jjOLq|}eDbO{l!C!J(%Yl^!OT>R?T4*G zB4>`I%W!FOSGM)MsOKI1#X$s2sX(Y>{RFJTcDQ5`4WooWUJz|fU!G4pcQY;$8BHARpmg3~ z!>{zbJoKD~VsFrN_}|o(^~cch(0$x{d7^*G*nYWMf3XS?^2HcWIh&^qwlVUD0J~1; zFGA|K{8(S+%x0x{RBbQD`96f2;@vl-LZ=oc&Z=yQdvJM*W#}`(;Rk0o_ zx_7e;Q^fqDyZ%fbtiHSp6ajYyjdH9XUTrwQ0zrGM@iHI?+Qp`bV-wCxO7-)F&^wAD z$eu$BHM+tH-Q0}l<>qA)VrELPA}WI71f<4nA=9c7WMi_yKc9V%0zp2zsdm*>16)a$e#_lMro; z_xFcR0JU&YA^eN6=CVHAc=#>&kS$TL;}I&B897||=%)`!R-oH%!t{5W%3~AKxe+`- zj8^|B=q9Ud1Ry2#HtP={9_giZ;XCSsRb zF8DxjCbIVlKO@wA&8V_Z7Xa{@AcNc2C35W)o^E;r6!JtKlcBna4Ap$Co$zK*p7?S1xylXI_fq^O^ zhrTs*CaOS@LD3RTEL|U52WZjTg`Eu--gQ)N)}1a2cRM`j58I2k3xDixA!Xp##+`D? z3;$pjbsVmd7$n?vc-z5b@y0AeUlC^V`N_UKkfbq9qj+oj!5|gR)NWS^JbOJR=M!#Qqrzn_f3UmWz0QQ(f?m zdQP(|%4_mHwvEK74U@Oiyr}ER&zX0;q`Zwq8=^=4QC6`zcfs90SH&~RH{V-NNZ2(8 z)3|TYb_9`Flk#>_HQBOc2H1sgQIoBRx{-rGmNpOx-#OBdQhJhc%=XB;mU}ko&5m^A zpvsZqL0;4o6!&*P00Qj3vFoA;p@dIwWqGzbpFF(Sqd&9$K!8q6j+fR4uLp6&Q4@t^ zYe3W4bs0_`I=4Ad;+;ouZM9RuDG$PEDcWQvV(zl+&}`C~e&8pMY?ky~igkx$qXr;# zTMF!Ta2_;QtNbdL~jbwoSg_aoHnKw7iR za+etkP;c}3XPE5O%8*-CfrkfTJ7@z% z(g}3ZbZmOp52yeoFNs~*Tsiv>3x$w_k+GmX9ut`Tbu0#KpXKIBx$)vrLolxf7n8(? z%d5PQ`ICklEbS9p9FNcmZc+J5LY>1}tGr1pEkp1{&bI78`=*u8V^0!5|Ul6Ed25kp1;8*7kio1kcY3^aIZ5PTWUu%S~wneD{ zW2<#qE8H|{)MCPOYB09=2neTnVuF!c(2JiPG2+H9l#dqG5B*!L@Ms`Ca;GVJ=;qN@!iJ|(JC&MMiD2DV#3{yL8KFhvX zci~sHljf?;&TRx>hv}1{ik*S3tBp&vv;063W9(A122nd~QgrQCdVs9(qCT$gR|ApQ zizBwHWuHqF%hNWdu5kI;JeSZOfR{_wQJ#j0&rVz?>aZlLZEAzg^O)H+UP2{p^MnB@ z^e*2wVDp=jun?~fuGT_mGa7CXCzEiIWwYGJi|^6G{&Rw+@O0VA(Bd{?oM4)^6z9b_ z=e$zS(+bb-ra6&|IT4c_t`q)g!TQVd&D}#h9CA)!IznptSpwG2pKjae0@F)u{{4O0 zX)L$R)_8R$NH6r~DHBs7=tWUsbMe)79*^UCY{$X*{5F^7+^G7W>IOUFL%du%gGp}$ zD1|!PA90h3Pp`{Tj&KqtB)nt^nW+%k<+i|j#_0Wkf{C;{Mo52S=6Rk&@x(abU2w@q zX78`eRGiyR+R(S-(&OjnPI?nTcE4DGRE{;UeA{n zU*X*O+d^id6GVlr_NKJ66Ut*{xJe3!QNOrAWRU%AV{CEZ0hU=}Sh5ltD1co||7GAE zBkwwi`WXvNh*NRjNaOiw{iSPia;rEqeqiEUjJxojR+-=|NC!`Qc`rQR2(H7EVCS2~^7NrR7une|IcIn%YA)*yw!SueTbw8 zkKnjiGZpDZmfRW!5Oi%Kg>fdi;x@L(#@(YjaS--UCCbI9B_LKGwS1)r{iCpa{jece zfcG;5UBs`!wvlgvy2}F^;6ib}(31V*&r;P^9#NN_)(=vxzxfZ_@#KHb}M0);{d3xVB z(GTz0n;y`GV!_2m0wMDUOT7#bju`rw@K$3MqUb zLM=S3e?q2RcLSs=yc^fYb>JW&J>)=h?&QNM(y?7DP9Y6_NG9=UD5R;s9xL>R&nt-( zslsgg58CKTOaoI_;fFPJV@vmK^U7W6(p>`braPq@X$1tNwn@u2 z8V3Bv=kELai`{X@9b+4>*E1f^T~pJntY{aZi)O|rLC=>u3>XUyOLgHkbKl67ry`Bt zF!xDz;^NPl#1t53OCAxIM6Rm&|Kz)brwGs7?4%@kH?hDc9)B9>&h&q2-sYD)i>xYu z0yt7oPxY%jXs>it`oLejcb5#eq@>k}Y5RU6YEOq4{>|14+S0&`h~Aq>ju1w(F?2)U zL~?2xhXk0)^-NNlw`u0*q;rnM_1ouUK_nvBUKC!Dyzh-;7Ou#38iiF_m0l0pm`If8 z^hI4jQN`VCRi@ezGPWBw^cvAf_RR-1^C267_)*4tspWw|mLo<+42p14j~?6NHvgQ% z*G0zL+pn_&J)v-AnGBi)mfEC=^tMJ?2C2hnTO#X8HK|G$a-m4RSy`@<`QQR}-8&~j z&9|Ibov~h};1+TB088Zmp0xEmf4Zm8hGN~b?Yzk(ch_o%K->{x;XN35SUc!OhT#tC z_Ep`qY3>GZslW=N-iyZo-;I`Q&)^)Qs4Vz6B2+~loVf#Ad1LK^HFeK-yOGSup)Y|* zM#5{3w?rg9tbY-C=9InUorp!%K^EH=b}@sJuCi8SZ8e@L69pxmM)K8nvj6cvsyi?! zzI_)RJpg=CuiBPj!|XUN^tE=4^uupsoZf1=LF&BxHbD;mD+ZMew{mYfj-Lx5bDX0% zxwB-9@!)FG%ZavYREDoIj=q&APu;LzH&!y#yE;uVP)?>-sF8*Dp+3m>ki-9FAe){K zX*hloNlI!KAx@W+{g6aYT{6h-uw7iJGawFH`-V?DVSa6qUX>K;ZY#RLoNtyMBP=DT z5qLc`J}Ti(&Ca;T&d;~tqcrwOl5uBBk{J4FRcLQeo&+Th?aWC`4FnqqPL25!2EOrJ z7;6w^4u-su>Qgk1QQ{604cnKjpERi44feq*>xU8A2-Ht5nSVc;ROst)bXkE^S7mk7 zn`yF+#iQg^fv!sm`L#xI7sM-bXNo0?-wwp|ukxObMK{ch3XHpigvT-4i`(nxR+U<# z8EUnGopa-=^5(@ikqUcKW0}R+Wr@ZIFbp)t;8;E5_RL~Jc2|f87bzT%8X+kiEa)_r zo58NyT~EJH%jE?54_F>ETTpiegKv?Oq>Uqzqk zq*AUUei3QNc_=7#?fr@>*!xu~wP=qn_Jiq$6)R2f%)N`u7Gn}SBf-|3)g+ZH{SBj! zm;TM9kRam6XvH!AKDF0}e;z!K(#;{y=V$RUJQ&+69TWEuw7>H@&C(q<0B+j1(f^m9 zD{03cxtC~r^>Sx3+yTExWLI7uIUJ7rNM;;sq{DH^AvoToYi#~oXefIr;a*Ce@l|<_ z<*3*1%;C(dX`5A{V!l(OXg(GL-#^Kmuq>yc?Qx09tPuu@y3)UX59v`eo5{!p-!?oOO(pui6b3u&`*%6IAbQsUh zOhp!+TMV6Pyt2fO$MZoI$Nn0zJv{McEQBJ5RP z?RL&PD^AtN+i%Typql$Z^8re_vui%$G}+GS+i5 zoLX!QuO>U}+c*mDk6t)6bd1y@{1TU?q(MAF@5VlSy}b|7rdNg=~1dZ8-A> zc%>;DE4A7Tic_l$Hz~_IOH(W3iT29FH+<%_9SXeEW@B2(qVYlov1uTZI_4-?CTQp7 z-_r-E)q_2C7+GSTe-IBl)rYw);N~E+NJrx&GiflB8b2g6i43i<0R8eJ~p?>@20IJ=Gb#UiG2l>vN)BMv0%^ zoIWY$C{{){&zIQ6ZJfxB`hgevQav@|d(nS6Te( znvpq53aappuszA$tYep`O||D0_$H&egWRK+XPo z%4dd2GTSgR<;)cv%zwzT$6mXxz}YB}NC|q#sFD}gVr3oy#)25Hg1h?B!sX8u-0Qv4 zSnkMa(7FE}3YxXo!poRwB4f=+Vpys6-e_`%wLcFf8v>T4EI5=mEM%8&?T&LJCyF2L zPzpN)9;=Ytq_oA!%rZtYE@DY;43y((pinJIY8s{8r2uy{6G_8S6|3>l9GfXFWdXt6 z7Tw=vNJfr!cCv%DXtW(;q+1G31&zwasK&MJj;!r z8i;CiKy1gLLMV-GOhgQY&P1;1y<)qSLkYFXxe{?vjE0}Rd=%v&bO~8v$vg_|uqQ20 zr^@R7(CA=(uj}?CnRKQ*%l?ucJ&H@(}bi& zQB!OFMSr#ceY(}0mCX>TQJWN@Fu2s8u7}jS9%}k;YXVhJJ<3%6)<&K)$v$|}u{yBQ z-e#c@#d?MU+w*~!T(^)a`HSk_EJ|BwOYyxcb?|;V9>11|T^*l$;=>Nh0~<=NW0?j& zzkPmWEW+u$+Gum|WL7=i6hG#Uqp_12aFV0Br^&0&ywM{PtEZZ z(y?a=1spKeMdZ`Hv~RK(Wk`6_RXYQ|36D*tx01Qh@ucPw`;|8-eDTxID#tvRL>cS6uD{>Kk&M$zv(X>jl<)&q|0k z{5)A&>kNtOCi*PY!tm>t>j>MiSV%T(5pq-a9s<&bV?hd6j2nEbS7yuI$w^sW@p`ab z`V=K)mqK=3mr1&YLwwe?45lT;#(4a+C?E3yP)=f_R~kJ^%uJ>?Xo5N9z1M2neeSda zbR2|NcuugzK!P5~VgOD1abVyoR5JqD+mtX`2v?thCYfY#GuB*YGtpr2$Gw)_92gC* zg;a>N?Sj1k$Z9jnd{ z!l$Le`I3E5H<9h>Tcr$!abT5ecRPn-fajkIg`am3Z`bw3D@-{C#Iui>iVF{D%i$$G zV$(L8Cn;#`q!_w&ae&n1;JIsC{=?^ua(Keg*RAa-CmS9yCrTqPIp>uzG7n`FzVD*W zsZv>D#wWr9*TSow$3F5nmd7z6_Bpg)p=X(1yE&baRgAGRsD2#2Wm0{CLq=x$$ha!A z89_GY-IGfk`k-zFU9qDkQ-5u9%Vt*V^b}@C`bui8m@Gv!)`kq1{WTu9HW?0wX#G(> zR-#pQeL~VAC||$Q$6~Dvhkxw8>fMtA0RmBu!L0H#YH_X7S3i_sJ3c5s%8pQSd5X@$ z7}~@mCYc+nsC6|ox@ukQV?1p$8iUP}1vFl@0ma;*Wc!@^&fMWIvCSeUY1P&WD17rG z>Mfi^zBl{H1X0%@Q7O=+ggdiyr;@mb8hsi%I2z{MbwzR?sJ zG}f)cX%S+AS^)l@4u2N3Ra?RL_>q(JTN z!a?_-i~q{jdU0-;pdTw{t2lbuA%Ft!5_veg#;P@n*FPaE$kkMLo?_ds9aVjvBCPE; zZ37Ohu)2}DLA`k69bgK{!6vf#~&dOv$~>{4uUJR7_k@xP~H7e|-t9&?h* z#A#?S1Gcly4IA2c|q zKmW|fF40xEKX)aM9Azd1w5TeU6-Aa8{NUqO;EyJ&^-TLH{|&CNU`2NAXvNPu+|c&k z!ONd9%i65l%iWFHjjjPjkN;heCm)IZtT_5U8VpQznFeUr*kkP{80QFA(q*?2E4vA_ z;eY-hL$sW1Bhp)5uLOx`<2cIoa*LE?p*2dz9D9|R#y&4$#cjHbxyD8LxwJlT$h${; zrE;6%L?yp%@8LDbN$l{4)NalxA}hJrddyE&VH5Vpj5yib=W*a3PeEA!)Uky}Avn-z z5JxTFXQZNV+IG7Rz5oka$a`q*0(9(keZwW%rwMf2TJGG}6b_$UK5tlttQdNIlXcSo znVDT>Wnc>iUXy18yu0Nf>Cci80GVn`c|Kdk$NG?(ez8n+T&VZ1rPc={R#xN>K4q=f zXf~@0ID-jeKG&frw@Pnkj)sf<4IU?db0Ui&0D6!V`zn)!t!go-)41ioV`I{91-M6- zFzXR*Y(rIJjM3dmW2#Ih_$EBr@1?)ZXoM_$gyM`_hin#3_wvv|Hsm3EqoZ@7LTG_> zw=(-49rMcj|so$WTldl#j!KG9PB@&#DJkI`%TKs*yS zI8$&}O?qlCUxvn>r`WbQ-;;UdDR`hpLmdQgT~yO*g6x!u1{&OCp81BHVQo)hZkO$< z&x+TqKwK1l*l3$s_qF)WtnDgQcz|iE?R4l-sR7Y(@BH^gH30V)u3vj9e4yU&Ak^ur z&$`K?l8M7PljYyk4zIfXEu)VGD^p*<_DfWntU&F2ymB|nN_eMJR0#RP!v4Xlk2eI# zKC|keNk=DyoEVf>NVe9VHr^di{uW}tF){6?Vunin^cl~2D3!zT4RRJ(mMQNF6M{!` z@CM6&)NL?d;~wD+-&7*OfuQwwtFMbuyd*NZQ z=l%5rsg8<^VQyMZs>l4cJTMCA)`kx@@IE>>xR_=32iiE-yzJm&TL0+c*cP-}dF?Ti z6L;-;vj|p8b$Y+C?~|xtm8_)zG16j`j4w!FV7z7BS@o`O)>UIpV|K~_kARR~1so@M zbMneM(v1CMJ1jQS2Td%{*fagjDNpE225*o2en`2C0+!=my+zO0s-mJVSprrT#!MGH z)HEU0#u*{5aI%%^)sU`6R))9dO&R__in6(wJ3YKOdj7cu<$96bM+M!|jxSWf5+107 zT6i(iNP?cJ%XG%htq!Ypqg*E^weB<_(voBK5N^g~PpQR$l(Xw5t6b{wG|NQkb+6~CjT1yODY`F(a9Eh?ObS)wG+5Jd+L0yQ7N!f<}?Ax>r zH+1w)`26iuP0JGD(nl)giTU$mpOmUUe(P;yuWl)ia=vF7(8+xA%)1>r|8$;)yZ7); zC+~7V)y%M6VXwTfEF}v(E^lAjpcWF_M}5L{Kq0ue!#ExoOXEeW(0dObA{6?efMvY{ zLS;`NEWFA{Hg|gyUWY`h#ofDP+z+pw)xMK{SnlY{tddT*beUqj5b(&?XI_3{)7T!qE>^C>4oQ8vqr z;!~Q-Q&iV!WZJ7yYwyJCXO+1hqM|615ntV3c8V8q%(LiLFqeG%+|B%)=?fz!4K6nh zogflL8eC&SzdN6G`$Ef7$0U|{GET$nG5O!8CP(Q9l-z6nm11wG-18e1 z6n}2d^MN*!S02;cH6;nVAEls4?%`4y;Glpp`dTI?8JAlgfz%;cf)SmeG?l+P zHhmrPgo7K#9_TWFiV&QvQ!f6^>-QP(p&4$;>4Lq=ydW$>cmDjt^)wR6iVeVG2Y!r# zWL*x>2gSl`w1YqVsxjL8L~b(~;hieawUZIn?5Rbcks_MP6+FVp9J~>ERvM_Uw*38r zD_K#i*Vi|j*W|_CUvS1V>&?{`pR*tYveSYN-^dhzhlg2JV6SPJ^~U4zoWBq#ZV;QC~Bl z1puxOFcMtT*MvqHW)I|5&)pv{Vlf;gK8(QFalzxK#&$b#+{Lq+mRDNqZav!cY3tCa z4NC(O8P>wjm!RC0qB%|L4*v6T++ZO7oU>oA@mVk|Ut&ym;bA7qfW$3Ua)PS&+5`x* zgb~Pp780~1GcpC?>VjF_^ua>ey=sgW2`wngh!#0q*m{HL8u665!Y$I$4(LoSPJzR z-pq|YTblW;*SPM^RP*ew?8{}L(rRCLt=sm`S;cjyj&3=)7xCbVxUO11y&GxA<=J;M zpyZkXU8wf})xFH-4)%Tb%J+JhR50GA4~uAgN2WAHWXid#uj1-b5``ajs=c08qM1^0 z-<7T0M34k?di={=knI&r`P(fSGMpg?5xvc*@3Zk7I&CEBg!@lq_#>qHx5EiF9`?&; z_0{d4snhKkIT+13)&_5qVznj#FqNRe6T^K9IhDE9cWgBm&p6Q+yY_kTer|O6BzSfl z{OXoon9h5kO>Is76;isOR_{j3ND%qs`ugVEMbr;RU6wKW$h6_XFQb1`j;u4wE8o-v zd=h09R&*TJD@SX{+BuMv+$g{W*)El*$feak&S-;Ra_j*DKQsu>N&?G|cPM)6&#wiq zAD&pbCK`}?r>ep%`KQss-=@oC)KEG4@Tqp0GWHpZl=qT>8CJ|Rw`>Nrb>WwFb!pz@ z)fe;&_R{hL-t+ukIZ)~D`vE-V-}X5-C|@&w0*bP341p8R(!nVTeG|nMT!-+d@tUtK z*^DVnQ(W@UQ6JQm^y`zO^OQWa7ZMYd5o3{njS2-f0oAs@!>He$DojmhOg8%Gu(K>Kxf9ir4LH>`0hQpr-vTH^=(TQbwvDPxDkRHi{K}ytyt{^ z(bmj^pWqY+A@lK)I5L4JE>?VFp@syK<_$0Bvw#nIF2M%3ncT&B={J6Mf7fZmiskkD zSe{sQ<)T}Eg*pBo4J|l67`~f;Qv9R0CdfE&Hs>ot6SvO>>fA}@8*$4{$;!7^`X4UX zhj;mk`#MaR`)_7EvN&N=1D^5Rbgv6S>5&x*Fgb((8e|q-3gO$<`!I&$k>6h`poVg& za_jG0KUYrkhz+OJc+md7WMZ|t{&Ua(C+6Vm6Mq`UG3-?gqLDiiJ6C5jV7Zx4*8m-_ zpOd1dM-HCq#RoC1#3r~TFyKnh=KCz4?-z9*+D~gD=^oTF>AG9>-KQ_&ZVyNu+HB;? z(Eg6@=S1m|I~OW5SZaikePVG4XDnROwC!tFna56Iys5V(VrIbm@0BGE_8Q)Z>rX|< z)~xMkf>!&FpZ$rJ)6oe>t*?4*&QXC5oOfKfHM2+W`wF*qY%5tzD1SnyjlQBDy}zB) zFBhB>yy@9XQtOzsB;3n7_4(ng#ze7rGvjEAp=2YvDq;PT#ekYPo|yS!3DSad zFEKn`T~%Z%!CocxmcCF}UBBeH-WO8Y<3>?MzYhhu2AH;Djfvuk++xi(5R}a!BzT7N z73UOZ@griUb5|V`6afqpkD8N(c8pV1z);jnfr!t7$fpcz`qB&Hk*8d1W|*k$+*7PX z6nIsr?+g4Dx9c8)sWE7U(&4ji#m4l`iO1+tXg_8oBq+>bXmrWE4d%f<{C6&QUIyW- zL6^1i^~D|P?&Tg@$0uwINOkT`J9Klg6(HLYh#yE_ zkjjG@!>Oe>=k&;plgScdbRr33OsYztO1IdOs|Y49UxxNJgTG_g<8oX?6fsUSjQzWblp%r?`b;NO;VD4wt;@yZk(fmk zalLT=q{@95D4md&3I!OD(IujWp5~}9%L8duhn5n}1OJK@^NtxphfpgkQ!S!k6N3MO z2bn)z=QXbZiY~O6dCPSQ?OcQA0yfi8cj|s+j;WWJuxWjrOj(}Ut=`NtmH*Q-xM?oX}K6BCA+vVTRV%wO(+il(N7qLyfy&(jj`fnOHLbumCW zc$8`qfi1L7&@5Cdjj(r?qJ=81?~OSm|l`CNaMEWx2% zr?nME(%NA<&7l?qL_^#0E5cdPjcNTy>=}jx>ca#-z;^FHrV{hKT%0htCz|&_;ix_!cLukaID3hYbkN;q zeQYM*P9vJN?Ci4`x3}zXI_%!aJMqSJgkS%SQC8>u;Q94y8X@!Z41G(BP;WD#d#Y$% zx|h6V88h3}Ye!6ifv=qGOI}_MhDcCXy1souCqIc^(Q%XU226=0nuz^`%Kd*7nF4c0 zzf7#%oe9?CL zXf66?Ko5(hyhc9UFS-{*99M;O{9Ba9wO_53III}5OQXgN=dHWNP{83)vki*BOo6Ms zK@vQu;GWML-imm`Km3cJztWWLrxVI>uybD4+g+bqtz`LCbx?I4kjT*M3Zr|#hAp>d zceF1)+^TXH^g*TO=R_uIUJC$hY1G>{`rMU6R{ zA0FzEF0nr{JSi&OObvL;ez9Z~fc0B9k_oSsc0`x^+0}_l1ea2bV+_#U%BYHTv-*a6 zUz~QucfEE~B0@FA@osRczwq=hknCikkA#iDE+%gW6cXicO;;giJSSkh+2$`~2?Kr= z*|(1sIdbxJUCv4yDp@R{ex+b>^?Qi8dsL+JWh&~W*(ebUQB_P!K(8MZ5>6EdMicT> ziH-(z@_10X);}alQxb~xQer8xZM%Ei#0|<}XYbC?s_qD1Q^k}Ce$UmLihj8nQ4-<( zif%dqNn=lmi+Z54RD6yw494{7WG8J^+WKa;ozOk*W1g?q!LkyL;RpZ-*?w*QAiiNJ zRX^xkK|J-g4zIz}Pc`IZiZHs0h=VB@6R{W#Pv4y5SEwLh5#>?a@LtNTm)7duj`{0X zXV;l)G}=Up3r%Z^^om+Y8;om?dz^TuXtB~s`jA-D2`3>5tWCU@-4tK3=ql@lrFzXF zd|5i9^i$=A!wkdvS?59!SP&k&YAi_qNB?T8kvIVRKfa52l6^aqQ;j@GBgW0HM8Dv@ zc~;i!sA+4xCCN7XjQ0BW!0*MnbSGbc>p`W1(6pw(c06S?p*S;nqh%KN8!FxWwmTE zyPerpewf5=9CL~Wy)0*hIH!keDJECa&YxKUC4Hv}iDhE@gy!Ez$=#j@1#M;9*T65^ z3r;=>RVdE4)f{OW^dgk!xgdVR&O)byKSG2LH)eg%cvEp*L?-yBmOLX&0|uZ=iilA6 zh=rt}I%;TGAv!Y%&vPzxC?HyN-+}s*DKo%S1|3L8Yn~S*zWUPfYwYCoFJ0P*ge#ns zp&!(UjU54NiDLCslUbPaPMhu6&jFg?2vbdg;~wj6XEMTLCS}z01YB4&VY<+wNMyRk zGHZ}_V{DN(;>vbH|GbF79Gyho#M<*)eVb0*x)IsGSFs<&o+bM+uHdl%A868v7x-8V~i&V|7 zhEb>0MEN%}<{XR&ugbB9v?1Rz!^m|9pOxUb?Q()hE zIYKOj?XZG)(h|#wRI;phJf?W|_xE{_=FEuVYfre2a{9L(z8jm?9gs~f$L)?=5E|ze zLTnRf%C?_Rv-yE1fOpc21ziYUK^5bj6B1 zVPgN#04!U=FRc{~`g0~=wYrV16wH?Xige1B8Iz0J3>kbi9;JOzVUmXlhP&$dV{NQQ zd;RZ&jqVHd8G;@S(0sC!*~Q-VIoTQiF~dFd3PQtBQp78m9hi#|kCtlo|l}rJnzT1cw&JH*O78p#AK=C+$f&VAi8UTl~@7*M7|ooP>BAJ-(<) z^VkhTs*ujTaNo|VIhL^5<0s_sE^c&=Fs}HiE?lDbnpcC;RFgN5#x>SCV%q6kU;7)dm*6Q*Zdkgg1BH%QR_Ikyy5@E%M1)ynKj&V&$H{Z{z98JWk&xE5S5o$O z8WrmQ61>8%0I_i0X3~N6JUiFBQ28l2a%5c7~r~?4?038KlM`ocj57 zj9|xfwc9ao0ySL*%zWvN5bQqdZChXy3o$c{BxH>-lmAUhOyUXuneD*R7^T_vcQ2|& zq!5s)-=xU?H%`&`9-^S=>S%xg7}JC^hc%#52_({|=k?35_ny{7%?w^EinxAJRig$} zCtm07#5Fq$@ic3qbBiT@BjOy~y2YMG?J2WTzPeb_HNG4KqhX!EIuOSG>>k#1RJkg) zqV7vhCH+l|YEn?~zHBx=Hd)7pf4fo7bacMzt4&FouJ^oFpmsA61w}oUV$1xKa?kJ8 zIz({_pQkemAHE84pW~j+=jZ!bEVkxo z5OA`MS!72Pv-V<5EAS4y?Q}r91_ume4*^}j$VPweWz?+N9`R5N00-c3Z!>Lve17q# z8Ir@OYC@-$krEa|KJr#Mx+GZ#TydIJ@gcFpZtyL4s01Y4{DvA$&5ZfAU4f(?%nnxL zImR`X`>p3wU%;Vm7M%<5IHv%vo#c@tgQ;fdJs=f%ir#xzqQ!+1`n@hg+|Gd3<99Ad zw=`9D>qYds@N00yHZHt;)Wjip@MUv~4_ zVp`IcZh|v(i;TLV+F|+n0ViB2M~-YxvW2guHX4S{3`Q7BADT_w5I86(sdFeiEeiW3 z*y$oU^){4lz~od*4=;mGiADM%>C+UQJ=HSfzufumvIx=)@f`UL`QV|@tC`O37e0}a zRy&Sk96FIb*|^<}=F?{PpL7muRfc3gf=u?xEqZEL3QA@%gPrE*zK7vj9{=ZxFl27| zj?+Wl5QeIlaR{|qzZsvCF@-WYhgPoH{Z&b^3*XBfsqGb*@%{+YXcFNN^F7XKJ<|ab z5a&-f=zKQoZYW;B__;G91y}(B5`^65y|tw{+`lHBL$KUM-%h*p^)BMP3N9KQ)x|-T zpspF}d3;8aM1jf3{Ij^1X}a4fFUgrZ0l266nTuTVtv14LV=MH@I4Z!f6!8YN9RG!Z)|+)6=AMX57RHFuc`ui zkk!t8L!aSMzm=KJ=5f8X@Wz}^ML3XYaYe1CM}IMk2zzdy)H{YsuOXBc(i;Gq4v8Rj z9tP|s+De@KlUu>N&EdMlK5W=jN?2SIp#^gLlBD>XLbsZU-1r@kW*T!FQK!VM2@VY5 zt&?c{2o$>vb@`@pPN9^J|9ju4c**|%SODUB_pcx-)nCcpF3vMFl%5SmB@py~zus*g zlI2i)`8OTDP?;~0Oh$4`urx~~D4_;zDq(_Gc>>#Fh+{3_Rqf!kp?Tv75%!33i4m1+ z7F~_uvyrs9OWUDo&uud!0_MQPHxQLTFIaZ-gyiAh_!#pbFl3l4Ztmx33KECpU{d8P zDbjHt*Jx&|jcC`+KDEfTCLs{Gav)%_tqeLr;&H1*yf6xMG?3=l;dJ+U%F zw1X&=?);OAC;jDab@}Ntc|BZva^3sh6sf5r=E9031c8CW9NXLsfC}o|7r)0)!AxWb zo9eHczl0p{Rzy1jh~0%j>nB%`WLvu%$3KD7C(uaDM9-NvNxSJi%UrtbDhBsnf$z?T zN>K~WT=*XiRfi(*MTE#wtUIGaSDZAz&i0exN#S7whA=|PYdMUDF(rFFHPk)LyUbev za}#2Gk-`#mXXuHdlUehxOz<&n5SE?Ay)(w$c}y2x%}o_1wE5n=>7uV0E+RU5L<6>n zEPh!4>dN653B8s{4q6`U72G3Kt9*X=RB?89#CfT9@1R+CN+0^WOjI}TMfBL z;C?fhAH9>PWx}3EHS0Ze*B#1#hogx8#{dd3XvriL9PsC}q`j(*bKb?i?ai>4)tX=N z_i0?d{o_M$^&eQC142nhk#94p^)s&v;QICYFa^MHy8cR@zl7WSL+VL{&JG-&PE%BE z&oKmHfTlYr!pf4)h?I#7f{s-LC;hfVjk?N^QyTK~BeIy-r=wRC%q&xQ*;W>6JG=Un zL@+v#b2skyvSa;!mu=c%ZKaAI$A|J0yN9F2CG?O zy!XEgd%JSHc0c_W<_C!Yq-IWtd2R=x3FUsN;=@itn8c(j0JU*mpPB?J04K8pKsW=c z^%(|vsV?>yu$~UP5&nAls2=%^Lsxv|BwhKw_qR+qj6pbz`qW0B>!x{F?&A@IzswEc z-&6b$*oPl{^sAan_&8%1CW*WtM(pj6%kdcd|IN$?CJ4||xD181qbEs?1wg%^#hw6F z^3QXgB?4t~+ew_%|Jnp}X`-XHLqK?bqhKN_pcv$p3@d-40%C-QQcqK0n*fy9TM@IA zg6!Pob;<`(1w%=@$c+5q5fX=`MC2>7ptjx9kIY;?Q;r43SGX`|&>ucc=g!4!XPD^?O4y}$x?k;F@$(Aj+VsrBZCVjQ>mpOPFv zj-d$mP0ZeEg`acSy4}u_NSc#xZj1*rt2CY4*89UOvL~$ulbXTTu}$Qii#36$&pUa< z^6VnGW}@ex&yj~pZ^|1e(D!{XaGNyPfD1a3jyNaWB)s|7Z%gc7H`_3Ej4P@8m42IA zFeLE6gc<$1^_Qd;Etyf?H+A6Ew}|GSpJFBE{eXLPslUFZ!%T}bBhjBEDV)%W`$Fu$ zAlJ+E-}W9K=yU0Uf8-GR#LNr(Ceo#^!1q%AO*EA+VuCszsQ3&)6tB8|jC^>de0!Q`yy`2VBsv!Hu>vX8c)>}5M z&K?vbp1aOEy}^}BQ|vF(Q|WNKXLqwkd+x;D8#jJjdphjq%O(HCGhGZhdM_@o1H00A*8nV5Ay!x&#Zk^}gQdCL7Y zNjve%>zeiUC$RlvbtTr3RuexT%y0>|T>|6AH)8N0>zOt~`AYPHhmf$|0P2Qh&H7Mb zFCK&2Wcsfz56svk_r%}e-Q!omaKZXRy*(55PY;vayQ)B=PUnp&YxdE!pSLVq95#nc zTi*uu{u7*PlCY;#*vD1BH{S}NxtQlRkq{OLpt*6+GjAe|^6(aut8h`7;|&#>m)pMijM+7>U5yNv(57)>T$o74#tN8hHF$r<=nWPKasFdIW;c4ZDHvy?_<(+ zQaakfi%&Sn_}Oc!Sg`aOH*jRNa*We`#D{oZ2a?z;GC*q^^`qNa6STAgVY;p``U|W- z<=D!*8cn$!3Hq9Jjk05dOur{I#$vMQS$@)A{s_~dJMvazybhNb!stiDvCMhZP4m`{ z{eGbXG05)Fp*X#}>+U8s4cSAng*_;@*-^`-bM~qsmPN#7IYmWc9mv0Xcc8N(UL3TD znjcdYM1v!=w;2XHye=_a!Dht=Q#@hPbzrEdqkxECCyMXg#iOx^+v)Jy6Tot%E#|ja z;JfCes^=;^DX?a$cBE97aPF1bL5J^BQkUC0qRlwv%o8WW&O%`+m0_!JhxXc`AN?qw z_$O_wtFNR0>Bi4NSsZ3DIU>dlk~)W|b@D>K z4|3IZN89y537(YfsTs;hNb@=DEE0?|tptFBz@U zvF#T^gz0$`5HDha&?iKq-ZEdpwqOse0^P#CV49t}#nB#_zB}=#l}`40 zzTdXBmF8m2x6Jq}?YG~$1^N+6b7(6ZDxZ@#<{pO7)_D@nr38NfTfoHY4e(Zp5ZRX-II@b_Nc z#lGyJU8BAALrY_y4H?Vr6qlOoiyp&M4u05}kI}u-$kCgw!%i=jYj9T$qO_%{%B!kL zkrv2a=pv^3^VCxCYVgeK)1I&DJ^-iYmFrkGgJLS2qKR^Muw#|s z{R?w)$@(cm7SNLKZsbPSN;_iNV_Fur0_y0dp$3iI{cSYtWaqC>Yv(hE%X`-7`dI0O z7_eIw3J&>yQD^EHTUbXdOLg~HQCNM>me_1d0w~2@oX1aQ334?A1~=@iT;Kri*ia@j1c~|6U7#y0g%a6N*eTq{OPL?!zgrX3A{-FN%*I~yqJ$z`WhEd zfluN4#(*^U3$9H1l8&rrf=3^t*j5c}4A+!F)Xvdrj3lu1`wY7bRGC4f z+i^W_#rm0$UD!fo!b>n4vm7{4EZ!?xDM~$&RLqtHNyLzBM_mlZ?Uxl-l9y;6i6N?k z9LP?V;6)cheQ;Cf~#c@`)XNn0&alJ6*+Plg^LU zZ!#)u%xn{p^;QQtSuzqUjzUdmMljefg``@j8INghq92wCHL`@+7s~$wEKhLd4xLeI zd)q|-M5#{}%>P}UZ5t@&I~8Xir4WI=6t3i|tAKrR7Y$WT0pa}$yFA6gp#Zfl&SJyQ z`VC?Kr3519i@i*41{9%N*{y~j5u!P)kDn_F&w-q`e~ac{=b19^_Psatg0mt^1RDaj z2HGZj-ZNv;E&uoLbKz|dKSEiz87%8cG;i?`Fld;>C!plB)m4d9#yNDU@r@G( z=>FTKd)WN@y|VdYFTlS3i1F(4_gk^Yhq3R1LC6={-3pwgNj+A)+YAlEZNCd=FQaI( zG6xCAgi}p=SLJCzXG>)$VX_u6L>}{Y{}tL)>iIw3{0x~Xa?C{gX8>Eg6sa83qJd21 z(HB~it#gUj<}#mIvy?^JfgcMW7PI@_^*Tdr-+ZxWCsLx6h^C+7feLzN=Oe3Bn#XZR z=lK~oGW1KdU?HfcoxrqcWVLJx77i6O-7nOCngK?XDwz`Vzx>J>uDb>oM|KMB=(3`s zOh4KuYdv%Tx$yvqMt==DNzADIGcBAbqiswd`jpYF%57=c`slA1_Wq>qgg!p3Jp4>Q!Q_oGYCJBj zYZNuq{WtTUqO8b&d7KNDfVaSYCx+f}9s(FWv+LhQteCwD zvsjrdaS~r<=^k*?y8gO<@=PMQSF)R!eAJr@qv2idbYCJ;Y>S;+y)TGxy zB-#Yqq+9p?$8s+-29Hn1oJ)Ae^uN}HQij>zyD z#;h;G8q&<^G!f-unAw0ZBu316qB}xah?$ni4nWHTNtB>8i*N8QWsB`C{HChp@Jdf! zvuA#dJU*+yM0UoJ>LzpKq+eXGWGN@t)`{;Wi=|yHn*)SUE{1gOR0dSV7fBSp=z^(6 z!pz;fbWA?T5w$MWwd7lpyTWe14%VI%A*3544rH!^3(pH%7ojK|oJE7w5nz`41(u53 z--^z>>0q-hROp}T_gH$cCt5TOk|Nr=6Ou#%QM)PA+U;o=rgfG_0l%{B4T(|*8@LNU zy@kKzxLce^U%*SXx$(k|(WDRXs}{14wuv>@=jXR-4P5#daX6v!+ALCQaHbJkH=|?b zF6xI0f|S%n=>8q;uNXU}^(bcp>r~znk0r^x+C@ncoPDEdb0(sbpLPbPV%BO?InA;jN7UE3suHOct_MluOO>iB z&$1+BdW2JHOOAem8qf+^hNI|^Pc`t-o`C~>tGl(8_!!~_oPhM#>O1AvYmbX$iah+NbxL03ob6nVHrA#|ri zYwANT0sZaGYyD@oYV0zfK9%I0?KWk{b9!Wa44^UD#O`%q^qHbjq_`>P6=pyy_Pmfn zbz(GfdAmdPakay`d9o#%e@#pt#!1S-vAOfIPBr|H_3Yj@z+8^mpY`2_MgUFi<;Rs+t?fH z6trnVC757D^d+05O)8%Bu*X2aDeV;z;t!Z*n;tpDU}#d%fMej_W?-bFQ8$HX$qH@h=Ddsju|_o|?(_Z_!F$K#rarofmmeq-qT7o%!*kIhPa z#yKs>*LUgrgTm;kk$g_(yH|voT%BM0j-y3SP^;wN{ZN|F|44{KiP*R)rK9-PQVM>4?ksfM0!J?Ib2BAYh?O=txNW{i(3H_FDl9ZFU^y zaZ|OnCd!`&LHQimlsojXmpGfMfQcRuH$*JQ^wl6}5nB`kT5sifM6*MN?R@?MK*~>g z@J~qvA(HeQ0-S7N6M{GwY&pMmhdFhhBGazfGf!PUCP5DW8C|JV%2^X@E&=;8A25dORbQ z;cA=|&R2>~`H@ws9(Wjd=P`Tdljy~!`A>xO$0?w2V?w}29~RixY&m|#TtQEE)t=Er zEAm_1l4ACQu%Dx7-*;q<If{j%7-I&yUusYEXayUbt*kY=O+H}|-(^;RJC#6E z99e_ttJrrtCCphF$xm8`dh`MAnvm0xMA@91N|i*2@UOi%WjIM=MOh4(7RHHtF6_sMh#pOyE(0?g>3*ErOJ&R{x zI7mvhsk*Nz56sEW(P>-M^Hx&=b984&hKb%jPS9vdV9e~j^>NOZ5fgs)1}?zk-@EaF z^=C2cU*3SB-#u6CS5aab$eM}246X95tk;(&nODKxYIWeM1)H5hCq>$yj*)lyNBla- zF%JAYobE?W59Mcd8kA4RXtITCMaqOrh28#x+l%ewU4HeR%k5et5Vy?ft!nR)!WZR2 z>4@yL_7gm`b?Ji50KjgJC-uJ1OS z{n4wN|82~4h+$CJ%fr&5TzE$|>6YAIf#qDTrX#ATGIUDf1e4X5+rB*Gbv1{d3+;7t z;Jo+nFQ&v(@RzY=O#?+trYjbAzW$qk^77`Gdv)95eWJo5>+G`ut-BOWzyis~TQf78 z8P=I*cQja*qkvVsL+tcq{&{;D|7FE3$-D zypBCY^6p_A{BeMRrFl{ZU zi^v!KIx?8O!An9U%gq3UhK+bDooDC`=6T9w zW@=Ibk7_IK@7An8Gdb%nEUHkYyJwg0%07rzIRj5*7M#}U z&E+~Rk(6u_)GwKN*sK~OCh8#9}e>8~p&ih(XJglA0 zoOM&GGS8!3{VZLGKYKOBq2OBoN3H!girH*u>r63_|K)??Bdw6*IRXDRu~z#=Om@r2 z%)#eT@-Vm4knIEG{+aJSgbc;)@%${`#62zb5jvS*hr?H_FO?TQGS-oS6Dh@H|=T>t@Wctg^)&_Ks=#?k0zVGtp#T#`y-`)2ff@;Y~g7!oKEkR z&ta_9h7-l_)!2jP7WhuvFF(^ZfWuD$xnT|AXh#>ZSb|RNIxq0`2<4yue2(N0+H5V; zo}iF?Tx3`u%=i?(YGns88P4>r0^LF>qY%*$04_mGf2)Y8tA8ej50s4A6+EjWcpcp znf`&D)0vR6{hmVy zhQ!fiuj$p6|IgJf8H6vTP+W~jJXpH7W%}<>na99`sF90T^mViwfnlrp%hY~PnEfdY zx4Xoj_4^#)#D7?7x%*;!&TFX0S?;TS=u05F0FC^q2G$iNzZkEv_ zFk10esD}vq-@7r=7wXP_JD)`XRUTB*_JYnsf22$0gnPb2BUtX3$4R+zuz~&}#=#+^ zMqX1^R+V$5D~%5ZUNb|aKM`s8iiaYmRR&uBJ92fvWHC#fojtVj@fkpfU!M~H&b26f zdgZtA-6;Lx*VTSA7*T)`XP?CI*ujG!|6_Il?@`|uQ{N>NHYaFQp5u81U&^GRJwY;cgTd06U@jq46bM>m}ir9;Mxd4@|vqmGF4TAl99`tBh` z$S6aSJk*kP9=bwjM^!5Tt==Abe%#9ke|tmec{9Nx>GJC1ApTGGVbIOC-Bj7!IS-P6 zanE)_;5rZf!l5OU1w=JcjsP%uUv{&LRf9wgF}%G9-YCuL+5R~Hljk|Pt$9`Kwrc_bGq<}z*CL2nk=HaYqNv}U_dyU95dYVKyB9v`IG{=_KsNsb#NZ||+c5!d^$QS|>0l$e zTBvYo#}ux%bs)`M**))y^Pcn6KO>aN40;Q9h?2|*4Ve75O~*Hyg(|z__`9j+0Y_2V zu}6P>$)lMnU))3zhv_usv--vrvKya*(^#P^qaJH>$N3aOP4(EV1i1VYxwFY-LJ@E! zQ3v=igId->6?f~~Zu%D9?yI3giZaH7bX$R!Sy?%+sI*RmeFP+_jt2JC*@Z3wVV zzdX?mA&r%~h`(QW{*CHlCV>-wH)qPw=HC*R)zr?`-vh1>m^@bP&tty8hhi-yA#XMcaRUo-MmPnqfrT zfVOTn7ou3Q322a4)quAF_{8iasheUI>h~x1lNQom-dM^C4elr|WU8q@MCS5fWMri$ zapVnm*1KqJ0!8Oq4;${=c9%P8#3~mqn6|25^58L2%)0M2qY2n-n!tPUUurVV@&GXg=nqHH&FDNQV1yK?%Spb;1sTw^NZ~l;H2T8om1^nUc;XXGnz$WYrqX zHzi1TVU>%!*}HMem}@Wncq~S6Q<$pan82ZGSV8{cb%2JIGspDoNXlFup-H1~XaD$x zSR1y#AI*F3d0bM}tj@DSiiLsd>9r~wh0cvTFo$;Zv&Ltr_@)S>S+6c<_v>=UhsoJA zz4(`<2e=iC-UpNFdH)%u0$AFy(X{Py`9?f%QJlSx8ZuP_a>$@7JC~#Th{Vs;IOERY zQ+4l?3F7Q3<9z1_=x6-BpwkdU)?5j-o~@*E3!CzT_-ePg~%pg*>u9~ zSnsqRIWpG}$P=K6-+PnkDPZrtaV|@+4(5&LLN^;aH{u}-@-#o05B{-J3WU(A;>@;9@eL!B2{`mf%IqS!%#(s#O902JwsfbVeW@2?}B;`C?)Igu0e4N$qTJ z|7X#HTf3|DFU9twm4_Q~G0yx%reZlH6-jdBk2(&%QV1GAl!Up)ZlME-C_y*;<;cKr zbFw%@@(4dS=RKM`%&|e~q=2~&kp=4~=2D{TR~Ksvrj&2EUYt7*@wzy(wG3t*JDAAh z-qtU6%A#7X%DZ51y{(7_OCh|A1G0{(M{_oV+dcoZe#L>7hKkD^Q><64)KPBC*^r}- z4<9Crz||K^+iGf1!DjqfF-y$bE{y=sSZ`y3D65_+v4z|ITdlcz{iCwI-sy|^0#C&x zR!2)in8Ut4PN9(lx^~TwhuWQ$7ci(Wqjm&{Gil)(F;Bx-y$ljc8uprG|JQjWY&1Vp zAUh%HhVV2Bn`obWE6BA>P{-pz?DU}+{AaklB zvmxyQEvgv62UP+1`AJ?K5SADG!mv+>9;2;lZ`!uQy;EFEiQA#U|K@LpE;wmfT!=MG`x4?W_fQIInB@1WWs0Ao=2 z;e@A_Ow$%|cQ?wXH1q7?4HAu4e^nTQW~e05@0X0gJ$h5?0k$8%349R~Y;GF8_!?FE zT6VY0QRbp7Xc#`w%%3gO@Pv>JoJ$J`&41&&hqf8D^Ti)9@y>+*Pl|=}EG&x*1^sM# z=F6;^afhH=5fi(y3;QXt`JH4v8g$c5(>7poubt90fzV|U zc5^zqE#sYB9Dx#N^7^VmnDOn>Rv-p{Q#*z+A>bA#O+m<1Wr%jT+jBecLSR_bH%C)mm-QrQMOSZI zF+V7+dfF|@V?yqjQMWtO;rX}0A7O6=O_->b*K*#~%)G^M<`2}&K&cpwDxWl7eiyN` zJ8D1gu!YrVzD{}wXs>__rWAm9s?B2UuNSc#&Zh7q#D#O3H z-u_a_MS0y}G<261pSN-@o55M~^$N}!p&Nswk!JnJ}Q1#bv9tp{;y z%r*ixyyqR)X0wHQN&h&&fO8IsOF#Cp$T%yALCS9JR?~se(Yg`rT;}qss6ayyM=iJV zMVwocZ2daBSM9yzyx)kp~XFI+7EF zz5n;&fR{M5P=BvMys_3+W7_2%OvIE{aSf!!D#stwXGVj$eUNFRpI0KIPtxaSYn|4b zNtn>arT++LD#Ig0`0n!fL`$~SH4~Z0efegirP{hUW^oUtH@7XH^Um#eP0}*T^vX?S zSnGaZ+VL@x8hC~HDJ=8 z2vrf)2JPb1$uiC$x+Q=g;0yTG_tyMR3Rfp1n9E_7!Ipq0>LN&|hTY5~6x;KWLUnc7 z*cthK3)Z@HL=ecRC?Pi`nWU|DdQ$J&%xfpJO!uwwv{rf9@DtA?}1Cf!kC( z;3T);A7uJ+-D3(6h4cw`cUI64LZCm^zfrheR^6V;Z~sOMySuVhJ>$fOM;7)jX*{Q0bG+ScWu$1mh_!h4Q#dFdT1!eK>di3Sov}oQ z9qt~$??38(pvkEm%VS1&j4r{>Rpk~~2lc=2FzBJ60v%1##rUk9EPG8B@as$S3rUn0 z#$8c12XW8@y_?tha{G!|&Ic^xH~h8AvQ^A(JCw5`v-DX@Co`2Mg(wPiaT1lb%j;O7 zy=)9#`)>IuuT`>D_RY^{F*Bd|xm+4=v&m zsy$Zeoa%S$bT|b_dz=-qm*fqWKQXy--D901lh$T)d#Su7wNw)KC0k6_M%pg(ehD=d zXJ6UDSAXej4zf_2xDJ8J)YTOSC9C4JZ!uRE_=1ZS66{e`ran7dVUo}H`h<-|_Oi@@ z1&!#oIuL?#$;ZH|E$0bP5Z;^s$BU&=fr*n6H(ulUttr84zMwm2qq~rLkxvjStz2Ui zkl2KYo`>j<(HJ)j{A|u`8IJnoxeApmygYK?`S?p%h8c|Z-~N7p$re(Dqn$lACtW=r z$2Mwo#?J9vo=r3h?(R_vko+c4i`A?j)MfapEQ)oD-n$}9Tzxp=I=R6_h^h^e|WPxq&_$EYbwjI_#?2Rk8$!#mPx-k68@$X(461bnZp+<^=an=+KLuFRD6gIcl=y z_=#0efbvHMzo5UEg2B%wWrH)W<_V1DlzihKl$0q;2IS}~K6)3ocXsdrAf4@OheWnn zmrg!Ys&R%FTeAi3SMAPGL*)-#tOFQa2G;WM*#7R1uXM+w<@7DB?BB?LhIky+et&nQ z>G}utKp(AjLaWd+^QG2Ho_dLEMenqtI!~xvo1&&V5^g zBgQTM4f-yDffArgSq9XJmDAwKv7EopkozB==7PQ; zLi$2PJ4Xg+2oy$B}d@z0Y=P zs^c7ZWM^ZbVOPLcC8pmO%X0OHXoShe*x+Oz$Gt}XD%D(O|A)#x8y8I;3eP4_!NC8_ z1M)+6iZ$AYS{c@QP6Lt>oAW%^n=12G_u1X>9bscFipCl`$beXn|4@yrU3r`N%p6dS zq-01$2hrh``%-p4Zu)*kEBslFyP>-9`SrP5w*}wrXz8h39lX96RJ*>GZQhp+Su^i> zboJMidQTF+BD>b>Vxee7qT+T7TOv1y{bSX#GJfTTFE3<)txX~61}X&3JxSnU-uxhm z`E#e!YMejDbIn85^A;Aq*TVCst7HD(>SkX{<*TC=$ok^c#_qOf-MqXnMg;klLt$bS zIu1tcWFYfo_qQqb-8wVWe3p}-m1YO4hP!>8)#t;9&2FBY2GqhBM*`sd3?dkvF?zX~a?3 zza2G#ILuV0bHAp28>^jh>vW!Dh%9z&@8#9Vg|1Xml{> zB(khjm+B(pq)G0(4MRV9I&U<=nFPngMqyR-qPQOw`E;BcjQAeLMrQ| zz(P%?ve|ug+SIzMLMckJW4-U(LZ-3yr)G;jxSOPec3e_o>!I2TvMA=K9nnf*HY`yP zC3>DR53xY2tp5S!HbPQHPV=ex-cxGMI1_{zkFB7Q?K;kpA{u~RO7&!ASVhlFXr@Se zeBq6a3tsHNPPK+ zZ7GDm)r{r8IQf22CK6*Dg!By&w-7}w|K2-l@lTWGnH1E}+boELJjtf=DzyOdp-)T< zoN-)+2(oR`d=Svj6YfMKcVUZTn0dquVDIK878u}mThvGCu3|7;2q?cmo$%gZ6(8;KNOfoEzpSU;*W{>yAHz~((a=x*IwinFqciVDj4Vfw~3j!P)5 zazI`|UG{9OLu{{VWUwdkcH)SD(jZR@FY$qhAq2GgB?7_^=kx}DMIfgR)0E!E) zI7BMVG7W^ocO}H^e)b;)XI(sJ;|WmV_)=RLO4S5(4P5KV!iypBT3jl&im;Aj^k75I zj@DY>dkiNLLhx^XQ${8zBXxNb-rb!kz2B=do8>+Ictm#J7hU;z1Tl4blGXL#<8+dr zLqQ$JnDUCd@lxH&2tTA)Nj^ZxdkXILBzbUF>a&ui|0wjDm{2k(a;qk1K4B}==1@|mUoxMWFrx;AozvL6yrwv?0<(u)9j{35c~aN6k2QoZ zvxPG^D|c^Rdwz80fUZ35gSsQ$yKhOzL9+m(UVJdW$ix2d^`a&s-Xc&P@cym-5AukbCkzmZGwj?8Y9cwVJj zIm|Kp38*n#zRkHLc6M_61mJU#M>{weUDOJCrFH#OQ{j<`@xcAbE9U$3!aVR7hEvGf z?Q$W~q-!{RwlEBx!5u`ie0H^!mUA_@khO-7gl%!T(^20)(54cxhtvv=pAe|f4ig2V zPg5D3tB};PwcURb|4KcIVHE?-xz0y=c%d_Fw)%CZ1K|Hc zeUej&E^O*v-^!)_$W!E-<8&hSX~OTDA=UAmLgjY9ZnR>WiuaUN7k=90iT^DPsGUWt z=3Spx7sQ(Q@f&k#RnEYqPi^8zwZSSMI(sxj&zkpQk9K1%Rp^a-HfxIin#9zjy7F@K zXQ6rNT1!idC-1@f0YY!@-@+|1FQqNsCv(0U$G(i>>fq9`L8NE*2xzgNj}W(X<@`4* zMt_P+qR^5*O_X*uq5+kahv~M{vQWyWn9qlJVF;>fV?|Z4SW;&#&5LNh&ZzU`yZbRODp}Db zu0X}jWuQPqd*#xZ?JYZ^J1Pqnf#Yd)ZnP_eK}ykHTD$zHs?r2`Z2dC|79&b-kB>5A zsJGEm?@CWghR38x_D!YuU@6M6Xem0zGCme)0A;(kGRjn32qXMNPhv#a%`>X zP}XZa@knZTl3p|I>mVn{QnK@H=$Sv5XHEb|G6W1byQ1Hx`)*GX$a)Z zMn^8T2QgX3mb{yS%kT3B0|+mmRQk<&2fsH$shhG&A6b6Ur=odCZpU|)(tRpqYtr=_ z`4iz9qOiM2b{Z|((ZCZXwaYsQ>??VUcj$bqvG9ADW)wQgRf^x)mG8~(3u6IEYZj=# zj;fd-jbk;_9+WW=8vq}>H7RH8*4wLGH92I)>{qQ-X}% zAc4&n-+|b5e>)v8NNYD-no$rNI~S#fVS@mxaxMI(R-DaDoGHIXkjYAV_D1?fJ1E?` zr|;Ux-GXi)EuG!x?X(6_gM`PeYrj<7*+OJFh>pHE{qPkjwK`R7GMaq8o!{)VJ^!c=?vRqo$KYy|>QQa% zRFIriA4mPr2Yz{Hfj#oxD?g_zypm^zyp>1#s0c`X+QMksZf$PZq(cu}Q-wOo+JE!p z-1_(*LK%dNd=L|u?n44!!N!B_XfRN>fYw8tHURQw>${4wkp+Tve$EwYa^1VLEfhw7)ofLjShBKw^UGPp}&hv3LXU&V=6aS-2n%uZ{%C}VRdCu0M;HFr2IH}7i7N?OrZ|=xv^2W7 z%W1?ypueA6Lt?IsKWZ(9m*LItU2$C360*@e{fjWpw{ikw(`M(6YTwtu>=W<79NWn* zuM!=rr|JRV*_u1^&)|p{I2kN5TRi0&i;ga{4Kg@;qJcG2KPQVihH;kIgCx5sSo&Q# z<^5>6T^c$ipOqdq$TZ88NNw?r9z@6}eP64Gxw7kD2y^VAI>izRxtX}|<%i&2b@nSl zdk6ZuuT|;q3v{?!&+vn(X_(}NVJ}a`XQUOzXZ6&|uKDtz6Zjvg^yBsj5)gxfQdcdW z5KKaVJFwPefebDlTVVw7XT{azwEfm=#oI@Vf4zebe=HDINSs`c>E_SWw^SV&-rT+- z_?zbyk~#W}|DOc_8*!}|clSRV$rjwoEb;7Ip-p8*AUq$9hfOPO-<0mQOdYLB(}_Dw zUME2?;62}YL*R%kVFufDiTcBRn!08)%n68fYit7jec*JAYvX!AO6c+oZ;w)0tey$T zFs|QweSC2gsDnodHVbBX4s>wA4#yXUne+?A1`v<Xf;;G+=G3qZ`&L?DaTmZ5@S#v6SJ~3yy*1`l8k|wc4v?QBVBz2Zz?m47Ys>%i zs?jkgQpkAfPpHGa27a#U`TarRJY=#e$u(Hzt%Lm9iQdI=bxmUlOIWXPyA+*?=}E-x zP92)cNNa=b)W>~j7UzKT8PsoLYlC9#>Nj~YoUCTNF^TtvGK_Elm)U%(qm~;?>eB8R zH^Bw9x|BGjt#P6_U4R~%k1pyAyh@qHzP44o)?G-Ojh(i%hNa01pq3$w7c!UIRi?@Q zp%mu=HJ89CBO2`4>8q5#BLS}ds||Jea?XRI){0}MFxlMTt!$XDzkh^^ApBb0!Z{+t zsfqJ)Wo?Zf;tbB~xL0<)C6(k(mNrE40c3KgZOL$a6PlHiQbNW!{tSesInaYbiI&#t zsNj_3loBS}RAcrKy=?0%0em`b;#A-2+)MofKrdd^$uw50rszzfW(!q5U~gEMu5A2| zbUraq;&8JBjNpS9%(xxtU7RR){DotiSa9^{?gvr8?MQ{QqFtduli$t1B!Y1%Tyh;5 zk7dk^-&hQRCy0dd_O9JN)L*r-4p&YozEnZd1)Hn!R-0w!Yb5DL@_!0H9W9jCqXd0V z#D(gdCB*qXX(Y^4^P`IUst8gVC{oZOUP?n~!AIjqHA~b)Y)ria%h8RliP82?vLP=T zAq9BwbkpzOkW!(9Wn=z~I9f7hOPxQwy8%Zw0q^nrUvnq=awvgU-%=%pT_D!jyYQd) zUAwQWUb(Fnn?EnJcAur5DM&=)3LHk$(vsWOMqZHaCVD&0H-gJ&eP-q`-^Xg24^Nh? zuo=uw>NEp=T|^2Jl8yV0+({M!>{*veIQm-4P6@lSD&+7#6%F+@SilEh5&@1Qe*~7F zcAgiuV@=5J0)rkD*Zncx z^dGEGrhq~t;2jYaOE#mq$z#7XngO;ICWU^tZ}zX zbn9z#L)DHPq&|1x?7(RMjhnl@Q>(Emh;lBQq>#^mWO31XE zrpNYoolf53 zIWMiwX7RhLt4HDp(p%|)Y8 z%$@@MC>aMrnbX~@AyF#R&jpvSZ<9NFA^zA|S;l^RdFr0{@4PAd!MWiPci5Xj>!7*e zeAKYI25{dLGn-_*p^_~L@9w3=PSsAi&!uB70R(@kP zEcO5ySI3ADyYc1RVZr6lLMkAO?&hZD9lusvI#ec$86|)Pf&|AY@ISDW0ucs~q8MrP zKd{>?KfY+E>*AF>=@Ch4X_AYUJMz1;G@}_w`mp9BBEr;Wb%f&9)q}28Z;;wheRM^ZCIE>Rm%_&8$b-0>6cw&}rw+nC>x*5(%co#$ zNe%kvfz^s{mvLy*+avalhOW$495pYFU2pQgwz{9zwOS_X1u7H^<)*oq0OaDzzlAWD z)gVgB%b7Yv(w!;Fq0qzZJILYD2(^*zus!wMP$85GS82su%mAwPXxi>w{Z(xKM(nxi z+ZpGvlLMJ6oVv4*E>6j1_B@(NEb=9C!Qu^lE`?&u2pNC>5+SY9DlhrPEKHlkVAYEE zP7viF=^%oK-_&e&F=D@vVB@{|vHAgNK*Z*|U7mcLGCcVJCVB6b{+U$Upeyc{i87}u zffsr^l!Lt1O=ro`M~$}H2=#E{@HUIR9E7@`+h-dF>_sIoSSf05YwO;pEN|9Y z1*6)C~~gRaaREp3O*Np{*BhPtqfU2+Dvr80xIzX0&8r@To4EgK_=;34a}=^ z_#p4l6ic1+=WWH+wDJe>Z@&KNVDJ!3eqx{D00QFDWiRwdF}gWkg3RyGmoud93iY+y z%!i+jMlHI>yv}zTY;e=Ay=~)$j%lZhA<3QH-`<=%OOPvNmwo(ncn_~jTyiMDvh`Jk zy-aXpqP}Iz?rZ7#tRA@NGc_{1`Xw9QKI#>j!?S+Wl(Oet|~D znw%4xx-Jcfzkd)dCQhqnY!a{@evr>Dq~H@PzvsrwP>1Zyyur?I=PxovzpNI#H_k+gD4w zw0vN+)TVO^s|Lyi0O47{=k|IYofP&h`9-l8xH$FYHcv>jJP_f#xdGW2pV?K_ zrICBIx8Z7rURxf18&*e1S^`{-x=Fr3toB$7SF2GT73KR*4Y8Wc zD^#==8zWkIYS@FmG@AS__By_PUpJ(<*D}OzFCwu*WpaP2$Ob$uya$)N{6f3ITqvYo zh;Vk8>eDu+mIkXHr9+HAthR?oC?IpfvzZ>@oC#{^U7Iq<4gNb?2&iEVUd-xjY1=0? zoyv_ANlHkh{dW5eKvPUvwevB;d5{gn$KF-&jhD?O#e6EqZ>yw6(5;rRrs*kGiN#LIacNfnJ%pt)u@N$>J)*rc zPR-mx9Y*n~ex8;>jR|$^jscMrfkn*#!2XwE$)BboT3u1I@Y5?S#}1W}DNzl3xU;Gz zHsSnrl;$`Ps)+~Jb=;MaoG2>7u7Y6`Po0VmwjMHEDmvpR2@ksAu0%d+>HEx6%}xQ= z=V2E0m5jR;9j^*hKXRmSGF?Y>X`$omCCp6r&*PiJr*x(LrT=!+k8%xJ#uFGK9-^R0>FLG5S7B3M9#n2@`Y*pA02`p`8b!JgK3`v@ zZk*!TDmH27s~eZTde~Us?ye8cKrTxU9}>%jT3N=7?@~CxKe3Sb{nsB_LjM*mLOY&n z8PT~m*EVEsH!4trPH2>5DBz@4c;bxkH9o+#+dL{CA|ryJ5TQGhRG*chCYnsU6@;df zKCwMA?W6MYXsIV&9=>lb6B;qx}f?MWe?w-D!7XUhggO%j_v+m{sEVA-FS}llQC|tiX+3Ye5p;c_i z!bQ37TX%##AU^G@^iL-2s+iZGjyJexNvcvX3cMu*5(Db-10^Hvu@CI_?&enhoCOGq zjw;P86PwsY3%aiXfk>+5NUGGGY}>9dw%Ti(0v`)y#gyGQ3%}?%?q6L6r-+EP`4}oC5?Ou`p*M2hp?Z_8Jg~aD z*WpCh$vFM6D!SK9Q~uCH2Hd;i_ie?A&o21A|Ch{D2}0-hKJWE!q7OE|Vq}ya?r`uw zIvc3<>C%m#D3X6S(S;ZHayJ~j3@F=NwIRPzs4dNcKFKp&yDs&#_B zJkC;3kke`gY52XKq1~sy7|H z7nj7l=mZ7pf7Z#598Ww8U08m-_Hp@ua%mGr*_SR+R27F^a6Ue)tj$SdX!~g@*_6U= zTdH}9uJ* zCJ5xv(EmQfe>(l59mtHGp4XP?l!xZryM*zRecI>S7xxba>r8lH15$WW28m9+V^ z_yYa6--UlHgx9CMEM0`lL2F6wP+=w>v-s})^{vM)p@uhXE<_!hI;=aMBVX$x=b8st z-Asrr1L!`vh`6o%63uZ6{+`cf41C}DmVWY{SCD>h4Rt$BuDNIyMLe|lf+GE_#fig*d_IVlAHz%HyELSa-ndp|~2Rz4Qe$+&__Z_C?!ud00oH$@IhEWn+bV z;NUQ`9=UKS80R1%VH@z_gSG2J_ViAb>dr-DW|Gi5^ySv!S4tTRLBd$uX#l-1H>|OI zw|2kjCuq_yEs#_JH?&W*R4ODo^)@OH?9cB^AFwT=VxzeAO*9_5Q?3F}5r`X$5^O>M zAc%0Uf56)WPpeY=JO4Bv>hbMpwIn1Ux{VgRWXLRK9B@>b{eVU`qw#vH`O1EZVn9*= ztdv=bk9BdqlfM6JpOJf5DJ^)Bdt+00F;FeN7LJ^&Y2yYx8h!;@bTwU@$W+PmredM> zLJ8C)$qlfy+(LM1*P%IA>oYwR)ha2tlOT9duWfF8RHicwF)pBG+HLw3`n`x~DZ*qt7IT9XP>N4s&K5?$+VUX4NLWn$?HJcgT;RF*q>cSO?c!8S$BOoU*=@b#XfzC==4XhbgcyHei3HVI$AR~vJ(Ha zj){@v^vxxJGA0Vwa${xw@UL09EbQ2rBVq3NG{VF&u3I9=>jKxsNMnpj=~q_kTK+$p z&cdt7_xw3rQH+?SNT^8J zkhjn|vWfODFQVOQ+jKuj6U*%Po(8Q@Lnxy3GaEL{BYn2fmN+&&ylE5M>SKvs-!a)` z@X)r52!M>V-yD29NJo1}`Qala-tQs=|7nL-;40 ze{kEaIQ{i(!YIy_+I^%J56L_x(~z;#Pl{i~qPGX*Ve=We z)^2}#ib}8VVTbkX7Kntd5nF-O6ofOM+o$rSs>aILI31?z-o0}$Komq*SKh2HSbv6) z|CI>g1-(Vz$;$Qy$#hN^Uyyf55X77;YzAF!quBn2JN_%4^p|jEg=%p-uLJAtP+VlD0AtSxsma$Mr zSphSr<(QrK-N$cx_5gerzU%wt;uZY@lzxf^#6hfv2@Q!jpB|H+dZCLV(ao_8%eYwk z6WX~?4o>DF0IFl-8yEA*0kiv2G0xc%)@XVRvO;zc$g^+QXM9^1mtzfwP@e5z-l;7Z zx$W9D%z<^ioZ_j|1!M49eaB0t1g@J#_XQ`Aa7@tVBZ0k=Pvb`Aatn67$eO9C#jF1q zc>AyJJD@Sj*zf*s?g4mQWSnNqn0Z7JehD6x{qa6M+wpP?bHcKn{fRVpd4=bl+p=5jKf>k^cwbAYx63^zEWeoW4|3qo}!e2 z=go=<=ulAN3;T>eak#UFfAL-thW0~k!YuT%Lai~mQ$!vQ@W$3?pudGc4s`4Onzd?2 zy~e7JN|ZS~ej0}qwsbl^LJvD?UqUCC&o4L7(Rz73u1f~;_*V8xe_U6-Z9a6}26a62 zLQ)YlPEh}f@{-4|${DbhM$OE9?@{$mahtCS`hf^xAzD2k%0>OR+&L21$ES`M66e0mg_mWM8}ZO*27+ zMKD(_r=?lhBvEs_B|BJ2EHb z0#=%xB+WmlygK=##Obuvi`?{Y!D7GABtD$!ONC|hzLc7&nC_Zxv5V5_WZ`YkSa)hR zcmm-~H&=!K6X^n3X%i7)!`P&@Af;hszCQx26kRyFp0*+HPtgXoRBBw%#Ns=gao5qh z_@>wjUFCy(UR0KwOff#Fk#`Z7(qZ5q9YNwiJQ`Az@!@SvuONVWfQ8amSDoA;5s!_y z5M;5ztzWLOsIN=OFapel5ivA5MqK8~k;c7qT|9ah7Bn(j&??D)+};}Lqa&~i7q%D& zg4;vOh%q61cSj1Jlgqqu=ew5FB&dLGljLfPFaPrj-6Br?LgalA5-)0(h-WM ztl?kiJuVIa2}w}B`X2xUKON`X`-v=DB&+H$>K~VIM6KE(l z_UiqyJ04+I1`jL>YZS?|AM{w)_oXx(__RY`n4S%gZzm%b)JRDZ&s3=fQk)a%Bd%e) zh^vh@5>eZSuJsy~+xEO>MCOHTENKJ$-bsMz`$lx>eJCu z-EUup87Udh^UigV_h+F1Eubv{b1U2ZVQby}r>}vAAS?r^0(9G49X^LzNem&hH;OqN zmCPd57*4C^Z~&Bw^8w_Y`a>6G6<6 zsK|FN@`)t(^Df9mFQ=W)Am@YVT7onhyY;Vr?;TC2CDtWQ+i(h0S+{vF2AeBI5!n+E zSyynN@KFH{Qn7%asa)4r_*7A9*ehb4hI=>!cyX%;QefOZsL;Ot@29l|KmP5yzxy|& zl_u=m2Z*6Q+4E*;sIa;z%TD^Kn)P?F77Vs@bx7N8Qz=z+z1#I85h!~9AWxn?*~wGu zhq_Ab5*62v$r8UiCO|9<4Y`Cuq|F>|a`}wIld9+L_8?{U;wkjF<>o|vyh!!nvOhB? z+s=b^BMN{VD73bdH((OOVVa%L2be!`{Z0H8g1UFI-g#|6w1X$bAzvnY@LgULN zH{+1az#%f`y)mVLX{G-bFzd3XpS8f#NGxB;21O1N!3>{g4U^H22|F%AkSWs#1Tn$OWq-*MyS<{wj#oSHtsVpRp!8x&hQ{8~25sQQizqQ~%QW34L5W_Xj22HogSo>GHTK{Z{)dE4QFkf6+)> zyIdvMXN<-Irg1k7;=G5FIS7`1NdDE=t!0Gr)4+4H&*D+oWvh3D#RPia=jmTsqPNVr z2fg2R8Wan}DPUO05!fq1$6|~^-yTSk1Yu4I{!(rXMlB`MqM(ecHnE8~Ul*IeC5oFBZ8i&HE3T-3{;) zKBYv98HEHp13Sc9Z#!(B#-T*2Me05OO`{UdrLBQEA^S1&iGdv3iC0rnb4{<HKY1Fh8ad^}E+dUtD}| zSgxYGq5aN~AK2UMN{{}O5c_^vN|EK1eqF#@^4D7^sxteO>-_6~{$-(eebC~d?Hqdn z|CH?A%jme2j&0cM+`q8yI1yy7*&T3x=VLYkH(e;Cr15&?F|@QCo{xz=A79*XE%=*P z@ODBV_ReRW=5`=<*&ggR^KyCLzp_qB#AAh&6Gq{!vP02SU_y$TaZ=|JHGvk*8fM~1 zKXtu{(@{@5vPTd8?_Vx(;hscuWp7+puYZe1d`Z!8hE2|!$_~Aaf49Ii;&JvTDpZn8 zckipSLdOHIT158B7o;ktZE0$XXAh^66MfRMSc;d}^Jut_0@9u>Q8qpafHsD-uKv&> zlWRh{Q-WWV0q66>{%ro59NkQG)19u-hU~=>n=a_pDuGry!NJwdaDxu75(srJmVoc- zB6vF&(6qtxSiXIl)Z+FJnTzLq3vQ6D-QVlPD(Xu1{IqThdO_-_Zny zg?CCa$Y!at?b7>+ny0v*?ve8WqNu5mN*?|NRgTP^m2P`~Et}~HY8&lz|EFiHc*9c0 z!Vp(y;Z+#jdx*H^9=?Nuh?*v)0!eNG35&_El}aNYXYCTLB23?RE4R1v-qMjtW=HDw z+jK_2bP`cmtX1jUhUzZs@$`-~Q59dJ1F>p(e0G!9L%39k7NbyyE(geT2*!EWxLQi) zBjXMkPEAY4|pV_Vly_ zd(Yd3Hu&{Pww>yXu`uyD9^CUju8*VaddSBKiLYQNFnR6$kl<4#Fz%vf{SoWp;MnlR z8%aX8=Z|mkt}*J%PIDvT{p(-2HgQ?K1@V~njN`T5XwE0$sd+5h?VC&oH{|i$pN@30 zz=weq_$*p0QE0MHi-DQsM@)$hoq_~~J^$g_4qOy*5Ps49_Ne5H8bfvTQ_0K^D!9II zLheOlXGYcjJx~ZO6Ifk9rW zTMotIuX}E|QF23D*#J2OQRk{x=7zb=e@#94V9H+5&Cq$Zx33)>p;#j#l)_zo|1v-X zj;|?b4mY7unfB=(^f}|_xPYeY3Awz>fiyeu;19T}*nr9o38umRUM>T;2KeqtEwt)h1rqsqP*RFs6=)| zJ<%go70g-8>OSwcyZh)eN|pYgDuYc$$#^S+w%I0%y(9+E!4&{ZKHset-<~aFt(U(FUOkfV#xmvd*$i z-SojMlXgLFji@(v>aLsT8RTWmi4pe?9r;k!GdflNct3uE_?v@7=UQZRFJrdBjTXZ%d^hSpj}j-h%;oa=tH2iR|B3i zaJQjc-uq|4uR6bD-E}5^NP|tJ%ws@SNb@%#!doCx;jtlhLp^nb`8T zPx(CJr-3B1tb!v2UU9O}rGk;_R>q^wni6eo2`#M}ALspIxro*2}g)jxNIaJJWm$R7={Mbddp?X?FxiBv^eay_Y* zZu-_xC0QNkECdGy*Gpl<(+>9jF587;So4PSqzx0t8DmW~TD6p?Ao)A>k~>;a?H@?r zWv3Bk4eM6k-X=i=OpFC1GG`m8f-khaJ1ET(o{$?6Ynv{SxtbDEh*nX`L5+fIiY^zo%=BwzX2;^qWBJ)^jYB5nA z@hmr!3AC#pn=70cMGr>?Ac4tQCM&G^&pMS$&T4HMa~}dkAH0x$C7}%_Tt;(y_95db zW{S`+sVv`KcZxp1?gV)Fd(|-p@L1L9NOQ~x5sVr%4^|0)h}>pbHa$4B4_KkF{%BMZfAP(X>1F& z^~yBR=c*)_ucS3Wi&JE)QxsM&`ne2TFxrgbzfgG<12`&R^dl(|c~pvrPf_?*|LU6< z)cQ|9GU>P=POgXke%%9Q@CEpC9l*NHjIXU)+`YTN8lCh85?j{>fkwLmf`I<0zY3*> zax$WEDVge!F6)8M6}E`J&_AR&!#!`Gh7bdF`(}|~ghVvQp=dv8+eBQmQ(`u4g3a%s z9TwB;gCiSzrvBJ~_r*YK>EgjY0=dI^<*;aOzlefQ;xI9yCXXH2yn*IW(&kH<5-#e5 zjP?7w3FM2VmJ*|H6e!5qPJ5_@qKNo?Bh~X=C~{f?p#5U2e3;kNy+r%0URhaI++V3& zJbso*4f^KxyM4C?avD;8M~ZX_r-nHQ$%U@Iy6DI?QCpm)rtZ8fW?uw&-Cmq&;&NTS ziYe0qPILM-=BhC2N2}2f$Z*w2;Rv80Hz^`8aL0o9c^zW&tXx5~v*E)#pgM{we3lWL zWWyMz&pI9EAro~N(`yEY^Jg6uHyZuQB5pt;+mBm+TB}q{D;QvS^N zJyaR~$HUmfrf#eW5GT$Ti0p$-kWip{Vv%t0rPRC}WkLMso0=^%nY@E5kl^t^%5NUz zCapMRX~1W?g?>FaL5%x*=@Xb=JRuTfm1e= zcr-anddnA@2DkG?fuy-fs|Kc>LNm#|@sg1|O_VjTa#n)dt2zc_Xpo%dU2^g+2tPd4 zt2Uq;z`FdlfVlrmw3W7}2|dm-asf%?An zsc#tS0Y&%0?g&mqEWA>12ykfr8xC&AGkq)m2S?=IQO3}gbU+;nR6tGZ%Dm?rX{Nr_ zNv}!AARb$&U+FD{0{59j0`D2t^JZ%W_X8l6y*P?c9$QH zM^7+BxsBCSF_10J@)2@c&G}Va%t1DHK*65v=h3DdyGol75 z{L&HhV?S)TN)%sIg3NJzC8X~+GyKn66DJwBxUxBdDba=KRu-iTq!Ub%Cck(o$5F4% zVzMT-!;1mnz^_`ZVp}ieO3ABZ6HK!21te$bUjzx7W4TO`(`fO3k-vd=(qo39@FQK= zj%N|m+qd7c&?iZ{&W-Vvzw8mIQR7UBYFpfm_=UI_8wAyp7UCdq5756uFrDn9zWN0`g<#2O+cG%1Pt?Z-^+-yZP#p zpw;(0E(Kq&oT2(2Rs^p-#p}=lgU5wnd3$3Hn71v>hRqip90mZn#hHXPHD%$|6=Ja$ zjmuRL%9)|S7oL){Bktj9AX3hrG+EJ#m+}`#g>ZbwQRa^oo%9wX!X3u3=A(dwZ}W76 z*Bik&A%z$F!9hHX*<8)}3Iv!PY1R@a)NWR*HbGAp3|@Zghx|74M5KYIfYciehVz1$UTr zdRVLas$_*~8235VYfk2nO;o$-x96Ckn_e4Z1ohSvtTz8Te72@ z6&j(srmy7NNoqR)RK$MbJ4#72FQ#1QVf27Bg`l-fx zai`5`l|wxI&&U68Vu8~ZaV!Pg<$E zJ9qncui77*{ur0?jYI+u&G{1IKw-v+656zjvM=;KbDEbbu=`g9$VPRaldUj7e*%S$ z9=mAR2+7wy^Y{O=rZ4z!IP$8}yG5qz-eA^_MoCdA7^TaStE8Q%$IBty0pi_ z-<{*c0CZj%=)1ig#cd@MMf14Yr z_enIt5W)DCxHAgI?xePdjJlqFsNFa29%GrVEjO<_OZotQ&`x3Ydd`C0av%S-(}vn& zE^zZIVSg}e;mB5q{4#<@{)5cTHfWpAOt3iSN28Rsq2E=4VE_ik{vHLnRnQ8^X*={}Nf8H(9M$C3Nt(AUm3u|TVcRHwe`X_wfS z(#Ge1x337=n5R=**z61=nep!Nyg$&XUeAsAH6H!+s4F6{Y8O}6a8&&~7Lru>{d}uR zWwXB;d!)sEJIuDL@hk<~usHiP`7m5_-Nzs^$!*cLUNMt5$JdvX*H_tPcxWJ5G3{?k z`QEKB=+wT_-NCQ(2&VM(n(I@vu~TnTlEZJ;miZZSP5q~(>p4v%3EF3sxfUfG^Yg;* zo!h?sx*<5!#v5tuPtAX#wnesGTS4zw4sWik`|;3f#hqPAW5>xvn=prax%oH;Ospus zapYY5G~FQZ1c__sHg(?;Kzd$_E&T^RX){$&$M^=aDqXn|NRkh|p0w`N0JqY=51uG- zd?1jSz*$eorBV#ON6)-`*w&nP{fx9dA!h%SIIv4);Il9)3X{o>#cNx#%5_Fhz2%HG zwaw@y4Oct6(*8ayAVWW$$m1L@8R~R9+Q~au{-k@UV?N?4XL4DrB>l3XyhXolmJu(G zp1C>QUd{Y|Gr7!=vG=Rfj89SGWke6tleVDY@OK7BUh91VN78+#0n$ZM{{<>1+I;ad^E@8;-Y)3oeml}sdLE+a zq4_GS<*a{bSLB(4bif_tYk_&5acs}B@3;*knYV!CN=K zd)_J|+Krm|oOULu^YrFFEsr+tO}i??ZJ~)$tw;n1qWjY9tDIQI$37DbBT7Qa_FTBE ztDNToRWM9Vdx59Y9?OqEcZH{P01A84ITrfxD3lK-C`jnQvvkd(WX;xD^}|5n65*$a z)}gQ;?90@y&5LG6#Wd4jj2%D5k(nGZFpQ{@Zz<1ByR6M?LbsZmz?P(m^N0bFYR%2& zKXw&TiUS4u>DJ4l<$N+7ucw_T!=y*{EIDD6=e;?>2);9y2@yid6PiyQ@Z2z`F% z5^BBtzyaNG!${9-xb(}iOYG{lE>G1(rpMyp{F;SlJ=`2zq#Nq7t6_LtbGrGOM6{=6 z?r^sqy|r~0ry9JUbt7wxVQCGprnyQvfu>q@Q!= zGjTXa&U+jOA5PyybKdUYDg7R%7kE2S7~!*7S~x&r`pa;RySlKd-BhhLnajH;BDi@L z?qw(xHc25Qj(U1PgM&qG&9WhIJFg^JweIx@0yi%0&H9z$0SD*vJhyto{f;yi*R6Bx zV>9iRb9hUeUU?R@x5{>;gBo<*>{<$g_Lf9@W-ed1Dz6>)Dr@6>XY#tcawvyCx3Sn4 zB|6D@p1r5HQfyEx5>BdKLbe)!uS3>9!--kX6DM#RsIsxup?cSJYx4MC{oQ<_-E;Qo zXJYm%oC?Rn9RmI-jjYmpYS2&6HJI2gF8#Bwsm#wRr9f%@xGRhF%#x*40j> zVx>-Dy(?j;LcKj`NqBoJ4ReIWC%%Cr>Pa)XH9@F+>8CiYh%6Skr{bJ*E$rZl*oQqc z+k(Lw*HkaYr?KAn+wcNy=3CcnvQ%k`^qfy9hB4jsgZbjhKsD02sqo4x`k0}(xq^3> zO+WJMJ4IC7dGb76hYn|^`#O)$(xXjpiHb5waJdCTs;{7X32vH`}(nz zUAea#EDi!9H$on43>R6GB%ju#RgM1pJp|cQqLy{MH{OmIcW*rwkD-6j6o;v4w7V6AH3Ib=m5yBYSMT)~I87car+Pt4Nzef=+rm$`kH*q@^&I$kEUYYY148sccxv3Rp8nqgru8t zeFqTHZPB;plLFi}xZS_p?oZmbD6Ly_y*?cir?U5-45DgzcZa$n_&V`@8~S_u84=+= zDP-`g7)63q&&TC8XOpQ#k&`$Sd3e5*@RA<>>n~(O=!5*UU9z~YvJf&t`lKidP{4Xv z)*I-^Wyhg^BEzr~{kCn1rk}j-{UJuV%T|5UvbtX=HL*v7OVh0i%f5;&7^_{uEuhlt zhh2lbKEZ>J0ltBO;lLkX-YKE-kcR6}1$oVYzNNgqMRx-`iqv^`5>Tpx_p|84*Ez9$B!DsGiy07*H1c#H5=k<0io~HK|9}TY-`^j;Ys`GpW#LMs{_4#G zpk`deqO;x9sYTkfHk=&W)Cd4H!{#n&)|5hjo<^oR)XbW<#_BL{@Ve-@seMI#?=SY0Uv88~tWc|>mZv1oBnoW)XVEwTC$1PUdaBfym200E8+#Rx&8#vZktcZvRDM3#-R5dJ2#J@-g+qdHxL-(Y0&*{)M%) zvn&kH<78NHQB08GGve-J14t2a*~i&Qo{%KeR~IudFZ1e2qtwq$to`pr^EDvNw{QTf zxyWD4ke=|%jT|o8k0NXU!|B%>vWtAy{~0DBW>2_X+po~fEj{tlq@!sW>A$&0ou_}H zSI^5~g4l4Lo3EQ)1C%MOltd0o*kgFx(p_)I-rMExwUW?<@tvNbmb4rs$Ra)2;^m&a z_fxf>_+?EN>^DH>qP4xCXvE(Y5-t(gGawd^@TwuqZvCB<8--s*Z~1aN zpKVvb4eWcmihY+NNcH>t9RFOEI`XOvi7SR#0NGoiBy(*tp=>L=Nj8w~1NRy-%H`tG z#wNGH{a1?`ky-P&?*`?6A1xR@-Vh`bI4hw${fGSdq9Bkt2{D3psGEFxVdzAiuOZ78Xw?4} zmS=AqkJf99^}MHB^y}@6i~0L|XPI;bB9LKxg*IZ;&@!YjP#TC64%REcyd!Rrz66P7 z@!J?M5>HxKYdHjP6kzN;m;_1-Bi)k{(YxmE=lJ}QX>3*oY^-R}lD`}HAz&W7Y$^Ku zr;aFPK=My(-`oIf?Ru^wW$8+?l`q8CHh1i}y_Nar8DPOSD}?R`Rl)bGBC$O{20yd7H91WsDT zoA7uVX@XLcK-@UVwH7`!Zvgi@%2$p(X@|W4wcF3CBDSb}d5czLD*&Z}P?h3r>;Wse z)P~WO7MI8ZtV2>OWVtwjc>j39A&Nj;BRRuQn@QHnfgg-;R5Y_FP#I{*is#=EzP9}Y z{G^iUMuT23{!c+G4ZcIc-1q#trJM;wD37Qc$Zx#D&@oA9vIbFhsQLEyy<2TPF+{uOP_Tgo#L;x%BVuK#bM_S;wU%9n)`D#4_pC%{fu82l}6swjD_>j zI+AXV4X#-j2P2z%$-n{1vd~;;=lN-&!qcs&Um{j1`gVUx8=@DtbuUJ+XJa=$EU7_8 z*S&NZd6nRxNeqPA`cFi$$8gonT}CcnLat1PmlZ*xJLhz}kO#Zb>^?w*SdLNy8Q^|r z&)^$cZ)-sk#5e?>sH1F3lYlhH$R?vtY-ye3adpdm3h|Cw^%;OwvL!_>2X8HaBiX=3 z%nZabg>~GYV%GDE8li*lStzO3kld&nWSNO5u!8>%ZY8v5)zvYxDt`OA71Uk-WfkSxH-$~o zSj>dEw4O;Q@pKCf9zi;!p_3H1;=d`bODV(1EU}`&O*9R#&UF z&s+C@|H(R%SPX?)7hL{yhvH*#nS)^+$Um)8CejI_5DbYu<$Uu={DZgkYd~{)}dAH#!TEHtJ zRewN6gX*m!aiCb>M>kp)3FJ3%n6`NxsG}w}XpS@vM`kx;@f`70c~ym#@9=pB+?kYr zDz8A7J%H?2{Pit9OBH)vwJ?J3gN9F65qZ?y#%Yp`|L-PYbSB31xe@d?xI zuN@xte|g6Fa7aT=8)1NnPIZIe5~toV+Z9#PEexhO7%6Q*QJ+7!u#{6zdNnff33 z2F6aZsLZpU=U(+Rr3NU9S_=EzEz!8&p5x$`>C2@o_al#)OvZbto#k#3&~qditQ{TF zTAVx?x( zvCR{?QYF%byA=plFFKdA^qdVQu^)IVy4j|%m5~ZwZ#ltgp31Wk`p3LXO9qVIV~@Qo(nSgJ(Qay8T^hMWw5}H}tf;1J z#|T#OALIrPd;US}RDn&NGW1BNmgz@QyD20#{so^KQiBD4J-r8O>X^>`MS`ueM?Acm1tI+6OzJVlOffm0P` zqYP8Ra2>lCus%=Jz;PTO3`NQg_YgE!87Bg|WJLI1+e_D@M=8YE>WXFv?3f@ z^X)@kr-XLhnOlf107b`fq0z#pJC9{mgRjrzswMLNEw1S~nd^_|!MS z+Tr8GoU$lbJECk7c%+e1Z`PFaWbEn{SpucYY-k{*Kxiu}pZ+-4nevB1y2ta}GVLCt zDJC#_1_}Q7L@iXxJZN!sZelIp{Cqd@Yet-zKwK_t2_0pa_Ei(+GWCoI(YL#*%c=Bz zy_vStG5VA~>il|ws+lyIHom6C>!*jv%u3KA6G3ZbJ^?q(kBT3FNmL87uf6cqcX^Hm zp#mCYODdv1AIh!AK1M7!js{6x zL)`w_{m02cmFyYIY?33D|tdF@dYfxc2QN$SC5{tf~nJ( z#AX^D>#vO@x$0HZ+FFMqWlaJs_^t zOpj0Fes%?zLu_kS=%!Xm{QVaokGrPWTI6|(>`OC;U4fZx^(46$f+S+hx6e@^4MEg0^R0zcF&o<2*lvLJWUgLa^HcyzfMPmA_c zhuiF#CiX)AsXeTVLIi=(@0}eTqwzTrUL`GYil0b~Iu<8-iR6TzFM4#O-7U3s-3;7C zOM1-U9Ai9=+yQR4!ri=wY`#}UPAAVaQ5XKFP~ud>t8$pa=aIxi3;%~KI7Ak-W*c@R z*)oea3uPqEwCn18?ubcrie8?XEB%e*Hq2p&2%DRCOixeO&)g^P@~-o+anKJxbUE0! zw2y9cua11_NZ+Sd{y`79cM#b9m3G|FVZ7*`ZV7Wa&1oCL+N8ICP$*p0Q_(&WDh#*g zoj5#O%jnCP(s?&)9CDpyzAgHW?X$eT1wzS4u`(x`ka;{z*&Y4tku-6(yeb45&U{*? z5b3e_m{XWW-&@#e>)b}p5WBTTGJk)eS90Nicl>2%?TJ&?+f(WhGIq|)Ynl(*S=FAN zY#rnwFwjr)V2>ql!FBn|I+*BSj9)GAlhE|dJW*>0A#Mn~+Mk@5MRW9y0uJGB%|IT(N z(JTHs9wDu*2>RG_n(m#{gdxW*7LjHu71E&@nDeUa87*l3ZOXiBvbtuqn}q)@0WSA| zL{Ze3`;YkoaVPlceovQ@5)9CWmBjn~BlZ|uqmv;_tsZ4&wkV&pRExi_dkhz^ijE*O zIB2?5ia6}?T{-~ZU~L_n>VJBc^KDfsd*zp`$Nb}}ch$D#!cwIg(WbREPW}&++hhR) zKcE%BgyOAZ*mL<`)&9yJHXYZ1ddU)((`NCJ4g%5Jqn|>GF5_N={XZ`zorl+ir_Zg{ zypD7qX%}u{(a3!nl%&9wUh}0aFjH>P9|Ns8-gEF0Y~DCsvLcD2=V>_hGLZ8`?Cfye zpR9zmyD_z|_X*MYeawlw&RBWJH}bY8CiP2b>)q9lTyHmLw3Wmw8vJy#Q8U|YSJR&; zh*j+C$F6^N-MxQ{4~&u(#@HxuQ8nE*0g8u0wn5kWRKE9P-HCctP=5-EeQPE0V!gEZ z5~yh03RCFJ{Ql3Ys}+&maljbR4qMpF*X3_WD$lv+@{svAoA)2|NY_v1xjXq@65`~9 zJ8)`dUvpQNX@YfqME8KVmhxx+5=v!rJcPDf_ZF;?9QL85z+>3WOFwVNHy-+hDRH;7 zN0AWrF(XNsYRbtMX@}0(2yZwLujrpklyXQ)th6@Yrj<-o#cY&=LykIx z|J?5wor3s_p<0T!;IdV_S4&z2N&$$|f@}0G-!9kRFwA8}_;71@*pYy{T=`xpbJ&=~ zdVwTIhR2`rNC^t!-8mwbv8gm$&o{KEA_7nyfOt1fX*QFLV0<%4b?~k6&K4hjLd#dyw z^#i94i zyzUNlEgwOAXZZmd!;CMO!1+7RE%#xy=DV8g6%N+USDr^)@>{b&g?jAm4mf%a{LGNd z(&|OvMC{P)qq`kI$gR08mC!n1ym@6hKq4zI6@c@?dJ76%WmmP#4EaFD$W$=#K$Rez z872yG@4|sN@#vJ;Z_$V$0fN=j*!|T%%Z@G@EAd9gXWF-xo=iH|3wrNod!#h9vn3is zJf8}%h~j~kl>D;XxB*XleI|)uGF6By?VL)7N1}${Us|dpnrZxjyw#m-*NS~twXlcl z{Zv;v#SHbCPuWpn%p63bsiL^jWYq`|u?W6~mo>>o9miYoN;OiibO{`ZVTAFXZHPtH zYe|}f`Vc9M*h@2@z+iY60rg$j%w|`>>5_tc1GRP(02(tN5qND;W-%A^HlCN8JMI4E z?BDzj@Vt#uH2Lru{Z)mPmV8Ghi8{yrQT|;rC&!Qb7!#lqFX4-gp0RAFgP&Z5K`FnU zMZ|C!x$O%uvhV0m!~V0&)OGkKcmLM^HPO*U_6ijcMcf>hUWhb)Xbkt@mQ+M6(DT;4XKyf(Hy=}NbJuGzVAta@v zN?cHh1D;pj$rdU*KOVV9TnO_k2n^4r5GX47mK#a?$F`@STF+qJyBA#JH}Ij>6=6FI zmoqk2wzk33hd71i&$LYE;OfRdl9I&A-fXeLa0!5qGX6A@CD6l)e?xp$hXYr62&6YqGWHXoab;Iz11RVbYKN$-Rd&ln0_#yh;d26TLNGsJxfrw2wj zDknAEFTRtW5P|6t>n_TDz{U~$>uSHi#$Du0BPq<;zxUr40%20q>n&JHua;nO^(ndn zkxxis$D;^tTj!6<=TB_sKgL%iu>z&j2=i7&Zs6-SS!u& znH{bRRA~LLXEWat*?*`N$wchlhUj@4Dl z@R~{Q6gbhiTz7^h7Y63J9AUq8%e`vcU(ZqMKQ_>1F>3JMO+GO6Z-1s*)_;Rnlfu%V z;fcXUFHu)*j%2BNBnH4>*USwaV$;<+vHj*`%sJAVXvegH(unL1W`<|gSUOq#9g0bo zB=78eUhcGG1)tQJ7|N|oD~q<5ko>D}^hy6+H06k)899+9_E}K%^}|!~%MCDt&F@fN zvTw$0ekf^X_M{9sN^x8tqb`lxEniNvV@}|k;oUWM8tq8YpS2Z_{D5JW+i(?4%3r6j zQrcPPQKT=cTXVQ8+)D3c{I!cx=+@%fAMg5 zQ{hJ$9g^J>6EEMjxfD8{&nzIbyvbWjo9)~u-Yl3_?bqEDi-Gwmb_oHeZlDh}TdBsN z<32(|CcspI3iw68!~}>(|3h_%Zpynqo$z(Zh1tRixIjkhM~tuLr>Q?z^!MP~(}PYX zoiSzfpN`PznzX)S^`E6#8#EaDk;>13kKF!H(|Rnnc(Hppw9}9Pi1?Zspq!YocKxT} z{g@zfJzMSH$j_plbIbkwVfM7h;Uh_0!>(T+zGjkSwItnI?>Qt7+2TtCMLg#RA2A-GSLquiCN3rl;RY!{J zjbkl4d)^@sO>beYm3S6?i20N%LF8ChLT&*1_7G#p;a&tWSr8D5N2dx43!@6XdQ?H` z5%_%`by>t{Kd_U-X}0D*3Tuy)bIwGI3@U{3x}AhtjF03utc0LZba zYA?KCS&m$K$~g8{^Gwl>n(hp6=e%C?x)hFa+UEuFf)qQ-(@Aol5TkBhl;o(xXd3a+ zKIb0SznGZpby-dQ;7Q*T;5b0|upbgOfw7hv>w)2kc97eC_i?K27BPFnqPNKCyP#dc zv0S`;hvmb06Orq4%tXYY^7%Rhk+U3HDHn!1iMNGqyb z=ZwC?62@bh77tPUOTW4BW(gr&0IG*fPu-h3;ePV;J`e|B zoS6aQ9_Y)=_ijTrI|+tDaW58+&4tu?(Ty=e4gXha=fxYrvyx z9KpsCiHd8b)ZDf`en?fx&&Vb#q#!p49GQZh%>G_Z*gCwpnh%lE zTI6uAu_54UYVMhx9-=c39In8@6Pfx31_x}xhd~2|`CwQkB zaH|zq6cx1wc_*c1=> zqL2Ak(MWk)#~HR&0Byg_|D)+F*xG0VrJX>5;w@0zp-`;2Yl~ALxD@x|?iPv{cPQ>w z+$~Vt-Q6h~T!Njv=R4m|*j&5WXJ_V~f!{FMNsiet!b`pLD8Mi*`JVjfTNj;YQ4kp_ ze^;fdc9MZmSu130`{4zaRjejRV({Z`O^1g>R{V2VjbrDt6u!RD);-N|GrA#tW*t1a zV0jy!5W8_%ge$j^C1PTCRTI#~43`I`%E+`0Cne%wXJIg+QRFWT8#H02tF;>*p3aAe9Tke zT`C}CbEC)}ppu5Dd(j=X;j`Y{&ger_3=Oq#Ak(}o#&LJi^s=+p*VlNw&w$QDZ>ZNo z+i(W>m)uX5W%|xIk2Pm+|3szRmfxK$pMYQS3k={RcXERNS%`bIaybm~jeh%~*)w|2 z&3l}X{i>Kv*J(joGMwY&xJDvpzxSE)i<|PKB-yfrOq; z@mKuA?91Dpw)Wfkwh5Q{JL|3IO;n$)&{_)9wFHnbV!!NotOq+Xg7-PLQ;B5sOo8-; z#_fBdB%zcY1ktU?O#UL0Z&7u$AXy&-pV*fG0!~uiu69g>T^-<`HYJMDG7$C%48s&Dkd|xoZiS^hYv09HkEz=|hHK@%FOG z!pBVhiN0R1>{OXv-ZI$1YGZzIK1+pTq4%(~i_EcP3bpNKzCtxP+Yh$H!E^AqXjx2V zq88(}Xg>0G0fr0@4r!RRLl|iNWK@aE$tEw__+$bx`*!UNRg=Y6RQ`T!`0pVruByOZ z^mpO+Ik-2$j)Cz%z#G&^TswX5J~Mtti6)z4)^af@O;D)tie!#1KQBhV{PT4Ov#*4| ztKJ~gSi8;asIlwvdroG|@xfl-Da`#pEA&_&{ol?YT*~je3&k5&XJ_!Lg$8lpN+dA! zuIqMC4#_$x{yariS>a$u{+b$@_Vj&HnI`XLcYPZtRlH!0bB?Nv20$4y^`Jaf?NO&{ zPmOj$`HVPPy<*SH8J^mzr|!5L#VnRY79J?W9Q&DCS=_77G}Q&{k~wLKGG|90PL8h9 zmRXPp5cszp!TMP&NzYKQq<2&Hy*8~k@(aK!tj(frKS*16c7{5|LkK)npt-`xR3a`*9Za zob$w}XHE4o|MJ6-$E(o@%UQ$3q832t!>#){hqs6~oVu#HX>gc|zZ?gr!w{$?6Adlw zd9}Y)O!Dh=CC$_~E*jT$?^sHsgFZqDT!YuUo#|Pm%SOM>ZqIKoj0+zMZtj;BXDy?2 zAsEI=vZ9iivZwk^bWl8!d4vWLC$XRp>rygGUp7gW^l_JlbCt;(1G2Z>P37b0a>6B| zFEbtci9SYq`_h86YfE^>H{WkY`&@9Mb|z{Oq6z6THb#o34?OBrJIM0yxlRagn=bx9 z6go52INfreD%9l7eoc7QqV+E62JjHD_)&_rg`yj<(mdRZj|lo67H%NFZS(|oTj`J3 z&mHSGIYuV1sFPuCwwaP58E;xYnaNA^+dT#Ph&KDP)2=VJvuix+6FFaGx68Hxg5gv* z=)x8{5Wj|{l67;+6vE5oTJ(IK1l9y81rfqz~ zDeWG?-E)0?mf}v)_Y((BM)BJe64BE~l8_Yt7A7$Bs|0gYzNNIsXknstj%-o0z2G|> z(huSQ7apV^i2t-bYwwdh>Mzxtt=zTLjR|431U^wjv6I!z-Ht&srbu17Abl^`I$y-{ z;ip&g`n7FyCxCLg&9HorM()0c8KGB}Zh@f1`0tGq{=AP0Z`IZW`oARJFu_r0iygxZ z)=JY=yZSOD7cSP`fiA4HwNRJxpB2eE4{SkuJG=Suy}miwY)m>?kq5tarQ3(@vnN>On+}}gJ)(J>rs~!*I|dlGWBz$gq752l% zTFF11)(P|*?;{{A=_WD!c`avNZs@mf=fXUrc8;LfQ-{($VcQi=YszkeZfj--5av?q z_w>BU+CJK;nV$P;Nauh&t#%+^SY5gcP9X1@QVl>cRab=tXM?pzhCmrHSIQKK2H3K5 z0*$>r4{YZw)3RYq{WLP7SUglc1kcv8FW51-Vn@iEkrUzC;-GcWnE~+QFuqPxa)9!} zeBYsKTLJ@T13D0_m~75J;ev-G)_cjs3iQwRO#Yzs->1c{_%;yEy(|MZjkgS$6(8Sb z%@H^h$m7%Fc06QxWy@F5~;Tv~d zzQc^*+(zz;Ae!H&P1dq(@B2335jkTjUjz2>7GIfDw(W5&GWJ(V;CbY_#l+^R-bi;J zRxM514eKpM2|1xoVqf0K&yNqg4OSEnfXhf#)UfvJm6YE)c5R&a(ndLavp&XS_&Yrb z7q$k|LZr`bZr27liaP^jlf2}$jwZn2tgyYXJ}SRFyYONlExsRqz6Uw<2g)-J>$dWh zZM+#Qx15bW+s8?pa@#RN=Gj>V5RKojR?n>4myjY*PxY1gbk%u(s`gVMFQl_)HHS)Z;Bvd6@&m2=Pw=` zcz!(0B|dTU7c88&Ol=TEKs<7TykQi34_%1;9}!y2uDBO7GKJ?U_mR6vcZIcU)(s5T zp*!Oc$!VK5+a@cSet?o&V#-YKBC6cF>*|rTqIZK zyHwuTXF+UMlbI2!njO5}%n;j!)pzX^ZkRt;TD)2+O^nTt@j-yVf4Rx%LQa8nzvM1ged@2y|HQuUDx zh*<-|s2Y2BpgX}2ZCv#_l=|uqY>b6>$rQuPu8`wvUcjtfgZD8+v_n20Vy;U;oFD;@ z|GPGGyJmZCY2q?bFbcktWpNF_r+5VH(@JbyIMlt9F3;CJb|OBt{SH?F zkH3hf*ap>!xnrnAOMGmR7Viq6*A|fT&SPW1;io#FC5ARZTs~Tk;Wn$K45wb3u zDOpQ#6D#BBQ0J|D7CJFFLTce-_%wwrSoNBOV}&yQb?av;tIP{3s(vQA4eYZZ>} z0yRR}td^^N0#~^!U_10E`+NnZ8L?L~4dmSd=7b}+vde_`Mt&FoZPnRQ`34<`wXX21IDCF-0x-t5NSAwpK_=f_h{>~_74$llJw67Q^ zfK6jD0U?E$=^k%O%>NfS{6^Q*p|*D5T86~-_h;%8JeIxN{SH22DD#C2lQ~sF+QsG| zmHqJz+Qu@{dzAc#Tn<84haC%?TtpoQnTY$0HJt>gxkNPK}n=+EL%0Ur|-w zozukd(74%$qpv(HTa~kX6PWhkyH=!HSh0Hyfn2f++-jYqE-Bz4n=L(fT4WGmujFeo zSHB_d_P2wWIpu6cq#uMi+Fi>fdf(xD5Pe|x^n=e07!O>h{wz6Y8!We)JB=cEuP=AB zOQ-l!`>e|ecj^)qi>%#eLf`#JZfDZ>&X8|9qt`ByA8Cj_;O~KdzO(>66>fp9+KQS9 z4uSwN#OL`+P^NiEl72jPvtQZ9L8a_|x-FGWGQ93JK_@dbIDpI90_647KotJ&G@>h}G5DMSx8uPkEh6Wvjlm^;b;EU`Fzu}1=6($>t8`PZJUg+VT@VF^V z_NJU(c}ZfOq&s4I@UBGRYJCor`nTE4tJ3v%R$P5c+kS@y4lAuE_~Yu#4;v|**7?LkbJ7J2)qzqd zr(#=r^Cc--fz5Df3#@$A3f@0X1X^C>fG`aUq)$HHE^K|&ERJ*RvtDZ>5lGx4As1Zr z8_E0QK3g!$pRLzny%4Z!_1d12@|3_T%b^?SfOWT^(#{f`v_m}g-+D)g_d z7~SCmEF&syW&+3E4VC`u7A+0p^L2YoE)*pz%sYQ3G;IwPA<%!m$=V8A^$Lv!$o)+7 z8nhNN>Dp~uRJ(G+EVlp7aW%gC4Ov$nCLb23yWHoxTxCERW`@|h3w16X_f5{ERO&Ko zN7E|nInNAN3$pjd&$W>~&Aw~z3%o`SusnYwW{2Qa)3!Q}v3_ecrOMZEj-Nd8n$=ZvDZ#_}X>3 zH9Af4G#RnS-mW7*%mfNq`MmdUn5b@_JNu;<#rUGxwS;B$JNP$&$-?I5#Un3D9?PmsI6mZZeuear`Bs_c|CK4V=z)Icb!A-bc@kXEkI)HvS3_vc^+Xf zr~n--gjks73do6Po5V*YHiKjiFJ)ytt*rGHTbu>GG35<2T9Lo|uTL=}F zoaUbFR#MOG1pyEE=HBSw+DAu>%Qin~)L+qx38Q5A8dbuIy9%eoO#~kl76&hdq2nee|BP zZ=2mfSoT@{Vlom_exRt<33}n)xcK(kK5vwKpb_dCbHwKfJt~d_%yDgJ_yndTG!vD} zJW@}%rd^55;G1jPHFQ1}?DY+Cpl5qBL>S=Q$rod3w!wE3+ZFE)H3o(rnFHD2e)ZWh zq;dIluCQbz8#3bj%^%k*aiZdJdv>3vS7cGScQ>VdzJ0yy@3eniG*Om)YfI6im|cVa z`nMk6{tNk}KGq@XKXgW%?bb!=ZF5^|3!bLUkts%;71sw@c0}fSt&Izyr5Tp0EgZY& zh9h?<_6oG^WexN8x$#P(QQ{{L55(z;=~=hbp6Zm5IbNekGbZJbXR<-qPGn&LULCog ze0S=b;jQ=CNI7JpmU$wovzkbx%2nttvjl5IG~3yxVr>~JoFA#Wv0(R6NvGN6xZGbr zZQ+AL{;$^ICcRjTq;!WLv|T^4u_X1F1Pzauk$S~w`>2`5K_c`hd}`Es>0#so|3@sZxs&{bwyXRHWZ zgMZTFt?qWmc#-dVNIytRulo(G^_6Vj2lgkDdCe~tE2MwG;Q?`B1WvWQ(P!(u-%XeZ zQm$ra&%tI2=_L2x9y0F8gup|Fcihp7I(Smjhqm!2;dBf*fa{yrb6lu>R)ss5lG--Ft5}91t}%;dL(bMX|1mQxnW^#`lNNFdVg=-4FRnbH&*($c#>B2hIx9j z7gdh&%t8}dIxaUNqa_;@=vjpI#e%>dKu@Qbu_%v5-e(QQdJeSXsDa-_r6FQLBr&j9 zCq$lV>wvrP+--kpM4k4fTut&ugcA&eFDvecN$e=DR>Ts0rRI}*MNJ^kcm2yb(M1Hq z7@4Ji5={2D%JIBvBL6s;c)clI%5G3q0KM)>nQ9rg=O$h8nV6R0($vzTxuKXsUycg0 zBP_niMbSP|`0v#^_udY+^W}!xHHgRwNO}^2=OD1k>S6KO``yXcBF?B;Y5#`Q4~qOi zp`$mH^E~~Or}9ndmHg8X#5gL1jbuOK)=`rleE{P#*L88g5{!Wap~A0K_Ik#%5Xx5= zPIz*vnwK3iyAtI1IM7_HcionPD3h^tR2;YdS@7<5ru6O&+pT>4(u*WEN$N19_ZV@M zNYLDcleIrQ#^>L8p8bSkKM6>r5m3FL=dXjf3*63dnr8Qn7a1PP8a2wbAB&d8;a)zr zZ>|VJ*|nP3&Bmz9)dx=DzgsrZ`+;jV8&msgp5|Pu(dGM)Zm5k_JD$)|?PWhk8e2 zioN>Gale5x%OsNLyzUC5h(YIRx0i!c-%HG+Ff8F>$8KssEE!1XfxuQn=yDVsOlAF# zmdJ0`J1Dch&LpCTElo1BkJ#kb_5B3@L59S?o;42OD9+3(rn7cJEb!Q_xnao~L^&wcw@3;& z=ubcU6}&=jq;;CRzo5CX*nY}_n{J@%VCH=NekWb;j$$3&89UZT{3v3?e9`@lj+??` zV`bzDZh7Oz)Ajr|(DjhKN(1>-r*V7h%PzU4%(GcxuyuaVl1KfJtmvfnkWB6NL3qEFU(i@NRH?#Q)Q? z{frec!~Y%qz$lk|yW~rO-}NekNqLr8j$X0uX|C zjC@971`e{73@>KnbMB2TmI?rLGJkB=Q}ikbh`oCNWL_&b3Kh_kZH93XwapxWxxskT z0$ty6?7;YW$1rC19D**X?AObbPTlD#`^?J8jeV9$jPn9La04y0MEil?R)#---==0X zTeLH*7tt2pAjz7<-s^FW{d$hQ7nF-}@EmrqXessh0*5tfXa8yeHXWUU5(tu!R`-uB zX3v+8?QFfet4kY=@tol3B+}**JwS1wL-Ci$!#r>H_3Epjqbq*7)3ZMC<@yx7JUdXHwQFVMTnG$IzR4OLL=BWZwUi=>=m;-T!2B1 zZz+fF^Fct5cQjsN>Jmxch)Q%L1syu6r@#4H50lNL_c_9PZmB$ZFM{&X#9B@pbqGEv zP=equ`CQC<(6`{q&WS2?gQ)_qgRyFiZ@g|;<(W|HVMRL2 zrl5JGNnIg&HRc%^*7fN>KPKb_zcr;QyMWJwS4TYB{(5EM#gaLF_>}#|aYuMVfC#p> zBm5@(B9Tq}kxv8^3D)POA#h?5PzT>5Ub(K=d);MZ8Z7{9sTk>G$cZE{$h#a+9 z^6Mwnj{}YL{NXXGDXExbE}7eEZpYa;+-~ZpTPn%=W*I6|?Nd`kP9;CC8SHo0m-dg6 zu@eG!+tdNQUavGpWB#`p!Bm##m0Ca6)rLQk=dUJH90??fk`7D%L~XrtT6O=<)xes6 zPIdmX{w+{4`o<2HK9n3v%C`>v%9YcIKls$8mNMG&?b+wCGJv#HzEsEQ&_T!1*&-Q)G$l^? z^f!rSg7kmiKdbmW%aZk}O5rHdNJldlM|?`)YMICsY^r)S`@OV4=8U>a<@yE>F^}C) zmKYo8tD?D@ng=@C>BsMiMa^oY4t^sheEg>l?Og%stcdJaJ%_(YADJodNH*@J7*vz< zXVlXIG#+D?+OAd2T#ta8(xSeUFb0Q)IgkN{Y`b3iPK@=9>Hv=aePD5NBh?(uXQi9- zp8llEHP^d8)S1%T@Fe({Fy3tyq0%g<2~%l5HMYx$(EjB~66stS;`2)TShUVv$A6j+ zW$E)S?Pq65b!$Z=<1eq7l`}qIF_7{CwP3LKr;?+(QPF;PV?~lKXT$S)4?gQnu-jW zLZ^iyb3c*pdIPh-64g-a?MEI7yINg9xRcO@>@0Wp_x6AmmiO`esIC#K?{tH zeUEuAwjCUVO$kgrT#E%$?e!pICNY9d$x)c>_N67|mZM#1m6OYqyG_&9XddG7fN1QM zaxf`_ciFAfIkMT)oicTR=5b?@TJ!wwM*bDspPUwRent4)jyAzm z>}_B|yvPmB;xpZuZm zc;P=h^3OUx+c;5i>E(aqWajrS(jKXKnBvH@M&AHq5&oL}9Bllp_#Z#`;X14%Hi;!# z@~7lre>&vzEXMbc7N;rtvH7n>4WBM-?lPCdkcyG0UE|c!sryVqvwFcX_XSE9)iSk{ zG@h}6M3zWyQY9u)k(r(5@sfxr(EH8eTH`|Q|0BS&GzTa=%U2X@*qC^nzWxev!7K&%&4$P< z3%%T{)>JQknia}oLYJacoX~IMP0{6HDDZZ(rwfJ6p}cOA!9NWaJ{6#mew1Sj4bUjI z7|W_FDR@|QW|a`A=!-V3F0i(< zg$Es*xOrdAQd=|H}vU{`6kB6ah=<*fmI&f*=EPQ*Px*Y_LmzNHg2`0`?o(U{ zagaU2z}WYAsbA($DS)4MQ}zqSDiT`Fv3R`fL;bU6Cv0vy3taiX*)en!OEbY{&~^x@L{k{Hh+Bvqr*9$} zx*?@p3UD0p_LS}qS^@)elA{gWNPnA8Q1 zqndISFY$l&lX;{xQ%9LC9q%(ie5z}21e{Ys&9vd9%*IA-ccY3fr~mQO@#EfJ@}7Zy zGv;4^$z@xGdTFLtLW}qZ4Yq`vQ@uu>CK#_o9+O7>thl3rj&BvC+TAU;6%e}I?(19p z_xg~O^*W~AU}MEhuYALBedqEh(Q;Sa<4%_UWzOztTDYg8@>nWP+5fDZX%3T(j6wjN zJdC?Kux83dCv$Ae)d-n>QcJ#Yx&Qi*GhK%cWZQ@~m;KSGEqKciokT+NV2D1O5!~lE zK)$5;IYLD6ymGemWKfF`(GJXg`Clb5x_~CSY1=~qbxBtV#k-IwY{5HPw3B(AW^Lve zjLm_cOK0sarkqJZ6zEkhpoPrm&Flm<};0f zsKBrKzPq}6l+CSD8$`ziE;D^P1OQ5ekC5|JpC;GNKon+|t(Nni`htY#T?Ep#aA6d{ zuz-9~THtB&BKP;4>aTFo09F9Tt?9YSazM8ztqY+%vPc;{WZM6n{ygZK*a2Bt`_0k6 zfi49~6maNYQ(v)H6KrX6TE}}!e>4C8R?j`uDG)-G!r%O`GBKPgQO^G*OtLp=0r)bU zvug9Q>3Ha|@LzfdfYB9JAIE|4V^7i-&C~vpK)Rzt(zLEAr&*HoC)Sy z-ussy^BEA`IF%yv05GYKs=ro#II0r+7%y;%Lm>9&>8LO!VOQ0@AnFYAc!nTH=FkN+ z^SO?Wd_Qa>1Q1y$0Fj6mWVS2AL(wpx(I0rup|_gdb@0}&Rp)x{ULNku_1&`-7bgRdmnchyJb)R?au_u~fxOEHj)Rt7C3CA$( z=`YDL-jA}^*g^TGBo=CY?jl6|sqWy2Z=D;ou(p~y8SYCqWh@419KQilU#-Z(Z&wjc zyNh)9Vrro?{W9$VXU8ra@~z>T#hM!yT1K%4F#W~d3Hb@`o>{wXm@68q?tYSE!4$)I z?P~9Zb(MIgeVf64irFAntx(nq!$_fQAdav^3s(OMgH^J_z z7hjKSvauht8uWt1m!g-X`mI$a)DmYZ-slGUb5LA~@@)HTXasRU_z)ZN*$^-8f9*Ep zhR#KQdf0EUit!oPC)-Ef2Z+O!-jpC=N#}vAtgPsrXiUgzM&nYL`Dg~&O@`)vN~iZn zi28-??4?wP`~qy`spdxRJ5*Blg}dq)_tRQ!j49tjJ1cMpMBj9+lU=oxJhZW#3(>s0 zwXiSbE^s>|aV6gNma0-L-WVh9&+td-Lg7Tk(Oc~sdHQV4U4g}B*Jc||D_!u%!0bMzaHMH8 z?fJc=d_`wZBa|Hj_>YWDXBWawM<@ZmZdL&94fZtPkPflr$@~9z0c65;xzpWbBTo6o ze4y!Y=FIlLn;ImKVTY$s;z4IPuPUixbqs)z`<`6vH=D#*m9|Mxj5s|ue=j(2p0DG( zejzIHJz^_&vPTdnE*U48H2RzU#PY1TmrCIF2V)tK!RmJrv6m?`(!H*g=Qj-qDJa_! zv&2*jReW%B;xqzkJ;>DLBbHc-4%ex+2V9=+t}}@6b{1sJx}c>SU49QOh0gf1EvO$B zcg=kKMsA0NmOmVr8!-Hq62XoCLXj{iyOk0&li|D`4D^6%x&^{3R_gd~$m|(6i!~6g z*WEYb0g?yY_Wmm*DOPRMVIBT5S($#Y!!c?2ObdcdG`!&Gx)kP%F{^pZ=K6c2t!iiP z4h-_mz!VZ=Zjfv|mzj;W<|hfQYp*+-GvH-VX`7b0YyUhk zcKDm;d&ub`LQx%QAdCNg!UCLLdnc3C^skA^leBT12YqOd02*uW zKNlJ?SlDQ@atFPhx%TPg*p0ya`c%I^5RxDa23Ae*T@jdNSgEs!TrWIyj0Z! z?=cdQTcOw`DAQ@69$|b@D4P^z1&%X*nW~3xF9eS0W|6d2T-Me2-{YO0rE)(X`xJX@()QuN#iFBNJ*UCr<5;f&gs%SksmO%fv-?B+2A8=*z%QDVF6u0p= zb8GV+Al{E?!nuEMeyBsSPH{q5g7mBGQBLNOM_T8#Gga!IT<7gQ(<5`oAL$~!BYae; zY^Fq`>1-4BSkkdHGS!UhiN|w%xbT;z=I{g(_@95Wpweiiox=o2c!lPmD zIptx_c1d3{G=$(uojce6cPTEJ24p-tP2Ja>F{9FfNvKg#Oye{JyS}pE@>#qW=lGySW3X9*iH?J{`YeOQ81du>o5{xCIi;QVgX5lyuR8TCTs!Q58SQ_%!5V(-qsgX7p(L%~R%# z%9SpuO}3uouoDB+@LRxF4rwB@tz?PrXwQ3JZES$TKd;32pjnnUmiTC#YVUw-)7Os& zKJ;>gJ5BzJ%l7u$*j`h|A}NR0%zigXmi4;lpz0V&BTVmVB_%V6INp5<%e~M2S+5vU zIIBSR8FIf({k{yet-T@TBLxfmRR>up{9qrjEBXYJC_#i0G}0Xh+rkzY7VO|gj^Kxr zwSk%K*%yAl0-aN+pD%s-alut6_D1QbcGI%c42M*K3j_wOa|e}JZ|MF0>d&LNti)-) z?T)j&6x}a+=UEcW&d*IYN)i>fD${OGx>MrFQ)sww$1?#VqENQhwfS9~uU9%`vI0ku z-)&S@jMOREonG1aRPjbYf4ZBX~v~G>i%b|R>pPG1M+up zN9>zGhtafX6;Wk-rw9DsvZzz&DgK_I$?4QTrNJLxefb!Hf&N294|aMrUYGK6(e_2_ z=L)wUn3gxbm$I#MLLdD^+UN??4+OHjdqttv5ZCM%&oLLyv0YEV`$sO+O_?gikswV{ z<9mE2ZLGt6-=f2o1fAsETl<)as_}&mH;r-mjRs+IUPoo`=77~B4)fJ`F=)2H*s^bq zx8>|%;IE-^Ehn zv%TKvSU}RoZm`Sjx?Lg5GJTUWO9k37QBsJ$+Pc+Xvb_+ntI0M}t`_uoMBE)=O%GeHa;SDD)!an=*U&Xm}Rs)Vyc^ax8CM{{zWgMRvRiR+~1S@ zS%>K5Hm0~+cLnohAb%pLBbWza4og@i`e~^Nx;B~b8a!DwD=B1gjZy zNthiUBj1&XV_mSaK53=U#4OE(+y*kA|M{k%8#8%1V4kwS%z2z4%fuK5u=xnze`!VJ zyiR}TOST?b!#f-TFd07(x#P!1yv~I_!+AJp*KK}`$dM(V-^*3@od?<#iN!g^h3iTq z+13Ml!n3S$DTVMp5{gll$K^xyAgyzjpIZk1A6cQwmxtV3ql^Gn`=vIIrCC^Z4a9Ss z*5>ziKyy1#!d|OWWZ{%YF^gm7s(1eoudZs){&rQuDjV_;PA}cEgCRtuS>^&MWIdpq zR1imQ-Nm2&{m3HvV`BZ;P9I^0#KR)EdN0g5L%n=Ka8rWNjmYz}O?UE#!gwLGz9G`V zgXiT^73iJy8mQk|G_9R4%`=6YHC|CDjd|CpLwk{e^+HHKh>K|Y%4{TJNWAfUhviD< z0_650&G`821%m!zJ~Bx5Op^3<`iNaXyl52IOA~$3!UBva8)-uL0T!5mL&0n4q~vFm zXY5nRY-GH48Hh}a$s__UC7}8XgwR>FO6ZR-!qoZn{xSrU$GoteO-13iM;Xv1u9LxT4e@S2F(zkk37xv#A0rNBLb<+P+v*e%S|!+MpP-964*dyP zBm4B-HsU8%k(1u)(a7%BFl~ZUW1h#3tuwyS*h_``I=6l*m$o`>qe59@hAmpV_osU6 zHDw{-q3$Ixt;_=!TznJjVAgq;zkDgd2{2Fn3)Asb4N{`=nU+9=upBQ6s>b+0aOm{UJyw9OB;@e4Bc%E7pSh?x`_VZStB3eKn9hUSwhEF0dbo@~JPFM=6e&8e6RJkdq+DTf{5k z?q)1~uLbi9tzYa>%T_CsLgq0CN)nqiyW{1k!<`oE0G8Vhat?^GLB<}PnyG+&G2VB#>+=dMt#a;Ql^dsr_IqFvAUut z8@NIYJ*SyMWOp=+`*U^wXhi?vkN|*YlVmu!Mlhs+LvsV*Es#{e5knjT(jv#^eBpkJ ziq}3v)zM>0w22~1P@tw(B!+kNH;Ckrl5Q>o7j#1nDR6iyOjwsm76}-gfjWb2GZ_181=b`60Ir+fFdZRQ#XgBSg+ku5VS~~15zccF z?z#}MoAC&q7_Dm;&epkx?o^z6#mG`;dF|9TBD#yd+Un@qa1Q{ut#tnZuz4@#@hBKF z&^`=5ekBArr<9u2I7cpY5*LwoDPCU_U3GW&jbQvM-F?cd(DiZL_N;1M%E5j8W%jv! zG2`B(YGH2vJy($)%^F4$C-@+f<+yu%;Duh7@3qBYJ?z_PBWVt5ecqHfl%04!h~^rVMEKhmnDXywCK{A8y|hbt-8}$l>K-Q%0ZAZnp>4 zgjfS8!(6Vfu7ioopZbZOLJtaJe$3NO6i^u4`ZWgw_W&Y%9Xa-WOjdnYO!q=L^M&DL zT(m!wn);|PXY)L9M^HZOSc!a2u(&x=Z?CvIrJSp?Opx8uTBLf6RvMUFRP^f5j0Ts= z*suGI%xxi%40u8j(Y$`M%+7Bmlc2OQes%;L0j0gucEZdRNLtGXJhdYjtT=VEKNV6= zggdb*WIIvri46z*-vhybl1jRzY`s6a#A7KbEs~bQ4xHJJA>(O34UcX8aOYBne_M^rMkgw|F+=knF&6P0X#+l{^M?8q z4v(XzY;Ltcn|H7duvLWRZM1a(lYk)L5g;0P3z+=(pdD)%_%F-*3>B{RmM;XmO9|hc z#hM#i5TlZTS@3U|y|n)2w+3HhuVVlcwYs_xX{$Fs2>rEt=h}JEPtu{E7`ppG$b2Ea z4~zT_)w*(r5s4Zjk;Ji^8S)jak-%pukqn8?*2C7 zTdZ}q(y*&hRRiuj1g*)YbXGoqgZcRPe}}MZ4wJ`6Y>y7hjm6r4A2bM8!&-e{7OLac@4*E&z^xATlIjqWs7v zd@1bwvC$w+tQ=2x}0w)?<;Lo6W{FteP>aNWQbB)~HW*#=L^?3e4}4pE8Un57c1P1yvxmZQ8`;zJ7}UVxNYAc~-w4f5ox z#d1u3J7?S`W>DgI*a5xHiqFEwL4Exex_0x;{SVLH0+h~OVDh(yWZmBw0fN5VR&_gc z?f*{i;f2sOA`3j!7#aB+Yt~Rx*l6%pS%9y2g!u#VT)U^Y%r88V=U5_T8;ID83@0_Hr4 zHJIQ-?tM}Nwk6xnU+&u`Gz{?q3b7BNoEuuC9(;+yI7coe#-C(H2E@RVdjELbArE8r zt!22Lz}eWl|H|MePERS#5Gg!50ipn*bIcoV8-!dHz#syjq_)g{7kU?IK}z*u;PMC8 zpZ@0w2h^ef(yRz~fM|(@^Hl*d8eTVV3oh7Zw(JbMW?5Ntsn-KS& z5KQ!ZsVJvIN*iQHY{m#^sF2oVt(F$VxMA$(cBz|SD422HjwytoXuQ_ZCOx#q0W#bB zu%w`G2LK%?+J5!Lof=@GFa)Wt_-1iJKVEsXj9!VWmz$48tlf^cx~6v{B{42z+2@0; z0D|2zuoKP|tP)a(@hsMx+>V<29pR)oXD=z~2l1tPUKj(>PNmOZL8I4W67dGcgU}nD zkx;suac(iDrEh-j80dzNI}k`HHqo{3j>Y?kMTylJyx)R9l&Lv-Hr#l+azfI<*KSS;J%*RLYPnL5W;T7&HNVnP zTcd=K0lZ;fqUa+vWteKG#E2I3y({kKuC1>frHo)tiamCJLsGHUI{(hImoYUSN{jgnNu$F{^{nIzz}(>6ep>mrgGNbc zv_LFe3wbSUi}r3N}nJ>H-*N;pr9R6&W!w-?&NzcLq>ksEhBX*8KaD&E30r3DPIz) z%n41VZYSka|tEVrsGi3`@Q=i5&n&&!q)OD$*N- zuD{KkE(I=W52kI=Gc*C+|46)>?AdIIrRy-eKtxW6jA`p${{+DYaI0bdci;9D{*l2k4xoiYHXWg_NFJWy ztOX5VT!zU$Ql6o^GG*OM$Np4F9Y@W%h9vD)BLUa> z*1(CZ#BPBEdKox&?UoKHhOQn-X_+ytr-Yk`y^U?Z?wYR91Lw~i`D~U+=@ha|DHS5C zrjEr|z%O`ql=$g%^Wj$MKXUUDS=fo#Y|)5*=zfx+k>spJQ0Uze*t#ZALPR{2bS3{RPjvy`@RQTFyxiG_H1gjS1n54dTjZf6W~XMq%lMfMogbt$m@P2poMH|Dd@(`JTK_OeJ0tewi}3iINv!tYnI8 zDDOm(QUBHF)&|x;E1X60ih)in zQ?8DcUti;tXhx;H|A1U`&TG2dSU%X#-q;9R$y?5iA9u)SlVy3BB@pGE7_US7bMHQ` z)YJs=mAlCW-jgw8&wsB1W_wn|?lH6L4yAhn;^E>Ft2I;xp!H(leEqUhsN}BWg zJsT}Nj8kt|15O+`Ron`~>z4rEP!qE&@d-I6ii1HTdxbeU&vyp@>Wa9@1Y>RJJMal? z3rC8Gd3dz9!gjXKTWArb+gj&_$2tS#v_R$LMJJwL5(`IF2tQHK5I4+nzlsddu|-|~ z)l78A=)zXEV>#Y%*U#5=b$2{DoBd|t+ehJj7G7yzlK&bFb|lU$)2G+ZWQNx6?6=kK zg&?6&9B9W^OFiSW{_@~ z?#M@+AmVZT+T{NCy9kkoPu)Ubl@#6MY(VAV9ur!h#LN@BFBv|f-Xs_Iusv2`+PvYD zE314UmPCsDx3EN^ccN6+k>=1J7AN4Gla%tReg}6PH^sIFB}-R1d=kJrnWzs1I`Ge`LgFU}h0-i7^PfBUbuc{gXt461kAw*QVdT zmA}cdH~CRQvH+ecIui*)SOB%wk&>2|p8t*IB&nA~*F_`|1RmS$7#_vpR zC1urR_erG*`%n;e2wd2&GMYF)C_1`COq-yNv{hd6O!j?4&v)po5*?P4K82ZARN7@I z2B+OKqQ_lWN^E9>XdLkr51h9}4&PDtGnZtwRNj+v^=@9`D(;vLj3wz=4j&fR3@Ppj zlC#RYD0!tNj=Mx$DLv~5myQ<~85|kSpU2V}y7^exLVWA3j~IHJZ-qOXtt{soZ9EwC zJ7pR4>jl|cWDxxCkc(*y=rywMUeqg1t|()jff@cWzbaHZG zOhUyOA3|0VO&UEa+0Cj1#P~P+2_ph0F6O@JEL*(n5g*J^&`-eF^wBSXf4fvM zn^F)B{=deRpUhD%)CCpjAffJZr24HzYR{jiiOkJWs7b3`oHZUp+e^_rxm}tO84WM>rfy8Q4=ht>65b7A*<_wz+j6oRDsI z5FSW9=9m_4jRw{>AE;i9bNIYx_)54&y1CctM!!abV=&HV=h5F;-PYz|XApPSInW_1 zIia1CY-{V->d!g9m1DcRmzwf;$+N+GmE(uI!%VmN+Pzf4rTglFkq_Uo=~(33Y1aV> zhcgWA$ZaM%Ke8s5;dT_`_6crY+9oL?9TrJ{oQflk5wieydtU3--d+DVLpeW=O7tBh zj+T$6x08h?5RvZ<2|!W$H&QJ>ol&q>OqoO6$_zX z(OY3qA=%AbdLZpVi_=E$!pmz zw6aY=@t{v2$38BjCbReK-Wv;(T`Z!2FeVWfY{)0YCdufb7}&YCR4b~)_}bM<(>Q1R zHW8hncsra(r*NAwo-t8l1u;#8PV#$x>c}?2UAHJGx^qec9_zIxe>gIkbP47*_=%y} zTTzc3tJy__-%1D>uw@x|PlaDUlEjJ{Pp9y6D~7Pzq&tEDdtYenAxhhOFoxzJr?w!# z5DxK=X7wVtaRv&ft_d(Ifw^m#2z!I09kV)ZgeapyuNmyi0J~re&()9i0}-B_<=UM? zlAyA{2ebRA{_SE;RU2vFTFgRdWZH2sDZN7KPS>P}cK+){H@(fqeOl+-pGrHvCG`6C z=S(35`9;Ze$EA>WZ~&Y-vlB$VN8as4cxXHaOH*fud3Ixvj*s~ax?WyZV%^qV!$Cmd ztqN!X8Dk1CZ!lVylauo|k(QTgqWa6quiJ3Vk9y7`Zx7IrGvBwTj-%)FwdVo!e~y7Z zH)ZDAUy z4fFhILpsaRo(d0r8x~Fz<}RnXUJ*gzX_Oz3-M1%%faY;oGWjYmb5PFR72I)MVm|0W zSYg5m3d3EnbL#%_3W^v}=TN?}+MvVH4VhS}&}qu6^&Yh2D-S0K(rC23dlEuV(Q3Bx zCgid!ZGP6-F!YPM1}0z@*p4o&LlAD11?k+zmpegwspsV&;M!{HIg7cSHS-d^YG;rd z@|oV8RDtH6w_QIfwqJ;QLj4B@yDP_5*`;qE_J)sXcMoF6w>;aVd6&WgKk* zjpvC;KfI?SR4_6WNcoA@6k$(RD%QWcgo|AVtzEobW-3!3mWKa^ej_#uJhPav@q0VKeJ_d|+4o2LpF3I2xir6$y^<%I7`=B#S152v0X}Ek zG`VH?OVKUsij?VDRwh}B;l}*haw+xWXb-MiIScPnqb;#RuAX*fLGP}TAnA8 zDoHBNzduX+%jTS(H#xr?vSgY6%5Vyn7N6lAMepuHzG_*ak$1QeNS=LGq_m`Ht76ft zqFnZUdtvLpy7=51RrerG?%t>SeX}3ot{u!NW`yK6488`S^~kLMR~9tUXs?e1q5!YM zxe>_=oTWCEo?nB%@^?{&1|r3ew;{TW#*dY~T5G<2!aQ1R)-5)l5(KcyEE&G-s>G*} z{Cp8>JorT)OEsrUucXzSq|vqkk0>FbC{F&p%zPv$N|gG&`=Sxe2LkrNzSL zn?pM_Uky4GWMJk9;l>+Xg|pJwLPI`WXpg`8ZGXnL`?c2gFW*59eKz@C7Maq>@oZka z_sCc;np1Lw8bx4HkoVK=llvq6|3bNE1Q>nB)O({qyn*U{b4)d7J2Ll4cT##`s6fXA zhP#H;*$w|{?9@+r#{WLA3iVghJ({_C&QAz^?D}X%Xj{pO3yZ1iU*UYUOleL2)6ZGT z(BvExGxM-T@kU7QbuNDA;jhPSSHDAygNby^ztt}u$b@FcR{e<1sJ|kL6YcRuO+pj! zjjIt{Z#{dCK*!6^Yva|AA2KHIQqh7Q5q81S*kC`p-cDPg_+#ed;{;k3izd!va>&+z z{d4|7E~HuKk6wGY97YVmdepv-YCkYAKxVDgT%&WXS@o!Dj23?N(@lB(QA3mVU~*EM zjSAB4_>3RJD%BT#s4zVoydvVya>1;>u}SYM;TpM#XhrKS$5En>ptSGY5M_os%4c^e#2EID{m+=anl--Vx7=QGgtxoei241y zT~Y+!ooH?`sPTVCdrikh$Vi2eyiE_stqHVm8*+F1Gz3|Nu#%Q(Y&(kS>1UhNH z6Cc{V&xo<-1)nzWkteGZs}_CRUukVz+H=22=}hO>;^2-nhTjHbX6P zFbrkQR5mUO)}p%z7!kJdK3`SJ{#BLUYh>Rji!G**z8%zjmE1Jzvr2|4tBeN>QzGh? zA&0Cu;^?7e3N@f`nX`UE3G%5(av40CYZ64kMrPrS#qwCeuRv?!G{^@z9Uw>lNYGbe zydeLwLM2PfzPQJ||4$q?kVeHGs>tndBZ-xqVK;mo;rOD?&? z2C!z=**KTKim~`qfd0Kqec?o%N|);)=m*_~Q^C@L@>*yh>8;a0lKZI=i6f5c2uX>FAFC?-h@O|(Fx3@sN;_^9kuG`&>0`_#L2ZR+UL=Jh?*QE(jf$F>vlCaqym z{5xyt;ac3@Z*Kx%s-xcUn=^R{CW)_2AxCi1ji+cPG%3m3h&0ERqtlctwRtvG{*i5M z>2*y=eFvUGZOynu?ne~npo$(_p8)x*N!eLgAvDR{vR5Uhs4io~-#Kl$T(5Tgq+7@B zgtGSNQ#Y;HV!HY72lZZ)UjV}1%`BRH#88N;A87;|O?3b_=1hx=wJ7|y*H!x3b`s4TR{OEzm?9E&G;pE=+yYA17B)}4z?v8<(shDrrJ3BiF$CBc8 zd$1_0PdQ0E-jCND?w2M&G3}sg<3SG+x>Z;?}Cmz)ETn7qI9By za9$#yCJRh_7CJIm-KBM$E-|)#`-g~me1w=#maaW>gm~wYC{24^O4tP4V8fe0*4B}E zb3T|EM(1VMHCwGKC-=IW(--O*)-u43Z5=~hrK~g`#IV(bYu#%SX%|GI<+w{J{pe>l zCT9g+mBB7Z03fuwp74@hG={yfbaC&n6^ZZhxU_x%J_Y+ekeFMbB(vf`P z)4;LQEnHykg$SPDxibnslI6enbfv7dBL(UY+hW$si0;|EUxw29)1+S1=u)skX;z@4 z(H^AMDTl?}Od&`2o^gGU?^_ z)vT&>#S16AJEVopeoI*V+|A*vce$yAB-FF?C?+Ynl{BY)%5AnZu}K}el9r`82L6T? zRk>EhnJT9__w#(B`}bK|v#S(W`b2~65j9pa_RZLSYg8o{G)zL%OlMYSLwY#bvk$Um z2B8Qkp$H$@eNC0$RBSM3V?^^|$c)-lHY2Xsy8qa(dLKp#t?r4N`bL|~{m0G33k_Vj zSY;^DbUDln=^2g_wqltlHH`i5CDoAygJ6ldz}0p(OlWl4x}Evm$yzeYCMqhu?n;YG zI4yrd^kMLf1Wanv^B=T(9vkh|7r9QL_cJ(oS?Lv4w+ExDo zFZzz-ASl%ih+Ll_Pfgxe-4u^uc$q-NmfJ=B-Ld#?IFWf}NiC9?C#sn()ih~W3ku8$ zwasunS;Q-Og9FRGB4WXmJvBqcrSM}nG1bjO*OfGM zP1Q?J1!WMsD8J6J=}{~qA9(4^DI}Jf@Tc6yFu#|C@D7IYc+B&KA@%W%TI<95TNz*I zxUviKtuG8u7V8ZkE_XH#%PK`SI5E@hll44G$`n*ir=bz=dE~!iqYQp8(+CmQxUJPS zjE}05;^`uN>HUwsgM0Bz{!0T!?SFA<;Mm0KuwUz-<{S6;vOjC<+}Q<*w;bG+fTU1b!J{hGKE`5)SMf&)weeciAeKS(kd(-1u`= zaLuoqCj0bAQ$-|j>z4<_cGvlIhW8k3n+!K9M}~ZAp$Ca^p0`r*Vb=Il;4kP9q00#( z`hbZdx#%;;25TQ)bKSGOGK*~Yx-2BKTkBXUu*?rHZy0(>P{GJ2<#)x{_Z;9ghTY{P z^z`)paYp*M9!wRGhbZVgmP(U*4)f}!FEw_|<|p5#q6CesJTW`{3&&#)Hf6SnvSr%L zw8haQDZgket%+9G-V}G#sz}t6?%5Pcunv71=zmM4}MNzLLMOX z&d#)+O39w<(gjA72?^+|76hCb?d|b!dt$riDsNOeZaq``g$$}~<%@roFL&g6*}(Lj zuY7QV#oGr{Nd({XTv#|H47ooue|5mmn)o5HNe|kj?>J0*im4D7m~(vO*YVOwx!e#& zW7ywtHEWU$@C7l?Z9+B~y)%+~enyH~dSkrp&Lp|(Uto$jq93#;IcM{SlMGJs zRd{--V#Rr}EF=3iR_S<$EDR5;OJ8==VFEDo`F&zvQRd05XKR{eg?T^S%py7nb2Ht+O;DpjD7941|rF$-Ow%kTl_bj zXzhnLKx{akdhclhT#o()l~uHq{`E;4-pD#+Br(X(WAP){bX@%{MQu9p`?F=UBJs_M z{Jbn`^}}?YG-hMbAdh1)^NogAk5q!=ipyN;_C7BrHTz+~9wG;|{iDpKGMP-#BQtvx ztV5%mq;d~L0{zqrrr0icbc#5V6XEx2g2jf*8#Ods1-OTA(i8}Q&)3iAjiW!@2rMG0iScBm z!uj5t>?PQzy~a{ViuMY;KzjB`!Uh#z*zXwhy?>ofR+d8PD^>@!mJ-C_qtTH=`In;y z*)A#dr=I70Uo=vL+$sil9&K{mQIi(UhWx2Jh=nrNA&)NO8`3?@11Ei7n4~kTXw#L4 zQhpJOUch9+0!sWElo4)d8;lL*jH!Q;Tq-PmiV}d_b-aJH14%-3PEhqLav{0=AY|a!ZW`DsKVz_yA6k2&LkWbU`(6i#I;QBG^bNID);WSl-7fUq9n~I4 zx2_#Y3#PsG>s;ual9$u-jUAP*HzQ5VtNIuQ2oWL9rd{N%)}Jwzn1s7LgS z%$y*TeEs*PsD)EzdB^KWN3wWd>7bqLGUE-mlvL>q^#>;T6ZUZ-VfI}>yds?_VSGrP z(q4vV#E;)FUu58a+5M*}j^{~z7Dl?WeDHs)^*IbY`1D^G`KKkN zR-j51p^x+qjx1?pNhy82%M=!cHW++otP;(=C49Gx18d`L@UsQwbKk=>qWbS;hQ#to zM18!(Y#$5L?cT#=JJvAW!Rz|YZ?hJYp}6y_?6>6+N#UE_bbHscR0uxn3nYm9LFV-yEk@qC7L!rJ3vA|GXgk{{@MS; z8y*aaMC;8a-x|mJOMvMSui$~NtqpH+Zt_qJ$4B$!n}d*NU;5={`T04GV)``j@Xc)A zTugnXrM`EmVV~HDDZ?+(uUF<=Z03Vv8Xl9nGoD>fLwX;k9^3-Tz`YO&IqXJqK~uUM zlQqfyZ7aJ;R1ON+Gh}4P*z32n`Ay$$vC6YX1L)HJ=L^68*^m8@;y~i#LU#(3Q1T6W zA0P_=xIU`2b$pi5e1*O}E6%sM*WUGuzFtJH%mBQpB(tHKVxkHZotD#dm=pp(^F4$5 zB|aG=x=^n2bzGoRkW?$n>P}7=Jm;@JCBb@x-jE`$zDl{MIfTQdF&bMgx+v5Xcr!2KAeO!#j*N{f;~u(C5=N z_!u_Qc<$1JwBc-HJ@|Omux({RBsf9XZtrY<&y<5c7m!afjVzMA3-3 z|9T_8;aq!HfaL;=KEIKcY+&XnxO?l8xLucIXm$S00M(r3Hh8x-() zJMXsJJ&`F1HMFO8Xagq2$YhhH`?%!cpiC+-@?d&TJF7&M7ooJKkazzm8cXg zFIsn_KgQ6y&+39CY@M27RQ}UHHuw2&c1Sw~fPo=CVIs0H8^_9-&z!jXjAM+I$!P9c z@H`8kDOb_d*k8nBqbF!JdU_3qf)d%B+QtBMJt2WX$VnHwmc**vc7{j`uW9bp9gE?P zogInn_i+H77dX$-ZGyC8Y<+_ydhfsX1nWM@W6Hjej-=pU7yDJCSXt2^%R$AWU%faO zry<{S8HKsL-i48s_>>ZskXlO+6us)=1YRNCh#=)*Ty`Dd+3l}yyW0WF+O5=t0dIVt zN4CuL>%SG78N4I{Jsz}PVh5#zU3VRf(@S1(?9X$2Hli^_PPhK{@3OYCFeGj>qO$FZ zkvmf^DzGWI>_^=9$4`zPO>L(a$_m8%pB}Ve$4@Z=vNyo1%$8(yKi6qPLoGMpMQtauUle`(-5D&}fo=9zCUwMAcwK4_j|zMK2C@Y_2mC}JEvf-FHZN8~ zh|&YRfngB=V|H5`C_91cV9*S{k2cfX?>vbyk&E_MF|!Ig3pM2|a8(6EMJ7|w*;0x5IW!TdhkBnFF<^806yz5<`Bs}qYq$HiH`TzI>l`mz;t~Y=7uLF z1)fvM@6@ErFUUN^B;ARvIn>+^nnefH4SmSHl z2QT^0Kvx`ARyzFJ#VQ4HOOe38;@^RvSwxe#X^tNzo}=&UGFQ2M*XvKQV(bAGZpcC;Yu$7X#Cax+z0-WVcQK9I=V_Ioo zja{zlTxoT?iwyXW4q0`Zl*ZOK#xh3tYrPa>#S_coM7Yr!prWhCayw~Lk`djy{{GPnx=#xhU)5GB5wD<0bKyj8xNweh7J$Xdxgv!otX=m zlBE3#Ug>=f;(4$~UXN7PF^h4?uf5NIA}%%MWj+E>C@$@1ij`xB`Tg(?G2&>cS%v<| z+*7g!&ESfW=S#(|noiTXH{i7Lvgow+__dpD+z5O2?mJHR@B}=CjMGJ44UmMjzq4Tg zympa{UwEO6W!}XJLw(jHdwXdTSUkp2Xyg+*b(eNA1~`70<3lgVAE%>j3a$i zef)e=c`Z&H55QRU=Br-%To7B_9nXpVyBLec@@w`OI53>efX}<-k<%u264MBmm@?FB z!6rxl-Tt8Ed+cnP>Q6pY^2i zzQ3IkWpw+_(C3-8{^JEu&XkpYFSBVYwR^eL!d#-5p)2{nEPyumvi5X01(&8IIW6p_ zxq(pFgd2i7RzYn1{w!U;m3M5+P|{vhol{~QMsZ>Yk6l@dciM@J$NU?N=(%`3X&lB^ zlAEnxKPM8i%8>TNb>WwWB(Ew8IJ5}FG#pI7AWmJXVr1xH7%Z*hU8(=lewfo+I>GsF zLtd3)1|LKaamibPPo><$Mu%f)gJB?qh=K#{#5Po%>O+NCNDY6nZ#;pj-?PCIsVhos=?EAC|PD zn+U0?hW7RZ)Kv3`gKXYnDIhT+^8Ely#!JaeG;$zfwL|Xeu^kX(=!P`Q;##dNltT&@ z7x8l~X8kK0h%a@H>@)rC@L%)Hu*kO2b>c~TJx>@pt<~+49dpimwS{Aj(8r~Bq{^Ph z%p9C&6CDM~1#RpcE=>3?x`Op6wemU?jy|U!Tsso!#cH%}O7+-IQZiSDRQCcgPSVo< zWKTADYV+uD<`l7#v!N*p3ym)s8(;nX;Nm5-_AT+XoaG4lw}=o z{zrXHL*c|?ggtLl>jrs|Z0=6ISDtjb;ER7R%xKx=uo?%4cA(blKkD$J1G-{Yn>WLm zbv$as0}ykK2cx9KFykT!#lMUZ_)##*+Kd@0Vu&HeAY*FE6vZLA^th7njspDDc;_M_ zWu$*&$gMHAnnj2gV@wzQjMC!37QTKl2XeA~F8=yQuXYktV9Vv{XP;hF$0ia58v+Kz z(v-*3R|@d(-2x5_bsP6_uyg$rgP zqASwR{-Bn_0zrzS3vfq}@tEp`kq9%(T=aRsZOj7Q&-PX6QvFMEa3M`U(@OhPLn}?< z0DXDOfNgPp4Q`Y(a(t6lZS(Icnnb74vjgp3Z6qOImM%Q?#TH5h>{g|o!9?w7n7a(q%-9ptaAxaQ!d7irR&7Zr^ z7zuX>dvoY1j8*}_6q8^`kdUb^hCwUDf2d7^5ht8ag@&mtKk=clsPg4`Pn4p{#V-wC zMJl1UHa5y_On`O>`&5;Ecv|=rxOg5hP9R6$6;$I+7ivx?JVz*IW(YU&3$`J&dq3Yx*^_Z_oYrKHoZAU%upT6J;wvPRs6 z2B|}3myd|Lv@0fX2N1&TJHRTtJSE&!mwKWwBz3{Ap-;7=t@xB5D<<8eBwXM0chPaG zU#?L7#c9E-^?O~xF`3nwVT{oOtDRvX?-uTG=i2Nw$hxbVG zFJUa5?~XI%_1!v2%ThiqoKcJit;m*NsH49Rj7kU}{7}KjN4`Y}-Iv~aO?;XO^D1UH z9$EN&j`TS^?v1OR^K)TTRhQ4K69htdeR+q|&?|?Lw zA})Y*BAnAO(!4kn)}$orxtg{*K?FAW+-(B0fe36U2z|=&+(87aV1XR6`ECBWy)kB*UCkSz+8xMa(ME zZ7RP|r$j~lZg>ep7VN_m53#TR**LfHk?y}7&6J#U=FLXFZn9twM|;j zDq}d_X*EQcQw8>#;Kwd%uHw*#{(ZF=T^CG}|M!9;fDa}7kHa~!-0PaLthIr6HT*j= zQcG6rovV0un(Nufc6(&AxAM6RUt#QJ$+@yfkdVz{^m&GV5(nW&;iUg|4b4|CpT22< z%{lh=>$szytst6l=?4!(Wg<<8`JBcMW7c7wU@>WhB9bzN@^16tu=n_lvG{MNQ%7Oj z0g(PO9vmnr8fS2tYtWDx)-$5V^VfW*wEpxLrn3E}&BA3V1XV=nr`P<;BRS^Q>imW3 zO5%~6oO;aY8ojg)@_G;E8TGl#XcObD9?n*J5u|hG$fA$hVzh~1^!^7b$@w_ucQgTZ zhJCyiBBg~t)8$K|wl56Z}wa5>W0OJ%`JWx|UsZl-h^M2%R)4ILM?j?{zsg~24` zzIGiNVVakvbo-7SD7X8t{2N^{GxV<_ZZ`9uo@;Qbr5;zFdpOP>qYp#J=6(zR+ongC zedt-jS-cd9-}rttdlO^_#&JHrH1B?K+9`GMsrdQ4$@11)7DzF8shV!~6EgSFFMZQZ zWtpu{znxFB{F$q_NqRo^6o)=u23W!pCEvs2zL%k^0kX~=?t5uE<`>=h5OSd7GR-qM zT7xHT+IN#95^=>O;W#Ay5;64wQ7o|3ugx%49onZ1z;u)?s!Mg*6ftCCk4h#gY#LUC zfv@(uP9Sw^Xq?OgoeMLg`iw}8B%=-DK=P$s0+$>v=GQENjnv^;<+j{XK-T=dvZm}q z!Nz|ZIfEFZ&l`E`Wzt9XIp01%SSOxtT-vZDdeVfJ{=hga{hHwIr%RbX5Q#iV@1dA{ zIKbfr7eAR~a8D%v>8l$rc|Y(zcMpmt2X?s^`mR$jBH#O{>~Bs=aGughF9NwH(9yMI zWp@{o!-!k@iJ-W(H#kx|T+rsS+k(Jd;);L;^^Z1>OJk|iE-Q+*{>p|6Wpt5r1ZKO3 zD~19w9~v|&WBsD&Tl$ueKOZ^~?k>BI*|YrN-?0TJf*{9uv(^*1it6(Y@X$y`*3VUs zTs;k!PUC-=4yhs#&rfrf$|5vJTrw$Tj^4du5YLYdoT&y%a2%_ zWusu#8`AuKg^zbst{A*)aJ^)--iX6b_1RUu9Uer~W> z%OU#`&QXt3*sjAI4iloUWhitW*1ZJN+i<)5mK*zcd1DwGbjI75&N?C$0 zNd4a*mI1zx75#PXDv9?D%jD9Dv;Pq52AQn)k?535(j?P1)L*n z63d4CM-7}R2lO+oe}lmm%UE*}L|i)N6nQaNS$rI3VdSE>K#oNo(_vhK>;W!B6=4}b z?wP3Tu_oW=ut^SQSvZ##=Y!2V4yKalQ(kYC2#Fd>-A_%~*{Pj!W#?@; zhv{K?mFtRGyo%+S;Nw}Ewn2njHP<5y1?8cMG}hVkg%DBND!qLIT3J2XZ*1;hP~RL+ zE{KzZ1E17?OzL;~!~;bd(TLUo02YghoC;azk9snpmApT3Z!<2J&QX7_OsUTnPP)|Z z9-VC1dQxywg~1zwF}}kuVoFCqC;wTr0L70lsB}mH%Sr{phpKy!M3b>Tt=- zTorc5GfDm@tAo$Ki3M?=qwuTV<#<5)?tf`L-S`okxjy2n{~5DM@cLor0H6k^(}M&3 zuTQ>NS=h!|Ngp&<>|KU#gocU9i*?H5=sgOnc9?|)$w5~>(;$cmc94OP;mmT=$70XW zD!IJ0v7lcB0NVMzRpfw^m%Fty0ITcgbBh2sVl`dLjvyWC3$wKjzU3rD>19t7Oz{a= z2#=qjQ9-tF|4vPn1imjYj;{QwcS&&75ugrWhogX#vM~0`zFYOI^z4W0%Uz+~`IQWJ zEVoWflvf?v0dF>S3nv+41;=4TIe1Ry4zmOXE!lUj6ifm_l~Cb8pGy%X+_y3Pdhg)C z;d8(q04P>u^9kUWi`F)ngMl(%c;`=x1;8wg0RhSFV{ku*BYkHA9aAd56AR=EdV>`> z-0t;jV;NxGbR*CofZ1r>?+YhZ=tRfezqB1F5vZ|-DQbza9%exL?ogsRz;nZ5NyLa% z4pH4g$Q)I=OJ=!FMGY{eh0iG3aszU^r;E$%z?_1v)oahr#-sIPE8L7P=(4;7ju+(! zE%aci6#@s!d?q{h(c&IKO?Eq34?b&I`oLK80}<;&!I(d>!!W10H^UhFC!rleKH1~; zRRxBu@OhL|zn|VeB)d9iNKa&8QM53(-{-|EVxUur(95tYGy;{P?FAMt7ONsbJgxNc z$#saa;C~}1{s&O}Njb;g<@HVhp$(}9nVmKB7(LVG!93Vh?}}xi=j&4heOgqD7`-tW zxDD#wb`gEE5S_pdjZ6@6x}So1#u9?91yTkU#k+nBMF#oCWG}f;R~uquDYqZwXfk}I zry!`JCffe(2)8cgC(txyocq@Z;&54TL6sOF&Oz&s3}pHI9-#!q#gDX^o+g<^EA}!s z{#~vlF#{BTLIyckuV*t^ik{67)*dTiy;4(B@>=f3*1+k2WRy%E6BJ|sn&uD_OfD!3&=6is5jv;m!ezV(gVVBd9)m zr)Mj$STb#=%OAL!1*dX;3|toni776Ecp2`=TU?HIZMD`AOVx@gjGm+J0ife!K!yW` zQuveHDODt*GX5%7G0u(ndn7>kJ-oY8=Py7a7?BoSOcE#d^H0Pu{+`TnPF7NO_L&&& z8v0y*uLb!U`-2g!dTG3$44@1=yFnuLD5E0LBsK8Iu_6x9J>PsL^}-flvsLm1QHj08 zG52a+pYFq8W6NB=PYjxNtzBMYUe<~bA(WZF>yzm)3s5{c7#6h@p-Av}C*#wW90W;z zxEsGy5b@*r^lzB2?2;qRs{FR$N9U^Pct;u!`|Vj~Lo)cQj20{9q~9-c@;w*TSuM*o zRuzAltNd#{4BE9P&)zMpdI&#@u;TwGz~}>jqh*?Fb+$|Y_LK)deanpS$al|rAT?<3 z%E-KtvMjz1*DGLTRdAZ(cbLc*f5)U&hk*R9xChgSiU`M*Uulc*lSwF$5jopim7!y(L%CT684u-BvY~$ z4~N$l1qiUT#6IS-{FibhJ{9uG=V@upV^Q@+8WQBS6sceRQ&-cjlroZp$GKGqB9CXX zj_1AHFugl+Jz}L-n^G#ZKcV)d^?6*n;0O7Lg_Cu3bb$A0i|$S8}3gv+ghwO z6qLCG+NwjZgUT{%Q@nb+{J;}pk?&*?XkC@W7aDA(H7_pH9J*XzFOnL@XKJ#z@oHaR zTAJ&y&I-g|1apf@Qr1r~)2U{VJf??x0OgB8NV^jh?Le{0_hwZ;$CrZ;Q`B6ZRMg@z zqAAoSmoWz*#z8<_BZ>E$Wa}*&4d9sZ4RTPAI_?Qs%sT_*A>K_m0G!`uDK-kF4h79Z z?+r|m!qwP(b>55lv>tVh+29ROW{q|GEVUDS@Y9oO-g} zCdp1ZVlgWN1M+{|IoWadQPlle;@@h~sIwoL;EJ(yoF$F3c{lO39=E@I@NgC#)-P1o zEek`R<0^jp*Rm?W7dsX4VvJ7N0ql^_k4X;a%Eebl@?Y1XKvkHF;F3K^^!NDa~mnY-eRec`;Z~-x&CF;?Jgl1|P2+~E$6c+bt z7KcvJPL#7E0TC)+`Ncdzi|onnQrbD*Sq!n#Ai5ZexkoZZqJ>K)+n3?PhfgC#QICnv z>|D<#`sSB!nj_Of)E)PD(c1lnLtM=I!oHUsaT8Pj#N7*F03ajMa4;}J&gSuxn{igs zs|tBW1aFsDa&__u&D`& zO)si`?xZPQ#X)p~43b&7e{9=vOLP)G+pd;ZYlI*$Pr*xsVBBQ-977C*LOhH;-=z!6 zu%Dy(vG?sr69!5Gd7byym0rZ!1Esi1Ke5CiVUi!a)3A1b#vVeT^`_j^wYM^wzkfJT z^gTp0t86_LgmrK<|12nLHK5-b0rG!J^nElN6GBw!b zYlGH(v?q)SkhV(vI9XtAMGM{8_NcANNoi!%z%XLoa%;%*+{!x7>9IQ!VP}QYkFoR3 zI@lo4z&g`X7kts0D<^W%q16AoykJCKASLj^<`Br>-)(XlZx&9Z_2v6^Df833UC#rX zql3RJUEAy9YE>V840xjpA32Vr-g>SM;nbaOV{(3WENQ`e3INaPzMc92M_a`up8o3_ zLg$SLBc#PZhcH$WzZI5Bdd^{!&}P*JQz>S#9yi{@lS(wRlxvi0o`6c6e%K;S1LOhd zaM+ebfUr7cWRyA>Ep891Dxg~F@f=WB@UMr$bbJ4grt^+w^Z(m;Y-;blN~ygGVpVH= z&C;SasiO84d(>8YZ)&!+irS)95JXXX2dTaHdeYxH&!7HqoRfUq_xp3buj_RQ0u~#c zm*#(wovbea?p~G=hG5fng-G)c9(J5+XUbsRvCHWRACXcEk0p00J^9SK!mxth&3$?8 zZBJUMVhw*1!&Jar6xpJ7h%Tl;l8~^wg-?-yFcyoK1HJ@+Lv+;ej;oKIQfORbJ-oB7 zj?PE+$P?EX}7dM6y0vH{9RN$m%ysIfz;{m&jd&6{VE-{|?`y`_(=yp|I~B>xWvcWCJQJr@}Y9 zHT!W*hx#HvSdksT#M< z{3R&!k^Tu^_+H$PaSc`XNE}wSC!hR&t!HLjOQ$fP`#JyCk>JIolxs1xkJ4?fCF}GQ zQjRKYEyQfS&4IV)gVpv}va+1i-L-KS267mZIQm4=f2zmW9 z97T%Av26bFu&0G;7Q?ZtAT6?rfzBMYAUb1zNv_xQ%#i;xD zhjn+*3z9o>7l6>~+uoY=p8rhb-f&^~xiJ!cW)b@xBH?=?l=^+14ju7ZXXE3|0|YQi zL9L6-hpVb_ZXVx&`?AyoV+B#O=c-E z<+iFPdDuq(+pD-f>VTi1w8DhG-_okbhE|K*7H?GN_AuxY(RMJRg0w#U3D(bVg4ee} zf*cFd%a?#Ow-|FhhE60w%3E}YcWt; z@kR0x7w#JlGc}91GkXF3*A25Thf}qP|G>qx|F`>hHDwyV3_lagb%6X7p}W)=j+f60 zN&}|!Y%MPwa-I^1!SmFPO@f~sD0lUp9>Z!9!*G({{&&bhQn{4om7Xp%@i-x)J6oTT zKEEMtpuOn|ay%CPy}QVhYz)+U`$rM@Li0aSM1$6wbzrH!d>$;ns0Yd6CJN`_$v+w9 zPrRy#{qZOLCaqCXHvr8)^;PWjszI(<9dW-_X3ra1#b|KA?!WFw4ee@_!Upx-?n{O9 zd){!>*D#GwzWK!KC%%cImArByW)Gc#jC-^}2_&)%lmhMs*thKv+`Swc7l zcbtw0AMYE%-}sfzh_ka1VNR{lrmj<#d;Br6@eqGJayIE)1sRjop{_z@jepcdmwrg zBvC+zo&#s%FNO3>BerEu<=5I^<)jw}fcoo;^Mi)6*G609>O6b??B}qTq#<|=BG#X< zLT4Km(1uQwR?Dz~9D#l-)9a{*n;GcA*Ze+eyO*Hn+7%rsvi-sKD^pli7NC#Tn&xgi z9An|9VB#;>A@ZE8$s4c!Blj{aC1Ee1jHwR`3lsi0^*qycssZu|eD|e|BL5Vacx8GC zStg*Yzymp9p1d!A4NA~;SCCeXpxib;3A`%QiIS`y-CF557yLY31#vGf;rxx7vg?ME=?)jhA$fUB~Jo=;ZS#yG_UwMy}ni_*k1WJwP;J>sb~g@b^Ji; z`l6Dm?4YfZ;%)Dn@(slmxyb>F6F#fyfleIf*0sFd{DHE@lxM_4dFiDtjGu5Sm` zG~QVr+9&2tjMF*S!f#eTiJhGv`*yca(Y*ksePS-)5;KMPV%~mfY!loU!GZh-Z)N%~ zli$=%t^NQSWh_8wQsNXiVK?RK`35|Ne4e+PGA4G|PbpJ21o}|EW}K?9&Kty}k~jJ4 zYvS-sQ^F_KebB=Fo)vG|Rpl!S^-az|)e~nVD9+=#{A3_ecSgf2yDeFvglt*c^wFT9 z^BEG}uVh$k=Yr0NMVSsQK6eVC)?x1gf%sX5_sHA19#0F^36^c9hg8yoKkS=T9;ERP zWQBKE+j$Fa^rol`a>HR=e+-79BL4|^+*9PEq z2pT4+(7M5?NH8$R!*;fflVPI|@8jyYnaJ#-3i=1ClVG_47^&e2pQjey^}&@ksn1_u1@2Zi z(=_Rvlmxud=b=n@Dy9C1KK_OV2+RN7f%=m7ePNYdA(cBz`j)j`l@##Wr(d2vp!b2^ z9EdSjhZEf?Hf7Ia*e9#xL_JijS-?x88mN4GvG4O|OujsUKnvpblTl{HSx>}ct8-(* zGSJW4jlg!#eP6t)ovZxCQlq*u-kXcPCEEEM?ol*S7_zv{QTwH zZbp|J+in`?M?_8%r9C=qS3)Q=oz zZ=A0N&(nKjoA9bx?dfnY?3`DgOZ+!*+T<|(?y;+Tpb*1c>qgm8Xq`R1UU~H%od&RB z75f{$ja+{?^psnfGe2O$T9@^<+fR`4HQcFKBP{2rON})It4C6*mIlc@nGgs*d}7#9 zl569s2lC5!9ceFF5rrjAB@@102+2EkNEm`F9=(A(TDAG`Cd>^ZXuNrM+<&Ge!|!a0 zQ$E|liNZ8}T+z^7AwH~M(?f;LtL;-QR6(y&-eMbt7^=J(lt;VU z@f8bB zBJ9UOR(YijLSbwkp)va}vx?{@qsT>!MqQCSX^-+5O4)!TQj>^TSvUgW;~x;BzGscK zqsy|hA0nm3$DSVlS=^WCId{6JqU;5$PIKPP zIWBa5@cw~*OY&_3qBhd!e^~~!ySpD`*EZko#`~b6YVsFuNrWc?r|`b)0zl&is6rz2GHLT zk{-t30;t*6DZ-ABbJ_`OeGQw@>_@zjI*l!OK&2c!0A385lAT1NM2w$=hxiO&2fR=_ zury*O!?eVE@gs6b5*vWUu7p(?+6&-x6wV;AM4OIQ$siaXE%}*;SWb%M)!@+`T{J2{ z0NzDwC8f$#6}KeI(Fq=V71r|-+ZQ*{w(Em}b=`{dPY{^1;kLg-zymGsNi8+F?6j|E zkxD7Jt~gcP-T6_PJ-9`9t}0)xDl;+7f649)dc-yMYSOETp=oeA|LoZ$Z`hlnrL?=5 zhrgI!kt&A!C=_5Q;*}txqNebUa6`7y8JxOs(B+bkh2m3uGQt?H(!A)nDKZFFWBSXl z;DzbYMLIupnDd20YCiT_W8-1|LLV1MFRkD1qH&yA)i1@ic zd=n|l6r$Iq6H+%5D*Et`*G~R>jx%6B*OT;+h77H0mlZdwGrbkpDRAjb_a#5;+b;ay z^q_zjK=wl^_Ax@CcB)-cK3gnGYKEWiuqKPvxM|;c*yJa>i^7fEjp5$h(m!s%Jo#m0$2c=sfwivsOvW-Qj&)8WnSY_Zlr> zQ*%!S{4eThMN(I1V-5c#h1SPy`S6T5M6VM6ZQ z5k;Sr?AlGQ$Q|90#;Paf`)orVf%%%Y)CYU;4iN7P`a#{dEm@V+_Y>T}^%YKFfC_W$~r=k-L+caY2L&f3j^f(Lc{6T-Ho+e~2 zSu^r~iBq}0f(!2S{`;pJ`v8xGc4aT-xpM%Z7(bdOtX1h24-;VBYJ_gnYI)sbMDfpP z=(9I1r9WM?$5*TsA8i$GvlH>oI?qM{b3B_Qcz~Vl%xt`~ojD$HaTloC=AOuqNk{Y3 zQ2pHr4W_&{ma&Gl87i40{9c?mt4PN>{xsf}8Q;dqoX90lFEt5AKeB#dID*xP z*|~Ys44!Uw+phys=qnHNMjKbSl=&SoM3)8AECITq0RFld_ajSpEjln;2+4%FTDs@q z@=}@O5oijXS;r#;;LXb64F1}JCkCBy;E5)^RNBEd!Jl1G>cR6T_|#zcI8`CPi5pT+ zE#^2Yj0XX*S2EVD;Amn|SuthZ)k|Zo{s?{yDrCFq8>Km{G$%%foXXw+z`7ckfaDG0 z6zLG+5O%tyh$KZ!#kK5zOLs((KY(|3er+y^tVdU*h=7f>bjnVlerTOZp|tE@b480dIf^cGpn(q2bE#S9_-J1 zwmtVNo>xag5p_4-ZkSnzY%*Irwn9YkrVHUy6H|S4>Ki)Cp~_ zRIl;}%j^C3Vj=UBD}>`pVa%9sbap9Vil?g&-H`_OenOL z|FLu#2I|A4V3blp+GWT=9a)H59$3!M9LAs^Rxsi5DdBuh>=XjEI6dQ@$B52sU4Ox> zTx<;T<*rz6sAQD8tIn@Jd~g*kHMFI`JJTu`oC*)c%r%APAL9yRgg3-Do%sjc;w=a8 zo$W64nvQd`XaGzAvbuqoWPqb$g;3XX;=zzlv7Ds)BTkM}A>x#NA}FK6(q7 zpiqFZ?w=B-ov=p236V-?^&H%{PZujVp1qXA04CWfeY71)dFEV12Og+Y+uY3Vf~x

nMXPfP$>>z}%ksyRM#I?tcFHfI)I4sGJo%ySU8UqFw#&nT)grR^V<*{iR z0W?WGj8*N)Yuf_Kg8C~ubWh7S?bm4Gm2SNiLaU}+zdLf;E5`Nh`uZB3Tut1e4!~Ju z6FekyCC0=?LI!Ccuy8SeuZ8e~dceM4E>Ti@q?<>3s(OF)Oqo|2y?atLNQhgOTkPZ7 zU#iYWt^}oKSQ)+r4<|6oI#qZV9?pxl!fG&O8$mF0LOkJhrUk;%T7#xo)*;3wUO70Y ze)HGY$fr`P9muBq=?@Q^h&Vsmefs&2-YkHqoj>iGZ!dmWG{~5GzY{?C^bQC(Kduch z;`%Y2Q-)Zezvibu%eZ;){u{*z)Q9c7K>tO61R4=SBBbpvG8-l{L{laG~*K77xB{P|>;nL{o=XMw4BaA87_NeW5=#(-+krc=Hp`I-}TRCY8!fOTjR=SZ9qFwA9_}@!m7O(84mYzz_j3 z%H!xjnFcw}yS#YC{p1L|CFY(l{rsk+u8x>B1K5eav0;BWR`b$U% zgB}3~lPh+u`I*)k;_m1Ir!M>xd8yxkJ;qnI0zAFezD>wWOy3ro@gC`)VY(|RXT#FSnQag<1>$7uBrD#JVA=KxBa@(lc*Mf~K<6i_LBm z)*^TuG>vPmeJ2(321aut31wFp#$0~aSN6p7g&c*vRMVJfo=D_SkJ)%y+8Xe>LLhO{L*_+$A1nlG#cv>a0JBvg*)B zr4-4e=Ld~`sMCO9CoFZj1n!!wwXfXQ9JcUwO~4?}gS~0hRsA~hEZ?VqM3DnCL6Z;9 zNzI^ziAPV&g12J_5ap*?g))hg8z-j=NNJ}fxAFPpD*8`>ktwW49zT_qC3I8G47nCS zLVaR8(sD&diHfYp&$==TDwqZbLR+f)P;QGUJxJj8b&Q)LXj+QMC|SMlci;dHk>S&& z7r;{aP=`$)eyd?h0Ks~Wr9YGw=U;fR;xkrej$8(M3wK+ttfgP^-K0H7{d`IUfI>IZu^t(`_363H^ehd>kA1FH z$MIyAT9>k&>!aojtPwI%IKnBG%_%mZUI>8!vo)Mv`Gp3ds(>e^4_ zvUTk?lkEPGGhYqc8|^$Y2@td`G@CX?`Cstd1{>H@E=LQT$@oMg13FIvjE-;PUR>%U zNUPhuUGTr2%514(wqeog2j$bww03x5)6IN-`HhJJFwt0s)Kmn~Q+J8ZggLl2=gQKK#3BwMlZ93=axb=px~ zFNwO=mrVY5Owjm0IR&UT(U6sI4bB=q(h#*p3gNXldMKUy`UFw#w0uDJ2S(`NZ@hwc ziUsH*+3t`iqNzcluY0+Wt`{#s) zOEI!gD#_tq?{r)cKEn{{Dr)%LRnmCW#*?rt?>O6i#>WK_UujfsxjCS=I_QzGT1x@4 zZSK%LV+C4aAdsk`dcP`2cC-VIZH}~L+4ZX!p zCrH1;MpWedigUWPj$ zwA`{Yq&xO$S1MZD)+xh(-6l$Z^d!O@a9DY0k7N@5$_za?-T*hBojy#v2<;AgR7DWD z{?-tV$Y3xXPrZ7P0Zk(ZSjmiA-<;P5Gi!s6`_NKV02_`wu%N5>Y#RlzR*?*D7wfn>1U?3{bW5Ngv zT@E3D?$Dq$O~RDdoEy$%x<9PKqg{tck{Is@4?f$?R!I-KnhKS_BZ?iG#cAb{z7}?J z_=mkh`#Vr?aKk@{;_RxT#b&Ckr}#-0YW7hyR~A8FOYuwFLVpqMl^b88nrfnk4+vsI zvq1fpgUE$mWzv}sg!I9aX7yDM-`r$oZQNqJ7S?@9JbFA3P^w&f`HTTty965PgGS%& zoTDB-hn`mMLpqX`+P8FpnfFy|=i>wqXiA*er2oyuXE8}Rlt}Ty( z(^%-~I@=d)JoUNSH8xr*qr~pJYr;u~sL?#t4)Y0%4jsUG*Db3P@Q2mHd>|09GgI$z z-*$7)AnIw=fRlrC$V16NSvNhZV*Mlyob|1$EaVkVMfzdgKkSj1*AmcUIjIg<#;|Q~ zS<71t97)xXHDQ%RhGcoW5 zHTk%UM3)a9hJ9aX^{I6o{ELO;j}1p&hRl29Uc#HNjhvg`pXmE(e01*bXaSCKYjjYl zORNPwJXOiev~DLhZa#`bp|5vex;0sdMp`U?g;DKUF}i4DYuE`WCq?%4iwXo}&8HWQ z{xP)3$8~$Zs_=nR`gX6O_pQnqEb)bt47+lm57i45Ma)?`MLwF01gAc)|=E zks^A9=;(+vGaT$t6@yB&ceVnq z*M;jBB1~M`g|yeCIDa0@OKV>?`_oZ=89t+}epQ%@iXup?hb7c|>Fx2<2W;lLeMmE2 zb@$54XG?_te&#(o>($*IS&<^h0AT}#MQS#~yNmNs*Iwgw4TMh|UxvJc&;eb%iHhV; z{!*?@FB~}G?`amCn6`M|Ev-G^ah00V0n_Jv4?1>#QQ4uqhP$h023C1*K{CffQ@qK5 zjm~5j%5^>LMKDbrs1b?0e9lP~|Lv#1*GD6Q>pNfY##~ZNCx2{i zvN<^2>aG1vbn!|t!dV~NC#xsNSqrj<)#gkdFMW5^t3Sinrd&@d<|E8-*8;=@>DNt! zMXn;ue3q#HiPq&O&r`GI=rrTsy^J-hr&~>SZ@Ja_%;`x-yytZn>&3&xqnMwYP= z3y58Di2NiA*CSz-2Yqf;WX{Hjppn7;G!Rdp`TP<2 z&nb`mywsQh%P>Z01&S=v-v&_(uE{THs%akQ8JsO`?~e9M^5Cv`9s&t)w50!p`x z4XEur_{?78>0IL*LaHH3D+I*Ya?!1eED%-UlJogQUYCLVY^^x{9IurXh%(0D)io1IBB6WVK!s4{jEd7tgvS zMh3)b+)l_uWyq(E z(gqJ)72lbvhH1^1dT8zNs${nY2;Q9%J*&c8=njtm)$rae&j6^+x+pJy8Go@XmC$*% zv0?k7Fy9|$pn2N!)o!`@PJui|@zU%ia9OK39+0_4fkxG{c8lXd91) zk)lpmI_;#z??dnK1hyUjp9O$^|Kx>oLo-=KcS6L!^@JWvT+BNV_9p$pS|53mug7-2 z4Sc)x!-lV?k=8acB911i|M*=9ln73X zqEy_Otyc!_jguGKCLZAWGC-V9Y4cSi%iac%I64-dGcTAu$RXw))fh7a7h3>de;;dm@`oCT$~Hkde>(xw{LqKZ&c6K)s-YX&(jDYp8|%&xe){ zX!Dcjx}5-l;p^hOG>hCnGd&c|UKm~B?t$&CLu`nxVTlIh)eG_ae)?_eVDF9=iw!E70JpThUBvBSjrD=O=?B|vZ@&Z;*hG(+wk8AFp6MfR}M>%W8NeOj$dMa@jW-isS-b&S)l-C+OFA z^fv6$-q>Jxcyd;c7E^6OZ{DYn-70`d?Yfs0B$r24foy-~4gbhmu?8Nf4!l?v16>^< ztKc;H4`zX*0z89a)>q4G^Na`4f^ri$AG>_*1O=}#+tD6OtBtxVj5a@;zf<*QMy&xh z%GA=N-gXNz4_^2#0|zF@eU(meQs1l{8bOxN1)71)_|{t)_QcsOMcpdcA1mJOzc~9W z(Nxt=FfvY&K)N&oPD<~4^)6FTHqxqbXS+fFN#$f`5`ZK|D6F>sAT=-i6EDGoaPN!6 z1GC*=#)+|q8MY9PKvuGWz2zHQT*Rq?RDPzn<}zUgqE7HbtBw z605SD+{{RP9lw(>E|`x%tKhABYlZPzdG32>&*`pQ~SS=gZ*l2wAu} zskSIQL?OQh>}8aNVD4i3>TH}3Vv7dg9_NVj=tcri44)ZV#+LFLl|j;SvQnxw2U&Lx zwBTRk|3wz5nHx6m%C_YytlDcS1Hu8sF>GUXJMlo8T|f^Zi< zkZskt8M{%?mJ$tW^+bGH**(TgLluHgu3u)#g<0n5L(F7~HXhyInRbYbUp(9%7KVLp z>}f+Lv|DFZOITfo_9{OvUE+5Vijma@e0X8xItTsa%-SK`$Vy>r6nEZ%Opxu#nzczh zO`5iZ#_Cgv{k`z%I?bQ@FJ7s`t-HIl`v&_&TJ)h@c2W_d8QN<1JH>T_oTE3KR4cw3 zxvchU^6`3f)9tp~bv*jM=WV^i^tc>eAI3PU?BHE|l-Fss56o>0U)(zys{l$Te?LST z$)lsCwbX!1IxnXguvg_eHpd+$d(fuf{kW6a7If^#cHAZHF#Y{3NX=3fsy%Ips;-xp z{mpw?RZ;L?_!Y`4*QAhulB-lmtZ|TY$qRv1Z?n92mSYnj5jN9NTbA)nr0DTKCPMqi zd+V9Cz(@(Y*LW0>cbm80kxhv<-XF|FHZLRBMK+X%o3CdB;6DSH;L?9G^}p*ZEBK4V z0CwrH5)r)ehrX=fJdkmb=*1$s3Nw58%c(8>=0<=~IcT`(4{u>_r~jpPVyBVdZ8A`B zrZ%Ycr|N$2aweJ*mb;UrAQXFx3e0U2oQXgJU9P^5S(tm=SIHtIc0Ib~GaICvr7aRh z;fpks=f=$mr{zCgmZSDHGWfM>ZCLoWt6@_YXqEeZ6OQCh7Fk_@KGxV*(2vZ|Kwxwm z)qy(eVtF(nd4!-t*?v~bO86ZPAz0VL%lKfa-Oy2~g{?6T6>v$%H0Jdz_`C1ecH5ZW zbT*Z)3tiG0xuc??-;3^ z8n=*f%4LZf^+a|&U!c9a;xjx8U*yxIRLa}Bgnc4Mjp5rL0zwU>N{kOif(J172kSn` z1bApxBls@yJRoM|eCU?CqIXHxY*t|=*G8|#DJd{0D10S~~~5aPxJNyHi# z)mTAiCn{Pi77kk!nEVEdk6)A-=FvL_{QYgC)v|lRQ>=04-XV_rLxrU!_%CE5>P2ps ze;>Yqqs{NHULWsYT`CW(T%(;?1-Miw%ou}@*8xZ-QJy;X&^z<~Jtu6tmcPc#LLKV< zhZ3c0aZA~@9elXfTjkTK75VO_MGMm*a^7)ft?SbClc9Kfse-eux@FH0vA!Zc-4Fi# zmn~!4Vf!1Dus#C?C%vRfe#Ng0dm!C$Hlt|alTERN-p7rRr(Qp*Kl zAc%6%!?X`8lDL!f$lSOP5AxgZtZ`CXL%?wNaxEyZV3)5V%g4OyZ%Lfqu723WwMX2g zD7wCFYZxvB1qG~A7OE)~bjT@m1>}Zfdlq*cwC(BzdOVz;Z)TZ7O)stQhvLB7H!^JI ze}%i~tKZL6)Za6j81i$>B%5HWuH0=&O@1Q6PV#m9x1DD6wkp9kzB%E$9xqm&@lXEa z+O0wpo5&}GT39bW-;KRIZdn^>@2RSYC)`K+uNx2!$mSE zM^hq3-m6f-B7YKkI+lb5dY#(f$FAdhYc1fzEC*I~{iEkKu@y8B7X}zl5%wOj8v0Cs zudQ(ITL9wK<)62~p{mpkxr{pRq%|}mj?=RY$Haw54oe!i?SwTRmT>|yth-*i}W}}TpdD@>dhlU_71q+CoN6V7f z&sbmUiH);}7L#U{dXwc4x}!O1bKkzWc;L@B?N=rbB`B`QnM_!Q1+0MD`|r3&6C1pG z5dTcLTwla$oQc(;K0#256vN!W(}SODtWeOwWT;-#5`9l-b!B7;mytd;_jKuC+nut9 zQ5DTfj5*FcBk3Obmaa$^%$Z=r&!UgSbOI~p95><!ls^OD(!8f9&^NkKry~#TBq| zY1=NR0+!>f23{`F%AZ&1L~s}QKK1e_|ATyMXqJvij%IOvU^ps7rO0fUgo(v#s5&sQ z^xiICcD?cWaK}-pbaWVu&KpjO3i#4l90&zpYs_aJpIrS8pW|w^S;uNqOwC#hIr!a3 zQ*PoBSQ5a(7^8$DaAid|lZG1TVFzc$q}+~pt2?k~5Ns`?y~8|}Z83^KF%y&N`B{VSj$L~QxJ%pIK)1gsVhG4dfU6->UsF)gGzg%=)oOSZ z%bjB1Y%sQOi|@Mh%3@k!c$o(M>|OtCEW~K|qaIVO^J>ULRfj4|ps1G%i`++Fzk7LV zJYx&8c3jbcr2=K#PpVv+PijX^$VlSN@~-Pcr@^UQa+HOLS0b~rz){y$agw};S!Ald z26PQ?kJ)>>-GeF7!7pd&hZfQ50j)`v$nh_{WuK1>eVwX_HCBsRz4~NP?}P|W_+!m> zVN4!sv*1hPT?t+p+c5{XqRUR}xL?V{*p1_zw*^t)YeKL?fwR3erUHV&*Hl*#eUq%D ztZb64HrZavU{Cro7%=Cw!)oy)Hkiq<1K|$dm28w}E!<5ybou+U%0}D^Y6?ByhZeUv zYAi^eA2%rQtT^wB6{5l#5zD>Sr>7Y9i$xqHtkk>B$~(Bd{U#N&Z6!_}b-R9Bs27*1 z3KYiu0MZzti)&0_A&)}zidA9%Z}7j%^JJ1oWS^6Ku;kCY=2JhJ^9?ZAr$%XQHT;4Q zmLS(*U_Fu&_*c|qq~Yi9$6a)QXXElyhXB-K=0FwRgrL0KK7eOA|BFZ#gh^sk+F^L~ zk*k(kJ_)5YP9(d_MsH%T7SLg0*NZvZ3QJO@Xf%tfjIBSKoMR$B8Cw{?V}quQ=tRdg za+<3#tJt4ssS_0J=;_3px6mI%ZnN(~v9r7>!-$#0mY&rLn7Q zJQA>q#flHTT{_e&3O_!;ckV>V9jaq+V2WUuRpNPZhP>jFA4rx0NV2yv;h8(da3VG z#?y}0b|5#a%~&8Vw95Z5mu!BZXbzdEKpjak$001cS>3#nThQ)M3+3>_S**5LQPj|D zGa^n9duy)nFgCRr>ulJ_w7U|V>H3xlNpgy^@D}aX+&%b>R&TfZ{Y~bc0PJF? z(&@yiliR)35Y7aUZbtxfmj&C;wBe^)0z^K`=ek$>tTj(4x#Y8_1!7RJPcb?X3XhvN zvtiMGe+C|RrmHowWL<*hVUOrr@jqcBDMSDwSvncte2nwi0>Aa|Cfxd-cI|_y*SG0- z?3VEjG-q5eXR>>0%3(ERiLvwq$IbZHD>KK@$)AQy(fk54n9BWe&~ViHPnAdfU8YOs1*SOEZdU z=PUjSIL$2yqa^=k=V8}v`Q`iNTRZw*)LmJoIRm=>B18Nd@GChFZ?m2?CPNnc-PM=n z_)%rW2mlcYwh_MR{VJY5Dy7rdQpI+ot1Rq01Y z4H(FK?sweGn;@^u^m_)wFLjnwvxg9+A(&5|7j+L{6P-9}R%Sb+;Di=x^qxY&%)}(1vQ`@; z@SfqXkAIA$0XB~C;IiNkjLSs6Vg# zGDX^I$f-C0Fa6H{80sg*!4$jWGgPrd@$bkQdF4^tAzXKvau*CT&q3KdqkE~a0gOGLtLiG;zo*LWV_rYGtAh#uiRWYNCMgcntzwx(3>JW)B%x#q} zFW))8aTe_AwG%^soBR_Ue|d zV@Wd%aPgHhKdXtx$jb9o;Mk1YI~|i1@`9DTB@!@sK>rKKI@y}$Dcr4*+7lHri5LGN zgg3UZ3oEt$Gw5Q9RSQ=>a$7goqB~s51t?y|OlCT(0;>+OFsx^g+K( zrf~LttFjWe?;9|#@MMmTd?GTs>pTn;YQiotp*8Eq|L^yoIKN5j=$Ae}gaXzG*P;~e ztdupz@<0aH<_DSyi=fH`n!1+N<77aD;ZHC_Oi#yN>MA-f6 zrBfk_)Ct*UsKy^?e{^}Wejpm(hlF{b) z+x^2wq7iD1fk7&cmh-$``@`(&1Ha$Vv_oE#4tM@lg%YT;LUeuaVk-3R>0qeP zC>9Nb09s;x54n73ALyPGbJMIPu<~TeyMDl9i3=BC%^kMs-olEiWxVC9K2!L2OfYa5 z$X%bDtLRGFzIBc@*`(STVM>FpI%((2sf6-(YYGxQv`SRy+M*k|UtXQKtcog#{aM+H z`?90)^Cfl*Tj?fF_(4j}?$qG5SfZQ3aL$XsiBx^P85(2Bk!)F^ao%tm8q;^pF|@M{ zNI+8*v%78w-C^N(JGUNNVY4XwA4x4bQtUxg#jgmeEv~=hj-PE$PDb3L^3miOx1`Dx1tV1gpC zO{$d54=0Ubwc1N;b~&z>Z%6Yr_fFN?VdnfFqeWca>Lzc&L;Dym^AQt zdK?Cf@~pU>4vvm6=<;UX=7BvMN}7m&Jq=UB{ytcUz})GxoWyoOo4ogWAFzA>uJ@yG z#=e8;3$w*+%V}iW56yR-HNG*)Tht*03Z7?Xyk>&k+=Os}Ijq!NKhG$O9HkY+b3J4x z+T6Hh5L_i~^}9J01YKN@qqDc`C@s`DA8zo6(E`TZN!g~qR)w~Of$XEPsy;#&+1DrE z?1M)vf@}=_cIwx*%;eVd{n?<4pBIsrGV2-Z^!X2qfAVb{jRI%btKLYG_+Pm}ZbXIK z+pX`&u~cLaW<`it8dbl}Z15lkLe_R>pW3GS>J-Z7jns0g_wtGY|!!?(TE#a-obF{O0{k_1WnkOh3_|_lcTa&p`Z?t<7yu; zG2;m%9clJv0Q3syYlh*76FA$6U8o5_HKJigx#WWnJmfEj*^Zl%m% z>h6G0iz)t*Oo{V#{l@;X0Y``&hNPhO^(mxsptCFO4&+KclEr)NWei=J?kH3^9e#4M z0n;RmmYVKJZi9`xb3uJx%bOX~HD)Gu-z0tyxVwo*tHsTEi2}}u-PmSqIs6W?@2j2h z2bS^v%7Gp}&o5St>G+Tgo-@#a8+EA#L`aniL2j$&Z2vw$(r{?|7QE5R|vBRco z9-~y-tFMUmhamZyAh~eRX~+0PRG=D=exoY$qzf~bJITTyecMGKzT^~!EH&kEZW zSU;6FPwW@UbcvjOD*e#Y%4J^J$#NP)d%oS)HT^8g;=tW_g|_N$llKtibd8zoU=9)t z2EJbCFkS3Ac&^ z9QyUyao|4BeKiGqBDye}dEYV$?*|*fL|VV!1k#}*L$l*z4$N8!9YqfFbe5%N!q26t zXX;HsU01#ge3_tGZdTa+x_cKC{h+UymTR11_f@=ZbpEP?UG3Y!=^RG`S?TC9k{agx zQ~OOpo)zw-&6GNWmgf9(;m9jf6+e;|sN`ga&hpsK{Ar&^6SAeS8MV1C&!j)XEp)j< zZ!$OlZ4|mK?U>nwyV*y!T%DnQ7@^CHi)Kr>YY~tN>W7N|4JV2mXuW_z$=?23mibM; z;R=3mr|m1dnKmaQV6Xw*^5IaOA8~_BA3fJPAe4|skc5L|QHo?;3MdEa3J{Ip7YMa; z9;KD;O8dQ-FGSl~<*(6D`J)Tid9Puy52rsLw3wY0s<_*Xe+%(v*-J(xzZq$0u^5Z; z+PhV`dpaUsD=v-7>W|ATx9Dj1+08johlW7Og>-^|lF22N97uAS=#JX&WPBui6YRwJSUC4biV2Dr6$nVwktFLSSK zoiC;U6KZthw=)m*qpTGp&%b{={4af`p<13A4qsp}nVCh7-g+#|iuCX2wwYSYya_Vn z`h1}88{NMTk>1pwjp9H3*^!5cYed@`cef{2*FJCPLs=ozrxv;SQs{XQ{keB&6|VD#M4B*!fksx3|I`La5T^~& zcHX@@IDrf4Ac^Wmg{WNE0~Ye{Y`*>N%ly$H&#K!|cqtGBX}_NK?@5kgWy-zsQIGn* z5Ji|}EC^w~JZa;pXMN0TJ=IS_b>XoP3u)%k+v2=S{cr;WYM;wkt*5%>g+kmU)0unI zDlG61T<`4bWj_Le?s>A0GH2Anc>#GIy*|%k*R;{5zWTnM}>5$jr#IN-7DI1d&?gi%< zSnIRXd5Uup(*I3XTYQ#D71#1oxw;Kf%27XMKON+IvKaB417B*jvgK&&)cVGI~&J*>m6#=9T34Po0tV?=UoK5u{YZ4?hYkv@OqCS_kwMAlxM1^GEU7W=aDLHM-3pCQ$o3GV<%w=4AP)KvKG;fSHIi5OlSsa{m|hp z!r(h3>*Q)BLg6uBRW7tDLF>u$x^2wS`>?zliAx#hwl>xOotx)H08EEo4C_WujG%qf z{79Bn+P0=dE6OsDChC~a$5d*>z8*@m6B23X=C7p2lUv!Fy> zgvxAVg;ucrlaRx$kTJ2_Py>=OcdiBLB)-BnfV2-n+*6&P*OhYqUU>bXA$Q!&e?tqr zeXsUY2h&n?FosvQR=;s&e(YKXXLU0w+a|vw;`UBQkfg5T(Rp#kKU!;u2YB zhp1D)peeo7YN9*ux5A95eET@d2CepX&-;bNo)jKVFv#}-Zv7Yt6Yb~gB4rCbFm8YG z0_mNAZ&nl(D4f&_JzRD_AdZou4yvOpiZL%(Q^y>agGEAc-kJP}*JRblXPuv!r--$h zs8rzhnKU#62%VuVm3FQ|y*`yT{I{lKYiw=`zUM}x)i+^scsY@W*8tC4a+#9ix)#)f zr*nCoTPX$^)r~*lPFTp8U*de?>c=}VVcc~X7s<}UnpgANdEZ~7@{2tg9?xPqw~p&7 zWeVU#(|Y4C=p_xG(SasA6N4%IxdULT-oXhnus$SkL@-7ofQiH?sE9I*Q`3G<;pb z>-DB9R>kY{7q$I;@UI3~s!YwE?AwkPkgH!FA7oKZ7QCa5A06d2c-nr_S~~v89y1|C z8N=*5%v-^cRO_p440$UpG<5IRpXDjuY}8-%Fn0k$EH=z8 zM49o=y^>(fqBnQ>4XW%xZDCL#-X!y+)4KQErCBOTZi7ClS~2b@n=aXL1UUzoNrfr0 zz@~xf4f-0j_~&$`v&lsA)kctoP;JzpCR%6ZkyFK2ZXnZe(0QriXKuk(4C`xX+goC7 zWhA~Ia=riSIOn@XX^Xtxh4bowK;gtF`A~VxwM`6ia+~lqs*9e_=@Ku25YqDi!SbUu z&?&uEba*hRB=qHs&;2&!0>}B{&1hYP^nEmNg5sA==)0i<-Vv>!Hql zQ6j}~zT)nsGLBrG=iE{C5eqV>Zt)46`YF@CD}q`DuG6`V;mKl9wNLRsiUyOzoZfb@ z<<1**!Kf!r=0ZY}s>nx5lSf7_YV@^7G^RJ~ULlY|^QzH{}dIFW1DZHCCR?2ld;|{7QEYiCq2V99igg1F-Ep z3d{$S6q&s5crSjC9zdfJTH>T+4>HPE-S1??!($BI{?e5r)psYCnw%!gXtw`w?Lei2 zsjUs4@7Zc<4at3xQztiO>t9K%?{Isi_S}UIB!9KXYom{Rdf4mPlF)dN?d0Do;4q>aem=xbW#5d1 zOCHv_cv;2CM7udmk|^k`#lO7Lro!dfrK0qfSc$*VMX`fbUyE-bV7IT17Nq8MU|yxE zun{jv&t=CjsdiD3Mk#~yOW~tYBT7+pN1w%1&S6K$<0Gr5NYW}^F_cu|&TTLM+4#+Ydnj$zxIPBl68h|*8o^FFmE*=O>7Qlsm9Svd5ZO|PDR(h(*y7euTm(_%WEz)`pHo#b9OwA6PO zLK0Q%AV4W1a5~1n`gDXpueCXNKVKs%57tDXJ-9Vp5^6gtup}J1J{mtlJj*g&Jhkup z2N2-nFo-r=c;4$0b-|RUvhk+9*bUT$zAxmRH>m$omsKR>b?w1;6*?+ViQ#T^I#4qE z{hHHBXn#LlcV=pUGY|}Dv~sh~O?G(E_8ps&yg7yQO@r%N+|^#fBhwbatLn_@k1c8b z6`XFuv|bhyb~A>nQD69Nr;eVWENm`19lXrke^Wc(8cK@7A@x=ZRhAE?~E>=Kl?K96C%`_=Xj;@0akE z#%{7P*J&h#mT2ALlG}Z6vA@g=wgcD~vc#9ba(%3XB@6J#CvwsE30JFAJjxm#k8{Qs zJuv{SMdqVmv|U^8lNl;Sk;5VT)1`!v<9fIVi$O~eDk=w_$U#4e4l_ZEpcb6UWz;aw z7FB&^P1yJ9q8!W!PYL5;>{Ij)Wl_n=S_o^ohs+-(a-^{W=B3^}x14SE_ZRO2^trFp zWkq41PCwG2vpdpwtfZ@&9r^D4WLEj)xvhH+@jrGYI`r6WCm(!tnBIp@?WEip1pzfd zaz?fapn?Uh#6GRjErLd*Hoe>Bs$QegTC*A$r@;lm`FD)3d=@A2)r*@qJSnysJvYlX z-;(ReoQ6|yGi=nZ7tQ5SL^J+6jG?{vwc8(^Cb2PhM}y)#Ozj024)wy_aHd$lsreoO zf|OPz&0XUHvPPVG^33wf3q5?X3;S=|^dVG4wH;$mAuANV7im^3u*(*7+8*0D=8k5g z3>4D_48d1IU}Z{#MBJU7TvCsya8eDBcq@jL5`3iY|wylL+meY82o>q9%0pZ7$U zAXoTM=M0i72|Y?zhtcFM-HqYy`LwSkY-@j^IKr}%iCgH%5~wNYShd|nTY~lw5t@`^ z_-iFCk-dD)s>#_*jyeEFA>M7u!i&_un~Eb%4UzfWRcALNS{f#mTB3dJ1F<}eOuw9F zl!Wa!en1x9{U$~YCFdm4U(?{Y%ErB_l0dpB?bZ(+6PSTjxl>nJr52T#ZgQXU+geSG zJf1S6Zb|m)c8Nb_Y;LoOqNo=#9`eUs9}}Zh$=BYbh~K~bfWDbp8v_wum&YU)1S zG+KM+U0*DohrC-ae~kq<6Xjgx=svell)ua6u-G}Ybb?6FsxQxn?PM@E0~LP zSxzfK6u?0xy%YTC>I5nlOnWhl&f*rcp0r-$u+&8od(s~wN>bEtG)}_xNz~f|>jVds zmR^9|p7ytq5kNLV!j?g$HT@A|nBW=1?x!y^P|ToRH;f+y*7O9ev#U^QR~<0y)0Tg~ zhew4j*ulZ?-LP0WS(nk?OQk(VjSi21H|1IBkBJJCOD^l0&g&2(CWSXjp)`5<%qQD$BNednF^F^h8IG8B!b^_|*V%K_md{C`rgd5fM zy&vx^5TmpV60IdW_Q{@uA!F}$)$+<>{4+-&@*#ysC(H4NTi7F6P??ri~Yt zh=iG9YRgDe6VL5Z)3=qSNrvY~HZd$QbULnWn=H*88=vq+E;PPPk*ZHoq^6Fv9`L_! zi{d<$)Hyb#Qwop(P#OKj;kfpoQ3l#hochd1(d{wl-@HgLs`bw@`Y&YPBRC&R-o}^l zRjs+gW?CQL);nMNxO5W1IJKz1bNVWw=|K+e)rhgbN7dQ6v1(Hhzn{b9Q9UP+rkvKz z+BBSrno7e|XJ~!Jc*Q~(bf^-}xo0;u;R&Jy@qHo4-bEU17c`$n zmWCgpzH#7M1S%@i5*o(Y$nOPW45gO0`j>0!bBLLmg5hdnGiSq9uky(Qc(M?_yg!y!kB-wXDHgw7Fs%|cM>%uyyn3eBDq3NND_@D8Zx91hAeM#gSmcGz+_{o%~M0|M>+ZTlS5JKnTTIA7l9>^SarAGA!oMIn(3 z=8H|F`(A5>{YDt3)l-cU1Bq|@V`iyeQZf-~h>9J0x91{am#a#-YKrAYEhwHTPxjv6 zNUV8nHyj6NMhbrWwSP~f`Qz0>ve9r?+%A=f@z527DA>>6B5s}n*SkFD)L z3pn;oo*Eu}oy$9?pQ@)Y3bmbH=%7ild}6fBnpXi^P!gt2^e&T*+A2L9$Z*>T7tgOW zg3^4}LfyTy1$UEG`Z|U%QWNh$UbfPo`6FkoS6-K|*IeGUXAEbTRTBjPwYi4g`N{sJ zR~>GN>Jb4KYmRl|2z&wnWqS2ZjZ0_V`#zI<_2gCL31R1?31cCSf!Z-33hGZrdmbUo zg)2UjE?LKGAnd&4Safpr8s{_oFq~UDqXLs%Ii5}P<82}{Y6)zuvi`H6TLe=d%{QMC zgxIRy)2i$r5B`z(8b?O4|DBoyLWoq>KLczcH~wCI>VVBVNP!HFaUUNM@CnwXrer5` zonMLuH>2s6KS(9xxOdw+$CGS*HS_?)p&_Z48)hseEs!yKxU7iVr10{jP1vx^By%yM ze_;+$>SRI`^k!KY`2o=CAr|;s%=f~Wo&6D^2DdqcX$I=14~v{|6caykEtT3|G>@XO zGY6=aU!^+}11BIhmAPxyy=&Pz*Sgm6*T;}&-S>$6X@_5qGRjC`Tg^xl)a&MVll}0R#m)pkNH=M0WYv0O{3Tt~Q zO+$r2vP<=dPLw58X*Kei1#y@>=zr%Yk@8$wtLvMyK8IGeKGx}X<%?EjFDjuQHXEst znx08fW=+6pBa3o&Z$p-nKI#c}_ipU1S=?+tU)L_0d9s~g7d8>r?e2NWejYvSs@>Fd zObT*v57G9}*mON8+)jgcpXAPVHCGrVLAX=J;93=y)MnHLXhxyVS)TZ1Qiy4(3WZ85 z^OABg>%~o?Xv~PRpX_)Br;vjN=R#CwT3#cQ45YtKhJ?v9w(b$a~ z7`{Gx!WibpB_B2Lpd;hJN?)N@0#CNE09mGURM#KG5h>oF`cg5auSfYB%Fn@7+ zC!3oD_9nok8Cp2Aa8!`&3eo;OE`>uycAJGLwo zKU$iRr7#N-$1_?lk#CLIb>z~mce8N2dP{DUW(q&3naK34;%yvaE$#tH4=9C@>&(7# z_4#y&QP`JH>5fiYBgINsYa8FY`%2LUSy^aJ2kz-36bS6L0%1v=no8{FIZ-ddF3^m8Et*IPUtkVJvoLy3@Hn zHPybCAVWGcYzI4btcg{htg69fe(fs{Y4W0~qU`1z0Yg50+#jm9l3@D^lPmP_iwd9 zK>3t>mr&Htm^yDlVS44Kr>Ke)7l~@333?tDmNol`!k;)P9_^4rbCZB9&8i`w) zem0oXh0@-k2{+m`XfF7iHK<5K4qN!NTj~@U_;~wsKs=PnS*H5(1nAuM z9?!l52BiL9>Dm^4}zS>bIq(+0C?z;*l77rEnx9f{mYplJL zQaD6sPo1Mp=PveMA0{M4j0}iqeY^!HR#>{j7{EDnN@XP*)l%E&=zrnUj>f=qZvX4k zNW=bQuc0<^C;WEcDp7x0g}h!>O;lW|vCDX#>jp!)w%ge!cx(8l;$WY;BUyI(4jRX2 z*3^$!D=oi17B?-RG38z>bKDMgxKohehs^V2Nwb1)>C#%|$Yz7PXxlB|sh8>C@AtH3 z7#Q3<q2}J zNR`tpKwvJ}pCW$ZhlIj+<}+TNJSFE}$Y>y!Qn=7Kmc6WRf6^ZLBIRD0amD)v;7R#LQTZ&Rojwt%p@3Zw>XL<1%1lJjuwcV%q7c+d!;hiH#( z<9@4%2RMsYF%!S+I;GY~boIMF-7E~B#UGwjzLZ+h%|Z32jE`M#)*TI)>^N!KT!`4i zPFU~f*uwl{LB!AI{_!jADcO3fcdZn6C&ar8DdnO%)Y*udtbEuoZ50KNpAOCK0go#Z z>vF<=CrA^%M6ZNHlM{ZjZbKn#gBc;Eeu*vNMe6r_lIPv$PZ^e=Fb9r=dPkqJx0_iy z&r2`rMK_gy`PM|X&xfuLSM^*as|nLeQ*%EQ-rv|yf2|{WS-$YfFZakz0B(7{bmy@^ zq;S}KZvep~j<6wYip4x~3yI^?lH%*;+_Q+n{58YZ|FcSFR+U=rNl>3oiSo^@idae*S(?a+EoC|9V`?g_ zP%?^QEbgwN%%3<*sf(b7yWHe?Y_vhvyYlh^^nl&e*_jg}m+u(Fv);xnvdbG_pz(`S zO?!%joEmNyTi5bhqg?97nc#He#3wZgW0)*7^4~+{hquR}3VCTeNA*w--!B0IgK!I zS^mWV^_uCF8r~tC6vPD#*0Fy0DdnG3agZjA6q>N;ZFjUpSd|e#cI9SsDJ~3k8z1E+3F;AB0qfDgBl5oc zXw!M(?6-(pL8(MA$hy7apRp8x?{7pr8RjK^w}ArpKQeL~xpd++PA8SO@_C6hTDM4BisX4?wqD>d6;)CF-gs4k)l8%J-Ta`q znz*)zC({%;3Q1%fwJRA_8|&2I8E(O~Cn_t7L7A-z_K%@jY!2;8;YqLchPfbDYU=R{ zs|f;(H%(N{EYq(Nyo9^Mm84iJl1GmtD5@9T{`xnRL|mO^^wd>Jwvhcp1j5h_@O%$_9yA+Plh7mg&g613gjJ*%RQLB=T*LxF5?!t zCDvo#!FYL%HXl$LnvJSfq;sd%WtGJA$FMLlt?xrL3ksama+OGInDF^ix1A5nk_ml6 z!KFrc*h(UoI-oGg>`im70{>a(uXHom)?5ud=Pf#ok1!zaVo#Z{YK1IB%Cvl$*s2z* zl-Ir+j7Lp?CurZa^CK&_bqKDHgQ#B#r*w2PA2ik7F_RM^+kc6Wf>9UL3ju=(cMk7+ ze>IE;IbW?trAaLqYvu%;KXo<^K zz$yT|&5_oIV1kR;k7Mq+W|Sj5d@(_RFS%7Sr{XIh_TQQ2 znWm=kF@BXO#Hkq5Xz^ z0de~%v+@1A$8JE0Wrt%rR3H`Gu6&y+UP(`gLut}*r9a(Jwtm(JApUK@i>5uAa-FdU zfMM>g2gz##IqY(~8C#qD&(y7=p187O_*DI3U}`Rd^DoPhBHdbVo2!7Gv-SMeOMFEf zM0RxLSA!K*H++f9*#5ddQ@X0ZYP-+y$BrSlcnupUUVG4!D8M@D4QneURfdurDS%o5fH!O?_~Vj^{*z@}EAEyZzAdcuU$ zD$TglCRMybHDmqmT3GtjmgHbt_--l!mkk1JOF6b$O2WI((y&Jm=qrU#dscHi+3bZ@ zSq@*~6A7vTFva?f#&@zroklMyE$HcpfXl>P$Ak2_oi@DCLa*SUX`#b#-4eYQEvav@ z$wSCs`RmsW- zd62D{H%s~IZ|2{2A!-$n7lKYJ1dV%f#USq`_+ZlKd~>d1L@$gzK=Abu1)KRfVcNQC zK85bR=FxA?o31Lu+~SW=n0SW!9*<1jRTPC-^r?H44^RoMAxtDDn^y^MUcIIuPd3$AZqH>Y>0y;=rj=P6McmcDt`rHU==L% zwh9q83m7gF%mUoKo_D&MN1=gC_;((0=^Q~>jjG}`4KE^Mp4J`NwC(ZV?ute^!Vf&A zC0CQrTvE*K_ki|s(+#n*=~Q!}Ih`G>#@sf{$(E|JoqDy7^{wY^m8`$(!)RD$8{VA{ z$UHrvaoPu5WUwT=;T+Hiv}mMq%zET|yel1|Zr1x=w|G1!4G(Ub%OAbR!W%DZHc#JpcWvx+d4x#YuG0YPh{raJe(scZd&ciOAzk4JK#B4nV((vbHuv8yL zbEX{6*lpXNe>nyw<}(4_-BSJ02H&Ow^@5((yyK7(16w!8&PI#Jg>!Au5FLlee^=h97M>>mb9pI|x;aEpNos{~#wS#Qc@ z4kJbU!g1Gv-y!+yqgnyjZ}w)Rmfm!^17e$k=6I5Kxw?{FaBWfMv1r)O`pv{lJXttD zQYuxaVNJFEbQS$V>(lAtk}jz~cMXuBQ9}M}FU-}DolFe7%&$Vpf40BKxut}+SkO?* zp+^AVBWO*5cpP&3eo3`FHGh?m%SQA!6=B%=v9>w+>JN6vEj;ez+e4I^!E$}hZM0JBc7-b z=oTQEHH@dP%doDD(tFnU?w}f;fEDl1rt1uCm zv*Flx6A0b-lHJ5I78;3LelxHVPjeN&JdL8M7^}kxZTt;IfUV6(Y~WQreU7|0{=6zL zvHx_#hyv%7{5Rvrf0bU`pNtvYqg}*AP2pL(-}deuZw|AeAKG-f7tw z6pI!tu-HS@n`begB-?rFOzGp`ZT{!t50pQN+nj}Vg_hC%-K;+z*WV|91ZwVM(=Ai} z{_>4S@#lwlJMgO>-mbc#KDc>=|M`)I1Ek;N>*w6R(*M`hf{tWw9xBfkj|6g~c{uRQ1h45b?{70biCsI-VzavQbSGWGvt$%gvU)}n@ zfNT8!%w({u&I0t@I{k6g_&>$OAR6j;0}7={q=9k6hG5Dp?y>GaA`Wr?ct(H+EeWd+ ztAZtapkM%~EoIz~SAH?F={MGwJM{d4#QrX47eJO(QVIoFfi|)$8i0~fKqK612|286 z{pW270ALBb0WAHawf7FzM>yHEE7=gxUb*G(hxNN1lr0bsVTpe@`{s850;bimZ_JKJ z>JOj|7ih+GQ3$zMSMPPPs@Uf`uMguQ(FKUSzI;i3g~JthRj&PCXsem;9zgjhJsx>K z08h~@M3}aOCqb&UAAa}o!;1^J7=D!So=l>cuaD&~NvqUvS6{JxV-o_Ewiip?3;qGC zO$3T3ZO%!YQQRauKi?Nuek%?G<(L#lpzfZ_urUN&Tb#~4S-VKq}D7$l6CLG0c&0r}A2pCtT z=E;)A@gJD^M$ipB5y_7Rkp)pbkUjh=UMi$~>98w$$L7IoX`{`ddo;d8V#n~4%E-%g zl}n#V&Z2zUg6iss`s&m=qa~Zk;gS5j^WP(Oj@w`^i8aXHnh)kEAc{}B9*#g9_YbR= znVR=CFD8b@A2YqHX%u#>Y2Vy7*5#%Jr7bu27x({$hO?*2ZtD&z4L8sn)(Ibe4#aV< zsgA&w*diZULWfG3O?UXTt4@mPCtrbX5iGz$%eFO4;AUvzO=CC4Jxvdr7p<{A(ynnZ zslGZ}Z(IAFPl?AmOfMD*il+F50Y?RHRERf68rIz37IsRkb_1d%reLt=IP^aP)=_6?4Xa+4o>x zU)w)!{LdaMR{&V~TRXcF658iNalC3ov>`=K9e!iJ_n3VF%4 z8nE)T;y#&-j;~os1}bLo{J~MTJFz)^>e(|o6Cl+VkD<~0k@f0@T5<7V5_c=%=fzD| z9)f%$G2cyLDbzp@T5MSk*M75d<}BRJmjrBzDq(kAvhaq?mU}+oE-B*=00veHL6?oh zcucz8Cx9c;DM>B;XgT=GVI|Nx+>|)9B%ZA1>r(M22w0S(a3MRZSpZLh+g&VNRs+#t&!m70|Jw1i_iY|HfJ|4-U!!LAr5R-<(Zg({8 zxxE8M)p4PH`-RMT&-Fp1znlTU&{(4Z%czYs z#Q=)T+_C!a8l3FR&4DsDJCHb+#Bw1xs9w!UY9(*nd20{a^s}1#NY!;d1PGUl&bDrY zMq~%9EQF=R0aR0HDj4%RpqzaUyt`HP*;;-Z;PNL2O-)Tf+O{=J1gKr)iIX2|o!7~H z_LF9^W(NRg@EA$fDctu8zB4g%#donFc4b7j{W9};cCGyd;3vC-U=eN>Ma?xg+yU%{ ztZ42UN~{^hUQ4Y0YJ`%(II>6&kX2AiF|;;8H<4XFN>r*JLE#5Pfv$bO1bX(RMcyDF zAHAV3`5hNFUuiRu19bs3d_f2@9Dfd-nrx-?S?#)yTycS%~pjPc1OJ}pAZL4+%701 z4&mwJXZ#&FLXLDVpb_`=srs4kVGeHq2%3!&4$)s-NFNQydrMm(YR6_CFH1K%s< z*Ni7Y!@++&bA9f+s_w;c%cAt@dH|voTDOFVm!9x||8y}1h21&v^nIA{UZ+20t=t!n zwY$&bj#I7N!*!EhC{Zi~=&$ZY~ zB4au2YY1{9owz5!WZwb4BUaIr@`3A0R-`_q0D4q%fnxzzP{HuSX$w$4gRWWEy^|_X zR6`PbkK%L=-F&YB3U64VRYT_8mAVDAT7Owa01^|q$Zohu zVJL>>9t{w%6b$p1v_!g9^8azi#2pE_ItO)9FxS&THK49vsX#Tsy^^W7tj2v0 zne$?)=w7*BH9W=h)lN`6A8H^*ITs%uJ0%7Yp-#Fpt^}>tp*>-jUzbjn!<^?2z&BXy zwP8dn$4*P36k-$3vNs>bnRB_?8V6lVw_c0Z=I$R4FsV)1p|EQ_UEbNW^A*zdGUD>N zI8k+7YxU+>y9OG?SP`4{Sf!77bJ2I=%PlwsyDPu6Ko$Qszc0U%IVq^%JjQgR0S%rk zX-~rvsi>H~zUcorGJ|Nm93l<1Rjnsmr4ayRVZjEBh27?JZQQ657VT~9#XmEnLS)kO*FYjW6_^6O0e?@g;NhOo3 zC;LBGX9YiT^!HoTHE7uWWE`qBbWCnfvC%r3)7x8MK1XFvNV5G)l@qpd?Bt_SwhzOd zC99YNXml38e`&@$f8>K(NNO(C{Fc7Zb`On#-KUx#@Q&^oija5eQ1D<_H}YpY_aW5Y z>7{(hGMLG%c;2u3_Ir)SGV&*GMe~;}-UI4QXTP23y9L(j;=}B{Vp8O!djVO= zby;ZGWLXBdg(l_|lIzJ-@=Nvb`sE7y&5DtnS-fIet!sNdYS7Qf;=7j~PQ^bTzrX#S zIYmZ7tz+HLS1XtBg8tWAZgfq|yGtV^OQk8cI!Q!KD4>=r2_j$!HgH1Rzg9? zv({*rqGu;@5WGAX1l^>)?vE&8pw=#tL)?N?a_3zUtH7^NI%Z^!_8-kXID7K*49?;> z9Rz+|@1YU`H3ju4w&wQ&c<$Ava1~+rQ*u~Z2t2EbPsX75%^aY+sK4Q$c1)o+OY3e{H^QgI)Fq5U)HZ*vUoruG>t^Unz6F9FUdWAS2O49HH2zr zG-q{%(m6RJ(z#=rG#d;!*k&hqC9{oracrln=1_g#@9qm*pYw$Vv(%|$SK2p6oL0qw zzKr}^Xx$7NG%c^tk%k@Yz3?FDHU`!^`++_N5vbUrsG`TA{`&XCk^g+mK8cGQ%c(7$ zKZETVSUMh$TF)g&U!W2D9<~Md4p{Ej^Scmzl|$XJBcpumwK2o#^K3qlcRNaMqF?i~ z4NW1geOdjt@u1g!6&B8gRC@+efoIcv{r4}H3}V8+KM3h%iTq5b;T_&W+27a;Ei$jF zv% zvox@9v~`qgpVIPi&nK#wBf`hMk z*){C<)+fk;bKEU<_qDYy$7!%gGjy|4E1Hw6I&M!Q)W*bm*XWySg|j@LWDm#d+AO?t zxUy-UZ$a*A*=rGVgBrNUn~uapv^43LFBGoN6iw}GRbh;Bb|gMd!54lKf7=XdUl2a4 z0G%l5dGG4n^eht>mDtVR4jF&EwJeJF+|}4SL!@kAx6%g2Grlrhm=yV2o6K92a=MgZ zN=!q5GO%J(Kl1p0Ht(K2ABOUx0OimaGiLNHOfPBV%9irAtK;}SR?K7za}M;gevS&KVxp zr%)qnpugjL{dO%Vxs2tT>XV#r9WdU1{AC2{3D)6wwIv{R08ckWk8HY2NJFDH7r11N zh31UmU7_;$YUe!)yd5K6&4$VJe_jIoBiRMHd{JQY-53($Pm|q|O;2xStr+owkqY(yNy1pJ&-M!KBtR0U_S8e=PqH6;i11W9Ucr4`4%@1*C5! zL9Bo5c3JwqL_O{-ey<#3^ZE%5rLRInO|4I&j{|b$G_w{ltK;`!#fr&Qb98UXMSt=3 z1yg3m9U{W` z!+UsHP%n47!kvan=)Xdtyg0{mV?dmP#M88!6Q$nimKMBYOk9C*JlcsIDUhwV5cF5M z*c)!s`9;&-K-`9s>$qFPzx(x*++VW;Wa%|=TBpim@|=%1qBg{UJeswjpd=j`TZik} z&kaF`{_^7d5Ongg$tT*eMEmsak)xr99{p_y|E&SB`A z-2ar!AyMQ;G01Qu#PP>p#ZE(gDk*7v9yvusJEKulKmUk%C#WlJAH6Gkq2tA?S0BsG ze?9HccYeD_P9mqMxCJSW36Vj@rmMeAh4*dK=B11zO%MSFSG?<^dS)j>q?^HarELz|j8Ao2;D$!(qnboivDar>FHBL%C>*#E` zgcqQ!*`y@^?PFr%g9IIi_l+NL;<-UR`v)euco|jISRI!!6Xab~HSVin4g&3XPJIp@ zv%aD9sJo9}cpPoyW#H%;i8-&Sjy3rh9Xy7?#)5R;mi$eB3GBTdC@#HBqqEyfM_v?p?^&m~s zT}d$K(F@+-(Fi{P-4EBSfZi$@>j7{Fix*dOQ`HE~2C`)LGHEYm(C9QeL8vP~FgO@h z=HkzVTxz~KUf}>n)Vu(k9!&S|KQF4D#~Ld&3ZY>-2PoA;K$DTiYcsC8)p%}OQR2UY z%#D_TD@qWd=d~;K>9JM3)|7aGW|L3D5n2lz01{!(o;~XX(b9d;E1G(+IidbG4WL&V zQ7-LJDC^4u+%T%4_Fc|$U{rN#z`&u3DTFlzl;g(7TT@+|fP=MA_-rNf;m*a?anp#K zp`qbh(wDgG#7Xr3IU5j`69pU($w-|W0XLR)mY2x>GcIZphFJ}Y6(t5$$voJik0m=? zn6A(a0%^f6f!<7pSsG;AR$?V#`r{ejrux(6q`f|&?M{CbbYnncZMpi$p!wG7R9#hk z_s^dKinshVP`Xo&HYc#3(PKQ|=X>kNs0tvA1c0vQxj6!Gl`*|FO?t zE&Ru&{Gb(*u$~|JRq2_KO#;ughM9 zazkYFNXbh8EGX;qRX9RWFl@2ilG2RI+l z;`u>HP>g^bJua{#KhaM%cik3sCz$1g1I#d?zFt_s>!buryyU^tFM$5oZZFFBLNdy@ zr4|EPF>7T8%+wwreKGgWYAeQXP2@H@Fi)hG3^aEFZKPd*FU$m%B4TL~8ykC%T-WJ? z)@d5v5B46kVPOnD=7#^>%hM~vE|-c2mg|Rc&L=4!_|SK7cAjK=ZcjHn@;ETRWV&O4 zgOFqU9L!m1p#p(f;@e^gboWu$qC9)B$+$u$wJY#yo|w0UqGzBLxC8_Q#!5mU@5^m} z>%1|_)YYrWnS=8Mk-g)1GUHW-#aQCd@_`A=$;79nDh5sXaf{2#Yr7Aq-UhtI@tPFZ z@b?Q~)FaTC-M;PP)m#S<$A@Wj4X^Xn?uIboPn)96h?HbVG*j5eVy*Mq&x#jDUE7sA z+wHWT%~fkSIDC(PLWq9l0O0HNg_Y6LOk@6CEHzPnhYG+%GgfX9a{%anGDN5E-kuRY z@g?5l5~C8a8v6RdGutcD8qn-P-z^xg;M>ghY8#+PU@u@S`W*)8-=i`@kv^{??sQz9 z{NpP=#2kfrpH#P9^TbTjKDD+}*9_$*`YM8Oi~F_4@R5PXhZ@@pP7W_l|%8 zSo?2hiAWYBjaO$l)&wBPtD@lq59uyu0ojRreXWG^#!NTWPxa z`0Et)CfKdf?@w0nmu9o>M1FwST`T#?Ag@!zKJLD|C`r*ux;iX60IcX5&}9sbPDyQy zYAAZknS|*43W|}0claGh54sIKtizfuI?5?l`tGTZ)M> zd;Q_W_r6pLvG^OcLWbrAurD?I8aHb0{|#d{fd_+htBLq_Y?&W_5V3~9T(1^^xIqm{ zDGH<;DuTR4pVLfq8~XJECFnyy0J6e!>$R2nLtEpLNT)^c}~^S zKG?+@zepo&9$%QbeeI1p-sK?r*KbmG#RMK|ofYg8@KA>ck@*8q%o<4C*E$0nKj+Ff zKclJtjnkKR=f5#VS|!3~o=}foU`Cu0F$8`*y7jW}8DO&F+;x3~%}tn&Z+d-coo!DA z4F4V{7&0J!Lw3*wKoZ<|#Kam;Yr~kMjB0A8Q zh)hMiqTdN4|3!!sT4o$SBmctUwpeS zp4v(o2e05^D&=T+Qujj8fA8j5GH9Iy}2sMO{3I6AL;syjjswvhx zH4%^2EQ={V!@?r;Fjb!OW5%lw7Xgnf2peDBMJ4b4ka?Kh$f~TSwl&@HTlu*TZ~6T1 z0rSxxWY*=orJn0ULG=9Ym0qmcdU{3e(XJ;uh8C06rC74d1mj)l(b?%D6Qhi@^qibZ zFJ8R3$HB2xeU-mPxx`Kl!3F_ffYQ^aPo*f$X^n8Ouri_z()xBPva(c18V%cS*K!Pt z40oiUWNA{Vqk8fYRPp}MjqEOi4>OxVaqH05a2vNPVKn@CNb5307qdiT}9MuU2$;uXQS?IF1=O>MQUgWgc~KLOp%E{!pY ze}He4n!#=km=25+Yr~RVQrYl)&h)-Wo(w|~Ok7Ne5yq?hF9Z=`POC$zt#^af!f})4 zz0Z$+0^-SK&(w|{&%Tp!8jDl`AZz#jG-xYH(W!MH@k z#EghQf(f|(6Vm{bO4E7y@qblDouUyuLvi9OYePfD#wOP_wodZJOT(t1i064kOb z-k{{NInI11r0gDNllVG~%kFP0z89uymDBL$Wmzq)VDQV@SWzObW=`lJfwN zA@>ef(v4MdeD6o|(;+uElD`yc@rV?f8TrNMLtN4ebFM_OQEV;hdOR0kX{uhSpI$CAoG+~9^)86RGGG+P>4ttB)>SEEnX0m)%eMDo` z7D*~AUZ_}D*i-u+s-`eqHgvq47hUPRpST_UP5ZP<&G zC1{12DuvIV_!b*SH{OQrgJejQOwxUcz0(bbnxE9GPeH{(1ZWLq9Y~WvX_x^GiO-~^ ztu8=bF$SdW)Ip0X9nhzk4~)`Xj8VcF>QqTU;NrEm#1kbzezrJN1hL3y0obTC8o!z! znQe@gKD=n&gM-*40n9Ld0p^stP%i-IW(k1o(SXA)Z}b2RAk#+s2C(?AJ2zqN`O)U@ z7iJeHyWj2So>tHVEJb2s3f?+?%g2STfw{D}_%)UGo$A$6fpBqd>a7$>s(iuuf|^>V z7ay;@VKG1MV}5ryyuCVHky&mrrE~jWJNxPU8Scc=o*buxNmM7fJ}h>>Z=C@hFRSaf zdIX_HrbMU2^tf{p6CdBW2yL&))LG#}(D8d52-{`}L_hp3YuLLv)4ZC>UL$-8XT27$UCGfOW{p47!kzq$-S=!t|1sH z)sm}dYg^>BKCIAA^Nz1A1b@WC{!RF;+|H7(vhwmnp6@vLL(xJyT3T9aKSf4GsY9U; zZlU*J07T(`c0q2uQI z6O0IyXUb93auwU4Bb0th$bF98pj2tSKp1eaa$m7K=Qpzg3wcw+!7}BWEe){2VUz zjKsr}p_<_$lqfM3w*5CZgCGo^=H3icIYMyaEk}4k(!Q)f^DygI3dfrZC)~=kKp~o+ z1JBgLQDRLJdsezRj#h@#8v59V*Q(2!n<*@Y?l*E^YdmGQq6NN?XgD+S-Q!S-FL1QZ z)ses#E}nOR`h^vc-HhV*ypVKu{;9dwwAK$m6B2BM=sGdLH;0p_?2Tz@+m6hHb7>)h3K4rr!FPv;A=v+EW505+%Nk|yic;>lLBy=u1 z-?IytD@2e!Xm6qWyyLig%=|srPw6R7S-`L-m^6;LhEnUvcrQ`g(;(^19O zqK`RMbQ?UXJ-`|x3&vxhg}f+2xc@MBo;*lqztJzlsAQ~}ucwIx#V8~wNMR@koUoc$ z%l_?{7v5|*9rrp1_VJF(Q?6x~L6$cX;Kw)NUp>K*OQ0&q+u*qRUD;^1!rVwFqpQn~ zrl(>Yp{-3+YE8c3q|WY4P@}=H@R)XQCCnle|7^jB)pAp6G0(Hc3b?`l(`u(I* zAMab#I`fAg?K>0^W%7MiCz0T1rUyOZ*-)4qL(*fBug%1H`>!|3nW?**Zt6_{KiZ#8 zt(g9da%L!2n~x4}uB2flmMyB$Q<0h@6eWV9o_PHrK99W>+Xyn!l+cN&8%jn*^y9|n z*V~Rmi$e>?qn{gcL+!Eb+Vh#^))ci5lIuAQlUcIRlLo@zqIrfk~7 zNTQ`o)%hm2KUT?EG{@Pa!4qTSbiJ2PZ+XH^Ru zEe6xH_dfD*-V@HT*~5yNQW9HDF$3{`@DRisQ2eN=?JLUguPulol{6RP^LrE*{IPK} z;7wy^-F03#PCtXmW(fMH-TKC$s{Yig-ebR>Oc>4`q3Mltzbt(>dgRmwG|9#*e z_W)ixBZ1GBf~3#vSQbT~$#^Kdfq6B~S7PLFX)H+|ag;ASr~J)Nxxar#5OM7pLQ3d$ zH785h=l`Ihe_rK(^r3I4gOO|B6iXp@!}voVO3pA?wr_^U?me~Ws3rSYy3&_-g3Nz^ zu-_amy=}l27vNt?T}2%ca3<+>;R-0%U=#3<`nkTxd74R}o~nv{R;5Y!2s|^=|1*f_tgkB;_FyKDYqE+OBK)41bdAwT}GYl zZP(4(d`WZj__lVoNQ7&5HBQD3aUz5<3hM|%2xQ)-La0bUzUUhy%oY7&)8M41HiH_zluu)oB zoo2q%I>kZIm7%5ikv3$(l5)MO!ISHX`X9X51QCp&c{vtQeuql&aGMC9y3dF5NSnC# zC{{bDi@3TQ`e?r{$Y-@telv43iOMIDW#Fd}&+QqO33iZopdQfGOo&f@%m{x!ZMW4y z?)hOD^5^Uk`&b|hK1W7IL{NZg=*lp1n4^Qk3fMasS-V>!lb(?gPV7gxG)_dLaE?yG zysln@(dBMyi6PY0k~d16Y5i8_b7<%g)t;k~3EifKZ|#z+cBzBkm--KJB;4PqLt=}@ z)(qFbdR-)CXPI=>1@vYKndPE|Q%ax@nYwlq1iXFwmQJkwIg7CZdF+^=YR#)JWLzV^ zxikKA?Sab=n-gjM1DD-cp;_j^ZK2kf51ysK6YJC`-J2~)X$GlU~Xg6fQjTL zXJ8P4Pe8Esl&t?(q~D7l1b(8rLPBZ5Eb2xm49Hm7(yr$?jOFeFUfuTAX}YC&x(W|d zTGF3QHr}R!p{2=1ufQ`i`<+=mn>Wp^<(b#K zf0h?3#f=v*!v}8D29=|i}xijTh6uKYs&kcv@4VZ{~ z>Z0;K@UO{7d-Lopu@CP~1i#*SVL!%Wk_FQwNYt@f#p#*Bp~DNX6L4IWt-igv#EIr| zTQIkru#dSh0zi#Z2hh;i4OFG)e0(|ytme-$ zB*J6BE*0%*L4lvubATZP+Y==BhID~{{%$A&)cEE*J^KBv0$gvW(eWr#E`yblFr%fF z$w&a>wm7UJe#jeZlseS^N~o7S%9c-|+4DS$M&p^}sy=L%(Ca-^*@DetH7E~J)6uc_DY;+s&l7itPBOOD)C$^Cb@J-S6?pS6sE|Rht zSI_>r5xwCzA|xgv>aQCSucXh)d{XfRQ$W|VO+RE+yoQDHTtSi-s${1VtkWGtr=_K( z7JWycnOeoBW`o-Ga;H+|TRflpPhMc=T(s+y$%#!KwG99|r57WK@SS`T> z^hhT91n+^k#hD*=-FfmO;LNE5HEut4Bs-u94LODj`whS}&-!o^yV^6Dzv}YUc3p%{ ztJwJrB!);}L>#%jkElM1;SNdMb!g9`G}&*O+m+Oh&)0iauX8TLTrHWNPHDW?aKAsH zAmWQd4EtIw3sHX$^(-nkHu~l122(5Zll3XaXv%)vTtKyO-}?J=)_YxT7;pT}&+ouX zWOp7gslba2UMalwSPi>^Nmc5rOwh9szACFZ~KjxGno2Mqjj2;RbsAgJH)m73FR#%U69%(vf z^}$Nc%%qBcWfTaS?S&o?sm}|>`KSy;K9{MuB6XQbOS~8>)Or+VA~f^Dk=Rpvh`ES@ zg2Lu#PC<fIYNyvYFC6u@JR9Gkmf+g%mzs z;)8<*2Tk?%uAUr+i(e0hXHezp-JO&cOJvsm_+lZ3d05Yt={&?-XEYMW`dvZDhzraA zTz(w%cq;p6hWbC?1lt?QtQ*feq~`^kL>6>HGNdds8P6sv^SajD7^P5u8Yr~&={`)F zrl+}C$mU3=8Y8gj2rvh|J<;?qP?hC!rm-zAuA_!lyiF{3YQ?nzI0MGNR=LuL5?Gm7asCBZL z?&4~cS|n>e0vfvnWRrx`PLe<6rQ9`w^+eSum)ReUd$6^~l5u#1Y|5MB4enn5FkXU; zG{E%y2J6oknfIk<4KiA|Jfa;DJT-*1mN_-H`nD*4&|9@fEls?Q)W@>N2vv8%np`2w}zOkh8Lrd6aSnat=0CO zB1~30=7eGFNQjH~>@T)L`9-PDmWkM{;{G7elOx?QsGytfJi4N|2?$`b8xWTumC(*G z())HiIn_KJ0j9|Ojz9NiGKAlVipCwU&q;Znv)bV9kx+i(G40=# zjOH;MEwZ*e*(!G&=cnOj|Jt8CRb!eZYnYxfGd-Gq4BhBPemf$K(%<};NpmBKL83QI z$Nj;W=*~1W#{Z1dg~T$WK&w%V+etRED4A!yv_QnhN@gap>g7!c6R)0dQdQ99QH_i9 zfR1SU*6brRG-c7?kRwzfkGcM-jE*ok1HMpz-868$GhHdO+`)N6-0L}`q4B_3Qwa&E zH0g%}P_|JEQmf7|GJPYzMol9TBXcKgfc5|l*u=NRH_vHNc1Xzq z_m&ZsfQO4aV*lDJ!dJvJNRZHK#(7|?TIgQmiz=Xq!!Gj8jOG0(d*iug!T2P8P^0=&Will=yx#l11)Q5gr)XPLY!AZ&4_)& zb=EHdI}aaHs(@?m1_1wKEHx=9sm|+0N;}j3_y=?dDfJ$y{b5IcJw9?F*todcNlTc3 z&byrA%CvrQeR(pRq14dILD0@>*toy&&>ks>FUH24dS9KJeFS_?h_(hq*A-YoF!Hlb zZ_Z)t)5#iR=h-BsK4N$wfw*tgt>!dJ{T2$skQSCnT}vA5M={BGHU}0Wmaw6r5fK?i zqX7Sq1YWqOfmO7%GJi&wcul1arxDps67OsH5d7DNU@Gux;pNizy26hhZ*l~y4~eW& zUlVPf=tbOD?69s5pH&OynhSMSv6m_DgU-5hjKsWCd+&QV=gr&OIXZO|V{kP?p>G+0 zqw=_NNRvNiW+`T^-tDN)-j=BCK(zp14qfo0ekV^6Q_43bS(5)AQT~sBqeSH$T4Zgr zgQl3x5;vg~?@$(J{kEnh&P>e2b30 zOnQ|OIDHN-Z7IN(Zw#jG*jp>p)STtGixGt^W9Y6fOlr*ugdH}>ogEYpbqLm()St3T zZuRc&1iPs~HB{UIUs+Vi*p|Q5+w)*)G$o*KC?$hqmeX}hHCk1L)b{Dp%}L#}P^hhm zws}6&iK2q7r@89S^m~;58rb!b)}v^e2*3Tl8`$x1CK_+O8FYV&r>7g4G^Z2DucJn^ zwRPa8VAC8Ngl4Mru9i8Ba&slcXZ7hTSrHpei)tlsklOoiZ*K>0fwT~*L(opBB$RgvTOYgR z$ImxjUS0wEQ2>g8nX%0C(iw^iYCS)p@jie4oZy+Py?rS_8s^*ufrp14#9kFVCO!D) zL*ZVTCX|$vfcTUrAQUvqC>g9wlbAQVkFYGtBY8AmK}mXoUBI+N8{%%80R2RNh=YcP zMz>TVDy$V(46{t*-hWV3a#nUPMcxDk>q)Dq_+?*U{O}dJo1UVg{R0|2Lxqng336cu zKHp+5Mfo#{26$s_PP-%or%^1&Y$Aj9UxqebHY1ti6Ej9cEV7vQkjPC#-5b$3b-1BX z*>X$ISy|ioie1ZkPQa=I;?n|-*o6fM0ZXOL{7ze!_Rjci{7}a~Bak2>G!ER7KpG>t zQz1RH5QT(<-fF(xWM9mByM%-r#Dp@DG~H1%@|n`@S9_MojHJAL3?L7cia^@V72w$C z^z8$m!snyOD*FtO zqm?eI-Q_+9cxPm3t^KjyH#omL=eEU2pah1?oNH#_a_R^prH2C{ka02NDQ>vPgKr^G zRzzu0aC38O&n5+anF;?=gI|k_i!8uiD0d4iH^wtn_71=0IJ)axkCbUIK(34u?mvNs z--6igAz0Kd1AJs+$*|to-Zx%{c-5;3md1xG-Ba>9=f2o1_J>vk;xE_0#V2WDQL_z1 zE&j80%k#r6qB4t-_f3t=naRNzWFTQ-?KD(6Bp(P@jLmuK(eMuA;SwHwS~K|c?VLTk&BBmH7^Gs6vNtBGd1!?XvTQcSEOSo%U*eL2O5)y+#xz4NEOCp}`1buwF!k&=KRv=`JF z!$2@N0@xmVQic3hfcB?K@sN$|!vX?aFb0_@O5DefX@G+d4~31h=H%vbFaM>#kq)*h znb(;?^Woce!W|>G1km(pNc+au8@8X&dbIRLP-8g)<#Ltk(gFt@T#Tbr% zX%uyEIC>8EiPoS-0}85#AT~5Ix%N*j+kk>4x%$eN>JM?{sSabB{f4wN8ixy9*5gIc z$nV_N-``v9g>YC+G?8}pe1p-CcheWw7dz?q-4Ds=({kx*oI8{Jxi?XG0tjQOX^nFT z36Dvxy%&4{_|H%P!A@O<395_r|HU3ec$0VzeAbqF zQRV=Xb_GkqG66wgq3E~7dE-Brr$TQ&QIgit+R~y-;-il^1bf_g7C=Qsm76sH)Zqu` zDA>45%gcAevyk5Uc&VMYJhmoEuEUA-Ry`Q`_x{D4=Z$08<9XrxeiaKWGu)l@B$tfo0Pv0p?lUiXfk%7(f+R?Zxwc#nb z$2OW}DSM%onPxAc-0W*5h68({GS^;AnwIS$N|hQfp_62oJUwHMaDqFNoWJPOVYFqk z}EDr6Kz%VNx%7I$%3((es_q8{V3(* zjcb4aBuKghMfjs#TiwT7uXt{!JT#7dm>(9R$AigiQs1wAsKQunFObxi-){_y?J?IM zzlHl7On~9bg3-Tvx$1FGoI(I6zvQPg|9dj2ATTO+@n3St(!=d@BmqoXd^7fG@(mY>#=h7mML7CGu6JxF0j`&HupD9)h7Ygm; zr%xFilZ}kkFTOab@|1M>V80(Zzkc;mI`{rGi=|6zM`4-4vUBw&vJu^w=f)vh|8SQJ z5Piw*uUU5zT(cmhmAo2aK7`Ef1H_Maj+7KH!RM%*4+r)d}K)&qnkI7lUsg`>Yltl6Fatj@q>$3KYdfNWhg#AUB;EbMcF+s5lOY$U&y_c;db7EzoxC4M^ zm5(@Qk4m#f1&^%m?9L4Y2v=sE51*>Cm3aG%ehC1Ntm+h{?wS{!1BGrjj+ivO6Pc~g zGW;C1r?X@vpph?SFx9tH8ALI!tX^9Z)hRxbNZTg!Y?{XuCH#V5h`N~;R!P=l!tH}< zJ0#4H*wf;6pFD^b+pAv=i7Dn) zA3%-0#N-SQl=SDE^6m=Aj}~b(8~=#@g!l@b0y2MQCQN#EnBu7F9LD;7N!{;Z8n^p? z#R(Ge%(9$nXi^p?qQ?qSwUdZ$b+2EC@8O60j}IY(kW_M08d%SHLDs?w(bCFu`P^pB z<|$TvAn%~9iN4BzMnC+iQtaU^o3wM)kvv_4{gzv^|JE_29nI2q#^dLo}yDEPuJ%Ns>W zXP-rc=+-@7O{WHSxf$$OkhDm`-|1;2=XoCOn+P>kv*oFFJ>R9Bz@b4BBgKpK7{C=H zV}AbEE42ZyR1Y}*w6@5)%3=0}g1S2Wp>RNz2l3W>Cr?G_)I@Gfv!h@YZX1P{#dhGGreCZ=iwDSwT^TvQ>_a)MQPU56#xZ!?!t99s( zhYJM+?_Q;ORSmaFmKp#-dMeTRbQn(gGN(U7Fd8^g!zy*bYaj)$q0V(Q%e{95diLWb z7nB9!f>;iTwM6XyEUhvc`!NBkG(Hx51Wb`|Z~(v|G2Gr7>a@xLf72ifsAsmT_q|%2 ztbEy^4Q!+Gq^$!R|JABSa1lKM+!!@zF{AzmZ^Cu3yAOF$VDz9#Z{>ym(Kc^w`gYa^I$yJiHzFgrQ#Z)q&DE$=BDwP`SMhGj9A%Rqn3!qsemeUwJ%s-6 z+2I~=f#L~2Z`%_u9F{ql<3HZg zRUzFg{c`}-99=yVHK*QHR#|OZKCUcvNCvEcKI&ZtaobqE@a91lb&l;?&O(CJUaNd z?h^zjHZ*1B1Mco7O8rC8!!!q?K{iow43ud89TAhkrlU-ky}98=J?4!y{(AQm8b&Ru zO>q)yQYQ(0h{J;4LTDmeKo$WZVUKm?EH%L3xVX5_E>HK0u@wsd78jq}T$r2Es4$Cw zCs-tbFAZ1f&6{z~hJuD@D61v1TCt!$L1A6A2$75kQJb8489!KhiKnWEjqNi)!+dJ_AK}^M-mnFt#{QQxcq^@qma5<}Xy}d{X>z3_xAY)`yVvYv67mMOs zrPszE9fD<3Hneg`c}{zVO)S|2dQoH6iLYf7Sk!uwoSrTPh_&OAlD?3MDf)q(P{91J z>mH(jvR|c|T0pgS=lr38EJT@!3eUW`rhFhTYQHNJEE8VSXA|$whT*Q@$te)2k5bDns6%*?Q z;rG|(vo%mOe&)J;-x;TIonhb(a=qBdF&W8K90p@C+yyi;yarZ+0dGicFA&$VtdF-R zf1}D@E7P`ofV&4j-d@hb0P=7E`j2D^zvl{wFt`w(^4?*XDv4gO7K0IBOaesQHiRG~ znHYu$u%1i`ybmim0@pvNsHuB^fV2WqD>34sPdBQjep=I)khlS3OO{b*SY&cCfa?*` zAV?N}IHqO0aR&D$6&hKm+;b5$A?13@bo7`Z7Jv=z4udkQb4~NnvUsEi$lWupGPCxL z8N-clu*^Xg4s70#A7;Un$(S&sf&8&QiIF;NRyLo`&O#>{?6t>;9qoUXlbYH^ifTnA z^6)h3>IyNw(XM*=JB^feLajr+N$*&4ndu$^fu(pj30>_Us@|Z*wXKVvF4xC<<4Q!0 z7abCAecjzrHagQXfI^}BK70H{R>~>?qQhMo`w&Bzek@b$h}vS&uguAsksk8$&Vq4A z$CkjAloFZV&+rqxi32rGCGfY+F=x!1Up~*pu7mqZi(@8lg0^R>l^#SRlY1!GG@QR9 zkYcx*fPgrnY7Bp0LeO3!JD$QG65* z5#*ET?%%5~PW$AOK7T<`^D!M-itfLl*7LGEH{)6fGZ%W#wb>>bWNXAsM!m&hQJ zP;-LSIufF$&Hgr~cxIukjzP+4gOlaMV#!ffm&U@ks%5o^2pr9Er0)P+N|m=Ek>ZWH zj3)FQ9^^!=)ML?@J^k+Id8uT4I8uE$+&CBY?Hj9HxD%ps;MV=-8@_dn#{WLOBq8@u z1|$E)oKY{xxP=wERju+bF6Xc5(rl#SYg~8y7 z4T)*$c?TF1i}?EyC_BxcdO&rIF#zM5Oq`tR+%CHeYTEVza9{2NLUjzGZJ&=MBYt+Q zRueBz;_v5^1~Fs%lew+o3rKlN3P3wcA7uU@(B3= z(P=z;!C3Q$qF=P2qC(bi);@QxzUBoE3d3>-rptiveVT>v>K^RagDaYNM&Z+ee4CItad7E_UV5kI}&vM?Lq0CR3IM%DwE_7mg z!YvqxNwnbKVWN*_REWH&L_Qk`ORx^U zj#rV8qpWvxgn$eFe%$Zng|Cp4WWTb@D6Blaq=)hq zFPydl?g3hFcAG0Ct0GfYJoL%4gWWzG*e=BbodROtq8!U7FdWS6%$j8#dgTQl6#o*Z zX?f_C5J@`j_fJ+dkoXgvf{>nG&ti3n+UCyhIN$z_eFUEYrueIBl;dBf7L>SpdA~uo zvZDo@7tWWk^vI0OZ)2_-iUPdvX1~UGsf&?YT7aG>H>xeTVG?jb9fSOn5#LBwF3qv9Bx6l30Qm9)yMOy zw6q}rBdi*S+u4j!E2*mNLpL2?OaSFaSpUcH0HOZMe(kkh(?G|ttCJP31oT@z3+dI} zCLHU^_cxwzXJ1#oKYu#e;FyB;l3%EUCR3=we1U)U!+Bw)z&KQ|>O+8I0q>eRj|7a; zMcMLjglpGKJ@EbR$lQs-0M|QRs^9N^#lHBx+WS?=^F2Bz+E}K2UB_0CYK|l9zi~yu zSqK24ktU6o#^sUlZ79QA!B z#pf}i(eX_xKPbAtEN6mipfE?E71F~hV@2nOeBLu%wHS-ssk@*&S%m%eD`p6h`Z#1k z{WsvCGePKxuA=D$OMxDwt|<>Wh7|?dWZ^aPsTo#hu|8K+LP8#Fkc`2%K!;PjV?g6< zsJU*zpNLT636?+UH*gkx%wP7&_0P};ZtA!6q-RLJQ6`*T;@(iq3-J_A?so{D`sg50 zY{BRIb4Q&hELq4duNNVPRh@%VPrS)(+rF4K+^)glSyGm49G>C6+xsAvcX9!hn$6^I z9+{&0zn@tSW@DzM9icC<$0XsUg6%S@hbBFLBVs!1=QS9pvAHn1{s}XySJHGRDn1@| z5oq$}$B2uG{`COLwkJvR|)`}VmVkeY2Y823@ z0aLZsJn<(%AMkcg}v`lwcM=+U6{}wB)ONk~{074_z*^5wJ zkaQRM_lUZOL^gX-!~B}1KzguL&$*6KaDU$>P7w=MPyloNtw6qU2ARE`+q}q`uIHGa z5^KEK(ct3z^ao3Ipu@-GmUV?9X_EwMM|#aN#_lj}O?kJfw=qoneSgRD!2*{kVc*?+?^MtGWxkeTe$onAd3R|^2j#iUyUpZTJTI?A$_O) ze_AIbQt2XAs}Spcj3QYG$0=6l&^`E}8nw9a4@6CkyjPE?R;K^2M9x2>f;W-{BVbBL zrm~is;6JiZi+MEyn`S<02&!d>+TXzMKk)Chg!i+7c%#1W@PA{W01w2Of73(OOn46ditk*@ z*x>&KrzvV&lal&-Wrw41Nk4_Pf+_~JuqyN@H^?thadAnIkD@1;^-4r_<=C26O)afi z$4b2Z4PBHFps|?luuo^14@B+#9_Q`C2SoD1&Ea~JC;$9U2)Nj3U9CBH(0&sIL4D5{ zMiw#NNcW8pRjBNp#AkGyda3jlnXD_6U+%{OQUhI)z0Aaniv|YL4~eZj7~(!GdnQJI zW}*Iq5AYkn0dS}%&l+5S{pD8;vb9E{YG=`1vjtoY1J0r1G2XG*lVt&F83`TR5;w_m zmMYD8XQ;>CsKCIk;{0^cfuK&Ht;9Xq=GU)ZYk`zrrupvV8=CS78`mGH) zkr}NqHF+gyT&0}c!ha7}Ky2Sb;MT?T7F)r;djpJ-WYZ@bDrIYaVnmSZ&M4H-1ax)b z_`%Xc0(-$yG~oQlH z@b4MG2#+F)cy=BY8w+>^uHkf7$7I9JMTZxRc;*pLs4OdEq%H|ho)=IsD9sENQexX| zb_1B7X&yxl%tu9uD?s*+=W@)3lMJ}{_*9HqKb3vn0ZM_cXTek#tkE{<`S#+j^8#3Q z;aV_UDSP$m6q#6t9aP!9uj4E^4m}#Qc&^#FfU?{IB+IZ;E+A)g%iThT%bz z8}uEZIN!)#@3&%^fK1(>G;WA+vA~9#>o>HMs|`MsP?-md>>5 zuI96&$4s$629q|Tkz}`9!wk`$YiXy4H8qRux(-C^pC$!<;`k<)SlJtyl|QQ=CN1od zRE{kZyTjw$J7!%=#m}U=Wta)_rF4=@@nQ>ZbPxY?qEmRMT%M7pf?7#jV&GoVPS!YY zN}^?SMRe5RqKDu2xsms_bs(!v+%2a7;j8L^T)!&!^bl;$93Hcf8JGbT%2q{8Bt_Q@DqT86s}nRhL2-iVEuFj zQ<&nUVjh5sXdS$u;DaF5&I8>@q=^kE;y2)Jegnrr@X!)Gvbh;T`|6bs?!V63YU1D1nT98-unm<0w#`BAUzL!HWNEMF#SE_I3!w@ ztX^)`O?Rrz7WwY;!EiR)SkZUcBwj7esw-7SJd>qN4b6`|Bh_@jz$o<0w*Ixyv=2&! z>y|tbcV-G;4s?N``Z?g+vir2Rrz{jH_Ra494jJGJzY5Z^E40=m~L5S$nxYz2MS`@N(n9N4-~*(@@h;B_|!omc0q z_Jl&%ZwMLG7Z~VUOxl8Q=<*<#2qZW~#foyfv)t}EMc7!>6e6H1l* zfeV_(AgOwx#;y*V@i^)$GiVJ&OA{mJ`ST$E3mnnAq9|TpoaC?X0UxGXKGhd;LLocW zP%fdF>dn0T_awRDu1(3nqT2+$a}@*@YX4qtAy5N(NmzWs-$mkw*Aj z*UIz~ezpNior9ydo{zlxG%EKtF(z`0;Wxk-mUR^czfgtF>9B>WNZ8+dJM+I=Ie)wK zy%6wV(${V$uqGen7mhpBJoG7&r|1~O!xCa-D6;PYE@#F2H2<;Y*zMvh*k-QHCD@7H ziHyrgkbTH|X$y#y++o&Sgu|L0mpVtIWF-dk(uDTqHoYBVrTLr!hlV5SK4uKeNo=E$N#cumc9XKsyK+Oh}`O7lk zz6eygHa0d0JX^mIdwtUP1T|03_+oef&k`^2kw2jz7npf3RFOOeh#Nc`zAF$(R4HHC z+mj6CtugeKG)P(wrT-v<)foSJNz)=GC2#XxE9b4Ul4bHm5y=>CXLSOH?K8lNL@*`u zV(N=&b7ditvc^&3GPk%I$)RjI` zWqpDyEG^w*zx365&LGV%Lz5FNuzHbEkJB{V+enjI8t7DV-~fTwxGCeLfes#c--z{T zcB0K&nJjoU5w&a_BrPosF4yw~KYWFPu*2dZfM_B==#zUtgv7A~y|g5?sj>s^<*~j% zJi!|sM&;d~bX-?R;5H5m3;VXK!_y^^A|E;F7~9o9+l`C+bZMBo=X-s3!XwWPxbhE`x=NA*Y;)t|Ty;n9+OB+n8OayJUL4Lr~e0PXk8tSl*TCyxGL z@h9Xo+XVrSn*x6r+(>@BjyDzHgr3B@+=b8ZVUW6Gu274Ez?+a+w?LH@+ZvJw9Oq|9 z^W6JbNI7+!4FO(u_~<*!aZkK3Gng)*uY|9B$Vo}CS_ugG*0BUy7X`UFIMhg)TGy~w zQP=vP5Hkc0(hR?pAMt}A*#|Gy;*_l6-?%^+0P84N=#an~rshM#!934}@Mh4|1)k+g zbKya?m$)1&n&18&<*+eRnvD0DawY-BMJ~gION#d#IMN(dd3G{IE~)r>pf0xv=5qx< z$PRk?`=cF9+X=@}?r@(b1esS0k|y`6b2O#79@!Tb47Z}oR5W-orS=5G})?|}Zz z=pR7ad(yyz@DjS#yHxcIGCRDFvZPM&U6e;Y$gqptt65Nr|7&`KJMi;oh1C_xeUq>p z3k$IzQTw+^lND~#v=-wczZ)0=y{(;Vowf>|*Abi95?BQulrDU<-B9^VJXc0z(W=!y z)jB$zJzAVsP?^*&S6BK+Vc?LVuQ5FD@cJ@8Pgcczj{nK6Gm=%IVt!tgt(=E-p8j$h z+3jGutD#sV-?Zd@%<)eh#WMDmVz!+rsDv)(M_3e98{8_8rnk zv95T_XPRa2!{RZoRF={Ii@huoz`2(|-Sg*eRwtnme6>QN2f^F}%O*;Wl1oZ)|CUJw zy>U`0eeP)~$lslif1R5Dd``6ihGHd-@#J!F0_0{O)k$c|``^29Z?NSYZOGe1c4~Zc zoi}ByxkJ6+NtWlv&#-gmz`xelnKRnXUgMmZ zRZ*er>+5^mr`&1l-Cpm;y~1e0y_&4H{0&R`8$Az4|U} zPsk;KGVyxRGpyde_Y`w{O<<-@@!Ub7Uu!_?`@icrci_V8AA*&$J9vqYs_&?!t^F*D zdf@9JrNna{9tn`QO3KCC)Ro$C?9kTr5*3RHk)gxEM+DT>7O$_@Q5%D7Q zY5V$90(^W69s>gmHms8n8R?ZEcdu7*ff&M2?a%I*z0$qM&@BTDVo3wVQhpxA2*Ab_ z{$l>0YlgRo;J=D(Hwtiv$h5Rjt_<57QGu)#XmwF$syF^tOU}4Fa}wO!$*D-K&homv z;>Gl!$W;jz%h#~Js;tR(*TA(GQ&z_E0_c^*HdW22Qj-LUZX-gj^jn1?72s6w1vEZ% z9@NQo8-?>_TT?V^jZKxZYUiWf7>N=cmxBkB&}HtY%P6Rl%Cr+>-`KCXsrvAgHw%uv zTBT!>m1WrG1y@PcGBf2)SFa7W47UtU3anT5=F0VA7_>4hp#ZX-ALbJsZmcO8AH|T? z;Jcrae*M^ZUHvPmUXofqALK5UrxA~on{R21X3yMpkO$0zJE)4m@!4DHHk<|aho%lnmO?nC8#endzAkfe(}4czNT& z!NJtSVS_@)<_C`@t*i>*>lzLL&#F6Cq(jfBS@D(pX8#jVV$+4OE_|E@zEX%(kbZ-k z?8dMjJ&KyEcb`@`u@DxLmk)#I?f?`t*;7H{C9_v;3yJgb3u~um?R~48P6G8 zAp3ws=5+KE^uB*Qyl>?}H0Xl)L4e*C4{H9p3N*?yCBn%Lfj}y)8Z&SKHm&f%)p;Tw z=YsO7u5WO<+wOiT*c5?aF?$3!l3vhmo!T-4l!XUQXpbI2l}2VkZ6tg=qa(a4Uy&g9 zRG#y?w5|r*OjM4~0e;Q`Xv^0bES1kN5;Y-dF6-kh2m%XD49_?7i&x;$dK^@9pu$Eb zB^4a`z_2?6%!jGq9i(uK&;5{`ICSis`OHSM#4Z5u9p;M=DW%nQoZRUAu}A*+r&Qhk z#h!%fuT2>vT_45pbl}*?o%UwFaD3jT5$Jg}iQnzed7qfm-mDMQgphcibsG~nKp>1d z4XR7aPk*$_`M6_(!cV3YPc9wdB<#PAJ-w>+ zx6e_gJVIt6*|5j>UH!>VT1n!0KAH!ps2l$F53ZhgT}<$A12=*oaH1fT1SKKD-<2df z1R7Y?YqpE|QaXMavYDouoV-C`%!Z5M^ljupFH173um4QL;D%ga(|qIL=m;k-G_M;$ zvFGU2Lyo>gj##kcL#EI?Jw09d$>wBvj^>e|l@H2s;{26(p&4W$brvKjyMWyjj_b-? z_H_AvKFCk=_eX+4G|S(G9`y}Nf(<+b)nEk)C}q?HGbQvRo-44~r+e`m-Bzg)<3F5*GJ?uXHMI?HFyd#rOrF9{8AUEJ86hIQc^!wR#$$s54KYx^H3DmYu@TJE?|=&sHs2l+&>VlUMj;$ z7%P`}3`In9852$M;8%It-oe?Mv6?VHp@H6)*!b)7n_lA;F%jh_J=+w8d9fEx|^L*y`DR zam8M)H`o1ZkwAGIhmO?mpdoaY?K5O&nbtU&Q=uN%yVapxF9yX#``xBo01GsVdgjTT z+oe*s%Ygzxkh4W&Z_?Q@OzpQx$`Q2O1Ln3dkygmV@&Vk2J0hlx?9u&7&mW0x{Z$JzqREQU_uq34OnkzvKnWgZSqiKejk}>8{mu zR#jTXt6*GB2qHD(P?JPiOqOM7b`@w<%Im}K({ykeKG=FflIR;{e75XU{_Z%0n=>## zEpOSDlED*h00OceF3E#dK9bk1&rljX2QjZ!1hs{0CnqO2-I0X{K`&Kqv5ForV3C~* z&(o_FDJwp_7Se91qF`F&BqE^~39=Z@{LJkac>i6+Cst1T4)sNar-ahjmEz%Kh3U}; z`PtzE8o${IKLl`vsY3;NR&Aji-yx+Bc zYn?w_GcJbN=bXKt`@XL0bJgviw@k%f@nQzd>^(#7V@hJ${7+I5CV+794eQ4B^o`d| zv;K_$?D{u%o6uvxySrbMe?PX+b%k)#SlH5YhAJ@kjq%g`rrP38I4}#Ol zmZbXn7ERI(M;Tr*ic{qB1@rmg{EI3+T)s!K>Mb!$+Ntwr2St40?-yk(uxTcWrk5_S z{!|xAm8_fGSZdT&9COoyF!<2={ji0z>~6(pvhN{Rr;reCsRt{_$oyeZE$A8Ax31Fo zAR7nfZ64g__xOVP3&b_*741?AlUSq=M2N}IjZnzo)cCzQ>e_K1K)phl>zhj5)j{ed zc&^WZiYo5x!{Nf@4l5GY_n~S4L4(tQPM$uKhx~2}5_T#;<$hD2<2^0o2 zNzFUHsaDgpcTsE=avLN5uXP6u=l_*=((_@ZXVqaA26krA;Vg|Z4d!VBqpk1jUH7t; z$Ng)PYcMV9#!7NMEVx5NYxnPtR`8jkp9P98AfVWM53M~r*spFmB}9DdFL^XKJ+df6 zr=5M-&_wT>I?^)y+hhaVPX7Bazj9$<@T=>jfvR=s((~26{nY<>V8Qf>=m)Ls)L-`B z20HU4$>llgsDCNp_@LdTc0{I)&M!aBk1voMJc<>(f2=-V35~XN zxo&A0T^)w~I2b}{jUQ_~viUr5aM(0>?xjU))@ZVY*Im!e`QP8ts~{d+fdYqZE^Fu? z)#@M`806@;w0?<-cX)*yyReX6Ar=d4MnS=$AFr>R&qjuVP_ZYCrr&?dV8b;cKPDD* z*8evTrSe@I`%eS74rG(L7T=z{Ro!ywqimVlA0P3?b9LI%aIzo@q#|kQ zEaA*)`WO(g`kCLNKEwGF@7n7eS(2iyA`5d>HpV26moI}BVt2sWQDa6EAGNloymrZk z9pyVp=wD03mlsF;_S#-r#lHB@?!2n?;lUTpiEtL%Zgv(+A+oR89u{A(>pokv(Wrtn zNR_x*vbi3nZX3ts>PX>57!jul8vu?%CmSHv(FUsVga4BxHSbHnFM-Tsl@UNk=|#fg zBgf{&t~VH}snS!;ip7e1Zzn_Wv&JHgSip61{_c4-i%Qp2Ys0E0X|G19b1f4iV;lf) zYutkA0eNv{L{4z*or)j>gN*x8f%Z#4$IRAzvqc3I8T*}?yepYxE`{sUE^6D{amdaz`xs1uEtfFk4clbjXT{@mF!6f-!Lqz~a%+UQ3fk zzcM?-KzI-IpQxmyt$9z;(aCay5H#*z`alL62FaoXPK(s)L+GU42Yjlk$k=9uSj1fE zt2pzZPrz)d^5voYO~c7tG*GL&2!?B|^v(bm<{4lDcHf7y8qIeiQGk7k=Cr4d&+$jY zmR{jW$mJO4BmY`W?I~z04TSioBaY6_bqhYn%pALG^HZhn9|MlTp!P*Y>X#{4(>hyR z2^@ZB?U$mJyL*o~*GAYG%(j5`CDC;OoKFRQ_l6Z;zpiWyyC|xei!v?#`l6#4bbED! z!C3y)y5Cp5P!75F2om0GH$8LuH*{Kl+GUvUvcyBOUu!tOK0rsCWsQ0w5w5>kAHMpq zyDP2#BZH>H=J)3l5N&d^h3)25WL#?M#-_fcFrfUTRA)R^D#>TvCcGKR=o z(AUXs0qSE}Y=6l+fs%z4$Oei=AM%jt1rA;idF>_S#bRy*a&Hs}%W=+F`e^i~e+Ro6 zM&Ln>OS@d58O~Lp!t*R0>LPxX++tNiljhEo@sO_;I16i@ zg5>w9P*IXU78&FG#oUQ4=3Ok(-}EKr#ZsTUV8uQG!z)6Yx-@~Sy#*y6!L4wrDA($>Mh4fR3LooCp@ni0D5Sdt=wl$~thQw1EP z4EVJn!U^2)wJSFWZPQM+x3~Yop;RkhP{a2P2Neon?;}0hY6y(q8jE>3sn#kYku18c zFg!i-@j|sSkrDZH>3BxkO{k>71jh!VDT!k7KZbfJ&?M(iJ2@fTJ>nLn+HcTR%WqQV zZI%8eP`dlJtl}3sA{>?hTn|P!)CW3R*pcMN%}d#U_+oN((2CBKTax~^0UW+}>$Vv2 zN+F9gRC$@cgys7Pw*fSb=8ns9Ng)@ccagfh0xKoh5?W`Y^N|UjDP%#;d-JUtjg>13 zneK7m3+(E({uDYe0;)!0BvT|-nT$yhhLiGZK(SjWbe+PkTpLQltI~YeMhon~n$L66 zn}dkMk=Nh_FzG%0=jNyJ7`O^=R8j3uX>X`ZH9wv!i?QzZ(3us}oojNTuGMs*c&_J?SpeCfac2^5bctpS5}# z&A!DUZEKtL=l9&p*NP)b4}wDrX+ZQma#8dm?Wj;oJeN!9zt2YSc#Q$yOR4?mw;>wD z5Fs-kqde7;RNt|pA{88JeIepz;~b5uUTMBYJ@MV9o5u6W7G_E~dFcl)E`%0DiBKIp z1j9BsHm&?!gfprap&xTnN*)nwdXJ$cGmFM}`C-Ezpc5eZ62nHJAQ?}s+^bhg2nK`c z!tMolYCp&q0tpI@u+0Q&1K0<_{Ond_XrSxmTjqs;xT8RZfX~B)@5e@L*yi}0DUiMN zl92O5vc|!u5^^;dC==PL*Ddn#bSB{4Yz`_tqZWA!iWV)04nBDRP+32^F#*%2xP-*A z%JPEm`2q&YDA*JZ@@0*cXlw5(+!ev5D#Ga!4xC?!2B3;-m1?|*tG%wRiZEw^v z)bauP#>GA2*CE-TMV-Hy=8ak{Jpu!{@2MKi?^v#Wnm?x#bw`>r`%V6`W~RTxZ4JJz z(~9(cW_td=epbM^_o_@xM!((q1PIB?m*T2c*Df<`eQ~oky_qf`XBo|3y`Vv`Qd3g% zEFp$d?Xmh$$#PZ0bk{+4dX!3oi{lTtFUWK}7=_lR8pq`KTC#w4Y~qL5mjp^_PNn*K{$&rfwvH184?0MM96V$85+ui9Sb@N(>C}ZL~_13rtc$IAnN$|^L4RvXc<*A z@2;tX0P9PDAZI2$NS{$C2@ngNpFcchY*k=@^KyLvH8N5LzAW879fRO$qogMC2!>+W z&0HwUyOb3y^IGb4XOW~yPw5g_41%?leAr{Tb6;qx>UlDyzFueAjIk-k5afYl z+oR1YFu>s47bj%4aau>ol4_b7H70BH)>A#GG%M}A3Mg?x((xscZpGg-47MKg6&AO5 zbV?dYl59-pB)v67L6J_V*z?jR{kH<8gjhA>@y3lup2mTD-47F$jeaeP3)6T!8$jcG4OpHVp`|3oc zXq)$SmSUHFlM#}1JSGuGZl+Ek5JfHjZPOQ=K`#n=N z!Hp9U?QexS)ATjS`7!!oi6YHp(M$e~!8sE1X$K*d!m0EDck6F)vXZoR1D`aL2-2#s z9Wy-wBTK~&HC|Ih{N+tZcgAjRLgoq&pT|9QxH7pssdO%UV5p9V$UcMQYB%kuY7iIy zIrK_Z?bG>k7&BL@j&b~F7yH}5lOawi8I7YNUg2AEc(cY*rW|!2CRIT18pHJLP=;mR z7A(|^X73Z&=SwEiu-jd~arH)c)Pa>2g31vWV%(-VF`asq(ow4$q}OO!YTO0B0<3d7 zs|=Vb9N78`mp@y9w;)#_fP6)W%X>thH{6e9?z*Ty-mc+eBV*R@c=kD_VMce~7?0L^ z8*bH^>51}H(<1`>_N1Wxp9hl)ZL_Suajp00axSUNjK}TYzt1Mc^tCiHo;&_ejt{Pd zcz)nKP^Pa?LrMsKw!<>1KD;)wk96*!E) z7*=nY#$qX~KSJ$$y!Ft4c^vA7KHuliH~8q!0_R{XFg&cJ>s2G3$d5T3FLONOcAOR? zBqACv>D0+&WU8N>F>AcHrp^~>VFnf^QAhnR59b>4thYB@Lh5>A_o7bw{ubzJ0#-Gp>dnL)YoRL#`S;Wb70Jm ziCy7?rm+P+Sm{v5+63Z`j8JK11#%i|-g>YT=fFCx&DUXOe4>aqLp7W`B&KiJ=#rcC7d7|BkjQae@Ije>&Kv5uB{X67O&}88QhvCI479X;|iY z`;TuJyvJH5hyveEq-SZT{~6u?JDmSD2h|n=z0OA6s^V5Gu04Rcx;vT?zxCjYyQ@uu zmy`Cah2Wpf?yaP!3K@M$rh+Z`po87s6Wr5!veaJQ!fp#p6CwIm=7fCGSYh5%Eu))< zQ*x^nx;wFtJ&#H@50^-2v|hHH-1Fv-Xyi>B_!2zauROlFFZB-r*Gm#20~gb--|hlp zu_tSd3-k@hVtJ~3R##ruzv+8eddB$dS?uH_!Ny=?5w$btYIS6_jI&c&HYIbXCdyGE zL1B2TMCuo1rD9rRys)0>#*Tt%Jgrb|aqke$fv!%?>sObr zzOov3mS+gKZUwD(*3A9-Rv(*ClUikN(n?l_Th%F1v35$DEz|&?_k#sI;AU5*v%i9p z2hat@|58Tg=;SW*-LuB9uNI2oE(JEA=%WZsXBoz;9Z3gvkrCC99na>c z7#)i;+uf|6U7ImXhHjLzy^~|T=QLVjlsY;s8E;>7-gRmmNLX*ybeKMV(DQ>g+pMU8 z)y~cBbn0mJd@=+;oOJA%y^8W?PJ{^U5SCFOTk3Jwmg zdaFdkR{uQ7xt$^C}j}0y-ChWVN;83&djWyMUhlshE zF1JfCcy~%7(M`U8c<}k~kpEbRTcaMbFxo~S)sN|>d%2HXV`EdIaA|_CSQ!}j^R${X zbAO$xXJDoxt&sIGas5C?{K4!o3u41k!tS5-oJGV5^wU$K`%UOBjKXi6JjDsccmuiM zTO4Mwpk6Sn>1Of4$qYvvb=b1OX6RXBwZ)CF+g+EVUzFw=G+%?zErPx-t+{n5*yiq>ZW3K>LpYAfVA zqG4Ew9FvoGGy_9JV?Y^I4=8D%R8UYT*J(jSy?1Zi5nw;j1m~}I9KL{*%t12}R<5IW z9VjI%huZnTk9z_&)PZh#s2|ae^?FbgE6>u`9a6Wy0v&M`tSqw4W@;6_K|W?^0ph+N zqRmB@x%R<_)TC`c!UkBI52{MsWTwR~K$B_Y^oMUUepwJFs1FFinqbzXpT9n?Sp~vM zKsJMVxme?2%5FDk3x5VkC{fu(Z@#JYffIKh7*|zgT!5`?B|z}oB;dF9^TJF~M0nbz5a)s5< zszOrW+BQ)@H4^7&H0u54pR?i}wj!VEITw!%dX0K1P^3{LGTm{bmO#{sUS}Q1m<0}Mi}zg>y~GX#Vy7yOxh-6g-@Ki&>jQr zigMErEHY)5kpHh-c)o(#uDqIjdyglExk~6Ji}!8R7$$tuQ&noqp8G1mP1hW?W+-@( z0L^|Edl48W9H@6uE#|A0N-IKDW}iTz0MFSWAMGQ zkCVat;&F2=%LWI_kOwJPz9|sa38b#=;_j%pzw)w=aB36D7xp9ZYQT(dq4j>zhy1(1{P>+Hd7jc7=d%;7U))wZ3lVFADr`rc3>Zx{qCOYrBJu9 zC$cOEYr<5xx$YxJ!ZSb*CAh;G5o%dsz*`E9$oW9&S|_sUXOJr~5}5M8NlgQKv2#SG z3bqCLC3$-P4KSkj0t*XD%c;%~QY4BlK$r9{QN3btAb;nDNAI^eQBsmI0K6BK$*R~R zz%W++mAc0KS;4rO?K_RqO0&qPVE3R@kWe)J+Es-GNB8wwvSZsj>PB6pCy3~e0y*K> zcG#Bm1q$944D!XbwPMK0Ra@0upG%8P=db9!Yz!vcMe0kE1u{P{n9&=dG}dMz9r9^C)kPNUk8}IuBEuUg?h6lkiDS1DjQTxCiZlXiO%w5v zIy=*paOhx_s}_G1?{k2AAQP1xLREozM&vk!C%0~UXnl8MQ%(a zFO^AV891wXsd6tmr$4^M=e(Q!%9*S0lZZ^4f*_m|jw5^eb0yi8ie9r!g(Zd6f;g|- z^>np`6)w?@x{sOsH^>|f=&UN3;Z#H%_Z84EheDT$Ex z2C-@;A0ZPnMTCpz}M2qG!kg zD_3(3*10hBaFQzu(1lS>ADmpDB{(Vo~(`7g5o|3Kt`X27@UjRofNijOR7KL7fZwc&b(Otj&FT z{@Jpk=O^@^O5rzr>?vcI;Wj@$eFfF6HZ!{PR$Cg=W%d$9THoNMq`|olsedvG0`H1S z@mwxt|LDe{lH(({5zFO^J>|w+l9<`2N!KO z#wwyaXDbQ*)@UTj)8V6*f^kliSNG}j&KR0Ov;mm@Kr&R;MaA$_Sv;m3V9|&%MWnl!&4Z0Cv1t9-__`TU}Q+-RAfdrSJNy_Zb89k zfgcZ`^pYAdD7^3oahcEB`4DZNYhLg z@?}2CG0eCJcXF%m=PkEl9S*9YhPgY<&%XXSK&76W#CwM>aIDuoygdga{nj-${0d$p z@G+noyMDFat|7_p6zLII8Y&BJnJf#DVH58O^WvLf)Jmww_&EAT)ClsTy|*iRQ((Bg zze#mRwzRfPJ~h6KKfc+=IoHR!bi7QyktBaD$zX2O!@ytdzE@TvVGYV+)d z&$(|r;(!GAFkAidH-{_MQ36|n|EN(qpn! zns;RXYS)COsSZ<-T35G7e4(vPGOYuf&`8BN#l{D4+r!4S=uVU%7rv`%t zNzh-oeT_kvX0viCnGVm&jzO>=i_`2!q@=7y7e&P%kX zh{qTtlKk}3)j7Ws<5S$@o-4Q%|4!J;c3M^`c1^5`C}1xze%k%tivTVK0yK}`VWiEu zoyXTHKSm}z0h&V8TYg^Y0{kCYniI0%XccC=`Kd6?ep^F2ntI>*@)Xqr_w9biQn%O) z$9$mPq1j0{sO#yj@jL~G6ny|g1m4=>9_&PVwV6##o)RxZGO>v2Q)F})Kqv2=xNpXhl{G)>jL#41~@eO>5A_}9xzhzi=E|LeKdZJsSXn_ZKe zD;AvcL}qAz8Pe48^h-C2lndfwYN<5YO;gJ`RCyR0;4iz;`St30#3ID=XcH1A-;Xl`_sx6!piILCp|zVVz0$P_mYKwQCU! z1-U0O)QphTq*n8WPrcD3^TC4$J(ELiPe61SpWzKvPOt3Cw7EA~#_yH8z&Y#$x!IqtC<_Qyb#HrJpju{)fE zS04(s0`%`0*#9$nob_oxo+R1#{-mg+^w^?)-#?klN<>OpdKIX%Il*k$mV=#;X5+Nz z_fWq-nVS}07Xv%=U?#GxKZUoirtydYqGNsmdIbpn7Eul^wgs%Z%wMDi%RP;-Vu9U5 zsL1Z=<;fSpbQLrISqucfL1x)YOl2_=VoKOt z!lpC)p-#!~Vyi@9xP5MJJ&YQ=HEv-wpdB=0H7#SkBAE?L`qTVL9Z_y<65vE7-`ci0 zoJeCy`lR3YzpjY|HjtLzQ@DNPnuw*pFG{?Rqb?WGdFr~99BK1is*_{R-vIc{Xy=50 zqob&X?F^DX1i@9J?VbThQAmvKc4)eIvoTqg87xq`BJ62^jR+%#bLXP;C4)9JnOzW} z%F4loVn1eaHCQqpL89d z8_and^nb10Jtdblf_!AtbT`SS2LFN`G%L%3BckdVqV*|s2ehPsB~o*Mwws*f!6=3> zqOJ=D`}#P(((hK(_paY-RvLX)VV`^;m%!2icp*;#TKu*IJORkw(tt<9W;7@S6xNkO z>hNFtbov=@%w}{~eRSOIEiuq3SXoER=eCTA1)O&pFFp_g_thwn+<@I=lva}U3~vx- z+1{IqY155aKKtgUDr1zm=GFfjX=AUStOhVC{o`# z&Mx7nCgW_v{`Yq1+>X>#^~{mR`Qc!+JC9si`Oi5keG1Cgn8&B$0%$;PI4rJ2E7QAg z*r34HhWOF_dsN*J$LCi%J^G6KFp>9|+yy>N>~NBql+g-;Wi5dySWf|sReV!+L_ zx!gtXRmswX7$=0ejwB`6&m>ng(sg&y^Ji9P*88xP=zZ2vsX~_teW)UoH=|08!C7aO z)w=yo0*Bsb9;4!o!Y)}J!}$hh+c+TX@@Vr*A8|blw;Qt_s5(nRQ~Q+s_p%l|x8&Qd z;^{9im5YS6ey{9nlkdMEI4zh2Hk1$k^xN;I-@DyDYvd76NAA%jg6xHz^Gt=IoL%{4 zOD(GPe9g|sqG@|BZLYH&E@hdQ{Em|iJPp-!Ox81~{H4bmAf8}vyxn}T1~REoa2{|| z5>XaW?!{(iW&(6Dr5I&BGrDnUHyjmJVIS^6Mll1x3i-&$Q$k6=K7?ome|K+6#KS%Y zz0p~IKHS|n=Mqg4(WGkmF$o`yWAOq8@xc9I(PZU&A}YrUL7}-h-n#xajiIhwsxP<} zh-oM6-^pE_N3vKA)6?wPMuGh1FU=+SYT;LICzpP|aF}9hIGuhTVur8~gwk>Kz^1TQ1;%6W2*#Bx==lnr9fY31L{fAR_t$1m z1gtV%)nX9NXm9!j@CH=98Bj-0dUJW|HHg?p0-K>~=0Oqk#iqx6hZ+8XLMJm^M}_aH zV$Fv)G8G&|oF9HS1*}GJF34zMjQQLNS5bey#h}FyUjOOWxdv=N7O3eS!~;*?mNbGb zA&tsiUN7d?$fPkoLa?qM@J7S_lSKRf1w)W~u{Px+T3RRnl`3og2?M<&_DOS{o4NQ) z=p2o!MZocxFsR4i)R##wB5oYF!(dZfTZ3gTu*zBYqx zwBTujYvReZ)_(BRK^%kNi#b(6#JTkrA{11&0h6RI`k-^Vb>t_IF-@Zb*UD-39ambk=E z>3aUR{u^8ZP^)Q1S`P^v(1Z}j7b_DZB5z>(N#Z}pxxap(whZ`Tjfq>W3b&I&yhwU| zQoM!~e2-$=$`CAVX=g?euM~IYf!LZ4>Iu8ux**7Y*-Zb#>DRuXcH=sxxa+-6 zinq?w`>OB%epmpD-Tzc#^h-2z)SR82MLE!GYg>WDK4ng+uD#3Zqa6>LK3OTT2Ito$ zZ%>^#+s5b4&Z}JMv=d^nd&xmF_SEvxCY2@g)@IQbp2P32Jkj_POts& zVqWrpqRzCaQ)zA8GX)8m+AcV#NP_A&$O}IL z2`As+k~MV0g^kn)TjjWW#nBz+VP?;(WovIPd4e@>9(~w81cZim)X=Ig7z6DaRaG3I z2*bQm8T2bZ1ESM32SeqrIk&tiiHhv7BaPqfy?>|@UOS(2e~7`R0fsm0$NY-H!Qoqn zMDx#8fdiI&8%A1?a)*RTdz-F%ADSwfk+HcxI!kIiW{=(~CIL_n zwrC2U^FH<~m%enbE5L$DXkG?JME{U=M6R}L5(1W5n zE7|1V+w{KSUzu%Vir?^@_7KZT$G-?$N)G%vlIAbjR!iXZL>^QG4%{#5r)?+t@8ken zzEV(=ChZ%pdr8pusS%C*$ZZT~*@EDFb1Bi_xUCQ8~Joirf7s!)We>4OP zit{A~pkYaWvDFW1juiFBh;+X??}41N{P5Qp@d2Kw9w@IzRsi^GYGdh%=_uv<-8m&g z%yFeUTeGb~)3r_K67`x6buT=rc-bCWj4!_h$bE`8o)B?-i2q)gc|NncMiQOM&)Y*e z(La>=bqB7UDiGb~e;kb*qPpd_+0s_trao`GH9W^pM>CV7b|tpx#O8%E&d)rgz>_Uv zs9vpq=ImrKqo2TM7oIK5HuKdq&GmAF&FNxxA37_KWWGrOicDCVyBK@_zeBJv#L5*^ zU*#2I=q8;W3|r9pxt+UzGtz=sMcNH>5DrCOM zN0m80n5+7&Ga@zqI3j2MtT60@2suZK5vu?mKg0u-BLZyBMkEtl3}_f14(Ao2C?N?P z17Og~ZPsPY$-J?ADgFB-?hGKN1_ADAfgL8Xbr)x-LdzHRkr(CW7aw|_ zZuPKV)$yX2==@v_mw&_g&Qm(%qs5GX6iS$3PEN&nP*CwMy^DrqHm;@yZ%CqOz=**} zHi?P2KZ|gS@RV#;L5Q9z{Jo$5>0+CN{&Bs5_53X7vPzNN`SDKn(nxKDfX%X0q`kRj zFVg&lzi&W5-a@6$qSV>cC(|+2h^oBUe=lVbApA5!<)>scXf#WXxKro|46loa0xw;M z!yQ<|tZ{H~%0bP57-%OD2YIF(2{X%xW%c)ENPVcV%H1jqG%T!m(EwK!a zT81TjB$s<&;}~ieFdoYAJO2*3c=bV8bdw3?+A-Dr+!!LrRy`I2zBGQLhuh1T61VJs z9&Ag?QBx30-R#Q&o8t0!9cW;PA9McI1bkR5uBVnztsE&%n*uZ7jOf_(Tb`kwjx$R> zs@0PWB*JTy%s2x}$+qxWz#7#J_)v8j09R2U1DxdG48q|2IEuIuie2C=T zCHT@BMp8rf?3r>wiKO9`&$1$jpGE(eJ_e(C!x14Z?<%g3NXpT}_Rj$AdxZLDs;M)N zpweJVw(7uZAoctAOcvAr*T&O4FC(00Z6+p?{S>@HFB}sqh&O-DJ+A2^Av!!;Ybh(s z4hnnlxG?75JLHdGhkS!PZW>D_Y4fenrtHTsnAra`IYtmLi*RyPd({>C=o*5f&{*o7 z>q=2JuT>1O2gE)i&7IEu_2QeHVAs$`(h#IZF3#9mk zA8HU7|Jq?D9mNPl`Gt^N9CWY>=olF{8QSw+kujJB*(%LiK^LK$b?GxqV+ zQ|2nh!@=1JxA1#;l`DCa<3shPWv3Pov7M+MufXXwZjC)oRIHm)Ys#T{y$A_DckNP` zs^bM-Dgs<0@Zq+C5B(j$S@_*0GNM=k{6yH(99% zdbVszev|Q@X4kPjIMo{xLe)K58F*EKum?_zIPx689b%~f`;8K!x>Cl*rlqvPF|;G2 zIjKf9OESkZJO8Xk_}IKKQmgHW%hu zUb&-pWTt3_A6#2=T!>kJuR$hhz@mLSFxYipHa0rz4s zen8}vUXI@bBCn#%qR81KU!#*+=jGMugEflqI}-iWdyZ+SD^AmG{N7`S{F${UU%Kj4 zo0jzk%+IP_znuQ7{92U>)WE6kPFbzoE+AT9W`{0~!8s@G*YBz$k7;Tp#f=+fss@5v zdqwJ*5xRygkH$~J`!vUsc8dB=S7{b-rTX~@@rq>5*k;o5tX{ab{Aw_0*gtUMP{e)T z8((!9JRJERF(S6Y{&(uXXov9s(SK`OVXjFgyVcidSb?)B7+%3*$xJL?rN{aoZY0@3 zPq)8b3w_jJNA2;`_vc?J`u}d4|Gt%J-35~dBa;4KE<$Z~L_@ON^Zc;z<$v-Hw;Rk; zO7OXH#W5+obrY#RL$G0UX+%<1Db6rfiE}7Ec&L$+VV|Ff~&y!qv1Uqf8?;wqbZ8xKnM68MMu@F-aHXYMoW)ANN@QGecQc;iSu@7MOQ%y@ifH zr{2JZ<|lZ+zG3rpA9v@62B-=%DUo*w<5^u-`uPkM6*UrAMe0tT8V|2Kf0Iw6R+&4$ z(ejDsYB@jTFg3P6T2sbv8a#+EVA#sxQ`~Lf{IFW`=jffI#+%*xdH@OO-`6spbDld0 z{kH-j3n>7N-o%2?qfRLjeD1`>y9|b75+E$!#zsOEHrbX~3J>iiIT@n7l~vG;<<)b5 zxeISHa4B*E3sh*aNJ&Y_hP46DH9cyus()q*EGPFLJ)(u+4~;68+Q;||X0`jmrECrR zuIhquzSb&ORz&k)Z4C7i0GGv;UaRB50ob5B4D|QMU0%9E50EB-sY+(ei`opC(E{LU z$89j#XsFSSDRUkd+-b0iDU(-I%XI>Kjj5WkDyQ@rzby4L!0hko?S0*tYeA3Gb;@l2 z$B7xiJcA#mebHE>6018q1GLg@qSfD|;`C$#_%Ja|LyM$2YYvpGvBHg{kw_{+uqr7y z`TDg>E0Yp9Rt96O8Ngh?Qgi)_e&)x+s|R)K4eduxn@R~T)U8T0^v@V#&lMuwWvA}^ zJ3c4`Vfj7jALrb{9R=&Wt-Bb?Z3}Kp1eWKizrW+c$ z-b{Tp1vRNhe)jgea}2=1KZwcKn;5tUf-4Xt6Wl91!$wH!uPDRqv45j^tt6TjM}kd~ zjD!n(b&KN1`9XNcl-DmGPj>*&^EltqOk156ZOG61{7OnH7=wrd3Q^qJfQW(VYm3qX zkOuA(5q3#`CH8nU+enKlo>hNyG zh3r+7xU@>|AN7zGOAUWIP0{z?wSGNZ0=v0?zUkzi5M$jFKl+yN?RAKgtDc#yvD3VS z+}hs5VtBTI$gy%t&hRuh&cnuh+Z>pupo5wU3xHMTa31C8gB>vhafGY{8ol3>xfSnX zKFW#{fNF6;j4uDzyST^Lq#x&sL1_{oNLJebn1*nJN|8p7Cj!#tvM`M33eY;$fo-8; zDG)a_6DYnK_5hNKNQYlp0YKhG4~dBjGrs357ueQ=abk#BC$u!n7(}M~as5Dmi~4YV zV1irpX$v#^^U^z3?}7O)F}xgPq@&98x}?C6VgSzHJdEFo?4YR1FLZn{U{Q<)CI^V5 z)^CEP*P-(sSms=-bWA--i~&`0en-o0dppi=1D&Cq}OO$Kg&}k%4CAt4{a({ z;Tyxxeg^sIde?h42C~XQXo-m9V|)7x+S=bz zKWR{~NQSJzep))QVyb6=$u>^1E6b%Oyd0dTz=ASUcDcEQ%6ea~uN(fl*KA@sLq1kd*iAFc7YP3+AxN=sF%ad&LiATYR&t>p z)+>8XFHJ6++|Y0|>*ROO%#$M9c4tPt1Zp?Tz#pTnFcHk*2x4wZusc`9S%!#`w|ocp;5={vvuX~ zP%*~1kI*47RZI7YK6VCm=v5?v)DWXQ_%XoOjajt}BU9chbn1*CE3pFrMpC>FknaMr zBK^L^jXm$6^9kI4udm+?f`QsIHY)!}ogrAART4zcbwb^toxpt~dj;Lw)&gc`fd8G;B z>9nKyPJeI_+S}vY2nY4U<_A!HKb{b#x)B zMBY&kv~mH_w&8SPq^j`^K$a(+0JUa~8drP(2zdb9Gg{)faCoVSmmhj>n_NE#!ZO@i z%=$iope-I8YPZnXg9QpIsgZZ%4Ai8fAhc`JQ zb2iwHPhp6$5aGf|)MkYqizEO_60mp8QbRUDp*udM6?$Fw7=XXfC1o0-Wvr6Rn$I`B z>GHA0u7L=yh!58GQg&S>{J1QA2W`N|wP1B%_>1&W;G?@fR$94Z!DAcaRSmyw#+h&; zkCf7bg2JuoO?el$0#|rU0Xx8zdl6Rbyl7{zmo9K0kB|bWoAFyEM87&`nuA=z>|`h= zLD>lqU1UFA^>3~ZE>c0XTRfcwMU*%J^D_n1R3)3ERZ+#Yt4__~sDB6){sX6SRzk~wiy^Bm3FUfqduPhR0V#?UmP)bn3AY_pZA<8qOSO3t+l;=n z9()oI>HW=QLHrwJ#_e9wi!>3SBlc2|sBqxdZh|7rDwKHTKRA2KluU*A6yo*L9b( z&CBTwn*MB$C@(z{GkuGBdd7YAfYxT>_@$xO8mZvP_n6+t>k;eKNfIXWjD1BRTr^8o z8a2^G+Am(j5ovm#r+Dk_3pCW77ll2S)s!guk2&b}L=7l@$~Rvg3PrCe-EO1m?tA7c zF1<}6y??*Z8?zlBX0|3n&=Q%+N@SL1R54%CL@t50$D#-Lj|=k_z>n zgikqFH9+w+m(~)p=m(O1ZH>$V?4GJ?LN3en^HO0V?AM?ub>X4+E1goStAU%#h)Zy2 zQ7Ir)gD+0vhYPlxd+!-bJK4J@>*&RekH!v8xK-7J5~BOwM=- z4r{lVrz^BskDDvnUjWbbq6@Wv==9oam*fuu0tTNIJ%$SJ+6anlq3%x~KH>zQv3?*@ zV^viHxJ}GwhDt2D$F4erzI)>BVddqDJKIJSJ7LOp2G<$v!`XH==I8=8z;P;_bcHfJ zippAO^-9QeI@^zzx~ltZQ zVgjVm(oJDcNhJSYD2qp&T|KA{f6y#~K|xm%8XpmdxdT3*;_QAQf4TGad*S(w4fTTo z506~gq@3F2cO+4o##fo#UqMwR&89H%yMNn0D1or~t9|#Gf5>A`va`vL&7-8@;`{aw zrN4D&tKasdGk)?^r(5_TUkdlaB8G8wqzKrgPFGIYxy#$Xw4RRZ2YbTVPs?!c*N(i1u>c4-#S@t*->0N7vc!*N1 zmpD$LzGcU}?w=4&FJU8Z0>rK#dnF(x>5U7tQhVY?SMr@^iF?E%%X8sgi@RL(u3)2= zap+B@ABsFKxhD==?=cd5_Uz^14QNl!9mD91a9YYGnDWjvIqgGWRYMXU6!A3jWft|E z+M;({NP?Fn?gAQiKSIXCPeQd`%O+fn{>ui$ZlX=ty`}g%o*oW5i%6Ywp7y${FyX#b zR10_IB^4|Stv-Q7DrhTWQmb8IAFY`KcZ+p;{TlbAki`Dl@g3-Pq6lQXI3}}|D32N) zVqU`bU%2ENJ39q99xltbYjdBFnNgieAGOjAQ|zRh`vR6t!I)gcPRfjCH3x5BdgA6D zVVtmKJ%;cHp9;A5M_)Znu42DC5`(-B+g4p|ODSAqB2u%ghb;k$`rl>RwB{GDJ#zN7 zbW@rK)(SB9{)(4_=D*2#x6|gfUG&Ru{cc*#OfEulA1Mc(XuQ1;h0rz#1`uxKp?I@< zsiQclw9gk=`(p(>Ivob9Uh`tPw9p~P!fA575wle$ee%^U$K3`i(~1l>I3KnSc_TU5 zJ1j9;wb}(P0uk|}!XF0{!M#)SW)|vP%>EX{YMg)DJfGvJ-|y|z1&_;O2Nm9{ z3;UA7TET(MGhA7Tz42nU6I#1^KXe0ZomsKSbvE+1x3{oI_iw2;N^KojgU?22b?YawP7loV5trQy z_0wmqT||YL(iL@c+~fnDTMViSk2d2ia96QE2I!o{6$fcA^qq?+&({vDh2}K7@~h83 z4Y_7Go#witKRwvf3e+S!?b(m*QY%WWLN;ZE^YM_GPd1uxy>0vojPR9uN0pZw6zRm5 zD2vN<4xOB_)c<*hZx=0yp1_57M@>xj*0h)})%@*@UzH@L%vvRzGBQ2G`l+_StmXuf zpz1U>e<`;FZ>@-aixm|*xX4z0OoH}VE`93mXI62$5AD9+?*#Q5H3Exd@D|<=C8fT6 zm4x!)@t#DT;FchaXOhh0xxON*ZWEe z84o2F-l4kw9GG_^y$K-^*!tJL1`l+0tOqX{uHXIwXQ;^oG(BerbVOxm*?EN+hmz?m zh^uK$2N|KNu=3hBLm$Mgz)H|2ekDSc3rg#fPmBxXUnTf=qZ^*A}7`fT=KApYRNF(OGr`u(WZK7b;RmJ$y%4Y z+t+_A3qNJY$HYhhA5~|=GM`iVcmA42!}~}3W#vW-?LqHIOhH1+!zJ|Z&D}>Ka;Sv! zzb24oCphS3(3E|U7NgsCw{PXy$QO_K)cYiFv^iTpXfgpeeB?m(kGR4@v!IZWF-+#f zN=(+J<7~Ptr{!+VvUh$EJ=A2PxXA9KzYdYrXqk&v!?p$?Lvsn8Nb@%V{4SyT{eu%g z8~Ss!niH?m)u6Lz4d#N(QFN>k7fsE1XVa*gguU6b#*^RtA>L08NArtp<63@SreN`Jvb#p8gGk%W-y{ zA)gdvc>`Lz{&;c+i~S$?P10cf73<%&4Xy4**oWohU4YCf;3VhAYBSdD&38ABehATyBj10Lh<`GZ1G))p&zR(W?Mt z%*EBduZgd(?&se@&~nK5ZpQ1-LceZowjyn06pd|ql5%M)c#@eJ5(EkY$TgsfL*d#Z zg4F@8D#*-QMJr5ukO^D)8sK>bXKRy4bJjE)h$n}?&s81(4%r6-ae)9Oc8zgqd@`F$iu2B}Xln!s3s{iUcuH?_A~aUA z^Ep0Gk6&w!#!ZI6`Qnn~B2Y za^ieQRH5u{Q!WX=QiTnms++)u3Jo%ff~gTbWFIscD>eZE69EitR>Mp(a&j?HJP4@0 z86Y@}zc~P+kVuV#w%iyDZ~8&^)eX#<8$T$mH!Jrv-X>gPS_!(Gd(&4ena|*V{}sQW zmA;%mdIWa9POXa2=_)%xKm?^Q_1X4)quXYsfw!p5Te7hn zS4O1xNZC_Q%gvOs57(ATR@a6zYRUNH3tp(YYi0g0pH`0~p)0py0h&vt8IxL`XRihh z{Vj4uIVttKr1TXRv?SlZW#0eOY~zXmQxD@`gSXypwu^5`ENFdg0opLC7Aqxo5Yj?m z0{p1705}j2IdB1jlm<*AV}PmaCVPCldgmDCAOKA|wwd&*)Z>}7X~3EZzSb4Qo>jN{ zVwU3Z44P_!oi1CaR8}yONx-9hCJiJitl*I@`G$z8Qj3`MraMTf%4SOhdcvJy9?U~* zbOYpJIzNoxQEXv4#2bu6k}-if?&2j5eb>&=@+EY6 zHznfIO~X9j;=~KfO-1L_)Vze_s4G;uYP}NFk6Xy~wB(D%LBwl%;WlV#c%7okm>F+9 zUL!srt6SaJSa+cVPf%A@j>3P9kzqT9+ucT#J3w{6@jAA2>DTMQlY9F=r|{VDy>;3C z#+cp%7FMJ|M@Kg33|Hnwz;`s%_E&aYKZqBQKH2tRXJbnTJZVpL%z$oy4GN`!B35f@ zaJJ%OV^@95%`^4)h6;_u-+@wCXWDavnIK%J+?H8VQj%d?{=*Ydq2HVA9$+@bi4$zm z@wJ_0BSDbJMu!vV(E}!zt$F=le5}ZSzKJ6>{@H3{+a1BLLa)nQN0pAm?=KnX6`Mvw z%Q0SPl>3GW*YHM$LT=(OuTBRjcf-UTQaAlUY@Yivb@{dYa_raoSku)O5rVr&3zugp@YM`vL^$ml87xN1 z;xOD`MIGP4~-^gJBVUiRMY1BBu_@6M#ps_RKqw4a&A zrz@=r_*LUpbA5Cw7F5>~Uzh7?^V4B8rm7hm3s$bcRo2DZPL9jf&b`ZQKR%F)&vWr1 zi$f0Akp6nA6=vUr-<$@>$X#`psLA!ofdEBT!(r3kPReoE_Pc`(6D78Z?LdobSrq%fx9H&*45Q4&%Fpq zPRl{*5ZrtBn5;%@-Xoe}6*&xW(Qgk%y|i_TSYQOaNzbX;6+f^dJ^hO58`zXzS0;|< z!L@9SAkS$lfRI?gBN91j{}XFn>AQFcwq-IjP+bE7nTOj`u*+j0-zXtdpKkiIrcBt? z>-p?8eD8tm>d?k=m%&wk?Vi<#Hww5((ETF7Ze&Caw^I-&kfpldbf$s7H^~_iR{EsT z{eb$*m#g1|JGrj*x(vW#UQ*NHJS;qsp68YG{2*Q81f~21!K>L`(zb6TJbP$}J?B`k zA#JDdWrcL@f!6aK(;r@P8dFtY^7C}ID`nLhzkTs4Azh!%(`r`=wFBuVPdx`2*w}RA z3$%7x@is0FoQJr2=_S$!11%i4LJ`h2SVM)4w(k>NoP+tD^iGQ2k4=zjlOgVCMG#`B z7{n|7R>1e7VxwmT2koD5MWEz|+`8HZO`aSO-j7Zzwzjfy5a1k;4*;idfE5BIdhXXOeVuuvlGczQ0ZkTjlkCb7Kq|!+w{7>4MNCSRh z{cp&O8@>R}?d=6b-=W)H0nRmK|J~^FOTBf)NZ{K(=mvM*%VGj>PsW#@>~;IFh2mcq zqs1?GmsiAz^4d*=zQo_LAu@qp;oO8gf_bzu{b^^pf&DtMs;hWgO{<>#@y}&pv;lQ> zQD$P;-siy5VU-%cY&C7>@Y2Bw)upTaoj^ME=m$J05;92~(s9c2zo&jt(A00S*irT7 zG<}LNfh(TCTZ;^?o=Q6ER1TL*}Lkc`YkXobQgf|K}CRaBqC0B3S%usck#{q`A^N-KtLz56R+uxFe>4z`hUlJy*Hnp=lC9W3{aIbb!z(8`OfoJmFH>j$F{XjY2m2Q_Pv&TeNzm@w=drH& z#Tt=+3-SM#>6tyW@c`sT1OzBvCp_YYzELTtc{_B_Z zN8m;M$YE0UChk$pM;G;-@7*6*Qx!hZ2M0?k-eVZxQ~TZ%1HgX(;pYqxA#@-Tr(|yb zF9-{`8)=jpm><*sv-Cx$yvS7_7WVETI31hYIHOKqJKQB8c#K8TES>vXLSisxbky8G z0~wL47cxC3Bz#W=Q5^~)&*6Z{m+m3W<9V1##$zwSy;+gU@0PzouQCAmCX02yw_~6b zaj>u(WUZhiCpU21hq^A#(?oE&w7k6T0}My;jXtifWvvPVy{}J?GVuL4HT=D7nE?Ki z>C|wFD$$syuLZF`l2UkX_^IZB5pPUN^wKL9SAa*pc!|8N-I)OP^fX&f-p+Z*%5~w! zN>!VGuc&Aa3zaHeb0IC01^i^rtG?4U#VBi9AO&>%Ajag_0@h2_a@){5HsZL>Hy$DO!nqmfKo!_ zv02o%2)3tcbxvxouYM<9gMZdDYzceT z0b#cj=hdk=Jx>dOJl18?sL0E|wFc6R`JYz#=X0te?5k;<6pjf1&*BSs8~#(r2GZfnyyR%i(69yGs@Lfw(|; zlZ(br=w(HsczgB%A2U2T%9-k@undn-L$iy^qF=ddu9e=z@_!U~D(HC)HCcRcGYqpt zN?IYCy7dzOt)ZqJnf7#d0XhRj7XeG>KmaFB6T@DQ<@8t+P;!d>F*fNo@{)Hl6wC( zW6GDn-_j#2TVU;KslW0iDP#bh@+qF-`!4=_nC<-A+}*pX6X;Ju(tVxN?~wKbO6%%U zu5U4NTT!nPFti%C&(^W%r(L;=iTgCY5I6IGz1tB4h#+dPcif>_tkjC`%|-d#)8|^q z-#p=t-;H$N9{=uW{>VV~#a?TwN>y1o^9b(Q>+|?;T2D?Q`% z2qEAjOqAJDcWLG)0K$&+MtryP7B(*>ceNX3RA##;yq|GW5R-oB4c$0-nAjsG0Tv*O z54k&5Yj_H}WXnh1o=0iAlk`~JUUZ@Y2Wtkk;yZ;hkOiT zo;?2OJ#rz(Hiv-%Xlk&st@qP{)$I!0cO>6)C|EyGODdo^O%a>W$5X@npMhf#Kv5$a zQ}bd$H(Dl!e++y@M%g~9#1l$|oUyNl$havN~2J21OSB z0Us}=fCo$W2@2HObmZ(c!epG7oJ|OIuLQ(O}lDbPRmJ6){p~ z*mygnBV(Jm(AAQE4rlIkt<>O$aonbG6y5ElRB|+l`?L|^d2UiQok_DLUUu0f9B*O( z(ziV}%c*obBH3$@62}%JY3F;?z>D{$|HF9=g`Ty4ld~xOKYTDB`{5E?k{B8vh&o_A zGktmYxv*@co>9r$>n%4$Ykn8&9XpKpyFTZK(a>5!q}-f2q4#>j9-H@agIUkD*^WR% z4paZ}^&@IrF=_vxUhy5-9Z3X>H{=^;b{pHT@^Y%J#)g#K^hUalN^+;BhDtww4wa6Z zu0GTkr>9PTA8}oo8bj~FnJ=F zz4kp7qfGn84?!dPB;XW^S=?ys1iJ`>#Q@pptWSwm+6^2wolx@9lF=)W4U~x8^O?_O z-JHzFgr^oMk=yD)uwu>6xkZ`YK2r^y#kBpa_EdThT< z*?BPTF*Vz}(4HCk!XLTEP?DaFx?Sbn3BkIy36jU9tEfL-KGi&eO$ejT(*{+Uxs#qz&QHGrJaSOh}*D zZgIlfq@VtIYg2`y>CXC!rj0oA%0IfYd{-avGCBs}t8Sy*>8&@NFlg=if}RN8@>Kq8 z_zjV+Xw>e31o|csHX89|K5dF8PL>HQt#h142upKo%hhwAAmuT>uPo`qE3B5b zYvQIdK-{ennR#F8c;rdXbi~YMWHU-Y?9Q(#E!}bOnuF|#e$ndK1n!D-uqg08DyqRncUR%SgEKAl`kAjjR%+ml z5%wVD7UBGgYUp)KH_($#Oxexri^BMQJDg6bchG4{d$n!wN)I+1R={Gps zL+5;?=9%1oAe*D6bKd7OH#Md>yQ0+9$}#Btsg+|NrG* zjQ5#dX^f}nCIub|%b%7fJ^fUk;!fAb#O?vRM}X-p+5dJtNW4JQ5EW`9qkta79eq|e z2Gc=0>{|3;OK?qqlEVuJq@$tNUihlow>xPs-fwXgI^>=&^*z&W`{_upH0yq#Mc7q1 z_sK4adC4nZw%?m@)84-3UDxBp#LyMg)csX)?emVCx!FH2pgkR^L3r^8$LOGkOF}^G z)hTSBswD=OL-FqWV>yKOa?$%2Kyew`a~yzX2uIuEl>K;xN4{_!e> z_)aXvqwdZHOAsk|y&rGqa&f?%JQ72D>*Ir{it`Y#$<1ZDiS`AiA02MxGjx2q_MbSyOkfx$88^?B zYmnGp5JRU-6BGMkw>vPh)NNY1iNAjO^q9Q*0XzFfrgzSUk83VL`dmz$i`H_tLH1r! zlJ3Wi`3fnrGh$-xV#B#ewpWd8pt$@9#{R2LrH(^*B6-nf@$)$AP9n8XK z^*B4T>?@CA)t;xPqw54l%Lg+{FCDP@=;-O&JmhsV#gxDXw;*eP_N$CCu>n4(y(Wov(X$7^&qPJ+GJ&kgp`yO|0?BpxeY(` zoY454?Y=STUBIgT%^J$uWteHLV*}I5(yI1 ze389W10joGd0Pwhdl5emVA*^=c{U%;3Wcu4Mn&O{Rk`E{>^9tHD3nhT(8i_|VglgC zWb3hF$t{7yUU4=vIGKVl$Wi*{v)hQ;|4o7PtlQ34ZPVodT(F%(ng-0k9hm8famHHL zHv{}HmIku~had*I19FuCOJoJe{ObT}$M>=X7QO7Wfs3<)rT20y(T#zqT}{E5oRQ%k zE%vGghTKN|@-j+2gXaTg@Ptd$_Ya;rl)pW-%=PA9M%6C$tX=MQreHUSAfXp#F<6i& z6C>s}O7uS1dhqe$r!|2(xW^eV37HdAzS4J|hOz&Ee;MQ;K09(h^SyBX$OhKl^7Kpe z>qt2DO@HZp?pfNN`ki61fMWSoGZGt&v`N>-E0f9OWd`Cn$42;hQnIRfNFPkEL)RX-<2nl=5N&8GjI$CIB4+FL7&z~!G3SZ;r>l-8t65T zy|3>W?!l6l*U!0B&)!1O+)!j#2jBxg8p_d30LEJaTdL#3^`U=29G^u4je$|RA3)83 ze~fLX<{*N@Zdx~(B2)m^8$tCAFm~pIIsuS{WgmD6Mr=BG9|?LM_6iAt6p4P2=L@AYvur;;yx&)B zFsE|+OTqhtv_=iaAZ8eT#>1&rif{FUYp8wJEnG94jpMG`ilcif(?0Ghr ztF6`zHvPJwDL=@UvWHoctP=CLpDxBIr2}g&M0`DZ0>w(DGzRYPvIN{R48WO}CIt&; z9AG9c_^Qx^QAkLCLSzaQo6Y>hi5dXg*ysvqd_3d{WBu~JbTxhXJxigz0$k=A<52EPPl$iFnphM zuwbjX$(rCT6`9RcnVQXI`ho8ke5boVB5VnqY(AoeH7_v^cV4C6t2}$n_~TBE=dS1n zKAZep-BSHppY5tkK83(tjtO*;cS%x_LQ?8(v6z2OmVn4xf*t{OivQd~kK!8e${#YO zzmS}Q2ejCR{-zSSC_J!YsPg_EdT+wdo$W<4+EJ$8io&yJuVI@ZSyBo+)3rHQN%{B8YSoq1UrZ%0A;X8Nj99T- zcD>_;7S(lvjGWAR{r&7op?Bvc?vwrS_NOonzikaGv(~Vl%g)J%%>3(P{JTw1Jnoyv zqrSmT4#3w>yE|IBoM`1N*9{E1G{RS>U!7NbMQx}kr|*OAbkIg`R1q1$bbGRr0Ru|B zas(*)4Q(Na7CRvu^Nli;|J1O^E`=A@!M+s(u`FWliD@kGJo@$4LoRRdW?v!PColo` zqiR7)Pf4=`Q{JxvHvCmv@ZeeCry?##(NC)h`JyRiKbbH~PDqRbGbV2rwY z%A?KczT_qLE_6Zu2keY6l4^Drs?iVTL^>UAQH~oL-Nxs+!HVf!(Sf#dnvW!;xxW)o zZ&xUHgt715lT}b~qfsVsgZId15g3TmT|SX($pDah)*{YqD9dy5OV{&K90d~kOhJJS zVC#6qA}@iZn4L^ zdU`e8*lHS1;%VKDW=j`F^TCwv`wIv}8{eE=1OVQ*>)bp3Mac1Xw#2oyffxk0=p8@b7X1 z{NdK4u7UZp(I z3q|*R%1PjsVS5{@Sl==;|KVE-cZ@HT?yZL3i@gR2^QGI43szUZu8&mWZJjA9Dh@lP&z726EQ!C<_)l};ig*md`-0H7BXyY{Qd5gwCl}2;h96&* zym~OJ5zSbsC!g9j)Tl`187UF3HZOPb;`;lUDK%rqb_DD#hjUc~%CFA2 zR^lnzS@d(T9Uk#9sM@44t*b0PwY*`aH=Ic|T-AbzyQ^-W!iWzOr2#Icyf^--N5Qvz zKl1ADvV6cR=Ob(znlCgtF&*(WD)wRw%o&Ma@*1F8KMfH98{SNmmm<642k|d!ywM+- z31A}p@?2@UKHDXfn%-N+G?`!UF=HIlU3kipXzO!jIIxdw=kG&>8A1s=;?{p+*PvH{N((CO;y*6(-26%!4M`^xwWF8kt%1mAffUTt zC->TSR*9V7KL7Kd%reo;@_*T9TF0&a=Q{kWRsD}RWIvCz+Tk?+OY0^V4sLk2R*3Wm-Aw5Uh)Q!R4iUlc{^ElSKrD^oCQA?t;#;L;B zRmTFJsp4|t+Hz7}r&P0Jr7HaO z<*{fdI%`c$VtGDu!34&0^Gl8`y$Ff6;d5Zn(9s#km|;-w3u#CAj*PqehoI;Axjk=Q zku&0u>i-7zg<^*R4U2&)-eO>!$Qyq)K!@(x-Q67r0w33$?tDVWT3Eg`gf zf)al(q*(Du!d=kYIKB4M4BAV5x#}~`aVOh&+UG#n3;v?xS9|}SPD*)1hPGZcun>O* z74wj%L1fCKFpxw9&K%?MLyyEV6RWgeDb-qzj*iANb+@ol zG?SY_sU^Wj?rSMcmhuWa%l{z>KLBq{{0I0QM$n5VqKy_56qLygGKEuYhdN!u=Vjv< zEJz4<2^iFOJ;ZqmFp=C(YXC%+Bm@;_A1r$22lRmX^x{_eOgzK$>~`pW1V|58%uSzt z(CkPj^SPuK9}Js=jR+_c;@R8#)N0@4`%ZV~em-Pkk`JbUHCx@j;A2FeCH_#qE44OS z_wG}9XR-AeNtPa?qFC}OcNaQiaIjRmQyZ6Ry*~L_-;(ItuuPI|iJz{;4MP)^Ua1F3 zS@h)NrO~?#aVA5FSc>)?(TNU28FDM(&y|BNV`Dii1~c=mzUKiGkb>*hbU}~7wVYS` zunm8PT`J4@ufcphwJJB8f?T1C6Y1J--_1H(Y+&szM5PR-?oXDY1|uR}ESQmdYJi?NqL@DL-M_KF}j8TMAgMc|pO~c8;Og=6QG1&r9ZJAcQy__jrE>A^3f`au$U6HvE!YE0$NW3=3ZO&;Ao8ONh=elfeb5b| z=i32J#`yQ~mSxYm zkI{vHsP3|(_*$eGGCMj>YUEB%3fSQHWB~}3X0D5v%G=||BZ86P3HkAOwDk!pGxEJ0 zp=uMl)i2u=VsNgGGRUO)GS~Y0qHQPUso(uv2>A<;8W1MZky;jDp-y&_&;$ZV5pA8~ z_%|i489Q0Em(I&3PT^vEXM3k_AP*lcU_!=%zcNp53((r*?2x(dh@gp4ASHt(WI4d8 zUIaK32Yr%|=eMdrUAEZ8TCcA12wa$3ec^3wfR@`j2K-odnqQFh1?J|Sr<-RcyVoabX<9F3+&sHSzheS*nTEZ!~Y63{PfxpPla;zKk`c(V%Xz zUWQ{k75^xlu)w~DP~tPh~*jIqCua(cFcq(0$e<&gVATXAvgJfKf_HmJ>)o=!8}R=bOWHSU}uDOA25DWfCa? z>6>MKZtivgrTgg*5ci~0%D~ILl!@Z*q;a=_w6D;H6`uSh&_>-|jzCQ8Qm1&zW=^Nr zI&R`c+_pp$W_a-Z#h)+D&VL0fMrl8qiAY{gsT3oy-_#EL;MAPFg1;jWpsG56JW;@9 zJ)UnPD*xjaHR?1E@%Al~pjSS3qIc;}a`U1()J&~NuvICZI@ZX4H&j;28I(Y219?NjCjN*egc`AAfbk^%w|6A(-xnYc9ZwMy_(9@uVW5 zuBHk2>YG%zI9k8Ezc!Tvd&-nlA6RY)65eu%P-@(P61g?46Z`lRx81OKyb2E=pAG=L z>v_}lK>JtvLQu1Kd|Q|lpqG-ga5b$zMLUJuD${8cXQWBXcCGsSS-D(WlBb8*y1t2! zrKT@iHtxyMyeKu=8?TdxmEs?*tUNtEU)we|eHz~#X4Ivg-E@XkV@#G1(BIt!Y6wnIq}S}^&N(? zGR*TvCqGdcKeK(Lr5}#UP^q@-gs6Nt7wup%lfp1eh24j$S`S-UHzjr7b)S(yVg$@d zhIK76JGhwNisJ9%x^gm$fZyX~HlOMo80qMq9e|F{u{%H{2q)l@Era`l&kRlEUSk^~ zyxU^<$Cs(~Ql02qL8QN&((yHRi+)>f`45>FTo;x?ZBHyrpyk>Bkkuak9Mrd=(*flv~gohsbRU-)6yy2 z>sJo<%ywSx)B?#PeI4HP1zwxsAJK$+WnoAKg3NySKA&}}W(~?bkIelgj4uy+Mr8ja zu2A_qL7AgY?)#%IHv@DP#IjRCjam_t8Vk@9kcKEQCDPK;9=$xdGKm=CI)K|EawQCR z8946bZM^$gb}iU1{{cN#Qzu!(q#Jwv?^eDL+99xJ@7%koEr}oaNtTZA)AZ8(zT+CH zkops;b3>bfm4D@ltn0rr4OJ*QsNv^3mU?gMX?fgPnsa$&vp+~`=((CLtHeiyD(onz zwOO(G`u*_2diS1%@9QA+KhH1pq$+~y)=5zwpI-*@dM$}Jz-b@jIeMcGp2Nx=<0HJ} z7_&CIN(IPj-tq*zA~xvwTHih0msP`0iJsK% zNv4&GSp8HTG13~goXSv5KOT9IRU;^Vzl3|+L|Lb*{LaGP|NoQuEoL{54JSp!m1biv zS)ACRlK~Uf;+HG7GMNTa+3HzLpuz%tmedE#f@&<3Y$8of3`DG8_jsBazzg1k$)+se zGcy`wPBN%xQiUWN{xIz(u^9OFt~EzJYkvJTIubtS?!Kr9$$4}_0zDvTseXO-E;Wo( zt9K#LFfBq)A?T@>20Z^!NMyMUr~2V@ow^LKtweAfnFrTM)K1Tw?UPc~?8vsO#6koJ!FutcvvRROH*FGoeVZ~!fVzpb6{{w}`e(8A7@IYkARA|A``PyW=bCI?dD?3-IBsuhs@PXoO(YXc#p`y`wJbg5YN^4 zW@k$E0E{6Np$jQ1SsHnXcSty-x4wP*Mi@>VPRRTol$)}tLO$tGcr6DNDA>TFwh{% z1BM*5dH{}TzNfj@J!OS!ey7h_kZ6+3wB6kaxRpYZM@y6n#&|3Hzrs+*%7wM-NQK4u z+<2%iS-0jSD#XC@N$@?2Gl-^`Gl97$z^Yd!D<;NJvGP=G{zVRy)(Tnyy)tWs*l!AV z(;dE^zmH9#LB)Q+Z&!M!GSfybYkl1KkF@GUO^I_+V)Xi4eK9On)A6{=9E%0v^uxqx=gXI;kF2MvAi(g)F| zv31Aygr7OkIh6hJ#uVHaGJj+=zGf4y7D=%Qh^L> zwLVlE5i&8sP#sVnCIIVv$6I3dD3{nr8R!@1l1NmW)BuDaRc0&aoT4|j-_nl0u241; z#*azFoN%9hxOpfvUT4oCe-W9@sQ(VPri!hV=8w0jJhz8T`f*AgvVs55t3D|k* zqJdR+bsi6TtmMYaZj+FbZZ%h-czzp%PyK$_xb*Yu%B<)NSAlnV@J@f-RO!ovqm6a= zNk;-R%$27n1-DV-iNHo!HDKfqW%qwKlR8=#HQI5~y!x6Z`Nsjka|sQY&Oesie2?cP z5(yng6v~k$zv!Zvpnc`%)mtV^u8|d6tY`#Dg$r1KspA>W#;BP;xTU!p;jf8J*oP}b zMM2%Lf!c(-4G#V6=_ju)7ATkc?6Ni{hqEHWGA|Dd{rqVd=XGI`Z>`>q`usCwYcuM|8!-Y}( z5=n22e~c8$zDtq_?0(*W*|Dw=bO;V)m6i`s+VwZ3)O=V|;SeU5Jz*5O%%gB2(Hc?S z!xHeu+=nuV%dO{nSL=L!%Yuk96?KR{voX<>U$xFq-m>Bc)>sJav79syn>5%Lm&jV3j6_!^v#>?YSwK z7nJ~isbZ|GqIL5@tyPcj5y((-to6!wd@fOZJ89_2-z`WxkTDVul4@T#d7w;Z26eqqB?budcl6G6&2d>HtkCJDe zqx-ShOxQSRZ(tWG zM4cwO!=hJnayaMDiVfVEI)bbxX}7Uvh)fq_aSJQ`9l~?&s6A*sT^=3z!EKu?suOtbvZ;~!xFk>_#<|9#C7AdR z*3h4d2ITUF(#42F-}8To*MLYAaYy*lc`*x{X@^y40P??b-6 z|5Ta>QMXISzOnE1dS%jo7G)ZteVixVbpN;q+Nk^v+&3>i0cn6ati%HM#K(K@<%dTn zxeLkRFE2~2wE665OsLVuK2;e`kh03bOqiXrH{(k$oxUWIN04O}+}lP}F(Ua-YXHiL zi=WxWCAnEyl@5StmUW4N zj^5{dU1m7YZ>ZUZOJb=&?o#Sl7|D}wj^naB%uE`2)B~Fy7xn0pN^FUa*uOff2+?B< z$%!jDj#yvxaF6-)>ARD1hOE|J$&$|&?|m9~;`!-*W*kj}2B%d#lVg@;$&wZh!w!PJPxtlf$Gl zcK%A6IJU&E;vJ=?-DIcN0B#%4cW~dCsGwL(J0xx$>{<3SM>J0rd%m;tZImLeVnmz| z<9EwJ3#!P_p0u8=TU4V#8%z44D^u4KL9+0#m~{&s3D5uijBcR0GT9B~IZDJ3QET;? z~XE4 z7s&FmK%HI$ORNO$yHJZa&eGqv4NU9Cp!jbIKThU%>jW07(q!Q2yXO`7xhCuuZi2EY znDIM;G-3iLDA@=ywhey*dn&rFV z0aCQ)7qtQ4{;^kb!$E;kU9>aN-@)yM4;p}__m2%u1Vm8tZ_w3iAvuuhzL873uljzz zD`4fuwPII)S%yJ}YXcDt---W%(v+YOt`@Ntpx+^h-Ko*j0qe$MGNAS5q%5NXhCFo{ zh?@n1sjg_C-rVz^AYk2%Qwf+*F^MXR`5a;%QQZL_23d%#lsa><%zeYI4B?ST0@H*} zK&aQ>WL6j8AtDxVFBD-K2T?hb&I1bj>p2CT(@2havy}ALVOyi>)3by<+KPgPaO{$*#B60>GXB-qF zZvgKn;0fF#P>PE14GIpn@I6`|I!Yq9E_o9crm~X)1Vs7Tpjqaas3>J!Y{WOEMlSU$4-3YnHs_D~VL z4N+Zid%r_*7l1{=L7pNoirqSk#$$qafb|S-?)g3RC2wQR7e#4lwpMs9>A@CWt1+mQ{^w9i>bPA!m^HIc4NQ{g`*tg~w`KZWd6D$nA2LO!K zVWy4St*8;NeoxE{%AwbQq1J1L6(2vUm>q#%yOSm+XV`PEzbl%4Q?hot`*C8rTtAz) zC&?1;dGah_eu_}F>y`_m@mo1eH(0Uh`f+}+oF+dWyZrh{&Q?l~u0^b}5_V;t-UoJT zr67@JP*wl;t5MePFNe-9t)I9J#0n~(_RhPg@QyP!HSQ?e;-BPti1vg)-S6?EN6x4t z-@vZR&>O3l;R9d^CF{h!>p3{aIj+Fx4y}w-5C9Ar-dekvje7%g8<6|#ngjg&^Ym~< z?BQ70_OBlW;M6#Hg2t-p&bAjo41lDG;VsQk*`VnGd3<5nqm!W<^hZWgtV4wR3M)cK#_^CC57fR)}Q^58q)b}%~Nbn9S`+}eG zV4&a+KzM@{QFVTf+`ShNg-nfVBaYj29}lD!(1PW*5%Dj8u}j6nh;~Gc4aLz+{PYmv zaXwdcL&0mc7eYNC$pNMU$q#7svmj(dJ$lw}cQ`N6{NjDxlyMfnNM)~Js^*l(={8s9hqUZ!I%Vc*(?UFv-%WLa@DvfNOW!W}{J4aAs;1I5kI)ir}neK0BtYf#RW1ks?~gHL%i#^^JZ6IAc7l!hB-o#N#KP&iu`xQ z11F*_;=H$skMRyVT;;4aoi<8p&QLHQ@k7+CU z&Peg7pk^l$Nj-NrDXWbpeSAO{%8>q0}MFV!QKJyeat6?75dS$MoZmNWR1%iPHko9I?gqM8|#dynGJygn4$XaUm|(?;cm;V ze|b1&X+f)Xx*SVO1GQRyNQJ9dm^n-dSgWw49X&K6`l?Vjytfro;)8{=?_hOHbCwpk ze7zB`V3~GYH8x1aMoUp<4keV2@_rmE55s!u^-64(z`UaN3M2>E!Vwpy*>yX|lZ!)Nnl;6jh8_6jMuvL*?07o@tFM_Kt~YqmWA*h% z#n{O*jO1_C^A~i_{wnDzf@Cy5N(3g)6*%lcmc^Rm7ydiMc7ALHF>$?gSYie#&Z1Xf##b_-VNE;!woXjrE*R07#1Unsi?B*ssZH(uxFc4x6a9%w4-eI+4;C|vv`H%xZBkp_ z3%T#?CF!~wA)ibh*y-xC{6XL$;UHYa;|n--ME^4)M+fU63dh@W@$h6m$XyO?;~cJ! zNmjXRJ<{VVPXPLgoNB))ulo~88>6CkIE1~p*w!jrsmlb6xw)F=g;g5x{a+D7dz5|| z69i||e9}t5KLBni9k70q>mwob|G4@Jps4rtZ|S8MDUn)KLK>9L1(c8!1OaL3?(P(% zQ)vZ3q`M@QlmUlmX`t#Fwdt2xDxHx2$l~%_T z{m&P3qq zA>z4&oK#Y6>SaMl)CZkXQU4)iSr`!DDA?CO?K#0u}OlvP>R^XN~qZHIhZiL_F}<#~M7S2V0R7b<cpL3kFUm!C^I929Z+L0=F!@u zz$Qo>7I%QAVt`!vcwPQXKYaJ@UDK0#;`^YeQ;qfZ=4`Vb&{(QDbvs^4wn)&@ft;4D zmLu@!AKk~igi{}2kAt-T9%Pl}DrFEQF*a11R)uEkV^c8Std}Z{?}fcJxwo{?9o#ej zy`N2qNF$K&=~DdqX^^PRbZuEJUI(f_hKm(dK9)bmmWi?P<&PDly9KOJs_IyTG^{2# zMBP(_2N;KR{jXoYCP}Wi3czhFQ{Dz<+~k$M)ZXiJ-)kj7*FS}ABxmT`iO6F4VEP|~ z0oNyw%Mv)=-e+TLAKQJyA4+K2aO6tahyfj+qy%laX(U{h6(_&6Y1L6yetEFV)>Jm}-H;~xRtDXZNW<(VP``krAeR8C zljx6zg@aD$Ry_?0WkEFVl`2waM`|}G0<2zn$3QF<3npGm&9FOwBhzR_Hqtr(Q&x8b zM^k`yy3%8-Z1SUQ0}xQrCg3A|xQOr3IpLQ%H1CEH^s9_Pj2) z9*_p<@9SlHEoM|mk$xullq0vLWj}efvw``n=!E}GL{att^X-w5M>?sY=!ZBs-UCh{ zo=L#4Aztkge}vpSw3-#u-DI8Gh$Y@6e6IPI0wn_pb^724+(JIFn1uWTE>LR*2RM$x zcG-{EqL!OocX4A)0Y~L9>wVmFbE3{DReo$n<4j?2JwZQe;c%E07?c z&nFA~bEAtGx=cvQR!T|=@(n*sm{8;(CY=3?deLpS+rNBtnqJ&;Qx3kGR5KM7yh>#XLTV*fexfux`y^uA`KmmbhPMd6aZ;QzM_ zV1`)G>fK|S>CFK3q4C`0@}IkjB$?_!;|ptlgnbCwuZkDjUA}<7q2B3$^q6@d1-5`b zpA_wgw1-zEwb!3F zzQy?@ySQp!z3-_%)PC{SpP$c7pCkFFyvcwjtB#N!t0bn*J#P=^BnigVWdWshf-UVj zZtpY=1&~NJ{n4<`@0q8}xl2*{ToOCfDT;&!R7_3D4bY^g{YL#-gTS5PhfHLQm3do6 z0vo8Rg`g6RTh`_A{`u~zR0;HDj%klJ`pCnoQP7*4wx!flJ~e2F0Ng`A(fb0dtRi) zL&{d_oc}ymuH0A)p5TqF$*`0(*#l`2#LIc$rtAOOGrb4#tuuM?*lnym}W zQ8v;6F!XuMdnji?gi=KNtNxcz*H!i)DytC*-}%cx{RM1vyf9fP9JbSwh2{+JAA?s zg9FG|wqC=AxI_bJ0G1@LLWHX;Jz?L}ELIfem)&X6*5QC}lG=ZiqdFUD$`>T8!5paq+1js0CRcLe#hx_Oy%~r|=fQn9e z^&(x4zV{4fpZm03`7vb`A4fPWyb9{qOxaHYGVJ100fC9TcS?3cun!NyO<8)Zaizk- z-wtlHCP;F-UU474`rcrzZg95gui~VZv$B!wL6gYD9q*GuKhfl@GDRjB1*!t-eRxJc z2>hy3giNpZr&usvvac1J@9viE{XQPaF$%2~B&1K0d#`_!wD!+@8sLw#$r+Fd+*m@H z?xVO#7HT)EfHXL^A}wBLT>=9w;s^`RMddJJarp~4L-k|0l%Lx!K%Q``?K<^bCiHTxRLQd%4D48wh)oHP^dSSZ5tT$Ny^ zt6MMll7LlR4qx)muLilfr1LR^WtbUCP!I4ZXJpf^9^GDhMS(&CSXd0Sv0jYf zzkZev4u&&d%;C`n(SGWW^*$#APC)ItBDL}KZgU8?D-#^ zRTzF3bTv_OF3Mc%#|z+##w>Zi_H3T-e+*9A2vW?Ts6;DtgA^Gv-r{>Y*2oGny>@Ph1V-T-Z5M0dy@1=`XliBCtEdn zp|@evE$vH+HS|4=Vsq93dr&$%AA&Yui+*u%W6K6bOZHgeoibpc%QcY9BoA><6=#Ku zq*(`oOJAr|1V@6<3O-tDt-OQTRtIiSw|Rl{^7khaTH2BiIOzARy6aazL>y4T5;g#6 z-_ihS>#Q2r{eoB#Z$vg@h4WAB1r;emO$Q0XgaO=Kk0S(ivtuCaM+*r3fozBQZGy?c z0BjfNbs#QjjO;AD$cSGLYpM)}o;}Oojuk4g$fgZ#D|N=5QQ0AD`z76cHdc}Y=IQkz zvp_{HdhRaZ5NtnP{q^AKO;kKH*4qX1=uPXlweNS> z?_fvp8|B6AU$oMJG?#&4KBF<$8R4$Z>^XisDilX3G4Y!4ySS<%5&#FX^J;zSOWDrg zvBzRLj#ccJ#L_OWw#j5Aud)6koNlq6_Wk>d@fy1quJ>NdivAv*`6GhmbbiO?mGj^J zZe~>S+UCI_%Q~u0B)GR&J zSu_YJm#Tjkj(m4Y+20gcttNek!0Q2-1ufRr;cQ1;Ttf_l1C`?Dxz3|!PK91n`FI>; zZu#Ote#&T|WCVgvb!{h{dbJ$wyiJY!?Kb4$j&d92=bbZqw+**mbPLLhxyV3kqi4zN zq*m7foWX1w(66P-1-{o;%s;8Va9p|1xUdbRlI3$Sg*r97Cs#2yuF`*~mpk_GS$$2W ziKy~dadYXYi<}v;^YoSqukTu-4pENco!J^LO=f3I8b8x5pNo&Tf^h05W-*zxz(zyjllOc!&P7ptgi{S5 zi*zhT^lL*8(GU30%f{tKqeq_kruGdBrHHFPF{Xc?2kJ6q6b zMTp}u{i<9bb}V%}V$Wi;!ChYHVPD8JF)orfKh6*RE*4OOH_Qf$+ER3@AdxV4jzLt- zM{3iodyJrc|7r|9CRFb%?m8ytw7bKj+irtm9Bqud+;~)&Ax3FCTNvg0ehl8kXTytD zW#n#LSD#(0ymUJ-g#-RYYr0sATfB+v=$yGIN{_2GyPvGlIcDW6AxX{Sw3?u~0Y&1! zi)rEFfa-?I-wVA#W{v6mf{QimS}unS#k)~OV??x>Joiy^-S?kGB!h60DE_ku!n3tL zmOdNvHRI14Y>Sb}CL_a_y=Orcx3j;C&90|+@x(-mn==~jd$B)rLF{ijZvF@Jg-#=d z;KvsZPB$0}iNB+@eZ*CUrMIXSzYva??SFxt8x$$w_ReWf<}ia<+KqtrMqcvozoAB) z#W?VpLH_*a?UIOEC?lpnKgiHENG1CdQ9RMHEc#cZ=glvNAOmYQ;-^dohP3vZ$f3gxKDoVC$pAk1eBx|8OAUC5YM@Mgdw+*oI=%zy1A%1IXzzbU&j&HJj>)WA<#HC^I=UC=S?KTG zd$m4Za=*%=^O;xC`{7!Z0FVrz`20D+XJgh7Yq%9^G+!UtFLg{H3U(gofd`d&`3k9b ztWS*fEUxQec~90k<_Yh0-H%I5%ncyyfxQ&5O(jFtF#h-<&ldRD*8NNL<8KBacTR-c zmWsmqnoHDwT1|bu9(ruNFGa$YX)>P7 z_<80?PWvfXQaTSZdPzt~TCrinU*nX5RdmU&DlaN$zr>Xg!h&LPzkO|Uz z1K|0r&06jkoT#9rG|tsZFe#}`W;N{+&0_U|l|T2>CmJ4xB?{@cq$nDY=S;STEl?{? zhDw74!j5QRqmU*)AuB4-%Zpt2k>Y6}!$xX9L2?CojlTd~oH9SqCrgYW#C+x9Spk{K zn0w53677NB-sI^IJ_rPP*95??Ky3K?=rZwx?*9HE`|N0$5y3ilEljJJkeJxm&l=PB zf0K^a&v0w~%c+Tuyu@1{I6#mWn6f%5@MPL)mrtV#GU`1Eoc{2HOA3`3r!>DBgPZIE zx$PmPhJZxxH;kr$V9GSCeM(&lCf6POzK;xq0mE<-G7%q08AR%~s;AUIKjUp8B04Mr zsu&>l=s`L;kqt_3fgZU51bNu@0tA5xnNt%kCi4xI$^hU^$hzlKpiblfit%_Qu}ig) zYtY-)%`^V$J~AD$P_J3HH`@xFi}Zkh=nOdlJB=|&Nf`d>>53e6jHheu*G~hFbbU^Z zDIS@;O}YeJ^9LjMi`~wu%sXP=&~OhAgx7YH;Mr^!af9fcTs zyS~!To;!qtgg{ng$2^D`;#VnAuD1F`2h5Ysndap-mnPooHP*8a^=ds-KlLRliBcCi z@8D%m6RIM5YOzPE@`P@?_I76afbPB@_J*(CKr|KGvnc)t&hsyV(<5#7p+45lE&hP0 zrLCsr4ZjU>5_^=wkJhROe;O5pbprTzR#I(y0Izuu8H|9k2+#`+TcTIj$dDX>8jO83 z0RaSiAWi7A-|peK-j|bG@Q+~G0ZpQx59uZ^z|q#o#xg{e!hpb$iVGY8v&l151N1h$ zpm4zGf3{0VNy&Exo|1bdUyt5T21C@qG71VkR8i2TVv;!Y*zxZ^RvsXO$W9D9e<#(D z0cTDXTbK$ox9M!1<@92I0K>?iuNT>@HL&Wf5=MEFC2~Nq1%DOL6NxfHFfFSqho-y_(N$ z>jFf^zGx-fCm4cwVG`05wx#w(++_~sAdcitZ;4-N{DGt63slLk=lo`XD?v!J(yeZ^ zh?t`*!rPh2vC457Z{*TJ3@UDVl)Wav$6kmyxn&8C^Au9ZXVx?wEm@~oNuBD zV@pewf6o|3SRLH5XI(g4U%MR?+kACcvIl7EFUo$_k~=Z*I*@ZxaEx7j*>WE};0e$h zRq;0Jz|_TS{qpd>y#ZBRU-)nuJ!m{u>DaKcQQDLM%B1#+Gn)MMdsiZ1`?+9r6eBb3Afr)v8~%xv1!9-YD3+EIjtujlcsaJ>;y~q6N+7A%{395}A z9gylimchydC++j#0>(_Q=jZqX>3Wyz8qA|D+7OfgWn{^iCH67E&nu8>Yi1L;SAojM z5Dyf%p9B@nb3L!!Um}T+TWq2zk4P6-t*A& z@~R{KE?ZS`tTRA{mbukzqQYpArHEnlVuv}nmtt^mxB&Z#? zwwVu>8@8KNm6#9kFK5b(Lc{f$Lft#l+BR@L5I4FZ5zZ^3kUD|7^+;k0%`vWG*zbm_WE^sJsMSaTDeXpogq-uP6o8rOB9e-e zQf+Hr6{ul54!jC-+L+Ykwf$9WdSx}$^sFwur)=;a!@v!PnI?-$-|U>xty^k+a{>CR zD&CU#Uib?)&2CWqr|ra&RG3FUi=>zButS9RiHZ2=M3rSprOonw2Rv_%E|Bfzga{QuOTQA6L}v+Yk(>=o}9?qN#=k-+J0dFf({cMSz_}1cBk*>OwyOOcvErPoAuu zl=XEJ;Djin4A4$oY*q}QBWCrdi2Cc`B5t2y;;Vj)&~G$hjL6vL7J_P7_^VcRHmg<( zfI1wJFJO20Rrte{TO%;Ezi^UOMpk$L`Tdse-|npP5?o5R_g}lqW?>DTdD*eIy}=IKk^Rn059py zf=@Uk&?D&$9R8hR?s9u~X06rpgIyX6gtZy(kIXe9-o90WG$mHwff%^b~Ro$F0|qw9Ha!HMI4j#zQy>}L+Ks66MDt-P0{=JcE&ZI z2}SSyT#uo(4^TNyHmGVJ^zPi&GN;dpK__|EDCnfoe#_N zPlj^rC6AAap4PKrb?9S>4b0i2!CM1-?*3;{^g(N}T`5~(~ zE2?y5pdXlv@l%Q45}TW~H;YuLW@uCzpxAH3e~(RGbc3J3Gj~kb4!DG;86iberJDEB z#}yA#m?(HW;$98sMT~x?)_YuxcevV`_A#nY%&JZFkNr!&4BIfvq!6!vmVN&@q&M5X z7#5%jtl@)4S=$mhJq~KM`ro&{^2I+yfv{5$L zVG;B)z6u%Fw@*ib@(mm$(hGQrSy&2!Ry zwnK#mWi5ecv9V3o0auH|ZGY2Tu>0Ukad@wM{yjBAco{vx1bj6GFi19L*(arDPm zS-Wn%?$&fs!a?GPkK6ZO{4BrPI-PBQomFX+>sfFAQ_6eQYoNA9mEp{7M2?c9=OvAZ zd*in|H#_b=Py}g%&$Mqj6X;%fu!OzxYk2}WgSJTCGDP)>A=-NK!W9mk6{d%B4e!&3_xhTA1+G1T z5!j{hV0cnEe(jHnOZK;Oti{gSxiKUA4L$S4DzCp&OjD40nNPo#Ufzts{OFCiy0)NI zQ&Icq*KnTRB%$x_X7Z%a40@Wyd8g&IJi@bcJ2G?4r_B4W(dsw4oMNu5c6pCDh&3-Y^mr_alY zee{~dsJ+woOG0|I(QoE2e#Thq+F$h?szej2w#ut98X%<`w&!Y9nm?N`n2(=jh}r5; z*7Wg2Ih?IA(&AQHuJMQcS~k;o8#^9l^1tW|KlA`(cN*-yJi(1yHR?$VSJ0sY-;Bb!C?m2@=npRY$ti&o)wfLx8lKlB=^we>ZpuFX`F`NybBJaljMglE^nV_! znZzv%M=kyjPJP;(WM%tehGrF#&}6$o69yxYBlOM}wm*OQl4-=`N8-T&9?#r<%#M3k zR+GE3ewj6{O@wwtlFf1L2ljxm<4Fm@bt;yWKJjH%4tjbZZ`XW&q2-pd7+47kHIN+< z$l%rU0DG-W)L%ckyJLfK$>l&nMp8xj3Uy$UN2j58jf0Erxbw!(Zm_hDB^~0rn}GCS z{!O=$#^pktQIMyU_!jUjplqZnDv^bWDFy?VtgG63D%?8T%N_GzKq9NQ<~pg_RxeJ} zl2>$;P_2L1{`<%H_;{9HpI1dj4_T4ZV{trE_YEHsHZetXy|1FwnFMYHkFTKRKD)r` zSH0v&5}O{Ix%nDcMVUAFtVE6FD^+}ulBa)uS|}cXZb`g0(-Gv?X;+WE>3UBIS)n9d zLoi%vAK6Dh!Tm!9w?i8w~ae5}v#S6XNc+cNZ9by7gvr|0yB_ zwGnku_=ajgRl5m<==`?8iGf4~S`U*$K6a?)Y`o0ut3D(?4!d5emYpxKKm4}ax7~=* z3la{WebJ<52`ze&Wa9F6d!2{!!4$R#1Q}9mt{5Z_vaV=9{TO;2CLmV)k};9_#jq*4 z3)st+LO<_2&EW3gKH%ff18pI|7BNOI5&v`LZ+i(Lz%N@LB~xJ|zhA0kaT%E~Dtp84 z^P67Xj@nh_>76*JWFt^6sFz`gtqK7gMfaZV*TW=alQ(j6Tqomjt3_78I{=+)7t(xx z2;*%$S%^Sd!n*)vTV(I{Eo&19MJ#`TuxO+#0~z*?ET#AOnYGYK>sxq4>%K%}jcfih z85AlZ8{x)gKnbKVUG>u0|78IH%DyWJU@Ll`6w?dr56nR+7buXS2P}0Q67aZzBY>L) zW6>IjEfuG-&Ii&Ov0BYRN*7A%2!}Y{a>WyhQ_CvsJa)YupWI0OZ400s`NKhgc zjhi@7i7X3$Brv1OkkAh+Yqi8`MaTIDLRRy2`H(Fj!a%Gqs0g9Y^georY!TZ79%0$% z&u@qKq;MH6MF{}}AIK9x3uB%+F@yY|!(8gScb^Yi?LZyl9>@mh1`-o*k_u^BZ?)bj z{?RTF`0e$M*Qn{WfD*^1msaVjG_dr`9?{Aq#p*>TmrR@PCv91HgSfc8%MVU#`l{k^j_KgKI=m|*57ek7cZW~ z18tJF7Vq`-rVf_A`tq1)OwcAA6{TEq0^nb-A*3}6`9C$arN_=JtNQB;ioWz$Yw?BO zV+zMJCj8~e2;hwebb&E3;NIPzyl;Oh4};x5<+nZeKAv$+J8m5K8q%ng;b;>MHS9~} z%>jMtgDqDgW}W@=WhfGPvWpKaQqshMNN@3ci*dbZwLbRk*Dvh#HVIHsd#=NY85fF9 zOdaWSUUWPZ$rdQ*%^%O8oN=AcY;xGzkuUi7z-}4NbH)>~IzbITnrPAxGts66`8jSx z*kuWAH>%2DF=>mRc^wQ%BaK8J;M6e(#UhVEjx_c;Di;a{9)uz-Fh^EFffN*hu)eja zTP8!U!%$*CPRF<~+36#I-{M17R+do`O57?i9OdQbGo3BcUdsS&3F!wjfDj~rE8UwY z1fvZ@ia_E6$O>Eo^FPom3u61Lg7|Jt7RX(%EH{7Z7&(}IhWiRd*`ivkUluq)>zE8c z#3`erm)@Z61V~!UHio3sJ~hya8|{VMF%~=NpM# zP#YwNP@+flVn?zS=v7oCsF2Nf7ka??F?YK9F&d|JADnvFb?6PSH-7gaMIcT>jp*zv z@ccL(j%hse9W}U8eRv14sH!^3rCqZHC1z2#$qL)y#P(eu`g;HH&(NDs@~JEXV=H~y z54pJm>Yc5X99P(qNA{haMHzU!+6F-*My?;*bvI5 zSC&y;ODn4U2XA#;a#UlLn2PGbahZ2R(n6;aZnCPCd}Uf7$*U?8;>c?gX77VF^v~_# zt`2S!gz_X`caJ*dx&Op^Y`bT))%%|Ve{;AC!u)JsIQ4jO|8q+4KZ5vm zL9nqI#Pr0}ml9|mVe>Y^d`rt**W6z90T_?S7&}4e{?oTvEiK~R$G4$S7@Z8cjuR21 zLx1eqMsY(FfUH>2GCltY(D`O9oo@SHv*2WbZbemq5j^>g)&LW{a2tuXV~CMVnfmOf zf(6#e=PJuNIXO^B1~5JD3QFWqEMa=7BocT@p}3bDbrP)Mrov*7$++vu=iAMhKymhv z7Ak9o#ar$oxPV@uEOpghB~x=ipW$2P`i{$kULzS znhDoEpdM#EV`AbZohMM{JfXla9-JsMdV(EvA*}p(ZSpk{KV) z&bLBEgX{Jd?8X?@rMISd5rTRa(@g&D z#W?vYa`%c>yaX!{>?@+hP$619T8r^d0_QqphMmV~uj7*%AU6b_~=Ig$!=MTCe& znUpc;_>_QkWi3iu8rQwfe4p(7BVTMC`!&1P4~?esm{ZAg`j9)QA$~W1j8UQ7cP}`_ ze|(IOy!QDi&~Fnj2vArH#uL;P@_%Nb^nHuiaIyQtUVLCEKp#3!qXQh3`J@s%un9}&YS zVAT*;gM(%$dlutT_CgLiI)B+nJGwk51143|)tMzlNmIUve!by$9P>bKtUG>pBx)%o zng$88tw8%h+%v3#PtVxvq-5R$k!+YD#QCL|Oa;i~F3UAA>v|F>zzsT7uRybBE|6d1 z(uLRqQ>ie0ob+Y1xw2AQA%jx7dE}#fPtDE`vSzl?Cb}|QZIV{oWICJ79nX8c#62J5LDC+W*><# zIFI`M_&U$n>5_-Mm*=clr{+y}qu`ziKU5MH>u`kNuGSo_l$G2wO(d6LCkc9ZCg{K| zo9j*Se+Lg7!#R4$o$f_?zTqSTEpYO4iG zlAyFHs(ia$*g=iLko15(Q=sx(Aco*Fg=Wpcb*WE6yo8h+{lss5Mibg0{zm2nUnP+k zIkWE~>!JvfquT~noCyit%-8)jj==6itR@FRpkl&`M;Qyz)>FBRI-p(2NX6*~ObKd< zhAamOMQW(13|^!tKi225W?x@Av$^|f5+KbYHXFWv2;}3}gw{pI{)T(qN?L*}J&>nVmD5j=$T`-X+X|cqC?2wNUhP6eD zU4|H@WTo{9cteMIyv)Shk2)eV+YX1kW^v30{W6^VX7BJ>_8ZDg#kCsPzH@4wn^~xV zipdLS@7y=|{@3jor9>hN^ZNPb*+`NG+r}oxQ(x?-x|kQ=-3PPaf0|7)y=|?YA}`)q zBGC5}b5~|M!i%R%DUi=3l0wMertwNn-Q8+I!7&3$H08Q^I~Q`c_+rehK|Q&jI?5kf z!YCbJxYRJj`4Gw=^9k<-_TH9X44j|nHp~)51+_tW)U5SR454x}u(~}&aX_6{>taOX zW_%<2Acp=#QxFt4(>=}7@;{Rv6M0FwzJucL?~(s%Xa7#NQmH@cESFdql~-1ie*xC1 z-5g(n2=bt<0W~x|QzDdx$NS7_eKZPd3X5haJdMq&mYy3pr zLz^EM^Y*TR7E%G*z!8QM6qybC#Vt`{7kP*(1Qkg^3#UH`L4BnX>Y|^8;e+CuAFd{n zV_h17xOMz26U$mC(dc2Qabi*uE9yAyZ_b*J^&HJ!$kIpzjnfdhxdPiHb zc#gvp(bKXLtYsg#bzsh{@+hP!Efv8zRiY#G>MW6yOw{<8WPtEC*ZsVHaRys}H%%J_ zg^s<(P)46s3UXMs_ty3C|B<^d$yVv<%JAgr*eCrXBBSPWA50yeZccYy67u}~9pU@J ziW`a;_bHA3xdSU-LI*R?-MUe(+yZ84ooqEO)s1KjY$#DUMIsg_d@8PRA1Oq<9r>tJ? z{TuE@>}qNy8@HZ<_HF~7K?3#5Z+n!Kh%CJ-|JXhh zC0I0mmEl}_REf~k$Y3+2&BK9IL$8AD9zxmseauEI(>~@~k0)+uZ5-rZ+M%NadU$31 z*<~$_<|RQ0bY%NU`FlX-4PXw+gMEOFsOy@n&vX=3kmTuxx#>rk4 z6t-Tw^Uv@0pXaNx4iRTuUj2-~{?yG-r7C_abrMwgP<*D;QF=7-z>{ns^3kNo2J>Cl zd)oc>JKc4=nC{uwsl64B+|K>(oQjF;{NwIJ()RX8t{Fm|28Ho+L%aPvS^WYuMwJN~ zdb-zp>-rx*cvz3PD~=D1%<6d-`M6IGc_7Lf&ljvpxKc|D!FS57fH`-t1%oeH8cV?WbO_fV-*z&hQm zuu6jl<$KNEeVfcs54e1PjadA(G(ht+AZe3dcnc6(eU>-xjfe7d&dDlifFb6^ z@7aPsv%eZOc>gtkgtXK>X-N=9kol(mzWJ6aqHak`3G{H08y_l<@Yhd#{(D@xnOf9v z(dD~U*=*tk%#oK-%NqO^Iw2(OBdvxT$taVwSTPk3XN0?3$R@nY;Bm$pE9Qlb*ol{3{K9Qr}ty-KI zAuOC|W!=_+i*N^@b~RacTMr%E2#G}^pBFqcjie+bOsNL=PlhA8ig|W9*DEi_Sv$?o z$0r1IjMA^tdbE7EPDbho=>PZ>DImVOWL)2E$m@;DBRrEY@ct^=Heji6fz|S4O1N{f z>hE87j2bzeol`%)zM0PQAD~XmnjomNj~QrkzMVByzLw-Vl%J6@Xr*^LvC|AAbDgX( zrHyQ~1A7(xPhY7`0wEQ@xY*?ZF~E@&CVN%iFqQd5J{HvyPvPGf{X|n$Lc`VX_;zyG z$bCz&`Dp0lh{l$qurDWpWsyb+4Lv>mn|n_Yl9W~nrmEwruU^T6E$ky$&UZm&-=mJu z-y14I{Z$1@rCY3uv??V=_Qj%R>67h4ot>dzm@)$@o>5Rn&3Ck(dGsQcUl4b)iX+OC z``Er`;Vua^^|H@pV})4%(13Z(2f;t9)sdo!cLSqdjpprjWO;8?Qy~gQ=HgvokSeAz=gFBNz`TDt`uI z7vfxEa5HFsuP&}ysSb;83`PwAdRG!zzLDk`)%qaAS&*i4Z*mCu1gSzrNl*6y1~Uv= zu`wL6?}@=sni6B;mc(NqIa_SWC6E>TdyO~X{ahoVqh%f>_K{OlauI{ zYAj*K5hr;MNV+rw2#Z7UJ~%BcGz9sZvOM6lG50op+9oA!ZeAu-h-vh5DQ@vcuW!Fu zw+l^T)%jjfE>VWqjCLd$5d50d;V`MvEXEfNEX4QF3H!y)7qojOnj&V-?Wnd)XT80= z!8n@vEvWxK`H}HoXS`oBY;K>QoI|r$KqutNFf}ppNnKstXsLnZvB_MTph-L>xXj!m zZt<4E%=Y&7n0OhU+I9U9l@FB*Go(Bj43ErBxUCw9ik2laKgf2~wjv_pO*s}({H(PV z&b;~m>0V~CFB895!mS@K{{Me z8OSWp1(M|Ou&^wE0Sp0rN*)ZE)bwS7m`%=GlZm1yb7=LO<-PoBtZI{tifJ+i1_o*X z2zX}-5+o$lTNp0979;ucLD(z_IXPoB5N<8idLG*#VTVFVU-k{OQm`oi*-cGQ<(uf} zJg~V+`2G;_z4Ahmm-)Jwcz488N&u2kTa!%%1k@Q6>>JL9h z2M6xp(9jV8o!noCr5P#I@+srP>mK=BxG_9F!X;4FHE05sieZo_Z3ZY>qz>N#02wDy z=NMFWzLnx$!KDmy!porom7v4dB85u2m8y;W&K+?qP3j7R5i+d?8)7ls+_$|b?*%;R zh*{tyG-Pu0xw(~YyK-99UXi20_P_nnf*;$qKBuX8ms!Nrw2g7FHX*C#wga0|oHI2R z>w8}j_I#xJxzleMpn?0C_+@;g`fd8F8U;1}2(qFqY9Uuu2`{|kfn0pb5i{VD$+d3X z*OKlid|4ND&oWf?m6bPxBboBK3tPVAxjKnX9`Ctx3aQ9YW%$<55VK1bI;Ai zAGXq}v{SusSyg^JFxK$R`(F7Wu~LK0)@i3-GiXu%;WmPh5a4tAUapkR{Ae+d*Q0+m*T-r%1;2C1guk&(Heg%tZ8itjG&T~Q|3 z98!!%)ZxeKkAD&-ARc6FVlrH6(Eg1Uxf^#M07+Yf*sou|4gfwIR)kcQbmZjajpSwe z$N>RN9>|NtHIDgL99wUA^xA>q;=*B~0OnTawgb?q0xtj0$d?uI?m>f>*^{;paES0w2bG1 zpy-if)fEU4*qLw?-V3XC^u244vD^GvMXm6TH+f7D%N*nar?lYYsI#R)%!z4;I$kS? z$jL^TI&>uew3f*=QMikP{m6aYs%cz$VulK5IfjMyXmOEiR$0|X>33YKH7id%bpV`!=021`_cQExHw^WP+BHst-1X?u}fLe ze56)!71Wv&4`YQBF})VQEB*qN8#7xHW{~wBPMshGixNL+;Z+lWMP!jl=#hX^4*M%O zcbxY7_=vkAKuS;;(%or}HBWT=wgey>1pGN$?Lm&vFlL+t?iKU#)a;dd80n~gVL%+F z9L>oEGIX(n$9ggWgn6^%5RJ+}JOhR?9^6(F0=Tz+Vviw+4vERPFQr*(^uLWMr3_LB zjpYil3ZQcst%7{o*c50;Pn+qA(ErMdJmaahB9Mv441hSFR~^ zhkL(s-b5=YsAG)9`J@Y0-(JX5krU>TlYKp=%w57GMIuN+(eN@`^@qXp1`34a+fz}C zA>rUeKJ8kO%mGSOHXj!Y=^)j>Gj`N6kUdz*!ICPQ^EF_cu7g$JVTkfgzS$E4dek*Ffy*Vj5rL$zq#TW;dWAfVRNN5(Ma|=`S`!LH^ zf}>AHVS4@A3#<@hIDA3h6vh4)DWMD=$~IE2e-_J^?jmkW&*HBK8D3A)154S0WZ@Kn_aQLo1IQ^{r4Sm0IqQ$L z`N8jHfJh-OIw=mPRQ`K1osyE0jZE`72nK<}g?Jfyrg&PmcyN&5k6`EQEPPAA2^E+P z-@lN2NeL02%e7#mm^(ow5X4-f?YHEXgv4QBjOS8e1_vB|#DAU@c7lU(XeZnIl;X1_uFnG1Q>%5=XpyoR~xyhS>CJvUyVKXIT%*#ol@93_#+zB>Rm11!mYv&8=n% ze6@G3X831C@Hc`^l)KXx>F`81UE6S1DKckuLCD|uQL)Og!q&JY>MQ+H;HL<&>oxUw zzX!J-qB=21#&)I zYKP|&;XtS!u>V~8-kZcm93bue{i5rgBM|Blx8?f)NFw3`#3+3UlZ1^4<{m=`X$o9A z0g@r{=JVg%tKjaO0}RVi*z9_Afls5T9)?pu;mXw6;(dXy;E)Xo6ga5UTUv!rkcE-Q zD8Cf)f>YvH8PY&Cq8;xxA{EdiBCzBvH;GokEY>|%n1$c{wy&IgYT~d*`ptUpP_g&} zM&UA3U`UdS7T$x10CH=AQHC$y-wz`^PO0X%OX@U`1fTfRxXq!se!VT|p_IL(S?@(n zhlhiXgT!BV$T5P#C!gBT%mINCad&csr7Oc1Q+0?6fR-e>g9Fc3^qvk&{UnIzES6B8 z3wlHmgdniU+)NYRkt)P=ATrs({)UIMg4wF^g$%K&S)m!n=exi4xW83ZsjC~>e?KvO z>)uGclg+bP`HNUGcCG$Xza&)vFMoS_bS3O#V$oaoZ#>c(GCHT15p~6|ZT&?kVxyI# z?qr!Xm00GOZh5@EVl_nJpScs}N4qtVFUb?o$P2WcanQtp4j)OrSH1#8v!(C$92~pG zOUOc>ZpA7*IwLQ0K%+c_qn&kq(%ovo^r`lb`Bi0^9K`4^EPjVXm#_(B>;ZZv*6J$u zLWB6RWt$4>j7sbsJ z($ZL$uw+P2LK^wO;7586ixf}MXKTUF)+r?nCWMgx7%6zcLg!J+0F{6oqVncrxuana zSheXf*_A3b8iP&B@4#c_ooT*CiEaS)8S0}sd+cpP0U_s=(WybroCc~4**&@hI# zfrM-FR@np_aFnDw5uU-G8Y-NSnsV14*bsmFh|{%r|y-#_<#xl|2b;VTb&_dGqu{}D z;c=sAM&Dk?Ml(f*HOw%}0hI`?3a^Xaijqb-&>SEFzGufR?BzKr`_L?q_){plzthN{afQFY3u4AEi?G{p)V-}=>h zGnMW`Q7(_$Wis}6Ry^0@bOgOQbkf-V!>NJLoU@~~RywZFg|%U?4?|gAKXFXs_gv=? z)(W*OYA0I4h5+Zqu1Y!lJX>b~7$d1m2)vaCr6YdMYavv$1reZMh_!(BU`ViWsJ9}k zPg8N}BVu~Jp}%C@Vx)p*eD&j@pjdIbqtHNnO8zcuzk6EsD8c3eRd;-1*K;Z-)|ElQ z32EO$tZ}oF{FbNg7`#s2X2-&vOw%e`p`u!q1fOC%JC_;H>OIVaqL?hSqp`8eE*RL! zPlGSSOS8RqF*(>WT!`JN!Y5mY{yky^AxA7HK5MprMl4kSPYTa-#)l${Egd5-iyh;) z9tY!B+I%=%eSmo|T>)?a?f#?ib>U7kF)C*oMBO9v(rO`Wyn|o`>-MUoo)cA-*}aYr zB^5LXEn&p*X6VM=h077kK+@!xRPX9X=l(J+jST!EmTd?nDXD2HqRug)Lcuy)Q9)=R zeJcZDfn|$m!+H`YVks@U?ik6e)WELT`J_=G7c z`$Lf~%N-h3x&}C5+4grU&V?wcWm$3<(tvi=DWrT^dItPqM3^H>kQP#`|NER zjNiP)f50A!cj+$s%r9U(8oLlM{^U6AfGs3HV-b;I%!rSdf z?f+&~H+)o5ta;DA+yD7U|0U=Ces?!9)TeuH*CN%VH}L7)Q*lX;X;RWODh}Er)0q?; z`Ii7ZZD}m8)i53`=oJ($bJ5jE=22Tlw0J%GFR$-k5a}0e`C{wbXyyiKwVQ;tU}{Ld z3Xh2B9v@EzNj#e{*ehFsz2g%4OYsA2~<(>l?t10sx`E zKYTEJfAU+6!P4TniwnV65vA-^mBmmjH!5TaJp1Ug956Pc;#ed zVq9Jvy4mE|N0yyr&DA#wTDPmbA%aa zqk_Ul->%0sK3RT^3RWQLqX<6R3wNZN9QwjA@WrLv@kmu){1yf#X4ekrJr56q#3L{f zS146XOq_$4R&tEz|6$GlPe@T}$Hq|?TaEV**cvFVr6m{~5;PQs8>+lDN%XkXm*Xz4 z6HJHS3W|?d44V&hN841I!275#i9a>~l3kbTOG{&r(JahBQPK-W9sSd zdE!GGcnN(8$iIzi50Fu^Cu5WD8t1PCIjO&5DZX zY9Vj0%fs=t{Q3rIwcb5Md+W5dI;VB5 zVo2x=GfZfKpRbG-sXc#w&pS8W+Cr#!tQtXN&7?)x;GyGI8um#({XR1fG)~XwP(&eB z6tv4ap_1-9i;C4eGP!zi`7ezDimentS^r+pZXLCQ3bha4c6N6S+SW`_e-XAs{(~q=-oO07|DIN`r`WcS@&(0wU7gB_Uk~Dc#*E-KF0i zJm-5~|NphVZ!Okx9nW%xd7fwX-uHc9*Y6qtk?=rpqM*)>7zTo}dMKJ!G63$k4cOR& zfRq5kqOIJWu8jfu0a;E?PC(^j^(zIU1fqIi6G{UZ(I>!oWjqZ)yqZ-6GI#FWL3Efv zNL8|hs_~rMb4q?&A7J;VZ!)5SnUw|2&l?B;fs;@%p#5&z;-#v9W`{Duu3gWrRSBg4 zp)?tQN*iolvw%+P<$bn*p(!?ssSnrd`N$J4At}ki#ih2&?2xNPxks7Slh_KS`cN(-kgo)4aoZ>?ETliQ9$IyrtmjD7so8Tc}tlO21Vpw^*lP{`YAtT(vvF{L6~o~ zwOR>m)QXdO;|G7issod%JZL9_?KK`a~LowDS$p8mi$Q=5Tz0eURo?uQVJ_jGk-0Fsd! zIQ~BtL3y{5pPP~a{DQH3zgQ^k-zx&(P*b!5?8D?|8;)fx$`--6dGQWn$Q@>L1cBCl zJw5oPE-XtbikjUSehc^~nu+G>0rAA!X0kFAcpxf$@#Wv&BY1(8>_r;zVEh5lK~VwpOB`(V;*JKCG5DBsspPN2Fv;D;s zTYE^-UH;(}I1MZ*{qm6b>95V3|&zbxJJz%!`MH;pFx-YT8@t|F!>6Am=RaR|}bMao+51 z{1D0)cOT2_5JpykP0JBLnt;!Vq?NEc81G%v4gEfUv7?fY72|>$} zxG< zMzht}G&Z>7_KE>f=2J#4l2!NkH&@EEsx7sAOd?jKBqAm@3$d|XVuU(om|g+e*=VF` zH&mn<#%wECX>)foZN}rF84X)N+N`)olr>dAv_J=g?v{pPZBxKhMZS`{)#gApPnGdg z6$*__&$CWf#yLDpfdEe-W{=ZXYTF?yKWqpUem`B07dNP+}am&}g>^^Z1$nv9GBMWv9(7pzO zzi4O$_%@~>@=a({;gqy@cw$+Y>-3Voh(&8a%)ST=%kL4PF+6j^#q>k&((R(gjP@1v zELHXNA~;y9`~5MGg7eugN)0q&jFa8o00jo8jp_H3RaQ#j?~5{kLbL06^g~e|-M-=F z{0dE~>QuV6FU|!p>X`dLnTuF5L0>W)2FboR&@FVXUpE5-|$UAKeYse%= zZfl1jV_wV4$=#*IS^I1Jw8sn1et&&CmS3(70v%p|r5RVZeO^rmQ68^jCJy0J2Lb6h zirRQXCPKX(%f*k;i5!S^FuBe+$Fmc{{0fM17>-!j*%c+~5t=5|AOyNRBg5Bk4Xkjn z160j1tG$NLnWaO56nll@lGW;}J)o0+!KVTctVo zQ27P!#~?_^RYHVY6(O*JJ9}&a#;kbFhchX=?_%ipFN&MO{ zMCqpQ0nG4Kt1!ga19UcLzQ*7bq3g@Z1=@=yk67@j5rl{`I>4jhm^oRRhK2-l^kWr% z!XmJ#cZ5cdSy0*-d8`Vd;*bhIEHE@rArjanL4_~g)31GxM@*figI5?9k>B2@MzG!4 zL-_Np3&x5Gqcav3*2)!hj-r7UPc98DTw|XrhBiwT79*F3y}bA7`X`2*cJDTq*}*+b zszd>gx623OBJaY+R-@V3{#vW(kx5EcB3wpBZ_b-=0f>Qvu*cFa_LF6Dx#-PkZ0`=Y(;N)~71Xn~G&hC{iRR)z z4i}o3Na&?Jz7l7C24!m5=1g3{xb@rmEJVmSdvZVUlA@6NH9A}vE zN;mI5(ki8<%GS3^DKrY!uun-MW-67IUR=eqN>tTwj$A&!BU+hSC?ensD12WItI|%k zwXpUp?1o6{3{;dEQx}<|Vx;KL9U4vJpD2v6`2T%2Nveq9KnHBc9}TA0T%YwFY|a$4hnVTcRC@L$BpA{v%*)qWpj8fVf> zHNNpNuvTnYue@D7y~A&t_R*Hc2{&)A($|96B=z9RDN^$H!A0z| z+@%LOb+;Qf3UE@4blN}aoMQF)Y&B7R+h6~Xc^!#2COEzMu?T0-BT^_zD1F-;f4jG? zrUtzT$3f(C?;4cr=;uJERo{ltcRo2;2~rkw<?UxGZlqL&UP%)n74U+e{hKQA}>mWR|{+%O$&^=?NAmju@$hD>RxUN*Ni$`jo_kf z4K+w8eL_E8FTBonn20w?UUPD@Xi+g~Mtp*`q|buM{sH-U{JU|7(++Py^gv!0d#U|;LzECOGeA8X z?soimP4JoYaedhy%-Cc%o~J~sF=e!9hWY-+N4rO=ei*`$kx%`k$Fhw2Y1R@FE~j56 zkLHW4RgG@ADtqL){E$^|V_3=R@P8yXKk6Nc)EWOv zvZd#T=%CrtTiv;N1l7@f2M50Z%!aPUBC6W+=MYfZ#L%!&Bcq@IMz0DaqO7dnNC8y9 zA%f07W%w^HFNYB9(+&JZL}pDTU<#_9!WSw4T9uWR^_`;d8%t1CX%s!Dee~9Pbl^1* z4nM?@iAPNEQ#=o3X$9dyAhsnAIO^IM)YHcY+~DYjqR}kCiepctxE^%@q)r3Cy#Dfy z_55*&o1W_e+G$P{^Jr98Hd za@2CCXOr&IQhu3_h$F9@xuE}UHtL6-P zm*K05rw)oh-;eHGt2;so+-!@Nx(fMb+HSaa-$Y=idR=}p0|h#*_VDP*c0IG#mb2#V zj!cfGj}pLy=TK@71W!B8(@WFSo|E0q&O4LzUJqTbW*asAev7AYiT%D6!&`qY`cjTc z&}vm+pAuvL@M@^dxM)6Kb}W+maZ^)MrMDz2n8s!mPdN`FrO=)vVck*p)7X?)427m(&qPd zAQN-|z<&cR&p{==@m|}S;Kf=Hg>@Q2i4VyDLT-d>VgvBHa{x{!ba4&n&@+KED;CVz zWC8pHvk`#50oj3L;Px{eafE3P3P*rKgS}eair8Q<_$W9X+w^D2#xM&Cethxb#aI1d zM84~V)9!5Y9+KS=0Dd4kK6!whZ9Rh7;R|~H$$);P>@wp-+IYU2_~OQQ)SE0c1oC1x zntxw&C?@hoEG{j9`M-4rqDchG%>Yx70>hrp5yIMo2>MHSmQ;wW4-YdW?MX8k) z$(i=A&JQf5q@@Qoc@j;Jp3(=JUYvU9tE5s>JxU(RQ>Am-o>mIU{TlFG+zyz(Xq{eF zY)j!1fvi@gO?r#q@GywzgW~TrdPTSYdzo)Q1uDaaWvR)BH%;3-9AqH~fo-~wNcK-+RGFLxH3c__p~S++Cw+qcs2i}CBw^+y z^*e$WK$Q}purZX2uj{%0O#*AA@L3cBv9OP{+z&!M6hN5yFi_!Wys*qcSUZSeWr-g@ zvKG)n;Q(Sy{O#K}RnVAcH_e#ppD@VD%EF+GAa&`s7!iiqz`K#*I%6U^g*Tb_33bmEYfq~%z<_A>9SCbFzmgNEOH||PAW&569U67!&sbV^mH^UtEKh?=1p>K`39pQcsxasFi;-rcAe zsKEPGyJEDLSiHZOVR!d@KVhKa%7O80z@8~kp9Qd|-xm_nKA41W1Iy=QQ0|lkc+)-t zwyC^O1B}ol)z!XKWqt4SyW0~>SOcw|GU&;%u?)0){uubHwiWIYKhwlI7y~4;v$E#j zf$%d%Lsgi18MQ7^i8x;RF37?*17z&Q%*jAAk4!X+B<{^%=`AUpW3gte87`0Am zFP}^y!o2b#;rEWWr=E2b0(c3QVUS8G$bf#@ww!h(-s<_Zu*Osr%B&Ub5^NJUPuRnN ziv_tYh8HM-iH8^K;S{jTB9n|uNj;M7V1bEEDO?tRbnU*#jkzT8+5qxK74V_t<=+>- zhZdEU8MF!p$Wq5XVT{Yjpj)1f-{sp8NTFc%P=QmUIfRh>q!r$hx%0k8jC8L-R)H6| z`QF}^G8_DD;=R+I6KC=F3?LCPnxpxs%|6Z44-PMZeZL?_FT z;|R%dR~i=j*9J;_i!cNDyEKEC z@Dwsr2iC|9K$U_%#_LE&faV~y%d1GLC=%#s)#;O+U0v_C+zwZ%xR_SMLqejX*_Ze4 z@R-MX&U1|h=-gwj(W`hB0ToiYg3aMcR1FRdJ$`!x{Fm6W{tq}AOr?4$q0bRrwYy?b zLFz10ot>Q-a0wX_btRP(cpR5;7qRBlaK2h#S(_k`+Oc%O&QOktVjt}`97Y}mnqy{f zz7<|1Ip^{Xq~v9WWVc=WXra5gs-#U1>@`hKBX>@y=PFrA$f#pz^v9N&-}5=-2Yadn zv6!x4RrbVT7acJH(s_DzYHO09pAS`e`QXj*=0 zQSxY3m64;J8SU9Nw5nbl4M2v$`wlu9A@0hRo z95;Bsk`OrPNTF=7064O*PpkCxlQ#4P4M;2Uod7;R+AHj3Y#F5GW~5pa9_X-y3cjx6 zz+-T0m^8Z)K0DfH1)IK~q+02ms1@!5Br(`z9CtIPb3AEucWa#`%*mvTyLMkk5Ua<$ar_ee#wPD+p(UijzGsH zXRvn|*8J1&wgldrq@S~mi9{3Dq;$ZA#?kI2kAiWu__ZdH|J*Jhpw^(`=hoJj`=iio zsV6TQD)S@M_8UJLu}$HNstiCuqi7C{b_$yY)pxLGFHx3~ zzD?kV-DP--j&v&!KUN0j+IKcevfL7V!H`H=v9^o06=f$|?S}PTE4$9SBdZre z{1iV`3lWipvj58h*h*TPjHJIvHO2Y)LO8@em#WWUyfyJNydlk}qfKyMimfk0v?Zu_ z_Xur`x!27O&zNy`b>-e>@X0BqM}|`Y2Y-h8iWr1huY{-m;DCQC$)dgXMdn&>CQ)hF zMS9=<_cZo8Ju0mEy?a%;Mm|eu{*i=Yn@kc-(P|LP3@@+imr1>}|4YUWdJyr`GTK2m zCtoIsTNHZBbhT$0hC3w^4`bg_Kzzk1ad?~0_`_oY`guh%Qmcg!pQ5C_>&?Kv`_~T# zy_cuEQH->t+$NFlm6Frh?JJ4mt%u|mFirV2=qWhA!lQ_e2lS@0YENOHOu z)S>j><9_f&`EDX=#E})Hgw>Okzak#%2F^ElLrT%6sR$UO;%ddQg28#G~n91QJ6A_JFj*Oi1zO1 zeZjc49p)8rss4hgBZPe+6vG}rwgX%g$&y=6Zz^UrgB`3KQnp+vRZFcvD=N9k>~)_Y z)iVM;!5vrLs=frlf~Y<5KF;`*tpUy4rW)%BRh%mP$mYu6y3A9}F`P>+$2XB!-I&)7>_2q#h`F+{eYmh45i!FD||?vp;!E z|MI>tStLkMTOY>exd-k{JRxl8i+sO`X2*lEW6?wuh8aiyJyzy~mkG zN!x-Pn*l}3SVxH`OFB(97y}B08l}1AON;}9#)T__R^7Z>)h{BFGE4t1QE(9@%68hIiqU^%l&F3HW#{l??%%CeX);p7Sbw>>w=DFW#Mmp^1(Gz zwY0pKotvu$2h-bCzGm9juU`W(MVe$V9)S$`%!A#T`e(1keh73>3~%s6uHz4a1uIJA zgbX3+&Y(lyKzd;ewEosYZfEzXvxcgY=zkQA*kcFpD9rw}Fw-7FhL7@P?<({d#DqsYjP&*ORp2&I+kMiJHk%M} z4iL6PLmbUl4{!QbvN4RRp!Kr>s=zF(spU@TxC` z{gEt?T;u`e2SS(MopdvI&W_j1;ISBmaH859fEf+&2CXr|45oo;&ClO|h2MIb-+ePb zml?nX5PFk3&{y9`v}qz}262#bh~%A0Fk5>Tpj`3l2SU5q9?iM;8w~lgegiHoxBarr z1sDwF+bw-R>J{4U2f02gHJ<18ZR9>bK;jl^FhWNRnhW`$-Go4d3;_X-GRRFW8ka}~ zzB)vcgSLxh-T}hA53(P&D|w7aou=bD85F3O z*4VPT0g{G=^`XuM;5EuLe+@wAPSeK+?K?j9GqYL)Dr#zp>q}>o|fGYO7AMo2l4 zG~oJ*AHKgd_Uf8WR1~SJ$^=@!0B-Pzz{)I@W~7SUO16cZhkTl5@|<4=L|Ymf(q7%$ zUb%!iNZAP!oqo6ct7T4ym_ySA6x~=pkvJsae0y?GN)c+@QY4r8EPQB6;6V!tzRL6G zAD|RvD1I2r?VBTofgQK@QFv~sMOdWKyf7m~R2k+z@;TCrJn%>z0j!Aju(;f^@L>;^ zHQfs6?h$@k2Zd1@h?a%aF1DZhi~c$@atE^SZ=`u)2)GBWbJ`-3-9xv7m$b45+TkVm zza(f;j}-t=>RXhyb#0(GNKFmxXzLrFmU31_9H#3S=zXk((M z_xJSj3Z$$9&qM$OVecqXjuYG4P#`u45&-{)pHGcwbG)fGuj$kC1ht;$MiEXQ#?OC* zh^u#m(K9y#SN{{n=guL1CcV>lhu?hp9fZ3fZ!wmQxqM- zI&d&%v2qz6y|KEt*a4v-^|TKms&rI}le8Iio`niL(#I99+Lrk^oCG1Kb^-yaq-eOq z%m{M0U^ESAy^;_@!f5lJ!0q9n8ofU*33(29T}RUEw__y^*Xkt#;JougnbP8?-v(_MhoG#pS)#s`N){QWDQJ;p-qa6fzA za1htPaIw6{=3st=5C{GRr5zZH5d3}i{NHS+!7pQd&v^U1jiujwu^5S~LE5kjcuJ@R zw@vdY>UV%r!5Gsb2Lz+>$LHz4=8L0@V8H800xqF`;3Q(fN*&0QmRI^1 z9S!}+XOl9Hq>0eL*MU5kmr771m=OF|8Z1f90cnBU8-|1JKqrQ${s6d)Vyb*@J$Zt) z26KUb)B%k`!W_gPTq7{6n;iZ~e8eBh+7r>w5G}Qbjh1c-IK8$Ynmsqb#ZZaa58+eG zg4+K~Ytes$^cFP^+BOEHedFbllly^AzG)JvAt8``3RcGDV>dvi!mMGA1p5JD1~vo1 zXgIQduT*ERo#E>bz9&PL=VV~98HN4m9Dwb(I*FKyPd|<(jx2%l70og?Cr8ej z9C{0OKl&MZt$DN!x}p5~7*J8ER=|49K@XNNC*VpD#t(fLP?k4kT^}*)x`azB3phHg zPOzwcj7_p=2FQL}62CNrNFoJ3tB}a6C{c_M&Lv==;>nOj3&GUkA7N(PKVeze4ev@) zocRu<8Zg}s6MH_&Ev|rM>yBoM^>7EMPDi(YRu9Z2ZCzX>_6bBck;^2KIquzaFGt>A zUael};uV(XT3A>(wr`mgO5nQwPnz{~fle|!V@pc5Sy!Q&+d7uvYwtac{USi$;S}vS zcOsX+p9}4NO*xQqMHy4W~b-BsRaf+`hYfCM)+Q=0TwpOK1k3-vtvV z?fY`1a}wCg!JHo((@f!D`lf(#;bhd%_JNx&5F_-XIGMOvKvp+13?uDKKsCSTV>Fc9W>g}QhB*!4oUR>1eVwj{G~rksCd%;v z|5V|rYI~yoE_S3Vkp?VAQp<&yGEHfT1==hw7! z4gW9ZxUa7j%Ds|K=Ui;`(%EYL_)7anU;Pm?z#w~i8gg=97`)>g-)$}O&(%$g>U%4_ zpKs-mfuZmD;u2FPJAFWLlGB^NdW4GqGtY*Ly@l`i)biJ0=-OkiLY!6< z{p1>7!1>@u)+RPdK5P=gq}^~$Durll`?yLVwW1^n*G5N6-e0G8GL;m8P$yT2U)NyW@8%ck1QNn7h8kuBTe?Mdehf&R#`H<{|A%?GReDWxmt8BRiz(yR@4@>7c&d(xWr`gn{80+ zUF%W1|Djv>-@oPZwxn?Zbsw#Yjk>xcy{@W<+wn?-fU2(B_R7Slpyjx#(kmS|FE;Jm z!<3$+m5GzeB^?Z6A+pS+qjgHPkv`?owU}*vYE=}9l;d8L$;W3&(-luf?0A3wcZ0%~ z4z!7gaD{FLp)JrnXGqdL0hOnu>pJZd8b8&aDnzcu6LFX{hiwkD%bxMKkJtY9Aa&NS zWn#q31KYeB@4pM8|9%4?ogf2p+58uLU#I`H4;AQbQ3n)1#;mPlc2nvcs|ZmlInQI%(;L zs-D>Jg3*FTyW~#1)r#SHx1Pp7aG`(YDRe-ZC_o@FYJKy7$HUTOO@(LnNK~+t zkZI*uJQ=~HS!1(Fs$R-lI?i)G3K8wi0R6DbbiKZ+ACb4|=f7@_J50wMv@d8%<>$?e zY+g7|4qqH>R{r=)xuR}@dXGujsmWut{!h=&_ZIKhDd)IB(u(l>9DT(L%kQ*;D(W%F zC|4c8qT=c0d3HS1$_>hUmg2NwHFvcj_kcB28?xA*Vo3>x``#vSkJMK z0flw>%U80nYJ|l?^!JrR{!mp%pcfS>(r+zhOJ6YFl;fb(asRJV#YGnyNo!!62W{v<3@Wv(D01A~!2itiR9Zi|1vM z*?|g852V%954fm=pUe6F5>@cK>Ip!z36Zx@QSej?i^Ox#P7rdr?*%L>pYriAG1I-T zF9txy4O2UCY(xXL%sN6afPjMJsb;R%ZIxsK@8%%T8z^Cu+)D%1dIG}E0dhuhKs@Ce ztx8jIaE8Afafd4ikt_>F89X8&!0O>IkikTB@Cs=29XGP$>-Y|A5h8?Pkc8UR*OyBz z;@)w#y!_G~@bAn3ljR}DsyDDCfOnKy>;|r!uhu|uvJT!X9nMI|sQB@bP4hJ`h#hzj zhLVile&e-(#G4Of2eAnWEMK7)96@(q&g~ z6GS%-Pd!^9;D4^(^R?TstFtp(;E+V^R*Yr+$i4PPFX}={Phak2 zx?#T`=u;SU+?Wn}N4R8qx}$Jmx2jA`K;4$5#4`37$on$^g~5RZD9^=&-h#G(%VeDu z2D@gRR;5sK4hz=SUT)C*KEt>^`P_V$`Kjpjks7TCBBFY-%+NoY z5-63JbTWaYJWrERDTx`i%NGR$!hpzlk^mt_ncz4FVQ~N*5o}s;j22ZFL9~i+sRV}= zW8q%ucVRFe0Kt|9`I5IlYeaV#U|ca1kjs$=S3#2q27LmgCqzPI7|6_kv@Meel08xo z`Vp6DyWk^VL>o?`9|s^W5E->&kTGOCluv62{|8Vp#3Klz)_Gzo7{24k3kac!DtN68 z{MTnF2&#vKLVCqXobSog`^W{(U9ap-c4sXa@5r<8u=}GQ?TWL1%zlti5xclVt`hS- z6sTyK%J;8hCx$<}kZz9UVlOlRVbJvhBc$W?$;i+o>PqKp5<&Yj2)l06$IfngN1!e{ z0MY3tJaMVzgo3v7FkG5RWeFmuU-rora{s-v6wo5}k|4exIyZ#g`B(yj-T-=C9U9)n z>18Etbp;fmk&IY=efO0il;L#Ew16g95n2{jECDp*Wmk8nDe z0#p`4oS}>=U2sl+za)Ohm@gqlRxeP0NF#J1HuLx)T}&WoUZOsl3!{LB*$a{XU5-D9 zf#!t(OalJ&ZS69YgB&1~BPpr{LcX$~f&d2#Tow7fZc zL;d#0En{QBvh7;-ecIKg3|U4B3L-8cU_JI$=t5Pswidn3nO|Xkj81F$g8WhVCnj!& zkX_@3o`FISA-{*Fb4`?t3wZreLu(EqVrN%4aR(w+07-Fm<%vnF|NqhM+djfMza%(6 zNQplk*-3gxHkchK_Cs4!A@OWmn`OUYV->(%*kWsLAjq1XNT~IDhafNrN@s@9vZ2UO z=efY8e2aV^VmP$AKn2N`dhTR-8$7VzZ?Re4kyTL00<(Y2jX;$$@Qn-ex-1YzhBQ7Q zEDjg}1Nr*4ir^>ejxr^{$I=-^Grglbg^g4L>Q&HD!HW?WNJ91CU@OTmUD;FwEGT3# z8xR83?^EY!F2AAu*`Y&&I6K=abMfJ&rA`P9|rmq*n(~u zTHE)&KIL~SZ9$AuptgAg9p-{L+In@~jfZfepy7v*=lRcio$Br*SpirMDlXXrcnM&K z$xMLJEUiG$ycmRa8PBg#)ayb<9|%ttePRdgCMGE5)Ze!}^8$`k=!?ztU~0l zM?opgQ1YUmTjS?&v07rPtOjZvbxyCs&YRQ+kB7woG&-Z3<4#v!3I3dRyrSx<`lRI6 ze~Yf+#|WK#T+dNg?t-2ny^p?3dFObwRbl{_>5SO}8w4~Gl!GjY^cafOnR=HYP(cGp zz%x-IvV^9r57j%%e46D&xsh{E4h~sfjmY6DNo+|Dlcy#*5nPyYk- zE^1~IAZcZOL`cX@?}869P|eKV*$0qY7Q|OVT3x8P>in=f_%!$9JbbIKFAqP!vEQw+3t_m@7(QVlRLmI0 z#KD=LmRaEbwUs{{LBzqt@U^P~P|qY)-&UPZsovsYXHMz36-q1qFFosJX1(&Do0(~)L6}bvv7Nd!hc6zx$i}4?LH}8e>!>c zWU{IB!vX#oq|;vvW&U`yVd(vRn0qDsIs?t7(Vpb04HX%khFB+)zqC9(m>eB#Tj?8g zwk9yE7go?8)FjAPBL02e-+{sDyEL}Ch|F>WXi}bfc3=chN)*Vn@e@P2%gf6J)guL? zSl_E4^5??*Aiw5G#qNIYN7shs7bOWID-~Ic*t1xr)$H%viMW(e64)JSh81nMQH(F8 zEU%IFw|!$1i0zKwd@POG>dz}&4`z>{Ml~AtYr`T{Z*R_T{}d_eRtTH>c=H)8Jr^lSVVS#>(uzD^kNYEIAffJ>&{It|p#i+qwcbU`!gb2)Dn-82 zJbyw+>Ot5^>3RrfN>iHBCCx6Sm4*^N^6drOtr{^H`o7()OQk^j!sOpzgg0RNJ?rUW zWp#7ql2DQHde_MO))*9$MoXHV9e!D~3z0eqS_y1Vo^Ob^xV=tV%WbdwYnY#Q0aN*v z%2OEid-Z=4F#l68-l8{|6E6R52ycJE=un(vPrYu3M|!YRT$ayl)q{YSFg{`eMa=+C6Y|< zi?w;*Ka2C9Zml1-7|oLf46+;oQoPlRd81j@!2MpungaVur71hyhZxc(;=d6iMi35= z2No9zW;3xjPLb^bVbsaaKc_vQ{U%IYT;T}*94+npxu2^~JT_QGQjz-BVFOGrF@#qW8#It#*Byys3S&UShdoL{9R^dz|T2|1i#Y^Q*tM~W8z zR}+~MY1di3Mr5#uPO~$`Yn<>?7PXvlV0>Q$n8d2g5{%colx~mL zvW<3MKGo{nCt{q6ZoMv&U6R_}p!v#D8s(~QpLmv^XmN)CiuBJ9GXpZ=0r3-yg8OtZ zWI9`7WT#Ek)~@yN?wp= zJV5RR%7HojhemKRcLvqL6gd2waGCU0g1f5;{Jd5mwdG`@&wCUA@lk1@x-1mTrEEgYN7_||Rp z3~C$6zxJkojC>7~_O=@8Bltf*tWxk)l~OXMZ-n3~`uf3qZUrf-TXwhAL_BCm6FSSK zDDMAM10rSjt9QM2Jw_kg%UJ74Fam{3(~R?!mFoCmq5d^1B+_}xMD*~EHo!X^|C|_V zx?16w0vO7llNO~_VC>juNZT}n5L8b!xK$vyQO;n>Jq1dt7vPN9h)~XRCS5UigUV?e zyqtLh(^#x_&K|_IzC^2{_dUC|vB$|yIC8Qtic%H8CIl7x+i0&TZ5K;_j^s5pnCs{3 zNud_`4xxFt&h2qA!C7u2e0fzk+N5hiG5%ZKW3kW3QoqAQ2})9|)i^8qU~`a}AD|_l z5~C|72u}5q@jf_OLJ!1H=RsV7n;&L(#B=0D3cUp`$qTxcg)SM}$Pfj>F+(Qo-FHNG zavg8TdAb0X&=fp2O2dn_;HFyvXoWKv$4hNfaQpV}h?51J*Ee6*=bbxz!Q~qVu|P(3 zKy$%@6^zg*8VQkU34?P)0phTH0+L=PfI@&|D8=h!;-nSd`+@mB>`dI2LG2866F`zG zZT+M)`6)JwxX_;$zGu%+!HA#;@Kj9XK};E>wo?=nKTn3mSy&FdyG_t@aJw)QzW!zi zL$lu5%I~C4Af02UVnsYpQs2YmyN;0UybAQbbtrPWLlAyBuXuN^^Y&>f#nZE_r;`7E zk9;MV(zdk%XWI%=At62x22|+$FrIdGe~7_8roNhoku?>=g=d3P{Hh694TbLo{AeHvbSjJ;)Z9u$2 z$UdtbHwInLxQs2PYhGUBfcitXKIdC>J@6~#t!Rl@@8WA$UrpyUdYpVqk((=`@J6{f z4Sm-&D^jlo>(yte$f;KTyCu9(Q4cMPp6>!C8hz>>(;&_>5MS9I7br zL1AOhlVv-KdyYJPHUXlbaf_*O+LA%9=If#RuM?Z!qo5&YbFYQZa$M!zgDWqP#=LY= z0?L>PY0(1$$+E)^`lv^~{mCw~cl!3v2jiPw>i@nNTdHP96#}mG&qMcHX;#myk1d5y=b=!rHQX@}QQ=6AnI{N%J7_V&maV^FEfc7$IB3PxM}^2`7GjenE| z$4nxeeMyzlMQVy$n6Krn!V;bU;#?;>-qO!GxSH|Ymi$bBSPf)as)#{9$p}OMhorJI z-C|GVERFbFtX(~o!>;{hp_0AWyV3po;zusG=aA2q13mYf)*G15_C3eLz9Dsi3h|x@ z{~g-CH+Q(&ND`b!KikZmVg3a3XHBr%WwZp_*@4%t1_3D)4_}6WxEf~j?X+$G@4W!+ zx9A!w1@%t)@}*Y96mQ?D6ohO`xwvaYfBgIavy45wDM*S;`v^>KNj~dr&o(kaFcQB> zwoP~gseF44k40$2B9^Rw>}srn;V56dMIs zi=z}f4WBHCDt?SLedG39ieL714o987;X94uKiBIMs^>HfAhjOv&dq_PJKaf#O zSc`|#!C}EVYthZa1UH5}2o;}twQNlK4UJoWQX&!KH~m!gEc@-nXg+e$0EZpC7;3(= z^aO`iG}4-9{A$_0;4-l55k=Y}dV1LlXZs`UIMxB;R}UZo;A2t0)}co|DAv~LCg$}8 zzNGgW(J1j7G=L@(E;emBusKqZWkXP|yi1+EZ`YIjd3>~F1{%N@A)!@4JyZYHwyEJ8 zzNDz-+B?Ke{PW{0!3d*Oru|&9$%qUdcT6PGaf1qSL;UkK zEak(FAd@d$Y?*CX;c!hWeS+6Oy>347$&DpeonL+P4&~iXne@m#+zQtJeikGGW>jQB z*IKBSs?)z8kB-sj0i+dAOo5e>^~Jq{x_`doA#ei1XhvlM-nxQ&|NKsYQgFXy2@BN` z>3{dY`R5Rsn6>A5ED?x*wJd-%=GvjLR7Uq`RD0|{ALZr)xxwKQDZ-`qTcrwQD*LlfnhS5~@jzwa)kJ5^00lAm{-{5IrXuQoWmy$X|8wPEw?CX z5GAc6NE*`Xhg(dQa@`(-m{&MZzy%PJd2N zOlDP&fW@Cd*HjW`e>&@YUbj$Vov#(Vs@B$UxmQD9j-qzPw*GL&53r7yVff#QIRdX5 zdOBY25WkI``tcK$uw$*0-;=r%cq=2M5B_93F~EmUZBmI|(9aEDzWEqKxIx9@{kR2O;=B z19OKG(IcR#3;U{d+;lb|`I=SHhqu-Ba{hZE$u;b%!K?gw%}ykV+ek0jK)c$SEyADX z`_Rin@fLs08rx9CR8EfX6nx(A8jreMJx~2vPiYWeDdyl?e$Yxo zJj!tzBOs}TP2TG`Cy0EHR!u?j1vCySfK6v02#?Af9QnM7YhaGG0NHDaSh+#HQe*pT znMuqH=pLiC4^w}8_ADisq?Cj0ar}5p-v-zpKgH{NPmuGN6Z1GIfpZ^oNIvL+vQ0|$kPGDDOiw~Cx<$B8c3^3d{)Y;PqzD^MdHPCtKs`#mDQjcTMLgKe-)}PISdt6x+;EgD>4$ zT2)1FwbdK}_b2D^2@~9M%?eU<58I-i3*5x*9E#G&>*J<5;a9o%6s8pZulhn9f+qWE zQRLVfoM+H2rmEv2>Nej!5u^O!{~mwk=S1d~M}Wp|XcqQ=RsjNYGxMqYzGCld?`;`OM_jgG|pN!uC#EV&XPkmmdM9Y57Y1`2jLh ze>p(xEIpKp=N7&@NS`VA--CfQBLEj3qJW&U!=y8)PCob*3L=R(l8fE<^LgCBMvzGn z5ZlueNI}xfiv1k)<3D0$gW=){hXCFHSJ{Z{NF66E8~=q7^D-aOH}<`=$Fc2xaM&Q% zk|v6g5IUS?g1|a@Md;$Tt|ef1;0+^!W%eakcD9FkJc3w0yjqwzW;wjXQ4-FsT|Nnn zHg9~drNfc57%d`bPP;MM;9>2uG(MIw<1HU z(s#dRGg~UCWC^8}X+TLZ@?G?qAFM14Owd}(hq>3Zz+0+!V-Tq+u1yzby*)f6SRgUA zv=}W2xBXN^U%dbCelL!_lkDj$ay;#QzX84D(@}a|Ya-UDYQ!ZQAma&_E=&M=<{f1& zq+iZ}=6WT#exQn}qo{Bu-O;xHq2kalyxjW9^<+3TtT}<5 zBVJ1?;NWV3`B6)Ni;e=ttGn!y+_#nav9;qIoCilVX!vYMN6O8nTY+pES-G9FzX0@_ z?}M88aE@1f&HF0MT!iPD)pfjXVLEO<{gke(L@_k*WR27IcTl4X#_SItXi0q^=8qKw z(}-$YPt@|$--h%@9d#CI`1u&KyPfzALn z$ClQTo^V1eg_1@Hn(GWQ>q0<9R!R)G63GL-@n|80H-pxa3~o`PvIgd=LnfHBlN~fg zMB)pLpxX~8sPEG?CM9IHDJ*m+Cwf{V!8T(z`H=r2v`fHIafa%6AX6_$Q!x2qMX*+- zkRdf@uM52EW();AJ}yHUN3c|^PTVuG0tPs-yql>iX)imB7&YO)o1qyEO~*Igu1e#9 z8!1*ZJ@)tcTz$yFKyzchGRz&9m_BfWMUDpP>0TG=6My_pJ9w#Y9&_F_NwgEO~S=3qt6DqjxN_`lP;te3p%qk|jUru3`T??mSW@qXCQ zb^&5=^RYz$+MKJZ2zDhSmP^qtt+*s6u zTm0;f7BCxR)G9Ibb33e=sbDx?d1}ny_iQL#4D`CvpS5g#t;mw_d~gt&D?yNL+G{;i ze?Av%8rq^-jeR~>9>nGkUOS?EAYj3UH+Yjkm_=27nEav0FkR2fTOEAj|R zc6#380oSlwLIO!FRC#?JbfI0&Vbd+Vb=UpkY_CVaQ9sBA-||Zg#|!LGPMeR^YvKRo zfuP*O@KSC@YI|s?V*C(xQqh-a&G2b?E^KPJ*coXXxkwNhrS@P-10<9|G$TEP$ zx7xiwdiMiRz!xYu+C@GvL(sk*^Ilyb;SbfSJ9;$+xTwaUkrXb;1c#QK;}_n9+m!SX z7!YX{`I9ivlNhA%nZFXs{OVC~1qlo6P=jCWWs9}>WFC7{T)5f?za#(f>-*Pjx>U?7 zSDzS=(L6CDa=Q7kgyFSxax#O~7Xe%exkD=*L%6m=ya3zV9zGI1zKmTNnw*{NZk43K@dLlDFWFb^PX<*N@8aQUx}@ zf0Y`ck;HgjABSfxA0+vl*dRsJNM3{h!bFxJ0fq`gv063CmY)*Q`^pw-Rfhah^}CWp z$*xWZCvpfxwj;9kI|5SSv_-VkIIl0(r-4n2$XKpIs^}_LWYX`&AihnywLA$V4HjIz ztHZ>f|M;R*i%9M6;t?WiQHSe!8fyPTBkm$3SBXU zFbTG^ORK>NeXrhwd*OPz60Yma^3wAzy3s*v=0e)keGJ`wF=-&d{hV^;wW_4kZ_cY&0+!S$`r<(13N zrn6g*jv{dVkuDFzH{EYeR1)c}zjYCsjy!!ra{fmhh{XtM08GA&yx;ZAjXM#X?maK0 z=)#w6Ne7KXJDx9OZ@=+F4&0m!FIq(0g2Z#5+em}CY83xIKdn+x0L5}Fqx=r zyU2>g?`qpG&%=cj);eR!sA~lF!ul-}@KZ1KJoX2~UU2n>@Klv49kRr=U7L-!JJp;a@nq76Mb3 zdfGQz7-lCSJu(yk8cEw!J8rRzHh3^(iT{}vQ@@lmwE@p2qSNNmJ@M*R^rqB*%y@4yV zyuVPt;Evm+EAB?k#xCm$1LF+z?h}A|LAzjufOXNkooTqN2Q7!#^iEb2Sgw|949U&J z{IMV;nQe^Wx@P>!ZhxKg^wZhFnt%e6;5Vwpx>GqN%EeZ7X;%zXE3J~Z@@W?Y-;Qu| zeyY}w1PSt6EttN9I^#e^SClM8j~RAfk}z~$#N*v%BnY{dK*;B7@Bx_kK>$LS706WY?W6nSXrmiA&`K`F*Q9YlsWqIa z4DvlBE!L?b<=V@hfP99S_d4JZCG4*W#vDZbuo#u*fC1b984|ziy=CIWK728#ODkvv z|JtJ()2>(V8r_H29AhTAjI6SiT`^kAV3-hs*j5c>FgC^uTcn_n4Pr8PQo+O?0+c`A zGKd-hz*nRlY$yiPZY_Wwu3zcC_^@U%!)_fU{Ow29_52*Zhb7@|i_TgwGY$5R*`{;o zXp&z5f6ohF={q<>djAzUcL~wSpUk5?3iOgvWWtijzQx(DaXV9E*NXH+U;Xu|YMxI( zFU=WrfE-+_!`E5TJxK2kI#vh>Z#)*tXHZvJ#A`jRPsc0x%$X0H&>;GywU- z2{5N-NCCKWFVzFBdDrXRPAAZ15&}eR6QEO7`BgSn6F9q}&^b6-HAzXo9M~^d{K!-3 z%?D;#2f!Ig6O^2Wx{cDJZOV7vK%dticK&UzU@#)!`5{BSOHID(o56(mZ zH#ooxcn@;*9s?U=7gL8x8Gfg3LYIZUdlKqpqx5*10u-Ok;hP9^Uekea$>i)5_j{_w zl7YM*rVWv$clHv8ib?xYoR>^oOnMWW&WqB&4hun;$>d9aZutmmQ)36YSpHnC7|nkg z8`tqQHUxHYe)8l)@^B_o5&&}vS$-s-}nvOl;Xj}W$c#& ziKXTr))FlRDm)iWvV8~a!Y35mcgPb(-M*pW8VNSTOpu850b-k3>gnY2I*^g6a09BS z;mrw8>782Zfu!-oomg!{prrEg0zh(Qpz;|-D;l2ytz#ol+?0bhz%+W8?X>?xy%8|H zO_ht|ZdwhH7D^D)JMLCn2asUs+~K61!sL#$`IjbT2c+uLK#Orc>**0t_L*DwTqT;| zuXBDMwmcmowETW;s4keSp51Jn?xABR5SO(a^UycmLqioczuNQHcVq|3WI5^Raio%B z?Yg9wC-~L$X!?WjO{G!OMqnlu#w4+prIJqpf4lFDq&*{B)jss<0bQ)HIcPFUVrz_B zb-Z$~?k2YJ@`~R-S^&=m>bd(h{rTc#=Aicoy#WHEsg*cdIB(zLzYqMg+=dFp{s;kP z*zdhf(kpUSnbA$NpQQScVWa_;T2z%}DO*x$Q6D`6%fz6uzkcLX_QTYzC@tX%_8XJJ z__kZK1xZX&{;e?3hPf&iOk^8;V;k)4RFu2e&dz+^XxzXIl}6@EEdW(#Zvm>^g`hJs zM1rF4-%BS1YIGs)CwA}fe66m*Uuz)ne>{3S3u{|l=f&+1aNge!k~kW>XVx=Wos}Og>+H3w=i8!BL3H&y(tC*u^INn&8DufJ>LS)PMg;wx9`K2CgK>2FCuuti29nGB%|_Yx${&K0i`?nmXiW7#Yp`|HDiRTk(m9Hv3(OVfjtW7PPOzC2!DLo})lq>HfFvV1WQY=v=LoE2V+%{m257FqT`N91 z*{_f`lUOVRb}*A!kUb2KJo`!0%Lezl3>gK~M7FQ%M63G`A=j(PS5h9?Ln(1yf;fPW zl`ZTq{;O2>=@Ta6^D3hN0XTosTAAU`w`-FnZX#S}U7w;ImZJ- zC~i>RJo&wnZz*2KcBI&f#Oud{0vE+mTj`-yKdmn1<|m=MgeGB8o*p!DEl-apdI2bw zxmuli!zO8*ts0%lz6Ndo_+!HxxQup#C8tay8g*|9Z6O@EE2SoER`dA5TRsN)FUL5O zGg+{$%3Xw*1Ip~s!qdy_KFf(j>^(CJH#sI3x{BhlzaPj>nMA{H*>=B3JUQKU*r=73 zU^5LTBEae@xVNTjU3VTr*o;lg;6+yzc)HD1~Vz*Oav&D)9DMSrbH{3uT` zUdQSYU?vWd^)28J+H0iZm4r$o3T#d`p_rcc!6{D_77tZ!qXY+T8z7vUV zxFO!&FGF8Ix+|D^Ld>s)6Sk!VZO7dcro2}Ptai3tABQ5J1}jItAFmbZ8|p6JTD=ot z8G9|VFS0(8=bmyDjK%rN@l7W$k;V8(D6y%-oYL`7fRv2vERhoyydj zAKB2Kbb5v{7k0S=JGx&ANm9f*skD{czHj$Wa^&?EjmPm{8AGA7&a{VkHd*puPJceT zBY(I4TP$Re+zZSYBSA-SH@EYC{vQR@ZSXmH_MPkKQ)_0L#pO74C~RSP@=&|!Q!%rN z#hPif@wq(*mfsUk4|3=j;A)FAsmR*@oABN>MCW9-3;C#izqqz!fPp*P@<3S1*tyAO=C{D^SJ~Pb{xU~mQ<9#&Lg_c<*peIFqyl&DdgA) zdYOP6Tz5&TNzpgnX6ximFQ`VxObOA)-}h0)5!$QXVJ31@8|3h9^_$bjY8-$K5{M8N^WR+}1490L9`Jp{&x({k8sW{(! zZ7k5X0gRB3XN&IN1Kt$LKMJ)3CpbTE^BH$bP7T|jjzd7vR=*u;J!=AFEC2tk5=v%Y3&wc4a;X48cA+_hPJPx($ z4OPs-op|oMZ)`d|uV)&F^9V{KZU9)?gqHOHOrTI}eEv=ks)SXqTt?zCs+zKWV)e&b zfjl5{*dxObvB1^s%|QLuw+gfINtXKkFp#3w?1?Vk`D;u6-P7=s6h~Izf4!qZ^81Pe zcyfiV`72${T9vs4^d4-u2%2rv!Tk3vkm)`KcseyPOvjsJWr-DU#{`!A6>$uDKom4Z z19v(AX*ozIaq9$Gn;DpefsTw)i@H{w@9SMwpealTKqE^tn1W+nR`2AK{W^jN-x-8W z`cr@zScCMr6b%hHwB1ls2jsAIy~}+)OArMQ;s;#YuaeNy6?ZM{4J%ZZ^*?0eY_+8m+>r4Qg7F@;y#El;2u z!jG1d>$f|@uq}uo?nfsi zO6LcOJc~lS0fDzomc;pq!}y)$c6hSTujDincnfE}zT-&uuZgd2?ACS8_NY-3J=$U0 zRKMVu37q9r&?@+#N;p#rlD75nAFKYNL-lSJTBYy(h*msSPkoi17S`VSV;d)8Wt2;y znHImFf_~gz-|>=?h_SnSCb8gsB~FJoOOO$ zhT>JZo4#UbO+Y5PlcNqXD@t8QgEQBCKvlcO?^*RG|A)?psT+RcU=pY-T`FJ#2zStI zHmT+VVSy)J-_e}E&uhRtWp;FvY-j5^)K?Axc7ZYi&ML+U(5nw=4vG`^2#Xg7_jn!E z#cOy%&AaR`P)rFwMO9GrC6413H#{&KD+u&XovJxRoZ-m&crJUVxs~;#kR%AG={cqE zuMdqc^=eR^&iaRHttZX36exE%94u)m8>Il`sFEb)+lVIIjHcW=tIhrN;IoFntyWO* z`W0$dj7~6!KFYJpCRQ@r+gnkCHn)C&A_g(P?i;cpngKyjpLA6pC{URv3dEWP-JI4? zrBNgPCt6{Wb$-D5zSwn0@%k9O-==-SPTxwP}|EikPlkMM^nb?SRWb^+G+rzLNX1IFSTyVG z1mLMTlsZemT7(6m!8APcFD*u3UN@Z&BkDvq3K_S?8TeX>+XaM;)GzP)N@SX@L=1Z$ zs3_Bl=)ht&$%5frVdBpf%p2Bq+G$&0nI8PK^ zDJT+q)jxi#H9R3}c?#zkt+uR#F`6=~b!Dcx4>Z9)Y+Oh3@AKy)iUQ)*O2(5=njLW$ zTpyb^KsQRsv6bH&+xHPjuYW#BDk*)q)Z+%EyeKy-Ob1e^{0F=EKOsb0Nu=l@9wH=s zpM*#gMATP$=pJEGe%f0@_Rzb`<5*Dle>0!VNv}IONt9SA>*8$Kt4)g@9wqkYO;)5u zR*JbcaZthE6slJXeEYCIX=2fA&{;kfc~Q!>ILv5u>AW2+xLztNgP8SlLp6GRx>9!- z0C(_dv{FDM_{H-M#JSrRUdv~a(>ab`){Re0=EOnm@^{$cx{Cona5F-r1OjaH9YzXrX!{p)hs)!W z$G(0|E`^5ii>$rMpZcQF>vJ~f4NyZ>LQQVamk7e5BbJsa%d%hlB+WY^WHx0}#iJ?G zYKj@=Kr#kBZD#ZZj2VNMPu-!L^8s5|y-1ED+jqhEnmL`a%iaoEPiyvgSM0lWL<#c+ z>8xT3U?#QMIUe~w(&`JmLLk~B?}RvL3vbCZ2}^D4Pm63(W%HP}gaoi|;=6^SRBf`j zc0v}@ObEwZmGYHlXR_q-b2OwpW@%hDr_=h#`P`4NC=x`I(p#LwfTeYiTc*+=RWs@4 zP)BM7ZBfImw`5G(6EIu5keM&fyO<`CK6=Bm4(THYHfFo2sZMR8?{{+?A!V130E0zJ z$Q!OdRhqof<-iU8d=hK`RFEl}fXClP z8{4({6TVZYP50+tbEK1Ps$%R_T-9bz2II^qSRWXeSX6kEnr?o_fuF~_6mI`yDD!vo zx%y;_gl+LKx^4Fmqll+I&cS0{+m`JbS0A%|_VHIMid9`=DE13T#CIWc(RXT(y)sMs z9kTh{H8!-r?p3j=6$W835xdBT2GpeL0dBz^{D6o4c5YiOgOqm`ZD0NF9RUdEh*wfF zW!~acvap2s&fSq1l{$3s!-(rOtiV7=EV^;MTqmKGOP{QbpW9{(g=o{9*?#=UkJsYU z4Ph;-R|X^mMl8~zJnzy&xstjFd>T6XbX_J28uYT~Qml*4M067cET5gwFBmx93ORiD z?L4Iu4W!*$C@<_{?-~E;XYK+{r)7$swXdV)OcYA8yEkNe6h0$J+n~}z@pb!gIA8J~ z%*BXJ073p2@UCI2?*VbM(u!`%#;;vc>V?ikFF46oeK~ThDyI$SpZ?XdN&M2$j1%Q?H=14>B zk*`w%U&DoctW~`Z4+%&ECaUpEP_GN^!_0=PV?zo*Qen^ZDvxKnvw5Cq`%Z ztNhO$QnPMuRao&(G|>HMd<^C5|HN*uS|;#_O!GzK-$$3F(X5SF0_R_ZgsT|8>{Q?L zgIuS;ysT^-m)qbhpve1@=TtBfls5rQ^@Y_qiVzT=dg znr^OMSedr$&V9=;VWs!C^E&!`2GA2g#v^vvnr&L3;Cx+9IN9*PHYl}+jw4)qZe!UY z!J1R7x$I(mP22WW1N3a2-*zeu)jozW{tLVL{W#5_k-$xkoE>yj6(`2xG)Ai#Z%5?{ zV*}N1Yp&WYZ?`qAnLJ^?SI=MI9W^AsA`$-M`*;?WDx2*a1Rj*?(7hi)@%< zBND;5AHYMN5n&4W1|=`P!@I{~RQ@c0-=HCZHx&Ud{_b$;W1r=}Nov~#u5g+Fl7@oj z_IBC~AdEbq=U$gg!^;1b_eZ?ErPzmt-QUc9OaA?<;-8N_jOKmH+WC8u!pql_zzPwACY!YtYOakH3!aSu zIyuk+EeEqTu)Qr4OXQ2$u6ut!bH8&Qb2PR0d*^5H)c=0nmuakUMC9$OdF-p%29E;C zf(*~)^|FDmcqkIy2fQ~7&}0g&%J+&6ZHW6Z{~Zh(jDOa->&~+Cck{#RKC`DoKbn{b zjz?!Qufl97!*Kj!{NGKUMjlde-hfo=Hedqi zP|L!GXCH={^XcEy2X8(<7dPGc93+GJ_d-(S$0psXis%^l#k4%q@OI;i_J5C>IQGYQ zK*ao5y|41&_qy?V%M_7P7WJ*#>EN3t{+Gl*zxeuXbY^H=miOx4CHm)^KbPx2SMI-G zN@E09Lirz(!asNG-><(;3vS!T!ZwvZu)F^rMz7y7MnWL}{+&PW(?9#fEk!7Lqk>bY zx&7CP`Qr%iKY`VNGhUGQ`HwsE?-7WXpr2TTruII%Rri0r?mk0rBme(N|NnRTk7)GA z!}a$Q{{NlFTU_qW7O?n?p+J3BmcM7;!}LEZrb8CQ)P*}ad;e?>m{^>XeyRRkxXX!k{8+p#P z2x$K~53%ag^1snVM?sR*u~y4i!?=*8z!2EdZmG8fsGJ}{wQK}7KQ0vQ%#qAqK;2QQ z&_%Zfw)|C0%MKChk=@IbRl(yK|2!{95)>@Nq;-nHa{_-)uEDdpb%&8;Fj%#Vhj*Hrras~@miNG zhZ-Gos8MOJ7KOb)=+`LJyi>#AbaxY3Ie;dK%ple~c?Z^XL?=W1gTpcP~!2fW7a0;Yy2UW9r@2<78`q zSr-5?ostD|B!Ww4ExRg;aS4-~c&?1}NZ}1_$%8*l-@*t9p?y z=_Kb_KMsHb7a-&sx@&-L{GGB#J(IhgpJi^)J6{CGB$RCI07|b3nD$0XzveeWc>B>4 zrP30EJ3o6YyFcH9zx&x82Y>tGQ)+c1q-7M|7EFo!{#6zQO8qbbBi|Jot=%%6;M@^& z2AR$pU_D*~==mc7!MWsgQabU7XC%&~fvFS-v7azaQ7hD~W_~CQwoF zxC1B2oUHGQ1D1oc)MDr^tZH5rk%oU?LW0%W(`UK2CKGJIjFo+Pz^y22+K9^74bdedX0JDufPnwwK% zuhviCI@V}a{gYx1nC9eu#aP$nn8*4id8NAto|GQ z{S%vuW8;n~?F%6&=nT_D*6X2QrS z+?Z5V5=8tEd3nke*BpTm6DlK^^CJlk9BS*}E9N^@G>Y}>&8-L@49P1eOB+))mY@Xn z_rz_Xl{({DEhdwSzR10+JdXybqABi@@Y-P_#!XW#T^;C|OfE0Z7j9`F;X5#iU|8pL zz`(<`0z`mmUxLd0g4Yb3&BRJx_jh0UFE<`9r&@a)wJ-oYQ`*@}8`BECnL$h50k#$Y&)&4O-uOY{n_02{x1N)72#>&4}`~BoewuG={7oVf5#DF-5TxI1cXcR z`&%@ku8x!S;{Lgpwo~Fk(zDp)&ra{VIc`i=vmS+Yi_YLNp6xCRxB){I;gS~{v77tK z=mw!YI~qe{*ZZlPhJD5q91(B@>Xx1)zldMHnx~pVo;I*!&q__!$%-Wk2maUU0i4Uq zEx83>v1>^LL9Sj-Qln>nTlfhh)9ksAQ`W$vDXt)v--&Q-I7lWorEZasT|4+@3rl;{*FzfJ{t|JH2OgZh(sO%avP6{TceP<12HL6$TE~()VE*>ie5>Wi&1QM0g<%&IFcTmu8qv*L0z`kK{&eG$`1${l19v_Lhnl3m z_`5vvlf_8y0$~XXV%{cM^EwERU>w=#|lIY7@YtZXR9;RLfcf+|L}f0L25)eMZoQIdGvbM;|C0Ksbol z`n@}AKxGcpXw44m2m>_p3}~jG`lmtqlF$&2KgKT*u6VoAic6;xWA$%}R2C%xg2U40 zilzn8^1caS;_Jru#?R4sedC{d=Y_@ENWcrvT ze6iDc$_BIFolROk$GcY!T>()iV~bTw!}lp9^a5Z|6N2^IM5ka1z!E^O12V(=cr3F~ zjos7j{0;XL!;Y#qf*6+6Su1%;F0S)oZZb#b8W+{8#_x^0yVoA8EKQ^72oWCG+G($b zOf?>6MflH@gxE*C*nCc}UDJ5)PJH|Bd)*Dtd*Vm$SNt_@uOFf>SI#Rev({Q5E{>jS zYAt*PMjOM9?Uv+#7v+o1Hj09i{k0AY`Xey!Uxrr1Kyxg?M1JA?K9~D80b1A?*cv{5 z`x8dgL-`oEK$L;$)d|36$czXGAzg<8(-5l`Nv*)=Qh)<1%Stb5+q5y5E+v8sA!6+I z@(fIUxlfvQ)9u=`Qy1jt4vr}3lZVc2&(2Xcj#jeV8j;^3r5{J*lq@h z=n4>xiONK>at$LW!c()iPYr4qewF&i8oMjZM|J>qDPf`cWPNA~3@}OCkJFc1YKe%f z;?Kaorr=%?`{FmvqeD6kC@~%Yt3grD1dxcDH=O(^o^PEcPd)NI2R9E6ysq1D#hRnh z^vbx;F#ce?-*H;+sF^aO&v&l)@}#&B2+i5{P|yfN91vIiXHCIovQ3u^5U~No)pn5d z0?7aY!`48d=LTyO=&7Br``b9=U59)lt2e@`)V&-B z<+&BU``PBycVOXN@mlE`#Q?d-q`SgN(z4(AsFrmb9;aI`Yvz~8 zd)ip$Gdu3yC^tOh={=f{P_}(OMcc}bLyMEB%Rzxjpto0h;E14t9x_{wu20nn9@w4z zidyXQ+70omvisV#l)e@v+j#oKM0U>YOX;sbkAg#y7?*o;Kdz;rT-R-A#oCz|f? zcYV@nm>Yddj1!>|HO+MEq3hj4H0njQaok35o;!s7o<$+livGs$se!y043ag$8CPD; z$)T9zSdZh_m5Y_9Vl)+|LdCcS{U)(G6#VAu1$NWKn!*sjXFc(cw0RBmzuTf)Rb5!* z0Ri;Rcdcds^sjy$WB=DMtJRNrj=>N0yU98GEdpHq>rH1{0b+dE3Xo9O`ChLcD6N#| zp2Fpxf~^Zxf*2Tjb^5iK`!@Hwnw4nNE?$xXX}Tu^$`iH;nuy`Jw!CCdR+ig`Pb-j+ z9U*89VB~HWG9V9xD(}&Xx%8b^7bC$^`q=!Kc;+BzInIW27&w8@3VCY#e^gffQm_7SupC& z&2_eL4Jv1<^=KE&k5{uSwFQ>~mO~F`)vWiC{cyPJBC~+~>IhKMmL}ajS_to`rX7%m z5A$|NZuQ1Jqu$zmAQdgTcK9YFLB#2uYyCoifmKIYqOcZde9j98LJE&DaE)}p3NaEn z?_vP?$D)E(?iZXVo?es-B&Q!$Ic~z(651Djeq$v!=vEwm=a^Eu8;;R@oqiQs*PQ_H zx5dZ0_4+R!55K3I=;h*1>S-AuIw$rb5hEO9FXG;70Jy0PieZ|L$4R0kAc!dVHlax! zpqOTAdF1(HkiTYedWl80#B*$9xMIpt@^!PBfGcE--BXw`5pNMB>^E`ViBdnY2;Pkb zuA<+BB+f@G>rK#HY8u@y%nU453S#H)C*O74jxF)uGt-4J%2ah?3*AH_VwR1*1OEFB z);PLr7hWW;X>T#^#?r_&o?;QOzy%mdmuwslcKKG2yRM<+B#o2jNN z=wZYo!;jSjM%TC+j~Lr#E>JTQQ3|5wGpEyshT2Q~5VOIE3jm0c4cE|#{x2r-`%$T9 zx2+1Zt(`m;Qx0)L&EV4>V0qLy!L1Vl_vU9(K77Tf>Cx z*FHNeky^LL{iZ`Rm0O}>Aqp&EF)XwxYbi%1RrzMZrB164#qb8FA$xjLLa%v zi8T$#2}}+<(ls2spBy-coll%HxU<)S0ha!%*$$a!zGCgW+ak4erQx9%BJqn%aT2ol z=@X!!U(k}7zSTU9V?kHnM=MPMyQttVccypUYRdWHCqqH5%o4`#5T{)l@n-G}t(#*j z(f=5c(P4NbcCjEf-+Dcio#iuF2c@yP&i7PXk?{l+6165tV2n6P{Xx(hB)zTi#{dk; zWS|Gh!x@K|@H9|r@lL87+vCL^rn^3H)X0R|GwG*mIXi8*beWX=m_-uIMZrcj{dxwl zwv?z^RTcYl9cR68=MlcJKrZa>f*Nrpibf^7VwbyOJeDW8p^R{D8+ROMa= zF&?mj8_qw`PBcL09%3KD1i?pN@;3c)8N8ONn_SHd6hmg*RhK{~l%jGW(%&+3W59uC zqs#T9d!X2uh^eh<2ZyguYa3|*gC@hOAldWKOCRyLSo(4vnm(%XRI)Sf*lmtqdyyXJ zV;-RkxZVuqhK}+lwX_D@TwIRv{#&@A;<`56DOi=u|OG zh?$XtfgE0ZFFCTxU!;vQRL0dr`2^_w;1Pz<-`{Kh<|#pnVw`+aEB#IYImlQHzA0eM;-&)(C`C=(s>F;+}^*2L-EZJUANVJAmt z9aZ}Aa(9mbAD2$Ro^X6{u%#N-_JCZ__x|Nk_$3vq-Afv>9sSI?#>B_doS9vX4pbvR z`~21ygM9quG{%*twAHBv*b+$qv~2c`S1)a+Y_nlfi9ZfSuqnmVOFHV{NypULl$Q<~ zh}||pie2dWySXnNu{sEB$0eo}qaiN=k^wP_M|*cDn4wHhdO}3oB_V>ELXbDlIwbv$ zAoqvb4aj_$IL|-hP#(h~Obyx$@jS4j*?mcG4_&H5O7vSC8QS{dS{s-s)Xx%UXL`X% z>uYC<8@9%Iu^4VROnj0xz#40Ld+CTtUuGAp52qb){MU_?WW9yS2rT=vjEH^T+%nCA zb-r2SF}iV%>qXKm#>cXv7h=@9eB~-&%3a>5e4JVFj6pgs&~v*7IIz3)^X>{$1T60u zT)_@96MLt6bD@M{=m%2mzMbGin8#^vu@eQ;nLc#xE3QBMivssRR>Ri1@tLG!K>7ev z>zvbavrI}d)JyVi-+|Ib({410CL^~DFR9lxbE*dJJ*jq%lxpZq^A?tWt?;ApdU?8T zDfhFxyjKO!qqa%p_;y%0+{mPKs0hed(oJMY1gDKuL+Qo(~DAdf1KmU zVwhjrHuSu>j)Pg@q{L@e@I_%yy|=W{0JF#2ACE3d1rFnGGIDJ?xKa|Y|3D^nLNv=j1^~6^+#3=+^$IqB^qy|*Ja+4%daRjc2?zZsfEWsS} zu&NzfHkQFu@7s-Wt-GQ1jmS3?%4X9rp>(klIWLqNyW$Gv9utLN>+*4Xq7{XBt=zJl zVDK_pH^O#kG5FT}t=1-3r>SkLEg7LMfDP?P)qGr?=oiVAu+jo`+S{Uf z?vWRbVHp%dL8B2uU5;bfT-7>Cel`>#o)elDFDm6Bh0%xTtm@DXwd~wus22?yy(+m3 zCPNxRCbHOjHRy)*;-n%eH6tz$JuWFbUYGld9##*uxd&sAE-Y|aiDmoo#O|E^&^uR| z{FLc_B{{)-g_&w;41JhHg`DLkD_kLD5RJjrh2u_Y|9X0Hq2^K66q7wcY%!=)c4{e6 za4eG^s2SHm(jsx4^T9^i4?yABBl4AMZDGK?W7RI`I{@*077#;fbbG+Iod^3nB<~)t zn1|IZY*ylPh9>@>#@a?9ZCl^{O@)7v>1H;yXo%08EeU2aeiktSsB`~fSMk9sa|>=v zmTR?Sh8QN^U9;WQlu7p*oo>H;!9{>1rrLA5(uEc5Rs#*v$7!#&p{N0%jZ(B%fHl7>kkWNGN|!}AC-TIX8oG!IcJAlXztuu}M@_J> z$xMY06g&&JXQN)18>$!B$YV6qv}dEMY+Kj4Li+~y^9)riBZzfNJVr*B&s;tk) zaA~9<{-n1^Q!lub>#$vmS~6}h5ulnUKORUnwv4_K+~XNbNVojO05M;&SZu+fA-cL` z9ijjs=IMp+y$N znB@ng>w^KL6I*8s(h!C;ajFIXY9W+M4@YH{nydd51^l%EFlG-k<1HEz`;~uI56U|k zkI4es&daA_Cra9s+?OAGD5&f_4vh%kOHG@trMb1lJrVKcgIwnc`LJiYnY!n~_jz(_ zvK^)qvpXn4?=C8{5R*HOEssZ(FSnsGC_~tPCS@EsaAEZtHCc>bsz$*d;#tXI8EWH) zhh^=%a^)qdV^2$~_wJR54dwy^*iV$;t8>t$=fO7~Tr!Xhl1Pqgy7}Yzh#wU)qsn`M#Zo`Onlu49lmdw+Np|VTR(Dlf?z_v`mspAH#$h9#=M zLxHRE^x&KqZ&8laI{lmugN3s8T*5M{3xk|s`g%rKkOX6^Z=_&oPUs z035~Pq22IrKqF(P`1(5oe z^ial+OjFj1rrTixAqoL|7gv_Zvu7Pbu{12O$tzLvZypmH-NAbLoje6UpqB1soZZ)b z5o1bD%oD2f##8Ac(fM;y{QAJ1dLKCkJE_ao@QWC5w(s`&o1G$?%YK~Z9ojcn6)&Sq zwp_YJx3SI02_-4`Xb@o?*{K?4nRtB?TiU$VhAF-=R1<2DRVqDhGmT8?Knb=hOoPBi zgZ>n+`EfZTDK~G&JPuv(8$R~HfKjUDnC%B7M7)GFG`)wV{w}5VS5ZXeVU9`x7)l8r zHD2-WPNe$ff{dM;qKcGQf}Ul}@!A#Q%k)j)Uc40lEojx&hTQ-8c}B;am@luci5!iX zz3IZSJ)CfZ>ya3Q&S~f8Qzw-dWI0OM5n-q1N9eZA`~ePJXlscElTdF_pAFmR-Zgu^ zI__ExV-lgfh{ryfM|UJblir)Hz&J4Xt>Nzs;uN{@W{IwWn;9VF8;XnT(iyK_O2sTj z7)9t&^X!;gL_P&uKKg z$66yO;d{J5*1Vz3;?e-b3)B$UwPMw%^B~P(u_Gt-7tN>gMK&ZoH&ScAyRX`AEodb3 z|Eg2|Adpg|AcA?sOlYhdO>;JGwXC%PS*VQ~;ZEHtRBJUojkdNl5cM}G3b4Ula7%wW zc<`*U3s%w7;Mp1*GKhTwlxry}szF}3#>6!?xpllYl0)*9?`;vXgS1j7VqpwXeg|CH zPlfT>Ee*G<6jIym#VXG)+~p?u+*c2Ts@FfZ_e86@v&MoJBWrBKM#?fa)fwr^76op! z)`*DkQ^S`C;x?_DuZ5IuE}_VlRnokC^g$x36LECeB6cR_y5-}|p_+t}a_yfo@DL2R zERiOdBhG7pxHu~NGH43DeB#LbD~g!U;|vwqaDLnRAlXig#;qe&HtFjYu%XBC0Q<&tv17bQCj=N2(F-N{3=N#|#Mq$BeHk>KN z!j5qZL{Y(%aJ}q9#=7N5f75f3mkyu<#-X1Ke=fZ#Uh}4}%c?TU?UJ2DM@U_-Sb;^U75e>8>X;t)zmlyOOj8ttuo&A(z(&TP)Mp{MM59geD7@ePxgR|S-`J;KL zo{8v}&f}!_twyxi7r$D9yppfX2;EENF8A*w@d^_QbPZMoLjxL%YC_nx;WpFc*7xjL z6z0k;c}7}KxfX6Mo5AY%Z;}Lid9A8bVLM*zlm0k|<32SK2k60Y{Jzla4eEF*?Er&%+e2?u2VjQleiRVwS920Y>+k$bDZ|GtcAgJcBSAMvL2fUz)(l~zORSZd zq@}6qq3<|VB|l|8IU+|Fp4jK(sL`-DF{~s2H?0N|iHp%oD1(&gVude#=RogJSIJ~! z?dQ_VTcVLK=pn_gqWZ%59z2CK`nY>FM!2uJ3G|?z;a9&S6Pgz7J=RQ0{C}uA%djZk z|846R6_pY}Is~MV?o?75M7muNkOmi6Qb0m#>7`Lpy1PNTWa*BDU2uA7)ZKfb3x)FKn$?#1E{I6( z4A-k(Z9pmZ3~@$XuDNp=B5nyp7iZ|s2Gw|&+p;RA6OBtYhbNcmR(ROx=&9_Eat?ddna zZN#1!__^c77rTd&Q_l5Fr{-nqt<}YsPLnn97<1&SR|1kI6FHLJ)s^E`Nif?5F^U2N zK}e0G~)tQcVVjNE+qe8qp5t*bIiH zM#i*P`QBuXan;Q<`NdA^aXo`bSa2@-XbnOR zKL^r&4pV36zO<#RWjLfRr}}FilJ$dpvmRSMA7GYok?Lv1rjThHz3q_%0$&GseSsLB zyO3M$0!?C`#FFGLf*nJ@?9FSF>{@Yj=^+l)N|XYt&wkPO(EG}l9AsYVWpM+)7Kcs{ zxO3iBUc;+R>g<3mg)Q(lCwqFY^Zb5ti<@5^`%5*W0aaQ_9jq&&u@J2c%Y;bL&jVqp zynP#LHv^3d`nR)QS6~XMx4ME0T?br61o;q%r#i~~99XhAY`tjCy(rZ8-BR*6q@W1M zIe6;q#DOS^GLGGzf=gcXnmLupOO-#vy!WfxC)!dKh|6JLp1b5s!X95nqIlKybxL_P zl?_E_C2;I7av(W2Q6w2XV0S^)vkaP1djfaLJ3AVh={^H{a(qmc78 zMXISm2tRb&Dc`amEJeV~0rpy$7+rMmN}J&1DyBb-O3ZNb_$=-)rM8bath6~mMYdjf ziSK5Ux0#lDG;}Ty%O z6X|c8LK^l~efQj^mdmu}5sm44VrX>=;E50!7p(iYtyo;#9=PAAEzVx)yct5&8&63r zF7MfSW7O@}KD{wXdEyRPsB(sGH1b-qaXC;V4yIpf*QO~b8=81f=#VGch;jjNGy(gd z+Iao^9=|H^^Jwrz&2)$dz)kDhK#`fq1a=2OKd2UY6Wh_Bp&NMptCqT6*B;;trQ|nB z4DA6ZJxKSB8syM*Bc`Y9g9mW?Q>~4dJ*Pp}hFFy?N~N}45w&rQBn-2+gaCh5OJ>vf z`Njo=W@d{^m7(q_pvI*+4Wv;1W$_wBcxAE$HZY@&&}x%*(!x|b+)h=$*mkSj(SVm# z<{tPW&te{{3L^U(O9v!lkU>|nCtRqsGmw>T%vG-C$+sXg)LIPm^yuu+4gc=5w1862 z*Rs){rA4rgeci-8OYyM{)}7m_)xd{wy};&e){*Rg zxJKZe#I&Y>)Q3XXjx|oSUw*U!YCbD*R zbt%i1O5kiABE7qBIVm#ui^+6cGGg>vtl-t%Vtg~+NbT|MP4&&sqMw-AY@UssfRkKl zAColUPG)AS4DeFkNv4c>L{FX{kI8hQF?;n!2V8hkTdC*GNPy^+b6v9way$ujmqFHh z(eW7JMi(`|QL}g$3~*h%bz+Q92a+TIVYUcPAPbB)rR(gay2wGX?s@>&KLkw4Vt0xD`e^gBS92B-8kN=kc z#wu1kfBuR{&r$b0CS?BHHT}r_4EVL6&Mv>F7-0vmg=+N|>DPzKSAPK!r{%r3!rXoH zA6??&;ObUC0kEjBV-V4jDuDb4FbGBp+Rbn`-Q8a84X~F*V7n15kLNhRJs=e~8Rwvb zK)MiLsgr*)g5Kv&_dvqomM$*F3z=-STa|fJteP$=;M@HldL41$B6V#|N#eC0a_G6L zwjU`bU?W*Sz5~qFd*#2M{kC7q5SO4@YMRHVd2SUOBv|;$7dt=$JBWs4t;GwBV>-6; z5)s=ISqG~Npa0vjH~qhZXm@K5hi);5({j(AEJ@M&T_1Y91G>&LX|L!Zo~=t|@T=9c z>t-XH6tX{3+G-Eb5o16Rc~ww2thXZR?2we|L<}(O#`WAw;W3d?OJ9}}P1@}Yy~Ouv zX}D^}D~NhXHw)Wm(Iafq2?v@A`@FlIb;#?;eJ}wAVdV*!$D>tMd9coaRY( zvl4A&Netq{;|L3TG~&XnDYe>0L{WjPXME-Meh3X@!fWpbegB($Wh{Fi57z>b5wc8C z57D*3c-04L`zo1$?$;4l#>$NP)=C`Y9Vn6~b5%RlW||4N9UZ<3t!tPcS(@kA+22}Z zN}~;~zFrtzM5|Mck_sKdCA(_!o&BKuw>A_6$3U9v2t^UczHkgBwf}a@4BHmWt!bO=Fbxz1ac7lxWFMXyt$0r zo3ky&&-S*b4bj*!G8R?4u$4=REa@Q35I7g*a~C`UdQ+^9DLeaMvg)V}{V-A)@zhOc~1%For;O zkv88?#Ws;0rY6baegi)Ykxw7`v8X4Dj?1Tcm8SDu@3#N(kEDVmM>bzq{&P6pyFQkm z0RWP~2cLDe{%(B0*O@~vIaEJpvUi^$Li=#4?mOF{s%haN{a6T}FsHfbdX6t!M6Rfj z$jo>7>em2!5QU+`Z{u$<)sk!@a3K39wGZ@MUoGzYk{);7Wq6@005ehIa~*M21A?PB zrPJvyNZtubx?w;G1vaets!jaqC9L{n8K4`wZ&g}Ypr~Gn)ptgcM9Mw|LenZUm6*KN zS-uomZJ@K6UxcI%e7a$^0@0gyVcNXf|#!God9Su*B(gIjB;-Iit{G;wnM`2 zC@ymbFs31DFoXmQG#L8yyQbfF8uFdu3xk{B7~>j1Q$ofdoF?I3VN7|cQI;W5V%&6A z;h0W}e2|~^k-3pl$Ob6E;)>b>v*frU5dL-KwNj}+<1P`LqaL)mjtAM^5lvE;W6&(8 zxvSqOMQ`7Dy7}Iph?_|6{p|H{8!8i)W&i*R{`Kg|^=9}It)jBgB_k+h8AqybqwM(OS1f&-rRd$f8FVc&b@WS!}O*{4*`><=t!(!Mn0BcE1(Sd$}A%A`J+!SNBpk zNhAdk(fDAVRaL6Rc--Pik481mIOMby5BS5JpVEh41i8CB0r zudsq=gsZFVM7GMrs;)kma=$(Pm~8Z`2?mB9C#ePDMIHH0vKl8_XL`v|ZWJuZH1cXH zmOWQ(`e=#EE{nLEl z^(UoV_6)>N<(t;jB~CwG@O8)3ww}BftI2#Y2?NWar7X9r`Ry-@I|rW;F}(sgUPdJA zZ>lK)4R{tjG+#!N5`yulKRpr-!XZS~Ex0HHuJKPPfI|Fo$Mh}*Ih?9XZ^j`XCHHdX zCw)6ME|~@~$3~HlpxZXkTWcf=NN|+XNkRZ%E)Os#qvi$qI$kES4%YqeZ)4vbrnwd0l-!sAVW_GS_kkBuIIE2 zJvS3#=AA#XKK$Hm0B$TWn>fiC$UohlQ^0$b1b7p}CR)5O6Zz_ymTtyVlSw^3hr-1E zY;B0kFy9TKI^pMLf5}Ro_oK&R6^`)_)0i_y5d0F9p?q+@*%)rifp~sr_ym!>8mjx02mH+l5Lk<&660o9bjHM>P0BWA- z75*w~UAv`|`Cb}bNXZK;Ow+H#aN9}QI63Vs<%a^dm;wpppgYKJJ# z&zz}EWvjc5_%o{+kqH&!Qq8-|ZGPl~Qh*>j2(|6hhCC~M9!$Rvbo4^JtN3O(T(i(o zw>abKLlEB4?0$0EV|X?Z6B2T4*E3wqPdA9tucB4Q$uy33mUxRd=lhNv$49P5^$}@c zA{ArRm(h&HFdj9DV-&zEsuD5rg+6S|`)f&g>C?ypyef)66Na!U)O5 zpC$?J$A_9bue1}3OWd9l*`UW=$3aBQ`TgWtNc`EB3uG$ta51mAfhD<=F0B9J^ci$P6!;LBFxqx+=%KF=ByOCEuNdMUXl{mP{U zcYuKJEo3!B{EfnDrtj-WaRF?Az0)~30~Y?eAv}2|)CORVHramlOtG~?%$q`JBhtUM zo)&^#X0e(Ll{7%-W^9-z;7S}1@r?uf+JgrF%_CEfrm%LR8oGG~W}{Aqo4=X5>Ldf2 z6rt5P2oeL_`@h)~IZtp_ezt#Uvhwq)gl#Ki^vI*S@U%qjHd2V>^wQ3Ar9)vnAY%3q zs@8X%n!2%*7J*TOl%yq-yfulRMimq|?w4qdX5i^>noPZR={LaJpYj1&bC|^q@dtl< z$y*252P|7dIJB{gyK*X;)?<~Q)0mspExNgir2E}oUFk_e#&DMrtQwhZRzZ7X6AXjXgle31g+B!lR5x^0IGTgRBUw9Ti)u$9L7`%(=eO6C~!#w({)?uzw{<~K{2);hBF(x1Lgk^cd(@GZ9wARFRT zinBeU4@mu$(@qW8zPq31Tcmre{p>cY`E@GqdUfjAJJRShgVq@Zj@ zc4bGutNC$&c`)9-0Y-9hOTeI#w3{`)(!FKJ*zz#@4UJ15-F<1arN7R*RE{_C(w3}Y zB!|{iJSJ zD}{H<{NfZ&aE8s@XKTykiWp@oIrVj|Pitls;;=tYhC*h{oS=HU*Sr!ent-KZ!{nh~> zu*+ZG-57CV<**cmeqqE3kJG;BLfdJH<6FeLejXuK(4_+8rbnn%b51WEF*bGS4i;WX zSK?adVF?1kPqb2dDb-b z!X$THm3XaJPJnk2yGvlqW4K;=#+&%HTSU0k&G&FRWvRuhu6qBaII!r=2b4%u;{Pji z%;YF?R~OsoFXsPMaU#^Z>R-Vg@Nb4vX6F}p(xCtSeTNmPcr>fiyPjAgx;C>2mGw}` z%gt(KkaW%0Lv!&*8 z`5%az9mwdkH=or>_|k7*{3=W{O2Tq)4cF|=xVf;tB%q5-XkBHfbdaT0lD?@i!nc?r z!G3JTcmc@gu_|{d4Nm6M-RF43>@E{Pyr)5=_OgP70a_p&sOj|@>G(9@0CMpk;tehx z7c03qP!16X+SLbzyY&0ue?o==jZ>xi>funiXxAe^dN0L>ax%x7ytMVzH&uur)BJ`F z_Mj46=Zfe?M)jGik)8+opuWBArSn_m1U~FK5L-Ho%4$n0qqh}?t*EqYKUMf*^X)dk zd3x&=GW)gz-GNPO^v$-BqB*rpaPFjwVgE9>?KiOD__S<@LA;h{=;G^$LDP24ukt^) z+bdLhKwxMkvLqF=z4ARM!U+wul5EFBwu~6sWi(nb)G0vG`hSF^Mfa@jV#b5MqVhp7 zbKDIq{qo%j!pk3+XUu6DxX;6()Q^LI%SCirFw?tXNqcC0X)ap7FW4hIBP@7d@IK;% zz-LotYeGx??I_ydfb1ajw;gP?W%fg@jMa36i`DNNpbAm@$U4yag&4)0os~4Da6t7I z7VY^v{WK2i4^6`HXEPw^l%Rg`u93k4p0R>ttluO4-`9NL~AtXkf3x9P3-0h|&F=U~q?Cm~lJ zp=v7bff)t!MNz1cK8Xjy?Iw}n`<05tp#DY@a`qt@7muN#7XXW^%d24jItYQLH$H6Ab`5WuUt*n)wWYtl{ zal{QNpp|bpnO^ zFR}(7h3-Bw|G*!2O@a&Nc6*x^PeZFlp+qnDOrPxOd8lYPh%}s$@k9LRN=M+}=UYhRD7zV#{X;cXd5MH`JLXEzoWqjRD^P=ly&?={r~0|g(-W2Hb=z=6f8DMN zqIv7p)5sWv4UB+}{}g2_Cd=)?Hv4iV>om9-|2C z{ZhxqXC_>ejGxHFgI%vlCBhGuh37Zdo1>gLN!d*`C7q;U;I@BQ5ls*?$>_n-pC7W- z$-FL0`$#rK{AB6kvPb$&?Op6L{zb+I`cdZ2eK6&56jmDwjBdM(>ics1FmF>y(7|qM z?j2%A`tsLXUvpSmEsxo4K}cYD;7bB~Hs_ZG>L&KYKGZk%Ha4vGwNGRhori;G0kXqn zDi7*+jVKw(jjg!<4|y-5VcSgo&CFzYI7>)xljHTHyDzDbm`d2-1}Q0ux>f!XDM$EI zu5f_sc}!5~OZoQ|e>86QL^XU_JhM!9zrF6H(P#Nw;Y9Fz)NPRLfCRsXSB4K)M=3#0 zeMYcyo=WpMu}qUY$(ttjh=@vSR8WruhY|hvT?5lN(vMLObKaIRgnz8=Z@4n3-z5p7 z9}{ZA!QOy9)oRu_U?ADsG;GlG6A+F*eN*45?x#OkL9p;4unJZ68D6ZxIy7@ENhlxa zKAo09>VshaFZd;b`U$Z|SS?TJ;jyjV#Apn|SL`Qp=$W^<(G60$SSG81AVkZ)k7I$M z$Rna2{+?HPvH}{hEbs2)6k-42w{?b_C%$AjA(!)7A@P;w3A4q;mL+!?27P3qA$6r9 z8(*?knAoXP^6xs2^ggm~y4sWql=)CkZPOfj`|;&si0h~2AsJd9zGW6$mTg^B?ZqOg zbdAJIE7YhL!$C=&+uA#t&(}=h;VL6X`s;GZTIBAjD0S3ZiW!g9Aj`;?Z$o(y_57_g zv^KyAtDL~+!F9?DF@H%GK7}3pUq}y?JQ@9f<^lN&x2S&I$`~w@7PmY(;n3ah;A8SA z*@w>cgQM?XfUhEg_tS3=pW3=>5opjm_FsL}O!?D%#T3KVqWH zsj^7Oq7)nnYDYB8+1>ujl;zWhZE9b#8Mm;^zu3(#MwGUlsqT z(1&*{;qe>4xm`K6@|(|I_!aEQw5b5LC>i$lhYWnd*I?Jm*m%4^8i__rgqsmzeH@ee z;K0~970f2@$zh?eEUXL8xe?(x(C3l0xgIb3?BE#4D8Zubv-3hqp6&np(j zC|9g%h=@vk{TvclG4!5TdU2#Y6jxpf1r5U0tQ9u-QOjFNen%qQ!_N3@3rl7h@dOQ4 zbvt<-&ae@Ir6e0{wb$jGlj-(vm!&b}Tez5&X7nYfB2Hd2@=QKM_qdFd%XMWzs`Su$ z@oz*4Hq8*-xxQ{tl}QVe1*$io*y)0=mU}F8u9NRN|HPAyHaA2Do18sN__HjpEZO7u zhs_~xEvc_+lyhhxkxk{+Z!$G}G~f2{6AOyz;96^1x;2VlVoR}b<2d@i4Wr%&{`iB8 zD8eWwea=c~kdyYYN_uD~)3s@ngn=b0;`8W(FCR2wcZ0Dr$Y_u-w=SoXQOLT#RqyZO z3p|GQmSLHmx=_Y}%}}cDA5xk$j^sPU9BQxYd&Txo3Ad>)Sp4RG-Eu2M#9?%j)RF!> z0wp5YW=V&8qefl}W6g)cdvWR#>84boJnU=X<2so0xb~{!CM|<7aeF-kUSPDh+&b+` z=Z!IO1Tim+PSJrL^jyooibb7izMop6~HEp_Wuj`>VBWZ@`SBJ*^TkK=y7Us8*;uL%-?eQkVu~*Vhtlygj%FGDIjrB}3Fs6})Qa#ImmaNG6X@m6QLx!H8`A_F? z;p~3G9IE7|OmEESCWcf^L{5imPY|d%2KORv32#n!ic1LI8g`_wfW){v2o zw}e3u8tlvdblX;szA#@PYg=!)a;a3-Qc$&bec&iK2n|tBKhv91r0Ms&Hdh*x5=V;K zZ=dk9wpm{J>5H`xv-T_(7WD38?A zqs)_iUwiJfK(e<^nv)-sT5zaz7VExr%A?27wJpLx`D}jX59H-aXCu~zer~##k-R>( zx7OZp90Ik?VPlX{y{+*=AtJ6r8+hPil*36=jzGJx)3i+sS0;IC8 zo*4WVy7RAH?F&SZH!13mez{xDa?r$p6DZ~_&v(l3hx{XXKiEE7z{irU*C2lS3aa?G zv!#`sB!XG&>2Km{EL)wT=NQ^M7KWqQ$}02KhuZ%w3rM#)`aa8sZM^J*8%?_@;Uhks zbpE*hIG0%b{n?!m2?^0ac&`wL#kTo**q^6XVXn^!y5gLNX537hut<0i$_MPAib_{= zb1f4}78Tt8aDG_72HRv?6X1j!^S_Ce=6_-N^SHlk@!3FT@6(A6XA5UuPGW6L`QT;+ z-;L%7JvxJgBm7mDLaLc2OY!A_qcN0q$(nD;@SCos15443hvSg2gfyX^{`Z0|Vcyr* zxrwSm_QK549b45l`A79XFWtxl>xE_3Xy({5|5^O*jW<(knpun;jpFQz$r>&H#udZe z>AgoRcO~KykxOdPiM8<*nX?6x{Frf|ctgdpo&QL4ZB@TvCfS8cKIG6Hcjq!J=VGQK z;60%w_o^><&JwVtU1ZkHNxiEv!+MO)=OmkO^Y|Fz_K{?gy;DKzM2wz#Wv1#pp6j?P zjfYg&aCNdp!l3K0|JO&TE%)!Y1JRN6p zUeC)2eUZ-=U!0j@Eh>8ASb=c;fQv);5jL6hNJrvfjiAerUaCmospcn~WNE=@9Jeiz z_Q_{W>wFR&X@a#=YQenvHbmIB5n|$HV*Ik zhRl;LaGyG_;5w^FVH@(5WWjP??6DI`lGGGi<-ZEAB)?KyEW2*961E;4rnXQ6#DAnk zN|$@%gzE=6idx}uM#RvHqY9H%TJMwX8t|OMd=Eot&m36zI{|b*{MQ(%jRl#AEyrf` zl(R=K`{~a!xYbdjcP`)DC*J&iEK9-#xc-*F!EgN2CaK-%WMrBECGrJ|39`W97pXo( zefj8yan39~gq#fL0;h>*bO;2w@qCk!9W-L@uqC8W0C{LN;4JCpvA{wlSxPiS zLe<+dL@&qlGLooM)1))K&eRtt`$`dG>yKC`v;@Ka{r9WXI{bQo4)fcH9up?04E5gr zB#EX|uhvR0)qgNaG#xKDQWG8xV;(VfN2iERw3I4l*2KN6D11^`d0Eb+MsqVdY0-LB zWXb(+mNN35N-`6E$dcVNY;NWygf`#gnF7Iy=3jLEE$QJ^?vtpix-~m zq+aHb3t?o?TY>)(_00IBD^PyEP9SJzB?3Qgy>6tLiBq_m%r%)FB0#ZhALF$3Nz_am zY3b2DxITBIucLm$%u4@L5^*nrM zUc=to?ka)SWYg;^)2)ib-oe$45VBj>KYn>(M6GOTMzAcaJ=amA<6=f(DEyJY=$wpw z!+Z#!CX}@$<7m0R?3!nV8E+tbw{>9N+abW4U%!OU=O`AU)6G=q5u6@+MERWOKe3cJ zW)ItlzAbT!pcU0>%fwPLn>Gjkk;Q`zN$bA`5i`sOM(6k7E>88i~HTuxX- z43(gy)zB4%8-MDJi4Jo5N{vU~o3o6?^Y%2kr+xn8nj@(cT2GQZe=RJdoz{>?6?T?F z1mDn-Pk#@uo&>j1Y0w1mhvcvhYLG;l()DaPPvIDxuglCsZKq~xk<}BDM|{2V=YHb;^hCCJNxQavj{ONGtuHiW=MW} z1aAedYC`!eM9puvqw4Xb9~yts#rOXHGa4RXd8$pvF4e)Mk{JMUrza+ne$o9OQkW!J zPh-tD#=*Y;sVi^N^vaDu_W6uC!@(r2y$vT3CYTVC2;-U~#^|aGIL4Pu(b^2?>_EjQ zcaDmc;Y`hXFyNYRfpUx_Rg!}D-)&DIN}#T_xQ1+zLB7uIWqAblgn z0H3ov4hjs3Yj{hZqhi+WXn3S7;*zbTJ)4{6+H`gM8EQ>A!YKMMkZ<6LZ{c~-+S~0i zWZaauiG3O3tBQSh0k zRPJV^Ci!@Pp>EE>!S%yd(eb~-Nk*xgfotQq+9HJuGf4~mF=jp@*Fx975Nh=x(S}(GUi>~I!F8k_v6oyrK&FsxAz}!^V zuSnGCyaWdDUGv#8K_=LabC(Id`N?y!qr;Hx;|$Wh>^u%Dvk`pKukqdZ~IC!i;&a56HXs!(6%UzAAJd z92s82*^9z3u&Hw2oKHgb(>;x?zD~dQbk=%P`YLK|OSFU@;RD|u&zyL^fPh4$>7jUM zO}jO7-qd8Z%XepN&~Q^`3AxVNJ8Ee}YL~NamUVhA@?DejJN|)f3NruInpc(+4(Y}0 zbH7B|&07kId5uI|>U$0fUCKw6O{l(iv(f10FHv+Ab=5SgC?Fmf|7CD5DvJA7eLJyd zBX$3a&k!4)rg4ws6lM%JZOto|2&_VO9(Z?;BqJv2>VK&3pZ@%lGFgz%spV>>D*OVv zSE5Gkze>?o)Ya0c;^o}_Wu)+?49eq{)c`xj$rV!y+1q)8QGfCHJrjP z+)^}zU1_NpS~bmkta z5KY*!lW@6cy-AEj?W$8ATG7k-{%Ddi3$=Sbjk{jgxu~9PNux96gu0bPm4B@ofhiWt z*qR2vxAmA6egZ858AzDS8vd~Y50u#59F@GtRAw_+bhGwqu9K$jfF;;xR*v0GvMzgP zp8d&g7||VsOsdOnrbJgCTB|LVtzR}mB z!RDMm2>irY3zL*P(2oYQAYkYE%wQ` z7AXl#Cvvu7+(YEJGbkKx9zqih6nhyzg3585^o24G_rli?-<$vO@CThPIOinbTnw6G z9a{ZY2b3{Rk)G?2E+Vfr9egesn*)XD`m&)sOwKenVaMCx>3A!e9}J}e_WcqR8%l*` z(s1OkACrB?-2k9~PE9<7pf6D4UlQ8Bgg6!kJSqobw6ioXPP1u zi4?4Mq0*I|bB$*2w5Y^2!yheL1dUXg^6t ziaSW0l(2j=q1)ovU%g&rpiom1rHd&O*WNKr?Y#^Nm>yGa<0KE*uCZ1=u$ZkJq1X@{ z0Z~m%Nvx%Kl5CK=ahX&LgSRRz6`7g@m%Xc8Of9j-x6hd2Eh}D!FL4zl_AbI1=1xxl z+GcWkDc)oVajw#1i*Yb)h?T;#Qxr41TeWGjrzD$tvf=%o6`mw#chqsaoKewdRq9Ds za6jp3f^*qS-o>B=rs@e7gyVWs< z!gaJ{KK%8&Hk{xp&cihvN~^Tt(Z;`-z0$pn$-fx7c%Y;U(hL#Sx09Y^SqHr z8$ulM5oMIOQfpxDW90e^58v+SRK-4LTCu3lKPet6b?c$|CK#9e;}02?bM0b>bc<S83q@Ie1A=#;~mJcR9}Qb+%iLh!U$s zYCHJ6@sZZP88jAk-YW^ac7?dg}K^}daAD+#PV#$ zzvRWhj8oAq`yJv;tfzbPViG*4f^X<$`Mh2xHB}Ir8s>>v5(WKIZaj}If-hnuqkER_ z%BS*83^6LCCf?d}=6cGSFHase^k&J0hh?=C4oKUW_Aoz|xczatG5c_~%`yL5-%@I> z7p>w}^)x;^hKjeI@eW@R5V|T)8+j?ufnn4J3EZcjq&xx(XIy;%9DEB%Vk^$uRjD>! z9}SKJjXTLvBFLnVwFBywsXJQJ0M(^S^%#HvmG3Sx?~;)t>8Wl&6AEm-Bry{4$8^#8 z`kqI+_p0mxFmnl5C7GA;ejch0xM2J6!-oxz*`_sF=E@u=L3`o1f~MgoY-byO+XeaK zZ|jzlpVZmu4k#5(6&Ptu5CVnKK3dMAXPZlJMQ8*(RT}*k7#d3L2ZfFKkGA=JumAF+ zI}UAjXF}lLZ*MA(H>OV^xO}zGEXvpuZMK9K; zEq3wMWS$TxiJ`gq@uU6Dw(@@fbxD6*IHSG4-XAyKb~E4h%E&H} zy0#;*-pUXK_YTNBdZJjg)Fl$et63@%xm%hT?j1vN!K{{+WYz!_2-z>0w(7=K6Fuh2 zTJ%L|wM3NsL+#q;9-~ZSmiQB_hnZ79_p|q^V&O4n8!K!fcE4z#y@uSb8dq2#{o8FRl;fX9r4gRw&9VA@{|}*NV#_2=K=M+ z(aS&n)wfgM;A^u(xkV7x`WJFCzOgN^HH;cqc1E>W9{;f#MF%MiL+03+?bW7oSN-aY z-9I2`)AddqJWxY9b))HGQpRrGr*awU8N4N%HOD9^!=t_C@n{z=jKX%dDV)8qQ4aC- z=H@H%9fSAUkKKpt*iO7`gd~0eB)kI9ALxbW-lTFmoW;{hWNXZb@7yMStofE7_ z1+*#5S~#0MnymnAmR^+@5d{N_M!@_x4it+SloBd!0yL-UJ=fgNzPB1et48d*F%d-1 zg&GHn`U*a;E4N*to5Bgz9$G{@KII1?0aRK0huhha)ZyQ_hC5cEuUdj#oM4?g&k9HC zegKdnvUB)3e&EV($#TsshIV*ZX=b+WB)GSDRz1G@qM@}nGbxV7 z*FxG;lJYTu_`wIAyeILZr6XaJblCfGYF-H2@!`59<1AOCB_dl_kj3P#5j38vCP8OE zUZy^4oCMnu*~kIG4VS$?>Yzg`yuS_LXk$+PbrC5UbG6RQ^s_PVo!98+M}BN85mHM< z;h`N29nu5`u~QwMXQo#kRyqrcds;C6)6wrY{e-5_3rL@LXewd3gL|)_0rj;*H#KVY zV6`h;depzKK^S1{fs778!nG6LxYNjH17KSX2Pqh*<>JQNuVbuDqh*j`+c2V!3>-aZ zKHux}j|6E@N?5POR56^%a`L_YpO;vl0e?A*Vw%Kdd(z!xnXmSo#_+sml+3C*F}KQT zc$TQoWiedVgC;ILkSeT{oY}+sTW8Ma59>KDyHr1ok_5ceKA%fo_kl{(jGN2|Bu}h6 zcuE_35fDz56#klP-W020PkOw8;Lde%=H1Yio076Yc~tbbZf&82%?zR_G5U1xwJ{q^ z@wee&S7;VczXJq;!n*@XvQ;u;iQPSk!VTZYO5uh z8`neuKhy2w93=mDHwz%lwo258CN|EcmPIb*R0HL&wf$-tc1>0itGO;S2Hd|)r{VH= z&m{FwtAr*Dcq2J61)KLhT66BpJ~>R%$@+3Vle))j*#Depe;I?ijlf5%@SysHI@C zA3gJgYVCD2Yyl>;Uf%ExP_@^sH78qz&;otheQ53N*Hy!e$1C^vD|TWRUWQcqp)jhy z=dv<_DzDD+=JR$nxw1#auRhftX1g_l2q4PpW;Og=Bn=$G0o$N6ExwREpJEGPR)2d= zk}fE*!;mI}jBV^U=f#9IH^{=oZ|l3lsg^*Pboe;==(-aWZ5;0HzMp5Q38xt2B||T^ zJJoS&<2vem`-z6QzKhRgd2<3t2T6>-dk2Evz;`cq%D6l^d>^TsJz|RC_olr&M;v9+GnnXl4#J_oMV<$b!0Kre`)O# zTdnA4IlD=-Q>63o|bLhcWn;-_h#>2 zng<7>U~#QL#{rCuMTtJBQ#g_AwCHL*PMuR}G4u8$zZ$dT1@o4=J%lQsXjYs1T;usJ zNp5GHtaRZ8T^ANPa`rs#-tI}=XL<5t(a-|3!ewO=pV2?SgSB4l$~mGbsGiq`WTC`S zt#dFQ|09NG?>ROdrPhzY4?csCn&_WHR=ag!*Hu+jC{&v$pK1ng%dWi2Xt@5J{biz8 zn#&Q7B}R!jkRS-8Cis;}H6x>R7-vjIKSqYQj+~E1y>7wH>LUK{wZJdG<=wOtO|`d) zw&6#j>F~y1ZJx%aA<$sh(3cDk;WZt`&|r z48Y-J8JGh^pZd6jO0O3>cL7DOA)W=H zY0mOLd1rwlBW3;>z+Bn-ZO$gYhV2?nYtJKPf@z$7)jKq%Kx>?ql&t_&yGQQBe*>U> zTf>5F=Z|N}qb)?(1%If5gBrTZk@1zliQ*d_BHA+~N_z)%5LvEz8meZi3G?Hqkd zcv{Z7X{Iv}O~O$oj%*fM_EZqPT2LMj*tPcHRY*<;pLKT&OQQB+mdV0JEF0NqveZ1a z%;b^V`P_y(DD1^en`!jMf$L~K@VJ$?j(Tv}?Kr{~^$V3@XoPDnEXSPr?Hfckr*Bma zPXxCvE`Nx{CCQa27-==j3t|%S*0s?U3{k$QVGV(WPW(Tz&N3>h_YK!7N(c-hEkjF5 zg91bTBt=@JTUxpqQbZVX2BcdW1?g@Wa_H`op}QN-=D*hYaMt<6Cl+hL@V)-O=YpqUqSHVaoTyst9gH1fox<8E7r^KumlDeLtEL~KS-Z<2?Mnrhuzll+ugm} zb~TON%f|!F^c*PASwV3v<6swS$Hwht@c>JL=26nN9qYiwwbPFk63zJp0X6d=y9nW5`J9QF-p`cnnpOwGM}usZjnI8imhAmg}-QB?XvXPEB*?-ydy;)-p@nq!^(WB+3(LU7Q3^^vjNDs?6Y9;XHPIaBo?qD$zP`e}V zr)z2Z=4$u8de57ty}JFIZH zlQ29^M+mPi9g)A3oLW)81}%#2R`r&QL113b-51=`^^faC&fehmGhFfzcXfeXRiMoS z2{wYty~D)1W=OXS1K~VES@7qJ+Z{gK(K!8AQQAcr<%5l{_bc$_lhIyIkEmQ)025EG z2ilc!Y>`15MpI|c|F)VlbSWp^P&1~w2zuznB>VMOWzGwBy$cE7xM^HCCE}7p+Ug_O zdH#VGH5M4O!d%cURvHS7?^zLZ= zlBWr2H!7LEdAQg*T72)X7l9F7)T4o3Kw|v*p=XCpi55k&68D(L3Elmv>%q90xulv6 zh}iFn$1Z_qz$zAhJQ$!Czkkz-rPrR)CfO+*xF5^_XZe_r zgHe?k{@yO8NZwe&fRQohbiYIV*=gR-yvhGKcoL*$phlbr@Lq4~TaP?NI#Q0XTQ-Ed za?hLURhzBdR_2fmlA=x(Ke{kqjcxS)jCQ*wY((FxOJjas;29IiJzT(*VZ~Sm=mHLt z!D-pUAV#ehU-pLyc@OdJJtQ3mxP5nD@yS47f*OLBET_SA|4OBfG+zhE(igNxp-ahz zP4S)}8iJd643&g7vrlrkd{}vgD44+cDROw!?c5{q=G$HSoV^Ezs6%T5@FK9}1f0x6=mM_J`q>l~gLBNz~ z@><35Pw0tN_j1rOthjWdf?1p_5}6_*ZNQ-mNM1R+ojG$L&cYUYqUmnnF%@CsuAmny zZsX(c4d|2C z$;MRt?!bBWPY(4ysT_lQ15`yOq?ghzGs(a9s#cPZ%L<5a!u;s&53oWpE` zr9@Udmzg2TEalE+>p@;C4UfmYl%JJW{$oh3L?sl=LPz;=;;B%@CDY58tlI}_V>(#$ z_GI*bsNLE(H;02Cef);~zbonFGk2}G1!fc`t5hK_ALK*Gk85bzqY1!i)ob~3Q3m0^cdxex^-*3YXN&IVnSNY4HG;x$rkrK3{W#Yx z4AfPLmN+`_ZjuZDd>?Ln( zYJ|o)0ti41{UbrR5NgE;;NnQ5?2@Djcv5z0Zvgu?2WF5-{ctc{u5UUmJQI7x9PfWU z8HplM?mk!e(qERo-9ec*JIazvZrw0Y^zXG_E}OJwaN`i=ZghEBk+N$g&?Ijg)XkP# zAS$HS8iPr>L}ilA@9d)(w54wJl93X-uiSTMas+L|<1M~Lc{Uc-pzJ}}k1rE1ZYfw3 zJ<9J|1u=$R{g_8Z+eRK>g2Wev=^w1=Dy>^X;RaGs!IG})ps+zV_l-6F0x{Wi|a!hiEtmCFkY_4dUSpD03}K&iwdu zfjFGt9RBYE6;&edTb;v-QMhE8+Ui1?wXlt)yyHK;boZakt17-SoD7fbkTt3C?xStA zLtP8g9)Xi~^RGbIB1hCerNc<$&rdvx18U31HFV>=+FXsG(TV~C4R+mxn4rFV>sl&(j+is8v{9?x0CN{+2%#Ut~Ec1j*8 z)_qH$V)dDcLk_5uIWbgXE%eJ0y9j{KhT$Dz<7Ek=T@U(-g(785cW#`}4#bWx=}sMX zf}?Y!B0yhchAKLHkuXV^eET6vi4A@ zTYfVe5l%1NI3)3Y5ZE`vh<}YSfZt8G(f$WfdG|7-l5<%AnAA}YG=nU! zK{3G&la|Jw7eDxh$q%8Scr^=}V`^j)PLwLipof+7NPvL(mKtLOn4chigqK-9T62Zv zD}Z&!Aus1GQ$xXU?C+RCG$|K)Ld#1#?K73Y_ozh=d(68|#!@+H`4iC$$VgT3elrd@ z1}~GO`m>X0{|9m|^JzTe2%(`9eO(gp&`y z!AOnv;RYeV8~iX|z{F011?qFc9;RzJ4k;wYe{Cn8ij;IxfvZJ!pO+~=hSqvw(72L&xE;i`K=w$n}bme|))9yVb$jGOp?h8sgu)2$} z5TBFbQSCP)mmiZ-nk}1Q*=04Tyv5V7A$<3V(PNIh2GVH{m?l1{=bcHW3k8akD(+4{|&EY^}^V%;V zo|C3hkgDF#Ae@gwuZDJi#ij);V<&+yWFNj1KzU9Xlylg?3@G zIMMsPz?gR4#WNTF60RxyC76EI=j8zxRgtug%H7fwJaPVQXqr&CEK7_3Wdg=l`LzsT z`SooU&27Gj80K|8!-{y!8&!~B^Fh-0_kt-u4{HSXEqBY$_q3tj{Kq|p>pk^-iH7<1 zaE*hD5cl^UvOPJM(iNX~pw5&RG4TP>j<*L4(IdXsJE}1p`=LhTpT^pFkRJ%)5h8BK z@#UO-sH3@;Y4eb3Y0Adx9}L~z&wV}FWnMr1YLAU&c(Qp#X*Zyh0J$tpc`Qxn9??M5 zxN>pXm-pv5AV3$5v3k#850(EPPEL;t7uw2453^1MXeJz55;F_U(H=!VUM6I{Y`}`} zr}P0m`-yk>9_UN3g6;(NRhcMG3lPj9!7miwpVbS%hJcz#mAz#i3Rj13^z~!Zj~xh( z!-zuXG&SA^@^9K#7UwLnoy6MfU;IaEmrO%*xl6;zGW^p{e6Lm3IcEA7T6&&{d60#} zlYd2-nDjd(Zxr9%_pl;VL!us

+E(d9>>~U-0B?&Sd@H!HMQ#pO-6L!!$kRbNm~A z>R5_Yn#(UK(MX4lz~#&-DK7)Rm5rlMO3uOHv;0SpKEfXWW9;)8d|8XweLv%GXc_ia zY~FkKnbp~el{CmcDfJJ!q$$ON1tKD@@6`LxW$rOPq=BW^7*WKnu{^x;0~~=aaZSab z0^%_gc?YT6imAVnnJ)cH`gDj#Z*P~(3m{bG=pQ-+a8 zSd_1vYW!!#rfa+D(1h#=%ubW)4CZd!dN5!|;^mQjv9C)1!(z?-SMB;-p|WYb+;Wh6 zs0W%dBn@MIog|{>4 zfIc-!ocG}Hl5c`H-EwduYcUH%FrVrUy}NXB$l1RSQYnlh%fn0r7KGugC&7daDA7jA z=L_9hr~n?!KnSoO&tgU?w|Cs5>|55Yhlq7daFVeq zuBCml_fV^osK);nB)IggjLs-}ynglz-!oo+Bs? z(S_$3ihYPc-Q*toD1m&lp_T@XMFZ3FuG$8+(S#w%p>pj>jq`T7yWs!!Zw8t(rW3{M zv!nEJk6le|gv>1dxPQrXKDH+BBUAE9HrO~*H9_emr=MEyeZG%eO3_(Ac8r1d0Vz^aF!%1+H^+C30`Qg%$<=7Ok)7T1q58r!R&)ifu z%ZB%UvtT)A&ATvGzVg=k6;Qy(cD$8AyHf5!F{p(iLi$>(qM^jWQDdgg^*pnsGaY&= zAvsLM=R}Mkdwaf^t9)rq5^gI~6wk^qfX$UZ?|bdv@nJgGu=vZ{;Jb_+9@Cq^EH7u5 zs4k3~@i$>+gAI=&Q2V7NVaq;Dq};oQEb$f*o68v;_0Pq(r7wKssA~%C}idR+ksxwj1M~DA144Hielj z$Pu3H*ScXcXQ@veX27U*V%~NB=~6N3a}8oyCE+*j<61$Q1mNjRvWgME)*>xkIwX;S zHKfGFh;@aN%iuqQJF#TK=mW`)3NY^GlX-hog1nsnBMyQ}Ejy)VC;-Q9SN=p=aQlYk z1>&ql4p;!7lt{w81Tf4l2I}{EFSes}ju<|*r3=j3jAqiRO0nv?FTAU2s7ANk)X+5` z@AxU2rN;+azRT6y2`o6tz8?lnzaTqZI+VCv!W-DH^U_nTYgk;awb5EkH4F`g3-OA# zCCthgA3ss)l);(bmVSrxBrGbA^7k*r|bys4{^1_vh;xZxT;>)EZhG z-84WJrWDsw{3)Gej82pKZZ@`L0pA=8LC?KK`2SH6nzG(RW~GEu8~ZZ^?ba{e?)}Rq zyhVO{;s0n7&t!^dT4vz+==!5m30*k78HC>WXj|Ki)=yf3JEg}8fye!HDKf(WXia5C z&?H%VFwXnTNxs_odA%0tvdfKN>0W#C+#o($^P;yg47?Y=dH|QiUF$aHl0Qq>1|hqb zZJ&28C6w-P>Di{FN*ciN2I*~gh`q#L<$!a$Y5X7&?9Bl9)Elxh58Fx{EUyAeRNR62`FI}-Z8)AILG`(@UoWzPISNqK{=L z<{aKU?{1)FPFm#_=`>+Sb2lIx&my}f@Zky<1dzVpKPDJ`XJ7SNA{@7eeR_ky17!nO zHX^d?=b@3#DGBHjo|lyvGyzqVDrjyC0*Hdl8taIMpCM^G#JqqG=H)sF>g??O5szAC zFTOqn7H-#JdrLmA(J>o1-eO;$LTvQY4FEJ}5~Db)984|ZQD0{M89Hk~p2lNh9_PL? z!XrzQNCRtv*iMEnZ<;j?4meF2ilwAe8P)Gk1b-d_B?MxXC2-Py>}1gOz|-XJdQ89& z%s_c}6RTB|Iq2|T(B5;uwMUm9HGXbiSrXwGEaT%-i`0y3n^HSGs-?NrYFwb{F5Mfp zbLz;=cUN=VaNbA|M^}o!&M2(S<(eS5J*2KAK)Yj%sAi8^72>3nPLS>X$ZPp*HRgGi zv#VcclZa_k?iyn0tdzSLMYDVclXF8+Cft=#!u<9PbmK2u95KpIp727e8<@BThDGPg zCFkp*27Q90skJL5bkO-U6>t_K_(|!mH9&t|5=<(N{GlAlr^lb4aaEA}l;?@~RVanJPR|x0g%Tonn#5M#RVURB>La zv~=yWco6x4!)*0=+~%^C&nQ%Y<0FlTRak|Ie4cunrLJw5TYKf&@dv|&ebgGWEIBQ> z$Zc<@6MDECB*BJ+#rBl*-UNHv^`fHAFQ@42a=RHs;p_d$>2@f1)(RX_NP<+g147$o z(nP@vWd;gKB8-${OoJcbB)1oaNuXXBlcMhndQ%Np|w1?exNg;?F64 zv=>gldZJe!y(G+t0KW~#uCL#H?}#|dx3--qEn4Mn^73BIXCUANb&u~_8(mCg5%hZK zx;c_kAR%qE`s&|}c@r>mZ(!?5_#-_r3H|KyS z7>~TxZ39rVo*zbD_!k6=(~dLma(qO=Y2u$LxNlLuI9s%Z^y-Sv7~j_u(T*Xiq}0QH zVrX_3kI6+RIMHoq7)F|?&A~?}YwuVD1X}VGQsYv!&U1;B1(}*n&&!T9rTeK6?p`i0 zLyo|_9x4<18+E|zkfr?bW$4H(iVa_V)l>H}bK!!KS?V|xwcNfuN1TX!uWaW`KmFq0 z(C<&WuGO)*eMch&r+*P${kLDm?Ds~K3;=|ITGcu8`%)5vm057KtHMHx(AW0XztdS_ z1CAzptRWw)`#;k(e0|ub&RA_AGs@{8&_Ae_KP5O^>>5w;zx1`2I(Ko!Yv}L9;5-)- zm}I^`LP<@ZZff3Viuaz8hzC?(&26Zoi|^_(;Vd*=zLdt-87Ewg@w^`4|L#_^ov2UM zkEN0b&v(3ye(A_o*t+7OS$caI=!2rM=N;EYBjObZ7R$-o7)y^%mwxR0>f2tAw3PuBg?vrT$~&9cI`N9Ks8S-)Dli=w3OzBZ~>eID{} zKB2G@eoozP@_IOL>-48%kEZTqfz|j`*5234C0lfuwJPkm#yxg1ipy6M3#l6CuRs`f zJqMjkcnNP*_U$v?h>Yt#`?>hl58PGjnfbThN*yc=_kI&EF!DsaH9dY#gjs5uWnEy8 z%nDT*tL%BAx$ui+eNr~9n+!U!YF{Bo3C4opLG*0xdoX6@uU?v=t;FK0K7+V~x#qBF zR4ebcpktF7Ni%WGuvJ;>Ei{g7PTljM0 zf`0-RFE)>!P5jeI!LrZvu2h2h{DBr&aS4!R?yU*UF`zncg|_S~31&7LhH0Ad`=oXB ziqE7M*0!VKUfK;=Z%mnGjBNNY?dNk zmrud1ot}pCsQVssOR#3Ct_4a=Or=}K<&zseo+35#$sc~xD<_ya1~DHsQ)ZbBwz46)q94M z_zCwLXGEoAdVcd=r4e~=B{D=ST;l-;=@o+ha<(#A{ryu7_utirtC2aHqnuoLtN(bb zLq)@M57DM?a#ustL_&0N%uYe6CRLQHa|8dX!%4nqs)%adqB-8AQw=Khszwwtl%|yS zwLXbwN2jkx^CL)eww$+XrqH(kNLNSJ_84_yE!j`xp)-2dQ8THO_HGp&r0u(!9zVr> zZFs(ACa3}y{9CmukG~e5+n^9w;84r|RnuR4H^$W#;xY3Z+WXlgs_&1cwN5#G7FUFb z^`PUp=dqhuK1sQoxg}On(N~qXCR*i&n-Fai`}u&?SnA_OKVcwHQGaX2hCo`D7z+ z1h!V--Tv`N2U#2E`P?K7bx;F1$Qq)zs^K$72sv;f-wU>#$aUCr89N)_{R1TbjpiMH zy^}GSf0xnZ{Qn{V{~r_ZYpo^8=@%TWtp>7NS`93@Vz-ZHDB{?^!W>Ae^V&|p;6e;) zp7}6sCs3X4PD+A2vWH|V0$>Ekx+HO%K!VzAhu7w}vd{~xuaG%^%q%<9SI1vKkiMg; zPUYbzQzblnIxq+Z>g;Avf(~s5!3_l?=74IY^o^NjjJx`_{`d`Box5!9#6~pP-d~-t zwqKwBpvby-l%hD5b*;u-x~!w;#Ak*kd@}FH&#GgK|5j|Qhi=&y=w<)4y3DtbZf0{v zc(C4tZcRrP{T*vX{i*k~b-mKyXl|ma zmi5bmZ;^L69x#|{BBA8JcdsdTgS{%%uL~X{ZBM<_NBG}DsA{xGs0#}ktaU+L#fChF zns43XG)WC&bW_WE3(EhVoLYfrzxv63uns@|v%Nxw|qQDe8>genD;;E@}DOwv0+=in3(3{)>>w(`-QprqAkp- z+2{PDsHcm)ZS(bZm~y4hcm+_ibxKJN#9=FHiWJ5AS5vcU(w(9-J@pVyMU~P;*ZIsx zD6-w)ZPf*PbSxK2qqn_u(K3DI)c=I}gJFS4$VxYnNR;@<5pB%B)?Jx89-Fb5B*adb zLWKP8(O*rIQM_^c19>NMX=Teui-I_z-LOm5qISx^ zxk6xO#=CHO+?q`&o~wk!3~jFzcKlU8EZvLKb;f0M!b`nZ6A}CSX!df3_FS*R(lHL{ zZVI`vvC}jYiSMJ>ow84F1aybRHuyEB5S$Nu6qQG@J+fl37jYxg z^g(ywCiEu92Z5;L1>HE%`OfL__0>WJV|qXqdPb{Xmxe1HnbvY)sHC{d|u?!~N%8{Oo+ zc58KoXlc%ON7?k*q>^%aBy}$A@3Rha?xpN-bX$3`Ct4)0^bbal&&eG9n-fO zGYNrCWc@lI;nDkhdrLwsPf78APRR#~V_s)&fq{K7|Ga zN3WA8CR4>v4zjF9&{nm6^0DEJ>QzVOo``%zIeMhGm<#%Vrsz9uR&J&=BNU>Y^^f{e zg}L-aj*?vD?o!;BNvzfiyLxx+8=x+AOPOq=i-XM~q6bSCnI{FzdxW+&`-{5v^$Z+Z zC4%@Ayss5KY@9k*i>%U@y|Nqm#Lj!4Pe--}jHpk}Y1tLr&Jf+aJ%mg^GF!1hsBvH>!8nhN(kPkVmd_EoCy-22&r$jc*t_Y&3rwh7^CwH4S_R0NxN>|} z*$m}0^<86aR`13eMqV{oQzBajAB=C(3n;`Gkc19D0mi#5{psS(4}YqW)~1uvH?mpK z;d4u`lzQqFdiKuj8Ym=JpWixyS+fc`%v)@9#!|7iQtj8WE>%4n@0E9KN?{|Ma!q^a6wuMXm zd2|ee%VFgr9r)ag>buXYqq;n^@Qk!a4wlaaCnxp4kC zyzM1xU;am5j13wtYBOuBn_W6>8F($SDrmWwI@b=n)?+l*TEZ_6xvZs1FT2@Dx`0pX9Q=bfI$Cy%OGudxo;Lpg`iLkB%+izp5febR z%DJ^0u<(xnqvTM!t9Byg7+w#Ym6>lW`sEgboDBh&56W7FymVjBS~nnQncEtG6>nm= zhcW7axJO;SQ*L`d94@^ZvtQap&33Li_|VCD0=Nb_`;!HV$IJ{8Bz=eb1r}2(^pnoo z8qPXP4NvQe5i4+|`OrBlR%en0IH?F0MMk!1;cM0Nb&Y1;#*`(`MhN| zqIQ$yQFFUG(f;dY9f<-$;@zvKVd!`!%=a|b?AGtTPsEMoS#!99>ObSaD|A47e%qq^b%OmeD`;y*mGm;kxO|F_fN(b(`XVtUz z%{~uOP&Mf_E1yYCu>>o@(tEq6z5VqtRos?@{q10ku!rOjwOp^bSatb5sDS zasAH@qF!#2$}z)C`3R`7LLmXZkFS-~xiiH#entHPRF8ITT3%XOy{Uny;g;XkCiL&N zq9`%2;BEJh&~zzn(r`A)Vvl4=ilLAp$o$;#q;+~o!6FT6uHCQz#F+B{7N%IxA0&3M zFt^>I=FJZ_GZAy{LY<>cPPO7K*B9FcIdRcRjz|Yzr%9 zpOir~G2gD;4=AmasRcz{S0BsdCfhf%-Cl+tAO92KI?vOsvmHw)E4ex3S|@uZ-z1(6 zeP4Ipgf%+tN2whiPQho9lYYO|=Ymws>V;qp{d$klD+(9A8hW4!S1tc8tR6mEDcLE#my^q64iI5oZ_@`J$m}`iU&gw18ghNCMo>rlo)t8s zFDJOaNoUTBuHCsTJc}n&K%R2>d6{#%%ZC{0>WUmbEtIV~s(6FI6EOs5%DbOaC!gtk zrKoauORd*PA)T*+G~cf zhi;mj0o~gV`RTz?=JM8454XEhmQCP(5N%ws%|qjd^&gYFC{kLiJUQK86zIL%lZ)w4 zm8Di0!36DSPDD9UNJZPq}$Ha)@pcJp091sbRq z9wfB!0ubkUexDV}MHXIsOk)if&croxI7O}HT#aL|(Z$1_RS0N432j=Q(Y8ocU&D}n zj#m&6E#1Tb7o^_>kd|lB;a{Bufhoxqq3r}&7oH`2bQuZD1JK+e@-{TrW5sv(Ihh`Sn<}cfj+lX(zF>}OoSV%UphxY1@q`EI? zrw9W}Vaa7p*{I>;GGqvNZSHdSJ~i5|_H@9MGnk$!3z*}^cA7yHl*9o(B~iFKqAu^< zl?7^yVw1~4UkiOOSPu5Rh{6fPdVqElmDg8mTOlaONx@>8`Wno0lGIFHU~rwRoO3u5 zIVh?;#Tknv$`en=#Ge;-op$;Sz5|G3ofEaXA3OnU)=jQSD-U%{Zw6kOeCWCXdSeXH zSsRX>VyPy8;F+tYA}#A7!oxllXE;UyBP{&6nUcDdDb8?p1dJAAIGZm1W%A7u2TH<+ z7!V?5Hd_v$;gHRDrp{7$tTe}?#ZYsiU=zoUp^Rt6K(6>+caO?5miJv_3xK27{& zWg$a)w5xU5ocZXfz=FX}E`SDFcq_9jsd#o=lIg2*``!g=k|tV>Zib7H+120fNf~N_ zN*~)b?iOVtMTCq$MU~#4!edssHQKY8% zuPDQnk$a`d&5FhsT{;pM5}lj#ep+>;QFqd%?NAm?HPbl4fKcL8qT2r;FEFDE%@H#{Y=g|lD!P%MdnQ^hO zZ#ME+FfqCM9D{=Oeod(*?Nso*A}@ca8o9Uu&=gJXznmzl4rSt}S%Ex%ZDaVS%pYCc zPWs(WW?rm>$l_37to^rBqn;`n!#B{o55&Yae+7U(*6)Voqg zItfCf28Kh)iDKlk2UKRrXJeWlnok6AcUU?rf7W97bdd8?D?)Q!i`p)97hEKGe%0HJ zGXlB$p_e|GgYo)MlNqmK{o@8fL0Nv0&u)WzHQP-teZc`EIK>e9)BQ=d06xl40+F9Q zjVx5oV;RrR@f^IrEvo^|JvKL|Z_aVOE17jk#m^ z&tO$beAE`EKUG;PD=M-dD!n@rXe}_1hPPXqxIy)9yE+c+N#S%41r4R-ltg6=FM@hZ zqin(rJj~{t4B7^N=cVbaJz0k&;>#bnA@K!>!&^%>o)5fIl5q~kpo+RJ*^NqS;hrY- z9#xV8cDSJm*m_yh)Mx%2_OJRcWA_?Amqt!DjavpJ4Z=;LLTbD8Zt-IMs;K_$ zh@elmYc>~<2Pd_JVQlB6TDoF2f2LfyyPp=uy%2+&And>N_VvZtBqmaI#k7Y|&a+y2&ycQ67Cr`VE z1b2A!G4RsxcZ=#^YpOKM#QT@<3&jw-_sPI>Sf1cY>#@80neD|Lqj@SeoIOb5K_Gu^vA%3_Scvy zwGaj#!ihrPrl{l`f+`UJG}@c#&~zl4Z*7}>`nBVIkbt#H$iYnUW@1EUlu_B6Ga1kPUjEau*VV~&rtq^csRm|4(4bz@N@s7?Of5ak{R8*Uxj6S02@Spu zHYM@}3awv;SEt)~yl`nUmvN_6lodnNAfRL%!!}+Jhl5K3qa)Ybh9ylo6I!AIFksKv zU0y7R*716BDy39Zyme(?zCj+!LQUU*KAm8r?;e_&Ho$98(okwBnsB%m&UB!FiTW-) z124yF^Z|G?A?5>xpxdYA7gAo|d;f*f)?q*#}Srs$A>)dU*(g`;5 z>-fTC@J%(_Ur=zdHx%hK8g#Y`#Sb@x$e6orMgFdPtLhj|vKD9e$+s zZ^r)CcILx ~C#_X}n@f_9~}*HlEz>!;t8%;~$Of>(R^NZ9wA(`k6adk$k!94J8p{6!t;j zj!COoZ``;wlggbW_7{zC9)~4GVeTOAPYEBmUMKz<_+bC10QmzlTg9wlW)VCrm;EH@ zX(%=k7E0J_2)|QW0XY zBu*!MS6_8Mc|$1*ETq)`JNV&2txLi@@|~BQvCuq# zB1X0#VCd`2H#*4;fpeR=izwTQu=^J#aNcknJSvUfm0YKL(r3}<^p_W2-~OIUZ4T}m zrX;-Z!CZi(iTTK6k*^IH(hsCnh1%1P1bcjI;UkxxrhjR?wiBqsqz2BC3g*ECCK{dj zOxXu{GN(sH2D@*q%89VPOUq#F;&0dGgF}{uh6^Ze6+HGra5XZZkQIdR?xhfA`isRL7|1GYK_ieX~ z1UHLxXX2%{!Fv=dl>D{0^ZZ`{!}X?%>Fd`?w!WG7Yu#TR_R~@;l~DSuG!kO<_C6ux zC7hdF!^wRN6*$ZZgr{lx?hdfhL=KQFntPakiB!AW8&32SN&&&j_0T{wJiY6?3`ofp z84eYEj*sl-!&9Sop`}4~3wtbq+Y&KI9jBHOq(GEGilEsqguAQaQa@&aHU{;omvS&k z8d)MZi|Ny0QS$Ye%2Fc}*!7sdF?>(*En~ZnFfYGWgG8ROp7xIqvsJd0_K};aK7a5A zkcbQ{3u+&^=5LO{-Mm$@lKUZWtu++y%*1G(8C&v_*FZzZ(cfhLSI{7yxeuf;T0Ffp zxz&OIZkpoftGzJ}!H(nOs zH}wVKgny#TmX9ZmoVz3GLa|6KXkE)7=@4*UdT$KQ5q12oFBSo{e9F|6}H@F<<=;EYVJtd8P(JAud;Gg)9 z5p*=fR%Hg8Od30*`$grqfS?c5*O8Q=_-tRX|I?W3?nRLkf#FnJEx*1ch|m%91owpZ z5K9xR!gd8-G$iae{QHk3RYBtg5yR|@1afU-<8h2<(XkL`kX0w{0kS;ntr7MwcJbpI z-6A#Ee{#UaU1Ca_XKS%Io(1!L4R71s*zXn|bwj-QXJK*H1*-5W+u6-2Ko27ID?CL6 z`tjN*;)jwN0UO4RD=FT8OwUuqRkW|(D4wN+wc;M?M^luO{#NT6A?4EkO_x2#eC0oG z)ArjCY8!LnRrKSlMc6W__i?bwHYyflHP-WEz!EP1X7$_Fyhhoy(L1&MYu-xApxo{^5hgW@tRT@n(=saNu_k%>ivm5VOQX+OOGIM$AnnwSR^+>< zVyXkQ+&FGLp&{^Z;u#BiYT~LAEDq>^mN!q`b`zNtld?aGu?0yL5t8^HV+N#^6+R!O z38zabWU&bH!6Vx8?}Sqoz^MitTa?m7w9_|%S-^J;vzK}6-3x)z^ z5RXF(_iR;u`k^X$P)O!$0!%?wNpfVBx-?r%dKk!kgo%*(Bh_rR8-tAEh;xc0F)=sPmwUJqBpMnGT62G$ z{?wnMbd8S`WDbd|unm=>e}RKxm=YtE_FgRLHyPf_Q)U#t1;H>#N`^SdxRdy;$AMAA ze-d{lHAIfB&RQq0aCO7w(_oJ6;76SlTq5FSQzztLp$+~Ct^-q0>rjwDCuFy6vqLLq zmn;cQ!a`UYL`~1dNXOh-=5r5PaT{D%nl+TtszNEme@JWkH&&RxNGZub7}HU}@CHV< zrI+KRwZ{O{uK9OuEk$*#_-7=Ssq(xQV0M(Lh5v0$c2bac8=E>V!ei&c0Gm*Muj{P> zh(|S7%(lqQ zgA2gvlCv%-;&}JVFiTj4z@v?@`$86;$+x7}_L!h3c<+7c#`wqo>jL0k`5-$;M`QAs z_x3waXASxTHCkj*K~gr8`h*6hVyK`h8ac`3)WV8GcMZ)up|}d@nboJi&zSi)_S>*H zZsWC&3tij?ANplrt&vxEZZn}NHdP9X3lZN_BP=1^42^IU8vHs-huL;Xd zx8B&7!7RU++Xd%~LM;mVmN2|o7`$8XrD38c3f~GHL{7)l>OA}SIhqK*KMBa}crAnd zCWtQx)6Xn0BnTUa_!Ti2&*29X>O~OVM;eJp9DLcA(R6IIf>BzHv^3FglwQY36H7CR zqPQQAVjdB`8Mv0P$}0TpVfbNLZl2^#jB}o|Gg{dXtDv-U^%{4_Y_S5WYgB=HeuSgy z35aI?=+0ym>s`AJV&BNj1VZ(Q*R!uKfRn`GH{Uj^bk zs-uVu+gbNIC92uY3)9MQ_uD?cLCZ=b0z7{#Fr2){CgTZ_AZ085lnG;^XUN?XNh6#* z?9MkqZ>^+amK`KoVO#~RJH=hgIOY_TV;vqw@{es>S(ZPfb2Ih*medZXAeN1RbUp!5 z5evldNEH8u)v4ZDu?57?#jsgnu)(7RKtW)oyP13gexvR z&C*S-fx{6iud=dIZQLKPhx5_D;jZY7<6u}}m90koxX!8}4d#r~Iu;7ktmTt7AxzR%v7n-)Zhozf}?9rXyaXfAncs;Z?lm3ISe#VhN`2r7|(b zrj7bCL%AwBQ*)0>_=_0NBY#Hj@HWKo6OCXgqivkBR|;PeXaiaaW{IF6a7woh_g8Yv zE@QkE7j)vX|IXTnm?x(Jk{U%6xI-O5qSgewr}^DNRi8`0;7$Z@y=TgtGfB`O%?gDm zXqrAVtVCa1dZ)u|Yj$(MLF`)3U=7U}W%#iCU%-n~UE-1BK;t#2o4@V<@b%R}QN7{6 zB1o4~3oI=mxim;gE6o?BQ%Xv@OLA#MNta48?-4{=uxj}8nr>Idbmh;9xi|Qb`MOdKe9a? z%W_z#`E%HOlE3)Ed0Na(J{!to;NJ1ocR17#l#MRrp|3-Yk4EZ!uD3}Sv{if4T#11SMhKsO zCd7=~=W8eDDsi@gNl+lu7OWy`+R6ymBXI#k;D1`hFc1E_SN<7Cu47 z`h1i#D@YXjP+3R^-)wAae!p381Wt&xe`TSG%ZhI>G)2jI=GY{+{S&>yKcnz%1+Vu! zn1)q^#~|t`VY%h^0=w(ksF82acP`eA{NO<|#?(j!CL|VCE4OZ>R?^|OuaAq&Jx=sc z6h|_aAXTyD5Pkw2?`2hC(CX!v{xvwCWPF3wh3jGy*9-pzmXX?#wu4oQS z|0OXwK<^%ALWxe}FP>GA|EP{MB`vV5&X08)bAzqoE;63&3<&d$rOipkJq!yA5z$E& z`FJJv^0hsa6*)$ImE7TEBTf*PZ<}cJFsj=d7nDDOw>QS{z&>Fe(=-kS_RnwcL?fj9 zB%H!jZYraNo*gfdvR`)1aP|C1y;*$$;^(}5-MyMJ<3=vOJ>>cyUr@!>)pSNV5ID#9%4>&MjWNa)c6aq= zlZcL`RsNb-5JS%(Ek@(DhHbQxc1mTK%jYQWYr{IfysB(R$Yty<&q-)VL5g2>zn2qT z9%s=*p&K2KB+>Qt%)^;0q90*yqj}+kKvu0oJHNQ%V6iBX)9r`m^hQh_)_>sNxxfCa z4Gn||c*$Kv!jAuYeFdBA6Mz0`aicu1<>J!oLlcCB9{-gqJ^6V_PiMucY<8KU=&Vdy za_u{*j{!@y=!;G$uh)T96ilo-nJtZt$Bn%N#ZC9D290_{u1kmLL(S*CD03Fd@SO4c zHthDm$9X3UhuU0N-+0d6TGm#NjU&j4BRk#zjG2HBE{DO zrIYXjd!bT#u}p~$tzRDrIf?#y#BD^z%dhxt2=bLfRc;1;ON+k-I)Y zn^&VThz_aB6XGax%$<+ki1pMm#NU9(c`nx2L>n+^dJAKRE5?8~nmj(2(Vd3Uc&QudamfYgSY6%FKILU1+R;t zP)Zh#{nW_UM5)n5D?B?h)E}mg7WhL^%o~DTKqh=|6p9{kd#j-)D?xJoj@hvktLLDWf&yk**3M9@jbuV<^sN@@DZ>a7pC z9t1hT2C0)h(;p>Kzq-UD8Cj48DRTSghZCwaZ_GGn#m5%^CA6ZfI_7Y@ziP41q-1Xzu*maXJU!wizokLV;hQXBb(QZ>n26 z`yEZHtly=47RP<9kQ}QNqFChyYu~EO4Jz$`sM%Z^wqAhnY+S8U{R*H zwx>Y&;b#|#PCBf}MP!BMUyt^m=9AS5d7VspO$eB{LO@2&Ai3bkby$3W_oH~`@qev# z)>Y*o( zWNaK+Qy`^s-U=XT{azCF%+dB_o=E`5btG~x6?BkS8@^(kqr z*+yo(rSh6CRYSx&WwN%$eUF3rdkIY&$-u`IlSn|sUEmnANoTCCnz+{C%k_*+}H z#29F_@3ZD+#iQXgt<*@MS~H!b!qzKWs+JriOEHt)vc+FB$y4`JANs|1(@+6Aj-Cy0 zYLqX1JJv^5^#GG@YiFWv33>_QEWfCQSHIV_7H>9OoQdQvzQij(inAZ1-c}3E@)nKa znVrkkGO0D6`~0Lg%v-nddwB3>_v#bpUZFjyT!)zyvey0kI~w@}xaL;wc+Pd74c#&= zBxd#$zCd!CSWty!KLAMd=ay63_kqM_TMZ2{u^BLjYns-r86=yvrEApnYkub zhn0N3ejrPb%473AcLkGF`#L$v`Z^6UQ~Su-Q%XYnK%gybz5)lN1yZG)Ezw$%dKq1R10>db2g+W-A1(ZK zz*z%(?4Msdd{KG{&AYorredH=qFP2%;GG|{FW!B3t`vySE$dt&UQ$XW!Rp*=+xz4>^~UPzaqC zRp3*Xsl8fmR@Ry1S6aPWgD^+3x!lkv>*@|?1%Zt_T1k-e2@&Bna!IJV+0`9iK!9CH zAk1}Wqrkv8Zp|%2j%#VhZ0pW<+PGO~kx8}of#9s-=FUxOWE7otfb7K(#WuWF0=jj& z@X=;kSbKTAl=E+jmABHyTmKdy*K4NHyf5xAEE5B!P=jVzN8y)3k$K~=4z3b{?MoEP zF3`8+TIjpbFV>lBlreW?5=fn&A$2KUVY=|2_{{2m&Ul~a2C_oar+ zXBMk#qMyNQaGt^yJDv2?hmxfd9prq;;D;FSExcZ*YtdLN#iP0Eg|Q=7no)Rd-tAS_ z&YE32!Q$D#5v9pv)6dIJrbR25qfKT3CY-K2XJxw38uteCnN+`xcS-r%+L~xWxE%&u z5$`MfP#-URh;`l((Zze`mtuw3+h8in+`?Nqn}}sqWIB@7Zr`fU-HLu4ex^$e_l~WH zsp&nO5te4s3|Q}IPw%aNy1MxFg|3P!u4^s^20JR4Yor<2ff+Pf*env&-$!wry*WH> znuWAjsK$x;O*Tetxh#@3?tA0X%EM?x7u6t!o$!jsyG+^3qXR>dvw$4rg8zPbq21u= z%E?FXb@Nl74m#=wG2YJs>4Be*BLw=(M6b@A32Y=OLx1)=b)G8G;Gt%53-t8HQ84Ok&07ei{P(O6Cd;8(i@(8&C+0OQq0)Y(q+)=;Wlz{XB$E#C>f z#0S!zs3!XMfMUd6-6e+NPMyQb*5$!mDjPc9?Q!ZU>T7^L{xEQ_jT7SqfGLl+^5U<7 z>cwnX#iW@?64s>_l=4!H-q}_w!u6I2JbC`1c*d^r)x>rKFcuO8I{ey>+0=RGPT;(_ zNRJ&4ulkIf6pb395-e)o3m$vzZd7}XzH_+kB7LP@4(DDzc87yt7 z9yqG9=nmM!)v-WX!hw+)Y#>Rm-HJB4o|C7LmJU^tlH-+QGp}twtZ-q0SPFm;BrpM-%BcO_$OqrN1Oe z2cI5DWF>K#^SVYAc8rVai;fOhx70FtOZ`e~sjEtfx9gXhmk^tmXdX2;u!T;V&Nd#3 zVZfWOST=)eVdj(k2?|TYHl`pboi{o@ViJ`i&Z?f}az+NI$QwVK(1z=j&wc$0pUbGT zm2@(uk`p`dCg;}Q(=O5H>5Vq^8U*Xq+LGx^B*F_UIpbhXbzs7ca3TG6kYik9V`CJ} zsP#zt*2BY9yWNT&?VvLuYAaUC2eXPY=Kx^$oi83Ko}Qv?td9G#=6L#UKV}EjoB%aR zmOeG_Y$~_W-u6gFf#u!htmqjof=FHYY@gulviz*6TV1K8oQ?LE^t7bd(QM_y;UL_p zgY%E#L0dA;(biBnzx6T+=je>+_m)-n^_LL8x3Hb-QEkmsECsD4%xu6_N_jB^zI9<$uz@)4HR5vNt`m)&?zxS?&CydqMNG zQHkmi*qMf`ZF*TjA4W$=?v58czgX0}&9Mu6+_}};=|F_(rBXPJwydy^3ZleU>KqD? z3r+6OJ+|Ff%BiIu#{&iYAiQ0O25rf?_(P;GebK+e|9yG44Ng$4=W)PHt}jLE9G}sn zu-*J@?Vx@3V}`KZ`px;#wpv8jUy?4u9^8#?3#rT)u9IJ*Eved&NspWE^gJ&3e^VWiny7`h*W`io{#1P~x!R-@hob zVLPzE<@=kNb`OAWKjE?F7QCvsM0|Jfc7Z-?fZ`xsH->KV2`LUtBkniJ1GY!86!z7o z_tULpx5v5ZvZcZ(%9dcs+{4bmB#sC^wwGUDb?#4FH*fr>u0L0GH1gbhYbnd^Vt>Y& zX_>Yh1&PqyHuxp%4&3c{Kf2d&R`u*uvB83%!}y=%%$4{l{~MDUWIK1= z?AM(6t>rsY=fL4WGHX94Q^DSMzO8C>Y`nDSi#+;Ez1!L{@Lee6`M&zHHG$zBu(dej~I})xJrvWnm z1@Ei4hDzOa-k-r9CtDWLQzx+yY{p5sv@89!ZB-l7r3O8pirDWPm3eK&OC`c>%I+%_ zTfa(S#uhBI<^cJB_6@9TTZjz6I^t%sN zeKF^5xV3+huyNjE7UF{=>h~sde+UCk$qu!%le}hv?qi2%M1nCN0aA>H;@=dmg<9@F zu#HSqzo(S;x;>70^6`GSu~qB_hi2-;M$tq82-CY07N2!JeaH}Yb ztcrWH)cB!TyYU|zKZQ$@yb|kxM$coSxG`=TiY^g6o4PoAR9>bQdKE66I0p4bz^?E2AM@I%8bX@ag&$>a0Ct_&)oyOQ?c^{Z3#rWl$P;$2 z@A6eMw%Y(AbmWyU>~-kp=0hPUum5TXny}CLC!=S#fUh!h;-gi)|E-50p~e@siF{S+ zE5Hc#H@$I-SLN+GMf)z`=xOqsDPrmkwq<81ABXKfKkja4O`VvgQbzlXhIB!@qHmV~ z_oQRVxsOJ_zBK6(V3@k7W(ZBaUTw8jZ(}SUMw|i`6|eYh21`QCEz0EROIE%fUPfI# zqEeS#9NYQdwcb=1*I0!4KJ?UsIZRb#l6=j(MXq{Jczs52Cv%vK^M>WF_Nb4e_<|Wc z2MGf0N_?%)Eua8>yIwY_p2CFo?=qF3Ch6n`q4`huVtfbxf;fl8pJ@Juw;rX)qzo-v z`^hpRS=Q{~lo6w3_GEYW#!P!=vx~YmIUhmW_a;O2_G7~i!}BFOucn8RSfxagNMT5O z@m$s37M+`!^K@4Fv{yP(%lUA=HtO`BP5cocYtp7=`=l*(XY6+>e+9sUQ%i0Ws>sjvjiRpG zh0-TLdWx+ca+N+u;#b;#kE3G8yVp;A0r}&U_0It0T0|yn%p~V;_Oc@QqDz^HG+vJO4N%GRV3$Q=!$IldmUX_a*RxOHNN&67 zLiS>V;-$AeCt~b@U!~zIR67c-8S!R&!9)$)5BVb~(9xf^4^QEyPvAG-LI2g-eekrY z3M;pa-VR<6$4^yuox*?v0)|V-V$C@(Cz8M8WB?=luQHviCB{y;*-hN1(0@TjN4?aJ zZX3O^OaokcRdPdLDuH|eHQqSs6F^GQNI)%ADBipJtbV(LR?MSh{Vx+8Dk4MDzlrKO z;HCeVC(`xg8Ne}M>^hZtM8yw{j(Ysl6_PogEVl=?-wx`u<$Mp=PP2Af{G*-KIX|5F z@I*6J{=AdE z>lb7VmUgS4w06@p1CCKD@FGtOb~x)_TaKyGAMLZP^hnpsO!@gM(`y3fxb}zbPl8YE z*urPnj!e8I=-^Cp4{c1K-h{ZyiVvA<{nvi@j>`ROgp7gZly1p(GeQ##?GU9n8nJAU zRkPbuc-3I0c3FuW?fV4pk~q7?!k|l)d{aN!EO3e*PgrX*0+-dC&?k6stz&kpEZ*!K zL$7R1W;GZ^^W#ZlSW8$$@BMY3R2j%05T*1qR%l(Ioxp>My*j*leL%a% zpg)lwq3gMxB*JJZvHPAdF7@h{Vfd1dD>(u+U}|L*`1i(IqeCS+(iY`=>32t|Nl)R$9s9 z0$)g&9y_3-YCo^#Y^AFu0S2(Epcp1s#klmJ$CUobl@OnU_pvzuK2qy@7&~^fHM8t2 zLN(@GZ@=_PQ)FVX8bLI}rusb&U}Id6UI*D(oOApaZg+n54>PtJp|ZJ;rJDAHe+Cue zy{@&J(irBa?eNQsBI{|KdrP6w*@c5<{^Paa2gGPnmZ!K16LeRRH%jVmeMpx^t`0=pHAWgoH-PoQ0kNK0q zcagQQ1mz_W6Q}EnC0r&D9ODM~_OfwF*XBWrDmk6}&xoeVjKr=0!+q6c{`rtDD0)yb zh4%Y@84e9Vd({lIg2l)PbUb*o|LtYdo!@rS*ARj~#3RiI#zWTQ1h&@qcZHMInNz zISMh<`+c}jU;a84^0dkGm|LmS%%3PG8PJ(261WYn4tI9S`WB|12Dw7*oWw2qiMK|s zgRwL})pT|>9;Ru{EIv&o}9E)4JVhW?&EvT&DQvK>>iQ6u0s3yi# zp>gRXuSzTE#VQ$RhMyq*1mVpzskZi)+pFVpkuFU_s{}1j!Riz1{@NMiVufcmAkZon z7D4X`kOESCm5_RJvqltHNca;C9kbA!8oVBgRv_XwTsh*Q&FEZ6L`x)fS3xzo=`dT7 zJ*XQ)o+&?V1;-ExhvYOKr-$Dbd}Y4L_8MtFnUOp|wM!M82wV6k1URYJ~OGU~VKoW64A}YWA2y#u#L3#>mzs zR+~Bjo(z#ejnp2IjjB8?b~!IPscXQZoHtKhtlqTK9`%}qJQFJ>lNAa0LybwaSKQRy z83KI76_{QrgdxE zPLSQw0FWi8;n&wPvNlxtg1ERXnWd z{qJ9dY$q5vF&_aC!iFeG)rYn1`PCa^A_yhJJCzhChs2oWGap>}u;h>0+jaJH>*Es> zA2el5&655jd=||_XJ$bb?b=nL`AegstZ9#ZM7DQPv|VL zGNY%=+1Bx+gVsMnZ%Hr-1XKFc4I^XTDsvQ@&16`*A14{g-t|PQ;81fh9YgzRZ*of} z&6AipsPQPu-QvZ)Qdug~hXV`SO1e%*XjxjIbS+vFfDQYBacXk>XCtxQ+pSwRVgyBR z)biWTcmdJQjMpXHVmBYYFkLq0w!~BNE6_-?nU%z?ed(rz4^j4Wd=cr1hbBym;V)m(Mil$HjrygA48Ng2x@F0l^^FG_Qan%J(H9(9YF;J685?jay zv@{yj4B`~w9Z(F#6!`RqUgBeDHFD(IbhrcdNnqZKp&zoSk3U;dQko;+prvRsl0Icg zW)CaFoZw0BnR^;e*#{iy6ZyyyXxWd2zuxgjKhEEtOXJPmpd}D71v`Y=2bv{+-<1(? zd8w5z7b|@Z`>2bg%vMVTFLmT=6d!O9VW%0(K(2m~HlgXbw! zq{?ySD66FOP-Gr0qALzhiO6+;{YRdAkNV0Yp6s7k*h2zC+7)}U;avpo*COVhzo?|R z#>Gj$Byxoh@wBUa+oSAvU<|76;f->&2E6Wl;(6uhPUu?Eu_O{icbQ`-a*|69<#t!a zKbDM>TS#rBSH+-jV`QP{sA{@}ol|xXJ~mxskitdq?PiL8t5IjB?7jf{R0?xV2K$%X zAaRLi;q`;8pe^TgSZ>h0Z!?q@8{FmZpJJvWpqFo(*w>b*(bsT$Hx1Ju*wJ2-B=DzHHtHH6J<$Xl3WUFTJ16$gr`rYJ{ zg2tH+lCoGU8 zAyWD-B(L1sfIoIt9b*?RXn`2=l8-O=kH5APPLLIKieq;Uy|hXWo05pj>`kyn4`kIq z;zS`R6jH()Gl1ueNMhL&US>0A3$foZtIGeJBh@dPF{`NlgU#sc1=N^y1BzrLC~-2= zXgS|&E;EPH$7Gbg4_zc`4fw)N&qjC7nmtL3$;e^zM;{e8K&vNcn%8kelA=UP$kB;q zkxUp;XS}3e^a&!XCrQe;Tb_iyLR56Qvf9?Ps2$01CFoW-=PG-KE$_#tD!yr_6A`uP*>h%B>P z?CXvvR>>64qPd=M8PrYgm@*S|0m*M65X=bdU=WXfc?}jLQA3EvB!hOD<}3u0EqWu| zS@s@OKPmk>foe52*^a-PlE38B23wa#hqI+Q^vq(gUE459D%^~b;5xr6I@nBm@MryU z7Moe`2r2vvsBc&gM9yTf6mCC)m*Q;C9)1>M3c*d$WnQR%{HjnpRj#A_L!OimpFgG3 zaaRPLWFW@sE?! zZQhOiXz*y?$(|qzBqSPBIRb5FXxq_J0MbPmp$U(~pcEZlT(_{gG|xEkI??0@0U5%x zH4W^N96EZP&Zi(t1jnH*(=g*p0J{Yd}mUAC5N4?2icli~Zbvsifzt$@9w9xrv3ax&zV8Fz$ zcTD{)x=bthjuAn%W3Fp~t7#@GiWZ&_mak0A9GSg8WS05uWGjQd+4ESZk1-Cp2=1(S zZx7n`p7;v)UOAYnbgj1!O3Md@({+nfoIVYAmdh@#*m^FL3i)xio3LSRrpy29fc0zf z;kbHZNV9e`$Fdj~-gA@>*S)>J>dW6F=%&GsErFS1yBV7snPH5KV-W}I0X{xWgYpxi zDygRXu;>0(8<@k@t;B}BeIXQ^TxzQ0AK86~W<@N9=*_dU`rRS@igC_O)$UP;3r+p6 z>ArZ~k5s-m6_RrsHmyuA?X=Gby>6pKWk)7j?|ttdkvLS_$r`)4wqlW!16#~aMqjfY z1!)j%Hj~Q=uMag~?V@3Y)zaX;b5w{|rb=RstaF5Rs5fNPqRZ}VY>QXiXjvOC? zEI!KPygXRZR{k!I<1VyAOd>?cplzX1H;i4bRS>7vz?Q@2ZXeW9ksn*ao|7rTGD?>u zdjx0t5X#%4+a^C=W5Z-QSFFfduiI7vV=iuNAtFV~g2!lUFV5=RZAb7TB?+5-U$&4w zE4H6AePJrIA*!djojX9nGWyo9J`|@5{|S3B*8=G*JAAMUH0K%ft;b~iwbw~Rv&}5M zQS5dG8%G$C=Ii|WrP4n*bprI_!t^?lp48V<1T>x|Ry+Iz1?p5-VH<=+0 z*w21^qR*5EErIZAf~IUU<$>aA_3m#0Oxu!{32hNsN=qsOQFxgqng*$foc2xn2q(msXP?8}gFw99=t&Gsm)m-9NEVbC4v>3^zIVjspkES%>gx9obQ z8oc6XJ_Z?vTA@}sL8J3EM)j@Op=2SK!w0Tda5=S@42UeM0t;3eBD@TF3kF|oHcM`} z8{mOh1Tqev*?)MCADzwnGf>?U8Z;t=#g+`x_8at-JvC_X0@6+fk*QYO`+H(^Q+Xy% z^pI&@OkiL(A*icBShW>-r79xz9D{Nle{+e6H4==z;s-~Elg~vYVw7mmT8r|<#dB_G zFzA2jhhSs*0&+nzYpW6nIRMopI6~jV{AJDZk|A)(A?^>^z((1s(eGixMe@G3#z-OG z#7KZe?VCG;&IUQkKm7tPIL*1Bx9O2t`YHrW$ z+Cr3suQw&KuVv+U7@;e~qJE~2W>;g)j_*ZFrpp0|+Bc2Im~$&zQnv8w`oF^DUOfGf z+@|%H%q|gZDi64LYLabfU9+Y`=5Wl5Ed#a}vOCKslbF1}#I zi8)4})UoL4Ki4xnv9Iw2z%*_N38RJJCkw5<@fo7NZES@v zkpAIZ$=c$e-Xa1;S9NRG;0@?348O^rJs`<_+4MN#n@P^R%K1H@#mT^ym8=%rDl&8%*6wGQO`9+YT#g@lO3tqwR;19ak1hm)3lv+$t#g7XZd8)@Lj69 zoS(l!2*62xia`NqFp9jm%j_EIN%RzF+|$oC=-pQyY&-Fk+W8Df8Pnd{v5SW-R z)@3o5^CC!)nl=4hKp}Nw!~{t$Ir=m6#rg9Z5g~7@`Qd~qhj}Qxz#5S?kJ&4DMr0l< z9^)C|+zZ+iP3U{@{ez!(twkLEn>-}d(erw&q~A;Dj9v4+3wi=cuQP z4=uUxK<@Xyutcwg9pHf3j{mltpowx4k~4;XooTU_><`>mop}qxTu3Z6sjjLL$O)5_ z&;cMoctw8;ukUE^ri(6Q@xwXBgFaZd%B4jo(cxDRmj(YL!AuPS_>`0Lg=Ur{@Wtal z9;R2?xJ)7$_(KAQJd>y{f5Rld@HDW{?VMN`yi@~c@|{z>4)*6KZVA!bS05bzd=uuu zYYcgy4CH)b`pdke`bqD1Mj|yPYUO_CUYbL*OuYrlA#vfEbBZ{|y_(7*BI6Eq5PWzk zsoYRLM@c?aOb36$aaDb*Lhe*w;Hl~=?eX&mkz1BvvoYpfb?}~FbG&b7Gj?y^b8oA< z{9CyiS;=tMi;YoXqGpAgOM86&K1S=PXtPAPo?gZ|^{W}<36mVPzJ8D8X=LRh&C%q$ z2c*GI#Wn1``MeNi3f5AdkPhlIL4@jShc%;MqH{d>>*EXou-LED<-ZhzIq~bOvgAkt zzP7axrXS)b=#O_;GruT>?j)lTc*j8}y7cVZNxLK>HZhxIgR_X4R-*nZ9zBe%$kE#_ zXMzXRB-%nTB~;{|QfEs3v3CxqmlB>2b&jhJm(MTyz)}2JnhNFBzHPC!U@I4Tb5Tt! zC%GxyO{evD@pmb=aVXPB?V>g&aw}KW(N{;bP%hGPA1%Hw4uGCIJlvz zXqJA)EZ=v1_Fl!@Riy~C$NFB<;tpA3Hf_mf^9R}6fOGexrG52d$h%rzg)qp={rBD& zrsIsj+n{cvYpe4~%v zHX5xUvzYI>RjN5^hx)562FU8Z7GgrDTGL$XGv}%e|+*lM-(kI-yGKk~40KM%IV2!D@ zL7Sx@q}@O`W9dEGS6R^nzk<(9_geh*Scx+QDdrzH)cKmxuGtM00DWn;8V$tHL%*hX;1 zGcVNAaM7@m(aG*m%POR>0_utQZpD90_V^WQW)b1e08vrzT|$hvnrz}hn!V~9^IoXG znl>r*A}BVzv{k&a(Kf=B=s|NE@V(HDW!iT*F3f~Gc_)DS+v&wZ3ZQlR-A~bzTOrU4 zQ({$@M*LkltF-X%;ANL!=VC8Et-QPR`$eI!8CJr%qrDuL(#xC4li7RGqo#=ff3AK! zSo3{wXGhAPvf1i8L+lUxvO8@vTD9;ynG|(9iL|S2WJ&b`nypcs5`M9rAD^48?I6n! z7voNLz`^x_Ws%5@9cC`}_^pfhH5bjR9Hd+x$`Uc-t(jF_=%6a!#zrfzs+^n%Z7Uef z`D!+WWU=G8x^L-SQRk<9;MHp@^kJh=yDGnTZ6_3qZ=y@KLftc==pVgv#sR_5IigVq ztfU=}C@#DpO^Ro&VQzVP_Ri$`{*71;QZX-Ya6tCQ4aNRTs$3Blk)r#P^9h?k5ml0J zch?BtGRwq@m_#O@j^mw(1@EfZ-OR#fl+Cl#)8ilhgbKLZ(g6U=h^JldK{xV;ctCmg z&NRC8L6K1pK(d#SSXKWo+u$8fVsfNXyiy1d=i=v(Od+_0=<}u*iB)zwKfCt4bK_9< zHuxcg1v6op`kyDktwcLWo`PV>4o1o^;T2HAEDlxWeHun{kSf~Tz@r%1J3XHB1{tJ$ zwiF>x+Fm(Bl={6-UuymyFK^?ii9Cr3+u}bUOXArx78$ut(r)j9eOT~==bTtq*M%jo<4vTPq@8ip8_jjUsBNs7H^_2(C((s&kXKK*`%HQYJg{Hj0`^(yg?T zK-_f-cb-fuKc(vUE_d?UvO*Vm)#xIoB713nn$csE1#is?dxuIsj}hJ?zxQp00)w}I z0cll~to)j0lK7;NhNQg?+&BouSTf@ju%VT?!=*%deYW(&PxMZ@Pm51-t?pZSp-nG; zOac(j6re36nNos>r8hRiWp)Z>j^4 z9L_|JB&X#)GStaLZBxqNT^7d&Kc(?-Jk3k^%_2okdE!)Bk>^)-$*|f9()x<=)DlDK zzir~|hnK8&ikf>|N?8_nQuu#=@4?=mq9Etqll&<)k4pNIMXISv`bAk1AN;;uWSk;W z;l^I_RWh$s>Tk6A`K;U%0Qt?bbJ4Y-#S)2dL6XlZvPw<)cjCvo|4Y`9q)pTvWngn* zKg_7)Jo&%90ECZ%{s}PH^ohD%8a~~V?f^K@QIK-(KgoykhJ?`{?W!hC;vN!n=~j{z zjzijrQ@wc!@EH$q#cTNgT!|P=-Tz#s-fzmg$Nc#4Z}G2#v=KkVe;%TU#Y(j?d0(C4UY$KxPCnQ*Q9@Sg6zE%*nlYP}njee{&kY(kxMPbaZusi9=}S-qZq`YCJqg*@<me1Er?isoT#qvE1j*$SC$(Jlh>h z?oUq_eZP33QI3xOfcJa|?n^M+7}KLL_8Cy)!NgY_p=5T@8SvQ}=T==Ivj$(A_urUk zuwANrkuXuuhJN+!Dcv7GT5GuI`FA2}EoR*kCofc*r#?ik@F8~|U0hsVbRGC>e!p(8 z-smOZdF%MSf+NnUm7YLSJsERQ3Gz;t?uYVJKp(h;!fat(m}vVy6@P71v%GiJP`!jfWbs#A;<)fd({VQn)Hr@+UROqR}V(jJxW~ z*~*uPH;{O|ec>?W=VDzqnFk)9{bIt(n|1X?;`91|JuBybY$G&<*K1t&(WrmjULLvv z@U;thF*z`#+_~>q(Vp(dN_$f663}$Y9KW=Kzyu7Ro67)5 z+SOV{z(EUj z$4Td{M@lu!+3x$*MoUe#7mER(u;OGM_|jfcd6ZW$S$0})4JOx$&j6GtcYbRgx5h^6 z#n8wJqeFec#mK~h#Y*$O$v^$0%jgqu$WHvl9GmxYGK^l`S37W2L%fWgOqtzZUv=;?u2-b*>CNfc|B zyHDgJTni8_$Gz&AETFPiAj!XRG!jQH7A=;J^F@aMW+zZZw>_Me>!qZwt|P96<@Z++ z#u=NtVxrk_ImF!Tc-+0m+XiN6c2tBFEYLaYT1-T_IWdI_LV@rW3b}(IA?1l80L8 zv$l%P@Bj3+w@3(4_seNlo2a59!{xv)qOJPt{<_p(WzW%E9t>Z_tO?ppH~;0QXqYHi zA;FIZr&M~3C&DuTgfK7OY#FP&n%UQ6+HtzPrM}U1rwO2Kvu5=jb#g=z{Z%+_Ig6{= z|5a?#9w38xbFU@|gHAbaiQb^N9Hp-sDSG;N;NE6_a1_sE?Zs8LER?1yS#;SE5aKLQ zxJ$9e@@Y%X`NJIF@frdWbu-1ujA2SU*QNgdMblYFMe+V^SQ=p|sijK+$t9#41Q98b zZjh3euBCgaFWn`e(%rdqcXxMpzT@wl_fHNScFvrc&pz|ab=~(IKNFo^hTY_c!g9&- zpWiki4&C|k3yU=rf7&6Ojdft@6=D1J0L#&=c7Eg8duO17!DeST{Vz@un@?n!X~bYE z0NZ{kYl3>~JMXlp)1NG62qyi9xWo$kc<;+$z1Mhih~Hzt|Ac9Mw>6S6;rAFfs3_B8 z2<<5maAJ~i^mQ^)q`>zo3OYCSJX&rZIa=^ma;!7v)Q@*M;Qd}GbhE|NR1Vj0+!6go zkeo}hkvY(SwvNNDKV4dTi(`gplncI-EFs$jHZ3*-h#tkiFwsxK?LQ|uBgd6l9hN-!beaPi)wZ(Q}q?0+L^Y|!NIo=J8* zrq(gPleq0u29^8~=+=sB8I*J)*2gyT>j7-ZJtNgaYeFU}nQ7S1pL2}d3GL%u;kQ3I z+7(t2a3#N@(kt3PQAXWncV`FntGz9)>V7*f#0+@*~uQJcB1?kpTZiN!y)YmO&*&UB=mOGZ)>cST*C zdBA{Jt_u|WehbC{Qzi$mdHDsqpp+IM!&mW15SzJ7!whbHjKD~!Aa?DR=_5Q8Y^FnD zi+rO;tCbeH?>}%{R9Ey$obnCpQu{T#PO)av0uBGVUJR`rue?0hPS<$9KwSXnTNsUM zTGZLbOY#A;BWjC|>9{iUsYu9$dM3ADNwW^{V?}E{f02;zxyv-wo@+W~}>w)o+%x=PO~b7?ajedhxWzvZJUi-|=5&$qPZ2-*e2x2whe z`Iye%HiR1E_fh8%In%Pka0eRfnaf374*TNXlERY{3v|^ct>PL{w0Y| z<-1kOgaF2hxRwZe|42&Zr!8Ee=ZnYGkW?f1jF079KTqOC3Fzl@Ay5r7t!Blv{E>v3&$GpV8oSTP_~zg1by$Rf^Vpo<~0 zq6i`c@WCbCFV8>Xo&ko&8Q>RP0QA=hFeg;S`#P@xmUdzd`5p+tevh%E8X4aRe0N(^ zAs&g3(SGgAY@`2@v(XRn(Gz@p-P0H;T$p#Cw;IPnrG3>E;>TJJ~{gPtz>h$WI&Cs-YS`S>4SgiIN@jd zcnZOry8Ejijp9i6=9@!d@dt0ux9S>?Q=seUv$T&~)qC+KCa$MhE%UV_LN`H1ugI(Z zyLQ^0l~!l%4N)o3s%9#&OvFBqWd5NE)shpTrP=Rg3Y2#bO?@x$o}JkqY}8|7!pzH{ zzJfPz@BI4&8lWpJ?lCxX_i+$$9;*QQrix;7alt0iY`pO_1P>s1y+_7C07_%?o6@3%(eXXtja z8rML^`}c%iA^9CxU~9hGVoku=Jog5G)7DCmGyO|`GOLxuaJQEkIIQ}-g0BXfhjIS5 zqty;MahgsGw0Up_enSDm_pSUn;D8Ez`$(Ge7-EO z8UH04b{FNjN%sS{8EC#b-Y+b5#u2&A;yYxj-{5-{34+VSsQA1KW*(N*?%^AF{fnybrtoB<>MHB_bPBCXe|>T#5ju3C@8!BA*@{_Q z4If24*IkuDawzqK8pyZcn+i4HPa(L447V*381US7OMOf}xgaW6z2+zox!a6QNvu!5 z@!P-x0R=@$#6LN?xRyqs*Ie4E2sgcz|C%@6%+-IsLMsb?45X@C zOCA%B&NH3NA#1uEmt%Tq|L_y9=e_dm>a{V|LsH{*ilvB;c3S2jW;ijsbLQQk**BLv z;LiGUkL3QP75Y?#1&9kOnoz*2VAh9u9w0IHGms!*-S$ZyF7GK}!5Q7W+bp@5b0&7M+{fxaE_1WHQc@4wj4kEn~*M zV5!l9?Fq6=xowvo| zGBdVb=x1haddT`fukxV7%pb{oD})`L5~&`^8Dx0x=TpR>F@&U4EO^s}Eug&owWT&b zm?|s)qee+ho*u`{0RBxTH&wXU;LYI5?uZmKjb!Mkm_90;Cn)(M#=-0UQuzs=g4k;w zGFaDeJ#Sgv{EXAUi`P8b8$+jx?Q%em&AR4LA3G#!U?0lz7RXIkp>n$)ykimsPQw9F zuaJ@+kpSBDNuEQ`;+@>&Scinm1U=TG)L0LW+#P^4_6tRq;PLFfV{vpgU+J&5p7@%} zxHF_rkJn(PgVWABYf3p+ZCN^K`9Wt#;b_vA>+&8!;0C9@CUfAE?SAB^&S5fmPl!W# zA>Xi|<-)bx+Y$P)o6vLXv7BT+C1TmT8o%~|C+n^e^>NBiPgeTlL|t3#C6u_i7}>qQ zjKa#i6-f2WLmcVf5>zUr3;c-$+}cP9{E4^^+7Y68ya-z39BW3dfz$81)_mrh3Wnv1dfzFXog zb5wGCKexS|L0#G)GeX@inKGRE>mRQJGxI)=B@_#OGn9C(MW?-;P^xoa(_&FZTD}Ok zlkVGjE)jm1n)BlfEcbX|m7KhTtFcJzCw}f6ntF2oEiTq63HVr5eO@O2iPH@K$EwJ9 z$mkfrwjo3+VpQaDFIpPDhVPkc@enCYn*VacpzkQHWXvz{ao2+Y^mm*N zpYrN-1=3%?Hlg9QBe*igO4h`CiY9G$>BB(|!)H+VW>R1|Q_`@mn2{%!*dXqY`X_c2 zhC#qYz%9|zE;xn^t~c-#XcL;1nL|rmMa=_kVNe>bYciVQp{7*|W95?PUIS81Q>v(U z3u!ITWAajP)ZL3vTc}=2WY&XCA;QNHg?#D>kYw@ zag2!O$4zM0tp-v?27pQAV(jzS?#wl8jNWg4vr&L1N`8-w6smKJDW zdaRB!d!TTo5FvB|X@?G5u4a_F6n&!y51Bs316Y3FOp$~r3)`)V#kcnI(AL>yY;bpG z`_UoOk&vLTu^^BYNf@`Swnm6iDdGPuOU$>fSkE`fn`{c%?_W0lZCqed zR%ceX#+7u=N~N2X?q<`gkjS|E)p&4y(4}0jP&>`4+3*$C6&p4oSzc zx90ozS9{yin;(HVSF7nl?Qj{p$x4Z|^wMx&i0LDD7uz0qfJnLB$zt^3P@KOkVYHFFu2XUJJb&eZ|4@ML@Uyulkh9|$&Rc<)uB`2h_v55 zWeLKW9}-e@BQFp_8VRAplX<6MQX-ZqzP#doP`nS4Q1?xe1Q+bm!ssrEE-4{{Nzyaz zuRD{vl}(?12eSW1rIH?5)-1EhHk&Ts^rq|1&vnIp5pqG91)~~`-J&*~_QHc9Tev5#8;CHysr%ci99 zSm4Pv#`gJ^OvJOU|NEvWC-_cQq$cL>C&yV<;#jC*@KNz@h15|+Z>54GVp+c#y2h#1 zc%5&mkW-20@v5+W7W+?@vixwmpOcNTPRzH}{tpfBS}N5qX#+3tBBa&_mmZ` zuQ(FZ1mfw=H`e2D=6i2Hh~?$hgLLAA+jwdELuFD&o#^P@2n0e#?J|`{spBX^ zexs`i-aeyi>nnBGCuO1I`689m2AzfaMZJlN-5t<>u2Ap;W1oIM_f7f@vC0BcwD$u- zWBhy{*2CHVepM?_popkyuj}R)Cxh5%DW{&l!?Ev`?c< z_RqOgr7_71PzBSQsa5mK7#gp4B}prDEvu;;%A~p~#nCIK7o$pdeJ1>cv;SKnU`(!4 zLQ6|i7r{7?r_#hBotnpbe*6CFhzCemi z2`l>k1 z+mw(HOuGyWPLRv)=)63^M=Cm!G@jr30M-v4l#0pAi^l`)F!F@DXDxvzp6;Dh20_ix zEFQE$7i>dt-tQc#YTTG0|2H4e-lfG??4M)3ISns5=NM#~?RBBAk6Q95JU^OkiLhMZ zQ89soG@Ff4BF*bYyzWK1APWWEk(njTj(mZhpn{yt4k3kbJjqUVpDF5DgtPq(M235kf()1p1CJpNxnK@y6>fUr}k@(Z9f{kjONj z?hi@}?Lou#Ib6q(ZW3D|92p>tG*=kcY1Af-kMCg3*WZWVzs1mIO^^*dBE`FwW|FpW zt3vN4%J{6>`Ce9kLg7>{RnWzXRhcjTokV`NfQ8*8x8=MNIkU|7F6UZ1wN%mRC!M1V@-nFlNDRVrM~eb@?5nxB-&I`2s{6M=+)(A%C|pF zq^HrP>pay2W3TkI`%9+R$DhPzG2otkx+EFXl=?vv9Qp>Sr&oXZ!$>#_(CXshltC|n z8H^qCqu25~_c^W^#%=dmhc^UM^xPNiJGHf#slRG$>Zu7V8&173rrY)^X;pNO&(v;q z106BZAoV`_23Nr)Edm#KI`?hM>(ef?=u9#ue={X1pzztFG-1bx-_PVXjBkNC+_UqK zVgRNz+r6~&wOVtOL#A!Gn4t6Vl*kf$5W8`h?F|J{!RF|J|DDZgo1VZ-`4v^suzsD+ zWufu>3d>ukqebZ*JQHUTsDuFp|Ix39Tlx6K{URM+_v!a8axVsvsG@utcBsIlMRBld z7_8k5S&i5wPZR3>w9Nhzqsn(}r*uxGi|?7z)TL|;HjV5FJu(JA1%@~i{npUwNDd_r zigubD@M8dXXMaD(25s==usKqs?e{|GqarQuhGls5e+z&|cBRq`A6K1$OO1Z~pJ;am$m9#XSBReZ}Cv(>wQ_aXZ8ZxXA-OE|E_pvm!MUg6R_6vH|`o713>Wxk?!;_IbXh=85MIMJbRJI^hIy-_ zd}}EO1CUtJdini8K(O*FWriS(&dw0~E{AN#aVWjIn&n|K_XhvtC{IR&>?_F)Ru0_x zfqn#T9a`+uOB^H2@Fuj>fMjkU(0M|tZ?<&DLuH%I8vOo?{V&^wL>U z6)tXlO!j4wXa9OD`A`}iZ^ZvrZP`Gvfx?aL>f#e(KX({$KM8YZQCzmz+GE>oU>i#S zNAEOq$SxU32c~HES&H<8bSts~cf{N{pn_4;3eCWYG!JtJ2bI%$!~FIl3NXzC+tDE#G5s`==*K|5K`s!}`6rnj7q~I$oG^&j>vvB1>FBnmr0(t?%ql&l?v6oL} zUV{M=sMc~pLKBCIU$5I7#R>flkh?jM|KCbC|H(Tl_yaze$I6cbz>Qzed}4h0;0CUF zuHwLkdV#ozmWj|tkZuZEoDt+8l)V&Wk+uxHr&atUZZnKJvE#8GzBZt{MCW{! z^w9z-g*RS4F+=?j1)_O$>9uf`g%F2*4xx>-U}8K$7)r=PTrgzPdT|yIf`UT)SM``2(&m`Muh5Ywj8i$K(8r+Lh~2c(u_SZT*sO6kaGg~_Da15X zj1QV2TGUbL7c&p8%a^7Rc_ho<(L$Y4XPFP+Y@zGYV%i8`MgoUPewu^poAr8V^?!smuwtLgV(e-wqCMh}Du=+o>!9jzkt0}AI zBZ}tQU$x_(1zC?$lY{n;Q}*}&?(b9Xzm29;qvxgx6?GL(+L3IF@^?Ah;LBRel84DP zm21^l{kdRx3~|96;vmL9bruVHwE})bUqyJ9UtL-khCAcCGIzW05*TBlikipyJQ_G+ z6#JNM+rY#FE-xKFOoC64U%Dr(LG~XS@>$G~4V7{zcO$upQqaLZ(e|r%$opKbJklXD zHXKn3``?8gfz1+SV%k}@sVA@!H}58IzkWPT7=eH}ySBN<)$S&+ zxyptb>7LS}4tqw1J-T|XZy#wN8!Nobk{GW{Be z(TjH>=$&`Pv0kkDSmQV4;@|1u2JdG5&sptaD8{}&A4H$23K4g^L`dOL1HhGK>{`A1hp=nbNa__(1vM2ManTjedpBFnRav%B-7Kn6;Y z7=)udib5PFJcxd2VPWwXQt2L8_5w5o?0!x}9Jn`hLcCGMzfEq!1-*9G!)7)u`erAB zp@&~rlM|AQyAgwr-yiro7c{C+0+BgZ#t?b$an8SjCW*~VTGUWBLWT6o>m4>6ufG?Q zy(vqAAq?4%iSl#Z!hAmu1QYI>mlWr~#!8rIrs)Pfq&#ByjHF+>9xf>8ax_zE*H$p) z%iHO}$uU+?T@k-}Ci7iRV!9Lg)x1Bi#8ZRQWENb_FMj>aP=Ft;SOZF&!{VodFto7) z+eqao%wbi2+6BZQ?7f4}ec!LIf6J~@#4!ag96Lt!edaiE8*VbGpzRZ9Qn7BAGCSR8GH zHNYjnbvH!#q;5&F6&+|VPzj!bsHN_SB0Q26ix)hW`-QIt?O@qKSk8`>KoDf*gc?7p z`Rm7v5zEF?Y+A7!pg&>yUne0Gx`cx(ZMlgl5Lwgkk{NFi05W(}N2)_$HZReZ<-fpN zvIWCZLnQI;!;psmk$}hMv)U;Nx!3yHFnxw--w&t9`j4BW5@M{pbF<|jO>mHcAeST7 z*gO&4%+k4-j@j{8pR)m>Hw9tNNkMmhX@P%@%z>+5Fl>?RCoXHrB$<@YdYi;>z63Sd z-SH+EOZ5IUeV$UMLYe2fzlK$90= zO3if}MBs%0hw2E|RyN9_n*X@EH21KPd{2Ti9ch;7rABBWM3tqPNpHbrCYw#2oz(=S z)(I&1825vg$wwLNR;$4^5J#hEqXC5xfc%(`@k7vR>C4li4u_$H; z$kdWmL}0?bKipx^YE!&s?1It2#IHPeb_&8yt&^$2@E89SUg=#`g|Yqrn@cSeURKO_i! zl-HA(w6iTD1|1q%3#l{FGkdNHq|Ge(6W%hb;U|NXdWZNiP1Imrwp*t?$ya*qk96j! zupSw*P$cwjK%ePF`n}9{xeo`y$d_HpXPY2pId(SnUHwnrdid+wXW={!n8fVJH)$kS z&vh2Z#)_hEcQPDRP6phse$-n_q$&zIm!7VRG(?#Ar@gE57!kkHF_0Vle3x=ybQZRd z7V|!s%0(HThqJOTd###J9}^qE{^?~nj1rpMA}h0ZkPGjxH`C`oYN%#8I;J9UJrjdl z#aA5pSD}r_xYB!~iUc5_w4h)~`j4VJ%96L6gO{ziVTtrr!)Z2{kWq+Rv<$~2+>FCi zLJ=GmEuS?Y#Xab0P=Vl<!P&BxNh_% zTOROQ5osE@SV6h?N%W@WH?2jaI(RgOSKCw3mV27M_{`X2o8|^NUD45d_HKrp9{ZG< z4G2vRH4QapA1j~8tKA{pHKw}~wy*Fr`M%FA*6CJBMms&nnNJtqvD_L{4DiK8wZW5! z`u#Q_u0v@4l@zWi3ch7i7a{8M6{DnwvIw3CZvHmAMh*t@vd~GBphDbD}!MI}*Nw3GR`_tE}Ct!V%wNW}Fz>-#9GPH}Q?l4lak zC$P=mr;AFOL@iEp3m%x-hY^@sCf`J;R5N$p^}QbheUNa3EI^Q69lOq${R6Yv7Z~Hy zmyV(q8dx%-UpsmrqVymW&u1Qdh;`dd`WrOAk;>|RJr4L5Y?hGWU*&@qGeBAJK z#9qKnjx({M`KFQ)om>weN^g~V=$_H$qgL<#>-iWfdSRnm!TVP#;&Ds4swg&ff%Q22=feK@I1MAHGy9?up~iebgXb+Jb_lfAVMk$xP%8o0BS_g zdrT-^96I@Alj|PS&FB-|rKRjIT|Rb+q)|J0`{4YSIGJP_yw?+u4q`pL%Qe<)Lu~2J z*r9^Vj?pq61?Z~!C^>g*Ot~t~EQP1GsHS)t^-c|UqJ5Q05BZS^3NDh8N4DW@(F&?L zqPxEcOf3t+mDveW;?_F)jvFlsV*+BG!#=1T$7Mo5*&y%w{xg>lzB|p5>w7(^QP9X} z-qdTM@zqus2Z*OFtC*4CT9tWRd6xw3)P+EMb&9kkqBLTtc>G3X75REIuA=)jF zlXBPL$B(}?BuI>IhX(cr-$P{3tpm4}d)qQm;H*{cZUR$XJ{^y6At^y-^^#wnB>tG5 z@t!)eI}~g2qghZ2RdSzD!{;jUU$FKGR|>N;2>ohpS}3Zbg6yAP+@I1{T@+$;-At#usyNmM+S=+4D1aK(OWgnah3M?uWZ8E(D%_}ps78Upf6D$IJ>rZq zqU6v^%yRIk$<{;Eb@!ZYHM^PExy-=Km zZysEZD9Rvq!y*DC;OT!w!gCDC!5ZO#!i3q(`?Jak0c}H^Kz|OAMa(G zM+K`CMf%4SV`E|T)qY0T{yIMDNR%N3AN6GM8iHn04kZ?{KZ1bn2hcV{=jcqGJrV^k zcqv;Qwo5L7J#s>07N5id=W;+e3AAs!#YA%@5GpL=9@N1|#~^bc5oB+$uOKY^(KUYD zW;nO3XPn$J0w9462^Ld}T@_1$g$W?7Q?-SnH{YC%>8T+3ZT_B+G8JC?f z?o_6WdW&xk37^LVp6_qT>h7wy6;QB1R*!h>&sl^!N!Z`6XX&~^E~q?F^)%A%g4Q4n zdSoCe>5R8)B;tMuP%f|=Zr$EMyJWDc-NpgAt1Jx6^NGQJDuKY(cO47AB08jg^*y}B z<(f?UQyg#UWmA6_^GTvOx)j)#BgHRV%+$B}ER7_f2d|qhfK3OU%sBV*dpmKC^k?m%A-9Vx! zI=xu7B(}vMw)!}Oh1&4>-3U)4{O(amjcsgdHIhbxjgd^k!1SJ*4`s1Ge~d2tIx9)zY>H+S|oI$LWi?jkB5@9H_F&)PbpBiqwnu}Z{V zCJXH0VAQR!dmk$2Q(IqL+~2g(bcSPo{rS9|FrsLTPI_>&fj>n!99ucvlxer4&!+E5 zLW3%Ui5iPE$iZW%gM$XUU#-?lV}GMt9MfYyJKrAP;99WnhLCFH4wHnd(JwCBdEWA; ztz`7coVw-Ybv14WPcxz|8Fl_rj1xEH-CA7TE{M46Gd?}kO5#+jsngxKLcyte_cMzh zE!g<9{$aTN$K&O~aTJ&6@^P%;rZ0nLTR2*mrt=5}78)h1YbX%rSD4!P=$FdoO+~4< z{K1k%KQh*}hA~L8u5@k34*F70?G`HzNBJ{iyEF9DmZkqbmdZ2WV)J7z>Ow0i2*!8n zEacSDevWHd8fajonJ-M#cE^|l>ZnrmzpfCEGAeB1XbFIZ&jOCq#0g+KO#(1>d^|iI|6bJ zgA5@=k32tZAN?MouQG6Ax&6(~PzOdV-B?<2CXSy3-XEa(@Ac>&HCNB9-a2V{Jh_*C zDL4_gur67=01wMV+Ubh_NplOWykBpp7A9gRG*gwoB+Q0zTZs+!N^0N2N8#!wq~V6~ zs&Lo#`K?+}z06Q9NesK*lf~d#Kkm8}mlNos-eGfMBDlDxvNLtRP+MjMced z!>#il>|4D9neCi>^;eAjoL06?LKHS9Ic$ z&a-%G!tm7j?9}?<4=4L~xS1?;iggOb)WcEL?fp$HBp&u)dg)lnK2*i`17zt zbv;~Zr|3`bB*vXdHdUyhl^rhkXx-dDLFedb3TAu@x6ZA_h-sLv-YcsWz;>aRAt zoo`xPrTuDEOJHudGdP>u@^Ac3>h}9To_81wiUSf~0^1IH&d1qWt)U*Q%TX7G!T&x@ z4jMiZk>6{4_gE1Z+T+n@TvmTG045(&LWFwijOu#Sl=$ONi9#vi@tKq@ipV`9W^N&L z-{D*DwS%_blY$}aA6bp z*3*vbp4za%R)T1nGztE%$8)Gi9KPSmieJ^rs@~9)EskBu_8hTJhuwO64YX%~j9t_| zzz*t<|BGnIwr<$9x^n=y_%c^KM5&zaMnaF_#=bvWvPQUk&##F)zrS>csXO_3Vz%M^g*xE;_U)7vZc+U@ z5#W#7hr%O^Db$8r6XN0eSPFcZRJJB8iaAxTcaNMX^&>b%c9a=#`{`+5gv`woMegvE z%jjkDJXWkVJ#(3?pD7o@N61R(O7B5I)mMO-1z3|O*LKNQHdi4jAccct|qc!GGu4x_g9Oq?Y%#o%-JedtlmOw^F2;gzVR`Ap5^Tj z{6wS|i^2fo8YTpq+-!S|?bjZ8=N)9%6KD39-r^UGCR=N^s2#Q99Uv(34kWSI+@h6s zKZFTp?P@=h!>UYyhe``t)B%f?uUU#%SyZrQ^QzE`G8-5UBoe$_QG-fXmm#(C^tTd33Ruj%-1FwLkas`Fw}^H{j&0ZJUw%srZe_ z*dLjV4jZJIhf5yOH#6S16)5E58m_t<`IM&5@ioso&+_$I7inZXPMcU`!nvQ}@!X>6 zoR9DPGqr`+uDc6oMvSe|YllW0=$6n!OtUpyWBlIS8291R|!-x#`V4?`qZP%SPJiA zZPmp;quUU5u09jz?|;i=W_RK7;dbqj$oA=af^~S_U<8^$cC>u|HOX0f4nlc2H;%=l z;=mVKEP`_s2nzOJv)+rs6wnaI|4KW32#dUT>O0 zl+0PEsqv^F!r?2n{DUDkM%GDJm}*F7~v z$mOEcyGPWcAF}k@zvC{-S(pZ~v?FMgJO4Zpj+N$#Qwbmp0}^``TIshj^Ec^U1)us7 zaPkSA05ua+#oF2+S0F@MW=WI(ZH@R-Lkg7+xuA1L`pBF0Le=7&OfM1p^Eg3=dl*yC z`}gsV@2<*5<$!b#f&w+-(^x{E!0W}+#2bbVzmYA4wvjt&{~Dp z?D1{s!wkOz0M+6h9wVRzW8WS%cH#5JH zc(d^{ytc{?S~ze|#GYRDgoa(und75Ys;7EZVL79BmtsJuUjOr*%VsZ!i}<~EfwR0k zmj>#?kCM5v%|bJQ+lnldU$ID4TX{Io!pVpHGQPWO`8_^kmCfFnJVh7KG;iBIb?+gb z^^?W=g`u=&v2J;jMBstF+G1&ON$c}%8CWhJXFzDYNmFH}TCQhSBS-!bZx_v*s7Lrh zxI6o=YGJo4dKm8+kaOu|IbAeX1+;8;HvC-gd|eAPJxlm(K`PE{P2FlM$punw z*%aGiYP8y69U>6_DoI0XxU|^WA2)%g}hE} zN&1^{h&2*X`?fIEO{aE4mqWFC$4$aY|0#Lkda!S}!~pQRPlZ3(;acNuKP{4VQ8VyO zb8~$xdpYr#5qKf15J*y5q|eq61z9x)=J4%o$gwdP(p_n^rN#UGRLtdk@_k~xbt;+A zZ*LYH-kzvTJ1)~<6*`=eIFF<18J&>~VO;H-pJ+Nqqcx<~D68`rf>~Yf=7_QzRL)9V|;Q=^M%4^v0p|b3!C13yG zrG=9(1PF}s0dp!PwwX46ky{^@zq_%&4+}Q^6S1XR4IDM=&zlvlZ|Zgy4$1+ld&G-n zlv}#t`FV@l_$rI1hW-xUB%A4EBAfu2U(F<=69}cRQ;`^PS+oz4X>mSJM?NDFs&0+ndB6jztGn953WiY5>o@^|`BE5=Ypv z%k|yT34?y%U;Wk=APA*aPd+*?Bep;RGwrBErH6;MiOR*}hTo=uWv?*kH1oF61>QpX99uDljr=v>ONTHwgpO+*D^{rK2U4Zq0P9 zc?G7b=UG7%v>-IO${@{@X0(3XM>Aj=E9$`x{To|X z13#&T@!5yZH8hvo?=Fbr81T(bL|whBB4(*^UC!3u4f(fcOndYt6pyO6mPG84l&BP7 zmuPCK@LHU6^BUc*GOxBg4TFL4Y^l15~w%$cN%+Ivsdp-d)Yj`dTCOM-HQOD_%D;Xvcnzx+1{1l2$TwEOa$qxW0 zFL(F4Rl5fMRqQ_oFi)Cs{ZVKdbwE2#9d2Ex5MFR>m-1qDr&gr110>EK&R1KLc;LiU zJ08FOtWBwWxZpiHq+iw{{JgtlGqrzZGt}UyUM_(GNQiE{MzdnI-Y+z~=S#APwaH*- zg~sQnhVa3!)6Kl5e_dD9CL2JU;U^T}=4r#lDRhBU zRRDSab7tYXX+D$fl^VePMNT@3vY2~5R|dyg1FV?JWBrwGHCW^_TchDBwCTCoG@2^B za%Wdd2x4#&*i|}2vH;kmzRF2~YNA$&fhw+`pwAa?Y8>+kgXEJGKs8&Hg_%)8${~{oG$EFnejo}G+dlXJz(gmiL0BZ*D-=HapRK{rwod(s=CwJYL+#wvHQ=b~A zm**!NKo*+s0YnT%_4DpXiUS~}cMH&9{-?u4QVQ>Hk7Sk}{RK)`t^-5UoyTm|NQyHw zy6&1ZYekkm*nHE+qH`tGd6V6eUE~R%ne!Ce2zj z#fgmP;H@7d$e>=OpNi0=(XXh@>3C9Mp-LG!nN{1Rjy~cbyli}a&AQU#Mx>t70np-{ z_x2W~aBcq-f0S)~Szd4wT*iEH*H*tg9X4OcPbL$nvn`SVdoZanu}jPv=$=&sm|8?E z=3f?gyy`~F!hy4?*Q)cFE_ptN!yh|HO^squLeci2_9z|E^CMz~BsDfIlZ4LHzB#%?yNZW zeYj`Dk{l_bri!r_ahMjm*`>RAkAB*0HbQyDBi4RJ=v9c6;{JTMvjmJR`8<9PnO~_A zmfR*I2|eq5mSx$72G2X*&jsh&=NUq7xu2MOI7EObE`+;SoEgM^ZxM9v zYC&Xn%SWSUQ#fPg2*7@|zh|d{WxwB&nAFPVqOQ}7&$4P%=?Gyv{~7n}IbE1E=eOu5 z&n9WYLEMnAUE9MXDptyCfLZBc-QyLqS@3RkWg$|e3%ckvyC}IQ748Z8LfeSHIIogK zk#Em)nGN%OM{>pFz5*&Qn7jjIK3L5v4ZvfQ9M&vO%|TVvBq4@C^KhgPOH=fkZNA#F;4Yemv1d91 z`1A&bOwX@w45%5v93Nof8r5I5S#Hu?Fu>GD9SF`m^tffJkc?+~-#@{oQ}?@~>pzpi zDR{Mi@0(uIonEclCT@R??aXJ_v0|IVUi85WFy>l)fc&2JxAKqn zU1i?8r+CTU*O*1dCAKFvoccCSN1bFrW&dQJm8EvSkybsDcinXp0t}8v66b97wp&%N98oZV;CZz;MaoNqI?`3qXn-t>fBYuDJQreg$!RpxEB-hf$+-@5Yyx$CvMFuaZUT%XG z+P)Miiau3ggl?J{nS9kLGw>y~_6a@>UY8eJ<;=!60k_-Uop0H!cZMFfJ|DDlQ_N0U zeujMJh~-))`O<;z%Lr%e`qz|I1u{|gNebaWFY8B#7O@ozMNtieL#m;YLE9M|9x)}6 z?YH(8KuJ$t$xjYVD_mc+?Ujm;e=#g#3x)|dzS8u9tXy3usrhIG<1EzTf6X__GG!94*ES;qf6GlG_D$z$7*EU=KXFreOY6Zu>6Gcn zAX@y+H!`cX+2f{rw=eGP{7?e2!344Sf7k2jRZa(L6jY3xqwG(fk7qqjX%Nb6RRVmq zK0J|yDvMm}?bv=sR@V=}Bhb(j(5a+~kWenRG8EE(d#YYg4e=_`lt+%6-?#UZnWaB# zX-Be~-2JoP-DKX!^bebzs~OWUH_KmL&w>9=rdbvp-7Mk{pQ`J)R_b@zpVb=Ywbb?v zKZW1v$NgcHP;#(O_tsbQ!fSXR-u}jaNdM(5sF3MoExPWOUB6tqXIE6;T^)?_%cTFHFY!dF>?!s!+yv=31c%3hy36vbjXxJ-x?EH(O7 zi#@{&bt5X}nEn_Bu^OL_-dAju8%_N*IMn%g zKDXN~gXF-kW`l!bc)=%BW<(nAw-WI!*FkQ;rh8P8#QW#FS)cDgpY^eoWGcVtyEWVF9%V z`#wCKcOqb+7&- zIQCtGf{hLlsJeSf1E5zNsAMVHmCmt>f}Ja$;G$4 z=GU=ijWrcZHq~)muL3&iKf+GI?TO)@zW=%HPm(B`*8XYtoZ81?(l5LEaTuW4FxvTG zi1#;W@O8jiEzUQ%0A)rMjtKPIIbi-PxE*))RdTNcUJx(V9C`e*o>;UjZDl`s_UV@F zamB-jWn9wqiH<_788n2;#KJMn`5-#yP|YOY#P#ZM7`kmxOH%Eedr&qi9rpim^_F2# zeSg$99nw-mNdD+28qjK|&gVp+k@c38h1Fh@neTq`O66hHmb||Gu9$&s#2L zu8BSS?DJh~eU_J#klp~@~>-Uet_|TAS(-S>~3vzQ@v@;4E3Xkye z={hjTEE@l4c0P=Q{ROM*43>zRNd%K>MmbUhN|-Xb5)rN#mSMz<=a4|^60kV!S5Cvi zezEh1353qd>aA%N5s?Am@`6?2-e`h3QUd08dRkh6q5U7QX|T{T3;Aqy-XYq6#Cvd| z@z~JB2i)4MZa%WY^-WUQJA*<-EsPC3Ma=&FXSje`tFk3af`!k4yws=Hejh4caI2sc z)`1)i=*#Ix*eYy5U)o|7jpx;}kb-19vu0L>KhgHT4$@f#?_KJp_cqya>>wi-c&cK? zM{O9_=XFRV0CFD$YJ${qusxn@`ri8w^zJ?iSI6iq|8M%M>zU(iVo5|Dxg^tub zfbC7tksYtXQ z%RgCmwug`-4u>&8c6p7*_GCrd{o@a(TB10zclcU^?(l_7dddBz!T+tJW50s6^PX<- zMe!rADQ5MHhduTjYQ07Xb{petY5kZ)9dMWUEd^Y}KTw>WnjNk5;2>%vg1dk<_hTB8 zoNWOWbU6BTO$Eh{Kp=?i9WeRiG;*cPN$qgML8b$c{OSQ}D8u7@^QSmDs0QMv#fGPd za>PyRSw@@KS;l_LJfm64Xn(QG;yL<MnYy0re#;h+;H`3=;iH&l~RCNTps%q9q|Y~u?y+7my#TXXEQih! zW{MOZd@&DR2s%y8e{Y8IU@0?beI@<4C2b{f)@4M9aHe#h*TLuE&S-VVcxyoqyL1QW<27d&_B47lOVv z=oHR3+(UFvy6T9dvAE7~Tj#e71O`|5<7A@*+0}6Di z7I3M6OK3*J%A()?mLM{ zM4D|dJprIaV)EOvU;fV*-@DB4>O=~ofyik-rb z?@j86e;(dGk10)_{In{KEodZo*>zqAhDHaB_HM^9#7@IvF_4*1Y{Szt9w;fda3S`5*OYjqM((KUKQDQMUrUu}I%$b}^&2A@BSFID@d(@>Y zvO{FV7k1?es=z39azha+L16v@-YMZnR(oQh3vEmkdPg)Uy;cIzyR2nwy)RPR2y1@? zb$5t>&#lSIv>cyat0=fuF|PETy}JzO1!Y1BgRbvzfCe*ano*Pg{GHs}ok}9T_1(DB zklN@J^{9eXI+iPT2sSQ?Xpi__HBqx8#im9a;`1}E2g+ftCqb?77XL4Hn$Gdf45|zs#XAv>W;?aI(n4$6ILb^6;f1qSJ6$UW0?NScJO?Z4sQd@GfP zUn#%xwaErdzM?^AO#wwDA+aVmig9%dkeb#{ z`{eZPem(%B27-#4%mamoQGOLejkExE7Uui9#|=_{B`941Qxn~0auhvr$zLuO-3^Gukr7(^RPPPng^`cb<*f*vcfDJgQcC#nm(={ zrJbE^5g|`RU}}Fsmtda1j4i}E!MPTMt+syp8Bh_;G4LMc!UH6E5)lX?-|`zU&hi^8 zuZ)b{A6$%4=01B&bM!L7Db(F$(ahyqvLN^Y>nP<>wL#dO^12ZhNZVkO=;DkSJAWEq z?wt8WR5K=%k%XFzPM#*T>^=d-!9_t74{D@(J=_krVDIWVyxhX`vgO$5U~SkAm+K}z zcjCvFpvoGsI8aadWEAu7T?4bywC6jwOA{vblqn9~aXKvgJyN|h+Z6*bp=XL8QS*If_(qp%xK)O*X}0?PT!j7vNv zB!Y`3VCgDW)c7(U8I2@ute&69iwq+)W;}wGB*4TOn^$O4TNHzUrqcCK%UJ_|G~ERt z5E##74Y|XZYvsloVBrh&5rvR@pwe7V7EXcCv)JsVl8wat9$tmg{U4oLVOlY`c&PTn z<+9hrfgYzx(=Q7Jvx;c`-|80c?9wSq- z6Zd#du>w-rJw?t;*+eYIrQH!`&sb|^;J4y`^+qyapsKU}!YM!SU=xzfg7ON5YM>No z8D?@_r}ANHPo<9itaUwdSloZ{F+RZU+=hq_l|I1*15|>w&bbik2e#O=5(ye{_|h2+ zu)&JL*0Cvf;uJ$=6Qy#KA4izTcts!AF{LNvzr5X(M8#1IL6Y30mkseP5W)@X<1&L9 zkXr7OGeziHOW5#M7ob^R%Nkx!B?gledrTYh4G3lXMe!wbd{WAW2%sr0%CF~8OAKI@ zf@Rt>5{kxY%_x3HUtx&ai6e!QDvo&3ke!bkMI)Iek+<27l3SDWFzHQr zNDszg^Dv=lqiIUOvDP`LMRU9kn^xNJ2(@2*lm+JF%y8!yXnA%ZO;K_NuRGV0I;KsS zi~;@9Pf;&SP2MzI6mLP*<*bFrFrqZRZWVpIU7Db|z<9-{QlQQXWv{>7lK*zB+Y09}4KtMy9b< z;Zjl_C5TVOkVHH#2s>aXTM&Z>FY`8};THSpvrZD-(|t)Atg&@fA#qa#Dl{!0W*KxH zBdUU`jD%;n-c!Htde>B$)W=I?4=^c$KH$wl%BxNw_yT3%6~p{%KGn;rHYl~Xrek~!FPu|Hmho9a*5q2 zY_Qksa{ra+D-Ykir+Ob;=(_uPZjG8_)wyD&y|_#iHxI2d>~k3recafE6ovG9$mK~& zRSE!qi>~r}8nzD5<7W#u;}Fx~0Y>&0T+q$>4sEoCoCb>VKJC|DXtG z_{!RM$R4WbN>oT6r=n_ck~(jT!QX>2GI@Elq)XV;@}Hj0w*m(ql~<{R$jtRtJCrMP z@qBx=SQy|BnXvG5Qaxz4pd;%NeH*I)DrV&yUJt&74Zx2586^%rK*7AU-7Ocvnx=!s ze7Vx_V&FzpEe%Tn0Mkte3=#Y3Sy1Apky=b^Fk7XOEUM%>Cj<4FT->ZXzoSJ^2Wb8( zVk^^Gzhvey!@)`cx*HdzNN#~q#(^)|ZI24=&a^_Ith-{!xA;a(lPMNvSBOIQ!BX>y zF0EWFQlq)vlIV4MF#WYVAr}hL3zmElY2SY>8c3BthzP@k-By_~b^oN#ZYo(pk|!oc zZr-p`<&eU@^)|6D19>!YHr@{h0w`knQZ-yO3K8C+up2z;z)X7mH1EHAlIv0No4+0{ z$MHWfM}PYBojAwQ^Zxp6v*nf@(VHJJ$t=2-9ZX>>E~pFQPn*V1;#O78I`J?e6~-(X9I%j?#l02`)<6tK&i)oD4ZNtWxsYc*dkkwKF* z(O?wJ{)}`B2SUp3pOl5Tw#aT7RmRQirt%f6Xp^A5i}e(BS_gvj9^^vSMXZ4BUZi1R zRtM7X7puNP&gL<6nwLK84_|UW??8#R?2uMn=XviuNnYLLs z*A?1rWGH3}gdX3k)XkYqExisksCap6BODQXS)e6*vMnoPi~h3B+C+=|2=kMPcJ;rG z`E;*5`1^GZVoWm=MjR zkSFSS8QWJ(u=0HZLf?u1r`A$(<#b3iP_=1O;=UW}DEfkEnJg-bO0lK{-3o8Y;G(y{*s87Sxz}eQtpxB)Ru7o z$Jksn73C3J{L4>v;`GYtghmRWqdoOroXi+X`urL3XQuw|F_}P`)l6t6g1KTS^8@SI z?rWgLt-0dm{b|L?@B^VK?%Ro>_ci$lPuE@@&D9#g*Feo%sL)Ucd|LeYDd-gY6_t)X zr@N-=?T{Z!8_V{g0z~%uR0;9I%9wL2+@r{c}Yg}QP;*AN-hDbb~S>%TR)pj^E z)hjlltlNH_se3*4-Kfb6w@B$3H!uk_A@U0umr=PT<>TACjkQU^#uoK!GA{vWnt%Qc zy3_ zw;4KG^84W|7&uR7SpJo6DK`6n0mWsYG`w=uKjPeFJw&Rmu3sWVO-AaPV?Yr%aPn2- z3%mv}%0xtlBZrcojp?ra2wjDoF+_2d;7sHk#e^&|iH(9FxQmo+O0y1zbV5rY23~%A zh>PVwQmEj?h0Ng z(GG;77vq3Q&%>N8Ju+C@GEDv#RpO#5<(B+LhB-<@Fjq z63bEYN1?&0Z1a%Pu#^LFp8zBy#m&THkgE(Q zZHp0e1aOkGm&8{7 z5*wT^pmO%vA6q{-^Z$)B?{ANk{3Ju&Rb0T(HtHCMUsAH~iCd7|&viYPEd7MH^}xgI z`{H;y%lASoY__{yB*R(j{1h*bS89rd#Crfj`w|vQPRlbMt($gr z^Ibe=@YCgqms8o!R;(Y->eqE1YR>%rGc~Nymy?olnw^}Mw*PznF_hi&tg~~DZ(ufp zt_R@~TX5|fO@37GQJFeov$E=@V<4P}hr0`26xff0idbdx>hl&eXe|yjvHcl1|4n~F z!^!~{H^=|y>bjy*9+X#?e}<7!Gi9|Mn^2@UxvYRS>;SZ78HOf8rsd3;8!!#nK~@IC4|-2$j#j&NF@@nhLD*L?x5QZh;+Gjvky?*@?`)m;Ge+T{8P?rypv`u*+SQ+o8PwBo!T)*(GIMgordN@pVXy4}DK zUl-$@rA*?+rxD5HzQKUz-}3E2uXn|?a|rSSq(Q$1D=@*}tU`m@&1eQ!ms896jyC1iuGqiMq2EFI=Y?v(Pz#$MICFvxe>h|I@- zbb}tQG*o~x63VZZF|91#e%F~3dYy7G&Pjdp?)bW#W&%770jW2fQugLk-XEmzGj zCYhW5q8tqhd=thG(xdg~O1N{Pa0p*B({gQ8kvLGez6U}n(! zFuduQn0~h9@ZNW{essx{A0pu_S^T&XaM|Xv1ebGS!kGEzm0ej4o-3$A#+wQ5B|-#$ zs;u1M`-ne7a})S+b791tHgYo#IbhGXq~uXjVqrfAOl7^j^=gZ4AdF-c5vUbuano`& zO6g)qlgG$NF#lN&1lWaHAjxu4y^WURz>>pMN;QU4Xt>_I__`}F6qbRv*Zg*N6L1m! zT>9IhT{GMh07{S~f8GTJmZ!y?OM4^VlVCbK&?w z%82@4!{X+i!#~70B`ncxN048t0Wk(m(POGS9w?(z~^fB9C27l-q4h#r}Dj2k&-*GGnUGB2W*v zn|pAVI@8W7T;|gSm*wn+)Zy3sJFq_x6R{MP*g}Riy>8$8yGJ11@GH*ZM4L8tpJh3L z;m7XRuo6uX>#l0jm#LBMHn6w9-PZ2{C;m1#6?tk0Mugf}gnVZ#kiNc2myo3JQQ%c! zezwdF2cGn|%}wu3W$xsDKA8~%z0<*V8CZ1?LfY6P|UzvM3A&dz$nUX`$7Q4#fj1X z2H8#!^^*CP`%5JKVI^0H^HWoUSWN`xyG!mEXZt1#k>oJ49H|9}4{A`}Z% zgbsL(6L{CtK>dz7#cH0! zCbk394OnmXZ~)7i1tNl8o^$6$AaZcC*a^`aqKR|kVrn_EP2RL4a9ht)=ssDF;oFMk zg23Kb-k(|TYrj2ryyzSK!kWHW3x09 z<+B@wo+Bkf7$E6MOV=&dE|=3mV+a8wi_D@v+>(^G8Yx#_Jkac;;)W=ZKP*n?zX{f- zNdsneh~K5to8LI2zvRsp<)Ga>8VNe1`Pn^k356=F(If`oloCYsC zrym>k#@o|I(yc`Id^}mJHWGywgF*-b=421?X#bGk=H>EaW84QusdDJdJE^F|243u2 z^<0@4v}m_tq2BZ(d9Sp1Sm$P+88d534fH27Dz7wB^h8Jc(1q6}Wxp#>rbhWuH!P06XJx&8(z zoPkri1%f)c5+#-Auuv^=6&kcbj8hF(-I;>`+*0A~@sE6~l{TNacI!Suq0{a^mhgb9 zBfmH@F2Ad|MS9IqtUzLI}ViZrA>++KKj?T!1K?M?Ve-wbP}B~(GC zT7d|th3pbQM<+qm`Fgjs_PDzUXlOKna2WMg_qxFf#>D2sr2$R2CMB48btE#s3R-do zfgNPo=Xun0J+@T6F}|JdE!tM_KzJ>io?&49z}e|FlnPK!n$C&E{%>qE++2j3TP zXobNMvMRoTn}HcDL)zEoB!-VgK*CCC0Lgl2pzk!@$s~0k-sIU<4a6;vH8y(fWTK=2 z>gXcSnb$AmGW}+&DhJW{EbkT~Nk5#=h;3u`P5>Zz(;Bl5g&377R*u1N*y+hLn0F43 zT6FT+#Cmq;_&DEOkJucOv61iq5X0=FV|kKG9ROzg_nJKg z2Q3KCAbX-K3FhRiSF%> zAMB?c$r~qfW=qwxIUJVOQ<}e_AKtZ|?XBea7meZ`umo~m-xe0UL%mk8Yt^k5`tUw( zV*-wgD;E;bF-sfnveo;pl6pe#&vcPfL?|zY=LeyU-}|k7)&-Tkmw;dU1*+#lzH2&W zb`tw&EZGPNEOYw1PMNpoGfHG*uMrCz0eHJ6VU{;z5sK` zi$kw+o$p0I8Y&R$@Nnx8m~vTY1Mc2(D&OS#jp|qWWD7JM^hMC4GZLmwVYjX|T!k#P zxs(NL9U-`_Rqc{5!?1tWgS~kX>8YAHRHlpRjqJMY6?C*In-6T36TT(2zS&E98B(;+GF>E@j58o+Uk@)kL-9qi7SC*@&&d zIG9&*>8sb?Ll^%RW*#=lyOPq6tX=y)6Fpn1UVLc;wvL1O0@s02;5#7|9vKTo#UzQ6 z4%NX_DrHnoa9F&(IDGZ#oY?wzz)44$ex9MB0;_SG_xFK1eo??}F9H+{kn#etq}|Tb z^qTV8x8Z-PO)HKHP1Dxed@7b|EyJ7KfRvw+5|x=+FtEpYxEP7(^q!d&3Z+HOI*G79 zi3MEdP)WMBWlQ?iLBCjtzYxUgNU=Nl%I`Gi@-neByngYc$reJ!px!$jUe<97(IU9V zqY|+4zxR8mHc2GJ*wgJZhy)eUGTR|O=}C=$TKxI0KeqbAEXe|culCZ2r~97wWrTGHd+lT`#CW~Wj_jXI# zje&Oj$uKpeKe;Y8vSlP*LZ2S*MlcUh?>ltLG(K!cOIvM+DjO||bRzJ$oV=o?6r}lZ z=kFHMI%hk?Jd1|#Lrp?Fp;kMul_gI0t`VstpI{vK&m<-OC%afqK3SXCSA1Ya51l4w z3Vq#OvPB}zjBD3ysWJizqNQF zDlyBR2yDI^)O(qVA+kv>uR7W{1aL2ty$=I;mH^rB1uY}-RQR%fp~5ce^OgN(=UAc0!4^codEif#bK5fh*0 z57;I%z2eX4^*jnF-SP5Re0^HPjdYoobE-u@LP6T!3a~+J#}uXHBJZLW5B|A_?O2H8 z;I3r8cEoZ*%Op?5$P<6|k*+-3#B|l1ewPAtfC)r&9_ezK1$g6-)*LFwJT#r8B-}S+5^^Ay{*K?EB+(oP_g!K>WD3GN}JLCi8 zb)KG1>R-}v;4OrzW)qNO8{tevqDnE zk1&EpwRs@hAZ6Vr>+pBFByNDmxJeD269VL>?)QWyfFc{~E5L-NikD$yRYDMox5ad$ zjRMarl+p_heQN@M=%4FA4uP$YwpE$NU!ghbriZw~0Rpg7B7k_qcm9YXkG)*KAMV07 zLxiM+0JXpB#V|oI95v_>cwJQk70qkG#*s3MUeCz#un5nYLU~NxKnHRc*?p&_rYiaG ze}P1Un&?lDYP=SF>C+!V)MA0}(em+*!?4DmuIJteu^0U}MzV-%Z##l!JlQhn&|vFS zKn^{+OK zc2(9@0CnH!#!EpO)vYi67AED8ME+s&^rI{9F=o>N1^0UQUZTanOOSt=D^UIv}+ILkRtDYs?pd zQy35>VG(Ky+!e^zzO{v=Di%Hu)Q8-h!At|dJNk+hOQqRX%pL8I>bSzu%ujWFpIYm8DLJA}v#M^avkJyl@3o zohmupxW0<$PUOfJ*<2m0=(045oqcI_H5G4BrlF>PakW$(Fy~wCl1=tkXsYooDx$@~ z?EL6gk!lx1v35sFo-G|60gc!sh-0ATf|1Unp96E^)iNBh3?mGiLbZ&pQdg@5Sz}f5 zH@u80&~5j1F+J#E?W2uiNDFrhIyC;;W!PZ%0+T6pRve8R8llBr@X4eFdksKl_H$Gh zwVeOa+Ta2dOmvBTTGYSKu2RxkLJVwY#=F^?;GK`>`x|Y(N9;6yv%l%QmRy>@)5nlX z+&%&BRP9JUh)g4TXnaE?uZA{D4;wEGb5-3ryWjyUyUOV2JJeaA6)DGh*$K7!LX#}N zP!mfX{;gE~?{mtl+;4%(Ezu{uzcw>taq_3*tVz5i&X-DG)H@$PA)C8D|5{ajghZ`J z@qq}4ypQT!p}g`eT~;-RZS&A&+uzNbbcQ_XLld{qrB-9GvrYx;Y9DW%tON@&$^BeFOx;fX7To<>$}GDvTjrHEoDWIL)#KN;GgJw$xkZm_rVmsVuIiwL|VfsAYzfjnb4Z}S8F3+Cx4R?Ul z@4zH8y6y7c(i|Y$GY)WCqlkiX46x)nm5=En5Z{tT9yEoUtv%kFbq}c_HTy46PfnTHC#BxlWn7a~yKXSc~ z>$y_YUtzMPgtx6$uH@QR8yai4~sOgPPX@3)lSr(;& zPdM3wryXp~DnrEV&P)G-qlbKqb|-l_G(c}*zGebV!Q#{^Y~!AWnHP;aTU1c~+{=_N zMD?e?hdTjR?exIK_y)`-HRYWl^Edf=6@9a%kv|{~owWGqyn_BwhD^($sQ`ar${jIY z4F;R~*?&3JR`l!g#g$~K(O?J%nuPKE$L=2>Im%E{Q8cQ*cU!bi`;UN2=!YNf5}sk* z{}QhQs^gH5U~G^`p$kfnv~A(ZZ_a*{VuDb<-n@?kaYuUudL#{Z@=_2nR$<@@D!l@n zc;qGXQ6`Fj#NUsUP#DGzswJdib{G(3DPAPF_!r=vXGtv>6yv3#`vJ%D5*7955~x-3 zY+6f^%T*3NtbIJ#pW_W3=Fexx2L#cc1XPRqc;faYYc0FPEvJu$G2wX#r3&NbjKkT6 z2FhM`8yErFle3h*vpbQ{e?2mF-60SG3gwYchKU&gVH44S?D3fe1 z*QSMTT3YZra&&06FX2!)g7z`CkahwG#VivXRdn7{ys`C1`4`~>E5`b-%Z&uDdQx

rIvG(+SlMr5ydB^TSz z9W!?gB(A_MP}WsPw0#On3+j0Z+$uR8G>2CPZk;!!BRG?|w6=7a_uU=lA{Y$2U}zMt zua%9QZ%E$gi0@mJv(_ngL=NhkT<~4+zC7)8z&8E>s%?@F*76zV(UzlTZCwmCDsE~d zFMb`?r~wQqLYV+I7^#%@jn?KR;@x%-BdYw?da-B8i;tygBmWuR6Hqt2>9=y+({NF^ z#KFzlX|Pd*C{AMJjST%4xQroY*H`=a@+3kEH7lj9=iDGgi{?V;(=(*yrdKEC7kV+J zNN_!CrF{fN2|G~vzI**n{kz=SBaz2oAU@UO1{X!cG@lc?90_vPDXbK5Ru+U?| zRlk#mW0}2Sm39_j%mwRR8AvLND(wGP>#4pJs~7_RZ~d_{tV@DcI=N%h@oJJIPc&j6 z{x6#(9n{`+t;&4+19zTdvF+iXTfFR@+CJNA@9)#6$A3A-qVWE*yS?V1flLxs|3-_b zV0{MK5YnQ;xp#W`FGcfvuJtvf0=4(>>AJ=FAPrU7RqW3RH*YA+iMOpge51p8mcJzZ zs1$B{TD;z~wBB60-gBkK9lBP3l@GM5-5KiM|;mUhJp51IqhYhNzU0QOVMFLt^hZ-8T(! zs%nw?#3Y@MqVNY$ZlCv9He(7$euR{Es31u;5h z%W{n) zBZlnHbw-sW+w70?TNGS(05N<^wJc?60O$Vl|OjBGik>DYlj9F|xnmF!+o_<}LAkw@y4 za0Vm6kQ~S4Ik^zoU+O1F* z8?4B*lHdXC7nq{FEvy0%z(1M#>RgQ`jcB|{#;~U#{H0vbd3-P<-12wf8blSP!vDA8 zU2B>2CB9Iv&+U}(XIM!}i{xCnnfkT5Sc%Zr-k?{7?XP`4wB>q&J=L{o7GvOz9y(FZ zBFo&aszC2}06}Gqgc{?|#?P!RqZbG5&Jv<_;Fed}iO3zoE-J5C%dEa{cF7JQ z(7{+GuKe&t4^>(PN0#mxrsc_X!7PrsWke&@s(lNP1VPrBs&vawo|ovV0CV?ytp!3 z`(&o^IDiY?)B$(77E$sAzdjwz3&PaRfFFjfW+uAO_i2tE(ohPE*<9syyw+Uyo4^vW zKbFg?I2dTxQsrm*mNZT8Cb)wEHEx{M@XhvccFj+9&yH zHEzpoOOGDTa31T2Cy4RN>J3aZMp>M9!3rJEsvxv_SUGstlgt@}IZ4BtmFR$am8Lj8 zFoe1yAY7n%OwjdmTkJy=D`CY|XN-O%Rm<&h1?mmx+7!Rd9VZ>{Ly-Nj9P zK1&-<7N|uLlwBgsulSzv?!cBiT35}#va>#2Z6v;kgO%MfOKkl=VAp?n~79UA1pU3FD!ecFpf7jG7n(4bLU$wJb&BdZ(6-r3vVM9EAqxrMss3`Pal# zVdIT%%EE_T-&V!gf z@oIRDppm)31A`TF;{8=Il_bm#&LmE61AmR&*5bLkdTd-q`4=H9EfnbaFuECG?#FwL zqU}*uvzn-(OGnteg){}u6!Bt?7g_fFUcoo`j* zPgml{ZN)lU-1s-$xo1~Gr))%5cm_L$slm7n4>?CMX~PxxhuLhl36SWq1{g097h8_81TK#$2WO<4S@!U-x1$>7uD0Mk(Gxp(`r|9prVJm!WTXABlyzGM5zaf zjJZVAjD9cLD5Bt|`(TPqtc*F$2GMD4qkWwg^KI;AHX5iq4XyAEHW~T2>Q~ymwNyP5 zlp}`u*)D>`%3+TgvH7GUB(iQVe9;U#ed*P>1fZuv0fc2qH&!Dze43d`fVp+968;9t zXMg`9bK_hA%5U4%xk``4e?;&8+<^R3J;ZC3@O{EFo>Bz|$ z;SaxT1RB%V?pzwYiwUIjOKv>$gq_R(OQaC2qW15#eGu%@2zNRN7E2YIe>a{FyBGyX zrN0szpiCDZT52m2S&n}RsGn>N@c?n4SD%96mWIz>xwvW~jGpIHy(L6pLX6h}g#^N6 z#Vw{qEJ;F)yA1KBh;J@p;wCO&lpyEIW87!LM4gKxP_}N_o;1+D6io8r`)Wc}{LUYI(>V_ew5E3|CIXGry?G{L{0RfB1wS>x099{KKFtuiWDq z>PUiunoMYn^-WRn|3Mp5t>}_`+@{BO8jO>n`I-u(vQ1c5iXp$TzQuLbFw3buyA+-u z_`d`3v$f&>|A%h8$k3tGy{M0-bDec9gu5&jkqL4Up-%CkpQUPq28wV0?_-mQQHf~B zV-oid26|;YiY=Wq|1(|#HP*UGT2SU7~<>xX!M@k0 zI|L?K^|mNgEI1s2FKW%#XsSP?v;QCzz@Fc>;B~fIUr5}_TOV8qEiW~=tNknh%Fyud zg23v*UARZ<6MvZqV2fiN1Yh=8(LlUV4<-=)!yY`SMGc9~zpGo?YZsC&@+n3<;5cVm zc7b0mpX}Rr0OjP_5#a0d^TRA;iegymmw|776C|OMAkZqU%X4SM(Xg0!{rYOVnV*cH z5)gWwI{BxiDh5xD0xEN8-CVX*#Bi4H;QmdXQh}rP9(ov}!cDAS#w=Wr?IyPiT>6MB zr2-Pj?fu_u%@hmrDN{fE3ft-BGuWFj*Sb&RHjQP)OKWbrslE4Z-+OVClwaeaNdLSf zu0a-@xsm~TH*kv99{oV6vH1@7jg-TMhPVoyc0FfY$|vl^w|Nhu$MJ54(4D&LYc7t3 zx+soXI@WD{e^vzAR_G-)Kp{)Y5TRw(zob@NfZp)hdSY~GyhD-VtS^&p-sAL~)%=Z( zH<8;c3Jj!gBXP)0Curn)eLTx7i=7TJC(w#@^R`xuS^jlQ(by!Yq_ZD@Yr*RbnsA83 zX0*HMxBj@Z(Rs<6kYBX5Rq>bpKH-WI2f+a?%@(!~AGb=3{b{Ss2i8|u^?Os-^n01~ z!!8z14WJiOoBmCLaX8X<{*}+?OTqz}?@t+o36MOT1Y{~G(Ch9wnDEN$*H@u9y!|lw zb}6QPRF@hc(JhQr%I`SBIrr@?v3~12Tfcp{CBPfA(C;!cede+QzK9=z(+It0tA5J4 zAGT)(pV$C3L2YEya#xM)axC3qB1$s=zbsWGXVBt!zD}OyUs@VT?tc#-IW-wtFo>_U zv3QX*@M)#~vg=h6%EtiuZok)f0E=zHHmkhlDSZK5Z5AOB>eoR$+d|C<8sclh5tVfA zEu-cS0F7&j^;~R7$YpT|P=?opR9%V&2F1?ETAN&qKCCn*TL{8B`VI3xZ#~vd-W{*B zn*!O6Wk7seajNOq1zPQ2hHvdP^Y>B2+uGU1hJ4gsx&v}XRq3r>R!J$o|dUe?LHQ+Bj$fRO!kwgP$8s>j_%`ySph_3+pvgyTN z-3E^Y$HCFPIZHS|u3`*yYI2%sYn>d$?l7#9Wm=S zDCs@}C`Ez>0s&gg>t~c(MnF(G#fjx{_6YANQE9Rx= z?{=v7YZ*bzva-$QmDZKP0~~uR4Od=CejJOZ5LvNxUO4_!tqB0H=HB~T?p8*+E}Z@x ziS~b*jg;0Tlv?JjiW$jX{69pUbx@Vx7q97tqhGqayAckpfOJSn9#W+H&<)bkAl=a5hOXUN$sQX*}W!43)ikX)kH@gtqzGIt8fng&8x`TXzXYYp_qk=*yU zeEs21uPT|dqlM}eVU6o*APM>1AjZ9+=K;NJ7GOkeehvA3HN0`B1-7Eisc`A;J>RYq z5?f_@Gj!Tk*cLE;-AiWIlS_72p9UByS@UY3+x_BqGl5VOvkkr52F8%gEWVuxaZ7LY z<2WxRs{g%Vz3gJRb)VDVyr-<& z@FkAeSgy@<2&ads(Q#YmayX|QNReLR^{9!$9qRW5_5p!?+PN0g_L#)JV3G`|n>XNb zd&4jfY!p13lRKV3_n$zPgy9SrQlBhiY<`oPxGRLtdg`wV53EbN$xbePx8s$}5AoQf zP5W)jrdLvFrdwDi${9k`sGo8H93&n5yh2*%GgMUp4si^so6qqTE&cp6f;ksvLC=rS zlMUp2rG%E{XqM?n#xPSN%*Bb{A$Ou9GkVv0-#cxK%)C6V|4Rl|vR2Y`$4uS_OkyBf zc{LyAAJhrY*<0*?S#`OIDt;&Fv7Z~p<_nmjW`L`)0%|l9>I-A#E%BWz08;%H?>@U~ zQhcZf#6(BhiD#}<*;lgz0MLih`KC`_X) z$$+3vtPEp5cx z#4+BC^QL|0#^og1?@JBO4e=V>`)OT2v?(o&!<%gP(@|);jVKIs*pK(8)QM8J%WG0> z3=;<~ZB*zOsxh=_KBk?nmg#;s2y>h%GuI#%aLI|vXKKb6`Q}E*g z>&$ukuPqPMn6qWKsOKw{4V$^(=)SAk!z=V*fB;d6#?E z9R9~L3wIcx|6#4SFF5}!)RXf-tMaqCr_=>S%p$MHecyM4E<|vf7_6!5SqZ4!u}Ozw z)e1epwer?c?9Y`ZTmg)X%l2!knC{b=C$<$+toQ@*{eeckqRT!@o#Tjl%5zKS@8dm?b z!zivMx{wWd#p)|>%J2Rpy5={U2Pwr1*>S^mK58!?BL-YC^w+Pd(f!H%HR1Erb zhi=UX-Ot~j?}y+yt!zl%{!M$4^jj@`o_0O0klIozkRZW$FMh@MK3sAU&)8VffqS1v z5~1cjZdQNhF!!5$Z{W4}NeplU{Gq!Clu2FSi(y(Gp9hx~K*6{hBXU|3kX7@_6accW z+mGv=KDPW@g(-$Sl0gy=quQM&hPZ%_Df!iIndSRnbr0xB&81F&c4)bWmcHNf^~G%V z%Um!6!tRmLzgCQ`2LuX#Zz$m9)X3%mVIWO)ySbyli6X6 z1IQDyH_%&30`RHj^~$ETuXnnx*0V*?-W!ONs_kA}kgx*EkYi<6`@xL zT}AcO>8ncccX8>^E9YU|Hhb!Al)T`&wUaiZ-eCkQfM_;;+(s$-6|1q^2?=WDasG_} zgn&SJtZxv~MEugO+RG9KwYkoId@WPW-&yx~ydIPVN*75!kDyWYOs@9Ztn|V}yG+lQ zfu;i8Sri_~mSW3xBejK`_j!`qOp7UNsb+m>XV}S1p|gnfU=8U*y5kSjM!QTg*Ci|& zFIR-%1)O%>7AK!;^_6n@SxL>Qg;c5aDqDrI^%97vM!QaQ%p2x6%-=n>X+eK^Jx{A(l8sT=@6P45LAmmzhURGJ?KKs)NdQ?}e@YlTagI-D;b zd*wG01R=V~xv4Kge?|EXJ4#4O;_|*G$@6%we6p(8Ucw>|J8Q8{^@NNk z#EV^aB2o?FWr^wbV^M3PcuYry~43sF-`r!SLG;h#P?ZYaMRP(dQobN zf}d_tr~)N3;;W9;GJ_Y{AZ%yb3DW*~*3uwlYQ$x@FH!bMBuy{O!{U*Ehm&(ENfr#sWkq82HLzSdI9LphJgc%IB%7q>%69x;EtGi z`)$V=KRHs%*@kyu07?fT+5VuRz=5IPv+HcGZldS;0O9T{Ds$cQDkuJX-euf_Fw3no z2YA8D4=(3GK40ca)QYxEn<3|Ae*a#i#I90-m8mT3cKpRQm+TPLXSz+;W#71=M|z~G z%;2z9=wYw@UcuJ!U~zAKZX3QV{k&fJgoGz&eZEdQng@_!BjOAF!b0M&BXc_;0I$cQ8)$M`{Bp4{$Uxw{6cWRm#%Y9z za}}>lnB7XVW~-Z(y-d36kzjgWSlA?KA8?Wv2O3^r*jJCI(v-rgQ|+!gYt+k)FU!Kx zo-Swl`-y%2`Tww=ItmRnl`Y_(f@peJaGyfCkp{4~H`tq2Xo%hdPIoH|Y_QoWz4 z!QDY{xFD<)XjBX28yLos5cif=W;mtuihf%&kr+#Xhz(uVG04)$>x7?I{{`6H1v9em z`Wb)S1;*jgG9F07$IN()^Dhif`rhy^SB08{_n^_@007KKEDeCz=Jh6u(mBaL1uimp zSXGyQ$9WNFjb1JY^|+gM5|TD!PW0ruIz@kW6q?Joh$Sbv}1sv6R0pt0i_e z^foV8@tmbv)|xSN{8Xi{2E+hbgl3Y4UNtoUcr8EKIiot2I+Y*>9R++p4_8MGUOg($yUj4AQ}M^+dVyNAj6R9+=Hd5mO+^N6cEtR|J}R@9 zH;d99LQ$hEF$p*XX+bC{0Fkro)$+2`X`u+cNL%FgRQ?|7^M>Wygzv+H|0+0#&R*py^wx=A8?v!EYD?I|*b7jd%36yPD z1wh6YMF;D=1N>vWqacP1Ygf-B%@}+o3hFLOS=$@?L;{QQyTua_&1x5z4Q&*@$QF!zUu^ZmNlUaD+DT?H)TZLTopMm zYyb$t5-hOHQ%HkbdxxgMP;rcIaUBB=hDTGKc>yRFu3T9nD>#^inOUkNDx_cZ{!KF) z#S7OB*QQLGS)|hA%?Z2x(?_OmATUGVczo#lkS+t$dmwO_cd6d!1?1-;)!|`RuP7T! z$1zSA6bj2ZkIgeORN|D2vCAHRf9wdsTnyL4#=wN8`@oa#M^HuEa3JoH;S+f@5u8DSp}ez z@C`wYZ)3_i?3Um>tSC9Au2>T#+dWGtpCjwzMy0~pe$egTkQVPL4+k4I z(hJ8@CK~3{X7$1Q{mSgpAt~X}Fnl~T5p{;|17&e5VtpaZ;!kqHMD6|!2ln$vY5jqm zgXc&Af{S65Pp)wR1~h8JrL06FOA9(V_Ysx-Ye!HRz2tq1##74?6aLVJd*Zb`CSh&J>ok(L zd4a`p#JDC4s4ud2*6e<}bQN;0px&+_Y4Z@DqEwOhcWgF~EOIk4iWc=(QEst}e6ixk zfOMzv_*4-G%O46&EJnQ>f+TgBp&9?JxDUkyA;W=GCb-~-BU9e!<>}zT!Lqz}x+a%9 zwwuDF9!g6MbAYRxKua)~&+vCHB`s0A`O^SD6XlYlg*ku%vf*VSP<;6Jp=$dhB8LkE zY|uQEPS}TPWx#Mr0avw8vT=P@@5}MO!~vUw@Q{z6!HjSWgJ`^j1W;`%AzfmLRG`fnP6Y}K3m3&T zz>{X^olAM{hhxQSj;R}!T!k&6Et`f%+=I$J+T2bwdtCYxKLp=su8JH4G$?&arDruH zGkeVPvQwpZipD7M5%93Y#43Lqg5J(Lq1@9PkP^x&2BSup3ZaT1fjfHzdu!R1iCq5_ z4Iu?SpH)af?z*Y!w3@g#bES!7-X@Y^NyC9304j7Iikf9ncMcHG6TP}VeczC}-7CJR z$wK4m&VTgup}q{Zp$PrJ zh2g+n9cp*`3S{ji>YX3D)@8~80?z;tIxAOe@&DQP&H*wRGQ*SZunJ;T^kR;}DSg_e$ z(-*rN;)OgF!c&iCKwGKsb?3pe1rqyUQ(t_8THmYFq031n>sUPFZTZ#se1FzV8vm zW9)|Z3K={##orx5NTP>7{cbff#r;FZEhzy_hy4^KS7_cC!c>~j=q^Pcn#@~pkPcfO zi29P3hv!%1GcYDl?17bAuZkkEtY4i|MWk?UQUuDMl)!aCh*E$v9JPsiKV*@MzMAzS zo3;a~opZ&RX`Tqk!WQiwaN}t#tZ6!SfJTm9s7=go(rB zp~gA*=(($y>3-D#hpK5g$bz=|&K|Wyuc^_aXxg1+e~4=I$U{TPRd08{R>O7qjzZ*O zqkjbV@3YqDgCI-q^xxzEt;!5ZJ)mrOTZ3MYR)iS+)z-UGsm|CIRC%-9Z%w;<;WiO?n-XKAYNNc;s;XcSbC9LZ{-#MV_gm{}n!d8}h+dsl z`GNQUoe`l}>vKCw4rrhj+5q*o#*>f{s&W*?#M+m78Yv1btT$hX?B3Aqgf*hcV{tcU z(D41481SIed2#gmAQylb5cY;fl%u#ph-&|he`n!XhfsG=_s(~NLup|xbB-o=Z6fft z6cRmYE|6gJ86ReA>xG5u*l1h36biRJrH7-?zaM7JT>ee|y>6q)&nhenGjuu!lVAS7 zs~mQkPIp4Y)ec8MHcJg31nicIPOD^XoeZVB`g^oR+{zuT)?X0oAkQ))1y!a)J5dB{ zg5Y31o?9Y!)rbv2aOw}T8E9P$G$atOkSd{ER%3MAGsQ*Uo{%90P z025jRSNLjB9)>jGgwmgx68#ts%0(x%f50B4vqVul3*7Qp!;MgA;i12_$+)@6dglxY zCDB)PIs9E}g(Ag(0^Rtew%ZyLNMHOiJ$$~owWYS-%)=_t{=O)_h+);(M(CBk=l*oA(h^dF$>UvTV zQASd8ZJ?4RFr;6MdZ2{_o6KsP(n^09iQzi&*nfXf!)^N%j@SH)xm%}q2Pa3RX29t= zl-)@`8t!sFsM_89&5Jfu+-br7W+1+b8czQhUd5Q80m zgpe_W0soDe#{FXwJp^Z3HimeXo$}5Dv*2MWFHpI2Y+qsNMi;Rw3hxX>Nj=qgl>() z;lP23Mo7z>ddXG;15pveM5?DQ-3}L|*R740)nIovRYoR96|Eog2)`+23F|SA$@02J zIPu61IfCE6Q>BF6MsxdnxM_&fA#4wCd#NB zQ-STJ`)nU^W3ai;jdP+J_#V9}!eMFR{pQ4Iim0kc3Wd)z)Z6#@SOoqsby-HqFe#%V z@Kq$%iTys^6?3Cho*bTvyYk= z$~gmbsN+Jxxk=SSp%S7w++d=ZF~|?75tvz33bjm8!|a?+Lh>g`q_7lTEZ)QlOmu5c zIF7yKAp=CQ49zo3;L&0%gwY2c13o(W z=HxJ>BqotoxojTvUTCauWiXJBgQMd5J^K2jK6?=LeoLY>`iU{S<96n8pvNS*gUZFl zVUX-ikC_`0mKs!s+9)-$H+wG?x(&O#Y$@83^AV%WfKUvD{dWWG=tGJ0c)EBDH+h!f#M?clCD*MP|~X9gq; z9kji^KFAA{lG)*%hX1@LLtfQ-4kO!qJ^g;UWmMlj_TkS3t)a~_VQQ6=$%{!BE<{+1H~z({EEynB@z!g_DuoqU ziZ=E(<*9*QaZGf>G{LB^1}1h~OhFOT6#N0Ot(EeD4)*zOxtzQncAj_0!pOZ^-BWgy z23>{%hGg{w>vI>q54)~s z9#+!B#ma45YiG}gR=u|gBr;1}Yv#h6zGr9DSleRwV1uusJ)nZ*ac5!jwIgYY(+&#n zPI7yiPJIk0^qU~t@;3Xq`NcNS+nB$3tjXLIeL&7KBkI|k(4$$N)2L|l{NsA|oB7=~ z7mJbt`i>QTpW;+3RSaM=a^abb^h6LXg%e);_1n=nX zG0svRLUxN-nXCCc28#QL`zE3hl(#R_sJslLz!gx(oBw=ps5nTS_9l<{7JCJ;w%5i! zVsq~AwU3T078P8zL!b1IQnkq^@Yf6Dv)o$3B!z|lHf1T>WBo~Mtum*7@`eg^?GCyC z4_p{{;2_t+YFna!1yXtV+jUMy0P= zTTjPV5i(g@zmQv+M2pW%PY+BKxeF!Mq}cV+oFSVioPHcOGrPqZ?K3<0Mt^L--Ce4{ zyN}<5d%rka6#qK$*(1oxtT#TrU}3Dj3oIEJV9KXD^r#Z*bql%Oix`@H)b4vqV}+_! z(Y(iak3siL-BxXWgtXZ3kuaG&-7_Vcm7n49ow!w<#!y?NQb3@uIC3;+5`~!VjkTM{ zM4PYDxCdl%ad#(%QQQjbZfJEG;STmNxQq;Q;b6T?06uw9w!BMp7WwfD{!2*vSS@+& zL<#|NUfkY{C*_Ac0YaX8j{lIpMKkeXPGOFa_6TFqhD9DAAXWAp)P$Hmy zt+oLl8yCg?q=ZkN_f7jVR+0r)YiGTL2^d3(sqXjOAEpZ=_%86qZ-L`6v#J?$H{lZO z@A-T#&GOWr8ijZS7`YL3c*GI?y{Adx>jnS+e?*7^KTh$V`tC*a?qG&JGvWD(3?GKc zMecz=asimdaJbfD)Q8#O?G90Ir3<=SH2f#~U%U8$oolYAg@a_k9|8xmlc$!9=;n-% zMy*AQ8r3EQx-hwkt|4O}SRm6Li}ww$`RaAkNqG_RT=@FUG3?{@qIQKwQcHVzB$d*@ z(O`i?c?xODgrV=+ZV2;C67JxmPphyenRc-fkyhf_WO2tH@Fe-JMuNAs1+b}xfm$ z1G1#T&?Y|Yc5CnZn^QVXl2GD`AU`P;i8>Hh*cDUphKH`M%IdT%LA zqHj}Bk%8_32`);(QMzU1<nk)vMECyH61fY(>Ar~%Kvn?DSV=q8_4pq_6 zo^!6~74vL-*>j8;+WmNUe4F)q7Ak)2FyouMRGRaJIngkWEoX z|1f$L%NJpenfs1nj6NxF*2K0bM}_p)^zH+&BllHhjUD89!iH41JnZi=h=Qb%m7lF3 zWXKWwa;JSSb0_N7yJgd<)uR;}jW-;LpuLksHAtv}aYw}q>HYN1^SFS;mWEZUDlVCw zr$8BfE7`8zzFFJt;6p{fJ2+=3cIHZoxf9|DtBYrD;ikJeKe znOGeH#)oX{KKyI6TjkJev`NYoxfVqZOlN^{^gVcb^}6e$X+|?~A|Pkn_U55st~U+c zd#R)_ibSsuSQkhXNXP}$sElXuYyYlVrqe9{{T(=+m-wox08x{4(WLy}Er^v0fDt|( zr#Ymt(|h$tpbPz|cw@iP%*{$}^&BhF1#%3A>WA{G?Q!yVh!<~Nc=sc2D2Aw>icqNR zO>WMgLw|f~Nr>pm$?jl}NhzXlkl)|m^u4~~TRj^Ay0I3E?dEz~sZC+tSseUPumnbx zQQ+ol1Nr_Ko?tNwbZtgs$lKV~0d24O%AFOD#R?uVzeW7!3w`1vOZkLhpk?M((Hk{?x=AnhvskHBz}SUJ-Y zAkK#b*thuI@22d=$x_rpvz|G3*heqKV{a{aiZ0MRixxQXK?mfh+A1lYXI64&R?Y4( zE)~M$1dd;`&ezbcFp9_9vnB@>!p3l}7c|gVM<2TTlGCYuF~ORyJUh8*N6P z#j0FLXWa$%Nmm%xf6mqa>M!WsX&99=8pJOcD6B?A7{zQNQzW4iUQ%^^IU+UQ17CHU zp)G~0RX)4Xo2D)?{Hs`|4dxX$X=rf>_l3aTy_2Foz(yYQw#I$k_h7EJgMx2qDzOom zUr_*THCNTSbAajyps~OI{JMuo>j8Ant%I7kH$7kBqY_^rhGaMbpB3w0t?3Y(4S)z; z05$VJ;Gn9Oza;n#^JYN9(P>smkk~g1DA0ZN=nnCBppTKzdc&Lz+a8Lw#98`C`X(_W z8=mcRgB;M86aV8Q^aj^|10Ll10Cc%HF$vgeT$q?PV3I`AYCt8`43PW~WLI?%IHvs* z@@ceRXXfnUQO7BtM#f0w`6;U9iJRIi9xIVq zL&o#=H1m31n7}*ca0}rg*sE(s(1+##I>mk`9g5iXw9C2snijhngxKNVup+|I+a3Ok zkR;}Bn)@ZLyEvvKx^#? zz+mwyM&zY@9MmVvKff=mky&3aG?v{^I(9BsoIHpAJg8xlQ;96tcdVFC)xAy@+clmV2V`7h}J)s!tts*z701 zcX~hlANqRF8P2TbuOwpLy+zt~+h-QutS7Jr$l=oa^VtFE3NDV_+S_&|B0dIhfP5VF z!j8VF?%)=UQnDmQ;Q=t~p1RymK#TW*f)P(oU@c%ql1U!&^Ug85 zFe+82e@$}ziu(c_&d`MHx}M$cf!qY9S4)*;#FF!*sHLtSAVJaXpzz$MZaE($b#7R2 z^dwHX#5cDcD7$X8wGZbveTee7_`Qt#>sy~ZV#K<}WT%B=y$im3Rnc;TM>?Bctul~O z{Ha9AsPnV{tF0(wg(oM<#YRmR(dq6P590R6UQ6ev~zok|7t)G?Dcam~z$u zE8hQg6~k4VP9e3Ed3_U)Lx@Ar#mhOn3;xc&rsx3o5OtgWpYYoY-w!Lx_Fe3+@!Dql zQ@O9e#-HFl03zZsMZb8Z)h|X=eAR(;WY7p8=4E0-S_RxP40}L%oMj)cdplO#E>aTE zq7+Aw3Qm9>;>Pz8_pu60r%|9lC@ZoDw(pLxQ#y3#Nml$pE!`!r>#iWNbyfgQ6p2dw zy1)?b8UZA9E+w;&^S|7xiW9}aX|JiUk_45AOpee3I6pE#L=Vu2T)!0M&ie-={{sDc zHI=lH!=(6qjaS3}Ke3niUq3pg)|U0`V+CW=i?e)I8A<>ZpW3@lozO0RNnwX|e zPsf+`sl^kQoE_$86!zJE;t%c7J+ku>HIQurtLgUeq{;U`-K$UIryFWHc9M8RW5eC) zS0DPf)PVHgLIBLP;4>kp(x)vPOH6Kc{i^$7K^$$SWTAJJgolxXImHp>N)4*l+2B)x zQkTN5?Zb#8Lt%(A#CKl+HkRkh6xBW8v0_><^6LNt?fi=XkaxF>)|S8D(>CRx^=mRS zAT}C>{(F_MoQq(l2X_E}U&%M=>rX|UP2?AV_hERWCurB_%q#o+9SXwT$*V(%&wfpx zOQ=>A<4h@CU_6RdaK$0$pfdOwK*AcG+Cei6r`&7CC1r*ktp}4tv_QbsR@&jNB_!Tu$gIbWM#FOGY4Sg*d30Rl5G#{@#96@j28ex=lFO?s`bF^C*!I%r zzm;#d&3pR~F4h?hlRq35BC3c!_L2r}h7L>txqvzpS5|j55uVZPpX=0@nrx}*U7kk1 zEXkqVbS=#^s0QtSwI$r}w)$Tu02{b$Fk-8js0tvzDM1U|;Y3$C#r@qPwJnt!>0bfZ z+pw=hJ+HVvpl-U4u{RADd`wW}HldGFF@Dw7S>Q>X_Zn}PV>6kdktH$(6G}xl0~PK? z77_%!rau5_H)h+kY9XIojbg$kWo1e;3HPlwTvHT@EHKh34GW>651IU~y6se$Sk$xO z6)_&Z;L8&w3RnFDllUR()rii1k>4B;+e*`*8}c+PD`sMg;I0;c)0+3YQHi(Z?;)#Z z+#&}i0eeciJz2%$?D8KBgAk0}Lf5gPizU*0&Dv!a1L2?ZmEKB)K~+oFoke=N@wwi* z`sN>S$`hu6lf!O7RZI?z$uCEPnvg24NM$a#HOz8bA~JaB8(+P4Xl(;9C5xeyKe~J0 zM;AX|H=+FLd+>XYK9$^sNSc&8C;5MP0p+e#WQXzyYq#p^q*Oz1#~vmh2tR*nW_5z)H1lebE!JgZ~V_ z>JC6u`e%Ic8Wt$~aC2gvV1I$AKO*hJ%~R`uNWriJP+`2H0gv3KgLIm|&-)qG&wypZ zj%BLa<@@~0IM}XF>jFSVIOtC$1sG9vejsFe~hW6s2s(=F}eA0PHgM`Jt}n z2X*tI9*YiBL4IHvL{Mvn{^$YoKJNi}_1p1WmPjgzuq0o%!SNL3)w&x(k5GpE{k# zhokEB^Ph$to`dVJBA(qa@u%E_IU+vR{rk^ENuB4>_NhG>Bx>4+p^^!vZ*{mn+*&v$ z`6~P6`0U6U4JwR8ml$RTwlJ6~FAIz-xu2|-r+4&K9>xtmF1A=#uW%J~9oE>+KYB%< z+f@FTchTE&<6o<&zZ0?RkQ_=r@?I25GFMIuxHvx%Sc}^L11zu1>D*oY+6sWb!1w2L-ARQUkeYF$xX5<$-vwGzY?vVP9|9MUV93WukThXrteW& zRx~E61^#LhL-HCVii;n=m`tW=?C*#%R;m_ot!&gL#Kl2+gYaI-KOpA?vlr8S95{@Q zz6QVI8dn6jShHHa{X(RY3N@93Z~@ViNtN*~$A8qSS`S$?Ms=)=lY&&f=5K8J1aal# z>_EowWhjx*T|YDjfHu}b$jb@g^ahwv2SA9Rdy8MG5QMRiI8ro+Np{V$MCRy<_cLoi zE#nUyPL)do^^+5ly~yKV-4Nqz)76LZM)jdfP0`k2Qd$OuON)xRq{fd<%&wES-XV(? z`x&LNi%3CrOt*8Vwsp55;vbiN%InwOjbg5uw%dc7U{}5Sh+VDPDv;m&TO42v*bC5z zWWaa%(5$fM)`}rG^FSj%6Mz_Ic9RhztaTh$UVX^6%`m|i5~JBV&}!oL^aq{)RFTV< zL%S;KWVPC$yvU5Nv>N3Xmg}{0)cX+a$8Ya|!d)Spp6%C9)fPOr1we5rgBnqj0dW|O z!CUcyYk$g}xSlwYI3K7Hu=a&w*PpN`(xg4z1*2rb-GhwTwqnoIKe_>WSDR(REX>nd zOtJPrI565D0+|k;Pl6Bx{Z8-uijX|Pb?@0I-ees=xiDD-e=&p_bIhkXOzF44lR|+Z z01?v*wqK)d10zxUe^=^NVqLvyPXZ33)(0300>Wz+<3CbSw-5P`T;mM}USMA`-dP7I zW(vr5d>K8;8~!-|bF>Un5i@VKS0&nNUYfMpv|ufIT|=$1EpyFY;Z{kKCOj)5UyuFw zZEyG-#Z-Y~JjZnTT3oz#VuSb7#@i_OURwZ3g#b5}coF+9$qxJK42X^V4-Vw%9hjJo|OK#zZ? zeC;IomVEj(OZEK?2^NPxD0O99eGH=&QJ$35pn@gmTW#QOF9v)71l1gsIbf#E=Z2`&UC--={*{pKkxX{Ja`F)Wee#{mbV8hlj!ic}Au?#LvZW$2)g>P=V zav&<`xKOIP{?xI`QvR*{_IF9qYc{e~lESk}prY0&KP+zm>7CyGy1`s3#i{VuF#)z6 zP|GP-*mD;5-|pyG?twky{M7Aw*FU(nA>1hT03vc-N2z<3uV+`GyD>SdOdSqQdZS^tsZ2It^sGj+*YTcw=CdLn8n*@6fMQ{ zIPdDTqlZEyLgT0Z)n4@Xo_dZ1?TP)!(0|Gb^DIeqJ7518eQ!D|Aw&5-V1o#e3_Y1g zbe$PB0SXV+iVMbhqc^xaflTwa&LNpkwXc-nv!lr z3(Atr><$py9HeazV8VSjNdszzze04O>>k?#3;LfJLP_ht=k*y=6``bxCSAqJsLwz zTMJX+r+EXcZ0yVOM7(1q0lOt6o^VyWpBgzo*Y!@k>mkjPi7s=JGVdI)9Q9h`f1pV) z^LL&G>TMrSTYXAIFL`B~oH%uw=dzk?R&$|c2VSCIvl5Z&e*SV*o{;T- zGv~b~z#yw9zA+5bh>s@BMf@}90tg)WwMYR{0IERc0ww|J{yNB6T z{xE+I9LN#%imz`H>hvF=0`H_U60y(mM%nto>HU|$3spW!bzX^*)@wW-z7QBpN3-W& zi@fEZ*j+4?(S`%jUg7!Q7_&wEZ#mL+fW?_jf0%rPM=1yJ_L9dfyXDUAQNi1`t60%_ zJr~MGRP6 zq>Bzo+7kbFA6wZC3_8pN}e+WR# zNSn$xt6S>EKn@b;SVA*cF<6w2c8tUqZV&iV981d58(r54j6N*FI}_FDlx`A(o4*j^ zI}8++VTkIhFX}~&39bnr^ZQ<3Ps<46y~DBWS8DU9mpSCF9oCW~DQgpYOh^jBz;10| zrcD|Ylzxmh{W{Ivp z{Mlii)ua$qGk}DRu5}bK9&4UWjz1Lk`3S4I+Y>VI4nw2B8IECOvMR>C!_B`0SO&ik zc)UjYF1}AbC(aCTIGtwHx!P33Ym772hd746L~T+SAgYj_PP0!b{1CAHYKWT{ySB*_ ziTzG(6W{53aT9tM ziayR?E_*;n6NyLrqBUg|p+r7}AdAi=D{uv$b6QVwU+vfT5NlitHfWzQ-p(`PegTZE zJCDKX+kgbvjqAc83kOByvHQ(Ou> zjT{0$NAkQYj_B-lle}`iOB?t|puZ@9?DtCY^#2ZF|eZE3Jt>c7Q%ZkgxL1YTS|hn!c>* zto^QkfKBw|M>ikN<4%fQA+D?IOgDb)FkLQ#s&MY>Y7jA4E#T8v*E|B%)!e-uzJ;5G zhQ7FzGDnNm2c<@6e~YHg^&l5I$YF{XMJ=b5gDoJawj8K?Xf=&~rm%c*l+ilUBDUBu zdy60RCQHnAxnZhRv##E^XflH{2!+n_qGF-Gic1K7BJAc309ntd<^=P6%v&r9kCMDE z_QytA3LpkA#*W`}P$c`Yo!QABj^$+M%HaCrHCH&CMzn*%>djk~z`dQ4G&=;zukJ_uv!5W5I!;Ti1@wgoEdFUq4vk7OIc+OOF0urBK5 zd0a<7X?D7mT+Ap|mCSu;ZPYreP@KIMLA@QF@bfVmZ9Jpb3~e8ZFd3+gx+p(u5!W!Y6 zH+m#bWaMGBR1jc`xW9hOQkswZ76${6IOj)^3o4zq9LZ!h98XOqDyQ7;zua@17VrB$ ztvWs0O54_#Le7bExdir>WH?T`ep;eUeItJ z7$ws7v4>4vkS^Zt4brE`4u3tH-N-jk{KcI9fsSE)=L2OoB79oF3My#trIx9mm{sxH zNRUnMENV4!b+M+LA1tw3b;sPQpe09(#(> zi`FVl5PrJ`lyVQF-TF#!RHxppgXH@6fyamEoh0q`x@sH9oaA0ETf1;BX{%iy%0mc4 zC87kGFjsp}%z^9nVf*fF?#oBR(J;a3Sh9_`hj@)c*NQVj*=<<|XQ4uzLyyP}l3fD| z-*}iJxd`MIO+qIyvQ1oaPYZ&?1Lj))8*D48T+>F+7n@6I^vukls7en?;e+_)*gX8_ zit^;MBu)L)Ej{(gC?)AbOCoVH<(ftaq9+CZ8ZQi00t|sZ2uWDqk@V3$1%%*j$86JN zrr;Xh=MjK?nz9xUaiY?9sIgIt>e=H@qTqZ2Ix(VK{GP{aosPyAKL4XyyL2oOM3JUM z?ZF57LnIy;-%!2%Sy^PV93)0T;odpt)?c$;p|xJ`mVvO%O`p`1$M&sn?lAc2YKklz z*;XzUBeE*UqjQ^zEUJo^7_QkQ5WA5?pBS3Nsyzmzce{q!p z7E2=At^T$xm<`X&D^`-fchmkMi*kBkJ^vjY2Z^TqXU1e73mFQt{(*)Em4TkgpF&x9 z2683{H2HkwN{c-`?P7q!OY1 z4-8OXoV_N=AserU5+K}CCaIJ-x1dhR=b7|Qu2L!WHv0;8Z!RvFhQ?slcIG0=v3nT7_fTae!a=VV2$2T|Kiaay z>dgGI463<|y~5Y5m8G474XX**W*^-K+L*B=(jeItp32!BmvB5`EM@GaHQ$9$(iZfq`pFGXG=2D0f`jlqfT2mk5wdQhWBuh|V9mRf6Z4 z34DG3bfD0KvS?iMHnRH)I21!3FE=*S$j^Z_1?NIIDIARm3GJcY-myp{MkQX7+pi%9 z==ss`#*q0l=U+|ozm-x(167@h<+iMzbyBP@0+)_Hr_6~W?dr(;9(gvp8ZR#lV@-Jk zUyx}iOMzK=XhF1KdGOv`3~*vridr`#XYJ7HceE{LvIy(HDmhTe28bpuY+k?W%mY|a z5tLcsJ8eU`+{V4$kq7r48r{y>#No4HQp@f`{JY?X`HgGVPcQ+a)kv@5C1G35Y zT7Iz;?1>#uooHv)HX7bPx|{#lTRsg(#5N_PLcWlIKcn(>Lj-v&tj1Bw@T@*Gk0gq~ z5Dz9jNe(tudQ`H793a?JkQVTnlP`6aNL#AP@2Q}dOTt~aTQ;Q+OQ)NVF8^i@Xs#|X z6-U}SWs9DPl<#kbp!cqqf~K#v{!}4=kFgjU7$0n21`3Qw>q@|QJ42i{d|L0Gf_7*X zv_=b^zg1oflSLQX#9!)Z;qb=I#h*|U^al=H76Q!PJ7kp?V5)@R$5>wgLJ6W}%@@~K zHt$i=bhvEhDHY@heFc+Cb*QYk;y6_?LS;Q5hP{KTOzH8JhF-)^U1E7p@Fh>12j8J5 zSH4?k13s8FeKjrz+7=gUPe*QzN#|BIp58AYpi0~ovMwu z;d&*};zowVjU76Dlr9_!RHaQ=2wDwEiqUir-htPu9v zgyMx`!w5r|7*thGVCsg{HqB+b@#_cCE4!xc%8u-mI$pL60lVOg8+jy@h`rYdRu@cK%=D z&8FG=1fB2e69&Dmb!Ucfhr$5ayj0WB&u}Hc^;6(+8Nqo7oRl90*8>+w(45f+F&$VI zOsZ9K=*FXz{J}tvjPTNttf_ZPECNwFf;V^C*qPLKfT@$A14e%|e6FyV1bSVKC`ys2 zu&(9aZAD-XUEonyq*7}(MD9Fz4ab&)*(@BBUVh=&NkdI*&Wi)WtSUM90d>&&Ui@=; z&*G>3bbrV7}?=#kmlFc$7s%|>U$ns0WhBNv3Q34xN;z_Y9# zq#&D(jkw~ubbcq0^4>J8n!-54d_3C~z_Yn}PsS`62hQ)gdI@(s$324~J+|e?E^gj@Yl|(W!{KX}VM>}NDYU<`7TRKD1E=>~c}=wn{9cZc47~HSKm=h} zM9NqB#$#b-LTF;#j13O7qFr%t!qhu zhW>s)6{sv2w>IKX#;qvf%1L1nMOe`wvak-+r{j7TRYP)|785Gh!Bml6%a1Q*O z41MCx;I&Gj+z`z(!e*-**-op?W4dk5E0)K0G2$~ypR3O;!24aHVkW`wt6!@8?xwv`3PQJ^4> zztO=i++QxKG64}4=hFaAMR1iCh0s@djVc4y0i}#_aY>!}FARx{>Iv6JJVU2KkJ||y zJrCE`a@W@C<_8z*&gRKD1iI_%b~^Qtk`cpdc~TyGI-p!6Net18-2p!+--{0r|fJ2$&RhMQmE}(q&ES5GrMb9e>N8ptL0L9`c z(R#YQ1{{7|4P?)iYf}LoO-aB){We|Cc`)y@aC!39C8Ih2U3+q0-Q3Fg-s?u=9+aJS z{mBL!O=))nO;!gWYlk2MddWShFl$$eVubbmP6W)~d=-XL| zu^_-YQftzOA-9JD20#5>u*^;b)=|b@pCRT6?MH(W)=hrlX#Q21@_2y!$wV0cRnM>j z_rVqRc#dy5*dM9OG~bi)7XX8MIIWb*ECHInyFU0lt1SbfuupN|=yb5|^TvP*xNLp= zdOT0BdA-jd)ast7!OXcmT$x#*T6{Apc^!mvvNYTU@8kN;<6{(9$a-6xruo?Y;gtng zG!;I=3T{q0Bxs{I6!P?UBa|{}0PGdX}_|v=g?Ljh{xyf?uGC#P@g&`+WEgatzOKM} zh9Tq@&~79E7|C$$PMP`k{wI|dXG!f=*9Kcn17wwREh8Xpg+>=MaueVOA*07t$q`?` zbCxI4!J+h!1_V3G)l0C%M2RXbCx$U`D1hbhbZ8YemdU=KC?eH{fFVbXprV zzF&Kzx!tm>DNd?8gB$s!^-cI1uW?ER{sN>XHeY`p&|EAdH6_*RDWIfLv5-^dqizoP zCuU$xN<}vF6Zr!(&?DIrUD}SaD~I7I?+K{1d%BeXGxK_@seVE17qf;O zfEeyv&lx78QhF-`^)JR?0+7&EjAy7Cn;=C0ZoArUsc~1|fAl;y+Pn86H}vXcNs|qU z-Q#4n{TCJ)w>)5!S}Q>vaJ>i8nhZ_L&QSA5@tCu5_ZQ1go(KMQNQr6u=e9Ib?s8g( z=nOjA={FN9TdnR#?_Ktoldj1c=aKM0<*9YMP+$a}c%!bCbQ=#`VoPZMSYN`07)Vr6 z8r=;jq%a7$pQ=As)aq3oG}fYBXR#Z4xuBlM?nOvd8 zhzg>Zy>*t+Y5bD6Y8Y9NVgHDFb0$K!!|^BMwdNpdfA+rd1H*;|p)zv+OdHy&ptRro8QQ_2#n z1A6Sp6yLE$sLU}|wW$c7|4`B*8(*2|Ilp?rrX9|w!<|b&J_)`!K2hX+CeLwy=h{46 z?ss`Qt)72;C@{|@(*HLqaHiG+!vQKL{=NgmD0Me4uB)P>czZzX5YnVsWgzv>W$ygX zHl18@McmNTt{gCIOZc})%;IYJn$shCxygP;K8Z=c@T{s}*$-Uq&1N$yu3h7td03}D z!uU!!MbNGBIzEC1+cwv0_Bgm!>AvA>MViHTaz2Z=3_&N^H1iK?f$l^{F6rt`{a(!Z zRuUBWN<-a!jAn!DtCKlmLL>r!TS%(OZpr+??eS~Hh|OtGk%XbaPp}|!{WsSyb2_9} z4^*ir7qb-{^{nNI{0%l)w05IL{=~{b^teJEVK6B3_o7rk2`gpA-{wTrk-yuJ;4#W? znsLqE7&O^uE<5&MUvwdYWPsbPIpDu5`X2i_*Waj1{NGD^#Y^QunNOygV^U%^pfqy^ ztovGvFH=k)xH@Q}sll;3mhI4um+OyPkb$4FLH0VQFP@rx#v)rP2a`u13G z!j@g;BKtu=AL?h#BUJ|8x&6br83rU9Ey*!`x7N;4Keo6ZuO-%pbZl zo7Qs9j{E=waDc;&*mBDyu(OaRm>Ll!9sQWsnbxpBB0O} zZ2Tiw+wTJCUC5uB>SPa_m@C1zWD@?_ue1MK58ib0g{PF#StRqkA?bE`vRW;#skfT> z2mrS~+q_iVX1N+6e3q+t*hd9YJ^YPdJOG)ZY*qfQN8{%v;DxzEiikgS;obho0;VhG zjK<1vliq2&O-f@+?L?W+ucWa2z{$2GASj^3Z`IlQ$!!N{L`)l)Q(W1Fh-0r^HN48F zDSKPhs>ky)SzeiflwTpcK_=}(DQnZ3XC_PYDBJTxOb2H~Ivffh>eVczo#ge{*a4L4 zRiE?INCV?m@D*>%2O;?MG2(#7=F?jl?~x)n@v~lf{dT(I5b_x}J&$pt;E&o8HPE(( z2yD_1)pnXMbg!K{y#F-NRU9r+BB7OA0L*&jP$zd@kHQyeJp&F-2Mkh#2C2wiwk|^d zk6(2Dn%ZCa&r53I9-!SA5i%w zQ&++C@PD71P=5qlJG!c@mVLAz?6f5fM_7W?q!JtwmMVPSca9`n)(QIOge;>%WMpl|D%F>RRNY~go)wbNPr=(N)%8xF&%V~@} zU%H}7f;nk4IJEQmMtoh(M@&sArjkKYe4+uUhd*L&nPr|E^7 zKCjgw>dLQrdgU!UZ@s}hEW(the1x_04^h0Ua0_2!%9Pif3-Syu${FJ&(BN^r&9E zg(Gql5>#w}F^;o${W%~DFs3{(8ypjhqyt00gLTukY1l*R2dg*|YuKombl})aT}LjH z5da|XRv_X$yz-NN@`Fb#A2Sj}7=%*#`J$Xnv5xnwc^)y_P%YI${&xO*6e%OKq942V z!1}q}XS88QgY7mTN11bar5k0F(iWBGJ!1!9I!(5-DqxJL+&$x*jX1y(G%hfn^g4?RIQQ)04U$j_mM(Vshnc> zAcU4YBq?7yDixIk%ulQf+kGd5!hc67Dze&al}@VIU}#0Yh4&1Mpe-6#N)tV|fzXL= zJMNK=4~&?qyn!Wel2)M6fm-0}X>DUG%V>b@R{wQ5>$v5<0375%_tiUKWeqrWhCqp7 z#-xUcM=R$A$4fQZAOj5zr!xwBPSnpR_hvg(Z}G}d%cIzpS+%OWG!C?!;E1Q{`kq{0~`!vse(lMa!bxL`g&@|pbx77C9hLEwX9O0v`h_rP#BikVRCKV@zE(Gr>M z@$T2)tdEif2}p@t#Oj1D-&>>1!fndZOW&uEMYw75e7E_kqbPm3ynjH`fHMDN$tpxS zd#UYW@ryv|`oqzKtR&W_MT;ZNRDSN~01gsMwkVF*r_1dFjkGFFk&7S(I>WBZ0bWXp zT)@CMOM5J~#?^*OK6L}EMh%~CDHVts5PZ*wBMJ^P77V-~v>xZn5x1I|JZF%XmFtrw z+c}I9a?Mc*^qUM~j~Eitu*X8gL1SE2V!wLhH=hpedR{s6)dc+KCS^n!QC=i4$>pvP2tu&w%<4Vl*)4s8U+0NbDXc4wXMoLGxl6g za#kDD#7KZs_`h2i7+GFv{KtFzdyh*ZD1GL>!$Ph4;{M@>J?R8y)mfS<&HbQ|ABVy# zA%UT2UA?$eIADQ{icnNUdmFhRZ zMTI9Fw@v|B2nj@i^@-T|rvM7|6(OwlOOXBVucUudaEXwOehsHMaZV#rofp|J6}5o< z+QioS;1?QAn-ZpPe+NV;P2T_PXS7B$2_H;rNO$uZRt^tTggb!!w3@E&@LXkzE1B9I z3B(dIQ*2-H7xJh;Tnde#D_Rz1@r#{zFr1!u4L= z@0Z@NFA@V%XGJ(KkoXA%xslt%uds6eC}U1Sr29Lf@aBFv`HUY9NHh?D1a&*9Kqp<8 z-|dVu&I6n9mzH_sQ3F8+vXC98##h%u*|!yDY+a(-3Qd~r*EbLW>48<$r~EVg^=9Z;$&qtlji6-!Ld4>xRS9aqCL6iXb_WyOt+b#Z#RC!SX|$s&L0)@B%zPT6TuFBKY9h5)jblf;`XYb>D^pTsIH zM-XgCP2-4n=3A5fg82TlrX+T-WqPGi&dA*7IS0kZJ^W%cDvbv~&}om*P?~ijL6U%s zgSsk!KqwhH!}M>`e_-H0VO$`P+f}FpKRRs`Fhty8Jwqy#Y!{D3IM}UiNwh=n9?Y$25ov?|!i7J;8GjI?pP$ys}T6G^uM0R_3wE7iSN* zgU-lh8yT`EO!X}5qecqumYuc?Ap4kZkCM3zhnmT&TU_MHxt`cHz@>F%nvUk2RiQQR zu-5U+00n9DC+}p;Y^@UQW8k}D^7ND8=m-}=_+Y6+%<*QhT#<{|5YJNSc_hKQILIp} zdys)hTa~3DL>1(H>af(=a~mK$Uv1oD8;$B(N0M?;c>aAnEHB3ea*$?R%h9c5%k*|<+5;ySbN9Q zb1vR&VE8NeFW4du>d#FB4;Y} zNG4U9*i_c+mfYuQr|ARTFP6g{Ql(!RE(U<$?g*-+z91_F`}Cgo+noPL_%QBe$(CP7 zgiHnU^0$HlhGGf<-&*W1Sd#$F_$OYcBv6hQEtA23)L<|UhV56xTvdU2m3sZvuu`K%?FE)FWr*_DPOIkvA z1~6;*QE)w9U9(F^&^6|nSVCJ^#;U2tx5C^yYXApeSU*@lsM#uBFy76Y-D0D027^My zixDs@ysh(xCif;iVpg@ID_~k*C{*5r5tW*|OLn$IwBNl_#%)@GqZ@V6uX*hwZcg!Rc+m?gn2~wd;LPwM+Z$gICA2CGerE zQPq{bkDRxk(h4X&9;QEJjb4g@sr@~G{fu7(I@-C7n!C*Y!Md>o{O2nD*#sE9oE|D@ zc$D}UY&mSr)pnsGU8tGwC2t&ffdUy9>y*$?%~J`q%b?pV8lE;VW!0XPe@y>?MpWF}It|9xcFP}Z>`Q5Iko;Cuy13Br6Xh=YlnZ6QS4QYg$kOq_qj-ev5qo``v`Tfk)gV*IAaC-5Qy_iI7r|EZ{ zN)QzfjZ{a5fD!(g;CeuRb~rV=N&d@>=pAwxAF>__L4iE%gfiy!lYtaF?X~&bQ-G%f za`0X))jG1q{9{2r`lE{2czw>fhfw$>SJiEtrngg(zU^Zw!FQ=FPAfbK1dLvI>Niqt zfAU1P!56C4Pm|C924 zK^Bsck#Tui%NYE~L1K^x-O+XUyr`Hg;REq!Q_6!)L97-my+h{|PfrSb{dXQT$0iML z%LAv*^eU4XL55fl;$*9Zom(!sHe!Vet>WC-gaoSr{qYaNirGb@3qE(^_w_kPWas*e zFFQ!?@wx4&!Bly*$)S^cj#WQ_L0d)XNW>Tshfts*pC-G%+(76a$+UI&!B0&&(CZK` zrE=sF{n9f_X;qGWEO>nBl3xLrP4tGdn;#uYl10%^0l_UdUd*81RQ;d5)wLrJPq}qV z!OI*Pwf}a+ToF37<%N8SV1m%{xm3*x7<_m}S>T z{b2*`6;y52U{fxUp-@nd3RS0@;>m}X1=Ja1Bep548GYIJt@0itko#Z}@LsIObQBjD zB8SK`w+ zsPem87iW(P8v`F>sJ+u}o+#&YF0!(JuW(DuIGUY&6!f36H1w zg>KBB?Js%s+>Y%*&y#Po(Z*`_&{=ms^xY^FbL!RZm;uoke$nldo~o1AgG&pIIgL~T zuKRbYa0=YEP3py&Jh z-$@oQ%NivR^?uXX!eZzpZjkP&M>@yCT$g+re5fteeZDAGBCF6a^`(D zlHo!-8gsFuVm>rUIN55B-{*?l@Mo)N-55u+MDH`dn=Kh-@nv8mP%g&=NLG>or2%PG z{B`KllcKv_yGT~DXGWFp)rV0bmPG@_gC8y_Fa0;1S)9qj3Y|ZxWG93@7J(Sev786B zTv9!E-YuL59e(8HgUpt6XCA>HGG@v@TgFG3vo+uT!S@yDQVR)%d=e7!EMTDnc6-Je-+Y~}%!vN8}82gRyLaW=a4X4ww<5L<9 z{82>IP4c^Kp5@I?Zyl*!x+sk>iJ0So<4iX6#;(9B9%b@A4QDdn%kt5!r6^zTo4(S} zh>j0N83axhj0_5L{&KZHagNG$@Ry2GMC7*iFOc#YyPcF{9U4jHtcVzho$JZU_RQJm zbDBV{!u$|)Df0I`TJ`Yz>?fh2hdsAPb{!sbVeHSzf17;qLQI_4gny<{Ql=OT(^|u2BI|m-wi(MHLwxe%*q9;7#8@8IM7QyB; z@+oi5Ivy*p!vzhpDPteO{o_elSug&h8gT6Ho$1)B4~NgLV7N#QYhxRMxIt25o`~GE z$V4-7KQExl0#eR{A(81yLq|I%=86?dQ@r96E+A80QXz{{l5m`o^Zh^W!f^m1GkoOW zOLugImPE{DQM);CdDLFb;nDz%DfISiHA~_R7(o%ZE`~@#Z zIA0&xJ;us_9-XpDFZbsFFreJ0Dzr@)b@1q(L>h2WyyxVMXL>z0@pwA$MX$c?61v4J zbtwha72gKA0Dq+xTHn4Dm!NpUryHt21M3I9V!o%+yOGPaz$ZZGzzxrCGs{H(IWMT( zpj`*>r7!_15cZs@YGVm{jq;S3zksqs23Q06V85)D#H9TW82#5>+Elhk^+!`W_>=%$ zEH9l0yLR)_U6GW%fTkUto%yh8!Y{ zm|+c+>>;GLs;Gqvn+@Xn%vZ+1BcjOY=%l?EehA4Q<-0ncZ@d)H3W!evjY@zW!6Rivvo;s!pSD&Nrvw`GZ`d()NtS} zVts>r72M{>q~oNOHp5JZe62r%4HLZ8tkSpC3a}J$esIZt%mAE5-(u74TR+JHHx_6I zG;LY>98fyT#%~ZZYJ89!Uv6>1mQ#N14IiS_>D&I{%Xn8C)5|O}C6JeGAV(~4J2w=} z!8cW7D&0d|FR5KkvdZevew|dV|4T#o2_|9Vwc6%!0hC_IzJz6iV_dP+fWzgVT9LZ4 zoaat6d3Y_wF@mC4C9rO#w9kk^R*guE#3aEl%j}5k1mWp?x`2i-zIb&|Y97xz4gUgZ zTv;G6U1-13%3<1%MMledKOH_1@i)*Cuu-w#(<&xZ`JCAF3$R5(r|7NqNQAA!)XH=w z1dX*U)I?eP1A?Ju_hIsvtwOo1o%sWbT=ITAEFauEOae<>u&Opb2fnlFAGyC_)GsY) zSo`;ETx)S6wPUPs*+$Cao3Cc}>F3J2|M0oQ%p+xLNIu-N+t;Ae*hD8DgTg(bEK zFN2oXrX_W!1NXqsyIH2EldFKC#1;$acH>_CO?FD@cyIXcL9^!w2vkp)yX;h~{tiTi zzEqfPA>XYI4TPvTccD@dDiOsFACeSBGx{hdvSna)j80Q(c}*s0*P0)3w_BEeF|4e; z=eF;5%}n;wYF6KkIvPG+>ZbT;)XykMr( zK1(K%LA`owH1iihRkk!b2;M|>9FER%C_mYo@lnAKK>wY3M5VS{5s@FFODZe=S zen@}ea#&p^;72n8FQQ4nVRdb1d7ZLL;(;Cj&r@BIvY3bS0EK(X_}vQ;gF&`z@QOQ= z-wh9ZI41m9E;OCaWkd7g2-(4&4Jt2ZI^yg83Me(c`U3r4>B_re5AoSgynQryGkC%&hO3Rk$2n^DmClt((;{k@X;g8UkA0s|RrgobL{>Le9nSd};Cb8D zkA!kfFl`ggwp@sjd5@ViB=9Vf^cPXMu?8&QD}Uc%fa3E(*1)r{v&BF)ONbZ{ABwS| zk#C9r&r?avH{KXK??(7n7TnNiM(L? zFujgn5qs3&K>WK+Kqb;dv;-{MLiOEO%!v`be`D5cVLkLfUlu^+zXp6#UiS;F1iU&u z0_(U0iZ9EO$i!Lih~xGJOxFuZMuLFlHRt@&j)bC_%F_Pq!&<9L4Ik|hjs+3dyN_1$ zIZ;doX>U~lb5x^UT50GA0mZ+!>Tt~J)ZJ2v_nOcvlFMnwrWrv`ZHAc!IRQ>yLS~(h zlQx>kK(QLSEM-JbCJxg`H3&VB@rS0n+xn1iV4gSIhp0jcr znqDTciBvQ9k~gAP8t<~n;_Omji0&dlh$4W|mG4CLE|A2r!^sCU^~s&&**)u8j#MG? zyEME>d?R||zlX@B?osc_Eh<%Us4;j+3O9XjS7-su_k-Xtxy9eW zrPQ7pr+%0hz@?RUUIqK++M2Cy?2O(i!%b*n)hx&3hLQH~eDopq>wG?OSbCCt6}XA~ z6dizSP6utUZ{9#T+M6ttt2kSRj$#s+@~lGgS6G*MAdT!eY&^r9!`=X^$OFztdOUIX z#`uEWT!WDDwr^=R!uTDm=gLh&puo^__?RzzJHDO%s^W1 zyj#BU_K@nX%-Crr(@6Vo=k6czmY-PLMH)*t;#xA2H1rQk#qp@=4KC@Js#;nrJlmsr zcHTQd)k-i>zMWJ=U-7xBJ*ucnMQT)i&_}rYEp2Km++aJQwffH}$Y6{rtm<~ZT|J<( zY|<*UK?K&b!2uaeiN6hC_`zLbOmSiJg?2+}T@()oiCPJ-DClQAd6z0GygQa(5y)xZ zRs1#FMWlmwPq~I4VbJTH)3!@R{CAMGm%1sG#rgcu)_Y*Kv=;xOu&`*5Acl!bD{tN- z4oX1Y>cNEwdEL}E?4#iXp|}G2o%C@@kHDB*5Zap{LOAG3S`C`$w#1v*Q2tj0Xv#=9 z;^@W!<1|@+sj8LVZ(R5Ai4)6_?R-WOgR4@KTPROVVz7ndY&NY;hBsi-!h>^x5|mGH zhy66cXy!Kr8Ziu)6NL2no4AZGQ)=tVK%djno1(eiVFY3XVW~_Uyjob>8=nKKG*n{PLDgu)y%hivtq}ily>a1q+elYkR%C>eO)e+&Q z?D{dp$(+r$G(=S;ot&how55=wDr0R@U>R>S7*<9sd)+EDelWk9Cr;}660EYNl9PgP z8T5xSLD1*nitmIRWyxgw={LyN$R*{u_)XhFSL2BB?$is6irHkpvUpRpiN>zk%=5zY zsp4+hfmqjRWyKHOd$#8~|GM2TjQLuGz1t(Y#c?5{ekV)zy=4=491b(VaNycy&bo#a zQlZQ@%a>4_oX z&&rXc>Lb;yYVAjFZ(WfBx7ZD<6tUHJi$2M<^X!v(>2Q}D>Ml0f7~jg|ha5b}FPSko zb`p6T{?TCwGK z(}Qei2X+NIzC|8?bBD`-YbRcgisHS&f$0}8D5r~?#04J49VUk(fWv+pWb)&~Vxhes zIl?RD5IIJ-TjdXb3cyO;c&ZjWC;b2lR0f}#0ft{VlV$zUF@rchwm!Eghw*gzEf^@ zIc;vJLTA`)JlGBNy|&pBFP(k$;IGT*HlwEO{!u70M?we8qcJGvml-7DkNDp$SqN3{ zqUnp)M-|nZ!{i3Fb4P^KQwf24jvqYxLw705$f%-&ILYS*c;;AARA{Nu@>G;}a9giJ zsJ1^`{1sTck6Qoj^%75b34riQ!D+(szKf$f=n~LR%L%m^Q7y&pDbjt>+Em~V;^F8G z=e>XH7+5?dau^DGFJ&dcA4W3Bjz%V%-(~E9Axmpu^83v?9-1~bPOi^){>d4c5corQ zb))mV$PG-;8#HnR50T^dk056OWDwtlx5&wjAVjlw3cxtqosMsU0P z>emXB&`m(2M>(HdNp}>+A0c8JvD}u*Ql%M;_s0+UH{v?s8JTfX^_QSy4ew3Y^{%%) zJ`vZBH*z*4>hJvD=A@PST?qaAImMorJa$C&e0>j8p7xw$`b5@nCI#B;UWQ&2r}wP0 zW%tmjdE*4~tndy$nJd<{jj_|up%&8c63Y*h(?s4xxO+N4DEC=6%v>M<_g2L8HaeMl zM9)b3y)0fr>ImQBrZD`T$$ankVe;Nz1A9@7;s=N#gJ-V>c5G`z4L^_gWxq`*Tc%{~ zxXY_v#-JvVO(S+tO1YTjIHas>Su0)+Zxe9rd^OgNEJ7E~(U|P{hVTBGKhG{e!Zaw^ z=jpfE=VeAkV%}#1(FrZ3L=HRkmVi8zo;_xs8^W|h( zGPv&r9bd`Qeaj)`vYwA)V6yUKT(0(MX9yS$CJZAF!VVzpHVH_CYf>4!6uOx=MH#Lx zFg6z>R^_qJM-xYV%VJax(|$Vts?{lMJgHYltekP(3Q;pJH8+;*Cq-6amyBo%EIat% zR%21Oqe&QHr|GUT7|hlUACnQMGQH^}l*#E(610EFHVKV21zaDh-Ch8jO;LyU^*~i#i#S)*XCvY=Xg@pTI$!nUuO$7ydw#}oNZ@p z)8B=?cu#fTNoMu(jksO&VX>HlIYaN`2%D3Ruva5TjS1cvX$sEp3ZM7l7uh1oafW`L zUAOCL80Zn=N8KkHCfKdUH{d${))z+`5vM4O+BLGQOBeEHu`4{pE6xikIQk4RC;)|; z`WC?@t57W>T^MGnNBs4i)I^(5mhsRS{3{L>k>!@#&D_jv9*<|u5Fa_wYo$kEamQc- zZ1m~9?t4+XA3w9*;ZChq;k^Y%csdOr?XW9jR*J)X&;S<&GF7k7Mi@AO78W2x*JQs` zaz=cFy>~jxs&6-Y|NJ+UNa3zI6fD0=owr}--H zNG~2E*g`%-0!%EY_dkVQmzXxuJI}LzacKPgI(TBzT)Q!P%qy%cohPzg&TgD_Ril)6 zNjkg+1%sTI0=07T6Q0G;0dE5I1K4r7x%uh>PHJMqsik}~&oaN$51q*ztr_@67HagD zk~oakjb^?yjYsyqF0s&W|LD3%pi*(EsIQ@B$g|Y9H82p)CZTLpA&T}64cF|zI@P3t z4+Ie<%Hpr;{M*_>{V3%?{tB`!376AQEHbS?4l?F8ryAk^;zuEliitjp3%)|b7#2;S z61koPCn3*nZ;eK#)5=omHMZDa;fIs0hr5lJM;1|Zz3xV$#`TM>MI*7NKzeN|0oko* z-&!!x>gxZxvOd3(2S4FGi64_tI?JV}{0dhOby?{xw~46;SWm*~?MjJwpw0IHv^OX< z+T`M2k};SM`&S5z(cmt9ASUVWSd!E2_X`nx13m9^-h}!0kj|8)CBKr*#(qF%21b8w zC9jckOjV_m>}SeJ>U!G?4Tp>(Mbdd6O#A(D;rbIzG{pYTK*3Sl5l#t@fL^eNlT$PG z_+X_h{FIqp>u|>59ocM^I@Imh9EC5)yHveQ>IwgF5Z(*{;+HH(z>z@(jfK+LK=@D? zt2=R;k-~*pW20DMt>y;+6HFqnzb*Myf;b9--X9)HB%NerIu2iaelZfxCjB7(+=g^n zi`l;(9Fu$ws8zMR)`{7WpvGOVBeH9c2?q`MY#ZgXOR^hb%Cd5Db-pkYbnv?pW zSvuJkz3seca=_LK6zoGyNCo2<>94j$f=ZL#K@i<42M0OICzM56yDT$2=y$0=>!BtO zwZBApekjcBuod0^6nIFE}oVlbpIs5nsvlFrDIk!VtbF%d~cd?+)3rr-z=;x3U zWunWlBc@O73vpEj5Mi7rN6DXLk!$)AcwV=RKIR2u zx>gq10lWI*UxSgN{d{%b&Fx!}-l7faYhm&G zq5fUl8n`5jg?AWYyVx#i?G;@oIf)!6b=!0Quu$d^%hW3c74=0A&detC?GWwBGL^K4lSS{Ez;fH!q7-J(nv}P z(nw2pBPHEk(j9(hp69-w?|s*L*R^z9izSZC73b{#-oK6JFPLrQ%g!L-f&!abji52X zYfa=Hf~7`}r!oy5rw5MjD7$3nl$JlA())U4YR0d`Mr)#415TRrh+LR1!bR<4+XuKWCL7(? z`%)7PewiLGv?&R$hdyi{Kwtq3kBFnS;% zckslIDu%B=F+aUF%$|c*>UW?iOhOgx%&>`R)z17|X{Cm5hHbgz^m)HPjfO!1y}5_v zqk!f6C9czOeDNJVt$EW%Q{HbJwLL3FF>7;8f4!~m;6M#naUFW%RRy@<H7X->%3lZ)dE&UH!lth%V9-BYE6RF?%V}gRkVOJ15+1J(4Mw}+vcIZM=u1WhU?&7Tu?h%@`y8ku6^H)<18Jadsw=-1-|%p z-s<;=SFP~R&a&*<(;0{NV+=B?VsM??yDkWRO2lIgaic(Fb2nhQVQaa<+03DXcPkUE zE3#*SJJNGyS8pQ^`JPBNe3oA7V1_z@Q!s^w>c4|q+bKH~1Tp7ed)lc+we^p+ho`4M zM(YbV;-k`8ROrMejmr8cmLInbJII~$CLE?5hc1IHn%z9E9r+8PQy)3D`%B^dp`{Zm zYgv-L{NgiGyAVX)tFoqcH|=eycv>~h3fL0euuk`k6#PZ5ooo_a0Iyccgd`{bbLz;I zO`|M3;_(A4;~|mW%Xz`UV^ylC!ME-rn))8`tk-hd3<%jR$%@Z!csnOzE;?OueGdg) zKP=;Kv?di>Ig%?-2t`uEEM_!<21rU`CQXx5+V*Gr^(fG9PtWL}G@XbhIx+1(;jfRb zg3fQ|zdwr|HL-PyPh=tV@#O3#F){KYW7WsP=P@5%EIb%? z8M^@wbLn0sqJcugH+}C_Jx@z#E{Kkkd*WPmnkM5py+V|e;wQ#66h|;vU=ghvnGT^D zisMRdRYixOL5|2E@<*j(7*ktAP83<`)W)|M-J>iU)GNzGIo?k*XD?3l(mDCYqm-^{ z84&XCuRytkPh1YZFDLa!7p443z@Gc|YrbPccz2YCsEOh$ zB!Lp5IlKZ5b9jV_Gt`%bckB@PBMAE-@Jx0h7rV$b&Crf0qkyO=cyn?n2Opt4RC_`d z`|zK2Ij;YnLK;qH?l_)*l)2ZDR=pW`*Jt)Q)F_EqR(9DAYtDbM`FF`o7_8U#XUS>9l= z`Em{AoFIh!40EN8-3JYl3A-!nbf4=HCP->k!+d)6O3;bfMaUVbhp4+C? z^v^>Rz7Kt0F@l@(kXqSJZ(j;oLTfub#Z8l=@1a?gMMlh8?GdlXp=7_&TgS5VokXSm z!PqpVT0Dw>?GHk{QDl5k$?%?Ib~s-L?K<|x#vpi?OS2XYF5GM;9(QaS za-~{^IP)A1a$AW8ltW%p`n(TdHE&>xm!Y)KeKS34?d(w72Rvl4@Pvbo+C(jf#VXeU z^&~dC0D;#?CIR<%mEfQEp3tcZf83jahymNK1UjnTlUH}*5wu(neO z!o4qyjE&Vvbzbs1Zbt3h-zQsSH-lUQUx@JS?cfir?9qfeEXk5Xl}aY$61fH& znD>dyF2jj8K2uA|m_b6FHecR>P~(&dc_<+x=?4Cm<_5?zPnl2x!JoQ|`?2M!*%;(+ zhUw(9*7Rnd{~qowsAjkm?<<#j63`1OUyf+?JAJhE@{^%Q9w5nF(R zr+avr%i(ee_s1z#0fDOafTNqU{RNw?9>I+i@WTzpK_l_vdLWVER%T)MnCE%u3Qes0 z?$hYx8*Ry5;x?Gy@s~scpm3p_)9c(D`hE7C>&=2k@r&nE^jp8Sj#L8rUG8X;R;7{H92gGTPz#TAGHQ#sE$CHVaCL5K7rmExLb{=HiH%aS%xf`}$K zi|a|C4wsy)oi@)Fd2X?(nov52QAkFV`E-SuCMu!TxjnA0WNeWuGcMhmbS9pK$(ccq zcSsY{$%(pRgZdh8dN&l16vQ}w{C<-#xR)dRG5cFf*BT>-llEBDGkvF8ogi*VY zPKf>`qY0(fy9{BPYA`7Q`Ff7)s}4XmFnv1A+p1mNwQ>5nm_pEAv~!UE`SqC&jejve zC5@pVb5}CI=Z#;5)u^bVQeXRqfPw$!D?LvII0-8ZO@#@PNQQR|Suy1}a_fvt3v{4O zH_+D6*B&B@@IhC=O+4Z!ebkEl69KdOd#OCahm1IBukfIZUKa%PitQu8l1V>6utezq z4w9LmJWh;}2bf9_KpeC*U^_b99+%d+v*-g;igEl^??oyu{r3ABk0oY7N6$M{F1Itw zB_793dFh!tr-J&stDRhUCVBVu60{zi;0)a`mWsEDkY~bC{0ek>51-?94D`k^GQ+K= zxzsAnGQ0=G4!9k1fw+IGrTm~Zw-ibV~nm17XAAB?^UM6hazihBWL@`ZKv#f@oTVa?YfTO+qU|>`k{0c$*1wd7fFGJ8-kyW zA7b^@7ov@1zr{!P?Od7(;CJwpBD+PSAl|MnnDd`$<~E72$S(Y@q2oOvTls{Js|IJq z2aalN)Q(4=94P4!EWCZJC78pn$aMQWyPuz>aY+x!3J0ToWt(bntFAv8k^Xeb%*m;Q zoa%%mEZqKaE(cj~4F8TXhUo8!B8^x}2A3Lq9nUYA3g=V1^|gc8I~{j^ z58w#eG~HH___5V#It*|Jpp$Z$Qqp~9yFhxtj1Q=qHabxJZ?GIa`I@==RBI)wzMr3o zC?C}G*yeHbTDQJG9-&vS2&%svq-^tbIgB8GCElA)WeSWW{dDgORUe5=b(J5qh;_b+ z>m?lfRi(Z@s9|U%5t+)MT=0G@VF9Pb_adXQ|L!{H?sq2ufV?l`8fs-C>yx%$z^eLe zu3b_(mZvFft^&F%8RHUwOXh7y$l7>D9D~ysc2UN168iTMLhiCiplM0cn$8%F-j`rP5+G6bKqBBf@cj`o#QtFGB_l|wZ#s}x*qzPrtfP05 z4S~ccVh(6+DIY*S8NO?c#dC^AHw{OyeeJgM&b>LiD=N6qZFc)W8zUyVnfp4l+FY2#3GG*AUu_U8@Zsg)L-T%aq`9qv znyhG`k8~SE3K*{;ha7!#&I?5uU*FW@5{R(YAACY!qGAEZuH`%r(vCtODNmTvreW9Qr`z|7+pLI+G?RR1mktMX{3js-%XVRBPRQt?dmUI16qkBtWV1srI{DZ*#e z-*{~1EdwZVSXXJFQkZb>!wPXezX>)88l0E9k-{4Z=#r67?V2NG8^wzn@`Dq;VLfajW6d=3x6kn&vP1~eXEcf&QKz|Sza_b zQk2!@_?L1nD==R?J;G9*+G^*0OeVi16`K+uz^oyAv-a4ha-@lp3xFS!-R6vq_ISHj zbN=+e?#m-;+ATMk5PG{mcm3h!^7Hy`S|5HPZa@BQF~*tu;hg^dyQ=Jd$;(`>BH(bR zmtl-$WK6EM9KG$|-oE|yx?$!eX|6SJk*u>)oFCNI*AlpTHS*%Y5rae~$8Q_JdMSp( z#W0(I`&=^sW6>Tp0At7pCOJZRkMhLNwWsvK4~Ni06p&tq{~m%XDE6&u zpQHj~E+{_{7V8Uz1hHU7YQ^gtBB7Wa3;k zj3&E-4{Jn2782z;2=GOTqeJKf`O+OvHXrP{;WTknUqBws3psz% zfzMyv6;5UX*Jbnu>Gi4dwwG4ZZ$5nZ0DGmj4%UZjDAJYFl~xRZNK)k5nozM8SZ{Hl zQEHpdz}eSZ#B=`n$pGp1t|7tH^Gvew{mM%(;RGJgQKBH|yui#M*|1*Q1fE^l6hF<( zu*kP{J%MiB9gN&~;hTuo+j-~k`U;Z1a2tPEsn_QEBoM8`pTExz=J>fA-Q-t>NN(AB zih$!mv>wTmcCiOJP^>3sy)84jqW)O%XTU`E8o1JGT^hr}aFqVw4Ff#i3@gOH9~jmB zxgajZ-YwJ+alDWmWIIx>YOBM>-SvJ#`t7cX@u2}LIouH-1ucPf5AdG)00c_kY9##u z{tMN_yRzRD;6@ld-a;-I_VnPh7v0Mz#T&~sYIS4g#YKeLKR#x8P+^3sFNykR2Qyq_ z;*y%V{dt!N?}O*bZ!T61aL@hR_b$7)_(O7HO^nXdcreXoi_ePJgrx0%8-Tue^!gg2 zVIuo@U20a%7t|^@G^@X;V((~;Xx+~AED?ttL^6$>7s%Gd^`4!+Mg`*1ci4#ja+U)$ z3SsXw&nvTI%xAlpW89*0a!24ikK25Sr+W?I(L zGT*lXNhKn_7|u5{wV6*+YLzTKnn`}nT$HPQE@sR-+h7r?-@SYmz?O{~A!K4p&r zjrfF7GU8$Wji z!u|jiEV%3E{10%h@DIi9reu{R*1=2Q!_|1~uZT%x70XShngIrO-N0mJC1!NbB9dId zlAh>;(6*rtMSRdhvX}j5W2l6wen{9wwmGojLr4Ytdpb=uzwRxy3~HDi+J)r z3gWUqSzL>1ttq3HsjPUuwUuEfZ$|j~=}dL0ZKQRo<4{^hRc?)6oe>19&+&ga+_#h9#%0_yzz893FUOyNbQI6 z)(`Vj*V^mBore@vreNR2PdL`#6feCnpGw%J%+^N9`n})R;@VNccUYfZEwd(jE1;9+ zWb$(RC5O{AOe4OPBlaFp zJ~)`_W_UP4xa~1Iz3%ST(L1ADrY4^rO7~GBGCB8L29cDToRqccr>}kRU9*3lMNG$p z>0P)>kJUKqjOfOWc4=>0x_gUH!TU)LBJ@;h2nr|NlLN&i#&?$8>vkKerx=W~UQ-8n z7!M89z9w%N6={QFUanuPRQ>WTvsygyGY;Fn;_3Q;XUZj)_%6XSPlH;Fa3x zWPq>WZ__(dUiPObe$ELRZUO?Z|7~bJa7$a50*GzV+K)W}cH6v0Z$Cx!FoBTb!Itv( z_Z%sUrJ@QqJIk9Uq;+YZ5*M=~@-kic~7C;->;jP(F^^+-3T^y0MkicQ%3*Yv=2 zHobCJs&S>+pPJ_5`%F2Zdn%Dw@wTZ^ndYmE@Tw*Pt6z$Wq*eN@ee4~5#7ykO`hM;= zhh0X%cM86Ee4(*$^`V(J_+1m)P?ubyabL-WKC_$jR|2D?C;QBnrEuqYeeObQ#dn3t zt_6yqs1J9$p+=bhyQ1k$`_@Qps3N;bQpIGY8;Z1z zMe$FQg+r+$`{>ipY19)YD44}~)ySt8H(t91+sy}@ca3Ht9Lz^|8fGIE$l0HCN~ci# z_)x@+jh6m+tq&z_VU$mFn4@$q!5rZ(e?*-8uX@uLjXq4Y`h&!~4~2E*h?Ecevi2Ko z40F!`+NI{5%am=u8*Zr|7X7|9mZ!%}%9C4uUcm!ip>vLQU#R!P_Kuy1cJU2qu6Jsi znsIQ;lL5sQtnO(+tmM2tpUE)| zKZ!|=bn3V(cMQEk!@zxR@6Bp*`2;_$Q>BvQ1lz$fuis?cIsegZUE>`5vO+Q~?#{FI z7C#pL&1ix!nK<4;t1Lm#8Qo^2#>aCm!^h|&RjTTUe_hur-4!^gZ2TXip;%TmEd}8> z3whLP0u@VpE)>xnpVu!lw}wj-h9V^?+#D^*yV$iRMvi?Sqb6)n546Efy)ypYZ@Ulr zq#XD_U%i0J65bC!;y+9&XOYWXGQ6x$wS{}Zg1q#&NBp!Vx@#d>6X7+RwSid|l-kaQ zAuf&WNAsPvzmueOhQqtGFrqG=(Wew)OQ{<`Q}T`YKQIUk_{_8Hw3o0#=jjLGZqwN59vk44zE!+@RyQR1P-r`zc5cj(|5fyC9NzU) zn}uCyW4^?cRIgV!cuPBhf?4S-eYAt7fK|=2gjMa!gh*PuCr$kEk>|U2Lt7~qrb+Fk z3BFwrC^^j=7(n z9B&(~K(jX6V0)ln-a+O^`lzaY-8aO%OJF%V7>dQk#uB(CcD(Ei70^X=AE`}%pwx7v zYY;WaBQK>~N#3Q9|K{4?LwNKo1Ly9{&hee?3A>xXe911A_Lx}MUs@qI&x?ac8sD@_ zb$9t)H;5<747#kcTAzvQ>pTp~y>tl<4G@sy#r$X7p?L=rezH6FQ?64k@mU}t6ej4d z8p0^cHkH5}cuC-NeO8p?TFLMNN?h3|+Nw}X5+g#(bFl#n>3tL_7I0*?40;=-lQ@i+ zbTU)U>avWO3@#jGVcsQ@k>oM6yAK}!Orc6k0}tp%m}*-hTYS;`rM}t z4wpMBL7`5Y`!v63Z3<9J#4e+flIQ_ml(QeV>3I8UZT2WGp_Q{*za!+#x_uKpvZS6b zYBb0|uuzjmpiW_ZwaR{QG(5TL z4G1fQLy<9^|6b7D6tJM)a)9^UruFW71K`7k7eT}JE2j;682gF6=b{+cNvOuFo54p( zudKuR#1lvq)VAz@jo!c_5SseLYJb5FT>>fAEAtWrPslZz&S}rD;cxj2rlAiufh2a% z4Tf}%%|6RFO)|NK%q=5DX+~KlSj)$re z_5i01PL$Pry;?l8hVc^6{d$)>LLa6m0yCvd(DAh#M2FONJcB2;koY59+qT*chQT@T2BdJzdy=GJN;kS z;D^rU4$PcXE5{)UR&GjkShW=UVymqGnN)QD5pXkVV({-xkd6y@xShyt35rR3M+eG3 z?qQN$&wE_2&7q1J{i&aN@ALuY$)YmTwo{$@~D=eFno0p47`lC$MWrJYm5g-QN<{mT8LDO-hRV* zUumvam`QmbUv;VY9o#&g*uz4kX(MuTvposA$(1050` zo5Z=1+{HSHmo;=mm}FPj?lk#5@fo8<(el@Z^@kEEdX+%EPj>y>H3-E%Em5#UJ)<17 z>#L1?HfAfxi?SZjJc%T88g)le1+)cYPvEkw3Scy@3&#i3~y=@ z1wrb>9z@xsLBDms`I|Ja+Z`Q%9`;~7_xgM8^%8d*Sm^0`jyAI*rxTGG<4TK(s=G?l zVbOW7zaHqx-s6Bq$WzQ~pQgTqeMY^E)l0Mml#VDj_J8gRUM~7VSCKu9 z^se{8j7y8$>&8xL7dbR~!LtvtHYA+JVR6^Pk)DR9Hz32zO%nbN;wD^De-yIhgPfK{ zgDr2jLATCp;HBlWz}=m$)BwYj6E*f(>=PPXnba^0+=TPFlJ+?4pncJAPzTqf-4^DybDi zWe|z9uRm8JURmaU@W&#= zk*9o(5;0FSC=k~1XebFJu{8eF?XX-Tv)|zE!AS!}Spf|QFFWurAI5GcmPx>Yw{_ja z7sI|Yj0E!~^50A@&jpvdacw<7=R28ch&ce3HB(0`4KaBfih4epxk6BZFRjRM{Et|0{pzx6OyYm63tmHgbx_qGqYO$v*x zu34QZRs((D<^@=d>Kq`43P>brV=^WA6HWf(q0iX5Gq63B#oYcIM<5D7kHFTqrM$Lj z67DOric?j$^*?oKVsux&z<{V>?@bmSpkatGV#z1n{H+Mj~N`|nwpsw7P zBFB+(Imyn+N%GkMtn_lks3OH0ujJV$K2LC8NUk0NogFwrn#9Gc3m@3_?Dp7DKICg^ z*L}2R1zT)+u_0Bn@$z7Q1%Z_;RO$R0cH*x(9*^fNRL+GbRcsy8{k1&c^PN z!q%y6Yh4qNuz&hcpsD^ptJ9JlrxrI205zTCVjjQ8okoHOwId&S@&R@KH{YNDIR<1g zgywCH)sLN5c1*!&g=M?++}z_w^0*=>OC)UpF7ud@LDV5sv0Qjq)No_fv-SXkD8~1A z&-|U9)|}@gGBbz9p~DUg)QH+2e+Lc)68YCCx2v>5?2)kPd6chFE0Z~N#DHqi(^lxYGEE}gHUYBO#R z1kvh3QYi&rL3_{lB^(}S?NW*gr-zkX8itUSr-2rY)lNfu!l=F|7g^!-hcAH z*`x3o|1HI$rxIh9U6Hxp?kE(Gq~-U53}}DW6W@nYNlaSHVK_?{Ltb~Is}-zPxp?LH z9eCt5bXEtwBA8`c9G7q?$7S74F=vU+be98BD}KU&E_&)KNKNd)ogb;KqSOA{}y z6EtqW9(4$4O1HgqeRwda_PIVeqo?O{hK=jtJ9nX8+NeT1Y{NRPqNID}?rz zrMrk$Hl)sxZ}EaC(w*&#f4MA^py~rujeMJc5cW>J`7z=}#cnUyK1giAen8;GQVnt^-8QJ{~ z-(c?U>|yfT!!_fv{k~dLh&GDs12W=rZLMx0c4nLp6&Rr$jtjmxdTs4FedUf!ghpM1 zTHi0|3(4VeaQfzw5I%x)?eXJcw85>9t7C8~DON9XP+p(@+=!t?ej31+OuX;%OI8RwK3 zRKF<=*{}fItp*&)L~q0B7BLMu(geEQc+m6=^@S+Tu6*zRi-$`=U7Ggu%qP|2Z=7byhs6WeHd1Uiof}vZI6pmxcuI=AayihI-l(;;J1FL+ zxVwj|$qu8->yuBb(U))|hipFy04uGjMout%Dhr%kJF)L0mhaRh%v$J6D5*%esw&dx z-mN`$ikYjc%eRlW4yx9AX`?5$lxm(d9DZ^_rA^yVWk(bl35JknV6seaChuMWiaorE z)8H=ky2@gDV(uG*so`?F3BLB(23-+VcAUwCKZJ0}g)A+@jBx#NEY9stJEa1fn|A_J zugwBKDs(SC^-aJ-DFHjUsv9hSJaS&T7}Y18pYKXlaCNp@&F}NlK!3LcAaO1qSUI)+-5YbsG!gqR++GLyLne-!s zWucgn(`2Apz@1?mb50j6EWomTAVJ`8mtHf^Tkl zQ?ciFgu8Eg^=Nb1-upWEI`sPVawDCmgYlek0(0nkO*#Z2$l-K3eJ(Qq8Ze6SWd5@7YF*3yd zZOcf*%=k9d55DU)_)Duq0jHhp{Bjx^IT3tHs9o8XxgR_I%K}iFGPE;cz?W$nYaKo;ZF%NzPe()1IqP zs)G$sJal^z*%pe$%2<8o>iYk0?5|+WWC29HDq}xlUl|zX>ZP@Q_v0(1usEo!Q`xc* z(oP5YuL8KrJ`Tpi`n>C5$z&H$ih0Ae1@vnFhC5q053cupt=q?IPO_EdLkrq-6lI@D zp;KYC$KzJ-KND$4q$?%0yTqTC(eq%n2@@rtdk#!hKW-~rd39FbUK)Hz?9bS#999R` zW?)w%gw(Ye=iB528&{9F&eCL|{VRlwGfn zI4TI4#RP4H)H{#yBqx2IZS+hB<+@!DyUzzq>>%K2uBr6`gFTW0Kn1}aA}V5>PH!)* zc3_X3ciz`Hagpa)#Ei9CD3fleGMBn_H9NE*9Uyw@T+wI>r;-!(nS5Jw)@_)(00Zw>>M2RENjYsj-R=U=8+$Sc`ppAY?yIHM5q1H zYw~nC07Yf56a4lSFm#!ZpPcO^sCMqW+kGp4^xS@R^^x+y)k|UIRnXk2n z#OedHoL;wS|6aLy5>CDAnCm#?%pTEmB>|gAlEIs)wy=|` zj$Whn?YcgU6dn!$=x_3l zUz#dH8^p!O{`HT)7BQwGjf*)$-kf1V@Tj5Y3`V*sj8j6cRkpEzC2Hg=d|mh*JF#G6 zRF`GL^MX*)P}UyY09g#&RV7?MT1&x(Qa#mw-^BmxRpklf6YWr(Q^SyJ1$%-zbAV7$ znyyE%qO8SU7UKUl{r8sV85)1ih>^j{ui@*=5isRuX^WuH15M@Y&VaVfw|N>oHmO2KHr-9GbX7d`(!cL(Gh z;)ntgg$hK&IG}j-Gm|dW_Fl>Twwwi?Fgk!TN@1DNYG9;O-P+*$&})D_SkjGlq9lmZ+PeA z#&hry|CA?O^7$Xbzwm{_mG)F7$$V8UTA}Vo1y_c**-8<7k7)KoC-%(9_cvf!_2Hd? zAP@VWqj`(Zc01<$1R=H^*Y1;;67ORGm0Hrr$kE(Zj;^H_SFbjI7EZ<;)%kEoy6=fh zj^kD|hxLu&N*MO0O!CVf@VtM>b_2|_(Ntmqs>D8jn(`KNQxY(CKhv^DURN)%V42Qvcw+o^jrdC*`*2jm}}rQD}1oN(^-e)@hFT z@e9Q)S7j1D^ZM|)z7E5#9@c#%YqRmdpS2qR5SK4CBW(R{;7K>n2iA4~NY3vHE+lCa zXiOg5z`DG) z87c}Vmxiv0r$5T+QcQ=g`#y72$UIf$Z8}cf??!qozlKfp@n(5Pxo#1idK`x8a2>== zvJO6dZ#`Qf4l;V*jn3X4KBiavCd(}CD|dZP5#@39LvVlksmi3S>?N~Cl|_^OE$yG~ z&spV&zABfwnB4xyp6r5}MkrQ&A4Uv>@eU-CQq_6Z6tMQDofLz`N$p;JY`=)MgdrzQ z|2@2H7lV3h>zqci)yEkWE6r&D|EBzXq5Qn9C}_IM@oeCaRxHee@!I~v44Yl7HtKtV zY<21Y1h;qA07F8rR-TJPZ2ldw=Z0>QB+Row&LcGa}#G$sHPK% z4DpRm$_Y48V$sRGX(+dy)GQudLFzxHya=b>NQ<Cjd-{(c)z_@^|TUr{x zsg%n&=SzoP79BVHh>cV_xSbxEGtfv8R9|#_e{MNf9<1r$q>=x=te#*L;jlYt2gLBo z@njb*CXWAIh8OoBt@cH7rO#i#=98BvC3;)^vDc7j zJm73pUmr|m1Sag4YaQrNI3=>b(DpyQl~7O68~y96Z#`&w#SHQUCd4n#a)77mXh-Mo zwD%a)>q1N^7DX`)u}(t5Yn#D+4vNpj$Xz$7E&&+P+9~F4L+J0+G&on|-2t~SK2qpT z6$vn$1{l-3a?e{=3@k?A;AS~0vhk3<12*7ZFfO6wS#bY>`otS6gvfh3nnwD+a${U0 zuq~6Bx&y=08rX^}tbI^JY~>^@pDL~c>wPp(N7R}Eai5x>3S6$nD1LuWj{pRpJ;|TI z!jOQhlZcNv+6ksjV`GEZ#Ix$K07C+&#d?x=|M&47!+|=Pa!c{}_az_Hkgc=8n-Rq` zPoCX%l-;So>-ZZ z26p-01UY5zpDJA%YM@DsAoUp)?B54?B(MD9ceEE>^6w5ZBjFN*?W@FCsgt^&%Vg0p zaezk|(Gm8n+nxa4J&puQf=R;*plZh=$!o?JB5BUsV{bvZBo%VJakC}o#gQa+;ZLL; z1y1I<)zQDV3xAUow!k)~+8F7jmdFH*-{de%i;VYmK%?v@R?dA#g4iwVDzskZD5sc3 z`y;&d`ftM!T}0H7&SkI4D#&a6)QhM1d(rhN1;Xl$4%C4r)f?csWdPrZh)o9R8hW_h z2u!;;)!x+VRhDLZK5<|JOOLF;3pWB^wg(fTUL;6t#eJu!di4(wm~&VM+YBZ5k0%dD z-yeRECbTr;FgtojU%*lSiD5P%&shc|ZYT^JA&A&!QtmE{2J)TMbro~}PfY4xyFDt{=ld{}ra-~XT?9WY#6GZ*7`@GKsrII*u3@82w*v|}j$UHh3?lKs&C@9yQ zs7@}_s#YLTuoEKgQK#9E?V0&J!w_>b(Kc17ROpNfgwJ?KIy&u9`;YHC$ z?jFT{CAqFo)7z^|&$#9PdBzKK;I{XZ_b7^LE_&N9ZVs>5YtC6wL0**^yz9>-4pKb- zGxxBt9&Fb~K%p8E^{KXeVA`U8_V;e#Z%haw}y-qxf zmN_L}#=TMomEsh7VN)oE0x&3J;GKi=yWc3|i!Htb=CApCDTJqxfT2rp$(d!~vQko@ zJ7q@It;K7Mtr!M&{QMM1{bvji2`2`o1EaB|pFZgT=FRRv3QyDCXWkn>h6F8i3y})9 z)$?0$S^Lf+Hd4`8LHOx8UGUvmb<Mimqx!5m@qv^=#*7>)8KsqYr@8X%F1z>d zay9hY<1^24L$zG>+3D`o>a#eE(0C0B6r0o%Gsg6v`yZT+=kt0i6DO2$4rs|_g8nrF z)VTBEDFskgd*5Sey17}c(NCjs@yIZ3Iq+%C)^2cJN98pAMR{y0o{Jy3E5Wx+&gIfZ zDaW3zOV>&UAqiE4Al%y?^1J~sU}W7dCpy;YikaY(PC z<5AhO2IyCs5)m-7%bpD*P`V+Z#I%&}+w#DFU~@Q&IgF`9>087S>XENm)Fp8gx#xwR z+4%RkB{YIpVYlHt^QG*cA#Fq}nMGhCFoUB^oK22ceMCkZ!UWG)GO{+z`(W^%wjozP z_#Jjhzb0d)`3KIDg`KO9!9B-u7O`G#IGo5LO#Xt6en5NecUX^@DUM-rC0Ck$3es)g z-!@tNeA`f0X;{YcwUu$_i>y^P809Lyi9;}QswC@|gt#IW?3E~#Cc#`^M=Fj`hB}=)P$Bnq+ak3wJFx$B$1$o@(Ft{x2b#PC zEc1bpP7an>0o8gGTRLysou`8CHEMMS-YuN#O@D7oP+tlYQ9^c9kz=)-WP333;}Cyj zJy|0(iu)e)oI8<}Jc|^(%A*gI=M_Pz0MD+Wcz3-rUpj1rTC5Bht;D1WxT&YQ5RRAV zENHf?g#?U1yo0)afsD^X(`E73bG!Mz{*R*qj3U@upl}z;dZ+F#-ZGTj+}tm%*g1;9 zk7@ctw!D91tsZP#*lAs1eEIN+6+AsT*sz2@Z5mXXv-hcy%<(+fnPfRFoGM|NG3b=# zw)H10{#dka@6`3-Xnlr4N}`j2G1P*qnRL29*J30#i34=HDxv5twR!L>7rDt7kt$~g zRf)T`$3)PSq_C{{ZZrI9=SO-){(CgpQ|5Z3Kr;+&HSt~z{pM#ou}t!>Z(boPAzh^m zcyizWAtu!-Z7$$)1(}TzJ%tC7k{0fkTe3V zqw8uKb?@I!wpxV`}$^4Tiq5gaxx zk2wYB9K~31qvTNv6QV$J@GK5d z9qC@9@Pc2K-YiT;tKw#Uj64=chiK3C0JpgwRj|-iwj%tr?|e+JK`;ZWG?4J2H=pGs zTVF)^12h*=6sE$k8t<(Bt?9~wMdf?Kj%=VTR!h1~F_4UpWeP>S-fL0`;vHD|C{z1N zHXS9yKH}gG}F@=tEzV>vc%iRq_64C>)?pE-0F6JWs;&dgsWoiQ^luoeyop_ z*B&-0#aYSrN)O0Gx0(B{%-Abkf*YGFv#r7H(#2(_$@*ewd=dR4ikORz+Dm^PD3`-; z_qY|ZLh`d^pH1k5^Hw=dhf-jU94mnxz1=kr5ehz@f}m9>Z8x^{NGzO^jJ z`P$!tZQ7(g0bHu=?k&-d1oC*Q-&_v$p9tc=EPwaE+oLyuyD0s^(k!3%B5M00X_$AX z)5OYP!x^>``fbiW9UtDv&TpHjj?neD{vmPC4LbDA<_f>7f2#VjXk0>cwxU)NpS1Vt z<8)_;stsKr+PzZ0%zL54@jTVpOD(<}=;FBKd~`nQ6{dQ9vB0NfX)&#URu+b3L;jLU zLJci1QCv*B}3e<`upJ(+=eGk zBNq9h>lyUF&42&0$oV;o;O_ovB;uBE_!Z zJ0u7%+~_)jEVgRoDfre^O>xFIMQ>X-m>oaSI@i$vNi%b8As%(P4u_pR>27PZdpZ+%=WYL0&TP%>yc0ZP3BU+LxnP0;chX487gPmK-7(get`LTX znfT6wVuftPkIs0C+WyC;@kV8khgeTnDajka8j2h4t%%9@$r%b}{IuPk1k4qY!|+Y@3hKuFDJ2u4Yqg|?7g(ee zHo|E?D!warVAZ+1#k@;>sUl$OJY#P=61r6>fqL(cn6)o<{Fb0QASNfxmgw*d9H45? zD-#9^|2%2Ku@uy5P$$&**zveTCb_z|{!)5;raFYgD|bje!^JQ-c7jIJWuL9{=~Y}2 zpoI5G49rMBRHUiY0eMyhu?)`xvGb>6FaAHa-U6t~^^N*I5(3gK-5@R9-5@EQQUU_f zNOyOKl$1#KrjhRMk`Ry(P`cs0x5xAUzM1!(IcLrcGwy@We)hAkd#!c-)`9Ny(^Gi# z_Z7yU6cS;dt9Op9bYq;dLr3e5;EfKA8%Ou4`|n+K>8yGV@Cb&qFP>riCjHQalJ)@8 z2m(0e;SQVsd25orwnO#P19Qc9){`iFMjZ6h zTJLxSjArqH>!&LAmsYW`2T!JUIYj*C_6929pFQU`>dEN;`NlwKxLjrA$^JiDFU&u^ zNISnFXhCL}!p6n(V@EJEq^-^w?AyCPW^dyA&K!6-vWTI{cd-imW`gfJo>jaYVlnYN*$9rLgwq)j7JTmRnD-^~ z;)YMHVVEFRxr~bNmo{uK%I!n0=%?5LC*kkwMm>2kmV8NU4_F!6B0FcW*V(VLEgut; z$0K=v*}dQ5dn$+{P(-!AIjkFg-AZyXK_F}ra5xDoO|d%tWu9$jqgy8FYp}8vLqu=~ zZD453thu3(O}6AuQOrhXvhJN78H1!V(>S526K!Zc1>ysLm?A}tO{wfSW z>JXPRuSuAbtDd{b8?5E?)}rCWv>%(YQJ2jLg`T=f{gwuN+u?nQWIzRXQ_`(l&Fs=t z-HP4mHpr;Iv|Z+GP>}{YV|~PbGpqVSanaCF_N6=buY%=YabtBF>fRDZ&2fl0TMJvc9C7AD^8CRd)Py7HK)gUY;g13&F4Gzu$yp9HY=NQjbl$%Ol!sT zcKBy^AG_u8!A*yt{A0f0!OO=*0d(HBh?2*gGss?>Eq5Ew6mmgaTo5&<)w3_;FFuju zsT(4cr-Pd%9;k$S$qeU_7ZaOU3h_jh;; zm$@|<6}l#c@lpc4)AagP0pe-~ze~LI-r|=@;U@0egtDcq3Z~MVG7r%h_qeeFMNP2( z&nU!4KO7!)?$BO|-)wiQGgy*yDuh431O03HQQ2Ezu79`>U%T9YZbmo}-u$XJo||qc zK6=RtFNOW52!(ai!I_@7Ql&-dj`QJIy>QW{h>>FvQRO*odZK}N=rzpZpqUnF<%P|; zS<%`s$rG6l%tm4i`-B}ww;>C@{x7+)KgQJz#5so2 zx{=v-rcrq&+4#O)wXK3b4PJ!&k}^)@>otsP^can%E5CpXy^V!)65l9?lJJf-kVPXMVwFNZO4tmYLzttxFm)1C$74~` zCgdv1**I8tmb_Hf%RaHpTN!#4a&vW|ldPj>jbGXCELpi5o*J7HAFI5$CpEVJeR(4E z+|+SpS-ULCTGKHpM~=Ns)u0aHXu|fhk78wg^=+Ehj~zV5$i0E~2g!`g{iusQ_dnNw z*uT}kqh_1&Jb4iu0#mv}(Jh`+*hu)pz!!i;Rk}8saQ=iv))rlN9D@Ckv4z=vMPUYs ztmMRo=Bw6kPSNuUI$kwedCS_x4L)V)r5xUqH*Vgv*lT@THP%EVGOba2oFw6{_3)B? zE+y5{Kl837Gh$==p;ymeQj(lXnhFzP$F$iQ@i`rbTh|kv#-lWwRd4+eMLxD50 z;7Hl{^?_t24K;4tRR*J&oHAG%eIl9d4u4q3vt3o@TM%QUF#=(4S~|4!T_TQ`s~5Rr zC;D=l(%G)N4eVwE%WZ?pTxFkRrPb$jxkOzdB95$AHxk<>@ zA$GY|C$Sees!N{#T4~Y)WldSd@ZT0!@^R-x<}LGl8S@Rw4hP4qU2XFY6=_S^OHWJx z-eyNq%53&)vU%b1QiWcF()ps0t*on^ZF!VqpID2-W}o?)G9S{lq@qj=+*cZJdv1~U zwg=T-uR4A>Yz<5XWxuwmdpP{_bTgq?r&cx*iVY%&zDCS|kR(1ah?I}KfiKXxKS@w) z@rSnF5OS5Ug7}7Ps?s4fvu#dHhP`cOBG9*0q@xK7&1vM5;tC3=M>8;Go+9*yk)t$u zM|D(t5)$f&`+!usxiJ)5?!>s@N>EYR~VtSbrb|M7#q3^F}jzt>=doH`* z(V!tC-G5FMX4EJt@RqriV)1ERIW>;awDYJVKN{Y5{iT#VE=*Q<|6L`O0k>PbH!vqu zAIJ2ygb~on$I=p$$zFX3Ys%rXZXfyBCR!RtC-rmsUbc5?KbACl!+JA6n%`;fu<3H^ z-^WkfCB{O%bwi!aE%X5>^wRDsGUVD+)>^%Oye`?TJ;`3urc9r0;{+ z4>Ul|6-G>5);y0JS5KU%_E2?MT;S+Bj_&@v(l;3h*ixrSdIA+*dCj|P2Wg9*NBNME zK5Iutt%@X2eq+ASarFS*Z5{@vz=Hebw3;bf?~x21<)g+;wECTq4DLBP`8-oIlt~9D zlwz5UmC-_QS1!rybft~%N5cY#MQhaTk7wx;&w2^MrOLpSAlNc-A;8Uc`1b+EO9Rtx z@H6SRoB57i5nNDXZO0`we7vBUYw96^xoodR@*YfuG|t26>l{2O^42ctZHDH=|hNl9EdnJ-hi z0_}W&swQ3!*E=UIYxhb}TLU>>oXq#Gy3Tf4)8`~H$I@3>@Hj{vq^t2jnOxm9h=-d2 zzv2Yw?RvwOuYnZ?wAl|^_49^_K*BZSCHP?jQdK(8wC~_d@$2nX&tJ*Qc3%z59YlXM z?T}vg@w8KjTy>(G0mYr6)@qv8r3BhA#6ViARf)Ex^$}!iALD?5_vQ2)D9W0`_h+x& zueVbRK_vcUI_E(h=rWZ~go17W4x%an&DifP*b*<^!?9>Ls)HH-1$bFBB^O8XaI~N% zvZM{Fe(OgNkO!R{i9qX_UApXe&-qGdIQ*O7&ckR7e zwaN8@{QFLED0;Xl&)gL3bg0sX^0n~&@B9Bq;?o;#O91Tpv}8nSS#^B{4;knrI}M&u z4!b`e6N2F0DygGDFpT~=fm;q8y&L<`PQ_(Chl2dPa4UkbA`T!92A#%*=<46is%0R> zJA(e85)r>&9RXMuiBg47e*QBP!0s{!X}^+7&$ZiZFMy}1G3`fdy4f$?28#n42_b@# zNEhw^s}0=(7`AQrmLm2%of&j-=Db;>1A9Xtz?)nNwgTSi=}dHy8E0ORgCH*M4J8+V zBQ1RWak5|<3!l-X_!N!!#fMe*BEW9qOjKk7g-A-QC}+6=Vx~;D}fhL?)s<{gz36EzhZ+k!2F4RqxN2o+B9y z>0sh*_M#NYarL@ANh(GmrjOc)3U+lO>pka>yNw8JVYSMyLvKGa6k#beQb0qv2Keq3+7AAh`yMIqr=2R2c$686~h7?Qq+9~pLY z70@y!t21QJ`$yn14cuLyZUdCdESq@QdfmqQMu+$9@|xxjYE2j}wdQq2+l4MoDtRa( zw#EA&aZ^uBUjS!#$mhJ&XqIgafP_v!xLl1qUbbAXAq5^8ZvcE)%C~vzc{OQ8Q zi49{stK#8oO*W9T_@p1hmg|F+c4s+ga#=E>4Y4&_hWt|T$`_$4%E*})_&YXX!3BV& z;#uW|DAP$s{ZYHH`-j-;XA2tug2(6(SiVwkow{U<=QAMjd0j*hEX15Z_fz&I-aJw` zg?;jW)wEwynl!Nhz)lG-7QAfOk?9tuWk}s6Z?&sUf~$7LO&Gb5h0kIuK%}80_8%lz zxggf#`buxbhBPX&=n!N75P15&K26R6%Cq&gi8YsbgQ7@9;QMOcDocWDqpW(nyEv#D zIV(knNT4=D8i0vx94C4uSts#}=j*lNd69M$Wk7l`BVJcrr!R~VUYeSknsX;|7m9C0 zFN8s(#8M>ux4Dz;OqCLEHyh0rj@AI!p)~I*&|!ahg~=R|5(S&Kg!8mZ2wN%%G8dpR4kgxK7e71Ug_kcz6nj{&g9aZwI9*u3cLcQTa5JGt4v;1InuLDKQ=m9 z%C3o2CY?M+&)purpxsWs?&>WRGGfjjX^A~U^a%RwA$Rb*MPXxYuH_{O>UnP3icHKd z*7GVFlDin&wJtwnM3)XyG4pAM;xRhA-&r3feN?MdQgr{BB}RxgnnrOP0qmmi z(XA;ehgTx2QX&+6uQ4&PbZ>=lMj^#9xANKc@Lmbg4jk7PBZUNO&FRzUAGs^&G9)Bp z>HeFOBmK(H*J;v>-e|ogIVC-z|3|XN@iXeq`91I~RRv@TTya`@@=)Pq+C0uVPjFkJ zZ7E%LC&cg_225+i-}+yXJEjS`;tDK%5`#S#i|b^isJ0Kx>1d2I-U#8(i_i}1dL(z8 z_k!87L5q9IBrYaA8DnXL=Su!M1f8rRo@>GMEWZUr*FUnp{u~7@?xTu%9%wrnv;P*< zle^9~RsS;!C~5{cCa)S+JxZZ%jrkcMgj|9w!DPvXhDiSdwK^!LM|=*HWpW0j!B_2e z;d&eGOLF3mr&~06_bYkNVbhH!nKRA>?WpMXFX!vgUC-+UcF%o%x-U^RqRrX59_X6= z_uS+d18z0G{{5PSo+q8gdlOfFHo7fp5%_#8@W{9-C?@fOY!=bXqCrauaYZC>sHNuA znfRGZnW)5gSj%ZPb`K$_L`h%#%R1>z7;)e*;LsV(%jPy(F%G*ROvLz^gtAx=<7$$~ zX4gYrq8Ez&qGVBlVT3;s*h3sdqo8}Mg#3z)97z4KW=e2M1def%QK1^Vc>!Tp6yLvq zMA8zEE#hQfu{ci;h7!HfDwwQ_HA7<@;E3c zi;XwlczO~Bx98W^pVQGUQ4;q&GG5_|j_JjuNCAf4U|8PXYFkT!@D=k&Ec!jGQMKwAgh3<0iCU`7YX%J1UoNHi=P46%WYX&sJU!7gVN?(WZ-774Rl-4y!5gFV+&4nr zm_!#ki{p0zNJlM%6R2y8#UY76Lr2F*&>KNg6DO8=-7QaaUxU@(>M&Hc20Zw^MPXiV z-tdDK1pGdj@Sf0GU!~*`F(wUmIg)}&Q`+F)JI%SV3k<0S$U*JM2;Zn>i84nRb-5BR zMef8yP>2|TQIhgx{vys4A$GVwFeG#!qhtdm=cBRIOTm1R*w%oE z+a{$AJS6>hx>sbSBC!;4GPiz9i4=fP)KD76`_XZ!ZTanU8?qtWgDs)|#0ONkstnHn zRuzVY3xk%+-2k);oR&lp-zPLezj4DvX;cx?I|&39WXF~Q7yLzy0=-Ajd!%(+M4I!&KyvM+ z3}rBRldKJPJ}R=Fjbh*oWpg+@6=hJx*N2;``=)ql%*|VSS2A`_Fitp4bnF580D2g{wI{J(m@gtQ$J6?)syMt30 zZ}ulv|2LS=L`-*oJ2)y<_E1-{P}Hr~|G6<2DdSk5H>D*HYxXcY28fQN4_21SNLIhG zDQBWP#1;!VuK7R$0~`9TtH4T)k{1&w!AM&jMN=0MZ`m!5u$%u#%(G1^zD`}dM zugFD9Byb|8CdM!une4#q@i)aq<0GaMPu)YN44P#X|K!eri$;vpKLC-}Avg?w*40VH z9^%TY7lkwhm&L18$5n(G8o{3D%L|Q;8O=a=Q*3ffaHG2M_*fAW_Cfe^UN}si5-yW% z3ZH*~<7ve~FC7*_Ld3Ng?IfM4Nvl2q_83h#oA?VcVYatejkT0=3%raee2Q`JxLKVs zG^B!1CDBbkMYR*)hqI})b4mV8LY?GVSLVm)Yh-Ng%me%3#!74_A%PikWst*#YK0tQ zuegmEIdhwR(& zu*Qu~CV208$72rXnf@`p+`}h%yHjl^dAE-K3ArW22V!7qS5>mPy3`+v4Sujo>C{!998GnnU9Tx4p7K~oxl*9x<@4G;$lx&ylN?tyikfq-q;-# z^3yKm=rIJ}Cu9K}9%)n}5`_x=c@?M#Rc5(y*PimP;CO4Xrjm0sPM=^q6$mrPkpBXr z%ecG8=O2w2l$pzNq?yE-i8F0h>?T`{zay{HvcbW4K4u50JaP89k7ghnc{;4LaQlG` z%F~^Hs>&lcT$na2H>xJ_`5kuc2fp7zZg;hHp7dOsXhb`gu=UP6D6_Y1ZGr|xhDj`o z-B)U@M+Y}DMbY%_qkA`j#2-1`KcAu49Z^ax>#fRVPv`EQ{}D;4SzuHX`h6;M_AK)c z^W4v>q{3li7HbrPo*}bJj&E^FolBiA*2kv$tNYo6(+&{fx#rQgXU$3t=ezGWS==Ts zY7c2+MADiuNo|)2>V^>CxGlfXuHHtOqG~sq{y<;(3i*h&6o+H>7<7$!R=D% zgnE_Z7}G!)k$2E3JG=gVBL`nL8<0Pw;AH}sdCIbr(Gh+oj9g{^7E_{SU?1+y<5ALj zd#*3{qh}(g@QVGYwlsF=Be7OCwyh1#M2DNgErLrrpKl z*7xDfUlgoS|Abd=uAb?vR_w+O$(&BMmwT&cd)2LM<+IQ9UnXm$@6|jU3YScuEDmbB zJHMJ_KhZfSNp29v+J0yHR&cT@^PSfuH|-8}EJb{y7M(lR<>J-Ai7<>0t@5gGp9PnM z6JbP910fDQ7L}WdSxg}2KWz9%TP#WgS=taj4IT9l>KXNe6--6vv=&=R>N$J_lk8jN z(aAEun907@;ImpgYL0OgnNM;rZr4sFXO$&e%+j_W^qh`*w0{1nKJS)QlyJ`fcfwc+ z7j^ymbM(eSkBp1cc%RlH@-2qo+nn+-jEGge)rtYL)bSGUR>8|TJ9S}!EY0`xZr+n8 znY$3-&2w#c^_=adrL^*qE$l-=5+hFE5{Dn^N9z2oV}CB-Fwzq`z_=;$4sqhjkJx;3 z&7mI8*mHWa;@AuOTkL;A{2t@euR2{sccnhlQ)xUQiz)7s zwX@7;A|%$9Ng_vHfnP|+|DHT~Veny|*i01Ls4Lx$gtrYBSFF7F&@?W>Bg{co`{%h9 z9sx$-@EbEMOML)3N3DD=LJ9v255tg$^hJh!i7`2A3<-KDJ3d+^MrG2WW%LTKkOb3Auic{`rY zI;>Tp5o&vy!aP->7`fg-GUt!?EN1!UJflF<5!LEjv%B<`LJ~0npQ9PMKZC;bXT|gL zZB2_CRWs_aWQX3x4MJuKmZfZnrgC;tGK)3P$v4g_E!+0Gp^8hz2g%{Lhwvyzmi2PV{vN`w6K><|Cm zv;%xFI(jvk4Ic&tBmDSq6jCbUNWV49XE5r@*V3XE*k)(~B8k9#o%OQrjsCR3oZUj2 zKg=PZ@T?6+5pdMm08UVi(~i>UCa>x^-Nzz!-M46(UIdqnnq_g&b!MIYTwz9oq~-qo z!))uB$&L+5#cV;HKLU~#bWsLGQ70X@@=bYUdd?OX>;TRIN}1-b00Q-hrM08JoT@=m z?l|=A0IEKeJfoh%PxSNQ9>Hv+kzRK!?ea)*+DqN{;cnzM2sXm++=vCpw*9`R^Ozj_hA=%_FQ+i?69C&kBOkdG%th(m5uq|C@?>Donwsmcx$lrb+4LNX0%nR& zy|>EkhL>k=BERZ-Cf0&~*p`#|pfrJaW@CS*cGSz`&9CQkdgj1e8JZ~ zYI0U^Xk~y({#;!%C*fWfix!T6tUm~BD~Ye6<^cE#tSO8=(D!}zb6yz= zD{}vlZow)411f$4tz{6pNB~egNtND*)`SkH;KyKRn%EYU14(XO{y zRJ*zS#R?u0(~vkmX!}7DgN8gFpua#VDdZA-rV+|cKbR9XsOaPd3%;v0yf1&*SFlb@ zmXKb%GrS=ov!&8eVSK;DZhb_V+*G4*yFT$FanT8HD8amxnx?54d=kV#H^7{rPPr`*G9I6j1I1-lMWR{M&0;!aJeFjGme=O}F$TcR5n62b zPA$`|HLPfAj>KVA)dw0dU4INI^48j0gUNE8{C7{=k57Ml{`b`w{m(Ka7VfKGFTw%0 zYa(LyLLQQtyfD3CnPnAhwflF*GQ&1qAe%mZ8Epq|H8l;5)S+oSrBu?u75HJ9Ycrs8 z=^6qe&N)Jub2_g>o)=Wdy$!QF21VngOy+0q%eDt*M5>*iRdc8#iaoR zs(Z!@6U&yL@?U+g(_odqf93GCA^ zzfOS+Jp`5=WDMLqz*5AF@)Z!R=mA4O)!+(G)sfm11}Sb3UvD~ruak^G*s%tOMg2vb zUpW_+*Zx_P@v2k-2vsKFL2gIUAEf5TY|R%>G&Xj2(}cg~Qqjs+uh(wWx;g%RXI7%o_^>n_YSwzR#C_t5c5F7gk-}Z>I2b#&O5-QD;_x4tGX>381<@e4t6T zk0F0gE*;kHPwj8nMNbGIK2?MvR09`uh{+&|#K6}rXdfqwA!#$3$2|6Y3&%`NSNCHK zdQm*He%wpmx|t0>aT~FlgT-2zaEdy=<;pTIq;1}h^57Hi)3MCg`L;m4}w9p{IKsTF*Pn@N@9}kEG!?V!MHV{;MVZV zM=T1?ujO7B*OrUekVOB={|T3&9mj7xW$&`*efPfpI>se;lV$6oduvMJuNJ_}q*<1x z?|nYo%tg3-2k=Pmwpb(iuHb-U_xiRG;J50dXA+;mC;Y?yG(!-SWHg-&F}kRR1e5O{ zeSP$?4L!^e_HIrPs53PV4Ss>=JrP{qH)iTt+%04LWGK(d#PoCFZXPDG0@Jfeo&wa1 z+Z4U`ll*=Dc7czb0ce{RouNIHxDW8iI&s`KinpL~`qO4Vf-yxnI zjFTLw`!ou`s7!J$)}rH!lcVX@5vuRLnwoLvC(it-L-BD(CG29c#=J$nSeIV%fO>GD zI&n7LL<%A~0r~|94r_G3^ivcncG~~G0HcD0nM(M&7Y_=WcJI0yO=$bOU3bwq@AXMe z49U@teft@pm~YIM^8a@?27~j+V*b}tQ}%1;?~>P0MYmbBixS=EA51~X!Z#AU!@s~* zmln(}uog>~)RyANHOSSfat5%1YZ+{;-cp3i64`KZ*8%J0V-aekGWA%qF=oFFA7;y$ zToOtU_Jd53QWm=n-)8LC6ZYUh*1>Yh7v;Z=Txx&w?#Qd!$@aO%z*}mAdIh86Zij#c@~)>{0cJ`G2K3#=)jbiU zVyRi((LoiJ#~BAO`nQaIgn^hEYPa95m6JnI_4$;LMQ21u@ymm};_+ zzXy4rP~Xr=QN7ispXLb)a&%@Bu1E>{;g9%T^ljdIZ4D|LBKASbEEIHW8Fg$`v8arm zRzxX_b4-L7VV%*yb@57?v)&@A(Ac5QDvhy(@&a8Wn|#xef^G_Qv2Ld_-NHQm$r3qj zzS4q?)1>pmX+^Z4m$&ne0UBs zo>*>jQ;XF%q{)&OfY`Z83UQ_hofY`s=!pH~0P#_l4Tk1p>}ZqdlLPIM5ECBlD&wE$ zjSibh#5y%*;Y;32rl;g`RgseCHE|}9B>L5SS_Ur3EEt%~63%Eh*&h4!$=#1HeLE=M z5y1PvAhVv0Q(}4SBAdXQgatqMLYE~}o1t4@^@6FWc8`#THy)OYdP4S8E&OoRW`lMT z!3-_ZXat!I!6Y1>9IG8sbqqsm7p#pw6ikYJz3OGgFzN~ z06D6Kq~p~WPIKyufz7&aKDUSazpMN2K3Z3(?nE%ZvKj9}l0-M2YAuco!j{ao%mr)1 z>iMS6u}#V2Wh&3Zu|pHhO8v{$tM@NJr;eD`LevbKOvEwPQ^hXT{1s>`!+@dzH*y2}sl;{5_ZSe@Xi^TH9HLO;_QwtUX690x zbTu{5yH>1UEzY}Zubb9A_WMWOJL5uonFWQfDw-9mU&iNsNGB8}RsPZY<{3sKe#)0> zytNz7?tI02$itWUC{dF`(02Tvks|0X`dKRY&4&QFfut(q;$o}ZyP)C0bT7%D7=zs= zXx!O{@(bz%WDrN_@&^6@Ss3~OJrWr#k$~%gc62+1$%m`o8y>D?=QEh}!w^e6jW8^a z^I0vflcxfa=ziXz&c^x}e7<1$*O}>x%%+Lm5n=W@17@USRi2R@5B`u=!s{gxCst!m6s(%NL?pAj^cEYJTLl`a+h$iiTu2Yf}HL ze! zR$v%@&@j+t)< zgniOcNVr*A4GN4XSUW zvc_%4&#BT7S=Btxt2X7Hz9WO;&i2{(x$=(|S5gbodAe033&saec8)f9-pn88YoEQL z2MpU#>!~3lFZCxVdln7JLrb2w=-t>BrzaOZ4rZ=1hd-@sh z3Q$N71X-Iq$V|L!9=kq>vtFL{rtP8Y??wvpyFI-k)5qpYUlX4h<2Dd2A$`e9IEJK8 za@QH4R^;mFw$bf#ZvI;!?5Ps6u<5m<`E2MSrWfiMWfW~yk5-**iDlLfHmpCC3fZ8J znpcT^RWI50%4M0?up-mOY)&SPlp$ueK&Y@v~&L1safn#j!;Kln~i z^J%Um&bW)QQ5y{iVbi&z5d514j=RP1EA#X6Bd=cjxuA5w8!1x#WexjhsKq{=eb_Oy znf=?dQIjEPO0Q>Nk=%S!Kx5gBAdDo8xKEJ;>3awcYiaOek_DZ$?bw!wuuGQQ*PYkg z{0J(eF$w&5FGH!RrIszlwua@h5uYP{bV;BSBa1@+StI&s-JDG!XG@35&p%pPU;DX} zy73HR2B>Y09MTmspKRreoQvTH%5d`J)1m~klh4x?nikYpll(UE5&PyYvC5pPcD9?R zbE(mcC5-Kgtx81rTEiJWKd_mp>~8Wr%0`xSGInv(cdr7zqkQ{3e3n5vZEbrf+`fAD zQC}T>QqtSQsL=a$ERn@|wdbSj-@_Rr;+xM^NLNpPkm0a+ndqgAP9Gp%_@Q4On=e@H zFVu``+U6OBA5b{X*m$>A`uR*t2)C1Z&!u=A$<>L?si}uNM9oxtR18dnFnYZDz-f1) z`Sx@xJL#Kt{^9rSnkn4bKrd&O&y155BNE4NT2r))keQUD=JsDybEk+O zA;lBN{9IKO=*{(W!5h>=|3u$OAdHq|6zK}yxO*^IMjs;(Q zTIM6pnyTDZ4Rf`6rlYo<-Ni{2#~WF?=5u>5bVz<*L( z+&KlO=XB%#(fg&`(dMwyF3z{?9y}U_$>uA_vB&qH`L>Eib&9R6gFQxyu?EHCEa1w! zfIup3yYSN3iEH#w-%qx5$*=pwQwRiE%6E*$KSwf>Oi^#_JyGZ|D&beNx_RBnt05yDLU@z=;r?& zxlW$KNU8$WfQ1I8bsLpzI`MBTU=ZpIvC|qR#E3F^(B%MNiVA2mq=Y}g$5;-HMfB~# z2a&r?^35{8S_!1h$Mx8+<0a+EVlO4-o-$rqUm#{88_sb*5Qtr3G@73iv{@(34^kKm z^!^;M+$8vW1L{ZmNvZr6AYK0SAl_$V5(!Jtu$P`_Bh%`)CIG`H*>N9946|(l6ixd@ zN^q;1-|i|4Ioxh~^+wFHyYvzB`5ZI?xj=7!u9!w9hIqE`pmz<(^iWt6U}u;6PP`V= z!-5+J4Rq)ACG_<4&7n(~g8NfbQ%RgAQZGxx$cVZ@n~l0MP|-9#09o$5{swXuhe@sM3D&42X6VdRzncc zKqeC8a9P2%kiU>5LMIc}myUW)F)s4x)n_d`nnuL-q_bo75lTAo7+3|FeivwLxZv&R zM*`aktHV5RJtI6tv&(R=`r~CUn=;KYZ!Z#aO|nK@MUJ;)i9o-X?SAUQzG3FbR=n_` z&gS%oExXTml%{RQd$Xffsf}96XZZBgxI@XwN8k8|AhrVAZRlU)Zd?*+xZ;FBeiRi> z#r^vCX0BSEBpZngzzY;OER z-+=BQQ#W~W!`r8BD*2lO~|E4H}Smn-B z>U3X!Wf@^zi}L}>F_`4~$hma1eI{k_!G$iR5c?m1uShyin^szKQ6P^!U#=Uul8)w5 z(g9`w4&w>bXrX`oc^8ibz|ZGdVEduacz_lz0BXWilaodCOaC4Uu`3(~b=hW@pP%nP zMLw*$ZK5ucgcX2DFnkTU+}n|~+|5og5R^nW2bFeHEg$TP4cnSko)$}%sN@FlM}a#g z6~JSM0Pdj>7#yG|Dm8I{);5mZ2---xKU?yGt;S(G1>@fN6@a8LaafF}0_ctc)X|Vn zj;QhJrd@2ZR!)0-Vm1Fcn7qY)(h(}SaDFk;ySJuvRJ;5vSDhzSU}Y(zOG;UrQmM@d zG&K4A5SPH1Z!p!hraKiF@w56VOa>H+MDrSp8rIwc9S=fWx;wMJZFD38q)FblmvZ?} z>kBPn#~8ZjS0`j9C;CB5+oB8ND(^D;LF(t*8>Vl3!+s+ie@uz3cW~q%#QiFzkE61D zR8DXQShI9-Q$B={Cam5s%XW%iZ!Ju261uc-NZ!Q|aEQHcwGxd(x08P6`x{DEKZ&;U zlHhmQPde@wfp{D&RG)OfqJO!+5ZQMcj|~%I%nK_DmHIqJQaQkR1$vI**YetLSdZH~ zK-9~uyKl7F5~rLa>q;10!?T?5S7A5Ne;#v1(&UfDrEM3EGXGGOhHztJ>@hm$M%n7e z38#>o0TeCOxZr72iZ5s%x+$4W=dfVd08=|9G+AQ~Tr-N3e94z9g@LC$(&2=8PO@hf zTGMTIYwcBvOqs|yVN_E;E5EWJ<1tMz8*#mx!PsB(I#q-cj>?R_8j|!6CejUq%yj`E zwaCM?fwZ?c!Qk1xB8=B!=AYJCJl1JU=wYp)v0T4iTJ7~^$Zops$p&4w%Ko?OROtF>sNrVE-w%JjafM&L6tC}@?%%NsAxreePxSaKmUSDs+Ad%&`q zEXxIl4TbPLz#|G7$jnuPys~on1hHMirK}u!_c(vCR{=MERCO4E3(1p;fXlOr9m)Et zE_`JfhC;-qv<;phOpKc4sbV?NNteP``mP5Hh1<9iYkH9P^IkI!(=h*=zc~;&Wm#U} z4*f`E*nTFzSW{SFrZ)IyO#xoONdMhT8HZJvmSjylf9BytDyL|BG3e9;tsW^Z7a_mSybOB;%_)oaIHEPeA0R#w z`!=ZUus*N_lc6~%iPy*}@ANKdP*ndNJni4X2`22!07zSu9mNlB*htxnf(aceW2ocf zvJPU9pUu#AcH``~{;>bcb?eRcrV39EYRC62HoAfVtc-+)Yr+96I?*_TCfd?NC?_m> zDK}H{xb9B1fln^EoCXed6NkiKV#+|Iy{x7vrtW`P`P>`0$ZkgJjeYcgkm-r(8- zxy}3i-!t;G;(JxufptQ0bi687onj371y%ar^7FHkIl#GkZ))#Zu|dn*g+5IUEhUE< z{yJNV!CdcU#*h1a0$kSWsBp?uLNZ7;ymp~4%0R|@?}8zW^@c&W?u&^odD#dlSe|;g zJ$kb@Tbr1|g}D5+M5~mkP(C@S(8WP-ZBs5ZfmQMYk@#EilAsC(5bEYw5v01Di?9WZC67|I*LV`)K zT<@SrD5Lv*Ej4N;QuSgrDS(X1ZHI|(de7+iD^{vA0N(tAwjiO9Yt79|$?J<>^AdPW z`V3&bRx4*cu&S-aRX$n;qTg(=sDz&~7t~u)Ad2{KpYu!ZCmyQ#@s!3?t*1;e240pc z+*GJ#PP1`tBs`OkFxG77aGUa&40Nn>M|~2zHE6ATCOA%)a}*yVHD7?R0M|_td6dh@ z1@YK7DKm8%dwE6;d4p-5h(+l}tCaa=j99N`0E{u(ysxf9h~7_Fl5W{%q!8FIkM%;B zsNB$kV139u52~xCYN3@4;v6*Gaf>YjFd>4xC);x zbmT>8(w&u;U!e#Lte`gwTQIgJMas%SBh59#LU^Bu7OYVZ9u&J5Whu<$QLeqjO(s$W z+V<@qd2DgUEW&I%1+WBtsP1jNN_xKj8CC7!PEcS%V~LS_l$i2((r5*uWo#9e>NXtT zJh;i}va80t*Conus$xFfVO1gOhFFiS5b-${oPmCBXf=s(%L$5T>ZIfd8MuLJy|(+> zDW35u-s5`-7%s87+z{_gmP=^!?gM{hZqD|iKX5Hz&HqvDv$GoSZFS;`y#Z@Fo3+@1 zO(zEYOw(&?IyaX59IBiW@VLzs0CQ`mK#038Y;Fx$=}MyXkE0)$(wCKVds8JRnS^m@ zJQ#*RsU!>b0@b@m4LvW`h>rict_9Bf#t3nq57g=)U^fe!qcXk8-}2j@MD2tvhL)!s zB6RJhe!VM%mLYq1gZ&xUbX6T-kmq^Z8=@nKW}vma+l0HWVKxJwo%mQ0B78K(ic%^8 z=iM-V9?9QKhRwQclq2b<9nb(%Z^FF4GXY`n)Zxb2eXA5MK1)FApHv6;_h zvqF|0>L0znAaJ4I*hp&UmR1}#ykEvd%$@oe>UQ$qTHFVWs&oHm=8@p5yHf^{r7O1^ zvWqdcg@i1QfHxL5HNQ#~ta};f%^}l6ONJuuSZ-D?C%Fl5nqtFzJm>=EKH{rl`zPs0 zKCgmL%$-YlYAe7>lr$MWQadHGNNAvlT9cX-e1UG*vp%kM_gZpiraOIg6uk!7tBg!K zS$bD0D+%Jxeu< zGoPq{-AWfCjV8zKx~Ohk3cUTfaz^Mv8)?AE#vs^?nfsCr#v^1~w^{xm6ioiJ==^^i zy73sdB5@;0j$Xm3I6Btc0S`B6a^t1>nNp6hP}xP&bk#4`c0@a$5+kGS`3eI@P+!sj ztQ#2@6jDKLbnmxs!gnPJt2HX$N8F9a{zB5rOTg(CZmUevsm0$F8~(875{QEoqg-oW zp;Uclt6|ekh|!gs%A`lI8Z^gZlUPa_EY7LYd3G8}7z&%x9mI7&;ApuwmF#HnNZOgs zfFE%higEoM;@p=}J<&bK3W=$=@p*;*fdwb~yi+vkc#f&7a=vm62Tk{gLL(gU*&fk{ z)lVA>z$+XiFVZa2X9O{e$(xD)4UvKY|M+I=Vb~R_WtbhE^-eWwSQi@>n_a;QK@cU) zEQ=YN2glG2(R_=4r4}&SMT`nR4~pLy{kULkSR%^FiY(09ewEkWN`Z-Qd@^9#vOeus zrqgPp_JI5_iSTb@GKz2^&(afYTR!Rqy(vZ~-^ zUEMvuG+ypSFup>ZHfUqP#2wnKZRE)PboFltyhx1P=&Eqv`k?3uJ>6^^)?GZBYUlOK zAQC+tr6sxml+A6?EdY9Y72+%t)`*nh;q23#+#h9gHAtby(rQT5Jshhx^H2Yp1yBDA zC8$r#cBV3x(RdJ*b^!M7f$u{FO(mQiEWRGUPZ#opkT%<#H*J)Z>c;zLqjfJlt{ymu z7XPEl-a&}SCU{4DIDLw z-~W5NULo55AYoNnNB6+r<)%8uJjPtAHDR+9U%*oe zy1e*Ji2!lIwiV=SJ;?RB$DzlEcq(V}E986d`Zakqu_s^|5(1lQzUdTCq3HKp7Q?F! z6-{mL0*o{Q@?@ z1EJ@-Jsm>Tczn5R4u8Z=&_t-#0T0t5OEfLztv>g=_GUNvx2?c(?^ap)ppI{=VkEN( zU^b$JVrdQSc5m4*x#oP)`eD%{XH&r@&WwX#V;V$gI!@i~?LlBGJ0o)%G#;9#f;U|x zzUP?Iz?eHts89}1mu=-Nn0^!MQtUk?b=t}HzdmA zOi{>L{kGj5E0XGJtGmDPa98ciWP{D3(Nr=cZ@`N188yCO^@D8umIoctrxgwtvOPY^ zDo)8~r&FPy6$y8TiNM}l{`ISO$23#kh^ItfVlVZ8aucL0zREk87#G`%;F3<=2`z7vtx58$ zbU$&1wM~yS;EEKhrVkY4olgqFslF1XBu?d8;mz+SE|;afC$M;5aNmz9@R_c*VC}zI z#}#fQrC_Fn08L?)+^+S!ozrek``yf!&pEqy7p#jkQp<)^!3@1)*4-6p-s|#RA(HsP zd51zdEf`f6!(W)~<^cvObiT+A)#4@^T~&XO04{cRnX44?<8h0H)2r^!h14em5>*pt z<4%cTK6Pg>X=6OE#jXDbwuhT-hhRwarKhZUER;r2r!`4{_WR>>R<)UW;=f+0(m#`kwicOC(NzfE75pbsUJ!! z50%pN)W+y*>1+A^p)h3N1BIw!Wc1t?JIu1oh$-qw@c!S=jy3uU>if6{^zlUK2c`UT zv~lO=*Y3GPPRZC%mmCML9CvJ9pS^^PZ+Ib-#?AA(@wb&cHboqTys^CDl`L=KmtX!seBOgc>pC*_ zgz?26g(+z?g`sk7(HZI~50X$@t;APvJMhD-EW+*A{*i~7fNRK$hsh!%MS2_Dws~kM zAwkT#V`c7}a+o{&Bd&CN+M*r}J z8ItG0pRa@m3PV5ATLO%Q&I{n~qkv6a*9PX73`!t(Q>wjV_1)FuUke>)@VCmG(>RCr znfqke19f(vQU<+LG@-h`cA<@>7xeS)wL>{z{Z6RNT$0%ws-8=|gmfUclN@d%! zfo*sYsbn=JGV-VqO-Grie$8Ho8x z9;6WAwo2@-DE^fOwGr-r&oWj-F#f1PVY;81FyrcY%GN9liAuGw{Mo?0ss*3 zRySXIHR4gN6--=QT*3~UPHY*?y8n10+^EH$;imW zf|NbF91O2#d~T5FMr!#KQphSe?)hx8US5wVmM}#SEys4;%L&)%%u*X*)I0_97RZnv zOFDcqRT^QD`fb?Q_-Vw{01<&x-56_tTQ#TSG|cXFPJIHLeIsdR%+v0agv58|rr{vN zi%F+Zu91O%pbpQ;bfIQu)r+pbpkJK`bT?sm<8F)Ryfu*A=$k_C8n1rl)DA<-YxiAA zB@6L_f2KORQ6iwH3;f4U2)T)+R&!0e`pGjIY?sKaXYFF@_h0U`aswiV(>6;IG}&TU zo%LK+wsje!eht7tUzH+l4vYgL!{yQUB2%zI!&zk3YY4MS<@O1!v-u%?r}x<*735o5 zZw>(^*+{Z#9WjRe)sZ03IZ^Ur%Uu$pI-t|6)a`R+Ba(*l#%qtU@$bN;@PMKdzul-+ z#^>b#zTL=5tq!Bw2tq;S{U5(AEatVj^$>7qY2~0|Ic$2|WRRE2e|UPl4(SOy)ceG5 z|Bf`QVVM8er_z=*v{2zw(fBX_=pfoH4zp2!2m37+3Zl!pjmq=~<78AgV>}z5e=HL5 zyT?z5UNE=pDGr@1(ln>jDNKlpJ{?LN8ootl`#7{^eCqulDgEEw+Mhpoe#2#4GaTOU zyGFV{_4_;}+4ywfM#an0#c02go^P!$F^dC(67 z1TQVH1Xe-V5Fke{dWToI_@l2Mk{HQ`0^sT zu+|~vKF_6bu}||9u#gDZ*)3}t&8lTRh^!)K(s>!H^c-1Ji#{$cOm4B=3qH64b>J@* z@t+~?Kkum4Fkh+DjTst`tgS>Ao6fc9yLJ3FOjZ2I4Kn)xcmcGUR+l`BiCp?t@DB$& zIqcE75>=@@XP)?AtnX7w&d9rc1oqRH8+i{%ggmc>e&0Jm0wDz+uh+#S&`e-pMKEU0 zAYhF&ZhPWfwFa1)9MgH~I#r4fl`ThnqnJz*$rX^77ki^qpfV zqYi+?#|p)88uq&Kg{R~!H%zD(zg7(SLWePc-!L6ZYK`#x9;g`^K_uS{liub~?-(t) z3an#jPqT1;bS4jB`dNz5jdQ@Vn_d-KiK-}1fcwC&6Im25UhmR!y$%_k?%;V8c>nF*=Q^{+xojEyj&kGhN*{Z8j^4hV7Jo`-}2u=ntk zl5mB|CU!d%SaOb{wR7 zkx6Vp&?*oph#*{=tycI8mLyPX@3{+s{xKc`pMcO4Oo5*MHB^Xn7H|aU?*QsZmg;vj zw9u@t81iJQJWA$U2d`8>*LU#Khcu(DRwj+xI)B_`YHJ?vRYr-^xrL2BHgq-gZjH;5 ztNTMmv`foej<{5p&g9#R)`zf0TQEe`2b&_gnNp3o#4_#xRwm`H-~m#VP_#(s*zSjF zk<0ssnMSG-2{t+`xV#I$Z-bv$Iy?_&A4R2V;uH?n>DB3FmX45&nK2ve-Tzh@{I842 z19$CO5$^9)x!((y4xH?RJ8TBePpN&};%A@JVWMaYxzW0|BT^y-Kj2$J!@tfJ5rUA> zH)b>qX3ku}bOXRZyz!{qK`itHBnu* zR<ZJ_4pR9RN(uFqyvGT0S-W;@mEFS#UVFT0><0wf?*5`MivgooTmD)gpcKY^mwG zuM}D0?nIlh+x`M0p0Lpu0EQNm4dieEH9Tgn$6Is_rZnz^HPP`ILB3~#@!dwVE&1a! znTedGsx5`>%tWtxp_(JwMD(Xa#@ zU|494pDo}x>${kGRMZwz{zq2y_hbCe(~S60r2SXFz%lowa}?apY{KVPW?+5y;WMlG z(3=I`(sqkcJQi4*qWpXln@&FbA4zqNGx(9kWTjiL`8wm-ihoVTXXuI#J{^i694Z!8 zFgx2C{gN5pXq8Bh9e%s=YXg`ff@@8~=(N5jm4irDUSs(pWp|Z})Tmv`XUR>Ze2*4F zEk>D&Th14SbKYRiyG-c)d{!n|(YBm^3ft=*r@F#Wtx~&QqrvVc-Qi;0z;)_pZ(fd2 zb3~b)zf0J^pFdzm6fqG*zh=BlLru9d+vRYC!N7d_n}LDtlbl#Yn8AR}XsKqSYgE6n zPJ{&_UC)enwGQ48Y4m|SI3f>Fy@vpMhZ!(oe#&@>@ufVf?nVufjnilcyXqX z)7Fon^}7HE*2&J>u;YH`{$b@T_0+-bpt8}0K71b~ch7~Aql&T0>Pxo633l1H8%kqQ z$2ARvKMwx;+WdWqR@NY!-`-w+%}X<%rccM6>H14JCRe&lKJ9nTUglB0uXZ!s_5%oWZ>c3Bg6?Q4G>>s{|T~V6~UJ1>Nj&D;t z&{Hyh+;iq!Tpco(Lt7xI9c%EqtmRX7sx%hJp<{Erlpi!z1u+@e-^8u*6dWmF4?LGXL` z@>}~3gyc8ZD04A)ZuJ!1DE5%RpIB$|~n8w~e&QTRe7!eL66mNg?4mF_VMR^nXUv(4y* zt+*pWiiUH8-Vu0RCSb5k#JOoapz!4HgB1;1M*7zF?O=5kO*XZ6AHVdnoG`SjI3 z(>Paq+svyaiD6n{b>V3baL)Q62K#;*bXxs9ikT)ANz4L5s1s$e8Dthg+#Sd@v0N%F z@aB7OMFT7iiPh`W<|By)zbGS~b}TnHqFyDWqrd6!ZnFWqrA>%g;|45sIPHN*CXcT~ zr`@wTj(?{Gf)WDzp2f!cb$qJya^1km4huOxw_n-7WFW|H|3jdSdjXJAhCoy<3sZ}l zfe}958}{dYW}yNk>A~MA-twe-TJ7lr#*X6izC!=9dVVdX@~RWeqT!&6^t!=_)U%Du ztLMWpM#hQva=<|d@xp&X#bW}cDHVm3QbJ~n>+rAG^{K%u3#EVjYJct^(koJ5`v74} zp}5UvZICH$QZ87Nw2lApIv8aNvnu`e+N5TOY@w~5>tQ+)mrV@h5?4GDBbH645?)Xa z{epdeFi!?-MguVgHfuehHFn?mn2e1QYd}#AiAZ8k1l9sM$c+5f=BcLr{V*t+nCT(9 z6165LCG-1JY9jccY!H?MMpKq0Z$M5A$j2Ez3X_YMtOuQDN;w|vVufzA z%1iqn1PG1{s0Q=Z zW0Y{4K_tsCIGiolte$Y#F{_yUeuS?1{Z+IVE#m56p-j*?W3FNecdJozKSV;z?(Q

kvE*uz>Sg<*Mxntj65Z}x^i#|GqEb8QjKs288Ch8c ztw!%WM(tJ=yDzKwK!Csu82po;{4Wo+Wx;7*pyBAE)oN0pMr-iW4UwEdqjG|IjR+n@ z$^UbzKu!@#dZ?|XMKOx?Isr{N4Kwe8?^0DKUt;P}T?QmK^S&^Vw58c-c#)fb8SDV{ z`yOgM%j<04*$JUETxd(cudlJ1p&zA?OJgKWNyYmg9B?2(4!50W_b-Px9_(0p$4+ixz4fWG42tjV4*1W6|Qnd|cL8OLzb5&K8BcQCQkgNf_z|-BL zPmrJ>&;T=^`jgy?K)`VbH4(iLcuoPNIY$tKfrtore&rzBRd%p{oh-vsKD;LPB2L-MYr^+*Ro>d4vJ$Dj!O^LG^+q zb)v4;$B6ks+n-tvXlxDER+ybI#_vVM$$1wZQwO)1Z*J_n&qUc&3-nHjDv!Z9<6DNTd zJfK~5I`x~_e-+rIFGvmZkr2JFGeNf%4+-<`JYFoG*uG8zc0x50K!S{A2Xr<_Dw6Z@ z551;OyiSD>a$nj@+tR}mrK`gwns^$e*;6nBu#&hN<^IVCwutd89rr4ChVN=TZ%!de z^mMvSpOJuuXR*1_wBbNSA@lk|wZ0rt^8KS1NnbO%Hz&wgeG8pL;-!+rv~mH~j7D|Gy`5K2bz8^Jm% zAPBz7D29VkG4R<9?zlES;d{-`_R)MG0Gi!+@Eu+Ut4zb;#z+<#J^lun6h!|j1Db

zk{bxawia6%c}J(&kiYEqz-5$3-7%8Y^2V;i)Yo$}NJyn!7mun+7K??x?Stz?%`?R0 zlEGExmA(HS4SLbi}X>h|WmPN*NutzuX}8Tlzr%%&<=367v| zH1>H6yY5NqE+jgBjOXRkHXQfvHCh;K6SRKZKQKySPZJf;RH(5$3Zh?JFOR@R?4Xh? zL9~Oq+K^#l-8GH(v7hV6+L)0hNrEReq6;q}T-J^0`A@@S@O!ws}5)gs+Lj zv59K~M~=ZjLtXal#Z5SE#z!)>2D{7+k*|!ihng{LHbrS%9-<*bsRgm><&zHc)vuNh zQ1V~T&||yQp>eoa(e&?$Z=llokov`Sx$+}jo?@4o9we(eBWkJ)zR@aCky%ac(eQ+t z-|f+#Z-0^7jDW+4mK*kA5E|4UeUYC^Z?DrhU6Pz_ej>b6xQ&=3%6}8;^B=|mcxwQK zwBf#x@(+oV75;bkPbSzU`q4VifS0%=8cc7rR(0{C(4`Srs6>N$M?u-52<+liQ$Lj{pvXe5FUcY7(Zv>$aB4p+VAY1jd*IJOJc4G33tCoU z)!#t2gLf+6z7M@A0@4w%dtdXW@;!eBRVdB+HW0C&{4LZgQd3!+7}vZE1j;qp4hdv7nz%!* zAc5SBVv+{)>e3pZ4!8ktH6NMCM09F}^yy?&A-tSz?q5`*SawC0M z7a`!6p(h#ZF_N2&%53Rcbx${4PF79CU20^}@L@y~da$*pT)3<)7d>DY*A*G&V;uv*YL;&1)po+*;goEVd7g0*^?36jJR z$aN}4|25z^^0WsP{&ymrQxp+tX$DqggHienKzU}Eev-Ig74p=(Hwh`B`Q)kcz>mYf zn`b>&dE14)1cfs*N(fNPRXTkkVsFdl7^+%xg=p8m_EVp5LpAxrqYI9Zd=h*tC&9ji zxOtk2;jrL*(1hP9dyM2|o(!Wu&oKB#DAC8_$uP{MYStR@J=Zt|h-=GCw#UBTHsk}H zR#2l2z{cDh#pvo<`zw|DZ zKHhH&@ALA3cd2Sz5%Ap0!c3raOFN@J4^n?>Lfb7en!+Z2g(u$S%W{_i&r7uki-$xk znIN9}`y|@O0*=A{d)E`A*I>9^9z@T}s};$hER3r&KzK`Gl2rRK_0V$qk!VbrDuVoFq4$7GG~xNhW;RzcNj#jlyy ze?y%aQNgi~X8ML-sBS#`&xHMJD!HMzfcXX%>NeV%huGd{w?Q0w9M}^gGBr}6`5KrB z(Q_30%#YciM9;M|&J{d_MD?LD0oX@UwQ+xG)!-V{6~DiIn0lc$J zw;MR2@>sd^L0q2WI1BP9>aRb0ueQnw@3qKhwR}zWZ4Te=8_Vq5Bu+7EW`-aa}LWikBu*qO`>Bk`jBn8pL zOAa5lY};PJJoTP98ID!my6IJv2u*y|gTXiK#)d}c#|mFm9AI#r+tF%1u9bZtcqQSp zF`R7hb6TxKkqfUQ+tDp=%BZ=)x?1Es0}hF!J0%`o$~4b?vG3=$1POalH!(&ShYxEL zt_&Pi#KOX5^3=Ob)aD)BXhL56ECt3e`ci&+Or~*WA3niW93pZ$Dv7(8+-u3Zn(o}t zQ#>5~9HDH3@raXD!ZD1yu0sW+g~-9baQc7u@J$JDDaT#7x$flOPVORcbFu~;2himh ztrm>>CmJRM^3f(XPT+m+0PODDjx!wQSVBI_B1Rxe^~WO%lAQrXgH~_rU?s_(*EUPP zm8ndw3Hr#tuP z21{1!nLFsbl*l(_Zku=dg5Q3<=H{C)41k*V8?(PWDmRhO;-d(YkLripn0*BMVi!3g z+nCUP?mU49-c`5rmO`D|>$hLZh5y+e|G67u2+&xC2kt5QB1j1IigTk(V4}aTBWnG) zXWz)Zp#`B0fdTHnI$^nha3F-1Q105$Q(74#)Z;vr_^6hkqkdg>BQlas_9&aC>~bfP zI$nI%^WLIu8{`eFtWiKFJpBTz9ufGk-da+}#{R($p$}^vUnt5@t37gg-m1xuJn18N z?i@Q36BE4`wN*l)m8zF#x-o%w7|gDsv8hb-GAYIRfZtnpz`THeaqI1No>R7cw?O-H zA2w6;R>hCX!eEbhxhpL-7>oh9f?|2s8!@Bs7lT>QU%nCazIpbi`~7DZ;|C-4^ZdXO!LfX?by~zW2|knLctRceLRL`TAa8bKcCc5rRGv=SDdFki=9B&T{`E$IbCrh z*ZnAuPTPD#weAN5jN@On}$X`j97*Ls8v5)dN9qWWRRXY zb}*!{zPlF-;v#li)aKwewmAbb_IOq0Yi_l|k}{{V+p7OP{Yie}SAL&!U2}a`9+a9G zky!oOObF9NfipEiuj0u0N^8)xXvt*!5??r}c4qw$G7}nse2fvc;aa9^(-Dxkv--^_ zLiV2JL4g0=r}>oi3>8N6t+kf}(IRc>)j7|GcluGNg34t>rf7XSY78?w`MtL!T0}nCa z3!GUovc$#5qb@w1JKjC$yfl>Or7B)ck0-so~)yZydA{fa?no}P7 zo>?N)^c6;*u<7DJ8BWxgG% zyn<1Mix2BDJ@J9n=MWaGZyyFp~`al=;HB=M~lQI20 zDywD^So=noDKxKS5{US(1|yoe3YJP_g6q7NW^GRo8@m%W$e=J*PPjBthjduUkX(1BUpM` zmENHbjd=vtBdq&%6fQHr)EqxNJipAug(wWznzmE5hbaR{5B-II!SYTD&wg><#gzV`r z5r{gQii~X4kjy*D6vmPL8;aGooaORCVN z=p*Cbw*`6eyVX4w&s3;_!Ji%rSb9zW!k;Ol@8t06Bg7-D^WdwuuUNf*1JDGH(>)?Q z^)sJ=EpPA^IsJUuJLaP6A3^=!)d3VdnM(N^wp1>Ub^sic8ar|_OR2(6uGHg~`{V%V z!!DM~#jzPKWL~v`mAi@ngN{1J-a&)PIhB+hgyASi-Zx8t!Xj(L7i>EKZ@z zqJyNvpY0T;V~-^VY3yQg+lq-Q3QJaLkc^jW zDpX`b@$2k?LyQ8%Sm1j{K&JmPqE6Y={=Xa_p0{KHnE5=2N6{V8}XLNir;2ci2 zdZs1X>H$0!25<~?I*reymPIWXdXx?qXT)@dt>5hS1iaRl)%KK(M^FG$?|&`nuvlSM zP~S=@DW`JV`+<1-SF@EmESS{tD3r1?T3>7eu~0Yq`V`W;1wIswb%eb@y*)QN!-QEg z2DFL2yBghQNA?fr7Q6G+dFMM5;xZ|qeHsE&M<$RShjP~ad=emrfT44eY*A!noRqKq zW-C1#yInz{&rQn%!hr+qw|s*RZ!zA4g?ejEg>a7`Aj=s@pi}Kyu4>5ex?JeAH|Co0 zz5%kDKvW4?z-n?PVs%&%(Q2?s)pg%YETt2_-x!SFEE0Yw8RHTLDv36`<)-R}Y5@Ib z2Z_>JnD>5@Qu^eWk}b^b*KZG(AmBOR_y)+4i7zRz6z8T+zYuRaVM(OHD%lrY8$lwh-+sM@2$55932MU_mL~K~QF**p^*V>oB1*b7VPNZbWM9 zU`L4Ytd&X7J!SLM;D6|?Aw`0FOD+ku}Tr6WLns0mE5==YQw zu@I^|JnkA~L@|6eF3bY5s!ChI)jI7LepC*{of@ciYzlI22GP)o2YyWemDju_2LzF- zioCA|Q9`h#lR=KRIxvehtmIW^fw=RI3Ad4v_PZngW-#vgDBO2yG!^CI*oS960KA>u zg(RjMjU5jaaW6;UL1w#hDtK+U8NHGHv$q6cBji9_sM!_fj7ASEg|7{=T3HJP4V`~K zTrsTrj}s2O2%#7vjd~uU5QhPv{Q6*-{w7`EVp?@i3QNoaLQMp|$sJwn zQ-rwShD?wLBYM}C3j%+((NsoQ&+;f@(m}UC!yP>aZ%2Uo?P6GJV9u|^pwuj>pq})e+_#sW+u)Woc7W<>)?B%=KN$9$=d*Uv6Igfi!nxd z8)a3&&u9kX6Wx~3ZQ9YjpT9qnpLJwC1QM^{m3{N!BwMn|nA@Xj61kCq>oV=NU4s`cOA6?vwJPBCGv=d>N}h@%4o>C>|X~5;m0RV>{~Jg z{-_cIXm!%0_(RV-LR08P-#VZ)*9cq8N(DCK<8#1C^j3LaFi?qQxvjy^WN+UBAbSy~ z?V{Qkuuji>mLdpBu09dd10%PZ*6X$KQYH>ZlacZc^YN_7LIr}+-vy*?m=X$T^31Te_Y8h$uROATzQ-f(pK_qkfm`xT9QHxL@eq2%xu z*rg@_qqZ&}sOG>RJ`+*QX@gb{%+`bP3&{2oH#py{4eI$E&?>rv*n`bXiMIDlDWIA2 z=4*x!`*Uo1wQrBQt_!9RD&-*2`{kU?I{^){vnqiA-*oHEoX(+=!qczoe!TA{Iq6g@ zNuM=50@FY4EC$N30`?(*`Yu(B9!=aE?d$=MP8Y~ zJR$R}!gzR$IfSv~iTMRWLO#{w8O@BMy>5#`hsbHAQl`x=W^K3)Om^WE-wVFB+AJO6 z^Z)%0$9kG)tI{3LsXuGvnvj;3yWQ%bfK1XwhJUbWfW>!z?z}&%Fi1AZi6G=js`AaO zlM#W51dcc)4|H_ay!qjYu)SEAlX>+}sR7}EOr6e15RZIUcndNS-L~%)Ph)q?WP=q5e0sHumNw2~BWaCB0b>Nug!dFO4mNts5 zXxVd2_Buz_pJG6>t+r2-=MKF0T}y?h-xsn{rbe|u08K=DM^YI_N-+FUxiG-aN=CVI^XSW?m^mT zF<0ais?D($SkCCCq7bLQ6Vv|gDS1MCEl+=~MJ7A6%5xzT*HvJ41v?ZfSG&)4w(5!( zX1mma<#*)Q4&*|4Gzv5Zi=P=DN6n?`zmHmu=}S6WN4D-X@B?6t&79XRW`JW{Aa6_g`pK7-kBDkZTNRBz;vn|zy_%;}O!sSOL7^{L z0wyv<=SLCFXgv=MUk14%dvT~TZdHs(jq`33iVg=^%TLfk$1$|Cyxb<_cP;;nqt)tG zJuChJv(B%nkOWN~PAC+7qIS-+ItWoS2{r$PNlZ9Jj3z`;R289y(hv_zHT;f~Ck7xU zWsf-&RnJJ|eREZs?gCZH!_bj8!X9|${bNWFFoz<2;B+!bP@{bx4Do_oZFyamyHImi zM@&fNVLAEIXdW{h-%`9_*zMmuP@0;r=3{#3{DM+ZB>$Q>3PZj+?k}ABf24AxVNW<{ zr4zMkw@YsB;|dtMDodR5<-Z95QG7KqTlLR+>!LVe8*d{guA%B?yuw##lyE5iWM-`K zA5A(n#|Z3ObKZ@N+CKK78~uoKMcR@N$O-j#pH4N;q61t4%|k*$R^!J2hM;5vZ!Ipn z_WM&gF8eMUL?020bCI4E2X_F$l}*ZUnbj&)4{#OUGPLOvTd)`q!4*Zx$?=!Lftdk2 z&B}`$J^vuox3+7qPA!Wv3m=0WSZ&`vtfaN$Qa6SBI(Lb3O1wyuwqRV93jtaPoni2v zs?XfeYH~1|_iM<|W)r#8b(v9T2S7}}15rd;?dX|9DJfEJ^4GM>->PS{>}>RituRsL ziRtIl)(nv(7rRbnxh;<4R+MPyiiJ+m)@MV6Msnwtxn!ROI@9AjtO!&&&o8B#!sHr% znvp+oKS*n&Y|U9?iU|Mrz=t>V$;MNXkcb@tZki>uitv~Dg-5Yea>*qI;`+soqpgEm zvKD32Wjg#8SqZb8FO{Uiw=d=ll0h_f#DteY7!hGnRGM{4>l zsWX;6ji)^JYnEOeX@iYj$a7TFYVj8>r<3}XY_JqeoA~bj<4SOpb#b(q{iAj06{H~) zeb~w92U&qQm=YM;3fI`Vxr&&_bfTG(225 z-D|WPivAPv3fd=9VbZSx1V6)>(zrxTH@~)~XZ4QpG7xsDLMhjnk4Hari}YkG`@16N zBjD4Z5ha9^5HxUa6GFkLz`b4BE348_rR|bIRqn>wcO4~+VrNYjb9%mN`uV1gjJN`K zuT~%-dIc6%1%|B6R!~uZ5}gtuANvL^3XLD4CUKg?RMK7y+d?ihImi#>F!$UN`SIXNc3 zE+{mD^#iIbw37NK9c`U#8?^cvBbmO327lYdZjfx`OpwAYG(TW{9_ufOawt<3IpNu( z!_U*$uH#W&;q44_3I#-68-dD0oi9&gwvD#pfcc=R+{lz?A)nm3Ss?M>cXt1ar(5LB zwnA^u@<%@4|1^V39LwZq@ayC~Nx)Qi!Sn*EM;aHgQD9=?A!2L5D1fwX#N;F8+x(pFk{N~eRXJX*X`C)LPO)$uuyAjj<#qi{riO< zEYEcYUrX#*`X>KiJa<1xuOCGvLK(;?=MiX);TL#wG8>&~4-Cf_u(Kp}!Trp_^2I1W z<&^#E2iu4pCl#>nG9*bVS^4{Zm1pF*2} zW~-DwJ+ToXm}NorKV$4acZmrN6wlVHyWZ{Ah0vPh%uKixYShQzks4C|{j-`g9LP6T zadJAl1qI_4lUv<=8QC3#tSaS#Nu#LN{~jk9F>P1j?|10me}K7R!=CFqm{Vw|7(wuV z2geGudx5F{_1bO$_7j*9$}*qdkEIik*iVQA5(24-GdT1{{QCLBi~pHFX8V%*;zW;b zBSBU<3giKpmXh!vW3zeXTZxU_7&u?)rLkAWr#yRN!QcB1zI$5t8~!4Z~qJ67xde zO%%j(QS?jkp;Pu zpyhOxU-Bw@(!HtocgVn>uYy#Q;z=i_YmNpOV)&$VV5?NvSaY5L0hIC-GtSDh-kyEw zTT9FJlWK?V$>?QkSi1(KuLF!f;Ic<1O!au4VXZ-K%j=yJvF`00NZ^qL+)|0$W7v2x5a9;0%oYY`WMqxHv zwy_Mm{;^EQp}~p*Zxy|nH%75U-$z3@M^J6i?asbh;JRPuzmU|zA@NcC&BUBG=TQA6 z_l9vSYF2|G_}55RNFFoiY@Uncna%>?97sV1A0`>7ZweFTgb1N9^}F4mbmx==eKl`(A*Ancj3-BX509n`x4=UYiicu%LY$#3_6s6 z8rk~;sl+@%3tpPBN)Gz&?*F+TA&P1+U^IFtXa67@##yc>KX$CF5{APRX7-L4d0n85^)zmL?U3-}*CC3ieG7LS zDes1gv9qqF2$^PwXXNz)Sz-ZoWm>a6&;{g_xDfYKLaL6_65So7DcUK)!E>}yp z4>z3TBtFQ*e6p@Vj|5}RE?ea{>^_|shxL&(QXnn!@bqEe#Ii|8;9W+QPNOnNeJI?% zyCfnsU(+M>bA!>1ry)k~aD}PyeIl$O;E*S*?P`a*&xo}y^UvDxuewd~2~>4Kz4Xaj z^2Fg6NpFqR)%bEgVPB*hahp7^VCkbW4E0r+|lthwAL= zBL+rJb{}t2n6BVfAnU{q!5qli$UgLA{n?}b#8fejQwG=^DM2I26F^Byguk86Z9hw7 z2=v1;G2b3RT{{36_z;QW6zd*n(OV$Fh>(ElO-weRK3u@7OSNFRu|+9Q?V1CLwoE{h zH8)Hpmt^6si+6w3@mrlFDXB7>s1ev2K_o`(^t7Onf6|}E9q6tl)8vA|ENcjquu!h* z1r}~Hx?h}gL3}i2#ECbUB<3B!-@LS2WK>A!{N`b?l8qjRd(;8YJ;XmmNvR2>}3G5cuqnD-|zkCZXYod@)}RMp%W(MV}R z@Yss*FiP;Y-1$S0bWxdy+lx(rbxH!Ojp1?cOO8~)`xdxf@jnG3O^Yv(=@GHV0UIy4 zjkpLuZoTig%UlKki&M}eTHyvLfM9_HBy!CBQ2-s<0K?W8>#8;lptYg^Wpr~8GT^fT z&6(13*ulO+`&j6-_ zz#nwof0`7?6Mo79)uMVinAPT{C@PokofZ`>{rmX6+^$NXN$(liGV7NqpVDEY_i>rsLpH=ug z(6A_Kr(w4{2Eg1_p!7+|5exvNLB?}Eu}5|2F|p^dh?uCWD5I!z?2pNfpDi@&S%+W( z_Th4e5+JHITg^tZSg8D2h&fw8Yz6}uZ6?JpH6(!4?ZJ(b+Ah5pPVm+CzlBQP?|+wxH>9DKL^`Vk4`yU;|zFqpoh_e0`qeboD&98r)F4t0B z3J%4AO7%6s8=xH^4&eJnFUrb7F$yTh`Czh%uTdb2T>=RGe$?(wQmkcSLkTi!wM=kg zpJm|}c?x8E*BrWZc>>5@g#{G2H+8ZOzh%6kq^73*k%GuqoyU5ki34fT5lP)K{?7#( z5QZasqbWBbcxKWQqhxv!W;)qqCq^nZFX7+oX4Kqdj(0Pqvt;@;1&g;uZbUbH^BU+G zbMg@_4DGlKzdre{hY(+Y&7e_?hn2=}QGdUy7f9+$TJVkfW1U!TddvzcoLC4us}giL zL=u?9td}MUV_67wYHFqiKufX8c{HU4naAC1CHl55JxE$pbu!|3>^9{inT^sxC?t85 zDEVtqhJDZc8n~{{LS=GRY}{M2k`MwWB37F4I9R2*Ur3R1z#s$?z>6(z;-dSGZjnU6 zvZHblhvB$Jyz;mNlc`81$%Xn&8&9p2 z%rUmZ4Bhc4xyNluGsr&+`ry~&I#nebQ&TN&T)`?JIlzc+r; zUEHW9ia*=EOu<}S_K9d=N=&;{H1XcHIZ$d?x%O&o5%{nF01JOvP=C+dhgmNMvSfjG zk%bO$nU|bt!ja!2d4YXOjl~4HOJBq+`j!TdQJ*g26pJUc=&2_Fmy2=~L|8qUsnpYf zCvgyQf{%lngrym^fHOi#%BnT9_VE@POKl-V^W!(&EUlj`HWIY_QLgMz*Q#4zVl`V# z4O9e3DAkR$FyLPhTADJ!ZXe#zdg|hut+WvLCk5dxYqf0d+9rxZ}4z5tn$6;a2aMmc_0FRa?yzB8Ae2)ff>T zqnB~8wN=1i#jPFq$=p{2YkbCfc5wb(yuU%#%hT?jU6qoz?z@vW->QeQQ|b&E#$~cN zrSB;r;o9h|QJd3{--Qq{%$=qxvN2x3-F&3A;NShX$f-y`%HVKBYVC~8*2c?w}b{(cUmNP~LNKJ{Hem3P7 za)|qgmr_uFdtd>EL5}4I=Uo;wC(@i17ya^`j4V=nJi5PgcM*r0S1leQ--bIK_sS&= z)?|08)>~11rxpxiGbSQ{u8iH8uW92unQ)+S$3poXCjRyPTo`l@%YWCo;DN|CB>h(N zs@4!?N}iuU$yek(XYs@OW?U>=P>kMESB3*(Ehk=J!3#xRjU=MH&DH7TiUo9vr)x`! z?H0regzdSeMK8=Q&|fGZc48X9TIRY)jE6D|VDwHngapl?29SR$#`ObjykO(C1+nmZ zm`U-Kex-_Y759{Xj{yF@h@klkLBzzFo_NKzisL0x-4&PhE6;Klw>nOLDf&HyQ*PAy z_pN1Z{d=!uou%Ewp>$v)2R-$u&f)(tV)loK2$WzN=-N@dFZYr>ny)7T4Q_DD@u`M= zYkf2F)1N*}jgcXZf6&PPRTunoMEK>2fch;8igSGJ|NL-w62IaFd9${6qv0dpPMQuR zeeb4^I}apze@X19DMsNvnN{wU z%DDgsPsYk15>a$G#JcGwaliO40n%Te@Kg|rF$08LGXXSWZiO4<0?A-?ZA$Y?75Nm#kwEqxs41?S7n8GfU_w%FHiwTT~E5E*Ik zVQx3j@&u#h#o92Lpb>b1Cbk)+->mh9q36G~Y!1nCvbEh<4yc#{-ZqNfa1zGuwfh~o z{NS&hMQ=V-6L0;W>k=g*B>oj=3e!7s}!2N9N^f24VaqyM7Tx{;EfIycChvgdg zG9)4)S>~2}`^AsTI9skJMP;-(;yjJa_`_ioW z8zqbVT|F!W=M#i`r?9gwE|Z0?U8D5 zb9Du;66o}_t>!A} z3NYnl98c|feb0eeIth%fhrzBjalmh7^#kZv(#!znq6RQUW>7xtK zT4f_;co&uV^bU(k9{^Nn0O54XsS85G<@dkD$wxA70b(eTt!#Jya{XFG;H}TyUTO%e z)~kOR!M6TIxqAS%xzXl^9yH-)Nzj(!y!*4ZF$oE3Ovd}OM1I9|EI(0*>435(E}WT1 zwND|X(3A$2sU|Wf3bNt)gwIuKwE)RfbERpFYu`Rk05JuDHLt9Kn&_s?EL-CR5d3{i zA!lK#@4E88&%M8-x<2TJ)$ROLuU>4H7#T%rA$39hz?mY{vY_bs33`z~5qMxC%>r5& z)bLvucBd`*67{mALa=a7()GUC%o)M51XnXi@N9$w!V-}NhOzU-p;^S=e3fw7fq@{} zQCc$cQFMHJM2{2`s=3B?3B~=mo5gfu&Ghty20C#?tIn;Y^|tR$)ZeVqYA)N0!|cEW zqB;XQt5{%-k~ACFqr{|Ej0Y@6+OrpovmWdI(H(Jsn>LhefQ(G}4WH_a*8Do;ME0^A z!N>(fsowHGx6K;MRE&+IlA~RyrHPSQ64wFnS*qG?#uyhr0s6$4?5povqe~{6d-bKG zs-VNx;grY0~>w3R6ygnm-fbrchfgpklqm%~JKYK?0W!(Eg+f}InL1aswx zEq(eGP{%5b*S9%UukvN8&>dw*z7%^^!B)+`f35#{{gk0X^D(1cF$P;1)q>FH?xE@} zr;|m28Y`i#`2$nXt*K8FVBDz&;$s1pKW1Ni(ND3@vc~PH)D=rLp0`+iq&#Ml(El*s z?fuGlxi{rw{77)kCH85UZ+lIDRTueArPpZN-1KMcRVp|9hE{qd-uIF1Us=yf7jwtlBjtbMAf+ewUJ-&Wb$KAAx|`OO>h@8XET`G5q$I z@2X3aBF%(?lO7!}j9dIa^_@m}zh(rIIOUnPZfu zt|(4Lw-|RFB8u4Bj*D&gW&|Wh!33aE;{oDeMF#@UWgF4iN*`-j+#5H46Z(UN5!GFe z65M44W(0qw^+r?~Eys$Zv&ATJi0Vx&*%iK`Nd$Zlh9rGAtx+P~qUG0()p5Y}fj0gr z?J`K08llfBfcDC`XQn%#<~)UdpB{WPF7O%tYbSu*5ZpsSAsWWSWIWNRlzv}c#9oZ$ z10nnV3nj3;oR5HJ{8fpzI&fS3`4mN|T+7*4{38Fuo1JhF$416wPeuYPr@`=THviS( z5MUbmz*wn=M>F)$OIixcaGrg6djh@vp5r4fE{TSFboagqo{zyWc#rBen{^+i z@ZJ5P(ATE_rbRiON9sM%U~%*$XF+^KROa_K&*Gk~jG87&A(Ml-y5Ey;J+r;4%m(=*F!oN>Ok?>vLs?`?-Ih-S_7k|yX z1f&x|U?W6sL6Nj591co~XLI_MG*L1xXBh`UqqB{V7~uvr&*{n>Nqz){CEhc97B;DT zKkf^i-zW<{q@}+tulVg&XY`jq&$Ao1lemDprq|5K(fbYM=(Yl8WSSn@A$($kO(M<0 zoaX(h!c88cO-w_F_RBDe3Qezs=LG-)J}<}?Bpj@?zZEvwm@ik-a#sP)Z`tpxNGJB& z9fT;{_aRP!E+)76JfZWp=bO6IHj0v_LFk52v?g%EF)#ND-XNi0wHc@M$VGQh``wK@ zBU?rkSg6ALuq)sz{+xLV9{;7=DVBD3BJ=G>(suC556oW$flb&pwC<1gW&`XH{a;~G z2r3wXaj-7NEp?y4tq0S2;klA*ekwF1U%>8btxEtcA?NfVBv!)=6C!0a`jUE z!~H=c#8v(;PV?Ry+c{l?zd;Zu_MVTvSLFE?R7IX7I8j^vv*M3$cAK4=-a<1Q8I?#> zBDqLZ!Nv9tY`j8>oH0i}z~1MJb_Jb4FgpvFNgY-=?`xxoap<;Q{a$cIi^N3PEsGEw z`I+sh{Lsz(UlTSEYiUXnxW2z}RZQzhv^x?uSn@t!4zav-rNPQU5TxsoY$kFvaEe)* zWiEZCGcv)Wgm#a$ud>k3L#UKYxEr;lsH#g-J|gvbx_7 z{Jt+=w{qR4U)?R`h=Vtrm&5h11*c{AwME6Ap{4-zp_=(mw{-ew6x7rG*Psjt*$k?o zqm8a3JoB%UB~21->-C=eroHTaO3N1gDQ7!XK47qKYjza=6}S3QmCtoHY=jYV{!6#s zl%|Q)9Ro$9ZK1+M&c3(qCFS1O>@?jy?!>e}I4~d)a*RDEY(lfUO<*G9>IDMryLlgY|{QqfX`RhmVqY(G4w=i!P z9@%`CLc4}cHbkc(w=et=!F7y7ew2+`HUJ0*0t{xr!q|Qq_~^yxlN@jmwZ>0ptFxSt z1yr(J6-V+}0zqzrx_=(&dxCu}EiJVA$A-^#*Uik$vWmXK=OSx;9u@D^=PwT0)8i5k z`O&|1KyxGn%8?_XZ5iuRv|U<3i(v{<(3`DUs{2wgiM>=WzDi{IJ>lY_<`;b(B$uN3 z-AQaLqlq4gZkn3uT$Anpy`)HC3)~v(=fQMoHdjjtdz61l&~k&aPoAggQ-c6L>5q#e;qLUknSKVLyJ6SH3$(T>Fh( zSCh|rhT#Y9r7FAdH#IVMW8@F5>B&Z= zFfTOJ#;tUPv0!uMJgUvrdb3T%==~x1s`rp2lA*TT?K)?9?CAWh_a4MF(D(P31bl9) zOcTid-LAV(oJ{66DL328{pcFC;~}|7l=X-I^_#vzbNMyTSQ=2Ex+;Fi!1z4|{bWa> zxxqOP=v_#XKIfR-r@WCbMzwa8psXW<04&=yHj4*M9C*bA+6BL$)2OjGAHQ%G5f@;G zfF+%P3c*I=APeRr5wnAeN_*mR3#h3CYx*jvv92*VR3~=-1bxwWsE*?PepOziI_YgZ zavKaB!m+Hn)$%nPb9HuEvYOFJwKRG8*xMD{5SCu!8xGy-P~aJV-2=6abRPKfy6*$& zdH5gL2jz2Es-&4a$Rxy|X9Vp*&S)xK?FRV?m*eklq-(Ix%xM=sTzV8K{`dJT9k>yF zW;n+he&&RM!aDP7`}G1SROf09`GfJ!xg`I-&ALU z0`BLDY5wIwNY=Qssi7N*u{0)zNBY_iD9%|1MBI6LMAKf zdS4|5%9XY&GGLc%ni2ezTqe5}PVIdz(U&?R zdZi4yy;&&$l>Syb3f?jZ!p;NWMp)4VZ2gCzfaj%w=YdSd4&plL-Dnd`3fh|vJjjZe z?6pgDU0*s>GO{l1bu zdt3Be42{s6T@0k|ZGHo}s_zx>|&ku6o21Yi;vUmdzh5LV$!Xq{zr9B)smKSE`tHd zMxpJHRqDFGzE-I;90NEh{ps~scTxD&9z0O&HzUrXoRVm>w%u`=ZLnz!PvcY>7AY*O z7RpcXyx9x2kJ?RCNvrFx_fjRU9{Ng*_2l&4fwxeqXx8&sIqGC#o{kWoSo(*DGh(wb z8!Bb0R%+EHB?Vy{2S@aBcX-FS&H5?aWk>$u-1zG)p+BMd#WB*nTX?xGq-Gd$M z+^5?51Q>no1r&HJ(d_U$&cOVs*M?4czU0SDcMS~t#MN)MCo!>(zt%uaak+hNJsEA} z2bxH>Kq7_{qnHud@bLyqB}?=*(s+RE@0kkQz+)H#N(ntulVwY5{MDc|fHZ?9XiFZM zUmUI%GoqzP>A-Pkn;L;8U`hVL=+_ByI6!iez(}5iLFFcnNxv;VP~?4ciD0^fas`iO z`9H$=6>KlhtRs1fAq*^C{nFDAw^x@yrg# z_b7VO55%_RUhte@T;xiUWV!Xd0TprJX8unzhrK6W>mMYOq@zJHPkHM_u}FvTk15j0 zc0mN$lV#rxL0#@>I=gQ-wV>i%q26)b6ku|SA3p^Nh}mk(xM9p$O;a!t93rVOye1{q zbAnS8+^&0wmnz?oswt46v2nBb;TMw%I?*z~H%lN-@nsD65{b4cY|$uCR-g|C$~VIw zVCP?-(zAPM{Qeq#fGicb*)9#?pTU*ga7AXQFYaz+9u*e?F&cm-DR6HV?;r6xci zNDa2%W|?u^H;`ArZ25pnl6<`fmVKMo=~A8c&AhvaVDVdq@1>7{fjPlkWn1aw2D3e-j2 z6v?eVW$9Uw9}$u89I@JJ#>E?Ol0Wl{`x;{}kYHL4yz2|D*9 zl&spU=%JceXh7y61c9eP(<9{4hALuXgu~}T$#N_w2x-Wl!?x_y#rh)=AMq3(`lP@0 z53Z=^Pb?wn?5(@+Cjji0jXHv{U-Wm=Q8jCIJaZ2k1y-tdmS7@V8gmfV!^BF7fr97D z<*GP7>jMd69>o$j4csEhrfhmGPojku{NGQ}U91d9yon5=&cfZ(wGzEP6vwWhD$>sO zB>8=Lcwk|OAtol}k3P!xn5cS45d(D`tS_H{A#dod?}x!RiPVJwKSSBIS2bo(`9vvX zNn$Z9j0LV%V6mCfM=NI+!>aQ1zUD#=j+x~i zPre%Wvb6_X3HQ#i2*k+e z=wysJ>`h=?U1;6-7(?(?-?>C_L_EtYzO}~;J5zS?&TXcjE#uI+9me0DG&*Vho**2u zY2$~kMqv`0NReuZVp>P|AK8Qo4gO{=xdRPxy}5&`qmj{z_NDCGtuF8D8Gq<$3OQ+^ z$-F76?!ob5kvjcL%QdFJdRtJ0g>XLfT`pi?`$GX4Zq_Eutqiq!jN5KcGX;=d$Ou{! zP=ot@JA~t?yHgz9N9hFE0u=rL4)ZaYoJlknAnA?1=Q|dl_RUlu~H?iO?q8oo#T1E!_%2TwSYM^CsW!`Sbeq z#cJV6xp$xWo4Fw!!Kqg<{Eu9GBrXqDA$=yW>(Es^XlzgW*AaK86$Yq$!$0rjKRMD) z{$>G0i$G?szo=&Da$601y8r1I33#u0Qf~gKEbI79jXS+l8^}kg^^t7Y^T{y)iV0I_ z42^8jjPL_$(c~98*?9I0H04JAQ!7;>?)S9Mw9 z-J4USokIFug8JfXCm!cYS7ac<{Vjzc2ETH(vSP6FM!U=aXc_E+g@?&U{mS6EFWGbb zJ36Z3$&0)tOJ!13Z(&EY$dok+mFTV=9N65qr^5nL%~c&_CgW(c{))?>j@l5J&r5KS zW!$eEVArUTfe_ldXrjR?-OFLqmw-{HMBG($w=$p4T*sOi(ic#G!GIt36L80w+*ryA zI!BOZAhti*AyhBEcUXO?mmQFPh#z(K?ecrsu^*=Nb#94njUoX0eva&>Nw_^s`WDEx zrByJSx3ZoYB#Py-`v$gq@C16LdNtZ<52_<}m(jV}Yh&@aqq&NrBnR2F%f&GXcHz$B$6F7pbzJh;igk=aw&tTc|I{ap4YQR%zc5F+47|PF--uv8J)= zkk36Ur8s!POj^`T+KG|5`8DNmFBeq`W6M(3_MA=qMv4!2Snk@=cEpXdF&n3(4ZEjVHzW7Ju-Tw zz%P7rwll5vTLdEB9n4RM=VyHevBdZU!R*wg#go7jOI|r(S_Sr6Eq{z0Jb)@lm##vm z!*KkIWbM>~Bsf#Kui-aa)Qi=>;yQY2!-cT02`taEbzy6zrQRB&lX52ZOJ5m+nES$m zvtM9UC_GDF+5?m7#Kr&A^!z0DuBe>Ws(+;i>} z5$-8-)Lp2;!CvKPV@sxDVpc$G?l491nIn}i*J)t2CjcTX*e>ND-*E6i0%$|2*?fimtNvQ$g4fduS_c<%(1a_ zl}%}anZsn*4d!WmB#Sdk&T}&1 z*}}I!ehNy&-tb5IJne)T$mMd^+me3d4_}rmS|- zE;oMBK}QTS9ND+O|Jm#>mhz@@2)3Lno?Xc(0v$IxJvr%{GcAt&|Ywm~dfDkqA-pcYG_Y@EO; zbhL-5MAlLeo#%D7uT{dB(6PJ_Q!QQ|uZvbYv9rYWb7TBSh~6z5&ieb_aQX=%IP{%H zBu2#(IklogJ0-d$`o({7{Yti?)t928GxWa5e{+fqzVZ4)!eT>`_qcw=M@ZR+O8t`P z4-(Gv_7upD2#Ah^qQWrS6ohD?3LPSLUgAz6fAD`v$H6)%>&;Pe>N+bjt2KnHmR=0#!zK7^mMy+=Akr`A_NQ317TiOP-H1jq7HW>VuW<-1u?S(mmB!1Xi0Z}7;G$I);>PUUd)p)EUFWe?E~Yo`NTPwf2X``{{O zSt0+l(Q(7HIz(@;k*L)NZ16xcnVfa)OSty&{K{%nBKjf55Ape<>+^{u zuy^3Fu?P%5>(l!LL!NtGz7w#J<{GDAx_j#pZVVS~SsOLj2MzG69!sk*?FfXPm+Ma4aQO2Fb?I8$qKbCu#u6pd1sn^p#_n-2?ziip!w$euH4PK5~JrBme8sO{Haj7Hf zt`2MqvwRMmX{=q80Plai!N^HXs6a+qb*3|4Dg?J-8N=JxdXYrTurqM5b0ue8mqh5U z29@aZS)HkIZIE>iQl~o6Nl*CQlP+O26YAh-n>Epa+tQUU@3u@H7l63rV-Lcj#%9s% z9jDY+L%6A?a%(6)N{j`5yAX#6d?`Ud-Dc#Vi)I5{CA1aoIqN^Z@g~rH_)JA&mf;b( z>@_o~h7C+-t4f3h%-BNX=|3;4a@7n9{;5{nyXRMqp0x1z%Ir!tW^Lh$f!En?bV@dt zDOfy)E(mD$#>;dC^#NsSe916^2*7RMwrxhPm_#IO ze6CMhPNwvnC!#E}ytG_dK}S&?vN*m(cMmX>ffJw4%#~@cgG%lP3N@R)R3NDhG|Uk%u@3_GA2}GWfRIZF8Gu7 z<63s+Iv3DO-ZcCH6ksd{D4DQb%SFL2*7+(6HRSpe>Bd)_oMD&O5@@{h11vxtr*ten zbwe){qPkUqJ^!ui^Zkn+v`lfLtX zJGbdic#4o+43D+8n)#3cGg}&e3^mhmv=YZJg7)oxUqAY_#H`n}AZ;Dn`654lY1#XP zYsjx+u;b;LLTm^*xpUY2TcltBywl+fMX8j z;QoI-j zvOupji>1@{r^0Pd!aXX_BW180EenBCvxEQg(B-@t=oV|BPA49@oW`U#$Y~&gLN-5A zd{qaFVZ}7Qp?tT|(e0UR=h0DJ5Km#ugBwAU?%`xkG}KPi$XuO1>H}bhWg4<-EgLe z9;YZk5NjeTupXdSJl~AYZO?I{Iq=E}$p`zq_$x8mB(IWmM2V*2?X=a8W9smAeXyCEOyER{5b$Lt6cIyHD zTb_*z@q=K;VG4&I2VVQRRW!+FY=#v~=TlpRgXIO=BHwFOur8W@&|Iul`6+GyLf1yC z?oVH`=g;X_C~TkWtx8^goITni4#<0xpy=26IcLkOH1?@U3b7TSnlNy^?i8MUmx{fb zLC)*$csHCc&wZUb>y)aj)?DsK{Rn5rk9&h8k z4RPaxBgh6oKCyjji;InH98|@z32@jxVe7!~OGn0p)(?89Ul|IpZgAB}GLt|30|F{6 z?j4c3`bjLWRP9T`8!@vJxuav{|@Z8UGxlTUp87?36=x5eXEb?Ow1!e#MCG@9oKi z1nndQzp{ZoBYz@3#fp3OV^ua-u6Z=D)OG#3(iS7`U9^**7nFk^XNEXxu@Kj|MdU*&4=8P#%8#Gw4MRux;bg3 zg~jOWo}y`_R=vy0ED(XQS+EcFY=W5kKb@27zEVv|hEt+_PKT0i;&cvbphb1vxoJW@+l|D1Cn zDEE~kW33NT;ZK=qCr@P!*U&KGD-o_f+Y8`f&V$+$T?fXPbJRv($e%yjl=HtO{nVj% z$J^IU$w9a;a`hfLlmVeMXZeWXzL>q-leG|>LgAgp8@TajYiKJy8^36CobW;DdCfoX zH|_*}%zaW&mp#P8YS>iBLR9hRT9tRr#;Sdu6M@2m5*K(qO+?GWsfoh1xU{10hHKsj z#SzmQUe_lKjBQuBi*A*EIUX*h65F6a<@4sVJup#J0%r=xwze>SnP*;1WDzJ% zhngl>_tzPBGrhSYn{d=CHEg2ws_k2 zzI;Jh6#>9fqSyOUHdb2wb%)$L7?>#GAQR(ei86=ueg+kTY*^|oLS zhmJ!=s0q{i31xHEeiwPLsfDri+^6=PCSt!$h zYa`Mk=PO8q8@KcQbFSAqV&lWua8F1~4+B|``*AAIpp1$@oqJ)BLp9G>)4`^TO%Gg@ zWuRYyV|e_W%L1?5p_0A^QNLgT49FARGc`4X<1$B`S$eu)mfNC@-UK5druKXpWN!Rq zi@=(+&L#=i5ar7<3xoE(xZ(Tuf;D=DM#PQ48&E)K-O|KNxrI4dfE5Yrj&zN1+ZDbCqp1IZ~cMp}ajRw6f6^>mG zU-bgm#Y=j0jw{gSFjk#MpY>gdaxJX({ow^ob<(pONs5~fwOMW~A8+^-d$|s2q>Iyi~?ou1LHUiH?BT{@t)DAs2GrNxB=K+aqdc zPdQQRG#lX(96l<2J(3fhG(p#YJ_=g#d;dUY(&H}7vdiPtwKn}Kj^+3*2H#L#P~Z5^ zNi|~ZidOFUhlQS9yU{;iJD}-l98G72@+uJR+7l$hhO)jfyMe>vKvLNxeQjh|K%qza zr))FH6lA9M|pCV(?t7BwDJ5lGzz~)jD#3BpU?hb!O0?!v(>2HxaJgQ?_@@sic}>Lwv(C=chu_U-nYLE)I>0>?mzT%j+%B6k8D@@! zV1?&B?*VNoYryb4EeuL&e&m6(aV5yI*A-z?T?) zGdRk6JFc*Oj1yvu3}Y&Tc24^lE#QSu;W7!n2J9xS_8=S5LX|Wo=j};#3mZJD)ADS) zXd(E0uj4T}WbsXJvUs9Ie{?1vl!Q|pnb1`eyQwZQXx0VG$fDXVa40n=NxIPGaDI;K z5Uq_oLaiaJ%D%h!0B9D1n4)Wp9if;;YH06&o+9eiU`q|`i6C?P8tdn8fUqfE?Ig)^ z?0?)4fU?)4&K>!)bsMC?l2{Fzv|R;T@fXj2_;7%AN!I>cei{WFx5%!=dO+XG2mZ+h zl@(Apli=x3;(pLYe9wuA=M~kvpR_pN))V#CqI|A%ZKFaToq*TomB_Cw_l=a|z5uO( z0H|ou`ZurvaRl9lMN`;&KOfc_b{>hYO9)hC(9dx@-hvRR2Cwc4HE#4%-aL_xZ6OU8Z9(NZ z&}h3|U0;nx@UhU``Dk71j|>SGd*v=z8!G&8&;s3s7;L}6fl4DM^zc{nnE_)Qd(*z; z_j44BUJ1l?h}g9RGB#Wt#wVqzUiM$x%Qi`0_nVe-vj!@`x)Hx}|DfPAX4|Mejv{V9SSqnNk`ZN>!3K3_5FH zlB28On*x|>2p;V?BX)1;AnQZd_-Xfy`jreG|-=Mfg2;XafK~!x23tTru z@&(EBPgRWOfRoa~Q2>&cUB%=l5NBTPr55o)H=`e)527d`KKNpqYeKxFsxTb8%1u4w zdb#8uqg8QV2BSZa6l$Z&)(@padvU*%sy~3W-H!*sKPh){j6Xy#PY&U%_8AtvvSw^W z*6keN$-?C&O8hudb@GD5@A?F~j1lvspN~$t`706pKaUw{-wWm=u_=sRzm9BTj34+t z?Et$Z;On~}h8v2sH1^6dM4=s;WqF@l1SBurWuc~L<*u!gp})6sM-t^_9WYAiVBQ^c z2Te9VikR+`F(nJC^BKz>?swe540w(!9k@pngh|YBPm+X;CmEZzGsYDR4~nwSiBiRr zan;c!sfNcy+dQ!dSVBqBDp8%DR%_smtD{px*m+#>Ae1Yda_yiD!XH!8CoV3IH~ksj zrTI;j6;CqK1H^*wk4Yv;naoWKpRl*}TBYdeISJSzmBu}BP^Hx3zbK(Xg!jEdrodII ziH}&eThVqws9&=k+ea$dQ=LgWHd54{fz2yhc}GZ^02VC^*_;fDj&$*--^y50*Zwy` z9o6rSlf;G(ST{_%vvAmIyhxr4zVL?ppq|2S694i%`xmEGnuU{7c509q}&MkjBIGq#->|_M!5eq=Da&VEAb14{Rm*F&OYL zaVBJK(kdr^j?M0eARPh(=lPl+bB;BdWFR%g^||<=kyhX=k?H-DQ6hr=;MR|S@L11d zvW1mPzjg~_+K|XI3|NTS%6jg9tZZ>mU5J*)6aIF!@Ov#k$siWsf-Dn=M((L*J@x=` za{oT^P9n621(tweMU64>bUP9ejtGc3<*}Ml4!*ZXetkY#X9(25V$vX=9Hho{vojBJ zvX-3>+-d7MOX)?7=eh%Exq;Iyq9Y2gT|h>GssGO14n2bZR)kt)TQ^!kzgAL|=!GJv znxXsi?&>ZGhZYPb3qGQ-=u59ZGMjPDm6~VhY7Zrg9L%_|w>6t>;wH1R3=Qj!L$A0_ z*GowZ;Y^wjyR#E56K0}CRXyH4)Xjq}sGl9lbwFfmLQQSHoQPZ1cDJstt;y8U0YK5k zGpE;8x9=_h^)kmf_g>%> zrWxINaT^1+-~LDC!6JKe}Zy4so zgZMBF%j=sZJB+q6JTxNQeEj}G>SL5__G-OwNVaEaCerujH60DDgwRHYkovE}ulHzx zoLPl2{$5lvdRc(9t$OfK`Y6B(RCa%-egT{-yljTawkcYKs)@iFIT^znh_{YJF-#aZ z_Awp;xe1p#)wnw{9gnC5Gj*D0= z&4&drWZbQivTO3Z?n@f4RZ+?yn46!SLPU;;i)uH6_H z^krTj?G`S(*~H3CCw?drlqT=~i!Zw`Ss-QO{-5Wp=d-V^d;}yf^U!kqeZr0XKKizb zR~5>hys<>PYxc1jCB@$-eSqVezN*k3kFz4kwV3cO)8a@&5h5o6pYTsUG6ra2>arnK zEY^d$BXG}FiZXfw-am5#IATcyy>b<#|6l&$il)K44^I=!pt(Xj^CsZ$SxC z(Kl+(dlGN6mjj>_)gR!WEm_Az5hy8A7x2UA;N$oZ@p<1EOEC%Q6hqp6*|1QDj^jwt z+zKh5pZs3Ao`?SQH{GT~`>=2YC3lL|psVnOhE|YN{Es>Qe>gy39grR)_$bU=G*>nX z%NFZNpu3SX=`-sf0lQ&^>@!zua>6_Ppuh5_;(d#@ zR-wAOXnGSQggdWx-W>bewj%e}^Gw5L?&W}{9K}b_#)Wq_PwBEL@n;LC!G4?{nG~lR<~npkyc?t-c&3ETv@WU! z{a`QStSb^o8_gHZ&4)WBwnEcQLfpS0H*u*z7E0Hh&`@e~ZS;a_Iv#^GMEf<+RsX5- z0c0B$$`sBZWs1_FzjhQ1w@-LH(A`u%KWUKC-S7RqJ4csD*P-H6d7@FvfG2fM2yxV) zltPD+(Z(3W>A69%=s_nzYE)7hd|rcUi`GARVnwu_k7F$SHo*#S$-APacgASr)n_ed zQXbRzbVSW-8rYkD;+v4(h-pKz-YngQMZYDa%eh3C@;b`pH}j38XA1Z7`so)_QW2LA z>8`5Ki_5g%dHS>CVC4F8{O4VA`s`;=by_0}2oG$ph3Y`HAQ}5+#=`3-uion1pp6}0@7&yw8Ngg#p%I9v8h!mb1!Je~NC5T^ktL4Cc2PWmaa z##*B*iNuazsREIBN&`~BbO3o@tS8Ra`X7a$Zu5)-H6YU1=_3KwZD z)YQllJdz=PowtVli*SYqEvFF3N4ivGVi5NRm%S&}YwZKd)ibj{@4>z(QyJ7&O0j(* zmbc*W1$x*zH=6Mosuk9}|I)`s^P%Flyt1G#a^PYj==S-hS*9ge0yE~QL3SB+4zJ|1 znAwE}w9Zz#ryUD7$00%LQ6TP$Nd&P92x`aGsWH#6UZ|A|m^NHyaNptbmKVtG^~UhSNpGd;BnI~;s{k*RPj-0~XP39zzyq(>FGwH^jtMg04Q_Hl`Jv|3^G9QSA{Fz^BFfYK=s z`~H}q)7vi!0=M+Euo*8R6-wpSNi|%){ zU#8z&1qJ1wEha67-Kz*Q9@Qo=;Ym$ShHocbPk20S_I$sU+BqT}A#3tGM^;8%TKdC> z<3$fcBg;ST8;9&6I}2tyiDti>zxg$80!b{(eIz}_wI8M>98g*(3tQ7A%Xk3zsKb_*&2K4Bj}R$eFg6Sus7#-_|DR)n$aXN38g+ z#%Osnvp{llJig?yu;RW96%N##2_fjoZZCO!=ANQXYi5l4N?E3UDqc9ha8-VtMMU^@ zm@g#s?=K2H)au{Qw^{Y8JI|jFwB9zC8ve-4zxiN#Wv6#=I^H>cimYU%J{y3Y4i%~A zu2@r;UsjE5f{82_wfAhUlfG(L=R+4OB_G_p06Isx@9>~j!Dt5~Ufh!=$V<{;q(>&! zl3B%9_01g=LUxH}0^GTd`)J1;U9hc(S~XVRaX*vS%FP0}QIN>#+D!Q;SAKGb@#ksB z-Fh&+h;BZI@idpkdW)IRWvRW}knS0TGkJ%Bh*GIu5-v>ZRb!F8ev?~@4a8%A5^GNX z`1dqRubd(}BLVNn^C}ulo%#cA{n_5|p#+h|IUqD72P5SSzCvv_z{H!rKuj`nZ-9QPf(PpMofym{| z1Z>0WtlX}@c(NrXdv#cRy*nb!xaVq8)Mj!j@JUx34g2rQbW6>~)9EJeVID z^c!88Yu?PZBl}zUU&)GU1?Ov(c8Cf)`-cyuG;;o`nW(kdIgk06uk=bcX_#_FRMe9h zzJS149_S6K72cihU>YVi6nN4*jhn{hWSibLQ3v&in!3MiSM5TJ&CgDZaGQPqGnpYe zL6IsjRS{36!L>auWxO7u`4ELr#5#Riq@?~dqW1F>>mYhmI-0+~o;Rai@94hmR$sb4 zyKrzQK)cEg7d!GszB=1o@&pn7ih(SzTc`pGjQIc`}+j}ugr6L$j7B@ z>akjtopXA1vlA9Llqtd$F;Jy+7NGaLyfDi{0DNbUzrOP@@;e`yrW7V|G|zTNkatnv zMvJ+|VF!3@P0#d&itC_NYW1y>#+*~mO-g?=SyPDc`c#u4z zi*?NVJozszg`0}}MEuJqrq{HXB2wA~#^1hVqWr$~h`^B}u5#R==*sLOuKEA&9HHXB z9_+g~6`1_m&=n*=!S9tp737Vxu)y3Q3D_u}THIIYShyNs;l-&^&G0`b?JQ=Mp1!<_ zN%GI4enJ(`-6A^?6>_Mtc%ux{I=s_^%(we_}JJAfzCFl}D~&&=SRCHhe1IA^74CFC*ppI(@V7i|IjbrHlSx;rJx6 zh0g}4I%R9w-je5r$<-6)>}<>o`m7<}GTl?pxnn;<#K|(wA5z zspjw4x@*Tm2@~`kWwEEXTnM2F0$Ez~04vCAJu`ZK`2wKSN&(mbn%RAjzd`rsQO^>`i{#c@S90bWb!QtLlt`TU0QwJ zT~u)|lot5-!F>TwG-$S5BA_*!GhRk2XR zk_vI?U2B;=gPg$ww=9*RS-03XB)=XV5fWsJ(LG1^D|vM|THiCM*U%$+o+(@FFkq0z z-JFrZ-_YCs6yN+L?^hX4mYk>Md|=U9TQ~IspN}uTytq#x=IZ(-S^>df*fKAA@Lp{O z>`FPVfQ24TeY+pB2Sj<+my2Hw+ttoSHUZiH(y|eR>{kkxzU>Eb%zy?6OMpmz*30(r zvG>HpPs=l~a3bFeGrZ1Oc(+pu424%8&zVCNZoqPr;Gsy?#h``aQQDvsU#3T<>o3*{ zi!6^>_7?j|iCMR!(v+z}SJ$1<78|3aC!R?$FF#Ks#`9VBsx{QyrbS3bvcAncb9rNN z5|A^vD#&dA`hOpT;16qPD0Vxguj>{KNQ6Y6xJ?BeMN%RPo=wsw-OHwIaUakk=l=Tb zWN(6{7TV`oY4go|h|Hw52E3gZIH%*a43T*rUnchSVSz%|`$zi=rPMdx4OvnPJ%$ai zr8s-Cz_u|{H!9ch;nfq5&Lk=(m#r;kcJ|r^=bgk;m3bd->)lxIIEwyCwX>{D{%iM3 z<}{$5=pAjSob|*x;>0E!xc%N-J#hDSNU2^$bU3eL^(;L>IB^8m|Hx|W8tzd3_WShM zrq+f9mjEM`K;^pn*)GY~#TG9)iV`rV>0tlph`>FOL*vHlO%ZV?n^byfAS}R^S}?q| z`Wq{OxIp1t*jPPlF(2Y4FjZz~2gKfw&4A?Qpapq224-z*K>4f;p?cT*d~N9$u##49 zO%%?7U>=+UL{_l_+-`v!(S4-EUeEC4)z@Sp*Dnh`e{T3do5HxF(e~sg7a+)EFt%U+ zyahsY9n^E_?&(^bnk;|T)%<1&C|o^Q1gv)$RCwRF6omP;_5nY!)^eg?7C5=;5?BbBfOI-PBU z$*xpBOA4ntQ2CO^bHSzuDtJnNl#l5KDOSlvvBUDrlh_O@h0inWGzwIsZ29dLjiDl^ z>CK1zd2V7E4sY|s{&}4V$}9oR19Pv(*5$PKsia;*MTXC!;OXL#T-Oix+>u%(_GcW` zT|Z`jpsP6_{s1)0G)|c0+CI?AyKBXWnOU#p^u|Z(<>q+fG8&hAy$DGFHxr)jHS9bN z-AsNf=KXr=##F5JAw%Z@NS2+xUWWO3Kqn@GD%U{XD2#yU{acWZolO^X zQtbE;6C~DGK2h)HxjtKXb!LAfultkUsMeM(@&;vC!!l3*f&ST3mF^HB{!EU@YppUJ z3m`g0!SV$1`%^rqWE-eQ;tFZqe+af5Zj;x(`Hmpj`})eDt|!xN@mIqYey&(RrNv;? zYEI6hhf#&9a`?TP^-*_7Kh;*E4FdXeJ9K4%Y3d&BN~Q z?1d7#2_&l=t#kOyf@G;R{}0cq8}OG3l{CItQj2sLGLK*lVy07{G#-H(A*pm{WW3G; zpz8KYs)j4&sN5OY!{|7lGyyOvpK$!=@cZ8Y=js&17xh4yjP>DKpZe?}fN6>j7j4Z} z6%M5fKGi~;cR@dp#7isV$Ov{?)5JduN4JkUf^`JXg7O8ET-k_9V6!4F8+#sO^n9)9 zx7Y8mExDAp!-AVLfE;7?^< zZ?Yb>W0}L42UPfOG6ZX%D)%&>)M7}c#LqNwdW0y}l$VdD^4OBp ztRIjE*P|)9x^YexTbY^ND%94?kbca(4@tx{uKW-i8BP2eS(Xa3myHvzB zj>FX=;yhOo0C(#DkG;2ktFqhLzg3hD5s*bKkd`j#Mri~D3CTqx-3`*+E#07il!SD5 z2uOE#cfOPTJo~=yeSDw4;63&)9+yg7i^VnPm}8vh=M28hhR9urXa(|zVgyCwUdf-N z1o+?K80Qj;HW>6Jz?i&=&#EcRd{X+7&OcArZn@%oocjUI4fZ`Hn=z_*^2_I0NrJ-S&7@UMTmq-ds1#B6mtCQDOYd z?;7sv98tmIdUC@?7Q=ZSlnE7 zW>a`|?k3AgVj*Ui8j>&DEXTB7)++LsQ z-+|?!X5H0V-B|#hs=LFm?~QdvI3pT&_gxCY;1B1ZM`uViq=$pi#@sq;nciWy=%B z%)f}6mT_LDpZ@6*e!IQb*|Kvd!)|isTDzSpwrrZrJQxy;OlWYEUI(DcKV{I7zxoPc zwuYqSwW8uzdM0pg_7DA-`ijhPLbaigzK}=+9|d%h#u&Ue(lIDkB!m3tlG4cDJ=C^i z@Xv;hbvylw-kwboIqB^El*+qAmH}{YTvg1kul_Dqk6MIU`Jkqo?-M9m7py>zUgi;;FIo>Ss#_p%Hf%HVVhbgJ zx`qGjF=U5tGdsF4KR@3#4#n+xi>POr^XX^ZFNul#)X53E-moEvFP0>^61=t%G1YPV zBaT~~VPS!GoDV0)Oe@=7(uWbMCmybB(x=Pmnpy> zj~kWy9!%|7l-QWy@<71C*>T!EZ*f8sPr1`ZEz?El(iXTYlNBE=1Nc&3cw{EjP2s?| z+(_a4IOiA%iqnl!>*%mYb)lzwANB0KS>PK?7n{HA1uVAiT)^OpWVT;g{m97>xq8<= zSa%t$!*p^Axk))2D^$s)pr{ogHnF()G8ky}rAB0;yucz2`Wub-1dlCUcBQ9*tFNzs z;EF0Q1Y*$X%L%fH%|U;&Vh7m9@Og1=`gUv84VxG#_CizEOOj$ z&;t|}>V*L%dDbvz(%u>d&@0Xl5yFyrCicz`Hi<*Pw2V%H@zsFsgsxqU?2WOPL2Rwjs2}duW6}4Cit5OqXoU zicuCBIpbF)54CN=*BZums2b@&9uDj!*7;;&4 zhfI7P)vpMzh)-B2oW0zi8B?arw$eeB;1^Qw(0T`wpEtLEvd=#(;mBJ$ubG5brY43^k|Lbw4XlYd52*7ITO6w3poHUU!b+ zSkl!8pSLb>BV%){r0}vK2Vuj{1^==`mi+qI3Tp*J)80M7_~&mZnu~)uhGec{b%7(L zpPP`OPa+SRuu75I8;rV%LLO;0L^n)SR%`7>K5D}ye+@4UAr;jHw`%8C`+cM$4Jv_O zUJI02xMXREz(enPU?cxi;%+~@yew;<> zcbX<`rFTn(Z%#v4(N1lxV$ja5LNkKf>esh3-#Xf@tm#Bi?3Tl#XF*sojH_-bgzAkJ znHU$Kl}mB-+-3lNKv6O6cE>R5W!h$Fo6Ix&79^^+RZa3F8*Djgr?;E7%b^?{wvhaaQZFeWdU%`dd>$p~>VQ;yRKTg)AmC>jJk0x2(`0>#n8- zE8Y^`68I@y!?4k29uavF!JN;9)tueExi)+_rX2@x{?4o?s)933VkBD*@+DTy9Bb@1A<(29Zy6OK8o%1#%nLrjE$Pqu4WNm96$ZB7-H<*$;#<3jHmj10z|a#(+l)tNhrT&-9hg!73n) zPsc&D(Wl<&xKc&)M1aG$`ts9s&!276mbTY0t)X}9E_*H2*oCkS-6+kzq2}9G>r#iM z+q_hFW>>slA{AO#abc0{A?KdUU{@1_fAZ5SBAbl@&wNag7W$dS8|1-t_#2-kI~|%x zn6)@}t-^|yTm}WE%^N(D%%&;_iyJwOl+?ybPcde6T*m1u4dUJAwkplzzvVl#V-4x(?{!D6fKuU=$Yy!Wc+ z*3JBhvK3o4>-1&K-d9t>%bHc?0}yD%Q3^(n!LZxW4T;#IS3K*8j$0e$ZA0-tyPIX+ zkIGjPKZXl`nXll;^G9=D_nBlaYC%1~vm%MuB~F-C;Glj7!Zrzc{wWdeb zTGc1hi&OcD;@!NH#;Utkmu_jI(}_j|IZ`%K$d$n$Q2Y^iZGX1&o1W%aGl}yJ-R+jP zS?e9&vSuoTi_K)J?doI?dN!|09P0-fase*)L-*R2Um33}FBFGp3j|CF1|KSre5Y2vuh~c9aTqm*iOL06PadB*82B^7RWZ$^C%7Ce=CwAR4mD-E6+|IiYE+u4 zu82=M&y_DrDAI&edKM}j$uUY)62t-Dr#z=@Oa93FLH5mTJfSF&pnj z#?L+Ld;HC02FcqWL539v#pGSV+k&PNF{#1Q{Cw&u`Bz7Bi)mST&AW9?mYsa==9ba6 z>vya*GE+HeE{^Ue6>&Ie;IN|`MSE!-=e`o{y<<6FWRh1B_$g`F`rw+7*=N}v8wbZ~ z_+U6Dib~?``rj>|h?J-5-6GTYB0QF>Js&ediDS57l;MngM>AH$&mJS=Oa(TJnQ~m+ z9)-aERc5;P*eH+jO%+iqY>Z!gc#X|M9R(@L9{ghMhsW%%8|5VQyETLmz8%j} zG*aZgfG+w(EskI(dJi&W==&sykUiIc0M&ryG9)tyB$_eciK(t{y3^RCpibYGw|9wz z^P3RYY<;MriA90Wi>!Zq>k>bAjMXrFIyPOt1Dcz*-#;jQIEo?tE#dXh{(s^0ny>#v zE_RM?Ih#&E;(EmiuURqpCv9Fp2-{(lweP#1N(!!XlQ78CQpImP$k}zp@A}zPUWfBND)^4=1n_6R+^97FqfT{0(ctj1=L$3C*}H#T2gR-ke>ud(73VF_uwIT$~LX zELUpf25!l3*6wa0aMSlxxqK8#%tY#WwKhDjouXE3_numdb}!>d6@8-S{eVFztG9KC zGP#P>w&OvffV+RUjiYxICeXEsp*$QqU;_25hk38c9h83HefVkQt;H67Apd)&6Zo!fvRC3G|9?#LU4fojg&XXYh zdmAefvHdbmOIoKmDEc|eB*pDUoxuxn;{~Zdu5VZ)C1d|NuKD@mpt9Z}`_?i4ZOr<> z{$*rI54UXN`XS{kagWS!QQ9>#ADB$yMR#XkcVk=pB3O@q&08gP^?G||_Uce>kEK27 zWOvS7x>!OsZSYNM*rn7% z+wfA&r>Ev0cLF9;g71(@JeiVi4L;y2vZ2;sdFskMYR5=3GE}g@!xVqfg-0=Xr|Ki* zi(iIofSoHlV})j@`e}$fCd=+Uei+-`H^gP5RoTV=m~jcpPz`|zbv06{fzaql)Q77c zvM)DBAC30cFuL zhUnW3hMmCl(T|gVesMzSbU>U!P}`7vS{Bm;j=0NfQ>tHGDXyt8yPPR7SRLgKq*Lm9 zDF>;MK3)E*v{*+rnb!8(om7TUo@E;hVq46^3{$LvfbWcyMzd~YKPjSy)X!wk$#8zQ zxskVu|HZ%fc(|8qw`@ zrU*a3)^c%)59R;qX*O9onA>k;4BDy{DLnFVJLN6E?92|Aa?ZBCW9?=J5AftmNA+NP zs8}vw1k*mPwy&C?_`&7Cb1nv<)&r_KGoXG;?oZ+vYyc^^(|qSM3fz3y90_GhrzLWT zm>e)SpiHg+u&L<;gRRZWR^mJDPGXO`6srzAd8d`Lf}!u{j8{am4wRI4TrJY)GXn~B zcH8Vpymr4*oUSBtv?Odep#HTojqXl2 zV^2zn2XB89rq5GX$F{9``l4$zzKfirTT%Zgy6%S!Wp*ThkjfFobOKPkH+kv<8> zPnF=bWpMwi-Ilzbl+q6#?b3TwV5GKc{RS9&?Ll7$^;s1RcBg)hRTwL5gM!$$28hmG z0B!PN(Aa@3%Wk6UtPX?0) zR%9W*=zrsy^6IBCo;3dtD#K^eX)yXc844$^FQ%hPU66H!!OR z$#$cp7)sM_R;c7v55Uj2&kvpGGsldjx82Uf?_Ak5Xsn>tWsmaC0MCAiWE=>NYzFl# z1cxVu+pa7Si)!kjw=ew_Oe@A8G)!t`dVyfz^}56V8t98BaT^YN^Q)WCf-+@Ym#{>u zsUyrET8$tiL6Q-3oeqtQG;Ma~A((&OK^yH)d0oVVH6z?l++T(GeLxjVEq zpQ)Zqb=>kzhH(~Ch>J0gLi4r%l@_NK|47)D$7(3g`Y`>1?0zXEW)3U9`x1s;Y$H`$tTySknrRr1;1gQ9&xX?-fbmrmo?s3wS%7`AtLFRYMDBdxvIl4JFS053zJ)2gGd zCIh3KGga5$$``|X_=lf+#CaYsX`|@CO!)kW{L>!Nh=lDAanU;^^L6ypA}x)dGL}+U zY~s!S$0S?9BM}GGv~OB1}27HDK-OK?7;Jn=r_p+>`80} zk8Z&bJ%H8aLF;@C`h1_qwLI!?0lKSVySR2B!EOXJHaVx)0nD}ntP<}iFj+l;2>B~y zAG8neHZW=dY2h_Z(v7~b9`A%tDVSK-o=ur7_ho`WsVVRg=lKELV-)W`F{iY!6!5(& zYHy!j4oOPot5u2a2sK?vBrB9(_N#R4J}Pnj{829RXB9|;n7qsyL@qb0gr`K=nF@C& z@hj!++knN%jxg1(?L_9iUG1Me=Z8Xe$`wQjacMi9j&UbvoPu{RVBRfK)t(ymn;X@6 z=sjs`{R)!Mv&Gl1UzbvK))`s6Pt#4S+3SJud%W~h<=>ee0foBJI4`w(CC+}pdTP8Q zkSF}5J|cO-C80f=TmP?~wAlC)wYoY_&^udCcRkzs)4J!e5m;SC=>{(iVkm`^Sby$k zF%IgOz{7`6u18J^uw2SK^6dw&BE$_V9#aXkMB^!Zt%i`&)}EI02RXTEfRnI(&W6py zAcbl=l7`P#vR{iWgy1yni}>^jSJnz1bAHB86V+aJGxq6HlQgt#twDpLIkR3|vkHE@ zbJg3&os(;^Hm2iSIr81D?pzS9HCsTn_170k$`byvsssrGGcy$A0Qxb&H>_?8qEM%H zPjG8>I~M>pzG~j!9-?JQFEE;EGr3Doe}#_PTdMM@jgB$^WyE8Gs?$=^ENB413zB}V!QnhSkF5$?&@L)o()=CcF>W5YS ziR*Hzmlspdi z-v4v{V;v_5+dwm$uVF+zv6>;6x^QVRg&Ju2oH@vi?M&CS!eeZh*=^@lN~QBPm`;{) zLV5+4Fx(Hkt1T#Ry}*cTxzuf&=s4LoH-soku+{H$**y)Fy2@;t<;4Ge;O&bQgw}7q zZ(vf$S1f>5QT59Ey8Z4sEymsT46T(~P)@JX_>lhsxr)a z?Y3WpQWX6tOz=J3xUg=6*{-9@R$yM?Sn4Tzx}n?k9=%$je99A55kq%0c*LEsv`tN zGWwJJ2pw&JW>e6655U{SQ)Zq?-OUD`>@OLKZXH~-7br7m2J zMj}SYW{shY^*w<(eT!)dD5peyr^brfb5Os+(_i?dE4F}4he4?8#b)*WAkfoDs_Mv2 z{esWIDi32y^7;_ipUC{i*HAj-KjtcgI8TJ)qd)ZdXv!P?^4AhFRU3w9RAn1s=d;YR z`+6PpXD$+7ZD4sp1rdg0lB!va!drVae;A)TWOQpD^y!f{@#86v|-fx|S(Y z!Za*Jw`?Xt!vv<0xzWog4K?tI5oy*9`jfxT@3idC*U`YGc{eeD4fZF`-YP_+-IJs}^fgE54 z+}851eRL2!s9h!|E*}&h*JogMHklyNcEp6*+bZ|8wD=tOSi&XqK_Se$V_4p7Ub|Zf zc^O26EkYgfkgpnRKI&RX>=@oCpAhD_=#)2Il5wk>I?-3HpHOhzr8_9PDt&!sRw$GJ z8z~nXcT7{|idSc&ah2IlNiT5kh4&9CgiUDwve?gbOe+ZG`{htMCWL1@hS#dgNvm9h zwwTA>2Oat$He{X`0|Wedq}YwhYK+05SGOYi6Eu6674El`E*1&wfkLX_lc?H{Ien>; zfx3p2#_dDg746^0Y0`+}r=S0z6YaK45bDi<5S7sd;$!;CP>bFGSM?8GY+%6-r zgNB+Lfchv)Ct#Ogg56W~;-Ldq1T4`h`^mToLHZFns<*9vvkA+7=!jVGW2*Hf6bQX# zN`>mWR4JU~b6Mfo%H%%ZL9~}x%@(#2TZPFqC8}3d0I`3@;Ddyun)|Wr975RRjc`Og zlIN8rNFSp0{q*^bdJ|>5KftyssuWzl+isgO`VDGpSzW$68x#vN+YWQHKizO1`}U4V z?Y?Wb(&CuL#D4LoQl9>Fb#mUztt+ zEOhy~i&P1mL1%?$r8lPKgy10E-q&eOD zbE~0h&(ZC8S$KuQ_`c-#BGwkaO%Gq${0ph&30jH&=)AiiF;Vx98=E{^MK}Ai`aRfe z_bblWcf&|NUi&HyJI(rG_MNfyz49ru+R42)D24Ai*$HjScG1gE!+8$h)}G$qF`~a< zZE^wUvI!9IYlI`708qur8wa@Fpvy#+sSiNvk7;~v^CwVlSU``iSf1If ziNE_ou}?KPOK(+uzrsbpl9zO1>j?4b{gDfaT5^(HyKLgxVI%*Ap@E6*?)==HETHi~Qu$^-mpq`xxarqDVagD?mN-|=kME1+o5-mMGwQ_6u z3(MXDn8)A}(=sXD;*@eP^85O(p#5vziRt6)`~}aqMI|BM4HIfa2#$uO7=J#*4IEB@ zm}F3Ss~BH%a1^{&#-V6J(3k@PheTEfSVFQKp#U4J@exoZw61mct<~H&Gg}#8T%Yft zY{MsRVmY%OqO^7??;c!kI152GqtB4P6YsekY*woW*Gom;P6Xvj>>c?FDh;j(nIv{Q z<~5u^of8%38%MX~sP>VU<)C3LZqT{xMVLd*+hNW1k76WTaNQz*q@h$9S%06W^f(?H z9I<^KrAFWB*DC3H>FXvp0CoDxcXlx{#^d@_9}wjiQGW0&hor=5)J~TCYOi!@*D-Ny zNmR;n`kvo536PMa$w5dp76k0}49SGOx0Z{^=3Jc8sHL@L?6mB8d?dlZZ!e#8y&bMrC)f8~^)ej_u{y7o`XwRIX*L{c za3uJa5(vQuRt^y;_(Xoa^!!FiqWb-FCbI0`-!+WyG4~K%8sJd8nfAiYsk+Ye@<-=s zye;2}Hs_SpB)(RE{p^jWpel=JJ*{~Za%%Q9mr-?5?2tH{ch=lY{ z6w7wL?03-WH;&2w{pH`1@E|$*Pft5^57-%pZJ79+Y2U0w`uiPIEh zby_>@?IkAqH0+6IHX+pfU~fF02wLn>GidfiwO}Pf{DyVCMuWE}2~#KTYT#0bR!fiPO=we*W4#;nY>?JS4r<@t@Ye-o|kKE&TgS0SGSg zpFZwiDR|2EAId=R?_KYod~J?SSlYh<=*A z(%r4|G54Pp{a@Edp83Ea^8~6BZ_xNTTm3={If~>-xvMgclw`C+4KMYdjIt( z|8?=-XZo-8>#vLdE@c1D0{-9C`#)Bae{Ed<-Ln4Lp8vY|?>_zi)F=PHEl$$k7q5H< z!@-&;oK-S^M35x-{gXA><&T$rZ`h-@B3QdsLh0`cWfE4{O@bNrUuY7QeRYtFh5f7W z^vn`XS2C)W;;|k*pwa%nYEe)XL!WRlM;n5?M_@>z84;H{MGVy`fOvwiSilnPF9gv{ zehfdqt&X(L0J9}O&ds}b<#Up2J<0OG-^;;&t(#NEvi{Glf}B(=$<(N*7iu-u zIRM~4NElq-tsT``?cXG_E(yO8t^abODGeKPm(oICFXYkpfAcq|@h7P&XK`s*dE!WJMu3 zSvnQ>JjG;y6ZG}<{fJlC(gXKIbC3|NrVq}wC-Yy+a}zTqxGyM#9k`{!D)U>NLntJF zi#@SrfMgVh4Ls|~2ISuM_tp5>msDT=$gg#=viN0$6@_sg{~$jm>+E_VnYtB0wxshC zeisf8lT-akS2)I)WwGd{%-$SDENEyvF4{FR87SIw+`+vl* zmP$9;6c+L-i4O2Ggx9jbs)-FZ#y2~+wAFAf#bq5nYK+HJIC0Y`tP?SyELr0n4>*17 zeQXtD_>H^aXz5!Q-?|oNRcDJ#l%b67dYNrSjU(QxatU||_Qc@`+oa9A$SJ2AoWQ(H z^VyWVB2rlGbPpk4Llz!}6=DBDZ?6N(-d4VDuT=0};Q!c~n-(85A{dN%_e2a&@iAB5 zkkb(CE#@w()XG|u3{Dz|H#!KK2w#0yFps*FNhLPN<8CdxA=>5D4@Qj|$m-85WD%bt zmQbZ?E$DOl*x^>VTFi3UDJv7{T{f&0y(J=>#d^HG#Z9?tx339r)`MSNfD^|Ly**Eh zmtnc@X8ToN+iN>GYw1HPfNGAh%FoT~C4eKNte+`9D5c*LLHxhJ-(7|e1ET`dSHlU~ zsxm3u&xC{oJ3}KbM7+CobS=h+t;2r7he>g3&gUMp5HY8u93=-l%4OaC zBw)u;zO;$biq&sS5nJ@M>9Kz z;oWwR$%ZWYHK)H>Fa-Dr z_i7KTqwQx}`4uiEGO#luyDx!lb_dK`sx$!fY7DFo)t$lqDIwz{ZG1Nr`!y~COL3f* zV&3!$_#?ZBgRQ5WoRqUQ1mXUoi{ME&1Iepn0B~KML4_vAkt*6k!I!-)w`tXQY3YN4 zI{sr``ypX~D8l)=*VJL-%XnB%VDuptv{kCuwW3ZS%wds(#y;hX_ONaw@o?P8UP zn~$L}25vou$oL)eLJDa-LW`BdA^A=7!0v2{|K`~q)hzv9G)rIk2X%GR2Lh-mh!tel zZu(-KhShS)$#oRXCHQDAW_he=+H_#%+2Uj&0p6i$OOT=6^%+s=-R@YC4P7u?14c{{ z>ssnKR)dNj%34)$+mB8qgC|08}YY7U6Tz4+Fd!U05AI_=>YNY$ML7 zX0?vE@!;pg=RtVv?t^_7tc^ghL9gS6U=mV07z1zkoM>%`m=R+RWxp>$<5RetzYo<2 znDTcR;w5g6)QV9P&xs(wS*|glY!=?|Hze;izsfF-*ay?)ZeZ0m1dOq3p#N#N+D`{= z-u7Ry6))KL9<&bI!VPcN_CI4pb6QHx)>tizCJA`B_bG!FzDU0}uGF18S(;Me)9k>= zz|U(c^d;-|u)OcUCi)v)VDF{F4bwzTy??xWxJfk@yLmjFDlq7t3<>Q&9u#2#b1{Hr zg5BIU*Q|%y45nRENe|3IIsV{JJ#B8uX z0>7dh?x#K_#uv{8?&>`K>+=Hru&t=}tptn%?)Pfhb09MU%V^R1{~tD4tV4`Hh19j!O1!5<<0Fb_us213{Xm!Hec z4c?)3JHsrA1+^SN!6#neP{qT}rSN`tFGim{1Yq6*gCZThOV96FOn;84z|PgC)v=K^ zmKEz5TPeuOGoHPNv(6l z)MfY7Scq$ycC;4F^wzJabPi-nCH1G)0>$yB$+p+*&9h)ya)<6R2PZn&y{Oea{V=+k zZx$PO}(f|cC3aHpKW&Nhg4j+wKU1H+%i;U z>)&3T+5_HdXPCgAWjNnnAS<5M(WDi}rg4|A$q~C#&&dJBz}Q%!6RldMPRi--^nB2- zb5zL=im{@6v6$w9kvSy&gb$y|kI~9kSa*+>^jq9Kv}!bl1x|6#4g0_9kE`3rY`U19 z?M%uyhpP2_<#ZH~A6K_*es=bdCom=kMKG_MQ)_Uosee$K?>B-!-PrZIA}*lW>a00% zJS(0RDixK|>BfXigZ%kfp8xH%vh-A!OWaxe}kosQMyO(KvMnuV~ zGu-uoNm_-+YS4C&ua*Y99K$~@7vawt=Cjk%#&;*M7#1V)sM1`Ap^gilj_)-srJ%#d z+s2FHkZk#XPl>EO1vLj(3UEZX>~|*c@E^G>=NlR!xA|R<4NcDer2V;K=m3$JRxRtT zG+ng$AtNa^Y&3LWJO=702$^a~+wTk5QxJy-1Nha_jCWZDz>i%DTPFL+z{|#ODTR;} zMoZ=Z;AO#N4z9(HK!jxVHq2&;lu&eoH#w2ju%p8j&EkOc$m@c1rBD-PalrN7kgK$FB9Ztf$%S7x(iX6rDj0Barx z`y(ouuh<0cD=9ZJi7XT>BpM-_QN+V*Xl(dCwmKj=zy#$bT>zTEQhKuZwL`-(Q7r(6 z6#=vZ^KP3&R#Kw0MA*c7Fl_XzeqgO|Vw}&w_TFrPs`7NpPCn7%*IY&x#AQ2JrEEL{ zk+*A39LMlbu1H{AD>ene&1=TJ!$P?+K*S3f2e7LkqJ-?aro^&$Q1_E8;`ZgtcfqDW z*Os#mmX$$JcvLqdO-M`DJk@~O={8)*Hv0}mcE%+vMYyx0Q?O|OI`;dlnvyw zr?{mOrBdufyw<~X@fg8U8qr#nFxAE&8dTW~ z10|1Q#~EV?>=@NyA%*gygqQLNatQM1T|{;jgD)igmdhUn3*SB*2UPCm8d(*BkHnxG zPf4d^n9FrHWnIX}-5HTp&PcReF5d9Pw z?g9zxLfuCgmYtc&+oNIx5~vXG=fEc#x>qghwtMFU4In{aBC>`uA*9)ik@{)GO z2%HMm+V2)pcfGJTw`{Eqze0G&zShS&7^3g%1%IY#FiOM=H>wQTl3#h!dQDWbuJMjb z_r8lP{O#mhQ6_JAv@(!uGv9Et%GkNRLcFvvDOmj4VI{#3E-`ygBsT&@FT{a*rkw$6)XNm8@|JaFEar!0pHhJb2t)_8y2Sla(Y zc1o~9#*wm%cyR$Yk(@VG9(DCy;&Wm;$CplX4@ujdhC%D`bN26g*gy0d`m*5re%=0jkFP+>=)fwqY}(9D7!JiZ0xV3WqFKvX z#JBlq#QZZr_jyW<-~ni-nNJos^U}i3-}9X+5(v20xos(=1ra^Le>eAqiVz>0jpaeK z+Zpy9W#qwRm9=_vJQ%J-m0}wulg!D?4o!1h3Y_>|w_7=#*|PM2a{vkLzaJC|?KyCL zmg&F!FaP{-$00b)OSYCYg*$^0P23RIB}2_*-l4@uTPx- zA<8-oi1O*6b8-P;bvjUx!tpbqQV$`hW6}o+ONTJzZ4`fucwfN93YCB{nMhuu>m3lv z1@)=q+5nDu{FIjCqHn2?=oJ%ykZA3UvU&w@?Nu-9kj40sW`(d#F)@kOh|~;aWIXQV zyJ0;F%Xlm;5+%yC=&?*NAF$Jf!Rj^u6v`6|C!!7~F|8gEW=B1DR1D`aTD-En7}XiA zi-S+DRsMXB|1jmY07qN`%sPBD+j4Cr0uP)T9X$CsTTv&2jiH-0j>bTiH6jU*TqC1$ zS5HIus;+LAxnroy*`y)aEg*=~b%cBQ!*liEroO@U=^6pHbR+6#0uL}95Kug;;`cBt z&brSK@$U$Gmhy;OPEvd0gKnefe5sHjA6+|PV`GqJo2NjZ3r`y#Xp(24E@?k@-J zA1s0Id93}DkLeC~h9)_eLs*x}P+JzbC``F24q_#`iHJ<&dGx%F9f`QRYrSt^$ifBYx0JV+tx0aa^?^HO)NB-HYoEw02(i^HfQuC3-WwHpa5C!7 zUINJz`S&OQhH`cOOGAZQGBcSYNy@*52OCa7#zY~#8@S?9ID zgfB1ds06*qabe3Bm(kawNOiJ_kAoM*`M%6BFJr{ji8=ltu|cg|nAeZHS_c80B8qIT z09zey*Td+37@Yt7tzZ6f1SYDrXGU@Q>;Vwij<^FH!P}}Xtnsc30CU9F{~d31$a`_k z1YdHGVVr)~u%7CYIozRt@6~f1_mAqHLxUj05(Hk4DW|Y_9qPU>wzzm1zI4*(B3RS_ zk8RGrd0C6JB(`>SyCXq}WB&AOvX*5HaNGC1{8gjVyh&X=yYyR#TlOuK{4sKUP_Lw_ z-#QCd|Ax7#ij(|s!DE9O&DibF_4}c15})B4Tew}Hl)*$q$g-3%wx?>M(a_F7ws8m= z?@VpR%^_*;}|LjgT;EC!?;RNJ06Q4SY25 zn{=iOZ>i7)V3j;bdjRm+tg2tfv9YCru+;r22Wa4x7lHeHbr@LJ^D?_8PHyvjrhypN*b`6Qv-NVbl6fueU0e)7%%6qais zek8LG*hI`A5q=-&vEojFe)(>Inc8Jzg+!o>ttSWU7WctNQkoCqV(M1j>8{XTyh|NL zqGuSFnchM~O*R2b?5_ulpRUy$@pg0_-(akMAyL&j+VvWE7X})V~_d? zBUa=3k@QsrBkJM@cgU99j81_66~;4+qrk%7P94t~dS0NyVEMgrtK-D{$XVl*xa5-nX zM)rNwmruYn${2&GFQn1JgQm~1&$v@R0~-v%u4XN1=0Q5|tIH&m!)9iUJ!g?boWdUE zg3PVgl{+bCrDuda2(9sBNBWd#k@sEUEga*Funvmf8Yh~IqgY{5nLXZ;z-AfsXp^b+ zP2`63q~bBAR$;hph#b0wv|wE>&i1%%@wW)uC(QZ~4%;uxhDaaY<rUBJCR#EX_9(@6F7sbvp-2$kWLgdUdi^ z&DwdE{CZtsS&rAmLkoymdp|#Hf z7bUj0ee?t5VoY>p!DL$RZPKoj-8QAPf_l-6)R{lO%R2{R^N>)iTmfAJ;CHsSjm1zjCB8z4_%I}Uu~qz4ict%!EqD?V zg6NXE#OClshSk=30~M2how|T2WG2#n-)Lk=*B-9-7cX(O?&XsdWBiUbA$+%!(7NaB zXrc^r?jym>F+qNA98)faK{qAVun z6ZL#|RC9dUQkDp;QC3KB>wTZ4@Nb$4TSK1cO&GqEo3s7A7_!5yV9`d^x;WDtVdLP9 zI#i&&lEBjLm={|ump`;9eAs2PLS%bpm(JQ}#8_S#;TK5wgJ(@S*0ODOa17-z0Y=ka>d z$-A_zVydDvGSC_3pdO2xXnPp8bcBf9&%MdufdmG@Y9pF7c zbxM?Cq~~W@pj%JJmC4&;8Gf}|G4ejxPQV_TOYBxjW{2uG31{nEZ*K6CFvXA~+Y^L| z1Z9}7)d=Sn(AJ|Hj3uu}vpKn599CF|Ekf(^9pu?b?)!`uoLUahrLMx`RPU(txW3lA zoWVQMpqEvWxxX_3HXxO8IR-kkw{t9bdR{`0=d$WX3JByV)5ZOW_f-ut)9XZFUp{bS zIrLziLp(T0QIeN&y-B@~V1my?RGCcBL{fY`42E^&3Ynzfxfb|37BG;_=4LfL-uW+L zEI!BBcbj49^)=bzIFfaad^6)jBvIYw&$A=mNHF}R4+jV59qkIdJ~q7m^Gl)B8rcg- zwcNNf0X)z8;$rQNJaLwaz9sxxHkv;5xzkHn8%Yv@$IC7Za|u>groJFjXxx^LqrqYL zE18PL0NH<>hf`^tgmo#{ZjeR1zjT;^)9YE9|F(9gUA;3Q-bcQnngg#qA+HRqFCKAU zwT-AtQ3E={2T5TS80Ry`e#B@v_(W_&a?V4DnXI*zi!Bop>5qkH*!B*j;QZjx$$I#E zJ^i>+)I@K^{b@B3{SOe+&SgEG7?Az{i(oy^ETQh%E+_ZN|7{M7)nffrCyVUzxGp&w4GG)z`Pc z@Ug+n@sUiK)fwB?YmxoJbXUEY*a3_lY3}*%GE1k$uEEwtaVJ;=LXVfp@E0CNf}ZD9 z)HcOvz0#l#L(C)-^-mkXVzqH(kI>~dhP0%^ec>g=2#FzMrDN8eM0Hx{S`1K|8A2j) zmnGYL<&K&ny64n@M9@emA;1zM?d147`tI$M179hyLF{`K;(WkBi1YQOP^v<=vzfTC zyC0wH5%wGQ9{54~o?1Dsj45hxm?8$R?`!%_gx1o^h5(~N@oUz!*CMVlR%L`pNhiOA z&?9V6tvjr-_f>Sn;%fc~|CxE= zSP^g@PyCEN`yP?bAFL}gcHvVt+rIJATMZ_H!<)D)WL!yP`^BqZz`!_>(In&%$Ma(Z$=lV%?fpcm>|P`#_J_Wgq|m+Ny9GSm4uW0cIB4dhC8GB#D_B)+ zfi4y{>83gu94kbv+<_MY_Sq@DsinRv#5oXNV zvx>_d8ah;k>x3XssmK2saZi+c)Y4|fIVayH| zHY;$#yqHx2<(jo~3vyfqNxG3~Kpw++4 zAN8b=WZ`~KjcAk&${m%|stqpUJ0JJ{xT0y{PSR6erf9?CwIT%f#YB}->z_D&VGcUN z@5q-6sc}Us@ig=Y$$L^&G5R>ubtMpwsIziSJ&k{=7eI<2Hs|E~vlA30~U$e^kA7SX5!xw~ZnptDqtd!G$(UoL`S{z+hHpCD%lDcS`<^6w|D+GjMN#$yQxDQcf;Tu z6>a7J?X{-K!ppmz%0Hovzq7tdZc%PszP%GVg&9VfOdg+g3(;$~JK=UYZCkw6?`OFL zQJAcPhDpUulQ%kqzUP0k#)7@0)=cc}sJ_A7QB~}~5)t`U3B*5hHqZ`|mGT8P+YTkz zC>?#h`#`~Bb+X+W`t8MSj;x{%4VRvL|8tX$yMW{{xDg}O<`qpS;WF*WeC0g`$tPE( zdXAG{cNrfsu*OhpJlOw;1(785h|X~DmRs) z3F6)iruBpW(+T+u4z5Na>7=|pb&s#?ZxO}p4{M+>r&pv>7Tt=xW(z{ZoU8}`ikw4C zPgT;U+bVvk;ts!h<*&h#yfdVE6zqx|%C~R5NVuI?k2k0gSIn@nE(JYFul z{2d4`9N7B5cx-k2hmYp4)u^(NYv-w^LcfD_z6Q|0FI`~~CJ$Nonv{a*PF)hPmd-Et zg4&Jd4&>2m1PK_!=|W>#_2!nqct$ujk{$a5hk+JnI1pXN@Y-B);wFds$63G~_l-u0 z0$MDI5O;_9=Lza;znW;K_*(+H8nORtQeu8{LIwC%s{mj zr z1ahaOXfho;aAoTFgK1GoI&hkpFwTNuK-49$54FBUW6+JF*-n0th@y_;isQK}7_Xw0 zz2`uFf!cN-NCNK1v&c94q!kid`zsjXj|i!?&uj%1`9yie!5J{4$=r3pZ@%|J;-wz^zG_{?0OtPH`yrF`=PP>92`QVqgYh zRZ$d#c}2GMXwE>%!RFRa7ixPoZ9wv7Owhybtyn+WAQ}DuOK$FJt{7~%vJl5n5&?KH zSyM-IJq^{6E-@W9q=ol&K$81%#^E$)f#iw}KS-dpj~;VcH05l3h9Rn*L5xX^k4Q+h16TD7RKZuW7fh zCDD!PSb9>f^#>MpB)nqajpJuQ$#7Bvg5L}i#cwo^JpiREd($Fp206^cX~224`}t zhGE%Ca$6x1Ak=H_%DvLbAK&m{6YLWI%u6>T?O#rj4W-4hb)HDnxb>g-3w2%uVIlVR zx<#*nj%T>ipC3b8JBx=espPpirO3z*C-=T%d;h+fyv?bSNpX;w-;Shu1cR5aot=(` z?YH*muwg&nQ0BV-5qd%MXHPL!vh$=7ohG@@IAcRruTg=N)8Tzm8-lPy-H#J_^ynH(~;YIwI&{H!q3A_`4-F-T&?}aA6F4(~4)G`iLo_PgWUr zDI_Z21Kw!n0|9E=&i5j2scZ^5Tcakk=RI|Wxc_uK{%(fT+>71j8q*$14n>&>4hbW+ zvzew8QleYDJ|2DQxW{#P>#tK_x)jv_5C@+1 zUN7EPu6cz&u{UxUwkURjIKL#Tq$$mQM;U6|++F3MV0j51Pk3unDHh%L0S8%V*gl&j zjR0%o=WZ>hh@rQbe#mmLz`G zvi$nH zW19OpnpO=DtI13prQT+XYyOqzLQQa@=g-(^_q9S&KknC@t;-gW@unQVj!0Be?B~nw z^odSK6HtTg{z8mGv&hldK0gn;IQEAm2zn$chG-*`T5P6y8uDM)+T%F6ZC%63iD`$s1FGNqoSgPj zcn=M6T@P*kwiqqU6~$a#55x_!8g0djk!_Tu4_)AlBiZQ(#iqSeCLWC3VNS-%UAv)W z84Plgg`P#Tcue;5jN#Rg5Ti&u3(VdcVPHG;&=OAX4jy>V#YQvn@g|lnRm$fEkthqg zjvae5$BBj>$LdzxoXFYJF@tR)EAWkh3gXm_ZL)9DTbIZaN{t_qjFs-X+vQ{PhHf)-@nL?&YTRU?bugEpLq@C&}3#=)n7iZhx}QUC9*$B13IcwmG}} z!hPyoe!j`_>sS*|9WU)aXnQ!m^^Gj)59i{uHzq{qaxr+x>^+JhG@4F*luX+NTFElV z#)|Q7P5ZhhGvNL;s3{XJpTO!U4w3TrXyfhyt+4wC-o>>Jy|*~MraM|$o!W8m(8!xQ ze&xmqX0uub4N=Muut%*JLzZde=4rcVC`K1n@`k)P%WnG8@48s&R#wmR|1)#8{oF4t zWk8HRRssWbywAS+#qh8gU53kEoRKEbKD$~aMvUz-+ zF@_wLKQd(>V~#8bq3(i1L)s>jvXF(&yr1XZ40hZ+;PtyL+bW@b>3&&3bT{1}# z;Zh*h!@A6h4P4({F zp2c--LEo_j%TVjx`PRmbTf?4ViQIY;ZO{svGXH=x?HJeXj`x{v`cc8pa&TsUSz!oGucp({H9u(V{lnj;76n|~ zJ7*yUg~`>2JC5Xp?WQ#aN-*|LV4|~r^0`<(HF#L8Num9Cj(mlmzMN}kc({0sJ2R)47h7B!F%isrC7YE8WjBflNjCjg# zMKR*gX>cjF11Xr^-nt0NhcPP7Zd$ENhZ@}OTSCs`GJ@R zbd-(GpP$|ILyL>dzoY3Zf$7C(3L7&z3z0krh2pKS{`>Ol?l~Vq*w5Z}obDjENxT-5 z^|K0menN|o$LCeV4R)__VGsHT#yCOYz}Fb1Vq!rO4JLQGQUG3{92Ld&cvbiJs_zCn>o_zKN+FmaKduME4hu;>-zXdP7}nwYa|ih=4nju%IRphCLb%Sl#YmOcwX#3J z_ua~1pO+(&p8w}l*hBG8+#2;k70ziw|NDMVf5E3h`9`B~Iw4Xn@ZVql?=f8`E%@+f zzzG{ye!2EPFY`s(@3jM+LUo3NyxyoLlsqNzZe3W-baN)zI4*2U`Z)@o^!XcEqesxo zTphSqBYxyW^Ud3nO^V#ct8M)C(v17JyG!>)Zwh<<_gnklx11A1kY>u^!w8P-@!3SN!q0Q;yyw#t`nR?|&pQMttsplPJ=UHrUM(YkXj{6P~EJWJ~hq5z;K_vDA3Y9f|4S z?zMe>VQlh)+4jU0F&Ci-y?T7loG6S#`dM`HS>J{W9W%lrF?MbUe`aQ>)ny3>7(g!c zepOuR^^2|~b@mu|TbVGzy~)at57v(^f)JrD5%-inD8)v+V}?9`6_&#sDdeup^%u5n z-|5AVxg3qiAyo;k0I%y>_T!!~&(JvzNdaN7=0bO4C;JBvA<*^yp@_p~9*cI{;9q$U zkRCj%=$+VnASO}1bo}6Cu~Cao?MsBv{-w9zXt&io?_?*Zp%!_YCkFpvt1;)I2RXFU z{u@dA7_)woo{pj2KY*ADw;Rh8wF?s*ZBSYQ?WTm(ZF% zFn-Z_ClczOwsqFriRj%DR`{mteXKsFPCjRB^J90ah$qAL+%^GaWvlawE;7u~n4so5 zZE9f1z3FpGbOx~->qyn=;|=M5t})<}jC)RdBuj~3{DvMh=+l>((2G6PZ_0CJoKgCY zHI+}POP=O|Cn|w8Wnj{z#P}{kSAy@wGjB9p%3;Fl*XpDFzd!lucQvxhHe(W-CBgzQ{a)J54KLx;zC!mTLr%j<*<^lb z!mxhhu%fXkWvrC4>CkqulW|NhmutzKbrevz)O4@r4R#@NO>#Y6^Z7t$MMlPL&cLi@ z6ZJ$-ots)reu1_-Skg!-*fC9+4ad?*a)wK$?Z#bFIXs>>9wb+MYQ7_$0O5KFD!}@n z&8D%e+HU=R$idZ_jQm`~lF)W~EXBw9sx3~JMIEjaav|?eP_u;7>51GvRxr(ZQ8>YU zcM`>%a0mQW1~%3kkxA!qO@Vhdl2Ow?86!+cs6XwqO3tTwr>K?bhdKC9J74_VIaPmy zYj?gYn9KO_JFTWoM8*!FPJcOAcOKV}?D6&#L+$}#l7`!A?a9iIk|xQ;89}NaM4JuT z(;52>-`$GiLP!{WCh6PS+JV45llrF0;}7x}xwbF%oE)!~Q2>Ik<;;d_YiW8KwYQ7q z`A7?81$`}(MlvGq@?efE{qDi;@(GZ!+t{a7-ai7F#BYy?a zEVxnle^wOv|5;IBUBz5>Qn7;hd15t_lke){xD`t1UG{ln=;TPH0kx9KZ5h38bFF$l z_Ho9S@p&M!Yr0rj62QLA97@sCg`r%_&En}^+l%o+F$%u8j`$^ zV^rRL;-gvCg&ntlqzSqVs^KYQimTq## zszAUtjRRtWpWYtk92uLKwNXLZmf@aELPbKei>34&+hN|vhi1ZH!zlM=HyaSZ67nERuQb=0OvI=r z9JwsWaXe)E$io+RXYZaWVmHL@iu+Np%p1?X;yB1udjb72gHU5e+m+H}< zDkL~q@ynOsgi-ZZhiju@dIb!(Of6!hS$dG3UwxV0zZCi+())LbCQB6t)kT6N<8i@o z?=CfgJPAzm7i*nLc}l^|*vqj&-+uR!;)ncHW!8S9=LxMnRq8@@iC-(wS}xc1*qJ|# zoy7LGoc%nQ2m%rN&Xz8*qzl$2;2dg61)lBXnTGFI+w|FTrJ3`nRZueoiORpZ0pO>4 z!HR-?r)iCSKo-0~7p{!r4e;qLj9T2$oWo&298N+{7?Ji}B!y7Iiu%j^6d7{EGu!k`kh8tB0b+VPKbqF`p;dQQ1C;DE;B;X=3W<*7M>u6* z`a(7#N9bD<;%!rcJ}1KjKnjFH#`tZEwiy?sF#lIW9dcWlm7eghldtP9qzos@haQkO zb%~nzIXHx6Ish(Bjwx}GDtP-0ZZ&|$21&nWyR<)CYi}QYqk6cyw$iPf0IdghB2JGh z>#nJM8KPpP+@Qc;Jx(8W1H8OVb)c(o+aaAVKAi#yfWkbZo;^|Evs3OF>@;~&?G0pZ z%GF>hfkL{0MuKKAsMaXrGLZaaTr}|+ukE7g1DkRI41Tts`ZeE?mS>hHdcvrHbk)o9 zy{P?3Wor%eIDYOnPLK$sOIxN@AcKgo$S1Jr&EaEe;DbR z?)t6@h*zsba#J%w!xAY}pwUTC-SDf+Z2$u8#YczWXzA^@P5e##t^@=ii?Mi^dfz7w!{=Faf;QefK_6Uxy!ZV0_;b zcg$(K%zujz{l^FxNK}x;oq*_=N18E_yVCgEQMWc43L#hSUj^(aV#jED?`x*HHdb5g zR7o?VCw^Y6IxM|S=CZ505>*bYKj$NVYs z2xf)mlVp|bUcTs_Et|}Dt6-~_Zg9LrWz5xM*|P}Glf0HM(4Z1=RB?BAu z4PupS&6KFKI+JRNo!yGHpV$j}q2`Wg=7JWK*t0}4zyaB`9gr@xlXrV|@Y5g`okm6M zPsL{drmg@$_JyD9d2XLPgAzZ2sk}9s-HzEH#a;jwT7Q3XS*ls1qG|c=-%X$BHZbB) z$0^KZ18fY0DdQj*IKHKyOR%3El>3c9A)SbV@#z~Lyw>-_NzX2NWM&A5hp}N z+N!niqN(Vob_ReYTS8MAaBZh%j#79^h%muruYOTweBAB(;)l=-fyjm!j?r6~)QaLf z0jTR^-d9`zxhZ0F&gjGlpJ}kuzXi@gD^v&gd%)*t=y?vninEjdE(%38NrND}KTStc zbl-5FwCUQZ_gY_Pcv=1~0#!sNWl8v34r+VkDOAV{R`ABx9W*Su<~yew4gEZWp#{ie zf0e^d;KSXk5OyEl{WGZPWN4+D;Ng7C0BG0}z&};EeAY@mBR_%fFHcR2{wx)i%+6(L z^o0v#*V=Y%E^M~?SD_e)7?+#L!w3!EwOw8l9M3+5jf?!9h)l6oEKy_iIKBtIrg|tB zE9=Ov^lJNX>JwRmO6mxd zx8(pHU47qA+D`{>=LqlwjJ$E}0Pb9`anUFGIDsYgKe>+391(l)&ANZ!C#S*@?n{iG z4=XIKA?|Rt_`!H4Mp0E&g>Her<)sXDE^UBDv7vQ|&t}o~_|V&{B~{(Xbk{+^X9K?M zgcz~xFE0p6oT)aNqg-hCS1Fw1#G+@ME1{5pK`=u^7z2jRPNTKCq8}-#p6)c@3x~aU5lBSAPwEW(ovu zF{P4xSSLbf}N{{HJLmg}+J9poyG3OBRM!zYLw06k_KD z@cx0pw=Zbm1cbg+ABqO2RYlailz0c@S&hDv>(RNDbj;OCiD~9Mr;=#uB1v{!Yi%f! z@$yn_GwVNWSY^O1MneC|Wmzhg{d=x3RrqY2qT0Ggu%$w`C1~ehts-?;d50X=x64w4 zv@|I9YMo0z!QcBTxK7W^a1=v;=Ij z`hL+&Z_RghxEx&yrnAy+8%kp-_Isj>NJUufV#i(4o?-o#MLxTc4CKS!f~lt1H2D-j1jBDi|nSHUesj+NuW zwv^Bl94Tdy0Ld|{c4g%QMmrpiuJxdB?UBYQ1%f$4%e3X1YhRm^@4@S>LcuG>a-Cw> zGj&2|-3Q>qOb61=Bwm!RhpWtEZS0fv$T1Dor0=`p9X3PX zK#nwYBX3yNt4ht%ZtR(!@<_^>tmR0AA(bO0fQmU5I73pt4wKhA?|lV?%f%#lz_nr= zL{VR0fZu68x*WnmanjUnyD6F|?sqQeiiSg8f4bna{)0r2%6r{4S;#J#grddSlGW?Z znFE)zzN9*SugxQ9aQ3jp#%lld<#+R3)Ju<}X7Sq=c$?i=isbg-4B1Y(p;(^R5+Ucu zq3qA+-p$7u+V7CZc-U>>VQcP~V~JnreC;QeiCa_A&sR?&!r$0WD!+8T!_pIkEK{Qy zbocgmdfXNlW=vjpqHbC+79>_8p%4!9$5_u_=W!1S1G2qjf!>BPb?tkl`*kc1YhuVW3WF7;d@m3?|T|zBZ2-ho0 z6P=`r;1yntwM!S9DinX&F-i&-5sK2K6NThxvg1k&%dB?&+h~+p7|duNg`jolbQq;z zEUCf?Lcyi-Z9Th8yZ%pH`yP2}_St96bbZZrL(C&|o_8aY0#qFgfrYmJzZzKKhmecy zkA7v^B{^}b$%psQt8U4zfKNGeZ?x0R0vTTK<#4OTK7(<$QD7dE;$y$y)sCMf7y(S& zFELnsm$;d&(GAdFl@4N)@eae?H2mnwV#+PWKN)S$jtnjWZc!H@F|Z3Rn;G=gIQyq{ zYz|=l`weCLRb7Rq;ALYBtmB9M_3Cxo++fvNgZt(F7b(?58~ZJkX&_p&OR`1K`M1H{ zEytDpTA>1!;$Q@YknD$VfiZ0xdtDfGHcZx8qT_kGsk_yB@g{14r|1K15U9P{WwKh!Rc+Aw8I}8CTG0sWXqLf?#|0%i{$pGipnXmrSCb1A zIH~-q(W17!>-`ZoMD8UVtH|T#z$oADn9UNs$Y`*Hc|Q+)cTZLykBJ;b=6BMp(c&6= zvA?kJw`-ob!<5=dyh{A9deiD(B>kLmB-@+H)EAGE9i}~r1eS3TUtWcd7Jsi$6jtoi z1P9@sjxNBVHJ-qbhGKSGG>Ox1QFypwxL+&+Js-U%unb-Nr7cni7p90tgLh3{VZPRq zd>TJv$@Eazj3ET;+9$w6*a8WQ5$tk6Io_%**^(jTu?mANub&dwh(U)&oxklgl)9tA z^UpCaHyx05IvVr;EgOY4qPW+;S;DcS5{%N`qD9cdM-xiU{ImCTaaSz%MqI>6aPxp9 zvlMkwei{ZnRR0S0?`kt<2PYdeO%N>7ld#>g(%t<)0YW2AC#n-*3})u$MMl?$@Xg`+ zg{S#~dWt}1N|O_^B~{O*17POFXbkK`aClP1n|GS|TxlIO-3L&l5%X9p_SH8UM3w4+ zzb4ozBBO`0+pEN%Pu}4aqwQFaXwUuj(#bru)fLikzjI}^VK%DG-_3!Ve{1ZXim{6A z#r~taWfXrYSYIvv5d3(?wgLYB{n*L1yF|c~tR8cVuj7soq_Zov%e{I`>;nh|Ofq<| zfxTPcbtE?&%HIDL#G+C8;Sq?mEJo9lyZvJ(YSp-m*OdeFc*9|L#%4+#bg021{FMIt zo#oeaB}+@=jx35=vMu@>^QqSBRjV)|YbWcqw$=x8+>SI|;`K2KJrFUJ_uy9I1UHNh zGRLA@zqqTqiw@g9AzQ6LqKrs)PQ~va$F`n0)Pk%$x4ss3IjcRTKkG1+Ga41QU0>-}$~^&tBB#M!~+{F&#XPMtJkv8HL+pQQ$w{b>fHP>KcRuZoTD_^j~*$O9S8 z{_$v|FsYTA&nvmEJsi2E+N-vEdnsEAw7mF;)xpr&dK}+pg*HZs|E(Tks6w6Ix+#;u zQZ-|)Q@lV}XS2lH<@eQ}BSe@u^2V@RN=8OGzou>HzZMA{ZkY#GFE)>7RaQU5*?)A$j{$DTi+oEngn#Dc7SR+L4R7?32mw)^ z(=)$q>+7Un?bXNB)Q5+N>RbNgWQ)zO} zZr*z5>Oi_Nv!U}ADV~5nOO=4xU>%@7;$=8?1{*Lt#YQC|p#k@}3YD9f1`K&v83xvp z#$nGX!6!Vv-=B@JZ<6!dcWgFxDx@`i$BRG^W8k66BABV%m=*hd;B0*R*gi%%&PUU; zmJ|Z+KPz<&d@(M)%aKFzf<9(B?u44cX<&Znc5L;Ktjgy)w`Ze3X>Ftt5@xHvK@!Mz zl7(O{T=K;I50LeVpxPD14FF=3STj^tZpmI)M&&1_u~R&y-YvsZ>h`;PHx& zhR=yy?=|rx2fW4vWegQgn$)sPe7I#DxFw2G(4jq8IGpW!&MfU*Tc?TLNjf@SR)%yx z#{yPecM@LWpNgo`t+tL2KlWU4|IzT)EPLJ1VJb^xQn|s_A%f(5*a3{#)jXb>({`9rBeukA+V#^RatsBdO2Z+7^K&4w1iNAkMMo3geK*;R<@hPQTQ7c?l{hf!4V8j~Fry#N0@1OeTCDv-JttCg(C(A*D12;IfOE3RT zh31Z&=F%Vw_Vfj^1WFR8D04&3->Ji3VT2XzB ztdXLRjW54IlptQEs5xmOS)AkMudT1g za7m;3s@v+tfAC@*Mu?;Nf}PD~HAhdq*=09>!{|>MAq=U}qn*PsXX9|Hq~>K!_%x5# zU@er1zr4!Tu;>%J@tqhp*aL~d`mZMK?Y*I@)4xYCrg6&JiugY(+LD7za--%#bq>uu z<)vqPID0EC+Ps8-GetdMg9=X1F5OwffK3eEkh)0~sa_nm0%wS9 zvtqOj9?7a9p}c5Y$CHO+Ew6I{u_;3S!O$$V5z8y#vnD&ZgYTo@)fU}wRHEJlmvQYO znb@BBoO}zQ&qeT`RU55#yopJd25g{HHRHX-(e=^Gu0!FRe@BXcez4;Z zvsJ##Sx;kZW9v^0Npj*~n4US8pX3n@UdvFSO%sUahVS@pZfhb4>QQTE66()r3y)R= zlO=J_UqF+te*}*qt+v8N7dElhs-rrEVi8moy7e-KF}J?gsk`BiSkQL7u^v*%=;yb)e1}#t#g=W~To_`==a)LJAMi$lLIW zn0ucgT#F_wY-c^^m|H^KHs}*)f_1WMQL0@!Z;Or9R#iySe|u&e&qQ$98vQNoEpdRa zyrn%*5sB!rN^}~Vmp?RvoU--)?w{S~*eX~gPla9twB~ZizZ2r;R#f1IZFmZ})MwO5 zc%@DBZDOr94i^)r1JzyQ9f9GDYhoMd#*WgipMbHVomd}KH2fls_rrqUo@mg2I)^_P z?RCGdqY_wOsJeO~OJKrr74du#dJs8EkL!m5&y(Vd1lH7Ip;LFR{*&F_1Ao=N)z+5O z^}XkBO*9F_lEv6RRf$8y29WS>en@K2!rlg+eInNbLuS@r26TR+^v?6ogvULjFR{_X zfyaq=h@E7K{PnNw*Yk*@sOM9}akGPcV%QR~UUyht|K*a(Uy;gvc9xrN=ut$L9o4Ms zM_Ud-;)T6usvpWCpF*>0Dai80ql<7-!0Qwkdx37T7YaUwh`jBe5FLCT5qkhjK0n0M zej(M1n*I92x)}=+4ueU2imG@;=3n+dkcU$IO_a`OZ5hGU>j9Z*K0jJg)?I#qqQ|vH z$CZztgOSdYY#DuR$KxM!T7Mze#+ON@3)PL;g1nx;hQ1KY?GPCI9tS6vt z0Qi639%(&?{eTrmGTUH60W9bK`zc!1Se^%E-U zPP6LZoSu1W@iq<*SF?%Wm!v~800bYWY%Lw6)v z9~69fpN*#okZ<8=H;Uw7O7=gm9rF9T;Z>NQh*HsR^!haD&{g+VY}2s4II9j%Wi5joCt>B+4ksJYjC~5_IA&J}_LamvH2PCy z)LkUy`iOgO+aC-0AZAnu{Xv7%_usovtLW#nz5V{owa1!kl@2xDs2)u(3;D433qw7f zab&!a@!G}*h*nz+{60hzRjTeJw%_NMof%q7v%J~FbO<;_H_yh~;P1R2Sj5{zKi?&C zU5+@Gw%-o^Cq0R`c2-~?z+r7hEMHpj)}j>sOh9*(PzseA2lp=io>C+SP2f!Y6@Drn zUS-%~|CSBLl0*Im^Dl9db*;^k?nnKf`XPHE*Abu!h{AOV#aS6b#Xwj#053S0+Hh0F zzcXNSGc;m~$g{_AdxJa!=)tB`FP2%+gTDxZtE?8TS3&QDhvUoWAfFudlE{!l$Z|4X zrqN1d;K9d2&W)4kar7xLZutFJHE+hVXtea{&;;G3Po+fM5TS}Z4xiIH;~>SKL8 z9Bii|!`jmuGIg{Z;M3KmRCRda9gjPj`mhQ9dF^L%k#@RXqwNiN?fze$uI}3T{;g?P z#s39ES{1XpNuc*TFoaBKIjpLkH2-a~Vm!;}5SMSjv$4da1eT0@X#6?k3~6967%B`N zOh4z-6zX)05YiNxe7yx0owIt@c|~g#dCdd*3rW5|3v_{qfQU9PYjqrqRaVirs&lwU ztMD`Faam6YZYwhdSi?RU-n}`$ZM|L_`r147~nD4u~4p z{eGtx>d`?I^pIioPX4G1uIHA-#{usC*p~C$PTTu3*k+_eH?i~0<_SE4xm0Kvv4;{K z7A`Db^Tq{O)0yoyOdGoU`sb%-evTVndK=xI8(tbgkYIKZ zED!fhp5ZOS_8@3iK+oDrIb>NMCohJ+nw`T<4+lhi2Yl~9`Tn8N)a^NC&u)I z${no|F?FJvv9E!{rr*VBm=^r7fBX6v{HWDLnCGR=tbpV5g0RCEk1#a=3ipobcm~l? zg!lW``dzIz^^V;o&PTo1t!7z8JAM;QiQs>I9J_N0KdrN8z>E0Eo$%`4>tmz779Nb6 z5jsmrjdFV}R}+oam0E%22xZ0Fw-w&BVW2NMN%UA#E!}tQY_gbL^6~6!z~@lX#r%3b z(~pdk>3`Oh$im7odWugFzUlsdxvYW@hDuqVNul@oxD&7SHv`4{iH|R({7QaNsU!DY zO0_o5pk#N`A22_+&=rgw%Rt#A5~9@RYIo*5njY7(M2%7#5Zt@ z^d_c1czf_$hRv}3+aqrAtKf>b=k9PR!u6?Npa8NMN?wZH9{`XR>i;~gE0zl18B^Vx zfAjxxQ~&4w-r;|a#WKO&R|)blb(LOrk(P+v&c>HMq}QR zuk1kl#PbD-wWgt{lGO&dans1Gp5-DQlU)=6HM8@4}mER`%2 z;`w}Li1-5#ik$Js2o{WhB(TAZsJ&1^Rat@wH2s3&T( zlJyZ>oS&%%8cb})bkL)}rfmC)>X@dk)%HHF1(WZy8QWCpF?@}HhVB9^Q3;N6zd2mJUR&jXLs%z(RPY{^8F7~p?=h#}Dc|P8QNSx)E7d8pKU`h^CH(8(Mx~F1Dw-{~rKFO|dDg|UO%T^i-s;+9 zcedZ;+Nz@B%lvhQ<(BZZ&&@f9UZe4+7<+YCq130Sp4BxJ1)ExpV7{8Opv+(wffBRC>eJkDs^;KRabiT|15k zdSQ1(FvE~5`sin)lRzBcw#fftfWT4`13J|Ql_^Zh;|JH6jSZGmL`I7RM-BolAmhuF z%dgV38(e0iTBM+xmv0J(9+A;(E@2)Wx{XcO{F`8Mz1YBkgZ0M7YxdBwCMWbbzW$57 zDU*xe6NGfDzs?wS%-hy=TpLI1vp2UCNq?V^RAr32fS|G706?p6}CyU9^Bm8hU{4sOQEH z#3pO#U-d%6QqZvD&3T74ULi(8w0%sYFc4D1*B_=lHaMGZ#%@FUFH_z7V=>_Rib>;# za<+`rE-m5Uem4WglYe5_M1wu9`T^^pnSjruXL*KBsQQLnUvf#-D!c9I^}zmWgIy-j z&pol(iJf_AThUh$a!I=?so;5}0V1oTmpry0x~x_s37z7Z=wkU~LZGIABh z`Ry;GjgYXbyw9MWATCG?uA^2Sy6CBNi+OSzS_M@3|JmN7V0-Fh>k=1WIml13vvNdm zBPKozXApVf4A=+W3a^~s@xXAq;;@He*Nz7yMb*o77@zz`HCtdX%Yk9LAm!M>;mJWD z=EN)wAul1DUUc}<)TywuJ^2O?RxAiU#+-(wpTwux+($4sv&3h#t3wftUG3e)o6PGK z5gs;xI@r+v(rV5&3Mfx&aJ9lBxvpVbe#mIsfZ4@AZCU{T#MAZ7{V4=^qiP6o#$^*b zLyFn>P$2(nuGqfJ!0y@;kt*HgU@1oRKxF^( zq{Hy?f0hMQ6vKwE`O-jxDr2%))oE|JIK9?l>T9#}(c5&vy2J>IMd|Bu3gciVRbR|k zZPhS?jTNU{vDSy)d{6$8HYj9_&O* zQgZmko>3k*-ivgLY5f3Uc{FXpCo?Kn0$Lx?%PFsfiCGFpk}_9}K~%fv{A1fDW+Qqm zJU`Xrw+2CDt^Cr!GV&giusjN=@MzC2I1v_Svx_mQFqrjzdDm;c`D%-`%&+77iVV#>T}ODg!W3$ty}8Lwt=eG z;MJi}nFYfbY~!g_y8yIe63}`U{+wPppt%tjushuUc1n^U-`a5iIJCGY#zif2Yk*`d zjiUaQa?w69;YOrQqzYz^jEl6zB?X3zUu*ACZgwm0NjNj zG23P(K>AYFt~SXl!|Q9e#I%M(I<0`H_$_dL^_Sm+YVVCGTI97yyE|Mz9rw%i$+7pf zkoF1n=&ip!=i8N`Xv&}_AX1r-HRdU16iONiKMXnC%%Iv^zjC&x4j5X2d*#13I0=sOH@e zaSc!%d5-y^O<4MG=*M{BCen!sT+Qr2-A`bl7V1&Iv3g2>=tfTR|FEkL7|}$J3p;DD?PHif z{BwWjCt;I(ZTZz3saG%0fM9?7x3Mg27G#kx&~a?+hO|m zIl6!knqlUrYU~pgP`@9B^n;@i5arT!w;=Vz$A6A9fnoJUQYEVELB&yV$cuV`$1WfU zS&@{-^8HiLtO;PPJ_GzPnm^Sm%0o5Ca%Yqkz$S;mY7~Ob{egEeFMQBQ;1ASm8$P`PQ&xX`!kjDg9mED zaa-~G1P+SvYXav9Uz(~-@>~y7s$C9nlG!a1++SNO{xug_N#Qe^eXe_|ZQ-d{^$n_7 z1N8FtR%YPuNeg+Sc*|0maa9xQ4tR?lDwExnN>%+0tafrG78BfOttJ6@4?xfIWu|(= zOTAQ?)MIEZZ-8!ysvfhI5w_@rI;2LY$?@3t+bvN(<^G4apt4RT`->axYQ%}SMY5V! zLYXM&vP3^_UscAU{WPZ00DApr!RnJ;IO)t`1_A-->v%;BT}Y9K0Q3jeuvlkB53CSs zJ7!UnE+w9Td^h3g2rjO1Q`7|Y1`j2$zJXW{#L!NbsDq$@jO`HW>jps0ECe$QLDkYi z8+||$wKn^^6~`ggpslA+zb6=`c4iL9U{1Zp3(9e8J;$5OB@7K~ zhB=_Fc?-U*K2~d%Hw11G+3g#jUY&lEIt}G99I2rT)?929yJoEGUom0 zl)Q@@1*pEdeGcMIp;TU*YG^2jQ7Hh8ne}!9mOrJtmZe=4*vDb3VL6~p!bxf1T~?}% zrQKj#w$-5T4IKADV6AXUwM*uDa=Z-!i=Mvf^pa)z2n;0E_Xa!TyV;jaAck5tg?nIk z-41B&Rs(spO{cwN;eAhwem{(aYj~&#DA|9_l^9LXLr^V_++(x@n1o6nlWH5#4qqUi zF4a^PxyZ)V^m=03hEsTk?6aM5iP<}_&V=6x3ta>|XOLv@tuhKD_eD_D+-8`a+4Fdg3CL> zIUM+;A8yPYOoUygZWWeP!E;6$lnY1Vu~X}Res5h~&A&XDQ5yQmv$7};$mGW&L&mJ) z&eIAhz=Td2?r(u|kvIUbQH$OVD7?`7soPRNfVTE`wxQG-Sg?!%P|ESR z^?DE!1b^$c;*toX5?#gG9&Lx@p7_sczR#hW4*&DaZn{E$4Kfb>E`X$oBmzWOKAMcp zjiw999sOQuX&Bk-$Ern95ELGY0z+_aKjLnOQa${Zyt+SS+2LWUq=xe-x8iLSGpRC> ziB_|J)k46PatnXAKwDd#_V?yNYM|uXzoUKqz4xJLBeltx#)a;ioJ6L^*f_2lOcbYQX|@ja1cYM-zX?4uA*9rIb#W9T5NjsCo;x zsG>b=o9>kEl8_GR0YoGeDUogv0ci4Mx;xS7^$IKx}=$r9=hS(zVCIu@0`DY zxi0ozd;QkBpZifUf`aRw$y0lfT%g=|Jl25kZPe5!2>GEd%Ys- zH9&&iW0rO`K`btZ%b405dA@!j8(-~R7wHW;{3>D~Zsj0=`dDD3N}aY1N$}!B>Anob zZ+%h`tCcps0Xa{=xyl2v|L+ijfF|ZZNtJpa>olYi}iG1^C7j%akt7Q-Bd0OrhI-obQ+AC{l{8M__i*Duy7U z5g!j08-+g%kW`?fbBq)8y(hm0KI}ulfa3SBeRXF0F+yglz1)!y_hI_GmJUVS3}x_! zk=FQHv&%XZG7EBlbS%F*6pybO(1#iwHaphlXvs3j*)=VT?sMqSXJwb(r1HKTleSAE+Dsu~D{6YtkM-Oje4U-Y zwh~t`&uTRz&y1g_mjKVK$u660F2qAedWx(pf2NJl0mpD|hS|n>jK3;TkSGO2Oej*wl?_IM-8ARy}zwWhbN4j zf7Er6B_34Kz0dU9Dv*B8ulQ4uUmVkG3~GInerQ4*JNV&>m{knKzEbPGcR3NII)Zs8tjXqh^i zYOZjV_+CmrOCn^AH{9^?X0g}`_@`6O!HT!o3UWwlodv z+A_K@vXp?wqO!H1nfb3pMpq~76a7S?BEGf{DHbX;K>w@4>lYBE{4%|oTyx-alPBvt zQh^O4vDRl$ay1XV48&%vopC@;VEf?!dWxM_nIw@f!cn45g1SfFNCeRbxJFUDm^^;> z@^zuy52hOYkawLF*lo{xLo)%A__v_fgMc(EtOs-eAZ-1(w& zI#M9Md3X@(I##B|PeS3qcptDKibF?tr*@mJnsi=Jsw4<9#>GgW41SG*(0^~YjBh?)6h!aixgQlAuSc=02+uFea;qp0TvF+r+M`FkN#g{~Kw zVP-<)g&9@}J#?`Y>g1oHt83CJNzZk7Q7&I7bOqQHu-~mVyIN@%3;7iW)N;p#W8v|G z?$&~d4YO^j-pE}edjb&a&IIa65EfTJ)7mu(GKL);;S8-u;=!yqwXZ8RYWRonf2Tp8 z?fM3+|NdT7y!YJ)H*bHT%`A0=5?%(Q)HJW@6Lp@Q-=M8v9r5JOFR!+32qhV(BZ#Et z$`V%7YpWcbs&kXGcJ)XABcMA)frQC5G}e@hMAXyQO~X7yJ&N} zvIFl%N~j;W!Z+~Lgg(d9iH~ip$${fr=tIArOr%~rBiFi=^d^PAicDR8QSF7%8i!$p{$xItP3rj!78v zgzO7w2IRw8|CITv$_zW@jJY|+P-RYm)dN21RLtvAk~^Y!nN!=%eGB!{NSl$Anvwk& z5MDpBj>MmL9nt7~#MFQ^6E8zrUt^*4^8 z%9-hcW9y_BJ!BdgT_ML7mCAASnFl(sJK)}C)pBbcVj~oKO>Amz#Nx*5XwDzPgsf#B zq3_MX@BDJO9YTt`5OgC*$(pz3+6Ubi#`2BmV^1PP(ksNRwRA?nPG8b&(O=$dN#>g% z1>B_j)N`dj1YZJQjs@txTd64TUVMM!?`xO+ke!cQAymhU>jZVZpXOmCBgXwexi3D9 zC7|w`|EkkFLx89h@X8xoZk&J{Ay0B;%Y`X?eBU5E;M*cLX9-_Kd4G?OF&G)qHYaet zd!OqvUtn`Eq8a~#ld)s9aQ@{GapxWm@dh3CSxUSQlC((Nk>Me0j7(}S{Wqc~R!^7t zf$YDger>#0i!hJHD`-}1y2_^_EN=3g=j+p$k{I?>)uiS!j38=9eKjl+_fIqB*4;!# zs#h%ETe3wYGhNi}F#qoRoE3WlO@D(COTl2)fyBp8g0>M?q*4 z=viYHIOgNI8GMF*GkY$d2=b8+RY*ZygmwKy_9S%O^TtsqHa+iTBOP5JN-adZcbGkv z`2dNC2T`BBfG3xZvOVp#8B~1ecPFnBZS_{oh{e^bu46H+nz@}jYn3MtS5fY5O?+Dv6#Er=HHCc> zQLVo|1=34_d%*FIK}ZrG502sQFLS?2vteFl(9&r={fmE%0`k@W-RJULUdGQ!r>0)L zJR)a!!=gHus(1Tu9hq(%1p+wsjyo`Lp!(p=QtSUHe=asGSRGP`{~>isp)8pZZ{2I`FIu$2k85obj3%2lC4p=VqXtJ>MBTZbC7=E z>K#)U6}*D;eODiff|QYFWZUVObgbFB5W=FV90^M%z?4jsvx`2B_P!VFSkqB5h5K~= zL`lXnmp~I#5}G^NTnJ2Gw;=ZfxuC?*agCv1y@}EIk?41w;YBCd+HjuuPyiO;RKSM2 zH*ucCtgT~#4Z26{xVnfW-PRx?eZI zx$zE>@~CnpK7=t-j!`52Bcn4jE<59-rvfNWyQ~jEvK1gYYR&i$5OGWT?grK%TiK!3 zXZ85*Fz-_B{-(tywofr7GFnF9Qt8!2C{cmR3=cF6L1XkCA}+E59Tuu?md83$Bv?Vx zTa8F`TA@G;B!c8J8h~5fR&zm&&R`+Zd|qKR56k7v+!kWlf_o%+Kp^f4ETIRAGvVZi z;<5P}tLAq&u^%#6%sCi6IO%8XbxNxcicq>XBl;xSQ20n4NE(6)?&@FG*ZYanez&VH zy4zU0Ut^mQnx5^vYjdPC`Vo@JiP|L5P{O!|jsu(&{BBPj^ivo5Yi@2_>yr7+ntF9+ zjxXdly_bTRhIX!4o+QJdln<{(P;TRCd;ekM7tqe$tn)iVWt;ny*-NG)$W4d)0(a6V z$?j(s(7uIg%>RUZfK2;jvdzq{$L?aAQE186a+1HLg&x)f1w2nkR_bSj+ABk!>~)F} zV+d3?bFrN@zj!>G(#T!{F$&?V+S%E07}re><1s|xcV}!C(Ibvs`hxHSaXxWXRi3Sv z1lSN7nRJFr%Xw_7^^`NCu?MB&JK&^IJCM93p(d?XfeD5t^m9w#p$v(?5pC8~H_o)I zKzV}|MAyfJWV7Aq60zvUSmz}`2_#$&CFG~CCuZzLC8pcZN3AYByl*(?(aUz1mIorU zmCtZYe#BCA9hxi++dIdke{KyjK@Bt-kA4vVT@QQ5k+U9%I;P7vwO@%t!Yo+dh~ITD@K`PFna(L~rMTP=Mg(3JU$F6pRBK{{YU12woJ#>e0h~kD^6bMfY_7~j zCZ4>iLF(H~W!%O?gU`at?L6Q*eNNIYWmbcNPA6rijnJ1ss=hEvFy?16`VyM!cz-n3 z5q6B!82$u75%CZP7ITU{xg)uYxTTZ{1dAl)wUrSOqnLy9R^}Sb3*3;)1@%r{bltuM zr_|~&2HkkA<~*O1*QaR#9SdlE4FfGta~QfBf+mLzs2udx7Er#gF0J{#@jRDx<>)C; z*xX;nJ`uH>oG`vbj2KlK;WlLik{G6HnW9NZ<7s>qKQq?=je7z1=(}AFe53UYGbH%C zQE8ZOnd9*6*Yf!};fDf8Q}HDWv0Yt76imCb?5U@}?AR8{q6QMWe0gP0HncERd752h zPkf|Z)@nB@9CxIWyv`RJ3ZwqMl#}@3JsiefuN6yhPWwC+uC_RE?PlYijX%DtsI5f2 zGxvG9mO`du+W{Znjl}3Ba)>3jg*Rs}KXp|kzV09tLWa(4vs85gc3zj63~EU^H(NgWFQ{!dFK@M=5g~2c^i8g#J%~zhC$@eeD4F2 zS0vr_>T}+TN&W5G9sHCvb4SEXZm-hRDo3@Ka=L2Cv!brF6oPJX=J1DGZFjnyUuPyk zTL%J3IpHv+aJb)41q7B~_UE%r#tA=3V1195OnX3Di)M%GWagHKN9vWo?`m5Ap$XDj zDMT3cr8imcHmx;!t>FLoUTEYdl*zRnNiOqIZK77`_XAg*I` zZk$?2m&xhtq1(i+vaen)RZF$K@PE;tH%GRvsBCn=n~XgcuhVYLGZTDCI8)WTHMq_R zj{~~Rb}h%mOb84s`?9KvwakS&Yfk`BUT{#Rq7BDpnT?!P|1&e2-XZCa@A%t+UXd^q^xD?& zS|#5#Mfn#fPl=XOtY#9tbumbB>^O~>HN%ikEmPz8EV*876=_s&HFIL}#QbP!?j#VD zqQsd)S;DzEkjuyZGCSRrCKebg0cE0>m?x#ZvKZjh$gO{PmZ_5=YYov7_B@;~iUPC$ z5^&yBHldDsOZt1ns$Zj_%8W0obfH{i=}sahn?jMC9>ofWQLsRME5plzUfUv%k0^#6 zLF!UXQjs>Mnxe?1-26p>$yJXG$`4NTG)J0OEDqPiB=s|SzaXwL7QlZ0y{giu(RXRq zAs7cDs6@axy_!X~(S;m{;=e1B1s{p-iy`rX2F4KXE-m-DNd#E&oY%Ro2SeoPNHVCkBn)6RaB zaY?N3ptA)$<1VHfygYd$^Nr%2a`L7+K6wG?S(p>gfm0OAk08p4l$u#W#_93guhCT3 zh8pfF5}-a1HUqVN^%)H;f82ZIXGj^bU$-in75;rlTtI(UxU4`jw$I4YG`gwF1f$ z*D&?E&>ab}0Bq_bs7OL$=+LAnI~(xclA^6;AetQ{mChsWex`F%$tS z7!-D)1!gS5w~8eVzm9E*7Yf(7N=z3<(j8eM)LcZUy2-Y>CPv-Xk3L-mUq%d5ZYhfe zj(<<~toyS>eDN{Y`Z!Xmj9B&}{`FcxpT*F!8y2(Ai2j<^{wekWmfU@@8YT_hiQthC zl~kvh4^H40L1>rpYcu^2)HV4rxr!2{-ZvNR6B_e-)DY8{UeH|5BZj|_oUj1wEGXMgX9mF|y!^HPnqlR_?;WK8YkO<&ZLW~-^^EudJxgv$?J86c ztZQfXKiS0m7m-3I%o)r$=+Tq{+68ts2iQjoCdATejv1=@_+~4N7xogiI93{<`8i3~evZI%-nSva`nIff)9vXmw z+X|&UZX86OFuyPQaC&`EYhp2fn@Ej_Y6a*_Av18E9`!cGHZ3X*lxwH@d$4$2H53V^ z!`q~tH6XczY>)G-xOzz~wQ3e?)hi&~<4?WEiYzNwp}VfRr4lh9Y0twX$Z2|pe4s$E z$HAnKUR$@A*L=;&VUQ`=uq(0gfn>}9A6R>1W-Vc$jcb)!@H8kP{a6C#h8{1+Ta??fU2ynSBgR$UZBi>84H460-8kW9&2ExtYEC2gaES8W$!%xaC>=xR6 zy>2rs9`;K7E(D_B)5E#qZ7SZ>;2|bN+$T(sRF~LaMq&0J@7bDR=?mQFC$B8wE55gC zJBnSS_)pBXmQT^anPf_m=M$;mPfimVxrx%A zU2UF|gqn}ODMGiybnHlfwp($zWcTD8yY&^H>kU|{E*E}@m_oH8+G0vlCkV}l#(Kj&&2n=2ZBRTPoBc@ zhb3eYb~WJ@rJ)iLs?gF(1R-qA1sdrHkhNRbrg?}uuQRObLWUQXjEJ%iJGpa6E`MX9 zqb`lDaboBC3lcqmeJvHo6Io#)+^txDy;MMNBsJe44wBEXUibl zYf&ch$SA2Acpv)ME8`WOdF$2WmT!atx%C3wZN=J}_etBP}~+qhFOmqJpGw`}y2L-qt)a?yCh9}vIm zZ{+Bb)(6#jH&7f4Mq_EkYP0TT>u4aCJf&6^j0kyTh{YkyC(`2ZtL&Bsv#i0&haHO* z!F>qqBE&*te2;ckgAw*MK~iYE1k6pRK}17n6%k%L)w3zeO$CN-Zf4Et!@2b%#8)^< zUDf`~!bwEszHkm4S=XPkdrp(pS6ld9zI*yC=8_eV-3eRF4_^UiS=Yw67a)kquSbj4 zP3AG!AbjP+xm2zoUx$RoX@!PkWohuMSu-PpL>AwA7LFA;4 zl}jac_95v>foJ8!Klb07dm0xZ?^E>r&Z>6iAvl|#C_l8P5ro++;ZRG9T8j<8b z+V4&vM%9#$2t7UdDX1Fe=wnC1(Hq;(?AFzkd}VabC}Z`W3}vc$&b0Fvr=;X73R?*v3d6& zIG;p2pNmV=G8RNK{)^^Jri!F$@(CIVfAq`Fm`~AYhj8zHtNr4*g{&n{YA9ZhFRU9`n z)>~9Cg39Q1KmPc0yS;9I58)#6lCBc?=~T*RwPoRQl@aR7=wISt;GRop9$7Q^EI~qdnko)x}@ar^4*nkG5lie@YhTg)?Yu{7OHrK&V15KQo%q>p7#F;Q=CnT8LTB+{{Td z)zz+M8f`VmtW@1`NqGI5Y$=O6ZywQeH+V?q`gB-Z-&IlPQo01+Y!7ez$FV0TOf{#J zit-O$&>TYP>KXRuKU=TNEF%2S2LHN*atXA}pPT;`P${j(8ovT-=EV<|09MMu#T{@` ziOE58PwVHgkoHy|Z^;97F@E)_o(of=l|4~sVJ~ARvm8Iuu^s9@&S-BW_iIgYyq0XglDz9SQ@A z1E$?{JKKG4pNfjkkXvlP(xKt7&pob3c$yn1;npgr^`>F=)XIzko6RuyUCDovI6x@} zP+8;-YQsW?5XcZ}r zOEL=rur78_sTG?Xm)J$^b<%+gKf0SuPW4>_qRf*t?hWgqw8We9UEB84&&V~4E*CTa z+S2emTByk5sbSSQr@9yvCO>An!PS7uTIK+k*9v0JE8l#KHGnzZ?rxkCSN5y--PMy8 ztNGDxL?J`Y_zwDAqyM9yNK#U}?Qd2Z;SVa+h^|xDZNv+@J7s#i<#3YOZ3sg+f-|>v zRa;gl?)F1-1a@~lWg><0yem5p0^!-dUxB^ql0$aCmH|<&xZ$|MDU^Xj-OIm{#1zx> z#wPuHDF8O9y!*_*OL-0Cj*M8&x60?!ywf3=A>Ho%HdHZqv*kh2JF_R}y31$Kd=rzB zH2Ll#Eci3*`rys9@JAIJqUu6lyVYusY7U42t4t1~{!!b>ac ztCP)m*H4@6yB6|i>7QRXN&JLer2$s86ah1J;Gn|Z&17Eo20O%kgol4bAu~aYkza*z zDD4AMD6;x`bRivn{VG_}od>7tYkTh85sb%9=)YA$k!ZH0>_l;lG8{Hzx#`kJ&5A$? z@-rE4_e3BMH?$Ub|6wiG*E+#;snL!FkXbgh-{LQadbRf?rloOYW@e_TgU~V`KaS-* z6KKD(Y^p`k>xZi}p+ zrvQ6cQ3)vA?7r%L&v=|rFV&jYaQ3&PA0?c^$&>U}0<@EfYIGYpxxi<2OosF0h%qyj z4j4APw?L&dbn&o(~=9dG%IM$TwXKO90!>aF*P764+V*Kw&`dxcu`wWsY00RLvo zACF`<2zwt|s&-I5n9l=$vz%54TlEyKX8oeWbW+1V82daOxVlNq4kviNiRO!<=@5_* z-t2#~Q@R~WWtsr6`2)qTlk5ArM-cApWBwBi3R3`#tsv>T5fYm@hib|U6p4sWlUzIp zw)B$$g2b1(hk68_|InHd&AsM9Y_NAEF|3#rA$J&vT!D?rVb5rPx{0}7fT$3=dOeU3 zyH28TqlGxRey z)mhTMT+AnX@rCeAhLrahntkb1-*vDooXW<11{Aq=#+i%!hlLNDJ$$Z4FNn+&wNK+U zYhOMA%S1L;hu_v7SV%Z{zv9VDRwVr6ZJpQNmZMwjZNOQ!8V(lZ(wG7=%2$&2qd-=G zLoKuFWJw6-@si5^BaZ+qT>IN->f2P}GOP0}LeiQ~E2G&zD|lUX6L6DeNN1_S|1+2{ zf9pJd5%>f#i2hsa0-#MRf#)JqFbaVdAc(Rys;REGw@e3PJtsz+1@ajsCT*UR03$H` zZbU0r=_^tUre%A*m@lE*gb zs2)w1B{%-YC7lzw+bqB&?xd{%VHNPPJy+F!yDqR)~EkEiI%?Z+jgz zhRvf}C7$bC(Pte4^7y1T*KQ9HU0eoOqhpU5Zk|TMifwrI%^<_i)ek?i#Qn=?ItP}% zYsrX+dG0Ka-DppbSBrAl-%-C|P}*5-tlXCdYYnB8vj9Z)Ij?7xPHA-vowR)Gmpum` zj7K3Vz3-Y`;6y52i)vY@$sMT;2-y*b3>o5V=p#TTYyfeab0;G0;!E38wQtIC>Aoh)ENBK zYIXlqYGJ$ei+hph{M}>Srt{!0@zi9KTYi<$NzoE{7`?NS;rj+p2Eb^SB^pN)4Sz{T zY5$k_4)tj?8v|qDm=iUtz~*boz5o#N9b)Wj!!^k=av?*=YPzTITdpZ)WatHYhk5hm{)ZoRg*B5lb1Hz ztdGz?`r;G&|0mP*0Q>vSAi5B8;zb0Phr(8<0{u%Gxqx&ix@%>wMQzubFy!O|K;0K@ zGst-Tz(oaQZ(`_peYqB}u-Ea7G7i#Ixx!=|ZxfcBJ50g=#SA0ynn!4wAQol5RezlB z(LeoNo9E7?qG6MR9iB)OZx|DK2Ed;W11iGN+K`};@{@m6;@3duGcR!4-Pmd?FeDzt zhKKBUI2RBhT6aCJFuNaW+BN^ayY#aL;&BH+Y+^8SN9AUKi%tH`SsW}{AMubrJ6mSGRHF2qN==b(>6?d0rm#mf zUJ7F7mPLD$TVcf7y&0Sk9%5PEA+rMmW|0={IF+ zZ~%}EuxnAGly&Et(k;t-xO6cn2xCI&we9LoJ?U00a`ss5dI6sE1w9b{#^h&UIw`Qk8gWi6lh`+sp-~X>X^ssG&v2KEb!&g9t*2bRtxv!Ym_U&+{8D!0#bHXMi+u_ z)W6D(yA-;g?M>;}m7agUBs}kec}zF!1G3YFk|DR?8xLORhBFRItW`@Sgy((; zuUU)fEfozp1WOQvy2h)Xe?xwdx7fV3wexejHs2<9XI3~SYUEdEDD1Y_K0S^SJ|0F$ zH-e)K27YlL4-(BZZuP29Jm#pmaBcm(8E{h74*>xrZ@R~SOYFyKD>@bn5I5?Od5+B( zz$p8F>Z6JAIh1@29d{e4KnmAd4^xT^wXrb4IKo~LtdGD@th+kQ<+m1&|0yuxA1D2Q zbi}~@<*Kui|5cI@F2eW3m>&$e`gkA4r|YwDGV?LNPh=g~cn(O2wgOun*raY1P`zPC zzw-Rd^&zMP2*3qFuZC=WYd&O<`fPqX5Yt;13OmmBVN+6jzB!7V>!Urg0ibZidwD%g>u@MoUwtT_OV!#k4;%PpR!!erdI`_w>Mj>t^EQO4dsuL%oRnrl8Vl)kQv1)&lmiIx;08b6n5}$`UFOe7p zGzvy^0LD(y8p93v*jM{L+N-Tx??WL|OZkXv(g2%v6L3x_OP?i>$@$p%;n=n}isIwi zkCC}6CWH>uwyE3#L%$guN_#6_;p*OTOr|6cvJYta#QZq!R#V|>U1mJtw|O9HdG-_n zxyo)*Y*ae`RPS(Y_?4%$yzXO4+^C&oLGalLQb^eJ`kruG?Qa-1_juR*@zjVd6xg%} zDx*@m-<<7oQ%@c5c6|>M!hwN)I4wS%iFq?}Ju+T0o$$Woll9kNHgr+2*zO&}f8`IG zSDumB`OkR^JXwrq?!^Bp+Kf*n@OM>}=M`5pS1pb!jxA9zHnCWN<6N~ZK5-N;79-SA z^SuxraK1|ZX}-4LtJQ|}ebjHPW}qwGVVl~D2yGIGSH8uOkKDc^-@OMcW)=`Rz(_j; z*p(pw@_L>rrDe?MgOrDy400aCkh|2PMF_`XqeqePgm7sCMCZ4=cbq#onUxZ48zFOw zt|(C?R@(9u*YMGIIW85Ctb+o&=U)w8Y*!VSlPR1N_RzareFcq+eIMQ89!qpPl1K$g5{`ZO4V z+y(ky_9yxdnf%WfA#3eRTY%v?5hxqLFJZDq)P4D5?EyS+B1I&b!>K$)=ec#CrFeVs zDl2LG?WOl62ZHZSR7&gqMHd}4!X3;Fkp+R zyfalAPm>}@AbA8-OUx4}g3_r?2Q~fxNScb?%DMyp^2H^SL?sps-sDkk0rRQ{q|(~- zNR(h%UoTJL%?-vs>NAA~WYQgFd0ygYM{}?kg{tY=h{W0oS{wD;_oG?`zDsF+u<-YT zeMXqZj)o;=KQ)btI9KFSr^#Tbq1Y?^r-%rrxzGB|wk=+*jZG9EH;^kY68ZfisPC2` zzD_IM=osj%KVnljY`uLhxFqGSY0BDsBY)?Ko$|)hOHO8KP!p@5pyOeIKt%q>(Ps0M z+E>whd_eB1fv=3ZM2NajA2ucZ<-z}A41KJ8uXQe3I0f}%*owFE`@mO;FPNvjfASh> z(J$5KRZ3j{dZn9dDP6buL|ig%n|0wc`EZ(b#TODlE$A(vz#uh(;KM z<9P87p6hn8aNuLJI{fFcZB~j-&As>mD1P80E;s=`s%3Y8$S@Vy(hvW$KC9;?kzmzP zDm1@}d4=rT4Tq@z8W!kS4q@$6wj^T4ve;Iz1Z}Nz4;SW0jr9B9{`7A+mF?eO1DV!F z8CIqV7Xz`B9b!yE_lNTB6vMDTUc)3FqNb%mYPo(7Oj>)BhM%rQ=Xsses`PpC{MN*P zeSc}or>^p-s3dVyxdHg(zT~q@laTbb!{(JrPm-qB5h`C+U4wDO^c80-jFwKWE3N%D zRzAN~gtlgl|KXpw-yWVDaDGHk0Ex&7SLR&8Xr%ZGt;M0x^8l219)j-E&06sl>_v?C^{96zR#*t`hz>X8X& zPBrZtoWzZ?3xkKA*QUDTkULYzJMn(C*(kK8+oYlMLsOOPq4FkToutH z9nKsE=C7tlBhu-*i(i{fduOL!9Z|2d_aB+ytAD<%*sgxDrAkZ;@fNl_nKrn9k;n;l zCO>9hJNRGx6xe$-x^=8RF~JS|n>rU(W}Elq-hP+Z=1z|384gAuGYLk}3jnx1h$-YJ^k>-V_)S)L*=i9tSn<~Q1I z%*VXg=*XTugUPGIxg8e(k%%V6V0&^%)RQ!y)uzDMe55;UWuZPof##`KmQ-aX>k(MB zeT|k;63yM-Bc^>x^Y}93vztoheI9jnqnnT^ZFwj`bVm#~h1x_A_8>y;_O&)R&Y+fA zD#@j!+ZrW0Yx?#n`$&r-Q4m{o)QAb337_!`pM{@x|0>f6B^7lp9ABX zk)RuqD(l$k!wXHtm>!QXfvtZI%uDp^hum)_J-TpzAU5n^%1p`fv7Y_fXS2OFAz!_p zsLFaCdAvKMql!7}&^VS=6FtS()Y-`z{n?ldjUZAoXcz_8J~g=mqtyK~CFuw$e58#j zCh_*L{dMn5*2kUX-HxDNoOTVsDcDC`d81}55}%gK?LQ+YsB_eC-nuWk6)&!lHiv~7 z?0$)T?CTq)DZOv1vUGGRCsF>iy>klivI*q7mTr0@fB3QNenPt*0ZZR1qBwopFtz!+`LDKBtT@BD*R z6wQ{+cCT_8x)I2Ya~IUFHI&wS9;8vXELov1+9Opz3U*{FnItd7v<->_7W%rmRC3_QU7DIi^`VYVkxt8DZPP&(yq_NUcG-GwIuX&;s?)P-DpQ5%60l5Ow9@R@`wQ?UD|y|942+) z)5y~iH9xQgzX+$#O2YW^$CXXbQN&ZZA!Zd3aaY8}5z6d5``v~ch4`n+F_O1eBb%oV zr*PxOw{H!4X5JlVU1B{Vnrsuj9!Y{@9`jy56b(sHxGXlRjV^uTZa!5YNSoKkJq{mc zwLJM<{37vu6qfJ>9r6_P;+rnYW5x2nsU8APv`lZ%)&dF1y@*#kysd^EdoPpZYf? z8sY2{{aZ~cRn~R_ON%XhR=-U6oWjYKWh75m0*k_ahCq?NTrJAYzbF!dhVDMa^Td8@ z@O{fow2)b=!9XpJa)3nv$jpDojkNC%3i1G<%36(O)u)!2Sj3tAB4iK6aU-oqR!+o< zB2b5@fNiG$@KOQ(RLVW7?c?57_=CaaF#Uuk@J650&v=aFxM^}GLqBZ7>GFmjAb^nPoSIzIj5#9 z>-=5aIoGiiIJf$}_f>tZ-7j$plJ_nkhnMcM<@5h>0d)Ab=?Xhd8oS9CeBJ#t)9YcG zDEQ?;`0LBE0R(!;vO(ZIeWzI6sx)4@zb^fuW19YO|tOlSZ&bL;y8L4Um^c`Y)PG2-5VI zvGcrfB>t77q`F@6QZAp3BkGOPS*Dqr1dm+$TX)MVMjBJc<%fi^jrY4~pG2$mxV%y{ zHe-TpkzPYvvEC8a<(4O2d8IZmI^G>&F54vpIaeBTsQlw zXf+VDWaWc;uWtM|Uh@bo8`bW!2vRu30~Evfw==?USRI?1D>s zoZFD!(wF#CB8;bc-?}JP{(@E+f~)oUMay@Sf0Tb7e|IXzR$BeuZho>7f;Y>b_Qr#5 z(WT|+ZXTA?m703p#gr!yA+3Lbd~A+Rz}SaBx-pJ*8kd-DWUNmrk1#xOqsJEuaerkG z7n9?+XdIB?#*c)=F$aNz1FkkyowF&}to%>EYH?H&FnmsxnIUB$bj@i|DlgTjGcI-= zRvFf-6w`{hTwI5hosQ6KaF1!)E6D~sH#_BT{f*~Q*7^IJA0P4jJaaQ#U0+LBfb(sZ zHLJ8+R!AFLH!<#>_`?yRt#jaaGH*QC|6xU@@LqRzyiDc)E-t`+WJn72-Zk}6c-Yf2 zFrWmVQm8on@$MVws;tfZIJZLHhpJ3ei7fiOo9casv9YLA`?2Bu`LA!j>l@J^vu+ZH zT7oqyG0Hq%eFHF3l|CASm+ESxFWs+6zXxd@>*h1KiI0mmVR&yjP#A2MZcxm8R?8*- z{AG%Kf(2@9D2eN9eXdjMctyNu{Ju`sAWV|$h*v$;%n`i!Ox39Zp+CAL$~4TX3>)i( zYD;8UNgcJY{rw*sv-bjfulZGEcSereT{YH+88m2F7pBb5^xBkY8!#@({jQ7O0`3g_ zw(hUdw^p-;hUtnph!)CKo35^!c}Z@h1zK*=-L-IkoqvJ%W)<;hctI-G|d4f&677zp4*$3E*W>)SO6zu4Woy{L&?-mJ9N4BbXr)%kpnnB^BUuRv)@L zJvvSnrD{%n5>zq(XIXU+@;2!0DrR zh!~`($t>R@+szMIzYAVw!1hIsT5Oadk2E11BpMs6EtmL2lJhVq2;`))4kX0e-V)FOP%8nU!$A*umS* zWaHiGF(It2Q}RY%?pBgwIx6aH;zj2%++(69)tQZGOu^GYD_La{$E#GD%NHAPlA}no z+)P-rwUDys-bN6lkG>Z#qUFnxjCdvwCWdZ-1tH&A{#Qspseh$GMbY}K^Y-m*6 z)XGf)BEu_DXSrdT`reXXWc=zaTa`hBIv>e<44`i4-S%6%iT8gNKW$DH2N^072Icr` z5x3}FnVbZgFIXHJ z1~^uzPop4V)YtzqXPCWI?MO^A2a>MLe&`WN?=|!r)4X8%)$)gEcA9E&eOw_uePcG> zuGDdD%A*Kb-f35C1p><)eXSFP0HzxKy6#;!hGt@pqiB;ePVliasoB z*^rJsUk1qXq+FD4M0QKJXbBqE`tG$IDd!`*T3l_0bLb4cUynp->pySU zqP^`%DW!GPqf*%@IGaHkX%0P>geq1&!{ze3lXygYuPhX}Gwbork=&lU!*%)Egm;=Y zUafoc$l?okTH+V^HlDEPvAg>ik2zU1msZesX2 z*%O`nu~=<(XA?RVj+v2gG;5QTMSjRldG}7 znWvUd}K~09HKQ_*F~^@EmQY0+u5FqpBhf@bNx&(c%O8*blYuhvAS~49n^TIpKi(lDf|u^ ztCJ52cGRiyrUDsIUK7z``0^5A6hmp3@RHE;L)OH-$?_Od;6AnKFKFLj1QMMM{_6Vru*fr^excm zRmX0%Z24&&+(2@l26y)4yylQQg7}SCVzAU}_ov{K;wx!TDQwY5zR7zz-x3_P8oM=K z1Fh0v+AGS_h;|Hg*X+%YlWBdOoI14)Zlq0G_?7p*Jn@NC%Q%!%f4PkZzYsrfbVT`N z9?|-2IL9Jy{KYE{IN>R7BJFY5xZ>{buypH!5zCxQ3|5jL5WedxPu||zR{6U%Xb0!_ zc$dhv7acKybrT$wJ9MO}zGK?yA)Nyo2LPup%LLLEjll zOl$Ki3x$SiZP{3CPf{dvv$i%%#wW=kS8~)!WE|>^{Uug`*SmX1-v?GbxM?_Ij z0ZFC1K|s2@yBR`Sy1S$VMMSzmy1N?*fuWS{96(xz?(d%Gea|^>`29IQV6$h(eP7pF z>so72sVv2Lo<^Hh>rJ2r`gPUoeMPIL{0;ue#$(AJ4kca(O-Eh=ij6(08Fi}88gr8- zDF?HXY(_FV`b<%@y{Uk@#l?v}5BPBFTS5k>EbQ_7M;8$L0BKznwjy*+bty+_s0gW- zz3{+uWsko5;GAx9%YSH=4Ia5Ml>YWF(*bS2b35AcJ%}MJ2by*cHHyV65N!U9o+H$^*t+zAe1cc6yF zB;2m2*0l)QUIu>gQL0(FQH`(TKCKHM$Zm@a;RO$Fe0_#ZFDi{eff&JJeZ2^#J;CcX z;A@e<<9RE8ATfJ)J}*64@3wUm>!(Bnsp4Owh>}{UwGvRCjpv`!ASGgFUf%}+DR@{J zs@c33$y~cisyz8^>Qb=&l0p-+6<50qKAA?K?v?h zKbrxw0Lx6>l#srGidpnJOZV-}ab`lnRKj*?1H5Pb3jc<`ve2RDP@*ZrV#kbsB+_^1 zBFuuZv(oqoW+tl!vz#c3TX64gipr**wgAKo)A~n20blKqxt6m#+PED~O~Beax;{KPOX`kmqxB|(W*;y zITWUk`IqwQS9;q{oU~sOkAFSy#+DVrBac-3_|Jwg76)lv5himtl0+b4pt9v+xEoII zU+3ATd;&jKQ}y*EsT6QW5@Z=ZTg0AHwEV!&sCQ0PRnqOmea45wp(yoN6be^PR(H+V z1Yd&lpxK7bXzfE*%zDCf>9vCZwOMtt^3KQM=uB_6#k_bHy<0Kk`79TGjmNi?Nfs01dH1K}v*4ycOC_GX^nP7W@_MAk?$)|`s-Fz;$%M!>?*Mw=JWE_`4T8Syj|sW$lbDzuACA>?R9Jb)^um5Px=kd?~R` zGk3%q+P6k&Oz@8d-z-EJy3tbd>6GyMmT350wEr`Wk!D(7gJ0_7c#&uey@n9)EyHuc ztrNonx8Zz$`MVb=N5MiHLcLV1ctTs;*^41G%V(FJ^?E+xfDdC@DW4vp#_|S9!E%8mBsQWG(6=vV7?1`)P_MvEJ{V&ptd! zj)cySWOKzV=7#$0#z$u^&rs~rQDw@R4EjT|@(eDX-*Xa^ez1qlG1-Uq53qn#IsQ>B zBr3m!$!@IuQ*5pbt_hP4(xB`7{YN!KM>(cChE}E3v?9w4LnC~Kk1DBfgf_=jSCG&a z7teCtNT6#TAKS|}-D>fQ(wui{e~khm>?YGe7kjj1h!J*{$^ei8l6YlGp9qy;yB|1)Z27aYnsQvhIJxNGR z$ZlOloo_SReM4|0x0d#5N_u(F`PcQvUees1b&dgN`HaN+m~R4OiWYA6vwwUqxZ>CO zkNme8M_YEwNl=IM_R;IOYnQbMXT12o&f;N)(C}n*1M1dP4Sp3ajlA=Q`v!HC^@57+ z51AvRI<^aH0J!_x^iHqZ(49@_bO86>e*Mx_G;!ky-cr1a|4+XQ%H^X_Tg#yZxC~oa zQO;w^O)Hr*oIR9(;I$YHUyz}teO>;;4dpq5`D#kMql^lLEb;uF1MQ}l{xF$}Hf=%u zB-4wry(`gO(Qt|W2C@7dp<&V4j0zUEiOIL|?bA035XGyj&E3-|ip z8Q9yaehzLU#yTp$8^a-k3Z)eNncAVG~w%m{BbJ1+~i?mQTS9XPbNdoIDMW4+= z)5NO&Z&)&nXZR{B+*gTtm2yCJ_>Q(0PwzI`Y;0~dH6dHEO0bvmQo2qgJzeaS!4d*IV*Cvs1Tt6B!v-Y3+rUEr2DmZ}`zule58jR0rY#NUrYYdNJlm z9XOGzs;kl3i&GUYXtDmWz=$jxW6`>kqZ{HL!B6`xpF&^(SNpMrW9G8i?_G1%dQbB! zKyGp!Bcx8W$-TM6Av3P+D-n-V&hA397P0qkWv7HgRn%%*VqSe$d05x`r!md@O#^<9 zl_rm>`uQ)Hxswv~o-}o^18GxXW+cl#NQ+*npxw0f;tQd1?VY15+cTYso>lrx)~Mva zHKng^0KddAdLNle>b~fvzv7@&=Q$eqfQe$FuJ)}NjZzYoLh|d^QJZ`2Qbk|g)q(Ob zfuOv37EUdn%uK*(6PKE*OC6@?zNb;;IA-p7cH=l&WM;zS@w;N)Z%4U*p-v2!$$%{A zp@9zf`|#Q>j{QY%y>#!ZFUMQ4WNS2pQ4G4fG4Tx5LR-DyNP%SmNjGS`B~| zq`4S~t1THy5ea(unANXhdb-`e9ccUXn%wqu8}OU8r(83yPI#h|@d_uEHhlGba>Oq^ z88O{9_a;UXE`RxASMa!1rJDIMMtaxSTv!#V(MWAi6;lAK%IFDe&Vt{Q(#fywXn~F( z!F7i#x5T_=owwFGCt0w^>L^}sYqZgKh5K#mYqf44dWG4aQz7JEqM{r#lRvus-4*=f z%}}O(6w4QdvfcDPI(1hUH!>$nhb7f&qLaM1j2ZYHF1SM#bb-GaFi;a?ZohWIQq-O| zek?v)VH6~vA*kQvvXvEHMFbpQl^}m<6>BPR+ReWWurHL#O4F$}*Li`Qc(&wkNbIqE z525W_Z`vuVcJ{qG)j*@r4~`^Z0dAVPK(q?Q4bnz``hrdTL2wZD6EIXR4lFj`qB-D3 zQi^}xo2ws4b6=zbhK?}^MFi+ia3P5@}YjacXUwM4AD-bajPit+K8E1nzo-9HCj#t^TweOqS`CGLf%pvUbB z!`ldJ+;{#7Ilef6zwrWkgO|US1pbVWn|7>bu?u~n z(D>Ng(|($}vB*&A!l7HdQRKmQ8ypxKMO8+#%R%y6_a^mLw=^8;2(BrO{I3X9~bRcNeE{3BWzcz z2AHe0?`iLs7_`oI<0HSsZBFz7MnZ~yz)KEw@|mZnCp=~8TGFoNP%`PYWi-=!U`TCg zJS2uLU>aV5aQh5f+n1>6$}YpytiTWzZo0kPF`KKig^$Xy$be)i)0NJUD!T>VzeDki zpInRx-T7Sp-qQoG%TU@UH$RYgJ@9*_tCY}K&CafDFkJvr*073-m5=fH79{n~Hnbh* zvJ~Qsu_f`jmmw@h8TDSlbDL|PllN6%V%6BQR$6qzbY9Y)HvrX){>#?|CcxC%e0WL~ z2iB9Y7_Z-~R;CUD;#C}ttDhbX)k{rJyYJ0X0O=_wu6;Wn6gYR*3V$vj@ijjwf)8J1 zGacO5r)1Hu(|ypvIMZld4?9cSp{h->!X}6on z4p?Bq3LMrxcpt>Sv~RzuGE2#Zw;OGAwx;w*am*ePu_Y1 zzjc8Ze11jxJCpN!Y{oEgBSj)^kG_o#hVoXHgBC8?p3eKK`VWAF`D~!!a11u0Yu~I3 z`?4_%Vf6Pr@huIdTK2=D@BNfw>}5kr>v!@orT$ZPaPOVqk$;y;5%HeZlDCs>sv4Q0uCVl_%oHgV; zj+KkroIW&pInF9Xb^L3U<0Lp!?I4IHOkk=M@6n@+jJu1BQAF;2Du>m$^u|aA%gxnU z!rkq`T|6*SZq|HIjMA1Pcr?fk2f|p0UGpAi5|@2?jord*@K<0?C=0fzAt(x2Sg=Eo zJ=cfZ`Mo|STELPB^$Fb_38g3pHw0IV=P3|)9{-dYa{bD1&&vu=vZ+h&m!1W z8``f@;~EdrjKcb3B1S$Kn|ZCBJ#e(&*bQ-G3Qs7hNYuZ0aDi*MmELTptX0T#DL6|j zHIC!(;bY*GKA$lBn!EUcGSjGc443>X+zWzx@Vj)9w`?|6o*QX6`zo5<|6nL*7Mz387nQ$nv zF7FH`z$JgYi75@HMl6+X->^y$D`}B7VszpTpv>1w1Ix>?2BswQy&#P7uOj!WM@3$f zE3-T%`-W%1Oz$bUrxF@$_H0!V{Mu054r05*7Hsi{Qt8_`6oZX4;`*1AQ1sn-$=Btrr^yj1{3HZdxlznx-mmR%Rdt%}ViwA8w!a6~KAoCY z#`_j#xT{qf{jsoPT1VSEusyx5fvtOtEdGfx+L`ruq71G_a~rBagCE(g`cJpdRy@zY zHDG>`p2uV4HUHIlhqjH|C6L{^TcX>f9I7VQil<}VBldM4_yMOVkE=1UIMv(Mb26S+ zqq^t7TB<&&dO3dENKD>wXeaCOgC`81fc>4<&PIGNcyq3b}0yEEF?a+a6bEHK~sia2c&W zL8}`gT*W*F13gt9@`WDUwj6?Lbsw00%Xg_l)yJ)u>Oyqh*IJf-(@*-899GQ^CN`W= zO1}Ey77&oE12KTzCT4)ci(~O0zfbpcw=AU5bgDV2UOL%b4thG7W!Qy?^ssaIJ!cMx z`jAl|r7Bt}GEK|SpFLjj`VTr~GaItdngRpIkrHCU zc*7|84}-+z3B|FE*OzaDYX`J|8MUY!F_clKs+-Yf+OXnHzz6njD4F0hB&2wrM@)9D zN4wP{v#Ti{{D|yAohK>@RSlt-e4)W}xV<$YayVrgkEAJ)AKyxsPFVc{IRcfAZybXO zra@XQ8p1nuk3Zb4Y^w*)u*Uj)JYUdkAJUCQ{v9KpK-&$W7Id^C4m|DtR1CP^ei`(U|F9IAQ`1&!pnQtxH|$gNg#aa>Q4#*XRUY(!m! z-};HsOJ}om`4qt^-0i0?$E(-0mhh<=COVPi(!te-5PTxzqv04~TqAGEp?ngR7r~a} z=vF3puSD3&oIKW%n!|#A3L2Ho=aft89;9BR1F2T)#CFCId5TtpusX$G<&=hBnW30n zhct?8&li@qlre+IX3Q(|)tnbq5}WhN5kJREEX8<=0?DQ#Jfv1-Ob2D2<3hSWtX3l% zMT!6AAf7lsPh=Ixu2S}sbY7szwdRa-Z<&5Gi+ufb%L4mxeWfiuC)smMKC80tZsdE@ zjdFEX*ZBiYE;U!8#N=;P3CUSh{{d7Y2mGyY`ul^-*Lh?EMcszq=f^2_4VrjnbEYS= zC%C5WgVQqR{USW8Z+?egoLoL~RnpRTjceo}E5a}d)uwEKU}7gpp|qb&La0|s!>+fr z+N(nF?nOE~IhA}k@ICORR~%=@qs8?{R!#>qA56)QZ9at{+Zk$Syb)kGAH?69uFU>h zfUR*fuBL>e3nyJ9g)diycm%yY`i4T17>5xMhZ*$<_Nk-G10!2nn<9$Wb=wqD68ScP zw_Ato7X1dRc@v2D*vWRR4X=_PD>={&^|YM1-wALfQ$4%?-D|Un>?TB;AKA1F!X-st z+%wd1uT@P@xk>x`Q}fBxkfv9Qxn~|E@Jn&p&XUhf(B|kA7gJ_CDKI(8 zKR~NB-(EC4jr0@y>~oG%cokxg*JQmi-ZxgmpU8EuGs#<9t?^a#q(Tz^v3F1bd^BSz zVP^s-d|X=}h0Bt3KdBloaljy9cyG5!U)gq|Drxa-9lnTSqW*5C6jv}Uw^7%Hh>z^0 z$}HtEkmXd*@Ynd~x@i_Xr#d1&uf(NQ#cZvwWR}jU|qX^$v2P3|A2h{??HN$N~$b^hekK{p6wHIRM6M& z0PUzQ_Bim>f9+~xjr)>u*>Rzh<31PRb5`#vtBIL$f6g^3zF(A#BxC@x_Ugx&ZQ$nX&m~E_)}a zUI+Akc!e(Slq~s$N8;U}v)&QL=`DP_89o!buYy*-{*v81veC#^yM1zg@v~MT^9|qY z1bVrAnF&F$T&FrzU8^B6QpXKKO^cddJu#T+?U&7iwCIM<;S<#HtlAUjSNAX#g=* zKokH$kJx;_6GDW6xO~Cb7TYx?290W%h6z{u+)@4ot`a|I+SeXN567iW^7kP`>)K%| zlX#}%GSv3r{HHt_jA83L#>~pDV7BBM@cmUqMz5SWb1}KFFYfe51#u!gw?)l~;VDo_Empwyf%2 zdrik{{p>A|+M&)ZwS4x0P+=^!9mmeqc_MiGPwkf2C-;7c?@ZRS0X?amFHqkKh z&qvUf2z)eGH*juTavT}hS%}y{{r44YQ}L@_lXbv~JX!{Onvi>}#FQ{0_n7El@9JC@ zq{+o8-1R||%lq>Wl1_-@=GSYh>F%Z|y$)2;{BZRRYdz80&t6bRPNld6b2%Lk8#}hv zsMjM1QHcG^x1}XRTGxanwZEw>(W{+A8r1wDTmzz9CTLJGLvsSLVR+IYSIA8GjsdlY z6j$!r(^%!8*N$psk~>u{-C_xEYS%kUu$QsZ?O?G~i4R&SRqoAKGjIzUS}F#HVh6_Y zeCAExCyOYX(=6MG&RZWY7vCF7sd)AuUJ2TI>Yui@+4J;rL#^ODF7Xc@NS(04G>((i zruGuPUtC}N6y`*dl)J2^D^q(KL>?RD1rjIVqFWfYdbwhGg86hW=nZ|Tqqq=W=wD|U zXKz3pPL66WNO})vkN(B+pEpJ>M7R;lQ~MmCs7mI8$t>=Re&K_u98xbi3z$GD93vKr zzN6X_$OHq;Hlwnt+H(@aapLED6qEu8bY$Lnq#tCY zn1P6cTjQ+Jz4|4)PB~xzI7Ge%`r{~sNL4fP7J=fW{54T$3$a{mX&g*qmqLI$8Mnvz z>p|#(Ul5bw_~^b>)9$SI88Z0}TGZNZPs&r|de0BnG`@1vf-#lyb=Hk23aMn}kUjuP zQe*i{8#cR@>fn(H`)=|rMY-+GCUu1TCEf|AWnmdP9T=8_UgtHT8e>t9#B*44_3<4< z#slzui;#yJpnvspo|~;IRUZAaNgUn**Bck@iPP-c!+1aD$)Dz7n}5vo+>gltr^z^Q>S8_yDTu2#i!q5 z39DIV4Mi`OUaO3;{d%1x7erMB_CUQ4T4@jyVvZ&q@9rTcwX2ga_TAeVz-5c!+iwtS zJMUpB;!rm61Zi2pY?SjB`1j}9ubSJjpm$?JH!(Wb^Zs`?8yn&f#Q4EIg` zF@X}NiYBs3Ly+Pj>Q2vShmpD8xJm51mnEQ=kC=`%j)b^4ls*!F`ttP`1dPSzd+E~b zCr;FzBojm34}dS&cLMtwYXELouW(NXJRrwG8fm}XX`ej=5kfFT8|xJIMw^^V0 zt;N)^!c9evy0)#UMT(};OPHj(Es4`49oR{ZlsIq}hCD-B_C1@onF9fixTqF-xKnfO z_DWkn+G=-)uarTE4ATPh4&X$HzSP<3Vx!t5Fb3jl|NDON_vR4`L84L6f&Qe@RKZII zji`+I34j%RcD12ip-kZ}(P+YcGhq~nxb{Yu36QfBj6Gb7zyopTQ~W@hVoJ}G&PX)L zM~swsG7ck|Ob5LZc;YdLJV+4P^Cq7Ak+Amu7YF|=fq5_BKCI=CLSCt)uLNcdYU(PR zzU87?XD!|AyH7qei}p3)5%(cc1>p*)Okc`cPjv^ZbL06NvR9&e8df%LF1dN#cHf#o zYTg=cUN>Q+L#;%&fur~5r$P*JJ+IBsE#|A96%`vQDnj=n*K|3o@eiPJY5}(W6x{5E z<`LVdgvAv;$zj;Y{|#k`EN4BZO&~`P>^~*qGuv+o8LcqV4{t;=!`%*JphSMkXu(hB z(t-O$A7-BSrbBl zyRW^_>|XD|tB3w!=cui`?b7O^*Z*3odb$y`#HIG|is8%yM2Zm{Ot;GD7ETBC{HPug zWbg-+K?zYeq46C?cxZ4zu(ZTd4km>pzR>5JmwVzbJVcfW*!`M%?2>tX%f=_Q`NFum z9jz8yDoYHiRRFt}Dbl<-09ee3&4Bx%yTnFhZt5AG61)z-D|&WCQs*jIwM_VlD!dIJ zVsvBtX-gt}PRkXLfN2SM(mh;XZl~0yA1+n+^q!vHgHJ7vHcG3+z}8|(y0MTfRWT3p zBdyY6CmxbRI|A+xojeY>KY+9PV>x;p(0jlFC=BD(3!?{Gbc`Mtfz$0^rBtvH!Pcp@ ziX)xHz({J~L{|F#@gd$Ty?hKa!Ry~*)!0od?+F+^SU0_ne;I975@tQAbO@_H0*)LI zoz(}d#PiJ3tK3;5)Hv62{MADM8IIzC}6qiZ&QsXIzfw?`|0cX?!6kRtE0h zFff{4)N@btnrs+d=}uIboEe?jUCcFn72dO#uq|6mk!9&2;vVw*P9m^GVaulLP|QJYQx&>^SdC8jA76HN36@~+XF z1EYe~`mX85Y5}@ipI)--Fpu@-9%v1u&K$+}<&!j&{s`=6NdNF+-QgbKQPvnd7p5Qn z;k+?uA0w?x!oKyOhGUI>PHQ&p>@GCVWc#)4N9UOT$g4ku_v)HzAyQS7q>#ppsyKft z`*S!$zf)TVf3M))=)?ZA)~9%3E$B;^+O$&S8A9co7jA5atG?dti=WR1I0YiNVV<(- zN=s*KW|k?&G|>I=t9K#jo+;zo)-!O9=*&qu0WX($ps_+bU~!H643}95g84Ca};}?;3Ya4A}X9hl46fnboiF$Psixc!2nW;NR~P-n`uy$m&ek- zctIDQKF(gA8z>mqLfS5z%xO!R#^-vDPhNj(^vy5Nw>(vE-kWIHvu)Eeg_tzShegbj zMN3^DF5M3=O!W}JL;BeA#pt8^Ph%yOvp~P=^oz->Q*VN^-VfcJe>ekK(DjD*2fcGz z?htt)Xxvg`xgZJlNrpIjjaUPLCfR(&yyDHmzc2=E1TCd3iBe-$s=!6-H8)WZCd`-4F)6getv&%pnRG;>-$?-?QDHs~_1`!Damg zga%chS(;1!@{UI~$C-M$b0%-75$c@3IM8(}B?kJ>I8c@1);03kN2aZ{#UuiQq{%PY zUP`E_pSS1x$F3X)hncj#{Z2cR+PN7{kn5)S@g3(6tP|<)DT%LoANg?@)L+Y`Qb?gv z8saT7w#kH1Uq`_w%!-|IW$Pl(1K%D6kz5NC`(HaE+BZ{xPEps5mqMnHaZ7B|eNS}| zJBXg!j2XPP+*jd2_Ivo;((U9dzK~xFXi_vJBVJNX={ZL{dHEV7X6w@fuDk_-BO?;u z`auM%+0QJA_%lQ?pQo6HXl4=~py6s0AUvEVW(#6o+b`;E3?`Wbj%sM>Qz3>IK59ON z5iFfcW;(zELo_}mR8xM5eq%M+7fUy`(Vyt3w!W^l7y~k?QhwBfun21l0M^5AD;(KW znY{h(dbw=NO7!bhp6&1_3;LF|TwcC zcdD(`O10OJe1vburVtDsZ=bWH#ZE9ejdiAipdj#nOKq7 zqhJQjgT>aN**ri?!@=x{woW&0Fg|kf<;jlqZrpv%2VBLcdvnF%N)Rl+it|E1?(4Xb zPLj@lsd(hIndXk1Pzo-!3Zh*BHeOrc$Qs`lH@z@rTt)Q%`xhTV?lq)2U2Lqf~G}@^->G_$=Y2yIvlw=)$gI#4GT1B zuT&K_B^P*k+}ePe#7*e4wRirbunZe*6^1{oh=CoRn25?Z-1RsGG;gxN*M%xu_Pt0^ z&c4od6o%8hYxo+qLUJEKAz)?A`_aJn3Jd_Dx$8Ax7=qSPD5)5S{K;c$f?J2BtbO3- zGM-GabURIhKn;MpjkOwC6kC*0R6A>-a=S@_+)l~BAYEtkZw}XWXR;sRfhHFEY+_o( z)keM{`X}f98)j9Vb&m^iWDHNhu)lRpU^dKk&iwd+8&r_FmERq7Ydmt_{H%7G(5>DU zN#p~z);>8%WQXZ+4r=rdiGq*BaZb|r=i@A{WLAEl_Q?I~^7+3|nJT&R))GgYsv*_n z({GNLqI&O=UO6UXxSLs*J(Qe$;9IK8v0m{|{`PQ)XUzJKl&19E({vs<@;$1%j>)(d z2j*cG0g3iaThu$~?yqLQF1X0$JP(2lzmyC{fETd6nR4=Z-P*)ix+(Nl==`Ny!H&kJ z;+}eqHR)L1NHv2{-o85#Ume&0o@u|b?@piPnc>WLE3Al#i81@u;;BlYDGWR&=vuhu zDK@ABjdT7D{rsN~R0>}MnZ;u=EoGb9pIegP(WeJWbQq6j++M%uKkv}rMv5!ed@3c92B0IHV5_u3t5kHPe|w$(@xfscdAP+%;DA{+KOiSX{tlS) zthcvVPO?lrYt*f(wn7x>;Y5#Ibzm_SKgg&a5Dy=QE{m0<8Q#JZsE4s>kX4rEOv5|Y z$OAX?!=)DeoAAXUQOx}JJo3@_kE5ehbgWFxq30jQPKY&Q3EmsnB1JB>XGyMZMk6Vy ztdsw_n34f)66kEXIjkp3l;v0Gw6yyhFx0TST{1)1+TO4f`CK+0uVrmxPnkQqh7Yim z?e(#EB4r$>2U98aFQxn<`@@^8`1c`cSm>z6F&GoNky>e4X>c_#YRujN9M?6ECQV1tA6vto5N5Uud~U&nY2igh zn-TeCm$O5c+L)8+v)C4k^xny%4>N0-Df}!mnpKLs|D)vwJL5mgV6bP>G9iX3j4C4% zt1LzgfXJ#;eWEvkMXuh|G=KA%@c;UedA;rZnV`*}A zQ8rwS88!^3BN-huMky`j{k|j$DxQAKFRFWw@VmCQJsST%jSwBuIx{so(%?#$6l|zI zbl`9e$Mkf*r^>I3x_=ntvVw#@LrqPl7hFa~HZ#fAStEz98J>xMB?0D+RX!I^d?TxA z-SO=ouxOxQ^V!q8j5rLr1&M+%kOv>fe>U%oNU1Ikdhn%weUGZXzm9f?uJOQg-4%kJ z0js4RiSa+4X2m(0+-X%jgder#$~$G4JkJ`uJV`MYX&nun(c`w(unG>PZsa7R+jpSU;FOra&pJRaZH>5>{WZ&iIhh*)jfdrCGoImD<<*g ze<9ecrDCvfMOAf;ZvFYp5?a$ZT43ZmQ|+E{y6M)ilcHc*%j)Mxv;73=}x zc$X;X>p}YxkiY(-_)A7yM7>yJ#0bat8Nq1wc2!83Dgdt`Ef%IZ%o!mU03umO5EG!X zAGnXsPYN6kULBerZ4AK?#V;;E$TKbmEp`up5o{cII8s7}nd;}s5ycoTldg73jY69L zd8mJdAf^Y{VraOQe5xN~mbc$F>73Wt&S@f&;-!K6pJ{g(CLGvc_JJo#LkEDt*K0zz z*}BAL1HkRnSEtb_cOC$(Zopj>8nPP7VersUuWzQ-x?Wd@DVm^+;BBhZ=X6G~hi6;? zW<#?IUXk=rWq~q{;yj<Ss9JBB|H=*tE{-`}ZH{fq+U`?*{ zo-MsxlTV<@J?fg`0sZMj4Dcb9144mMr=N*D0kcCvpjDk0!Bno2eM$d)ePFTmii)Aw zJgHsE%t5#3%OBP$VIZiKBX<2!nG!y|=5I<$*r4$QP-dOC--1xq5k^f2+30Aiw|jNx zOuc=^V>aLf5tDJVYk|#vm=A0S*g%pRB8-=bBp|d7!$Ue%s-p37yLdg>x{Q@Iz~@p} zyc4HHA%zoOYVRvo`hm0mDc3wH@LJ9~-kDNDv@6xy-zLxkHn;LKIE%5j<3nNb%wY@! zT9#zg8k=N-3QgTqFpVC_{mQ=PJExvv6qdZ~W zaZY)r&NmcQ`~m$2Q9O`s_opRud0Ig)AByZYS)=rE1eK{zwY;zra8+M8t&<+vPs?ro zD9op^+YdMt>7A)!6D0IAM9d~Ns$*8xZ~_j)6qLX|;>!xfcZd$77pKiUITrQsm%EE4 zE!%57wTPD!R7z{Y68}Mi{&Q2Vd=#q|CFNK&+?BO(_gCutrVmtyK7^R7(0jkJcfP2i zrE#}v06B9RWJiOs1VSux;ABn-T1mCy&&i0gJMlbFSS(9$Z%wj0s~t4zh~Bjj5KTmD zr!i4cMw$W$NpGVA*)yO6pS^s^>r(K9n16aUi}A*o=@?O3z2vl^1qRn{W&AB2sFkJF zx+^8Rt%{Sj(~SBoJ8u%cH>#LW4@gFYs!1@FI`jfP$p=zYq8}dIVW48-P*I^$DomtSC400H!IX#Y%23?lu0BVZ_ICL6 z|Fd>j{$0Dvoyx{B$Vjd~!LoArMn+ZY#Wqe(@xtMSk=aPPfaYg>KJDp>g+}Lmof98G zA#o-Y1CB&@FvIZfa%#IuO%7q2rA<`gf#HtvUb^AK`uh5eV5d?VudC@ym6_AkUj4wP z;2F=i_3)12N8G?5DH^!GA?!U%`B}jD#VdE_?sP=N8T89RAo7(NMvu1-lROajSF`n!C^Yk2aQ^|~)b zY`$G?d|X^uPY%#ZRu0aQVkCyfU<3eZzUkF5tJAT#bM5xhfzv>C>*E+zT;W1D;J3Uz zVY-rKhHIK6+VEE6XMTOuGeUk-+p6-RKR~iWb41Mek5B8 zuc^G`vlxrF9c{6s7$`R={TSD)VI|z24xi+s(C8>O1qOg_Z*8w?`m={BhebMefSO$J z#;Q!`GBG7Ry*%qI(f9eJ(3Mh{M1x^O$}7m+K3RD?kKRk`PefSW>P$ZCwP!y=bHY(o zwK2`MeF<5usvbhhEYDV}n2F@yh=vvE_im~c@IT}+_yf-HRsFI0j~+LuR<3$;YegDa z)9zyHocPQ3RG>fBoyYl%`B#zp(3i+@XpnD-n@8#;N6MF7l@b`_Mq6T?wF6k2tu~kEt@1icmnRpl4yp3Pe4aN3-;bhga}K;ATYK1A%sS~e z02LoN@*%`gv0nZWlMsgp~}jlZ?b3p<*@(vKm4iwM#RlNL3*)WSuiz3wdp>}!~R6p035azbv+DR>_GrP*E7w%p z{R9eCD8@>Bho$hP+hv%sJyQHq4TdB2AMvX3u=wYd*1P99ZEdos-)-&XkzAd(2rcoJ zAH(}iSmX?xmIhK42n^~9_AVw_iiZAo$oT)RG@`cGMOGa-U@l#h%_I>=Mo!~eycCXS zgfJbTlTgG^k9;ATbMODI05L^yfUY~7KpcQs1@K@UKT`ZJ)6{qT=sQ>}YgcV2Y^m-H zae(<80OKL_psKAnZDoYqWiNtqt8{)ijZertVD;w0gEk{Qde7iy-}fBA?Ifp`OSNr$N18U=t1Uj2?9ndJ75i?{9t!3Pqhe^np^{^(hg1^MQ#7PRCa_K9`jVEJaVDl7FsbSpOay3=N)cHx8@6j^nNyn9#6L4yD9(T=X)jH?&q5$RX<$ib)svsAMO?$1S6s0k>oa( zgZnP2PVIb=;stFDqjp6HGTLXv7p5R#wL0CMQO%XbLFkgew4V^^+;dy%xl^AdC*~RE z3j!`X&@%C5jM`T{ZO0vvE5AczJ|IFlb^@I#p?UeH0-LM0)$1%gfSz~ zY>~3ry$TvD_T>{w=?q2u0@MQ)|L0@*uNYfL52f<{eC@k_Bq56IDned$(hDj0`fpGn z;tyaxUlq-T#^t~tM+Lw^rxNpm-8^xb&3QxqBH#a##&V`Ax8-*yT3zB&n{V@Vm(X=k z+{Mj-KZ}6Z@s|<*+oR}|6owJOs}i59xg|~`ly696K~0aa5v8(vxq&|5)EVj*+){Mr zT8>BM5EDh9j2g-Xp5vl(LSX8sl;|_&6E=2sFnDNR=Y>V17~4ziJy;fg*!-&k^wL-Y zR^tU^2vhD{fa{JHYq59&!9xfyVEEhhTqiWD+z$*gmA?OO9Pw2ILqH4_9tW*wFd)UL zb6jwp(&roo824DnV@1Rq=aUy~ITb>DnJfTZj}f|FL8p&DsXnbJ@w_>i+VesX42I{O zc%RTUCGM`;@2uBuQ`#>G5PEez#~vIu>q*9>S4M%a-~JFrh*Wgjd3bmx`Qv%p0hDNy z;Rb;6+;}a>Iw&hbz*LrQMYPpeUIcniU0Jy){U$Jag=Y0I zDH)32KlwEUnbFkR$y{L5kRaneK5%awFV~Wy-{LPQISRbubh~~%)5xI2d@v(1TW3k< zX+`zg^^zZim3(z+E(vnk{UI68s88qVeY$lsM+K4#zAPrV^O@;6{@W_>KOern{=04Z zt4g`NpxD3qNukFmDvjkzRE^3E5Su-I25_&~JcShKk4!N{kxH#fx~=EESBsF#U?~Wm z6e{(D!Kihi+chEiY2g}=+l$S0gbE*U58oI)G2S^$iT)+(K-P}v^uhcv7FW90Hl4GY zXdkH`#-?=GYtSde0N>ndHz3(yNs;bqXr#vTz!1bxKn(6Og!To!VYL`0#1gIeh3Lgf z_m%uF)vDna&FxowSmt0l3j~IsgRGnuHDbSWBdpx-U_f_fW`^Dz)(--0tPvxaq;QWc z`{z>v9>3pUr8O{%zhX@IMdDrw#D6m2`)FwMF#>upUeNb4(N!g1F>Tieh?-%g^^4K> z?mz6yjufN^iVt?9rz$((3Q%t&YRTDm{UF>4K^48iq64h z5nn3zxo1Gy`2mD(2rrUwF2VuI5sNOR`1-wlE1xU~m7oAEa&-OTi$YC}UitH4?aZuC z8L#xMCQ8V-mR?DNzPjkiS%2ArcaCSZBpWQ*kIkoByt-2t%tzUb`MuX0(=sm%tC3jv zOJ+X%e|_Qpt#Cl_r!_E$U{TqTlMA#Fv2cQ@|k|XK=}G0TCy+oP z2Rs@`0}`#SV5ILV2rihE&}CF@rRS0P zQ+fTaV2a^JhZS;kVe_kz!Jt0#+m9302fpV ziZV}NqCWYI9NRIZV%n%gTieKS9E8ABzgxYV&&n&iolXsFxt66nUqmC;DVGl%FW$4k{98%)~fC+>v~<5`|q z2&I><-QFu}l9DdAVl6fIjyhGjo@}7cO2!{=P`Ph{vk#G2$o%7O9F2fV(|30nEvM>o zo%onJtkn}tXiAi$k;J<YseKEmh@igOYO!Lf{NQeidMs|MEn7M>`tX^${nmx?ut-#6*x z8XsuSv|i;F8K9Uf>lRG4=`&d7tfC_+uYG^I4yKX|Xvak_3*;uh4>g8}K0Awdk!K1> zjWX;0|8Pju4yqiq>!0PSn!#E&@G;KX^gJ|MW3V7EP({fLaE46+nWBV)_R8e$|%WM31;^0oWg!`O-s zzB3qO$xbGG?Q4vXlD!zq`{;dt@0-4^cm8;;>$#riKG*%+=iF!RbI#|S!|D1WfeVlw zdRJv2*@VXORr5^+0CWbRXkAzYDpX}#SX)lBdLb^~<6Q@eY-7zool|y(Fp7Af(-o6I zd?3k#rzMXcE4+cUwMbEKepR3iSZf~vN1zX%P%@UfrufcMds30)4i^p+Lm5QwgCDU8 zu*d>XL$Pq~g7}hcPENHol?$f0k|I9*+?<&AAV!ZJO5aQpCYm-4t4n9VI;N7yqc_WKDB#9_vf{} z29r_kc52(03ArSE>^$dknLZlPS@&mB%&&luPCrH0i;lT?1ir)q2m~3gh`Yr4!+dq2 z^>C}Fbub35u!pROhh*P_L2pAAYJSQ?6c~1{nfP9q?r%u7p5Bm++Ge11U<&7eTd{R7 zF{1u{N}Su;?oeOR?Aw zU;JA%>p!6_owB1Z!Bi0Wjcxk;!BR5hXk~1AvTA`$-OyWu-%suT8yO#9;*-=KwvvC5 zMLERe8rPIn7uvlfk_lJmQ=AM>p0Fb7v30lF=^Bz2rglu>`NQD3|0&FLY&(_#C>=C{ zVx9Zl8W3C%qK?US)(m2EQ3W?n3d+cglba#gKh*;N&rk7dGO^IKSd|?$W>jlE(7nOW zO$|@CgfzRE_cO+3*cB-1vmGZ;yvTiTbBX&&@sdyt(!+MX>v|}w9DrEfS$K4?(A z+D;AJ{oA<8`Bj{C`sLiOjP9T8fWA3pcHho0d6|ZcRtjh!>mq(2HxUlIPzmm&_o8n1lbK<@}REXc{0YFX+HT{FUwJ| zv$L~*rpGuI$Vf@{-;Oq`+n^DVbQ;oF!OopS{^a^xV9{Xi;psUqGrbe(JYH2;V*2%^ z8TqxwuOp@E-YY%jqy~G!&APOno-h5m*5l3L<2c(S_m!C@MZ3|#(g60(-aPK7Q5>bX z4@sU!)~aD(Uo7+bXBjTr!-La2o987MWlm(M+Ap6@Ntsl(vLxk~x;Trp@!*WG%|yG| zUesQrdFL43L>lF2f%YHF8$2p4G7@}n)RHe=5ZNV(UpqTm|DYO3g84ODTk_ly4UjYw zFCl)^lch7im>wf|brFnxu!3v#zR#ts6|Jgo*BPQJMg)LPl{@8LJ6CV`E|vhLhwhm_ zu*UWP=V9{z>%?TSCWm3jXl65gXDdtwop3lkRln78_cj@ag>cWQ&}WqG3ORJQT^yZr zCBEQD9oF=t%YUC;bWqAEv-&uN?ds-_AKiO*Y>4z8=!asHUU}<+Cy= zHw5ZsC-p8-FW0EAZ({6;r2{Uzel5w?^2#g};9IB2e!Hj%&R9mhMD_dKr z6|ClAd2WDr;b5?p{IN-aZ_PBEUls1q=e!^KAhiI0h4sE%5ajBH7g8%n*0zu-f5G3o7H z3m>I&k1Iu51nRQ~d(zi=8$KLzGGX*h(ss0S^YZ$o5&S-ZCd;cM$PwpKe_07i;evLz z2^04V3N~xLVj2#h-?$5c>Ufhw&iEeKk$R&h(8;(e zr4|}z@+1qNPpEgD^#4%iy}P?B?#acIk&z)PE)E+Q7!Z|`dPkWQ6>rwQ{^SQOkz81_ z-KyUksEM?*Nt^6i2{%h7JhSy^oomn3THeC#_(z#0rC=hoKB!fQ*QIGW&0>vMwDkuR z^>XAnktUl)N@5Q$UW9yH8-f8&1MEHp<)zb){^U4ZC!Ic1CR9yrueEir)<%?HU0pr) z4s60jZf~({vwkeYt-V&T+_S+cXkK4bMy8nZWqu`iBkWC}6lXeNI-v`*0NZWm&P5xr zZY;PLi!zj?r_$~b1Iw6~@E$0QUPPc;Y$r+(kKp-^+kZ_2vV<&RNB9Tnxc{wT)WoF>j}Wf6c{l~&EO})jW^_>teMo?rG?0E$su;%A_C;nE0Y!0)!eFS zSDlwc^6M~ly=|(llZfEun?FCE`E3sX3ly}@w912NH%GbZ7p==WBR}$BM^5_-^PNYu zNs~XITz`>Uzd#)4!SJTikp5WDb83xA8Yxhn)%1xWK>_>ex1{S=GQS%UJe{XIze;J4 zOV|a|k~O8BS^h&m9Nr^y3q~|iZOkb8x$hTgeRPIsF4Q=&vV#&E8zNtk`#EczX}1kZ z@RU9#c7Tqdr1r(M#dZ(z51saxfBq)o7KDr)6VZ+k{;F_%8%cr5+(iBQmn!h<(sNS| zUQoS>^Fibka4hD7-GwO1#QRr|lWyFn_SN+rr4h){<1gb`af7>~Vkn*S45c`{Q?E?F z9_Ku!;6Tt4?Z$8@0dH7(`gfJ`-|Hh~Lq4T3{I>BMCwq-;zp3N;OI4LMvEyu~r@&FK zuL^%_a>%6qV|74KcLMno&TKh_5)1w}_0?OCp;1)HcbNWQ#?fssBI4fzZZ)0;9zeXV zX#OF1N4KDL;WH-?q6Z%MetafQ_HS~~j`wUQ5JG^V9dq)${S?Qg>uCIAD82P@?))16 e|9nW$qf-|)B1TA^jiaZ4pXzNbr6PsDg8vJWx(7r6 literal 911303 zcmeEuhg*}+wl1JxiP#BBM@3YcQl&Q)0RaUG5C}y&N$5p7sGz76LArn_MFrv@67jy(-!Vy_>F@3LUDQW19BI3u{Al8!aum8?^FKI!5}lbccRd zq5aa)v(YjBt4v3yLC=0r)}_Dp?>Y>0bT94c4*$CjnD+Vm=RWO4yZhgthd$E(Y4Ib& ze(fVc9}gXrtAF2SHSf1a`#9!&-^h)Q4sh=Gi=Hm&!v$JvM)r>l-3_%K$XGhTg)OX{ zo>&V%g**Sgi%#yT46O*acDLYp3Wqtm$vl<6^sgE+wDRxEBA0mnRmB}Df5}kmA&;t) zt2K|L@J->HmlTfk@bJjFTG`0x-nsYh+i8EvU$S#|ca{+m@$&K#_7W3za|7v8vojcZUmag{B?)FZOJiptuc;e*YE`RCL?*|?H z{8vBS?QQ-%$9sx;QZDt)_OgF|>>hKjrl*BT;O!VzOfBa-hPC>akqa9eWhYLabl{Pjs51uu`hIEhoDI7V28Wg@ z3@u4W*gW4C)Stn(I?yCYcQAH4dIS@u*=*qr-Np}XG4FhNOXy15U*%@Tu+5sb z;gj0RwBN13_Wen0 ztWjzD`t=Uv)NM~*f7vzS`qKqVMgFhE`;A=_6R2~?XDjkViIRY(&p*HT`j-q<6c7OY z$Qy+9i*Aoe;?>s4gaxV)j_%OqznG+ob2O1HypSQ>+3$kQmzoH8@|Y5IGI?<4*``}& zNuG*I`YmR$(a+NlG+P3e>~AK=n_c1Lgo}!bU-M?X8yy{;rM&p_WsO3bnei?DvYP&9 zL%f`&h|l`EU1EG9`86S}PRHBn|GJVM96wFBg80*~#ViKU60vK5FAY2WMpqwlIlb@} ztKn6~=Ya=|$d)Bb_%fyUmcSD~mgUJJlEViiCH z`*_f;_HL0sRXZm)_ubt$Kxl|#6##z7Cve@GaDn?&Il+@t%GhRazzX+5;n^EvE zlrqJ*;wkdijk8!Ui0-MUf|pJB{z~0eW&oNq1`e`M?kX^ZLs( z*oq`e5r}7W|K1zixNK>Frer1d(eXDLR^}gd7QEAXD~Y#{tV@-F+JW~;9_!t3uV61_ z<@C1>W&Hy^>GY*cU)g5x-QCU4Lf%}FkkERqIZ<}YX=hz(e3v>O_qw@!J~f%0V$Z|r zL4gaW5T6mVI~r0WAzdaXzdZ7}7m5q;^?j4PGE&k1((i8@&MQrNuu|i=rM2$8Zhmicd@t56r-pItyE4w=mXVS180J5q#vSm`)Z6+wAXo&qeaLmj z-u8Y3Qz0l32cHF&FAS#PGz{{K@X6_w++A_q-kY1Q18Zr~L}IzH`~2KoRCemq2lJKG zBd#NS3-JP|?I7`P0#qsK6FGSj>%8Hmqj;S%uyfAHe>n#n=3B{x;6y$1s;z4f6~BG0 zLvb%}``2KahPr)u^2?AqoEPk;^xzkv^a{rJhYLYudcr)SH9F0n8(tn*}n-aQQRT%j}@u~d?p~`bOtvrPXBz^JMY!E z%))jvvgsSMNR!AswLBx!wv34|(ebxk=B6xdpGf8GNHn^%Z$8!dKh~xj+)av$L+PWm zT$e&7o8&3|LY!=IgRU)Y%ZVKU+5wBtWzk6(RmbWb-{p}=hzJ}GNBzQNI|*Vy$nej~ z@IWUV;$d5R`@0?}UgI%IkU&_7(O?!8Aq3&;`iR6$*CoFA^3#3zv-5UNUKWdYS*vx} zW@k-g$EJg`&O7#9HXsUKv<=6v~?Pk9d3a^`vyD`$kx--8;{l$A#A4Qvb1=h zki~83IfcsW3r_gLVm>njvUt^2b(Fq*`!!;GuDB!i=esj~82B69f`B-WY4Q4Fqz{)1 z?*apJyuid`jh!k(mgS4KsX_=)iXa4h9j5>N?-ojpW}(*Qpf<1fEfj|oy+{xm)G>-> zLROYu(xXa?=N`)eHTxt(Kf;FG4R~%{8@bEf$-g1bfX1ZK|OvF<^7OZI4fC z=jYn;*U?BU+AluekWU^9Tv&w?vA8okGX#f0im7|~V>`YT5K9i<=RLddY4?ix!_9a2+Sa-Q=rK+RtA++oxKf;@GwTQOL23F)0Il88dWF; z^{k^;Ga8EQmd;i#cy8wJZL@CvVpX^tsj&PJkWI)l;>W9yQfps@)+<)5_%1iGqk4dy zcu!gN=4OGC8)ZXnZ=Ck6(!P*?1GZwdAmESUNh2}6eK0kgz*up*JHMv_v$;dB-jfTd z9?G>OSLz&hLy`-S@$7(Lvp3J~3Ix>uO3urG+kJ^=5r~5VrVHj2f8_O)YF^=&GVp}? zH|bZJI@jKHt><@gtwn^hgx}*+f3C-Am=7~6gc?%qjadovWSWw`6Br5%XDX#9Xb_)) z5hzZ=O^MU@yJv=hto)M$446=-jQW@0@>!kMX7j&L+;5_e~Jd~cU~2WFzt>`T^!sTTKzrnQCWp~{hK=Xia@*h|tW zlXyF{w|feU@5Fg6ykGF21oo9%Qpf!7W|raz-U;gY?Uhwk_RFSdYs{`?Y^CQOkl_?F z^LK&Sv^a5pI6UR$%ap<~1aw=j)^l}b3K4wW_$JoNtP(a<^aurXWN5Ss(| z2XywRaf>Cp7+W|}2Nqi>EnO}gM8?k$_BIIl4$0H6P~*m9?S+;|j}r7dR9s>}OAItp_~n;z;1 z_HyXD%MT%qO+A#6=+{*vp*rPjfrZ5@D#}3D)`{ies>w=Hbe%?E##2kry5h7 zcngqsVfW6-VA%WpKc(pm7WuYF?VEvphlVEl;4;>ajPCu4Pp-b&Hys?6K_S(^x55dE z2EX^{mbm=)vh&+H8FnOFfWzLZ&fcBpgB^Au4!P&;hqn?t{O&32ZHjykLS<4({M<2J zI*O2c=x73h0do@%b%NEBGl{@HmB#=fLVn;QuD~h!>jDB^vx8L&%aj)166O;9TB0|` z(UBTliDHw?vp~UtM~&;styfx563aATJl@W&INV<7TbgS~ExKWba|{ej``|KR{F7&)OCM+u_l&&H!l2A` zg2W3E-y!{(q}*9vCl5ER4<|_6zN;3K?jv{Ozk5$sH$o`-kV(o?BbV#!RsO42rz`ug zEuY9pRpB}9PB)=~Q<0J07YnH${%WR|M3m?__Bs+S{(&n(=E2$MJHpqIQMRc8x}=k* zT4b1IalW6xWaG(a8nRjW`HeKxaMSDYA<|3ktys`VDBl;}Z2jXpI=qm(D9~zEh0Al$ z$%XjM6;_AYQUB#_H=ULlz4rH$sXIuFELU^`m<7gy%&#b_MSdpr^zjDn8ko7o7J2HJ zM!{+q+fztm#zPy}3QAo|MnS>%a9eW5OfHC%=z3 zn5vwA7t!vy*_O{86?f=}6`2?_&gfBy=@c+P#f^=f@2jp>H}%^!Vl^cB)c)Q+jYoUu zk$&1prtc&Z#)1%nHH*Zpz0bSM!*~9+7!t24(aCkCUZA|$Uknv(48X;RNT}~vv}j+^ zG|OgFWZ>95kC2hoHH>Gx{pvHDvWwhc^N7+K|ARE2e)4xj&`W z!By zb=LDB_m8AoAO~ssC?U6_Dh1H=_em38TGj6Cm(Cq2Wc>7!I5!ACIejtlY^TFWdb%L^)pqJf!!#q{unX zyuZ;uJ;Eq>c&#de05|*&BPUU*RLHEAZ{U?=M03yS&4;8B6=RZ9&v!CXNciZsX?qJYa+XC#D_xO#33t3t$X-I^la zBPG=pTf8xp@YI-rCERfPBjp1M%O;kFWAc3Z9{>-AXGx#dfnPv-K>c-1Oy+Lb4#<={ z`4J!a&D?EMbD4RRwroT2EAEKgs^jku0|vd62;%1CbnEGOiAYr#as0rpvcDSsfThz< z^=L$_6yGnpg8{7{HPo~LFzxIH(YC#^n+eW0t5T~Gb$Imq#>U3XoWdskC;U^se_eMQ zr+MfiA}7BK?mr-S^wLcQuDC1kO&B>%%87&`N2^9(ILc89{Lwgm_2O9X;gW4Hl{YD$ zf4;J^&3J`in!xeI&5o#x2g=&0RRcbRyZ0SygF<#ed#Zzjh8RN| z$(K&Js~qiRYdu!TlC~Cb5`AO&m`ig1;s4a3pqeu@f|Q&0!pj5hw)mb>%N?N;7>7qt z_Ew-8!&s%u>dnOC|9S7C4?U3TQ+Z@zf3Wn2uQHm9X)dy-RiApXwX|uH$nu|eeWcOB z+iV8|ILdRAo$(7pYPe2{^g$Q))viYH^hd^3!KdFJoY_}_+rkXT0ywX(Q;vApn=kP_ zm}091@z3#v6%z2mM0~vU-$*AKJS#P$g#yS@ldlh&K5_1cxk3F<*phHqM5W-dBziUe z&de$yz0k(1S01^IeBt`FvT5aPb!P(fSVK9W>TP5sRB0}xUJTZ(=8Th6D+L#g4>cB) zyIeJPB+d5v8V5?tNX&Ex3|JNcF}|~6{9mfG$>h>e_)3I})5hQUmD2>8B>ubW!*Td* zwAG~&Glsrwb=O*3D-(q8bJ1&)X5v@X!;YQ(>DLLkeD2&i>yA_z@7)I0j4uVwHx6Th z9$(h-5(D1zsm<{6GF6iHul8zR9j*N6vE?EeDr@$Vf*J{@dTzhHQzygCY!-QI?qtZf zE2ral@ppSgvY0Pi8IiI8Umsj2N%~h)$|+qD$pKm-1#9a@j7YAV9&crLKMoVW zB?Y9WBu7Wj%(tQZ7bTuF8k6SgBWK%6^D1;{d$_f`m0@^v#+NS-RMMkX*VZ1iiAYNu zJ*%~1$3vj*?sx7r-s5}peAFE+DTO;y%ywZa=2x`qMK+Eo<(=gtC6B2W5bp;5vzJry6M2pq(Cm1sI@&p-ZR zPj6@Jn+ybt6uKozPuqfoqdKW4?F?Z156X27jJ{oL+ zSRi{?_ne*Xq2}i2yN%?9PfE%+-f&YL{md3+e1C^nCTVKeSZaw}E-lIh6&1T#2f97C zva-_jXfu&|k+`<%KHclPYM4gb{$t0?Uq@VYoy4FyqXt9eb#>*=3utg+VWYtvgY@Zf;QH*#|9h3PQ4`T!evmmVYvYgc>eA_rS1!NRE0 zA$+bMUC&tm2r`6c=qql&P2#Nfp1nFvo{be{787b62sE!2G_AN(-zw~F-6h~UVQ*XZ z(W?b76n*}It7S%JX4B?m6)7Z@-E?rc?g`>(1TqEcWlnkl013f3PtBT$U(wdm@=7~l zcN?y3AE5m1?QA7weZ6c4)Ca9~eyCXd2rKalAs70m`TKe8RxA@0uBPi!iqB)*d5( zDr-hRz|5i`zOVb&2T1+$z1Rw%Cm3oAMaX&0Uo!B(xiwxzc5D4CoX|8jegi62G<$B! z@Js1`R{(s1 z%a5j~2djTO%qmRv5WaZPh&V5;_k6~YMnTQ;kH8p3eYsdbweP{`)qV;= z#oe2+;hiYMm|}vuR0hrVw&Is@*=f<8ovt*lug25lCB|uYmvbmajoaU_xkX^CL{G;p z-31KBmY^}s5U-sFsvRdNeaO=sgRuwXs8gAh3Hp20!)Zg~~ySv58r@NZJ z-3J~L~*iky?MdCYpO5v9_ix)IIdwIflGsigrcIDw?VO zEC|iV4Ap^fRcKXAt|iGT{IP%1lqTgNJJl*EtVD>9i5!{M1x| z;YVn2kv^W-@d(~i;l09yoagi)Om#V!K=b89ML)6BkIpCT?sBmbQHI{H0TrK<;u>kb zA839ZH=5@|K)28$uGA7L+688U(9ov&%^n`ICJjXclUW9YmIzK`tIE)xN`HA>6WxjS z98#s0q!W<`FNt-eoJ=u`1B5lYa~M+yxgY!fK*T>Ko0oKZe0H94wl-n=Gyz9Q(ADyv zXO^;2v02zjzM=&#BM{5`N-~7a>Z-&2nXa3?llWxx57Cc8FX3H+UHbW0srgJyMCu94 z6%9>DuS1%V>{N%}OmUIpz;uy5Vbvcj@Vp+}G!ugH)YfpwecWL-e6R3fuVgiH0kQYi zu4UqI8d{y}y;_OS#^z+2hyGV%3@o}R`YZw4m-2B)&P>3IXw9GHG7YI8pTdD<_B*e2DyZ~?EoTfM@9Jj%moWgvr z7qVw%cPG5FqFT8zysfR%1;u8RXMgJNpa=B5%R^zf|o(S9r-_Cgq zpzrL9{P#6UU;H*^(5@4S*;A=q{2^#-!AO2u7+pxeS&Zf9@vDjKRNSE zopNvV$E(oDFt9R5PfhV`4Lz$Vm<7og54>c2^I~U>dlkk*o1kG#5`2JJb0Bk_boVG* zITYMPXV_63_YF>z@fjMFFLIxD%}J5fS$1`ka8KbsCFh)W;>1bpS_sm*n6Vg`0OlbM z4qoCHGR~Z(oYb(j#UW0t+i%FA2&Er;h;qj00t6UO^$13#Iw`vZ2Iik|S-bLHzYkaG@99PHlY!iW|R~L!km7 zjb11&vmEjlc8SC7of2UH2*SawP$ERngLzCD`GCd~{#fsWv)zx>2u3NxdRmy*d^2dd zDUlzX>Af^Gl8V_cOm+EZHT@0lonD}U`K8?#i3fhV^LvH>W)oSGY(|zt1jbfDFJOlq zS>!(=y}2T?m-wM)J=&^6DCUFao@%`@f)>YX0Tykc8(gd8HoIertTvBd>;ZnwA$}`E zXEuc7^2O?-o?*(%oAehI7F(!%iq%TmisTaz+fq}{d1Cs=#7CyGLs$jJ&nHftxNj8j zZjP|tLG}^B^d;5eWy*O(%mS9XxMyX)o-1-~&@hO_xs3XFd#oU$(~>7uAb>!4FeLEf6P`m`3RR$~ z#ko&p+jF1ou-#Nci#~n0Fi?lj%JRv{Nfgo42H%oESr_1ai28up%09U~&Jtt{%)&`c z4FPzD%#|L%Z}l91(&jqgK_r1qYM{za5$*Y!hhWCI-W$&;cFA@)5x^^Q>iP^@!+IAO zLXv=K4<>y-`QopZ+C?DhW_FQ{LkOlUh40(}=Kk&81Mbr}n~YDN9uvACyx~-eCe#@B z_Vy+h#1)Vz9f;J@!s5;PM+*5f_Vm{XVd{Loy?>L!Oc+x7}N>tNS>E z7uxHO?;?$=bZ{_>*N+sq+Z|0#j+u>cA{-xjZ(g)&Kl_B5h={H56iG=*iO%QEr`ho( z5N~oOl(fD^X~;E|xQ$tFVrIK)Yd2mH@&(icr9fkGzz8v7<@a%2x`OLc;ki8 zdCY55gTg$jhs?a`lTo|OBGe;TW1qC7Uo_}CDXAKD+)yBp{KAkr9s~%3b6QHFI6pTU z>le#Of{hg6#jx3#?Ielo`=z)~-UY4r0vTbE*~W$z!G{ikG;N@HhQeQo-0 z?VFj!xT72#bPG^BcXF~UPG)?DVs;q;LVDKP`R^!fZtv}CUTY*J7D1WNb&!6m zi$$J6@GRrkLbRP_dM;xWeydlZm`)6cy*B`5?^-7<0X2w~eLAv@ihU}5?S)I^is^Jz zNQP61H)Sj&WzZKF=an{SD~t}eE^xe$U`qWlTH)635;v!cI;3%<9A*RvG?f#;jaie-@X86TW_?G^8-pK4>PESeBQtg|C|7G*o~ z+20$w;KS`hpG6r|dDNmM^kTKH)6fGEnjM!lvsbZ5XfGsSrl;ngI>}M(CmZS>BCEou zlByl8yf%2Ny(ejRF2GMLpecz1jjL^dKr^rY+QupQz6nmZ?=IP=a`VZlva%!-G-{Jp zSFy4_dr%WraC~5m8mv7lk%J2&O0qNx6!T|eU#7lqpmrfAf?cLPtVh03W z1TF|EKwDj(dn&ACiyYuk2|7Nk`mq48-=>neu9DuMVQ(@|SXda_ z7Pi}9JD|EMVh3Rbi@aAGlg7u#r&X!IriMq#vq`io|AoL*;<>8Cc(eN0pXa?~b&jn% z_C&vu$~MDyHmq#XOHNKWAT6{8bSAH{*M`2pUqMvzDqyl*c00joF)ZAI-t{&I9(oVf zEp>bA>&Ex_zGDw$ILHvK{M_|AcPBxS^QAk3YY)Dy<2qK`R+R=xPKu|vTG(UK{yg$e zY3VvG442jsYjhCqZ@gQ>U<#$m-Mq;YxLvLo#|Qv6Z#*?rZFv5&RAb~zXsNQjqhoa7 z<`y9%j z4c6P`pH@>g&+NH}&74Wg6)mRzpVm(D*aN$x?C;4q z&t_{@$fY+xp|~U5em_F0<4s%>D;DeAiqz_fd98x18sP7@{}=fLrk58B<@U;B3ZtOy*&|jO=VR2dKmNXYS2}h@A>pALg#Bo9ntkB;1p>!%4-?TdW9r0hxYF)!+7VDcV-p3Xi-uwZtnQy*EcS5aYd)j zYp3XalI=*zZ@ltK=hL}&Ij6UWUEmMcFN+Bn)0{nPoq>}VIXPoHi=?AtVzO5_<9DdZ zR!{AIgp^rZ$40+PyngOcCHLC=94uxX18iy&h^njmmE+6Nb!&aD@A}GwNL*pzBYRk{ zfHLcs#))yq=)dpHzf~eWGFJVMN+_F)3UF{-jJv}8tnr(QYllBY)6*vOga10tsSqXpNfOCu?c7waUyiPN1~f>@@(uXMCvR z9`gK2`@4vckL5=N`fLxFwK?#C-MbAQ6&LHh8Zi> z+tL85E?TC;@Ac$mZnf{2?y|KAhO0X3~Q)D3tYZ@l8+64ykmz0Ubb-B(9)GCt7oU&Wu?gKf&XP z388`O7wriVZxuO~uOcTBw^7=KWc z*{vw^@aV)up%#M=f{8Ns@E0Ud2Zd8LZvJjsF^%*E=g+>8 zXF6UZ_CrsQNys`Wp1TcvU{3bv$H;5#BG+6AO-3aPSK7@`}fKYLWez{bEdNV6j+WGq}ge+B$r^M8*b%Xhj3tE)y>i*OS$- z5yp>AX4co%)*ND;JX>|^?Vw%#y=8=u&gp3*BEGykMeOE}Nd`~ER!X&b*oUHdm=W3m zGPjlFY}}Kt&rI6&*wQyKnP+(73&Ny23-(9Im)eV0{3RTC`jzVM?f1X4y~is81`I{| z(a;AI6~c$*O}s3O(+DcRXgNKb%X?eV;`p8>oxp%JP_}1N_U?w5?q_()9vQkPoc*Cl zo6CEQ*J~Ce;kT7zYsbU(9*Z5A?{A<{Sw+?@*6}EHm<7sAAjWI1m)98M7?<_!YEw&F z^6~8Kj-fgeL^L{xmhQ_Ze4-5>*Tf5-?57d3qlZoS3c_uXiEtPWm10XzUWeynoBNW8 zjGejq6&|=!T(b$_DZDtSoTNYG7(>r&$|@|QuGrD(>)4~@`vYAYaYwfyd(@Z_6;49% zZnUQud!*?Qc9E_lXkJqL!mCTe|nreefvn zFk=;P9UQemq#jo9F6hkW-tdq&ajMoKjECQ|OfN+4L6bw$XeV(*Z{EI=o$8G-uEyl& z>wNR|&Fs+cSjXm?0Pa9G^HO7Spv=b3u%7yriS`&zNi)IBmTB@kue--F7U z%>kxlKPO?(PpE!*6ZjU4de7q|s1{1;!()a*8YR^LPF-DMkZW)X%uJf?K26a=(3UbN zBth1{|2$j--dMh=E!+krry*7Pp8cX_$l%P&bL{go?ARShX4OumP%-$3qpNEX;t6KB zR15Kz%q94hi{nC+bqk>^iU?LBVXJLw{ze1Pa;EL*^Kk@Yj>ePzo(I+`4U712f^Kn+UoQG){Q0LUZNQZ z9U966X&I-nxwNomt6F4Y!YgzQ#2_(e2UhY6NWOSS}lT{OcFW6JFMoTPvhsfWJ@|!OX zoSW|;D(`jVb458I*U^iexv+)6VFjb2r(u4ppSj~t`3*nEia=7I{<<~2un^gKiNgLQ3b`#!7qTuV@(9;%Hfrergh}WHQ-PzeL`L{H*ShG^PIy zq->_k!3HtoF@n~NkvNP`J91K-maA_f?M=SuNFH!O%=K*c?tIIItvyK+C3#DRqCb5{REb%AnDaWNm?<5Rb<%V@{1&L({YO@H_@d;S!rbjp7@fA?h4U!a=O z2f&rqoV@h&Jnh_~T?b%d_cT2~^xqr`2x-FW%g)A^2Y(~<2wkvzjxaEM!-HS^L_1z% zkRC1p>&XUHvH>9cCKrfVv1O%xR2w)B22V$3E|m$&+vnU_`>2&{8r$9dc)II!Y1tP; z5Xx}8t~Ff5>HT_yWX`p;%WjkHv0GdIonJ;=!464zw4jca9Zv<6BHUMD9fPQ9Yi{n` znZ05}m>HcVC(BuQL%2~XJh*-{NTzd6LnUIZcdIV zFL;{J2HLX)I0*J|ba22T3Ye!q$jE}%e9lFuq>O^)jD78(?^5F8(k)M6a|cY27qm4s z2{$nY3pXU=&|a8s{5NL1YfwtzLqr%E3|dM~GaLKnQd=}HMhXsAFz}uu;Jau{?JvTt zyO+mnbO8nmo}J-<5N=<-+!9X89?36{j{}t*pQL52dUiaK(Yix2&USd!-`kx*xjB;> zzgcjAj{i7QM_XaE?3Bcv?K0nkHBfep;|3iUAmqvymWPsg;-PuY1!v$-}e#Y;*g zn*&&Pzp1D~pTlMcP(x*d$jRh{gsEqi2v71)bO6~F!&C~=f~9AoV+MzOYLMI}V3Rp~ zC3@C|bHm|Z&t~;W*ZC){NlE^_u>*K-3P(Uc{h}+H+KwG86 zJF=LuUhlUay?!0qp)f$~K!VH>M7L0v!$@doCANLB0Me$z5IHMW zNR>2WCzz6MOCCv1=Cnnosrs1EkO^E>{)&)L8|q1Kay}%DuJ`<3XsY0ibF{6k+P3-a z!PfTqY{Bs2@Nsj%8F)40+w~qKl!9HaXHx)QaL}(zg3bT|f;F>Qud9nzl&8h-e(=&3^E)>py#r!-Ghl^Kj| zZ7GQYx3xQrgoc@4dQ?Li@1=0yZ|GSr2(6-dZevhRa{*5b+$O;d`2mvtd$knTDGIQF zYdh?uIGnoEQF+Qtb{=hclFMm}N{A>uV=CLoF0$U0b{ZiXAhhlOdBv1Ew>HZ8WbXw^ zElT-Ej~9MaYfFR+wPim*k&px}cg9G#Hdx zdn(dcZJ%X{C{eseS(3?3C!qVxNpeDUNy0hG|hz)N2G@IK+1WqK5>uTWFP zlK0r*?ZPS=UdUikxzr*kj`eeLb*0=0DU@&D*oX)yu748XMXU z(x07>O0XR><0H3~&!X9G=f>86Smu!Q9LBu8^U8?(r;2;?feA%zbo6OVHTm$D-U<1f zH3EO@^2JLuN==pPeCa`$u7b>vbWFS9*}4p`IxT)0nN>}1_IOBZN--ZkueT#8&QLwgJwMz1Y4}xEEoemc))@~AM+hXP-(vwH znq5)Hhyw=A=aI-@bpueVOL`Gwi-OrRYQ?5f@%b^9`!~N33cICEB_+b{eWD#J{v_Pw z;J)EZQt%~B25gYR;`wV1PG#@+f~GV^*FUbY|1;Rfp`j$;zH|L-&!SY6TSSJ?M#0+$ z8Q*{0$<1h$)_G>%5PklYgLCpHGxe=l!2pQJM!#D}j9a^mnv9IB36I>(+dOI2({9Vt z?21D2mGbimA3-}{d~!_8<#>~)IpWcDK95A50+r6rU#Eq+#UQ|-4`(X_YSai|F1NW&Ce zxfaZ-qv^D)`_(Plc`YsVb7@SYBkwF&1Jp`x+y)78x+Bw(D%dQW;JKk8p3k2zM<<+r zUm$b$l0~eB^GG4ULt+;F`U&6-xw2!@D=s)l;c_Lu426Srd`C?)wwo5fsE628s3qf) z?0+#UN`ACNutv&?wdcMtYHl63OGGh6o_l0G=cUr=Al#j6j$G~e;o@N(@s`i#l?Xg> z zb5U&|jdp&xqb=l~GNWl()hEx`L!s|zo?+AX z*698Ze#f9k`_m^$Y<1^;9y53Z0ZBIMYm&;3v2p!Q1-CVM`0z@O{YB9qL;UjcDZ)qF zf8K)iufBaSO`eWRA5n%ka01>&F0nrE`WtVm{gAe-&#l%v8y}25jPEp5f+PH`JxdNK z)xi)t;&@G*=X#EX{lY0t@AatuB^}!^r#bral_d+KfM#iMlgy2s=g*12Ex#}a%`s!z zc_Y735p&{9KLdlZ%tC&j4 z%QxA+da5Teq5GuEX*p#r*a+7j9s%0g>MpaFY^`Z2Ps1Z4ysSXm=?kP%r%un#Y0<#i zvj+4qmbyfJ3E^%yyiep!ykPv>w}Px(2B03SXTO$~uXR&2i*Oz{ez?@^xdo#l_L$2- z$o-%D%G)y^kMzIwe%ya;Up*GJk3NOAI<#28xj#%%?3rhwyib(&;I0p3S=1y9w_8q) ze=jO;5-pW`wEJu3!L--idLmO_cH``%rKRQa;2YtdMXwyDB;)bd6thdr%*@2)+fDjq z;M_R~IVEA**i|c~6zz*&K*3jDfyh-`Gd_J7vc5rEa%$@J@Ni#b^zH zEX(LdzryhM^z;dfIQi9v+mqAD9RC+yj0V4kY+G9QO@6Q?u%O^!e6mMu&Y`5$`Tn2j zkhg1Qy!B=uabJJ#+EA-q?aCA=4~?PcFrwtOhn}g ztb}=Tr{>C#X9=`p1gnA~`Obtds9ev5dLkEbz0ulZ#;O)B_#kbY8XtEAIyKuya9vnh zy2b3+V;s3aa4roPa%6VYgFJ;ox4_h?)wd_S-ZFl(x1Scxf?hLr<_f=)QJymxQkj#( zw(bCMAUQSmK^J7U9sVN&n}#sHR?{+jw-qgI{+w)!RT7jtZx82=N>*6oHL8Lo-nm4} zEEqqzxvnRouA>((E-!V}h><-r|MMe92a)&2dt0!k2h86U_r9pEQ`9o=A)d+NK7mJ) zuT2x1H|EoJ3{lwS9a_$g{ql}%;3s6b8)O`z_;DnEFcTtXiZL8c9)1Sb^bi`xsNefs zc&9hNHqT6TwXo1|3JRrwTPEAvC6NpwZPK>MrNZ$mZzG?MkT}WC*#jI3x zn)Id8ou_vOSLUx=Jg#;B9yn>PzkGl(jYR^zJes!sQ21#_2%C9UlURowIXBqX$LER` z0z&&=E0Sudo4f_IQ-oEaC6yiqUfH``eD?#*@~QqB4<5WfmSS5vU%F24gndR0L2Kb4 zP=qhMr`8+11pPmJy>(n$Th}d2DHLdm7bz~K6bN42-AaK%A-KD{HCS|s5(0McniM{{N9%v~=2aDdBnLZuO)r!O!PNgeNKUVE4v#V*AOplPv74U{4sBZm% z*S|^iNf+#$X4Idm@&@ebUrdt}lR#lkczAZwj@nndoto=uRc^LWs^Rv1`DJ9xm4D^L zu{GsXY~TUMO4RYgqtDm^dW4_m&a?*`H9Qp(#%r9CKCu)&*ymQ>3E3$x=DC!H+CE zDdB}$!mmUrH>&N?l~p(6^d9$p(P{VW6S4@|Z!J?D8mdGf;o|^LbJY1&_<_EuD``o| z^6yGQ=hiq+iR+_g=tXb8Oa`uZ<$QqFDklTAi-;he|61QNsDyGy=DSnt^WQ8&m0oMI zc2j?IZp#@&^O@34dgT^RI8;W1oyqe#oGELV~cblkS zH&q+kcWr^%Z(7}gwh6z0ZtYPwXum=GAEl->g@gt(Tqic<{rfhNW0tOr!u~bR%8Bjm z>)Kz7Kg7yP+4B5AJbUrJ&0<%cz_cfqJH`glfBxFV0L!P4DJk5su* zz9&H1S27D(t}$gZ>&+cvY~998YYG+4EbhFlDRwlwS4XntR_d8cwl5BFdp^Bi)PDbO z@QEo1ZMpGwdh<`)k(CZ2Xv9>cMIs;|GCBS|(jD&#s*&n8yOa>^`Xt(f&%&xT(yJe1 zi;Lv792^$SfQI#&uqyq93{%eB?3^0Sh8ou<$}VEcBiKJL;x-U41=4y{&`>*|sQ7{Oc3uo0=wTzAxOW;T%n+=YIILnjAGs<_IKI`^v1OIq8e&4%zk-wI8N1OTE z-*;jq1g>z81?{9>%dWjYsfwDlw@NHDcTSUL5801AGA@pm%h4>V`Dwp7A~6xq8QOfo zv3@bGzdfXW)=s=YHOX?W=cFeb7COwNl@!BcX?mFwNnrPF*gEd4d6b?j?YBt&`#iwF zT0;{H1l_1{`M=*2qh3+rH?=qW;*g`*qH=*Rb87jSoR(I^*VmV#x%6`^ojNr<{4E~h zw($*Nxa|<{JQQl1W#+X^VUDD%1a>1hhoaYuFy^Z2Q>oYnz`wEopMQzikneFU9k%kj zbq=ajDbY;b3EZJmj8dQ-24f2f^waA1+Bi=tN&A(R3hyQZm-qIlZ)duTW1yV#vL;=4 ztp>UB@hj$2BJ972Cp68!T$PvH3CMplXO9+bxKH3~L5sv=F0mY6D)hD{6>uP_m8;s{W zaxD%c5=Ij9qQSFP(oJnR(kl=9JltkFVa8tcIP z+1RhhB9_Yw>&4Ixc7CZOz}MU^ z$8`{mk@dDT@${4jw28(3MIwBWeZ6B1J-|!Ty{Xfptjhb4;64!=Obw<>8Rm}WkFql> z`r&OI3PW&Shx9fz)-RfJ4JAeSIMzFw$MM*6slyNkc&7x-P8`qElF!xM%eIy|s=GDS zwv3E~--Sup*aVtJ5UD=jSEWCOh?Z`fB=IP@D()H^ml1ZKEEZe3OSH^Y$u#5KH{ucz zO}QfPGKVdu-K&q9s`{Hxr#@}Bg}%ebPkJD{ZQrteQ$3jf$FBWPUNxBk_Nnk7xtUA* z$QS<)Th$6JTB&T$FLC_6>mJJD<}ZpRDx1H+wA|$-yGih2%F4=k47Z!7-Ncg)qnmWX zoHsSQ+XTbY*m?STS^G-9fYw6lS;4RLXcZoFN5iau!-J-=@v+X57u6|-KNG(3sA%0c zU8_?mxu1}qZD7juAQV5Pr^b=0Rv(6EWC->S4A{M}WG8UYR&j8E6#EbWj)7VgC(~YY zP)|AGFy(f#YbsFVdnEV$05jBa&u!o291_+Y8ukr|vhKdZ6+%Be*oC;O7KstHQGTud z^Bk#fNZlS9)VJD}d;mCo#NfM%ubP@A-{#C!eyXo*%}h?xDydn=C@4<$0EYSKV`5@3 zCeY^En&_W;<0u4#ns8F@Q#Q76dc2qV&1MfA=i21%jhow2D|k@nbz1Ym*!Pc+bsfzs z<$Yt?4ENT@2;9|)rtgY9?}z4?%0}|8%IJX zuQV20p506jg)PQ8xzMh%=d)nzhVx->}Kw)UPttZ zb`F(N8XBz=;5m+fyZf!_+u5=|lVbl_*8yzL7PEwp=fCT(Xz`7(*tp0jC=zlKK80NR ziwYmN;3cpvl=(LvEBSYUMX*ilp~wBlgyfv6c-^i0@yU(&Y(-pfeR><+6@I(;5=Q=*-zOrK!AUnC$T zv~SJxxxxOfl4qLqO?-YE%A}7frh3aH)$eC#CV*J_`e(Dl?yZmde)|2fQu$5KUG89Y zY@pg&R|OyD(hV!*+OUh-`ta@^wQ|q)APVX>D@x{*kEK;5y^tf% zn1D2cwAPiwP2B}ru3VGY=nJlzjxgCIZ6wPV&WfI6JEdZ4?=6gsB1_yZ3&tiE-ansS zmh@(HN-b(SlrG2gm)v+LOi%PUTGS6dZoa4=GI(r!Olp4owPYy!bVvWJwnYy*cxsrj z|C6Twrvw3=^$EM; zY2^Di>-Kp`p`&^Z>DbFh_KFr3Tp%u6>o67Hp?wvU41o0R0Cuok2LNRCx=o!;43X()K0_h*RGY3Od_m>?h;2$`;<1bn@YV^(;AeEJd0;LDLjj#ZV3=l-$M%JG;8`83zO$`+>v?Pi6fsWflmo2jbE zVXLZ&Xy{F)N<&^=k583c(OOlX?fl%_++_l2hiHCFVXA>{qgrtfdqTtR^#00j_Io1vjPvh7GE@0c-doS_!4hKPpwwKb+j?YZ(KIM`q9oi??wysxXP+cVP zW6$%+;u<<%difC^&b7i(^G9&VMg1f8je&t)o#f5c)fXP#tNPT0gv~8WgjsOeZz}YE z(Vqby$`TFRvVViA03llH8eh;@;&5ze>zW#F-&zq`=h9nhP{}V!*`DH5ueGV#FkQLaqz4OZ4X2f8&u8Ox9AN;IOB$~*nTl!CiEEyT zZu^v;1ip@cg?4!J(6Q6e(8LWdT}VvdO~Eg$XWCqGZ1>2^@Z=xHl|(})`Wf>;hQ0;n z>^j?0h?hP_(uOHu; zb?rs@b?;P>YNd&Dz9MI?%r|evXr<3SO@_(Vv7bIo)dvoTxgBuM=6-8doJ~%OW4km% zaXGN;B2 zBuQhDgt+hT^{B<0I78jq)&44F{Y-H449|Qd(0YI~|P6x-w z;p>5=%`(`G(o$=>16NE(i|*LmVFn*)G}J2wGmgVVBV&4Yj)(sQ3s3CLh&b zqog9Rd>>NyDj~;9$m{@H&&QYW>(&#NIMvcgj7h&gu<7FqigdVW4-8pYNq(fiU+lEO z9n@PbSDOCuJ6YI!aTrDWP&1ZlKJTcj$`Rpv;LkDVICGy#D(@jI8l~}RO|V3e`$IyJ zJdV7!TttnpM(GMo89$JYE@!jfJ%<>ZK2wJ8(Ytd^4_jo>L3xWe<8gk~-X8cB0e+;; zKEQ5&kZrup5?hwH`xCM@BUXOCNV@COt>Nw(z)()anS;>n2E7~=#XJf$(`0OdjuQJtE>h3im@m5aOUmXqt8_NG zzIPzr-DEzOk)%j9Kh-5Kxtz1u*f?NoTVF|6TNf@Ga6FmNWqKC5l5(~++J5^6uWoy( zpZtuBjnZf|b0U-%PaCy5g{Q06;SAEqY!(aQPyq(5raHDxYX-&x92<#J-R#y6_IILW zc&p}y+H6Hc;8S|n?39(M2AiI!UG{pr^=D($@g3v5ZF`b~(3;sS=Q@hZ06Xk%4Cy$k zFztI+;iGDR8>n6TH5OIOK_ zN$NdC>->vGR?ps{zUH4GWO7R9j)v*Ct=UU$rE8^;1nA?#Df&089`NE_ZezV2jZxBQ z&#=M`YAdK&K)1VYL@gI_r3$K8-*^GzUz<5Ycpv=Eusqwbe1K~}4sk*J2Lfu0A8fK3 z_s)d;@Cs|R>^FNXc(_-ASR7|7$t`?YH{MHQZoo9hC!aMkE*j<_Vo}7d4-y7X3HD&6 zKX=sM+iT<-QXagO5~1>8+#g%+DgvehqbBMSbw}Xo>4}Vca$5Ds;aPeVt%w9haK_VA zKeqH~aFuJ*=f=lo1i}e%+hnuA>2r*ZuPiQJ0&>Dj1m=6VxVe6sKIQ1Dj&ji>F@snv9Gv1ve0=mg4A#Hm?n1o&~Zu1x~x(7llQz4NQaEWCdCO6CO<(0^mcQ7z2D*&t>eIqMq67l z7r@6KDXAZOT%5SpcY#E`kNq@t$)XE3hU#Wv-4}rFX#~w7u%Yq z9T*O?MP6uorVZ~{Znm0dA;ZtaSFM-QP zrFnKec31eOOg68LjH-QK$vlKnu<3eSo20H_nURFiv{Ud zD)srlk;{%47Ojs&Z*6!M=fsxdhD7xAxZxr!yEW438vw8Owq}RWh z>R=1EOpKH|lSoMkr;LE-ss__&VkbhOqfCF4wG!(P2n24`u?65Ft)lBIStTzD2#E%A zsa{|*nncJVV8F>D4wNeJ$Re2+7f|Jv>2_C4TKa=(W6NkX+1UEqu-1~A-C+prFFr|8Eh;xr_bH0+U`on6n{(W}U? zb-4-@l5qNWNHT(U7qYLQ&M=1OIMcvC6SRVE5A5Dp4{tkhj z7Q!%7G1AeIi9=+&isEC99qX!)nhe@)LLkbnoG2nYijIv5`1t0!=_BT5>l}(T7b#i0%3E^}k^L!J{M~RN z(b07oUYghrG)2-kqv_Zh5%4p1Uu z-c@~grR$wHWq#P8Ral@@bSDIN?tBdHuy#rj0r8z?8S5+}PB9xKOWSTW2+xD;z=u`S zwcoCoApSmgd#0B1X-$tE;7^HwAQhUN0!-B%#lHAu+iPF)>NY>9UX9dOc`$TXp!V>m^O+Q~2DXy>`Qm*W*x|@nEq0 z``ALnU|MU{(Kx)Vw1fnSS><`qr!QF@9aRe9&FTwph2Vsr!g%jI9v&Wc+=;*US)}ne z4`KD!u(2wP_U3-xK7B`f=uuUY`2&;3YFS-p_3o5XQ;r+3IM6u5{vK%wi)+~XagZz)scwENbBrlls&g^ za2EXu32<@ybX#?J_=G+9K(_98z1=z#?#EzM`RAv{+NRM@9=e}|8r|Tw`ebHE6f_S$>M*XwYEH!HvJ%v*(!ii<72>+x{(wSSC73q}wj zAy_9wN)rIdeE$5ldU!k4Jp%MWOhl~ub^i}%i%>#7jWb=|TI<^Qet%`~-i5p|UVZ4% zbT!{`H|3%yUvBnSu-w0eSt~R|P}mi*cVLy|pY+c2Q3ggal7j>OlNCQ7`d7uLCmNs2 z4X08wu(F)GfO5hv!Mbf;&7O~lg_)XHjhhe2UfWR=0_wXi*goO|Q4YZc)b{eXUZ1f6 z&S(}5VAzgH8zZOpgl-+U0emVgI%Gi6vL<~grg|zm-JkSg3&UhbJCE1P-D~>q;vz`N z2s>1sJ+y}0KRuqEWB9IgD0W#BShA)q-eZr!SZErE=74tFEswAp)MLP_)JQGvNJH0te9SBNe3Tpl~hPfoG2OrFc}(YVq&7tjs5+x z*1!Je&z~2I8J6r{jzD+DyE=7SbNI>!beWWCPQgV6>!6LtKw5)G(EIbqrXrQ9$flbI z0L0_seK1$o6@Dmr!$vnT6&aJ)({Vm!NBL}jcN$&8idiDVDF}ToDl&2>Dr|XsrlosS z(ang&(3Oag$plVBv~w&Iby=p_`i)j;-_Q`YCvCh>=YC0}S64{d`}NuzKamM?_F&yt z?j#w`Ag8xQcju^g;LX<%1ET(;K%rTc%G6E~$dTR)+r>E+yXh3iQkFa%b5OJB7WUlr zqaz^SG41I=mY+xUR&*5lSII208K+a-pWaD@SKDskwkwU6Y6}^69@F$rcdKq04*MH% z6lVtOyH>qKb-dU?7cO`LLBV|@UiT(hDw4giox|-I8m7s0U&}p4h!J6aINxq0A8akt zay^L7*WqY9$fc;e|DKf*6Ok8wreQZPs9bUFWyyQGayuP8XCi4a>Sy6>J#Yotz{~to>e?&_yIb13m9^ z^it9@YrTDAsz~|^oie1>_bIwAL#aGT58uJN@Q_dHr7KbntNVi1K*)kaKQd5wC?|qo z7*o+cKfm{r;}O0ckLo5FD{$<2CgcRFl)jvAxeK?F{#;|a+18h;mCoGBe|C-ZMa37T zOtlLHp|p=(A69RbV_DFu+l^A_fL{an%-pwjb3t|k+Bg+QI+JF1j_n7koiPWCj*F6P z%QlpNIw7hw5$z6s_5QWBMaLz{=|wAM5nJ9Fn;}$9X7U?9rGb&5~8yaA-U37&j=VMa^ zD~9U*U!f9_fno1&ym@Jl?1FZl5RP!r(ZK$Jp;1g)r^u_=*h{5-g$4jiO6;CibPa2H z&>Khl^EKQ;0VZr{tWtIg(d(BI>(e`0)&9Bmivz6sp;d4$Xpx!C%1j#-8&TW5*4{MG zzudZvaqXzpo6uy7q2r4ns9wotxYMSg2&Z5XMKB<9ysiMVCb?nNb3DWxXXN z>?PA<0o29bTYzHPISEinT6A!+XRX+R*~b#z83Sci%?{WdXo>iDP_SF36ofx-esHKy z>6@x+Dq^%EOkOY|QQcp1xlg(1#7P@#a9oN$h>){BxZ+AUYJ5iDo2{T!w_5s)K6A=| zNQB|>F}VC>1VOE8oix~c>2ae14*up2UQVLSnkvMPVMX{?0JP{%^}a@I{|Ejk#a#A>iEUDS1Y)=}F)Kb|Gj!QqV~p1{H=Rl?50X#%qwAyzbu{GK|Mv zdO8smCi(2;1$)Cxl|W2nwd%)hl05+9;ECcmRth8LDn|^=lnOl0mWg+T^oDT2Un6cf z&rRq6%<7fmeiNEM1->26U)1@sOTjhkAL=Xwi`Gq&`05fd`{Lpgr0_8TP3SV(c-*)z z8WYs<=+&8qhz` zjnLZ}OOlw1BtyhZacu%yY(WxWsP^V{=XP2^=K)mj47SCy+&~>^=yJHG0z59I6k6{u z^`u&<%pPkT2J!9=Dr7(#O$lo1+_bABXK1E`-_bM~L(w+0e4xc1+TxVe*IXZ1Q)%^Z zM!ia!4Zbw0bY&|Fe?zP(eeH{{iKvYRX2g-j4uxk!EJCv&jm-Fd@Z$!76#e!TXPQO; z=so(F*OOWfyIxPJ@E1H^oi&Eyq!wXvPdUv$|6x?V;k4*M}Ax{(>j}J63kLC zTnSwGVIWU0eFSuqXfW&vfO*XpgB<-GdfJ29UY4b;lc?FeQJo0jzS-x^SMK5={Yl(? zQM86Y*rv~$m6dbq!eXumnEi#Vv;e+C2`_t%MdBgDk2z+_MH)jp}A!?&G`=D zCJ4>4u#7S8fgQrY3t*6G!P_P-yes(iYsSaU14I!Qr_{s#6X<{8j~>!sg=5**wh**h zCiGb|m^re>Wm|thggJI*du3xNjiZ%Y6Mw^Lf&!KPgz;l@1hFW8{lnv9jpik{=66ux zRgAOu-AS!a`KZOk3w?+1akaame@ExJD38}IhZ0KtivIv}%L_6X>zA={^RFvFHv@)% z`6xu};t=4Jvy+QB4M{ps^Qodn{BXXSUOLGw(M;^kWN@(gr)?iYeegleDH)oN@Uz7zMExwI|`o{k<*TK8IjM9mx7!e9od_ONisTG;f2;8 z2tlgT$JpS0j>OrjQw#`9vLyKaQro)DUt~w7v+6XTpnlw+r<4Gis)QpiGt-x9l_Ma= zwl-gOdZfrl)nV%(%3?Vv$By+CN5dYyViY5iwlWT>sVL?4-d|X4_X~iTT9~kg6GpVz zq3K`+WsW7AXn!LjAK%hMh^gNlE!4(I-mHZW6$km-Y>lq31d!6vam~ew=bB zVkY`!LmNWQif&SQUDjK;QZ4P+Gy--%dd#{y%*32U(?x3`kBsKR8Wq7?RdlwSMnZ(u zgqMkjIR{5)D6d$mSeS^l2t(dtjEB@IN)Ja>+fXXQgA@XKCS&4J3-i;)e*TiiVfpg(>iVe zDoAX$C+sR6JY^`}&C%^xsT}vOdcP9&#m({9KY#_zQjP>5@lSb(%Xh)j=wxWv9@>+Q z0q?Hxt!Dv05s(DwgweBFT1d(Y+nI!kR3lK@XyD}ELyGi%`j~2U!aGY!N%kbDU$niR zlti}MH+LMx4Hda-J0C7H-6TU-FCCs7RENuq4JK=9TcnR9Ry`zbC1ml=<%I0~7}1?W zXw4}bEk~;~EJLL8k;W(G7dS9md;GxHcXn~HX0Dj5MN=}V6xAFdqT7M!%R&`N+>NtE zoxQ{=8F|1rLvO?u=`5DELNx1;RCp2u0JP7938|nk*E`&Y+L)gwx>)hgA42wX`1hR( zLJX1)xvubEppYfswzJPq`RL9S&&O62Y`Q18E9u+$n3smKAoZ`nmf`4_(E>U|?K;`v z%ChOM1cX^ovEp@UNf*nrSTi{Lyrc}GO}pM~uAsuw_c6>{2lrN=pGtG_M0-5s&?T=s zp^<#b@~cVqoi{#5kaFNo*NU;M8jB7yH>jsVJs$^>v(1G*bfHE(xi;;E?ltRo9-V27g z$V%mz7D7`iE5t=-sQ+;eD`O8MbUY9)NWMShS7VK<+x8)w(O8!5Zqq$+bbQ6Utqprv z&_)s~xX%BV4N0?}UX~PaZQpQN5dQXdZOWG5S~0t}k95F2hjd0n4CtM6E*ZFZUT!TH1IcyZDO zw`HDcspg31bNZ$%%uv1n__KW~77CxWb=L}hJ>>zx5uIQ{PJxcOlyG>)V)75Mj6;VCcgN$L1<3upg=M|P*|7!JRVJ+wy|>nUWx>^P zKEb^1;92vaW$3u$pOWo&^j7!u_z_mJ%%lF3d=BA{PuMBJqH*HQP@|SPRlhgalalQS z4vAr}_xAw^IL?++*tG?WJE@}FmYMDh1iwjS-WK`wkv^L|jMKNFp)o&Rox!!NUa=!V z{bo>Ut!cV@-VZuRJ(Ucp$6t~gsku%`FmX;@F9i2XXsnJzRZ7BpFbN460(P~W-Pv@rXn(t+F z8Er~NrtU`yeH!zb(oh>)+q|qS|1+EFel$PZrN}j%Q09jOP@|~r!`i`tndE0RnR(lC zPd6zw#UTM9nAes4anEhtLJAf+o6W`PQ8JvK z5DV!XEE=~=7)ZEip{n%X`JR8lm-Gts(xBkL!<{aal#qOg((fXOEG&W#4Df;ED(5}r zW6@JfI)ls6Ee`1WW8{+aKJqN8V}V2x=58q0F=p$H*SP_N2q$esNq8*SJRj)mE2}N= z;@A`or)a)<`>V3Cw&_wT`Y7;YZdI`^DZ@wMLc8&=)qM`c%lr<+>ilw})@z)sG|Y`G z&DK&u<^nuzGcL1XBHPHHVv6i#_;h`1lB@2v1_UiXEPlFI;ebHZU}Q;EdaMs`0~nJy z%-hYZzb9jEk0}70n4H|_Qi3J+_TF%aJLwK}M<$Ht>C>RQBOR^U4K2_4!1#j9g}Y&a z@W%B2z|;R#0^;O+VgF)rR7`ySpELc@v++HQ<1Z`tH`+M;Td0B`);#IdZdmm7_2sO@ zWgt_?Xw?NMUydqmHeX8`PWLjFHTI0QN&ubE*>JlvfgNuyS7+M%8CAc1>paSEl?8!} z3K)Xo)1hPqO{uu&$K~Fhi7^X={E7y$%5EkWtX)A!mt$&Tl4UmWt-s780)f%j*4B0w z!`ZXrN*Jgk1~H>s#qHoB*I^GWDcJadXofKt1W~k_*ImcR8ra*zdksJ~&~C`xkP+XZ zcob~hpL(LO$R(v)2mRNrK!YaxqJ}0o<4WLvt0i~)mC#I zw~=SYzTz*V%XyPQU@&5CTI}QJ$(U@ix+%5^Tc9?9B~nH#mKk$U{UF)e-28lyK2T@N z25xwYGk7J)DYZwp+Z|N=>sM^~2zJMTD2-AbxZXc)0P=SKk)`e5K01Ft1s zL3Xc`gqX+Gp&~D)%7`tN1V)RHBYFxa>6`lyHGJ?R#!{_h>0{fkq_B2I|3T9}ehu4X z<7#ELV?}4h#qt63YL_2Xv0YknQGZl?{`W!LfrV3mIfDI>r~bz^v@D@9VAqI#>|_M_ zroRqSoM>@wEL{S_Sl?i$}>hz3+hovj@ar|=ddTvy1 z?rRup^-(3}^=Rpn2#@H4&zHj$EqbuW32i|2yMpB{Rx&$N>$*Sg)o-l*8!kAhUfh3~ zvoMGJ`OTrjp!gAetW1+ik&%vLgN*vUa4aGRn;_jcx3>{~ehAq)WdCH~w(}4rDL_6P=wR-qMIE(9yO<_u8ERMx0}-k^`up(hGQ2TU#rk0h)Gk zaS2>gQB)L|)^L1@jL(|2qxlDnOM@i4EOL4h2rrzaHL4gsdS} zNnvEAcKt{1~b#AV4T9SWtEW4Tgi$^a+@DqI8*f%9j zdO?Ozu{20_?#O1Gro?z|nkZDPe{Cu#2--+sw}xG`>nEHTnc)vzDE5GHpKG9suxMV_ z;ItWFRA{&MUX1s#OOJ{D?guy!EDVUwAww0`{JEYwa0!d;rHqa|bV zWrAdn_2wpv%8ia*T*!x=Hnoy{=Bk)UN=WE(FPfzSa(^wfiDIQZn(2{R<;esB)Q@l? z^(Unk#3*-je`MmDe^#TsKY=}+?eCYG0=$0xk&;U&mQXo77Q&nq9sPdR7f0&gDza&| z4AEk8tWFi@e;=GbjthV8d+2iK60n+A{;}LoUtq8s(VPuaTuJ{TTV*He%@%|_w;k;h zG)<_Bw#PyTfwf+1>+8xFW;xF1OF3zAv_H>>n&ZjHGljjO(KVaJRB=2ijPEn)Pjn3Y znt=5UGEpmCdGblcxKRnpG)YX#FCQEos*@Y+X&TS=XfAqmW#phtE+#H+T-CBkAVGPa zWBC&ljH`7$R+SNEhmTJUSBf#9mjI1>CFmD)?u*uxs-U6Ro#;=kIUfA|gsX2n! z7v1JVbgUP86uYemc^nqrbFK$7=a-j9a&x#t$G{6bh?tzdrtQDW_)S#*U*P1V`787( zi+!0d`r}jhuxJvb!E>|q{^_^#md#^bApy`#sIJjKymh60{|CHJPKe0(yvc6QV4sfu z6#Jvwudv?p?P2U+g(tHHlXl~EyGDZ(DnOqH(P(C=v852+;EF%qT~fLlI%3BU>jtg8 z!VYuKfNI#cgjl_T7IfgVQ@^(u7=q(DX?@t8lM0}48IjJ;i|)SV-eEou-w<4ZNfs8n z$#2vC``aZ=4{AVf%jR{IzP`Skh)k5#X1Pj>L%hAkdioUWyLV<1$!*2?v#<%Bnm9Oy z#+J}}4x)R+Xc-w3w907n9NBSbi&-BdN=-|X+14hg>gr+2VsK7Yxt&Vs7an4%EV1hsh2nYd|T$W3&c2~2^J^kZS z-h<&IXuS%ms{b)zXt*Cz^m1+1Aa#BV zXz)yST&lN(!pe7X9?*9p<}D-1ofLlkP5p~OHqCKYvjlFZ6WKGvQCuWzS2^RL7o~`c zSPQZF@-kX9E3fK~m$=?9`$uHHzhY2yd)&m4lv@5U4|N02oYf}hq`16NeRLU1<`^C? z>5r2W{BBunSjymqSSaxaefT?;{C#lk;Q!J~SfXs1bD?@-AWGrR#hKLZF!TZne787Ci|4RNcGbi0$5(}fF zM^r{Ga!*fBR}>g(1_lIR@s?&0f_r{Ocfo#C6WZR;>v!;PBqjZ6H`*B&RgjbfI&piN z%`G49?EKc}3)sijjt`J_5KpgdOH$xzc${j8~B4`6H1esoD>(x;AFrS6W6 zjTt)$N4Gnx9Pj9x8t)HMd@B12bPVHr62=ZRrEs&sVQi>gw*Flieoc$b+QQbyuMlU^TRZrJdEoc2H&(;fx&0J z<3?A=Y-3wl(x1YMl9ksC1QL9Vv0J|(VmJI3_!;T_%N;{W%x~WG2ZC$K0T@}Rsl71R z3bQ-;zKcOqQo3;i)_;{?ULU_B4JU~d+~7VRsK^V}-DtWWQY|{siU`7OZudpbrQmyN zIZEJLIa~WkL7^XdX-XVpySqT#YcMjFpcl0&R%&*iHU9Y zF_K9TbE(YF6Wzv}#{|Rd)+r6Tgh#(@Z6V{R%d}Z(u}>dQ!7pFJ?m}I7>EA=Sg5Toe zibq7qmA_G%c=v9%lFFI~e0pp67JDh`?i#=4R>?Yf-OOf-b#mJFLC<62zsePk7xg`P z(C0txZ2ZU@{L^MK&8g&#US_*YnB-OozT1aue(F_ z#Ob)9%dSs_?~1xRyD0nt2GLjq7(|8!p}5WHjjY%QEAMgs?SVuQ@cl)0cdAq3Rx?-J?ROfwN=%pQY&-{vqW_9Jtgw5q zbrm7;|3l)|Q+RCO9e{8TX&J$U1Oy#mTWM+JpxTg1mrE0BATT=9^?H|Hu?8fuR41Zy z=5l)zg;TFATDSo1`R+w{fpu!TIKyHWM&wBrcold|zQ&;TIf*mTnRrTl)}Fc07$0vh zn}7h7bh5Ws4i0n>RuVQW25jEkUWXq-327uwPJgJHsIu`p zXQx{^aVu0~oH^Ki!^)S69qbSYfb;N1tTq?bY)>#E-qK}FQgk#k!H)Sj^J|B>NU?lWsB-=D3u3pp zKXLGS1ZuZXmWU0;bpI67lr%>O5Jjl+aW_|U$JOC{f%WI0(Mw^~{l&ck<7%T?wX~j9 zHR29~2hs#c64NLh*VFVO#*DUj_VfJ=IGTLm8h!1kF9MQbre_r8VE^WfJb`0=D;%ZX zWNy*>%OUx=y7g@d;qo`-oT7T22g~#4X@_0we@Eh$Bcwc-23OWPu|I-SN_@+Z&O2{B z(BstPWcBL~*#wfVuFlRtcv_&%v-(^uid>O{GXMPd597tvLTX;P1nB4=j?zPVybq1& z*KqJ(^g%tioAD|akH=6pEfntv4c3fs@{+(jpr?VsG20vUbb z*_NP>v&&fR^DNzQu&dl-w0&`G)SN)WWzr(_;#m^BiP*Ds~zB|V6MP1 zia)gOKS4(_oe(h(W&uUEO8k%a?Sx^WPWUmP6nB-dJW$B!u3AUl^&0iiYbQD_ty%ut z42pn>=2yemAZ`6YM3tg~))$|(SoT`fNNxm-+F2j87lCZ7uIggmeg>KnnBZVkur{XdssQSE;G0L)C(Hkv%D2VKXVBihcX*r1|bO zlDTok=nhVAVa&95=AK&qXL2QBVQiDq4h9Z+jfV~rNLz^#@+Gn&vUw_AX;u( zX@0qWdYy)WR@>$?N@{9krx0>7UH#_W=7NH#U`lROj~^fYxTAmGaWK-s{9?tGc~Wfg zAAFi(Bm{|{(yK=A-ViSP$QM2Xe~m`y<|S$eLl^7EIyySKjb7^{(!jd<`XG2JZ-JVf zF3z*IUlTz-qhpa@L&FF@vn|;{YulnDwcDDX=$WIhRmpn|Q&2)>2 zh}cvC=!}j^uqz!Qn?BQE(=Kbkb}-nVIAo)@EGvRo*Pn@7nL&8gD9ArEvfoAEp7cq> zdeYvm)h7;8*(o+BJ4kk9KRuiyfk`Q6AWB{T>N=-XGF|nkK zOb*ls8Ei1X9>m1XH}?|zFrtN+F>BQFqW8zUch=*j{Ar`^7x;%Q51mX-f-6^NXBoa- zulfdQ(+f&!L%RsTpQPg%JS`e-Q6#0MqZoxWf|-rx#@F?+U!1x~(^xQj}? zx}7yC6RG^LD|FJr-x2NYUz&HK zv__*bKaiH8+T1s0EA;IId32{5@m!t$cxVW%)YA(d;rR2*OL8S_4RsRPGp;e;OH&ma zWy===qzduPjrOV~H@siBI4bB!*sv)yQ_l%F&dbo?NpU||E-obE07|ur^77DHM;s8K zDW4e+mDs+SFo#do{#E~dz*7#mkh!1EX z38y*Is`0%j(+51{8MP(*s$r-oyArkY%*GGiy`Rix;4fw}QDrTQyF(KAJqG&*HkvP{ z9`XQX)$>EyE8$k?u_0I$=;bNuz!yme$qtFc#lSVr^JHOaYU)^4t#|fyAEuSRjf#IQz?|P-wbS-*Qs4fmoqAyG$W2r7XZ zTqd@p#e%X84}GRaCo4a7IO^7_HFsm;G}A}@hy>!)T{yZ$=(3x@_Y&VXlr+H!f3ZxO z*^H_Ad9lLJ?QLzl+iC6@N}A3Q@Lf-4?^Nj9KCTT3c8G9pF93E*+e6V99S8TCcjiTw z#}2EPCEVQH6k3XFh}~{Tp`w_b(7jE9tVdKtWK`3=7~^_%eoTHRz6^6`Lp~=+#7ISj z`Y+#}-NHna(MFG)!q=~YKm6WkGqQ&q)!wrPhDf39D}1aHP4~gKA?Mc^QtTxc4bEt2 zP{YPcQLWbeeo8?gHYL&LD`NhVSYAU#eEbW~k5HZ~b|`PrBb^KztL1$!4=Fsz#fe7h z*Fap#O=FA-#j~xva30T*hB{`i(S=v$k89!<6{n$n1oheub~#WT;DHUU_b^Ci3G!K4 z^2V(LJ2gy|X!dt640{!ooG^gB00(=0UlYF{C>S`wsyexTH86O!XuJG)(efhk@~C{8 zbt_(edFdo+uaNQD$iN(pH*4o`G&&$8pXXe)WkPpoSV{nsv4A?OfW=@htY>!y?Zg}RYJx4 zlP$&Z=@zPWsC(r>ApT}L%^}4m>#whb!f(zB+i@M+!!^=pg!~US_Zpyx=>l#kJt^4kZaRPQfiU<(Cehp;!p*B zW|((d&G;)nKMA3Ahn$XiQqLpTUS4LxzKDYQH!|I?^72A2Um-`XTerY-$D$?0K_Av5 zGN}Od_3#0z;V&kYG{fn;ty5VK6{y(w_`+tR$I=R((8}yLNd5R#atlhDVg4_h_)n7mPMz%- z|4LSLzEY^q{4;u&8p5IxqPt^JvDYA|eq@z9_Qstx0LosgwRz41f@BdrN^#XsE~h_P zuL(O;?7!F1UTy-Y=3cmdH+U>8<6PH~~=>T2*Mo+H9@>XGJRNcXz zg(rZ*2pSq15eDD*+X>9D9y$<8=CJs(TYY#@0Bu=Q>U?OO;ZQuO;QC?p;zws+RAPzH zgTR_b47dT&(0P1pA`#2xTh2k9pX2|@XnC~oLsJ69v5L=Co*Hhu&Sh@A(B#Wo!ugy1MQVe9(E)`HUP>-$f?w5L~iTt#J_oMi6y`ssI|X36MNj@6E+_+!wP znm`baJ3aO)E@dz?#t?GHb|=?Y9#yhT+HG4igUZ8J1Y*7YH4F$G@mQY|R?v`C99_(V zzhQ8BSQ2-__u2ur?WV3vchOUVICi??xQ#N&|Btb^3~Tf2)_sGtKyfHm+>6s9!L>k( zmlpTp5*&g{@nXf@3lw(=GJ(lflTr7{GAe|eaOqanM|jWg}K1tM1xA2YGnm3XedTcop#`w;EP zwuyixly4fjv!!95MEyJ}a3fLqCg||+BcW-8wh1;|BvyILN|w6q8ZPcU1W5*K+`%yz zj!;tVu^cWuzTB3zUvx$^;cQl*khagn>ciA@ajF{Qcq}Q0y~JIOq{qRvAMsqXl~VrY z&idb7!}oqjl5lMgsY}!9-%oEUWU5~z;uFiu{zl0=%H@QIpSo+MeiG1ifByg?}&5{Q4aLTxdnLhsXCQh%bVz$+C}W5{G%DQzvFUZB3GP_r zGPCUuxo=AL)Zq@)pSze{=g+?WL}5=6eYub$L_FM^9AYo{5*uYi)J3~M;P4AIgkqT3 zK0Gz0NOQ?K-XzZ7eF7VTA}v9I8cezn;b?A7tZTnr>om8Ft!%E56pnI{X19U%Pe0J; zYq!0Ul9E=fB|YVChudi)q_0ARcY~?d-G`CWPur%-F@Gi3p89Ak*-q z6!AokAP=@rrbG0yu=hK|z(CC!Dubl3w{E?8gYo81o7xLg9|Y1ElE>ApLK(S?VWrn? z+4|y#B6Tag-fi*Y3wkAZv-gvm0RnqoG|mIx@6xD(Y7dZ1U4k?P@8uk(RghCM3FXyBr~37-VDHgi1C5I}weNqkTRFZvauR~l|IAG2mdLIv;lD6*>WhG6F_b`u8^ZPRqbANu|G7I# zsCfolW(o_ox#Vf`5BeL)*UD!KtpkzSUK0|sdQ`I*=)0glp)_%FQKe zxkPq7h(Bo)ibX1*gKXA~C_TKX@ADLRc%Arx+o(-+hoHnQeg0z;=9llk`GD!c&KqiXXt zcsK6@$oun0SyeSJq-m8+s~=?h2VTTf2_7R8TBrYGpD6HtdVmQLe=)EP-J#$Gz)#H4iLNIz~`pJop)0G;jPlAmLHR0X~6*s{{rgFemnxT{TQJbMmuB> zGX2k%MY|uBK@WF4X*Qd_T4?CupACM;o$;Tq&@J}HsaYSd|IiWgqf}R*`Pt5vXvQ$o ze3b6ygAkaS4V120pyX`lV|m(0=)kkcesu7LNUe}95Oh~Mp;WH9^J~Yp_8=}3WqNh~ zG{%wobor;&>iNe_x8wZ5WONzih~~`!F7pO6Ybb6oFFn81r*;*>?X?pi9rve5!{DK2 zGKM+l+h=xGR#U&ZAXF zbrLJGEf1IYH!|cUM~QlVH4Xy=KdS_EUdQ*o8ddI<9_w zl4fd^Ayac;&(hyLJ`&jUG`H;M5VMK;pPNVp=UqtWLOa^?4uaAp4R8~+{KUk>)<{At z&TL;q=BK_)JG>_74so~8oQ_VKCMtUtW2UG4l9$or*?2%$aqw{F4nwzCB$W^0{Q8O@ zM`B+(WxlU##5KJgbP9qQA8+!A^AlTDEiOiMOkud1{Gr#dIMoUt`*3}C0E8UDZWu$iHuXhv4SBpDb{vC>1 z4udxpmaUp^jBJm$f{|HKg@lE+`d--p)YQ~qBM_ClY{O--%BR9A%Hp{k0d9nF0UN4W zdm(->kf@cvA82qF%=j!T$MUza2qIapPg?JT27%nk3P}$K2Q|K9Uus-$^Rb$k{Ew2x zLuqZiD>92~j86es3ZfiovVQP{E%L{(E2yf!Hd4_T*cGzdXt!R^?epB+!f{Krb%~8p zfX*S5NmyCCcOa^Mk#4Be`Yn8HK|mmQvxjEokcC6IEs+hne7w~nV59SDneL*Ox7O-4EbyjJn7V7mrg-GdtN`*x5!=!fF&dpX7g-5fKsk!uA7q zU&itQ(7ML6YpqnTCaoIK>dMxtD#>xnNCsJ&uq&28D4&X|=JX1I<(&`hS||2jXO1kLk$n-QN5!Gv*E|A`i}zkM;BbS+j|!G`((4drqfol z`a$izl;Uy&tAWpzE`fn8I$JiM<=>)zyWBF+-JO@Mso3q{(X_YEhRirSIK>5@jf;4W zCL|_?zACG)FNetXUi--Id|S92bMe}3ERB&D`Bnz)iBrSQmEj?P6~iHkRAA01fKm>;yO9}$i%MA9KFG|CjR zHY;?bjA?7ej?(I?!$RZYsy6GwyvDCSgy@;+jnto5dSm5k&CP^Be|Czt*3A6={f|>@ zrc#vZUD0RE9R>+bk;8w!{O_XQ2^*0a0FJU>DQ^j=2&TkN1=7nlRGY1ShI<~Zr8YZk z01KT_rH@-Xi3A4t6}*HNmDA)EP=XX{<_J$6dCrv?gP!KqX@*~5`BTU=nG%+mab-dal; zOIs-EIE1(TMq2&LM}|H5AxL{wWy~hC(Fv6ehmNDmpMdKVAqKk+^to*E;`E1f%^^1o zIGGlx*S*n9>!aA;^|pzx;M(I!D@%v;$B7}90H+6pf`g5P9vh6EO^Yr2o)P|}t}_5H z)4gCUojY0#F&7ss;j2rz>1pNB^R0)A(`uiKm5Lix3&nqVr0@MA6#yb_+)REg48Eka zdaRc=i#2}B-3r+jQ;N~4nyGw|#5TqR)wPm_xJwU3?e%lYO8gk6*!c+Nl60!SRHk$Z z_EQMJ_L-{u)M3Jmw>T?QKgHJkJZ>4haklj7fZEH#>5t5DrkN40*gyq zF0};C?X6w4Q#m)QdJRz(ozg-Eo~u{;Q>pGfJrhNuFMoK7=j?=ZeC`yFI9CIg4dtz6 z@OEEEg@tKY2u9b}6ZIidGGn{4>OInKZ*84*m6CmH++OE_N;m zY!lHJ3CC5}boZW{bxtBwHeW8~f3G^#|G^&BDVCp>fFW%no{n@M?8(zz7WeTePwQ9J z#vR9mq4^ARyoZg8UZ~vPsQS*B`-k%3aYzxp5u`G5iL80*dTtF5RO1tNqDfE#E z2d#L4Md0|COvy$QKF>bSupikHZ6ukb*$AJ1e!2tRveT4;@#!Ai4t@3bJMtgV?fNHx z-8kjW&nnevR+G!(V(ZJ>rCgMM&^c?grQmX(gA%jf)))IZ{{oc6iOtc#pU~X9F_%M3 z){Lbk9VSMgl1&-~cP0dFI##!6KwzS` zgj2$~nU!uN`hGj1HKsK#Q<>&nP)v((6m^)X3tK`}#X(((g`s?)>z|Pgk#DT#Zi;d7 ziBl7OWRh2`Szbf-YLXH^=_z;6S{GZ$whM;;7UXayq0(=0V)sT9rlwF|K+Km3FnAof$siIj1) z71x?DvBkcm@^vE|bdmMi+tHKt5qeFK(Zc$ARvq=z{^%}wDv-wjSo<`G)+>Xz(R<(e zj2_h@!j?SwYOyF!i#O)8lB|-TCnsfZ;r_pbuaWW{SPM#^@4?i*UpgIMIS%@F6?i_L z2X92e(i}~HkzUY?K1qAwxogkv&IW4*TeyR*P+Pgq_|LXtmByXtbd{zGlyXno^glg4 zT*U-`vKzIsq(r>XT>SWQ?g2Bqp7d>-)ALAYZ`e|CzuQiHPwnm7SPG(i)UqU^H_&a; zsPx8dwOVNgTTJbYI9;i#PfW-}<&{%b=A9TyqXYY>M*@?pn zYv?jNJ9FtGiGMWD&CbNI^p%&aX(SNO^@rHuT2a?XC`(xnZIuqZUE$JMGTYfUo%+xh z4o4Ib7f01>x#khq8_Y5ZsfpOZ)m&2pBVCE^$ge`i)8ZSFb(WglumbxfkqC}>MW{G^ z;gE<*+q3^(QE_=*o}AAgB@uUhoq5nA#1GM5Vqk1c-DYxbdRkWgzO$1C*UkS{1M*Va zz0Y7Vl^=1~KwfPQ5BC}0j1p#M7sXBG5)|}jr}QG|tHsW}J8kXRel42}S4}O3CpIk> zFTd?qD~XyW?y$W7`4DmZElSj{H=I9cCGCMhO8PqPRFYO2+z>kPO3>Jg;~YF?(@hSm z4Rl2G*=TJ=cNk}{74>WW$^7o4F|jBr46_Y8Cw8IH{(~r=%Id{JD2mRor`5}>IVK2g z?Xh=P98PiWzdWC6y6@-hTFjO>Zfn))zxW-Av`SF;T6(0Fo$4dbJdTfyXLs$Fx2aV& zU8-^$v;ztObBMR;e)j*E>DpKD)=>EF;yV22X{9M7d`fgWuqpGVZqGN(2V#2IKKx|a zUUasVoA&&-m69Ijd-d61*Rs0q8i3zEX00IrQW*Ws=ccE(a=95L_lF=PIhb2-Qs}(x{P@;_s?S?-u_}<4 zp^T{h+^+l$i;_aRKfvZ~M@rkDKXFEC4C82w88nFd*GrxxeeJ#gIF=^P~}6 z$s17QmeJlwc$h1VMP!QzmnF>~1J0d>*y<;?j0y%LR-LWplo9#}WEMxA6@;IS-(aF; zvwb0@AJvS?qLNiukU&E_pH4Kgfm?$Hz{K}~V@w)3k_Mxrqd8ZHvtL$!i_*|Yh_oHd zcg`;vxa`dTUSD5-i}SWq=$FNEBM;tCV`EWV%MZvzza$p^p|J*zVD%Y@zRq!uqlb|2 zJ|EtsqxRLPekIlOc9!dx$o(ysgF)C7JOXUMEU}oSvtaF)_EZOr?-krk6;<9OdMs3V_J_QCwsl1U1gRh$#QWIZjFBinuX z1uKF;l7^iB=qGTP*$Pp6MoNWnhFf|6`(02s@gH_`xpLV@cr%sa)^J=|UD^#XMwJjgE~VtsEP1KWT_&kVa+Qxp*DUHI^S5%Md0e@H9QOujmj5CC zAISqU%W=Hc6-7DPK8q09<5LWT+Kx&ZPn*fOn7U-m1^5h6tqJf7v8JUOn0bNEBt_1g zvJ0Qke7Tz4+qGrrML+*Ssr-F5{^5H6bnKcEsWjUPx1Hbr@VI~Pz4z^hXho62j37+% zPph6Vo}NBOR)g#Q++EeVcaFyq|57?&Ak+eQ=`OvZkcTmu;7xb?bF?8&A|O~q+Sch5 zR|mW>0A{1U;F(T{28Q{B5H&hm381r$GCw-U^820#r|QxzWl36pr)x>3A{H1y??vAv zCc{&N&*HXr^WYM`ZTBLBE`&)_x+Gn8bxp}Fd9At}vem2|a!8FI0}XIg)l^js3~)?L zO~)_4MeY)JxLBuqfzLnWZHQSYno+t zWKw?N_Pj;qzn2U97_Xm%z z{@9@#*i8Y<6wd9hPUM!lXlK8fS4rPxj0p~AbUOoUz4%FX2g2aOw*-+sUl^O0Tz_`Y z5AtKl;nAF*I=H>-%YX+(|nirRw*zMxc###xRBWZyXVt zj~`VM$QP_W<15nqvuhu%5c$fN_*AJV`owcnEv%OW%Oi1ZS zvt$)!*xwB%aPbzicMCI8kKJs3css{=&>Sx)v1yOxBJrbK_uT|*0Zy@h={95N6cZl` zqqbK(E377T%_?VXTvvyI^_%JwkxMw-X>18U8<@z9B$((B^j#cK%{6%};E!DEqt3&q z5);&w&0YTp8D{7!Q}rZ`MZT!yQ#h`n88q9mt5;vKmsp#QwMH-Z@?Y>bZw9lJSOIO8 z`p^C9r%v0-v*5CjN&Tw--#?H~-BYjhedsZReaRSRzs-VC*?-%?3KL2(UfX+58(nPp zMuZ;jrC6C&Z=Y*!_0UvTzLyakFYC>hzB|`hRpuzme?mg+ktOb9*Saj#fJKsU1sPqd zP2FEvRVK4d$o2QlsV95|E*k6@`W=P-nA$0Q^iu6oYd4&vX&tfutv%aPRBn6D9Gjjl>Hiu#W)#SK z0WOJ@yh%Y_gg(i(>mU)mC9H~X$&8DTVZQEj3q*m>Ju8G`zJ6`^?WcM|bUqca83iaF z$c-{jsDi!^>?mC8ZXFD*K7YQT!Hov9PxD@fp>NtBddnZkmMZc41>x+On~` zbLO*^(#>ape%TH>#RuV$C{Yc7mf8l&&5%!2#9aDAFhGB8-88+vJ~6}s^T<^G+b*py zY(8*VCn5grIDMi>&ksvXU1zv0r43so?{#E)Sb$Kk||yA?+BY|Bce42C1?kUd? z2$Qsp3>~yR7q2#k1MkJHF}bT%+>xVbfXJzqPyc>jFNG#~fBKGA5G~ixO~eY9!0$`&bfCRh=M97v zc;2O6B~|v(3h|cEewDx4^z`IL)=5aG&aOJYbaVd9c$h zIQX}Z)-}3liOz5vBer!Cw=0Z!&HaI{+dd>On?_oDF7v_e0zCI&#``n_pu{-LvgGka zPN{%0@mV@r*dqj<(5p@s5^#?j#7WPV+8ZStet&by2og}fq6`tSBwr2#cweoxZUf9Cc#Ncbos=H;)g51m5S6@gLO^8W+5mVpfDsII%h7LLEWhxE znZ~w)5fLHgWrpiOD$almpA(Xl4@L}4PaL^(dS1!*SBHJVYY=hkrbfP+aXoIzGemLZyEozMMVPKhil1 zV-j=z))g=RQ}A+XQD}u0HuM+8qUV?X0!>HyhWnMF)jHr;;;$CA`+!4i*GcHrFRW}#=0GWFcW`$F?VO{iD9U1%mYWfY<_U=x9tKPX6UBW5UwuSu=p1!!>LzIyn(yu{i z;xR?0$BUM81`oM2R?}X6xFi>YhttheVOg!Xht@-zlziObSs+?4slLk?^#7nz>ldmG zgpvX`@2s;)6~N2R91Z6qOd1?r!cO$)ElMJHd~DB#xY=pVkDiSWW!l<9of4j&`isAl zKDRwK$K~W~-u9}s){ql+!!5v<{arVwag=Unxf^0nS*wK(y8njN!1Ewd#D-cvLmmPS zT^Bl#pK41Nd4 zzQ~EQ^}%f$*k_l@|JAY9jR3H7zau4`7p@|OH{j&i)2P!na`=Hjr6o?_MO5EyKSvTQ^AaI)-|;HoN} zJ=wWG(FvWE)!~*5$AP3S1;xpv`r~`)rr!l67?mepg^Yd3(okh=c#6#45F9ti!_bNA z=;2w+{~ul@Cm`Y@OuQ`YT(FZaRjT^SYP?uIjW4X@zWSJVG#ZHmaVY9y_F7}N@c7OW zDxs@}_!93s%p`y6&)EZlhLc2|QZ0SE*gE?G(a*&`fZ|PVM=An#@lNDYh}$0)^$2`# z;K;14<#a5P(brj;TGazcXraLOkGNF^n_ZnRRa3u32<603sEC?Ii}Ltq?uE+FX3hj9KYl6{db<@Qb$KdaSTKz(Ky=y{l9rx9kgY z+JenyNWB$8T}j5j-6+r1u9OWSbz96b8t(A6`81OE9e<~Tmu~lL{t$+jr@^7o-jcZ6cin4?x8?5 zR*)e9#zgILU^YAeAfZ&*vT4a>H8RW$wG)DCTx-(j5?5;^7%5|^onKuYtAV2plq^Xy zzC{4|E!0$l^cBcwugN>hKnpm53Lo!A8e9LxFbq$j_dAhT%cO_4&>|>_=6pR@@X*nh z?B@oGg68bG8e3Zxy;Gfb5ACMFcM4qGK}!>CHj+}&+(1beQee<) ztbh1iuzCJKzER!`6ZZ9y&DTY-DoeUvs6!gM?Gnb|v|b7GPI9g9^&EoPq1h2y9ii-z zTilrmt)k=qaWpN*0&LjLO#ghFOxS8cG}zb(eLoq&akNf?W@vY$@itgJC*@thS|zO# z$7!1|ag(~i%}0E1^ml$n9M}uH*3#jBi;Dh)gRJIZ-!a_mMPI%sb0ZG>*_?`iA^t>w z47<|QnC9fkNv@a5+SV0CG8Kz0MQrBBP4S1{2%CCZTAiXVnn^ojL>wHHxK+cR^STo# zMmBIb2Sm!*HZ&yLfbFt%up!O7_7VS~g zV;4a~HU9EEdPQO{JBaRbB|iVB0YcA;hi!<7Gk95dZdnPe3)Pxk0Uy8euyxvRkwi@g zppi?+w7%Hd*j%6@Ac*5P%M5s&CVbl&9_BZDHrx61Hsn3dSE?MbPks^-e(elzXP4(QX+Q)6B7JI3Zm!D{-AWS909%vzSNgTp8HT zBU9J9_n(f@P6dVcHj^5UWrwIb@twQzLFv8~y$UJNWV3YJ!oq6n$pHHz88_Q5o2M_7 z#XnfoO|?Fpe+m2*?^1Y}aZh6{ciCX}rd>TxHomSfwr`PVZq@R5k+Sf!fp%K!_~M7@1?h^oA7rajm+3m5P+y?wO-CTGLs--gbiCvS2x)Jcok5wU;8g(_n?6|1nHS zv|`cuz`gt9Am%N7T&P(7yiSGplNN#$+CoN@-wLXmgVJ{Ipwe%!4P>W6cT4<@angk( z`CC^dl&W{liItv(@oYo|FsmVG&{gr#;^Bj4e9_F&alKwOeU6c4x|N)WVMgDF>J(ucwKJbTcrD)G$8u_b7t-3tQtYa?>E03p1KAN{#Yn}T!amU^`g zfwl40nVy6Di+dmX^xW=9aiWrK0sFhN9K!`v zKCih7f9iDowfX-n*#GSZWNL5Q9ph<@i`3*QD1?=2ruiMMyF+l*bhCCAoe!;-ZtZz3 zFU=7?s+wr5{y;*(j6rA&N(Xo3@jeDqE+KtLpd$V`H)It0SISer)-uopG{4sCiqS=f z0VVcPKU_JOVOg3de|KmE8+;(IAVCs2MfkL#ii#uGIWFH2*8rcttX)Y%3uwDkOmY={ z51jJT4j;8aoz^2 zEdP0%`oXy-e*EeU0W+i{)xn(OI7fsuqwZ?2DMOCkL?#pq1Dq!X# zSEAu{qHZ?Ju8BJ5mI}2g zJmQQ`e!m%M<@eo1AR`)1wP9kqD)ETgbRJgvrrpdpf_bl~ens!q1@6SNU1%P7xK{FM z=(E}LNM+OEn>+ogejuFz-#UED*>dwlZcy^4m3YKUvoD}-jXLYl`|L#L1J4?TZ9)v`961C2?t$ZC|rp_cj$1{#4Z7p2o$5gIq);XD>sBL_A-wQhzI~ zE?6u?41c+5-$eX{4_cV)8HL7)Kh0Viy}JK-y3TVOf11i`VjTr%kOjsuLvsod=--Jcp{a+YZkQFung4h?(6f=6t#?f{fLe#<83up zc3mZ*)jrpBNCWyi5T*8PdbumclvP%fCr4;5Ip|iFDe~~>h;kzLS%kP=I^x|nY1*Jw z^)Ni7nu%i7yu}@U7sM2f2ZDwN9Yp+m&h>UFO|nuYT4}qvpHd4I`1WL6#XnoFlsI_9 zD5?U5e*bW0^&IeWeJhfyXx;lm$5(%Rj$Ssd>er%>KPyPp4Q_A#h*G{mF0VWB09f4` zG2=@(PyP6p!$Iav@2?zbZS^9|@E38?$7>s(e*e$@;^asv_7RQt5gya=p4HQedq0I} zjP~#WYer4vX2$|#+s8jmYp~aZN+_?EQ^-etd-g|}&F_6`S@@$i{|y;HbWIU{K>44q zlmE^8LV{Mol-9T*7d`}_Mgp1Mt@5n@Ru{B0k2$I|$}iEY0Nd@0=) z`RYqeZ2yJ0iXWxku!{jvf@J`;WmK!)#w^r1)}()=Uj)78Zzswa?4$O+-jLcc+2@WV z@^=d`T575ZI19WzqS5VIF77W~CvC84ijYXx-0%))v-A4y_V(9ot0W_e6Chk-lbedQ z_e`x6s_ieWKt_iZHBQZK;K>7T)mVEtK9VqGbyf=0tBn$I1@>_fDRurLV9|cKCNH&|K}I>2$n`1JaxSr1 zej8t{l4V0{HBl8o+5u#V<92#04yJy!V(JQ6m(rBnoVc`nm2G#7|o%}w}tky+f{P;1UA-dIMsBX4M!Gi-|8AI8xwV><~uAN8hsr0U*^fQdP zL;A|>Z}nQXnyj!mhk&=Fl8}i8lrUA^f;3AL3iyhFFUHMCcU>r5EmCh403px z9>{Tbl)wwj_cXv8$72ix)cxYerm5G|JSpi!6|) zCiCRHJQ4YH+Pqta#O^1ZUNYz_xOki+krMXE+XvbmfkY5`4yUi_-HjWC+bh8eDZDqW zQf-~KXM&B)d3s2KDor8z}9a;+;2 zzezw{WWHR-=#*b94ex)WljL~Q{`}p&F|yvzzQ_WWknndzrnr`bmcOAD#+r&ff7#)R zXYDY5V#3MbaceRYYxeQuq}P#UIWK_K%$RjqH?mqAIg|0T3$ebOoX-@)Vmomsk1_Ug zHMdvvOu`a{+jk{q$zo=pYKpLf9pZw?vTR88_q{1-?Q!V=bMa+T} zfhl5nO&T+>Q58#Bw3*o&npU}<7nDxfbg~=m z`q{&F;WdJPL56pk2eLgDE!D_Jk`vK~OUYCL=a^Bx@WgD_rro1gd)TiX#3+PpnwGZQ4g|dT8Ek zx(kR&uE2IiYHwD&rWnFWZG0LYyiwxOsuvm+1XFpPs{nPO*L|W-nc*{6WF^SR#6X)G z;q&-ly>3?GB0MR8Xg&9rTFjqthhLcPkrPu4hS_|6N3*R3nBMSDs#Iq#WC$p5}EWu6K*{**=JhCVqhbs}c z>d^qq2ahwAMvPW7MYX(C-)rqjfo}QMOH|@kzGH6@J|^n8wi{?e0X+SOkxhfmAYxpNAVw>sC;612+|u|WazaulkM4)lIP-7FnJS!@reXWFD_ z9?ZvYZa`3-P^bR`PDJAi65WSO%cfA2r&Zkc=58P`oks63+Y0LCk^6(;JWhlp?Y%y!!b( z#?|?(o#Uv6i$kS}y>5Rhe}37gbzqTlW|=)G_bJ>8ya6CKiW zv$wLqh~+9m~Wz6L~=Le^Cg*4?@Fy!0T0&i?}ZHhjB@4C`rLpOu@m&hx^0w zqZ$#$#r=YeEkIvIw&YO>mr~`#o6=Aq6BD<~1K5qoe&v0yi?3w(kpF9M4vuAoH{YN$ z2(crnRb;H)hkJ0nUxjZ`{AA$Go=uiOm+6{k7Ax5wpQT&%x5R`?`rAa%YA>Gj+n;O;&3I6GR~F20p|CD1F*}7H$6o9cF8R-&kyMZ zD{i}Ng0Rb#I_2zaIJvw@LWH{~g&2pnjS(fz`*F=gNfc3~YJFqRCy$v{Ui-%U)Y*YDv2a<8WV^|ENP6EF4{Ml4e-FvEwXB`_);{1C;Vg3GHRH9wh{>Cb zUP*ir3ZQ8mxyMoEBBw*XfBxzheb1L=;Aogxnsb?}Nh|qGWih#z6L^)6)A&qmw{|Pe zJ!Y5cyWlng4FW^KkO%k=um7~|{Jel1<-|20j=a<=;*Z=Yp^u_E-|?5{=RpFN@anK= z5+TaFV0Dg+qcdhw3b<|D@*9JaQ`QZ9#9bX^@}i6oBq!H46PvhKlFW5w8{}bzm;=Ha ztFA@33!NM*0C)z^@gkvY&hVRM7Afyl|JlrM#Nc#+N85dIXB`>kKm6{OmU*9Czh}M@ zh;rFB1fYK8SECYd#PSNZQ6Q>VmC##Zv^at%r^Yz*-)p!*^C4JXZ7+h)6i>hUfa~q+ zu=xP%i8<>XKkNlp@k``e$|!waU3B*L>pt2;46^4Xj#A<;z8Zv{;<6Xj{2Z_g=Lf}WC}4rf82eBSq$KBu6Y zvQxLtFSCsx6gR%|%U#Dss>QW)ENt7kUe;dq16gkLJ>N)TUZd5oY zG=4X{D&HY0bmxJ^Z8?k5|J}U%KUQ0Op6{tVn0wEdRhhMq8zad6GU+zP`OcNiX4$i# zxO@@CgjZU@&R_R_mKO;K@I1dOI4TD(@9RNaSrJ3t;@jO_gpDnRaR`BoOq%st zEaOST&@gp04U-T8esti5FNP5gJNf>;K=6Bhu5UV8M>(+<3sbK2o4a6$*Y56sLT!$% zd>~iuD5NavWjQ#dBLqdY@&48DW#T}~lMxZ{S3U-}$@wrrkDXy#9I>^m?L?L|d%Tub z1}he2R`U8h_>|xE(|ax7*Fs1SZ8v2?os;D6-?3yJz*AkEx_FOQTR}~##VVs+?i&MF z2gMubwAQzSXmD2$SIFa~Guf*KvQ}|Bk?E6Fr&dY39wk+l%%m zujql|WA6r2HtPFo38O&Hn#sA`10<}+;G=krZEZaQ!TBrWarf8pC<`xo-Ydc~XtC~d z>0Za>;FUEoYOmiqZ5BAcG`;vWYZ|Y1NRJb|fqZ{|s=J~D-fV>%;60Uyo(xE8=qI>xsVHi7G$_j z!^dDNAzrp!N1(v38IETM@M+j}@Wh2qzYq7xoWu6^+uN#|Bf@S*+k{uje?HrpatbLx zbVa^gUi|~~`rJN&HY!8e>qA2a7LCsnJU$@iL=aN8!E;(#nf!1Ls<)2?jqbTYgh?Ah zl5{_@$fKNF8Q=1>pXvJCFo?Cdz6=g=RK2v`)*v~LiQfEKryekU z!z*6#C9f)n?9WJwao4N+i&5FYq?f)HpTx+?hOS9{S8&;Eeo(G}%eBkqo!eaIi+TNL zX_Z$3c)X43nJ}+v_$!2t-0|V`egW>f-f)s)C}J)Ft$Drc5Ff=5g+(1wX=oMwYBR}B4YsQn+ZciBw>tE8b{mSia2 z@qWe~UmAByRgi&WBh#;gzO-f+$9LwIE5A4IolsU%<`r;zgham!CUWHtVR)0A5f`_S z<+zyk9i*00e(vyB_<0ZM8eUYsN9-JVveVgDLa^%GMuoJHXsaQrKV zfVcR4pgqBuC$9!Tp#FFLdCn^?msfv{xY*ZLb8*IBHT&lrNd4cOAUaGqh!Rr9Any}po@Y)KSR z(j?Al9TY(E_lBy(nIctEH&til=YRul4kB9y;PenNcF5xS-`r-lG}U?S41L$VA7TZH z*@pj%uCt12s|~kxaCdho#fnRDr-c@Z7x!YtCAib#QnXNtySqd1;u755f=lpVC;vHP z-|R8YZE}~f*86>V=QHP|vEA(Ne-Cz=G!VwRbw3{8tlCj@Yz}%ush8o zB~eIMcAOXu7a+Far0aBZ%+wm3Et-JHePDFhDHr6t_ik=YGYxWapjbkA-c53vn@MKm z+UlEY<~E3h#mx_@LtqnDXbgC^U}teM>PE~eO`rZMedXaq_8b+?2*FFDgJjaW&nDp7 zODjP){bp*MyaKlJ3O&|vFnKxDQg5eeVenap)2W_Q)SI2?l^W3Zh$Fd4y~kw~M-q6A ze~&Iro}v8NWU_geAZ3T*Lm;$J`V(XK+9EMj{p5XWf)V$LYh=I%E3F>)(&KsPW0{w)RSZ00vSxj4cMKfiXX)?IlZD zc{1AQ7Xbf4o-0!|77{fn%O(se(t9HTG?IHEa``aSEuXFtVEq8mW=+QX&-6ah@ zzI#|K47etPijVCx!ZMUaV;EzMg1YRt&46Dn6PY+fTC+0UrrBr}rFN~|vLNM8CE-^_ zg4Jq5Yh$h8FlIL@P#Ct_?;wTfAx)1Cz{c|S@yK@R_zT>O0^QV;HV0^de77V963yG) zf%vIy`49=qR0v3)fq}f9^^;a<`d2WWOcA(i^V`OE5*L( z(1|(b&?xRKcQSqrWs#!^?B=-Livm3TCH15w9Rou7O_u!x>}w9#!Du%^wHiULV3@st zyPixNZM7R+Ek|3Y$N|4Y7--@)c+CgM2ec>J`~SqsWCu2w55)%yetiYFUk)*@I{3i0 zPXtk|Q(gDz!M8{5QP?YyP|TNkN!W#v*i{AA6ZRJVE~b=7y@11+pWV#aC!v>eC}OL& z7`fts>WlyDvnOJb>g~CBm)oUbbN!4;P=ouiws%_Yr9>(&g0SKvdL>TdCHB4u_W3CP z0_F#UbMFdxWnY%}5w88JIDBPq$t2=`gc20r13|TM2CCP%WbO4Y&fPC zZ>$7;EYD)E(G)`r;ky{R7^wp zABLyPQ~(p+9VKBS^nUN3_R=Mu2cL z-?`BYuvUYw)h}{hS>q&x@A7N+&3b;|`k=8@mNjQhZ*C%*RQhV=Ou$XgHu=?)qKKZP=P)3H;x!~x@r%y`ktStOUloVBqbFQ1U}3x zk+k+Df4fX;s;)w?kYc zJ%pwPFqZp^aw3Ta_4dl%KM5n;XQ9)W_`THje#t(zo(ne~7P*-w8z49W)PPL42shLa z{$NX#&>2s`m)a+xkSwSu(Zd^+E1WlI_)N(9WCO$q-J!MccmRd}eVS71W7gQlY5eck zx|^XGAg_mA3Ge`F7PlpkR_E~Mhxsg#8zI<#0(b!W3k(^3d0hHxuqKfYyx?t}Sn)Pa zYrl>UH?e3#LpG6T_xu*q_=}cBAV#~JbY{A>f=B=jGHE8l4TMDD>Ke;Y!TCyGRiSGZ zrb69BP;Cl_o`p%^Lt%Eh63t43gHzzk=-Qd(+^2QLkb^H;_d3|~G-4hu=NqAz?86V; z@O6oCuHM3;j>)wr_6h>y9D->hXc^sk)Uy}vL0_H*FS`HqkIBuv-Bw>!Fyn4^TsjK# z?Y?ek#d?mB9}(Aas4!wtr;S=$Ta0D!e`Y2*+)Vw;`SWhVo?Ev%0svALWv6g5#6FNo zo0Q!QGQk23UbMB{woy6kM&v?u4QxMu9uAn`Gjs5z-B4Qpb@L>?`J0`uPDa|B#~MPW zQZJH3NEtpUgTCkr7Z+}CQ`=wm#iwf2&4s$*Yk;Y?JK^ESFrVL?I`gp)lL?Zd&oRI! z`&oBrK*+wa=bmw{EK2*{o##?&c3{C(x-~n8CqLeKyKK<6`~hXq>;AZMeR1|vGe{DN zn~(b~EQuRsGxXlIe|3ihQ0y8iY*6C7e9giTZ>^GUdbzg)a>6K9gyP`gHgsDupdl~y z)emt(mW=~_oHfpEdHcKYYRQ0Kg0Ei&pg~*1&sFQ?OC|i}3wR8{CW-2Vp=RJBO zSsq*G;p>rG!5R?+iJi~hn!k>TN#sgQk5bv3UiU_)jnHb%m@cSsWzTw>-`mdC88|*? z`d`gi%Sgha&lnqk3J61)?bJJ)R6+c0s5F8;yZClRZHQL6;K|Q`?*%!}FYjT%cvb-G z-$J0{WiJ!5C`O$63j@+yz})GIyKp_>CRaK&K)pU+=FuHS1vV64@!ogKL>qrN;UwYx zfxnw!+4$_^;z7CECW}&Rmp^v_`W`HxJ9;F-oerCBv26r}?3u)FNAk zTT(9%2&s&}-XNxI^{cf1)&7z$|9Bq-lnq zBXE@T(0ll`fo-SIoK$ybK)IunI={yBh5F;xCpR9lzo_PxSTwDZ(|seyGJ<!udMo zMGF#sp$ThSM=g|T4G!9$?a+*eF%DeAq3ef%JYG!AwMqlLSOVo|FVv${U7`L*?y)#e zEV(GaX78jDO69MuF%EJ`O#Rb5*nb$!g`Ij3!Ls%5E^U-NSH}NK);I?dU-b7NbW(MY zs+(rB#aqXZrD@i)u0g)!p)q1U6|v$+d^Xm+bc#Y&H)q78o+k!G^cc7e6C$JlA&Xi% zMh=in&#dk^N{{VG7JWE6K$G)!*7c)z0KDH2(z)+W&Ei0NhW0fv0l(>d-*!@vo?%wu4V#cvaf4{RDK}{SIWNYoj zp}5YB>2Iv;OQ1RJjphQHySDY3!aE5DanFb~(?Y^fLPVNYT=;Z%cpFq8e*$)_160VR z2GBQ#A2Jt=0+aBb3@nnfB^}BvD;77y?kADT3l3yjb}xO3+hzL+eMotz&m|8&8hzGe zRu-6`XXbGH94ZyC)A;H`HN;Y@f^!$rTVLjqRD>E7)kAr45Dk{9-EC`JqX*YlY+Z8g zNM@ynM26yK7<8q z5KP!XH*Q@>;m9u<>*<7r;KQ&%0S=mxBm?(jXo|u^e_;$q?NjBQNH# z^$|lk)!8b|!3UIXSkx$&8&8SB9j(VDlaAN=u9WSrGg@$1nd1RduO^-QSL?&t{-*C! zvPkIjeZgN!{YDTrt5VeZWVi+C-OgMaQtM^S_7H9^-f|gmt?yawj~ybq8Z4I{z}=94-?kH~dVqdKgW zILBl(wfdm#uwcD-vHe-9$u{Z?ko(y6TAI}Ex;L^tm3MpFPA6LJTx5@5W=z{P4Lo8! zmlJ&CxvjB@a9e*MYyHBZ%L5)v&|>GOK|h;qEf)`bean60-pPik_U9Af1^WgY`zFW5p_bce>!An9ZNz ziBLj;hERMN!j)UQ8%`G{yojv^A3=5FY5WG}E|zFErDO?06XM6>8yvGY2j)frWMkQo z91omf9IEWzSZZu zkO9=h#7h!36~t=paCz@tz6dt-a>F>^g{iw0I~z zzTV?<@z}>rNa&5zN*R8Sh6F%eVM)n5Jr$E>NoTz5K7{Cc;RR5R@ zbIXVLJ0dj4Y2@{9nPl}w2>@FlhIrdT?Mv}b~N zhA>_2_gdk{FAPzT@pN``_dKLItbMRnr!tAWM{O6s)fl<~d_V!%QJnxG%^QB>GQpye zY_wHZr7U!{^U#953XNsnj{q`M4_OC9VL<7iK)$>}GrPg0wAO=P(LfyYew!b9uIcD?f@ODqVg3vT@~f zhfGlq;s}X};M+Z@&o82TXdbN9J9-{hAN)tMKRDjY`^hm`hZS@^VNks!5R4L1fcpKD z&E%@_yqGdd%@#tF-X;od@n{Mc0gs^=ngEvfJJ@O_VvjB~Up9YW)DEV8%*-w6g+Whb zDw%;Mvy%Aoi0-`*dr>cUIWcH}N5RO;VwKsq99`d@tsanx+*z|_wjEN7yZ;8l-F4p} z{$`~#aP(m*8(_SPgFa_u{4zugQZ!~#O1ZvjfNzFVvWpe}xJz%tCHc|5i@KMeWP@>3 zcB84>sXE(lQcDx2`A1WVM(g?dZ{#5pnI~}M(ph4vCRb2>=V&jWeRuVztn&X z!CZFZ#|dpLU<@RZnRpE_5_QvsP;TVlylb>wfL|6D;4W;5AIRn?R61n~ zC8aog$EW9ak_UCcWW05uh6w8c*ISRb@c2BDz&bqyRga@s9d_dr13{;$#p|dm(%j6c z4J0%_yQIbk#MXqwh3D4?VT3@0CJjL<;zh6S)-^AbdW3haGXAN`z5ENQ>-+r5=5pyx zG~$616;{-~Pg7{(qG+NNotBKMng1->pYH-MU4mcx$Txzz0A4gm=8s5gx14bs0s z9k+m&-JLrlu1Lj%v;?!DePwrT9?RVF_30M$*hCFVZ(45gy8;Gq`PaZV!3_?c$uliU z%gvw6ac}Gj4;ViD%E9^2N^c>sgJFC#TV7L$gc{W2%X{JkFBt^uo{IUJMzPWa5KEhV zE&aE|gsI2yQC8}FwX=tmd-631=1?4S! z-;!#M6K&JX8DzdjViAAVgF#UGyJwMPJa=rx<-DdSj&f1au&A! zA|~I8|HQ6cHLoW?6=?L#l(tq?D=gVrp%oE#g)-K2RO4)KQDM@Q0o*7sB!}c5KJ~o0 zta`8j=T3GM@a!^d!0&z5hojoC0mT4?!$~#zKP!$it4-SsX)9rTjas6}X^7|%(*YXY z5Mi;3zp#i9Nh?lUDaVE}l5#(l$SFa^M}^=FcO#O@;}POB_qCTsai6vtwV(&`ZpV+I zfzJm&JuM=PI8Cb)u_5X2@s^J?llUyRpB_^<(<>ZZNeNTJ?S~8(fwFNf^C}J z9F7SUYVivyp%YECm^;RBJT0;47MV=z0nD)?oN{d^4}I4Fe&ZoJOi;Hu@k>Ot+OUud z0xOubW277#fHM$6oL#Utm`x*fW{P-Q8S-uF^0U6c9a z#vL=>&(`mTu1;hNDcweWftbLk^^pB?#qaI%WzV!LwdJn%-yr7g>z+$OkX_k3x0g0S zniGxlPx?VCyOHM4-m-jnbb>>29dE>j*g<@D`?DGG$A;m9#VTnzY8{rDUBY+#n&Lus z1H{$re6u;~{07WRb_<>PzFT>W%*q+`PR{{wzRllTqDa&WbtB;Qlnily#P`7Do?WF5 z!}+e?nywAEoS7#c9l?tm>AQ^TvZ(!#^ptJ%LT2o{5EBLMTsx9EjBf93D*HI+*%%g8PN(7 znMS>`D-GIZMR}+4S@93)S$Z1YDtk`VdNt-#Nu9j5K`Xb6t76PRNObUnLBA=Qgw&)q z%8C4sxJ^a(Dk-AAroSAr_@e3+8PAAr}B3g5IuPBc`OwUM}YfKf5r z7}>1Fr^!E33U9I>?rch$4Q<_>cRf!ttESne8v3MN>ACC;-y5=bRw+1{0yPgcEd4-~ zZ>7_A$cE@z<#18$DwZqEX+}Q7b5;Ji%L><*{uGSg)FPzk*r78Yt6|vi&Frh+oMN2C z$bq9T=b7?esDY0+){bVGu(T{x;7$naCoT1={_OOrr7&RE$S30_nG2)4)w6yhs~Wt zwk)5NI<%f9JW*as$jJ@)sVAq!;&U5w`XwfoYgsS&1N{!T&>`Sl4)SnCwwTAHRB5<0 zt#A4)pn9dEJ6TST_5r+hmClmI1S^c%8lCF0%)eCgth>A_fh4%UFv z5CYR!k3Q8jJ~{aWQ-VOAqkoG-10^9LWgfE$r+&FUJkVI^JqG4?8mxm(pE+Bhpqrz) zl~|)t_g^gIV1kwyj7Tmii3G#p7iJ&0z9H66p@K?}}QD4Qv z3p_^4HMsKG;<02r;n^h2Q3;z^s8GwT^EFB^@glXlpw5l4Yh@6k4onwtV8nMV=(ruJ z=ljZTU(ijCy#oi+>yf>6x74E@d%a>9^f8AQy6pX`3>%v&Q)DtOs=c-aZSrnX00hK;M)lLK8!Adt|mPk;n0NPCRm3zjP0MFx(qom{M zdUGL1h+R#>&e%o(q;jklh|!VCi`VQ_N{vI1y;*w;t~6=JDHW*iJ@#u5`qz-QP=6T; zb(jri$n`$INTJN+If%60Z<_Pm+I}#2bw5lMXB|&4aI#Bj&%0fo)*EB)SoqUkI#a!O zl6|f9+laVd!fzIQ>uPsNxwo2){Tae_qDk5IT@5~N6(=?5A%lD4$u0)s_Qbrnt_MQU z?$Ok=itH0R(fC5nq$g|_J{M62WWst?;i*YPbXt>PaZR*@sjfv|vfer$Y6dnHOyE_g z-~;q`X&Uq(QCKHsdgYEP0bad>^U+OVb)T|&P)R{}NZwog$n{?ttA!Rmd6}lN{q#fj z`C%8*hj#_>OvdFx*(B(`NpTR}v!Wge_LBOPNZ>A8lHXgt&I{{74c&{%kVZxqoS(Iu zUR4^H~f$IkN}^O z@O#0z80z=NbyOKjq_d~p?9wwADyun{9WoEXjjR^LlTJzSdAhPK}eW zYY!RQE4WFybwtFFO|>*@(GqE`s)@V)b1t9EsSSS;CkGnPrN7@8!|$Fia>t^Ou>Ibd zc4*o9PQ)!%>d#LXgjzu)3?mt-fZeFyFfbN`gu6DjxH!%arij3zCPP$d!x-K#3@9&3R?6u z5*&9Cb>cU6=8C0C5Fn(Db~54Few-oA^({n&WcZx&N&$qm;dS%z@nk2eQytmZsD)k` zV6rQ4~Cwh%k7b+WIVXd+ybfj<2E`P%uE zv5wK}2E<7>vLC5-+Ts=L5pYn^z_`~{mTj0QWNmSucB9gr;1j?J%Scsx+4Qhw;4!pKxlRtdKrRv%m4 zF{|K}0ie69auY|#(5n>$gl+*X|4QP2vDPkP4$A_$mogPTqMVB1bSU_MWK1!JAMrE| zyhq1<)x|$adG+AATzRz23@Tf^hk-_{1>+yhP|Uva5wF|8t`8GBMUf>i;&NUQRw<+@ zzUE(UZW8^CRK45|lKxn65)fitEQS6!$V}_ee?{d_Tlk-h{3Fy=X4Yh^`2tp=S^Ucb z32nU#O|F_RgNU~B>o6grZqt!rqkvEwFF1NSw-~U)WX^<iRXrbYkhVI(z^qNia+4mgSY;Kc_T`*J! z#*DxKwgQ=eJKXt3q=dDnk#%3H0E4E{pKDHN*nmL~Vi(xXE}Kk6fXSDC>oJ{lDa1M8 ze76=&Y11rO+NFtA9?>P>h3wkJCzEHsHL}A9IR$G{qKvCv@6i+ajqDG9$Vr(_xR5_t z$qfczQiez(pe=1P7{=@O4|yWaRq?+zbaCK+<;`$2LfdXhq<;_fXOrEU}8 zxmdQ7m3G>9-bNoQCGlLB?iqwX$F5Ep54zH>wT30CFtjZ&ej?rw=S+2!lC33`9P^3AlC+&h2)R z$qwQB%YGjI>j{AP#GaUMfNP`|ZZHv^NQP&*-lZ+|r0GDtywiGo9)$@ z$ld)Zmv+bf*<@J;6S5~&Yy>hWh}ie*+G;%IUh?cJtTSb^4<>&{B~WtStufTz#U%Q{ zA(l0s4rOw~e&0fK5w~*dfkxL5>I<7R0y@jPj#$Ghh}~C}djJQxM$!2hfjF4NQ&!tJ zRCR91BZ`;$P0jl+Y2~;Yjlk1~M!SV3+qp8^n0J8mBwUT-Jo^ADVp9;hpcb-q1kv0z zq#zpu@S2f_b=Hm#FP&JoH}(0ae*fLo!1>W7&`v(P-VVzdg~42hn${J~uDSnZzSvaa zwLE6IiyY&^>&@30TFb2cQB6$+cwLDPzECTF>s#NmJu!qtV!b!#;-Ysu5Fx6%}OM|DRF z9{AJ+F!s8(QTH_ELAZmov9veQLh+02LGz@$ijRzGqt9CCy>;QU2V~(#3Fv?mjUsXfms`=)>o2AcS2gD=lZ&qX9;x%fPO5TF38t?(-{b zwyvh|yKm>=3*WNiI#TY$+A>58YpmwhPDBdGU|26^Po|QeB}U$fe&*@IURKUDUr91) zyxmJ%yo35?*%j1OELwl-LQ_QvG_M{EfHzZzh|tYT{3GXNY#HR8L?;c- zi9pmsY6#PpA3GFB+4w|pRkXn1)T7an9KrDbCd;|y(HHP z_}5Z#jiknLU;ELHa9!E$FLg03;XH&k4#3>){AZ*C?8Y`hAL~bcm$zkv0vnL_N`G7% zmmvM2(H`esB58r&s%pWLV`;mQASPXD3*LP0gB;(u2gMUhOp(|fq}`}W(@>_I-4rRMp zkIKJjX2VP@p9Z))Tyt?3Et-yj+YN`3gKDR@9U@an1Sq$P!9g1oXo|l%w(R7*V*l|O z&HObHMoD*Dib?(}xWK1V1@%#v+T~LuK*5wm`GF&*C#t`*I6-4%o$jF7h?fz_2oP>x z=nH)ipPLFes{?_e>}aUyjYq#XPJbt`20MaEC<)IvccnG zw~l9b*=^a6yX#${4`hG{7Sk>}Fe9GiS@=DvdivG_1jOjB%nf z{}D5A9p|e4Qa3{E9`a0%?QFI*WxZ7Za0SUf8&wC$mFv|vSvrilIyYO~dPkEd-0Nrq z`aFW!XNr}1aSPE{ahdUa9fkY``2E6cbZBv82?o~jvPU0>eJ^Mu&wUjcoX(H^p&aUY z1xKxYaH{4zjTqf&o5S?KOUFgrD~v0gV>)B7LG^{uDQZT~PP6OpvJu}TI0rk}=5}hu zU!>XyKSFi^ZoA`Mpa#s*O@0ok+vW96v>R*>g*_ce&6l%Kwj2~Hp9nzB+F@_r_jEx( z4~zY6kJo1j;EnXXV0N$y`f=Oq-WjC>{TNGA$bqjk!uOxlDU&J_j%#su(Nz6i7kvI7 zyDq8J$}ENxQ#vhb$CZ^D;r`-w8FweQRjRdCg=MPhGq!X3ja3)6F4xU8iDB;{)h*xJ zE}g0&XUR&qcGVNYvw6%TCD{kLn&-ABy1POn7n>oG!SA~GFg zsOJxX4HY`6c&W3?F{?wrPJRUJR}YOcK(yu#BW$($@)bhCTN38*sdOR=bPnR zw_kEB;Gr_Se@Jlki4e;xuTg z09Q|q!k?e_`v$qIgOcg#)@RKZFIg)YkM=S!dH;lPt#WPspJB0;^09vrp@NT3iS^AC z^&S@0ynV{WGeuvZ*21r1yTuZXYz0au&++nG9T%P_{15(j5CNeNiVvN|#QW`1cQ#mh zR+g2`R^tXXGaoF|1za+&P|R`sYFNCnkHE~J8sk}IDL1pdkuMt=IDf{9PNA2ViNjS@ zzPf|Fc#A@`EA6-=)s+lJxeB`S>kwJ}Q1E^S`22#RQDtLKB3}geTC{edl#5@pSf$C! z0WmU_Hj^jd%Y-4r-P-EI$AAZgg*TYg8kjA;&XKc!^{l0=z$myjY3lp%7as#<^1Ks4 z(OjFS>J3kqUmk4?Z%n%7`#Wisd}8%YQ_UcEhWeq*x?+)0niIrZeyJlh#jEa?I!g<7 z%skB#YtpG5_=4{}W=^vnBZ^?}Nh26sqFiuOABm>k?6`ImmeKhf02v4@4Z~Lrtcm0@$L&`SZ~sv#RUjX$F`4+oY-KUBMh@_yT_kYV?vR*;_HjW`~utO+;{l z3BD^i-ZsE*t;r$!?8I9`I_rfaN^49y4M1v$W{)v~MVi~dLVbY1ZTk1Zk96HUVa&e@ zEteRGBg!G(Ckn-;*KKhwT+bj1XAy`Dg|`+ulafzggrRp&=Zy#zAXvU0y!P_ch|A@j zg&^*9m}=~%dOq~stgW=nY+%s2ohv_Y>MbW5#Jy3W64E{N;W-bMPYw)$ITgA~ogoKz z6@PE``be=y^`>?Vl+1+|qx116q@b&kF{`8;YQ&$0=vIROhnvpd@r4@h-@if$k{Vq$3`!7qij9 zGfE2ULeO*K%hbKCnBty4Y#0qLJ-*h>JG5Jk=0q1^4dd+jB@ zc1~kGkUoHDcd4cmkIk~w{2%Jvj#u||kAce+f(}Q-?T~8E#d_|Jy|BY@x~K5}d~9&9 zZ=~S2d$q?eH>xGZGly}wOeO~e<=L#^!{>ri@4nQElIu^eqg>6L{7Zr@!qKr58K(+( z?f`^Sq%asV_-j~AA>8{zb}MlZp5u{cyH>TjoII41@2yTjSwZ$uVI5gNC~Lb^I-?Wf>Q^A z%11sDGYazJr{)HZV!uHR@r%NR_zE*ZMD9te`;Q;jk2dH0?_S{c*~KLliPJAsa9`$s z#o6;9OW#x%I&0_y0CDI^Oj%wd*I(j$C(~@sims{+|aI^ zDc+NfK>TB1%*+Ps8XNLBL><}YiYGc5v{*Yt7x9p^g7)DAeIHh#9L0-jeJo>9Z85Ct z|05&Mjso6ci+r;wa*g4i>e(r0Fr#6;tOqf)fS5Q(!t3kjUoHdT``_J7(5EAUgJyat zp|{ssLjb}xMC|obGF6jE5gQ8BZYbIw_rT|i=XmSHjU+dN&o;t%n6MkKd}$qKW}DBA z?Z#%EG+F4peZ66|K04_Hp&t2)p!>mm9TLjoL4!UJwXa`_oSHf{6U(iSPH| zk5=ewK&wW6;u}n2drV@E%$OKdVCfI##uAUv1jI4-f5s^9Ld`Yq^>W^kX))(@tEvIg z`+F1#033>SYDnEQd=?QB*BAMGluk{OEZLg_mFpdc+2N%P1wzK^6}8H+ zI806lf`vo34eMC7P-6$QwbvPAa6>Zpo|9pm7SwN7U8`L1<%?CwX};g(h0fR??{k>^ z)2U87K^4X(n#^!Ep%^8-@0hk6iAH5}#P8nZH90NGx$s-LmN0)nL=fBCy-eGsHA`Yv zZVC|E*b4gtmU`5c2c37&q58eXj%P{0e+w0lJ}6)4mO-Oy>p`9Jvo3gk^t+};5QEr6 zsd+Lc77E}MV6Q~(A9#HJ^4-S9#$)Y$>Pi>weY3ch-AW-@HYE08C;P0)<8*lmUTk93 zp(42kkLI;@XTst~X?Q#IvoBWMhp>;lE>Z`{j6Rhk>-b!!y#Mg*rX^ z$LQZRqV81R>k$Z$p=iN!5-DEq>pGKiX>-}Tk6-fG-;w{YNGX5iS$@jxz2^$^(B zOI-!ubo-C|6|#F51k50?^^F4Q$GgWk0lwJXNP<&!+Dn8`N5|8J^p7gOHu5jcR~WJB z8L$B=V$N9F6_EMprU$SV=wQShih0Jz^HuRvUg5i)VbIc@JDxKHKkn45oH4k5t>1w< z4wCRHL%`h@sr&3}@J_4hL;%hm)FU2j0-?#J+9q4~=)*cft+{s+{>LzzU_guVafjoa zT~W&&zxcL)wOZ-nHdb}<@?wb#`#F+01zU5*H3Or?q}D6q36%>Z2oac*sjv!b~N|NgLU?W^~UjQWGtn`G;P3zr0+}rs~#T0y;Ijs z5sjx|Tn1<}*VOQH5^XhGfRVY~f`u(d#9ghZfUtSIvQlPIYmaD$?}uA*J-FM~m2Z{| z#-4mLSI$>iHZW~@i1nV-X`b8!>}@+y@mbsO34X~_2ZrcRq+>GxXRMam-cv}ff35hs zwwEE=+Z@tnm4O^D6GoIodH?6V*M({O!~6z&hAqnDez|IgihGgv)V78#>Q-$(49BiN)y1d!FF0Y-a$nF~;a3A{ zEEQ~Vus)_^bQ)>BD#wRkNcy#aTd#m8yBuywO9&SW6~rPN`+ZW;T#zi^)-{Q9GKNLU z`R9<&xK!f@G_+~uRiGke7L4q6u>q&Vfp1~V8O~2P;on|DZY+q1%z1%=1Ha)f8f-O9gaNn? z72QVi9vRauX#HlBeY`bCJr-##R?}C@J(@DsxZRemmj4Tk6N#z*`N~n+Nf4>lJ6!oE ze3H~GN8bD^$6Nuq)mF~_0RbVn4z$raOE-qxla7K}ym&dr{n4o!t!$F0evhX@P+O@v zAKH!4b-(AX`PU9ln$3ro_UgT@mR?K33v#E;&@1cmvlW3m&i(TlvRSH!yqLN&aIg2! zSG`y{3~jwSRfDTv=}%#_^;TaR-p$#1FPc?3%-#!fJG9MBil?*E4iNwYuQ9ALLnwz4 zPi#f!bUuSC^=l2=s#2~$mw}1OK8NWXP>M!NT0K>zuP)xuTpgXiZHM=EjI{r4W|xCG z=)uI>bgqu-R224E4%TP&X2fU3(v?y;RDR>eYDzY)5hV&j95k`ni6g2n80oiS(&{U+ z-EQDvU?+*u6OB|2kvZ1jozn{b2{no4Wp6S=TQXy>+{}5%+w!jxOUAx?C}J=FG*5Q$ zHsFgf4W3DjCY_jB<(%=(lkG>oG&wzKHBjS*TAXP&*?-(y z8M^u_5KvO<(*9$hd&RMH9+FaTrP6%9d)O1U?sH=RYiaTGZnNYvIWQM67r&9uTKvQ# zS%;ug%TtFVX{{UYRuHPIT9S z@IqzhOV(3o3+r}h*|9^OZ0UT3)`~{r@zN8@ z)rl{K1W#B6nea&Ot-W_z9Xn;*4|T@yl|^30wZ*>+B|SfA^TBX;R|SfVHyX3k!&;`G z?>x5eX&_i{RGVhE!=otXVu<4^PvqJA^L64<9c%ztx%)l}e+}hFO zsK&*RkBl`3Ppt1rv=G>@n2AKRMa6^7<6sD_J)sp(rkeO|(}IH-g*I+kgx&<+E-3^E zsn~PaTo}VqrN)KEw(dHw4kcD;(uSSE*hVkp|dXebPzl_n_-2R(B+RJ?{X{^I40mw@W-O?_PC*;37gzw8`K z8Wfql*vYfsDD@b>T)0T6)@fHR`;?6HB9a1LMFx-I+#wj%$pfVdsLKx1pl8FUbhCig zg~d`XQ90eFs`K^)Z@tj@?GI2}#EvsKbv@>~$#`e35C)ZbIUFE3k=3;-ZmusujNktJ zLUMV*+AdocC*uW8juiCTY<65lbhDW%%QSMi!EqEG$PxRHjTrJO~bZ!c2zI$IG=5IBK5o=XL$d><($l2J4@MHvkPlmBq9kEY}4F}Urx}-XV6d@-y%c(Y_ZFZ)wIsSNRFhjXmed^LPG5-Pe{HAFE-@;OL&$7z^6Fd zyA#$>OVwpH@yALo9NVqNelN;$zSU0Xu>4kA#gr@Ty`W#gcp5_#8Ue~=$J?V|$zr+^ zc6nFHSD!nHJa;6ttj-4*ko%_#fM;_cATS=cYDd1y1A5w@OY$bM;1)e-h;Fp7mziWs3ADNW3;~_?V6WO$B{RlQ70yr-|CAeh0|xgT$C(sC(>~?zVSvUtiE|lXU-4G<$AemZ}RH7dy>r}U^9H_me z5!Guyc5-{zbYRG>v5mxPc>%T@sty??Q@E0 zz0ji@Hj1Tew67D#bZXnfonte)iXao%XYqMNlpt;h^+Pbb{#!Vac5Jo^2igf?SWW@^ zT!S8B#=v+%uJeOzghWljAftB_@=gKpj33It#!E%m9{gXS=lKcvecv6aa;HVGuMm78CUcb~9NeQ68><)H=n~S33mHp^uhMUKY&^z-X7jUX(T)bz zmM(vX!gE;e!vuEOwVT79N&L^~Pzo>$kvwgG>Gwf8Ek}}@bW8%)_p0GRt{(eo)=U2f z073u0NhkI4e&jdcR+~0$H3zHXpr@CXZ4e0Ob$GB{bm^5gf8Jc@y*6#yId2V;d@WnL z)W;DvBV2KHUrS0(@$qTOr9cS7T#bfBufgVPgOBOSj#x@OIZtgvUm#0_cW%?ps^))HBaIUplUa({-ePv>7v|NT-z7#?^jK6T-#baN})m zfEhP-w2e?1lozfoLS2P!X`y*D<1Ikk*I$0>pmO6T%{6zp!4@o-Z=Zeoq3f9QFT7md zh>d*g#d~*z=z;ztiUo57%DMi=TO8ngoN4>2OoVX-uO|vu$0du-v97(uRY$t^b?-cK?*i5 zvZiC*)UYAzrV&~{U841*HpS@Zns2}P()o}z3w(0Uc^A27Et{rBj{L#KYYbpRPsj(m zl4+;Yyq7}jH*4O)%SA2+eE+oo&J3-cj312a9W1c%lp5HZ#)bX*1xfSCHYif7^J-$wI1kj3iI3cnDsb^|T9wND6a~wS4 z^=j5a<48$k9{bJLpSjMs^R9<{Jl!E)yyf;kId9N@!n8BKaD9#5@1nUMYdGfg^A&o0 z(17n;o)`k^Ian79C&XdS)YzoH{i+PR)0;=ycTfyq~51WH`dj);ZCvr0-wZ_-$$PQuCmx%WDMXPhw$5jNRGd~9)u2rkHeWy7$o2O`h$a}H%kG@9~ zh$s+IAfiA-frtVT1tJPW6o@GB+oC`O0O#p%KnoV=!-fsDX3d(pp&ySmjLiVG&9x|= zJY}*ko{v8I7++{_Sii=Ni!9UuLNNZ;md6OKqT_uhTeK6?LEyYS-c?bOrH^11>hG!ihv;{N&Pp7g~&hSy}(bDg~PSXei0+FafO zRqcs?-y`GA4Sp{*b(X#K+|zc=^*33kPF;NQJ!s%SyYo+Xxn~DEsM+aUUv0qq=+A%b zD?s)*(V(^39e5iP){Gs@t=qQu#qXejUkfxYuX9JcYFBhk-whs~w;2M!fYTU~tINxR z&|#dLg#j#CATq|akL9`e^b?QU-S_;{x^?T}G{d-n5x-vj2KLYc_qZ2Hb1lxf#u;0L zE-Y0_U|G#t_Q*r`IWPv@d5?UTi>8F-I{KJyGPsqnXP$Y|{&Lsf+=C2b73~Bpr|%Xn zT;TP?(dE}d2{K#g#di9;}@GeG{kZC-H{&x4D?dF?r6JUC-%QRu-lai8sW61yh_o9HD zxhl89t}-ucJ7-g0f5R;@jvncTUdpR4JyN4qExYN)YwenAlNBPeo#%xYyq77y$Dq~k zrt4%Rz92^rp-Ws3sZQvdo3Fpv>jFE2j;C+%FpjZ6U?z469t_V|CEb|4nr3Mkh| z_Y?K(@A};!S?($MZl!k<9Z;iP0J?aOJoD6}ZqTAV(1XNx{qGwxuDR|e*D;%<>$rUw@$uHp{%t7;B@HO98^5Kr_N*Pn|l&!JD4PAFpv~zJvP6 zZny5;1v)O)Caj6#r|#;@pkKpWkQX-a5O$KWB&A*h-3mZY#xZ2%=_el%50~@^5w!$j z0Z1SR^esSs|99VT&@?s_DPZx!d9!>hY2CW5jPQxh4{RC%l-{feBbDWKPyHEp;j70U zeb`=j=~bU!Fiw(?C!YW7oqg@%%WtwX&OFC?6R-OEof|k%^!&3=`uK%>z$3LZzlfhH z4|ehPZMXl~^8k!u%tL;NF!IoY_gUYYZ})MY@vd@Zor^4bt(C`o?ZhN6JNyIhBM-pkH0dg$;{74~zm*sHjIg{n#7_-~0SH zYomi%fHDgg$a_xw*tv5Tm&Gw-MqBURr?>}TSSWnO<{CWiD^+eMzHey_)bGsC06LMs zByE~}{<$XKnPuYzWxo94Grn;UK0;=he^OU;I`6;pc5(aW%MX2QV50^ec%1*+ z_2_Q4MR~pa(hGLaz4vLX>+Z5mM29Bgb2ga~?wIp@!+Ig>j6d}?W;4dJiHLu+r;6s_ z)g=GO0y4u~^R3rk)CQ&=0*kJ2dNXHd&cWEqeE-YO-}g4LS%UhrfeYQhd=>pLTAR06 zTjc61&0nMkku5f2F`fZX4b|q7OE0@hvU{WeybS5sX^NuoUu&YxGSCuPMV|o9-h0p8 zcEe4#`Nm1w!X`L2z8>4Xk3zIx=5vl<&Yq%mM@xI;-~Un_syTf)>-OoVp0GQ9f2Z~8 z-N)Hulg^GthcKUd_UXr6|G*!Bc<>#dC~ac1O4iF+@;F}Lp8nglUUKFPnXG_)9)aK} z0ZKwcB2Kkz+0r-VO`fdiP2w}wH_gN=leJ-w$xG)hT@|W7I183{neM>Pa|Nc>y;k!a z&Hd^ogLZC8*5Vl*7GmCO!EuYp4(im$cHiP$^Sg8deyQk zH7}%J*9g32yhYBw{GzHo`pCn+S%MA6&<|N)VSd;Qt+9yM+S@h zPFlpTUb|I>n4WI5{_N9_?6M1c%WHO=dpOirn5k~vkM{-otXVUy-;Gz;>#x0{I&aaL zm))$k!qXDkj&=afY*!svG?VahY}Txa8*u>4Y2RsmPSo!5G5*Xcr=I6Vc^01RY=7&` zSM5KKJ(%rzyj-Al9T~V1+~^LVv|!#`8zb*u!dZul?4bQec(}^$Jx*{#0G_uuTzj#7 z{@EwK$i--PWXGedW5+J)k4-YZJ!g0P?nZg^r8>yctM_RF=T-)W2hr^l8KM7v_np3L z9YFucj-9RV4c7#quju>VSDv@K{_;ns7lu3XtdUUB0XP=b^w+KZuF=9eEvG*K=c82E zC?ID3fA-D-Fzagl<3~aiq3DdVuVHgKqI^$5O%LVy&uu#7)q8X!tcI&ZZ()Evit_dv6m>+8_mK zs%zS`iP0m{F>VkJKKIPy?hPqSiAKf2;5M7 zOYqBd=x>{%oH#3xl&HpQ zuF(mNnYpAM6rGPhdcPYtW`s8X)W1#R+2l?=^)#Km+{hw@o|QukX+lw^q0l_z>~mE2 zMxz_d$9q!9|M!&_%y5jN%%`_i8u*AZ0h&vS+~!BLG9&ehWy_?PzTds2F=LR$A*MyE zR;HvQdXx2p?k-To2X*3*vrTl*I!U7{9zwhUjA#~|dr&~Xs=mA=W#)3Vfiq1Doju3e z5}nxROBuOD2QiMJ%)|H$4L(weNTNJH@7=>)d$rC!6feP8eng8SZJwa9Y`ku}^8qvd z5;6VklMiG?Z22C={tYw0Il0Uiju?IVd}X+ba}!a#PdxUhd-|zI1w)&RPXasOB!vsl(q2YP^kY9 zDRYS!1fGD48?U=U=UuYqi|b5dB8bmC<0Kh-x~h-qQtlUZk3Dj?Ig!y1#@gwF*W_q&p1~&3VWbm%Lb!l| z0h!=X?RPLjQ=kRN5xshSD!yIMU@^!-_CV%bK|{!fz?rY4EC-HXdht2eru`{$2y120 zVfWsBvvBGdWgeL#Ii`-HlFo5NJ%TeRwb?q=R8%1b^%;uFpEzlX8J?NDw7GNLr5Bwk z#dsgBYeD0;iIq8q;#Z{`p6ven>WhZ2obQMe9g&?s$;b^o31^$q4s{VV_Q*r`SeAtP zjapj!QCeZ+iv9CH&4337pEjM1GxOiGXK(l96AxRaf@#yH87{u@)_VrO^XAQSZ@mEx zUSar3qjJ^BYMXU|wjw7Z*CN;5dUHoRhdoXajV%=g2ac_l3`fe~lTYj*8ShQKztbET zs0+A{!t4&g4733_BOR=nAK*LiLcO<$zfJgYtmNnlX2?Zmq)*U? zF{6KQ;OnrVLo9L~9NMscjS&)X-O~_n{2>~?S+iz#CNOgY?|S5+yDcgZLsz55a+f|oOa4_;*CF;5xa$G&BG7fXHm4^7!iE8$QcSFG){-msf;Bn-BIm37#-of;eVgj z!RQj_owt$0hKl>0c&G&#JP zIjN4Gt>bT-MV&m*I#q7gGVP-t>)UbKUT1_ zT>B}qapbo(xas;UlsbB@=Aeu@eXLSe5AH?4imLK#LC#~I-gxb0MSIRPV`tZH-EEIK zapDBYbU!HrRd@IFORw4fgQ!xRAOeg7bA^k@`NH_iPLq{hc>XE(nrP&D$y@9pk7#+6 z?ICd*=-sos(N40$K*Md1xpblCESqOBdB8%+Ql)K8M*lF%Jt`X7@yc^;|Af;G&ObQ$ z;B-Y~>xUn_WBWcLfUAnWpK|)Sa$;C-^)UIpd-ZVl+;y|YIKvFc?T$XyGNITwGWiN) z0It_*d?%jrZ=IdpK(hEklNoW;z-UVLthR02n!HH{iwEwz!`*iCRf6T^ws)-pKI#`9aYYU4^Ame1Z3+L(-R`z_bH0sZ@EDGoB(_~XtWS%wYzGO6}Nv5x)IXFw2mP=2>_`!e_I zx&iLj^~wgdaex~;exUnq&~N{yNPdgT(_wZ3{R_YM_9y#j+C_Kf+uA+m?CZYl?Xmq6 z>thY}#yUjn;5#s2@Ru#7T07x7pIPrjo)7oKTxUHKF68mgpo3T{y@uiCw}adW$!@vf zDAyK<@8cv7-o(njpMkxhX9gyta2a5h&uEEWkKW_m?0Y)mLcb|F>y6fxm%p=bn4vwQ z!MJppLnWu}4&K>=GIsDJ6hH3pEB5(Mnt=lqrvJ|(dkdnii*9*D*4SxUz`=nFdo3`0tXV~#WL;Ct`6 z!_utQS47?WAABrDe`(tY^A2Ze65&K0(SouYfLRm#B%MU*6 zVgw2$Dp9kioN}rn1&WyxwLvWgV1D9@+Jz{Tcu@!~~_ zQ4W+*X=6e(sN z>=G6pLMmf3a`EXR*P~b0t1B`5qZ!k6O;50IBYaAQ$veUoYaLpPikt; z6(o9xl$G?0^v`oen+g^zp#G)1FMIaT8HW{hHsYyfxQ50s&-69B$Ox`9ut|#Oz(7xW z%8BEKySfdJkWu_)!(Y~{m-@_^dYnf|BqK&x=pWHtQNb>|UjL1I(0tM#MkM4ipXb@@o-h02ZtrKIWlkM8Ix0H(+Qf!j4kn`1hC~|b9XzLuM%S8c6 zAD|~hZec)s=JESna~YPo9xK0{0SrID7i(IfLV1@`v%dIke&auf%NYpcFT5KgJO#Y| z?LIX-f*c${;oGbGhjxx7MvE#{P~uiLLuXM%(%~%hj?NN>R|605>g@E20HZ;?I)#Ci zsKI;&_tON|Gj*Od(cJLxxoLCsd#)L9w{LG{G-j55lV-K0oWmYa6clOC;d`t(Ps+!s${3LDKJV3Cb<7i8^8I0)^lR0c%`Pb^$#91$%AJRhud+l31sCj96txuc~;Jk_q-NaxAE zB0RlJnHi2&HiNUx=!2|tsFZZuWrUz_;1~tGr>?ID^fj7NsdAFt|2@3UZOpN2d!B)? z5ypTUFL^kB0Yxeb-is6|?2_e35Fb~;A{SAnQjkZ1{hWpML&gHuf#v>vdut6h>3EMZ zJ|b1TbM%-oMn8cI&hjp)l&T;Ze1+&XKIu;={N|{WzI}R{5t@j^k2-ZVXBuFK)Tw+P ztSI1Bt5&*xU-cF&{VeB;p^84NZ_$K5|Gd@s9MSgQ4D{)Eab_Tzy__5uE5ubXT+0MK z1HphN$erK`X{x(^(nSsuN4O7Uv?ekZgVv8@M>?`T&@bcwBJkm}&>+eV;jsP}F3Gth zb5PXHo*=neqKgyXCesf`7bMDwlXUBcH#@?j1yk!ZHJHbUI84VpELyzWjLl>sK*lL_ zNMY5ztHGR>3QLxlK7Fb=Zs1_m?1(lNiJT@{HFD%Acg9)gS_Cf9$?R9aDR8i`#@VcS zTU$fAN-FBHqlZ~$A2R8XHGu3TA9v|)5zPJjekq5YFD)Ai&lA;Kt4;&auu^6m{&rA5 zMQ0aM#+8w_7RXM>M+GDwF=pt*)M+#1JUid^7|0ObiNLr4Rp$Mou7VE~4E^w}#3~7y z@Lbe>SE*ddl`mJ;;M!-q;AzI_i+2R}Fh5Dr)>9{q6My*0oP8TLYGRSC&p-c+DQN4; z;o>V2H>kNK9yWsK>O6u=8P1gS*-F0$(V=<__T(l?R-xTd%Q2 z(od2MJ8Ij{KHv`J>IO@Y08>4&kWZ=-n7ay{{ipGUXUbNntqH^ zmV<8wbayrDG&2X4a^=d)$ymn}RJzcdG)D~kUQxwG{&?+C zrzpxEe%emX&g?4>5r{DF6vh+z{8r@fisawfk5 zC%oe|c^!MMH()3Zhi9pE?j02rWg1M6ZG@hD;IF4bs*xzxZQtXbU(6K3M;)k{$V^PzU=g_WscI07G^& z5C4Nh^&#r_d>M6*myY_@n{SoQ$2(^+4~90GU@oJ=@i-yLx1pnQ55ILYIMaYDnFNM60-lFLkfC4&lceJ^_})@Wb!$$>jJt1DyLOxzGRq>)M9)VxN0y z2DCf`1hGoMe!z=dYv-W@0OoV+d&~fwV^*RI9oCd<;X2psdZr-BudJ_`b%EeQWkYlb zL&;JVrQ|Jagcd>q(d~H6b#^W-1bLyN(C}tPxdJR1;pIziMc3&IijRs?LLH*0vY?DJ zqljvNnWI3%d!JNR5ETrYe3DKMrPi#OtKF&8=p}NR zC?lgq!VxoQs~!X!gd_w^Up!qbsHhhD2+b-k0~QK*zlrd;Z{uR_)v4sv8vZQq(ABIp z$*fZK(0A~YKJplKRfzY-Db5pIsXkI}zV#j{mg`yMF?0=QAI{E$uF&S53eORd$#_Vc z%Os+Vz2L%&b>{okww4(gixfe<#FUiOiGa*pGLHoc9BgY&ls3lSj79UTU7q6)MJPt_ z)6P0yhTzFo2ekQ*^leXl|3}?tscg|%0*pZcD1bQspC50y?qMU_qPuALPXH^}N?gw$6^z9jHCrU%8i z!H*OZ7+r}1_L&O2CoA=*)~sQD$qmkeY{4h6zfE|WRJEFGd-O@l_A%1q8)J|$mQ5h| zw^YVz95)s(US#7W+L6foc1Is)84rl2o;YEwORZhol!440b(btvRyg8Q|1l1XNB7?U zq>YoTEXYa7D{*l}%y?my>mNVMeEM%Vpm2V$=hH-C$I9NHfo!=aC;YRXx#9x=nX_ar zo|fBWR2(*N1OOgbQE&q%M$VPRslaHf6vQ|}!B@8HJ_f^R0Y)-pe7XF}>*Wm9#v&?7 zOU=32#f3{0jG)v{KfPl_QKQfNW;`CM{CyO|@IU%w{nGsaYyLTE%q||^p$&?fm;VXI z;N{DgSR^GdeVO`2dT3+ zo-KJE+%H(LkmQKs)~B!*249&S#uykMSH}8Ae;8D*u$K9JUi|Rm+O=m4W!G_Jt(b8$ z=m1?Gb~#sQk16;k!kbAmxzuX#{{%RI zX5MtmU8WGjVRmuGB6Co}smIH*{(1ObsnYS8G}ap_?G8Yu!hW-ejLhtN!+w%mw&wQ4 zZ~p;rH6nw9auqA--9s%Jn0GiwmtzZX$|52hI>6c5Md_FNV!Tx2vbj|)2WwxPRWwQL zJ((9A6LFk`@3C)1Za`@n`o;U;diCUpJeWDxS@mUp$;LU=t2r)Jrjp6#(3v%>R~erL zAB=7YH*iXU|3Viiw3#_whP&m9sg&w$`}hh*sj#az)k9hE^~qx*TwI#;YpOINtWBzNdR^X23OlgpMFIAUz; z)@|;iE}dM>lp4l!z?qC?GR(@c0y=?Q0B!}k2rj}8!Iz+v=U%|Qg2D|7I1e*q-)FP} z9L&TajK5?6IlO5zH%Brn*$ljck;hWn49{k0A5caPUEJq7ZH2%Q`a<2g72fAL`sFhU zc>NiDqA;e=2KD%Be!oDSv=go~4_phsc`xXyY~04{t&08n5B;KqIoaj6?gbhc?(=MT zCb##v#+Y$P67{ppGl9->&x$GyHUD0{+^dpUO>4c@oc1}&EiS&Y@d@}$s0%#}avaM9 z%|&+GAO|35GJCeLZotCImCKYlB91{=Cbc~p5PU29^+qS(N8fUvCjiHo|6(T#C-@|!1 z3Yb)xF5Y9 zt>dqL&)i-7)oKp>_rtHomHz=%K$n>z~Q|}ws~jctV!^U z%zK0-RZX^3$D1~;wFq6_U$k((t6#s76gl}_mybVmmtA^+c}(*jj1a;LA)zl>fAYG9 zC;x z)YJdvo__W}ma>ZtK9K3 z7=Az$7|S(RU*;~q^g>H#$M03z01M=^`ipXcxx_d-T@h|8l&+N&nw%{~A12F#9cBbF zp%7xMj2+>LHdZN(D+Z>~83jK-vDHQcyy z0VYjrD9jtthcG^MEURzahbj2E^-t@ztuJdbKYg|_NQ_-awL4b*`B`UVwYC&vj425I zp`F<0fieT0AcKcE3{Zew;BCUV={jd^s(Asi#=0W`X`Mauo6Uw`hsYXWiwz-XTu+=h zN%&sJ&g81jp-=_A4?(ZM_$`biti zPxgHIGuDfjEFH>1=&_dV+Fy7yt7Z|dg;x<#61QonDOz{(u?HD)d} zw;;btv^{>K$YecOV~lg821N13SU9g314Zv%-QC3(o@43kZBwZCX3d-|0eYR*F<#N% z4c(9-Lv)_&*+#$4JWCNGKM_4%(9ZoEtY|JG#ZJ~)dt?@X4*QLl?-Tuq6|IeUZ$7~m zv$AyQGULyz;TEMfo-!lN&73yD))X&h3V59xo%TYR=clX>XF1Q3;k~ZTA>`g-DSC(s zBuy%7bN+e%lEL*m!Hnl^-nqf^=777jgYrAT51$l+XMKmq```W(BW+#51?TronKIG+ z`>a#lJ8!;X&+{DVns2)GcFW4qxzl^@q!W&I9EAX!aBlIu^hN5cL^<^r*=3u^)lwPB zh}4=lZ?3!Q%1hjpI=>NxJ~RcV0}!8nA;Vy}rQoQLH3q>W_yt|!IdEjSqL{{x<}CC? zck-!cxTVY2m@yoD$KU`>yZo{XEvla}t<~lzxmuD%_R}trPi!7Z%e!Xva&s_avqTge z(Vb(*j&)5BKf;U@8#in;IzsApQn;V0)W6qVd!_MVoVUFE6L@x*Pp=f<9<&&q9xMA` z1_V35{DL>S_kLcoWT~4xJ{L==T4?4)aU>M8B z@oag6^G6rzywG%|uf^G{p6DNGai>n52|hjVAgt1fd_2+whHLgBMWk=rOm zX^*}_gGjM`dB;2Kc#AK;=qZ}jL0Nl-N^w%cXe+6Nc@|tIl|4L=vs;mwkl%@phR-4+ z(FVoSD@EKWLY(jX=^vXHdmyj>gRrH-TEmYhVUM|7P5|sNiQEPbmakaprp=tACj{T( zC!2l(&N3^|w}J;t;UGE(oFMycRR$W)cCK6{(du5Dkztu;xZnAs_ib-BS4uASM8GUg z69H#XUSJ>vcaxJ-%ve7!ZLT}xv=iM8*LTc>OV-!Jx5+_rK&ntNLGNrbxlLU%_ye}U ztN8c?!FqkeWsV~OpGX+V!H>zLY5QRN8<79dazXe%~l`7rt2|gGz&cevyNmY|AYIcI;SzwIx+8K&^;=KS* z^wIATGyA9d4%YmH`3m@h!x9c*@HXa+>{ZjJj&~ieyIHc`^Wx1ZrWC~?33+1NxF6MK z0~rU(n*m|o-023pUM^4?{H;G3Ukh@Ara~=e!#Vu}0<53#fw~u$ftY7G!>oUw;a>-@x zvP-Vi-}&zH8#;?W@umfG=siTd0a}@sKF`gU z6BTEX78D&r4n_CGF+*wd=V`ya$#9BvwM*ofh`d2rDZJsC<#N`TtNkW2BkiOrQx^`O z&>Hk=95XUUv~Xd@BBK!-H*HjAz#=+|=|R!g`r2zuGY1)>h2~4IM}G+LFnS`~jTZ0` zx=)+bOP!%l0asV9TIFWXRkk3>ycFmfbQ5Fr8p$2$niJ>~`_?&*xpgGy0Y}4(>zWp~H*~nizeK>tr}2pkw34_4cga z6Zlqe&dz?`8ydME>gAIc`b%AvDkaKMJVDuKN||#h zhA`xkQqozHF$Jd~oKA7rr{I`~5g3Oa)+?;9?_FN{*Y9JIwI+-m?HV_3Vlv4k7oFp} zckeE_Z<%}Mxu+!WUF0sk<_g2p%Pzmr@Dvy$v(uuqxgOTUZh+DC3NRwm4YYlcotj+7Z*uhW-Y-D)+cWjoFx76kD*`D z-+V`2;4>7DAKNo=z{4tZ0{8_^fqmqo%2leGOw18*QGBAFP;c1FbB%ZTqaI+8QZcTQ z9MB7DE;m?xWZ}fPnWRrL2BN12W)tNU!4Zw<yuZR#{v)&g7~qE^(J#c7b610(Yr&4p&}&v3ugF z#{{p+xT4H0Yjn&Cd}+4m@1^2j7o2yY8#2OYNyIp8ds@ky(C8)l&5+85L`v=Y)Dm)1EoAnC33S48~3SNN&I1J$k5omnC#jwW< z{p5PUX^+=_?+QF}oj>TB@p84#GvIR+r$b$P>+`o7nY~r>0aOnYj<8X!TB3P>oP5gZ z?%L~bk)pG*Mfx0dR9i*pG!juvvUE?aTeoz_9MeI9LQ!LMRVv5ZW;{A%6vHeaO4_^b zd04l0nqp+jL+I1yEfi5e(Xla8D3W)fh&Jbc z;i-jUj7=?q6yEm3h7NIfuUvT1WfoaLo8{%nNIJHcUw*+-aN*g1t_W3!4#(M9x&Rx- zQKHZ=@HCazW0$U<+4zV=CZ*KeIWt{drKuV>_6LikfWTv5nW*%twdyvr`8`r^dK)8NPTwkJ zT)fgpGq3!aK&N?QGtWFi)G6Ha^Xh#fNCQknGyP4UpJ8dqjymdS_pg7StMt)l7y-95 zY=RwAzFRG^e-4Zp@UR8`lrLAp&g?>&dd_(l>nuJt1d2Ae{xTEdNj**q^$Ubs&6+hg zSVp)-Q4CIp0u6yFK=f7;DCTxp;$y}Y9-$@H4R z-JH4e4CXg(Tw}BZMQz67720@IF{4K{!Twuse;|RZlx;d-CPd4i5rR39s`i!FKhm{> zZ48{d*1LC4ci;UFS)Yiszwf~(tj`#lGDL?4^#9x)cf#pF{f~=U;l$#?HCmb3}6n^zGsPea_|Ti*QzW3R9#{&;oFj?fytNC{5?#rjYB@^-J4)u$kw~-8r*oXd}JO`th*QCVk~^{(>cz zk)gve#~U0$^D)vhSF_~2QeUt~Tcl=u`l-k5ykeA-*Is{{d;PyJm|~Z{@fRyz0Saso zMa{gOamMK~G^C1G7c-CLD=t3Q914iiWrKQE#~Uo7X}q#x6f5Grh{IemqX^vK5NGUO zuP7s;4J&H>FmMbT`mL=g@<9{vt2f_%-wgTi1>j`a()s#Zpni~&c$>j^(W0f?@|Eii zep&w@(8FsCzA||Z*YQLpCGB!;3^?K-Ik~#Efk6j8j4}ycT~?d1w(_{fFm~SgmzbiT z@e@Ha1>^#XL^pkPGt6zTM5p#lQD4F4jr=E3>+;^wR28|juai8_HL}^i=z*>X*xw9t9;i9C;m}FRho?`%7Baim@gal<~=;$uG_zG>*;*Cc`%YkXy z1YXWQ=X`h4$)^b>;|)H?j2>kQy+9+5JN`tSMSP@1uY-@IhsXE^E+dcg9P%RdV(b|> zaG)G`&J-VN;%>X+KEsK`#3Z99(EHV^SK7Q>AvyIDWsQLEF(34Wf`J*FfM4LaIsE$} zmH`92D56J3NuEg1-sHrSPSx=zO-v~c{lY0^>GHM4%Zy*CPIXs?WYQ7}PxSu0^o42x z!!UabZ_tB>R!gZTxx0v^fld|AFQXKgVC>mk38AscanV7Vys5D>ug|^shSs-$@rhZpX1LEk z?`3iu>v8;vr?^&%IFA?n<9x?F0tdkDmdzUs4-Pq`h!n2N%!v)>Vd{MQoe$-(TU>RP zvuBud;1s!;wY~k$`|LV09$7KiYaQOKrSVc62U$zxX7-IZK(ePqVM6<1Ex{k^MXvou z$73{8Ds#@gfAjrbx?WID0SP*Tdz9@{Q8=Tdd`ta;wjg7HCq%_BU%p7VyFqi7ARc(D z;S@X@Ls7_NMFtG`%+0snWoOyr$bXU?4Mwn?G4WsBdF z=QkNqXI|_4=@zYywAAo--TRQiH+%7gQgoBbcBJ;;9RJd;eFrbq*CyFJ8LZ zct3oL{rtAAQVL4OM6PFkev7os%s*aOIKT+_GSKqdZ zp|)tz($dBw3m^kcpD|tfyLflB_I}W^AH~a-Xz##&1o}jQZn8gQ{|JraZ1#3-+xtF^ z{=sM_2C|llen#(zp<^KBMvNS0P9!I2ABpqI)M-<#U1Z*qPCVI+ zlmux^(e;wr(*(X_9r-)|5l3Jgr{s9aOmn z-@+-0vTWI6)5GCl1O4NKputy&LD( zj~_oueJpIWnd_@HHuzqdvK1sF&9(l}ue@GZC*RLQ490-x8q&9NtRH$Y9QB!t3}t)+ zrn8J38X68sty;7;S)Gwqsa(a)o-<4GVVc!R>fB?FKGx=big@vyv^lQ2oHUzPIYRX< zaz~3tBKwXOE}tma#wZOAATwf2t0A5FsfxlxuQXCJF!;waI2^Kv*x!YDLmn-wKm=eN z9Ubt7Ar%Kl^xH(%7LoG+-`NLPb|JwS&UG9!1wA3MoD6$J=Kdr(onR?oi~51Lq@)yk zexG_#$DHJ3 z8P&xXW=bA!(zvNP;FDnj{pSyoX>mY8Q2`8}b^2K*drzJ+$@mp?8yirp{QWb4jR<)h zoC*62aMN^z(r3X-R*46}W6;YXzk}a6BJsT8xNu{`#&zNiYYZ2-jw1y+wGDy|@D@i9 z_zn05Z$n;(Z{QpQj0CwKnnD!vzOXaJ48Wkj7#RqSm)D?y{Y)r4?zrO&@PPjs6(pCtW@;19S~-wwbF5KaO*Qq>xxEMHGqx6jcZpv`@;}mGZb} zb3p1BkN}T)6Evh~jH_7MggWjoCjzBbs(bUb=iEa5Cb|=)A zg78{BrH<>_qpNxKUU0z$275#Z9h-^&jEX3Yv(G-qgdrk4*?{2r2}AHjse2{Rf$s>! zL%)~dv}P?M=o7SQ1eY2&Zsb1i-NT)@{WMcVA_?Lv>Dg9~&q1h19O3Q0A<2 zyyr;G3A3Z#eto}iZA6psmK>x2KMB&xD z(fWlFm~#f9br_MrZT=p6{3$c~qKKz32W)gPGQ9WB>+aOk{$)mS#{b=SgLNKcZ^M0} zk=iR2EsUFURWWjN4jk=ivW!lk7${e!sODmk1a1t%1xy%Vd>F4tLx}MgLjZI

nc= z7a%AT(Tp+^WqeXqZ}6&JtESF(?PW9=XB)=Dd~t^34QNxDReQU;ZPJS@K;65i>Iy-JoN6>!<>R@rly)=y=v8}W&~!Qwn@OMBn2`GmFd%_ z8V{-8sFh$h+e5^Gf;0gsXN(oYj69qqByamJ3R`JvmPdUeU z9~)!#pzvx0dZOCcT+N?f+Tfk@{D{zl55dn$7As(z#QEv-?Dt^tF<=L$C=>^?;PrCS z;C#>`+L(0d{GKEF03%E}MGz6qJ95M@ITnm|)l(a}uY`*oem+5Pt&O8L4@3fX?)1KE z-{Dx%6;ho4DtPXXuNPL zPDWXj00Ke%z8$1RnkIfu#%ljw`t5r>O-6R)dfKHW? z8ifHg1KdMV_2uV1jYkskilPWPfb-wMwVJ6ZHf|zJaQ5I`WCBl5mbhB=n#dUYogwHE z;=S;Q#Tvud(WBh=-wzV~XkzjKdk&6esaz$|=nr^;!{?1R;novYkAH6HN=p-5CD%t#vlp=b7#uQ(%jAaX1Al^2wQyn^V zFuAkOm%X#(J@}T#8>jVC+ED>Kr1}RrNmM9bQ8HRNWpNs*HR)sLvm>7&L*hJ0F=M1? zC#j&Xz3xV%$MCzHd(2+Ko1>(RMaCq91aJ)wadZ#`+RA7)1DF~^-~Fa}+Kk1&o^t5!H< zx7NaUoPdY~Mn1#Q89GzCbVZ#X{-r6X;g8@C?F09uWKPl%L_I$J*kBL?Gdz0IMD51~ zk0>v376YDeDCYQ+!^H1buUcgeeyj(Ml;8x>V4>LlUh?_d%GPntxffez9TcTFPO$%G zo^U$s^6`gu^b0aDG60!GzSI62T!$Z)P`ki(ob(US#)S*#+n%6ml8-`UzQ|gG41!Ub ztR&Dg`17#u`x!1DCF4`+(q$B7Jldjx6BConNhS0(_8FUj{WAklC<&7=XHl!2G6e73 zzSJ)LB3b$8pH~Z}F%J8^&HB|V^{5QSnFYfqQCB$1K>t!iztTmIP`X}x(WRz80_Pe? zcD(!EJC%)~hNY$juW+ISpTM1RqK)7$3i&Rde5?SDeADZ2K4Hyu9Yl{F=nSSi8OMbs0|EX7=h6V zpvNMjxJlzCX2e>pJpeKfd&NZUCvUo;qx;XRZy5huA-Z+AoZV{Is_pK1_*!JG7Qnjoy(ZrABHUeaBgrxhO4JYqafkiMHLMeZgue;r+h4 zp5~l=8&232v{xH%`WKYyj0>3oeI;!`C#xm1M?fc2z;rc}CQ6o3KN6H7je60Ypm>K5 zU`Q)kw1lO_h39Y`aHap~f_R4h5p;r4`6uxM(mc~Hu*d!S^$$0GxO8cT^^5gE!GBnh z!>lfN+ksH%riT-Md>MVVOg@4i_P9hg=hs6RWO>d%tA{jSL@yqBWE*o_M%DxWj%d-+ zz5C8vChuN-^|fZKW#87k`4R4e58t!%R8KqY49(|CtwB-aZ#YPlQNRKQO7Qvid+%@; zpL?P9oX2VI6>TcrR4w7gn{T~t^}>gNtGrNl2!4=P(ND~sGsEQIDpjgUpD;mi@1ttb zIVU6}nz5AZl9ejgH(rh$h|!6AIHMvHpr=9x&&XI{y1t4Pgcn;k8;%g6I8(;k)YQ7R z&!*l|31!WAMB52+j3CnsQN8SA$YzAGoc%U%%QNUO!5yeGWEy=48A16=POfR|i=zg0 z^A0o%oWn697^j(ka1B^M?!o}gwF995?>-ejWA`|^S@VTViXM|OvEN1R3-FGCkW3S` zYSpqiK{we*dOhT{6HYwY=)fy4J@0O~?k3aKq)CQ8_Soa~zB3&l!7}ix|GxIB@r*0v z1YE3GQR7uO()ZT>5Qiqt*3NRUI1ncDAJRvhGPeG_ML3vXMtyJ(=OByR7wuwS1blB0 z-$F;g-VPld*?1EZlTFu6FbCh4AA$}rP5Yi&Mh~$cvi{)GteH~995{q{y1e%%7~5B@Xa+!Tkc~xu`^}f!>#uIpqL$DC$=h7apZgda@CqrU zXrFcKR@nV&B9gyV%zI-5@34S(+9tp$H72lW(|Ua>ufEDg zrHX#&(dR9#7Q!pQWzhy=C~W3$zv((xt$H;h_$XTeN(3hqY=Z~(Q50So6L27Aq=Tgo zoV)vZuWnL+e{9Q-#`(G^Z`P?`{sXae2f{d zzBn;bJS*4$Jo@n6)>k~G@KWmE?+f>Fr?-X72~uLWac{lxvdyJW{Zd=T`myfo0bh#Q zl{1EV!G-smvSHxY{oJSBy1EA*eAI+{(yFanw^9m{L}RA39V-Xc3?Q`JclQm#OYiUi z{2}mD*Z`pDBFZ3RL554Jo@@phXhqJo22a5W95tSN;t_2Ml*&$F@Sq{v>RF;tdvxSApYXSnZ&479OV z5yN`+>4zbPqEi)Y<1~BLbT?w?H?BmfvNGy!G}^#;z&D&_`hC^g`mj}WuCP3NcWSQi zdMz)b)7UX1rNr%TLL-?9X3d!9KKrzj?j^WnF+_yQmtTCsHeYPKpgol;SC!CIQFAy= zO2q-9ZC==9K6-TTV$nhuU37^>W6}q%^T&5+()8(5-N<3zx;Ni=NmKzkjKJ&bEv34q z$;dZ+=wNd=fmT6F5b#JPMY-d)YqT!qTxzX`?xh!>G!Jx?*+g;ol@S-lyng)}>oat_ zg60@+E!OS5cm8XN2^5mRLB4#XRxD(+nm$5*d-mw!X|UQZEpO1K&D&arhW>qfX}-(4 zT6G$m(c^)8Z!y7~eo_B#d5m@U|K&fxI~x}^fYZ`zO^A{| zSjy!sqU}E^y=-&MmrwT`CeFi1cG{&|Z@EFjd41vMDuX=~!?g8rr+00WMqSdF+nP*O zI@YJ3eNi}fxPAPDZIuj2G5z(9+EitPc5h zfbqxXimdC`_j4JCx*J_VZotD9ynsic-1xNXN3QF~?|T>&{J^jAE~cOmfAX<=O?d&o zuTitU37(HXa+fx1WwfDD>M3pf5`!r3{zAT1C!lC_FH*Hdf?(*hmAfD45B1 z@Y<^{xYu5O!qshfglpWajUsa=xo-x1VX_9w80Pq`H(u1Z3+o+a>`*HDa>5JFJf#1Z zUV6D18(23S$hZcLVU1`9Z%ZPrUwPqC(bt+52_1(wu{QcRyo~u_nAN>;!&)ikOBx-7 zMo{0Kw_TfwuZ`SWf&Y?Xdm+2 zcBP3XnhgcSFLIKrQ}1xCiQh=G?iBEkZ}unU!+lcX)~%~!0kqaA8PIvK*?%g^W zJx3--#+)>1vU}>8=fw+}W#J$77R0cdkzusqnWr9-oK{i_kd?xxV%9etoNCLl1|=PR zeei*MT#Xczx=KebTFbcjjxq!XtIi+2B^t8Tcm?m$}|J^s@y}eA9*s#I#BV=s){L0JE80>>1^lhqm-ayH+$T0Wb_n6OC zp}hqj$ENVnW|V!+;BWfdkryvK|F{{|kcBZ?VI;)Rj3MorC+^Rh2V`($mt<{Vd-wX( zeIR;LF^*^)BA^y%V-MeBN-3VLDE$8J+kt|IkE9TfHyGiV2qP!}RURz?=Gpw;b=!5WbXm!p z!WVcubQ5}(wZ{}qUaBaYBt^*JY@4mX&%_(i&H%s2eh=P%kLY(pIX*1a8dTC66gQlB z_2s8c*4ZRw#i4?29DLxD4?g^?87#B*m?-|#FYo~#IAZvBn#G+m%5N|jL*87ya;ar2 z0d?VbciwS}wYhA`BEeL3tyR1!7@2UP+`?ah6ZWxB zJu$-g5qQGf-gfiVQoN8FyQ`TGx&wGBVIa#GOu4K5nRtDmSAGpJ0MD~{SE90}NoM?B&Rb_Hino9NuOyGY>^|w%%Xr2cZ@wmnt7Lb<1sCaf zhzrbUg4{Y@PRC?bOqi1*El{Co3ycO;>lDvIvZklkXFcJ>*_{<6YyA@4x?!$phD2 zd!w=jwReNQ|JF6AQ_s_N8z1NW`gHX;6Tkk}f87(0K4p<&jb!j$tf*leo(IZ7_T6!tp040=bpz)$22JxW4w<8$@d=xps08Pm&{bzy5vPH-o-$_uX^9 zYumP+>o0v3ycK#8_>WcgH~d3;@Nx{SM8?6B*lS~4T9LNQdN5C^`3bThU2?LFwnPWR zJ9uu&)CtBL>eg*yw0r!IKbTxkz)j#)@F5&Z*_StH(9~!*JZpY>n(AF5+Fwq5uBNq3 zz3kJcPMv7H1*d9c26U*vjE^4n4#w50rP_6jSwkx#ym5$BdwVV*b+7=DH!mm)mZ=(~KYwJanJC@%o!( zG);81Qc@M8_2Rfn zl;1|l%D@7SY#54a*J)@@5kY3f@odKQiGrark_~(y#_ZWs}KW8NMJV0sqiFp{1=CvL|?eY({oZ zXa)NZTT9h|Zh%zi7^}b&!vpmLTq39qT*k2vS&etegl4e5zZYWbZ#fP0fFn+>b=h_>ta_x`mpn#X7TuO3^tDKD7UeO#ONn6ey5F_~`k3Z~= zQ9#Y?1)T-(FYVz>X|46xE+ z-fjKCB*6*J=yP;zOVcJTjjwR540>`LF)-S)FGWTta4JLDB{1x=pU0^K!|p;INjPWr zH1YM?(ubwk9*XQ0)IDRyWP`K%;$h$-u!0OfWBO!!4t-XD%fC3hU0#nFfFskvqC*^O z*K2Hwe7d_N(i0YE59SoA{X!=LK&bNa9vZ@Kzv)YZf*4_E`-2`Fhh5M}y| zu?HcA%^<=S>>T4Rh4fblFZ8Qy{)*Oj-VOEBFE+%~&o$;K%nP5@Bw&%M$NI00EfNC^ z1TW3Rr0RB^_vjnmdFNelvHDO^o987Kv4>!YF?g`NqDLvBnrB0ye)>u3ii3+4GDSG` z;28zO^+E>%Zhk4EYKwVExvcitfJ2yh76Ah#0@vv~pD3vqH@}%b5S6*c(}!`u_~<*{ zLCX}$g@BPP!k#3d=Aw%)xAzg&M=1Ayf+Cez5BeG_2i6P#Yrs*<)*TFA=soMmbz=mX zzk!J)31h$xO0%464Xm+gMCpXrZ$mkJl#U z$=pX!tCZl+^dN;1ZGsy-$A*gW@rUxzx8?ByPd}I!w1LzXfvzwf3@yBa5*Zxx-#w0T zALj}F5Ei+Ip{Qzds`a1xP>$g!LO(R?RtMjCH)p@-6PrUKWfm$z;&q*K4!$x^6y}OC zS#+^BXly)xR!SlsLAmPd-EInP<|y>v)>-e-M+!8VzVe5Xj+$9p<`)`DeHdk_4@Mp6 z2lG-TDcR^Cu)%NE3n<#5_o)X1JI~Wrlm=rk3~S)$1)*CsRnPL56V~YG|M$Y2u!eZm z;!)1`oJtO!VSSl<@CLjER{0&^hD{p0!*E0}0}g?+cpvjD>p{Il$kIkwTi~O0>oSUH z>u*tmIe9e-4CsZ21CLAaIM&(2fQRwGAGwAA32e~kocKh$coh0~1wTeVyoWu{!$Si< z<2U`rcwM4IL!)cR7u1=B2Xg)buc;4%7g;#S-r=d9hc0l6`@nJIW^HXl%N*d4P@^Vz z>&HdC)y<1h$~^E!<6zE6-PWRI8%0N5X!Hlim=VK=sP8fqs9p`!=AAi0wy4{%nJM69 zBeP8?Z80XI2lx(cVr=~7hOZa_0>1K0tn9lP03M->L|S;5&c?qe-?Vkmvt*yZ>2cR0 zSz0(oT?GUKM53lDDh}BW9OOFk9fnH0;*nn=_e9fp{A(?vrDR4amvX~DGpI@y26iwm zsXG1TGml#OK|P$W3a>^Uga+^o9`e96zjx-_;lNR7N7#fR8&k4nM)3#H@M_|1^o#a@ zf1I3n$H|E6`{el`>%f>$vSPf2hENK~ zK*erLcteAlsqn;6CsRE)&6u z{0A=$@X7t`y_jS~(fxxCQg*0JUP5$FO*!8I%Tb=i7@+Svcb2pM6i7f;_US5_Q{XTs z4`l9k#mW3ib&kWfrYYq_azVo{6i*xcvqI9ZN zSCqfxaoaPiP4EZYvv%|wTE;xECOAyd7C1n^agxHxBEWU%2mRw3^BQCXo~NL6@=g+K zheu4{#UYAsW*ag zcaV2{$?BV)gH{-$&%9`qoo7|Z^iaEA1JVCO4bCsS^a|C*K6#_jyY1V3dQQ?cbB##F z3`NYR&75Hw;>rvENTm#p%u|H!FlEKznUhXBRXD25aCY{tbONfAG@fJ|xb>Dhtc`8T zQUE?$zr~Bt`OsDN`_PP&75#;*f}Rf9xrz+4&;a_!AN-xRaUz+k%ocNJ%rJv5h9PJ< z8Fr3n-om28;I&@n0H6K%zWru^Yj$`uDTjY@lO|8pUU$7c!@LlU3|()a3_%SWG*bUn zpNx|U@to7X#ppNmVo$5~U9Rg#} zg%ZJtaf$h#Ib(|Ea;Nx670Wb+tY$P-JcI8Tg^@crS_7IHXf|`gJ?05njx_g&a0=K% zcVd~`B==r${zW$b@N?z@8HMk2)8@FZys=zqLUHT53A=mTAco;X&1ET~`AQR){35_GmAi-j* zWh~B+F$wtr{007Sj77fy&ae(#2j2MuM)}P;u$a)I0P6;QnR5k>{i^n9ll0F-Y%f-% zBQU%|>1LP6sgJs$Ukw{IvpqY;C?c7u`=_5aNFQF)u4f#)!04ZrQ@EQGc=F21?Anh^ zaM!x{WBa%ZZKhsh^eNJG?Cak$ z1Afi1<&oYV2Z*8y-XgOWJPF(ZN63%`9m9DPJjb?07C!-v;W!RNtSgQo=p@Mcg)RhM zMjhZ&P3hBsG0!7_MFN_(={@NS_L1?IDU2C_a{(j-F&37^1iAU77@Nub&4TXO!6wz; z<38V6u=s=|<$a%Sj43@m&AfNH&O0D;s22ne1bnAFAwyj-5WfM=uABD&7B=D#j4UdZ z*)DbQKJ_8s&>p`-od`Z*Otw+Y><9gZ5oNurx>4wa_qb1?O|Io6M*K!t%dKwi@tzS| zefMMi#Zu(*od_sW{^8-oJj2vU+ZAn_I#4EnaDI#k?_Mz-`W^aZ{SY!TYsMh;Zn(#s zL<{XvH-9|CZ(lrX@O>9C)@ul4ll0}dLlWi^6P1`$%hK;{&_-~!Hn?~n!Ki#c<)N2Q)y-A} z9Vzrk;aX10W^jgn1-SQco{6KXHyaQ9*a95_UvttGa4g_`=ofvY@X5R3KG(d0JBo9^ zXgq#Cbk}e;yqmLMTn}^q>#y4-6ffizHN+j2Ogs)unE9b?3jL(`K6!&)=wG-_dz37C zrSH+X;6CFI&rvsH<~McmiK7bFc@LOCxb($$a(6VCcdgybx_CddL*4tfL??0IwzRiv zXKtc%YPhCrVa5WyFqdpZ{apIHd}obNU~@)o-@ad%@J^&Hc!)wL`aWxIYs*^cyVa#S zcE_{Wh@qH|u4{Ci0o?FA%**fL6VFD+>g5kFo6wiQ@9Co+wf=ej=#5dk#V%c}PtWOmG z=xG-I2tKytkSW7@;$Q^t>({T3WwG$lqaMD(`vA1T6mXz=!A0KZ4+9Kd^?VNn*Z}|F z!O(2_2d;CS?`+oCgbf(b&!WxwO$mI_;8T4jRV(iV+zKRAMK$To!WhDRa1f&&&jwkU z@1gKK?a&X}rFgy?XGzXes-)s9edr z0gn7!NA{RXK^o{Z^-`E`_LnFo=qG=?PZ7Au0P9mifA!TDN=rRoSsvmIX98T{;7mj; zshEl6g_qK9z`ftDrC?rt^ef@lI@AS>(VwX77REw7!FieQ0Zw-1fxcEh?rglu=2N@k zBx3|8qs7m?msgiAS!{i^1qctRe>ii%BT)|V>FE=WX4$Yyzv-vPcOQkuZ~naF$F6u2 z?FaQRhG+ry!4(Wgq}P7tsYi4UaT__A#2X*y+QbRt%mJ0T&#f>!*%ULkCt}xPGw@eu zKoBOLkiS4-85d@`CJCRoE8EAp;e+7=&K-;qq@c2LXnzY4Kw*BUjD()nd*}rI!8v#` z_ySFwCgUds!{U4Iy)Ea#GUl8=LG+MRoVBvH{f7Q3~v1I6i_lpk@1`&~LhqP7|XkhIO(nK-ayY^!sV%VVIoLNY+A^2&(g-_saPMGpM+mAmfrG^=Pc^;>-^Uu3L*+3e& z&L4jy2g}Xw(n~JaJbB|K^FkC|RUP95egs1t&Y9dp#;0yz=$&`obcu;c(rqQUdFk_% z+TCXeqMiL+L{)6xK}vIA3D}?znG5{l#EFw!TG~u=T=!1qJmL2xzzuQ@&LF_=iWN&t zhAJt!3Vu(?nq%Z6{l^?u6}*EFb7oIBM_KO(&E4?4hkFe4hi1~zAY-J+NtJg=olcv` zggAnNBa0U=wE4$5k9B}%;k>tWX@)y!v)>OGF;hc0{eiQ{_<6lB&&+3&X3gD~Uw&@s z#9Oy*r{f~m8txVsZ4Go5T7QU+frCzD!Mon4uy6G1vD3{?pX-vf-Z+hP=y0q>@nTf} zVa#ap7mmLq=tDtfD$sg@f!Kqx?_zHI_3vwRu~w}*=76k=hJW0PmHjjWntT7Bi6Ggy zr}bx9kR<|KfbYL%>eb0ui=zhk1b(oF=p*1G3l^k_4kR1wz(=?TERxC{2Pb$B87tX4 zQ38Acv-<)T{<;D99|)ge(!+#@Pg@cF6Ml#1!gUr2B7xTr=Lt>FSz;)dNyCJ&K?(0b zLYTTNqQY;WN(EswUp}Slip(uE2SGCsZhJ8D4{cLIec^X_B(xja2*0@>zVGhcP)B$- z{0^T1IK%x=ANRvGz9Yn=FeH^KLOv-_NtqHhxF{c(E1MWzP+?f~i)TW;Spo`7FfvKj z4?P>EEj&*>(dYP0iC&9-_jh-_Pbxjm!}?+55Fz(QDO}20Bp^{%^bL=y-0BE*9f+Tq zAax*ieGh&1xDp-;xDw!>>p9ml{Eos@c%OTuW&B~(aPvq-fC`>?;Tb-|yScSfM0jBR z2*Aq=z`kIM=V>GKfmsuNPa+))*TZw+79-~#0ysv>X-W%LOsSAis)kKW&UdocHgmn~{X)jC^);(R zc~;iN%rBuo;d=CUScmAf==YrWvta-}>1kTDkD>q3YY42&P^dT5$>zRLp;Dn+{?kvA z@wf1Ncp&F*Uk`N3Kf!&JIyiVuRf;y|83z@d*g}8!{;jfpV7S1^ivB|HyyJwgDD*Gd z-XHlM`uR`zWDfW@ozR-T?H}}J}@NBpjuK&?7h4=s5 zC-D9EmFQT)_vk!^F^3+7-(gO|b>^G*;8QcEO>rZYs+l7QEY!YJKgRWuk{gTv=tP!5ANmUGyPZXrKRLB{l>5 zat44~Xu{li^W4Q3T&R?-t;8h?x)z7mbRP_v=%&wCq}lKl>cSxX$CaI+l0 zhr56O`y6+w`i6r^a&mPyREF61-g(2tCnf2;$gQrh`k0YE&$VjV%Ifzrt~Yu^yK$7l zNtLL^(@#CqB`KXV{iN^AA^oOcl%s!)55o-i;03*U_0YMhE$poElp3k7md-g(OPlMy z9yq`Z4uLmVC4cij=t3}p#VMMT$R>`$!^sF^ej$yEtbiPi!91YjWZZ$CGX9k^u95{I zMH&7u3bI!ujM5PR06+jqL_t)Tru5J}gFI$*RSQVn82PXK|l7@*^o6=JzE6UN0=l0#e}1*9y`G>R#jQ~VBN8TS|iPF!5$s14wP zOb^uOqm>n`qw$a;nv9SK9fYB0{}|!_$Z`iB15Y8t2W8nZ1tkcFW+`%U`Xo7B6p?OL zP7d}X}ADl+y)oqb6gHB)OEykY>uK?B%eZ^-*AWZ(rJsFy<4 z0M>5J+Of}Ip;dMC2a(fpaS2B6(xrR$&v~aY=8NCVF@`6M z^ynSQ2IO(aJDmi1k#*wiYchSZM(6?S)NN!k9JDnxwXVrCi0jQxexc`0x|ai*n{*G=9R5n#&?~X8Z}t;KI4^sWofqsLSzgz&BsJ z#L87{o$~5j{!{yfWDH)yYguo82WJ>?mTT}5;C<`1E#gOIEGq=**(+Auq9X#}Asoe% zV6ypC@hY4`a7<#~gp)gkI^m1em6Zs-gG|D4KOAMF4pf<`F z0b=l(bDYdmbgpvtA!ofgfA8t}ocI6CZ~BU$T`Z-J_1ze6WS#cZmp{{1UU^o_rLpFf z-u%^mL@|!<{uLb-8usw7$p&~5QKAkF1Kr;*J(*xw>pjc>d4Q=1|uk=}*pQ_Vn(a?&qv8{N_Cb*xxI=t9y6Xf3L2+buVYzIe-6| zcCz37D+r1yV^>A*pXozhcs6?;e!n+4p9>fd9cRM{uZH)4CqX%y^PSvU*b~pn?VZ2t zT5kPky`v>OvoFSh!H&%)si|luXB%8YX#$gh{)N5-+8piY|L5<_i=Ufa*KVK8iM7R& z{IRyO*X;Luv%BZG&W4IKfEaB(5BvSPqIYw`RP^5NzSCxqL-`J0jF!+>&eR1Kxv$5p zJ6WJdj9wB|F3m0mYm~_w)1=S=5{Z)Ytj00e*eAafA3z-dj8knp$-4} z$6)+_Z7cd7?PbAG_!50!H{U~l!|m{!HN==tdND8i{W<0Gp5P#~7ySg+EcLUF*x);L zMCD2PmQPAakITQkAFXS5-^2KFyZ?Llcz#d!bF1@@T%+DS8BlVz9sM2s{zuyTGtXdv zM!Adpf}HQ^l{ez=t{&@;==)!h9CufD?0Relm;op&N>XSOd$pD=Tf07e`?>$T_^j*t z>1VEe%6xZRtvDBVc^74*K<1V+1@uF*K)G_|Oc7sA5rN$A_lY>p$0fpIYx(`QU~lP6EIG`U4J&Uxu+X8c{I zI?1fSJduie^ypD`^a=0LPwFq5kf7tpmReu75OJjO(XVC7I5uxVy8Gml&hE%IZOv#s zNd~*G2lkgff{5xr#~W;7_tHPm8peQ8Y`OaBzx&j)8H?sCb#;-(wi_U>c3zxT%)tpX@|7A7|i41RIlnjByg9?`&msjF*!E24#%JOO+y*_vX%-VPoJ3 zo2@e9FIl|6`ar}d?{fYzeP>*MpR^H1^G80tEKIuaW-VH|VIzjgd7zGa?*knbqP-hY zi+9|5hZ(HA!O`zUI8q6iOiP>VQiYQk^GnD{YPO=!wdAgf3>ifJPMtQzvVnZ}-M0qU z<%GNG>GOnlTP!U!Y1XId8KS}~>zIm}%4A0*W?>ms7Ru2AgJ}`zxVm)hY`B`7oMO@A zUw!qZn=CvpQKE#k{YOUncRT~UGfzZ+E?bge4g|m=G+^O^c{21=mH|-bf@-`(Dtm-ypsQSgFPvKWIcowz#BdA>x>vo2dUZ!xDB#x!41g$dd}RgmKs#$5JLz%a(y z%`(pN9T?=SU;>$n>wMx>t5=u<1odH%B6^qTb&h3Qx^$6h-D$@%;gB&eZH^hRFecAX z`t?ec6GivRn(>NrQK=ioL`y|G+&x+Ou+swe>!`!VMuhYCGxMMrCb=O>X zqdVb*la1EC_kL%SCBawd1ml8^!YjzoP`0$P#A!WC%LxG*iyRCM!k9Zq2INytK2>v9 zR%eY*cGYA^=UM8RHFKu%I2;>>4*lMaCV)0~@7~quK28l|$Nb>>i?>wFj2Z@)V&(6h z0dN?cAuApH1i54__$qz@F2k$fw zT%8vz+E-Xn!Hbo>5?*qMaBbPL47<;Yg;ZDy_{HxP)&%25aCG~V7p)w z14o(CrQLBSo@@q)^=ro}y>dwzLG&lZD)a)dg)aB)+sA#c2--?A3=$bjL22K!cTe~9 zD=)eRikNApqqw?s>*CfZdkF7TkW#*8N)4sl9OZg`*~=8~7&V@H?nzfhXD&8YO61Ra zc6TeJ$gQ1{YD!xaySLtay{nR3-O@GJu2IuXl;QNteqXt2iAi=;!o3gQ=eDR1CFT4N zNvkO1O{$Dg7L)2|Q>&+#b2bjzq+$l&7~qN( zE8KPey~2!bjbu3cN@HEGqtA%;8Zl~w>)NY_QO=@z4<&Sh(zu z_x&Pkd`~>{xGSsi)zrPII#TTm9k+rJsi6KC15s;Hr&gQHzxf~FfJj2l%nje^0{ep5 zv!|IsmNkTKVcc3PL+V>edtND6f_I~FTm%)R@;y9U1%6^TlO<>OC1<|@eWL1g>$N~OL*M))F% zY-NqgYmR`=2OfRECF%_8GQ#1PUwugi-@@*2on<{}&^PXr)t?BCtGeP!=}z4n6vet- z`m8ESqf2ytUYl3e9=QAE*X>HhKHXr=I~+K3Bp?Mezv(x43XCt1Vb~jgy*Y+D=FXj= zdG_!NPVhZFeU3fPdJs{#ZXM@h7cxf(&gKpEf*-*4!UgG8FEC8uoZ)rr)|k^Z5$v;O zPPOZ_$6tVJ>c`1}bATyEPcrKuT`gw;0|NoCFoYG=`m7eLBZtu6ytXd%HWd1nAlSkA z0OQ^1Xa3uq6EOBsFw8@D0A#9pFniCZwmQyN4cs$Zgi|BN{ew zFa75=S4VUmL-9l%RX~bzc(|2z?FaO(`S3osyEGjaeQ^pY%rt5PK#z1OH!V zK#Ui!Zz4Z9BWkY}5r%^gE@%-9l`B_L8lnn*1H4xoiB%SxfxI&V$hT;CGL+I-r+FdT z?!|(3OiF}$Q|SJ0b;jO` z%|Ol>0GxsmpuD1?ddqlw(n+US)a;x&v)otx`@2<2pSea#)|{n!ty(T#5rlSDy_u8z zz6E1wCH-LlLOGtSG|5D$p*ZD_b9+e#i=mXLElP?~sq!pJc+UJSEn_K$-}Ll(iq2f_ z8a7cBuc8gP&pV{@t*tb*e8-ScU#XPAk8s2n&tc>s3b}$(u43Hf*?9GfvmJRBoT4wU zzW$0C3NXx2xQ79`U58`s9qOV#M3gZm`WMb6W<1Ov&+v{0XzvhZ79C%W&ck;MJItRSI}XmYv1`33>9^=y;dG_k1V%7qWzj<#R-r!rFvjyo32WnjI5Q$y zyXu!7w&#c*!%#qd2SQ;?zzWg!q*A}(x~r|*`DE1Hv3^6YL#SQ9ff;v!J>DnE8XTqI z)WQ0u>O5@bmcn<|#PC7$WQI0<;&?&ZM6M=PNwoQ<&f>+3E8@D8!9B8?!MdKIE&jl< zyjs*lgC}!95V&iYW(+c?2FZqYl#DI{H_#b_pUlB9KLLLE&OQH}hi|@fJ%4`xJHV!% z%C+85H~5E9_YmO{>CJOv`B`o088zyAWNYgk7=Y*e`46@0tU*}MMT_QJ#5Z`#wY*va z+$2@0A|CXWtDaolU3FDQb5Q#ByTPtYk8bX@|GuoT|8@jTnjhgfdp*EAa81UCy5bRJ zj5xT^!IrflJ$;`0vdd!GxC;Nn)kLopQYRz7BtF2(c)U6&i~jT5oRehK4R`?NO4m6I3Q1AF`7G?2Loj-%;2aGmX(z2I(9;+@k1F;#{ zXET5>0UkrV@IqmuCF*1{!2!vajFV}@7oywJEdUJrU}Ch zDb)T*0dGNL^Ij9*UbI*#xnxX=@#{Y_d$DI?GqC?=fGCbb<)L4qn9itHww=9NL>N#& z+F5(+*1Po^H^J&v?4P~bRIIYt4D8Pt2uiYTQXW>+SzIW}wMEZ__r29KxU*zurPnJc zWx=LRn~c|b1+u@lw_1wT6PtlQGXuNq>jax*ZZkz=3@rc5G{&C&12X_zq0GiGId1$o zIULM2W9vwr-EzDL7*-}~Ns?m5qS_Vb+Q5?JCp*M(px-+!;2 zhU_XP0hZm1;T}G@j)oIH1T!jhjy|I6qIrd9b1lKB@IBn$P66GTjr*AgpIqN$3PIFzF?M04eeFsA701N(36xEYCmXQCWqn1-fPVU5G7 zunzt`+*A1(u8Hm6uNPRObI~&}nrrq;Ag!bXeOK_+@ovuv9qTi;@7QDd#OLj;ay$fm zO0;8`KKF+cKW3Q!)gj{r2if6x;>o8lHOIS}FykR$EWcOdEN7vah<2hYs_Bp40*yF* zgbs8*;4t?<4?K^t#Ns+I-!6TM^R(U8z|YjZe|E#^8e^`)nHuMr1#=7Yi^a!qj%#S) zd-&wsf9e<5Rfv~R_T2H38$P4$Hue}gi+xr&CU8$VcKWRA&2d_AfajBt@Vh_$pAAw_m@0z5VKceyOtCCDug=Ozfy<{n#!1f2v%; z_m(OZOwvgVNJT^N?I=ko$d2%g8pDWx-H#9m_{}3@k6AqMD72b18mCYs?FKoHnlu672^_^+90G9&9PAJvQ#OH2 zGZcqv9(52;D^e^`TGuQ4xT(r=cn0x7Jfrx~znTz0xkyrCM*S~bzBy7}P%umUJz2`g z)p5MVArOZ^-Gu-FTC&D*lI(7N)Xtb)Zx5Yk^gMA@O4lZcKN4qZ}fSrMV zkX^1+LntUH(2l?8-M;7=U$oV9iq`y2f3fFck7Iu$D9vx^JvCeGJ)dMzWHS9QckN)0Vzn4H`R~IdIt@iTP z1A1AY*DpJWntsBX^RN0I1M8}Ddw^H$Z;Ywt_b)rnukL+HN>K8@<9n?EVPEuFYlGXZ zqo8|(=LBy1t5pBG!f2;{m(Hp#;box1RlD6<`DM?)ftMtcbW-VaKJm|m03bJ3%bS=) zm#XgJ+c5-Dbv}M@s6c?-#H?{h76AY1!kYh=0pMtPm<%t4PteQH%j;qE9xBTgpGO=5 zUr`819wCyPltYH&Ap#2cRgy|Bkg>*boL?Ox3;PwCMtOOC5B~1@5_%&v&22csc|S!I zSo#tjeTCp1pK2Te2Mz*}LQS&AzG^`R@(gw@?#pNGt2xB`jYHt`Ab_6*2Mziky5GKS zQU7iqi>4B!Z({WC^T+PnNyU3Vm?0qiN7Dl{>w*L7Uczw>W)O!=g?f#ZBKjy*%;3)iMP31-|c#K5Kc}d+H8ZL`iJ4qS#js z?CILQImd43J-u^%f5@A?8DIRG0|SAe3j~`pd_ORwseWp$1c2$zCsdimQ29~)l=x8` z0&xf&bP#~11H(G#2LCw&jxuT^ttHN{J_lIwpX(e19CK?!=~f@H+2wU^qVWO6A@G%l zfGD&!Xnil>$YYTE6&3qBIJOsqiC+?jz&?V&{*`&*X%P|cFIwJ5po@2VkV7C~V>}Vz zAYaIXaQKI^PvIb3j`)z{5Qsw{4uP*M1n_Tr>`D-z%>IAhYNwa~ejM>0;t=?J2-I$! zw@=Z}e)3v<{ygJX#32xeKpX-!AW)NG#rahY0L8z4B_R-}gRkVW$0uEPAy89P?e~$! zdBT1NdHjKK2*e=}hrm97zyTL0`(RG-F5?i0Lm&=;I0R|~0_gj3oxe698Smp@fIuAA z4~A8WkFj|2+&)Mj7IJ4uRT(K&5P?By?G+XuW==F0TNV?+%DOLzEOn zw{O_6q4R{=d;Vwl1l`pZ9oJ@Gj5y8{K6~B1+P{Fa<^C?@1I^ z(`tVhbV~c8bQ)+nF3TN!@qZ2&1i)o&QpA?rW2`C~SddYB6RV2LhrL_OI1ku6IPL4J zK0h7ri;Tbx#|9#%EmpB3&*~?(a$!=xUb!`H)Yu(F4fVop97T;AH@3vYL|a!__=N?? z7a0;6hx{RIN=r*U*o-mxMO)}6+!y)^h#by;nNRxQW#rqoZ^O#{RBIr`xi+5jsgC0( z>I4K_z1kbE%N}r}PE6pS9Ymx6RO~7izbdHYR}JK#`wV`iz!&@qUb3&~G4PoxekF(D zmuU?u`5yO%zWA(-#@u)8++o|dZ{H&v4kdmC%=qt+Z*sU)>{uaWQMy(_3(2ASq67Ps z+-}mOiLd+m4eO0SaBbmKEPTPQfJ3`>mD#p!rLjNn^|89~ez<`?cM4~bv7E21#@Kf5 z+F64RBL2V};_cvqz~0N^T128c2_o@4If5#7ZIC`+DA_2UP(MkI+cIk;{XOXMuFFfe zhZn3~vwEM-B*;b{QYyOpqK>C9xY&NG`YOlS9Ip8CpAnytF27B>{2p51YkT>icku=C z9sggoUl5(5p*4|TaO1{}R#H;pyprn1G%1idNw;*9nZ9+ zv9d4rcu)8Jr*l<({-=xT)NjxkI9;Y3@Jtl~Ya)HWvEWfAx=fPJzq|iF&?#~r{QW#S zt)e460vjA#{L8|3Z|G%jt^xdedmYyv(oO3Ui?h{h^Phd4;ktuzH#k18@~!fF<;uQo zDfCa2eH-ihjbsusis0|MqC(qMw)>`sD!i^l4(Oq*mTbvA;T!Mk&1!d6 z0XOOO^Z3($`{dYX{kMJX&--h42e6Q{qHMc}DaBeI^ROi~Y-%e@>e;wH+w91+eA}@r zK}=sRHrMGQ1#t1=MfT|9k64T5axkfdg@UjEYQ&VHaxk3Zch2j7Ie?B zWn@L`*Nb=)t!Z*o>)5fAZQfj5DSV>9F!$En(HEZ0c^rcDS*-gw->hjf-{sJWzP4<3 zXE^7p?h)~acmd~P=Tq}J%$Mi0ld4(Mrj{rsgYp~t;*;OjN^x$|B-xeY&>#24+o1sg zvSHD^0&a&-W*3efr=_SiXs~cCvUU%qx7k!p*u?CI1S&I=r z6Q5{gt4bT#_`X|hX!io!z6*t*nqMU(B-(-n^X%~_AG201mE58hU>|5UqVY(Xj_6;N z4_IHdpd2XOuF&+sn&pP&!~{=#(|bstW7_#V%N z_ifs=vC3(_r@lDHP89Hw=Y{^NpH$7SS~P2J4b=apO`EF5#r^Or4E<($Zlgwxs^Amb z$H8>WoM^tzf{6|)*Di8Q#KMVn2>1X!vn#IZdzf_Wc^wB?!O!$Xt9j37o%f4t;h%c- z8(CTDVr$alc1!L#UiCUEtZ-)|yLiwB>(gP4wz^FQ*D?EeyxsN`0 zHvMpnqh|ev4c4+nOF!SNSqs+%Hs~C`$KDhA;v9c`59=9z<2kX7^X=PpaD#U1)~$Yh z=obgpmaSW?b*t9iU+jJH#~H67GfiRgFRj%_ac zLSNB%BfiJEz?V6$`5gLV?8rZO76HAQJd1nK<&%{})3|Yys{Xk5P;J192JC=O)hB|_ z@dsYZ+C`mYa&UR?u!2`EA zvFLyIXGC4^bPD+dWn-5}Z~pVc4_Tp-t)XdTYH08pgas7^ zY0#7Nl}fvnbMS=NR#T4;_du7ie5abPmHAk(SFl64KluGRNZ&{AAo-c=WA9OS-Z&Td z5XXDsYh38#)>sP_Sit{@y-wra*!#n|Fwbfmi%MjbQbQlr=Xak!_t&+?T*4eVriJfe ztToTq{2tcXabhp-5B-90JTZcExhFGnymRMvCG+lbzea`Dh4oC3Y(`H(Zt=V@248p9 zS^S&zt(=1Yj*Z$#HtQ}W2K#T+P_7oARl}%T2O4AjL@O_yXDyEWwF8kO-n`jq3zz~= z;9Ju^07kJi#I?wKYybk&H51nOo$*0a==UU=xgrt$3Enoh^+uQjiW=m6WMnt#OJU-SB^-(vbL7awK~dGb!_qTnt_ z4NrkC5>@$-R;B=GbpzJr{#zsIXWNzZ8lF{sOq&;V-_KEpA6Mr+1V zwC>;;&-twL;4J;@kUqUdx_0nCbN%jk8sSdpkN!ChIA1jumzT^zboU=*C->KE^btE& z`lp4l$37d_fFrSf?sCngZJV}U0jZ?4L>o!si&Hf(8Sn$oBM-(%NmBymneABJgu5CMa@Z5UK?cV3~8Ply@yGRJ_QeV#agitj4@0PoFizo!PMj5xRGLErOEly$=0k{=|UV_2LJdB$LzR4sod^6*rMP?_zi~0F~|x-k3Am?6=$4IM`Fk@ zD`$v8aKAUg*{GlDyZ9~^E=8$GPEE?S^Ni}>!x3y0x+^MLXG4b#vo>wo*u;qw_1Vtp zsb;_7zWw!y^9>%=zkfex)Hst98#cGH;&-jZ;rH2&ibR|H=wNHv?G)R*qmj*e<93_7 zaE6-RgybPcaz%{Zo2(|@FZavksq=Ya??(C+iYtw?02>-#ma}Yu z@Nm*Q6Wwt=V#E>l?2FG@JJC1uWc?ExRKozg#Q4KN=D9&OgFjpwehW$y^aCDY+zlB# z#ICsfO3TT~wv$g9W2c{fhRvQmQ_ksa#;z%L*VUI%jZwmVp-^paS+eVEXZBsvZU-u+dtr-p~zDIZpd?H>3y|FIzSqA(ol}*m!Bqz9gi*yQ{ z-mky?rgiDm*`dC2^(s4c%qe#E_;Y;@7zyCV=dI5kmMng1KS2N-#kfjM>nWMl-eoa( z#d&CqPyR5JlZ0Q58nF{TDvKO`i{%S}cEkPPOw^$3-5nm)vbcJ(;3D^ihI5piw*(I} zmt~3Xlax{Yd${h)d@{D}+jmG_w303_c~!p4Gop8Gc*mLz{E_WSYHJJrHPRBA^stKL zRGT~T|Jj^5Gi>hM`TG0Brq7sW*;(0k%rT>Fr|53p!ui%FrH#`j`Y^l;T7m{J1c4K@ z0DN(*;RJ?XL`EI(K`)kU)Gh(;!3jao_Qo4-wr<_JyW{Eh+rR02FQ%;yxh+{tVI|v-@|W_ zvnql(=jmgqbb}kNyU|WK@g$oexS%i54^9D`yw~eD_{Quxvz$LgJSXboQ2IB(I;}@< zYt<@6y2mPq59ed)2^rf+@-s>6w!Ja{&ou(PXsue#0-NZ(yFq+=;Mc$x>^b(z1|Iw3^Wzd0p>!4%d8o6#d%;#DWgUU|>%_Az6jk1!XW5!-miqKu_>_1CYq zv8SJD^B2r>hcn5ARNsIPqHm^lPqPnYi<9gX<{R73{yb(qB3aT)c-6+%tz9jcSIQFc zJM;)&vnp9qTXvnaIl)s4rRnk)$p_%U^I{v{_**Bt4oCWD*>$n^#E%ax2sn>YpyVjo zap=|WzWc7Vm2DVG(|^&~20n!BZYkcnLp%b#AHBVO`}TJB+2`7G&pl_azWS;^bLPzH z_OE|GZ5iq5(kEs+@0&33Z3T%3TUuJ0{q@feTF>5noG%A`A3lLD6l~x?>+m*s5@X;P z-i2O|jlezdmFOOPhmlRf{KH(~Gw?O!0jKb6JM;@4qX* zUl;E?;$6`_L5HDl`fxs}@o+x2F;0HN<~eNe;jZgoKht-h)$qw&LW}gGO1nfng)#H2 zL>&kFllcd@g!>NUC$JB53FF{gG}r3j1mB|;$!)F)yo=vB=3MZbbm`LFnn|ZxFP{@~ zBs_ypd}{%2)%}X+u_)?;e)z+u)~k0v+oAyFRwW*!rS+B^OBEe-@aJun?4@<-nr7X) z_i%q!d->|>*H2J_!dmh7w$`g>U#A<+%b#wA>(&V0JNcjMJzAU4cs%&mHYLSYuU;dc z$rkw)6aWbq?1xWawQ(-^CwUkalat0NC$~V7ZjeGpWk~)mCC2!qjJGK^CV(US+ z;QhbZ>=|#{-1(wY`S0h+5Ae>rlkC`IzvlG)4{eC(*METHU(hX}9cY&1?SfS+?aC{z zlD}xA^xoO7XLONH@XG72xbDuB(GPgNS_nwtHwbGQbOU?_oI8BTP?udBw4s4}SVwQb zRx%YE;PAr^_w_GU0tY-G@C0ZM-2qy`ZomH88>I6jD>k9Pw{R&`?txc;D~t;s#&fHD z7Q!v$EaReI8uTr!^W)F@hj9iR4cCNo)%YE&+eUN{tG~ux7xAy{)~Qn$tz(MQ0eJ68 z%#{xa*E7CqI;ie9f?edB#Mf1-#P!XaH(C1*oh>c3m*X%xA+a8KB(#FBx^3I`{+A+M zc(Y)fs%x3srcLsz#;%FR5om5*AwFbuSDqgru|&+z&{V9uD}Pki#5`>ymEd!F?QJRR7V zDp=YPsF%mpp?t3H+3CaSi7_OLkyW zV~6uQeb6GAsW_edYmAlq1HLggeN~fPjBL_9&>gVA*Y=IuzvY{f-~kS&O1}VOO42j- z1QVXkGk^&+8DPb^*oIx6kdWklO5!Ex!u|RW_Io#ORGhLBKe>+Q&=_x+1K;68$O*=? z`}ruK9pLM9rE8N#Bfx<^!}Spi#1&%3$Fak`5}x2fxQFL5R)4mR!n0%93is1*r;Z)m zE=^C*kPJ%kbFt6yuJ+=eAaVEN($Bj@Ojv->{H=Z?5y!>?D_W^jJ2u;vl5Lj0Xqt@7 z99x#P%$BcMZZkz-D_7<_uo4nMjPO1rv*o$VJu``W-7a`}kb1GLs=XEmZQBE_nvqS)qVz^XJ zA$IPR%8|7!dzljk&l@*xyq$dVDVDKlk@r1)`gC{hc96nMUt}EZ+R1pce4LC6qQV)R zzp_BPgtj~L*lm#nGG9z78|;KeA%<9ZK8&VVPA_)tr72?^!p|;HS#9+jZ-)p3Dg{BY znE5&>lPI>}GRz#tgmND_NOxHq30wljfl=`rP6n7DpAiE`>D~Q2_tU^T943*%A;F^K z=m*^+JSF3czP>sw;#W#+wE9Y1DcO)~>(^@bJGWS|_|?({b1iH63h}E<@uL+sab~)L z0;@%T64K&VWo1$M3f3!AJdI3YXndJ?2?7#$?-0L&_BYA6C{_??mG1XolGX(Nl_Nd} z+@bZ&#ZizbHC2X&oZL9%X3qH7^2A$O$*IK{aM;1;cm~e}7nVrzpfCQimS;QvD=8_p z@d`eD?f4UIU4Fig`{U`;{5d$ta>Re>i*aV^IYIbi{N`!A@GSTrd^DC{fjd02os6D^ za`MlbHPaP*3|EvY6moVx_UM74)xlP*j`;Jzic=`lMTP4smD~_CDzy{h3untCusMepu{m6xV(p+~E5$Ka$jXO(< zY)e*-)4_%dmSka8POi;evRs*vi&Mkj>zhXa0(gNWNMp__{(a+Tjyf+e!fvaEKl7Bwx&sTm)Cazl>#>zT|24Eutr+rS`CkF1pN8^|?(B_@z?ZXU&?SdlJ2mbUAgveX@W_ z=!kf3xzjN;jT~kdAM}gz8ye$486{wW%%&Lesy{ zdrb8bU9u6G zI&TP9x6NxK%IJ9r1B}YFbFVOFy+@Plok_GG67go|!B|T`~;5aa2tvYt-qQtRovY#YBD}UP=quT=4NPbFB z)iv}BT_Jx%i|8rRbF1ko3M@j8+*6ktneQ9ct`L3}%b~H&1E=6%wsgDf>>SI^U2Buy zdq+dA=MJ~brHh0wk>h5CbV6`3;3$skh^8VOrBoewnztYXMi4ZMKj3x$exe%V{jjOWUSd57s(#bN$i?3cCP87J~AcWr%#_|+hng} zXQN-BZ)eG#hc9&L(#5hX{Ru&j;{F5GB3UBbcRH`M>jZoB2=KAWu2TXXfd!IaSVQOn z+zvQiElXnUx*$uU*?ku7LpOCzmK><{h(GthK>+@P-Ru6lf&!cT&Lnr@BAX{E*(6(f z0lqf;XzxyZTY<4vo`}MT!C~kE`pDEZ*tzV0f|rGcLzsK9LD1LH1)v}9O&3q)dJ@R6 zx6#WO5B&sR9sB|wM<8sccnh`)e!(^J$((i8**50nQ*Ej2kj>)N)2DyzKFo-(<=NW6 z*L1%->nrs>be=rTb(<3Fyo`ShT><`wy-X1KqKht3@Sv|{2oBg4ydr=x!3(iLBm%ru z>qXmLFWRX4ab|OViTERS2IE0D0cLfjg}H?BFt2D$dA$!iz|ey#+{TNpiLrZStI-0F z<9LVcF8E@yS6XT8I~MWFz&C*v>%L9$HRxA809i^LW!;I&wqO{OqoxNg}Ha$$2zMo@RSy}RX=h(!z z-Vi)uUZ*6QVvfk0jI2z@$wKKAYuB!|wUU8dlvtUXip^ARb7s$SyS}q*X7mE&KLKCt z1LzW7!5X0(M0P-g@6b0pEibs>B0GHOFqh#Ifaeg9>d~X80(c!QV?~bia|OJG7gQU;KSu0uXz9-}`o|Ij#wHW)kj#4-G-8ee1e*N6^6Kr37ayqhGeN}7@=xvzl| z6RPhI{YKRRqVtR~_@bbLBwxo43itv?HX*fc-Bx;Gn)s=Fmcn~0ZyYE+a&pp3V zaIBjZZz>i;?;!!b-d=g-B`0104#GB5IfzcWFHgqkav|fPDtqZlAyg~R82ZD5f05EU!TW*dRuVQMS2*N6e%|NXSm#<_gY0JnTw1LyV=R z7;l~k14IEqT8Pod+o1&k7yyc5$TCY6BY_Us6(K$$VIl>laeYfkX(OX1Q9BCyDTyIV z%1aYxaFHUr({gjOmBqMOnY>Nip@0wxN(C9{YqSG{EUgqNq$m%?QfP8=GJJQ2XEcgN z8B5l(bjSTe3(B7{8wpJqb43L^p7j1TE|VbvziJ_V)gU=pCGGX8Y@*>^vux|;UgB48 zSn-Bz?dFKGZV+tOU46X`7&y?CzafFxy1>iI%CzTSc-ED- zZz_|jS5M)L=?O&`8ttkqU^hHPW0c9s%+#(N(NhcYZ2`s& z$mJ`tw6mzSb(X@607to5A$mp8fS+SjqC|2Y+{4%`R>oxyWgdrq2s-EHW@#O|I(>pW z&~kQmrmtD;!xSQ5arJ+LBumgI3UZH%68x z_}ti4evRZExC0K)pFhuj_5bd*pZ?$;H~vsmgKU0PGB7Vc&#t@n23K~-f~R7@k|m4n zm-qeJB%x7q{LXKFTi?67JpB0MkL>lgUbmsj2&TFRc*=dy*#ar;?7|bM z<-j?`@ez7xr)*6W=g!gvuD{9lECoZcmO3D|>Y5JV4U z_OlDIag$^R!EzaJ(0_`I7IZzbp>sr&O{CZ2#D`Ad3oFC}N@P%B7ZP;~l`#SDQ+gttb~i zXn;Piz<9|NYu;tBO`kT=ax~_{MvQcN!?+!%U@JR}fEU4#mtTF!=>=Y~L9zqgnAe+- zNb$g5AF^Any-_<7`}=RmMuNYuzwxSl@X?1=vXS?X!Dn!|%}syFZr43W9C4J^E=hbd z*Is<-d6z*q>imEK0|meOmM?zu=;MDA&0ix&MH|3se|+#^n=s)m=K;vxzd!wiefyht z8PyHIgOxHipL^k1*(uw-d?n6hcJE?bB2&@j(d&c5gLT>}J`Ep2zLP}NNe;&Gfy&*qwsXFyZzM&US7x~7QBk}BS@gyu)u#~)1)Z&+-Hj~Ervl;Ci-f)YoJILaMG z(7nc56a0q%i)%V=r=|7LoMhKYj}(%+ z++dFAkMPFc$P&pHb`o^!7ReIyD0D~GtFd&C?xG*Ab=+4U_(s;sVcVleU+n;ja32RP zxX-S8oVvgdS+YzCJCPJQz_P@#KK{>F3IakoH!p;*luT)a^URBQbj9QNob+`}<^c%6K22Sd|xN%hdihWgS& z+Dc5x7l8a|nyd{E6&(~TOP2l??aoUT{qUQ>&;1=}002M$Nklh&vZ~y04g4s^@!vjY)GjZKg`LQlM`+Pg`gp<6iE=g!FyzrbSa8M}+`+*Yh zZR8tYq772dJo|4u=j`+R-Xo>&-}BwO?YZZl@eN({OW=fEyl0+qmXD2!n%Ghg%C5lY zg$~3zuUN6dp8ER}em!~vzL~P^rS{Eld`ojEvxoljfG1>}G4@QS*-eToy!qy9Mg>mh z29H3lckbN9{d4%@umK`?R01Ss!8y+}&}otX0e7K;1gDEk_v^Bookjv33AQ9Bv~DH8 zudbm|WP17{*MHF&{5tt?Gcy-QbfA6*4I1kD13Cb7fR2d`>wYEOz%F-m;I?f$%7$(0 zaAeIEEu8B+>Dj#t4xleU2f4X93Vf?Py?9tt(FyvQ0nV&R-E8PU8k>I*t4gxS_gfjOYLRU98e`i=yH(+%*fH=k8vZ*HH*dJ+dbjIH zR`}Cj9#v(FmmDWZB0lQKqwMIB$H?X_a(<0pG&?)nE8YU%DdNu)-<_o0ynUU=V+W(x zy{GdNloU1euwizCb`#@gg?2~=C3zYjFtl^|Wmh`xH#;{kT*8-zZH+#Ud`nGDbKe*~->%)dJ51i6@}4T>O>sLn$YAD;-vfNQ>(0C6 zyGZp-V{8EW&2N5bzxc)fSeoS4pC0<7%Oc`*@4hq1pNqU^6C-l1Q1%D*H1WC4(&fP$ ze1hZ8I>*lu!+ZVpR|Tgm`}sY;@QS+*6V2%jRoFXT6$efbuV^h>fCP@I8tV)NlCd9r ztXdvE@h7lh4%raJOP0C*Tq>Rnzwgkovv9b=e@8Zu*a4r0MsuV)V{2kJc9c&X{bQSC zH99rpZQHhk(Z74yTv{}xRohsMd)?n@+^9LVJk)qaD8T)5?_C+_9m>Mu} zkTYEt@buHqu+vT-=Ld7O3oDdT z0>Kwuc(G@2uv>w0HV_<$^ff&cuKlROt_#~**93u=s2#zli) zttpHgiSQ_Pk&Kr^va5Dr!2c+Zh(Jb><~@i9bAz5x$_en0lz{>TEup~k&J%*U2=T2Y zTl~FM&?a+6u}5$(U9!NHfUaG;YfZ~Vo1$64%LBP8U5LVrQo#;lN(GYGQ6NRJz1FLR zoY}w}+VqS|DcUH0wa)*A`&CWMKw)p!jrj-OAiYmATbXP-Hd=XNXX`L#mTl{IzfCAO z)*2;}&8MK&hGNH~Zr!^ZNmc%_wci=Crh)zB_%h_zieTA_C=w z3gy@sEradKi!YbMS6ShjD+UKUlt{=zW?pj9r7G<-%rdm=9VP25?Q-uWJ_yZGh6m*p zz2HpYI7(oy3_Y}bDvd1CvvK1*D+Pu%Dkcb4cv&Lm3Z^y#BAM@ry8 zH|Wu$r_Y5%2lzFOfD%eSL5)6rRsKtvucsUjfOWjTM4_!m=DEr(G zUhp~ucnZczyLKJrXj&m$$#y<~VL@p_g2H6Ut}KYMf5G1agFbpH=NqSAg0H>+Nk|&gvrIb3^#K<0K54{`NNHF$v$*6JT#=9Ps zk&)qi=*%@Y zESxWg%3!-#I|-;JgtI3khA{WzjyqoZIte1t?o05Q@hubohW0Uhso;Yh0{=qJgI8p3 zbAN0_0q#B28gzkfi$e&57TRhhXBP4c-IlEJ?xH8kCGyTkoPEeojArNw10VT`W3ihO zuYein!9C~+`G6A(9hd}0Xe)O`j&zshPG1=C;0k&!4v1B&^CeFc4lI}}2^nMFX-T6A z@*Mb3zOcMP+2Exa)_k}Ug->|SCT}{=RuwDxxJjvP-6j~y8Hat0?aHeRdI$$e7N)`s z34_?L*qb=vPC99foudQ{9G2iXyJQzFTIk6M>}=~S_z6hvY@k#lG({rv2sxRkAcOva zPB&P6LW3<@G`HcyM@Uw$^J-eW&l5RHvK4dyoiEfe&N672fXBIKooi=^9@$BZP0jc& zl!Iv1nl)A9MgDW|F~=NhgT)irZNvJ~ps7sl+=E}ROOB)p97cn5U1nyw+y3Zf;723L z?g+$@oc0b5z(29L-%PqNj_H=-F9aUY9cctPkRy~&#J7Nxh`AEzU~L`uxlT?c-oZ!m zF85>CF;_}3LJQb%$df$52!|~+fz1bAp*x~Wkz^R{P&%-1@rlR(`D#Ky_y|s-<80rq z9Wf$QzLP)=KBE`$Ss^|KZ-jk= zPhaA;^;zN%w6XFH5;Uc>K2Bx)Z&zMYxT6J!Wzz<~p;S#q-59@s1-_3-MCe&WyAIg6#Yzz^ZcOO|EW`R85W`o{b3zvr?J zKSN*LhaCn_InXTxLh(N!li^YDIM=VG2V`ZXdol|ScbxX{Is9NGaupQh3ZC7>=TwzK z`ZmFLjtQ&-w?>VcxDK&an{lw4vDNu&s6+$w3^wVYA0+D>31#Tl1jtseDsUSS8;t~S zcKWVbl_y6$CGnN)E&dGb2#Vp{=d~}`^@k5V(ncIH%Jmv>7JY>zwjqa&@bf);_LJU2 zbrY3kl^#z3hG!7;IcS>3TECJ$on{4Rd|~Xu2j=`ix3LX+WvAkK!bNClnecMEbhEJv z#*P!6V*lXthPJ_Jbd^r35_j%7=R2)WocOlu{1?i1P7)f)XosncGeP0)sy;Gm)UkG$ zbcf8$4Cfp0fE>|uNWf&AtQS55d}NG~ihbzum&w0{KcZMw_R{fr4L`yzx%g7wwTO;` z?)8WNeZc7rTY>5(mnb0wzwFy@zvVpT+;cB*eHQ&_$dJQ@zomXZ_RUd89_`gq@CPuC zJvHFNJ(Ow&pPUXV{XYbS2?FJ7vsa#EIQ|4^!vj;2;RILnl#~D-<0~S87+OH*#cl-O z2o|A7aUR{EdGnS|N7x(4e|$^$o7mk;Yb83smc`%1JkgDzNs=x|&SNJq37f|sKUN6< zQ6Jzkeig3mAv|Z?YgFZrPv*wl`5n4ASQ^WP?-wq~`1xK|w$iHKci(--b$MQ0MnB*^yd)b>eK;W86oBu8_g!i3YHVKc4oHY>bsoQx{)yg})Yu zB&4$?cTYLxG`CSEO`hacgaxF1-u_$FY8Vc2Yr*gj66gB6iIKu4kaOzo$$yQ_+0u@ z?FyG2)}>3Tj}h7+v8h0QANLO_NK9WOaYDz~%2dE&44c&t!DX)Rs{8R92c3vH*H)`l z?SKfi<}JW95>Oi&`&APf;J~URp8AdTlKGFVQTHEP!*++;#*e;f%}bYA%K={(088Y2 zH8HUb_R`BQy28ebqH(m61%y(-LSkV4`0np%hwqCHkYRHEvd|cyFYCS^e*ZhZ`-os} zTK7~pssSARa2<{X7&ga$d*rY7b7e66^IuPkFmtubC)=|)HfrHPT7(usW!`ZBbA*`w z^3VfrG?O*Gb?X+-^uYP|=wpAgyMORqS15b*=p_c;!U;MnYnlDvd*8Mh%D@28+RL$w zLdQZ!3`a~;2nIsHNZ9?0V;n(r_Yc0~yN?iR2m_4heSrkEg-r2&zBmL}PZ&11jiLx1 z;0#!~Qf0-(P*5tsL$Xj{bnEmkQW%BT(-&UAY)}Ajx**_DNXgzJvjwLB*(~50Ob;Q3 z}CYCv=HT2jgY+c@~U45ZosWhxNBtPu`s8Uh_U{>hKNCpv!Jm8;>yMmX<5`FifT zXYBiTeanr@&YiosamW46uY?achTsVVY2h^wiuc@i|8MQzdT$ct?-wgUi(>?_>Jm z_rL8~%LqPpGEtQvCqAABu8 zKi|Il?K_lp`zN34z=4At-aH;<4I09@Ko{uIqo+Hhk*8!ZzM*VEjLM0V-nRGU{6KLA z#wh3PG?+7Imcxt$uBnsX@qTf-43~o&<&*b0{_LK+z4`~4!Z_BU6KLm+H(s;v-1!YR zCQ+POYw&=^x}fX8Pj`q8Q1aM;NPF?67eoi&_2ey*&jK&;ALIYjX$U}H@KEqF%4px| z1}=^vs%TK9gY|S-ESXK#KL$1iJqkMV*Xdn!4DBPk^A(U{XG30Ij?)2@)v9GwQK6yq zWDG@cHtcRdmqdOOw5n>6II8-(Uk+dh=<=eaL{-OVB4yrnc?70fy#~^cH@|6(Qtz~e zZI#3^?MK$MWU-|TzRq@)^G>=Q(zUm{PM)5=)Qv%SB)SK*1})(vLT7&Ah3E9W+>exu5K7URi-Ij9eNu@)$q=gevuX|L1qxKc0Td6GT@lz=VxJ zdG{8gU+yId<=KDz!{z1HEnDo*5B{OjAsr=mVi$1TQ%^l^_x$MlZfm5brg?P?47?nb zs6$?V_~8`iO*n%no#n=-){y_32p1xrSE~2Bc9-!N1>Jt|y*mYq7o6vF{jP(^N%Cd! z4SJ$1KkJ3lXuEbyA0$zIxC+f!9iQ-#{|%D(&8** zcQB+upex`O`mG)-dQu4&HG<3RJYv1~iTw1Z?Ad*nHiFa?IQSy->?$^n##(G?9IRb<4K1t z0aqNT!1>*GC%G;?zUqGMz#^ziuOkGS1VQZq?dBu69L30B|roo{M) z-6V$twl5_Xp%Isz;r1 z!`|Peez*^vg*5H{}seZcZx5(GU=B-}x zUoVqx^1bhV%N~97uWqB06afrK{@@nq6@UGh6UVr3pXxi{1#3cpCsm2$;0yGQzWw&w zZ)gY=?q_=S^;cXk$jQmJC#6$RJ%IJ#k7rOmmRCm6(2-tw@p&&74ZT17*N5x}@_F$( zt3C?UrL=D2>wBd1{s999dDYMd|9HQhphOXD{*BT@2;f2g_$-bTO~M;U*7(kyx7#zS z^v7JFZ4%RHds<`0Mz9Dvz~=)UfTvu`?(>q;t%hHSYnn+1P%mzG(I3ePF2e;we7(qW zzO(UQiRb`35uKMrvI5ZubN~+^pv=2`!CClTO9hnmK!1ilTrZC7%ng-vpx13kZwn25 zoeB-^j}rZ`frZBW>4zW{0ZG;jy78n3(KYwg{RU1;zr?;3%!yS|DXZ`yP@K*_hxicSL3zM3v z&5NR2Y!~LnC%)+yWG76WI>i$|(9Pd`^L5LTy?}2H+9#d|KVTjtesok{(4*_?S_=Bd zCi&(!Zt+(NVl%T#7~2A0H8Odm-XD&Q!86$uI(zm^_uHW_lVk;r(V!`C6uylwhafI< zhZhHajQq}*Uj};6nag*g1jJe%v-2!P+neL=bgpD*L1AA-Zg6R;t;zqVWL zQLBV^dAX3HS%R&~Uux6WmiSm(?dvt(?DC}_8t;ZUl=v0%WTH?gyMUoRvc3QS@ZvkL zMp&LFlvY+#kV)9i(M`KWpN&t^Ns)&>u#@1{ufAo5@(#Gf;Z`ejV3# zqyPF!_pPYk*%qeHv8D4Cnypi&o93cv={Nqs9m(%RIbw_R0J%U$zpV7b*RAQGJFG$D z6sgf#^UYiBoXgI4=L*@k&;Sl)@DF$(n|Y@W4JR&m4ZZ<43~m~R1oyeYq3?`~*>Wun zg&R1bB-2n3Klo^>_kER0T#`YEzQB6{c^*bTju7aHzG$JZ9>+H8;$zZ% zPB%QZiSz_1W;hCv(P3>F2W3SAeS#Y#ML>U);isWb_yqi0{GWpc0*-F{6X6|e3|%6N zBU*u8Bgcr-yYPaACb^G*7Q6Tg3i7IO#pzu*Ri*$A_k;5!25=8fd+3^yb{i#2zCfXG`HZ3@cyo}PF=N&<`X4NmDn+(j@1sGGhF@#xy=1Ej62qaRz<_~B|Zy3!qB84 zyZJqG9;%$7Y>}u%Jc2PeUl2Z2G(Z+Ku*S~UqQyg(2SmAgq^Qlx5&3xnnK=2G)1X-?BmTYkDxtZ2Vbd4Q_vgq2#mm3#>ls( z3MfM#UZP#jn1u@$cpzoOup_*jIW}#O^OY1SJ{CPg-S}G57k|JWxsF~)3xRk7)-?25 zZyEqP5%)Bd?nKZAxa>w#x&~(_^b4P$p%c?T_xb%k6aVP||0AeIKy`qyzKjuB0=}~z z%#k&t@rf+pCO(srRE0u35hqZ%rrNHnmL zAppLE=kOV-Xv~{8S0!O*TUN$G$JK!A;CF?piSXH=r5vru19)|%E{^V>q>4#6%4zF_ z-|!9S1RCNw*bg-H1)fP6c@l96Hj=D@GkU(Bzhuc`OHE~0y`1#AzW?AMUd`{Ev(NQD zd9NXT2U&q^p+6eWi9YK~*F#s>>AL_qhkeiZBc56rDA9T3y~}(Z^BeTaxVe^j@g7^A zMFL#10=iTx8Y5mgeAo!zL_&g0rp|FM;|M$)KO^5sKxAC>LDeGsiZkW#XQvmXOSvYD zn{n>%#yoj{JpKxHGcitfNtKl7^;fEPKvg=Do3|-B%ynglvEZ!hf)ABGfHgiUcpQ%U z08?ygPb`p}q0tAW?e z^a*4&{gb@iJ++5F*X>s6b=*&K8o^_N132y-?wUtv97UrDXX?tQ=v4ZCQqx2$F3PpV zMTxdP&#Xnqt=2`sG3McPCb=t(%W;z%!R^Iu~?yfnI(P0Yzek}0mO1`Bo{23_>o~>^ClS2r8l8uB&=G>q zi}8`X$(peu^ba0&?%aiLv{NvuBm&Rqtbi4E05k=S^9=fGsemxAoMGNH`uI=HpP_N% zb0vTT&XW99T)e^Yl^uulOVAcvN2b%52f?FyyCS&5n-~KygN6tw>*0P~&~v#D{g^;= z?>_xK`HUbo{cv7||3UxSZjG8I*_xH<_Hkik3%1x^W+~Dy>(|FVm5pC7vQs&Ze4Y`U1Dpmb z*@54{O>dgN!$DubEpP)E57Kq;4iY12@M!!5@D}KTwPwdV*G&I-n(MZI(uN2sRrT)O z+jj!v?@G_i@c!T<;6*d>sv}6nIACdXjMQTfj@%i~)|!RN%NEKVJlv;7N_}W^kCqCK~;NhlSG7X|aB8#>ao? z@{9#qZz`H(BNGj~j-(4dgrPs`w|~54L;`amP);Ywbqo~*5JLq*c#wI^I5WZo>zikCw`|+yjF1uAoRxXjJIpo z-jW0Cu!rV&XRu%$2BD6fPYSl^CX6AvJ>qHjhk}m)9ua6Z;`;G>0$!F91ty zu*+6%9B7BN_|TrcrK>&h#ADW@alW#*@~zA|Sjm=kwj<$KE1Z9i?cBcAI$Sl+n)W=? zO7q@V$%!pe>~<*oC)G=`OrAW+o_+oqNBH0@01?UhyFld|PCD@<0kW}P=$_+1$Jsl6 z+<3e2;>&#NJAyf1$mvK7g!Ko~fhd{Uc|cad#phpa#~yR6{p80#vr8|&T$#n)lsS`Z zk14Z=(y0)FH)TbmIS?p0URg^J6N^pXIXT(>4uW%~KwhA-G5z`t@PG_k+4-I8Xe=Oq zEIK79**%A22w}9gAkW8!Gi15SM>2MHLY=3QGN-H5D@4IFlVv;tgLpdxAyCOgz)@PH zoPxHI&|%eKS_oVeV3-O!c4y3(>N_G}belG^KJhDsTNM>@-Zm(+g7sbPh}P5Wxo`Eh#~%Bub*i6Zo7S(iodS62mLl=1 zk>Xdsbq9XOZ+xQQ?+I3t_l^WhL(5uOq_T8kJ>FzZEN%dwGxx&%4krz5FV@$Fi@4_d4MY zS(@Tk!Xp~j^T#|2rF_7zcy}s1Yh}^8h+j!iW{Lk1)FZR{obxZ#J0-?=7Mk-b;o!mF zpung_w27dOlzz@)I6$%pa%9U^DN(R!GBjt-{J?oRe4kxQ&@YNU3P9&hU7eOum{6)w zoEI;is|pf}oDO+sArGc+c>ccP`)&kP?6l$?o$ZFB^6kanjIn!vb+;T1WNowiHcArM zUeUpd(x114R=upl9WyPVS$Er#{-oZOa=09o+r0!CPKoQTxxxb|7-HZX3JfxJ?CEFP z`4?SMiR+vF9l+og8G$$6e4Cx4a%N<-=jN{PNxR$xkZQ=$Rm!?W38MrJGX4VL+RuOb zD;v;%pp0=!aTnT6H(c#yw@|uiD3vIsJ$v*N^Nb8ooI*>M>OICXh;Xu;u97!nPCnIx zca(!;4V_j1zINY7PFfPr!2c~Sub}~g#*v~1UycG?%=4s^#@I!dUM@Xlh_7kj=RTnL zKL-H>wC>)Ji_tM<#r;VCI4x>rBUzkON$-(iKV$k-H}JtBl0LxiE;6{-#pSYC{17KT zPAU4%6s<2_G|!DLa0zq=U!2w}asNO7jM*k7?6lmXL3Tp#mG<1Vt?ZFU9=0yY#kQq% ztKJ9J&`LJ1l58Ah8#118-X%Zf7Dfd{bje$-#KviZpr zzEJ$&D9O5?{OD)KJNR%Yk+u7er~hu#WkBNe3yt+81A5G9V}AN+1Z})OBt@S z&%MB98gel|KMLqOPvZHS1H6rOLN>w=oHyvRuz*B7@hs``D^yj8`zeEU;U$-Qc`b~7 z=8lnh=(mW50!0Bg8t{*r6O;}ygd^S7v#3QkI9zAW_`r8Iz{AOy2L7pX>|z*qmTrs8 zMb9AljI~&*l3PobXorq)2pB_9Jk#l^@`(rXgK;z#9wHM54H{$*{OPYQPe@oGIeJU+ zTHBF$l&w#HN)=}07`%FhHSMie8RfpOZ8KA?aC0Ns$KBk~|GwUfMdhk$nqpV|E~lxl zUwxgOA$g0vnxCKR{Dok{Nh(`<_IXi>M)VG73fMwVH2y`0r1UyF3C=uYoQ)ni+J5l; zyX}VSZt~siDJd!T>MJk#j$PI)+{@g^R39fh7`_L6KvT=LYo1*V*vHWGAjw7Kc#iZ? zg2u5l#W8wNw(McvrHyTj+$~aKC8NV}hBIlyhK-)^b-5D1E;#o>cYuKh>=fqyy3&A6 z1lfpZFbC{^PC8yPR{hT!V%K2^X2B9THgr?l9+c$r7AX zT!#~n^$7GPcYl5FukGsVZgd|R__*CL54P02IY=-%tExW=nx5v+yo;WfjC4Y%>Krzy!wzcaNfibO8@ zc}=?pc_%I&&s^>|7<}@LqImkUZ^Lr0;M)wx9Dg(YgEmV(bVuu}~R+F;bCe*q|X^N|wqf>`=sh zU$}6-FBULFFFN&BAeze=!PoDB-|0Vm zE3I3%^>zO6gNa^ggnL52bnE)O4uBsF7+)F3=;?j>sM4GGFFPj*uCwOo8;2b}!uw@R zyz`Ouzz@gu1ldT6>eQ*L)>45vjn|WgB}+--0f!tPG{(BukRJHL6nxw{+*6c2iAoR3_ttzFIx)|LkBpdr>5`h~vODSX`M z<2|uF)|ZYR9wlujc%_g|scG6}zQT9uo`24HJ}!1uu2M-`0#(oy0Vb-2jT|}3Zoc&n zuV%*}@ps+*%X@sME6Kg9w8J~1{|2@h$A}u=!R61>JHS=+RVqm#yTNBFLy@!wO@Ncr zroHE-$)N*pm3jil_?(~vD%%jO0&e~L5An)!zEMK~N6tB(3tl{rYIML3A2GY7-Sg0fCpK$*i~-nFf}LHHj0ZdizgbUUK~)~d^=Jll z@?Rj3)Iim}iU--irXSifH+HlqpL)XjHCtut3-fGOMK8B0z;*Bq{34lwByRkp&UXaA zC_w>RvZbAJnqL2<-~>_r6~%mXxE{D7-!U?vGLrdnin$NWwdbZm%qK&{ngM5$%&)RjhXwWtG9#>)7Qtb!fAxEKdL$*mZO$XFN%Y{D*9Xj={gKva zOC|0n7)eXHN(`DQnxcPn18^R=u%n#ks`wS>X{<$+|5y)knicn8Y&;tq z4m%22iR@{sQr`5>4q?`;wp*=uApj=8*sMV5;QoD7_x~cV`OP~jFFd`4{qBLkS(^?= zS596Nt!QqgbFQ$2W8buroHuRrv|Cm7>Ri1OKsEcNkn!%WGlfJWM;_zIj1Z-NfI~$6 z%CBGT!kKq_Jo(ro_P_T(AR}p$JCkp?;bs@+l$1h|q&e_4Mv$KjiGM%;Z-1ZA=wpxb zTI?)1+vs6{IHh>0Hp(LcE;Qa3cESlK*)`W(Z?C`ciZ2d``OqVO@ooClbRVtKS@iYV zYp-};zPMtXGz>eG6P(3|OVQ)~W%Qq@%*LU^kE|La0_?r_Ci^?lZocVOFE_#5K(1{& zwmA&LnBt#@4g_3qgC~JARZflXC=O(HQ)+kckl}I~&-M2@bk)1j$aVy8+4TT^Q>upS z$3cUJI{w2Pc|QbY24GCXM~rk_gE4NBlN#)dFjNO{y{||kn{?BrVmo5!5DD+|e3wJd zUcKzXQ{h(%1b010Ya!UwYi0Gynu%ZCZcRr&t)SPxZOfdytV!CrHlTZ+8=9#SL^#M0 zQZQ{8Jp77dXda${Lv7Zqnf8oIP{J#440qT2y(m9J0C3`@2`&TxKfHo9;oinlh+ll^ zd4Jb1!6h2}VCF2nmsputX=!Qp{qOzA16uGCS3Z6;hBoci}zuQ5iBa_6P{%^_4*}YxXRy_Xs60E1Z0l?J9oD z8nzr~^~K5 z3h=8cb92n7NbWOLaM0;V<3z4rsHCXtr5vO1EnAl9!JUBv2Ksw|UwG+tPi%qbkp(s`#y|-i zG9P{Sq7*TdVw70258=O$Kl)cYLe3`wR_sP5YZ#}lD{a;261t6l)>Q~VaDm=+z#(>n zpVDveKOFSD!*|f&VJ?fQzQH>h$&6;ri;C7duL!bupd3~h*8E{m=c#;cb7g@adDO9v zTR1zoM_RPs7lGygA&n+V2K>rZtL@mMN7$*SpDWq8Q2J^MyJ+kH`|HbZE8($&b_mM} zq4CzMS7zJh9&bsbm)f>f)2;aZ8?AAl^Q}X@RsR01;loGxyL*NW8{x7k7@*J;PPa=h zx!i-X=>0E>zVEo@b~zT5p)XpyN%}9>z5Vu^mY%!Z@5k9eb6s9enP30keO|te66`pC zOO&)hg$y#~dB^ZgH{PQ4+ThQM;A*yT(E_jZbJdmCdRb=d3Ib#gJ@|X+S3_hFkMzE_ zZdK`e@uNy~aG6IR$N|QMfjy{ye-ChB{DT|AWlZyXbWNGR!-@AQF%F#A*azIl_z(RS zImUwA44=>wjqi!tVdC<$S3lQny_BMyWXMzAlZx||^0+%>`|v7+E?rY?;Go0ZD2AS} z!FX?4vw>Q-qmOk$Ww*~dcQQxMh@N)f{?#=7l>`Oi6UQi^dghtq{53^54-OwX)IOT_ zp(iY0=xb}e)Nmz<%sodmHO)%%6$t#`Hm9jh6)SE2f_ZKqk5%9Sxdtr3CFCLSB+H)n zY!P%_vSf*D-DmCU%dc{I)LhObbTo9t$&=r)PbBkj0J3|SbLe#Ju%)!(&|$+ps6k)@ z2O$p9d?h#VUcO5&y(Ol2&vQ)i;((O9w zR=kFQU~sNbka=?aHQA0f#V zy$62PR>wICB;)ix`sk7FEdKG`cPWv4ngZG*oR{-n;C8CQ036}%DT2k#vgzTQ%r8gx zPMGkvS0Vd@{Giw*y!#aY0=zPe!vSyr{^9xVYf=&m{G9cqjBO;>S9xOO$tRC*A1Z+>% z0*8A}PKIpoA+Arb#zTi6?S1jSM&5@?@FT59ugcQT^;{Q$f1{hAlN@oxF`m>%pgYVD zU7tiyp2@hQXGi0xOaFp1(Qd&qyZDl89M3jxT4!gR_BC7k>yEHjrmck{q;9q^LJ8Tef4#IZn^OL9VM%sGUim*7q|}G1)pDkABthN?(+YTzYmpMBv~>1JmsFul-e>-ghO zw0}PK52qu_*HUdnL-DaBYAj(~d;*uxYm6U0!OmZTc*yDGCQYN)`UwY*J8n#sUEs8! zXVJI*)fg0jUY+k10|pHq>W@NSVwWMWM~SYBM!+#uUnn_^k8sp6Cwjm5BAgcJk$(NU z=-t2DrC%o}NAChA`Lc!d$A0|>SLv2{vcHI@bl2u0Xskdq34Sw9>?iJ}Pw0|)*44%s zkrl;?RrTqWW@nDO!~?ONwA=Io*|+yAR+Z9jkn<^gJt0wdknoM*Y)C+Wk1{Il0HZif`Xt-zx-xv2X&lbYZ*Cqdur@#35y*?&lWGj?ham8g{ zcYG!xl^``T`qpoJ%Xtd6JjohI9C4(>j`?DrMPrKK!&tE;cm}@X2@?bpC0srJ@Z)Y% zuh6{n^Yc9*O?m7;{O*r#LsMO#KsE`RKZ89@zs#S~&%{RXwerdUp5ZM*`{Y2v7 zHWn;eU~|N*fA`DZdf@hf2mj!ifrZ-9maEL?7TN*ONsJ%G4}$8V-9{|fdI$~68=RjBJnBReF5x+_jzglMJo_n^_;hJ?t_Wpa5?B09t z^Ow_KaPBy}PRS!EfD0DPm0>r!O1Y)f%e0TC*vkbcTDzT@R=i@O_?5B&<@}~J1^l9` z0(&c@BvGQ7027MWwbxwl&TDp5;OtwpXrXH}|_x{Nn@vr~A74`+UhrWLFaW z3MVnyhaAISP*_=0cnkrC1KV|=>5Ke#XcI>s0zTS3NMKQ=G9_=grzZVCZ;AR1r}5H^ECuMR zm7vd}Gx~^>t#Tp9;Ee#h-M+i&i>-**`m6y!;6kCviCwkzcv z6WtLrbJwNTaLq*9zA;1ZEL4Viy+$tQ2K4Xmb6%FU%u6TDm^H(0mBX2gTV%82pk(uM z$vce2?|<)Z$;LJIgmwp#HHWSI03UQ=p$&b&`t zX+&{jCor-(TLx!G$xWvlUEf^ylAuvos9o#&4<*-k6Dx_LeY1SB)UVWTrsvCEdfB4~4PXIwr$ji_3;PYV73)y;%9s1=H+O4^M zpS4Eu^9K$Bv9cICN7f=|F>sNQDB&0Z5ie-uM$Z<}HVHAja|t6D+D1Mjilr*Jx+-xfoOqw|TuX7!`@*Te7pLg8;O_hV3rC`n^mth2u zGIFx)dw1UDJM;gn-7HkTA$f#%b_HD?xkovyE^>-)(rzJM`%)r09W-E|8|ajHL>>Xl zcA{_IHHs4oc*9GfePG?YXK$TLa=LA=#5!a)l`wE}U>8vGDpRtI%x|7eIjU0GCdfPZ z1AK}1YK>P3F8T#0;Qx&6WxewVK1)JaQBje<3!NRwnbPH3x7NEo1vg|g1~@o(s5a&X z+%e#GiU+bLRq|7?!ja^ zU3%}G@BcfqvwQck^aU4qqsx2m-nmoGoPN&Cg>HCX6KlZ^Q|Jy|8b=t3R#E;-9dM?e zcGIHQy!YORGPdiBw*67UVLgy1TjbzeC?~_8|NMwf=a{aY@UQ4KMNK6ecGs7~b6#)2 zKAtT{MlWS?SJm#3rFzHX7w!)aJ>uH5Zs*QA^Hg_%l9?{K0?=gqe(Ik}sA`vEOaKc#Lc3r^f_~)?&0q~Po6wDAk-g3*WCM)l|?_N1fTi8a9D8Jm_ znez;MzLa$Ay2*8v0L;!`orJMqfqVI-S9HSGEAGuVUX`u!p2=i*5B4iTBt2?AQI3Sf z*^5np9|W1fSaBpn+a!BJBgoSE;xp%IchPz0U0^a7KN@m*oa_SZ2a-+f8QIM=4nKsi z)ssB{uUV*s99_1yvDfR@t0(=;pT>u7khv(+b}pvYPc_~{0uOu#od6zbx`N;Z&r27N zWCuUG0(Gz*7D>;mqTmc|5%^_O3p^~)C;GwPbkrxh0`?E~If3uiO0pr*l|;2?o_j_- zJHho=VhssD)MqC%@Zcmv=1Dv7W$Yr3Qy#00G1#62nP|Hp6xNWnz>b6uf-7b>YrWug z@IKZ8TM7A$PKw>jcj{3{-lY!j4(1d69NhwZpgmsUfjmbRp^Nhe{{#lKK^^q+&@Q@1 z^%}M0uc+ZBPa0?K!I$BqR)mulB+lZ~=oi@ioXo&DSxd7M1Z#8?{BZ34Wv+>dRV;yx zQ%Oi(qhGFr=kVGl4I3zFdV=)NMVh}}9m9l%;^;1B6yfw zH`$&+M%SuY%iy|HItMyJBl*NRzMNprqv_t&mj+tv|YfG>>t*dh2Pzz5cNZ-x8B z0XXI!+yRb^jg4vS`a`#6F8DM6HFyL50C-|21QFTU%k$6yxNWZ_Q(f9)eFzrgFWxHp zK{o(z!AmRJ{l zCUi-7KKA511x5)Xw^qCjzE9v7y&L@-dSU2%2d_Et797X+ttb7R#3N{w1Z;HcOuc3Y zKK$Bi|8Te8ez%<#1kW^F5x>Y3k9h2fM-(4RGJBqJumO{Tod6CYPr)1DF;`=|_`;vr zyq1>|kR4V8PT?Uv` zsGwM$Xx;1D{`CU*7NOtGn>QLx;M+lWAubc_T>52Eps%Pui7}DLOndd}H?(ogQ_P0; z@C9R^<;V}chgkBceVbOsFF*R|W7)0^?Hc^|Kuf;t0H$LIp_?-2zf?9_`}Q5(KmPT) zCRM@|n)g2(AR~8_ArlK#NK9|jIyq`PpQHB(gaHFn&-XB?kLpm)z&6qaAjrQ2V0C8b3`xk6)Go_Fn zzT96W;>Ixr^8@jXfe0C3z$m2%I$(paV>~blGBIciVhZDkMf3w*@Ob@#1p#OW;R^17 z!x;E{avg?+aOF3S7KE;6L`95=!E8`)VK6Wk>TD*X`xK`wo4hm zLV3rjh@hT5XSVTN=5aLhEARxxhEM)HZF*y8n`BL(S(Ie%ZQKZaJZ+K@woaMO;Wx16 zeMiMahhzw|LkGo<<3(`R0jHHK{LT%YK|u%#`(dL^F$CsSR|?yN2@{m`(8WFbmzSg@ zH&eFXCz7QDbrj)fb959cq^L=Y!m)K3XUG735-%z)H`P(j`R7c6nvN9H@n$d<6 zWR@JWGo-{&=mXjK^|xQU+DWxc)`D+=K8A`0NYcV-QAY9)rI4g4WFaz`opa~{$VHwT zGIX%vX*C^-4o_En7!Wo=CBi(Qqg_(d6N5FEO0>7gzlu-Kle#js@IufOuLV^TA z9-ak%F&=4ytbBq?tRox&I%ix2e$f@8bQS0VdZHcXA1?(T0*0qCvKU>Jz)Vz5CWt<_ zsvf)nev9md{(a!r%VO{}F|o2at&q6{thmN^WHEhlst34hZHV5Zef(6=0=L0;cCwC@ z!P}-yTlZHvZ)?`9Wyu=)XY2zlQi!kqRzWmH})Giumy{!I%E)Si3^3~_AiFgwRH@|Vp zz-y6FX-Zr|FAslHr%g2@2p&Owcnk87R}_$0OuN7w*@oUj!UvhT@U0+oxyK(z)8TwV zmhng5$TsWZ2no`7>0eE?a_IA$wBi?-$+N4h-lW@iE14;soP zKc#c-k~{%sUVi#l;-Ke3PXvB_QlpOQ6d#5*IC_rb?>M;zCm4n~`Y-iOenL;`i#ELc zR3D&l!baoBd@h^7h^)={Oa-gA{Z z4s*pTHF9N*rk)ZWZjG~aXQgH!H@3;e`f)dFm)1_p{bcl z)L;%#n&KX92U{B&KtIT)XX%sB6i!%d?{!K<`Rub#km}YSwhaM%?vZg%;07A!6r3SH z47RpRPt{=Pi!m020=)4@FdFm$a6d0ug02V8@OB-?pcgY|9=J{NLa^%+6-Xj!kkcn{ zOu=7}CBfMml_lW5mnGnS!QG8h5Y{O^hQk8^cnvbQND;m3Qn)%@^7bsfTA`PA_+tAE z8}^#~UK>nz23IN241tU3GqmYJ0aN%8_jK8K89Zb7h~ZYRT9s;&>t(GEo`r{fpjXCq z(WzHKUqGj@XSAz{0`GxOVz1*E=RRB!o`OyGtxn#9cLkdQeFd41uE1QPem}1(6t^HP z{*%Dha3lwxBYY3u1kZ#=fByNWOwxh_*wOfA7&o@j1nu;lBERFEH{E8ZX<>g49`wDd zM&h>op9Bbj591h+#ls2u0w4Gx{#RrIN!{oi%!|4Or7(80XEh-BA%$Qo$&v6n_#g#% z;Nu8>FZemO7L0Vo3U437-)Ikin5LQC9;YI39a$9B$En0g7l?-7>!Mxiu}c!?J3JNM zO4~Vb^ZpLT#2C;=keTSM{Lu!sI|-niI6^(IcPMc|GHvOy#b)1=$Q^e7*(3|nKY|~2 zNnHh~KK=R&JFVx5M;{klmKl5pe)pYD3;9m-A-L`X@$BFOj#FjdvZ>1Ol7OXNtA;O$ zdp`^tYP3V*1GqR}I~#!)GzEPCKj;I!Vy-q$OjhC=^hJB<<)-Ur=?2Js^nL0RQ(%4Y zUqQ>@3UJ5v=aac?(I0d>a?}XZEwKH=GbGZo!3>+7O;zar_~_vUB&MOCv5|tH)FSz~ z@FftFAgP@36F39s@Kr#2!4Bc%6z=b<04owesmplzBq{KM+rWwfQ#&4M-TAN`*yc)-)QxL3pmUx%Sf0&zXpb^k0n~DJ;p~{ zjFq-2jFaEswIxdH8StIw3Um<+(YHEv?dHDx`b+Ih?W7&zewQ~fmk$PfEPv5RgC{zu zCTMfT=gDhJpcB6-k+m*lz9fnLyqW|0ry zX_q|muBvdF!sY~$80LKUjcqJMX9nKbN(4fo8GOd{#R)?2GBzM`51$h;BMNv*`{vU^ z-f8~WvK(jLR3|$c{%OtLf9Gwp!#j8BZpl^n$1UMNFhEve^KuFvI6w4qtk3r;Z>WDR@|*waQ{ zbEMBhE%~wom~8p!vvd@Z6seVRpw_Ng%alDbv0r=RH49>BUdDuBZo6ksR~9NO563INxek!(*RL;RsANYsglG7q z1SSgrqu;|l+NW*+upvXFZ?1=XJWrwi{O z?kJRvweyjT;>F6+M|lnWiYz7+WgN|+ux^wn&+y;jO}-YtWBFC|TELC4w%ntbattq# zumn{o{yBJAZvMuz_PqEt$tf7A1jVx3(l`l9lUzWFjysGkb{tmmIQS>b+ome`d08ib z>pRMnK3ruvE(idT>A7OXQtuSBJD!$#Hmskuvxk53We2c^X6;B}nWI4GIcJ<@M~{sj zJ<^opstT~OBUhqGh2w*^xMC$M>Ai$ky7g&~>EZRRP_bkUn9MqiY>#h@pYJG<&{jn$ zbW?@v;6E_plR}0r_?4bM%@kv<^Q@{EzY4N1;1$pCowlhLaF6TJzVoUd>gIJX+7|bB zuTw~loVDhp4*k#`$yq4ae5Z}Qjl*un|2d{00G@<(XJWCx+1VS2=Kk5*WwS!x-+t#UlVgn6)3RhmAsutRb+Rkp z>`}LE?QFMY_M@&y;$C!l!31YX)27YL5lcW6qnP$E%O3 z{2zlrSR?;KaMOQby}~C6j^GQsOK@8841bjH8S2`_JpN%VkK_*Es@1BxX*1ZVTH1D# zG|=f*XP$AkB~(CDCPRcfhNl{@T+=RL`wUmE*+bg+JI!sG_k=4_anCg6oy&!^!=;6s z5UVT!FG^GF7O1JjE95NlHveb}-j&0@@`I*Gydd~tE1E?^1VwQ+vA)MDO)ABc)MciI#!mbmB@f0wQ?*Pt&K^zB{z_r7<12|bbfY;0afUHM;FI&FcU2)kJ zw&U)LFFvy%5CI=#d^X<}Uc&Q9&;;MZ(TQO>s2Aig*U+g5g7OYuPQW7ZIs}b#KO;=f zvUQj@?eG_P33Wr;b`8Qf415jV9Qvmp_!>3@em;0Ij`HN>Wa&RO%t_B~;PU0m$?n+X zPXyF1$-MNU==f$5FIa5AZS@&b^xa&ixy`aE+TuO)t_niIl-LwK6uvxM|>w(YCAbKH|7JZ zpi_KZ(fKiVU=d&$aFJ{L@jKiL&+*&f7s1`U>QFyC1HI5UCxUP-v<i=<{~r5dH};*jE$Oql9_wPyPL=8|WakA3pd0Sp}JaPlS|t zwjk{QZr;3^8$W5Xf_ocG7bc1K9G&7sfRlII!js|07UUIRp?G{`#S{RnnTRcw0 z*pdQ5h~H2@2T#1t25h6W5$=a;JVTwmT@Q9Kv;ds>3+;x4mvAjyr(NnJcac4uYR9{K zIR%e^CiRi41dSO#g)tFmCNUzfF>x*0J_!RGWoM*HE)&<{gxyfW{KCBGkMB|6G0@ z%V^2m}I3jC0fMzBAphz@pccIzfw;u1>sPzqe4 zCh3E})QRE`ZQ3gllpPr>n}G#o&=4}#WS7&cQ>NV~no4qoEAEY^kl>VEcKQ|c zgu^yUQyCcK<0`mSnDg^+2^Q&GH*eviG!Z%S@l_SeF{(dVPzxgYyGuWQg0ySI6D zLQcV+_x5oVKXQ*Fz#!+TqwQOCZj3$lx5<*FizG|DU56}*+jU3VDj#3tHRpL&z=x!+ z2X&18Hf?@rp;JW&+#;Lt-^G@|yQ2J%I#HVEH?{+>bekssAG!+8`|vFHDgK$<{DEt+ z^p&ga+|_gOu2?=6`}lBhTQ5AnzxBfjBB6fx4DDopf;ZVea({_^2K^+e>*uar z(0+NJ4)mlm2i+Za-s%(qbM1AaXV|e4KS-UAjv?+(|w7GM-hAF;oACiYtF zZ***eTv3_|eL+jn{=)UxHe&mUeTLt$^N4LD_IK#(U_JwU_Vw)k)(h?IZ~Z_A2l^cK z?OCt1hsO)-Cjn{J6`u~regE>>D_tQSCET@*VpZB<8yl-)BET?KwuA|K`1&}N_glf4 zz1|vRSXhJLTjqDTM>`}uVdqA#?dy7|8=j?pXjjc!33V7(_|Du(l;9Md&lOXvELn`~ z3_dsfc4bP}@(pDD%aPV3p;LT+!6x$+Lcjc?9)4qXJ#(@jr+IiAK4;E3@W_G_vMfiO zS)+ON1B!9-SYEKQhw}I*%sY=;`*mqg&*ybL_FC-ky>*DZ;6w~y6Lt>AKF@D|Ee2S7 zYj`jBcIWDQsl2aSAUBMe44giCi8B*{XvlbC&|%SiJBs}4=ty~s^oJ8UHt3SOH-N+0 z-?YzP01U{?aSmh%BajMmVay1OSfS!^KYtdqAkRNOwj%=p|85lD7c`ff?vBhDj)q>K zM|cTJZl6=cuk;`M3i=HEB@2rBP&QVn&RP5_$0?oHJb^daRJ_B%+LLe(?a?;;kv@+W zezj!>?*xeylhtv46@kcpeI=m5aZ{n>r|}TlJkZauiqHYOb@`)^Wkv}~q5VMnf(}Y6 z0b-YE0NEX@wfTyM@8CMS>Gvd?arB~Cl3g6=BkS=3^?@>v(;OH@3u7+G2;Ge6Cp=-_+Oo2m6CBqhtH#>dxm)~cf9;R1z?|9fOi+Sj zanXx78alv_#2)UkOB0yUX1wGN1oFbc{Al@bwVNMf%iV?#%%IytPks7mLzZxi-_X^e z(rNC#^5>TylRv&Xwngs6%Yj4SQ1JCoo;~o99{dwRYqM)NZ;>r4xl~;5OYYvYxA5H` zx6O%n#;;9M<@96xHlUSvgXP=|-}ZDp+|TQCPtW9aJ+EtdwYj%zS#7Xh$YhQ-$IjSb3MApAF*xjv7&B-y0M>oduD&`h4w<-@H>2l z>j(RpS3A09FczNiTF_h~p86{IPBv}Y>~~CCg{&L?_5uH!uK{3Ig9)Id6xtT3C2LZ< z4NdoV68PP}34oOL&Iiad!r=Lipo(TS@77fTyAU0J0UKI;IL814jyA{GPYLpDeih-i zyVGYDFFQbf#e2F?987u0nj~%eKoWc}he!UDFxXe$yTfB&PsH!%1p#E(o|LP+>L2NA z0bdzo-fJG{fFRGl<+kCvWV2o#r24z#dI+B6-Pe(x{l5A`@7PzJ`29Epazo%~mc`Je z>GBcU&6`$57$k)32Tw5Qh;?k%F;gZPBSgh-botobEx93DuzuwYkAgMEV`emxOB}~` z^p=QyoZmDhpzzLF z7tZGI2oAipfDf&;OoAPs{EAO1s5Lik;Nf!yh9-Hgnh%|z<9#m+TGi|eUBqvBMyOr4T1f~?*pT$ zyppT}B=*10@I?GG4uLoX;t2@!E$1fn$xX z4h0tRXO9gCz*{Tm)hpZeN~1mV*<)j_@mU<35a9K&#fpV@%X8Y=f!c{Va5*di;GE{; z-{KI6Lm&=;I0WJlh(jO_fj9)>5Qsw{4uLoX;t+^KAP#{z1mX~gLm&=;I0WJlh(jO_ zfj9)>5I9^A@VnVLF=E<`S#J4?mG;i{13Ojaa3tUmygMB29ts>oK=Dw&Z`2Xc-8y%)cg*Xs=tIJv!w>-WgXbmF`%@smaOA}P)Q{IWHX*RL zV}a}_k^^Lt2lLFa3EB9p_67m)gm<&@&fdKijviF@Se#$&6-x1&M=bt-QSUt#S>U_dvD!gqOT)`yOEh4^w*&J!JBcUy3OpN`jyL*P&$AT?LV=N5IP zOO^anGx6(j2;?UO;LF4-`13n|_kytd(eXZ_9{bTkOci`V zMT!(wmc?|pXx?0xpzZcW3m0))R<6vc$(Xb3#a8XwyYl7ATM&4EgicN)xxYmXSYBjr zhO?B&gDIgcK8uM-@Url2dQtYFjPGE^aojv3d?-=8geem!6amgKT$GU_G90#S<-L>p zE-2GQixf3OBfMjB-%lOc8UerZqu2awD?i3_G`5i-ulD3=X>M7@0#~F$1&=%MtH7ti zrzY2?Lq}J(OxZ)`S4Sh9j@2>e2Mxux0ZviiVcCkK@W>1997rOkD1}rXGz(=Xim7B| zY`fupet#B{LIJ=0apHLA)~z!-ppWgVSLe_{=(Kn-*Y$)hMkkE(a0c;g{^lqToge&X zF}*i~wP2pK`%@JR4|?A!o#J51!Qe!WER`;1?}|K_p7;F>@)sO0Uc9(fCQ%?S-HCUY zP*0FnDVyGfe^DF^eBxl%Hne?sK9%&eagf`o z_v}fna_crbH*ONx3v==x#IuNNq03jSP%+Q-&X2K$_ulN#JH?9@EoL(Kpn_u>H$01V z0vFKnxAX4di0*l?<7FM8Z`Qq_>YoQYw>>?VZ}cSCg%ao{&_(R^@H?BHV&rFdu3*tq zn4f5B!&h$S)}2OEYd1MJesUlt&5W-URd3zCgO04La9C&xUR_v8U)Wf{3tr84J`a=@ zphrsVJHzebG5k+~!2P2}mK?)~5TDu}Apmb7_`7E98aICQD63bha%H!1{W_-?_~txU zSc=4sovvD)x~_3*1LH$EH*m<9Z~C-;HH1Cd^lIx+$3|aAsxVgYammspE^X38Maqi1(t20w zhLy{G-dY$)f+nqc6oL~O=Fr0$&$^3qb^$z%YsD0-e ze*~{-H?$q}@+i#F!Sibj(RL5lcesV7WdH0^0%oDYCG~xWwBf7-=R$nXUBdkG!=}px z=iJ@=N+ilpe z!I%dQK_faFxkoabFe68gbQ2~{aETQw=E^3rNvgfPkTHs+e5X(9VYu>p?Bt2AYGNf< zy=pbP7HuQfvj8&EN3<=N8bDWsJvRn8W4(KeV4V`VP(UHwP!_w?(ffhtWLCF-!eVtHFmC9 zZLJxw0@m{td@HBGTB%Z{{L8I1QL+Teo?sR18BZo zjIzU3z(f*kHgDeS%9ShUo_O$2u4KuQ_M1LK(A4+u`73ol{OEm~b5Y(!p?QV-u{@u- z2s|nt-}z>AqDNxoWbAc*!$*YTxGXsBk)kpz-KtcsVsnh`i@JGTvlWYhRcJR_pYM!~`pEN5!jtM%t6IWL zH0aJ8SPSM*HES%Py~F*<7`JcVD*4MebJplU`UO82JL^rd8D)#slWWj(5nZDn;J|hC zn}8e86Z7A`eVf(iS?Ur%0d`x(2Y5cn_vf&%s4si49kkdZD1CN&L&Uo0cabv8lN{QGYa%QP7>g6@2&}Q^rbbVOE z)oWH8|HNjcJzB5iwPY18h0?Q~p(Pp0VGwV9{`Gbz2CrYgR z40HxPh2Ug?fLkHy0^66mQVpLKO(nb48@9N171z0IekJ*zO;a8l5~NQIA3n^Dn=sB* zuU0*VraW%vg@?dKAXSOdsBhEX^Vg9@1W?juq`MUg&a`US#7&z!%hj({$5pDBXh{(? z;cM?rwia?rmn}8$ChEC8%2sR3w-#tTXH6I%#ozbe3--Uja{G4AuMc*lvA9n=dzU3% zM+8pbcp>4)-eif_9giNE9xNQ=&lOAvKqJUR{5Z{;G;>#9d5!UIYzT0Zd#aLEe8T^t zMT^|KAG~Y2ARfe?7Jy<1-t;I){1*HYAv?fSz0>=nC2MU__qh!l#)lGSVig>lFH+ggM)f zO!4afrlx9uxJtEvDj7c=Iq;9wF=ya4c}HH#nitaRzp?!0r)cZ(M-bSo9KV`rTS63x3v zfMg#P@?&rCRNlaUL|05pF=SQ*0# zZAqZ`w$>N{pja}#C;#}Un>~A``}X^9T_pvTDWU%`t{jJw?;{BR7!cV{`VR;b9ScE% z*mij!j2XDmZYX(OXB?DJk2bS^=K)jt3l4VL3rNho$bLid1Sb2MPk1);%kStMtv$6# z;W}+nxXxOjVDvhvrzr_2|NN#coaFWE$;l_BVOsiBUE7&0Xn8(5F4{%eBJhi$K_Hnx z9oGv=0lq~v#-;fa+FDO0E$l+;6-xBk@ErHT zb*{le0(8Rl@cgm<$$X)gxeMmI3(vd2b?bJLn=O9TtZ8#sN_0Pcdb;5uIGP|>akM3{ zKL5N6-E)6=M!}6uuB3z|@018M66i1R7hsqdorZv5xF6_-cA~Vx{V2cV-tk-vXSHsj zM1Kbyx4T(&!Zqp#{El7&o`Ht;M32$>d9^{?$d~FhYT4Q?S)6HWR=s*nS5yYoN*O*l zvsp*_N|X#qK!)i*49eA#d$e1zVkP05k`7Gl7jmmst&lQS(v>Y&!7a?3CpdZJLa^XC8afRhA5e2RClj1cu}0%$X&_&}ZAD+;82w&84O`uprDm58mfGwr*>| zj)14k1)PuKG}pp!;EBxPGm7hZU5B1e3JG@JaC9IH~5RpC&sx zckE=cJzWlOPMiqi^kc@D@p6e>g)qm^W}v&+-%)tx$UN~2wG*8)&rui~yCC}i;tIj9 zlzacfcU>ucT3wAdR^Enravz=of7rBXlUuHg?3y)dT6@5idh{RdGdecp!Z6Z zs~Wv7UX)?5tW>Fr^u;np&+FE$wSJ)4%2g8WJM>QfYu2nX94uS5yelak1v~>LYuBwY z*e2Di?G`Uy=(fx8!g@r<<2Un;;ug4bV&|@wz_3!M zb3FCXW5TVeZpaTq_NbTB4(m+`xXW*xQGAvuQ^r+L0Qs4R|LoGz($v;qOB$qap5+<- zC^_Q=&pdyNT^pVO_nS0oVz@9ZJ%BFvd}hF1l6F>l%mzpasc_=h&5 zV~+mjdnlpKzOFH+Ku?D%KPy+R=88%0&&-@}>t3x|lF`>n@w!c$Hi#B<5|A9O$j=;j zZ8v&j9LP_er@%*7uU=^|OsZMOEn2w1;2-cQ%=3tT3b$S1(r(9^Ph9E7&$$xGXNacK z-L~>6qN&QVkq642^|;Tt!1way%e(W>ztGLeN*F4ZwdB*IC1WKh*PU z?PU|saGy`)&z-m4X>>4b_)vHGWmmWvk`F_MimobodzZTW(MD*KzCvNF9oluUpV(a3 zZ}dssK-2uz4NlOt3nCS z?@t@l39Vw)n#q@06v>PoFtmCwM4%E@D%_Q)tsR4@l2TlG7evA*7v`E<)R(K)*c8 zrh~N_X9!Z^52FwIr%n#v!sn8suY~Kg5$eH9is)JNO`fMfpZK>LOIJV-NlTk*JO{oQ zcoS{WCnxqSTeM7LNz(H^_(eMbZq$qN9qXU~{S$a;7-O#AV!gZhyCT<^#%|9^X$F2} z5;u>og9Rs))#!Fr1%EpmZIxVfHc0>of${CIS#xs;` zT*$)n@O!uWsvE9FpNn3j|5ByOXnciivmL&r*nn23ANrxKaLwA)n(k2IYn?hNvai;< zRnoZ&Yfd$)*D@O&UljU1{weI-09V?>cHgAA*G#G-dRbz&ec*kxU2qHfta!$jS*~nb z`C$^1-O{z2-5GV(y9es8lZ-)U&KW&(9y4Z?`|JxJQ-VJnSn)W-hRE3q=DGTHlC^Fn zh3{F!bYP9;b8TSZfE^3}3++Z}HPp$kPp^69Lu*VBhxZII_}2H_>t@cJ z<$ihX748oTpw>@Kb=O>VnG?n%tzCkQrkxU=?K^dLe|X>_3Cn73=A7B)Fl4eYwWZ6J z88fLYBb2}}${|R)Qi5Z(44gzAHAg^ps+=s>UUi+TrZ(<>=ziBs3RNv-Ff*P>lg3H# zv^NC{fJ1yJcI<%R{vz!tAp4GX5JZzT_FrE8OIKaa%A0?4n>(#%A2G$c=48NW$=DVx zUhFn%AsH7APR7a(!s0p>6Qz~*8A~{>E(%(n=h=|`xMs~7J3@o&9J{ej&sG(KEvsWU zKorKzZUO{L1vvvaUN67_VZB1ia~TmT!jLwWEnj9x$G9lKigp+)I~x`*WxktSwJO?` zBWESYD&vqQ>x1@67B6Y3f zLWUjQLD68WIQBTYr2iFH*&0sNcg77IW5*ty$C3DM40hWVIdv*(XMA1Z=2(LP<44#^ z2HP4USWs9PGY&5bYfC_b;0uM!Z|dOm!eN{?b)xRWWO9z%jP7~>=Bz(T0@rDe=P9fc zf8n}aJP!T=AAtSr^l7d|i&o|UzU8K0y2t+fjH{7U-CcY2<<5?&TE0B{v-c@|-R-}= z(}E~zdakq#f-PG%3CCC1cam60f(i5p7@^;lt5z8gs!Z@t>&gyw6iWh4D2~;uYIlbe zDR>?yA;9lKApnLUN`^2yG+C?Tu>?E~^v?Q$*U$*xeUcBEm^g}kAU)tXi6ddBE!n-) z2j8JJXsAX~EjM+_1o34BE+l*r=9JJbebbM%D>;O+48d|8x<&!7R;`B1STNVFHEGh) z6&FvX{VG+e$$*-!K=3k`oSbTX1%q|7WXdWzs^OC<^%_|H9eM^Oo;r*tIi-Oq*eKV~ zJ!8tx;(5zXw?(k5tWy>S4I1R0dg2lH{9j+T#D^PixK_tOm)B9yYn+f<9?R{n|JB!t zFJJ7c2`Ay>z=b3%3=hL^IVO>Tw9QUXct5g>g1lTTS%>qZN@8WB3+9A_1{t_P@{vR? zXkeiNVK-iXvmBah-Tn97?Rxe(#hypb(I50g00%h3`w8kIdvK`mJbi%=IE;{c{ra6{ zhRl#*LyYE@h_;Z0$Uk<+E|I~HGYPrEJfOXja?GL(i@UlNlJl%hdC_6cI(X$7Lzp>% zKTAZ%6|>|uI0AoQY{>pOnG4+YHEUU)%we@;JMs@0BEwdiysc>Z19PGd`T&loX*1H@ zS*M>R=UE5$`hQ<@%hgX+?XZQPEEAt%cO<_FfaHwN2X^PopXbgy`+V1?Z9DhW(@(gs zzWvIzZP{9|Lbvh?Ds8M0{1PSqfh&c3jANDf7&;fa0qe>iV_zX11Kk82in&t%hF{&} z8Z>CA-@9BNt=Xrae(VMf`QCQ1Ey&DpJ(cWr@kN)IKDP9qe|PgWHr9;w3Wat8eTQq% zcyQpMYatT@y;BD~pg{Lt?iV(`5a^fsIC$zN*LUgDCcE`(S8KgW8vWUW`iDLO-moT= z(5~;#zbCtf5C!SE#rKF^qzDGMdH9wNIs8?IY zHaa4B3C=;)nHlq3`36l4j`Oq=uP{eb{Uk-B(R+V)>bU2k<>c5|yT}cEsjq8&>OF31 zk&E4PxBNWMQ4RRyOA7=&^S2k=$tRv<`aA0gy(8z?RTxgrfQAV^u_K+M(9s21Gjw#L zBf(~=cxIyXC2$d4`HVBplGAvJd+Y80%4t_uf$~M!&S7>0ZB~*)6(u-?qzZV`LM4|X zXRBoC)idYJa<|-Yi{bB`x8LF}`q`zXk1dv7A9Q@4*(6#<7Y}&3T(p71iS^nbT8BqO zPd|Vjz?X4TCb=u6f7Yy3+f9FZx~(;1LnlXm^Zb%b9E-b*2f;5^Nk4%9!6V^2z+}@V z*(H_a96JQVG`dK;(-Sf?xBSFGjp4~WurmVQLl4MLufsxjKKKQFm(%Ne>eQ`g@)Mc0 zXZe|<=R(&M?C9~{E`GJ zV2^BNT(pfm#i(8>zFS`WYKN}PpFdk|ijQlKN50@(Ku(Cxb>b;BwQ+TZ`}U>NT-$yR zxJe0TyJv3x#qPrrPyG1p_g(vT?cFPHyz06t$jVxPBk*2$GCSbIE;!(jmt6=x@f>Tr zLe9JjN-9H6d@X0zV~;=MIxDearUEG>CDo~u?3PKcK!ZF3zecWEU9fd-$grU%Q-m)axE;}HL$Oll{68<)C z-sqY(ZSBelXSc$Cs#JILrBjk*R8{(AvSbN(O+m)ttlc6VvTkxcYsa4+;S;u(ELo)F z!Sb$})^P6JnbJ{zD%=myh<_e$5P(MDN$_b-Fd!-a;fEh_qecvI@4f$t8~E+l?!_0L z%eE`TWSksm?wRLaluh2!Wj^*N*C@52ferdYc4kU8Z<7sj$FF~5a`FeA$VJcvT^;{f zW$9sw@;6PKI@w*@|60k5T9&X)0x9|hIzPHTb~d~QdJcv0!lNdoO>zA%y~5S6pX&bd z!n4NvumRvv%jM51C%znP{MFJ+yz5x{uzX=Ps#Q~)@-0f{qwBz*vF%q#k4G;-S7$D@ z<+oWN|JD_kU1>hXNs}iUf5u<19JwWZ0UK(8?1hs~?BTj}>FVBj_ianCt1bHheF%F6 zo*w*Q=%?_kf>wea0pF*&zG){=u#UrHhF-)Q(m%e=8S0? z-%iulNzy^zXPoFNOT}ZWD_DZR8NHSHZIup+t-fRDc1yrnrL|-n++$7!ulVEz@c#RO zU%PXZ42ga6i=SWM&OY}d*S~*%_sC-pyQw;*QwS{oz1~+*Sc|e_mwV^E0h(hiH*dyt z*I4$RU(+HM6h_{oH<0){UpmB%H{5Kx^n^*{1+Us#`@*7U#R3v4o8KBb!cUBT!8&1U zGbUv7TIny?2NY=dp1bdLqsNSLZ;Bq;w`^^CKYS(>=nERRG03*ZpTIT#NQ6c=0Z&Ya zS9<~1uv3uPRh8Upy1ry9b_;eIzCCPk^wr>hV7yhO&!kPC<}N(#P&72nj;qA?pVG15SdOzzqM^2}*pw^N!!Ruaz`0 zYV;`i2eoMteis20&j)@14&l$CJ^EqYxkuZ4r%*qyf}YN^;Xcn%Li?c&+Qv6kNwV|Q zll$7{rx}_fb7qc|FduAb+6?2P4V%Blb~sBIYv?2V<}+FXOrqDL*MJyLFlOkfvgmiU zUHCFKH@W>B88b6mq|2GRE5v(3`k{ME*0CchhL<1>Q zAQag~I2-FF*E3`UsW^s`1%TnhwE7AWas14fIm335;D|x#Y2UWJf?l=EX*g8IX4_V6 zT#M!{EnE7sOD=Qcb!78UW%93()AG_wu5cAm1|__3?lfxHNCLl_8#{K438~XgJ>8z0 zHEX6DuXi7IXxqUxZ{EU$(66q%)=k&0K0U8b~?DIs4;?;U=VdoYcz^RG2(H7rcJdSLG9#Rz>!u*K}lc)Vb9Wz9Te)CNi|)UPB;f<*l*S`n-IiY zm@}|HyFnv^_wW(JY}pwzj&d@Q`<~j+&C{-sbj=IoM}VJm<~b%X(v>YfYV2rNTM9uS z*lVu4!6jCzWWnHti!ux+xW~AFNBw%Ku9wyT!Wkjh;iy26vNNDhuan)}HtmeK!KH$y z3wwbA4A}vMp-+bQ8aa{?&S95n1u3E^nkbpf+dH(2nM2tE5mNk(sS7R?;Dho&n>CUW zjmDOnk^{5fsWq=4Jg+E2Y_nS-#SD5Yr@Amf7#8bFwqp=zVU4ZvQsdAD#xzDKz0xU4T;sZvTT#xQOweCug5s!k8u`A?w zTpt`*7z8+cDXbB}+tsUA82;CgaD}%JlvyvDDpst7*0MYruw+mf1mFH+ z{6RaO9?L0dq^1R4*Q{apkXPWihLX$9y|oG$5ri!%M+J0PrgT~DmR%rzrPl)pCl)Tu zut0DL8T#qzlP#07b(@ZAH_3uK?D(V43FAju0FW`lFpJAE&GVBcj+KnqXk(|JjT_g? zuw0j|nA^nj`ya1Ex}xGU&_8mP0{#gEuDE2~Ns=SngGS)_?0jduBs)-$Yps>E1JB10 zPDxJDYaPbh^-C1!!x2Az!gzx<@J0@mRWO8I_I{_mKQ{M_)6dM7Pvca-d)Mv?t~Ifw zs>`puMkjI1GP&Jd!KLcetK09uqdPq4ZI8;lz0nTv@O=NbIR_L2K%$+gAwUeCa z-o1zQKXuv^?b>T9S#`R`yvh9_y@KcZ^gh|zLUw^$C!W~NcHB&wJjs4DcN8;}=LV?_ zM4J^%c|)&QBu5pmx4;S1{lxBq+e&j9byEAo)P6C+w^`$+E?KYw1_YgWWk%P|Cz|}7 zBKh1ydIiQZZH*l_#?_Lup>^vvwgbC|#y%h*jgd(Ld($yjrm^y=B$@VaJ_PliC3gSR))=`A>cmP+S7_0-es6Fh?7 zLchR`#E>C_2Prrr*l8VE!;|}*Vg@UY)Vb0(xsJRz_nh;Lf2T=TN9XO{rJMButglqE zXGX>X_x+%6Z7eu>;bo_&tqSWRK5_s6KmbWZK~x$8yBX8v+#$K4M~|MSC*w%2BphZQ z>|VlA1Wkov{6^!1)@X}>(7D=Cfj&J_`g<)oetSw!XD&FgIBlUz=Prg96DCbC{)SGC za~d9+A37Ox1?Nhamb{c4BT)x9R<2UXcD}G~IB(Dcq3d;$b4805H+;vILnbU=p`f7n zTxFbNf-O5{&}op9%o&=gTD6AhtzIU32UIo5PfN^Eo5)b)cA2s|CRk&Dc9twzC|D=j zcrq5uH5y0O&zzBF^xCR*2a})3S#(v}7(3?2i2Rh!CV7hkX3CWD#vhQYtUWq0@)kWI zGgI^wS*NgGNA^=RCHmO4Lq|-?0a{I+7b;%Kl@d+$>~*4kDB)8>Rs>Gvcn%%3+~i4bi~pUjYK zDOsYF(bm{8!>xUEQg&$JSOV_Q3++K8+(TXwd_a~I$?zu-utw1}%MbX*+lWJ8j}XYx z1;9IK30_t&C0T*g)pl$swrnHu3j9CZBZx6VdakM){?aaTAN~OEN|pcc5lC=Ic9A zdN}k;LK%IXa`LIBAK?E(*C3GHawJq5t*!c8SLi`fDoc>p;KJX#gl{Ln;fOnE`i9UlI zpw0Fj8mitVH*vgd9F4hgljf$IaF6Ha&Y9^*reS>O82Ic=Cz0NYj!&Q1iO5FAg6{yi zfGtp})X|fG13t^cVtyxNVI%qO2~bp2(gaC)*!dYc>5~F3Tamm5M(8HsCMSSy+OW}~ zXDn8NulZB7rr_@nO28&5tfF8{g7b;e$!pZ8VJDrS>!bU2m+gyh8$BLdAD=bBx3kYY z+w5Q3;gnD81aKwDHNK+9X6==dpcf zNOwVRp>OE;WclqUO`725&Yy3(4S{X!VeDs;R9b3>b4qfG@gekl{2&~S3|)IYPCi%7 zi-LcO@q!b`Z+6^*>+C!SP6UlerbIvX_$vR1aEgIW?$}tgLSyOBL4E<9Cc>tr z>C^p51+>FP2lzTRId&`KVoun6j61A}O}aq+qr{Q~ZKl|~)fKPQ%&l9R?uP&GCfDhr z7nR`L);<5+y{=Hj8gAEC+2ZA^xmEJ(b?thBd*H#x6eO+Sew6$od0?~VPSOC0@!$>q zUJ?&T3IOlWEw>34B-PiH4-hYABVh@cJ$LZO# zxADw3bvj)$;WfScUw8e^TB-ge|ZbIk8Tf8aSdONsslj+Q{A z>-3FWp}?1*am)x3?9n8UEfiouDPBVH64|}b1@RW|pHYxp?d+*t#t~#J?LbTTnC3}m zr!;EZ+{OX@CW~hv3-ArGL8zK=02>6Kk_B{CpD{yQ_%KKwg5NSvZ0Hi&s6gT;wg5h5 zP00Gl&wuha0GvHC&-D1oV)3_53=yD$XiVB1Mlw=NFo@kSaS#Y&=!WZW6u^X}B91Oy zPIQ9@fA1c7`Z4$PBTq@GYh}!_ckh$U=}KlkM4~3$2@0%`$$VPheik%FQ9D&keWUvR z=PQ5H?!CLjph}uRxb4>4wIJ2yAXp{GZg*Gp^G^&}%B!sejiH?syR}j}*>!+Y_xU$p zy62vFR*O~3kOk-QH@fz|-i3IFjH~2M<{je z+RYdR$TU_0@49QQcPTnT1EJVS&h~)=zjjYP{)qdt`lBs&9Q2Zc+e!hc-#qv`cdxP^ z88bo#1-4bo*6xNoZ?&B_IH$%>9OuebD68YcF0$b3fKNYmkN)W~DU+2n_RVt0c5(mx z?`sC{v(7xn7!|O`5#6RuTQ_v*VE5qtzjK%UHc?7DJAh!8O=S$E zis@9+I9qG3ljX1rOod=F%Jzj9{><!0-|T#-AVI)RC4_nd?F@o;U^?t7oUGmLIMERP zw1bl?C8dEF{05sp!3YF+ty*=p8>OxVuM!h=)LglWaYe~ z-~Z7iC#P5dj3CN)O33)=laE|=DHz*Dug60H-tYkEo!u5&woEl+t#RWNQ;-Sjv}oDR z9PO+TPPbXJ(oLY&PiYr5c`~G$br3Y=K|`Jt$oWa)Q5RD2a{`D&Q3I4Zg`SNI3RbXEMN06yR6% zV>>w#WIQT^7^ND#+o1k1B2jD@AMiLF1#+kDfd3d2I^)%CQIG>V;19llAx%A77mbH` z&6z*fUD^L?&^?dIFf07T|=);0R#z1*jtc7}n4F^-T!Og zkz%f781xPO7v_Z$*ri){lTkQ?*oAOXw;t{s1!?FTMV{RU4?p^l484e>~}E zIpu)~{F(PCpLNzb77)Jop1a&-zqrC=+Oy9+?S3g4$}xGg*F|tjO>Lkfh(-%f{qbb2 zWN;Fks;lI%v(GtKI?hJ%@lpx^v~Yia<^N=u`J|RGZww6N1mmSob~d9skX&~EpYC@r zKKqgd+tHaicj;>1A9&;s?oapq(KTt>)Esb(g8aK^BQo-w*f03xvj!y6s|-E*CG;SGhQSDIoP1=11ut`!gq z5TRRd=2pa@(lzG3YnSM1C+{luJ4u71gL#({+}KS@_VSH4+-!j=f~8%%b~EP?2~s31 zprZjdbU^gZ`~UEJ?SN}$4i8aoUFvLA0T!atM z9(wWzAHJtx;AD5(t#^pGYUjOpGrZ<49VrPNaSa56N8tcE^Nh2Vh&jT2`RzCEug|<- z@F$Uy*Fvy+eelph#$OmK#yd%0UiW;##^d!&fR$5rY-fkwI`=#6R^UXTfBf@hb6{Vk z#8Pk^KGm*W2lu%2frbqm+x&584U%*0p5NXpUcXDPof&A(FzN@q%IRVMzws<~7CUI& ze5U~4Tk7WV9k*kzszv?M$PAdi5Kc>_yIzmCQ2)l+fLAHkDMsmf#k6 z4{fsE$WLfy;llaiqwUPW1^mghoI z76AiJn8L~0ym=dg2hT#=6{XiAhm2ono;a4V7r4gpyp=gpS2`~9fX06El0{QqgY!;` z?d<9hP8JegaNF!GjWw)235VbeJ5l;y*57ak`>$uu-m(i@yE}e!oBQJf4;wFz+J!eu z59LIp#*LepLzU!ZoQbrXTt`Q`D-nxwqGaL-B@~@0dw1}VL2|ZEch~>&M$sn8%B!@- za%>Bp^W^{~@q#1`_y8qfK7rvjqN!^nyS8rGYIH*~#TlY6U{8=0*?RYVce`6|zRmi+ z>+U-&5&VJ+F0!L0(QliG9%!2}9%}Kp?`27$1v)-b&KNTEYe<(S5f8hnjCAw$vb{}~ z6q_&HU0||+{_T_&@n&|};ONQ5eeq|X5LnFYEA%;VKO>`cM;QnIC0ultV z(HPSf;r`O4;J$VUDlwP&5>!BzKm+E;QoR6Oa34LjF|tJCLY5#a2(EzV!NEl0lO5q$ zm}ETZj*=xLXKYY1A#yKX;t=>rAYimC`7K*+J-Y~1kZ~KOb8nZdgnlS%L~F>ZP{8fQ zO6=@(LMMCu64zU|ZY{hoFP&5;xQH%pQj#G-Q-Toa7)hdScox1e3UZ!gs-Iu-3rl!G z$L-R^>#YBI{Xe#Y7@G5aE!HlmQ%%N0ryVHcq5%KL--!Oh92j>&DDY3WPk`TtuTJ!_-V)!1xCN?h6Cb~Sy(%=m|nE)QipsY82z*AG} zH!@!s_5gk_AJna2dJ655=!1UFA2t?x|03~c^bUe@1P`zqNi0J*!fs-RB#D9e07wL7 zEa*Pm=hPB(8j?csSAg5}gDt3P1!hh5h!!+#7Gcp#<=%26J$qL`yaT_3eAQtrH1V?b~&fFZ~gFHQ>b; zb9#~Y$3ts>d-+Ar6DJb9ey z!ss*j%hqci;BX1;97dle&}7G*6r3WMgcj={loG9lv)gnkY7sZOLLK+Rx+-qM^aXDD zYP}YqN}^7x+hj804B4S17LyRvr)MAOg0$UTTXHeBC_Bf${^l!p@r6G#pUWqof2_?Ftu2XZ;-m@M1US-Oe{i{M z0Q7ibQ)9=EF?~GnNBALnXRn^UwMG@)ci#;(dDy-CNrtbVefF_ynA*@?{)_&`yQa&J z^!|VkjYon1*kb3Nc7`@KonXlt^Aw*sy>CC`fnVsgsu<76L*}(wauz!kKhWVwK!R^@ z!XkPu36AIqmfRzrPTT|-LkI9+XmY7=7#k1yfnmZ1R9*qZoUniKtKi?s%#-Pi& zUY~vHaWimn^ga6LhmD9}{0N~-MUbf?n(x2+)?Io1)mqHe7RVtZ0wm>F&}W}}%A8U) zB*YpvY$RiSr3sDz0~jR>i!wo`^S!^n$94$f^cps7s2pJTnXu{Hxr;kfLKMYymUcZ| ze(e=aWIOBER}-I*x&!)UF$zt!Dvcd9kWM2!^Pal%7VcF4~U5@ z7aa8nzk4)~apT5n9If01+VO?r1CoFF<>&6T*Z*xq)J)1NiUhlf-;^Wnop=9d$d3>w z(+dX!f%-ql(Km45*Vgw1=bUds5hY`Tj0S@K5C{S3kEA59JL)9uknAWpL5Od@`MPlC zAEuO04?-@81sLMA9`WNKQ#uLo;Gn{YUnWP}h!KMkLss8eN9Y+E%FM`czx~}^qNT+~`>mR_Qr6T8H$={~M<0LK z_zlkIddVrmOMk4#-(|Fs08+PZvhf4>9R>-;Y@Z&z>`0l>qer>BfAhM$Pt6J`$?}CkV0VXie9E_S5aEpL|bQ+UK9otV(1rIL}szO zX0w7$IB&rRc7Y=^>efxQ-GVq2aem@VL=Ms?w8?Q(6cmWCs|H1;LBl3ykfQ9^P9VuZ zu45cz4cMN`&wq9>E)harcok?s12DMoo8n>Tk2c~Oa_y5(2H5d7I9SP0eMHB&;oNK> z8O#&xlz;c#w5Z6Hc{+uyx~@@&n5** z|K_GizMgV&UmN4o&ps&``Gv+(-}RGx95ZH=l*3A{Y2&8mK&LH&nU#cJbQs`3@(6eV zUqwH;_18Ds*w86(R8e+G7X9Zx|8j3C5sLAWf&QMH-M}bCnSvDf07uadQJ@=z`s=U1 zbbo&Q5d}1s%jwnDja1)b#19z9|K54aeIYs7x9@2tH-YnDCCW8y)X0o*vOD2Vq397C zBTD*|$&=i#6~tx7G=_Ee&fNt2Oq=_YPd#q$wrbREp|ow=-kqWA&?d*@oh1H6LJJ9W7~=y4*Yo~;LP#~|7z4VDrn5>`x!8q#j4262Z2^C;dP(Go4o4eN9!@wWc=f@`} zuhs&%k-eXhvA_+Garu98w7>_N%khaG2u#o;|M1WQN~HYC96Ds+6R?9mprc!EzuD-a zLx&UG3BoVn22SHN1)njluejtg(N8_oH6Ir5fL7Q62``>8Bi+6J`hTP=zAyc%lqEji zf8TG7=2k3U;cmF`YD++1EI4hi`bB@2oUFEVH12Jp4-E8Py?WaYR^|zBe@ygFm`kndPlFUUO#%|4WxHZO*0t{`WQGEhLpNf7-xiXw#y# z>9V}vI8!vj?pa`YCP>@|1t;jE~&(f~- zF{6i@-ikpSob{QR^WBfb2U&(Q^>~(cd9?z@EzT`yIjsF+*%j!j^iQTc^uRMFKSf*6 zHAXr5>LNK+k=0~Kg9EG=G*9r3b>3-o!+XSWxEGaNZDP(Tcrxt^OYM1_vIU_?%4)0% zXfv3sAu&e2f@fCrk^Nm4N=W|W)M+l;uD$31XXMq_U!@(iQ-x#I-D#(u;W~EgWHR)e zv-)cH?+BBX7oX)5o6sM=|8AiB=Rf{#G=!t}!3Tb4d>F^cwYOexFo(X7qkXme9{&C5 zrvr@l1555}lWaDSMWB}&Y}H(@j)UGT@@-&;@tnE{*#Fr=kTa#OTx20nuPGJdW{aI|twmUdKh)tz4)qL zF@aN@>(9UNtnmPzKw-Z_Hhf^8{6@C;1nn?JA3y7y^G%kb$G#(de9)lpC9`VFxt!^q ze&$J=SCb}9O`k?Ct<)~ATYi0$*%0W}yncdrtHSH>uPvAE`t7%08?PiN$!3?d^fXJN zq|Sf=A6U@rY$b34u)n_ey!%-87Je{JK$$srw#mP!+yF*DRbd>=o8)U?R7QM@0246h z8vKx?YV_?4Il0jn(Uak6$Qkr|PBtL1izAiCjs4MrXQqQoFM`j)D<>&fHd%ZYUXPAJ zat(p0NfXA%uAgguQ1l4eMaL!pH+Sv~UDvKE;TflHF+Tj3@J(c0eQl5+K(<0M!0dbR zSo&l4D*^1Jq*~efy2&fGgm0oj!=|>L-Y$?%qIMG!vV!s+rGKjB*n7W`u?5kaO_O@k z(1Mnp%H}L!GB)&A0$Av%BmjeZ_~+3v7+Z$o5d?F2 zT^KaOapcUCxB_}Px&)hf&^hqgvKyBTYP12M(CN{$%|EOQ=o|Ep|I5?SG{Z&c1N`Q1 zx@=uGD-aZ;UGtadS#)}EfP^+qv_khMh{m|M0beBH6TM@(_!MJ6Z(+QguE%_juA)F7 z1J<}1`nGM$LlsLBPD$2# zvK5bl*CVI!Q*sgyr`}+@5-2_IybCOF%Who!AtWrbq3zO3FPF|%Prlw3mN1X(g71)A zK$7vyv^3#(EzyNPxuT`&u~C3T36e7}zW5Tg)4>AEB>16wvrZZEL9n@qglNV$S2}8+ z-ly2kcoG8p_h-XKeWR0e&%MAAYvJ`V&=5SeNn_1L@f}Xpn5+{p@Ds5KX^d=NUf*@9 z{7&@4&Ub>*6mSY2nO_B&$9jNI)iqz@A@F|Fjpd^S=h@`Le9+yKl4^@j)Ud?pk4_3GLst!Ih5P>*)` zBM^*V7b3*goFE4+j-TLZUD-HMZ;zQ?Lgn&`IM3v3M>l z8lN0h1JU4o=9o#|S9`gL8N%VY`|o|gb`}zt

(CbBtFdDKAex`;@(F;p%IDWts2< zT;0~~W=P{`CK&$jSO4YCJo9V|9Dy_t%j<8w?w)`8uQtDq9ZxVK2AP1DKO%FdGFT?N z5fW;pgotzI%&}b({ja*tGLV3`s%DRy@xv&Z*K1)&$_|Z(^d4tm2*Q#Pg_492{p{<{ z?fnZJ--DB9zL*egku}5GF+cu*6+&ma1nnfvi)<T;!MI@*tJmn=$l95}5gTNPn}a}jXAWrvt8iGL zkTPcsc(PjtUM5#T#ca^{F~0i#Hele2BxPIe8L;S|8J2{Wu!E7?emwP$@;2i~QI z(*}AW!_;;g6$DTn;V}S<-HO)9XxFm=MSv#L3M2)=&mG&VxWM8E4!>StmmoqtWO@>kXZ8k9JYwS$|598LTZd zhZ7FE<9Ho*DM6z%m56}@kKH~f_)WB16NLo_H;OdQ5!!`@xt^Ih-((wv%RKYM(|m$> z8Szm{a7N;!_CnAu`+vlH{aExVnh9jX`^62X#gE?j=sovyIh|3Q*e&$Ef*ZHqe4EkI zG6nIGvwdVVF&FR`8XGlnoPsLDP3ArP&|`LL#n^FU1pnM85wH`GXHb|Q`NJdPi^Ysb zqUbWNIdXt}tYA;K9=)>kfG|RTq&0jOdCi)A`|UUO4nz{IkRh~t(+xM{~f|3Han9*mtof*Q~@@^|!oh7SgD+6YI~ zgI6Rw+)W@V^*?6JXm{SZ=UW@ebyIc=0yA#bh@*KpR*HlS)(9sNbbu29#UK7lfDF0@ z|M*RSnB!~7q6B6H1bK(i!bJ;&lN)TOf8Y!71m=m8f)<4`fx`m|V4UC;Z4r=KCK!p7r(FePVppQ9n;-KS0gS>))`#73M|2Ry?w0AWb zfZob_fe-vosVEu+AIRK=KGHRZzrXpKC7`nN2N`wY`4?Gz#i5xrC1x( zA;~3K#wK`1-+`8`!a@E+Pzt$(Y$14rQ-^Vb(~Y&m#>-EFN?v}#SK#A;o{*6oA&vaa z$e3#~vu4e@HecixfhlO8oepNON}gfZG6!JAe7*eKuJ7y384S&7a^CLJJWYP8Es`SZ zh&L>d12^cqvu97wh7U$RJAs)`X68K8o4Lt2+O$2v=D1iq7u}XgB6kfpsq_;SO;32Q z&Nbgvn|HcJ`dV8s;yT4pNcTdCt~quswsA^Iis3nSSsC%^7hZhcO_SbvgOUwcQ+5eZ zIJOk$6Ec%_fIarnO7ZziF1gg|QqSYQc;8yTJI(*rae~4Tl8`uEV}xjN<}4kF*s`_N z_XFi=UsyBjk~*R}b}A26BGP9cf8@@);9{+}>~oc0-*Sg^HocoqZIaOX;ehw;6o3{A zazGc@h#ddO_rL>v>xcd?ycFEWaZ{y=&+1TRTvI$y8<`CQf_rY^u$Q2N6EATH{A3Ui zf5W!`U94ZPO$X4Ou{p^#V~CNF6)^^>3wlU(&=)F+C!nJ)$jES?5ByT^5wB*6g=SOD zpJxtObXWe6FVHRp{HIT713d)2qP_G`5@paEvB3#ChB`dMu-N4o0$j_aKX&cZMKTaR zP|iK_$488BpmSDCtZ3iiUGFIXoLH%n0?V5mdd=rb?!57an`qMXJU*vRo#HZP>xgRk zxZ26l&*?kx16V#b10R1L^TKz4JUQ9mId>W0h8@tAi4I7GLLj^%$DAOxLnW1+?zW;CSyXT&{&LHIu4th7tz2}~@ z>)NaBwbtI}URz@Yo3F1!PDJ55uT7%vjEoHTmp}f+oFv%BvH#LW_55o0?pqTbuZl#@ z61+_y6lI`^*0KH>WYrzkC*redf#pLy=@GkoY8^w3}DNe96G@1%lvfe)WMv$=w0aZ z=oi4jbO^zUc?4$A7$?~Udxh_de@0n$Ci*!>6~dlL5T-x67@ETtg2Rm<3^o#ByJELI zI#HSU9QX{Lz{ePLd>t4@(Tu-AYxSJ~Ml1lD1|{9xq~J^~4HvK8n=7hX z=Q7j!xL=<3xjX;%<*xH4*`|aG@G={_N&;gXjNm5sz~#H{zTF(P1V-j6fB_i*pMocj zIq)FMN3ak+mH+wub$#7asWPYp+<_=bd|j$-QS@9A}&I$WQwm z>&$CiaNOqR4tEFb%P9w4E!ddN0qE#eTF;_uvhg4*E8FEOxR(Sz&^Gu3zGxe?^$VL5 z8!0()VqVoe_vm8}+on8Tzs3n2FTVVe8?5y>?I$DAHawR=W%P3RYNhmGf_XUR92l3& zzOqhmhPCpX;EMUOzwoS5Cl!^HwXgSqAOEM(X0lFvl9^3_P!z~;cK$a?nd zZFVMtvTaQ*9>p30J$>Ln$wIYJs#7SLa|VXoLv9I8lb({cG5~1oOvBLk{0rkWfD*U6 zj$Xj92!rU^O*;<-ERdH;ZLcE{5r}?)?sq)kMCE;0?DXV)f4ATHFPnH4w!9P`1t&c% z-HbD*D5BzupI#wFj(6ZF8dspnFDtc)XQB*obq^y>4>4S#7cgKxJN^ZWZibMGiVExq z2o}~bOp<+z0P<(&+2s3rP+V7))=gCWERU9^}Q2L(y^3(H$_SnC<4bDVF!xP zfhmT};<9fN{|gx{xk{R z88Rj?77X7gL(`^Bvoqcq8}r69j*kS%xyIpjry?)ewL3{n<+GWe+B{KjmK5A>Vld=G zaXROWbBtMG+&&fFVo) zMSwAb2P6~;E~$?lOhiB8cv_-kLoiB{^75uxR|&Ja*M%C?tZC zGSDY^NL-WPNz51hV;M5@FdqlKb{d?Nb-m zC@Q)z8aLcbGKt!vTjS^^hZWKBC?u|(9N^+9j7f~j_)w7B9mHR~Jc+?T{Q>8pALwFt z?Ouj=lUQ77MP;x;fjQ-*AGkvgJ=~n5>=0rB#+U|6hM^cgr07{>)TmLT?YQLyHH!>( z0p=W~Mt&lODL+a4|LwQm(h)5y)tX=>IOhx>Va9D}hyI6e_$6bg*1NUXJvC;`K^B2O zMaSnbml%WoecwHHd=K&$2kwlyvn|+Suf6uRcjFcm%yqR=)^OU;k5GRn{f4f&pP7-t z(1n-0HC3;^kVBSvL_ZoSV>ibTb058@pLQwFkii~)apc&e4fgDeI_AjZ%)mvTSsb9K zGY;e>_)pv5bE#xKedqlwci(-7dqq1JiI%4CoJ>;JN5KU-%%Yn)$;`;4i`wDEP9c8; zFOD+igA+p7eSlm>fh{X5)9V}lV<)n}6Hh<=O!afUwOdkBWXEzL`#I@=_dN5u3Kpp4 zGC-3U8@Qg6J=7K;=yKOy^DEO)=-=_jpXdf?fr)`AEFOUuO7D^-wTAZ`<%}_iUHdrJ zhKRO!M$|t$xS(Cikf1eHYi*)0GG2BJV?@VU#Hk>9Z2hO7;4a_r2AsbvHi)h!5X&lx z)oVseUDFP8P2J2XbHpNm-TWNgK1)&9^nv*qC}p0gQ!68SBAT0C;v8m7DEz>Hh+z`> zjOKKWOy}9xm(){hUf;r1<960x9}LK@2u@~zrjSSUoj+jGQ84GIt9|8w;uS1aRTVnw z?H1`LdiS5;=Jl0L;=$6_l=?`ghG*b#g4UU{jEoF>#%o%r7vm@?@GI_-kORzZ#*hs6 ziD>7Kzxqkodn@!@sQ zFbV!bV%(t&<2N3oaq&(6&DbMeHD$`jwy^%SoL?V(pm(2YPQi=EpLooT)9!?~#b-YK zbeh4rpdeokssR>&flfV5K{34AhWyFE18@}mkUp^E9HZtU(Gw0aUVng`V;69poI}6R z{KH>pAH$m&U{w!C)?w_#@Pzy#kq?~&+@}qKtdP?N# z(cK05$jCD1Z&A@4qY35#qi)zq30$nK@SvyUIF4wKu#&B@T~+W|;PnvJ!KK2P zW3^M4bs>5W`3HzzNUT$-kM$`DazQ5a)gRa74T;`$6Rwl&zMiq(CD@ML^dxA)41}U@ zbYhS5UdF=Iz^_`#>%6>~=3qHfLAsx6El56IkHQh?FTebf-nTu`cGt}<(R*$szjl*M z!~j)PRH#=ZaVm=+w>6ri58!FIFIfkVhZoe!faLYGEORcv^XVt}8*CC>!!yY5=Z9nF zmYR{tWQk~>_?wecjC@!8BD(3IbmR0dNm|MYeO2 z-RrNvDw&Yx=2ul%QFsO?8^n2E8`nYlotG&RKB5uupWV7^*RHc;E=6E2Q;t6zCdlg_ z$}Wbjie0xi|MMoZ89|RE%Hq(Nq!TN4)lNfn%^JO0;vd>YjD7-NfVOC#y!=M*?WF$V z6o9s|J7If-e$m5&tqa*bXU-he@7IA@dL<0UQHvCesoywOe!qdzzl_@+F3Xzt7z)&~6kL2dZpga-ODZQ4|Ak{DpT zfxOKn(HDWhcr5Qg<+x28OUU^Qosh*E1DjPzaiQ@}9E-M=)Vwh#$bF3P*uPjKus((N z5~K}oF)ub=mE)VW2D`VAT^y%hq@XeQWzbK^gWgS_&{M!s;LBWL??gV(Cmg;6)WBnL zJQ5TNZosFF$EpPF4;qwVas+tOHtQYhkABmC^6*EB%3QnAEI!cL8M}AxOw{`E!w=tg z-}}L-Cco%A!4d@4LnqKI@*iCH;}Rg1(Ct{Cvre;s?2Vgbs~_b4s?9;i%bss~Y;3%g z1McY6%nLT>yYIcj?8lQPO{_b`6If$^2s#0CfzuWG1~00$Hf8Pt?J^F6p9xxg^_7<$ z_H@=1$IEfcPGjf?JH%shT#eI-0q?#$$$~w($I-h3v}P|N%{6^xM>$TnKC=0+F2%9Mj>H~4 zd+UUeeBo@K>Dr+@W8$W>x6*Mu! zXoq^y)2WwhO@r!%4!jNrjOa_c)̙kveg&PJb^d&V|!V7lsBCx6O(TQ{2y18t~2 z=6`2M;8H71+2`81JbU3%H&2~rm1}U9;OW$^rJFuylRI+Hj^Y!}o%)OU?yeV>xB&Rrvhx&*q;j9r@4L4Hv~9kQvMiyW5c+;59)K1V^I# zm+QUk$Y917)~jZhuyOL52Gy(M(>YBFen)+werT(6C-2u{h==Z+IC z!(w#OyYJ|z#-r_>M;uK&ObQoAMi8k_R655#-1O%gbhPl}R*x6z&Z3Ihi9@vA`0+2g zm3q$>1O;-?#<9m7XA9%`G7OVY42Nqs?ya}q?cP(H^a+FA3ySFbj&}V1=+x8AxJ3KB zS7f?~j0GPr+$Lef#Fz+@&X%A+fm|b{1qTw*fAkB4VE01bUcKyv^Ly^Ow{{aBA|nPz zF6^p>ak;zh`af7Z2Z=!Mxa&SU(wQiwyZ?Q+!CvVVXXI1D{DzU^mDKQu=`*hJzZ-*Hraw zEizGA1 zX;Nv^E5^+5w=1z22+jwTM-=&53AGQzhnCAI)m6Lr_{PYL(1Fjvpm7`kH*k@KCdrgz z{YFVcS;EnO_#uaz0|eR!#?%oMMsU=>b7qqq0p0+_;ub!}ksbT*f1u6l=+V2_X$Egi znrO-@3N(hhZ$kpsz-*bEJsSqfsUkc_p+zA@XoJtdoufLs%K3_6fH`7rPX948kMVDzPfqQ@8`3+6fnElHCO z_ON3I2jT&ek-Qrg2MEd{PDE2eQn_|K}OJs#mYx?&zbA)wp|0ZZ5T5vOm;rA+AeHODzuzDQJ)&pq!kcI!gKmH(veV zy(C2N6XY{`)GqcedSn^$g}GXy{5@B$aI*^XZEPJxi}NKT+6q5_I|?($QU3Gh+uWIF zp5x|7fA~zNMlfdN7)P;jbj)*d&=8$FM@R4+b=1)&kJzEqPkedy+&ONk+5x}1i`TLc zHD{t|`N$)WG3Ro&9G-d74e|>M)NTjirwl$?jG`oi%l!2f96phZMNcB?e~L~QnX2D= zYG*I=O@BFx6WK~z9LF3i9OFvwKE35gf51*7>92C@g_9WB z<_WIUfh;{ru;)F$yc&ZY#~9+77xb7Dk3Ufhyfj-Zq8M}B9Qw~Roe)BTr+uK^+GEEa zX~+4BWK0JDN7;pmBbXzK{`80IO=f3gWLl6`p7e?*Mnf_`U4Nz2>v*FIq?Rb2u*RMIw!So)Hr+sy@dC8-F@$a7Ki}s zKKy91J7E7YHYXfuxW9N3v_Dt$HsSqA?&_s&j8TcYc=yr)2OQ|mIp;igoSewKn~W29 zs>Fw&Va7*7hQn{b2~Mn8nw2d!r;{U;r=qCHc;6;HyY8=layR|u|Ll0i0`a5C(zki1 z7jxoU%V)$!-$ z9E)pY569A>Ur;6(-H=n@EJqv?hyguuDh+|Eb@YT2OnnVbep`$SW-Nw@&L(IBf`L96 zQ5YNagmKv3z0|pbQ2)Ue$W?fvaTb7 zoAS^YdXf*Y^!&jJ?#K@zqQP>b-ksgDo4fo%1-)n-8#e6aCcg8jd$usom3&s|Hq?~+ zUZG10mYKQ34CgQiF$Qp$_kA65$f342OuOqo+f{&5nQv$YXx$=mMyx9O^!Sn=}f zuee|C`pY_+gMUMR{E=7>aJ@{g1AyNkw}JDdciysN{?9n$Y&)`!-EHiQV_nIP;30Bw ztkk@*epsx4A?O2s`9FXBy}L*2Qr@>&DA`9~*PeUsWhYY+bcb=6*B1~Zl9xBr|obWK;PIke0W3ohL zg~@fe%uYw-h?h~SS9%_6IdI(9>v52}p=<85!$3a_{^*PF8Fb1KBRm~cRh8Gt64nZ= z@6c%p)S~auE${GSS3Uhi-Z4+@ktO;E?qftwr4$5qBm|6p#9NBB8RT@mdlO?bj-=hB z-y+lJ%W+aLdzRieF1z3cS=q&RWHqmov-B1I#OvK=&6;U;#YZ1}!t^8z(9p?R(FwFn zu+)jipJcRFD_a%`T_0Q5y|>(Dwj}rr<&Ho01arcgb60DhY0^#mi}!F!4uPayp{X(anz_$ zX5Y%lPynO)HX)|FP#1lJ=2?Fc44RRdX|#=vl%uPma{|iQtin13I~a~FJS({)NWvs~O#M@v106+jqL_t&{ z^b+_muP)0}K+VvhBTd(UrxL7&9^Fbh68Xe{&E7{j>LvO20{1Z(p_5ZDwo7aRty}s{ zGu+3X#``35b4Qso4*rRgnfXH(!r;#Z`BVd?UM%mEZ%kHSVS7>|MX?Qe;Od>%m&-l&`(< zy3rB&6aitfk+Rs*D)j0eoGctqdyP)kyFqLD0rCfMWN$~oyF!5`H{AG7(>bP2{n+S~ z{MZ&gRZu1GABJwgg{&;Si+ZJe3zOcm6F7f*+0Tu>IBJ?;c=!YK41T2x=Vr)Gz?x(q z1-4@6898#4)qBG~|Ifw_4qSNQC1$&0or505dI+5tUI?tP=W;R}Yi(>i;0eKr;4f{V z*LD;>f-5aGe(+h3^xfLljySqFRfj&IS7Qf5cVIlU0elHmfX;Yrpy$EugtOYkDBd<- zd8m{8X1`QEY+%p~yoCO;zG2ssySS{2>vE|xyMa?nNY?UDuJ(?d1xT(@>(OE+e>w(g}V8{EOWcXAK? zxt|-*yNxTY-r$OsD$ugC0t3aAYBK>xjdH$XN==GfRV^Ar0+9uP3W z8hEt)O&RHfWOo^8Je;{@-k2{EC*DB|tlw~C@{HG)q05gwVyt-UBDLW+67h_G1k)14 zgxo|{@GfjljvOyP){QsaYBn2oCzs3r@|$1%R{ay6sa<#@ScLuv&2^Jp9dq!Zwuus* zm)C}o7D#qqrdOe!an`x=6%EztdnIOUZ+-D3V@DW_+m9Fp(_&jzNa2wblbD0;`tgIW!3;q)r+E>9K1Q4-1*yTO5s*6BUcasu-T zA5MpaZm0`qGi`CrTq1v(N}hX*h7D`mKL7>`z*%!=YnSKQc4qleV-L}L=6-2T$D*P_ zA?yPt+)XVJz%h1Vykl}WTCKB~C3SoxgA0bD;WFgl#QRuAAtK~hz&!ZS{l>tFZk|5v z6ZhhHy&zjhv=LQ|QGn1IdZfS z6^>At;ZPCc#EEbCzQlI)K|qTn>}MC|yGI^p%W48Lj&S>7Hg5hSe#&z5=$GMD*OgBgKiQ)D1U;WNqn4TV6G<&B3 z2CLid_?J8Vv@@(92+|1>+@*S#0Z!f3t2lbq?|`1GdSDzc>Bw7NlAf6%gRU3`?{TQ9 zS%iGFU0Ey$c+S1|Wn`GDeq#`%k2ni>M==J)QJOb!?hUnv@gG8F0e~Wb!T9aB-x9;> zVMK!=t9c{@g5NPzEhUD;d*s;dTTxMJ!nZ_`TIpg=EaHiDEGU>|N(0I>$}Yl}akI0K zNc5hqd)FzO6~Y5JH)Ubu)m7z&1Jq5O>^{Vqf&mc4&5k4pOh(@rMQIa(_H9ToR18|f zZ~Di-%;4Nv(SEnwdPj_Qy&y-CCxRCvQuTsr<5d8h_xj*0BgzZ<_s$fK zI9zS-9vnONC>>Qa$lmdbVG_Y#BAS9W`sqG&F;`JyL^+edb?(g<4Lky0IP3^>0C6J1 z>#x6R1}OwpQwZATKJSdXMvK9X;sMK+FEJ$=!!*a(uz=(ggoT8_MAfbqPxR!3P&sbJAbKgzX(AHy~>4J8nqvvFtv z!SiG#I3skxF|5~I{a+@VE;#Q@caxl>9Ic8RWg&;6Nj{?)DI=Upk(ZZO=L8)fzEoCL zYVw+BS)4TBF|saQ%4>lZknCK4Ytma<$Y&{-X_zA7Dr2WNY;ZHA!0}FZPU#qukzw-r zWjTA1?d)nj^2noYfk<%HLl56?@9gEh!6hX+YE93HxI_jMq2F3_vWE;z=bn9@!3^O7 z>?A#9*?Y+T-Y&yY9WyWJs?1g#!4Rj(+}Bi@m{;?XSK5iW%IY@28}1 zoO0ZE?bQ$PNdnc7@7}4!4m)Ijo)&1sEGTK*xMy5{=`!p%#u(L0GKqi>=%2+Frv^ax zyjPesWy;5Hpm@vzDXHVfzhv+rSc>O3(J&6Z|G|59tS7r**#&m%?YFv%&cDbOvnZM` zzVN)^@GZCAY4c@@q~TbteJ|UM|?YsxfoiEjk(PboMM+mE71mY$+69pLvco_ zW)~u~i9?vEPk05!H|81R9r6$yVXV;Iz=4B|w-aFsJgE!WNW0(>{fFKOCczMo?!h8? z(qS>4gmC)VjVjVk1~Bnk={71dP%Rr_{4Fw@D3bd<#)s_|~t3mpGHTl@!| zbJE9?U8d?f@WAhwfeM^{?uF-M*z0Ay5dP9m>jv7LHA{vUr5mL)u=oxEtnfT|4LFf4 z9>s3oADn!OIi_#F`!>U&J$B#IR)S|C zYruPCBf$nlR?n9lM9#5*HTfyrLmojVti6z7&|_f%^yKwZV2P8J=<21)2VX^gnyeCS zty;B0{J280R`rUGaF%)FkdAg&+w6L0Z1jm;{LlysbjHu_CgvE2q3ya+`viFLel+x0 z7R>ZD--4w44pR(L94!oORfs>JGlPR17sg!BHvEHeBon4vGB=P4!2xedfBWy>{Xu#` zUw6de2fIry`?(A_M<{^#BX{-n*QsCFhv=U_P7Z#;dUEoIlikqFY=f~f*g6>AOAzf0 z1tG&| zT80O{tTo`wycrh!^t4{rfNV!!m?}BYLu)wjs3{V7M!*8WIN%?+fWx%XWJ#Lg9>#w7 z6F9h3dHi~)wYn3-{lOmh31C82AeWYC-H!nj+($oT?FIkm=zrE?$a&z&4tn%OzxyrV zz5>?N4zdJ(g&u?5fH@|p0lGs^1je+-9KzFpBk#tvqZ&7$`^+-EwrBg^(pjraucbeB zbhTs&wuXTFO#$0fohb+;LI9qJt_y8>^}nA7aj=|NHx2+@t?_T6n+M0<7-&_k+S? zImpEHd=O@>!Bg%|d9Rzyf1fDu|it)pf6_Ca0G_2<+hb(7pgU&&~4X<(Fk8;E$oeg3)U%kF%Y#^oIm7E~|!g1*ffeCSB*&Fc+sdABb10&tU! zNiV(lf_r7sL&w&6JSknY%1*0np_xFZVgBEo z_=fvXIzIvW*vAhz;6R%*oWJ+z=;{;XES^0(&uka{B%_x|SAIx7h@%P0j`jD=i4)u& zqj$4cW#CgFu#a~bmk1tRy9&`Cc-@iLTl@}n9CiF=&5TY>-~~1@)|lK!$6~Eaf)=o+f#J#d4L+%YjS>e_NkuF zw%^TVD@gwL@>4CGnlFRhJlDI+2KW9VoxreR4|ns`BVAs}YIp2Si{0Ua3HI)4d>r2i zJp0L~Ul6Q28H|u21P-!Gp5P_)HeiKL#(IXi@2I@*zB|d@$;c76%>vi2HXxfZVe^jgF3OhpsTZk7am+yS#GdgqrgUZ680S&ujtIk3i^N!&m2=W z93f2r5xZ{T;jDAfwS7KRZr^ug32Q~*)31M;?S^MZuBVq!ucu?s2;KqxA>WZB1W3dG zk@KuasjH-0MUHl_P=v9NVqaagCm7mm6>vM1iM=^5~`e+Z6 z^wB~d^{u8TI5nb zH!H`=<51>(LbSE0W|1A;m@T6zkxD3)L^~~!B1ao6iaDAQqlRK92B)Q)fT1t!vPKC&Al&$m8ze+(-5EbV zOA!p&MrHx90beh=n*N+ zp>FEMNCT4$b@EMqgtnSD(`YS2ga$wfIEJQ=Sfu`ukFyT20 zI*U_qg+y8Y_)S}ZzG;VcdAB0ZP?n)lguO299(iz1vxvp;&0>MEP#+0;Yol>s2%nQ* zBnM$!ep-eGKB$vE@RyU5r8-3a8q>rHuh}UREa=WY=M49s$DWh{eW9DHg&N1WVnD|s zK-=($QYp&M%E;SIh7=NTz&X28iwxcY!dOc6{tfUOg{Mpk8}HU(2P^!0nPf|lyS&E` z*^bPp5)X%e6P?HF1ArMvIOUg>xZYB(kO3?J3q>Qyv2~i?T*)yUsm02}B8{;fEQOa- zKZu<3@~W+z0%h)(*IwmD?zX$@uY8;wQKWmLbBCLwUl+}a-g0Qp^PK>utSf~ z0xHdnM>oireVUH3#%N7Y0r*6eY*nQk&+0b|%m4n}uifN#Czy` z!70Lf?U@sl|B}iImpwSc=o^>e@xFrvljq%bCv+U-RXlsnI*j$YxJVm3a>M4D6AU&?VorLn06N3@*B+4ifVQ-UCbc3HhLR z@f z75W0_pp|mzj{=D6s^{bDuw88l@-JfZzbQ4E>M?`RZj`1M;(hdKnVq9430AUj_Mj z)+YT4fAj@IFw7jMob^-Vz{mpK_&PX#(XSt&Kjs1>b50JyM*bba7`GT7&sm>j4H<0u z^V3g{6WwL2?)naQ0$tY0xG_)0!@vIZdKoVB-M#nTBUwLE@>qc!jU@W**T=;&79K9c zwceRLZ@!zRBazQP^Bj{O$cfWrT*=DH(T;DuxBfea87wJFf~FGnO<)Twz^M|^0y_}e zYMdO2itNUq0p1~7kYnhJtgE3(oV$S!v(}=2I94zQVKhfp1ONF7KGZb2Lk>DbCxU$6 zcJWq7ezCir0NtrmKeiJ%2zW5Vmg*@kDsunx*FU-(88A62dWrPoxg~nHy<{ux6q$U| zv4!G=*>Yg8e%VvH_F;z++?b&N=2zVV4?o~?<%mI_ZmRSp-2Vz$0uCWV0SEyJQQQyw z-Q&LB0kC;l0`K=SD$o?;q)wA1ngehjd=7Ze_twf1>O_}Cw;Zb15>!={ThK?qeV(Il zA|c_)d9&t9o;SX(BY!G=^B@3jq2m=OaPsoYuTW4;U-#SJ{7 zf7yXY|NLov+(Y)l>*)*k;inwBJPne}#W*_8*S4KjVILQc~R={3PVgwG;h z0j1vlu)*aFmhD|S7JZ~{P7%lzjk0?jKLfCeCVqprK}Yt_SmS!#lRlE55w4^7>dX2y zDtY(~9ROE~;Y0?{Sf^vBVm_b)@=+ImtTAZ;XHysxup=-oCwD|FxWd0@nERnD?NA^0 zpqn@ivu@BSVA_>TAWW5XZGzsQUlMI%>k%+q-fV2h@>8g7ZtaLf`_N=zL9upzAEjO9 zBi-D>V)xuLPr2Xx?td*v@%two=T1BQES(5)*=CN((q#n7XX7h?`M z$TlTT;UovysyNM+fK7Iu_tN_Q+FxB`@_={i;@@IdeNK))3F{rLJICxl#_V#?F{h$V znL0(sF<)Z*hWSR%1jer_P=ZsZe(?PtnDhAUNpBgwVYfKsJBP}rlVib~&^BuXHZsvq zX#ahcJNTf3-R`o1(Kl$HfGGTRB>F~q{6z1(`;PQX`FLax3~R7t&Mi0y-Vtovy<1QD z3#)B@xQC6Dz#wcgtbdR(IDENB5NDLGa1?jy*x8=XtFDwBReh43;4Sn^UD)t>ogmI+ zPHTi#@!LUT%a$#c^SHllCg4;7aEzU0P#fPLuW=|^pjh!ztQ2>LQmkl8arfZv5FCnY zao1AZ9fCWABEj7?xCFWR{b%ldeP3i|Gm}iRXLrxpbN2Ino{+pZ?z>m-k%797VQ6?N z`Rf&P7zcSGh(sqZ=1E@~m(aWO91cQpaCWK_o(!udlx7FywFKg8ITONtcJixz&TBJK z8%6F`uyoq@mPB*x?7l@JrvbvA3QUxg`R~%*7oYZ)40Tc7W;2fNy$n$`6{eCOt*mj) zK4MU%1(C3EFa#j?(FXpcq4|Yl)K?#N7Ve9{BJlP3%Oo8>mgbRN2M)GhrJc#Jg7(rT z-kv(-40hCA`_ z8AR(~u#8SqS7X0Hyv}`;ljLwzqL#!P4Y_3|dBnW{VF8H*L%@TS^4PJYct;qbryEsi)5LJ#HWLtg0dD~_K6GEqySemsiYyD%4}47IsT zV4Uq~JP+>9)xztR*O0mKccBD{agnUhaRj2~V~~g3$WD23%)(YQd#N4+(2#I{h~dW} zKcfj;P58oxiamY-$^nP>NZn<^P@=tP8yA5dl52GFho%yQsemg`;Oa%#jNZ_O?VX!G zdoC~uyV}&3o71oXc%*K@VtNy4FrCvHJ3rR3m1iVNH;RN?r8R=+nvA=rwDDMmGhjjzLHrxpy`7Nx!#4EsyTEADn$ZmQ)FqxHjV# zp12?QgRG$B_g}3(43loWyZ0cC8*(G7(}w<$xqp9|Dy{edN0onfn`hG;uf|033-B@c zpE`@Bh~EdNTm)7Ma3ES)IPgPhI@S*QLyN2+_BJDhe*yE-$&ugLgHy?{RJ}lLZ;Q6x z4%}e_e9m0A!RJ|t^{><4;d)Ec-Ag(=#mkIY4i%1m6RN6Zvdu&B!~a0-fFFXG0}6h3 zDr`zi6N_4@vhg=uxJ?$2`JzfvV_Iu;$?eX*M0G{_D5L!tIBs4$;V{_GKS)%NvZ;io z%d1RI3Jc^Ez`G&iJq+f0LY%7p){{VaIo%!KQj*O<)g@KuE25c8CKddUC;yDK%N(Ul zTs#Gq`9tE_MBIg+^-GdwDc6%~Jq~QY^$Z}ZLe8lH5B|dUQ`UB^pgcwhTL)mX7DZKO z)5=19V-`p9kFJ-JI5HmBVF2S%6MiTHLlyw&Nwkfas>M`)@R)$jkBa&b=}2XX_7RFX z1dlaj1KP0#^DXkTHcq00W06j|RS-3Nuh7qe@Ed{+aJv#fQb#y0Zvnr6C@b{8aQy^z zNX)H4#i6OHIgd=iJtU>P5f>L(5;)OHv((p`OUP4YGY5(fAl%1rL{EOo*U4J& z$vfZMMN35pE|2|h#)oZ%>xNKgwvCV52x#Djd<>ovpCUlc*K`@Gmtn$7H3rf?q%$=S z6U>J`y}tyQ^K*pP=A+;JLHI}ga`=@=$CQT%XUo;qWZ4+;AHj!DF6=dQ=-P&LnY;5a z>gf?8=cPd;H z6vMn%M3+tpYTQ<^K|tV#8DX=u&#ot%`=Y?X+T$OEZA1aG?08gBT274jT{D&EX8ut(G_a4xF$h>rFi=ZP-uXTU&s4^+FA zvm*|dVCpQ;>{Pi%tnjU;&+d|sbB6H_qsj+|5}+FP*R)xprM;!WDn4e}$jhHOGpTzy z2aL>64p^nnfu@{{<)kUZDWFU`39n2&={B*6(5nUxWLw z?>q-K?L5}b_G(j-3;8%>R6*S2K#;t6^YBEAo#?p7hinv~A_~uml`kHFYeBe(CnJ3> zqcs`>K+2Qd*>;J?cQr#J!+MEvZfxG}ObX%{XtXNeZ8EHzf5f{Bm2aA+OS;d4e;|pv zj$YSC=i+V`Z_O<1-mU!Kvs79){}-UAV6lR@F@vh^}W=m2z5ppI;Kpt2!0? zPh1V?eGF?25W})#V^C3a2(bGtB>4zSoIaEu(Q^DE+=zdJa_-nhVYB=8pu48vOX*)x zZ5SDC4i&@DFNdL!vcc7Z>)Pz5}Nbq@1XElkxM|5_6GM=k8c-j z?W4=L?PXetND#m=Q;`0?OTrC$X7rqF+ExDB68WD5szL49;CWK%1Y?%HBpBblkq1?g zgX&SEVB^e+G>Ir;H{NRvCD)5lA!b7lO|8p6 z4q0U5yg+DC}HamZ>7uIx->n3x~JJN`5`lH-}4Ma$c zHu5dA{OZ^VVMwOrE){jhe0An8y?}-|XDS1^X;jI<%z;R_FUtDNNcN~&LSuZ3>*xa$QEc@a#MVA-YEJ*$eUN3X3@emP5P#sm`hua>YS zl2y9JNX7@?cpf20Q}XwpS4y}%??dnY=ALW}fwy7Si>JW_RK?p|hhsN`j$#bDoD6|iS@%6>Qq+!wy5fW7_CQTx zqBGN)Y5U&P8Zj}WJ0dxD(TnHbmAE5RCn}%dlvdhuqwvw+j|eBN*C##3yWr4! z%5wZ-5R1ENV#>97%D6OCAH1saRN&MA@E4d%>H895AffX1-w}8*+eq=Lf`s2(OPtB> zS~lQRc^!CJXXXC0;4!?P@BqXeXLIo)s_+Wf%6E?T*~`s43XBz8)rr<%yVFC(g~Syd zuAC7pkKFJEnk)v;H2wxSD4TCJWHHZ_9wm=q`w$!9OB`Ly@_s8d#-SLby1WwhR_c7( zi?hVpZ`PX+?caCj-lW@+Kam=?C?!9Xb+zl^UXQzf22V-E<@=iWr>m({2g-B@G5lWN zI8d)rwZmqU+t-RbRG+0($~QF5YEZ#^s1SGWvmZJxrm{%`4qhci2|0b;1mQU<*beP) za~tr@BF7;^`W$i<9$b4c(>+Z2!zn?9vT@Ec;xjBl#r`RpDeY?hj(;f=#;2FJ-|bAr z-l{vN5q!n|JYQwFJ>NvNwbmjw^m|MTP1m4a+c$2L1da3LH~T=>K;o+Wf8+&*JuU z+pJ_2VEB|VgZ>jf@1?%R>0G-@Qu6A`jSvWkiNDA=LED@~e3V_!5V5M*dN*$XV7Z=p z)j&g}2SuI7AMHm?5#1eMN*`6{c3*hsYdpT&YXAzad;bx?&^EnGr@MC78DK!53j0bq z;)=ju5g0n(beV}8{I#!w@)@JBlR1SjhV3GD#$jfXpFqLQp;KJF}=Bjs!#c zEuCu*DaehLpNnU?%$!A*$G|~(m0DSpU64egRiL27odYP&?nn(elq0eUuv#;2MFZno z4QeiYa%v#hPAfJw68IOfL$?8%lADW}mJ}5!R_su{&d4a}-iE})ap#2p%R$?^Bk)fO z|Cy^1baFHGWZ4n>*d6$0%2C;gN4Ps7^y2BF&98GZmTb!`;PK%ILcVmH7tsfA!8WNX z_+I7mzX)Hm`obQ2@1G*{pkdM{c5Sj8Y_SVn#*1)0$Przd^Q>r2a5^40@x(`%R5%f6H^rKfDfS zHEz8;E^Zo@OmcL|EH*p3yNAu&hubiGF}<@ZlrV@q32|FEDvSFFFRpNoslb-~p;qc| z;7@T~v{?Mu_wCyq_8sau$NI>hWFgLXXf2F|lRqh$F>F~;KvL0t&+m2uH|zcsEyRFh zwa#k0IC%Y70G}eKbe)y_`BURw=u5)vbj36~szAZ5)YKABf~Sv`q~l(p6jK{+5oN&i zu;aQ6-%z)K!rdeLvuKhFTE^x(-5=GLvxh6XiT+qVq)0s;DS|<`d9vHwAf5s~9Q zY&y*V%PSAsG6s*XAfA>->nh_U=N6s536ICCaoBY)einUnNW!sBv+x0=xgpd~74c|i zE~n_v6~zAI16>)e5gdm33z7lgCxBodDlm&_8hT$Vwblxn0jf-krXt2|EGcANLLL4Z z3Nxd0p*~qNW~c8>pEC5uQ4aV78wV8{_3{RoOa5f1f2q2wd3cgTTlrI%@BO}QXqdeH z)lH&U@Miaz^mTG+Pg&4m8AMnh!XTs>?Qa<*S@(zuH%a2iN+z|fp<#Tq0XF3yvJ>?H zLPX4!##!DRkjoHrn=t%S-8yHVn{VLv74O7HLYHw>O2bb3Ad)5>Jia7mB1KEo0PmM56m?#!{`j%{6fa3$U@B;mjEQGzemg@@|;+GiydOe%D*7J;u!xH~{55L~fkOXpitI{XT6hy!M_x+N9fb?y_z`pMNI=}E+ zZ^{8Gx1j|->7+8DZojt}lZI>bdb+yDk*?#O~ z;l(F?mk?omcN**b!W%9qcVm1^8?V^yLns)~3{)*6_<#TA|97K?@-4?X;v_>ioqyjW zj(tzB^erZfiwONpdky8PBGKvyEe*SsIUv;^bxw?F;GZO!h$u~plmDjQDe(p$esiP!@9-od1^(&jti{wey!ZH3GEWlI z!{jE88h9EAlCiTi%buF9#Uh?-(OAm1ItIERK<AxTdf7ccC z--LDSFA^9EQ`os4;l6&<<@-y$;a{%N;V!%EUFau&qPun8k7z%2&RXfCaAl`r=x(++ z5fg4%G%*n|m9R23al;I64j;QCQw2(C+$prUq=dvXgc8$^V`Ssr+s8a8?}D+C^D>_u zZ{8Gdo*6cy`p~VUk?eQL?Nd-u^X;!ZJLY;n$8W!1N+gUF9*6|OXgicL`EJDuPs#k> z8IrfJ?Cg=^o4dw#j*GWWU^S+cE)bd!Mun#+uHub8VOkgTD0c2^OJw z|MtxQRr zHr#I*O0^8HFi7#)Q@wS1T-C?`{CP2(pHqD<^I^vD#E=j+Y?;@g4juvjG<8mS5)Lcz z6>bRS{49+HEcuc9ztc|-qsAV@Ajc(!OcH`GL(nF@++;Vv*qNW?o2jtrB_%YnH(H!i zOarwGlgJ~-FF2@F%AV*ti(e)ds)EegofzOqStnhiu3a1**Nu;oVzecE!O{HPw)~mq z?Vh8q(2T0KHi|3x)8fa{InA0&J1f`nv4HZ*ooM@F?(FH#;{&5|n{PyNl14*PAgE?b z6e|N6GrSL_bH|@sa^|lJGL`ktfKs;-!X>WUl2#k<|x{B$AOsqV`~d4 z-+^SnQBmT#$RD<>!P+^~#eAefp}-=Dmu6$&OXYU^-npFG@BsKulVEJfUqNs&@Hw`* z-A^-`Te~G^ysgRMr?9CNw6s{a-Xcb~)w=k2rakU{u8p+Ynk1brc|&9GUcbYv_IR2AAaLBC=5Za17Xky^@#DbXw zR=&qIjd_VR2;cXWJr8H{JmYl>dS(9$=jSw>ZwSHlX08&MYoyz#{LV-eT3sfs%SBA1 zRHELVD|WpvWLa}@670*!;WQqJ-yyfxbjjuhfj&~M?~6Cxjv?tll#@bF;v*}lF4Ig~ z@jf?V-23t7Z2m(=|3HR&YK#hBUHq&hXd*!Ljla z|v>?93nc{TQA+nTVX^DSO+Ekc-G-$36-Zkf0NaS zZYgqiaSetQ=%1OpOL`|Ez z8f_ptAT0%hD$*XO`(8NGQGZ`K+l~^+A0dwX+X~*fBfL=UC8Hwbv$-3IYlzugrk2V^ zz0#_(NqgD469$5hBl8og$d*UTyi^M8V*O%Eql(S&1lTYsH*ev2==QOY0=2Z2*!hib zZI9o@gGjxX-OB8Ir5-YTfo5yf@^q%y#j+l+--@Tp-3lYO$IU%N=1|nY^ytVY9Dy)v zSc<%Z`Fr!l_WJerA-rV&*w-ut8oVw&DGr1C+qa#vZO8fVfENse><)9aqIn1~SUM3w7 z`WHb(o|-ai@eI57%Pzc;hx)Zh?buiDWa3oWdx@kdBG3NLm76#wnqc~xV8`tBrnQu; zs*0_|-G&}J=K4MvH2J1WF`uuNlklo41xIv+2+{^uLm(te(Y+sL&yA0Ueg&;p=?gfNr+kWEWHLT%%R&layhGkBQ=m=TMrwe_;)# zUo#9K@0464YwQbOY^(xkS4rhmw@v*FmW_CjYIV5e7ie~0eGgF(cwL7BWLX6Qkp&EL z4If$otiYSY(wWs@JW-=bb|b=#!Igld?;`tNpc$is5B_lQU7ug<>gIdo^~c8JiP}Nl zQ%H5GlL7wHMrHt}=K>e%dW~?s=2XtS_@hL7el?sTV_76&=;mem6c4*bXS@-)Arf2d z(uWDX5FW|zd3@0KojV8LYVN}Hlrgb$_y%PTumr(xSEY?124VkjwuZ);-H@mc(!X}y z?A6Q&t9;$JbL|b4wkgx`Y~lZW?_1fp-NY7w%NgJRLSPv}YgyEYC0^QytL2pr8fZwm zDEjN213P=O?iNnTH=kjw$TQNxIEuXUFry-V$e`>!R*Xl=g#P`h2rmHLx6^s+A{P@G z=rrLns75_hc-L7N->O4v$z5|gTb9%l_;@^~l$_VnfhF)Zn|;abbCk8U?VURRCdbsa z>)!DO|DBZKF+lQ8?uj9E|Ca7nvfWrQ;%2^F_BlXCzFf1~eT+v8No5HzDJs&jR_{4N zu)AR9TOiv^Wsx@Yoycg&!!+>6HF9ZhP$-tZ$H+qL58}e@y1_ZTtf`2*Kte~A4wdwS z`+UODZHkINe;YvXi9Fa)_RycUC5j8=cat&q-qK;4a<-E`qU&pYSZiaQH#|rCH&rFQ zu-nQfYR92rQ_HfFDn?k~?^3gasdLa{-gjuS&B6N&M(QWp9Gx^a#i@LjYSYJ3&>Mpu z4-V_WvC|C}CA>P^Cq)GX7t0){reo{2_iY{2E)BBLg?_Nxv-&A97s%`LlszP&@CZq6 zcqlDEALKANCAt>`E0R!q!u3L?%s>9Zjq=Cn;PhW>)G_m7Sl5x)Ur1ruCn#n4PwFl^ z|J>U@F1w?@Z(HE%1C5+E45WIA&*}u{4kB+kuTz8cxYsikqG^-gm|{H;J}9=R028Oq zA1H261jwF3{CAM4;LARb7;UIjP(JfouKYD9<&pIP|CC(A?=(Km*r&|GQr5CmAyT!> zTRUFr<7kUs(G6_<_!g34#v@$kJC{mfCHEmAJUnF0djrM=l!Za6^LzH2Y_AV_Cc_&& zXK)|8Gh8ke{l@G3X2P=>2@b^?WC;2lz~7+2 zL4p_q_KG~=;C4^xI!mvRy1>0uvKBTf zbNoT&!^C$>sk`IHMnc07C%Br=vJbza`{NzWY5-D#%>ltvX)MB6HtEN*s`KQxP~Ym3 zrg?qmO?vz51AV)gZ3tg3IUYixJoK|C-{nKBu!D<25pv-jjQ5xG0Du-Ma^`V7ukU8d zqfZYdJHqr0cNo1G;uR4{W~63@;-7_!93Z3g85M3BEw2ooOk)}#LTA;*TV(8 z!9tteDDG&KqSr~E-A?l^A)ZB#h#hM*n?#^Az}PfX7l}NsL*CPRcZ}lznf&v6}BJg zlbP6;^tRi~&Crh_8wIuYdijkCvXH8&TE0EpN{!YPgYmdry0+Lq#w6y&^M1TK%W%2s z+#n_{n|{;mUTyoqzbW)q=HpFr=uiG1%vNuq8SD*pm2W6;gs450kUY|*fLB?^0_zu7 z)-9D5-EVPFgjVLoc%%g%(e?2Z$v3`z8{65}V$&z`0_j9?7X5(V!c(INc;z>_*KYFO z+qt&j^vPu)rwuSDcgj0-ZrXS4x^rUfv$fn4+>P1zZ^GHyJNE6*8r-hEKW#UezbLAx zc))8(63KIf$CYv~$`q0~(|bT>swlw-<|G8jX0&mfc}nCCAA>o+YjQ*PH_h%WBMwjnRxWLYvyM-OcCC~nQ_!%1d;9TcLM-2x6?zUP~ zY+#`EoMZae)zz&Ms=N#(TgAR(RB=(*z^pm=S6qHPQ<}@d&R*6h`}i$)L<;l%9W=^k z<7*n;9=`!UeI6cPD91sIwr}zzvhLn{`FuT z;D&Rd^%&R3Qg!;WWb~I7%8)Gg1|g@Tl;n3AYFPum7JE!% z^*VzFD*M0-0V9cwW7Z|cxz9QqdsEe1f*^;3CjE9?`vvIttr#plb@TMORcW+etu7Yc zWGHfp<4dYxWp#N4E0mraJ@)ezB6rZfxE4b_zed5@v(`H{ekQ+o!FLI)jY|ox{hOw% z)3VgZITU_>T2TKl3*at##C8LxYUAz4xDlagMUYw!H(nq^UOEnWhp*8jQtTB@RnQP= zWSQmcAN}z~gHPVUxCxn`C!K`o)G9iRhWHx-I&kk1^{g`2ce<~)6r_V~R)X=?&mZrO z9h_rDW^L+}9#KsL*7A5qr_TfEe9@8lcHz(9J{}c(ULOVy5<(OA1yFSx?aY;D2;+pm zqt)uKM6rvVkD~eqv0$Y2J@~8%?w7B!uUxT?CFD zz1Qt0_K!{t_@j972WzT(!S8X=m47n^qBO~sLQ~i(lX5lT*-E`PV%A|qwjq%NvK*e# zFoo&W^c?noc^#jb;#);r@!TBP*Hc&jeXl|iv%aXM{5pNe#v;57kCF;HHr3mBQ+edkHVWhR`|S^UO-eU*}B!y@;<~N$HbU zXM;z@Kr@F)Fun$xzkQCUE#6@Z85+B%ua|VhMyqmQeD>-_PdXRVG@k3kl)jgCM3w}L zzKl$hpgPXbY%?m>o)=k?@IQ5pTB7&!bxGtSG7LJT}SKcfZpE=M_XZ2qF#C7Dfu^aX?{& zPGmu`7r60cSbDu$qmB-KU2c7{Z=J^yZ@soGx$?W7HuHFxs&-Cd>^?v1d^O-VS#T^A z#CDS0F9MDRL1yDtPz(hU04whhKv z@<#>zKttN|(AXP-DKZjV&W+xd19Xuc&PuggI_ooGh0B@))B_oNhscvQLIz~#AP!n*9nwTJzj>Ib`RD&V!`smLwj zw|tq=u>O0}U`X84djc}BhIzuFo)r3y{4BW?rSLYt?=(_bKTD4b;7!YydUAfRM+-gB zr(qy@>4plG`R}WW^3g|7N`H2WFrDHLzqM8x1Ur+YfK;5sN_g#?yUTWi1=FWb?wWc| z#q)`3D?aDlHtsnaj=CM5wZg|0E-QCM3Qs%#uvYP9DNTLD-K00{4)DQJmGe8AhHjOI z-~2mXgzD*fseAlADMbR`?dT=HI*Dg>yq%{U_PP9LIDb!B#6nC=tfl)s=WC8?X{FBx zKCwsCDNMH}&Fq6wF!ysD!(;QxFE__>H6lb~EUG==<Oo%zndh&#f0a*$bUFlVl z_Ut`l4e`tMZ)?hiwPnnauR;SUS2_Fk<>*o;yWTuqx8PM(=`=2hUW1>jI_kaz66h;w zE~q0?34r(arfS`!@^lXn{i+`N@((T0SLmdT-$D~$IHKr1$duvE5fAsLHZRW4F>~Zc z8-j0iXopk1bPA2^064(m_YN_9ImTm>{Gs9SM}RxwU2X1%C7^5~1L}wv?j2ZLcOZGw zRIx&;!kwN`$8-uJm7bx;-H+2!nwq({0QyXqePv3VYGlKOqi;WHtZpnNS@wtVGmGDV>;&TCkpthwtdDWc`DrKKC}x$|b0x!RlJM*LUp zAkJb~1t>)1TGC+GG7^qnEE_dxYN_b2l|tL+c+521A zcwv>1*~uUJ+QI<24ln1Bl9Af)#Z5jV4-4v(ZF4`+G^=z>)`874Lfl&f>Aw=tg1I0Z zef<$eBx_5JET;k|IYMkMf$m+G6S!6zT!vvUKxd3`h%)6FJnxKg0Y?$*iJxL_$#qV) z8PZDcq!q@xp;O+&&7Haq^R-5e7N2uic9ZGcY)`DI?;VrviisDZOhACX%O%yQ4W;4W<(jnK3YuJ+lUx%Hf$5_kQYjuU`nJ z_F7q0y4_2IVa6nZV0kQWqaQj3e;;+od|CF@7Z<+2t8;O#$QIt^};$#(Lpft*lE(0sW5dzcVOstRB8#4fU@ ziJ~oCFh&q@FcaEa?16FoNP;gUyV5y@xsJl6_Lb0GFX{gvDUoEdu8wy9V1E(xqxl;T z(plHV5{te6G`R>;X;1i!xRZGD1?CXZV6u@M3J{BE96<@h{^=9Ts>C$as9LQj1sVso z9+sJ{Y5sh7cWJ#>0s8$<`!fy~Vw01x5i0BUU4To(2j=$C2qXuSArWCzK?6c`_Pa$v z{CjE<1Toa=fH)i~k$&PiC?oO62H7M%fEVnRw%@oi6StvQNJU%;ri4I0-w$%!5DJx7 z{BgW;#RDEG{mU=;=+`IPc>g6n&((w!AvKVjr-#>bY9U>mm<63M&jM>%p)F;P9HQ_l3dS%#80ka;$Fa- zo11&tokW%DDU59~bReiyA~vbZ*+dc#d@F$}wJ8^x%7x}=9BLF~Yct)}RZ)twQKNA+ zHCaOS&tGG%g23U-+L9wWD(dQzu_zZ-M>x}NVZ*P*4jyBbz@zW%Xi zd($>2v%Olp{1$s!9*feEL(MG+G9`8w4f{H|yp?Ej2zwsS?|;gZN>$frkwl(}Ub~FK z)Js*?=W(!m=U6*S0odT5G<91MEkY=(i2m&2NfhxiGobKy)^LaF+1yfCvTWGytTI__ zlK%;(byS{rddF>71Fbr=z*4!m?7NsF8anGWkt@Ixx5j*20DY|JxR>P3s2=SjRnZfO zSf?1*Or(bxMYI5Ncebee=+-(mIqd2c>ato^nzgqv0x|T@#^yWf_EZJa`cXeGMe+sf z-PrIUNzRkL%!oODz3qWbGxtD@^rWl4V9BTyNIs(5jyo247201)w1W$)NlKd`E@in* zWvOmRLIf@N2Ub-<%tBUO&N~g#Y-~C$v$WhJNx8X}km2jmw4T&1sO)Ro8?h+j2@e}y z@$0xp&2J<@n%6TOUsQH%h~=NcXo7oNbIS~)VoFMwRnf(i^MVinH89sb%QHBkG9{t4 znk9KHo)b{h+Jd8|I~Wqq46`M zn4d;h=3oYeyz=CCJA|*Ci$Y4?Yz<(%hfg|~0zFxEITl^%`+%Ta+HFN(RMQ(}n!LnD zD!;#plcV0rVtw54tWrBh#yJ?n0pURo!?JttwQ=pi8f80Fel#?wOEOdmc_i1a_rCJl z={;e->nMzld327{WZ!ju7(FsH$Xl;w1Q49>47mqYp>`&0@Pdle6;MBXyZee4%C^*e zW+dsI!hDku1i}poIJEnBnt)SGUwroaVyYGH5Bl0sJs+bPux;>9$qVh-|GLNL>=)f& zhG-;PFCNHlho+5#%fncy*zSu2F5yOt-ZB0BpzSA+eMl{JXUaZQZE61nX>pkeuM;E; zZr@;EsMA7Ejx05cVBeMZ7u-L&`h4&ZX{cv!lUy^IFIImXQEDRl^`$}!|HRr)30=}* zL+mM$7t@_(My0U|q;ATkCDNdEoMlt}@cS@;#NdI@V|Wd=i2Lmkm0jxmgE6~wsbLqO zbwuS6A@1v)q<9#~m#gHy7m2*L-DDmva?vE7V8$OUVVbm2HKH6-$4U?=ACoJ|C~f^n z99tlF`yty+MB>LT67!h z5S!kS98nm?6v^C8vEaDuvlz`7>a0fg>R|Cy`y`#cyJ5rOkr=$@@El*WEfJZ`4HDBn z=hyWl1*!9kb;p1y$#7e!xWui!hAhKniEsu{j_VM-4q`DWPED0t=ozk@1~hptnUq3- zu#^3+*Jo-S@SfU~7=5R(+SQG@&(G&Bzj|Qcc~cIN0jz(IQ-#D}kFX}dHxVAA9^ewe=9)N%KpVn!NG*W8L?U*@D?`4+*1{QOTM&R&+|qn zx|4%+H2;Y<-ep#zj#F_Pv^Tb5_Vqoe|{m zpi<>X8fK(J?RTA@3Eev`!O-`88Q>bkD^+VMKYYx5*{kY0aXw{we>yl4aDD4@-jX|_ zm0nzTXGMb8o&|*C0wrbQX&{Hm39URd*m(`P__c#e#@ zPg4ArleTvaA@2v(u^C8lobKNquBs`{e!%4B(r+Y&n_fATg};8%I|JvR6=1PXZ>_~y zZT0i7pga5G{w6%=aAA)x1O&VpmQP}6Gv*4S1sHdf<~pVLNPfGzRw->Q2Lg*p-Ac$N z#8NeAB2~-cHS-x zy;D_#uf$;UxNXT_1#$Gy#zF6YC#&zF&>ubDt-E-LcviRHmTG=;G;1y9GBYufEwhwW z>q}*cXb>A~GJsDrOmX77T^H{wKm^f4<69T?28>Smc)uQ@a7oEIbC*}_S z;T?U9hhswjtLwDDc-kB(ZR`BWe)ZLWc*No>LTZK;S76zTT_Qn%_<*==#fW0n7F$Vp7XwU0g>Ki2jezL)3>i1%(4lb<+_i?HMX0osEPb7FJJx7 z%#D@f*6W15I!<{%sdq&#=2Q}kHa!&n+*cnU1jD0J`w{-1RK9#2SuUKb9EGeVR+@pK%3_^R-26$vP*SKu! zkmJ27lM#~#v^`kQ&~Pct20gMI)mJo^(+d*#-m{!)sQ)H^rl}?#!v`t9WMqWy)sTsh zKJ*1Ol;7)Ea%-4+_LU`+1K$<}PW$8>F|o38yhQZC)gAg##K#TGjH^q=fg@FV+e3-r zpLs^caC=G=q1c0AoM|C-4nyiu#UGk`R5rv^l?{p4zRHlDd=hu?e zbN(r0e!E8gP}kqd^MWdkI^|XhCufat5no-=;~4_II#`%KIWht^TT(B%!soVB{v({h z0x#Vm3s&bTy63LVYwl5iQwfiIW78OT*(8fH5P^iP?chhBx^k^i^U43}t?TOS40t|s zbJWKNvh9sIIZynCj1JFEiQe!CpOLiNRJY9^{PKE|koj{_9qR!(pc2MAZ@W`=LD6?w z`|aG%?uaMi+Knnc&4yJSIg05qil@wr&UDGn$Ot*|g;$_eRaDGAUo(o6OjWu0w_a4A z^%usu3{m+6U1#wWG6G%zr_L=}rFb+$U||CY^CwanITX_k4*h)KI2h^tX=cg^Jz5Zq zefYT|*XK+-iLwVOnXZvY@-awTzgh7t9wVd6B7fe z&*MfQm2{Ryw(qD8pZ*S>{ zFe^UvHMjE$;iRtR^|kg6o7?y!?Fmi+#xHE5KUgI5mFmY88oIKpcF%X3jc&7Z#*K6H zO&WUAl^=ef4)ny6X<)?H+~sV&K0oTQd0o=e$OWL}%s`)kxp0=wnb_T8?$qk$JL{Yb zV}Z!0tZEymbF>b?svYXQ*0C7IGEUAzo@nqVDhYiJEEj<;GIUSEHe9!ZuvCnbB||za z5Do}7BXCF7D$Nsr4v}#}nnv5+5O!(%d9P@Mq$49nXcPva4d=Jj+9y8rHoqV}s{WoC zjT20fox({KOK{)bmcEXj1-K61U~)zfO>{zFF{5vzbJ6^+%-NNM!1XmEO4NtSp(fa1 z8nMj3mEaBoC>gwg)&`?CxKC=ADRTknS z^)_RFv&Fukbmp&1X=)m{7azi|z48Gsq1`Ww`d$y}B`(M_j5&{;-!6n1IMF11 z{o=1(D{|C_cS5l%40H~s2OtJJZ4b7+`aOyFY2TZqvgxC)J2$~5lBUEC!wz*ymGwVc zq55n*?7tqg{hiEH>$2p~%{NQy?zr!0hh|;rXY$$EJwfCwfl5sn9f$_s*7LMA3JcNq zb}C&1a}tv>t$F7^yR7lNJuS4{QvFaHX#3hQo8rZlUqB&|9@Y+qo3Dfv^BC6FP@^^2gAU)_lau-zZ;__hOEhU$UWK`Z- zPIxKIDYAu&szQ6YgU3hSlEl zK$_&%ZE`ZKZ;xFPt;E|OO2eYYsmrg#ey<>V$cK#+eXb^Ebtmqkl?Cyh#BC;~W+^Dv zp@xDKxksYP%?&Lk)6S@Xmz*96Q1|$qmHj%)QUzi|Sl=;k^$j+97sYF+&r>rVc}|{G zUh|q~UmVZf@rqR4G&-Kh01nlYsLQ)<=w;N|5aea}07)Q0;`(oF4njCv>%osgJI9pO z0vS0?3kpyothh1c!TzJ)TW#YW{OLiYkph`s(?l|GUpx!gO#eb>XM#cyPzx9POf$>t zY%ji>z=6`_BdvUzs9~;j@t(cYedI^PaU|Ey{nybr&CHWM{}&$3>&p~GD^^s>HS2Z2 z6d1cOJ1EjL^on`X!BLXQAM1MUfiaB5@P8h5-_Lcc`cFwaJ@kb>bT-xg;;h|4A+}ii zl1s=_W-JABtCELWUBf-a_ow9;x_k76&h@PSu%>(Qll%R<&F;HZw{Fu9F#9C>buTvC#>Hz41A8+w2yWTChzB$PkuP}Uw2~6c8vsRMe!#~ z#M(!9<7H>xPLdrx+kS+n5y*B%H;X*>$bHJKW_YmH5{JJ?hJ!}ZSlZ!P$Jl><H zTfws$Tx4@1zw;TG+UjB{;J(nC8#WpDWE4*2$?7eAcQ#~WZ=Dts_tItZ@S{8`woe%P z+jwXzSc}acHS}W3MJjHKa`=FV+$^}}l*A3c9)q4}qIN8x6>pB!4=-2^coew{5PHMwE$ zrydq5=f{IjC^XtxQqUBH3J$ev#5m*W9(VdbrkW|!{s+|?bpH2yay9iu+KW5~&0v4< z9IKOzJE=FG{{gnUZ3@9;`g#Xb-IeC1 z=@ejbFp<4}Z}Ml5ZER!cOWfLbU3Zj-vHREKZ$r8TuxNak3Nq_=HSAa_WuR6;0KNx9 zSOATqY72+!)F>K0(2OjA$D`VILUOC3-J<+nUQ&)1DAFQT1dG`IuDlb)jA+I4PC5K-{VF+p7bV0#oNW-J-eQnbWL}*_kDees$hqIz7{m;wV&;v zNVT1+_)=>s&Np=ShB1qYaY09yZ212Gv_MP0J6M6oHqbb5k3F`hIlK@kY`@o0mAy(vv+jt*vT@*v$EzYBde#jvmIhaInK6}6u;ttfPIunA}rV<`T}j^ zNWU=ZaYCGW>glfUF+C-4s<{rDE1Y7i`tH!7qwC*)fC-u76&OPReg4Hbb5ISHvQ4mn zlC1X;P{+B@zyCmYxmH8rBtmiJ+C_RFW2didC(@_S39hexx6@cyX@Vfc5y5IloGAph zk*OuUKm(Pew36|TqYWhzyU_LO)yM9Q8S}Bt*_me!byF1>K1+sQ z4;iBKm9dIqcZTR|$mwUA0uFz@=DHiTf@H8cu1Of7eN)cz<`?HQ0U~IBv3Lq&NKH+( zz%nZ?TDNL#4#P!qCWDXg0&s(1;lU`t0v>=-RbPe!ie-|5J#57VPar@8-IH;Md;yoK z500bclH5Q*C8K3K>nrqyqTEylCo%^IJuC2Wf|CVKhA#?sT^VV7vdW0-O>`ZHa&;Li zIG+jNKqDA-D9PXo?_Ho^6n#cPM-fN)<`Y=etJlz0BSB9%sFyEaZ0)ehI3=aI(fL{h zj+lFlO}4yTyeP-U=QAulPGUq7XrW%f(Sred3=i7(tFQeVY??LIfd;@GwlgD>6%>L? zfDdaW|B!VAE5H$q85|aE#H&es0GChbbE1s{c}*h0`0-zuJRCG=u;KLgl=KBZ`{a|4 zT{ErnA)z8GYmUJZXXorWvus;7g2KT3V+BrppYPfY)!n_Nu$=vMbC1j&mAk0exxJBEuf-+_|#_oLZ!3*fy~A z0x#xenH&-XJ&}C`py$k)ZGq5p#0OXbMbZ>2{MTvs5*!;ib#RE&7Yt&y2FG#JL`i68 ziI;2>90%7sO!i`WF>W&y9Lt2aMBTI zhMwyx_yjJoZ5w@U(j?V>v-KN#;$j)M^aVO++|UDm+2RAVhqDL6d6V!18bO!g*-o9h zD-oiXYum1~$yeqDnkLz+Yq#UX!wKm7fC}S=XJPPzztMT!JKT!*F0@U7&O>306tBax zI@Bk#(NAmyo6CZRpkL$vN-_yrw&x%ZDxs4GrwwSGw=nbW7Xt&oh~Ox?~_h-D8x{M8d}O>C-F`<^1!$ zueqIJb4oJEoY}KYPV+w6I`yO>rbp8jNuA*J_lI5R9nhj-lDTlg(vSZA2Re9yIaTzV z!gXwkA%joVYLX6?B#GQQUObQOYR^@Y2t0y-FgiW-$jV@x$&8=22)>>|lXhtzW;9 zwa+{y)vaeb0=gq|6j=m(Yz2VEL^2a|&o;}<9f4eE6ZyLXdJ5~o}kC7RXKNdi@}e6;sl2N8Z>AuzFODpD_~n*v`+Fzm#)Vu zNZ(ubQ!DjTD}E~}NvmoV9ih=t^wiUJ>)y+FA9J$R=&6kL*W?x#OGNRsluuKFSD>fx z>1oQ#Shj5DH}YWEuPbem_BW)*_`K|bDnD@93{xmNdaD- zU8z-a$Vqg^Owj^KfV?kPcuUX_TELd;CtC~Mk(~*aNp5wOTxc$Q!(oX|!+Zcwk_AXu?7SB4>bMqv(G;@s3RkK_CCRIm^p?n2<{*^S1(>{^oacre?0Gu zvrX2JIL(nM-Mja2Crhtr->$uE`cq7e?)JE2lF2MYN@HI#^3NSqHj=--A2;WTbMq=PD$|V!O}5E1nMCjXYkbOT;`RPu>_E6)zS)W!4Q3dAS^r#`5#JU(5Icf|QUYD* z9r(}C*ZID9@j`109!jD)_<^2AAI*M{pRQZ?p3>KQnV!V^!LPzPNo&I!O|kKB0>%0M z$&xS`d+CFwM#jGUe}YNb>QwYLDE>oiXW&su!Qk1ezi~rP(9SuZyyrgn^efj@zGUpJ zjl$#3@&Vw3&di$Q1`asM-E#A-?#?^zlCOEN>3Gm?Rlx)rI9dvDGoO%n6x)rH_=bMn zO!_mnE5F;d@2n)1cKT~8-qpcmcWv>lw(UB~*6Cz8jPEO5&$nvb-s-XQ6!U^!2+p=q zJ&q>gKKzyUa*f~U?rqdAelGlF=*s+&XhyIWJAJ+B2}+JI+h~SuaSlzOlS8}k9g>|{ zShP+Hlb|VlW3;(pqt`L;b@4l5HXbe09FH@GK&gX3@dkiRg0Q^?+c)WqMHK`-%pNC1 zp_0HMkO$O7>4MRGC1>M}*Z)us`JLwIAdri&CD@8WH$cwH3^|l=694p;AGzmWc+OVO zz$6LK;@ti5O*+%_kzZL5n3YH`YNap6EKbl z?b^#hrm^4pBloB0{@~tKmLQ78hoeWi4?cL`+8{8D5*W5z#4+^z3x9SG{^CAUh;hFB z?Qbt?8=9NN>`_p4PM+Y6;OAXDi^Ch|I{jfR1nS8!LNPt|*yBvF(e6M0^|I#cYJ)Gq zfZ0-b={rI58WIW!{*Z};BF2`Mw`qHw=d`K;rz=ir1R3u|Afd4H8^;hq7jT1B4k+)m z_4k)wa<~8FW^?+{PYYa>0-b`nCCJ1I2eye}^$|%AIJF7><|vr~<&@PG;1dcfPGqtp z5ysisv(2f-N(mo`(>zIGMyR7yu<`-=!Qqb*O|T0kx~3cmPlo z=ztX+BS*exxW&70`kgC>AoqWI&mH+$w$K;F=u9+4AcObTOG&Z5ps0dB;2ykS^oOH# zj{7YZCsi}!<1+}2d{vy zgC7NLT2saI5B*mGHo%R57{$LUAK~rVp8g>yOnqeY9rxd*RerCVQ8RVwWbLYPm0-Bi z93)>Uk%tw41a=6lGfo1c1nIy#_#Bzs>~JymlQC|DWE#fDTFK+5o_N%p9ncV~S%4#} z(~(PT`3%k@Yp%QI2exH08OXFx0he(o^A2e0<}~&GqfoM>4#V&L4i?jU4@f(GI%A zx~0nuUiP9Q{-I0sn-#re`hzEx#RtfaX5~F_gkCW~2_%t7g~NzvpiStTl?JRFB*?_- z0qAV@tZCvO3)EK~uOOa>EM2r{q0u+EguLWA5cb4J$XsX%ESv#OhBtDbKZ4EhGFE3Y*I%Q52?(WmCyvc| zyprUCH?%^1+VrWGd<4wU8%Z)`tgPGvkCC0=Vpqvha2I~`z4{n^|5e*L-*(qe+`nFVS-LVh)H1D(e@(hguF*5kCMDH#|M>fhhNnFH)bAb@ zt&q&K)e;MO9^cEH&@aCDg1h@?x49Xjo%Hk;mK=fnnJ*n2ot0G%^aGoLZQ}VZPGIxK z%312d6Ph<~ZuI$&f4*!1vNQ#@*x88s=+HPRyLRm+2XZHqua7_Rn0DfLNarLDx8NCg z2F<`Te|E>M#-~V1V$~;j22Y@W(`L>v8wHq-81a^zo-2$`zy~P24|-awz)(#kNkC6H zd^pFB)d$E*woWFSKj5=}Mz+tQg@WOH@o&HTOxD~?qY;uX2;kxvMK&(Vg`O7J7KzA3 zcy6|ISa=F@6?njZa3%sD+J&Z=ccWe52H$xv`Yd%?>No|q-lSdR^is*}Y&nZrHH?mc z!?#YIdKMJJwj$93d50=W(^AvqhqJAC*nZi;jb zw#3HnMrM`fg6u)gg8SHX=!zs`kZ6eRiH?L`h|R}b*h=7}dUkXGGzUDPJKzP607hlh zW?W(j98w76nGg6HkXPtl$bgzPs(E>-&U_oCLd)PdI895(Le&CAWPUF8V)2781=i}&PjW0ya8$*&%K z!00FN9Nun`X#qXKHn7O&cqT=I}uh%m%=P|M%Awr$#J@kK}7^L@Y$<{jle{7cj=lj$U`D|P;Co26 zA-J`5tN5sN8Fn6`uQR3hfYv0x0a_Mia2x zl19=|*!_tyzx(dn=2yU{gI>rxj-~<(@!63KiQY}H7Tm)pi{A(P8CnI0ScHJ@4jYtW zi3y8xWGl_IW5c+Po;z2^zR(V|u}icCUxf}x4r8GQi7D9i%pp24G=mMzA_{abAG}@U z=4l6@YE@Yw?2l}LPh%gGB*D&Cefyqbe*0YQwudhS9u9`EI}mz1Iz09S_5;(W4kONpE4!LzE&4%mC(u5HaIkjK-Yz`ozJ(b1)8sDW4%wj8Uq+ z42>Dm2FxZ^D_d1bXLfyQTYBQG#&JtotKj6j@4aKIc5&!&9tdTHGWKzzAlxZr(&Nk} zI|;*>)p=yn@ot_=OZ8_HunGoc0Vg1i<`xP*a!%evDWAQ2pWyoU>u-iQPN9X$wmVM7 zH_8M3E3&D(K*3%VVT2LC`Lp>| z`>c@S9^2PY=qvB0f6O}y1r9@2Zp@sODTkMT2MRrfIkKXDm+XRCMUep@Bc8dzskKx1 z;b}xcS&bchL5Kn?9M32U&<(gsrZUia~0A9cp=Og&VJ6JuB63yyjR#WnwcZT2< zc!WbAXB{}sySb)jj+zn_Q4G|;cf#+@FZ}2eo{LX-EAXjUuPrJUIm3E8mGbtobklBoLFFSjllrsg6D(OsB z88+Ym^Gd<#`{9Ql*lH!(;vTrds*dh*Fyl;uMm-Pkv|V1?#NZhE<{R~2J0h^E4%)N+ zXzVzU>34Mnr7&uJ|Lt`LF*$NsXf1Q+5`UStX`2c?U zkFCs+3ABTQ48;@};QS`D*!TY%Q>w#wm>+0_Z75NCsUPN957;T-p3!s+EW$q z0bY+IoKIl7eLE|Y*qXm-~sB0OBSEa6px)TW4etk@PB>;8USWS2bv4U?%`>GFqnX2&1C>HPT-h- zUsaf|L2^>F3xv^x0tRH70-w)69qaz8pv%C4CkY1K%s62?O3vft-5S0Xf=9Fo&q_~E zw=DZ?$#W80m=a`I)ASa$@-WCGo`;u`Wy`asi)hRkNU4&s^p&w9=bEID4eMnaEAcp& zk)$V965=pIrcTzDmOT^@ratt;v#dH|9K18g`k?<{Fa>Ot7P^@Bd~9Bl>pxIuCrxP!SDYSlD> z0pQELFjpAozk1>~25NTnIO(KQZ0y5d`?oos=?ji~WDLRWISSsj%xGoLlfX7yNp7@% z`Q=xd1FK!T_7?1G-YnI&(c^iNx-QZE8JRlkQ+$*9MHTwZIfppD+4e0txv9aKgehRa z$|uImYHy5HbjtuIKEo;kFK5LEBxiB7F=y~i_!@XYThtHFlbBIebqNCRkOK#vf>VmQ z0&d`)@k?DHpcM+vb~3DSKFyduSuojd`X)v(ybK;j(gF!t)L|<*0$3DqcJU&eg{^=L z^JXtn)4(9|itwsK_Q{wjz8`+9p+DfjH|4yZ#(iK39npDct(F3tIO8~0g;nr44(2bI zFZg?&5T0R6S_--xct{(p3;{3L-No+Z>38UZJZJqsu|{cv>R)K)SNvv8$|i zY;pGSiwZJhmyod7s#O~$8LY4b3Hs0c0vFo-YSIMT3KDw+8)ez56|RmFVn}{jEazj( zjF$Eu`czJ5SF!3ACokuywn%Rw=gU&9KA-2BHcl}Z!^@GM^E}` zOsb=xq9W~AkDOKj~CrkQ!uA@?-T5ge!cVV2=_lFVv`I8 zoJw;6Ho!LE2H$}Rg`)!a4PVO`I5N8@4nK3*$IKd0*I)NU_KG# znvznG?_O8;+ftkUsJ3_?yayg-{967ybVRPR0}=i_7H+_+IbMZ&rsL^-)alZ?t$$wc zNg+85yHNH_hJ0%H7YV4b>y9O6Nj4Vf@~lplJt_W3pcmV;Ze5bBl59Z?i)FA^Oh*9- zhp_+`cojA;Ha5JUaUjdFyIIYP9*8Z-m~6h#1q2^-2oGcIvmK^WgD>o8V16u(i%&}| zP+f!y`UJb>rAimX$GBDJ_HvDODd>Q}4SwqN!91BK8Hj#|jmgeIByTQMz?nc9eI~d| zU$B)pI;weUy4e|w3w@t)vS-mf z$DZ_da5Xo5+E?~0E6_J6QG)iN4{So>sqM1b=b5B^%rwx;_TW1TZw&!m|F4eW53v}@PFE!6v0t`BXpvz7WmYWXyoOn0bW<1yrJ}MASq($R_9-U~au;6AnI|nY7dXYr*jPEsEMy*L z&YEc%KFrIbS~W3Y;&=$guJgxsUceRuoW7xmjU4%&`}^Ntvg_1E81kO9^mKCu zbM_<3EAz~K{=g5MTl9UTGCDb5nV<|ffTGSyVzvUiK>cnlC7L$%KV2`u1t*tx9D=`` z(M-UJ?P(D7t5*4h1%x%qF@Yf*emL!zdsYqwWfuhkC7Sklmf$cj=RB?P<3G^~q%2by zP)u<;)As1mZ=2AEu7FpVGrj{nejjZmj2Ya5A5jPf7>XaPey|G0HU3NM!F#007r0kkdSu>}~c*HU5gOg-P3)rT#a}8%Z{X(7+d|*Dj!CU+^3hc;mt}6IqoSbvcx!NN6 zUg6eCbNDl!Ah+2ve6#3)@nFc&N8=xc%N~zSj;ou%DBug<83P&XoC!4I?YAr-!q~v) zQ{*HjTX@RkuiR5l|IXTNt0bnma`;kkDEBzNmu-{AZ)C%*TKz;s+eh1_S(pZ(LbI(u-O(HAr_N5OC$G6Zsv zQBx)RYslexuwyrvXU-qRLC1;(j7RtyW8ggm z?BJn$E8rBeANqxknkf+kClNdi+0Wk`orgSe!l#D2@GANd@Qq*z@{u+;Tbu1PX(K}c zDf$PEQQ!mijNS)5V&vk)`QnQ)GKT$mp~heG@Z00MlC;DJSkVt&BV(I4Z(*6(bCkW! z7SXhYQO}ms?K}9LP1q71XFdFh)h1oK9BYmu40B{VvIbtvvv3{0(>EU~vF;wye*&kW z4!c1cYqiCeBs#oD}MD=3Ad^bwx1RJP7}XAd*I|K11gF}V#KSb+jg@}4K2 zdfa_E{!7huC8LuC+BO}&c-aLPyFSPFc0YgML3h;^R~rw5?)fWUR%h1d`hFn$@A<{O z($96Km-;k*>Lim7tSE+WlFa7mzhJzUET*xL2+>plV0a$#iq$S8OiY_PQL8w=VsMt+ zfRhL~11sQ+u1Z2v{RWLimunqK7;M2D;0IiI#&$!Hy#bEXpBXbIyD3w~s~s;BLb3(* zxk&pY4gnuv3Lj-9J%Qy+ty-W>c>Ffe1N6)Gcw6OkYSbv%Xa%0YR?(e0A7i*zU8^Gr z472q!_)73v&6+bk%%8pcaQu@;RK7nxNQqoGno?pA@)vr7zR=}K(BYo(Lg5x$pObh4 z|KvEF0Rwcj(X}_YryhS=XRgmN9PH8KSl6fD03Dyx*XAuVGcS2K5BI?f@F^7f!aT3l z7Jl|k7vM?I6*R&T3pd_$t8I@8?}Q&=7lQBn@ttj;r_GpZa=C}LgQR~Pr_j0kF{Zn& zSh+&ycV21yxQZ#YT+cj1o=pEP%q)X?L?(_A?LBNKhtWy7qr43eUxO8UOju+ zR`0LBK3qHIyl#OOwt~%(%sK3H8~}R&pP-3{k&*z!Pr(7?AfLI?e zJP$qMYn=rS|3l_b;3eor!_Gb5bl=)z`Y7 z(z7vB=>u|wcfsd4!XWesdxSG}-+%wVW-Fs#6zGN|3RiRIe(y}PGq7u#NvF8*lFMz? zEix9rTC{C~U+BK{eaf^c?wQ{|Wp(HSyd0h$>=Jk$HU#Y^$+qYw-Gzk~U&#i-R%ADn zoSYmbp-$GgwHQKUL$(i-zYlu>yJ3Nn>ez)0`S3YB^2O)Pe?g)Rd@{=C4VZ`NAK-zF zgie6(YK3$pWKA9Urm#Cc`uM*V2%{dbvXUn&fe&@?Q7~@=nAk2Cy(RESdnRw5!3TE7 zL;oK0@%t8}LY{?onJ?Pp6TA|J2)hn_`njU+YvG~fg{%=|wEOsbk>9o;#c09X&Bm7unCQ&(*3$`X+68?= zKj1oi4!q+yBDS2yr$*oyKI<2{=vmcA&q7Bi(8u_$1W(yttUO+{XrcS^i?O!Nb3<@j zZIe(ze|ZP1-?3NWy9Af5E7C9H5t#kHJR@PiI>Ieis z|H7YL3pqi|IiSka<-99a-m--t4u7(}qXp+^vYaBEf5CQzI2m7i`BhW)I9mv3^tZ`6XwV&gDFOXI`nYA0hJrj4Ve zjTFrj73f8g89VkP_tnhlwqloaNbbGo0ei=1TDkCnvZY$ekZs?-gM0GvXKYM3Svmi( zl9UPh!`ZuhzWVCF?CioHO4&s*V(g!5^&yHeXZOAK#@nX6pr`~z5CsHfq+NQ3&L{iS z5%lfXZ-BO~>1xJ2iey!trPVY=tGJ}}p!_gbJde|Ss2s^pJ@JeQ8iG&EjaQh1F!C9B z!Dz<`afY%sd-p!U#>l%-Tv5Pqc94CUltk8ImU~UcJi%ZT1suk2%CP5b#2c=^$rLBX z!4{dLKK#H|5;0de=rD{Kzu}MXMih-o+;{Mau_S3L4jjM0JU5pWqS}^nQH}+@dLHkc z^(e|Xl-c^OTD3Mh`|LQ4wTvmZOP1tV8wh`dKHKB4;-c?~gKU0KBFI!+p;c3j6bu_Y z_#CSjoB?_)PlfOxI$VzC!#6>BnQlt9AlSt=lN6L3<|I|Ti8Bmw(h{huql{j*Tn0BW z-Z1{^CDn7|KL6CNgNvMf2F(yCnk)WClF0ePF0j?XC`{&5%?m#8E}H|*19O7%2Cv{; zKUN%KoQxU!v74do9m9Eq|N8eEW~_L}W<_n2`L+Uf!{h|K(P)5e5I_EOtetsI5acg^ z{-e(QXk%vxUoRd>@P_kleHLFu8|!#EqK6DQ)m&=>kAvk?Uonju>f=XFClf5}>eW}*f=d@9gUa*6@~GB)8wY*T|`>y_oao(uSa z7D}FUcAhoQ#or-Mjm9quE{)!<6&F*(Qkj;2p(nL=v$1Y|;dGzs~9D zEGNWd$;WQpjxm`Dza2E>G;==iZo^T@ZDcx0D%o;suxfUPj14QoW%bY)i~h|o^ckFD zb$qX0eeB%Y)vH(Mj|ut9Je{q?2VejWe)`E6+m;;M@6)HRyZJ}AxV!HAnFV7xTYLE5 z{%y~2gag3=3hzP2kSsv(#{v?f17Jr$3K%nn$A0^eIa7Mdk&M&%)#0yLlEfnq{nls# z=M)KFjhm}nV1L1ouP!B}t)`Hn;BW;x8kAskB!g?kex zPH+PUoa8RM^a@KZBTxj~kz1Seoz=)czU8OJ5I+2Hq?I$4 zTUDx5c27U^ge76Xqu>p+@yVf~4I%kj-z|&_;H#l%cIx=R~tXZ0a8k#5HXZngx$ToB&1+JDO3LGan0_Q3LRNjL_ z#|Ns#f7Bb#Gi9$y2C*sz*@j%^-Sagkq2%L>`isM9t!R{0SnWIL7#+2Xa}^r%4k-VW zs@j}Fzc`f`D@hn6j^eDs8OwVZ58K$WVj210qemap_i-w3-n>!slDG9``%Y?ul?*$? zXLCh!a#~7XBS;M`Lxa47xjZZ-4@mSOsU9>XyIFDonyOp3j`3i=10z=6o;>hm<0rYf zxvr^pfFaO2XYO1}sOa7M1f8vSx3%&4=i}VRUyO5IKK`HUCp+`ryYII#lFanx>#y4R zd%V*Z&m;4G*oR?r8J}=OJ!Hpko_^ep{$bY!wpwOu(xjw%rvD=IvD?{Y1>OnnFPpR6 zRwK7+)!Jkn0c3P(Xpyrlhrd3;U=J>k4C&{=%eL_ozHq0UJlI`&$>sJeegt^TKXj~6 zx?~%=Dg1_cn=Si3^yT{Ne`L6oo15d@x<2pf8=E1106XO3i!PBIT4}P>x9!`5_Bu-^#g7PoM9!Zn-xn|#J$jUO zCa9mcJHbvH7rPb_=w?C6fc^vB`AW2T`k5!)JMX{iP7>eGki5tC*&scTq)C#b(77)b zFATaBXZ}{6HPfYO2ZoE(FZ=?O?Cg2=-oqy6tQYM z=?v>{A>O2^;y3j;dZns#fi7K-wR*@K@WGES$Tgc;3lJ~U>RSR|0|uTdtu;^9=T%da zDn2oRAThc+D|WN9XWQ;v1ip|V-MSrb_WL6F=Fof4*RkPABt<^6B{Z^|)tHRom>wi9 zRj?zf7%MW=>sQ$JUgsz@z6gvC?^mS1w#Y93wOg{Pj_Z-WR11pwxGFb{ly7UIdt>Go zuELg`ZtbG!I!dsT``f?QyPhq#yPMBzBz)ZEKApPR{b$+^cYGuHpcgStb}p$Tyq+SR zYqRP9H{Wubbhcv+j{^+y=jHGY{*b*L+W~xG)hvsA*e0B9ohc-mfODBjmLyTwf~w4l zct@0m@joReH!(jI?XhzY=V$XBob<5ObK-}5r(Jj-iIhIk)9;eN9MLZRi(nVf20nih z8B%ICH+`Hf*f(veuH$R!8ZX7?#j$Moz*t#~J;6BGVUOJ`X^ZD+KQ1u@VhEIc2$YdP zE0Cc3*k70nf_d(o+3w6U&#+AICCgU0k3Rj_J#g3k=0rJr==a?D7hG(L2|-L8G@Qv% zSZJ5gDv}9i=q1UBAv+Ht$`)w^7%_s$hGV5#b7kKVv}L>GFQxp|mD3a_LAC1DY!%!V zIcUF7)^V*`I)q&Bp&g7@jMS;qrrO8|KB9CrQf3U>FfWvFr!Gn)!OWIgHO$I^mD)~q zg8EfQ??{(}$Fi}dxH4uk_)a{bpF92ZGc7=K?_IaMTYq||8z2WSOw<@Du*uSD9euJ2 z@R{E~Z7Tv7tBr-ZIdT})u`OF$q^B#Zu(?~dbg7)CGi{a8GAX{ilkF98tf3&{(4`Ob zJ0&H>jO48BY#DzIT$@&H%&{_FFu_59zSFUNM;m{ZRtB+k>=LciC2)lSiL;&gLy6*( zpcRf9&X*$C+e3~koXi;NVV-Bmx%BJb{MvOEJX`ZVDNYmQc&2bZa7|#T;1PXn-n6+y zmoq0Y=L(XUy+n>!wytFytX@b}p#p7{B z@vFHCG7U9HcGmm_+DcKY9%TTqvY+4#t8mDQ3jqYL$P{LeoU!(*&Mag_Anh_Y>jYP5 zj%%~U6LUr9Y|{ws%5ELNl2y%3Nm!decLui zWAk|Gm2~>e?h$Nz&3P|4;G-~y-YU>1&C|@;S#p@-?BBcdll}!6m64I|a2L?G|BV{y zUjFBB8RW|qyu8l+`r$`SZs4H7K@!HsT+;@4$m*NPQ)RFuk;T2)a0T3(zaZPj53aCs zbhUUDa(jo)HYJfMxpA^3iGjb!US#qtT?e*3y7w@iI4?WP5Wc_*P4Aa>){cPUoGqf;o-aOkT61mTcJNPgw>j}Pt_w^M7 zX{Yzl4`e@cRbF^NGS&qbTx{~^rW>wtS14$7#+hf?^PB;OOrsz0);4Y0y5Ild8TGA! zZDBh%D@!_rg8rI2bPHrKXL8fm<$0O=$Yf}&b*t9qSemVXDSd1rLyy8P8>w<^qYEsR z(FHs@wCiBF!HyvdM8iM7@0S+vHu}ko%e#@lO|8n=T39dGY-xOZmc-~U*@Pi zbU8}EH(<@VkieR)eQ9%Fc?WGkhu|QE=eUN`n*cv_;%ReRgueYM59pRv2RL=$7i_0R zThJ@ChqDj901Y5-X_qX2_~S$~jhT zs{%Aezj#0I!uUqEu9stocQFR|74n?KHS`+vRNmXR9eiHrlx5Af@dP+=&US4D^y()i zxwqeaU)#C*?W@CmJ^Y;u{BGTPa5T+TQM=nUR_2U(XDh>tF1*B?m+S_?cz{*mf}XL< z&L4g0?=L#GdV?3i7tryb3-mN#$ab^P7{OhfxFjW|q%^TWQKo3)&Y#?2`sW}2_^blM z(vLK6vu4jW9g`I}Bo4Bo5Sn1CX5=CG+^It+qZGJKl<2j zghzE;d(lhK;o*(w&9nudfsT>a&?E2%Cdhc~ovBl&h;Od3#13Qt`UA3!!m%*~w$Uxn z8#o@u&hOToG;7k#Y=U{&^9+Ak(FDGRf(%6mG5nX)Mn4T#nQQb$-eE!7yg5Q%LMO~E z_zmr&OQJ8q?+Cs^8>~|F^yHmfjE8`0XxHNc2@QVkP1n?%nOs)~p)>HFL`NK|1c51* z0HIIbOM8j>aggiK62m09jeepZhdx86^c80o4l&-z``F1My}9sI^F4g{8`8O2XbdEj z6)3kP(`=L7g5CDeL%$L}%yxhN^K;tCqn+U7cZ|^scPr4Ow~yy3`C)(@ehnn!=1EqF zc7(t6M8g+eaIpnc2~zKkrpAr?)V-`gXfxp-EQ&llTk0u*!{<#OMgN zvxDRx`~y5^1u*t3$EkpGnM#J_sFO;SeBuea-GF1z0KNheHZ6d|Lq|Y?ZrI8kXF0eI zP6tOWztIT^UO>|%3{lWMDM6l*T!W6t%AKHh8Xr&{pfr7k5=Cn4*{-9lxEy&9fPPt7 zI!6f=H{Eoz$&GvNxmyVY98tse$@@=3JcAFfs(459)Mjq0cqcm1LecmipMB0f|NNia zKVN>yYz_Dg@|naZw)f?A>XP_GS^2jX+mSHHOYC24FnmJj$mv?NfW9cG z;5jGs>1*HL9r<5(zIMbKs2vhsc;PvdpXi_2;y=iDbO%<*VXNa)!w$el#x?W?{DSZ; zcoMqZT=AqevbEu3=wUg!51&OY>m-Z2bn0q40t-^6i*Mb3_XDN_<8ML! zAlpXC?)t~S|KSEH8IAF0$?m}>y5agCnf~yb-#+Z{2a>RP?KRiC&psa~9qTj6`^HMl zoG9HPZ+8Ic5?z%LiY~W9%WsHvoTLB#jd%*{@+3k>I&u!NK8ahe?p6ka!(qujPcGEQ<)6_q$XwTF8nP+@x zZCkZeLhNMW&=Se!%9dn!DCP)~J+?|es$H#ud*rjVZscXF-A0*YXWgu09tKMv+_K9pU%ArVedpaa zH#hv`CU?aJmss){x)8L7FB<%PQ8q$r=`Z+vnYW{*FjjDZRpaQuY~hSf%q}(QS^?|> zu-go;7AjepU8a(RN1O``zW|T%2eFkpgy4#i4VDk;r~%I?MDlG$Kx!85Ga-aFwPPJDmX7FKa&t3 z(+`CN=J2QI{%B4XwlSf=6fg)e64|~G<2DrTv9%e&q~P%O4h5~ykm83zh!ceZL&cC? zCBv6@6R-`}QS>l~VNhh~^NAwCCxQpzkMictAQaDX<}|?(gt3g{ioW0oM2RKvNbvSL zt)^j{D>BUgEQOX#Lk!<0GFqw6AAP~GblRz>o6x)e=h{+J3>il?3I>dv_u){&q0QDW z^aVwi{;{PT!5tVk4rD(lXU;Fq38^iG6UQ@7Bn)5R#Mprc@8?;RSqx&v8qO)jQN}nZ zp)UPGF~h*7Eu2dzm^jJssxWo};wZf+F2EY6CGTSl^nrG9G|+d(g!aUHfHC!JaIc(S z^}%~^)bq~mQYd(q`2jA}XYBNs`(X~*qLhF?*8+@J3GM{zXb(ey_cNxFUPAxrCypy% z7@WfN9~|X6utdS6KGzGBSh8v>~XkxWrF*>hl1k- zfzGp`@a`iy09;k8el$eG!L{0Ys+}CwBo{CT7=nx+T;>x69)6N7x`tnI%^WFtFoSPk zh~oGqu)=-tnP;Fw3b4ho#_B>=9I;XcUI*>N$G~@J89F2|1dY=Ub7u(=Qu5$`1QVc< zKr_4pCnCIpcaWsQ7ziXm!_lM?qigkrcjFi(AcgaJljsh<0xhAib00bl@1Z@mtcvnw z8`MGkhrWWJ(QHu+If2CJhF5bx5qE(BI8UF!b>QUTSb*aJuFxOFx9hW&`R&{Ft8QtJ zKjx^80`55B7R=Ae5BR{JfEUHT+tV;~P5a?p&?_fgO$$aBwgqO z7_<{gu>^qC97X{$_~HvL*0zd0ZRZYFv%mM=JMKevq)^~87;3y9Iv}9J+#mzMS;hd~ z@EyMIaYZs*@}FRz1=Ga;;nBzo@DYr*O75rt&Tk)m#7&t#)ul=wKwdGQ z^ojn#51?xt-q1E<<{JHm<_WR_Kc0bxDZqhe2^7IQC^*M~cOB_Lw1WeSHfRr80ZZnJ zt`|v10Y3gL)3OFXYe4^?dtvm~QXtFvAb!L<=o@{Z??I;sxX-*X7On#)`U!05AFCF5 z7jqfr00}|%zKwVBEcK`ZUkoq_{n(dJ+6#0V>O+faTK(~KXSkFg!+1CI3?A@2^azYt z)f%1yr%i_HK7fP&BLTzx#CB;Dr%$6s{@m3Z8PxQHQb3=`Uw?)pV~;wYd`IsnW#ff+Il9ksoJmf$7^ftGEY!vnvqE2jLpH%yrY{1z*Mlj48-#=7vBnI%}Y>&=xd-UP@b@zes1* zJn=kZ;(3ByBt%kp4jmUhl9e^rXbzePbVMC+iFTtpG}kCRzeWM=ox)Ydz;pC}i`v6J zpzq<2chhGJLW`#|4%%U^klBGgX|t#T?+)@RygT5i^#{6=UXxgl_fwDe1=+^;po50C zcrUoaJ>M={a3;{H`U|h3O%f&8Vvc!cl|F4ljG_PNrL;#~<|0u)HiFeqc^4x_=J0MD z#K_QG(I~V=8?S zqA(5|&Fk`bF8C36ByA%fu(?eC6GRABgR}5vfl$vX7%yCf=D;I(BC?q_ko6?%lBB?D zGvEkbk!(Cpt8B-7GR6Wi1S-%$NHQQPFgtsm!4+9UyYMt%&72`m(2;6Nw$VQCf)2nh zpXCn-JeW0p%$B0A~(n060|v;7v+)LGDk@ zoZ%k0`#wvu#pWbIj{G(cSQEYN3jBZ*<^R*%7n#^V4m5Q$3+fszA(VhaGz z&eEAd5)uR|(o@rHg)D(cRs>+!Q-T7(cNjwjWgMZn!PKH92v_Qa;u(-v4x;Vs%XQjG zY>Vfj?eHGn%XR98dt9S%4My3aeFr&|YP%^@CtIKu!H6=5!pF0rzz|iuu5!~c0wKQQJ24Hz3B7Qr7avtDA}QJjDs;^wEMml zC}^SmXuCW|3Gd{0_#UovE%DjJ-_#BL3(rxV=j?j zQ6ta`co<+0+@tu3-})1!S(!WGIsbc{6^`+ zxrU>Twkh1hIL82|4N7R6PyVd$7%q8i*!Qb2FSQ2`)<1NsKm^!ZqJ90g*HTx#-K~xM z=OXRzQ@g-jh9$5G4msZ`{aZvosTVEb9pPHy{ct^eGDrLo^hhkl6#%w&GvXYr zY-QVW&Uk<4-M1}^oPb8O-}D*00T-f%9Ci2$I2Xm0=y&Syn|h($=rf^>C~T-tNvubm z=(X?+xK1#|p3@u?xFWcU(}?;QNAwTa2H9wM7=Z=j;Q4^Zz>T`>NWl&P+1ad&^l})w zO-oI)Rf4SKCou`x1wB!sI28RJ?(wcDZhHDG;5GC!-~rE5LcbF4CAO9LKKjL2k*QV$ z8#3q_8+?ZQv_ZSPBa{FS-LT+Q=#Q$Zeqp+%ZsY{SG_Nfcv}AQxSblq%rzi)EJ7QC*X9*R{$#j%!(~=A>anK z7JdF!ni3s^vDv)npD@>Z!msFcp5-s#AeiYTGXdT}_wISR9KH)j8Q}`X)rSIXo-8_>1 z(Kt1@f)VMrkx%qm!QI`y0jEURc={4tRXYvxdMaUXgQ_?*bE2%KOp_tuU@B&(40%<(Pg*&!i2 z`V4QwzNS6ew-jJPrH?*l|5P6TZ{OP(oj+Lw$AvVQ~YzpWpnEEFN|MA&87E z-ma}y@5z@)vT8_fWu-Goxl6Ts7`qqYgRmsK2wO;eU+71P|I~c%rcdml(_wyq-M5zg zXcry9Cu~YC>Oaq6{Trh1+S~iN$FuxTVcx;L#NCcmO}0bHS^+#;x(W92hvUY&ryqG- zE0@`EYMuGHe)rT9ru$b=pmD2K0yn7sjr;WTvhLky(_EL9Ro%o{o83zzH@Im_zScdh znBL}fb?}@&d}ZkT!EY9Hau21W`Ckx4$UxykKjAZhj_o>^h3f(DxW@OukD|PUHUi%I zXRLA&?fUmd+oertfK|K%m6>}M2B4GE06L=KcOKtLd>6FCafYi_u8_^PRrBr_T+m%nf_G2w=XJX2XDl#{~J-|MEM%#$C zoA~Zfzolr+&cS=p01rhVR@Db;2`6wZpYgFMQvvK0z)07YfEA zh9)}|go3h&fdb7ZwioJzzU}FExPH(+3x<&YifCW+FYe*Xx7Llc|E+a-hvq0as0-DP zv=h2g=ziYCqOOJdMSWrn1SP+y`^9mMu7d+<+7|NPuMc;R{^lXqBt6}=NKH4K#xP7Q z;DxP7ipXuo79C#{ccR~^6Yw=!pLay-McKQZ7s2_4pFtQYB+-cN)>cxF%6xgTvS)KC1}mpX~h zWL0B*0UWC`P<9!gibpIyBc=xssKYrLB=Ch>jYX zGbF5NxVi~c!X<-V;$F3ThVzJte+gze7S*=*N*oPokte{)|j# zo-uJlQf&cn3x5L^I8b>ev2f4hOF`SAj$gr4_&Rk%9}1rHfnYdf^d5a<>vvWe|LHH! zSu#|Lc7zF$;4`w{$QMT}y3RY?r zz8>w{5%E0_4$-lM`HEiK)A!x#ir#E?ir@o#Y9qcLLtuX)0N%kH;9vEXOmf$Q54c?l zgtpgq#jFNIFDS~s@Vl_=PSZunH?F}8*%<&m<+V3ob4ymQbjjKRxd~_0m-9QxMQI?~ z4$lVtgzwQ3t;hA~?@*V|@O^L3ay(SMGFkx{5vshGHsSH;5-gbc=d1tJP6;(#L+SJ+ zkOI4{(wF}8&RdpPhJTLw(eWhqE!vL~|6L%D!enp#Eeg(itiK=a2Aw;!zo-6$`$fGo z@gDP5u8a@%7gfKcU1M=mANlGZ``u&iY@LaXy*pg~0Q?V)wd)nQ3UyQ}U&f_&+vPr+ zzQw&UcBA{l-?zGc{j~#SWo>V)cp-KX1$bb8@;ukTbAJzdu_{OTKLz?xU;5 z7G_xo<9}iZ#1JUa5Gb|)Fry@c9p?v`Z6^&H0*A6~Nw@~X2}~pkktidIUN4E?37D`Q z3l89r*+l;lZb6BR_M25WC;~XfN<#@_+4l9eLfzF6RU!hb(B1e)41v-Q0Ti96fw!j- zl_q`_#t_D~8;=r6b1yFY4uPU%*uFo#|1}Tx`@-xaqg&}bE&jj>R^w6j^!}2JH(nkW zmSLdz{`47HPcj>4X#pE^O6BP=Magq^$w2SHkUrD}T_mxJ-1;?y|m`3MpwZ$;O!iNLO{5-wlO3~>>WjcL+!bLhv$yB zXNuwlrBO#XJTNSH>%qeNgVk<9&-eDtd*GlQwqd3(hqpg_>uceAh_UiIVy8_;Yu)gx z)j7YI?ei1;w0r*=(bRTPI9MFxKUnP+N8b|Lps(OzXdOWe4-;1wXx@*Q!2WR+w`pN@fRI4Pw+cj3!jPaj(>Xy>??fswO)YhKGl~}$1!q+ z>gpPNbYF@+OWl2|zAsJ2bz%s_5ID#XDAoWl)Q_M*dEqmZ==X4~G=3t`INyPIt_j3% z86(au&k+k?Q5wd5q|8@ofOXu*7y^e10x?}5DoB^k_Ym|AMq6pel>_ZRaInB{Uba2I zLn*3ljO4K5Hq<**pGEcOP`x{TPYi+mhJc&|f!9QFm+yy@j`n*TdLY{W@A7>7%#jKK zA$b|U@`Wut)0;Q7^9W1TXyv>uR3i3nq3iLF(gOh;{R${;)j5CbwUb#s|0+;#O3zs0 zo|Xy-fMX=VaGVT-DrFFe z&hh?s{Xm}G-*?6JV+h0$C>{tDa{$)e{vYyA0qM3~|dL*NiWV1IP#{q0g{yR_;M zq5p~FF0JE997p`SBtyU_QAAgt7ln`bzjcgpTw(~s5QrfVL!cBx;GhJ6OEEm+uE!9F zArM0#hCmE~7y>Z_VhF?#h#?R|AcjB;f&G900X3~=-?7!UP+Yriy_-BeQ)gUji#?r7 zZA)kNqqVqd41wZ=z%Jn++do&TP{Ga_wTyO;vc>tDxUCohF$7`=#1JS25C|*gOF>uT zF2)duArM0#hCneu;GhM7E6BLeUN7vCX5A$7G@ATu_J;1UZ3|h_`%-Q$mYA4A}~L%`Dka4reQAE|T? zBkp|+fg=$D#U21gxht=&ujb6la=H4eTsO&8P`2rYRV$r5Nj@lCR>Fo%Xq}PUrTek2 zW{nya1TJd3i2!u&RjN?QD~7sAfSIi-N|F&1#*U)9U1tTOJkoF9N8nPye(%t^f<+aS z$Z}=NmB_Ib)!&kM4H%X$SKgeKoYzbaLP;wHIC0=TE6%nKyf>w<1<(VUn>lB;Te4uj ztCCbtzstCdtKnB-k06kYR<}z@D&kq)y7zF^t5q+=uh4NyBA%7L*(fY4o7vSyW&;L;nR6v0F?yNvL^ zSGVrkKCrAvVpnWD9)$Ubn>=_BC=QykHlPW}LS;{M9j^OY5+Rl};q^k=2nBlQuQ>V^ z+ANMwx|qFSfm<+lwkun+rmInpIme(VzaC?h#4 z5nE3BWgaiF{_CI6_e6U!TrX-2*gvr|wAk^4?I# z{B-i?S)f`ME9m?79oxj;sZn~%-egPZ9o6nVXPgw~II*B(1id2hp8eLNX8Y#p@6y&{) zE%Y_|SyaDGr8PMEeiy25FyTt!d-R7(!I9wGjn*@05-ACN2xIm)i~cvU zAEB0A*N^CYa*ylG!KTfd+y=q9UQ&|%W;lC$hG!Go;@ZI|^kb*+fw?`eZ^?^7le3X@!j^CesKF-aVGso4GGaQ}-o|iAj z$__uT;1S=W_!OlDXv(N3fgb#O{QIKMS_k5P4mku^;mW)t&km$)-@Z+>ULlVUedD%n z-D2{vV#P|BXL(1>?$#XKqzLt5>b&etzdY zlGRnLpGbg8l`0xOhZf+kTefU*Z~f;@w@d#88RhTO+V1$zy`peFN*C10mp2LYW6v`g z)IlMLOALYU2!X(-%PT1njQcJH97KlGmhE(-M$p^7{(6UgS2TL}bp4I4Z#8=7Jv_(# zGNNyu-?`H#0{V6;8b5$v_%^>=-@eOuihc&CZF#q5?HYIfxx-ACXDm2G(d82heBp~P zK6jHQe`V*L!p9gdWAijCY8MIn?*&gAoFclWzq30ZDY~B5>k`{6Xg&URupz*_9H>6a z{6*=BHVfn=bWvdACDIdeltQv6GTRsEvXaSMPfrTAmWbl<+U?rmzTWr&ACm3Pt=;V0 zlo>^LuuX?fMo-WkaN-Y{i%pGw5DGAZZ=kQhi{f(lArSbI@vg()o%|k{E~a0HTf*db zDE@N9LI7NYCvDic(Y0>b%3XT#rKS^X-Rif;kJ=A`hb>vM*uDPd8?Hh9`c}7qeu~x$ z#1d5su-WiCLD!&-K#zIWNWQ%hfX{RI1F&yqXJ@%B(#5*B?_~YAfFQ3>yNrkae?0AT z*R4%^MLm$UuE=Ng}&=yv;PbACFn4P#}N9I`03l*y)M`7st1OBkG`7=j4${f z_GD`@AIM_HTL3R>?uhzlPxd|IM#n&}*wgrTeXTk=-eGTb02a@Oc_}Ht13gGWt6i(Q zd|jK(KVJ=fUe^Ool$5^4{V4qqV1Yp8N|oJ4@&7&1Q|TXNJc1Ykr4s@N9)-#qH~I(4 z!y+kfgHImhPB~?Wn?FC>rKe|Duw?GsIi@HDr359TTD5AfdGk~Yc&=N&&Q{iOox&lUkh1aRk$UEDk=X#{L|FMkwsnv3a>p@&l{w1;sVjOO6{iyF}O zu>Qe0SFVh*qNE7WCZGI~;YSJW(LehwrvpkO?V~t0Z`$0|ty@=pn`eDnxO|zeHBQ34A*&3RqT1-K|gs1PBQ|(ojP`Q3l`3|ASUf{pF)54q)>!@hxS50 zah}k>uN6q(9ih-Bf7Fk{0hk*sb$w@^gCUGH)T2#G^f%81SaFYMXgkXExsURJlFU2y zI-b0K?6H4&@8^Cf6)RRW7^WnrNExs1va+(YFlC!5>{0v(&*YD_h_*tT#res5=|}bI zHKcg?KqKvk{@A-BiddoRx*1@}b^gE&+S;U~1OIG+3KxAgJV%{yoom4$h+emLj)H%H z130=cH^-fI=2>pwz*AhdXtrfWD_6BzRX2C;Tq*cI_yw$X$^lnhI~6n)EkE(Q$IJk% ztTWwEn@L8gBqb+Fv<;n+?6GsFcg{g$JP+=}lXx$`t<5}M2e|oN6pkJRQ*l5;1a6cl zUhnNU_rfzp))Q4AU#ch=3N_(~_C|dH?~Jw)-W$EfcNAYrv*zh;jaJMB8m(Wyk*lcW zg4L^5n4=aN4sE~>YiR`?pBpx;b4m3YnDV?>i9-Q5tkGip2k4QZIeX>|_sIWy$Teut z$Ss%5>d>L1!D+#QY%_EN-r|UE)26LtcXfBqFYa?ax^y*Kz$pS;!E^e`Cx4+pYvF#l zj!b2&&;^C>K`!w6TO0-_UO=RYl zEn0n&S0{WX)(_XCZBU0`Q{ANcMw?5QE;2l?BfSlpSf_yL#*G^cU*Q``New*is=J*3 zxo-VhFH6*iDpjh|oZ4zkHG)`{fmMvXudL}d#`d}3g(LcPia^1j{; zY_xt+ZO|t41f8HmEnd7(?{fHA=>c%{k)#U6|_b?AqB zl)n)i3_FxnR1#fDn~Q*nNBK0x!#~InFyE78c4g7P`C1f$Uuxq91%unPaVxY?WX+n@ z;&a{xf{#Hr*cb4*f4%yOYn9QmkbOa&pcl~fpkL(c1w!l!O30?b8_}tdC)A@3c3Gl7 z%PQ+1bP3*z@96wt7f7B|aR2$wTjsl~TD7XRM_qi5jT<#~k6&=Hn>ca2Tdr|*?$pK2 z7GLHa@Z!)P^p^0Q_tK}(fBM2Z%Sn&frE!INp+AYA$g{F#y*?GK3(OcFh3knvHa}*c z@W_4o5#(U#OYjBFTafJ zYpi=XZzx@fBy4jTWy%6RjfISas-oaT*C$pykiZe)?9DC_w(;4mLsLXq-N@EEtcI;w!>?LIK_w$+mA3b!55NcumGLw76?&$U<`P91 z1!$Gvz%x8gp?ws20^KN6z;=^XdXoXk_PA_|vu4#AgCVP-D`?9f1OW5P-0&>V(BAGV z!+nNjv>&YWW{mt{RFh;tznJT&0kBq1pGjYS;eM$=#<9otbkF|&DJeONtS*5*A%ejL zrJV6@Ri^y%6)Q{uZ&2SmY7ds825fii+@=6e9XV2)yQxzHKm`B*06+jqL_t(1($rV`U zCk-0nZu#*~U431jtyRGAl3d}}_1E0sz`bAo=2z~R4xNp*peg2%9S~TN&eoW$O0S|V zG@(b}4~2KKmo;~maALjD^EPBv-FmJ~+YWBYl3cfX^$KgVLBqz9 z4;$PD1&(-Eaq}k}#f)c*_$tBQk3RaJ`|TsYa!)?}M~$nDyWzU4T?HjJ>{zo#%i_gT zwAJemB-75-s=x-~|2PStBV;PFfS@jNvrg^W#_#Db?XxQgvaX(Z7V;WAU$Jt9tEwOv z<0~uqQctoKCpPrbK*4Y3jJZXgELM^Q?LZso83cV|+AwrHBL4wzz!7jO6dWqhq2YwS zg9A9TxJIEq1s>q(-8=Mb6}|8h{2}<8nwsHe&6*~hUFRxEw?mH$g?B*9Bt-;AVQ80j z(1YML$;nME*h?U}RqGB$yW5m3(y&2emyaY`~C$&Wvt}u8m%8da15` zEeBOOt2KmbT#-(ToczS|Yd!3S6!9mG)bW7@l zKr8am<2^xp(UW*C&V2ZNpeO8@sx@mFF3*@gS^RyIL4?T9Z><(71cIepEk|}r>GHKqtIl8x8tI*S2QzaRoQz3J=t1baxZ~=K8cn0{w z*w)Ct!QT2>d?6<%+Y&CQb6AStS*D!i-kP^ujn02|XC;^dPDxmmMknS5o;*j$fZdxM)keX4u?tv6f~CA%_y?741Ty17OQ zOpN>NQ?rwR!(kimVF7Zm%H#Q6t?mPdy={OEO7v zLI#7AG2kBm-7^+Y{f&HREz?^V4PiTDUm%0l$!5Y1p#9uMx#ma04@W_FTfBU+`9bQ* zo??*+z9e)7d|)IA;k%<=UD-8(Ea)dR__^%8XMgiM*Sd8ZH(PucUC7#8vczqXt_Huw z$5LB52Y$`z)2F%PR)?KX&_ud0kL_jvOA%sk3*n9c^e$IV2d5M8y4J-VvlK0+k+;Q$X z_ndpyMTS~YTr7FY%S${&zmYGOuUMhIS9RA^Iym-V^c9#P7aR0@)O&yT})>CN@ot@3+&CeZrtQDVjXP0XU?2rGLgyP z0z9y)FPN>=5n$}`nM2lcWE$`TnW%pKTKd<}6|Y!kauajQb*}@jW$z%@WMp)Z<7BSA zzc=>o-((t~9rUvFlK`s(mh(-jjoytQPzC}lWk@rTELsLE(T@lM2LuF4wQH5pow(ov zbKxH)Nx~1xgP794bZFOJ%x0SejT$DfWW+K|D8ZAPRLL+{416%t;|C8hWl#3P1#X;D z%Vo#|nneU77XMJr^Lx1%HA2ssrw=zKHhIcqGamQQW*A}Tiy6~Q!8T~%U=zmX>nyYG zim=6t3*n7^(k^u(G_{d&4x{Vhq9S+Pz~kJa+(m9dcD6g^q*JY5lVs#YKg_T!vs~Z4{cVFjLB>h0)7G*52S~_RDdDxABE6crX-b_} zIBThmi~f)^f0+~_cp45r{VZeD6DLiSQf!q8wL#ex1i%n^j8Z*gU^_Qm^(~QyT0gbj zLQ0ec+4J2@rP{`zjeQj~1ixYnhmrWx$PeAz{E)tY|apP z>F4o-hSHV$_C+9OegbT%r&5b> zjrn4%$x=i&kPx|U{TeBfG4AL*8PNs`>IRyN&DykJ1Y!&*;85H(Z{EhO^5ioj6p~tt)2$!Jv*JeV|W-S(_&bx?wIVb?gUl zWr_36{3EP4NlkUV(&g#`NEYwMsF+WY4>KzW6fi9AygkUp=5fQ`BvSo{H-6rA) zg|=<{1anWP&J@tlioG8{^@3ro~O=~lr)=fRcn1BN|^pPl`(X+p3@Rh`6bS?YiNCD zql@B#LfRg&DOXbp=Rt8^$C`@41|^Eo0ER0S6cAmB7}kB(vf~F2(Z)C56xTQ;ZPB@2 z#~(LXJfg88>*tF$W;r4Wj}(3JT<_Mst-et*KKJX>S8!=6zCGO>jckpQ0cp7SJ8+sL zk9!m;<*(KikhYu2nX+z8S0 z_3AaSYwOmpmAoJ&pm2Jf*5?)Cao{jYz1qSl9H=ljL4(LA;53oF$)aVVcvr6pPJS2{ z<-jI~HRv5hCVUx34R|Z{6cjAd8b9B4?b_3|kj#^px6s1gtP%v*seN`xMxI z-85KgEZiSB;5c)_Lk3Nj1L)+*lT2y0K}xvx?b^AMPCUitc#>pW414fW*1~mCSjMzJ zfREyEc$VZh4E9qc*HSP178$>dGIAh8PLV9ypg{xc=b117yM?9 zpeHg-Fn{1Ic@T`??PlNE zk8`x#0o6^r@2~ss5)w7p5 zrA?hS#mhG8C+}e>zVw_6%;}BiMvnSW@}3N?(iNhwL++TRtSIQG2v8Y0@o@!Vsaa5($h1PMXbnsTi*UHP!H~j;KZ#6GHU7?M=d|!Nz4*tK4k$pgOIcy@26t7q=JlkY@ zi^bCQAUo_J6PWf1$REh@Tw@Jq53*F5f7mbAS3n02X5bsL@e0-R<(Jzf$F#5vUaZaN z7{KoXt$<_9ug{2ip!F{5PgR0I;(At<#ubevg22HHfyy-iv&psM84F(_eEzMI00c8+ zQ-ZLBS0D;6+stT#0`r7Pvcdh~H9xlVI1yw9NP(0hW&3QUs0?-S$p)AR&ZD~bbXQz? zm3gnh)Q?r8fL(Te@_q306dG@I6HaNtENHxx4G1cexuC<;*7gu}2LnUx4TvX&vJ(+$FFhP^C;URwIcdt@JStqwa z2G9Qe`@2!2Mk+%2HunpSfAHWT)&|0DZ$)j~@uxqy(@s9kqK}y)gx6z^>Emwt%`e^2 zx}Tbs=5D*~_cjOTpLe0b^?9YT{`2jBvgmBa-M{|;_risx0>c>VerJzeff8;wE3kkM<3nWJ@DZD5_}sw zZ~~lTtkm_e<`SbkxByO6Zt*lhdo?tsSgf7V1By44TRAxk6y1>FQWXgSED=l_N9u&d7F0VXo4n@au};-&X{5bD{Wm&xquQagJ>f;F)$vC$a7{-*Su*Xph!d%eJIzs z{)LQC?b>%V#lw0jk4Se*^x>S@Ul{HJzsetfU~3osh)P)qfTLa^-PAT|GZazJ+{6@F zN19cXXq~%scbl}n5_yEOd-}AAa=K__kr^lwF#MoM&gyuCtpmJ|LT=jhiMAd=FBpk= zrl~y6Q81IfIV-D+IR;?x#1I8Np|oz@CT43Y245VEP`Y7ALLpaIn{~ePJaoEPX`L}% zL3^7vu9u^b?*kiA@JWNQ0mC0KJh3(g+$;-;%K1eKvP8OPbL_rU#)UW?fP)_9oArrW zQwk5Q@AP$%3^12}`wB%nwljw!GB!|NdhvPp{;2oe?`~F>53TWmpTDmx9e1sUMFRZQoOHf@+2zJ7S&~`5AAkHYb0mTvv(9@ZYvsTps%8H| z02R3!*=40ZH$KDU1ZY0*aI&tEX*?=+NpCllON&xYh=7lZ`0Q9 zZ&7r9QIx|w4SycGvL zjsn;&!Yk!y(xOF6lgoGp z`I88h=5pG*{np>QKmY9?QtWmU4j|hOFeU5=$@Vx*M*PyIrQ{DvOZHhro#*8)G|4?q@bchi*CuhFWbgtF@B}?+)4wETYC?z8AfUn>s^aNdQ5br`>M#e-Y zB9fOj7B9|MB=1osi=sTm5S+Vcq2YPkwwdB(I!8}D7z1!UIqC)n0&r{YoS7D7#ae(< z7FjCzPCFQrp>yzT*;43fgBf_C6V?ZKa&hr;>p#3{y_B^$VnL_$1KQuOMYQzgPVv&3 z)m;m9T^^s&j#7EiAI=t+p*?4HgX8bK+#XG@dPn zed&4qE--q59-&2}*FeDgb+CtS_X@d0U@Tj`Uk{d-AI7q`IJtK(_ z!+;n4*|!itpkvP<{Rhrp6!yWJ!~@{hT&JuN-#3}VetF|3PN)6)9qVEl8FJ`ZZ8|h` zVeG#N6o5Wne)&cBne=MEyzy7sGdD1~0NvrMuf8nfX0G%}!^OWc+;cBH=PtSUGB-#1 z#5do0(`Cr0O55-gf*ja)AdjGjBsgG|_CHr$b+rXuAiGiLh!Ia(pHDyiOruNq3Trcw zyu;2?|t~b%gW3$z2MlfpDBIfQj{=tPN3P$Y>zN(0+{q`O zYMBJzdGmGm6Y0lrkYnFU7jTX>6Q?(RBcC95@I98%&g3HSh`k0G!5T=vhTP761lb5#YRcsCCI^w(5NA^y zInmjnM?fd~Q-1R@9=dJym$oJt?J->@fE8w48o z4J^kPkMSPQfcT3bmYkfd%~6q^ll$-^57_3vTet2d0wPS6f)W~m?37bZvuL3EAGp^& z_SnD8uyUb{gm}o&CLV2g45AFc=yK-S=bEu5SCPFdq|8I<#&cGuHc%K~5Tw442jA0A zKVjbK2!y}8n`;?PTu{4N5|6`)iaNgWrW;K-9jJ)rqh+M(-+zFFlGX12etCl%uPDT3GFErY?C7|U z^7L0X|I)ql&ReF?|CV4mR}TeMF`(f2_rD)@Pdxp&c@ws2)5gZ%UXkFmKX&|QW{CCU0EY5f77iRQ!JBKhtIiKT zc+UiS1X>JhjPdU>nmsKc90k^~{Rf)YWjodR$tNGHAHO%nEZ*^WO`>EZUC-k(oIm;G ze_<{u7YhEZOkl** zaD`F^jUV^1rH5@Kp|f7y1{R%xm*HdyoYSUGFd;Q1#VfEO2b8NQ;4m;vo$|TMR`dj3 zl=&^U{nmZ@=_iT`ZEqS;3i zqIl*$8#Fevcxum@HO-tWTDOiF&QF^7nWa)E3j}GpfI0IxbLLd>f=NbmjT$#KV@81# z3Pkb}@yBMIh(iphtQ~A3=gpm|I+BGuWK7;{Yas^Q#(Ez|4c6;SrGq9i3Hro1jbp}w z1#^twF;Y`}s}HQ9tflZT*2n!(0u3;rlJ7#vfRz~17(4SY`jd~$`2il<<%q7Pd|a%o z53lMN1aKR;_LPzZg+JrMxO3Ov{~{V%Ck0Jg_wPp^auX(umlCv%Wv&=<{7{RCeCp{Z ztzP)yNhh7`W@XQ__rF57`vX8xo0SFu@XHK0qKl1Epc4&?tVOf}p7%r;qJTlk0uAyT zx&r^eEus>~j~{LQX)Xg|?xJkr(-`BoKAOs}r;EjR$B+BO&KSk01y9Ct1p0+1B7gaM z<)kQC69et!Nn_3E49$}UkiOC`hG71oP@>JHQra^H6l~nb0R{Tbl;a3=!FZ6fkUde( zw{7QT5#(Q@yeK%DK=1ntzvH5;^(FiX*I3sWJ0+|KjMEn{$1xW;XF%h~gUF<_XU}x8 zScdB*`X_2}(xeIQ&OhH_nPuRGJ-YR<@w1M6C83;Z}!QdLG}KS2OI28WwT z_GgdDoM6<&If8YPYy1XhDYnjQ&MZPw&JoZFavx3>?CUnl$)b&(Pg6>1cmzgccm{@L zcu~9dSzZ=W9b7l(L-Cc2w(aBmvvh6VPauh!J=7tf^-g4A&eKFzhV==02r`6$Na<)< z4@-9!&Q>H6A zs#h=f_8YI6tdS`l*N?8bRgx!C z1*SWCMQx+|I!eaTjdGTP&O?FU@r!}=Uh=nsXp1Bd=WgO9hs0CaPsM}K1SFaZ$*l_d{nlRw;XtD}GDI)^KG z0-39#!Z94kWc2f|fBTc|wNg{lEK}iA8au!wOUnb&y>cv?$#qqTmoR6Hi9ibE@VRro zkdAbWt+#%C7FX7IS&MNfW9|L?^G~H$ogEKYLca9?v3fL5=nSSz8mFu!vrW%HHn7~> z9Fu8sggZFo`2Bko0%S$V6t<1_G690FDbp2pDWsC_#{k^USh_+EL)HLA;eO}a-!-9+x=;#v!O&L$6RsnJ9nrI-fO~t?hi;5g8RzS)FqB54 zWH=-m6s2-&rHNa#D8~dPj4d$k`Sa(w7E*@9YqJj%1gjk`#=XVPQ6g0(N)v?23G(72 zIu!xJGjoJJzp+B85x&POv^I8Z_nw6aaTNLt9Pl)x4vf%mz45AfE-shh591{D^Bf8b zqKFYhh#WlotaHtH1dLk51=k>eZq{a#`Y3fsA}&9HUZcdjsFcTUbim#ulj*uwmR zC!5v3bZv4Q%23bqV<&xXQQBvmHq1OIIR|>74C^0^`oN7IGujpFd{#UdiJHZLfZ`54Q&r=MNn|GV4?puP^OW2q!MK5hdeZMA*q%c?{2(q)IQESJlZl zQ4Xw9idqam#l_1^5N#+$HxV{OFOb%Dy;4IXSYnh#K~^j!T`*AN_01-q5^#mh1xBu( zNA-2B<(-Id3r?U|Lt)VC=>Dd_<2u4GL)@@_y*+~g8D)f>(Pp(CT7Ud{CMQZP-OI6=7jxzQ9( z5se!8^9zR#J<(l!(WPc&vkOL2EE?(Xg`3GQyip}1RdcPs8* z+}(mZ+`Q+U``vrLzmhTb7}-0?lkBzDGv{xnpTbA|6SI~4c(u|VP<~3R#~frHQd?rO ziiSs6(&P8=CRvmkYfhh3j-WDmr|`uhm7(8yuPzjiM%8?cHE?U$$7#|XCd43!q#4p=#9mm_%aM4gwribW9<20x`VQtTP-hR3yOM^O zVQ;W|?zF^iAZhnwT;K1zcE|3AD04S5a|%=(Zu>fm>>rl2b6xp(p?9;SJuaET)U8MdQSTJhm>770llN}3cgkHaCkFM4n(}9m_w_gdfW}~xc-u}mK}tiA zkA(%UZTy{+I8M@>M@7sicZggr=jf^x`EM!m5L3kEQaOCf1Viz6Rtv+LC9GJs?nba< zP!lrNzZfnMf5+@?dwvn)VQ4Xe`){~){S;^>((hq6`R0oSs)TW zizG9(#suOlSjLS8iM+S~>A6Sv!4}w$Qm^~phx^d}y2VzhL$R5J4wmD_cfZ1Oz8tyo!Boys0p#Ab)2i{kXq@Blm+lvNr6zfkgtv7Y1?$VrqYzKh$#|!=yh%@!}XFT4lX< z2}tz%u+mUM7`u}v>jo;2KsqOx!UkbdjNjbiSTnI`NEX60$5Bu=$y}efI=kr^LYp=g2vZotu5#v2Yt?W}jtSe0 zj(D;J$4IEqtD>QrGxdBFmUall9dXU0rTXZ>##JxmyH?fps<8>-6M-IH&)G_`&bPJeF1vXEQY3ertyq z0>ARY`)|CH*Q?qWEHf_S^CF{$a+chN%R_!Ik#`Zf0c2+A^sx@Z+n8Qh&~TvV?gvp1R1x=rcuh(dMYA<_h#*)}ZEMT>D+{ZjW75**G530g2IJPF=O|f`GygiI#$GKH3=!WfMBmt* zkH-FYKUc@neF2uMjc)eMj8gZMhe(DXVX-ef@?sj%!uu3amQzE~h*C|#HM^!}YEU_NFBkh>C$gExK|Y@@Ws48n(U+9QC4f;Ql6o;2IX z**=%sz5VoR$;@-j!+5FM(rsSlVaTG>)Y38{~(DNtwZf?8>0w z)a=0V*cW~UCa1OvDsvCx=PL@_CfgE@(+1|MYti|4ip=h1PJKz>MysBq%c&@&!-tRSn~=%j=;Yu(GZEWR}C6Eb`jU=oIm&{72+c>tSMFPLHv0D=|nYGa9DdxtD~m*a4Or_7Q+43AhMv}rea+P#5rV# z6!|fi+P+^Q+b5Sy0mDChf>=r#MyS&CMfL?AT4yMhIfgj2U&1oG^v_q&Ez4!s{&dm#-Thj$Rd#_d&bMXs_+LpFr(Qh3$P&ksrp4MqNb^ zj#)OxLVL!(@ZV_XpC)hlgXO#vh_X)?%I$|8?yw#I?j*U-)rd?LH_KpTCED{K`k=#+ z2o%v8UZt}+ZtAHX{%1(y6tHK|zp|bGempM*p=}YHoQ0Qcf=`UhBz?9ncPEidUXGGB z`b#F6*VUFaymu0Ci2GJWF2>BCuqVD97{2@nE3LE5!wum!_!04H@78Q=Y}`FsM9j*E zKP~a)BA14kB8=rwZ%BSomUsr~?n~~sd2rv}Fv)Cz>QQdi)@Rkc4uncD+g2@SJe`GGteY!{6iLP_QtTVm<-GX7AVM@!~Slbzvne{ z*^%U_`T*Zou689a!w1|ue^$micx|R7ZV7a;paRKm_Vg~y>DpKWw$;AK+0A%xyflFS zBzfVsIc_qS)!CcxF*+^L;IFm?y}vl6ax{msitZ4NuyhkpFKDQ|96>d2pys!#JjtKwo0vjYqQYU&>*`lQiT z{e4bJ?`Nf~cyxIKNH*fwyYlokH~66#x#Z7K|+s;~u+-%!^L)tiUX*7=?{H;j-FOUpk3Hc>FVHLK}+iV!Jx;IMk!7llf z!wj_GnAJ3syQ=fePmh+^kmiK7LI(j8!c|!o7@0MxGe*L1c5O1Dw;UsbQ*MdM^(WuG zhz6p$vocdd?l56O*7%anW2^gF;Jb@VEP;V0Mh}tie{Ng<)1v4N1ssAGIG#`sYb>RKt0`sqX0KD%j~p!W6f9kz-xm>68{EqZ zoVm6DnI=VxqD!Dd5(Z%f5#%oTmlW`kzAg_uWMVVs`rIVM(t?|t?9#~k=j_KV7AOl% ze12u3N#!D2Ed0MwMbPBmELDA(l-%eLMNUi5?D8gpW$jg%Zwl-t(h3mFvC7Ly{cp4p z+8day%GXNmHXSy-(LQypOTM)_`}Y5xHb)0-DaY(F z0;k$=wPehOgzp$lz4!B98CRW>pwqlmQulwPI|k|6F9zx zQ%>UD7fs!BOXuwM?sUU_Fdo=UY(MPEGSL!`5wRt@5>wLeed>iRAM*O!k1dRPNW%A{ z47r8;8&#z~$*QTYcI+{oto162=@Pd$(vyOR#d(&w_i!7}`Jp@8jAz?{Xo1ARq*^M^ zp{0-`xCpHjLX#{ji*4`w0!}U8d}$3Q@m!yZ6`N)8x*N8b80xr9kjibGWaaL|@AqtL zbNJS7xUz!runW&X#Ha+?d{Fo4_`N9RUa%6YU| zWyr@!lOnkR1-pEZ&+XXgWRWHcRvO9R5BuE}V(J`cN0`iXr`ITEHg2*5D7Yk$=V{Wb zMPYiI$ay&1f6)unD)A+0D)M$kP($1-2h`QWnLsOfE$p|QKP=8J1)%KFRELFGy74{s*gY2c<~P!GIx- z=cS~i3*G7Aq(pU6Ft0Q0HsnE58T}nu{H%`T`KKr6qw`Cxr>0uMN2Nhkn1qUmrd>`x z@zu%MysWWOnBNJ~ot%!A%DuB6`5Af?P(>}1rsFud*$L9R#*#VjdnzlTj=5=+81fM1 zQilxFwYhcDk`Qo1fg4kL)TTlhHkDPv5lutS#0zZBIp z0S$c*c-hvT>L z2Klf-@RqdLml>@5##V!PgW4TgJOnX+K!TvOM>&L&Eh`Uj7^lhI=<5=06+Ztk0I|^? zmU)M+cpO8Dz#bDOBjZ~*!y=S@;Y@h$K^l9O` z5hG?{X+-cnn0%QD`A=@&tm(atxyH=u{q+c%k0TYs+HToBlk^St8@i5E9F)d_F{`(a zL7ux&@9GYU@2E$dBh4)PazecJo)%x8`;z)+XE@tqq8YZI`6ZdVr)PJEX7lrbLh6O&}~_Q+(onw`iA7$9Qolhw{w7Y(_j ztoaqjBrzyDYv)c1w%DpQ$hxE8&ZBDxKO`Iu^>&NXZ;<$dextX}L|>L8BSIYhak*cv zZ^JNDIl1kA!!Q z^)medpFr{{HVF7zGhg_6j>()hEV8nym(K-?`r9Sc8$#m88*($SWv!tu6@Ff z17voHpYGC0kb8`C14K_5OG4~C7( zD4S`Iz8@`20a|bl9?Me-nsiKvbG}HNTAx_CNxZFk@qG&aVx7>j(?V&WHEOrqx5LCc z?HKk&TP(*NNNzC#5#n5$G6fifm|C$sZAHKU%VQ=BkqbGL=fShcne2j}YOBNWpo-Pr zpTHt$tz>F(3ICgu;Y&3Cw`d8JImehOJdEQ)SrfWmv>EU}J7DVwG{{NHC}dXMW3loMyHV&%;lNy`TQgF{0Cr_}l!K{G^MLav9n7UENjVMg^v4+FL}NjC+B zeLS?k(ep?>@5s-jET}OCZK2OJ8Pz8-3)0l%xC<&LSH_uoj3iw-7p4V1V~~-9#_@LL$qXivY09=?!j@Un#hXtw3M$JW}ej&P9OIr0O z^{w|DiYA@*d@jnsmGIVdb(DGj9EV>urynHb;QS{tx))>WCoW6>_MBK+r)sk zZ7e&e)S|KyO$jNmUZh<>Oy)R7PGSma$PQDB&ul)Yr=TKnP2)zVD*yr`rJUjJQwYz$=E9`4Xe@w&!DX zY+p5nI~cK8uO3we6?$sO&44|~A9@>~n2$8EC>0@cny8X$!Hst5SqqiM#vHmLD67BCDWrikBz>Joz3{O7`LJY1~U!V2I zo9E#j`%8o3gu|(S6lw1ma1rASRF&R%dcHW20 z+QgFxNEo6_ut54P$|TrMNU2p&L-%q4lZpeEbYdy7-6k`7LSdrCrK~N`ci&W&EOJ66 zTOvMUOC$SSN;u!JX&8Wp)lbxPTlq9r$S*YJ>^}H8Xom9OTk4o=&X?sXgKNp9uV%Hi zI7SQLFjA6np(RAVSN3iaa__tmxbVma3GM0U@`d0j|C}l8y_mYg$;9uWj2V1oq{R!V zjF~a1$6Ft?BdXlljdoZ`Z@+BEMtk1h4PDSsW+$=sbTryVw6c z%>DPc&&9P49`RRO`EZZ&XwH_=3@AU*+&m5|nl=UfSzUKFqYQFQ_90&)PN&*XKW6?t zT4_m?se@okrw}oPxVXE7U`iEl5s@4oHQ|mKEOt1@AZjSmS9-UH-LG|aSro@o^Cfhb z6%0R`c(^+?Y0_BjbG)tAj~t%=3_1)X!USpB1E!xQcLO)pb89Y64-f3!O1HYkve7H) zXcVuF`p`T{;ZAT3{Wk9}*0!<%o1qT1`-)cR5D*RTtW#a^{lQgW7;AO#-ub=O+69A4 zveh_9=N7uFan7L0`?2sFl=;~sFAt&zJMSPlRA~V?FgNoJadU57mP+srwhDVxxwat- zk#E#GsIe;RI=joLdQ!+~#U2Zlz!<6r$Mz8F9gn(5{l2ep3=158&5!-6=3=RL#^*(A}IK&yTB+&>=7WqZMtv}EmiyV)6*|xlnu|t-~WtwE}xy{16p9W_Ab&* zc!cP@XBBX6CiSat&!jH>LK%$sFtR7-@>(g<>Kr_ybPn)MdXIXd=gm4nbP%rACVz(M z+VNTJP~mUNe_%--&IL{&&mZUgbezn|-COw4eT;b@X?oxkP-#7!BLJH5y_}0?n)hqY z9;#p8&o(ERCv@zxsQ(sM2TD6K1TIa2#aP$7Eep6rvpl@t3}4wE6tVB>Mzpz`YY=PI zKAj|e6qQ%sU(vAj2y{t-AIz!D)QyPPMq_$=YN}f4maHNdVbZ)FWlG-4{%*3|n20oX zX5Mjy!jj}R?UM2^(SPO)3|W!y1Cq|o5l}^YCP|>Pq*4d91MN_cqsr#_zN%peYkbj* z2>YL|S_~gDyh+;ewTUMYSI$P7oLOIt zAg?!+#ml%~%EVZ%52QhB`qfg;DYqS0)@m&eg)cMf_v&9tW{w$2K~2I}4H?3iT{^{0 z8$4&@3K&d_rJuk)t5vyvifQOz*_?D{Wi7omvV8jtYz(|i(-RiJlJ-#)4-H|1q;+h6 z{Lg>OTmIuH-0d|@)35SsG#5t>lT@j1e+n~pUqGVFGS9`Ew;kula{jS5a6@Cs*ad!1JuR?c%^ z?cV~dWT^d(;Mr1JbjNm(V}?oa3$qPmi>9IXO4rjmo5MC(DeMS+(nKqO?_Z@82Vc{C ziiOA;@>}Bh*`igr4=brQiiXD;=@#+EJmR0tX1M)A?vTnAR*0(?! z!}nqo`7wFV&| z=eedI8V&vNEC_6eHQd(f{v}8w9ku4^YT0&W;9N|^UBCYM{&w_oP9ae(gj@Z__j<~; zXGGa#^Z^NYSQ*fF@9VItQ;D!a;W_%_x?Y=4Gq!in`^Y%^m9U(}RFV&bnV$D&$9Frt zh2`j~HlK2ls@Af4$qFkV7y-EcI#Rg)i=1Y}y0CPh%>BslgSK@MP}NlaejV>;W4q(% z_z^muhy}%tVxaodzekUIg5!`@j2rQ?J}&=P{Fnn78OSaPmjj64z-IV{)CjGwtdvzh z8t%~hs-*Qu*9j#r$~8kf$S}+7GJ-G6-McPqIpJN#)rfz3KW$g%x~8OM8X;3%9BjgjPJK4NWB{|(^`<=tVc zyXsV_0^FNU)p6D;BvnD8xh50vPZMCT7B%!jNzp!0O(9|r>3)~!m!x~zG46!3@3SOK z&=z~+0p05S&VBKUKLaHl>I{^_l_Cx$&(){k`)voF6yOszI-v(o??MMt2rRY7PQrBN zLj#wRjuq8|A;7eHQPb_OFa%%1p|Wcgg3|sh&wP9Oxr4uX0M-lYs{%I-u=}$%3;ExzTw8vMjVWgLVXqn|pHJb=RoWd>?pCEEtcxA$KCynY%M_yu zG$;R1_W?^}A9Zo8SRyKr26(KSUT5-!rpNeCBDo_cB7Tw|KUAop_a9<)Y!Ru1=06Ew zk8FNS?r+IE6eruBxR@2jtq1v3AuyUJD>ie$JXaO(ivXSDV&zeu2=JUbNM1u2#~q>eBkr-%MEh=iSpvN+N~CULAxx-9dWAEZ)nYyEi5-aFH_eT+2*ZFk->`^7|HkfcDs>Ym)l_)cUkN=+9&f~ zo~t(u1^`y`2^_d{QF4vy`ybH*maN_N{H`sQTaBT(v@+On#xkC|&^Fz>yopVvVvT-{ zFkx4X^x5r~C7k90?(UesZw(wjZiYZS!6|U1>;wee^b|j&W=)UsMqVQfcYlp4vUH4% zkrF3W=-j4>6LD|cG=3Z8fzmN;l25H;;3>~3HacpByxiFy_gv=I30M|Ccwwn9{ogEr zBzX$$DQRx*J@6lbFq6~IB~V7gq0PqneRuU+$Lv+bmoH19t4+4nUD1ePRuORJhur&I{hHeY|4H+o;aKdw*qfO*9~wVQvl zUn@7|d_FytnO4+K8c&2y2fuD}tlZ6X<$F^=6bbVVaL(zH7uLobDF()&`VyaU@0r%j zh=<9Ug?o+(59bi9m{kYy5}eQ`kQ&@l@&$!I$U7DQHodQiAOG&fw~`2WuQlL3&XDF~ z6)Nns;{)Dn?Npa+nwX2DZ+o8upIixag7cWU#Ve+LW z2o*WYGz%xcN}k2rjcA6OAee(ovlE9V;DMM|CRNKU&c4_iiuAjQOT?&#AREywk^u}4 z-3*plXk5Lj1>DXvI}iPL9KV;ld3B7b*>no{{~ok&_l5`;;{`~Mb2547&Bv2TU`n)O2KI>t?$DM8r$0X9C8YRAo39mjEL-!0|$I^zKWHce0w3AG2 zh3?dk&KV4aFmNjD_+leq`%%7;^;6Mb15>vu5AH2UE>)l@AdJp;eDp(PpcxP^K>WVj zeC{ssSIo~!z+B7Ls}vgAn=XnV%j3#eS$Fa${qhF!2s@z7-y|IOv5p18&Fd)aT+#3c zx`pw7Ac`Wv7*`Sg!Y%lW{4Kkipgie~PFaEVBfj^oMfaRS(qtvlE!mVb18(`wA->dA z9U1x4CiZ~q$MU_zXeL!?^Qhul>Lxih&$pVj+Nqd@#zCP?+0?vH7T#WgyI^N1#~1XM zVS#Ekjj33(pZLimE_D@nK*9;yB|Z)jZ_ z9@M=aw`^?t7(Z4nUv*kdI4_X1QKD;S5*TP96C3*Vo~k_+{>x!dV#M@}yHgmgKNJ73yP~en z=W`w0)l;&facszk%-8A2dr^P!(>!>~YHh&4yKpXhhE_j!FH^mcQpAX;2)P;qU5YtG z3CSw*J3g0vRIzcAB&3mv^$%+{pK?kVv6||Q3rjpS)55sg!?62Ij_4+QEeK0Q(>+5V zwGZ3}`EHCi$f{k*;$4H78_qNRm8V6fP)HpIa$CKZ4R+KK(T9}s$K#XcwQG*x_-%LM zi`v&SN8r|}x_*Z@i5_gJ?O2{TmB?|tJN*aEf}w?d{xn&m%r2i#IP5k#UinhZuy)mV zhbvX6+T?iSw;6IojX0+|6T9nGX>rApC&G=<>`SMeVVE+6F1hP14SATmO7fLS+ ze!%j0WU?KJc*TQi31pDizxn+!mKV~;%?lh`$4;4{;hS$IMv-@%+(*e4H?$jud6c(w z>3xnv7-q=bl(-0a;9IX)W+LMoe%Dq#VdD>bu}*vO%(-gp zdnAhoAvaD5RLb5FyTuLNs-aDX`GpCFZ*^L_p9#R@S-L=SY0+#K-4RRaWUT?0fTSVS zkdwDrvG_T7Jqkj!dZkX;$Rt_T(boyrGlIT5zJ9j?=Zip^n1n0!diW5Wb29FKUbI<| z&Dche{E3OD^m{)i?pS(%QJUTC7n!<3$=y2yfa57(&qA*BkRIRO!5;ze3Y*_eo27tHCAC%1B z)(4&l)9H|Te>4no2^rAJs3G5ehs^VzX&L1B=zEJ4ttivlxF&=b{qX!0Ogo9k{Z-bX zh7Rw3E4_ndJn>Q^yTcc@@=E%Y7P2s4&hBVM*!>q^CG_@yL1jRW`7+4U_cg^S*Bd_m zOEr9J^C))jF%t75q2woVU(K8QY3*4BO|p{zG2wCs!>MKy&KDvhly%QIugLDVN7H!P z0!>Se(L&Vefhw6VQXy=gV`+asoSE+8UqpM_NDfzrY`FJ!uvZW8!M{6WWIfA5d)LCN z$mO;cE?I;(=mw*aVu9*4f$B4F6NG-c{tAcGbs3+joX8%+>TtypmW96YZ_9feDWCdt z!e8I}JH<%t=S?r0g*Fdi@Ax!GUMiDI1cvX`?;IsyOt~@k0;_?r>rem?byeZrv^c}& zL-ubx3Q@M5Tv{!q{_mmA|L~=B2<`MNSaT4nNpK$o9vV=U!n+3uyh!3|5Q8p zP+$JzNc#i!UgI#DTj=MxqDk}}ib3jep73AR1$4x>*{EKurLEebFb;rbXG-0Toz~&l zOjz}+%Bsej=$*0z`0S5Z{=t>`R0c=CKN+Fdi7!r?uNM-JeC<1m)CEXEq|fBEFz>pC z?}Vqbw&pS>hR+UfKiLl&kko!_8I(-cyno4_ixWs8 zw7ttJ_TWj$eJO>@ci${kk}4y8c{~dUSJYAkE)iLmlf1c$+Y=QDd^B{$m zv97-P9jzp8UAO)46#BmKK~AN{aA3anbTH?&i`xsux*kG_E3=BgMCFq@lLVrwOLjye zB8LojJH^|6u>8`L@VGk2x*pE^P$)f5eHnDyWB&G@qG{lw+MRwNn9ILXrPnfa!T%@B zR>QTc-nzIWI_~^jFuiuDi`%QPVBg$~Tke)p%bXsCzA=CjJ1nqU!0UMj0W=eMy~2#} z>bf27w6^Uu!aDHyYclW(6ffQ#m;@Q>Jp(C4%$#J9bHhIBOrF(O6=To&$b)nwTfIu; zxaV{s02$XH*pN#jt7Z+0a2gMGLir+m>4C*U*jkAFxWnSpi9838p77a{58Jo>kV-yD zymqQeJIBYAJ^AP#Cl&dzok4~xEcDGgw)Rs=|9lNA7mXEhXfrCRDz`xB1+53cU5Bqi z@lzMUeeTC6?L+70j=th_@r?>F=cqM)Du7o$Cz(Hl?Z*n@vt~Dl=o1)^`Ct`kdgwJ1 zc`XpbcE<=VJ3x^$!!t}qq?9({ak>j<3g2Lbje9?ppSEW`OpNY_Fu4E~`@<(*6#>eKh%li|gY{ zpl0L+Z94`G zz3EY@K6VM)=tup!(M_VJl zA{@zb+wY%n3&u>Kd=_VU?o<* zE4LP*hOw{Js(&*MOXPj~q&}(wHXr7l(>+ZkfDAAEzsPFOn$CKvoCERRXt{W^B zxh!F0Fz{&U!BdxwdV8XuPLVGz$HD;|u^eNh;Mz1!SxhJbgB6c(5)U6P(%6v>F%7~7 z@ER@7yBEsZqn=h%ZCA`Mw)J$>^Lq4Mr5W-=L&Z|s*L;nxjdTd3hVt5L7x4K{(>y&< zFy*|*=d-_Kht2s)-D9Gdzv%pa?jwwMSDz7yN&maQ5I=y{7ZPe8;{$0bEJ18CKjh1- z7Uh362}(`mO69Od^L;;sMYl~&W$9M(s1X(5;N^^OME;cvAFfq)Azyqj#XkAHay`2D ze5QSb0fOp(yeWhTEq5cxiDu7Qg1?n;h|F)KEXsyQ45G5eUG$2Y7U*jOQGKSItp~Cp zTLT1E-aBeL{Z_lf_hns3w4i;t+MWrIzM;$pRLca z1d#@UMdY=(GsnUOrAElsX|qc)q&pKM=*Aj;mps1tO~^fFuA2s&+ih=!vsd(}Ut%x> z3-Bne%k|Ny)~k27QZWe@U9aN54S(Ea1Z$7Vxr!)G7`Mt0KEc6v)iFK%Qm2*%kug2Ol=LaEfzWz?8hHz&{(l$vKd0CxuU)1HaJE4$XY+sy zy|E4iJleT2{rB0tp&)5@JxXJc>?O~@LV`Q(dop46L?HkWU@GQ0*>-aMRI(YpzHc26-*{TIth%Tfx%S$P^FGf4I_A|za#Gd`mC)=^sSX=81e*tc*4^0j4 zzttJeK0*;fZbP4avmMzs&8YeG-WngxT0ozLZhA@0HMR)g%@R0VuX-c z&iaL3D103RemkqrI1#TV*GtT+WKlIzkj zU8=FE$8vkyo^&{ZF_BUB2|Tnd1Fs_{^k4iI$_FoCSM}qQ{H@=K{K7Fg^p_sMW{H5r z%&ZgamFAaTS3^I~^a}}(mY%26OmB~G3)+5;4VI3tr9Q-8A3x6)umlMI--YsT8NEym zin*VN#P2__Yz7US4)DmXeNvaRBb(2o{WpiL&7QF?TI{UU*YjTmp6@Rx)nHqM;ToTp z;+LU_;twJ#nkn+^_Yl^(4UMru?_SBD(Ie9XK260 zcIrQxoVgw0S^?I*gEu``TNVz@_Iq}%HWt5Na{=f7jD1&B+gJ48BkhSRw#Mg2KM})) zgF8vB=x4NAhpuieRvdQ{1)vPnYqe;)p-5OC^HIE=ncmB(J9WEF+VBCk%jFlG_8Vr5 zb$)AFyYJ@2`rS5ddtQZMu`!MzAAP|dR=y??olsynzRyU?rYk7hgFeW#n5!9$;q7Jb z<|di$AF7FEyD$9i`yBQeY$N8!ECM*5+YTMXJu~ljLKQ0`SI9KO`{wW-c3*8A9Of{- z#3*^yWV2LX-G@sD8mijWKU=N=FzPn)=bc>pA0!mJ*kN;6CUr*(Z9DYt>GRhQr!h2C z3pg~Yklx)HG+3ad>2)+$A~3Q4URe~RJ&(uYQ=V=5``Yo^U3!)3|KklcH`3lIw!V_( zspG@(`ElS1G^!f8g|+og{n+2(GdDdW`Lypv>+QmLodN24vn+E|6ddR{$UWfwRyX~I zIvuW9ox-$Z@PrI5bziSQ`CwA^>W9gh#>2Y}({&xl<_=#Z50hM}5m;BLSyMgw^%y=u za|Hm+)6a^C@HOp+VM&*Sm}aR*whR~KfU48oA=`1xgINUsbPw4;%2NJ^7@smvD_Jk5 zY`N1Vy)_H+c&j7b%m1~EQSso_D!y>TYc@5lyzgBA+F$Mo(;>ns5TFY8X$=1wV!Tu^ z>{<=QoLmYi@>?KMI~4E>ODC0?9eJCqq+o`hHP(s2S|VDvELH1P#scJ}a)U4u&+NP& ziVV)8v9D>{jtRqbx?PFMnH`t-= zC4Y+4?r;2Ue(yMq-rVEc(`xc+s?=?%rUS7MId}PFE*XuIc2#b4FP z_gdN|LuA&w10`Iol8&Boo-%FoXO7%DJIX!MhYVo|sTveNowC%NvB?E_^O#&NMv8Z)wz&91!GH>~fb)~RTgo9;1#-DYKKmU{w*{A#mKp>X)dhA0m$k377(@*-bo~XmW2q?KzA)cLvRh^^ z=7#*3d;D7$LXy^F@WI7w;Q%$!@4eITcKcPobVFzN+nPGATZ?;TJVAII?fMqIm~`Ga z!7e!2jhs^Qt@6D($BJl?lG_CIV+a;hBpIu-B&juhQ7rQTrDa>*Rq!o(gN`P9Hw+oy z!uRee23OE$?NNw*vI{)X-~5kJvB_qIzPs8-yFa+s7tvObJEP1hzd9h(m<0341<;uR zn53gnFa+b%*!+W|iY$Ibx?T-P_9h~j!n5;!^wc*N0 z*awqx*hc1rmTntv59XsTq4kjb)Ij%#Gknm+nE0jc6lSwhU)*t*IIahUA0V&r)uE1> z3TInQ)-;pTzT$Py@N>W2{nA7sZzm(5kgw4Iu?$vh2+p4QYj1#m;18(v0gh8+ne%LJ zV%OLsELl$ix=+;mzTonnWGSx<4*)-=&v#mSxBI`EXN#4k9*;R}rn^AY=BsUPZ>D{F zBjQ6AXQGadDc7CszwQ069o}4>xH(OVPLiMMz?zBRl-FQC(XA>KRXqoTZrv7#uGs+` zbk_ec$Jn6r!Y4B;GVL_D+TyATF>Ef6q|56ky`}2E4i18)5j8Fw?d~m27@lx~r|w#Q zpzUwV%hHyB&-YIk+odWN9&Q%yeE#^FV}RC`b~u(fVznynt8?|5V?O@9zdL?1mw3M4FL&5hcdr&V zDY&8uz2!+v<;#iW>9jax%SubT)8zV8fJr7U^F8U8DmumKP7yPqH*D~JK9*uAl!tu% zc%ifcH9u8(3!iS+zDh*br2(wZB7W#^grN|wo8YSfVa?fN@IzS=kc&Esx|DFYY|9NU zDf0><$i}!9hF!%!!FzK{VB;46447groRP})q1rRSQVj@^M(sB^77``9DBKo%f$vJ3&;QrVQs!uY@KPKb>Qx4HHA+xXY7u+tkc6z|o^;y&aKYF5 zO=Y(xB>}4t>Vm4D&Iip`Y{r0Eaom_D>$u&Gr@!lMEZPEIu(Q2@2ikDc@{iy88VpvS z+WSrmmzh^SE&NJM$`!U?d7(%!?Bx)l-^t;0?$M^_qkX3T&_ouD7Bf!wJkHfWqRI=# z>nrnW+c$o(zRVmRMECdOQ&MZe)z!ltu&%}B7H5L36mpeeVLg}ajR*|iv{Y5;e*NIX zxfs>zRzW|+jDD947@nbrNplL~r8D+}LT(+>qTN;imX?72sAsCRm{}*R(dwCz(800^ ze15yP`QA~nJm8u+K4RtQ1g@6aZ5PTSW#wgCw$4JCV4kDx9GEFePQ1#ZX*)YRiR_=a z+O;I%*jVRC-u3E>lw7;V+(*vOad5x3?(UlROA&n=qt~cvP(MdAH6s!HI9CN+=|AF; zyg#kxw&rd*b=lI>1csA%^(Jp^<4#v$X05i^Ud0K0KtF=z)GFr(WAMmbj$B@QJUt#y z9HCnmYt39fhuWOsU`ow-M(3NJuIjnx>}QF5W=u}a`?b5nW@p=FEI8SZ>wS0G;buSb za!*mP`GYxk;l#NbTN(-#GjNf!uqunY!nzxG7vKuN@aDNuDSHp14qHr|-XdNOV-NtO5E!u8_9be>LIF%M&V*^8*A6uVVR2>Gn zG(_)vy&?{q>pYjwxCTzkdakjt&(1uSeQ8h=k;$ZP>qdaYm_eq_hx!dDLGDFiQidqa z*4aHl*PiEt$=x&J4FT{7I|{}Xn})A(v)&^79xV&1Ca@{iuoYgQ&l0l7xN9&l`jsEe zaG%d7Pjz_8q0*@%uU7aL!ST@rGVI&lg-!fpY&g=9_Em<|wjA->?He9`FGEGEBRho` z!n6}(-OScsmH^pavJp&>1x3DR?h$i@<4XI=Dz6@YX7~IL({Rq`BGfG9?XLpukIdXS zverZHImL>N<5!^U_BPlFI9r8wkBiGqpEHy`$}MEQM*rHc+v!w#kZ4NK&DKdf1nhR- zJF~1^hxPCThEV=e7h3x#Yq6I6tvwb@kWsX+a-IC$F^&B+-fcC!wxA>>;jxvGF&L==KuOC(BHOtdARj9gd((u3;;J_{}IR9 zoo|1Gk)U5;Q{Xvp1Kc1CtXmd*-f^C!zL!$0hN7Ygt>d_RZyDj{@)>DnbBF+ds6I#Y z1IzQoPt*K?pED}E0D8G13>>+fLev*)e(kG6>nezgI)@D$syi)ufZ;BnL|gjo04nM9nR3UJ$%GQm?>2mD@iBRJH&~M`Ju$B z)A18BCP4nR;HITKd}F2-%^A_vwVZVJ3o0qRi&(1z%2lvXV|Z4R#RYGRn|2*Yt`T$i z+IPlhK^!_zUkqY3qNZU){`EJf$41?;f_hLuRhQ1$%2r8nN&97@?H2HzBdx(I;ex3| zA$xboUvTP<{m)|J646vVc%dc``Yo+oN@@B}qu_g}M6Q!O37qlslL!WWM+XA6J`)Cl zv21|hN80`f@NJi+%WHlgX#SlWP4e;hR{`O|Sp0ATN?cnBP);WH)p@lNn zhUq$BRGRkdnz~j7qJ#00VRY!^HE`*-rhntjd+}KWR-w}5Ni45QTS zhMCQ9e8*&?6`dHoLz%xsGL+a}(KokxQ53k$u#|EZmP}4U&(~<{N_17qIF2gsqbg2S zDHy*WtxZJ~n(1OOwwK0QGpYC3?d^VnTD&Id&nRaV@U&PIe$b8p%Dt#%`wbHcpi--~ zE`M{`mXHAV@c$Q2@B9||`~UA}+s0PgWbJ0#T-0XUwmsQ)EwV9bvTL(#O|@B{d46BV z`}+sXFV}I*nr^JgMkAgW9(u@F z?*FhPM|?z9)k8**WH|PIReg(D(5I7Vmgsy!3RTs~TOS}cJTdS)_P#IP@{_J$cen_7 zT5Tf^Dl6s>jMI)UQmAuK4 zUG_li$F(=j!DD2VudzpGbuBtr_(W!@q0trKD+RklBb!(CI|KYIJoS0SR0{8;49f|& z#4#U3aefXu z?DT$e`92M~fa<||C>I?ICtSOZO3Y^u*ws!A8a}GnHN^E=bsqgL0=mRrU+bY)RYA=p z91WspQ^y=d65AY;Xww*O!O2;^BoN`MTIaq{@=%(1reaE7(_%3z#%UTinDydZr1zqk zJfSQp$3po0x!@aka`$)8J;spyq@OD$nf*#>+Zcy-X}fJld|vyC5NPaGC5N|TQeSYD z?1y&dA(X6R?sl=&l_@&XWh%^`T!QEodV^#;dNNN^!e!$yvyyh4ZEY{7AmKld&4>a0 zY<_Yb%V4W()}CVNsO?HDPM$K?wDG$;26!HqW&FmDZ1ddo>AO9d{qDcctWAA!fU?MS zU}0g=_U(lH23FLapv%DT%KTy~X~T2EZ~v|alBX0T4_ zZEt>5Iadu7aFJB#VLi z^W6v`zvyR3LQlu`WmW1E(S`zLtb2mO0a?9rGlm=+19>HWO=V85-3wuUKBJx$y8-&< z&{mx3*A5`jMY2-&u5A2E&-!CRcRTGX(o(Cou2sga^$-x8XF~RDFO`UK8!yB6CSou+>E_hhAQ3JNP?yt(Q-vsI7d21lNer+}982M{Eb7 zf?OzlN>+U}LL_V&Frz&`@7u5f%evB7GRPC+N3zfv6VH9Rn}BQMgr|y%indJTx(ZZ! zh0P~tEyq%#MKFv9M&Q<&YQxR0^6|V+=E=E{{h^5*i1I6$}A%hRF<} zp7w?`D;1l=hr^eZq!1;mwA5s+kA4>cZWB!r*o%7ibcVxxU!Uk3kdLd| zx@7I^R;WCd6c>x6$_q-$VwEVq2CIA#j<0R`RrLrqMis89x?MYxbBzm06S!{N_U2nG zq=s0=9uSh<*7Mk&srpg}O!yzH%vO5_1aqYEKa*^hPij{Dg$Oq)E;r*Z_Xz1??9R(as~m1JbF;^O<+@rAmdlU@GO{?l0fR7{bApZ7AZ@sg&ZGe-F(| ztet7k_pW1@g2!T<^AL=*a#PP|^bS`ezF}EVpDjp_yf>^+sqZtck}uNtdN7xxS7RX8 zA#?#+Kgk!cEkB?7(PU*jxHq7bkrC|hiRB_aC&0Fr)+9wf zL*_b0`f5%RZr_umThlaWo66@5*RxpDCEsV%+94N1oyWp&JK+6vlf|bri>X;u>)#G> zJFnYP^vV6U!_qXqN~_=3!9SOV&S|8E!RKE{4Gn#FKcfx;#z501oEhpNCIhJsnp?Lb z+d-rqVdnsozq*&pvb^%LlP zGp7yJYbUBwxUYabQ``(6N5z{vJXFmyD<3MD2tG$jQ?ME6Z7taBCg$p?jV@;vccti*~kFu4N= zi1t>7m)z!)Oya#Iq6T0Fa_#UYLwx}o-)h(w`2Ef3ka7w$S&)mFA7)v^v}=OM2gsjG za|tF*2�Hj(0y>W>E^Q{s5QvU?dmw!A#1gG?mycI*2}f8>G@)F?`Hp`BW2t|9l^~ zQ6ZqiA(uJW?C`o@9oX*tW0w7|uk>@nK^&#fU~#p&)!_*L;Ei?FYU{i3W97`J#(=5N z`*y?42iw?c6Mxg)m>JKkT=S=UeHJ>?Z2L^=_Iu;|p3wWY1()0h=x&MjC(NV`>20;# zPraCA{Mr#`!9Nnnvt5xIQ%ag}c6FBKNI37VsERkO^qiet9dTw{ zbmFgaABW)6IYNWGq-Wo4F^`R)L`h=8gViSJO~0I5-$i&N03myE{9wxe56Pa;D$lUV zCR~Q3JgT`9&nI$blDUa8wuuj3^=F1RypnQ?HU16S~rIi^~0NN zHu!RJKDT6K6Zqx@4NlcnP=>0SPxIBBPG{@h_!4a@4diPMi8 ztR&`4(qZbE$h`F@KvKWurIj_5p_7qTlzbTMh1SeedZ__l?aN3kN(5+SpHZKfM4+yvD zWRl-#Ly=6o_IAd`Tf<$K=x0`-pw_m{jeq2EEooJ4)JpM>(z}j}&3PRU#Y%A&y&Czi zMthMLh@@=@AZ(aFpRH=Ngx$gC^8fkK9hZ&Ys4^F&xc0YYA?|f84;Z zQ7VUv@|4fb@eZD8j9^StzoaygLz5P0@y%LaMEPUD=5_UY zmD4XlzI9$^qF5T0l)|g(vL7ETWLK4SvH$)xacQ-(5vG*;6%K7e(3`k6Nd?P}e1P%W zZj&ywj4e-sO{4_#_<=)pzcwONhX)&{+aMaB|HQvxwuLZKs*U0#U%_lmNyO zJQ=O7W)RP2=nP@zU%7<{B+L`^ORN_6+VTb7+}*+^V`%slV{K?JbHGKG?CMM_;<+@N zTHpl!eokqsZS(Erdo#N*dzbgsK*s1F#b?+N5$W~ue38}l`{{0FtP3c+*ZkU=V}R`R z{AYrw8$LtmUu-J`WRxc!C^YMS3i-m_vcRMKboEj@WuH^IWX=A!Kp%Ae|#=4HKgFjVmG5!CgLK~scLP$t3LkRRBUho>Xz&dn{N z+L?Oj*HiKO+?U+2Ju}>H2R~hI?^~PCz>Fd?UD$Mccu5zZ8SYUUV7oPurILR%X z(4f6Ph4{Z&@(gW!(noO5K67(7j5DP+QS}`eUx|2bF$_!i$;m#wrERuUN}dTtQFZNJ zh;`@&JnAmWKJNu?__kb~QNKbMFH+P*>-~j}%fF9mG}^D;r5^*&_!}&y{sxeUEP1## zihh4$rNEqR{BDt;Lex2{D%7|4nL@}g@b#X7(SuEx}%Bb-X`Hyxs6IKV@SIdvU(gU$;mfJ_Pl-1!wngZzKa0&2>lQODscxPI+u+YJ5zYzR~r5IX-!@Zmuy`wi#>*Z3qi_ zj%EqCPUiA*A()`_<1B6BK$7!ZY{U6Qlm_7Bhx3lgS)cgGH5k4i<+!H?;4F*d7)L<@ zWFVpS1m^5ugD|0rT$k)r`ib#a{2~@K9fC?JdONC5Mzvffj0y@dCJz7QYO6L4X>m~( z;clXE$buaj)D3SuGfnVHB-pr%q-*=2&9MqF)!fBX|Ys7 z>LwNXK59XQadmZN3u~CCL&EFzmX&pE(KLu&?{Fu^PhuSygyZ`H{0Q6&L)}%$bj~Ko z0n8J#Py;8f_s8}nGLP9c$)DvRX;}igMbbADJSFdSulx3`{Un6fiXyhgNXNff;X z?>m6lf<-{!E5?IOlXGP1Gh+vPUPrrX2)en2#UvNQob&I5#G;{}>#t9@e3wJeE^jMc zS*mK{J!{c#(phMt4ZT~)sE5Y$&bp7Gk^$q=1TxMM`qgd>&n7}PMu zgShH@*=>6+A%A(OPr~-DB6KA!zO?q!7@y1TRJkYi+H&@zB+Tc}!CyUy4E}y*@Y0Nu zV)8=q9m>@Q0X9M2tBvPIzzsbnFAa+lkmMGk9f}eHPgD zD`m8J$xfB%*KGKoWqTSq^sbSaL|yd=t|d=5$#ar~xv%!u@~A-!_I&^F+Izu0?Mcaf z*pf|hozw8AKQb&+?`*I;=RX~%UiRsG+3Nezm)k!ba@q#=B!IIw+Y^uSnXHh-1tv2x zFbog~001c|=D@&d52=PAFt)Wz&DQ zh;sx})$CqQ6gcDV*~p~{cmRIdVprS<$hbzku)`5}`y89ow2~kbv*2PfT9_QL%nv#g za+L=r-pJIEr?G>&HiTtBojMZtUE|Qnj32Dy$k6SEV&!5gwMfar@7a$_5NPa9Ft!fg z7U5HTfA-*0uuJ$oJSI0;(Pt_dbyt~!qZzusjfzc68!D6jelDC&UuxsVt|}*3pFuBG z9REti77%#qiV;cT8(cDI}SSqyzBCSiG0w1k#;8l*Vpp(++@QHByh5$+vMny%05Hj2>eG zqyL~zGp@y|;^^DxQ9csT;;?##uNY0weSbdU&~)Bo3;wmH=5a--vD^Ro?%-A}i!skF z#t%drx1%ZBaB|7HNbp7*nDx>=IJu<1E|oMoPTx(Rw2ej~Bpa&17~j2nW4 z7f7n0Xu!RxnpNu`CL}kCv2q=xrR;deem2IuZpt@^FrY?ChbJs-3tLdj+cOqK_phPd z3d2@1mPmoOX8U z`EM~wJkQPDW^_)$YaqQVVa)aaOggPDJ6DX$GZ>W;(wDtfH-1;a00tp>CS?M$1qLsx zqsxV=95zYV*IpF(T?{KT=sBh#gy>B!m{{tAQk=P(eWX|LY9+0Jj|1;(}e$mJD%{p-$<>h(5;(iqu0}NgXQQ?$E2C(v8hgZ zjj8f6qt-YfDZg81DK(rb2Q%485;s~)a3=n8&ebb4P%_5A*RPI2N_PvHm|-Hp!oAuJ z!&l{Qqm(U%e6V~!qTo@L36K#=sxVew*D-InuVxax$aS4;=!{vnlzOx zaRjc!!l9wx!NtSz#OQmScOTU+b#4?HoNH02h3P^q&~Irax)xsIve8;=LNST6j?H{M zvj*CN5*!5~YzDrIm

C&?q1J)pNKXkcHeSXwKmUG(ZQ3AA?u`08RGybILR&%W8{}0Ye&e`!qy|c(-u3# zIZkc)u$}iw_mF6(%E(gjk6oBvE^5rQAi&+lm3#lV^>5fW0_8SB7Q8`^4uog)#_iz- zXJgjPjGnY+P3#zJg2{j3t^pcbJBZ<)T=rY9AJG^UmVOYJdg}}1~=MxYgpZf zT*6U*;dO&_p?Kb0Gm2ZN7~CWl{RVIcxE{v53usXV5ry9upUqX0ba;!qZ4^0O-9l8 zgK5Qs*Vgf&zK=JqVGTEkyQ3CCJZi16Aq0Tls7=6KkMni9 zujZ=!me}Yw3c(mmHk>scNP_Wy+lsUzWUF~6DDQIMrp-Zik9LJCp1BLim0Wl$3xS#-D`UKDekx_ z(}Xt(+f%rbXA-fX$Z6UGK2yZk5LsMiG6^ij5Ak6^27fKV-O1FVK>*tC39aDxRIAzY zD$=WId@;BO@^ z1Y?@+griPf#~OKv`hY*i@F{i&DIDh}@d}$N0-)$xZ;49v$F3@eg$@`Vd!So@x@{** zCg?~if%y+F*M7P%=^zXHeB2R3Ch7!MUru8TSzUv_SDCf~9<4xU<47$EnJg11Z zDF*et6u`hE_*P^`*bDAv$Kl!cxR#AimlR%YMs{#)hzFHbJ*WZq!kA2vypdrpt z7KfJBD>SG*V%4$EN|?m(?!r5aG9#$&=$08JnbAk~? zY{xJRZ2?`euiQA5^9ln>~6afD7)=?+n=490HCDlOmRl48@b14o_YjS7?mhHvuypTr!-ElUVd4@tDT zcJ_rN>cxtWdN{hDFIJ)bO$VHJu^A9|!nCMq=S7KEgkdPJ@)v?6+nO%0zleLx{`*TT z*Iq;KY~OGrAyHXv%qI7Li*#->J`_N#+~X!V{R z#-{XQEAkU7#*J?L7&d=uP`AxrcG|mZilP>gD^pU5+7o1_sI$>$%7OH8Ke?pWT4Kyc zDjFQcJLUHaw55h~ruTbC@7=y?ZuWoaQNOmopA);TNyJO*_Z6;TF5;QOrQbnKPR@6j zI_BGu2@|=P|C1pkk&nqq%Q>86sQrH|fSOQIPp~3giCtFYS^n^_` zrk*(y>CcR5et-hME&)fs$1m$Us(TV-VJ>x-Fb~&mnOJ&T^bqG0`7hpHw);w?=r<}4 zW?^U0hv7jUtZ;?=Q9)%p$!T%d*y%?glcYZ0;kys*PuD*4I0Y+Jf+x;F6yvMRH|o4P zFhA~~_fg`mav{R5n)a8cu&*E8jZg)B7nDz_@5SD{N}mG*UmNnS{7%_ga^##UCiTbh z3!76>0^i2OSRGfJ?bkokIXIaT#$;cWCeY3VO0v)efuCxU!Nbl}C^7S?1WfP#B;d(V>-t`meo7G{Ya>Pz6sN+7dvBHq)StQ=*dQvlDy^d7J4UF zF8lV?j@ZcOj(lX^S*&w|R32)J%h1NjtH!Ea{J`Sv3Ug*jqpyE&ygf+i;)Pm zNiTbsrVj8Yt0N@hSS=*)L^dd7sooj0regci;+_Y!1#_m}ldyor)S%vqMPt>U6X0W< z(H2!ov8f(sVN7f4QwFh%JO)NO@UA|GW81MT7A28U2BX%E|L%L2uXSd<~cfk%_Co%7lw5$rTJhO ziiD{G+mF&gdn+LJtO{0i z!y*?hugMAQKVKYjqkUh{#-`r*h^iWH+V>2EkG_&t5Z}y^zam`VJrL{Gslmf1C+plE zS3>|KoB|N6Xk7^@9(H1<*5|Tj=dlvdQ)81+roV4Kznh1{RNvCqMUDPfvu`4o*jqSRzHE7&} z3sGTvQJFR~M~B2y_^pqkOn3oh@~oUaJ}8Kqp3A|&Dh#I~(STX)e8u3(tWn>6hH4|& zkVcH(vGs#YLt2R^iPB%qrdaI9D3>4&bl22&g@y0WO@VJ=qyz&+;BwNuWgXPq;QYti zU@J!Pm^ZuB9`w*M#Oqf79kKUj2xN=>9+DY^ZDH5*HMyp5R`!BCz(!|>RWyL-(*Fy> z)nAtHOG0PZLBvDD5DKc~M#=ka$F0C15mWfhY+AitJtr%AdwOH>0aq{mNzMw;2p)ke zHVD&CH2)>vasGkS!5RpYNX^W`@&+$V@Kye%KmZzqurG-OR*{+>QF)=fqvwtw`y)h< zm;?=tBVWV#;_(~V23-g3l4z+@ZSaza?HCsTo<>BcXYC!wZ5(ZYy?q~k?B`hS4+j3% zSd4<+Nk*5FFa{BwoI}0F(?g=J;QnZKM%V1BG1j+f2dlTqym0P@FrQ{(%e+PG5<-$6 z&ETMq=KyJ!_yP9-FXDjrqP>QCbU=<9 zA&$>i(u**srTz4teHiJ!_^SCNTI;{s^ncgSgD4J!V*1{@q0$ow@S)|%x28w)Ns8mMLy6sOt3b>%|(+ zBzJ6g+jXu`*Cx%)?`^-%_j_n~TRgHB=zWb=%!*LQbbJo{B?aStU8|*!tV1CBZ#8oN zmunSQTG*A>$*=cJOIYQ6cNzO4l|lL_CXCT-AkY9R!ax(^b4o;QGNOmT$ZDYSv}qKm zcx4bU!#>@eA4bS~`}RXQz{)PJu9eE52>^A?qU7|*PHlC#-k@pB3n%gJP=YHZBDQcK zWVrL?FFJkh5BqU|q})kS+=yU>*G){?H9+57am&(86_EdplNRtt9YAYV=K*F_f{DgS z;PO)SHumAiN9>AF=R=u+9Qhn=BeU6k@Gln8s_?g0){3ZPy16;*7-^SHQX$cKnu?sx zO;s{sjZoVDWCp=ORe=iSua%9a8f+cA3^us4cr6-FR|?jC^5|-=n_e$bmR;Fx2#-`} zD3VJ08U*Y!JabkAJwjdCm1_P^6sDXXF>q?dhgE+<#>bZjbGI>N-*IGTB50;dFzKh( zzH@EU5*6njws_yjGO1={5n8b^@moyfmqSVmbh}A}@R4k`J`H@SAeIC_(3%aFpkPBU zIiaT)NQ`1Ye#3UKb*1^PiuS0psn{(!)@mzFp>*mc;lMa1XbGZN>KMjJ&r0R$aaU>G z+-4FAMglOD#ew5J8#cYPw}OK+@W4C-$|wWFu{+TX%S(GO_z2r`!89*U3e6io8&EQ` zR_PC53(moW2PovBL7QQSma25pNCr1eT{t_G=v&Z{sw3ZZ2{r~JX-lFyFpvKML5MhY z0uJq&?&;rGfsNT%fi{Dp_+PVwxsRoR^gx<;A?M7~8XjK_JG_m&t74!8JW@x&hI5OK z9J27P2#_p7Q74^&0XIi2Z0Wn9d)79ExdTo-ZZTQH$m-?OF9N&M@lZ5)q-*5NM9)C_ z1HPiA#Stq63Nuxc;h><_d{(zZThq7Wipwk~(xtk$aNY(7*NBhz}CgaemivcE-BEjMuof8v>Eo4dz57ff3r8$_!@Q!j(f!Jo?_)xrZIS zN%D{LV^5H+@WT<`pkjBxRzOM7xISn};K^w1q3&X4h^nq#(EVgDeV8ViOWHV>b>F7L zQ*CtTou^$whc;ZWb%EtuL|{3QW_Q&u-3hCsLFxpj3`6g@1A}^Rgvq2j{D<&u z(t?v8ELTsK!q6qb6T#A!47r{43*!4VM!JtRd(B-7zmNOsl_24kyPsRuji``%(2Bks zs!AU(ZLzmS(V-LRYzC8VUwIW+k%WSD}GUuIDIRO?De zyb5s92U)-MNc@YeGg1wLA7@(-ys-YDV=#DcZ`0H;@V1S5T=9=Yz8*D#TLOiv+l3*06O zz?0HiQI~nJ)h2>5ON@RGVnmTgjhjQk!1hvKZgDFbRKu-r3#TW{*k8QY%de$#k*L9x}Ppi%WXhQBsc7AASwaDUK(%$fH z!a5wJZO&$-uloQ2E2_rG0CK}>Ua5?bq`NMX(AM~59Ee@cpfrg2rR#9S+0EMQ8R>vV zm@dZfPDdrDxz>BGQ~_N`GNO)cS7uAaS!#N=AxiHA@*P2K%fVJifzq}&!Q!*3bSlp>s6 z9?K-Ovd&;W(iivuO$({I`zIVTs%>{cXCMWl^P>!r@fJ;^#I{U8uZ|8{}{teMV zcO~?`_mlVx`^wh+MleNpo4m*!7w`~OaByhOp|z+_C-9yvS4qRG=>W@h{rV2dAcy39 zcrbcgYH<|vJY2tTCnn&191`nVczwzDt)fPe4wmE5;a^BW)>nUWmsec9570}ia99?Xq-hgG&|vKlu@%cnJEYLl8z7JZw-)Da9?V6u7Uz!Y6x z*150^U+nj3%p!5yQVo#^)p+*<^GCLLiiOXEUMoDwZX)W9M(1kQzr>yAICgG-+tK)0 z3+jHGceEG9NhS^#jybVH8-HSEawJFp25>gM#+5J9mJCjb7^>za3M(uvAnd>I-Qqa_ z08tedE4`CZLj+pvjNgPs5uSk|-wx9Kg^=SisOW{0@5S-*9K6K6z^513 zP?ePOb*k}r_KPhder^G)k~w&>p(~6lN5nTh&w8}|G1hS7T=dnhQApMnym}e`#n5KS zdo}DUFkex#_9<3ae+0Gg4;Be-`ww%1F-DW;1EC2GZp(Yf4ADcq zqaXJe>4g-vK`_f(xOW2MkHuZ6mce{rWN=fcTG)jw=Q*JofK_BNq`MLx;DB;Tn7Y3$ zVEz{hUuuyT&tvRMF!OXPfaMJcE0m7P%T9MdvqRWjZ@+IoBBlj>qMF*;ltpdxy%Stn z2oFc+KWvPckPu!9f;}%Q*w0elzP+XQJY;L>pduBSsHdWpb#RCW>JPRBYr1IC#W+IX zqTJ3`CJ2OY%3Awv@|z0WeY!AwpKQ9;OY2FHJCY|*O4B&Zg<=!C}FPlSDTq_7;!WDsU>5;-_ zG|Z?G6K9KY?80os2f@~M9HzVkJ+xQN0vf(Cg;6%d3w5a5`kz+4l3?7O1Zo^z% zUSn2Ec%JL&&sajb_8uPp#>myxx~;?9ZBZY_-U;3D_i+&fpcC&|i=Nf0pKfuuWTaW_olecxr2GK^ zMGb&X6#Tq}^3DTaj#F|Z{a6C-45<7Ej2$XQ5_oorK!sT27FIM(4@ql7+U#BG>BFGp z*S7uonTPd+#*3S1Z2r4b2G4bmzGx*A386(y_c=R!#R0clVRvd@yP|*2=Zij7!R0U) zbYkYl=hK?@d~V(_!%(6=c*&e1-K-y;oFJ3)uCu=^XZ~K>#0Gw%X>Jk=v)y=DH_CjIkm6SgtE5ohqCWy@*n2;QD2TK_5D+!KOe(WNJwoRb}#y(0o z)~0FrhZ!9mor^$f?{O>M!FYi6c3`yPVx7H^ZpSu5;p;lLPnI4^pB$dwSE(7`z1yeJ zghu3ta4-MSa7(YtSI_nRWENb)6R3_i7I?mz4d3U!xM}7`_X3Bz8-*hGv=w^4#!4A1 zlNAtH$a~WD+Z}b~^6*4QRW+W1Bi?1I6B2{*@Ap`y{h!n6@~Wl`Q=9+B>aqO2UAP8& zReT2cH3B{H;g7d9RJA^`wwv7Fxa+A6y)nyHMVK`js?O`+mO{+}U(DCGRXR=osxE#T z+#c5$v<&vb^}@&7q=1sFtFp*4iG^-oK24A@aD8%^>5J@Rs z)MxwvubO_8|2vicO4~bH1ZMfGe|aqfI2xG+tfk8kB+W4CM4 zOky|>H1y#b(lG!1CHZ75&HfU-IeQ!=U1tu!W2ve)qrJyVuoh35hd#;zqy7_-E5hP|4deK|yC(Ox|E(Cd z7yxz|FYn4XCl$a3G>#CH)V?c1IEtn3fw$;E?WF~awK@!zNj=9eOe%-3mv;8pWrH}3 zR;~zO*>lGv{efKe7u9ug&~WKncKH*vkP<7u8nd!4-RHXFimML<)gG6ovPZ1|o^0 zEcUQP8Fpw0Kbn?^H)T31o&>C5zZqpI0oB)QRa~6haN}p=))Vm(@WYdzROrtcs>GBa zg!>~o{8^NbR-sB$Tg7!URfsk5diDU{o+p}g#C8s44FFoQD(FLVkQzcZ@_0?-p%IjG z32(aurI+9$r1!(|{B8E`9mTX|RkX)~la3UGZt@uC?tb0pgOGqPe?DTbjI-Krsq*b> z-mM9fGR@%t-O_8q<}&pBvSiSV^m<$mKD0`q&4%5g!}1<#A{X(y3Vm%|Q*6!7;9C@K zRp*_|;hQqDeJH&(gL-8?N)Mi*{;`5&;GB;ePf`tN)5{=nrAA((?vhNxTdML{a$Xzd znP@3V!{=KnX~#(*Zwz~T|B(CQ*zxa<$iXIk(D)Zrlfk^e3!aZJ_|!W;o89^Yir=vy zx@2~u-9q0bdun%-J;<@`m5Ns(cKx))%pdiY&A6~vA*`1~wKkvg9v*8)rC(=bi@-o` zOXyL(vhd6AO2|cJpVuju=P4uoN^6NzGiI)&^0$oStoBgulxrdP3*(rrwKe5V!@d(K z4Jn~a>MfR5rF9b5!Z}2_k-qlPl>x6LZBK7(KLp6XB<^4MdV>wZGREu;ZU@%E#Vpc` ztSfqm*)$L1*(q#(8IjowV~&cA3H6VS)+vgK-nOfNs@W;w`}&E#9EaA0*Sn%kr6`Wj ziWfg2sXX_1&!%zhRX*l+c*`l(X+InK0rXlZFKnZ{qNU*oz0wk(%EQC+IWncnF{_w% zf?$+iV|1ns4BZRyH=itN4EAu5{rnoSVYd82L=hePmB3e;+ly|;=VUPO%HnCReMoV z+=!Qz(s)^O>tl;xtQ;6;6TLjKiVhUMb@W`Qos|wG`_)k%BXX^{ z!P!92V=ytQSI8lWSFJ3CnzWEM zx)pMf!><&VwhjrqeJnrs{~%^$#1wnRr>{#-T{u zXdrp7kgKeF6Ql#1W=M6bWcAP(Ek&_hV6yI>MjSuM78d8;g z*H-K4`!!pUC4o2;0($s+vtzj`0LA)ty{zf`U+rIfL5<%o6EQ4zI^l*<#+e$=>Vk~v z%jgQMI{pT}YbPuP_I&5S!B%XfeV|#v+O+mf9~S`6%E;0cZO#dKyzpO{-iGUv1K$UQ zNJ|EgY^ZJRyMVF$Z$-je1{j^8@5GQG&k)OyL5aY{>f1xNQ24Fb8MF1s%W#g5VvX?a zNcwU=u_l9*wrVFNoPNBhVN&+>JWUBIQi1^#N+Rpz(6K*-@65$SI-nJV*)`fq-Ds$SsoX? z%*K+eFT9!EaCae3m<<#r7)#oOD-ka;t~YYDG*)I+kWj?$i+snq$Cyodjd{1MLZ3j# z>TdBZopLOKBGzBN`N7u;>lTkR+}~f_>ypWC*KZ#g_5dIB86-9&M0+{VO7Rxji8NEY z6d3s`;_|&X*?nPyTGVs{L~+%CD&w74)oa*u4~ZWk`9kEHwY#__;M^sC0q+}(Q6=T0 z%jaEB;dxDLJ^72xMl1LKh6K>+zbiz%jXB6RN{3E@6P0hR%+wOKnLd+PD~b;gmJtR< z+iCTf_`xTIVa39w$SKWfhT?YBPx*Sxc+q9Jw%;BbEhPaTI*c3)8>17z_o*ngViANIR`loVpLAh)ZdPn6xH-hWW$Dq8-9784e>`gKfp4!h)%P=k$SO`Wz0)7m z5A~lyYB6MqkkSNkjMVw2a50dUW@N!+#luC|oRy832j*?53SI&|04<`$C>|q|Q+Y^o ze!hdbh6joY^oOm!+TRE;K=%ZaoF{s;A4zDb{3Uu*=Y&V}SEtW5PXdH$t1!xJ@9^79e^udw6*1cOu- z(a+5j^TNklYB7`voI{AN`T zL}IAJv^k?z&1-{T(gc}eJ#K)PG~!rOReDWRJiverI&s@lb?>mHv7DT*Ukb2A=*pT_ za3<%<&*u_ovIUEy+ka9Qkw&X%#S&GG!=u8sI6BhiGZ);uh<+mM`E0)Zhn=jNGjORt zSgwbo61@jd`5jU!;Ee~%fhZC9FI$54#mqV zse~Q(OxP4+4HL}4MHt^gGKWm~^@xW^lWsLveFfXDD4I~x)LGObMKmQfp@nlC0)iuH zx0_^M8{xP8v|0LY;J0(SWSnDp!ynNdVC9@}^(?A0;z9*Ozq;nt#iS3pYYQo+lRF8e zqQ5=X_exBjnrTJ4*KXG^MZJ(o3pB#6m9QTmonyFrlkhkWA0Mh}E4B8ygc+xBn0AC= zPS{Ju5EH^VkD~t4Bj{nSuD3#t5Xms``gO|2a0;EPN{{)B{&>?5*Q7F+m8l$RL=`rQ z8%avSQzSW{cg?Z%13!%m?`Gd~+We@&vH6GDjxZtl5K^BhZ2L(};GGx|3u0_Qm+MHA z4Rc;H<=3j_J*T6j$h@GnaVQ%7NM$ANKaX7nzQH5IwQ7Bj+ZLB8Ii{EoT0GFa!p9bS zsEu1JTLjQorOHmzA2GYdCDsLqgd2QG^mJ=Zm0_u*-XgLOzvwv(szHH0!ao(=O@J{9 zhvfS<76?r6NG{nYZznpZeollJWIlL34LHerZ91@CkmyZEb!sT!?^ar- z=XM+HAusWR2Eisp(`G7S8xPuDsluhPA_ZTJ<2$hQ1L z;T|{w-%7?3>li;J)C;qUyvP2<`Z4xU++%qT%h-zLt%KduBF)s&mQb|8Jg+cE2FdTw zMRlXh4HaW>bfd;M!U^<6fs%!dMd542p`GN`A^$;vX|oGt&>r9Ys|c`*f3^juqUp|i z?baJ^-1Gl&bq?&6by?SrZB%Sq729^jwrxA9*tRPbR&3j-*tV^c?>yaC_uJR^56<3a zt-aQqbBuA%AY<&+u;O-GPgy7=XD|V4Iw91rNZ=fGhdC7F{9#KS#32D3)c5m;xWoG* z(-k^FjfwN0#=jg_4m`gRvu5;z+%}WaES_fA4thbRkWdfAzQx4V)rvn+ff+Ss`?2{r zzmSgymG59@OYe_lq1rg$AvL78*nRknDuZq_$frtLeV)h0Q<%oYn$R41J}1 z2P}F$n1^=-I=PjlvN#o!oOZNlbFO!I2eYk zKc7}zN(gEQu)RBmb_i*F9@!Fr(uM4T3BwJs92&YyI9Y;fbB&0J%`*PIFC+sL0&?Rx zqz;=xXH=3b>MqJlNJ=XI4{1rRzE(j42gP?XTLS$yHuGs_ag?as-V2F$p-d<$_U6{j z?)*6c(w^QT{zisItd&qe#K&${{g~oY1U(|VA z7N|4E7#k)-mTdaH@U`WS#-23EV!XJNXF0sE@UH}y27zW6aeVPlbZc=5f@|foij{H! zB3cKBT3V5Og>m(HlGkBRDcvJ(mht=x8KG@f%O7+6*`j>ZIV~G>Z+aP2x~f>GcoS-A z%o0a)mFX2^oN6w81Yc7^_fqv8z#J?7rfXZVlwZuuyY&m(#@zf)Df1NVpQ%*ct`i@XmtdZ`3Mx{SxY|1Nt7hGa zvtwb;)a$_HUH!TDU5N?@jxy}`!0S>~FPgw=e42tf=dVNzdg=fw1^jFMfO|xp9_6KP zO*)Q2-;CvY`NGpM`BlMRr#j(W63>}utOSGo6^Wuxf!OMhK9NJ{Vyv3tLkPZ~Tji7U zFBoSByeW9qA=@Rh-)c_D5*a5A`tQ4oCuiQ8lt_V|ht$kP#&_ zjmw6igfvywBN;!#%%D-4U%}-i5iZ+=sj<296MV^o6ugcSLxQ2w-h80Cm%9 zDR3i{Rfy`GSc&xFUb3IWOw1OYXEHC6gP@_3x{~KRoHnfI5>ln>Fo@fX*MXLK30Q@w z`heI$)k}Efomqeo-tHkg%OcZKFH8VMt0-P^r>`a3_QN0gjmKy37?AHtS6)kd-eC67orV6piA!@Qn)940y_hvt$R-$9w|pDN`ksUY zs&|7GwlEN$sh+>v>fsG^GlD)!9D*IRyvEx#G)-?cDw=|vVljJ%b|M4*nY=i93J1Em zJJ1FuAA;%@P{ZCpUZ69lbjrnn&)z<7`7D!aLx#-$!UxYwdv8Scr>VM*LFy@P%;uZ3 zx$EU6@sX96U&!p9!l0OyObCgOyo&VV>?HCBz5;!zAS##-5Fe)}nv(e$&)OHlPzz2U z0v}#LLk}>kTEn%o4a?K12!AQHk5f62tG;4X8Z5ltGYZ3_7^Bw6O#BGVR-p=n5lZ8O z?!O-cWQeFz<-;EV#Gcgne{$Z-Am%7cbv&U9kqSBWy&uh%e*s-!KZU6=%uu|jn4Rb9 zJpy_(oy=dw8CWXs!eaS=Azom7bm(Kga9o`Ty(0L2K`6%9newa12RQV)Upy{&@ zGxJ1T2s=Idc8@+1rdEEGy~Iu?>zz^C3uoROIcd2;I>fNPqtV@@MJn*^82)V{^z38;ks?9 zs`Wgc(}EkWcT;>YtE8#SDVw6>+i}wNsRY=Wd$4F^re+H`1+@S?ZDWG)>$&mA8HtB3z~V&kW491hupR$^a3p zMRmJfA>4k)-6^JmRp%XaCd=;#o-B`TwsQtsAqpq;J4R8hh zVsEz{f`u^B=6p*>iU%9`GfvD>b(Xp;+lE?Wc1>?r(nrw^{;i4vmXB?~cyb&7_930} ztH1a4rUGMojmfh8w^eXl{c@Qdx~NKoyI=D*Jg!+DMUi*KuwLI#osUeX-3{VC=Tmw| zyG1e&V!P2lryA;kF`zVA%Q530mwI_&>m)onw{Bz2;qSN4fDn*i`3Z34a>_w4x$G02xuJ7NXj=!UIbZBs>S^r~#0PuF)p(NdE9;+2 z>QURBf?{uuX6&|51b z3{n5L#(@J3K?o!%$QuB(>_+f^w0ppl@I(mYkSVVx$3U&r*^HByZNe_Gly95}Vo$%J zkt)fNNqaRpXDc7uOpUsS-ZSmdcG(9G+X4{Z9lCc+ah=X6cyPbnO)av;3p_!1`Hr*S$-TvC=?unvI-UYFCg~Wbd?p;9 ze962nIBn)jP&8!IPR{||0e&ZE){B*ARhx&59$UWf$#~vJvJ75o?(&6;rTJ+ZIuo?z zFZzL%Ur3j+Tbp_vQ4`cxHmBX8d;s2*x2b)CtyMQ)*%s61$F$UBXX!bP@b>`&+89Suu33P2Qs00)LvgIP+`P@+T9DMbMfsm=vK&xU6kSP~6 z>7w1Ne0g&W0lCNab4dNIrhAyHMvBS_#sF_aJ6^6=i0&hM377n$fDqIL3wok@I360f z#XEMRd!k5vg1cC`-nP?S#;=1uidPHoV`00eGJy`pYiDl)G1Qi_?r}1Cg%C}3-)6h23Bm7>TZg!f-_;+r^2BD3j<*--i2q{n(-B!CS0r!o%bqxy-(0NGTTkirA^VP?cFE9( zaapZW`a496g3rJ!G^cR#xB8L#{Sw>&n5cG>vs$v6Z7QeK;%_wux$R~K;bHOk_TXWx_8rA0-1f zl!Kt4Z%5Q|R1YJdGU_Qo0<#DG>z|zt0)w%S>DlOk&b~s$JXI8iN&90#uZL0yj!q+~ z&%A`@1Hq1d%3;+{$8y}drAuomqv7NJwK{u^5I~o-Q+gmF zA?^E9q>YJbI|jXBYYZ18TC|AlSP^(IX=yRO+M8qZQBxRG?~fy`93(!NP^Z<+musu&SV@Khk5__mL}#|~$gSfn zo@#x0!~^j;jIHQ2JU_y(fB%ku8({Ik4u6A$hxey2=r#Y%bsKhEt~Zly(JyQ!P67Vc z3oTgS#ThVS?){;+_DdI9j3kA584TC3a{gp_VZp@-oFEf0wT#`L-6`KvfB#HeR~9i6 z{rmt@)5pT8H|VZK0J8!Z@e}Iw9&R?vG#B}B45>xeWZ+EdXc3)xZ6$IL=gf^0X-qD# z#tF)DVeN*j>Q&km^B(Q(ZfET@3+3(Mk9e(=Ds|A|WCsk35FI6#rR%`&!6&K7DQov7 z&)>sT^GZ8}a~pbCc3g(#ai|lsK0nT9#J9wcM#zlb6ejJ)pDlmChQ*(MAs;fmexuhm zl(}nnJJ-%F%zfX_=C0GTtD)YYCj7cyLKE~~x2Rq`k{kV2qFI)x6a^gD)|WNmDim}_4ZX)EnY zC+@kCYkPo&*A0Kir|9-}vUTQhjR-}H$vJI{$tPFSvgvn5i%6F!C>?X2-wuL01|heI z_k#C^X`3@3Fqz zbLl?n4+DL`p0uoxsqbEK$?E}(2L8@aVsm4x|7#pqIZGWaIFH>V*)v{9bexgB+lN`S zcRx8igB$a|YD6wu;$FhJl%8{VU2T~x-s_F~*l)H;dsuA{Gf~nZ>DTo00{5{k+pe*A z9IOKLZ#mnY4aSFX>A+Y>H~a0rlqTV{QU-^)ZqM5!if>aTKo7U?5TB*RZg!@AGO$R3MSU(8wF}Q!2h># z%0R+dLZ}(FJ4X?5z7GPEQl;&Kup8Y^FZFWU-E@Hp4E_l0esWU0z%YIc6rx`DG20T_YDn^=|ilLvPmPPg}+b9b8ISNC&BuKWcfSmk{us zfiCyX(JA0_%@D2W{`v2J3C!xK@vxn?*NQompWB1o-fH&VhufJ3wR{-Uv;-Le(I|)(>b3fZ9QL{fFtsu@!Xe&JWaDK3 zxAP^K@bv>LgAp|iPf4^GYvDfa5W59)8esPA5XXq6O`~1fE6Rr`QKrEwJXWh}IFLGk z#J@F_FSzY?GCQ~UOL^h&=qQ6q;2dOsV1rym*x9)rsELekl~?K3VESPTN_dk#sB1H$7y3qbt28uOC5vbvAimX03I+|htrePAPU?5|A#OB#~4{$+lz#dx6 zOgTwUX=~y^BVm_#Yj=2Tc}>`DwXfbJe{{;~i0%g)%?bl9)Ss3U3DC$QXc z8=|7phz}h~*Dm!$h8-GlYIfD_SN3WY3@($hfgz)DtP$FuFZPS=ZyWG4S-T>!xa?Kj z*c(+TB;doKlki7OpC$1w^{je+INvGA$+7idZM0vX$QT*Idy#<`AD4 zkc1BoHbA`3@Z!}|V`XN-g?i2Q-rIM2$CgbkVjks5_&+h(li@F!%a9yfL3xA(54};mN^oGH`K@~5{jT!KT>sVd8i9eD ze!pOgviwZoSfRgMA@RNBcwiIVUBG`uUgw7S)W@ zpyT8tS{E3RaRqiFYTqKIz${@%HU9axBe?8 zzkZs=sAU>;FbjPa`#+apVD!?8%hXCsBZdfEGN;Yjk7Xc;NcBbE`_{|;qV*4>;%)&G z5SZt&8_(o|mE)1t;X0UlRRllngbcU>HQC5ww>wIUwuB0YMb?Cnl0E2ZR)RA_6T_xN zFo#q8j=}kHL^wlS7oAS;PECIkctEHg+_K?WN#j8&|K2XO8(HtJ5Adad;l%1f-j~vI zH@GfN2~8|P7}xp5^BO)Ts>T1-pv=hfr!Zp;Uhnyef8!(UbqN4Mc~*}65bdxg+f_)! z{D=BVWZfu~4KtWSFXk4~SZuu!*k~hoOw=J84&}M0FciEUG`jk$s@URKW4ExN7kwmc zZ@25R7ODaZN#htpnen&DW;x4a*y~t-r`_$+d~49tqPUJKQ^|hHx{qmOd{7j;3_Ig4 zmK5KUDN*eZ7_D2iS%|bXw08Hhui$Et!=elJMc?O?*GI=A;7K+wv4#9h6Y?H|7b9>3 zlaGmp;!GsYCHDdZJLm$zL!0uP8yC}98$q88oZCl9+KsN%iz^VO6`vzS9>Emwc z$qLOZWk_f5&4c(wwR3}RhFeO*J8l!5N@NUpJw|WAI~mO`Gd{=0EYzI|6h_W6c&b-@ z-_y2GUYt44_!lpun^;BKs6YRHUnZ?6O%=zXp*dAI|Aa!+>v+o575NlXWd_m|W=hMN zT!8X;NBL3+Tl!tP{SXg+J1H5NrLLnpcljidhMHmH5SBXmlx-b>ZydyMp`tgOCgb=s zIV_uxCwaTT2zt#N;}>9+g_Rm7#o!)5w_$`yc1O20cYf62w&Cv z*qB|HivDx|{aqO5c~Oi2N34q*ul_!VhK%Dxx@lXKn|7PL+FH9B-4P9bd%2p;Qq|&H zkEV^hpU3p-aa%=Z!xW5h;+3A~miSfQJJH{dWRmzdbO^?(^wYd;J0O%$2`U`1yi z=;ZBiSnq!Om|%1~&gb3GbA3E~;s<62t|!kV?^2u9EsNC**C(h|lnx<1g151hjarqV01h?B3GPB94a>;jlS%;(fQQyJdQ8YWc$- zowDc`cXeKW?_BMF;Bnuy+{Eu58poj3K4@xr^ZlYibQ6!f!FVPPArRwi!)I2&Q5K5w z!bwyF5LN}BLChQEVcLV|8Az}mx$=wu&kMA`!9I@Hi({AC_Gn#}^spK+4)wlBUc!!` z2aSeXm~%xwvH}LR4X33(39rp|ceD*Pj)}^IX?og{zS*0Hc9VizwN7dKunH2V&C>j0 zsxaG~6vCeB!hE!;H6k9n8oJUa&vIv5`Z7rmZ_bEdjP(EY=Ae-vI#2buTSm~06=Prv zgLkO3qNbXy?8IhU)*hW{a8DJfrg`U?a|;}=yI^Z1-ckZhy=bl|7c6HY0a*yxEnTm0pL^F&E1{I;YipQ-=ZQ%xIGg8 zlLa6;=J}xPcOb7dBd;nT0(*}XGkPl;r}4VDF`3CW6^%JWYNthfc$FxLZ+5Mi$umUY zBNyQDFz2_ylOkj-NwG-OuK_OelOF*#s;ErGekOgsA^vV1huWB9EFSHf*;GvC!W7%{ zui`lO)z#Huu8aaPxueBpz##T&WHM!|n=wZq=vHlLIS$3)&2P0z-F=Bzd8-f)X1IPn zFI0skZo1Gt6MR0py)gPlc+FekTesU%4XM|3!y9eVT0?qDokpp8*5S(O2M#-V$9ztY znvgjPF@|ybl-~Q&oodPU9aTDp3WCZW?ZQr*Cq< zD?4LlMQ!;*m+Bg`(;6q5Crgsr`nE=|!@ViiDVVR`M)n1#3eINnE{Xu74`!e@NDZw3 zj45Lm3i0Nk+Rm&-ZM8Avb&PFXctyKXogF>R+-$m@W65DwXgA8$-VUI<+$I~&(hrX{ z$#$)l(wW|jq@zNYFBXeY_vFZ`TNNqlYr1_|c-+X5i<5I?NhF47^wR3r^BYS9Zf{kCamF3r%4l_c7zn$-Ny)oq8YA2-HN z9onpFw|C>Z@6?`m$H%Xt1GaW`bJM1)7uq+N`>J)i*Yuo*Qm=p#;wH4%U0bWF53Ti+ z>>pkx1tT-?MjZ-b!y_gveI|nBOc{5mB$`+^7=cIw=OVH@NrgnS zzBlVv75FNR_#JXW`0n&eHKa%7J#Zz2+JZav=x z+_{L~=3K_-Bi$Dky36`uATJ;SL3mrhXxdXFh2CuY6{Q^@HOr)tjLjt+)~Juu62d24 z?{*A6s!ugrqo2axr+X4UbN9WE%2R9H7#V~K2toUAmtX}N<;ECUr#vySPJ)VxYJ$c% zwR&bWdCl$YLR-duNIO>eDLskT2?6bal-yF7>N0wF=;dMjq?G@VT(#4<6~Q2=?;e)* z$MDHZvZA1}X`;Hiq}eTzS7v5S%NDoHyK-Fiz%A(w#lS#^rpQ`rl7cXY8&guy?e2 zr`<1SE*h%JLj}^xTB0Z0g&&BD(e%*{mi+HJrZ8%>8bGLuGO?3-Adx-|vaaWqcGDTQ z)DCh&E#vZ5`e^V0xPPTO!*gQEpw7ic+vbZ?O3MT$YNB%nZ;XK|HxG&*>Wn_d*yswa zrCg!`^EY^`=>4C{#K~ARisfBX)OYh-q zjWlI`1*%bSD(NkW11?X5m-xepZXM^h6lGkXJe7s!WR1kVir9-lz-LX2yH zUZi$|gvIj07LAk(O=2Pt6LDO?Ox}>g>wiNz1Y>czJP>w#JGF??(sYhy2m5}tMB2nd zZrlHg=<6fk%G?WLe=eNa_+)l}0~iHlEVqexM>}K^k?zQgX!djU{;W>idy4`Zg|YNpD`?{Ke0Qxpp6xu^fO*$% z09mK4BJrem?=uYazqfu9vCD0|*WJqm9v_kaKsOwz`*k9nMo8mL`;}?BltcA>=gi77 za0{G)R1R)VX}Ht;E$@ho!r?OFFf0ErpzBBHy8G~|ecxX7q`v?Wn`^Y|b@=?M3CIi+ z?D$kjPs*{5TJ|5oKi~2`M|_^6BD1?t3N8F)lbf^m57|aFW4AhkZfMo6WrH!g7fe;C zkgsg!;d34R{%@N)s|@j=a~?K-XOQ;9ox|E+>ARu}%W-{r$n5WlDh4qCRu->Zm5xeF z3_y0{A5EHxze`769m@AG=Y!&F2?dVg+`*g>`=Bx3WNtY%;e4FR$NW+yL_k zM7`JO-6>?g5IHZJ?|mgqQsYqIq`tp#jOuCf6kl=w{ws*VUzkrQ1>!lzlV{^kbmjYg{wS%+om zaRUcKP{Qdf?!}`Y+0B=m52wj?E?HS?O9<@DdB)vFcAe%^K;!o~-PghLNG@-4+xX&n zo0zQx?V@AkB5kWlJO+Q|`jpyAMMHBV&X?f>?eimRn8t+80h;x49kDrlz@LMplZaH9Pbw~qrLfbUyJO$gcnne!Z(PmVXqtrtcZ7}>G zy9>%WY;IUR2dAH~OS;n?*a z$9Xp=&7vS!oEozEJ^s9vosd^&Em-T+0t?i@0<2MU6ZaxL1DupmVJ^l#m- zj~0rpjn3ERx;y$IAU?ePE~E*N4k*8`P->(4(EIPj_guJ_$d!G0TGJb8wEEXD$FC>B z%gbJL5g7VdFj_YpwmMTCYs=#DLr=^2b4% z|7wg#AQ~AP!c7tyj0PwxGx*WoO`leP86HhyF-d(&Qa7-p^Ni=~Gf$0TNkV187IyK3 zIQCI7V+zXx7-UxX^iVP!%i<&@MClYbj=b;(TuULi;YO$iAguP z*UHK0_5>tm@tsWH{hKPXP2+(!;pAH%>a5l6o+lt-V-tDHO|a)4%iR}!u6{JW>dN5j zEdq#;{qxCv2V&}fG4Sd4vh!L{Bd7t?;Rz(%EG0baSChC*TA)$@=q$l$HU_pj~S`c_dQvr z3~1}xye@_ugs7w@IKS6XGURAwO?w%1KJV-HW29VU)@_W$M$BQxER;J3%m!-7T zN|cD$d_VHsCEMu3Cfe?6*5wOR%3QFO%_Y|%H*Wix50#vwQZ5D%83j9@89nw2_T_^3 zM7OXxH@u6(j&Z7-xjRs21Tp@Qi(C=!45HU57o}YO7QA6+eq#3Ry#q$uI|sZ@m^^j# zV1P2OY07usjZa+N27E2h({LX{PACo|dIIh=p4+9-sjvs)nkc^IQ`ZBZPXRp(DaDzK zoqK90hg3As-*}LBYyp)*2WXdkKPX1NM8M*!$@hAaRxSFotJ$8T)H0Vy^UfJef~}mv z+fO@?)2~|}v=c&XeH24;bzV!A!CDg(nn~E58WWVm43MR3t>_fHzrTklo*{P}=M-ji zG}_>@c%ERA$Q)r1VdB7t39*>Up&a(eIa8LxNrl(7LbiyM%lp0rl-0qOrTl?jf|*sC zX1AK}=S#+7(z0|3R;nk*Rvl*zOFlFD$aI-x2z5F=C6MctClYzVr)NY?pNa&nxIw-z ze(;`NUb623yj5Pk zasq6I(QQe$QiUPR>Jn|YYeMk&3=?RK1mA5NJD$6JhRRV~yd zw{O*@h>JegT_!GPCe`TypZCQ_pK*o(4UQr1N=puetp=}K?mGvL)ij}J{hHy#qh8iCJQOlGoFPDD=LrN@e#b&IG=3e_edd$L|u@2nBn<+4;a}9RA3MCoIYSeeeB8K zgeDjkbA)H+wIAEpvrmPh1DPPmLuQTz5vHCVGZ`tMtM&`-OY6Fjh%#?+t-u~Wy#;qh zskEQtSsFm;p-?-1_1VMe{+RZ;?kC_>k8rF~nxVr`sIBMG8CokgM*^(h)XYQ0FmPT3 z*>us7Z80_DUSm8$%qP>W8)%L{3c+)hlCwBOMtNWaRVT znw4H*D9{(^PS#KFi|5j+V_$lj_S`SMq}N@-aJ~zjuL3`_CTlg|z(?F?r{;nwl@Kr> zdgXVir94V`CPkm(2&=-U?{>(}T4Znu0BY|uNjSfQwTBeaDj+D1X@QBVVKfK4-4mH5 zwCJ+ZnNsq~1@S80Rg~ug;<*D+HWAwvSk|sl4(+3I@UFV9kKN^P-hFa3ZzLpc-+^8B z*7Sn{!;zz31Q*N5<%1c8okMI`873&P7qFSsg!MNto+G6DS%OT<2-G$c3Gfsw`)np} z7&sz|>8j!Bf(ls=shjr-D6Da5zQ}n#!0w-YyTD&%gZ(%@c$^JWn&jg{RO#xngF;Ud zvf7PZbE&xWWH!lXxA3|bopF9NIn$QJA;La&&bIQkb5B+1{ns0e9$->aqVJL-p!|pzn4`SE%>PZ&GUk|Fu=AIR6%@=LE|*6h;1>G ztle1WP&wdfRyzx9K89=p$vIWiJX&Y|Un3El1RmS=G8AjVndJW9T4#GP<`8j2ut?`a z7e%(DO-ckk?~kIxonX9tHRba8=F3?6dtKk6X|9ouYi;I z4c*+Jq>L3Mgf#kB(;=^mKcAPrCMkBEoRWtHRSuOmJI~wCcqV_#6tZb+*Oxe;E-@sI z^E&+PnF}{_$iRJ-=C|(ec{jm(KATt;B?(tY9@VMW{6FKGczV=vn0Gv3Tz}wbW?e}K zCz9zR6jsANBkZ5>qq%3zvaz#ox&dJhEPt3IL$QKk#a1Rddlw?wLM4&Gs({R#j#W7H z$XTqT9-&tlhY;rI!4=!p&LJlbhxj~ToSbqJsN^^kwPvLU?B>P5<|?1E1~4-opNSO0 zz>}{)mvV55&(75Fm&Ht$`BFk7yrL=gYK02VR387Pe8x>!tRxvrRX2hE6=>}M3uckj zSPj;m?1TBO3?!kIC~c>~@7YsZd<8D24BkTwuS4q(&tX0@UmP~HT*T2ikJ+f?b{=@Q3~P#($HgOdKQr2gn`YhS zrIr!h^mdynIErt9YVt*;AtT2ZArlc2 zbwPI>92LQFI*|DlS_ePl@7OLJA{KqZV$^?ZZ*QMgolC8lE$u0mF@TTb9{60fOdY3n z{%Sg{{40Q9afiFPEBdK}2ww3r5cb@osVHWPxx{=Cj?w23$-`)w_UbPAta6iAZ=~_< z>WXO5BU$5T#2oKU;{%reU>Nleh^gg2uX@~r_$@4HS> zz(|~|^9%G**a0gM@q}^^`yx$NGPhj<34n`WRxp*cs z@DLVykzC!-^V&39mL(Ty?Gg<|8E6Z=6 zDe2J+$+mE>n1|JxZS&o$uL%}uPfMQ8d9L#`_CU%;Oxo^>Fa{HbufZ6Oag?cRGL?K? zmjKlAD817THp?DWO~9A%x8GT0PAd!0UV-c{%rD?m;&Dw{cgk_{eQjVb=%~;yeN+|? zd}|2#L4thX&cEc75^p=bAG4aVDEYpd-S!1~KUxzMQgUOX3T24=d>Nhb6(ZEo@i`^L zkvtu3GDS8sBV9w10aX7cf`&Z{j({-{SxpIAfT-`Wy(JobN!Z;hU{RfGe;H=R3sHP} z&>9cXMLb4%!CE^{odx`YJCDcV?mxWZX+aL5LGfVuPYs161e4M*T%OS@JSm+ALK|aN ztzAE>Zpn-K17dI27aBrHpTsg#Ub>ez=U&E|bO>@BroV$&sD`4yTWg!z4fZjJ6|sDNLNoEtu7&OUd9Gj{y$nDLr@_mMZJ6yfjC%0X33WKBLG27M0dEpQ&p zys%~sbl=!6IWYdO$T-?t@N7-vg_i*o9EW4@;-EM}j>WL;J{#IMbzUcGE z&P}-}i+uS7EZ$oCw_{YrB~sXSGJb2JBgXb+q5Q@VIOrIH4yl?{tJLwSkv6+-pb#p&}XprY~g;R~F!pDsDy`?%g%fU9omwQsy!UoA~ zw?aflt4KrP`5)$7W_CNe z>5XSs4K(MQr=0Yz3(g!J!Z=ME^RKLH^93e3fx_qy?Y~3W;lCZMzpHlV+1`h>L2SkW zt7vdsurMwO*KapqzVcGUYhxVyY?DO>E}6%(9(-WEsxcMq?&o%eS1{7>`EXN|&M?>S zKMA(TKnjy^f=^=pJQ1|x+J{{4z??tD<*pA+?Bv#cp*=*f2R$8B&nMzq!?}tFR4KFn zR(EYf_h>EV`H_CRkK{4`Gwf|E73kjRJ)f|M*6WZY-cAI+M7HkJ_l6K#^^DTps*`H+(fGCms1zvZfHNb>KWuJJF6 zYd(5C04e&L!h;vjZd08Hhs}CfulB+5`MH?mvQiYlv&Tm}ui>9&@Enf(MNu?U zqOpG2%onvZlco}Vyc*T&A8=^dTgwWfXtAt=5!}R5KYFVHosjtQ!(hB)HobsFH}{7* z(G8e`Rf{j0Fuys+Hz-g_Lfso=UYd-~R1fpDT^3^v;45dIl$f zoco)PsogJVIZH)Poz@@;Sd?NoPgTzwp;h>y>NXd+++p{2oll5!{k3pErZ3jBziy?n zCr)wRfdasELgN?Ag8@NLN^I){ESdC%M`VAT%ge2Am?L^Im43O~rNat*Hfk=o1Oh}N zR=Uy)!w=w=Xq|7f24mp6jf{UiRW>HAE+q(3KueY8Ly2Tz4kM;XN}g>3u)oBBuMsuq zr;ykV2yucG6)m^P(s03LXdTkgx8P|CQZSAaz6~g2wA#c&U2v-jZc+K{fbTb&Dt-$! zvHs->xo-Bu;Pp@pj=~3)T7&gFNXfHz0H3SJFl>+6+IZh7p3%cw3WJWx%;_Q0C&TYT z)RPGmm=?l7z2GKb+vB?K*^GUo!GftnWT{G25r||nGVpocY{@kQ2h&wU64;Zn;2{^` z*An>I)>~v?z^H8T3rUk08Q(K>(`Q@MUM->*a?dzCbOc6=<7eI2Y{TAagC4eQyCj0Z zJm5MW**iBa3dZ-mtEJjt8_<4j9N_msGc*fZQ+i5F9>ILM>=3xzBN`Dm@2+FyARFRz zGP{tg8BT&+IQE*S*mG0WvCan!@;_u`SoR)eK(s*mdeIPUk)x`y`F)Y8&Sm%8?T5A| zKp~57jv=~l*CXJic=K!a(>`~-GJV?nhu*7Rxx0@+R%%YAj_&tu@3U2Wy?92qT7K^h zsvlE0g-zCrjgV+p!J_DGqiwfu*%xJa4yfqmsU1z?mhiVB#6-S-;KEUkkyuBYlA(oiGaX)7Q zAi$q~v?bb8_X8f64P5vt(&2$xRNk*bUljWsyx;PtIH8X&CdUDj%B_ei%On-lPSJfSNg-WBt@YjriLk95TH0`{pJ!URcrUa8+Ii*1_-gSQGFtG z&2KE5Vz4cgR@x-^FzJpnNb@}M*6?2(sC3^L8rawIZ`9^#UM~oP9*u2FOeiu$FldQ+?C$qvCTxxJv$h5 z7l)v#-m*8HL~7)1R|byGa%z_3*{a*i7>+#7RVFB>5{u+V&z4f3@M_0-vKFgfqkyo;ccON{z)~{r86ph{*my zCv%43Iyr=ZQc$99!y1%MTUU!2{YQB&?}??3|0X1d^V4tB>Ur%yX77~etgUged9M|S zXZizI0EK3P#o`(U-FBdKse3BUI$R{vaehszw-VA7v&wIR;V`)Sob75VT^%3CdYMg;pz)^!lBHaOH}B{S7M@ zAQpzAvnUj;*41n3W2)%askhWnP7*0yI9>RBjGvNj9vv$t1tR&`K8EOOTi0f8{JuV) z8}p=$)boC#F!!JL^Db2ahpgN0R|NLDH@VjVBj#2Pc@=*2o$cW&f9YuH9~zZ6A_4{k zhMyPOB`Y$&`vufC_@ZhWAKaXs4_umFMk@-u{&=2+RE&1}dDp8G3S`@KI8;K_i~T>Q z-YTrEMQhteODIrWio3f@a40UtU5f^%xVuAfcXxO97K#*ihZJ|WKWn{v@9#gz$vnt4 zb?7thp^-t5j2mc&!2sq~3tut5|KZ9IKMvN|DXhyK?nF67IFD*3-Zzeo^hXV8MO*NC zk}F_UUKdSey& zM)W?WlLFK;xIolV9r1S%5K!k29?b#O$;oU6GMcj@NBs`bfnM!K^GGOd6Q=LX1W1p< zZJPyLf4~_>t7N?|RmeWV545C!RPyCgn8ueD z)o}r8RY5cg0~Ozk!z1^ZPjcAJ5>jDte*&_kqVeqH)ZTY?9u@aQkZ~uOzxTVqB1XPd zT+8r+P@=vuKIFWC6YpYg`dWm&*eK_r=e`6KyMv8Mg$Ey_V(csrT_O(uh#T4+I!+6e1+GcPzA) z4CY@k{T38u;X1J;Bm%MVBdN&m>S`pnLN3e$>g>tLu|F`Mqa)8wR#Np1q7Vhsz|q;6 zUb!sL3>fbG&eZ)&fWNjzhL?Ye#_p8De(vak03E?45a=7O0v8?uWm$+hfYwrZQ)3oI zxaqI_fz>~L4MLco%4{Ol07p80$uv40ABnhfNWtHY265sn4>2Zy#zR)zzaj*$3>D{~ z9S8jC)=eWSi1#)vzxzuIjcxan&-BT{?QI2&I(hlJU+Z#E%}t3Iq+%B{&-|Ngt4mr; zgR$3%ouk_?h{kyoXv>%`kTUi}E8q(t6qumglz%G}`ZR-==6n}6* zXw_R_J64j^r$ztg{=DnCWRlWvAeQKgiUgstSnaA|64AU+mhd1HB4BKrMq&Dkk|B)C z!sJ+t7yM^$bV-zU;=`Sz_Jc|KZ(a$FsRVOXmnpTHkc3aACk}%|R$PKDa1=wbSF6(htsGOBu65Z1XDe2z9r` z@{LgV9Ie`HgxVHts&P!^EcPoQ#P+BRtU2hs@-lyae#JaF;&3{( ze>X7S^s?&Co}nJxcnIf6vMyiaN7aqQNTgP1=nsmUS$Qh3?@GTm+L$dh2?r2X0a$C4 z|C+3k{}_IDBl7;l4yN}nxfKb@3Y2?m?&TmiK zry8}{B?!0R2Ki+(Ugc=}{J zgl-9l`&wc{&7U5tLYed7rJh>BETYnDC9zH?l)yc7@5PWYH2+urd@8-+SU>{a^U07k z?^i~DxA8yB0V$*?K#l@`rO&J>A_2|^(N;Be>nfv8#>%3^?(>;^&XGsc8=Luae3cFv zi>Oa<#D8XXs0=L5?a|uU{$D~wDw3Chvn6Pdq9sq3WIma8Cco=R?rDxS=}IjeMO~xl z@OjNJ5H_3+N0YPQff+HP1qY4{CZ-)Ddglo5c-;VlbHja*iCOFM7wUOkOE$k;o2Jr2 zyu$0V30oyu+w__>ZB(FM_PJ<7R1tQYY&37U!WH8WqY!qdyDygok||7NQVeW3DUt5t z(mQ7vlF_98`FfIL1RrkA5yu@YvY0^faJbizU|j~pnEuB2-a~{HW<}T1Ggept))G9Q4$HKt(mm#$D&?xV{9-Ibn0=+%P&QF4VmWCh&It;CSbv zWkrn8g|H~$wo0^Nr>^1`Pqo5v(`55IYB+NtUedU4086W0DD;C{;Q%&c3dBh<4HyGj zlq@}DLYw`-T|(nYMnyc(J~PP3TXS~AW@qp4sP#6xZ=o<72FL%lXqwe$dHs8zd)=kYpyGc=wxX6SkW~*HZh%h7$ZrtpVqpX%#voR-6p0teuVQH|aI_qt%=3 zmZS5wzyoB*jdYs!&lS1fKV-Lg* zdWSQFmGP{qCqCL0$Z_I0j4Q7EN>dtJhit%^qM}`7Obn^(lvbgL{~$|t9AhH0jY6?OGnF~gqYwwht#*RCDpzsBN9sq>~eB$fU!c(NQ6Ut%wKv%+Fhe2~!t zf<8c#RJQ$`x^wJMTX^E*du0AD#umvTeLODa7J7-=#yT zL>TRH(D|X@wvJU~8)+Mxc@z9gC$C-a3&meCs8Ay$YE@Xe?EGkT@}~q&)kXP**b$XG ztCISgo$=ZV#@iPkv)|=awv`&S^$?`LPN?P5O2Kfb+}F$Avxj^lmpL~4ahjE7u)a~M zfm3<+>lp%fou9BVoI<1e4P-yp(;s;O3b16RPL}cJ!}3P~@OQdE#?`<3f{#V2S&mOx zNnCOG-bqR6u`VmPW+SkEI`38PIi<#HG!IQllHk@@kHcIWle zM%?U1`sTmtSWlk_DMxT?Y^g5hmTMto1*aI#{FujYN!`@rn&CV+YZ6eYZRUu>Kfe^>OMrLt#LGaOOg2mCj zS8PEK;HSO)%P)iTV{O|OxxiT)Cgq;547f?rDIe|eGR|AffGk_tH)jybF_laQ@#{}|kEjJ7K{7KmF(P=5-IzTlLq_`I+P^aI@@(|P>%QV_gt&fm z*-veVH>Yg{*Rlr-iSVPj%5FGr32t6=mIl}ZyJt|*%PNv`xXl~_6&_CsA?KxmtT#Lx zQmXnDID=}ooALb-W$F=y3=qK1juEwYq3=FrAAY`%nM0=NPJ9+I?$XE2*Q=fp|B2W> zvCl266-tXaY_1khn8N~h%+||T#gVPG_%piE(st`RdQf)xPq)4h6G=Shm%z{G%CScB zRCth#%oXJ|9_TSDxcP@z4^w5-^@vxbE&3wbPmja=XVe`vN{vk7rKogT3C7x?&(FnC z*F&Bm6(6>X71QvybYuw7-+{DucKeqeGrdCiAfR zU7moLM_7IoFbG)CC|p?Fcoo0rWf<7TTQ_12-%ixKk!PBmUKsiS~Hg+=- z7y%|&GAKSUFyA-YjO|?(JGMTrjcbLqNdL`~U<$lFT zZOI+HFndSu|Qq=EEFMi7%34OZ@z(^Zp!$bHcw?*_>cV7fIQtlgi7m>?+6o|7k) zXQl1O>CH*a?U`!=6kUXqq+>M#)*-w8U78rh-f+Lt!Ij=_t5Hbf9kF7?YbsL8QOxX< zUT`;C3uPm?*z>`HLg3u7hg4CN=h6IKmq}o@>Qc?#q?8487FvkEkuk*Vd^Da)^-pQ^ zRlSe)o?6Q}iQi793^Y4<6)C)A-W%;m?2s}?*?LYc5cL)=j5wuOdvi3$7HcQ2Xsj`hPe?_wIzvGc&#*L`B%GgJz|xoM$k(woM)`)&Sa?|epY zrBcTYBUukix0xbgyQREBqb7T1C7O@^M6C}r|0%_NqJ@d*P@}>L2*E%p{bakU-5J=D zeg6vp97-_El$g+7yNj1cJ1m*_3tE>Rx$$ExyCcaMsuaAOY15`E ztm7|+J=GCbbUU-f0Vs27M|R3-zr8>=JJtS_EG{_*nM&%ph;m5^o1Paxq>JT>qOi3 zQb#s|GSKIDZI~qDPZ8aENLu$uWnK*qt{(vPD2!O73CKPd@EeEIaDVeKWVFTIU^5VZ zqtkxWI>>P&L#g@9@TO)( zzWmRyHa*QGoXc?Wg(11q*{(`!vS^O2V!?qCF6>OWr=n8~Z@kRn%iH)?l!-))Vcqff z6QY8q`#(W(Eu;H0&sTCRt*dsO`e)S#tE%tbDk-}RC-F47${*&dzh+yvSRYywIQ>R% z@mAYY5Ny{p(oFF`AG@!5TQ!->qDp8DR%Eh7{JmS z-u`p6E?oP|Ra`rNGM}0h^8wzEUk^3RIx=U^*i#71_TOWW?z6HMG?b@BU;Q$589t2T zT7PY|JItu;&-sl62vil^M*|5XB*UXJPoGh2dWwr};@r*G`c9;q61HCUm(|~GNRcdK zXzTCb3el*Jnljp17`C^Tc5~Rp2)^F&|759*ILoZzKeU8ffL(|Tz0zW9v-k5mS50RX z`--__!ux_|gxnWQ<3RMpy~w&W=O+Vw-0wfWNRo<2@{nO{WsfUDZ-AJFdVUgd+)B0 z%Cl^7y$``A0##vN79*;GY^qvoW<2KA&)kBT!wc;UjV`H1RYQUwB>Q$(zSD59L=g@KN zY~CCXbfVZXU+f+3hOzRoIPixOt<(dPoNl&r81EjupU#vx;mm*}*JJ5NKXIM^gn9pD z+X(mpKGe4X{-)6KVq#^*n%s9z>j21PT`cx-S8hWx zemx9pGr6UuBxm>c_GN}<2S{hE?XC=`MB8g-Y|@z2>vqNM<7%JkaVt1(7vA6EW=tIi zI6}Fm9n*=MQdMcOe-?Mc3BUK;cpP!X4Rqfx&NR)kp*o7ql;0m7YGRE_DQK^deYw*8 z+EacQwzNNm;qCsWy^nl8*1O6loKw`RWTIZ&yYC*VQ)-&90aiIzU5z_;b9N7_a(zT9 zgf#~uXXL)`fHm?svS^O79wui7rlxGm{i2in-Cadvuw9*pj$V>{-^wjZ0OIUf-U(R$#|F>a74)Y8PeFsnLB{SUi zo#iK?{-v)`>7yQ-n`g z;{Mws|F@5k2RPw?W^G<^6jjhAL$z#X5WW^UQTH7)WR$GiM1N;VQ6x3Ni1|qwGbZ~S zm0V`+r~cVCBX+AtnnN%S)^DnWF+IourOmE;Z6#91u*GsGb_Lu-{ZS=VRcg?ykn&EKQMGTpePqEp@I=&lT@|BVWD{1mOmj-(9T) z+=mGXdUovdJC?uED`cNMEnTDP{XPi=~DSRvD+B#zqWDoH<2_?w$&ZDbZKlL zVuX~4Y3#s22hBbYcbsx_HIC@N&sk<({aB-yl1glAUs91h8>v)*1rxylme9UbCQwqZ z$Tu;g_(w0$$Bah1iFBx zCtW+)Bg-S0>rV2Y=Z793C~1`Y(f_`QmCg5GJGMjvXj7NAwXk+BanaD2RoPw^`o%M4Z2Kk?F_EF(Hv2iukkWKUqD{O55P;e5G)y<2(ik;`b*1*A?TwFKrUMA? z{amH?Nzxq68Om8qIjP`NX9jK>rk05rR2NcbPR0C9eM@qj$Pu1wcg;(dN#y??>w`Dk zj?T>^-Z0+(4nd02K!61FMgJ^LJ>@^w+#}XEfz{gX51LqMZjonZ0>R%0q;U^JdRuB} zA~OX-osNSaT3Oc!CY+1asOv;s9Q!!_%K~Ui%(8f0-i1z`$|c%WhGtLUAa@8S?Mt($ zJ3Ic7BE?QaiRwo6QY^jwJ&u><kxjQ#(LlmEPl|28kt zA+{6hONmPLN-TItL+vbR!o^9_EPCo6RfjkcwAL(tp&I5aMAUCP`9fZqo1VS{<0&6xHQyZc-4k}I(ti;QzL)GyD}quTn{zZv^sZ%$wgc)%ez{!#SK;A8n5Io&*YmYj`_O?|NAt`$N_2=bL ztpuw_G1+LQRr6*1v`uqA~ZeSrRQGuf$9ar&XeqmZ#k#Sl3jgiN+C8K$Rj6(pld z9OwkSza)IBk#oPH_eUuCPj7z_KMt~NoWGnv_{m(;V5joNMNI+t3`6PF&aLWJ+%xQ@ z_6Uhuh~QFJVRoyO!1lRiJ|oq7^`M#`K|QcpC0t$K_!LjQQC=IxnS>P{X@ve1ql701 zJ>lFfIIvR*0 zLcoNXRn8tmHpI5ME{9iG z6c{)LDAE*vZ^^r8)s*q&o~mab>!{>Zc}y>N+=`gPVBy`~%rAOcK4yMadC<=tT@4OZ z*#A{@&|bQjoW78AK(s3bIfZ|pzL6g(q&Bq0{zaua<8EBQ&n$+3$JLlxOaSL)4yqas zn#*{A*XxGGucbsGqeCQ4k`M;4Z9rP35@JvujPn@M=Yj?ZJy$`5*|?6gAhU(5o@B(H zWk4?=vq{pG-&X=0J}Ru_{&1tUw{8!VQnt}}3J%%}5cUE3qe9C`bd%Uhvk4n+d-NaPsMLeVotdQ8!-1gen z{+edUnA(2J-mL%|T7KyovU~g3Q9WSS{t{V*xO-{<1JM^Jz6y4e4-# z>`;z)l)b2JQ*=_gJ4)n=G1jf_jSfyTQe>X4=e&08lgZ)sOG!>9@5vtLzPoF5Y7oT~ zSHH1*#VX79t*>sHNNliOZfIvj?I|_lp?zef%D| zZ6w6feu9HJv0dtAgb+__+K=#$XG?3Rnop9`gH)~XYPQv@Fyc-&gx_kbb$cg|=BvRk zq{03&((al=D4PSOAAw>yjwr7K*K_X1zMI>fD!!Vwr-$2dMQ7U)B<^-(Ofz4MkZn=A z6|}lNo9D3=LNCRn1zt+P>2t=Tz2!jm9o2KQ@l=6aG~kS5ASZ0xTt^7j`0UET^Y}bS zV-+F3DwjM&Oy_V}Pq*xAg*Bj&?0<7_D({+z9Q))K^UCEx{e1XC_ONzLDYxve?v;!W z@l1tcyKL+Jp(Ai!P@1Ef^OE~NejD;ZV+F`!LQyc5Q}plZp7)x%ZMw8#s=U8$zT0Z* z`G!CmtShLd=M zo^naN^wXZWZxL>I*Nq0b;0~HF86oBlYUtCQ+BoAF?Zf~TmE1{_YN$?FEYT@MZPQ96 zm!ehpB?kD)1zKFWUEJ6TJ`W@DF*5AkCxD2-r0zx$&Kh&pJG_>=i0K93u+rc@5ZxNK zTNmFREw9$}9O-yHpYqsVCH-2cGZwF+X_IgK#I*@e+zO`l;ZhPd(m-Ow4io7CBJk9ZHT>l;JFQ|5cvep} zG=tzcubg!Zy-w9L^L(MvWdw2P-)9y1<~{GvK&on^sRkZ@Ae%SonTp1YrRUBi=g6zj zLyaV~Uy_f+085TU8zJs5Dw`?QD=Q}G!vx$_s<|>%S^Wd>17A82`xWtlG{N5=*Q+LE zL`A)d)kjMdKiBrmO6*qjg~UUwR7=65Gcd;U_DI*xuBSCFV~{OZ*gp1Y-~&i?S`?@1 zHrZDtO!DZyQlq*~k*ITJ0A8}i+ascioV_d7z<=;9Zsq%`Q{{4AEf@ZUphSO*yK`vv zv{~V;t-fVu%Yw$HrtV+A1B?~NryDER-Vv%@qyPtfZ57v}rDYuHPLI=$W+4(*ZcDc( zjsQOLP@gcUU5e<>PM2QzOrO8_PF*+f%G-NNb!g+Z2f!qrx}IXjOrAn`7I@@0hHO=_l_68cg}JO=-*x*rkU$)s4>+MyvCQW81|L~S4CwG`8>s#s8 zKAQwpZki(MrSBf*RoXBr|6j&11rQNygHq}W>skXIFV^;UUtNuJyKU%|s?x~g*%yvR z&lq&XUu!h|s^`Kefy@p(x}NcYR~PMjCKZAEoM2rxVFUvbZ_2x!Y4MAJEZ=wwEFj7i zat;PglRMAAN}K0xuoOb}?~PG~4@tO}TLQlC0&ZHqzCEu`XND=4KmF;8hPgb*Z?X+J zHx-30zdc{2PC-^xy@mO(-(emv7nU;Vcg$&or>dy#8!2HgU@m-~LG+TGp+_Qb+>#nd z4Knn1x!IwLI+YXe`L^D9-{klHY{p=qY=eT&dBGVDeo-nm96@60rk)B$O}*G#GQ~Mu zJb%FPHELFQBe`7G?E~*-_(Q#~ zRMu+xW}edRBgF;#F=*D#`BE;{w4Kls2>WKm;5}ySgZEcQ6bQ22LL7sxdBh3mQ6EZR zpHQ1XH9eCX81~LPLx__+R5|CF>NqRZ!oAh*pyTSIZ(kcq7p@z)^8|xy84zg|Y7p}k zU}|G6PX6e&GG8>MFlz64xva1ZAzB6UOaT>UP`xYzMB5=nVMeb}1xR!Czk)yjTA9SJ zV7LM_YyzHkWxM)d7m}{~l5CHI^o24<3a=xQINeR?An*DxyoYZq-vsv4Se6|}v$rHr zG*lRWGG-A-u$s_~52U9i9>YwFX@{Eg*jiUE*3>gXm*w9Dq?KhB~lIEYEJUXAYu@KphlK2&@Uw3w9Pm4_RO2QD& z1eS^9#V};-Rh3;W6l9?>0pd03?AHdI)`0@6>35J`ty8{Bx94q^GR4`RHpj`z!lG^} z^ZLnU@B2i_RE`Q3*PiwhBb zR@sT*Aze~>QV9*YK^6gqafl~2hVUTjJtz#CPf!%}`%vTbBz1@vQ8*iSNxkii0c6wk45Z=3Ia=NYhll|PUwgG}rOW85xDQtl z4Y#k$uSzBXPNWrdND`EGc4!x9M>2m`+8kAJ8>r2&BWT6Y-C{F&XbuyI4@*ihgNJVp zA*wL_X}L#!m$Ng8qXNm{l+rs&Qarmq37heU(ocYjD`Lnty8$@uMcdvy96 zPd<*|oB}3{ALi)H47AmQrxeC7RR8jS@qI0tQG&WrFMQ0$UgMd)Uw312?+vy3-VsbV z_Qxb~?+`yqLb`z&S?^-=8#1Kb7cgB{{i1v4G-;3NhtfmZ#T?7CocEkEq3hn^zM$Lb zT8%`e3qIhRvW@N9=86v(_Vj_Zk2F2l8f3y@i3Y)ywPlPDZ0cRsYJhqr4S-=%EqVss z8R34?8yAGzy%12FMWf9!J0kh$acBENi9&$B=OH$?_XC6Lz0W&H>gHrO=WVO7zGh3k z*lr!!%_6&J(r7qJ#6xvWa-7_=(+Z$Z;)PD_zd5R;!z5f zDL%4PMtJFRQ9UxKDRtP3n3E9NcUuq9AN|esaAqDp9j_zLa!v2Hl<}fvDa@1hHT^5^ ztcQ44>Dk5AmaW|kgwI};(C^4U75QmbVrH+1Z(kD0w9S;2wn{R1EL@TEMlp33w8vxFlN~BS1LS>~v+)7Gb&e-r^x<5ORdTdb3zM zbVfemVHD@A^lg;JUn#8ECz^`*RZtP*&aW`K?N&sd&+?QD_azqDc}t})Y0?0@zxl-s za06R{Q>C(oyht1^DI~fsek=->NdKcmL@Rn#OfIJb;xboN>9@Ir6Q(*1Gv@z-lo$pJ$y5EosSx9>#H)DwwXQ; z{m(Nh1lt4Z;m~6;22n-DZrhKzo*oXhGd(^C+BeKCenQttomidQPnoZ8rM*3~%tBxW z=5M}t%YGHU7%dV00@pVjrzx2|XJ^s5UT@l&oGuNRNNCz<*np@bq|6A8($!>KeUqR# z-WmAiMkJ)uWpHl2b#6+hQ~t9uHGmj^9$s^2yRw49vu2~^{&x26YhRk}UEw1WSmEi^ z4#SKp0|{| zbN~G-vyp1RkKP8D{pxC=r4ARGZH*$7ep$qG{5A({q?M;zf{q^_0zd88Z>)*Ypw(A| z{6NTTced~lfHbFvBji_Lw^77QMkHbxo!6g~JSOJvA)!{XGDHFiYI8 zL|L{$^P4l=(2H(pW&)O& z=yO2Fw>cA7fhOUb$>ck_azP1CD&|j^KCc&_Do8qELae!tmq)OpCguSxvl^>5vmX#Y z97{jD5M&})#n@?sKnsN^4AEv}%`z6FTr;6nWtKhnpb_~Jhn&(0ZGj1r^WN8#;5P-m zzdbS;b+@+AMS15@Wg@k3suEPo{Lr5W`dqK zvl)v&KUz#Vgu+}yPeI_wXKi0KdaM?E62Y1(4a&O>eHlFV`&P8evPfa?4>g=+pN@hp zrSL5NnHy)QX;VSY^*+Dv_PTF)dqs$7Nh2GsOfey}{jPJIS0m532K_~3j4kZB!OtH( zc9{eS80zu8Xp&@iX=FcaYJE15vd7-40%CQ?L9@#tCMU%!u16=Mz4h-Vn`-)A z*6smom`kI^eU959xb30{&yC)Q`e0D+>)fnTN7P@r9@q3csd0&CoHohJ%0a_=`}H>_ z53zBVZ7T2nUcuL3pZh!e&VuLjcZayHPp&N-lfcyttf{ze1M$lb+Y#RCA2&{r=;T@+ z^hm-HmefLNF0gPTbMF>=1rNM~JTb&9ctGYfIqnJPh;c$sTBqxE61KayK6_KB?GD$} zm)l#T!KP<@0e*8xJX03gjxC+Tp|!!9oh0jz6q|+v_5yDYi6`tHLxWy(<5#Xc3L|uF zPH$(ey`XkJkI7>KGK0Txh=rF456!i{3i~H#ho;5?Z(w2O)hY59L0RAwgu65^M0^{6 z&B*J@vL&y&-G6d4UfaTqF+E`TyqEar?%2!Ef+wnXu^QwCwt~!f{lQ+7>f&A-iGCh> z`bDtGG@5Os5R9JEYagBpu*b<~YkRwMyRRU+vN`zu`Og0#_M(3&^}5q!TTI}fK(1No zbDp4l=xF~Sso1rU?0pfY(w$JF9NMlw6(@XD0|c@w^T-hva;1` z?dy~k@z(FYWE&V!Q3p@XclRC*cf(iih3-(-;EB8MTZ`LNah%Iu2ycX^fKB^OcZrkr z#)b?Jfh%v~>mzs*Mr>`%`87BJlWt<7q9tCRtA${n7o zF(Xe%4t@Iw*57iWh%*f(1mR}At1m*yW6uOoY>FE#D)ZT=IPhtDM59A5Dh-_1X88s5 z5(v0PV}@($c@_s}A*t8IIuWgpBC=gfrl6q*;AqTRB6uoaix>r{ii+x@w`Zb&PV>dX zmZ9cJ+$Mq~wZsT1;Do!*WR(eC1}A>I?dWSJjQfEmpp-`FJclN5JD0CPj=R)o zfxCj%-YH6&lbl=}UC}O(N0aNj!Q6TCvDMf2Jm`L{dGZkhU)3P^-Ewa}A;rk-!%>@z z1Vcv7@`TP3Ke`K=J0JwIZR4B(0j?L#^M(r`auyNf;94K9u+mz%M%NhNpC<8FhZLI4 z?mHT(Xb}r-4mi*ppcE{KR-zkBm*Vd-ckjH9fk0-HNd40@Tf$VR1<0Steca84$Z^jYX|Cj3iU)Kpe;5F3$ zLF(cM+DALAUf33rd%&+P!+tj-;hS>c(Is%Y^2IJe%p2))b!&pldTz->D(C}|l|`;g zEE2^wQh!vC{Q#RTgq0W7ndw?=a|+!{ZW?16$2(>|MVAyWt|=h3Nd}-&2p-fbx;yzZ zes6GbuthL{Di-c`w+!Z2iuVCdL5wdRc>DHrR>=TBAoH_rXgm&{?Ql>)Zi6d@O%!ze zr!iH$OQehK0cs9A2j&YU4Y6NAHuDCqmk_dyqTuQHT});VSr1r;4%azJGbiakaPB?!=n-78OC++z1CG$qXNxSeRDF+_QiYuLPM1Wq zR}*kpECG+kOVI~<%^7OQFm%Hs|G-i7?39!5n$4xma$Lejh(*rv!uZ9_)@?t}DJ3kz zMJBgd0YPh1LTe8jJD?u`&T^h~%Ll@2bOEb8K$Uitwm<6)8*0NBWdxTS`=o%nW+bjp zpI3UTT7M-z{d)yp|{W!c`S> z*|Yd%1Pfq=%VeVUVl#&$J!1L4rwoi_MBjO;^~2r>u0tOr4y z!39!7V;(7=40!C20?Tk_*(gDh^&@bLA#AA5GLl)?XRw8Tg(F9E)Aj3ryA>c&jFwvi1F zFcU6$@68p`U19Fqbi~Ih%Q!;sA|&iTdC!xry>u}>s1nor&pXj6guxp~EIok~LJ|15K@IuP^M0##6;uYjaJk?jxUonovR9V?xQ9lw`B8!J zt8|W%NC$nJS*jD!AF$}iIYXHOZY3bLl1QdchQ)GPjH9DTcvh0V(N5TD=KtVPeadWw&wxcoYqZMbHwzruQQ4%VwkzP> z?M|7<;F`wdwz9awZqLy1QE z8=E8O^^@u*o?pzk=HMB5LNv@(-}LZb!O8y(5&vUIKRLn49xB`~Q1d6hA`gswxE(&G z<$_4|CzA||7eA7*J%h2?Yy5FtXHhhx;@DSX_@pu406BX#9XlX?&vFT1eC(v~%YxsU z`MdiSB!lIDYr{P47k>S^P)o8>KS~T1TZg2n{UwT7TLTt%5wwb86sF&uu48uS#uBh~ z@O{_a&L3j0yOu04;{4i-e4n#3c8Fa1 zv)Q{?;R@W|uE2M4m(8?F5qfH>G!MdqhR?03g=J+w;WtaiNZ|)D?#i@=n6!HJ0 zywF~r`t)Nub9dV^D4s%!x7IlaxWhFuHY3#1+x;+eeK$ftksSxOiBTKdmKM4gp?){z zcggX5hS~!fPhoZu<@PolgJS{Z!988{vD)=};=!NAT6ZSK3IFnFvG08?c^y4%ZKG<4 zELXxjnR!Mytd}~Frh3rjFqe1SVElrmK$SHd=s9vDvlBIeu4I#6)lCp(IK9?Om&K(3 z^!J$T9shAbjH(at+m0aH3#lE>Pz4v>-V5Y>>5yE}T%54m2W{6@V18BC6VLSQOOsc8@gMU~Cpoei# z0nn(r#uN5&1Nmy`#4A&nvX|p!6gi2m0u(_0!|~>e z=zhf^+zU_7qpjCAiRo z;6NMJS@@M8;7eOz$-!Yoqd>P2aX=kbcN$C_(^L`4Y@knAa+9n)kL#YdkM=Rj=1c-Ypt(HY3GO zHI06$ZjdL6jgf*4_gx`G(T02X^W2K#Rv;J{eWS-!&p>rJRrGr3t789q_8d8*xD|OT zNWcO4%flC9ZgarbbkJuDc=%H@$xK?iKL0I&5x$R~wH^xE0-WG>O;!gUGbnH$wY~|t z#q6lyPFUWX)1N`0Cqjn1+}V5?%Bq=W1N1Sb!5ueD2Xt$qY&Cy4HU2-k-aD$PZ`}f= zDIi^xA{`V|NlzRAzb)AnktPV#Lc1eK(i|tIHUqZ$g(!7OdM?>9)wBJ;V}zwjd0NQJagW&Je*>QW z+fpgwrV0oyWsvokh!rFebKfub%$eHdWDRtCB(ZOKJxE8eqj2-ZrnMbc_(u{ zI~r=V_v1@@b_}Q@@@)d@ai|G0TypkQwPQTH>_>7yAh7)0x_MVjZ98^l$1fTfdF9>) zw?SgQGxfpvlNiER6D_lowy-ca(-QeB^$=V_VfLT=2l6Lf&tVWw3In>`Kf>B|&(tMj zK5}L+`PSQBr8}YjX`cb}QwkWlCRcLgx zy*9tw4IBj^lb^=3oIOUy|IKJ|D?l1#0+@J&tt~@tWXE(AevRyYsmks3QyJS@=l$HI zBO>SOrQGUHsH<%ZOiP)Kjs2zqK+;0KvYcFpf&v0R7+f^)KGU*}UJT&4k)K6f2yeS+ zY#{Kt#PLJVn0x#Y!!k|QH>#IDu~2ije5$6|hthV4l!}86;)btXnp(fTe-f6?s z_PRvaaUgw(YV!-|)m$+!*k`5fjhZ>zALatF-7F=q+NUJVSM}8DAZ#OQs<{0U&Gu33 zghuZ4YBAt*PL1nQV`miNmA>kD1Ts#Sh(q5|PZVWksUORSVAnCrRFg#BM>l*>z5@8m5Z%~{HEE13=fZA6^j^Vx9A2L);_ny5w$jdoPczE39YfV!MKx~_{ zJmq;S9*|>Uy24wa3oUa!rNfX&K|=o-K(-E|nKDS0OOH4wGW}sqR^6Zyq9>&Ut@P;6 zf384htEKmB+((7=$^7miPWbl27A;_|aT}A5G1dx~tUH!-jN|Mq@?P7IxQ-8$^dIJq zvlBQ2GcTg|Z^{jsUMsV#c+FOO+E!9*$NucGn!9ackihm+uDDK8k$5!9nZ{`Ouf);r zZFs#6k7jm&yinSqy}kWx^{=Gly<4aoAN@n-rWPw@Jq+gOK22syM}I8w$q8vF-#O=< zT>Yt))3HrzmkhHV-$5GRq39qKf(ESAfLtR?==NWE&hYzihf&!$q53d3dYe+0Y|O5+>0xRi!-Cw^qF~l?VI+DOrh**i%LeRNtc7Rud1ypzX0ytzO6>D;Wr*V ziK>9o_<9wdJe$~1H;D1*r|i5fE*pO~m?kx?>I+=4vhT>h5zCMb`+7%eOCVEU79I8A z^Yy>}>kMTi<_Afb`(rPjj63FwUv&Xhp`o(+d4J1kk3);8rp3fGcCVVz%`b&z4a-H9H%=1V1J zsk60NzHZ%pe!lV0HB!bo>HwG?P?|4kq6sOap}q=#vS{F!IikWbnK)x%gt>KHAI$46 za_^R1h%&g#Go?HU`&*dAO&ynqW%@*Z_Het=#w-du2Lgl9BXkltI~3-0U=O|S zd|7x~8mYxA?J&6SR$&~$j{M^4drvge>TdpJJ_dC9GK-VG9P9HSxo*FSE(>uDu;~`; z-;d9MS_b?QXE$Kw~ZJPg;s^Gd7J1kh<`xBMVn&u;J%%>_3l~&SMAU&nZ>!_-{nKqyma)yZc7d zY|T4CN4hr2g#_a5LfI#NKCPvdpg>o1OsggPyCqcL2d^%TMZ&*i> z)tANb9%myJ2T#eK)_*-52E2qY}!+fO#T1u<+b*FmL|Z(?u0JHL9IB@b$AeJ{mw%Ur{33|wsr_@bNqMF)Z(wGZszc7DoVpdcq;}OzK z@)3I6v@Q|oksmN-sI}Y0<@$vT95u-#YQ-MwHp9PUWkDRgBmw|^?zHKSY~ZWznwA>M z%>1T7o|6gZ%2t*W+@*@@bL!k{bQXg&tIGRLv~nfDgBl zbKcY7y|uo<304JYjxoJu={UW^x5Le1DTZgRP<~F~{#j!oj4R~mLG3f}OBeENn)`5J zit9@PkB*##B4!PBc-J~khJrxQoNfxnG1fK~=oE@Dv?njCt*u?g)63cGqWu{K!n!;S zHsodg!xwki@ffb!rqA5UD7zT)(JwX}NmCC@QQ{`CxUJq_|DmSxw(6(Z3Cbs6QvWMI zkA|=2M@R)?pHG(MNNJFHN!fr(>Ycde4Z*anx%$Y#T+FKGnNhK^ui72p9H*f*4O%;f zt?q@0F2=3}6!K7rbt&%F#BAzR2PtwEJnM=B!%Jwl>@uMgn5ThXt1G&?K1s8M21M>> zfOTNM)%a;1tJheUy>Zmb5sc}ypLopmg`6@0=dG?KH5P{3naht{iT}=tA3cKkZR?I@ zz*z}P>{kz%PhX7Jn9HcveAB%()v2{UWssoKIk9jQe(n@L=Lnb)R?fF?BGKIqn7hfH zd!#g9j0R*J>17WB2xAw=xLZ!IEn1#-fAY?4KIu+doXg}YYi<>PfyK_AoEf?P2>$#L z{P|{*tZ9R1MI*?%FizZ<*dO!lrGrL@<53#^XAvkoftur*YVFuXHD|_qOQ{v!ThQmG zr?N>D-K$SmxUX=KIeXLgrp;lH{F1zn6M}$_%EwsGsCNGgJFzddjqxMCoz2)=rP6o9 z{;&ZA8P2sK6PI)UuHhy4n_}rgrj0^tfH80sn=FW>-7=23^7j z*LC~hx9uIXA@Nq=`RA^ii_!SpjA^?ogfyV9=5A+O_8_WaXjJXwZQh-5@%!m+VRt+` z8;%e``#dClhlDvviaVtkY|@>Bo-ac5s=Q4vMmj`!J%BtH(Og-U66BKhD;!EE0qoCA2hWxE5TZ+ku`fL@ zq|Tzcb51gvL}k5sub+6mM-5vC9^Y(S3@x8w3O->imor9`)AsQ*i;E^qYHVEXQ@4)@ zpRdaaTJ8;oK$v%58sJ36sDo&9Z~~TH`Cfr&k5<+p@8G&UrU%BGOUj*ex2MYQ@NRLr zHMt5c1nRmrB>31R?gj2K-lMy1jhFoUoo9sdxO>*l#q1V-cN}$UyW0%yW#v6k$b;z& z!3P2MmnuLVwPEP~(I@tDHgWJ-#wSI_Yi_QKonKzWboM!w361&Twl|b5eJeW;Z$w0@ zz_%tZpBS)Ga)<^0V!zD4Iub4LztB}Kit)qQ>RE{PdFIQ?qRO7UE$<04N5vJt$4k!j zRV6#dvCP6I)*dyDb{aO(ogx$u*|ralxr8AMTBd|e;KgoPcEx8TGs|R|mA_9`Xaomp z1z!KEn?%DfG~7mbLB)0}l*EjTeJJwuZZsFm#XzRaXy4y@FuUW0okr~9AA>zOM&B2= ztC>*%5_)J=`k>}ZVnNN|erBQc$3ne~H&?Ekd$Ve2@mwCafxYJvSLmN>U|5%h+t>TQ zp=o|B;r_NW_1r3{5x1=F`BW75)8*Ip=hhXyO7(~LI3A$m|E zL=wYKK`$I!VL4{=r60nJeKtRTgq|I`g{1I03-^#PJzqy(Zl$)qo7QO3C~7|3gIX#v zIN68i&1*lA`{MtK#>G;WPoS;-{is-$m*G3s<5;kt$>%3c$EmZHFNjKJDh6Nomuf9s z@zSs5?V##P2vUk(wifAaZD&^UrY5>m0#j=Hz$b;d>67IX-MWU7SDu^oCW;2^u5Ez` z(xL^M)H^wb%fI6i9JT?dteY1AIPd`IC_*z1KhQurrYPJf!xDT6oWV1KuMy z6|DPSmqvdkN4?=^WWjr@ddd$awcVkd&vg#JGp>F~Ny!|d(13e6E#nHn(Cmf#av(|Re^a@<-Q?9PcuEhBya6BDsSm%h`)*9^hTXC^)0J*OXZbW z)b{d>oLwjOiI1bdm`u!A;Y%yPgU&Xr4s6p;yLrm@hN>L11I@Y0m;#h*TtuGRxOh^o zBN~X%_&B%MV~kR-B`6jQWN>~*o5k2Tye7E z_1>+r#Be8{8%i82l4S1CK~6OqpGhY@5ZvdS5cf}?4V00fLwk?>X>aI5cY)3T+4sw) zSsU4VykvhiMHs;2$eD1og& z9Fe_jQR1ZtGU%g1*J}rS_FKNJxz_`&tS+(Bju{k9cf(&EkVC?VNh$|0#1xP(82JgY zA8^>=ALd8_Ac0ahXhDpayad%{wjcXlT`@qfjf6c<_-OkwtW~K!5X;T!?w-sQpdn_% z{*2?=9!rpIW2krZq@jQP%?L-O_{Tdx8f^6>y|!=MTbp1@D2b$dCiU~3m>Vcb+n_x- zw?C;9>Lj3T6As%SeNh$;pfR{!JW_kbWxkR3RMutY^+%Op@9Iw25cf&58N3M&l*XC!&$@{v>Y?Z>l?|m#E ztmHE+2uA>TW_;X(1iD1|0*-!Q*%sSvNh-r8e1$|c-s6gH^e;uZ#4AU;)1Ry(1C|(q zxCgp;Z!pE~pQK8NSNL~OhO5!?J(_RtioWb(@!1#3(3SEl+pf|i?l7XiuKbmJyksHf zwe(3m(eOE#*1zI)#6~ZRPcoOTtt7B0FWvlZ7U^^9@{gJzSj)dN2G&$uJkBC*w3R z^?P=hy>A*{hQ495q54b}{+;=zS*7)-9@`LMhVYuY zM*`0WhZo_GD9poQa~o^x3KiP7k{O(IX@0D{O|jr_!-}Y#@?|`*OZOU+p?IEFED-Fz zNNC>2(SXNb4S~ACK1AGNz z!#{@!D8C4@2>HFo!4hUeeW2SQp3L;<2D-}Jh0+%3FH1(Q^jYZ7?H7zl?T;_ojTk*L zdNpYUndmoJZEEz|PSnTM&Uj3C!7#Z66D!<}9(gmdI)M&^-mpa-?@=%P#U zsEVAq1EG6gJz?M>UI)2_fZ~V7k;ub+Av~^{2^7p~m;H%o%()O7 z93sC9kN>Ba^_1#6IlhL>_q^*lT#gr@v1D+$(LGqcq-+u^ec^f8{L=bnuwJMMz1kEo zD*RaG_~*T(Or4Z(W(L*26@nSaB?ErVUSef8K2?9+=dkAYFGwN9wgAn$)M`|42A!^y zCtqN2D$xFy?+H@sA6+9vx>cDMZtOuKNofD=RgG(^d;tpKopsL~m=a#Fz+V+Cw-<)# zJmscmUL0t-G%vtIgO0Cr$?nn*ukWCvM0oLe>odp|AgPesrurpt{^|iIi+nraqa5v3 z8iS>Q*0AuQ$Ao>)IjbsM(OlA1{65nX%)!y#|MV9nMbDk(Vh^4ZmyY=&<^2;Kb8Pgw z85d8?7|cM8--lZg`EgH{)VEA2Om-BRJK%i;dGR75$HJJm^HU+6#D02ek02YI#Wa-j zV6g^t#G|b03mX{o-nY9aWEvub?p|ml0oUR|eW~g)ug=5?1-};q)CYrIf2&q%NKE^} zM8lYHhp$N_%2MIoNl122ICQ(?BC;9sRVS1aHR9M3xgj7v6Xoyw{)l~fzu#jNet&;z zvDucn4RGquof7JHm+thFdNXNA^E(TPk?7z5qWV7!S&M#N($!?bq00AHLz%>5nGNcS z$7i5aR{Y8u{5`q69H=E3y1OwVF>W->s?4(C`|*xT**_k7Nt?){5& zq=NXdAb=S2N%6`u&q)*>qM`Yz+t|%`te>#qp({0gPi5p81e#sOlzNESdnyusFR;;4 zlIKuwAjXaIAS2$;jOQ74UFoxXcb00}*FxA2Bt+hvjD7H1A;S|M6nEgIzuNxuYb%ar z$vl`-6v{%^rE7}jH{EQ3_^it)&K%dzbG>%#mxEiJ1&N^-9B1$NY^q#3d}{0uWRZ`I zB=0`hEr{fd)v30zo5Iul1ttlk$G##c+6njn@;n{$;OHU^w9DJDcF*aUlX$LtpAu{@ zbVoV~P$|}t@2R{%ZGPYkug_r&8yj>0+^d`(yOKy9OLvI-?l#Ie-&1cQ8rD}6{Ay2*OU|XjSiCZK zANJcj)pUEA)R*>!C2wY|8N0Bhz0#Kyib~p{gX2VrC6jeBP&k{6;xKmwK(1W z+;n&-I=^w>|}hYIJq8?^`%_|qZ(W^6Oz6_pn)>TU{f zop0MfJAlOUN`bf+&@GK~Rt6*_tq!OVWi&rCd0R$q1oWvqTSVJu&DMS|ZPL~Q>rUBZ zhLS&ilC!rcW7DihSc3>F8;s}<$Q`S!EiT~G8iWV_MAD;JL?GF__aK8Ry9CG}Eq^RW&d=K|7 z5!oB`}Iis zz?ZcIr8S%1O-EvwiP%zW!ds37zv#CO%usSn4R>36M&{h+V@bEElivnZoq#z9Rq$Ik z`{f7kyf^uAu*K1(*7)cnB)+8{y%l0-76F{xbF(ndp0429JQ0Ozy`lKuknL-+!_%d+37})m`{MaQ762udqlpb zz0khYeAL17DYq+~C+34rR`H(xW{&f4BUX;k&GEDpBi2df= zE0OS)`L$^3>k)*5*uCMa)g7$wr=k8|y{B~!az|Lc$Kjq%>GWcfDve*}9=(@MXSiL` zc|MGW%{vcx75Gf*X9bF>k47f`2)w}tMFn_gF(AuaMHq@~cOKrcNqqX`2G7@>)eCG2 z2hy&)I54gS6Q403$Bt}NI;f!7nEE(Y_iIw1G&*Q2ZwqC71E5;mK%;JVz%=X%J(d$M;x zipZ6aW}TVb3`2}8aM|9ccwS<{H1i!aF;L{#+<5F67ImD-3N(kJD?Rm@tS^ruiCY&o zqC-KyapXf0vM53PbZppPIY!?fZ^-|Lb>KTv;E%zTmPoqvn=Bu;*kHt}vYRQ623Q@M zRx^0`*pc^$!|Z6d-Pz|Bfl#vZY>$4(Ly>GyI^EWbvKGZULHlSsi(a1ORnd%}{4C*! z$R|d2QcO1}W;RY8_UP6Tjcv<-w1Bf+N%fDAl1#@`%T^0rt4XG?4_){Fr_uBuBj*mM zQ4g$i48f5!62FNGH@tjvw>X{c&=3f< zW1g-XF8@CWmWxOHB=Q>y^y}Ik>)YTK)i|nc@-S70fJFWl4t1J-1hcnHnH*Gy)^Oz? z*1vx=pZ)1PkW(l%H+SI)OuGBp#8CcCjSxjXO&vwpZFtm6SiD%W zeSp_Pum7`j(BprWmR^)3hBTVX=F5?f)eV@J{EsiVq@)rTkJ6bz_O zs4?Fq#d9k{;AdDdDtbB6aY-&9BPfTUY+0D9rc6hAV87`>kXCxmG1noji}f(TL-Urv zMOjdkPEk==Z^j`)U|@(KETjJ+eQW5|p4LTgfz&FL;N{EqpHS{U8~U&PZ3)s)w_wBF z=JfhdNb?bL9rvK|RkTV}qtaHVJWB{=0$JWi?4Kp2UJKv<1^3GH)9hv^dox8x)bh2V zAllec_X$0xnWp;jBJ1|la zu{`5abBt;JUjgNaq;+ullh zuX-P6O4%uLN&)p2fuD&lzV@?g-nxByGN30MlKk}aNgFcl+Hon(^SlrQOC0qLtGV-051_)m`wJOZKI` znkg>w?c@_x#Hcpt&z@t8^oQA@aCo^0rpig@r}{=*z$4d&IAQgVWFdJv--pTMnZ^!x z3&x!$lA(wr`?YXZhh+3DOuMJDJeDNFNV0B~?|uC16Bcgw=-9=@R=VPg1>8rx8PAq& z015Ovtw0g}ol2juN>_JWyBmtV-MNGNHp}5Ecg}qGfkh)d^4f^e&L|nJ;h@s4G1hNWCyd5 ziU0>slmbmCal?5!Iu_>#qxH?iI<3+MB6#tFDt>Lz+iOqZgxK5EFnjbCzb3uom-99_ z#}{b57isBs4j0kM5lj5jxNl&WUI<~W3^k*&I_TyXZbRAkxS;_+_Y?omB&)4-j7 zt+;=5?I9c4hL5@NMVa5(0jL)XxL5AmS&T$>^NJ?LD-^_XN*5>}_I&jV_Q5|;M#nKb z3})7^1?~mAF*rPq=Qh(?Ecq}%tOCg+-eFrXE!U|7Y7V7cry6|>7|t5-YuJW_J*o&5 z``)~S?n*LH7Vs>;$I=hMofcihIXQ`%X+oq>F(G-CD+x;AAJyya@r z4C+y%Y-X(csZ(;Wqq&A%+=p|fusa$R!Zty(AoyWwsMY6PK#_0nEPJm#qP z9@uU;f1iY38)?oYCXojlWd2Pgt)MK-hwlhOQVzwAf zX?P&20$NDf8Wo1lV(OGs4YZa6lSCqZVht-|yqCY-PQ0AtbelW7tT?+&kn+&f!e8!X zKc&Z|kZkFHj4Gu4Isb(z=Z(BEw6#&h^FVt}nUy=k-G5-a3pG_uJ8CY`tQC3X4#7Tp zIF+}2b1TKhsZ7DU?e@#zQ8kx>_;=IMYxYhzlKL}b3Nbdgd-kZuxKfpq{Wehl&!-1I zf71v)FJPA|?n!@CB1xnnYKlU_-UM4}SEGyP&ESprO#^O^?@X?X=MV*AmXFRS!Yh^a zzZ>*TWqt3zNA&&kihm>2!^quVOLn!+p8KH87H~RlqPnEvM#RAm!u( z+KjwhYhR0{(Uqn_{+@T2%BZk^6@PZ$d5DinW~|>I`T{()+kIZgm~@A@*k;IAWSWYcRNBYIiFpnM1LW>#WQg(NN~I z`uU5@8CP6gH~r>r95-VfXdq9^9! z>3gvJs+98s8FGB`-;ro!;Lr;>;D#kgX+&%mH4MvJ?Iqjc1)AW6U@DZDm~5~Iq-kREqhPvy!AkF!+VduJSs^zva{%LGcV>1(0^y;!CCLd zMlaR;pC;b9E*Jk5c#}9Z0O6^H4?sUq=WV!r8{)Z{z{+)qO$vF3zx|oek++*O*PRKy zi?1(tb3}66`@i$aHl#Sfq4kOrQ4wtaIVb-dm}+rm5h8w1EG$z0o}GS>)^t;l_H<34 z)i-(KNF^9mYCk&>`7F5iA~x1@1>thOHa0qVR}KH$1d2Z|XG*RzP|MR7!FNqIOA%^> zlM^1RS>s~t5l?Ve9Mt9k7iWM+In&XV?n_!Vz#aFk+4mL;gq%nG7Y>7}RTXw39f_-9 z$kffq0eFSw;d%18`>TTfdkHGFB{+x!YOUoCpS0i6)LrNFm&Rg1^Vw}xH9lyd-uxZn zcqP-g=0CoJicv14i(+w*G&+)U#@J6L3N1P0xur1{g zb4Zlg|A8N)g4@ zR+KaJ;()+~{Ns;@7u1;Ikd=dO9w5lVSh==|g!!tsAOCH%Rz?#9@WW}ZHDR-FQkPpO z3ApYKl_^s11%0AM<-iZ+;<1w^8YGWT~mZwB#@+pK39kWvrPkidWCR%B+$w#XP-?&tscLd7J_zvg(Zzs4nL@3zb1^l>(o?vv&Rd znd2mKyK(urUmZ`D?R^uy_4tJv+3qe}>Wle7&1eMUlB2pa8w_Qr7?u z0GXNU_km5W?R~4g-4kJ>r518JcaCs0OFmtyvBheT*;Mh24;H6$!ydxU7}WYXH4IW~ z7qJ5Qu4s=OyTwrsL=?bvbYeG4%Yh4WVhjFU%eXuRj_269$q;Jv{7@2#D*j8Rp{?Ct3}vFmc@ z`r#Jc6CV!>1^F+=MAWRq7D_&6DtdjWKl-ZMN3D8taX5jxY=0m<)BE?dljUWQ)bFQz zjhFC4YPa(|8j0>nck!IdD1)F9UgwK|Osh04CP(en@1-X5&;N6R@oQrQo4OUzlm`z3e=6hI{^~HWE!Xjt`7F>Qci?doHTEH1p zw)$#i@mPrOeB-c6%^wn;%mhV2u)+6(_jNAoo6gqMEZ~PJ0H}o<0rk8T%4V7Y_pP^O!4@+wFZ@OWyT&VpWnLh)IxMiA9wUbu-_)huhDKK^s6vz-E zy|1D&ICHk+b7533HWNHfx|!M+vwx__BwvoI5t9gWta)uprN*5*Db!}CO|b63q}=O7 z=o=;8&x?U;$dt9pK5K5<^Ypr4XR1S?J|6@z>+6rR-D$AkqXjF8y2a4S+o3BPsvEht zFu_OCId|Qn0*5BWQ6>=M&H9abi=a!Nh1b@6j`0px{9K)`4nfH9p8x^yfJ?&Oq-_|; zf5v>I9`HNMF;l*H(5~v;aG2p0`1f1(@031_rBym_eWd}(O{jf5#7f@Nzi(Rk*7ln$ zI{bmm{SD%BGh}yc1^GKg6giR~gN)?_Bdg^-Y#pop^}@T_1*w3Qn?HOJuHqtD0p2R^ z1Nhz5lM-e3%lUD+$!{TtINyGPm(w=!w|G*aU32~A|H~JW&gu83Atx4%5iP?**R|A` za(th0s`$UBw|ZFJuj1{gaFP3-g)zq}fA}d@dd&=bFoM95yz}z5h$hvFS-~bw!R6cJwWenF?R!O$qh2ND>Jm^rU zaq~vcjMwCd)A>~L3lUM3FMa1uqK3PD^`=?QtIRCFoF|w~RSH}KfjF?--vGoUkS9Ew z#6zV9ufz!$sNm{08?#Muya*A(!@O-3-i$q~e`i?o+*FEoz%y#+ry{tx2z;bCCvKg6 ztu;rU>o;#HkMi3-0XONyzWbB(+ZPA~F+;v;k5IYzGpVnBBhy48idil)?83C4=@7to z`7Ye_6_Rd6-F>^_Ro~Ntv`A9^8+?F58Di>*m?A1(E50P765UiW3B+Y1!pNEvdp##$ z>*5nNtIdxqT)8h?4|YE2QCykI2TXyWO9S%0q>gukr5Xd zpR)UWXDGg+6hu7=^1TtXX6Iq^Kw4Od*L-~l_(H2K!>w5%!b7#7!EE8%Luo)Dgn_tllXzNF9$3?#C5LF*Ed&~48g}Aug*%*NxHy`o!{X-o zeml-iV=9aMf?5r%*g}@0)_{n^{KM?aQ%pm7dBED5{YpXHF~rR548}r`NLcz-Rk~96 zyj);+pN2>J&*dPj{P&I@rYgsx`1$BE5rrr?8^R+Bjh7ti)Pfh927Dht57wd3)tTvOG#~kOU)<}chL@OuE7i` zES=2&1GQ8*`l6>Y+~B_gmRb2kA#7V)QYC*0zRy7l%8W=wN8WXRRjmat5APiYxq$MB zidO}CF|0HbV|eTA+wQ19p9%c42t-1slP7jyvg_}Ls1Q{)TlvuDgFC8pPR8ZGhlXCr zN9rPnT1ez+%tKt(m`3~{s2eRe9;oI@i1oYv*t&QB^hYFy7=rf*{2u(DEdPHpGja-p zdx<|xjt<86MZ;h!_NeTe#|6z&YhxHIryZ9J*j{vENqN9_mSZxzeq+I$*MP{gA*sUT zA6mE+o!sju3Z(3Z%~~v$^%98P2Hu@!s?;1*vNH zdM~6iD;ugB>3K)KQQ8JG&NV|?_QD*s*Vr9=R#UlgcmmCb^0*dBQC7#nOwOBeuRfd* zK9vXN2LLb@4M)SEHd<+9yVM+ZUP{@6k?E}aa?N0e9jzrr1u_m>|Kh-?lG%6Ao%5nN z76Dn4d*eEnvIYyPQ%PG!vn5j~u9n9l;^=s>X{L1Hb zTV7mX)rH^-QU=$UN1@P;usp0Mp(qR(EWis%c0zyqs<_<}&be4M93qhOcOu~nHBLS} z&-`0MlaQsb`IoAf(*`Nfv;IEay`oGL`xmD*a%X-J+^3;mDY>JCd_d6Ds&W##M0!X9 z>@XxwQaO!YDs+p!KlikPAxlyf80k!`+(stY(T21;z5HM*T=fwV1oZ!VD(Qk?n_0oyBH9GL2!NfBTbgoR?` z?=atKPvmxxW2YBsJPYM+MU{;=?*2B6!*LMgCzFiI?fYtxiM*VGOgysHbG*dM7gK?k z#K{SP1ji2W;m^>yZa}xJG&A_g#+P>g9p)v- zV%lDL0B|+LNmZB>sc;WTvyzlumpOR-HA|`ZxNh!399Cv(5_FD_!a0on0vTGsb?Gcp z)t;)33uj4v?+bHYg{?b_23LkEtJx`xRe$>5lE%Ml8~b*&yX6Nx7coCrBJ9;3J^#3a zHf&)waSLifoK2U<0hGjxhHF38x#Q1xI=2Pjd0pEDCWSf?=IUS0^QP5c$_0}B zIH+nvoqlKP`LD=V!7I}1S73Sn+ywhSDdHH&v%tcu(yGhU5zRTpC-xAlG!>vF*1XrLTNT2eNYta~)(1uHKA6s$O@_p5^F1q@HH3TZ$r>cccm z*~)GWEvrasw~3lH#%~|4$mBX$m_dHLOfv-4NkN+#(q<9A5TUb~y4FLKS@dzE3Y14T z6I9q7JG3QvHSF*nr;ZSYPc^^k2_Ra|B_WbrF88|(F!KV28DdYbN%(2b6< zQG(LXgZV(cE-Fo_bJ=0D$-(?AdTfw+0eM`7%QtA*PZie^WguO) zgF6{Ut*;7sfdhvJ(~B72OI1S8GNGZ+qhZbQ?(87m2+lV;{O`Q}|G15lFI1J~cZlq{ zY9Cf=;UIjQmpv&r@puz-#Mv3FqSCI5!f6SP+)vL^}hm3--3V2%_25elQIPNRREfc(u49Nf44dr z!`2U_4d)3z@IilqJRDnmJK5o{^rInRKzy;=T@r0$>39)@KMgoV$4(m0^3DPs{#r{| zzybRhnv_C$9CFhP`h0c2TEUNb1D2hlQ(2ggfU8pJITH&Xu+H z7~V21)*L>K9si3BYNwv85D*66R`ePjbAJ(jQpv{)yy%09NdRJBC@``jKN*H(5J4dN z#!OqZ5zA-mpwpqrYbybR>qS8W%mB*iVJVY+nTo7>Kz()z2(Iwk9*a}Tz3=D7O~n+` zjfpm3W0}o}EOs3-)!^1pNu`?fVC>9Z$}0nfQaI3>2m8P+7H>G?kajk| z2Yh9H4lbuHr$eF;J1T~TP2Y`43Uv1qQHTC+r9-{Q8D(;Qm_Sye(UMob%LOax_z(-h z#?E?itkem|e;!zGD9aBFJ-!$W>seU%bpS~-i40$;2kT_^xI3FQI6plzd|1P%0Nzu9 zbx(h`K$c8{cbGTLu4I-Q@_sI}fHhoQSy?8LL4_o!*&0*r_kD2B+}Y&*-jxns`~PM< zA6qVK)V+m|boe@Y4yU3ck@E!fpTO_g(g}oTz6L7mqdN$40(zwfEs_{W+zXuD=`dl&#UUF}3SqsL zs6lvE%>$W@w<@x~Bfu7FtS+l(4X=bc;FlNvJLK-^B~i zW$vf7aX_&BX+H35&5!wuRswxY*anHkKIKjfJ2cB9(PP$y6t)L>_rr+G?C`oK{P~`^ z+r@xfH#Zyh_r|eQ<{^6N!R6{GlHHDRUfBusiV8m2iN>x-u>+5qZpq>zog%)Nq0c%2 zR)%2w-*o&8CZd_vA%2b&LadM&^QBz5PE96EREJ-398RX~=RH`BqIm(KkM%1#rzia?AH9Bc&P z*C#Wra`0j>m3}m^h#&SHByjlozieVsq<%|GSj~<%m=)ORId<%Hg$Exte|79|jkodl z2`55Y(lpSdGT?Fzuk}P3q$xH|nngrss?m0(;c&l=y0701+}BhuGTB`oD+w!fG=-cj zQ7?CdZykS>$w?Z7d~KeGUauT|Z(Rp* z_^Ae^7~}b%e?TzK{9fj{&oDGK0j-|{g*gsu1L^6q&c9b}kOoL+BAu8suW0}KigA~x zd3c>{BYu_LX(Ptnje%k#3-p0|*K4pSorBzw@&94(t>c>9-~Vw$K$H?W(jlUvq=Iyb zNLXOeqeUb}jjo9SDj;1_A|OcTh>;>4LmCDfJz$K60b}fYd)^<9dOYX-{_pqCPyXPs zy6;zA`Mj?Cy5NaJaNhfhl84a@&>2$HmXi)TDh};#L0cYvBt(CpQc^$@kd<}XbBQj_ zY>W-&-FFl4zVdTn#ML^VGqsNRW*lGpCQ;=!^dKmuV54Ks!u^_~Bp>-Wr{dmT+|BKq zr0rSuovska)lqD|u*pF=G;g5XGhnEbNi#PU3qM%nS=`1zATOt{U*c?SrS3jJB1sju zUR{yQc?vTCq@?0!NX(hA0{Im}V;I|7cw-rRLwinG3Nm$>lEAlyZEvj2< zXJd_Z6xWMF`*Cs1gos9&6yG`hwXvIv$3K^kc|j;r5~hQDazAv-*n4-l7J*5-V28X% zKozfO=TbhRdJs4E-46KRg<-f=OLF(mS2Q9RzMoZS+1pTvKT;k{DTyO22SYGnEMK#oI9A9dclsIrrpv`Zk@4A8{#b%nOw02)(?zY zyf2{xb9kV+-2HPFC07-n%_i18yx$3lI8y$rMhrb2M)YS3aNRpc)s*!F6N~U&E}2b1 zk&@Q|EExtWp7^rfTY`yMs3W}?O^JjYE*P(ZgCHv`<`gw~vo(OVne1*I+|TT5)R(3u z6eO&Z%gW+wDBh9zzSVTPna-7>7H)C5iqq15q&MS>uA3b$mWiBnzMx-xspv~+Oq%9g zPd74+$NAdk(K#32&}LAL%nf55pe8;eZ%L>fanF@;40XR*o#d)`P_ZDsc$Cg|$X+mK zC^s9I8|t^H;O#b0TPk#*&!oyCGhnc-h1svWKUI_9TjqP|mJ4EH$)ZCm;6I*asbG%= zSz^QE0H8!K;*|hWD>m|UDY1q1b-Ad(;@-{m55}8B10z}96mZDT645Xf44hJHe1(-XXY|e9AniJzD zJOltDSE*5oKo|_br9YufUYjNBs=7kx8J(9YSq4*M#Q*4WopYP%)koBh&h5mlNS0q> z;1+wA#Gs0C%=k0Qc)?q;5rAys=(I+X-7BskyP zC$^rsS&)OhJ1RDIgTGwZByf4F>(Z^YqibH48H-%*V+OScTTsE4W}xEqY=^n#T*zz@ zb)34I>hA8{E_o3&2cz2~BwHsU(aC%~#!e}xvZSk8lwnFU1aD;AT^YBrbvux@h@bxL zopJ!in4SuKv23evHhRFH8~9nid-v^}n`_|fh1$9*EA~0Rxk99;_rVNKC1A68R({g_ znro|>t=qL71=q#R2&>C;%62+bRxexwn%BB>MeVH=WE>o!{11ANJ8|oa)n!?M^EWs9mR{EeH&}LT&rdIm+@C|t z3*(J1z4w_zCbSI65*K+=ZAr3hh{1NrBObkSC1IM=Zp%wS3wZ8VNW2=)Y%cqONC;kkrS)#v zij?|5PUtIS@niFW?AfvvVS+hiv)Pj1fPhIhYxvrpKHuG;KNgOCWiS694E(XtyKpjT z{OQ2quEUkITtJBBK-*K9_EPoPr?tqHsx;6afJLacMdL^k!Fb*oCzD_pb!KByo?2ur z#*Y(noLWM$6pcw3*IF6zTb&roi*LF1i?7dxyh7$I4vHAd?3Uy;F z3D(g0h}4-#I5+V7I(zktR))KY%eDza@X)r7U5MRt^pLUl?Oiom{v>6njxuJWBtl9M z3hADwRTVE?4mw;ssz%W((|H35rPwagI*jb>*xlc6BZxgza;X{j#R6Q74QyKRh{w|{ zRu4+}@)X{c5pr?gZScK;^zrRGi{?|YIKS5N-eza5kVD_Ci6AU&W9eRjneG*UCeJ%M za*ewVpx2~-O!oRuz%cOWLxl47rI}YdEm{dWio^x2m<~~>s|*pyw@z|L8Q1#FO4(kl zHXnIEPtB>*96V+Svm4VrnCXg*vCL_SMfh3W_jGZ6?r8D8)xsUhbyk!hTuc%ne40~_ zlXuuoJe-55O`*lDUt%UFC10rxyuo%SoMR<{lXwxW#5OlaupY0Hxcjo#P&4sTj%4}i z*B91dLKUrN3Dd2-cl!#_>4`pGjrreulm=p!bC8}wy9hMiIg zCh7V`@ycLK#nP)IR!L;#OgCKbt~>3{CYpR6U+Gd|SgbP13PdG?XMDBXyiroC+x*^R zspWJ&`}G}Ku;lJTswjx#0#(!Q7!Rx~5avCayfDJdWs!;h@2P&BZGJ)(rz zJJ_30EsVGY^aqL@R{5j?t_tO+TU%|!<5CLyo8T5D%|(V#-pxWv5~s4>2M=LJ<54N!M4LSXRo8Og;pRfps8)~%aL$@kjTiRZ5CG= zrYfSsR<}LoKIS#_=>8r5Zo;E07m+x-H&!zQL9`XzyuC8LE5>hoC1{m*!G zgCC-r)I+F3tR?&jkd_LsGEvpD3C%X>Lq}i=hcl(6gE~ApW2`i1i_gyS5bws?VIJ?U z%X8w-mS4yTM;iMLyK%mG1U4kjV-ZRpsW>MN=IQ!N+yk3lkvC4wJn@fiRZ_d3{C6aZ zvx$5pHgXcI=@8@VrQhJ)+?F}WI4|}<&Siwlh?#B2*lT~Hn18vuL&;9YV2>I)d{9|q zxqhXbpWaK#Zum}&kY{>#PNKi_zJe9+pZ@M&u@nmG{U=xWDY_R%W%;^rV@gIy z2KkHjtS5*x3YYZ8^Uv=L46Hu9YVR#eS>^A5$M;p*V^9Bi2h!a?hYz&!p6<+Qump;7 zSsGEO%H%rw-IaADgnCt$-kexqZ0(byQXhp|sGD$c%VSu(mD*%UiV8?m;U6aOHMOCB zQaFrAaU}Lx4OJO*^+NY)g!&`hXNsSnd5LhTlCPn<@g7FiZSWI*Usqn=C$!2$QD2$i zjg{v{x-Xp%;?_4%3th~EoR#k)n7UF>Uls~$`9O3MYw2MhfexZ>08#t$dH zUJ(8#rO5DK^+|049j)P0kD6=@z@_l<*7Z)kbGWnrP}R`~JuqF*U$oeHI3m=27=K3I z{&dgVdViY(YUs39!=;>Etg;=c&9I<@}F<@#%G%qW7 z%ci^{8rkd$D)Ilv&Rlgly8ro*qq~aS5l_NYkgx#d5!DicTMG$xjcV+^8=m3Svj&wp zhH>aSY3G^N$EO2g@=gXMIeey#DyiXDaNGosoW&>9L$j{<9mra(%3dKdycm@JEA{cu z7t)_7ihKBiWYt302jWF+9LG+L%YHIeO(5``?pZ)B2WLyUJkB+TTDkc>E{v%8-jO_x?1)R1>xjGCxENNff1UMN~pTpurZ1BtDmR+L~U;3o7G`TD{3#q~-Tpv&al{}wW_IKBV)rodP55Ya>KE)H#qP&bUkZI zWn2|8C@u6^RUtj#N#MUq_gYd@ZfmpHk65+ybWG37%gg-b0&jFlK|#UNIK2F8t~d2$ zSv*Cu!6~I9yW9voad{lR=(y;K^lwKJV>eD+LKAj}tLxzXccit76g=+NV6W);w2r(u zjKsmh`A@r%G&qL0{Ru_@&HWt0;XEDYOACa_ahqmKqR#R&y!j_Q=8k=~GRJg}TXxQ) z=2toxUjD~8m#-o3qO6yBzA+IFJWy5MKHNvD*aV|N_8vpKmfcuIBYV!v1)!}jCPL4= zMMVgE?t>HVTW=+1XDDgfzoub|IV|rxqkZv%rtWi{`mWfgL$P`Psm(z z>}>aXYp;5T!$Gq{44b&75D#%U5WtTO7pKMlC^;^Df|5$LX(hiFH@m~6DO6LF*5Qjs z-3@4#AKg9DkE-#uVU<6x=?B!LcYp91KlpkFDE|IgAI8S&p6!qS>~q?45RCEa97y0d zyLJWSu=0wDf66(p0`XF6aEJ#tM;rmL%@kVb#w8-rn<3H8>5SLtqrV%X3ny7+?u9q^ z3EG3zBkEhvo8Q~@K2u{3`K z48`(#mwzVuS`HU7W;kH0ip@4)*)q9SKo(+I$*s7Hsdl3kMLsLu=nFwCq5_fpT=$=$ z*?_F-j;X!jqUrX{g_hU`Mh{$9p}=4{{{dDs49sjk$) z&$T=rN;a~bd5JP$9OF6UKp(B>x!x~r;dm?WH6rzWiGg%6lKPEz#~UuBptcrmT5^L! zKouJ+z6rOhztH`$ro=&=R!00iRWq{OA(ZJ-z#yTD|L%;hj8EjR;Xf!}nD22wj3k4A zj%;m4V}HU&TA@HT@oEDdDt6M2!mw%^^MzLvQi7P0MfZXBle23Bq0yBP zO@ZmOq}&szDp!c7$K+wB-llZtu}!AMs`YCjfjoZij1?m|!Gb@Fx*s{LUfI9lh^VBu z^_>S&gU!>o>gCxkie-0mezTszLn$io6~QgG8E9XxKa7vQaR0+KY3=qf>as-TfhBB4S*FQ5@%{~z zL7to}YDH#gW7ugLd#96O4C+3@F;LCl8K*D!9HO{X%OwY-D209wpa()XUBbYAUT{Y_ z-G4x~^0K8XTP|$UL1z=?jyAHi%F9l9pfY#iuCh<(%!S!-b>`?JJQbP1vk0(T36ctm z>cp~Qzs3O9FWXaI#m#-9W+8vmz&{F^+ea_6lMPi~v!I^moT{{%U+v{E91%Z*VZnuF zH?!uu?YvvZWq5a(5M3PN-9HtIVZb>Z!VGkx1+^|d&zp#rgk@z{?MRo-{#*>n!Cw9EsEY*E^Ogl!@yVRJ6^*n|+j<^mRNnvtn>1ArXU0?|RV23I$ zq76wM#ey$E9TkWE$7*yAB{s@4aGZdI=f~d@NnSIpoXX3L(t^(Q%?2O6M4HbI1md1+ zmQ9Ovv-@p^9fk+is`@qd-j$fw3$w*mAtEMlC)*Lmk>&Z$_ott?7YYh;@_5ZRWVvzP zH(p!Ujge{r)k84dL8<9@wZ{^hSK?eBZXmtLw}k6RDf!Y~W(HRf15Se&osYXkqVE*}~?3qnio}o=) z^;A)Y<)jKeI#;OMR7Pd8TUHLc>h;5+{h}L3$U`XVCH6z=-G~7pv!ASzj6{4J1lwJQ z(0VX?q>=IN`^cLs?V-_;2oG(U>Hf&}YRXI?oix6rqrlfggO*TT?!)&9P1<))X#aSh zDmKYGja)37xn#;+gW`e7&X8y{5Dd&q^qkZGn%W2&%roTJc)R?%$HpWtM!t9ftl+O% zn~(~oKb&-v3SQPO^%R|$Ql7jTb`p*q>?df+Y~>mpt@9a)5R;f&t=aL6jZVZ%af4FI zf!xKit9}Ph@1I`fI?*WSPynGV&|7;v!p^%IZ>5+ckKGSyuUKPhU)~Y2yyV->24bPC z=Q=|AYLNcOx8GU%jj4Y?z!Q{ifU1V;bW(YAY~9jHiHg01y1kP1uL)kBUABHj@}&1P z?JrmqrOe!A?7!6lc=|y>BAxw`&ozC=#@m*-J<+K9kGKr|@LTYXnhy7t{d9|t>=xZ< zd<{v#m3~71tIpqG`BrfISg}rwCdy#Tgib^>zAw;eypeSd7e3pAMKt#KvMQOKE?D8DHQI(7J z?l8aN-C7`P3Lkhg>527Z^F0x0OR1Q5b6D0QPIyRo4CEC^mmM7jbkNP_)mDUl+FAQ5 ze1~37(8h1navm$E5A~j@LOPRcpTZD<@Un9o;x1LO%w>r2@`JhMyx1cxXGS~~ay$Y* zgGN=ROTrMyLNjpQCYPk0hcA$pGTpv&G;;Cc7a5QXJ+a!lubK6pf|7WK9THZiLyhqn zV-vDU7}3n{`){IPh6aeC@T+v|zfIK+xKElMC*3jLEh!KHnl20RkosFXiXuZl;s+K# zdEEMgJBH1IDtcwSw#;V(24sH;;-fl}(f461i=~$USAv}xGreK8Ie+O$ekiBR`+RI` zX892cS@PY=1(CzghW*Pice;SpK;bDt)yc|^crU6dz%&Xb^DxSz?OvRu;}{&M1njlS znV!W;*fK;GD_wE0cZ&4=P<|n3&LZ*<%KCUS%d?a7S+bp;>R*H3A{HNRU9d{=GMJe0 z`9QGo(9Q^mI#HzU*>MutUdePMmPHY&F~U5#GC`DiK!01#kX7&;RG}Z3mXYY;lN@kucBODxMXqim{WU*oiv7PB2Y1i(=#eF!)32$pLL|pom6lge zsEW3UH5SX|V=k8HTT5TeZ9l%~*+(^GGm!-E@L$EBFD?_LFko!;dzv? z?SKyNC^TzqA4Z|}ywSC^PX=hXn^xH1+q8_Wkuqw*tj4gF;k)Y__WzCF_bL5y$)p3l zx?iKGGqoxZBJukdA}B;STh{(d~}}+^3z}6X#E`ial(-TPo%Di!uJ! z{Ty9r_OBgs?Ctlw8b~Xma>GhwA}yf<#pp42)I|*{NwF!u5?$W%(`Ns5?N?0V{3_Ft z`pP~w^8bL1|Ev?f`pxf*4q3u+dxmoVc834CEj!b3GAXr>y#GpCe~wTpc#6z^2tE4m zwDfhxJ#kOSDlXliWBi4;f8+pQVuu{z2ZNg5$@d>t;onR_Q6F;G=H)+p_rr>C$Ecqm zx60lA`}8lL1EwE*PvzgX^*>`g*1bYDmS6WL5#V|Gu?7`M?<& zL2dt?!oOaA#R8aq^LdGD|9&H241YIDiu&Iq_U94*Cb7SW?l+13#m>K_*mnu_TZ(<> zkl%{(8;kr_l;1hzw=MRU&-4Ua0d zJD+Cv*`NF=H8uIvwS%mz^Y5e&HKZ6`XpQ0ZK41KzS7E;U@it0MY8R@APC$OR!*~(= zHeu+?W%tAl1@wkIf9P|9V#*53A&TQy$bS9DDt3r`f;TOl_n*K1;Sy61O6n(pLn$?U zPsqrrPyM%lD(9|{$v=#`{QQ6YkearD?9l4!UWxnv9=??V7(O^6;2)Rq!#v6SCr_Rt z<2HtFzxm(8#{S8rHMSUX{fnxk|s9*Q<3YkAI6EM8k4fd=5u-!jj z9H9Gz%)^5?BKN*|t{^0s~B;86yK*uug>e6GWg_|PUHg$JejE6Y&P0OUM4ap@a}UVKWCOD-)daKj+M zHlr*<`S8CV78!&NE2mS&5RRP_K0}vVg2}oH@~|l|WM*e) zUwqo#z?%h@+SyHRAgXJ@m!SHtqRDzyTIMTJCSP^jc_ z-(nGiRXC(Y=fZF$7{BKR8Z0o%nC(SKD^JJ>HyIawhusfYYFuV3?c zzHISMt4h=xA@K4DPmls^x-d-g^rtrsaDs=RV2Rh~M&(21~#hvdG7LG`Xk?}Ew&d<{3GXP7o(9b< zX{GSLpj0&&;m+};jqL6g+1*9>oy$z|s~W!4(!7VMM3IJy{i<$)HT-)RM{H$7 z{`zVnn@{fYDWK!2keo9?%M_mBE0$rZx_dHJw2HuTg%^}NAB+*EfzC-k?TX~sz*jhJW9ltj0cmuRdj`SPa88<<`7SP{*fj2u{cbAn zHsSdA_0@Pxm#^_Z(yjs!f86=W6|9hQ4^6B zI|EUtqt@%V6_98=`=I?;p|T$dE;kdIvKLHqWn+DP_5(+)XiCk*22eGhm%TlvL(9Il z;gH|K`xnH5@txu{d<+GQ`#+1c2cGF_91rkihiZXgjF*4JMJG%n=d@ci`r zRk7E=jY@*Zc&G>qbkdpbStk70hE=lP4P(Cr9)n7d$XWPnqaE)NmV(|>FvI3hL^x0h z@_w@Cp3}I%jXGI7NcmE4YVysS9b?m?#(vQONT$RP%Ei3JM;*Ggd)h3^sEr}HGNKs9 zx&XSq1bNsN(U@4NeYPA{HrgSJcKz6|6I<0n*hq;g1xVAzB1al_vBJWXdXZSEHLCWj z>dLL1)G-i%u-siC*V(c@WP9&kv5?%tLu(tGsDM3L8KBF-Y++-lBLYYj7uGc) zp3HMJ%G9osk==Ak64I;Cc%POw+sxyqQj4#_p3!}V5;jDASw#LJGx^!lpk}fC*7$0t zN!4PG^JhkN+p|k*@p&p9XvgWU^)!zB=(B;`=R9RW&P4%rAt77NV@@qMgXx2o0s`sj zB8}j$#}tJ&Yu0a?47h1UwU7>8a{6vwa&F6rwaqf%butk4-aTm&AxGMm(=VMreqB@3 z>CkG6(%Mlr@khA<2}Q*&3v05vD>_`xvLHobJVe5U`GTNu_(I=@>o;#k2GonsJVh8~ z72x{)xOvriN*=%#@}7~=xR|8i?QC1@Y%_;LRJ=ImaoM7LThB2>Vj`y$r-Mm~ zLmj0R&$|RZ=V(7JD(MG}cM~wMyt2E`22Qkfbq%Ga5;BT&HN?clnyyY%uqM$+f98)o zH+$1VFYZ>Hw6Y-7!C6HF394jrk)G-8HJ7npD9X=UP8M0f;#~Z}uj%tRxg`xxMBcl6 z@pjCLAL$%RqJgVZ2vC}I?jhWb;A(ID1p?-^45jLGaw>9e(Nf@bf=Zw1*33k?YS&<8UnH>n|0VH11B1VVAys+mf+hQMB3cEay*Sy|m zI~#RhvropO+~)XL<{_6i*IKT@-|YmMRNtFoig4jJ3r%$C6?-+{D6OBiR<$W1anXOj0bApc3}E?_^qP zC1npL**m#gX(>FQNVqfn`oA_rQ&A zIS(1R-*5pH2e;jVDA~Hv>;3A3`9ITsLbhY7AihcSjazq)lS}^Ll1b%n{jrUG?}Nr# zzSxNLWA2gX=`M6-=AWNd5}A{IUmkF8=GYv64B?M`oPi5h=Sqt%)on*}`#nhZTy&}= zHMGpUfbOdt?6;uXR!9|~!+qqQ#4X*~-j4h*SL|SG{{>(6HIh?h7i#fB^2;+GH&${g`+ZlWv=^4OsMt)u!A!3$`w?2N%i!SWB zL#L%sWl})Z`NA1vgtu1Gu^EPIJX^9Unog>lIKDe4G1N{YT78~@g!5Z_u6EN0XpTLo z+rdS`ACa1YJa|x=p6LoaV`qffE8AZt47k>et#_of2ggG)bO;WZ=BvA@pw7WLVwp@# zizPuYeS?3-S_2x@U7#>TS5#{@%}htUUn*7|=;~#RZ}wo4> z{aGZBwruosfBzXSS*ej14-U-0-k=K0lZiq+x9S~cogiy!*RI`giGpTL0kzqDIdSZ- zf;V;3M^~F9O_mUT&XH6pc-!HG85C(IvpXDk@Z2Vg^{kcee&n)5f|lFV=T|4#8FQ4E z-P(Etrl2H(>&M(Im*_^=y*M34IFrn($5Nb7c^=UMtWUbdxEqBOHvfCb;a}+%zaUX)Hf(b3%x_L9U53yfyO;zo> z^NrW?`>QIlGaF6zkLMEX_x(XWZ5gr;Ax{m_X_NLI*PbgbyGK`svqz1Z`&(}hUs^6Q zvSsczAhUajH-&9+kxcK3M zQ^)0(TG8U&`*DvddDr)B3#xGF9-GPQk>@%J?BTcbccz+TOP#VoTeAhPDJ$gMm%~_+ zq0L<{Y&RH?>u;!9Pa9Mc^PA@Qmir?2BYDuL*viLJ2{IjJ_|5xTi?yLcG7yI7fB>pW zd@_7IMpA2Sb3y#!z?HbgjV+rfq$t0zoa%|oGe$r|TKV12X+VQ1a;cUTI;n%<7e$h^ z>#8i!y8;63>6)QHJE&%DMyZAUURbWtG=tT6q%x`BHpAXQt6+au3mUcJx8k*1%x&?p zTNQlB;Z$|mWGcAUoaPDmz$77a4_{ZKA{b-Uw#x!Kuc}J9r(JiS=fm6K}}A{%YK= z@=yp-Y&0qmj?s8{D&k>@zdl#RiE~-Z}?#WFA*Is2|-fck8n8oNw?RUmbX% z3QyNnSyv4d>P^ij35S0<8WA0z-_nN_u+BR%@@d77=>6%_kQ<%9ZFYw%QDwYmSRkMH zHeI`s`QRXssWioS`OA%2kEE4~+SA9>ckg6HuwEFu($Sdk{i8IadVwrqGMJ4%{9~JT_h=Bi zn!$0K=qe`u+pa2y3%&>#c!LZKJ}BEHojLc}wh4EP4vKauK<-I`ieDs?{H9ORd8!y` zRGBrN^Tc)y8Bs4X=z*cI9neV|5Gav`bJ`r|op{Y!&+evH0aRpk|7fJ8x^g(-l>2Mc zlYxTNRojBvbOaJq_ukx&72~JBwtcKTiD)tDc)d+z;W5}{a%JX1Uzv#_7qhJPiK%Ij zDYzkr?iC1B-9cIFpPB%!sW)#lgCEdsc5x%`bi?!t6Jq6zo8NS}O*&{UQ%Gr*b*0)K zatC}zYzk!^b1o7KtHBL@nkpI@VZW!P>KFvG9F#i}wTEBW5D8%5lIeOI6LN8vH8oNia%LaI9d7Un6cxu<1M z#Eez?DCm6h1p2S`U(u5_n|g?OWR~@!u!enf)ThD8>3*rrppw+a^P`@JCyNna7RJdG zi@~SkbtvCVf|t}mdRrf8$L>%mWtK&;*ceQ*#nJrg)12)s-JxxpCU5}AyK6|Il%B=5 z&$tecBBa;keWC0dgi+S$oP9`yWj~@R#yREEKLcY8J-{vY1^T2V3EPf2cGS>`c@rzE zOuaDn$B3&A$U*tY(i5YjWp@-zN7AA{yUD|9^DJ(9c*H3#%S{Zx4zeFYn@YCQG*yV3 zo0q-k$-UHMoc{O+@Zrc;Y+Kpw>OB4TU1{JyP7TSk@^3k?F@;{S=5?BIHO$PkLL}B4 zObi*1mrx82bb;n&J(3!524ptMkE1lpOwH1Tw`*UNF>j7q5Y~^BdT+BmM%UHWof!IL zAZQ4CGEi&vFx^@k96%Eeu4xFuNgb~>K>DBUv7b=DmTS`=A-6R|>{m zi-9)ABhyzBwuiUb;tqQv_Wae4Y{R$sO-+oAMIdvXPF(X#OU}w$rYVP!;@bh=z4&jh zmJ9)}5G_*urwsfLdR1RYqqphhf}YrZC}|9!8M(E~w1HEC*~G3LeotPf$kE z_|;YeHGs>obDs|rl;qN&SVAT3skhWL_~5-E(TMtdoJ|h&AneE z2m}*gbP`9&kslPTV)2s~xsoQ!cZ3d)tlYU=2B(9vDqJQa$LE!|>rH&PE^sAr_2x8c zt7G@;a5$sU4*v%Sr?8^q%HLd`zclj~;nju?Dz$PZ_0Vt2{fb$n8PsP+4;{2W;@HMN zYv%b@3t%KoyIbhH^!WCwzTtd*Ci9VL{Zy@QAAP-@dIC)Hn+_2X=R9P|oVr^F8kyu`?nFl?;=G#=SY|>gSJBb8!W>-97!oLDb)&dH(!4t!v~FOK)yD zO|7`$FWU@f{LNC0i>C1&6`9-b|9SL4mG;fnlQ8 zRr5rTYVM4dQ6>QWE4pu?W;CGlgl<`E?>Tt zos%=$6l)wCHA7KT+4#xyZ&1oV?*c1eAL165W9G9SFAS~#6*j};;^OWyvX1Q6F$a6r zpv=OoVvpRb&usJ#oIl>9L*!TrG8)n$<}w-G1ldL9P{5|?JKedKS`ceL$7dSO1I!R? z6>afDgws^%m>#v=~OkNW*~J zDNgwcFI9)_z$=9**!nen%0lm3+i)cjzR_zx$uas0Kp7t5w+j4`k&Z8s`8!Xb(6)FV(mlJ)azL-nKg|C(h6?){6Oy?=_Y*@sW~OFfa1V4y zeM{NkAJ(NdP{x}+4#De#6S=K7Pp=sABBVFCB*KcRaguF8-gv0ocfq?eT37wQbA4t0co@ej^`!wo-u z`t&*bdAa?FP^iLQ*ykpG4X6p)yGpF$^foczDhzM8d+}t&Ak0_)ti!vv?v6*uSB{L* z<{E-ZRZjDzorT+}zF5!-!IFfZ;Ta!$uh!yN zZL$S3($a1>hoqbm7QQ{YEUyn+dN5MuS|Y!`>Kl=mSS4o)lO*>=4%MO%f`y9cpM(am zCTg8SB!0>UFBeXhpVsb3Mp2Er^YP=yD85idO?suN^FXjFYHp4>UeWi%18v=#s;U{6 zFJG?0Y;Doq13eJBNv{B^dlU9H`&b?)EHw%*#Qet1+A{A&BC{K;^s;T-7$2%f0lzw` zh*QXk0^8aSv~cIO`;thXOSV+X=xE+2BqWR-@Ar4JOM%sFHErV@`UV;L1kfVo<9NT- z`#_w^WUzgV$~vncW;6H}o06jXi4!L>@?rP9yuI9bp5r<&8`j5BleLCTg>^WQa)*?F z=|L950vOCdq;g4M7qz7no;82|!UdGbb%QNAMSgXBI4{o2=Kx3am14lIn1+hr((1%U zruXa*RpSt&R)051OfMf@+TAq0%q7wCgS`bPRoc`imcj62<*hOpKTVYZV*rTv2Jn8B zhrQ`-#pX?h>{)KMl(rGK;>A=4^Nsi@U#RBakXBSQZfuXK@tS&in@%J$LM-F%v%%&7 zuXt(CY^r?MdwFI~HUtORR)1T^W+0@ae8!bz};gt&$MV>3J>Sy zo)3Q&`JoMnx=48BIf2hvyXL(pVjdjzbKc;$nRQNI5)g4rb-ea49ry$M+uF}fO*a$i z@$yc+w4RfdnU>>kweRUw+z+)%H5__sX_(8v$QbT5cA*L_!m=(Y*}qV9E7Bv+D?dB8 zr>8>g#ED3dw~S1sy%7@e{JOa1_^9@QMSgxnXRaMx9vsxFXb(ybW=jyZ%z$5hP!QSQ z@4^z5X|q-IqW0vhmroT#N`bE1$&-%>ZTTj1?N9$^kkmgu4rGhaS;brYD6ssAB4Ke+ z`6{gL8UZ@F#!w>ONZK~Kh{f0=d>LtCl#peHu~LNO)2K&AMoR31A&@aDSu0+<8mdCT zf{q1hh?U&a(Gg&-otvAxeiKqseXy6qUZr@JH~F~Cc7>($QZEzeqOEp5{B_XGS_{vY zl^5o`h1zH;=A5On#o_t+$3TOn{K$`eAFy}2!+TLE5r>-H0C_?uQ~oDu)y94r(W+a| zP)GB<2Fa(aQatYk!bD;=L@S2N%u=_?(3Qpq`nzvd?O9w*wwrk7t6O$$m?pE|ns{$ndafSKu8(6KP+WhQ ztiKSPiPk+hYls>-k4eVM&~@r|toT8K02p68zk1OoUf%OHO^h%nlvt)a^Quni4D(YH zuaVfx$Mf9>>cp)^j*oE_KiU%biWv0sX$tz|xnIkgHvW=t^z`-wvE>L2EN#}~2R#mC zToBLn^y{UW*+(snmfh4;+PbFihe=|e8|+|k*h%%-cuV>kHHK3~(S7Z;*7}j3M^sx| zo4vJJ!%Cfy%x!&Rp)WOAc(Y8D#zy!L<4oSiQ32&0nzE`N5Q(@?BbNM0*#iaEBK1af zetEZ&#k4i$h(Zg!0(u;>UaO8h+gfV zASH>u+m&MO%j8_2svZm$m`rCsN66sGizdAKm#`7C*@L#W{nrD8*!W`Y+(k*M4lg$uYRVAyxyKR_%Vz<8! z(a&2Rdm|@cI@~5j%Iv+4MrKEI2)0bPfYWQ3vDkF-gu=EnOY42gYRtXqzvUua`I^CW zWTkSp^~aN#AUmdaGM`Rt>B}OBvEaGwd7FZ!re+QEtJMLG;rYiT44$2_jAr^ zUcVmxkn8Hm+)^3ta8OxnxQv=k9w>F7w7eq;dXS`psLgFW8(Vd1@amXK3@6_%`@7|_ zN+Z9W8rvBT6GE{LN%8F2v+%L7KKJq6BP>GYi~DeN^b|mgp-x$#zm0K+I+WvivsC1#J#c--NN6{m}L8*HBwB7FaOQbb4enNPh5VzqDB#FZ0o9iSylVxjV+U;wJ_0GeTDWDF?r z7jEIY>-LRnU79kAudA3Q@JTBus0fxILC9yf$t8XMo+5N=n1YpDcDVa|%TI|6ji)C* zsY)SosR|g|;D_}>yK8Jy^Sc^s{Xf#7IT;!A5nv5->|*k}L03@9_5z2_uB{5Y_tk3W zVY9&NPGx=FMKST+S(y)xQtbR+7O~&e77pMmWG9@>4D6kw~IEqmwY$BsNcM9{VJhP zS`)+c=JjhQUk7`8h>9ga+nmF&E2!<+a_;A!RDN)K{v_L{51t&GIHgd;$^4^z z!KrsB0W$PdO$u+X8$$JVJH?R5{=tT9X+Tsr+!k`kTViKvTtU6S+tX3^$m^%VJEe~0 z@9i?Hfqvf+aZ%~K1-j3=m}OR~H)cOu^25otUbXNw)vd)!^-}$1$<=s-?$LmnLTlL(!(1x(c%KCaV;9kCvV7R+vUO3+yP;4 zRlBu(f2zek?h(>G1*U6=%)WQvW@DSyRDGKT0<#z zmxUXI*?G(q7;UIju5PekLFMZ3C!W|C_cN-PgR*xe4|R*i;QK@NDAdl5M-gu%&Xr?* z1XB_=!gCpUv0bNmimBz7wvmxIb(@U_gzFL3qZa}oF5?A zWC#i~)8E(avVk+WVmDAa*lca(a|46f(&a`r7)Z-mn2i)ucS0Iy(h0n2FVC;h;UOGG zfep(m7WKTLtGxvPmYN_bx(pNtp2p!Z=qZLlD1#Hcs3n!{MB zzOl!Fwajjm_$JncCEb7(454&D!kS)`7)m6nZC!nnIUEm(RT5&Jqdrnnt5vQ!MwY8|QpCE`SbuMpm}n z^|Kl;PzEtiF_h6HMa$TG_UwhB)EK772#I&4Ho7Ep2nC-0dD_X7v+JMHJg&+G026?A zWAx5~RXyYPXSM1gWgr;1saqaZqrSd{5#?&Qx^OgKsO;#AIvs+I|Km8SG|BQ6EkB={ zC~He+P0eI_I4EtPMDF2U@JKPFMN($7M`iY89<7LgP#9auoJO3^3B%TEo7sejsHmwu z4}=LRSGy*#N?;-;h8fWM2|&zb0T!yI;cSM*7Sv6VFT~6}y3jWr6dde~RNSmr$OmJs zJUu@?(A91OVxdMoaE~=!_Ep7YV;(uT#6M1+oL~KNa($kU!G0Ox^R})InVRh&L!2lIfKSk;g}cNjCI+8vv--Q zj+7L%)9N0f98^54tQwgG8kH(M=^cSPe@}e+FMTpiIe;v(W}7fG{dtaM&IpNk$KH=X zNcJQI?+G)xsU+&0&xaK}S2FnN`jYP!|MOK4C%jJ2da5--Zq;^@b zh;jPKy_K)oAB5M7lU$iz=;#cYs<>432OFE4-zH(n91bp^#PYH8Uia;pK>8&qw~;$G zh2OrpT9)Zj>Ui_vzfi3XjOo}z5_GFKi3Q|(`F7VWhYGhg$CA%|o(kaHQ;lqFHb%Ae zzrfiUi3FkpRW*|^7@Ixx83Bi@Rdg5x&-)Cg3 z5?yp_yoE%MaI}RbB11>Et7U@>K=qrRn05EN?!h?1rF5@a)_6Pmi=8d#8ILf_M72p` z6_bbNU`XwAXzUgLX%VRy0*!K=XLo0OpJAhaVbGg5+}p> z=a%*xyU0@j-~#asoA|STb~CX)B%(yGi}UPR{x>XW-gGe0kke=MMh=tE!Ek;H>|XUi zi3^67oddO6)&U59q}$y~IA8c3>=Y&z>Q+L=5!y-`oIK;GO2N^I2DQ4vhz4TX@DZdo1Rwi4(v6TemgOn6e%pmo9Xr{1d1jFWpJOhzQgDOykAMbFCif9XX;# z@ety{x%FQhm4XNWXUz+IZ2Lcz6Hp_Bp1eKXs?KyrzI&GQ+cgp4TPYY9as;C)cyECK zgOS8J=pWM|EqNUPhE2$%VVL%dhzp8st)8~1QChwXZ?%zYxMHS$wQ3UA5h}objzlDk zHB+N~^iks=y^%wLjd|(1LzlZ7V;pIUFo|z4$4)g8ngXXL1+xBW;9!jd5X=@|y$3h` zC}N1!A;_!4x?V;L1(5PHnIRE5V6ZT378R*|{P|5L9R^WfACR5ynnmoow`x9LcX2oM z#EHMawcm~ffPQ+w_4hAbd;|M39JvX0alt;6T05Rvw|58*LD!BC_OdUY8+@Bm89bdZ zB$%(H)Hbm(P8YPk_SckRePjV#IDcZDMfXpD?`kxyEKkY3ky% z`){b^>IM=33@Pi8Reu8T-_9+MSjGq+;(z7D=ogy_Fu1vioZ!)==Mth;xca%$=S?Y6 zyLD&jf%LTrU1F545FJX8a`nC(Gu40oLE!0P3DC=VyS*M0fAoEzGS%&KRemADvaxSt zP_;_eFHs*{H>$Wq-6lL(D&H%)T$zpusF7(q{>K&-39u%NPF6*lHE0gIvZ&Y&>m6S{aAQ1Lw@=1_PWZB@IzF$gm?nrE-R2EBVNTxb@{0jPT zgXhve{X6$Z0sj*VLQFCEk5lo*7;2+^3|9B5<)tgB-*#w!jg9cn&T(Jjx9W`Z zI^t=-He%dW*NAqIarEq_@0YwhC6o(BNK8QMH|;Q~`;%y)kIF8pT({(hRaIQLs6+J6f22R>=h&R~#uxhNT# zd@jxROZz~LL7lX5zQ8@@7dIAv)WmV*mtyl&^G6cW28j;e9A_3k+|tRgwvPe@ooX^6*BeL^wmxZpWA2Q?nmGR_%P+FtzbaM`t&S^CUI8n%gA7%q|D!XsYz8 zUPpnW-puJzL)Jr<2ImAYL&Fu{hpu6-8|_NRJV;6R2Vsr<{{SCZ1AnjkK3Wg1{jo$d ze|r?IH$n7*CH=T%o~i{XOb$AzF9qx^S*z~A-8)m|B?dXtISryL;?>SMfZqvZ?|+T! z;SnuG?ng$xV(&hPQgU{1cpq8tI40q3Qg}E`H8@YM+7*>@5P3>XU2Wu!@HlNF{O#Lw z+-&$(>+Dl7t9zASKG!^x3qlE4FZPaA;0sC;v*lZ8%kg-8V#Ws{%|1<7CJj><7<+Ui zdB!VRTwL-=B|-i<353G~Se9Lee}P8!T^&LbS<3;H0~OHDy0&|nzPbugxB3ca97b$G zl)H{m*XTh?wJ}w^892^WiD<14AD2H)T2@B5vU3?nxEJyC3>WI;m$`oRbQr1XfQ*dj zZuK8{ZFS0H@rr9#DDyXBhKqi(CeXevXug+7BjgKDKYi`mb^cqoRDk0KT(PN*NyoXR z%v5aV@(!kKc4lVgo}`Rw_tQ6C={!uY+d96Ml8D3_PA0|Ow2F@LDo)0_-N#g%k0+d^ z%lJ1Y1>b_7xYbkfx}J=HyF94a?HFeWZ+BKY{$r~DUb5%~f#btx=}fLOe-vMIX3e^n znAZ@Ay*$Ji{S3@a>o zKX!S1abZDCS2wxX6p4!Xw!PS!6yLAK;VaCYeciYkJW@1D-Sw-?ry#P@X2IrO@G&*V zw-U3;r;c>gR*XoYn?d`@sh;xhFaNqx2hqq9H;jMiU-%(8xqB53HKhkB5Dsg%t&8=T zQ&Upx7d9Su_5S!!dobP}lQjS1dP0hnL~+o{0!O~iZ66)4<5?r7EnBVZLfwYBFE26U zHEv-TY*pcq2`lFI5&yj7L^t4sQ0dYhdBt` zs?f1cBn-V)2q2iB5|pCL+62$j?+sXeta9iG_*B{+QMw$$V7UIx0Y zR;mrEFE4Dtqp25{L(^Gb?bd;Q;TqMeD>-i$2mjZu$j`bb&RY{7oA>8nhMp9eW_b<2 zJZh)(^T4FMNLM6Ql~Sp6(rm@qJE1b6#*`4$q>|W(Mcu(g47E3#q0zQN_viYDS*|0FMDkh2XBQK;BFU?(QRjk`weC>Mf2H4L3)6 zyrS(X8~u_T8=IY(SD#;wJUW*0`9TVHP2vjLdk-6z6cl{Q4l}+kb+p#Gb>srkz8z^7 z6M^XD3CLg!@Nu*U&A@cEc#4hy6O|`e!hwHd3wfvzbg*pP$LL(z*W&o>38>u2rnF?A3x6CX#@QItUD6>3rZ1l5?YyZx_ybnfkQqA%| z$71Td^7>D5Lz8QHV$kVqLKor_v=bW+V+j86ndbAJ2HRj`DF?5>M2$heJo2t|wO=mS zcg2X?sIDof5&+tju-cwfF8+^GF0c_?<#lTP&QE&Tp+V`);Hj}LHi>hk0taz_F*Sj# zRFwPAuUKoM{v1jwnknr^+kBj_P@3kBx)H?SBc8ogTwzL$AvW=2#$3MWk$p_owi3e% z6kUceeFHNu2NF|T9m=d^oWvd=bd5mH4;RUOzMln|T zi(5AtMyVlAPpTye^z3Kv#X(c5o{b{lf<}zpDfSy6w%XsP|2`0sH@&*y`dsHyH&@9l zJoX8c(769qDuzj^ars@x)?iXX7XT@kZ1@9Lh5bl_gZQpp`^D51aH#h6N3P174#in@ z5u`z^XVw(II&+d$g8a`2$XRLY?b}9vhrr!Pb=^Gxw(`VA6F!6y+kxrrI$kLW_7?h@ z>0ifKCoB}S5lWsYAKPeZeAu}DwLjqc(??-}N1w{Jr^d#30qrS2aOaiVwuN!CagmZd zWpGWw@>1#A{sb^b2RQUN?Aq zTraT-CwnAC=351+Ks5$ zS2lm_Y^=VeAx!wqoh)t@Zsy@j<-yzAA=48TiZy_IfZWD9`P0BjOi{r!mhb~dS}V0Kw z(#0Mh@Q=Kmus2*BTr(a@8ncVYD!XrQP28y`XdZP^OFax#Q>jLK()GjY|1&b9bd zkqOP82&XAiM$gjY10fDc(*6P8-5dQ8PV78B_BZW3zK*|QYmnTjg4eq*oGui(_1+7I zsv`nCXKDVl@c8ld1o<0kMlpWhFI@rfh!XOtR#%XfHhr<;c$4MWAaX={XBR0RJyoRi zEZcWh?YDe>6r4w~FX%saftuGS0+TBx7GBGF%3pk*rMCx!jyw`F9I0z$&rhD-Ub?cX zXvKLj78#DHeGQ=U&QHpkYjj`GxGjHi?t%OwiPale{w1ONt=ZkTDuWivmM zWk)JK4UM=jd;;}Wv2Wjc@fI^dK?-`g%x^&IiA^poA0tY`PQo7bk4#Mg^l0CYAMdtu zuNnIHzSy7ebmh}oc5Ya$Zgn+1Y8=tr*9!me z;brx@^<;IUv(gg`7ZNeQG#}gOOs*~yenGaykEMb^Ic35`Gh}1~yAY;)Y@!*_-q{KA zs*?9aEVX+T+;QiSQud#IHC*X1GKny-fTqURGoKRSUik@XVakS;N`buUbSWvxgv8n0 z%wM17jlE08xR79c$+#j?d6^51YC0+&)i?YUJozi}+L*4%G|`IUyK6Kx88KP9^_TL6 z^$|eqd^^F65bNIj<9z0Nf>y}$^vIpc&s6}Ud&_;#QuT@b9z(_RD6M0>M{ufe`s$Zb z_ppLbwQ1Ikd`aW?Y*3r%*wU{`X()VDo54j(bqcAZuq`;@KL(_sw;4xyxbIUWwEZ@eoUpQSN?N@X}~(n zn;=X65O8z{KL@U+JTAZu4oG$q(%{g^ricDqj2uEAii?G+uRy0t3JcvJHOt$nKTM_9 z%XSA8$LRq7T!wqM!*5$$Vj*rICO^_mmXm7cnWnt^3%%LY|iq-AkcY}M%(1{sJ&GelRTvtQVwiO28AVnreMs?pjd<6>D+af za?nVBqp20bU=R0`wOTt$9(!ccHbxMkNF+U!(~okS64aCy^?czTYsSLlY-S$dq@<*e zgQtA;IOxxKfQ5sSk$rVqN=lh=LtrogyIOQQ)5EvHbNMY}LmXKK;)#9RLh{ z2E;$i2Rgk}fAAh<6q;gbRHTmC9Up{{f$O)4&0yqENRa}J+)tYS*cY6vu3a+`QK*-E zk)21FEn=Vtr;Fh)ws}*9^h*yPxUbTxR3}m6_|7gHV#F+eNdHONCe3N;FdmwPUt1gA z5P#WyyW8^z#vd@xC7~szA=5czoBp+0n7empJRasg+B%VHc97~cicpFFIbHSWq#n*( zO|6_$P)gvs&awZ1se5_H zQp0%6fdx7X`gjUUr%C<;hxz@wwcP+<2B)31i~l*%hEB7Vbw6g575>)Ot&!RvFUfQV zGRySVqfHFs3THQph){U~+PbhQK~n$qMXWvjj)IZoWG>EI?UiEU;kG&Do$8g~mrJ-2 zu-D$wMebR|^OKc8D2)CCzg=``;)Rk}?mUHJT01=jhwU$tE3CEprhbJQ=@Q0_TuRpO zPqhumQR2iMpJbHaD1Q6d`TFG4)TAXrf0w;YCg%X?AothxgaICb1UX{#ga@V3pKJ15 z!ASjk=`YR&gwEGE3_zK4W<5|9>e-<{memE^1Gw3)K-_P8I?(QiB z>_1_3SY{?zrFbuVu4dm(K9P^R;9#o<=E);jRT>e(E4{Nm4hPNWs`sZVrE-agiSIR; z-;Sp2rOHc}ezecT=_ZJIS$tfXt}%LyeLf0zp(>7O((3|^%oEZ0aXm7ZHSbZsQ4}BuCXzv0=a^qnY&2=nqWmYa=+f-cdKe%S{+} z9^&McbT%nT-nS$?rY2S9N?lu%@A)R7e1 z=U$`El+9 zF!TD{ciZ}>MvQrLUO$$Vxm(AIoQ8CUOwx(|Rgpzv1zH|Ts>ZqnyI4W@PDfU!gc9jr z)F4iy@g||+e)RO{!7H%gH;}r;mC6Esf^!e58m;5`(G1jvs$SJ%%qqc~Q;5u@v_?Cs z4EU#y@2+<8cr*k|qJS8W24i$d9=RM{Y?|_3)FLO?;3GQIr@pJX$Q6IN?CNMFLv^RO z>8O?QgvXJy)Pqqk3v@W#Qi`<-4u9(CSO*l@ZIkqtQVOH*2G}oRHhy`7F~l7Ilc931 z2|nv>@P7F}`xtmrT7&?Myw@((>JN7B z8zblP6Fq1QZ(n+TZLh|XIl)o+Ni1`C7!oIB^%Q~NTx~9MiqZK9 zvo9p-kpSjQ&x4l^P_iidSqP!~2(YmD)MN^#nie5xRT{iWS95fZ<2U*V`57G9NX1EK!q24s$E$x3+jo(jK?*m@GuYK1vo4fmb z+DonYkuvyKbSr@5I6Qa#xC4iwd!>w`LgdtjN??r#5AJ_CEsNlFI;lP_5#T%nWkNdj zWT8)z$G69`NKTp*a_F=B8-eSRL?=)w=A8ZYjY+f0Bg_^7A@m3(ymqCU2C=#9Iv5J3 zULQk*l1`Q~1Xivw?n6Y!l`sN>l7vX|yFnWDm)P^i%xVJ6vyTtpX`{!TuYo)V zgWX!;@J1#6r!s%^#MO{Tt^hee*XcKZ^UpH#CXG<^L8;{jX2XA$rT+uSmj%-tRx_?= zBOKWN?(TooQUCKJAVYda6?me2jO`B?CQtEdJ2YzL$|`VG^3$nCX2?K8Z9rr1`M=uy zuiq9*c@FrbgK4Zi{`~R|6=R@R2(NZcKOTb@U|@Jpxv&!%5&5)qfP{^DL#(bcKW6%Q zj1Q=BHwE=qOtK50@Ez91m5xX@T~^IQ9dpOG>z}_%wdy z9WhIp;R2Pha`7i3v3#n-vI?fm= z@b~b%`>pI+iCHN7b9gMMdD#UWBwVy3_=M`rujv##^-%pP^kh9L$u>pJ9H~2QWRZW? z%^VpX1t^N#-cQsXioz5}=Qe9L1X=BAUl%vy!m=@U8|#ZkQJjZ$@=`;P)uy#ZpVD=6 zw1B0hZzC0Be?$h0sQ0vs`<0zArsyK{d&Bt%yn~jg^A4{;_c&uZ;Ho9GL%kzwt!SZn3@p3 z*{UXd8Uc@Y>l>FRido(GmwNYof6DBXuL<5+xl^x#U900z+D+Kk{tjC)%ds2W~W9lvUlqY$O(^G zeP^aA49v4*2g9xPF-0eT%E-Nw+^ zCyZ@?-QD_l!q2_`L3VPgng4U1JV=aP%{a9y|XM~Zlotf+_oZDq4RRB zb{mFk=o1G28Xe{X@~0A05*_y|jfEQC{6eQ0r`gPX-+iHH zcB4y8?Q(H)ZTGy_cy*6RqX`frHT(JjV2o@Q0{E;N0`*LZZr?ZnF8EI}(ay}ACDeC1 z%MD&dqpD+#86EHiCmC(=H)sL|%&I$zIsr{czGjpZ30pi}>O|5{TX#U4XL8PtmwT6R zV|?tt$-8Q44-9`ssHCNH+Mw2GfwZ8TK+p>xzl7=5wm{E!Cg|irm%pjhFj@@&p6d5o zhz>3A-4?;1+k)LY2P8`GC{9z8>GBynH5;2+y#>%T*Io`iOsD7P-`!6C?F7}GRH{GL zMfx)_kAlrh)5%iTG`CTMH<=1$6H}xg_qgS)(Q=$H4oQ)>DLU0C*$zXx{}jAh@^o`M zyWT)rMrK|gd7R9Jn7{MDVXO_B-N0B? z;Z}g7jKiS|Fft)!NLyN$UC3Zw@NQ*gXV-b{LsNv)G)6#K0gGWD_!2&iYwqdP4X)gJYjnVCw4@;h9~0-U(IdRqThmb_(!xCE*mWZT+a zc<$2K6-DgU){Dj)Mf@@{`qy?((J;PD_l(|1OjIo21v1In(YPT_hNoW)Pom72EYF`$ zYHuC8!xYui{nSLl6$oR9tk#*(JOlARuNZ+aHa6x5a67dcLeEt7swwEY3Dg6p9=jtQ zH;f3#|K|FY`BRe;rZ8#DgMGQ~E^|foSAFvH`5;?q84SOqq?r<+Dt+*B)e$5vF5)V6 zcXS{FtfQ}g{ga`U#51i#zyrc@j;<)3C0w>@->tlcZ&GLzTzv!=p?hW*4ZBZ-|LPJwLCSZG#N)1v(q zqEILg!7oDfx_)y%vab*~@=jdyHW=@gaq4SKOxLTNU`NNuNaStb2R;obkIfdCOQ#K|}FN=tzL+XQyD!NPDuRkcX~rL;xgED~mDleA0`ZUHe;t zm0$+Vr!pUd{0tmUbK*7;!x6?BK82#XpX|)A%5#rsk26QJT1Yd=h|}?Jj-O z&X%fc9;IG!7_#fhRf+03q>Wm|ewLiCVv69Ic|D~P#l;&XB=;ifL%+Mck6xkE$hNnT zcP0i~@Lv?eEnuz7SW3=QoStSK9QYtKbf}$7yUyXu95f)8F`RY=*z#xScft*Gk@jeV7W>T;gF+a7GyFM*6_01 z%fO!ekbv?D?%N~(K(_E&1as)E-1#BN;_T^J%;+vtMLqc%m6rB&EI+wY4+44qcte6yL2ZH_J#fVugEn*W zewkOXDO9c+_p_)UfTZ2pdi;K}HF+tZxi=u!iOZ0iF_xRPBOTFvBwM_y`M{Ek3c8UEuHeXSqD`#Fp> z;ciWTrapxB8|<>4yfyqm7xf!mvr)RDoCAdq!bFASh^kOQ8jOfgFV3u*6yWJwKh%F; zU0wqUBzFaBnlmJ4OmLwiAt83=p)6I!V2UhA&(a!y0F49(6YF%n0lU=`VvQ_Gp%Oo2 zRxLLwjc9_L0OM(?O#--<(|0@NzEzS01&h8^=Bc=EAGSRokBS!V6L$Zl)-&-e5QHus znxQ0`7$YF+>QLrR{X(`Y`!FW*U}=873RIGP)%Eq+3ik!Uk{{9D>tjLx4!^i~iCXeQ zrFQGJp)c^l7kcQ3r_e>SIrlo724+>x-0kB?U%b4`non^@Bd;^F8D$-HJc+cz*K)EO zp_dC?2C-wuoXA&IX_0sWh}Zad=Xr3jq&mnreXbnId1Dnslxo&vic){- ztriCZA<-Dm%$3Tey3c*oX2xslkSdWzq#KFBe!Xev$ai z-|$A+Pj=So6@S8#7RgdR>c7^6+jln1D_R0VxGn)kt?Wl1Bfsbw4vmh^%lX1tGS;?l zkf(+3-FqQ#kDodkm0PPo@YCC_U}kY>>!{8p>r!KiQ#q+PIJ9G`@@ay)X#LA3N*E`+)hdeoY+P<0S|pfM zDR<29;CS!+ZVkwUj8ZjT3O}#)F8gpzk7SwEXzTG^S3kL@B1tPztY22$5hOTOS=ubO z|1Y0@bBmxwGLS~9ZG?{!N{thv#@I=wh+U} zXtHOEWWke=N6h#^13<$F~WxZgpb1yka@{v5z_8{m?RDf zwqnZ^SYBV(&fYfcLZ{akn2N^+;RL!@?;;a zH>6etU5y_Se~G9KqinWfP4}FFE18eUzbN;WqcREZ@+>Hhdgr;S)yYKxSg}x2ZZ2Nr z5Wl+m?#uj3?$*F^TxFlS6WS&9_{^A>jMbuvRCU>;vSpjRaW;PGrjStUQNw5-Gf}L1 zsT7lt`$O`tL*5B$y2=x5&2-yiIWF{ZFGEAMlb-f;^YPwQ`1L}^rtLri5Jz;4 zq5Eq1WhzM5t+qEE`2adgAPd?%rnFiq>SvEz3)mzuR*#AwNB2XID%a!E zDqRrbrLLZ%*OPP}t0Je#3N?AB^f@!qia*h^N|?x-!DNbOdV{K+T=o3e^on7KmjaM} zxl|<2YAtP_1gNsR_TIl@3q#M|u$W2g!{dHF#d`GD{x~9RudE{nf)4oh_qmZt1hdAL zo;)d?nE2xyDUczn*Zi!Ksf7(v0N*oShE0I#mkz%d*Ltsxbd5M=wjfdkuMNQL_%!q_ z1w9liSJHuAC3n`SP_up;+ky>)McI z;F9^eIP6kj{{xpwz3A>h`Z$)5%@%RkNvL=u{WGV9gSx&xrag#sTU#`V=uMVzad7se z+qh)c)OO|321C@0M|=gB{3pOha`t_}uwIFDSMCgb!R^deLG%gcqYKQ9V)Ew2sjs#_ zeUmyjOYoHl68V;GSjR! z27nq|OmC*9>MvirJK1fL@NrJPy>2{%68EUBmOHMGaYd6x`O)7W3!}5|PRN#sd_8rY zI*N`8uz157$Pe{LW7$;6mmT4731Xr4u}sFfed1e}z@bU0v9YlrB^(h$u}6k_ESbw6 zxUt|zS@ch4KGaQ4CXNjRF-!am6AL-Fp|x>R#Ffkklq?D(n;UGMxD2F@=7BePLZ#`&&OxkbaMOH zJh_nP{suXC0a|ms0yAYpu)lUuFl%D88{3oFZ&o5%#Y9L)x80&&YM6|Tjh#+$s^*Y% zsXF+6%DBO`JgVQcIw&*h7m&INUx!eFoyIB_j-@=?B6s!lk!agg;;2h-K$7lkPU(ec zv((m+^hjj&^|qV^-q9#B0f}~Q*gO^Ol(|QidnLcWk`Q(RS}^yj9;e9@p5xy>#pe!^qGgX+Gd2>UES zgWQ7;-g3WkIH?XcQ=sfHS=6-qI=hA^ow0QpzRe zvD<4yKyu@(*Z^gN4y#0gm5b?RJ7D(?^jRhS%Vlm*`-sx64eyADf0La8B3}8(L)p%i zed&_pOQq!5cAGH-7>bVwi@7EIu#IdOayNsFsBU9xY-u8nh>n&9d-Q}``R0C>{P!z8 zP0#y?SCDPS4qXgEO&y>-@CDf8mg^paXZLr~;0Tb`lx0~4+#1}-wL;}f|!YPH7lbRxP2yPf^n5+ zz4$m{-vmeos`V_u7QzC)UAV)AWn$aWd01@v4n( ztSd#V@awcQKDSN?YHCwAATB())o=>^X;vgczaMnER3pRVg3Tvc&wDi1a_!B}1}7zS zgW|{<8KmAej=b*xvgYfD8W|to$@O39T?jkdJJ60;p11LJi0$C!&haWd+Gh|Pd~zt< zz0MTuA=Ns`DgC(9|4T5-%^Q`bvCXpV2l&hQT$hJDWsh!LDW$Pc{VH{qmFln0#}pdA z6WTpJMG7&^xF;5ek>>&ifBv-OFb|B0a$006Q@(HiX*tOE;FADEb4p@B7Q8M^p=Nv& z-BKc2C*ru)DSwc)Btrr(jm6EL!xn%-rM@o@u0*8IemSqbwHtxlTA(}{U98nJGb7BT zX}52d25(~s{q*5Rk!f77+rliqq)1044Sg{s zpl#QChL&R=dz{^3iW#io;7v~do~ljHPq6k0H@5dLWzD^bX*GVXkmFJ*a=aKFnV!@tqNJ!J7O?j|D)6mkWQ1+-z9{;#h;r@w z_m-k<8^gr{%Pbhi@r~|XNnwT!(ks`#Fsffnz4IQNNNvBM)%8d6k$zlZesg~Bqa55J zhh`d6@~(~a9kN*l0^5VM8oZxgx$=ci4N3|8U^{61(IBf;o*F|Aq{SSX(d3FJ=+Fbj zU#A0+fp@HP+n?&+jRo5Ke;*AQU^)3Z$v+aJJiQAD?H!b)tmO~i2g6U(S6fDZ{<|$)1e!w^{&3V@jV}xOFo&f9UEe^>^2Fv#{usSUEZqTF^32TcqfUW0u*>bSXi z_)JR^1%W{x&R6tG`UNAw6y1w2tJahJY8txQS58)yi;|9akrQsE90c1SmK!81_e5ID%)+_f|x_Z+a0fA3b#$EQ&vdy|IFnQ7`KVg1TS`Uh&NbY%B|hd!7U=s^2;sFc5NcVKu8 z3<}*u3;^lJ#pd_hn)V_F>NYYzd<2kEpD|2-Kt1H}ynfqJ{gCZIR@fmtEBjhi;{Oho zA5E)CxMn-Hc4$Br({cNB!y$(7dMG>%?qW@ME|`=F0auSE6yD;a$E_1yij2#jp8dX8RL+;h}hoBKS~+55lf?s&SHMQW{rboBJBc@(eUTv1Ew|#rmxl|f)pUZCGbBXj$!pehUyBaT? zE!Ott5(?oR-KW`v^xM7>K!w{&S)Z^))~@Ii3hWgqE|l#njbPi=E6XH~>PyTAwRY%H z3(DuCorCNegI<|=lWpJ0Iyik8H%_Yiq`1uK16nLBH?sN6+Uy-c8+qd2Kx3mgevTfph()p`Jh&S`3* z)*BB;8$5NCR^+WFpeHw?eaX9;NJP|?pyuQC;NaP%#a`2Co0Y*#so*A4zmEJln^w~d zZZ58>hr0F8%olwjdH3a5EN{pZ*E*~#A66Ioxk$=D9|8v>HwYWlT*SSNN_i|z9hEQg=W1}s zO?{f`$mhgL6@7Fw^y(cE3wAcP+8!zT`ems&W6W9;nV|4(!I498Zf>qz%Q-dwSl)% zG9#g^wN*A?tsH3>Z2pz4?<2$As)0$m(5p|WB!uF2&nR8s*^s_f;qB=;d(o6}CJTA; zl`#4$b4=sWd9N~AX0n{h__OTZh_QD#-rfYabU(i=uujHg9ayGSQGPRblRdT9{cft? zm_TfgLhydqv(eByeX{dst2DogcJg#<|CAbD;*iKa`R}F1HT>*!m~IQUEfptCS=?GL z{@%2lvon#Y<^hB<^)Ed7gG>^IwKCL!6wGKq~e6;!U)o?TJ z+Pchkxh!|vnYf}W$H z4(2xTfz(M$b5I_pMcyCdA= z(9BMyBkX#a_y4wnNj+p1q~lRpBE5JqU|?ZgVfYP|a_hw%{&P2!a`xI6&LW&KjssTv zQ6J{#Ibxc5&%VhgQkc%t>mPFV=3i<(OBIfPv9VA-UT1_O;L9r#UwoLPNIm)1582gp zo(u7^G>nC1Ij1jpm5W|LE1Krs=ip0WYOh0*FjtpP_H1Aa_aT9YZ|@c!TW~2DB4ldU z737KBSafyQQWeCWeuGy*&iDTAc+)J(ZU6hmiCNa5^VihQNW^nVn=k9yy<3Qd>rTp`oQqj`aSp5VtSe{jc{P(14uHwH+ z#H2x^JPqe#<$1lB~Mc(~5xg`cB}MjK=u#^5<3D=VA@b2ZIJrsfas!e2P3hECI4D+-=SY>>pb) z07(4FU9?Q2h=^fJ)AN^%yKj1=!dp!%wTN%QZ{yZH?EURJvG)(3(0dB0pN*fh#3-am zJIA)Kadb?74oa~hUpPhDz5Y_^ncPLIXQgs18X<=#Lq9wS%uY&ay$MSeeMpT`$eIqk z+OI9wzts}->Q(N5x*4Vre8=2gEh+UI2jp_7D<}7PP^}*=YGT;p=;RSQ2dCZGSZ#FT zP}I61bl^H7HF}+C$?utqwo5hB4vAb2sJmU>KtB6UjEp$Y(ux&V=5cS=W0q1lhSUF3 z8~^VcUBy=xyf*CcK$+VS9`4$30>8*pTPd_PC+<^_f?EreNK2o9K*BrLDFwj>bd zU@%CJlE$Lu+4xphb@ewgV#Y?scj8YCyw;Ixnwm1(abQ_>@!+`-Q_m`wUK$kb55GwM zVgKaBqPLyh63vy<9b7sKS%SD#LSl{7rDJtKVEf}9;}ZHN>}=`C&2S=Bbjby+u=WS- z+Zjqixc#epERQ}jg$JJA?clEzdhmel8Yp$(&1YG8zaWe0{8jD^?=f35Gv3uFGL}Ksk733 zYol?kJbaI4ptHP;^7Nk-;#KOQ)DW)bA=0>`^ zO@YkW_>o7w`5VgRA6|_P4&G@W8KflM$q-W+2UI!Z8sVnS_TK;itMP=YOU0Y?7_}Jh z?<;n7jP6H~UaWp(r~R!wr=Pj}BJArCHxGt&w2iD^eqn3_a5+6)T?cN~#9IZzCN-m% zIWMn8^l^eaw%GKj(RVPT(U8ay)228tUY3JLp~S+k*;NL`mc1M*tGTbQ1q>Bg%``hz zdU2wzPdI-`PEPR~^B-2UuuPZOoLyq>9+vQ_im3WPN_?GmwvXDZ$2WLD7@DdDq^3CUg6v$3u>5A}WU{lr7fo(`b!v zk6K?;w5$alEUa~#Dpz=bpYH~FqJZ|(HXPxdz}Q$E6+fxTne9Wj9(QTac^IAR^bw7O zU~b5U561glj`F_Nz*6q!HYJ~;)=Cn%ckeQbX8ZV5BU}hN;YE&H1&%ZP9RJsqY>0bAZQ+(0~(_beRg|=t>bWTzn-e zKQuIi*A70;GxeOwN1W1{8h|VUX-&aFLk5eHoUrO1QAjl~LWQn_-oBiiyoh7`W~USL zM4P7%Po;Y@zObkwFJ8L)G~=7K6!}R<{m`GXE8$V-gOfZ9Lfwlt{3rCNVCct^6i?<_nu5GtqeXIM2;4I z%~(|Q@zkh#(@5ExA&o`JZJfO=s5oj?1MzTo&tRHt7PGw|Q(aG}YXfdfav4K65rvJ* zXYGAXcPbnPaLv{3CIpvdtZ{L?W7$`}pTXIl!P)9167pI5>s~xQ-IPyQINfR_!29~4 zdt7o#zZ;#X%E*UdPfQayFZsg{hGH-E^9G@p&n&)C6f^BSyC?E@)i16>k*@p1&rIFE{- zf0Vs-SX65lH;jZdjDpgoA|Nf&-6%+i(w#~U-5_031|ba+N_Tfj4hRh0F~Beb2n;dA zyFE`G&pF?Bz3)F<8@QO+?E9W|ueE-$9t#D)SFrtm_V*b+LBoM6H0IhvoVF>FmBuO* zbf_xn#~;#UgubAVu(i$b>kXY_U%F-@tsC@B6|k?)yk50Nwi-0LrnpHN5aLYJ1t_K( zq$YJT$ZtAco(Rr=RUY#amRmLz%AP6-SZoC-zcL~7Yn`aClza=VwBwhg^R{YY2ZC!t zv!HwDz!0Z>btrken%LPBQB?h!{ZuId`b6z26(LQz^ONY2GVg-63W?5FcOFGVfY)fc&fmG9M z(UnH@1+P^Uc@Fs|gyi+3x_sXT-Qy3{muQyq5NA+|=sF4FTJk!i@JhdM7}JG>Gf#8L z%2m8Xw` zh35TE#-yaZw?2G5Tt1Lbpwl14IXUy+nBGGtpzS58mYE7PR8&-4JG?`D=`|b>2%`o^ zDxYm_6X#T!u{C$G-w1thy^86ll|;5IH`!gEUB|fDVZqBE^70}f=F6*e@`hxXH0aP~ za~(c+G|C=znoHWGKIqOW<7`Ld<~KZ`yLaN8nZB{BiR1+V7YLj&8NQPfH05)6> zSHoq#CB{%m(tFNA5`27ByEMj^H|3;4{KE$M1O=zg`_iEuo<~&9kQcP}4h~@6WL1N( zfc)2k$6i!-MR17Xblr0DtSuVN6SLn7n>RetC=dSh(Gxvd#- z^hDa&c1dK1He~S^z%}FBfGQH-vyiC|)+yHl@)AC&m*B^-anOv&Crd_v4VTXd6Hk2~ zaW8Em_?{dC(*~Eh7A+tpegiO5RfoV6Q#3TD_8_#zlV`->S zt>2dKkEKj*{nZ0svMoyZcMIiT4ZL=^)Z5P6A?!j-+gW++@42J&JFGcmCSFA3;PrrO z49Gs^%!N`I?8Onw=DF3B{dC7VZF=8 z+x-L$?Bnou6stP-Tm6(da(}8HpO0TOuSMGu-CwSWc1d_09(kF6m}1_%TX~}6pjx`% zJ;w?D88-jL^;+iUkux9D&t9o7R+krPp~wEZ3@2ztovP9WP~EjNI&+@wml(LANSKLf z@z68a+Xd62*H+frUNB_NSIk6eY;mFOyM~s))I!yrJ98!UwwsS7VK@?LE<)*b^#Up! ziW=n)l7c>t=F&|e~U7R_2wmhq+>30Vt!X<`~$d8hO~CS+d|1~vlPk{!b>8@ z6}Dzc)u@%Cu=1WWT{o=8F`98e0j>85@y0j5b`dcs7p>59g^rCVYo|FdLvL(A}wE80++l@54hwDBEXA!ezLS1W5*+tlT<`sp#y_RgB%e=Fb;nXr>xY2gPz- z_j3#r32(#jrS32ir_3cJ>adfVQAze?cVe9BF zY(T2Jr6{zyYB#jtDb~)jWyUiFqNi5~sC4mb%WwQa5dBPS*Ry<+A7^#3H3L6Tcq>)n zU%k0MFKj*q&^{W6d)qwuOBRo>PO1OcHnwD`ykm1H#d_(w%l}J-(0|p50n@il_8FfSxJt$<$Ntye_0n6+U=0P!) zCtYVRFpSzvTZaA4*-}M4GKM))w%sa9-UrE`5yNe@bu9=4*Oj~URtvmT6p;d(nohA! zv-|`K7tWvfNN(JgWEvoOybaN%hmz#0D`h9Zub@zFJ&GLLa_VtUKoRYvIoIO}J2 zCaq_q?y&oD8kedmJC(Qkmqj^aVd?M2l5^% z)dGQrBzWsF!(5ioT{gP) zCX%H{9rmS$;XZW(gPYO~Q#Rj-FR;)O0Y3t5c-@kEXBA zhbJ9f5CIt#QTNFTB-B!ZAd}pKh2@GXi}mRW>S?_#U&Y9y^n@X`DIQsBO;E1To$w_J zVci+7EX3EqE(*(re4E>84Zs7x-mNjuV+sXnFg>2ghzZtzPY$hkfmbR$$3|&R zv$N_sUXCp4Hg2QkM)w}OQ8lJua**|Ci}*J{yp#$!dkpBU34R{vRdC49jb6m;`+k7m z56H+h84}TDfITfV3R5I)==-`{X*8l6_K}M%WrHcB&eYF1QBgDPTtadh7ZvWeiFGrZ zT+dhp98pz9?i=PWe_OCyrX!BdhNQrNPQ$?*wz% z!Zg0GMx(2q4L+=GfNnF+H>iZ-go4Uht795X(x?-6&UDm(_SCRi2HZ4{?Tf~1!jLtr z8jZ)f)3OJ#SsaEPU)jELLB~qO0!9p$NU)`%=Gee*9;=N)d?R{Pu07VSWnSkN(&>pN z_SMtxu@wMHD{>4rF%}kPpLFsMXE{FJse=iyv;00A6x9A-hwJ@DP?nOsDW4=a#F#wO^IfKB50yk+m~6Uca1rK%aSJ<00Db!#-vj7@Sg5|p zb3Y%0{Y`qMx_^H^iG48mC4v(tWC&}Urq z=IMlQhyOm+KpQuQ2Ux67u&}JA#!J#vSV;2h1E~ZyTQcc9>5hfrhd6+DqiUMm_vz1v z*1xXv1%Dk~=yMy_-*zEb37?0 z4qnUbXy^}TVMuKr7BgS7SFi4&Uy7HxBbgv|PgiisD1fP8CuAearm)!TsweB)q`m3#Y9A3?RIJVXpl1 zw}HX(QcPK-cXcP({}%~>NALI&)ASal7b~{wsj{56R`R;w&iZKmKi&w5zzyNIqynas z+`qp99wxbOHY%)dnQX4~I*ewDPJEOd7)06GX(U5;#p2nL=+>I(c1b4tnUxxxCX_|| z&o?ZD@$1zwS{OPX*d6t)&h;roG9&jI2lTyps2uk@7`+W&eD?O z=_gp$>yam7ViyC1Y%nI~_VAlRq}MauA~F!g5X4CqHhn>I@|-4vI^Jx$cbeZygL-<| zr7XquuFfl?e_BPx8>cna-+o`j+T|`}OrQ&XJj~nRq zNu+9SuK8U$I{QzbnszDL&V}W^YEaZ;4!>J{#h8N=q=f-+X5t#Yi*iBT-8^)C4KC!U zxT6JF=WllM42JXGJr2RUE0G{M;a?x~E>=g)IF7lS#nUD5RP^!V+qXYDJ$Ws;rOjCF z6tE*)wvOS*%`Xw-fC|AN6*n0G_0X^mSlq!b7CsQbC+{T6ONKR@?_o}`(9JM0J~8d(w4>`Rd!R6Z&z zD+_9uxi0Fok4h8kvyal|)!>CLE$wwWYM3U}cvQ~;Ot-nDQgmfrUfxW=H6%dSPNg_0 zS4v?e`VF?(Y^%UcLkq$xJQ_;cYM^Rhf5ci@ixQZt^egg1eTL{-S>^k!wOwU011C_x z&6_uyxqx#UKg1aIsZ)<}h)&5O*M*N@m5vNj#Xx>iKm1cV{X^gIc|D}|=2+iJ%gLqD z=1JYf2wYo7`Gw!AyGS3W_r4{?u>A)OP^L*+ZT&OW|o3e+QP3Tl~=7s zdn|E%D}gu!y{=_bQ&YMwF2R1fnA9Cqf{g<2Jk(i>!wK6)42~Vebar z_&;Gi_W-y}&rp?E;kW%xB7P$()to4aHq#MH++NG$T9ET(n4t;)4t=h&ML9U`-4UTo zi(X+W*v&r%cDrLh5@9*{Yqmmpxe$Ft>+nhFUQPAKmjF~!yZcTBz-FA1*0_Yiwu@=s z(o`}EF6~gGW_1fPErIzj6_+be{oRZvWclaMHnui4A(VHmhD$gT0Y}4oyf`pbJmZvY zD(KAQ8-DPQ${6=*ZKAQdiiZ9XVKlAi$^79itnD;qa(C9!&8-Fs3_c$Nzk2buL<)US zaR3z@g;|b||0tnZgYPkvLs423X>8s3(#d(JDvC~wz0SVm&W66Wg>`Zf?!eSGF5kYs zJ~S#rufE{JhZ0;f!@GUrT&I(Q0`+)0t!~jkLTwFp>hk3vFRn}4tG0MoLE~mATWpnr z6$uIVSD?M(j9opCw`5$rNlLK)VMMR-&34YlS$oXj8u^A`FGSY*az@w-8r(2BIcZ8r!5KcCiOjJF{MSN@{AKS@pj2jUe{YDit#-@Wc-^GRFbm z+A0SaTivx%r|&{O{1i_zG?i4aLQCn57FUdKlzC%iR-7!aJ{KVsa)bH?}r~Pr2l#*U$xAT(bIzyw2^Bbw%Lc2{K z=al>X>~};pvdwPDG~aKd#`8)ta&F+%DIWz;uh)^_8^+)cd9JIQOxaki=ku8ubS=Sn z8_&ZX1?J0xgD;np-i@wM;g!r=>!vhtB_hAhT6W2H31H=j8`ebPKlS8cqB*RlTYVG# zN#-K&yRslB&c+KN7b*!6qGJ}RdPkdYCu==DdH%y&1JAo@3&X%eJdmDb7_qjy?SlUbM@+nL1CkN(vLc1wlj3mVKt}SP zfg*AVAA_{@Y(6hsx3{=oU!K$xzGr&RmOLChs+?U#y}G3+;hJZ7J<0D7$PamonNXP8wA z!sr8!LnPavI2DTYUf+>zurjWjnqUdHNhhvZhw1Xg(yQ(^rum~irskfRrz{z}og8Q{ zb{X}yy_Tc~p5$PG`^)v~$&{u^OhIrOxc$tJ4G=}u?xN3Lt(yNut~=bmPO5pqq9D_o z`dr&2uIrWW@TB&P-^l_TPMLYNIc`|(5C}gUIBDziKV93C#n=mJr?g_BYZ;KYYm7*} z)%v;fNzYI&FLc1BbdMTwDG73<<0Gw`A63UKurC&MrZQ_NE9(o@BB=ZHY2$maTM5(d zV_&{doiJfXTiXi2+_Uj*YSfvYW>ep{Zv(t_?s^+Y0*|>DFYM*$n%og@vy3-f90JUd)>GzdmP(-Fa&~T<34GA{Li%M zgmDKs>iE9|g=`j#jp)w1FWCv>tPVeR66NS%FV$}_WqC=Ez~6_>hiCH#rZ`gOOr$u+b;K|a^&mm2+L z&l`5eHSMraJNd);aQ7u%sq3ylJM)l4c?@NQok4U`4rdRqS~jvPA!YZhzLtkfUc1pQ zB@^N71IqSPzLn9)F!BN=O5i4EGGq=~kg**KlO9raEjTa|QaD^zZDlY!BB_s;^qyof zcxNjYkbK%N^5ND<((%#J5#~s_{miQsTaqe>0X!*_239{p>Qy8-i`}^WFoW zbniLEw^PaYY(=5=n>CP;{u5znWch;Y_q$0Sb+xog35#9J#v4Y2d%DktM@K7?+f-b) ze>{&SL!NF3-+XCBBQ|2Imi>vutX5Npr>l#{ovg>Y;xI-bR!NIzjRc6JrE^={kLozqp zAR&jpEg`_GD&JG>ucphn`S7>e?jCp)UmZ;xUIn)J9+v&7(Vu{q9ZVN1MV|Y8@MWO- zkSypqo2$n9mv|r(u>`COgV4@(zeuj28j(xdE`+n;gl^U5wEl=VL{${wibh`hE{zDo zIq6GcC_G~`T{LaggK-^5XA z6oN~N^yoy7x>Jo?zjlBjb~zY>JV01&2ALy2SX@}x4VW1<$4O`EvcT@inluT~?PUMz z5&os3&SwHD?Sd8g$@t%Xv8;X@Tybj_revHeZ(UY?ic@6gSw7d>d2jw}M17q)gi=*- zs8O^L@w(V!kl&u|?HJ-2>_K`BV9G1tgQ7(*a0Y}8-g0=BrlzD+?gJ7?f$#fYm}@tE z?=A21`F2tt{9$8jr)6g?Gsr|>3sd`^LDwCSSJAg`^N6N5;|d-ZFE|z}%mL<};F81D z0)x067Y<*el?QTuJ7`H5)=Z3PSaiZp-8q{dMTg?)l*x>(@oPICc5GrDKKFN8BSu{^ zTup>Nsm#w((uf&Znx3ZgxZ{!<1O~(>ydg)Q`5`7H&^v{&0I}*lK0vG!Cw5$4qUTmj z=P`eP%4N9d#t|oIj9c+^ein5nYd2i-qKtk=xSGrEV@tV9syKmkYV5Y?_4(VXd*SqW z{^ThvAw9Cf__0~F-^0yb^BF7vDclv~jUHD3xjhiX%5K!oJaG5WLF0s!CEa_3Xt|24 zfKE<&zTS9Mq*_a9;MfSJ@=xn5mAqI^kv-E5J9ai)=GgKnt1b)ACz zjJk&x%r1BjTewe=H)W;&42&ZyldAzK`w+NYEmr*oOo--yk z39r}1V{!!&KY>w66E%s;kn7g0_RpVE>|Jj8H`u7d#>Y+mDpDY>gknGd(mK$!xFg-T`KQpCK9DrNtx``=(;t zqS-7Uk5X|~8oM&QH=lZNXbPkfRKe=`4iO$09V6mKuv1d=mpg8*efuq)?IK%wWXD$8h zv+cWru#^3L#-AN4(G|daFP(d7{X_88qfv~`B1lJ?Y6WNNluzrj%zLb&d{;vwX=~BW z`rH7qUqle_I@z*E3h6_{e8q5S(Hn5T@v@Cc@rson^G^++z^}jf z1k5>p02w+U8K9j7P^J+4hgW(_dHF3S*bFm-kLZovXm6Me=c7wk8saX!uPcbeq#KGm z^(^mK?+gO8$()GKr)~t%ulwEPl%rT$vO)y?+Dglf`o;NJT!Pe0wL4Z0|Ek9C#ag|w`(fo{j zy}+fGg0z(XiJ%^R=W(pbf>xBLD{d8p+&uMjDkr|}nNlLb%P7Qvn>)@LZ8svrt0mD@cP%A#Hh`#uli>-2e6{ew=qHAJ99WV z@`u7^Go=HW;MCDIjp9sWk6vQQE`(w8h#0e(jNMY{crRGU_Kw%!G1S-h!ge7r9=L+f( zGA<%UyUcJiaf=@H>0Poo9JYz8h?8(L9N@=82ur_faIlk=x3r%STmOmr1MhdJd0%3KSbs?zk~wSO<(?!P&d5*kFosv`p??Hrj z;^11IJzYs*!zHnda``~E&@N5a0b4)h7DQrgSkEMhNHiGPw}}OQbqQ-Ab={S!p=Di~ zF#mAE;;1%Jcm46Wc7Y#BhreM~e~|PHx0no=>gp_MYJ=SUn5b*>>|0E1?3HE+>tk7E6gd?Y{+RGkSXh{mVY)Pn z#(8EbeDYW-FQ4zmP#MqAbwz;lh?=z=^*^+LZDoPIXxpVx^LxLCCRIx3V+=8}qVQ<) z?gzgbVj>bff4iiXOT#V!k$!9ynB&WrAMNLACyl00gP2)Z+LW-Z=n0zQ2T|q&YyRXc zefy+676di2U9#V)tlWIy#RYX!R(F#aX%3O>4BuRKTBigww8?j9z8&Nd>9iFy85`r}o?|ish%0S&3hCs3U(diKMgYTMZr>{ZPnz>@!W%mi#w&8u z%)Xnc9QWRYGIL)Rih>oxdO6Cf+czo1tnTL$;S;BPyhj-_0?eG&ueA7j+=Xvoq+uEv z8M$_kN6t_u+$-bkVR%G7s{)`%CNbVzv6kQ9im2u*DJbh(bcX74va$8kd+z&3N5(2N z<$``Fj5#Q=TKP$%rD@0w8^rNC8huZ=QVsQP-fHL@(eq2p1CkZMNu0QYOJt&K9~?0w zy|trmJi`s`Z#{5v{b*WZtmm3HJ^0uz>7KFBPVu~^W&f6kw_f8(Ff1i5($A_jB0_1s zsQOE{x8>RVeE5GL=wWVC<^PUvg8eCX-z*3tJ#-GFTXA}+u54H(7r zp>0M54j@`#r0|?3q1%@^(*~N_(e86ClH}iJrbbFtDO^rEdFQeEc;ecG#>QxGqo=QTW^K5; zd>6zQP-Ahv6Iz+>VfOQlGw7~0fLzim!uCj0&5A+tJRzWt4^V8nYklO4uBon8iCAf& zy%tEhgs@0PTati`hlZW=CX*GrmhG0sTndXMW5~@{r zFCYt{8X(V9U$wWJsqMMPNWg7vsGOur7BZEe|FDc*K;SN-S5H~LXk%k@c8pz1Cc?gk zIMt|JC*%P5U{wGrvs|9bO-;3`{9c8KDp5{mVVpI>1_#6GFxGj=(KvH+_lt@?eFNX- zmi^9~ML6MW|^LX9XtS+NbHIcf3}X7SE1+(p&Aw_3!hlH8zRz zs)b+7GCzDc$AdkyKJ7WwhG*Ls3>r#G%y^?a(~wb+mv<{OnEtT{StqaI4g$exMA2gq z)gvr?CSlCF^HUnXac7%Et>b*w$qE0|q52H#mTN^{PRXqyWq*dogXK<)0XY+gXGH$# z55qp+`Ad`w3|0c-xpYX;x8IJQ5HK%#e?KIqG|kVMa@A$|bNU`-|{ zU^graimo|^Pf73k&2J8;?qSYVfGlinZSB~wS2~04H626hW&mu^%sS)jF2w-r7sPbM z!WF_;@^w;HDd4Ku9yw<>Gb4;gDsJO(vElBsm4M4B$T9`bRZ_f3?y}_5gBD|eb?=Nr zs+X=%Q?<7{9fW?aZ*HzkQ=wR@PY&YzZm$%Kw|`wy?W;(2IM1U)=dbzh0yanP=WmMa z*YaZ|dYkrI2V4DMQ;4V&gEx73mZ%P+)eI7`;vvD5+|0mLbJmAQTkAnK`Of87kt$!^v2canSP)i>~8M&dtkn z@g?D1_s~;p1XLe)vPU%Spu1i~#YirzdB2@;%`15CxUC6F2;oU)M_|4e zH}Y9`x$BMlPJ@)5QJBTE#yXWOdgAGDG@;I5yMTm)neGJJ3)pc^h2Uk>S1blwuLt3gbdk&93Nmy1v{5q;EFWO8{xZ_-uzl z1ErgLcpAknxr}M+>|FUP&G7dd=jIf7G@A(6rp*3ox6^7qF?rJdO3Y)#fFjysciPJM zx_7F$**Bayd)GeTBAB?n=4k=4uI*$A!0j*!oU1Oc5>pY-xvS+MR3uA=-4c4mqnXr| zKj6yN*wy-Rk0mN0GP|U!t80F&VYM(aNq&*n8$D4YQ==#r)V;-(zo#<5_{;|w40fI0jDO2{^TlsOq=PRNWOn7$t&4237^#E^gZD?@E`MfS zl38V~P=A}l)BDn>m5eEKe0N99U@bedLBd8u6!s_cuQ&G_%z5hBB`k32)6Mpo< zBsNev*}){%7G(ZC>@X3Ia#(2W=@K`-?6+->1v-Yh4Bf`0;W7KI!+4g4aidc)pnR$q z=et#lJ2{*O<-Q<+rn;|Genf|UwZMEkTi+K3#&t+9imtYcp0dU@Pr_NIpHdva^7*9W zhcpNc^5-^a?eT2l)3vUUM;_$VGenoehSx0OOS zX9P|2UOBcva(0l_z^~{GzgD&3>=kGCIkGdr1CyX~2No6epaMgZ&WHZ@_ZQ zX`Q)dHuc#$vx2NVY#&fUcgV;l!yGlzRF?58Pccx$`}X*@yVU*s@$WEkvRj z0xoz{@w3l=D06$SJ2ML+q?}4m>I(Jpj}gl5EhCjxXfmhi+cqjI zU5w!`f)_h`2-81V_F$jKS*0(I8}?F!iNax6H+(x*y4%oYQ`bdr6fChu}3KCTR_)&1BDc;QLA03-(g#utz}*n zsL^Be3UzAk&I`S1ONR~P+kBPLT0ci(wik}--NuW1AM zldeOU!2gxoB-cYo4|O-g#dpP(A4H*j^a>0xi2mF7*8at^%~?IX!1P~Q?554}%sOK3 z;*3Ytz@TGv~o|K4Yvnl(52f$Cnijone%jTeZH14 zrN_r(Q-GUl>S|_RkEtkkd1T$V2ksx5xdO>D?-0=6-M?wfKxFgxvVR$LD?;h%bMy}; z8|7i3u2s>*JmMYY@8WSCj1wUs`J~cxeT6{BQHaaOj|yvMjMJvk=T zF>(+{t7e1F&qlSK1Pc@t4~+=J=-kI09Ry1IeHOhO>yQKJ-R3IoxfJWx9<5B*ob;Qx z$b+KTn!5B8lEJ}2j{+NI<*Kr}xp!)XRiK(@9E5Nrw6jGB<7AI3#K9jk7W#3WoT7QO zS$x0!5=9O@L?Dr2?bP9oKZ|KrS-Tj=FY5u!1ip<3^!#k`H1cWdrlY-mOmsiF5daoM z3RE(6Bah8RE9f0@LS|ee2EBCjYZ@BfT+D{e+?@b8AOq?BuHz`w5l}*2Oggk(Y5{WU zHG}H8a?=*RWI>PCnwq*9piDwk11a;JLG9_W!MNISHOcXXUV}k5)UNR2O?iYUvU%Yi z)44|cAOxaVzbI6U_KDsw7juCPRb|je!0-@*S7KGB>CDpcn>th@Cn!+|4;D8Ehm3I4 z#%$-s^IEInaZuG9BOYYGw%!kB=wXt+=8YFo!6nqn#Datiz4o_e#W*y*QQD=9>*(v7 zLrijnK5z8}Gu~b0f`J_!>!LfhsZv_+@}xIMf?HgMjW^#oIF!>5`7{P?tExSH+GVhZ z67FUacrxLw<8nm;85lXn zt^D$Lmi9vOl2g$po5@trBZ&@r?=7Ya!FzoSB4a0)-`iTL1OJye(MCv3zgvB=$nu8} zBT)M};6PaIdFa-M;zYHc1hfO`tL>DL3$X;nYS_!N`G;kniwUCs-BVame9P4XttHWK zb-k4as4Wgrbgd3=Oii=>wt}zC1ebh2AiDLMj4wL189y%Cvul?gEn(6x-tEHg<`H>) zHV`r@ugDdriJfnoD1!t+mjJDIlNhABpmuf(Z&R4yjhAo(mkodW^C35P7sjn0;xlpa z{V9N0a>)I@n8W?9Ua#b>yA(Tsc>@LlwW!aKZIeJBPza02sJ88I(sa6 z)jF)WWpm|jwnT8qv?D!anK`SjefNC$(!2P^5btBszO=CNaU#FxP7Qa;s@Gq7$b8V| zmUFKCke0kfG?V0B%se0Bvi)_tu#V0aWZn2y)yZJ{_$A-p@C@;QY*9nD5GRcni&^>8&l1>&WH-W^bnZrURo(JV!MxkU9;L~Y zz%fKXNT6Xgp`gwsAOL*<&am|4xD~5NP%uvtX>FQ_<&=b031sc{gX$W*+=b~-Od;~% z$@aa{AJcJRNFKTEpa@@&N2D@3%Fmwt1P$B8aicQVPTOc4DJf1FbHPallel4y~*Y4|{4Ns2+MglrgAk{r){jJ)nHph5XwYK`+HSW)Ph9!A}DPZ-qjM ziS%Ha%Uv=Yx6*{-qw`zK^KKdxQ};3Nm8%ikxm;-$Z@8J|oH7j27***Abp;C#sE>7Z z1z&+>R8=#EQ`@FtTnig9#6Fw^GEPF>Mp3OCvUNgaaFSURmiOOT?a9zz*b#iNsN?t3 zxPw_LFzVjs?vKal{_Cr5RWT$sg&BkQktsWy45b+@X-G*H3wbB2JW2bE(gC{?xm(w= zM0Ze)k@fOR3$I2WHrE#uIh529DIBtW_iRmD`|Wx6TFtZFn~AF-auu%5G}(=m?^CWT zId<~0-d(*T3X?O7bt9KykJAKOW-wNW=f4&b%QyRJ}ekk8FQSAzxuqT=RUyhWcp~Eleq_nAFpLN`qJMdy@?&8QX(i+`cJL4|5*(E zc|+1VW0ErsmMb88hf^7gNt#YYF`1(7Z3MoLE{ta`$gddl8<>9C@d%_-5S5ZkW{LVl zypyhn8>c2A;FSss63D9IW%)y1F@l5G%d|FbAv&PJbI<;n?PAC7iPIMh@w=REEAi`- z6*hK|6r!jWuL!^xk#0H{dyI!Y^}c1pUG4#NpDw!nbBBQgPIk-kMf&H5Nh#i{=---6 ze~2l@Q-8Tp`1$dR{FaabDz+{44euJ2uC>yMBpWf1hVjltg0C1TDsG*(a4%dq@W7gk zviBdX3Z$^}f6>!EMf|lEHsZe#nOR1i{-1#Sudw{zukE%n7=#9Fziqbv{_>wLRB$n! zG1S6~3VHwhNiL6*mdsgq{w}TY`<8zfNi9Vj)mNV5X+3EDS^S8tGc60S;WY=SU^6Zmf6$OxkEV@A5>)->8+ClvLls;!E^P z^0NBjZhHcqdD8Bp{e7hfV=S(V&5cc6ZI7gua zLit57O%WLO>PpdZaf+F;ZuWB(3&5zo@x+vrH%k}LDNbRwnL&+++;YWRahH~6OQ)+6 zkcK9z9NGs?k_^onzOg}`eYvu0=5Du0*MR;|Il$?(wYPWE;4b`tP^Zl=?}H>@P0&n~ zLA0e!qC5wwzo$h`CAcJBW6OXU7o8=ErqYB{;-=VNT6J3uvDS=?kifTI_oU&6%AQ<& zfcLnoQw##0uj{mf10xm1#Rf&JOFL733Qk}1zI>Ts9GQe_t)R!lAFpV=coF86YC`^Q zCOquC1v)?fwle!?nv2-t+?;Kb2cjJC!O+*%E|{D|I!OyrCV3eB$N&3}NcFGSH6Hbr z{xV%FNi+D?pF6FAQ{hr><}Di**0Lr$mGFQIzoNpza))}C>wTEy?83={{fRi3p?lE> z5g5);P2+!V4)|qxn7UAQJ`80gct!3k=(uEaTxjcarW)~@4m2jil*4}VQuoz!ei@ZL zS7}?d=P{qiA=RY*`}eh8zO?fx`ewJcC^Gj-1BpTXnYx5jh6=}+VB|Q4*gwsWpk~ZO z-`!4D^1PU&b7o%nu(|XJ-gh5$MOj(#UiDaY=orW@ym_HTOsipVc6P3Lak16N*5S>8 zi;qoFNq#95M=Z?6z3$*NZ~1g<%VJJ{(8JSMh=ibH(v4prU=b7Dj+P`!;GTqN?Aps+ zvwfQ~Q+YM%V@EkM{Pnn1LfhNB`dP0pWBV%uqDWGT$>36t6Q3X(d*H!T$a_ z{~=C-em?7wUjK}mCxTurd6q6?R$JN8Lqm3sxdniCnNVMQIQEYpe4KYxQCuJQ`Yz}d zmUJY0mN-6U^B`7o3i|RUSpVD>{ns^#6cB&0q{f(jJA44L$~!67mqc>;?e;WpoWK*0 z$sMR@JBZF`>mRUX5RatBU0y>Ly)dRDei8ox6X@GfEFPW`ncL(Y zk5?0pQ-~&{{}S@Vo^0-0VO9kBHuD2lB^hNV`^O(dT9Q=ytA|d+u0>fI@NeKec#s6^ z>7VyO3h#MA_L{Ys+YT>`AF?wokD4(C_?&xJJlw}_Iyg^_HyH}PKvV-#nUP0z4#(zY z4Lj7SVQZ|jM&8@<+`&HQ+txZVGC}En(3yCzF0PJMFjr!h#M%)bVp3ast}9N`jv~V+ zFdZ0`j=DI6=*gPjA91QG@L@|%D$}t7%vIcf_A9rP4RSSgerRl=R0H^Nh|n};HKjW4 zfR#beFf%LJLiAyq390x&q2G3*WQEuleo>|n7PSl;&iL9m@vDgFUF?tZdGju3g!l`@ zXIf&})1_@l1xXL~0ZYk?@3I19KTp1Vkb$+He^b-%491Ti(_{)BPdKHm{!#h(i(nma zixL+1bD3IqH4&G$O>{RjQeWyJgKA1@sQM8)&6#$9D$UTaK1tI`=STg6q_4+rHT7-w zzdjTAto$RlSJG1Xn>=)MXUK;VUeW{_l*oRoEhw0?w568wx3a30e4wsvY;Ks$pz=jc z&P*^R(r_r+JK{PvR*Oc`Kc|PK+vk1VokM^ZomN^hv(07*jHD2AE%)=uv$TfI>40 zi8dIFF%f+*V~p}%d7g9b=eW=P;r%vaex_V|Uwi-eTK~0H*-Pc~IA+<)HU*Fx+7F*e z1)9DAXoQs3&C&vf{rYJW*U1viUcsEjo5@Y;!=r$@Vr@)vRME-6pgG5_Th8%w8NiBa zy73sBnYn_E19(OS2|X%EbX?m^ypSRkAiVLW&hX*W-G+wxxy@Nm=f!zkgS$~Z==isz zGmt1wVb7Na&U4j6oKhcXX}A0CMN$MK19M2}_-krq+{uzU5Bbjta6|98d*NQwi{`p4 zKJ={lcEjloVvBCcrK)(AEI*e)Bw0!@Ad0tFOUrg5)~U9F`ty1qZT= ziOXr;4U3@Ex6N=|SwqphJr*UT6eBG&;Cy57RziehJf5S=)J|3oNGA4q zNy$0ZwNia=&8p~E>H!ZR>A&~$JTp!KWJA02W^<)YD88#G<2WstMrswK!E-0LXcG)t@|)uW z-rKIxT2eo0`3-*~*02J~k4o9)4H44Vm;Zf)`Jhff*_r5P=JoPFhndao1;x_c&rZRP zk6%b=C+WPlv9Sh>EQYoQxS0D5OJbFEF>K${Z6`UkYBPlGi~!4K&{^8XR)lQJ!eRiz zE5+WWVLD;ghSvM%=a-mY@*SRKz4gIh*~9l>SN_i9&e}ERh(oXFgpc#K4{`%1OapO> z{wtCF71d>3VUBmNGN>V-XUC5GUvvGgS@~|>(t1{teYj51LEX184XK9&BBQyWBd7;|5o3a@s{I}2cH>drk_UJn-W3#tW0B0RK5bnBc=OnE)O(2`K_0t zT|KJGw0&^w^oLN&U?5shOUmcXo0%M+({2~&o?&_L*AnqH!>?VL-^gADwb>D52N{=V zY#=#VQYBrCg{ERhyW6b?keZH9RRMRV`#azjFlCxer@=&PZQ+QhvmucLECQcq<5l09 zI9jDJyQd0kcO=@TpNi;9Eb`3X){< zm@#br-s>V4urkv_*(1Z{8#wAfvKrD&Oz}-brXesU7-fg{#a3zy1OB5 z(RO9sT-9uFEj|5Lb)XV2EsAUcyO?qIw_+W5`azuF{$)n@#us!K{j!vDFR4lC+J-5( z&d=;{gELNeN!ViY1ii$`I9%k{d&cKF82D^pK=o#eMAGEeAq7(mcm@V?-#WklV&&-I zP`x8h;A7Fgv;l#RDn1A^9Y2v;cX(yc+{;;TazFzPB0+xYpB+ri;-ew(UZ2o)o+#4! z0Hp<6N)f4TbLLx%6!Y~m(Dx6f#VK(1t40n@jgK!Cmm~}FtJXig-Vm4)$shI+Y1mT- z-R$9b_?`t4$|oZ76H;oi`S^ErgMb>5om@bz)WcbAO!eMd?zHlTh$&%P1M`y9c3#1x ztghQ2yVJeg>$^M6p449A+AJ#BZZ8Q7z_)YE@OTIF)3blyCaj5^Ku zWkU*zkV_UIv6*O=aWgaw=Zc|EyyR;C$=yNvU2}s~|ErEPrU1I6#NRe=#qWBSR#%VW zQMmGBu|lT<0%k2&*V7qnoZa25rGT=(ori#hm%{yO%B8p_qtB!l+Q@?MX_-?v?)S;b z#F{gj*RuZNAmJ?X*S?!6OKp_mno=e*qLFKT)7s(F0soX(jG)|`VFi^h=GE1t(N zpq`R)QS7yr+?Xfbteezqgq?2?d9UN>a4ju+GhAX~*pH;SaW(B5Qo^@rl7W=sS}C~7prjz&M! zcYUDLm%w*=+l2qfSGro?Dz!U(cx=YH-JhMl81x zbbykIQZNtCOS=DNu}v{hb2O5=sE0^UiznG`G}9HqnuR}p``q;L7|Qm!PNrvSq^0aR zUg^`l3ylr`)7Tg1L7;kx87ZdRb74^qwhDeiHW6Xm?=$#={Q*yot+f7FT1^ZrDIv3H zwdl?7(3qUZWj`h+C*2JSb3fXAuDL@DW0Y+0Z$`H6_+3g8=`FrJJ!;ahsZ!DE9}7Zk zz~2~5lkpfE86lDYxP5jMP&_(1I(xaR4rGQ{l|M)OiLq~ejil0U@G1OxubCcjD*C@AJ-d@=d^q-=22RP*?xr1^8-`3P{=6W$zIKhAvGD zgqv#`S(|ZrC*RKS7-pQ;-ec~73}{RjZnnUEOZ_srJOSM*5|-t-Sl7&LA`SR%;&JCE z-ManduiBkn!am0q=eKsQC#mr(NtkETmsy@Y7d7+PL-KEmhg%n=45Y{;l2lZ45yUm9ewT1FM@bJ(_!o=vmeOm2ZD6(P7|5d9Z_$BKX|N2 z2j+=Hl9b=Z;Cr)sKm5@L6& z5#00d?oKZIxR>x%^nl1OHfdbgcGPp7KK9Y^_5w_>Tf4$)0pWmfN{L;2+{MQiDA6MH}G0&-|UJY~~6%KEUGoKsLFV^sXXvzRqW5PjQ z;lz_`3jAtH`)w)x^kU9mE*IUmvtZ`T&v?v#|Gu2g8*_CEddgz0S-@-2SW&^#ru} zqx5ETFRYQX!Z+4o`nGR?|>wPAj{#ecvTcnbzz~0wAm?y z?-itOFHBK}GmcC00W9eLgT|SCfev$r836&VX-GL`P{!z4&5Uecy~p8wItO)HVbEro z`3ISXXDPcmmz&!>4j)Y2FaVQ21*c}LqvLBb2>cg}HY(okbG9OD^RVxC)yhq)Qz2D# z#QNvpX$8&KK~e-MtvLzR*{vxZPU@?oB0ur-=oH=t?axB2n|W3)9*cVxR|c1!tX z^YLnEoiF}^lqbmX9Yf6Od3xU4#(pTBnWbyg9rs|M?#_1>)JHXv6@S_{p{->QQ415E z9ony{HWo+GclaE7wSwrGKbr^5N5DDK8eMwj$<@E^3y%h!J&H4-AG>paV*Ew^?;G_m z&?Wc-;8nq(-Kb0Vw^P*3;9K9g2RT(o>NloZDq^Ce74N%?KVlK*oz|y#kzygiU8{Ck zF_PvR_qLg#&_LsU?V}=L9%-HlZWS)@%NS6&SC~5kOq~7x1JxmrEGGGG>TifV8}A~L z2Y=mKk9SniVUr={H3N;TUC_Y5fM{_5IvC30kGm73Uz2Gmb{i12egS8eh?B*Q4UA$0 z`Q+!o9A5_Ry#ZZ&s*w-=WeL`i_!U94D>C$|v@pi|TA(S&i$)cTZW%N#+V{+r--_3I z#|94Qp(lLpi$GDg$e8rWEHxw;-#mTbHBMwx-ti2a9gl}2#DlK0R#>)9E|w_0AFkC)xdLl%YhIXj(bu*OzlI!YN9n``gp%|5jv*~*vw@9mN;_T5#t zq6KY}`2S-%0VFx#>Q#bBHCzg@_A%a&#jOVmi@3T21zB~ApIm8MJByHA>%=^HM;L*Y zM!Nf2srnv~i}&Y)81I`m({AJ=h%r3h1l%O(0!`x(SSi~ zhp%`0ZjO(C1phu|Ic?KDpX0x9rvKM+LV*Lm*S&M54U)fI{WugKt3Z04fC_t;4#lrtgA^gXW|JOeN1D6iewP%2w!1cmcK1#p!AudkzEG90FtvBlS zgTM$eD8jpn>crjbfp~Vb>E9$h|NeaDXy5`cM;9Gm1U%yfFOvYWOZ|=CziU35Nb-sB z3{b8hDoZ=Yy36kDa=Z}{5pd9#h+WiZ2R7YjN6@Z~HUc!G*zphRTiZ(X|V&iT4pdPj9Gigk>AlZlQ-{9701wMISyiS5ZNb zkzCfL)_wBol}mMOmYAX8eU4pdXq8L~(^^Sr@54s?EA|gcds>gIg$UP{c0Wefhxc9E z*xG4S>E)OisqKTxo?k!o``EGT$?#*E;#lq+==q+SoQ{Ta#vKN?_q7y#CA}MevnZD< zH2st{mMuATErPo$)IB0FVh68ja?R?x47qH0-k$6Yt7I;CBSMBFPVHdJ)p^#M zCRvrw!8l3HV!QXMkCtmZ9K2d&?Sl5E5bj(GbZ^>W5QDS>U@e}TN!Frc^@c3xFRrG( zU3aDPrtaMqa#V(ff8IiEff-qUAtRSV3ovTVr`~gIJ6mn8bNp2R*nDL%`{2pkW2=!{0rTc7)dLUiwDFPa?O&3rC z|6BC|JWW(&d0fM<^f#!G&CQzl{nW8ZDEoS3wAR6oonE?JXP*VH()zkbFdDF#wVttO zn2G<;P0adOV4n+a0=0=&6WC?d%zQLpIA>&Hsr^p-73N--k)D~I|65Fx+iF}&ICcEU zFGywk2qhI&Wo_*w2`TAT&;o|;$i&*Ut!2=5EW;6S^x2mI@^n}I^VjeOF43#MlE6SiZvX8X?eZr_SI!(M}|+P%DdaK79@ zvtvvLU1xx{vVxp4Wtu{@>6nA*fJl~fbOcVU9O7Y&EJk8RARtnQb#}USbxkZ=@X($| z_LZX%E1sQh`Y=-<#tE?Z!rPi|EC#nv%}xE5OSH+BY<=8LPS+^klY7v9CM*W9V!3M^ zOiGUu2MPdQfHao30ChG{mo*5>7$e)3-Jb^s^60}ig?vaQJVr)S{TQ~IZ(6un{ zhCibI<)8clw=BeobcXc1J+U8>_b^?1N!ma~OZu9#VOGH4nFqov{s}Z*KJ&3a$GC(r z@h~9FAH@%YxVsCx%8Ht(^Qu$4xeZ26uk9r~+0CtJk~R90Qvlvih|P0{l5K7&$p%~s z!N(onZeornrW*}R_$OeA8#u`-{n+}^``7CJ=Rv2EJPSoY4~3yqbF&1$DwtRLC&vR0 z{!A<=ol&X1b|YWPg+X3Sg{Yi4VNYK=W~=5ybys7#StG`S7&i-WR7G{Pmj%*$#64ILXAsm;zdhDBoQDH=%Wvdw|? zxuby6N>~$99`fkSx`vpeDK7x+4i~!|z{3XSHMP8>ETgNyDR+Pl)OOKJc{x)M7X7e~ z6V_lwf3KV$7TDcYw=chH8%A(8+3G8z3$9uW~s?4)yjlaf3|>%c%+?l;ZLRCI?qTSuBPmQcG^b|yKJ zrkgi-KoZ#6T2GUC?-dI|XzBAcA5H-XMN%Lni1x$VLHLXLQ1+K>>pl4X_1uQ1P+%w=fAv-d{5Z$KWOy) z%IsD72S>Pa1BNF{sBK7T8C-8B{O z^adW+p6_{P2ct*T3(yRXQ*9RIU*I>CEl8f{cI4*+Ce=BPRDE=?EAc0zRc)KP-iv-H z{NZ!x%U3Q9M&}1wo1cTub2aj0dK4LT>r!gTWlugzpRahP<$-rj_Z}PYXHXvgegLUf zOn_0pna6C_K5&{Wi517HgBwe;Jw5}jX*ii=&eWE+p|J6V=obe-T7#XddBto(Gj%(! zd;3iWe(`fTqZMsnmJ0%eYk8)6dMXsi`$bG3?>ty{GdwdO^Qm8<8ZAz47kcte-YJbVTWE zO1TrK|75)k{W?txMdX^zPIny9NN&{$8}ld49v?bxH9&%X{(*DoA+aheZ6{L9{q5MZ zzNwD-#UUS0r^G37B5^HYp_+;>_HEAdUucovx%53$?`}IY2bLO&DL4a+lUiXw#7yz- zR$u5%;z;6GrZPXDiQDadc|y0X>vc#=*M_8-3@}@~BJ*i{Zq5mak%)oS)_4H+_u^w1 zXCrBC8JpkMc|;6D+YA0CH*^om|GUCeV7i?8F0Rf0^Mk)3q?(uFhK!z* zl&Apg5zpbkqZ;~5qHl|LLtXpZq5b(@YY=(H&)<>ryvntnqcU_GdnGVN+4C|kYaR+= zAt95GLS09I3TOt~fz9Km;ORD1piB>`1{R#W5`r=q6MMLx+<`~CMJ|H*Y<)+n{_V*g zsmW-STudJ3>%YAKR=_LHvo&0srRV!sQbaT(c%!T5E1V=z*`6jXXG7<>s!Ef_zBu{M zhr(ikQ-lKjFJIRG4BXE$!-+h+1-tApxM5lN&{;mjmrV7ZfXUk^uAuX^owLE@I=dXN zxUHvUsF&OlBd5$kD}s0=Bxu<~jE`?*tk+TVtBAIt&%LLEv=4`ZZ6Q3TSNe|-IzL_$MyZ-?@oOEpz)i#aXDm24^v#+}`%OVx9I$Foxy`+Woa}5%!Z4}; z{x)3SeK0g&Cgi-xa&c{Sb#|2TC1$Q%;J8hIpT}!kJMQ(CfB41yf*vd`{$&EcXck>wr)f4-XHsdRepudbwZ(PHFA0Yh!?rAp?tgjhTXY34->+6VdTp(JP zy(5>4f0!7sa|Jtx;FcY!ndeoKrp7#f*Yjaq)(vOHN8))COYgk1C}Xw$hQtuP*0$Vp zowtiI-Z@)$AH^s4x@jhikMIkGd0}pavJnEY3o_$5;=OCrx{r?DY$8-Uk*O9)BQAB@ z?lX?*lBbf2$h^4w0A4E> zVu}|oob@oD-PIR?n@zuNiaC8aQ`TJlovJJSM$S(x-JqyS)JyV*-=W({8VMjq9S8Bg&V(I9Wc^B=*VGb zYdbf<#dr7~ZL3L9q$ue|VHFcIz0e4PyNR2XebO#HbHfQO z+~gX#p;PXt)2ae;w3Ey0FC~3%%lnT9TfLot1Vd?YpOZDW>#zU&KyphBP{}B5R{jjT zcsEA?z*VA78ENEXO^t`ZsXt)XJ4f%@W-HKkBsIv~I7|C&<{*TCPIr%@%UK@+E{N`r zeez1%SleE^LZ?Xw19<2(n-?Y65HEA6X*Qgn>@dG2sJ{{7GhLMfeI)=%KqfY_atu{J zS6#C>{o%!J5U`eEhimCfO*Pu&VAr-QR1mU(QH%xajH|cT+;EX%_oACldU zd&rMSw*=wpUwYd(-yDMCrD|u7i&r6IgVrc4Wz!Fpjhfc9fRVUs@~H0}Niw_qMlh?_3jI8M7%r0Sl8wBJ4^eqvK=Ef?iLoTlwEvy8&RqW6%|(7HZAq7hLsjy z^05dfPT>ajqVl}JvpcOPH4kDqN`dY6yx(>tbIT^i%y*s8Oe`IR0F@k}PFL`ODJ5~M z&zjZtRM&_4@K4U>N8^ujWvTZBxur)b$6CE#wVohbI!8usrX?k;A#)@XSCDTzsJPN* z>()I_n2OA$mtEMSBqb#)Zo_$G?8nFTBZ`i#1$f%2KzpWs2;zU@V=@6qQ2}mhl6_%O z2xz*>U8zsv+jnqBAAxz%id}?%WcQ2*E$^Gvv<4ok;fL#|TW1P>d2|s9swSpiZ65Rr zq)H4deph_M1ZtU~)|1TQ@3S=*mf{31W|Kb7^54c-0li1RZJe0>R-YQR23D3b=~V^H z0*;3n!mO+t#%(oYm{A#j(&B`S8IuT5Mv1eN(}9RPm{(#zQ_ipffHWY)+3&sFrmM`X zgcs8tblu|0xben%dK*h5ERH*U$Iw5A#UbmcaU!OsG1Iqa29g_8D3%O^Xu(*Pu51!k z6W3Gap2cH3_(PHxB$}qe$&CKi-(_D+1Xl_>kMENJ$1I}*l1vC8eA&RLq3b8{kBCzQKf!aEB(0>?@MW)u03d= zo64TTPVxq^ZiuH;8~N&wxO#JmDZ_`i!yX1usFSj+qgV#i{YJc!GSo|+8&|J5(Cz*y zgtz9}sWu+?;O4p@=36VXwQGiceqru6SAfF{JePP4dxDwHh2~28SIIK$Zq|~|9amWgfE5&;Hy7;$<}7qDGz5NvX6~q+o#l z!h#?RwbstzFLD8``yV9l8z;p}p=$N`^Jf_8sh^RZ5t`=AXKaZW};nqKXo67)}z0y|$+*}czk zt>^R{p?P&-$}PuaZ2_F*)xwJKA%F!NlPg%WM){W6o}Gu$UbjeVv+=ViG1g7i<&%6c ziG`GvdpbzH_fl_mWmTp0FEjdJg#pLbJMjGAmJseAd?0)}ckO#d7?!ti_|z~_xn$QG zolfwGu}0{MgG%7D^+9%z(R6Vu9)wg%ku6Cx6I%QVTRo`?{LQyT1!jT^{_?azKehEI4Xik?b zTj#cd_Ta{{MaB%>1iTT_C^kGwFjR&}9{Ejz%QtA&#}^^d6ln)p>^qYqr&BmSy>9n$ znvG%rkn?CN3>^K7`HMOS4c6`ipairJEkv1Eh^12~2c{v8|5uF!$3FmwKiMiD)9L>R zOaXSipsNHaUwGx)&_91RT(|k)+O*7BbepKHXct7j=z6{*dq(q&ZsorH8?D^{1o)l{x&i{#s%oSjlqHj%wfVeUb2 zYh2kI!aCuU576~Pjq;;UBN?-W`DI4qiytBGLUj{7kd9Girrj)~%m-sO3mY>te# zSn1~VVSSm539vD@4~Uolj+OCXZIG(dwq(p!Ava@Ae8-6$@jAu695eY(N8-NDYIg>w zl+=01C84bD?CBn_9D}*X=C>JouqnMxQe1?dhJKkHYxQX3wrf>~PWq!6cu%J14YfG` zAe!bNaoKrC(?;3booa-1i&~3HLY9T;a=cDyMSZM)?TXUBb0-kpHX31E^ z!38)cvoe3TGXq?Vt&oPY@`22(*^xv*;Xh$v`anC~Eq_NZiwjlB?lP6RWn#Ch(A6z0 zaM+RrtvlpC1081|UkL?p6Wv|CIvN`4IS~2$Mubr65UpE5 zfQ>Ak@S)i<=vN(nSMp7zb&pKw#;NnjG}eIG!>) z6i+lghB#r0eV%J!oqO#H57Busod)eSr;c zoLXWHOE>`JLkoG^Hr+X~`yy?S-Dzm(|Nj+rTfP3AJxzUh>K>l9t7v>D`3vbA8u36U>3Fy@Np1SZ+gzPkoRUaF$NW*uI zLeZTOByHq#J9x(UILYJdS3N^FuK5=p-AwLKf`1VCt7+u_xafN-PY8~bC#IVJ+Jyc* zVCg1y<1?-&f5wvF&s;&rcv{WEvW~BA8fj7f`N!6J@5g;B;EdMe9Sm}`zp7cRoT`yZ4m9%Jm? zF1+kkL2=t_mY$AIw&Bb*MNvuVDFM-n*zb>|k@4}3`T6-@#`0tOG14rt6C{>OyUsK#Mj*jp#ev|`S68p&3M2lYlOAg+-llzm7RC%&74DAtJ4mHb z`q=yal4g!(sO|0V6&yTiaBl|-+QZ|CE|30P3Jxas=-s^MyTp1FtMUO#&W>t6?X=4$ z;toNOHA)|ChQ_G%{{y8=|A$hJ#TRK`c&$@g?OjczO&&mD{9#F)v!wi@wia5aktxyK z$8bTrp@}i-8d$?i7|{Mo*&kLUfGw|t)M^KqzR+K#4#NX1=mPzc5R87uOk{<^kGfVmByLI$Mw%7r=G``JsJ5A%43=%u)>q z8D&#U*M4n$aB%w>v6-+1b8H0X(d^RFrM3O*GNdDRfe=ee%fwFRz8;cLd}A%-=;&&+ z99tf|c&Sy``|;@oAn&$kq#rQGc zm(NmM)y0^r%v?y}qx-u7Qn@IEc*yiJ%+J{=AEYmu6}&nwxa`P7geOEy?7-z&jL~uJ zoO+@j$Wsdh$Od5-FcNf>dHyhQsJW}pN>x==(5|JTy!;B5bin-)Q*DPCTvi;j6xd8& z?4qd&MXp#xIR8u)jlsQ$k(rzncBa^GsB!@Z1vTw_jYOuUq&QLcF*xe#hSt~Do5!IH zU0g1Y-B_o01`=@^Je5*4vP5D1uguI4a^g+=%timS#&iD}9WO~Q!3(3a`<-HDVaA*g z$Zu0$z`)OOuHFlFE)BSTM!Sxa5tFps%qX34cm8fm)~64|T)xzf$pASOK<7kyz}DvP zI-oKAd(EubDN@WCeQ@VUs%tWeho|gM^7_WsRy~m4{IzjjcUEKC4-Tw8608O}VeMt4IUDxo&7RyyO{- zXs^X<@>%N^Jsk4`ZQ=u8S6LBc{sq!5@OtCzyV6WrXuX+pi;8n^=%(QKmXbyy$h_s#>Hl2$b`>^U0g#DcQX(&ti@w=}uzk4>}l_16!-Y*v!|fIpazw2Fe}(Q7ht9Uq;o$}}x~##X$1pFxxfwTgb9Q)N@J^enb>7}% z08cT#Atokfc_UKBJGT%h)R9ZKqbvvD@!n_an-@kESkiYb04vM0FT~|R7xtK=+Z5)J z2CAH##`)iPiG`9poD6Z+;FnJ`lO~*R3-R4W+V|+DsiSo=wG%*Cv$GLSjr;Y3gM8l8 z3qH8OlNidXK$NB=;PtTODHgOiRt@U+_D7fXOC!HMS_OCP+GIVNGT^ zN>`%(W4rtKtJv9s?CjAVRSb{S;7@_`0kHGLSCy$N%_sAJ7@IVW+_<*Ql_6v0>85nX zz3Q+jO0orYQ}X1mWeKpnlhx9S^4g&>Ba`-@+f5rN?+v<+5J&FXzz=PJ`e|_rII(Bk z$?%>$6f0D~SZkd@aclIL!9lR}R>0QJ>A4?elL2@DfO2`D*Re7U+5-YWDhz5*i-5-K z`Uob_xTdjh!5?xor<`57dU*Tpr!%SdPd+_5`l^C#AS&B$ zXs`vhQE|OI!jF!6m#0fD5Z(`Sm0nZU(`%)nrNxI5A)c$Y(L10sGZ{t8-qgU)Eu@s6 z>owAob8l8#4A(yTc4SbCGU8ozXPjv8XYs(Da%bq1sN}5_G(hudJ?loI`oK+XNKC_& ztri*AQdhX)K|ikV>dv-_F*8xA@kRm>R19bSmx!mHhZcRkobo)SH+N34yPm@F(hf}Q^&gr9oVp$I zr0{l$xy&h*9qea9F>m4!db~8}Z3_?#0B{AL^)_1^Wv!y=1fF`-z)Cc;T*Tl95=HTo zQegw=X29NSx=m|v)dqk_#Y}^e!TBYt8d_?#fnM3EIcv=to2~x zMNq0eVXHM`qq?IP!x3R;yM)YNK05Jp-*)BVmst3tPFhKKB&=`T3iNiIq>!JQ(69X&)!Hx*fX4;~Ilonx_QlTb`0#K7O5egfi&*->@( z?_0Nf>#aqE;Wue?nsowf?Gz-|q>KpeNHWTSDRDbz%aARzv%|dh zufjmL=zD?Uj}QX2@3Fz;mh_5?qD8I{+yU43bHglYfBuOyK4o*4hAn-1i7NwUQAV6e z%%B5S|BcGSgwCx%M#Y2$^{Bqs)H{K=RPZL$f2aCw$`6^dBPwIsAX>y}Y0w!F-C{Id z&aVMPSN>(A(5rhW*XAzqv*8Nfiqp)k>AQpymEOJt?D7^cAhee5h}2b#BhdX$)Ro5m;>;>0|HJFA2nlV5fz7_OZlA}Fc>REKM?XzU zk?pD%#0`luIar9M?MM@8pHHU|Xeg+nCVH(HNf(#h)!MCG4 zBuB)(`gwOE&C(ul*^!*Btmq8&2Uy-s_YB*3;%Qp5H}mx?dqr>d>drt8v1vni_+2d| zy7|%|EG6Yl9=%lfx>40lV`Hg-bOqG$*rwz!A8Pz_h1xKve7>Zz!;pK?6Bc2M`5*e^ z%dPZyPWemNr&4-v4PJAG7_4Lr*l-Tb1nzMGTC0){bkR`WcK3w)|M3;BG9i_?VfvS$vh$iMnxL zKdp3RV4ymy>MX{@1LJ2((!y9!MNSzVk|r0UGB`Y}ZuE9SCriezN+Uz)=VZbL+z=Jw zvOVwjDm^DuBt+KE=X{eNE+#74m)tZ~xG6mJFo4l3My-ZjukVu8q$;6Drh8$ zT;Z?SdmMP;i~m|?H&f3|WpbTW{Jl^o1J}@HJUKfvBp9|!)W_^NtEl)YVo&>$&Tb8y zEAK4<@t8L(CS`koOW;rqijGoqlGf?ubsX_}4>?;+O_+Db&;=cKY$CyCUqv+JN&H$w z*ajply01!}cSmngmF6s46)dgc212KMX_LlTp#fv8W$nV3Yv`YLgKaXS`{+WgvLS@S z*1SVf!hUB5ljH{eM&-4K{xRD};{@>wt&MP$CRve-*kCdjXI#%|Cc^U_-XmA%q{cl6 zYO7+aYKwtI>A-nenGS|jZnc%XUptM7jm6eIv~gAJeZl@yzHH^_NCDge$ZNUr0U@Os z5-u{gyNVtrw+q{i^m}O>)CU7S7c=eA*4uRSR4BZnVlT^N#ecVBQk4DCqWzF8-?(tV z3cjbzLb{P#A88fY3`piIHH@TQaTkYxHE7d{{8>(sN(QiG#FbBc^#KWU<{beTV?B0@K%WSk}q9IUA zfQMa4I*e#MpGmIaz1;3O&960qW(eBPafMN*M6Vq~VGVjPG;(OOZC~I^1hYx_3#52O zS4%%t>X=k3!Akv%%sEcL@BurE5$~v0vM2$rB|eE9VlW795TQk<*?^N-2tdPQ(i;e? zj>t%A?^FIGQRg{(wM3G$t#4+vRr0#zNYEYTi(Wo0E0Lm_6w2s8v!ss530 ztihVScM)1rzc;Sw8eSvT8T5qODZSWc$eNR+`sjo_Zb|u!=xQWVd3}~(p`=u9W3%@0 z$5B}N&_JM>d$RPY^j#XuAp||^akQE$DAuGT1g}k-NsxvODM;_%m3b&K3I_sNb46uN zV@RbGhu^r23!pCHS8@LS{sBRpA%N<{BO@#3urTAQ%-Q?o(^`|(2ET%~PoHLNN3&6I z)<7Tq@XXVPy`y#RqN@UsV4KS3J~t1K&!mX)`jwLzy?X?fFfj~Y z*G)h0lT@#)P{NuVLY*t;eiP3V1^LKMbR4GTxm)WjYQnNdX8E`1Z)B{E$7Aa@l#Wm<^s#8 z=tjL)&`q62pwBb#L{_%0S^4&~T({86W^xX&Yx6p7g_zV&8wTV9swSXs1$`KvG0*$t z&g-=Jz_-0Z0@~7`xi{dBazMwzUnHC7i+0xnm&m1gZds<~S3w|+V%7Zao@&wHcO@?Z zuWa0I1bn%zJPS{kBH*>S{W#BOj#JRc7jA`M@Y%x7b}gf1BWx1~s9#?~%-fg8k86yz z#Fg`yu9~`HsFoP42h*?>9z)OQZ_jT~=G8RNQl=8aud+MSYkOp%)5rzfG)zQG?0Nin z;+xGlr`BwAn(knu@a_xn%T8MFJ8f__gNCCy*HUbl>-DEngg}< zp@{1>36`#ouHp7oy_wyck_VRviurUg@(Ck=*KZHQppx15bOAmY0jk~3F3eUcG*^&0 zeW@u!XH5jPx@N(2(@<0^VsivM~OiaS@iN9QD4oX+MAMBObToo9?AtzBx&7^dsCB2Ek+ z1_i6BRwb&k4z8U~1fP#}BAVglkdCPO7yW*6qRN+j%wu8c>Gt595sHr-+&$R@18O{T zQ8jH2+@8SHH^f0Nv!yt!>~W7}U&|j{eaLY~?U|VQ%>~};HdUm<=gbo!ULnmcF0X9U z;vr;g&6ieqMMP+lVhif;SgE|X=ik*CPMPMFG||*dLW32hsYj+tGz8 zyT5WRuPMzlaY;^KM+O4&8Y19u)tCOR{vFVs`Sra5vz74R`S#O6VLCSdOOyhPR(8kY zGqOxPROBL_H=>fcK3p^?T>0(TW&#RR5}w!K&Qd&+TFayrm-&19=~{ zZ+L3zB%#my(Aeu!Kal5zH#vOnG{kjFF`}CXt$5s;dv?bkV(fwh7l}|Dlg&=cr)W@u zFG`|G7QgCqk81xB-98Yk^ID6>6Ygd(^i^UyZ|(Lh7yV>Uw$FV0shj^V$y*zqdD8~3 zWO|VTHX_rX$c}F?hHiW%eBlZUu6{qYO(uh-`lDqEwo1FyF%${(?A3db-d7Ev`FS0^ zDGA4^WeIwU-oN?&GZ{lIU1{)tDl*#c0Ynx2R;a)0w^P>UCtWHu`jaOY3wr`|*OJxxLvwv^nS+`y+Z_4dq_r4)u%ef_B+OY%|}D zXkNfWedk!vzZ;<3! z*x<2{v!h(Br0*EO00^LJm?fu_j03VEG;MZTjbnKEcnjHiI6mT&MrSDDQ^`-v*By*A z#avK++$p%n0qR}V#}~Q1KadH9!5>A=M&R$)7fa%MtWRcXu5**K_A`l}b>5N+`T`HGWMv(~Mo41Z@SbMOLr)R2C`+IWZ`(V1TEqts zl#<3B4Dek^<++}%u`@EC%H`7p{IdT0ctr?2g#b|5FRO|JSiek zDT%*%PVCD6lPs}gId7x>LNCT&2Y&_!03lS$Y#Qad@D6Nl>Xf@F5Q3Ec)%MAM3NBef zD6kwO-c+}|x=@q;ZGQge(+}3bCnW~>csc(awfZ*~@wdM-KLC6cPODoMTJ$e`#*rI9 zawyRUJyTMG?zw*rnU<+a+$InZk-!p4757--2GL3kC7*qv=-Y3BQg_&mX1tl`0@aO; zvtwgojJ>YU@u$!FH)VZz z8*0hVo*x|x`i`J~z`UIrvp0ceakYp~Ob1p?vSZRxLNVwccsa!FjVzBW^!9UY#u$wb z#U(7@G^wJ_U^g(pGc`NAy^sDFar2>AsHpfO`#tx)Gf|2z?ewfOWx1KadDdT{a3Yz9 z?&d)YC`SD*!E#J85bmb(|GmU#D7x%IhvBT*RK>{x~F zb6(q~Tah>$(g*NU%Q|y zw7#L<(EC-xQ1xYo{Zg|NT^JCKD1CBtPqf}LYG@eV&%8oKM$sfi~ui?d=AUjVb-7fx+6FI;;Fr|Bte>jEk~c z+rA=7mm=MufD+Q(DIH3eG}7H53eqW^(xTMRF?0+)fRaPk(A`747x(k*yU=Tyw}YbG_7M1P!sFv(-O7Eo^~ex2Oe-aSNK zDJHJ8MMT+-&y3n�m;ih-_>S*AS1UKCOQQ&)@+DTw(#+(LH$Xn@nEEIAA^i;G#ME z+6ZR$4p5nSNG_zUC<=w5LEs9}xrg)ku9qWk6t+MlSoh{l-NaYNsQ7qJ(%?Nco=fsp z3m+n5J*02@v;g$Mtf@(eS4Nh?T9~p@UH;L3y?D3*?sQZSuc9oE|1awB-F|JQl%rx0 zkw+Wo=A-QhO=!Fib?@RLucs57k>X;WI9Ec1k80kB#Z>AVk3ATjUkj|RsBfn`Lu=>foNKR-{rxOOE~YYY8#hiT{1N1c!=z@U z-o%wrCJ_fD&^`86evA z_w`k5l{U3`d3k}Mcbd1KKYuZau+Fb?m8mKs-{2yp!xiE!Oigvf7Lj39jwR0{%UXSu zPU!AZC0AEBEns9p9wN-fHUbdSqw6PZ4`kbul9b62nVs4eGHJFjjg8N>VB^i3DlepF z4qIDh4gKn_GXV4)v`yX)W~l+XXdXYZC*%r;MCapMB>mzi#N8c6PI{iu&RH}o@bKsHnN>p@tjuOqMWpbXZgn_ z>D=@x`kOb`+)CmhEQHqdrj2XvBdBt zIRcbX_B)2t0KkacP0b|4$4>&TH#^M;|L`Lm03)V>I4bj-YTln>T@d`X6G~4}OL?=7 zVA)`4T5+PIZ&Z=vCpMt~A$A)fH5%`|h&S-Sn$H5x6do9&lrHxNlb`DwZMq}BT{zh? zs3nK}Vxr~1C_43^8*(=>z&Wo`l3fga)~`R;e7Y$Qv=5(mI%FpCvIfeorHo^t2}=+w*KJW z;dytt2IQuH0^*4atkL~@H_n0<)tgTzPK@PRn~8%`gnlUE$z|9ROH`e86q|JMxER4jpdDQNy`Qz?zxnp+J_@9DWVK0f}%l)a1n8zlRW zBc`cN$?O5(CcdhvXBMua;Wbm|SYrammYr1QJqP08Mo!yj0gsSBqtH?LOEC9Mloep^Zta~^3^to{39oQ2 z>&bUEOfm5dO*q3d7TS{#&UQ|b+v7Fntd(=&dj>px8I>=h^H-dmF_=VJdg=-sIHLet z+~XB{O^e1ei11X>KZxT^@5J!~h@ZdytKuU`)hD&_`2xdc>}P_8uCBG2dV#L4H)-GR z?z+|-Ol-qP$uBY`b{X@6QzBNT+Z1Rk1~_yH#u+mJ>;#Y9%%_`Rp~(K7?Qr&Rv%D{7 zi0-Fd_`~r!C@UKA`Po+-U97c7!Qv@d&gA3YRgX)hmXfzH3Te4!fcuGEfI(U4(ei@l z1z+@gU{5Ji#gyh||6y5s){e+&RW(Ca@(uiR1*ONHQ31CtFMwSIElnZd&S@I`1R_ z1_}uK5PlWR-KJK*(QP_{m}AHPcFX^}&5oopTiu@>TG;_YPFsKNdf-7KxtRbXA6R>dC^hWCH15|+IDam zA81x~n^<^gB$ovQ?sz{Ct&!YwTT!>iuGZ<$cOIUVzex5R}NiUettp6h8g9)F@&}@3TAnZ%U z5Uf^H$FqymhkngNybf!_rKY=EN4Xom`dswNZCNZFJG|o&Hqhf=6brNE{?IPjKQwgk zhkuo=ivv2iBG3~2Pr;2M)lXC76pGu(ZSUe=&jN5VT7~ma<6>r}bn1KUZnl|$GUmU9 z$U9p{Ei0G9DA~{clUv~-;cM@Z>vQ|>GUb`e+nB6sXcV1r`G|x|?kM}8n!u_&E3Xl^ z*EqU0+l<9cjpyadUc_;(7aXsd=mkivPqA|`?J!q%sh&2RB&NiMj@I~QhA>H@!No!< z8!o-#EtH(u23-9xjxh8?s;jCmNeY`LMbHj;@K&?6r5i|ld)F=FKYaz~9~(bSfnD&) z3r35s7l;ef)6<(YE%LKoq@#w;1e%&T;`MKJYwOAc=jZ2LT4XK=ZYNmgqF#MK<_$il zdibr*V2*g6%r9$FYfUhI*v!)@ktF(*?oEGAB^hVGP~|&5Gd5i%C1JJZA`SJ*-xE(V z`K+6(Yq+O&^Moz#%uG%eO~!pW;|fO<&g zzw064vtC=8kvMw3Z~=cS4iz*LXl7>ZwR=08e_O-7+lKx-a{0^8_jB4-#7oiagp}A1 ztYvSn8~a%XQBu2212&h{d>D!Q2o>A56b5Byr?fO$IOJZHx0oP8+j zxWFn&^K-M+OdZoKpwr#1w_F9TvSDfp;ZmortfOGnRrPy_d>FE7qDwV-F7T)#S-HW< zXPX|ys%PQo3Jf^iL(e%tb)68rhQxvEGG|ECqT@%JeK9l@@K-w47VK=bVX>_E8nN8E z6TV<8h)Eq#4}2L7@T}db2V8yC)#<5-1t;L{{{CfLJY45Gts|2-#FUcb6A*Xr#-rKxsRBnLZYO3*r)r_20+?O`p@1No`!M^9mnr{Qx-9M7L&)E z!MpLjQe9HDN6m&UgNXC=8LGD5&_uRVwJJ*)gHL@1L>(Q4v70(Q4OY*pTYjx#*1vp? zqdUxchIMH|d4(2gwo7;!kp*y5V(A>#)0YuOyBvH2T&4AMdw~9wYAkcp+WIUT>>0C5 z-sK+5%)2HVr4PS%%l(yQ^6~@OCnforSnmC#+$8lu5VP6d>(`poxN?*1v!t>!608wL zhJFM+(-Htk#wOVB22pdAESmYar9N_Jb`FK+yj7U#<}iS3 zRBc+|{THeVGr--uXQ?Mb)Z!jr<$oR!37RBjH2IANeNP9pA4|{QKYvX+;3us8_<@H*oJqcmWb@y~ z-H@(5!&@GHettSH#sD0vgM$NZPR`@fEo4fk9uzOq_`b2}4ocKqY=XajlY0vcIP^Zb zTlq&kZzb+onFZu#iN+sf4eGuwX{?2)#l=y11T()}YyHWg@R);KkWz~}iBtqY%C zbehb6&pV#9-|fGiD>^v(@x$_0QOQA|ld9N5wchOOj_B1b0K-rEH67d3aky~rOeV%l z%>RYjanL^YwRiy|**>sh(&{Pq%|#Tqw9J<_u5qx8+}Xa#D=WJbcRP1? zcVD_SE0H9bqRGBIqiGvBI^^hMpU3f4*cy7Nf zV0cS{l4t>;@`}epHUObI1C$1)0etWH?Ck0hJ@1WZ3oij2b%jL)M}#Ne&dn`zb?y1& zsck~Cw*+^#N1R!ng*Y;fmi{cu?ah8NfGw35ADx4I@|>ReV+j~>CMG0U*VlV)Pn$XV z8)ogyXxpk64ps;eX-Y^iQ#i@)FZvw~rm2diWW zVGrAkOh^OG+rd6NpPZh4?Y@%lZ&G{3U{`4o3cD+u07&`+hccH3$C5aHTgE%I|x#ep`L`hlv27|wg~!V zoy8ietoQ;RpwoGy=&zZ`?Dh3Cxb0?m0f6&YP{g?ep=V4dS)W13B3{Hd$dM1=^O=|) zXYT85WL?@Y{_54s#w-11pOiD_ zrBM3Ds|H~DQt*B6)87CMj)0U9&Ny#4?@KRCDKDNQ(pMrZ3syF`e4EB*Qm`}EWZhD? zB}L-IV!B^Fp@*ZIXbUvDPyYb;0{ryl^JT)EdHg%X`wkvmP~+J)$lm{2H?zPd*wSye z-l8d41*R|pcVVtdA91zsPK zWMHiNZIA~A$ScpGksk)w4-y^m&cXF{bt}W?B=d&1Mhw&a?Tt&G;7GlDZ(lQ$?jzXw zW*+kOmqSrwiC4JDuxMLaYHEPVenv>71W8>Rx4i+}w>&E^&lI2;yF5(K%=|!3zSCSL zxewwE<}$y3vpmE*zrF*PT}M;}-&>`S);((6S1A}5n+Pmw*B(uVlnA;PzoX+jZqnY$ z(h*27(^+eOtZxRjm4cT(3Lv(fL6q_viIZ^QGkO-ol=3_WfJ+lsQd~TvBy{5P8e(r} z61wqSm6NBoW>VWCGl=~+VLc`wU?s}21!Hi$jA9il+ALBp)b{nwP|RZMC~dx+zP3_| ziWOnv@df;BX?+DzDoW@2RHrY0{wf6l6Ii26bfsS^H_t%gRIgrj?{WREx_BIPlRBE^ zln`oP@DX5mloWv|&Ui`UYG>efIv@Gz9AdGIY^@XBSu!}M4v#QOp3x-W(7aQ~?1qzo zSDbWox^JEi=f`y3W;Go>82`iXgsWbFFdmnHqzD|dzI@0q!BzjFhPV3J^R(kr^ObpC^Xtk3tN>YTJDzd06<` zPIqTb_8L#+5M5XzwHdPgdN>yii}e=z#n&5|jXTjTEgfBCzvXYCXDt@<*EjA$B*|8G z+6?wna}{R&LVX9$hUXE!@Wy#@7mHdM>Oxxf3n(zm=RWIO2)vu5BPl{L{+_4X-S9io z!dy4Atag+0nbI9ReS1j2-@egp_jp~Ulw2<+3nxHmp(66Lu9+9!!qsxaP^8BK6&p2x zFaE~N@fs5Jn$`)(plzYMx0!!?dHG_@oHxiBRTu4xyEX&Cp7-d zN1-l!jP`?bTIB6S?WEb<-pGY_H;l(OVBz*Ps@gxWN(tV7AW1fjIlgFXZ426ganoGZ z4n8fP<65f(-V^7gKDVJlWmu-O6feixfWn)Out@|)Ns+4 zR3C<+_cUvut`j90UxdUdwAK+>4d8g>yXAV<_q|tWxWn?HwJ7b1cI38lH?S_zkk@OE}Y_jnp#w-9$)RRI$qI@7$=6 zIDrdI6~7#>&cNBO`r5Bpm`ln(2&T7&7}Y2;_P1Y)r77%?HSma!bbg8HikQq0u+Nsk z;o#!@&Br0`akgvAnrwJ27(nmVu4-t&kNDEmF= zK>7X;hBA0EqIj)%?r&Yi??qy7PLRJ+H8E(V91=U$EjwZ0RUCsE0(kTBt+%!v(7H2n zd0FsOqZKLzKe>7n4j2Mn3T5R-(8gB3vow+E6aXlHE!#*+Nok>-qCKY(^Et)JhY^aT z3eimDmULoQw14|HRKI+e%zNVfgh#4=fvZ8~CY`{C4X5JhhS}1F!<}cbZP)8*K^xA$ zsr&o-`+!p9Ga;Ib**);gG>DrC8h!ov^AOH(t(D9t=NRiXH-+LhQi~E<(jiOO=k^p2 zhwo#%jeBR4<14Z7%t4@Ww>9KBu)gpm8HFzdX?NSE7FqC3xltQhG9@TGn5w&rwXIwj zK7a|>^6~Y$rQv4xSC{ieHw88oQknmGGjXu$)efNJx!s4vi{HKXp+B3`<4;R za5g4PubuQXEq2f6hcVhXWhPr?=WjWV2I4{5O^*k*PRzSnvg=|t9gj$}=T7whzSEJ= z7?608Sbr+Lz4uu`swly@s#)r4-U^*d273MYqQqolS>GsL8&R;UU%dwF3!7It&wu~^ zt*?M3?&OFCjFyRcpT`DoV-XtI7~Vo}4;f|%Wb3=TrRSmXP@;|To`gZ#b*?`Oi#|ja2HO( zB?8^$opYa4m$0kzpB=l@Q|03i_4U=bS~R!Cu@y3gGrqs*TV`;a;IF9E@$=7Kt(>GFftTb-gB4}r_ z?(Rv<1{E{3pHkeeI>!nxn;*$C?;Mht7*=_tV3-%Umd-Z*p2smJ%g?WjA>hZ^7*W?Z zb)Ge9E_|?tAewRJ&DIPoB>8*p>v4@2^T6*~|5>E${k6dhPzhZA%;yZM*?pt|kURas zX-Uu!sx4NsL9rnysZ}d1M;5j_M+2wB7);zY?+AGO@X}Nu^KNn3scF zkTdOX)N*~8#4|Zle}p$Sx#yIGl)?zSOIh~z^~bg>N%f^xRCUeQv$qvWvdd;6r$Q=C zl#F>YLar>qPQMj-s2bd>WlY&4U0#l#nq9&bb<3Z;xh(pTytjTe zHZ$Ru#Dn!L+;LTx6?SF<*7pkvyvj7yo1k!p34%2}q4Ji#?qN!G9-QS5!F0e;V^wm;`{;Up+V;T9(ZXfw!g|}*t@@{#5CUktcR(AW=6ujiyXKa`c$M3 z*bn!EMJ}65gdMpgwbRRf_n*iSi}i}nOKwOxB36DY)4bxvj*ZIZ9Ew-fL-BwNk-N=H z;Ap*ydY!4gvJ{S}*_*LD6ZU9%AD>uXM@m5<_H&I>c7_E8Hmj`d_pZEXvHk1&6L#begze;p5(jaufS)_FU<+; zmW7At`=$Y1zDV~(VK*p31x_+1_|*#N#-w$xvX9r6mK~s=U|SPz3_B)A2lzTNVPRE= z5U?B{Ls_y%SP__OWM*uSPuAB%-fL4aGGJ zt@eb}Iw~%vgfIcyF#I>i%TDcK6sbvZ$!EbBZ%zkKCwXX-E>d=wMTJOeM9-WW z3~q^pI~dp`{zBt7y@=0HG1#}%QJMeFVsHacX#q{v2f}xS_tE5KTo2L5i(cXDO2{$_ z)dwOUuasQ=-52q%UosXLk>))t0}ZL%JN#%;KbhJ~8X9EW$LjoV)vi^Z4!4i_)(E+f2zX$RYIPi1ZtEM^IRh#f8Txo{FMbWJQeiyq##94v~~H7m&j z2oJw7ce4dKyWpHtaZPk>q{$cti1IOFnesPiT41_4IhiQDJKcy?W~uWiqHTgoqGV^^t)21*s=a`Z0PI2@0alFjb7kEaQF;rzR}=iJBwG*zP&o11 zH8k(-SwPrtOno>F%tr2}^SQNM5Kaycmt$dLYdJZw3vEmCp(5~67VE7iSYW!<6QgRs z4d^@=D;Rz?G&btLf=IkXae6&T$mx*>jsFUu&tl5hG-9$u{FuDDd0)zN)Ns^Ce&5M$ zQYwWyhoOI)oPn}oVq(^Z>e@bkVb*=*GNnlA7Z38n zFycT32@A5@^jZp7a$L>u7WCSJEz`es57ub&-jtTIP~u4KuN+}*?#FjPy^RIt0;5+g zVN=}D+{Qwfc3wdN#mn~I7`3`zWzeVJp0e35`7qh+o#-%}c(G-iE*1 zfeY2Z>vS~@(uCfBuz1KsU2j7*1uJ{zd{@T^2nqL=I4BRRo11sv5KHrQU0N#%ca9)i9T$pm+GO{pA=2A~C;T96ITO zGxSvR`m7=L*;FUZEG%fz`6-OSvj|k+f%eJu7dJJ{0*OA=0BaRIYu;#(c`y+$l>#$t zMB(H0vz2E=0LGwNcGlKM&7Rl+=gXk@d?ps8wsfbMhD1mOvLO8#p5B+yIJG+m_#Vo` zhQ$-`b@>fg%tv6_Z5Mv7_1SIGU)MV=pRVwZXzNH(;`YFqT7(C>1!88;!_Rup*5A<3 zSd2rH3~72Av~#5Qr5(!DjAhTqdM^B9`J^Mz^ZYb)dH*Ff^#>o}uhZC@AZ!eXf3cgV zZ_g_po_T)$X}uUoch{wbu*wK5Jea0?sBhS3PTOdaW$L-%>tDgPC_5T zmPNA0gKpB|>guk!!?p13%`-!j+x5{spQp_zf6QIm1-v+P?xyS?r5YHKA>!fQ?K z*K{O7oMy%*>bV%Jypj@X?OjU=;&Ha8Cnrj>zk3%LZoRy{OUhbsb^h1Sjb;Yr_z&{k>jHdc}@CM23_16B3R$VlVIK|r%A=Z*P6C5T?_{w~+ z<7BXAu9>0?upSTEIp_0i>|nJcJaWdwA;iSN(fI(7w?!W~Q{?C8!`g%7ONj86oZ-wB zIXP;i-DFFTFe~9qtwL3;eSH=ZanQ=+stB|Z0sot)uV1H`kwFJ?o>q-*EiWC=@&+$} z#dCkV|Lsx>kfr^Ox**$_!%undGY>4(VQ1A%wJ4COnOVK5j`uV%Mc3N{i1v>CQX~aq9X~(iSSmC>K3FB#~LyZfp#txZ>yN+EAwT#>NH< zIb%PAGU1Tn`p(R4t1ovL2wyZ$Rjy+8@uVgeTO%dJ8Ec6^ws$67PhcnhH+X1QsPWpl zjwr9y#MI#}KqwH{RtTXapxOse-$23v~tOHdS)UW%uP(# zLv1{|b3GY%P^g(SSqwL9?dKY%q&Qxjr_EmxNLoctv-&w^l<2zGWcUtw*4P^+?95eS zjMhU~yth`l-FF3(y5GL-WzltH7mmL9X>a*uo1ra5oVb*jvEbXa5Alb7&!ix0-VhLw ztY+U5!3XOz!s1ucDKl^<@yGZ=v?$u^-CbQj$){H?PF7SpQMZ|Znr3U&8=U+N46@H) zv$K42c5xU}oISe2f)2xFirl60%ycdyoqJC6Ew23-+|K5qgROu!O|GH(X-iV^um;U& z=#icWfzFGF7q;mo6+tEL>0_>_rl|ch!O; zM~JbKVaN+W$mHPo;;VkAZ}bWOtZ=iO;qS2MHORGBNuTA@-h3PcohH0po!{m}g_GKy z15c%fXv}j~`8LaU&DpRDzyUiO+eC}p{P4Ynh*bS5ts5QULkP|fIf|V8@oHSHNz*4l zp-EG1kBp2w&HPm=Won)+bHr}Tk!x!YKJX$Hm4uH0rl?RML`3wW{O#p)$)QYsiuW_{ zxc!b0qg6JA4?ahOJldo=af~{QC5#`TEeqm=VF`#=JI+}*79q_v7S3#e=Yu@AqYOce zabHdhOsJs(4up2x@t%sWEtZ3SpRw;Q=x<)1%`%K-fhI83wUbgyQ!bF2pG z=_!2T_K#itGLPFVj{oN2Rod-|tFpOc1TFUN!M9d@! zTkLsGj3uI@dH0vJe0GScjwCfK2MFeqt3q(dmFJNovob_yM1WfHXyoP11_>rxvI6Uo zD{@XX{zz4PllR%S3$Y-|NR?~#Sa$sHO1Q)*_ID_k zvbz@;1c;deT>IdwvY*pC;%RtbF!x(rPzkf5AAmknklY+PTxKv4nAQbo4&1+fB%2h4 z9Ol0(l`-XkbHj~s@>rzoXeAv)XrP`u0=U|PmIl&|N7+b7izG19xw-KrTXp_#x5EoD zgUNtQx}Mw@1kBK!c36)L4}aN;UC1(gDNX+Ozqq~u?YZ)0`KPRaEqg|5#5erGV|+ADOtoGG`q z$M*XSlai7VY7Lp^RGj=o0j%U%O7J9 zOiSQgPx+lS!tf5#t?9+QI8Gc@M2McP@-OB#8Yqm+9yHER zEAm_;J#{E(BCSY>OE*bD(Vz#!S44P&!0dRHA$s@CQ9vm2sbxvn8(KG zs@o-_g=k`d$Hxsotm}WrqOZXPCo&1QX%uT&z0jICKZW^6f^ND0Jn6i7Vei8+UN+d_ z1r-5_%()g0c5r#Ijv9ZX?+5h5;U}r{miAu1^WC17zQ@Q(NkO_|PHG-h_q)BEs6BTj zd(@9z{P=o;-^eL1-RzHz>^jBqpPq=gdgEBBJCBXWQ}J4oEm63aBwI%~De2ZuN+G55NPo|V@xt;K zd(3HBkdq$=^{svk$x{Rq56xHjAQ0gTTrt8NZ^i}B7Bh)*LO>7wg1*=V)bAa7#KOfq zIDwTZU{6hVq$dJbEe;*5AyOO^_5_FBD_q=Vs-mV(RsN}p1Rg>~HlO6!QHqG9iLv?| z9v%kzYL#j$A-8BK#y|dN+@k?*Df`omo+^XQltule|8WOpHNK?up)+;PNB8YX^IzqO z+h#F^Q?jr|XE^q+(wXpu9)_f!^wft5?B7&d+^;W$2_vo_UArBI(g%%0rH}!NV^%cP zwNnKKC}+tSR({}_=QxxR5=9o2UJzjt4==+7=>+{4QCH#{%=KclCuUX<>t$zW-(*h^ zPl$_Jx|nEb8srvfX&a{!azYywv7m{IM=&lhbbm2<^~#)@y|T>?d?DRG*as@i^h9^% zD9H=K%h#(U*xrvc$*0O2UcGEX#Ihj5Zx76L8=MmQHROa#1IS3AAu{;4H>dNHW4L8z zvX6aV(Zn-yX8GUny$%e?!^A{~Su9T0*i4zWv|X^jKQxwn1Wo0F+0|`$<(0F1@wgF4 z%G8Taw5l=`MP_|*u$t5|+jYnR6|_}k9@NlMSs0CtOR`nF;b>1eOi>*~obFVX`NK(1 z+4R0t4)LR?_Pw^@D%A$wh3h9XUU;DceC;N`9cCdGs&8hJuKJF`qm|3e^VWx?y!I9H zs+A-pnQ{YAo=|Bv8Vimc{(LrJJl82;FQ@Z!ltPecIJ}HWk94T$I)o@HGO|`lR!4f% z%lFTg=n6Lk78wGY89@?(j*pv{XW72i$lP86;v$y4ue&V8)RCUDz5T31SbnPAkj_qO zq&f%z(~3}xkuLT3Z+Luz!aTM<<68%ltNog^LM|Zr?F@n1OP|$-;VwYe^!elqV`U0K zDjX_|-GXtT`VZ}`oI4!-pVdFT{}DUg4Om!9d}@Ck6KoD*DND{tJd85L|G`w8gnU5w ziZgZc$q3iylTVCY3|!jD6ubmh{)~o0r^ES_psVkW6hOeB!3X#Qk5jJcQlM75hE zMmQxlUf4~!i1gCp87(&>GZt~lMPGFQqxqC@>S0`b{Q6GBqNyIz@{A`7lio8Ae0V$R zyF>|a&*JxREoo$q9hcXm*UhVuNjf-mb8fPB(#sWot#Q5;_NBoJ*_W{`x8Hq_wr&?q zvLDQ$h7R&a2(MjsZs3CSYCT2(G45tjp|17oA=22U3*1)IemBOTN1?q3s#TRLyv`y) zOScyb!L}pqU2aezcSLpHpgx@am^#ni{QBz3M_@6~>@><9{H&-s__`sLTJ5ynB7F*w zLS;u6WC9I+oaga@I)#pCMedX+w{^>@QzlxPcjg7iS1O&S#v3$#LoOC*Odq%wQsR%fkqmOPqsbv;oUco?Ry2Ddlrljn z>SCp49QU3&th%&xT%F4QI&HqIq0AGviI|0u(r^1iGoHPopub?iWl;U;!L~ck+SlFl-4Cq0FFcd>=q5u+%;Yz02ARrPcpfFIx6hEqu=*? zFvKMT;5-+)`rQN(Ziiwi!}N+Tt~Bc>NU8+9uuu0paJ+t6mwuS}++$t}OrsmXsDt2xDO)DA@UkliPmHm5 zrlCNM2w>4fn2HstRY^>fqLzj?v)93=#x(D}mxXIP9m24vMws77{e7ZTs4JhY?8r&- z+>JKjsOfBed5ep~*n|60_v`ux^fmn-^T9t1!#t#4I+N>BD33Hfo8V#PnJ9Yj>Iqq2xDeiKxp@W@cfjyqPn2&5*vK z+NoO$e&eXfH^C=vU_wyC@#*NJl~q-}mVffZ42(SM5!gN_ml$h)53(=zNl8|(z~0<+ zFW@?X#TT#!8j=1+DdIikBjE78@2exuD*U-e*alwDTHKNoX&+^kFXB|o^MVXM78E}b z8cH22@(G1r{Or}+ANNkPzlJL$X@JtMEchos{rwb04k<=I+#Cwp!TqKed^X>F$VK=? zp$yUGe^Kkm2)JRHanj`*eEb+zP5s`k@7ybIN?ZFB2J^SI_w6@}si*g-dKJX-cy+g_ z(PzG1t3S#5_SA&@j|`=MC+#OjB_0U{^X#$`-C8Zem5(1kzM|9SP=lY+ey*9YYuq6) zEIZ5lHg1Hqpb>2VFxRdwH5$*Ccp3!r@%=W7PGW3&PxF<1=T^xclS|F`^;m_qa2G4f zgCNc`A@Pv28SmOIiIrKDlwQmC=pPFd&0Stkd@$=Xl3q~5!YD7d^ha&(W5aK##3hy!hykdKy6sm34OY>W6?iA$=@xKf+FQI|g=VI=| zEsJptE?hAeu~ss`_-dYjd#-Rai26r2#^4ew=Iob7X}eA>`DyE;vux-Sk+Q-}zfm_@ z9k+}27nZf{v`x1T^FnS-XjqWFc=BonhnZMx#g*^b)ZM=mzI`RsP)`Ff31AT ziA57G_VkG4&&1dQI9UHH2eVsw4eP}As@4>X*>2x^YdvJ3 zilNeYP4Qyz%xCh`#`h@-+AzN6m3aK5c5U1iASz(V4#qv`j~@a@qf=+~Ry;>avqn7v zzXAyJd;^B%oxk1peoa4m8}V*d)^iZ_=40~mvYy7@Te~3&NUGPZMURZwj+Dn1knIj?g_!9;s#_FhdnI21y(MW@B4Nb)|AZbR}Lp~|c7#dz; zm}Z|u0hL`a=2ppd1x)!w=9?Di zM(D=Pdw|m=ca`pgqPK0e2lW;^%UM@UYIs>2jNc*B5b!NPB*`rkEM`l$wQpGQ(FI-7 zCDrns54dVGDtO*}iLr^eG+kl)O|AaZiR?NgW>u$6NXsJ88iT{k0j0Z>UoeU$d719Z z^d*0EXa3||g?FKT9iY#EKiBjUG0CLh?S8x-?SDx7>+7csZQe&)E2ltZRFFT>mh1Z0zy?H0f zP#16d)cVW2ZUuM!Ph3fiA7!X~7`xMS)0iJw1*gQNZDjJD<`8oTwWq>4A3=_E$Xa=c z>-$~fbaAzH_1>+hrA#D~@p2o?bM`0+bGEiuXFY^OTV$Eay(Gg)X;KRsP25Q0Gt_4I z%=nHNPl&hE)iYN=QLV26`NYE@q9zgrB`OpT9ACDAA8Gj^Di*IJU1Ehq$07x9|G-G- z(>3)X=^P8p{P>_)TlOM?ufarMG{yVF3L8z#2t7T~mZKfV35OJmqeH19ONC)n@QzdF zLE95_>+yVC;gFq1H`^mi3wxZMqXb*357j$UxE(f;8_ax7IS1`PUh*>v=QERW-em9`1Mta+`%*Wz)%AiTs&%aGONfBq7 z&E=pCu_Ypv{IF>nHW+=qEaJ%z-}5=sWeM`Mp_=BU$ZQGcJC+CyVF5dkwtT+frSNkU zTr|O&t7INuh3}s&niwzRy9u7DY%avqtvYVM=8d{m32~?Da~&$?J7p=(mLIupoSy|? zZMBUq!b@J|bHd|wUGYG52afW7vf}Ozmfb)vy{)uIftLLr{R+NB-{*a^eSMNp-=xw|FFa;mb zi@_5C0YV>EpdeBhRaPHOD`^dkHJlT1Ld|^H&MQq{c_vyv8pf z{ungPj)M17L3yx-;oU`F1JlhMgkT5q#P&#`K050WTmJ-Z04;`44dl3arGr83v~9T~ zh<)q3w!?SiGv#MY9)88jXr#}cJ*_ZJ52?1@iZ#C!m`5b`8&w$Lb3!>{25lG_R@&Gc zD4_vnmRDZLc%?IxJvtg_rq`WB4iwuE2w(&q_h)g&z(t=*=F5%vCJ&Kn2nWn7zkh}M z3skUW;dvd`!5=dLv1{7uUT%*Y)2T_Vy^3_qXpNVbk_n+_KghsYGlajTIgFEG z{}jch-RU|E4Kp(S^N@jfLV+>hVV(dsvU;5?7A0~m$|$#wKt3hL83>ssd{2Ts7AB6s z4i(=O0`IOs10*q~v4l~|+T18)0(u$7dV@9!iQ9U6R`xH82}xkoe8dp~9%dO5kia1} zAH#ERdkmU*e=UzpG~Bvx7{p&G32!nXZ)VwloPS_>u9{U;@$Kn1y&RN@uSMzgB3B+! zTtxQeLPpQit;>Zxuuf4RkFz9}v8DQygoD2ib+QpbV&#S*v8PQsu&7$-atUF?k;mpY zjNkf{%KG+a!+$Uu&}=j522%W{e<@A-O^RLK??&JC6>;(IfG|t!n{@Yr{Dl)SqY4GV z=^t8qCt3`%NPHy1!g3#?_+koo^;^uRf;5ouC%~BHN!gzhoBbR`=wI z+JB9#$*&u{|9|ZiQz8BS_F#3&h0wAr2%MRzshj%`voir3ilX7S3VU0HBljki{tEd1 z9s=Hdr4{+1)C1-3!=(43K->V$&#i`Xdjs3hY_5-np>uz}-dp?s{9B^Dzyat$;>CI& z53|pXM%L-5NI*baerPzf%%~v1A5`**C&W$h=|z{oV7gQ=HU}$#OeM>gqSp& z9H9QxKkYZ1HGTW`Eo&GO_S=##lN9_<2h&=}ZwK76n*~QbJUn`gO_rHnd4ZoAXr{!A&w$__a1D`FVlTc8U*VUcx53*idPfq^m>g-e+P~~o|K_C#rZe+V@ zMD`q$-4lRVVMYMWAlf+z@0gah!yp<~pLL@3QZynl|FcB%a?}*R_%6i)0 zmQqv_kkdu|=r8(qFCGghdWri~{XOF6wj$7ySQEPuKJ1}Q%t$b^R_5!vIfn@7^9J>6 zg#9`i5|~%g@r@JOUw8zRkx*l~mQIXKOl;%h&{Y%TH9GM1P;!|FoUBdt3_#4|g$(lY z@|9we_?3!wh5KP^et%XiYGgJB+I{iOT}&OfEqnyFkYRTo^)#FU}0ljXbF8L+-T#5mN7Bon>FI> z{iQ_>TOcq43g)W|mb=ab`g*`nYb{WLxfGJ1*3;l7#S!nEzPV1&PQmwd_lc%0aNkO&(DEw>LE7v|BVyFOgk0Ly$zi93sJ$J`- z%H45&)Ua9n?-S(i4@PomZw8riolFE>ZNV~Y>|TyLhwnqU$&{@y9+EwN*u66%JEhPj zP2KH;`?<8XWunvvl5p3V%xmAN4W{%Q9v3;uYl8o@W@6?V^z)jHwq5)zl>#sYpvhq;2zn;(a|4r>()^fw&xc)iZ7U%w)K4}BcOQBrgIAjj&P z%@aum^;p1IR$K8zSOl80#159$ezitY%SO)emKIeG zT2J>8afGnC+9()D8qN7eLsQf9=i$1$|dna+mn&ek0e|9M-J@M~O$g~G$~2W3t1 zfX%O;(~+E8F#RVS)5#<45jue6+G9xwDt|P~8rgiWuLQg;qMdj|{_%WEL-O?h&fos$ z>U|T0%+Sp+AEQ9{7!TY`z?k!fI!H!ZTB1x=u^;+Kc8cs(wyPKMb3MSI+`i?CyvA;J zYJ6nm!&Ho^rsxy+>Y5HEjn`dWXGj3PGXGX3wEkF(u;rcIf1<{FOLjw11%)b_7mnHw$v>4sdtqPHjOhdU;IWn zICjW~jiy&UHmZK`@DRNiY#asU2vhHyDIId_my*0tklbNsZz4kC!yBoy;i08{cKz<0 z7ag}(X#@5JRd49_U5IgkaRKt02Ql$LgJR@K9nTZNC3hE>$+!`o)i=-=Jhj98Bb0k= zHG@5CfIL@rnTfF57x&M0+OqNGQE91CQm4>tw)0#0{!iPx)gMAu@&BOB@`OFeZ069v zm(2Vn`7?Q@g1is9uq?ZOOSHZg{S=p|lw7tLbjX9hqh$&3GCsK~=>k@(nH8QPNWv(p z4TSn0Am0namIc)|0Gp16Eo6x!eE#YBGSRSsER)MRO6YQu)(tk;QsoMWUSgA4>K5T{ z6OYcOi0S_iWnUTBWdFAfh|&xcL8L(mX^`$lX;7q7n$a-2y9Nd!rJyL?qgxn_faK^@ zYIJSDbMlY-zP+yN>-958KIk{_1;tk0`5=LN5{HwmGqLmzAHBz!d-&;5d)*_|ex# z8#)?Ncq1v>2yJcca;`nwv%RChhj%}I|GK>`E$Wglo7iomI0;y&*9FhDI+v;Ft3fyL;Le@&q8TPK>TKndhKR zp|u2;1)afrMFbI)Y`=WzzwPmVAdHWqWdqXq>p%@<{1pn2K;c? z?;qaj2&z!kPmuCn$3n>7^&u>ar(S;$24<)q5QrU&;HC3g{4hfu_P0_5Xms8C(F&w! zUu5%)ds$MEhgr5o+ib*I%S{VogCT(PRIA+BV@Y9N z_vM-i)cUmw0_I$$5IwuIyZG?|3xihZ^$|(x_0`oK zv2lF?v|jXYQr$y-=kO;nr@u*a=Xw__ey55wC@D6xAT!<9$J=%)&zYaUQeq}$G^HSw zO$wGSN}+Ynn@47MyAi(TLeapwh# z?7qfbQ;m1V^?XbJb(#XT?^)@J;PFkfOi08_$U^zhxvE*f=o%K1@TpefWAMKi<~)cy zE&T`O4B&~)_L1ole+&KR-NnZxger0H)fDRk@KyxR3*;F^l#JGROm%g!hK#D6!nCg8 zs}+j`?cF}eW!B{ts8#N%HBByWEdmW})YUo~wSZBUpt*C?>fnTtVVoB!5#FcN?38tc z9F{14E@v;yDX@K_RHQ3nHpu^&-D|iR67`xNdwLD&{q^+x*ctuxavus|^gMDjbU%3L z7YG-maB)kwHUh}UqoGtUiPtlr<#c~V2CKUuyb$-+vD>KM3MJLc*I5R<)&@6`?loeS*F~vQ(+T~{$={Sprs|y z?`TBn#!|XkED$2ZNcUDE^q>WWtT;7B1+ufUmOD#Nm6`;+xnUF;qfW2Qh9ysnvpgs2 z0XhJMPY{{mJFj<+3eo79UD63{`teodf#%XzM0 zoP0R@-Wy9ob=~v{Y~k9vL}#Ii4l55I0c{?Xzg*wi)s+c5dk#1v8hc3gGnj%_d9j7w zK!}(vMNDjl!A#8YWc%ENTS8)NOb*9Q1RDn=EKLrV6$B9;=}XBwJ$sg3Mv)n#ylA3q z<}9@S!+jDxiM?++)CSPEIZh`4u}`0;ixqPK6Wj z+&N(g5P%kyhy_>wA^@)y3e*LqX*baAJiTZhpPIr*H`=bu_+3IZLO#i=9<34XomiW) z&K&eW79^^=#a7z>*GjOB7qFM6y9f39!&C_%XlF>X672xmnVn%kUk(Baz zhG2$e*Y8_FGaoa*M1v#4XPT_u4sv8Jv3(>sINT}q+pYAKKj$*2>xme@V96^e z=mF4g939aqKHO}|R$5m?4;SZr-FJUPUI(1quLrYBF9JecR#-SvIn-eZ}VT3 z3SfJkhsMOjHy)B2Qkux~2Zs<^Z`wN9d}=Cj{&sxqcb=V_vLhfQR3~k4-JO2Ss4eaNBuN_+4g>K0peGJputKPk{KbtOam)8 zX;pm4sUaO5UH2}-C%Cd76gW@T{?-Vd%sk{V^3py5?5nlk`;@hv z8h>-2zsp6Hrwp2BOe=S8VCdfVg&*E6(%TUr^O|b`Cqk=P1`l@VdEgU{TzPQb)p2s3 zo!py&v^lkEi@~J;moqxSVS7B&oGMn9YWT zVuB#`^^zxRwd{f5qaUHZj$yJKO-|m8?Yv8fBS}6yY>TJDjlDV0noDI*7H0wg*pu;V z-%5rZhTO@yPJ%D3DSJYz6X4Wf)W}JN)IU~e=QkI1{cwx$4*<+;6PMn_)#EAIh_Gi? zAq#0*Aokgh?=MmccAcLLs|EbAr~IqlrdF4RUegZA<^1u#{RtlZ@hh_#z*sLEma2a1 z|HAlx5t#q+Hl*`rz5M_CiXRW##!g1<{)|-IyI>-rp|R4^3OW}V3&VjsIua7x`G-C9 z-@9s4E^voTwKDBh{}`@Uf_T*8-ai0%rKGlY^5KUJ4oR+|Ws4O@7u!7^dMzz2K|Vf< z+vn#gnePbk#A7eDqQ=wFAple6`_!*r-zsueI7dcC0s$|zG&;W~ctJL9lMz;C5w}$$ zZAs3a*O?^i5;)3vnQ!2YrczP%Kj95+EV62vtSntET_+oW zU=SG<<>=x9$nJbP2_C<6G%5yE^!+Dv!e({_1xam|D=%3ga+Pt%SnUG%&t@klZT9i@ z$*Jyb<@Q@q6f(|x=bj5I+dQ`j)Vd-zCq%IqG2~j76o1BsS8U1z5zP?OP#;k>sXzT4 zaNDyJ?(r>hKBkQUE7LENyFF8+dgE-tJaVRIuUtyA-PU)W4#30G#&}x>HzYq;ntt+w zv%sXb+b(9ML`9d&w%;SXgATIe+b<6%<9E)6Wd;5ikN+A-CMtjpLD}Pg<3EkUNu`6` z3ch}Y;}hU-Zx)qR0N$#&MOyuUEnatbYt~kV*48PBMn&p#OZjSFz~ z(fS;jQ<#b;ddh*J=dh0pNe>8~Et*lw7~e7PHmBxFp9j`|TTNXWprm?Hh~lJ@tfh>Nuw)>y3vXL-0(r_|~@L>G_aI zMpjnb=`C-PTndop_X;^n(~9Uy&~03$X_DL>kusm4N6Xn3qF$1W?IQh_hX({DUmFn% z?$l5IP~ZHkiceMn)?T-=lA%8baDK2ftM+L`7GlR#@>rxNpVzPRwhcn8w61R+NW3^% zXP>u@NP4A;r&jZjK;&hO!&e|{;u4T|8~Fu}DHgGEx<6BBSD983nIQUH0PE|p5@?GG>lxL(b#G~51xo};H@?~LfYkvPSG)MwXkQ4-2=g*pvr zTmJ|({)G&|LDs%oCDYKFlltLI`J0j}S&4*gdTb1ghlfXE+c^}cop?8)EM6Q4;qxe% z1dK4jnoYbuF!YU^Is_2j(~Iu(^R9UH%lxG2aX> z`XZOeDPhi*NC%VfJJGvt3+6P1%}$g`jJvrGTzs8Cj6PN=A+zv-C+>KSl{p>pK7A@U zlQ~^Qs+LZ~)-Foo3>x>-N9v4DKRi#@`ZWu9ILGwt3+EK6nhuEwh6e(e%^rqae4HLk zWr<4u%i&aaq$pKe7=9c%_h}Rn%xT7qKkj)kiAC-0(DadJYMYmj*Igm0kIm3|(G44N zq`hox6XVn7Vi2cx?=d54od-f62V?c!E2PFFld_Gq+QwdY*r)w>-5e8krD!p;iW%T91jW38Vr z3bpPJp5$B~3!t`HBpnFIIl_O5*@h)`*DmZEA}T$r0?y><_CMVybqRhaihTFI`cl{o z9huo{P9|42HABM>j@+B?-o4Nh{m!vnCSW<$5}!eJMmetMa%&{w~1^Sj`67WPwjW-?DJ77 zW13j=n%F#JJR2Ju2%YG~=8gHrlDfL@T=i#a6LB6t-qnk@)P0+>+UItv8`|R3EALU4 zSw-$Z(A|iV!oq4pr_1*eCuey{rtu{6;K_wOcRx5{-ialR9 zAXPy&Ta1wS>F4o9ekN~9%mHPH;-qBjlAXi1vI@XoHOEvddJ1gkRBn?UIJ;SqwZmtT z-H`%%=!m!ob=K&TyNy*u!F{9{$n#cXBO=O-THO{V|Un*L|Yfu>Si?EO}MqIvh=cE8dB zl}|5qbifOj`=ITMjKGjz^NKwsl;i}{3R)C^2?|K+golyyblPXb#4L`S)3rAvGt-eu z$oW7tKE?kc22Q%9hwP|pY(xkG00R&f764grPrY29$N=+i+HAZw6d9G$QGfMPcV_bX zZ~@G&tqAY#UOc;lx;kwEqfU`w9NVtEXvD(x#2WwDZ3vUXQ}}1TX576GT`~uPa^2d6 zZfdh0#Y}@QhHu>p=(g3*w>GIbc-=2s=wf1#@0S0>s&I{-Pl$L+Ix5%JlHSgcCr9wi ze=+`J^;)LIg-z*j|9OY9g*bzGe@Yq5NO|d_@jT|-x5F)%~{RS57pJxyMz&7{!v-vR7-ERpHs6Ed^k;i*&@{e?KZfeMwL@>3#ZUXkcGh_ zdjuZ;-G(k|x9PX%a3rP>F^u8U0FTb;4*L&iAG!b$+)~0 zm#0ISd06caSV*O~LD|Y)=F?$Pw57d@$5_9G$1@q&`7s4V_D9O_j+{RuDh*Wzg!mTh2XijgWx`|Fw#Ed7IeZ+uKIbi`EXZ2DXal zk+oDbM7{A1v$Ql3magKcUtJ%*SCO3e;~tk7ngp}%9$vlWX{D?ms_#{PU3yM6YZ`yG z7SQ=(bQ|iqyy9YN-cn_J(hmEl5uF-5fsr`tP{jWSS`fmXt}XO^_1F<d48iA>_r1ErN~_=M zmQ~zK;i!3DT@f%z>>OrMeE%+wAoIHqLKqZBYNX23O1+AB!ojDrU-=~P_I%v~=6wz+ zd|o>{IPkCAGL|}L9?LWcTI|f-CeYXukq>#!)?bt7Gl+wOlCY@#R`-)BiU2>(fADvS zGKeO^OCL_hi1CmX-l1&Lhq#D*m?7mH6GS{iG`?{$o%SmFBtdc0CSML2{&VeNJOADy zCX)}FKV`-2%*-m%hJon#D!{LTXzOyFg3+R7-pbw1?sm6u@X=ahvY>D20{7e;P4-FV zVd~1F#J#)IlHz}ZV=zghd4Q8Xsh5nW=pXwtV7Ej(6RKYY-WZ~RnO(`EQiCob^771n zkJdIMuk@j!pV`0svUvI^?=hPjBDq_TjhC!otAh}=wYiC|OXrW<21LFvL{Ly;N$4*C zH>n&+CT%>OmohgVH)`Alry6>y5q+P+H07?TxCoZGI?MB#v9pC@o?J3HE?jIi?*P%ofim%Q!i_B>XJ=dc|&KWlxa zL!3KyVYE^o<}w1PeGNKLg(qhcZ{B7gEzRvW<&p=+kQa8}|9A%fDk*}}rOB?$d(bcc zRc`E6;<<2E0O>L}p6SM@`P1pp+lM=2ITvIm6o%Z|Tl=Xd|67(M%LL~ZmNbv)au`}z zS$%<7q108>R6@dHD;1SzgpBs?h#mhNGqTkR<{jl>4Ov~=INr+HJN9;GaHqUIOW1n> zH0;N|?2W%_nVXPZ6_guT-&jAtRyjI3Ho*VxN|#HaL?5a{-}>+&6(>z-Jc4q1YJPtA zQcJSR^ePBAuWwy|2eYu~*+>-t{Zrm%IYVm50HH5@eiIZ!U{fminSy zhU6625~X_*6J?+98w;((Zlzs|6ZGcZ3yNX0Ws9lLx$8xEkakKeRaGWAa5!DH z(KtI-5fDcw*S0N`=3ETF8>EKLJRS^W>b8n4qkq zv*9E=KevZ<|L0KErUf`_oqe;dmix=LQHQ&jJUUWA%HGEPp0Wb9;~X$JdT;>74drOs z`&1zxUE>tJ{ASwyhUwGwU`tcm)62_13VSQ}OTY0?awhz=<@nYn;IVdYJqUMh2%-)7 z2Gol}EpAe+X?!1!!+K`PqRq&6Ez`9$f1&DW%TI}7;HSN8-=dz#NIW+u4_vQ1yHD0< zmGaT4+_(&2TRnF4HuvBz<9uviw+h*(dhy-JywC<;cSuO_HV$b`NG4I?og9&@au2nUSLZb6fsRAdy}r6-JvjCPM=MLLeatVPha!>#+0c;>dVuvUE44BUW~^Jal*@ zdT32jk>yT=#c6j&>FG*ZVY(9U+M)SvIM3!AZBFv#!~&OT^&gB+eB->KD zjm2^!13n8sG&it>)0~wahSm0-$N11z5Bs*G%pBV*)Rd{zv<7$nch3FK1Wr~1pn%G< zvLW?99(evc=_J8Zy{tsWgA}cXCAT({8=?s<#H`*4K1{G&`CMnRptXRVXt^zy6aMa30F4YE~*=okRVWMReT%| zRbX>Fb^)emgJPT%Il{%3u7kaCR%f#{N5zJf^&R ztpk$Tg3LgP*{*lizx$Co{1+t+O_lUdY{U&rzqbjH&7YkcPHH;moc)4>+e0G+d3YB2 z><=z``~`+#1K||wKyo|O^v$-?N|9J z)~SQ(l$240+CveS1Grw;aO@oD(ah}3@?B0bcEqrNEsk35pqvr_w|IYZv40->n3-8U zx~cb=nC25CSssY`A_>Cjx>%5Fr}lZa5q17FvK21O;-gWK@aa=X%sCxh&LV2c+7^X7 zAF(cQx{nz?GD5md)!~J2epvD7(W8q_5*#Jcbg0)qooD|_9;SYe@r4keOqf6CZSNSK z9WoW??@K_Qcb(q46$T4hFk#QsvH%Py0T`R_O68ZFR&6`?`!L+cuzM5~LRt`Hb{4=6 zvsO@uAn9eAf-8&2|4PuprMoNE?$@`x|0&{5G;%u+@DGRcSz5EnyJSK$5N!D?Jo6u~ zW5SLUfl>DI5y?e;1xTxv!qmHh)1Z24qRiBplBCRGqPRlp^0!l~vyW-j-o`*rPx(z} z`K9h|jg%DnQLM~C{XQtljtG}L`+xo$2s>Ak(0gQ0jOW&>063kx>mIE9Y8O$rm^^P^NwnL=&F&3%fgf`S6Bm#jAT?yUe0NSz-tHjAqr$v^L?HXigr5SCC0ASikP zNUPiH|HaT__SrUqo_NMWEadYVN}>@mRXlyTr?TOMnu1FuSQc%cEX-T0q?UZ=?(zGf z(FCmrnj?8@Q^W*8=0m3WIF>7dFvR?bIROPnc~NN~bS~(+S@)G8)HIZ0+I?6OaJhj8 zRYnj{Om9eCi>Sy~--8REP>j}88s7(W9j)2YR)d)AY;5h#^H!$k2NXN85R(Mu#oH%H z)63QrqV)H|ErLAA{mo`ShG!b>!_e1gYRV&2)~OH^1!cXVz7BXznKWSZnSUczfm zt(8Y{-bvx73jhii*@9!yO5tN!;Dwrzc)8MJ`L<}COOW|kIq|HkigHA zzys2n(TC!f@%#)^54R&I1oaesBL!Cc4Q6JjUA(OGNZ&4=nWU;~^SDP?09DL+Lf6KMFP&1vZ6D)WgumuVx@Em!436fK}s# zsr?Glw$81$-6{b25z@}+JkBOXjY9$}>;&6J^UrCCaSGuF z<|V(w0Q|7%8NHv;2P;P|WsWM%YyNmCKVebVD~Lm8P*0*r$P;MSJ$^`R^qq&G?o+zH5iKPk~x z0-dJ8(z<2ilhwBxABi7P%;d#eUL%8$sFHG*NCA4agt~} z^mfR`Yg!6e0b9X6?KIiMY5ckzwygBZi-goBfO9uU;(i_t8>qC&@#{93Itw)h$dSg> z#ByAf&iP@Iesj}+(*VBIb;7s9vkN$hOy+M;-JbtTz#o^D)6LE~90CHGM)#BeT zhJ>1kzxz2dV!w8VViyn?RNUivVH`jNgVYNrbc#P$SC>jqZl+O4v*jZXGYqnwsrRL`ieH+i4qdhX!)LeZdavNk;v(z36 z5GqwVnpOiPIoey1_6{eAp)5mx!njlp_yg@rM8(?4Om?G9^qJH$sLhl!8w32|k9y}rMr{ECM4B>r<$Yuk#% zU`pBCe7N&A=fWmK$T|D^?u7X{GzH z*g{H~Ud+>Sh`xggL7>*qG5(a0B#jM|O&NdV>Z=Q2Cup#lJ?sN5k)&5TF zWrC}}`;Q=73As-0%6j7cr0d*lt1jy7pp4bn@ABcYo z8Gpv``I~h5t_Yc3@2}@|FUt6XU%)=yeO}X#s=*{pq`O*FB02V}+*xQ{NZ~eJa(i!= zt3U74)p&X6R7}uBh+-WDCejYf<2PTbiPTMs#fmbj$>X!M379s8;eRiU%EJXa?cEVw@o@ntBzUjr{L3{22M^P_v!h(Y~X^p)9EQu!!;xg zBK1DHn3QPrp@xqJnKF%0UNX5x zrGQ=lZi`H!b(E(>d@g(WFaFSP{EKB2EsWIz`SL#;`Mp|z#~X6D=9_Kgwd`3t&h@sI zY--C|30Kgq4wnnJe`i-qSxd{10!bRCC_sXXY1cWN$6SedRLnc z22TS{TTVG!QS<5E!xF>yh+~};uAKUm&Q|rStPy}y^|qW))9_6u4TS|8ee3ltp^i@? zy{uP~mjisO{3X>shwFZ4h#f?&zLr+S`wk+bP?Dkh_ZxSXaOm2Q3FgA$V%ra+OLg+! z)w7>XKxb{CALp8*Sz#J)*7OXIpy16KPxmQ)W7D#}yL~8H=*9tsivpYO7jv zc_hB?aFOT`uWJ6Hl5>QMmk!A80TFmTMjg7|W*cYW5|-t+d;Y)@dU@CyIM{M=-9k9& zTASrDS}+j>(|dF!8p(9Qgf<+-VDYw)z59Jsoht^r z1qFLjRciMxJh=^6Izq;t84^IaJ9&{)6@B}~HtJIkIdMl0VaEUZBLXnKXh~583Fi4^z;Z4lj5si`&AU-#1N<&8{ zFDh!?8y`RJQaHBJe?(!RH6#9@J?TLcv$w=Z?>5MhTI*o*Pv*c)*|n&AH|f@y@~E!q zfA;)6;=3QE`>FcH`fI0GTxPR94xZ7@^AT~0rs$|k5DB#+c2rEyI9is}c^`dg% zTu3ckXo#&0xVtj>gmN05d>)M8_vV#1TPMuV*vz=TM5cVm22Yx}C+x^ck*TX2l~2(I zoRK!3NuT{5l!;nG8~Ts-*73F=0?)#(Biz|~15toKRFv~M0qFF3#rZ<( z{;&&M(DeGSRI=RR4z=IwPf6OM^*`qz9u(IXucQw5hFNmlV!wR0mMJ#>_KUvNW!3e@ z?su;no7J07LwLb2nco8o`_Yx6cU6b4cx3MVpeUfK1377i=kAfW{2B$>Zy)-%cy#b_ z@NH?OSxy5@T7rD>$RVSryPzN=D9H#qK+%RrZr*7Q*7aQFtM@P4$PMEvL0s*? ztzX|?JEkEPew>-|VQDMta=$^j^CI8D`vDe*TsZ0+K4Ykk*xqP9|fVk$iT zp;%44h2@4phr^<;^WWsLdEER(Z5*N7Gs*?cH$ zBxAOH&H~onkuhQ@$Yit`Pw6#Ozfqsmzq5eaJq2%8+f5MLkkPokeECuk@7yoXHOvoJ z#793gsXQdl4kM9yL2&lo>wngp@ zlEn(E&l_zdINuZ{wd%pSELpLGgC#DC*7Oj&r=`uwLg460Rwz-aPP7K@xvB^|nWh}+ zd(VcYSgQd1E;9FXQ~~KSc~+v8)tF;ne7YA`F1BW-6~HbU=gNPd>a4{2>vX#CC3{I_ zWykI18WMlDj#02m`v)JdI0jrD?>v+nAZQHS##&t}nQul&9>-`*a|Z=bbciC47kmcp z`!mfLo&3};DlC;X72sN|G`*6i!YZ^Y*D<2%zoU!uQK(;fVYem<#LUaB_#vc1tB*7mR3kR#AZCM#f zBv7gmS3#>jG6;G!S;%IH8r8)eXpO92b(?+4T?sauXy0Ow+H)zx^e<8QKrU8SVJ?B1=3)o1w_%swyt+W}kNMmj`oSH&iDt%z)m+V|^ z`Co1iO-QebduJ55u#KkEH5>!6PR4|W_4X0qP!$N(>}BI3I>>d-pa_mkdH0hnNHgry zdrOyQNLyFkMb|h9ta2x6p>a-KY)2Kz`uOoQZLkA`pH^ICCBABVcj0=ZwEb9;k`zNY zo2Ic(g2Fj4P*Qe&Vv79eeMD2C|F_3@mcFa)QuIPw?6mcZP>{q@YsQ0=^In@A*eiP4 z;cjGw-)_JUN$<`mac&WXDr?+Y|Fj6uXHCM{Du>2v^<`um=~3_L9)z$>u(Bae2XV(s1Frit94BCoaH9=FK?K(`MEx z7VKk^u97MeFf4qDB^<5-mp8`0L?b%gRb_;F_A}yuh^6HaAZg*%q=GJP@u!dd5Gi7$ zV=C7yV92?U)kX#uA>Q5aU9u@<5cTuPgc5*k)xysD_lBtvxm`9>+tY^!e#Z#mt<~V-4D+7dUi$I&&E5~PZY8)2t1g|$=H{P{>Hpa= zqt%Cd&@;)~nl}X6cqy!-M$K>Lr4po8>?ua?wnQgSm@k|__7++#`A?qkwpBV-cYF9Tn!}Dx0<>&cU8@6l2 z0)53~<#L?(lT+P=GTncZnDr;Kyya^0!5yCc`SUg8YMp}QnW(FrA0Kwcn1l_Fb1477 z?}Ig!WIvZe0`38k2T@d0gTm_ox|YbPSJ#sU7rJMjpUUYsnr(PR<`kdvyI$m#iW`9*0yr|;b5a@n3pVH(&~_{3}JVmO?&>qqy!y+wtx`{b*P ztB#R75kFLTISCk?e)jjI+M~LIgQD#N74BLU(z{po{w?QW zbfM)lkuFEjiwf$8K{k$4b+nT%Vs5J^3?68A7|!n8=H?Ts4uvKl1bLWJJ;Z@Ve$_89 zDAja<&{E?or>Vn4(>5sLQ3uhp(^XpBp}qawD^XmBIg*Pzj>m-*+Yrct-MwTXZ_a}x zh^Mv-|7yUT^)&?0S&)f09aKQCzGOw)4hQ#X5W)Dw#8f9p$`(Lq6zaA-gmWlI z%+QxqF&hVZtR8KA!(6woQzn=x)Y#f!a^Jqtt57(t00A+Iw#R_GsPLqboSa<9Ti7iS z?$MH-2|s#ZD{?D(D-p}#4AgbiB6;mM6PelJaZBgSs?mdP?AbsNJO8_<&^%TIK)BTR zmZm2M@m3@%)k}NZ$2Js;1>-OauRGy(QB!RZnLEDprjNbUW_7Z+mk#)BX=d7UZ=k8& zu@!gMS~Q}Fl=*{u0tdBNSaWSP?A(_IdL0POER&3D+gA*3^)uMp8!u2k?`W;)`K7H zOwZ68`;wD#;)zk$a?dbhx}0&B^XZ*WE{r7$+M?`U7EIUXNRvEFw{V6)pyMxIO?`i+ zTIGS< zPcnVD>RxP53rsLW1~LV37_yWc;fWy{{crdI%ni4ah8lgNIZaU;&Wlro6h`7?8$FVKiy*1O#F$iK2L*6{R z(eYcEjMI0I@EMMy^QKGc@mySBCqwJpu%a@Az~u<%RvM7`famEGx+A?B`(~QvBcLSQhC7?;o7dwhuG`}V;w~vsJ+~i6bXhWz8-EudsgEU@ zk?b)Q$1;Ctp2Fa^_Ikq`q$;_4?B=JYY(eP#z-v?v5CT*4Ehp4f2V*01S`m}FhiuE9ryD(MRIchmZcMW2 zCHG*X^-&+QnquG*8Aw8nS92|krL9Jp_oti>O6v5ap1$L7SbUUB@%PF4g(Y5uPAQ$_ zwmfON1z*IgQd6fD*J6q~*QoB<$MvLT9zCIKu5Hi%V%T;tomo_)kS?$6*yjDB(2i5XSwVc2%=@My9V4aJZM15QH=9 z-aJ_B@P!xonu|sqLD!WMHzz;KRE#n!#e?aJfTDnhAaCBgKftvC_peW~p$m92KSL}b zUJvX4Pgl8Zi!|D&nP%qS4XrjR3;%>gYcSsdE~C^F>URNky|X`O*M;W1522oD+R}xm z)L%|~Pd${jup5`2ug<|L z<)l0uz9+#!jnOwH99kB2#qY@OXja|)F{He6WWBp3F~A!vmE6cE1)cc5`TatkWu8ti zgwk12XR%jW&nmWcx?Z8KUK~SdMm^kAy$0P8gX=K;`n?P4@gte3Uv#p#>sWbuR8V9u ziPFOigXXB>Oxd8aZ^d0|8@B!35Lhov9|oSo!!asc`v`5A5iN4IRh;U3;b3p4)H1Bs z-^(7E;hg~hy?(8JPYN#;JvETQ#}hxH__F&hMgSX#W%f0+L(OaG69E@T%1lEuE>Tv5 zW{E3F(5Zn*V9fB>e6O0EA&YKsPG-=`qIUGKFNPSmA&MfADt1L&1DtE4MOh#21tvs&gV z_r%w*6qMc+k}&+e&B784tGd0zlFj;k+kQUhTQzm7~FNhSQgS@I#FZ59=HJau+QR6BHI&} zVC4a^Z6hNwCfu{MfuGu_$S1x^tETcz2CSxai2D9rL-fED`w<4T?66?^rpcdx?Ohcw zG@<=Q2fWhlS!VCkJs^_DMKJFzxi^F^D%_02rGAh7?UIZl0!xM7CSg7&(vWKmPCaWz z>;V|pG*wVd{q*%_7yAkASUGFPU@-TgE{kIn4meLo93Hx#&_SDvml21Rm;75+R@U;> zl(WJcgNN5>XwdP#{MARMbcSzipUb&LQ+(L&1mNr_O-$MV>xUcz$*Mw0RG5H^yMg8f}4-*yH#0(qlzEC+$G zqeTt+w(^O6mv9eH&&K}Wee7kGU3E)Y@8ACx>PnZ}OK|SJ#LL>Asv~g4$*WtWaG?W`4Qd!{5*k11}_^3+7<8pGM?%(Th!8eORf=+l=IC;6?|J0-ZWo7*PEgT;cuMOUpJ}L~b zMG|o_@zr8tVssPGdF~skwXNq{8hScFe)*x{LPY|Vi3p>mCd+?5W>1~etQ2{bE!eme z3A(dn!GP}W>Nen>Z3T{tkfqZQ6!LH>E8s*Vuk+_yP2|sW?bd(%enuC7Xc-JrR6qa~ zN}?f_2l{*0k|G3B6tH-)Rov1t-*WK2OwS~+0*KfpsK*b>m?ew-FI;0LPP(`N3lH~3 zRMrn#?AP*0O3p_t?1*_yRa$9GH@CLJzlym}P&+syk6eDpJo2jFhmVQ=F!~Q?<9`S- z|9X)a09*$2()}Cd&16->{`Q;s@#CrdgsmN8WJ?bpf7SL^2zr1IsF)=r#(n)z$=9!h z>KB-2?Exmi4H(J#h)0;`SKg-5w~fIJA%q-A!Vzfbv^r-<*wD(#f>w~`Ii9CS%}(S_ zlB!)vBhI>MZZe=3&6JOK{=RVhi%(svE{(NkXp_$be0(<>=4=`5AiKTSK`)CwV42ih z?iQiOmf>`(j)7|*l9}zT_HWv?S-do$w0WPRUbS$w%jFl?<+dQ{FkzH|AyZpaL=ak{ zud4d=%EV$4vz>=^z5DxjJq>550AqkGhpZBOSq$--(k~nz2Lu8cs(Zm6Ge2T%xZ{os z-SM>Hz5RLukD$xqKB+J{?jB}z?Mi!OkJp(9M>1H+Y2!)=K{0JTl|BD=!cjL1FuYa{ zo9uOgryqocIZu|i67yJsbI|?zpeian67lT6#@pRum{*+C(?S+o6V9+vwlNY)rV(FX z-z7AS+bidA;^T*802OHhXxu;U>hhYPw3%L9{CFdav#_|kx%(>a7O6;gUq3`o%{T!_ zHr2Xh`!D0#c!B-}8((hpY z!0A$xBs&;aunBet2M2v7tdr^6$|}OcjD|a=b=NPEW4|UC(oT=8q`Y-K7OWm@5pO z&mV-ZyrxK~S~>tb&c?aQ2GWebX4BJ}65Ysj-?5QG#f%I5Z2X}TQV1v&)(5g3UYU9( z?9A4878Vxn(d%Y9Z!DO{no<*V@!*e>d9rzRnTef_2~bCPP2rdptFZ80CmueyPl}7@ z(j1P(RvU3WbO_cf(#pHOBG?K)Hhqa~TiKIfW}cX&MZCs?f?7Tq7e8|%sHL0Yn&iAz z`;d`gNkapUmhB{aGy=%bB5R_uDP>IEROo-MRE#`8{!&*HFsA5tHo^kFI7)|kU5aM#f*Sy=V+IJ!+L05Q#~u-) zm3^6N?A_jIjJ{llTp{|HH7a0UxE3z=zcOm$D3~U`#p3Q%2hsn0I`^F{nT-byhc}W; z#=j%pemf$;8XnPspc;PW2Nw%jT9Rh{;@x*Ql6u47Q{D6Ar=zZ7gteSyIHC^vb=`F- zSg*j?XuoH?UM^-o*a5{@15A)=*@?rbiR|0QG#^QG{91pl@D*M( zzgRR9@DN&M$fG;!3^?h@gHF|NWN&~y+hSBhyz%812L@Ex7xbO7XtDrbHY*}ODo2an zN4SQ+0o@@N`;#Z3DwQBDiHF8%*;0^}s9cjqCr+dH^*t(tQS0CQrl=;ND~T9gdXdZ< za<@KFrGf~{0cn0?-G{8KmBh6XNaTOL01$iskFxKMhO=G2R->B{fjQI>h;x#zy_ zYwvyS?dM-N;Z{8PNV!}7##xAomL*I^ThT(7iV%dUCx=10IS%X&c7 z6E~4pVR{B;&yy7m7}qf|DVj!=Qz9p7?dAdp3nBWB)>P32Zg0_45n|w+Xjp71(cfG< z?B#&cVDFG4q%n75lh4NjArKKo>o1|=Ol#~JQjVM z(E6^A4|aCb2hGsT>qNuBagT)t`rY8HB;5L_SPbHy?s()5u1_fj6jSNR>4ct`OX&*` zlyq?CoHPjb=Evd@0<%@F=5xSH@%&WME*6>3RR;LXtLwpBBE1jBqV>cBO&XYig!s+G zmecxLCG@?XZw_e`wC73;2C$L*!6Rrd;JS9+de`GHO)>SQXa{q+4i+p4gz^yAvaPs=D8_qt_ZxY}%H23EU>48Tc! z=>ARSpw&gk7X`NwzK!^dJj#2kV#zzxMinLzLn6V?f4gT~PekDzag8e2XCJw-?6D#$ zb>?nO+AeRYYh^__Mc!Ui>21iCtOJaD*4K21scA_emYjdMKm0wO#ZZN$S+%bre`xT3 z_ws-H0f>?la_$b=Lq7{C0=J+RK=|ji-Q*+SMju=3A~WCr`;O6P;`z6v=KAx3@fwDu zX>_@21d1VZC&cn9BdpUiBW6MPK{Z}oj+%zeGnW_AhreTM-tDuynpRvCtB1b%@uSA$ z@IGwOQpO&8y=nwrwQz=07dRO5V%n^weqRf+HGHd|?+S+{4{R(v>SY5>27siEUxM>V zh>52eRAN+@Mely_{k=Oq@&gf2*6XzGV6c}C!mp~X)|Lz$&hNgV*YsX&PitJhZosuo z=nkgdu-1C=LkQ7*>-+7zBlR$s&HFUA8Y9Cq*z}P{1k4R3p390wfc*(D;a9xqc0d=} z$=g)d{%8GLlflu`@&uZ`gn{)JE#2}mg3}N2je@gmZEgLFe6TXjii@p-Vg3LwgM1iu zD9j~H(}C^V{*i-4-|3r?%vqwfxWa6E`_0hb9NJuRa*l9oS397 z-&TJeN0tQB;suqJ|Fr_K1E&mqcxSktHi3okB`I!`&ww&vE@ByHtY#BYTv5}Ff1lW8 zeXQ{88Q&+FJ{DIC6_yoO4LA0AARE zgT!uU5cojTeRVZ1E{+geoIYqang++~g`fY1p{NztpL`Y$2t#?l*bD-($;y|BFKOTQ zBNwN<{`lF;YD$w#1j|hg*+_Y9N8)-f?XugpvypUT$5YEcZEdpYTzkdm8}rzb4!PI` z501|$sr58nN{p~Gm}oP#quo7pRxiky;*1wJLb9_8)G`-0H@N3kqLyoFG`Ai5Rt{@c zmTB}OAonv?+aZo;wo}Jp;lD;-dvc5LGWD>-jwSq0JVlQ}t$s<2f&RLF!G89Nz#dX3 zo}Lo%UjPws@)g8eWp|<}a|OAw#`AN&Qz>lyRP7|OmtNW#*g5oQYu`f>f`8&(AAJvB zOeK~=Ix&xFtB206p=;K6hJe}h-c%nifgJz(5$iZFMpcgX9W|p;TT;$sEFrEp+MuN} zalCQEBnxmtydkk3Q5i!}J&PvbmpNty!RO$%wQ^w!Y@|(OShipTKQQdfzqpA$0X5 zkNIX48q#Z;F~Xd7yA}(#|O9X#Bq%ne3`9!myY7JxFo8hHjS}MGUe}(s+9*@ z_*jKa^<%5J3Y5k?u1nV8Ag>QTfxAo+l&S()+rMpk{`1*y7qB$gIhLwTNxt^_(evZr zGUiinDb~>s-1uHuG%^#)YddYc40D~_3X`fKDgE~6KEiJYPPM@K!ktq$^d;aXnu|lX zx1SUFh|r2ElIw0ke!i|GUNJGfnv%J$Zc2FF1Fh1)q_H;znLhd6>xele(bau@g?0b8 zM?*Mm!aL>(|-m&Pw{0_~6j9sAw8sr-&5gHX9wFGAK+gG?bL z2#bj|z^5kxPsEmU_SC0Dso1?{CM4tzZAqG#=h~Thl(D$yI)J1m(DwB`sPbk5r!7)S zH986_mFCCkQqJ9u2OM7=)Z^veTbC1Lq3!*$vG3|9S^hDBne>i3N`)RL) zkS`|YZz#aoZM>t&{$T+`xfyH#2sCPTK*+R3rdqFo-^*YUGfAf-au+7C@V+g9rr#F! zYF*9!|A1}}$7p|w-Db(s)77V+Iw|PWghX%Y%*N(Vrsmp@1tdQlcdgid$5#YoeX~qZk9|MNsd|lvT^wA@4?$mcin4 zWWtICq5J4j>D;m918&ZPU7^;^5l7$~f5WZL(#p|A^6{!Bnk&bnMmX zF$QTJ9n_c3>Y_xjhihkj*i6fqVr#^xhUN>h44ZYj+lRgJ_V6#0Z9q4F@9Ge}SM~mX z#mfKgbD&Fvzn+K+2;lLH3~tqLGh(*4y%7$T6~&qEPgo>_%<*n5GQSWK7HM#ksCEhq zubgHI4zxJdBi85cU+&w47_unwrNeZfrxhfhL|{PK@NFzDJZYS*guzb<((@&g`_^!`}rFR83bgm};A-$C~h9!(rJ z7CP}T&e!D0-nu2^sgf2+e_v7fBHCH|OrmC2B8aa+VA8gZ7auauG<|`4)v2i}a89oP zGPZgv8vWiiLtfIuzEi3LIg?4cUmyxmLOw?!|uo z%q=E1iHW501tFoYDg1Ijw<5vsKuW1f_aw=lU7OXrY71NMVp&oAPlxgEVMV|-a0HK* zQTKoGoWC}Y%*-E_Wd30w@bAmw-``pE`#|5ih~$1xe(g7)R1~6dJ8)tpPpWi2vVZ(% z#`=JTxn#-n0(Q1*Rb`tBoBcf9*xuegBYb?vS?<**(D7?F)0@UiMEOr7MMY_Ud%wot zlJ2!HEi}upoCsPX+PE!4UcN)?yOSL#sgTp^` zoT`{afW&p8T_VFw)4gobXdMm!*$fU2K6B>m2@D`z4_+j0-gaaWFLo52l`j|HKtm6* zg+VfY#!WlO;FylNWRJg|SFkBWO91plxw)CM+s*qI; zkYPF5+Z+1wS0pzT|Ju#j8k?dSXY}^f3NdK44#=^#@lLOePe`!%Nc6FpchAkob^v+8sQUd|M2fv4FB{3?dPhl7slIMt zcX*jz2zw4>cKh}uK|%*L@mxsx10nA^!d7ePh{Fyc%J9R>$5GCPY<5*qpmFeM$v>_0 zoj)-CMN7k!kJo?LO2JY#81#d<&S%bXsLQ3Dh-9OSMoaJ6v#@lpJ+7aB8HvAo!&{6&6TDen$MY@o^F$9LNTIu&be9_s(hMhH_yuGvO?{HPcy8)4pcKBv@uYI5$q>WK5F(zmAL!u#x4 zMdM-kc!w+X*rMwZg)K^g0sgiXgLH)lId>c#r}yln^Ty}KVhzsB&wnsCU)Ba>>zk7r zQHRp2>k+6(j83~ykK-Mm6(IZ_jl147bX3+<_I%=bUHbMvyb~9Jh`RY*Pg^0uYsXzt zQ#=<Cp*=%x!CBZ0IzOFrfu82?!QuNXHz5E~~Br>^jxW4htY8JI17*sB? z4MV`C*Iv(u^kuy@shXoWi`90cr3N z17fqt=+x5_?Fp$CrmrmcM%<6qd8U4|TW`T;!{)uy%Q}3F246{k1ZmM6Y#iUPMh)$t zWEn#8I{@4x(IC!`c1x8u|HfmmSLb~`chQ$WnDp-QfcNt4M?!biY%f>yph(%(sPM>Y z(|$qf1*b1>-8!E)ii_XH(YK@8Cb)q)XTkDW2}ebgYNz!ekreurPlfB9QZ}dR2Tn1V zGAZ~C@Z1VPp-CI78(n#0rce!x!5iFFRcp!(SyQRO1R5EO7{axfw zn|Z}L4(@-`xyDMhQrrU*_$9Ve&V*a+0=VoJdC$n8cn|(pW6ybuFN8mT{UEhU3j_ZG z?y<{E^*G{3K^k$n6;``eOL!qE?s>D-oE<(s{umy`;pFn5uHrHyF!Wf#vUC<16?SyG zQTx4l)&VX(-t5qo$o$n}5^k`3v^0DV;&P9pU?N`2&}J?3Ni86ETHo9}EN7QjA!Deg z`f&SaeNj;#Tm~iSDxkp(td1tBz2n@YY&zR^QDPp3DCD5`MW35mNUCVhid-FLA@Q<} z(dU5Wf#UPU^-@fh`5TKVKsIwV@#I8tI;;$-wIKY})zt;110etrq`8)Xef9G4GUCDd z*i^t*baT<1<)oO{*zDMQK}&drM?b2WV5=H5?N&LEEI2+qJiN&(bEI|jtHT#>&<%Dp zwcaX-evynUD>DAO#XN00-%Fb?71-_iIB%(-$=XYseLR7Ey6VUp}ZA*DvmgvlghkJ z^roxUhzj@E^g3e}yx$*PM!t(ow49BM&-^%Es<_wf)ks>ePaLulDKbs^(gp{wR99lV zkwpIqW{*b3Ql@@U3(7WF_Ve2_2_jPmQ`4OAK_}%K_~iXbqJ({sE`NR$ObUUu(Cyh0 z4@KXM>pP~0_rIj&2oit?;oRxz0}oLB0;bIkz!y6MwQ_I6{h(Sls7zm$KX)et2c>Na zWGC`dD=RBUh>>IIe&q+UgkP{EZ|Cfi6lqR%evI9S5QJCVC;T0N8vximZy(v07{G3L zx9@&z7PA#sv};7lCq#e|o-W%pjx3rS@-HrT)$GvFNve+5Q4pNwZk7vn4wPI!k6)dU zS#t7Z0`be1n*5*YJ0Ik9CQ0>LF3f4{*M=E7amlaz55KzI9D9mAW+vsJS%CQcPSEDO zA+hZHFF;JMtE?QWXhxQ>Fl7uQgMLd?P5*c(fFt7bfKivzfp%2rmbPctMV2fH<73)3 zab(>;jK%^CnRG_!-`EacYHV>=uCMA~#a}u!iT-8PCY62@2k!^o`8zwi>KWQ*oc}?| zR0Hveb+U)C5fUsI6^Dde!`0*PY>eD*S*_x(7U@W#n`3 z2sJrXZMC_}!RV;PzfWOwGK;S7{aH3FG6PNjZg}3Fw4*3utDTgXB&Tm<5D6HF%ezUv zmH1g(KQHe5$H|P-Dy)Xe^>W#&c5()N1~=%1v9wi1SxKooi#T# z6|u8yb)|{hN&r}tU&b4?o4mS~3ta%!Y1GCnhB=E!a~}qii<6*O+wNLDV?2 zF+x^%jw&lEcql*|zs(p#L^i9*ML#(1W??fK&x^l->D88?%Z3|$mM)}D$HE@}C6odX z4-jCBeV8K;dw;#V0|;zC!5S?8SG)@S`T6Xh2pwVt?06mH8(xrLhq2O{8wWQA(a@F} zGX<3^)cLI0n*aFm)1F}K;GLlL*v918%nUB_K^wmM*heQwg?EBe9TyjLAdu2+tXO9Y zTC9*UZMsBeQCL)Th~C?C0P(Aqr_}q42{&`r8|MaPpN^K8d3r&EDrV_tykjs z=Qna|jztGaHs){)5HsCW=+%cA_~QbKjSUShfws^0eUfXFf==|$9XXoi@tj_Q7uhL^ z`%{rF7KPux@234MXuUEweElngN03wtBTThr)MP#hP>X z2(&IIrn*c`Y4?|w9{NK4tz2=&Ot=k;Y4q9HnuTLOtCy8nj7V?G@ecBjTPZ6GPOow? zs;AhRFw*o{ksQ*Rra0F%b29g^T8qkzRA;26h26jD8~sx;=h3wycGcGaIsx+eTB0v0 z*Giw?Vl38OZ9?_fFlFn>ioCIjy7A@q67(OwcIoJ! zg;9}mww#78^4#gV!lTcnHl2#(CRRX(mxfh{Re$RA?zd6ZxYHLkgSzuzi=;JFhLNp^ z*N(0p=I0&2oxEUkwz3bAE|Ay1&MV9LF4!VpyN@5=`$qe84KN$Vy~J(tcE!$Ty=5ai z&U=10{moS-&vX}24kOIy2OqvGJBPE6ozk{OhYo4FXK<<#9tu=1LL) zf99u5krE~)20!D0s1m(mqZ0h!_ZDqRkoUfvALRJPX&hf`RM~`#xGw)Ju))-*jtx(* z&ei)=Rw7S>p@3E$-zo%^DaVJHu6LxH-WqJPH+=UU9HtW;LZSA1=j2-iw1E+&w_ZoMtzn7L>tJ?&VU)J2%%ua1({? zk^Pl{+RO9VOBRCdXzQ(M_gR_!J?g9(EoQk=z00uhDyQAx^BY^w9kEj~xfEit_nR|Z zrf$2;y3^EUp{MsOZR%isE{~F=?b}!}OB@&7J|{&+tw>2axx-1#5U)~t#0pQUBuGHf zLj39LC}|uj%UtF&!AwDtIrnDH?uFkN*Ok4^Zf8E6#I62h$6c&8cF?lEK;ds{jx=O; z$J!rY%Cdb5VJ2wN4+!|5J9F?O7Vns9zZ36A^-B%Sw38Ce1Wu3HZ1QMZ@^9TFk6X!& zj`{me#=3I^w998l<*$^lH`>z_S)rph9--r6pO=56sgvF4%R#v0K6mbFwZrm0(1NK==1e+n*0x|GN149}$aC6F zR}FPYj+lG(4EipX=n41rMvV$0P7VE8j;Xr2pfPXj zd_LUM4(+CD)Rb3LzAdUKhPkYZ8V$^#?Kv9W(d(K$;>Z}d*>yW7|T^QlF?rHA%3 zPN1dF*~gy7@AQGsn)gd2c*u};x9`-Kwha25_DK{I`5$zic|DMm@auEv1UhKLqA5MQ z$^w;Y>d?WF9mBx0R{H^a$XEL`(he2$vH^P5-1|5UcPP@|`Tj~`YOL9J(Jf!!V*};q zDiu%fQ6j%tSK9erN+jH%h+-)t_=H9m$XtFDGQ}uFRMwSEppJ_qe3$pR{GT*!tmVyu zWVYo(|7g+Pzw>-qPulB2Ao4Dv%s$|JHDoSe-itMG$vTrGXiJIF_xB&eUXCvx7xaQ5_67i16j z2I!lurR9K|yM+9+!^5HARcAvP@+hZEDMTG;6 z&#(dgGDsh4^FlJ8B+2aMwLuD^$Bwrnz2Q&SC?QO89_OC?jKC64mnLyOl`ogi%f>G|Da0)CVga|QJ>1+n(Y#3# zm#^E|(aXy#Cuy94s=<9ptUQY5!5SGtHo@bTsndfrm{iiX1ZOcr;-X?-jM~Lum-d#W zuYD3h(2NdPhpp>X&7jXBOYcCcP!Gn8-0Vn%iQH_P3BxtJJCVE^aK2BQ007NRiO54E}~$8hZhL|B}*!MHbgHHk1Ofx*mjOQ@tK9(X)zX znYNb<9C9K|y$79W&X`viisNNuq6%wmtAWmEf1vXL&DBeBXZPOWIu6Dh!#4?P=(aL- zb*X*mJuN+{EJ56*HmK3fW|zwgYI1rubl@Qn&d9?i)sf-7b=&HljdM&2`2du3Nj{j$ zr(@4Uzx~`p#)BwuT>h9b>fxT}lI51njwiHVI?#1?lc_#a>_ajr)pVzAz2)L4OX~dZ z(lT1LtCdnvSy+FqJhw{7F+*VjJ+{(vOd1~+!dcma;JMYL`EX=dbm#Hrev$|XKj@OT<2BqVM!)zuXYn-$Q~_ zk=HTrzh1(BU(x&^3p2q^ro39uf5w0Q{Yo~5VWqbK=&hN%HOQ%&RiG+F%;H#gxxxFE zxcA@Ru~$#PuQmv{f?E9CJJ){hx0s66HNCp}c71!hc4dq@{9{ykQqo>6%?&nO=Xd zTDFda^knnh-Cbe-!TxT~FUqf|g8sav$qoq-3m&Hqn@pqJ-}mS?_5$sfG}jzi)xIFK zbbrv(SaZwfwi;et{=s~Qn|N+Y_;vIXfaBAFrNNYrQp~;iAKLorS(=4m1r3*!K(68m zV%5Ya0bCgn=na1U{Mn0<@8Sl&oV|)l1W*TSgPS~g?ungb;jBp`2y{fj!CXlUNg7E2 zs3@KriAfmuA+HIPnH>A|tL*jo>xLHwuU@Re^poThtz(@zEw*jmSGAwvTuS4yh(d%R z*4;spujJjUKQKhO8XLE+cXoG2F*ufiOuV-iEi0C+zzZjSb8OL|sKo>=^dL{^0*ae$ zJ%%Bgi1V?)k~UZ9{w)DZnPNtr=W5aL@3wL{X zdTvH#o_8L};pJ0`Qi;nW!?$$8dZ{{0S!h9QZ=Alw3cI{g$mN8AY}EP4qD|C>pv;x@ zt6S!t)**7J!|~=h{Q6PelD!6ia*!r(_>4I{<&lw@yCO~zjqb7GlUzTz#zqi}&J#2} zd^j(8od_!_n0TjF>NtHW4egA!A9ZQK<00?FW8{b87u;N3YlW&GB03jt()67)Wxp#` zg(NR+R+gZneMA$XQNVaZG`Y2{B@;czoO}iqbAWJ8lTTf`1N5XM9Y|s|e){pL4|#`A z`yxY}Pop`G597{`?ECjQ0Ggog>3U=$Kh2cT)`nd?IR7XBDlzy#`BMtN*p)g zb7$SUdU~6SnP+w0Tl>CNM#sZ*2-NQBo>t4-M13#6@Mb~F{)*u4CWwW@S1E7|SHAkE zjn!4?Zmj8RE6-GtZ`rL+W8yF;VZm-cx2fXRWG%eM_P1vY2=4vz2af`M+GD^s%*q?McN=A}(hm15CM7~))$W&0-Qwi20Q3Q`F_n^WOQ={J7YLy<#UVY-a zZ!~>spQrW$Bp&1gGZ{^GV)j7VNH2_D`?WKa$^5;;!u)^g1~5;51I!V4ODqO#(8$sb75Jev*(HYvt~?4A?Nn-4?WY z3+?SP3@hZOYFVwzOH!e*9{%!F(?D-gZsm7HAy^alW#YnXbLV)~49Q6VAJf)wj3r44 zB3w+1elajT2SPr;wO#snkJ4y4=?l2K?Dsw@-FPH_05I6Aof!1B50MD9Vy>d5p+Wqv z5TKEXy-E4K(JMsiXo9WAe&lgqZ*L$tZA;Fc4sVT|FsG8)cw|{6Cc$iLecKV4w3t^Z z!p}7XIQZ+&?>~KfHm@xj9e9kFDq)!s{)7p2jS`jMp(1kd{q^vg)`xFl>MON9@Jj=WKG?kY%Ix}LEd0f=uVjs>5Y=Jf34Pf2)@Zn*uF~Wi! zJD>drG$Ji72pOH{wj~lwdh;3Q$j!MBW_=)D*d=J@vbCv(#3Vvyzi@EsL1}Sy=Glgl zrnr4Y$S20&Pu)JHb!X3*#yUSzZhl7VTY%1x(y-0G%Xu7unYi!ZXLgsnAcF%*%!Z>i zrJO8UemajWc41qRux4C;Ut0O`leY;%Rz@{O7k^OT=z=MZ%RhF^^YIg}p})H2!IsCC zaE^*k6kQW~whdi?yYP?t^0^*HPuiT>PXkHPBSl6YYs-)@wI0{t)@D-MH{w2AKWE)K zR99tgH}<1WMtOZ_FBV%adh+G<3j`a0_=PKfHTaAelnRtPgW0-l8XX^<Nzi%F96Szn=JGIl8n78GNfn{d}0gaQm0GQx+8!*UY`uw_YI9+B!5UJ;wo-K z&IB%;x-twV#-v@Ens-U7wEliv(`EzCH{~wf4-K!Km_&(*UWC3ek)A!@CY7LD+L{T` zuScTz&Un@%8COgp_ydx4K}K#Sc|s3=BLL6x<@W8L@q--{l2(9ez0mlFt zG`B*d1FGEXWCRdDvvI%$f;^_wG%JbDI zrpY{T&zd;$uOzVfcsZ^aqN}m{7^<3rX^UEA6+7;h@Gw-Akzd!?!3sx zMl~^F-@Z=ZXV;BBD^OA7L}7cbb)jaY(m(|g28%&K_qGUU>r5hF=RgqVo?e`OEMJO> z?r(IB4!Y~ba;Q1SB%w+PK)TkmRd9Ttl^-k4S$`uESotmpS1+rhTO7aLz7Eq-aQp&U za?8tVgqmhQ=>u2#QPQ?Uvq&(_P`Z}DRC$)L_U%ireHj2--(+k*rU*@>x}RJt3^?{N zx-C%9h@b}2qtBYcrzexJOv0A|pmQFFAAg2}dC7LV;>R$wA8W6`ft#BRoU;bD$o4!= z&QqHznUR>Wk@P&G*Q;8+>xyLOxYr>hL0az8t0+L6>$C=!LpXKr?Z<2B+PCXn#ONHOb%YYGzyXI zw1FIJYHCiUj221q@;^vOv=a$#u(+g(DQ%=bXNwSY#2=Iu{o@VZZ)gzTgk7QyatUXm zq2pKC+jhR|GT(1GntwHh2NZLGFV6~O9PASTQ-QA{c9R>6?`&;r#6x>;fhm$HPXNAA z9wUe(^r6lNA zAuIleyV^{|iFa@;-I9`itqRav;80P8*tE5G)!3dt&;((}=2chU%CVsD9HONu<1`Ht zQ=+8AX-f#B#s5+EB9|;^flrBxp+z3twQBptbC)FZRKgPtt=a>pQEKy^Qo@A$(9qzXM z_`$F72?$E2No)Pcc*lJtpG??l%z8VQ#{b(PU@_hkSE5+od)7R5Ut0)NdyGyk=x%WZj>sLp%Bqw40ipT-#dhc{GXgXuADY0s#JG zD(Ai)JY*6?%+rfr)YW|;n*0=w%2ZW7^zP5LE+1mlZJ?}=vQ)`L!dHMXE25sRNkJ&P z#&LcYt^0+jX1x5p56*a7k}}At`FfKm%Z!2-gewacvwz?vehm0{{afAlug^+k z*kNC&L~m0kwL>~sWOkPXg&kK^JWrMr_3ut&S-yMiT>V;8OUK6G`=;!3gRm;esBLbl zCQf*FC!X9p&aq*lr!)|B`3rFVoBl=^X+S@H4OOThGoGNOEyGj+?C@&i-KY3`VjeoI zI-sgaCSpr=6yMQyr=~|*8}Lxp?_IJd#b;OSUic9JkQ=;no!&K*Km%iVk~B@6R7#J2 z->I^q*c0X98JH<00^ic%)D)QJGic_P0yhKUW%?UA#)?Y(L8U#6zMWyp&o*$!=ZuAf zMxpfM7<(qa)C5d&kqZr8-$&ZP+m>nXet>lx9Ub%!mbH^RYHyhG?H9SY%D)}>QG?Rt z4#`RZtm-_|Lu>%7`cUiu4LYXfq;+j0Qf3jpwK?NGxV_;GG^8b$tz;P*Nn(y-&3SzZ zfLy4Aq=G7k>zlg1L6vcKyeii|{|o%a)ft+4=I5yGMt6?ZF8$RU0mV^)KvToWvO&T8 zK?TCOlPhX}N{|rMzw^7&VxT;hCi9K!*#?J8pOUl%lk8=h;69<RtXZHF@i zb%Dw+%<-O|%*+Zi4bQvBx%sZ5RR5O!IIn$=&t!N>K;&D(@w(Y)?=+85L% z&JP3wd`af#NNnBd8Ke~9G6I&o`)hKYZ-_d%g5Q%X@Q0gU_Ie z3;Kn+c)BIcczk z3b9H*sl$}nP6#6wr;Jkx60+blQ1r<1`_)|ee?EG#i-rEHE?ljG9S+JY(RiZlJ%DSjuB5m) z2{$^fI3FnvkiogYiyIL-0N)1AthDb!RxfX=my;I3vy1ZYDnb-HEvfQSwZ?oiSSYctW zYhU}Wpb=lRNov21a!k^km_@Kp{*xYgE-wcrN5XyD6|Kl%s~RWuLK5c<7@rK2KTjv( zfRyG$G`}Fj(Bi>-hIuNtb@++npxC7xVP|^Aq6ja?kO8c?>@~yPO}y zhe`rSC@nx`Fz_<=+pkXj(mY}>g)1rCKFysxICa}Lx>HoGZY3E1Vi!W)0!lOY-!CxY|v)$I@*k7v$TCZ3pKgj@kHxX#n4@uoFh6r|q15!**ds%o4;1OI; z(zCsO_+^Ihu}4MPDkuD^o+bwde@}8`8L|FgmN&ZBZG(n}xue^r-8$!N9krx3+|M|sr zFRPmWKH#wK)KC&0-dhQ7B0Ox<9dZ}vqe+V z?k$;-*|Ckp_{9>}a=s8r6L!Aw*5SCaTH^6x6F6V zlOqQ8ITJT=htEN2yUV8z7V|R@ghj8t%@_4T^%_p{@6%h?6>#3gp(KAjcg-xQl~BLt zrEH)5zFu0-Kjt|fP(Lzbt^`bX`mcQgQWkn75vW^t@dgFBxm1(hxgy?ge=~L7mic7`UlgCiQLjg zjRm{AAA9)~e4>gS-$;+(7dvcFewz2($dn(r{#O9wK~CfMwPUnw>egTG-2eNbXvNj3 zwW4t}_5W^Ez_W|+#0j}MtFzT*-$MHE(cf0W)nafB1r~!VVPnI!f9ALQgc$;{<*wxp znjfe1sE%gN2L-mm$tX{2L9&14z8J%&L4p#V-`bd#2f zc^bvm4r@hdhQ+xYKBMNxj~|~MY8EUmly3@Npf!o3l|$9a+Oo0f?%eUw3!3+)RgqNi ze)t~9;<7W>wkw1L%}h*ahktClRO~t<2)V(Zm>pWbfs1&%h?Tu!{UC#qovqoDPQ)P63T$8!M~I&08?;J966*!(0GiBF>JZ zahA7=+3R-J{FH8`h#wSU&TaR6DbkAc0FBfQE&uwKxXn%K(v`v}egfPBPLhq)D z!5qbIfOGrJ6v0U)s_A}8b_I7jDqhrJs$J&gbfWdz@V%omk_W}iEv*2D)MQjcQKMEK zyJ(C|3TB>A%x1_WVHlneYCn1OB!XTLLmEvIoyVCH8*7$m;81Vl_qEv>K@Fr;J7Ir1 zFQ0qjVnR0!ukm-sgPZ#>KFFn9J}zxucuzx}X>bt%a{_i47joflEq=Q1GB_dc`yZ`z z?oSL4n>wQUtAT#^#}Ts452aPo>Ln~856=a$zJ&zNA*9jfRyJ1EmI*R8<^1LPuY7ZU ziHncCj1f-5tqsmRf!`F6nQ-0OKh>Y4b!AaF-YS8tZ*4go0bA{u%&JTAd7Gb)@?dX8 zV1; z)bZitL?|z#%Gbh@s&^xnI!d0Yn=^XbAd|rT1?_**$I<{QXQ0r$7rtI-qQIP`(`LSY zpWsw-Eqi%`lNcFjY`iK@rSI_{8XjT64)vQiS@he^!}(ewfiUq90;T{xA$*D)%vYm& zEO9+i*Gh zuGhp_RAj)2fs~g$c_&{K;BMSKxnyB3?*w;@sVc1h=uuQH`-+<p6tDR&0nFv^6Wvq22Z2jof{R3UU;ubF)T!{scY+}#QB$>xW&T7pwK zSR(aqIpIm9$g|0ob5Fg>BXdl5%USN#0a|~x_*>zl&JBt_mBF(1GcU`oqiLaV{=Gl_@&;ARsVcm{>&>FRC7#j2IBm$qQD-j|~f*!2$z-$0|M%^zq= z6V%$p2x5AHPKFB*Rl!{1fs9|Zh9nha8u#q`+jmImtFtv+!B)|5?F^%^5_(*d9@#f5 z^#w)3R895WobXCR&ea?KXuQ5b-iij~dn@bCsSYu7sjWqi0~exOi)4trW3?V$#K%ao zc0It;#B7G_Dr-amF$u%~Ip&%h8*rFN*-SQ)TRmv&T9GC^IHx7(f;w0lZf?-0F%?&8 z>N9PGY*uVPlH~pbLOE$@1fbEH$%W0=ir`h1ZY`GwN_4qn$wT#PRZ#Rj(Th(xvX3c< zi9WE%nl~IfpH8A=`y&JN66F}2tBEwz6IQmJ>h~m~vz24~cY5s3>u$+@`R2EC0*n;v z&`ifsk;{0EC|R?1_B|$ySCcy{3VCrhTU26i63NORBphbpR4jcu!3KSlk5Cnv-gw?G zvE2Yn-)@p(dPD5W>yF(JbtVB)7fXx6ApgzfL<2uzI-8$y0#}R$Fp8VEyu8#P`=e%W ze{XZIue8(co6VoNLc&ctn+M3}28Vm^VSg%$xN-NtkR;~p-=~KWl&l;@kz>vZq)CRH zdl|hCOh5$QxSgtFFglacK^c^n1Tv8FT>rxN2#(9wx2Jz8G8xW&Q|<^02k%W-MO-20 zJhhg==-5=AR6%v$(9}t(R643^YpS6rYvG3Zc9W~z&59oxZ}wYCFavbbW>u^?;O$z~ z=55cOed)n%cd>#UObG@lMZ>Gd?Klll24XIlRRo<28ZRtibtMS^?I=p*Btr4@G0v`|mG zKV>_N#ygt#z&9&gX71b;^ZKF>$f)KkhZq?KQWdDJZ#?Eo4ns*=eGg4v{98F8meR2`*N*h`CekHNsm18 zYfCwufw_i+%|~Rj9SjnoLUMfPn$y+w^vLL&exdk6J&28r&Q3Vv(j|nIv6|i5n8Fr6 zf0nx&kUJDY*t`5JzGF+$*CWFvkAe^9aVsG$Hk&bC#D{-BNQ=TdE)}e~{omjF*DpN( z{2{e{$x0*Siv+uhuDV-!r=U^tmp6aLC)471?pZjie)n1qPJPp#RDR#SCpz=%XNQil zNQXr&+k~f-gCkTAlvU$r;2|0QcQo^8#pZM&SicXlHI=_2~JfRQNLs4)~2#aN7)vaN+bJ5U^4|vN6LGOH2w=Wz7#$>Tw%{` zNr&x|QxoGhTlHrBxITvlJk?*JfcJ}ygnI79eO1b#v4KysjRYt9PD9qog6lWqv(xjU zv16)qE)r2MI4@3XTM`R33W}VH3%|#g&U(NiX!+GA)l!_K6;8EY;?ya?r9F#PuoeS8 zRjQ0SL`;h+y?rL~v+ctNtXrv6$ha|n+CG3H;X%o7#NN~Sl6Rj;J}vy2Vx;*b@NPb*g@^dvyRUALG3FQQ=7fhv;Pg-z+s)8f-&jbNJ9!^E zD;gJ)zr-%`f9QJ8u%^1MYg81a7bzlw6s3hKMd@9nw}5mA2mvt^A<~-&NRcLl5-Cxt zv>?4VX;P!8)BqwSV(2Y|5IFI9&vU-l`@0Xn;My0tcGjMIt~JM)W6Uj#{MA5#>1#~_ z2d{p@kMgm)((0kVK9hy2zauBoO>rB^nJq>#_MZJv`=aD^%F>=+>=_s-TU}_C|7_tI zyRvI;<4}tW2#=8gHxKm6d=HTrW@dd{HMInFj>fDg3ghv9=+(9eed&}HsO#*@ND_qjP^$xv#n-w$;R}&s=f#UCau!#p- zn!RBb%oX%wEHRkanyIrzwj2h}G=}9M<@HSmlENNwz}#XPxL+!D7&$~N-!+sqMkv^8 zael3#d79!qAJirQ3R3A`X!V2KjhCm6cQ`^U+eG;ehzb(LnTD&KL=6V6X#6Be>^_~J z;u(a;a2xYtUBtsEVc^||?cr7J_(=}o0KlMTsv39*gv=R9k^$VENrCeEpi~H)*7c9y zo&IKH_(bvzQ5P2&GWxVPDvGM?c65A z9NDt&67t3NphDkDB+_CD#Wcy%f9VRXiPQMXVR4p2vcv^Deu#x=7D?Ba&`7NEMkja5 zt-_i%=c=Y2Ya9Py+tzf@PG%{4T>3PHa=UP^p}f}4teJq@oLKhLp`^H_jKyMM{m2I` zSWnxj!rVZ9a!6%KV8GTi9|gn4YbhO@%$KeN(VF(Kxhq3ML-%h@8K<`>b#jNfQa4?R zw~wgDPMLbOG2uvakkesVSx;=TeB0O3j=uK?jbeEfbto50vk+e!S@dZ!Y~YMUV=MxQN~`|6h6WzhNm?M`=a%OB&Ky z+4Ohn{2_Duv;Jjw5KP1MMGX_!6S(6xZUZE{k+QLmd%`If3~e3$@l? ztDOgOtH4Fp;=#RdzWWYNZJF=hbvh*%Tef{@UB)CKBV$f*FgF(pOQi&N34NaCZbF5w zW~QfCRg*@G3+Kamih0&osE0aw_ zwI_3!4YKs$g|tV-n93d|3-a@8dFi*%UEImetWDO6_te{l!OUCmtsHlG^#JYg68*!g^NQpX+PrkC@LM0U*>S;*%jtzO8>7k7=b z;%n^%np$?HzYdHesM;M>08^TSA;0cxBSa-`jSmIJrG`5}yawZ-wjWBWH3_Q+f2WIwf$bJ7%mPJGM;E z4@7jYyzhL2<D4VTdW-h7Ls8;lSCwcXmfSM`5k!efR+glx&N zr%9TB9gR5NC#k@_98{?woD^yXD)D_gU1x_3F!SW^4Vl(I;Y90%yD8i4SfiO*FmvBJ z?@SW@?I$kPjQQt+_(TeI7sufqhck;4=^?q>=9c=CG z%dp2MC&%t5nM?{?;EI_n@W?eis>v^4!gZ#uinse?D8tk8uU+~VaBVH zM*k6LUgX)|Iu6^K%KH3@zVpC*!mXuvHK4B-Xz#-pFX)u(6?r?A$nfib(Q;qC1h9%s zYhX`}H>fen4b104Dd&oeSX8I_EDu12mN1~)>PK0g=IWxrV0=NJc+B+}TOqz3{~~jM z`wSw9V`{{)NZS%=7rECm-s%U3qt1RM^yxo6iV5Iw7!h3JPD8w^soKdey2D~YIzajg)d9k1Tgd#$B`=RCq zUJLEIjT+;dZ~v;hP3Xy}2LRM6c-gFuC&&XqvUt+HPlKr2^unaHZFbm20xtsJ4kcykqh}$m~b6)#*L74Q1Gx_+ReF;SC%@V zcDbiZ?^Mg{3w{(ZI^Rf}NH2EBX(${eB}{%3jhX7T8VQ*Fwr8k_%d! zDFyH0&7M`+Aniwp9?r`Hbioox*^#{tk5|P>Ed%1r^(18W&6D|vr(GqcgDE-hA!HKv zt@lY|PWhrt9|aDj;dnLb`nbW7-fHqLNT(6tB+O?6VqsCz=@m&^va=FqS!DxoN*!wp z*zU8b;rFe7r~Z>ynr3ew448Fp`Sryal|d9T93z)VM+D)6qA|1o>zm108x065yWf~oA4@XL3+g4S?U~X7yG{4*7MhD|N$Jx|AL4(Y zwlY@8F4Y`)f^^laF?X?(Ja_FXJbeu95>QFDvbuH#mC=s&)<>&w4B`vyPPG$vSZLS^ zKjo~Z)@7+XlGcM_$;&FsQ&rE2)j*n_+~{3_AEot`=7RfZ#lOP+&uFClkA>J%CqdUbn@omzQYmoU?;q`Q8=q??@Bo-UQ%HF}Pd)nzIv2nF zntIJnax5qEo6JWzwhpv>^3yfzlSU3 z%5sSdHdMQvk@vil?JfFn`|Kd3tiL1MYK_w;{5OyI`4xG)E7tHtKL1b;C6+D8_~(6# zFAt7rXx8*Ubal}h=tl9;o4q{sz0h=>4+cm8R4wzMGkW3)AkSA_LgoOE8E=Wx&;0w= zBjYOXF>({%uP%{Hj$2dsVe($ob5e2N)0j#PWMU-0cJ&K!j2#8$7H7VaM1>kJ<)o*V zIUl}!yf(lh#V;Y4Hnqdq>9+2UG~|5l*8Jhe9pmpId!6V&iG&pazC~$i+|TQCd;QYb z3XCZq8_UXXE1?Erclw~F$yzS2hmu$kH zo+P^O?ewPTnfd_EdTLYl8QvkBK^qqTP0U7?7h#WBGrmhb>AS-hp6-HK2owG-WQ^hp zYqawn0-u}{7Q-=O){UWXnFbkMGi{p;-&d%n$_lJi^Rw%$g70= z2R&7tIuwhA9mZ@F)_C-E0D049B#_@npfmKcNP^y^xMEYaL5YL^`s$l;`-UemoWt@( z@pja^p`Wx>i|pnb3F_zvngezAUYxfV+nfailgShhGs0GKTiWM4MVL9EgTJ;gEe72` ze~v=}xltiI(z097xz%a(-R!(V#Fp$}Z;~ezs)~(G26=(-UzAg}+w!sbQ-_?meeJx( z2798k2AsxW-jjPOKco}Wfevrk-wqn>kd;(Z*LStJm#I?{4C7KVSG*NEn)=*Zan-VZ3feL}z zJxgH87?jn{4_^4HJa8n(6<}bm+J-sQRJEF&fiB-Q5Npd(v^aXF=r8I_+;L_Yxf-{! zv>sI~oA$0fUw56dk{#Q!d$M(c&DSKGpIq!4VZcspo|MrkPh-mMFeDOtaEr#B1mJ zkbl{<{ycg_{&T7y#;9?m%s)ZlsOP2G2cg?O!|eD*!KD7Y=lOC10Uk$B{s!g#2f+I= zV$_Wtq3<5>{Ag zs=t-y{{KJy=}&Tl3kW&swvT_W(Dg`h^5(VbrluwtSy_FOyy^IdvT9R(y@H#@iSM$$ zZAjbw=$Ka|kmml=wykZdE}^cDj`nAvE4x8n4$TtV_@G7HKBsd4?q?QNdwct#yaMyU zxZ8@sFSme7PsG2Z++6uT_aP4jE0bQ#|NXs7#mI(9+VkM}xVY4-z1lhu+X|Vx_jDZ{ z8Bap(Uhdso-Fc^J4Ro;P?NRUHPU~iInXfXX>7a^4JEf`Ke<2p}O%mtQ*j=ZDf>uL8 z^H60_3P}K`QeWSw<75rLuXVHzo10IH5>r&hJAy*P!iuY^3?r1P3C$r-Y=3?6y#7bsAydiQV_{B`ykJyw3EMP4{XQ$r&)cfe0BWvT|zjwD*O<(IMrpZ?ta z@xxI$7CpT<9xkjXn6xRiiszJ2<#x_V9T-$qR8oF3RRa_y{J4>vK4mJEesf#XOKD)L zF}cNOjTT2bha9in-3kokBK+_=t=y-iSGfrth2|wex3P)bnB5t9pau1pdHq|rZ}H9& zR|{w)GTYmGf#$%XpLzQeL$p(Y3t8JiiKzR7h0FfSuuk7lm0uxu)*8uBonANh$8ieb zZW3#q?8^sVjkm(HVhJtF<~KPO+kkV*NQ`sk;GOV*WfiUf&^+;9-)QBO?%ggwTzkz- z+&>?!+$uQ_jOUyG#-iZY5~JA4{Y;t?gaoOVy4}2x<-q>@&>p{Qy!{%nfO94W{cyvn zPa9^CC=hn3z&IGEe1S&tqhSglte}o_BKzZK!{EIP$Q4T-$Vo>s1)Wd)1~!_Mv3O4re;rQxmtEp3JNVd355tDlIWixcRgOVDbclsX9)r<{Mj zoqtY_b{Dx%r;_p&jX2={yj+@k0elmDn;+2h_AO6_foLpe@?m(dM(;uF`VUg|P|OOs zWM*gj4EVq_)bvM9q7R9>eRD%hR2=A|vp(qmm4g1aQVQ@Dm5Jqw0KWi<9}H)TPW$SS z6+i#s1Lel6FQ^usI8vLJo}O+`XU>8m6^E^=d>tiE^AKjn#>;}dJ>qJ|6yH!A!5n~PV|o0>G1DCsvE32^ zPe((~@TV=y&s+lA9F`M&8o~b>HcA&QF1BLE%91|)y$y$Mk+<{Y3grmp=Z=}eSPZrp zaQn(&ZwZM6!BRdkFiQ-tKHlifv-|{A>Z%NptdXw#2pi=6@}rAIDu6Mex=b<9t%$Q; z&AsDvW5|p<^#`fS4(uz->^t}w3GUQHbIgGm-@4U7h6M=*;;E&Sqgv}i7fac4 zEH{xO+9TJ_@4KDY&|Il8Ow{2tzx{N0B#mC(aM!}rl#D%(7m9JHh@Xv%QxR??aZlp7 z(;r^=`R(%}chFJ%$DsAvekn5FwD|8-%Yu)H%WC-kYHnB{8Z)lg3DDBg+S`B{kD#{C zFGoXQdRqk_HG-}==gRMsj8)AK3}qK?sRr+;;Kw=`hCevDMOsRfMZ1LIS0gm3F%>+; zb`L+w4KR(c#IfW{yN$hW>m-2E($mFoQN2^%E%pKi*>OR;UtBgwc8_l{5r>m=;NF*h zdwq|RWbZ{;WW!-dCkywCRZOk3|ki#1n{wmhia212J*`;KC5UPlbW)lPyonl z9c|Bv;LcXK@LTieVr(EK+iRkM4`0$N>z^EAV_5E#}oi&#?fYO?D9^#Bg>T&aM(#q~h$C`ek1dAulh#N4Fy=O>LQQdWqs_h~yYq z^%I8TLo}H+)DSJ=Hl9D{iNjfym5UBGe>FdqTGfwtu<*a{3#C_oj*AgJ%8>iCySDa# za>qicDe4f#dX9!^1Y%afSh*`DZaO@(Mbj9&n)%AgOKC9J?CV?pdJs1*bZIR~$zwla z0;LbCUUSt>MwI*5w*7TJ`=38{`mcT<-(eeE*z)-MNE%E_hLgBv0P|hG(Z*tEbTRW* zg02-N_T#sCp~M!%ndfZ%`Wrps;yIyi1;cGYmQ8;3UdSZB%{bmT;*492L7BNA@IW5( z@6NMOc^D_)FVHA-ljq`Sin`C8``(+Pmboi--3dq=-0nitU1K;9=y1a zG$pfsD^5qi7%sQg+SIQjQ77Tfn0tvAMi@9q*A!wNb3t}>A^y?jM6{ ze|5wR^Kv}$BE`q*9EjMO$RX?CzcDTFN9cRBl%_BK^+0OI^vdrmUM@P3>{qYyHZ30c zE!`MIb?j6cJZO`4wG)a-9gV~PuEfz5O-*J&{N=$sm7`LGFWlNK~x#=is z6YB89r2Hgdq#B4HxtkN97M{W(tB&kAdtf)CpFXOkLtbrNr?^=u>7|;CfoWa6)z4(UqXp zh9KcL@QpCf9uda3kqRi6r-!*CtL^&&`ddq!aM|reo$i+-q^_%&6>pkZY!U`wVNvZ+ zhP_OJto6oU*txlH7-i1BGTVP8+QI9NPkf4$Gdc=dT*w1HcT-kqMW~>(wD63FNxmd< zFFBpR5P*~Qb`T*=SV>*-`Ei}6#wT7ll61U%Nt8dyhe%QITF*<|Q>Uh(kJ`PF7qtSD zX}_n-bAR6y_Hm)jt+cZh>wtK3)wbf_Vp5Cg>3QDTtBt7nf0TdMBc-!1@H^a|B!HP@ zyB9&)KbNtU9eVh|q!&~3N?$WsoRd8~($Q!;!zL;I;R7+PUvYIWA#kumL_gT_2|-js zS=2e3dib_>!YYMMO=sJIvQBN1u*YEHjlzNqNQcVq&$_gH6&-#XYL|_`Pa}K=B)~*u;rsF#&R;71o$R2Z^8V|a*(L3lIQPd+D|p@=x@ka z$xDI>pO#ZTrJn~g0amF;AAU$=ziY$4N_fQv$cp7YQ{7}XEB6Rcy}w@_zWcnr$rrvc z*JS+BWGm>}%Du~;US7!_c5OC@;(`K=po1ap)ussIrRc}>ZlSnz>&=ONv zJwBaMpmgx*b>Xw5pG`bdh~PcRnW#P=b8}dcTHihm<>kxxy{-s+RHbc~1%ZqHnxBq=-S1E(~iwbjUizuDlUEH9RcVZyq z!!%txKcO}Xa7eur_zf+-ITSC&nnlt^3ca&?A3sJ)`6ElcEk9oYTUfw_sV=LBqROMN z4HDrYvpWP$emM0w$S&V94m*>wR|^!AA3J;ju$bxU(TS=BDWzbZa<2jiBitpjEkPlQ z*!?|)4U5;)91~(U0XE4mHPR-whyjb4)r;Y=)Q*|Rl2E(&K9P|JDK|rq0`Ah%4CQfa zF{1jT1YbjtS12kZ)r}^to@6vFOf!GzK#E`&HP%s_QY@CqSS2E1RCA)Gw?qH(k)?)| zg*mL^?OJ4Bc7-Y9YSw5AZD=SMwV=#I(KG7f%jtol02g-faN_eJ0&I_HVM8mQe8E~*B)d=>qWfX&yo){`H{FiYfd5c-4GwA$BR&7_KJ_kZ11{^SEfheBG6XZ+EplW(QVZdbnjuxizB1 zqa_q?XJW;}Z`FIiGb{yFEoO~j?Podf^|PU%y)I;sEY&fx;=cCIAPluP5W+*zLNCVL zvC25QAY^L*uz2-MY_9D2N|Bm@K9=F?tZn1%FT+V?Ks~F4SYY7iAGDsOWRFHO+VASr z)>b}MIk7SaR=xio|$@m`@yiXYOAGqZ*U){;AJ7^HwF!jx9x3`&eEbv9p|Ea z1Ox>k?rV8%{*OUcXW2xnhT!6boC)|;#%*PNfc$kS0ux^zZhMhLbJ#DBRvH+}48Bd2 zF>3`gmaSO7Xh@XZo-UVyE!#FcxeOfO;K@e4K0i52ap^5N6b{uinS{TPRZ&qdR+uWB zuM22`-BKTpmRePqIs}8{v^iDh+z=L?HnE59`VG0hD&%)=ZZKB9+Q=MQJGTA}55r6Y z;-)HXt3Dooq>)H#JHt}=&Uu2eDv<3qQ#}57&QC)VQmD4>UCR9Uy3_+?Z2d|u|Iv1} zrxfw@6+(%p3mFlq+;e>7ge|PjRQ`idFdTB;Ta1=Nos;`g7kxwFTrucaX9=y4* zzEb1{pm75!X{VQqavMbIL|Vo$O^|5QG%98Rb@B-P^jEL0b%Ne^uYDSYvyI#g zK$lU?kerD=saNjLKCkUEG&KB40oV4qwkToLc*|6Qv$m1?MWD!JT3$5lw<68rOLCf+ z-2C?w)#c?jM;dX!I8zzv4n0L#PNuY5NuKxu5Ob==n*0XT$EW5Y&2h zcDJPq8lFIjhM^NXzZEE#h&wYe^GY|p6Wx8x8epdwAji~Xhs#{e?h3|k>c}W+T{)`k;S|hzLOangwuQLw^cGr5Rn;yZ7!vNJoyBG$d z4G;)ysD?};Gi4V;?e%pch>(DC6T6ltG1SYOI{MJCB@)h2&azkwZ5!>G9k%PuhES$c zU|yC%1nNjr+a9zmz0CP=etmLPxd@n{>%3Rkyb;s+)DT>Yrh%Uha8wU{E0cakTvMPt z30Md+0}Cvg9UM`md^_7idu9tJoVT|tQJ#yg7ZxXnxIfC~&xKQ#PGb~M>q3yR! zL!Yt3=k8F#5*$-!8oO)CxsNhe?{TU$%!@ecYPC}$qPyh8GZogI=W zb@iS%EN4H5m9eR+OA@fkD{LSTvUs!7dsG#quFfmGW=;QwA)I{e&V}Lu{REmjjsEPC zKRq&fXJ#lKR@R+L>p$5ap={4b*#$uRjeJxQmMgoj@0E%^0C=9tpTFM^O8V1eMWO_b z-QXYxg+NCH+HY$9guj5W)n+O6GCxLQP>xk*Jok&0@n1BY3V=k;MF4^R`TxY;xNmhI zJh>m3Eo$4MF|O*JfDYKc^rn7vY%F8ywF(i}o@IX00?fn?TTEKKQjPw0;ghx{B@oEp zC-}a*nAC9KQ1S#o-_j|8a$a{%Z*y~i=OHY?tW(&%HZ96Zn5ugn> zDW+U&QA(*keHZ9(fp@HSyq#@T(5#?_F;CPuG5v!8vhGOKtTunje}Vhs)^#NKhDEYG zwrx*I02)NUxUUjg+*f42Dwo~7>XV?4@*Um~RE2tisGZM7BfwlIzbeAkvgI3tE7M2( zgT%L4nK+BqA2+hoz{f*i85!#LV&7j!zJLGu{@wHj>{NBen2tF@)vs05w)6gE6=*-Q zk%J?LujBl}Cb!wFooW{3%$GJdWY#j^R3WQ=Jo}oSYxtTRU^a-JpgtLj3a@*HBeluD zb-`UAYIK*3aq!s4A;Dnux02k$Cjte5uJGVLd6RGUEGz8is51N8$`)2B}N$jqh<#uOpsW@u5`r?2}nLXPvhZ~p8S>hFQ!Pq-Baj27CHF*^!e`Vl_051xY^?B{rzz#nLCrJm&kw$!R?6c6kLnEg(NE zoGNlt^73fd)@k6vGL(bl@%r}(_&-mjlaWNlb}?@FoBjO+KSL?se|V9NWn;d59(?BR zuJ+`a%YX@MAneUxOo6oPR^fXnu8r?_#>}c^5Wvx58twzdakJUBw(VO65E?u`X|Tow zmwYY3w7`m3U|T8X1B) ze0w?8t+e>-ucqa1ii#^UpiWBwgSfVdLynmqz`)BMh4tuO_&aj{($n+WxQ6g^8OL0sf`ZO1K_rhjL%dN^wk@6w!v9HQ;Dvs0NtR!EJJ8p9Tr!{HNWck;$+T9$u?jK8~Wt86PT?x2hdx7db1I8#$qXr^$UcktRk zi1_%$5`h;(ufe;Ijsk$w=pY3p#69JIDSVy=Gm^Oe;L)hVe^AJ|U&xbb?h6)UY1h6D z_nKYW2t>#WczNNM%%EM&-rvoRxVAUr8Tq{yK=Xp*p zvDwrrcz5~NwB+CM`F}nkG?)~@s>+IO6aNTr5>ICinDuEhoRgrA%w$lMK>3l4qqrbvK4Af!@o zgO-w#5$UWyv`KA1ZOF~d?YNsk8q~78w>QC^54~mkJmPshHzaFqZEd{Kc;zHTp{XuH zigVMLSh$(n>tH3gVGGVI1lu4`J`-ky;LMhIR%lt9pYs4WhVW%1cD8< zTWgqQ5JK3!+lW8i5xH`bMAOdIE8T+)>>!M`49;U)8^aW&>Q(+;`u~aZp+C(cd$d)T z|6ci>Vga?X`}iD?70+Vpa?T%4Pv+h|>SAVaDP|zdfNFcL$#Shr0Tdh?9jfLZlpi9{ zwTK8(`xqRnhxnv29GRA!_yhvsuYRv~rQ|5vDbETGlq4gwI$rQOeKC zwo1%;^2_=UUL{+Hoz$qAhXbW8MZ~WwHo(47x;R5dV+%t z4U=44XfsA6+B6nOeQYhn$+=>NfwND}5o{&F^Jle&M>99mL%chs03p2%vO3CryT2PM z_*l~5m>Sg;bOYVq{+F`=RKI5%8`GTMp`R2jvF+J-ajnyGuu}v8JG5W87JKmxr^a%U!^;)%1=3jRjFu`Bn}zBe?K8gsR!&Y zCokQ1m=AhZy?a`@&Fe6Kzc$2p3$uoYzsSV+a7Ub|yUIFx{pM}NhlYQ{b1$Gihf2iF z2~g3zO8wPITzR_1`)N@iK6y*<>eaCB&G#&arDcV z`YtXo71DG8EH%x3QN+2roC7}?%DOFFrc5SV%FFe(@ICXsV-2!;zIq9#E82@}RP-Msq8^%GQ4_Mb#ya#ub|I#HLrgn` zE9QN{>E49zkQTodFg8q`v7knhD6^|W2DeNVY+!__lSK+s13nCk3^$C~#Erb|=3#vd z`*1Zi0ann@-!FWpF!f{A%TbrT%omaZ!Zswc5gC4K3x|?|O3vDQ^1Qk+x3{%@2Dqu` zfw{}C{6|DY{6L&1tS?riid~3buCPwCyv=x+!5Bf821^yfAXKgC!Q5$G=Zhdduw&~% zzw*p@@udk8jpknKNw5&Rv}t|P{NcTcFwd{-t)y+XDFA4`)8t;-R9`%1eR?q%CziJ{ zQ7d&v_j&Xt|7DL$#2qbm4Btj!oLfPb=gZg_k*r%!cL$Z4bEhf6U@j)KrJaAVfr5AK zA03#5=7Jk7HyJOxK==c&9Q=Kl(KolV9D*+o%<;gj;Xpe( zT6fO3`@7akOJa=c!pIKmTI-z+ztAh1nHYar?x#iOrHE~HiVF2HghJ{e{R|CzSiLTJIHcTHc;-M?-Hk(KIB#3j}~DG)kk|->Hk7F zzoj5$Ty&J+)XRTBPAU=?!)+c-UM;;v#&ngv4Cryu<<^K=+mLw)=RS`M{7uoyPd5R} zoSc;M%G2LtP3i^xdSp!fBbMUnB*0#n&b#?YBrW=GR0=2Hb-(@sTf&^aE2w;kR8Hwo z&tCf^L*0*C0P%HbhKw9eg=u}wmLLHf1Ig?nvf--&Vliz{jK6jJvl~^$P_YDY_923CA^OJ+sRNZ zSl|2#D11GGaqMBO*Srm%pY6(Zm;DZ$s*oh(Ku(iK8XeZM(B947aZfH(&N4<46Za_K zs2|ElhkO5g+M(S=64>b{{02Y;UZ)kKX%@Wb`?ZRR!e=CigsJia$1^54Zk=axc)xCz`(#Y{Yn5?OiQB9au;2nq7mq4( zXz^{SoNadq55+N>fVk-K843ZuZ_+d?4$J(7VEdlLXm($?(_jI^Q`^??ELO z?o-8>dq+-#KQ^+yXsD{9D^M`G!oXgFQU%}9ziSpc*w6n9UnN$>ID2{GxqksKq=V-j zskuv1n-$nAae@4bzL8Oh12g%OZQ{4>d}YNQ%q^prF0@&1-!i_H6Y#9^6posg{6LrB zcorn0PEhpsm}s;*lc&^Ox_#`c<>FE=5DnSM-LsP&JDvH^VDUH9`JYDHAJ2H7S1bMt z_abL~G5^K5^?6oWLT%c`x_ycliH|aTO(N8{B#E|kR|9U}Uv0r8o5lNc_3hfhE;w|# z-|X8QlM321pEZVMt5~XTFLWA?D?pk@Bgs`L2-);EVJcQ7hB=W%Pj3R7bx%~7ZndhW z4K<-pAL@3i2nbcT{=NZEJR%Z_E)zxj4Rm^XnO{Bc1Ji1gUo>`hs+-j^3mBx0q&@&Y z@>}_2>bpPI^kk8OflHLxXOsb3E9E!RnQ}wk<}&Z9-TB$2XUZjA8U)tC1@1QHHzw|*6Dq%89giY@V%NRMl4vs=VS- z?=jnI?bWC3$}2w-z4`V)-4|Qcq{|xp`$ADN2{vMsYPvzo1pfVvoe?Psyukabk^(z= z)9hnAw^=Xqfbj&h#4t~M%0A$do^|z9<~T?G?oHG|w=e7HW1r&aX47@9Fm-Q|2W z>`mX1vxlb7Ha^P%-E+Kgj~3t~;Azbz&$zy8^~r8{J3CvBwT&+D<#AK ztE~mz-p7!9Pha84SBvU_-B>9srYb3<8 zgvvpHCrjK`)VuSr^>#Kd2%c7Kj&6&nMxTw%ffb9SMvU6{pLe_-b(wL<@4dfg2x@t- z5DJaV{F!$bnpt8OlJ%_0?(2$y!?;}P=I#xS?V;#&vRu^| z|FHQ|(hQ&IrtJA?NHX~+KAtiYgDkK-j^@|QV1+6A&ZUzaKDO1g?Q?t>QxxC&dsF9B zSMiK2hj7z-ygmkBf_bBle}5O@qr@^wU(QPosX^}!KNR7+h8n|N)^y`;mg zoItAY3kR19BuK!+S}N_E9xMbplU;8|Ud+MS2RE{7kuxd>a;U&z8Db7`EEO&r2JJ4+Jf9Rv#S zc6Y?WYjZ@>Q{KAVO>blwwF6}V=Jj9(Yd2a+!g`GYS(EQLaVvp{@^kfzGKq=u- zNnjJn$jr?*#hmB0ktynEB(-&+(XV60#qG(uhu*yJ##~nf+ps3aeK-r?l<6aIF8pa{ zbMD@6KUgoUF4vhpYf~PmVwIL=wyNV^gQP*fT+a9bd?jJ@0ac>|8tm))-SF@`>oh1v zC8M0r$WVWZa3^fsKM2&R8uUg`k;A{^pE%~9@>lpzPdlqMWa{tG3dSIt z)oE>slgmH)CLc$&M5K#HRe9z{uBOfSbjt(duY7{rS|%)I?XqC63rr*4&Yp|a^Zw}$ zC>B5rU~ZWqMhN~|lTXhb>WS{PhD-4zt(Jv2iLI!$9A?g$EGTI1eK-^E$Fdd*4=vq;8a)^n?& zv5`xsmTT^1zvjFNt)uzSvc7}<8}&=Chcl@>hUcwd65<21sLoCm1#i*q(};+3PzzRZ zF_ol7dxHPP&gPI-N?0(Z~7a)5>*IFP9 z`ZFgF|<^l;M$8NlCUG#F#3-hVb?&aa}} zbmd6)DcmuPio2=sjBi*iR{mn<=A-52Y>l-W-L3CZHUz&8vov<5e$$j1pHQ`JX^A~J zTWNw!T^mB7UUvvF*uRuoyZYMn|F9b*Vnui6gruM!_C8ybc+Ij9xw2-F;o*@3_^fka79)!MA#&b(rf>_%=CZ=$ ziLG?%H4j%H&5R6NWcvu6JfQJQvKyYc5D{?`1{s#%dN=_Q}28-24QbSOUGm+ zWd+LQ1*G06f!_?{AQ*?_XIocSx1%~ukHu|Ut-_Cf5QS3EMXMz_CP&u|HB8nZX@N@x z0WPS8`C3*qX>KX?mv81h1+6-laO&%u4?a!tuolAd>)b#Wx!h-CO$#6BtMb)xq#l>B zD8rMMSKEOT7EurFLJRgpwQVK`2W^@DAG+Q;D$1?>A65a8kQSsnMrj13k!}Q38bn%3 zI)(v3N@@VVm}M;;M^r@WZrqF%eM>v=^0qX8b`&78)% zlfi^TM)gcj-$%6jyVdu`N8-jfA;ah1-n54)nVH$j%d}!b;lguP&(bXm1o#zpoexd} z#J4UN9-3#Y{NP}lrA`n)^6?GbI@6jjty_pxsn7pgeRszCyE1uVXZ{uZ{}QK#@2flu z?`v*5m0)rD_V)ebR}T^fe&3{Evu5q+vnXN2W{QVzu#)DZQ7IofOL|t`a(YSMAhuU2 zL7T@d*W&sFl_GxEa+DHV_6a$BL;;g}5QHh3JgFU5q#WL9t~3zBG|&jbo_eStrpDwn z(_r%OF>MG*|8qg&>nO1{*2m}P97)vJqb;wWA>RGi%OeuURW=H?QxQ|Sbdgw)5UW!a zor30nj}Ce5XL}1zRYAw*#B&+eZ-W5u+dWXU&pbs42K7z*#oDZWklD-ECf}OQi5ek^ zJUvbAFgqL*{`E#Rzk}eRrEtWEglEf;|2bDYOZ0EV%i9MF5pb+}GvD}M=TGgVKTBQB zao^pv9`+aGEhQGmezel|yt%4%xxLicxTG-EVjL+9$q^@4HcRZY+OcQLs%HSuMv)B3 z_sHv&H{3t{t*ZKjK8P35yhNB)X~mNVe_q}i6=YvykJjgpPbL|;h)fl$$12hRRUoPY zDMN8nWCuov$@%FiWNcXp92gP=>mu+H;^g|IxBb-{LX?~aXJvWWZfE=Ti`kYXfIi(4 zBQ_Mn-W^&e+r@*ov9&o^>sn4)hIO-W3hfX0f_mG~6nAQIEBCtYq!GZyrFDPk1uuld z)zlbNT9zXA;g=rQV|BB^Q+YWfb@hnmm5R6XpDj1usO5dlctnFcbr?+2FJQ;lgF*9_uaR3S# zMZ{IG9j`EUGx}AQ@l0WlpmnDt$vZnWw-~XH4swwn)>`Z8sQe3LYNXDeG9SW~VBZ*R zr>XuP%KRbo>)280z&zR!6`1-54)y6F(R+hRlC?9V_#O3EIj$omcr_)*Xbn9>EhV$R z?=~2XFr{&HaU5O8##j!zNKGwS+M3egN$W2u(gXDh%!dtBmTK*E&4-s*Ng`?;viuOH z{O%`j`ukYatF)P}m`WQhAy%wp_baD@HlC6GQfqCix5=*4?4*o183b0`?n!0(7_mvS z2zWP9XH0ZZWctB^DQF; z*cy56(KxjqfPs4PcwuTP`b7bc#hz&VC+<$Y4{xp=qz#0zcQ)i$Qj&N~bKn#@zYq!{ ztM~Qh&#};GugeHo5fHH#2Q%@~;7;}nxSn2Ip62g}5B6J0%*bGcB(C0WkKa>5P~6=F zMoIunewja>>El%hKMRPNx>WjrrmGsT`n<%1zl+yz+pBt>Pd2b9Ou-Y^Sj{sYU;53! zed>Jy%~FH&mzL%uS}rMx7v>xrhYywJEeE~PihPI&Ec%;Im{Eau%G?%Wh7{Z%%&|yA zO_W6BW!Uwf0ogX%ksTZ zi}Rb4SmxuzDvxQ%}KjSRq*1|Y`|wg(B+WUMBR!$0XQuFBwQPvL7qSJAE z>qqpF>ty>ISefsaE~m;u0SlX_(xj00>L$eo@6^Qpms&McVcw4;U-!=ER0EL#7nUd^ z*JQvfJA+Ikf(zNanNLVB$$9unZAy0V9IP4hvP4;R_JUW=0Ylclco>QH*udliM3FTAn34i#q|*j7aoJ6M7?B$W51xY<{8Ln-zr43zJNxP{36ST=rTHT0tiw18@BkFSTKUn_M)7XOChUT|-K%C_ zIz0kZw$z=;EPf!vL1>VmPBo|0Fqb5U27wh_{HB+NcI-1)(!+)+ZZ;#ZKY2Tc86F;? z9n}KNK@4Vb9KK>WjI>F;h?!VEIk?0!;?g@SMNYL=~v|<%MVSlbT@}L*K;Fb&XJ2<^wW)VmGo`nGErVAtj>HWh*4xqyWad=inEY;S=OlWuY z#Wqk{;>)eerVzfvU`e~?3&SVxWT%8?t(U-QK+UCy=^~b1J&pq7o#_XRFs#vSlWw?| z9~vXskj*@KdTBdInV;53R|fe!U7=nFi_VyKUH4O2vehZDRY@r_E(m32W`1D?d?{sW z!1%VcpGpl7^^NqK=w&0w6BeMh0J2|pRg-*5dMC^XZU(^}muAR?>CEpIhBF9}0`mpG z*-fMO-#DNZlTwZc)=<=Oa`Uo8d9&-{X;Wry*71d_u`P61A`2y6zM4hM7Dc4C3q3sMS$2`sFUyQCx>`Nv@j=%jetQi^`5l3(lTm$(t{D=2$mX>vSENot8gJZu&LNs!~^pgjQ`$(FI=duGw z-8Yg2fVs%CP9L!(=5kMznowE#rZSol0DDwI4-vV9nENMn+G4n6&Ik`8?%Uo-T!>9q zOVop`(?^_^;Oo5;k$#{!Z`b*=z4~V8X#&!G7M_UEVfXiz;y+nv^78<@*WZ2HgNtL= zJ7+$tmxtA!HuO0bL>n5W@d@`~HTJEJ)GrzrV@n)P@=0dShs&Y-KUP;e1I_=1Wp4cf zJ$SM{JJW~#gAlMI-4Xjmt-vMMKBpsBX#mAw1{@{rVnlPARf-vw^J4%B4snJP*dF0vXa?3Lx|@7e%(&niDZ@w zDsXFG2Z5+*+j|o>r!%@``*>8;`v2VB1qm8cxMt1trEdCjXmL^U$n8m68Rl)t+}-t@ z2)CXH+e40&t4$PC^VTOC;pML(ciY5O0adeU-Z73||B{B91>LM@p)CH-CH`jhqU zY#P+S3Cdo<+ojY^IQlP2jAWzO+~l7H!r!dSPojU}@uJY^^MBk@IslWw7hL;Jm1kM$ z7~CRu@05-#u zfKjmLv|Jbj8p_tIQrvx{!RS>p3s>G6pPU$e5x&j@z*`9=s`kSztxLW`gb*OHx6b5Rc- zaaVf3cMH!o4ib>A-kCQ` zy}atwKDg#?R}QMtbZ^J?g=I#p$W`-e~cuILn{hY4pxnde*7S! zH>E#Dtla?Jm)a>BT(hDH4_klNlhS4haKp;KXAaG<-!?>w6t)ohry8bOqSdh*+oQR0 z?i|IZBEQ>KAotU;O<)k%Jy^9dqPcmPmN5SXEcTRsOiYdnEVO+iQEu+P0QEg=1jXHm zhu*+w8rCu$wrlrH`;r$y2RHp;cl$nsejda$4q0n3GO?lB|_GBit}MD)vCK_P@J zfsA=^haC-&|D_XiY(P9b4*5P55}7V&7j5J_%2`xal-S#=knmx6n9HT+m?JO0U8Q1f z&R|jVRWJSECc2X;DlXO;-8m>cD=9Aja<6z2RVzcLO=BXA^x4UpG99mJnW9E{5d<@r zXRGCJZ`^qMfh2o{JopGvwguT+Ka-Wmo#1OnM7P zRn_9U)l6L-LuLxKcIg7m4DK{f$8kw$1~3DkGLBJ42~k%;)NB-;U+l;iseR zSzpQH*zU~}4yww3u>~9i(ODZ3bSpf`N9zunz~-C1ZFRCoBPp&aYMJ71s~F*cokqd$ zJig>J+{C)8l&j*$)hcf!;1@hg#ZOL2#>C!qbusfLKFlUlSEs#KM3dL&CA0}(>tp&Q;ZR94cn+?1)t6FT$L^T}yH0dv;tR$0e^)S5iy-@uO{J zYQfvd)9BxgAtKN{S*Bo?5Y<1CIHLfd66+2Q)z;#Bw)AuvcsfU+jOaVj=0r&4e zTX=Ak8WWR8q9vbJpA_EKlEXwP@v%lN%Q^d3Pp_(*1-(96n8RsYCnv+W&&0$O^x=13 zA2l31bRb~p%QJvEs^=$%rD42<2vHv~aV!ZbDKnZd^lZqh1WmR;Q<#*DjM6tK$QgDF z0651u{1`}T5tsNuNtN-IE?)_D8o+#D&Vz&^HF~51J=#DjPcuvM86%Q*hKG@naf}*d z7M{Y-&Cjph^PIF~Pgl!%6q|*PJ%lM{=WRH2uUmx3WpqrqshrIPpa2Lw#XWg?A1m~w zLz+u^Tsn!{+OJaIW8;kV$T?v#;m85Rb zRt`Bg=DY5@6FYzLoNS&ehmS&o@s?wUhSa`3!b{p)pi##@z3pLT)h4us_{G|xV?%cm+35#^Er!jc9gXhs!rW!d14}fqu%6e-0qVxZ0P;*PHw`we|M<( z|Fs&p#f;Gqf4DOV!Bd`EA-H+?ReAQS=*Tu9X_kh*v1z|tBH7jyHB%J7>j7E>n|l6K zZU${6`?zzGLslTfb~l#wyHn$3acbM+KA(;@4y_hgjIJPwjLJd&G`9G)0)7h+fD=_!^5E) zGCtN}L%`cl^@Xu*s}R%5^mL;nAHguu+wrVho6`}=X{^~2eZ}TT-_;(9y5@S-T?3bSuT zE&=y`k!tQ9>XsYd$!9;hFYp` zhedL*%)-!CtN#0O5nHk(eJ{b~zL#vk^GQ|{irk>-GE+NY-%EuwUbCEPGYQW{5O&a~ z7Gu}pzEa8)cl-_UO=S3!^7$LWTO4y`mw*vIZ9g4Hojns|3eC$2Ee?B`t=YI58~r$ z$h%(9$}~K-jTNYV(AYv4+ZbO;_Jc1B->UuPmP5WFgZeOTFNOCrOI#y`)TA}>>A8!p zBJL%9PjhqHyekdr#~Nf15u4%~H-X*+bIO?A1$yAqDLHR6|GV0-S&oWetGWP z;*_xz+ty;wcT9pvAvp;2tZ9ZE>S`SC@Emcjc0APfnisZ3E`2TArkl`Q!L!&jTVCk4 z^tdka9^KbN8Z2Sd&woiveSt%BkrtLMA{nLfXA1esBa){N146!=yp)>ZzwSP(Q(K3Z zi}w<;>b_gj8FNxLqQ*a|zLbS#}QOOmR@rQ_i!-X=WdQ5ZWzxwdkilJF^bJ z4XnuGfccP?uu*BC#cfu5zQ#6})_sC+Ns`$tWhzB0DL&SLC|QJPApQqbmWIcmh3F>p zA)il+dWQILZXBGb6t(dU+_>Fx)D^KW5?O?WVmpQLg=wjX4?0aj9xXYCMGp@TRCfi+ zpkv_c1_$?r&_3+oWY9sQwRmc(_(+OpnZ(VIsWJIM;3NONW5o;ys+?Sapw!7~#NNfa zW(7K?GuH`fU}7Q}biKJ`t?=@+DLAI2G^{sM0vOGAl4zUpC4Qu{#|<)!xZXBP{c9 z=qY1*q&0c-_{Bd0ylybjEw?< zFM2pFxlwfe;~biIL-|yXwIFbG+&OGI@5}xO?L4Dj1mjYlbQ@EKzy@Gkk-}-#1})1u znHY?0ivnxPWGT$|KDLYON@8(=HDSgIcdK<2IWM%f4KPP$T zHzjea!qk!zOpUDLA=*2ZJCNhPk;LZ=P6ANMl`2 z1>J{Fw872<7DvC7$FIfuQp|!x=!I5b*K{X7{}OPRjdsoOvKc8>VErTfS26Nl4`Y?Y z{3oTV{#Cvu#}_$nDRk3V3$G+7ll>B7Q`Cx@@%a-+v##w=w}#(USz_ergB2Z5X#B%t zJucgcHV19=aogxWXs)uBb0Xl$Og?)v&VC@XRm?QB+)q{bz{#-HwNOw{Xih68Mv-yx zG>$dGVRbF3)CJ{1VRnA*UT3ihuOrdwDSlU4u_Iu`6vsae|A5KCO3iv^N(cOPaJgA8B+kfXI}wWTvM3 zv2{o$nJbvo4bH}s4dJ{rX@Pun3`@U zc&R9Lg{1cqbsQ1vb0NrSq?}Y!9+b$SPD?c!#J<7x1JXXlfB_;23Kj^bw-2@$)KBQn zzTl@FXLcpq&qx*AhrO_}un15tQ@rKRX(%n7EYG%Am)r1sYuN}@*|_Y``rN%6_|t+exFfQ+8bg3eytIviT_J% zcXh_=G29&U6cO%FcYV$(8GRjyBk4&tPy!B2o&NcsM9BY%i^Vs7K++-W=_ttmXYkYm zOa_0HkNvM7MelSf$Ap}`M(d_i9g5aXDw&O5%gZash|*qU=iv=X-lg+D^BJ;{(|@Q{ z6`!u4JL#m}tt78-TlG5LMQWmJKu27jr-wyH@l@QBI+#0{huN2Mz%UpDI=t*Q4*R{Z zvJ(M=wl8d%iqiwWG$WVCr^j|<%N9tJbK-Zhkc+0-pMqt1mYPVBrt|I;yHw@Z&c`8>!?4LTYc2d zCMZG)igJrpe8|11CCsdAD&xkR`?*jf%`AR7evF4{7dfWNE%sYsw(cg5cMASMmLl*+ zaXZvLY29owlKe4VAN;P{&Wj6r?1!s0IQq$V^*KBne~Yd)9o!Q^-ZT-Vsd{SnMU=QT z9H>8oH8uQbaz(<9paENPn_3bEvj1ZFvf+ddcfL2oC#yQi#Fq|5K8;D-{a!`eY_;}! z)c|M9{*L`+hruuF_`(gfhh+Kj<(&3OwrPzA4T?O|`htkCvhK|8j0{@3oB6RS>d}b- zA=?wTcAjKrm)+wgHZt{Nvc*!ORtK-oX79gtBnQ@|Jd@bQ?)z$W)7RJ8wvGu6USAVE z_1vabt7&DUQTM7`*?`gM-u=3diCap{rq2!-CvKC?h#hvOn&+^G*XG=`_ss9 zDy!ON#hFo&D8wmrley<80@34LR0o=ePtA}=N%%#SQjLB4P)3(iX0iT|A|?BG-b6U~ z>uIYoAQZ;5e-Z@H!5~(^3AwKoqV=rmDB(kNQ9RmmmjQU(L`&T2JfmBOGn$3&+TXo! zCMjF8cGXBW*Y!P9Im;bPWRwt)cjX_$6_zHcR#Pyv&T!2vlqt9d?e4Vaj1Y61UV3B7 zQO#RVaODcN@?^q9w{?HlD^Y;RD$psr$V%P)+BUGA{;W`O*^df?JdCo^Vpm3kD%;$` z>fU?%`B*$nN|pv6qs<>P*-`ckO!NvbxmAN!PfZn`Z4l0i%8ekT^#rg^1?lhN!D6`R zduG*7uJT@JaL!~(8B1e*VxFgF)FIRnN?f%dTbG;NIX^ToQ2D&<>ZzPV{b}B33kkJz z-^D^HyXA|mdM+t{@iArHnS;gV3~IPJ4(v0D*Lm-`WSMbHw)%{i=KuuHNJ*f_{fWg3 zsJa{rPtT@Xi;K7+QHD|Qi^+v{uLp9H<95~l6zO+ns4H}`UcoD?>FMct(TQP@TdVO4 z+OOWQ)T0hHqAS`mV#nq92MtGVy6l z<|xYG5upZ6K` z_#>~8;elfGyeD0g~^sn(+xB< zG$h6m>+(aPmeE<0O@~|%6cvLgAefqQ&r0@zj*zyVW6)=lhR?R&njLz=H)l>g>I#Xr zGMjacoNE_9-RPDORMim&CQl0_@Xa6gnDlbmr**{z7X<=7W7t{~WeEzoZfS9AC2;|V z6B%$XT}?0eHx@oA&6^~-^}Tmm(KP|}DHnfxbnol%$L-Lg$t_bSLx@)=b_v4i=q5-sErJvdqua z;<---x>wxsqda;kT^$Y4A8w{YZjN^^3^VyBJ$aHb#Vu(%Su z)Ko*!C=7UbdK!>1*`#!d(7`d3cpUsK-JNvI zZF+kD1diCVt&b&|GcqqNZDvd`|@APT67La8qjNVYj)$2Q7xol;tV z{l0c0T71iwh-aLO275&$uuS)Yn_b;{LwEIz{CqZ)=^KI&z8~QKd?$_^Nxvt5wEq~g zkro1SakXDhBk*JrbYtd-pfYxq*Hn4ooZmk zdh2AEWMw+%J!A&o@LVl8l#{3>;OG+FALsPr24U%-ICPziL-Q-boqx4w7{CglL z2C7T+TKpEcJ->XL=^*`Ux8Co9N62%es4h;MoC%RyTz(#=qoSZ9I=H^Pd@gpV$cW%r zdRO=O<}32Hf;*bgQmv}GNc!2wx}^Bz4XuVf>fCey`7Ha%_x|;ZFE*nLwE~CP6P6RU zgUMv`Cbf(6E8a`vfzGaXMheuPGMpj!Kn4LyZ!sZY39|MBuu;Iwja$E(YYFP?TE61# z3iXH`a*eFBQi0LFeT!JXyNWF=9FdRblUg^*V>ox?@9nus>pq(+sVCS6k!TH9SKJ+g z{jQyErSDV81bL>_)7C-wLT+GusFvo&*}mb4g~;orfSc^<3T!_8@8RtLvZ8dm0`Qg( z4jiFtvgohlm09?ZPG^rlE)o8NmMLM3TyQMW{8YURMF3i6 zqwy@x%y;8cE?Rm9A@x34Em601Gn}NRPF!5B9@m+nS-{}G9=E(UI7iJiq@)h4J!$(P z)Q)m&Ute6`P1YarLfo#!vWM?zg>A44qyIP6oF?%z(`Uj61^Ry!mMxU`3$pUljXq15 zXo{WVqdJlP+oM%#o!2wpG-tZOl4~T9iIFl%sQdL^FC5C%Ii4P_#W}o==dIwn9pzg+KaDaxnW?12 z)ZP86Xug>5`(fYnZ0Isx%)zZN0h>JYWu?~WEt2+=Bt+#rjqU6%gC45CE)q`;W-iq@esd?~9r8(bZ7zs&gfjr~fE z=meOT1RURzS6CBaUh}F*?Q(EpC_PtN=An7cwWS=OudAk4BIA|uMlzP8*)NBOS6zP9 zbSk=87?Ek9s2<-^ncdCOe8U?m#J9BscPmSam6v0=6#-K&3^v|UtX!zR+vEe=J+g2TOb(NC<}M!IoNqS72Zz zp*y~X_cz7Iq03zDdhLG{hkr+@hp^noSz#0@rHcO}=$3}^0a_xfj@5YS0fG95yR{`X z;e(E{u{r5>0ssowxZEnmXA>`$A%gK{uQb2-cnv*LT#~izB?&8A0dtEJ$Wwp;-A{W4 z&2M=J6CJ8vrv~R^_mw1Bu6WZaA|Wqu$6jkxfmBqc21x2U*I%22>{mj5_8G3o%+mOcG zqnkS|9{uBB>S)$rAk&B}X}yVF)_XoiN-t$z0Femq6Mn=UR%DV6SEzw?oMMO#0QDZK zly%e6`_k6F_iESWUztwJu=bzPn0a^M^NBiC%(SW&6F3$9>HhHcn?doZfmYowO#sp_ z&d$p--L>wYqzLd=k8Z>oz?~9KH&+4XAKD3fKCTFsWSK{Hky9!2DZg^PY4>*Gh$bw9 zt%zQTF#Awb!6m4CHu_^x)AAg$*h>OO$-}|ZLHjX_hR*{0{Zx}~hvg5l?&<=+pvaem zkFGn`k4}Ywo5{)VQe|^nZqh`5KT-K0CH39VspUX=;wY`Q5Gw!oF8$wq`%ntKV>_in zsRI7ku`Mu6qYcI}=dB6b7wKU`d+x84ULh5TpSYcKMKmFOEu300)T-48u5o%;4z1qs zx6({nTu`;F7k;U~SYWDZECvH&3F8CIr9L5!6piQ?*pq;8eq6&%Cmb&_K3(X&PO+n( zvY@_)ek1GkF2kM3?bbi8{?{|LV}*s`zW7U+dMo+;|7p+zkWcR88izyQ`%iqgbJE3Z zD}Q+A>9%!ra&qr${nM-~&zjq%MVI$({{Hkb&bP>E-kQVs7TW)_=zm>6OkFzdu4P>A zZPx#}`2Q(f{@+u+MG=$i{xw~IZuK8!IPV*rmV~pBa2uMR)#c8AY_9))P|GwX%jab{ z5F0Ot<T_O{g6WDW{&*9*A^7_z zl!@WKFUK=c_CIE6Oh-aEd)58@9P>un_F@o7AW#us7``iMAz_Z!Yv`wOu9mV}Y_QBO5vg0P{^~vqghD^rPzTq z*5T3U>nLeIvGuju*x1;2hPrm8`wofUZVrz9LJJS+e@3q#Y|o(0M`n0&$2$$tT?^L( z*ZxB$ES|o}>1jJHt!}{!q3k!sYaQwtlosYMQ_i$F}gEh|+46gp2O@~N4*HN~By-@bi2i>APT z01OOVV|Fz_eSCcEEsWA9Cl0F894}HM2JUY5%elPOPW-fn7i&`jDE*{ zPj-ByQMTFUaQJRK#aLN{}@60mb-XdXFO`> zr@oY>i>h6*yW2sJyMEXwx+h8tUw+ZE8Y?P>B5UygW#e%=3|%_nE8j`XTJuGLRA zwl0tB!ujpG^+@?fN`}-9O+7u66paNw3R7ui%CF-&bSJ8N>;zNHFEm=uA0D=KKef%s zN^%lo*oIS48)3pMqH58e`&o#sE%J$ZM?>dDYsnjZ>IfS+7M|$|ykCF}e)x;Zn+N{A zVX?U$-LBzs;=0y&j~hHXIs2~qsVXu${|zClc>YVMR=hxX;)4wLBN}?`_p2g)z2`lT z7Gj=EKNwFe%*!)$arx;mTh%#@9c-uTnQQ_~E;pa*23|^I=m>@qVg)(i)6?Z`ZUO5^ z!+^Lq9Od84Ra7B07Z-9Avox}u7hi>N;XyJl>Boe*g$O`;g!jdl`1z|!^Sp9Z*H$Vq z5Yqp0!2cjdAMhUqejfi(ly?B7-^;lT`FUHBo0}6&swxY@;>V5Luwu)?K1V*adP`Io z8I%`EE9jD^x^fD=jZwrelx;F`8O@J*SNSgRCI~PbNAhhiQeewqzsxu>Az?GNoQKP+ zQ$v1HKc*2rRa#jKpUP>YOA~jl0`2YE8IN$8whak6E^TW&%uU!Lj=`V@eX(^PCvgq0 zuC&pBTrs>4it^JKiNTo4R3uy$~>{Kc1 zyAV(`Pnv(QyX+E|LCx<}M!WKcJ>2#Xb0rm(Ds-^qT)}Xf5fhS0wm-DJ2MlTm`L{soyTgNj9k*Xq&zxJfs z%I`be?8dcCHVvO?X*s6zhWJ@nMj?gJ(}?ay+9fL&mx6jqu-kU27ek;_W264aXX0kH z!pzh}GthP0N;Z}X%;2oNwRN(bQh==oA-yInw6+>l+33Y#7GJ90y08nkt4J(Ze-$y> z_HOrh1xpGX9o=JuJ-T(sVe^*l&*Sy42UHs)`T^CJg6l5#$07JoARyq<0(k&_llMCB zBF89KFZazcZRJUZ9TbU*FrS6gu2+Lkfwl z28k>kHeHFTz8c(B{#G!P;dwh%m+067I;ImD-2N>QwxQnlRO&PZ+JtW}>vmk(M|X%~ z6qvghYP9xFUGk7aa2q3jf)HqMFs}L@p!)fK&G^VCThRJ>R{h=O=DrYU4*$9QO|^Aa z*!C0+aAP!-kya6lrt`}JkN6$4$C5V;)v(sbHgj>j{udM`auws4b#YOc{)#GEhe44t zc9_FTA)TP7>k>)dZ=^6CO`T-doJMujArr2;;M2e4B^RZ$Radiz=-&+tWHPMx2rmEH zh4anVvBB}=gneczPCfc-UsRMkx2fwXI;bddpI7iD9{s(i;C`b5%Yra<`3Y|Nm>)kl zg5!ssmmDHP6nD3{4_yA7;O(n2IQQjx2rUjcKtnxd)?8i+Zh;-hDF?w}`?Db&$Cxpl) zb4^La4?M0x!*CN^;qX}q%+w|!;favXnGNdD(5aF=(`%?_=4BrDR$CWYi9hJX8TdeI zVf{Q$q_E+;rJSRsW&Yx6X!HK8byi(!>PO%i4;qt1%$z)d?6XT<34>dFuXft!K>k;` zg&I~htnvc6&nZEdT@g^(^xL8N@86rx*6><*W@l%~sY&5QzLYrElm1sf7u}H=ZP!5v_oX2lA|J=Ec_AnNzR(R9Ad{cgN>Uo=GN*a9049|YU@qtnh@<_ixeoGc}UZuVP ze-i_H)yt4*xY_rTr1+HuH@(68pBv|JT@hS`Vf3uEL3|0Vut-R9Iv4D;d0%k4)s!2w zSYa0R_HE*N_Lo+=gyHEbeub*TQ=fYKrO!5Sm1S2iGCHrw=kRy4yOWR-w01_T(>IdogC1rZvl`bhHdhYked1H*7?N~;F#hCS8H(sM4Rgohg*?^&F zh#_gk3m}GMd=OVo_R%bx6Aw>E#?@(Mn=jWmPb;j4VV4gVg`s0}Tz7QqBPUSB%gQYe z9}_Hg*oxHWuKz%UMTvm}K~e5g1yEB-A)FMk{-bYJ9;tM`mnxT0y0)2gFV+jfK4!ZKe z4jRjAI{_&VyjWQ1x-&3DG>lLT{(UQ_Y=%*M7P6oHS6#DCt{hu-tSI8p#q+HsHK5EJ zjAZbVz$jYevF34jy1L9%^-0`Aj79`<`yu#Ii8%XG_BKolHf~l)$6Jq=%0^eZcK8^ zgG%M|&1wxQzRw^C<%9tbDk10c&O?mEaV!7J;GAECIU7Lnlcd-Vv*lTC|Cen9a>-6}HNEZN zYYqOcbYwtMj~)Z!|MHHH%&l&QTor`{vx~pyu%INJ^YP-aYCmvC>IXh$uZA9UZcl zt7~E(LC#b2wpiCEb)|YlbRLU4H>ddLGse4+<_4M&NiEFY?-@OKrZRU|;#FsM%h#!j zH08z+iEq==Om!$Pc5?L^95hrkytpVaB0}?x&_3)Mclzn{TSZ0Ga%8x+@KfO_*61%J zGy-VNIC6h?@5Jploan3J+qY(q&)s8cag>-BZOYrKIyRj&G};OgTgX7W1mHP;g6q4f zm*T#!Emg_eZHAlE0?#M2m{Nfcfp-^CM}8|y71(WUA!c{Wn1{laeDeNDisv4uh99&p zOq{t6USaY%Szz+wA-AkruT5Tmu69&e#aM?s$?^QL!hd)5vf+QN{)F2{-alUZWP$S< zq-`Q7^Z73#U&;6PEs(w<9r*sL;;nrev3?V2Z1s%VBojxjxXg_BRbpJ+hj6L&N^4un zvUQU>`o6XrV614;xr@J!iipB&)1EwVp*i8ukdYTq#bHTFdASw=op+z%LH1I&ZxJV` z`J-k`>5i|U5=hxLC^xfLqtnO9XqBW1^=)KPVW!nzc(Mca#yO77o$EBHbCZjeN{6Z1 zSm9|keQS(uym#b^MfRI@RDb^?r%>R{E!tlgNjA9vN7m+->)~lDIW5*b0qtUi5Ko1i z;+dM*kg{u3Juh#VDG@Zvk8Xl^n%yvi^z?$+qmXh`@MPD9D3dJ=IKo29;zN6Rg#qzAR0G{UGB*!a+h7 z-&-LaVa*I7NP$|$4k0xQd!d2%?9}@ka*djet2ZUVdSH@5x5JK>(>8#P)razBhufG3 z<9^U&=aR#n`O!-3Q(CzY>@kYb6Fo)z?}V0uD8;Ws5<#SVQaS}ACla4idK=qX$Zp`W zqTAdQBSzn9l~CeT4r*zBHQ_hWl!SN$IsTa@+J+pA5MMC{TVQEQSE)ohGqlR z;`hUXxoxTUr|zyBBXpM_2*CP*|B9x^yhD2h8c}to)bPH6DbiPsYe@D4bLmK1=jAsO z-7eC$S5|M0xX!8)pt1e&Yss_UUzR+lkYosM4Ox|K6Q!-khSSX#nV)a9Uf$gs#NJW=M}?H6czc9IJmB{EGZl#&f%2ly zk@;Sh8E+Fdxua96yio`jihAGIIVB~(azCf2_@EH{awE)5Pt)x_dNg?zid)I?p$7e4 zzdP)@vWgeK>vQjE-07j3Lo+wp`xm3$tN{SFnGZ6w2Cq2e9^$3!st`>umoH!58Sf&({A@Dsc3+1)A`rupN#(* z)q2sBet&9j|FJIDN~3yVfyS`iJAw}lD{%O)Z#m7OJ()n@#cHTz-$DDG~nDUY9%s!V~v@ROJ?`Rc}p^C%KTNZ6-WPjFhlbWOi`j zlGDRx^6s+)yE_|d)h_m0M#(>0(&FZ;XPB$PV=8+To7s|dF2rEqp(>xEc%(5n>?xvt z*Yl#k_-L7z)R`L%r6wdgRev-RqdRw(DY1IBp&kF0DZJ|5G%r=PFUmtTn8Q+z4es!9 zX+H~1S8gM`-!j{F-2*ow07pg$925bscB~JQT**2zW{Q(sl7YC>%qMkCWxZ_VY87ga z9Kw(H#h!7o1Jfg1T(V#Ad{HV1$x{zVrvv-(GNtU~tManl*6Y1f`KgGiYFDE-Hq?c! zXNV9N{cwgx?`G6JN$03$-+b~?acc2FFI=TgkH0q#zYbW*;~Av_yBvTZ8+UMz4m>Evy;xDNGNn0b?(OubIj*K-%{ z=}mR6A@}=KtnX@;!o*bX<$$FSlGCbP_WqD=-B&$xxsar6)4lnCi7iR#zq+5NHJBH) zu*7@+!Bo*gy%#7%eS2`^gYn}#W{2Cu+*e{R-HraIoL#9vkJo+mUR?bHrC1q$bi|WL zIoeE$nvq1zFjYLt2#X?oR3M zW`LnN=#7;e|F9esDo2)Tz0Vz77!tKj-_%L4=xU@DAh`j+lI1UhdkzwBqkM~1$AQq-5R<{Wr* znwhPWle;N5N!;OSwTTQyP|C42BKU~^V&8d zD+jSi8XqhD9#ENJF(p*qXZK^E=YL?JbF=v#`eN+d9qo5HnWqX^_r~p}@yT;-xpUIi zEP#H#Q1aWu^=8)zf5Pwe%ct|9Czm3nqQRD6Z3f(P$FqCz8e0@~F*3^j^Om;|a{g5x zco?2cRInnZP1DoF0~-u-EVco86E^`K-aZ$e~%)&n^S6 zL&|KgSNvwHFh@lw;pY7ItfPm6l10Ih$4|-zN~d50@{UvXrLLCR0JHUSTX+0_R`HDh zk`r>gWMTZrb+8LWL3qipn54Kbb^2~!j{35d=^^KGc~4z*LPUM^@_lu~G{z@lhGMMw zf) ziys!vvtv~fVq$X<5s{gt87mwd90Fp$>lTp*euH4un2kE99=xqEn&INBEW^!B!9+rlDp_yKv_(ET01=gMqf z6+f1t;=V$dqW1LC#GwN#2laS9N6`K%K`>6+^toaGsUJiVb>y*fe8q=7G_HmAQ^cYxoeL>Q#=nnK0bc9ZhZ)7GqL|3C3z{rFH5XqNHTZ} zfBhmV*DgwOf2f9lcmNrrv%$x-&;C{3n?;m1u5`lIU158ra}T#Qk-nd8&%vgqS~Y)% zFWX`9zK<8zkLiS$e@al0FrLX5wq$s)&^=j!@rK3-mE6)(l3_0Fse?VW{Wp-kxSV%G3SK4E(pydqVM}B5~?U zWN`sRpakUP)=Bzqks>#14>3w5S7WP>1zt}ft2I6kb(Cwnuq)`(X_?D*jpo7+)m*EC z1oK))&B#aqY<7`EQDI0oNYZt0_&QxVh}Lw{ML3U0sDtuuX+t78C*pZrWy(=`bxmEv zk4@8iU_5O7(ek3<(b17NS!Q9e_3GsDtZZ(}iZ_nn)5dLLmZpJHQ`)^d8ekmm3e_XU zG#tKG1SwG~6)C(^a_hTti#lUxVu~qg4zY;#GA6f*Kf+=@)VJ0xA$L8r{|m#j+3bxv zuLWBJ*7rlYdR?8hw01rUmh6wo$wZWr8ebBbE>+)3**=8@OPtk9*rKw)mCX4ZoMfkU6*{?4i0DDy<4ZPY(&N? zDtt4#&9CXAc*7@%q<#@bu=x{3o{upoF^0nKh*HQ=o&thg!6U1gSO>cg+4q!wJe*$? ze>xU6V?Yj%j~4)eS!7OfkaOjUpuEluereW8$Meih_ZPFywkm9`VjPJ{`ex%=lmJqs&G8K3%E?*c zM-PH(bJL*6L2TT&P7cK*#fqM+y*-?noOY0f(7FMV6kdFX0O-g7TKs2ViVJ1e-G?=Al_kz%gDS_pHo+_q-=J* zu^XliWa{HWxnN`Af2wejQZhA;x_tC_4M|4zsepOrJ+>Scj|69%C`%R=vup58x7a^fOw|{4aVo$pM6gjct{Q z+Df|*5WvE~df-z55AzN{F2UwGPwTTu?HV5^v$!*o_WMzU0DhgfoV_ve$XQ&FOB!0_ zs9YPZ7yM)IM%CMUvLMo>PuF#B*qrOIi}DeLMzF8G`g4OrP>FuqOqA%3mZ{f@8zC6> zHIW%`rkBa*t*f5H$hxUk7=ze8hU>CJb(#(aEv@D&XAcJoGt0|XFEA7o6l62HimR)q zD8MHw6z}fw*_ja3(IlcyS766}I<^&Ko@ZQtQPW4W9OA~Ow|cWW-p{EVCkcO13?I@w zZc=>LXgRB_pfu#mylkD4ve_>7tP6EQ5-KAFCfgFFL|8kmweGp^rwt|+AO0{Nk-*Bb zywMDZRqXu~Tre=4SwVeo^SIFX39U~X6+?F;hOM%MR`fMmr?0B(jL224?t&$cufAtR zP^c&>Iy`H3>~k5GPEkq~?%L+Oep5j71?}>z^5v6FB+0k6*!2ic%A|NGPAmR)zFyzV zhSHwoi{1=lB_)hdxScMH+&e^9>;_Syo%ddN{~1XCdJgtLSh?ZDv4!gCviy-$0tb&W z)d#-_{>vZzkDBs^j~6sFoWhvu%W8P8PKVOn*5M^Vb4#r)ONb|xv-({yX8;yI%5tX3 ziG!hWao${R59z>V+4t(aS**oyD1PbSkjN2v-VnNz!2v30xtRER1$Z`s^A1xA$NnWR z)ymV+Yx+_n^4P5}9L`5ik1XL-B&%n$SUb&N&*)DablV*tJ>MG%IZ6gaRk@jFn!wl- ztuBHd^qO2El>oTZ=W@dbi#EPu%j;vAXszRpCCv#|N^Co^RghvA{&_V9sD}d%zpf%aH`bFvi=Rc#)Ph1Ah zWHM4V#{9{M!rB5xb7PDYyBkml(pGRmbd_71!T6w z*-%kcK_DsPn+g6La!QfcnD{3v8E?^tVf8Cv?}PG?6Hy)YPmR-qR3pR!@*Sg{g7XCP zs#=9#Og#d&B%U?H@23-Yc$^Isy5pU2jR{+iNg%~5xN0Uvj!>9N8}y34Z&wLEJU%$C z?xTGA`f#6^MfKAyS2pA9yyF9ry#ifF01E7?@I7X|p_d_h#D%q0ah1#PEJfaaf$wtU z5A6cioqM`&dO=_oqo&L`r++H&YN(2>5zi^Y_Mn4DCamiXtOAtHS!EGBCR-jjz>?%S z8-8_~T%OZ!$j+VtxLnu+i@|rFN>D2si60CNyZNEJJPDJ|mreIo;84?1bADdEE=xu~ zVxDH;m|*>mj^=-RDCxrvH@qsos$?tu-#F4QpXK{f$X69r{O@7+uj&wo9<-u znt4{=+PdQL_VyjM;(CvqW;heU;D(mm*c!uJRw67@M$$8?eWg7?E1|?@3(WHvW^h9T zMbUe28aOl}(f>}SOikuYv{rKe-Tcsxet_!|^xN{H#TVMJ%c_#0*f9`lcpN=srg!x< z4u5BawFTU&lp;97Yompw+SpZD)#u)F2oEu}*d<#U1IZv(Nl{H-h+broudunDM!|N2 zUn7yt)t%6jK)X6Cyw7m6WD?F^MU$-rwfL&XW~RjUi#?Q4Qopvtn&2dK=jKvZ=Hul> zV15=b5ewSY%6%_3saJ(%6;ifWFl|VdaEOE5pAhBx^ysR0y)_UY%jD4v^-&Zb5HQd+ zmZck_?o_DzMuI4~OM}-Mp(pzOj()2>?D`TX1wqIE(&2j*8S)H`XrZu4xEZT(xLT#j zdU`y%fZZrVAka9bIdh3tm{AHv8SU@C5^+hfa9>`)|KaCYKGwr^jnA6O-vcS>qZm%7 zt;NTiArGsabNMZUcd*OTO-{8-^P&{<2dKsE!7p^z)jw!e8f`!IfJx+TDuo-)!WJuQOv)nt9jod^g_|;=H48-Q$ z^JoA$VwH>(PomY5L4-`+Mb7(NKm>tTcjR$ZPbT_MJy~Kvb0sa^!rH-3(u!n+*%zZ5 zs~S5K3~>`PAHo&f#g{cRG6a#l?Rq=+*pVn<4)K98g> zm?i3(S;)6TQH&*aMm5UCVuw94%u()DJ01DMfP#xADX25*VdD+0B04(#oY=#88{k0V zJ$!9Y@`Iu7ARH~CjUqP9dB!(%LhTS^*u@P?pDSjev8HDFxKFQ{wp@%8@suLs2$-u7 zn*rV+^8j#K;e{l|f)xLTnwp;NJAkcVJ1_T9C(NFYmq(lBz_t_e=@2#uo1C0H5}KR5 zX?7gDX0ViDUA?IBsdO{V+T1UjE!92387+<5t%W6K{J{Xl>%iP(dNgx+1|Yo1@BRX3S)JM}0RX0=9scR0jWs9K1IMn; zPEDB!l|QlO`Z8*XIjr}v1~%9pcP8me7+cjrb3G0#`W9~~8{s@wMQs3St_AFFwl(bG zGbHvoxbCaPRmzb%Tor@X4ZRRQLpvh z`E!Ls!x*}{XqLxl$i1MUl)Qt{x42{BN3F2bW)yiEhafoWez4v>P zkiN(EXEO}5iPxx*a=T7r!X`x(-4HpWl}SHmJY?b#o*6**9XlYzjQe1iYEb}PiAtDC zF9YY5@3?~k*%3v@ivBo9{=c9tMMR>I4^cgzc^3*rABd&K6{~HRJh}7=-CwEP5Z1{S zOZu2f-lNZ}9WJ_dAQCPtRgG2y?UZM+{0sh7O^;|3x?UxaWX=a|yq%ZIu0ewxJ>F&` z19a<-9tP>Tm8cePYbFGc&=&g>slOOrd4zI4L#`Gmff*)#D<9kQVKSjV;_a8fQ}E%_ zP|JJ1BrEZS9aVk`np$`S_rSmmIm7H8Sx1>j~M~8bw4&BfCkWEs3_LY3co~!UjQ4aUi zPB+RN4>9AuxBOLDc){ZwbA}iWf8~j_qb2 zWU!;h*iO9hHrv7&b{mj6p{UoI1&S&PN|#XYW}Hcm3kC5_{pNM&qfYBb`NjpSlSBeb&%FPHiO-TJdR$7o$Si4V4~ha|Ma zd#pGfl)~v;u&Sx2v7y>|NQ$m+A4Y9oZ_UCYnI`V!e$$|zrw>#~0f}!wQnAKkC#RCM`3NEtzr`~KB!9jJ)z4kd9;~u^F;EzG9qdPXAi7W zyqp*g`cI-w34q6?HES1G@pPz>L7h?bGj$g@6DKnzrr}a9K*2B7k9&-}_CiMh)aT~J z3MB%^qlj)WSuUayFOMXcCj>{}=dmjYVPGZVIqEyV>_fp#h>pg>&AzfpLnY)^sLW+gkVBIY1QMm^`L%gplk5%m2KxH8?_k zFd&V%vzDH+wYH9=JlD(Iyj<2ozK?qEt}ekPSYP@ixbo}2xI;LhzPQJQ{3g$r`5QO* zq!jyYMCsS!=5!s{K48AW+GN~X2x@)mKrV+`MNo1HPB^Y?@byfZp@71R-X|lGqaUo> zljRsOcIM^lwieAHT);p&&bD-ux$%ae^6TpabK$FV>|tj3vGZh{mgb~= z*Lk+uo^#J_x5RP`3iXqU6E6AglSkO&1#(hZJo;Cin@T0UD)RB}VzwA}s%JPu9Gsnr zyIy5lQvy~}?NnAty92IM{i=FcL97D7Ug04T`NgG2Dp18w!^0A86jJYGb8PW^JGACZ z2X$uzUdH}-r0{y7z<02#r3F^e;*YY6uu6N$eJBYYF>o_!6L>U?{T@`bon9VTw$6{# zO8J+Rul$J%!k_$X7E}7JW0x`9ElO-19#I$*f}xK!jRmw!e|3|f?NHbHkdtHA7q_{a z<|}LiPWWv$&}d598g8{unl$*_+w8N&{~*i$1tI~mud`3$Z(H;JN)`HpmJwd8;h9(9=;sO5mo*0M543yfoT9~fGW60jU*Xs|$6k02X zo(z|rcb%Fury5aw)+<{%$(7s*bqOt~p^fDH8Z$jkGZDjizeRKaoWbGyYKMndn0|2p zXJYImJbD?{w&NW1Dv{ zpP@;}@KNwNCSHd)R2I_9m3c7ibH5L5WkWi_bn@R%BR*RC`e8KNEI$S!bFtm=`sO}T z;(E<;0IbV(A-iLY%O{ZXE%{#L zPcR=!GkyomruvuQKM_SFdO!GvIV97kY0E!Sz&{$G|Jh9dp8I(N`{|6@-+l!w3kdT1 z^`*I6bNfH0{NsZDD@8a2L`Kb&L70DhhPMchs?TXNM_^zOIXuCBA|wcHP~ zO&kozSj6N5qrvB=8m}H=50e)DN%02W2YC0d&W9uO$M`>9*V6z{<#`d{6Pxtpe=f23 zY~D`oUaxI>O`Wn8!B)LwFK}bEN-9dp5E+8i_rS2c98$W8!S|S9i&T5#N?fr8SEB|FV>JascQM(w!6kH>An-8{9VTwk^<%zbdj6GmNKKsTpnYC@HL) z4ccsXXAla(qBKn7v#xFvK23g2_X^PIVMM%VVOjj*RWHg$e{G;5Tt4V?a?`)Sj@HoM zFK20KTlMoGBT=Zq>H-v#z@JvWQ6Hw^+Biy~DbdkPffcDL{L1KWPK6 zAfWDq8g&#}j-sW<9NFR_R9shwj71W0a%x{JvMf?h_Z$oE#c>7ZiniK6M6Ce-Ee1~1 zp?Es(j}>?!{@m~P5^9QDues^m;k=_2Waj19u&|2#Nz*w%zO~Vb8a0P5jpw5*c#F6A z%O- zRXqa4HsXlv*c0pn%XIk~7UjqAwY$a(d3kkrcTNUdH7r@4EChryR)LWTS~OgDw%T0V zo9GXfTZG@&(t2;Uo9UHVqEj=Gno5#E$Ycl)gQ71wJ3Z{qV?qx1<}B@LH-&BLlbA7a z#D!y|?NmZWL^hcTM}dYGNx$2atm;_jX&^{2c{#f`h;`jvPL}M%J@LCw3qRpAiU-vn z4_=sMs1SEHz4?&xw(;@tzrZS<>5psk>#Fl15D+-?8k0FhP-S4uN9#r)h2pHy`wQ|c z@e=X9=#T|Z4RXH<5&;;;K7w?D4YKw=N zVF#M6WEbXBasdt1d&yc5D=Q%69;;u!j;vjd(EwHTE^vL-t4?ckiYIp*u5ei_^D$qf z4v~!rJx^>myi5C*X_zY$vnBPyPtoD06U8*=>C+557CmrEak4jT{CiM z6`(6tWDuFU0em!s*|+ZMGF8i3QwrvvXWv7`Vq-!P-EL!cgpSCT_^yZDuKL7QOf30| z>rQVGLvNNKMqD~@2~ikp>R(|XRa1>G1w7n5b7AzO74`M}uv-?fiiAU}A(>Zp5}y96 zy+4dOjRNfslJS5;-O#hU^xb-N<`mjyJ{Uie-m51v5Cm z&7O6@%lvl0bp|~E~W~9djBNM8X)Pn=EHcfSPGdxdu z!Q|*r6LPCJF((7YcH6{!7bYg6`H5Da)=@ zHX{ANTZ(Qqgt(f=(y_)9g;z56lukImVSR^9;N6^LPM*ocMrEGEuk zl(DdZIltQ|Tj$q8MSv`Jt_XG=Z3%wdN%Q1bWeS(6_0!*ha>*ZRPT(D@g3 zMw92XgAjmuSOYeOtp6gk1I8I8#a3y$p5w1s6$n|pi7QK{ck~@n^y4wbQxg)5hZ0$8 zHcEO}wLGYIBu)n&)vtooqC0PB2|c^R!^4Y9N=Bd{DW0MI!b}^0Y<+f)PT0Byqoed$ zva%cei$Z&8KXdrgMYUg0yC2MFd}O7==XQpd+pc$W_Iy!QbN9%_*?Dod72Kl4z}(3% zZ_SwFM?5Q!?dADs;iaMQoLZ+}M~~ySRjf<+eoWg??HY z;+>r26hY(TBaE%%(K+9FE{JK(ewIF7Zww&$!G(eb|(5sUGI#n2v z%z8HBN)@_l3%SP?I0Hllxn8TUsK9J?jF>IfZCX088_65siv1!o(AWETc5ddWDWGzg z`~N5Qd~-iYRLN=n~tg!+~mvPIsRyyz!q;bP_bX2EIOiU!{FzY6j zg_e_7z?TQpE`tCp@QOuR6D`N5P&s4gIS)B!RNT3#*i#Vz(a-VBdM=qTE@pC@R{{zw z@|o%RX`j~VZCa>FmJF@MH=2k_mlqT7vyimCraw|Tjt}>b5_5gg*7eGWBuxVCraNZJ zLg?t|?rzWgr}Z0D4c{>euM27^SGxKa zin4hpM0vfeZ`jVw%)>uAY>KuK`fR-vf*m@xu%Svvz8m_#UI3`#S&QBmWic5UiKwlG z;>=vn({N@Ly;@wBEnvf@qIGRg=es^ryP%=O5!O{=!=tpccj!gQ9gCA(jwME! z48?uocF>jOz1YTg$$dz2YG+FCl+F_d6-`7bRI4E~r59$afW}bxAQ3{>_Pt*|obT?_ zC|mN{exj^V<~h3xKyvlW5uo=wf!6r@hmBUZX3x;tH(UXeUB7@Tu(&Ca%tG!>10DD# zzSlv`&u7ljen#+fZxU2 zwIeC#<2Dx}wKsL2=yJ4ueEMvyfB}E3#!okWO+b@Dc*7z5toBzEE>0XwXIRf=KcwWR zMH4#UOzZMX|RB@Bym&H=GrOf06Ewb zQ#GUJ3dNWy==^NEY%%(2GlW9=_OME2arydw1<*2vxZ~>da(=2Rv&{lJmvPH?U!Pp& z<#D_Qq$$r@*$2NdrlkPWZhy4h9{HRJ5{bBX9^#fbdAPM%q4QIQ`YfA{%Q@<*>e-A5 zpC>##mI?`1^5dV`pLGKybb#1kGNf121Z|zvDAlnU(rC6Rqcuv}IA$Z-oMaP5r_S7X z9-9+O6FXk#xRV~pF*EOZ;=Y%StQ%gHh4&ps#pZLqxcCqv5tEZ{Ue=(04v)2D`j-#4 zYeH;G#H$@1#gAS++k~{0PBlX-xm10oBZ6pWbv-tBcaeKTU92$1aJEdJ1|WxIqec=0Q<@|&%GS-)8}@~Y<(5kYs3wqyK^>^2N>HSltAIhGEz z%V0U0XPX#HDw{c*{;37n-wH$mpn1y z4wpr2#y0O|d6f11Q9%rxUS_;SaSL-{Grv6p89_%8UYZBjFFRVHyEJX0ay-kXT?1Jl zjX%KLf0bfHl>ld3*tk#w{?B@xR@OHzh7+Al&!6xIS2~JM=L&m}wbl*s_A$yK>Cky` z0Ha0j%LXI^oYk3E$uR4g~8H6Oh$ zV?C`N1?<|Z3sXve{tQ&qHK*M)Y7q%nx7vXixeg|nyWF4BgEKNhyPe$T+9<8e&BLHa z3JrbSZOnKbOTUsIK<@j%Sd-$MylypY)#0lKjx`Gy;9Dw{@(w>an5qZb>g7Js8MFn4Z zn-L~M3NAI9?Au!P7fCiNR!3&8qTOr|BUpsY$mnP<#Sou|yvfR#NK(pGnio``PH#8% zriXVR@?lf>eQ|Kmp%#OxY*fT`&14uz9#s17D&^WP)2+1J?j@KulCQU4#4p9Y0qJ>? zYD2_Xsf@)glGH8G2|DA)w6>4zH7u=1X3O2swx!=m=}f#nIS&jR4+Ucda?`psnB5T1 z;!|__Cp~;gJ4)so6@ztjo}PwmLiXlBq}i?kh&1dxTWj-;`YvZ> zTr2w_kdLkgh+Z{FDfyeRbUrqQg?8r|n2=b?>tChJ$_kJ=QujS_MsfxnnYP^vNX?a= zx-dc<92~5s5Ad%ZC_Vdn&KTtug|9ETsF|9Yy@2xKY3sd3C02wl;2Tzl-s72Pacr?* zEjuRId)y4s6MD!~zt_8>o_uXzeI4==wt>zjV*yDCmGWMAgw15Rkr;-{UPXfnZ;TDA z8PRidggS)j>1UPSw(Mp&M-{dlcU&r&Wm&)1^1%eTn|GkgZMF=Wa0G$buVp_yLvDtj zZ^DYJUhd;K(L~sx*Ru7Dp+3~NQ=C~^O*-=-&#~jP(lYrNy0zWfxa3%eGu~6yQu~|o zMgItkovMQPaLqy#!}ZhHikt7e^G8#Uk){2XYd!8<)ug2@rXhzO#PSY5xQ@B|w=d`d ziBNd?QBh;wzeEu+2zb{{^unfosMZ)?q4w2hYnjv)59rZoTdVUIQ4op{+(d6gFlo6!Q zi8+Z^v718+Feg^=7f8o+vA4R558;# zwwQ71E$55ypATiCXL2K`kw!02?WGLUN+r>Wo9!RIjuQEQAd{duAgN{uoe8QBe9>LV z{zmoysFI#v=2EtN{1sW0hnDbOY4gQ1q>6oc&0@ds2XUn&^jLfXf}fV@GW}m6dNGUP z;oDbjEnPVuCMUVJ0qX?bardL9(j>=G(J>lxYT?hHKjrC95=tiO6&qbrLK|fdc(#uP zOtaol-u{+l>EXU>CmLs)cn2a2{auZ+txb(q6#VcOYwNmNepTys;M&_5f-Wg%W|exCcQ(T3)4sL(aQ&czrXX+fAw|4=c6!?E6GRgrJSl8nV^K@HMC8A*v9zp$ zz1`aT5rwfS{o&0V^(P{nqTLMFRw^|Toc_?`9pf8|sz&_gRoBUpv+1(?Dj9q% zEsu`DgLTu)m|tbhy=o4$KZz*wB=xQ*1abT66+~01rUe3cTovRAJ_Q0%fQBHF$=2Nj zqj}!_lcF+-xV^Zh=G`Cx^S6oHuT~i=d0QV8kTDuQz1PZ7omeBai6de|jQAPRS5nk)R>D5!QjBaSK9Sv4brIebop{=QKW1buU@@^WFRHq2QSI`Fu!{H{BMuP zcfQZ(#IoK%!~YB@>}R2G%9v9%X-N5OVsbi-+)l8fEx3(*^YZfgZ7IP0QUplw*@*in z*(d^^v_G2f`%@Rj#m6Zn_Dc210rVxb4HUqC8y`0q+xYXxJYHU2xkQTROKK{rLqR>=sn{ZBG`}iya z7#touSJuCyp($?A1A$qU7< zSR5}MU#J=%CI4iqHk&PDv3>9p?cF=2Izn6$Qj1G%*Zpa(iTC=T4gCF_Umvf!N@(s# z4?&;}#i`k8jh|~{vFsVSBTAQar{l;IVY$}La=xZtzj8d`j4Y0?1ScDif|5!H)dw!QrT8cF4q1V<_6^UftXp0$6-XDO6m$ENt=oPr$F)B2dM-yTeT8 zN4jdvWi2r+h>;H%vfgt}^h4ryU2n8kzZD^GJ98xpQ?)n7}b7_H@rIyW2)H5mz16hEfq+M|7NZFtA=Ubfvd`y zOm$*@nh|zjX`%*WnEA26jbC9_r{1&REfVEae_nZhA-1YsJeHkJJ+E3JD}Rpmnvp}5 z$?{izOWo(Q$ttUsWoGwYzTc89_8*xB@tZx7m% z;T|tmy>%RTa)61^Ki&pin*3tZ+$SuEZJMNur*3|_?*^S6qK^$qzsaZ`{zy`@nA=(Y zHaD^F!n0sdtGMlR*+i3SzDcP3P-Q30XIa9WIu+PbiTO9NqVZ9MMAoVw2Jz`k#*j4n*`B-Tc#aq{SHDkJ}%nH<6q*^YU(t)Q z@vD;;;CV}=#manmb$*Nc2caB25qb*>M*WKVT4`%CpAW>6t9lLdaTQfKz6N3i|J z*H#XjW-8SW!mBwxO^qj=&u0iJs_e6M4~3lNc}VJeW|(_h3_TfcWU@#?m_JU}EY!yT zToSSUb`ydiw^seyca@XVoEk;qG`XMa8TA5h8O!AaVP^NPP{EmbXNmp^S(Hcyh*se9|* zpl04sz!w#YqUq=S7G*^fFuekJ?J#B*t*1VWbTC<| zntB?kseM$Yr+f9O$!xN8nwM;T|K!w~a$}-*y9;ynmckWE2$Eg}k7|v%j+khgeRyMB zIlIM&z_LO8hr;RTcuWoEPPq^~b1lVMZr7rUE8$vxdc=AhqH)5R78c~Sn3e3^ z-ricMg;FjF8Iy&-(exT?S}ZMxPiyc$9Uk11Q)<)UEi*pG<9$!KflnDR-a@b#vQoB) zS=v==>qRDM4_PByAPX7RuwPkSWm~;nsY8T}DgTU+?RE$*D3h^=4%CgQi$5A!VISDo z&)2VpQ1rDz1y-#^)-}X_j5GxFxtG`qi7qC)hH4>0=pr5J`j@neju(;j{Oz(Je!II7 z7@LT$at2fOTjkK{CAvQ^5O9r7WS`@;Ki+(BQ~4vIu!}=cv>g02t>L2zZN)sa=E*yT z_@1tmia}_ z8RK7HY}|^fhT@v+s7cUdO=;<2$^Ws8M}1U`tiorvul1=H?_2oCFkQ?-y}~i95*#&PZC$5-vV$<-UgqP|K_NAg%FG3vw%2K!owTZ`d;nZ z?Ne}GYqp+@Y~L$p=0hT>Jde|gIKg`F_wQpOP2CrMZFW&DIoOF@?~S)E_iqO*p0;e1 z)a?_Aui7^pkuPc3>X!uu2g-xN^>1?|Hz|W!e{Jpikz|zkizXx7 z@n7od>P(E%(a34-myraR6OH^~f~|;^ggqjdDKkqG%%}FJFL7|Ffy9JPbewQhNkwHb z`8TB~Q5MXr9z}bq&rJuS$0Z_?KP#~5TILLCfZ2R@iC#c1m9;+>>hI;qRU=F!bKvdA zHFjpF0JcJfB<6VP?dgRXi;bltc;}_7W!`bqnKFCr zb&|wQg?6`53RHB=_)~j~uURau=j|fF0wj3CFtO?N!y2;E71Ah>JbAw8LOcJGtSMe`ysyL5frpAn#-ke zGB%cq9!LjcsQLk$Yk{*&F=ilvDE1JoyA{}YE|7k~4+R*#BIq8Kz6qQ>80=YA@@+ymZ^zCj{PFv=cw2YLJlaQ#*3tK;|Qv?Si zS>I!qnmH==h1q{Mh}eU7AOU(;Q5YCl+LZO0Q_=}+2j8tjZBSOqf3r8-K2XLeXy`Ic zU)H!#fO_heTz(@*`Dx0_|Mc7|6QkM9s8c&gBT@3s%@B-iZZ#UgccD~O9p~iWFa)*N zF!zPPWu8t=<#qS=Dj2F3jffAk<-O~xs@g3a8`1Mdc@fjyZH(KnG9T)^>)vc^x7PD) zSV_o+jglW?PFqQe*f&ma*Uc-+P){*yXw%?0p?re%_kKc*?<&rBxT_}FLDD}?KtEgs zxbdQ!r}j056f(-Vuwa>Q%Ao}roT!NFTb>`>Ex7IUZ5w31EB}g+NXVrvp~}O~Mt7SR z`)#|3!Ni*ODfN}0;6fg&@j(JwS@_Qf7g0{mg+RK6U@1#0n}od|L}6dUs_-Vg9v9?!#5Gj`W)CdU6t zYhq&JH8r*BPo_bo9U0f(0G0 zxIf-!A3Z*by4f66Ra#!N4k)T5-Sr|Vk&{!iEbI1SUgH#drFf>}FVnlsqzkkd+DIO6 zZu{=+Ab}|G@QT~QP}5w&+6MCaC?^MGUng$U;?v4j$LTCjm+0wwkLJaXL8OkTj<}14 z+3R!X`{Zvo=m*ta`b9Qjy9|r+&m)Qkl z8=&oRZHb@r{&9$`fpL>n*GaL7US)!h%z4k)`S}sPfR(RC6{p^r&rhEXFI=iM*=FPw z_-KHF4TqYU5NAj~&9e??vL_m?oYwvI*iz9z-(*1zp5lh@FweK$sc-`(bM z@+`i-&gXzjEk@s|%F|5_%hVzbK-ggosXH@v1;} z(fV7~!##amQW`zfeb#xRaD$tLN0-9qUUk0OEq8DQp$ln0I8;$;ILa*0e*B*Ec4^gX zMNP{GBJ@N}nC|1J6W9Ys3`HZLZUokca@Cn zs?#LQ#K7R~ZQlN^>~=l|St%+7eN6i9-`}a86)Fo?M%W;9lJT|z%!R9!`yEF0XX}_f-D73~Ba0h

swmeL~>N8~kT7aIopk zt&u-|);>TBH;%Z@&lSeOuQC2>19f9cXfw8Go#my*&2?Pufo!GFmIkq6y|hH0o~7V; zOiZhr+pU^*!|DWA+4zT^(9xi`8GL0@1Z;XV#QVf_L4db8)#qB98IXcWeu04A``Y)T zBBuF=OSg@}4;S$SAJfv}0m)>G1x^x1>fO!0X=a>|sB=iMj$7;DO#fU6$RodJ; z0Z)iefZ7X-L9@zp&~u!}Po;C8ld?B5iaSfKkTb5Xv0i*Lk$py_IuT0HbMsqFO~%wR zk3A>Vw)IiOp%v{Qap%i?1*oYug)=P}%$v_n>w9!dHYNt<4dslEaN5B$X4iB2@pGZ@ ztnK5jQ?N)p=5pq5fz_oCwi0||ZF9kwcaSo<&z4oj#yiQ~N-F<{v9FG*YX9~X1O-$Y z>DqLMgn)!}mo#ipLh0^Cx*KT(Hr?GI(x4!@=}o6}Y?`+`_r7s|oOA9Q?;plyt<7Sr zZ_PPB^D{ql1h8g8&jQLa^lZwVlS2ykEM9^g*Q?P|OaSv#Ss&WVCg{NUgMa#v&1n(+K4eoRD zKCt$)am}En%;v8=AFU35$-+?-e%i-YL|s1NI2vO^nwoRjQ#X=K-|Jl}J2&Q*M;nZ# z5Hay1WPhP@ndY*f!du&&JL6RV(M~h6N)qN6Q&JX9Afws+X@PLR&HaHl-{x-zmNM40 zS+~t{uI=#tW#kk5WZRyL^7eE0fr&!c#s;mMES38xdH0?d9A*L6EsN~{4t)L~nai3? z@+l|35usfYoL|ydBtC6HSm`O+ITdQH@E zji+jmI0bVZLsOuxAG(6Ng#Uhkiy(SS`Z9dI{q1+`{NGdhU%|i<1haC%uW!W-tjLSVE)!o7hWl(BIN3kw% z=!B`DdJbiI;?@>6uV%vg2m82F@kd+axF;Q~t;?AW+C_76a*ap!!AUy=7Lc5;tZUH1 z{PbS;rizaCt}!_yuo_Mwe-d&kKjG(>$GEqmH&2kCrhGdwy_#21=!^guH>~wMkGT^$ z(V~nZ)gf8sP^X}(sDsS5mi6z?*y^1^a&wIU8qZG+{OvC)S5Ker5s%rJo9iSo>oEJ= zc47>LEHdRJ)NqH*G&aVjx~DMV*tI$?gNUC6EYEAH>lw|l5C~(65#`ETh@Zb*Joriq zXY?kwL3EXrhDS8*-#ww&pbX>S-D}!5N}u9}aPU5MM5j{VQst%Ud9|akP15DE^!ucj zd%72lgz{&LH^su4F7=1?4w;)KSVC+sez!oY7~*Hc zi5tb#!_U-`eqX=ybVC!+*e!G0N`G6H1fTwVe0y6Dh&1o9Gc z2)1(s_yyFXkj=x^MYW4S&RLQjAfjsB+>g8^5eiU#J0cZSw`U)Mnzf=`#f8BO;IT55 z)R0Q6iGJ`YPBDYCfsa+N<@`mQ%m&-ts-|&GzHQL^AU*GuBD&JsiCRa((b}ItFGj$H zvb4Ao9khZ~DcFaF8GBml0d4Nr$Fo|&?T2|SkitqWfV1huY=@0cZWG&8_>6<}s}Z6B z`?m`UXjSB@^b0{QF30z!f`VgTje1;_pTgC^V5{vQm{*s_`oZ1ZGftm7&+(IHME2A% z=jVL)Bua=iaSNF=nO{X+sF`!>F@77B0qG17_|+H}73j4{-oCfO+5EynQBiwruiF^N z=iN9b7oKZUzAI~7^7QM-9C+$sk1-)BX;K@&z90?U)#-|FX009gAc*+($G?OgFeCzm z->{J{E>aJ|lD-UI+6MK|G{$(ZYZ}lQ^FZqkYYJ-Um%>A7KKQ)csbwV*YvkQoY0Olf?W|*(pd;ezaQgJPBkRL^zgnV@3MgC#AWBz;V?cbG7A#!p<%ww)T>)vuB;XHs~6AR1fOsZ&e zQIkqceRElv`uV{eU5TUTvzN@AP2qNYo{}b_5}BHPD^Yle4TXhTq93W!DDgVcO|;f+ zW9-`wI`79Pro;E*Q&LRK>Z=y*ze>K!{q>Y6X!Tku3n#}NL;Qo%T)KS#JIJj-{ula- z=Ud?~yoQ_G;#XC5-!b%@46fZg)7ZUygwq;=ZEaatR|rd=_w*Qj#L(r>HRxhmXaGgC z=3q#V*L`or!!xzr#%I>`$r0Ts>fan1UcX1T#Ge_VeS{|E;8$NN>YyUCX8Lq-cz?+8J>;!v8h zl0{ayHA`&5G(DlU4%;f}F87t@IEUQVG6#z|^<0}+Lqc+C`2-a3WBj<%l9Hhu<9BiI zAocAUIk`D3gLtvcAptD!M$wvd@>D7=Mx09n!&Wh~FbljGp_rq(F$NSWsXEQY&4Ung zd)4Z*V4)qN9blJU)!wG6(gc9kuxkr}%I`brV-+JqI7g+bQ?s^37sgTQ;yI$VXK~2;A z(#}CHzAiWfj56Qa>bd=UCqX8$e@WmCr{!wT9V80ND0qH<0%ddLc43nxj*y{%gI4@b z=z9KDk~I+&9sLE-;}8dwbA2$|OZc<;n79~!=Dw^)cLE#%Y*PrC;k_9O{!yQTnxZi> zWwf*c&{i1Id>UD0H~BU;`uj1z2Rgmjb)|~~=YB45Y-iTDPb%LN_*ygypF8Pu|Neof zEXwUw9@`6wNvG{W zu@o~@l!3(MwycC$FE=8rbP8R%rzW=tD8ZZ!F+ATb7s?s}V@)B(U@QV)hhN6{(mUM|Ag^ z>X@-$nsYQSERKGJ=C;*NaLJ`aa0gIPQPK3`7+Hb#UR^1w+qIlu)*T-wec3c7glGZs zZv!8t*Oc)rL(r^8O@}ZOEw*Pj0tRQi60gbZ)M?v|bkK`fBj;=nD=KwkyR zMC!zDF~)TYdrF9%m4EqeSk)@|@)5>aQoZ&8#xYUflP6a!EVfykBGl|_Bmum=L?xdu ztNO@Q+(>zNHT1^Iwo51jI@z_}p&5Ct)$^Eqg$9=p1RzOGu&-Ar#N!-49hoX&7(4Q0 zcTuj4L~IJT+VnTQz*?B9D>w^$q!;YuV~1|&VrV#@Y2@sjNllZtRiDoaz;srMX+WQXg)>gg;u;*(PBnrQ_l~8fnP1J=cCl4_r z8db~>{JLB(P9r{LM$}m+WqWlbh4yBJ&@FS;y}uHcJJr!V7u9&H28wg(-KA#!Y%5_m z^%%Xn-=H5Xt&D4#E3%c-c)jl&Q0^b*eDv1X#8oRf6RpyHI@nSyAVKrmUtY}JOxH&} zI+wy8+oDL6KiA3=Q4P(Ad=s-SoTG1xsBG);c2>Mvb9>{y+f3z$wld_1suewV+0;Lw z5jNyH1kpKH*lw65#L^jVM>ZGZLq9F)SnJVVRW*9$Vgf>X-5co9`&tF#JC@4Cbp37} z3*5ay$(!5#0m%zzcaIu4Ahuk-dj)U zjzLCT{>HI&m;>fhxMgrbGAv_dbXB1N`}~C6rDGPjs06!OB-3cR{+=TE&)0wW`E?WEM0wg@*0?-)-k|`Z;#z4w zWK!S+>^}vUOevrG@}%MK@ABUvOa_$*!p(4%vD||*)wUN01r?R!31%y1rxbQuzt)>< z3ur2h&}tFZe`X5)<8!M6FkdjfB+JkT>vvcS5wq>>+qbIf?^s?;s-p*2D#unGb#V@` zWYY1aXz%!7(RtpW_2QMTqMf=L+uN%K)@ll@es1cEeyuBnjnIne7Yz;P>;I<%DT3G+ z4P;J^08;jYH(QFJ_^LRxX7f(2#`D6TJg&MLnUjZy7J%}xv2(De3q<-svW=~t(Qod$ zSFwq4Jmv$EWz6t8G8Vw9;}i69vYT?YwjpPmkfL)!0$!P=*Vx}Y(^50z20~F$Upx~q zG(TN^jl`qyz-Rq4a<)&fP~Q0OCpO4Fymc6blZ+KDI~6sI-n5n@w{~;F7T4bH9a)Q~ z-Rc_p938#?*RQYMK^sDXf(!Pe5+%kx)p%p$b5wqQ!}rX9gnvC2-t!MZUYZj*7{6Pb zVg!gbZRZ7pb-T_A{f)A-v&ZsRn|H!W)`DS|?bNi?DapNdaH0mA2H+fmwZrU;Ee|6= zzD?YD+rt1~#CWll^9aeEnVUbVh1`H5SQ4eh>2OciGn#xa-6PV*3r^7SU?~4uAvf`l zsC;ivnvTmKhQ3JHC^5&WjF($d)*QFGO*ni%Td@cI=*hD1HF;|l5 zsoQ62DsBZ371dcY);5$!R7?yahwK!fA0HRTNw=#=A@95%jD#79jcQVvbKQ8pT<24fLJNkdTc92?=S3S3d-$ z8pTD=U+5_3ad{`t&IVG zjTk}w0`Ow)0D+MO(-TF~Bf z6nMx>;g7P3NJ@p-5ONjmA1ABWaMS5n)o?{%KHlT8kSIx3&n@y z*{xa(e2Br|J=(a{m3NjGDzT$uGc(p!VgwG>9T^3K7Jnbwr3qT#7&aFsk9wHXRD6bL zJ^L{P9E+7QMK1<1%Tzlm4z*^%9+jCRp{L5tMd@`CVl-cH2LxBDj7?02?iYQsWar^S z>lWoP*WQ=Unp8V%nzui0@9!ra9@?e|cgVM2DH+7x+#qTL9{F<&3^^a4EL{ANcng?Q z+u3%;(cl=(kg-UvJAUzNA^3bEV?e_|557K#ckxt+kc6Pt6qd*6-vPfpkku(h+bSuK zjfz5#pA5MROt`zl==gK~5vja!(s}a~{dj`PHv}vW14?7$K59gv%_z#qDysMqGcABg zv2nub;RG`^*W76ynAIVQ!M_v~WuP$esL*+>@Sy0Vg%+3O3l{ohI;t+Qmp{{D(h9Mg zdb;;p3Ct@9($x^w24O+#3WlT-uVS&j8P#Ej_E%myhIB6#_bEEjIj)Q zaBtWYQ7SCv3^hHYgtGzby-I9|v8Ub1lRx-8Agd`eJUoT6gqWzEVGr}~h~;MV#cI1Q zxjsm&v&c#`PW;5H2e*!IdEf4KB6<1k=RsoQ^y~QgMD^=+pSw-E)c8xRpn$h#;4v?~m`uLC$>^y2khIf=M|fW`nvqsa%6zdOJJCXFWlbGD<_W zg^PoO_GXraiS!xKc6O*&#L|-|{?%4<9~szuz`1TxrMEyoz_$T5ZTbd4e-mn?MJ#Jyds;!>u6pN}KxEYL!i?4O%Fg8S>lTqlIF)yx7=K5$`;6wSy>V{ScrYOkJV@ zHdnQ5kX%JK#ibS}$f4}G`&prFe2A^Ece7KkX?$6YH}$brw(>pr(`zagF@ROQKC_uQ zT08P=UGSh?2GHFkX5q)ic9)*}#$OsjAvrKG9P0|!t*fe1$)$_!cJBpo*bU>&M#Lb! zNOJk?`;$H6lg6RPDBt!l+rorZhRem)FeFT;Uq|ops4loo$}tsP_+eAO96SQ3BDEuxDW_ z%>%dY^(fLC#w5&0V#s&=JV5=6`k?oWZMOXubqvpxtNA63ULGFgFhP<=R58%J+eiUi zhN@S(+u|}}J(Gv{S{r$<-l}3&r^Ds0>kGB~_!_Ng_kR2BwR}RLcDK>j30~eoWG1$l z-3p&*$J&OXQ&R4uXHB}w%Jd(aoexhZYFm#7Up8%|?yk9X_=xvtCl74ajR@2ANc3P6 zVdrDdg@V!1QL8w#QSu^_eWaK6aK4dXOcd(=aKrVSdxpbkMCo&6h!hnWg+6zglcPG* z;Zx!0H$*Y*Q4T>{wX1%SAEpVf4tRy1Fki&>D(=Jab^vo?6Xo~rTTeMnpFig%kx18z?x1dREXN*O( z;CaZKt8OFv)fWeNBQK-#J6|LT3tm;e7hD3;t~2lQkpxDvQ> zyGwL!U40?fGoH7blFDQ@sg|&N6pAotuF9cw&-~0xdB=-rN4VqmGt~I=I0VqroWSAt z?u7WD)^f?XcVpC|@3?t+re2y=1KZB;Er^*cIezGWF;}d_1{a%QJ zMV8HAWwCCC*XpLtSZQde5JFSf@2(0xzU^!i=1zITMyDhjzBy38H@8+rch7v;)PxQB z%tXsCsjtd$6ArtZ%>g}oRRa+>*$+}+8z3jY&0X7dO4%kno~Th8@_}8yYU`zXh89M{ zMyE*?#zG;=a{Gm=ZAc#h!~W6!wHnnTrEOZ;4hyNHH2c(X#u)A|?bN|H>ZwG# zRtvDLEv<#}aTvHVbiH`6jsH!nJ!SnJ+nDU?o3Sb}k(z(ONqB*se(&AhD)3;WUsEDs z_7LFUP?4rqpUd6f;DM1|D`TtoJD2>Z{`{r^Q#DErYV(e(;6p<62U&)OgJE z;g@du?~$B~Ia%*SP4=bt6e#&<#$u_&r6d}qHYfygLO9C1E-NdgYlV3GMx*9}xx4=@ zrKSMXG*pnY+5F8?K1YzILz$BX=boy9!=c?tWL@xVWT!U$ipjoun@&4Ou!ak_=C3E> zz@8gnWWfZ^bB@en-alY4oPIMB-b+T=&Lf4snU{e;r!FnsH* zd$s^y=)EM&;)`-f&T^H>R?YRq8VxtPxR5o0KV6$kI;fvx`}YtCxza~Sa}n=>y-&wQ zq*YYUyp!mWy1S}(C`H`W+98!Ag|#;+AQoUFNWT{^GxGW%j+tw#m?f(eV)XX|%P(He z7x7~4_|w7Pw$q=}HK-7N{ zp8xs1|G0t<`iA@K>GBf#gEt1E7g-AS!=FF{F84McGv3zB2ae+Zxamvm02qMrI57Bs zF8%fJMIwY!shuNNBtsWdQ)xuR$4DSo_gN-{V6OGa=2$E&cOjA8ETP>mPmqv8TK0D+ z8;s#$4#5IGwY%t6!PnI9kq&d+3VewAautMFAMBXFAe47;03g6{sr8!v!M)dQC?e-k zk&&VNsto-jU(E12r=wA#m7~{-c*&nGGA@Vd zU{*KhjyyWA+WYnjGacs~ceNz`X{xXfA`V@IYwu}%*AF~@%3$ulOzdenI==N<8 zP(UxM>yZYCK*|A(%*j5x2`LVaH%wu6FUo~aiO-Jgt^rx*!h^FNg43IcwS-C37cc7S z7lij;%Wfq0uXRIeYwM@AeqjhLeO59x4OvL@Anj0MMR>z&AY*>*s`6oK!HC?X9NqbB zKD!TNLCQ-H&CcW3Sv|aWx2zhxdLBHng@8?p!(^08#mUWW;=rzEkdU03njmxA*nwZb zw%I(hu{T8esyC>r@qkKPs&7kksdWw~zKY79cv^oL7?xGI{S0uvMqoZ$R z>}wq49pA3xlr1lRKt)H7`xT@75*5ww|7roGC=Uqm^A}%tI-`p|t9EuZ)&jCKChKmS zay{+#W(TIw+Ob%Tr?GvDgcTCxVqdd`geYfwr!N{OJMH@QJXdkZUVik-CdaKM$0jj^ zztc6KYw%oqIq>60T-M$1K4-z+P>&Riw{JN3D0w^XACE08u)sa{$QYOy67BX1v`r3o zxd-&mM@;4PS*q}XN=4y?YSL?v=a6Ay; zFtEXj*l>{K^u3FQM^HTcvYVRTy1Vo5xvHoX1q24q&G*)^utbhcO)+byG{q$)QNEka zmx?xG{c^CtP>6w`_pZiZ^KLG@)y3`TpC=Izpf9y1d74MZ=KkHq??HVY5g~01G*_Gr zTbNTwP%tCX6~7SOirR96x0Ka%vg&G`;$y1Q~InNFnx*w3`f#pcC(M3AKNq6%)lCq=|xL8XAU4212R zGEbM=-Bqg(F9$?0hxtpeO>oM_Qa(MRSbG0gl{5TI)=(8-g?)NGrr7sv`RPC@M-puq zujM>NMQgP>=lEEj`nBJd0}WL-$8dZ*~~_fimXV9?7%nLVIz`;9#lQ zDw)Jp7Lu1UjFz#$ zoX=>U{*amIYs8LMg;Z2XLC44vZay2f-hcOu)F|l6jirC zdPx-KNfX*8igrwsaA_UQM&zBU#$*CP4E1%$au1-)O(`QSop297Qj!7Ku@Y15)lT7_ zw{!Qju&XNm2}Lv>AZal5`7Lr=Au3w*}pCFysNpVz}It) zm56k9anUBSjGs^FXunXr;mJ?uH|W1~qcPzu94RR(8V<0wJM#3SARYaJhlaNKa~LKP zUT9@j{^jPz4I7WtDz;%^A!BT8p5DYnj#|rrS_E)#W1S=0d-S9g6%&EZDqaH=YO^|N z+?)+>S5~m8=hn(3@pk7eZEWh=pFNX14Gfa@phR$b`tW=Hqa;2W6V z-dqm!`|)Qj^{PT$;D$77UxAjT)-B;Cit8%Hwd;r! zyM|u`S_WQ_L;DY)1|B^DW|Hnn=mcz>0o$!1F+o>EiOmX#A4ni7EqHh>c}lsxvG#;m zt)}Fo8;RF&G-~VS;a4R7YZ(*$D`0^JnJ>duiVs~T00jW`zH#eJ8an)@H)OV?NRBewqT2O0dI}5~!Yx5( z31ISUl|lW3gxe^^mGSq`2Xh2?d_Y1Y_R&4^%IohY;}7oH=HrOCFYw~_q0cS9PgK`h zZJ_T^R(&_lrG8o|Ii95B2m;}b=-5Tw-1))!fo{fYziWm^>r__PMy1G;j==(X`p^xD zcL1ZP+G$)e@`fb=HF7M_Q396(Vqs?&dj86Yp&-lq3iWaWdfzj4CVI6$QzO@YS8-3> z;@oD9HQ3bTc09crJs1UbmNpyk)P3hFIp;eaxO7ffZ!G{1v@u-@4V95|XfvGArrpT& zIw!o`Z|ErEbdO)4+i`Uw)lQ0+d!+Qp;>6h$iM2gftr5g>9FoUKUQ7QTMWbH>XjW?q z;Rl&>L|=2WI5;@?hw4KprEm{_E%}zU>9)IkK~vvcZ03qW%TpCv>8bke^+uA<_IO_2S#71Q zmmbqF*?p!fBIcErjm!J5BdSyd1tzkM<)L#0BSa&@Y#q{^HTIT@B4|`Z_$QB%9Z1YF zj^>ZPVL;wU5!rq!dtXv;78}KJ#F)K@SW}Rllr2n;SH)Ovfcy4 z+gyyaN*?}ybBh0$a<$K>6vr<)CqnhoYeTe93itP|74qgkk)x=Wp6NEZM3)($EhE1r z${tNn=T>Jddt$jTzBwhtWJQ#nl9*T)o4RNJ(}}mg2j2kH;&Q<0cAg2JH+2c-_8Q%c z>ye{rXw({CuTREZY^V^ew}R!Hxs8{RP00q<`uFbsqF2PlX~JyK`JFz8E?EE!_auJs<#vgaGPEfA3ne1+XVO(aOfsmD>bqB5 zSG)$PK&^_75zB|ty>PYB@Gt3QtC2~K)2@-KN-20lS}<2XT-=0d8xFdLZ@sS}7Kl`l zb$vLc4CPW*iiVlh{{m3Z`BB`rvivRbjrkTz9aCVD!BYfbWXWJ7zf7Csdf|{WIL*%I z(KADYSArE@lVc$YeG9I34V5i<9j+fh5*PxA!c{xD*mxdXuMPWL#Gw^GGPAT)t39-c?s0C90VWS6uOsiI~|GcZ`w?!1DJ3L7(Rzo$GKT|(m*rZmbHyE zVbf|CWs_IEYFb*xSluz>9H~?IhD58$>5ib_3@e4@H(`aVk&J1Y1MrUP$KhOLnTahi z)*+(9@+0XAsC)gdq!-T5c?gL~Yp%86HxAX-ljhn@$B5wZiwb#Js>I4!K|DM67a4P* z=}Eyr4K8_gdqKfaj@Q%RD=Y7}gN9x(pnp=+?`n%ZH^T*eh~N3nd}nT#=b0;F9?-#L z3I?{Dl0}{H5?@l3kFr>5s@dQ+X5Zl6AnCTYkc(ei+ZamahR)p7I6EcffIXEl+XM<3 z@;GEbPHj7Pe)@P5+f$zmRjaLxFrAzx`8Rb~XdG4SiheS*Ci`-YyQXB9)y<5(&2pN$ z3#8ox(gRLS>9%U`0CcqI_&qI@;)?U+R0vF}5j z`u~*eUtx6690v*n*ard%Vtc3Q*^FQ{+Z|WBWdqAl7n$`@wECBs3vl3q#pl z+#|4_mZeG(@MqGhqB+KP5w*(*2QcHQ5}>`Cr>EA{!IgZsm;p&u;7s03>`YpCU^Sa<6pI&yWi7mMZ=z zZ6d8#y1c9BUuYM-N5$d*kmw|q(J?S)-&FE5TGpL3UDZEv9uQ6Iz`J(VbvOT!B2uzx z+cktT?A|{9vMS<4EES!|NW#Z88{q^S?sra+ZKq&omjaYWN?$H!V3)#!y;W=vl9NJW zD~f@d?pk51A(NHU!46AMP@Z#N(`G=5Mq^Wa> z01(7N_frAx`ud0rt#l26!l!U2w;_09+9Uth5_3Sa&3bZdY{ToljHn9<@~wvQcExqw z$^p*OO&zH6r#>U~;kU+=>RjE-<$#h)fL8FJk+h*FrXb(z*QWN&LPCnEX=$b8;_PCa z!Npu+6V% zGs?NIukVyMdrx#@xSqRg7rkY!kqjGXprT?xE1jrprUvt#AR+4Qxy(7Z3rBzWTA4|}r4eBLKCu>~?%}a!apg^6C6`LhZjj3ksMyR|_ z-(IH*;UjMzp{k<3EJZ}0Gkt20ZjV3Lh|W18C@i>FXZjxQK5^n+7ZqkG{V~J{TKMr7niX#!->x=FWjcB*#>g9x#tUm1e$ZEVn5VqUs zwS#?_fgwe_UNz+~=Q@7HuSsbpCW`*DXaCIRqIce_>+R;ZY%j`Yg7sgkidJ`j&r<@~ z4mw1sJ555LX1T>@58vP$D&-?ow9eCyaRZu3nK6ECk26dS4Z^o10xE1e+tQ=ps~#Bh zLQW{HGd7!hQKznT*Uo)iyZ;QxqsW1>_0_&4mcQ}eE+`QO_5Yax{4ZwMAr+#Zw4G zzIMKYv=7dSC3zZ55)#YZWy3ZVh^)|Tb1qN}U4Tamo|*o^^G+m7BRbOmpW{m5_bLi_ z8X>&jt?R-6I~>OG-FktJ7B_pvUsN)G;E0LE%E{?IJ$$^GD6Jv6p@Mw$f$dF@zYT3> zbap7OTIX$GKtS?DW^%G?mm3*{UoIBP^XIq~P>)(h8~6QRZjn3-D|3ME1{=fs#b&k- zB<^hsdi5o2yIvP#W`yrLpNMvE!caY|t}Xx4Lg_vnc<78ls3(~?N^ zAUPi5BQr&Oc1`~}$o)dnuE$2nCVD_u4+9k-kg~ye7OvW@e(+fAU6A#iQRPxO`)KNW zC(5UWI9%04UG~`k37DZaN|={r3pwmWN+9SmxOQuR!OQ`ARUhg+zv~r!P1beZ-Q5T% zSIKE;l-~wXIK;=Pnk=>=$7N>H0G+CMs1ItP-WYC|5~^xyj31Vw>$$Q@o=9wS<%?Eq z+;sbn+(i;Ak>@lg(q{qUMSc$>ee+ z?+^I92PS=qoKg+~miZVpfw)$+^HCoTFNTu|@Gte$vaP z)o~xXQT|MPXa|K|l^yLq{kY;ZwZJ~Bkn=eb$zw&^ zStS8kVlD3u>iiZMtq=Jg8TE2nMv5&fe57pAWdIXzW50i^WAi0HzUdQHgd0In#%v`dSHkpfg`b( z<>w3je0E~EUGO0KKhHWvv_BFZpEEKZ5FUJeumGZI4ZS!Ddn}5Kq9V_zQ)f?!e3F}* zHRV3$W}0s5-bO)wK`FX(j1J*w9p?At56f}cV@{jpP~*9CE6xtbc0K!1#`tRFOXTWL zBi3$SfL7SYv-P-)c&ZFi(&`VZazND-71M}-K`wR8x@V*$8MJU9EDVi-nK=Py=kxaZ zxc{7V4pLvP0pjAsj%|hNJ7hp0`Lb3Db(Yh$o!zYEEtY3Q05K#{1Fu`xU<0urcJx?MOVy=;fBR%B9E*^U zkI|ay_w4X6j|VE^Xj`%c2Z!C*v=-eFquVI@Y5A+GLY|}f*xp)N{XKbwu+YgZB{r<(B+Z-Et%);1lqP?n@&0L^Qa_#do)-jYh z)5wJ1>R9+pLtiSCu{INJ6OA>QnixYJ3HZ*`rt`jwgQ$L_USQ6JDeRp~& z7FW#aVs0)=W1B=xm)Gw&TI+eUn#Jx{(3wUrTqCs( z;%{0(IK6@k882tTQS>49!vids(UJ&IsQSR?z#%S>pzIZwm0NzkizJfmyLTDw(=ngM zT#b#pK~9v;v9hEN#7^hxzsER`EXYr&C38n(b4WUJ0m*{M^SuU#>}*AMXFY#>E=(4Z z5+}-L%377If2MrD38UJ+cz^F%-pce~(q2~~z1LLOBpYKvU-f4z@n4vEJiOfGfN6{Q z4!#I?xV-bZFF@LvZN~>YhRT+C>q2WKa~*|GX6Cr7UA}iSgZyAV<1eZ&*A=QwM-Aop zZYSO;B~QCA1GOuwbC?Iy* z7&5C6qJ%A8&}UZ5+|8`Y$ZSwkIk8%lXOhzt5k7>CyD zNOhS(_$P$BGE`2E@sh{ZZf+SOC{#oQMGygC_<_hMsohPS%HL>pMd8L!o`pq$AHzWX zNFaZVXJW0&pYL0FATDbruYrNPbi?UbeEjM~?95p%V*tQ7l6x=mwSL@GrOT)$jsOwp zfJgpZ3XOIf(e1Awdww5!E3jQVUtNhGbvApxj7!3?jhlim}z|gKwXW458yy z3O3WSgFbhC|1NJnIW;AnE4yT=a1?Q->aw?J_A}vN!6-I1C6$M$NBrcsNTr62gF{Wi zK}ifiiUouXRhr9fto7UT`WMO>^5xVoystajX&QWvc@(bGjYfwAT==azfLusYCXtm< zgyN4iKReyv8;4n(Z|R-0t!;t}*g4hQ3b{`H+~4b!sJxF1AFB#~NnlL~3{NuSvMQ9! z7yJEWMz5>6eR)|0n-Gr$hbS*xS{Guw4`dG~R<8Guk;Iolb+5atBzi1Lwq9{Dt5N;H z@6YLBN_P{QV^x*R1w%Y~_4)|XVfgKBw0V@Jlxf7oJJb@;`lzU=8rZ<}bfIMTmym(2 z9W;R;9=&ag4l%{$aqr>dCx15(OQt}sH(D}y^KUnzLVYz&l4NM{H0jINUZA6E#J+@# z#&*(9i=Gmzgi7yOnrKYSap~bRVCf z{dQGUEFWlORhWs`l8or0uFNEzbR1`3V3@K_%?|)LF>xw*78#^_Q~F1(ZmLxtUp#M; zqK7(sc7@CKDDWnbkrn48BzkzxSrbPwKk0*?Uc5+}lk5~Oc!ePKNZ>pEuF57pt}evJ z#-<_9QPO;CYU-ogSz=_;qMLR3uH!eJ{G$NL9YZU9h}Qm|fGw#pYuHb@gdapB){VU~?E3Y~ z*LX(@2PdAp`oc*ec9G}0Wn%ZN!S6bKYU?B1Bx3wB#qRe5=lU;aUWyi=_(uN-`tvipaI5X2PCN3n3y-I`|EtPjziraE>Vo>X(BBtg@ ziR_@|+Bl#iU26kA(O~gj7f)Y%?3Wf>g|&~mtP?2=6|eV?hz#L` z^p8ygS4E)?Hye*B9fTa&!D1N z1M3r<6YTAdT<&%I56hnMC0+at%5UB(atW-NSLBEH@^?rN&5vg=n{5-;M*+=3TTWVj zHAUm20HhRZ>D*w-)Pj6k7W>A^O0_udF#MvlGO*x*K!+{KcJ>hnc?v6Ptp6fz3^^_# z9dtyb9#P-yDEK=f!jgeLo$hh-OIt(3u)S56U&;n7u|x_H2@{P{kgR`EK|3_~BhYqj z>GtWtRM{e;ye=}sFLCYBX$?uf{rMO}d*Va&V3EP?6+$?VBNaO3*O)QFm4^KKUXTM; zVhFvAbWu={J5ITqn_IQ>-mB{Kp3U`A6DD~iUT$8QR9Q~xN`nQTEIp^5$+*}QhB>tx zp_3o)7#l$l#qnh!Kx4l->cB8mMdm!*;9ivm9K#Idp_rH|_tMZ`Y}Pj90w1)&@AOzZ zZe$Zp2abVi>H!?3TkSB1ll69kyYJn$?(WUyd(9G4LieS(KiT2|)*rElt80K=##=7- za2Td-j;}u#TI*1^bw$39Bo~`1BQMv4md@5Udhol3rqL-B^sx}VesI4wyyq#zc=*R4 zxAt6iY@5QBA)@|!k#4>Xp)n~8^izx4!vKkuDX6+`%P0p&y$0LPQcno06+Twa#exW{ zk$g-W;2gd5YppPBkhn7R5x=$>mww-GtgESY-P0DZdw>9?Iwqje7|*5>C8&PQ{6ofI zj~64F_n(zTKum_V)R<*z_O=6dqr=+1g^gp#-K=lZILOve z7_Ul*M*$Fms`vBo^8mC9dj&^6LSehA@|SX?;`2nG_RXQVm{>}N)N(#4=(UxpWsJ{t zbcLLvWRkdI9i zTfW24Ziw+V)Pfz(SVx}T$1^M8At;#9d~O?FzgCJDVfSGVwzkF<`35~9>RiJDO8U=` z%@+w^Df}zlP8l&|D>5>2lD_w4)5$X*HuDr_v}yw?!bw#=BfAduI2Pe+Jq0kaP3*TA zEiA?`rjm0DuGPZywqwuGNynCPMhC1il%~3`#_a>#DEjIZv{i$$vL@|=Y?`efo=+<( z$u(dYlawnd$xQYys}VnzevaI>vd`*JFA*H{5*E4%9B>^Ql3%E)iztS zIgfdNMTPJq@YgTf4E&m1wOs|##TEb0C&|K5t}p6rNcx13thJ_p%V882oZy{dUGD1p z*N&zl&7N14vkB2lS>UUDi}`5^C~7V@2UYT{+_Zn}^EZWmrAT)%Q2eGp)+icD9oT6ykG!l2zP_#>w%feD{JZ zM$H;5rSqZfL&(y=0BReNEI#LOC~Ge-HLG!|E`{fUSA#;h_|#DjX#t7pW4ND_LD`2nzE7@APQ^N+CL`t7;>Yyfy zg8pHcBw63RYOcXs;Otinj$b&7K(yk=-Q}U}iLwI{KFgLGb;_hso-qX~iQ2PObUg{~ z4Z%T6x#6hWp2o*}ynaGhO%WCgpFO^3I%Iexz#g2jf0@Gq0br|--=f;zJh*3zjVeNW zc>&=oy4DB|a8`AUe3!tWa8MfRvYBc-D@;)~e;4IQf`27j-gO}Gv!g20W4_$p`QtsA z8vL6rda)7DPr;QbyN-obsVnE*CRqDfl=E-f%_zq*UFfZ3TbC92{&ei@so=gf`RUozyVdRYSUZcZzyv|{#bGQgiiOaA3-%(5zlzCoKoE}Q*&gXpiF?-aGPM6eJvCBZ5Ra0RjJZ!rSnVlvE-`&mb7-hgeKxB(% z0#}p*A|f3e(;5&ULQk0;U~Uu<8EIvyom66ZwwO1$lW`v*sq<_m$*K-~3th~ZNfCfA zUhcQmlw5A6=bmVaIat_le#+A5{Ql1udII2+OK*LL86Uh4MGWdUWR`i}zV7aRtYDUy z!w}nWCs_oB7>`6N@=T=k#vUgpCm>~2z?!3u9i+RJnKep~8R9ziU^M_M1=AOa{?XI- z1yutN?yx5#VLpTAf`G6u-g2g0EO5!R=28Cb())9?U0OeXsz+te0=o*qO!ht^EnzW~ zd=yXHH*UBOKt>?t`WzV%*Ed*{t@6c#hhr)usd1_@y>0X=FD*{u!Hb@CY@Gp)XRYt|w_X;1X3m*4=eZxpvFEmL`wLWSCUjJE8pwtb-6>F zcJ&_!)}xEE#NJg2oKnKg^SiGnBGu(Iv=9!uza^di)n$W9hm6tUKVxUj@!NttdWu4t zsT3kLt0POxWELiF@|Ce@L0#r>ye|es0y3;F8%gFTi?&|)N`Jo|gNB7=NLeuMZr!j!q(;SUOF$pN-Gajr=PJe8&az!nH@bo+%re}p0c@lq`{oDt|Y4vJgJT| zQpgnP!0$2sUW!62bk;3bOK-jIWLGQA3?Zj5qhF#?wFfJ1b4>=wC6m#t>r(KhM@NlU z>`Y8dHkEYISx^Yb_x5(^^txwS>Coy4q@)wYq-|{UiTTb+h=|NU&)wgpryTep>o2I6 z2n3A83GZ&K$Np{ED7b-jdlKcdruAF#zlGxIyA1S|l4@g7?{gb+#?*;JMlBtFy2&$3o_`r^rDfEl8s`xq5zY|-99_iZ&u1#!j? zYO|r8eSN(HoFb>C_rqx@DfI=<5ANY6waW`T&91}WCt!>))QHG^k|>cn{VNuVb$)Z6NXjzR=XXv{mKCPMFBO62XE&GaxkFHTwf0i-k zCA)Dqh#nZCNtEmx3F8UyE;U=*Rc@LLF0WuDGoH{ z7DeRcy-yWlS2i%PT7Be%2|gi6QMg}PqYMlKHj5`rpb&e0+yTMrNC73$eAbwB%I6ouf2sovqH#e`{%F zCC?V5$@|LY`}Mv?Nqh{oR9|raLIQO(uVj=ELfiuIM)P+Va26>FMNEnykQjAb_o64b zpHq30D@kM2H>M-Xj!p`iSpY0@x!1O*~UFj{KApOH9ZC8l<2gE*?JFvt4)7FIx;I zz&-kUyx~-L@0Go09%@_h@sh}t!qg5PsJ8%%v~s8Yf%JKVV9?eg!m9dk-8NV={BVP0 zHU9hB^WG%3&Z?P1AKvDahgj^wmCpU0pY9XXzj(MFygl7FFz_SzK9#dBXWw+0)+^H; zIl>YwX1NqWot4#9`CU>j79BdduT(QUakTX2u>*(N#@wtuT0c$qRP?|pW`9G5S5(mGE+LHU)=GHQKeIsZMrftWewLy;pL#sCo-~x zl%2G+uRxcNsPS{uQ?S#XJ|y@^-pNC(aPM{l?KGx~+?eSSxddQ%#MMptu2oG-Lz5)o zW@7^lEh={AzGM~@RN5il`L5NirR()E^t$I^xU*)+st8I*O{h$-axT_=;rCtBm5wKx z5oJVQ3MT8^-XUMTW7#RpdlAnL>LQKhKzCua zgB!?&vnn47MSj{?T7Hg=rAo@9`XDFwRcj#2i|#io_^+(@5{)o2H}_S%xy0}1QC9dd z#@rm~Syldti+1Y{kb?=Cnk)XOm9m@v^kVj6)#PS$b4`eRFLwOP8{9y#Z1K+7;q+s7 zXq`Z-IP06+)o6`Am0^C`*W;F_%}w?(VOlTg!faqQA`5QE99lpFVW^c9xp$?iI=KJ4 zOdPEiGcz0xUn}n~{sOcT_BAfn>e)6QlR5KvH}Gef$|vzpFgXn3mV|lsC$PqGq!)tS zoi+V+w+50Q8!qfU|4}Az}n?XPqUGbN%g(N)N-&NKc&lcm=3N(6cxE6~ilW+!< zXL5B7wH`TOr(zH>4{<|Ok zZ>EHlw3b9I6f?fQjf#mk?nCpAr{if-xar1#mIn*t`hlQfS?}cr`&PjP$tlucwEtOaIW_ZL= zjZIx+INK6hzdWY+#y3%XOVe5vZXDrWlOIIzHBC^v`=HnCaYKP&uz;{1dwAI!NoL=t zQH8 zn;x0pYZZXBF|3fr=p|u}hnY{dVpG)%Q8W1vunK}DmQ_fbK0JrM2VE;ed1jjBN6d1$ z+&l{xCugr|g1(V$ocB&Lj}EiBR1^uVyL-x7Z?`YQ@a>+~#Sdz%-Yd&_Oj(0;Z9On# zZX;;4T*0bW9zNA;HkclpOtqPIcV9+LWANf4#dNg}TCUu=Ea^<`JwuyNaFA@cLcDU? zruW8VDt5&fqJB1pjr#P?buuD}j-f>NB8LBLH+?<*&Z{#(B&4sjEr9zxw$8=prztH>%valAnpj1!DNk2F(%5N&?*mr&!l_hN%Q$A<`JBpJYg_}E6LLkXZ^+PlUW-7 zQVd3fb|n5|C9*bV7^lXUgk(c)EiJRjR+XHA=QVp>HNo#6l~w5;w|wMQn&$xNg7YVs zVPbaYA0nSWw|4E&A$3(#!zJ3R>nsd6dirQ;G@gMhnn*x>Rc!dx)Gz^xZLKL0D-k-@ zv!#g~5SlSt7Y13e@cauL#2}^mDhbRxOVU(x=J5`gh-H!zKy9)K=u73q_jCP!*UsWd zDY08FMi(nEYiz{sHDxe|q6fhw)h(1CDxP)PzaBmS!f?^TOmJ?Th^K zBJ{}wXaQa;YiGpcEo&smc`LV18`;n6`=0 zu>j+%0Io2n)E5uj?yp#ys@1wx4tGWNb58ZzvkDq_NcSqa_UV%r*r!L-jAQHkxWoSV zW2$t4!*#QCgrl`tty@-nbGq%`18f&D4)PrlEg6PaiizBv9WyJL^K@icB(9GPBc^L6 z*)2h`Le=>rB)GUmAMKL0$b8Gq03esmNDsX!g`-;%LZoUz2J1ePpxtyHXVl7sTh)H!P*-Wej~HZ$7!6?@X=}N{T0<8JwKGjk|7e03meuY}X=q)Xq?aLD zeJNV-meozc{lNExTc(=GSrMYR@lRiKb8;#qPbA~_>I%4`RhRArLRkY0fU5%7QQ;V? zgO}W(0q*%lOK=MTC`&S$z2C4VG^pRa;(Ed%iam&+l^|U~r;wrPH%0kB(J>*QLq#St z_(^{|k_6HyrDoRe-+z|jNpf6~G4HdoYba8$eC+67r$4lKElb#VZi1Vlz+U!pM>P7{ z(Gr_zp|fMs1U585c);k;7hH(&*pqJM-XE9C=jzL4;;B}`4X7uUi!UP&tLKdFIXEXbO=O`p=JkkjgYNn*5#1Ix=FjA*KFO=Ko;fzk2 z?V#<7j{v(axXV5fx<@a8&gx+sOWH>n)#c@Fr*~(u1*Si@e&7Xj>(03y z${B&yibjMi!+jG`&qAb)Ns9feAGo;QjiT-nxzRz7Q{88HW}>Ndqsau z*!zxgKALl~KYgJ%Aqda;Q=yTJtZJpadJG0QB7Q8F5+7rbLR_;4YZ)?;9s=NN!SkQ_LHQJt!Aus!M z#x&(Xh%jI|%3@aGP&h#7@u{h@l=CW)6?#0aCjj>vF`Ta?R13&`vk~$9oGU}#m&of3 zMpz`kU?=M7a}Ss}QUbPPQjV*&d5TZiXM4nfwB|G_TX$9_6|LQvWG$l3PP)$LZo#2@ z?^3v*DN@S7d@8g>P^{{|oBY4gqf{axLNTiU&=^0%gj2!{dSzsePOtX+fW|Y%#k$)E z7nbcDvFXiPX`ajbM+Lb)S;kf=;&~}s0U>xZ<;+?OmxCms;Q;&F56wIVei4jzOq7Dv z4bHb+osk?dc%mez#RCqj@|xl5lw7i)Ytc84RTAo`$3~gy7;Np^Zz@s_2pznaC5fmA z1gW#Bo5NhExi~=)@t^j%CugQCBmLKD^s&Q?C`n2t)3Lv(#Hq-+wF6{s?T6TK!=%uk z1Fsb=$ehax?qJ$T<)9y7k@z7Z9KI>>IG?N`fA>))Amz*^_joszl>Z6Q9&M zgfM3{L945imUL8fn4ugKoW=81_3kylv0DC5Vu%IE1Ai(Ia_9Ul56t!r6}$I2I3~`K zu7^7MMtVrlsVr1}xcR){do%&%YFEVevp&_u2;#jsU!Ql3#IEiWR8?wG0wSxi`9lx9 z@kGJ!WIU9DP?Ng(r(-0oxbV`_4#BzN$r=PZBD8)54{R&wO5W#u44Q|25ZBj~7ab4G z+h84O?Ze;P?%E2(4!*G^s}?+at!vC@`hHHStVu%ry_X^ML6-|nE~x^E`Z&C*-Q~ze z`kAm$y@S`h;65Y+A;@K?=zd*&lCMiDMvxL8Po%2TO+}_)-#uy$-@c{rKd#NQPawmm z%fPO(F}$q)2>Cvs`d(Yd2?*od_{=JnGgT?u>LPD0RHJH)R?JUb_2?V+FoX?^m)*{x9$^p zl!v2=-l_QOBIg{$26A;#<8vN{NfG07*QA|Jf6KrBueF0Uv^VS?W?tl35LUBfcWQ$cUVZuqJ;9`#iITP_cDpStdptglQj+dlH|XXJS_$qAq>BTiWrBE3o8knX013~jP0CI%FYEF#8kA7^3g zW-k9N8IA&seOwaWZ8uMkLI12m7T3NTR1EbC2`ln83_GD ze*#bS6JY&n@kWc2`0bK#DUKf!2`MRUJ!UwKFVK1#620e0PP|JmBsYW=1XEIaTF%3& zQQUCE0Cdq;tS<+X1HIUbalI-zvSMPNYJOQTPkfwKN}~)SgYd{B|-3Xi%{IDW3)XI60;`5x!H! ztR8kKD~nCJg6O*a=zL`)8uf;Qqxbsa*yKkhwdrckU@Rw~M zi%?Nfz3HmJ!6INu2bfpau7}gWYiiy&IdWic9!Hd(C4SjNs?i9%MX59<6=ynsC%d5x?%oB~*a-&8D6bv3L3 zst+a7mB3%mXtr#&M3HY9vyFJNT=E+wLESRZWFq3udm@^55(V||W7rNYNet0Cx*GR(|q9n~)i*c|%LlZN(g zCkv?nO?xkq>fil?YeV5rDe8xEfW3{z`RUJRco2>h;YNvKZW_(OHT-m$OsiR6kH5Q1 zGp@@d0^BgjXEGTPIyy3Ka_B$z{)SI;zSH9m?e$A0hUvf(@8e*({%wU1D3G2`ZyqP9 zl}Oj8Rt|46QJz*+Pe82Rm(+%mk%_y3|3MnqiKwFYDrWwu4F9q`!p%?ZKP-}k*(IEw zHX?Q@g}8pxn15}IM{j-^Ecve||9JI3ChV`ze-;)3p!YCELoKF1rT-5f{@1tu-%tE+ zlKJEP|0k$F1oFSV{C|S_-z4+L`~QCvl<>&2_xs$hT?s4c`*8j=zyD>T|82MZDS=*y zgU@?JoDrxfA$}H3l%$U*vkQ>xQ&6^4r&WLRq5jd-qnQAv{@%a*EdnZ3(Qg-3eED`M zQ;ZoIL)o1(lDKXmA8=CsW>Ejs(`=7`kcaF+>VOK3zdywiMvJ`s;4=UKp;iUGph4YX z`&)wRk5&Bj5-8q(L*l1M)Ivu`6++fPvbD7U12m=rMgadR6oN!@y*c#y?}7TC59Ocn z%ecMUMz8vWijpiWor?*e|J6gIqGHcGXmI?*AV?2C43{7N`2hclbN~BIe+eMwH9W!B zkwp;$`)MHscS*}SRn&R|e14xN)k^{bL`lfX2hH05#|a1`MDBnHeK|lKI`lrqsmrbU zW`mY(|H9_cIE#R4m0{4UORAG`t{3>;pS-Va#_+#rNgCix&(-YN2;AcceuuUB&dxLN z;!l5KX$kG;AZhHUf)pvhbO8V}f(ucksPOQZpe{NK3yYY508|TGTS72b>8I~H?nJ-t zo^1_XSa>=mWGRTQMJ6CHaHf``WO%b;zpyd&tBToFoa}kTDrswGE z;bN2WS=F~Fyp!+1j6jVB{QxC2>zIyatZSZgyG4ARI}ptI4%CYOF@d_LN~ifF#P?{p zdDG=iFq)({2Y&{6S6_bwTl=Zk=n4YA?HXFT1&UoL#}-()rwnMo&24_p-i@zS-xZa%2h0kI=bGO&!9`e0?=1-nesHl|`r_H%yw zA|%oK0&5aG3snL{`Q#(upa)(WLDQI~-)ZRkXEwi3S7Nu_1wCu^s@qKxq8+sJt>NNVKZc)hT@SRJ_VrnUcE)Eoo{W%{cDhJ0 zxm=^aN5Tv?R7*D(dXKypBHMnY@0`F*j@@ znlJbreyo%Cn7d7S-NFH3cNTME9O7$xL)f@`-TBwy{+<}>JrNAu;G{qIpC9UFu<+8n z(hm6(U=^g7u+f)tuwhh_6BDv2+RV#c&ax`dd24}=On2^oJ4(AENNo>Lg+g*myCPJV zQC85J!i_;7COcEpcrADvac33j{f*Sj!b;JmvrkfMm17EV%oizd>$y5DpntUJvD-PisR+U0#jG5G_*HUp za$)Lir0Y>-O5i>gnTM(Z_aW*`6SG0A+IgViE9V{6+O^SslileuWz`y$%*@O}+q+jm zN4%FvB&`+Y`F%db!sp2NUolTJ>{@CY=jrFF@Du$|t6X93CAyyTcgcYiN1}$^WdN8@ zXQhFWfg!Slkpws2aAJJay4&k8+~CU<`L+M^gfA{X4e};%ad2$9zwsYLM@5x4i4aEN zX3D0wid?7QhnjqU}K}_gtkg*YIwWM z#kYaC!!WJ)9aJxWbj-Pv*gV@MSZsIB9L<|=Wx0E~F#yWtA5h%9%whTAtYEqWgRiT#(V|4EDNwP>wghGNVr9@ZdFTWm||cGAg90X(4I`S};;*bIi4w@*)Y$+1A&gF+D`8vtExS z_#!v;mWMB=vQoTgE$k;Ii|AyD4yer-pko9=X$9ta(eKdqz}K@6F?pHx>g};&Q1Kio zm4ORo@eSH`+YVRl@FMHMZPf6p+R4sjVb)7t!LE!5?<+f z#v)=sU8Ga59a!+3*|T2jZJl@fB6m=*owqcSa^CA;N9Q6vnAOv+mmAn!EM#DUxELc8 zCe&Gg6;LyZ`$*bKLdhWp0G!QuK=pMpGpVvG3t?m)#&Nq#50=nqt|yWtvVEqd-R7 zBYyTKtHrXLH4N=5rv`I(+s`2ymJ9z$NhBkAvz%}!f&ZK8eZ&sca1XQfEGK3EGvRA< zNVa(Z1}^a$pX;KTv(L>ed_9jk8ZWv|tkcDLfa!Q+Fu`H93m_Y)ijXFyTz=hddbm=t zUb}fqXV-9>?{$2cqWZPxvon0Mx0gXuQd~Uw-F1tot_6 zb(8vjJkfA>Px4xwwE~usH9^O&QSAQu+obO|4`R;htV-f{cjZiWwwE?!{D+%Zw&v&YM`5<-1)iDxRhlj;hi z46JwUGfgnaCVMpWS$eSAsoUix6GJ7>8;emI8AaJC_s>)StH#k-`knHE_nFPbar!NV zhW?4ER_OuTl~)&``HUB&xH#6T_%`;d)53kAhk4m$P)3ZJWcSO54iO+V_DoX@t>hND%!8ix3pAQ(to@-HW+%#N;w3g)fF-L1qOTU zI9J5g|B#$1&i#0^ztZBh>2fCZdSS&7II?d4YSHr@00wl{x;bQcsZ=oPdwXn(^PKV; zV5>?*b07a9MXVh1*_mkUq#Y}vAIK9?0^?%clipaAe=S()Vf8(HUGY}0)-fCGo*q`k z6Z<)l0^e(yN~?5<&Ha?s7o3}ZnObG!uj|!|tG-Y;QvvlRUjJk|Tjh>vvQw$GAvt>z zg`Dy9(4;$xm_8%zUG4g$PNhJZBQS~^GI8XB^G!#m5qWAJyGTVU;?2`-u4W(Qw96Yi zxz7S8s@-j8qq3|CbkIjWOShiCfMhXKw>PZt6kJBZFTp+s-`3<3Uz8mlnhAK-gc(Q! zFvp14XIi(dju+jS!~HjB^I3SI)Z@@yi6g|ET|Ta}zqYt7n7G+FHG+ggTQZU;yTQDV z(3}N4!9eA^-CPo@L@m`XaOR_-H>2MF+_~)WGVpx2apfVP|JPQtNM_1eQ|e7)9kilZh4uIz%(yX%p2oB=Is^Uut|$T6YnX(sFx{M}73fB(Qwt@e=#rvq2zF-jk(aOT^@!H=uB#@p0;u#pLrq+x9+N;6_IDYSu z7*%Rk0>hU}^p81`xE*4{o>)5P6bEBzWZawEuisSgXIyt(@DO93VPGa>hG9~ReDm{M zhRN5Ot-F8Kj*%>o*xC2F(+O3@AI&W&*lZu)d2B0>6BoOis2*vq160i6(^1n26=uUf z9Q)P+H}4qkJWfnsPS=V_Y;A+h`@vrBD~IWcXs}H7kmW8YB%@A+!2jEWmaZ=@-xeo2?yLYbI?vg}TrB2SSRHbz|SG1hC$ z&F0$^EvJVm2?^$iy2b@{NKrvqg?ORC&%^rt22=K!T>12(OvDSE3s+q0I3A~sd-wLJ9uO;gthP0F-EN}-_L2H z_j@RYOQ9?e9GRXdiG&e z%#s$;RD86cHYK%G)R*no8;O|anj`qTFos}qhk&oy3s`K!D{pLhl*2tp-&Na;og~$7Bb}Rir7;W~o2>EWyiNj6Z z#8HWFqvZ-aOpBVwDFpoU7FMJ18|)cSW!@5o!_A|Y`Kn;C-!1_z0+sX^47(5zkLQq= z*3o)_e8iREjPhZ==EEOllFaMgoDH5wRK4NiN}?qer0&d1L}_i$rFtT6 zJeSi}erIm&RQQq<`SJR>S4cXc<;u&`+}!B#OR7RIuP0wnyYzAU3JUtxbhu!7EU79J zuP)DA$gsbwmuMSp^6-KxQ)B0ZmWePcwTkLuTBvm;))Mr+^d&MaosYf4J1u;6&YHo& z*~Rti+;GvJd?i#EHRa5!H+g5IXS7cHOD z=-Fi5%4BximJA)a6()L3H^$VxoI~7uI;VZm$nzrA0pKGv{R-kk72C9aiE`##0%BT4 z4yvkBuRWc$nhQ`c)(<$Aq)zIXKo z+awl0tY!!CaL(fs^gq+5T^H#Y_?+|`%!)C&X+A(-C3dQ2-2U`@hZcECfU6S%cN!qo zEh!amYbQ*+ca3{l3$$&pVlW=X`J4pGGPzxko+hd(d5v{ z6mh?Uq01rb4c*R}??DLcLw^w-2pA~F*JZ#~^;qQR1F}*{38E5P|Ck*46wCg16+Z)n zZOJbtrBK<@mM#V4_1Hj9XyMSU5bCJ%hXkd%WnPf3n|VqD?IR(_&3Rz*f$IX}#YL?L zvjuoK)gec2gu9_;qr+7bif`eyw0&8654J?T+={=;w>t3J#;1)`P+7t>P#?a5q05t{ zvWoL;;^by{&mSyB?x}0rxW__RGTCg`d_taLkVq_z{mJO@zIIUk6c^BhTTHpYy5he1 zzTxo7zh9qeeM+U_1Pw z2Fi*K6u91A_Iz-n1aPY$c2M=&X8+K~RI|?0+pGN^m&lB8w>V&0hO(|MO-b{qBCen@ z^MuPif_GUY zVZXu7!bhkZc&|%b`H1<{MEPuY`sTq`xF&d6=a}Mzbejg6?um(t$%zAvC~?Vkk`VR& zMh|Ct(x-$)D5o!G0Bq{@DVL%))8KQP<6uTGW&rV54I`tZD)u39nSs|KZJsRhCEL?3 zFW|Pdx6U=|7yC}t-kjv(l{YX#oc=6bRN zwd~a_Mgirp!yvZCMvz9wbqr@`Ow0u{_p8)uwV$)a>JjU}1RhgoCht3eP-XwZ%I|Uu z-urqu2}?mPH+4|;%~z2V;nOYe#Q?eniaXZy>)Ng;vJ&q}1}mY94yKASyPHera?^e@ zh@Evz-;pt-FkdZA-^o=+SCz*1a#e-lGDq85bqzrJ7idLn+QPnJkvms|jdu%tyx_ULOVq<^@e=ot?Rv8l1{?#c6Yb;lyM~vY67_@3 zf@ELckKJBMuiA=X56#!~k_orMKE|`^3bfz9Il=;4Uf^<8$DS;M?;0+Gy0C6P4SkZU z;MBi3q(8kPn95b0Eab!=e#{%pz!uD~G&)bOrNyIMS|BWdd@cEEe9$|n&Io9VXPDNa zn5(k=(Tsa!{bbL=n`EnzyJv4I80~Af%7a?cLLcd8eh>XI9_u0F?;mU(Y^2z|P4*!5 zKZ_MU*YTDXHO=~uA~p=cK_g60YUisGYlxfXe}?uP#pPI$*mL#q;uqh$D-L(SLpM44 zvW*wbj(wXKfcx%tL%!VYkcX)HfX4m$&_LQq3GzKR+Xc4t_)D50pNyd)+PRm4t|;uo zlQH}i@tsB~HQb-;3;sV1&g{VT^EbHV&DXcx2&;MKYEQDeJ%q>EdQ;SP)9}qMxU713 zdO;vMWy*Iuz1w$QD7qfe>}vzM~<%y zWM%efyIO5JZWPvTJn-l~E%KS$=&6JDz*Q2m3F!g=dbR%PvK=~JyNa&T!Wf`wDDeOa z+EjqDxfom2-5*Hg(Fy$g_9d)Qg)4Bo-@%vHbBJF+a4|}1A*4q$iPJf(P{~0_Rajhy zXd;rKNyBh2j62ajFk)Y<#@hQh(zk!#_slAZ&7mBf9X?qs!k%got9>kC*#HW$_CFvE z3tDwWDnzCv*;}};uZK=jb~kpScN1g-<$&%qc@}8%(B>a(g0QVPWn&aynNoRQtHx+@H|ZuGe*6`Yz1XrA+A|3gqYe z>`Uz2{4%O?Mwwf|W99>|GR&OFRs#9Z=P)qCRX;GRv2#d}n?Od~wv>3ga+93Bl$Kdi z#Z-1%(K`fLS!UPCEM*5MbrY&w2I6bZY3d)WT&k(7=Nmg}_~;&EV7Ng1R5R1?&9u(E z@~4*Jb~Rdf0|qbTcfh22co|q93&#mMq6LpWcP)@vVXb~>Zi*yKu>fC}x;=5;{45kM zpba7Sn5{0c5!i$4Z!`&Bk?$AR_j{ANe!F@{_pIe2p}E?5ZEu+%^(|+@0o#L(=RWDq zj-Bjs?P*BG)k>EsREh#ox~}tFyUTfeh#I}sfZ@^oxjMg#RQ6rISfu|Pvn3?J(-9Ol z901(kQdgAo_Gf1_0E8g*>DgytHtZJN;GR#!G9m2KBO`eq{k0W6;2)QNx;;S_qYyX7 zk(Bn953C|!*ItIShB9u4$|<)}>z;`SI~eP9(S6_ERK6i8Vx>RLE|z}pmU*sSP-fZN z8$5g&iI-oj;5}4>;3Zq3MojXF+MCGbhw96pth+QEKfs5Ova>kvRgU4Od`5$-43KIr z7wR`^3+kU_EVAp8K0ZyXi4G)o z9hfnGSiP-xV#YY6$@4stZcL*@*nLVh*A=ZBpZK!HTO6nmVY%A^9hrljypxr?MzhH4 zWS95Y8=Iacood>eR<$S$UT3*{-FFI45f`VQ<0vS5GR39g9x>s}wNctr)}3m?GUMPa zcC;wU#V-&QlI?-)qnBAZ4uuJw1Ek7T6@IQflir*J*cRcZxxc620f#sQtX zEJC-3(X>EQ2VqiLJ|cLkf6o=htfB7!>9P@=)ORK#C&tT@*kP%c(Mq1kxK~#ZhG1m5 zQipOD=jVg*A{$|uh^A#@QrnO{f6;-5DVX!oWOV6gF3h82)fc1w85&bua^fkk=FKs% zK}bu@V-{ff{!>Df2%uMNO7!w?>vKe0W_$J>P$sKioI+Jd1QDtOab27Z<%7J#P`|H^(6IQ8L$wljGZ{?Lqgw zf=2+$e&or*mte133xoB2t8`yNfugh1>4gn3(#Br+#>Id#^TxyqelZWFo2jX}%m>xV z+TbqvD|OuF(r62NG+}=K^Ke_Sws(?p6AB^=RS))49&4aU6ZuvF0p4osh8D?Qg1);R z(fE!^`~9R&kH)UnArhgtjRLBD-e>a#h-&k`w!mXr#@8y6(PXp$nri0>F&0uS&DroH z*x|uFaEO$SzCLBW%igQ0O`{B>sP`dHw)IWU;E}1~Qr@-;2zL+5s5=LNy|cxQ4d(=e z;8{g|hs)hbnqYl5!e-{?ym6fvV-8xhB?P}3iUJOJa#!%=LrlTr`N|T`tMux-%Y~@z zwA?H6vl_%)y|2sh1?$am4ID8lw3t!o$~t@#K^w~#bW>eFSK2)1!r$>UV{+=CPr3Lo z0~i)Vi2I4F=L=-ahPc@IPdHgSFePPad18@Y=if*G?)NCg=U3UZvTFfAPjrl7@bxM= ztL39{Nht5jI2%3}ooi`LKT^L3_9J`C{xob~(3i~kI_AgMP{VVRlfjhL^Nyd26M9qb z++{Ib@T3c-tPTT-iHK?6pcX5W@-;Nh=j^*QFDf+W+T7~GZf@u5O0G5!4Wt0bI#^l& zIyktxw#D0Zv&(X(@!;qpVX;xSngl?IE;7%}Z-Q5CU4=ltQ=Hweo_;K;C%+Pf?vMCx zJ$AiH>s}s9L+_?6sqfHto!2wgIScTX2D~K3=D7L-YcIshX27vr6d2O0J6YByMWByO z_mmRtzRh~o)mu}RW&H?5((df8q7oh3c`@P0t3a zw9?|ydkwcR^0o%3V>+0DVq z>-L2{^WGeb3bR*t-rjf311ga1cieZow>F2vtAI0r=sqXkY;G#Kwk5oEzn-e!-?vyK zbN^X;FQh8uD!c}v8End1I7)odib|s~-M-!^Q8fLO9w3MmA-9!&1$WW(Yumvt^Ka)R zLsCw8$2aNiBxHo%U>F5@`XJdd+HT;RX6(86AVzk}+U? zrul#(<8$~YH}{LViAeA4Uz`Yz>+u@BN#vg3njK6?eNe?s-)&6HlEw_)wSBqw1noHJuTnO&xxynHHpMe$O7 zNkvPI&6q|#Mq5;;d0uVU!W8@b*>b&UK-iEpI?gNkhRez7;sp9MH__X(WY%6q-%Fe% zZj1b|QT@T?w>{ugJ3u+#qJHq`$dm9c^r?2^r)GZBz3+R+=QQZOW0BkUuwSF6YOkIK zq?+7?YP($Fal89RT2Vv}z_wt!vMB!5yYM95PZ4z9DK7OE>`-6&IKGlvLi4rY#> z59~CPF;)-vIF9LR4t|@`{SXsb^LRz_Iu}0G=f0WB3M5E>O;g<57{yZub8tX6s3r=1 zAXfKfs~=vww>-NMeimdKqJ31i!W6J{Prj5}lHnzD!pk_PwN*9Tqvc>mlh%*-pW($& z3=R&a;`Kb#<~)vTv8VD2e#LhGutmHgtO3Yl#{*s<_++vBzrSZ#PU}BmA(SWJ=+gPpJwxg%LLW`yT?Krf^LMVy% z+*z-C4)mEk)s2r5la-WS(!ccUxM_Lt`C49>1r!eZd+JvgjLjh7k{<_x?lXj$f6BsVFQrSc8n`v zUM!{Y@$nDEV<$NoOT_42L4Jy>J)Yyw2q2l6qOV?4BDM2!>&|kJAOlbV;eGU)!*#|! z#_wtpO8~(B@#c@|E0n~z-+{>#OF(?^Gd37g6$9EhJ`fDp#O<-IN=u1~!sf_aS@+;c?W0$UO z(U@sBt8F?d1w?1FN7WTGaFsc9U7D`Q z`9>)`!}Y!{mVQO*+p$%vosL0K(3Y4~vEfAVGTQl)l0l3qPdhNI^mr;ss(o+Qz3I23 z!qxytm2BbW|59@Jd*j&0GrC%Et(X`zI!UU<=*5yXe0sPoW>h>YSD z)r#;FID5$)UUWAIuNk577+j>^P5NfX((dfUjh_qn?rutph}@w!eoy0XKPrrZEY^a< z#%wC~C*sQwl^4CG4h!XFq3QAtE-RN2pT1!FuzoQuMaLw7A7Ps7kWtB2TUDz^08@4N zldEl_Uo|dphPT4e%Jx34Vupuh7w3q+s-T+&iKInwx;5%s-JAWCz=)Uic;SggrR`NI z*8idFErZ(r*0o`*Kq(HzrKQD+yAvqxTHM{;o#GIj;_mM5Qrz7M9^75u{LeZ2nSIWl zcUC?`CNs&(FY8|SwJtHO;=8iV57}&eCd$| zmalEctIgxxc+;wVHJs>)Hex#p%B@C}+>akWtaTv<(-6b0Pl4-nkB^Fq8a9Kvc5jbY z>*sv5D3K`JA5r34Te(Nk)M8^}Rhs%qe))6zUYqcckk!zz3LQp9MK!Xo+b?=wRS??5 zoUUFqREqCtD=2)$qL59TmE-$`gw!adrB$A>7;}cq{_m#<5SIRb-GU+Zs@+1xEKAt` z>yHm9kq0QyYD*B=uEhRBjlx%zV2qy5!D#iNss#d;-9PaHHb=cnJ~+fFg_-S{qMEozrSj>E8GE0t804l|IVI( z%tA06wAylSPR%{YwWI#76Ulb)j!?y>=6<{N^V?GQ2RFf z&3NI2i`n`KxegUo;gi<9^4?%HA3Y(5P0XP0TXMSh1b7d~f-`Da^(rOH^Xho?n@dnb zQ)71!@D`g72`TowQ>3fIe4*Ah`0Z+gGoUSxv4GDpK1=eZg5)$T=OH`8}5*lLtK_bU7dkg53 z*grIYIMw&Z@HO{AYm1NRRN!>SOs{r}pcBOi5X7iwIFdt);oGd3hIi;!uYHISj*?B~ zn#=KcTwL4_(8Iv3$uC~>E9|<5*HzFP+0H;@Qokvk3e6s!3GvCmyGXy`U}U@z-&q8% z&JPxou{Z$lYeKokZEQb!WANp_b~XRAjsEWoVAJm(h)K_g_g|O(|9cfa8mip1kM+)` zb6}6}YAA2c;a<9~JIL79oI%HX(9pD>-rV)TeGDxIIf?VReh=leFeMlV*}z@(^TnD=pj%zFEmeM@1X#=0pfVXny>osYCs397}T#OM@OH~NUMO(11pOx0n zbUc-A&$!^KN>w*5l5inRb(OFb913S?{I4qX@4MPB{u@{j>Vc=q7^K0sLx+R8^C5;E zCl#yf)3f^I0Um$&KMQ^99(DSz3a z&KHgBh``3cST_Du2ACrI_H8$#36yXZ?(n#P!Xc^T82?|?rh8HkWo^#MxVE#WsE>7_ zAAy0*?V0kFztICtLZ=!U8XCujhN^johlefP*Gwuiz4^29BgNzA<`i)H79$@c+&cA- zHkO^CBPYM+eBHLZ52Ilp93Vevl&3-X&}LBcs~2KL1F201cL;dC9jAo2|5KX&r!EUr zV`f7UmGg~Wll_-Zf|bdSZB^GV>vq+5ZPtr~lnZxJSWAXkX(3XWhz>AW8MAM$*s$g< z2<~E+H!z`4 z2)mh{=MC2L^S}1b9;^GJnFVp|17aN|CmqZ^?gl9UYC3UP3`b zYr6WX*O!ai%Mh0#BwbFc`PA7OBg+K+bTd1t?9VMJVgR1}wOfE_)%+j|^GxY?j_=)~ z%i*RM@PC#*y$1|Ck}VP+@Hh+V7Z{VzQ}zK=eyMyXso{hxIXV1%wqW=GPbCIrI_`8r zZ=v@A*cEe$wD2@wv-#m=p!u^ss>ktn@xiYX&cz_*J!idYdTRc<5eLgAdrTY~$8Ylc z4Xby08oi}w@`~VwGkK(~n&8JRA`gh+htVVQs-%`4?8Q~-2Sk#vz783B^mVwhQZv={+fpb_)2Ax#8c{L zQb9=g>}(~NK-n0@RkjH#RUBshO@gqii=U4>zJ_8_NFB7Q z?u>k$U*r&XmeC%Jyy&c~M;o1G7ZVXt^XEj1Ze{zsR8~&4a2gBI>0u`rqH}!J)5gL* zR)fC%I?Yd4nv)};p`jU2i}r-AOp3d(ut3h*SeA`h$bnf=N{y=~w`zv=%6wu?HN+2SU3t#FYGiTZUh(SJyY5doV!i>OVn`UY*%R4QI zBbiSH#Tp94n1U`Ko7rTH%27m3QKJ-xK84w3%)+w$LynK(r*t7#0(f<)8M`Jv8>fceR? zGq3&zh@4hfLqp?q3uP>NgJL&Gb745%(Q5d7ej|=2)T_E#aVrmEjk8_WSl>7_rtWyd z!=!Fl-)MhE1UK_aY~To&lHhG_o-%g`Yo?#`G&Lf~OBI{JC9C~K%tdYdv}(U+HQF(g z-?^602!ZEX{*^cYuiJWq{o{N{Td%3iVhEp8`&OHdZ$wb=xH3h~lU_k34WU-wC83^y zY+`uXR^xinj^kB6ks&xSjQK*3bmT7^+~5~~2A>_76xN;h^3%ggpC|igLoRf*5IDV))j=U5N*O0~_1EM{8@VC=M;Bw6@luxM=VI zMx(|fJ38FjIniHh$XeZaj8iU(w#$RCZJQAOqMl;dFzg{S=X=uUf4~PW4S6E~*Z@C9 z6+F43__Wb!HH-VoiCF?%_%=Bh=?FF&ny*VByM9T@krNND_OOeSe{XQ$|7jZi$;LfU zL!oSxd#+$qWFdlM)_eOGp<6$6RD*r=c}>9wb#z&z6e85-=zTT2vkiwf$cC~YOQk= zXz()+FYnKwVP5sRJ0%IlQKdoRo44o?4xq;^du&`f)u)CkjoYuELer9Ygx*sZZ@u4^ zL3D4=-97It3+u-%?;diG)#ELg`W2Sz=WaB;uRvaH<5a|oUVCE^i9uT-I>D~dZ}nY; zvMKF@Ylt85Et#U4Y}S7`?vJe)l1dsM`NBM;d|)6|V?XG_uI`SCjy?tQb#&omcWo^Y zqAALzu{Z4KPYEPTJ@eEFte%hc&}m+sZfX5pI!nFwccJ%R*{D3H$iTU}2kX{$Su=_S zkASrNB@<66{tYNx0zkT?XVbq#0Rm9IrM-OQHb`to@sPBo%F}jrR>X1rKL`R)9N`ej z^;kF#hsEq+$QDWP~0FKQ8f?*dj`T}g_fUizB0aeWY4RqECIzLpR6B7X#>l%hW*gldw#%Qoa zQ!BI!62x*;4Kou#q|}Acz2^U!FY$n3BI8Z))TgMSc+VVSu^J{*&3jVua9l4*>ZCBb zjMxw;vbG|V#x4<$q*e_Sd6W(jg+k82TY4kQ{swf)BDC=}=)B+oPc@T{Og~J7MMgA{ z{p>^4D(}6=COH@%U(W~e%;Pk*dg_u&KD(W~ecYT00*z|>F2XHNGa+TOXPtgc{0DxU(bs#%cZ{Sy@JGk3Z<#+4>p>;Ppb@(M__g z{3@st?G6XaAIfM49rmz~KoLW1)XxiqgZG2_`!n?Pq0-N84>78m`P6zZnJCJdXdh`G zfxl;u$#?Q5Q6B`}ag_zJoLYySxyn`*$;*8>)(Q^|tv)BBMZ4)K$PC|Q$3$d>!Mn$M z7k`kg1sVFgU|KQ!3xWv%e6G6WaREgWX0_%nz`-#}Q3!O1io8(;^nQ z5-H89o(X1TOm@VxNfDQp00|DSXWMzSp#fT0*E1<1hZ!^)$W7tn6yHHV0$RI zCySG|z2;F^Gnl$K0eST9C07!Lnf|G_JQ^yu>+k=sd4b$%{YNNg(8GoaIoo;2LrqNR zus=Nr;2atBK}%&rBdUah7t8N$-_RwnSfH&m=Ahk7M$PmylsQl+a~zDj*p%9iMG)Hb z>r_RX`h3?@Pl+B43DlegQGD%)!Xgd@FLjK2m(AX--^!eMvumA#j3l{2RB|$my)av)dR$` zql;!YGY~ER{qKcH1@qihM=W2|HxSp|jnz$h(L5alxYK_;()eX?*cmg}5PoZ>wX@{_ zYqaT^=WF?Q{KoDSuu*=fJ0XCllxEP}2B4_P5p?}_WZ`aw3v-J#p{4Dk6b(fU%44dW06HegGKWT$5Fy4H|?$CmW%?c+<$Fw4KUbP$ly44RksIm2|_6mErXL(AFu z55)0ATubY>o2KR|+HU`&0!5ph`ow``tM`dtk>Ax&3Ej8aYG%Fe!D()6b=1ZOHCrX{qJ3eUnWfxPCc?Lm! z4a8UZg1-O$>cQW#Dp(Q{i8lmMaV9R zO$s_BV3)Q#UaYFCImJXhnIa8N&qkzcOMx$v4+mSV?6TWvfsYm}H?OW5Q+O+4e0@k{ zA^OXQ4nBrS>m*1 zOF(a%cA;K?p5>aVRZ{NQ!eOIkURxlW;SszOQnUKJ&U%I6^KnD44bS&D%qC~NVzrTA zl2>hc$Ws%-58x7WuFI^{Y6&l+ZrACe=g}SblUb8~mt2*e9!c*xF1gq&p_H+z-n=0s ztJjWI7wctqvS1;DH@qD84CS?{p8nnf3T}E0_Hnxq{|)s}LuQ$>MRkKx;VH!My4LC4 zMpI?l+@v@;U#Y3A^Z~*&o{3s`3?V+($Yh0(niUKYl%RqSB) zq@f7vy@m4s&+!@}zzB5?DDRDjh5`8rczKE7Bh+ex>DSjFo<`?CR7)(74z8GS&f*+W zdr9yOp^?5M)SP#5EOcC~VbPN}6i~w$a7ngy4dj*c7DDxLs;qa!e?CEg5^A$r>&0V$8k?8wss`HCu!b|D z!#AdUH${YZ+K?B)<7qo2-VZ*ibtZvmBx3l@MOYhqZ8~&`i3awpiL#O~nOlXIpXB@% zglC?dY1Yr*E^rrV$>;fA=L~I*lCp*w7lu}LiJt~Yz5V$gNkqzoMGa>96%7u*TYTaU z^ANfrAMvT&K~$(Sp)31TK(>hg$!lzuVp7obLKs+#Cr=&p>K7uy%YcJg;~lC&{|3rs zJptv>zqy2qoehIyF+g?;x^BvU%{;BYdA6r=98UAM(&zb11X6MIj*Ov(we! z*_)@WBc;=c4RQC<0kL=Zxk9r?H98a}W1JqXjJ^`bo za!*4YH@&m;H4?ScmR8Rfc9|O$tvffg{X5mKQ-IBnw-2>-p|m%P5k6;h-*O1?udbej z+b}jnUX2ksqlFDaEw=H2(AWdAZ63pa;*o*TVyJN>2|lMa_S0f3W4^{!_IiP()N3M9 zSne$%4=-h9m9fwrna?1h`!@2!h!cKm|8s0T7@3*I9s#@T=&29U!rni$e3zuQvS5Eh z+4akF>22z{t{j>Yq?dfrIPP)%=2MRLN;=+`X4`%=5am8gPFa-N!_p`Sc;Bqn{p3T) z@0p3GDK~w-8CaF(DFP;0qiNk23TEv5q4C_S*|W%IsnViSu|jaV&FcthDVu-%I{sAA zb55mQoAi-aj+lIlZ88Not??=Ilg@ce`r~|+@A=VO$qtFf1%H#1L~EILTjebWX+;Go zFvZ|?LRZO$P>02Yj99gD$f+pHz7n!O40t}sLt9^4uG6Ax5F<@)8XF@&I|99B9WT|? z8CL4}-nuW={^B9jg|;@gy79k5;g9pg`|G;d9tUdjzC=TtTzc|zKG71rDw9uK_3HzK zpum(Ds35xf*iFl6XLY_>S8fM-PO-5POt<<(3qe49zWp#R6P+eD|Db0L0c z+lqwp-ywjpGEn#_m&Motl9rjV)gn6NKdr6!r0 zG%vFhwMtW?NcZHUxJVG1S5^&;D1V=aXR)JA2aG<2#AQ&49wqZ#OS!vNO$}&CO5BFI z%JZW4*BIHSN@;S6DNrBF=nMKDau7Z=l&QA3I~KJW<40KYwhO(7rVIO%mWgksG+3&v z+PT|AD9+JKrh)e-Gq%{RSImM{j{0YLl}6Zr68KWHGAYe2rxwRWs;SUr4dFKVvIFO< zm({!ROxaEXg8nduJ?-j>M|4f#mb1a+yyBA^k!zHN8(2K0;&?zV6-y$$%WR?dX)3#n zJ+bToRe*+21iYw%xbG`xsM__pCizxY9uf@IUMOuUt9cyH`EOFmORatsoT!n+SPS?$a7mE?_kKJ(e0_(_Q8?`0XdOFa#@oxymwpJ%2b=( z9ShT#x@SAzzh5~`lvfGcev0H*nDNge|GW`U2%b!%-n(JFjB@Vfqh1N@n%c0Krf81b zPSNN#G^6A3j1*C#`)r*fU1Su#=r^d@xEm^K65b{3)jtbmZ5#m)o_N$SOt+nkoz~m> zt)3gE>^gq_ejv;39*Dh%HRcwggzSa9vZMWgT%Vrz_S2JwO~uUPctPuUcA-LZjLNG1 zht3DUh@uhl&fsP>1828X_UeagQ$kw5kJdA?m5LyG?b;!-ge`pR6`c-`g87fYEz*k* zW}Jq@KNm}#H5Uu5JykWQU5{()`s)_(bafJ2Ms82$2VdV-0Bv`ta#L!6Cs_sSg_Mg) zjxSIX`g6%lhJ`%W<>xIxAoB41S9(j4M57*!`=+k<^>w$MNSo(#m*=0}LnXiBZ1JLIaOtW6c9rs#DvYVHswR`E77y8r$kBmRouy=1vAl(u z1yVD}_X}0Jntq-`f(JfzPl(!r_cVzNG}&R|Z&ZqkoZ&Ailq<|!RP7@0;5}=$wIESO z(dnikweK2ZclDf;My$c0Uo=T=9=FGBmOl5sX9-GTEs&T6y!EPa@P~S#`XpV`>c(vC z%5Qbq_-;_%!8#?jZ|(RtLOwU1u{|MK&mW=p@pV`Y_h~uIF65h>4iz~Z{>ooA(T>ty zO!{sZaq{_g?*CM%TubA2E+ypMHByyA6&V9K?nu>Bs9Sph#ntT4HvXiwEnoEQ{LuxB zWAN9#?Qq{-sB2w1A)K4YG}-kK^=aGnb&Yyjs#J_6Vc<84_QkN;Zwv3dcfGEYYRBgr z-OsDWB^?nScd$L}JTq71#3<@&*O3darR|FU1@YriJf0pV|1sGf*XoA92ysZ3-dgYi8y8`?F{Wv@kH8;zBy8o zHb>k}C*NBwHaj1#q%>WtMs*ie7FP5!fKQfxH5nbgG2mf25Iy$e4QX`a`N_RQ2dp(L zzV;We+a6NvkD@*ez7V{}Si#@vxCjOS1K8Z^;e$Zd4iU5Jq*gS3J1Xl%bVtyYIYj)3 zjINxV=;NzxasUpG8?*cC(JFLpu*E6s;=0#0U>)>!=c?J%gCL5`GhU(5v6A6E@z~hK z2o5K6Om5&6YEHGb#JfoBK&(H#XXKoH?7%)|F@k-i`iR@i@AzbNpGW#Wru{ZrW<^@3 zqHxBk{>61EfQ%5Qh=I}F&q}@B&i}4l28e@+NnlCZq9Cwg=!RgMvy>@Yk4TR*QY&7G z-Z9CKnI62M9&)9wNLtZ*A?GLXpQGgGmr9jWZeNCZ0wH5)m;xwh_FyUp2(Yjn7nf?L zl%|c;kZAMyCRXNQyFX&RSi$tiFDoIDPxa0v)Ft7yCDgWOE0xY=Do4I??ki+M%a#43R&GV+MHaqTkm3eZCa4~g?0sfa;Ya7XE3!xe*@(Uu@JJp zf7n8#UQHcQYn@A26j8!dqJ;mPU`&ZhV1a>|k4waFkWjFz+2|BjMz*I6`LWi&%!^>_ zKII0P%yn}D4QO)ga~tLxG;Qym3!%ys8%o))R%I?18ax@O_hjv5(h4Lm8+sEg@|#Fl zABPpNtf->TcZnV@vFR@n zv$JE4o%(%{XQG_e=fT#BV|2QSTcs*xDpN@_{jD<<<2#6=qv`46zg07PDx5UA9##%W zr#}i$P)49xtu-q+*5{2qA#P+>Yu8haXIyt&|LLvmw4BcUV>w-0AQGffr83`OzOE6z zWwc%fF8vsi%3*s(z-F;qDEB;KJkl++BKt(NrCYgSYyHrq|LU<==`9xVqaPjiO}Rot zJAAdG@Zl7o7kU)l-e*NIc^d2a+(Orziom6vWbfJY1Hv@n8dx5-2qB+0L_~xZp{R#SrckehFfF5pEU@ikZn^$L57IA48b0j$mo1N z9{G&%(9~9LULku@Q6#sj5Dlde$RICe!y92JXJ7epRy15qn&l1J8aF6l3=tj^S;cy# z-nB0{%cOq9c_kY}XOw)t=o=$qV@Tvzb-QTmhQuh^GI4zoyx|QmuFy8_e6}`!aavZQ zn+%DW&a4l*)|QlHS*!wuC3cc#&NSN_a*db246OZ~P*V3Y)uPhOnU_g(U@e5$+gP9a zbGW-p{?Y2nbkpZ!na~U5j0@+Ot5R?It9=oWg-0B#|Bamd*97t}Euk&7wnl52N)@au z8S6wV)}j0R4MOW!86W~Dla8BrmJh6mYQ;FU!2@+s+eBOqA%_)XpWSUL8*#0er9Q`Q zK8DR^7-dQig1WdaBPK4L59-3lqR>i!!d0c}IrPFJvdA|WrKkWrUZZ5AtOJ=ScwsEe z44@ZuQtTq$kbLnsA@{6KdR(-v*S~+iyXHP^FMe3}ym2uiP^;q}y-g_hKU-}$H0$5AR3tIdB0WVA9`o!63-_?y`JH;(^Wvx`~p z<=0BSgt)_T*s*qpRe40F?wkEhwJhFZv8;i^*PB71zv#BTQ0xIRnHbYKYq#Do>a5f# zacmi84#yB^5dKa}cU{dh)#Z?XK<%s{=||)iKOQ~f^GK2Yp4uKY5coC0HL+Ct37|Hx zs?l&%JgFWmR?ZRov78B)K_}m1L2aFKlqwjgFB1Y??;S#4*|gv>gm*#EGP;5e%dj)4 zL4u#nZZ*_+yQ$ZcXFST@yVcN0LPv_bmE1_o@3~e&swq6_KYKjtr30|NyHeJvbaSaRzJXYyFFUhb$C%;)L=G`1bU7#&wS<^ zCc0%#2|g*#0>A^U@si|-SjTP`2tGfJsnx2fBW+_h=<0gu2M%A&;m}!6wcq|Sb4_2MUI)_*ql?@!gkC$P zC(M6(;|K(lV*>`&LzKrj(W-TLB(Abuv;2c6%|C&cP3;-K&W=b>MmrGmI5#%XTk=0Z zPlyqUsB(7oD89SNj&#WDAKbn_mEY_ z1k~`MRs=kE*7qx;lOxGYe=|Hc?hC}l=L-2G=@w-mm;VXYO1CX@0Zf`ZlC!~PH#(o! zLy3uap$zr{p83*?_GK9;_4g?D@79pq*X1J8_-%`h1l_(h>Thx!eT*fe!AJMIault& zS-z5zWx;1NS-J*?m#k0`GkIB){IAW_VA;g0fVyZVBj2|}IM?a^q&CM1KG1jy3&aZK z&2xRet3@>UU>2?pkwka^_ z=LRv)N+kYkD}IL?dqUnP7@Zo4Qn8D=8Y1>m)he5MkwD_ZUzQ_gfr@D$Jcn+Mgc>}L zi-c@cxmnXJM}J@xC4p=oY_VlTLNQfImirS%QryhU>(vNo=*yI%8xi%Z$L(2}Q{&_a zdWV20^bAeB3$r8$_}jGt+XhluG{f7s7SIkn4kU6XhvV0>-X0L7qQh#V>Z=Sv?$fVt zt!epM=hkk>Spv%;TVec=Nt%sB&%nY6!oUlGe-PB9ejxGO6(n4>t$d6pV&qZazl*I+-77Nozw#NW$M`|PWOTT@sH+bFZ##5oiNGIB*J%ndO2{<;6*|UN7h$S zICOy(0#8I+IuxU!6CC^W=aIFiX~l~3q?M5WXXL$^DKK-zw6 z)A1;J@9X;r|tLm^PrTVHnrn|@BYang!f8Dcj^%pmMD>5$WJW57> z)wXzp!eq{{JckGo?r)pB);l^=#5Ljs@&!@4NwU;J^q)Z0O%`}%q}V$CewHr(XAgYI z9;^qabN*Kp4z=iN{;!`eL(aRt^=*l}E-ZuUJa~1Fz7HmvX8O$8p|@Wi3j>ny7^<4D zTn8r2Bh3E3!PegqT{jZGZ?!emZwECD9^O_)iDvx4T%; z09w-w<>5*l6<0~g(lYu7nKW(@C&%E+-+L*eYvn1rEoGIR6A!gXu&)T|#m;NTXEkD^ zjcnwWntCzi#X882bJ1FEwkMj*KYg*P=09lK!W6xEBo3Jz=*R2H8eITvTYGY;)XNOp zJr6op*G^pl2Ij~9q*qxDdxqSS*+mB^ef-QptgUQDFReFmq%<(ssuaL( z?91yuqwg)BeB4^h9;A({hHE=u+jrul0SC`JKeuhM=wsF^6i)J^n|dIM0jD z)%Aj|mkQz}Xi`HWNc*$RFPymU5MR5Wu5bB^xoGpkKkrjiG$&)%(}<(Pk(vC|WFL!V z&isEO_=cn~LGJxguQkCK@Q4ZAaP_!NiVB4L_{=t1KFe}{t{z#GJYFH01x|pD2Lzk7 z2mAd;ui;60hxgV~7ZLj16qs-pLGPSYq|ZM-r$>i5JU@anU9bkc_2BcqDt@n_9#re) zL$2{{zvI9O3!gy_f)f48ep>UvSkRpspNVtv4>MH2*tH_^SPI*$_RUUKO76pY&3Q9G z=bjM%w+S^;V~7ZWvb-|>fG#$=p=cMmai3Bl?-v*tWBe?t+C+)RyG`G7dtI-$5^QJc zGihpKiL5qpQ(Fjp{1mVe%buhG-*D>-ZdNTk{Z*S;^ZYEqa^+4pL;g1s$<8{^^i_YFAiQ8#uy~dH=?|P3mUGQor^GY<7tR4=_K)l({dNPn__yD# z&wbTdO%1t%=c+X46U;9ta(ja#IR_Iwgf}3ug-R-bdI`Z4v4n5l-!VU$e!`9rM$Ik% zrjaL`(VF`>fb(cS3aE0m?YKFBd3wQO*~Kh)93I44Z|Le8!QP^3WRi_n%q%w6^@F`ZjqbjX zE;RwJUtl5kdpqCh82r>G#BHBn8PCE=cV?AvkR7)Bwj206CylB$grr?HwhzBB9SHmu zONPrYQa^zey-xYz*@*{CO#T`%2{1%b$qWJqDte%Q`OJeJ6fGC?B3wzYmOVEfN0an& zLx!+Ep3EeqP?2(0E5+ba)%g^@MHsBUPZkU}9uw3<+Ru8+e{})Njq4dM;?Q?or(%)@ z3&j~!b6n-yvJi!Qkc+tFk_(O8eA9=!+s{s2H4NYLIE9x8@^l5_m)V_kFYh4WzAh=! zoMTt~q=~>OP;XOr2tCR!)&w@@TZ#?Lob|o8f!5sz=@Q2c4yNL@-+heYzwkYi#B-5) zvrg<{-6Urt6Lv!kiry{Y>5)gNE&-W0Ik|2dP0l}qYdv|XckrWhu=Q#sFaiSP2+Sui z^CP?^QHh3Jj8>|*ikfl8(=_IA4ExnCpDY<#B(Ny)GUA@J{wxuE8DfP!gnl*TEaC85 z$JLd#SADxutT5lFCceS!Gq&?ssjo`d_X=uz0RtSX+OKLWmP2LNbIc~yyawFNCyrS@@V7Oibt< z-#d3yc5H?F1Ip^aV@k@$h{i>SCcIZ&_v^;()$Z4c4rgtD`Cg_vY_@tIDG(@-RCV1S z-TP>aJ{ywoxBxrElxZxRKdYC~@xaFBDAl{1EPKWr)Wk|jX&%@-4eE|h`*>whd}nT!V>TdEVs!16{1%p&4XQkDD0{^8W^c$smG z^N$}xkNyV7%*ecS+TjwMw0ZKOdHxZ$x%<%d~ zZ<1MQ2_J%hJdoaxL$(&kn!o%eDQbW8BVF}a;{l8=1ocp-1Ld0OzHjb&_}->=xS~o` z@tpLbzEgUTU@Vhwba!QUI4ijhY8{xt(-jUksK(QWX~}D6N`)5FDdpU+>OIpS@G{V&C2=a1;Sa^4=_)XfMQ@rv;S4qkJ0*k*^I_m;^!7vTZWMN-+iU(dI(VKt#9mX>$ABJ^~=VDUuf zSsye*b_Z0k@9Bq-gSEkdwE|1m%di!b(0v~&Xqf*T#t8mDBQ2I2Ff35fIrqPI4Q}Awzjjhz#=(^9K!BuG>ZRH7Q`N=Bor2`sZ!4UiTwqs9D%f1j=Cq6 z6WA#XbxX=P$MY6eb<>)V&e?8Y06+{U{HUJ>+xo*0zQ`LCf!+ zJTKv)f=nTlV1iu04hjqY#*Np929K8OpxGcje!nE!IL;faJ=5JuUa%y^(2;#Tv#(Zf z6Hg%_sj#RyQp`Xb9@?3wCR!7k^nB2y`zQ7RhJ`j>vOFbMRNevO&r+*Q?#w1iwad1A zg6!ki`a^VAOQm+(lDliZGAt_fI3_Vhho9xZO;v%i_|*MRLvEcTDsc!i0XRU`KP<(- zTQO9MMq9B-Mvae4n@qW5u(^?pWU|3JstBz8@t+9{v^Gg9HN1@^qu&2g8_Ytj6m`iyWIW~|d9 z@p}TaL(0rjBkLd>_M@<2&Sq6Pw(nd-&&(_bs|+Y~LqKA^=^ZL#nR5`iX-a?IBAjBz z+w8YTs1aN=6D`)BSPOUq0mZi@#8loPzVhk`@V>DpF)23pixgiWOwH$geUa|z&rS8* zJS%zs!6(?q+?xVP_s+2d&x<%!9iQQYc>;xXyd;{Va$%6^N*?-r@b8O9(=5C5&gaVG z>AW_4I(FL)T9F;uf-xd(padUhlwBJsGi z24F(sjnI4lpem~n?T*7;yEjUzq|( zciC`%Mxoxzio^7-ytLXN0xe$+W%fR z$$!dSZ>y`BRD`>9 zdjkBKAJ}-XSAsrZVF+GloSo+CJwN7Gc~>7u$efFx5ZOpQ9`;iwQAe3uj94l-lTyV!bvcdrCztc6bm<{zHqf? z(>@cXW7iWjQ0C2Zy+7enVf@k$wWe;#y%0`>!EAbm98q6jJwsuLO(x0Fdt7QWvG!<^ zP>sG zwE&=pet)XUz^QgtH|SBI$suYco4bZw^3>y+dZCil&Z;p-l|B^JcxShFUgzaE1x?7UNn zFvmG&Y6K?c*)uTaXH@@U-w)*rC{LPfDie#VsiSMML=brdCLt&o5twdUcE{NuX#F;Sc>`Pah<7* zE5uBqgv`UYym7k$gbyb1-u11_U9qKJ7GSjpobu&hxQR{bbkL=Jz*mk*`xr*OPt~u3 zErvzpuUv-uxrdxVms|)<&Ayd-tNs_Q2?{Du;|yL+q8ovxsCN7{X%Ra0#1Ks zzDVY&Z(vIcJ7-^PRKD4}P?$!@-psM=1o42+L2$pp^qk8{~v zYypQA9r)>-+m%1SwNrvXm>FURrldJtAG9b+o-FjP_?w&!c&| zf*A2l5EDkhoC??!BZYad&faB$0O@3_DBXM{I#RLRo9))IAjg^rKVnXIfL4ClHW#)e zLfJ6ColhkE&5D{!!dbNCvQYEZ%gF0&qoYk{!IfI07&eHCaS=^v4dZka-;rveLVPO( zV*P=sF7y54r0u+WM8xNepsTp+7WtzPhkC&;sVo=W#~ZivND9xwRk>b;Cu7m!n_O+% zx>J0R#81141>qWCJnS?&UWB)XT5eo$2J?uv!y$vTy)@j{k=oEgrZ0JVg#|xbgLSgA zaCO~8W97if{`CRK*;LzIFwkI(Zi0mHFki%I)-G8sk_zRHF9 z0;j$TVN<_C!_}#)dE3IV6YAZuX_p{!stiJxictA+J?|zl7)5E;o~%i&Ai445*B=Y{ zaC;xzMqCl%Jc0A|wkDvIvo!v&H*k#VlR}}Xq<@%xu1!bq0mbiX8 zKO_2s!3!%vJ~cg4VLZuVI5%RXp@1oH*>drR%!NF@iz)$881{7#zeru=CBsH1tP+sE z1|Ig^>w%US(eHjLWf0%O_>9TOUbOJfOIVFL{4sBisOzaNS!WNS9eOJv_sw_jN*4E! znN;!HPxS3-)IY?MX~}w{9DU74lX`7ib4htzLc64LqInU(8pB&5PUS;V7pOZVucDbd z2i@-7uTQsZ?jJh^?}gWtLTkSpL?pCv>K7cZS=zOTq8x;?0I#J{bEznQU%hU9RCojZ2E=jKmfM}rtf-EjCmPmqVLIehNi$osG zH%Q^yYZL6=i2+A#Vth~wz^Z8;^xyvFf|qqKA5>d?1gnoKWBJ4f<9LMx4^i2# zcG)Bf>BLoh+*;;Eiz5H%s;2p9|DBvY;Sy{aAwST(>bt3@N#k=nk888_Qnh{&3m!J} z$SEL3C}LuDjN&WMe?6iwEGGP>;K{`%Uz`S0@vB6mf3rr!n}pLYyF!21r>A-Ax|>Mn zw~|==0LmRRyF2GY%}Nm;VFUELUzA3ZO{}fJAQi5yT_HlNwbMN$m^iHl$a-P~{^CI3 zBc$T5&Qi!#3nwxu8kJivcSzcP0LSInjdh}>y9Hw@g=7e~Z@pR{C!|zbFhNnlGsv`g zqb$V>{n8@=5jd`RWKx-IDN=>t!t{R3bL^W&If|e!M*j?a$#rYr!FbPTLXx}*AFhN{ zIec$4eC9bLWH&2?f$crO+oAFHZHM%k!0}Z3pO<^@)nKoMEWXNEvO#;{!fIb=%j`Vc zkzk@e!HKru%-g=&OuwX)iley-TX0nTOiDxPF!L6`Es|EV)hO&X!kOSzFZv^KO{O88 z^}7Cx)Axk`#CD+knS-E?-{fK7VBk=3V9cD9<>_;ZbFvu?gu2LG%do{(tqsR)fg;Px z%Z-QRPh*7cC*-e&lBU+V3Jz>Z;9D{7!MGbW=lm}eL3>BP%AEE$B?{eq?hYx}@Qb45 zpV}v_zC}$Zb1%O<1CDl5A@D_vKuPeG#ck=I#vIdlpNg6JNN(%qHt^XhF&HG9$vd3j zdlT&xFHGdhZobgq0ag4UR}WE4J~ zb14A|qTi^`F+j{igY?cVb(2Jg6I|ZSio1LjEZl>~v`vQ#zMDY?%yQx433(_46r)Ps z!SgHvhiPH8n-DXkPjsyxf`nK%+&s~2Jrm4t5JWU1a4HHy39TjTLP)(wwB7fr=$-=E zIT`FBggu)h)mhpnB=RwC{7nVnD~QC6cUP5G(@fG6!q6Py)9awJ_UAc9&S)um)FZ;8 z1lHByQpvo)g-qtb!W8~dlyn)V3%3u?a!fc&Glmjz5BiC`2AA~+m*gV#6<4!c;s6l= z_?JQ^q1Qh3`D&Dbjyd8uB?Z3_+x9#6v%L9(ETMZ`L25pIy#a>IrzR1G%~aPYvtqF2 ze5oPz%=`ID+2@+e?Ay;Go5SHYKe^D>mE@5W#j9TWadndg!>;*Wle_IZuUV10PniXj z9wPPqLx&O)l&8BXZFWO*!n4D3_uMI5uNz_Zh#8Z)91|bbWC>Yb8;WE0%7AizseiZn zflK%_7|BaID}D*n)rVi6kciZ$f6cT@%gq&+;oQ3(E<7S$S8P@VUmPJ#cUItk-5A1>Gd3W zEltDKAcbhA@4gk%NWxA*imm7uSEY&~!@}bnj>2E#aCyg<(~ljK8BW{H6y!6Tu5!Sg5^$!2lCDl%#Q;2KLe%94aXsn+UL z)9`TuP)5a&>u5TxCdvooIC_^A!DMKp+9fCu!CAcgJ?(Po3Ex6la!QI^*g1fuB+u8d)b*j#DzfaAl zshtnABmeH{zWR4re-qCTd+iF08F4?7Yc%-j;oml#xT9a_Cd`hy8fZgEOE}7yc@-T< zuJV8@?g&5$DB0+rckZI zbE*?izu%SB)EM(H zLWVD`F05q-yT#$tB!(tPy0rsLq|&__CqptDV86SX^GC&A+o{ zT8;~PP7(2|pv3mQj9SIoJlPzrNBOo4D5`+gBG=QETwXpm1e~odUV$i z?nG%3$5n~zzyheb+3`Sg_ToRLPj5e4_yAMrHIYJVOL4}NLJ#?FGrSP-B@5Gb>eV;j z)1yBTk&`l-w*{5Ca7h36mcRzrQOv}!gCKqf4Kw%|F7z_DiftfNT+BW&7aWd?mY5$( zp$*#)R3G^E5KpQHu>PxIj4i>nDF51Pqbcx{d(iv&-qH2_K%c|u7w`6J(IidhfzM@c z1XBrZvAOC)a_4%EOkhW$Oinv>#5AB-|l|p>8{|WX2i;aG{lD zXoYv|NTTo#7SK8%^ii6k&VSuG2IfqX?pY6UoKD;4F1FtJoEP7cA zzbADwF9DwNsoLZp*xcgRQG;Zh>29TCe8g4y^BDV=tQ$WD0j(0gIlnz+Ok=@rR3(O! zS%2atzuwV4B4$v^1qJ}4%zhw`FsSCs^64l{No~^j^8U!r&)1~aNSMK9keaHxk9#Ml z2$4aF{BFI{;QAnPSv5B&Wqwzacz=GQMAI_S!-pJxwV{85sJhV@GOYT=h{wT}<4{4?^mgjVqBF~I1kGmB z3#kp`|9z^M(E8Z4yaYT3OA4Ow-@cucR;u*bfTC1Y`stmGS1Ev`k9NXG3Lme@2@kGI zi<=l3-D{u`A0US`Ya}2uGVq=i$U2X9QX8cn5`%a2zG18p%7Ru^>#kF0wI`e;b_!|h z)E}CI$yKs`CFqpZr9m`$oF2cqL$V>?0^Z}FT#~4~N_^g=95A)420kCY=Z0keA#bXn z<6}cIVC^dYefaYc83AqL%U32AyWh63;`>Vmc~?EIDJdOqh%G0xAs8E^mVyglLns;A z4SX2d5eBs+e~=Fno{M&!*-vM7(lPj34J|3w4#Lbso0(ms_#(W{(733mv3qG|){tK3 zuV!)6uN;%SG_m~N!`qy_3da_dL>*5My7a5%GjtX+u*K|=_ZCe7h|#t=qx6-3qTH5_ z=jR7d^i^!?#te3 zD5CTjZuZzC3e8EQuCLM@bJV+|2&g`uHLm~QJi^og{rl>`Okhj??t3sS#LO_n<28hY zw6QJdjNF#kjF4-$Lz;|6_$&&|D)^sE>FGo z105;DP(k}}HeuIG8h)!DlHZ~c8*G|nIG-$VX#V4wu>5$r{!qjPu}Z~@BaQdYv(7r>ja*XKR~>_RJA6VYA1k?LBdYJXQhdZRvabT*Qj$|R<9O2Bw=htS))Yga8C2}YpVvxXC1JLS9sdSQ~%NoSfC9% z;W0ba_c`K|)+q<@4S8y5jXGDH5#9?2>n99aU3=fo7I|FMYk=xF4QL6J&y7ob6%t#R zt+!yjL8r@gCuVZv5KEAWO!6IjTznJd&wnaxYbau9zNe5;znKHAcGIR9g_(gaFujnG zfZ-djhUYA*pa%j00dz?{2i1fp6>amQ&;QaF7gfsI?~hRmiH>OdU;O+787Y1{-Uz=M zlyyHRCTGuRMVl@zg^tl+(dTWr&+MCr0qvvl-;yZEl(>7Z=p_{lSw)+pe|ZIgGyJz8 zbdaA1#W0Ql(u|F^AISU(&g2xZe~E+t0 zV?oUh)R{4FN~*h#9W18c0!~|F^YiciML#bRws5GKn}WU|nu2q8^~tH1JujlTwLjdZ z;W&g{;;zfQU%upbfoKtfX}Q?UM}@3CR;9L3_1f?DEp2|IYJ0z+u|hctpEcQE6q9l= zA>;0my=8Em$UiJnVhoFVq~W84@(+;b$uE#d!CnSh%jqe~xdLV-!gGlFs!&J?Ii8&* zF&f$TM50L~q_?TMJug3j?~Aq}us<*hh|JmXs(i=2vo zf28&&;C$!Jy=9WaJm9GpVwlu_$a>!Ex)vnTGz1I=qr#&nkN}fR4^ibF6*Z#vP8}yy z(;f@JTd1lj4(C^c{3jLd&$B9uB)4ytbAyYUsl160PbUEr)`6!Wr`xV94xBtQdWtsJ z6ni11SOH|Dc(ymy9T6s-M((W3^~FYOo2`}0HsuZhIEv<$(TO(iox5a(E1~^0`>!au zr7suli1tREvGx~{Pyc+B@IG?+-dS<8&JWSp3DU@W!VD4Y4s)}P_(goi4tb&w24Xxx z19?~uhkSYmSSEz%RHMV;4$G+rT5!$DrMh`&>>_PBkr)RpASh(V*cP z{(-L588fc%=djQ%>}KwtuZRu-X{Q$S0Urgp*<3Uw6M7Uhm}V|LkFw_{m0#0uK5?39 zA#v(oVmGfy43w+$$E4SK=1N9vem{Um6AyJ#Qq;d0f>qaZvx?^xY5=v75BqDFP}t6aqn7%&-+kaDM` zhA%Ok(Zz4ESfx4^h89SE(9$b1$$w(S@mMv%sZZZ_Hs79HzVIJQlxVq4VQHDX%x+W8$~Jl2jfzY!Z#Nq(r`zF z$gn1{-YmO=e^k51JS}p|w&SU!RHro#|Brjpon4gn)D-b8N*>o44Yw@2@Pq_rSkxFq z2;%5YLU8CYTei=2mAg%|-2-7? zRM$K{xon8kek|f=F)AQ+DQW50MGoYL?bJsTnOzrq+*yD#mwPt8poZ8j%gV@9y-`S? z3%-oq>~Bi(+wT9vJr0~-u;{FHIU^{~eMSm#)kX;Yw6l>s)8$caFU%hD^FI3@!@=b? zS>N-)?93#GusA0>bzGDH6ZO+z9CdF96rC^G6H!e{K;JD&hzbg@!y~) z#Or5r&!lk%LI~$xL#q#l?sjn(%=!y9n(Ol(C@Xu^tKeo14g<{Ph5-9H>$3V_c#38sc64-w-Wa5#>cKqI zN(=kNi5q)L-L1~BP6{h(8isneP=Rn&$>-ToRT%8$_B!=J-*3g_`o!XE9n6t%Dk$Gd zd&xSo_Li+Pej-R$oC;ud#?GuBU;<^4OBx5<#m|OxQF7H602|I+fpz9v!oXVg>1-bsDU`L{WKca&L1=H!OgeOva`J>3~*0VePqBZ`i()W1|!`eUQAA;$f z^?KZn$#+$4Q@Xe#mbdMgADK4?-(8bIR|1mH62+MiNh#k#Ib!f=KTbJfyWaxsc6vd> zpIqbgfhJ9-jC^~WYO}@tap!g<8{e~_46IzZsuc1j{oDK9eNeF^(aH;HR11X_oPuMg-6gL@4qk!cB^urhQP728 zr^TKFUnFOvnIx)Bu{jWFt^p%%M12FtJR3Zg~F$1v2Fy^7dwFL}h3!oBo=p9zt; z(j7qC5Ss0OOb739hpIz7Hh%}Ip}D-wU|c%x3=l0;STjhrHmDB-X$>&=&&2+CeWj@6 zRc%pNK`&$t))3bK>@wCQ9@+wb{Q5&3#drfJ{3K$u3ej24W&F13II=BNM*K)Qu?YVy zA?y#E-)cohc`}ly#l3Oq4QBb+DCn&ED`V8cI(J;~)@Z!wzCVme?W-#JLgxUdGMi_H zOG(m}s~4hpUXu+X&-m_`tbc9jdft41k5+^5SEDm`i;P!F!WU&2BhoDuxL&E#IIv6h zsIZ}&U}*LYAu!~U9Ow%Z5kw&V>sO6r!d^HA)>B5F6P}|>BF(<-T?zI+*L~R3E>yrpYtT;@CWHL(3ZSz)OLE*%Ldkgxyhk(kp&TbEQHJalaB?@A#B(g zd&JK$oiMJOLXq%Za6Il={LRs9xI{{^sC`haGHz>lZSz9wL4}TLq)sM+-=#Q?{pYxHH3z!yW(S|K2Cak_pqk%>fg?Hb1!z=e>2Oc z&Nh1`b8%s6_d5IkF038MWaZ?3IJqbgI%-vJ$Qh0yf)EE6`piEXWVBTHHR&DLpd`&%|UU_6^gzG-ocVlG$G&LQ(r%HImpR~yVm#&Cpa z?GL-jkZL;={EeILK5vtz4Nct9kxz_$!uT}k`oZb+(~_#k6TG4_?#}OyP85*PqdUK# zZ4U^~v!*7g?PJSr=hIMz_$S!qo-L%1>e7nm`bRbKhXaw1;piX3!(nc3TmFh>T>rmm zjsHw;$Bf|3$LT43R#osp_yC1ce=$a<)uH%^7AO2i{l#J%Wp+(20qGt~(#zx+bO z+VR$EQ`Flo;qf1Cn5k_|#`t14RX2+*XU!ORdDVHwP<;T?loIBMk>zFq2}8wEox z33<`z+HshGePDnGo^9A-jt#PPZr|n@2Y@&-S!5HaXRcm)QT)?1r-r=nJbxEZO4xge zLsxr5dN7x(dAL-XEpU)=Q@~rv0{CghhoFi!4>0yX4!_dlfbxQCVt=(8R`NP9jl?8nGr~8PZT=y zzi@;vBl2`JRoswZ9njXXZGOfM_?(4=JRzH}M^4I3n#Ta>g!Dmcg@1i7^vhN&Rc|y^ zQM6^cAg0|;05)giD~EM_!%t?+V{^tVfcN$1?y?^EF6NFlo--u=G)Rh$382WM*b|~d z$#Wb$nJr~$(JZjXOw}5G?n%i(F-xefz|P(-6Ij2BrtOOEsqOkg;`i;3j9kJAG5;NV zAPZKST7el=+DuBx@|L@s(ng2(_>jLn4mEwccRDU4zlck-T{17{^9&i; ziB-?_F|Wsi%`0A7Q6=5lxR2qNO&El{mNW+Z%Ms~-*rrMA(U|4-RngAwm}{78tgsB;7QCLWR*b}uXY zCBlpC zL@h>gx7+`THrHrN>i8!w#z?GdC=eF2?elw>A+%FKEqqgEPCX!4dceftyIZhs81BS1 zI(kG|(dJXzWEv*yXTg*Qy5NOlCF(aZN`Tpywn8WxRE>Hrh>^~0Z_2N$G|MPB9kZ`` z18i9bJZ_U7fF-}`M4v7mHxm5b14d%%fG_jRk{}q6z%Nm!YFTs%yt+Ts`62f=m<+Ap zYFcln4x;a}*2dP5Y9E&w>^QkKl#;=us~Isbs}B*&qfYLS!i1G%@L<0rd!(s(x<`)Q zK-WR`yGOjdtZaR?Peml)62WL{Vr^qp6*8tM5`qUa^-iuPB_QVUpiMB_oGJi;SjijT-!8cWw%1v4E%p;|PA)uyR z){rxv-pkFPsDUx&basqpyvSiRgjEoTg%Ldvk+mO?dhUG~O!22<1}#a|byutj)KA%J z8yxQPfgTk>%2XafITwW1xr=!@KSVi#ukre;F9asRqWfdK&o!1B0CHoNBhur+oS^A) z*>g~fNUIHRM;4C5;l#y0NA<>#v7_hU{fvCq+V6`Q1VseJR(4h;U7nf! zhI)*!N1`0>K&Gls-lF^XX-7%U)(_a8>C7?-ua=NR0e8XD2u)r#K~TkC;kYyQQ7vP0 zzz>7XXea9ON9v&~0}#(KCvGC8ak(TVDbOCo#Hb^oQpCCqSo)k?P|) z%0@0RDk3eFw~*(LhgQS&xStkzbiMA(+t#g&0sW0Aq_F${7~~w?5GNhbQXt3w+*v^| z=_2f9W{unvxm;fKQKf<3`x+!14CKZP-OVH-$B1M-JmRcmY2@g1-s=9on9|x6 zB<16mV1;4KlHP2Ci|ld-{j%Qx-30TOZh%m;5mBLgImU&udDA{UQqN+Q*9(&L3B&np zK63lM>k2&JQ_@Kp5UHkUgl{EY;tL;M;R`~UYD!1BA8<{HMPD_WDN?pkh69AnAAzY{ z6U-d<%0=0p&qkKQI=)iD3d=i{P&|^Rf|I1T-MnuvUNt27Xdkco7bP)(-W5E2thvU< zNV@Qa+wsadHxmBK0^T+$^e)8x;ZGK?O;g9JREBJY=YJy0wMw(_mw&xTdso*ms4GsJ zz-1$QB)1^HVCo>=h&S3n5;&V21)2i9|qs*%A z#GYhO9kp6j_=OhiC?uWj))0Q5i|6|kwZnQMZ5PWOF@gXhJrmX06u^2Wt16lb-?NL} zUNf^btC4lyDLZi2RMC?1j$Nfskk>__{;!#z`u>3 zp&M?AY+vyGHMp>3Y0DQAE^NhAMx{J$jl~ntr)*Cj8Y?Idnujcj;blyu(&&zkd8~9X zkEBIZcA-nnR;S}qeyPcM)2)QHAr%-Q`LW0a-~_pfs$AJYPqMQPdVMoG&tfo!IdFudL6l$@Tkj*4X3i*&)K1p+yXds62Cptc< zimSw1T(#c@BJhtG9v{k8YU60?&ejwe3c69*#y#VWIo1HXoafT92-`#rH$M>h2K8c6 zw?T8D-+J3P$|}37zJ|FDS}0K++05-Y_s~_VcTag%=_~R*53l2?Ep(+jje~k<;#q7r zcAM~Lx25;!15FR~wu7eF{QN&K&zflqtV#c~tda)}Lk{z3mQwI<5LVrRxSWh~dRE%H zN=yWEk3N_|BPHz@>bA2Q&nUvA#K?U}uBB?KCEw|My7pjmC5iA{TDCLsUfaA0zlWXwExsWQ z14n`*0ORC_!Tg3!wViifIs(S-zM!@vzt? zvNwZI9Rx;Hut6Y1VCZ+oVj@{X#^RU)_spwbw-XUzIML-FGJ%MeA+!6|DIUG{^X(zv z7!|^-tXEUU{QDhG;WS|K$4X3N^ouk>U;g0+$N&m7?`@PvTP)$IJ-uev&Pawij`G{? z59be@Ok`(-|7yJx@n9k$Z0?wp#7y|tD17rD(Q-@ZK}&cO+<&iD;9Dk+O0^I9EJmiT zg|!Lv(DeTn%kfr1Tfk)IN`<4EthsRy$N=GZem#g?JXjR=Z_TnLR$RS%%dx%PvAd_n z5#D<77xNpMetbOqE+^6FA6FiR{e`X7Ioc#zvV`R15px)Wu74Qa{_n1Z@Y;-iPCabz z)x~vPvibh5gYq}D?a;$;_tEh^qE+39LIGe#G-@^%cWE!9O%vlD%z~ zo~fE5Up`?Z4X`wSFSeNu>LqXe!$-7Wm;VnKCNA>L=JE84STGU!muun{=r;*P!YRHX z#1@wqbcGNNScp#Se{Q<0P>58#zsL>Jsp(KA)_}+Z=%Q3M+qUoyFBrvbvG1eA#%9H+^#zrmMEQd}w;NesB-| z{G#Y&{89OI;4Sp-dP?+SDJf#O67@#%qI-I`cu_rhdf~cW1PIcYvV2|7ZV2}r0NrHI zV(Wyrc62Uy3B9|&Bz%J@SRF|$%})uPNWGsVrpvZx2hQ*S@f$4{6xS%&J6`pr62Xr> zi{VL&?l%vDjIS5l!fzb!9QUbj?Km$J9UZvklOOllZG+F6ZQqS`Ii;nfhmv@5f>V-Gg4}8dJKG;HB=gK~OST8PZPCX?% zUs|4Y+dZO2C-iBS{?^r1^W5(Un4)}B%3xV3QX(w~kL1v%mlJ_c0 zCp%9>-Z&(EUrwsCsfARhoj)o%FGSw%z}eLghMhOMQybM6&z|oy8#_D&O;^&c_Z16} z-`xj%A0X!u?sM?)j&q#XchA%UTrB)JgHYDQ?H?YT$2V@WJJ#cb-yFTp@4k0TxxPK4 zF$;NDPc%m+oK;U=oCpLbJwEa_icck$2|*NGM(oqj!Bp9h2__orW89N3Fgh_Z^+;tEQ)pUPXWf?ghi_y+)RPy$9zf zQ?JZ-p6qv_4=el0K4IJ!8~Y8zlZc??&hw3{&bOjYl9%R6&+5s<+xGki`4)YkQ1wED zXR>8S6$WLR)85FO&D`;v3wl{+V`p~RRs%!2>{^Sn?r0JdGST+0EqtA1+s>xuh_lKM z{abh6On%6%(3-Aayf^H8d3ek}EuHMYOLp}luHG=Lw9f>t)*nv1uiad{D1F#WDfw>r zI*8nR%1+|8>)-M?E6WAIK6I34+InWcB!KS#Z^S}(;|H&Ial(ctVQ>1YH}4%EjOX|j zPcL4;Hu97_p6%^>`0~T2OWXgOjASlKhUX^_8=f1@?(b)vmhWW{U*|4wvo+EBT^l74 z0g1>L^HLE@qs3^Io{wE3iP}!uf&fMO)>WU#~^V$_y77M zUAg~(d6Ighgy1~j!T<@XRK8vPN$Q}w1{?PRPK94kx-WJ8M8hC(;fR0?4(5}E3MM6| z$P#K{pGBL~si)N2FVcUEQ%BbZ#?uP~i_JO%-*>ANNgD)t6|@XdT!iW?10#vP@uIg-31_ z$UODSbLgHoSXY3-{;^_+a<@ zoTh1aOMVo4wV^>ofTB5LQ$j&)DhJ+%LjxeR-VsRRn5YEC9EABkG2Hnl_HzYB1>Kk65UxCy^{+0-aQ{)o_uMqMf_|Kx}1{y|M01ljofS&Z{ zmo(`x;c;Nrw@;Y7>tvX_Ls#58KimH2e4jKrT*3{<|Efm*pO^Z7-!uF_iH>GU|Begl zBa4LoF10Z=ivIo}lf!R+QXWjQ9}yx2eN5z$T327Q)QEVLKf$75^710>zQ89jJhjb` zX<(q&Y?T|r!>qfykh0TA@RBgZ6A!2iV1`ChFS=5S?Vl0~Z`u6UqyPWX&bm6tFj2c+ z0u-BEcfaKbn!*^qO3Lc#o64UpuRI1`E6nFy?~S%X+=xP)45`QRHA+rnUHC;h#c|V-uG2P37*fL&GDSt6Gl3o zrLyI}pcl;UDUWXji$2jGciV{fIe=5$hUd1Cn`#XQqk+9|+sls)megB~MT34D8wlNY zA6;aBSTsg7rY*f<^gPd*9RKoYd+sOFD;4SYX%r8ClGq~u!?zC2@Q;cE51F@3XAq;W zzhBbS@J2@cCvuJdoB33!=A1#HCkvvN_?_5Xh}QnXS+}q8p25!_z4FF`V#7s~+G`Vf7VP zd?ag)y~HaSC~*?uu#~*U=FAb|L!#p0-k&U_GcuyT@xJvW@l$i^Y#7qo(%c;Bm-INT zOy*6F*XwSUW7j=nj{?WfEhLtz^xpC3)-DFDKcO$*Xu?xFZlaAMsus-!-RphiA?@)< z9S0Vd9ug@h4`LnP2DR+$?C1qOA~V|x41D4u8Q~!_;AAKYxG*B3`(`^kOg(b`+LB81 z{tLyi$Gg>swx~$A&FIiGu2ewJeQKtGc*2`co?R`rYu^5uLJ)hqDR@{xuXJ{QK+BR`V2j=;V4{WHWh>7F|&@n^7Y}RjtBaM8Pi26w&#OQtf2HRfykZ{;?zd z)HISrN?-AGwf-i@P1W8xv2ZNccPurVXWzd=C+bKS`=N9;*M^lUhXTjMy;;JT%_a3kR161i`3lSR z!g6_=xZN)AsIIJ^j0xU%sh&aXTbrmu^FvtoN}Mi_2Uzpf;)|JYsUNmy=(GUX-fgpB z{$G_hgl*d_;36c9GyaF`2cy*$T$^jJ|D~uDg8ZLl^e-9lG959}&~&ZoAiYNUT4sgC zH`_+F9Uu#f(B0 zEygA_yH8P{S1Z=S!4n!~L~nTl4pLP@w(0n5%9s801nBu8ttuX}d?BA|t+%=WYX98I06-$wZ|sI}{Z)36Iy>A8b|%P**?1Wr7`g-Xx`#BoR~xz@dQyuX{?SXmRI?paIcwss(N z0DDw3;n8F)Y1@z;KMZf&JdzCw7jJm-4ir|#cu6VqejEH7Z8+1J`))KFnrN-R?#}P;lQS7A z#cG0$`Oo!eUwA!8ihk&_wNK5`v$S-+sd0r~IxOvKWevM?(nXEoBI&0bJ59EfrYEyr zOW&IJ#Tqjo-7t6$|D_wiLgP1>R&Tk=jjuvz**e%_rO@$UWLoJc7;^bv9?n9*E`ai4x2UpMw2z|g*L5Y=m*b>hUjrn zmrqFf7Y4j2qElLh4kVT~a@>}s@fQ7?FT+Ia6nkMdE`4>X6Nl;U{6E+cSJz@ULVREM zAijXRf6(PA={W98GV zQ9BjypGpYp-#p7cAQ2Vmzc${_{|QIZJ&eDFPf6j%9$S~y{&M_NQzY3}FN{i_woaBm zaw^pMBRtrDHs;_tqBb3@84j%{y)|EJ%Hq0zWZGhC^lCm+lSo&*xTpmee*SWZn1JpB zJM2mOjn<0!X9Bg=3~=2kC3aVNXQe*4n=CZ#)(iS2?7Tu6r!&L`(N3pvf7$lK$4aky z0|jCM!J-u2Efw`yuYB3r$W6=OW+q>jL!(xmDVafBMtz>$61PA7b<@7QK~PW* z-$DF`z7S@j9alY@={etAA)jn>4msA&vS77>u>ix|-aT667`(o{eCZ_PJ$p9;L9!Om zgRf(yNgbNm;WSFsnLx6HQw^074_=_|zBNfV*ayM2_q$17SBCsYuT5W!rhU3%7w=ls zO`1B9ZtshXn^n_n?_>3f9+}9R63h!UDCtoVDDuJ+5^k8!MowLvCr1$DhNZosrtI|A z0w~<@X%TCcQ(|u}{Xa^zn_`(Qce;@8KD}o!d{0m&GkI><6e~IbgSt_RwN7IT#G;_7 z#Uq;U#(SgcXC{T+jxL1qy}ErH)I+@-wp@cC|3bQZ+|XYE%!{DXKy03iplLnx+@9O` zX|vuo$R%t}GpC~g%>KWLW>fD;gQu+~4AjQAjA#DnIi(m8_#Ied z2}0c>x7WMN(DsS9#f?k+{lDQx(hw^D8o_X^cRT5diW}9>{OuTi^+wLwP-tZWX*qMRqhF-nwlwiaywZTlk zF3S+p7&vR9i{0pX;-rzgD{oR*HPg?z~|-{;r)E; zc#!2C?WrF9xxD_quM7SiMyHb*wlG#zW~(Lg=vT@=z$67F1z&Zap3Cqacy!>r6Js?U zgj)v?8mxUMwuH_4Wj!^(tW(>3s2^tr4JF#3{nCWz2>39vWBuAvQqotu4ygOOhp#J)`n;>I6 z9Ye32p?#*wtF15{yc5h7ehZF%BjPQGx_Z}(Ry>!SjMIq(iVxb>R;|e0HLBCRrUMGU zb^`b0C8dhxq&Ao3sJTJ<6zU`u6;(3R;x*UY4O3f)(WF6M+o-E0O$!8>)Y|W$ZR{;k zjERdsM#)c~4=aKwSSx0Ep;8p>pjM(jCww5p*QQ?g?9Z_i(=X{GT|*~@us7<|Spl8^ z!?$p2S}-38OcIQLnruElS_2*6v#{j7U`0vo;J6$TubUF}-^Cm>DK2SrhTq>*y$7R8 zU;sq+7cX@403i>O**o~}T@U5jd3(E706|JOJE4*iyAAz1{d=o_o9KLhY9|8jlbE%P z+J?=f*lkPaKM#@aqf?&iv&&#peBrUty|7p)J~*B$pUkm3KbnMm0DRxKUT+(o_rUx8 z)^sTUzvVu#|H*xLb4Zp2k&t#Th+J(|$Ph*%&X{ikvvZRjqtYvjOFv(XRB*_>RRdXIV?CQ9`5 z9tpY{3rkp;CGfazVI-}D^5><0%9Fod*XSobz{JXm8dLksvLh(mZuqIAb@*i`C9A6_Q2ruh=ne$@X#P=;IVO2>cOmi~$G|{SylmG%A!H{YgVE-!W3!re&IKklM z`a+z;`fd0oV$}EOt3ul0I;p_&nedL4B(!ZEBiv|`sdf_dVb%~Tg<@!1IT%S7wXJy@ z7jR5*O|8Ofe^emiO6n^(?ESc|*(#;?kLHci!?m1(=qZaftwJlWP!h>7!DxRzj79W9 z7^cSTR@kjht0~|*Q}`#I;dhjS3Hx3}l5+%fqSNW=>D6y^KUMH9)`|JrG-+bMzFjvm zPjY}9h8!(-S-gvza4EBhgB%`%HlFc){BkMI6eU~s8UsJ=T9X1kHCBu^P=d)8{6BU% z!$}k{=T0m3_*&m?A4JutI~cuYj9I~8xS%aLIOm{dteMVX+H#lra0JC(Sb^Ge8ToW$ zLPt;EZ$`i$bIiz)mI!t__@Q7 zr#c&d=J$>VbtqGe(`~qbtkLm}Y50Jc`DUk7w|R|FuQvhzyqTq_8Ggss^$yt55_PiQ zG#|(3*zvw9biaF3;e2w>>}cPTVZ*=3j}E(fjm@A-Vu=<-DXVh4No!m`AAad&kd(GM z_NZhbSMoC4pWNiSL3}3c<{H_J#^;Z!)$CDVs5kT+&$T0mPxYCAv*t;Z(+44%C<@-= zmjcd~&`BS0aLg%P+tnYw-->P~EUA?1`ZgF7Xg-;LQL+AIA2N!u4nm>oNzm2qSTlE& z>l+{mU51GFrF~4UyF;01>3w{Nl0{;wfAgafT_iLL`!4oFR9OW8Pyy&#f7FWzl(}f? z2%Onu*4K|(=sc(s<>Z8(;=_FMr}`~QcG~{FG3kEYC69SRCUeRmZKzxv8f1#xz zn8?rXdbA~_cU;CmiED{vq)1)vth;a4acC+hXSl-Rquus1v)*=NDHB1f^qFIiQ*3h# zq5P+&r`3AflF$1L=@RzNSIwLK@v{nnPQ!Wv&Z^_^>muJPwbI4qxze*IT>USdLseRi zrla=s!}`9KHE-9Zo%X#~Y6~FaH_!X414jwlP2rb1)U&tny2jqBNXk({+wU$RUFF(@ z)feLW)y&!q%Yi)H0Gq&#O+ibV$NjHU62HDNUEvR#bmQq0UgJF@GF5ee7@B67Z-;~< z8KH){)!^Orl@z+Oy(uPDSvc{H^8GRL`ABnEX0<3%sOCy5JE#Oenlwc;cAtEpt+(Ku z4<3B}qH6HnXRdUb2i6y&xViEvESi?#v>+`gN5*te7;Xw(N(>A*-&a5+C+V+g^O~1( zS$Tc}yqJF3n=c-GY}?9+%<$Gf>=CWzgQbtr=6(Nt_6qUHWfNw5k7F~6pT~fpoo5KB zWH0q9>osdG%Go(^TfRt^q4tQyG#q|W^l`4wvTv3Id3)DrSjOwkLwNu|CLOr~7i}>V z&olv|aQ;XzSa1|b5}2W6m||oBUBe-wMo_{}tTEcJjF`%Gah&!gxp8W?f)eTU1=F*^ zrD{7Z^HyE>?C3nx?XVpxAf{g0bZc&Jdd73oowC#BUUJOb1@-;Nu7-8wIpn$N#`e6B$GV^JoU!Vw!n$U( zIhI-smQ!t48L^A3v{i7Q;dv4-s4HbL9xP?&efp}MZo(ZKX_*XWzKs01jsn>S4O!qf z({%DJ(VrFXj8oz31h7xJmIEb3rjiK5S8phN@11A zJUE#@4rcND)`0*sw=kNaCxe(vMiJk{UP2;DZ62*~>IB>%%j*JOWo&J-=zxsieNmC=*^%f@&?k4g3_Nf3IYU+M& zw@Y}EpDD?WKsU8h?^3PWqn$W#1B zE>-SAbXz5h&riS#+zH(5zs7enIxmm-Ji*JO%*|sENXQNX5QtjwX9j7(^MPM}s(lT{ zht)B7Jd0E_7c)GDXH-f?%%N@h_G$ z+#Rh&H{RzP^gMM`l?|+&Nk|?FzkAO_fy4l|UAQV9vGX?NsA%~e>-C;R5HE)1flyp{ zgfUo~6gY$}tqiZq(1I{Cmk0`zTrD%awEj)GUCG+WBw*6K1MHjjIQFGSu03eE_i{p5RQiAy3g2m*ur?aWr|-fo1r@I6vi?)*-fV!?hZe&?9!bCP~ZJ@>JY)h(o`_6K0C^E9gPfbVe7!7#dDMa>{7q?V$4+M0M}SXiu~2ak?yxEL6&akyO0kIvJJBO>eeEz+q7z>@z9t(MTH>V# zYrBPCT&zIE<2s~O_V=&orBFWYH@-gE?(w$G42gCLetR@TI>7Z3LsGLUELP|c6}yHg z&uDGZP;+@-i|Yv!C8EmpC{Z#uvhV(c_l7yNdoX(@e{3T!%h_VJf_JoIFOKCGv-S=m z$DGL=g8{l23PG?%xzN+!EI}F2!{c(TR-pELRZN#gX>mn?rdP&v{7EYK^{K(sm#Z{$ zdBhlfB0z#kDT7r-FhA^O|7d2zo(75N9)Y%}+OdeaW8dSU{V1v4D>cJ8xWzu#_oKGI z)>TLU-9mmj)e2v(K=3^Ls==UJFrEAf4lN4bF=#wFL$mDe;BG;WMYCwMsbRR#f+?J> z4ALzK&>?O$ctjdM5i25f!<`VX^No${g^+EW4Cil;W~}_@yLu-`&tqHhGM3H8n|}5p z{6BoXg;$$lxaA8)3&Gv3l;B$22~sHT?ga`IcZcHcr380(clY4#?(ROEb7$txId|6m z2eQ5->s{~n>}T)a=E|m^Vhu91MUeCqpbJ3Y2;BtiNBq`pS)Mh!a|ZWRifMCeUFwVL zctEk+#vyhY5v;RTcZYW#-aer){2M+*br+ozMjMQkuy4&FCt^_(2^joJOtf)niKNy7 zjf8;8CQ9DJ5sfaIjTb3M=M5R()fu`@X z{f&$rwI%u2yVMQ4@dqwUR(!Xjp1waKer1^gq38)hbMAE@IMgF^3gD3!X0Q1qksa7bmuNXFYrndo*4J zS)wHEcQQd|8?zAO=)9EQfH^KfC28ih7Ii3Xi}_xZ9j#@r(Pd#?2F}X*1}53!Fe^oF zu%fkl3jrIY!CMEoxY^Z9WYhNAbYO;Aet6p=$-L8f?$U)KFF{Q!M+MOB7!2&U(TZ_Vmo5bVrHXqf+33a~>Y08*92sO5gc zLS%LqJ=2A+D5y&#zMi5~UG?EnjQOLvK|G zkipaC7^bRZvHcdK&gYZ@h*6Ku$Yi~B6tk;HH>3My+*%+HV_WN{g^Lnil?4!M@*Uuu zL<35*_GXvL*~D#5W~7?xz@aHzWrg%y6N$qQH?Fc(8-Dp+SSXY*<75iFk)oj`3mFy8 z3cv(&cmUrOymO^l|CR#(j46d>R&Mi3!#@fCVh7aSlq4+ymW4NC($WsYY>p_sG&c@^ zmrs!2>Q_@{H{Tx|$Nm8>hJwh`Qf^q-I7grumJs)9DCwyV__)8TYZ=bFlIGwJ!J-qd-k0(Hr?+7LCN85&Mgu3KC*l>X_s_ME_yu}pTHZ~uU zaO+-2>_KJGwEMf@t1d;Tf7w6q_Yh%U9{?$TZ{qJ$(-mHi4TBM#+6mrJ{hMRHP8?^v z$i~4SG&0R431uRoH$uz&114;hQCbHvzhp3Dvm}9Q5wQxBk|V1$<;|+b|6&1Dsg-H* zF*-QwdWpwe0j$5$v*pUKdplqDCA)G|(#r%6j9O;G@|(ciTJ1x0vAtRc$_ZT}iFF{h zG=CszyvSBvD;_HT_nAhoSW^s+VTvyM5Nm&RYpz~VcHm)_ywXh;{+I&qlmMH80a#kr zaw|;C9324(`v!;*iv9tZ4Csjt!J<6M@<|9G7}I`y2GP#NcZG6{jiPZNpXPALU%PL@ zwSe|-RiXi>zhF!^K2lz5$#Q8P?lV-Ua1vWb*{>jV>H1%@Yl(?OyHcNo1{Q)8@u{ze zSpUNE>+O7bLCn66L8LToj|8$aEk(9ZV2(SDptc2OmTl(O+46e4zkTSI4+Z}lJ_9}4%|aN zrJl9faD+PH)2}?>L5fV-zYuX0wXH9bbR88 zygohgZdfW)ihG!Q1p$039A}>*>sIY~@Y88i0@*PLO#4IIyE%EC55A5PRLZ;SSi;|Im45|IkZ3>ZW;x%1`X$gR+%`msb0*ekwA1+NRuokY2_J6 zZX=;<2|GoM*9@RMSS`V3Zv^Z?hZl^UOL0G-vXq+(<-2(!&>dHD6p+hb27gU4o=e4# zNNq4@{I_!CIOHk%jNj{TALm-YES@0SNo85*91nx`5Na1K|JKROEK2GcCb>jcg1NqF z2P%OH2wg&}IupsiIa?k0s^gGGg1*wlw|3|yfksr}M9SS{eo5IPWyyZ$6dHGV!Lu`{ znf*cE_%b;`zMd=+KQRO(Fq$91_!K}E#P5o4{fYTbdV|+tU=nsegKLJ$f6=9CJ@@_9 zWP#M-F_F{wiI43@Z}X;q=}+DI7?)4q^7%|rJPH|ScUlVmys3RqwtOj;9c7!2$8`Ft zJNIeV_0U&X>zaHaobd6)i&!V9hp=sWOTryQFNvR zCuP7ct&(Q*pD9G(o;DmdxPRF;wH~zqOd+guF~M&W>Fw{n4t3{8+s9H)a;K-xE2iFZ zA2cJCUf)9b|8ute&pWdK6P6O@qKJb?QU8qwcA>EM$n3wf9ra$2v!-ag~Z$0fJ8beAY6pOJFO}aK^iB>x<3ibSlIv-&uT z9D5TEn|J>m(dR*IbD^&1HuSrBQ_JJHj7y-ns16`x=6t@J`phHkRCiG{yW6`B2siaxCIRA~a^ zyHxFfJ#E>gn&juGY(!H6q>@OYa2zN0=|m48Jdb3UR36RPLy0V>*Zo4d+E=WcufTbbDcEsA8#ZUZ;qiT^*6j#8>b; ze7uqgeQ>mNSSwO?TCqx(Yr+mZ1@_W}{aiJ5b{7h3Ej91dUmiSmrxUmY|?PW@4e3@~* zeb$aNkIxf>n+jobegbIQI}w3#eMa^^@#cDdPQ33H#4C6IiNBN41WQ8ARp{!I4vLaI z>4aORX7?uXfXogo0gW$p5H93dr`fT6gb$!VOdXS0r*Y2UvW?M*QmVdNZmUH;4L59e zM9~~`ADX+=p?^DE2r^;0S1S=X_yT55*cAPhfqFr-WRd0Imr~#<{^jeJ8D~i#Wp79v zY{@?vi|EY&JCT713@Qy{9y|lzo{K(WF?zq1os)rWiX*cg*pxJ#`U#f@vDO_c^d^n4 z_m#DZ?eE1LwY<9R3}y&<{sIbCksjWQsC{M&U0&Ma2$5D0u;$&%^|*U}2+9^7KC@PX z`7Xpi_ec9>3D>e1+G+*jXrdsldEnKW$Mk8ekkG+;8YlL5DR?|e6840yPm*~rt^BE_ z2c3Q4c#AdT0%e?Q7YuA*f*%}PH;3okLT=)U(c^;Dk2&wY)(&OLcBt87pVjp@t3R9l z-5gf(dl9a`fXs5q#po;pVWgFXJks6Z*G5^RKpWT`O}a05`+x}TXo0)J5#nk^7D@bH zsL1AIvVD&OZq)|Rq;s+0pTwhN1V9!{obsXjQij~G!41YN{ytPNori7?>n@spSxJMg zQ!ipvAXtQl5-Qp+`g`0;wT=Pv;$KN78)C7ImM)s`yHTx_3 zu7-T506G_wBEL@y`~2lCeHJ3U!C_I zT`$toD5&Z%Z0lV^dVfOO-DA>5Uvs09PQdd6U^pa9 zjy6dS!kcyA4_}4hzg>MJjp~~Dj?MBgtrOKb6S!i6f`0-nKbsQzg!3Wu{@3wQ+#iZ* zk$1A)m zWOwEAsz&V_W1s4BvX9sj;3H-xPfcE^>lmb=ry}Zu(cG!R&?Udwv=nUB}GD`*Y1D9EjY`uXJTIrHi zY6Ws$>do1Oo0`~%xe{WrC~xq$@Dluhb|4f<^esc6i#eVt)p^`g%8WS>?=XO#ctBBRkvct@j(&^BAtjS%Wf#nhR^UXDMv9Bo=GtmhawYl`QFm0R0q_lI5CEr~~uMw}9^4;K}gyDLTuYmGcJ0per; zxa2jpg@0EogWTRr6tjs=6bSbS|5#bz=^{XZ()Q4S2$y#p>^O{5Dk=|#bK{ikT zsL<9;T@v@c6p9oSV`u1Nb0x_q@ah2d+$ofVO%L(s@7bD^451uouFx1g&tC#I_JiI0 z(v7@XTkRrUUZQ#mimj@@e=7+7v#w+1MET-TrYpuqzyB7>8K+mfeu3 zq_w}Z*Ek8|?d(U1KB-ezRy{u-H5$5fW`>~#S?C3Ry%H}*e+j0zBM>AMM%w@ zuU-h!-k|R)+Z5(3qPJ4WuYD2#XcW$D*m$)2FLD&i{U{1NbGx#Q6?Bd(T6^GSa-j_X zGBZRN!7+0a%$phhd)31Obiqr|qtI^rC8x}lpg9CPNR8D9eh`1d(#nJ8iti$#L`l-J zZZ)Z;eId!aa!_fRbG9+?{zz=M@k#Bl6Fyw#zQ?lu%Z~=#nzcfXNSn03v#xX=G&!NkPZAwAtSWo)*nY0Uk zPu6FxEiW+m?f@%*KQXu|gP&Q61Q7KKV_yn3o zkXv&7piWm)7k-;-lmJw9DyIewJO|P@;w%^wM7ap=FI%=!waoo)V1`VB?6}aFFPJ=; zvoY$VMLDhcA?;jAUGcS@rFB5j)G41&V1M-s$s#5gQaD#%n+yB{7(rZI$XQ_WPU+~K z41M5$2b|@cN@>dx&>y$azD>Axt|Yp8C*)j#2IJwP(&#o&0K-9Cm)hPns}jCPIGjq! z{Kb@%``kNn3R&oSG=5miu3hqsy%r)R->z6) zCFQ$(d|8d9@mk{&ygsFf9C_O&G2jf+5cmHj+DoisfLpn1OWfgmX3|GUo{}ghj_b78 zkO|xG?QM>t9}Q*V5!!J@zk5!|)Jxkg_n3e?oQFwAf?OjU(N^n>$M1$(;p3OF@&+K^ zB(I-f>B1jk5&Y>{D^@+Jfobn|NaJ;J@NV~hMP+&xc#D+&@2kg;J87KglcckJhKqdm z9TnmW8lo-y=9`$4waXAO(Xv(Z>&<>gwOXV}`yRf6wpWk{bBDzt@-{=9T3SG zgpEB5ymrg?YC)BrR^5UBhRq?=vQKkY5KN|0yKm2R_IrU`-iH?DNm{YedmG+k$FE~) z{QR*jg0DnCtFndi76={)-Gbk}6sA^te?~e*{4r0&ngR*c(5TlGL%%ani@?6?q z$Cgjq5lGcQ2ZUro5~R}eiA^FBiQQ|9?52lc47 z8G(gM1!k2mlwLW}1(t?Z8_0)W6#ss+__rxW9fl4EdpJCI%&=Bu({UtWWJ{w$1S?%U z>|Ia2ew@R<-ncdn{Z%#3l30aE8f6bHP*!6q5eYwFe1^6{YO`$(M}`92rQ8nVtdy6f z07{9T`Xgv4EXtZ*XBDeIAl4QO(94Y#hYn>;ZR*cS_r4T#x)SUNP-5M$ouZ(vFKMW+ zD>2i^I2vEJ@#g9;Clp%Z{5{2^t(xWY=&cejYCf*AtX@5e$){sE6#quslLU!l`1dmr zlb80%BwVQs4VPh*spUpgo6-z1p{WyKQ7YGk$%0w4UbxI0XsERb$5PtXu^J$#It{(3S%2ycu zfk8ivzmBP$2x1uA8Fc>w;n&iiis={9e##6CfpdCS%L>WOp>s5c@=+khS!CEE{zb+hpLxxU+;HQXDL}V|qE;*6(+`+1B zr{g&$d2ZwO3Ui~hos$Ne_xv%{UXKqYzD$=0qPlX%b_Ho^H;d-Ks)VfTm0$ZO7bh8% zexu%w2_{n$75pv~^6+)4ICW<=Fo)^Z+~onx2TGW`HFN?q&HKU~lTl8jP)(V}C8eC; z3=M@zsn-4n=*{{LeD7Hnz_xlxq(k3FKliniHY9HOix&AenxdbY^B0KYe&Ja#*!@h| zWXVjL=47MbJ$R3$JpyS3=E=@3x6zyEuuOHO<*$ccYk@(cO*7?QW-cMw%(>b5g7SQf zVh+Jkx^3fNK4dRtX5)(p+z(Egd@3{z|0H|3LuABuqKOJ)ifK;jkA{r*EtxsqwxCno zbh{*rU1@4ub%9mX)4!GoF4$UW={}XYGV8XkC%V@z%i5-y)U%=YPMh!q76W?TRoQsR zy~(B*lRAbgzWV_^X}pfr@BEKoJ5MNy8I6>lzkYVjduDI`Zs~KWbziqLzIi0wPF9f( zlFyYJGqo(BR16Xy{BbENagU_x=P=MObb^&LAG57j*yJ}<%9-jI&h|lqZ#3cIcxo*s zeLWWq;-&QrTF=r012p+u_;OlIYb}h&5`)0EEYzJS?^;=JhMxEaS@d9h+wy>O>zOrj zZtu)0$(oL9hzS>d7kiJnPFDT}52Qv>7#aVg20l$g|AXalYjg;2jB{=OQFjpPJD?Dr zb(q#b({jmEipLEj0|>uC(K1EJDR~pT0ZAWy1df|VHy1y~F4uMCom_a5O@_f{Oucar z5IvjxO;)S4FKa$<%_NoGCF(xd!D>+mn%Oq8-M?YbXpZU8-X2zB^XWU_fM$(AeNDJ}y%@aOyResc%N0#kiCrH+u#PTU4egW5CdobW)J(EF zwO0AplQJ+wdSKke1R!}_`PL(XyO3aCywNfpL45s3EZ6R90DwP1%J5Fj#EX(1U|lKE zqgf#~z}_lw0JmhQ*ZIACyVGx)8G=87ag1g=o>q4&K==O<7cpSv;1EF=odw+tAg>1v zbOQ(dM&}%_kH*Smzgj=epsP>vvh_mp=|Ac1!>z)x!|a^6v^`e@X^UV2Ibw18lp0kh z^W$a7ha)F^yT3-(<7PwA{!@bUj{SYf zEGW;rM|Ao3V4ON?K_cUTHaAOJ6i_@nX5PhA%) zA(fo|2IT*KQo%s(KM|c=+D+EW59x*`yq8NWaLo~T+p)a6Z`jkQu8uql&#?ADrRzHY z2wW#7m#OtP)f+xFSiR4=FbZb1oib|f9>RPNeVgwP`fBQ=n}G)=k^1g&S{HwEXX7(p z!HRc*?)u5><|EVPvo9yU18Wx0C9hVYvl+&N?NfrY$Z7_$vYgJ!QK~3UsxCg=Tb)iC zS;OINtHS3|I|JWR$e?>XqWge=M!KhVRYvZ}i z>C)~Wr7*=tqo06@PgUP?Ed@j1qPAzklNNuMs4@;(*>a2n60d(Xrh@-!4u#L|!!2V= zDo|}Y;0$S!Q2ch@Ew|h@aWyPW zGW<_+C#Auj1|>VUT)$tFB5;d-KUhqCSv~VO`v|DyPuQFNowZJ)@9{{VO`BYIU%&EG zElaWLvx&m}al{)D+WMtV$V}&bw<5ZkDxC<+1lC)-D3xdZLydhM9SG+qCyX7`1{m+B zam~09&Tl?~HF@Px|A3IOG&>C5_>*Z5?RC1*C5WP5PW8_KUHrxo)K{c$-?T7#Qn44q zOMShOu-)FfMpHP=Ck#CHn$*GdLkidH1sRpv?VjQH2zN~)QIQ|mOVWrM)nQ&`ySg{z$TL@Ukh=Dn^d08LqwX-0Pzb?lh6H~ zLCx^xlvEpsrB$NtosD5S33aXc5K%9koQdDsp{QJ6_2Po*(C}4t|2Yb9jNS?OVL7Vk;!~No?>^a1CHb^x*EV zG#&YxtPPrF{|#ZukN&^ATExiZ!gpE(&*ea;lITEWXwDy2gOVe_S{RF=|}o?IXcUm-Q#rmw?4JF?)35cSR_PtxchhXGzHuy zIEUTn;-4xA$7Cmt@zS;?nVL3D0s210B7YP&XM0%Y{LyPPr#PGa@WfSe?FhVm_)SeG zWUr+3v5SER>mD}EZMiOm;UU-&AS>bh;g&RPckpqORG9UY$`m|O5T3p#IPMBA@mZ*^@RN)AWvwI=K3PPQw^EwLUxhwIvQKsq(`uL&9| z?=vdGN`bK12C*4ob^?V_G^c!`=({g7t!`>=!7^tT5ghevo6!k(Dz8& zH`Po*mESm$qimKt>Tn8MTPM$3_j~0fQ{WbF0~KZ>f~f{#%eGu@A{|IGJl+WQX@8%n zdVqXYk|@)q2(TmDoPJ(5()Vk3w7tI6*3{TbjG4(zuabp4}5_7BAr z&1{M%Ekwl^OIidn(_e`?s$gz}P5F&KOx*gfyEdm_TEMCs8u;p0g>_gpg~P`0fCcAnC+t6h5} zy1q-#G=8o3Syn1ZTA3!ya0^zoWb4%`$XjUWcd4Ju>0hMA)5{I%MYc{bp|{6rlH^ES zb6i6h7g$kznyzF@o)2tW?wKU&Y%ODMe z5HddQ1cNSNHI;6k_6;S-;wZR1br7gP*+a+1GuMbnR!B$KCDo?cIPh2Sw;|Xgp_`u- zLrk-nZ=th7yWX6Frpb^O@9q9Bp6pdvlcu~*EBNZ9yG!@~yDS85)lRv8OmL|KpAigL)A2 zfm4||Y`TJm#=*D|)Ufi;zpw;XQin3N_h6nHPr(gpo~>Jah%bR$(2TZ%f`Tyt7y-uNy+-_P_7>a&4e1#(*gR-j(oQQJCxt%PX?B`2)`us?-;$b0k_OEkBHT zePj|tb_T&jjUWE|RDm}P%538bOt>4_*C2MDF z5Lser*SNgWP}(nooy0QhOIaPhLpCvr{h#Cu8WUz$PE|`Hz*R)F)enAseMq+|^|nUM z>13lTLX-cCr}0thR;WqT=Y!qbdHuTiHSozZ+kx3**shxDM+lVM%OUzq!1|@JgybAy z(3kJZKiq`nM`iGvV+SCmu5ER(#_VYHB>A=_2{3gH9v4A4LCBa{T+VIRtF-mIW&ro& zUvIy^B}WH*BRM4(`;O9~qsf|?v(QG1+D$9%f+EW{XS9iqN|ft^yE$Q{ z^8dz1{^wp%P6$zDia`HFJqJ@{Bf%ev2pxO&`}f;gkwa=Kx$=9oz-L{Tx530QtLhJj zqy?JLOU$?N!HY3mczNl}+{JSw7J!7Sa=dhWZ48iXA;z8)n@B2wAl1}%C`lepxfS@ofb8j;kF`Y|cpzdN@zBD#!$FlI6JKR%k&*vhMi(AGEgiXlHK>CmVF zLB5enxu%xv_!W`r$V)NVsh8N6SaYHh+LUQhG6Gt$kwE)3FPDD;7Z(9@(uyr+XvDd! zU!MBeRM0oY+wEtiX@$8K>D;6mlDd4aR~p9~xl`%nhdc6@Lh`@Ie#a)hm;NY<&qicO zH^Yijtj}1!+ptGzEl~vT5`WZ$E%{kN8*bao-B~9I4K;avPL2`uwC<+F^Y!J}) z>Kqq5w;~g}p$0-xs~Fj$1ftx#k%@N(&lBY`(!5eS1XVMCs|%GB-!);rb}mZ3f6Ni8 z6@R_4cz{Ni&Y8wxFR}sB$$D&BH&^8e+|*&MRy$#7#h0J!J)Wht zo2yzrAQg!uOVn`FQ$9=SFCL}RWe!&B>5SQ%pO)$JESnEpqOr+Pda)FiY*C3{pdM<6 z%r}uR4}8tRc|7!BNp!|mxz<00^cQg4d!gQO*mg+PFvhNsBYuLgTfJtb3if0aY!Xl| z%4GY@Y_mnsHA43HK`39Nu!NIEwz+v#6H$jtk|oih?;aO8*z&2l8@d!!U9wnTY3<8X zwniC~}x96li^U{eG6r8)`or_<8hW()Sk7htJM4Gh+cgHJzb3|Z<(FbSM;$(5=!(XQgR{dD0BdY|BM zVjaI>KjG`3-9S8Cv7;LtLWQIhKq@CPe*H5hjzmI23QP^#n5v6b_8m_uTQ2ijPLh^c zg(R8${G8m2_T$6k>0EpsTl?3!SUUP zN1adYj#UnfpARgN*snjGegE~_3NkuY@7M)i=QgwZYBIPlh-yXm!Y+ydAmXO-)z@>3 zoTEchF2`T(rh@Ms{es?8(Vc%>6!wj>8*tF ztx4b_`bZ2_iR% z36m70#e`%qr|j_Q!9TxKN50SkHFjG$5`_2%E^!ZwB6mSteFFibpU;(j-0+sVi<|?& zAe*LLOG2M8uXB%eRo-JroRc4xwA(#JvCw}t)}V`Q?1+)GL1lRUm1Oh=AXW|`qjZ`L zLA6?mLpH~3WoWyl7=!&!BDuaU?{KZFL`oOYGrRB?E0$MjN=*Lw1a*FDyDc?sg-dHS z)!qFwij&qV$~B#Lgb+uEm8y?AOs=9p<$UmZ6Fy3o{QgDL`mTG+`a>ydu&Tx<`zwIf-%V1G3#-ryZB4Ksp*s5i@EFKw_(UtfMi7XoaG3uZiS zE+uu{)EFegk1kbDgmqv_61bL^bf4%;CM$!jwV!BMgLI{xT14WdvCRwspA8Xoijvo> zUZ4m!c;N{B^j>*n`8~;ZaDYZ`%y*A5c%B+WRZfar<4Vc-z5BdinIq&h^^lj9igw$` zLD>X-AlH1DKDwsFV#yFh2H09MjZ#ew@Gr88`NwP_I*ZKU4{kw|>VTA3x>K<81l9KR?mn zU{}46=@q2M;1-6nOMicL`}0nl=Bx~+EPm#R@fFCOM-TFxYGBr}Qy`5!jSvE7pyN_R zbT=VZ_<;Aj%?hbrNZZM#^cUSzd{~HR8Z|sWuWz&0%WvLR3VJ77BNKLVUl?+9*U(Hs zfm887j+-yjKcYC3BT2XAM3wVfEymj)vH=y}Ohz>;5^CAP2J$p?-WV)h9=+7c^oW*| z9y8%-#O~XTP(BqzLpAhVveoC9i+B~Vw4?iot)Ti0Oi4&NtZb7=1JwnKQI>Xe4R8jD z3G{j$!05AZM_cY1c6WF4HU=-<4+CR96$R$T9NDVPgq zo*P3b`Zx!=ln8FU;0P#rT3+WAfD*nE&-(oRH%!0==eThMiovIJ1jlZhiwL_wul)w9 zyt7LtABr{mJ zVNQA44hgASNhhW!tLabp#sgosJ*1wiTK$g;>_1fQ7hRX2e` z&BE}K_@D9X|Lw~I|3C!6Z^VB-Ei8*hf#y`Hg5M}TNo*%DVUNgiOvC?>pRY70+2KXx5;JF#-RkJJCTL zwx+LM8ayc7*FdEH6OfPQOD9qHWnPEF6sC>6VNHS`BrdxdU*sJ zO$BpN5cumx@4wqnI?eo`v_cC(=!NL$!d1a$PHDVOj=$vv&e^qpD>WpkqN|5M_c_MB z<;;97egxM%H7Ui`xQeDxV)$0AJ+*304iK}y92^h$cABM}k6)b)94vkJ`coA{8hbqj zIhyNn`-F5TAng}2|IX?x59qioI?8E;i;a?#Du}K|4a97vst3zmlkk;?-MvmjdJ4SG zYkDLlO2tGHNUQhFOP@~aeEtzqF5X*YIv=$;WZOM~=I<5Ja~S8+!Sb^I?4?hZut+^s zx-L94_JqapgXPISA}TYs)`U^dCJ@PmpEqs{u!5)jo=f*pr(N&ul=k-S((#jcVgx~| zb1V}JLnj08XNQyW#6D$CPZM{ORBuKvbZB7uXxLe~E4J-^ zg634MlJ?(rTTGJK-qoQs7V8qmW}$Y5A;=$M*k=OGN}?B%qsR38iReUdM%ZT@xcXy^ zK)wsMERkOaMr!EUojl~wW5Cie!BQ@&+wGq@9`W!e%}h~LydKo;AAYC?iLqnHj-u!B zytqlm6Bu&ki3wGG7dEqfG4*o4%mfXMak8Q_Y^5f*|1VovN<>fS|9H|4sCdt26jo;# z(&tx4g8f78{AttQ*>+%FbVL-fcWpbV8yxB>4Fubex5)pMvXn>iTd31Kx&L4tn?R~q zLd!wu+=QRx#PV{lCT|>XJSHptD?s6YpI{LBg9&;FpfdxYH#uE^4J%4blol4jS1>aJ zO8dWLIR6vAU`K&|wwvv>Vkd&V`v344{*RCQpMVB4-w!~;8=x~>@0Fi|TwH{Df=hu| zr5yBBIrXC=Z?!uIoG=VRl%W2P|7sfR6PQdr>5hQ57z88}ghJ!q151#G{ipRRm;$Oy zSUzi%p(G0JkT$L)SOnMW(O)E!A(G{#r&?m2ity2&0>rU04(}(Ocq{0$)N@&OMKP3- zQv&z^qeeA(-zfk8e0Ofr|A^UKl4I!#IZ^m_Z)}jhc4+md(K#0?p)5Bt%E6O5HK`bn z4fw$zl>T0ISF4eT%z>Z?#=?lPVgPASwRCjA>ar~vb>P9~17xpUxhGt@`yN5HJpdCl z6I)CmI&FshUM9oINI@R6Xjzw=U8loqkkP>EL$NAJ2T3%XCC8;FF}LjmCgv}#)7~Zb zv)(kAh^z=92-#a{-?5U}eFoIprRFnc8=3G%xOheIpAkFnuiO1`nBgUuW~y7o2cy$o zl38Lv_2cj5Y9C9EKU33+C}|sH6L`C>Y~|94blw#wUben2@_&8^b&2u1&9WYv0@yNY zFRN>NZKO5b@b%D+(awElZa?0W(ypFzNo)SVg!O{+~k-5%LbgAQwC z_^SaTsb`h>V{JFsoaMhAl4;yevCt2-X-m_N25fJnOC4i$16-9yDCIR`YzHd5jjQmE ziO_06qdo4@)}0Id6bJ*ooymiOKIULAb7G&^6#^;I-l{tX+!-UQJN0nZzn3V25 zOqB!r1kS0*x+Id5ve99fvuFVGX`6NQg!(|tw+nwZH`iS#r0lFGo z_eO?Iuga(@|-BfS%tUF0K>bou#wYma-s#hJk*FH70TS zAN@MI`MFYE%h0-CBuVm{8qs|XRE=2AKXx03{bHL`_DI^*mzILJr8MSa$2YVYB8kIu zKKx*}N1JexIBm{SY%K<|e*JOgp`oFI>FAPOhXNk=8nbk&Xxn#+=RVNhP#H1hLSwdW zTstWgFZW~%=eGMU3@Fexb6>H`1Cp_cT{N`e0_$`QD)$%Z{t?-h^CRC*t3Nolxo5|+ zH!q9mF1J}G_gM<`Ju&VSY}S+tAR{4_%BArR;QIxbMfYny`2f~us5bNvJ3d;57v$;| zD@DSDNJiepz$lyO%kcMfmL&h-Pwu=sX!dU~TK|0fxiF*dc3^keU1?f`$goQRwH05| zHSGyVk#?P0H5Gi(WW2nSMs@4$>eIG_^f)fagXd{C7ot^gN?+fol~(p^3$A-aK&{}& z`FOIh+BVPe=?^kRd!@J7SGeco3%`w~?M;yrr}i3}9p+5vn(W(S;{78F-H=UAt8lH6 zExpC&OzJuK8F5+$Ez8f}cFZ-NLvjpH_}&yog$6nX{?b1`)oXYR2hq|7A5wbmH(oL1 zzcF8_?=xajRb4-R-|T9kST`-FMflRtiDjP9WG2|yZ#J0h%G`@=TZV}`Cz(?+kMoN4 z-$NH4v!TiVVCyWK;()eoi$idCcY;fxafblG2?Td-++BmaySux)d*cusg1bx5*XP!g zy0>2KKfs4>dhfO7978-Wiu>GzhpZV-bSF_ngs42o%k)jYflu&~qf%XQ4*!*@-8TZ| zs&43S<$1zi5e&?V1bM;;s3-|E!FzwZdn_Q0g*cu>Uq}Q5cBBM?O52E3Oz$i}Tu@?c zWEfTo6+2;f1bvuZS&6=ydmP<)Io$`j_%Sf}j=9IGOL$ZedFUsSu11rAI#J>Ep>o!eeeCj4&vX-@0>?Ju^xicX|2Vgqv%~FGT*nH=++N%OxHA z9BQ^Wn#NS8IuQK17P?|n$4={fI!D!y6jG#zfjR&hZN6}*T-v8`+KEEa#n5*tLj2D&6(RnlwcP zg%%S2md=D(oZDh8yd9OF_s?s<+CP!3y#^qxYMkqd5Ud8QHUaN(`G z58PI=pyF!t7Z$)9`2D0|MT}w!Q_FB*ZlMzvOfmsjE4=E1(UZ*X@;XfsSJ%eyewBp*J4J!T|nkU^h9=*DkMJi_day8n6rM(jVrtqmu zPc>=V_CZ^z-`f+*D+3ZED)x_IzDLv9`R6C}!lT`6m0WO!<*nB)txHi83K+QCFa|;Y zf^|enZ}rs8`39U{G$h!lrG5j5x%Cli!J+P;y1>rBwqY~Io|w<}ij2=Vbq#)dDXTD< zk{p5U;;BlUF+4(ZgRjZTvgVunx%Pip0HM$T!evS9QvOUpF6vfv@Ob%cw!`dE-O$Hj zr~h#byYwb}DTzkV(_1_K#sQBL95LgGDhlz!i1d=2_Ks))@%7HScB`$rZdIlgAjdj& z0SVFZ85$OzbghsrWwvdgOQRCkTH_ciBoCb5Qj_koSuF^AnE!W+H@TbpH36e3oc-xV zhNpuH!>3YTcpP86k7_3s(i`f-ukR9^NWAnO@?;zuwtpYBi-M;Rn!kv%!}LJ=v9rF~ z&bv(gO&7Qxv|Mg%eg*9q_>C3-;=GO>1d8ZJ+CV?w5oJtIYrD8dd$iU3yUXfvhx-HV zc52E*;WM`qN6WSqDy99R)53SPQQV)8Yt z=i49dxgR&+6s7UX+(u;?tk9_UO1Y}Od&^m!&drU54xmXHpUOTwyYiYZxBg!Lk?(3` zi&buB_Z>Z^enw>_oGG~p1ZeA=t)NA#9|GyC^ro!;z+Yx?!Q=T*-A~9HJ{`u|oh7SwP^8>IU#ttMljL=M6gTKo0E>SMU3w7M zf90PN$2djePCBn>O$3$8PeJ0s{FbkHNUQv6cI+5ASskR_t%b79fAyz+`i3J;Zprus zdxxA|KBCsex3r|LQBE3Q8@?$Mu-8X2vvllrFOPr z@#O2CT>`UrQ?99?;2Ms<@XLj<>zPLAnoaAr?RL*zrt7F%uZ{Q&5p~cy3t09^!F?1& zuvT>9^FB(OfubcdF2(R$JV={{XTZqcc;Qz=`B1JT!|)YYV&E0(cDZ(v33l(&FM#-; zygP4b8Q7fNX7l=8K|2&{OmLYl+=cidtKSQ}5qRF|kt{OL=;4&9o2*tRXcf}-W#N3$ zNIU~j@afo``}6-;@GS=5JAFqgJ)&0n4W zOV%>&bb_Ylj>Qi@Jq@oXl%}m`yY{tH#Zmc~b-`r2ah}?y~SlsJj0OZSma(O-INwgU%lReSo8|T1WmO_#4w|WpgF(weIKDD zHm@qTrv};e(6Ukw#?P$NNU~h1aEBjSKo92=tylbP4PW`u#9h6<7G-($tJfFW`uQ3I zgr=0SAmk0&3vAq!+psWRdSr3Jo|b z5uWk-h#>@s)lRVGpB-r0+iNjsy0+}2gtXsutEca< zIVOMd^s)-2qS|IXAI=YMafwI%w9-3;KU@j-_1qq4SH%;5YpJjyOO$)P&5Bpl;}HmQ z7)?R9^T+C<8q)RUM7w4bN+(*D)PcVe+c*>@ZSW;msnDm}B% zD)bJ+udXYjqEgi5+lDiWWfGBr>otYV7OTs`yK-ZlFAs^;KA|;Mwb{*<3v&lFS3y`d zYtD7tHvC$Qn|nfV6fav$;vCH(#IHscbhvPIhn>sH1C?OHPnA#S<3K8(>+6NvAD&*9 zO#bfz{}%mp58tjY`7f63K62l$FUkH~=LcnfX8UciW&Yc8)*ocY9aZfAvyu~Nemn+^ z5-_MeOw@{$TbVo&p79O1`mnNPAb&u8^KoxkFel2b210y&yj;joEO&y1md~0&5=ea@ ze@0^Y?L0<^)gdD%-$+Df)Kz1C)mzyC2j>#ZR`4!g;Bm~E#H---GOaT>Q!eZpP0(|e zD~7Zclwz65&h9oA!(KSLrrG`47LaNlhG3R8MxL`rxJTeJN5c(HdcE~w=GWx(8Tv$)KY&N+(NW5hdf%wp0kXhW@kux>ju zmTkw9wz@q#bwt%~P|sTRIzk$uU&RkY-MaKMv=N(dY9N2P&1+b|d=TM2Qy5G1#1K2g z7f^TPU25^27|-JXA~CHpt6FUj<&YMY$Q8i;py>a5(60_B&Ew}X=F&$FCptPq)E znV}X(C&Q9W-9am`nb-y%)ee?O}8{H zCn%25n3#eaCqB6v8mpc23z;M(2N3{ag z-Bal0gIBG6L?lFsP{|m9A}OOyVCH(Yb}@n&#T`w=^N5{}f?XU+8J*M+tOB*Df;iO? zflbw5II-Aze$iU`ylS^0y&7I07EPV$iY-u-ArT<8t|J}LterUtCWo))HNtDl5dB>S%rz>&|FwMQ15sly=wxNIMBdW-aXS z;AmA2d~IfINS!oDriTqGh%UC4jk^gPW1T0QhhyWjZoXD8@DoCUfr3Sw0Kcl@dM8|E z0>a~i&!#vhOt2;TNF`mhw6GWkh%8W{C2?g@lCHmeY1V-xd<=fE`dSboycJ!mHEjnw zQ7o%+yX+=#y*&VJpT>=aiJ46r=z$8X{FS@&jSGu@^|3Rs-8eNz2w{W)r9#@`o64zx zO0TLCS3GlH?_?YveJ77hK#PpjA8r*ETE=3V{B3x%S)kS)SFwrh`6{&isl{qR@$UXy zzA+u}E1zzIbA9*Qgq&@W&1OaP0?!4+I-KmBjGFaLh*9Ybx6PUd(JV>1t9Fw`eg~)? z6me|zm6Y8J#N>6bl$x#QcD1#4HAfn+RAejNFS#fkG4fknx=<=w;03w3q%`d=2mW(b zs4L`tk$%;IB|LS0-Xpfg7+HjU+{K-S;kG=NejMD=;J1FxPDomcxr1!R>c4xH+7%<|8+q|NB=|4+a>toRVv>~LH5*-={}ww8gSdog zL5j&vGG_b{dz|5Z-tYSe2ZA05y<~F=PPjJ&-@@gk83`X!%$TJo?4$7k*bhKLUJv$s z6bjAP5cU^1!GOr3(&6uLHJH<(h9&9y$WrtpBUwE0>`2gh(z`-jvlXVmP_hvn6Ky1d zhdv$^t9dxf^s~s^i`jSQaq%tK)Hp8`LateTaXX@{qipEEq4YDBSTBR)kz?{7Ml)Qr zlsz5CP|!=21>KsB<{r+%_p?fH`V9_sdLrB$F+QhA5g+)vJ{}6=qcudH@cMnVzr>*s ztq@U>r=&^xRkNH5Q_I7te2 ziGQ)o6Ac>q=p+|jQITN0UTk(G{*}@`d!`@{JPi>-*1vZ-Nq|ksPBabngj+q z>F9*5+bWT}x&>Z?H;p7178w?*F}y>EmfvO&8|dizK=|=ai=X{s{1fj@YXGB@7smYTb1al7j=xlv5KD1LS6kmWy$Jo zOUrxHU-cxI2+K96=AFjp@WXIA<*Ns5_hBuAJ@0&vk4Wfj-}1#elqZqEP&NeEuVZx8 zD?A7W&{V8IqO>uo5fu%hm_mUtBzTRh3ItUKjMbq1j0{mGhr-%h%El~1KUByVtn-(^ z)6}(ej+lBq$dJk=QX6V<+NRiD!aY{!<=#(`v&~ngP!z6}?@mNgX3O(ws`seRu(@TF zS<;tv>S9uXUO4ss+G9}1r6TsLEk2c#=pzGvvPfaIci_5kpBZ!$j37-FdtrI)b-?++xOvPYbedQ+V`$6w?cI@b2MQuj=JmvzQvmc1QY5~2`I?<=~N29jY?c>#4camY}1e>CDdg#Y;c z#O%SIjNkEpIQJ;wUv3B~C)8is^1gG~Hh;KSUFWQWP~3@P`V9tPuTEsB$+211{@|R# zkovWpi|^$yFWGYgI+f1wA z3wa557ZPPf-`?UanZnOSDcz2?S--`XC&XbE!?{}Q3-j7+Fs%}QP4?@PwS9PvF;2Vq zR`MR=D&T6VMt8-~)5NBDPnVkYapGT$XTQxpj`D*@$`oIc2r2Dx$Gq?8g!mE)iJ0B2 zglxoqN}rZe-C8zULNn-Bt8MlEg7@4Ah1|*ug!ivT+8OoQiTZP#N$Wkh8=B@$X~%MR zpZMCJm{_rbP<{NE|KBkZwK)0gV%EM?;URdgtHCN5KgB835!<_Mdo$d%dLQc2JVok zU8z5rZ+TtmdhNuAo&$OOmOyG>&A8*}dA2>z(2Dw+e4P(ec3KTl|odQyp5y^|~GZ{1cIdWBXj7Pd}-|=X$v~ zOeJ(Ja%A06>+_(laf}f@5RzdbmPCpVEO3OPARm$tofP0oska!u{Xq~#*dYcvOo9q8 z(QLx3ZGvLLCgBjzL@Xgw@380Tk>R%7rRJtX<70L?fm3sDvBVc9VHDHvn?xRoH{)dL z?&%q_hxe>YUU=8x5*$%=N~wd43`M^k85t|lmD4wu(^T;{%Qfg22U(CFpe%NGBt>}j z1uu{#9|18rq{wmN%r&fHoh92)$iM-#arBzqXFhG2KVxq}B$4AR0 zd+*){j3RR#HZ?Aus$d@W)@FD%*8+pUqTAmPd8V#G4W@Dzqfc*(v^pNmy&6mhJa8N@ z+&>lQikfM~Fm(KD{ekpIyrl_aQc0KeN5W|j0q=Wry^KG7>^gtNtK<9b3v__!tH%|nDIS%yHW1u{HXW>qOx}v6$LYLb^7~g>z%Z0LRW`qon0) zkz`@uPSpT0_@`k?GUCH#2ZVh+v)M_+U)`*xMioysD-dy-%wf{6ok{OWUF;l#&v;jF zBw3O)yChJ-u4FY4_7&DBX3MhDLVEr%u<<@W&!BP-{Z5;-*ztf|6;hzkY!iDIqdEx_ zZTk&ap0$LQvnMo4mj}kL-(R|rkmF8ac@K5`GjBfwQ^>yn-9(}Ohc)&VmDYhQH zem&H#)ix){PxInXRr-8`y}RIV^;5jp*dEPhHZQK-yrt>9gBNbG9bkmU-eN<~DgxLoBp-FhFq>fHD}5_=u8GX{@+gCD{!U~0xv z|JidLwdu5?*lmYDyfZBz?(>ERG=LS$bu%Q5!@+k_S;+X_!}QSnol}w~e+QHlkE2sT zv-h>mOs^q@`O!r-64!=lu4k%*p?$F-CiPO>7bC|b3AK}J& z28IIOEA+0@o%F)zi}jm^or>mQVz6_jb(5=`f7U-G9@{+gc!xD(jV!?wcuA6JbEiJ@ zOKjwK(IuoI6K0w|53l}ym{lh*{@(0C{q+F>^fF0zO@=axgvyi8D?=f0tQmy&&Jy;kxtmIvn0369*MEE<_7-FWrguNj-^HZ%oimLSWO>;4 z^`UoazWHqY)L6H^x$nGui}BF~zs(M@v_8M#)DrUEin#=%k|Zdf`ec@J&2)QapPYOj z*Mh!ivRmml-B@2J(ZZYCFHu<5(vb{^{X*4Gi{)~N8iGziGrb)Dry z-Z4M{la7_t$8Z)R!}C?EvpP1m`4BAL4gD`{r!K(vN5`Y5*YPgAu9N}5SWr$X%n!`a z;uo10dfOWz>Y?7-Fwu7dH@MYa4_JMTg#WG9R*8qk$U?s%%`|cDXWb2X1vbrIF-*Mt z!_$wu>Gt)HE$*&BCmYBXAGnhJ`85)5A*tG=m}XJt{wiQf8PRim`Nudha_==iC9#7q z{X9Fq&6=xy5cyrVDj=beW731{KAOq#2w|5j_Zr$=l2dX&Xl7O|-{d~yTctn+#vW^1 zmx9!2GqAON55MV`9?ed9vBI}JMiUt3e|QAeo?t0yx-$p~n9i2tgzu{#of2Of(tQp6? zFQ5#}VmiaV*MYnwp8s_U3m6bgXRcrQJ^?#VUNWn^o^m|(=N8v81@F!iQ8kX^T#j*! zN5d~as;OK(I}0z2Ki@LncS42hNd-N5uOw{eK8zLL*M0vbdTrzzrJ5k#t5E}lX*WhG zYPFj4YOhhUGCdiMeDezKS0?gf_-HMw03Xp`dxlmh&Ut}J6KfD=2jArAdbW%Y)JyjJ z)d?1~+xmH&PM~I<{Z-N5&@>x9}e9bpw=D}@rHDwMBGPygf&TE6< zG(_Xt%=dsG(>xN@Afj2116EO#=X&B3-4Q1LzhUKnw)+3|w9KW0fnr=cS`8|@K!D0c zhq8t%-dZ};CPbEmR#g%p6)0Pj4^6UlUcs!K`xsrWyF#lf`)F3rVjHQ@04;=|9f+CQ zbg7zRYnwl9JxQ-uB*po>KDMUFa|%d)#ei>bXS`_E(7!=>k>o%(G#FkdJeWjc6*_wI zvTPKVk|ON_DaT!I);6iCIAW#8CnTMZpmMicUwZWF_kJw5>q;-p^)1Y8xqXstP`wi~ zK;yCKSxlPX7yRdS>B}1Tj4W`hn^4v~<6JfuV^G>tVw{N}GYskr_GQ383W|-I0x^tEKMj|psH*&t zv@%MhMLV`rcVt=cH85SM3b)0(%gZwV4pR~F3TuOR* zfZDIcX46@RxkcpA@JfUQQRE$n(jg0y1dyx<1#3!};Uvdbc~L0%JNQ=^ z2gSBYxH}R>l!%tcC#+n(&YOv_u^Sn5Z8Xa7CB%97{yV#`2@FsX&(}-u=zEQd*&SobVFDH4oEL!*LAXEewa_{{WxWMvoJiDfH zIk%!(?Jqum)Gmh0*AIxmbg(h(Idtx+VO;-RfPZ)A=%Yhq(xl5=hzn99`hlBakAfOzwRl|b^Z`z1mXs?5Pr5&&c{n@uXFluYohtm-sw1p5c+}K z@qYgwc=S!5U|{`yUmDw1&&M(m_io0S&ZXc>t>1Gqc;vA@t^ZO%lpZz~%oC{51n&cZ z6=l-&1+^5YK*()fHZ~{L`Lwkisps06-{zBAv*ou#fF%A5QD+|0Kkd%2Bdu>AFHK%E zp=-(7eIHnAJUlz*<@uJxIQ8Xyk633UK!h< z=u2yN&fi0BKovsDEl|uf`2mvyRwQ8CXz9nRI5wbzbIVzz8Q;zFi|m#vx@VZ-H1@TP z1!EI>fGc_ms*Cl~fc`EHH^3r$>A_E<=ub%b?>zwWMKl700iZWrYJd9t$FXQlquyRw z;45jH#%=r1N{)#%zL53r2C=53{Nr!J@I8@HT425_|CBx+Qe8Asu;CH zr|U&GvkA7%u0%jQuv=ve90w;8jD8j2J=t*&swep1SB>GB>AfvDwIVl`)17|M>pU({ z2JL;`<&Ns$KA!RP)sQ+RFA#DyOP1$vyBjx5`uF&}u8*kf2}B3ENiZfVLwO{XmQBHv zbOabLXc=DEZDn0^ZOWr8&%M}wiBfe9 zdYUf7FIaakvsgwr57)!_BBB_n4gQ-oRbXIA#be5@jfmjdAM8pOdhu20f-lrFn%UM= zskPIx{R^|64%nz5)hf0|j#ymOf+aSKz6ax_?we8FGj*;$8{J6#b=8kPgyYD)UF54x49r~Y3*L#()O~s>g{fA-E;l3re0~&eW|PskD7%nYI>DUg85zS zkJnpo?$NZ2o{@waR6tJQ?$c}cUeuAmUY2<_x1)FG4_zVa7}%XfSUjD5+{tnZI=c0! zy;>_2u|+_W#Nr!xy?^18MMNv!Q@Vzh`Qb)qF$B5u#JgGCeotkWPsbZI|jIfb^h zsWm*R22e!ee6~_u6Q>;>n8_jdXRSQk{a9+yW1ob82JzNuqoEi{etFjbX(~<|z`>*` zuzd*e0@<>mO=WyJPlGhXNjPz%4ocKoK>rzSJb(IgGFmT=*Q@C;gcOZbfIegOtKQOZ zG_gxh^_>N0zL5EXG^!n7OGVnjAzycJH;`R)As+_ef1X8Hge+&3%KNlbFmJ&9V^?S>}OnI99DIdKo-*ZF9`4wkVU ziE5Q+_g)&RJjh-j;QlScQIl_BvhacDVQ*fmSv?jSV5UYRPfgS}tWtv!udStJg$Okt zneSbKt~tbM%@R5Z5bLIoBlA6;iEvjw6}Nf0p`@+mR1VV6cd0JUH3#a_`8>jA(N zzl8AlpB_os)r*06dgfaPlC3Y*KQLwnOhK|#ln}+HSPX~seKJ}EqRP4T1E%_U!OJRf zJ%!)J3_NyWv6yV=FsN;kJkeo2MMZO7Pd+~uRk&s{g=er!X1T5k+Gcb+N7nqeES=&h zt7s!~b-YfJahW6HfrsEyF`>IfLRsaq3fHZG4+sQmc*@&u2o&S9y$5N=;(KV+>Y2vV z7mjAz!5s+65_Fi18*xreWe6_39|XKk(N8zxTbAPm<30CzxEJjVQJ8Yi2)Xx8Vxm!c zCaXQr-z!^u9Q40#q}|~Ck}&f#CGWGB5-cJ*rx%B2uv2a!Lc>s{zTB`RCY+F_duE>f9VB51r$O^@Jy9qfMk)p@^kIH~x9&6=7C6*VQ9=jgGN z^Nr}zYNdvsD&H;Y!z{P5rvyN(m#zvwdnl~<7I=WC3VPN5upZ{bxmeVR&nyb)Q3oM< zORoxwG#sS%K9}29KebmB=OXb3zIRWuBX`AmO9m*MkgpO|V^n~&s`k;W zpoz`(*uf5vxrG=1xzqGgQXX?Sm3ejEgkQ-nr@1c$8upkvmK1B&a|O-g0n?ds%m?2v z_IFI+CGo_ZcIYu0@dLsE+nsK$#ir)n$~tO!=9tWD;SY!-diz*#6gk_p>B03WSMT+@W}fb&rwghgi54u;%a};^A?4Dw5|IaV4u% z7FsOdhhAZqAPG6A!!D|{RN0gw!i|Zh!zuk<&@)tncREKnITaZB`?sd;lu%oLAQx}U zkf9rxQC!+>MTyZ}1f;O+hv%9hnNuhaUGH1O zJXKc^Pc_77UJsWx_fmoq!l0a+l=aW*D}0h3hL_i=qaF)XgljRxxzssts>lXxL*A*) zk}%^aPfjxsTULp%i)INii3=qi(MxQ<>nN&N=i?($ZF>Q$x1=}Q zuzZHV(y}b4Im=Q!FQZL%7;&c#s>@*%WqV3@Mn}u!j{7XLcFzx>(=r77lmWnbOi7!l z=jC+ra(tAmp6hZCyIRP3)_{l%6;=3O?WglmG)e6bMe(UQ+uj!wj$}U==;fCwRv_(R zk};?K{rhI_$Bt{b;*+Z1FY%qRG0$@~rYe`N4Xg6*$P0ZK?Wnr37!}hFnZq%Naj1O+ zi~bIXLZ;^^Z!4NYK9@fkvLiYi3>38;^a*KaV2?*idjxTO(y87Yk=WvYAZ zIo}Svf}ak&aKX%X-}oG&qc4<+nkyKqXDb002lNo#wkumvY6q{$5rm`ds^7l7mxrn5 z&p<-`_ahxD5(Xi}=RL5=2MvkMAF*snZMVH~zychPjL>6nW^7RUHF4cftB^S~G{kwY zYc4Uaq|>Y1P`UD#$qkSnF9+z7iztS!Nymn6-MG~x`0kl08icK5Ey3=pq!ePWjvYK* zA}N$EMypcbKyrY0RVON~kHNrf{R*;K?*p!s$(v#aM~3oZ3^8!TpdTcGe|;wSvAwf+ zf2%+qpgy28x5*LBm657Gr1AakQTmJc({~{>3B*uSi7ZV|rDR=rF5W-+>ls)k-`t_9 zX%QM-OF-z7JY5@2@%ZClaCg!n&>x;9cK}Bo!D;;M4-8PDj{y-8;SgsSdIAaC!|U-p z0g8S!s#_p*o(vX2_EloHw>JC9O=fO_to#Cy8NpYER2;&f;(mYRU2y zQ5(Y{$pFP~Tgn4wDt94(*n{YIH?p!2^>%-V zDhPj_p>F=r)Od(htY>_w=|idwEAUH+X#T6b+2YG-t9UirTMN32rakqdV<`LXC;vX% z%esSQ-X{f6*#@;Ss_64>FYSH3@E2ANN9OZ>Vh|VnEMkeeYmb0pWE$gv<~mY`;(ta_ zmh?I366>Yx(Ns3o{Ro>Kv7r0g8yEo*m_V9lxIaQa2qsc{(r9@lf+88wr=hT(1+Ma( zOHi@9eBZKgVpTALO>J#k7%(nKmf*9>T3h56VaAH6n%0}jvVg}ByoVk*?^e;u;~mua zLwqCntqd-vIWhR;*?dQgM%J<^DkP=w_GzABOy=kKK7EV@Tj0P-;&r1AfwPjU(_(*@ z$Ccz&1S&gW$rx|Y!0Qe#Y=*xAJKyHl)vZElR?e?`Q?TcG8f&85o;^zc2!dFR^YunB z=46`S>ZDGuh3^TVnIdeGHt><`0ezxj))?uVUIfHSWkG(Vcm$XYxxB@FQ~_8aX#=4YK|>HvEfjGx^}m zH(Hu{Fz6*3LJ8*?YR}{%oKvDDs(Co!%eC62GTN1@``{#T78=8tz3d|VQAepMV4e$X z)+%7>qF-pLBf$h?geq7lrP{{RDr%IEhK8X7zMVdve+X4z>9XNdM{dS0}g zcC=c&Ef4-sQ&+KU6|lx-8#cK-Iss_z_^X4Z*TNVI zT`A@QFrjtY}WKss;<$;0w#xH2p?gsf1feB<+`sSEyC|YoRYes zd?7dfM5ayEt6SaV4#Mk-?fKeXL}=O$R-CZ7B{~)J7hr!roH2A_wJnJdh@)OPwB0S) zQ3?Qa%I($|Y0jN8gQa~Auz5Ug)tu6(zPe^+N%ToRV;Rd>qhF+JF;qgFOss#MSX?F{ z#AQec(C?~B4!|GW0`P89^qTi_F6jDQ$X~)0M~(!z9mqE4KMDA1{%#5jXf~n#^s&LW z4={z*UwTtcqeHx3)m4BvtRxb zA4{PA2b{ycy1A(@1e$|b-_7WL%JtkN^I?jcfzgc%hWoV3V{etlTL*;2b=Hlg;NS}t z1H-E6SUxUo2sGB+`Pov^>RpKVUnc?R?ZD+Yc?qJ%5^XlW7*oI9GE$R;noWLYzT7L5 za8Y>Cavd@ijsK4t-30>5cT^v~1G592{CXF?Zn_`|m^tCvenZvKk?Tt_EqJ?=yW!Sr zAHcYkbTr|5Y~AjHr1LRCV!Jtiqyril)vXlWcCHTns9aCx86?@@n7*hjZJLNC%IGio zfzc{gBtlhfS+pa?I}XP_?(<5t?fChSn0qEr;4Eh@-Gp?3#qesk-MOyoveeu{AiWzB zIG=>LwpXudf&~Cx@<#x+&ZVM>s~cA@opax(j+iLJQH1^QvsY^MOHoXL4D(5s@_yD5 z$_a{X*G4P)C*}<9H@&ZyI;!VU8bwADtk7M$iYRn|nXJV)}F7~%7!B6Ap$ zYh|`d{Fz1fx>N@U@1?o)J>hMXFZ)2*+JCviA7pY~k(7a9%nJ(M&s@LxbD^NC9>_)Bm@e9MlV za_0k;UO`XZThYD75bNB8rY!I3k2!IA{u2#w`ZDUMzi>w}$|sZ3O#xOQ>iAm$Q7v`R zHpaUYqT~qbCAwy?AtHc+mHRu!cRuZc3z?NKg5VU*s7h0!6uKl$d}W&DIiTrGP(W#RP zQSpk75h|TTJC=jwJ#U*XH365TIdvcz{%_@9`hM@xmw7RIeQctLCvqnAltzpi4+ATG zXh}6);?#uK*Rq>X{o(EYsC_hu+X4J=Mq6}&@nuXeJGs!I@{c(C4AtiO(MX<}}RkN&7Bqp>F>JmS8bwVIxn`-;Qo$Ir7!zkB( zchv-pV%sOWDGy-DghidKR^}p)>rVS)N0ayf+Ry~)9TjId&|n?y`#kdN-LYYV^5>$5 zkY@(q#^-lLNpVaPo-Xmv$bBUd-6_Kq6YATzJt^7d6kn$iA}#3>eh@?SawlW(#dcCY`hM=WDd+ zCE1Lk)1D_?m>XXE-`f{HRMU7ydYe=AZl~7uG{N=e+`5r(Cww3q?T6oQP_g>))KF3H+YbpnyGZ4m10V2BmwL5As&9 zJa?n2b-Mw3>UxT}S((Y(MDQrOCQCG`E8Tlyf+W>KI3`o!J$mR1Kuh;c0J|%UM|n|{X}V%S{%Jd99+g88546bc4YtHtU)sAD#MHWVTN0Hfqy7j9MH z)XP`u?0RtPX*L+?_!z1Gl7U=!XNs*!Zn|utk@MaocjX?EWHOj+TbW73W>IyP1{kzi zTauK9A+yi?5Z8isdE`_;y{A*tA}cw0cpLEQ zTl=Ub!<%;bLhlF@)Zb*u+OeXSe#p{hAINa@pI{6FQdV)~Rzc%h!g{MyQ1Q+gZ7`** z1ola|N|Tcr9YcwJ+GF5D5a*$iY=MO_R@7WXG(a{~^=CQyXg=Rfc6k37qa@Y|FZ&jE zNT9D_SN0Js8ue=?u zQjk6GSb%OxTd3Ba#JCuF#E-!zL06D;eTS4Ssv+T(VC534A~x@;%dizDa<5W>T(RzU zUKf_n!TZbm1WBLUbWR-YeJR`T1155Rxcx5&!`65H4Sgw)EdfDIE%rKO$KBEzQJA7T>|lZ^PJF)wV#)z#HY(>YeCH&zSqftr5V$qo0*wg&>U{D z-DTc=X{0k*5KKI+ZnAIUSmjA=Zw2SJR{B7TcI#zH-{?4Wo71Q6P39t~Tpcfj0hyeh zn*APA@C&O5MXaOu~FylBftDmu$0M0tSIFB}S&--2 zFRhKKa9HBI7YDtjGk99J@k0P~O9foTO;?nAGK@Y2d2}=^F*0MA1<&1qYlB~i#lojH ztP}HbsVYj%Kc_-{pzJ_zKWsBiI7*6|e!P)K?C$}BKL*;7$J<;ZJg*i?VjSE6qR+ zIm6f2*Gm^mt4yvI2_J_X2DsXT$<*=LpH>kDCe&}8EI2cC`Cizwu&}(e+F_5>OYRlO zokf#HS38tv2vG$1i2Wp4xTxPxqVvnLLAS$g5m*?GuzTL^42P!9b6POsYKEdU#nF-= z`^#@3McEu|UIIMDJqEFqBp#tuFmU=H8k+^$RTBjwNxC~C*q0P$(`C9-vGf=UI(;d8 z6CywSBmS?!-?(7p!Ed5QJ~kE3+DvYS>W&f6FMn8$>VQKWk2XmV+>+(7g;QvNd2NF* zm)+LlGxJ;^_HwYz8g)BoaBj7!H5d>aNrDyFPpRA0TDuS1l#r5g2of?cy3trR8`fH< z3D03i=2`YcDy3P@ndN)eY5vNG))ZtAYm6Ebu)}0I#;)aX$?81ZxZ|`?BJW~$BG4-H zK`onEh|3yBVn7o?NLRTT{G7n9{;-MXuq%!8E_d{ZrG#-Vw&n zZ0wiI=lfHK@=^3R0nIl1fc28*gLd;+uAYS^4^Ez{z?i&Zr*C@5Cf7Xf2-4_rn#LLX z7m&@05pE;?jbqz6J|o9D_pM_*S&iIs3SGDJku{YTLXT{=Qm8T;qmzr+`yUKm+ zLE&nl3)drLvg2i@#Tx-|!+nch(0wLnEiu|fzIE$pf=F-w5og+!f2(6~30O+ynn9aU zsN66zN{X}v;cb8Hb$7utMNtrWU1rzoJ3>|xnWA2+TYawd09&b+$lBiC-U1SHt&S6i zz6$gzTB3a&A{}=xhya@pj4>Xv`Afq_FR+EzY(PrH+W~Ksdr+2R@tRd`mkaC!;|aO5 zlC^q1=W9+gpMxr0v7{b3*AH>U$qEB9vR-@z_o@$<5Y?l?ORU~g7#+Xr=)c~N9@J#Bk$PX!1?F|ZLi0_=$pUTrrCTg93$Vu zYn(vMrAUWjLxog4d<61w%Ar139PnME0SKBSLWn(eqFzOZ(^^^)7LQAPm`7hg38QIb zf?yrVLpT?xiZRaTJUi-g$ZjcYMw&)2sx)E|^bWr3urQDw~9l}J#>qlIbH zimo_0F;U-srvOXmXd4%PPRIKfD*bkZ$j*X!QiyW`--YrOa}5z4;lCXKJ9=4Zqe_eo zo}1ANmev<^HiSBM3FXZad7zCF$oZ^ES?nYx@Tul%^TPMOkgTJXt)d68Iqm-XjmLc~ zy(K^#QVg-=LOXIJSAX@4uq4X$mAh-t)y{pBWUYOz{YAx0b~TJLVwy~LGv>BLkE(F; z^X<8`1*797q;lhrvhfeg=v%u#JNcJ#;1Gf&+xt~_uY-8;&VWHClQDXxYynjm%Y6hL zw>mxGd!_7G;k6wd0qg_%4nS-~^clB}fHJa_@g^|7hyFw6LUQ{%%E(BX6HYlUSj@29uQ5y5o0N_WTtlHY*E4DI8A%l&=36QZql6#aulbi_g`58hsI9_EQJ)d!$y>1bVcgw~k)!NqB`zPo zR~w~QyhfaoY(kCZ$0vqoV_o_wdwU4 z|4Q-zS*2ln+aEV>H9=cJAZ2x<`;e7>x-dAolSSSNeH+8?5NH-ifIg@1>rsI@zH{6c z915@1;BijRAXPY5qeECLHX~tZN4p|6_X%D(((|*gw)EMHFkvQ~b+<`Yl;GE&P5URw z^&F*ui@dQR`;grTu_TfSkE9m*9o|>$Ve)&z-C2r4hn}F7F0$kb*RL#p-~qEr?h%cO zqWy5=RkX_<-tTey4LNd+y4p8_lanRPrbS}gcfsr{z*ZPihPzQ}JMYZ|sZL6|m%_M$bQ z9Ki*_$9-cKD(3E6!F@U#PlD-VAHkn-WnSBTsvrI+!B_DdnN9;#Z}%g!00mBN`&6$i zIYlnMJ7m(K+&ikr2gi_a3>wPrL3cg!-~sAJ9xA0fQj%G3m35*ZUMP)YJXBZuckEC6 znt0=D<5Q6s@V|rpf8jS6C*Oank_*B^Bq z)8ta(oysOblRN^$ny6Hlk`wbBj{EdPcs`44!b6(b~#a4_t5Ssd5#_bB4N3L6>6&k3)R<*U)sBr zmPgn=L6!;l^$j}UZS7FO&93)=y%<2~R<~fcR-$Ej)iy)^iRQ2qC`kHXmF>m*qPwl zhIV0#t(ogcNBp;OhPY7r9D&v}elqw&l!G%Lz9~bef$#Rch`@F9QCD{JYt4sig?C4M z1J{;C;`|m8Y+`QrmQ(!JaJ+k`bEvqq4J8$e9_&!LVNzjt_o=k10NW9-v)e1`>ieeu zw$-ZIRE9=EwlQGxG3w|eWSbPF{)4bhIzrd~umD_QxrlEE1kS0ud^67%b;;Ri)a{eG zM#n_0l4Ug(!R6#V9v3x!2qii;>_#{%yYXkR=M6ILo})|_w)H|;dsLR3A`}}nij#h4 z6a|EX!~8gqFcqFuv`{16@X}ix<}K5HOXELSA~(*c!p4p>zv*SBBgj7dIMYcGA-E|( zHCFH)*U+Tob&7>_`yPcoRWf6G4lQ#2D~aFxVIr10gY|s|$$vUyM20UskU>!83J?OF zU{T$w^jrF~oxk;G3!xe*9?#DxK{t?3so29ibN-6!4NH;)+jqSZ>*h7Oc&y(ET}8h2 zdhiYX=slObqpQdM^69^ZBjuM*Xx+4MqXn`5p|pM3fDsf&+FCfRwdIh446^uNF&vb} z_M#R;pz+hD^q6wX^;7rS;U`>9AG6Y0Hb5eKnU?xH_qMuc?v?&4q)U+8vh*c+`OPES z?=cpVn`$VU;GB1eK{V$h`2DGd`*cDvQvDk>x8Vkqy`1I!(9v>H0Ig}U#BFce;bPJ0 z<>|WufnZzlr`SSNDY&V+t37^D#5eIs8Pc^IVj1pMLFkvSiM-7+PBGNq^=KE$mBE^{ zz}Z(>2unhDbZum{W3zzBdmCCS_;!+au3vgOf9ci-n8R%XH`R3eAiWC`>g-N$CVygN z-7&L2`p?9j`y0~MOD}pFgil32!-mFimpO$!_b=+; z)iCh=(1IcJ<37r<%}mKrEjS21b|S$@zMpU<8!L`zm+icc3gTXKI=THL$vL`Teg?; zYu6VuD0k!z@YP@z>)hy~YzJCu9(fnXLHxm4(MNseP=M)-WITD9fY=GV+-$iW%!(YruatDPb9Ko7Q-Lt#+Gi`8^u@c*S#t7{_1}I%3<^893 ztd(z!Q^v-WzffMb+hq!g&&M~S!tWyFzn%iZtbS%iN4+f>_?8&qK%{dd9Zdo@>YaiQ z%15n7R&crmH;{}MZ7&z~XJqN6b@=YjLi14m5cpBb28Q$QCZjU`l+(Dr06=0Ti`Ic{u;xY03od*1W3|JM(gOC(;cCGpd|FC6Se zGN%?Rcf82$j&X2EF@fH~eUa8c7VN68vWa3Kv2B$MF=GkRAgY zY2)0i;n54)zC%R{aZZr84I? z-Dzc!ISu!x@yYc;e)QxL#EL3t2G-k_{{6CzYWW`2MVBMUd=>ZZSC4f`BL7cg1SZBg zCjx~sMw;%9t@O(#;Koe~F;#NrJFYzNu~{u3^Ji<2eaj*4YIpaX0*OU;8XRUom=7P( zx}*!DQDm-g8uyOfVAr$zPCJ!wmCs@PFg~SPVI!5{UTW@bVQnsf(bL~kGBQD#yd5`} z*iEjxRGXI%@kRYlN_QS-fpfQckJ^DBZ{Y+9JIC=!wex))qMC>dm0@Z$A|O==zbS&MOU$D$6gqCuDSb#cn&xA&yuop%E1f+ zYjx%og}-;2rgMtxZKs{Q7mh~F;JfQ2hfE`ukWAgo?_Xr7zDP9fV-EnK#bJ?U5t;5! zOFDav>YKk}k*fyz9N*vQ$U zo@n*TFAef5NpENcBQB2@-qRomEOLX7)=fsV%^~{bzs8oNc)mQmC#4>`9U`)iICAw9 zrPSW8iqM6-!p8-fL(f|Jd$NwysKAh~OLWQtZ%cfJ{l7q+}1^@ zrgg`-K7xlroi3@J)dikO3LpO-F8|fo$(nog@ZW6O^}mVh`tkbu*gw)f#=dhx5cV-~UKTyR@VsQrI)IYX8Bo`Wxr*#@~Ybe>49}zeCHI~xvAH!li;IQbv z)17E2UpjLekzeL^+cMYDlD;+lc9hOmQI6(OQw@e5IZ`>uc}I(CKPf!*{Z^>5F#exM zvzA*&)WM6u!fC!x<IZ)x#48S%Q75998kJMSq;!A=aJEhrG*4 z0Q4WSuo~4x+%@E8guiJm@|Ihc6?AP6fq#B|~t0!wX^po8{2w9H}j}Ir{XYaRU&C-~u z_qbe;P6OM}CkPf;;zeh(MC1HsH)i`kS3lWieDMXQFU?Pf)O<^_G6oQX!{RJH5Q}fg zH$l4FU{mZe+;uf^=6Sf1gtSR;!*k^l3^{%Cc&X#}^~HJnv9SNFU?(%1Te5!QvhAN- zxGb{!4A-^Q`F;ZePBl{;4mbMbTpemENtF^B){{Dvcp1H{zBA^@bgNcVb#w^m8!fAi zBEXr&O?t*lQNX2BZSVyK{JifGbBt&ho4R;PwV^#+t>h2p?^Qx;!6luANN=?94<2G^ zu@uBA*t$d(ngV5SPI$+N{Sw*S_zo{t&N6QvY!9Thseq2IiI} zqVGUnBuHxU&q-*??3H^9*k7xv1kzSA29D>L+K!L9M=iL&OqvYy`RKFROaBG99%BXirxbGvcd~lgS78MSo7K7?A&L7bdxghXfzj7Z{ABq?(iRX{uE9 zl0iCQUlumFra8XQb2mR+LD+b2$98qOAIp;2NZ(j;@r+bm**BT}a@1P^OwLh2GKKw%6v?<#F!nRrvMPiSZ zDpAQ0w{_uHBvP$JRt|JMm-HUW1&a>2CVcEqPZne7JU_`J0Q69h@P=U$**57+JqeT1 zd(@{3P$^9fFX>vpR2c4-zGl_Pcyo!wRcqZO@Mh$Zk&DQY3s1D=6?I%H2Z;W!(Jdne z{q;mp#JBx&f?jQ;jC>~@@FJ?Bb!ho5%kum?c)=SGk?QlK*iwk~Xe!icP z5%$Fq8f2XgC?2O`POoZ)y1bV{rjpSEMeAt2k$j$=AQAo#4}DOeYe2UQH0w;@3QYcL z0oXwh6_qy5!`(xuzpu&c?vAFC+H3!jy3>3hAEKAmQF_o;GPNKoQ8J|;miWI_?Fh*8 zLdcTg>M}oh6w=Dv?kC6gJsY+I3!mgkcYXmR;jA=}} z5C1>s@&dip5(K;xT0FUun7&FAeK(uge(CHF$X`Ek~wwlFYT>k;%h=y$zv2g|`jG%$(Lm~?z(-A|@z!}+B z$ldyeulFgV@VkbRE`e=M5X@MZL^#GOVK)?~NiL_7J9V+z1pYnf#MvtN2c=iyzvY+z zb5ufz5Cr?knKkVnw|#W>*8toMbq4X@*342hXN+-PH`{*^txEB+dE!*%PS~!R_>A@m$ z@4Kual~2BxTRkcWT4ks<=>Rct@xp_O+}-jkY&MxIC!f!}oVH8TkVx^g)?eS=Adv(r zO6UIb4ZDk75#!~2Co!PYA+jz%gpLy?G^yMlrC$rRpg}|`$js9;h(3l{4IBGaMu+_VGvbhTjHPgd3vA#)m(JmwI08R*{?wI9{<{-@5L#Y{+;&4|`v=vVKz)wld6(=DTYBDHg^5?U3@_T9~ncQI*J#KleTuG#Pdn$d^nG&bmhrf>&Hk_E|qU#P?!bfP1XDFO2*< z<7iJG29;DA&dS5X`qfSi(E)bMWm_=2j8Jz@q4-%rII{^Ni@JAsp z+w3V$iw-KqV0k~BbHB)x2F?~1py9T|Uj%xTc!_DvA+JnMIN`^2b-!+j_>#=(>9a`7>9Og6mB$dovxisuu3+W^ctHd^hOO1m2<{{;I%)Q)I*e;5?FmD|CB?v`~bYtSyvlU4~Q7v{BAx*ZQgl&C+^r{Ffz4N2#@zQ}#fm&N4meDmrdV zlBFsy8~;e@th-a%=9gYLk5#5TH+Up8&AfYpI8g>;ir*6?rmj?Q&aV)+i;D4}UuNVaUhm(otG!?Dgxt{md8~-v8f0fGxbI_-il=7_ z19k_G&B}a(?M82fZquNflAN0o5f7X8z$TwTrv&-)!$n#Df(k!#{Mh&n#mHX+Zx7=5 zd*`tOmF8-h+GsEiOWPw^36>w#Tt1%>3+PvyC~B5GcS~t<2~n)*+{^cLzDuFS+?FJj zhc)l`Q%VvsLymjw?+HwKDP4Jgh2QEL`d(xJ0S>W`kRd&0&7iTH)^8cu6nYF%fI|@N*iA6XsBVFqNl)M|v3aOu zbIA0}ttJj?WF~kw&%qhWh@S&VBnfO4R0TI+E(h&gheKZ6jCgoQ1O$nt{>UJiR8r(6 zxST0y>xF*)uU)wR?8&L(e^Gs28E9o4oerOahm-U^V{t;)jdzZ1HQbZ0wb1R?2fd}Y zWWV6+_x4bFG#g526nY~rL3u&z`{@STxd4b9NC=okZ~S@BIxY^&93D{$Ws{0pZbAC9 zFDbn#{X(p?AyzjHmN^XAc>l($ z&+X#0e(NHZqb!74t?na^QUjrtJ}#v;tBoBt3{UMz*yDuT?pso_7;1WEk_E3)o*M7L;bAilA7Q|aXUnO91pTwHon$)s!^orUm;K{= zQUOIQz;@^kd=%Vr(Z81@@0%=+ylF+c@&+5cS-2_NW%W+VB${^!p3C?!YgUa zRr-nDB^sisuAf+E7XLn8dRp2x*~`uApKjZ4RM_&9fUd`j&0Pb(V2<2)Cnm#Ya`L=G zr+G2|$GyyjGRwPtiPLD%fIzZCwk@lV_n=;-8^a}QuUqa7>z+WUyWoq@>Kc&jEw1>o zy(B|E=P%Kn9bn~pO4HEtTJxK~)->u3!fQS&3j>21O{DBHB=Esg%YUItgBFzk91}xk z-$vreZ9D8yp-bIzf9?$<-{fSPxJn^xWaKvY<8;xkoZYxuz07#^ZwU{9^a>EBPXRyPB;H%upy{j z=LWgci+q>i=D~!wU-0p%xN^2u-Q%#!4|H_c^zb(5b~Zh8ay`XH2H8Jtcv@(F46%6C z=lFqwK{$MBA~EF(rOk*50-%AVPhD*a%$@TU`VF%cdQFRuu|wu36iIo#&GC%?DT{1| z4)Ixe3&CGZ(763x-Uu=4GW|H>FY~0?FKJQn$K-i*)~~pCz~tu;VZI(QD({pW3K158 zB(>frq#a-L-nNM(m+n%hWSUBabk{zLlRnSNzkj>UEac_2PEo)1b`+u`{xMU5T2?BI znpQUWgjLH+(}rQbfB6sz1p_qKO$iS%8MMxuoen1g*G5wrV(>EmzUThfVws-h!me_U zA5klmX;S2Hgaz?3!FXqr2{L$YrKwpHGu%LuneIhK&%%geNM`@HM=ltYuf(7JTR1Gj=Zg;vt)h_&=3GxJ9N zU7zx)1A_t7z1{GA#D@wf|J8-{-u+^YS{L|F4$ZiwMW<5ZQ1ev7UOCN5Ls`wwc{hh& zc~ghHBEjV%UE~1~1e8&Em^@pq41T=r7K2~cbLh~C>??QMCaTo4V8NlgOtXub zmECn+7P1Bg$I-q3_g4>L`rA~w(#X!8%U$pAxSVx+J~wDusFDj_Y26O^`HOo?$9Eq+Hr~ztUh+!myZ&`T=f{o1Wf45lIXm4L+mU?Gz7KQ&iNr zXn7C}l|jx@-?&E{L^Y(}C^y#=%Kxuw3tA101c}!F6xOK-cZWxaBZRYUsb>(ZhpI28 z)#amonIHB`nbqP>N30pv$&LJ1_q*QlLA-ne3j*z{)Lah7D7AHK!Tz58#coO-i0a(N zFcvpjx<4%P3iiUs8u#TQ72NA15aL`%@aHZop>HSnM8xrdV@w+Z@d7vWQhm|rGK9BwH zQFKtNZk}F(Wn#3Fc{f}aN-^)R_1Xq0*#q3Yw(}s7Fjh(=HVoIJ=^o#UMwZs)I?Gm` zKV3h43z!cOsMW6qe>TYp4ne2~=#bbRC*1EA0KXjzGgf|;Z~}`O{`ec3NWXg`?G0Mh zd>x~|>gq?;n zA}Si0lB&4J*)6P8nGnwVhcp&ME*HeOEaZsSxH$?(s+H&JLgswyjqOaS!7?R>{Cu(v z8~TlndTS0X)dW-5U*Kp%`i0YCjFX!?aglKjW%7xyHrF>UMVz+hUbkm9(neoEOm*pc zZSKW<&Svglrl;9?yY!+KG4pZB};Zb-1U_AYwrz=R`TS zxF_-E+vET;W~?s1S^92-XHjxR(y->E=V{{9bhdGGON*W67;zWK}~ zjAx|Vw9dcBVRPIV5d<6cv0lbG&h4;$X`(w5Pp{yVVIHWV+BAXAR|Adv&ij=z=29hM z9*c2ammq-5q=7~GJb%!kz_3a99YV1_R^NcG2B*6B#DL!4GB4t*d*Ne`qxXdDg>F(H z)qyohRRqI{x$O8z( zeQ8Wt)Z`qJ!RJcb%Ih<{RGm`f@mjE53S8+-I8Pn^@30RyMsI_58?AFfce3OUlLB>X z68@gu>hqOTi~MzZ9!>58&K~dZm@W2@$(1^Xsts<#t&nkg>~{;2Qg-E@)$NBD=|LEd z#eyv;cRK7cOmLg!2G&0eBjK(%>57E7+Y7gZE*mvkbLy{)%*gWbw}*L+_%^K#p9%CI zM8B*e8tHwKI^c**)}!jM+|o)r(W80~*}4Xcm12Go@0*1R7Q8m<;?MC6s!|e$3R;!< zxx}+=J!*gP`arAKV0FwN;h{Pu9sAK!dJzpWt*mT2kr_?XUv;WE^Eh(S4Vd^_w3&Do z;RmWug9kg}nP*=*J{o2V=PMjl$C5xWqJ&Ytx^!!84GSHR2;)eVNfQ$OrRu!jUPjG;M6~V+G?ktPO2USRD3*HrnO@^jflEKD5IQA* zqrF(5&9~*yWF*eMP7I%t>hL}jS{*^s&Ix@yT!+uT4m0as%u+8^i4gIea&Kr3(Ei2S zTUU#k>7aE^Q;#D#U!BxcAF;Mbs#Uz4NcSDa`HGIW%yfsDu#M8?=p1!@pJ9C-+L8v1 zirZAzCFaAp%Ty~GpTh;Vk+i)kZF|sL^+hm`>ab$Z3M&7>U$|VLLw)?X()pUsLs>S; zc`^3m6l@QozGciUy5Jtqv-QCUjRvRy5!y74w0v!lZ=HKFu|4!fYs%WQ3Qxq zjck@H(Yak6ZM(ktB?|dZ*LnRL(}E#JXFzfRmn+;hS?2#%;~{^Fkbv&n?M@?ao(d!2 zaP48pjE)cH4B2QbOfP_tnk?mQ(r3&PV){tUVA3cxv)bV3k(SVEkCP8TgN=H}+_Z+C z4fJ&HS1+3ryow>Lx%&`28uL3e zr&GdG*q&0+h98T$DO3xVB&-8I2gLG?rti6vPRxgXF6c;sl~l@aXQW@Y%7Q>C!8#$i z#dovbEm4Kka7{{jQU||GLIz11T}~*|3P@Dpr5J`)f-t z#p1a|?7&Eo$%nnFpY0!7X4R7HG9iT?sB;6+j2c}7Q?`^s{QJ&@p(4Nw=UR}C5v#?g zr&ZA~K^(Pxc0=ah?{S^UG#oQHRQvyu|6&e`zh`kqrbsq?yjUq0C_I%-Oin7K3lOuE zQ%kWLy~UG%P0yH_z?qVSGlfB7-q6OnLk&Ik^Vm1nYQ0$Z{_PAFn(7632L4Is3`y82BYJP5fvz16e6cJ$i8wLjtF(SGk)by$C6dYBz!LHS|XT;+RQhKDG1dz9tSVG^ZORULCs zd}1^Rs~AxkAkA%`q9%4}z058bHfIq9ndI>jEkGB}pQbr!42{8ci*HSXt1@Wxf>@qG}JSRmf_4driTteZQ2xBulCWmPhfCHAIUr$)?Kaz zJ&)p-!oOAH`U`9M2i0CNgTca*Bh$wv^#eNB$J1m668EDP3t&5#eziX65mJ zd$#W>M6_?tZM$eCUV8?2*vuFied;hyVPs-*V(Ee;W$|9=ZePMoXz6*>ITGoQeK(L4 z_so#*_mY>7Dy-zu(c}nYhlEg)4n>WRlQAm*(1m932S*9$W6md6yDD028Q|Z309DY~ zat+6d9=l$W#`MYWh%=$0^3Ef-$PNL;T>{1oOqESae(KLJ4WJU@3pP;wjWvpI|8z(q zt|goqhU-TRtYt|}e%@7Ob_^NJ%M``WbYpsvalZwO6Y}y*edScZ_UzVegF32Cv7Q%8 zYy&5&rCexgVYgZLE7W7dRaRmLsekoPg2?!I2!i`s-OA9yAEJy>Qd5VASHC;1GEhZL zzT$LXkg@m1bn57oP0$(rXq3AVmO0+fT5>qTY(XWf(C*Y8l#-f9wP(_;Z*+3NK1-IQ zB1XCS)=e<6ToPzK0gjTEgf|RBI|HpQh7xG~o|`PhawICj8;phh-2fvEW8^s91A9q% z^|sOROn{j~L8Q~>SCRGg1wopngM9)`0A%DHO!y-YaLoo%0l3Y@YK*J4{aQeI*im3< zg?&Y8R$yt-cWLQ)6bQqiq@_R16_EF#ABiRR54@^%lmCwKek&cZ-savG&C=R`v3-k- zvG%_8dZ2n2T41>X_AKm>O7a}mT%pX&@HA|24$WfVixjhLuB4#aHbuolK1^rkHno>O z#PR4j!aXEf@iT`o;DutM9LD2gVOPnSvBI@SF>xFC=K=BRVB+MKSx%%GHNvOH@Dc`*1E#p!k$z z3mUCP`*lV`U^z4UeUqGgpMiszRV4qD3!K4vk8a$0p{FyqmxNeR?r+I}jcD`D41KC+7p0!2MASbf*~vDwPZv~aupY~!$euA}Xa_m1$`nhd zGl>Dd#F7e4`bsN13`djdZf+?)4MMRZHdURIk9-&e=X*ufP+m}zXnPi9D4w*+*Vy0X zhaTNpE|BZXsYouBOAn~)$!^9lu}x7~@eF(W0lVSA6#Ot+#?p3L*)q9u@HDYPzVVPQ z(o$NuZJ1PYS*ufLxpF1RWL9sX7=y(Z2|vu+5X(qffu?qOU1@zhNSxqC!o%tbb?frn z{TU0iNOnZ^Q>U?v0dXHNi#@^K8qm!yB`j z3lHQ0o?&AtT$rE7sW{CfW?Wju%1{_Ywt^*7x@C6b!BV_-u8Re!X>~4Mm6_iT%)rrh zhONk$*v5~2IT0QFc^N8G%WaN6#E-4JAMb0ZS3#i{g;^bDmN)qJf8|Fofys!0bXrRz zzl7?Ezg*IPaeT}#c1)tE8U0xd(iUyAUc zVLgeJ$v7US(y{JZ25zy0-&V#VT<4TD>PKvt_dz-rNc4odqtyXF&mpI@En@7M36pl? zzppNWP-%u8mo{+xY%iC_f%C?@IptRQSGz1J1$+~C!)Nwx?#YFpf8Mo;OWft=r2XR$fSoA}>q>+nL0_0EvQlPai(R8**a^H< zbqisRW`ObZ<&hi4b@4$&hzL`vnWzq}bQN_E#wrR^oW-yxt|wB2G$H@)VD2`8nboWNcVBrfH4w4hJ!$!iqEgjI=XY`qH0S}RUBv`0djP1|_8 zb0F%1x9kZ|gVOAmh>JKE(}#bH>d_%bZbgHnI9H0<9cShc>SJ5`dpbDNnczAzqydPB-NQcZ~z5fM68 zLC;0YeM=#MMCQCG-*M^t1wl|LV5UT*GEDd;)Vb8P=Ji zZaAgH3(BZ^gXttF<04kh3vE9W{4Sv0lFe!B$5y>4sGrh>E>Y_V{&q8@#LcVZNS^1p zT=0(MZXbLR&zfck3l?)WCJ^2cyb4wf#x&h%u?fHWb_r}eUeKnvEqHHA`$nYWB3Tem zr&~b%JO^e{FU(S0@D=gs_PkconBeQ30v8cGIJ;O(IBKc1OG~emp<~Jpye(Au8K7*q z2Vr9IhNI=G9yk_flW{rM)3=3Vl5fk3b^Ji0wE`=4$b>-VvmD%jArD)K(xrMOev1c4 zhxoHA!E@bFma-ZhnkcVXQey;tj?%mjYibui2;qOwL1QbgK4LRB-ihLyg9DUhKC(m? ztA6k=9eN8vE{E^tL9-ZkUilfPiekjl+ANKMxrMk3H^srhZotB4y~gSJZ%;PtbsL8r zFs$0c>pY#`xvTbDfHFfh0mwSUDtSw8-5*)0h|es6T|_zr6P@_6nd&sDUt=pL1{;VY zZR$u|?1Mi-(@DjWC=%0Dj%Y@LV zWX&u@0=3`VDwz6g8NddzK_UPpAqE|;%Bsgvk?bUWdL+4#-&5-11G7PEb5`h7jL>&w z2@(?+G)GPX1|1mYZB3Wcil&TU3ZE_Zkz@sy&hb6W;}TkZ*P4-_x{yb0_Eq)UEQDqc*}l2_7lUePdsMBtbKPiz@cVh^ZbD)bfVU`R$>G4kzjXrW91C? z?}I6tS!HGBoWW!q?5)fE1QN_@GlH9SGAt9;s3T)jSsVyqSCNIjXm(o|?eFY-dOM7A zDZ33IeTQoVOUf+`e0g7`3)r4$PneQG;+x3_WXvpiGS@oGdJy;}Wpi&MlW^B)M;#mEZ$0EU2hmkksZad>Lb^9S%7#j&}7Pp=K zZ9jhk*Ee=VT57ASY?r}r4c8fA#Pcd0<8wNFsn_r2iAf6dg*nKUP6_5{YJ9>k$5e+4 z$i?4)aWkK;rFqYe(MW0vnZ-T`N+2-VpckHHL`So9&MP%7Ma#yX^7KZ7lM@e?Vh5lo8;qtsy&F z)46`hb~!KKc1zNLwrM#tLeBa}Fm_ql1DsbU^4MC#wZs%|+cZj)4**9_aI_x*BF~(Q?!2>KP*=y~Y}-iew}Pj!?P!m6;s{}o&W0Sb z&1Zs5u{fIzF%)=d#LCLiOFi;P(h^u?M)M8b<2%TFU_T@#0w;NB4KBmPy~nA}y_ZdR zdPV+6bMpT^(td=awWoDVLL$f%>i7~+iykT>O+v{IjYDR&_zu#$Y!mk!3i};PKI1=o zuri2-NQZ*N9YbJty(jcGKc~`~Zj@;;nCgPF9k#Q#a9q{Qv*ELjLw~4H5JMUJ_K6QL zcUYpkA}mfN>}QR){P7{=ZVt&zCsHaz6luypxt5Q)CjC3Fb9xkNIj~kiN+Sf@ z1oeueqg*yW^fEjA1s}@M&OQGOE2}7^|Gc&3i1K;=;L+mk_so!S(gj z{;&=WhVx_9BF05*vwc#huUKiuI*dsXXPY~)9Aq>{7#?%_4`kl^;;AdTYH#>&!QU_R z;M^Yu<2^4=H*4?@uNye(MFjmLW`EJ9iMef6i-sC5W`^FT&@!^!6#G%-McF^C0balJ zt8jo)0th~CnQVO=l{^`d9dmsBfL6_>+;Xh@@ZkS4QRuDpE%p4TlzV}#kE$9yc+y+t zF~9zi-4Gfu(6**AC1_phy$yXcl154zd=U(_*LABNEq%igb}C?5ew0Z)U;TYGD!2cb zT8Xv&J^n#glVh|k@8ztE>Gi@pYRl(-+49U*cvi{%q$mO-7Qely;sg<@Q({rW!Q1U? zfukn1)J`9k4Tp1jg)HE0D`>JLD}Kc`4L+IICAThB6D6OmUlnE?8K~K z*5lu#^wcXuxAI-jOwFva-JPLBc3R9A$$ppDJ!EVcdnTyuhBXGG`bur9kVl{uOqrjM z*UNEM@uko?hX)1z?o5x)`(*Huw2vb|z&8Zbn31>O_M2`gQ7rlQ7Y<6AFf@mdDPzvx z0v?UquxhfBh9;i`58G$lmEGegoqH^2XMYYOrf>LqRDOrd&&9WO3B86az%#$RI;iM; z_52r8OPaEXC*|qxo>pt${!=Y%>yz3KNkO-n*K{27E_DzkYP9FLc1!nX`;v?-mFRcIzxevODJp@g8LO<60pN|yqh*+}Suq6nTkZz7_bJctoQlhC5LvR{%mIH5ilJ~-B zF+}et*mzjnP~1`yi&>W!RCvbr8UFOFydmnR9u*Nim(Rdct)J$ z4?$^yby}$ud#Xobsa|SkvnB>@`PHnsWcXWTHEk>Tqn$>*sU@F7f#Xm$Oec&2+Wm0X zE+Qyi0Q2h5rjT?Cv5J^-_p|eJD1IK#%aGIMPdset{-pFN$6QVKfp$?{nOTqs?5+U#n&=JNfE# z_(MDpiLk)Ub?^A+3y;oXtG=4W18Ble6S5oN%@eA*I9;rAtLl2od|s_nX_JZ?98zO8 zs14<8;+3-1{Q5eVL^$`SW9vr*(uggrpV0kM-wCKedZ;ff$C^EaTOn26>m-FZ27`@r zSFwk`m3cg?N2VI~FoGbY%LL)4Ac4*HIxj*XsC<8zAP^SWw2VgLwn@*&DiW}u%VBF$ zWYB)(tM`nHcR+kwfEZ)IkjCQ5pvA~m0vmHdkZ&7Hrwaq>dAEv{<=@T0dsWUtC;l~6 z_})H#*xpv+sL4RSdSnQ5H@R0(pQZp60sPe=CzKj zhsG55ECN@tw<^4g?v4}P(EU9%D*i~O!GFP@GT2GJS9H`XitB?8xpp3tQO!62&zZC& zIq@*A7RB$mZL=9l1HxpSV0p1F*<*eoC3GH};30aWEQu^KsBv!be%iOD8C$GOl}LZ| z^wMp89;os+xzwe~dCX7SkFEA{9-v*LM{#` zb4=qfEipxg_Hp(yVvJc}CiZ`kqOb&LP5!=We7=EyplA0?BnT zDArKbn_#F_KhaTd&@-%>A(>5nlWdt3Fa`-r9sT4~R-9i>R?og+p8AwH{7iSj`dhWR z$*4JI7DmduxL4`%uU;57-Td=CvF&-)9A5?<;}L4uuZ@CE_z!OG)s#Z2k_Tf}`=`<$ z*(K?@+34&x^b0p;`sRSF7&rwuDb?MxD0%3qVQP5<+^=rgY(CpWGuB0k)S1V&uO`36 zN|hyP54%m~4RW&VED!zO8cXG`GA^X^ymPlhw6tgW-5L@oeQG9)1r)F%C5alfQjo$5 z2h`gQ{%%s4sgkknkZ2&Y8Qn&EA)w5xpDtE3Tv(W!XM9e-!M*wHY}7xo$#mf z4hM7n3)Z8JX{Aozg5CW{XEHDONG;CrSYi;ET1ny6Z725f+hGoA@C zr8$%<2z15qKMvr9qQ!~(Fx!*)Uj$e3f4*Nbn~En&%j>2r5lrPrUSF#N5esE9qc&K7 z1Y*#s2O@%5d8QGRdDcKG(Pwmw<6Kfq^tozBz>^B;do&Uzy{Oz#H@QWJPWbG*`xVL+ST`lvj_(y#S+O}bD~mJdDW^Ao(jY@~vw zh5beAU-vu0@mMY_1ChyhIN~iO>$QJ!^M5o3 zaWZoTq$M1Bc|yH7v>>IB4^Wby>%;4|2eZ!1on5}-5rcX-KVi2iT9fNubehScLvsyD9FD^cxZ;c5Vl8()zS`*S%O6=i<1YD zuQ?hTfT<_&L9>*TjYzDdJ0ZdVXN3&u+^v&h(AXF``?rD_iL`|k4j%zaOx9tyOUfSI za-!)lMK@DBqGbD83G0H~A!hDf&Hq$MgS>faj?j6!C#SosW`?v>>#Q?QP z02A+yzl$=xi|8hLq-*eVOgP-;$(L|s$22g{w`eq9mW1rB7D5*bdfgX`=$KG4R?c?D zUG$kw$;;1b5k7&3b@yKjF#yjlirbr)EC6o_QjZ{PG{=(!1n__r-iRzjrmDy8()Vo# z(LMpKe(RerwR6&&@!w)hs8lfu@4^A=j)1v<=jf^P!}}L_zdywJioCDS=+&I{H~YUs zYKVZ7nQk_=YoVctcy{9%Whv@}zI41CgzuniuTC2tbL^H9v;wz{k^LLA0`xx2utIwvNreU1Ebj!_1Oomzj?CYjdq2NcyHiYX zOu7MaJD__eYxcZ%g=poCNYmckM6~et`Zl5Qr&?9DZWtJV?!@P5^w4otED_E6rblXJ zfLZ<$@D5$tz$*2oH3ORkSnhwqa`>kH+o;l$Oh>)2W8+`yg}k{7#V-Qj`k12D)-(4EQcxY=}4?+#7}uiu=D*FtI}fSs!hj- z(XAqTH;@gHD_F^9U#YSJZXkDMXzAN7TmI1p6_iU_<=c*Q;_iw6a$Eiwo*2I+@XUYA zk-063hLFFVKZn4RBdwzoU)xoL2jZL7@_ijJQ&m$7cc&rGwudVK~6>zDH(XXpSg*#iY z4+DFEl)mW0aB^GxY-o)dPjFB!uu}CGIowP(AHARaIY|@VHQrDb2_mdCxufZ%fP)S~ z3Vl)t*Esp85snBQ=A#5wggB15${+RD0?ETQV-kcHpETA+10G zZg74$iW>S0Qo7pz!`53zwHbBmzBm+jw?gsa#oa0H?oP1)#T|;fySo&34em~HE$+b` zPP)(8_wM_h`&Y(D-i%}=Yt6OZIiLCba07@ok_|GRaT&e0d<&6nzc4@hzJ;Wj1X?Pw zT_Ydodx2#=$9$}|`R+wRw|M*Th~jf69un#cC*@DfyW~j1-!8fedZa~0_?r^0hleU( zHnn!5@uO1QwxPkH?~gOM=3B|6dOLvG+Z8~!z+#W-;+~SUR&?xrdu6$f0#5i~5Yt9u zV$t(ItE1Hpc1eCU;BT*nKAn8-OZwKlO>K>~k>its8RvL= zyrY`RRikPaqHNhQRqJ>gcONfa5XF$mSpO#)i)TwqEQqDuv`OMjMW}f~+FasE z*3>P59%_<8<;7s)0u-BP>OV}7ru=nlOG+1Kc1VUsp3X13_i2HveCvNyYBz=moW@KJ zxJEbUx6V?&#h|KpAAM2TbjLSEu`ds62Z?#LFxe2?XwUUdi}Q8uAnnL|%C_@V=zU|V3C@5&v~zgI z8!Vh?m1XLg1D`pF)~#q3!~Q&2zvnXoimR#yKtd8BU#xx=!T^5!pgP2;*POr;WXCg* zoQ*AGju20+!|NU-!w54I`>amgD(&Vmbwg`~3;ng6D;(eVqbogRe1>#dslbzxV2I;6 zG$81nZ(KXZ7XvapfrL<8GJX-u6yj$<5bRBZ)Eh;%<>lrZO34I?^L{jkx8-Z6Vy3Tw zAPRr%JCmg$S*@dJB{nkdfwXGfdr>U*GYpfGbnj%_JP3gT%i-zTaw9P!#IVV;SYi}+ zgf5P~%rVbMKdcZ6mJ$Oac3S8I4J>}%`rKAOV1}~-N!!h6qzH*?gr^|0zE;5zk!$KD z437Tp3TUnvLK_uj##wG@rQmdp&BNN(+v;Kq5*}0Sh>_WdX{^8*sXNHGGWU?F4aDYr z`?xagXEK{A@I{k43^jriTW9qoAR#-c@mscG1rIZ0;*RF|ldos%jNxgRfWF&%z{h9j zxUOv;YvX*3M-HD{z6VAEElmWA`2NyfeF)g*8Tc4%{Pr{lQ2MU07P}J~{&FjaD}cBS zRv!4V<>i)QR5N0fqpGjmMaqPcbAz)0{6)VtxPQ7ZR=`9XcUf28eFvu3EB4RyjrdM;V$jU;tmy_0 zR!y_?vUHA=v#>t48GNuObN8bPJF%bPi*Uj5F*FVo-hCSWAG()hiHPp_dY{_+@T>mUcP6Gv9|gH(Bb@G)*)8R`OevqH+{tmIEK6XO8 zI}@vN%*+0dF^O=ej|A)n7_VGv3xnrn2Aj}RGjLuICwqK1-%nice~BOW!vksRM{Y0J zXSQW~HdV_a5Apdxs8s*aMhkAFWfIPlxzWJ$#Ck?22Vf)A zrvE*g>gawEDBd|I-yi3cWs^|hdnfoQeSnv!a9FyNxIbydPUb~ z_^D^#MW)7Bzw_J725x1Y!Z@3vuu=)61Hv;UYP3dp`5PLiX&iM} zSL$WeT(`r{NB6hy?>~#de>b-w#0lyxM+~A^ppE+cQ{g)wYi!5yoXYQomcV^#tC2Y}< zET^D5PXD;tb#Q7bTA=Boy0cf=qaLePSDDHW6U&A}#goMl^tzYhW4=@D>Dj_gzlEff z*U%^-XjeD_N5tKDKUw9)x!?1x87=ah-2e2M8!wTD+N)MkYXaEv_n;52iAOH}SkKN+ znHWCxEK9V9K;45VM}Pv+Y_RS(3kn%t`V8DcTTlo;JjJ7NQez%5$yoFe;sN+gz1mWWffEsN9tUwSnRt_T}5t%H-6Qc%^d-FZiSF< zQS#!s<4JZHXP^#`NZi&x5h}LiR9w5vs(!9WTX{4`P^KCQ1!IvexK#Bup~$^x0ytj>~e0q zRcu-PaHr&jS!?U#ML5fFHni_QA`xl=Xma+ddoCoegdLJTiw%#<$WLi+6%BYFtfWpr zMuwG_=Dx;G1reJ!imnyG2B+j@tFxiDB+XhzB0u6Mu_B@eO#5K>U`IJkV7vu`2^m}T zypo^M7%`N;|9G0p=39Fzo8fg2>J59L9jI(z;SvuG3@zHcKW0gvXA5GrB)_mz#CE_+ zl)}f26Sxh3j~i+WR?(qQ-Ois;7x9hROomjsK|Z{7kA)PMbZdfrFSHsq4s6V}6*gzc_nc0085EWXRwz7u#42Sp+axv`kB?y9otaG}{KZG%>1Rre7^3a-YpTfG zudNr>-QmwXE+;R%(06QZFLrMDG1Mc=qCdY#;b%48m~rXE2v#xT^VRytgrblbTlP>o z$BB&0!~VtdQ9QD=EX(n_u)1n5Nm0Pt46H*cWkdw|=R8hk99q%iqn;uN7Nrb+g2JcN zBs^J0&7uc9o-Agw8@p`Qzvm(480+`C9R)XduztA{*!dEK_v)0)CP3~$%P%EzAGn2o zs^#T+zB+yo-vmK`;;)*gDwwXh9sIi1%%~Z|xFO+pE@xqk9psl>rEhA-+EWx9G8M;D zIp~~^<<4|TZfF&{RTat#7owfhV#bBf3q4sWmf`Dx0 z+4$bb7qG%Ezqth^#BI3~CN$0MF$1h1tIXxKQ`uY=ZL4xjfMRfhMiqq}r$Xo-XTDqYZr zJ&~8%HbyX}nrrZ;eMP!vK5ij1%%)ggeIIw=n@e6^3`wykPPMbEvIPw~fi6FCO_bk( z=9zmoz9KoluclMh3%WzedLI;UWpH#RB6+a@@Jz2hdB(h9d{fdYb4flL9V(Q3_55>#=gwF^#a2Q41E1G)(}OfE z#3!34_E_R^HG`wLTC?U|a;r$?a_JJg|6OmCI_9g99iAEb&j!&`rNz;O)QW~kZBsTl zisY3WWtw3(B|M)f8JK|oi}Oo~5}+fW!P#*r?MCrKC{WlOq1O01BF5eBH9>wya#gBx zh`DuJ^r3&v_vqrI-{)eia=2qvH?^HXGWVpq+aimI-LtXd@ilV2`1<~RDA}OywGRnP z9%JwT4fcGlSXLf#oH~A_fP<|zUgHiY`{kDjR`ID?YSazMAmO20!aK4vAtF~2boVBks*!P?L^-^@ z3cRE)b~Npt5}U1t4}Q5aTb}_BZLtkm<+n`BDE|5At}`crt%;=d(_(kg^3ZxgcIV(pzWA^P z?C?I15U@_MGgyIV3u`r(`$~KELR2*-Ff#TQJX3`8D1buRS2eIumN+?*gP>FE9iXQ_sKI5x>_x3<`S~3)xIOZg1aW zt(D~~I!?2sB!U^HWUvyDV9s}bu|&Q&FgTVQ@j>Vu%hNCH zc3j#d9}d7`On$Ns3dMgTS7lbiKE?O()rZraa`5(=({)u~4Ovw0(hk`gUp>pcfz6t1VzBXzCO`HB%{P) zcFdaY175C^&RP2~m2NaV6lBec$$Ca}&KwG!k18xfs$GazUIsqZ!v^2A379NVwcXyI&FKu393V!nJRT2;^bWq=pNI(z3_m>i;+(z~pcnpDzFhvXNEKuAg zJY|?7y(Qu9kemj`JFv5o%N?TW+``)+9GNEGFY2{FA)Twh9SlXzlV|x@5 zSU|EOwW>ZP10y+s<;<{S>SLrYCFIx|bOH9xOx{I4Lc5jp+QuCw*^8_J!XJS<(#k`S zqVR%Jn@T<7FI`{^-Pc2+HM82!Zd`;_{foMNU776aNG#Fwcd`CF7|wEM=b^=uzU0i z!#3MYjHEZ-dG9+`j570r)XNC*b6`}T|By1Yr0z+>Z1uCGVIKP`@OxcwmXx#?QuWRm zI%2JV&e%W@S0r9NC$HA#{t}==-H*~)Z=e>XI+wcNPVqP66rbg<@v%|I!|_q0c);1J zrNTc`qSV3R6WmhK1E3l(2WPrAM#3ktjBJ%QHmD@A#KB*pJJX?LqV$Ohm%1) z_%4P%=jN%@QY2Z<+@+*hLr(>2ySPOLVO-8en zTjK2ko|ymUbnE5+-Q~KHzCOZWq$GQqrmDcJjcU&5(m6~NVw#0BLC{aaTcopUHHR@z ziaG%_Z*zwo&VDu5Nu9AM{samqZy0{!ln1~A_-2dr`uxc*B#V%rCXt| znAouW1{atEmx6*updL%47mwna$WK|bJU#G25f%$4nD3l&U9t>olC9qs*B8x+6HQ}) z8J6K+y>NMr(1r~VyIXsZSBnmlvxkVOzpEN3zB)xOVy&8%XQwbGBIDiMXz$7({+Obb zl&FgvfUuGp4K?RHoO#~($V78|>W>DuX+_^=#d5ENIR(Mj5wVB_>4wSA zM9hdp^iviTe*>K#39TCjhwzG#h*;*Xa7OUwwKL7JmF4#sCqitKIS&b*+N!HLW3p9M zO}N4u{S z7$ip9P#!C)%MZ42)g*Hi9e|uxa#Q*VA}NM>lT*%K2wvh{67}I16CxUG4Z{Gu!O?LD zhKh{xy5N5V7_``LP($0BW)pZOj5B|A%9N;im*dEGrfVm5eO8kF9u#=x%9k;Ro+fsK#Fo-l zO=oS;MjfR7ve(Q>17y{Nb1i^X-kgVD9ZL}f1SQ3hBxxigpk-+R*nr!DLZ;=XB?vgr z(wSKjV{X_*<97zC1om^PD#ZXv?T*1mjru6etBih^zc!KV?CX=eJ;gUuD#*F4%>aY# z`eNCQi52#VR#}1H3#AM9bT5EXal`{0wqN(Bo2t&;y;0-%QZEl=M#tXAT(Elm!279= z#BXT28=}$KVK~nS7jb`6!nUX)EUfccO^e_x^xzF(RdVdnr%&nnDK43nihc%W5ogc` zMt$1^O$E_428-alEBs9Hw>cNFkL?g~kNy~|GhU#!|CobSG|46F89|-Na*WqN3BnMJaY%3}i!Hsr?`i=aW ztiL{%?aH(k{ua$;pj-h|oR=rrpH^vlLS18Aw@P#*@WOX_bgG(X=Krv5CYnp0lneJ`RWJ<4%ro%8u zGvsaNnSWH5TJX$8D~d&BZ_}j62g^o(h=8|-w6#jr(!et$Jf0R#zKEcolXM|2tIuXp zMK_jj8Fe4!QxY}9-1Stkh-95YiruD9?welK&6d&`=$*&?ygGh^N1o=X8Ex< zHUe?+aO@mN@QL*C#SrBZ`h6K#u}c=6+Axui1>(a#fG0L3^=EJnmSfv*KOoA%01*(w zYI?vC7sqy@8Gw+t+NK@0v2>YTt__q{Z}|OalYGpss1t4YRasq`dybf=O~m^VCfuw7 z`rKB*Zhl+a)R)eJ42MLPUky!$n1?WO;FB{BQcw0w|@k4mLI*y#jolI;530M{;| z&g7yh-6^h9!?F{Vh0uRVoBqeu%?JNeYbEn8`nfP!qZs`Wa#MrYiktHq~v5j`qwUM#Ks4@7o`3 zy+I1mh#?kSYU(e`TKpTSR`RKKHoW(~0`0CXlqf*hEXom`KvuuGy_P5` zY*`DZw^JuGe%17HE%v`rkG;3n)zbABFI!LDn`C>wAE8_Acr*%t?2ZQjql67GQ^@Qh zB9MPlcU@2rnrweFo_+?k)~IS*=n>&UnI-P;PvA5CEmk)+0G9{qecsQ?zpb#F+zsfq z3H|X@ssIP!xB5N!qJpL-0j^mfR{2 zy+6kC2@)z|U`Lty{KN(!W_lam=UkPzM%@&D^-e;B#zwQ=5{h~w)EF!`5$8NR$>lfA z_OR~rpdSIaD0W%5IGs1X5LNT}pPMc^cozm@_zRms2to8xuo3+lJ{svhwb+r?Py`}l&q zep2nRiRutp=CD%huoret>;|`&L`+Snr918}YlI?c_7TZ3H# zM_?1kHu>(#Uq<~wi7mgXv}?JqVf&!Y3}TalN;^;0Wot^BlD?+y$hHGpl-n03)>HM` zYMqYl`5PUVhR0)4sohsiaoAcIotR=bBT}nxdQ!d6(eV93vt0N}ZPT4kFWd!>4QD?y zN1N+wP_T{L(Q@;a-L5d7r3CVo$Swi7r{0HzTfI2gK7(xD#!7hvNsD&Ht!AB_Scv?X z{bhgpTmPWCD2MV;T4m{SjvtjAEdZ!VBVKS-T>palyx{l*r1*frj&reqY+hv@wi1>Y zh#sHmWH(wpw6~WkMVrFT4UlasuCFRh@ac}%qaD}SN1a#l(e&m{_X+p1XE}T;2>vU5 z&tau%?n18C*h^z~aND5Ouh|l(?DZOZXqG8D@zMY^9w&d3O``3eJRGta!)yn zf)Xov8EDakXXI z?Oim#TdNc0d{*j&0sY+}i8T|!d&?fh`I<${;Hl#_;Lvod>3Mv3$_t++1es^jC9xp) z{yWYjD|%yZhp}9~;h!slgFsHvPfLB5fY{R=z6aEUHW2b<@a4;ixeBu8eGL~sQq3)* zx4VkOhr7`2E|yD5Y~i(w5uVY=!}5#wzY)PvfHMr1Q;x)azy+l#QSXZ+V@S#%vdB_A ztG)Tf9OHG!P$P71G^Km}`G=Wme={6sH22TY&`dYTej`qZwE;QWSckZKxtz<730VliZ6&H1qUjmos zONRHA3|$EQxyJL+pqFI`SVvjdL}MDb|MEYq!;B}uT$+=>3tW-egu~tK>cjIa)mEEM z5C*s~&cK1pwkwxHl< zXb7^PNQdX-(o|1&d3%nbgS)k}@5evHEWrNXj*lGaQ7;ue-N?bCPM~e=qmH7Y0pfZv z(9jy=QGA~(8A~EOi#ZJU!1l#$E7Nv%2LIBUFQuD)d^GJKc4W!l4N_yr&DOF{&xw(L z_+e~16*r_7g&1Z7)hf&v`ZFk7*RizdXdAud+^b4{Heb`l}57?HZQj@;UsBSoT^4$XMB}y=#Q!y zx(&`Y(e@ipyUTGdRy5lu@ww6p?oKM%x1B02(vG zZ-zK({uzeWXD6)+GrEr~a=j1Pqnr*h*6ocWd!Bj>oK3R{!|{--&$rNSQt>F`$MLAfo++eqOE|0A zHm|`k>NxkyX<5mz3P`%$F2(9sD7r z2z_C)_p)H?%M6hywQX_E(6SroE;rgGhMR4Y2qr;7cNP<1!LBLXekuk|HXA9wNn zlB=7kZ_Kyjo;7tbvsOc_2*Y)9;gB16&z{_X55U4xFdRV_@&7wTDgJBD0@lUI*&xUs zXaTm6{_@FofsVNv#*}{F>>4TdSL=cml^rM%ym82tvb{@rPoL?5oP_;X@Bt?UkXiFp zwR+_TwBUNBMgayHB1{ERDq8XRQ8ogUx(Eaw{=FSYYK}Ma=FE6?oMeOlalU;1zC%W6 zGA9-DzP%H6!sMavUien=KX>Z?vwlz^0!ARbA%Nnku?7ggA{{MaF|7YF*?<e5V1uw^kfw~D3yOJ95q-+lWoyespQLkxOxXB|d`QL6 z5k^SP(w^l#xnBrO>x^Se#|5dtFusmDG~&dqx0S6ZJ1~MW0EaWrkk~&Mzi`5~wKTK<<^PxhEZ$F%7rG~s_ zhlX8?^U~Ct6jRz+{JL26(BNQtR4@_=Bh`$V`t_yN@$S`f>{#P~gN*qz;?jAJpT8f< zpvjY~dyP}q`%eE2vmG4aO08p|S)_B54W+Z|B^T;*V`Y})-_t*Q7E{MXTdyQ2A)L>U zRh0$1h2^=S@biKl8b;_={-say;ax+QfUfJV<Dxn*PneL4J9f z;_AbtBWp8C_mbL2Ig$k5-E+HZS@nRA%RqO-rO8vOVuzFuEv4pfgZ+$e)_?z=4ifSE ze{UU@%)T$Y-WMgG=*@2?JaDLq%A_58oYcEm?HUJ>>Xo8Y56(eM=NGN~KKz035Eyu- z^y2uf6F!)A^PI1F9KUHeo7*U_l5y8TTRXi{mrEgp0S)OH@hkA5>2$H(d_1+oLOzo) z8X{E*RZcY^RgGV_R3Y2P8)9%@k^oAl*~+*U%~>JD_sEmlbcm^%J>>nC=p=wgXiO?JI!tKR^9o4pi7mn6b8y9 z43(w&E`(szixzWKovlqe&v#@VmoNg47W=h>li}e@u5Tea9nE_`?5jurgrE?SHtH1@ zK=0fJRKE-{05*h%|GZgawuSBv$B^(vEoMf>oGetU3Ua;dy6*D|MW?toq`0GaWAT=? ztKBlM3(dI4NDw|1_=HHt36Z+JuJ(UeOdgnP=jCge(qF=^u2r6)bUcjhRA()up)sFo zP5<&hovC?Oe1_jljZoyWUs%pwEiB!^Wg}N$qtU2-wzRQ1Pe0Z8t+P+a@#B`qOhIC+ zH$Ni~a@X{H)IA`aIX7e;J~TGjF{ud#AozH<^M3yLe58M5Dxvt6{8r=K;zZUugzt8S zO;V$8V`ICA1J2;mY-6tQqju*mc>YZCKg79lM|i`;cbq7v%CS2Y6qzNGe-or?g#0NW z@WlCpwgLJD4KW5V!2z38K$=r*Sl4QcMqJ`&WvO~hy~Nb^`_xU;uSK;p(?{Lg+o$R1 z#X^2wME*UYST?F>>9_8Z74r;%Pl({7eq;SI$D#pRXpb;+?m*q!RSG9+SVsl>1kT;O zyCPA-+|UK zFWaQk#F6|bfIg-QzW+Y8{daud9uXz4hau5^l=|(*gkUvXJYpCH){?!h{|U3Pk0=PYX;C|ndmG1!TQnS8!fTL_HPw%rzU3^P)X42<6naVtF z3+Pa&g!X!;dVQzNFKc@DM~nR&NeRZYe}kKQ#dw-@r}Okg^242A`_+_i)okHx+U!&S zdpLV-VDB;6mAd}BqfJ$r2e^M$KP5B0+d%3B`L8}=905)t@>F+=*Y84u z!vEddD84uSg}X?J)f)m|tbalZR^CgD|Dmi>eOx1i==k`UNg0*upB(fdZ7qX?;Uv!< z5YS$Rm0_WmBL!$Vfy#R2>$p85?T=M=3JZ{Jj@!wo3n&$FlQ1pcoIR9 zc-4M=c}xd3{uU2O6)KJqVVo#MT=I*->vLf6b*<)x(o;QelGxZeu5P=s-Z zl>cxm_HBIs@bFT#dEW4ZjUZSKn^YJ{&y;u@$9; oNX{vdnH*eZO@#yX{r@w;yeZ zI=qW2Pzv!Ou5>bk)A{c2N!!3LaV}xh&jbYHgEU+Oq(P#_!u$0T(W^Tl;4DHVXvx7@)7W{bZ(SyRmkck-nvd`HBlT zFPWD~itAii)$W&A)5lFg@%mn{u}W1N*Pd-~#Br*6%#0gWwULpLOX~}`TPf_hJE2^1 zgJaCkga@##f6B|-G)Z1t#HNJqnsS2BDA1sLP<+ZR6jzPU7qy1giK=^MsYZ;^GOQP? z($_jYBJbd{0=15~cDLUR-=8gcKG^|WSai~RQ8HqZ;YW~qwRQ{r@sdE9R}J^J^X*ML zTrN;j&(L;`x%d8`&x29}n85@m{^_y@x3? z!RK_&GP2c@U#_AgGor1etEfJ^*)xLEGn%W4GoI!~9|86f2Z&dBcg-;5)rkT5+705mhqj6HsGu6d zp8O3{AG}4zgNy^V37}gdKOMi_QrR@9HOnG@m1$3 z?Jnru!o2@Myx`J>=w~jVA>|$QOnYB_(zM08BB>f;S>5uFSPyAtzi zQiGPW5Nl)9< z;wh&94Hmv;nFgFdW7QtteoqJP#6Tdn>MC{v0n>)w4`oUlBPte`Pj(9!SiNW(Buw0{y}5A4AdCt`2JkF3}Ards1X_ zE|h9ZJcm(pC74u%AutlKvgHAyaK%tE2%DC~v^X;RtkXl8^87xiuv8FsEkFK@=>vKt zs@-b3tKIKpPT?=74eLj;eHPm;hKRb&m&$_N3REB=IWKI%X@?$p4Dxm1t2WgL%Uc8y zx?W;cCH`e+6=Hy0DTP*A$3`IgSlexkK1z#{UZ!%M-inC8J^#{OPE89%u)fj|Xr)^$ z!-hg^xY^E}ZR(pFSaIf3Zk?^ya^YjvXl=ZdxaJB@{@wye_*@z|!A&ox8Kbmw!pE_E zMMZ0m$PS&=RIX*i6K+Q>WvwIGPJc(47&$fs9=EqPj&6o%P09wk?w=W+eM>qXG=jdVJ}A^u#-k29Jivx31kAjqRn{Z9H#mfvVR zJFg=u^*lYL9(t1=*2BSyOv%`8rN;GTV!1RwcSu-?{6FPx4>n?BbO7i>?30tE&CwHH zyAdTW&jnc54Pt>?;x~%Es4EqC8Sax{`xaZehUeqM0K|uF%2Ts}LYsyD2j?mN;cUmD zbc^lc%~oEgBxSzFVF!0SRCX~%qJt@c7yeyiUpe!VEVMB(BP{GNe9W@UdzLT6vJ2Q6P1MMkZ|5&vD}z-<4ZbzYI|hh&p%&%MjT2<1ndv0Y)uVX2T~%lkCr#Rb`x zwbNZr?%P1N^CC;XNLH#7(oL5h4iLzUIA&%RL*V<3*a(i1g)^#t26Gzf5Tp>7cpq~D zCI)l}z)yS?C^I9wjtyf~Of(opnqcbKv#HLt@;dRlY&Gce?1*F{-d!E5GN2qfBO6 zp{U0ic&7yl*&Q9#8=h?n2{zfhZtU>?XBbmaI z&Oo}GJu(wQ!tZ3yQ0zh|%wS;LYx?c}Ah1Y?Hk?NTxkrM~br85wBFO^MY(it}RN-Q0(w`%5uk!EIL*@iULGqb_{ zPTeo@?8tqPEl5E6Voz}S@OFCxJ;@R?!}&A76#Wv0bXp*12aPyHsL^hzmx`uk>D7MY z(kJ6;TD6Aj+Bw=YU)hd;)7b8l&rgiWqN1PcOQA)3s5(UVoSr8X zo;H8LUkc28Q9Fuq<2_|&BzfLEJxQ&>_$@*x5CzMh+XKkCr}L5P&hfejJlxJJwnY6dth7ceRG!K#P~7#=nb+yvK}MR0v{#tnSC(b)XHLW~rEZShk2$ zm^wiw&Ja3Db#mXp5J~*wH0VXWfUTf4;NoQ){cPb7O16qsklP7eGT-g8vW?JD{C&RR z(QFP@Pbeo;%#8rI3e3|W-!@;mje87_L=MZP*%k{=(WyF)JIVAF>2$Cq0epSRJ#FJ) z>k-~koLJ|u`&s*<1^=`Q04J^1o^QWMG#_6psAjiUWKZsxMiWDW?DKMMbi9 zsGk=3I3amPCT{vaEJsp(X=KSLj4u0+6!L#%rRLDXG>WA>;R^1B$Y6dR)Hn&Bevnja zc-v@J8Wj9Ii&%`Pp&Zn!;LJiPZnUKx^k%4ZTU(qgAz!dx;{?*WXjbc3N7Tfyb>|^7 zXsoiR!j0$YYN^qRIV2P-G3ls(-E}HYipe&=6%dmdw`Xc{#(UTaC2Qr{^4ypbkyDV- z@aw!*ulQUXWM`gp`xFdY!YynJEXj`kIr`jGZ5eA|--(0$;uW##!FZJo321vZvIedS^Ngo`exI8m!rjM7OFVW zZU=E8R^vLxVIeQT?j8#Zmf3DP)vUKkOm~29*Eh?0DQ!gh)}$2)koyxzXTtv zEFcgOKONu(L&?N~DO`;+8O zN75;p!UHZx)E*QFC9S*`M{MTrB&#IZr9j1UN|jZE4YN8HNqAdhg>uY)%91Is5^QR`^cdO^f8mU$J4%@uy^SUMX8bwl=F5+Jx6F6n? zxqz%K#36_4Z=9l1i+>VY@(nHMIqWzh=b(*er^$Q+4X!f zPW^BqJ1a-HiOcqvhKeeE9-&d9V-n{LRiBLsJb3g&2TR?(Gme!ekANU=2_DD6eu~h_WkjABS9;L{DZhnB;4u(^K z)U*Md;mO$ObkoAfxj0@?=O9MBTX>*Ui3rxVpnG)H=jSvI#zzG*mLGLfFjD!}i^;*y zL6YImH2rWl$2;G_voN|Ry}-!>j^85YnDU%W!3=^erV5jxp6xt4yFh=j_dB63!;Y|s za(*;q`Y-Qa7l{iso_(L$j+FQXs9LMeY_d4{@pWvGQtmf9D+E#ds>eZ=rGRejtPr_y%6h!`(yfg!7 zwVUP7&huW$JxlmOtX-Q&>RTK*X_9*f+G|Gi%ozk`eR88$cQ||1rKz|gTdkoCV&4sQ zP#Qsi=*0R(B;Tk(u}be7;Y_P|45744UykazRxB!?azE zgk*f_bS^7$A?CIF&7w(5J8|l;_Q1qxIW^f`D_c;|0c~f{Szt*ZG$zO&wH40id_DZ8 z3M2^z8$tGH>-OS3Y&Cdf!J*FJHp11mjOC|zT7`Pjji?~sE({7h_dWubz|H%O9?Hty zLlK|x-i-fMU-^%{Hs%}5>&3P7!@u4R;9;;oK`o1a zL0Iy!dgj+C9on!N`?KZxfo!&GnTPjVD*N$vSbO02(&ZAsTS(JI75lVne+Vj9F-pYi zKkNw@%CQ>7#ziNJ8$@S5njmoz&1L9TdLk#D#8sN(nL$UaOiDvX5fuGmZrXETF_pFB z>pH!0aZk2kmw5#Cpqo44eaKQ?B;)j(FOjcnOnQ4kt1X*pnC2a}i+6%3{B+(`cvOt_ zeCu+^P=Fo`eL0cIwY1@Lcz$u%^BT<`4mBw#P zp3P&s#9|mSpt(7e5-Z`^O|>zGB$CWvRSp}>&q@^tJA(I_bxIhBWOHE3tG;an(9|O^ z00)r}qls=6ABhF-ps7gdFBbQW^~0_Aqk-yigmTJV%2hJL<}=DqgDhfkHnxJd#<7@k-_)XjN0|fU7)|>l}LkYpJ;BKHT8XqXT68POeHCHp>LE+ zT37#zuCoe?E9$m2?(Xi=xVt;SB?;~xoQB};?(R;|;O?Puw*+?x+E{S7{Xd*rb%>K z#h&u10)!LIpl8rDv7AbSkBFKUB-H7lXKm`suN#X*iEnyr8YdN#KcDkS``Pr3%n+cPpk3f#u39o1X_i4oo}r|)!oDvT0`x3v`oCyE#Gr96Mm4_`fAGA!z`vA6r>GT7u&vACvX04j z9!SD(^tVLb@?Zfy1&L9KDcE~6xNoUTYN8H}bu6p~VQ9_DnN#fm2{If%yj_ZMTympg zAzEKq)i=bAWY;=;>fa1M>ZX~1y)+ilUNK}Bza*l1;8&&kYp1OC3b}nw^l``OPY<8s z4rA+%W$}g(i=Yea>7H6zYo`htJ156^^NuL|Q zh~Y+L-5a!+53F5l4nK@X|9XYVPaJcwKlRNZ3{d}F~CYpxpmr6Ds8fLg6o_EMo;_yMz~&n8%-ryRg#zlB*n30xnWmY8U2T@!9xsh|@-`p4W z`0I3=l$rb2=ie#g#;xXT?Q#*L3)V9<<-`O(i^o0pyb)$>^+=Uon^mmkhu?hH$_ck2 zcAbHG6P!0{{_f5|tFZq14^(*$(QQLe#g1en@iFT>8neN0!oUkcWsCM4Fdlu?JP@?VAh_69 zbweqJBmu@CLjNFoYJ2E$h^oL z5gI>{8qq3cdoXhj>v@IzYe#KO=()_fo(KbmTpJVwYT9dBQZ=D^nRs4!Jrseqn{7Be zcf$!YZP3kWaHa~!ucIx}D$Z*x#`%Ic}`~JB8KFOpr#Co-JuOrsbug;K( zSvA*cYfpAUyeytQw_O|mFoGNVkngV%qpHthnmH^&-U;~b{iGDraX(V(U;3(XBM+BB zo5NoMMZJLt$VkpPpaU&9J|bGBp6zIEA(^aAa>SSvqO$XpERH}`$|_uX=)XFj z(m~e1T0FYE$PV{EI09CuFBR^x)I|!ANyv282jXKkx85;siLIjI+@FOQ5LF$w-2vxL z5i1Mpm`AgU6TaIM9d0y`r61gHzZJJ~sDG*1kkdguc z4af6gV){Ywl$|kxXiNhPe2#m+v3<6Pc@-7V~(tgv&ZG#k1sX$~pCq-e0D0 zzY;1*YKfG3$uK=ED07SzHBUiUK)>UAPjIwpT*=o0&e*KbvFac_1=T+EocQeoWz46z z-<9KDa{cem1BK;^9Il(cDz}z=A>4ws-q#7`iZK~YA!QIC&OugSujA(Yc2=JsI#1Pj z9ypM0Ye_Q+kfpuNZG^OrL(d;qfgg);{R3q`F3pk7I(B+#-pWV%byX!aF-_)ir7?K$MJJ7m8Pktgm{#f+!C@r{syPJ=Mr@* z@~BRXB-#X4*|xLBUea*K2~}Jia#!#E95m!XjBI%HE{S(s7c%%6Qc%QZJO1t-So2KY z(n~ES{OWjjf{Lc54vG2|VloAYeQcnz=Cs6@bPPluTUo+W&?*!huC=MT9iIT;H4Zoe z-%^Pkl2a=&gs0OQ9oO6NXW3j*8TuU)v;e+^xq^e!`7ez^YI!spfd)+^8yrd8enUW9 zmA?t01gq@nB{@hhm=)@&FfT@te(%rt+eyLh&0>+Y^dXe*etXf325?rKDNu+sb1r=Y zTw&Xg%e#lOlC^VY>6glxd`IRkCVEcI`8i?vb4Yf8U4f2%?;OtlUn*EQQTWi?LaU%q zYx#KL?IWTs_yF>6(4GUh2hiB=L?N1exSA2oSa*mkJD*Llm4;|t2siAhh=+Z5c;#_R zkTn-LvLx1zP!N%{kVAcmn2wl+qN7KXgJD3H%1q*(GiW@IDdq&k;WxR>0htr7$a&BL zNmgSTcwqZhb{s(~A_to{Bic$tn!ytmZuEUVrf-Xfh9jbTOA6$&p5>ELHR{{JK3k-f zN!~=cPw~NrE;poTbH#8zJ2CTdaYEng^1gZ{oE1y>)z9bPT4#h`gtRI z8={%zE672m{+P@9{HF*>7EQX>_pT|*@aV%NQM|;%x^FzGSvGQq=I2JgSKolxBTk2! znK&nJ^CboQyL#C{jXvojK~rRvkQQHaKmkCH`zgQO%I|C+5(|a1JN7-5a0h1=*OAD? zwkTS%%QMt3Ql3uFP9_6)P)hZVvYsLevUF_YkF~5=LkVj$Tz@MF2uCi` z{4FWY=6BN%M_eS}ozQPpUZs$?uT3rb#J$Pc-U9tjQ7=7Rt8GWiJDd~Wq`no^4llgU zoL9`LMk8WiH+?f7hsl;h;pcOBNXSN$#h2|_v{`fA#+Aolfh%tsmvde?;QvpKULQ7| z#3OhdW`*6-%uGx!=WnW9rlsc)u~P<_pX&)ViT@vN=b$`c$C%uH(*kf`tdN4}E2KBC zb&1&$GjdDx5X)w9YpItFK$}}j@%B?s=*y$T*lbp#_2H+c9wZAHLkmiEy)y1)8{v-7 zM#-ibgOQ2(4g&8+E;@chop(xd6B5n$a|`|Hd7X&8l&$;X`Yy>Jc9)14uAq8h)Fcdr z`+WQH{`7NxqqF*Ux_z5daG`K@+iUrm?`Tii@xt%JR=UyCl82A0iBK^v#I8Zcb;C^v*}!i z5Ks0*Y(P5yR;dbC+#bx~+C;ii><{U06D4^LHH6{v0>m+j7kti_WDgAr6ixA>xl7`` zFF819q07y)V*3I9SF^R0fZRW_iw*vAxvF?WfN4%~9J!eJM|e5Zk3;o-0Snw*muL0B z|Ln4Npjo4v{>7*fcegZ}a9FT|p3-Y#RG7xSyJh2wy=4DHTtkKPD+#8p4)FI=jmEj@ z-Iyy7N5Mdqn?;u(XA_n*YF-xE((&;mf7$fCYgP9N+Y3gDZ;g4CDIWZcEhW1t)fp5V z@s6Vx&Yk3Ly8}C0bReTCoeQ|*>HxE%P_0?kE&&}f-(Eh(P15Usy}}UywlwzGGNlu5 zJ=YbzA-4q!Ku=KBmdWOW@T z0sG(QFhsAYrqqD#hAIvkNky(TjS06?bip`t^kFvaM1ZVNDVq*<>Q&!Mg71TW15|kd z=3$t0wS9?*#*qc5H7k*J278t>0^Nd_n%_SDSs^9MJl@vH%+*@VoGjObE_?5ReFYvZ zdTBWYJ_Y5Z7syb?W)3aFolJy3wlD>RPZ6|X>PI9sKu+^L8@36`v}#Yxws0)z!fj8t zyrq4>Gu;chC*PMyNuv!&Ks&pvzXlR)ccncR7^S*0qt?$SWv0NXC{?UDFJ zOEocthU7VzUwAU>SNGD3^85}jvCHwqQw$O)AO`JM6XgS6u|?3AO3) zpl`E~SgCG_PYEA?2NBWKwIOC_Z1l?#@JIJ$F;=AYScOzC-m{8z13pq~ahjr@f68uW1dW-lShs!Ma$}+(g?9YNFxoP=R!4w7K}Na}}Av z*dxM!00W4YN#pFhNNOswOgF4*3T5y|J;p2e`1hATeXJ@#-Fr6$IMDu;`?#oxVVshfQCy=n-XO4jMXGr6s2=-BK^Z>^G;6{cxhAF z;=X?YHl{Ik#WH0z>T-A0ZebV^T#~tyK0PKZ2%I^LR>vAqL$+5>zzbe=Usxktg0mKDsCl z1O>X0wg|~0EYsb$)`uEc=cSN^^trlGtpzNUwW|a$Ft+n}k34OVwGWBRv17p@Sgt+| zUj;ZanX#E~tcAGux@JD>*#LWB)Rff$s3TXG-K&QO)}$2Lg;zDfRr>G2ms~+j6{Y@Y zs&fbkW%p;wyfa#{Uk}dh@_d3CO(u6gxBWQ@v*FUJ(~cmdA?2zz9|$SrQTJ;ywj>`D zdnCe+AR3A?rqf?oJ+u4P?DcD{wWbcUWu(aebE!ZXb!oIa+!nmPZwTVlpQiFyR$=di zyx6MlRy5NwvN&@x@+L(aFnelaXXAltNCLvHn3o6!;m*V^Yn*eX7r!WOrwla@DsV!K zrBQaoFq6;=S^jDKN|oP+BA{RVQ-Wm5DA?l&U1&m|bab`w{mLjp0&M-*WYQq$nUfa~ zWqAkz$;c$eb;sJGMoQ+Hj6Fj+=ZHQzidY1M=HZ`MSX)=r!TvsOY!lYjD=#ttBO+qj zBIorUGkWI0E_}bY3PuC~bYH17JrrN~)os2SvY8!lyDm>M49fhD`W%8dsx>^*hf_g*Qck9ZBhavh17^`Y zo=;mE_N)hFuW7(K*A5x$LEK>az#UkB8|RUYKLx71=qADMoCM8nR5zKuxOc6ZZ#$kY zRV5VM4PKGu%PZCv`8F!WlskIyB(1E>r27Kd#?~`g42EmPNRC4H$QkGDRfvB+U&KxL z;Jo4fPc1!`)XuFGl%vXLh?yc4t4dQjw=0Jt+g78!-SmU;*7 zUFJS(qsT2Zm!Qc66PB205^14@h0rJeY_?J%VX|8PX+}GR#jn5wyQ<{C-2mvwETVZ1Di|)QlS;Q^<+oftS^@v`Re9r+dYLHdIv zhQHvmunZa$q$SVT`|0~o5F`4On_r1Bb#lvPB$`dy%l%Gr_)6pz1Y01UO?g!oObum0 ziOocc4;?C%+0rQcYN28w{$z0p5V1s)nn%JMPvs^qw{5-|Bk_X!iP3SnU9}acne|;+ zIWyQXI<44XshICOKYtT;UX#Q%ch_WA?zk5+nkkh$?DNreF^uzH=OA?6G5;MIDIrRb zjDMNMC|3+%(LqS#5D6hqGrsYM^5~4)ivC}AoCKUV*(JJTcJsTEgq0YaG7OO9_1o{r z@|B|uoWMSgi^zcMao=6??t1Z+uXt?xoe|%a@qNJIZCt7(rRU% z=QKpl+*JwWBl?d5KXP8aOUbXN1Dcn7&mgby3(6k~VD?j06 z8jgFxm?%GwFb_q-m$Csb(Krm;3HJmxgIbg>EbKF@WbHh#yh1un zaG;F8!3~j(k3u&tJULM6OBAc5w(&&u;Q;-5*lvvh7?*DlrnJ=?fH$&XD8z3+Rdhd} zU9`txnyF92B)M@Z7&~g{WdItHb|)HEv+X4OHgJ%3B`m*tlB%H(vgc#KyR`5+%)-sf ztC;kLDW&9&w)tD#OZy7Np(sQOPI)>IY3a7vXUJ7p8_<28t)ytTiT=+gN(UjXV1-Uz z=_nVd3Yk%jlK_(rI#7;MpDxz}i|PiSF3xoFeZHG8AyPhgMc{~3_|JaXCtNGJBC^em zc@HKXZ8hz;%(vA-xKJtKV!a6eb`wQ@qG3W=pPJxMz77{*g>6v^Pc9ZWh~M| zQ?Ng@gxg#p3|P+zKb|}*r@(~WO+F1Nq*jm0Qu*}P*5-)-psf1#h;ZbfL`t;UVt|Fo zmZI5JbIpB{}FbCVxc{S9o!|KOG2scVtDt2N(8(J*FHzxnisTY+o>$u1TZWl;cnFMwPP^m!D%5;F*~!ANm}C z4p-OmIRXhnd??oVkFnbrb{Ai8_z^H>E>`@KQ@Ai~4du9@YeSbg9NwlI%eVNn4VDeC z0E4nn5~=EZR_ixeVG(QyU_Jk(wu#s8|IP0m{7&5AFQW8P@0m0?wtjxjO56ox6M^>7 zo}e2(;dosQT(f%9=5j9P7>m1^{HKwHc|u={xx>W(yc50&Y9zTpo{6I@KO_T=ymsRBdI({La87ZXCwulL)j3toXjf@vg@riZT z;G%ltU&<$^)eKh0@1EVuXOm^3h5Iq94z5DV#x75{g&wLeo2NPGJ;Ukv043YESSOqK zm9@B49$56hM3wf739gYRWLig7Ha58rw}~GQ$CuU4hWns+QfE!!G6+Iup}{23b74o@ zadA{Wy(;>TmSU#j^@LslAkG?4ov>u)6$*S`Ley%)HnN%EcI1x!Y|i6*xm#wjz7~g^2PO&)6tIZ)RT6)k#EfYkZDJsec`e)N z=N25M7s0~2ddiQ_1s6vC+pY5zMkYhYQnLd(H&Q#nDM7dE8ac&^qqJmlnDV}OaB|_^ z1id;96iO0~=kUmBfp|w@PYT(gG?<6**lG~%(A3y*?|>$I5tMB5{#RU$7>tzd{w4%{&an6Kjy#N~UQ6vt(yjS9N<3xo6qC(8nu6 zoNN+)xK>94m%J6kmLoBF0y{kM-TT49mfF!c8m}5}p$$Qfv_F_OMg%Rh44w`Lmlolk z-K1|Lt|G73f0J*u^Q@tJP)h^nFQTJIX2@HM8EviDQU2HnQ?mp&Jn;$G-G;tz@q4PO z)0$TAuinDV4yD8up^apbh$VVXy>DvTFd^D^gztiqb_l`8Uk4%dr!Ku8b%-q7PyS~j zdiWZqh%!Q8ae~-ULTH2AanBP@07JILBiBRJQC#K%c_pcm>Z6m7o5Vs||nxN|64i#UKwaLilwHI(1>)`buhK?`$neCvjsOzsC_52M?)>^a*gL(KIES5}euh8&iTTj^tY_wShSU+|(R+yHbOfx( zJMZ`b%$%V*x0$e-sh1y*Lo==hc&D`)rBx8;+@a{pomIWj?DBajnlSY9eDZ55*kyfV z$L?FqTv~GXtj{C%LePb6pPE9u9Mnmib@1w`?r~%>VhbwaY@7mG zx)VaLCYO2XSeU~pb1yvmU=HEYp2S^}NUBFg7P;rT#hftyw`3?`196t&lB^JFxzKHa zfSvGpD{+D}t=jjH+;QHJ~{*uJvoReF9{DYcI1M(6O*?yU`U7>$XTJ^Xu+1?APtdj*9! zC&s}s%E3Iq=hO?@as`mjBz(}a$fiZuLnQVrT_@HZRq4>eFC^m&wv%ClXKO;~i#2Pl zIe~vh)dUWB-(=S-ST2Waa_J$t*4Z60D)799$Pe-qhz5V%y;Yt0R{ zlSVOOYpR!tf{)6dAklYB}1{1F& z`b8qRkm=PocLdBCjx$do`+k0YdjcYv&JDUNB-jLK^H_q8Ya5d^kIq?Y5lOH>m` zinhl9Gmz=*?+1uTnp+RTpD@u8&H3ItJVFRmda8XgRT1GcPS_ykcj$mXAa#Cy?85_z z*+w`rZ0djdqYJ9FF>u#wWWnyhv2qSH$(x}A&n`TP-rdMWD+0ijfY8~&>lEP~&Dwii zMl(Nzb`+~eKA)umG#iP3ft9ga73zi7Jq4|#AftcIb2nqyHXSpkA}^vVZ&$Ydqg{x` z)u(lsJC6j{2uC4Trzr+?9(|Q^&nG;pcUluRE4nt2ndD|F7ch7opg^R>K^V)vG6B`C zOU&8S>@gLF*7NZG?5Uq=%pn9!75Q|N5g?;ed%MqDuQG@s$SMCX-7cn&QREBxJ+#kM z+A9qo-``QkI>tzNFAa+eZRh@dr_>QJ`A(N5(;aIk>!^jLWAP(t#6#i7p1@_Kz{lL_ zNF%zg4jyN2iLK#0g1r=tr$W~5g$rE-v}srf$2+ghKj~ye*5=q>CU?tq!$!nZMKk*Ub?>{BQDb#~ zlUVSNUQ2}F%CSsytF)Sf*PAUuYsgo}T8UqS*1PP=V`H7qAtzvD`Q(HZ6H{sYQvF)s7T1)nc+!;N$g zhDK(ke0#q8;RLEBZVQ$h+${A~7w|hliaoF^iI>O~=6_VSvOSF3veF7@OlDX>+`kEW zhuv)Ndm`692OhcLme1@zOA@OKdtUBE{EagykSms48V1g){=AhC%0#xhS$FQ;HO>>1 zn#D}JaZF{(Ikn%9E)Mz*3b;6{*pY`G06i{A$++i_6{5HO@IQziol06#n2=crJ_H={ z=Dv${w<0s3j43^`et44wdL7EJDZj+sgr+qBusLCHr!%)2YwY_MStz5|WOm!NA-*UW z04!(H;i1)}*YCl5JAMtpGWR)dsvt&@dq0gm?{Y!Au6BK&nY5(@Ydn~{DUk^*JOd(r zjk)v9$!zzsEGP2_hMB@4)3mfOnnd7U9^T}WR#`o60)3hS!6Av72IG(416+8o0A$s{ zl1!qjM%}0w)fAezv|2zBBwpE1NWh&N9-=9!?$(dlGv$=NUX`&aFFzIjK`Rq%yj6Hp zPs+8Y^00aJF6qL=6^iEK<1>^h&p{-_)O-*o#Vn;&ZXPuff!n180WtIzT&wI(hrsBXflK#K|B+PH)ceRMfYKI1(bIo zaNsax_3labZbOv8X4THf;OFej0?&O&aBmv8%&*K85F5LG;G=9e?i~%-8{kSy$`k1M zJRvgEweMh#Hsj19X8Y}U<}%by`=aOT>Bq4IB|kkY6Pi$WS`{`Li3c9}&Ah@QdIA{Y zq%08iPI-2(Sk7h)jnpX+3jGv`!DRh7q&Sqd8!jtfdM3J$GrszrBqr;7DmLf5)}MW zQ{gEeQmOiRO@D@oZkp@nuSYpd;Kd=~^dDp!5}HzZMb`vY-;37F`0vIz#)ba>yq#X} z1@tVL5EfLfRZem|HFhdl>dt+Y9=vCSN>vIFMB!I~Jlw45JT}ZB!?9(e$6}BFaMdNu z9@kCWvfhCaCxHcChHlp#gdtkZmC=?XnatU}})C z#DZ7^s>;o(5%Yj@-BZcR?eN#OIWfy7SXCarLIBX91hZ|=0ivEw=}yF zpIW7OiI1Xr3Zl(2qiO_)+e-38GsC@>Q@V0{Ms|Y82~!4~vqmhT z7?AxuMDcj`r?>L)1OIXlmHm6-`@^;{p?g$ZrI@?rc;}^h;9GMmkNb&BD8~;KLN?=r z1xvi}dQLb29A{`k&acpy^5kRomt6^QwQ+C*Xz7L!qsJoLL>|97?_3zbo$oh9`7fpUouw! zDICi5gn}z@B=pt9rAw0YHd!Kh=xQ07sI*MUH$<8Rgo%=UJAPqk(=#(T8~#4OhX*Nk z@xkA1Ljug*f4Ri)s3)VDLOhEbMN-2Kz3oPtHKOWaw1RARcyA-#!)ahLTGsN~T7)o!U&e!=x z?UzNu0SbuYK-F9t^~@k4k56#8L&H76!hE)%pkd$7R&&(Ne5f%r?Rrqr5nbn2Vh4>^ z^yfB|=ks5g&0o>8F%Jv|B-RO~f->CZH9Het-UK}d4i0GU*={Aa?2(8Es*wk6P7w?5 zz?Dl=t2jxBZQTqV9dnJ25!(wV`M!3sDsqU?wS*>%lARemW-Ku@)Kjfzwqm^1w|HE zfU#yqM$tp3u6KEk*)YN%CAfJBT*d`eV(f1RV=;MT`QbIJd}Gol?V+}LLP71RUnYhd z>qu+G=*|`@-QgCpxH2JfTIUx3V+a#lwW9wTbk>F`WHo2HuDs8SF3zovKXS!Z1iK

|iQ5(Rv^Kv2`3{zQOXo%^<2=!|X52*{05CN(#t*H~ zBito!{}S=&9UcYnx)qGKk51_^UDr`7I~+%@I>iil%4BwW*zmaO9B4n?v18*o%>2&7 zi60Qk^JA>WDCb1romp}yP>j(HykvYsB^B<^zQgVcC}pHCKSj0)z~NgST9|wWF19H} z%jEWq7FKgxk)n8rzOE}Z4!!`;^%Xx!i8Nj`Mq6nI4nI0~eb)*AV@&AbF{HW^te|Rj zRhE}2&1)X5d`m5)+vins65W-l9$*fpFycje^bTk9xpHC08426V6cbJM1z<809wE`g z3kH=;v*baHu!0kl3JR_mRXp_ahd#qSrFSQP&fsF(Xu7b-b`rmHidt|s;q6pMy_fz3 zB|(17FF_r4uHw$LCg3!#xU6!xxIkKCks>zYnSiONkV_y-;*-mVbsPW|qRBc}6MCYX zw@faH=`y8zT-J)5PHaCrn zTZdjScmho+i5Fos87%>ZK1 zIUe=w7}Wa7p9+(pNRsA+%&lemi>d}n$vqBk2hq>zkXcUX$A>Igs7%E`T&y-+l!QfA zBVs82)x0N)=BS49w->w`=k%kIXM4~7wGXdj%yKR~r>q5y+bCRU1oS3kC%anPB?P^nUr^KvVbZhfyC4z^?zQ4`b^xF$N~E4#1-c&+ zvRlh@yom4kXN1i-!^|r;EsZX+%DEeIZB}@AX5r{s-S!*p{do6vOA~I)3)Jj4E8OK! z+C!cdr?vViU~1m+r)udZKvVN*UnAJfBVHV$8Mw+BUUm)uHtZtu!Z^bPDsp^E)9~FD zzEi}bx`_$U3W~qii}>-(-4qho8N;fAwK-(t>H}3+Y+;MB7T(4L{>4X6|5X4?9nRP? z3G5qlDShDLuG2`{?Wn15z4iGK3PaAO*Y$hz;pN2;@gCEHR-TXs0D-yeJ_CA>fw+vi z?tzVXzxsP0+A&6dQf}OcWwM8oy&@Y@@iEGKtl81SLLGNH;k~tJGV6hK@<&!jeTrcM zrjYH-c7;UBcj}cWyoGjVjSu3s>vAZMNOiv~E7U*voRMysk5wCTc$oh(6XSXwCpfZABrT+B9m16Ev(@&y#E)r zDYz7hyBVLHC1>XiYLrtxltYY}lE0q`>}s3XDR*h6u}{%|D{DYhIxY)Kz7rI@Pox>$ z|8aX|n3HD|MK)rqLLL`=ofKZ8t*=n(ePD&UGVz?)$|28$!V414YU#lPAsYoKzXrRv z42+5N2tB048Sz;ATRNJe!Sf61!Jx){RmHCxdx`9Z%Yznw9oYk%Nj@s5?#4#w|9EWe zD`#F6Ym%0vG{gAktGhTv5ejn|x;>|=x{}2uh)VfuZdpsS?~@X-YRgXnDtopnZ?Jz= z5hG8)xBAm43{FEBgB7$m=#JD@m;eN_&J~6q`KL~fAfC(7fA|#S4IXBnq7%q9LFvyE zLjydB+Eq5|{QvkI4RNig|I|Opu;($!T-gdC=6Qhr3ah`l30&sbZ?ZJ>uriitMu_15 zd`M7$Nc#>MCW-6I$(W>h#qIH$C?#QooppM28Wm72c8worY^;3f@`dllp6zqJNc{4y zWUJZ<$eULoqX~tjznMVM~yx{{)k`>u-5=T zD3QX5sm`(Fk$h{Sa1k$i6%1R=^Gd{d^xM~MFqr^ zl)yB>(pmmgpfU@;{|G2ZP3?(Bh8r`@E8Tra;3>QnJ)zwRR4lp{3xCMx9vYWTvVHNL0%nfF=yT5cb#POfZUdkkfjiiOnc+FDi2cRMw*;7vb@E(FZMe{l8n#Onk~+` zVJS>co(Eh>QcPk<A%z_5$zH*$(KlRweGM_3SQKkU4qb&@0)^e@2zNY19h4ugvO>Xux6Q_y<8&9qa zg|&mkD--80VG4X4bDz~dyme=6@V$odybfPwKf)i=;cr+0_`NiXx2b^zQ<Q7U zAb&<4s(x*tTPv>-$`%Z(Bn2Yc4hHdpCo?i>p--gHCCngbrbGynRcH@(sBC-@$_nFx z&dZtoib+Zs#5RCBu~Q)WbeP!l15=(UXy^c0EK1pctsre!-q}9(;bwmeq&l)sGD0jV zwy#;$@Z~7!eRPsWRdK>XD3ZwCsjA>g~^cT1GlYg*8)y3T`1Ca4>sK88X7jow_}l4eZoeXFSe=Df9{^?2K4V z?U5lx22;0$XZ%9^j39~PCcC+_2=$fvBM3ikJ~*hYbt4LHzn^_uRj8h(*6E;4m^C*h9F zT?K*6&dHw+a0CVi*4(r}vSY7&H*?T%mO!a}CRgBIlDHLc2ig-4aYn~uDklYeW!+$3DYuq-` zx|s`)9~jF%(V4|wUP5B30w;@UPNL~=32G-r#W(Fps zgc+NuC@tV`@pxl9?#iXoAJ$bH7(u1V^d%ME{NOO9^@d5}1o;x*y+Kc>Iu1RC2*q^W zs$z z1g@rJ>11U0pQQB~x^-I?l*+)<%LKn~-O{Ti7G&SlZrc{rQi$I0fe+XEzlw_vzT(Q15Xl<)EcOnqt@L_zL#tP$ z=#YUS?v4?Zb&%SJ;akJ8gWl`|>GpTON-e@Ys?olNH@!x2%A-uq3UBX0@MG1yLig+m z+HU)Hz~tszrSHbPe&GVaf~kWnJyYyG*#&G=g;@G6v1H`~j!sLAFp%6b&wZ@vy5upU zYn~xal$f-Les+iY2E`q%h0e*%7{lG{0cGvXYOp=tttOI+qc#$dNHFNTEOX<1lXG`x zG~yEj{b_K`!k$55*7wg%XGD`tbd^48sRIiM|MoV;zJLp!v8BCt z3lhQkBCm+`fwO=7Zp2gh+%&wve(Lu-{%9Vhl108Jkz(c5GupnflP_Y2$^n3)s8DI8 zDd%Ff!zlmnw)Vz*2qOvV7x+v7e+)h-qH;XZgqx8?1k+`fi*F^g*BWjxd!NVhqKG7^ zv=^ep$6Er(z%lLz++kwlxE{s8p}C+YJ7+7pNfqNrw;@5vr}6ir9EkyFC~T9qV_GP| zXW?JP{^>CsAW_VpVXh%fFzA5M)zWW0a~a@*p6F4^Rs4Iajit9_G8jjgI*r<9e3}@k zw!&Yq8Slu0do_`dfzH7J)s&b!#ZEIl@YSh^#n*0KDinG|1aH~~%jQ@?H-ccrD#Ew8 z65KxJhyjye%pKH)y)S7D;rzzx1r0qoye-7uXm&6Si0{bPuvgbTDeAjoCZS2ZaX6}hcsIhcb(x8II2uX2(&$S=jj8^_?e7k6isRL*~M!Y=V82elb zaY2i6A<~UyePBHTvv{K`?en(lc%o3m_UWy<>iv(_SI)Au2O-`v3Gh_4DI8>a{X^oE z66#+B`xxip*MDa8lo9{J+P-EcgT=v?S&32VNPY%y1&=+=66iQV{BWnHp%DwWCW^D& zr`|4<3#1(S&%d7Ar7>O!y2kIMFwV30pqV2cq^xV&qlGovq0*kao-2#lHyRU0URotDfa>-1bgi#W@Dswptn*6pSAm?pvu>jZ2mq zLz@!Ev}Wu=NBAB1cFy!$v$%a{ADZMPPC`LjudS;tC6*olL`!Zy)ubsT{{pQ~ICF2| zdKL6w{DIq2y&=7VnT4lN2QhLK`082K*QAx7TK#?~-dof;_$1Wwqvm^==>yDndlVqT zRZ{evQpz=kMZ5-MfQ(U1=1BMHE&Z%Cl4H{Z9SH4aH_`9YtQXGS%2L4I^5^dW#wX>T zt_ewQ^3~S##>(U3+O@sU9Hr0xP#(m`HLLl)2bgPF$&}<}GfD~lX^Eonu>F?rb8IjJ zpJINUDF*-d0+mRXBQ!NC#U09`ka5D_adpNvPnW&Ujb=Hx)f{ygP&%@8bzRsq{w38} zC;7LOVJ^~IZYK1od;q?l@_5ue$idpWmdZri^}f;TsK zbL?=gaV#G~6wVP@dHk;|0B^8a42`f~ON5_Hz(!=tuF-3q2>ieB@Au@HuNp+yDc+0? z_KwlItU*K`F(&r%h^wfN7*J%7c{Y6EJ0paaF@jQNxVAU}GS5n#KXPmiZ>#;K zx=y{9dgC;{9XbOT^^Psy4NJ3zUj!W1RleC`L80u0@uoke!9x2GN&{Ga-Otv5P#ux& zq&FmQlN35IuM>W4OOmc(h-p*<5$JfO?V>~(_URgOV~iajpB0P54n8eK%1WScuTGLq z5W^XqGrT0nlPFjR!b&dguzvYElM$f+>-_mOW44i6b*xla3H%^BjS?>W^WOCD)8JDI-9gq6vtepc6_7{==gfC;-vc71D0y4eJy2U1R(-( zF8^_gK40JSW<*cg(js&36Mvt#mBAea& z;`aTZ-y`~V{ByecH)WH>+tbQd7c}pQuLAeYs2pnyh;{8-->T{_J`!>_=!;qMoVRX+j8=W6C z0{5YL-hlZQs2THkF_+@_7Hr zB;RXFLq2YmBc7%gWo__3C~>d3@ztADw*$Li0iGf_ZiN@cNe(Ch=(Q1zbeQ1&YH=}e zcf^FJIv?sA`2sdPzPtSplTn=`71g1*uTQ+j-Y82TAfj|( z#2C-gC`cr`<#BE{m$8mOM|}Rdsu25wvY?lm z&YM|uz0f4>xs~PL1LJ6fa;gK+(G4z2bFrERrXPKkgXpC&~zQ>B(c?yn9ndJX03yq@F zKKXb}b5>d{s{e28M3q2E>Y^pXC@{do+$s$JAGY2qs*Ugc!%gsF!L@j?LUAW}ffkn* zw>D55iiO}%3beRW+zPa%K(S!KA-KD{yE~lxF3wu#|6OP8i&=9yvu0-RdH3gio)nhK zCrB|1CiDMiq=ll5px4@N)2o(X1bmX`|x9f2iuuO+tU&wvkiGls(>M61gOWd@c1cPeO)LL&x9&wHQa*lOC@ z*>!qlbNsc}g}dmP&s+*Xjl-Exm%GfD2M`z%BU+capB#U^=rWljv*xx$_WgqcQ_OCV z=VQ6Z!1&%QGF7UvILq4f=;|Hs=`^X-pOkW5m*S$Rt1u8|Ec=(Oz1gkz*C7Xa=pYdu z%=;N%;U37^Bug^XQai_&cn0C&RVjSA*G$2gA@kIO`N_@Er=i5bSiS5|e3b1*LQgUB zyXS>GFzUI|o)~l-Pkb-qdwDH|vV&*(WK*W91M5e1)JUtQE7T9kG2!%Ok z9YP(AOC-c=beZoqpC=i%S0zj~Hb{P2-`0$5err@UoFUgD_B;1W61&mq(+XL<`(M?D z<%IfZIwqOxX!oc-NbdRVU5Q5VCp-Pvs`a!gZ^Uh}T=(0maf4OcKl}x$*V)Yr8B%35 z{5<=Q>(BPaBQD+>u14O*LQMS)Nl#>MgkDdRF4)*BB+U^ye)pOr#k?oeV-*Zt){JBi zo2fM^Xgy*3&r7_VlZSc$Kz|OuCC$)cYIT!2b3ms8HY=URfAMdId_BciG&*HTkKsn7 zCUYC^A2vKmr;OxpvCAO-kYgF-zj=T9o1$~+C80~g#sn3wbR-!^5#YYos_zpgqi$c) zOq|f2D)5{&Fx%@!b%DAld&TMQ@qlE`w9UU}PK+oKz7AT@eqL(aJovCSqKq$u243|t zMO((+0Q|bdhkO(I4j`BGJanzx8uDoLwxnXba9Jb~<=`@&d??`x^zSvQghm-RI+gSt zrWDjyRe54dK((^JQd7=XfGb7Lpz7cp8Of|o5EbG=yE#6ZUXu9@d^v;)cBm#~Wj{@qIqYTHtmXD!M8GYH3o9^ie*^WmBX%fN~W%dVJ#$h8tn3k3`C z949qy&{m{d6dMcKyxIkKpNAv%!r|cXS=V``ub4n1yxcOMmfzv4q}9Ex6N<52SVa}kiwYh^#<(}V za|vnlO=(HpKl4>*06S(o6*u)0o~DC3)xy4o&1tMvkaQ}xeU7^&-~ zWwz`WZ$uBm#AFC|;Eni_;LcG5Q!-mYA6@+sU+`!{;wDkcNpy|J$KlgrQR8cvJBO%y z=gY)M)G6G%Pu1<@2>+na&L-;-N2=9eGaH=Z2-{C~r6iBcsEFT;rZW}dukM+Zs3DJnf_M^A%Q@rI0T7lqBKU@VfV0DYV(ER_ca3JEni# zQdyRlCW`gz$u9Jd79UKwF3=SKC7dsN_3t&3*+iY=E&?i|F8l}rO5)fbIN75-*)u-J z8}kKZ1$lJQc_Pv!F4Xs)WHl2r<}f#-=p+YUp|a48$D?>Wx(yE3H-r-J2eW^^?M>NY z9f*6$yWZs-4>!3(Aea5}NA= zJG+e(9}+R6*Or~oQCP8|KmBuJ8Z+Y-jmWdzTK_30%+f7yIO4gEP zj`Y`K1X_!}kZxLW=cj(gMW==OsJ+>eeB&Bub+zDns+x1^PPXQHvFo=Oxz_hBGB&=BYuOb@5xM8C@f{$Wa=k;VDfVKY zAd97Gn*QK6NS^ET_iV>a;Fk^(n;qE#7s97`nO_#X4gLtJKNMO$Jl_Bh}H9tGCi+>j$ysrzzl@ zN)b-;ZFwBV{E>X$(%;g0*L5-H{(kBvyF@J_yQY*kZ05Ty8D160S|`&6@lDs;e5<6A zZ(Q~ohU+r0Zk!rz$l&e-mqY2B(wUc#fcUHShF$l+kKp+*^IliL1Gdh z7y6}@Y>2bwoqhR6vEHviKlQ_3pc~{r5Luwf24sO=mv!~z0i>DkV!rB?bY3mR8-wB8 zLJ^sA&I_U3Q<`MrBeqvYJEH}w;P`&kCf(ty2&9Dk-zw(+&cvuVh=9w%xs)I2cGZB1 z-vAtQ7b6b`0e5Mt2eB(zFxXe0oej$QO3jC{>Z3{ZMb0tUHY8N)8)OslEbo)A7^3(L2r1G&1N{Tnc zhMTi}f~93-prZhAyWiE`5;Pc#09y03ja`buh!$Gp15Ml(`FhWJG8=wiQ-z0BckY$U zM;=PKKfX5#8O-sbBx2e9FCzm(9?6N*d;$$cq~z9mvp=S z;|6Yx{~FdA(GIKDGc8J*lBBM~@QLF2-8T8FqotctN2%-o5oNsgCd($_V+?iAtTWd% zWFGK!F$R9zXxP*b=uM1CR5o8DMyPF!5+cH=hX6nM zo#bX3;RcN5yCaSEp1Pj}H~GyR<3&k~H3SKPU+DtwpXs6Q=;N;_MS>^2RKMe?RmQZAf?xOd?!*YXXEhL(HZ!=tptKgTV?@JP!MvWZrKP`gbv7D2~ zj7$?=u%b+=zz{m+wnoBL)rb%Go#RJsgd8@R^SwNFR&L80HSkgSQNm+)f4170x5dLY zMD0hLmdh7kl5AJLSRsP zWQ|DpRP5Wtk#3&`=z*zHnRFp+E34vHJ2DDYGb!-g{Rojej{hlrK^Gf_7Br!64I1Xb zG@eIggWr2DVy4swp<~xSd2W@>|7k;;g4^rsR(X<{Gm~~3g%Q%t-^LU0pp@}f;jkU{ zCzpm%eAlJN#TwIWvsARY+3w=n7INo#jx5!Q%EeEg14X4DfaYyujh&EVSe#{^a!M(h zP5tcML_DdbWh2a#+wn}uRnT?ZM$|;f!ns*$!tzrmGKsCdWLz0tc#5*O_%w2itrm}` zc3SGRduhRVtgv3YUAg}Li|<*7GS+WZA1~gc;U7QVbt^=W1l_cvr9%cWC!RRa#OC&pt2~9$HYVcWK z@gzr;QlF?^%z9Jpc@PmJJ?^8|l4w!=p?xMuF9B)uZ44VwV{n~lMI zWA29?^g|LC!@whs{S=yVH7i_N=l*CaXk9PUcv{+*d1^l;0r@#s?+T~on;w!1xIIHR zVkdM}-FPMAdW|#pYIV1-)RmMiW9RVhjA6lqnomHhMU_wN4DCM5)926ZlBw(l4RukX zoyHEQzx*N~N#q-QgdTU4`tbgL|xe@%gjQ11X!KPExtb~>yPP5Bj)!(;b>h_MCbfXICD1wK{ z_w{c#zXF!H^T%o-F>Wb+e0vNr()(;p{5?^0ZdF_y+*%7$24;Q&0*;6Rjo|_Vp+3{v zmWAV)q3=(j^|oV++O#TB(hX3r*ie3PQ;+?T{1lY*D>-OWPTI!&hrLbu(u^FI(W>Td z^t>D;!_X1-pp-ysS&(u(9@@zcY8#r#ZM{=r@J)%miE4$r2yU9&7fX;-l$|*K_>6 zI94I`<9E)2QM|^5^-%Q3eQ3?$j_cw*!_=R<5hwK`w}n35CH9#qDps0;ZkXNPq~mUi z#^JcGX3ELXGq~Q)bb0l~`)XfDdQJf;ECY(>u!!gu?mOTjlxF*6IZ~B*G2K=LwpS--pOWn4d((nY;ov3xgaZ}R3gt6cPy9|Px z$^=Ygpp>BZ+#%16Y6@(v;Plp*WmP5)?Y~1^7F7il1&%=C?lghYxSq*e>BwyFLe9+_ zqNA4uCkC9@TKLB!)AGG}WlIm+?G8!=snhH4nUbY>@-M=oAF=eDm3nta04xingbUV z)sy<^t4Ja8>>uO6OU{6sg9Y}!YRXt;6L5i+*vd%|2}TPZ=AHLLF1O@6bQLXGtnJYv zPv@G0Uu$ZHDQs5m%G56S^kUtK-3Jq9faP~V^df|bqEy4!fZcmH-q?9iT)cH3w z3&3;xW>2Ymm|rY=No|wTZ!e9V+#V^=*E>uLi3lIwh;t;Lco#~K+oK?v^&|N)@dAIf zu&{y`pq%yQ-ZzS#6B|?Ass~iM|4Nh4$lJ*W#ih;7CT0Y}<$6L=Sm`I#`9Cp16Z#aoV~&JD~>R)1#iddS2-Eh2vJP$2(l3dOcUd&8gn?OFMp}5 zT$m{3{aDQs0Jub_wm4a88qz`|7CFzPxfdx?+#d+2V>Sn@C`N3mCO5o!hIktoD!T~W z74^CrdYq<3f9|vYwh(4sSJ8d@^B3RJ#(IBsmE()6Dv&IGa8#<`qF{)Ko8jFhons1M zof1=Y(fVa6Fc@L@j%N)6C9Wi3EKMJA@5c!;if5h0D~WCJs%N7=k^DAz+*8C;*S3xc z*w{0_srOln>fzB3B&-l%^a*UKCpdkV?Z7w?vSn_$vof(5zu>v(H7DC-Z29e<+8Q}x zMp=n)t528VabS1J++?x8@orJ_P`wAkHHMw=^he%fBg#FLsL2qOYhQv7eIHQ zdD3vpAhW2CYHeR|5ZbOB8T+NSzwu&{%+arDJn?EgSk^qW*l}mnMD*sOhmBU>+#_l(=Q^{GpqWiQYgIzePmRCFROtyFy@XsMx?Q?!zg9oPq*^p3T)Upt<$CkFa$y4QuQd%BJ z|B#-jCbmhMtw_4vjHjxHv>H6!&$f&LNI*D%m z-rK*TPucl3TC!S_?4&g$G`01*gm(<9K2yO5)#lNEjbqp<85t>#`Ot*o1iJ ziZUcWNBg``YHI9xIkQC#x+0R=E`FO}=2q0x{cJHy)U)(%xqSzz&>o5}$Vi&n(Y>9Y z$}lsVe6x$Bm3BT`R+CD<9en3GW2OH?o8{qTBj6!4UCcI5@*r^xQzfbb@$CvZ&gs;~ zNgAoIUuv)tichzjtOA{xS*4-oEho%kezd;Ag;utF!(9B}koMSm=d{^R&BhCS9xRHA zZg6^sAMw;(3#3dk4Gg5nO}ZJeWb+-uJRff;!(;U9`k!wvre4C0e^d@HaMW2uL)4{h zPwkO{>%qQPdnr~~tGYrA#2VBAe@0F+Du>9ktK7#duRS)uR{k|T?i{aKa_`^xXmQZQ z-%nR0kh&zB0`T5>eLI2;ns2*W09H-F|2_t*L2dRv1uanV^A!R3$`zkfdWas7xA+jc zNi*j1sMOR{bW{71lelMDx@=1LQZE#Iga1z42P;cm*`^g6l(jYoZZuY5Vbp$HY$u8p z2jt_Rog(j*vtUgLTXv?E!I*C3_m*d2>zNmH6&SF{edf7-mIEOk0M-^yj|(1!@BZz1 z&!iL6gX4V;cykmbi)!-#aYTx0d)m1egvzGk2p^(S#mJKY335RrDn2 z{>`H}Ctp;fIU%v5Ai8q?Y*wSOCjEYsY)WCTSbs5N|M2!e3MrV~xS=GfajLk)6PMza zW`ijxH$ByQG%k;(^t!$F+)0Z`&pCZ_}CLM_sskO9k*Bde!uRL8$?6!s4*k zSlyQjg(Y{WNE2?bg4tFDodlhk-0JGYjqW@W<(Bw*eocA{7`1ABISKZpszTwov}KJp z1t(7;@u<;)Zk+O)s`BMFc8Io*3_Ab2hf-M3k{baKdbRLzM_n<@1lxFBifgTC_dU@MN80@EsIr^Jcu<`X;~uHt6tMT!R9pFh=)=4TSC9??fqQ_yaF zAKgUXijNKjCXTIZkDD?;j~bs!IbU)Hm#iNvi9gnosvF*?n?JN=`tM?J`fH|~+SExN z?Vl|a%t9$P0O7C5R+^vMpVF|gRi+-^--?j$K5bb~x1V${9(-ulc)YssmfYlx4jd#t`SWAS46rdh1t*Tn;q+-}t{A)(u(yeNIgj z$bLA#IP6EE|GjjeEZGWHh?5BO$ML8M=!kwIS3Quj{_Ttr<5BBI-j3+wMfxUxgPK_= z>Ydmuh+3t{Cu%7q*U8D}DD?FQI%5+)Uymjk#?8T7_C+C#Rf7;ZM|01FXm<|p56T=I z#LxOG6PxBMRkN@HZJ%zFjOQ5+8<(KZ4G^$6guiB@0HV2JBi&pClk7g^i#P_EZ9)3v zoPitai!}?`mH5y`trO_OyDUvJ2KXjTmIDC1rSL1T=n}j(;=BhA0V05Tz?R3WD^F^h zNY^@kasxByPchweZ>!76+B!2N-k#cTWKMIQVO&oK1*ct2k|Vh()(^Giw;}U6h^}cM zH5GUo{m^&=C~UE;wa1X?YirvGW@J>k=%cX+myz{@+w&3|#617hQ%u&$aDe^#Q@UED z;16B^ur?G5)5wig9*pHhQ1#&bqqJfbh^b-TpuqK=f5AsE9CQtdrm;qW=R(*R$Pxh{ zn1%?}LaM^EWBHRb657gIYajI%oZBx=TV=IX?+{y7-@VZWJxCbCSAb{C0E(>RskcqX zI?7GQUq13YTzWP;P8k{+qET(I<{uze_!IwdZ1caFX4{ZF6)|H3wNPhOHCp}+Q9cbj zMRak+tkLnQ)$W{$rhk!A?)88d6h)Y2*>G`LH2;6kv48PTV8D3kwAN z^s{;V?Po*~0pm{dfQPNWG2Lfr_R@~-T?Q)>)X!GvB3(KrXu5vWBBReKPXn)3ey?e| zOqt!;4#+GTIIMTaoyMA2xy{U2XWE~}u}RZO*+ohois5VOs4D?|j&7Hh>LD8=-3Y8V za|NoDf@!Zet^L4b(8do08qI)T9`DoAoo@4Hrxtg8A~)Y}R$19~QIigiUn544%8@xv zbvJtH?9^Nu61E6fT?#(8vuktX-jzhcy^W+>2ITpVJNo;(C5OYW(Nvmzgo0&eu02*F z&ipl2AgX2mtA?dCPeB3Y?OBhK9u|8xBxGBc^_#|U_$42*MYGZSf&sjzo}9RRdU4z#s9B%>Li1P>(uYFr&Ob@r2ON$@@OZF< zs*1cDYzYc3X*NsDJrpRvMk0l3EA zXhA~{#_79viCoU-XZ>1VC$&7$1Z3>a%RgP0YumqH|E*uvL~|u+JUc$#3t{G#yJ!E; zRy3ndP8{dw+8jWX8r;A{S3599BGJ-!-(``NA)YCR?H50hVmLRMBnN$i{hX3C5xaWU zI=%n(5nA_Voy-ot$RJ_o>SNfGM;NElaq0C|Ld;xU7L3oz>caEsYD%Ur!aj)e#Q!4Q zydG?rzGnDs^=pe>BnOQa9Po05SkQUV3ATe9W9h<_WO1kvL* z-}dlXU*bzGITyx5Aad%2}uE$vOpDBr;~@w{R!P+)7_&*IHxO3NePR1pJy&S9&x$b z*Y6g0W_km%qQI3&?CX|T>+8}9UwUYebnKVAu}3naeLi`2KQ5e7clYF-%}ILlvCTMK z+V7~*b74Z?j2Y7>4&in?O)(j%Fa*A<@-gaF0ej38`d7&cB8fsp2)@5ZgFMe#fw9H1 zUoiJ)i0f{c@f>BdqWuc3ZGPO)w2RPBezsKp$~+rNBir^h!OoRq9Q0q7fX& z+u}0{%n%{HWtn8(Ba$V11izn<$>L%PpH^A+$Ukgw463la_VGIXh#@P({X@q1ARS_6 zs&mkgT3MJ5R188o1ghf$bBK+{21g|$`2h9Trip?}WYHW8z@%t!hGC-=2(Hwa;5?0!W}o>8OG^n(+`CSn8}_ z7v-PH=ChJojNeln;?!OISKX@03*MslK6Vy3msn^~2DcPy`1K(uHKkn;eIVagkN=+D zafFH`p8VW=%zoIHDJgxxq&mCL^en6|av$&L_+B1ZVP-t=%T+n~Th#<+M(JOaeULPBQ5muP%Fw{U)r7K9mFS`q&B(NyTz}Y0Rw2 zVHxTTPpL>Zhv9Er{f#NIS59zW)5VY6>>W!MG6wbvY4RoKUOyhUdq&2r3?1Vif4jl5 z5;fjW;0>T+8PGKwkGUW`|C-|1Pr?x?hY3gtV#D!dF&UV!)QCItB*IS-!W=XtOs5GS~cXBA(*$6Q{kC#bZ1;>2s-g zfjZ?-zr7O9L&~QIK^i+h=tUBxy)S0u&Ibs;WGbV1&BL|`wbuQ}cC_a!V;zXBoJH31 zc49)u9F;7X$Kp`eytWkyxMrX~K3n7VMDfIDE|1&8Vq%qd!B<>@(f^fnvv6l+gwXQGve!eZEmO;6Z&JG`Cmh9*3AV1oli*F1}5kw+YVdK9>M7kai zoC91$eQ(%+BeZJL%Tp?5C&v8())v0)H29BQZ-VQYuLe3Ax+#(F5w4rmW#t;_A_pFK zpDfr@+<{Vn`+c6)=aq8wfv|DrY^q~N;vcVPLuN6*+&E0^Zop~f;_&IN4_o-qZdjzI z`e}dvmY_BBXnC{taJ5vyPngy2;+ zr0Ss=DUZ)=z{Sn=a@cplRA_*&Y5Vuq@p+msm!ouN%QOEKdIf!afgGvDhT)7%_E?4H zeAV!zARw6%H*8NJT#Be~i5>TcfPxAK;$2~rV0)(Tsx~>p zqyw-MJ3C0gH}|aB|6r}Ssv|M=XTa?a`vT^c`Fa!VtfcT7S4BM0_HyNS3|O9llLp&f z65K)y2PlkWvmP-fK6XH8-;jaGzMg&!l$YlnnA-}%e)<#BS9(e&F(l1L$z!tpX(+X1 z`i}v=G8N{w+Y`2CUJj~+1yTe%AAek>!^I~1exLV`_QjDR8odEWoy0C3{d=>U;X(Mu z>)bApnq%oXlGQrg7}vqfpvF;|96n{kAp9Jmvy1Y-pt^vZ6n%OXV)nWaC+Tf{+!u%Z zWY1#i2wTUR)l^nXPhBMzGZ}fg*C}Td2PJX3Es8h1bgmr|KHg6nH#>ww2hmtx<&Xi7 zpUq%(m&>N!qW}1a|K{c6cEsSR((AZvc3$?jj|cdHTP%wfUcCv@hHM37Kt*8-8CjlC z00jBm3fF^dJ5qszPMhL=f3;qYgoMD-9R#W6Y@@-$hm2tyY$uB!X^j%&F^VIyNW%hs^)My`F-~bE z91>56k#yaBw!kRPFxTIGfk6st&p;g5Z`6!o{{7RW{VnLhAiO_93qLrR$=;VWXTA58 zH1c%NRE3C z%wLfJFnwCe;Yvfj zy%o3Zg8TBLN*k?$fjAgQ8~9zo*+R|18=S-6AVx+H8Mn4nq;uz~$S1lnb3h38Pq3Cn z>i(KcBIpf>yd^j3@679bNBB~d#siJVsp;|(DK+8LM)@Y686c~_#EjAKi z63mp4XbBCEokAD;)Cp|EJdJ!~diw@rMwY5EL9Wq-&q0?(Kd(z(<4ut_)E#ZrO1Jxj z^9pSi585^D9&EJoyd$@4p90-X7JoOjrsx26M;am%`WXNTV^x9!|K7IaSE0Fo{A*stp^Q#m_kK_j=DBJWaN1L3(ClKy zwy_qaCc{nHZG=L2IO?PZ<4~dfv&V5{T|C_=Hpz<28Qn0{H!*Pt)h&q=eF#${vcWr} z0rYlN%0QKi3C!XGgE*z(( zWmY<+G<-1O@?3modszORc7EA^=a5!k*llXDZkBGLq4KWJFQBSC+oP}fX>MwPvgw+Y zdf)=(7;N73zi(%#4Y<2Hnz>w~%yJ6?!k+h?q-q9CLJeV1p>;IL0IhrZ>&Sw(H zJ6AQ7dR88Fpu6b1@L-m;j*<^%BeQK+-x{;qL<+P;=s6hnQ+0!bMu3o=C#h?F&n1Qc zXZrnoWdiruH8cEcljTGP^-?7|NdipndOs z5m8=Ye;GZ`DeYD8#izA_F;<)6ldk>myPwa!ck@M)?ej})Y4w)GE|PQx zL<4Yt;113{W61Aj`AmR*Qs%|?y+-R1h?NUoz6#!P?&GpAY-yF(-OYzt7z_R#TyZAz z=djkch{dKj8(YeL$+{-*<+W^8@m>+8D7bMW!1*vtFpLAznEldL2K={(oGHoOf6QSC*s{o$zkM@QZ9 z1Unygx`oHUm-iPNQ-TaTm>5M1k4Xmv1@EX}7b9UuX<<^ve@KQ}tQ4=NbVgA^ftZi6 z09dF#OSs=|a0Lmb)Pu16+!Wg2NRflB{Yf>Q2d`HYK0UZCD?t-5%z@|sb(2F(LF&~9 z^!wmk;PUegM{N>z;7=9yyQ_r{DjuWORu?ss6;T4R&%i3C$FD6TX2vvS+7YW| zb-N@fWdgsKE(Mm%JM4c~Hd|{1EZwHKH9Z|HHSbJUcwO!rp2E|)%3Kj2W=NL$q8W6- z*_9rzuxQtV=goW{L*SS^X17yMeFKHZT?!&F=a1jyaJ;Op1}dt+5ECZQ?0L%Fky~@q znLZS{i-I!s^FaDXZcC+z*#(xoIw{2b+1Va`vla|m)Rw|PE6&PFv8^l< z^gtKG{@NysFxpf0%P4!9LU?x!^=@t5_J_b=QfbEK;Euq^!**A;ORDMkRUXLorN}>TZ5e1GlNP%( zYwvmtabp5EtlhSPI%s0+(9@mhC$OB^-|9KrSJBG+ zwr*9EO?vd_88uRnLa4}ynERp^M0#rWO48BNqv_SM z0%%&a?XO|w>jV9jl)PMm`dtZxsdQhA5bi04Of%YRNi(~@pQ z;~C4SFO&+Yta9Cvl6^>WYd+BN>fvB>zA944PPTa+VVn%Ejkdq0_+TknvaQ8 zV!n(S?J=~{PkB}R^646t{0XhbsQ~^$Ug1dU4HFu3?T8;8BiMOPG3fx!-R=0227;U# z8@|dn1f)5-5tFN#9$fQy;t}(CXi;&J_s=7@c=u}Z90yF4Qj+tE-Ikgwr=`xI-}gr9 zLTDG&m0qCw5vV+KCPdHEs|_8Ec_7SaT`nz@wgTSEDJAJE&bLt)gUd~Zq0H7oCt5|glQNn}W*<2j|(KWPvWI?mM3o10}8&ppR-%dp)# zU1g@E_cxVlE7h6Lq)nF1crN{Fh~CD6N9cvLyE0E4ExuXYt91?D>QAbIi{@nueA_Iy z87?4&7qZ@`76d)o5>$*I$U^YnARHp`)_5z3zof`5a0Z}l%{P}h7jN8BKx!zS2L4S< zLZ5$V^=kggSEfh%ao_a+uiW>WW4Rhl{k=E0sE!2#M~kv)93b}S;qI#7=aD0W`~BdL zlU(k*i21P7FE*SZiH3)&x$-T0pAJw_u~ca?ZKoUu8kPtLczFMSDf5Pw&zZnS`!cIu z$a=T-;h_2A4!zGlgU+wga>2pJ$MmzLD9vClog(hVdL;|3xr43O(0d7aIuLzu&D+e{@E5{^#0mX=B=5us1CGT-O zO`B0zVd!1JoJ&S$+!KSCr_L5~OOkU4N{oB#%vHo^Ll6Vk7HOPr$8E+%{2xo<^8E>2 zev=kQ)!`orJF`cOdsza-5Rqa>XNx|EqWMIpa&qUFRW%D9GwAblHBZxETR_(Joz0^O zP?;e;tXp>o@$+;&so+%VbCKKrH}(SP;VAe_t8;lx^63OUA}lXSposJ6e{sZzvy-jA zOUL70CmWOtZ%^gf{C=^Rp`*-yE`6A=65@a896mz~Pph}8-_>(U6X#SG2P3TT6^`9U zpx;qiS-Dy1B)CCyakNQ3m?ftw?=Q&-{uJOZhmti8SvqIuok3>I)imi4)p3-7`|g}` zotl?Ut`^=!WhBiC!z>02!#w{7vJ$-=3+w|lXn-zk93ud4Iw1HVK3aqE6d)D=bTEyU z)l04k&@oLv%fL!BD16!5Ns)(b{qmBm_+K?60G$!b%dlyct~3`N0O~bMOyQUX2HdIq zj+7_GWO3g}dnLs`*|L`+cyP@4A>9~!)tzr&!|mg|Xl1uIis-C&X5B#Ovk7KbPg1WY z&S~W)%|=;AVRMPt_ucpolr=24pR{{(j;DL>TdZ{vR_k+w*o;oX?2ETKCu;1A`M;eJ zE5}IBE<6S^)GzHIhIhu61dnc;W$tTd=Vtpr=Z!rYEKnl%IU8s3lK>O<_IVgMw^@a7~5)~;X6wF z#kX8a#P?%P8q8+3V`?9}ixhPrm9QPPw+kCApD0C-1l`fvh-SSzW?FugrFl%6 zL*!4K!T`23$?XKGl9(dF2T&lWq! z;$Dfz^(CcQBhV+EkQe@(z|az)+VdwT7&VE5}UGrd@^)#sS>NmZ$pn!m9RKG6$N6A$bOUh_NG80#Zi{q|^=bm%HyPdTD-+%`01 z`}DoyH8?z7(*C|9XhmGx;juR{7j6x1gM|hLDb{aVPW}eCp{k})Y|aRK)-_g;#<#F> zYYZeEEWFa4lL7tNWJMqx9h=bA{GoR$N^~aeM$s{*NzTt36&bQ|l33hEPIt$#aj`OF zO9lYsM5n@=Pd?N@+1B-j#YbDBEiD5`-)dwEh298vU7Ab58bz4`S%w* zmt2Z1g@(y0wdN2wY1Mo*Hqck{D5ys>;d| zb&iG$WjRAS(LvI?0+x)`M)p>N&Q|+_-P`Y(miny$-XS5FdXwb(CIz>*uX1@C&t0z~ zvL8ox3AYn!gr+umz zbMi)djw^tomS7+{{hlAdwFoAG=fTc1@MOX5vokkgXHbR5DMZXZ|a*D(d*zgO>-r)i3ibk4?zt#k%LZaw#^V^&dB*QX)m$sU8D4&fs&9SrbDc<&CWLoNw?b++x>RMcg7tku!iY3 z=xMA}_CbXH!)Mh;DnpF+^n(Hzao2x)^ifT1=VWiNb;f_>wcT z^lqQva^&iKOtVhNFEQUlX-5!(RK8q6hS6+!Nnf1HR7;tsIUdj?HZeSV_v!BKVD*{_ zJVqwVs+WUou&%DI5TnJeNmgZa=ag?XfnITQ&smMapuCm*SDa9M4qQ(aJ8l>wWt3BSJUa94%R|f2!ah9l{pO5OI|#^;J5u3ywx$i5BB$CE9TL z79KLP4DzrF!h-ht3wyPoAOTPgMuZpq;B~8YU}PdY2N~WAT8>j#XhjE?5|{|5E>6%A z?HK)tnQTsOr}M6ma6IO6Wo1q|+`fe*v4026E4BcL_IgNc4d1hltTi>Y5wqpOgVNkJ zRnpwL&eU(9XhB>j+#Gdu=v%A7v@DGS;)J^g&au|1s<}jb*$xI3rTeZaimBr|k_B@h zwsw3!LumnDUnMD%^x9ccI>-KY)+GOi7)3HH<_pQsbW_AQXyY$OyB6pC8y>8|Q1g32 z_XpyKa z;1x_a8Ep+_{yD(bqzg!ExSiEZ{}}HQhxm<$sFB@zaH1^xaNbrajFzI^vGyT}g(Vq< z|A+&i=!*c{gNzJJ=q2-oe2-mk4VwiHQV%WMA68pC?fld)vdu9DGy)_}_6&zzaad`O z=JhM=8bq*o zbM)0uf*}9EfF7SUB*{e*Hg4OU)C05T9EQC6-t0^yy=Y`|*i-ot$SOYg+4wUp4M^XdQY?^X0cidPt`@dH)Se&C2-TV?cjA2va z*>2yjg&aiRNv*m}#THlwavI|P^F6n8ILv_Nn#?rsH&6)WzccyTZ8P>K~V z5WKj%2bbam_b<;k#u?+h&v~=|Wn|pHa<9GjnsZ%~2S|CK1~bd-TpTVF1bG(}v)s3HTu4~u3~Eb@(kiN9`on#f^V0LfQS$1M z78Cj4NM^lBo98^2GvuPx&+U+qeCEA7unQ^0|1`{|Z=x!e%6o~EIG&Rz4-tR+tjw=PynTPX+G>4p7^gKMiADudih0?c4TH6Yia@PJf@BdjVL3YxLiYd)( zcJZkYY+Hx44z0PW5I6sH$!a?^I$8^@g`KWeiBFLi0rx5`2jY^uyBzu#059pr-ceYn zJjbj5+Rj>M=D(e93U=OD3u^A)Q?b!EkDIjqK)^;3B~TTg>27Q1@oQT$bnBLvj=*j{ z>%b}PEW6&FBg0uXB0Xnu{N%*F&3?gbBwio*vJ~_@7%RTZ$IG*4i}yf+NbXq$)c>4o zmGh&RBSlOT@hX^ki64m`xyk&qsg%Hb-L1&@7}J0+v3hhq8-9`7j(79H;e$-;2c$fN zM+HSV+%mw>K5%t=3@bO9j8p4B%GJ?(h>5Ttj(<~x&CBx77DRf+J(fNBoi_%hVkDbY zQ?5w(Zfxlf?&-H;D2k(r*&?G(BpDe2Uraywn^S!n8zPxB5!vS!tP^|V@L>mKBWs&E zjeUr1zvQEV1G}ktKv(Ad-L@KcU>=`cQcl$92h^bdXU})J)5y;lzx(7!E?wLuDT^Q` zp|0)qFR2wR$d|S0%`OKn)Ac!e}8`jp__OSt%xH-UWF4A-yDd{xO0QWiKDl z-;2^mk3phUivGcX7Fh)+V6aw)p4zI^cvk*FIKVcJRG_EH^6`UBff6w;c-nvrMh;KN7e=l9zsxO3Ts3z2XH-eMrg7R4<)g!NF zgko8uFTc7e{{u@gvh1^Por5sgQgAmZXXRCY>iMz0(NL{f5b}8hvhcg(Xzp_WzrqI# zH&j8J-g@c{qp3iJkL4&;ACb&mN~-NGd}`Vq9CMmKI|iD3cLD)r{-TAR%(L94!4Z1qK=IAHw;#z zJ&)0RkgPIZETf871Qc5@XI6-MLQP`bBc>qKDmSU=GFUiN%tkL%eBCczl-8&f-!w^gIK;Fwv=+WRFrhRu1nkfIAYmjG3aF#+cpWm2L`Df$A;AvGi7#UD?Q zOTdLR+-I52(T9ndZU>$5Ow~=tExIuqhW@VA-v5rBP`0cd{1a2VRGgPQ0r^EDq>(x0P3LTNH*x1a??g;}yNPS&NWvX8B z9mNI}m0Yk9L*Nk`G_;xxDX{9Tnb}up*y-nB#Q$Hg@qWBDe(jdVVkr?jKl8nCOaq1g zy!>YD6aVhF38xM0v%fJ6)Fh>T7BMN$NS zZ8RVb4&>0T`(q5rbG+xAX^I0pi!!_laIz1%k{*(SEppw8WeUax`@x0L63AOA-#rI8 z19G{@tT19E?kBJrFm=kRG`Vq7jBTjMr1tzI)nK2<>WF30tTy~)2A zi?RNsv1&azK?Ehswdo$ZU{}C6>#4YVwQbyd=+#ArP43By?`xikZf77$wj|E*Ui<@u zp45Uut@{4z?R;W{|~D#kUB) zn>Q&~UD7E--oMSuV+iKfrQMVAD6*_!#pl~YM@UcFUvN!W z=0e@W6_Hx8E#@tdSNpi|`n?D1d?pELyGd^67w5+oay^9m z#>Xt@c3R6A|7J}-ea?KV$a(fbCZ1^JtHh^Av3Ztvxx=ZOa*10WGX^tDg{%NZw{^Nk zbowf)B%ufXLBY#)3R2@(JatrsvBkuqdkP;ax+Rr`MH!m-mO`)0!v$%_K3;LH1}w`) zS&Ub1ubVxrzq`y2k|=h}7hjqIV-}+o z;F0qNQYu@BxhidE0u^*W(|uHN$XA`}sJ$EJk2Jbmwc)a~JFXOA5F0uBW{Wu3*VqwTp%iwD6 zKM0a>@mD&p)1|T&4S8y|^D7&mm6@weUO@1W;BK>B&SB};ut!nW+S$jZ5_pSb{lKs} zL9agT?_$w!0gz$adshJg2dcZnzuRis2JQUR4thW1#TshuL-**h&_4%&Mr?hK7cCtF z{f=_Vo7#rn1A_~=_H`!aS{+9Rr<#-q>pDKx@fhaU{<2)p7@+7K7a@z*7CTapq1_wH za=6N5EJBQl0Tlam+D_5M;uw71K#~~!lTqwoa^Ur6AegE$&&V!T{g==;Kzw~4uQ?Y4 zBfhtDkjy`>mj7Q5^#+H3EFOVe9k_Ex5pzivA+|J|(NfbYF_`S>;7vs_a2W4l`_Bl2`ca3*(vL@E1FXR0;^{i`C9zK{!9T?!N z-w=tD0089C0K5aSp)?%IL;U`CE?!F|dOv#XU^|L?bH7cfT^))64zyt?2wmZqnJ9{Q zp`YHdXxsr2kuZm;hc`oFZdt%WGm2)PN^J`vI}y0lDzwy4ygPLUu9Og@t%PuIr0BAE zu@nT__V&nE3Rglf7cgkjyBdAd=g*$tecU6i_c*nYT`6XMNR4_W7u&F&n5iAfR=C-g z5veV;f8u7UXhZ}KBfvWuumKpH!X@0VK(2I8>j^(GZB|qaJ)Y6l_}i5x8BpJ#W9%FD zB!y-rz~Y4{nP7AfR>ⅅRa1)8f+z^c_{iphh29%gZPf8|ITf2FoJI~LtWH4WiN&{ zMzq)lMAuF&um007p&$QsZ}4kt>N6k&9sso4Jy}~gs@|L+_)onQne49B zr;pba{U=!cX}TkXRssijfb2Ev7 zYWEi%zGO%A7u2RJ#tT;+9SG*b=%7{w0HcJGVVkG$Wo|uAdGUUP#5C;^;;*ra4$5G! z4dz3~TZVVkk61MLd6#h?EXJ?DZWDETXL}Lxd62k>UvzDc5G zL~~0(R5!l0hAJCE9*H;LT=NwdAVsQ}WPO1xyzy_em6Dsx0L%K46KQ$E4cMKjyA(acE*^5;+pBTRul`J>9Z}nEi)U!%E)1#lRpjUPBg4Yhz�Db#PlxxfIh+xXuu+;_{SF5a3#%ldZCFeZ zSJ0Hqqz6Pci14gm)U*AxbQ>$79X;UXONSeO@k{nQmdzaV6{9~T#0enrH)h`;0z_HJl)g1GpI`K0Hg6p3^DQ zDMyI?rdfNKCH>0DGWhKqdgkQ3OVB~{`G%8ZzMIPB#LK+Dnh#IjoFIT=7!%Ua?0e>F zS_OaFzQI8xet?}thtFD(c8v#ijp@7?6fsSm>IA1V;^;$dd~x~y0n0EOLe0Y<==_UE z%l3a>?-=BB8YJW8cjf@ZqA}mJszzo=)T%blBLn>$0d?`MEDZm%JQldISb08+;$&Oj zH6f{7qXM}T(SC|Lm1dT?V&jd8*iaemUM_Tj8DRXb#su(t!@zH-FMT+&c2*P?AMr&H zf4<4I6zQYj%E@PT`%S7RNv@N{hTi8}rL48cYOqJgynSo1>*~^ z8nbgTa%VVy(wL7`vG~@dym9VI`*bq%Ex4;<7cc$-A=niqA)S(G5C<3EGMbwz)CXCD zC(wax$o`r6${?~UfQMn=(S;JqydCbP1Ea5iIX_z&PcM*kf-D~hP0?vH1d6v!QtOU` zVRIU2!M9Srf$*UM05dCo&Hp53(jk*Y19iq&$SY>`Rg1d<)xq)X^;>B=0@O$T;ERIT z9-4a#-Tg}XJ0ly-zDQJJohf|r_sMFX#*ekt30uNbPLgwc z2pkjjE4Pr|X-TI$Y1}XIrBb?a&6O>Ee?=y28##8%G9eBpAE(bBi;gFXc^>CTT@xXy zRXhxj?9cq*kuqqyIiBvrsOh+oaf%D=szqpMZ!NQJADR-2Ba#P>-OkHBAWq1+ysLJ= zgdR0FHT!GMVPh}k+OMy3W6>y);JFB#_Tq@q%r<3==ZI@So4u!+E0X?&Zf8H9(l0+4 zxT1JXk24w`h8BeG>29_k-ll1NsP4AGjAao=%DU`Px#x0~>KGNZi0#vm0=Ex=y;$2c zaN}Q-?2<3Gu5(${bG$0nBWC$U*N^H$^=ApwAr8K|g==y^7h|Jrvb+k=Ud(463WZW; zr~l1vEBhZ91JN#gToQh-{`I>Rdstj-r}sM0nuI_WgW? z#54aNj&xE#(|>bh`6&OB<>B5C&v?d+oHSgva~=4ZIQjqn6@?68q}!w9ENSgKxnKr0 zrkZ#{7)6w$nC3&%`<19MI!MZDyCV7Cysf@@SIw4#m$h3deDYRD-FZeA4q#4ae5{-P<8-L*#w6|IK|79QhzcmVVK@6la1xQ*l3bG%p@J-gL%yFX=UtBG=DTet0 z?th=T;M`d)bsArQAo84L2C6E89WZlYbM##bR>bm+Evjnv4|u~PQ5s%f zxGs+o33N4${esK-+Xh31bcr`$Yega0kOiM+Tka-l5s>A z`q$cBk?&pFYiOolitW^U`bM)-fahj>az8sc(O|~L z#+7cHo-J=V41bK$*W}KB;XN1#7N}bJqpN1H!$0;3%V6-)A$!`Z~)CnJ4};hHKN#$Ey(#I=^vtr zrcCe2J3-QI|>kbX`0qi^4zK4dUl!!Lq?R({qf&Yw7Z_Bejq_Fgneukf{Nu-u$Y{7*iy|dh zmh$jC3Ezkq?a1wc^33gsR)(4T#L}-{K6X@)QGhYjCoGsP9HlGXu>G0cxQ>SAQ%Agi=zB_~n}tr(}pI8F^@Yh8G~MaXyVEZH5vV zYyFmU`<)D(bZUbq!K03k)BPm38%15gu)E;W8aCODskda0N`j7G9T^D*;wWwWqhpGj zJ~sMT+;Vo7RE-fx%FS2RH|~$yhs!Gp{WOfQKaxZ@gJYNt9`QbYR9bCvTru9i8gHd{ z+6C!8ci5B8R<(?USsd4761O~Nl-~GM`ud2C<-S&BmfGjo!^x-e)Xs~)B`v2_jiRN^ zqpC`a$}@2j zZap&mKL;Cy;Qo9GV;=#OR7+Ag?wFgLeGm?oIqGmfN;e@6ZU#&I`}eQ97%l>7QE``W zi&YvnJM9W6T6j%}dMO#Sj}v-95LpiAD$+%+Q)Y}UG=dSNS*|lH0Ak~J+|ok=_Qhbv zfb6j>@d+?tmpSx;nuaF`EbL8P$hU0*i2SK^_j}vN5kVHM8&pLY&o`pS?&Y}L;F=@s z$+PSG2Q`wDjjaMuh~VIb*1)6WJC{?}A~%H(tE`NV9}vah-`d>ltEq8NYPP#%LLBk4 zxoO&eD}PNZemEd%XSwKwA<=wuBJ#(P$CNuzaq|5+s;l~V527)1p4O*7I3*Ds8$LW@ z!WP{z#Xl7Ypv*I&{@9IX%ix8e%{tI+j&s03Y)ZD%+cVD;i20(1Zqt~zKqMu_iZbXw zYHF(|I7u%dgu(G!Oz)$qoTp(Y_xKm~wF4er9yTka45_!IBEQ%kk{cY$ zg|mc>t&?gH#tV|ZqjlxSJ?&g_%h@W|Vh!`YsZ$o4O$2S`@jEQ&llz!9_-7nJ8?)N! zvF*6?yAgvOa{JU@3Bl=2&Rhf&8~-%g*qMFe3`6}M!dj5e%UV|#yd2+`E_MV&kYf4Y zn{^zvdYx@H4TJNO_p;vbeETLlhlJUN^!2?MtuqchNnpslU~FJkkd=3~{ozS3#|$Az zuiB7N>0>8%Jsp?E%;3+c~Xe!q!qvj()i5TWaF;n*n)x?pjqYCrvsZtEyB&3J|YDJA3_W zmGVoAN2V{-!Y=Z5m?s&$>~fFhczbsoHo%fF_S20$jvw%DNg%d`$-MEsJu}5_goYJM zZ#=!oNr$q>=z?#vS`D-*m%JD<{UYvnhG4Gaaq`Mle9Lo1`hzqaS`rzlfLiO-2mPe1 zrFF%~B`TI|1DiPOBT<^Q{S;k$%lVNY(KK8*%;GcH;xkJxHyHfVndhh;7=|9sezXOPaNPc(y+o>f%` zZsXlV+|2N7sl=_=eQ+89!1$+hA!a^X&fCyExB`mo{_{1s&;sEDHD+z&ma#-BXR$#GaQiU*$Q4SHE|d(n+k32v5Z&)`afUJm z=>Bli+-akf&fXO9dhy%3xY-TgXFDyH>Qiebm<3!xvcqO^$y4Tn03t!3m|%iF6_HEJ*xc zq(5@y1L9BP;c+C4I4^HtB=%NkosUhTcg^xu zYI%X4wnk%KkKaEYm0zBR47H)l?AE92(o&m4hc`xF4kg9-V=M*t~VPPP5bX6y) zGqXINN%aLVEB9L61*Oiyko75wZ!b^lCPD7F)X&B68-_b3 zUGRGiJv{WSBfKTuO)Hu%@!S5}qVxm7)+i^$l*_;wFXvi#&Gc@m|2+14-_(14#B#KX zkk)^m)Mn*(K`)00^UBM^#xsn`;n;^NDj=X?9(}98pgt|LdBG=d!0O<%b#yWEI<0BC zd6XCqrkbg!PEC_a80Mx4W)Pm_v4GFF7Tx|Dsm7(%UaxL@A)jwnb8g!VCqE84y=%O( ztgoq$QH)G2Pi9^osp;4)9!-fCuXD-~E+0=6v0pky9%4EAb{+?XaIdMInlS!E@K{#!S4v6o$)b>CnFIUN|Ae%~wrzYO zr4Xn!dwtN$ycMrCdp^|TVfURoZQJJ*v0g-5?|fgQ_FxVXy}rWqTwa_xc@zv9kUPq0 zr@Wucy|yNgu|(I``_W5!dqC>|INJ$Ml!fzDPwJF7>#ax9mS@yNEpR|rI1Wp7C1Y)t z)iFa&4;^t$MOmv8^_7aFyso6j+mWA>mzn0|u&GO)PrvwGHxi#@KE75%422M4R`o;v z#0zT*!pz(0oDUVnC7ayL_~ID{ji~KVZ(*P_nVd!K+PLtW zS_dLGnHQM{*XjnN@)gnFzlohde@`)b3cceKB zsyON*<(AF+$xVmZjCDoL3RopnQxt|*-1CcywGKvoal=c4MsTO{-W;l|-hk(`+U*lKgITkmb2Lom#9uc1d*1iBi-5ff?b~p= z?+GKHg2StJ#^xYCZbpsvsff1VGq7kMW8bf!%mts7CLSEe#b#&m;D`3r?G}Z5!g6fy z&yAXXY1SNWfcP`8Gi`tnI*kKF4S^XG14eQ183e48JedDw()$jnlBXI0prxtls5132 zwpWS^;GEz~cgJnNAqLRLU!aXrFlxem(D%VG5A$cJc_72dk`)GS0P%rW2zLnBMdJP_ zXdp6zYZUfsEj>pB<@D1g$F7NMn-dp26@eVN|%fy%% zD$Vxa&`o4h%UxiplB~bS>FiP+pVuFRi2m;BWA>w84l!@s$Bqic`a+sb3|k}q_Q`5mM>>{)eP8t#Js+&PpJx7 z|HOKe>7yNrcC1oqclV^j*md{Iq#~|y>dBC?^E=wFPt;il6jY|Tv`e3nXQpZEqN8)Ysu^O@cu5ToJSHOn=i1#R%#$5S#DLt$$SjkB%nW&Z zW=5YJebmT=U_;j&{*nx|_IZxv9Cr(d;N-GF@r^^>#RY~%avNwNmhtDzWI=C0?6d8% zJZDkm>X)O*>UILj%Bt0g%*Hmc01dyMGx;VY8dL|{Y9%~Y15IPAFqkr9t#eO8xcbfR z_XfZPQF6pZ2jZt6*9jhYl$P=R%ii1s!m*opM`NB<<;OL2bR6Fy>Ux)~3uve&MwV%W zeh5!X^wXuDJaksiED5zV(Dq7MMnf}_$4VlS!{5#aYZdXaWc>ZH5VB@_YhD{w zFCQ9uwDDN-5##2c)PMO}e>8t;sUe2n158nT6%P(;EmiBMiqt%$V?0T7RzK9H(T%Bd zMea8mrt4$U>Rw{Ph-3@H{BETei3s27w;n2I(b$mNbBzXui1J6ZVAiF<1a(p#ABOjt zVw3&VdQ6i76y@4Hb&H?fAbL*u_bxM^NzLt`in`jlz|=OA$J-lHQm3mw?93zd`u-n0 z>eA;L6bS@pi;q3+k_wjlbJGJ@AJ^4p1yfQBJPFfN7Cldb|BNpRY2J!lQPx?+YyNB( zbwE4&PX_URoB5Q%8~WwxlrgWd4C4sD)3+=YEg3e`rJ+u9dp(MuWoG$uG>#6TVH?b8p%`eYt=dj_Op^G|D zHj{FO)qbu|Q!Jr=1S$~e-Cs-#4xuw1gl@NI4?z|}k2*xV3fW1qtMd@g7q~A> zPyXY_?`!O8VqIhstxa@(L08W!$E7PB&dmX5kMDxOhynnxTJ$Qy5Bg3Ix?VtU!U$HP zVUCCwJU#^uitBvtbw24oa)Mv5TZQc8mH_c;;?HVFOGUXJNj7}mP#rx}j`+iYunt}o~B0L(NGEm~~$ z2o1NDG}fyWuqS`4MkS?{&)EZJkP;j0+eg4d zY#>NV_e$z?3&FpY;KS9-QHKo;v3dqy5rI=&JAO6%4g5M1zw>@|;Y>c>EP?n0On?F( zk|5R9nK1L|)47S4r*?fN@rSYQ98LssZw6%X`4mPt$9o`g35>H3jKof!20irVfkvGI zUoiY&dGVO5RloC~H|z7dC@cV}l6S8y`+0b*nzn+0+eY&R(x`KtzrbgjbK62$ZRXW$ zG$v>BRc%K;uCBGBH+SMPze^O>+Z4{qRxH&(_RNEr1QYKg!_#<>x?Of!9XdC`Pj%KK z#!MS(2%#`1G4mjO=Sgdc>og3aaf%LAaKJvNXaEJb?m{_Necf9)y|<5y?~7Hv4O~~K zN?uun?HZ^;rCAzP#(wX%jDT?ZPr5(Wic#w6KqF$c-bF_#uvORQa;w5wnY9#0M2^-} z-M04U`C4B_f7I$$`SP>r+S-`C%CPV`O)5AnjisffRX3h$H3n2YpKPM~S6Nb4wiQ(e zDEZzkpq|yA1)ZT9MhJ^2##s!E)IhA@AV5{Lfd}{BR=6-xK74Zu%i;woXj{xhsfy8^ zK5NpZmfYj`>GiNb240i*6v(pb3!|uEgKbBABQ|C0pZ7XRF>fYo1?UnlWqqBrcd$CB z8?>Y5iaHO1lfVCB_L~x>s}C5P@`yCT_YKBQxN{7-`7RxSRiDT+Twd+Dy{j4;Zj-D!}))mY2|{P&H?H`PE6UIPUi3_2tg*AN;i6 zytJM6{dWL7831BJan$p{pn+xPboz3w?fTr~h5FTZl~ZURIL2Fc?>1W1a5lca<^*Sa zw=Y{ZexwdLmS^te$(TE)`N|)@BTe)&LCC3As6UL<1%x? z`Od&(eDu#IdpB1dtf_xMfS(Y$j{wl2o02mbM(!wyI;MrJ`<=C0YB8zRahkNUj;@v8 z%o{m>n2bpOdv|fRe7wY)^Pz|Sjxj8$8|9xH)^)uDKa+7CIawYsqGhL zXjv}678&_|zCzELe6p-F#2#LURJl9u_l|&Zhs!>6IpVoOCYw>|n2`_K9=;3c))3kA z(Lb*>w}12$3=K00YzA{ZL$CVqB~)Y7x&)-C=>$N02h9*7A>dKkuu*dXpnb1NYO{cr zCi=VX5COvk;QSoP;J0~`HHQ&94M-8-XzBC7AjFc(_Q`f>TDCPpJ*jb3y4Z2Wooz-x z@BOoMdkw+w?7h?-ufsYk*V2d*6^dlD)$jCY*a~yrScSK^7!3V;*gm`nKY4JDfn01; zerq8Efz^WxS|v4;L1|SQ0>g~BE@@U(Kz#zr>>D1-f76WEtJ3pv30~rt%1Oga#;0&^5~q1b zJBS;#Eq$>om{}<5F{LMHYb@sdKx6^^i43XDXpYE0t~bmTXWQp=X}EExrT` z2KlzdQMFq@A*8}?f#nZv8C_4hx_`cgkz?UK)R!n&g8s}aywY-=k4p_)OpDzG5RUD~ zOnv7F{km47md#35Qx0*~ZS${7`~iCUH7^f&uO@oUM_uIHanTy@vG;+F+8wU|)8b-E zo^0LF?VJI$e|$+K_rMrG8H`7?-4Q!@_7=k#ll5jxiR;c4NqVQM!+y-(En3pnvr4JNM?uw-xquJX?W-GIvPJjO%tGLHlwWHl)8W?NV z_1}v6jJT~z<4g0y#Pp;1nN@4WT*7#oZL=R6KbmZcRWl!Q_(_6-(2<`9>4Pr0`(!M^ zNaBviq)rfCI~Y>cRPF7#p0N#cKNT_0zv18)g^mA8Wji_Xg4WHbiOk&gPmBOCoNdPG_w|Wy#8h^kS7iDb z;3ck_U}!?@w&A9Pe6_+S^yXKkO?i2F?(5Y*>JjezsyDO31}xjdzv#9NBI5rN&asiP zjb`XHifQhN{PU5D&^qX=&ROso&q}q)#Uv)BeWhfPoH|e|2F^O%02;Vs=F_WvRqy~T~c&+K`>CTXcIzJC7{7xD$ zn^rE3_jkZX`~5N-EcD=XKU0!PQ_Kh7lPo{xfy1PA@#VI;6YrUUS?O@PpSbO=5BNtSabE4Zm(UAl$# zBpPYN4#b&={$;YvJqO2#K(GbBOp<;X@c*j+;#Q?hQJv7If~3zp zqGexl^|Igvb-EREsfiETNv}E2+8*dU>c{CVSzrJkD&tj?%T&(@y6ul$;|`y7zUCe+ zvE=ZMLjY6pamSOO)E|W{;6Xse@y$w*)9tYIcNT<`W$VR(dYeId`)}mV6kKYoS3mB< zxbwYlKT*I7jf%xrYVQpyQnxFZdhwVHU2eVtAe7LlfV*&%dQ^}k2*ioAp~s&t!IbCI zzl4Elwhl*epYHz(Om zgv6X{;{CMMsHVTNy2@@=MuHe)FrWXo_HoX>vAN7Tg@G>aJUg*Kfl!JP|A#<=n0(+r zL(t>)(zro~H!i*>)z^QyZLbqdgZkfEdB>p{Pr;Ba<`2O$`*$5;9q7a&vbhnse~I4t zP0!+3|NPyTxu@@*=aqyT^rtP{k9k4YYCAe6#Rck2LwFA7r{2gV>LQSRos2 z#q8_TYHH#mVBbDEZny=F2~{5;!KjN@AB~YIH1~fOk|*7Jc9J0zb8X?wAs3If@{~KD zN`$d4?!SnJ^Ev?ves2!n0wd%)FPobmR|7idBSyn8zmyb8oU_X(v(IMs8c!IC$!pL= z9`-=b8h9tt_H8jq)2vnoVBtC6B$J0p-hV14&#ZMeckEGD?78|1BSiS-Z;;MCX$ys9 zKtlJI%+A`3_7OXe7yPb|PaZLDa=F@Jg=?;lTQ;|EW zbN#wysqlT_>2~uqYMr(!v%b8(JGSe2zdJk#G*qZ$Aa`?=opt+!Q7Ets+(pZQ+*1!Y zs+2y%K&d@1D&@UG@%!*(iV4_lrzlNtqM$$L$x>1JzU(ZxQxul)tZ3Tn|CysSu5w8} z@O#WW$;dH1&Bem-j9QtibI%k#eR*6=f70!)`=e%wTN`^GY&S>$uBjeGXw!(apKy82he&)C^4g@OS)2%spi88 z5|Rh6spj0TLVJ+em@dXBx!2T(-ee%Ia|;CLLN`Bm4oP3b3qYkw-(?nhSh4XKud}~%U8?_ztD96DPer4 zJuI!fnmEdHo>0O+`-;#+R)AqS_lL3RPIupTmSbKX+0V>3CpAKwUj@!;f zUD$-Bwz4JRLpC_lE%lAYYeL#2nbmzYPsU-G+^G;^l(bh!?pXzj;6N~?%$ zf`al^=GBAogn3+IvlO?XdvsFsyyCcp$!_tqsEQ7A&7pXxR$Q#Co@f5mHa0d(m=iA} z_Kf_siFBn1D-)@xyi*8hU6Mq)oTW$sgU66-G2P)g}3qT#m>B|ys^ne)oM`b8QMtEJLKr?Lb1Xjw3 zD)@6ht`_0avmIhuNEDjHT7}}zX>A)^TWimB$h-+zq@RKwakdY~Mv|-uk!@GjR0=V` zm_p_Z5xK<9q{5;^M-*uwJ1y}r8c`|X8wQD=R{dD}hdgLMg5H1JRQ9|2bbXk5>NA{8 z_G(&!aVuMA{)IcHaKFd_^^(hS6}95!VY#q&gs6I%7xV!|KGU3OViL7RbjrFOAlD-ADMWz041Xz$g4bfW!Us zbICTR7d-~VJdqwHVm7Qks{HKqfv`%Y?U1a7%alu05+0#so0?YolBf|0%de_*ZHR{4 z$KY*l^+m7hM;(x5SueiVf<950^@x&C;V*#$9Gsk*#)-ynp9h(F#+B1)t+>K`0;LlH ztNF#2Hl%W%H@9*{`>B%L$`?nDK)s%Vqk2NEy@_({~bY7pP?lh@1Os5Q1D&>#41iuV=syPmC z^mP_(!Quom!XExxQ2amg;;{j+O+7;Nm8u#AodORZ@C3kG(l>P~2S)o2i)=12=l<59 zk7z45xFTWv6HgAiD=sn)9wV5q>rEHKATGG7xR~Jf5XYOZu|V0W8VC9EABn%uLi#Lmvom z@QmI~Oh)}ebwqKY;62n<();npp}NBqE?+$g#Q^Sc6$XJ|eA4g+XM7i2Y;@sC6z{Pg zF<_0}_j7((>b1j`?&w)L(QW(h&^L4UL zd=e}Y4-{V&1<`-UUYW1k2kxw?kf>Wp)}MP$WOoi;e~xw!tZ=7(=1M_5G4!cVpfU71 z40kWkMj=Fo3D~b0ZYG`mnF+kTT=!N`2F!d;V*YB>>RujlJc{>Hd4-Ofb+*sC!&C6# zLhjol@PJ91&$nMR#e_X)Kdf6`d7dEmexdnw-0Ag#Yt11DE=j$_m2Ic6CWEeosp7L2 zB0A#9y;>wLJx*zrp&TClv=(CYCQzqKe(I9p5O#yh-v5l97gRoe@9H>V7Oxk7+6&r6 zm{YJBn4EhD!gcF%QyxSOS7XJ-x_Zt}r zi0dE39+|(3ThN*RKIh|;>ZYS3_|2ZK=vSZN_K%>4tA94@ubV+Sax?1Mh@{&2%#}jk zCwRG3I6ZgS+A%tY!;wcYwi;JU=6T6^o$;zYG0nbfx05-=Y%;U|^&vme z+&58W53_X)cO)PcESou2L-p~-vKC zR&w*Bnb#zF+4bnp#>VZtWOPvA}y6 zZ0&8AwI}xbIB0g$FcsLexE~Ibo$iW6vt(FSF@-lKs4P&6;_K>o%mmAnnrW|im%V;p zlMiciohZ!>G_aZ7nhBg@&>ue*4-xE6Wf%F>70{u|xG_!yFl#n+5bzRQ-a@CIebrb7>!_WaPZf*(plW3HiLh;y( z)f@lQo&Vp~bAm*u>hVCxW+F|nG$X=>a~C=|#}Jq_K_G$rpc1?wmrd|VxVHiIzF@faz+#@rmqvV19PLOq6>^TcaKXSEM@5OF|}Ugh9*!W5z! z*5g23|) z+MB_3>ZEE_H!j9VD+%w1GRpx~n1ub-bJWYsK!psNG~rG(i!IkVxn>M*9<}mQ7tJJ( zd)j#)oqtPweb`h@3lAYFBi$FcW(#dzS~76ru2VPFrA(23eR+250uz`B-d9yzUHOcu z?dSLv5V*{SJ*cKIzn7!OW*f3JVHO&w?>Jt%%qA0LZ&fhvvDZyNPb zZH?*fUeSMue>B??aeX2E;=#WXQ_%0s3w)nQlin)}Xqk#b3d5Y{}q&>b?xu%{OHri-Pbx{y2D z?Z&{#DzsL$HPYzD8@Gm{4;*(h6^O5;(twk?$y=WA8INW5 z&i}$A1)n9{lv~Jg`EfJE{KnajD%zRlF=EKx4=?Z!SDVzAioQbTV=uX`>Q9%nI$mG= zZjL*1-4P|{`EQt1Qsu*Lg8jvApQ3l#v$q~GcE(mE?)H|J(~BMx*1TC3=0vDEx!6Ma z+!{gXF!KtjQA}o5X}Cz*OwbB%Nq2Cv=xDDL zy&&-+G0PV=|8bYrBcY}pzy;a(w7y@r_vsuiUfv^4SnYhZV!lB?#5XrUB$C{Ri%1Pe}aw*oB^tS!ae zgS$(C;O@bK1?S`$-+6z0=REJokBsd6*?X@&_FC({uQ?|h^5w19`>5Sfh9m@S>b_E# z?Ekk#`9Ht=BQc9>HJ!bFJq=$|J@;_vYf}Y~e48j%Q;U1{xsS`Q&(p%YFh*Z=$}F~)wB@z zu*k^mdkZ;1DDFVW9g{RT?GEkiG~AgbIRZ2@^z7^Nw=~2gP)WezsXP{@(@JTW8Mt>w zOZ1$V>G1=YTjm-?8f6*UI6n&@MW&(P;1#F1M+IJ@>|O}>!N`$Ly+?pA%wYjG2zInV`$F}ael*Uy;} z&+$GOE^diFW}mAvGvRjnmwG4NGD(C6?h*Gfo&2Ku9$Nv5L*P4hi9iim#`Apc*_i5< zf;EGzp%A7hrle+1_z`mmCGU?TfcW^UD=Hqqx5RF9tbvO!HPSFNO1N6ZhjLTy6Lz#P zk>ZomOiDkhCjfy<+B<~;Wx}nd*BxiuVEytc+)9F<)7rld_s`JfPgr6p6R7(aTW1G; z2$|_5x@ZG$8XHo9j>r##SP$|@SmbwWb2(zPQJ(i7Y0;Kww~`WeU#w^jMBRZI9(oe3 zTLZN9=QQ0Zj6f%;=@v)71hFW;hcJw%y7rPi`N{9T7CZG5H0;Fq+4SuuER@qWZ_F?B zH2+DknM=1-GV*I5Sq%8ws<=9-c8zGUSdUpbz>5?_I!?mQ%qKDfk6!5mVR%H5<$#3@ zdOF)p23*}@*evO!4}>bFMb(Unn}oY^-ux)!Js_`;KuGycfLRn6eK+3a1Qy9Uw&EOZ z%?_?GoJA{;gASFA=9Se`tVoq9MlMG)#nOrPcnzOdQW31@B|uMCe)+R4j0T|5zrj|6 zzZUqVnuALSHFmNUe%|+e+@}Zft!C3`xUo-oAh9kMxcD-I;2f_RXHw&4Amh%_NyLBU z*ClensXRT;=s;`PHqIA`vi`0UGq0lAh2v9igblM(BDrdurDIY%{zK>V0$+9Y{+$^f>6E|Ev{F*Gn zJ3qQ5aL0Iw0l4ERz$SE5Vn&-C)%BTGTXj`A*`(;PEGXC#RxbS;qfV)E{9Rj8mN?H3 zF4e?S1cMNN2(qU~V!5tPfS3CnW@Nr~i5_is494|xdriJkbjRB4834afpCpVA`bm}V&cl7=LiV*8==69{i3#$(g3=q2yGgP6+szrGd|Q(w`6n{w`TQ!Uv6b&kucWi70RZ0Hy? zF$I0%h)%mK3sjlx@q=efez5|k-(?nfvV2&8@UUE5kC|m_tVu=PsqV=r(&9>6F0oRU z_upc35eJP54^Tez;K#^x8nUz{fP+CT%tDO`FShm9J0y|sWIFgBsF3(b`8k`lE_?IZ zgtNx@FR-LSV(!N{_;k8`qrj}yf@xkeD}L9OP~f{ z>M0^pj~LusJZcP&WY}%_i)84zM~q>f(-@4)&+U6&tjad@J^B0 z;9i-GkZ34w#8n?)C)40ASc<2^Q zN>dV@2*2Qa{T6By`WG*=t9r6VWB|msy5PHNi>*Uj$Qw~87tc$9mm%#@+$0@QQ#d&x znDJk5bKxkasrgQDTIT<%4O<4XRpN`xGhRt%b&;CKRP$X`N!Lb zZz1-re$PFZv~LnyT<7Y0>`CDaWU!*M;~zk~Wa#tVM#^UpCZPe92ecXQh#&b{fa?Kb zu(uR*XX|tGx>I|Uy(xw-(FQxP1@1H5ev!_3Yx2Y%PblLuuWR)ae}`+!cI&eGO^?7Y zX`Al>tdlOW+&8l6hO>5=Vs7H>Pp6|iVtvk}K7}>dT-@>NP>=@g zs@_v@E@+u;f)nnz1ll5QlUy{qddGWDqRtik_@Io2xJ*xm>8%N=(h#R#*S8PRE zz~h$po4KLNt1-XkS*>&ie#GOxJ{XB%BX{+%vR%wj}NRUrIF$fGV*p(m@yR!0Tp3$#l5 zQMW7z>Zf(C>lE>N03#EuX{(`E-P~$R!Z`xa=#Lh&FKv?qFll zIL%UpYF(xh2Hw;N_cDo5TFbEoXhZw#J2(Pj0u#%y!8HoXYIG)8uR9vx$b1+jKc~>qS}vcRS*vvJXEs3IfqL& zAim;U0wE^Di8>=)f2$2S`=7sx95KI&I_h_tge9&_Dz0< z^lyvp;q2ZG;STmslM2~pDs03VSW#hkYAG{nnZ>$1YESnNp-J#HHbB-t_QKVH9I^r- z;}v$VJ;ssrw#=c233RxE?Z@iQSNl8ugWlT653T|RS9z0kbkB>T&UuH4ZM?N5<>L|8 zJLkI|%!mf*@m*kz?_0LOf>oLJkB6+GuW(c`-)!JvODlF5=H$ssfdk3V0@e>)| zV8CpcyZhT9SE6gYNvcBWxQFWoo15iJlOghy!fz1d)Y3S{fp613kHsIE5$(j*C|rNp z3&|YAkW&d&%M((|N6SOclcgCKYk%=6*i35!$2}?A*HgA2NUlK3?2>eaM4Ko*^b_4| zmXL#WfU1U-zxwyS^@owU90|T7h0wHCP^|U~ zbP+8TnN#!7fc2HO-`GPKfQ5tASsSyb)Xx* z_J1GO|8s(LKK~I6Obi3Rdjr^XP&+PqWD#iYJEi3kB+^{=Qm@^=TGNUT>8G)X_IHrd zu5&&*so()}KqXuDX^Kw&-;;Od#%kN1^cZqDDB0q>!L_vNnnMy`vrYN(;DgdG^Z9&# z;C5D}FYR?4NK+zHEVO*dOmZDHC~RmJ2A4v!h2GBdW-@#KMCrRL8&*lbpMxO{6EB7hgFIkQxI|HoY5+Ryf z&Y>ikxX|jKLGIZyJ^RHf8~G=1$KFki--VwGsXIK#rh=@x#pTD`XwJ8 zraG9%F&6ZcH*VrA>VtvlI2$LA55qe(6-fGGx2rmH?DGJ?y0+{cDiE6Z;~R?*D0R)u zv!3))GpBR=@mS+~#vQa0gK?~@V^*`0t0qL7Z2qle{PIK6zobWk2i3P(PgjLwQJcZz zQ8#^H6_^kvsdG=(U6F?W5B%>xDBUMz&wc%reXZM4Wf`W$X0x-lo9g}Mr~YO=l+2yolc&|#x=x=y<+2i*)Yh&nH@B?613q4< z7)PB0;FPOEZF4!bJOWqQlPm6bo&*wCoDHWVZEu+vuo2Cb732NLlY{;NfT+-_xJ$WG zUm+sne1EL&Sk(x$aTSXEZ&l*|91GzImIE-F-h?j^S7HMAXI%_kHu;--e69|U1^4vm^w|DI-*L4SEsTJ^|O2?64%c|Sg{+8eFumtPsMr6Og{0zUKn-zT(%NL ziRn_xA*-w7((0_6Je*f2Uy2&cN!AIJX@1%$^SzI45FD>Ct(&SJY!PbGhi3!E85rlf zdzZJX?vTFAMsD%qMk?#U6tdMQgZK5g)aF}ztmby z%(pX}#kY;92dRa?wf^?nI@Wrw+dHq+SuuYii#~4fK!#H1IE^pUiyAu$yIjA zTF?{KJ399(Rd`ZCh0LDyWQK?*;u+=5itv=<6(q6x-FHf3@)POw;U621*e4CsqR#%y zYD+oC>hOXpTBT&G3WE>k$EYOo6h`n(+q+xy#^QKxS4$N9BkpT{YaJ<{ zAMe2|x?N>X@K-njCPOvLCsQ=4|`u=S)dCKaJZC!Boo%cH|?leM=SiO6oo!e>}p9x*8 zJcE=wUt9X!08hEi{r%+a*y()LrXDBnzeSJA8FVwAY5Nx6{Hc$mCsm(sAlDL){@O6) zl}VP1wG2W8B0)n|ZL`$iFuT+jFTL#HbXlw~y0_JtmYHb-jwS*KJqr%=@(152!zT+G zvO!nitB1^X=Yqbho$(ZHUdoju{LK_(>p`sCnf43k+mH=}oQuUHw&&!x?UuL+9YNSG?rmrj%t z`mIR2xX0RiBktN$3+y-HTPj@UXO_~x$FHF^blaWhQQL_w){uJ&i%pO!wlaE^>E=?R zt97&;JyN)xJz(YGrpKOmX?NW3A>8i>R+vM`0Gv)6REM-q1)*^+=qlxNzceoM*Q4LZ zOZqrha#U&F8s7jK11_3RuLw)?E%!6o#8*+mq+DCqe3k;r`<+)=Y+`*p;PWq2U1!J* zOz^=JPbje8|EWhh_MfOF3jAH+dzf!khlTWIdf3FAx)*To)aBj({YCg?e zPMI^9`C?eQ>dT`-7voUezvG)jb52`K#EAbduE5zb)e8Ofw+|{XS%C&ai-*pT3(hYB z^CyoIRRfJV8=i-c(rxMBLN#5zlZa|UIP~bgzTpn(PCu`Q>bqu_H8u{+rcs!5hsW`1 zI*}kL%gl>h>*u$7FT)9GeGwPTcTBT%vl$=ClIz5xV`KIr?(cz4Gm^b`lCptK<0+|R z0j3Y93~VI-_4DGhY- zIRgd7jwydW=o(rk+;6H44>-7h&kVl-uz=iV4YQre(W9BpB~UCqOiPy+Octib)_fVF zHGP1~W|!q=j}Py4dFi%<+gE@@ux3Ka%3P`Q>4m*J`~o3k@mR5#SyRSej^hP*gs!&KfrQ zaC|8y`6ghz)oXDJ_hgYzws91Th|U(dbZ1|o4toAM>EWlej0eZj(Dnj zR|wfLAL%_y!-9UEfrbsBBnH7%Jy&%8IkLnK>N-T#8(=Doq6=9pjGzX3DfhaW68!A% z#RYBhW3fD>n|xPe9eNmYNtlf)vKV`loJrU$tX0t=JwE5Yh|^9~G0R#9CM-Vm_&x=S z_iM3Ri~8ke*n;P7c6-DAKaP2j0Q8fdlHqdTcn)8y4JYyQoXMsbI{|ZBuhsLQjtNz< zVy;-uJmBzaehEgpWXG~T*BTDB@OW0*3opCLm*6dzdaS9k_i@W3>@lC0o~6&JaS~Ry z%Y4moZ|`VrnMle{CN1Hwrlv2`E3Dt5N84BV>5u?D_;eWXQg=fyOylFdaGGrDn`e@p z;vdbUq9kt#iG44k;Xnlog)=u|m?|(r?8~OIW+}hzz>wcK?W?Zg3F(W#QZLg8@z}HF zgK6bo2!WwBS;iW}1~Xlo}t1STjs z0$n!76jWyRD&w*X9)5#WE~xb+kFl$&(nt6C8jPJvxPr)|A@MAEQrLK-M1~n zzhtx6p`Wdvxy|mOiGf&Q)&_KANf)S68}lsw{@mS zN@zvNlQyFM_Jca*!JQDr9vUva0_B96Ih{u*Xpe)Hs7pkotQBWY!|*ku?>j?}+LI0r zoB}`Mp9_B!djD3_5x%NIK+hjiBz%~oExitQWjwRh{jG74 z-uh8OC7rGljGXx4rZ@)RdRLn<}Z5+xgRcei)qO zl}VZOp5#%WQ&C%)Nv)fL!d3DGXZyK{Nm{HnrLBVKT2^JKK~CSc7G47m2NV z?KA6g9!(3?3Ltu$5v0j2!%n!?$AOY8LIap~GX@&XsMA?lbhcZ^ zTWwKvBEmu|m591Irn#%l_S+XYcKj#0+%E%vTcE5qn`dMH;rI1C+X%GER~DGZJ!)j1_Y$qrAZg|H zE6A@w>2WPxqN(YN*TgFzl8kD!_kTA<&Sry3`=ngsiyC3 zTyq{w?q%S=)sxm1w~r(m*jPVvKb~%?NyT@_5l3K{@Vuf3Dm6$jF9tDI2*{BML{{}+ zk~|ZPR1tu%k~EiK%ESjgNz;m++QNT}ZaVv2&F|v%Xs7kRb@6v`+|BU{*3>aN-_rL# z*sDTMmTVF`-{K~7Hu6MSa0m^x{zKsp3k?m=nu)9Lr(DxpD6f1sSIOt!!Ia~v_yihf z(vqk8(Eb+b70ykS{`Q0Jus|Yk6%-c}SWV2TYPs)gT>#=X=dx%%bWjxL`WDoDWzmEpLLH3i{O0 z-(*U4e)Gc4yHiE2KUxt+7ECd8xMCZADevtM2ZW1mgRcoHM$ETQrX=x)LWn+VLo2{|^*p8c24y-`Tm zR~>q$fU?LbU9kAfrdJXsU`JnRXt%@yb+V`@eiY63xZ8wsd28m6X7ji`d^TNjKKfY5 zMNIRPRlnnL|8Vj9zBg3A<#hFD7SJ72vRiwko0(h&$tp@wt-<+waLqJQs??=DrPSyj z#W5}cz(OaHQ(j!p$Ku~*`qg?|Z{ts4U*p#iC1bTk`T0v0YHFjUibu2WT}e{Lk_<8< z-^(r1ia7C%ckJ+&v>B7tNA^UkX7&HwPS7PqbGk8XbrWr;#ImF zn6&p|P>E)(ye5N&F?A2i$dxM4m}I~1uT90LA2|}M+t`zR85+{|!vl^}5h+K}uIVKS zi^eG&nuoKDPt$z~u-jkY(+r*pkB5(=fnN7gS`>Ojid0BSimkUgV@mvs zY-xa#)QzyG{DK#*qK$n-ox{qI^ox1?JOMj9III7cl_^*U>1FpqUGLOM8pChfRDuF3 z`@uoyrOf9i$~)-5VTyHO85Hw;zHebzSA^nYrHb!;>EwU%BX zLGhxP3q;hf6Kk{2FN1_Yj}p5^CZkGDcBi7?A+}W$=MT#$gv2i0$)exfD!N<%1{L`{ zhf^jty1a+e9sOIKvgJ!1$_`;n3hB3+K9(s9!~Hn>D-54kt6}7zu(pGY82C5Hc}9a+M<8u{dcF5s4XY^ew}St9|x|dC8Kl~o2E78H4W@A zxBGV0#y0y7qEyK2N?REG$gM9wK_>?vyjx8P)HYK}+E@ zKKz*cz)=Gbtb1-s@el)Dm$2CIzuh708BXPthIO5T8?NaW?o8PE z=WmmW5&^>?(C6BYTG*<$zOD05s0D2dv=_vS=SV=JH6NGi;^WhdF=t@mQRe$zj>a_q zoC5JJxVB4AoQG$4QPI#=&Or{^SxE4lgipJ>-Vr@+Ve#qySjbWvwl^CHTE6s;u^uUHQd7$B&)N6R^ zB%Z%s#C>7*gF1T<>u1;3UU*d=;7ylux+Cug%IjFl^$n#nHrVwZ(@DIxBHbGXJ6rea zQ5x-_c(ayEPZIjm%A#BHN*BZiSc_s)=ox}GxL&11(W}Di#TO9#!G3WYph;<@2}GAx z7+T~dZj^ldj1Qh+AH0hOw^Ry_cgvmA`OMc)hAYn~)|Srt8Er_$qhUK?-_RYp_Rzew z)~FC5e}_h0+H*geK~cu}+^Wso&B`ohQI&BfF?c2l1M5>;5wm=QAzVHgKHD12-$@rR zIs=Q^;{sJ!MDpJT>(sI;$9pQIo}IaIx(PI&l5&2UEEFCSSBI-5w_f!*;k8Khz^n)? z4NI5`xEg-W=8R>xG*3ROZr+G4Su%{i+)h^KKR=^!H2d>75>_^io!RiY4yC)K5Th~S z6L^aw1o6K~rF2GV)mOd{6uwn|d)VyMmWP;n*P~t@M%PBHb*1vkFD@A2EDSM|G_Xme=ANl~ScTaSi3T?f<#Cl|9f?R}6@$f< zXY9G^UL-thma<$2_Ueey$Z4s@Lb8S@kCR2cZl^S@@Z8JpG#t%RORHYxkJaagYkS%H z8ZD`Rgb2Z6o5wwrMWHmJ$0i(sv6+P!l&SJMkwJMCd_gWFDWwoSDSiT%#Ue6s@^uyDrIIMf-jr!u@vt=-u zO2`7R!{drl_D-M$`53`gL6lbE;X9$m$rI}8)MAqKDUu|}kLbNM{TvIm5U0YeeDqZN z;8}j3O&a{@mE`R`ap(9h7-WCzF-sSzPY`|pbJ<%tN^E0eQTROLA4?1TI-g@XJ*~AV zEewj!k9dz92Wr25b`~~mr@bOtmrd5TWuhY4)w*S(4#x|9eb*%E!Q@5GtnBpcOeMWo z%>d;M$trL-`-SeEPGuM2cdiD=)%?R<&f%t8DvPC{SjrCz_(0=Ogb#V#vbWW#MR(5s zR(>zgN1t5RQgJ#`Xl?f-1<;|1hxVXR?bdKIyZZLNY*dm(H&%FoL4~H{f0uSL*UzX8 zO1wd(KvGEDP_`2bM9QO?hhDLou4sVS0YBFBZkPT&U4WkZ4(V;i3Xf4V)lWPk=46)^ zNziF3aS}<-_EEd4;}!fE3cCgEM|i}sCTb~oB0(kQyr2@m$e^A{?n#zlE8DJlgys+$ zdkm{+@A#$b`~D^n=%10&nE2a2A>wbbbzn0*!4tL|=w|uiG@|mStGrgCmG`SLi1a^m z?{x{^clHG7Q4@Xmn?DO7FV7eN4E2aH+Sn`UBO{@*HpYPcn)# zr1)%cPoo6{T%vo0TIUxY4RSJ)ts9Qx?$wL~^^xgAF>=hB&)Coo&?`{@KDq#Hb)!p8 zz*UC=(pLf{Os$d%^lFhCiYI!>pUlgsXM#AEOS=#_1B#N`Upl92IB1h!8a2rsN~ASe z#wVyiWzV*j-(2sA;7Jp_2`wbsqJX9Eew2s`jli+8A9Na9+CS(vLg#=rWu0nmWxX3? z7&U>gvnX4ZL*vk%QzJ>#YwZ2EEEzYILLLmCJIhP`z#(nxWAtk2n^O!Ykw#(P-yc?U z9`_yq4sj8_#T`conuzo`DGR`nU+~p~bnMOu^*`zUK(#<~zjbQbSMEQCQ-B;AS!;dd z3NP3#)jZS2sj)K~V=}#X+gPP=bX8{t$Qq+)(*b^DqG=LbVqQN9>?vBXbH7klE_ZZi zDOB?tRd-nMZEa4Y#Y0v=&qg67Fz`RgXnUn3$z5#SyPi{sCA_~>Qs`2 zV78E_R#4?LX`ZM~<8$-xIcLcBa1kGEm`3X=Zk1oG#ww+#3bv;TrwqFCUKLA3Lpd+_ zqJ%AOc%}WBF*w9P?9SL=97Qy{H?ML_BHZaFBcBpU1OJ%wc9Qg6U~i4`HLM&uQ7BS0 zC-POt)P48(h`MAgKX-~?6aH_s!J{a*f-mNK1|!92=TDeL!4#$CpOTr z;w`oF>+t!LjVAo(55?}`4~)L{1SaC>zb)DWzTk))=Yx*ekH~QK{dV^4Z=gMrHxS^l z%L9UV2?tw2?y7hXFVyihw&FW2LDOza*QH(*kC$?Fnfh)!UkU%{5@u1y3Go|Y{UmpF zm1ac_X&>n&mOT^meGIeD{xvpa{t>nk**Tz`@IqL(FNq3l3%|u6UO9R9j47_gYyZzJ z*KO27PXJPmZK2DYag&9m;VY4pz)**Hgv8ILK=9Zr@JacVkjiVkt3#5CQi1vTmHEOL(H2>BHoEMLRPFRyTgY$;_CSA0h9E<5+iqt-*ROR(I`LVG+HZ_ zlWo*`>}C|KUbe$xbS6qU5AOuKY|9WLDp+s5Nelnfo!2Ef4aC`C%_Yc-s_e?v?0o*$ zOp%>%OwEXs7Y_XIo&w)6iCQo{n+O=LibL@*as8?=0Y`|8UTgn_Lk-%meqPwQVA8Jy zIy?ccapOT;0VzSBfUlV-5XZ)x33>o}Xu^lmflW_rIq%&=*@5}T2W)XwtUYC!%WYS6 z?=1$FAcVR92TKu1DL{%SQhzqMd74a6u?rL%x-G-N7`hQ+%cMQVxNTHXv&ybv3KOR# zl1uSf`uZS7A8X8B!F9$2= zMRK{B@olX0(tri;6Nh{4e$zGMO-9pG{=fe%{yREKYghMys3Q_Sc0R>;u)l{tRX#U=*Ed)dbv9@EWc;UqvKD z$*ve1ANms_Fq`zv1aOEtl!4P!*s+wVCM#%$Qp3KXwVH}#Hh%&_n$I$LkgJUeRk7GS zE8GK1YS!SNfVK59@2tM(*Id7-AS|(geJ?#EjLAe2-dJ>9urzS(n{AT0^;PJbuUz`N z!#L3^sh{>9S;A&Y`6{UTUT-FYDED*1(96^$B+g3H5GsD*;z*|MN6sv^E^f&J(s6}y zN=l_3Th>Tbe`3cc_Mm&J@ewO;<#qkurQUnh0e7G;^UKqTXMXlLrv&|&xq57UQa)h} zg4Q^+`16=SD~f$DMhq_4L4wV_U#&`O6JakPI$Q9l=J!#@c?1_^fOT~otSUg-7<{}JH2y`ZCzoxaEHUx)QuDZ+ zS$lAXhbULlbQAxWage(YP{EE@SL|;n%R|m@;S|>Z5Lw+P=WbvzPt;AzPhG^Fq(q%chbD&tG$9 z<%%%8`g}MieAt4LajB8T3(XY^4bXTWQgMQ7h;MReXwGAKW}7lZoQ7?LB(=#a0`hYO z|1j0kh-jP%9`CXFm>D*9DRc-2o&(pHjTTwxiw?I!CTM2Aiwg<#N_L7|{cc`!dUe9~ z)T--pGqNJgT~st1hj!dL{21M;XLH1A)IQI%{bK9R=%0aEKvkWVdX1h61m#4t98G2? zHnmi%szOT=yi*<1cVq63vJ|NQ;JfgV#Vp~(AA0qZ^9EY4xk*mnBgIJl{48BDn+ae7 zza}n!J{eZ4==(N4mFX41q{$CZ`YvAs?|x4>;n|BBQ0URl&2_H~`=jZvR&HDyxr^9a z(trodx=abVgqz!;2a@b9S^qJO8H|&AJ{ENYqo^H{9o#-ZUg@NW>L%mL8LI_SsI)U? zruB3%v51GXCB3yhFp+pON#Y|YEFMncI`qS4g#%s5|B`HX_Z6q}gRT1Z51ZApM}2?X z)mUbRa4uSRStsJV>Z~mGmGJ4!SAH6xvW#QboA*Oib+NQe4@N0}u@$hXo0t>(49bcX z(;{_ikx^UY4`wK&$;Y1m$C3Xa^z9bq&?ydewBqC+XDPA7mt2Nlaz6Q6X>7x@DksQV~0hdyAFi=%Zjvhc6nJc`#tbX0nK1_?M!9qOcu(BKrI?C3& zmBn$Mb@&f)D=h1w=~{CpmC#BDw(8kKSPAJRmlV#VZ^ru%UBi$V(_JZ)i7|Joh`S8y zZ0SEw;$qhsE*4JXvQMRaiJUCvHPZ<-OA8IdmBD8|=u{ZLq8H_9lhEvOyhu;A_F7Rs zI4xWGAjPcG%heC~bDN)SY?U*^px_5b49oTEQr?PHpWwaKwwuMPEU56#ppCdNs8eg+ zb%)lC^Bu$Bxo&Hckn{Szg>FPVJ$-I}OSC=Uu@PAlx2@Iqu6^<3y3RN5;v_Jiki^iC zsVnoAjyCFXd8R)ptFcFr6$8(PY?hzS21+$!^OoSr9)%ROmGZ zziIIW&j+@|KOkMy1BorW<$RY>;ztDJ1L)&?B0J z&2Hb`2SS5M82H+^u){ym1o{;+;(&2ahwR;PD!7A8pfA++Gq5LS$j^YR+Q-4}kn#aQ zR;F>e&bjR4zVq>ni2d8Vlzu%;Vji$7pR3kNp*jL;48nN$}$#`z>qHRAIGuJ+gsL4vWN^oT--x<${yylpLbZp6L{47i1n!&*D65djB$}3% zl&Viht+F=l$?TKC#P4bx-Kss3^TBS~UEJ&s$Hmql!FefzdVC;K7S zq8*LFd7~aBHc(Iye)`9`L|O4{Bxw))>5hosBn^f_02vD6w10z$f!;X}+X7zP@?D>0 zSyOfX#o{l>vDk_o{g42K`=7V0PE!|=Ij=yQv^)_~+iXsnVc)yw4*s(=LaC;`%sCi( z315pcm2G&QYN+1vqrvnp@!4b*1vVpOVlT@pbs%kc>+z5^TvVJEbKwA$^D-bvs3UMs z4D$V5U?qfMsV7T&c~hFhro^27xetv+Ed52;maldh85>Im+aM_G>n82CKY0Ddo@PC9 z5W__yw$WJKMVCAuSYYPsdw~d?|M?2YL?;U7h!@$xgnI6N^0Vo9?Y{RFIgl;k)SUfw zYEbmOInsOF{OiikXolq7aXrc%*)!`SmZtmP>U3gVCyI2;RrXu4pJ(4JgwrZLxBDM2 zfQiXTisTklBH?cKDyhX5;~@K#@D9nrkaU5^tiXeBC)i%xRr9a4EaVM1Y2oiORcP*T zVxgwe+ms29c(J^d`T2Rzs;kPAR%AKc>CKzAh$PNc#hdF83k0zTKOf(f17Td|>r}BL zNwFm>x@v~eA3{pX()j*|x}I$6amxOGWDbW9hC|Y;V$y}5GYZOVh@I^OJRtmOL2A*n zY*$P*A3s$ze1+@|U$3MJ5Z;d5QA-$9^tG9o_YX1Juyjclh}|y+y%I#(#Oe1359k1v zE&0|1A`dSv;u##jjStXtv(M5!d4=?`j{kG{FTTqEFDxlV8u|D;;INjnc8e+vz@(GM z`}71?k-eIT4cZEA$P~7(&p{JcU(X8j#&IUo*$bj%u=HTDGysTLGOuAlNEYjrn5fo( zYq)YUa=1Cna)>@A%=3BsY`87y4ItSJc=z zj_&(us00+(bwsqc3_FkMpajX4fp+;tucrUebFsL;TKNV#m1FkSGHUAsNBZ&e%Nsf-DY4LDSQrXT;D zqm*Mm4{gjPGW64;LW{4-G-s3osd(TIUm-L-7utc3PS}CtGIu~Q z%f-2az z50K46MZ21@X~+46T{u}w`(AmR(yoytxZ!X@-{Y{V&&da=;}nXVy<&S3H)REEOlDD$ z?d^XA<0>B&TZ0t6T~^z=`)`fovY#an;>GRO(;(U0@g7*vyuU2eP6nF-v6n$AFf`A} z!9v?ZLEC|^v=X0UbDHMlSFX=(y@gErh^1SQ?#r!b(N2C@WEo_-d-01;29Tq=?0cKT z{Dh#2L_1XY`B4t$9{dw}3vS+spMv+6Y1m*-4J9k?Y|wX6M;Rg}KAeAQvYVGr@a~z@>3D{qtX$X`gB_V3s`92~Jc&Ta9`Fdhq=s z4cAEggS=mrP8PG$i2`X)##B{|t| zG4t?Y(OG!`lm5=fv@_5m?21EJnbY%C%7cqUCFefvJa zhwRA0=>WJEE~X|Et3iJ=ne-4upMIq-n2nyy$&2}_x&B#(wDlck5! zy<%f!Qads2C@FRvHTO6Ap8sAjDQtl6h4S~*0*|4<9Q}a<5q|rjzQ}Lq zaCo)KB=Y*uXST?}Y{t0YaUua*wU{~ce=B`iQ1JavLRJ@vdK+&Tlp z#FJ2g4t%BwsgpKm^)x=$YRZni{FwfzIqA`GRHist*?C8#Mjx%#s-43s|t z>Mhcg%94$W(Qz~|4@iYs?QwS>=7R*>JK_^(ymLt8Q$PXC*4!yI)Usp_374`~0)?76 zAJj+#ikmCycP#=|it(31Ua)Sxw&xkkk{UMVBDj(SE85!gk?~RmXBru)JBMsdy=R6P z;5cCB(h6GU`VwGRZ+P@JxtF|beG5=VYZFhoX4IDXq>uR;l?pPk;?jQpC*}5n&`sh4 zDMK4c0(2A6gO33qWzJ^)4p;>+I*QrfNG5Svh$+`_LCHNK)jcaKDU=taCDE) zfA%#^Pxf{q8Z%yDWHyBXaID$yjdva>M7>7J?smyj?b(q%277XEWbJ?o5FPDv5H zq<_N(8$`)~$G4s<65rjPUFSsaFF2G}M?x7)7dp5j5x!rh`f10X=t2vv2NJ zD{H*(+`kFMM?m4p0fkT3BN8nmcOw!!BD?6v3f1U;K_3d>p&Y`oHnZjIx8J}6j$;&N zC1~gz&GCBn2Yt5~d*&}$a^=>fEv1xc$?@z> z4J6wXHnS$iNlfn3vZiKRCq(ysHHw*V0KQOHTt<@*;mjdWw{|w21R3YlhR-#BH2uo? z`MFayij6T+El>b>v&T`n#{~_&|Ae-px)bdyhsujR>y}d}{*nCi_q%XubA#2uC$mA; zXun`)d@N~+vnhp~iAe(s-+7qE?5l(Rg(inddCs!4U-o;%mqt*Bqza)@vP?D}_o&Oy zh-9U*7Jy0+ez|O z=rnt+loQ7<$*q6+VLzkK5U~kD1FdvrMYQY&s>My`FLd?$-cS4goV}wo_Zy4)Qtof` z)3J~nU)g9yKa}BhG$&uD$;@lBE z?IKs`+{nlx-zIiQ+-{>PCHDSfcMuRb=N$5nd9i_=LmH%GA19nOBkgyM13rUTrJMRR z4K(=iOy9InI=FU&ce8duV_+X*=)nQ8&(DN=1T*|sFUd&JbOp3j0WXT>B>l zx!lSI?g*9syDD9&HlRbz<;vhir|1Z;MrS4j$+6?NvRuv95{nk=ug8A(OC`s z#LY`(S|;JL|NqeSmQiiR-MVj!QyhvFmjW#g#oZ|sD5b@|~#F_q}_J^WJY+BOfB;zvi0q%-=Ir2nvPbL`@8S-0f*Xoud?02{Aq zO&FPV1^lu_7oevW{H6t`inTMt5!z)z0#!eKI{ycr=h^2%P{&8LV?B6bLp}pPArXb| zdcw!Mzr?&U)*^uiwA2D(g>ZN>vJA-1d+yst3`RcC8NvSuvbhI-4Q1I|mrKHv8j;pC z3*<=v)K%{r+uu`Yv zqN6Q1i@{}@6fP;d5hvp>{CKaXXG27|F=SEbkq839 zJ2%55v4Ca9$5C|jj*4`h5|UisJ&xz(UL=JeBy74T*FBPt$*moG1=wh*8nUiyelIWg zb3^zd06GH2SSZ>Q`V>JdX2ZMQfg1fCCP=D&R`f9cVChHJvag0L!F@c2*HcQ~Q9qQ; z74>TJ^p|0~%>?KUy4c?%&0kT7TZL0(7Y}pIDulvpBpkE6P)!_nXf%_a%CIM5UoL6* zoj2mlN`+@}^6Iri)7qC{xcP4&wxXe=sT|eMJdDl_CdrEJ?L5yK3Zfv=_ zN$?5nh6;}i+94%y&~=uip_XK%dfEQDO!E=XIf&r2A3wz8(ZlbqJX=q3wbg3)yL1e; zSg#I~tzS_8tCh_gdd;3SJ!!62)G7#My|5xvpF$#kyO5w`cua9>R#X_F$%F6g9OGAD|bdfnvzplNacjGh&fl zFm(+#N^3hH>aTg^Oyh1|!a&TRpBPDDQ1T#ZGu}1fBq}5x|B(h#X!VzU^onxbml%w~ zI5iEQd}O^kG2s3f)#=?fM9=!3XPG76JVg|Zn>wGSnzQVB%1!VPB^I``D-$t{bD{*uK#sEDxDQhNyh;?bN<*mxf#>q$D- zSCe5FvZ`^&*cT>YXjgIfukWSMr|YQ-J8oKZJ@?<{P0bkNCBUhA zUXNA8e7ApD&7?~x;0o<1;YJ8ILai9DH=O!h%g0}UbYD5PxfSq}lGziX6{~A4!GbtG z8aKjrP*GP$KcF6NwT??&_~#as!w?SI7fPE~)q(chhQ&dqf5id!yQ#82QlK6{UbXb`z0S(41;k%Zfd{;0 z+Yd}5uCUsEn#hH?ItRJ7eO-%=`=wma=yM5cs{oje8R*-J%&a5xHC|0=j?Iw!7}6$u zP~OF!s(3{vL|T%m6mKk+%OH@7{mLh2JP<@HalqLUaDt!RE*%?mmZN5ZP0Jq1D_HuckNCav)pG%=Y=r7rM+;?i zwQrBb@aUn*HY8^DLFMl-9@g1hWbg3USi>}vD#8NmW|DX>F-~H4x+2vGIJkbR9oMNX zO}RB5ufheCHO_Z!6O9IK{jk<{G85;$kS@5}GwWjB~Rxj^4 z_Q-Xg=gZF+dU3afGOx=*WXi-i*44!d9@tfk68XVA+bKPd`wZFqYm)EWjp~+u^K5!Q zv+CWTIeE_&YEj(8Nos zRBbJcx&+uz4hbuokx6A(Djp2wmOzZj6<*MQSmOt#T=a1%+^f(@hcjN%3%%IK)l8u% z!Oc~??)G-?^veVwJ6q_mv%@;i^{g&?I40d+8W&XxPR;|8+aL~t)RvI@=yfnJtTiX6 zgQ)k+y0WDRxn@QaEBa%-u~pyD8}{#tqOH?TTW*M`J0Xg1{KZ&RKgTbqHd0QF{iywN z%x^Y^g`xhdd44RxX#V@^6huUp{2u}O93?>URR>Ys&y}FiSMt9R>x#@sfU`h3`>UWk zNn$zu}Z*|p=SJ9l7Es$jc$AA-_K8;c%dtPn|b-T(m-nHDGm+)4x%#}dXFbcN~@6I z3|4$0g6Hq4UUuZgN*hhStHAW7iMsZSo4n$UO_EKzb##6jXIZd|Sl?&K4w+q5>E8hjcg1>$XJ99R$qufK}#UDba^ zS{vY=mtui>dJQU3PRj41)DY3D|9GPlPwPFu3ZYsZix{-<>SiI=geZF`m9(LL%Wb1lun< z1vYncBlw47C|?wj-B*}#U0$7o4d{xQN8sdq^CD&xZT%SH9Ge<;9Y zB&IujsK0qZEmVh0IFw0fCOO0ll((Q!&D`;QUsWG{Jupxfi_S4NJ+5QhJiDJ+kxMG7hDTAdP!Z@*y81K6&FxeR zu<&?FD-LrUepZmw{7mFqI}!eg?O?(IE9q$~UQPtBczmJBe|`7bLC67+-eXSdVF zo9DlrG~n`1W-3v<+3I%Dn>prW+8KtGZsd^G;p-gs zZ+nqhsibLwy<)7zw8QqpdISJO-5ypNa1S`#&Z%@dh*wV}H95ISpRS`TzsepCAHul( zbL)|(X3U*qGtA5N=d;)e z_2(T1`(VxAXAs!Y$D-+i$_QfV(}%$(Lk8A_*cpAosS5*EgL>+){d&-$1(^bH?79mh zDKUz{&UPd`{((I~c-kI`5x3*~X|U}~YUB*Zx5(0sLsUj#s^$AriN%>QA@RsVbnzFY zHR)n`no?d@gB{_*?7DI$l|bve(b_BhIsqRy-|K!6L7#61AwBTYij#SG)>PuvQ)mUA z;Mdt-u`BdoDTRwP8V0ow)Glh$Y47L~bmM|U2nX=iu0Lx=P=?;BEJ?wS*#4PI#Irjv zq$-7bdkTG?8=OR<#<{obB5XcRWGp9su`@pzRmKwf*Z+~^GXdvh+aK5m-W@fnzbvP@ zWoyFyg2f)^NAKPn0shqtBN6}2NO8>tFS-3=YH3@L^u!`HNlEIvONdgTb2tkVWl1l< zY=89h$hD{D>nL@Z!|5o_zT!W}%l+ODi7Y=v_ANRdsAtCHD<6v$RUF@z-z^2iZ31u; zIq3Xso}Z+fXQCuN-w)zl^OJtofmi&^Q2GIi+I-Xt@x|H(Ca5Q5?;i^FO8k%0`u}9> z|8;mLC<($*99>T88S2K!n7KmT=I4N9Tz4DRZ?Q>LkRqcP9&mmWMg4e)Rt|>jqz_>r ztF+~gJsBI9a@q$0XGojJ+C2WG_;!WQ7%g9^7t4G7nz2^P`qi8L0c8P~m#Xto5xY)A zWrNZR`(1E7$BLUD&B5>9M_e70v{YPItKXs&8VZnOpHYT~p&<73TfQ}c5@k0YJ6o{u z;I9|k0&#x#66)UOc70_!+DEF%w&2yNpA0{+CHwtSR8YF&db+d5k$!*bm{-Gh?Ld`e-cOPT| z_Za1iC8X52{l}@{@vdUZ7c?`<@QAx^=sO@IfQ-ATDYMRZ`W;(Mi-4@4zZ!ixtvJXg81HZ@ZxM|B~U$QCil3*nmj``nZ)hq_%wiu&S z0cPIUPaY_YJ*uAdasB2sD%|VVNaf9qTyqli6WS;Vex|5uH;|&=(Es?+vKwEeXbC&R zl+=1XKfMe1w3*Rv?~2B~B_&0BGb$AzL_+w#i?}rplr6wZyN6U+=WEGV35{;7V}+}S z`x7x_!o6+&8J&|auV(ly2nei%Q7#_LrSPzD5pdRWFj&8ZU=&Ry3@{?}KdZt2{{5eD zkf27+DnT|QeE;{`R!kU@S2d$92(hYnV|qeiVS~zke#6vaY4j?*G5r&tCNKR23(CTh zgv{^w#iHmRr~2nDlO@62-~LBp^FNL@B_W0^(p}s^sCI-$(5wBCGtL>|>0f^F+n0z~ zowG=X-ydKxZ(iLU#)YJwjk`G(@k4|KLvWI{JMz4Ix#1ptydQAYEfpX^;v7y_rHta} zZc#+jn3##?9sYw$lllMt`u|n>-b6?;`rl%zc>`GJJ2ex_6f1SLcF`iRffgrA^&&#G z>~4=6XRBUiJ`c8bI&-??6ymIcWZ*&G&>{s|TVi-Sg+_dG&+MNcjdpH+0zLu)K+J*o z=f-P_xd*_65}KzgS=+uZ#)?hG?A%g=osEdc>B>2Ip_3@aK;OAM-B+!~z!Sbt4KvZ} zU+JQw=fA=|03C>hPVrc#%Z~`5`xUU(p8pVdy*iTq@a_c&0e1>`4uA~=J|+7yT@&uk zf9)vzSX0Sgkk>bC5$T_VCp6=?iEX^Y5kHE38mU)%S7ole)h32706hN!Lal!DD@%2I z{2v3Chm(#GxH0wH<(uiRk8s$V+kr~%`Ringvv^RPy_$2eli&2N0FxX`Y}0izISgw( zdhl|!_w)Yxgd0Lr13eO7UU!(9(mC|VIMTyeQ`?^Yy6AT9B{ZA-xfuQAs`iKl%KD%G z>p!oN;$PXLWxXxc4tfTxIpblu$> z`ul<>r6D4U+gT!VXdgNxY2A(%264Rk3JWWb{(SDPg{a{C5S-S0taX(#Y&X1V{yMw>#fvvepq~94+;)Fh4JQ{mzSPn6rO!3Fg1bC?sOquh^ zJ%ft>wd+OFSP}714Po11$sZdeT&J)n?yG2~1|?N1r^2zHR%_fMai|3sbQ`VhG6WnN z_{*1@zMPRzUwv$%%}4m+Ru`Hpm%9{?&C1{Z5yx}>eBFhIR8|NH$E6ZJNlx}T-frK` z@|Jm-pqY7C4TBH=8^jY*EV|}upA}u6{~>eF@9Jj+!xGPP=m))J!FzmWDm?Pf;Xk6|cXYBK3<8rhLn|$AHawLvihDm?OAVIY>y>1+ zbU(MJ@Ko9_#Qo8lo_yE+shMW4bK*IU5Zg+i$!@Wx&yB)o7Xc`rDl@7?rRnAoGb(ly z+|jyhJBJ4YaAsLW)!GxmN7+5UQe_Mh@12To#dxF_JPZ=Q#UynYC#5`jES=r{Y2Sp+ zq|RytAKStdZh35P$J`pcmTms9&ZM$?>H^J0mTL?==~UCKz+v{Q4XZHEeeHP;gPV5C zZzM2DV_SJ$=^QF@VGlBLY(Vh-rbw^dfk-db`XOM`5P{+qX;aDD*IHGU zzqU9^c%PS^+``zh{AA|cF4g)=A8fNb-aFt7ddb{QoAbR5RCHtF4%tU*R9TWb2_yOuOx$6!6Jx|u#xnFaq@yoA3*K7@z1FmdCU?QljQP5F{5 zalNX*uNN7&LP3gbNc(yvC$nH1DC`4Yx~zo!v)2XD(dfYJ?Pgo*?GnnS<+;X&eierh z>b1q{9_tjV8py`kD=q0-<_4!uMm_uE+37YlEj;hua4wXnD=ZeNWXwQfRDar~LfZ<# zq(tG|26@94v0~4bUVDp{Wm;;GXj$|@Ea^ybN!%t0=R3vzYVCUsRb3Clry14PLwE^k zpAahV{KjX=z3&h#*q+e%gbB$XTaxP8R!h$LQ)~j5VZ~Iu)`SlXWA|%ABI-XHV6f=n zc0t(^l|pmreA!LLYOC9Ajm$fHXDV35Jz91n(e$Caz<0ybsf+`y`n8kU{3G|^^|}ar z-v_)^<+Hh!N&(QYyx3v#XCG*f7^jRMtzT_zVhGZKR+>k6;}4XNH3ZV0uhAGcsDb~8 z!m;Ky|Df_AY@NJr?Njup)l|sIYK1P7gnf?o)b!5Rnky8tgxz33-duDf`2lB}Y%PRM z6lsHZpYv_mtrL24>KF9ppU-)u0|G1k$Q|w_lgU)S1fc1OmzNLPsbg62vrt{BOeiG5>KUn#$4HLH>H#?fkY?8=sIS_8Y>X77hL!v|bT zHIWtb_JpnF*Pv+kslUtRDimwWY5l<4mF-K&&%rZ_=`}9M<^{EmrXiCx_b{>0mxsFv z!@UTcKOKvI1D(X{p8WZkEoM##7V@j3KIETy`RWQZR8yn94-R$FXAv#2-wxNBhD{zs$n|Wp;GDsaNp2)Kie;t z=u=!zgp_?TkrjS-8j`>V17&gr00jLfM(l^EY5nsy&TT4Ccv6o~)Q6desYs4`DP;7; zKlL_`;`@VAy73CqJQ4o!PLwjZp=PkoZ)t_FzZw^wMIwqawBkUNpDf%n5Ba)&12jJ) zo5=JcV!Pr+xtZ+NY8IV-O*7H43WS&Bt>r#@6J6ZVQ=y1nBTzSC2EfH1XCDR~V1;K% zGHY}Oosq(9AK2^vYlYUn{csv{EDoi+_5LFdFVa7|5w;~co zma#E|if~-0U<6bm9vS44?Meo0MiXiGx;i+8(jnG%u9?Z=(8n?Li4@2AptSLKR9k}T z1$BotV)4(8l~q>$Zb`TBx$=xG!FR&0NjTIzE1|K1N~gyk9a=``lnYc1eFNa;rNgF* z>y#bKiqv!?FzJZCWreA%`_rUt zo8YJuPvwvXyb8Q3&gMQylmLGJ@nbP<()0veJMJSx0pZ(Y?ou;7*vMSE}G&vXXX}LlUBT2>(WvHt)fv4dg`^s9i%=W;V z6I(onYpQTuHqj@yVdXrkq>cfJYgP0kwH!6VRb>pHcRNjr=ukpAW=#AQ`~*ybo~`85 zsc}QiuM6u=IKrp#5gh{Szr^0E?qql;^l{JR{wU=SeKxoDa)Pn3kQvK_#w0yQe_cZc zukEb1dVr3%H@bT47OK=!Qs=eY7B@{9ox+Z&*MqLWDj94(JU-q(O%zre!i1?y9Juts zt`S-MP6-g0s{1svLyGF^evJphF}BX{;b`?{)WL6bf7Yx0fnDVIkypP+A^M%2@{qDY zLnrFF7ncQS!=q+{8A?`E!S>}~p*?>Uo<6>Km^fC#6uS&uAxxIg#S#*~T^zRwkmnRR z>`gowVy%R>e_&&o^7aWi)`dtw}ctWj;vHPW5>EAU;0o;91) z`lP@fxoertyuG-D`_Y0^rEdUV=j$G1>B;G9m75 zi!lG#;whq?;7-B7M@I>nb9V4Lo#~)-x!Lm;FubRmctxcjR@{b;(YXcR3h+WruxoxQ zuVVdmzW#MfCVE`v!WPC3-${NL+DSdR-_NeSSv<`e(Qow4ii#5!_`Yn!p(eywP#r|U6Yjmux6xi-&R{vi?gfm4I( zb=SZ*aDgmj+}{2|PgnD!>9y)`(xik2HSO+jDo|`8&}9xRWFNKn`0Ys5Yw^!q1RVhb z!eZh2E(wp{4H-H}LpZoSL_{9Mh-QD(QS&p|&1${txZ1n#P5cH0n*wN(td>~)I~twQWr4xs1L$%G24Ykr>@7XxzrnzpDya%sRU^gasR$7)K_Ec>o=ia^z@ z8UBF(`zuo-BLIxr-@Q$?9U#(wNlvw)(5OeQL7gI&VcWq9{@}AxVc^vfs~#;%yUz{Y zgrYCXv|_9{jR++Pa~c<+RX{~N$4{aBO3h=37`*(k|!aHDaN zfbXWT=9FPIKX>0;`$rg`AGA!Vjvu0PSw=}Ub~j7`J~T}6gCdoF`(PijlN;qfP8RYV z&n-FiXBih~BYHs;&e^N&ZO52C$~29YDLAlDZQXLa(pI|Pm zh);AVc)}zhnIGvLwmuZM6pOV)7kkD1*s3)}a&xG(jEdb@)S=!goSN*7EDwAnt4OjUztGWIaW2}vJo94SN?2}!;)>FwZZwsd35dgwiZ%%5}mam#?PZvxf z%jA}zQx|!GLa*KA)Dwj5x)YvBgL`F3*(X;VDoYa#*cZLHblC1NAB`L7eZ%ZSfG3Hv z#D^%M@DTFhPv_tTqohm^d>1;O!ypm6`-0?t`47Tlsq493WwxWcZNP3e5e`F z#*zBs*JQ6WuWg0wJJRC=C$aXnS>GXRh`T*ME3eck9b>RllNZT&UWPVY1mqX=51)+D zJS}px9Q=GZC^xE8mH?zb4X2(@&^OlF)$cfO^=jB1B@K#?U9O>Wd(WsVv?_?S1dOx` zy8Y%Dm-9 zX}w|@u^cfHWxzde5zoHgDxm`5-G@1q#KJ5;!8{5X9JHNJwzB`b#So1gM?rf0 zMt^ZiuWJk|B0~u>BW{$Rot={5maz_~i+M}i-^{Sbx$Vt{_1vzPX5IgV$4} z#*m|GS+k2u-zVkq*x0i86CTZcU*M%GZ!|j!Q4sCp^$FsRIUUuxBkvJ(*k4t#^`%{=70^_G~R8&|hjU~ycWCz?y zbnvQw&#xyW$f<%VbemTmsLwIBq$tY>x>VK^(E_a}yMY`;&8inW06UNH34`yV>kSbF zoNVt7Q2x9k}OLhc&t*^YtQ_dgZglPg(kTu_=*N2Ab_NZO>do%^uBXT7xo_ z4u;{mO28Zr-B07wn}d;*mVciCgvo4%IW2ZI94&Z4jlMp~6w^?B{W8lq-$LcZ?xyJd zUBlInS>-vYoScb<8|+iw?B0NtNuw*y9fF!(zHRByhKgN*mTa;qqQD^?nrrH185vm| z3Z9X%2{wN_OypF@S#@{s;Ah>q2B`Hy&GXx(x1C7tcs}J+z1et; z`Fgg|A)x&W}G}5J$F|$!-MGI znu~VXPf4p65gDtc&@Obp^Lr^m$sz=nXzuL(tnoBx-uo-ayx-I7qa6OD6!fDUSJebP znZu&N1{}{bYzx>X^*?u&Ov6wyupzIQ(N@2l{F^ZIJ5b{q7(F#N zklkX}=F)>V%)Z&x!Fny?u*No@ePi2Irfa+0(6@JN*bsiY0v7*g@>4Kdz@v!k)Y3q1 zK$<>&e?^FQ1%Itbg>;vD>KX*5vx*2(KsY`wt|>wM?=LOy0si|O!e}2_O?reo6lfAH zimUY53@YE!VZ_DFlNBW*~<{@HKKEZ#_jtErA8m2b$q$$T|X(n zWL^gDXPsl=rf}-*f%e(HYyU-+rb*3=N28B&B31Ju5x}Mr)~B9$I)SrF?d#^CnMvK7~^4)I^Ef;kxLHWMMCL_4aVJ`-T!!OS?5;fvJaD*S%dLR<>cHBKG z7U@znP3vF;|52>K8AGh-$*%OT>B>_+^a&2MkPYkcpJlO;ITYO9!9EA@*gKa!t|3wP z6+r7jcccMR`uMuH%fGf8_*)S}&;E0loohUMEK-iD@%3lU3Wt?!gx*W+u|Mq7i{qGc z{l0Lr@CdT!C{n9on=>D%&PmOC$8UGYoPHSn0g3p+m?KNTBb4YaPRnHvyn8vevLY@fFRaOe-PA6^n%dw@rLDA1P_qnrbEW_**^x#|GLcMZi0Ou)Wn7?FR;w*C#*8 zEPK#pK0^3>U2w<=#Q{&wGz<_X;Hj~{UX^2e)D>)E+D}9Fto?rO69M);kMxZreYw}| znJUbo^mGs;P~+TO|s=sq-m7cOLy(fPU6c%3W(tZVaHjw*%LaP z=94*^Ce%ai_o#NpjuNjdG!rcfdfZRsm$#-fc!tmSo1uVq_0Veg*qp*+oh%?xjVnFw zX)td@4zL>T@(5){9POH-oT`B$6)%n6UVSycq0hxlVf1cH#uH&DAq820BWwDnlw}tl zagy+|maBx}tjA6bth@(Qg2p)ER3rC7A{~i`ML#bpt|iMz{UF-@w5w91^?k@auPo*E zYf%Mx)v7{jPViNp&(?OfE8+d7gt(Oh<~)(Apt>GIOf9sZy7<&1mRN{)+~N&I6~ys( zqlpGOoCb!3S)@yc~=HJJkB-b7AZ)8G)3DH*wGIJR%3(072aN{n@ia?X{ z#DdVIK-kWNSldQh<*Byn(U!zc*M66H31Zl(t-(Sq49Pd{r-5;aw%oWAG@nbXxrBKf zoT^p+xQ4n)%=^APthZ3-dSw;p#eof4-D)@45(Kx|#%aXDY{!$aCz!nv5MK5cVIXYy zXnYNJk+lI2wC905N<~VvSc{qj^h#vk7mFrq2{ywYFUN(sXI0i70Ng}NzX$qcvinHm zS^)1&!9GWSnGHOcR7F*S_w|{7LiNE1-O9Gj;Fh3(6mfI!pk71HRoS)dSzy2Nr@fr* zDD_||-C(KqDC;OUpE{~%n@SaKlH9K^`SQ_F7$Tahn@+eA^x?fTr8Y%dKBqT|<3(qk z&^nf@tKmZK5jZ``vs)&Qr7fn@)L{%bGg*KzfCS^Zlj*fdIMR*{o5b8yfxyLY*O#{a zjbW}S<@t2_nibj>2%~!fos9D5qeD}+9cVYIOYr@d_$sO&7S14^9oReaex0|0pi7f4 zQsZ;h)uX!cX>s{%H^u}CA)+#qKD5V+yb6(_Xv=Bb+j3uT-P+95afNke9C8|Bs7>^-7h z>hoK_*i?4>av1dzscsf)c536AU`4(-@6{`gtFV+dHPXHFynJE48 zVjmDhvV?Thn+X}bri$#pt3ur*=T}sgt)c#4&O|K)en+i-TlRZx&d;Nnd7ojcy($$L zghJS?MB(KLxx?w(`CE1#Q#Mdxa}1XcJmco5H1YI++tk2W# z6ml`3&`AR)%uFBG2G=RAoeih3&uXvClUnCS9`L$QV+jlmDS78oxloG$XdPJV9c`|U z-W*Qw>$R9w--@-&%y=fa#_mzIaYE@%zIk2!`*1qR|15H&ZM`f1u*Iy}II0Y)3Zs4~ zjTSpY0h-xYU+daBPDL<3oMCJ1^!eTwYAxXitXR>^7P55EY5Fxr!GE5cMIsQy$iUVH0e=j1yxPN3$lTJrN`45e1zSG zP(FECHf>cY{wrC3#oj`;1DliE=DcJV;p1Y4Is{($I$1HiwITh_U5N)7#EAGohDBV$ z48N1CS|f!Y+l=ftqAcJ~`Jq>MTncSCrS@pS(2ANNtFj#bW6f($3Aw~fux-Q!lC9DH z>bQ=syc1Yc^zgmMYJdOUP&sSY0G;l4|2G<-{Z*m>l{FXF_J=U$nUeT?^S9I%;{(V? zazGSBD(T!Kq=zK_a;3p<2md61u|1fSn##Pr$zf-?_@29>6x{Lj#Cfy*(mpSCmSR0T z;NW*zs=5Hso8@=xJiY@t_!&?`Iy@L|{R5DFmOuYd^^wezHba3}M-|`=$lMio+@(KV z`8^MVypJ&B-!HE1S!R1JwLfGzG==fra$RIQPsxrW2R%0B_b=xAdCCUQ{Um5%7P?m? z|0=0m$IkASF5nR3^=&tTC9saH&<>k>gV}5cKYlFa%=%FeND#)^{61wcW~W8T>GtXs)PGEPsd5Bkq5C% z;yG(x#}>g5ZQbjLFYyx2sOnYT!1P3FWHekiJUL?P%yUd&vnD7bIhl1OybUWvo_iWh^&TAe#nbz``F2Tvphhuzmz6gAt<@bkGXtOV*AJK?*(^pgnWh@`_0BA< z_4aV+6EvIKC$q`gp+!b?&cAsB>3(syGnnou`xcl_qTWuZz~9~nmhHCWH|X}?wM#=; zQUUmr00OlP{ys5-MT=}X=2F?M+7e{W-9=p#Bsst3FHtFIFZj$Nft#XZd;ERs8jt73WlA9c!9V3p=d>YGXV zr`5B?MEuTwf%O{!9D7=)HI)X_UG_~mtp7rU(M!8!dsvS><88k zfceqy-8MP%#Vh%JAAz_c8|jhebh^$~Cg(BH&NHIEzRNm{UE+>@lA|cMfw$*PkMf~K z?Kd@?uCi)mL3hEZge%)mu6t2`E40`g&E_KtVfgZRi+zDY__3x#(RBYmIs^$M9@AcY z0xN0^E`WS7v=(cJ;b(n}nyMn?-{Aihzt z7vbOEDS6BaysQBdf4|&*CI0ZqxD!7M@6R^MTgF<`^QV$_4RZWOvfDV*BZ9FxMw+wt z7EJ}`ParL^c=V%Cdwkjw&2ZZyKZMX0fT@88D}EXkqwNvfr5e?V;Ec%3;S#WecZk3O<5%mS zDGFLUuYr8`PXDe75dfx(1bNS-F?&^8{KME}39&gh9j4u(zsa*0FXZU0?o~4=cBMlb}g<*CvZR z#VRnEx{93gzltAOC_fKprbNXo;12dCj zq|#T(mV0hAk5vwrM(VllR`yq-!6HsQO|=@qPV^E{e?OB;fhg6^nUz#QZb_sp%VI># zBfLX#7^vpb%cr}?$=e2M}JjGI2FeN z4%)dP;!4XkgaL!rA)>!q%6-r{(?oQ~C))wTa193_Aw_*JKmd!T=GnUkkiM}O|JwIQ z{y&Yz!zGb180Vm9)R1L@02$QRQ6yxCbSy3|&h;US7+(5o9>uDni<(1`Z;<<4?ZUvi zDDQjmsqLM6Tx!Bxm$JsA-vJh-WVeVTil=CIiK3{J0&+#jinzIcV*j1e9Ew9DL&)Gb z4E0Z_WdQhNKhhB%>mK8^L_6xPeY;vmwhMAM-I3$X>LI7PfAMk^p)pyGd2aLM&19uC z@NF3ojhp(Up+uBmL_8O?%(?rsbz)21m8a>z-pVAWH&iu?!L!@}I&>enyOfuVXtU+p zDGl$u7cc@T0X`F+&t*v12>8KBT6eaTsrn^VU5SP25XzZ;R2h8Bx3#k$4E>ga>FheS zpZEJ|h!2wh`rnMeOms3AuE9HfC0Xpw#zo*V*6;kMg=+vwH$v!hmrZ3Or|-S}ZIQES z5(SLNv>kaS$?rRM=+COqI;>p{VF-u#6*qrna8nLX1S)oVC-3(LZsuO-&Skky2r=VI zP8UO_t@-f6T#Lfb+Txq7L~r*AShSH}iGQO0eMOt$n-{ zfY|+fZ5hWKe=xHelN`eY75JrsNvjE+L;`|d@6|vn!={n5bt9tT>3%KC?25iW- zQxO;mdiO?nq^YMC&u7DvIc6ZEdfTYoH8rb@eP#9HpJ;beP*f;1)G2`f3+VCpQYN#` zfk|!skE5l3^;3L@U{Olz>0j($awx$ZmDBfsS6f`6wWD-Rg0)R$Wiue3YjYZ2G6neU zxkIDRb7XrTFP0h^CkZjP;dELWf1WNq=0j!BrBfIxuNk` zop${%=5n8OW*&O(FE;lakZ}Y-rd_7j_0Z+IZ9L|nGPS5jo0dL2;?n`!F1hd!DJpxZc>c__K9EPgDvRA`L^Jb>)$(;M@%2Ew z!Z3x@d46P@bkpD5Uc`noWel8HDyHf^zHfp~lu7K(?( z;}YK9h_o~2d6nGK?Q%)*kceG$p6hE`A$JG1OCLm2@s7oaKpBAzH&?)0kB%1=9zRK1 zPpdUkCpU&QD5(pP=a2|;n%#G!sq>TGYO_K5Yz1;H^5O-dp!;Z-facITY4J(UhQ8|w zvz`RF<*la8tUWlH9rWvXU(6PDwP7g}_TzaiH8%wN&o{PWA6C6Kp`M0QE0b+B^Cc>p z@f!E7*_5&+a~YBPDylIJ=43Nwq$TQ@R|f@sd{H0Rs-#GITKh%N_?QH}2`04DA0Pa) z%oA>vA>&oyy&cySglVg6v>}N?>OA}BUJ)lBevdPY?=_cwUUKCHGJhdqxp0WvdyWCz zy^*%n`A=$Lz&^&t8Ho&Hy;c5IEh^*~}+PgEloix)gp5pUAv$veAtjY89N&=xS;>_~414)){XB=(; znOkfttQ@W1^uCI3?w|Tf^(u!beq0KumY?)K{#JoGgDQjfT8-f-ko03HIril?glfBY zgu>y=_33*Fc)VIu7kLj0fQt8q%**G})4$JRm6a zP;^UYjZ-v;48qDv=kG4ENr<6s7FwmM$5TnzHM-a$Cx`4>9Fl#mOhe!?bKs;sxuR(B zqkhRe+AcF9vbwRXPIkYJSa&{g{0g9|_wR$+sbd{^g)w+7Ad39Vxjww7lj&5h97#NTDIs+kv zJ!?9}b+`>$O1XAs2Lp8UKGmATi|y~r5;=QAXpOrt_8;gyP{90j7eYo?BfMh`<7=L+ z$H!Qlq7Dv9YL!h}AN!r%p-2zc4!-7=$59ixGGP>YsWQ&y)|Rj56$muQlxlam2NwL- z+U|xT-A}5wPj?cTKaO%42}=4ATeaTK7ptnTUlHVrPObqialGJ%#V6oPj=BgUwM)78 z2tE8IwF&f_Z1N*k7SgBG?@CLA|Mv^$e!Mrk4^g)A(b^X#! z^PZgFgBMC0a45Sh}9A-4sGn$bQyrOt!NdsTKvEe z($kvyQt6J@B_+qmrc(AC`)v8QgMk=RjtK6plE>-NYK+M9Tcd$4{{E=_ibN3Sjq5<4 zop@*sM)1C^dd3HbA4go?J7kp}=DR~XUmSo>HRX1sSq71rY?Jl`<+}AwY9^5G+#Y$M zx=gyLeFk~&qY<)G>X-ml+d$kLgXVsl&I^QZ)+0qXnh zme~r5j}<;9wC`;!wkA>70bWB&Wq$whmWqQvFn}?#$>deXM65_m{%Knv5-Om4IPmC1maH5DPQ|` zrLW<~MkOm)`+CW_8E>LmFZgDms>iML`rYr6ddClRtUmE&X|)+fj?a0vT8?-suiavO z5}@3*e16`h@vFzWws)M*G9te3P>uXiM-*IT*+uT-$cTDHrqdmX7z|~Pbs`92?swv5K{d+W^}EeU?E3&z{^)@u_0EJ!cL#ty?O{VsZ6un=F;3Lr*7be74$OocJ2r*Wgcoo1 z^{I*`;QlYR-ZCuecYEWN25C@2a)wfAkRG~4KtKef8-$^2Xryxp0cjDWyJLp#ZjczH zySvZ)_I36-|9$QK>icG1Og(F@XRURAZq7n#$n(l*TWg(^fy2Ws434C6c(DRg6!&W& zZNoZLlA?-p3d5Aw+|=RmH2KiU^dZBrc~FH~yge_xhLYc^V9B8~T7^0mGmz+Dg?juA zFjFq9ts}C?7jWPwFH0lMI6ZF0<(fNViL9foG<+ZMY)b2-2 z$SOuIu0Wk}uF`CvSdf|VomE%~wVEEFI>g-~103pSg=;zQcDSfU`|Y%CBI!tTJ|g|G z`EI1VFX0IPu4neJ4!Kw%fAuccJ|Z`nNX+BegbLRiU#@Y1^t|DD^C^ zPJ&U}-26AG8I6qkFU~$ZGXUZ^oh3qm$~rhoW!hav7}zxzpxXYrTXCU=!-ERC$J;F`^`sK zcgsmSH79E^U;LUt_=7&ACkaO6>2ZOCTrwDIrjTPRHjga?y$JasYriwvbVEW;DMNR6 zL1!Boxy8DS-%{bvs`2)%e+R`*^_2_CRYzqF3Ia`#DTX{L19N*e2`zFj)R>h2u!im+xH-a~SG zA0Nr_5+KsPptSfdq$o-1+X1p0xqpS+tEuxJaYN2IPQQHo_>0jtS;<=)iPq^m**9^G@t)NUq5Ry371Ed&WC9i!^#U%3%+)+!(PrT_SPZjbYe#Tk<2aBU| z5sGTuqElhi0-a=gXM{y&7RcXAL@bd>$)b&ok{xMRaSfFXk9;Ry(flDxOxBkXCz8O~ z`R#pOr|RUPGlqw+GfslqlMOXJRVo$FN|J54BZJai6jt zhAcNO<~pMfC?fw^i(=W*D+~#bBV=%u%B&RK`{{dnKjGK^1PnUITf+!ha-ikf>7z3h zXJpsab)q>u8@2}}D?o`!;&IRzTaX7 zKb=V~s77F*-?jA$jRA~lgSsK{-8O0ERiJ1Pz_CG9R}o9757P0MbYOK~I&9dV=^%6{ zx5S7M$bJPAu5TzPJ{ZfW z?{f}ch{Y-i^imr0Z@coHv@n$QdS{tFC)@UYHyU-hX`Mr6DZBMT&C23f>iOR=EUv5L zunyiBF{RxfMB{o_BmHNk4uDqrOevZ-k)Tvu6uq~mpf1%)5KejPrDvMp$tRYwKPdj} z+J>_;Wo#xA(0G5_qsrAPbt(={Jy3f>9m~R-Z!fEszBny?rZ}2H3ib@QUnBM(u<*t% zbE$li10ZLcb3U#2!3ipoey_2B;U`Rh(UbM%{Vt5_5RY|5#J1>##MNuGlyB&g@{RHj zu`k8#d8~t$XIOoTi}x4B%sMM?GrV7*9?*PPdP`P7)9;JGCV$R3 z=BxH!a-7oo(&DkS`q`A*K)`x0FDk?_S|zlb8qw%_%0$D+l?gwmL1;+|h%!6?RFF7N zYdGG<35Zgh1nO$`jlEvCe#9l?@-_tTLYWpT{#lPrO4HaO330-?=xG4;$xyqA3ke8h zO8bR%RB2Olf(t98o3%_SwY7lP8OK!F2|npQWz^!l^y0Da#pn<6H*~+CbyzeGB}H4h zWj-x=WxE28N}E5;Pzah(h=$R`5d0C7F;4xEwtI8`0(6xhNx20CWgueHfoKkH# zA0}HNBh|<0_M2g7iqEPmpxqAjK8FNe+u2zA(Lt@k$%my5ir)?QbDFNxRE9p2 zgEgUZU2z$d#OIIlY3Z-YO@-1ytT=DBL+~jD(?2A{5lQ3pyo)-!zz{Idq9TNhh(~-Q zt~}%$g^)!-@0mpb+y&RapZ?7HOps;?W{YNW?#DfSl)XRNP2=jmF$(x;T`(%3{M&yZCog(_iBJ) z-SuM&sRzPU&DD{C;gEQu;W}E_d^&k%jqf=0{r5vaE__|uc>Z?Re0JT+#U4865``AMzga~FniT#WqU z&(LkEfGsvqz~X69{>1g!cRNh@w|D+T%ryAFMcFvA?Y>K9>Q!U#n>kqP6dnmb%MK0@ z;N)Bu1B}f!pHxp7bRV#8z@rR2gll3x-&11dM8s(R) z=>R*S>y*C|`+U{q4g?kV`kPzMU*lE1_qC=ed$V@1R=t&&x~!14-a1$xbLm~QH|o zKnj-fmeW__1E@EaRL7$}JA%nTT*QribhKg$kfhzR!yFF_Sic|Z()cm)(2xHXz=TQM!?1A~V;>9$N+Y^&HO{ly$*0M*PL>(lPUt&DqS zA7TAt1s0kgE?wo!Ysu{@;zH>HNZm9(TF`|2t;G)e2FO<>+Wb!<(HNJ?Yo{As@>)%iaB; zvRZt)xq(Tf^@VtG#JjU&u+*fxRDLGwj-%rYGu=|O=_QiP;G<9DURx>iqm0S#2b)m< z+hzxX;fU!pt@pI?O#)odh}bJ9b##4YN(;77YJIw;5j~|bsBw@?7PJ4|yPRjMI@EjvBmX4hf4TXuhn`IGfVylTzWn>uf-m^7Psg1>PYr~&y1X9k*hz$wOcW5o>*vaF{@4G zppNMDAXJE2R=}FWyCT<}65c@b<8~!B3K$An;3~p@T3zsW){zexXX;B-W098I^|X+8 zF5*jlJza{u;@`_FRY~S9iM}NfGUA%C+|ptvGk(6NQV(9fyHg2!bGi!Z$-EULrvLSV zjSvI=+?3AqQ1WGo2%@qUWH4S-wr0*w4eALZ0H2sfQN!yF@!a&6c~bjHl9# zeC7-n_Jpn*`v=^qM;TwvtXz2sFnsJ=!uX$3a|nkp9-c=cInDhoAAi~V(#?|gtPr`p zsC1nugW0o$hG`>oC@4~LApW_UuzosEBpbNM)3-)5elU13u ziS+HUBExD~`}h?56jL3J^S_%9f5-ks)=)9*N_|IyG6D`ZdxN z4n$RslqiMNSVu-Q3Xr0AVD~qZM+RUMfiH%KMd$;n8D-zsK)lQ*Qx(bS$fjjzAuL8- zj#56S5bbyG_<{dfYyTV3h#>wajmkT8_x(q9{ny88iwlvMU#oAalP0r?{xw&Bo7v+< z9DoE=khCg89ohcp7Q{OibRf!Nx+m*QEg32w!d`p+8&t0JwIhZ%Sa7vGtj##|S?1^P z$6m+36?=%QXAimm)2_mNbu}?84*H5L^36; z%E=L8m9-u|XLiB{NCLn+5p;D@?9*YP9q&-pY8%xO2bsU3K!1XYjmGak1Af;XRr>z` z{qJu(^~FCLzc(=Mvpk7sYiIEj>bmdjRpNatsH(wymZ7qo^T>Om0l#!z)gZx3SdI)UNr3P9j84q5l1KWEoD~cW2z;z1|3(NX&s>vP+YD^)k z52@1JDobL&^xGL`qTQww%czb%+A5ju$z%a$ZDz`9k;(^A#TmIR1i1VOh9IL6nRCqP z)h>?ud^a8F;EM>LC49I3dMZjJ8f+6a`wsgjVbE34lQn!*IK#eAq!DTmp>J|HPFv}9 z+4r;TV@~;_M#yE5i}F?)$apPBO z3Rd9QB5|x++NU<2g__DFN_J9UL!-c3B<1G+a7O>FrKC3ghxUTKcf5(vi`vlKE80I* z;;dH7iE-j&3`^}ICF<0lkizo-n^kDnSY^MwpB0_9qmek*~u%Je_a z<&PrHhiO=Lv*O~6{}F_nvnCaTeawe!+3k~-LTj)XAEe>4<%agfpS83leGQ-VC+)Gy zEbDClFn*YCh^v2dD(=9yB(K6Vgv5nN_v|LAFak!AzuAQsrHSKwO}~q@8%cg}#iBS$ z6Lf+gT;9sg!Xhs*De+IxT1>r&U2Eq>k}QE;Me_Yv);B5PETZmWt@1i7I^Q<8qxk!? zzu*A9gga;QAptjv?c#0*EOicwv@bOZJsI^c>FlXLp~s?tIsnF$#x)5h{c+2-2G7@Q#QA#t7D%C&@BGU9j?tc^(fm|W)%$qcknqzMWso<@i)P-vB4XhA-IQ`x zl3H`^!?KTfy$X%U0r&+YN{>X#jnQAc%&w_mLV%ArnzZq*uR^QiB=aDNHHMlpEfMDW z&W>hJ*{+jRW;W=Q;7Xy_ej-EyH1IcpU~w4+slGUxT^<2Fuz5MpQ+?LdG)ErPC7S~L zodP)}N)IWY234Wh?sej*`^93a_$GfPbzj!$=(-@!5YW{&?G+Bbajy?HOu6Ihbp^58 zXWy28R3znSS9`3jc0QL6A^>0kX%=#XwlH5?T>73a%*axBx1V0$&Wdon9c`>9a8MJ zP;A*Z$<;r}M6Um}e#tj7!}s}nwhEQ_qeqt3 z)5#QR(t=3u#*F#*$AXzq`dMAR*`hx)DoFdFjEljlys}>DH$#k{g;MM52m_| zN6R0;fao|{X=hpU-*|`Y;0(}5?vX2Xv0_=GvgL|)C(jGF2?}Xu8MT|!4ZEwn$*Fjc*aw|oj>1_llaxa5;h({i@AdU z&8dtFKUYKsVL|Lwou^uj%h@o814mk_hBX-M8Cb@m5xqWo=f7n^%mEM9$RE)MAEr|l z8P?4PH%%VRBlB_F^KB2}8NrNh37<|Jy-vEx_gnp(%3mtXCbQ`o$<9C0EVW+sKCR_89FQdbZej38^VBW`=T^(A zT%;6yTcnc!yW6_w_6h4%$(i%>gs? zvbl{SL6t~D%&$Td)t1byR)$X#T2m}HZnLw8JUy7_Ikg~3B=Kn5Cp2HoRigKJG2b`s zlU!>D(9hs44dU&Msor*8Rcvslm_n;tG2!ug-m;n>tl>mX3dzU1#YROUs(+FHm3m^* zWn*djF{9>!rN4uup+FS}las9nO?Mi5KDb22jwFLS6S%XP4SQY;?97*jp6(Pq8Zeu* z2I5olNbyun%NHU;@Skrt&bCWUwKJ_xMmD1qt;X=a-~2_@WL*+&7WMU@oj16zu7^Fk z<|II5Zm~(SZU8VAivL z4J1pldW2lZ_3CHM6lM-FMCltfnM^-lc%5?aEBI62gRZm1AAzR>Dg<3U!YM%+bb!a+ zGQYYee$woo=&L}U>ARzIcd69^Mw$TCa3UUL_c%%5PWrz`8Q7*w477_eK5S!|0&i>O zZW9uJLn)NWNJAz0X=wrA~Q#W^_){zkqUligH9B!98G zH^Y-L-flhc{VuP4o=3x46GoUJku^?;y7tWTy;v05Hejs+N=Ul~f6C^FdRl67Qx}S= zM#=;Kfxia<+gcN_9n(dnFzES3{=0Uwn)#>yuj9TPrv>Sw3X`y^Ayv&>m!Sx0H2_ld z4v)=tfOWx7EJjk_94)dD$I%?* zlB!lt0}Z|2il6%YYm=gS)P40I(_DV95nBPdOV(XWEq%vYDq#LD-UPC7-9+qd^c3KB zp-Jb!vl1bhKzm4*|5Mq--hErIEyYP z@voOJU-DzGemwz#k$(ja63X{!nO=`NS26HUnNc>Mddq+TO<~?12en$@m0!Us7DSxr zVYa?UPCRDNgn9A|zijN2_QT45WJ%@9t01LAh`qS6#9I^rn2 zm41dKePq_gGckF=$+@ph`^2~QotKF2R9C*IC0JU9adB`Mn3Wf)uzV04my4m;0H@#Y zvVP_mt)n^hXB%^yO4j!b#_Iw{)s3c#4u0vc{+SnIIdHry1dHcIRoKu#Hm^m|0UXGV{7v`%%DThqx50XC1DQo@b%3EQ}H6q3pDaoW|&xd zLkKB1oqB$uVH=Tweqy2b5TKeJ>R6_;r{5Nf&%STXB<-*1*|Z))e@+jT$)ZF!}~$9JCsz2-SYu7D5#p?lR8 zDII(~6LLu@axpb2GgV%npXDToMI;U_@%TKL?^Wkq;eG7cR)tkTIh0mTH z)c%O?)|JmrN4{bEl3GsYIkEjI^IAOm8BEebB{BV#uD3tO>nc^4B`3JRg;}wUbpFPtuPSX?%80zm~Zvq6%s@=rVU#(7z2r2Zaa#xsHE`x z8K@yzMIwW0e|7lQeZh_WQLY_@Qc2ez&P<*F$KVpM*EZZRWjb9{GuUIBF+!N4;5w5y z6F8GRR4M0jI+L%npP79AEW++kFab}Tkve)igbWlfwDZV*mrha#XI4H#<-8?`PoWjl zN*!I=(?r_8F8QboO#$gQJwRJ2IfQ0LD>yO^&KWF(jAY#93{)tE6;d8v!c~=FrOMdPnp}2 zD_#6JB+@~r(uEp$#U&TY#2`Z&%mwu?Td{&~pw;ZpNL(3)z6jm+Ch zKE9rhBRm$YyWhS^fx*$^&3dl;X7Y5RpBEy^98L@6p|mP^NQu{DJx%#J(JPA9ey{6e z;!9kxA-upNJ8bZBnwFLC8|t{f`w5?x!J6)7(m*qL4(Q@;M0DB3e!F@E)C&*73Tva~ zGKv*FA44<1+Kpz>(t>;)COZkr=e;&L@749}IAOV+sryII#D97l*TN@Y-9`?i=1BwR z%ZGV9jl;!{_n^M(m>1IoEL@=kG5b6pxkg&VvidK8*cwl0lccWr+M?(7`(}p_p?E6R?HHg|^X!*}A0pxBHfk+?mH=o1%abR7K`E zP!$+h{5Bif#F0(N7O}nT=fCtY-OSjTu(d3NUu-tKx&3=fo<;2|i{sqVp< z*H96fu1~XD;8(i&;BdOzVz^|P)%swVj;G7a>0VbL=l=dZ(mF+wnLh5%`x7&Ee!vLy z=pj49cYcT8dSYk3!!sP2(kLO$1edSaCE6CQkS6h0_ka%^@O3AMn|qD;)5hqGF0SU+ zT1R`+v?mPV_X}Tayxd@BI@;~480WENK}N3x9e!|@wdGVOER0JnO4nU#WPzv3@b_f4 zrSS+R+>VBbV@uJn2wpn2EZ`Ix960;v+VxcXK49%=2k0QLWR$txT=Rv`me}L5)@J@p zie>?KuE>b1HGz43$-xY%V6|P$MlD9R5cY?4-=C)UB4x} z#9A`Q(H=NU27{~szcM~e3wEN?ZDOx)8U>4%Bpi#Unod88HrF%bH;cjfpP*u{)X^SO!Jv7qdNX|mv(D8%Ej{IWZ&aJIc` zfYlrQ5yi4+Hhocy<0-LNOYsTwdW4h+P6Rtg6H((Drf)GGClINs7(_kOGY~U1wuy$~ z*3jFPkZGHV?4&K%kCFRuJyi9+MuegAh)g^2k2X+HzY$e=s14(kfB{N-4?K0_w&6FEwhC`*Tz8w@4L=><5 zXj`Sj55Pr{;>>op#p4Ie^}q*`n2HF`Iz z&vNm;hf+E|Q~@BChWVduhF35WAI>s}9`J zly-}zUrE_SsdO89;@J^&wJxh|25zU~QUd2L zMa$BTW5H&TA(B`u16?{v4GZBJdy2m+P~-S( zXg=Lad`)h9RDp|0|Ciw#AEm~qhv0@$QpH4~%8QL?5oXZM`f^9EA}RaxXFM>;G?5X~ z@u_P0axR^#R+pWdi4-p~R6NW!NPFfxLMJ__25_w zyN-oq$oD(j#})m}M~e9**qunWs>~eGIUf#lqbM>&AU*{M+tn&1@WUsm1TRkcUwt4GghBlq`bkz!uHeH)0Ji3k>E|-z{ zJ7h?*)f*^!J6URz7rpd@`zVAZ%X9I(G-cC@>lWxx6w#Y~O9Mf|u~}?h3paV3{5tLz z7q8)qR=~u-5aLhz{rqJN$ExP?r?jclGbc86j7%8#!d=z|9Q9WWFsbvD^kO}Yw%X3o z1#K(8x~|Ii7pZNSl)UXyrkKzRGB*Ac!B4#%cL&&lsK{vX_rD(!%GeE94$6Jk4`{R~ zQHKr565hs9L35R=Wf#(`lTjVF1D4K|5rE-_kcP>X#+NsOgE99WUh!N5YrlC^LN)`? zFjG)op?>?A4D-9(b{jK&xMEf zJg2etWf>aOrtgA7UqZPZlqhY#b-QDY6+#5b|5 z^3>cNeMVtiF2U6rC!b|M$DRbTkF#(o-8T1xjSrg-aWB{gq8YE@aHbVj*8$Wi?GY<_ zY6wZr)OXevw3mA?cQdZOy!~*nx)>}sFD1MpL`Xce_obl(G!Js>a>#HP7UNXHl#h+*`yt{$WHO+?+b`_RfT6Gb{4c z?C~Xmn^)9dYu}o*##7y`3H&HrJkaf|s@;=zv%~gj<~|})spokfxRY@BZVE(s@qE;a zzsKQw+k!ouSViz8*I{tDegTt~U%qB=TaTNAa;Z5DmZK$8`LlJXu*5o7M!YUG28csR z+Vjmd(kw0NTv6d_>*>+9;kKweq}=BqZS%LNY%kjw!REFg*=79G{1Y};@7v0x9Or&H z{EWCVn;xX8Xb*qcx@7OG*Y`rEnVE=g*e%2!ejcDeW}ExhzHFv+;ZGj+d7Nu?*~~iT zDaGNeeFfYmE#;Hgs0T}7DA!o+l>*xF$@+gE@BjDAw>?VG8;4!W_Z#FfRL~Khh?YU^3=cgv;%Lq3BYq6=16Id&Zy0^jQ$k+ZsB?9Gxd zFv5hE@m66uyb}&aQh?*A_>}3$#^zZkgem z7x!{X{;j6qr?U1yH#ISX$lOgJ1=WCanN7W2hzLR$$^XMUtKJO0^M#ZX>&WkVZzjky z8G})7D_ccL9`^`ar*FEm<{I;n13~^Z-y;Kf$9MCwj=n0xG#@B|+9-Yz?IjO+fhv9=Ieul(w&_?Bx|~=5e#7 zu-64GDEcUW1=*6J5EQcIG%+P=>XI_LH}PYA$l}(wjEKRv%!Gujm)5T+W$E_ert;>t z158k?iMTOEHX~+EyY9Dha8|Zj8|1s-ut`-hK0Hl9w~mB09Gt>ngcCo1_*qGc)(?RJ z*=10fNQ6R7`DpSEh z_syXEyW8;P^@+&J- zB}YMh8%<8gayc2IlFh5%@4ydzfThE1$!t=&s-J0qbx&i8{LE?g7ENvN=FeoF3ZBO? z=j6?Kx+~Oo?V-g294@YfAaE4 z0)qd)bG|==Ljf>W8%Q{f@M^W8LG_R|S!c>UsrjR0EUhTnu#=Y-Rg#h$+npUC^9tJR z^ccnaN=TkJFAq486h7CUaIt52mxuQ!JfJFWLfiY^v+fYZ_>L%ehC%UtN zuqU|Or`Ga%q`q7UJ1}ZwrFPb^^5c)KbT41Q)4rS`kyu_vp*82t3H&xq_-Lw0dP?88uZJAZ_8i`KH^4=hO0Mja8!BS$5pZks@v4i=!g^O@6I zL@?e+X1PNTFsAK!=RQv`{9vhAwP7bDO(xT9j?#-l`|k3<((-Dx_CsS3;U={_%%pIy zh_$@ZS&;6rRXn&w*xn;Ls#baZPpYVW8D8U`m4>w#!cno?And@dNU}gSW8srB>b$X; ziz&wVI_#s^`<}zSjN*5(j7x{XXkO3QNOx4HkZ&l2W)V)S7WQX7=X&aQ8o8T&ny zIFpAvk%iIYfH!r`dNAdWWu~u%;6v0n-gih3(%cXUq%?{)yK;rlMZCew@H#i52qG3v zvdxnSO?o?;D4gs$H)d>Hu-;HA1=nCUwizeq{{TB(Ju^N}u?$AS7(!cH&qIjGlLa{kv*G>IY z=u{h0b>jy7>Mm;ATdI#Yjub!pP?Pmee{+4EdIR9CZq5k4?OCwz!)?gv57l%adX&0K zfdXzRNMRN@#WCdKRE}+Q8FI|@213#T<2hysBj>K?(R`LiP9q$|WY|JV9#)&*1zYK* zVWC=%iZ`BdapRin&e9Aw)>xwqDeAJOK!THuyaapJ zZ)@4*^Bw()Iwu}Y6X+g^^~BHm@Pl*4yQwJg@ZFf6T1y@OjCbG`WYzTzq5iNMOUAo_ z(2MF_;}gx zo->$mq+a>csMu50u>If8d*M&LGMXmT2qnSlVOv0hf<)?WI zf9ALOH!6BAV|%?@AEohxT_Bfi;Gb^{8Tz;Si5<|XQRLhH*W;%r`fi==^exM@_-S)Y zTPpzyUMP{Fa_T#R3=zvP8TPs!iJ( z62aPPg4w0zQf8|Whei?0J;OON%9|tH^K}0WBy!~Z8?P^t%zQy7#G{?#)Ac5D^JL(M zA$8IlYThGBB1_iM-YoBuYUGS z6UIu*BiQW9cuBdB*SfJKC6_$7jQ6vOx%y(om0z~JlLz-F^(uvg{R9$!Lh?tkS>6mW z%U!0Y%gViIz1>x^U~Ap0qtmt8(2&a@Q4zYCa@gFiE`|TLQDXmeaK1A+^fyK=aSz#S zb0*&k;sy?K<(Wj~x0b^ni>7g{;nt=kPA^TaS!cbMMs|PSPpXPA;86;LKsV>49hkpN zoUgUfL0xhIcu(c9ECL=j&wK+J38Bnc6+)r8zj@?i#=|TYF>wMC{ylE zPxRh!4wT!bgkLJ2Gm)Fh{u78h%^C!ddH(#2O@{YW$-|^WNP~kms_!RpZ3oTGpMtyG zZOUMf9a-G>`IzaB1YYSAv5>aBL#Cpf0;`k@w28(H1;Y_~#M`Rid*-bTaL~4#UBC20 z`nZ*xS1nXV1QKHaNTcFI#J#S?ds;QDA*8XHDlp!j&_QIq;)IRItrV9xF?-)baaL~k zT3&L%wn=uh(9*D4ydLmZV7#LQ$v!&~4k7F3NCOMf!ZCn15Y9fu9JKkIVL_Ym2r0w< z`>>9)D9mP9#|FC{Py(o)N$O_kr<4nsMDI$;zh{IxZw@_=%(W+Kz^$s1Y1=B&*HzZq zvoWv+l-u$P!dUd@^X}3G2(l9s`IfPZE?#L#b+915E(}d(7NGnc@qlJ=A=c?_9=#bz z#<*Ix4cRp*ioy)xLw|YNMIE+fJwEU< zkDUFTe0B~|#}Fw|i-(`HvTqBo*fz@<3M0ES4kMGWLIfb|Pr9U!?Yed$ES;NRXK*tL zANcJc%6LccHawJf^jKz7&!MIF^mW2blrmq9>+mbESjE|_yS)>-68~n3TOXR=aVn6higKarSgDZPcAn$;wD-jf-{mPKP=qPMvekoB1xMw z+`nB8Bg}A}(p6Ucc-=zZ+{bhcoo7f5-S)i+jV-Xz*cP`&jwucFIfXVyi#wJrNY7W7}) z!tAB4g0}^6#)xmW$VwOpPy^@ygt&{=tRp4I6{I#gus?`}F?9UqAPac!+tTYd_ZOvs z-d&AC$jn2V1#N@*At$t=N(czheS6QsNJJZ8qogElF>7aGJE|s>a;nWF!)pL{cCH#e zE3}j&KkLe|#U8lh4Au!+C3}ON%@lH0+{YmgR z4PV2C0Oh?b-0Cm4!WgYe-SYbfad_Oq@irbjukhU$A59q&${u>OhB_-#`oyG|p=3ML z5{wi*s<8LmzEUruv(6m_)gN-7&RjBgzQn!KUk{FuY^eqXv=ga=wB*i1PC6hP{C9cRKY>nA& zUH9xBp5>5G`fRaH2&EUb%6nR_WZLC2PznPF9xnea{V%2Y=};KuLr$tw1E&4JHwvI} zN#4*p3r^&KGYsdZSMcV*hU_IgqAakD3In1{a-G zo|PW}h0QjPW5?QeDQlYw0yEa>yzlbO+;%K{1V8pz`$ax?8fcJgXe+g@tZHCv%9bj7l<%J&UO#;g;&dni)D_?awZ%cEt9lhqt6g8 zBV8&^W9G3wGz)?}lznWKd%Y;UVPV6rp93kbcgdEa%GD;^ohl_ID?F4Uz8HSRSIL*i zNBPHJ;_@5=;GdaT4(;>#MYV0{6b<{auS6ae7En@63uxVz`mhc3yFVWn?tRri{(PzF zLSgejN8^BWNtX6C8fBS^pD83yV_-qssXMPQeG#-EA>#!S`ghkhln1pW*tTdmRa{^Z z$ts9=KP|Qh*`hISYipl((Ehr&pB)9gTKYeAS3uxP6c&HNnYhx8hmNq&e05D!3TXhQ zH{Q7hGSj7*Z`*KkPMXApnl~}$a`GFAOlr+`zKnQD_}dDEPBzfPrMxPJDSPM`olS?v zG`qe+8H5*N-{LIJZ7YS%*pC;(6Ljce2(>1?GSz{pb_C)&Gj4trYg84YnBWd_=B;Iq zt%);(UH?*Y#WYa!IEdDY{?vVzz;6QTUBd)YAI;nXTblYsQr!X1-=tM5YYhLa6rIAb z822Rr{M;;9y1++M(Cy=ix_D8c1GdeYnF(|1EQitER=BOAfQ=nBqRPH2zVCa{TqEX8 zH`GXoNld!?W+BxmZXI#A{9V=LL&Ijm^TO$}i;`7eSRTNP)i3$#LiR@X*JpUSeBnkc z-%NKc(|{Vh@T%A#f$*q^{ne}+aF088tN*D|P>nYe>5Zur*XlO>xK)yAZO0}}v^ zh+7kfIvjm3H^W>eh#IEL8y?XgugrN8^n&-oPyhC=iW%WRq3hDCB zs_I?teOXeZKa+doQ}msb(4VdrU%A%elE!Zbd(rY87s{JG&tD8V?hTUiD&$&!O^2Q} zB&r=(Ne1U*&);-Fv8pqT~-g>|Ain9YCMRKPGK;Qb@pxgPHX;rpSJxHU`y1!FMjP@Z-9CC=e z5^bYUBsn|JZe`^K`C5hh&X7`rniR#jJ*EDBTY5f(Tk=|G9M;khdYJ6SGS{;!HYtic z-3Lj`gTo!R6d^^lkyl@izuU|ew_8hWaWY>qUV@>qra9Kq$_Bmsct&m}Yfq;Meu$xhnQ6u$GuJTh5*wPE@!Pu_mAX7Leli-@GpZfIO~i59hJ zN!t-Wi|g|nI}$57q&^GHq-XAAAM~S(@8C5eJo1?=BJ3J+Y9rTcv?kMv##2pUbW$>u zCyTY{@w^$W{j>n5Tq7&`h3FIXnK|7O-_*MFXImQ-lNqS^1V&|?#JT>Gn=}Jo`njq- z+EqeVY+rQuu3}q;k<8xyUE$2nf~SH^ip9L)&+VG3X<&s9 zxit%8$(g`g{0uBQt?KE*hp{kV!F`g%sIB+M>OJjU{T)M(~AYeXBrewnHVdS5Bj73~xmXG*ckmN?xA(zii4#gU3p* zi#HoeT{X{dFG)fI;iY4ftztHcSoE!o$Nm+b_H8N(e`1Bh0)L^FmCM9Zm&okj)wFES zGUYS7`NV)f4IJ(FRSeD}0Hii#w3m4X@ub?K&{LG10JVQjlYd9|`NSgry-#db`yTp( z5?%)v?r{ra?`?o$aO-5NR7Yg&{vSe&vX6D~)gIeo#A4vmp(cTAYX4&7MBGX_Kc>%) z&GQ*GkB0Jp-b=o?jm>WAzj>N0LjKvl8jFk@H0{B0dDmfA+}Qu$mZAR%1_UhzBd%X> zRR;YT8wjkD5FLH1C;y`XXab;?(UK(otCkgE(Kogjmee?hKTm;@=erpMsPx*#M@e|ve}W|b8%}{^i<0?5{8#w(pQGiY zOuNCfuoj=fKbAvRCY3cotZq6fe+!kf5!6{G}N_gR#{3rqoH_!%(7Z$w1!iB`}v3 z9{%d0S-mSPS3O_ObVw^}Q@@L>t)EQ-?LZU{UnpMunaFMG<-{}cN2*O7x&vE^@{CFP z@{G?@U-q<<3RR?9n=ij8Y3mp#VUwb*pnM`Ce}0msb$+owL4qALxAPxIzoP=r8Ocj~ z_ofyZ=Otu1gWrjVpvXAK-!gC&;UYrMmfQGhj;&nH4e}c0?8iKqtHebBKFk7I(m1Be z6@UhNe6oVG+3ywDr1gk~X2-DoeG!#TqB4z3-7mjeKu_M61fbiBh+PV!wQytVx?O~Q zyxL)AZ4JL@P_)I9NU^S9HGO}nwT8v*uq4w^tduS2N=CzbsiB+!Q^ZU&&C{t;<6v>A z#@5%k>-B6uClAFzfs;oaH;w;Vv+SDe?zD{mtj<%=-3#z)8@)Xz>+8#OT+CcmT0cVo zk4WgpN`J#HWDkonV2Kt{6-gON)yrq{_93{!YYG<92PA zSi92F{tORF-(PD&8=xy54X|8n<)Muoc39f7XuaoYFsx}gIM2v`m_$%w#xuC)u1m8H zpD*~*@@aKnBU);oIca9p#SlZ-&~SOUBER`t%zn9w`<>&mpzal3=vlXDl5xDTg<*`^ zEn5nJFRQ88>$8jXY?-e0$M#N+i<0zfO{YWm5#N-DTk^TnteU_1fO|EoYjtGY6SMer zbK1@?<&t_y7dhp+iQMLyVBx2g?`0$E^NH9()jou3k{#oTb>%C?7W8$ z{@;T8@7^RBhzZw1H%*B$h&_l6c!#xid*y)$<-;*Ohu4hf$zqb_&wa)daYsi6NrNBD zjar2tP6M9sX3O=h*1)JiP}hZ$_|@v9)wQ?Ymwzqj)Kwi-t;c@^wMI`QQbC4DnYsBv z-O7CLOz(x&ZSn0l9L!kk`VH^m%oP}pWV?PQvtlyIsq8PZoZ(DH-CqRz z7Ia6vw)xzc7qeBV*KWb_9Gc)B-QVtgd62fA?7fHi7_ptecPYND-UqK4F&(I(&jsDb z5*?O&IAW@*Sj^I6(D_8}g?LKamHw8+Z5ODIJVu$jf5mX1Ps7)}+SZIFLNo+$`wFgijaN9dyk223 zNawsgGU>KJw0EmWkeG9#4|Dfp>YO4gLi~?Jap`22Dey=xK#3)kcf&#e5TgGxQu^$+nlY zv`>k(>J>Hxf<03#w2Gpe`!Z{#TNO3GG^`*q{rve_R3yQ2lVirHi0zNFf{ahhk2TW7jUueEVG!uj)h?5K}u}y_2 zkZR72sr^65`9Fx?o0K<8*D{WTXE}Cf^w%YWu5?JOLl%D*{=(9A>T3F{Y!Px88)BL;qXyuGXT)}>JfR=dcPk|(GyiiA*o(56Wx zd%U=!N5Z2mjf$3TZ+nzN@LgRio@*5Tm!5Xf&oZ!(VGK%5tnqkwXbbD5CCWA<3A1G+FWs*~!yrtP|Rx-(Tc4p9%tuLlI% z&}n&v`=4s+>DgZXxqOw2bLz8xOOg>3FjW{c+dD113vk#D|MHPRrnhE$2$sUxPUE|I zFc+pVBWr9%0mbFOqkz0R-0~aDGv3NKhJsMtbUnE7+;SdfoyZo7qfvCF@(#asdWvfj z9-CY^F>#(Eq!o+5T`R3B+j2cJwnT2ZH#7x25=scPq0*EQQo2=8{!HLGGs0Y$YhIr&PrP_TwT8$oqQOXwhI?Z?k0;>+ta&7vu2` z7YETUQhSfrPQmv?MrIgV-CGT1uZHMd>&kEa?R}N&pHUeWb{HP|YBPY!Qo>J8N4uHj z;kFoKJzHcHz5QwAxQp|sh4Ep%J%D6X`21Uy`9PxcR)T!E?o?sADkF;ax%25O5&-aF z;#=f;*~CtW6349u(^MgWIXA%v18MYNfa~aQ=Mh1HalfsXSu_FN#93QnTT}?_U~99C zcl0$vCd|WwbsKxjlyVKMpiY=CkU}@QpjA#KBw#6Q_^B<5{5rRF`)W&rw%juahHxtHEH1v*L~ zr5cP_yH%b6ot=o5tB7=sUFhgASmaeEXE11ZRGU@Ad!NM`Re3Tg%`BAX!IQbJDJ@$y{SsmAUTne;5e*S${s+}&1Lm|wzwY8JHnQs3sx19lb ze@xgtV+n0O%7_c3i@T`!4g6SOy^4M)aC^sz=TJ~k z&^;&%PkIdJU+i!iBd8`}T(tCvX$!aSw zv=nmERC&a4LyoJ|bFIewPujmwHO2Zd;(Ejz3$PCU#3E?6Y5s9=Bz9+=ZEeakQw<8+ z@>AGda{9PC)6!lZ^KGKpBYp3E`%^INg_!)B4ejN{9&g7i?`*xlccsk~oIh5~`>Oi( zZQR{FN9l6F|HG*M&B258pIrj=Gz$vXndztQbI+;55xMv8Atv3+zg?2ZbVmM^`YxQq z)49oy3Atl)DUsP(O%OJl$?GA;r73K~$%Z-9>7A8#HfS;;L6~O;qDXoaWMuXld74 z!w(-KwB7z-$Gg4JgeBB1;>B-D8rCta>7{~Bh1FXNALZ_17>l~#czavQZR=RdLf^Xz*FUcTQl<2z2k3v??iZZ)41BxDk(Fc3-0wrqc9DFG#4 z6*6Hnh#MpnAD=S^-BvAd2 zK!V3CNJWuQu~Tc7DL?bN$gNNwYEiBd>3P$KLZc&10aKoYXa(0`Yzqbt#_U!m_G8I- zK0IQj6k^ib_=VOKZ(>+kn&#o-@R8VID}t8_C8mkAQKLiJ(9zH;{{VBlZ-9L)G6f8L zy=e0aN6Zg20TK?>^?F>e!H zq&_x&L))2yd1B>yjSVp*({WHld+?JhHn>IEDD}HGWs=fq|2K}bRhurf3|Z^OOSMO%va6{t zTx>cTCK*;<0*sv6eh%e4!F!CPm+_Dw(3<}vY%uY&mgRTouY~pKTlJpso?(X)r|PY0 z#iZU`%_8@V^LWMH9#O0r%e%Qx!qesYxZ8G?795{Nw1`O3+9ny#s)~cFx6vM@uLy4$ zc%;%|gpQL^jxQ#lw%eD3eo+5}gx)CB7wd}}ZUh)jdCC{BG{!DIUw4+eR{V0h`=D=M z@lkizCa?1KP{n=BrN5LT17$Uy_6T1b5s^*yl#Ye%IqDgo&+NPM&vs?)W!i{aX-i>K zcxs*2&;GFGuWYZER|(*gSGzNZ!s!*J&GWH&;!D)Z!uiM62O@WV61cr}lK^N$3@0$A zS*==%`yaP@!X9qVrO?VT$~-Pe?7ez3sZR5iVReM%fiW6on_h3nCR&ECN9b|;=`#f4 zlcrQf#4^2LiVdqjcq3Do3ktRj59n(o7j_5q94t-B%|>#w?f2Nnz~5^Hb=x(?)O7W! zza@A)X^{$T^ndJsThhQSL5oZ`XmtqklUv0Mc_|!XP>mmTzqbWZw?8Gg2RQm@A9v>5vYCi_>Ze_$)>ea(~Yl6`&-1$1ck#!{f zJKgnvovGf-bV$FKr+cW?0tN<=2eYDTVFi$`a1)$U(9*0~Wbt<~%H0;eR%`x%a%7XQ znjkQ_4&QUVO{w_!y*XEZ&XER?9$GwA7*gqX37`=X2%Du*q`qW`dV4fgl#}pFSNFVY zQ%#g1-%|JY>D@DWtIu^qb8T(yq4?p=^}&G$kg`c~|_2dt5 zz1it8gRDEidrmAj3!2L9%%NAu^>8L|9qwdw9`l|uB5inB*$446&bR(I=)C>y_eUbH zP45xPv0kcFm*ogcu>DAuh=}OraFQ09LkE)z5@tUh)+*^p+?$tvx7*s}Kulc`JGkJy%B(3tM0RCEDs;xgdhivK^ZRL|ivz8x zkR-1!FEW?t8E_Y!L!R)8`K$=-nT4jV6kl~r?79vgBw!Gb5B5o@_q?79JZK(cY<6mg%_vByuClIh(e z`X1*w>!f29X4{{xnk5{5b@sks#S3U@H6}n%q;IJW&tb}SyW4bVn+fbClzX%dI9ej@Ni-37a`OgEqQ`ij?YcXpso4)}_h zR<8Z_(kb-m5p7MxN$6UEa3EpF(NzkAD8b<4mrkAoL=nWHv7 z9bU;U>SZ<9tQS(eenKm!7qPDm?YiQDU9ft4lLVY~mEncMhrY5N#>m^2e0OY`N~JmFkpx|uas5yY(;yNK z0KlF$;=()&`kXd)ViX!UtiC!^8m+Ph^cX4CYp(S=rI~WL_?<86oW{DqRYh%A0nd!( zuXO)#Y+pd+W{C@CC(t8q4XHAuGwe>P4&}dA04qC1|E%2A<{cqAD7de+Qk&9ouWI`C zMe2)`DmwwH-CPZKVSa)={UTlv0i2d_6_y)U?c)zi*#*f?H6ad_%cf7kJ!Hu{B)-g!@$p+qw+79~%2-WTdM$bvMk1SyB$vlQ(Ea1}$+kO}E_pontLpiz9; z|NOAfXS)3p%IUM%g~?6LtRvitfAK+~CdxlMU{!V7rLwb>c8S$bc9jA@G zp6vC?<95Ik&ocPH5Xj3rb%!COVmRFNVE8f!a)g(>>06Jfe1}U)+E(g;G z-*YuU>~yU_q>G7z?NUPwIGNLcOIx^=!`wQb@Qlyt2+P5Fk8wjkga3jGkbrP(ThuI- z>*wWQZ6K0}l=-J*dlOSNiOol<{eLjFZU+smz34~pX7~6(RptZ1d>qm6U+lVz8pXdf zi@gYn;Vc_*L00uQiY=Gy_tFP9*Ur{9RNp!T57JYO{X$+a!v;})?JuO%&*9VBML8fp z5WY=p_pv=sZxBfQb1eKX2KfKmU4IlqiX^JMv+|$A7yNM6En5af`7!J(~^zDcp+h(jjUXL8S*rKd2 zh5gO2kJMv)Qbv~M<{?w6Vq#bl59s)^gs}N)5TtH<^+!-JY(k!jk-(%dqJM5XYk}WA z<@9<=jZuFIk>?7#KaRtej~I8DY5wfBlOU-Bd}@O)-UTLlJkqysg1uiF{AoYV_~8{Pw2ojFg;@D57X4gK*Vrldo%MT2mF* zPBz;;Uj9o8!pifY%0mE0aJ9TOcaSOhaHH0{)P!~&8Du{v8jw2)*#^d1jLQvvf(_o| z4r`sjY7%J`w;bqA*xwMDVD}*Oa8i0@dde@No8bq(U;&P#9SS+;h~--vjnjErC=VU= z*0=_K<5ZyvPcSbqnT!NB2_N_+=5(Z-UwH!W3C2BU91J0a9pK`&7w7n!g{T&(lJ#c4 zrwOmnrb3(M@K86s3q5N1K3 z=ho2yw6(&bh4yeo8X4>=AF8}-gCdj5t83q-hoBT069k_LQK#XS3w@A@td1jhIK zrgFq-?)z~QULdeziczs+-wehzd}i6_af*u&1@t<gCBm;QRnX2U1wQ$c%Ws84DJb|h z;2~1(NQDSvR?<%a&YHka1Xbaw7~UTG&dE*2*>B9Y;TaPe-?Nle&6sH)sbJL4#P9k; zn%7Es!j}XxyzR$taI*T1nJNS4%N`6hvbk{0PKHY*?JP3E$}6ab87Xe+XZpb@n~ZU% zHyonI$H>M_QK?NrQx{|!$ha|>%vx4P02brKJM9&5Sga%JU9unj;pcUwVKwKtqS6lF zn_aF;-X#JkdoHBDF#R6#n<8QEs%x3!F z4(j@wnaYITE_8)*55^qd5<`g+>=#>`zfj?HaQCf~yxP&Jn;es~!M8bS3oHDF)WO3} z{Uo`IBp*vgwxYM{gNa@931{V`~@)lFgRUHX)y682e)V#@vH0!#skfH413) znHq{EGVzxUJ=l#h0pd?LRO>!-D<;CCj?4E^52uo({0}Ewcf++veUg6;Rm@`YlXwf& z1So>yDbJsLh*8tQxka+@j z#Kg;VbU)=5Y3)%ye3%u$&rP&Kx1VL%DlDgwmZ{WPgx!Vs{~1}zMW(FHz;=rrGs%*! zoM%%vfNB&Ry4wi==u<1_;{z#OaTf~yR4?oef%93U52<0O% zBUv#8y|4q=x%I_n$*wkVi`kC9IBSi4;`ornfrTX<7K@GmMC$L-XmxhR38mz5sr(BP zdO9qO`n^}*dwkU9arAjn(7y4XNi@kQ1S^WR*Fj0J!m<;{a^E}^Gbn#{($z1d8#1Ut zmd0(OmLtxmOxP5~NY<+X=^_0@!b-O#Ceg&ZwV%X`?9{T2CU+&pVp0{Nyg<{%)U9Ym zRs=56u3Uv%$fr&tESiz?f5}$C*X3MBt8NGjRGJF`j|D`*STu%FnUwSFvy~)^0h~X1 zsTaC0xakJ+dc4%`3V1yAgb#$T-&#qu4ngLy0sG3Pm*`9G6{2ZJj|(ej2HsL38@9C0 z+Q~Vg3O))GAcQ>wqjE@u__*`w@m{}Q=T3UpTojiZmct~426_h2RIU*VVMa!(dt8<2 z5;G76bKY|GyHYw?&M9BEM<>j;KlF&fTW{vqo@}!d;;X#8R=x~fcNuTb=pc~bkeeG9 zkgRXJ1>L|8NofdapEGul^g{gN_1ZP>xm0)Rl2~oHX=X+X)3V>3!#XGKa}U(qX6^*o zB|A=FR^qwH*oA{2&id$a= zn`P}ZIh%gJ6!B62lFITG!7argRJPi>E`AI_p=_fw zM>2~#m7+o)QLTFk4+)|XlfcvElLJUl2h6{DVRKp1Pu;(D-3z6as;=JSJfo7{&>%ja zqG){VhpiJ6m7`0{i3Sz{0Z1plbh-KM&pB)1EyvGIp(=;7Dic`bDdD%@1!!F*clTe~ zveGS=R<;xPKes$%J>M5eglQZ5^qAudS#0(lHa?A`GsF4#0}(!{kO9ns#e^u-lL&X8 zDE^TP!ZZidAD5IyL2fdM`5?Si!e?&aMe>s**Sg9`7#W-j-rPom0*uHGc+#CZWgCgc z`>^{#nO`-1?c+zd`RWQA4YBC_pH9;1ftOkOx!Cyem0qYkXnE3j$`@pQvJxF7`T}6O zeL|YoNRSv(FODzA6+-&vZ)6;6608xW+ioD-r0Yiw+OFm=J@?`mm@xu87;(!8SW8F9 zi+K|DY)ZAC{~}(6Dx}QPsB?)5DS8(Pug#^F;E+xN%&2x3zQt~AZc`Y;e)k~<7&IZ**tkle)Xhw!JnC}=j5@Ve30>7A~7tb{{roF~q z=`UP^_7f?dC;M+wSMfev#uXs6qvlQc$zM0MCDDG=AQE@6FT*|!U`#(6&g}L|TSBCo z?&dQnbV|{Lcu7&*zaM$j{!jB>??Km1oW$hs>#8pWLw1y8vdcWYE&608l!TAw<#1o! zi(};aV3oHQ$=I6G;aI%4Z%b8h5QG1==<@LS5$;c$p26>6E5iv8JPABpa|-NjNJC&D zFeLoRGIgJ%aa=g>?AtB!IG5RZ$0UDc7F=1G0DaMQ8)HJr;$ zGaI@Ewpv}*z006o5}hAtwAanu25BPme08khMsBi<$rUwERvR=mg7L0NNhwjCjK?|D z^D{Xei$9J8lZXM4lpK$wX!EVCr(`8N&F=4CbHekIhq`>hOj8W}pQ;!Ni#)6GR``ur za=e+>{x@i)1F`#g38kfcDklcMpZ^Srta*+^A;@Jg3p^%8zWv7f3tz~RbXr?{X)rY| zH^Z)x6_Tv-N8?Ur71(-_X)&6MxR8y*pW>#6ZNONa^Hr zRdt17<7ykZc#!&yg0*nBrL0Y{7-eX;&FUDYxdhLaAysvE*6N8VsPPC*;uw2GdJJKWPJ@w4JYu@zz2={qgottVYie z1qh5T^>C>&4I!6ZNkb< zr(l2gG-d3mbJCH!)7CF>7Et-=q*}D-f)sZ>MI|~@xasLP)o;np8JipV%=^z{uu&ne zyzj3{&hKzl~DY^ECXG}z*kta-2K`D%~S(*`Cde49rx#TuR~+siJ!zCfg`|p zPz1`@ts;GRUR(YY26xJ?sDo~v3YtYvBngd!rO`VvBI4;j5no2h(Rk|7anBP;2EpTc zbv*$1W7J1&T5C)hJafL)0nB%eD`i!qAwGp=G$T~p+yXRx`10tI6%PK>J9Jsdsu4yJ zu6LbsSd+wXu}5u91S6?*pIFUI)pe$AjRuhS>NSYLnV_nQ-W-LaXS+2xv^j5(0i9DK zZeST?1SNhxQs)faRAZgLq9cq&X%zA7MAa7K>w5Yv?2HMJ(vAmBwx>R%lP+~WC{Kb8 zBuHFviYk2Z-Rl}ZhLF24?4TloBAx$6w?Yw-_>JOeAq%4o_4d+=L84pQ3lFM*j3lWGy&|1bMuX%-^P}OB7X=C{~HR~*jfA9hlFZ1G{2ayCp znN|D-0bMHVQhPW%jna6vr-O;p>D~+PrOg~`U1miJm=FR04^1P>|U;&90_aJol?$ausr8>FJCNg#JMbkCrPBT4BqUqKz+j3ONNB30zYnv zb1cw^AmLdiHZozaon|ULEC_KZi!Hus{V*Lp+LMnNq5M*Es5j(0`;yL$C5^#H0l!#~ z{Lf+Thxx^PR~Cx~9&e=i1T;g?Lqba7Sx29pm=J?$>t6Hg2LF$!^QSm&L>P}KXwK{5 z9*MW6u{6f1IChYWba;UoD+4f3NIv!US8RQj_A#Ntb{_o`Ia4EZ=D8VuEa}en4D;B60hwjA>@fana#c}{H~>Eg$kUG# zSsi~;fd?S9kDE#J6T83E4nL)i?3OgEdKGH@V8otJ8>S3N_lnvcyeF=lF#w+^6Yd3j z0xSq;PZ8~i7_~dYHC*v{1eqgEQZkIpwLaHe2H7PP?&54H1E4qw%do|6ugtnQ;ayrQ zP1l&yq>!NRSMenIeA)hM&+FyuXG0ZS8n(Hksci8@WLDh0IkG%FQyl$zkmJlX%(Tvh z{AGb-Ub0Z9hokE^a(BN@CWkoF1)MVYh1EW;YJ1&ktZ~az0fd>}x)@1juSZQ}xFt#; z0_CK-H}Jh4uN_|_iVIbKOXh^M@a0#dGeK@lzF*j7gr@iK+QM#dhk3~fmhXzL#wGkW zJh8g!Oshq!F?jvf9@{6taRN(eU%#o5+EfLW`5`3bBSW0hery`nDhiymy-AaQ1y+ME z&^FK@oiCE={r1y+KJxjhc@>BJ4pKl7Ajsw48BTLVp>>@pP~_#UBHSnAq=yy=;l2S$ zPzI}*dol76F~ic@ri#?21<)v{ByNu~T0}Tde^(-=f12LI+^usRrb+K5PbNe7SFrnbFvQ?$NLnx-`a)>C|?4 zaI*A#y;Q|^P3VB9Lz@|lpE8Ub^27iPPY6T`=yeC(l47ezYy=4xy;&v{QgLsWBK|3Y zHyH2sXTacP8v@?oI{VsWStcc%&x=QlNFc@1_Pu2pINUh7161l7!Gn;%&5{VQ_tmdW zRjv&ZFx{92*n@GkJ^4I#Aa^nLX_7;U+_+z`jW@1-4*t#O=+@%*X5aO^=qKvR?S-i# z-S&y#VQ%X?Wbu$nCI6Cevp{i*e8z#$hrTw76=AkIEAQvZwWqP*H1bz%1x?;jyMlDCur zUp*XZx9APmW_Y(jwK%H>{r5!L21G|~J0vBbz!cZGOoo@ydv{Z#wi!)>g_BAjWhUCYcZ0u3sqDyF~sGMldM@SGJVgA z*Y($$R%bQ)XXCb9h8bSZLIYGEbTV9D^Kp9Cj^OGK3P=S`tkNxp`|>=yt*8THB9LC1 zMp?0En8Eki{#YztbO_^X_B`b6;8kX7uQ0bp_nJpLKsxRzbWueHx6!sYYa{cps@m|y zo2yK!lcUSx=OI=(gG2ZBupfWT31!EB<5u%vti?9+)TrwFFx7lmYYYBML1XdbKEBm~ zNEbBzr|V~iiUYQ?-IUh3Z%yQDF(jYWxWl@^$CUqtGz$b$50x^?|G1(KRL7e{3f{L! zG5E#RSPCf%459Gb-y_~2Jf{uwh@cpK^;W`Pb(fl!Gh3eQb)TR#>heF?B%`T4=mvU& zw~2}hpCJvTm5QW9x2rN+07_Q_H~2d5m{_^niE#Qg^^9-q+S+@z1Ljv+(6xhA4<`#ov^eNTrc!$TLbUM^YtRA@3LD7`3p z*C-#_Yx-JDq(jQI@=X_-i>N;={LAbab5SPoQS&*YWhw$O*96ahUrdX~h$Sr(3g^Oz zS#EF$A1^w7Pix1m3L5V9AoERrHf%tnUzlBjo3GR<#fVLlt&Pn- zs6h#Yu1TbYvo*nBAB&uHz6cj%f^(?RH0uF0kI-iAzkvZjVDZ=Dc^s7HZ>v za3}zaWQ4rdHuQ+OG%bSz&12hm=IUpAUoGCB4RMB@yNjPVG%lNNR6BQmjYn7jX(%A% z9#K+b&y#T6EkIMo)r5NnK(O)hY={FF_i0-V)>uChY$EsR#ht+C3=8xOF$Fiy+!`VM ztn*H$9ygL<>)wAI zs?ab7zH6JxF*wST2&o+fh5;j#v?^=jTkNL=A0qOn&%3q^n{_~%wqudM ztF-JeLBH1$|5y%_^>HHl#E4nQ^1cftyUp%WbEqSV?dQ;c@nY*p@ZzXIzTp4oenua#JP#qyAEV zvD|aqDZSh5(2M6Ve)iN@h41$Mj+0Ev>F*{+;o{HGXjtp@3dj!E4s$;5z}Hqs`AgoD zd(tv+&8ytF0-XW^*lhc>BWmn>1#YO|3X7k$ho%*C&Fr$-9i~}jk`*%1T>$n;taS51 zqMC0#rW~ZC^VL!e63d>CTd!kh^E}pPw2k=p&nZqo1~P+v2dAd8vT=KH#%ps}xKVQSu45&s>3x)Iw>;%74-g5^%+oV;WA(IUot$CGJ11#f63XUkWi~x=tq8c zu@7kTIP@Hj$0f#ViDys~Jrw}+5M|_2s%<&a08bwbGuw5#P4yG>ElkryOSz!eM=MJa zi)EphQt1l3izq=#?TAE(PqbCELaXn0@W(Pl1eTvO?xmaiPn5yZ6GsS98~YZosi;Ly zy??NfUndt-WA$VFE*V+Y$Zmx^Jm%FE`x~vqCx`jEPSK$gDFd3Whtoa^CrX{;$ST_( z4G;I10_5xNm7`+xPD$PWs>YdF^-6L6q=pG`-CCkhQe&AFm3 zC!H$+X(^6|MQXdAt-bqJWANvriG07>;(KFs z$q};okkVee*S9pM;ykm;uHl|~E(7EPXsfXUZbKKG53j^CqgP5kV}kRjh|WCxJtLt{ zrv*@@0to<)|LJ*72xGRlQ9(CLQULUMoXq(Lm9G@PIEUeTTnEjscQWk>r&t3xXYxkb zz&?gbSj@f3JGd8@YtB{GZ3sB<nZZ+6? z{jd7sx0DSshJzzIrB>9y7Ayy(J6CKUZdD3&XIf5pG^UdQoMKx*R$nSN>~ zv1ZRkaP0UMg%F93PJvRRHSz@RxR|JYCpnokT7p|1*Z7!t>z&T;ho*D*VrG}`;KI;1 zOnFN{ zen!aA?@QJ5^yit%V_sj~6aorl+$<1#8Vd`H2I=PaFO>G#=EMu~@(DujY3C&XTlS3y zQ~sx_HX=I^QlCgwMUARJ(kjqc{aP0^`ys{Wdf&oT$PpI4{)<*F9gWvbWHSxWx1A%cbca(myk6T94r< za&h;&%O>JhV;O{t5#K`H(lelD`TiwaNRf^A2*9$a^_#QDDV`vU6$e zBNWfLuXah+CghV#n=r(rk4wKRiFn~wZX#f`(B;g~bhoI(mU2Uulpb8eJS=}w{aM8e zWW(I2-(mQ&!5_%v7iC0FNk>OU_@&aJ7b!K7KPGj~>Wsi{uIJO0kHMF1lp>sC|1uBE z=b)c>qS=|vJ~XX|0UW2-)DOF|JXi5it$F`0*1xU&bbAedvJX%BpBbSiJv4t%PDr8~ z=NdB5PjKV+(M^nYbQ_@Idi~V%h;Un8RDo{^6H>T?KYl&S;zbB1;#Vt#?W~GGQqcm847ZA=H4GJV+;Z=1J(s2{~7bEf9%D#krl!ZPWmevp}CdDEV`6B z_xq+R8ncef)?UC7;r`f8g5iq_^U? ztn@rd!h9AFO{cP)h9rW#Uz70zVvABMq>fE+#5T@$g8~x=BQ3~E*`|px>nu6N!s^A~ zZe|_5_X(XtzW<<-D`NrL+(m9*PZFMT@F`$8BwUZ(^GAQj{B!GmWWUfk^ zEMAD)*p?~@sJIxy_&Ei_VLJY!(=sB5&#n-hvTl({8V&SJtbVzqQ%GbmQaR|4aNh_x ze!dpJR;X^TPNg_wQKGBdI5+fXk=Vi@1yT30vTVFv%lGZau&uO3QFFk|AfxUe9h$zs zYC}(4lzCA}c>9$E+y;YYgBQtOW3Ng;1>lAW+~>pjM4|*j>~k!Uf;EGF=&>bd>O`6+ ziWFnhcFqF2ycSykFsnzJ2)8;%afvwnHIc2sx%3P;@L@VfPu}*?;2gQQXW?hWidm?Y zBeh1znZmA3H}zpU+op*R)egXJp?*GFOX!zIXK1*-nD~fn{O^$yw`})7Bqu1-+xC zx+9;$xn#m!OR8Mr8e{2m>i;}fkNW`4{#kmS!N5v z&s3*@YCW%Yqt76|vXzc^L2Q4-qL(TCrn%*icDA-c*eH@-+$vFO{Iz>9TG7+xqXOGV zFn_jeQu{xAy=73GU6d`{xI=Jv3&BHh8clEu?i$=7XyZXb(BSUw?(W{WySuyIey6^< zHFLjtr~h<4Rb5^EJbm^#d+)XOTJBY)8ucbj;1SOAt6yt0#|WpA!+%m55n1)r>id@d zG@w#e@EWIZ{vOk@*|CAND)^Vfpf{5SIc=n$z5zK8VZe8;e>6_yff@W2a%7wdvhE-1 z4@8}>bZ*Czj~bpCoY~a^bO)}vIW@hS&&fKA3LonJvl$ijlC}$5DdYd2*Z*|+gUO&B zeIVMqBnOBzxe}I)*wj`=in47T+qW*%KJ18U2}aMi1(jONoWT zErnu~T;6o+($kzyp5*J!Wfr<@3siR1>dwz@lpKGxZbZz#)!Rr(t`whNlR9eXyr4gv zMk%;oq|=_-3l*7Wyyv4Yh3`Muz3<;={d~N#A4Q@M5|_gz6>}0GMsSf`9{bf$9Htt# zUuYE@`NEmdKxg(bl9XEyI;TN$5M9 zpEqWtRB3h{sUjMW#w@0&R5QVc(c2>pTNtJ@nXaDlE>yKi$ z5OoxI_nTeTG=DaBXIGGO?tg|Tf3#GkY6#tLIeR96*!vu}=xGOy83pUXGj?&0(M(nC zqfkAD z%Lj)5>NOLn}UWqL+OI>jvXnkQ}pJyE5`r!+SGg33>m_=8z0R*dv}4kr55dS)RLT3$;?)X_Ha+R7ijBD|?Em z%PsjZX7nJqZzp9WfHL!VzC`^DN+%7SwDE(88pOVMeViryFSI39C1o9AQY*w(%-I~w z9oXyP5;%OevpD11HAf?ruhgx4hb36giu)eEu)H*Fe`LcvAU&?rV``!ku|zbc!ouhGxx$>c+V z9cH;#D0Fc#-@VzWeV@LrE;(u4gi8G85>vxHKH0K}p{GMLpJ59KPbs#MT~%Z5`Ti?7 zu-W-|A@;jXzV1rc?X2oof5>yzT>TLYD2GW z?)K80TdUo^ZVm0Qdu_fIwO!ka0@~SL74Ps^uV~n?LllKkS6f_UAj9H*&3~vA!F$+T z+A{$rzu?hMT35=n8{&_plWfL+H|F7JS+N)|TOB!-9S#aw7aDe(LZ?OQaLyL>2tCi~zru%FX zj^Pfyt{!u6(k_U-;3eP?Z?4oiB}B!wDT3=mVMj_SK40XUo(+y`;_x}25F~%G#iD51 zS~$~7OF!24>x^fv0ERXW|=$;P)(PF{K@a7vT$6yq)^>c}bsO7e-UM>hj|X5@8*=kf+pUA{$J6+)(|GUu9!Gg|013uESk`CS z^IqD~G0Hn}>iY4sb`{YN3vPtIbh0d7 zWu8PHWH&>j`VR4zY&65NvIxhMn+NCmp850nvEB* zk2AdcLqczl7(-)8OyP3jS7mmd67&ysrAh7MlAutqH>M!M3S#&SHfHk{KEr z7OOkkga_rKVW12+WlJ4FH8z^lFani_OFr#RXS{`tCJHL6wbzOIe;`X}_lCusX)bS< zueV*H$ap)6bKFZZ8wq6vvO*X#`Jq=Pji^C?iosoqfo|Mga?l5^c$7rfv46|Qc{19eQvxCEzNyL zfJed2aN^=p7;T5-KH}LIO=K?7ap{y59aq&WKd+fT`@H?FHkR<~2KqM*A4%_6#7ZvU z0KE?_WG7_YQiB53%u>DMTVJk1ueupo54#y5Oh(~>_&K~ogrDL4{(qi=Jle|P?9=Oq z93S}g!oQKfO>oe%YvP02xGfQcKcCGnE{3#nPH53EkflF1A}C{YYftYzPrhGPIW$N8 z0(9W*!b9m@HFXMv1EL(*9lCv}FZgdQJ70~zM;;WKFV@H?If2TKXgpJdRym ziK^f+9c1ZNqAtO;%|Q5*bhR~4PegUg_Yr{SwK6 z4XC2|8ykvJGT`X$v}If+-YjmUkO4fFCTHNpIV>!!owc^5<)@{ewGU5^(r#{zUk$$x zj9PHeU>khG0i*#I*4Huk_|t#S#Dae5x87j6WzLSYoVP>fU{4$byVvV`7*F9km*EDO zRTh>*1s7W_a!MgXX2L*(JEfK}ZLZ^2g0bpTS?&96!olxQgqCRCmxOFN>vfk^4&YwD&GN}8O(@p zqyb%Zb*ftE$80V`i|_NAUp{}_tg?tsOe_Rvz+Fd9txF3rHE*!8W!VazgxqFv+wq7B zH*}e@w4ZQ%M&lajL;v%W*UdZRwmz6tR!mC)MAA|WToP*_HXxN-;Yj?$V9niYTnQKxZngVVl( zo99i_@DdCjm<`=1{M5{1g3f2|JO{MropXmaCm5M>QJ(#TW(+5*{*^PtT;=n|`)MG- zOrxAPVuPg_i|QXkhgakLB_>C)MHgogUv-md@Ry}kC}DvaxcC_zD%I816A|8zbFS?L z_XN{tL@j>y02!Bl#^+xsRH9JR77Az@AA1xZZ;nn659gjA4XpEwp|A&3K-wt}4^%6H zH+Gh`QSvvg=H@&nKd?N&C>cE)-&e9-aPSj8{?!QB2#(r;?MNfFvD8MW#8iv@pAV3K zP8DoDD40&{b`*>nc!Mhv8u;*j?>2V&&;$hl9gY_*CzmXir)f_CP~^qSMaG7HQzo)> zQH^eDo@LrhR@Kf>eze{&Qq%)|Iwx399+vwCxj0CILWGE(Syv&pM^@MBOhnB$>bIf^ zw?IA*rl8G|H4^L~#mC|jIGU~<7joYZB1i)!($YcD^rF<>`?(&j3JIb={HeR?{?8ONKcWsOT1cVWxkfrj}?U0f7$VJU#-X>6w_?&Jz)@4lu=ezJUd~Uzos6AHwT( zL)a#-_r~XqeIA}+u9`ww6Kcl!B=o#)I~<|2;dLDPRF7t5I{6W@>`S6DOsY_We(BX7 z{J5=sd$l`{0=-`Vo^1G9CysvbQ6wJw$${l%w)LUj=q75|1gIi%zKWdetP~;2>10;A z_K#BIJh&KA!b3Sww0g)$Bh%8Gee$(wt)-B)@$|$J5brVRd2+2qeUa=kMWCVfYWBF~ zsQu|Eo$LV%aU)J3tl8V*riW##!u0(D$2OxcEsa8pTN#bQhZu@&bg)SDvBhQA7)s37 zf1^q%#(rK(Z))kc8A>|0Y`{vn`sWPQ+B7_X{t}da*ry3Uv+vT5f6fp_uWL-lqao$d zARHiP8p;Am$80na>9l&6yW_bo)$yuGNmG+jLFhG?B|7sIA`YO72ZJ}?Nqv7vA3x+; z@eZ}2m)rXE#8_?Lbty)<>N=ubqBaZ%sAWpg>-Egv-Q67`e{-wwc;Z9RhM$E${3bxU zJLQxChMT)D%!!Ea06ySbSer+&`W(J9?Ccp;K3?ySU@LqbM0UGp)%y7dhti{y{Jceb zJRtZgT3I0`TQ|^h`+AR*fs>Q7*{jz9Fn6+@n5e-#u)Z!+UE}oQmcIn{_xj&!wpW?K zk$qa9U~^*NLz|S$$kaESz`$jby;Aq5=YIPw_oit>=3fsD>IFeTdv@6P%DMTb(%;-e zg1pDa#{<*qgyl|J(m6GOVX9gSEIvYqn&X#J+V%fiPQ{kpxe1iv%>Lz-Y>#X(Y_CAB zCqF0)tqaWtiyGS<BEDT`yaN>0<&I3a zocfsr^i#c(i%7c&db(Kr5H@k#;BD7hrQ-GMBZ4~eTt9BM-c#mXM!5xVq}<_l(uxh+ zF4upbE7#165@O*JIb~q8kKVCc_uppB!`r5V-^@PzPL4|oBdq%Ac&+g{*4=il^1>;FPeH@rybEzQ6C44C&hWYHL!&_sz`$Dg*JO*aMIV2 zEEUPU3_eMYsa=JHd-*v*zYatXHv|xef*q0~n z1}p9T@ibQM^&7EUX%m8niuVovr_nhdA#(ZW; z37(Iwk_;uMaesoO9B+AtqKVPK`aDQaj~z-m08;ULqtF6k-^UFd~p^_2|J{?0-Hx>F( z@c_<`Dw7`a4Z|kwYRoBDYyg`GxN3j|!LH^Dn)dV5pLtFqVfpbNZiwEh1kmxF(thZ| zusfuCiiHQZvBxEPy-n`Z zCjFyLL|18@F_-|J_(qLip+Y1nWLjZgkh_o2&?m_22hdE$L9Pud**{oGuLTCoFldPC zs{k)|Q>o@C0^Zd^?hF}}_icUHT49Vk$y9nk#9eg!P}8nCeN=8HY5^BG!eJyi-z zbTKe*9|)m#FEqbZEUW8zi#S$SS5@{&;5T?~9$C%0q*T(g0}Ej;Q;kVUmRG1Z4+aPT z?&5bE2-+1TB{3tcZHnGL`=l4*a>^L*Hjm4dz+RSHNmH-wN_@8Eo@WkBCChI12n1c4 zO0SaG_&CF`+9P&)m<+UE(GhJc?mpgvrPxd0_JcmRt;9cn{-{>Cu-GGZ`y=}s9(^Uw zT6I`)>Uiez_5L*AWV`i{^ZH%cW9<4q$_%DTf#WnD!YAobUKe=Us<$~q2qKi6g6^5&p(yT|T}f1Ni!vqlW|Y4nlZU}p;$Em?!kTJU7N!TYAFCNG+4WUqgjLJ9^d1N$u0O_+Oli0E(vazJ*P z(7U9YZU10>nfBKu{;K_b!i9#THS)M}y8!n;UUzq;s)N6@AcP zowQzv$A%{`{Ub>x)V6Etz9aNL1$1q&UZtr*>>I6KWL>Fg#F&Um?-583fg|&C6Ms2; zL)c~1e{JqI@IRV~RhcklBIi*!puVEjS^p}V#c$|N8KS_bJ z+beVPI=9aD%Q&xlqa9bqyUx#F*o|iwD$80n|5NYfKN>Qf&kP12Ku5-B7ta-j zjcwpZ;A@(y&lBLfRHdEqqed| zPx^EVvgWVzM-@LxKU)=6s1mIF0h$sPr=f6VZ&WRZMs2LL@bl8@it%E5Ot$<5#aEN) z$q0|yPwKRaC~ObK6ciN*ZBnBp83%7GQ&RO8V)QR)&_$RmeZUvhxejCU2rpc^Sr_!qsL=uNmQ&XFVe+2aE#9pc_wCDGxpN2pATinIwQh>e!xR!Hd1 zlbsJfSymTf4JqX;hWgM^oSn3#TK!oP*>5Xp6cm%$;s%3t{1G&vMx8SZEJCXkdPFTN zWeU`#8NMNuki@X|&6)sJ767|goc9Sf{Sm!gya!0YM&A2WAN|*Jb5#xp7P5g?O}0Zg zY;dwr%ANnyo55GeR!yz7P~cDwXv;ltxZfsU4I6R_iY18x>pJAEyuUay6c@&|4>MzZ z2&+t80H4RQsto?=7>gZLBu{!fCE{hl#g0gnAs3dE@_ zmqxR}FpWvazE#I*jMMQjFTsd>hlclhv}Sj~I1(lmiQukx+aKNIrv2@SF*=t6IYwdo>KV?4PH5L`= zJ-bPCsafMj1+Awl76k>H$;st;Y$n9x7>(vx@*KFhp{c9JGf-ID+U^vi!0DjQj$2Vv zW#cH$Qo!<`YbsUCU|~n&^3{w&g?*2pKQlY>Aa(5;Nz7UvICCBJvsghloEz1AdRk-_ z`rEMPDW>;y?uaA?vTMIIg-b(q9ru`sM-)tQfkrK$rIis9CRs;8M#gzjD)=NkGeE9S zH$dW4y3}b^(Uz@O1G@~7Ef1Xk8FNewmMniB1%9FPq`&_ zU>c@V0|IlXa(1fd<1Gp|4yR2sBZ+nw_tWRB&fZ6aY9nS6v>aLOx;0pOd7ci8e^!l5 zD+n>zbv)OL9wCswprqrX)B+jTbXXYIJd`7nfC^-~cfbEBZ;>H^g>kX6!r=REqxAc3 zYB|;h5j`E&?$G(5#C9l+OEMoH{2ZRvWR>7N(eARHUw&^_p^fyp3S zp%;-Qhsr(X9$8m_Y-*xelFrEo|0+FI)j*)!vVB^HXz?Y*m*a)iRTy8qpjW}j_^aVh zhXdTtN5S!t*YpeGBn%-2a|Pe}0u5Jlv^eCBfd+#X>+E)^0YrZ|VhAf2iDd*b}> z#X}g3n}JbNUgi5zys1=pA6dsi#!dk2!550Ui=EN&!Du1?>YX-nCq9%i(j9DBQCW0r zs(^2=EpzCmlcpeN{g-xJ10e@L*a5WXxb#MrgB{)_9PH=lyL~!QA=lDNo&m;FBv_d? zHBG$h#t^+ol1QR%(v6wG0G%C?#=hr^v~_oVXbHXTBn?wQI?RnrMPZ>5!I1HDj7G;? zJ$h1d0<*hv{@~mT^lRIWUd#IX8d_xxvn6AKu1k}^Wv_8`T3Ss4uLb zQ(`|WWIGQS7WhnfvR#x*HXiKA;s8PJzj; zc?zT{i+eZ6%_XVkkst93+3nRajK;tL2|w(lGusbP%W3wJ# zx2-2_Jyj6czg`eFO0wF}P73;DcKwKCpP^q#7@FV-QL?u2>+q^Aff5M*9_#Vrn&&k1 z889tI9LTo|Lx+%Mr=ccg!Rsx7*#xx@iHHBMiyvGA{ldIsw>3`s=(y^vKLEYR1L2C3 z57!=YT)yL{1!@M@2+q0u*BC=rg_N`8#X$b9@F?) zBs<^GxYv6!8)0gCYVkyPx*w{t6l;120hO!2>#L!rm;4V7bGr3MpK;zrImAAxpJy>r zg|SI-C>vO4ti95{t87R;*@2{R%MhVV(bPxY&2cYYq#r9tZe;XdHhJU4%(FnQTM^?w zUV5QB(*T|5G){L^W5H&6)OX6^{sT6QqP=JED?tEcm<>K=d!P8$Lk=3swcEi!4Y82Z zg1MPLWag;a!>_W3yklSi@SDAWds=1gOw_%ZqmZ)Qk6v7PBcUtJ++L%D#I|sKxCQWm zwb^K8@`-C0(*E|^cA#+|Ze+QT|+*e;bU1Rv)R?a>5 zUoi*(Yv~xiBuujlIrjm9^n;paX*o7pO^!`3phcftytVjMfDByB+5+_^^(UY88~; zG-@^U-M1ONAj^B#^`7Te-k07JR-h%RhBzu6Wa=c_*kNev-N3qHwc747fO5@lp`VR` z3gGux(Eq<{N7c6@4c=Fm^JMkEq%?j#5>O~mUJp070X7Wu@T)_D@>uV?755`~2|D>} ze@ED)%C#frmHaYGMti?Nj zg`cDDt}KRleGV3ezrOZpZ<)vPZd^w)f7rSYN#_{?zy3u+GBv~;q`13QVe71qv`iHg zvJbmE>xSV*smmP5NNL>obqB`3_OR>&!{W)Z>`Z!~?(aJdGl!g$UG!X6dXc#zn+t(l z(g*e@jSU*F4y;(lCvHR@SDnuIS=>54LvZbt$@N=3ge#1Gp0>Y-eNXVBLKWhYrfAN( zy3B`&!H_*=Z8F3--DP9xx083T?aIrmuYHcq?|ruwIaKmfBBrjR;N5-anEq>%ISI{x|*kLKOx`Kz=c-f;zLm+{ZK&-;XOV&AUX%U`b_o`Eo_p(m`k3sx^@ z#xKg}S64=>D2eYbPQW$y6=f^1jMTsmvK^e41$z+}Alr*ZVV9#q z=_)Hz&+FaerUB&r)XCdCc{B;O1A#EXN}^kt0*$TON1JE_5sb8g(?J}4g^o;d&E@$1TdHTx&@S`u5%ysayqgrP zfDfA%*+z6=*oke~4ea5$NHQ0@%uEXQZ1M|HRU=@?0|#c@Ym zYfzeVTXl}D>{oT=l9p(xQ6>kaydli6@fNW~@0`(5gm5IN7V+x-VI4`cPWo9y=JE?*5R3y~vjYdTYcO%|L9q;o(%>?h)p859DpDSJOweG!szTNYm?JdtgdXYL^ zpPxUs4{xyNPd0~*w^VrMT=UTK`UoAQnzct>X^w~oA|SN&E-!0)UTldXH$;%?UO?92J}$oRch(Vs~O8j=$PtGjAhL7wM-zpMXpg>L-M+1Z~a zl%67=$%R^c(bUlK4vex9n15F+PMOBgLq;a_(C#3YMiY=-?)IiRIXpg%0qE;5%$tV+ z-vSL^Tbf&bU~IKMKRs-CMQ$$&ya2kKVE3V+U;5UCgyG@g1=%b+{Vds!O`=YOi!63Y zP~le0iAdAZnkR+_mL*)y7lF_o!DJY<1({MJ4?z2qQ-hgP;JvV}XKU+i!@+C!Rt?az zY2W!Tih88x=YK6f|G6V{?0;^BjubeVd?+g6PiiN76J*q#q~{5GzLBq0lN)`4jGv^X z>0)7FeV#!~k<3VJYjQ1HZ1D4L$08#7#K~C)${;CN7f(k6nb+En&+q##h z7tT|(*>%$9@iyZa^O(}QA}i)5X7@K#>w68F_>n8^Wi477p0A!zb7}i?8Y^SNBrr6c6<4bI3zWAEbkUe@k8Nf66E-POM>VH)7yvsi>(++bL8)=D95hD$mj! zPTI4ICvGo!y5*{STcUlWBKiK^i%gZS2VChZnWCQtFTlrj( ze7fUynKPpOw>E0$X1OoaMvoV4*z}!K^&GiDG0eo}DyP*f_xFANfuQ9uWn95cOA&i= zKxuuwi`9E&vc4TB^ z;Nam8HIzT+kEZeKH?z};iTdZ^uZ_Y0g!BM{<;PUl*ogvrRe(g~uHH9JL0%#=fsROTo(-XN?yE@(e5I<^yEp$`Gj*Gfmm!E*LlH7^ z38X*^N5eu)Yg7!q+d?|!nJYqzjD(LD=+7OPR9u2S?mCwhPePcJbh zB>ikQUoHwf+dnRtpRh{0NB{QfRPC6XT`kJj!dLej@D+-HAq7Q5+&YGY) z?#p&nYvpem5B8`bgPqEWJkL_+jHnsCx2n;G2VZkm5^H5!&lTmDs~KIQZaek01#{Vw zycv>vxGM)@wq%i6YMY}hZ`c2woqsWB?YTvOh247TyhtSC-G6BjbMC5HBQ_4!x@!Gj zE73MwHb83w*`3V_0~;c^mv4O32zhda^qSPYnMaj+IDBLN#1J(aw7!;BR>Y&-k6e-&TsY)rM@A? zowrAHsmK_Sv4XzSXJ_)dOk$am2BR12Hv;r0TRt8n8<7Sh2m|hVRRsN{F(?m+HHpEQ zaf+dpQ97X+1D_rr++@B>Rq41~=3$YNGIOszP!A0bMlqH*DxJNo+RdoF91KMuSCa8V z>72jZp6?n^-<}n>~u2d+Q=1x8r=XHdJR>&J!<)ca7J`F)BybBtxH!>Uc%ml%`>^)D{ zX*R~7SFhK+iuK6=clT5_}wpdP-p++D#{da>kD< zl$eH?N~*fF6>U#{Ab=UP;#Wz-NtW9MY8)fY5CRIi})9^=Q-Q|OH!q|GhO zCVf}xAJkqy!NsCxorrs8(gnnQ1C$4>dA_w=MDM>q$)qHwR*s_j=!I2{N1Y&5=7^JE z^xQ!Oc=AJ;Ic+A%OvpV;g()cV8!r5`1E}G9Pq!E0wwWXqBHcgB%gDt*JlJHs-&`KS z)e<*4l*6M#qiV~{pBR+*nfzBTlS%nq2YJnWq>sD!o*&^pUhHn6TS`Zo3StxRrF$vD zrN{=!am2+ZNNboke*Gr?i6#5%W*sUfh9%F_TTNo!{u7p>yIQzXlOmJ(3}B4s0(%pQbvdnc>6ys znd&lwmfV6|3!x@wLe}${;K~&H1Qc56%e7GUpuMBSBC={`L6C*QN=BMudjWn1yD1M> zamgnV?Jn0_*r0LP*HN%{-n^ToC0)N-n~GZO5tRt3!S*-UlHh;OPPc_2OLaRFyA+wc z6hQx#nN$aEMd|>;ix{b!_x?ULJ)K*VBX)J=xC`yZEqJ$(bCfj=qaf|iCX?UUrP7H{ z@uxGv{x^UV@gjsRcrC1bVLt%{hu|#E*Du7r3r-4ES3U}Ky5GSxHYVqIY|}9KLcKR+ zCghZN;_td0F7zI<@|2SyX?unPhn9B{(RzEAG17;x1IxN)oLAPSYXs%;b~*9O5uzh7 zlDa4X06a=EXM)9e@F3IpUQe=cJjdL&Q5D{gC0clfn(pp|qWf#CMTj+^vx4!2xp=&g z@Ni{?!C6Fw*IwmF8ItyC{)s92Jivd{hWyxI98b15sv?18|v%O{KB^wq5FG!L&tRhlfmI$$s?Z?)K)vFM9AX;tEwLtN4o^7TO*so{D#|f&1U{bgAm8#N<0p(nKC-2iO)8Lm{v;i9Kj z;{d;hMjp8NlZwmeMq&SLf9K(p&&q8{i#|8`c6N4gl1x7>{7jjd!=uyx!lZ-*n_U3X z4==*t1J>(MLM_8+dCzzJCA3iKq4cbLaQ5Xo>F#?BZ~~AnZ*lmKA3r|Q zv|O~J7zho>un+47UztL)=|ZGheJM^aaAfCR)#mLq3T$}EvT~+3Cg-8ta_dd{IakaO zu3>^9qTRHz58@w*;1OqMW&muenZB$nEZ>WR1aML|SG80%^FJ`68)uW~wvL_ATx*wf(=e~}jHQWKEz!nMSd%r7uId>l)eH!S%jEhQ~K+Xq-NPMc4N$CENP zPTS5y{s?p#@(Zrbh#1$aU2nn{Q^nqyj9*dbKItb-)&q3420gd-_x3}&&T=l@Vu>hJ z;{w~(7Ut%{EybKVPHQ^?Ly}-vb2+uf7WZqqq+l;kF#o=Q`|fPQEXqTxg062F{J6^b zq^p7PO2u*;>n6wMMtoVyt%i+U_|n0PyM#0e#R2h%e$0!%C+}0@cBTF+^zEL4f{c3N zh*==E9!L=iXjpneHY4D0(U11E(K4uXZ*4VTu|%zn_IiI@nQiRN^W{SDC%x@pVot2 z`k*x=zGmu42JFGELm;T>^|ctx?qt1rewUMpYyJ<=$%YUpy(d_tB%MIQhsOocy2*gb z=h>8$o{(@6xx_+yhF3s9defGbp#$^3^7brCHOPly zAhHU$`1xn-<i7%N`X)4k6K1JzfI6YD?2=!HXG7m_c(ULN|%Arf?=W>hLRfbJ#iQk&&^Rd0up zv1+I_ua#?#PoJd45EwO<%gB<`7PON)qc%exOLNVr zBLf**b0j2YS=%prfPDItX8kc*!FLBlR`DGyCCp zX}k*yiLYsRxOzwx1a01`Z;)b<@W4)2`Wh|R2MHOx8?kf{Jjp+xG!A>|x);K(U2(5n z0CjODkuL66k2|0g7T${+ygfZz1@5n|uZV=rVOs+TiISK4C~2Pl%^*1}lk;CwAiyfE!Ru{vO%IEGL(Lpd_pIJ|%UJsHQ z*O^9egb?(mM`EA3YDjfFFDH6@64qB7Qg(KBK6%odjE#*=S0gqmM=O1q`Eq?dyE4V3 zTp$bA8tz|kc6@cL|0+uMFp_~o1n&07@YiK|dte^+JbN^|O@?#Zn-ELAH9)isiZeZM zhotIYhdSqDyrx?-p?GF(E{4=SQGb8Z$E8>ZL$(?oMWT@+bSbQ%7Y-J6QkHmg3sI1s zFh7ZM49TU4cbSNg5RH`YgIb3Q@YiAA@m<{#`OnO^fI)$Qz7M1q6!~QriP)lT3T-Wm z_&wW>tw=_%!VC%aAh_fqJj6&^JrLtU^tyjRufx0Sq}K>BsD9T$G=+N8Wbjqw{b?TI z$7VM+pls>~ivT=QI>D#-+l|olR#eqh^uexPE5grd_Py9@7d$qhA@iC<^vIQr7gWa7 zzE00UV1B{-L>+@~in14d=Oki8TlIBF&-}*c+AooY1BZ)+fmyOaLw)3d8m;jr5bWIe z+>-t)%gAKg_qvs;U!DQxyuRgmhy$aStCK3_lp%)<=V)NP`k1?&dJbsNV>4eN;Q2u; z3OFG|p=>&;gcz|0v*0`um(ecTLxYch?l0k7<8jlRfIZi|>j?3a*W7Eoa%|#e z!``HyhA8mS{=*A4%qRTA>*dO?60QF^)Jd_utj5eh&%p&|jhv z`TWcwRN+s)LikY`uwJ&eY*12l1 zCi4#Z?gZ{NgE{U4IYc_r(Z9Sdgd>5UeRja+#Ljtg7ldVCZWpKse$q`(Q%1y%I-gVy z5Rka3+IQdFN2_14iNu&`;FRC9>VKt4OG8})$Y_6ial)aS!SQqvVTqovLpQ;L-sy~} zR?=GYSyHWc1AdyC2I<&uDh0T#{6Tt?>WOI>H6FqtfOMum_B^wVTDz;Jbwjb}5OlUT zpOT*XYA|0kp3D@pt(3!%;m{vY1sxq(uCo3_ZoNlT8C2qLGv?yTOP4`VJo-*-b?`>1w6S3~rGke6A|UuWu4!!7SzR9vsyxQv7fuh-@1 zzkiYJ8ju4PPe14bP#fe&&qXcq1I(fB_OX=>2vjgB(M9M_i9PpR{gv+s?WBa8I{3FB!wZS5qRG6+rM64LvNAKPtV~WzixgDM!0e3oIr9{D z*)|)Gr8QTOWZLWEM#WCildd+mK>+;vn$-aV;Ql0=$8G+!Gqj*(5VC}Yub3J+aoBwR zfB1UqxVV~SYj_5CcXtT{4er4`KyVMif;$X05C{@1!GjYt$l&fIK!D)x?k+Pp-#q6$ z_k8!<_n!OL{taw;*t@%{s;gG5u(RkMCyzd;8Day}%+4Rk$(;4c3DISoc5b5*D zcE=+h@9f(>c=9sU>)@A1h|x6wr?yQq80vBH%b}BD^waA_(ox7CdAvHphLFd}7zr>rj;NI#t;I=l#T{H@W{q`wJ}1xJVK&8YgSlQejWu$lK&^J z5JfuJXn`WVY@EA`<|pTEvx0A*(sa>YUpp_<$-r1EQ0*2XNBb>lS9Y@l6=bIfPTb2U z4{9faL*hfQBtG&dG6EpUeXqkiX&S+wGf} zh`wyHhZgcW6QK-GKldnq^JaQ({O9N?5}=NLxk=n(!XzHW-MvAR7Q`YQ>UEv0&p{Lb z$9ihJJaAOrWSaOsX)kZ43aTdzBNLj8b=OcYh6o8vz~!bqAuF^`Yb@dQSewIlc*3-2`Q3b{x{f z(-}e$%nr5hEywHE#YHynzDV;yeV22`zHEnEn7=(SJp?K8ExnA`%a#bs^p~|*5dzZ} ztp^%uX%*s=`8oy@9GBKt$QJEbtF9!8&zn{0^h>teL2i3exB6&T=}s$+*ty%TzLguC z7g2dl@!EYpt!fvBZpA*XHvaB?2BBGgt44kK)c?E`=(B%5_*gsbPh!>!*SG+?EW8d3 zlvv278wZE}`Xz6mL{v#JX?ElPnr!HyeD^(ghksPu_&D4(r9mn8Y3*aMSDoVOSdd+r za+ESilMBO*RR0a(0-0C-vgmAM>7)Cq<)<_*2xscn&-e9#P{jKh;@hm^k4h44`5sla zK5}wlNlD2ADo0WQtB_!Ba`NfoSJ#WN?;xf+!5pWh=WkHy)^}OA!`s5UWOhytwR)&YLZu$o`mo%B-4mPC}IwyVvr@>%)W@a=w~>wJ~%tp~{U#J2L!DTwGZ!U`#R%0aYm^5V)oR&_O`z_yIH$PRGaGn?M$RZBTfB z=uXEUlEurpH}aL?HyD*gri_&nkpnQWKka~K?i&YVlB2U&59+3$yG(M0tEeo^CecOh zE|Xs3%i+26(pnOmbH;nUe@8QuNEbQFD+R1s!~t=DQYuL2b2Q%qKXKWZ^STMg26*?S zEIuEpviL0FA$Wv<7hy-RHgE-f6Yg} zs|c&BF2EXljkQ=?%Eyn^_i=Ew(^x5dE_b`1`6zMc{wM9K{k)6Yug!v3Zpx)^t}y9%!~0ee=VJ|51MSbzjHrFl4_;@4nIT0O0*j~ zdwDT;*)^v8aaa~Tr|Aa74sU+Y%wR6Cxy6zi{zbY(*;b6Y0^4JSualJ{)S1*;v90f2M-Px}k(QDV^6F414SM@$?NwC_KioaZF6&&$1P3yK3}-{I4f8@EHT?3HD=ZqaI|sgVjP)aE$cD|N11?!{%) z*pGQ`$WT3qys+oN8dIix#&W`(bMptvv22>#fWcZv78)Tyxi%cW@prx3f*bjU@&mw^ zTlwhof6v%Pgd>n3+*R$_I25o~1!E-moIO(!Sm2$we{C)-BsLQT8=vj12X(6H6shUE z&fwDRAZ$Lie%$6mmh3cI0hl@s+nKw;KgiVzV7}*(TG01E0 zf>=PW`I=WHPV-p%_Hdm-T)D&;b%K0mUA8w0Q`vH#M!(0ig%#Lxjn+y&&>kuph*%B2 zouh)mybeYW@ay=_$z&k+>9Z3wXjABNesP@~b=V#J&0RC~sTKge6`!FLbt9UgxsUGX z_|0@5uiyE#NkHi5wjZzgyEsA^o~=y%)YfZ-LHzm1r<7~I+CyOggiBG>IS*iz!)iI{ zp|pi+?ofNge1ouj(0?{HuQpJi08X!#F~yj<%E2)>r4!^* z75imZD`nRf%G>_&|BMQcjNys-`xoC_9o5^3uUwB z;T~#;|D@E!lZHrzl9AH2n=9~?M@PCJ_isg8CUsaE1op=o=sI zQYRLtnEJWIWn?(|kNuq--T?Q^=x~y+9Y5~cHuO?IbIEy+ww``pRBQm<3qlWpn6ne4-VEn?+`)OTbY zjZap4dg(nyL?(tTtkJ9~Fp1jTRbAGNnyMzOtT`AC@9>WaD-URf3fvuxpZQ$f#@{ak zf8}F}LtkLpv_a&l{I|(BxnoeIox~>%4%hu4vitlw%O(Ll?I4}DeXKl;M@-hpUG6)2;^GPs<|Ifd)i(ES&P)5XZ8#SH^GilAg!^CgX;VGJzilq+)18W{ zLz$z&WgO!`0o|9%lfY;~JYwccn_(gs2re#Y{qz)KQP$ZRoMRoh^>J-vPQtV2HGgoI z_r^71<&YxD)u!oQXiYpOuLLR0S*>le^L%!{2nGr&3@aYd#U)PJN2@3I*qCPb8iB|$$ntBdl$R<$95%Cq-H!h?8gRVa=*R4-Y zi#(?NpX0b};eauH6yxZ_Gg?cc$%ZWCjom{Ia{GP0rU>heS7AP*hroELdw<$^Rh$*Y zSN1SxP#A7B_rjH%c5rZx>#(2y{eZJ?8tfXH-y{>0CoQ27>kH}VkZi~9yvz;?db-Qn zOxay_BgVrk=|@Gm`!cF26@N?HvzqNhkOtLFPYTGqy1G)CDbTpR5E30D@PTK2wR~p$ zcSoo%jxI-)4D3oi4BWX_74t-q{Q__QtGwtee&Sm`9CB4$oeq?+R{hemUzm({XKDc z#b9oLyil&8fl^7P|B2rLuc5g9Qcp#8?IZB!I z7fFv{z(bTP(Fp;qG~sJ8QVRlYFHi3QSjVMlxL0uSo=jA9jCRv&V%X9A$5AsjQUGaN z#L7>kca^(T>$KhILss(zmN*ZK*d-ffu%qMS#DU1jycUt%Z?n~$JC@XGRFF5toS-)! z(vkR;u4tx3_Zr)u&qO;=(1_}tHSVbZ{q9+(<)n+fKFE?Zzj(Ogo9UuqE~j>>&-Xjm z2aksb8`(ZX3m-wZzDZK$LvJ#~ozJC$x7vMag|LGarF?sYgm6b&?alk=`rynn=i#Xz z{Eaae4tzhg`ptLJ8gYsG1I#w;_YEhoef4y7m=jsTmE5(zebCp}k99+GQA?6Qr+dZA z`%X#6W&h+Psc1)GnuAMHi|7ug9zsIL%_)v>jrrxG<}2(fez6h}da}*&F;HNG)T;$) zmn%80$bFyY>?^o{urPQ{nc9U+WaRjbV(8JPrL4NT`o#eyL?ys6Gy8CVf81kzecjHy zap`QCvY@%y@aZ}ySmj+nCebH(7Kqa(OgxbW%acmT_k!kr^Kt~I{EVz#-!IAneA7ZY{sS4sLAN5jN7Kgg`sIhHHI?b5DK zE7(_aCLNdaKt7g5Gdo(+DWRcZrX7CVr`qvJv~8yK&J?|rVwuUnq+L3Mc~$K4nr-@> zuGc8c7iGks{xi@1A3E!xdT;}?0-6*0r#%gED+kcOw)acV^nE}lKv05iX1JvItOn_% zNI+xSpbH!q5&oxNw}#b9Ik{5mGO5@(IFnXa9~GmbqGTfNLd|D;|EN-|k(;c}vE_Al z6A)5=rxSej3TwWFC;{(-p1!UsE7;9MEi?2bf=MX#>-Q%zCbMv;qa{8-PzyulZVlfE zlWuu>@?|wx_-eqo8tQc0E!6QB2f#&b&a)iB#%5u2p&wgx~x zG#xtP{abBl>^@mHNm+=_7-5j{${jGGq==u5H|6c^t>UOw-a{8!Fw-E|{wblD!nKXO zi=U5^>N;8nEElN&IBsCYksci{lz9!Dw;DtFpkRu2ic)i>mV!W?i! z(&ZgWlU-cNJI2Jv;7)cIGvzHM1%!^3xy|Y5cM_5ju+abH8L8$*ix%d(A{)WR!gCfo z8-c@A>ltFK^HDk4y&1ul-l7qGduZ;4a;P3yBtaWv1dM* zTKNnV%|)>uH*VGp5P^>G4$%aoK#5*nmpFh_ew3qlww8I-_3<2@?^%p27GGSQdW6(Tc>8lA-p+RhY9`t5s-f`Y4@rg$uA|TYcEG{k-;?dufb#2W`+@g9f4KF9=m$siex%`Fvd*KiR} z>l(-riiKd3S>@V#Qk3$4U&b!@)Y!$_>qQH8kzJiW_R#{R_J=5W6Qq7?IR&%R>(=TXt z8jlAQ6huebq>?^qqOP3^($I;Xtc!X`5VhIv)5S)xc~Vlr`-<6)KCFJO_CP{{M6F#{ zcDA{4t3>bo&u=WG_`t{vRi!d9ek-2^NAD*3(ju;Hi2w^p#mDFT$CbF}z32F|1UJzK zY3Txn7(P1=QewHS`iBFfbrR6d1->im)^pwXNj-c2I^!PaSuVdAZnH!56kW1=tN$bX z%7qtv8$$jL?RfHt=w8t|(&fSpTX#^QVsFNzzNPZ3wf-aWS|%|@)jTX9kE|#RCg%TT zA~B{aB;oo7nNlCwN1@1045-Z`^n0lXE6Ofa${{oM3=vO50YZ!4(7LQ6l_H0KFK@x~LR+GZ} zsUcl^6}lYE9Q?)_B5(@x)hZlmUX=|%k|-bs&XGv$>W3H*0G-rF%UftTHnx7e^D;t3 zz+-8M0Qj8XUjlaCZJSPoTfidc71=y(mVW@3Mud;Clz~-c2nirUFR*NFW{n+hmwV#} zc~e?{_w-EAAi?i$Nr*aF)urS1)9d|MN+CeUQHt_eB@5WtbK^HSb^k1&B1N}sReQAC zD&CYX%;lU+0JYR6~|m2iqf6t4(p!^U4DaFvZ;$rzq!C zyDdGj2E%D$W3NG(G|eF)iC1P+l+4Ux%oIjGvanB|L}R{}l1T;D*iRb0^f_s>;!z-Y zGir2w25+8Dq((NbbLNZ)R2VhydA>ee)r&=6pA(#kH|yaw@Ei-fZ|yn_tQW;&MH{x% zp=SrUSQ=8C+;9E5w08AjMKJ&z9QwAB5}k~-5YF)a^k5}X$CJ)Sy`PpPGly;n-_O8$Gb0_fYXPv=M8t?4GS4_0HtF5y~aG|2`@zR(CHGXVKtk$GvM2bW6lQ%+xj6T309M^h>G>{W*{( zuK#=HU^Ir|`Ai0%!<||>|1Mh0{;TG-HcV@H!)gt+lL5FvL!JmR)c8X`@(UBY*OVCo z4h=-dFQ^deaFha9*8v&tjD`E&S#9F8(;JXdj5Qoke#oaa@I@y-OY*Yo=Frypa5=+~OZC)Y2DSyL3pA%P zcn?w%<}3P4VwV5W3UuXt|0@|;%w56!k7EOsB!-=x7HbkajMF;5m<@K%oOysc>?QH+ z8#e}y0z|AduGjhm~$!feLg3E8n02ZLg$k$*bTS8IhtkLC0 z>UKw{64fu)zt%GabV;2s}1l&h6C>I}uyY@`cQN%#Ko|@k{yu zD|CQ-g#_F>*qPIGslT-FN`u3`-h=|Ia)QrAuETb&?=$v}=Nnr|&EkQ8zk4YJ}ZErP%c z5?0*&2H(8I8rwU6z>OY_Aj%pz+(qyQD#K~_Cekk?QyIYfuy;t2>gv~Et@^ukYl4Jv z|1W152|O&KdOh(*B`Y1e)5N}~3Z{s49dJRM8A&E8tNAM>y}58n+eh?YeUj%iXDBwL z`?NBT>&We`wAG)g`>RP8w;2Bzq^->nSmr<$FeLP3c{)lRxQ@ax$w|1)@};lsW4UW66sKM`#`KjC(AsPgQL0K>M)Si5oromw7tM#SFF42!t0PkaW@ zWC(CVu{ckBZ`M1l#6>I%6RXxf((GMB;q^Qw$47iR}*le`p_XJ#Rai;J5%e7Y&VpMr{@%nLR&Vju5@#&Ssd7sjD4 zth#~6B!iob`KtG}wsc6oV#_V1hJ-9 zT@Mbbh#>f<7kAbAy_9xm0KzXwS`*hHeCZ2hKRcgGgvm-{DC9wFI5mCs`eQuWMSNoZIYZ?n)c(^)C3 z(#($QI2MRVmBxm|_&M}dR4{;{lxbx{=LJL846bNT@lo-H z$M%gIoxx5cW4r7_>pk%XoMCx!NHdm^HC2|qVv%fMWWFk6E~o`1%dSSUX*jY`@yD7s z?~bs?PyTl6|I4KdsAFMg)rhEVm%+hXe7q@2?gIL6TPR4j@Ka*PI=u4}B@}7=ea0lT1V(QnqOiF$y z&Bfd1vMsLM?;A4cb5k?jQbNn&1a!ZDk!Eu^%ywWJ2+5`(DDZmn(yv}}i?epNU(SNC zLv%U7WQRAMOgpTZ410yFuEJfoA@+E14l>&M7aSa)6rnckFXzMa+ldIyg?sHt0Xqas z6O##E3r%jZj`M9eG_lhd1!(bT!k8D0C8%8MJiQ|P8>%GpZq}ntzJ^PL6v>Nm8-)Z5dXzmTTwpwNLG|b~vX|O3z&fjM{!|bIth}JDp`y?bRPwyAuy{}^R5}hrZ zg6uCjrVrAeMek5+*tz3Q46#RItzuj?vk^+CL z4$YT9Wic^o-`k&r@xN=VpS5uBMZ@f#cYHcZa|IRbb%K0cJmYMVlQ{#wS>+Y`zDL6cI* zF(K#qVz)){c3hE`vHy<*ft5#@`0do@MVI+=`E{D8SIYw?rjj5%0x-Gr6c;wo_lJ^L zjZkGZ@bonNST*8hj_-qVOH&xa()pqJplnmzqfFNF*si#c=sCPRj@c6})VrBwk@}ft zu9ylEfPYdu+TgOvbX$duUVO6BWgd+cdf?7TkN) zI?g12<}v83cUYOQ)p(~Jy<+R>f86??b9@o42s^-lrg(ru=Ra;DGyuLfoNd(~PYy*w zc!7uil~cW!mWb~U5?$c!HtDvB^oj%I_Uk84>w!5E-zB~n_Vo`0&;cgA`Reb|s&iP< z;?L|0ufL8am(cT17 zZf}jj>Z>lh4nhDwKF=tkoz1p04L7U%>^<9tq7z)e=&&#M#?S?1ZWC zC%F>iF3wQblWtXr8_3e##q6L=w_hU5{od=L%EZU@JX_6CtUYc&Z+NU>5t!o_vwI0F z3jj>)T@Sg|lLNXeOT@Yj1lmHfBv0`_#m33ltwduWyk#2bb30o37}3YHE?H9g%I8`| zt8`!rE9@qm%Rs#wqlCO!a7Xk0b&yj-2d)ZIU$zI$CZ*YU9b)E$+;ZAMwXG-6F|x~8 z09e2bW@0L0<&kyt;575vo;K3s@2Q#8%LeVROOL9F9F}_!<&qL@IoP=e$8dzYrO*

3RGuW; zHNOq0+1}aBaVi-05!!8*rWQt1&M!M~2mE$cOGsk0CXrfjZM970%Fm_+*2D+@(74g1 z_1iBbW$LtOrSiC{1`oCpXI5i#?XBCM{BH4DBw5zHY1$8r>+`a>&!%yTdk!E=lHS(wY3pww9@N9^Y)E%m4VGDEss*>ziAM_}P45+f4P{d! zkJs;Eq;{FX!F*N$=pJ%fJ}avPv!S=GVnjCFVLsflMTyoPp@1u|VmQHtL`ShpC?!*D zSQ%=<9oQ=&VL#vi(^98`R7MxYDpd*eS#pgO(Q!f{dU`{80U6Q75zA_SG$uY5IO#Ho z(q*~E%yPvsX(+&m>q0aKeQ)jjGaq_(+Fo+nx0G-P#_(Cbq}mhtm^b5z9@UzjPW59t zU)Q1`K}V!&5akn1>RY*bO0@a5^I^#uEb@sU}g8Z(_&m z!W%wZL~F0nK@-nAjh#I-HNW>(?X};UFqNXkwgo*J`A$C@YnavfvR#3aKas=EueAb2 z4-U46`A792OXf@7pShIQI$GPL>fftK3tNV&vV0iXvWp8xDM39RQaUmU4c*IYV^QFA(#fUQ8XpQ#Yp-u9X(_IQ)`Wm&r*6$BonvkFX!d2Jwk zgfmhRt_(YDd)L8cGF*PWi$SyhDeNt<9ypaqab4WcB~eBmC&9|9KVymO3c}*Q^1>kT z$754ekU!{HKVpQX=f?Vt=HLqtulL~%VOdtrV#P`|bd&Fn`1(k0GR5)J%J47}A4v<_ z9Z*sr;QF=kGl9eaLZkw6mQt&kzjdY@(lB{SXs_2LSIE;v4nl^*@yW?WC??2}&!v!$ zjZ*22J+S)hkw*CmkE0)_Cnqa0QPIxqM*}2-T^CmwKT-dOv@^VPvX<~y>Y0AIeMa~n zxo4c0$O8c3aZOwuQ0(}m%j1GBMuO2={VZ5QU>0#uH#J2`TcJoW`}X!7!_QKLnAV4j z(RZ3lh5(_Ab#+quKVZ(5U^WYPJc}N}cnJpE>=4&}kGKRyT7Lx~N;@%ntO1E7!MdV{ zf7zIhGf%=jE}XacgN;H;!10i|j`VNWQ8g?vF{cI3=KW6@0*;)(L%4*@_7}yRi3=j5 z?<*Zf-gIDxP9~sH`#-frDtTCt5Be3ENW<0@LayuRCOX>yM`Z5NT+P7mF<)w}Q3dH0%37aJ7{Ly}? zr@tLUJwG+dS^TYiUPux01ai}Lmn`m`Fqj>%f+4S9R<6`ziK>+P`&8J#sJvZYMAMW0 znx^IX)Vq=)EdK4_iqyk7cSowL@^6#-%XT0C7Na@<&UwI`7;%%_k8PL^RhSAc*kv>p z*?F|h&qMrcLJ~YZkk30mlv=VVA1&-@z}kg_wjqKau9Wo{LCtAVz@|EFO{=qE6lLaV zQP6^ZR#5^pajC&knO3`E{!%&xyg)pCFp!k4+idZ2Kx+Rcwso-Fnsbd0fERU6mzpz9 zJusRW!@UmmoZkCq)0rxEqA(#cGz=YDEc;(+|2Qmi<^VVa?Tb?jxee6o9Vb$>l^(f@ zt;R=+HK7{dx@PJd+2=gmhzM>Z;D6ImKN{;*IqDC7N>nG~A1b%m5PZ3IAB$wJZ+`+r z4T+QcPE*kAKBR75Ewyrqnqxb)DcT_$sDffH4|_XC_z3PKWQmz%h?zY8<{-Jdd0alQ zaQmS+6&fsgS?+N)Y|{iGz#dtdlv}$H*PNv?&1ZYFLwbLg?Q?RAFmP*@`is=QawA?` z-_dfI$kDKos}>)O_NE=C3EQ9dxq@M6-LxsP9SW7#?x<%hw$0ZP={~pcMs!^L%6Pb~ z!aXlgCTurduswl(#Xh?JLo*Lw%9+J(r>ntWhN~fQdGV@@s~PjQ6HI4r*SfM?_RX%! zL$9aV&f7vy@>Bn0bN^%PlwufBmCvWTwTEz0Gsjgp`+wjUC61R0hV35&957c3&xVsL zq%rlB;)NVBATV^hSJ>vfO-m0>Usb68#*F1 z&k#`te>Vw&XkZj>JP5O0~nuhL47<@ZXTgzFR}gOxck$Cc0{-6bvC9X zfQsQD;Z?J4GBFMsa4yLkVWD6E1)*|Gq>B*#2grzIa8+M98+nk zH#t7k()bpOO8Agtq)jCe^=Lx|vRU-^GP5<_z^+3oJi>Eh-TDEYedqV)wjn=RF1Sfp z-v<&_x6OUS@U7P#G=eI=WKZ9;pz=i-7}5Fg!NM^L`ijLptv&t{S#q4#Ad_L9oZARs zQe9tUlfE#2TcTKJQfpJ;buedUpDJcxefmO(1I(lR&)l__Bb{ShZF}#;U~QO31jpA{b%E!Fq>dGiblT1JU@HFyg!^+BXlq}e z`|-4~HlJo`%VN{$Teb=h$U`>H=hc*)>m<$UXE!aaFYOl#95EUm#kHQsoBn3;q(nug z47DQhJ8&xA81*rRh-r{u0jkS@RDJTZ`7#aiRGzv{w^>_+WWz$ z`hm!}>dUQw%00G6htb(rk=p@A+}r$w4CkjGS-w3{f}klovGtpA?`VdN`Ol4Yavn7w z1LPVc?vEzDcb7YP^Y>yPvBFCAU@88R(4Jd8F)P`KG^%R#X3~! zVZ5Lfu!kVu^GBPA^*+CWXpIh|#yGW7(p&}UH7UjfRS}vogU>DoL$W?sU3WB|FH4nZCW)r~e>K#Jxhq)TV<{aNp96ad8P*y~X(j{tldm7R8AY7#IT@8OR3n+LwB z?&DQD=8Le80EHursv=u_!&n$+Ju81ZhAyG>MfJC5x`Qslmn#Xm`yT{ek;i*TJPP;o z9-jj^sl6(KWoS{AF_9xuOCMKm=go?i5ZO+qco)B4Ki*+Ltx|h+W%}NNx4UR6b(Hvr z>AlX8Ra!{xy_zvd0|>UaPtUf*gd|p; z?j=@p>xNw>$UG92ip&+M<*c)3g^V^Xd6u2-iW_2LRd(Echo1G~E_Q_=n&3hgtmWoD z+gSCry_>YvNTtQ-81l{+826}r=rHO4jad}7Rhn#p+p@GNNe6u{TfJe(h?fHTY@BQc zEuN+M=cHt%N#nj90dAG~m*bEehVQL*ZYZ0-6nBRjtKLbEBHZdU0HWGUi$^kTP}#rI zrU~mjzQxpoPDu{V$eXO4~ zFn`HuS>6ki>I&hOCJ{@+<+ytCJ1AvEat2#~2#O5) zRk9lV&-AX6Bo+yV76W7J&b>G1kU`kI|F_#V zW@5=vr>p~kSrI4(SGMs6W~8@XA~gmHsqB9R0__ICrL?TOl#=Qk2K;l(ZgZ90vAVDNy9YJ*nl|k?^tIB(BKo5ONk%mAUTH@JD&tbRrBU-*ae@^xK6K5vELkige=}~d+lNk~9J}GJ zVMz}+Pbt)J%&VFzVe)(u)R9=DU1Oc@<*J+{@%~Oc8gefZANbq5Lx&YeuW%WpdiVY9 zM6`FL#`~inPO&NxY8PGZU0kEO&Fd>6u6!Du_9dv#57UM5rYLA3byw=WR)vIfWYBm= zV=Q)kKUhHdn7NT#_e#+4RTl%wf|_?Bv??$axMn{Yh!1#^!Ztfu&;9bT9lAhvf4Tbf zj`^EDB~eKE@2~SiWOdJ1GT%s@h?R35h@am{7VcsXsP5NOZ|tw)OHT4y{mw$9n&g&D zxfj=dHK?~+DDb4TE)H{(TG+i~I<}zQP1MvTrA&OecjRq1KEOXij*ifx1_$|wLk?)_qgV$=P-ix{Yg)}URL#Q zb^@(>?XWK7^WK9u9WHlAley*@aC1iM`z%xeYgg|#`2Q;;oy!M2cc1`P@)fDV5%Q$r z9wY3pOBI9-&mVBgp()x&{?|{sBIJNi1Gq}So0u`lmVDGV367rERJN|nWr$UX6bTyN z8VKyx14LOQE>$6H8>Z|DVlNIFjJ~u|Cpimf;>QBWPKE|k{BN==MSdy?yiI)~7~Aj+ zeRD9ePVvW56o$XwSmyKTLDD8C$3D>(`$uNEM%{CX_ zK{f5efS(988F}f9i>q%TKG}(1B~)oZy)iGNG9TwhEu> z2`-o(XiKskWP6FR=#b+D+7UO7W4DJ_nTkLswZ-w}Q5AvY?O!3^RawUR@+xF2+;KXyBBOuoia&(rRN$Fj* z;(a(Z>7p@7n=KogoYd6Xaug@n=t3`?O1?RL6s77YZwU{lH8Ty>bw)&v|KaCkwS zPJ>RC=Pxr3x1s4CCg#D?XGeiO4=b;=eUQk7V98=lnH>$Hrj45|RzEzKK!7PEE zRDW-fVh#Y+_kvN0<&`RKB3~&Cre_UIniWk-|4Rw`2med59_W7_?XR)*Lrim8c^a>U zasKUWIHyWP7k?(1pz6!*M`8K*v;1pY{`5I(}eBtL&;PNCDY+>1zUC|Y^FNG;&AG~>-(egdetua_J6Z_x3`Tsqm1~($?a|b@3 z1by%PuV-09WFM=tlr^sZklefc37g_BsNMJ&mmOShzsce-Q4j?e)}5Pym_JvRX6n3{ zt5~>|*6aI|*R_%hX8Amk<+AW*6O&ockkPo_c~Qw?M;^%IPTI$|+ z^~fNniQ=D+^Y2gl_ouTbV)#rv)qfWI+mk;1!2lP4S-^z{zouut8{?w3!O>cEEU_5| zy$a-L-nDOwEx#)?_@2Kru6Z9-@3c50=s5R=8>whHnM42Xdgo8ZDW5MhmJQ&;Lh*C3 zt+LT^iKetD$a#*J%5R9 zr-eH@)>p|>L5w+?{v7Xj$RS4UgQTT(cH{3-+g-f%W=&`jcTS5FPGO?YtD5Fw{+d&m z|HpLQSYRLlo-FQuE&sj6pB0e1l;kcoGDLbSpO?J6=kg*J52nj1{4PlvoR>xAZ!0|j z$xvQocf8wsc$By>=VnzQ+X`)P{zymsJSjj&eD;y{;QDBOQbz4p4~7F%mmCx0HTb*q zQtTa)ja!^Qfw=naJ}FsWV3*m!D}peyj(5$A^VPD7QlnlNv-U%Wvj_$qi1pf(=yWbm zl@4MrrZ#Q=d=sFd$2QpzL-uD!m-7hH+GcQ=&o9*CmRFvw*cIA-=utQz2>BBzXUI)pQyFgZly1l!dTZUc{vbv zS_iPImhuU(3n$U2^3C@s*0^Y`pDEU)HE#8;(ACoeWxWa}!?oI+=Udr|u($io-5?4% zp|sbq90dJYMyVl>CE^cU;Ie zt&!J+Q|aM+xV3&0N&1q0cJLs;E;T_CEXF zequEd>O%{H6F`Zv21SLDa}AftNo;g?`TdYg0d~0Hx*S<-=o%ZkB_e5sy0VpPZlJO}X>Y z#2iPzNT02R0?t9LhqIkkw9hw+&_na*L9X^YcjG#{FVtRB$ zt2j!KRWNY-Ee=a1=FnRJ2O&CMowI)U@-Z8(Zj-EU;$)lU7f1XjW2lR2jZd&IM;@6U zGIR47Gx{jM*|+QQ7=C#(_2MN_7wI?qCwFQ}4T)R0dPK)}{Kt4rAelbIFv~u26@#c) zGF|hA|8nZl*vV2AA@}eqt3xS?y=o$&G0xzjT zYOLZUXGX*?9bGsODeiXlVK(xB0+P^#PsBXh`A<|I&?){*KMD+`80yq3-vj7#)t3=? z*dYdM3HD#|Ur`D;zi$U!H_U`ue=bn0wxEKIOC2L7!L@Kc*k*ZE#!~qeShCI*k&d{| z^)`LpArWaqC@Or-bhYuV@CgfaeXzZTLWW%T0>YNM+;vf3880gw@-4sl*9yyMd+G|#4kWJaOIA29jsNv zqP#(KH9gGY{ncL1CbN-_kp3T2b+2&d8W@qffg%k|394YZTe~QbmK3kKV;@jk$#8Qh z#Wa_cp|>IUwO&ZIsWr=5kgkQgsi~;hp269yf)Vo0NX`w<&$b)Fs9OC= z#rEcRlE|!5;Zh_E%GSA;5Ov#T?~Z<`?AEwsJR7b@WWvP#RmC^|*o9fjZ3lfcl1GVt zHT9}v(ENfJ-UBbU+=oYDoV|1`O7kdALc)b6&GO%unx+nmZ-%ti!2R$^A?JIGby`R| za_@H;p^20BEvF&Vj?sSM=k)*OL{woG@&wpw7AgI&6WlBdox{EBM64f)08$pU0QR?q zhAivrH^jx?1GMAWdGf-~Y*ilH*g->K-WyEzW@I5&;9Ztb7+UE=n`US104k#mH&@p3 z$Ad76z0IaPly33Hvgt#0J~T)RYDpI;KU758LykGEv?GG)$shfQVmxeGtrDbT^D8)T z+~UOG$qr7$r_^U-vr$cOOLsy_yJquNwzj;&L6p>@&D8~A-{N-FdKMYdlzhj^yB*lY z=2GLfhzL6DLe5`ornwU+)|#+x4-LvCpXFs%9WfXQjhOFq*LWW?f)oXGRg?w3UJ=3lyL=JLMxgx$C6Zt;FO{Ji7h-95f;oBob2qBuh_MNQpol&*>E;apeymM+0`4#lb_ZJE5 zDwsk&t2LTv+-v@sAe5|Q-E7eL8V4ez>(jikY2f6>P_kma=9w+f32zV7}BYE}NfJk;Mx7Yi?Y;jT6slxt-V+Fbn7<_ zm4$h|!#V{Oeyysw#QF-)P7lJ>LhIY``+E2Vi~eB7_@w!6M(dw}4Yk(w8F%%OrSVapvoL5~c%r~yx$35c9Uw}Fehi@}Smo4s7%mj}aRp)fX^T+LzUd-O$ zP1}m`m^{i^gf9EePC|OSWLZyb+fE^p6h{it5Ypoz+neW zdabgTz49+PXj?CEdh@+iv-c;<+q^J4w308hcI-}7VDuOdapO>-UeKzMw#5P+H7R4rxd^;~1jMIjGy|}n=BTl(I(({?G$imL^D&n7V5V9pK zI6$ig&ROE;0p;bH9D%njmvjpcL+S%DR28@8W`4S60B~Au)5ea4Gv&)GG)-FVtk!PD zyDf}gBgtK(GT+U(T}NFusp@Zo!i`UI-9=R{EqFoVuTl32}CMa^M zxP19*>52B{Txagk>S@}tFTx{d<<8l4@#@^Mk0WuVR@l2PxADW)wTzQ;O&fdzH}>Pnrby`En#5zSGeVZD&i>|n=ZMMk zBNZ|>7k3KXVbfot?FT<{qP-j>&3mGNEkporo4p>evAtwCSs@SEsj7~ovyFw8W;OW{52#W|g&W*^nK01XTZa^IaU zjmVd_s&NRJ;`2!V{M&Gfw2IeydEeIbo&)hy9W4(WYE%14oi|^mR*N=C{+c|bU|v3? z!>pPDC-Ym=y;VU4L~LpSRSc}Xo|%eez&iO%g@RQzmb`Djl;6%Zay?jR9CwIfd;jbE z<5TpUJ=9t4(@n1jvbH^hBgBp`%lp18^YeG{U9Y(!d0}D(oPiaZ2nHwWcUtcazGDIg zqoo6KyOtTP0+w+54Qr3*^6afwVmvDtqz>f;;wiy?2twDBD(h9mpmrML&XNC(NU+3c zb42pV+1sK;4WiRtHlI+oz{!ULL=}BF=H;%o&4k2RrW9LliQxONle#FsGkQ6j^AOY* z2rda{@Rj$)osR79ke5MuUi7}#-VwjW(w!d3=y?OVeBh&@5d1}JNvewttd#CKsnr^q zK62H*1d1K1Rb1L6jN$fG<8pFm3^dtu{Hod%(3fHZ;0N01n`29Z>49T?(E;I&gg(QT zIAztgnEvU@B2qGWolJqkIwtP#y9vi?OJ5bng7%JFtFGH{oje?;kX0Zg5iM61UXImmvMBw}Epi&Zme z!{28pL!xU_6>ddpVqztrFmM{sgsHw)8epOFTWh#9TPB?9=Lu z^TB-qSa}!vuM;bEEs=$7*R$y&KTivS%EC3uEG;cy8ox?RjbAiz5;fxb!}^2Wzd^IT z^>{!VwdlUQ;b=ZnVz#SHMRcvtcclZnmzWCUQ#Lp-NTpBsx>u>m!ElGaK7{BO;34?n zg$fto!7_*6C2a)zshYXz3I+cQ;B$aJxk0VZ)e#yMh78u+zxg4COMn-gihR%$V!kOd zhbyA~W>EkmqhJR*Lj8B1VwbK0CbER~Ye#*d^y)p22I(ULPb4*-jHDf`5g$f_Y)j^;(+=_-I=a6y&Qplu z2K}!yzvkwDjlQgc($d~gw=8uqZ8u@b6V%ikKag~uR$a5xn?!}a`%0?1`9cMX4{f1z z8F9%|cFSyql0F8O2__2Sd`DKp7aw}R4-k&mPq7TCz5gsl5HUfrQXQC9jjx+db1)`5 zl5KsgIIr4%aN{C?z%(e$@YXyDX(SatectDkR!IX4I*GD=r$nqAw7wyV$bE{GUO1Sq zhn_L)ar1cEJAS0D=34>3B9s0`N=L1);8H{Zbe19fA73=j*Ys4P2o}KHs9Pw zSZ_FOjgAfN9V$+q6zJxh>Pk~9*QaC>9OkTgJ+xbW(8rKONEx%9WL-msyh;^~wV_^1 zvI^>e<@C zxkx|ws{TFt%>&Q?ZPb8$;+SZi?a*`Y>Yfor`%LM2lS&|y0p=QSslh^*;i?-q+kBr1G; zN}YbdZRf<$nl!~z1?kKvzSF8ov;8Qqnq6XtBu_hiP5GPTc0df5#F+3`jCfv!!W`O@ z$0PHolZ z2a9IXuQ5rzN=x^fmWk9=G#ravB#nu5Nkl0qTxP1VQoY_>(jWcY+3-1X=+u~`FnSDp z{b~ChWr~I`wfEl^FqL9VKeDoazPd|yYCy%ck`y34eG3m zAsTQ?tL?QuqX92y@Udo(>W6obP{o6Cc~e5DQ-@p7_=|-$F=JLqkG^x@0A+$mI*9eS ze|c=zOQWb7zJL4bGNR0GCC=fzi|#v>uiI82O*pK7TG(oJ4AVvO?P+hz^TP+gXP8ZC z>q59izjw6Me0I<%TjsMrl8RcdAeJs!R)QMHY#^Mf`LoH0i?N)4uegc&{(R()z5DOq zL``6A#2cSw!V(c&Z~PqGj=J-&IJB~@GZ*M z-CPX*p{dVNM7M`tz-n^HQRr4R?pwNIwY^70aKCM9y5!4nhnO@K&m|SQCDE4MfGFRbW6RG3SpbE5hNMwH+AhJA2=e?N&<$>iD>AeCI$nm4b9z zQ2#B+N~xLo+V{GfVFfiLcffR0+6;uw2={m|Q3O~d*JFP)D<_H#n}R#p&X?z+u23fw4H@{D zRpXw@%`JZYE9k`nWk%w3R^-n2X(pDCQD+jU_QtU1in{qM8GFmJIr(c^FBwh8lDV%R zzGMpnJHeB4)%F*yds6=EQykUbwHUQQ>PQsrR(Fpzen+?XmM?JJ&}6!EH6YJlLEYf% zp32Z{5E{GeJMa=k#;{-M=ad=*b_OhFcP3N4_NCGk;Mu1qv|Z7Pm^?yrBI)tY9oLgW`}KLIO{91k$o<$~@!AeS?A73>hNL`O1e> zA&JYa_P9=~3|>d*k;2NIcqh#1Q&_L)*p$#60HBJ@+0U#{t!$|kJJtDNzp~`>lS~Ul zu(wZ?J_M0i=4QK?@~j$awe*YKZ;v0l@YJ%TAds5^3nvAa0KMF(aRs*!PTc zKG4(K2Ie`0=1=PI=+78$^Of|QN%^b>r9tY6hln>k^V%sgI?n~ya7l*JdKr)An)vKK zM4_f(m#c#=x#P-8mxo~~rsWpRsQuEUfSSia5GV?%)P9UTn^@Rg|4IVODezMk#Q%vg zL;)YnO-P0%rC9Vc%tfRRSu@Deq~jg)EEPA?PUHs?NUu*tzO**PcCk0aC5-!p7(Nvf zeZr0F{3^*DUZEcX5c{N&1i_He=xXqJ zvgr)lf2|TVeM;*8mbp+2q~~hEo6+emRyVLYW%afYnI082u?}uSSTu8BY*(g4@yz+f zny&O18fICb@RomtI%r^E!&!9PDE|1&qLU&uzUN$GxttK}Dq{3}?HcH0_&o}Z#XIp9 zQ`vapFE6GmZ8garWx&h;WYQ{cguuk3n3Q&;fhOBNAzs>dT^gxQr~v^N-vB(9u&QR6>?nk8BLD$qW6hSbA~ z2cQGWt>^JL;m}eGJkm&#rdh*(xxHM+Xzkx2;de58L{&kaOHrqva-GHi>E(ER!CU~W zr~Xc}L*n!apidCl(KZT>hka!G3wc5u3WCA_}tAtEvRVtYLUZ5 zEh%yO-j%)rBd5TcxqZ^hpm3z+{`Wy5pP}BRV?9(C={eMIV-8VYJCr2_zVo9ua59G` z1b&%w&$?HMBj_C1tYve8*@dkzSAsJQ4QhvKb0CV-Wz7dCp&waD7?zJdz!&5|C?UBg z1|6oB-g!v20My*(96Z<~Uo$sW)@&lX4kF~=Rwi7N&K0=sAGAyWWV22e{8Gx@=k93S zwGLX+pla-w1{Ca-YOr5Df9@fd7jz%N0p;;Jn}AhJF5XH!tLE`LcV^nwXiDqe4T@j4-lO0jc)by2@G$T#WxNI-jg7VLT` zDfMDA`h%~w2{1Uq@iKLi5q_NylHO?BA5A)NrZnze{Vw$V;Q{|t8!6Z$L*qaArN0HI ze*)3M|D+YqzxFdItnv|n6c0L1r~D$P%Iq=(!V8N1hIhdI6IDEB`V(9*Qpg;U)h=QR z_)+IHr3V}r5^)X7^9Vg4dP36D_d@xa>+CX0 zG`Ml5h|XX}{ayGjJwoml7}2&2*w-|(ov3AWO`UcPxYFeudITJgqZ_`yaDgQbt}iCh z(9;hN#-FsJ7#^5%7O3hcE6!6))7QtW|-%zckKIasOZFPCtr4y{|WFu|>Q8)o% zteV^RG9ueaKgA9tgPyeM0G*x>9;hIU8cI>Iq{q>;X|T0m_j*OrK(>NM>>E22kr|ix ztAIg~rc;kL_l$NA>JAw${-*|Chxf1+&*gg&w8^{`Po5*2YIjRAeL|Lvq?`4(Jx(km z8nvV-Uc91S(T-P@%}f6&`oZt81G}J$un&ICrT&%fH$@GPY_e*kYsT-J`{gOT*vi_+ zHVzdd)ie95`>BXhZBvVq%A9orqOpAF`@~k+4Lj_%=t0F@W+_>Z<)!BUlReSFAGa>K zooFkJjjDh3b_KOFeI$vFl}-I@4c=ykxVe;_b}bAl%vF)1td{tcXJ5doerahBPHKKF zRi29$f2}B7YF5@wgmW2PQIT|goYf_Dxq2IV9>3_Z`wWFTm)hgFx=d=t>1YkA2DU8B~e^@?TwC=uia)NZMfUsu5)?A+8(}A z!z&e}!o2-7(#6hYm%de(>F0-DaOd_83seUW-mj6%cZjCkQfkMh^E}Y`B?Gv{lIl$D zg5mZO^Q5<^EdI*nbY#2H@yr?@iF|r#y8lJN_mBqUIHc|U>vPxsfZ$aZa!tlV35~;} z+bWZ*?Ge8t*t0ZfC>QG;<7CJ){{(i~N1)gObXm)4rt;G~QgDQHfioE@_4FK>SrgDq z-9$j{gI+V6&So-UW+@Zv+?eU$tm=9x^XwarD+;bv0bwUYjgI3VeYk8F`L7G$fX(0X z37DnXH)V0*2dtJ~M&HsB_ttzlIA=51J}0UJyt3F~l1hNbj<71-A5S?^-y(W115s#U zVIn&L+6?MBGsHAxn140|aV!_=1uNU_y=b#?{8O1@aC=#fJi`cP}zRK8xF!i0#bIj+0>U(aWtIS`-zXZe>Z?n-{f(x>&Re%!Rp zzql@5TKVd&C^{I8b_{ua_`j!<0Z;ydGVTUeJS@?-G39IL2qp#~$$4_3&^hfWz#%!% zMp=b>pT%5c^dp4m#}nd#hqQJ~*E4%>5|TBC>kbf*TTh7kG66RMU%{zABkws+MYf7n zJ1AoEmUyprC)jH#+DTo84dmKzi{-5lFCz8@P0Qs8Bf3zW3Q$AYIP-RwfVxa)tywQ?xr zU%ynQLv%}KiX+|><`ZaxS;#ejJvlak$f<&o@3AErOv{+^ogm-Vnxrjsmm5sdaII>L znkM>T?Q?{!_!H)AQq*ffczEZJ1_<7fCG%sCspb1xHlKwXM5!lx)IL`uyEZ;eaQCIJ zL0QDM&)!AaXP0Bj{s>}*#=i(|y9#rv&7Zc&ynRTFzOVFlD{WZ<;9K!5L(&r7ocByL z&2icAUH~EBUtuS4({GcoYfW)}&NJ6K187i`%PczG845Fh5Yy9rCQcn2oL^vlb(5Zc zvDz95$W}zz)xB}ds*FPSZn~exa#iNfGrFCZuoWtFFi}gQw!R}z?qq%yp4CPHZ1}<6 zVH@S}r*lXU+2AxoX!T^?vQ)lKmGjjuGg&*~y{UlOQev;~z>&FSXg{SMABn342PK!! z4*Oobp_-cdSeL98MG`sovGS;TLIbb)+;fMl;_I;4?Qarar8i|I4aQXgJ4Xc34~O7r zoQ^2$^+Wtl-e4FZ_Hv}gRwg}EeP=W&3d@-5cu_a2VwpWcCJ_1KLd@?t)&J)neF;{A z!T7AR6$lm+UiJB#g@`EzTqRxuj2PdG{x^e5_`%Og5y-9AE2) z*A-2lCuy!#5zad#8NGPrV@(6NzLAoIs61Q%eeyO4qiwp?V2xVw>AYOdc}sk ziQZL2`Q(r{6bD zzIoTz@rNa(>D76rhcl?N`5>p&#tJkP-6zsIGG3;8KpGPVrg3lVr=kuPi5!g<(U_-D zFX)t84PK)sOCq)jAf4MH37Pn>lxocu5%s9ltXQw5IsRB2K{ek+M0xNwj| zRg$<2kt)-x7_VOLWuX2?upIU}K?{yhDKu~PK3Hx41iJO-$^PWh0mlu%dWQCyM+j-} zHmHdg{qg{}?JrAKFz8$y-zoF)p-S;2BeW5{UYCw}Mxdre(~+5c{Y~L~irHd!9~D|H z%F21Nw|-F9B*@u|LQoer)?)%m0={!mjME)PPd z))l@@j*`c`AnTBqW3ZSMRxjPa1UKng^lzN@*S_TFQ-E41)qb~-N-rj?wt=sOUC;QE zfhe5Ul!eaU|30#}90jLs{c0_ys4VPQS})+lUXTh3_EsP+Y+TC`&0c=0qyQRm(L>)< z9y!}xz%=$Y25unIMzozAaUG1BlQZ@^_7Tw8m=pX{uU%));*+z5RK)Ct(V5?Uf=33; zZuB$4b*KBw|9P7GKmQsg;Al%i8UzjcA7x_i899IiOl}bp?oXCkQJF5(XyAH*P^%}X zrbuoee7~bS-Nir2m^)nn^(S%Bk+GuHtsgV*XSurs#irZ$WfbhC4m8}cwzMI9>}a2K zB7m>W=GJ#jP|g-yFU8smgh&rEsV@(Pqj5D2ImKaSU|zXkA1cT%dNAHL7EjW>^YCp_+WpWu-~xNzi3k&deet?-EZ;;8hj0&GE(4u$ zkDR|RaNz)CA%tC#eS>hLzURKp6YXsh0%(&fe*RzBKIQqW@az9mYxSW-U#fn>F+1HC zmRZW`ng`_cIZ^+wi~o0%`;RH<>w^7U$ehVqiO`h(=!=_0!<*xcuG5>Iw) zi#@HTg2zPm4GJcduh!)Bg`ByYmjx%M=ibjdY1HRRP6W;e{q&x&H{qVi_@H+%J1(P4 z^L^Z6Z)k55!+@1q?Ddu>dTkQH1a zwf_}pi*f6PiPhV`P>#ibHQ~Cq!^|OFUeg3GYi;b!{tYAB;i%5eWYnb6)hkz$FV*(x zAvyuKp)2;|r~K1Djh%PLN}GXCaVc>6n}Y$b?E_=w3I<&p6+bK40ldGK+q=4Lhvhu? zz;>a<1gn7Yyu0n&Rt2DGz&BX^F-&AN{R&j`}SrMzxmFaD~ z7TTt~wi??wo#QNJQR$KQOd!pTo0|Dm)Y+1UtFt>?v988=Sy~1nLcu8PQLs?!nWWSF zlDkf3>5ZUiSw)Y3`7!=dIjH&Bd@b(-T-Z?2Gn@xudDj**>H4i=|6qouLY>b7HPMv2Vh$-1RoI|4du``Lgi056Rh*up zv3^ySgt7V#t>(AW&A7Q_VJl8^dKNg5K-v zrsj5D2?*yDG1EuTC!Qq1dfhmcpwx{{lg;FO$LJ^4;zciB{Emso*B|rl6k2YWytVEs z39jw%`H)|_2P;Vu=a8DulbsiQX)nUzIr$LPyS!j~buk8+|E|ey=W~hNpN3h2W+ME4 z+ZOJN*2c*x2C%0iYMt#Fp~024E^`CXN(Us^^?jxKmO4L0J%Er4&#N09W3Y%S6zJw6C?R^Kz9RE`VvLT0!x<2rmwobyGfelTehCNHcF zx5gF>0IAq*jvv)77ms!mmIozW7HsnD@|-+ty{4qML_1PX7r=M-2Ake&8|KBkI!%SX z7bfio{;6qwyq(xWTsfhcJYsa*j6QTwKWJO;vDn}L;y$;Afx3z=RK6ePJzu|nZopdrB}Wn#ttaR<5CBPbU{gT1Mu!$Iu;Z~ zSaUQjQ_;UGc|Q5zd)Mr|MvAol^b5}%`Nj6uotgXS^dQ`|`OAxw+!GJ7qIMW1ktbcY zgCA`7tmH-{$zdfQaPfS5w(@Jc4VeZ)H{t%X#q!IZ#Y2h$i+_o7m*iHJ1+fporhTf4i%WK=3XM6GCvMO4~D z-`5eRZHEddkh=ba{}9O>e;iX5Crrb7pWN?z=E(WcT1%jEU-+iw7N?)?7%Ph$%8MoN zly9DZ^b3_+W(59;h0GEn8H%nCaI?8Yv7wu|9I(>L>E|Qrkn1GOqQz!!39uZhBvaC1 zZTzdKXN;IJs75zUd@Rd|i02zwCeaWVb7f1*0y#NmmOMlZFq)hXwIeLJt^Et^)dD*A z%oy2Rl!(FKr}jpHy55eYI5JxMemM|)7g*M`^$4ViI~_tg+848@v~go2HyPyi9G6-e zEq(DCbvrd;B#;DzIXo2Z0c`Qio4XjdX;fbP3&eglC^bjO%(HEsl3Zc^EUB?3{U=k+ zr7tEcLzNl#Ip*2}-mQ(EeY-Y*QM#N@wRfmj?pRp?pC_9+MV;5yX#cA}*&0O0p-`~Z zhvG7;Kbc8L?Ie-ui;?Na2ALNZr2ba)RBLqZjj8c8FK@>T1~|s8d+pdMH2L_9N@4nP z2ph+)`vEM}F4|Ac!jGwK7G;5xiR_f1)8CqY@qzYvEU;s4)Ba8CYN?(muPgS+;7qm; zD;*iHQ=Ysxq-=Y%K`*Bkq?Wsz8aY4)yEV1kW*w}tW4+>;AXD}Hkm-S}GKk9B_jh-l z2^dp5(>q&~P`m&Kp$}ZSHQDnTTU1XxQrHUof-5)XoG$L1G`#c9%65XFCwm5ygzI7E zG{=OD!)D9;;wxqiMTno*H^RoywHmRr5{4H^WtQ|e<`KQ^t5lZ{Pxgft#r4nQdvn82cuB z0E~XORqc%;+-0|$Zcd)G(`Pc2qURGt*y^R-R|b(ozw0;e6TAlv$s4}m%6@_x*NEei z$VJwm-@?%N)HC+Vh+C|t#-{%Fm_|u_qOXFG60k65E74#3Gf3 zvSyz0rgQ0AylrdT)n)P8JM!L0wwJrUYc$%s|Jr)dE;558)9P-)<2NhE>w|loDihvU z4(@P)9okHiE#MHahN;UjKjZh==Zt$q9=|@T(f=k3*s}>Eje-Tumr_ARVOxeFd9_p+ zLg(VvcCl}HP5eGN#9=!q5G%upJH|7FGoC`&FNic1=tE|QMH*JP+BjBzH5_2h zL|I2($?fl_+r{m67!vCRmRz5gjGR4~363e96ti=2rB6`s8@HeuKLMc_z{T;23N;Ry zIbG6#yQF}KWv*~VZ;Pjuai_I!`nAyfvR#alqG>cg<_j9D)fJP6^Ms;2qPRk-X=C1e z12nukcF%sTr?~x`tO(+Kkmij^HXp5+lYj$jSdtMi7kKYA0~eC8}AXnEAnexq3x z{NuC1Mn5F@n44P_r7En$8T+Hvn_B*m6FX>qU@RU;T@TSiMEm z@Y`?68Vu@JD3Pr-+kN3o1)cWf%0tCFN_a{+9Z#4$G)U2#;Y-En+Cg)0zBj|Xy%MPO zV2~?>T50b(#EQoV@F3wm2k7*@cP@k0=!mk0I5EtR`T+-UQ|KCy6DkCVvII;LEEDtS z;6qD}8G?6ce7%H@) z4tBbKIMmX!+3bKPj&ANlTGY7MP5jg)7&p)}Vs1PfFH0(Gr%ra9oav${Y21p@yT9st zWu6?|dtjBr=TQF?*=<(+vpE9=Mic+mVEDG6I#o$h*ztpeE00vt4Lql zAGvi_#eG)en~8~uvommUaMQT z_j!E?Td;J~&J!0=XXP&_fN!`wgV9)P0ud>{+3vW~uHyY8(*thRs<4h)=V;Sve_N== zehR$acD~xSm+$1fF|<9cefFdn*VjcY3kWu*?XSOTLxM1~e<}At#}o4ku~n(rx)J2p z5>4af?r7T<2fBcU$@EKeb6>z6OA``@rno{3BbqYBH6yxr184>i zb?iQ&4~f2N`T1m#uq)Y=y+hmo4`Cm0&v2(`un5QN%HBcIHV38Vll-1E(iC=)JI$}V zwa~-8?4TE(xFD4w-N*{dH&VgtkF9OS>fM!~Nx6@%RR!T#tj~OiBp>O$g$sKG=LW8L zZC_rX{@jK%mZ~q~SFp(z1r48&sq~aC6J$N_dh=)ED%}_8pLznxf~L^ zI=%jyK{LiJr8AB9I2~j`{#lXFLdgdw(X{!jP4^QK%85Yu`9}0BU5-)jB_vrNqwi2W zdCcljKx}b}T|@?zg6Jwsap|6nhVOchaQ zo+Wj~m-lg3dFVOj`lxVnA(3R^L-L01dV&)2eQe4&0fn+~e^Ggv`sC>N_#$%2YArL- zXY$d-<*8%b*-5l;g0PT&hbG@(;tb&sh#TaNeHyGt5KMN~*dQ@(OWAqzS{6fjM{7Oj z*^vi}{%%$UD^b7xRs{ck-2Qix8PJrI3*1HfFAfuBP6}|d7*C7T;;)J#>KhG5R9&=( zAb^oQ0r(61eHRrgu9r_qDYo9YKST8{a_W!gfM8wM3bd$t6d>Q4J93Oj(B68N3G_82X0i2 z+B36Tp0+sE zkn{~-Zp?=Kw{l}%4Y^_tlt-(%LF?>__YRlAuzGbY%%^n)S>tF#H#gq}B{qn~#Sfq< zLak=IUx3G1m|YL!`|vN#Yd>(RYpuYS4|&c?aO$L9cjN#;gC`%VQBBrDLN;mV>L(ke z3)FY!4}Wuu8=H{-I) zH*hL+*;shesEUv{l<98lg$68OPPcbG>1||O5#o^eW$W)3LO(LyScF|TNgs{16Rb@B=vVDx zxbv3ya@aBAj@(Pn>uueMKJirPTjtj~0_-{Fva`8T%VZXxo~*3JTunB#|LgY zjA4gECv?dHk)pa6P{LEr$nOmFjt#;QT(+_E-EtIv4OB!cEFIS*csCi~l3bT&mmSpw z5)->(ZIw`tJ+ePXM|K5$4hO#qF zf)e5stPBFRVg?<;^iewV>U0EWz2TzkF=&qQj-0QiM9kyU{$@%*Ml^8xoaP-Xs1h=X zdPxW`t3}D141Cbw7i*JFy0F-fS>^t}56c5zh5*{J4aC0={~;yL&eL(4!>>lmmCoJi z?l?@hBvS*WCk)ze-2t?$#Hpr}Q~HEoqd^eKw*$mTs4#K?=j`jkp9-oN$Gj;N8 z$lrx-sgu*fYMxp&O(A(bN+BpDsTK{XPu2Krv@D)vpZ78r_jD|H`5aR}`S_aetkLaM zMv7T+qf_BtFpCx=(0H#)a*rtH!>BZZzg9Rix#=&gOVcdYjWLEonTXS{qPkM~Mz|#5 z-lZ;R16d6c9j&dv6q$)N@KQVC!YplVZTZgcm`fq+=Z?HiN=Dg?!RY2?X&3yjUZp}w z7T-w$nj(U8sJ?$GXEy4Ysa0}b77l-fhaeMVch1M$ZoA%}%^5Y2TN|oY=sYJR($#62 zXLt-aTDdDJbOlSDo~rD1T04ZG)E&#cSMnUp@*ZR;fIe})pl}ws;;t1wdlF7@kC)!v z%7SxAwT+Py{7T(v_m@bG+x*Yi)?EEw93U~i2eZIw-3cw|I&mIgEr_bp1BfeF@Galk zzx}nfrb~eiK^kc^8qPt!|GvdVMzL|})iyi`Z=|=agIUX7eGO%C=cAN0ILo1<)gciA zoyD4@pY{xeGv~1=5pt;I=}-3SuSO@Lp`IgtOG@8MRapy6Gq;xq!c8Sr;%PPXX?bZwyH#veb7d_z| ztTw?LDbBc7U;qkaSyaM?YEp1H@5mVU4?&&a7oI`uTgoiukCRX@gbq)v7hZ+M-)ELq zRIy3#3s}-zjAv(p-Yr`0DB2K&sMHsZK79+q^kBoE%nwUWnvC=`tovPfNp$kUp&B>U zt0&%Qx2pLf0dYwpW-b&1+O=ffn!+SZd=J_X+{I?2V5O6Tg9)EZ&AYc>Eoc*hA-R8e zZ>9JL$bK97HUitKht7y@kRxA3bPHF(m;}cL+<3#j{#$7M&lZU=+^_+HyKemb=4U3g zAqHD!56=>NtPdEYP#lJ6^?`S^7x;7#e<4D1Q($2 zyYYb>R8b8t&$eG`{R?+$g#c)}Uym8AZ99-!ekYJf8kh-q$VqWnU_KTEo_#hfNq!)L zimzAj|1;mKgt-B!<5?67pX~d~wKWezQRZplEA!*;lkO3WkTK}(QS-XWD?v$sL$d&- z@b`YKGjvSs4aJJ{Xy#o>uN}H(HEfRe!JHVeC=nM=wf($}ic|Ipz?iP*=8r5u_MA~- z(0!dd?)DThmVr~6IOgwhSH3$pSmf}O%gZO9xgR4KVFA@HWgjvhz5bO&6=6~5vaY|I zXKE!5-uK(I$}IT9%{nW?>a25W8|6jcut6C2;^>bSe$}QJ$@c;*ax|g2fhooEq^?#_ zc?eSASN87TER+@iDX*MjCBs0kWInSL?kQm6m&T#8+X!&_O zrk@w;#9>78K=J0cR`gPHX+5FdU~?TdFFiE&AHfgrW(VlW?cXHJQE$7osLMidv3uYS z{WhF#&#BbN>$e_UzNpu&bJP{HGR(a?%4jpw)VL>h)e{}KIIzjkjCY=KzOudue*Y?q zawhwFPvVA|r2UsY#;xgQKxR|T+hjGZ9biWC)lfHa{H+X6*P39_75VM>4m-!6534v= ziU^RFMEe0K=mJ!aoH4IZ@!zG5e1kvlRa&RTmd@AI@%wY==&Os3UcTL?*0-z`M}h(rCIp^KnP?b%&QZK zj_K*`5MnsM@V=J9MD2mmIX#wycy5j?wKen$!~NT;)E5CWZUd~D-i}IhfQ9wsLj~fd zWcL^XE zY+376i+{4L1NzSXwws7p?5Cco(~wZ@pJ-%saaKE-5oeg=E*t0B5WJqbqd;75zhhF8mEx#W`f0zR|iKI8n&i*wW zBhG%kC}-5fFF&3m?wmVZ4Odtz%muzOGIrk{&x7eb8jZZ}2+3V=9X$!VSdTvFu?GgS zr}OEP4haaRYVze}bIr>g7Qc9~e3yyeKS^+)MiqSL$u+*y&(q9#T#NwctgRk9*(JW< zOiOa*lJ84{%AL##yZ4_}Z7s0P#g~m;1Ksu^q`YDey=ycQjHv=G_y_1SwQA6$j4$^% zlUh?DiUGOsoD+Ck-$?TcmoT&RvWUq&=fOnbz_!IHqN#JSu_~TCp5vJfs)kJmH=@%) z`c_%@rI*8v-iq!6&VjdHV0+};EjU8V4fEjqDXx3@+PT7tU#^L^o`y!TNtx`AoE(Yi z$y}8adRM6$KB9B&5Bvt@+9V&LK^xGf`mb#)KLvPX@V{Q>1@7qHzSli%Qq`)zDd{ywAB1Jh*#`tzV9IS zis<6hU&Y$6akJJnzx%#$u4^)~{-&>Wn_Fv`g-hAE;*6i)zQU9kk_fXd{~+yXbv|lc ziREE!mXmF6xnI%+958VEE5}9WySMgl<;hrNen>{-;5qXQNrm8o z!tdK3o4-YoZ9wj-6R~>^y=SjQ7dIc&df&$b^Qq2WWH|xOa4hPn*7rlw_jT|L}>+ z;VI+1%4l9r_L4~JsfWhsIyNYMl3QYbwz3={8n5c}=V7n^$Ho7LviAUL>h0RSr3s1% z2udgPBE3kj(wj7;SE~Uwr=WIp;g? z`#j&wH?t>0vY9>E*?Zsjy03Mu-wN#^XHg6BJy@#C2=&zAs#{XMFmn=anuewn0Hquf8+l$##XtskGXh5%;H>)J4um?Z$jW*k()3 zst2*-QO~;B&^&kFy)t^W@UwSYEHrLvLo@4nO}P@V*De`lQ(T9uKK+D@XG}&)L(uTVsMtZ14We%FNtO4dA<4S&}+s zaGD5cC87B_ahHVA&9H1t52Lfh7@7piQ!Df;f@?3nE&?_oDU}25c`PQmHZGbsC=g6AQ`_z;U~Oz`49NFeXa(&KsDh_2uJ}qo9{q zIL(MJ07S{v+gN!Ox$)tG-Keg`44V7BCbX-8=_xXDcG_{G@$EatRnX%nV|Astxt0WG z3tDaEgLvBCr`D7H#cXvRM^?H|)ff}0qgJS8yxuSSZWz0bq-*&918qG~z`RYbzc`s5 zKS`fIfm-0_$$byUv!<6Ge8?y~`s_9RE!|8z0h6LoohL{{&7y!~B$%GbbUrD%~5aV*|x5W%^m#U^oE)gzsQ zb_US>AjLktGRyMVx(SHqRkU%&2qXi-`CB@f9Ke1W3|uBG`G@Q}4qHzNk(t*tLnQp#gMS*}SOdKx+neyI8qKtYB7ANzDJ{PyAPOUEA>2FK1d>WW`lW z`jqTWARzR2$dC6pM1DAj_anLQ;LJskQQ*7J5*>9BD@d7E zNtwFo(PIQ3emp@&P@T*8ximWM4E3d+JU)&P+zs4oGImQUa$sorD)%|^H@NYZe-8+u zMKzXD<4WM}{s8z->t4R-XH~4uD`vxd)nd56CvJ<-Ur;xnzfWzO`kEzC*1g8VTEJ$? zQsGnF;)7nd1>!(pxa1y|0}Xko^AoUV7e1AFv+S5(9-gy)EsVX?GV+jC)OBbNgr zi!*n!#e&9_S#^KBCe+kYA*#`%yh4v0Dyas(^gK2$V4e`Z5NAr|G8`-jjhXP(&dmjt z&T>xT+^Pp3$*L5KP6pXYFin$LE#)sKRI0cKhHw5n~% z9i>7U1c3)GD%4p5Caa%5YSQGZA8GeP5S8Bb0Djc7F;ltiSj@-dlUP|fxk2U-uAgf% zV&0>m3Wo7#KLYYk+OED;60S1r(clr}`yef+x&=It#$x3&&r=*WBuiYuvksYT*$hldKQn57_AG-JFsh61d=y+2GXnUhmfApyhS$;F>7CStyE; zz3l~}e^aDBWpGuiwCb2&T%$&*t&h0}VNucc;&K@$>Ni@2OMOB23%74hWI-R$ zpa%b@)7H$Z_>j870s8q5ry1MX7p7w6l7+5Xe^R;T3YWaw)leT&f-=z1(mPG@E{Jbm zlanu*+spwT#`{>K$(bZhUxk{+wNRFiR{cH9`4=yKI^Yy%``aB2(&RuOsJgle1T7VF zS>|i^mWF%;_;4?yZc>`>%rA+FlU{)uQxEPm8!Fndq-pSsWvDKC<^lgds}cVgGu`pJ zUhL2KFLhN`9mk1P@_qjo((cVpNdQs7+`I9JuvIr_uj?_Q>c z08^WVTA)SE2hlt8>G#RL@!!CwRE>DfLiW8~>_U(&nIToZ&Ks$)oO>i-OVSo zVVKDQ%b%{WYh~JNftQHEJrQs2J@b9e6s^Fupu_C0QJ=d4do-WEY=5i6+{ng;^N0xN zxpP?no=1y$J$q%q@Sp2&gr{h|oAx~+n}q}Bsm=f_X9-x4v!lP2b0A%VmitB4l~O~+ zzp-<^8L}S|+8KXYKzbWU0}U)nQMrDCLr(TTx5(yC5%`DZIwpIG5kzqjM7tEY=_2Vb z)9-AkK;_-O*;_xQ8&d6nadp(CR`S;)kj2I{q!e6!c?QV8|1;ZQuBBL zKWTG_c3&`sl0~MnzBD#A2Z7#BT(pJofr1d!|p@8x3*ZP$%tHgx$Qmx6r5Q4H8LQ$MDUVv(&3-1i~aW6E)*zts3%@UXl+Y5JmDNF@NCT z$QO(lz3krW!bjbbu*P2+M@I#B^HB;1JHlenKdz!3NSW3e{a2O$=~S?vuP|fJ=7214 z&*)!gy9!_>V_(tA%rLTc*s z`a@}1*>h)-)+HAH`}~?uRbTF#Vr6sYoR&fmXAOEORt}JjANZnkB?zVZr-L?sS$7x& z46B#d=3Jhcarnroi?%#Nqs?SklFxXrR({USnNunM6L&jF|13b-J7@Yb)ry}haiGGSn7kaky2lSKl*RUUGTcrByejS{;O&q9#i9HMqW z##WM|1-w@&$>8|#O2p6wYQ(=$`QP7A4@0q+fbd3WmPiGA%dK{^kVR_Ec{QhU%N;zY zi%)t+w_96G_0Y_McYthKwU1aqSeezVrL}co*4@Nu`^`3gD0k{&0JvRmBtLy;ueLf- zaz2`IsOIYsSC%&66NzL;YcitJ#}iqyuxF6Y*a}i7S?$U5UD(_tn z;Z#H}PLhB$58dRY(Cm--RRrsZ+|6Mm@v$AHXGlmpJ3G6nXwl^YX~IUQ?E9WQDJf~U zKj{@WOlmVT`vnapJ-_;d?<{Nw=eC zylX)_fEJ?iIoBED782>oqtnoktKd$5(^M#{nAmtK=|nm6sI^WcY-5TvX95^q*ebx7 zI9VMGCzk-2ygOQbVbUAczqW=qyV*+1eUE;9vhu%=8UG9+yQ&Jff#UR+|9bRTYON`{ zEpOxExaj_b3{PdQcz8=DGS&E-1qWAmI)zn~_JilUz3A;96-VQ3ljCWecH^Bb$c96p zWlvssU$lGmFq8GZK~IfjS>Wqa8uIIzl$4e%Fe$5qheHJ5H9=p2p3*q?H41nrjY0t< zJYBlF6a9Gjviw1&vGTUIvI)@ilb1XD+hE%~*Y;V$s0_c>Bo;|2sX+v=z4@E+mkEc> z$NoJ*R3;A@-?d;>ZtR-iITrMnxHmUZm^}z3Vz|dIt=#5e?Hy4lkhH(k_3%Lu~Sv-%k<$xMKbN?jS_&uYJ^N!8UEn9g0 zc;mdrO;vmz8l|-xe`Se)Uyu*|oP4=bJSCg{t3c6~ zO+x(Q!1BFOUQy`01JA|#S1vBJaGi%*=DKbhRNLAg9uzswp93??RoOG+NS`CTGD!oB&Edy1trM!n+llZ~=MFBv2mIHr+S^BQNzGph zbe??lt59(o1&_fXPCGUEo(%3y=nXnRovxMdJJ1CkqIu#PgF=(!5M zIum6>&ihx>qViN8y1q=_!kg1tvo0G)7&*AcVGbeCEv`v zGw5w8Q!-HByUxME(KP5)X;ULO*jE6F9bE<0!MbTfaaVuQQ^m63pyj5nP;72AGqb=W zSCo1>f!K3@HTmNlzC zE-P0d>E}#y!W{xC6@g-AZW2T0YU*M2ZB^S>@o}oE6+R3qCijbmxyLRqCCWXDAV%wv z_^N#d3O)?eTu_dIcB0~bO?CD9sNRaM)XU3HLd=&&$?>F;4~hWk?=*5^x~w&O@JDg9 z(=;`Pyn))L1O!&3fXM^u)Ylw|S^}L*Di-`Ks@7J`vw*yzp`ph1{fo+c@5LN!-ytemxhpBStxX$x+VhJPe$kotFg@X4mAP1Ox}TzLT6wDzU9NbI+BI(;P$jHmxV6!@*h$eQ%V{*vRU>|w z{~fjq^PfHKe6!a%>Zmb)3?`(?ZHI%t#+j$UXt!oEn>BdjT@%0m1;{2>UqaV~*_%6D zT56FgLgXr2PZLFNM;Q2 zh@0fCBLnjP8BG6;k={qJL?}H9e*CY!*-ZHFANt}0HJ-mvQRVE;AwX%i75fpA+15>_ zft$LZ<8r4auKb|h{g6Y&T=1bfU1Uk6yK|#TEHBtDMRJywj3)5cn%ZK9aoCF7X$8+- z5oy>E`=P>Z1Un~(6zQ9odp>3zB+Dgan@adXaVdEsXJka+N4XH2I+&&7=doOi-%|+#)ZW^aws9h7aV+z`Ng@lGP8GouZi9FvsLUXZ|<}W-PztXmPFNZ1V?Hmt0t6da7!_ ze=K_x1wi#P*?3P7h4L?2eAoLa8hk0kQdH%wK^Oc6+@V1az@7r9M3!ZS`@J$Shtgc3 z)Zo0wEU!ceWC?g#`?R#gFYt(i$o7^zh3$h_S=zuX7A|svi@Fc-DYqshFT@MiPH2h%~wFJoG ztpK~p^*;CEFKX-agxvEX*NTY>k5Cpl>QE2sLSh%)e?N4g|As`KFB`T0wcAFXeHHA| z=ozP(q+nk|Y|~-$m_B7dl?2{4$Sm#TU1Euff8PFU*&Tf`ZB`}7Gki%H>;5^5TW$LA z<33PLm{yRnXk8%uLWJeVB9rC^i%^0$Drbfd{>(~iMm$g4b~f%h$QRwy3w!;#Iq$#GQ}d&>8qlWbE?!h`_kBq z6-`b-r@Y!#jK{bvxe2(nTMJ3C^NJv~$#!3E8<4vmPF=*Jinp~TZu!~mjE$-6t=ov# zv25jD4-CrvhGC;^BUPRp2zjyy@N8Ykl)pTj5AAVF-TR2F3b>)cZ6QUB`M0C9ZlSM= zch>hj&u*79<*z=Y9L(O-m)lzjhJVr8F!#843qsLZgX`-J5GkNPySpa`m~|B`x6?nb z&~xoK>p&bJ?-Ej(dzWY8%fk}AG7AS$-WX5b@fwbj77oPmvB7BUL&emffVV*YK>{fi zAqO`*yXEZ0(g%)GTRQItW=x=><5o3gkKW|CzRzr30QlO7dP;7sZ3Zc%!JNI(Z&4Z| zW?4vgoFA_Kju39&_I7EZa^KQ$-KRV-?<6t!;Ay3$iAa;k^z&vW z>?~VYWiGxhUBBXRXdl{4%{&^kD9NGvM7Lx^On+S9)bQWkAU5lN7jEZJJ=VW#ek^wW z4(nsJcW|ah@AoA+dhWhsWn%x(LixyMp6uLpPnOl_J*6$OlLyOF)NUV>DZiH%9gkk4 zpxCXOQ8G$r*on&Wu|p@B#?_D3p6<*ooX*|!GKL=F=<34KOY%a}9oD(NyxkHFgx=Mh z>?i8?P<|#XD^jfQ%3Q}4$Q?t&2a_6ppT@_R{Jt=szm2ONw})DJ>iGM5tG0JDMTMI* zIcNb6e;eeJbL`&@h584+fXr+|q5YipW@axwoqc3jmEhi!5a)po2X7A#2ZA;WQ!Joi zS))0wz_JVpJP#NpY;O6`wZz>jRehO78f#qHtJmU39Xx@T)H>wo3r|nqX<*2T=O-=> zEo3)*`?KFofcN{{^s*hG3u{u}IB6hrw}?A%PYtgb&O}(Np7;wVOW!XBbF)qxOz%=b zE?cWij$~L~G?3?qz5}gBC5FmV2qmN=)kSakeqE@T%1MSNXw8GcjwLNGnoS$FLhSh_ zv^1xg6rYpnyzm}r1r0xw@XSe|0bakBvnfcF8Mp7NWfy|1naoVLBXX53KoGMDV{tl zMJ|c&%lR_DN_RGvMHM284EBCibIct9&oraF#ILa53W2`p=VGNSEbiLWdK`ud1ZlqX z%$o!Qgaevv(P;@pyBZO%6Q>f`$r5GexFDgEzXcLnowGdT3b|JfOl3Yi8H?`yxO3e> z_xO8~*Dqu<*yf?Jvh!fSatJ;!WaA-#VgN{0VoumE${NUR5W>9u=jqehusiyt?cw5F z#+FG+y$1M(w4}w!73z4PH3C56)|Mk?;T8ip{N03QcVpg5>_Y`__pzkLz4Hy-#%W#2 zu~`obBufBif1sLL?ClAQOTbk?8iphMIOmxwIC16nVmq}8N56&=k|eww-5No&7LFx& z&1ZF8l3+oW97W$SmfANvvGVKsGxFy(x6v=%8Y>LTS$xE@H^gMBJ^4_eIjITKl-9?u z(+^P05$5KfWZgwri)j41{Pz+I{^WGv;U!(CGRohCGy|P-)zB|Ki7pIy4kt+tV%;Ya zN>dG%;bb`Q!%j7tjmX&3xY^rNM|vv2$J;4f*KL8Ex({@cL0LK1RiMEcRXt z>Er*PYDHS&TLr24%t>`p{1eGUUMDDM|BUlHgPJ+2W`XwK=7@10V2lz@K8wp9N1ry$ znD5}cyMQi(+IXRX-7KMKBw=G@?UG}}p4 z8F)66*VKgy^t+GRJStqgOku@`f0t`?VI<68x9i}F)Wp%Tj6?w!XsV}5Rw0SM5bLZ@ zq>@s&E)XoS=<>(K@;77nRs7#}oHlMsXl(ygOg8lw*!Au1ZJ5jLb#dY1c6s3&clDle z2RA(5s}PgAw^NeYvDui7rGB^AbrhE1-He(nuM9s_iW_~1Fb;j*VHu9nQSZz5Or#PJ zO3)kE$&2^)w_BN?oqciuBdxiqBgQhO!lr0*Y5Dv_V@`g5<`^YTRl2o-sC^WX%1T2X z-McrtI2(oHhd(r@9c|q;V1&lSkap=639o07|0c=iZ1K`eBeoyk9-a6OkYVcMi;8t% zVM@zcnI#r!{9i199P*vSCxA8b&d?u`&<{vn_^%@rik5Woa4pha`B?Z^oDijKxN2}b zp5IR9LyH+aDpPh8y?z;oz^)2sV|*;#n+iRv;@rl&J9<%D0?*sGqT0aV`%w~uhH4@P zIk-6+TV1dIlXmD&{{GI&!1IHD_M`1^)9FoeD1nQ-ne+79un>Xb1Jcz9UJmAtHZW%J@? z+4^S42&}EmMb|SoHy8QlJsfThN_naIbo>A|q@qens$g~0F?h=~cxmBb;H%%QGcMrO ziaqjL#g~BL7El0h_LMjPgk`C5ey{!f1Dk@cpS)3?hupx_0^sBj;w1D^i+AyyK!lA0 zWC4M=Lf-{oC>wixFni(0Z8_PPGe|g^LfXEEIWsvO_G%`>$V%ViBZ>oFQ+?e!0nN?N zaJWtUy}G2)itYj;4p2Ztt~TXp83=M8vRG4tDP>nY=9Atsft$6>RIAV;XTe65Z|B{k z+?-sH?(k;TW$(-;+Y1e7Cp@*!GGO`58DDsJ_2u}hl^R9$-5rmP@dE23`pfsENAL)= zCNs_SRr`Jh$GiYz*8F^6p>8uHl7uyYhF}cnx|2yFm&ITFgWKxj5NG-+Fo>*zVLR_B zPjkpO2W*?a-_FpWIix$5k3T%{bXsdpq2u@pDcK$CVL)!HQ;=ROgY^Cy8Z^&8tspM; z({ylGdk8T+o3c^Azxm2aJdh}g{3J;(waJm5uuKWrv7mi6O87L}DBs=t#cNd{FmIQR zxHRmMfuiv%qrmW%ap}+DmHDY*@&6;4@K+eTb5H%wj?6zvjch@D>I*8ug|vrtjouq~ zF&No!ER?vDUYG^8Lb7f6Qf3TksiPU!P|-l1VQOSo5#Nc%+>X?7&iOC)s64ddeL%f)1&nv3o-cQT`A{) z5y{qL4`&-n$C750(UA52$CV`Vu^gHl|7D#y(;m>-^G1$KCCYnoEF{EG#+bMta&bLV zd+_f>lRf;-mK`}lnptU|<<58pU&88`ans%PD2){^Jyz<64f%9Oa(>kZ(lLVLk`tTo zhg8NNcX;$kB}QA6xRr2~TR2vH`*wWbVD3iOh4JPWhJiB_6QHI~ih_A~c-&nPMp}_F z->a*i12CYAs|(^DP+fjPP}npx8I}{toi!+;<;b+&xH3{3o|1w43CjCEu1Ah@-IEc@ zOb^JaqgFVSiaLRlgjHW6_3IerzLKSUd;})0$e>x!3L2eAT7NjLfHE;eABS!R%XR;l zT9TOc;M#>Y!-6d>86;A7uBe+?S#sbcA@{@Xo8KiN#QlWX=$hw%XkCqN^f=q^K1y4w zvMS^*#>SIJumfhKTuRRwuY`ZF9+Y`I>))%!Nsr#&nXULoGZthfI^+n)-2&OS&0zha8p{j9XFt5ZY4Y@%PY@opvJi2T$1KWd>5esaj52B^q&BAD zs1pR@dQi}i$Hc*ywRCj+)v}*>H7RNP`_pk^@&g8lDN%9C6t*ii`v3%7T$M zq|v>=c%aaM6^rVGuF22t*2_N%4-dX+fGMxY`2*f=4A}|ZNSr(EzV*v_BqecR-Dx?y z(MR%ZM%v=fap!^4?rqTLniV6j0=>J?ex^OqOae@|hbl(<2-dqPGpKF89Mzf_3Cpf z5j``v^o1o>H8-V!_t$4tI_Qm^5Vs?JeKAg+skTdQX$ewSCd#|y+k>s9+!W8(R2PIe zn9+t$uq#>Jh$7z!R6i?#T%*-vSyLARvl4a?jqxCpl^pNy93h+E3cNr+ok4HE4r}JR zyYc?Xb<=%Tx3gV3s94wTu>Hj8cj+*i9aL=EPzZSJ zDUWdJ3>;GnexphpTc3q_9nGV%6={W*c~bLi1!S4E7c<#m=boB>W9K>8CTis5rg7*v zu_>b_vq-;J`QK8d|NHH3J~lhM(&}76q-}!RbNwS+oAGe#Pl5O{C+{7a(W zeQXyq_wW|fLup)8qNAgunY_W7B(n)`Q9B_8jB~oa05E|Uj8CC|DUS;-%n~GekyME+tV%j#&O2wsmEzEKOzz@? z0WN8>%Ed9fW@p~DVGhd}{wFa0Z?BPfiP(!0=_f<_XYz1GssqV0QUL1Zh5U}${eE!zA(&K0JcGkLGEow$axD%|U+ zOuBtSpmkx{gCc%sXr_X{;*a~N%TxNeb64;@K=C+0z`0TV-zfusGno+_WZF@I3Z(jP zrGF3!nq|o6)l3^I^&TIBEG)hgk9l<{p1j(f_gP6QKeU&<@xrD7!Mtn1W!v@(=D8bZ zV`n{AsaDGv%9277xzyXS;G|I!47QUoCTcS+El=%(xw6UY*F~>h&CIu_NY8emlMhyb zQCf?&h_x1I^Tb(tzon(6Solq-^i^ExEF8Xbt);11zX#{pmG3%y)xO&YXmWSR<&%^g z#=xhi?P6jG{MR)&lQdVzM@@6yNty2^=!OnfUoC~3D1n;hPWSg(4MG3j+wgy1xA__( zF5Ezf6#bvk9f~+FNgA4bo4&WQnIhbPUg4R+qF1QhWBwf)mt}ZU% z%&lN+BZ<=aOTF^CuEB)zF)x~>sIPE;<>m3bXLDeWh2N(J)AhWZobZ@GDGBZ-Phtw0 zN(6J)H254B{Gzc^<#(lc?x z(yLFO5>qk0#s-r&1wIn?z*$o#IPQ1MBx#Le+o)}2^}|0CpJbs19}GLfw3BWsh$MGT z-8mu-jP(5TcRYcljnd@voq#*`{WS&A>qJJ9dUeLD?Q}IXq7;AzodFNUNUqBXrbqt%FmB^w_K8ktXJeNNC zfnu_gc3W)R=FhJD_SAi2P=~BT7QF&Qc<$}FW7%3}SySm1>5%mC^kx8LeL7I5uD)Iv zvy&eVRw9+|O_4?W>;R~1rEh&=)edIoUcm{lKr?Ix)~XqRI<8OdT6w6Y`6-2KrN#s+ zDl7+1d-8_+RBP?%;gWu4NK9%V*_lfo{xv^Ojm^|UoM&FW5|a@94P-eE)W0iW?w`IK z3>%AkxUywuD}Czs3O%eFK5J%fX5n&1dV*P#t@Sv8d0w zTs^Fe>+VsFK!SXI)17KpL+93H4sIV1h7|_pS5(wAjO|zr`r+pYO-;GqnOo@0*bbEV zYU3kkv{xOsKm|Sx-b|hi>GVg>1b;)!XPY<;6GC5F2zj<`@0q3ZDJ+OW^7jc!MwJ<*Z0zk-`bbBq| z(Vc7gDuxcX6zV6>;_G_e=vtF ziN`jP{6TQY9LrnZm&s@=e!H*QehCSC&CV|J-3R(GR|uF1v-Kcb$v#a!)xuxl!0niv zICu*9uzJRH|Mp@3Mmr$c7s)Dte5Jg)%A)X!<{3JlsEjEPw00SsB$2P^ZdsKdI>n8S znE>JB2wh&8Q8<<)Dr9MmoLnDz;pAvNIl;A9Od;4sAK5%&PL;to}YAAA*t+AQd^Ht z2eFu=e?R$q2~wOR_gCmge~F?4lJ0m?&;I;5kCex7$H7?lh8$orn$0AWn#it$Q0eO= zLreb`s?k$(U6<_U4VUZ(I{}b@rU3;;OaJYdn~RBnC6c;N@y_c{r2l*^-izlfc=vs* z4s!sZ((lb;dF<09dwbP@UJJj7%l974K||y*@oE~KSI4xNS@Ev*_45tm(ECNcDfxlx z8gWefO^79524x_*{Rz_+CK)9Pvp!#+d;dfVE{CenHNz$}4swegpLOin0XmoD5#Gp7 zwD)Lh$T_*%;+78G9-Z~=2hhW`b|^iDUpMHwE;W3F+V5(|H9XP*y08`th{w!hD+6}L zN1@A{r4RO@Bv+)CK9X$5Y$1q{i9^uUTBh_>*;DzY@LLczUU7H=d6Sx3aUgfYmMb05 zWf{KQgvP=b8m+JX+=WQOq&gI9Sa3bXaqiyRIy`7iTkm`Zr{=3&1KB)(>?>kx3yGN(eB1h>dN7K9Y z)Aa35JNfNbDXV+btf5ZFNTfZymV&VlomY!77f#h2XX19%*#Z95r z3s?oOnb{|-uVeu}I#Ia3hm{yw$x`}TX&PZ0k0aj*9lv)kg#o5EC>h_j@QaH6yi~fk zaW)Y4?f*r}(^9P> z>EM$7Bi!XIw9T|{@^X2362$=_ZZqE$xDddzeE*dTs(FXF`{Sb{_4QLWU2DI7VWE&O za7I7i-Gl9Mhxc`ruwu2|lwO0>pSjZsyavMB#0?ZwpyyN5Dk<%OOCB);h1afR%yp?n{ zg4~HO{GFs^s--9s4K{5790L&i3n-jOTzh*BrB6o*#|9matBP%{v#GJaTT*>PSL*%n zrmhI}2W4gR#oRC5u5=8OAPr(`2Nib@j8}d=ryAn_4D|&cm_h!NlB%G9Yf|15&Du?u z5dZ!&FCCL7w}^3-l>_7)QkatLFu6VuS0; zQ~vT34)D0i-=umHPlj>tG2th#Y|hiSm~L>(INe;BpD`+uikj{I<5Rxv37NJm0@vR>9_!gEz|NS-Y$9r z^J2u`VrRvCHU%1`pwBGWm88HX8@oAWH0{P8HC{faZ(5dRi?W-)H@*k>G6sj;a@`Zp z^69_ULm2=;i`>g;R{} zdoy09E8yK~X8OwEhzyd4`-M@z2bp(j1@Vx@T!~~xgO|6Htq|wSPA)F0$O6B?g@RXh zu*@-V@ScnPUG=EZy{3;ZWEPIoE{Z!s+p$#zs7#!m`KXIsN#ym#LGI49stidF%o}}* zzECp2YEokLZs~0$zZ_ELq`KbC&BO;+>n}Ol+qeJP6s5M$`SfWY+Sc0IV_-0K-BWK% zgm5I9DJbyZ)#|(aJxMuAZe(nn46$23I=itJ ze!%+`*4Ex``5on1J8p{;o6~w0I`GOlcpzwifZs)v6mIG>kPVJR-Vs^UOMy zU=@L47UA$cD5uyHQevj#fJe%{{%AJ)=!$*>|2>IV8p&$ND~>;sm0|yOS+E=O*OOgP zVHTQrPw<+(Q~(BZHCo(Am3<8bghyeEQRh9MB0zKb{u`%ri`ZC6Y#f2)85soVo%6%46uluA#(ybZVChm8EVp|X!sZ; zR9Rw*ZpREQEY`^zKpS{B5u_;<7@7BjCaz@bSefXusOXUl?~k_|)9dwO zPlN-VLfW;q+uEKY)GREnoHHLW9#~eiB_@;=BgW!Z2Py9annZ4FAR~8J|A=Yx4h}8yi^+oic*_K6y3~eqe(Tx8w{h`7ms#FjBFMJa2uyzO-}(nPLtJ zW5C~0Rqh^KWC-sf5GO9S9IsZ5_A=d84cWgy${P4%(C+>-XOO)~zTvoFTl^ndaow9s zy(%gLXe^G(4BK84;k;BI^s&ma;clF2l77E=vs;hOx`eBTN2I-#jTY9j$rxlW>ET-q zhVkDTOH+y$QYp>~M+K0xd~RzGu~;1p{HcjoWMLE%y*HB4Vw;ejZrWNodf-``>v_Y+k^>IHr+@;H);H0)Et6r>=m9Dt8+f4f^+`i0U}<8iRP8(& zsQL&P3I}JQDc_kf2~y$nsOMNDSEEmH=Mhvp;(%Phh*VoTZ`Z9Fa^ z8^Nv4JW2IMF+k{8x-YzO4+vle$6I`7;PcNBZ7z z7I}|A*GbehX0FQy%IL>iCZ4@bs;NI@Ab9tBKZaMk0XQy6HMhcnISRiW$|j9i5O;jR zb3|BYR2@28eKR>j4OF@r$CeRzI2Q={ZBL zHg6YPEIy_x48Fg)!3o(tQUeuIY{YeG3alwsJm;R^WPaL?M?Rn4O4$N$_Vg=YVAwP2 zVn~}HtFRc~7BGn=Z`rZ3iiePX^P=Ahr2U=2Q;3JUOJt=S%8Hv^FC+DIu+-boPS!r` zOF77q4y2Byox-2}dPOG{>RQVVB8J(gjWhs`?qT8IbAcf^0r1wM7U;p+jQ1ICwP z-uJvUYAs$;LA@M8^y6RY)Z3DvMFxTo_2^k+bJ}D`+y~b^X~t=^)5dy%G42Dac@81& zWVdTlHJ`2j>+$d+qgZ`bM-Z;Y5cEq}s~68KRpywe%zx-Kb~ljZ)&JWiDRGEZ;Lf|H z%LotSRJ}xm7xy8zo^iZ6(Ya%9%!^i;ayd+4)}1MqI% za9rSU|5EqkFp(T_+1o=5g4*+?L2nt$o-k{k!~vtHy$1qJBHjz{ND+T$-5_*eEA8QN zd%0MMVcE|TpLZJnHA&`b(Z9n%Y+dBl zCwNXDNfg(V>-@N@Fu8C054T zMK=Pn!K;dS{k0D@R0e6sU>s6a+0&mCEpLL-uUF-3dhj%x{Grw!;;M%RmyaJmUU+6Q z{(w4(-!l5=gf>HdcDA$i#gsAVL5G!ynItPK9``%CJyQ#e%i(1ga010mF+UzHV53#d zkS`6AN^CsQ)$~>8**T1iwmr#pk3nul%X`rN-)p`9y$0O1 z`x}%{fBh8VdhhTZ^CqvSgmBwiab9k0EeCM)sEl=*1IXa{XxzGXXh-lBQc>Se9y%yMt!=Em!tcR0aCiN8NeQ z*)sBAA*&|*dM7Sa5#rT1&06NwAdFWe#m-KHnV-pep$z9(D?8Z-(VT!ra{)_@j)fv3 zA~IvlF~V?SXy1`6YINFv0K=@GOw{J$`Cf7-m0)G=3*oRMWK)!~iqf1p)wPkdJOOm9U ztQx1|;o)MBtBXvLvXaI~8*koR#*WFNAi|9``st2fQFcs?cgvF|+ZPuSZWFGX?QrQ!cC&AGTgb`G_7vJixuCOB4aZ(uNVE-2>I(tEkomFFXxM$MMkW` zf~sV%4wd}R*VKZ|GhStMxxac`X40}Ir7LM^A~9fPc2VSA9a2U*uE^%{)QUSM$kM@n zJ5n!DMs29BX`qxhN5mjATzV{DdUg{hcrce8pGP8aDh6$0_pEc;Lr&O-?`*_D5!w8EpYKc z+_t^FdC)ymy*AMOq+jWj@-;p{)RDMm*Mv@<$ea3GSwqv-S5A#UdXsgS^i z3g_OcCGUv`E?Kv%992foSpVvl2*Pmwcm*&QyA$~F12#ucv#b=~DEe&~=o-3rn2GpjN!`l@$f-tAT; zIgU;yvD|W!)=XFh0HDefd%EE1GezIcEZ_OJShG7)`OX~Ul^Qe5wa+V{(|RsY*8FDl zqgaPX2e$Btvg>_+2U>sSbk&T)qHq-Hy!n$*zUvZ-hFM=PNig)iE-~E-MN@Vs4T07M zsJyDSQ9GwXP7o4Vu;LF?-;arFHB{9r!w=6O)6jQtz3D5aJZPNp$W_A*fu z|Is>ioNGBqmp3hu74n>H+E7>CmNP%FUhS@vgG0zA5}QM4-_ArVaAT=Ue^;Q1%n87> z_4iW&e9A(sDOkDY4dQYupi_Q(d%FdFWG3lfmv=~*1FiV-WtM}AGWbbqS=n7()ac3R z5!vyZH#C8Fc;UsBv4?kPQsr+si0}oPt5Cem+OSa|n>6Q~n1{(ucug(i1?qsugG$*4 zb&x=$do+3xOVcz4Hp%kiaw&c<^$BYh4tivuA^vQ}4geGc4TzRRR}Zw}PA10UWA!Pf z?>kitq$GO#hO{U}`TOo=XJY{`W(Q%`{qCTrf{)ilN1F9ePrkIXA;ln z2a?&cS*Vr$O847fxX<;udl2d)Igi`N_4FNy!u5ifQxmQrC?Yr14zzIXxK*%$%@VyU5Cex48uF7*8X5KHHa6^6&PdcTWC^YrR&r5gq{D_(TY4oMsUC4{P0CoK(Y_O40pUGhCf(x9; z-!Y$%n8=*Yvzw*{K(~fmDEz!WL%3qwyYp5TYVZ^0+ypFNW>vL(oj0m7dlTMqdgec{ z31}k7HqPEdVOg_1B-maM2Oc-coyc@U(9Oy-SEB_y(v<_BqX2P4^k(@*mzGxZ>lf{t zViX2PneZEDY@3vK8R_Xv!A;Yd0^vhQfi3z$Z!%b77Jb5nhwFDY^9o%C^4KE+_7)G_ zpR8jLX|5L+UdEO>O#n4bP)cjtw_cVqO1Qo9i9fSLfR0Ya|HIxpzt_2Sjly9YG`4Lv zwrw=F8rx19+iKV(joPHK?Z#+h+cv+u?>T#?`+0V+^Zo(fb*&#})>>KjoMX&kJueER z4IGg1EJePtv9#>v>ClR6AMZIcMy@}400R*E7V+{Lrp|F5$-)-MS;KdS>ddi0)+o_1&M0B2Iw+Bx2r>GuI zSb)HrWk;xnD&DCaw%=mzJ5v__@gDr0Kes|a-X5B)*tS0(TzO4kvm!O_g ze_}KTArO>)C`5;Qd;15;TF?5xyw6Jh{)>xAdH2N4G5`Z_8=GDoT(>=EmiB75&W6^S zyn-GOdOvgnM4t=+$L;~*5P!CR=$zgIKxx5HI?0@qQeM;$1!+D9VSR^JO;3h!Nl8}$ zmOclL7iC_%qW2^0Z5HQ9qC=6m(5b}!idk`?xF)N(*Ip}oX+VFZKBQA_5KhbhXEM=A zFYJK3JCFO`>$XkjTTAlfLc$=%`|Ew2Z#9{*>EMVtWD=~hlEaqUi$Jyqf6Ea@vcJnD zBG%BpJ0GzELgGGkpCG5EhK8IkY;pMOA1gKPL(+9NPVP8j!@UAt*O!;-(v}H@s^qXX z^9u{14JrFx+yh$pC}L>m$64hq;o;Wws~Y@P>^z8{GE7Jr2yijQno#>9ujr_$D>5>8 zFa}qvv4}iv`tBZZ{rero5RYg4t4Gy)eTHezy{kNChvl!y< zAHV}K&u{6;$*&aE&9fitFHB5Y-`N&K7HyK7?6qrbC`YG2RVU0zx>?pebqPrw6Yd6 zOC4PPO(q|0i%)$<7gZTtc+bH%l3drL-%yXQmY;U}q1*BO5X_x_zY>i6lquB^!-{uakY^@HgP*}xo?$j!~`mtk{s1zzP$}?j_#m|Ah5I&UL8fA zGP+;AXFRN`lP=48Mr?Qnxf^MTTertc6Pq1~%)D(wgRrh(iC_oJhu3pEFXy7fji z8UviK^8Q0?@IQ>MEZ$UWzntgy`|yMWaPns;x}X226zqTMFuCa|I0zjSt-@4faaOMZTf$F0tQVZ6Q4ipMgZLq0Mf2UC;H>_Mvv&a_3P? zw0+X^_>r;oh@P{pBK+SI-$L6hf$9$*Yd%ey-!O54j+oh|j{ChAYBqXuh z`RVCx%o`uuT-RNd00x}!Cdr7I47Qf^7Fp9%kR zkl&Aal8pH4P~|0xFNd0WhE}kFhlA5_l&;#88({T0Iy|iD?(SA|$}+6~RMD}vzD7q+ zepvvw01$1pC}Lr+4hb{xoYIXyjHnm$$Fc$Mr; z)zw$$o6|M7)0-`E&a7=HQqQ3Qy(Z`niN66|EK@V#v0_Y@^JW&jw=Z&}M>oPPn z6eFWC(N2_ZRu~DI@0h;jg5ic)E-IqL!Ne@T%H*b_VV+De$v0Jh=ag7eQ={SJR1Nfe zXn=y>q@UkF2qN(9trOK)TwJtHGqbd_L$rQBPUNArFs+Ug8$p5zE=>s^Qb7yzxKuUz zwadqG$SSYg4rb2s@`{9*#0zK2e0lb0zTk5~l*7uzV_{&Q>sN8iNwUy%_PVqkdyeV$dRj1vXzO>&{1bN6FYg8$vuE=& zaPQlL2&&U<8awWYwkeIN;C5m5ancW@^={(nc&&;buMpa*(k4yoQKO>ZjPdepv8V=x zz7JYcY26d-}7Etf^^1oo`vKI8v#w zr-aV5mYSPu(@Af_Rpz;8Utjcnq?r3|H7&kxkD_y^JR>vcYPg8xyD z=zCb{Qux2{1l&l76)sm7XH5^ykIt^n^Loz?>4zf5Hom^uheZnp^R>2B;o&ee-)3x* zSmCa^Ne~)VBBR4XaPjR7BV$X8ODjq~TEsNdEh`$7h9*aah1F&);m>QThBpSNhV-vq zUAcTI`%(c33ts_CUq8mg#MB(+ysuaLtDRoDB~TFMW;78Jq3T zbA@;Gx(%!XC)CL$gev*FnH^%Jj#uA`8+=17-sMtObov=PjKe|@cl0N5NuzlmE8+2v z85tJip-=ePo$2?vUynt-V>W`I3U}b72)!GuDKo0797|Ea+JK@}WZy;;6Zy)1Ovo(M6Y$CsbRR0I!KKiusB@+>pf9u-InntCKE-S?bW4&JRK&-=8AHF_;~$$Hh~$yoCes z+`E~UuR38Fu5JUdF4N=V4XfS{*G|gwPiA?Y+28j(-xojLW3*a{;{&d+%QEg#!nXEl zGC^clSJzpft*_Df)<~86`Icw?srb`np3A;^@gY`)uNZ5E&f z&|F>&uT|ahx!V05M%x}$o+n{k1mdtJ^e3-Ay{E{2T@h-MyBSe3Oa%u=`VA`Og1MhH{xRyb7 zi(!72AtLr*z6s z6k_}eVoSxkZKR~I)zR)-DHFR~8Y1@%3D2m!(g_!^;&g(pP>>U}F8~8))gVA=Xc5cZge?)bTzpj`&M)nbYj@(vk&d!r2L5=$q?8ge!!Ly`UE&{M)+*EDkUr zP(hpZa9=qKz34_uK43!+`{psHbF&kxX9+Es*w|N4qpNXdI0u@R;|cs`qNe=jqi?*2 zN=QbkH)g~_*P&9rp*C8X-gY6( z$$km>!E-Uzb+CBMwS?J%E2TJaoEfSx+?~;h+8QaucOJ=nm}(RqL|b}wF$oL~8=-Px z395GW;J*koa80c@^JdJ26t}z zEIp?~`a4EbR9o-~?kfDeh_u$Ueay}I#YOWFT!(r*_a9BX;q}GE_2C&+5Lm1QNx&g`l0zg}O7paf%~OJC%A%Qu z<4A2>w+TAuLiEQt7xr9>Y2mXiA~GftdCu!&tisIA^Yb#Drry@eONMzkcHQl`j`_j5 zhMi6NEbk*MPxSFtVF^4LgWDhLF?U>2^G3_wA4buJ`sXneV-$N(8xjyNB{?&pPV0Qu zUx@^&HpzHF?Mv6CxMQ!4l+k-)5XV==zWO-c&3`j`JQIMxr(Yb(;)5Z=q^w;hWahK0 zrB|b;d+#XkDLXztJK1H^piuCxp!v-N_BFAIL!0z^K>_)F_Vc6dFO{ixQn;_XH&R;o zApIDlZN_y#74YZC%855xi^;hP+_14seL7}cNieEFESDLS=@@=nS6eG^lYDzBAuWIH z0e2}F$Qbli*@#)F84{_7uP`*bxLMwrDY^nu z%k(iT`5?G7JK*;nmG0-{@(2%0j!WAP$D7WU)=RlPE=LX9vrS8vHuBp;)q}z_d~k93 zfJ=-X1w0Hh$mN4-T4Nem1qxNH21nf~W4FDw6>cw#KU5qi%K0@weTJvnI*Hs*`V*^H5p(5 z+JCGmIqT<)k_1vYcXbwNOL@_+Yd2L$RLQ)`%;bKYVfMhZC3Ht=#-Fv-9b{oz=rSsxZs4 z1ThgX=`Z&$jp{U4BK)xuy9w%`alXnjZRz(UTig=}Vy`T%>}?E(>e5f0CM!@Iy7IQ) zoSj|Oj}=O4lAh;WrphXY@_ei`C`zlBdRfuOFXL;Rx``GY{Lu)19)JA#tG(8T#9_{=UfyK6t-6x&1PlE?v^lpQPY14KUb27kPjxyYnvr@JbslcUUE!

((Ana^L=#JPbsU3v|P+1xk$k$0ARC9FB}&M8w)1o}JOq=!>X|Z^LxQ0o zt76%vA-$ehj1qjbOk=+Xd!}tb@hCBwQ%nt?U38Bu@9ddFg7stYWv%-ldFWK0b#J5w z{VwHEF46N*)AO;*$n0^Ayw4hQwBvg3W$kCHFFiSr!NIS%Z-H!OAOZN2_|kz1g2a~t z!4~M-7BMw3L5IIP*x-|9=+W^Z2&iW~7Rol%hDS$7or7iIi)k>zn8hm04nplvK@4x9 z=gt<~+ZM;yI8yA=d+1c-k-9zway`TeJlg4>Rzk$`bcyIs2}sbtW5${;W_tia=^` zuKB4N=pGQ@Lc+T?msY;04{jSW-uy7+9+rmPSW&T5;I~f{k?i418ERSL>Q>FL$vUZ8 zS65TNQYi7hn{6BEeWE=>Zig`FsPi9b5Y!(k-|}3G0}RL?BLwqAUKw8B+EN|tml6K) zv+$szFT1?y$)j)?@x5`<|G5V3-GuF-gIAfEY_2Y0!&%I)&$n%AZ`|^Q#msHYYo!r? zHX48b^pqwPMVw^rynASf$f{Xol&Nzsl4Vj*pl&*w$u?7i=Lq5|lngKQL)4SSR?8Dd ziLOpdQxluisO8iVeQS!2Dh+ge`aO->w`!iDRq2Y1=vxz5*g|!<4f-JFJVB~ltS~90 z44`q2^@*nNs<;7%?~<1Y`L(|899McG^LM}jY(=rLva#?zIX&GHh_fYwz3rD{XJONS zK2+6yXABuSS6W=`uT5X~?(69H-i5juiXNsQGyE;wqt1tV8I$4L5UTRDqcp=Cq9HtO zMa84|I(WxDrl5-jPRADS=m4YAUY_oaCVq4WqaO@pmnV$MI9P$9*#li>$(_3?T*C6Z-1K;NXC#wVBBTY<$-z^;3kj1F?#Du6+xAhhW&9~ z0nzcuWQt-rE%auy3o=73b&&FsGlud0`;VWr+9S28!5;^OI|jXhDgg+GrloB>ISC07 z-w)Me2c}?mlTlDdXW>%(eZsc~QG0(?f#L>2xY2DaduyGJEdh;_rpRSK8ZY1UPFpWM z1i6isI38eoBIb_AzPNRPa;O}r74W+g3%eJJE_Vg<$Hb`^ij--(y0f&V4zzMmLN+$5 z6K@OF5*6vy@}1A7vp#i*7~~zI<(i#SdrpCaV_AQ17$4DTn&mmSM)Znz4|O*Pg=mwB z5T42k7!*L25*&0JM1QtMbjd}CpRISw6KEAaC<4PLwjgG-WH2%>?Vp~QiV7vh6WQHb z=4KB`YQl1bWveA!=kbU-#6BO`U_gUd`Z4(<8+y`UZ6#40mbrFq>ChyUvY0ad)Q>4Q zO(U_(%Ebxm&k{IzMlpPM3^sbeCJM6<(x5gO*_1?)2 zrT62;VPN&uH#I3`7`4`5Fjg2NlXr)9_vM2cSE-dr=b%*zQ}M8qVhL(S%HUfcqU|IH zFTFSjtzs@QJMjED2w=s5vHzB9(8sN1n zJ}18NX1U`o2;I%2*W7cyF;6{jj}OfHDoXJZ#uw!NU^R;T6)`9epxIgfSd)CpAmTa$UKjxwwd@phSqCgwQC3)f<_{^Cw_Qcr z1E#HoH*ouQzKK1kE!r4I*@K;r74&3G^TvTpdFoVjUEWHD%D6xh0Mf3}@agpe8!pZA z@wcG$*;4(lisOptQO}+B4!olKH=WKKs5mJ55nYX*wHQ8I9^rcOIMLSz_8L6YW?ft@ zEsM3@_o^ua+M~$KKKyy}%wU|ftF^qmIKYPp&}?x@CvTOeURB1N(Z~8|ZIH}*;)=^zwkDGTpro{C>K7xnp6GRy=iCZ7H zf&65C0oLCx31H#o40!Ipjfh$P?NbIyCW+cFdLn;BiS8|=O-AtQ9H%=PdsgJXenSRl zoQrIi9r+rCL)>16Vhg_aw(Ngo$_p>~%bEO|2Eb9kWxwUZ-=Dok11;$P46=n=I;)}K zPw46R>LzEcphFH9jHeF}4OURw4TS+&96D<9FZ}8^+e<`08*sQU6>|Li%|(8Y4G|nn z=xdZ)+SD|!tKKq&jIu@)Xzpj?e?3Z4p!-MyK}k&r;g#`emQ9RcUV;va0j zl^jyQH>!Z|0;lSBq3%Ag(Wjm~(~~d~^9M z25Bc^43=yt2?6m|MDyLom~NlYcQ!`G@^lWDiXrR1h7CI-n00;cdXaC$h=?ohrv(I* zD=0AE99j<#c~Bky9mgCqP!b>nR^r<0FX0)`0cH%d8#I5XhQ*j!JKH+ZRfeu3&?=1S zBRs{UAH{5rn%{S%1{NhE!owZn*jcKjv6T<(%T`l&F!%S5J_-t=|CIB;l0yUleGJzE?%iKN z7l61TL_~r;ZR$lfeVmCuOVLoX{WdIhRKwuag2rU6M!d7SY9NoLqpE7*+qy2FjF`Q0 zmNHT2B_8ydv=DGxp>LrUK!`!S&9^f(EmWCO)sj?vYit)udV;@0vDXJWR3-gZy5sph z*$Ly;_UE#wZg;TDeZ@_|CM1s0wTA~RT-<6O9-j6|Mh+Abuk7)+6>KaVe($zs(AU)e z#J5+HfM|r?cM<6qoUXJ}AcFc&*L4|E=$Ju^7OE@%q~0e8um14Cbv}B4e+J6nU)tC>Ve@bp#b#|$A-!^xg`dvs8J+1p z#aV0Eb3U~&VFfg~Ru?}lJgY^t;|x!o8825Km{6Fx^Hh8A7r<-F@SZ<+oLMHyK;h(c zN34CUbu?{?nB(1Fx9Z@mx^~e>q3Tvvo}^`GC)l2K+21{?92&A39LU<(7WdYPa&~rB z7ZXcnAh-%$&UuYDV+ynk-jvNU*qoPcX(hF57i;?ik@5g^f68*9`+`h(Y%s(R;OVq% z>*rI;^X5Q?JLn+i+T)Z$efyK!<8zgNG*g7!P{6=`U2)oXRn^9>CzoUJ zNV`Nhfj2+^T!RO~R^B$|C;ODvY=NxHFUKe}MTYTbz{^ndwY7l_FBd35erO<`eUcaJh|9G8pFi4hTSh}u#fVx4mH@E9gIoNGU+svVbi z=Nk`U4703gvmaavyElJXB>K88KSr=!(GA#F} zzn$$YVTypq1|HzjZn`iy5wa5<&s+| zFGc2+-)DFI&{rqyfIRD|iG_o>OioTtmm|+nW-(Z0^edq^%;+qUP`ve$ZQgl>fy1NO z7K@9SQ%g&G#BOIBLZNr~mgeR{iLP;<^9%0Y8gbibrN^gnR5RJ|TgMj7-#pubS6+j+Sb&m7V3sZmN_D(5l7y zNozhgDGjD^`-na(3_`;1zh3&bgez_APVwHrTmr(sUOV()*1I0*v3D48iMe1l31U|z zj0Nb~Vj(a479w z!eUP$jn6w+)YgKs@W#Bv%(}VhRlAEfG^K^ekyu~%N5TlRWd$^i1Z5?SV|Hn0*GbCQg)k%jVov0*Je5*7$kgk4 zP|bxs;ea?*^gs^e5=&da8_p|{|EvRI3t~9AX8Yv z-u_cq9~rj&eX-9{y+J9eg{LmeF39Ys-H-hDPC@y$nzllWQ~PvNKbF(kN}1o*<$8sb z-bRM%F31B${M?ARQa!KUaTTMvq9PVCYoHcXGY5a5IaL1)yglZ%aY8{U{1nR=_}VKe zLBX=malQEguUfY4_zeh@q^kZEOu(B5GJaquBRn_1-Nn1tplA;dDht*>C6+QK9A@L8 z73)-{o#4h!_dQBMpDJ4#Rkotwk^@2g9cCbV9J)n=kn#5@)`KA={EsH7lb5hMTI{Kr zrpz~XdS!8zP{;71atFZ&o2nj2)#+wMeulo(-TbIEtIPwvp0o$=6Ly@(+eKCwn-yc!~z!E zD-23Lw5g}D)-tsKB8$ho5($_2{a5HV!~;Z5py=iEJ+vQlt|<~3>^O$yvydCz1k@sk z&N3$%nQTc3jmh`;I$D^SI`R7Gn{R?a)9=w@j8q+xIS~_QP1SKD7x2 ziVoQ2yO(__{pqrtn2|wiiEh1GSr_qq2TEL>EypC_!~vn3AKp9HVPZly*9SI_0NSWK z9RoiJ42fJ@W4!}93i1i-fw4X^&jq_hdPW4jz~CQ@OWzdCpWAnX;)P!k`nSrrqd?bf zqJQ5^(I(Fmk5Tm>*6WSQCiL}O5xiX?iCUw3k}+I+E#+<>HpEFIJH^APwPvKXk)ai# zG6ox4F2Jt{ry#@vXKQSn&vSd=yAd0JkQ9KxDO0fbu^lOtScQm5ecDGf(X0t-=6cm< znlf^En>`R2x;7{r&vAwybgu)@ze4Ajzc?)81zpw_nQtZb=4AOZO zC%l5(qw3u%*%@)q+s0S6Il9UiKcoEDu!RGA8e8na*POxHWjZ`M{paZC&aPgoZ_pDb zSXz8JeOOWVoda;k^!3<`2b{@N$>Ao_R`3WZWs zvBcOLc-Y+5dOjbG_cufTeX%17K?!o58_`kras>shQ3Uo((GI9-OzwUZGkFYgH0*7w zeebQw93TttbBj9Wr%nk-6DZK$FJcH`jrx@2d&MHYiEKBUP*wshl zGBZErIwghmO3-Ddr_-q9a-$qPp|@M%^KKC()7&|6O-&|D|K}8kWD$x`GkxS(jv0+=cOw3BX0Vgk) z#E#KMCK-UDLi^_JX}O-k5oAEn%Ev;*CiI{$agEqp*3(47Bvy*Fn^oao5WR_h87I{Vkg45Cu+|1#tm>Ja=_@ZoF3gfo>6>{)adU);Qsk1al&gd z(mh^G18YJdDP>-MuOk35PFxzV)LP+tM3tQW%btT*Rz(RqvC-{I@SBUHaUDx!k*kN ziBd^o*Ftf@sr%g~%jYZJYTmX#cGib?_YYe;)ti0lNp7WHmv8>({>M;$F(L?)tbmvM zDeMu0%BJUO>; zYW@XT|0k(-AvcwapVN1*WbeQ3Kh_$i!yX=f({6NM0QCo*$aSxZVntUVKei!?zQ@`f z0#AIaPVzCcs0or4hwR_@$qX#OO_pHkk((r5_TU*VprD^45*#9Br%+BIbyOTYJAwfv za9mne7FS-b5Y-5;uoT*06QS@ZWNmZ920?hk_6itX`z|q&m0ddFDNw=onN7l-_FweW z*mm7t`j@WP>5TJVX97i@!2_eCqeDhQq7MoZ#RhFw#byPo@BQ}P72YJ%RsaNwOa-*$=G9~*M$p?*1dD+Tw2LvIQ zxTr`Gt(d{Ve%$=yoVqVMRkk8L?}k1W4~HON^nS{I$S*FI%=7DN-qHWkp|>d5u63Vs z?dDo;lK!7}`G3gK^EIHndGi*aYBUkplV=egoAAr6 z0e1BG5o7`(BqT^uR;3u%aYzvv1%(b^jL7*^VcWy$rdFC2Y>cq~2BH6XiW3R2`$eb} z*@WL7dVv5Y@re6rHaA&3py|#WL#WQS-2#JYO!ZAaZyP}$EwdB!5p}ln3U(+ zqjf~=bu7{X0s_m}eB%E+>k9(LECCuiVomvg_q*Vk!GTu4uoX%Ds&k(RLC$ zW8iX<*xQ45i$31n-fC1c=n4x78IR`%1s7J9NC|xisL}P!>pA`X%rEi-1lkGc@zcI2 zn|k;Uh?|263WCNr(8*sd`)1`AWv~8D{tt@C(L=VgylYew*iqk_j#;y9Yo_5a`|TjV35gvIK;iIA z2F8s41988@^*`2&Vt@dw`()DfAMgM1&#|gs5}4LDE9yl8zX;FY3HYydV-z40ZG;Dd z|8c6nKK+;f%`t@rs8eH!2j@4i{sFcB2hC16zo;TO8SZzg`27a_=UQMC8Nggsvpd_r z1M(ji^nU=n!v=u1362hj{5N?2_t#$D@y`MnLA|N_xz!(G`I|!a>pNrC0BButG}&bS zx7gzaq?Fz0+1Bj8K=EGzoHPH6@v&7~rT%ZR=aCFxFKctS>QBV=U!bi+0zhkRHv6xF z_21BVK?`7ycQDE&DFTc6Jhh@=s?Rj{7w9-00dZ8eu=hFtxIJ z!Ox#R_mJ!ERWss!t3quZ8Ef0M=XH-h+B0&kxp$r^KT1Jr$6Ne*?dGN)Dk2s*dGyGn zzVJ^eN;>xK7Y(YV+&2->b}#q#iebg4656Az&k>BZh0&BWiG#b!`!a-Ln->w35*wC7 z?A+J;gPSbR-b(@%Hk>H;+}XO^J}vH#;18bx)jm8znv4?I?6(%x1I+)6V<&L`b7x-75CRLK!N8^Q=3f-0Ck*3>X z3?zYk1QAcDn>39EWOl-O?@CdIJ@O`@zn(A#2XXSKr=dbtOeJhQkSM97s#?G%=$BP| zJv+b1=*2cW3Z-9@0Frs5uB=6q&dfws#5xw?w#`KOcp$f8_a6d;3k6^_X;A#GIH1O` zVi$sT60xE&TN@h^9v+P%A|gAc-VWDMQg%;N%hpYMSbHvI+n!!(_v6XOF4s$VA>=h( z$*Y*o_wF6e!gr=3v37I~OPK8>QslW} z(-5P^NpY~SB#wtIe^0vcpa?1t?N{PJ#lm~MoVnDtwj~FDs{Ifk3<1xm&4B(F>G}Ie z2*`rW*dqFNb#|JeTy$yWw7tO^rSuo{zxvt<-Tb&&;+XLt;zmytuw>Mb)}DCfb7W&a zFb0JqEz(oN`g#(M+*;+7CH6|n*8#3TypIk!%O@Z6W%cZ8=1PQ+4QJ~^*(a) zwihyXjV|V%?;SR|uH`dwh_}eTS6=t~56ROC2^?}63?Jc84CbA68SH>;l3~M?8aP z;|e~^JKfeHBza&o`@+|EA42VtkQ&^r&5d;Qn$#0BgYzRw_4 zVT7-Ut(}ZWQWE@lV+b$=qpmkMO&S-(ik={jYjWQU2;^KXYAt=%Jq`&D<_e39e41MC zXbAw*)rZ7s%FWfDk7kNXBQC$L>s|g2#E_0HLNpgv9r3}=Q~0-}`cXW+lG4x!L*3Z! z_XD*j2MGxblrnx-{YVG{0-uwb3R>Ahs0ITI`;IYKIjCyE^Zqjf{T#i?XR?--^aFwy z?(Ss-HbNdmm{Q>$Fk3V}{&q@NL?kiH5eX^oij#{=Q-9t@{W&eHo1>r&J+h^>RSt+) z$&3ZohmDemMaIp{sH64cG*j-j^l$a05{{tTj3!9oVTe4XrmADTb%+dazg%)_?ScGO zT$a4IM=k&Gvq*12+Nd|WZkxik)8x4&yA@Iu|G(T}dg&k}er;?__+!~n?HaENMa?BE zWIpo9%JFSFg@r~Y3S_=r&b|Mb-oj#DG?_cz9-336TG$6W`lzPreHQly6O%!9@7*a~ z(SC-V9dUmWX~8VHsPM87Q@YcfJE{6vEcTjzBxuWF=$Gqavq5QSGF}9f?r2$~<2)ME~k?68f ztGg@U)yFf@Y~$j6u-?MU>FHV*rqjDSUhcKxhVySR+oI)3>c(9;>J%P;DAZR3rEQ&- zsKc`_K2**%&S%~02=lFDV`EpXTyidizAt)HyRH<73)(@xVP?MDYLD7LWLnkG6Rc8t z(I-$gr7v@WJ1=J>l-X4vD>jqkiVHeQj$E84gM*D0p8L;{W}p z`DpA{7d;~qE3PUj#ZA~At1dQf6gH;0iy9&WhEBE~HlUVOd9G|OeooL5;oh3Kz(;7* zE2huo0+!8Iz|S!7b^X6feSwP|R$ z)blmOmU&;f@trQ=Krb$rER=jHagq_L~?6-Sii#AtQL zK}kE2qJwCaiQ}zCE=viPAr&qM;P}BF&mc)c>tV7}2){B4wf;uQkkZ^NBPoYPzsiN4 zh@H8c-DLfR6dsE@l+xd*l#oIE%(1S>jIaF*j{jRW$<`}0t2h{XZpQ>tGK7>fJhC~} z{5O&E`LIY2MaBQ0u56dMQHsYl>@AkhX;BBJC^N>oG)vv)cTuy0y*7y9hkng<3 zz#)L|dm)I$>CrqJgUNhAJmXm2pL^T%;Xzh zaBKbp7i%#G$GT$PluuVn0yVIcKbEG}Yevh@2|tQicGDc3Z2V9}#$X>KRy}v9`fMov zsk;YZ+!6k#qj-P1Z8OpHyLq3X8GDCqew(Dx>CzNQ<$~|Y!@HH%TD5_JfoUyKp=!o3 zC6o;D_5Q*`1uh9>jZ6p6yXoaIA|LUkB0aZrgKr|>G|O)#6bzN9$*?v2o*pFqdZcA<@yK3J3KB`Lq0?{&uFs1&&fEAc7nX?j{! zQfO`L%6=8gSj#22yBq$8$5VWZbAav_H}6&n6`Ky1C!N#1y{xtWGO~9@e>oAhzl>J+ zl7VvI$Iij!zL$9u*h6%7&3&Xwq5PGLNNmt~`eB6F9|alNX&$8EvesA1&@i4N$MA#i z{DE@@lpGxgt=#>R#-4FWVkBMq<_(IxN}pta*UhRDn&vrO%f(crQ(DESkHZ6Wp;S>> zORz)$*)d)1yUCGHTU_vc*cq%{6Jq^H;`lWCQ>8!`8So$G$TYSsrypUaZuGf`*+aoKJS=}>lwN5*TSc}|yUl){(FZgo@9F3^AHx_|ZqM|j(Z znV~(%@3u_rR49{f?!8=X-@@g@_Oa`A@gmR!)OfbhIpV8s%|tJk>k}xG#ScjG@-p>` zA;*WJs?(x8`Env-o8ed#d9KCo3%97`vXYWSG#b8gZ#$`{or8!U_V0?ll4sep5&Doi zX+`!XM>(W>*72w%w#@>suzJ@6OpeoyV2aCrUacqoFF!d{Zo zwv?;8Vg)uBzb3@F6HB6kDHnUW&p-Vm#8MWquR;AqkJJA~mcwSIBAV9ShfoRa)`#mD zIa}86b@q7dt7qMSj>7cT{|Fesz&a1-LQ!iJpGkwLj>9TzXQiEi>#&1FO)Z@9bvks$ zQHDqR?8y*C9Vzo;dIHrsI&S{j?kr>APq{~JRo}`^a*|x$8K*Li(>gf{Rv{3+la(%$ zo$}RWk6V%&xQK8VS&)pXXD~Ehl#M*JLDrHBLTk&MuUhwMvsv~Q(wzlgROa2rK|@l# zwKNooXnu^)Ppu0(pKX2$!LuH3E;o?pIAuYTWZt+nB~Vs$O@3Gr=TGK9D>4A@N)EL4 zSq(}lD*C8zNZM^D<29sckL_X@_8zL!fw3PIwNP80^H6+%eaUKKb1)eb1FDoF3*2HGlrZg!fqq!26;2IE&@?yBqIj_R3QdSS)TsNn+w;aoE*svzdLJTBBaCcWSm_`_aHf zUG~yYd-(CC84{z4u?-EnrDyWKGMEaL5sjr zPB@ic`J1qyPix{KWzwV^|0Ho(3cb6$^#gS}<38~hZsv8&YG4*wK7JGHj|5_Lp_bm`e0J`PBL#O3wukGky zRlrl3VK>=hao-E`9c+rwOD52}V0PBTGd5q0EwH{i;H1utjuXdkoX#M|+diLAHhL@r zhv#_*&$FW-tIVsC=Y*mnQ5tXhbe@X)S!mlJ1kar6j4^t)>N=%v*+UqZ90Bb-(k|&3 zCX>mvco*<^KblFwVChlo%j?vX;WXDky_1!{_6?)>t?9Enlk=QY!_nMx0%p_+?@eqM zDVcMTSF=L{UYmZ0Ka=&{o7++47-_jF^4qSOI&fJHNpr$@Z?*)O}cH#$Jt`I3g6*BN{T| z-Eu$2n7uvaWOMQ3WawDcLs+(rqlf*W@%kvc>`7$Gt5F+X)pQe(ktT73$MimnWf-uRKwRjlaCN9oM7aIr~~8^Pf>h=(pO=d6I+f0g%Ce~PmC>HavLIx4i~;Oq+x9m4497j-F;in zc>lYc;ys!R3&g(n)$H`#zMoFxGa^87h?Cu_ zUze{engu4t$otrB#k`Z@>*;o8>^bjb$)t53U3A491Yo;&1Ad4Ff+E^szSjNytbFb& zR6@*&vCN-F!oOK3&z30XS1ZRdjIyp)>rn``=LadywIZXRSNtMCZO~UX=Sb+URoC-+ zVo~@cZTCOPEY3%NZifY2Vu4>dr$)g|yByS?I^0{c*XUUKN^7-nl1M+f9TI)~=$<;; z&d_#~ICok%U~J;I#!E7k^4xOrmFILv$6@oQZ~U!=uTj%J2E-x-fv5V_qANd&!|4LE z>k?QL$TIy~F3GDIBl+s>IR58djfRKtFB>N$(Ni9)E<9zBxf9PmgU;l4dCQ?iy}X^Azh25pz%lEE1iiGmsywXbS0>54)d%jN3wv^h&+iDg}WXK@0^QixDMW{>c zjeGZ6@%nOFSFz%TPZEbu3ZCnR5hdW+V?BElq3u3Mw1-~3zCUnc_I{W(MAN|F)5BwJ z+nzmx)<9juUVeBab`IF_D*EZk)x0fK^l1OgSGfWzhhBt{B-5vR+lXihIXTsk^psjS zLpyu>ispR7Lxj-=nVvN)bbFvP+4jzzJ%U7{7zb{y^^`?Pt49>7Ahy*H-<7AP%^Ee` zAN{LuwDjB$>YEX=5KKSXiqs&p_Mx~DYq~k!kvCl0vhO)-T-gCy_179*m zl7H5<*1E1af7AB~aWh$L4Wb@+8_cZw0=dcY__7t^h={GmMMpPSZUk)j#}rG3p9&x` z*;vX+goGChymmiD^)GZAt0_ljwmjn3D^*epR#!@{R>pP<27Kclgr|nIinPNK?b^_} z&`?SK{W_ZC2RFB?cm1zO;Q5%aUqrc2wNXR(B=a(+H5pZ(GPSDjwORRKaJmO-C>Pz= z)Z@8Gt!5IcNKH%AQ^d{YCs;SUB~}GUIGNjZx$ELQ@<~R!=*04^DjuNfGw;*Y_hu|k zC@KDzJl|bIJMntOYuiQwJpN0^X%sHWt$-)8_QwuU>+p;?x-T?>N^sVj8#3lI z>GltOl;TiGnxXHOwoz2-dq!0Xr%Njy^2mAZRI_n7Y(oF3YkEDC%c|n#4Zb!LbPWR> zx{BvRbXD&q){7-xFy8CP^k6V(+YiS*a zr*@uL-@BWUkdE9_phIs7!KB!Idq1B%u_z#yopPi1^nueE4svLL+vfS1PwvQ&vk6X2 zRIx?AF}NBZb-u}IwHb0uk`ht^j2EQez6{zDHpzct{{OdwzM$z78eurD=pnn#?$mP? zxF3I!u>AP4N3R}>-LM8#E1Bgf#U%Y6$srY`%D!+nwyk`|B5M`lW=?e^Qcci-?4)P z*Pf@rS1c266$vHB2UHe{f*DmS71Y5>nJ*_gR8m>Jv}l5#n7kTYe%&b?(aO`YG>Jv zJSNQa^a-{KG*Z4!$oafD66@+bD|*w^b$9fN!}=IQr|__JXDQfI(0j>|aQGWHVxzQD z6ySnq6{C7c`Emykv+#n$Vi}niK+B}%|3jR8VY~RKePE!Fc>t9@RDy+pZwbQ?5*SYg z$?YG1S12DZa*g3qBK)xJ*Px*G_ao)6*0U47QnFFQ|M}X5rBQfrsnrk&k0*HBfeipw z-|t&Wf8NNTz8X?zLbInztI{}vfpI%o6t!pO`5{!es`CS-gqm8h(UN3idEe`nQiroe z8&o*fwS&Jw&BMiYudIq(T+N<O z<{#MNUXW*ITEb-x`A3zqtyQ`$U%A7*M0=)ebcd(&B_bwb4;QEDhWGom47|mjozgcs zygKMrLg)exF~sFXx{i)S{|XGFuhZE|PmIK66&pxd{1neY>F~ZPrHkL?B%aC=Tp2=U zDd>5fpUIeRX3lcQU4D6AbA23{RLES2M@K4d8Stl9X(IXKw)FTLztsgUZHiME6#vl> z{`V|5XcIYY^t|D#*A%5kiHMBq`;#Ze^=Tt1^IRu~EmE}^@f~v*Zs*YX@T?ScA5FvQN69r6(Ena)~%N$R_l_GeU1}f(~9kZ!Yd> zvgE8QJkpR?kR_#~ks1B#-Te!Id)!s7MrZT#Z(bH9_8DPPF&`#&<2xTING=O_%|t*> zl}0d$>N%QSoFZ#>wapwgT%mfsFen6_WxBrd6^YyRvETIb>iIG4Y{L1PIz#r{A}R@6 z5<0y7a@n|Rag8rSXLZk1kVTR|^HZs~qQC)m4F1TpYQ>tB@~HR9$RJjBBq@3J=RV>B zTy1FxhHO<*>?38e$76w%T}xR>qoxnBd!xsUbXIzlT>O?=m_>X`Qy^yzmbNG1J1Xap z<>Cp4fl#?r{|Kf$&6~p`!UneF$a+Z!| zGpvTAl_tBCw`qZkzK}Tnl^m4>R^53ZBV2}b_$2VL*iB_CimN5Qa~D+$BAN)N>UUL% zFe^M?<`W{YUd-LxN4pJfvx|$)`{xLlpf%&F3Kp_1Oy_u?J2@|4$sB&~n4S2buja8# z&!iq(T{jlkv@>{+qEQLG?cIEg+;E1FWyaUcWh;bW;LxTIAo?{yL>a|rF z_5#eoG!y8M?zdJiJFg%B**4a!SD1wNw}7nL@o{=`nlwGfaAw{6o*HoH#0YxCPbNnc zs@KJoY`SW@c7Ure6F2>Oba_gHN|k=}z3%3PE_Rb+F+fZGoC_DXm1|Q;@i&0_Qe*{j z;rt8yUiO~kUD8fXSwrGN+>VV0YOzpuJ~7gW7jf=M_9ws6o-E?Ui-O3xy}L?|nYc;` z+x|J2|Le~czwd_OWe+t~8-Gw$;Rvr!M2o<>eRB(wdgyu^>U^{za}Gq}VVL&wl7ljQ z7b1xhP=D3aS}eDC>WyaAxbzF0ffE+xs116DR>GUFG;H|R$fZ$;qynl6!btucfv>TfqPi zg?^bW8MX;rFUmJhqk?}6U3a39i6>Yc$0r~#dkN$aw29et;d?h@%IJAUeSST_K_Yl8@p(11Tfm&$GC#fT+hy01=28>HhFKg zGCi{`((1SUe-AIdq+t-FZhU-aPm7v>lKs~4=l&nlaV?Y# znpP*T5PS-v9=mb|neAnCfSnNY!iZ)vb~59&e>FSTmi{Ca}sK8fR%Oo z0$E&34RN+fX#h-~|Kv7hIw`UY^Tn7WNB>&5^J3hJ4x>mF!A&>pN%_%#GR~dFktL_i z;qBdjdl|gnqpo7~_va=)cPh@$CnyP8`+SQ#=s{-tVHJg;jH0OAv!0CSc|*qUp2`TA zh^nBNVVOtOIK)VVkO4M@245vN>=%4S`l+n$i z6;AunS`^LJD(?RNIl_RV+9sTw`db<+dnco$9qT2IodYnn6wS0M+B_c$?$2yO2I3}j zXOa5~vxYeMj96jVcZfhnw_^W|f=rx$cP#{BKj%8t#_Nc%_{;Ih z19b8G$|tgf$DsGbMGn-aDRO68ET7J&qbQ7kTXQNUV!So4XRR+L?E$lPjvC7hNXs-a zod_}q1V5fse#<&;ee%r^aO>DKWQE|Us?z9ApV8+Q999-;M6z(Bz9qz7v77)SU5%5E z-W&X2{W2Zf_|H4s@`z%wb|n?Y3AH23aMFht!n z$27o2yZ5%W7hYIYei{u%dmsxIjvwYkPZeqh=hNE`pwpRBt9lMcP>eNMak>Q*uCJV( z#~32S;CkjNoslCW=Zrf91c2x3{ckiSw|41OXM1fAeK^z_AC5&mdW30)tnSTQ=Cc})$wQHW!;avPX>u8 ziUQM;`;`HAKHU_PZY=wUsaJmo@zU0kdH)jL2g7TMi{(H}YzS=oTm@X!|HsYpe?%bu z3Vr;nR8>8Vw=DcefA{tc@f3JvOpsy1dcxLCXF)Cm^Vn>{7wP<>Ab+^qdrt2n{w5)r z1o{^=$tbuhuibKOCr2{P38(lkwmM_X>d8aOmRq-c^;eGd8D0^Q6;WHZyzC-jsXz%n zSOXi{9>TWO#rvo3-g8>$axoR4CH}#|WxOPssi!A@N+b0-j%q1+mt7fotlxF35Cf39 zKY9{Dn8LpsI|j0-fsYoS?pmiZn-dG04d63?ngW`WKXT{vNWZbItV z6Z8rYqTAtGKc!U)wTz=&%dD4b;N+e7X$2o2dZxBS5bM^9AC=GA$s@yF5MQ6FmlXf% z5V8F^)Z`f2YOvzeV_c4E=yM=tf(E862twYFXK$&C-F^#{*OPOqzM`JK3dr?d0%#*o z@s8WVS3@)(blCM~A^cM~0{<-r_`*hwl7x}6Ffqww>LV8KFN(MDk@z)pwRN#S=*Q;N zr2@olVHG7uJ+%mEGZi1CoR*eVtr8=_{hfUyRL55|A|hh)&m|7y%*R6yhe%WVP1`~; zksnP_n!r|~3>1y}!m$=ZIGBWmW(*qel=adv~G(V|Gar;Cnt$MT* zEsMwQ))Lt#C*tmKZO}tpRN8srMcP^9_{Cq3etRD~Tbk>gxmHF|Zo$-a6azIr$S%ym$7ZUOl-=n+p>^%%)1@Ci3auZB zZ}^?GKmElRNNV_=_9klSKZ)=cfGrXkSxFYT`xWCR!ta5wh6x@XcX1rb#ZH zx>FQgrBxqkPs2O{^0eJuaW9$LQGdo%pIJs7fqs`9T3T$)e4^c!JZ66g4*%)41dG7h z$tyCZPy=Q#2iHfHT<>#`^RW}XP99-OxMi=4YgO&U{jBKncsV@NE-+OVo7)lva2gM~ zb&hh?UNv4)tv;Tw^lJ6jYx+Mf#w@pU=&8-!ean5>jjypY7E~7X0;|g8`Dj&jSjoUa z)B8qdj<@rJjzhnHi%?sU`|YE;g;qE0ZHPoR$l7U@9D>8GBtMS?UT{^?V8`=jx2osx zr7I--bW5+!tAy9%abE5?GL6lufE6;j(zj8!Cv{!}^oBJwm!l;!ej zMjEtd5CAoEBcA1?-+u<2o4L42YP{YON3^%vXtVF+G?_FpG#D{ltj7=i{3a&5xum&vP4*m|mn}uW8YT z_E|Z8eM$BV%&fNanfs&Evr?(^@lhrgB<(*jos>tVkT-$voT2?_g2~8PHd*>7 zlJP)1x~Ie^#+hupST+E56`s%Mu-=z#o(|p*e#Mq5^K=#Y01LCYFGh)lJIHty%ae*q z(=W#@`22`lbKb@w$^S}EN-a)U+|p9xN6}FAr6>dkgM{#tuW{#(*W{ACZ}ixTta63S z!n0jYp3!~H4LC{IuN%Z|h2pVD=fVmlYwFENF?mYKvlZmnj&ewvXT(ErwXu0J9J zirG1AE8A@!$=ZEa(pyHB=J3q}o0Lx$R?YE=kvVbyr!f!JwuRQyR_G2K*1b5iJ8wd# z{XFx9f<)Z-D~38TDpR_TAG266NnDM5gQFIDt|^X!HNq61OMd;^zpnKnyYAWE?(>Yl zIJo$7{VWE+zP4;XhwDP}1gvN;#-1PiuO&~ZpK;QW4ZL%6bE=tnc72ANZ2pR8Sw8l< z97ZUZ4D8nW-*M_R{YB{}r}_ZREl=U6{`sxS)OM|C;0*78;cYeh;Tc}SuyNCi*3M!R&1M;c zg8BvWo4(|^bd@>DYYrpOfNMS?bLunR)1Ub%kp%ymdXxB;Zi_Sl8+5`~MgbvYxeoZy zjWqyl%2q3noxI8~yPkV-z0b>0Z1zh(kt+i)M z4BnTF_K9JZVy-(r1It8<@|jj>{2XB?M!$av{#pqL3&F)rA+sw#o}(v?KscTj<4_dG zHwwgrN5+wrnOwwQxdHkQ!|L;UAVl{`bAK)e__jlXUc|ZRPyko+$@r}6<5$rlF$aNFmL-AnEdEB+kYP*=XA07&WPq?=yP48{YG=#y#tGN z{0@F;9hCGwF5AA8XB@oQd%A>Q&IbsWmFp9Yy|;MyvbZ>6xxZI`-iNrc3QssVU&(s1 z&k#D@d^rEcW}TWC!WHctzD}I)+$O#AxO>FJ{eeIwXwP*)vj9s?8_q@7GJuaX@(OAU zy*C2YM^sRHPE+_ZtvnohPuC<_25TS988ZsZE}IcO{y^g{NIcWm)l_BJYgQ=A(C_@i zspGm$|Mb^X0s8&+j_Bulx{q8yZU{XaKxwaD6yS2uQ|nuK&!A z8*J9SZp$$9*no$)B|4^9HQvU8H&j(kVYsbIXq!t+YcHamy(io@T9m3NtB6>0BKzA_ zroSqWPuK75`MpBjI+Wh_yX51*^TEgdjz?w;v(-*~M`JKuDR!C?cL=sE-{t7rY@+gX zm27=%lGit$M{@*#1n;+O?BzHuTqpXGi^~G@c-PeTuYmY_p)7GXGta|>V_e!VcHV*| z#DwLshgy=8sY&pTEi9OR2=bvQySWv|zq%<*izWsScsT{^lH$7>tI5cWuHW{f4(F`o z5RQIP9tEx0)b^Op4;z50JDRl;^DNe^J_o%a6rd6*B(nffqvPI2$b?STsk2S+(U}L< zkE_)4DZ`_%rN(ABt@j;c`f${ONK+UE?u%7G{d@U2oxDT{`5FU99QH+9##sd+v7nUUU_+mVD@Y z(_y>^7)Jw)-zDP6VNBsaXTj(3*+5cddv#?(Fo-#F@sxBArnQ>#QLaw;YujPw=Wv{?I z*%BuktAEn_)A{I{#bo$}7e_pT7JcK@@cvR?evO83*sS3)*r8dxkG$A`g_ zSG*4j@uEAlce9JLI^O}o!M=A_wfnlQXGkIT zXa)*t?GO7<``#O5SD4eKQh~DbVy5$8!)0cHVWUu?$qx=~wM8r=dw=6(NIXP>(EZOU z&}qA#_u8-2^Q)EK$FQkvb~Qyo1UCO=9SyXTpT(|i!yPis_&C$pEH!UI|AJoy+p4Nw z4?VP+P?2w~AQD+w^x73iIlV858&N3{+YcnXb_*W8rS6G*Hut(Klw zbG2ZM%kQ#JeY+BUjSfa3;rF)C`)UhbXcrz*gSj4uOg3)#G3-3q5sc-YUKU|Q{hz*F+pD5p)*yk(O-RQK#GY z#G=|X!Hs5j=fxiod8|(N?^~Goj2aki|BA;2KPs=F%`EipS;h?wHwMD4#5#LS0wb%1 z8+#yf>u}KBd(=^5TfTRnn&#Qwbd8#ReKWe4wlX7h<{RubbmqHz_DmucXSmhy)^=q| zY51V!x<2mz@{Y)ES0c4nkJi#vVrbGRidejYkClmhnBkR}rQt4o!k2ye@5ExcyXweh zh(Y&TUR}@=Pd+*P`utBox0DOh0jFZWg(rOW<81X4VvrWdFK0H)d&X<86AyUir8W9P z^ySE$hLfGKZ%z!1-I5|n&Y|nE!FG0bsVqn`X8)8_iad+z!~82_qIeF6hb^XTJG_k> zC6`B>xt~DG)@C=0+>?!-y;DCJFs^pBj?F{(q znzdWMAwxa1J4y8)k^~hWU8gBnq(1k|Vp_Vw)|FPup$n!2*?iA~2~%5$h0Uv2p-G=e zR%)9mBvF*I`Nr4vdi`^x-}L_ebjxP1@P`4ngO-E`%mXO$qOgS3?{(j_3z7$f&|6^ZUs~GXtoyS(N z2^BuImUtWMUQqDE^bA;Q({zR#^C2t}O2^j1Ti_r-0qd+~>a4B2&w%LM0pGj*Svu4 zh}fOgHj`=xyC=mqJ40XSHe%Rs<3IFf{~DhoQvTswcy0CqRa!;!Os)l0y~I{S&p9o99#eU5hSj}KSzp;BB@_FRckj|V8U zl`LAN?+&$ewdSR^_Y4WI`O?z!^$#w(f-6>{X&N4Wc7mF;lm4EE6H4QIb7${S-HteEgt2e=#Dd_RM@OEZy?;Zs zj2!3!nJJN2&EzygBcw8iy|4&Zq1kePLm@Awtn2eMPw?y7q+hbo?`rK5nd*JhlheOq z*aT)%i^^(h>IH63hS?d^O65~2a@=aVZngv)`2A9f4Q9rtlltXCxSW*=Nj2)E&W4!S z&j44bK&o>MD^nA&U2gZBH6ieH6H-9q6q~ospmz< z{T;PKirV6_fKfp~C*Cn%UJDR7%wwm^RLs`uP0*@cCN(<_y?BKk7Q9A8*ua)U|1cEGAkoXA$gMHs3BH zQrPy_47NDa3(WY@*aD6hqezspOs~n0>D77Q!$sDq=6-gkB`9xJM>Uy)@|LHq8Zcd; zhPTB%8xOYGc1Awj%64m1<~y?C)$8%|(Y|)Ef0D=TVd2l`{^in|PTZ5_50EzcE}ue) zsg}(LssA<^{*SGi5=q}7yyQcj-PtY1tgNWu7!3uh|2?ZY4W*p}zv#ny-Y-OrHq*v~ z`8|*1Bc|kky*@Bfut-=D)MNmt(Wik=XVCOMEW@~{Ju^*BZIjHtffilIL{r)?{@6^c zdg@Mk#MRWsocA{rJ1@GdW$m~*37D{J1(_YXIvKq9E-R&5 zYcsVj$tU~{?d{8+-huVhuGK0lJ0ey+T6FH$oVfEY`{s<}FDkZ8c#YP~xPhCg$sal`i~(|(m3D>Tnk z$qB3fhx!2*=>`?lKGo+X3_Oil+YSnPJPNedwAeLLxFE7SOazwfc(~xL3SnK^p*cb_ zYqg%{KDSdd3Cf`1TMz!LZXmzwFQ28%@g?u{FCst_N~}-i*x$Y_s?SnPD)2t&&?#op zU0q!zH`-;@KuD-4Sf9SwKSHiDE4;ddZu^8=dSD`r=2q&CjWyu!=Ds4gMj6Np{a^SO z1-4FkH6Bq`q|VodpwH_ABBo5~Cw-o;{5vwo#G<02F+o_DosECZtz)^+<7%%Npvtef zsYyN8bCpaaJkZky{ zYyC|a@o+J#{pM`DAM4#)?SiCfVxkG;b({&<(0CBQCS*e}I6gjp9$zvLPN{ETP&43B z@N$~PJYXFa@t3H;zk6)%OWdE_0?1hSx6!mJj6zuEN4g}mWW5ys3 z>r1}3-n^?N1T>@Ri4EK|o2}8^5rIfFN=na-4vM;HT;69LK&|egfhZ+|o^%{3D+#Z! zJ#Zv8=eG?3_?w$X#sf4}&@?i-8OhMi?05%KsXhmlKGDny!zl>Ml1}(7bj^KqJ<;DuXzcpwDz*~?mjZrmL;E=$Q%mH znEYcKiaLB}r|_(e&G7z_mj}U%Kbv-Y)6!9)+G1+D-s@!W)s}eVpVK&H;5b2k{_P2f zQuJ>8AUQFSvKIk$FdY~g55^|B75wo(#&l$J?5__-*~`mrn{|jx=%tG`s8XEfO{=x~ zS5NKq*7$4~CuZ)7pC~+j!Xpm`pKh zkDn`C4|u|9pyCVh)^&f})bMM?;TCLN^fJ_f!U0Zpx6Wsq;WssHdmEMiyugpa5ZqM; z(#Yzub8Ds;b<=RySZNjZ*f_CwxjH+FKim8xXwVAs$bvZ;w&*8t)2G**5!c||qT1Oo zz;mNv|8igR_$S#Q-VXFRad47C`^9o2(a}INFnjOcCNE zi}mQhTI|vwjZ9qgEH`)akz+j3(-4N&-9Z|&pIc*%)N%FQI-@Q(4mZXT9Rhcd_%nG^ zSa6Hp65IXKZwR~~0l!d%0_F$VBVK|f?6Qr-qnWqi8l|V?Ib8Dq;@npn5J*5Yn}uPM zK4fzXb_A;+vxQY`^SuFGbj;=eFE`_F82D-`y;~aXdVOH>rQIWL zA(!_%_b$zs0oQ7}qQ?-?XymDW8~FM(yBjsrTv++3=fhI{%)ct+=_a8iw^XUmJ*o^V zU=bP3!G4Brm7o9ni=N+kl*~teW{jk}q7nT&@6iqcYPTylO$zvC zJ>TcLWV1$pz?XKSr9HCrA_kJeeZ zcGx7T)@U^_Cq>e&^1K;csP5Ufo*iF!>mn86A;f~PY}wAilIrpTn2(3sD_FXEDW*rN z+DjV<8x2I6WsQo8vdY3QN@;W@=^=5yKY^x&{wF=>Z`MEWd>S&L^1nV^~4hpItZUIKg+rJ25{aem+iI2L9&VV$F z{X9Ol&1?MeLwWS3eipaqKQV5rlmB>VCfSTYNB+8!!G?i%7>Eb_?qJ#Ec$MA!XXWTS z+HQEC$$akO|4p7ib}V~*(CYN-mY%&-r9~PsR^h4dBzL_bd+Xu$kITAtA7?QYEL?aE zAK9$PN1COBy@gTi;Nt7Nv{0C5uc24GnC%@7Cm=RxWcSfLhj{5D@tH>p>vcV-br0W^ot())Z znu1StCp4IFS$A}5RIQm8ubbrlQ9+IJWMVwxy2mPO^Rp0-+`kWH-PwVyk1PT@nwoS$ zVqySL>N^l=-@YD>ZKY z5BW{m-DPiWH#GX=$X{)bKgWWPo8^1DdH=4%-gu~zD7?I_e?@PN8;(N`oae(tQ<2>j zm0Z8;_wPlG8`Ra+TWW__e7vV~kteEjKCCQ3*-RUeWIze^e0!=Yh@qjFQtCnBa~LI4 zhq>GDH>t41P^33s_{Toc@qlpu_*zx^c9dI%;LH0v?wD(`azKuL7_u~u<}%FCL2OsN z3ce;PXi60Y1hB=YbmI012{c}8g12CbWLh3twLX8MVHIxnNE|^5%5f5EJv-p89S&pj z^72yERHY0dr2DF&(TpHz@raM@{!b3lEhF-f*c*+1~X#Siw?tbfaa~R#EZQz;lOxExkvjps)ZaWd!DOtOcAY;!=V7 zf9JM`3wXWkf_7k%e`Ya!u+{Zw2a$#BZPu^;S-;p!xanj((FW})duRdc@pc`g%)<8H z?N5#w53+aE(2iO@b2_YDO$_qvzW_gPjm^uOVWa%yDW?$>w#<=)RsgJ(Uxx8*;B)Izg@721-+0iW!8>)ZD2K8>)-0QTC0RC$i_0C1<5wx*^ za4nd}R^6VWXLQ4u`TwLBDxetj+Q-F`@rw1*WG)@Poc{`sFg)o*t7SNW0Q}s6zL5NQ zn8nf=OAU@KVc!y5p#u9&14eQ)wynArAyR}`fZarz!?{>EzYBd1+oisuOMLO^8 z^MK(iwH4r_dw>gYh&b_-b(1}kyLF#$VT%yrzIcQ7EZ;yz% z`bw9U8R{HG>ff})g*j1_E^r53qK1jM+U4_iM~Ob((s-TRfoXYo0I5c2Yj*H?mCgX* zQPy?^c(lHUrxYHm^%DSihc)L~bnx~7Y4%YL$5TkjT>lOve^0OmaMu+K%zuKvv#GTc z+~VcsgI?>JOKcf85fl&B}40t8S3_4 zHa}@BFC)js%iuEqTTL%MIM3%fpLoYNj@=|AS!s>hA8}2vJem$^F3lHp>AVf{u?8%0`4_M11wh}zEW8eqz&>({Q%^t+V z8#-zfKpiI!_IW;TZl`PA9<@C{J-?f10friVk653p>yxP|JD1V6Sx@LjF7S__JLoeh<%V$S&Xdg9w6Apa- z!?hJ8B4xC4B$4-l4s$UJ>-H`}PHi~rH7CT%Dvp%yJrj9y`dR73pMuY8J%`3tSi}W* zs?*n$hWh%&^Sx>Zv7G*tY5Gp(Lz1Jb?tIy&r)Z_Yx-`V|1E({6pD@G-Yj4GhQ2kHI zZFYWBo}-M?Y?8GUl08rk5I=+0ZTe8m`QtXl1p96AXS(LmKkSlvZlBNWT}^l2*v)=8 zy$ic=UrxwrEmR5uIFLr)TQ+ue>0NJH7`_*D&+fXq&QjIWV@5`-L#g?XZl!g82gsJ^ zl%v6-M)PPd{!FKhl0UWDZZ)h?S3w|%1oShM4?# z42)1&C%O9LUXUJAMindcxZis)3fBKkEmgGPxah`#gzR1q8fIo*ks>V_WZ8o=)llB@ z%{aLPdmm5jwovPiBSt?(1{S7Yl{L2+OUo&b8j7R z-XStkQNRDz-IDgQ2rFg(ruIXaGvK~8QwIip=FkN)UbAdvfd4|A6I%zGM%d!7Kq zPOoc*Z0eSU1Picu2khqdaa#c(EA3zKByy$?vo7^TJ5h3sPdTw%#kRXHX40f$-c3|! zRGO_de7qMDP<&=2|MjGRgZDpAS(opTy9Ru!ctaPnK#@!V5&N1{Q2Lywm+8I32JK?R z2^*wg@L;j?B;{}YBDbJxvA}CIS`(9YU)a=Fet1>mN9o0d{xuYtFV)gG>J{3Wg$3VT z)EcoVQt6hFgw%SLZv*N^A!;`1GgC5LbfmHwzy^i%uoR22ZCV#TvFy#voKFfLlF%{5 zeK)?m727K+YFZ-2LBHbsS}!p0_)l&}Rbj`%lM1Zc<6FzV{T|xL^AL7o`Iy7*h(vtx z`_yCel+DY{0PzzVS9oJ7WU7IC)@RDx6Fi<-fT_f z2y*tmAGetCnC16Xj*g4c7*%reD#xJQ?Ze#75rpT>&fo6BVl>HI?h)FBMhI=nHEN8Ci^iJTGk9E1WAv z=9AS1of%OW6Nkr%(A2p;eevJfztP@ZZ3)Ch(|>s4_d*qk_`YrH8HY-87JU5rHM*E= z!U)ZS^H zdp$*a^O!2fc5UIC_`!#^MH0y?A-h6k8G6$5zj5YiU6Y-JqDQ(E6^pccrQ4Lhkc)bi zL=T09`A}U(c=NGD@bl@~V#Ed#d`2^5M1Axbm))*9<3BH?K*;tyg;0z&uNcH(Y0;M} z4+o$l`7u`@ZHw3VcnMEqxZor*tIeR61MgNcOVU=5EG*ZgEpPKCsl{c5?5m*%$&Fu| zU4-t5J^0T5caKChg>{DDA6dwT2&VT_@JJx^ix2P1q|P^AKRNz5`hDpJ#eYhNL1>$V zmA0szE^3oTqGHUZU%|cx@Y+f_tQHGjy(WCeOcBr}r6^*BdMv#<5U0S1vZ!fgo(H8~* z4ZxN@Ij?N?rhQ-C*1)F(8qJ1_DVv996)e1NUi|b>A|AO<+x_Q{xm85Y@RYdUtrSiW z3n?L)FeP(J8t2Xo-h9=YlyB_P=*Q5yxzFVlP6hrhtqv02H$YkzVF?4@LoeHqDDO8_ zS01-tR_<4IlyrXuOd|0v{hj(R&t069B(Ya((q9BZ))v;QW=(`_R(gszAcyIGVXRGhsPEs(vQ2S`A*d`m*DEUDeKEcBF1)YnkZEXPoQ* zhXUViaKFRGA+V7WxtwAS4zvtZF_|cW?K@7S-}AB(Ch^C8_@t{n#4w4{e&0}OibhSq zu+a1L_`%EP0Li+s0jbZQe2SF=4{2x_RL|r;Atn(V;5L5e$(5dbG-m^YT%nr*PDk?L zF`P;Jg?hrB+lr7tQnYz4j~iC6!(Rs+$n4Md>rBXwHe43qf7^4tGKR$wm=b~pD<(3e z=Xq3i9ht}!?_x1aAJ zUif6G)QZVzQ)FYn7rre>Xc_ZsV&+jk2JtVf%aPQp@jzLBO{_nci;ElbklByHPWbta zwL?8QS*-|*@R?Sv!AA;vZTb~`zZ}J;A_Z|0K~YgdWH!0gPdvGwF>F2R))f`B{2w)> zB5ziD=t)kV3fIM&M6EDXBF%VmSXZ;C`l-&ZYPW*bi><6>dhY-bRc&=z!iJGa?o}mH z$++*46Sdus71_#bNn;JU^;rtMr?)c&7NeSYMGOgYfJ-mBGbLTSd!v*7oh! z{3mTX_?eZiewf#Tc9tOt%OwOr{DV&qN_irfEBwU1j71F%*rWtH)t_<+%y3H%4|QJ0 zk5@Cklqj>d-IoL?=DeAN(<8%O^3KqxwApjG8h1XwQZG=%coCNVD^9L5Y&D#^KE*8R zeGG%=wCI^6qO)Sn$uUot6U`(Utfr$QyYtO;P-oD11nkpuWuyosjCctBa_PwAL za!LNzK7d@GvHWNy?_%4(iF7EXE2844_8F^MgyIF>{W?Qec|NWC@yCEt5j%p}>o})+ zm(9zwE`wQtrP>i=xS(e%%JKCwb#lqed2})7J2R~T)a?k&+)WM}fGyvLfrA!Zhty7( zA4+`G`v#I=TU=ENGwL{CFXGnFZ0(N7^0H5nFKm~f*=Jc}#rln{vLimmAN~gGtFLZ~ zEa?Hs#~bYu1vG^RA6~S_{$UR9^IedmAC%jnVe31S?Ej@$6&?Muib>pckW|uGa-0Ho z7vc*6I9PqKiLQ60J==)|D@4dqh4zxvK2>BloT{&NdeqX=(<5geehQD6ho?v%`zLTt ztNi(^^N+;1dy}l)X!8@B$!U4?T6+E;N4|tQ%CTpgtqGVDE{Lf;=yzO_?(nk-h7#*TAAV3u7-6mQGC$Snkp`*_k`4F>lka4-GJ?C{((z^f-bit1)IHd(Q=ALx;%pn3z;s|G~eR&{JkoC>vkma|7OL>{q(s$RuTMpSoj{R%Y2$K zBj}tZR-Bc28>2xAFlL1u-%RKBHj=} zlTBAna;)xHtMfm0O%mzb2FT>0c)GJdPC&VkP;~O-@aWa2uAI zuTtE;Pa?b=n`tei@03FO8EI*xITAuXf((v=YY@p%93DX`#=cudqj zUn6wvRK$Ew(|1rAD|&6Ua;eC1MrX-?Y`#(cKE5>Rq=-w}bJz1_I){YUGao9_`O@HL zmKovJ1nkRR=U6vg$4{B}E1AB?9ZW(%zrNd33F1{NNzf@iZC_;s^Jw4Pq2%nY$-;SCffL%QtUOD12M@agEDP ziii7poqd+~DaY=~Y-NaTB!Z+W+0 z3~p}r>=pkW&S1n#2DD4Q)Ulo7*$+C0&sLPXUZQDD=D-cRbYdJS+L6coftDWQG`+vT+rb|8q&dC~K!8C$vP*H&%EqsE zkG(Q#i}L6KMXMa_vgP2Z9d&|aNkRLW6W@%G?khw2RHn>1+RdG(7vVpkF&8UmdP)YquPiE zIl2y^JP(X1exVD0beiF``8IhS64wctWiS%X;N-Z{qdA<>9NLIq+RQbI)&4;Kz1Cye z#|{O;h4gB*YpdXGpo&_}0bet<%*%0ruJb;1ieLLuipgNcRtD zSm<%x*HUh+qUe--pjtiU?^KVsetmv9#+a4xVCwHkJF@*Nl^)W`*QT|c6R*2igQ02N zm9KkolR=a3%|671g?RA<0JtZKYpQP>rD>=iFn5b*876Ubm_Dj4)BEqrW`keU$Z=Ykb&~+stAG- z6L+s@zADfu7#RifxVD};qh(3<%c81MQCepDZjo1>Yy|BcWEZCLQ)sH3SJn~+0baO8 zPRSZwFq(88&s50eP%>+|WR(_}$$npf@;WKs1Jvu`|nuZ@0~c}vr2KU+p-Xw!abpU;1%oZDSA%bpWQbc0G-?DU*1 zPg@jOOn1sj+*(h|aVnU~R$SNBnQD`?6eVYhu%9@r^{D2Z)uTl03~C!H1+Fh4Q`e!o zVe-RHveCpd^7Yy2)c?tUB6W}=r48luTCZVgPpW}b*5+^~_zR*8-yU$={;)tp#(=xa z5f7Bzd9eZh@=h;1YC?el5JC%G8{bx(8Ubdwn$F_!ifi;f^Z7!^HX9V0;T=5hlDmmo z#Sepszot6WO==)9n5`T4C_=?QqRI?FlXWFR5fwz7TJ~$7bjrV zM5mPz7u54PKjhl*CHGO37i<8X>y?=r%PA5ky3ikj?m{cwqet`L3qos zn|z1kyNp-va>>}K)Bfw{DS@yk)Ag&5qp@y2`{R#V$B|pJ`{QjnB*u0EP~#(0nD^5t z@QKS+3+8J%{m+ zxVrkH?s2)bcwz>?1l*ceZ?QfttyDaR5w4k7|NKh};Qpa1l7HdU-s&iGGZZjdjPJXB zopSZuHzxhpu+G$9FYli@bT1Mjz8|FX3t7*0U#em&@L_C%Ujpg;k@l&DQPZKSjna~} z%Tt&wJbst`1=;Ph@w^L!`dK?DY}@RbEJNoO@jHhAAS%-&J?R>^WwtZVfbbMUWSn;brTB;vZH-I&z__6 z@a)0Q3)^3gv`lUk3=6XQ$q*TfwD^FxeAOR&WQzFDz^NUNvb}BIih$1JrgQl`EA{Tp zqW84*Nr0v&vt!*RTdlt@Z92;{fsnm6T~sgoJ4`Z&_R;L}VVAMUA++jPGBbpD{+whH zc*F}KzMowT@nqD3Zbh&AY&C7y-XGPjCN=FZ!a5!nyzN_>1Ym##YjF=43H1DY#d^Ux z8P>!;9mwo-yx}?W$zR%F24Lshmrn`6ajO7Ec$sF~Q@g&AsFpMkNeD6D+dcNVQ+3~2ZQBKC7uqgh+=X6N8)oO^p~SY_ zdLdS@xXmbyGG0%L@6pA4?(QdtZKL+RNRp(2b8L7?an=Cp zgH#G!3O0uG-Qfa}frKDQu{yI+gB#sk>3o0&lEgSRTJtZ} zmJjeDX&LuNzCLC0xoc|%?yj4>cB(^h&bS)e!~8;G8sViXs|f~Ar;;&V=zGab+8)fJ zV`l12SNx)%oI=U>_E{Z%5Pj02LzRo;m&607HOY*RTZ{c{jH&ZtG%wtr<9qjf?4$5& z*^2w&rVqHQC$DaLpgwt!4iD8lK(A}X{nJs5hLH`XHrkj zY&O7aO=QY+UEhZ<4Yzyy8?d$}nYyfTBWQ+JR6UybXEYQ`o=ywAn?Y9|=-aH{pWW58 z6PcHvmIQ<_T}ZfO$&I1WsIXrm@}&U+AL+%iS8au8ws9Nc-)l`#me6;zx zSLyA-o%K@M#P8Vlz%^;_C(e5;y9Rz@b9h}HISRXdl}H}00#5LJU}EaNN=DEh`VT~k zj#Sz-<-IM{kh$mz#V55$Y4Z6a8OJ>0z2?2csTm~QR$K}pf@pIt+^sw`J@CQy8wUTl z>ml>KjyEe%R3h7x+m3mhN4N($Keu}b-dk@NtPvtf!?HXPI7HRewViFO6ZSb{nJ&DZ zomgNNxZjr8T=KL@*q|wsR=hAWzg=0*Yg!e#IW;6a10CN8U0=kL-xp~xq}|a_a41?> z>?`Ky;%1u$^Ig>yR1>_2iN~wA(oP<6drr$R#%ZG2Vv;wPRNVjjfUWI%mgUQZaZ&s> zsO|l7^QJ13Z^wGU;-J~+WVx%r*QU>}1@*jrCS^UI5V&91J}Fj! zYE^~3ny2vdTYP(7sjW9;e}QtnjcqJzxsOYC-kQ~z+vwS}EnIv$&5zkg1nGP)(~G0B z{#dyy^qE!Q{EMar19+Y7i;+>c1(g*O8F^Lh$=9Uy`T|2rcmkjmz|;OoLm(MSzK}Gl z(`!IQZhhU39;T8{Rxk~QlI9tUSv+I^4Z5;Y(kJ_UrkB0HaDyA>`MH=zPe-QIbe;E5 zx5g8-)iKWYLq=M?)mZ{zr7Kk4dut5{RB9Umt*`i6A2pp@FDt;@P}`38E1s6?;lBAe z;{oTYYPnY zqqa8#&a_VH@0;9EH{J;gQqu#Uf68_#Ojbt}VtQe~(o>20bmo^2jE;$rAZmE2UgMEB zn8~fFG)(!iOGoaSAsxoxtAUV@_kc;C&r&9QyF5+&m0_G zWrS=>wLB-CiNrdLolIDxSf(G^mY)QQeilz$ctk$eLC;EIU*xh~WW>TvAjIoPfWo!K zyI>x#@X5VSd?u)QrAWWtxVwig4Jo3|a8B^p^t@%Sz#>PU7Q8pPyJUGpm9IsJazOLj zxpM}rs201)WQZMB%LB@$Y_-aci#=r}$ccMa;YvUJs@i%2!PM=RQiz~651S)wXKAr_ zsm-rp2sxy}B3(6Cgeuc0orD_7%4pjZDnhQSOHose?M_~aNd)@Bg1pK>Fe!T_f1c{M zdCG_#nXydzlHjiz8o8rwk<~xyWJry>+?#^=G&IfrMq5b6k@fJa9;qzlGLi2*ysijt z7D?McT)N&mOKz4?gUNAJ^Dm~Pth7?A6M>d%(l&^jdRkD_USQvSLNyTo}k>^d<%vh z9D#emt#ms|TI<%B{;Z}6mo>+BI9D1eEv5EBM1w8ZC6yf=Dr1Qwa5=H8WRfSlr$ia# z!o_}k!u^d##lXNI0rgN|&cLwb<6eEE&0femi3vYa(|hKPln2hilIQ%*RPKrsDFDMXJ{wS5Jy!^Tr4WwlUgnu zdPV(FCH<><_2=zErCdqOi2Zbxp^PKiGe!OyX*kk~g`TM_DI$p}=<95VMr}=K^dc3P zmglqXk%qH14Cp{n0dptjgQEKh6zBIK;W%p=85vz42$;;R^HqzXW&C&~wWfr|GWRBD zpqpz0b0W4r4(Re-Cu_#rf;R>r1Tq1Zo zg&bL%tc_(jpvGUdOo!gxZa9~UEoFN#@YZBOjSp<8C!G;pZ{y2GaDnLa{f%YPDptDZ z1zENuCP*oVbcfOKvz^P8ksQVl&wx~ak>sT|le>FU2Z{4=;oQ2;)PA64XD`&MS$qMN z)Vx{1{V9~EOVRVK_kBex@&4J_3+J;y8zX_gGbew;41~jP!M!FaJlv=*y~wk0hl(E? zwz+(B1v8qjEn(2g@H}E`I6m@C`gt->t-psdHW}J)s(G9+ty&VR=9|cLp8s4*N2=g{ zI>%Xg4xx!=gcu*%n1{^CU>$8H>u2O-E2Lh*XE*IFiAT!Jwd_&FK{elRA75Y|7XNvM zbGa9o0^UYlZqm+whvoS7>)Y-n!B=_2`nI&$sw{`{`Hs;N(&n6Vi+P1_NFu_LwG^7t zjHS)ep6e-_A=7r+SCWp)JCag44~z(~Gl}fqIA9iJ*a-yoSroO4HX~nbo+I3p3-lNO zc~5w)UFG{U!$VhDL&sYrsbqO0_c`?pHZ+V7h(M{Ov4iPa{p)C5-F=Fo;K3Dq3_Q1D zE{M4E*qkF0)uE0KF_7z2%oFh8g9N2ga6xvn=(rgBPmk?rrrU$Av~Z>A1Buhc#iV6( zm;+%>jXGCyJmrnm24^&R=spOf`vWSrkmLeyOZW#W{xe~PLs7JUKvAu?x@QedYrhH* zw6s*C3zY#N+%I<}whQ?+EvXdAz-Yq9v{;6eDu_Dy^Z@a&-_h%d963-u{-cV9LuSI# zRLcqe#g4k26>w)c2dwC&nO>jzn%vxD^&`LUzesU*U3}|R^c-(!>{b;V=CsMM#CD?`z zl-HEb*R|Rn86`K8YBE$$$M8Yg{sDY9QuXAMx$8`NV%}irUdn|yLt}INmow=lL!1kO zk7VM;{|Q^QqS!2)|-eE74(6;JY?VDc|tP^$3fdB5lKa@&mZ@mVF_6 z&Q}Paz#sMNEc}IeZ!TZPvrPKy^zXqt`uPc4_6}`Ft$?kSbvqdQ>t*e< ziSq?*pw>1pgoc{h@=!PYAo0s)>RbvE3-KMVH!Q3!V|mfLe!cOI4Zaone{aPgRfXJ zkwZHRxwe7|AxcYb_d$|TYLkj|>~!*@pP^2iqwcxb^ywM`kA?ynW&5E#=>?mE*~=id zWO)L$YyR}RnhF6qzXi{Cy;Y<7{h`6oaX0c5gnM_ix!S)@D%u9AnhuEPhlkkw3a>q~ ze)FvHmZ#`viGTa|dvdJ5+do zq?4%)m{%-Dg;gBu@*(CE8+jYoowk;n{PTnUEO7{jd@oWM@jBles?04AtT*3hmw(7- z?d_JCndWB|i|Yi~$K#c|k+v`77Y@WREQF{u2F(?*kB*=koNc5_Nfs>xSaHc7dR`wc zK)Z&lHlQNM?ek~1s1&Jl*3CFKmH+y&KcSO9SxS6x#H-CMpL5NWS}+8U3S}of8;!F# zpfHnrCz@FT(K4apH2oUR*5#L|>(ciSP`=}rEpYsdV;NnRb9*-1@joDpA09v&4KQo+ z-fnCupGorWv$gQ66*FDOm#KzDKX+tK)j*M6;Uqb~nq-E~J2+`Wj&^qJtn@C353Ns5 zW3JZuiDIC%ykt>oL(#MU4z}UU7XO@BKlFBq^)I}^F|*ESkq2JfjorFBrLoZMx2->1 zEdDa2KkYmx7{OZE^=uY+H&IgpL$9_`+-jwv%KY}bx65g%E;ANVUh}`c|ND>jHxli4 z5yZd6+5UGx^2Z1MIRSnj?#W0cEG5kUIjz4p5dH}XA7TUo&`ovfT;|@ zRglD<>Hgo>??2zal|{&E)B!er7iwBs62X91B1(Y!dM;Os|KGCz{Jecss2zDFXPt-i zTtaF)uB@!Ay1H7@{Ywz?b7YIW1^Ee-tFvIsa3A{I;{C(J#L#lqu$YKxXeKJ=_~^~` z^$uWb;g*j&=Focab6Dm!BWlcQ%8SwSrE{&}hlYJ|jiaj@K8Wc&(cepf@E}UJ6z<5Z z*0rhK&egR~m4c2QIp|AHJGK$=+}?>*b1kXF#rHs`6+G@dP#K=ZV2f8rTrZ4_kDrH? zT)4+XLXk;8hS)X>Z+cEDfQX4+z_P_6!xNpm4VQKAT@F{PE5Zf7X*hTTzXX48{Xaoq zxd7Z0VcYu4(FlmZ?(qs`6-}zy^{P!c&M58ai5i`&i}Vf|2J2E6t4p{#kKNlNQm=3b zqNbxg+z#B4@SP$z6oA;S@Zdb>!~6=_Dt0B|D=8^?NkEWG>FB$>a#-E;@U{!tt!!i# z(su!!yW+-o&%E1Z<>z0t%fBj8Ni=j6u!^RNALUFxUIB15q~nv{u6P-*^E|ee+mpD; z!c&uf9VRO^BGH?2a*z4)T8VFLtxPRT9WM{HSt4HZs&a7U$O+E}a`w;REP=L?Owb`4 z14}w{>vySh%&a9fSI6yZtJd}fU5fJ~ORk4rYS)g3l+a@zA0H2^>aa#uAr3CvvRs;i z_Gp~IsBV5kl8o#Sw;eJZ*ziaGX>N&)`;D73?p#8ArE!&UH$dn1H-8CKa|@f-aPH12 z?0njuua5LXW`89P3_;y{O8l{{l~y(}Nq?-oaW zNs7_&mW~1_v`38lfIuU8Fj$t{cGCCr4!Y;o(^~blE;(6n$!H=_kxmQt~ZH(wDU;d_)o-ZO{F)4lb)V_bhGuD;br?$L5oDw?>A6{=B^>NBG5 zY|X7>Z_c-5oSY(y-EC{a+ZGBut%~UBE#g0_#Nq@>;;4)`7Al>qTPwu`T-*;sk6;g0 zY8S4cbJ1%;feCD5ftD@A)@M-d%puyXORTQTb4Zo0c8MWADl)Q^(dWqOx*7u{yQU@7 zj*gDCfV&RFLnFVvgM;tM$!@y`d*5H9omGP`O^7~C918yHUi>FK&540K?VRJ($Ret2 zcK_0Rux4GK@8gDP90)`waJ^Iqw~r$=(_tnqU6vGX{5*7Q5H4D+m?x}{tL;*|VJAC+ zrhR!C5BhG**~P_z1EFU%IQaRiL=jex$CcASW59*;UVHi6bjNl zpyKCO+1s<2a8FK5q^gkAANC=k6JSvzBHpI~0;Sk`jiqqtI9A>gF8%>tUEmW608xi4 z1xZxujtZ)Caq-_+(D0gu%RBwRkBZiaHvJDa`R68PQu<9my-97QPXd?2kqi3rC1|A- z*MeSFZg8DVF8gTSdJx5u@_a>lco#~EuV5(F(0q0KA_eFjT`!qt#XlXYq`J6*;vFgRF{)hU~|LC#qY>)@3xI)szJoPJNK{4zvN z;f|k@QkbsO-huW`!XAk zPU}OJh7jzVheg-E>VB2W1`(7o1tH)WhTDP>L@LsTc$U`X_S~y4Y&t;}@chtV4itHh z6@dn-uC`w(N7+_Lo6)_q_g$E($pRmme>kqH;f{@)j`cRj=i=lPJg^Q};ZYfmd`e<8Sza^|m;te4*rE#{|U?ESC6nVuO}Hvh-Veuoc7 z`h3Z*4rOQ&eEst~u>`xz*6)j^seZ)!VIv0;_g%||8rZFkG~foL+*qemEKOk}0ua3M zb|ajf-j3dMNv^3^naEJ3OM0GN73R?KGl|@N`TThYI5rL`8t;FDT{tqL=q!1_F!Ny` zDWhOGuCo(qaT*la=>j7}A4%!H>w!QNNR^xE><};KT)8CC%+#FcM3V!=EX%EM2kDAmoyg<;Q2s*;Nbl>UByYd z=3N|Uw6Qs4w>^7?1pT!B^=O0rY1rPo95Z5c2@@~jIQV2XDR=iU*$g%jWqaQKP*m%RBI;@x+dQ*)Z0 ztdX)U;Xlbgr6_BY_wXBJ*z~-^#d_>Gout2*qnewFGP}KAEVBlVZYI)IO*-j)E3TXC zmK{F`2#Z7~s*srnK`pDpMDS*bF&_yw>2dFFZw<9fwD-gVZL24yC#9Wai^+895A;mB zvamE`(Bt4Bj`4k981BkAE}>RH;gRr=)A-_IUM=_Zsg9*zA9;v3yFq|OgXf9BxC`s$)P@L~1bM!dam4k|M(nqjW$%#uKh@Vq57UZ^u^Dsh3z~P+ zrAtlLBv$HmNL9kiQ~<0MEk8+F)9#;Nj(@ZGT;aRlhZQ)zzMF1!{FUwtuWc>XaP@`1 zvK870ILD}(|MhYINt0`t!8Fsm)TZimJt{7AVuT>6B+3RUGU2d;U+9zrKeoo{-Q?6~ zb0@^0>BD(o68dcXClq$DN>R}|$IqnbVsw1kUH+c^LCN`v3Cz%{{!pKt&WCk6PX|{? zkk3^jqv*<6h5=6_pXkAudXGK*nTwFoRX}K3ook)=chhazsZd98gy}Bs9<=8?C2t9Z zbPa*gv7JmY{@>Vo%)_S$V(#oSA*)O4EYEukAHaSHgOUjdfbEy>$k;WK+fXCXY=n_f zP>jO63BZKAHve|ycldA1aZaX|m!I9Ca?0TfbUiOyqfR6w|-e+z;SyPbKKA5f2^tmP%i1WQ$66n_o?IieM?#X|DqPwwQx4;mF zYeXm~+W{-Xc~XbN7(`YrxUckCB&bh3L&x~f2lLMMJ`B*jF?<-uc|>v1N)2x$ct`Gi zQO3Zb>vNNcOU3(%i2DWQMyWRMW>y<8bVW(`l>|N68OhHRM!U35x_{KPOUFBZy&vfIaP;iXX<}b>n z0bXP?LgeHwA^a6;kWKsYSVuz!9NegpHG*_N@a#wNi6D_d!aQ$(`R zfs<7R)V_Rl(UZ6*M>Its6~o~>p?fv66PW7V$>*$EZt~Ss8=Q}p?Y-QjNVVY>!y2RXmqq9RMt#|4i79#;K)_% zt04AOd}XXcbhH|Al%Cx80x?_nK4|!(IEmE)+-1|sy$t&Jer}9HU0t1dzk)wVO`NQJ z6tC9xm|4Bfrp9Nhe&G$IM66`lT2o-`kbZ*g@Ev?usI#lZ952t#8t$cFMcvPzS~V%KJzNT(#q>&p=t5snJt5Z$#3#~;I z^fm^Ib3Zkg=^<(5@}2F75Pjmcp2KW7`f2$|85GZ|4!QK1S&NE_ayaWRko1uL$*AoS zEkD(?f5dA{Lu)piY@e>>*}uu~+@ZL#65hK0L?%ICUMS!0b<|+Gd9$4u16j8a9V)oc)v|6u5ZqU=kr zy`r`*lX)tY0{M6;d^$@}wjkZQnyw6k3)XQpN8zR2g3O{{aA|NNO)< zU3Jue%Zek1LUV`7$$(c=IXBSrqSj5M!L zFG0J>=J@fR)RX}?n7yV2L|OsxK`uKRy>7C#8$N`aX{c##4~?)1&b$`sv}8gn0HMQv zQj|x@Tl0gN(qR!D-frC_%@i)%tXzsuPR3#>WC|m`pL8&>UH))o@1Y{y1A;wAL*}G|EeF8plJjGZQMN z%~Id&^PHsU%PjQaN%>Mf~}1PFgn5gB(E zqtoN3#QRDPz>{a@$xePAqx8lp_w?(Go0Zq)DqyEDTcxC+OcNZzjbG4CuUa6_lt24H z&0sVY;!MAk=-3?+w}d1)<}_M>TEjBBhhJI&|DSjA)C$9{ycsLPdNv zV7B~1v_bIn6z6qWt4COP3Zp(gOJdUfbl$HOoR`%*pBl~*FpN(Ra5l3*p2iAdG54@( zgN+BU^O=%Rnvrp?(AP*YhRwsXjrEw{>G<*q+>Tqn;ruBg?E%Rp*ClNVmiE_~$eQU& zjk4Q=aUZI|%xwoRYMigR`T0dq^yHVkt{O~@9=2kPdUNUHFy}3f7S{D`QGQ0{$L5DF zY;FuPhbEJk+$qX;`~}wz<~CbT5B3nh??euO~Cq``4K*ArxN9ih_kwt zu}Iun?6qzq{z0gmdflc06A2tqoPThmZy@o$Diof36T23?E(UR{X107d;iXEr>p9s5 zlj0?vqT+0(1Wbpj)3o_-W#;2u7_8M^G!W%sXeP~%&~6z?Fc-|obbt-*3=G(5WrC4I zz7hBKJOX0lI?Ixjg@TFan$sowC!p0qv+o<(D?#&)YqSF6WMyI|U^Fii0((;6IOlc* zWcFLAO@;z1Ww3j5vBaQf=YKex{{yi82mK*QZf`Auq8?fDN4D!zt?=mV;M%3#zF4`} zU;M~JcYOwVCICj=gBZ-P5P@G1SfwN}5?r>dg|)Yy zDGEeBl(n2`%vO39L>pH9ezmT28ZiC4h+HiX_M8fBM>hLe7=0>)YLcB)G4jaRh^4H_ z(|b34jUOUuke|5Tk{gQ~`c+S3_u+1pIdA<1_6PAWBY1!LbXBb_el}BcERU_OZ}jFt z$iP>wA!iSzLNLHQRb0brxwYTES^ue64g%!Mzr7{m$6h*Lcw>n_t~3>p+7l&tCyST{ z*$a5Ia`H3iP_l11c=vY&)So2I^u)t@qZdCiUL?|P&Z#%*@@ zXQ;e&S__|u-)ZCCbH2KgR`=#QuuI5lPgq^@k*yCP6>bWSU!5^4VEr9$K#C$h#~L|k zoMSE56pX)dJ*?5XKkXZ8HZpWJrD@yO8^bA>jyZB@U}!*%8~+LVP0#CUc6$%G0j3xa zT5pVUAqtW%;O2Z26Epyb{=lXTI0}-K{HSJKj;I+1X*bLz?TusivRR3!342y8$dJ#(78>A{8 zd4clFo3kP_yo{N=(#}e8Dkxu$B%A)n4Wk;oWbg9Rk%=TDy5vxcrA5LHI>HQtVF>Of zQp=WF#e#V`4V61yPkhIol=_~2{g#w8Ew+{f$oe zXQ6#XK2iK^H474NPb|KErx1dagD?Z=N*_jbi!xI1$>8Y1Tfsq9A>50U8_WoGwnMPv zPX|OcI_)9e^{tJ|gE%G-cptCblcRK4Y>T~!%@>k>_)GvA?v_wFjKSh|okE?T4V<+2 zA1(wqJ}q{t$S3YgM|^UiKvY61ev&o~t{Ii{!=_*2WeOcOu4c}0z&L|-o`xj2_$ck= z{uBeViW9PqO@(baXXCn=L{jQeGgG}`V|UEWuKe7iEiMe`WCnZ7f_5foa;hTl)*m2+ z&zF8h(yl&Murs=*2TT~!500Joes(#!Qpq14yDM${DXbhfK8Xh*vX*@y!8F}H(w}k{07x%+WI^)Is0vf|3oIL0qWK69|?6G-GJq4W10Q089b4?PkuE(1ol=lxx6yy2O@5}d4(!Rzxq&vK9P5>E}0?J0uTmxfJT%e(8aLVwo zOU)N) zv9M|^LfFqzok6ouZ&fO82UqEGo55FrMxzW(s&mH4Brk5WHJGmvk5_-&;l${0j-K&xx5pNH#|g zl#swU?`kzYF)DlfI*7+8t5l}Zv3a2%k|07GU9h6#S+ft{z7E19tm|(qJ)4^D`)>Qs0a)Z*-)Dp$acVmv{9pvn1IfrPhY{nv;vmj8w-YIqPt4e!fK5#){F(AlKW3+Sy(SSSzMV zl&hcbH;ASq|8oP#z##3+W}~dka8v^b-2-cQCgb(umDdp4$t@OIh%1g`Z&Az4)e(d@ z$jMrz&vix0nuMFr?I_^}%g97<{KBC_XKli%TBCkvQD2#@Rp&~Fdct!;lJeeEG8qiY2zrk3SQSmRf?>-1AmX8Da0lbT9T15?%l&Y{ z$x%xr1P|p)Fks|HjP51X>zNo>pr`IxMi*1oHzu$FFcfXo!<3KiR#atp)n&usYWu5| z{G3^gy*DnNzxT;fUcA*_wR&n?V{X0P%1nJCK32zrBOjTkt1Hgf+uQw_gH`dLCnO7w z+4xbJyG~$$JrPO#4NvVnX#H|!;okl}5;#2YK~(owqIkyN<&a1er0NeuL}|th-3tc? z=#}1Yl=(ymNVsg$7u>pr&W7gO=z~06`qMrv#Xor-V9!ptl;&_UpYY!h=S!xLVbfBu{>w``1i_;USaIluDD9A9yb)H(j@A?}W7P5}X~4x1Q3lf*p@ zQ6I_x>9-j;$x{u8NHo@ExS`*x{gahbMI*p}=2PYS*Va47IHyw>wUu%s_&Cy0B%MyJ<+Ym=fk$pxQXo?D? z!o1YV4v48F7n$!aJ=~k=ZY?)7FJp^;xh!Cff7jJ3mP9xM4l%%YJj73KB)Tt33K8rU+MJdf5cpV;QI|#=wTS-EHDh-%`9u!av&fQY2Cfk5#9uy<2cwtzFX|jyUDbl>vjb%3p-?5IXQg%!VOMv%5H#VmXcg|7@F=0 zMem|b$#XnYJ10rER;Pu5O=f)#XE~tt&A;9x;7JweV;$R`kx^f- z{9NwXGgEuzQnS8K(aL7+=;6R%Q7`_hUP3dyb2o7Cv=PhNr)CwEc5E~w8%qQ)&czEY zo3Ba#DMm&HQVHaDDK*?+x;xdHc|UQ+t4p}EZ=|z3?Q^t^CW=v2fir(0rNVIz^ zlJ4)*zM{6{kf|u?XIy3RAI$U=(_qdM!w}O3W)?wr;C*%C`r1+rNC%F~l=VT#e;GqN z8m3%3rC-RFfeg+w#BhBtcX5O_iAnk{ZB!nk=qnhe2w=WayWS8VX|w2c^A&Hw&yJQC zl{loYoG`1q5H~q_@B!GCvPE_fdjJ^-3xN6DcdPb@$CboW;1=CYXZsm=hyu2`$o=gp zY<(23UmlfeBD&re2J+9r66JN2h34NGa-jHRG9t~yM|%I&Ey>D>h8c~p)advoTRp(Z zz=)2L3999gBtBT`W*Rgxy(J}j_Hy^oCjKa{EmU_nWv<+ll1Ru%M;+tm5IP~v?-1$zqMQ8=(A=1Lz?NS zZ8n>2P9IZ8$aXz}GilS{p_u+y7@zZ<10VDHc~?P<;j)XwI$g#aXv`CNp}8(J0@(Td zU_eM>Zx}cjxh_v_S2oab6fzw({e7*xsl-#VS^hQR!C1NLe?1+3BJd4Alz;mQnIuGz zg#@VuKn77~AM-!W%8W&`T1YbQO5RFQO1eK{o`wlU(

=*kw8++}RJ}o-_}m@)WT& zvOv~1p4SEtdUgZJh8wded9j^rYM1_|gTOmZ-Zy^SV|za$0q>D7Q;r~jIOfYHj)Y?F z{?vRHK-8&m-!L{kPy4as;q3R64Z4WpR*KAhZpr?5=Mpe$63;=RvPXOEh_e*yI5dc? zcSum8ZuyaO^ijBCnYps(uMqXG7CK<~usuLx#9!W@y@S58 z0Xyf}W!e(y9Uzjc>;K(a{D2D{9@`l-v&YKTPB zty@cmJW3nHjn6>;NG8jxVP!ujpJ8y^k)C#WvxeqHHh+0;b=L#-kAjcE{D(~PXCWHk zftHNmb)ofvcMK0sE6|ho$3vK9`1c|Df0S*sI}#lK-% z)f3Wffbn-2_%}@kzEYBpNb(eURJES-75~RABzcXb=m`F*v%Rf98-itl91Wjyt2y6K z>r9Q)du9D!|K(eLWJV;n3oQ)ZI7B2HtmQ1f@@5vxzkaxt52+fxrKP0@3RR%;D~d?r zyxKgiK9N+h`UOBZJ@}q62J^^k+X`TZA(SDel^vh> zN-yqjY3+*;E%E$C$ooTG=sWs|Jf`1{rnWZS4GPUmJhGoOpBJPOL->AJ>miGOMD%X% zU{_YKjX{2wmM|Xdc0$y%trzl70rxM64nTq&tj2^5S+bI)Vns&G_x6Ex)i^*{o;1hC z$2TX{bYpu8z|206K4)8Lw(rKcgnQ)R+#>S;GhXLCj)tQ-;*G0gADPas&M(wk75PW=8!M2xzy1l;6G;BJk2RU^h zW?^};1f0`_qGvV;L<^bd>+6q2Kt0dTH+buO72xd+8!+E%a3FF>D2teLv}{s(<)ZC#y=icD4X_uTiVzvrL4yyWFAdB3mgypHoYkMlTPguVwnHnjUvgepYF zO}5aS2K@TAyR&DM z!m#t&njw8b`{7KJAh2k2(}QDyDq#A~)}bL{uI9>{;xRBdI=tVx6&@CPMeXYSSh4F0 z4?B&phDZB}{$KBSAVyg(89$We)?~pDMt4u7e+Zq=eJg1sGkf(H) z`Mtkz`(PMh67o##HS+>{eP=%3#}RxgUkj|Gy=}EY`@T|JGIxWp?xW>(NAQojyV{CN zk##Y~U2DJg*x#O_qqE2MN>mA`@1{{zXcr)pmF%%M7rn&YyB3bR*P5XtjM&ea^*J{q z)T4{cHlm-)kZZ|yDyg9!k-0Wg{|x#ewh6&5xPf@8P&dY#PAdKX>(=srHwYv3c>%3Q zJFaRr@z9BBfaTm01RmU0QBes|xPIAbMb!PU$)Dpge@NuajYuoX;91&t=L=sj6_mZ` z{nYt6m+CznHb1ZZDJSQ;Kh=s|nCtbHH+C}kxPE&cm#+WuV7sg6i}#vxzvJ_$oWBH( zJbV&ZEBNOxadDm730AMIxpU}v_#D{bYl7RoDar;7#}#J6_wE_{;Ky(F)o&Kq#rDNV zOV&JiQevSHBO@iHKW#-$qq>(q4y(y_NGoLPVz2&-BJY1RA^z6Qn*q@(9=Gi`4qB>=i{`r>a`k$Cid)B-z*oBD-S@gyh6rGTFJf zmVux0Gd*ZFrmo)Pboa|EmBpZ~eYwGxe(gm%h!empy$&PlBC$6rChDXK!@B*ki zEo%q{&y2^-LFqD^TK7ny$3-o#>uY+RJ{UNU`4=4NrtfZ0><)JG`+vd0KM_FImtY-6 zfo!f9uKXhncPf?OsqIskY&sr|yE%6@25)FRTv7r_iihBB&3=&Gp9+2?#il3ps5?ZSzMtJF~y;g`UfwgwLt zJmHc3?^03|Wu6w@pMOc88FLeH%Q7%rT=9esm?Q5MgZ+Yeci5xacviCN5m{WGqFue& z5)G2l)z<#B2H8h+s~kUgtn)ZdBU<-Om7>Mfd$z1$&9|iqjN6np1e&9{r9d0OR8^} zu&}U(uDtz6Uf)Ua_nyiN!$b4kG6_#!n&fNHQpY~1p4jm@>hgcP!NbRg#9on?2VJ>5 zJ2fi!)Hpu=?)gkuG|~3^t)T=NjPDDhnEl@ki2VFPx3SpIG(Xgj-Z$+*9$fRMzb^m% zyM5jab+mJqZN*H(T!n7mrPwvDsM~=RfDY&OYfRH+|D-4Waa#Sq#lC+618chCsZ*LM zG~URDBHhTZkNl$@&F+er&JOw4g@3B5diVSmRkNzGiw8sMPO~)#WTtt9rvPrFvl*`N z(pUX#d%#zFY9-c0F=3TkW0-1AE$-+@sd^m`+)+g(yj7Q*#U*cQg1+ ze^R4}>6Z7vM9`99pafaR7oqtsnxcd)E;kOy3+tNGfkqO!DwQzNOhzN8JFQ4tJUa2WFbzNuA=3J2ZVuG3I< zMh5Llj#x#JltxWJWWMXW?fEL3M}53ZC6(v*BF02NxE~NF+z0v`1Qil0{Lbn}?Atw< zb$@8*34Erlmvo0=Ewv==jR!dkev-c{_^X_iGMdPoM2>p#vv?nRg6Pps|pSJDZ-YKC?!^ZT2RDB3+A_CDSIQqgz+K0!lj9xAW_(7h4)E^@$d znnKZqS&bYn9MTNGdV#l`hThI&lYjFRApu9WDVaOHZXrtUI`e~@~SQ0 z)t*dNu1a$Y5b(O(?l9fD-a&5uPkF+>KLTndzY%iv$v422%k5qC!zil#SAwv-yh(#+ zbNe%#es1R1(6H65r}yWgy`PO4pE3@!2z*g!{c!&<%W`w8qwjNY-lMPKU;11%+BFoE z*G{MV{P>zADlaH_Ux7_xoyoDjH1HsLoRow_VP6g6BS+>NZZwsYNQOB@xuU*>6G$fu zbYYh*@tSqd>>yQd=|@-5XRJ>s=&$MkalrMk$hG7jtlQjoz{~lub|BEX4dm#d6cb0 zlh#DKJ6At2G)`%s)wx~6{F=!9(7Q{LK0&Up$%M*d{fkA}55GL5W<2Ue4%EYNSo{Ya-Y1d~7#I+fcY4 zaG??cn11y1yhj|&fi;sYT4`B{{|>kRJ%H(7q4w^?@X|g^M^{v6xoW>lf%YD--j`XZ zS##HC!?S#si_!SLdMmQfKhjPjG_lryF5rFe_u!QuiqGh6?XJ0$#t5jWrUf0{9B$|d zH%31;D)Q5!;)DGB1o$pW<)OrkQ$T3}Uh8Sh6&`Hk{@{+NGMuL(*mq;9@M&40L}BD^ zp(bVWk^fREN92BCOUcv?(v(+YiqH6E)3Su;Vj8Akn#IJJCT>AUG~OHD{)`ra^&C25vXl)toSO;Z5Ee&+1J?aL*}wAb}ih`u_2dhfLt zojnsswuX1~7Sv9?>RDu^<26Sq`h_Wf=p7cH3!%GQmVOqxDzLXv7}At)ELF_xh#w1z z{K=kiGi9gUw%BKx%9Yf7T$xPzIOqEAXaUyb&F-C?#G_v(r%f$y0I0KpJ`$_XJU@Q* zRmL~OZb@5}dHF^??w8PDhsd=n75jnIp(;ZzzwljMQG03fHq$qyVLy1^(-Soer3exa zxfGf2kX-+htmYrU{a-uiXSoaOyQYuV?$7SlQ?-zU6A#HN*J>Ajbx95nca%Bw4U~7s zp6uNoF4TB%YmRSAB}?q)H_j^(o@cL!T>MaKa@84@@}(EjNI5+y*zrj0*=>}0#WPNE zC6J}6-E9N$jw|>LB7Q>fTlUrM(g))oU-%wua|vD}b(s$DWnbcc<3>21nqqzThVAhL z3vHiXR-gcM-G+A#V&8e$!D;^1)nJ@O{WEEqADw@>`?U+VOWXf=S<2xZl$@L_t3k-= z5pY2)U6y&_4Es&eudJkJtKqp@p#Ft$Ym2DXW1FH9Tk$RLeiksn-=vi;;7v#kEoUdN?Y@DpFXE%y}q}0iZEGi;aMseob>~8CdT1t-}O7R zNVVs8g|yqD_Q7)2`+$^pYC4af#8(RHe|CFL9r@i9v9EQ13yV{s$*=F)O`9h@H&-uR zs5gkXGx3fNz|5@5y~&MnJmrC-HnjYj2G+8!Bph12e#&>w&#cB=_wL@cgae|YzmC*u5K=$=R+|*L8@t3RneHw3?{a~EqP_pl&pfoL za`64chPtei`Ah9Q=}Ffyk4jRaNL{G9hXz6h%TvLQxLe+8zg{2On9JgF2qp@gOS z&F^8J#|K<_#gvg`$a1xm+SeuS$eI%NFNA|uKGsABs{2USo8lC@owKOAYZs-Z_l!+C z?y<3bznyogj@VkUO)%xzxHi+A*urWJeBZ;J#hIkg#C)XMA&A=Ns&}b zC0qWlm#T*4g+)dBAqk&Pk4wpCWLHxuB>#E@QcPAlabVVxqK&aA=$1bnW|!liCS_Af zL=}i9440qNS?DqBd-sgs2>E$oLnw8W>O3#G-c==^fKjp1?+tQ%9(@Z7DgJHwH!|;Ps zA@ND32~UyieWRCD73~Mvbv|}KnodgM<}mnrAxSp;=6Qp4`>g&>TaO`rFZnQwyANr0 zyx1}wDjpU~VoT1W(xdXI6R#7?^rq>9ZkrT9s<>N zadY#OD{oSpr|b#S=Kc^o^a3?yEN||~o9psQy1piO32X#>`h739;GK%Vk-T~_Ij=$cZ#b@o=7k0brhB)0jDd3w^g2fIZFkI#$@ZfehbY3%UO zFP-7h^XJUZBD08+*ZICABslI?LsON=P^#;d57x_d`eMqfrkB(%|2=*m>_qLqAoRZx zm;X4ZJY4_U8lw#jS*zQ-bgKJ3z?kBLi$?`n!o0(6hlQwW<^$CI+Y(hydPHgxMD{t$gu;*U_esIG`X zzrG}zz#DA^sQ=%u5MmomCHy)@_INQ4>NZi5dbCw}<>x*Yvdb~NPEdI^Te?w%ib_4| zK4x@&*Yw@`7n5a9v`^UVDL1*v!wj@a;@l3A z{>hL0k0AL!E_+^*mOZij1^q)FT23IattB@L&%W;W@5kl;WWfIWAZ=n3q{>w_X=?DE z^mLXfpJ%$YHi@eO($ewyo>Pxz*&ddH{_`LHk17ClnOb+VQG0p1Ew%>&S|a!NwiAxi z9&w zox*hC5-Yqms$IkmLI2(28lI0&S_}>PomH2ei+xLjP%eDiT9`HUmw z5zl+)nwstbZ1}ALt%3KyO{pC2(Fu`i-568bKss@N4*3+K^9uqhqiQAWYjbisZ6%~_$)3rupXh})OWoi_K7Yyp)@jK$j_3(zPdQ#S%WXc|{m zreJ#Qs_V5vAFERieezx}8g^2b-W~Npm2nVXy~ga^>Eqf@v`aTO++7^U zUCO!~!j;bfI>sZ%qdKBTZi;Vgtf0%w?`WNi>){?9*HgloQ0 z&9h(H+JxUzx+m3ea_ST%2yo5xlZv3n_XS7v0E~UgK+`#5k4Z3?hVDPVNLA1?1?P_J zrTIA^rS9Ht4Tt&|J8#9s*Y5@hO#8P5e2#L(59*p3SM?lHsc(?;YS+)7#f*p*wCBQ2 zq5y6`sV7Z#;>T-gfV1qKSDv1pOd%YbqO37$=)C9mr~;hRjEw4=X2$xCe0+SfwIgD6 z@6khBYWr(K8&pDPz2)q!(xo&UyP5@`ddHyhxFx7fA^!JdUMf2-N3gL;p;n7c40Qd&G)+o80a`YBREb2m)#==%5*RNJi+NB>x>y1tn z)pTz(kilqYjI-8b9hT;NHA9Ai)YMd=Yl{7zf`;o4ZCt><2`d~3Vc>luS%|k=MWKZk z0=C}=DgA1RL4H7^P<`X$<3Fw$n&eCQLJU4jnA8p5+NAM2+`TeU32)pZks<^k@SS51 zSBCa+OWLBt?foCQZtYP9>#YLEc|EC$eF_SSO6RmIM$kqEC+y2N9~f0(N2WOsbG%m_ zG&O7C0&AxQbfsyh9GG`yWXfERU$@Vil8D4mr~%fv8S)m4;^O2y@HsW>Tff#Ykhuwt zYt7DdrMLq-l`%qkZRTuq%b3zet9OTD{>1(Njk^2#R=D71F( z70HhQk_5TL^FmHUq@%R7w4kV=*GSxIMb#Y%+Q>i0QDvXKkfBZ{%KCpxc3$A$7j-od zL~e@9%J!ha8>M16PbVgO7iSkWS(Io%g~j8SC2mt_jQXUmi(_7;##zpQ`*L;?g@r!9 zqCiGieXf{;7#{w zAwE9tqYXo?C*|em0I#40MMXadjX{k9(!fbfnZnihjv|lqNSU$4Sw<&{w?^Ig=|0}_}=wwyLSvGSxB{Z+k(}XZKvy= zNmJYQTcttI&WA-!)GNyo#vD>zmQqPC6lXZ9!z{Crh?x$4Xxs6Dz{zxw#~R*dB3b$1 zcI{D1<)}Ay$~so*NI&nA5f5{?N&qE&f@)jm#1llWsxP)Li|f8|9+bkoN$qFF2SUg? zYrSQuik218x9Ub;^rc-4CrI49$pUJv#04b-SII#~S(T$sxv8@@R*<}T5U2#9%0Z9w z+!3iml--$G$2Imf>}N|R65-^D6Y9CVmVjPpm+;x?5vc4*wkm$#=T<%@;}8*a5|ZSq zOiORbptMekZ^0d$jSpQlXK3`U02vt=Tpsa;V*FjS$|Oum2R%K#T3b&uQ@mpvcYk{s znHsrEFeVlDo%$UW#UR8!(#m{TS?V?sFZG~&F=3=$IV*2i;7Z>4*=_oJu$sS(pVT)* z^n-=I=?N-F@N?)7BF~MUvgWzWY~t~Sj{GYB?)utZ@}e$gZRV(|{$Zq?#DDovlx z?s}Z7NM2U8jE$&TX^2IhNBxHF&oUMk6m*Xin7HJMTiGn7l-)8s11FGi zXF$o!%ZBfdVvsneoyERNMfiaic}p*d9q|EGOAH|Yz&5xtzrp%f9W{_FFScwj3e@3p zxU>Nr&68I}P{A7l3~0AP3AEGP=VOl+WigVzRcq*4GhJ94;#}{JeK53XVYfM&Mf;Gd?H0OS}5_ceF`B zHJD~UHu%v+i2nUq6l1;9%2&&=WM>lwA%OBV8qmW6;ec3JG=*=oSp24ZX9N~sqA36y z4LY0?7%S^j<_rI6QDbM4i1PjUW-fEvWI89zL#}&hwN+6pvbG=j8VV&-7uU9MS69zY zu+C0#Kt$lc7CW7brBRqC_XSgO`N3wN)yW8aT#vBtl-LTU-DzQnR!bLvAKfOj7G?mL zk)RSK>I@Mayh)d|IFBTsrA*aUPNSf%mmGRd6}a8mEfWm^@Q!lvi#s|y@50ZvW_TK7 ztwM?rk9$og;5pQBTBy%`S#7V0@TEIp|#S5#tvZ0YQXXoXdnSVbk_|*axsG3Ju~Q zjQ*~D&^%EZ77bgT%Iwb>VF}2~wY9hV9?>HsBkSw(nuX>30g0Z6_tI_#v~pYw<$AW& zKxL=fz-SfoLt{ET2yASwuWwD^-)1|Gd7EA*aFo`+hXt}tMFb>T{}i|$DRDL9w_GPd z259}QI?$kg6-<6WN<{OVi50pQ3VrIP(YR)DVgTiKS3tY@%>n)pC$(*87irR3xZqb( zY8;IDU4>2Y({{DQ-+Vr+6GF{I#hM&{2JIo4pap;^UXx0NzAoB9h!4SJgd=J&En0lKQEgNV%fV)b++H*f={SAiTz#-QL%E=H&llDU+tFU|{Pv2{Yx zVloAuIvW=YgHeQLK>L`v)-_H<&0vI)QUCbVlv@v(G%;S0YXXHPPeBR5_*D6xJGmQo z0G?dp#xttxMEwCIOhHkxaBPV|mk4Vl*Po#Ef_}rtzdEGYf8}391b}Ce<3QZf1*034 z5GwZ;94ll!J9uoRs$nJ8)Axo$;(%{;RFmhiL zGa(7YXe<6L7=Pfts+h#B3cR9a$y!l$@AP)O);iLPLQQ4gvfRxL%-QpI{0rOTEltJ< z%_RsQ#To^1?2-khxYxNfH&-sSmD!9mY&bR!a>2t0^*Xe6|aer&f1L5LWtcJR;tNR#T za~L4@^(k+7+B9x*eJPDC`~=wV*~A>klPXE;am1k_ucGNi$;rtHtIqSb@D>PPwLr1< z{`^^bS>{QBlT}uq*wpi`x(mjn#YG98R{i;mZ`hNwg-})1QqG>U1sXQRi`gTYceBVE z9hY{=G8in&eq+c~EmG-{?wN@##{V2{|0@n(Z=}ZD`Nkg?7te8MuW$&^$gNLt(M@k} zdy;3o$g2@WWfll}$NhsV-;KbcAlh zc9a;tZV!TTUOTr8S}Qn!wcogd=Qzw0F+Kj?Kl6E0m8;Rk9jM;vm6!B8*n1t~nHe+5~Y zjxKUya`rZR-)mMl`^}&}$@eF!mj7BFV%*-%O=33at=iPpRK)nm-GG%c&iacq0*~MQ zA)C|=qQcKk_l<#)r5s)H6Mum{by2x7NjOCe@X{f)-!+hl zlfi=OZf~P&Nh!+s4sx1UQNOJ@A@*tr{nSG|^2UuJ1&Yei2HEAZOJyUx;QeSoy2CwT z+0Yhdd?r3~t__Z@+5aZl0OK=gJ#l`D`#}=(DKL)Ys^Gi3*!NhH6)x~VB+DB?Kk|lV z%rdTs@ia9;9MLksZ!`&T`qh(y$AxKPzW8hY%^}Kq-+J|o6yxS_?c&ANcN|9fqCO9w ze#DPfw+4B3=()Z)5Kji*mJ9vP`~*;WgLmhi{L%NjhlhtPDGki8_bj?bYav_$Ih2OJ zm6eq&vgoB4Jo1C?EGmAV(gDZbo`c7p6deCZk8S8UQErfcIeg`%n?sfLK3Tg^mkFdc zN+|>;dcwd=M-N+Yof+*Wf1kkzH}S9u(ga-%SSM?;={q89V!b>)*N@~<1;)>XAQ_)) z);cbm_h6Bf>E-PX$GP{!5K3-*@Wzy*yty$i<%i-Qj!D5yGL;>Gr?WN+$c4yVs1v;d zy-F6S{5*f3iT7b}KS}CFf!g2RJem-!@Q3{x;&YL|$0`2+Fd=6|?lWwL)?RycBdM13 z=mH{sc#Y)d`<-GE`-fOZO*EVAI0R|Z3c$o`ijoX9j~~B{PfFrkJQdS2wV(0w;!(;S zvEoHCA3s0(_&7*y=JUG3ki{QAO^B`7eVRa5m=om&J^S|c>(|FWMAQI)2WC7(YdLw~ z6p6Q_Im5rp8p41-u zJ=;J0%fv@?^i3C6oVD8<{2rr3;f#zC1+}>o$|qy+QvaRBiKeFec^e=pUJ2%xAj-t_ zw0mRK&Us`}5!z`e$N!Pi@_|R>TUferoW~6g{;8*KPK}{$%bIgvSi zHTPobjKL1I-=S@+%hyFj$k0q-;p<JWCy-tVTYR7}r(x8oh<7 zG)P&WSRpwM5T0Ht+za4yjkcEbOnO3i^X8P%(~>4?I=KXpYU4MKRGZ#Z=H3s7N^e*W zLLyw{qV5L4%HIbC74~g4>IlPoIsOo_&r4Dl-K>Q%G==_xk})4IZ@CTXdx{*S0a)qu z8FrwRUU{&yWL5(>MS+|g$|qO)z4dHv^Z&2DLa}xDn`8?o1JBI znVfKR)!6}=(c?qz6LO9-FS#eC1xoGJl^duGPkSP^EQ&s8f~3^KqZWtDz%DRUemb{94mk1 zwEOziWR^BOq&Y}yH-h6;-?Azr9t8tE?hS3eV`=?l1Th)WQGm4do z`gAAqD(4eY)&D;FNX;@lI(Pj@IEkB2d-s>p2ei?XKf%~VU$In?zZ7M!sr$PxV_ve6lx%)$)qH^fgND$0MZyqDb53Ez8jaQ zFiFja6l_!;Hz*5a)(v`6gu+@@G=zSp%0WJ2MnEP>j8we6Bhe$^vAh{^W_8U)+~%4P zeZAMxt@3x>+G~!G9l~RuCgh}|;)Gkk(-NI@<*SAza(I_=*m08Oy;iE=UVos7tqY0t zi3R2BeMB}nUHL=)YeRpD?vNT=6=>-Oc=JV5c`aHxrW;t75l@UIdxnrte(DRaBqJ0m z5AK(x!baqM7UCc*jrIY-K6@BKF~eET&?Z;o=2E~JV84oWf|X~rMbJUIqqYTLX?r~t ze&}vi;;O;qjwuQc<=^sU(SVKT=bFWXUEN96_%8-VW2M<$5;9_4(>rM-s!7V%2wy&* z5HPdVGU_n=(3q7Ad$O$LmmWxWJgQp76|IygaU+p`qqcN=?6|sL0XQsiL%h_aOtg-< zUU9M#aeiYjg57XW(f9a@mX1~>XCvfn#Z))*+Un{i^S(wrfh@+}+a+24wM>l8+|n`x zAOpnK)YcaEiN(mSzk2b|D32~}rQ;DO`=u{<9oIIWwfOEIC&qu+)-wQhL7L-J&7()L zlHV@BlBIv;`g3BmuD0aK_#2ze*%)pz2-8>}|2g$y_&a5fncyjJEULwYOvDp^UIkFO znAY%)b+Z%Fnq`lfi^@rR-?|Wrz9>I`OHg7cDq3qDEr8=jLyr%1{u=%#LEl_IU9{A8 zw-tF0v@*8T`fv&Am;#iTP$3-zw(+bJ(~n0j1D&Ed$od1!x$07|s@_uf!86OIfb%Tj zjO-UKa4?am((;P>%@!FnDt{p705~=tAV}ZB4EM#4yC3kczxeJDic|MSsXX}R?e8Bp zJNx?Al%gvc%~j~!SEL_S1ZUKcd7`GV6@)s(Xp!t*zBFNqhr%MA+yoGj^#Jidkg< z>i4|>Df+Zj3XrVdD-)P#&O%#A1J)|-gCXR7D;ymc_QC9>qD(`|3(7bGWTO#V>gBoq zB@XGjw<4}o$4%l|g_Z5fnSYp>CaLcuVW8V7 zpFeXU!a%YGfxMJPt;Lz;vf0TsuEy`)tUs6-+HX!vwZ)bB+g)@w`^K`ujhUA?4Jz zeNn?hgapVGfq#{r0P6Y%-dXi(PpKvneH$j0%u@M9gZp-7)1srb@aTykM=NryBy=d#70DQ0~=;{jQveLV_8MDSjyR{#Tecgd{1%mHFz zzT*aZz(vq9wB<1=9|f5pz`_7qIZ=z>5{xEJKmHW9R=3z4t4?WYf&rXT;oVo z!*jr)R8Oa+M78~zmXNWQ&f}8tsam(OPxeB?pv@ds?N%8V?1c8F2DkPx&A; zb=8Z;r2$tD?_()IKUW6}oV_`o;z(CB z^3=ZOFy|nzB5xZUf(kMahH7di_nlF~8KLBdeDIU*VV3xYS7T2ExNBNGDYSGf7pMC5 zUEZ^J8$C1K*g4@0g+5j-K|p!9on2>tFZdi@UJ96aF%-zOO|?5vdA1(Hw5Kj4b@opP zTQKArK=7EKnLZ{WnC@A>nBc8<9 zmhcn2fu6CMOEf8?&>2nIe|Dfdui^HvBUpcSC1$WkX-(y-?==z-z0< zbYlkd0cT;6I@?UcA~KD^aI{!~;(Vd@HEQPd$ZasG0qyp*qDnGgUlmj5?Tv|#kLTtO z?FUjNuWTbO?$)4UF~O0VFJH{bgV2hFPsoZlfG zZ;lWq>=P_)s3XLP6oEjjQPI8jL&ih(8N_+#ljde2=;Bx|>_k;->)s+)UT6#n^_ehFKarCY!8)%x7mih?nwUR7r5xd$hB9D4E$&Q# z>N}n|u$#RcIOpQxvO`1^wu#;47`fSUq9Tc)XtvCnTKbsaCC`r z~+Wia}Kz?(MIk6&7)EKi|VtXzug1-fj1#f9&Qwc%{K$~LApuTb7ZZhxapAHQv z;lJv{ZT4xGMEt90s&X2drD05q&HzJ|pq-BTZEVC3{Q9Q652OO8O!=NoKB}j(M;d$Y z158zEA^uJ#OylgC8d~h=FhYYR=Bp|D_k7c5Az#s0(!MZyTHOvXl8I-Z)*y%3?guG+ zLbI&F@>WNaMr-zi+A4dNIwihAO{0q%l{;{ZTe!K(p`HT&kU1`fIwz;gM!%aO)WNBY zl?Y=L3#NXKfL-qFc)LdtK7^i**`V0%QrZoMGqyjjq{BEvAV!h+I&k<4N)KdFrve z1Y14RhI_M>F3ffUJT6PS7Rk>a*>;EIjp_@dti}|^FQGW)~=e>M!9&my4q zCaQD}qW+NL8a$wKs8Qz2Zv&D_n19&BJs1xJ1j=?7E)HQb`y$T5MOLf(CF!RlgGFI7 zpUadsLG}>w``2e+S2Ne6|Ms#?!&IP@mV|}9PW66Nt2V=3MDp035q&Z~Nqd$oq(`v)eI8<6Ht|EyG4-b#=yUYCP^QTWOcL(Yanv?t2j#QU? z>fUVLNWsb`=H(3Z&t9y6!+#d$c)eALZB3oncRT(-9Q#xK<$CU4Twq<12*%{*{ImUu zz?tA4amh-rUS(_m6soo#mzK7XL5M8HZ31uJ93$d!4th#^p*`YaD%S+H9zQ-4f};D? zaIEYyS&MxVttF0WwJVHnDJ>D~sk1o2?Q2lpqTilK1i^+KKw>1oZbya8Zy2{qL<#B= zFy@3>{0M}W%(bD(Q+r$Wk+8ocB;VVvQ7?PG!z;CwSFQk)UbS<13-+A<&6_tb*Wjc} z5#=k|%#%kYN}dgh_IHE;6z5#aAL1%_H@L$D9-cga4PY}enmrnqgA_Qm z?!_N+tc{o4Ycozh6=Wq$?QOo^Ci7~CKwyaK^ z${c#78El!KBN0e(Nx44hGU-CcfRBY%zG-gM)2X7oJn^+1LmKmG4!hN=n_10YUzfAq zKU4sXJdA5qZ&lBlor|o5dr-bX(pQC6X(5%!+O8LIedpXdTJ8bX>m;4M9%YoB=w(#U zITnJ0FYSRtDh|KnUTITu`ksC$404{Djc+-kL&fl)3n@Sk+-7G-K(1bGoeeCvibCma z&aK`vMd7LKg5q7syt8%h)mzv0uXeVO_RtuB$@c)b7o}!7rNUCO0;yqBNavIq(W^>! zEFAx!waI^WdCzRUF4N^3>=VokpWEkb*68#$hAQkPQw3mOMCmbG($b|ZOTE2lkDgcN zZdvw6OU0hMvF`%k6zh~*l2`mFo4Py1l(iD39n0&z=k`Z@dnoKD2uDxu=( zu8{&D=2VNZb)GwMZ*Q!Ea1xyAy=a1-{TSgk(9-U+)t)de4v2JFTT_e7qoMjc$)?1; zoeBQds_^FUjL_`DuMk2dT$wQcL zF}qP&V0}zA?1%s%po@1#&jsR%lK2EMAhw&Fa~+4VdIEs(G5dsX)fzr7kF7`n40SrQf< zf8gTe2cD2llX0-T=UdVBr&=G=qhOju@=Pf6ja_bT{_^tIbXs~^0Gn)uFJDsF&oToQ z#kK@piQQj~l(I&RpmD`5KhrkS^f5>`j*(vRbf={v=;uNcFGQhn{fG}$u|stM>caU> z3~Fd8m3I;Q-J3XXnO}N6np9(&EC)&B;N&#ba?#4G!F(7%tXs^H*I;ljFQ&01CDydN zZb_*@t1CI1l`kP#+1c4+E7T0YA>FH}hdMSl)E8PuSKZWSi}?i-DmU;$2ztdceqs*w z^73*c7L1|0$T|9u&fmf|^`g!dxOXcuYW;PAE1nRQtHzG-urS+b_;7=~ynKcp3xCz! zyLU}ZoT>|r8$8ABMu^blBqf@3JZ2CH+{fQZ)iiPXnhM=eP^1=T>*(&O+~HyPa(Dq| zR7@>!FT>28sr~8v{Se|e`Kj1so;t2xE9(V&`{qZ@kIW|@up8#eZe;S#x-drD(n}PQ7+-|vB6F&ZM&0Cv+ z;H;#-O4Y#udasdM)kS+p*KhyoYA);UtIo-hPUP~3t2I&-ivONU zq%vaXXnTMjY7Fdd&WZENfN8__#0^^OazEuICx`XqB|HA^_V8099=&fLbH9)`Qq8}Q z|D<*6Y=&w3q`wcvTW(ZKveA*t(t}Fb89~265fWzTNrk%c^18qr{CI^7eRec37_>}G z#!XTi3y&-D7X^-unKVHe2(*CTjGWIJzH%(0h%BSnwIpohms`9OWQB?Xhvgq0Pm|1T zafd`X{8fRPPNPCozLu)IsUH3mORpYp{!AbL{Y1X-+@RTmCD(YybYbD_=|*nyQDabV zFVG>iaCfE()4Kc|PzQ1gz)m%ySsG!JFZ@7A(GPP8AtBBEByCd7K~|-ou%iYOC&$RN zH&zm#?~qm+8#Mm{#cMI+{?>;YA6v~D9hM5=UQCxb60Lmkd&IqyqojqUg$O}uW;jQG z&~ms+C5M<%xH_VgXvUw3_+^UP>4lc*keWa?_|M8*JK)AGS?Uy9Lgm>>Gq)SVUrww} z7INz-5Gcm=Blw~()X(%qA%E1#JW*ic1#18JXF86(*W@l9j~5y~ZU!_$-UR8mS07vy zN=blZN9^Os$G)!jgzg#=jX4Sh9BLvKlP*>k7yneKV_|6Vbaw+lR@Enl{ z3Y#9)cfnw4)hBAOzbN(i;TRq+6VTk8O91L{up9wL;q&*=M2(XDa^+)&wZMTTO!(=#>n*DfV^5A6fgfDUD)(6j z?fHMC)wsBn|j`pcM!-xQ-De6Ucu}q(mB7HYieD*Mr>!8c(KrWr} z;6Bq^LiJLSRJoU%#e2%{Ud5J_PG`;Nn2aaW-b)Rgy$Wlt6Adur)XNTh{2Z)t_>>Pr zE4RC8EBnd1gUT79L#l3L{2VIN2*<<2v#w=z{QQy{`Q1=od08DF%a(1rHu!mV{K zHk>9X8;Y_h8_`vvh)>i*69ndRg^oZU@`W;RTQR==!KVDZnzMB+ z8iX?l#7=-rJLo|%h2bxP$QT0C>~~SUGT{1(&Py7aD|3$@s2U!D1Q0HWb(MxgVbp#h z3#RF0TQ7aDe`|$x{-(L%H)QbMF&S=)I~b9}FC`ZE+EUPVm(RGh_%$#=_7 zZdiJWE<$hA-Y{1W8+2BW8!fRVF=+Kb3W~uyS49p9HPg(AR6a+douJ4t#;vS?SOkR? z9};@Pe%V?`hGD6EEj!&wX{kw&Br&|$q{9$uyRiKc@JIYE%y5Y=;E5&it^XkNCi|s_ z(JhjC%WB_pnskK{=rrraBBD9*x$;35FJ4qKeQJHJN4K6vBDhm-^@?0BeW$YBOW&VLh%XM_}! z>d3H>8LuVfx#pslLDp^my`uO$Q+dweuc@WPVg1Vm$19`9C&l$Gk0e&pN5trd^}Cok zvXq_uoW^d@9Q8*)&`4B}L!Nd}FZsJXRfpzX7Ez*7P0`EBam9_J4Sj%*F1!xefrrA$Gi+^5ZOYocQK(n|BirO$ZSQ+PPA_}$)ZAHH(8*RcMG z&fea%7l43owM}A%T!%;XZ-O>z&NJJA{hKV8y_h?Sem=U?V2aO$YLsv?5Tv6lmgv`f zeL-d}KNk>)Cx9nBR2I)+k39PO#YZHaL+YFOQQWAJLhR;+#Kz}1O~P$A0+NGCED+o@ zIXKAsnsN)U3j!8U{TsVp9QF?m)eVxuJc?G;_4E?@gzA6(a_HUik4P>kEEJ}nkiJZ0 zWP3Hu{LWj6?JE{_I7XFkocwvlr>3t(o#t3jeLbl*A3o9`ZKzSwVh7t;aMvND8fMj9VBBBNJI-y( z8QjCg)3sCXTX4aMBY~NgL#bg2hCN)$&>zcxq7O0`bzR?UGPFS{iv{v*`>>BX{lsfmgX@Z8WDj;{RPE-q>WS|$6@^;&wH(JR(Xm}^p`u%CZ_|M^TRWX zi1>L#b%;tpmxwD8EQdYRACdKzovjbR>ZaQg+pTk}qfa)3J`lxd{_$SYY&3i zsHMtXABmKN7I!`o;{R#y+vAz~yy?>%;2JLmm=zb?-X{Y z{s1W3JLx5umyVbYF%yR%1D?4#XS&@p1N)`zlkQE_T=+yC^Fv%}22lfA?H3Xfk^-@7 zrJvO(L*Tep<~YjzqEXdZ))Ldt`IL&wx7smNysZ&JHZ#1(Q{fpNU7! zujPRr=AyiokhL@%HGG+BHfsUBv!u}*b||cuxG1@Qe3>TG3W^6uDr#qe`V}#}5q?RI zTWNZ=aLpy#wF(~0Tr|*LAChj6Qz4xGG^{qFE!!3fn3~uQlM3VRT^GR*S9l??1)tSa zQ^AaQ{AVz)s9Og;C~#U3o(ND_J_Nr6`URkdp$8lKfI*G9A!eO}i@crf6Y|GbZ)SGs zAu2HNt~gc>3mtx1BZ|Sx~|W2z3-9jJcSUy*2f;B8pElDQ3H5QZT{54M5kz1*sQ|imwJ5 zyvjnmwccnf8BW{m49mkCHP7lSNgY$U0gGCKo)QHWEaQFpJP{Ey?-f7qa)9|crW}W( z$ou#03#LuSxoW$>%2mGFXn3BO_>syi1Wi@yFMcJX*Q2@i)a4xO1$-dr@1E|SljNem z!C8gfu%=w7>T=Jg22k5g*TUy#_V48Q^q%>FtiYwpKB(!#UG-=5?qjGapDN!W?G8TY zQ$Jn-E3mtHbDzo!G5yGPxsqBKk+9ms*kAOkox37y8{BB(8S@(dipG)sTYK4@RuFCp zfMI`rlK$xFjlF_#q}O>|`mB;yk{G5R-Qc~x?kqSh9h{6ax+S=_GHizui|C)|D6u{> zJJJ2~r&o_;KCWR(`>h$gQzMXQdt04s(soj-tXkf=j53`c4kxXznP`P{r6}MXV1;-T z;Px2QM+p~5I+WjglF*p$wgO#y5QQ6)jkj;|dYh^!pP`LDr3U>S5KnnoYy@0+ne`Iu zOw3n$f8&M?O@OoraNL);{tXO|33(c*fM}Qk^fD_4ge#~KUGL7@=`Ty+7TA*4;NpAYjJI zuy!f-`;iCrG2GsOZ>H%?)jf2Ksa%bi?GsCQKk7|I+dCP5LN1)^uMISxtYAFRdH;tj zk*@TLPUz{cu0Ob%ouwzsv8R#4MTIUGvnhu96kJ<8Ou2}3D`3DFahk?2AcSz|R1EX` z2!pO$g_{f`8sF^)K$0KHL2l`350&eGZ5^JjU8NeGJ^SbxrJ=HA(V*bwxipGo~OzrK(9l)_6MI#qsSBi(tvoo5{5O)jqpT0jCN-T2!=aID?AOFEtDT`rE z$RFk)XTYK=c0V*%(|-3C;oiqb|S}rsutDhf)?C;a0hI^a$e`4aMGjve4 zeO9e}76MZ3EL`nGIuc7(OHHFHN_~8J;|r|`+cRpVLKXBq`c}B>3*!L^llm)!sFOM9 z<r@pExaHsf=*>u(Ve17EA;cnNHN7a&%CY{~PX6r~THCI;T~1!N&(I;n{JUXH za@+lgA9G3*XXm&~E)3v7GrzoG>`Fe2W{jkLVF#(VN@mw6?l~AS&<7%s#K?j1jHfHt zd-cZ)uDT5}sr51>g)PW;O`C9hZ&*d@MCK1^WNLfPD!)|;1N)k8$$MC7H>p`1Mo)eo ztI$2MyX;<^GiW=9mhjAOPldfmHi5?T*4~SPu@RW6aA}v>~jA7FP2R@*JQ2~C_5dn-&UsKG z)W7_is^+Wv7|-OpF-9owV=&Ot?`)CVWpf!B^9Hvdb%5L7uf$fZu(;Ohk{#O%+#@bY) zeB%lbi;5#_Z&)d)c3;@h<37+HCDl_It~E736}Nc{ZQSsC!$P#zj_k3X@266|Xf#?b zInpZU<><}Lh!Yyy#Uq_x;vfl6jJ}5MZ62r=Y~8A8-7-!wIM$kTeOq3EQHr_VP1F*y zWncYvZNH7G#3*GIV02-6dhLletB+9a5p6SKN*LK4(`a_EheJqL zAeA)u=r9OAYr^vSKbQ~VNP(17p^2J$*?i+LAk>S1fBW`LQ(fO}4JXXnpSf}HDYK%# zMPCX)R*g%~wl^tW4bj$6Qw8#Qce6afeZ=pf|MwR%VrJR**S!7-w$q=@PKvF$Yb+9F zvVEEDcJD-sP2$U9QZ@S^Wio8C{Lf}^^>HUar})`9y0Cw1=Dy%Nvt!^!#kFHc-Z8!+ z6H<@#Jr*4r`8bj-D5|ouxI#RVsR@h<)}PDRH6@2bNRI*=5Te)nf@K@5Y@$Zy*=<(w zo=1*NfyV)qa-&I*_6Gn}e&NR(`zR57uL#e~_LrN+Htw;3hxpSxv0JauwO-wQqA6b_ z#<5oYRwVl`^2Dk11;jGG0MP5MM2M}ouv{H<&;`r~w~^oOeZ4(uR2lgWw3; zlF~J`D5k~tJo+D0)$v ztlb{2a5xO0xV>v-$gc$dKF|j+&&7k!cb}Ik1OWz%J3V^|)zri_l&kTGtLh^w^)0QL zX`*<2$PW{VZ^|P|F}&%3UGAle1LdymW~x7&QF5%^@Uc=#Xn`@iws(}9o|cma-Xv!E zIN)AUPn36*@137lQ99eP#N_L*35YAl@Ah|M4BcBi!@4zDSF6+#!l;*Q4utUZhRM+5 z_U1lC=_roQe==$LkkH1w1D4f!0{$!@UF#TH8<%9!9Y}~&=K;67N8i&2d;9<#2R*u? z75kjmTFvyR(W!yr0|p4)t#j@7LO_x`rKRmX#?@8dUUypw)DXH{$SmCBXzuJ>_OBcn za%Zx>mS}G89erjfP-f^9`&SDht2~g%-&vwg|?&F4sLFV z^~=pDjuz0WJ1Of-l8E+B{u!BN$$QT0OiMJ(z2wg0zrw6jr@5|9{^8=tK#KA@ zIisI5o3v}&fR_ek5Fe=MV3E^Xo5`RXl7j+`Od6gy)>=6q|{^{G51GTz(7oMlR zc>{iUXO8s^gShXpF&O>7PZ>Plc+3_#wVrtPAOlpwHbkc8B(6NydOL? zu+DUQv$C~{X9}~-!_ac2D`v>U$M^${J$V+ABe%-nc20cZjBnG!7(h1;j{U}3aLw)M z={BQ~6IvfOmhU^bD+>2Xw>rly>h2wnSefcte0OcFuKsTe4MCnu^~aCxPtDubgb*p% z%xWtk|3Usyz9#S%UV$+#Cns?plSIJ|(tdi?1(DnU9|b`MMGDp!EsQjAH%VXD8#bJ3 zUHs6kx$$y79xdV?o3Rt_^?`e~;ZU#1Su8Dw+hn|*?DQw)jIZ1be^wH5lCaKiQdFI( z?Rd-AsP@hw66dNve0Wn8x*}`NQ3_yAla0%qBQl5~8c18Zx~j7B0>~{>l{O*mVLTix zK52QQG4;g@FJ&i*+i-`w%1$gjgfPdNmdakbJ~Q-#4NNH=g5deA!G4#R7}I|tL424b zHW=lX3mX0l`f53A-Mz2h4zazV;oZ9d4jZw^S~bZUpfi5;A3ZBQzwq%RU`?=Ll8`tB zB#EZeU9ToHK#|y6L;K2{eh_MYo)4fOE%|7?Q#l__+@7>?fK&;Z zy(WKK^stlio5T#S5@_<&XxWdx&SR3W1W-d5gLy^^4?EiT=KF`)mO(6Mio&YMcb=;< ztq3DbT2@3EXBxuDm-#tL$d&2INrECoC1~c^X}h4H1o-;uZSo`crpJb@W=5zjs*NLIg!j<>&YhXgZ;oN@=~7^-+bZr*}yQgH|ww#{t>@s^@j;+n3fd&`7aCdx#Y4O=Wv zyHEnL*g7vKW@7gPKx81fv_>Fra zDgkDuR?3zi$_&oC{QQf>NoHsI8-^2T{;O!5W95+!H0#MOOi|;>!{@)x)lB#U(!`A0~ zya{2MOV!O2Tj)rttnMw87%sB!+XcOmL6ec|7l?9n{#tJdl#3{&M3jI=@Oa0h#6(?U zmX5{)juTY_?MM4tLn_R z`u^=(^-L)?8N1jMad)P-q$1gQ$QR&NGythScKT9>^jZ-n+`YFngyD}p@e|KoaWF|0 z^KcSq*CT6RCnYg5@G8Ow0=*=!E`!xNVa+KT7B+5Bh z_@?i66DS5}cCv%boSQ4{vb}W4Bbd!%ae|gui)6LIaaRIIug?yh0*j<;WKRnV^SWX2^st^{#&h=m72t>4RuK zCBjb+ZM#b76lDLRdae?yk_5J4*Q2nDj!!tBpE+{o*1ap9dF1s8$Fa8duqk7Qc%Uk> zs{qtxOU}Z9MbwhM2pw5NPGXs`RQ>@LpPl3*89L285M*7TTY_BFYC%c14Vz4-e>_^R7o1K=FC|n%tPj85oM% zt=isE8CQ1XrxtsTFrDP8SEf$IJyw)3Vd6o-UsWM1-N-tWM+fxCJWRa(VdKIcaWMPI zs#P(3K0daBx>fwil_yGFfMY~FygCNYJi^Swdsk~{Y1!kY$BG5Hte1&c-XhiWK+Z^Z z?otk9^dWFChUfDN|=1p3v#&(DwX{^E#HDM52j zEqx0G=s1+BYmjN%>=I5-4#@;6KNtH&Nzdm}&e7wsv^C@5ci^u2lI$#v^|C#;V;Tz! zz1*AFGdks6$4rb!in^SQQCb%paqBJm%BM!JgzYK!)w;<#^_JAQzcbzQ3G|0w3WOGY zHpc!s_)b95fzE5ohx*7aU;~?#gXQz#dq9&zmYkYU4LGvWx=``TeEk0qVgC=wq|6Lx zIaUhFDQ9;-?pT?LVt2V*M(4IM7sO^DfAbU&&D@u8Bc*vBPTq2;B70(!GY**pba+|>yr z?i-$8E`_1#efrh`Yy!fJq~L|EOb<8gMl;4QlUg9$%l#Kyd03WwX~HO%#$D()ZH*gh zW$*Qic*kt5{>$$`{S22!xz4B7F0iR=DrT9_V^c%x&CGwmu?ch^$4b9S$2H7yKaWfH zLwyXShOb&=5)Ftdlib0BJJ&mp-7=io%r!+`4j^VH#Hp4v#75#HH7@%3IPiUZTdc$n z&0pHK>|*-B<^z0SDY!-M{vGFyla8e(U=r|>_0%F!2k!!&~ zbP^FyCJ$}Arv5uRWB?%DHkterPby8RNQ6oiw&lOY4i=`J_9{vZoQJT~M diff --git a/docs/sql/mssql/migration_1.6.0_1.7.0.sql b/docs/sql/mssql/migration_1.6.0_1.7.0.sql index 73e04a032..538b8f0bb 100644 --- a/docs/sql/mssql/migration_1.6.0_1.7.0.sql +++ b/docs/sql/mssql/migration_1.6.0_1.7.0.sql @@ -25,4 +25,20 @@ GO -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::3::Lubos Racansky -- Create a new sequence pa_app_conf_seq CREATE SEQUENCE pa_app_conf_seq START WITH 1 INCREMENT BY 1; -GO \ No newline at end of file +GO + +-- Changeset powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml::1::Jan Pesek +-- Create a new table pa_fido2_authenticator +CREATE TABLE pa_fido2_authenticator (aaguid varchar(255) NOT NULL, description varchar(255) NOT NULL, signature_type varchar(255) NOT NULL, CONSTRAINT PK_PA_FIDO2_AUTHENTICATOR PRIMARY KEY (aaguid)); +GO + +-- Changeset powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml::2::Jan Pesek +-- Insert initial data to pa_fido2_authenticator table +-- WARNING The following SQL may change each run and therefore is possibly incorrect and/or invalid: +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('12ded745-4bed-47d4-abaa-e713f51d6393', 'AllinPass FIDO', 'POSSESSION'),('b93fd961-f2e6-462f-b122-82002247de78', 'Android Authenticator with SafetyNet Attestation', 'POSSESSION'),('ad784498-1902-3f54-b99a-10bb7dbd9588', 'Apple MacBook Pro 14-inch, 2021', 'POSSESSION'),('4ae71336-e44b-39bf-b9d2-752e234818a5', 'Apple Passkeys', 'POSSESSION'),('d41f5a69-b817-4144-a13c-9ebd6d9254d6', 'ATKey.Card CTAP2.0', 'POSSESSION'),('e1a96183-5016-4f24-b55b-e3ae23614cc6', 'ATKey.Pro CTAP2.0', 'POSSESSION'),('e416201b-afeb-41ca-a03d-2281c28322aa', 'ATKey.Pro CTAP2.1', 'POSSESSION'),('ba76a271-6eb6-4171-874d-b6428dbe3437', 'ATKey.ProS', 'POSSESSION'),('1c086528-58d5-f211-823c-356786e36140', 'Atos CardOS FIDO2', 'POSSESSION'),('b6ede29c-3772-412c-8a78-539c1f4c62d2', 'BioPass FIDO Plus', 'POSSESSION'),('77010bd7-212a-4fc9-b236-d2ca5e9d4084', 'BioPass FIDO', 'POSSESSION'),('be727034-574a-f799-5c76-0929e0430973', 'Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)', 'POSSESSION'),('9c835346-796b-4c27-8898-d6032f515cc5', 'Cryptnox FIDO2', 'POSSESSION'),('454e5346-4944-4ffd-6c93-8e9267193e9a', 'Ensurity ThinC', 'POSSESSION'),('833b721a-ff5f-4d00-bb2e-bdda3ec01e29', 'ePassFIDO K10, A4B, K28', 'POSSESSION'),('ee041bce-25e5-4cdb-8f86-897fd6418464', 'ePassFIDO K39, NFC, NFC Plus', 'POSSESSION'),('5343502d-5343-5343-6172-644649444f32', 'ESS Smart Card Inc. Authenticator', 'POSSESSION'),('61250591-b2bc-4456-b719-0b17be90bb30', 'eWBM eFPA FIDO2 Authenticator', 'POSSESSION'),('3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'Feitian iePass FIDO Authenticator', 'POSSESSION'),('8c97a730-3f7b-41a6-87d6-1e9b62bda6f0', 'FIDO Fingerprint Card', 'POSSESSION'),('2c0df832-92de-4be1-8412-88a8f074df4a', 'FIDO Java Card', 'POSSESSION'),('f4c63eff-d26c-4248-801c-3736c7eaa93a', 'FIDO KeyPass S3', 'POSSESSION'),('9f0d8150-baa5-4c00-9299-ad62c8bb4e87', 'GoTrust Idem Card FIDO2 Authenticator', 'POSSESSION'),('3b1adb99-0dfe-46fd-90b8-7f7614a4de2a', 'GoTrust Idem Key FIDO2 Authenticator', 'POSSESSION'),('aeb6569c-f8fb-4950-ac60-24ca2bbe2e52', 'HID Crescendo C2300', 'POSSESSION'),('54d9fee8-e621-4291-8b18-7157b99c5bec', 'HID Crescendo Enabled', 'POSSESSION'),('692db549-7ae5-44d5-a1e5-dd20a493b723', 'HID Crescendo Key', 'POSSESSION'),('3e078ffd-4c54-4586-8baa-a77da113aec5', 'Hideez Key 3 FIDO2', 'POSSESSION'),('4e768f2c-5fab-48b3-b300-220eb487752b', 'Hideez Key 4 FIDO2 SDK', 'POSSESSION'),('d821a7d4-e97c-4cb6-bd82-4237731fd4be', 'Hyper FIDO Bio Security Key', 'POSSESSION'),('9f77e279-a6e2-4d58-b700-31e5943c6a98', 'Hyper FIDO Pro', 'POSSESSION'),('6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'iePass FIDO', 'POSSESSION'),('d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3', 'KEY-ID FIDO2 Authenticator', 'POSSESSION'),('310b2830-bd4a-4da5-832e-9a0dfc90abf2', 'MultiPass FIDO', 'POSSESSION'),('c5703116-972b-4851-a3e7-ae1259843399', 'NEOWAVE Badgeo FIDO2', 'POSSESSION'),('3789da91-f943-46bc-95c3-50ea2012f03a', 'NEOWAVE Winkeo FIDO2', 'POSSESSION'),('07a9f89c-6407-4594-9d56-621d5f1e358b', 'NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator', 'POSSESSION'),('a1f52be5-dfab-4364-b51c-2bd496b14a56', 'OCTATCO EzFinger2 FIDO2 AUTHENTICATOR', 'POSSESSION'),('bc2fe499-0d8e-4ffe-96f3-94a82840cf8c', 'OCTATCO EzQuant FIDO2 AUTHENTICATOR', 'POSSESSION'),('30b5035e-d297-4fc1-b00b-addc96ba6a97', 'OneSpan FIDO Touch', 'POSSESSION'),('88bbd2f0-342a-42e7-9729-dd158be5407a', 'Precision InnaIT Key FIDO 2 Level 2 certified', 'POSSESSION'),('149a2021-8ef6-4133-96b8-81f8d5b7f1f5', 'Security Key by Yubico with NFC', 'POSSESSION'),('6d44ba9b-f6ec-2e49-b930-0c8fe920cb73', 'Security Key by Yubico with NFC', 'POSSESSION'),('a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa', 'Security Key by Yubico with NFC', 'POSSESSION'),('b92c3f9a-c014-4056-887f-140a2501163b', 'Security Key by Yubico', 'POSSESSION'),('f8a011f3-8c0a-4d15-8006-17111f9edc7d', 'Security Key by Yubico', 'POSSESSION'),('0bb43545-fd2c-4185-87dd-feb0b2916ace', 'Security Key NFC by Yubico - Enterprise Edition', 'POSSESSION'),('516d3969-5a57-5651-5958-4e7a49434167', 'SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)', 'POSSESSION'),('8876631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'),('8976631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'),('9876631b-d4a0-427f-5773-0ec71c9e0279', 'Somu Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'); +GO + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('931327dd-c89b-406c-a81e-ed7058ef36c6', 'Swissbit iShield FIDO2', 'POSSESSION'),('efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4', 'Thales eToken FIDO', 'POSSESSION'),('b50d5e0a-7f81-4959-9b12-f45407407503', 'Thales IDPrime MD 3940 FIDO', 'POSSESSION'),('ab32f0c6-2239-afbb-c470-d2ef4e254db7', 'TOKEN2 FIDO2 Security Key', 'POSSESSION'),('95442b2e-f15e-4def-b270-efb106facb4e', 'TrustKey G310(H)', 'POSSESSION'),('87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c', 'TrustKey G320(H)', 'POSSESSION'),('da776f39-f6c8-4a89-b252-1d86137a46ba', 'TrustKey T110', 'POSSESSION'),('e3512a8a-62ae-11ea-bc55-0242ac130003', 'TrustKey T120', 'POSSESSION'),('73402251-f2a8-4f03-873e-3cb6db604b03', 'uTrust FIDO2 Security Key', 'POSSESSION'),('39a5647e-1853-446c-a1f6-a79bae9f5bc7', 'Vancosys Android Authenticator', 'POSSESSION'),('820d89ed-d65a-409e-85cb-f73f0578f82a', 'Vancosys iOS Authenticator', 'POSSESSION'),('5fdb81b8-53f0-4967-a881-f5ec26fe4d18', 'VinCSS FIDO2 Authenticator', 'POSSESSION'),('d7a423ad-3e19-4492-9200-78137dccc136', 'VivoKey Apex FIDO2', 'POSSESSION'),('08987058-cadc-4b81-b6e1-30de50dcbe96', 'Windows Hello Hardware Authenticator', 'POSSESSION'),('6028b017-b1d4-4c02-b4b3-afcdafc96bb2', 'Windows Hello Software Authenticator', 'POSSESSION'),('9ddd1817-af5a-4672-a2b9-3e3dd95000a9', 'Windows Hello VBS Hardware Authenticator', 'POSSESSION'),('504d7149-4e4c-3841-4555-55445a677357', 'WiSECURE AuthTron USB FIDO2 Authenticator', 'POSSESSION'),('57415531-2e31-4020-a020-323032343032', 'Wultra Authenticator 1', 'POSSESSION_KNOWLEDGE'),('c1f9a0bc-1dd2-404a-b27f-8e29047a43fd', 'YubiKey 5 FIPS Series with NFC', 'POSSESSION'),('73bb0cd4-e502-49b8-9c6f-b59445bf720b', 'YubiKey 5 FIPS Series', 'POSSESSION'),('34f5766d-1536-4a24-9033-0e294e510fb0', 'YubiKey 5 Series CTAP2.1 Preview Expired', 'POSSESSION'),('2fc0579f-8113-47ea-b116-bb5a8db9202a', 'YubiKey 5 Series with NFC', 'POSSESSION'),('fa2b99dc-9e39-4257-8f92-4a30d23c4118', 'YubiKey 5 Series with NFC', 'POSSESSION'),('cb69481e-8ff7-4039-93ec-0a2729a154a8', 'YubiKey 5 Series', 'POSSESSION'),('ee882879-721c-4913-9775-3dfcce97072a', 'YubiKey 5 Series', 'POSSESSION'),('85203421-48f9-4355-9bc8-8a53846e5083', 'YubiKey 5Ci FIPS', 'POSSESSION'),('c5ef55ff-ad9a-4b9f-b580-adebafe026d0', 'YubiKey 5Ci', 'POSSESSION'),('83c47309-aabb-4108-8470-8be838b573cb', 'YubiKey Bio Series (Enterprise Profile)', 'POSSESSION'),('d8522d9f-575b-4866-88a9-ba99fa02f35b', 'YubiKey Bio Series', 'POSSESSION'); +GO + +-- Changeset powerauth-java-server/1.7.x/20240222-add-tag-1.7.0.xml::1::Lubos Racansky diff --git a/docs/sql/oracle/migration_1.6.0_1.7.0.sql b/docs/sql/oracle/migration_1.6.0_1.7.0.sql index bb430b3f6..79acc7aac 100644 --- a/docs/sql/oracle/migration_1.6.0_1.7.0.sql +++ b/docs/sql/oracle/migration_1.6.0_1.7.0.sql @@ -20,3 +20,172 @@ CREATE INDEX pa_app_config_key_idx ON pa_application_config(config_key); -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::3::Lubos Racansky -- Create a new sequence pa_app_conf_seq CREATE SEQUENCE pa_app_conf_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml::1::Jan Pesek +-- Create a new table pa_fido2_authenticator +CREATE TABLE pa_fido2_authenticator (aaguid VARCHAR2(255) NOT NULL, description VARCHAR2(255) NOT NULL, signature_type VARCHAR2(255) NOT NULL, CONSTRAINT PK_PA_FIDO2_AUTHENTICATOR PRIMARY KEY (aaguid)); + +-- Changeset powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml::2::Jan Pesek +-- Insert initial data to pa_fido2_authenticator table +-- WARNING The following SQL may change each run and therefore is possibly incorrect and/or invalid: +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('12ded745-4bed-47d4-abaa-e713f51d6393', 'AllinPass FIDO', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('b93fd961-f2e6-462f-b122-82002247de78', 'Android Authenticator with SafetyNet Attestation', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('ad784498-1902-3f54-b99a-10bb7dbd9588', 'Apple MacBook Pro 14-inch, 2021', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('4ae71336-e44b-39bf-b9d2-752e234818a5', 'Apple Passkeys', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('d41f5a69-b817-4144-a13c-9ebd6d9254d6', 'ATKey.Card CTAP2.0', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('e1a96183-5016-4f24-b55b-e3ae23614cc6', 'ATKey.Pro CTAP2.0', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('e416201b-afeb-41ca-a03d-2281c28322aa', 'ATKey.Pro CTAP2.1', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('ba76a271-6eb6-4171-874d-b6428dbe3437', 'ATKey.ProS', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('1c086528-58d5-f211-823c-356786e36140', 'Atos CardOS FIDO2', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('b6ede29c-3772-412c-8a78-539c1f4c62d2', 'BioPass FIDO Plus', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('77010bd7-212a-4fc9-b236-d2ca5e9d4084', 'BioPass FIDO', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('be727034-574a-f799-5c76-0929e0430973', 'Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('9c835346-796b-4c27-8898-d6032f515cc5', 'Cryptnox FIDO2', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('454e5346-4944-4ffd-6c93-8e9267193e9a', 'Ensurity ThinC', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('833b721a-ff5f-4d00-bb2e-bdda3ec01e29', 'ePassFIDO K10, A4B, K28', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('ee041bce-25e5-4cdb-8f86-897fd6418464', 'ePassFIDO K39, NFC, NFC Plus', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('5343502d-5343-5343-6172-644649444f32', 'ESS Smart Card Inc. Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('61250591-b2bc-4456-b719-0b17be90bb30', 'eWBM eFPA FIDO2 Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'Feitian iePass FIDO Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('8c97a730-3f7b-41a6-87d6-1e9b62bda6f0', 'FIDO Fingerprint Card', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('2c0df832-92de-4be1-8412-88a8f074df4a', 'FIDO Java Card', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('f4c63eff-d26c-4248-801c-3736c7eaa93a', 'FIDO KeyPass S3', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('9f0d8150-baa5-4c00-9299-ad62c8bb4e87', 'GoTrust Idem Card FIDO2 Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('3b1adb99-0dfe-46fd-90b8-7f7614a4de2a', 'GoTrust Idem Key FIDO2 Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('aeb6569c-f8fb-4950-ac60-24ca2bbe2e52', 'HID Crescendo C2300', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('54d9fee8-e621-4291-8b18-7157b99c5bec', 'HID Crescendo Enabled', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('692db549-7ae5-44d5-a1e5-dd20a493b723', 'HID Crescendo Key', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('3e078ffd-4c54-4586-8baa-a77da113aec5', 'Hideez Key 3 FIDO2', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('4e768f2c-5fab-48b3-b300-220eb487752b', 'Hideez Key 4 FIDO2 SDK', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('d821a7d4-e97c-4cb6-bd82-4237731fd4be', 'Hyper FIDO Bio Security Key', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('9f77e279-a6e2-4d58-b700-31e5943c6a98', 'Hyper FIDO Pro', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'iePass FIDO', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3', 'KEY-ID FIDO2 Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('310b2830-bd4a-4da5-832e-9a0dfc90abf2', 'MultiPass FIDO', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('c5703116-972b-4851-a3e7-ae1259843399', 'NEOWAVE Badgeo FIDO2', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('3789da91-f943-46bc-95c3-50ea2012f03a', 'NEOWAVE Winkeo FIDO2', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('07a9f89c-6407-4594-9d56-621d5f1e358b', 'NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('a1f52be5-dfab-4364-b51c-2bd496b14a56', 'OCTATCO EzFinger2 FIDO2 AUTHENTICATOR', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('bc2fe499-0d8e-4ffe-96f3-94a82840cf8c', 'OCTATCO EzQuant FIDO2 AUTHENTICATOR', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('30b5035e-d297-4fc1-b00b-addc96ba6a97', 'OneSpan FIDO Touch', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('88bbd2f0-342a-42e7-9729-dd158be5407a', 'Precision InnaIT Key FIDO 2 Level 2 certified', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('149a2021-8ef6-4133-96b8-81f8d5b7f1f5', 'Security Key by Yubico with NFC', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('6d44ba9b-f6ec-2e49-b930-0c8fe920cb73', 'Security Key by Yubico with NFC', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa', 'Security Key by Yubico with NFC', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('b92c3f9a-c014-4056-887f-140a2501163b', 'Security Key by Yubico', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('f8a011f3-8c0a-4d15-8006-17111f9edc7d', 'Security Key by Yubico', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('0bb43545-fd2c-4185-87dd-feb0b2916ace', 'Security Key NFC by Yubico - Enterprise Edition', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('516d3969-5a57-5651-5958-4e7a49434167', 'SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('8876631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('8976631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('9876631b-d4a0-427f-5773-0ec71c9e0279', 'Somu Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('931327dd-c89b-406c-a81e-ed7058ef36c6', 'Swissbit iShield FIDO2', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4', 'Thales eToken FIDO', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('b50d5e0a-7f81-4959-9b12-f45407407503', 'Thales IDPrime MD 3940 FIDO', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('ab32f0c6-2239-afbb-c470-d2ef4e254db7', 'TOKEN2 FIDO2 Security Key', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('95442b2e-f15e-4def-b270-efb106facb4e', 'TrustKey G310(H)', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c', 'TrustKey G320(H)', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('da776f39-f6c8-4a89-b252-1d86137a46ba', 'TrustKey T110', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('e3512a8a-62ae-11ea-bc55-0242ac130003', 'TrustKey T120', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('73402251-f2a8-4f03-873e-3cb6db604b03', 'uTrust FIDO2 Security Key', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('39a5647e-1853-446c-a1f6-a79bae9f5bc7', 'Vancosys Android Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('820d89ed-d65a-409e-85cb-f73f0578f82a', 'Vancosys iOS Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('5fdb81b8-53f0-4967-a881-f5ec26fe4d18', 'VinCSS FIDO2 Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('d7a423ad-3e19-4492-9200-78137dccc136', 'VivoKey Apex FIDO2', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('08987058-cadc-4b81-b6e1-30de50dcbe96', 'Windows Hello Hardware Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('6028b017-b1d4-4c02-b4b3-afcdafc96bb2', 'Windows Hello Software Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('9ddd1817-af5a-4672-a2b9-3e3dd95000a9', 'Windows Hello VBS Hardware Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('504d7149-4e4c-3841-4555-55445a677357', 'WiSECURE AuthTron USB FIDO2 Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('57415531-2e31-4020-a020-323032343032', 'Wultra Authenticator 1', 'POSSESSION_KNOWLEDGE'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('c1f9a0bc-1dd2-404a-b27f-8e29047a43fd', 'YubiKey 5 FIPS Series with NFC', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('73bb0cd4-e502-49b8-9c6f-b59445bf720b', 'YubiKey 5 FIPS Series', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('34f5766d-1536-4a24-9033-0e294e510fb0', 'YubiKey 5 Series CTAP2.1 Preview Expired', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('2fc0579f-8113-47ea-b116-bb5a8db9202a', 'YubiKey 5 Series with NFC', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('fa2b99dc-9e39-4257-8f92-4a30d23c4118', 'YubiKey 5 Series with NFC', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('cb69481e-8ff7-4039-93ec-0a2729a154a8', 'YubiKey 5 Series', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('ee882879-721c-4913-9775-3dfcce97072a', 'YubiKey 5 Series', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('85203421-48f9-4355-9bc8-8a53846e5083', 'YubiKey 5Ci FIPS', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('c5ef55ff-ad9a-4b9f-b580-adebafe026d0', 'YubiKey 5Ci', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('83c47309-aabb-4108-8470-8be838b573cb', 'YubiKey Bio Series (Enterprise Profile)', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('d8522d9f-575b-4866-88a9-ba99fa02f35b', 'YubiKey Bio Series', 'POSSESSION'); + +-- Changeset powerauth-java-server/1.7.x/20240222-add-tag-1.7.0.xml::1::Lubos Racansky diff --git a/docs/sql/postgresql/migration_1.6.0_1.7.0.sql b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql index bd6529245..0cfbec1e8 100644 --- a/docs/sql/postgresql/migration_1.6.0_1.7.0.sql +++ b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql @@ -20,3 +20,16 @@ CREATE INDEX pa_app_config_key_idx ON pa_application_config(config_key); -- Changeset powerauth-java-server/1.7.x/20240212-application-config.xml::3::Lubos Racansky -- Create a new sequence pa_app_conf_seq CREATE SEQUENCE IF NOT EXISTS pa_app_conf_seq START WITH 1 INCREMENT BY 1 CACHE 20; + +-- Changeset powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml::1::Jan Pesek +-- Create a new table pa_fido2_authenticator +CREATE TABLE pa_fido2_authenticator (aaguid VARCHAR(255) NOT NULL, description VARCHAR(255) NOT NULL, signature_type VARCHAR(255) NOT NULL, CONSTRAINT pa_fido2_authenticator_pkey PRIMARY KEY (aaguid)); + +-- Changeset powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml::2::Jan Pesek +-- Insert initial data to pa_fido2_authenticator table +-- WARNING The following SQL may change each run and therefore is possibly incorrect and/or invalid: +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('12ded745-4bed-47d4-abaa-e713f51d6393', 'AllinPass FIDO', 'POSSESSION'),('b93fd961-f2e6-462f-b122-82002247de78', 'Android Authenticator with SafetyNet Attestation', 'POSSESSION'),('ad784498-1902-3f54-b99a-10bb7dbd9588', 'Apple MacBook Pro 14-inch, 2021', 'POSSESSION'),('4ae71336-e44b-39bf-b9d2-752e234818a5', 'Apple Passkeys', 'POSSESSION'),('d41f5a69-b817-4144-a13c-9ebd6d9254d6', 'ATKey.Card CTAP2.0', 'POSSESSION'),('e1a96183-5016-4f24-b55b-e3ae23614cc6', 'ATKey.Pro CTAP2.0', 'POSSESSION'),('e416201b-afeb-41ca-a03d-2281c28322aa', 'ATKey.Pro CTAP2.1', 'POSSESSION'),('ba76a271-6eb6-4171-874d-b6428dbe3437', 'ATKey.ProS', 'POSSESSION'),('1c086528-58d5-f211-823c-356786e36140', 'Atos CardOS FIDO2', 'POSSESSION'),('b6ede29c-3772-412c-8a78-539c1f4c62d2', 'BioPass FIDO Plus', 'POSSESSION'),('77010bd7-212a-4fc9-b236-d2ca5e9d4084', 'BioPass FIDO', 'POSSESSION'),('be727034-574a-f799-5c76-0929e0430973', 'Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)', 'POSSESSION'),('9c835346-796b-4c27-8898-d6032f515cc5', 'Cryptnox FIDO2', 'POSSESSION'),('454e5346-4944-4ffd-6c93-8e9267193e9a', 'Ensurity ThinC', 'POSSESSION'),('833b721a-ff5f-4d00-bb2e-bdda3ec01e29', 'ePassFIDO K10, A4B, K28', 'POSSESSION'),('ee041bce-25e5-4cdb-8f86-897fd6418464', 'ePassFIDO K39, NFC, NFC Plus', 'POSSESSION'),('5343502d-5343-5343-6172-644649444f32', 'ESS Smart Card Inc. Authenticator', 'POSSESSION'),('61250591-b2bc-4456-b719-0b17be90bb30', 'eWBM eFPA FIDO2 Authenticator', 'POSSESSION'),('3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'Feitian iePass FIDO Authenticator', 'POSSESSION'),('8c97a730-3f7b-41a6-87d6-1e9b62bda6f0', 'FIDO Fingerprint Card', 'POSSESSION'),('2c0df832-92de-4be1-8412-88a8f074df4a', 'FIDO Java Card', 'POSSESSION'),('f4c63eff-d26c-4248-801c-3736c7eaa93a', 'FIDO KeyPass S3', 'POSSESSION'),('9f0d8150-baa5-4c00-9299-ad62c8bb4e87', 'GoTrust Idem Card FIDO2 Authenticator', 'POSSESSION'),('3b1adb99-0dfe-46fd-90b8-7f7614a4de2a', 'GoTrust Idem Key FIDO2 Authenticator', 'POSSESSION'),('aeb6569c-f8fb-4950-ac60-24ca2bbe2e52', 'HID Crescendo C2300', 'POSSESSION'),('54d9fee8-e621-4291-8b18-7157b99c5bec', 'HID Crescendo Enabled', 'POSSESSION'),('692db549-7ae5-44d5-a1e5-dd20a493b723', 'HID Crescendo Key', 'POSSESSION'),('3e078ffd-4c54-4586-8baa-a77da113aec5', 'Hideez Key 3 FIDO2', 'POSSESSION'),('4e768f2c-5fab-48b3-b300-220eb487752b', 'Hideez Key 4 FIDO2 SDK', 'POSSESSION'),('d821a7d4-e97c-4cb6-bd82-4237731fd4be', 'Hyper FIDO Bio Security Key', 'POSSESSION'),('9f77e279-a6e2-4d58-b700-31e5943c6a98', 'Hyper FIDO Pro', 'POSSESSION'),('6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'iePass FIDO', 'POSSESSION'),('d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3', 'KEY-ID FIDO2 Authenticator', 'POSSESSION'),('310b2830-bd4a-4da5-832e-9a0dfc90abf2', 'MultiPass FIDO', 'POSSESSION'),('c5703116-972b-4851-a3e7-ae1259843399', 'NEOWAVE Badgeo FIDO2', 'POSSESSION'),('3789da91-f943-46bc-95c3-50ea2012f03a', 'NEOWAVE Winkeo FIDO2', 'POSSESSION'),('07a9f89c-6407-4594-9d56-621d5f1e358b', 'NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator', 'POSSESSION'),('a1f52be5-dfab-4364-b51c-2bd496b14a56', 'OCTATCO EzFinger2 FIDO2 AUTHENTICATOR', 'POSSESSION'),('bc2fe499-0d8e-4ffe-96f3-94a82840cf8c', 'OCTATCO EzQuant FIDO2 AUTHENTICATOR', 'POSSESSION'),('30b5035e-d297-4fc1-b00b-addc96ba6a97', 'OneSpan FIDO Touch', 'POSSESSION'),('88bbd2f0-342a-42e7-9729-dd158be5407a', 'Precision InnaIT Key FIDO 2 Level 2 certified', 'POSSESSION'),('149a2021-8ef6-4133-96b8-81f8d5b7f1f5', 'Security Key by Yubico with NFC', 'POSSESSION'),('6d44ba9b-f6ec-2e49-b930-0c8fe920cb73', 'Security Key by Yubico with NFC', 'POSSESSION'),('a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa', 'Security Key by Yubico with NFC', 'POSSESSION'),('b92c3f9a-c014-4056-887f-140a2501163b', 'Security Key by Yubico', 'POSSESSION'),('f8a011f3-8c0a-4d15-8006-17111f9edc7d', 'Security Key by Yubico', 'POSSESSION'),('0bb43545-fd2c-4185-87dd-feb0b2916ace', 'Security Key NFC by Yubico - Enterprise Edition', 'POSSESSION'),('516d3969-5a57-5651-5958-4e7a49434167', 'SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)', 'POSSESSION'),('8876631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'),('8976631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'),('9876631b-d4a0-427f-5773-0ec71c9e0279', 'Somu Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'); + +INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('931327dd-c89b-406c-a81e-ed7058ef36c6', 'Swissbit iShield FIDO2', 'POSSESSION'),('efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4', 'Thales eToken FIDO', 'POSSESSION'),('b50d5e0a-7f81-4959-9b12-f45407407503', 'Thales IDPrime MD 3940 FIDO', 'POSSESSION'),('ab32f0c6-2239-afbb-c470-d2ef4e254db7', 'TOKEN2 FIDO2 Security Key', 'POSSESSION'),('95442b2e-f15e-4def-b270-efb106facb4e', 'TrustKey G310(H)', 'POSSESSION'),('87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c', 'TrustKey G320(H)', 'POSSESSION'),('da776f39-f6c8-4a89-b252-1d86137a46ba', 'TrustKey T110', 'POSSESSION'),('e3512a8a-62ae-11ea-bc55-0242ac130003', 'TrustKey T120', 'POSSESSION'),('73402251-f2a8-4f03-873e-3cb6db604b03', 'uTrust FIDO2 Security Key', 'POSSESSION'),('39a5647e-1853-446c-a1f6-a79bae9f5bc7', 'Vancosys Android Authenticator', 'POSSESSION'),('820d89ed-d65a-409e-85cb-f73f0578f82a', 'Vancosys iOS Authenticator', 'POSSESSION'),('5fdb81b8-53f0-4967-a881-f5ec26fe4d18', 'VinCSS FIDO2 Authenticator', 'POSSESSION'),('d7a423ad-3e19-4492-9200-78137dccc136', 'VivoKey Apex FIDO2', 'POSSESSION'),('08987058-cadc-4b81-b6e1-30de50dcbe96', 'Windows Hello Hardware Authenticator', 'POSSESSION'),('6028b017-b1d4-4c02-b4b3-afcdafc96bb2', 'Windows Hello Software Authenticator', 'POSSESSION'),('9ddd1817-af5a-4672-a2b9-3e3dd95000a9', 'Windows Hello VBS Hardware Authenticator', 'POSSESSION'),('504d7149-4e4c-3841-4555-55445a677357', 'WiSECURE AuthTron USB FIDO2 Authenticator', 'POSSESSION'),('57415531-2e31-4020-a020-323032343032', 'Wultra Authenticator 1', 'POSSESSION_KNOWLEDGE'),('c1f9a0bc-1dd2-404a-b27f-8e29047a43fd', 'YubiKey 5 FIPS Series with NFC', 'POSSESSION'),('73bb0cd4-e502-49b8-9c6f-b59445bf720b', 'YubiKey 5 FIPS Series', 'POSSESSION'),('34f5766d-1536-4a24-9033-0e294e510fb0', 'YubiKey 5 Series CTAP2.1 Preview Expired', 'POSSESSION'),('2fc0579f-8113-47ea-b116-bb5a8db9202a', 'YubiKey 5 Series with NFC', 'POSSESSION'),('fa2b99dc-9e39-4257-8f92-4a30d23c4118', 'YubiKey 5 Series with NFC', 'POSSESSION'),('cb69481e-8ff7-4039-93ec-0a2729a154a8', 'YubiKey 5 Series', 'POSSESSION'),('ee882879-721c-4913-9775-3dfcce97072a', 'YubiKey 5 Series', 'POSSESSION'),('85203421-48f9-4355-9bc8-8a53846e5083', 'YubiKey 5Ci FIPS', 'POSSESSION'),('c5ef55ff-ad9a-4b9f-b580-adebafe026d0', 'YubiKey 5Ci', 'POSSESSION'),('83c47309-aabb-4108-8470-8be838b573cb', 'YubiKey Bio Series (Enterprise Profile)', 'POSSESSION'),('d8522d9f-575b-4866-88a9-ba99fa02f35b', 'YubiKey Bio Series', 'POSSESSION'); + +-- Changeset powerauth-java-server/1.7.x/20240222-add-tag-1.7.0.xml::1::Lubos Racansky diff --git a/powerauth-fido2/pom.xml b/powerauth-fido2/pom.xml index 139030213..881967b4a 100644 --- a/powerauth-fido2/pom.xml +++ b/powerauth-fido2/pom.xml @@ -39,6 +39,14 @@ org.springframework.boot spring-boot-starter-validation + + org.springframework.boot + spring-boot-starter-data-jpa + + + org.springframework.boot + spring-boot-starter-cache + io.swagger.core.v3 swagger-annotations-jakarta diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/config/CachingConfig.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/config/CachingConfig.java new file mode 100644 index 000000000..7c6bb99c0 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/config/CachingConfig.java @@ -0,0 +1,41 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.config; + +import lombok.extern.slf4j.Slf4j; +import org.springframework.cache.annotation.CacheEvict; +import org.springframework.context.annotation.Configuration; +import org.springframework.scheduling.annotation.Scheduled; + +/** + * Configuration of the FIDO2 Authenticators cache periodical eviction. + * + * @author Jan Pesek, jan.pesek@wultra.com + */ +@Configuration +@Slf4j +public class CachingConfig { + + @CacheEvict(value = "fido2-authenticators-cache", allEntries = true) + @Scheduled(fixedDelayString = "${powerauth.service.scheduled.job.fido2AuthenticatorCacheEviction:3600000}") + public void evictFido2AuthenticatorCache() { + logger.debug("Flush FIDO2 Authenticators cache."); + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/database/entity/Fido2AuthenticatorEntity.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/database/entity/Fido2AuthenticatorEntity.java new file mode 100644 index 000000000..2a8c905a6 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/database/entity/Fido2AuthenticatorEntity.java @@ -0,0 +1,69 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.database.entity; + +import com.wultra.security.powerauth.client.model.enumeration.SignatureType; +import jakarta.persistence.*; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import org.springframework.data.util.ProxyUtils; + +import java.io.Serial; +import java.io.Serializable; +import java.util.Objects; + +/** + * Entity representing a FIDO2 Authenticator details. + * + * @author Jan Pesek, jan.pesek@wultra.com + */ +@Entity +@Table(name = "pa_fido2_authenticator") +@Getter @Setter @ToString +public class Fido2AuthenticatorEntity implements Serializable { + + @Serial + private static final long serialVersionUID = -8651010447132056907L; + + @Id + @Column(name = "aaguid") + private String aaguid; + + @Column(name = "description", nullable = false) + private String description; + + @Enumerated(EnumType.STRING) + @Column(name = "signature_type", nullable = false) + private SignatureType signatureType; + + @Override + public boolean equals(final Object o) { + if (this == o) return true; + if (o == null || !this.getClass().equals(ProxyUtils.getUserClass(o))) return false; + final Fido2AuthenticatorEntity entity = (Fido2AuthenticatorEntity) o; + return Objects.equals(aaguid, entity.aaguid); + } + + @Override + public int hashCode() { + return Objects.hash(aaguid); + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/database/repository/Fido2AuthenticatorRepository.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/database/repository/Fido2AuthenticatorRepository.java new file mode 100644 index 000000000..ddf17103d --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/database/repository/Fido2AuthenticatorRepository.java @@ -0,0 +1,32 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.database.repository; + +import com.wultra.powerauth.fido2.database.entity.Fido2AuthenticatorEntity; +import org.springframework.data.repository.CrudRepository; +import org.springframework.stereotype.Repository; + +/** + * Database repository for accessing FIDO2 Authenticators details. + * + * @author Jan Pesek, jan.pesek@wultra.com + */ +@Repository +public interface Fido2AuthenticatorRepository extends CrudRepository { +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index 8cc419b92..f55eac03c 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -19,13 +19,15 @@ package com.wultra.powerauth.fido2.rest.model.converter; import com.fasterxml.jackson.core.JsonProcessingException; -import com.wultra.powerauth.fido2.rest.model.entity.Fido2Authenticators; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorParameters; import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; import com.wultra.powerauth.fido2.rest.model.response.RegistrationResponse; +import com.wultra.powerauth.fido2.service.Fido2AuthenticatorService; +import com.wultra.powerauth.fido2.service.model.Fido2Authenticator; import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; +import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -40,26 +42,26 @@ * @author Petr Dvorak, petr@wultra.com */ @Component +@AllArgsConstructor @Slf4j public class RegistrationConverter { + private final Fido2AuthenticatorService fido2AuthenticatorService; + /** * Convert registration challenge to authenticator detail. * @param challenge Registration challenge. * @param requestObject Registration request. - * @param aaguid AAGUID bytes. + * @param model FIDO2 Authenticator details. * @param publicKey Public key bytes. * @return Authenticator detail, if present. */ - public Optional convert(RegistrationChallenge challenge, RegistrationRequest requestObject, byte[] aaguid, byte[] publicKey) { + public Optional convert(RegistrationChallenge challenge, RegistrationRequest requestObject, Fido2Authenticator model, byte[] publicKey) { try { final AuthenticatorDetail authenticatorDetail = new AuthenticatorDetail(); authenticatorDetail.setUserId(challenge.getUserId()); authenticatorDetail.setActivationId(challenge.getActivationId()); authenticatorDetail.setApplicationId(challenge.getApplicationId()); - - final Fido2Authenticators.Model model = Fido2Authenticators.modelByAaguid(aaguid); - authenticatorDetail.setCredentialId(requestObject.getAuthenticatorParameters().getCredentialId()); authenticatorDetail.setExtras(convertExtras(requestObject)); authenticatorDetail.setActivationName(requestObject.getActivationName()); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2Authenticators.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2Authenticators.java deleted file mode 100644 index e17818383..000000000 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2Authenticators.java +++ /dev/null @@ -1,253 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.powerauth.fido2.rest.model.entity; - -import com.wultra.security.powerauth.client.model.enumeration.SignatureType; -import lombok.Data; -import lombok.extern.slf4j.Slf4j; - -import java.nio.ByteBuffer; -import java.util.*; -import java.util.function.Function; -import java.util.stream.Collectors; - -/** - * Class containing map of all known FIDO2 AAGUID authenticator identifiers. - * - * @author Petr Dvorak, petr@wultra.com - */ -@Slf4j -public final class Fido2Authenticators { - - /** - * Model record representing an authenticator model. It associates the AAGUID value to a descriptive name - * and expected authentication factors available with a given authenticator. Most authenticators are set to - * provide only the possession factor on approval. In case the authenticator has a biometric sensor, it will be - * represented - */ - public record Model (UUID aaguid, String description, SignatureType signatureType) { - - public static Model of(String aaguid, String description) { - return new Model(UUID.fromString(aaguid), description, SignatureType.POSSESSION); - } - - public static Model of(String aaguid, String description, SignatureType signatureType) { - return new Model(UUID.fromString(aaguid), description, signatureType); - } - - public static Model unknown(UUID aaguid) { - return new Model(aaguid, "Unknown FIDO2 Authenticator", SignatureType.POSSESSION); - } - - public static Model unknown() { - return new Model(null, "Unknown FIDO2 Authenticator", SignatureType.POSSESSION); - } - - } - - private static final Set MODELS = Set.of( - // Android - Model.of("b93fd961-f2e6-462f-b122-82002247de78", "Android Authenticator with SafetyNet Attestation"), - - // ATKey - Model.of("ba76a271-6eb6-4171-874d-b6428dbe3437", "ATKey.ProS"), - Model.of("d41f5a69-b817-4144-a13c-9ebd6d9254d6", "ATKey.Card CTAP2.0"), - Model.of("e1a96183-5016-4f24-b55b-e3ae23614cc6", "ATKey.Pro CTAP2.0"), - Model.of("e416201b-afeb-41ca-a03d-2281c28322aa", "ATKey.Pro CTAP2.1"), - - // Atos - Model.of("1c086528-58d5-f211-823c-356786e36140", "Atos CardOS FIDO2"), - - // Crayonic - Model.of("be727034-574a-f799-5c76-0929e0430973", "Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)"), - - // Cryptnox - Model.of("9c835346-796b-4c27-8898-d6032f515cc5", "Cryptnox FIDO2"), - - // Ensurity - Model.of("454e5346-4944-4ffd-6c93-8e9267193e9a", "Ensurity ThinC"), - - // ESS - Model.of("5343502d-5343-5343-6172-644649444f32", "ESS Smart Card Inc. Authenticator"), - - // eWBM - Model.of("61250591-b2bc-4456-b719-0b17be90bb30", "eWBM eFPA FIDO2 Authenticator"), - - // FEITIAN - Model.of("12ded745-4bed-47d4-abaa-e713f51d6393", "AllinPass FIDO"), - Model.of("2c0df832-92de-4be1-8412-88a8f074df4a", "FIDO Java Card"), - Model.of("310b2830-bd4a-4da5-832e-9a0dfc90abf2", "MultiPass FIDO"), - Model.of("3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d", "Feitian iePass FIDO Authenticator"), - Model.of("6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d", "iePass FIDO"), - Model.of("77010bd7-212a-4fc9-b236-d2ca5e9d4084", "BioPass FIDO"), - Model.of("833b721a-ff5f-4d00-bb2e-bdda3ec01e29", "ePassFIDO K10, A4B, K28"), - Model.of("8c97a730-3f7b-41a6-87d6-1e9b62bda6f0", "FIDO Fingerprint Card"), - Model.of("b6ede29c-3772-412c-8a78-539c1f4c62d2", "BioPass FIDO Plus"), - Model.of("ee041bce-25e5-4cdb-8f86-897fd6418464", "ePassFIDO K39, NFC, NFC Plus"), - - // GoTrust - Model.of("3b1adb99-0dfe-46fd-90b8-7f7614a4de2a", "GoTrust Idem Key FIDO2 Authenticator"), - Model.of("9f0d8150-baa5-4c00-9299-ad62c8bb4e87", "GoTrust Idem Card FIDO2 Authenticator"), - - // HID Global - Model.of("54d9fee8-e621-4291-8b18-7157b99c5bec", "HID Crescendo Enabled"), - Model.of("692db549-7ae5-44d5-a1e5-dd20a493b723", "HID Crescendo Key"), - Model.of("aeb6569c-f8fb-4950-ac60-24ca2bbe2e52", "HID Crescendo C2300"), - - // Hideez - Model.of("3e078ffd-4c54-4586-8baa-a77da113aec5", "Hideez Key 3 FIDO2"), - Model.of("4e768f2c-5fab-48b3-b300-220eb487752b", "Hideez Key 4 FIDO2 SDK"), - - // Hyper - Model.of("9f77e279-a6e2-4d58-b700-31e5943c6a98", "Hyper FIDO Pro"), - Model.of("d821a7d4-e97c-4cb6-bd82-4237731fd4be", "Hyper FIDO Bio Security Key"), - - // MKGroup - Model.of("f4c63eff-d26c-4248-801c-3736c7eaa93a", "FIDO KeyPass S3"), - - // KEY-ID - Model.of("d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3", "KEY-ID FIDO2 Authenticator"), - - // NEOWAVE - Model.of("3789da91-f943-46bc-95c3-50ea2012f03a", "NEOWAVE Winkeo FIDO2"), - Model.of("c5703116-972b-4851-a3e7-ae1259843399", "NEOWAVE Badgeo FIDO2"), - - // NXP Semiconductors - Model.of("07a9f89c-6407-4594-9d56-621d5f1e358b", "NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator"), - - // OCTATCO - Model.of("a1f52be5-dfab-4364-b51c-2bd496b14a56", "OCTATCO EzFinger2 FIDO2 AUTHENTICATOR"), - Model.of("bc2fe499-0d8e-4ffe-96f3-94a82840cf8c", "OCTATCO EzQuant FIDO2 AUTHENTICATOR"), - - // OneSpan - Model.of("30b5035e-d297-4fc1-b00b-addc96ba6a97", "OneSpan FIDO Touch"), - - // Precision InnaIT - Model.of("88bbd2f0-342a-42e7-9729-dd158be5407a", "Precision InnaIT Key FIDO 2 Level 2 certified"), - - // SmartDisplayer - Model.of("516d3969-5a57-5651-5958-4e7a49434167", "SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)"), - - // Solo - Model.of("8876631b-d4a0-427f-5773-0ec71c9e0279", "Solo Secp256R1 FIDO2 CTAP2 Authenticator"), - Model.of("8976631b-d4a0-427f-5773-0ec71c9e0279", "Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator"), - - // Somu - Model.of("9876631b-d4a0-427f-5773-0ec71c9e0279", "Somu Secp256R1 FIDO2 CTAP2 Authenticator"), - - // Swissbit - Model.of("931327dd-c89b-406c-a81e-ed7058ef36c6", "Swissbit iShield FIDO2"), - - // Thales - Model.of("b50d5e0a-7f81-4959-9b12-f45407407503", "Thales IDPrime MD 3940 FIDO"), - Model.of("efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4", "Thales eToken FIDO"), - - // TrustKey - Model.of("95442b2e-f15e-4def-b270-efb106facb4e", "TrustKey G310(H)"), - Model.of("87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c", "TrustKey G320(H)"), - Model.of("da776f39-f6c8-4a89-b252-1d86137a46ba", "TrustKey T110"), - Model.of("e3512a8a-62ae-11ea-bc55-0242ac130003", "TrustKey T120"), - - // TOKEN2 - Model.of("ab32f0c6-2239-afbb-c470-d2ef4e254db7", "TOKEN2 FIDO2 Security Key"), - - // uTrust - Model.of("73402251-f2a8-4f03-873e-3cb6db604b03", "uTrust FIDO2 Security Key"), - - // Vancosys - Model.of("39a5647e-1853-446c-a1f6-a79bae9f5bc7", "Vancosys Android Authenticator"), - Model.of("820d89ed-d65a-409e-85cb-f73f0578f82a", "Vancosys iOS Authenticator"), - - // VinCSS - Model.of("5fdb81b8-53f0-4967-a881-f5ec26fe4d18", "VinCSS FIDO2 Authenticator"), - - // VivoKey - Model.of("d7a423ad-3e19-4492-9200-78137dccc136", "VivoKey Apex FIDO2"), - - // Windows Hello - Model.of("08987058-cadc-4b81-b6e1-30de50dcbe96", "Windows Hello Hardware Authenticator"), - Model.of("6028b017-b1d4-4c02-b4b3-afcdafc96bb2", "Windows Hello Software Authenticator"), - Model.of("9ddd1817-af5a-4672-a2b9-3e3dd95000a9", "Windows Hello VBS Hardware Authenticator"), - - // WiSECURE - Model.of("504d7149-4e4c-3841-4555-55445a677357", "WiSECURE AuthTron USB FIDO2 Authenticator"), - - // Wultra - Model.of("57415531-2e31-4020-a020-323032343032", "Wultra Authenticator 1", SignatureType.POSSESSION_KNOWLEDGE), - - // Yubico - Model.of("0bb43545-fd2c-4185-87dd-feb0b2916ace", "Security Key NFC by Yubico - Enterprise Edition"), - Model.of("149a2021-8ef6-4133-96b8-81f8d5b7f1f5", "Security Key by Yubico with NFC"), - Model.of("2fc0579f-8113-47ea-b116-bb5a8db9202a", "YubiKey 5 Series with NFC"), - Model.of("6d44ba9b-f6ec-2e49-b930-0c8fe920cb73", "Security Key by Yubico with NFC"), - Model.of("73bb0cd4-e502-49b8-9c6f-b59445bf720b", "YubiKey 5 FIPS Series"), - Model.of("85203421-48f9-4355-9bc8-8a53846e5083", "YubiKey 5Ci FIPS"), - Model.of("a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa", "Security Key by Yubico with NFC"), - Model.of("b92c3f9a-c014-4056-887f-140a2501163b", "Security Key by Yubico"), - Model.of("c1f9a0bc-1dd2-404a-b27f-8e29047a43fd", "YubiKey 5 FIPS Series with NFC"), - Model.of("c5ef55ff-ad9a-4b9f-b580-adebafe026d0", "YubiKey 5Ci"), - Model.of("cb69481e-8ff7-4039-93ec-0a2729a154a8", "YubiKey 5 Series"), - Model.of("d8522d9f-575b-4866-88a9-ba99fa02f35b", "YubiKey Bio Series"), - Model.of("ee882879-721c-4913-9775-3dfcce97072a", "YubiKey 5 Series"), - Model.of("f8a011f3-8c0a-4d15-8006-17111f9edc7d", "Security Key by Yubico"), - Model.of("fa2b99dc-9e39-4257-8f92-4a30d23c4118", "YubiKey 5 Series with NFC"), - Model.of("34f5766d-1536-4a24-9033-0e294e510fb0", "YubiKey 5 Series CTAP2.1 Preview Expired"), - Model.of("83c47309-aabb-4108-8470-8be838b573cb", "YubiKey Bio Series (Enterprise Profile)"), - - // Other authenticators - Model.of("ad784498-1902-3f54-b99a-10bb7dbd9588", "Apple MacBook Pro 14-inch, 2021"), - Model.of("4ae71336-e44b-39bf-b9d2-752e234818a5", "Apple Passkeys") - - ); - - private static final Map MODEL_MAP = initializeFromModels(); // prepare a quick to query map with models addressed by AAGUID - - private static Map initializeFromModels() { - return MODELS.stream().collect(Collectors.toMap(Model::aaguid, Function.identity())); - } - - private Fido2Authenticators() { - throw new IllegalStateException("Should not be instantiated"); - } - - /** - * Return model by AAGUID value. In case the AAGUID is not known, the method returns model with the provided - * AAGUID and generic name for unknown authenticator. - * - * @param aaguid AAGUID value. - * @return Model. - */ - public static Model modelByAaguid(final byte[] aaguid) { - final UUID uuid = uuidFromBytes(aaguid); - if (uuid == null) { - return Model.unknown(); - } - return Objects.requireNonNullElse(MODEL_MAP.get(uuid), Model.unknown(uuid)); - } - - private static UUID uuidFromBytes(byte[] bytes) { - if (bytes == null || bytes.length != 16) { // strange byte array length, UUID requires 16 bytes - logger.debug("Invalid byte length provided for UUID: {}", bytes); - return null; - } - final ByteBuffer bb = ByteBuffer.wrap(bytes); - return new UUID(bb.getLong(), bb.getLong()); - } - -} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java new file mode 100644 index 000000000..4febe2ae1 --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java @@ -0,0 +1,86 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.service; + +import com.wultra.powerauth.fido2.database.entity.Fido2AuthenticatorEntity; +import com.wultra.powerauth.fido2.database.repository.Fido2AuthenticatorRepository; +import com.wultra.powerauth.fido2.service.model.Fido2Authenticator; +import com.wultra.security.powerauth.client.model.enumeration.SignatureType; +import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.cache.annotation.Cacheable; +import org.springframework.stereotype.Service; + +import java.nio.ByteBuffer; +import java.util.UUID; + +/** + * Service related to manage FIDO2 Authenticator details. + * + * @author Jan Pesek, jan.pesek@wultra.com + */ +@Service +@AllArgsConstructor +@Slf4j +public class Fido2AuthenticatorService { + + private static final String UNKNOWN_AUTHENTICATOR_DESCRIPTION = "Unknown FIDO2 Authenticator"; + private static final SignatureType UNKNOWN_AUTHENTICATOR_SIGNATURE_TYPE = SignatureType.POSSESSION; + + private final Fido2AuthenticatorRepository fido2AuthenticatorRepository; + + /** + * Retrieve FIDO2 Authenticator details from database by its aaguid. + * If it does not exist, return unknown Fido2Authenticator. + * @param aaguid Authenticator identifier. + * @return Fido2Authenticator with registered details. + */ + @Cacheable("fido2-authenticators-cache") + public Fido2Authenticator findByAaguid(final byte[] aaguid) { + final UUID uuid = uuidFromBytes(aaguid); + if (uuid == null) { + return unknownAuthenticator(); + } + return fido2AuthenticatorRepository.findById(uuid.toString()) + .map(Fido2AuthenticatorService::convert) + .orElseGet(() -> unknownAuthenticator(uuid)); + } + + private static Fido2Authenticator convert(final Fido2AuthenticatorEntity entity) { + return new Fido2Authenticator(UUID.fromString(entity.getAaguid()), entity.getDescription(), entity.getSignatureType()); + } + + private static Fido2Authenticator unknownAuthenticator() { + return new Fido2Authenticator(null, UNKNOWN_AUTHENTICATOR_DESCRIPTION, UNKNOWN_AUTHENTICATOR_SIGNATURE_TYPE); + } + + private static Fido2Authenticator unknownAuthenticator(final UUID aaguid) { + return new Fido2Authenticator(aaguid, UNKNOWN_AUTHENTICATOR_DESCRIPTION, UNKNOWN_AUTHENTICATOR_SIGNATURE_TYPE); + } + + private static UUID uuidFromBytes(final byte[] bytes) { + if (bytes == null || bytes.length != 16) { // strange byte array length, UUID requires 16 bytes + logger.debug("Invalid byte length provided for UUID: {}", bytes); + return null; + } + final ByteBuffer bb = ByteBuffer.wrap(bytes); + return new UUID(bb.getLong(), bb.getLong()); + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index b3ae8acdc..34b6e6b3d 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -28,6 +28,7 @@ import com.wultra.powerauth.fido2.rest.model.response.RegistrationChallengeResponse; import com.wultra.powerauth.fido2.rest.model.response.RegistrationResponse; import com.wultra.powerauth.fido2.rest.model.validator.RegistrationRequestValidator; +import com.wultra.powerauth.fido2.service.model.Fido2Authenticator; import com.wultra.powerauth.fido2.service.provider.AuthenticatorProvider; import com.wultra.powerauth.fido2.service.provider.CryptographyService; import com.wultra.powerauth.fido2.service.provider.RegistrationProvider; @@ -35,8 +36,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import java.util.Optional; - /** * Service related to handling registrations. * @@ -52,6 +51,7 @@ public class RegistrationService { private final RegistrationConverter registrationConverter; private final RegistrationRequestValidator registrationRequestValidator; private final CryptographyService cryptographyService; + private final Fido2AuthenticatorService fido2AuthenticatorService; /** * Registration service. @@ -62,15 +62,17 @@ public class RegistrationService { * @param registrationConverter Registration converter. * @param registrationRequestValidator Registration request validator. * @param cryptographyService Cryptography service. + * @param fido2AuthenticatorService FIDO2 Authenticator details service. */ @Autowired - public RegistrationService(AuthenticatorProvider authenticatorProvider, RegistrationProvider registrationProvider, RegistrationChallengeConverter registrationChallengeConverter, RegistrationConverter registrationConverter, RegistrationRequestValidator registrationRequestValidator, CryptographyService cryptographyService) { + public RegistrationService(AuthenticatorProvider authenticatorProvider, RegistrationProvider registrationProvider, RegistrationChallengeConverter registrationChallengeConverter, RegistrationConverter registrationConverter, RegistrationRequestValidator registrationRequestValidator, CryptographyService cryptographyService, Fido2AuthenticatorService fido2AuthenticatorService) { this.authenticatorProvider = authenticatorProvider; this.registrationProvider = registrationProvider; this.registrationChallengeConverter = registrationChallengeConverter; this.registrationConverter = registrationConverter; this.registrationRequestValidator = registrationRequestValidator; this.cryptographyService = cryptographyService; + this.fido2AuthenticatorService = fido2AuthenticatorService; } /** @@ -145,10 +147,11 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E logger.info("No signature verification on registration"); } + final Fido2Authenticator model = fido2AuthenticatorService.findByAaguid(aaguid); final RegistrationChallenge challenge = registrationProvider.findRegistrationChallengeByValue(applicationId, challengeValue); - final Optional authenticatorOptional = registrationConverter.convert(challenge, requestObject, attestedCredentialData.getAaguid(), cryptographyService.publicKeyToBytes(attestedCredentialData.getPublicKeyObject())); - authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); - final AuthenticatorDetail authenticatorDetailResponse = authenticatorProvider.storeAuthenticator(requestObject.getApplicationId(), challenge.getChallenge(), authenticatorOptional.get()); + final AuthenticatorDetail authenticator = registrationConverter.convert(challenge, requestObject, model, cryptographyService.publicKeyToBytes(attestedCredentialData.getPublicKeyObject())) + .orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); + final AuthenticatorDetail authenticatorDetailResponse = authenticatorProvider.storeAuthenticator(requestObject.getApplicationId(), challenge.getChallenge(), authenticator); return registrationConverter.convertRegistrationResponse(authenticatorDetailResponse); } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/model/Fido2Authenticator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/model/Fido2Authenticator.java new file mode 100644 index 000000000..ecc2dfe6c --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/model/Fido2Authenticator.java @@ -0,0 +1,50 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.service.model; + +import com.wultra.security.powerauth.client.model.enumeration.SignatureType; + +import java.util.Objects; +import java.util.UUID; + +/** + * FIDO2 Authenticator details model. + * + * @author Jan Pesek, jan.pesek@wultra.com + */ +public record Fido2Authenticator( + UUID aaguid, + String description, + SignatureType signatureType +) { + + @Override + public boolean equals(final Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + final Fido2Authenticator that = (Fido2Authenticator) o; + return Objects.equals(aaguid, that.aaguid); + } + + @Override + public int hashCode() { + return Objects.hash(aaguid); + } + +} diff --git a/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java b/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java new file mode 100644 index 000000000..790dbf82d --- /dev/null +++ b/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java @@ -0,0 +1,97 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.service; + +import com.wultra.powerauth.fido2.database.entity.Fido2AuthenticatorEntity; +import com.wultra.powerauth.fido2.database.repository.Fido2AuthenticatorRepository; +import com.wultra.powerauth.fido2.service.model.Fido2Authenticator; +import com.wultra.security.powerauth.client.model.enumeration.SignatureType; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.junit.jupiter.MockitoExtension; + +import java.nio.ByteBuffer; +import java.util.Optional; +import java.util.UUID; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.mockito.Mockito.when; + +/** + * Test of {@link Fido2AuthenticatorService} + * + * @author Jan Pesek, jan.pesek@wultra.com + */ +@ExtendWith(MockitoExtension.class) +class Fido2AuthenticatorServiceTest { + + @Mock + private Fido2AuthenticatorRepository fido2AuthenticatorRepository; + + @InjectMocks + private Fido2AuthenticatorService tested; + + @Test + void testFindByAaguid() { + final UUID aaguid = UUID.randomUUID(); + final Fido2AuthenticatorEntity entity = new Fido2AuthenticatorEntity(); + entity.setAaguid(aaguid.toString()); + entity.setDescription("My FIDO2 Authenticator"); + entity.setSignatureType(SignatureType.POSSESSION); + + when(fido2AuthenticatorRepository.findById(aaguid.toString())) + .thenReturn(Optional.of(entity)); + + final Fido2Authenticator authenticator = tested.findByAaguid(toBytes(aaguid)); + assertEquals(aaguid, authenticator.aaguid()); + assertEquals("My FIDO2 Authenticator", authenticator.description()); + assertEquals(SignatureType.POSSESSION, authenticator.signatureType()); + } + + @Test + void testFindByAaguid_unknown() { + final UUID aaguid = UUID.randomUUID(); + when(fido2AuthenticatorRepository.findById(aaguid.toString())) + .thenReturn(Optional.empty()); + + final Fido2Authenticator authenticator = tested.findByAaguid(toBytes(aaguid)); + assertEquals(aaguid, authenticator.aaguid()); + assertEquals("Unknown FIDO2 Authenticator", authenticator.description()); + assertEquals(SignatureType.POSSESSION, authenticator.signatureType()); + } + + @Test + void testFindByAaguid_missingAaguid() { + final Fido2Authenticator authenticator = tested.findByAaguid(null); + assertNull(authenticator.aaguid()); + assertEquals("Unknown FIDO2 Authenticator", authenticator.description()); + assertEquals(SignatureType.POSSESSION, authenticator.signatureType()); + } + + private static byte[] toBytes(final UUID aaguid) { + ByteBuffer bb = ByteBuffer.wrap(new byte[16]); + bb.putLong(aaguid.getMostSignificantBits()); + bb.putLong(aaguid.getLeastSignificantBits()); + return bb.array(); + } + +} diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/Application.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/Application.java index 911ae0ea1..fb8bb41cd 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/Application.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/Application.java @@ -21,7 +21,10 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.autoconfigure.domain.EntityScan; import org.springframework.boot.context.properties.ConfigurationPropertiesScan; +import org.springframework.cache.annotation.EnableCaching; +import org.springframework.data.jpa.repository.config.EnableJpaRepositories; import org.springframework.scheduling.annotation.EnableScheduling; import java.security.Security; @@ -33,8 +36,11 @@ */ @SpringBootApplication @EnableScheduling +@EnableCaching @EnableSchedulerLock(defaultLockAtMostFor = "10m") @ConfigurationPropertiesScan +@EnableJpaRepositories(basePackages = {"io.getlime.security.powerauth.app.server", "com.wultra.powerauth.fido2"}) +@EntityScan(basePackages = {"io.getlime.security.powerauth.app.server", "com.wultra.powerauth.fido2"}) public class Application { static { diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index b304c466d..ee75f6772 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -24,6 +24,7 @@ import com.wultra.powerauth.fido2.rest.model.converter.AssertionChallengeConverter; import com.wultra.powerauth.fido2.rest.model.entity.*; import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; +import com.wultra.powerauth.fido2.service.Fido2AuthenticatorService; import com.wultra.powerauth.fido2.service.provider.AssertionProvider; import com.wultra.security.powerauth.client.model.entity.KeyValue; import com.wultra.security.powerauth.client.model.enumeration.OperationStatus; @@ -73,14 +74,16 @@ public class PowerAuthAssertionProvider implements AssertionProvider { private final AssertionChallengeConverter assertionChallengeConverter; private final AuditingServiceBehavior audit; private final PowerAuthAuthenticatorProvider authenticatorProvider; + private final Fido2AuthenticatorService fido2AuthenticatorService; @Autowired - public PowerAuthAssertionProvider(ServiceBehaviorCatalogue serviceBehaviorCatalogue, RepositoryCatalogue repositoryCatalogue, AssertionChallengeConverter assertionChallengeConverter, AuditingServiceBehavior audit, PowerAuthAuthenticatorProvider authenticatorProvider) { + public PowerAuthAssertionProvider(ServiceBehaviorCatalogue serviceBehaviorCatalogue, RepositoryCatalogue repositoryCatalogue, AssertionChallengeConverter assertionChallengeConverter, AuditingServiceBehavior audit, PowerAuthAuthenticatorProvider authenticatorProvider, Fido2AuthenticatorService fido2AuthenticatorService) { this.serviceBehaviorCatalogue = serviceBehaviorCatalogue; this.repositoryCatalogue = repositoryCatalogue; this.assertionChallengeConverter = assertionChallengeConverter; this.audit = audit; this.authenticatorProvider = authenticatorProvider; + this.fido2AuthenticatorService = fido2AuthenticatorService; } @Override @@ -288,7 +291,7 @@ private SignatureType supportedSignatureType(AuthenticatorDetail authenticatorDe final String aaguidBase64 = (String) authenticatorDetail.getExtras().get("aaguid"); if (aaguidBase64 != null) { final byte[] aaguid = Base64.getDecoder().decode(aaguidBase64); - return userVerified ? Fido2Authenticators.modelByAaguid(aaguid).signatureType() : SignatureType.POSSESSION; + return userVerified ? fido2AuthenticatorService.findByAaguid(aaguid).signatureType() : SignatureType.POSSESSION; } else { return SignatureType.POSSESSION; } diff --git a/powerauth-java-server/src/main/resources/application-dev.properties b/powerauth-java-server/src/main/resources/application-dev.properties index 524c75a0d..60c72a7fc 100644 --- a/powerauth-java-server/src/main/resources/application-dev.properties +++ b/powerauth-java-server/src/main/resources/application-dev.properties @@ -1,3 +1,5 @@ # Liquibase spring.liquibase.enabled=true spring.liquibase.change-log=classpath:db/changelog/db.changelog-module.xml + +powerauth.service.scheduled.job.fido2AuthenticatorCacheEviction=60000 diff --git a/powerauth-java-server/src/main/resources/application.properties b/powerauth-java-server/src/main/resources/application.properties index 7a6157e5c..7808da73b 100644 --- a/powerauth-java-server/src/main/resources/application.properties +++ b/powerauth-java-server/src/main/resources/application.properties @@ -83,6 +83,7 @@ powerauth.service.scheduled.job.operationCleanup=5000 powerauth.service.scheduled.job.activationsCleanup=5000 powerauth.service.scheduled.job.activationsCleanup.lookBackInMilliseconds=3600000 powerauth.service.scheduled.job.uniqueValueCleanup=60000 +powerauth.service.scheduled.job.fido2AuthenticatorCacheEviction=3600000 # Database Lock Timeout Configuration spring.jpa.properties.jakarta.persistence.lock.timeout=10000 From 8ab18178b44cf80a97f954f04a9c12fc8fab7bf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= Date: Mon, 18 Mar 2024 17:01:55 +0100 Subject: [PATCH 123/146] Fix #1410: Swagger not shown correctly (#1411) --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 071e2dd39..23312dafa 100644 --- a/pom.xml +++ b/pom.xml @@ -93,7 +93,7 @@ 3.0.12 - 2.4.0 + 2.3.0 2.2.20 From 84e7ebc53158b42df8f32c62cf25fd0c9e8f3ade Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Tue, 19 Mar 2024 20:15:18 +0800 Subject: [PATCH 124/146] Fix #1413: FIDO2: Unify AAGUID format (#1416) --- .../converter/RegistrationConverter.java | 22 ++++++++++++------- .../service/Fido2AuthenticatorService.java | 18 ++++----------- .../fido2/service/RegistrationService.java | 2 +- .../Fido2AuthenticatorServiceTest.java | 11 ++-------- .../model/entity/ActivationRecordEntity.java | 2 +- .../fido2/PowerAuthAssertionProvider.java | 7 +++--- 6 files changed, 25 insertions(+), 37 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java index f55eac03c..a2bef66e8 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/RegistrationConverter.java @@ -24,17 +24,14 @@ import com.wultra.powerauth.fido2.rest.model.entity.RegistrationChallenge; import com.wultra.powerauth.fido2.rest.model.request.RegistrationRequest; import com.wultra.powerauth.fido2.rest.model.response.RegistrationResponse; -import com.wultra.powerauth.fido2.service.Fido2AuthenticatorService; import com.wultra.powerauth.fido2.service.model.Fido2Authenticator; import com.wultra.security.powerauth.client.model.enumeration.ActivationStatus; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.Map; -import java.util.Optional; +import java.nio.ByteBuffer; +import java.util.*; /** * Converter class for registration related objects. @@ -46,8 +43,6 @@ @Slf4j public class RegistrationConverter { - private final Fido2AuthenticatorService fido2AuthenticatorService; - /** * Convert registration challenge to authenticator detail. * @param challenge Registration challenge. @@ -113,9 +108,20 @@ private Map convertExtras(RegistrationRequest requestObject) thr params.put("origin", authenticatorParameters.getResponse().getClientDataJSON().getOrigin()); params.put("topOrigin", authenticatorParameters.getResponse().getClientDataJSON().getTopOrigin()); params.put("isCrossOrigin", authenticatorParameters.getResponse().getClientDataJSON().isCrossOrigin()); - params.put("aaguid", authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getAaguid()); + final byte[] aaguidBytes = authenticatorParameters.getResponse().getAttestationObject().getAuthData().getAttestedCredentialData().getAaguid(); + params.put("aaguid", bytesToUUID(aaguidBytes)); params.put("transports", authenticatorParameters.getResponse().getTransports()); return params; } + public UUID bytesToUUID(byte[] bytes) { + if (bytes == null) { + return null; + } + final ByteBuffer byteBuffer = ByteBuffer.wrap(bytes); + long mostSigBits = byteBuffer.getLong(); + long leastSigBits = byteBuffer.getLong(); + return new UUID(mostSigBits, leastSigBits); + } + } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java index 4febe2ae1..445bdddf7 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java @@ -52,14 +52,13 @@ public class Fido2AuthenticatorService { * @return Fido2Authenticator with registered details. */ @Cacheable("fido2-authenticators-cache") - public Fido2Authenticator findByAaguid(final byte[] aaguid) { - final UUID uuid = uuidFromBytes(aaguid); - if (uuid == null) { + public Fido2Authenticator findByAaguid(final UUID aaguid) { + if (aaguid == null) { return unknownAuthenticator(); } - return fido2AuthenticatorRepository.findById(uuid.toString()) + return fido2AuthenticatorRepository.findById(aaguid.toString()) .map(Fido2AuthenticatorService::convert) - .orElseGet(() -> unknownAuthenticator(uuid)); + .orElseGet(() -> unknownAuthenticator(aaguid)); } private static Fido2Authenticator convert(final Fido2AuthenticatorEntity entity) { @@ -74,13 +73,4 @@ private static Fido2Authenticator unknownAuthenticator(final UUID aaguid) { return new Fido2Authenticator(aaguid, UNKNOWN_AUTHENTICATOR_DESCRIPTION, UNKNOWN_AUTHENTICATOR_SIGNATURE_TYPE); } - private static UUID uuidFromBytes(final byte[] bytes) { - if (bytes == null || bytes.length != 16) { // strange byte array length, UUID requires 16 bytes - logger.debug("Invalid byte length provided for UUID: {}", bytes); - return null; - } - final ByteBuffer bb = ByteBuffer.wrap(bytes); - return new UUID(bb.getLong(), bb.getLong()); - } - } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java index 34b6e6b3d..ace308130 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/RegistrationService.java @@ -147,7 +147,7 @@ public RegistrationResponse register(RegistrationRequest requestObject) throws E logger.info("No signature verification on registration"); } - final Fido2Authenticator model = fido2AuthenticatorService.findByAaguid(aaguid); + final Fido2Authenticator model = fido2AuthenticatorService.findByAaguid(registrationConverter.bytesToUUID(aaguid)); final RegistrationChallenge challenge = registrationProvider.findRegistrationChallengeByValue(applicationId, challengeValue); final AuthenticatorDetail authenticator = registrationConverter.convert(challenge, requestObject, model, cryptographyService.publicKeyToBytes(attestedCredentialData.getPublicKeyObject())) .orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); diff --git a/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java b/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java index 790dbf82d..8e14de880 100644 --- a/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java +++ b/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java @@ -61,7 +61,7 @@ void testFindByAaguid() { when(fido2AuthenticatorRepository.findById(aaguid.toString())) .thenReturn(Optional.of(entity)); - final Fido2Authenticator authenticator = tested.findByAaguid(toBytes(aaguid)); + final Fido2Authenticator authenticator = tested.findByAaguid(aaguid); assertEquals(aaguid, authenticator.aaguid()); assertEquals("My FIDO2 Authenticator", authenticator.description()); assertEquals(SignatureType.POSSESSION, authenticator.signatureType()); @@ -73,7 +73,7 @@ void testFindByAaguid_unknown() { when(fido2AuthenticatorRepository.findById(aaguid.toString())) .thenReturn(Optional.empty()); - final Fido2Authenticator authenticator = tested.findByAaguid(toBytes(aaguid)); + final Fido2Authenticator authenticator = tested.findByAaguid(aaguid); assertEquals(aaguid, authenticator.aaguid()); assertEquals("Unknown FIDO2 Authenticator", authenticator.description()); assertEquals(SignatureType.POSSESSION, authenticator.signatureType()); @@ -87,11 +87,4 @@ void testFindByAaguid_missingAaguid() { assertEquals(SignatureType.POSSESSION, authenticator.signatureType()); } - private static byte[] toBytes(final UUID aaguid) { - ByteBuffer bb = ByteBuffer.wrap(new byte[16]); - bb.putLong(aaguid.getMostSignificantBits()); - bb.putLong(aaguid.getLeastSignificantBits()); - return bb.array(); - } - } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ActivationRecordEntity.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ActivationRecordEntity.java index 559cc7c19..a100886c1 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ActivationRecordEntity.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/database/model/entity/ActivationRecordEntity.java @@ -67,7 +67,7 @@ public class ActivationRecordEntity implements Serializable { @Column(name = "activation_name") private String activationName; - @Column(name = "extras") + @Column(name = "extras", columnDefinition = "CLOB") private String extras; @Column(name = "protocol") diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index ee75f6772..dc6b2dd90 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -288,10 +288,9 @@ private void handleStatus(OperationStatus status) throws Fido2AuthenticationFail } private SignatureType supportedSignatureType(AuthenticatorDetail authenticatorDetail, boolean userVerified) { - final String aaguidBase64 = (String) authenticatorDetail.getExtras().get("aaguid"); - if (aaguidBase64 != null) { - final byte[] aaguid = Base64.getDecoder().decode(aaguidBase64); - return userVerified ? fido2AuthenticatorService.findByAaguid(aaguid).signatureType() : SignatureType.POSSESSION; + final String aaguid = (String) authenticatorDetail.getExtras().get("aaguid"); + if (aaguid != null) { + return userVerified ? fido2AuthenticatorService.findByAaguid(UUID.fromString(aaguid)).signatureType() : SignatureType.POSSESSION; } else { return SignatureType.POSSESSION; } From 3620c1fc700fe17236636228b31c12aa4bab639c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20=C5=A0trobl?= Date: Wed, 20 Mar 2024 00:06:11 +0800 Subject: [PATCH 125/146] Fix #1417: FIDO2: Invalid AAGUID format in configuration of fido2_aaguids_allowed (#1418) --- .../fido2/PowerAuthRegistrationProvider.java | 14 +++++++++++++- .../powerauth/fido2/Fido2AuthenticatorTest.java | 4 ++-- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java index a8a315fc0..f63c933c4 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthRegistrationProvider.java @@ -41,10 +41,12 @@ import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import java.nio.ByteBuffer; import java.nio.charset.StandardCharsets; import java.util.Date; import java.util.List; import java.util.Optional; +import java.util.UUID; import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_AAGUIDS; import static com.wultra.powerauth.fido2.rest.model.enumeration.Fido2ConfigKeys.CONFIG_KEY_ALLOWED_ATTESTATION_FMT; @@ -159,7 +161,7 @@ public boolean registrationAllowed(String applicationId, String credentialId, St final GetApplicationConfigRequest configRequest = new GetApplicationConfigRequest(); configRequest.setApplicationId(applicationId); final GetApplicationConfigResponse configResponse = configService.getApplicationConfig(configRequest); - final String aaguidStr = new String(aaguid, StandardCharsets.UTF_8); + final String aaguidStr = bytesToUUID(aaguid).toString(); Optional configFmt = configResponse.getApplicationConfigs().stream() .filter(cfg -> CONFIG_KEY_ALLOWED_ATTESTATION_FMT.equals(cfg.getKey())) .findFirst(); @@ -193,4 +195,14 @@ public boolean registrationAllowed(String applicationId, String credentialId, St return true; } + + private UUID bytesToUUID(byte[] bytes) { + if (bytes == null) { + return null; + } + final ByteBuffer byteBuffer = ByteBuffer.wrap(bytes); + long mostSigBits = byteBuffer.getLong(); + long leastSigBits = byteBuffer.getLong(); + return new UUID(mostSigBits, leastSigBits); + } } diff --git a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java index 7541aac2e..68ffe5152 100644 --- a/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java +++ b/powerauth-java-server/src/test/java/com/wultra/powerauth/fido2/Fido2AuthenticatorTest.java @@ -309,7 +309,7 @@ void packedAuthenticatorInvalidAaguidTest() throws Exception { final CreateApplicationConfigRequest requestCreate = new CreateApplicationConfigRequest(); requestCreate.setApplicationId(APPLICATION_ID); requestCreate.setKey(CONFIG_KEY_ALLOWED_AAGUIDS); - requestCreate.setValues(List.of("\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0001")); + requestCreate.setValues(List.of("00000000-0000-0000-0000-000000000001")); powerAuthService.createApplicationConfig(requestCreate); // Registration should fail @@ -328,7 +328,7 @@ void packedAuthenticatorValidAaguidTest() throws Exception { final CreateApplicationConfigRequest requestCreate = new CreateApplicationConfigRequest(); requestCreate.setApplicationId(APPLICATION_ID); requestCreate.setKey(CONFIG_KEY_ALLOWED_AAGUIDS); - requestCreate.setValues(List.of("\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000")); + requestCreate.setValues(List.of("00000000-0000-0000-0000-000000000000")); powerAuthService.createApplicationConfig(requestCreate); // Registration should succeed From 3079314cb07fab36ce855af9c67cce59f4cac6fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= Date: Fri, 22 Mar 2024 08:45:29 +0100 Subject: [PATCH 126/146] Fix #1414: FIDO2: Default authenticator models (#1415) --- docs/PowerAuth-Server-1.7.0.md | 10 +- .../1.7.x/20240312-fido2-authenticator.xml | 8 - .../powerauth-java-server/1.7.x/aaguids.csv | 81 ------- docs/sql/mssql/migration_1.6.0_1.7.0.sql | 9 - docs/sql/oracle/migration_1.6.0_1.7.0.sql | 163 -------------- docs/sql/postgresql/migration_1.6.0_1.7.0.sql | 7 - .../entity/Fido2DefaultAuthenticators.java | 202 ++++++++++++++++++ .../service/Fido2AuthenticatorService.java | 24 ++- .../service/model/Fido2Authenticator.java | 11 +- .../Fido2AuthenticatorServiceTest.java | 21 +- 10 files changed, 252 insertions(+), 284 deletions(-) delete mode 100644 docs/db/changelog/changesets/powerauth-java-server/1.7.x/aaguids.csv create mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2DefaultAuthenticators.java diff --git a/docs/PowerAuth-Server-1.7.0.md b/docs/PowerAuth-Server-1.7.0.md index 34afad761..31be93d92 100644 --- a/docs/PowerAuth-Server-1.7.0.md +++ b/docs/PowerAuth-Server-1.7.0.md @@ -33,11 +33,9 @@ Following parameters can be configured: - `fido2_aaguids_allowed` - list of allowed AAGUIDs for FIDO2 registration, unset value means all AAGUIDs are allowed - `fido2_root_ca_certs` - list of trusted root CA certificates for certificate validation in PEM format -### New Database Table for FIDO2 Authenticators +### New Database Table for FIDO2 Authenticator Models A new database table `pa_fido2_authenticator` has been added: -- `aaguid` - identifier of the FIDO2 authenticator -- `description` - human-readable description of the FIDO2 authenticator -- `signature_type` - signature type provided by the FIDO2 authenticator - -There are initial data included in this change. +- `aaguid` - identifier of the FIDO2 authenticator model +- `description` - human-readable description of the FIDO2 authenticator model +- `signature_type` - signature type provided by the FIDO2 authenticator model diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml index d52d59191..e28d912a3 100644 --- a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml +++ b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml @@ -43,12 +43,4 @@ - - - Insert initial data to pa_fido2_authenticator table - - - - \ No newline at end of file diff --git a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/aaguids.csv b/docs/db/changelog/changesets/powerauth-java-server/1.7.x/aaguids.csv deleted file mode 100644 index 0dd8efc5b..000000000 --- a/docs/db/changelog/changesets/powerauth-java-server/1.7.x/aaguids.csv +++ /dev/null @@ -1,81 +0,0 @@ -aaguid;description;signature_type -"12ded745-4bed-47d4-abaa-e713f51d6393";"AllinPass FIDO";"POSSESSION" -"b93fd961-f2e6-462f-b122-82002247de78";"Android Authenticator with SafetyNet Attestation";"POSSESSION" -"ad784498-1902-3f54-b99a-10bb7dbd9588";"Apple MacBook Pro 14-inch, 2021";"POSSESSION" -"4ae71336-e44b-39bf-b9d2-752e234818a5";"Apple Passkeys";"POSSESSION" -"d41f5a69-b817-4144-a13c-9ebd6d9254d6";"ATKey.Card CTAP2.0";"POSSESSION" -"e1a96183-5016-4f24-b55b-e3ae23614cc6";"ATKey.Pro CTAP2.0";"POSSESSION" -"e416201b-afeb-41ca-a03d-2281c28322aa";"ATKey.Pro CTAP2.1";"POSSESSION" -"ba76a271-6eb6-4171-874d-b6428dbe3437";"ATKey.ProS";"POSSESSION" -"1c086528-58d5-f211-823c-356786e36140";"Atos CardOS FIDO2";"POSSESSION" -"b6ede29c-3772-412c-8a78-539c1f4c62d2";"BioPass FIDO Plus";"POSSESSION" -"77010bd7-212a-4fc9-b236-d2ca5e9d4084";"BioPass FIDO";"POSSESSION" -"be727034-574a-f799-5c76-0929e0430973";"Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)";"POSSESSION" -"9c835346-796b-4c27-8898-d6032f515cc5";"Cryptnox FIDO2";"POSSESSION" -"454e5346-4944-4ffd-6c93-8e9267193e9a";"Ensurity ThinC";"POSSESSION" -"833b721a-ff5f-4d00-bb2e-bdda3ec01e29";"ePassFIDO K10, A4B, K28";"POSSESSION" -"ee041bce-25e5-4cdb-8f86-897fd6418464";"ePassFIDO K39, NFC, NFC Plus";"POSSESSION" -"5343502d-5343-5343-6172-644649444f32";"ESS Smart Card Inc. Authenticator";"POSSESSION" -"61250591-b2bc-4456-b719-0b17be90bb30";"eWBM eFPA FIDO2 Authenticator";"POSSESSION" -"3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d";"Feitian iePass FIDO Authenticator";"POSSESSION" -"8c97a730-3f7b-41a6-87d6-1e9b62bda6f0";"FIDO Fingerprint Card";"POSSESSION" -"2c0df832-92de-4be1-8412-88a8f074df4a";"FIDO Java Card";"POSSESSION" -"f4c63eff-d26c-4248-801c-3736c7eaa93a";"FIDO KeyPass S3";"POSSESSION" -"9f0d8150-baa5-4c00-9299-ad62c8bb4e87";"GoTrust Idem Card FIDO2 Authenticator";"POSSESSION" -"3b1adb99-0dfe-46fd-90b8-7f7614a4de2a";"GoTrust Idem Key FIDO2 Authenticator";"POSSESSION" -"aeb6569c-f8fb-4950-ac60-24ca2bbe2e52";"HID Crescendo C2300";"POSSESSION" -"54d9fee8-e621-4291-8b18-7157b99c5bec";"HID Crescendo Enabled";"POSSESSION" -"692db549-7ae5-44d5-a1e5-dd20a493b723";"HID Crescendo Key";"POSSESSION" -"3e078ffd-4c54-4586-8baa-a77da113aec5";"Hideez Key 3 FIDO2";"POSSESSION" -"4e768f2c-5fab-48b3-b300-220eb487752b";"Hideez Key 4 FIDO2 SDK";"POSSESSION" -"d821a7d4-e97c-4cb6-bd82-4237731fd4be";"Hyper FIDO Bio Security Key";"POSSESSION" -"9f77e279-a6e2-4d58-b700-31e5943c6a98";"Hyper FIDO Pro";"POSSESSION" -"6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d";"iePass FIDO";"POSSESSION" -"d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3";"KEY-ID FIDO2 Authenticator";"POSSESSION" -"310b2830-bd4a-4da5-832e-9a0dfc90abf2";"MultiPass FIDO";"POSSESSION" -"c5703116-972b-4851-a3e7-ae1259843399";"NEOWAVE Badgeo FIDO2";"POSSESSION" -"3789da91-f943-46bc-95c3-50ea2012f03a";"NEOWAVE Winkeo FIDO2";"POSSESSION" -"07a9f89c-6407-4594-9d56-621d5f1e358b";"NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator";"POSSESSION" -"a1f52be5-dfab-4364-b51c-2bd496b14a56";"OCTATCO EzFinger2 FIDO2 AUTHENTICATOR";"POSSESSION" -"bc2fe499-0d8e-4ffe-96f3-94a82840cf8c";"OCTATCO EzQuant FIDO2 AUTHENTICATOR";"POSSESSION" -"30b5035e-d297-4fc1-b00b-addc96ba6a97";"OneSpan FIDO Touch";"POSSESSION" -"88bbd2f0-342a-42e7-9729-dd158be5407a";"Precision InnaIT Key FIDO 2 Level 2 certified";"POSSESSION" -"149a2021-8ef6-4133-96b8-81f8d5b7f1f5";"Security Key by Yubico with NFC";"POSSESSION" -"6d44ba9b-f6ec-2e49-b930-0c8fe920cb73";"Security Key by Yubico with NFC";"POSSESSION" -"a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa";"Security Key by Yubico with NFC";"POSSESSION" -"b92c3f9a-c014-4056-887f-140a2501163b";"Security Key by Yubico";"POSSESSION" -"f8a011f3-8c0a-4d15-8006-17111f9edc7d";"Security Key by Yubico";"POSSESSION" -"0bb43545-fd2c-4185-87dd-feb0b2916ace";"Security Key NFC by Yubico - Enterprise Edition";"POSSESSION" -"516d3969-5a57-5651-5958-4e7a49434167";"SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)";"POSSESSION" -"8876631b-d4a0-427f-5773-0ec71c9e0279";"Solo Secp256R1 FIDO2 CTAP2 Authenticator";"POSSESSION" -"8976631b-d4a0-427f-5773-0ec71c9e0279";"Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator";"POSSESSION" -"9876631b-d4a0-427f-5773-0ec71c9e0279";"Somu Secp256R1 FIDO2 CTAP2 Authenticator";"POSSESSION" -"931327dd-c89b-406c-a81e-ed7058ef36c6";"Swissbit iShield FIDO2";"POSSESSION" -"efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4";"Thales eToken FIDO";"POSSESSION" -"b50d5e0a-7f81-4959-9b12-f45407407503";"Thales IDPrime MD 3940 FIDO";"POSSESSION" -"ab32f0c6-2239-afbb-c470-d2ef4e254db7";"TOKEN2 FIDO2 Security Key";"POSSESSION" -"95442b2e-f15e-4def-b270-efb106facb4e";"TrustKey G310(H)";"POSSESSION" -"87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c";"TrustKey G320(H)";"POSSESSION" -"da776f39-f6c8-4a89-b252-1d86137a46ba";"TrustKey T110";"POSSESSION" -"e3512a8a-62ae-11ea-bc55-0242ac130003";"TrustKey T120";"POSSESSION" -"73402251-f2a8-4f03-873e-3cb6db604b03";"uTrust FIDO2 Security Key";"POSSESSION" -"39a5647e-1853-446c-a1f6-a79bae9f5bc7";"Vancosys Android Authenticator";"POSSESSION" -"820d89ed-d65a-409e-85cb-f73f0578f82a";"Vancosys iOS Authenticator";"POSSESSION" -"5fdb81b8-53f0-4967-a881-f5ec26fe4d18";"VinCSS FIDO2 Authenticator";"POSSESSION" -"d7a423ad-3e19-4492-9200-78137dccc136";"VivoKey Apex FIDO2";"POSSESSION" -"08987058-cadc-4b81-b6e1-30de50dcbe96";"Windows Hello Hardware Authenticator";"POSSESSION" -"6028b017-b1d4-4c02-b4b3-afcdafc96bb2";"Windows Hello Software Authenticator";"POSSESSION" -"9ddd1817-af5a-4672-a2b9-3e3dd95000a9";"Windows Hello VBS Hardware Authenticator";"POSSESSION" -"504d7149-4e4c-3841-4555-55445a677357";"WiSECURE AuthTron USB FIDO2 Authenticator";"POSSESSION" -"57415531-2e31-4020-a020-323032343032";"Wultra Authenticator 1";"POSSESSION_KNOWLEDGE" -"c1f9a0bc-1dd2-404a-b27f-8e29047a43fd";"YubiKey 5 FIPS Series with NFC";"POSSESSION" -"73bb0cd4-e502-49b8-9c6f-b59445bf720b";"YubiKey 5 FIPS Series";"POSSESSION" -"34f5766d-1536-4a24-9033-0e294e510fb0";"YubiKey 5 Series CTAP2.1 Preview Expired";"POSSESSION" -"2fc0579f-8113-47ea-b116-bb5a8db9202a";"YubiKey 5 Series with NFC";"POSSESSION" -"fa2b99dc-9e39-4257-8f92-4a30d23c4118";"YubiKey 5 Series with NFC";"POSSESSION" -"cb69481e-8ff7-4039-93ec-0a2729a154a8";"YubiKey 5 Series";"POSSESSION" -"ee882879-721c-4913-9775-3dfcce97072a";"YubiKey 5 Series";"POSSESSION" -"85203421-48f9-4355-9bc8-8a53846e5083";"YubiKey 5Ci FIPS";"POSSESSION" -"c5ef55ff-ad9a-4b9f-b580-adebafe026d0";"YubiKey 5Ci";"POSSESSION" -"83c47309-aabb-4108-8470-8be838b573cb";"YubiKey Bio Series (Enterprise Profile)";"POSSESSION" -"d8522d9f-575b-4866-88a9-ba99fa02f35b";"YubiKey Bio Series";"POSSESSION" diff --git a/docs/sql/mssql/migration_1.6.0_1.7.0.sql b/docs/sql/mssql/migration_1.6.0_1.7.0.sql index 538b8f0bb..31355ec25 100644 --- a/docs/sql/mssql/migration_1.6.0_1.7.0.sql +++ b/docs/sql/mssql/migration_1.6.0_1.7.0.sql @@ -32,13 +32,4 @@ GO CREATE TABLE pa_fido2_authenticator (aaguid varchar(255) NOT NULL, description varchar(255) NOT NULL, signature_type varchar(255) NOT NULL, CONSTRAINT PK_PA_FIDO2_AUTHENTICATOR PRIMARY KEY (aaguid)); GO --- Changeset powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml::2::Jan Pesek --- Insert initial data to pa_fido2_authenticator table --- WARNING The following SQL may change each run and therefore is possibly incorrect and/or invalid: -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('12ded745-4bed-47d4-abaa-e713f51d6393', 'AllinPass FIDO', 'POSSESSION'),('b93fd961-f2e6-462f-b122-82002247de78', 'Android Authenticator with SafetyNet Attestation', 'POSSESSION'),('ad784498-1902-3f54-b99a-10bb7dbd9588', 'Apple MacBook Pro 14-inch, 2021', 'POSSESSION'),('4ae71336-e44b-39bf-b9d2-752e234818a5', 'Apple Passkeys', 'POSSESSION'),('d41f5a69-b817-4144-a13c-9ebd6d9254d6', 'ATKey.Card CTAP2.0', 'POSSESSION'),('e1a96183-5016-4f24-b55b-e3ae23614cc6', 'ATKey.Pro CTAP2.0', 'POSSESSION'),('e416201b-afeb-41ca-a03d-2281c28322aa', 'ATKey.Pro CTAP2.1', 'POSSESSION'),('ba76a271-6eb6-4171-874d-b6428dbe3437', 'ATKey.ProS', 'POSSESSION'),('1c086528-58d5-f211-823c-356786e36140', 'Atos CardOS FIDO2', 'POSSESSION'),('b6ede29c-3772-412c-8a78-539c1f4c62d2', 'BioPass FIDO Plus', 'POSSESSION'),('77010bd7-212a-4fc9-b236-d2ca5e9d4084', 'BioPass FIDO', 'POSSESSION'),('be727034-574a-f799-5c76-0929e0430973', 'Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)', 'POSSESSION'),('9c835346-796b-4c27-8898-d6032f515cc5', 'Cryptnox FIDO2', 'POSSESSION'),('454e5346-4944-4ffd-6c93-8e9267193e9a', 'Ensurity ThinC', 'POSSESSION'),('833b721a-ff5f-4d00-bb2e-bdda3ec01e29', 'ePassFIDO K10, A4B, K28', 'POSSESSION'),('ee041bce-25e5-4cdb-8f86-897fd6418464', 'ePassFIDO K39, NFC, NFC Plus', 'POSSESSION'),('5343502d-5343-5343-6172-644649444f32', 'ESS Smart Card Inc. Authenticator', 'POSSESSION'),('61250591-b2bc-4456-b719-0b17be90bb30', 'eWBM eFPA FIDO2 Authenticator', 'POSSESSION'),('3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'Feitian iePass FIDO Authenticator', 'POSSESSION'),('8c97a730-3f7b-41a6-87d6-1e9b62bda6f0', 'FIDO Fingerprint Card', 'POSSESSION'),('2c0df832-92de-4be1-8412-88a8f074df4a', 'FIDO Java Card', 'POSSESSION'),('f4c63eff-d26c-4248-801c-3736c7eaa93a', 'FIDO KeyPass S3', 'POSSESSION'),('9f0d8150-baa5-4c00-9299-ad62c8bb4e87', 'GoTrust Idem Card FIDO2 Authenticator', 'POSSESSION'),('3b1adb99-0dfe-46fd-90b8-7f7614a4de2a', 'GoTrust Idem Key FIDO2 Authenticator', 'POSSESSION'),('aeb6569c-f8fb-4950-ac60-24ca2bbe2e52', 'HID Crescendo C2300', 'POSSESSION'),('54d9fee8-e621-4291-8b18-7157b99c5bec', 'HID Crescendo Enabled', 'POSSESSION'),('692db549-7ae5-44d5-a1e5-dd20a493b723', 'HID Crescendo Key', 'POSSESSION'),('3e078ffd-4c54-4586-8baa-a77da113aec5', 'Hideez Key 3 FIDO2', 'POSSESSION'),('4e768f2c-5fab-48b3-b300-220eb487752b', 'Hideez Key 4 FIDO2 SDK', 'POSSESSION'),('d821a7d4-e97c-4cb6-bd82-4237731fd4be', 'Hyper FIDO Bio Security Key', 'POSSESSION'),('9f77e279-a6e2-4d58-b700-31e5943c6a98', 'Hyper FIDO Pro', 'POSSESSION'),('6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'iePass FIDO', 'POSSESSION'),('d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3', 'KEY-ID FIDO2 Authenticator', 'POSSESSION'),('310b2830-bd4a-4da5-832e-9a0dfc90abf2', 'MultiPass FIDO', 'POSSESSION'),('c5703116-972b-4851-a3e7-ae1259843399', 'NEOWAVE Badgeo FIDO2', 'POSSESSION'),('3789da91-f943-46bc-95c3-50ea2012f03a', 'NEOWAVE Winkeo FIDO2', 'POSSESSION'),('07a9f89c-6407-4594-9d56-621d5f1e358b', 'NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator', 'POSSESSION'),('a1f52be5-dfab-4364-b51c-2bd496b14a56', 'OCTATCO EzFinger2 FIDO2 AUTHENTICATOR', 'POSSESSION'),('bc2fe499-0d8e-4ffe-96f3-94a82840cf8c', 'OCTATCO EzQuant FIDO2 AUTHENTICATOR', 'POSSESSION'),('30b5035e-d297-4fc1-b00b-addc96ba6a97', 'OneSpan FIDO Touch', 'POSSESSION'),('88bbd2f0-342a-42e7-9729-dd158be5407a', 'Precision InnaIT Key FIDO 2 Level 2 certified', 'POSSESSION'),('149a2021-8ef6-4133-96b8-81f8d5b7f1f5', 'Security Key by Yubico with NFC', 'POSSESSION'),('6d44ba9b-f6ec-2e49-b930-0c8fe920cb73', 'Security Key by Yubico with NFC', 'POSSESSION'),('a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa', 'Security Key by Yubico with NFC', 'POSSESSION'),('b92c3f9a-c014-4056-887f-140a2501163b', 'Security Key by Yubico', 'POSSESSION'),('f8a011f3-8c0a-4d15-8006-17111f9edc7d', 'Security Key by Yubico', 'POSSESSION'),('0bb43545-fd2c-4185-87dd-feb0b2916ace', 'Security Key NFC by Yubico - Enterprise Edition', 'POSSESSION'),('516d3969-5a57-5651-5958-4e7a49434167', 'SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)', 'POSSESSION'),('8876631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'),('8976631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'),('9876631b-d4a0-427f-5773-0ec71c9e0279', 'Somu Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'); -GO - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('931327dd-c89b-406c-a81e-ed7058ef36c6', 'Swissbit iShield FIDO2', 'POSSESSION'),('efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4', 'Thales eToken FIDO', 'POSSESSION'),('b50d5e0a-7f81-4959-9b12-f45407407503', 'Thales IDPrime MD 3940 FIDO', 'POSSESSION'),('ab32f0c6-2239-afbb-c470-d2ef4e254db7', 'TOKEN2 FIDO2 Security Key', 'POSSESSION'),('95442b2e-f15e-4def-b270-efb106facb4e', 'TrustKey G310(H)', 'POSSESSION'),('87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c', 'TrustKey G320(H)', 'POSSESSION'),('da776f39-f6c8-4a89-b252-1d86137a46ba', 'TrustKey T110', 'POSSESSION'),('e3512a8a-62ae-11ea-bc55-0242ac130003', 'TrustKey T120', 'POSSESSION'),('73402251-f2a8-4f03-873e-3cb6db604b03', 'uTrust FIDO2 Security Key', 'POSSESSION'),('39a5647e-1853-446c-a1f6-a79bae9f5bc7', 'Vancosys Android Authenticator', 'POSSESSION'),('820d89ed-d65a-409e-85cb-f73f0578f82a', 'Vancosys iOS Authenticator', 'POSSESSION'),('5fdb81b8-53f0-4967-a881-f5ec26fe4d18', 'VinCSS FIDO2 Authenticator', 'POSSESSION'),('d7a423ad-3e19-4492-9200-78137dccc136', 'VivoKey Apex FIDO2', 'POSSESSION'),('08987058-cadc-4b81-b6e1-30de50dcbe96', 'Windows Hello Hardware Authenticator', 'POSSESSION'),('6028b017-b1d4-4c02-b4b3-afcdafc96bb2', 'Windows Hello Software Authenticator', 'POSSESSION'),('9ddd1817-af5a-4672-a2b9-3e3dd95000a9', 'Windows Hello VBS Hardware Authenticator', 'POSSESSION'),('504d7149-4e4c-3841-4555-55445a677357', 'WiSECURE AuthTron USB FIDO2 Authenticator', 'POSSESSION'),('57415531-2e31-4020-a020-323032343032', 'Wultra Authenticator 1', 'POSSESSION_KNOWLEDGE'),('c1f9a0bc-1dd2-404a-b27f-8e29047a43fd', 'YubiKey 5 FIPS Series with NFC', 'POSSESSION'),('73bb0cd4-e502-49b8-9c6f-b59445bf720b', 'YubiKey 5 FIPS Series', 'POSSESSION'),('34f5766d-1536-4a24-9033-0e294e510fb0', 'YubiKey 5 Series CTAP2.1 Preview Expired', 'POSSESSION'),('2fc0579f-8113-47ea-b116-bb5a8db9202a', 'YubiKey 5 Series with NFC', 'POSSESSION'),('fa2b99dc-9e39-4257-8f92-4a30d23c4118', 'YubiKey 5 Series with NFC', 'POSSESSION'),('cb69481e-8ff7-4039-93ec-0a2729a154a8', 'YubiKey 5 Series', 'POSSESSION'),('ee882879-721c-4913-9775-3dfcce97072a', 'YubiKey 5 Series', 'POSSESSION'),('85203421-48f9-4355-9bc8-8a53846e5083', 'YubiKey 5Ci FIPS', 'POSSESSION'),('c5ef55ff-ad9a-4b9f-b580-adebafe026d0', 'YubiKey 5Ci', 'POSSESSION'),('83c47309-aabb-4108-8470-8be838b573cb', 'YubiKey Bio Series (Enterprise Profile)', 'POSSESSION'),('d8522d9f-575b-4866-88a9-ba99fa02f35b', 'YubiKey Bio Series', 'POSSESSION'); -GO - -- Changeset powerauth-java-server/1.7.x/20240222-add-tag-1.7.0.xml::1::Lubos Racansky diff --git a/docs/sql/oracle/migration_1.6.0_1.7.0.sql b/docs/sql/oracle/migration_1.6.0_1.7.0.sql index 79acc7aac..94bddbd38 100644 --- a/docs/sql/oracle/migration_1.6.0_1.7.0.sql +++ b/docs/sql/oracle/migration_1.6.0_1.7.0.sql @@ -25,167 +25,4 @@ CREATE SEQUENCE pa_app_conf_seq START WITH 1 INCREMENT BY 1 CACHE 20; -- Create a new table pa_fido2_authenticator CREATE TABLE pa_fido2_authenticator (aaguid VARCHAR2(255) NOT NULL, description VARCHAR2(255) NOT NULL, signature_type VARCHAR2(255) NOT NULL, CONSTRAINT PK_PA_FIDO2_AUTHENTICATOR PRIMARY KEY (aaguid)); --- Changeset powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml::2::Jan Pesek --- Insert initial data to pa_fido2_authenticator table --- WARNING The following SQL may change each run and therefore is possibly incorrect and/or invalid: -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('12ded745-4bed-47d4-abaa-e713f51d6393', 'AllinPass FIDO', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('b93fd961-f2e6-462f-b122-82002247de78', 'Android Authenticator with SafetyNet Attestation', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('ad784498-1902-3f54-b99a-10bb7dbd9588', 'Apple MacBook Pro 14-inch, 2021', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('4ae71336-e44b-39bf-b9d2-752e234818a5', 'Apple Passkeys', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('d41f5a69-b817-4144-a13c-9ebd6d9254d6', 'ATKey.Card CTAP2.0', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('e1a96183-5016-4f24-b55b-e3ae23614cc6', 'ATKey.Pro CTAP2.0', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('e416201b-afeb-41ca-a03d-2281c28322aa', 'ATKey.Pro CTAP2.1', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('ba76a271-6eb6-4171-874d-b6428dbe3437', 'ATKey.ProS', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('1c086528-58d5-f211-823c-356786e36140', 'Atos CardOS FIDO2', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('b6ede29c-3772-412c-8a78-539c1f4c62d2', 'BioPass FIDO Plus', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('77010bd7-212a-4fc9-b236-d2ca5e9d4084', 'BioPass FIDO', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('be727034-574a-f799-5c76-0929e0430973', 'Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('9c835346-796b-4c27-8898-d6032f515cc5', 'Cryptnox FIDO2', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('454e5346-4944-4ffd-6c93-8e9267193e9a', 'Ensurity ThinC', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('833b721a-ff5f-4d00-bb2e-bdda3ec01e29', 'ePassFIDO K10, A4B, K28', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('ee041bce-25e5-4cdb-8f86-897fd6418464', 'ePassFIDO K39, NFC, NFC Plus', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('5343502d-5343-5343-6172-644649444f32', 'ESS Smart Card Inc. Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('61250591-b2bc-4456-b719-0b17be90bb30', 'eWBM eFPA FIDO2 Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'Feitian iePass FIDO Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('8c97a730-3f7b-41a6-87d6-1e9b62bda6f0', 'FIDO Fingerprint Card', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('2c0df832-92de-4be1-8412-88a8f074df4a', 'FIDO Java Card', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('f4c63eff-d26c-4248-801c-3736c7eaa93a', 'FIDO KeyPass S3', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('9f0d8150-baa5-4c00-9299-ad62c8bb4e87', 'GoTrust Idem Card FIDO2 Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('3b1adb99-0dfe-46fd-90b8-7f7614a4de2a', 'GoTrust Idem Key FIDO2 Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('aeb6569c-f8fb-4950-ac60-24ca2bbe2e52', 'HID Crescendo C2300', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('54d9fee8-e621-4291-8b18-7157b99c5bec', 'HID Crescendo Enabled', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('692db549-7ae5-44d5-a1e5-dd20a493b723', 'HID Crescendo Key', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('3e078ffd-4c54-4586-8baa-a77da113aec5', 'Hideez Key 3 FIDO2', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('4e768f2c-5fab-48b3-b300-220eb487752b', 'Hideez Key 4 FIDO2 SDK', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('d821a7d4-e97c-4cb6-bd82-4237731fd4be', 'Hyper FIDO Bio Security Key', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('9f77e279-a6e2-4d58-b700-31e5943c6a98', 'Hyper FIDO Pro', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'iePass FIDO', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3', 'KEY-ID FIDO2 Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('310b2830-bd4a-4da5-832e-9a0dfc90abf2', 'MultiPass FIDO', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('c5703116-972b-4851-a3e7-ae1259843399', 'NEOWAVE Badgeo FIDO2', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('3789da91-f943-46bc-95c3-50ea2012f03a', 'NEOWAVE Winkeo FIDO2', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('07a9f89c-6407-4594-9d56-621d5f1e358b', 'NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('a1f52be5-dfab-4364-b51c-2bd496b14a56', 'OCTATCO EzFinger2 FIDO2 AUTHENTICATOR', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('bc2fe499-0d8e-4ffe-96f3-94a82840cf8c', 'OCTATCO EzQuant FIDO2 AUTHENTICATOR', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('30b5035e-d297-4fc1-b00b-addc96ba6a97', 'OneSpan FIDO Touch', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('88bbd2f0-342a-42e7-9729-dd158be5407a', 'Precision InnaIT Key FIDO 2 Level 2 certified', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('149a2021-8ef6-4133-96b8-81f8d5b7f1f5', 'Security Key by Yubico with NFC', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('6d44ba9b-f6ec-2e49-b930-0c8fe920cb73', 'Security Key by Yubico with NFC', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa', 'Security Key by Yubico with NFC', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('b92c3f9a-c014-4056-887f-140a2501163b', 'Security Key by Yubico', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('f8a011f3-8c0a-4d15-8006-17111f9edc7d', 'Security Key by Yubico', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('0bb43545-fd2c-4185-87dd-feb0b2916ace', 'Security Key NFC by Yubico - Enterprise Edition', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('516d3969-5a57-5651-5958-4e7a49434167', 'SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('8876631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('8976631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('9876631b-d4a0-427f-5773-0ec71c9e0279', 'Somu Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('931327dd-c89b-406c-a81e-ed7058ef36c6', 'Swissbit iShield FIDO2', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4', 'Thales eToken FIDO', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('b50d5e0a-7f81-4959-9b12-f45407407503', 'Thales IDPrime MD 3940 FIDO', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('ab32f0c6-2239-afbb-c470-d2ef4e254db7', 'TOKEN2 FIDO2 Security Key', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('95442b2e-f15e-4def-b270-efb106facb4e', 'TrustKey G310(H)', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c', 'TrustKey G320(H)', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('da776f39-f6c8-4a89-b252-1d86137a46ba', 'TrustKey T110', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('e3512a8a-62ae-11ea-bc55-0242ac130003', 'TrustKey T120', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('73402251-f2a8-4f03-873e-3cb6db604b03', 'uTrust FIDO2 Security Key', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('39a5647e-1853-446c-a1f6-a79bae9f5bc7', 'Vancosys Android Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('820d89ed-d65a-409e-85cb-f73f0578f82a', 'Vancosys iOS Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('5fdb81b8-53f0-4967-a881-f5ec26fe4d18', 'VinCSS FIDO2 Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('d7a423ad-3e19-4492-9200-78137dccc136', 'VivoKey Apex FIDO2', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('08987058-cadc-4b81-b6e1-30de50dcbe96', 'Windows Hello Hardware Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('6028b017-b1d4-4c02-b4b3-afcdafc96bb2', 'Windows Hello Software Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('9ddd1817-af5a-4672-a2b9-3e3dd95000a9', 'Windows Hello VBS Hardware Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('504d7149-4e4c-3841-4555-55445a677357', 'WiSECURE AuthTron USB FIDO2 Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('57415531-2e31-4020-a020-323032343032', 'Wultra Authenticator 1', 'POSSESSION_KNOWLEDGE'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('c1f9a0bc-1dd2-404a-b27f-8e29047a43fd', 'YubiKey 5 FIPS Series with NFC', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('73bb0cd4-e502-49b8-9c6f-b59445bf720b', 'YubiKey 5 FIPS Series', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('34f5766d-1536-4a24-9033-0e294e510fb0', 'YubiKey 5 Series CTAP2.1 Preview Expired', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('2fc0579f-8113-47ea-b116-bb5a8db9202a', 'YubiKey 5 Series with NFC', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('fa2b99dc-9e39-4257-8f92-4a30d23c4118', 'YubiKey 5 Series with NFC', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('cb69481e-8ff7-4039-93ec-0a2729a154a8', 'YubiKey 5 Series', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('ee882879-721c-4913-9775-3dfcce97072a', 'YubiKey 5 Series', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('85203421-48f9-4355-9bc8-8a53846e5083', 'YubiKey 5Ci FIPS', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('c5ef55ff-ad9a-4b9f-b580-adebafe026d0', 'YubiKey 5Ci', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('83c47309-aabb-4108-8470-8be838b573cb', 'YubiKey Bio Series (Enterprise Profile)', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('d8522d9f-575b-4866-88a9-ba99fa02f35b', 'YubiKey Bio Series', 'POSSESSION'); - -- Changeset powerauth-java-server/1.7.x/20240222-add-tag-1.7.0.xml::1::Lubos Racansky diff --git a/docs/sql/postgresql/migration_1.6.0_1.7.0.sql b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql index 0cfbec1e8..29d852eea 100644 --- a/docs/sql/postgresql/migration_1.6.0_1.7.0.sql +++ b/docs/sql/postgresql/migration_1.6.0_1.7.0.sql @@ -25,11 +25,4 @@ CREATE SEQUENCE IF NOT EXISTS pa_app_conf_seq START WITH 1 INCREMENT BY 1 CACHE -- Create a new table pa_fido2_authenticator CREATE TABLE pa_fido2_authenticator (aaguid VARCHAR(255) NOT NULL, description VARCHAR(255) NOT NULL, signature_type VARCHAR(255) NOT NULL, CONSTRAINT pa_fido2_authenticator_pkey PRIMARY KEY (aaguid)); --- Changeset powerauth-java-server/1.7.x/20240312-fido2-authenticator.xml::2::Jan Pesek --- Insert initial data to pa_fido2_authenticator table --- WARNING The following SQL may change each run and therefore is possibly incorrect and/or invalid: -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('12ded745-4bed-47d4-abaa-e713f51d6393', 'AllinPass FIDO', 'POSSESSION'),('b93fd961-f2e6-462f-b122-82002247de78', 'Android Authenticator with SafetyNet Attestation', 'POSSESSION'),('ad784498-1902-3f54-b99a-10bb7dbd9588', 'Apple MacBook Pro 14-inch, 2021', 'POSSESSION'),('4ae71336-e44b-39bf-b9d2-752e234818a5', 'Apple Passkeys', 'POSSESSION'),('d41f5a69-b817-4144-a13c-9ebd6d9254d6', 'ATKey.Card CTAP2.0', 'POSSESSION'),('e1a96183-5016-4f24-b55b-e3ae23614cc6', 'ATKey.Pro CTAP2.0', 'POSSESSION'),('e416201b-afeb-41ca-a03d-2281c28322aa', 'ATKey.Pro CTAP2.1', 'POSSESSION'),('ba76a271-6eb6-4171-874d-b6428dbe3437', 'ATKey.ProS', 'POSSESSION'),('1c086528-58d5-f211-823c-356786e36140', 'Atos CardOS FIDO2', 'POSSESSION'),('b6ede29c-3772-412c-8a78-539c1f4c62d2', 'BioPass FIDO Plus', 'POSSESSION'),('77010bd7-212a-4fc9-b236-d2ca5e9d4084', 'BioPass FIDO', 'POSSESSION'),('be727034-574a-f799-5c76-0929e0430973', 'Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)', 'POSSESSION'),('9c835346-796b-4c27-8898-d6032f515cc5', 'Cryptnox FIDO2', 'POSSESSION'),('454e5346-4944-4ffd-6c93-8e9267193e9a', 'Ensurity ThinC', 'POSSESSION'),('833b721a-ff5f-4d00-bb2e-bdda3ec01e29', 'ePassFIDO K10, A4B, K28', 'POSSESSION'),('ee041bce-25e5-4cdb-8f86-897fd6418464', 'ePassFIDO K39, NFC, NFC Plus', 'POSSESSION'),('5343502d-5343-5343-6172-644649444f32', 'ESS Smart Card Inc. Authenticator', 'POSSESSION'),('61250591-b2bc-4456-b719-0b17be90bb30', 'eWBM eFPA FIDO2 Authenticator', 'POSSESSION'),('3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'Feitian iePass FIDO Authenticator', 'POSSESSION'),('8c97a730-3f7b-41a6-87d6-1e9b62bda6f0', 'FIDO Fingerprint Card', 'POSSESSION'),('2c0df832-92de-4be1-8412-88a8f074df4a', 'FIDO Java Card', 'POSSESSION'),('f4c63eff-d26c-4248-801c-3736c7eaa93a', 'FIDO KeyPass S3', 'POSSESSION'),('9f0d8150-baa5-4c00-9299-ad62c8bb4e87', 'GoTrust Idem Card FIDO2 Authenticator', 'POSSESSION'),('3b1adb99-0dfe-46fd-90b8-7f7614a4de2a', 'GoTrust Idem Key FIDO2 Authenticator', 'POSSESSION'),('aeb6569c-f8fb-4950-ac60-24ca2bbe2e52', 'HID Crescendo C2300', 'POSSESSION'),('54d9fee8-e621-4291-8b18-7157b99c5bec', 'HID Crescendo Enabled', 'POSSESSION'),('692db549-7ae5-44d5-a1e5-dd20a493b723', 'HID Crescendo Key', 'POSSESSION'),('3e078ffd-4c54-4586-8baa-a77da113aec5', 'Hideez Key 3 FIDO2', 'POSSESSION'),('4e768f2c-5fab-48b3-b300-220eb487752b', 'Hideez Key 4 FIDO2 SDK', 'POSSESSION'),('d821a7d4-e97c-4cb6-bd82-4237731fd4be', 'Hyper FIDO Bio Security Key', 'POSSESSION'),('9f77e279-a6e2-4d58-b700-31e5943c6a98', 'Hyper FIDO Pro', 'POSSESSION'),('6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d', 'iePass FIDO', 'POSSESSION'),('d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3', 'KEY-ID FIDO2 Authenticator', 'POSSESSION'),('310b2830-bd4a-4da5-832e-9a0dfc90abf2', 'MultiPass FIDO', 'POSSESSION'),('c5703116-972b-4851-a3e7-ae1259843399', 'NEOWAVE Badgeo FIDO2', 'POSSESSION'),('3789da91-f943-46bc-95c3-50ea2012f03a', 'NEOWAVE Winkeo FIDO2', 'POSSESSION'),('07a9f89c-6407-4594-9d56-621d5f1e358b', 'NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator', 'POSSESSION'),('a1f52be5-dfab-4364-b51c-2bd496b14a56', 'OCTATCO EzFinger2 FIDO2 AUTHENTICATOR', 'POSSESSION'),('bc2fe499-0d8e-4ffe-96f3-94a82840cf8c', 'OCTATCO EzQuant FIDO2 AUTHENTICATOR', 'POSSESSION'),('30b5035e-d297-4fc1-b00b-addc96ba6a97', 'OneSpan FIDO Touch', 'POSSESSION'),('88bbd2f0-342a-42e7-9729-dd158be5407a', 'Precision InnaIT Key FIDO 2 Level 2 certified', 'POSSESSION'),('149a2021-8ef6-4133-96b8-81f8d5b7f1f5', 'Security Key by Yubico with NFC', 'POSSESSION'),('6d44ba9b-f6ec-2e49-b930-0c8fe920cb73', 'Security Key by Yubico with NFC', 'POSSESSION'),('a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa', 'Security Key by Yubico with NFC', 'POSSESSION'),('b92c3f9a-c014-4056-887f-140a2501163b', 'Security Key by Yubico', 'POSSESSION'),('f8a011f3-8c0a-4d15-8006-17111f9edc7d', 'Security Key by Yubico', 'POSSESSION'),('0bb43545-fd2c-4185-87dd-feb0b2916ace', 'Security Key NFC by Yubico - Enterprise Edition', 'POSSESSION'),('516d3969-5a57-5651-5958-4e7a49434167', 'SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)', 'POSSESSION'),('8876631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'),('8976631b-d4a0-427f-5773-0ec71c9e0279', 'Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'),('9876631b-d4a0-427f-5773-0ec71c9e0279', 'Somu Secp256R1 FIDO2 CTAP2 Authenticator', 'POSSESSION'); - -INSERT INTO pa_fido2_authenticator (aaguid, description, signature_type) VALUES ('931327dd-c89b-406c-a81e-ed7058ef36c6', 'Swissbit iShield FIDO2', 'POSSESSION'),('efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4', 'Thales eToken FIDO', 'POSSESSION'),('b50d5e0a-7f81-4959-9b12-f45407407503', 'Thales IDPrime MD 3940 FIDO', 'POSSESSION'),('ab32f0c6-2239-afbb-c470-d2ef4e254db7', 'TOKEN2 FIDO2 Security Key', 'POSSESSION'),('95442b2e-f15e-4def-b270-efb106facb4e', 'TrustKey G310(H)', 'POSSESSION'),('87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c', 'TrustKey G320(H)', 'POSSESSION'),('da776f39-f6c8-4a89-b252-1d86137a46ba', 'TrustKey T110', 'POSSESSION'),('e3512a8a-62ae-11ea-bc55-0242ac130003', 'TrustKey T120', 'POSSESSION'),('73402251-f2a8-4f03-873e-3cb6db604b03', 'uTrust FIDO2 Security Key', 'POSSESSION'),('39a5647e-1853-446c-a1f6-a79bae9f5bc7', 'Vancosys Android Authenticator', 'POSSESSION'),('820d89ed-d65a-409e-85cb-f73f0578f82a', 'Vancosys iOS Authenticator', 'POSSESSION'),('5fdb81b8-53f0-4967-a881-f5ec26fe4d18', 'VinCSS FIDO2 Authenticator', 'POSSESSION'),('d7a423ad-3e19-4492-9200-78137dccc136', 'VivoKey Apex FIDO2', 'POSSESSION'),('08987058-cadc-4b81-b6e1-30de50dcbe96', 'Windows Hello Hardware Authenticator', 'POSSESSION'),('6028b017-b1d4-4c02-b4b3-afcdafc96bb2', 'Windows Hello Software Authenticator', 'POSSESSION'),('9ddd1817-af5a-4672-a2b9-3e3dd95000a9', 'Windows Hello VBS Hardware Authenticator', 'POSSESSION'),('504d7149-4e4c-3841-4555-55445a677357', 'WiSECURE AuthTron USB FIDO2 Authenticator', 'POSSESSION'),('57415531-2e31-4020-a020-323032343032', 'Wultra Authenticator 1', 'POSSESSION_KNOWLEDGE'),('c1f9a0bc-1dd2-404a-b27f-8e29047a43fd', 'YubiKey 5 FIPS Series with NFC', 'POSSESSION'),('73bb0cd4-e502-49b8-9c6f-b59445bf720b', 'YubiKey 5 FIPS Series', 'POSSESSION'),('34f5766d-1536-4a24-9033-0e294e510fb0', 'YubiKey 5 Series CTAP2.1 Preview Expired', 'POSSESSION'),('2fc0579f-8113-47ea-b116-bb5a8db9202a', 'YubiKey 5 Series with NFC', 'POSSESSION'),('fa2b99dc-9e39-4257-8f92-4a30d23c4118', 'YubiKey 5 Series with NFC', 'POSSESSION'),('cb69481e-8ff7-4039-93ec-0a2729a154a8', 'YubiKey 5 Series', 'POSSESSION'),('ee882879-721c-4913-9775-3dfcce97072a', 'YubiKey 5 Series', 'POSSESSION'),('85203421-48f9-4355-9bc8-8a53846e5083', 'YubiKey 5Ci FIPS', 'POSSESSION'),('c5ef55ff-ad9a-4b9f-b580-adebafe026d0', 'YubiKey 5Ci', 'POSSESSION'),('83c47309-aabb-4108-8470-8be838b573cb', 'YubiKey Bio Series (Enterprise Profile)', 'POSSESSION'),('d8522d9f-575b-4866-88a9-ba99fa02f35b', 'YubiKey Bio Series', 'POSSESSION'); - -- Changeset powerauth-java-server/1.7.x/20240222-add-tag-1.7.0.xml::1::Lubos Racansky diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2DefaultAuthenticators.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2DefaultAuthenticators.java new file mode 100644 index 000000000..58a60e5ec --- /dev/null +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2DefaultAuthenticators.java @@ -0,0 +1,202 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.entity; + +import com.wultra.powerauth.fido2.service.model.Fido2Authenticator; +import com.wultra.security.powerauth.client.model.enumeration.SignatureType; + +import java.util.Map; +import java.util.Optional; +import java.util.Set; +import java.util.UUID; +import java.util.function.Function; +import java.util.stream.Collectors; + +/** + * Class containing map of default FIDO2 AAGUID authenticator identifiers. + * + * @author Jan Pesek, jan.pesek@wultra.com + */ +public class Fido2DefaultAuthenticators { + + private static final Set MODELS = Set.of( + Fido2Authenticator.create("b93fd961-f2e6-462f-b122-82002247de78", "Android Authenticator with SafetyNet Attestation"), + + // ATKey + Fido2Authenticator.create("ba76a271-6eb6-4171-874d-b6428dbe3437", "ATKey.ProS"), + Fido2Authenticator.create("d41f5a69-b817-4144-a13c-9ebd6d9254d6", "ATKey.Card CTAP2.0"), + Fido2Authenticator.create("e1a96183-5016-4f24-b55b-e3ae23614cc6", "ATKey.Pro CTAP2.0"), + Fido2Authenticator.create("e416201b-afeb-41ca-a03d-2281c28322aa", "ATKey.Pro CTAP2.1"), + + // Atos + Fido2Authenticator.create("1c086528-58d5-f211-823c-356786e36140", "Atos CardOS FIDO2"), + + // Crayonic + Fido2Authenticator.create("be727034-574a-f799-5c76-0929e0430973", "Crayonic KeyVault K1 (USB-NFC-BLE FIDO2 Authenticator)"), + + // Cryptnox + Fido2Authenticator.create("9c835346-796b-4c27-8898-d6032f515cc5", "Cryptnox FIDO2"), + + // Ensurity + Fido2Authenticator.create("454e5346-4944-4ffd-6c93-8e9267193e9a", "Ensurity ThinC"), + + // ESS + Fido2Authenticator.create("5343502d-5343-5343-6172-644649444f32", "ESS Smart Card Inc. Authenticator"), + + // eWBM + Fido2Authenticator.create("61250591-b2bc-4456-b719-0b17be90bb30", "eWBM eFPA FIDO2 Authenticator"), + + // FEITIAN + Fido2Authenticator.create("12ded745-4bed-47d4-abaa-e713f51d6393", "AllinPass FIDO"), + Fido2Authenticator.create("2c0df832-92de-4be1-8412-88a8f074df4a", "FIDO Java Card"), + Fido2Authenticator.create("310b2830-bd4a-4da5-832e-9a0dfc90abf2", "MultiPass FIDO"), + Fido2Authenticator.create("3e22415d-7fdf-4ea4-8a0c-dd60c4249b9d", "Feitian iePass FIDO Authenticator"), + Fido2Authenticator.create("6e22415d-7fdf-4ea4-8a0c-dd60c4249b9d", "iePass FIDO"), + Fido2Authenticator.create("77010bd7-212a-4fc9-b236-d2ca5e9d4084", "BioPass FIDO"), + Fido2Authenticator.create("833b721a-ff5f-4d00-bb2e-bdda3ec01e29", "ePassFIDO K10, A4B, K28"), + Fido2Authenticator.create("8c97a730-3f7b-41a6-87d6-1e9b62bda6f0", "FIDO Fingerprint Card"), + Fido2Authenticator.create("b6ede29c-3772-412c-8a78-539c1f4c62d2", "BioPass FIDO Plus"), + Fido2Authenticator.create("ee041bce-25e5-4cdb-8f86-897fd6418464", "ePassFIDO K39, NFC, NFC Plus"), + + // GoTrust + Fido2Authenticator.create("3b1adb99-0dfe-46fd-90b8-7f7614a4de2a", "GoTrust Idem Key FIDO2 Authenticator"), + Fido2Authenticator.create("9f0d8150-baa5-4c00-9299-ad62c8bb4e87", "GoTrust Idem Card FIDO2 Authenticator"), + + // HID Global + Fido2Authenticator.create("54d9fee8-e621-4291-8b18-7157b99c5bec", "HID Crescendo Enabled"), + Fido2Authenticator.create("692db549-7ae5-44d5-a1e5-dd20a493b723", "HID Crescendo Key"), + Fido2Authenticator.create("aeb6569c-f8fb-4950-ac60-24ca2bbe2e52", "HID Crescendo C2300"), + + // Hideez + Fido2Authenticator.create("3e078ffd-4c54-4586-8baa-a77da113aec5", "Hideez Key 3 FIDO2"), + Fido2Authenticator.create("4e768f2c-5fab-48b3-b300-220eb487752b", "Hideez Key 4 FIDO2 SDK"), + + // Hyper + Fido2Authenticator.create("9f77e279-a6e2-4d58-b700-31e5943c6a98", "Hyper FIDO Pro"), + Fido2Authenticator.create("d821a7d4-e97c-4cb6-bd82-4237731fd4be", "Hyper FIDO Bio Security Key"), + + // MKGroup + Fido2Authenticator.create("f4c63eff-d26c-4248-801c-3736c7eaa93a", "FIDO KeyPass S3"), + + // KEY-ID + Fido2Authenticator.create("d91c5288-0ef0-49b7-b8ae-21ca0aa6b3f3", "KEY-ID FIDO2 Authenticator"), + + // NEOWAVE + Fido2Authenticator.create("3789da91-f943-46bc-95c3-50ea2012f03a", "NEOWAVE Winkeo FIDO2"), + Fido2Authenticator.create("c5703116-972b-4851-a3e7-ae1259843399", "NEOWAVE Badgeo FIDO2"), + + // NXP Semiconductors + Fido2Authenticator.create("07a9f89c-6407-4594-9d56-621d5f1e358b", "NXP Semiconductors FIDO2 Conformance Testing CTAP2 Authenticator"), + + // OCTATCO + Fido2Authenticator.create("a1f52be5-dfab-4364-b51c-2bd496b14a56", "OCTATCO EzFinger2 FIDO2 AUTHENTICATOR"), + Fido2Authenticator.create("bc2fe499-0d8e-4ffe-96f3-94a82840cf8c", "OCTATCO EzQuant FIDO2 AUTHENTICATOR"), + + // OneSpan + Fido2Authenticator.create("30b5035e-d297-4fc1-b00b-addc96ba6a97", "OneSpan FIDO Touch"), + + // Precision InnaIT + Fido2Authenticator.create("88bbd2f0-342a-42e7-9729-dd158be5407a", "Precision InnaIT Key FIDO 2 Level 2 certified"), + + // SmartDisplayer + Fido2Authenticator.create("516d3969-5a57-5651-5958-4e7a49434167", "SmartDisplayer BobeePass (NFC-BLE FIDO2 Authenticator)"), + + // Solo + Fido2Authenticator.create("8876631b-d4a0-427f-5773-0ec71c9e0279", "Solo Secp256R1 FIDO2 CTAP2 Authenticator"), + Fido2Authenticator.create("8976631b-d4a0-427f-5773-0ec71c9e0279", "Solo Tap Secp256R1 FIDO2 CTAP2 Authenticator"), + + // Somu + Fido2Authenticator.create("9876631b-d4a0-427f-5773-0ec71c9e0279", "Somu Secp256R1 FIDO2 CTAP2 Authenticator"), + + // Swissbit + Fido2Authenticator.create("931327dd-c89b-406c-a81e-ed7058ef36c6", "Swissbit iShield FIDO2"), + + // Thales + Fido2Authenticator.create("b50d5e0a-7f81-4959-9b12-f45407407503", "Thales IDPrime MD 3940 FIDO"), + Fido2Authenticator.create("efb96b10-a9ee-4b6c-a4a9-d32125ccd4a4", "Thales eToken FIDO"), + + // TrustKey + Fido2Authenticator.create("95442b2e-f15e-4def-b270-efb106facb4e", "TrustKey G310(H)"), + Fido2Authenticator.create("87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c", "TrustKey G320(H)"), + Fido2Authenticator.create("da776f39-f6c8-4a89-b252-1d86137a46ba", "TrustKey T110"), + Fido2Authenticator.create("e3512a8a-62ae-11ea-bc55-0242ac130003", "TrustKey T120"), + + // TOKEN2 + Fido2Authenticator.create("ab32f0c6-2239-afbb-c470-d2ef4e254db7", "TOKEN2 FIDO2 Security Key"), + + // uTrust + Fido2Authenticator.create("73402251-f2a8-4f03-873e-3cb6db604b03", "uTrust FIDO2 Security Key"), + + // Vancosys + Fido2Authenticator.create("39a5647e-1853-446c-a1f6-a79bae9f5bc7", "Vancosys Android Authenticator"), + Fido2Authenticator.create("820d89ed-d65a-409e-85cb-f73f0578f82a", "Vancosys iOS Authenticator"), + + // VinCSS + Fido2Authenticator.create("5fdb81b8-53f0-4967-a881-f5ec26fe4d18", "VinCSS FIDO2 Authenticator"), + + // VivoKey + Fido2Authenticator.create("d7a423ad-3e19-4492-9200-78137dccc136", "VivoKey Apex FIDO2"), + + // Windows Hello + Fido2Authenticator.create("08987058-cadc-4b81-b6e1-30de50dcbe96", "Windows Hello Hardware Authenticator"), + Fido2Authenticator.create("6028b017-b1d4-4c02-b4b3-afcdafc96bb2", "Windows Hello Software Authenticator"), + Fido2Authenticator.create("9ddd1817-af5a-4672-a2b9-3e3dd95000a9", "Windows Hello VBS Hardware Authenticator"), + + // WiSECURE + Fido2Authenticator.create("504d7149-4e4c-3841-4555-55445a677357", "WiSECURE AuthTron USB FIDO2 Authenticator"), + + // Wultra + Fido2Authenticator.create("dca09ba7-4992-4be8-9283-ee98cd6fb529", "Wultra Authenticator 1", SignatureType.POSSESSION_KNOWLEDGE), + + // Yubico + Fido2Authenticator.create("0bb43545-fd2c-4185-87dd-feb0b2916ace", "Security Key NFC by Yubico - Enterprise Edition"), + Fido2Authenticator.create("149a2021-8ef6-4133-96b8-81f8d5b7f1f5", "Security Key by Yubico with NFC"), + Fido2Authenticator.create("2fc0579f-8113-47ea-b116-bb5a8db9202a", "YubiKey 5 Series with NFC"), + Fido2Authenticator.create("6d44ba9b-f6ec-2e49-b930-0c8fe920cb73", "Security Key by Yubico with NFC"), + Fido2Authenticator.create("73bb0cd4-e502-49b8-9c6f-b59445bf720b", "YubiKey 5 FIPS Series"), + Fido2Authenticator.create("85203421-48f9-4355-9bc8-8a53846e5083", "YubiKey 5Ci FIPS"), + Fido2Authenticator.create("a4e9fc6d-4cbe-4758-b8ba-37598bb5bbaa", "Security Key by Yubico with NFC"), + Fido2Authenticator.create("b92c3f9a-c014-4056-887f-140a2501163b", "Security Key by Yubico"), + Fido2Authenticator.create("c1f9a0bc-1dd2-404a-b27f-8e29047a43fd", "YubiKey 5 FIPS Series with NFC"), + Fido2Authenticator.create("c5ef55ff-ad9a-4b9f-b580-adebafe026d0", "YubiKey 5Ci"), + Fido2Authenticator.create("cb69481e-8ff7-4039-93ec-0a2729a154a8", "YubiKey 5 Series"), + Fido2Authenticator.create("d8522d9f-575b-4866-88a9-ba99fa02f35b", "YubiKey Bio Series"), + Fido2Authenticator.create("ee882879-721c-4913-9775-3dfcce97072a", "YubiKey 5 Series"), + Fido2Authenticator.create("f8a011f3-8c0a-4d15-8006-17111f9edc7d", "Security Key by Yubico"), + Fido2Authenticator.create("fa2b99dc-9e39-4257-8f92-4a30d23c4118", "YubiKey 5 Series with NFC"), + Fido2Authenticator.create("34f5766d-1536-4a24-9033-0e294e510fb0", "YubiKey 5 Series CTAP2.1 Preview Expired"), + Fido2Authenticator.create("83c47309-aabb-4108-8470-8be838b573cb", "YubiKey Bio Series (Enterprise Profile)"), + + // Other authenticators + Fido2Authenticator.create("ad784498-1902-3f54-b99a-10bb7dbd9588", "Apple MacBook Pro 14-inch, 2021"), + Fido2Authenticator.create("4ae71336-e44b-39bf-b9d2-752e234818a5", "Apple Passkeys") + ); + + private static final Map MODEL_MAP = MODELS.stream() + .collect(Collectors.toMap(Fido2Authenticator::aaguid, Function.identity())); + + private Fido2DefaultAuthenticators() { + throw new IllegalStateException("Should not be instantiated"); + } + + public static Optional findByAaguid(final UUID aaguid) { + return Optional.ofNullable(MODEL_MAP.get(aaguid)); + } + +} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java index 445bdddf7..513522b11 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorService.java @@ -20,6 +20,7 @@ import com.wultra.powerauth.fido2.database.entity.Fido2AuthenticatorEntity; import com.wultra.powerauth.fido2.database.repository.Fido2AuthenticatorRepository; +import com.wultra.powerauth.fido2.rest.model.entity.Fido2DefaultAuthenticators; import com.wultra.powerauth.fido2.service.model.Fido2Authenticator; import com.wultra.security.powerauth.client.model.enumeration.SignatureType; import lombok.AllArgsConstructor; @@ -27,7 +28,7 @@ import org.springframework.cache.annotation.Cacheable; import org.springframework.stereotype.Service; -import java.nio.ByteBuffer; +import java.util.Optional; import java.util.UUID; /** @@ -46,8 +47,9 @@ public class Fido2AuthenticatorService { private final Fido2AuthenticatorRepository fido2AuthenticatorRepository; /** - * Retrieve FIDO2 Authenticator details from database by its aaguid. - * If it does not exist, return unknown Fido2Authenticator. + * Retrieve FIDO2 Authenticator model. If it exists in database, return the one stored in database. + * If it does not exist in database, try to find a default one in {@link Fido2DefaultAuthenticators} + * and return the default one if exists. Otherwise, return unknown Fido2Authenticator. * @param aaguid Authenticator identifier. * @return Fido2Authenticator with registered details. */ @@ -56,9 +58,21 @@ public Fido2Authenticator findByAaguid(final UUID aaguid) { if (aaguid == null) { return unknownAuthenticator(); } + + return findInDatabase(aaguid) + .orElseGet(() -> findDefault(aaguid) + .orElseGet(() -> unknownAuthenticator(aaguid))); + } + + private Optional findInDatabase(final UUID aaguid) { + logger.debug("Trying to find FIDO2 Authenticator model with AAGUID {} in database.", aaguid); return fido2AuthenticatorRepository.findById(aaguid.toString()) - .map(Fido2AuthenticatorService::convert) - .orElseGet(() -> unknownAuthenticator(aaguid)); + .map(Fido2AuthenticatorService::convert); + } + + private static Optional findDefault(final UUID aaguid) { + logger.debug("Trying to find FIDO2 Authenticator model with AAGUID {} in default set.", aaguid); + return Fido2DefaultAuthenticators.findByAaguid(aaguid); } private static Fido2Authenticator convert(final Fido2AuthenticatorEntity entity) { diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/model/Fido2Authenticator.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/model/Fido2Authenticator.java index ecc2dfe6c..0b965ba3b 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/model/Fido2Authenticator.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/model/Fido2Authenticator.java @@ -24,7 +24,8 @@ import java.util.UUID; /** - * FIDO2 Authenticator details model. + * FIDO2 Authenticator details model. It associates the AAGUID value to a descriptive name + * and expected authentication factors available with a given authenticator. * * @author Jan Pesek, jan.pesek@wultra.com */ @@ -34,6 +35,14 @@ public record Fido2Authenticator( SignatureType signatureType ) { + public static Fido2Authenticator create(String aaguid, String description) { + return new Fido2Authenticator(UUID.fromString(aaguid), description, SignatureType.POSSESSION); + } + + public static Fido2Authenticator create(String aaguid, String description, SignatureType signatureType) { + return new Fido2Authenticator(UUID.fromString(aaguid), description, signatureType); + } + @Override public boolean equals(final Object o) { if (this == o) return true; diff --git a/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java b/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java index 8e14de880..92dbf6fa9 100644 --- a/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java +++ b/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/service/Fido2AuthenticatorServiceTest.java @@ -28,7 +28,6 @@ import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; -import java.nio.ByteBuffer; import java.util.Optional; import java.util.UUID; @@ -44,6 +43,8 @@ @ExtendWith(MockitoExtension.class) class Fido2AuthenticatorServiceTest { + private final static String WA1_AAGUID = "dca09ba7-4992-4be8-9283-ee98cd6fb529"; + @Mock private Fido2AuthenticatorRepository fido2AuthenticatorRepository; @@ -51,8 +52,8 @@ class Fido2AuthenticatorServiceTest { private Fido2AuthenticatorService tested; @Test - void testFindByAaguid() { - final UUID aaguid = UUID.randomUUID(); + void testFindByAaguid_fromDatabase() { + final UUID aaguid = UUID.fromString("00000000-0000-0000-0000-000000000000"); final Fido2AuthenticatorEntity entity = new Fido2AuthenticatorEntity(); entity.setAaguid(aaguid.toString()); entity.setDescription("My FIDO2 Authenticator"); @@ -67,9 +68,21 @@ void testFindByAaguid() { assertEquals(SignatureType.POSSESSION, authenticator.signatureType()); } + @Test + void testFindByAaguid_fromDefaultSet() { + final UUID aaguid = UUID.fromString(WA1_AAGUID); + when(fido2AuthenticatorRepository.findById(aaguid.toString())) + .thenReturn(Optional.empty()); + + final Fido2Authenticator authenticator = tested.findByAaguid(aaguid); + assertEquals(aaguid, authenticator.aaguid()); + assertEquals("Wultra Authenticator 1", authenticator.description()); + assertEquals(SignatureType.POSSESSION_KNOWLEDGE, authenticator.signatureType()); + } + @Test void testFindByAaguid_unknown() { - final UUID aaguid = UUID.randomUUID(); + final UUID aaguid = UUID.fromString("00000000-0000-0000-0000-000000000000"); when(fido2AuthenticatorRepository.findById(aaguid.toString())) .thenReturn(Optional.empty()); From bda86016242fb33c1ab6eefb652e27673c6345a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 01:52:19 +0000 Subject: [PATCH 127/146] Bump nl.jqno.equalsverifier:equalsverifier from 3.15.8 to 3.16 Bumps [nl.jqno.equalsverifier:equalsverifier](https://github.com/jqno/equalsverifier) from 3.15.8 to 3.16. - [Release notes](https://github.com/jqno/equalsverifier/releases) - [Changelog](https://github.com/jqno/equalsverifier/blob/main/CHANGELOG.md) - [Commits](https://github.com/jqno/equalsverifier/compare/equalsverifier-3.15.8...equalsverifier-3.16) --- updated-dependencies: - dependency-name: nl.jqno.equalsverifier:equalsverifier dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 23312dafa..3440dc656 100644 --- a/pom.xml +++ b/pom.xml @@ -102,7 +102,7 @@ 1.11.0 7.4 - 3.15.8 + 3.16 3.5.3 From 2460c0e044a8eaf474122b248ff788be311080e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 01:52:35 +0000 Subject: [PATCH 128/146] Bump io.swagger.core.v3:swagger-annotations-jakarta Bumps io.swagger.core.v3:swagger-annotations-jakarta from 2.2.20 to 2.2.21. --- updated-dependencies: - dependency-name: io.swagger.core.v3:swagger-annotations-jakarta dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 23312dafa..1b15b48df 100644 --- a/pom.xml +++ b/pom.xml @@ -94,7 +94,7 @@ 2.3.0 - 2.2.20 + 2.2.21 5.12.0 From bf76e0b72d31f42f3bd138dc7c4af00afd9ec6bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 01:53:13 +0000 Subject: [PATCH 129/146] Bump org.springframework.boot:spring-boot-starter-parent Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.2.3 to 3.2.4. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.2.3...v3.2.4) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 23312dafa..9d1803254 100644 --- a/pom.xml +++ b/pom.xml @@ -32,7 +32,7 @@ org.springframework.boot spring-boot-starter-parent - 3.2.3 + 3.2.4 From 54b30d6dfbda607d2f4c87474a85d3dd1eeacaf4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Mon, 25 Mar 2024 15:59:10 +0100 Subject: [PATCH 130/146] Fix #1419: Implement optional proprietary signing extension to account for FIDO2/WebAuthn shortcomings (#1420) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fix #1419: Implement optional proprietary signing extension to account for FIDO2/WebAuthn shortcomings * Use concat from our ByteUtils to improve readability * Fix documentation * Fix return value Co-authored-by: Luboš Račanský * Added a debug log * Improve transparency of proprietary signatures * Documentation update --------- Co-authored-by: Luboš Račanský --- docs/FIDO2-API.md | 24 +++++------ .../AssertionChallengeConverter.java | 12 +++++- .../entity/Fido2DefaultAuthenticators.java | 8 ++++ .../fido2/service/AssertionService.java | 15 +++---- .../fido2/PowerAuthCryptographyService.java | 42 ++++++++++++++----- 5 files changed, 71 insertions(+), 30 deletions(-) diff --git a/docs/FIDO2-API.md b/docs/FIDO2-API.md index 9a360a6c3..c4f247de6 100644 --- a/docs/FIDO2-API.md +++ b/docs/FIDO2-API.md @@ -395,18 +395,18 @@ Verify a provided FIDO2 assertion. ##### Request Params -| Attribute | Type | Description | -|---------------------------------------------------------------------------|----------|-----------------------------------------------------------------------------------| -| `credentialId`* | `String` | Credential ID. | -| `type`* | `String` | Credential type (`public-key`). | -| `authenticatorAttachment`* | `String` | Information about authenticator attachment. | -| `response`* | `String` | Authenticator response (value provided by authenticator, encoded as Base64). | -| `applicationId` | `String` | Application identifier, to verify the challenge can be approved by given app. | -| `relyingPartyId` | `String` | Identification of relying party, typically the domain, i.e., `example.com`. | -| `allowedOrigins` | `String` | Collection of origins that should be allowed to provide the assertion. | -| `allowedTopOrigins` | `String` | Collection of top origins that should be allowed to provide the assertion. | -| `requiresUserVerification` | `String` | Information if user verification flag must be present (if user was verified). | -| `expectedChallenge` | `String` | Expected challenge value. If present, it is checked against the actual challenge. | +| Attribute | Type | Description | +|---------------------------------------------------------------------------|------------|-----------------------------------------------------------------------------------| +| `credentialId`* | `String` | Credential ID. | +| `type`* | `String` | Credential type (`public-key`). | +| `authenticatorAttachment`* | `String` | Information about authenticator attachment. | +| `response`* | `String` | Authenticator response (value provided by authenticator, encoded as Base64). | +| `applicationId` | `String` | Application identifier, to verify the challenge can be approved by given app. | +| `relyingPartyId` | `String` | Identification of relying party, typically the domain, i.e., `example.com`. | +| `allowedOrigins` | `String[]` | Collection of origins that should be allowed to provide the assertion. | +| `allowedTopOrigins` | `String[]` | Collection of top origins that should be allowed to provide the assertion. | +| `requiresUserVerification` | `boolean` | Information if user verification flag must be present (if user was verified). | +| `expectedChallenge` | `String` | Expected challenge value. If present, it is checked against the actual challenge. | #### Response 200 diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java index 48e97c35a..8821f1cc3 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java @@ -21,13 +21,16 @@ import com.wultra.powerauth.fido2.rest.model.entity.AllowCredentials; import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.entity.Fido2DefaultAuthenticators; import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; import com.wultra.security.powerauth.client.model.request.OperationCreateRequest; import com.wultra.security.powerauth.client.model.response.OperationDetailResponse; +import io.getlime.security.powerauth.crypto.lib.util.ByteUtils; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; +import java.nio.charset.StandardCharsets; import java.util.*; /** @@ -106,9 +109,16 @@ public AssertionChallenge convertAssertionChallengeFromOperationDetail(Operation final List allowCredentials = new ArrayList<>(); for (AuthenticatorDetail ad: authenticatorDetails) { - final byte[] credentialId = Base64.getDecoder().decode(ad.getCredentialId()); @SuppressWarnings("unchecked") final List transports = (List) ad.getExtras().get("transports"); + final String aaguid = (String) ad.getExtras().get("aaguid"); + + // Obtain credential ID, append data to credential ID if the authenticator is a Wultra authenticator that supports visual challenge. + byte[] credentialId = Base64.getDecoder().decode(ad.getCredentialId()); + if (aaguid != null && Fido2DefaultAuthenticators.isWultraModel(aaguid)) { + final byte[] operationDataBytes = source.getData().getBytes(StandardCharsets.UTF_8); + credentialId = ByteUtils.concat(credentialId, operationDataBytes); + } final AllowCredentials ac = new AllowCredentials(); ac.setCredentialId(credentialId); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2DefaultAuthenticators.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2DefaultAuthenticators.java index 58a60e5ec..0a7d45562 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2DefaultAuthenticators.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/Fido2DefaultAuthenticators.java @@ -35,6 +35,10 @@ */ public class Fido2DefaultAuthenticators { + private static final Set WULTRA_MODELS = Set.of( + "dca09ba7-4992-4be8-9283-ee98cd6fb529" + ); + private static final Set MODELS = Set.of( Fido2Authenticator.create("b93fd961-f2e6-462f-b122-82002247de78", "Android Authenticator with SafetyNet Attestation"), @@ -199,4 +203,8 @@ public static Optional findByAaguid(final UUID aaguid) { return Optional.ofNullable(MODEL_MAP.get(aaguid)); } + public static boolean isWultraModel(final String aaguid) { + return WULTRA_MODELS.contains(aaguid); + } + } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 017bbce24..4d4c6f3e0 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -34,8 +34,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import java.util.Optional; - /** * Service related to handling assertions. * @@ -97,12 +95,10 @@ public AssertionVerificationResponse authenticate(AssertionVerificationRequest r final AuthenticatorAssertionResponse response = request.getResponse(); final String applicationId = request.getApplicationId(); final String credentialId = request.getCredentialId(); - final String challenge = response.getClientDataJSON().getChallenge(); - final Optional authenticatorOptional = authenticatorProvider.findByCredentialId(credentialId, applicationId); - authenticatorOptional.orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); - final AuthenticatorDetail authenticatorDetail = authenticatorOptional.get(); - final AuthenticatorData authenticatorData = response.getAuthenticatorData(); final CollectedClientData clientDataJSON = response.getClientDataJSON(); + final AuthenticatorData authenticatorData = response.getAuthenticatorData(); + final String challenge = clientDataJSON.getChallenge(); + final AuthenticatorDetail authenticatorDetail = getAuthenticatorDetail(credentialId, applicationId); if (authenticatorDetail.getActivationStatus() == ActivationStatus.ACTIVE) { final boolean signatureCorrect = cryptographyService.verifySignatureForAssertion(applicationId, credentialId, clientDataJSON, authenticatorData, response.getSignature(), authenticatorDetail); if (signatureCorrect) { @@ -121,4 +117,9 @@ public AssertionVerificationResponse authenticate(AssertionVerificationRequest r } } + private AuthenticatorDetail getAuthenticatorDetail(String credentialId, String applicationId) throws Fido2AuthenticationFailedException { + return authenticatorProvider.findByCredentialId(credentialId, applicationId) + .orElseThrow(() -> new Fido2AuthenticationFailedException("Invalid request")); + } + } diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java index 99a868639..1a6f9faf0 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthCryptographyService.java @@ -26,6 +26,7 @@ import io.getlime.security.powerauth.app.server.database.repository.ApplicationConfigRepository; import io.getlime.security.powerauth.crypto.lib.model.exception.CryptoProviderException; import io.getlime.security.powerauth.crypto.lib.model.exception.GenericCryptoException; +import io.getlime.security.powerauth.crypto.lib.util.ByteUtils; import io.getlime.security.powerauth.crypto.lib.util.Hash; import io.getlime.security.powerauth.crypto.lib.util.KeyConvertor; import io.getlime.security.powerauth.crypto.lib.util.SignatureUtils; @@ -71,9 +72,18 @@ public boolean verifySignatureForAssertion(String applicationId, String credenti if (!checkAndPersistCounter(applicationId, credentialId, authData.getSignCount())) { return false; } + byte[] dataSuffix = null; + final String aaguid = (String) authenticatorDetail.getExtras().get("aaguid"); + if (aaguid != null && Fido2DefaultAuthenticators.isWultraModel(aaguid)) { + dataSuffix = getOperationDataBytes(clientDataJSON.getChallenge()); + if (dataSuffix == null) { + logger.debug("Visual challenge expected, but no data found to append."); + return false; + } + } final byte[] publicKeyBytes = authenticatorDetail.getPublicKeyBytes(); final PublicKey publicKey = keyConvertor.convertBytesToPublicKey(publicKeyBytes); - return verifySignature(clientDataJSON, authData, signature, publicKey); + return verifySignature(clientDataJSON, authData, dataSuffix, signature, publicKey); } public boolean verifySignatureForRegistration(String applicationId, CollectedClientData clientDataJSON, AttestationObject attestationObject, byte[] signature) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException, InvalidKeyException { @@ -84,7 +94,7 @@ public boolean verifySignatureForRegistration(String applicationId, CollectedCli } final ECPoint point = pointOptional.get(); final PublicKey publicKey = keyConvertor.convertPointBytesToPublicKey(point.getX(), point.getY()); - return verifySignature(clientDataJSON, attestationObject.getAuthData(), signature, publicKey); + return verifySignature(clientDataJSON, attestationObject.getAuthData(), null, signature, publicKey); } public byte[] publicKeyToBytes(PublicKeyObject publicKey) throws GenericCryptoException, InvalidKeySpecException, CryptoProviderException { @@ -96,10 +106,15 @@ public byte[] publicKeyToBytes(PublicKeyObject publicKey) throws GenericCryptoEx // private methods - private boolean verifySignature(CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] signature, PublicKey publicKey) throws GenericCryptoException, CryptoProviderException, InvalidKeyException { - final byte[] clientDataJSONEncodedHash = concat(authData.getEncoded(), Hash.sha256(clientDataJSON.getEncoded())); + private boolean verifySignature(CollectedClientData clientDataJSON, AuthenticatorData authData, byte[] dataSuffix, byte[] signature, PublicKey publicKey) throws GenericCryptoException, CryptoProviderException, InvalidKeyException { + final byte[] signableData; + if (dataSuffix != null) { + signableData = ByteUtils.concat(authData.getEncoded(), Hash.sha256(clientDataJSON.getEncoded()), dataSuffix); + } else { + signableData = ByteUtils.concat(authData.getEncoded(), Hash.sha256(clientDataJSON.getEncoded())); + } final SignatureUtils signatureUtils = new SignatureUtils(); - return signatureUtils.validateECDSASignature(clientDataJSONEncodedHash, signature, publicKey); + return signatureUtils.validateECDSASignature(signableData, signature, publicKey); } private boolean checkAndPersistCounter(String applicationId, String credentialId, int signCount) { @@ -125,11 +140,18 @@ private boolean checkAndPersistCounter(String applicationId, String credentialId return true; } - private byte[] concat(byte[] a, byte[] b) { - final byte[] combined = new byte[a.length + b.length]; - System.arraycopy(a, 0, combined, 0, a.length); - System.arraycopy(b, 0, combined, a.length, b.length); - return combined; + /** + * Parse challenge value to obtain operation data presented to the user via the visual challenge. + * + * @param challenge Challenge value in the expected format `operation_id&operation_data`. + * @return Value of operation data, as UTF-8 encoded bytes. + */ + private static byte[] getOperationDataBytes(String challenge) { + final String[] split = challenge.split("&", 2); + if (split.length != 2) { + return null; + } + return split[1].getBytes(StandardCharsets.UTF_8); } /** From 1cfb7522091caebea2d15a82d17c8a2422d8119a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Dvo=C5=99=C3=A1k?= Date: Mon, 25 Mar 2024 21:54:20 +0100 Subject: [PATCH 131/146] Fix #1425: FIDO2: Return operation data in a separate allowCredential item (#1426) * Fix #1425: FIDO2: Return operation data in a separate allowCredential item * Use empty list --- .../model/converter/AssertionChallengeConverter.java | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java index 8821f1cc3..afb80c447 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java @@ -107,6 +107,7 @@ public AssertionChallenge convertAssertionChallengeFromOperationDetail(Operation if (authenticatorDetails != null && !authenticatorDetails.isEmpty()) { final List allowCredentials = new ArrayList<>(); + boolean hasWultraModel = false; for (AuthenticatorDetail ad: authenticatorDetails) { @SuppressWarnings("unchecked") @@ -116,8 +117,7 @@ public AssertionChallenge convertAssertionChallengeFromOperationDetail(Operation // Obtain credential ID, append data to credential ID if the authenticator is a Wultra authenticator that supports visual challenge. byte[] credentialId = Base64.getDecoder().decode(ad.getCredentialId()); if (aaguid != null && Fido2DefaultAuthenticators.isWultraModel(aaguid)) { - final byte[] operationDataBytes = source.getData().getBytes(StandardCharsets.UTF_8); - credentialId = ByteUtils.concat(credentialId, operationDataBytes); + hasWultraModel = true; } final AllowCredentials ac = new AllowCredentials(); @@ -125,6 +125,13 @@ public AssertionChallenge convertAssertionChallengeFromOperationDetail(Operation ac.setTransports(transports); allowCredentials.add(ac); } + if (hasWultraModel) { + final byte[] credentialId = source.getData().getBytes(StandardCharsets.UTF_8); + final AllowCredentials ac = new AllowCredentials(); + ac.setCredentialId(credentialId); + ac.setTransports(Collections.emptyList()); + allowCredentials.add(ac); + } destination.setAllowCredentials(allowCredentials); } return destination; From 0da5526e7cf9273fad85719b87af80c5e231e9ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= Date: Tue, 26 Mar 2024 07:33:39 +0100 Subject: [PATCH 132/146] Fix #1425: FIDO2: Return operation data in a separate allowCredential item (#1427) --- .../rest/model/converter/AssertionChallengeConverter.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java index afb80c447..31a532a2a 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java @@ -26,7 +26,6 @@ import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; import com.wultra.security.powerauth.client.model.request.OperationCreateRequest; import com.wultra.security.powerauth.client.model.response.OperationDetailResponse; -import io.getlime.security.powerauth.crypto.lib.util.ByteUtils; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -126,7 +125,7 @@ public AssertionChallenge convertAssertionChallengeFromOperationDetail(Operation allowCredentials.add(ac); } if (hasWultraModel) { - final byte[] credentialId = source.getData().getBytes(StandardCharsets.UTF_8); + final byte[] credentialId = Base64.getEncoder().encode(source.getData().getBytes(StandardCharsets.UTF_8)); final AllowCredentials ac = new AllowCredentials(); ac.setCredentialId(credentialId); ac.setTransports(Collections.emptyList()); From eec41591591772518c6e35705c917719884361ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= Date: Tue, 26 Mar 2024 10:16:02 +0100 Subject: [PATCH 133/146] Revert "Fix #1425: FIDO2: Return operation data in a separate allowCredential item (#1427)" (#1428) This reverts commit 0da5526e7cf9273fad85719b87af80c5e231e9ba. --- .../rest/model/converter/AssertionChallengeConverter.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java index 31a532a2a..afb80c447 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java @@ -26,6 +26,7 @@ import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; import com.wultra.security.powerauth.client.model.request.OperationCreateRequest; import com.wultra.security.powerauth.client.model.response.OperationDetailResponse; +import io.getlime.security.powerauth.crypto.lib.util.ByteUtils; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -125,7 +126,7 @@ public AssertionChallenge convertAssertionChallengeFromOperationDetail(Operation allowCredentials.add(ac); } if (hasWultraModel) { - final byte[] credentialId = Base64.getEncoder().encode(source.getData().getBytes(StandardCharsets.UTF_8)); + final byte[] credentialId = source.getData().getBytes(StandardCharsets.UTF_8); final AllowCredentials ac = new AllowCredentials(); ac.setCredentialId(credentialId); ac.setTransports(Collections.emptyList()); From 500d9669fe96c24709cad92f56eb622ee3d121b8 Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Wed, 27 Mar 2024 07:19:02 +0100 Subject: [PATCH 134/146] Downgrade java version for coverity scan GitHub Action --- .github/workflows/coverity-scan.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml index 303fae90c..8a887f339 100644 --- a/.github/workflows/coverity-scan.yml +++ b/.github/workflows/coverity-scan.yml @@ -14,4 +14,3 @@ jobs: project-name: ${{ github.event.repository.name }} version: ${{ github.sha }} description: ${{ github.ref }} - java_version: 21 \ No newline at end of file From a5babd874214e780d9c89a735b3808445541789d Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Wed, 27 Mar 2024 13:26:52 +0100 Subject: [PATCH 135/146] Fix #1434: Return ERROR_NOT_FOUND code instead of white label error page --- .../controller/RESTControllerAdvice.java | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java index c8b8f9365..440aa42ba 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/controller/RESTControllerAdvice.java @@ -36,6 +36,7 @@ import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseStatus; +import org.springframework.web.servlet.resource.NoResourceFoundException; import java.util.Comparator; import java.util.stream.Collectors; @@ -178,4 +179,21 @@ public class RESTControllerAdvice { return new ObjectResponse<>("ERROR", error); } + /** + * Exception handler for no resource found. + * + * @param e Exception. + * @return Response with error details. + */ + @ExceptionHandler(NoResourceFoundException.class) + @ResponseStatus(HttpStatus.NOT_FOUND) + public @ResponseBody ObjectResponse handleNoResourceFoundException(final NoResourceFoundException e) { + logger.warn("Error occurred when calling an API: {}", e.getMessage()); + logger.debug("Exception detail: ", e); + final PowerAuthError error = new PowerAuthError(); + error.setCode("ERROR_NOT_FOUND"); + error.setMessage("Resource not found."); + return new ObjectResponse<>("ERROR", error); + } + } From 4e6327b9930f05bc2ab19ca154bf53cc60816a1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Ra=C4=8Dansk=C3=BD?= Date: Thu, 28 Mar 2024 10:50:52 +0100 Subject: [PATCH 136/146] Fix #1430: Coverity: Unread field should be static (#1432) * Fix #1430: Coverity: Unread field should be static --- .../model/entity/fido2/AllowCredentials.java | 11 +++++++- .../AssertionChallengeConverter.java | 14 +++++------ .../rest/model/entity/AllowCredentials.java | 25 ++++++++++++++++--- 3 files changed, 38 insertions(+), 12 deletions(-) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AllowCredentials.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AllowCredentials.java index b54fa8b40..3885236ea 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AllowCredentials.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AllowCredentials.java @@ -29,7 +29,16 @@ */ @Data public class AllowCredentials { + private byte[] credentialId; - private final String type = "public-key"; + + /** + * Currently one credential type is defined, namely {@code public-key}. + * + * @see W3C WebAuthn specification + */ + private String type; + private List transports; + } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java index afb80c447..4fda4b9f1 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java @@ -26,7 +26,6 @@ import com.wultra.powerauth.fido2.rest.model.response.AssertionChallengeResponse; import com.wultra.security.powerauth.client.model.request.OperationCreateRequest; import com.wultra.security.powerauth.client.model.response.OperationDetailResponse; -import io.getlime.security.powerauth.crypto.lib.util.ByteUtils; import lombok.extern.slf4j.Slf4j; import org.springframework.stereotype.Component; @@ -120,16 +119,17 @@ public AssertionChallenge convertAssertionChallengeFromOperationDetail(Operation hasWultraModel = true; } - final AllowCredentials ac = new AllowCredentials(); - ac.setCredentialId(credentialId); - ac.setTransports(transports); + final AllowCredentials ac = AllowCredentials.builder() + .credentialId(credentialId) + .transports(transports) + .build(); allowCredentials.add(ac); } if (hasWultraModel) { final byte[] credentialId = source.getData().getBytes(StandardCharsets.UTF_8); - final AllowCredentials ac = new AllowCredentials(); - ac.setCredentialId(credentialId); - ac.setTransports(Collections.emptyList()); + final AllowCredentials ac = AllowCredentials.builder() + .credentialId(credentialId) + .build(); allowCredentials.add(ac); } destination.setAllowCredentials(allowCredentials); diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AllowCredentials.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AllowCredentials.java index 822a02e11..c08dc6f84 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AllowCredentials.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AllowCredentials.java @@ -18,8 +18,12 @@ package com.wultra.powerauth.fido2.rest.model.entity; -import lombok.Data; +import lombok.Builder; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.ToString; +import java.util.Collections; import java.util.List; /** @@ -27,9 +31,22 @@ * * @author Petr Dvorak, petr@wultra.com */ -@Data +@Getter +@EqualsAndHashCode +@ToString +@Builder public class AllowCredentials { - private byte[] credentialId; + + private final byte[] credentialId; + + /** + * Currently one credential type is defined, namely {@code public-key}. + * + * @see W3C WebAuthn specification + */ + @Builder.Default private final String type = "public-key"; - private List transports; + + @Builder.Default + private final List transports = Collections.emptyList(); } From 2fde1bf0fe79694aefa4f605916990d64287d538 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= Date: Thu, 28 Mar 2024 14:17:27 +0100 Subject: [PATCH 137/146] Fix #1436: FIDO test app Opera browser - authenticatorAttachment error (#1439) --- .../client/model/entity/fido2/AuthenticatorParameters.java | 1 - .../model/request/fido2/AssertionVerificationRequest.java | 1 - .../client/model/request/fido2/RegistrationRequest.java | 2 ++ .../fido2/rest/model/entity/AuthenticatorParameters.java | 1 - .../fido2/rest/model/request/AssertionVerificationRequest.java | 1 - .../powerauth/fido2/rest/model/request/RegistrationRequest.java | 2 ++ 6 files changed, 4 insertions(+), 4 deletions(-) diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java index 3baaebf02..6c3d7b84e 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/entity/fido2/AuthenticatorParameters.java @@ -36,7 +36,6 @@ public class AuthenticatorParameters { private String credentialId; @NotBlank private String type; - @NotBlank private String authenticatorAttachment; private AuthenticatorAttestationResponse response = new AuthenticatorAttestationResponse(); @NotBlank diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java index 87639ef09..32fc5ed97 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/AssertionVerificationRequest.java @@ -39,7 +39,6 @@ public class AssertionVerificationRequest { private String credentialId; @NotBlank private String type; - @NotBlank private String authenticatorAttachment; private AuthenticatorAssertionResponse response = new AuthenticatorAssertionResponse(); @NotBlank diff --git a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationRequest.java b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationRequest.java index f4e52d4de..404973377 100644 --- a/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationRequest.java +++ b/powerauth-client-model/src/main/java/com/wultra/security/powerauth/client/model/request/fido2/RegistrationRequest.java @@ -19,6 +19,7 @@ package com.wultra.security.powerauth.client.model.request.fido2; import com.wultra.security.powerauth.client.model.entity.fido2.AuthenticatorParameters; +import jakarta.validation.Valid; import jakarta.validation.constraints.NotBlank; import lombok.Data; @@ -36,6 +37,7 @@ public class RegistrationRequest { private String expectedChallenge; // Authenticator parameters + @Valid private AuthenticatorParameters authenticatorParameters; diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java index bb83a75fb..73e3730b1 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorParameters.java @@ -38,7 +38,6 @@ public class AuthenticatorParameters { private String credentialId; @NotBlank private String type; - @NotBlank private String authenticatorAttachment; private AuthenticatorAttestationResponse response = new AuthenticatorAttestationResponse(); @NotBlank diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java index 95704d1e6..afbc8ebbe 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/AssertionVerificationRequest.java @@ -39,7 +39,6 @@ public class AssertionVerificationRequest { private String credentialId; @NotBlank private String type; - @NotBlank private String authenticatorAttachment; private AuthenticatorAssertionResponse response = new AuthenticatorAssertionResponse(); @NotBlank diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java index 46e97b508..d5767f9ef 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/request/RegistrationRequest.java @@ -19,6 +19,7 @@ package com.wultra.powerauth.fido2.rest.model.request; import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorParameters; +import jakarta.validation.Valid; import jakarta.validation.constraints.NotBlank; import lombok.Data; @@ -38,5 +39,6 @@ public class RegistrationRequest { private String expectedChallenge; // Authenticator parameters + @Valid private AuthenticatorParameters authenticatorParameters; } From d5261328f2b4006b38838d6becafe7f35f2079fe Mon Sep 17 00:00:00 2001 From: Lubos Racansky Date: Thu, 28 Mar 2024 14:29:12 +0100 Subject: [PATCH 138/146] Fix #1442: Remove Base64ToByteArrayDeserializer Jackson deserializes base64 to byte array out of the box. --- .../Base64ToByteArrayDeserializer.java | 75 ------------------- .../AuthenticatorAssertionResponse.java | 2 - 2 files changed, 77 deletions(-) delete mode 100644 powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java deleted file mode 100644 index 25c3026d7..000000000 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/serialization/Base64ToByteArrayDeserializer.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * PowerAuth Server and related software components - * Copyright (C) 2023 Wultra s.r.o. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published - * by the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ - -package com.wultra.powerauth.fido2.rest.model.converter.serialization; - -import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.deser.std.StdDeserializer; -import com.wultra.powerauth.fido2.errorhandling.Fido2DeserializationException; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; - -import java.io.IOException; -import java.io.Serial; -import java.util.Base64; - -/** - * Deserializer from Base64 to byte array. - * - * @author Petr Dvorak, petr@wultra.com - */ -@Component -@Slf4j -public class Base64ToByteArrayDeserializer extends StdDeserializer { - - @Serial - private static final long serialVersionUID = 4519714786533202920L; - - /** - * No-arg deserializer constructor. - */ - public Base64ToByteArrayDeserializer() { - this(null); - } - - /** - * Deserializer constructor with value class parameter. - * @param vc Value class. - */ - public Base64ToByteArrayDeserializer(Class vc) { - super(vc); - } - - /** - * Deserialize data from Base64 to byte array. - * @param jsonParser JSON parser. - * @param deserializationContext Deserialization context. - * @return Deserialized byte array. - * @throws Fido2DeserializationException Thrown in case JSON deserialization fails. - */ - @Override - public byte[] deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws Fido2DeserializationException { - try { - return Base64.getDecoder().decode(jsonParser.getText()); - } catch (IOException e) { - logger.debug(e.getMessage(), e); - throw new Fido2DeserializationException(e.getMessage(), e); - } - } -} diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java index 3ed46bdc6..cbf2f8aeb 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/entity/AuthenticatorAssertionResponse.java @@ -20,7 +20,6 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.wultra.powerauth.fido2.rest.model.converter.serialization.AuthenticatorDataDeserializer; -import com.wultra.powerauth.fido2.rest.model.converter.serialization.Base64ToByteArrayDeserializer; import com.wultra.powerauth.fido2.rest.model.converter.serialization.Base64ToStringDeserializer; import com.wultra.powerauth.fido2.rest.model.converter.serialization.CollectedClientDataDeserializer; import jakarta.validation.constraints.NotEmpty; @@ -41,7 +40,6 @@ public class AuthenticatorAssertionResponse { private AuthenticatorData authenticatorData; @NotEmpty - @JsonDeserialize(using = Base64ToByteArrayDeserializer.class) private byte[] signature; @JsonDeserialize(using = Base64ToStringDeserializer.class) From fbdc11b8ec3faa9f2bcc9ad3875c3fc84001079f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= Date: Thu, 28 Mar 2024 14:45:35 +0100 Subject: [PATCH 139/146] Fix #1440: Add unit test for AssertionChallengeConverter (#1441) --- .../AssertionChallengeConverter.java | 15 +- .../fido2/service/AssertionService.java | 7 +- .../AssertionChallengeConverterTest.java | 218 ++++++++++++++++++ .../fido2/PowerAuthAssertionProvider.java | 8 +- 4 files changed, 231 insertions(+), 17 deletions(-) create mode 100644 powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverterTest.java diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java index 4fda4b9f1..c799e9489 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverter.java @@ -27,7 +27,6 @@ import com.wultra.security.powerauth.client.model.request.OperationCreateRequest; import com.wultra.security.powerauth.client.model.response.OperationDetailResponse; import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; import java.nio.charset.StandardCharsets; import java.util.*; @@ -37,19 +36,22 @@ * * @author Petr Dvorak, petr@wultra.com */ -@Component @Slf4j public class AssertionChallengeConverter { private static final String ATTR_ALLOW_CREDENTIALS = "allowCredentials"; + private AssertionChallengeConverter() { + throw new IllegalStateException("Should not be instantiated"); + } + /** * Convert a new assertion challenge response from a provided challenge. * * @param source Challenge. * @return Assertion challenge response. */ - public AssertionChallengeResponse fromChallenge(AssertionChallenge source) { + public static AssertionChallengeResponse fromChallenge(AssertionChallenge source) { if (source == null) { return null; } @@ -71,7 +73,7 @@ public AssertionChallengeResponse fromChallenge(AssertionChallenge source) { * @param authenticatorDetails Allowed authenticators. If null or empty, all are allowed. * @return Request for creating a new operation. */ - public OperationCreateRequest convertAssertionRequestToOperationRequest(AssertionChallengeRequest source, List authenticatorDetails) { + public static OperationCreateRequest convertAssertionRequestToOperationRequest(AssertionChallengeRequest source, List authenticatorDetails) { final OperationCreateRequest destination = new OperationCreateRequest(); destination.setUserId(source.getUserId()); destination.setApplications(source.getApplicationIds()); @@ -96,7 +98,7 @@ public OperationCreateRequest convertAssertionRequestToOperationRequest(Assertio * @param authenticatorDetails Add authenticator details to be assigned with the challenge. If null or empty, all are allowed. * @return Assertion challenge */ - public AssertionChallenge convertAssertionChallengeFromOperationDetail(OperationDetailResponse source, List authenticatorDetails) { + public static AssertionChallenge convertAssertionChallengeFromOperationDetail(OperationDetailResponse source, List authenticatorDetails) { final AssertionChallenge destination = new AssertionChallenge(); destination.setUserId(source.getUserId()); destination.setApplicationIds(source.getApplications()); @@ -113,8 +115,7 @@ public AssertionChallenge convertAssertionChallengeFromOperationDetail(Operation final List transports = (List) ad.getExtras().get("transports"); final String aaguid = (String) ad.getExtras().get("aaguid"); - // Obtain credential ID, append data to credential ID if the authenticator is a Wultra authenticator that supports visual challenge. - byte[] credentialId = Base64.getDecoder().decode(ad.getCredentialId()); + final byte[] credentialId = Base64.getDecoder().decode(ad.getCredentialId()); if (aaguid != null && Fido2DefaultAuthenticators.isWultraModel(aaguid)) { hasWultraModel = true; } diff --git a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java index 4d4c6f3e0..dfe464cd9 100644 --- a/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java +++ b/powerauth-fido2/src/main/java/com/wultra/powerauth/fido2/service/AssertionService.java @@ -47,7 +47,6 @@ public class AssertionService { private final AuthenticatorProvider authenticatorProvider; private final AssertionProvider assertionProvider; private final AssertionConverter assertionConverter; - private final AssertionChallengeConverter assertionChallengeConverter; /** * Assertion service constructor. @@ -55,15 +54,13 @@ public class AssertionService { * @param authenticatorProvider Authenticator provider. * @param assertionProvider Assertion provider. * @param assertionConverter Assertion converter. - * @param assertionChallengeConverter Assertion challenge converter. */ @Autowired - public AssertionService(CryptographyService cryptographyService, AuthenticatorProvider authenticatorProvider, AssertionProvider assertionProvider, AssertionConverter assertionConverter, AssertionChallengeConverter assertionChallengeConverter) { + public AssertionService(CryptographyService cryptographyService, AuthenticatorProvider authenticatorProvider, AssertionProvider assertionProvider, AssertionConverter assertionConverter) { this.cryptographyService = cryptographyService; this.authenticatorProvider = authenticatorProvider; this.assertionProvider = assertionProvider; this.assertionConverter = assertionConverter; - this.assertionChallengeConverter = assertionChallengeConverter; } /** @@ -81,7 +78,7 @@ public AssertionChallengeResponse requestAssertionChallenge(AssertionChallengeRe } // Convert the response - return assertionChallengeConverter.fromChallenge(assertionChallenge); + return AssertionChallengeConverter.fromChallenge(assertionChallenge); } /** diff --git a/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverterTest.java b/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverterTest.java new file mode 100644 index 000000000..45748a73e --- /dev/null +++ b/powerauth-fido2/src/test/java/com/wultra/powerauth/fido2/rest/model/converter/AssertionChallengeConverterTest.java @@ -0,0 +1,218 @@ +/* + * PowerAuth Server and related software components + * Copyright (C) 2024 Wultra s.r.o. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published + * by the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +package com.wultra.powerauth.fido2.rest.model.converter; + +import com.wultra.powerauth.fido2.rest.model.entity.AllowCredentials; +import com.wultra.powerauth.fido2.rest.model.entity.AssertionChallenge; +import com.wultra.powerauth.fido2.rest.model.entity.AuthenticatorDetail; +import com.wultra.powerauth.fido2.rest.model.request.AssertionChallengeRequest; +import com.wultra.security.powerauth.client.model.request.OperationCreateRequest; +import com.wultra.security.powerauth.client.model.response.OperationDetailResponse; +import org.junit.jupiter.api.Test; + +import java.util.*; + +import static org.junit.jupiter.api.Assertions.*; + +/** + * Test of {@link AssertionChallengeConverter}. + * + * @author Jan Pesek, jan.pesek@wultra.com + */ +class AssertionChallengeConverterTest { + + @Test + void testConvertAssertionRequestToOperationRequest() { + final AssertionChallengeRequest challengeRequest = new AssertionChallengeRequest(); + challengeRequest.setUserId("user"); + challengeRequest.setApplicationIds(List.of("application")); + challengeRequest.setTemplateName("payment"); + challengeRequest.setParameters(Map.of("amount", "10")); + + final AuthenticatorDetail authenticatorDetail = new AuthenticatorDetail(); + authenticatorDetail.setCredentialId("credential-1"); + final List authenticatorDetails = List.of(authenticatorDetail); + + final OperationCreateRequest createRequest = AssertionChallengeConverter + .convertAssertionRequestToOperationRequest(challengeRequest, authenticatorDetails); + assertEquals("user", createRequest.getUserId()); + assertEquals("application", createRequest.getApplications().get(0)); + assertEquals("payment", createRequest.getTemplateName()); + assertEquals("10", createRequest.getParameters().get("amount")); + assertEquals(Set.of("credential-1"), createRequest.getAdditionalData().get("allowCredentials")); + } + + @Test + void testConvertAssertionRequestToOperationRequest_emptyAuthenticatorDetails() { + final AssertionChallengeRequest challengeRequest = new AssertionChallengeRequest(); + challengeRequest.setUserId("user"); + challengeRequest.setApplicationIds(List.of("application")); + challengeRequest.setTemplateName("payment"); + challengeRequest.setParameters(Map.of("amount", "10")); + + final OperationCreateRequest createRequest = AssertionChallengeConverter + .convertAssertionRequestToOperationRequest(challengeRequest, Collections.emptyList()); + assertEquals("user", createRequest.getUserId()); + assertEquals("application", createRequest.getApplications().get(0)); + assertEquals("payment", createRequest.getTemplateName()); + assertEquals("10", createRequest.getParameters().get("amount")); + assertNull(createRequest.getAdditionalData()); + } + + @Test + void testConvertAssertionChallengeFromOperationDetail_emptyAuthenticatorDetails() { + final OperationDetailResponse operationDetailResponse = new OperationDetailResponse(); + operationDetailResponse.setUserId("user"); + operationDetailResponse.setApplications(List.of("app")); + operationDetailResponse.setId("operationID"); + operationDetailResponse.setData("A1*A100CZK"); + operationDetailResponse.setFailureCount(0L); + operationDetailResponse.setMaxFailureCount(5L); + + final AssertionChallenge assertionChallenge = AssertionChallengeConverter + .convertAssertionChallengeFromOperationDetail(operationDetailResponse, Collections.emptyList()); + assertEquals("user", assertionChallenge.getUserId()); + assertEquals("app", assertionChallenge.getApplicationIds().get(0)); + assertEquals("operationID&A1*A100CZK", assertionChallenge.getChallenge()); + assertEquals(0L, assertionChallenge.getFailedAttempts()); + assertEquals(5L, assertionChallenge.getMaxFailedAttempts()); + assertNull(assertionChallenge.getAllowCredentials()); + } + + @Test + void testConvertAssertionChallengeFromOperationDetail_nonWultraAuthenticatorDetail() { + final OperationDetailResponse operationDetailResponse = new OperationDetailResponse(); + operationDetailResponse.setUserId("user"); + operationDetailResponse.setApplications(List.of("app")); + operationDetailResponse.setId("operationID"); + operationDetailResponse.setData("A1*A100CZK"); + operationDetailResponse.setFailureCount(0L); + operationDetailResponse.setMaxFailureCount(5L); + + final AuthenticatorDetail authenticatorDetail = new AuthenticatorDetail(); + authenticatorDetail.setCredentialId(Base64.getEncoder().encodeToString("credential-1".getBytes())); + authenticatorDetail.setExtras(Map.of( + "transports", List.of("hybrid"), + "aaguid", "00000000-0000-0000-0000-000000000000")); + final List authenticatorDetails = List.of(authenticatorDetail); + + final AssertionChallenge assertionChallenge = AssertionChallengeConverter + .convertAssertionChallengeFromOperationDetail(operationDetailResponse, authenticatorDetails); + assertEquals("user", assertionChallenge.getUserId()); + assertEquals("app", assertionChallenge.getApplicationIds().get(0)); + assertEquals("operationID&A1*A100CZK", assertionChallenge.getChallenge()); + assertEquals(0L, assertionChallenge.getFailedAttempts()); + assertEquals(5L, assertionChallenge.getMaxFailedAttempts()); + + assertNotNull(assertionChallenge.getAllowCredentials()); + final AllowCredentials allowCredential = assertionChallenge.getAllowCredentials().get(0); + assertArrayEquals("credential-1".getBytes(), allowCredential.getCredentialId()); + assertEquals("hybrid", allowCredential.getTransports().get(0)); + assertEquals("public-key", allowCredential.getType()); + } + + @Test + void testConvertAssertionChallengeFromOperationDetail_withWultraAuthenticatorDetail() { + final OperationDetailResponse operationDetailResponse = new OperationDetailResponse(); + operationDetailResponse.setUserId("user"); + operationDetailResponse.setApplications(List.of("app")); + operationDetailResponse.setId("operationID"); + operationDetailResponse.setData("A1*A100CZK"); + operationDetailResponse.setFailureCount(0L); + operationDetailResponse.setMaxFailureCount(5L); + + final AuthenticatorDetail authenticatorDetail = new AuthenticatorDetail(); + authenticatorDetail.setCredentialId(Base64.getEncoder().encodeToString("credential-1".getBytes())); + authenticatorDetail.setExtras(Map.of( + "transports", List.of("usb"), + "aaguid", "dca09ba7-4992-4be8-9283-ee98cd6fb529")); + final List authenticatorDetails = List.of(authenticatorDetail); + + final AssertionChallenge assertionChallenge = AssertionChallengeConverter + .convertAssertionChallengeFromOperationDetail(operationDetailResponse, authenticatorDetails); + assertEquals("user", assertionChallenge.getUserId()); + assertEquals("app", assertionChallenge.getApplicationIds().get(0)); + assertEquals("operationID&A1*A100CZK", assertionChallenge.getChallenge()); + assertEquals(0L, assertionChallenge.getFailedAttempts()); + assertEquals(5L, assertionChallenge.getMaxFailedAttempts()); + + assertNotNull(assertionChallenge.getAllowCredentials()); + assertEquals(2, assertionChallenge.getAllowCredentials().size()); + final AllowCredentials allowCredential = assertionChallenge.getAllowCredentials().get(0); + assertArrayEquals("credential-1".getBytes(), allowCredential.getCredentialId()); + assertEquals("usb", allowCredential.getTransports().get(0)); + assertEquals("public-key", allowCredential.getType()); + + final AllowCredentials operationDataCredential = assertionChallenge.getAllowCredentials().get(1); + assertArrayEquals("A1*A100CZK".getBytes(), operationDataCredential.getCredentialId()); + assertTrue(operationDataCredential.getTransports().isEmpty()); + assertEquals("public-key", operationDataCredential.getType()); + } + + @Test + void testConvertAssertionChallengeFromOperationDetail_multipleWultraAuthenticatorDetails() { + final OperationDetailResponse operationDetailResponse = new OperationDetailResponse(); + operationDetailResponse.setUserId("user"); + operationDetailResponse.setApplications(List.of("app")); + operationDetailResponse.setId("operationID"); + operationDetailResponse.setData("A1*A100CZK"); + operationDetailResponse.setFailureCount(0L); + operationDetailResponse.setMaxFailureCount(5L); + + final AuthenticatorDetail authenticatorDetail1 = new AuthenticatorDetail(); + authenticatorDetail1.setCredentialId(Base64.getEncoder().encodeToString("credential-1".getBytes())); + authenticatorDetail1.setExtras(Map.of( + "transports", List.of("usb"), + "aaguid", "dca09ba7-4992-4be8-9283-ee98cd6fb529")); + + final AuthenticatorDetail authenticatorDetail2 = new AuthenticatorDetail(); + authenticatorDetail2.setCredentialId(Base64.getEncoder().encodeToString("credential-2".getBytes())); + authenticatorDetail2.setExtras(Map.of( + "transports", List.of("usb"), + "aaguid", "dca09ba7-4992-4be8-9283-ee98cd6fb529")); + + final List authenticatorDetails = List.of(authenticatorDetail1, authenticatorDetail2); + + final AssertionChallenge assertionChallenge = AssertionChallengeConverter + .convertAssertionChallengeFromOperationDetail(operationDetailResponse, authenticatorDetails); + assertEquals("user", assertionChallenge.getUserId()); + assertEquals("app", assertionChallenge.getApplicationIds().get(0)); + assertEquals("operationID&A1*A100CZK", assertionChallenge.getChallenge()); + assertEquals(0L, assertionChallenge.getFailedAttempts()); + assertEquals(5L, assertionChallenge.getMaxFailedAttempts()); + + assertNotNull(assertionChallenge.getAllowCredentials()); + assertEquals(3, assertionChallenge.getAllowCredentials().size()); + final AllowCredentials allowCredential1 = assertionChallenge.getAllowCredentials().get(0); + assertArrayEquals("credential-1".getBytes(), allowCredential1.getCredentialId()); + assertEquals("usb", allowCredential1.getTransports().get(0)); + assertEquals("public-key", allowCredential1.getType()); + + final AllowCredentials allowCredential2 = assertionChallenge.getAllowCredentials().get(1); + assertArrayEquals("credential-2".getBytes(), allowCredential2.getCredentialId()); + assertEquals("usb", allowCredential2.getTransports().get(0)); + assertEquals("public-key", allowCredential2.getType()); + + final AllowCredentials operationDataCredential = assertionChallenge.getAllowCredentials().get(2); + assertArrayEquals("A1*A100CZK".getBytes(), operationDataCredential.getCredentialId()); + assertTrue(operationDataCredential.getTransports().isEmpty()); + assertEquals("public-key", operationDataCredential.getType()); + } + +} diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java index dc6b2dd90..96143f68d 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/fido2/PowerAuthAssertionProvider.java @@ -71,16 +71,14 @@ public class PowerAuthAssertionProvider implements AssertionProvider { private final ServiceBehaviorCatalogue serviceBehaviorCatalogue; private final RepositoryCatalogue repositoryCatalogue; - private final AssertionChallengeConverter assertionChallengeConverter; private final AuditingServiceBehavior audit; private final PowerAuthAuthenticatorProvider authenticatorProvider; private final Fido2AuthenticatorService fido2AuthenticatorService; @Autowired - public PowerAuthAssertionProvider(ServiceBehaviorCatalogue serviceBehaviorCatalogue, RepositoryCatalogue repositoryCatalogue, AssertionChallengeConverter assertionChallengeConverter, AuditingServiceBehavior audit, PowerAuthAuthenticatorProvider authenticatorProvider, Fido2AuthenticatorService fido2AuthenticatorService) { + public PowerAuthAssertionProvider(ServiceBehaviorCatalogue serviceBehaviorCatalogue, RepositoryCatalogue repositoryCatalogue, AuditingServiceBehavior audit, PowerAuthAuthenticatorProvider authenticatorProvider, Fido2AuthenticatorService fido2AuthenticatorService) { this.serviceBehaviorCatalogue = serviceBehaviorCatalogue; this.repositoryCatalogue = repositoryCatalogue; - this.assertionChallengeConverter = assertionChallengeConverter; this.audit = audit; this.authenticatorProvider = authenticatorProvider; this.fido2AuthenticatorService = fido2AuthenticatorService; @@ -101,9 +99,9 @@ public AssertionChallenge provideChallengeForAssertion(AssertionChallengeRequest } } - final OperationCreateRequest operationCreateRequest = assertionChallengeConverter.convertAssertionRequestToOperationRequest(request, authenticatorDetails); + final OperationCreateRequest operationCreateRequest = AssertionChallengeConverter.convertAssertionRequestToOperationRequest(request, authenticatorDetails); final OperationDetailResponse operationDetailResponse = serviceBehaviorCatalogue.getOperationBehavior().createOperation(operationCreateRequest); - return assertionChallengeConverter.convertAssertionChallengeFromOperationDetail(operationDetailResponse, authenticatorDetails); + return AssertionChallengeConverter.convertAssertionChallengeFromOperationDetail(operationDetailResponse, authenticatorDetails); } @Override From 1872ed1c5e86b57375650e4a57ad07a96009fe3a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Apr 2024 01:45:56 +0000 Subject: [PATCH 140/146] Bump org.springframework.cloud:spring-cloud-starter-vault-config Bumps [org.springframework.cloud:spring-cloud-starter-vault-config](https://github.com/spring-cloud/spring-cloud-vault) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/spring-cloud/spring-cloud-vault/releases) - [Commits](https://github.com/spring-cloud/spring-cloud-vault/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: org.springframework.cloud:spring-cloud-starter-vault-config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ee7cae03d..30e16a123 100644 --- a/pom.xml +++ b/pom.xml @@ -82,7 +82,7 @@ - 4.1.0 + 4.1.1 1.7.0 From 51103119a17af38156743be5618de82662373435 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Apr 2024 10:39:47 +0000 Subject: [PATCH 141/146] Bump com.webauthn4j:webauthn4j-test Bumps [com.webauthn4j:webauthn4j-test](https://github.com/webauthn4j/webauthn4j) from 0.22.2.RELEASE to 0.23.0.RELEASE. - [Release notes](https://github.com/webauthn4j/webauthn4j/releases) - [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml) - [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.22.2.RELEASE...0.23.0.RELEASE) --- updated-dependencies: - dependency-name: com.webauthn4j:webauthn4j-test dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 30e16a123..8e56c2cbe 100644 --- a/pom.xml +++ b/pom.xml @@ -106,7 +106,7 @@ 3.5.3 - 0.22.2.RELEASE + 0.23.0.RELEASE From 9065523b525c64ffafe673d2df956bfe4c2cef37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Apr 2024 10:40:18 +0000 Subject: [PATCH 142/146] Bump org.springdoc:springdoc-openapi-starter-webmvc-ui Bumps [org.springdoc:springdoc-openapi-starter-webmvc-ui](https://github.com/springdoc/springdoc-openapi) from 2.3.0 to 2.5.0. - [Release notes](https://github.com/springdoc/springdoc-openapi/releases) - [Changelog](https://github.com/springdoc/springdoc-openapi/blob/main/CHANGELOG.md) - [Commits](https://github.com/springdoc/springdoc-openapi/compare/v2.3.0...v2.5.0) --- updated-dependencies: - dependency-name: org.springdoc:springdoc-openapi-starter-webmvc-ui dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 30e16a123..42303e768 100644 --- a/pom.xml +++ b/pom.xml @@ -93,7 +93,7 @@ 3.0.12 - 2.3.0 + 2.5.0 2.2.21 From 6d39cbae43730dad1e14bd8e2f4298bea0ae590e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Pe=C5=A1ek?= Date: Fri, 5 Apr 2024 07:55:43 +0200 Subject: [PATCH 143/146] Fix #1412: Add missing configuration properties (#1448) --- docs/Configuration-Properties.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/Configuration-Properties.md b/docs/Configuration-Properties.md index 5211072db..dc14919de 100644 --- a/docs/Configuration-Properties.md +++ b/docs/Configuration-Properties.md @@ -76,3 +76,13 @@ The PowerAuth Server uses the following public configuration properties: The WAR file includes the `micrometer-registry-prometheus` dependency. Discuss its configuration with the [Spring Boot documentation](https://docs.spring.io/spring-boot/docs/3.1.x/reference/html/actuator.html#actuator.metrics). + +## Scheduled Jobs Configuration + +| Property | Default | Note | +|-----------------------------------------------------------------------------|-----------|----------------------------------------------------------------------------------------------------| +| `powerauth.service.scheduled.job.operationCleanup` | `5000` | Time delay in milliseconds between two consecutive tasks that expire long pending operations. | +| `powerauth.service.scheduled.job.activationsCleanup` | `5000` | Time delay in milliseconds between two consecutive tasks that expire abandoned activations. | +| `powerauth.service.scheduled.job.activationsCleanup.lookBackInMilliseconds` | `3600000` | Number of milliseconds to look back in the past when looking for abandoned activations. | +| `powerauth.service.scheduled.job.uniqueValueCleanup` | `60000` | Time delay in milliseconds between two consecutive tasks that delete expired unique values. | +| `powerauth.service.scheduled.job.fido2AuthenticatorCacheEviction` | `3600000` | Duration in milliseconds for which the internal cache holds details of FIDO2 Authenticator models. | From 5f76068614b48adedc2e88dd869ee7c33decb9fe Mon Sep 17 00:00:00 2001 From: Jan Dusil <134381434+jandusil@users.noreply.github.com> Date: Sat, 6 Apr 2024 01:05:19 +0200 Subject: [PATCH 144/146] =?UTF-8?q?Fix=20#1397:=20Return=20structured=20de?= =?UTF-8?q?vice=20info=20in=20the=20operation=20detail=20resp=E2=80=A6=20(?= =?UTF-8?q?#1398)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fix #1397: Return structured device info in the operation detail response * - fix naming in test * - extend additional data for operation callback * - log structured user agent when approve/reject/fail ops fail * - fix logic inconsistency - remove static import * - remove non-valid tests --------- Co-authored-by: Petr Dvořák Co-authored-by: Luboš Račanský --- .../behavior/tasks/CallbackUrlBehavior.java | 2 +- .../tasks/OperationServiceBehavior.java | 45 +++++++++------- .../tasks/OperationServiceBehaviorTest.java | 51 +++++++++++++++++-- 3 files changed, 76 insertions(+), 22 deletions(-) diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java index d423c92d3..f713c0b78 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/CallbackUrlBehavior.java @@ -369,7 +369,7 @@ private Map prepareCallbackDataOperation(CallbackUrlEntity callb callbackData.put("parameters", operation.getParameters()); } if (callbackUrlEntity.getAttributes().contains("additionalData")) { - callbackData.put("additionalData", operation.getAdditionalData()); + callbackData.put("additionalData", OperationServiceBehavior.extendAdditionalDataWithDevice(operation.getAdditionalData())); } if (callbackUrlEntity.getCallbackUrl().contains("activationFlag")) { callbackData.put("activationFlag", operation.getActivationFlag()); diff --git a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java index 19083ef6f..2aab2103e 100644 --- a/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java +++ b/powerauth-java-server/src/main/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehavior.java @@ -312,7 +312,7 @@ && proximityCheckPassed(proximityCheckResult) .param("userId", userId) .param("appId", applicationId) .param("status", savedEntity.getStatus().name()) - .param("additionalData", extendAuditedAdditionalData(savedEntity.getAdditionalData())) + .param("additionalData", extendAdditionalDataWithDevice(operationEntity.getAdditionalData())) .param("failureCount", savedEntity.getFailureCount()) .param("proximityCheckResult", proximityCheckResult) .param("currentTimestamp", currentTimestamp) @@ -347,7 +347,7 @@ && proximityCheckPassed(proximityCheckResult) .param("userId", userId) .param("appId", applicationId) .param("status", operationEntity.getStatus().name()) - .param("additionalData", operationEntity.getAdditionalData()) + .param("additionalData", extendAdditionalDataWithDevice(operationEntity.getAdditionalData())) .param("failureCount", operationEntity.getFailureCount()) .param("proximityCheckResult", proximityCheckResult) .param("currentTimestamp", currentTimestamp) @@ -381,7 +381,7 @@ && proximityCheckPassed(proximityCheckResult) .param("userId", userId) .param("appId", applicationId) .param("status", operationEntity.getStatus().name()) - .param("additionalData", operationEntity.getAdditionalData()) + .param("additionalData", extendAdditionalDataWithDevice(operationEntity.getAdditionalData())) .param("failureCount", operationEntity.getFailureCount()) .param("maxFailureCount", operationEntity.getMaxFailureCount()) .param("proximityCheckResult", proximityCheckResult) @@ -453,7 +453,7 @@ public OperationUserActionResponse rejectOperation(OperationRejectRequest reques .param("userId", userId) .param("appId", applicationId) .param("status", operationEntity.getStatus().name()) - .param("additionalData", extendAuditedAdditionalData(operationEntity.getAdditionalData())) + .param("additionalData", extendAdditionalDataWithDevice(operationEntity.getAdditionalData())) .param("failureCount", operationEntity.getFailureCount()) .build(); audit.log(AuditLevel.INFO, "Operation failed with ID: {}", auditDetail, operationId); @@ -472,7 +472,7 @@ public OperationUserActionResponse rejectOperation(OperationRejectRequest reques .param("appId", applicationId) .param("failureCount", operationEntity.getFailureCount()) .param("status", operationEntity.getStatus().name()) - .param("additionalData", operationEntity.getAdditionalData()) + .param("additionalData", extendAdditionalDataWithDevice(operationEntity.getAdditionalData())) .build(); audit.log(AuditLevel.INFO, "Operation failed with ID: {}", auditDetail, operationId); @@ -524,7 +524,7 @@ public OperationUserActionResponse failApprovalOperation(OperationFailApprovalRe .param("id", operationId) .param("failureCount", operationEntity.getFailureCount()) .param("status", operationEntity.getStatus().name()) - .param("additionalData", extendAuditedAdditionalData(operationEntity.getAdditionalData())) + .param("additionalData", extendAdditionalDataWithDevice(operationEntity.getAdditionalData())) .build(); audit.log(AuditLevel.INFO, "Operation approval failed via explicit server call with ID: {}", auditDetail, operationId); @@ -549,7 +549,7 @@ public OperationUserActionResponse failApprovalOperation(OperationFailApprovalRe .param("id", operationId) .param("failureCount", operationEntity.getFailureCount()) .param("status", operationEntity.getStatus().name()) - .param("additionalData", operationEntity.getAdditionalData()) + .param("additionalData", extendAdditionalDataWithDevice(operationEntity.getAdditionalData())) .build(); audit.log(AuditLevel.INFO, "Operation approval permanently failed via explicit server call with ID: {}", auditDetail, operationId); @@ -587,6 +587,8 @@ public OperationDetailResponse cancelOperation(OperationCancelRequest request) t final OperationEntity savedEntity = operationRepository.save(operationEntity); behavior.getCallbackUrlBehavior().notifyCallbackListenersOnOperationChange(savedEntity); + final OperationDetailResponse operationDetailResponse = convertFromEntity(savedEntity); + extendAndSetOperationDetailData(operationDetailResponse); logger.info("Operation canceled via explicit server call for operation ID: {}.", operationId); @@ -595,11 +597,11 @@ public OperationDetailResponse cancelOperation(OperationCancelRequest request) t .param("id", operationId) .param("failureCount", operationEntity.getFailureCount()) .param("status", operationEntity.getStatus().name()) - .param("additionalData", extendAuditedAdditionalData(operationEntity.getAdditionalData())) + .param("additionalData", operationDetailResponse.getAdditionalData()) .build(); audit.log(AuditLevel.INFO, "Operation canceled via explicit server call for operation ID: {}", auditDetail, operationId); - return convertFromEntity(savedEntity); + return operationDetailResponse; } public OperationDetailResponse getOperation(OperationDetailRequest request) throws GenericServiceException { @@ -621,6 +623,7 @@ public OperationDetailResponse getOperation(OperationDetailRequest request) thro currentTimestamp ); final OperationDetailResponse operationDetailResponse = convertFromEntity(operationEntity); + extendAndSetOperationDetailData(operationDetailResponse); generateAndSetOtpToOperationDetail(operationEntity, operationDetailResponse); return operationDetailResponse; } @@ -902,20 +905,28 @@ private ProximityCheckResult fetchProximityCheckResult(final OperationEntity ope } } - private static Map extendAuditedAdditionalData(Map additionalData) { - final Map additionalDataAudited = new HashMap<>(additionalData); - parseDeviceFromUserAgent(additionalDataAudited).ifPresent(device -> - additionalDataAudited.put(ATTR_DEVICE, device)); - return additionalDataAudited; + public static void extendAndSetOperationDetailData(OperationDetailResponse operationDetailResponse) { + final Map additionalDataExtended = extendAdditionalDataWithDevice(operationDetailResponse.getAdditionalData()); + operationDetailResponse.setAdditionalData(additionalDataExtended); } - private static Optional parseDeviceFromUserAgent(Map additionalData) { + public static Map extendAdditionalDataWithDevice(Map additionalData) { + if (additionalData != null) { + final Map additionalDataExtended = new HashMap<>(additionalData); + parseDeviceFromUserAgent(additionalDataExtended).ifPresent(device -> + additionalDataExtended.put(ATTR_DEVICE, device)); + return additionalDataExtended; + } + return Collections.emptyMap(); + } + + private static Optional parseDeviceFromUserAgent(Map additionalData) { final Object userAgentObject = additionalData.get(ATTR_USER_AGENT); if (userAgentObject != null) { return UserAgent.parse(userAgentObject.toString()); - } else { - return Optional.empty(); } + + return Optional.empty(); } private List fetchActivationFlags(String activationId) { diff --git a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehaviorTest.java b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehaviorTest.java index b3dc9a2a7..ccc5145c2 100644 --- a/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehaviorTest.java +++ b/powerauth-java-server/src/test/java/io/getlime/security/powerauth/app/server/service/behavior/tasks/OperationServiceBehaviorTest.java @@ -17,12 +17,10 @@ */ package io.getlime.security.powerauth.app.server.service.behavior.tasks; +import com.wultra.core.http.common.headers.UserAgent; import com.wultra.security.powerauth.client.model.enumeration.SignatureType; import com.wultra.security.powerauth.client.model.enumeration.UserActionResult; -import com.wultra.security.powerauth.client.model.request.OperationApproveRequest; -import com.wultra.security.powerauth.client.model.request.OperationCreateRequest; -import com.wultra.security.powerauth.client.model.request.OperationDetailRequest; -import com.wultra.security.powerauth.client.model.request.OperationTemplateCreateRequest; +import com.wultra.security.powerauth.client.model.request.*; import com.wultra.security.powerauth.client.model.response.OperationDetailResponse; import com.wultra.security.powerauth.client.model.response.OperationListResponse; import com.wultra.security.powerauth.client.model.response.OperationUserActionResponse; @@ -510,6 +508,51 @@ void testOperationApproveWithInvalidProximityOtp() throws Exception { assertEquals("APPROVAL_FAILED", result.getResult().toString()); } + /** + * Tests the parsing and addition of device information to the operation cancellation details. + * This test follows simulates an operation cancellation request with a specific user agent string. + * It checks that the device information extracted from the user agent is correctly appended + * to the operation's additional data. Predefined expected device information is used for comparison + * against the actual device information found in the operation's additional data after the cancellation process. + * + * @throws Exception if any error occurs during the test execution. + */ + @Test + void testParsingDeviceOperationCancelDetail() throws Exception { + final String parseableUserAgent = "PowerAuthNetworking/1.1.7 (en; cellular) com.wultra.app.MobileToken.wtest/2.0.0 (Apple; iOS/16.6.1; iphone12,3)"; + final UserAgent.Device expectedDevice = new UserAgent.Device(); + expectedDevice.setVersion("2.0.0"); + expectedDevice.setNetworkVersion("1.1.7"); + expectedDevice.setLanguage("en"); + expectedDevice.setConnection("cellular"); + expectedDevice.setProduct("com.wultra.app.MobileToken.wtest"); + expectedDevice.setPlatform("Apple"); + expectedDevice.setOs("iOS"); + expectedDevice.setOsVersion("16.6.1"); + expectedDevice.setModel("iphone12,3"); + + final OperationCreateRequest request = new OperationCreateRequest(); + request.setTemplateName("test-template"); + request.setUserId("test-user"); + request.setApplications(Collections.singletonList(APP_ID)); + final OperationDetailResponse operation = createOperation(false); + + final OperationCancelRequest cancelRequest = new OperationCancelRequest(); + cancelRequest.setOperationId(operation.getId()); + cancelRequest.getAdditionalData().put("userAgent", parseableUserAgent); + final OperationDetailResponse operationCancelDetailResponse = operationService.cancelOperation(cancelRequest); + + assertNotNull(operationCancelDetailResponse.getAdditionalData().get("device")); + assertEquals(expectedDevice, operationCancelDetailResponse.getAdditionalData().get("device")); + + final OperationDetailRequest detailRequest = new OperationDetailRequest(); + detailRequest.setOperationId(operation.getId()); + final OperationDetailResponse detailResponse = operationService.getOperation(detailRequest); + + assertNotNull(detailResponse.getAdditionalData().get("device")); + assertEquals(expectedDevice, detailResponse.getAdditionalData().get("device")); + } + private void createApplication() throws GenericServiceException { boolean appExists = applicationService.getApplicationList().getApplications().stream() .anyMatch(app -> app.getApplicationId().equals(APP_ID)); From 754a87d58579995562cba7500c7c1d1de0c2b931 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 01:59:20 +0000 Subject: [PATCH 145/146] Bump net.javacrumbs.shedlock:shedlock-bom from 5.12.0 to 5.13.0 Bumps [net.javacrumbs.shedlock:shedlock-bom](https://github.com/lukas-krecan/ShedLock) from 5.12.0 to 5.13.0. - [Commits](https://github.com/lukas-krecan/ShedLock/compare/shedlock-parent-5.12.0...shedlock-parent-5.13.0) --- updated-dependencies: - dependency-name: net.javacrumbs.shedlock:shedlock-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e284024d1..0c4398cb2 100644 --- a/pom.xml +++ b/pom.xml @@ -97,7 +97,7 @@ 2.2.21 - 5.12.0 + 5.13.0 1.11.0 From 4b7a3f7b395ab938b04737dfd291ac0add8efa89 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 01:59:36 +0000 Subject: [PATCH 146/146] Bump nl.jqno.equalsverifier:equalsverifier from 3.16 to 3.16.1 Bumps [nl.jqno.equalsverifier:equalsverifier](https://github.com/jqno/equalsverifier) from 3.16 to 3.16.1. - [Release notes](https://github.com/jqno/equalsverifier/releases) - [Changelog](https://github.com/jqno/equalsverifier/blob/main/CHANGELOG.md) - [Commits](https://github.com/jqno/equalsverifier/compare/equalsverifier-3.16...equalsverifier-3.16.1) --- updated-dependencies: - dependency-name: nl.jqno.equalsverifier:equalsverifier dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index e284024d1..2984b18fd 100644 --- a/pom.xml +++ b/pom.xml @@ -102,7 +102,7 @@ 1.11.0 7.4 - 3.16 + 3.16.1 3.5.3

jh^62Mz!JTS|tQSL9o zOpfxIbf_Hga?EZO1@wD4VSsXh(BsBKpe&6&2({j2tM}a%=bHXtnbDFAg`aWTc}?+Y zHDrRv6^u3iJfFF+NXl;F!)nyY9Idklt5?d^2(Q^X2+XA86dA)X2`*+vB=ETi-_LGk zkxa2K6gFiUSRC>U{sgFrmt4iA)V*vh0`AfJe&0f{W(;Eaw&a}QY)v2(poaW+SRj>u zjL@`PRI$d6+wG7U9%~{A>mL5>eVs)!$zIhNf4^4f*55VTIX#)3Z%lIpSVCtC2uFi| zKlIOWJi1_QK1owows^4fEUr=hc)=h#pjb#J@EP(UG%_CJUmoQ>m793CEbk+0G$=Ua z(;eV6*}NlQoz5HFyPd@5lt$q*R9k`@O0YA;Eo(iYh9BUSkODj;nQy8APH+BIAl^f! zx{0}BW22gH(yS=2{v~p_qXEC=cM$+WL}Tl`2|cav!*@TRdIq;~$vhE^!*&pO?zI>3 zyhJgarpguA-Q_E;G~2OsMB0=VS$wW}B7ROC?emF8C#LKdNm7Gt6T2XP^g5z({XsWE8_CZi99S3qT}tGgY@^4iEnzZe z3)5kn0bWH{R7UI1Yg%4djbUG-aoO{?*O%nI@PTJTaU=vICrt2^>k;EVHY`}W>-Xc8 zlxcm)YbY-~9B{82IIUmp1@9!V4lthdXLSiGm zVQxh!q&7Q6mu3?>17V~!^F&G*5WiezZx=@7j3i@iDXjcNO8i(|UA^Lh zD74<@AooG8x`mqhQe7Z%R)Fee5 zLcz_Ig2kWGo==RuNfvu$9M#TJ6Yd4>UMu}HOs2qB(WO+w*DO`Ls4Drpb^4#`$Fvyb zNID~Nf{iM9{+}wSS2;PcAkYUz?h$IW)g6ijA=*!)?`vUNP<2Vg%kK48$JFl-!E<6< zVQ%R6>BVm_dZEPA*=osU$kICs1BxRR!a<2C&H7~@mcFG$pUmT3GzOWA+ea2kmSgQw z-G?skrz#oFqJ;>!Q7I+&g@*y}%sP80pA!qRr{Dbo7yUe%a*B=xV%nT&Rh`7jqgV{PN2mbsKuED%yK&L&*b5XFzB z`h8WVI){u8tbSykG|!lRfV$|of~hEy-{R4r9@-r$q0j5KYvrJ*l)F8Ws&{O9j?XMR zW(7Jy370s#xEln-kU!ER;Wj0FO^__pPC%Lh6xEZPPT}N-i{v9gy!(E}Q8_(~U!LDb zTOt8Vx>@R7W9Ik-gN)py4{iTzA#1XVf!R_`RkKLx&pu`l^v#bZQ?T;ICS6aYj zF`^o>yo-hhg5yUSxkwVWJ&o0e`Z%XCJ_ZabzoEt4KT(%c*8;5qNGa;f5#9WVj+*Xz%VW;~*Xo6jSB5yyRn-m(}wD0?&-?Y_BFtd2;K(h3BS zP}aS<<()re@7?z`cQk4FjXe@gHI=7`mWw3t=xleLM{>If%1O9%`@@Oi;4U#Dj>J_H zN8Cb*<(1IVrH`Ed%;Z5cVZniUcc{yO#h(SoHwbxON7$tTa3bV63A+D?^9m#Vd1Rj? zLW;H+^aXx>1%yx51vMLo$41=jND*J{37GJ1#hw*+wRe0-<l_kYDZ!NFqjwJfMkgh! z$dp4reH3xJ!Q|kNL_}APq}<|H3K%w1oHAGA+m!I{L$yDX{`_GZ=3%7n$0RVPYbaOm#G>JKLk%#FX4pNZ z&aap`%)k07oJ;^m=p5I8Xy*NNQ%b%4HH1ZpW=fPq1KzXJ`laen7hD$a^crTZ&Xfm9 zLo`E|rO$paU~YdyJ5vcsRtQX+JjWS&LG3Z_*nVYoS`t>9fIPrLX1iNzm0=3} zx7NU4%6^UNxu&fTwB|O-ix|@CDS7{GNIktAdeZ*tCWM=^Lo~XeMU!W%!e5v~Hp8`W z=IvLG@oHVu4z?JhMb@nBuj7%RIMm0(%0@HuXvxt5HhFFc?WcrG_A}!w0g4?~$Tj%I^8HOHau7_PX3>68k8JP_gC%MJP7;;o{BwodN z!-|ET_}e|r{6qU656#Gjy&PF{80@czhrr(PYk(0#hACbSKkL6YrmN6%NMdw_G2@W!;NKMiNn-&BHPH!lj=%1s~C4eCG$L=;L0;c z;bEg;-EWe^5R?(uRWP>F@5}L^Nl^8c#nq5e+iA9|oiX`3=_PATL5*WCa;@S1>}>1i+#pLHfnU_u3etu%=iCh*N(=MJmhal} zZ{?=A2+tvjs5exSBDu!M@!&L@10s;ST3DhZ@WKOz0p>3E-;DPrayd%CXOql#gVc81 zv!xpQa08^YTdOTDa5{t`ujV!G%Czd&S69m$7KVY?rZcLh1cqcPlNWNoCO1H{B1d>re8)o*m?TqENUp527 zZEyo9e}8v|Be2}>CMNbAn7Kw=&JoHjG8RZa@h6nxcB8Pr6#qBUu@Q$6i|OVyr$$3Z za9@`SiVv+0eNV9;soP95#%4t9K97Qy5O2c&L=dtbE(I#_(nlU_t+LCOlkuOf+AUqP zSy7HV|4**#|Kkc2MTzR`)$Uz1NFSP>7wvZ7b^tfKy|UbVy}YCYdVGI;w5ARyO2SSL zC8y`Mk}nP5Y!AbjKbI~4HOLfUb|W!!+iASV(VCZkBPR8uLG;`>r`Tg1AAdTTq3WI9 z3J`5{bh3gBuBZbS9unqcm^cZ?@O`0jQmFCY=lX1l02o9D1nB7K1R%ujFIpk{Jv2dj z14g1W9vW(W@L`if(0du}`b`twfhiiAn47Haj__BErsvaaG?3zs|9=nk9tn0{T`A*J z4U{ybl_d>Q7$JizKi%I;ildVQ{y+eXVGDEL2 zZB4IT*Lz>*7u}P>qKDWUu~B|H+AEMMP`wA`z8F4yR=nx>65E}D&4|*G1jVfkE>;Qr z7fMlz{r$zFt!OxjL9YyYXo8wLG@I-Vj@LWdZjToxm+P%Hs##p65I?epGC7lU*!?@r zRo$@}E5$oGiT8f28D3}b!`Z}rpWJE~8q+8jgd6Z}EcZsCOPyZWp$jY8{|o}imI0M+ zQ~vwY&~<_ZuHCFyx8WNPl*V*CSC(3H%Y9D6f6)zZcQ{>y-xOSV5E&V{-q}D#@ZY6C z9tjq2U5#7*}|7ZYb5Dcmq^16}VBc1L2YJ<%}pk1|~`-v4)0AAbybz9Gu zYB1hCmuOE1#bv9$HTpN|;P`M*S^pX>-(Fs$hBMgFrtSm40o4|+lB| zQQ{E2N{%`F(|w)$=`z#$^xV!69DfomIDf?dq1q&`7J9MM-Tebt{fc5i;_iuThMIuh zKdk>{G;VaVa7>qpNx}RURj=?qle(|?*Dl{6+e0=ZFWWKjk#7*9uNDCOHVbWLU88C- z_(VTLf2{gBo#Tx#6=F_)=_U2{>#xs2+bxRmkd1|@;SNC@#M_|-pJUJC8{-l2qazD{ zr}|7vmD!eR!>`}ydmvmOjluB<-xBUdy41~YhVzRvAtqdsP`PX7R0Z+Ym?4!R6O zzRi^(slQKjPoFOMRQ3@kC7xI$hsM`rK|H@-BwQ5_pr$6iZaqTsj%4&9rqEdLqdKqB zV`-v^i8Apr{;22&8PesY5;6EPjV?dckpUp?fZd<)_ z79sDu`lb!P6`nO$jZ8rgd$BfNs{x?Pzrih(cgGF~*0bFQ+RQ7icx9fR9@#ilA0--X z4SWLwoO@m#^8+OD-u=eSV2lImwU`zOJ)b1qEf&0SxZCKodpg0&gU7*+?Y(9pI~#PZ z?vHK@OP@OS3MS#P2%#7+CTH%2_?QGas!*!b52Upp=1Q;=KiDc%@PWg`CcX&lEK`ZR z07lMB)=cBK%!I)kJ2BW);8Qfzu zP=RPRyS|@_0-d=O%O>Juqy$NcH!U7~X=QU361*dmolbj+d*$h4IMJyxhJMt(2E>W< zLW6<_#oIY6iH*w6|F2ET4#pXX>qS%f2u%)#v&lq-Joo!^DO3 z@)I>1%2ZubLA?}grs>g;E(J{3i@hA|g^A-#F5l6YhyXJaz)vaXgv(8T5C zKee78Xs`_5nY8@9ZT?sJ6d>{r7N3|gTRZsYSOgjlo+6`>_AHWA9R6)2-nJ7)2zn$@ z$|Ive^^U`QZ4sGcKla_}g3-$NPG1Rc9vra1)g8vk&4Hio7x=$`BXp{oj7CvE zi5VlVpePlymMbt=>*l99Y7`wyxh!tgRA>=nVX`o{W6Wt{-IuQg_$=aob-qu|!97=5 zW?N`9xNRJ>b=flZSdrXn)6ya7JvCUZx5Lm}S^sISIrV?o;@MeoI9+-DTLH4SSCx0F z_yp%xu-5*3pQyl!vfjn0r47W<_L)x%8~6uE0d@S=A@8pIUwFJ&sGk2jx^A(3V>GPH z3im=brMhjx>4FQ^^YfR5mAe%O2Q5RVh!~RRq=s)vOghd9-1Dp~p0C0$V9300lMo!N zzD6NHk_17=fC!gb21%#&3sWXDs3F39PNA}8a4?pf40+RwQ$W&C8qxkwi5le`rDTFo z!drYz9o^()wvZsW9DG-2If2f}#JS1*cM!r`=5CkCVV9AxF>IM*eQi$3CtJ(x6n{>o z2@lKc85mvRup?h7!CHLioik!=2cshe!eOs4>2UBA|Dn4idj1_kFn(Q>OT2 zEV`~MZXv!6Ra)#Q30}y?)-t)#i~hDOYk&8fjc@kLUzGZ?&XI}F9SMiS1?BIa!m%Ks z@wDFEY1bT>{Yj~S zMnhzTZUai$(KV|`*R@u>KVD#)&9&L(EZ4WUo+DXK{IH>O_p4YtGiS|iYI-;2M`O49 zX}#*PW`oYEQAS3S^AB_={sNBb^-5v#-Q?TJvYRBi7K)7mJB{sXrGd6hm=o1%nm@F* zPg>bvx58sgg!!_8DE8fHtRog{5cL?BaDh-S3F|tdog>AVe0E+a)n!a%{&*~bkZ&@~ z681WEWB8aO=N}=o=zvr=%4XzB(>kXNCFS?{?mi*p7Xb}I6E*!3?Gh?!Nt5>G!^p@~ z{a{*1zW~Ez$VRPRM{}jEnS?;^L|@k*H-o&ibR`50LAI@rdnTkR>Fhnadpp5Uan1~*SP2>` zhg7xhh)3r#?hxSybMse~T>C1YhdkfcDH-=6CElgjwi8oazt<)D-^!K-o_QF_S7>mA zbU2YUYBVy-P}6=?HnsCZg7cs4GOF{0Z1LlyC(UG}dzT}od>xzN}x%i&)L(d-n>$CaC~(V&fk ztv)+?a~t_?F3+8C><^aLn7m0Rq$owR$fJ_^>#qCRJnG~vYfY=utyWD?=p18(@c6fQX?0Kl`j7DK^-6h>& zaUx7ACpsXx3P{_5=MWS-PW^kg!UoXl;~re(4sUpez*WeJz~u{t&^Rpftk{~x)N2+_ z0KRaHO)b~B9nbfWq;UrAH!nwdu=}n{{S6#?hDmrWEIw89ivlH|I#kq5+pI(mi0FO2 zW?`}1kE(Y`o*#)y{g&0(&{%<_7gJx_=<@@e)-|Vbs`z$JMJbb~j%$*SuKk$=9wj;@ z_kBwF7Zv`a680wc@}IfIXbTFJodTklvovuCeU{a1ima?Fo=mfChbnJhNGaV9hc>#PFbjXKl`nG^3YTkW+3j!q+nn5B4-;R!9GlL@EXL&;`|#RXyH6CCiQ=A!Q#L4b<-cb1e8 zZ9K$C4Nx#(o2D=xsq0cxFB2H~kwGB}i`k|xMPY;&5kUhV;A6@^8}!aVNvF-ELcw>N zyR)F!_{wK&vP*$H;130kAtc2(-WK`C6r{G9Zt!y8zI87_7aznyt{u*)2}#=o_Hr)( z`rW9;P^NK_*wheAz=M2^;>6iBWRTguWg3{!x%$mVF--_Z^a5PS0Gcm{yrk_n(cxh6 zZ^3v7At8U_S}7c{h!~2nH7jl7ZclkPUhoYf1LoEFXy5bduS%jKHRgLOM^d%J+5a69 zv2EQJm*q|7q?yNkUUi_1z0Ib{Z?10rS#G?_WoX5)G3S;`dJTySSS@Pr%=I1ALXPH2 zrbY<20&g(0EM7zsR(x`5;{qG?BF}Nve{n*7iA61UG=+aHsAQ&A8!`A;OI8Hnbk?YZt{=Ay4d&)vogsyV?`zuIRW z_xQWD=^Ue(d-PdOKp`eb_fMa({HKk<>aWQWA$gGf|2Yzjp#39+rfTY9l(>SbAqSU% zOl8uP-GS)3LR_EFrqdvRo7K^gN;4Ys3(w4GdXEk7^LYE0W+(SayQZb@aUzZ5=A!(d zZONd-MX%!QlYbzBJc%=1WS_vlyr^J;Z#9q>((6WC#1w5TJ4V64O|Gv z6N2ZYPxsH~U06FD$3X@jYuxd@fO^k6@sASQiJ1AGq4OH?C;b*$RA8o&AatlKI#qmK zCZe!EDz%%~FA?3+Xr3@Kz^i86n2b~XxLDm18;X2fFZ3dS2O>Xz1`hqnLoa2dX?QV1HjX z?}Jm0*&f;@hcaRDGm%Te<)qKH@I)3Jbjr&q@W(gpyuYRwxuV9r4&?`ToSUsRMRXOP zMU8Pxt4bT4Mi0JhH7F%Z2+s!jAdViBz+x|l_fxDe34_84#hjM0@Mk@qm??+GnaIGe(MIu2 zPrQg%#`+wc;W8qLNRLH(*h9LCWjzGbc%%$|!L6m3xZIUsHq>p#vr;bdlIZv4ra^O! zSJW5~l8_#Do#GjCaj1~uRMAc)U;C{E5rNXW=jAMnqOnTK88e}F_i(`oEAo4;YjomX z>4IUMN})ON2dO>-EFru>Sa}va$v59isb}^3oV;4nu9IaO3Axn`?VIX&yAL6v3OYd& zlSYmM?|D@J$`VodJQgX<-J4yNkd)HGI zQbqMjC)<`2%PWELL`lK8yB%XKkHk@o<*EW4ScJZ_e@SB6{87=)dO(55?ZzCCz1IP5C;ftkQ8Kugn{OC|Ne z@Lh}^cA=;(N**lh&S)8H5Y_(dP9Ri zOqY6zPh~KAp;Xxp+wK5nVxIL=ajvhsr?P~jJ)QGGKi5QcI`wOnrXV-K4Y^hI_b$6=dP`20yeY2qq<>hx@({dp3-2laB z3g__ggeIbf-f+OQM|x+QT;sZAFna(?e$&bFoB-oFUE*4t|PxA-!$T@Lvo`|^MxoqP=25eh7m7<{{G^aeHTOJ1XSyuK5w`?4w6OrX|{NN#W zO7mF`7t~~0I`^%@!<=_fcd=+?-r#6OdWqgFGJBU}ZNfdF2GQh;SIR{KL-mW$-bA{M zl5S&d%TZUEMYH3~7cCu^TM;kp`Eo-2;GfPu9VtjsFO!R=(fMZK0UHPL+gY1)G6-O8 zI5YGhf<2Ojv^XbH=NOK0uRy5f&$ZudOqw$tB)18?ge=mrZF6;%!0)o(MQ|y%BJWXN zN4FrfjFJwNkwXc=GOGNc=HJI=duhD3&U)Sps~%oEJpz$m2B`%!+GzIMBuRgqpHd`S^*oLhcI z9Bz~prNQ=j#9c(t#^fqzdC35O+;+eJIR=%6Nqq0eZSElIBG<12uBQ^wo^1b4WAsuH z5Yjh*=A25N$a|4!HUl%0=$}i^0Z6^`;>LbO`n7&w9w5x>) zeX6WXgrl)vTG7^nsP0R6-=Y?-)8nM2)7&;_(^BBQjwM7@wom_3u=>h;m7{ajDmH(` zHtIzt1&`oN8_smBs+;LPbI<5~bl}G!hcG45KzCKf)^02)2XcLC*$*w}NhCPEtEKl> zNO>@_Ca3u2NYe$UFh#akJL>0ki z&qK1^JwJEuJe6_HgF5YgI=?9?S$lF=!{qn09}CuI(hhcY`gYzd)z9wUvIn@ifal3K zD4W^D$2Fn0EbNR!0Ktn{v@AiNRtcb$bRCX`L9RW0L=5w7tUX0$ze{xroYNYpHN4T;qdGEa@xaNC> zQl85yIey9Y3AJu!Y+poYvr27=f1oo=c=wpjnPFAH@43d(6#SBg#h3*V%JKozBssgO zFtEWbwA?%A?yk3%nd9%kjr>v`qhj7l=k4Dm-PlU+uM>TwtWq5^|EaVS!7;Q^_|n@P zRq^dB{+`57Lq!-E1b(|ZuBjF>I2WHTU>O>#9WEDE#n9D>OrHqJahNp}N=ANBf|+x}DYIB7$!C z=BS;65b77tA=VKw+0_JUUEUwCn@+ka8mIXwb)dE6|yJ@$G}+A##RIhvY+X z&W48^rl;O|V}T^!!pt=>9LPUmbVpF`xU5f#UILkhp;k}^J&KM*qFPj!WyZlUb6R?G zuaDN_y!QF5N8^&DWB=A>cpP|nFTD9Z-nBhv7!1on$p)G8+QybyL?13}SO02M!C{zK zvrkE+HJ?IS+ZFwuDtDi0%KsXJC1LCmW?ekTNlShsK+U?zuBlWas@FOUC~m!>g%u=`{ZJsJxgRu}9-bgnn}E~nFnkPRRP5N&55VABsboUWGQv>|kS zlQ*0`SD5HINaCKKQ4z7L8s@v#v-8JT3hoT&3@tUhhs%EWxGaatrJaG^hWAIe+HKB;mF72o|8harLB>P2dectSv4pg_$yj+SeofmFOpG)KY zW9YLda(CQ2IA1SEL-Gt^wE6W2Dm7n5dwuoDEPU+}wb|h_J1_PfP@&_d}KhU*A^rze5OJ~dOi>i-3OZGJYx)b9~*}Be7fgp zcP5(2q7f0F^-ml+Yc0N=%?PVePAA-SR9tUY|1gnvHk}&JdzoHkd#fmv=3i*>!sQ{7 z0OfxGAeeg}3prfEJic8k+surgn*JoMc;EJ85C0Huj-RC%;D%j2S8R5l?)t3UQTj7Nz|;Uu_aoXEaUZh+@bpB zP;~+VLAzn132p+J1g*9aV_w1lejs8>4{}s^kw*PNIvo`a;(7>|3Y_9M0|2Y)CiP7< z^FU^p6s_BmTrcJ=1NywX3dfE-_>I3y2>|4n)cm#(ixaHfje+OHB|!lvX{z@j7xab# zE5#L@r-{F{__n)+d5KVpFTuiss)u@PM7Jq!PcK2j0z;)kWu?)_^B8E0HqbMZP+joE z$y$%70HcJ6pH$HBCmdG6Y(!$~kHSjG?fiB|x3@~!-u==yy~m^FJ)C|t?(eQsxvcS+Dh9~y1Xgl5%iitXy= zrmviuTvJ+fH{OeL^)(h>wcYH%mMFe{E)C*`bSSs!;m;!LFq87FqOjc42rd1zVbM$9 zoJKypsX^7koBxbt;r`6dGRq?;<~?ZgFDt-!kC4S$GX2 z|AtZTDE^^31YIu2@8$BRXK&K?ZlM^KpO@@|;hXq&?}qsNG~}7rC)>jC9or=iG3=z= zo02UU3n;^oS95iMAFdt8csx!zyM0!~+=yu4BfKRMaPN|)Bc5>sc%TIC=3tn<%ye&_ z1y2I@6-kd7Qyg@Z+1%C?X&8k)+$f_)OPcrv!rfD91~FUrh5J^gx%gXdy>Q1n zO1&m%C47)Jr@SV)b1v^kWw#yIEIBZtBqZj^A}450<_rVS7b29jY%@XIWE+cU?a4c^ zKaKtYNDmGV{_|NHm9ZCv(H`Q$p%rO#CPXNR-MMg0mBCp*&wVC?aEASVDvtpeF)+>> zR~8@@YUFV#^;O)9n{io78CIe|OU*jh;XH6ZI4Stk`dcO&`$Pr@7jUwQ05;fUF5s$C zNM(oZDPTcz!hkhss5(|%$8#%jND*X<)A=5XnX=S35+kQ!D@ZLV^^9*8L)2V_ygn@$ z*UJe}eV|n1$k+u@{7zKiq~gV~A~E@Wg9H9^nbtsw7>@uJI;vBg{ATW;{*!=GNuPuV zXA8&ZP?UViD$!LAbW;~6Tx&pQR{j2FFwuZsfz?y%TvkZq7*&;o36#w)%K1Rrz^}oH zn=^LOGb6ddAba=j!omDA{x!zN<0*2)TcQ6fygrpLWitCLQw?y#(?+`NoqDAf?QNFH7%jD2nC!?@Iy}>fhj6cglja@)vmz)g(|K82(7AC z<&4(NZk}#IP3MCoE&k=DahwvT`L8|}ZgK2koB!8YC{TRO)Vx4LCcZBzncxs8^i3wRQ6GVTzx;jsvv5vFz zDIC2$zD(A&)j>M~37y}JeO}P}aw?BEk7u{i)I#l_?BeiNZV6ZPB_-TF2Tj&e>Miw$ z-36M(dcILA_TF`f*~phmsoGNl?J0^D-h;PQksEL7O}Q@y?W3e~O1q?i8gQ7{ zH{4kyX$!Tf*{p8h0VUP{LmhT++WLApqFJ(a-99=G8f^)lK3ENndQBT^aoR zm$@|E)kmDFoczTuoE1l0CbOx-2$4-Ixj+20W-4Se^Q3-?2rtH5mhk117v*#@${>Ub z6}=PdM&3MesW?@{C4&7x=2>NGPG_KwHeM4HaH%(rec2iw7pX2D9!m=sYsD8`bRMDj zD7}J3knU89CxEPhD9!ke4fxtDqK9XjuS*%2&V~es5YT+^ixa?3Xz!rry2=vSJfIzE zx?$AcXG!6^Q$QtGiW+bkLH#w{7>(9h=L0^L^@VIbgPLpn*YRZ5qiLHex1^%_rX&v% z`06n3#Z~Ivz;Gf&LPqT@64W8b1f+n24$TAsfP0};-~o#C3Kt%Rw)AO-K@iunfcP_D zD+~w)aR}cs?WlyWn{;Ts;u^C{>*0t8zw-^~bgBZ@MVR+L6IWU85eq3>S5wXt*>ZJF z>uz}$BerC^bqIW<=G7Tta}iSe`YU?~Z$$xh}tZ`?qQ1i9fdl@)E^%H|w{*bR3_AKDZNWuJiG%849d zCCj~sk#78s)USV|J)3RH8g+$GHI^4v^(1EzR)1;G{rh|S1?`(RJLd^)Dl=p5Te&Q{b$N%-KS zPOF^b$KMP{xnaqT*nb0_nF%>Y4@oQ4b;qzaG`&3eb2ojk(I*Lx(kgCZw>w}$drD5o z#&C{t^lZ>!CAtCZ2(^@OfR>fUqImlbZ+}Ya6CaO-wR;e!@o8&A4zpgXYl7=13$4Ug z!W(UMihX>s=!*#w-ZL$a^pkh(`wsJ-k+tVmwo>vtNS}mztrL8yI0%u*^FDP7-Q-xJ z8_NAZM7?ELTWuFCj1|&iL5dU!30^!DcL)%mP^_gCw_>Guad&qp6n9!2io3hJyGwyU za1PIV&Ubyk^CQ_i_ntj#tywd-9jwhk1P)D^K_mn!LEroC5U_~5Fa7(rsgw~>iR}L( zR$5>4e3f!qd+09=vo%oJkFhsC6%VHT&b-*Y4>88>Ibdd)Ac)0IBLo}b5~8PF{Fos9c~+>)l5rVMR=TGyFVSBfLYonOOKfEuP*+4Bho zdSqHI^@EhnCt1OndglTKfx+gH3cTQKDzJOVTZTUr##}};aFzwM`9K@?;-DkQxm`K} znyPFI-Te}{slw;$0jZuY>wBknaMwZdg}rs>VkD`|8-d&?Rra}W(K{R@s#*L2omto~ z6%pzm)~p`qX>km`I}adQmS)uWAtIJ`JdmWHdf(WZKgaoIP&b%%n{Ih^s4-$Fi56?N zTTI8ns;bK0&1Y)IIGENoeQF0Gd&|cA;+AZb1fUBU+SkivGu1mG*tyEfuzMO4vrS)n zY>V*$xWn}a)(hJ{r`+1cgI^`}IibspOk}+X&(S? zfX_oU>1NGhNOOC(Ux=xV3z3O%RX@ISDAZ!yPQGyq&JEBuQby~y&Bo-Kdb!RiAu~Md zioBBN-cMdpe>IbReoH&dY@)&sZy)gflZ6T3*>=Q4eGg;1yTIOm|5i;VT_wgAr}$@?X&z2B45Q*HfmD0#Kz?06x@*mEj~~-`DC;H#r*nu3W?>G1 zMM@KYrST5FH5sAyCoW1d8Ipr|&KPR%_y9M732)Q}`3Q6Jm8%2={AgG z$&j4< z0zd-NtD^?8ym!qxq;Fdw=ZDo*BX)yRNgrX6-K;G_soUNiEHExPBCtmOsP zRoLdFj7=zM%~_TeLr4gUKRu>C1VVJy!zD7B0!-0hOxOBM<8AY)8Zh0dI{ zScB1i#vcI3hopkz@J_MA9rt*Jtz8O$wokt4?IQ8{X>N%|u?I28dpTFVw2mh43C-Yi zQ=QlQ0AL&VAc>`o8^b_U46c=Z1sZ>NFBY&=!sg+R1ax@Fh7Pn?bh?uFJCBHa`gL06 zI>!?PIl)ZG$@@h&x^G=y;ayn)o}V~xaJe3V_uO)Y$1gxg=t=%B>*+e?B%!*mY+^H> zhr{V9QkSw`_l}1Qw|e=^;-MtW2fd$JFIJ?-43fWY;|ymh2=3^(_TtA)PD7+oDJ-rqyG9YVc`n&I#5VT0;dUaM}j< zKDqI`kWmZCM&C@+>V%Pt(BPx*6GHz*E}VM*NO!pV=(-wIfzrUH^fO$}t#7@#c%eyN za6+S!FB6?BU04S%&)#^Isi*>N9;WNDL!QJDsKKu*^O)@?MJaL1xy!gk2xBFv43DG9 zDo3XNImEBguFagae`J;V#3i;j{)QqZpJW4DGQ3aX0J-`2^Rd(GAfT_K6qxM|&h+!6 zy2LaL{V|RiiEb{V&Os3Utf>1Q_|FQgMGTwP2vzRRC$i$OV%X;HBHd!&CEdZ@5u+pT z5Rmfc!eZID?k| z^`Tuzwp-5uM>*Rs1*2-92Wm*78|wZ3(~{N_=$`S_&z4aSKQ&lk()rTl{lskNLuW<( z(;R7b%3VQ5j|2ekHUHNOoHc4Qre9cBxP5w+4k~);9TnM!-{${g4D4t!D5lGnmZpgz zz%>&b=2rraF_`py=+MuSuy?OxUZ93EU`Z@cqZfu(aIg$-L_o(xX=2IBmS3Jj8H0eTpXoV&v|ITNBN(#q%rIhsM{G$&XPut1(pHLvc%#pa#%mFI=`tdUN?3 z!d#zUVzlV)LpGzWkZn??oLhtJOY{)|T(n-Pg>r2%;<9qJ&_=rh?+f}W^doLj@$j7; z^okDUJgl~uL*5fJ|M-J*);bX53D70Hm%r`%Z;f{L?9=HASdgPY5OM+?wI z>!TKb>YDc!jRaQoU2MsVp{-ok~%+Pd~yD>l5zfWpJh&J7N{pb2D-$Dx%7i}pF@odgP zi3iMfY&dM`O2%2Ae+70+Tp@sse~6SGGrISu>yg+a-pA~d6k+Taw#!MalU#t`GK?;f zEPyJJS^}E?JY|9f$>=)Se5(iowNE;Q9QE|c7%s`}ZN)P0Vs~w5MQWp7gClH7uqp>% zU)o2Vgb?Lw*l_4iiIYN1?o1YD#4#gHpkGN}t0)NhW>TzAbx~gOhp0yh+~Ks-yqP5B z1cE3U@mcycF?OpGpeIX3yxCHJRZ{qjvxD{1B^aK8SpPpfZu1fMM%s;McN6Of%q+XD zN~Oe!797s4JIumQi?KlN+864)KhlJp&Wvaf`t^{GhifO^&1}?%yW6kqdJSDdhTK1V zuSKNx9l&5rGuNo^I*qsL`Jk|CSgrK$K6Y_lJiu7RgsoR>OS7Vt#9UB=f`Z;?*=kf? z6_&?Ofq>EY6@@E$gvHK0Jqwv#P-VEo*d66W$W#a4!2It&M`U{swC~b;v#_z)5P+SG zZaJzVjv#IX@W7a|{d2}Qeg4B0NP*%vv__ZH-kzMjqBUOe&EQ4HAL0 zF}H35-+iw81oq{`EGWZq{p!82%pbLSD5V`EkEa8B<6Ro9@#B8-}z7ni_zzz~9jY;hHum;;j%zwp`+xH#?;Cu`%)0 z@j1fA!~_vXomjp2Id$fIU;_%$Vj8%igY^dj;&N_Yxml#%_lotxxHluLn4^cLZni zAIXq&c@aA6T9^$nw4M&l`QbnEoK9^n9HG;^Ws^tn{+<1LF;$_UlDQ}q$w;1tq!Y_If;&1kH$0l9N1C`n%c?O`>wU-x9#sP*ZQ zMX=nylWZ-p_V{gzZJx6KO9d_AA$TW1SV>jPM2wPf?+-%nmd~U-B=AxGDVO?01g;HO z8?j3%;82Uy^LGol3wHByqvv-8Mo>~x)zv!Bs4$|bC<>W#7ZriS=4B|HBP)j9`-5ffqAKz~whW0XpH4u@d1 z2@cw5C!)MmTG)q5kRP8lVA_++S^$&7HQR~vT(TT^ser+CagES;$K}Tq{}5doa(f+x zWS68U^t(}35tlrm15g2~Zr?-`zC=7kgIk1qW~sQk15iQ7Gz(EC@%Wf#&Hy4@KnRgP zlUO{3fA#x3<$rm~75KenSrUN5&igbRGBA~9kTEsSDxXuU7Xf{}5_+x$^bx5_M>`vU z%J+Z?j*UTe3jPjxHO}I@(36QuXl=%7NLU>5Mz+rL?OsxSjmyVGzzL@rV=Nir8ccve zyR5LB#{&J;$=gc;f6o_OTzi9xn(XLj|Gd@4Y0=IIPx4 z&-UXSK$O`MLJ!ZS9p(uTr`@f&91`W%L2*@7X2wZ;Y(qW79WaSeDHU4TzXC=n6;`MN zDHOF5sCZVxe~JH`5CfL7#Gvq(zl#~)HjUvP`cozSfYA|9Z*xizqowyuTVjB{L!&$} zf5O>Q3G!5aJo{`h=IkJRJXUNIGn%x|S^_UQ%b1=~+T1i5d9Nh!#+~LoNx-+@;N~S5 zwj9+*bD1A5iM#F1$)D(oLp$mPvxu3v)yGY-j*G+fNI*CvjM5bVqii@|dqW()f^eI4 zSa9#NcOzuo>{Me9!IdeG8O3+|8ZJBO`9BiI*TRcX;4VsE8e`-O0=;EpuhywIlAFW= z+=5LpchR0tRDErB$KOk2>!-jw#)f4Mdye0f8;8NmIiB55*Do;7l%%U^`Gw9RLu$fI zPON9JLc~VPMOhy0N^G>j!w<)HW^LDv>Z2Y1T6RQTkMqB z2Kw??wd_WGe_CS9sJz%;JoXG2TYHc7vIWLJ#T3C+UKxK zXW}K!I(SnV2~uauUEWRAJqyZ2CE(NUC4Gm`iS~-b+|+spa<&Ul!GKe))7lWl)`fM8 zZOOKF%@?Eks4X}MV;M+@)BI=4^)6Xho+nwQjQ2v|&Xx$S5wnqP* z^9z35q#XN8V-GH%kr}Tbi{qC0Dgt}GjrLMl{0i*=B1I}l=>N8h>n__(0!3=Cl8P`< zeR-|-aZeej9<2mabT6bZbP7y8`59Ih0}Zdh;Yyqst-aY)5o68*+s(^tL5}sQdh@6k zUP%nig*^>9g(`XzH&TY(_=WTsQ#hJ3^e1tYIZP$U(`pat*v$_^FlOuaxp(U~zhuy$ zAw6bydksn*4>y;36c@EiEZCL`q-q+VdCw`L>~Om@Q0i7-r0ziqNOKuCX<($OT_5Ow z=fgb9uA!Iy`>{g4rYjXS;~&K<(@j0f(f!3-g&k^03Q26DBfp?Fcvs_=dQtKzJL)_m zemvKnAvC?dL=%+CN)z3Axkhb}d>4J^y}P3M3eC4`JKearllN*@O7m7Mm;HF7Ws`bS zbk|c*V$@;)ycD+dN4Eb_f?QQeO?2w@i2>!?I=xQM`RmxlA_}y5OjHCZ(R0_WPaK10 zbD&Sbt{5K0@~#llvF+;O$;Am7AT>dgAO~O$c1p*Jhhxw(^{4^#{DYzKgb-f2-th5X z_`c`({j)06b+dA)IIuVS@f3eXUa6w})TrGIAa#xX=|S@my+WSieE+lag(}wmYq>iG ze=3=|dWe?tCmII=oPlx&KqND0AMJy5bliFL(h|K6$t7XoVeWV6eNj(Oz#BnKuL2^RV&XMqm7hR;x(1O@w& zLZTgVDU63?;pWtEaJ=(DMwy3lrJRA%6c-&7T|PGxGYugX*DQr{Wc!Y()KbcUddr&p zfkXv#A25VTxRVg*ESbMQ?@JK!*eeprC~8d9(IEH+5zXe~Nm?rM;A{GFlx9MRV@%(y zFkBdcgYyp9AKfY^C)W}cNyrtj9%=;~0IZzBoKAzM+l9NMTR$SS-{x8>8S{HkW@Y>f zUtiIu{)qXp2%|h4l!b4nH?8VcJ5cX?(Q`qv3BaViWr^e`Qw;7ZP=d1#%&4_$G00N) z=>_Y-Ka08`Si>24J^Ubg>+__Txt>H1JTqS(pQd?h?Da~neGc#L>7qgV*9-WYQ1mhU3()Z?T;xcK>zR^5r=cGY6h=5uX_Xe$G>7P!l)j^v%L^Q&h zE|{C@J#Iecpyv#Z;}zfuU)k zP&jR+BF(p;qwd8FheTAC@U*7W=%>BwgufhWHZ+(cJH6YcFr(_-7JIJgz8D`Fybmhv=k?c%xv185YBVN5l_PO8Ft}o)T&HJechQCnocf`Q{m+6IcTZ$X&83 z2!?psD7@{WxJwvqprry8@B>ioXwY>5?#4usV1rXL&b!bZB!zsDSa|MkFcG|SuD$i zHzyjAxJ83!0=xu|ohBFh!kv$lVJ6u(MPaNc>**sWvm!!B7a` z86XbfoRjz(R_A?0b4i2FiK)`d;@CTwV*2$LrcDHF4p%vs-CQdlZcgJ!VEodL6+VUv zZ6XA7vy%7>4pQ?(lD1UqCw+KY{rD=!e%n@|Vc8y`0NX`E6wEr|%)?A?nV6GUtR|*O z^^SI!j}gx+z;HS|bp9PYPuU`)Lce!;Y0^-sw=G!`WCS9*=Ale`6Lb&t1k&#T3Alqom`zGCU^4?H4S9uP*6%k+ zPDx^XocNIna(`tmGRn_x0uBxKUUQLkX}WVM9V@eup$Ux^tiv+nTjWHk(3Yg*JvLg6 z738(c7ydp;h@+E=707W5?k)I!dY!#X+#86|%PHOH{_s1_e(O5VA;SlMyUoY`M(8~0 zhYemTwqsyBDy_(ZF} z$nU26XIz3+bq1s8Y>NFx%Sc{BL3gDFPy}~8U2oR^xX8F=V4Qm5+CV#(ty&<}Ppq(| z?&O!TgH}G$$c5aiO@{GkH6glXIN`)2apj}^WibnL$3!b>HU7#p+|I7jtJOxaPV}!s z+QOa=;t!4=c!To3GUcDr3v1&RxSi^*7qb!isE`AuKO)p5U|(E>qrU@1^i)nyysifK zV`&D?8-86bs%|6X@^0wf7ZtwQehS5@S@>>mRhko@;0q-71(Iz_D9bN>a|ra_CDk_C z*6vk@X2d?D&D=V5GLv5~jdVupZ)AUxYmmBH>$-rb`soAKb}q^Ay|~Wi_WRfk=+2+_ z57~-jWR3mn5l(FyP} z52@z=zjN{^Lu0D6FEWA6wIFu>?;-SxgYO&hoefC!qb#R4xRL?W*qlVG|`x zw9N~V_7BfAJnA{SxGEOW$oP&u>XlO5p7mJ+`5kylPUr^rw9n@KOxEIgSUL3rr3Y~q zl>x<55muHqaHSJWi+jj-Abirg8Cibwp_Lz z6s_q`bNOEt$_y#ngC674{jUNy{q4r>Uk*+ws6+3{DO*3x@x^%U&+@xZmFo01uO8|+ zo%a{iN4X*ibgP6vNtvLh@>xeRzN-Dcyc0^?w;edNxX=Ery!)eYR$$}#5ar35yufmR z(+4NqLlT=q-lr4MaOs9k<@Xs+G9#4kHa!e!LXrscuU(d2x(YqNa+P*c#y+%T-7$HD zSI~Rl7?Lc~K2_+cMv9J*#pywUim-lBjN%QHr`z2#zR7T%AMp@>Yky@zA-N1}x(_tP zA3qH@w>|OM%4@a9fu^gF9&h+XE5;tHm;(9?`iz1NQ@P5+=KmsX=99qDY`{MHvfp== z-N`4raX9!&p2u->WUxj_h&IcDAJU2*SG=c>zklgnt`;gsYw3PZpN-Yfm4}-xvP! zcU2=m1P2LxQ8uvma$eyElxL;{L`Bh*xrJr#?F8r2e@TA#9(L@zP60is1nsshks6sa zb&J2R=8O@JHxi|SD4f;MceAfp!D0#5k?o7tZg%7^0^^Hwh;J~-@%j~w@h*%eNK|p` zMRT)_b<=%SyOfP}Vu*erDcZaxEX`vSay55SGL1zcetZ~g zk(kjuY_P30f?>yYz)0#STxj@W=<@K7hYDns=w|eiz0mbB+E-pL8G`PqG~G_w8Mh@O zB9D2O4XOR<7Go(VubbU#^Sw^NUQ|+0VgqMpsi9bkAicm+UJpEcV?#iM&|G+LVY3sF zUAAT`_e6Vsgny~?{-3sepI|C&@ErY@+TU<$N>Un1&ht$s)U0;s7LViD_X)p`1UH@9 z6$o=;S7w6U3Q=OR0V|nDE z_UDIyU7AC*n)^hRR)aNk@@~)drg<67M>Sao3Un^7)VUuuXJYZ#cPdz2iPj&!ICj+p z7zNhYKFkN<7n!hF(0o)9z7oJ*+Bob$#C_0a}v)nTOEgqXe3Cl6@NE#Gl)0n zGK+0J$t~UrFn&ZfOeTCjbk!p~jmtIQ#o4QgIT3FMwBmP)UWhW{!bN?OV|0v|I7oBa z&r9EOQ$vcXWIVhRTY4oDW<4c>6Vo7N#aeQApdc-uG-v+U_elc4TI_4aSNC1hmp;%oAn zX|?gO+)wcB$*$E)kGhAa=1C(6sV>4P_3OUE8lBW{WjSS#YfYedgG;Ptrx=9>hclJx z&P$MApGyNKLNFV%F49>-V3X1g;F20$z|XVKBqdI24{>riby~f|#P0hX zu7(gg(V}d0o+;IMa{q8aG#O>1Zpgky5#Pg=ar>G5(t2kyoo3W&#q{E1OYngeMD>>w zialQJa(3|T1Vo^2{TjAIwDN(Uj9@yPXpxZW7aRalw}~VxLy}$F=r)CMhM#$M31nyV z?OP*SHYi>AY@__lU6CfA_V|*IDfbGJONQqwnzajP=FjerQ}LT3Xb^l3Awx9PaY*b_ z2813Q4MT^pSBN=!A|dozJqHLxFb@=5o(c7Myr7)JfB9tO%g!hg%NvMq{z)^xq}?{wW1Q=)0#a%e zeUT|E?1GLre2tEBHT|EM;?UK%{D(zs3^MDSFf3uDVNxqAVJZFtZ?xl?kPU08&;t$7 z>C6PWA!fC^5}>`+`4IWN-VLe5r+fQ#x#991@|(cyVRP*=Df+Do#cbDEYu)RKzqQud z8=r>Lwk~YZ1NQh7e?{9geT|B;I2L4@nWP{X0mODSgA;Du6ZWdMeS;$8B zO6XWdQPO3Wj;CKs$C>0^{YbbUP4?~}rp!&X|DFGtMlcNTuHfU$%zrK49Z4G5XSPsZ z@ib^jLLDfa>CzTB+FCsFLr5Ipf7r85xSeulD9hCe6#Eo7RlUVXUIDf)Q&q>cD-2&D z`^^=3r5^w4S;}VBw+{6*JYtNsEQOcfhKkbCjqpOC`13`U!riu2{mRhy8*^ z8AwAk6mszUl^1d6%k!Tycm!Fab}Blvf(P7#(r81|j?Y<4_UHG-En&};<|nP6h-Ai% zoCgMTW)$JwEqtugVVSgWlr83rs)!v@6OVZj_wh&7<75VTu|4~&<@e9o)8_cT**Fy* z6~UIbuP(Cn+wdP6Q*Vc%my>UP$F&gNj;Vxlf|z$-`g?u=L3r?0zpNy(Y@>`TcfCeh zAjmhc=QL`h+wfD2Mh8*Q2woYKlgv;Bua4<;Rycp%nCqm}K9dCPx(F&nlBzIgxtT=V zdOGDDSmhNHGVZT5YsRGW8~*bYkReAajq@9ywUfX7cp5ExiQ}b$M}i)l8vb(Blv1>G zyjjk*#ajL9MU0CAtVg7zLG@%x`HOugfhH>HR`GfDX-mBk0f z;Q+@f_*$9tKb}eMmm9*grFsV;M+Gm^waDE24mhQAg;gbbGUzMdNxB_GL4iB2Bj9Q2 zb1C8rYDPEo+n)UtA$+h1tqkrh=|gEMA{q@!_V1fDO{%RR;Pm@IRis0Ra9j+eA)R6> z-L>J0pUxktN>61Sv!YOJ>UnBLwa1Kjp_&f9*ZU(XtfqttDtd}xf5S*vN=2}fv+X{m zsnUA$@k+T_jpUCN_HV)jiuyiLP!4Vt*k*Qd2Dy#Ojp1ZyBIiayr;EiPKxnN+V zQ7k`TthKW-d9~OXpAm22sg%Bnqmw5avr*;=Pj>Mz0~{@xpNnV~cc8Od&9MqM51!}{ z|1h9Df=U&9RRF}~e>%Q8d?bJ4ruU|xV)=HAIx;Qzr%xF5Tk~|{2InSmzy*%H!Uv?W zt#7*Nz02H_S0su@fLmxA>cq93we+g&Q&W#em2BNA*!%{VOul2TTW!|T*AOqzCh+D8 ze*pwPS)IPT*dAF=ELmNjVO<6XMKqmc3Rf~8)BxUE@b}t0$vnv>A&2Kbvtgn6jG3Zg zoqdSvzkAWa&-N1elJ3l6ez5Mty*+P9N6pCd$RA4eJo10SPYTCk#D`HwHx;^opQT)P zXg>1ta&=5H4J5HXKjMg|)n1<|7*8_Aq?=TK55V-77!iDO=lh7M6aEL*RUAd&_HC4w z_CSfi@J#jdmIfF3w~*K=IML3~N7Z**5OTF`-=CFAbWlmUEko&+E(I=f%aEFg?}KcW z-;(+&)yGke`19oGn?pcw3-qlcaq>kTE)@%|2s0fM@>Ej06`X~4aO_xx<0YyK@5prg z-L|tN38vqk0gwQlBR(pO^N=>SEX!*3pReO*cfXR4#o&cLzM+l%k!Hhi>n2+~s-6U< z_C;FeeP*W#*O0kQTa6*W?D+(_La^ef@+NM$$rZ20BXkc(Nq zHd7cZ`8raNvw|Zmy8mpp-uD)Vj$?q6;FOG+#-=4|Sd8-RV9}koL$y%u&`Aj~(M`1y zdIcgJ+f6Gffg1x41Fh`sLF~~hGR&V|cS^%|{s=X}OKI1U*~E1e*;FU#o)*MbTFp4qu{w<}HOIy-F?dyDe>Fon-fQvdcp2P)rKi#ib7YSuQqdY#(L?uDK208%Z*2T@ z$x9Maqkz;=5s7kR{)O(?$^t#Z5r`a8b7juQ(oaFjWZP6VJ>L~kj9(y*>CCn@Fz_g&%&FVfvyQqSch+YBJB zA=fvmxvu5{CM7Vw;C|cCYv~rX{1`%LX34nYGR2vRi&O8)Y94H$?A0kyH9q7T3F(+S z1goUc{6Nve>S7CAalj}*f#lHSR=C>YM?enQz0SoT`)w&Xrqe4=~ysj}eU9xNVsyW!u_<_733qLHMtCB(hh9L_#unnd=a81+u z;LGkMdSq&Rb|dv0AsCTncPgR1`4r8P1m)bOkNs@EY9hK=QYkDu7nqE>KHn}FHxwpb z7kCd1%>NMNcxHO3akz=ZHM!aDbRGb#Im3=y!O=WGPPA)~t}JyZS>nI8R3cj5H{Cl4 ztYCCHbnLh;7>X1pre6HpQt%U)zW!?ypuQ#qQccff&N}&Nhmr2Ns17i23$;Va9xMgG zW&*8>b~{|8UyCOGjkJUF<2@g-p5wTNbV&laKX?a`)KSo($xacX$Zo-jgo%~HE)Zkt zDz&4`!RqF9%;mVCl>i>cC+ zd(v4cY9O-s9>)hJ?ky@eh34^OBQ3yATBM;T`0}(yH}nVn_JwrlTplH}4H%w$aYSXJ zUzkta4=l??np*hCguY_PbLHsMBgp&vZuihh9@pJrF!4L15*RXT@#n-kfjt?qKeQ?Y zUmX1yZ^A4xia-81#P{wC^O~jEs?_VOdgVw4vHhoz-%$>&oe3LALg}N?q{l9gMRk=# zy|>$(7k|=n;wPi)u&YZ-p9Mhu`^LUdwQIz*pzMktWmR^nsM5?*IfyBO!~PoD+*Wwn z>V(De+TA6_@gbhT=yx`3kqH~+&K)dyM>i~>lvXDCSSNI`5$3TI9wRU99>4RG!BV_T zL+^5zl=6;nec@!3H&=9VisLgTV+MoHsM-qpV?CK0-h@+~sPOCL41tCSUYVy}jv#x$ zs8S8>{f9r_Tn{@%?`4piVv-KfqAme^j2ytJ4=3Z*3Z>W=hKBbZsg2F(;t;L?Q6F^d z(Zcc}4=RZJXVX|)fQ=XzW?LqF!1?4uDd|3Y)gU+D=2$IlP7<)c3-N*|7Yod@Wv1Ag z3kuxz$fl8Yn+QXxG1bi0rni*+Dn(NTYzyQ0w2{1hJUr3=GG)!LnRZ3DNH)MBotOyo z3O`tnZm&4`_>HC;H#O=C*T?O9DuBMjJGWEgd&dfr=U2fiAIknjG}p2U1SY*SE9Z@n zU+}MYPTGoj;hk-5oiR-M#6RM?q`cdSFFeF2G!lJ&9>NApMBDY_ol91#q{(<)Pzx>z zAOBdn&BSs&DSzhaSlL_y<4#hu9DfJ|i-R`ENja8;+$R=D^mu6>t!JCH)zcqfXSN(h zLs=zPtRumH40?wE7)=$*c)(mi)9+g8B~6PnOs7Q9&(Nfk2Y;twLU`$t3d?oKVx?dX!o4AOS~k{Wn^$)8ld z>{&&EwwLU_hXo8XhSaw0hl;-$wafGBxy7 zG{DqmTVj)MZPhQzn7Ci=e^Q7+l~Q`yBtI8I=fe9>C*0F zI^`x9i@KlMRz|?~;5O|&8>&P!L3`#B@L<+|Aq9 zf}2kTwR#R7bBy;gwE-rr5n@?o(zh}Wt$Wb!PA|_GrW#M_BbEk{qnxxShqMmSB9m$e zYmgulkqF-5{s-8}#ZvQ^@ra0omLD|}wRqIRb8MtBT@T^AhVKr9DF;1qeTsci9vTZV z&2!Jh&f?YFElh&Hq)yCzsUs+4NZ6T)!L+bDQUxt!s=QK{8v>{(f5N zrM4dxern42fMk|_)TQ&4%F@7hR8Jk+{42BGiyeow`_A+%i=Vyn3lPQ=KFY7}|WLzy<@1Y%@xz(Mu zV*k9|5aY5stsg{fa~y|~7k1I4Z)Zrzg|+SyeQ7@VbN4ptGN-v&tlVjx*7rVS3RpDi zy5w2rY&QSf`E^2jys8t^qGIr{-r>Ku_O#+wCN@$4a$j4SwbiQremsfIKlA^20q7pA zEPG_$j9M~>Iu|vaHczTn`+h5@Os^U@wdOx=T_71S-r_j*AL|*z%LWIhaP}_%Y?kZw z$m6m|#aXGn?$1iIRHwOl!qdBIcMF4D^&thuDgKCVq17GtGd9XY^E3Xq*gvsA{`%vj<4RXcqFhja8?Ve`^d41yYfL$P8+Lt^ z8$SrFEO6Red%0!=^M`71q6s{&Pjob$FWF1+lyP3vi{&`<8}X2esC2OrQ@y9+3-hL8 zg^+jv=HJ>~(;Rz+155z=D}SfBB#Tm_rft91-+f0`4S*OR*I2{r3h^AL#*j|nLO20N zQEdEHXlR>(khv%NeAQ>GJltW&?l_e*V z($|BaR7igL=oy3$I&r-^+D~^o5pX&zscm4_X}Eq28i@(s&qUJWeM)-%QaWn1CJOSq zwYu*`j^E@6`W%8h)*E z&@r4M6c{Br%9?1}`@n0!C3S5~+Hg z3$aIfw52~xIk~y*%5&n(U!VPhb&!99nX|pQ-rDKW#`ADtR6@~mC0CfBwf>0c(bp2w z@0owzg|?;U7xL|(iOL0Dj#hg%3J(m1GEsAx$1)nMs;IN0wJW5wFF<5^f|(dDPs2Wl z?$^e!y9T7LM86LGEnB-^>vF?-QR4hUZ!6%Wqd0(Jg<3#B$yL+hf=n84Lv^l zAL{U}9(g`n^Ac6@$ytBNJf{2;lpO(%7)@G#(vB&wN|4B_+5xtFQTj6Yx(KHzqF7aa zH(_AJ2ZzL*;`IVaP4iU;_Q@w{geZ$2`^78nB(BkCK2DbN3WJlmd^UJ3t@Iew`qU!S zsK$tlp0S?c_7gxIe?2lL++8)Lv=i4&_Ra9WXAuka#4Qy@Rz+~kXR{_=Mx@QW8y{)s zzQ5d9`zOcrH39F=QViEDk2a`hL^_Pb(YpCEk#U=>AcBH#L~%kWlsHWyYVhZ$1(m8d zXk?YP(6yEVuNb+l9tvv&K^wm4b>`tr$uE$aIEpFB{4cIZkzMHEboGxnXv~@-9oOCe zI5Ga;PTdt2nn0`--dbz-YjlWt`slOCc*dur5XN*H7L(NC%=%p#h-6nN^MV)lHY!`& z<#T6=bAL5>u0?O3;}@^h0d2iGyiRu=>CHQW_x1U*p2$!sZ8_ga&Mf6jm9aW~oB}CP zkvWj@+lm>HRovZzIxU5aB{6<7^0j6=7KF7ae%i7ydJb5E6-8LimLBik1^^z_i^jng ztrYM2Wc!~AnY6dw#8mS!g+6)`RR77F6wiEQIIsI!^2Jl=0;Mc2QVlj22H)yv@Dls9uzlZP8Yev@4!4fBC)w?4b}v`uNiTiq6p0`pML)h1B<<6NI5CDa zm6UiK4uEr`0Mx;t9b(-qvkc=jth*snE}i!TC$1$W2D_6Lmqv6CkklR;jx4PdlQi8!$wqF~S!y`KMWw?+VH zAiuuQW<;O-kW#b8r6}E2b;X-^RhGBQizl1kNp*b~mk>pEORdrtPW5%@=Xwf{+RGED3@lZ^LX>-+w@llj#k;P? zp)zqYv2c`~NANi*SI&1s9S+Ng|Hzg2s{mH)kH6JzI|Feq8g0w4&XZn~TQ$x9vaf&! zwzY`U6yW$Q!YpP~h)*Y6E`)Eiq>D0>;2Oycs&ziWD%sYv`_$xF^(2G+Yo72NneV>Y zCGdZwuYs(@8oyn0<@fY2OaUgsKEi|2(t)SL5v;lN=TwA1AR(9JP zYP@c5Go13hdcqYFT?wO>dPNIkK22Qzn|iX?0Ex%KBU_u*nB@X{&W4Veq(lrX;Bg5l z+CR={2!$x^c=p(IiYWPW?ibCc(@oU3gM*w2`R`Y0DwAuH#i0eyisjub_*--@bTAdVMjg+jSb zcTq%~oJW$4anRP^*m^kU2RS6I9;DeN?zoi|IRP%-T@>?iVO-IpWt~c-OP)gm^&ic5 zuzT0B(SAa+mRf|bT7F}@sih0MNb7!BJ$!39#sB$sXaq-$V_`%c#E%Bia>NZrMD_l% zi(ePa3fr0B5QL1l?M0t$Bi}q{QS{w>{cA6ee_)fIYTxuvN#EnkqNL{4Zf9d>*E44S zKTvoS_^*eC`&Feo{KhNfURqgHS@Ka{<>uFKs|!z*ejf3#l*CeB-kW#r9`f*vON2L8lzA zUou)W{yEBqPMOQn^XAc7^_2zO0OzXOXIm$9!bBh=+&OxfbyDU;^UA;#^I%P6*lU85 zlvTYiZtfoc@*aX#o44?qBjN2Q2jHmI)Ta>+$_$Ue(EC8Tp3k3UWpw=QA))op(*T@M z%BaoBbSgp9$Y$NckVlhrLjVL0Nax$bsh<4rMnUn>ma2rS;5^Sp}%EgK+@8Lea8^nv`RykJ-0nhz!fFLH)d>i43|*Rj7S12y7l;j z=ttLqcHPl=W~uI;sBsQ%BS1*JQtv6V()t0H3BZG-{QdYfJ+NdeUHD`z;qCrw;xl;`H_0Pd7iNe zo2{ap3A(x+c-lBDyE6DqJd)lZ=`p^kVukQ>5SYVj|8*gb?8>rjcKCqUv7vg*Hcxg{ zgI7>P83W@`Y4c}uM$b#}eg+)h`|?ckl}9|Le@a$PKLa2u|D!bj1CD1Ia>#!)V&km9 zi-}UAU)(@KLZYKV>{y=#N{L#ks62ozS1;4An;jqLocK%f=Xz4_8-2h%3r1ZT*tjNm zP5?0`)y#!{`d}>mZ~o$1Pr^dT1dQRlE8%+H?ywtSaXSo_QX`jc(0BgAQNYyI3UU-P zpkpqvf=vhY-Tph-Y9_}C%u)(h%QX#jz?F0XeDvQ=`?7NlYynnO`(1jO&6jCVH3dmg zjXOqH#hd6I(3x;=eFqL0I{VQCI_I-yOl?|f@uxH92E6Ei_V6rhE@s=~_nHdrei6r{ z2k6_prOnxjXI67}Rjv8oa`286N;8TPw4*AVRh%KjPu!U#E-&N=zlqeQdPgAqqBLTb zaQBPJ-^7340LBy}y8NLuxjJ|c(3lYc;lZ7u^mQc*uh7P`e66XOw8xuI&!^6WPczRJ z=<_l(8}UUoG%b`%t=?{12f3U6Dc)X0TGU!Tr1154ps4@%cv+LNEPm?`CBN#3%}mR4F~zL+;d3Tmq7N#2!zZq-I`+m(L;K7l1MuYCXuPZ^ zs_BfqT&`kd@6~B|)IELkDKviGq3slZ7C5SvPZ`TQf@It>U+h-6#olm$Pb>%cjHY$%WqNU6@FR~i1ir6K;R%JY9qC>mq z+fN3J?^P4r7jm$?a@LQNl1#)Z|0=SptrD3QemdXd^$&)2vKC|n^zcW)|5j;0v0WJU za7|x@F_JnZ@l106Tm1hYEWsscEG@|I{vBis>r=Ak!O7x7w+EB%7W@nxK-2@j7lHs7 zFW#7N=X!kAZ{vB#g@NNU6e3OrJQv18^7u*o@0APIe-ME*2dvt(Vi?Ig=(HV{)dV~| zlpSCb9)x_4Vn1xlGP9tV_(NM#dGy`|!bW4!8Fb^L8TrOTa$ecXte5)mhE~qYH5qa0{-_P%z4^XYe~;b$>G)Lz#7NSkI$f1dW#Sm0@)dip8=O+q7*uJKT4J}CG_e|6q4%W z7D1;<0`*n{)^|ip^`;p+O4CpC1D-b5>x%b9*Y%?xqllS4yd#;armmOHERDU8<|44{ zzSIneP-xIF2$qle1>2MS&OV_I7UotkJL=|8`*H22F{%##oO(5v^aE2H-E+?ttLPZ` zf9QJ4s5qBxYZy&{Kyddac+lV;+zAle-Q8V-ySqzpcZcBa?ka|Zsak8*oJ(8iK)7O?0UFVSnUe{Ag+j%sb8ca`3cOI$fP0 z+8v*+b%Oh~`$KuYoCBR|>q234fpkQVLvDI)u%19UKhhN;`PVT&m}Pbj7X8or!Ij)J zn`t3G3B88_b+Dhs2e5zKAdU8l$62QeCeSI~QU+<4!&-Q&7vO)jX8YwRic4J5_4DVg zM$tarODG4i7u~_i;%dpmcnKBBI8H%4>fB)+%}hGBR~LACbB5?kz|dMxtrX0-XButL zv&B?iFnMn5IgAuzz7 z-<0!O{I@W<2KnRQ;c(yr#dJx$A%biptlLhSNpEkeLDA?#;?5V`Q-gONK48)nt!1nr z@j`=o9m={^T4u!KUA=lA0@F#+AREAKH4`Tb$B<6kAx=j%EU??r*REP+c)ne%+@oHa2 z>}4hEtAL2T^=#fzNY=`hcp~L--!s$FG8fSTl6`7glU-<((@bEET% z&9k#o%=IK7)TjhO*_o=u1F3abZ@PB!;Apm_g))}B=D;)rDUHFdK&xD#rJfGggSXP> zEvh$Gm$En(EuND*AtdEcFz6m1v!^H|N5SO1oJgKw&`uc{eAHr%(UaB^Qi6&szdoy= z^UVU+HTl~h=8Urc|a#(;z52hSaAbbr6Wu4zuk9!9?U{)4D4uks zO}0I%trgMPXglt!N}8YH5l(dkBb(V}wpJytL8F%qQbh%icmVzFZhOJmZ*%^if=BOb zF-V;=B$y!qz(@GoQ}}8lN;KEs#$x~nMliGE5F4wyFL_Dje@Y{TiI9*BSn-T^fX)G( zuR=t{oG0rfD!?}ka8P6wgMInTOUT=ahwxE5r~S>3dHZg)V^|h|(h>bm3tusNdS@W{ zGBRlW;cBlXc8qIU>N}L#TeiR|8*(Hsb@Sa15OMVo92i5^xeXPqA5+rUC6i9tAn-V4 zXEm4v+~wvd6b3VS9_=P_7d@UFSF|Jp)Hu~$i%KYRu33>gW$sQ63uIFFNDPSSAu}F? zilxz!IgNk8D3MYQiVUw2K{R4eX1HCS-#ljlV=+EkJ8@q}sZpbx=S|Bv;iG|vMPXpa zIOPW&{!Z*2RlMFua9Rh#9(uAwOe;H+|-4lf9cH> zSjF?WCfvGR<|n%2iZw{i*nWrmHLxfF>WLYi$vHnscI0{4i^?HKM-Z?`AgmgST7`-Lu*4h^+`zpO}} zwoxeDbQVm$qPN=8!XO?D%+0FF0>WKl=3tO#M&NTcPfK%-re|HPm)b8}Ps630VOKl0 zmlMl&8&NAbKivX7lJ$1kI@@5IhOfb9ra{i#4q%+T^u-M+Ir-B|G9V-izy8Y&ZZheJ zCKB+l-uyqjC>@y|!kMn39YOLAoLhEG>pR`zI?;{Y6_=r#ihXnT+aIZ@y~ zOnrj@3tU! zoSovJu$HaIO)lv>-_;_}s^!sfaV z2;kMENO^0HDINMl$alG?BWlwI%XE(Rk3Ut9K9_8Nm%lbTtTymyf(v;rD`%R`v!MNS zSs8I_HrLvuR{VYPN@(F$J~hUHr)}MBybQ@__2H;wwN9hOm7i5GR}L8~>axivsGpP2 z{af^mm}MM{deC4=MN?n;XFO1Xw8H#F*cbOl9Y6u1*+eHdB|lzKo}HN7^_g&Vcxs#l zKrFhWRA4A{fveg^kN55z4tYolUCMns-KlvKuwjB)RrEzjZXDw_C{siQ%YZq1e2P%~ zrx#N4Q>y5-E#M%MTG(rat&$KrYVYu^G~oL>TK3~X+np;TsQ=7-=mvEjyBji0x5Xo=2D1YZ zyI>#6LzBjEoXF4Aw~;0Z+~gll+HbGr$)dl00KiIu1q(Dq`6AT5FE7`c6`pbLV~>|z zEoGsNm&HdkrTrx=@yfy15|F zI0&{_Qk4B=Q_U0A_$<=tS_SY^!}n~guxfi1sP|f|$V@GzFw<>XSNwEs79!2FH9+FQ zSw}StJ54{KC3f~atEAPG4d@ImrX_(OgvbEqSsT7;!mL)H4|1zV&qj5cZ{u7Jzt<(; z2U(}u#|t!eG@{;6Os5a={HYe9XiXo%C4bpi#|_wKEy05F$Ntx%zajaEeoXdiEJO$0 z+5a0`|G$6uc!cncrKPke?O-vw&3$fQt{>spgA#_r7&x<~X0`_rZux0kfjA*CZ7up+ zXp<1Wb_-OO6eW|?ShTukH7GSAx-*w+*->)!K9P5*Iv*Y|^mC@DGC#${iN?5uWC$4# z3nQ0hOL^u8?U#8H|F9p;-zLVVYwUDzyVv1er+M1<+X$_r{BbEo?9sdSAn*N)#Nx}c zdt9lfQ|Q6=eN;z=;LN2ivNsHJACgapSx0lo#~*yJr-hj-BMa(%YH_X$v71W-dn*P! zsxZq6RZaf9^7@Q~{E;Tya80R=6QYGM-=v10cB4wI{VDr%qupMZ1O$@G(Zldy2a^W>}?&fdP3`)rw3gD|BPCgo+7 zKRJ1D7%9Fzkw=5YG7g6PI3QjTV){>8LV#g5_9fV=y9~oAxp{%K(adf>I5-dgjHwri>Wv2Xf^rvD#D6Ey+D=UJ}O zHpFZ>^~<5@Qgt-4S-r?^xOqF$>Nw-zd!RUg#H7OakNF;DB+XZ^3DU-sckD&V-L%c{bWStLe`rVRf962yIzt^Ev zsC2B_*dWqOMjQqu&mn zbYyqfoQhD*I!LgCO%Mvhw(uWWUCZP+c}=vAM*Yh3H9Xat`il8kdBTgIFkh<@?~!St zQqrSF=zRK({hb}$RYwraLoFcq3unQc=O50ykqL;(d3l*`D{cLA)BNLU`R^k zNvytaoG~8`NQkX%uRVG?=|Nm&i_R6i^PFv{P|N%IZ7F<(jK5*_qQ6B*{HFE0zTJy( z_{wMG_2YO~oGq*SyY&`zDy0@rkGu8b3a4o%-jhv$Lh!qnioI*@n~^W8xZ=lYDPyV@ zdISao0swE$OuGnPM+@YUyja7Gt!@BHAUw_vE%%eT(_YhlGX&sMe;D53n%6On5@^7i z(^b6EqutN)0maJFp9fofm+hc1;wzU4=M{>R*A{Gpx=G%L5Vj5_{|m{w^q@VPsw+S3 zNR-r*#Kj*lE8QVc0rr7WKazgzXtX+4W!5ClEXU4fCe<|fOgY%m2nTs*X0gWvLj@2C zCm~`1lCLLG$)&HOd(f#BuRAt*J#6yIrJ!#NrYz(!@1p*)o&y)-eE;}k|9>v5FcC0D z>zci&(RAuSTn_sn&ZC39(^Jd4P&C@DeR+Il)5aW2ObS=ItHDR6N&3zdI#wfER@+~Q zzo)^K7s!zcR3?}1TQb&JZ$#gI$q z+MPTiJo@5!szo>cuKPMJ8_?y6s;o8P%j9|8{%}qTXljM&g3T3ap%cQuMA=L%J&+YW zc?6)Y%c0R{5?L(O+2NyaO7L4O{oq5~n>UIPJ%6(5SZ%wXkuSaFS0hHI4t7o>=D++n zN`jY{aSpmMf$kTFg*`_zTIVj3P>lRb+jS+1O}`P=8?W*kafVylL&4iPW>K4%yp+9} zA}Y)UX-Gss*bjFj%^ls|kcR{HR{?nWch#7e7`m8@Shmh{r7E78@#3rzcHmHq$Bndt z2&lVbUUR5o?TS}l#;4s!P9(4;z|&`4W78x5S4TTLgg}i-yh77}zeDbS7{DKP`L75v3BG<^nw5>C0p^_YVF-9XKF*Sf zss~NA0v^~bYo%)AUu=t{PUM?}5oEMcp+{V7-Ea5ZmC0_dagc*NcwZMrzo{AxDA6qm zYt-u1)eC@HB&tj`h~RQbkL;%kI3!?VtE&L{xr8}rI|TC|w|~-%^o+2}^X|~^i@xZ1 zY7O~}J6hyQ>F`E?2dG3p-*_K>s7^2gC&)7p?u>MRo}ohm)V()7-NjLti6;kjQuP%; zqepH(kx@1Fe5mxg=FPK8W;AeLH3vmZ{wN8^FB1k~$w$~TqO%GN<}pndKN{S6lQQ>`H*sK+9s6aJIw!n?^vd6O(Zf*v}5HPH*nwmh9Z zR47LD>=Vc6A`>xt!W>qo(AwPRmWqxHMVpTD(mgwxPg97O^9>@u@bZjRt3_S_n#A_e z9j2)JIAg=}6_*FLo9;yV#F_mRLRU_H@1Gv09sv+8u|XH#-Wzl?exk|z3G$)_ZvV3S zurJzV>_#*V8H{%e+YkFzvqZN~czt}1JI3&gh}?qIfwa}TTgmrmTp1!xK{zM$R)hCK zIJ8jlN5G<1L1dM!(6!aKP^<*A+VByXo*mM{T1%{o&E^crXM=6_znT5AV%ll zGbprs&GF%rek&dfKLZ|Qceto_jt=(&S@#zzQ1^{qP<7z4k8*(Z4^djJx?)ZW42u+3 z^}2LNWORh!G+7JKoFNuXm|vioZFcwv^A|f-ECKz}tAG5s_nE)5OTB!@9a;W8Gm!H% zAVAxEAPm^Ra)t}V&r5`3`0{vTY4({4x(7A0G%dzzoha$XtP9CRc(c?i9SHwF_(oI^ zYC@jKXTCx!Q5*ygp#$p#oq3VjQ!}K)3F0R$cJ2i+3o#c*Kr=T`a__c3d+Xb0ior9L zqW@9L&i3EknLYe+XMe}!|MPA#7`PQwOre+9=v6P*_e1Pb#;zh|)H?Z>3>*QzjfL(j8a@`HLQ@XrUJg2Sw5)sW$+BpU<8j^T3O-cNCr0qbcQ zkm$Eq8Or_Yy8m}Gh|Gw!p{(bcGaOm|d?Rn-b5vIbIs|*7fF!Yfo5qS4cFADnPc5APv(`$w@an0bue7FF z9ZwcEgRE%OYkw|hKU6kYtfm0>f3a+_x~(EQ*8kso&Zqd>`j@&I09*gqBX9wtWdK-k zJf{-@tJNudgUQuxM{l;aPiwjA&64GOIX;ycrPUiorKGYq5BT9z3&4XMYX>~2uuI>Mb7T%F zA5X28v)H6na^ro$65W22XI*}-syjO~Ig!8xHFJBr=colFncambBkV(#r^%r8eB%Xz z=hoI2)&`7HUV%F8BJ5YXOp`S@Ug$b4&MLLQ#Z$M~==C+aKU_8qm$!_)FuK;Zl$a^a zA5`|NV8r)ShTh-)q*c z%S3nzcDp_6-q1vAB;REx^Ld{4!7w9dp!t5F9LhR0*jDPBXCmznChO0DkOs@et>bPa z$gjbhR?`6pYxLWZvZYDn@C-XUF|tOv00~M+o#YIgz#A;5koeDsBw~)hmBY&-?z~T$ z9gbzxIUK~4Ca4b8={FhH3d}&7vS+UZ@1tip%k~fo#k{+p9&0saHE5JR zR;;+~Q#f*eXgOPnrcrIoF&!{#b8P~e+AZfs*v1!szks4|jQ=d(r$u+Wo2D$H#sYJf z&Vfkc`*upT6=PUe@LlJQKqnV##}99mx#6B}6C?}$XN5OWbzcf(5EYtL>&)C< z=npjFJ`DR@=UUEXe?U(l@VnYPil_E)^GfAlt}6#6lAG?CE-t6^lNFD= z4nj?o0;*AQIWN%;c$u4MtD)C@8G=r&p3VQGHG^;!W2o{?_^|07 zBW0{tU2V1u18DlqRA{Z^M)pwwSVX5uBJHO=A9iK>dDI>BM&O?Ox`vp7G{*2r4ljRv zScO8a6a}i*aY=VA;6(J&Df6L4MwnUss5a181Vy|);-i*sG4v@9xs+oP$QMXnC?v#0 zf6j9->_r|;dAKETJ;*+#i0hko+iSH$=f z{~aTT01~&4<*!im0xwJ!<^~w6UZ1_w+5={z-PqxdV!7%rY)yJYN{4Y46nx$lhax+X3G^_+lz8e#7sj${1JLku68|JqLO-C9rEz zIwW>n86w#tCJAODP&|UQE{jx_(otmKx~Il5MI234#o+GsL$nz+oWUVC;hK~Vd^MfkhPmb{rjF7V1%Kd;ul8O&jr|};!Td+ zJZ_+33x+hukV-U)5O^-&p3x`7qgOdU!&9PL*&M2mhci==`Bd%Y<&+ep8gvXwA?(9nE(o`} z)3tcJZ@XKe7wTHOnGm2=*|`}9_&#~vXUi12Zvz`z-gWDxjA8p3rq)}ms_bW;QT=?O zM$f0;n3mDd@`#y9cp~sxiAN47HFN2PEzg5jkNxpgV>GwL_|^Rmk)q69!xVXax0!LRRp0rl9|>qyNL3jQfhAOwDb3?|HFCgRsux9+7t-NNruuz5nH| zMOZ4unbEl*tg?dVrS{384}Si6L2va2a8G>p9?tIrZO4iT)EmI}Sw|!BBS++yarXZ0 zkZ24_68^+(T4XV)8SCmW^IVY#d!=>zSk9v)z1FT<)XiDR;f-~zfJH5T7fPVWqsf1( zMxG!y##MX+M|rqfqj7f2fv??)1MA9`syHHNOV6PR!TkfKmIJfd?Cmm9)O~YJQioH1=}ewc`UPBom2zY6}IjINKrk>Ti!<4Unr-1{FAc#EwMi{J}ozTS>8Z#>b2?z0PZ`)}>fNXdKEL z5c`0Y)4f!KX0v^rT18?km5h50=+UW;kpG69qn|~b3Y!#HqC6=z>G_Z^pirSS&iUMX zoY)R{0?pTJB#WvR8Ola^-zSq#r}Xn%7bj7aM*z(2QV2mNtCglW;S9?hNfw20bBTj%tdzxUS`Ebw^5EARz55|BV?yBTm>XsR1cf~D zbAK)yj;6Zh)HK4=PI!p~+qXW1P_IN)bT|t1M>ve?W5IuMuS2z2mh9^a6&ge7`nnT9 z&aJ2Xe#$N;Xv-C#!KrEO!wQ#f|9Dtl4<9|9KqT3lki?r~a|sA)TXb8<-X9Znej>xtK(icwPvBZr3b zUUGRtSRi+Xm!=zs(;8`FV_)%;0dk#439w>-O+|$=IeUhIw8}~$x^FepxjVgp!_>H` z*QUS8Pbi{19z0}bWfp(jMzC9#1w@G2-+$3G! z+*ZhrkF$rIMf-X6FrMthtGn*bMLO%s#^c@L_TxwFtq4?hJhc0IKn8JWBnmq`wnqfO zw(%7>&elUZ7$qzzNgch;sUJl{E-4cjGzU!X|yF8g8!O7*3y-mGZoqJR2 z#j;g-;}I>X2Bp3_>@HvaXfU~JVW$r$mRPJ%;+kc>#HskWt#9D`ARY0;s_ilaw-lHg z?~&IE)2=1>NSd%|3GAcgPx~O&Q4{u2 zf}4#g3OSHtVeCamwi9+5p_KSPBm_GQ%#rvni}D*Sm-_O3E@p}ZO<+!-wL|2!ufWaz zISLwn-Q4c+)Xe$1Jj;D?ZD-jNa07B}Ql19)6WH4AkICY6^12NNLYZQz5PgyW*>9>` zok-So`{UhwEwxEvOoziQ92Vn^{TY0^>Ia;cvx1<_G5}2Kkl7oPP=+)nc1WV9E5xK^ zNC!WoYRu(X-QBuVMQ~87P;?2izW=k~0=<$*UpgY%gW6YN!W@<8FGBT-Q9cJoLTj3& z{C2-&c$O{%CSvNlvHQ@Kf1C0niLFrw*#n!KaWT4~gi^ z?H#DVFN>jU3&GF%`3JgA;)%q^!#(5N`>IsOLvliBUX0dR$0d?96+^IA0o4`i4%^|D zdn3uGU+aK&WrSo~_o&E|wLme06dhdI9=4g}PZ$vDcJ}gn?x&y9Tf@^(Y>;+UzaDKx z@d@X+gg}5Y+}j?dN)*dhf^G3S#k@U&A;_B(DX#Wx;n}`Mz{IhuNQa*w%8tdfU*OomZ! zO#;QlEpji6n$kBxzmLv%8RQE+J(X4cIxykG$foHItmDx&DBt_)Dd>NV8$y3bjp7tK zG`%Owh&P6Gp(=cs6d4zN2$LW8%6mHoxmLV&zfCQQjE0og@LsekTU($?`z&QaB1|}3 zR_{#sMI^k<>@$ODPE|jKp3+Ghrg;{?mqHZ%Ys$vk)2iE@i@OUERr=~()7hHc*c`i? z;r@t~p`%Hsd=GNFKW4~gw#71clni8;We}#XxJ(b$kqfB)tlvuXXcb&phW)hh9KI8% z=Fb{eJk>e#F3SD03n6VF%gi*f%k@FBJmPq=j(6WNBp<5*7fF*Rj)TT~8X5MzBx`hg zBzxAd+NX*h%BKx?n|R$)ga}A4q~10(Xb!&D>;`c9|Ev)MI3ik7 z?<>wu?dj{o>F&Hi`RxX?#{Pnw*4ZrCo`b^{-bp#nNa7WG{haNn$T-N4+_wvrpKK!; z<*C7D%)m^UEA3K)^agXgRKIkt?$TdQb2=f}{u1`K-v>K~V`J@C9^slcX(3*>RJa%v zA^h>gz_Q}{1k7#Nckmv*BPK6f$QEFO?5PP2USmY+oV$i1I^``YVGghyjjoHsEqhY( z_97(7Y#I%+U9$n3B}0IvjxvhNUU6##XFREJTqM z*6hIHQ66J2YdAN`^uQP<_X~27_FwUl{AamH`k;NaByb{O&7_R_uSM@hd9ES)^pIeq zSnInE-6k4yIiVLj#MCuVT(ra6?a;~V6-ivHDt_8vCRa5Loj-a*fz*O3Y>m=?YS#i4 z!mbbpdm`!3%YR4+Oo2zB@n%OR9TRQkmMq!gHdk@0!%KK^ohlxA@Sm8-%w4JS^f@k~ zNNnFpbAv!6O54o#|Hh&LwqcgyEq89$`i&#Y-5zmc@VbIU{1@H%#|dgDg*cIt@+QNT z#QC*WU#HNGGR?taInGTnqMv134n&(sz>=puxHOzFhDjX~v;+@u^;L2giB{Alh422n z;8`sECd^|}J`Hjv#MC8yo)#~1Xnq->&FRKM)Pv;dvcAonix@Yl@HTY9pK4h_(3=8C); zGX(!zDiPq^>G~<1;uKBqM9R<&P!i6P#Mhy*%g?7BR%_oe#&@W{HIPjOR;ztD;)2zy z*hb`Ly5{3qggG0kDg|Y?JF0$0Z8+UX?E0P91xum9f9U9?+4eArbUSH1YyX2NrxEq03gM8__(}s=&qG@xAX+XMkzintwZQfTX)rWizozudFewXud_h~B9pHC;KH@$} zU?6)At4kCHa?kfz7lmsFD0nFogE)7%7%fQtBa4<4w*l}$z+xwG^m!#O)GJ0~?gH_rXHBv4r|<>9&}4rr;T+zr?S z}K@}-uD-SHWhcpl&G1c znCm;24OW$mE>AmOj$4YEGvVEf6UkTiifcfHt=iZ03P@+skZ$b5pjdz!iv_T24!ki! z|GW0Epu<)GNd~UK*~G>5yT$wE%5jIInQ%s-HqxUF>=x&r8ZFXL10zVgv9;&@DC;6m zNEFO%pgKart7X@0v}dzMDbwOr;a&MIW2|Q9=G43O)Fy2m&y4Nxg%!OaS?s3o!-Lk} zLi5i13U2`I@1^Wak;Q5x7H_z)Lnf6FEb!%|(xltpiofI4uQHCXXHpmJC#iR%!LTC5 zoA_Frt4qR-YgO3W_2=--$cr6k+~Fr9S-e{?Nrm`3GR<1weBUzP#6$@1HJPL>12FT# ztRza8GXF;2)HUowJ!9j$aI@)Rh3`i{!Q_hco*asf5x~}1wcKc4S?sg4C%gk->?4TU9$j>t*%7)7KRt>?!dc8H5_LZbSfY}2F>R}FuhW} z)U1btrv^sibI)$tzf#Buy~hSE z4mNMSlZ?Q!K(XR{1;nzJf`xqSAk6i0|6*f{#px)C#ba)q#8&j_xcBT5C)2yZ^W@kJ z#eLbR1(?%sPTfjRC^UD!9W4@2wy?I%USCQ7)@9DCgQCrhz4>cm6H#N7gV5^WYCUY2FwD!2hY*Ohih_Z5ZrAIecL?a{ z=r+9T6%4|nS9>ITaXOh!#CdnZxE5#})d-y?dXj7{Q#aRb);rRzt4Z|$VD7RzL+YjpL>gDrJ=wm$R}N@zGY&9hg!4&86z zBFI-*-k>V9ijob4mB7k=ZdmHpv-YO|#PfFiVAfzFYdDqXkyx3rsBVjEO;VG^Of)wQ zaE@{9v$gz%Gc$|FMofaDTO<1HU@P!O=B7KV^jK*)>MY}x0B&38q9>H<1zWPVABg-_ zO`k*Z%1;j^G70O({W(vdzdZvsGuAtM=IWs;wOlrTC|e?M`O5HY1${%5(Ype^w5<1D zK@2r)Xr#r6kLB6dp4reDjB)!bjjA4(Uxe}^Ar_u)&5T7Wq)Yvn0o<);qU_C8^ z_m*zfp7o*LtKU8`o9C?cx181~DTlXBwF+o~Ppk#9RzHD*hL9SgYg2ubXR~@TB#eD8 z#Btk_)L%tzbpmXP+^^ohaHZHVg%DnM+fUaCTy^{~3{gyObsEFrYDh9T|F`IR(n6~j zGG{$`2YpJlXct;AXyEQXu4uziMK;mj4rfKcRJWGCj?pkHTk~#~=MPON>xsEZ3>&Sp zSdRGCsJDFv3b_UBE(&k+?}Y9~uhxqwV!>w>bKP)VPVjXuLPk5aZ?3!>u=NtrT*TGB zMd9Z*i!*GEqYL!^_}JMId-7a*?P2?Bn}Bxizsev zwN#whJuQUah3+e>);GR!^|R=J_tdB+Mi%;}`@zB)2n-N61V@X6Qt!NhPz|AQ>)5hk3-UXd$S>8j@l>Q!;%jE+1XR8f?ck6Dfr7f13=QKkJgR$gQS_zstRNwfM z*e-D6$Q-`K&A`j>OtMma0Oer3wpHh4Y0LWLOtASQjUPku5CptGRdR0De9yN8eQwV- z)TMQEgzm_Dc1e<$!I<$WmUrW;}#7+TJBH$lq^X)_jJHYUEi^O6>Fjr z&!Rr;@3~t+W$9fOssM{m(q#R9h2ji~M_=7#dOfK@dFD?pJHK;+pkR4kS&+@`-UAzN z$-SPD*fZnD)l^XAcNAcEA#mF{?0q6wo4}{0+PYD7ewowN2Xfj6!F~3b#r$TUB26CV z@S)Wk!H7bXn&x|FaqCn`??kW{&q3Bfd@Cn$-72nB{$YB<8qU(BCt_TF|2DGS8NQRh zLUtX&8llJe*Tys6H`sL8QEnuw160{9ahY+oy{~=c`=eNWQ^7oo^Lpn6EO|Thx3ZRg zMxarcYglXDxeFfgoH6_3-bc4riU;-#n-!~0;};)$ zgYs3k)yCc4qQW$^W-6~VCoyHO7lfXawz-gM-##rH4dF_*iyir%16h(Di-r{_qE*PIHmlb$roZk;_)??DjgDv%`z;@2`jjw)n=nVSvo=hbx6n7VwML zD;@zr#&W@cMaTX09vVSv25#Z+@tasX*h2X<)iVqOG$hfBDG*E8o4d*pTA$>CtJSms zCD(k0UrOyH>f@{ zft@&~V8&@A>aX0rvh1_xN2@N;a=g`<0q)gha9J;m?N|ZKv~3&{x8ha~`f* zT`<$@CE9#TA#Tqcng^bapL8R4h(0kchfgW_xhp2pv?C{O-@4G zAX*SB9n@F~|0QUW;PtWtf`8+h->*T~1}R?KU-G#ASzK1kc2+^@`CtPIDV5nwwuw$@ z7D9FU!-Gk%RrAh@-S%CG^BSB!?dV#o1o)b!olp^t&+MJ-ZEJYUDWIF|3=&HnZUHm& zWh1luCtPbAEc@qs(>F6aE^O~PSA|b-O9eB~y#^j=+z{2&+4ORocZhr|af+SOLe};W z1f(Td>h^S79pF%fwI~GiOepBl0a>po6ZfXA+LCi+{oy)@xVhh$@~%dqBel9tT_?2R zG8&v9(vDuH!1GPHI}Pq=Jt2v1DAAPKjOWd)zznqn76hjq!>oi37=6|w*ugvZO8Si` zG#3z89F&|-CPlm!)=yXUluyJcS{1?F2^TuNoImCl4E{}BEXu=#a(uWc`W#pbmHo{D}>oA?+PcP z*HFDu&CzElj3Z0?MX*Bi7Y+Dkg22av$gn#+?`4$h8dBSDF}xhaGB`AX+A5IT@{l{l zcNcgpG{ZNv1DX{iPTY~7YnWs;$%s2B0+~eisv|9_V~%RVE<^WUB?M9A)pp_wur5~} zdk`)fA**u}!XX0KN43zb2|moEgt1&>+ZJq;5*o}$3xe5tx{Nx7G1H?>$SbRSr_($u z0;|w2KLfbFdjg8|1R|3N3;Id4d2>5vz%jXTj|V=O(eAAM@wkj|!s&xKuTAnar2Su}X>;2hWi{f2C!Q*I8y^2CF{*M{>M)tf zG&WzJ`iZTH647r48>Y~d+NblAyJ8lS!s#Ty>Gt&~-Gbm)!rqp5i_CdPc|C?g*U5me zQ}4W3#cMlUK;p5?DRPas5YI^+>Y$8dlKZ1G@e?_|?a)7rC21ZFNz`J&`tbZ?pMIj2 zqu7E?p#}iUaSyu?ETRpwFAN)9*qt4(vc%9pDIUMs{&48RiFe_H0=qUNp^u6I(r)M{ zUKl89On1l$LqQa9%{GVCu`PjC)d)Ot=%70^?pPpitJ*@T2lt(?{Nc5)jh$u{t&9e#n+-Rr!n>Lb>;Xk!ZDR5A=F{$)73TA(KX_bz#)uIu zpt-4y-k8h~Rwy+ombM%@93I`w5Ta+g3Z7Li8dlN1!S2=feGxL)MfU&lTs4DkP>@~G z(S_P=lh+)&`@Ocn?a}X8h=c7T&l+lf#%2D+Ck|)LM@ggS(~?48sfxoZX!bu`AAhoEhl-1-Hp)3lp__|~?6dT&!2 z;CP$1tYEKRuXFABlJPFTjE}24Vx82b$hl2USk6)#Ar0od;PWl}vS;hq9G2Ai0<&&V zw8Dve3_g^ZJZ>+CoR*y0UJ+G;b6ThFm76&a?`^iJM+PhJ8`Ty1v5dvu*+V2mFLR^m z*%ULkW2z1ez5lnJ*r+cE=&NA4f(C24;t$hJgq+e3mrnnnvCbSxA9ygjAt&BQ?tl0R zk-Ro?E+2&X^xa4xA-bh^;%OnSk64^9)w@_y&)KOx8A?~jthCb3Siy>D>@L%UiQ`YM zeK}yo#UsHtMQD=fN>>`@4JpI%a6?DsE|!M7UPH|23fwT$<}haQD%-LNM>M&tS4U>$ z*xdL~dB*2Y*rzPsztrnkD%HO*3JS-&Y@s_lpVosSYDE7H*|}9I2kPn4>g0 z;!(MGbaO6Vj2^7@LwxA!5X`*h<_ut}abxE^8h3b(f|%l5<>ih{>!D=tpRTi~^%_@! z({~+LdE8sVw1k@}ZDLz?kt9lyxD(%|ZX+d^#3G#EE|T|zi4qG>=C+&FC~=ie7Suds z!KQ&}C=J`2!&I1m({0*1vlj{359u)4eT>|FtFkFzxxDlJ3O;XPAbEEw)oG=0?$m`P zc53kNzCMfioUI4!ceL*k{OzpPhZ|vl`)U5IYnL37=?i%cUxC{Q8OLa~+&gVq2~Xad z7{jJDl_GP3-AS|F$W2&iS7@1Zz3m~ltkGP{QMno_^|tpUfrybIn(=M78slj@H#PJt zxyi@^IG@_-YutHvQ)-7zPGyNGV=QdYvS(M-=<}H(r)^#{uFyn}`_il^8$hCYF59`^ zU+0YX1YTJ8i+RYd;K+Mw@hkN4?6xD5Tdi>WAV)&x?&8-)_5KlxZ?p35hAvlie?b%< zm0Z4e-bUfl>`MPUE?+?>zaV(LGF9ygAq(XsM$YDL_J{!7CukF!@fw$fbgh|MJrz7s zyQN$prb0a!x?)qtsaA6)Z^P5vtgi>kG4j&#x}CVno840bed6(Sp^S4=Ye!>;UCI;M zgtk80JJNt+hq9Oa@#z)9ua*q*+OJuB5MDs3i@UUw^kapD=>1PW>{b;hqYUzj(FXhf zH8dS*5ZGX^yG$d@e{Qe;A==t#-(YDvr=!jtRTe9~S6f$BC4JZ>!5?}~;#Sz*$=YY9Q2-E7@qlWuXj`Rp-) z5-@T<#Nfq(YAV|_Ij$qA;hs~mvjaO_!XcGzSInTeK7QI zuP!g;@`~{`xq~tB5EuE`GQVH}SKQy<``_2>;=i9j_Hu9N%U_OD3_Lh22s;LzLC$gO zwAq_AQ1u~F`K(5I?Ed#+@(EqX+Al4~B};|u8eX%vmo^2RzWhEr$mTn%zl_AcI!mbk zyza2?dy_AeRQVQg8~a3=X)SZB>Tu+5RVW>`}UJraF4+ zv;PQkuHnKBR#yflST+WWtJBqozBeoUT6PG`SPtG9;rkFZ;sHofQq9iA@$i=BaVMO8}Q4BkW~Wy`_*gpjDg zdz)>*`qOpWT{qjQPZ6jg9s`rpme|FP`*j6bcF)sS!fCluZuDU~!Zr8paOagOfk2pn z_I_u{)nq1%L?N>&jS9#vKU>xz@>+*jFX&}@5*A18<;8#hEJ zYW)2FarG8nQH5*V=+NybokJ)s(jW~YAPv%8QUa1A-6<)O(j5{5Qqm<24mp5y4oD0P zG30PLXRZ64@817lueIO(?C1R@go{_>yMUP5fRCMGz>K)PUai{Q2SxD2o`}L?Qe0eG zi_}%?#drleAgH&z2bxPJ)3O|!EP&tvk2tQhG_0)|w2)@Y3*K=>y?T@k|kc22EP(PE469*qe(S|{{hVbM< zO90>JVB-)>sH>dwfncC~;9O{9gR$#e0F3v_>HgWvhu!Q<)-ZyQT})^~mJmV8>xa38 zdiR%JKRyay`!JV>_-~3EV9N*pu=bT>P1w@qlnK0PbXz`Uk5W|SWne?nt7VHY@cwDL z@gA^uC(TO-2Si+h~5;)Y=2$48f|+**H&;w-h7pe=X%`Tq2Y%xP90vDi2p8PUvdb^G6Vbz&*~VF%+m~1_q|KU&6{8H{&I66-z~aE?9bpPYY3hY z?*A$m-X~U`M~e>HO0Y_s(<)GY9_B08uCZ4e!(^Jo`GGf%3$_O}@~AX}#MP!t-su?eoQyOVH)(CLU1cw( zd|x|OBaNPRA0XF3dDv^*E^bF>^S?CL15_IY{XpQ@%uq&Npvba+KgmX_=bta0aG91B z$|ae@2(mux-KmLrQ?eoE2k`QM|DjZh`6}bSjm5N7<3pZcH=H!^K0PVlcS@n27q}eg zef2B&VY1GB%OPH<%BBVV-~Bg88YlkSqg{}-KhvnP)U5sU>Gw3mIL8Qk>QF#p+R(IL zGSWmpukKu6>@DKq5hlC~u`daj3mk){EB+A_?p48mK`h6;vl_^sdCgsLZILB4CC{V-mHMB$IdnK3u3z)x=Sg zlxI4`tVkXmYO8XDn7#=5KHmidym(hh1p4gvis&7_L&6Pm>|`UFad6D+)UfKwtcvX! zs!tgMesHqUFYl5HCE@paN7%9HkUONj*uuwgLI23fNd-eC9yTY7;U6b04IN>li4!@Vh)fA_9Nj@=)^apjT9GKsfkaWRQW z_KLSMfSK&8uK!{R5U*HR-!uRCkg~*DcH>gah%`&DW)8z3@bT!g5+s zHD%YZNZDEFVeIh+oasV-B6i+-l%xip9x0C^^wA%2aG*t!LtBZpdJ_-`L*9>bwG>@< z9zMU$H_z6YRd3!Iu=zHyZ^t3CfUCjX$gH24%-bo%92Q@J8Xrime>uyhYzq_lu4sal z^S1nwS@1H;r2?+zGAt4oi`DQS>S|t8QTEyo9hUzL3hoE$y#FIau`}z%6AU#c^Z{;) z5BZ0CsO(5xf0^)+F=OwtR`)+Sv6+ z>_?EdVudUIVSQ&ZXsA2Nw(S!wThR5VilsUQhlMWr3Zr({3jX_px`j>fp2(`9Fcnaz zOoPDb(wLjx^Dw{97oJB`G)+7Z&dJ3BVAg$KK~Hsfk`pVEM#;7E@6?1zi1S|WI=R6AqymIvo?`_&V|yW z_A}ebl?``!v18KS?9xBYaqAki9?Exk2JQc}(Jsn>9Q};$ZR3n0M@(SHVMK-)5pb0(y_4$`N=}%y6dIzcaI?k?#6f}5!bOp zU&IB)EzG{BiZ&UU1y-&uo*n5J`q_zl9g>^-?(DerxhqA<6Km3R;rnW^&5 zce`^Rid22o`a<$_L4Koo>48jSEuiXTxF2Zc_0ySJ%;Rl|`ahH^Z-Af_fWwCTo!ebH0uV`xmI=ZZmG*YsVW1_?&=^-D2T$+&X%;Kjcv@)4V}zqY`^D#26@K z`z3E5Q%NDD3~7!251Dh)z`1@_b~=VPtbzyfdS}=T#qGWLXys8^-WFCKAF=2UuM zkYMbCM82&3sRDIdcs3Lz!w^jDG&X8=xG+VXHv6QhQgwBz(f90xu;AD|811>>o+QJ>{gw6dm#SVVvh6dLcShv2M3X5ybaUKCW}X zaml(fw)Veq5Xbd64kWV?0hB^^f^xx%U}b(QZ5(wAuJ@xTc5Um`ASw&4pii2}&b!uB z6TUGDL<_I?z8LE9N;Z^Z%*WZVcj@@D8zqaZ5&dX&% z$@{yrX8;idb_a}-m&41t@XoccG(=@-m!nV*yDQ${D~KNH70O284@$C={y}ew`xQZQ zDX9)(nhFWCpRj?afsF<)WFw0R`@9YV&b{m7;m)e1o^5QJ^|hORg128DI)_s4O@r^H zH)t1^71^)xZh%w zTXh2#>}L7=`5f9pykpe9`*W;M0#GnRV~;ZLw9edl0!R#tam94VQ^nsdbud}AmC{Q& zPhIP{{8wdlo9q2#3DIog5KU?rgc7jaPcS{=MugiUvMdbYx>DRNA zA1pyR5xvTqZ`6S-H*)@i*7%?LRf&qSy&qpiEO=Pe0*k5jZrStsm4{HHv1@TcANRIr zo^!`e`jmuWmW4v*zcd2q;c`uzh_XQ^1aE3he|(1KO4^#0YY(d{MsTGj$e_1I?DjJ2>g;>Hiw-`}41 z!Uw!So=!M}cNpg~$R4a>jPL_Snyrif-uBirbYwvtzez8w6{;XzcGxXX?)s%S*5#83 z=>WJ7L2I2qT(-ZdLS)OF=^!JJWf{Y~vb)N=bYk)C;F`aUm8sl;L2JASbyxiT`V&~X z>DrcecbrocpzdHu>7>DLc8L&l!vhTzK!1f8l}Ei&zZTK${CU)%DZ}ub|4>89wf@pD zDN5Lt3@uaohx*3hWidwaMiEY%`b4r`G|>r$4;`zVeAWx4mL8|sVcbNX(=y$)qO07V z#kX-U;4cC*2eWG#Mm5;r8K`m3uqw>*bm9DYTDK%@18y#^K96CF(GQp{34G_ei2_M$ zf+-MEhg)HRF7tI*@wol>1VbGhzax99K+{TIw zx%g{vCOHPfzqDnAiQA59kLNp>s@Jzd7>Q7bs;;^@bb(p!}|+fFGY3yFxm-#Fa55-S-010cTFuDb}l+L#34EI}~z zbT^#L+Bm-qOma}};69?!{h-FFA1ZuR(I-*%D z3M|=W$wT+)7QH?B?#)`2k|ymNCN{g0`~6s_N$G@H$0Zhq#+wdgJ*D? zB$CJakeGE;`|JZAAf`7QS0Q9Kc%y9k>)C@sIA&O*Ytda=eif6x94E&QgOohbmbPTo z`dQX!7xTCRM8ZN(+D}6aYST|@JSeVbOlPfyQ)bQzD}1A+V8>;%VovsB>KuG8HBmo32?UXKT4}0UJ1Ho2wvd53cIIQ zU5nfj*}gu+UTHh47O{G%@-D6+xK?%xCV8;J&(eAWGm&?4;QQkg;D>bse$(4_UzR<1 z@2ZDMl@g#2S)k&de!X7T-^U3kOejRmH=1R`J49t0EDv107nskB&|nO^_AT`v$hGzU z%Q30I9l6z|2|l}L5oT0;J~U}VrWV-(V}0@>@{2?|Nw%cC{4dUboFhDm_0{H=eeDhN z>-QL)HU0ae{hpEf(%saH1-=Fr{G>s7(O=9K1s`aan}0%XtOnj_6_va_R?k+H(sJ*h zvr3B=6n(;M+^g~S#cKwp_Ar5C!&eC~7K935(quC6_L*yIFYf8msgSJpF?GqQCGiLI z$cKL}H3H%ZyY(fl zVBITjt5Vd0eZCKZ&7+h3{;+?U?_;<&ZAr#az^LI7yf^sHh8o(yz2}O|61=@NADH-yDUYL z7;+1t_tidxuZD!Qm<0!3QPUh9&08dO-aY-QZvF!QmIHdZ-W$#x+Vy*W8F&S_YETq{ zN+aJnd>SE z`YdYuhMI|!os+DIM+w{gmc%xugx&Mr046}+fYhOr4Mvp8{;<723Tz-jB!fA5jat@5 zU-Ept<#9z91?&iq-5%Ey;3|&VxVl@2+6LB-t5P$PY;`J$IrttI&!>*0PULL{4)Jp? z`8vNxlcfgXJm(EIX|eH5Xk`Yx{CZ~*Z-$c{cW_$7PlV+79~AtfTvl1U3T-TXOU6;q zQx#G;ts?ghgOgxHrZ6i9Eb?BKHJ{n?-1zTP+Z0SEjk9!2X|k>t9F0|yx0R^h$gYB` zpPNMCeL+F6-6N^orJCE92RL?r0Se9E2~uxL;?oY z*3!szb;^DM=jKEDFS?0l*pi-D5c|ngH*QRAOa-Y%D+5hwj6>*n%-ccCNftml*Dl{* z0AN$IZE3hUY1Bt)3WYiO5Dqrm$jf0u8?6s_N1Ji|`+&L!Tzr_$XCaVhu5NV?99ub2 zay>*P@&=IV!CvIG=G1-v2+8GAcDCLW3GqwrwG7iE2eY*z_P>Bd&CL#M^dQknW>=-= z{=t}rBJ>RfYB(;Y;r6Sp!S@IFl=xA zAzP~oFTo$@7W!@Y`y12Y4M$`e!TIi~H>OKq^X*1ct$_C8-z{N`hCHnCnPDpm+13|i z6)$H6OLWRLe0CtTQijzg1Ld*f634%u!)oTgz_D}I6qBpjM?ewfy4sbJr#PNBjvcAG z`fSgO#oSfDz5e(RJ++(LvPSR62cq~cx`IUT9X2HOT}m8N4lN*#f;Q5#A@J747nf6L z!`iD3>S>)e-#_quwKsl>NjyCr6aXz?=n!#_i4%SlmFA{V1C`ab=5DLxu4XV{6;?$p ziH`(6pnyM5SK+Cld3Ne>Sd8B?Aw7P&`5me|I@|}16Qs^%x08wa?*S0Q5I%i{3Q0KD zZf9Hz9weKW7LmO?%Zg&B>*Z}3WU>`LKCttd@$1aow!kbshE!=!h@XS$QO6&B{-uOG zq3TI#>v4Jj_=w>LAvrzw%(ug_)+OxCy|iC{6A_i|4WJ1)qaGd0CSmlWEG*T;$-E+3 zYtHOTL`S*v5M3<+#dGo3SLkTA0RQ$Ts8I|4h}RiHgZzDAd2`RT3K%g+vOU+ZRT!~f zR!%ZSiM1QjR43d$T}SbRBzkhrVC|e!5Bk0;)Vk=AdS(fx=t&C4Plil=&GUxT>C-1# zL7Q5ZNiUbd^OM=|K62D?eD~GeSIH`k-nemy12U%H!L8x^aJb zWINkRzjT+0;Gh>!bjZ_(^WPOz9vG>EQ;gByVr7bXirK?i6%$cAn8vfjrprzn3JI?<88Z-d2SbxAQO0xD9%pkFZBK#2`;-2ZNfcFw*z+ zeR7!)Qzvt$jl71{%msI~{J5-&ph+7a*Q-o)_R6{pv_6k9ZYsu?H2+HU8LkM%c?xRG zAfc;{M^d?XSTH$hso|J7JiiUt7R49cS8TTQ=Q%R`nSg1_POp7WbZV1(tX)b`o%XjBHlx9lzbgIQ+w7sb82a-V`w-^~4uRGJ$dV?<*}E2dJ~p$Y7~rVc zC{}I1rhrl^PHMiN_4baqD+8hd=HsFYL&V0$`naaaNkU#Wv1t#Fw%%vJw1DrE9v+BfS7*K5^;fs<3|l12$PwBx)Whi#MSU1mi-Y-CP(IW>Dma0Afq_y~I%>?V^ zO5FQhcfeYwcH$AH7Bj&4<9?7M$1q4i3^J{zkO`;@iEOI!p$aeyTZ_V-!>R(VBWywp zqnM;{Sy%Kqg3z%7=C)s4aw6X!8rQnSPQw++CAo&tZx^Jb++60hT>auJ3-}qlM>z{= zn0~Wzp!J%MaIV~#3k@`tdiC)JVhLNa(bv$uxfT#%aOh4nMhJ;87j+SGAeB6oD~|YC z#Ty45^0(OlbWqgh>1FmO!fdR&U*XvsXzTA+G7l!H9P1r!e=6v8F{-EEC#}-CcJLoY zlz;Vypw+_(CH2o0wF~!i^o%N7hF84T7(Qc<3!NXwaa2gTA|HcOFbBEF13}n5x&o{6 zS5{-yF-3-eh34FcD4?!Bc?3^bf#*%oLf44&Y=yR<*S`g6A*a7DghCjH;U!;2?3K+w zs7Q{jA=4^39Cn`heO?_}5Pr(PPtqX`tpqi*gM2?+VdMOO9;!cFYwDidZZ9g@T)mfZ zm@270Pl_CSARapg)tC45o8xAZ-?d+?`pbKgSBEw18;Q1SKEwgeqcTKkLM_?z&Im(% z<=2)BmhRY5=d?vc%l(1oGy^UMJ`-F%z4|ySs-{ikFdyGz7lzR;MRJTGYw-kW@Rqdr ztLtf|j=1J1ywx`kS(tW2l8@!YXB0PSJ{^S#>W&PjZMx0*w55`2*SDu2_cpm$P`jKB~LvLPBEsGl42Yeg)ZW)*N4nGtY8s4)K$gT@#~IPVqSmi!@bClp*1sr9 z(^44)JLPdYzWCa}0P4e>EavbOK7dI8rpoK_E}SCvXZaj?Ix0J5jt^StEPdqj`h(pc zu!H^G)xVk>|ChVryXDln{xHC}L%|e?fgOBXqy5MxMF4e&*ryxz#otFaDe`Xk8{vW0 zx6(1dzMm7`*U8}WR`qz-c3tnf5v~4uz~iWv+d4RA_;a)6cY&=aizJkvSqn{$HHmka zP1){t2gGsrL3Tzy;neXe#@%C}(eW6Y0wG>cJV=8699YxFHZ*$H{XfQ5 z;VUMq`U=bI6EXhn7jE3MTmk_Mw|GX5jv z%gpCwT08lUQdrHnU;M5TD;%#oTR`jVI(spw(= z#LAbJIrrcER(Ji3Hv)EGMu)rhlh^#GQ$(D06rILQT?yCd9CRdKEsR87y97Z@?c~9z z+7D?~nA*G|mcKFS`NoUUgN+RZ4(tvf901xfB$Bsr_p$9Y%nO z9De^}esypEpZgb@MR{OAx-LuBw`rcs`htM$KaW&1mz4+xAe|J5p_UWh_lbDR^cnAO zLzs$(@ixcTUDfw{t$7CohYg>6-t-z$#EdK`@fq+LmX-yq&->Kf))Z+$$h&!XzdCWq zriHOlM8k@|%?JeD8l|5MH1lLuE7gsv+4|lJi+;Of4*hCt7Nq-=ih0#bdW!3EOqx=h zI^peT;Ahw0spnZgdP6sMP`#PIPX-eT=G}V4eM7)622SJi`f-=B>@vLHl~?wsgdvOl_MAWUxeE=E)Lpx(6QDCjmlze|k$ zk9B#KW4R9Ao(51||2j_?O=a+(3|w1tR;ddi!2$mx(fr+Uiq3_*BXlp@n5sldfaFA+ z*PpXA6hsXVn#{ke?#bzUY}^fIOR|w#+oT@dnyk8M0W`i8-5}}+PhfhcQ-3`Defr@o zd(x<9-$maf`k4BL0=0On8{YcKFi0+Ug%9vF;sH~$dsM43Reejad&?s2!jTDA*?tql z!2@VHWV44D$dpHdFa77T$`|@sSugX7!{LF^*i;I+j@i3w{nhX z8p>cz*qfARfbB7)VZUrJ26PE@J@pj@>AOwpb(%l98g+N7;|X0pV`CZSK-4N2J?C|J zx7Ws#l-ezfS0LO;DBI2mIB^L1-9_zYlq97baAqgFd316qMYQ#ngrKuoyuh7%6li>ZyVm_3#cUXMiH;eZc za+_%|Sf6$BTO({HZ2R(>?J>chtm-u}W+s;iN~z$Prp81f6>gx=(3LX}O8`e4&CXbtNw+|L zlwbM^y-hU*K2dFGKCW1aqDAzrF&QV@lue+|6u#?n5=~4tIdMS zL7X_`Uhh?4b_1UK#^^ufhUAZ|9Vtlk!R0=wl^!np-;ELik-nDg?Y47s_A&)3zJpS~$w&M=(GK1Ui; z?hIydG>|SNhd{zW5M6pSJ3=Sf0JziT$cn+2D%OtZ^nM+8l5c#mmQ?h@&$M82D%=O0 z`oh7Miz0#`v+m9S@Wh<^a%zq1BX*|Rmw6a(_>yufX{aM|_U+!{zDiqbV08K$G{ zK*}V_I`Bbq_<_=h@U>Eo1lQ5@-{a+z4rph$-W$I|S2^=uuKZ_GIynfoP&4`8x5Slq zx>k;Xu-wttR2SCu@fY89{mRx(f79Qi?#XIMXSM~4@#bF)3R%73j4$8Hk?uS{6#H}T zJgURx#H8us^JS2-%p3q_lM=Z|Y-$Wy*XI~F0W7aX7Y;XbgseE-sa-|bP(Ct-EuB|~ z>5eZ+$f!S3ZwHTk+Z=u}HkMM_dA zc7IQ`u}k6}_(GdVW2oo1_;w(%5c>1l&hMeS=HQ@UNjFRCFYj9gm*RdU)hh>8Zp4S| zbC7Q;D#TPu+TZ2g3@7<;PEFQlb-0r3WhnDnFs}${6ie-WaoUcFJH<~Q^f+@`OgUq^ z`W14*2#8P>Hj(Gl1NnE4!gI(j8>Bta^FDS`N#(P45s3Nlk1V5pBn(1({13j=Cpj2( zRpnmn$OSlW0i>ggfGK{p53^fobEBNyT!tK3Zq@ia*Le%$rbEPXTzq+r`;Z&uE_~cx zXt3pHP^Qr8bj|%JV_c_t&m;wxt`Z)#%AN6R@|hU;Lf$KaOU(nTH7kFwk+_ks)5~=f zY?8h&$paC{KG>-dU4H8MDT=?yKOdnQ5&k(Oz`jQ_O^m(oIa@CtF?TmX$Z~N=+i_=A z=$8Ypuq75~Dcg?bfre8?z%YeDSH)@Z&mV*0D3+>!BpuYU1yS5XMw8miZPz(;0MLN6c}lJHh(7Yx@xKu*JD%) zvo0#EHbevS=ctAsQTYcWIhauSbj$qx5jbUS|NgDfgpKX1&Ip{y8k2C|P;)jRn&^S-W$9{fD0ig8K$QxDkIqev^j15d= z|G&2ewNMAI+z~#!M^wm0r4O1EoFQ&i?=kiM+Jga&0Raos`V_of6I9As*DuKk^7zOXji;DSc7Z@ zu9S5}57o|l&3IDv!wVHu;<>*%-i64r`eGdN4*U4EclYJSu?~#Ldj)J@*m7UO=d+;I zW0?w+m%rLe!7Y67heSQrXxlqX+cr#YP0Cr_#Q^(H*prBwXluyYZ7L)?TX5GExGUaw zcQpIB6An#inM>ln4q(?m;NA$lqS3!jX)SwS&99O|v^eu#){>+ro}Z&P&pJsljR&)H z)jN&N__)&2_Zd#NW$bOf*}HdhaRe8>r9YhT=8?5LZZ3k{1I%VFffbYi zRDmL4SNKKas5;7DN4sL^9iHr4RL@zl^>hi6kA}%maZ=B=kZ^Fe3-0XysYJ*;pHV7H zoi^lUmru=JuMPfQTl~DuZOicuol=P3Bs-RkIm)+)Ewh4H@?&zJ!nbdS@SP4Nt7Tl0Q=@>?W0e{Jyn-4hrhA0 zK2&!JB<`Sv&5$1U=Qz~&28Ze`RPXHdkQ$Wi=X+2S|LOp=*c8of>4BqylzX%olIj~} zWp=Y|y&I8MTpey1xh)G-D=H2Y)s*)+d>%2zs36lm1sDAe;a#t6dcKioBG-U%2TOsq z#WT6f1TNAPNKOA*&a>fc&i||7B;TRv+ZnTlGr5xBf{VSi@^DSrS0z3aS=17NClhO* z?++u|`#VI1pMU)-4_wQM_sn{U4|4plnA@d+#YEflmnpa8bS^|hF}LpU)#0fRN1>U8 zt=Snm&;XGB>%ValJxs9T^E)$8fd+;0h(>A;-OygZ^y|1hb@^EIO>6sR8A z;=tj>s>sfs7vy(U7yNL-g#0NfP@_Y8HC_YGv4dB=NJv8n+X?10gw$I8@IS~(^-ax1 zhf5ZmW_xrusvJajcgloS!KSh&*J*K_BQly0FKF>wcVAq;T+wN%JSmQ@2mPugb6mZ4 zk)8+1nZYxa7suDqm#F(++}?9}j=g&|g0<*2wZz1|P_|KMQg=ybHI?*p9Y)P-gup$d z;o)=s^)Y4Z^Govv=l|cD!(qQ8l*Flp{LDd6t=yyZ=}VOfhHQQ9M3(HTFOHF#f$d=WB=k!5W+E!_KPSJFqI+(qVrp27Q zC;T=b^J@%#HIpx9%^l}Yj)XcsIk|$^0)jqK3;znNSo_p@0@E{z@bkgc%w-vW*4K>= z0y})^vo%QFWUPlT@{yAocV_E;3=AW!5pkMe0}wM}g_uUNtd#U^djc$^DwZGIg}Ql_ zM(lpx`M@}&j&yqhCOUMdf<%}R%Ql{Z)i*1GhCTCAL68y+RIe$KW)Ic^)a7Ntm-X+l z{4+KHOS&!2dWOQkpL+VoMQ}9L*y%qTz9wR_qYI(Pj~v2?C+S5w^oRKzPOAG$L*6vG5br2jp|=J8>9C%5Q0!uxIDbbYQ9n$*v2{G1Xcc8u$i6Yl!-7%5Kdtmdbz)Map-4?nEx zf`1W}Cio>?>_yZQiLy)zy!>+eG0PP&>U$8JJ`5Cn)QZ$2a)-C5x09t#tHB!C*c&cm zzD}`sX+c%94~dc~d-?wLbb;1bFzWq#uEBT5GfqFzou}z01kXdDBPj8Lnh@X3tz#OQ z1phfQ+lNt(O(}@nw0SjN)f-ic%ceqm9M5%*K1kcpIqf(G3cKse(~Vl9Fy&Rqf9ZNV zAkMZ+SZf&umNb5+-^G*cPhIM!bO&=)jGvcnp~KIo{o@eHM@zx9EwWd4p4C*!wVrI( z;MAQ_fqb~B%yxLQCws_2`iYFK${H_jortMgW3&i^c!c|~C-V0UpZMWQxu#*t#g+5+ z#8xt0RT(N7rG_j!ZIr4X7ku=bVP1$m3``=Q!Op-KC#iZDcML>6FEbB82Yw_@ZY5T+ zPNRN}oYY4mEC*VhT2c*_6sih7DPLI>(np{|ZH0z~9qyfSP1?VEw^^WwTyK+&<5Wgh+(2+B_xl^$o&?o1*?hS5ZkP5ZNRp(wv) zNLh5@DBB6w{MuBJ1eQ`&8SykQ!Os>izEjj?k@eVbkIc&8qNP%)lu~#z|E$oIwVvNC zbj6|_C1vh0D0Tk*A@b90d-Vb;OKUKP_}wqOaJplm(CDvlZz^3xDsLNg;YVcg9|0z8 z5&lTyMlm$6v7Ikk_PY%iDn*s&1-x*s+py!{pzU#DtM}giW_7pFyTOPGcs9t>pqwdk zHO2QBU2b*PL-*#stSSPy8Yn1)onuC(F!wx!o*Rq+b+VZEn0Rvtgs(n620=&{a#qKR zoRC&WCY6dr+qe-cz%b({*YN6#LpyfzBTUji_l4Wf_#Ckr8N!va{9S^g1Z;&;8z|Lz*=NCig=qUh%2q1DA;2 zdF8gQmBX~^fbYF{&vz9CDMMWThqM)vXouXW-@@JIFZ>cXqL-42zVVIFa>=C$>q>ID zF36mrXSb;XWa>zk=5AHwpYN=&CD4)9`UbvnBE9tesND5TISrSVX9r<+ChZ02NS>V!7bg+w;t#ro|W2W;K8pmXpQ zQaxcs7oFAI8?Lu_NAs6~DF0bb0Ez6<_El8>gZWVS99j&wbG`)C&XH<@Y3|+cKP+Bq zLIxw-A&`$XE;siYd)5{#=2H@IiWaZ{*MMt|p z_&4I|Wn6nBxAc}jd#dLVcs&$PrUaL7vd_k=3CuuSX8M^cfiWado(ZMtD1TtPIlgQ# zwj0xggaBmv@0Q^HZOWFnsS8Gx@b)z^Kvq^94(_ zxT3xXV-|&yPBs_rM_Zhj97Zn(d}Z~d>sa!D%F?ZTyeOjtQF$gX^5_k4io#VJb(VIj zwfK*i7AGTu!r&jM-Oz>~_O7-Ua5e0ya-fqyE6j;<{B<}T2k7gvWH1s4P|Z~YYnhXA zF!T#Ln~Y|J)hhb!<1Ks?5D#&J27d{&G*0wpw$+`nyy43eZWQ~uReN&dvaywHH){(# zbSmM!yA(b7c>!=rV~|mbO3NSPHgm#lW2;Xe+rr(#sGk2^dm%xu^S4JvnRm6zk~MF0 zcRS%`TLJSwbHwQ&V^t~6A3*S8M)(hK_L{%z%BV$NOAg#wo+cQ8pk87j+S_pwqTCTa zsAE86Uu4Z+Tjk~njyHf?qkg4l8ni-1rf&=UDg7t-ok!@OeGPiHDBsFE^7*pgezcx* zMww`7jPw7vI4!jcWiJ7FO5Vny@`Vn+V>SwJN2U6whCb0m(xcGtee?;!bV(zbB0-U_ zA`6CYq)9=+hrN^aI`bTpx<^5zAMW(uHN?l#g<>VC8`s^MSWY@|>FJ(~f6Owvp6vo( zn?$NQ=iA(V{WFB{Xunh_RPzgnf3r{ia!vyCTv~JZwR|5<)cYi^&fMc30WfPSAK}$* z3ke0sWw%GbtZl3c^7 zoJqX&1={39h0bI<;ZzHid*%`rGns+o>t*U;?>o~POFE4hY+8NLSvZ6~h#V-EOpwf@ z5rLr4rTwzwPA!&K5_~YbBO(S-Sq&Ec2wP{hA33?6g!YwE?!V^>y%yM6MjCM;W32<{?loLW#A`%59mJxi&k&NTo}$u8+p6gqeFCzk^rR;CN!$~NXV zKZg--I3vyIRO;Y#nX}ZynG3`G#!wLQD+{AW0Qafm5@f9H1b5UC zb!38Jd!5Fic5$iOn%|Msf!Cb!x6V{Uuq>pJR^l`9YCZFL;Q7X6tLps8{1}Ar$OpIk zZDr6tYsO>vP;ktobw7cN81u_jw=_Nve5=uBX)>%*n3YE^Pye&%FK@S7Au7+Ls~+5heGn z;D?G}FM*tHH_6CytgyC1o=PhUBi3SP@hF7FyfoYPbJIi|jR}ntP{nZ^Pbd z<}*p_oIg_eMsgJLSRY4t-)*+;>?2I7n|AAK3^2H83*4Gq;2ltZjkqT`0q9is`^)FD zsXm!!8e)UKDce$VhQ772GV`+=9p4 zUE2;6dh9~y^KIYv>YHQ*Lx5`C z9QaTNwtllr*Z*bo7F#^y6?c)#%q<$9F!&Zm0GfVQ3c1z%S5tDgenrbKeRhdA?q=o^ zGtLyePoU+zw)R`%7s1(Ev2C*tAJ$sa!+>(j_-sUVs|qnT-rVysLt@moN{hXdPRcjs zrc5hJe0ZfBK|Xpe7@1t1hbGA>zRqS`J?aem2V{T-9hx{vZH315%DdT9DeT;(UT7}k z^sgtVdJM^FsaU)>!TVPEcvH2j{s}aYeTG%XR2x4xXmk;vrTTteYv`u*3qlixf&M($ zqrZq2-c`ohv$;ap0-}ro|2l>`(WIy;PV<5cTIw2w(Mi!Zuw0lpey8m;5r-?~CP%l_CFyW4hY`k)U^mqkO@9Iz|u<2Bop zsW!zwV)!ITzUfS}Dp9AEcqP9wT8&Je|9ZRKg3R7c1^HBR zDOeDo3FDwM@Vvr_fz;Q#tHRskINzfN&hYMJ;?sO&xM$DB?+aD2eiRlWA+NqxVfWPU zTj#hv(s1iF$xgMr@7M?Pv23WM0*(5K-unDmt^KISF88RxE=uYx)V#PAfAC*xcD#(s zSV@kh5&SDWAo?T+!3Z)*x<4~1Frd-uCy_HtXcm47J6QDGt=Ihj#Q3GI9tbk*V&IT} zNc9{{1ULAJCNKQ_NLyVMTNRVoUTX@MxY%^+neXrxk&1gxwIF=$p!CMEAvB>H1h+B^j?9_nEbAx4QZKSRelnH=Sfw z9)@C+e3eC-oO^tZ_wj4{>LqEYb9{a1oohNLQzxB}1GUssoM6#KFCy~U{0!7F^Y4wX z?=w{#R}1Bp%59Z03(`5-!mFcbW4#LA@* zUCQZAjJpQO|IVz;;Z98>XXorj;Sw_A2zuSckG}AVi<>)%A<2xqnu>_^U$0!2YCTuC zeJvJp@-OGn71iJ%r*XG`t#Cz1DjYDp+PB1x(T41NjXNq-)WMW}R0j&3tF3 zU|f2-2=t8uz2`29SRq4{7M>quh657`b@SPM0($vy_6=Xoe0A11U?xQ5ruULZE$gC6K#;S%w~OUkc%ly{v#^9Nd~Q_tBOP z#I!{DcO6;U%9ne8T_R5wY?6w;=F@&&3WS~v9zY^>&;cx?vCWcrGg=`PmL^=Y6%$#6 zarxrtxRdMbmZ;DNX{K4TDF0=v){~W%;=U42)?xs~`&!TA_9YDT0lj3%J$>gq#fddM z!n3FK-)TKHvzW}z{;~f~fUY)N44ySAa^RNuYV6`FUMq+tAI5UQuK7;2ip^hq+eNgP-4?~MQWsnwb=jNSiqS!&4tGotQeUN&g}HB!tf z^IgWqNxFAic_bP=CHCY77t*z*4^!^P&%nE$V5?4JQ>X24#}#+!k}a=SoP>eW+h8vI zdmdL<%3B}{MKFb=4$@Mp{QOE7;#qAt=uu{U>zOi`$XlbpW71SfFAB6Pq}zdy*gpeq z{D8)6rL(`w_g^r$)%#$SK$BrL;gFadBiU=Ok;n8<7l21B8zAk{PI;hb1LH<%(}%Il zd4@&S%3b#PJwNhMv={@Ap|7sax-uLs$AgTVN=VO3BfM$zcP5s| zY58IdSMQM0XQOA;Yp44IyDdX(zF9&PFE2WT)EZMq(N$aG@|+8aAWG~dQ;BK^;FA7W=rwr<`S^D8^L+Id4F^&lqD;rD%A z?ktLuW1azWAZxSAuyb~~c3ESPHC%2`6g2b#LD7R+65ly$=EOgIEtTj*=(3R51C+7$ zcV{Tjz{nZ6!na$}`0ww+GYV7MLOOb-9YSwA|$pSNzmWGJHAnXP19b@jDv z)%btdddsjVqqp6AXrxQJ6s5a66+}P;q>+#kNf~PBP(*4d34sBmMCp#9rDN!!haNg+ zfT4N$KYKs>+50%&Z})K@>;AT`b+2`<>-?Sl?-RfEqkrqR?a5r0%J&y6ZZWc3{rJ}3 zu<*nFCFq-cF`ws}&X=S1s3>ZbAxKwyswB)!VP-j=Ue!!;0EEgr?+--@f#Pz0mCj=a z!y|9p=+^pPN$v{9+F4iYcq{7R7lMnPf@8Q)?XR$q(Wh_FoIzT;A#}-@-+rUl>p$&Z zBg-n%EBss_AMR2rxUEc!k=c$g+b@Nd18uW?e+I7fTL!7_>Y)QZw+9U!HSo0n8RvXT z`XAT&Z5JH>WnlhqJYN(Icb-}XJ@5xM5igN)R zIFI1|$@vcW8#4pu->l=2!rDpqK6U-_6;tHi9mtg=t%$;2zeE3H$Z8XE?elarN1qW0X21*u+7rT2n_C}@o-mC2+?Md6CiGsf#bScw~tyNH`AbpP$$x2;2tdzmV})r?9@SoqHw+SERSBRZ4ndQ#Q;s2gTSu;~0vc`6us`UG{eO=bud9 z?;#i182QxIo~dX@BVFn~Ad4m6dp!@br#G`@+)41Kiv_IOhR7i2vO&EY#`$X5;Cy8A z;LsmfNv)VBlOg*=?h{)>r>yM_#ju07=|+8yBt7Qx?s7#~Up)CcKR&4~zW0A)l(uNr zfrO=P@A~cRMoJZ~@azW^R&SA|aQJV_o7GPV&B)}7(4sdG&xsmYiLsd&R(Faav1}C| zvn?AAsr2-Ws$XFCFW&w|zqVNnZI2x1FVqtJOBF)Jc2ud3Us&fXx|fC?0y&^C1j9HO zS2q%FD$M>y7V>s`pfF5VZ2sLU?NCZid*dh?ngNse$Ot!(L0>L5s>}J_{Hxy3iIzwI zVb`+1@rf@Etdb|#X-4AZ$WX#S`!zN!oM=$im8n+lH<`W56e#Nt*{sQcVJ^ODtJ2~N zxgR5l2Nwes!h5O*QRBIfw)S)@8GFO})IavO#S|JYA3SlRZT~^#&d^mXJBJBTqPqji z(#zbLEAfB-yoD%ea=^vFmdg6w_wv;gYqvx$KLrJ#VorE*cq60voyn(&zS7WNkvge$ zy65J1Rq~!&m&G}(e=ejK{4RY$;+m!NNL1<6%p3HS{`CUqP!a0K?YhP5R5<-UHDD!Q zc;m7vWyYb;fp_M}y-z<7%#A|+IiQ2n?eWGxALTiGK-!SUg}e<3qqU2#)paepyL5ex z7N2&qig8W#+`Ru!`w%c3ThSL4TG7VHgrKG+M+LJ0{um?Un2aa*Oa!0j%smC425#`- zF^mHf`v#3yGZNj+$~$y9a@JThElue-vOh4Trom>u2yq7QHKi1rfRQmbfxKs+eaYwL ztLoJvPAR`_uIQoi)064ZoBB&9s&~ekSVsoa;&QOZdw&jnPqJ=3$}dMZp_-OmhUj+( z74{A((ePi|-7PV)(FJrFdQE|f|Ci!XpnOKP{_EBECTWLFkFP9vx!hUk>o3%IG-OIQ z$J>v#>j>C_pAro|0ONbR^DO>pr+_+K1xX3blMRVkjIXw_fWMbDK|`|BoLz$I(>V>eREdc((5DSP$Ahpf0r73P>)$2AHwK9cw7~5-FxTj zh(i;Eblo39q29;|96kck-_Azf`dDJ^S9B^YStsjsg&Z|wuFI71 z!M|-SJ1b}lDjY$#8CK~h6?n--LT>qqE>x{Vecsy4*C0Qw-Vt1jYMc-`F6a2~IzhRy z?v9I*zljd&X3R4C0VBsgj1=alJyNa9duM_d{xdyveG0c(Exc9%BD$@xL!_5XZuP3u z*(Zga{hIvh8M*^7VXGfn>7D^&AX-{!$zy2srwmaUk6qfZezG2OK@H7y2lth-c1EI_ z6Iy>li{N)$p>@XS;l`XL3ct=O3*cxoK}x`}f=;6lvRs|l;4P2hW;av;j>nJx){2~xWuZZH^@*`JmzV703Z%R5*z_Ch3Tv!Bk)v({s zdbS*N#T@_TSe5vT&U#ky?@xok_~cdF+VeW5*GFOu5!Vh1|AIr2cbh`1$`@xoatAcs zlY5s7X_d+G>n^IIEomQ=dIOkYb(IhBl|Cy<%VmmvFh%vgXXpau*jq3!Om0SsaLJGR zQUZ_&WBtB5)cYk_JMbI?{j;I+@L$BIuWfYyYZIaLwaxfAtL58nz_BW3P4sl@&M%X3 z%d#8%2UEH0M|Wm>nV#FS+!)>=;Y_hiQkaGhNaozhFeJ(``jxE9s7JB;;oUSo-<4D7 zFZ$0n?2jRRPY>io9nUsivw})uiDHe89pH*8nI9O?!xNuXI@5LqQu*%6%^atlPh^8i ze*W3g>hu5lGWT26_}o#I|LdFd8-vhLfg?|$$cPx7olUjs+BWghwsGNXZq z#c=rmt#|OW-O&;Kzp*j{Hswy(iP*J+j$-Hs@EG)xcY+Rl5TQGW9wZ}M7f`FG=>Npg*f{5iWujA}CyHByypN>K#C!AT14|FWft!^s z5ZXp+isH|KbW`R z4+v`a4wpm7aMLbz%CD*!)Bop;27G(ayurBY??C8}&%C)c9^Q^OS8Gx}HgW@0EDFU8 zODGKxJOClBCcO9b(`}u(dhC@oyyzK>=f)VmqnjQf8qBH5>B9$z?w##W|9HMf zvD>J)-0Z)6o*OUe_uVz}!y2=4tP(cLNlu2Acu3H%x{T}CyD<$AA+6yDScFaAU-?xr z1P{yZiqZzL1$ero58VP1nZfWRLxg&!JL|)3S4Z3qm3&x>2&7^tI$7fFEHQmqq|`wU zOqP$CRQcdv{Ca*!D}7Grk%zo{iwf~{7;ok2OaQTRJ;UIhYwiLcVE&3ID@Nn^2+QdJ z4(G0u_1&g0$`9_eyoM8dII^VJM?RTAcZu-3_diuU!iMg6&*CN&U3hXT97Jf2`Aa~v z_e9=w3Sq6BNiGVzylEApZa%ghY$rONW>Iz_8I=5?&L<|Ra3{HO=Vc4s6XV1Lzq3KQ zISY*~$A!+x)wu5n18}?b-N~00m5P;e6M_(AV`WO>()7ps(&q+>M3tX-wuR#*cSU*) zn+TS3vPGCHL-rPEUAaq%xhs?*WMe=I%S8;%Q=e~~<68Xjy!Y47X@K-;d+8 z6Qe7oU^;47i^-0fu)kLiv;%9tEgK+Ud7im~5d67)qOJs^4_QKVbG@VKS85(mN_XZZ zk9WA2j}!GbfWLY?!cF!-7dFB9dXh-*?p2I9%lMX@UV#$G5mM{DXK8z?%g{&v?!4kv z_R!=E@31{`ulZQvnkz2t3qB(xeM0Ml{O>KRM1os9Wf1k%<$12kDs3!3S!eFnvskIr zwM#af_Wl0!fG+9}gyOrq-8JL&zn)r3BDn+g_dE<-YranQxud+tU&i^`do%OVp&|sR5G5gx;r%@$0 z(C5biM)PCG|6s%VjNP%jao!!o?1804&4EsQKT;eW4g@~JEyTpRZ>yfMIAU7wt0a-r z-pGz$qBEeE>x+lKG{gRZk(=8G5qgBZdBER-pj+hmq{KusUXacJbyKqsstFH_y~E<{ zgORV0s>%G-)b`(Ql&{~hpPyRWFph_d(w=e<@$jbI-bEdQ8xTGQ>7i79H}LgtQn(e< zT@buggn2)OC;8E3ppIYd(S40C>#@<}J~k`7f3G!^`HyVWDEWA4U8H$ zOq~sgTY3?9KO5JZIvdxDSq`X(B8sM=q{Ium$FyL`Sj&&Xy40{>fqshtusK;rU!Tz% zABUsP--a^IHM1jceQubs=<}Mc-VZKNd8{@wxesqSwXWAMI%G1tZR#nfavXQbhMugI*FL!Xv>X^AkCpG&x(J!3Lz&hjB(@eK0@v#fv|F-c zdsRyTNLV?ckl#FA$s|os1=m}xubxu?eqWzm0m5JB_nR}PM@F4YtGYKB99O<4ImY0S zybo7hSXaQDYp~htc4uQ1oy7;o-rYV1TQB%t+Nar%IiKa+@@IQ&B<^U3GGFFb1u;Rb zFj#h!FY0v0`$(lDOdyNVT((@HHO_=`d>%z`AfKPj@3%M&rf|jD)g!+lveiw;;HyU7 zpo@g_7k*EZ;<$$3au;1dn2rz@jro?RVH_b3;ZkpBTeCkw#xD~8h zmr;uHt@XBug%=j}Ph)*IHg&BFR4=u6g326Lc27Lv2+8fZc4;O~TnHPx%PE%MKUpRB ze@yj{F$zFqvv5i2H@XgQylqRfze`mEd#Vm)^4YNCiJKv6A^tcnM}4z2!iV21=ECEM zN8!lX7gh8@(y2{~gx#HK{XMCtM|lB9Iw6q+_pK}8@5rtHHh9}ces3(#yF>K%PveGU zfHQHRZ7_>PB8nD;gGR==mCFq-Ec~I8k!|#W-(kDjROsk%=a0E44iJ7rkvGiL>rIem zQ~0`2C6+zT1h>I+duwA!V58=S%7qu9Wd~}DNiVP2{|GnJF z3Bkv`DYtJy*)ee)ZuP{ir+q&|>|37`ye89TA#0qO*$p}gcnx2*kUYwpe^*pnS~7WE zJ(Yy>p8+Y%+%j)Hb2mCpyTcwOw(S%ziM`N@aj;c+rTNx=arU!Q+tuMiVwKOF$+P~+ z);|4`pq4=fzS#uMT<$&!mq;p>M;#uD%Rvp;<zTN`Rs?qAB%ycAMq z92o0Huf%=qcTmeU(^U%1$Um7nv(R10m2xu&Ji=;&c`*i% zHgEe%Zd)is6OFY^zcvjVK0SROLs23{iCxdvk<7)SeoeyjY@qAzs6D40N%y!7v{kuU zNZKTetGvnBVY~ASI6AQ6&a^vE0x+^3QKVlxQvwu2)>~v&uDbl@J}o*&?MGb7uGMid z9D3W!^6OSC%pTzWY&3}a2yr_Hs6s1V7cdc0myvkh5FPHF z2uYlO$zFF0_24IbVM*}nN;>nArK7fB_tsas^c=Xw=a4g?c1nx5H}*>;b%+QV z``0N!$7_XG*Q?`3;>w`1C(8eXe;u}+-mGY0kvvQy%Gw=xgFAj!Sxq|Z{7W&9RZZH@ zoK#BJDK+VNSM$CxAJPxlJfwOKbeOWfqjOEOpU0JvsbtN7u^qUd6w!ydc0lS{FeQ|R zKP{Xfn5aXV2X~xQ;n^eEN3mKx=RLl#HSrPOCkp4!U|368Xf3=k^1gsdQp;dn9L6)Q zz%1pgpxD|P^n#dzRe?gqF@xiQUw!eEW1Pfc*Am!VB=E z{Tr6#j=2LH64!+G1&vAkgZ1eYek3fL#sV3R!S>8lR1zEHcH;dESnjo8gl!T{2Kl`+ z0}0MRkX^X2wakE?nH_H?n!K=}8Rr_!HSN(~?*ZURtXMD@z#Z}7&A+3ISjHPKu`pMU zLs|7g`M%58IEsVWgamZLq1sly&7c&A_6gm___g#F@D#+M%8;X-zP)+U_?}U@Rw@Ky zP)2Z7=y&LlFSDs}Whz`?-iFq#Gyv1Wn1k`&o;p3n8tySkOQ8dv%&~Ns%&j|+s4Nrd zHmO|ma}91fL-+)+8aJD5mZfY2-}e+zTyN*J<)HM0;njz$P!|<@sZ{yz8b>g!P&#`u zvxcNCdr9Cc2%cL;y{$0o+2YLx6+2Adz|r4HF|q?b*% zP1b;d#2)XE;D0UU|L>%HSlb_7M9SnYH5Rai;mn2srg(D?rAGm@xyiVqy|FCG%OMR` zj8{9t%2=?i4Mm$gtAO=`tRmW}VF0l&u9SilkW3Lzr@)mEBuma(#({SPcyEMj?bLae zOqd9L_x`>A&FVL_duK99>!*T2nRYC-(j#is3Lj+P*z$(d(m)?`a%y>nu5JPXF*jNI z6GpBOTNvl0AvL;3!+MJg6IW{@`s>q0d?aP=?wWKuq$8zMqgR3a)*41&6UukVdH*$0 zJJgOl&(bvq`SZ0eA~>KqTM`W2{rvm29YM$jWa=Z^<~ykGCbHIp`bCBhhZVuORt+H%WS z=NfjhM`YR|tb34fP0XGBZg5$G}HeSmGh-=_HRDu)J+9z5<4WeJ6^ zefcKoRqGh;FZq#gHvm#Us>60RL$(5|-z(W+r~n=ZfdF1k0;&u31kzLx+H~qg!E>ZR z=*~^%b#Us`Kjx^DF0sqqzk{4%7459q_Wz7yTRPPgb#m5!2oSOXM?PcX9KWs~Ea>*S z5HRq021s4}pV=|%k{%J}by=|dd{&=aP9lW3 z=`n;HzeF)|M8wK#%iytEj3*-gYYo{!!v6 zXF?470vqd~yC@g`kwMq53L=wz3z=`AV_Hj8q%m!J-ShL#11bp2G1D{W4}3k~G;S!P zZ)8A>!umW~OK`y3rK2~k^;q5KaMyc}S;8*BU3vNO>XN}Q-`))_`_kBc_%1Pr7%7YU zk}lPRsi#|$W-*6lXA4E54Ir;R1ne6m2fe`y`SIC*b;x$JHjwJAkL_#u>jbgR`|bRo zJ#uU2yu7lCg8$ySq)STYl5OGhoPB~Hp(-{yV`cG~*WM4)5c8BC@vh}D-eU(0>au86n1d6X3PT4ZkEu=xV*?6QQxcQ%Ha>l zFZWig-wQG!LXwCy7pn?9bNHsbHY{(7W3-0D>fiODy9Qf!Fy8FPp8}7Du88GNaP{%1 z@xbQEM!Gfo&&~bx;L_t{xgRMyB3E9ptQz3ClQOsjcYZrAsw3?(ULwR zw*WVkp0$w;D}E^mJ+kAQHR5E6b!-SX;Rskc0m{EEl3L@KCN@#aaK z(0vGQ{~WHe*8|EKw&HF)NXHvYUIp+V%NbQ=F^R#NP2kf8 z6ZbZ~JNPqZLSQlUqzcr&`esnK-UDW!0`gSK=L{DOu!$M0U z-}^kIDUW)G+B;_Ikvvm63x-oL$it+deT%Wj^XFVJ{jJ5(S_9o%D*%K^@!nsx7U8{D z=H%GbdGxsh>vGY>ev+!-a~tFy7P9qrykhMKf&hecNb=no66j~rWUyWu>_AZASqE)+ z{QVS#aRijRf1n=J>o0VWZxFaU{svXy-0oIm79-H2d#~>djK8 zj!^LA8T@_bj41}W<24#Wn!5%F#lvEO;kZfyYrG!7%8u+?=L>F{m}Q`^85Qhp*cyr5 zJEmWB*&Q7ofRO;{2xE68s)FL4*I|Oh*7_Gh)>1?2(eP<|p@|kORU?8gkI1(GlBc0)?V(Gov}HW$wkxH3O<%-k4YTiJ zuka`lfZWr-hrH>(@CAb}N{V-t-Ja8GSmgvbcJy8EP`&_d%=&o1U{zmH*#mMgLJgZ$ z7l$l6Xpm=zG;}y5$J^-Bz-7i6v0!>@oU2t%-OM0sc&fJy`|MzCXN}jwY8cWK5^+Mr zOu{WjBBZ)=+=>~s3`etbTAfMoTKGT+H?UCIy&D zU7(ag3;rWk;w%VF+%o~9jPhLXn~uAtXcJrlMzylZ6^ZxGdb%&$0W}Sa9%}f71ml)D z8R7(h>%A3o1BmwjtvOch8upxJSEdnQR5&* zeMn3{6Y|$4XY3Cip^R*r_=+9`m@UE2C3@$+`AuA9~Fh<^sv{AbH|^e-&Iy$v3hW3Ch)FI&~C-qLo|Oc|7EGPl|K z-#^g*b@qQ4Jh0xOeRg&>_fG~i7sA-|?v=#pAwj=~5CjOv7UYjd{#^c;w|K=vAu43) z6$xdG8V}aDYZ5RU#uh$S-5qOlHLDE(iw9mf&K>hhmx5>0EBYu>z3o0N)W7#%KQkuO zl$Abvma^+tAwT%>O^^`P6$WnZmNANTJo&0tV)gY=<7R3t8K5T{KskZ(OHnk%<1}6g z2u&HHQoLXQyntoXR6c$i6`TR{A>t+EK8%EKD=SAC5^i1{N09r=3DoRYU-D~X#UqcK z_sAN7Ynohz9DoPDcjmcuXch;+-|Bho-zNp;28UEx7$?(gfR}8iQuklUNo@R0it?$7 z=gVQTe9PrnE2a3#dt!b>M=zaB0p*Smf8G$QL{U<2egPFiiyR&Lvoq0D+{Ip^e-Cc2 z>dou@Q^Mc}OtZe!m7c~=FxDSSPVqBrzp46OHT_C08@t z(`DB=h3)q52r}$`bKW>WBPGcd340l-buF|W3{$vvaa$k!vUon9??Aklegu_qWMLlAnkqtIIqiCx=tHTyni4HTs>Z~VQXWGyp@pDmgd5BM0D7CQ}#Bl_lX>ud=9?(9*3Lx zMAtKeRGvfX4}JU%Jz!=t-8X*y1So<0aA?#Q9R%E$*08kBkEq2)qrdOoc(KOXjgIuD z$6XK7boUSdTBQ$?ls<=0LPJQymLgARP#rQASwu|*S+PwY7P0~$w!u#UIZy&_U_STeO7Ny8=-w)(ibNh*})d6jlnF24y$1mZ5qg3O(j?3uY#C83#Fbc<2A;y zSCVDwsta3UaHiVAxAFWf9%R_yVZ>c3zJ70)-(`KDn%`$=DjW3vZYt7oA#`o5TG@6wDbHHmQbfC=*UyU<-eSk-gw)Ok8eA6YT(U$Hl1g7!6`+WEU;ee6e`jw7J}`1OOqJq9YEPzkOHQ?;=B1cD$h=>`M1I9N zTFKo_Z+?iqEK$7YWmXA0;uJiVXAGEK&xO6pJ4^8~W?7L81GNp6I zMGewuno7k4A`C*b_0{KSU00xLN@oS(J+NBku33ENV7_tIVgu@xGP+#b)L5FO%= z`E~!8=q_L`w^UTr$EAnK+kxgh;{^KJ~Gk}_{MBTQ8&YMLtD-U@tFOoB-XUV4!@%_IQrsJ@{ z{HvUjQ|Z*LE~dAYa_t@;*dJXbIX8i8&saKSFRN(seg(-?kDTj5W{dYlEH@K_8o=Rt zioVxJz~jqV+A!R{FzfW4{dGrraVu+s4(2cThdqy+U!VRr3&8!7Pe^;+_xiDQgFHN) z1J(y_|LAoo^O89sXKpq&(Z#ekJa4ry!_lob=JjTV+yhgcLl~g-xJe|sDU>qfrY>cZ zkWK>dD&7(6c@EG;-h^yL?>K~J{gabjM6cTb#o^y41s& zZ}FjhbMrt$>`}Mgbdnj1}*>V zcmLv=KT>D4+fu&sq=lmj^YiCC8gg)5d1P4bo~%_>Zwf(7?-i*Ba7`|x&X;{z2+sRnf%I)}tI4kalFiWEp5Okfzc&7VbcC@}W^SyNBIFK+SMRH4 zL{0BQNXx>zI7&u--kx`-_P(!RkROtyN_8#LhFc^&H!AJHJ2zsm;pk*`SC-WnJR4kH z^*n7S_OWf7_bexYRMrFR+>zvZP<#<1%uTP8rxQV^PHryhO`9qM`Qg=2(%}vvB z+A?TntenIr?L37RX6woKbtB1UuznuLT8{R(#gktc#V4VZuZ9YGdxHop>BBd^4YmVD z>1kdMO@HK2yKyxq3HTJSl^1eHD|`lYpy}Jsj!~Vb6l&ehc}N6|4@`2235|}-6=o*t zRcBNpwQ+9WA|RX;{@eK~bm;t2mE)BQXc=AD(;SGeyXGB0v>a4Kd}rziJx`zUsASRW zeaNUuzZtgItJoNNby`Ku%8?}Wc3dh4VX+Z&)#}cAxl(N1a<)*kI+YiGm;=c}@mzeo z#U@4XJknWW5U$}z4O%TY+&{FpmsvDe4DpmW$*?2(u(yIwdf@wq_)%rrifpg$KDlNb z-K6qX=c1q}ygT$Iadf@y-J<7`cZm>SP0Meo-eFj_f|)>slYdBuy2h5i(hZsW9M+c} z5cPHsn?hercmDH@C@XSwM{f$5UMs&D2W*p;bfkOdvnY~!T8_apyyPG}lUQ$-@O(Of zlzdwssvc|8XCG^``2&&NB4U+IS9B0{lNi0eycZv^hq;1I1&oB;XF|HwnhC=nxEm*| zR8he{MxMt|ILtTmbGSotm$2Kh1qVqlfAen-LK|*nzCdp`?ppmclwMu+B}5=SI4jx9 zg_dXB=kB|@FMukpyA#5;GAQ*yPyP)r!}x(TBM59iu)u9IAJy;Ek2wk2@YPK2!$OXx zi@4;5=M>)}GMpfwW(U|K(BVVAt#tfF*DRVJle)7W##Y>VS8cGn2wHvw{pk|6`Qj?8 zVZOAtoaud+$j%MRFn-jNSRp5@8JWJk%U@X*_!!3PgGCQZVsY6wI+#xqsGj{;t-jJs zd?@Rt0gLcpYB=-05A0oUSNpEvz%Lz68YW(V%J%n&C| zK#LIKb&dBG$jl=-==;XFY|!!C_Gu>WK0*7~F zaDPN@WN#IGL#xgB)(tdqaT;7<(GS!xrCWEhndyMf74T#X*)mLB0$Wp!e55BMe1Q73|Ce@IBt*u&o?`4?{pf5eBnz^Y z84|Wnk?Zy=h-=7a;(`H=PkQz27JdIlGbc!rd*Al~qoc<>cAjmP0tn~CazDgT z`H(wsIBg26b!Mcd&3Nv-R3niSWgh7{pv0k%$B?I!anPJ!)^$xf?RfQD2{jW;yTGz3 z|2~enfkF~O^455P1{4GOGz9j!*tzB>)mk6QU%CuRb^Opa57i3}lr#dvN0=~Nbu)j= z75g0QoUrym^+Oo7Yd*F(DsJ!3Vt}K6HrLe$O>t9?X}l$EwO_td0RQ~+UTV0QtL)Yr z?KevIRlB!%6J$5FUu)dz^Li*VmNUilf8?YN64=9K83doTDmptl{&fxS?3X{jdd0>W zH@z#=I>vcMos)c+P=)jUG&)sNYLhWFo%Ih>lsSwUH4_@2!qi}8@@HSDfAy;?wb;JZ ztD-4=TUARkl!WUVk1RDEc-sZUd4}h=Ugxu)5D2NPld=kFRRTr{EwJY5w)KbbCi51L zw+V;$9=%<`3w~CC48Z#;bA>!}*)D%JytAnR;L&rS?*?Mu)sR^cJta(OkNAYv2VF(i zZ@XSo^)4;AwaFw&UX)<$FsgoL)Gy_ps-24X?cIKikVo79k<^8<`w0y)=k%QvcD8$R zATW^J^pHfwkX5C}w;~eWQ;KP?%!4JL6EF{jrd#!i4IHJe^BuE-MGX$n;1{FW<-_+i z$Eu`Mp;G{JW{qXw@E5F^lNBg!ls}{UZ6+XrOTFeZu=7)s$S5PDlwR=E!A0DqlVgl6 z=!5NS{R@R28J5709_8=)T0uImqGH0 zAv1uoK^NrQVMfRpL z0_9K3REzsmy#F#VuuV}88F?u_Wv50DgMVfQ009x$)a!n2x;7-};d5_7*ESlA^?zbk}Y${=& zr)PTUQW114cDRYnbP3bZOIn{fZ!BLh8X5}BC6kiJ-AUYcyB`a3X+gB6qC5T$xBLlS z4UF{}>|1k>d+GKoVMA+}V8Jd!L^p7>s7@)kAsgFSkzfz(HQsxp87%eM9>+PwUCFP$ z{1T;s$}o?#Mu*V)`rl;7`KS}gM0g|%VJ!-Vc8($0rM(~WK8iP^Bs~Y( z?|$6*ZvJo**@(Ejt!b@K?&^iRUJ89a{g*-aK4o#+=R)z?u45=Tv#s-PW9Ihw{*w8| zJaro%^4R^A7HN>;`qP&o96^hGmcABFe)}X*3jL7?@yUS>|$-rY|A$2y>2oUC3$77HcVM_;-7GDMIy3+cKugZEuqAYmVP#@3k$dB z4Ld*O4qq*;p0F}Id0-A2klf5w3?hTcIiuuKMq97gWA*xKfs3Tv?vxDqZEcFJS{q=c z!)mPub?>n0T<-P`BcuP2Yka-4scU0brAJK8uw7H`) z5e3O$1<7p9SF5bs+@qgK=UPORW-LQ)z4(sUksdVvl3vU(M8=+FTl+uDsajtK)hgbi zK0XGOiYRU*-J&l0mGU(}LGimq?~hC)LyEqGDB-sxe_D+*`w%KUwV%sw_#Y&2Ym^KH z`uy?fm)mnCX@PNI$?0)7xqXwF6+%D()gRICyTM&;0h`(C7gs@8wi;=N%satrkybv> zlV(Mo`d3s;3H19s58~>c?CER^wgogwn&cp|rw2W~<4R%2a(hn;NEynsCENW=Hrx7( z)?1?ZXMU2_@Y#xaCRZ$%v{^M9nO5wen+si#M|h{{AyijELGeOzn~m!e48>WZ5L0zA zF)!%OblNnBtFN2mnXlg63-!%}z35A*kX3A@U5?;W(d1@Sxw-3)X6omgZ|Q-yS(Vf%MFkekZT#46yMY+C|49 z8G^`*W3XI!Q6HuIx)e+A4@_(iwEBH>B9vQi&R&VYpG@`!EquD_H-NHYZc;q&cQk~S zwHBw~IkssQ4TX`Y00Hhn0ZX){1=wrT@&CEC`|f9ovSD0R<`zQymOzM?=I#XotB!TL zzei)DBVEgQn|MF)7LoF(=%u~1Q>NK$pi_P+*_F_qs$C)av-=Uy3QuCt@R8&j00EsrGa7h(Fc6N;Ok&XpVo6r+ns253?e^1vRuMP2u*Q! zku>=jT-Mt!DgpV5RaTFvyJU1$vxSc!W?Li6rMv{@$HpEWUS6^7O-f!$@mSuO9Asws z#{?ERQ@=epdgO-czT6(FTTKa4@hQFhzyz$445|{Gybztm(w)8pRXN8F+h(*W!&A-q zVK;T{&J{Yl!D_A-ilAtxgUrB_!j`I&wX^-Qe}SXbW$ffJ_7YRzgr@Mewka*Qa6O+v zF8hLU{FKQe(u(UyJ8QK~BsQN^H6=$dyq>Qd7L{X=U$HK|ZXA(OK=;E@jm7&RNNdlv z9)?WK@kc!Z7_kM$WcRV$OF?I8N8p(fz`j-+bw?d{n^>MJ6M=qfm; zLiv;Ssy1I{Fh)kZjx)hHNX4H`Cyl>2)rMafZL|Y>WS%}ALN&1B3=($curK@_erwEA zMAy8_d8`8({XQ>$Zpy0Ze`e}-BdHzeC$)il!?j&ju3yS=csZ9U^N}WeSW6yVc&yHU z4wEs%odl}h)dVh>4h0-JQ`C^aNbhM_2?W$xOUUz90>a(30od5mUrX zm3Oe?ZNg^p71ZoR_?lpAdpK0zZdg9?8plYAPLupt{>G0{3=z zMc%OeNhxEyWy{UWjH@Jq8w-qysCfn)0MlYB|>jNDGqI z2XshxDgA*#|76N>5)4#ko?D^)Dt1qo(eyY9Ns@RkmiJa7CRto!<+l>lJSB&sN7x7d zrTxt`ggQ0q_n|T^{whz)Xx-^Hne^QlM}ArS-qMDnxopteqaJ(5Oe#WS$_~2ej&v^j zvD{ZFFfu?d;?lf#boweD2oe%vZtdY6n|Y^!69eit=B;aM=DoXh#N8>g z3##kNlC-in3;!7JWc7#o&wL0&ux~1B-7O9>Uwv9c1B0JtLElf4B30;;E$D`e<&(;N z^7%zK;d^CiVC44;^>P`vX7XD;sKF1ZL3YjHCKX+lBaSSN@GZ2T_(kQiP)J6no^!O% z-d22$=4qtT^$Q0sZe5S`E4&1F%ZX)KS=HGzev?@iG5dJZsYYThZ#XOCkiGcW*DHW_aA?$aSWE z9*{Cum-aqYihOAAgWR-0kVZoEUKLZ()b#_{vo_xi{`!pb8qH%{NPO1Rwutk4-}I>b zNfl>$ua3rD6KlHQ)ghW;w0U24nkZvPp6~x|AF6(1Se^G>Iv1O&0Cl4FFwz13Kx6YMO8GSOc7QL*vXIwF zj5jFfZW`sFzNvXSboYQMw#Zr39r7H$7Nx@97!Yt)ALfc;$mHKgU>MvP^=_{PPlE<; z1vhmL#Onex7|$4%A)SiL>7Q6Si$$PW@jtO;6eQ;56jDlTG*~0Uik%j2M(~ryO(E|( zt|k41Kc<^NHDDxwfW!0S)f{{GRgL4evEO;0Ux@P8=Do4PNk?1kTDiA+pAQC-37=y_ zC&Y0dZ5>qZm6vcq93zA~vcYs_Ass0kQEgRJjzIDcq|4q%t&I`m$r~ z=lu;=#EdK8Nvyi(#YtZ=8MDR-BV@=iDTMT@{r0e>*jJeTj_&A1XCdOj{RfyG+uv+B zhlM~SXT2s}Qktnf*40OkY3Y}JGhHXXF~{XesS{kykqiH3YLOYi@s%Q8&N0V01-^_ZAhlWJ3{!tHuP9xRIE0w01rOUpX$wt!s?<-|;B+n_xkg zM)j+mvoQ{VAjoijkRQ7RW6AI!8BAYUnGNE4KPb{+hpgqDJVn$NWe8>SK`Dr>QjhLZoUD zG<62?G5=I-3lQ61y)L`ufAqunO-RSW`C}3c3zi{W&#V1JT)0IrX!jBL{JNV>lwz0O zoTwsGO4u(zJnR{GGscSrvOW4wol#Ojo_nEBwEH~uOcb>x+*|AE7bhJXMHV`xi8_n) zf&zM@*{d!48UHTfuAx%`?*_AF68bO*Z)3(Uod^!z0@nWMxD&$j2HCh)Pma{7l&g<| z#{_qbL;4?9kepIx@3ZtY03W8;UUS)~iq*n^%0 z?5n zh6m$ZE)iur1#3OusJ$8AsnuPN=jgFAU$fbDX1t5JY5`zxiKlV~8qsz}j`qKXXH-uF zyl3kZuI=x+%*i8V;e0Y^j=E@b0Jrs_piI9^SVNDdA9cOwSa`r$lz+muD^ox~_O$ zd$7`I`9#l$9J>3R{xW!c9UFL(4C!bn0dGnh_!tc?gF0>RcW+k{4bsm zz!G^fi8x=%FU>dmHim1n{-|%K!Ni&WE>F#tT8TjQIre=Oo^YK;9O%;}MQD#kXbwbg z+OKMo{WdM7o5wef)u%Vtpq|iA=(dDGCiwdkM|xSWklL?9EKsGby5!X?X{}nVWKghILm+4RNsFXJq{3=Yk5pupe!WK`Zlsn z0V_r3B5t!Me%L)Saf>@^8!rtl)C3sLmZco3QxW6o#e_1&6NXNAIQSB-?8byPP<>iD zojvSYyn&t+CFniA!6Q!$33IE{cT;V-VQaWNsG%jUM{VZ-4(nw0lj@cNv0mbvWD6IA z5KH)2B)8iM?-KqEtLBXCz$a1XhFLpD_H%*wS_zji+OA{ZAekF5?x5S)m+Z+uIi#;7 zq}*_0|I52irlEx_&;)z0_IGNWa+(p$sb9~S51pSrvxu$_A=na#J{r;Hk@r zDj=_v)trv&SYkqAi3ao@&G;%6PR{5)PP^;rY#|dI(PrTRX-$6G_I&WODbxMuK?Ods zIR&KPtbXZM$3xuG6lyCQUW7pO2ZTScD;Q*#%_WT;4}27B;yB75!*&tKB!Q52OfHSp zqE`@=rU=ADh+5eHTuslgKRnZY#fk>6gh~C0h0lH#+LnD-v4}qG^ke|zb;KU)%&sr^ zomTdY9XOKnQ87tIVVv6TM#4@ZL`$9ylmxq=D zuL=L8Al_1s~$0-U;N7aD)sFLcp#9&rt{En1$RSKo8p?HbUEyGk;<2vH29K1c_I?q8;N`IEy zk<1qbNPCmImW}p}Pwis5Oky8J0kgW|O$OrD+&bY|sfo;Us`0KWaHTWla<9%9X)`sO zBH@|$dBy=}%Jm+!UjYX_&TQZa3eVfu64f)p$V>v7o<{^030M&#HDe+&XH#7q^|e3MMapSh8Mo~q($ZE@X7M&pwj%_ z9Z3VhuP;+^4SWbNCn#UZ8{xk>YUn4(Wyg^8kY>`HMg1%`DQ5 zJ)tbUA|smfaCvr#$F5&p=O3}E1Wk*Lo{`~gaGIFP{ZdNbYx0xrQ5Yi25j*7XYVLVd zl37MKC7`(1+|hV@?Y8^3X`89(o^(a~^|$SOw%ZCZ|IhPe6W&DIa#5;(qHC_iZjp0q zbE~Sk28Je_<+S)6m9d4sMa}8mHDzLDGIMI$Xc+1XbCj9d@kLDS?1_`NIH0gcij5Eh z%$&Fv68ko{z7qAre+|3624!z~&MXbQo!D{KH@ff@$fTX106_!CFEFP6e=l?H=;VnxocG8|hNmUm-B!!p6ub}Cl5Mk# zjq2DlRV8q>B*tmK+9d^!a0x#+KJ z{C1Fq?8%^u!=%e$U;x#pfxsK!cao)MhH;cos5<_iR~1GpCqLbH&D%>(1YZFo!b)g~ zgYkZ{0>~^nbbkqLqVMp7;eVtsyl!dP^}7>-`Te{B3O}@qmij~-z=Y6&LYx2R%1$1B zL(hubV?j>87hh-w&>p=9$ipHABC)ZW{MKeX^IK9to{$^S+#izF-B6`F(KCZa+a~m` z;wt3E^MVAB2{1twk-bI( zV$<-`FETn!36VeUO+njrZPFJI% z?cg83v=4y2dnq&1cL z+A(Po_6vb{_C47cg|DWgMPl|@8RGm!PkJ&<#vYf@U*n?PDf&!TrH=8LnORV=nZ;?$ zTsH3)*%=CtqWv$Fa#~_zlC#ossu9?z@umW+Ly2 z@1*tM;Dl9j@cI(en~fH5R$hP4|BT-sDE~=Y717>ZY8I97E|-any}UJZlpQy^KGahj z11G>_DvAcRMV35W;7Q)@M#p`fkq@f@E9hCj-aq3RA-;dfbM6W?*_jtp@I&F5-lo|* zX20fatgoYSDkxam<)a` zBSoor3=~fpRDQ-ZO{=6gt;Hd)z6;(pwBYcZ=uoiJb{E<7*ru-cSh^CxV_EJ9XrM>w zOH9#RTE1qMxB&th7BlLYUzyBBiK&iwdT*>!Y?Jd;;_VV%aO%zx9G<;7KarU>K0Yxp zzRfq*Kd|wfT-X+df=bM{6L=xHhB<;U`^OAlP6J()Zzr9Cos~DLwf4S7pm9Oi`lgc_MD1*jcj$V*oA)~THzt&gs-m|6&v&U z_b$hs4lg4_5L%0?jXm+sDhd<1uj;+9+v?}s6}Q|@kkyuTzb|IgwiTOu0>{-OVC88FuY$YmiCD7jq5M0-a1wIXdJbX+3aytWOq|E@ zE<`IHREquC4Ea~{_oys22q2h2!B!nmyhZ$SVo(aXSUn9Jz&~ipy`0@D=ERat5}1N5 zIH^076{0da)Y8^yEYzB~G^*06n-aGzH)~}sz|lm@#;t`liZx#w6*IL%tN?Q~ma21X z@rDF(HigKo!>^xR%x;n_!Ue}n%AS;*JWM&o6BJw6#f0|Uc8=toeS_q)a_gW!C|5DD z=}13_quDXPkc#yFdl;r;tuAuB=Z2T)|IzXv=o45`zVl{B=wL%9mhqsO#L! zR*d_i=<6@p!{$u9152ob`W2__OD0}EeX0jx{C$U?3+UtPVua2L?lbe~a}E8q$8J^U zBf3AezN8cLjlI~*GUq$&4?-o2E<-L0?D&vx;#lj|UHhXh6>_%B*L&~!fjP!mTmte< z%bUd!$Z))+|1RC+WQ89F}lLm~~(@UWZM5nXl z=%-e3tW_}i@i0#x^+hTHsaw=h(2K302s&?9ou62`Zg`#ob3!_Dxaqb%lV|qWx)=8) z?Fa2fbs}Q~OZ_knQY8yr$d!!M^w8>Qm~xsCQv$(5%b7W{s6N9nZw1UdRom1_-O-s- zxNZ0YUGW^xt{Q*B;$@js!o(nPp=mqnsg%XLcP7vC@s_JCYiY^RP^QuFoDadTs<~p5 zhY;D4XT>!w7eG0U#^T@;s&=3^yF@Z0<(zkicc<=vYH0!?r-D+>!{{VJvPqP`u;**PI(w3A*x% zYSbeq&Hm8iXO`Fpp-}jV%F+I)ESVl%soxDYl&IL?aWp5>BI z9_m56_Wu2f$G#}&FtZn20y?$OyY&X1Mur1V7evZ!Pmdmok8kgwd>G@Tbs=|&5fhhx znexs)rfk%6q?8gCzQDN%Z$q{ZWf#`R64>-scAZ5?;#8ion+eAr_dMS?2h*0)w1>A3 zcIN}&-_S~>^e$WIMXAGbb&W;&M@O;a8izIV5`gbC`_1{Zwy;E1mNd6csKuuMl@S`EiB)qb6TYK5Rb_db=vW$do1nPF=jDf8f z?}jc5NYK6iSzR#xAb28@g)A%8f2r`XaiU~)aNRe@B4~1x0Zu=xL0I&mCXFaut?Sro zv3gJ#V-t}r{e9psP@+0uCAUxZ998RUg^>Q$s=W~;C_`~3i^(S zmLr$^V^oF_inikbJpFF7Z5{TCLTalmeWYkih~XFEcf`|Y6|1Lp4{J*MRS_w*S`=87 zv6W|%3yI&EdY{F-%|OW$T0_rz?Vs#-D1Omv(SL3d3%To`RC zWyIV`GqmxuZpv?xJfy_DuLkIkjRSE053Cw_dVqfzK<~YCVja0;oF}T9K2F_;-wt__ zbOyCAsnlk4}+6pVwtwXq8{xa$5a2m;MP+Q=@Yn-o(_4L|FR@yT?a_hLnLftA!UJj zl|k$^lFL=~XL*10W1L+!M;+urPKDQA<+{YwzG^I78dQ0}OL>@A|0J zScfTIU|TPC%-(r^7jJq365k44sdTAyMHX(zp83|idu#&Uko77XjE;`?2*B0IBMgpr zAX!-6jRwRfV@lv#rtWNep|X8v_k{s9WKOs5I1eZp(JzT@=y-+ZK|JyXg*hgF8P=Du zI$w-o@i*$Kt|RYxr}3Zln``s+6L0Sw;6{rukaZNh zd8=+iWE+z?w~*BUV4hx5F5nLNo)0&9j}(nk)Kd6VWVD@*q5C6Yw`%#>_ISXc zHc}j_8f%;kJv0H##C$#-7>af^tkIf&E#XyEySpeG8gOc{xLn9wK*iXqCstDZ?t6ZQ z)%!-`xa7-Nc0`86pRW(i>vxS>)flDzdX))ame2)92=6!dfe54>(_KyF54c`iHA~!q zV8$0f6-wV7SZ&rPv~sfMIV{nC`@ceSI#~p}Qk>cw4$r$FOYK)S80_!hO^U*m$+`0vua7?_i5Nhv-v|N=6r35yVY}lp~_;dh5?u=JvVY&Mp8>t`^Mc`qbHt@dIZ-D{ZMW;JCWp(Y`Om(uyxO3o@hNqHG2je!VlqACN7UADIuol z#MiWvrRAP1o*o&p0*s=J+sZqS4vp~$(s6{!$E|dVh93T^XfZ%Ewt{kL?9U!iC@;o0vYjY)F@bSr4Y0p&siK(9YM4E?D5*W&hp+tNJV zYYRMT^9cDRyz>jeWjWq;e7FQOd?BKw8u+seB#Ro3U3^69DJx&4|kPN&*BvAGL5 z$@Y&n>(`pC;CvP%!Hn>-lZ=$xQzDi~XhIEwQ$bOxIR52c>UmFvXW%kiA7On90p`dLN$P=P{&SU4Qi`ls9NErN!P zTYIHk60Ut>`+k6h{`lJ!S!JEPoXAs-Q|T$2?riQ9;w9x2v^}P73A@V{RQnUR?Agac@fe$cLHZ51oY9GRfp=<~`sL}57-ST*7gIlo1ATfw z?4(_X{3vVMjS>yPw(cz6pkclwT(W2EnrQOBWZPjOzrUiT6! zpw4h&Z;d<2ly>m&o7Rrd9i26ysaPQ&cI@FJ_}E!T=5n<^>!rt74TQiOJ}@6!)AuQ* zp9z6~!(*<}PmS!`>rK}r6`G6lpa>~DOT#WD1ki)br1D=#Y!oB9(;v}LE)WW_6px2GdwmOij0 zQm|jMYU+w0oxd?S+Curfj9)xbY%WHl-+uF3zH`4vHYR!hRsEBkNf9JbMN9fn81n