From b7139ca8db9718f9229ee2fe8a10f7d012e469e9 Mon Sep 17 00:00:00 2001 From: Ian Koplowitz Date: Fri, 12 Jun 2020 17:06:58 -0400 Subject: [PATCH 01/15] initial work --- kong/plugins/oidc/handler.lua | 34 ++++++++++++++++++++++++---------- kong/plugins/oidc/schema.lua | 3 ++- kong/plugins/oidc/utils.lua | 7 +++++++ 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua index 945af28a..cdb859b8 100644 --- a/kong/plugins/oidc/handler.lua +++ b/kong/plugins/oidc/handler.lua @@ -7,7 +7,9 @@ local cjson = require("cjson") local openidc = require("resty.openidc") OidcHandler.PRIORITY = 1000 - +-- GET /api/groups +-- GET /api/users +-- GET /api/auth/bearer/login function OidcHandler:new() OidcHandler.super.new(self, "oidc") @@ -31,6 +33,9 @@ end function handle(oidcConfig, oidcSessionConfig) local response + -- clear important request headers to prevent ability to provide them client side + utils.clear_request_headers() + -- get/cache discovery data, mutate oidcConfig.discovery if it is a string (discovery endpoint) openidc.get_discovery_doc(oidcConfig) @@ -41,7 +46,7 @@ function handle(oidcConfig, oidcSessionConfig) if response then local access_token = utils.get_bearer_access_token_from_header(oidcConfig) local userinfo, err = get_userinfo(oidcConfig, response) - + -- @todo: how can we distinguish between access_token and id_token? -- err can occur due to id_token being used for authorization header instead of access_token if err or not userinfo then @@ -49,7 +54,7 @@ function handle(oidcConfig, oidcSessionConfig) -- introspect passed but userinfo failed, set userinfo to decoded token instead of leaving blank userinfo = response end - + response = { access_token = access_token, user = userinfo @@ -93,10 +98,16 @@ function make_oidc(oidcConfig, oidcSessionConfig) end end + -- unauth_action = pass (default) + -- unauth_action = nil for /api/auth/bearer/login + local unauth_action = "pass" -- grab X-Requested-With Header to see if request was from browser/ajax - local unauth_action = nil local ngx_headers = ngx.req.get_headers() - if ngx_headers then + -- @TODO: move the hard coded path to config file + if kong.request.get_path() == oidcConfig.idp_authentication_path then + ngx.log(ngx.DEBUG, "OidcHandler login request detected, setting unauth_action = nil") + unauth_action = nil + elseif ngx_headers then local xhr_value = ngx_headers["X-Requested-With"] -- was the request ajax/async? if xhr_value == "XMLHttpRequest" then @@ -107,7 +118,10 @@ function make_oidc(oidcConfig, oidcSessionConfig) end end + local res, err, original_url, session = openidc.authenticate(oidcConfig, nil, unauth_action, oidcSessionConfig) + ngx.log(ngx.DEBUG, err) + -- @todo: add unit test to check for session:close() -- handle and close session, prevent locking @@ -159,7 +173,7 @@ function get_userinfo(oidcConfig, introspect_response) -- cache hit if userinfo then userinfo = cjson.decode(userinfo) - + -- check if decoded value is blank if userinfo == cjson.null then ngx.log(ngx.DEBUG, "userinfo cached value is null returning nil value") @@ -168,22 +182,22 @@ function get_userinfo(oidcConfig, introspect_response) return userinfo end - + ngx.log(ngx.INFO, "userinfo cache miss, calling userinfo endpoint") userinfo, err = openidc.call_userinfo_endpoint(oidcConfig, access_token) - + if err then ngx.log(ngx.ERR, "call to userinfo endpoint failed, ", err) return nil, err end -- @see openidc.introspect https://github.com/zmartzone/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L1575 - -- utilized openidc.introspect caching logic + -- utilized openidc.introspect caching logic -- todo: add tests to verify values are respected local introspection_cache_ignore = oidcConfig.introspection_cache_ignore or false local expiry_claim = oidcConfig.introspection_expiry_claim or "exp" local introspection_interval = oidcConfig.introspection_interval or 0 - + if not introspection_cache_ignore and introspect_response[expiry_claim] then local ttl = introspect_response[expiry_claim] ngx.log(ngx.INFO, ttl) diff --git a/kong/plugins/oidc/schema.lua b/kong/plugins/oidc/schema.lua index 85cb57ef..cb0b7e23 100644 --- a/kong/plugins/oidc/schema.lua +++ b/kong/plugins/oidc/schema.lua @@ -61,7 +61,8 @@ return { { end_session_endpoint = { type = "string", required = false } } } } - } + }, + { idp_authentication_path = { type = "string" } } } } } diff --git a/kong/plugins/oidc/utils.lua b/kong/plugins/oidc/utils.lua index a41786e5..91e0684c 100644 --- a/kong/plugins/oidc/utils.lua +++ b/kong/plugins/oidc/utils.lua @@ -42,6 +42,7 @@ function M.get_options(config, ngx) filters = parseFilters(config.filters), logout_path = config.logout_path, redirect_after_logout_uri = config.redirect_after_logout_uri, + idp_authentication_path = config.idp_authentication_path }, config.session end @@ -132,4 +133,10 @@ function M.cache_get(type, key) return value end +function M.clear_request_headers() + ngx.req.clear_header("X-Access-Token") + ngx.req.clear_header("X-ID-Token") + ngx.req.clear_header("X-Userinfo") +end + return M From 0a0b64a9d94e023b8c4b9ecf0d1c735dcfdfe3da Mon Sep 17 00:00:00 2001 From: Ian Koplowitz Date: Mon, 15 Jun 2020 14:35:55 -0400 Subject: [PATCH 02/15] unit test work --- kong/plugins/oidc/handler.lua | 1 - test/unit/mockable_case.lua | 11 +++- test/unit/test_handler_mocking_openidc.lua | 64 ++++++++++++++++++---- 3 files changed, 62 insertions(+), 14 deletions(-) diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua index cdb859b8..9b7b13d7 100644 --- a/kong/plugins/oidc/handler.lua +++ b/kong/plugins/oidc/handler.lua @@ -120,7 +120,6 @@ function make_oidc(oidcConfig, oidcSessionConfig) local res, err, original_url, session = openidc.authenticate(oidcConfig, nil, unauth_action, oidcSessionConfig) - ngx.log(ngx.DEBUG, err) -- @todo: add unit test to check for session:close() diff --git a/test/unit/mockable_case.lua b/test/unit/mockable_case.lua index d8ca2758..76f59929 100644 --- a/test/unit/mockable_case.lua +++ b/test/unit/mockable_case.lua @@ -5,6 +5,14 @@ local MockableCase = BaseCase:extend() function MockableCase:setUp() MockableCase.super:setUp() self.logs = {} + self.mocked_kong = { + request = { + get_path = function(...) end + } + } + self.kong = _G.kong + _G.kong = self.mocked_kong + self.mocked_ngx = { DEBUG = "debug", ERR = "error", @@ -16,7 +24,8 @@ function MockableCase:setUp() req = { get_uri_args = function(...) end, set_header = function(...) end, - get_headers = function(...) end + get_headers = function(...) end, + clear_header = function(...) end }, log = function(...) self.logs[#self.logs+1] = table.concat({...}, " ") diff --git a/test/unit/test_handler_mocking_openidc.lua b/test/unit/test_handler_mocking_openidc.lua index aa2c9883..1c722b8e 100644 --- a/test/unit/test_handler_mocking_openidc.lua +++ b/test/unit/test_handler_mocking_openidc.lua @@ -1,7 +1,8 @@ local lu = require("luaunit") TestHandler = require("test.unit.mockable_case"):extend() local session = nil; - +local idpAuthPath = "/path/to/idp/authentication" +local publicRoute = "/this/route/is/publicly/accessible" function TestHandler:setUp() TestHandler.super:setUp() @@ -75,7 +76,7 @@ function TestHandler:test_authenticate_ok_with_userinfo() -- act self.handler:access({}) - + -- assert lu.assertTrue(authenticate_called) lu.assertEquals(ngx.ctx.authenticated_credential.id, "sub") @@ -97,7 +98,7 @@ function TestHandler:test_authenticate_ok_with_no_accesstoken() -- act self.handler:access({}) - + -- assert lu.assertTrue(authenticate_called) lu.assertNil(headers['X-Access-Token']) @@ -118,7 +119,7 @@ function TestHandler:test_authenticate_ok_with_accesstoken() -- act self.handler:access({}) - + -- assert lu.assertTrue(authenticate_called) lu.assertEquals(headers['X-Access-Token'], "ACCESS_TOKEN") @@ -139,7 +140,7 @@ function TestHandler:test_authenticate_ok_with_no_idtoken() -- act self.handler:access({}) - + -- assert lu.assertTrue(authenticate_called) lu.assertNil(headers['X-ID-Token']) @@ -164,7 +165,7 @@ function TestHandler:test_authenticate_ok_with_idtoken() -- act self.handler:access({}) - + -- assert lu.assertTrue(authenticate_called) lu.assertEquals(headers['X-ID-Token'], "eyJzdWIiOiJzdWIifQ==") @@ -181,10 +182,10 @@ function TestHandler:test_authenticate_error_no_recovery() authenticate_called = true return {}, true, "/", session end - + -- act self.handler:access({}) - + -- assert lu.assertTrue(authenticate_called) lu.assertEquals(statusCode, 500) @@ -218,7 +219,7 @@ function TestHandler:test_introspect_called_when_bearer_token() -- act self.handler:access({discovery = { introspection_endpoint = "x" }}) - + -- assert lu.assertTrue(instrospect_called) end @@ -230,7 +231,7 @@ function TestHandler:test_introspect_ok_with_userinfo() local instrospect_called = false ngx.req.get_headers = function() return {Authorization = "Bearer xxx"} end - + local headers = {} ngx.req.set_header = function(h, v) headers[h] = v @@ -285,7 +286,7 @@ function TestHandler:test_bearer_only_with_good_token() -- act self.handler:access({ discovery = { introspection_endpoint = "x" }, bearer_only = "yes", realm = "kong"}) - + -- assert lu.assertTrue(introspect_called) lu.assertEquals(headers['X-Userinfo'], "eyJzdWIiOiJzdWIifQ==") @@ -350,7 +351,7 @@ function TestHandler:test_authenticate_ok_with_xmlhttprequest() end -- act - self.handler:access({}) + self.handler:access({ idp_authentication_path = "/arbitrary/path"}) -- assert lu.assertTrue(self:log_contains("ajax/async request detected")) @@ -405,6 +406,45 @@ function TestHandler:test_authenticate_with_session_cookie_samesite_set_to_none( lu.assertItemsEquals(v, opts.session) end +function TestHandler:test_authenticate_ok_with_auth_request() + -- arrange + local actual_unauth_action + kong.request.get_path = function() + return idpAuthPath + end + + -- mock authenticate to be able to check unauth_action + self.module_resty.openidc.authenticate = function(opts, target_url, unauth_action) + actual_unauth_action = unauth_action + return {}, false, "/", session + end + -- act + self.handler:access({ idp_authentication_path = idpAuthPath }) + + -- assert + lu.assertTrue(self:log_contains("login request detected")) + lu.assertEquals(actual_unauth_action, nil) +end + +function TestHandler:test_authenticate_ok_with_api_request() + -- arrange + local actual_unauth_action + kong.request.get_path = function() + return publicRoute + end + + -- mock authenticate to be able to check unauth_action + self.module_resty.openidc.authenticate = function(opts, target_url, unauth_action) + actual_unauth_action = unauth_action + return {}, false, "/", session + end + -- act + self.handler:access({ idp_authentication_path = idpAuthPath }) + + -- assert + lu.assertEquals(actual_unauth_action, "pass") +end + lu.run() From 2a1b968e01a231f1cddf68b5f017b4007d07db73 Mon Sep 17 00:00:00 2001 From: Christopher McGee Date: Mon, 15 Jun 2020 17:24:27 -0400 Subject: [PATCH 03/15] Documentation added for pass/idp_authentication_url settings. --- README.md | 35 ++++++++++++++++++++--------------- docs/kong_oidc_pass_flow.png | Bin 0 -> 118919 bytes docs/src/pass_flow.txt | 29 +++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 15 deletions(-) create mode 100644 docs/kong_oidc_pass_flow.png create mode 100644 docs/src/pass_flow.txt diff --git a/README.md b/README.md index a8daa936..a83fe07f 100644 --- a/README.md +++ b/README.md @@ -80,20 +80,20 @@ For full support and functionality you should have a `lua_shared_dict` with the ### Parameters -| Parameter | Default | Required | description | -| ------------------------------------------- | ---------------------------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -| `name` | | true | plugin name, has to be `oidc` | -| `config.client_id` | | true | OIDC Client ID | -| `config.client_secret` | | true | OIDC Client secret | -| `config.discovery` | https://.well-known/openid-configuration | true | OIDC Discovery Endpoint (`/.well-known/openid-configuration`) | -| `config.discovery_override` | | false | This is a **map** type with multiple properties. See [Discovery Override](#discovery-override) below. | -| `config.scope` | openid | false | OAuth2 Token scope. To use OIDC it has to contains the `openid` scope. Note if using `refresh_token` grant then include `offline_access` as a scope. | -| `config.ssl_verify` | false | false | Enable SSL verification to OIDC Provider | -| `config.session_secret` | | false | Additional parameter, which is used to encrypt the session cookie. Needs to be random | -| `config.introspection_endpoint_auth_method` | client_secret_basic | false | Token introspection auth method. resty-openidc supports `client_secret_(basic|post)` | -| `config.introspection_expiry_claim` | | false | Claim name that will be checked to determine cache ttl | -| `config.introspection_cache_ignore` | false | false | Forces cache to NOT be used | -| `config.introspection_interval` | | false | TTL that can be used to overwrite token `expiry_claim` ttl (will only be used if shorter then `expiry_claim`) | +| Parameter | Default | Required | description | +| ------------------------------------------- | ---------------------------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `name` | | true | plugin name, has to be `oidc` | +| `config.client_id` | | true | OIDC Client ID | +| `config.client_secret` | | true | OIDC Client secret | +| `config.discovery` | https://.well-known/openid-configuration | true | OIDC Discovery Endpoint (`/.well-known/openid-configuration`) | +| `config.discovery_override` | | false | This is a **map** type with multiple properties. See [Discovery Override](#discovery-override) below. | +| `config.scope` | openid | false | OAuth2 Token scope. To use OIDC it has to contains the `openid` scope. Note if using `refresh_token` grant then include `offline_access` as a scope. | +| `config.ssl_verify` | false | false | Enable SSL verification to OIDC Provider | +| `config.session_secret` | | false | Additional parameter, which is used to encrypt the session cookie. Needs to be random | +| `config.introspection_endpoint_auth_method` | client_secret_basic | false | Token introspection auth method. resty-openidc supports `client_secret_(basic|post)` | +| `config.introspection_expiry_claim` | | false | Claim name that will be checked to determine cache ttl | +| `config.introspection_cache_ignore` | false | false | Forces cache to NOT be used | +| `config.introspection_interval` | | false | TTL that can be used to overwrite token `expiry_claim` ttl (will only be used if shorter then `expiry_claim`) | | `config.timeout` | | false | OIDC endpoint calls timeout | | `config.bearer_only` | no | false | Only introspect tokens without redirecting | | `config.realm` | kong | false | Realm used in WWW-Authenticate response header | @@ -101,6 +101,7 @@ For full support and functionality you should have a `lua_shared_dict` with the | `config.redirect_uri` | | true | URI (absolute, e.g. http://website.com) to which authorization code is sent back from OIDC Provider | | `config.prompt` | | false | Valid values include `none`, `login`, `consent` and/or `select_account`. Note if using `refresh_token` grant then `consent` is required. See [https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) | | `config.session` | `{ cookie = { samesite = 'Lax' }}` | false | See [OIDC Session Config](#oidc-session-config) | +| `config.idp_authentication_url` | | false | See [pass oidc setting](#idp_authentication_url-oidc-setting) | #### Discovery Override @@ -153,6 +154,10 @@ These properties are provided to `session.start(opts)`, for more information on - nonce - Replay attack mitigation - last_authenticated - used for silent reauthentication +#### idp_authentication_url OIDC Setting + +![alt Kong OIDC pass flow](docs/kong_oidc_pass_flow.png) + ### Enabling To enable the plugin only for one API: @@ -206,7 +211,7 @@ Server: kong/0.11.0 ### Upstream API request -The plugin adds an additional `X-Userinfo`, `X-Access-Token` and `X-Id-Token` headers to the upstream request, which can be consumer by upstream server. All of them are base64 encoded: +The plugin adds an additional `X-Userinfo`, `X-Access-Token` and `X-Id-Token` headers to the upstream request, which can be consumer by upstream server. Note if these headers were present in the request prior to the execution fo this plugin, then they will be removed/overwritten. All of them are base64 encoded: ``` GET / HTTP/1.1 diff --git a/docs/kong_oidc_pass_flow.png b/docs/kong_oidc_pass_flow.png new file mode 100644 index 0000000000000000000000000000000000000000..c0802d01713bf79325c1c8c03f799589b9360247 GIT binary patch literal 118919 zcmd43c{tT=`#!pqSSqYC6*3kjq0IA`BvWWYgpwq)j3HJbNhKjuQXwHp=447Thh&}; zGAESS=jwgG$M3t3WAA_WvDf=NJ-y4a*5`BI_jO(8b)M(7LJjne&~IknOdt^Gk7{Wc z5(pbx@NW)r1D?6|Jl7BZp|Lu4M1!zS`QPKx)JOt>hj3Iw)z~xsNAE>X<`aL!W^=FQ zUTc*nX@~p_7W!QLgvLPbGnt1N7(!pky^WgdxCXTbwd$tB)X!>zv`8$%B;uY2DjVo{ zpZ*Z&_K97pER6T)dD#0(ve2K~WlHaPylk=0x5Pj3vB}%0ujAt>4=Qy=cdGyV)pmsE z8_mDJ^1S;0>~Gm-1x|y*5y}ki`zDfGY|kG$W7O@Ircrfj1A!z!xe9V|7@O$3m2Yv+ zo;^!G@Zr}~w}tokvto~#n{RiB^cH)F%F7qOe(mz}drNF=tVyPnf^??A-ie8cz>{xP zwv1&{6L@-5>gfqY57E+}pS$udo4&PQsTXhZ{ndGK&z?QJ`)E{2MBZ>sru&&b50jGo zmuCl){C6%=0U0(N8zyJC*Jw3gQlbPO&6M0v66*oe$JtrruhzM zi?2>i_ZBDludRf0NdKDd{nK)Un}wOV{*h$eIk5*(QP&n4q$34%Z-s^Z`7={CRv+7% ztRAczC)GK1b?iifoV#6Li5Gr8@g*~^)BcyuBrf`|b%f%VCx^pU7RF}!%Pi83Z|vHIvglkUrmCF15`M}}GLr(Ob*r&|;_{|%)^1w}- zZv@I6d@QN|S6jyM;{`7QL6^0vhakbi9)7dhYH^}{OBuGi=FYCm-ER*t96TfZC06|6 z29p48zh&Ni`$E|}=2uo1Cp(7M6P2z#YOom|=VZ88L8d$QQ20{k>roEJlEGJrH@2|x zkr}v^eEu^_3&LUaE8USqq+25M>*Y!<$AIH){iIk)cv7wB+U!b$80t*Vyi zhMg_HyZy$F3A1idB}FK&$*6tDp`icjQDPISp{A&4Yd9-*yN1i>cKqjJ564iAp&H#E zJ%voXKc|al3252W+XhWwUXK^%RmTGxY!tbvd1;Y;l9B?KW8K38r?SitrUy*k#K?PO8SK>{rW*_8oc5jRD|MgzqWJe` zD;D|6`!7o~{mPaV)Nu_0B%;#V@-ViTm6=)i^s94oL)AJ0u2|&1f0j;Vv~x0~TG!mM zm--Xu_)e9WX`0{Yb;2%>otJsnuHF|XG9m@__2Q(iG$kswKG&7^oIU66z9>Ia!oNM# z@9$zqeSLjjsSme|)8kjKn(guq#V$&F#3Vj#8H3ZSnPju&tnj56FI2D?)hK*V-G47IcTll6c5Nh?jt>-A#`VPRnhSnD3E2Bk?xkY1Z)cE7!{Fn(-0x#(jy z_3x!4Ke7}MHKo`7{Cab#)hRY3Bcp8X_hfkxt;dhAEp?Bm2^y~qX#Wxdcw(g;xzude z*Z#VGtG5)}K}^1V`?jLbudnt}fjn8}rCnKP^JancN>g?3>yR&CMNh zI~6)ogQCs7Lw|?HD|mg5+g1KtH%?PT#_fCaty`NF{vsblYd;$)d!3u>F1M?&4R8Nv zX+}S#<>OA26b{DL(w}%uMwjXZqM9|&nw7+^PmP=@2pgd?~oIbL)r@-0z z>eZ_eT#B3yv1%zTAHq3~d{Jn5ELu1=!B@6@M_+Sw7+Y@?ZJFozv*_8?T$=_pq9V>m zU&n3&kBe$Oy^7H`4vu47Yq2`t?(aD!!A`%@Ki-OjhA1|5EIo1hbWB`aolWkF?^;Io zyIX5hI2P~2R+q}w_oUqFu<$Q^@}$Bpuc+r|nCQC@l1Zs|UggjIr?Pm+zZWNu=?@@J=o*H#yr=mKqf zix&AK6x2vnw|9!CEjr=AlMPU~W=*5pU1s_enA}BQvA0F)d+}c{o zz0-GY=y1sc4L+~=TET58nFaEU#k_Y$*s8XH^n-+isVs#80?yAKB39-3vuC{IcgsUtW-f0hkP3kq z9v?06S`gTIHoN4f(JylW4^xgr7zzqSeNwvin}__?v0qQGC-)+w z+IQS8*RM@A{wT_PsQ@xmw01Ji-#L4HhJ(5Nc!r-MKhZG>;KbT=WSvD~^1RvB*7o*F z_jc-oC`{yL1nQid!d;K{7bm!0Z0Z-W`Sf6)XF;LswIb`B(_3kR%FoU2`|x+Rl5y_j zTZdjdskk|d! zrj^ptQ{;ZR@+Lh}pqH1|v{38W!-Fy$Nl};bx^k>*9B{Bv&BmINM1_Slh{xqQL;M}u z#4mheu2>TFDs4aPwwMyK6FhHL{)rl@!{8(gfW=^)Isx z(*15RgZNW}n0Y3brmWO!!3Kwkq?VqZPE1~2UjFn++t+mzNpm~(^{s5uziX|Lot%X24H84-ozGSy#J z_WJc_uPb%YqDP3OvlUyYReMT(mQo^=wDt5p$h+gjD<$ctw)Xq|xneQHmSb5-!&zTg z_a*iDbA&n5`qL?&rRh?~{&(0K9`gPB_h(~vdbC?f#a)sxQB&K%H8^aRw01*O{4k{& z-Qgkn@<%7gdmtY^(oA7tVTpS10NLgGs*>>8qBe*8;R}~9UyeRt`lZCnl}rjM-yvzo zyvE$4yTmp9xWIp1$^A+3C%03_Jvmz%6XX**)(6Trk_{%mWTrFKJ`(g@zu#eccH~rr zrTX-zpr*Y_DP#)mVehR5|2tk&r?v+wD#g3rXv%w2Vp5T5OTQlN+5T+V-)B ze;9P4Vc`6ldr_YuIEdtp^5N{bjPo^X4`5t#iYm*Zj4NAEK!9dxvDH?>W4sA#xUs3y zDrful?M?#~=fuqY|GFP~pP=loT#go&5eN_)ns^o~O=g*_;J zEKS47Cipasylx;w7~xF??rjHV zfiRFnD_CM8BXiv+PiC|i0qJqt+MGY%_T@`a-1N2dM4S0{W-sWU=MP?pRQODVVa>TJ_3YwROSn<@fv=F(^eZs>7rr$Vkobp$NMMUmYTZOYrPT=-O6u4eoSX*5IaCbhH#PuSJ zN+_J_*tR@*@#2$J z&g_b>ueX%<&+n;;-kWKkqgg1e8&5n!B`f1T!5r7HHWo7sS;f@Mlb1I>1lqH;v>e0*u@{LG-k9moKo|BpRc6N43Ks%Ei+5F^>M@*zHSQ;K^cqFM#WMO3; z;?R>;LAcCi&XvS7l;r!b`$cJw&TpV0sPJp@6ZzUM5C|HHuU{YX-4cd!z{bLIDbM7F z+O`R`8|E>_$Nc>K06XNa{_q_C{A|E+m#36%^W)Z3eKt0>i|5aii-ZXQ1IZoATL=W1 zOJ81g9^t-LHMX!YKR?}HrhNY6U4!Vo!sMfQZj)c8Pz9eVsca*MqMfAdqu0VWlGDcK zHkCvULbFpxwuS#(H5+o7|L^hCr%#_6unC%}; zBM?+(?K@vTLtn5<{_0kDRRTeE6PD!PPawYAzRM}u!$s0QCX zpb3%v`!j&R&zw0k)s<&`Xwa6Zvb((O8s4UL{HJ%RT5|KaTfrs+^wkNCwi4{&nyBk} zCX(#*s-!lXa)oW(gi9`%cLqZA*8+MXO7CA=5wLLRDv*ZY%;;y%qW}`W|Y3$fD zLr%r8YODDh8hqtPv~giJxz7yu6|(qp=5^Z3NT7oQGA%0l4JZnXv;V+>D6QQon&Bp| z&mTQ`@?o8eN#++IK@pQTA$m*dW3RB7wh}Uj3^LkHGLhG@o;TF4TTJ58%^eTLy2&MU z+JCXjV-4GsBs(BE>!~omg$X4WMf$;mHe5frj1Se-ioSHJBUq*j7cMl!NiWrTNXC5J z@yK^DApTB}`XS#@CmCNQ3%+|q>J3~Gf+XVZ?Q{_}!!Cu#j~_P^Vaq3kY?rnwsD7XA zZ03-2diJRN+IV`q9nx=PEs_cz=oHlU%E=W`xE6Hf{qOz)Dt|^ZG~@54RMm6h#EGLv zkLn1B%gV|sDk{p#o)L=DJaPn!G%>@?tC7-z&r{P%H}0Cc`phttL%u{D8*=!%IP2Bo zU7}(8^@O7C`+F%QVm(;|qqJo?86s-biTjv0mxOfMiy+4K@0a(OHoJ7`(uE6q$h{y@ z0=iF-?`rJ^{Zb_xRaI5ByzFV`vPVkltocFF8_GMh3fr zx{L#)o~V}me%o8kl=871ZIxN4g;`hCg`$So6u20ZWM$T?j}3;z`<}(39zX6p-BSqG z=A^OlZUKSc`L|T4)3dVlKo_|bqH5xS*uVpSDeyw~S-y{^k#Bh5t8C2Go#v5cTR3Uu zDpS9lchcHyA{b?!o&DlP5#lNDat8&VVhfO1GmKvVM2h~~037B_lf2(6V@WKV4+GYo zI1xp;QgMefA7!1%;iT=M8e3^7m--YZcRP{VOyrc#^~pOrr|w?S-k8>I2f6~J%gIa= zNl&nNB#BL%HuV;{*EKa|r>B?GMFE(ChQfJ>uFH7w0=fOCw_@T>>14xn$+=1h_49}JMQQg~XBejI2r%h2 zuy3Ua*Hq66esul$^Cz__0*gFCQQFSO)iV&4M$dK56gVX>lsWXj>qQ6K)6+9FG=!p% z+j*PxE%uu|*8iUVi@ts|R%RBN}G*h-QYQFy~ zUa+K@-4VIV=zD+Wb@iV=nt7;YZ~A%4`~b3WK&qEs`18tI<^`9G)4ArxNZ%WOh_lBs5$GI%&YAP=QN-_jcz(GfpM6o5vZG+8BDYS`hI7LecAndzrza zjed$!6}hhuoQVd(vA1Z`K@X$nEw;82T_5l9r&}MRkSdyLBGGlD^N${}E8N+Vq#Wr# z_w{V_S-a(1#Gg$>df!9byLKhqzaLn9dG@1-g2MHh;d@8hwe0CjP&hA1uuG2rh;=+D z9bHG?9l*g`bxy3nENe-gkw8cu)lJ!-p?lzT7Ng=6UeOux4vDV zB#8$UIK|qY5r~wF?5Xb2es+jY>3K}dj*!AQnQ+aG2R+2-r~?D4dccXVT010NY1esQrT#yIEa75J^w!4+gnMduIY&+4 zU38-(^sjbleDZVa=n&#PZE>V6}S?i}dXQPVDhTdh8w+O-Z3A|Dd6g04g}z!wJIxgIf<~>{3)yTc@rT=ZpK4^@S|+ z@IuMZxU04EO*1nPh6iKZ?T|`twU6h-R1%9rgR;bF0iM5ts~z|g#(@f%rK*PMMoeU-PczK=)TkPsMK)FELW6szJ6Z|LMQJis!-G_yg`LcZi9`higZhf*Ftx`BWO2y)HeV1we`O<{zz~eimC^`_ZBaqfd4H} zduBK;($p~O!asDoy7Izf+#)f^TjJ>q?gBg@ z=q3l?&zOVOU=t@S({J6nMa#(LnY)&8DqCr(#}#@-YSO1kmROyu>uc9;s14S*d+#va zzE9sTfN}r~4%k9pKq!37zi#`o!rA^PF!{S{f7su?)Tf9*8YGeE%ZFmQ{1i`Ro1cAk zu6%W6AvZTS$?IF}KBMP9!BnGQAdeGy*~7m)I~IM)+-ncIFHj1|?Ba0^5I#QD);eqT ze;XU~nCVMEL-zc6*6EyzI9)bo<{y2fs9t?7EiFufdOi7$N!3MIZWAng6t|1SMCH1SY)I-$xmc%go(-{1)4Yx&(RrTu&b&1!0o$+=221OzZ7XrPHm<(A;CcEbRp}|-7RUz9Dis&~r zu3r6x-uQ}CH(Jmn?}>D@e$C@Q$z(E`te+#bkzgq1&BPFfHn~TzIp9nA$iP9lV3u$K z%?q3?#~KsN-wuMQg#5*SgG|GC{rgucbcu3p=*Q4_=jNmYE%&y?$!%JuS1f z=%z6r+0WlV31~liZBgd8JOzCLmDR-1@R0jN+u<-)+;?MKl*Epzp7(Vz-E{^Hd&ZV^ zGuqAH`F2`LSqw{;b(eVMYVCdmVga(5t^iYTJHi|S@t)qHS z5`{!XmtMWNnCNALlRVOmqW9*_8*r|Zpue|ozTr~Hsh{6T;jolFXCF)Z+^>Jh4pKV6^ykstj zw@6<@^Tj<&fq{Y0tC*$E-{?3XA;nfk#Xj8*Y@*Mifef1I@Sp4ZkyW9ojak1$$)>hwB(i5S5>{P z!sGd~<%lx4$3#URaBL*%Iizzw@~2#<0McndoCOWLmHxf@tA_UWoQVmmmp+`eG{N9|*&{|3key$TQ)f{z>JB;t0ot+U(vOd3lkm;C~eb=ziUPD!M0+E-*cFf9& zo-IPIou8jK7HThYpCkr0+e+Xz--l&el&wLw60mkF<5bd1QaV5)_WbpLSa!C^ZSJ`g zy0{Mfvs2tgEVjO_&6rcidJCI~Tj30cw8M|K^j6$Al6G|6RA;VW;yNTn#I{}Q^M=4p zTcBu3n~u2@p6A^7=s5`MY?HhfeVqzqJC{N;9ug0k>)OwjmoHy}bQNOW96i^KQj{*+ z6CWR+4J8iL6xyj##^zD|cEk?1QVDiGTGZn0X^_WmJEa{s&j=No`9W|A{<74=b%vZUt8+E$A1Kz^plhn@CIcJ z+$etFPp>ZZgWUCA77g_dCU4`{1kLRD>l#`{G-kEu9pH69ij!b(IDe?Oz?q+ymse5o z8i+Jd=!HN)C}DX&!GOBV?Nu8YUZPJu@usRkHrDHKYCa7gI-G@^k&9KIB_`CbI2Y z)QT;v!ZA`;*n=xqz|#VeK?U{s`TaU+$fXb~x=T$f*`Q5+Anuc09$=BE#k-zAhmm&3 zWVK|?lyna%7$-(Qu_)}`rVnEPZlo903%l@fE*gpPh@IVwu@iZA?RH2?BlOifzQZM5g6cx*lL9yG&8@lRT8K{O@k`A?*$ zUWM*^?tMT$bQ}DbmVr}+h$f4Vj3sefU7iEK1nk;vFLm+a#hMQvK8?(1=OoJYl;xNL3c>nq_?$Xg1FDvfYr$BDTkpn>QPd5@2h%B^ge*x>o6@2Ph>l&50UINif)yL_XW6_-m1LLa4fqDg zhZ`9k9R+0MkaOFsNt{UD?43zPh=1kDzma^XwSzATts3Xkk*!g;oq@+7w zG!n>n;2vZOXXiO+?SReW*_Ace|60{ujZVyJ3|BpXWn}-w9SmW|h{=$vOobnMFI^j| z3Pp}H$z*MM`0(LdWNP4Bki`Wj* zMj%T2l0?@;dj{zDuD4g@T}HGjbXRY(feOk#aM|QcLCBlQKnF-l+1VX^8MP#e|ORXQ`WStvn zc&lu3vB(8ir%dKUP_2*#FG)NCr-A&iMYLoVnFdB55_OJk3!euan_NO4#B-!1L-kr< zC;;l3ni~0f(CYZqf!F6yx$bK}6XCEMlj^a_EuH_gUnX@AYZwr+C-m+4vSZOApmTBi zvhI8I73Qk2w+NBO;knboC$C|qXAL&ovF*r>;<~R!5p!sW+>U5$YhjT&cpAoZ#+9~4Dl3iIVzR|tc_zJ zpdfW}`jJ7ChU*HAT6yVzji)9Vnz~BGm0oP(iq&}-6SE9)cnp98 z;k)_9P<^a81Sbyc5)3S*7Ax4I($yDK1QnTObU|~EKYYwXxkAn;+Pe7Tst@voO8zv0 z1f2;Q>Ya?@AsSCgN=kx79Mu8V)OK%g_Yn_9W1#iy^8hm)ITIjIKT%=D@{5?){0Mw( za{3-S%L+|H7aaS0_1!_)GM*XmM!qTiGhK`W`oa=cjvi#SnXx5H1!=W3WJ@+tb4Zpi z^^YAN9T};QIhgY5l|ixrY*Py7h`c`m#qspdiT1E~@q-6*fLw<^gfIAwf+FPSPbt5! z5r!tFPz}!=4kIQ7PQ35*@qdiZnXK(+~f`Qw+v~R(v6(<|?2D^E4umM_RBs}ln zR7fozOKh~dv=KE6^DDa3FnvY0_EtNJ$gclVTs4Nr?yuOUtPc3CXz1C=*aUhbGqWG9 zx=Yu>3M22|=X%#-nR6QT$T{XK>YRn&$|!PIR8-Wm8k6r}i2jI+7pfumYflQTY?br% zoY;Wsbx12u=j#R`Fx@n*M|X4`6zoevOBmbPj>|p22-q~HsnPm(&wEr-n3tC%wSE@^d->Px1yAVC0XL9b zX@j#f^P3KO$n?8#iyYoS(BKRytW+(vKK4NSf=p^W^8WxguKdyaZ-tfq3jbjUHw+h6 zQo+r)V=I?UT2|Hv56dm4czd0_%oTrk2X372p?nq}9bOUFkSuc8=+q2T?qxeWC?0_) z6KUYn#QK2PPChlGe&TwW*6#by8O%ODMk+a_7!3 z-!8%DC3Ya)er|oPmw!(Pe^Pgf58!$gSY{ z_+&J25t$Xe#jH_%4Zjo#AWQ%VwL4Z|xS_-a2}KJ4b^1|emQ z;~U%hji3h)9-s~KiQ!#c=m9VS3z;mkiC7Be07&L{5wj{u``PF7hj17Y^e#%pfeUK4 zJCSY-MLD$k)w3|a5U8GR zoG9-h0tFe6d*8lv&@e!hNP|$ov1-Ds&^}@NJDE`%wmN$qo}K~q$L85cZ0_#v5bLnC zkQ4Jq2p4irbHcc=z{nY5J>mv+`om9M17tKb13#|HCrm&2({YYMwPv0~Q!DGcTuCdx z%2xKil`fDcnvZ|G&OdbsbOrO~lqXN9H>m39=s+3w_4RdealxO4hW9o2F3pO(x!f@g zUuw`xBc_Y_-LR*N!+MH-AMc!?mx@SYr(fG(t^I6!8H9Q4aoLy2MTU%u0}-c%KM1Zu z4grTj`)PY9Su;5zUlBpQS7_ zk?gFjhqdSB67J}w!fN&w03PcE`Wdy@l)^-;sj2UQ(qNZ2;U*`_q0gRoefA}!ElEk1 zvWHr`Ay)@Cj%;yxQt3tKWivcG*U{cSIyS};{^7+7q2k`gu?66jz9)yb^i1E4(GhSj zxLtk@qK5lA)X0%7tKsNp{j{}jMayr3RAp#tS`5GeXU6#p7j!{>e|=@S*6?&<@pqR$ z@Q2B%5f|CmI~Bo(x9cAnnOXAG0gO%JXZ2A|)c8nOBiA4Xt%O0=MHtuGZ*9AH)uM7S%bz#<1c$_>r^n)j& z=9sRoE|~pe$13x5xlFgIA<}%O<4iLBW(Th82%tVw9_i`#YR^-vn!$FyfB*h-?Q|8r zqjk|x!EalHY4F8=$0A!nsb@?#{xr5QcR5rekef}EM69wp7+g6x=jp4Yyv(@EAGTs} zD7AM@GTK?!hd~CetgOKLv*G$Hkxm^ z6ZSF>`R<7Q$(N!ZzdNPHR%wr0p2>l}z0>n(6&xHCHl@0N<(p=z3B9P0&{fB5>8b)e3t&MG9z3{jADzdiKRINcp@D2gE(6lU>t)To%y3%1uaw!; zvu7Dy>u}kjSTt9|W>-MP7rzmu6YO&4u!4J;W}_aJwM*YtassMvvl!xGYdJklkXkaRa`e$=IaW8??b;_7&vQj{_8k52sen87 zQT8Iuberabue&Y|&z3FwDk*)LU-4CVvukV$|A$K~=!i4f@?>J&=nLZ)V%#~KRh)KX zJYj51P*BiEb{#Y^T=K{MJpd751xP93obF3$x0`#<*h7EAXu05Mxguf5bShu}&>i72 zK__)i*9Fg#t}YY184ff!A^apF7~;7Yy@5SQ^pUl*wHpb#W;Qn8!1r-DEncLio7=Iq zAXu3|kl4^1BTX=7C+zl}EHsGbd!@$d3PGbOq8njHTI2DxC!|Rbw6F@CZ)9-$L>22k zg25%iUATp+daiGxAPQUR#|It%y$pp@#@3lYc)Ts(!Ih0F&!|*De%s~AwLK#W?=Z#k z4OpuF_xGVQI^7+kAp~d=Dr#r~_<0DsLkc(EDLHfs4^XsbC-k4Rg^?xd=Rt76cBS%Hk z-m8gvN?%%by8pdyTD38#ycvpQney8M#1j9mcw?bO8>#uwrA5T+nK!ogq{SokhhDPz z)h8~vt&)_2L!r=&THiMNLbvjxDLD2F-#xIi!J#9=hgFSe4tl&-ZDJ?9KP44MZ()ZM zk3ibVKeWtpq?BRdF7F|Cu6eo z8F86)n#qLZZ9y^JO=&xMeA})kN&;UzGlaMgvyxsa+HI6|s~qsgxErw@@O4#Nl`|oV z9rlA%gexT7ScYAIZFgi9gVXA*2*Z(sJ7|ml8N8nOGhBi&fKVM#D3C>F+i;zbeam}< zpK-NKU9wP(OrqH7TwI3+v$j;H#-9DP;rO3~G&3o-f(GXpEydOk%$pCpyXOV(bPD?^ zCNA;5^2pR;q z9@oEGJ44Ddig>iVZSxHnRQ~=+JNlQ)KwSU4*MPxhf|AmpZwx}o5pbo&_Wxvf6S&t> z&I8Cuu;VA@+0yLcGHq9tDvmxgTy_1Re13Hckks-KHuN~7E{FNHMbxGhT`{^n!$ZZY2agEIGOG2D1SErrVL{^8Is;1`+m zw91KrZDhswo)&o6Lx&FG*fB(}_$o!$v4mAG?}uAw?)3msL0y75qGn`;2_ z&qO*`UeN6#q6@p;So7s?t?3)0Dnq1$e>_&7iKrBl36`m?95^2QIO$U_&vC|R&cfoV znnE(~nAq2r!TLVSuW9P}>6L=hv)5)hHH#;Wt3T@R^beF-WeL>~W<7?)&8UcJv}&t+ zvNp)NIWg5%Ff1N2u*o?sazqE&g<$@qb-e8*A5;QJ_n@0>8so=DFMPVU-}B%ScoWc6 zL2qR(j%TNZgoo2x9`zk1O&kx-mW|hyGy5^rJUm0HRch_pT7hkh`a*I&sw z{WulrACGhA6FDyTSb7*N{A*1pPYEA5a6nmk9b+kPyQf?VOR};W?WH2vCGDU|TrGyJ zdOTU=u`)(`C@&_co%?u~7t>{ZKporE0HYD!7$41Ow}C?uhhya9J>c|Yk(7RFQ6kpg zTuFw~jNmAFTSMy+x4FIG26PprEy=EHeXB5N=?ya+M1vv~|6T-2ezxH%$C;iTB{6X| z!?McjJOA^%kW?H+*--q#ueM3@o5T6B{r{flA+cNZ5dUk&C5ncNI&7WroYwq;VNA+n zL-Jg8czIairVZE87Il65_oNCL*~0F82NjLzH=t3NiEQK0&NhFKijMA{`bBA_2mImu zoA05g{`b!76aVpysGr?T2v{%ooW98vRxK1I^q*fVfWZOSX+QHV12$^>CdpNra|DA7 z4?vgXd(K(Gt3O``2~is~GQ~QLc~~B{`kDVYE;<4>!Hd1(`>w%e!RKBHTS3I*^7i>z zFx=?r>=_8*hQmHt$FNy)2@G883@ZG&z`BgetFJKNv0{O9(~Ds^tSTBH441AAL^qVd zv=y0A~!X_g)S3S*(ncKMju_g@<$Z zc1h1x5TLMJZ1S3>xv#aGxP3c8LJozlx6Isg@CIl!AmfmK)ILqF@l!C71$E^{{uufpL zAw6tS)7r~iq(kN>i$KrGwg8h68x`gL>&F>#Gq`ogOaUbCsl1M__P=T)1$(b}LrDM{ zY*W1qL8kieC0uBX#HIVjLb^wf?v!#? zO4!~lUM$`(3-YuhE1|)L;-i7y<%|!EYxn}{_rU{ZSR}?40ME`&KQ2EPBYBxMsQht@ zEoE#~vcRKo25m#HfZgTG+~4?T4LoCYZf0!aH8wT<0}Z}q{3oV|FdypG7v{acsu1L0 zAP@A*pruV???IGLyOa?K+rsryi|Yb3g!oPaRD^35<9s#0B@&2%MyYzdWb_{JKY=s& zH%=&*kOjdF!*f*&!WQp*Azo0c`u>^9H%xa!2%|gU2?-2@wQ}}*N`xOgD(D;PKYj$~ z00t6$R2Rm+!ZqO~#`A9Z<80=hl&Ma8so{K?$rVhoqYAL_KDc)eLq|73_d@ZxA6C#a z1WhZ9gx`(mbwHQsx7dCPn#W{`Y?OAML$6#QPfuq5*;@F`TWsSMeWdcH8ft4-pqYTA z4;{84zWg6AKt@Gur#%-m7lQ!VOFx~PvZUiLk>)gE89HxDx5h02RAg( zV_I627X(mkgleidb7O3?^BJ*lO>xZSDy+lqMWHWk8Xgt?@g@-Xy3iiEy11yF-R!^F zyk3`tQ6HIWzum<0v5*o9R)f&h(8#J2DMJv{syLqLEGZ)^O^`M*4A+ES)2R?FZ|djq zpO9=!GrutGlB=qzNy3=$n>P~j^76dA*Lgyq1i(TIeG9t)f*g&4iz35^2yP53kmjc_ z*;_e0_duJ%s>bTrVD<*`2wXk({!{YQMXXk?y=Ujnl+1UMcsK>BTi3$nH zK^0OtV6~f7YFQ6W&nP2_lCWOrQqQ6-j~Yt|0W`F4`MoN==}~ z?31h-CT9)<*?~|2liyqFBMs|?)8Gc#CQRdFG^YBT7;Xs@#8B2L+5zTi?=;v%U^+VW zK%v<*B8?b$`t^A_HCu>O)T$pxUE(!73dfP)poId01oB|+`P6k4ieR&vjXT#*kc(;> zgC?>DI#ZH8oLaS@dkC8)?>=EXlW3P`LT-k7GVbu#{NXArD#T=%RJs?weYmsh&*x*J zgB{>S&QoR$tzj2ioGz}@U7qB3G8aE{0D>JC3X{IiphLp+=7;g|CHO{zKpu3)A=~&5 ziHloXSwY1VY?7oSglIrojFWY>Njo;EuNqzmR|iEeJm;{DK(ZZit-yNbTGud;N#UB^ zNKx)woRy_>A2^n$;1uB6wM!9Z0N8xDQy(`m@kV6@Fk0;oWfFY;{5h_FRqDWjD>(2X z($`j(oyi6!CMGbGjk|e6$N8AUicx(YVxCDU4l=CqaALq6g0ofFGX#+b2&T02OwQ@s z9u1?vONG7M-6hp*SLR0(^A{0bU}>h|L4meROvdr`U7f2TCR2#!g?Gh0vTz_B# zVMBwx6wCySoH7R49pHA3Mhd_`a)e=_1lA$s7e4iak+nZDZ=(S1e0%8AqM|O#Z`fsS zWxsgeV%(R$(n?kD7dQbv+T?-~KnPzrq$xpZ(=TJ(3k=bN+VeMV+yHkAR{r!```Eez zCgRTe%|dEn#Qi`hgv#-}4;@RE8ZWE}X#1m%gCR;PvL8X@f(WG8%6GRV><60Sf8avkAc*Pdy9Qu!xE}u|c9F z?s8B(@Fvv21xt}^MMS0n$PkT#24XM*pLul-h^G?;KW)p9bp1Jp+f8GUz0HIG0TC&w zU&zsQwYB5z8EmpBh!oKY)ywZ=)Y$(`pc=y1B3DE($tAzqdHBQ1g}?Xq;A0`l{K7!- z4a;)$;)gTZH{YoEmmeODB_6t>t+VSrxBEK+eon0P$ z@BdzIllwmiTLH3wO|ER)v)SBpH9cZ)ssFv)6Z#KFe`H+{yDP_58j)xY%1Yr8@Nqj6 zlaZ+@$AsbX83SvFLNhK7j{o&T4vzhiwUp1@GVy%^x|`;&9r`3&?3&k;UWZfZ#*M89 zSi??cxFIDwbx&(V%=b?1`OP=f zCYW!h~UR#S$njWJs>cF9Dd*+i!9W zv#h@G^gE}K+>v9AgLhoT#yFMaXdgB5rZ?E&dl?p4KaY0xT0zmqY&}80KMm{{p`N4i7aOCGTH?qLn{Z#Z;kz!OM-LYPrQiAxhwS=T{QFA9w{82%w_fBh(*o^Bh|)d*VjT4BKW_Ff8ZPt;52B-C zaveZvM&{K^72LB&60i@M9(`k_e`{+iWL0*Hd>X>Gnq=h$-u^KKkrv+Y?_y=HR}C?p zA?{jlx%|X+qS?|f`1Vs*r8eG{&|JC^Q;$m3^iOqlD1eGhOsauwuK2ba;0sb?AEpRU zk5MDa_o2Zfyv)j)hT-wqI_T}25kpvS@WU8mmeV|pReEOlPj0!PW@&8v0Gk`CVJ6a1 zm!m`Q9GKtC6wS|)@F(Xijgv_9GXWz-;Ykutk=ffmp3lkg45Q9{7SYjSUQN8=TINh@ zE?TRyKgEiR*T}w;cbVK0`+2!1a1XQv>aXuNjiCvl@bhS^Rf##BKQMm!!7XBZApF3f zOJSqneyf~)HH)Kl~s)&&TfH05J39Kn_)e* z`B%3ho)_$IvNVXTyxzmh;Iu>bTl3EEVtvAaax@9*inP-r5xibpa}l!sA`B&kE?pOn zCv^On|Lqt(>2c;o@NLlq*(IrB&e88KAD_666-w7>@7^A)^F)0o=etq{W$G~p-(bmg3NsNyIbs3(UUsK2zfP4DVi(VEDEJ zRR^UbYsr*6tHFoUdnAsB3~y_L4F_7fv@I-0F=k|Fh`#q|+LjF}1-3m0Jwj$?3I8Fi zXHVbLIw~7XC$nM00KsaS5XeePAh6SZ&;QBNwu8Vx8GdiNA7;RNr!cu1LdXZIE>{cH zaH;{qd=C}%zqjDz3H-@|+y|>mPFtnV(~hg@MA669#BW zN>UV--Z)%dc&l^0ZYm_i$4Vc;xv1<8oXw$P_aIXRWP?*b-8_Wn_z4F+{=Est$U zAuPfPyA9Y0cLM%h)ahoOf1fmHz484v65+*%zhMC}6ybndrM{QK?i;|n@al0j6^}g> zTI}+^f3$}N!M2`*AViN}NC>9CR^MAN$rkW&9-bV02?*wJc~CKiUs+Zv{r=7mR(rzb zIp9Q9mz1wg z%Suaof2<+qpt?XL+$U-j)3I|a4+;* z97_7d=ZkPVK%<0vkfK(m9Z$hmL15S(Gm@Z<)kzwV%F(l!<6GCDhd}BbRIaje#yS7b zbh4Y<8)>fssA>^PzinYx25K@d@tlL3{ui7j(rA^+i(O%ohjdJChC2?%-8HNMP4;GT z*>g@;{n$en+R~20p7YE7fA0FACAK%b*pF)VGe9KZ1B}clc&x&wRq)L{{-wamg@uL0 zWLy;kzO@H7X;|qg?k>2=Fuj72R#E27e}0ZvjxFd47&$mh<9k{XI{G1=Hf=&Hj}`+) zwTg-xTk_GP;UA2{D;_v7WqH*ONf#ctHGC%!h$+hV9l`8J;m+md|5$!mS^rwx`br?{ zE!BI${b%SbPf?kg9Db?YQk3kjy2<14BM?N}yHUT*0+CCu_- zxiC4f*gfM!ThWQklg&cs)V9A?xxeBUUsw2C{3wxkH!1NC?I|sRi;X%0f=ynHu{#Ye zI?Kex*rM%#t?X$AlF74RLN)Gp+i;Y zn{GqAhWY`*bX9U#-4Nj7f#S3J`X6xMcEOkj2QAJXLOm1U8Td3iKu~*VczDM?o3sua z+6~*Cz|uVUsiWGBjU;tHaV&SU#QtKL{V>pxEG{IH1}``3D0V z>3B^*H|AoxkV{8LI{|Y6SOwCO0uD$3io9n5OvAI{3qFyDhX-wnr>>KaA(;|_4lgSs z*c+G?zHM5@DG@ut3+tFvk^J#`S7HgLgWGB7~xoHUqUc zk^`EWo7o}m)z{aDLE!yEe)nTy&>6kE-;v;>N+-yJ2#qU+f7GGp&!2jEXqJYz_Qko`c3JCAoRej^yDIpF?iw3a! zOrU7NVgi&H!xajk8bDnsN_<#J0tS`72GKY{dLyOEG!G4rNii8!%jJO_!W^;K(8JULedI33uKjN zcy6?NR|Om(Yqcto!9LL`x-8QRvnd7JZA?LlG^ALov2ug;ubkj@It?t`I8V8T<5I{!= zD!WcBK~n|DsFm)?+otZ3WbP}k*s;6W?ZxX~?T*cVPx{X}a|c9(%}H&mARWVzL^Kxs zh)0_7LoX>2C4bBe9u{OFk8_YY3!pd^pSC+cdF$xkSJ^zdvebw4YJj4r%&`iNsK8`s zX=t8Sh*isrNRP5bJbK!dmzD{#*`7V=3cNQo8uqegL`{(4WaW5Sm7Zf}cWm(yfoK=X z|GJgmD88(#L+$bhd{b->7dK-zCQutrWHKqkWFtqHH%LfW82qkz3f3YRE_fH6_#R-A z*Y))>nLAM{WKXJ=f+87aACgxE^n&2C13JVCD8cIkK?DPWhEubcsr!6(-4LQ!)8}_P zi@NRNHDR*#tg>?UtXLd;p#Ykw@C?o^p^J-U6uPg7FuPsUR$G%#a-OW9>)bhlqneU07dOUe8cjVM|NO zsBZ`oi!5vS5Z62k)tkzZpF@7LS=36qVvmki$<*0OCm=T5Sv{~pJ;S0RWOXaSqpa@g z+E#XL@oeFZEnzCSSTc8kKKw12`OA-4IyW-KdvnD!LJsyIsHc?x<;CJE@K3?pU(IB` zzv9^8J+mwJHK3&L-!Gv}0(YKaR7nwPCrwOpPYJ<9)g7`3a5GjZk~?gMhlhzh4cxXZ zQk;|_*5KU56Uc=FmgraQXc|bOlT1-wX&(5*Cr24-vhr$RQ2EFA`t_B|0X4P3Up_}| zUP@IRHJ&k?A)DJf?jteK#w+j*8%w&Y-m(ylzw)vzI`ix$MymUjinp)M)qgpEOViTt z;`5lNboJ2;j1Kw@G%7-|V2q-VwOThx(@pnwr7mJ)cf*^NI_^9{{%vwx-Z0T^{_!kv zMkk%9S%XhxKEt61QL%-6$f;AOnt@#6Vo}KW)0s{6bl`*qRUeKR+(%E)ZCt)_=w0zA z zKjB$76|uOOvj+?h-IKno=G!$B7q=`lSl3X}UgP|IoE{db*&8bru&6GT-`miQ4j+zs z=cD_THMp1-mzD@C!1NfX_x(pGjNNwhu{#&(XG1Sq1?a!z;vQ?sXUPv=K4y1#b%RruU*w`})B4^}!=-wp-)d)vxcqQ+$eH-`(_r8F%9XW| zvxz7<9$&8*>1x(s<@{4f$W{64m6<+a|6<&vI!nX=tajL)1I9- zpEn#0>^6)Z_q;FF#6s$t`Nr8~BMWJ;GvAx0rYvNp?fyHI?(gvToBNhqLDUV8V%?yV+!NM-H7r-q{}ns%^pwPT*byK< z*?;+q_UMbh=L)U^Fv) zUWlrGXLXUFSJt=z?-ponlTkAJ^c^UI3dexu!xILY~2t?KufBiA0u*$7@Sl2J5r zRX?hJ;Q4!&?P>obvA>T%t>s8TQD90hmQwND$iN9yAH`YbN@aS}N_{)&RGgI`Zy%@g zVS8D5a=>q8u6SY!> zUY1}c3Y2?TzNC5M!;GAeJ`(b2$aLZLWK+rf9TwK?$cYJzhP3fb^o}_&5k@|LR#jC! z{WF50Je5-MFkx#)A_-bI44R{`H+KxewX!kFglxjg+N@|kMOu3x3*LXb12Pm+ql`0) za%EcSXR3VRbmruy>VE~|Y{D4>g*7aj+`1lqboOhWoCSzMlA?Zd=V0~R0U_vzpxA`J z#aSk0&q_3E98mOtRn*z2mF_BYX@402$HaIk%_Bf=aZH0<)k3nHtMn(g+ z1y&GP%~QEL@}nzv65!5Gys~+u-HcAZvB3OPB?M2(aYs z3spZ7Kt-mPSlRH!CA>*t%Y}xx&k=!`rQg44sfn+}U%y}yl=ZsgQ>hmZbnVFeUba$f|fe8be>3z5}oI3DH0SEz_f+vVdX!3#O17$W6 z$8=Vl#;BuC_ihEIf+i|a1Oq-ietZ>H81NP2WMeaoiGX=CQFB4&ymxt8Joj}Kv*!jL`IEkWOUE`Tp6wN zY6)dZJR-tI?XE{h+Ud2H*71?Sqj&jBw%?)PEwlF@09@)pZwPhT+Z zw+@P0Sf|}?8-q6$Y75YW9swj^JY^19IFcQh%C@z(-dFJPw6uIw8>h|p{{lhoQaQhD zd^b~tTsAq`|Ea&e$n%TCY77&0IWs*ABaNH={8okB&_`-{{TfnV1Kg{bx%q|PL04-B zxq=!bHt*S!2OS`K_s?IyMj~(5_oM*oL`VT4;#Z$9eR+j>Y5^ttb9j(XggI63i+*1$cnWVe5k~aYXD&(H)qyG&eN?0W#3k zyiRzwW3~N(qH)9wTc4bQl2=wc0+tw_9v%SD9k3i>wS{DuWgE|U#MU6ZUe=$>W z?XxXSP2tzC|CpaA@WUfV!s<4GTvdy1H246&C-;ZbXB$^Yb8!toC0IQ6{@pt)B~7NF zx7Oak0I@{jCmY0M1Kbm|7|{nlLj6&UHv5p zq}sfI6CHX>b1H0g+7N0{gJucv6VAb1T|e=XQOZDKv>{!Fy%kFT_!~Ern5ds$BQHSC zDypA902(C9L^v0LOl+Y8wwjyBD3B1K2{NsW^z?_xll>KO<@$JwkiUSA3Y-sX`10i+ zsB0VbV0=PY5oVy3ji10_iF6Zxjay8MJ=|(vJ@@tkXdvNCFoRN<6kSB4%I;GhnU&P3I~fK@pIz)UAyS?SL;_Ss!&`@3(gmxsdlxXYOUWzCp70S^l6 zi^jB!?2tz&lY>J-;6DWU{KqF3uZS$5gAXDE?g6LrICizWyUa(iAjpQUcH0pWXn=TV z_Rj8H8BK7+%LF0@OK^=#3Z!YY929E5;+Bd_KB!ZLLC+0!PbgZaz*&X{D&*NfwAHaJw>fYE%$I!!TnDBL=p&{A>*ld8W)&mA5 z^YHTrv%J0O#z<$)yXDaV+Q0f zu*+o6?&Wkn+zhQ11mnP#+`2#kP>e9DaLvK3P35Y}I|HgEybRI^D+v`?3tHWTIS`M6 z!hNn#7%uPzA(>TxR2&G-DT7-O`4Px>8lbb9oG>tfj*aX)J2d@I+O~b+fk4I?tZV!-WnU#?| zVuvhtVD^cV%snJEFr60=6wK2vptQQXdDEtuN*64HsH`8bg_-~QUOh***TfjsQ`);U zwY1Q`)X>s0DYj;I5!+|LR%+S8_MJ~TkPD=LFt3A8*1@NI!&R*5kI16IUBF32=8o5t zChRxhXTOJ-KLFMVvMn&_qu)L*c_C`}+#6I(z`Fu5N6=tl-HW+BiRfsQr`5TzZlHnJ z9nxRyeW+1C!5BzJhOqI1UCzwxtjEGP)|_ZOlHi~q2rb8B+>>xX#4Kx*0}+>Mk%Zts z3eO*d0NBMNrV*gc8{l5!vNR2m0R2XDjp4$$N*L<>8;CHQpbWX$+P*;AjC`h3tx@Je z#L3u_Q@$D+I5b^4uM;Q(^~{m>l*v1GrZ#L0zkgOX1a)`~g*SA7&EW$)q5 z1B@O~#b`$`ZxDE#Xz8T`$<3y`u>LL05aDceZaqv~?u(y$f!rU+l%@bOJ-~J36e733 zFISF#johrMsd0S1B%sjP;R~6GK#Z(WK3a)C0S|c8>vsrZn6X5r^STl+GrnNQ0vvS=Qx| zim|C=e8vSsTJ&M?gE!;iwzaC6<8-MXMmg0P6cRFAzB0wbL`Js{tmn|U{Y5X?EI$|v znxU@>LEiH#URA`05}j8Ok#7(~PQ&j?$DTdQ=6-JOfgWAAoo?nStg;+k z&^b{N!3+ex^5WZJWo?qDP9F5Tcmd@>Vd17juN+@S&AvPz#8ggK2GDiHTp=lHTI32q z09=1hTf~b7(eHBqz0xPG-$E;OFA)SEOwWSHfo_&4WVUSiIEeug6xY;6ch0ny_7-+wJO6lJCB-B=$d6PhLvJ3F`7GuZx3GVI1&P5GmV~Fs6@r5V$#anXy1j z0fDIt;8iH67>U(yv>+U5Sk`ppYq%*8YS2`aQ#AMn62n_WV{$IW-ZfAymN;1 zHS~feqMQmAFh0!(a7T5=EW{(=pdEX(&ikEffDD0gL)9jekL{UPxo|fsY9s65U_;dP zbr(;CB-JzT)#`jFSws4%KSL(9{u+)>yf+(2OXoBY>F67#zO_Lt0AT#~4ZsK>)3OymM;;PTfKj3IMiTUVi|L4ATor2AAh_TyxP`&ECFyn5%v zwZ&KGoI1M~ipm}%6T|I);IjBS$9bsl{F`W$INLs@g{g_K5T>SRPrWW2m&~*?#>+lSdkWR<*edBH!=UHhZ)}qvLHe+mD}mY2m*-Q!--p< zDjw@t=e5B-AB7B{r!Y^Ud<{NSb7QDg`t^nPU-D~asPx9QZUE}S(_j;TPpr8Onu0wO zuux=1Xvy36QLZ0#?h^X~X1Bl9fRhZ9k}f?U-{VBj6?sw25eI-7p`oF$ITg>_|H+9M zxk##(O_t9?|Ap%KJPajoTDg&fUw{dZPRyf#vjgw2S_zT#04vvMuGk0j>XX1`RP(xc zVL*2dH7pbWXt7lYf42NjBx@td-Wm^-r;&RHz5$>BCS@=KkqH9MK=14R{ujhjBmhiz z8tb+!`i1Q?8puj$t|(#cplZOGgg#XNzQ>#U{5X&Py%m3Q;nRU_OzvqobP>SuxfnOs z((jUan0S6Wa1-}IW}_X*?|s$ro|JJGHg{-DV|QZDSTs`n}~)=|vxlI1jkEcP1*A9($T!`Axm-*~M7t5Qt3 z(?OG(wP)genM5e&xcUy2QBQ5%Kyr#liBkf32{92ykb&kfXym?j(g_IVvy<hT3q!g=wp;3%%*|G&0@)$TA;HEB_C?r)u#R1~8mxLVx0T{dpieQU^ zm55`tQ=sDJEf|{SC^5l?`3L|N z#4*bPUFb@|m_W?|Xg53}qGYT`AHeqP&!1y+OC2BAiHWejP^Yav@((Gx*>Z14?L{|H zn`4PzG*5MFqDVoO4-=wW^}~csmRQzyBpsOI@y}hUnkagDdbEhqnOXwo4BTy-ItH7v zaKHRE2L$`&{knWe)GkT7xw|jo^dCu}z=h*Fx9|YzDW;Mc)W=3J75+m+<7EnPXO_R>CZ$mbSL2Ix`gV zP;MAk`Eqby282bFa@<6NRUs)UF3zgLB79%LX3ZEU(!F+SQe)BB?e;K+A`VdUui|Oq zQ&m&nLZb_USb3oX$=`Dlf68+M!^toO34}7_*+IdDhAW$dm*T!0c2ARa6SkRA_{F>V#68f|DRK@$n2 zkrQAb0tpo*C73m*af;?xK+AvY*30a$M6OX+A~ta;H5*T4?|TnS5z({Cd5p1D9E2Mr z?iEij;XNNq(PpB?;KSdo2dAYRKYD|RNI^kSd>+DjigXwf@!)B)+!D z@`;yM4eTz0g@#Q>#@ zz~o@Vdwz1!T#}8EOvd#+5QWY3;lqb7#5{|)6Inos2-;5X>Pd86!x1J=!~xmp#p=Qz z1CJ&8SC<+gWWeeJvr;oj!RKAt5n`w+#NhyD0c#_$q7D0e`Fj(-4KWnSnSzYWljLMm zkndm)B^jTMBMWpuVw#ku05P<9wr_jT8!UhDMoMlb?6b8bw%M&5DpRl(L6X_&-M>kt zodUTe5R8rU@pzK&#mK0^Av^3leHghBX4Prquun9x15*`28$KY3O$jZd2rDO&P}2Qh z>gY)JFebVU8~DyBBd!54hbQ07n1~Lq75bXP9`*7f9d6W>H91#Sb904Fir*E%+ z&&N(s^fkoG(mHh#E(CHR`@4c3)=6`RFqJ~!vtngh?JOj1IQV8`40A_+Nj@=+60ww6 zOh6TZeStKM4ojn6YHDgG{eGKv@>#EntL}0;b4G-0&2|JuG5SZ+5pFZK9Nn73O{b8L zmpyxS@2S70KmwHF2{!00if!6Se3^VU!_GSkh#AWxGv;vLiOp7NP?fNL|=EA&vx7G4M`BCjv9p5e(o7#n~cF(z2Fx<&Q_3gOAD` zG91s#p6x)J`L`es+GB59yUGHs-rfY)k_to7zFPN%63Tu~XFp(siyvRGfK{53k5Wx6 zcN1wRRsEB3%rA^U%{MWRp=cP)H}AQe2H&{MQ!o$ptbCrGt(ny^KJN*C!fHp^m4|$L z0~gB}LLMupFs)_`@Ub%5XDX$aEItv43J^wjAEwYl$Ji+kx_o_i9v;h}yK3!;|F&tb z!Nf=X37X#R^o5;=E+)_UADnC+h?Mq-v8F$Nu5L%9ES4OdjMD^+gTG<2=2i z6ODh<3p$(bJk-S0zT1Y*X1o3GPeOh|PE;7pfdU%LyM+bD4IAKx0~Cgf2@nowJX`2y zsh}sV;#d?`d*rx=0^Kg*+iWc}a9NSI{iC-7V~DvZzulyV>BjI{f#$Ckk?Vf2&|58> z*!kcEI>KC}BPvR#zU{szOKD!=R4Dx7-m2yC!F@p!Bmne=*x5J?b4s8#+#@EI3vT_0 zPGEiJ+p2@lM`i;yp7rk2K0d*Ha7y}-WoOVI3i*9vDG@Tm)$0yDS}?khs4=c`V4O?F z-s0K;SGCDIx^72#GGzN?hNuWPzr))&vla(lc60QeD~^Ej?)h3#4g3N=<%rBcUD%fP zFviVRq4efrf{eW{DQ)K^Qak%S#xJBV8SMvAxpZF$aJXJKNVasWaaG(X;U)@zB?$y} zL_M5_qOHwY5ZmtB^#KD}-t$s@-}{I$zI*eVVL?%vA0q|lQ=QmAgp`}WrGpQ*SEA_{&zqd(Zf>&>PN z>j#|-F)sxy9;DzBwGI(#MQ}MzukV|uj2vn3o3Q&-9hRM#qdX~>+#}~!F?E)W(*FQG z3J+qM(puOplOc=J@(z3{_2;-?w?pKc_6MtvPphO@%? zT9*YHSkkdqkx^Q7AD$$D{f=E*9y1~@7+wCH$Q8C((>8nQNKUjrRXZ# z#K{WUk(D%8z6`gkujr$bD3{jXY>MW*_vhHtaJ=F-54~=?p4t54`!U;t`;-|fAQhQF zLE0XB))Eij)kfRH;ogrD4&mXm^1V$NryipedPf&`^dXeX00-4oWhjBJ;(vO3&xpmr zp_F|mY!2D8ZcwncCJgCa6ge+(k>2RK=P}FgG;QrW4h>7t_E5HKZE=wcc(y~T9LV3E z-MdqAL)pWteMpy%*#5kq`r@r@H>n@QVC z@*KT3XS9h|+$?c3R|Q%V@ib;kAeBMVwT4?V^3+V04A-l#N7x??B-5%(%ZSx@9A)1= z7#++7x3@+kURD<8awD*Lt=I;v593a$1O5F;%M$~WlP$xu7Lu$hO5A?K?sE5m*RMPx zwZWXU@px%uvmke>wx+7;?@_<{CaoP3FYfh}p?&k&eDv-O%P7oU1;s7vsZts5b>|9N zw$11=louRSk}rF;vw4uY_whdSo84~bMHc6R^A6wQP%?LwD9Z@ zj?P!?cQ`gS8{WL$9baQdeWHVH3XYb*dkUP-SyZmDbVsg>f84y~ME9aL8<*{{_??LR z*C%)0oivGv$RuL~E1J8~1ua8t7b+#kugcgSf$bO)AC#}|W{qg!pfA^luA-aXuq6ff?RBmmPC#!j6qOAO6>>OgvFbJ&^-x{;nWxc#SW0#Z-F}jSFCoG-%4W zKD|X7(l6HHtT!PE!Y00|ufWR-gY3bAWC2ik`!;5{?-A)lvlsyF!bH~|F0Sf+m&yS z7lSTQ^}9{k%|0YtPI@?K#&>ram%X%*tocJYzJb*d3n7O5x0Q`z5#{oWAC=esu-X8d zaHO1LO=pZhG2MvIB}UT|U-==L0$0lU83W7tLB{$i4{D{g)YA$UhFj3^+msNjIu}a( zFnpPb34Nsf;KZOoRl4xlB##qt5Xw7DQl5ToNO1!GQK-<+6|E4a^#6_C4WvO+hB7e| zfu=j7^b8EX7IxrlOeUsnRC<<_=n)3v0E_^@IRduI&ECo-YEU?W(+|i;`PyfIsu9yT zvi2Ef4mUJZDk=qW$#H*sj>WeR`=BQcm=Z`R-Tn=(sc44-_Rs_Sc;ikvCpTk~(_WZq zN|arJFa*5=Bd}`FR?W%C$X^^s+6V0xeD@*C;@zg#{1tr6q@<+j>K)+Gz^}Q#x4rYD z`oN4sW;s;oyg}J5QOn>I0Ed97Oruqwe#g~sSYcj(7NC+Gp1MXFuw-Yfe`WOKSHnXO z2bq1;{=gsd42nhp5H!aT13vKoM9B)*L%6}@<|R0TIm*Z?IRZGj!)F-84N&BiOh$Ks z=!tBhHMhS?TyHQt%HN={wxUig-t|RMab;zt=yO6b37(F2Ql`gg3f-Kj>n)a;z2gR~ z4ughuZPzJs(0Vx3*Fet1qzuMz&oMNmBf`UfW0b>7vspB*jSPg}q5jVPJdlam4&bj; z!HZ~l**lO+M9dkK0D=-O9aD4vJ3&lBWBL182uZZHP1XB3>WzYn6euklS=^2>G!<`d zbpkl@VJHj6AYeWc7nJ!;*3u@dB(?Q^>f7BNxl`&GzOXB%kzmc&>(csL`OB3J6KJ6F z7c@KsIEf)mkl58mVcZ8X84Xv*69lzVor;Wd#{UA!l2ZUHt-#KToPtFHQ7Ht|wppzW z4G^=XnoJQx5k%2r$TgNYYErK)Y>(K*O{*ay9BYn$kDW@WDu<*t z6zI!AF81MrzU}8TS>+mhp2HFQ(f9|Y><=1pNNzhVBwdhM0t8-jj6CGM_-2S^{PI)$ z!9^K%mhcWZ$l1u8zt{`2&yv%(Zr|=4;my}sLiB!ihDjL|YG6H}oT90R_*GoF_4E{z zWgQcsV|4CGj`R)z;9iP4=;7r#J3D6@@PFT2{N!0(R1{YzYEQIn(Cr0GiC-d@Qr9D4 zUeL;dLaxlN``sEEeICD{^ygNS)VkExg|}L@*$be{h&q_MY!u(Y$*LUM^cfTS#sDZt zkJI?q&pngd&tr5RNEI&XQujD1BLQTKt4yAYGv`nyI}u;vN=yj)Fdlr3*)TJb|3_LQ zADNgW_rG!um6(9b`~!WCni|d8RAHcz#iirmasOIcI(_QYfZxT=Ianlt0lfzLVxS%H zSSaeE9Sfek!k%X(eBsVXCqQ;74N*Kauo8qzb}2lU0=cqd9djUw!~9*pnHt*m+cu!A zArwCI`7Ql%t0q`5=vbnlMcV^b)G(I>eqUTUiDp4T=`}WAYH6Y4Q?~(5?*Hh{yK9#< z{6o-j0SU3Ba%-tuXx+8U4uVlU{27o6q5KAhX?Rc$0!L7}J!IQU^;;>Qa z0n)gDocSO)mY}DqkW1{kZ*ql#o}{j(1|8qCW?F%FO0l7> z!Lfb2JD7neR1j|XcI^t~3WW?3 z`b-2#_z}q5dy$(7Hg|9^`-KKXcYoxz75dP%af^G`BX5)Ath_TGvKNe@rd$WKe z1IB_NS%9qk@C3jZ5GU~+A3iJ)1$-!5z-iFZU)-7~b&@*gV5OkQ# zC|Y=?+H7;Cw|ac1>1l@*yiEjrdz33}aCn12Mgnvj>z(hs}R%dz%G3!;PyOQVWl$h{D zWWpRSc7WnX&&a4N6icmiPtM~6&kYg%d{Px5yg=)wK)(-C0o*oVA#9KwIF=(le*9Xr z!&-`*f|C{Rru8m_+dM&HMo&z=TzJ*4FQRWbI}FRoolz*8)j*8;Tzcl;m_FiwqnTCO zPQRq|g<*WB5Rt(U?t5Gq8UZ)WPaw?!Lq~u)(;EV5EPz8hX)jPx)lzR{+d%#SpxnsN z@Y=Qn7>g;B^CC+-2vR1;4lHK-u3V0}I|aH{;WP7(;nF@+^_Ku@9{c*jHa`#Y^(T zyOtYZo3ulphA~aO6K=h3mEf~>b-4kQ0+EfIJoLB0z(tjez9RZ*P!lgZT3cH~#87v7 zxRDC26|`uq*2Dq4AuraZgTbs7!)0V-WY82uTLJD4EL}37Vns(Yc}eR6bpEGE|9Rp* zKk(t!Tn$UR_Mxd59UcAS#}Di!?jY!1(0mMGx-0KhI%!|_gwD!`nngIutqBD30dU<3 zRhhX$@0oKsnzl)&G&CBpyJ2WVj3H!a_lBapP2sm4X3|Q#rq-BhXlkmEBRCJ;&mIRw z7Jw0m?{^au<>5gI{s=lq`hDXt76qTha1@#1MN5 zW)fxAZ_V)8r>BI&)e|Ge5Rghs*TRv#FZxw*%>Zv1)28y^ztsCdkmUXh53c#1?EC%_ zCjq3g`0X#=4;q)Mk;aqJxIm*CrzPA7D@_P>3wGM=(q=4AP%0X*(m{%~gWR3~FU(=gR-gQM_4WIxy>w1%ytMD`@Jt_`oYy0Jl_{)=-Aq8WmgX zfT$w>=`%Pturv8&xU|sajXquH&7Wz|lX?5vsHjjIe8VAz77N;RIrbGLr)6e&O?7up zvjA8;ZUvYT@)p>ME}#vZ)khb8-tc$Yb65{R20T1_bpz{n1klaYC@Ii3JD*hmuB%yP$2XnRN)nfKWM#o)nh|$KK9yI~}CP zmo9zB+{&4O!>}LM(YZ0{bABz>)Xhs~+1pcv+3Ym!l&(rnCXH1!9+4zT>7#vt9)a86 zQ(*t|tlN_oG^Fagm;nQVEKn5KPnfJ(bYUlDV@50THf-O0BHjoN$TmhAO)&KV(FJ3Ij%gbxhrSq?! z`T6q@JXt`BfW@YY0xLWFGTImde0=TsGdQsRYug4rNhpDXqD%H+r0KiepS$*y%ram8 z`Yza2@a};V61M1oy$ADQM_havEKk7cKADuMo4AfLfa-s{oFAT*Aa3Dtg{eN7`ACgO zj9hT^kT^-o0@VQenY-hf>^rmLZ9VgI&zf`SS-ELUp8kg996l24jDoVV24Zo0&XhJA z@b{h^gA&RJvoSef>%%QowTc{X=osXBMgiq*!KNG)=V&+hUor>%wNo852-o=j1p$T zkTCfp=HH;>_o>1yudM7Ry4RoFhZ(l%!JDiPN;@<)*1q4E9Josu9)A{7xuJW@FFS;R z0{EO4;yM3c=h65Ag~yc;crXO2rAn|xfb<401%bHH^7E3c#AV^Dng-j533X#+%+ZIi zD2}!LTcyq)1N@>){@zFY`I_4lzF8VNZVV?Gp6xScwz_no88Z(d^Cuo0@ugjbzutK4 z67RP9J~(eRxqLN9So@1)-`%33^K)~~c(2V5CEU)Re;C5BdF`)AW1h1^>tG*%dKIjq zwLi0ieh1DgQ@O!0C>nGey!m+ypBTVh#!!e zAhH~=gJml9*9fX0g1)tWxlIQS{)@^3BUhl+j8HS5rBGs8G?qe$v@D8Wuvlv{t(!bj zX_EK;tM&1lpHHG+<>^_X;^^pz&cx*DH4%SKr4V6HkW!+DPFKV+9@XZ4iH7$81>qO=Tnkyheayx=~i*}T-a2Cp4_gN)LZH({2u*d}}3w{}T zIyy78Yb?WiZFEjGGcj=U#U7pLr`}=vn>DMD7Xc5gzJZ5e$^n>|bcTN{B8WVRQ0`nM}D>XPrB)irT)7p`;flmse5Dr-sUO$K95ZtsZZy_m+ zTKm!znDf{zC&ymTuvm6hAO^4i;6`54d%7x`Q%_I^>q^5-Jg@h^vNt;%J_JH+a+GcJ_!>&Nt6~%<^x^GGN zy~UBVMMp84uV>a&H>?x?Xk2iLkhlIrZK)o}(z$oocl4H^VOxOgBc)@9#eeTCZe8zu zJy1Hd=G#X_D=LyUKOEyQqQIsE#&Hw#YjdQ4a!{`FbD|pzmvuBT2BcTPY6r2w)vZ7A zm5av|x<{XI)gmI-W&Z)l1Ldx~xcHm%u@od3`h=E8s=oK#bWT4Ks^`3uN>S`fS;VU} zaY208*RbAS)+oM`KMcaD#R$tZX${D^*AXK(~p1-ua$4H>rOy&G+F@vGEGk7sb zVtp`9wOPB?%=-MSw?nU>M=$wpgXan~E7B|(h0`^1QNdTGTMwJhrp0-_9(tG+-QpWw zBHpfc{FULhaL*;$aq^}m`G=89(R=GN4)1?5cO}H<@w3Z!oIx&cdtR-V7+Q{}GWXaU z&vHDD=B6TMl@-SeWzd`?Mj{e9Rh8c=TNl0muNG^m&I)?m&#~z+^M9x=JOWpni@-Css0CCh`>HdHHAn;rKm6|8%qS@9y8qF~}|5Aua;%GZNAG6^AQ|sT0zyVrq>JTQZNa*Ny zlGvQr`h6SB9Q6DNLq|Chl=TGJLm$-AsCt}AHad8Wf9(QDAlwtbsiuU|nBoL)GB+%9 zfB@?4+A@_(CY7xFpC8T6uSkVJ46R!Jj)??$UG;T!$SNtMQ7+3jlnHVd6ywKM|qCbW%ATecKKSqKa5RyJ(@-mR|1KJUUBVcT-C@jto9`pho7`f=aD9(0K>t9y#`kHNbP{0f=`D?1sm|&<&L(s$b*sk#_zD6T)K-fQ2=1t zt^Q)m_ny!V)WB*!HX#8vXVq9%3s8u!?0>O`i*%=ctejbgb{W=GKvb7&>rcn@;ek#Yw*M=rLGR(HgKLc%OYlFAatMxwd>)NczAgsX+%D5c;bXv zLC`+i&iw9gV6tJVdW+dQyRJE4n*ivkm73vpw%UDgIzJ~7ttDlw3 z)wj?;FnV?MZS)7P>s2o|#cq!%;8Tm>zblyh>SL-|Z3fdZDJIUl@)QLRwzzd0v#_}S zeCF3YVI&FQRV4>r*46n!;hr6GTl}1E2>McJ@hX{;hanPEvY* z(!haRY%Rb1_2wThV{~iq`Xh_zNH+A)tN{hRRI-&ZP0e}=TL4V|Cp~n@okf6Y-Q0eH zIENe?G%e6aJ^wRms_!HWjsZ!X2Q`x?Q;1g{;2!rM2{MAbvGEv%}8V^)=nBp!og z;VdC9By@Dw7Rc&{VZ=yI!Kz`6c!et_sPv$@z`hTrHu%-p=lF43(1&(iGsG|o*;+8Z zAJ#qnkn4N-vXpWLo*wQ6F8#|uF74CxW<$aKOsU`o9tkgj6*vk`%>TlU1$8~{K?W$^ zji0{*$iN?7`?zWTnrCh~3b@E=dG-R!F%!h5iMOdCypxpvJvFHO!HS-;5oXtjc+-bg z7k+_T$yUW2LSBzuwODcV;Q^Q%Vcbl2;b*`f7z+<0VOZiIh>TB7!CWvD-Hm=V9hix# zkk4()`vd7HqT%Y;q1D~O!l}D#0ArK6X|B8l5fyk+L4JPp2nevLAtCC%z6#Q@O`lOl zpqVj{gS9~BhNzU7OB)!7v=SnLVW6@~WP%Z=jM1_9O+GqRQ*6ZTfpCkpS?d7}|quI~n!4p6Yd^b!@xhf06 zdjn#Pd<%FShBbnQ%D^U7oq(JLb`JTOEE8rGzkoA?A%f1J9Daqv&JS97Ll_IW8ILpyv<{%l$Sr*l&`xeiym8}guJJ*=GZgKfunlD1vPC6|k9D6-J8-w%*9hAPb6S496#tSxq>uaHXvxiZICanX(OkCT??tO3Ac$T z7xtw-RYN_3EtmB4xtP1oI zDIV?;lEbT;85~uoCIg6c?06iTmE*(@fK|{(!1eVMp^wHc(#mHb*~q{RViA+3jqQV} zGMVo}oZX8P@glLLiT%8RhF4Aw>F_Ylz1qk|9IDz|N^o*vny&UP*b59JO3;6{*ovv(z}8FDXFnFp82Td>*YmAmVS@+Cchqz;Jak z;s1n3$Qwi$1?aRRi@>8~-S7$kCOWNKn3%*dedpSPv=h6fF92jDr@;M+h{vTA?s3@b z=xjj#JtUC`i$vgXh*iKW-djt_q*qm~0!u-|wqHJ6+qZ}Iw{^bD@>RL^0OK!$ znIOhtJwm{E%!Ca8#i5I76=C5V$y9fLV`j`Ndpn+rPiz*K&_Foc;MRE?6w?7ZPS>ob2AAGrNO@1zg@wHl&Xb#=wsP zyr}?1|1t9Mqeq{5{S=dxQq>`HqEdT|F<<;v)Fvk{&#a6ARUm%A4Jl=p4JL6QOMoV8 zBq}TnqjNz?FEl>VL4+K z8q@5fiOWxsVZ85^^89jcRoSYXDa*M+4$29$fSL@k@oqZi~Vmz@BwNM`V$cm z4D#Rq!ZwT){)E<*x4-#ARy518pE)e5vH6j-H%jexth1H^4*u>W1aaWDB3Prj^A9u` z+PhHb53J?{*B)AY-?k2unH0(gva><83Lxl zZ`c5sO8VW`Q&XWNZDY;5QeP1?-KEwMdUuWkQiv!+mt<#Xs7acMNl6uI?F^kM)a-O2 zwX$%-9exeoT*s~_%*t?{0hK1(gbEm#oSYm2AEE{tBHH_?Ru93U2VIcn*4EaRmh*`3 zn7O>!>wTuRG1AA<=p2>iqIgUb(|1n*&$&Q zgva$-*0zU2F^3Dj28ixB|9{9_dprY=Z&2&e)?=4*7w6|c58tMa6C#hW!)3015>_so-I4z@tRo~3eATn22}vK@*AU4AUuQ6dxbx15Y+x6LP9UPi583+Uw7!ehgPW{ zo72Kl9AEs#Y(+vkx0ntQaq4by^!0y)(hKs&HO+35PQd(@SvR;CzK8)kCbAsN;x+OA zEHT~_Dlmb#CY(D+wUXMP)su|B-s}l~)EUFl%a9JZEqy;f_u6oSWWaqBQnjKT{PbF{ z)(_)N<+0I2ua2U&iEw`b!3R8v609*c`m+B<*qev-+;;E&9|{>tDwRrP)-K$xou9Tys)}wETWuSC*qJ|ik_1TwM2u%e~mu1-hL54#dll|jr zBY_S&_WFXxc#9Tg|6LZdN}yw%$_}) z|8-lhclb#?!x4I|^w{miqJUizXL&d-F7!!nhSCm=%z3OMN^$GO`dlkE-A&3YNTzhg z{oxfS!m9G;8N}awF0s?ptmpo`87R(gyXc>B{M=e*_eDL%fAG-gWBbRsj0kzOC+fu5 zfMG=l<7vhFbL5?tvk}WT>U-@q&m+xN;VLf~k^Yy9=g)s)?+~m<-B?Z$!y!Vsl7ro= z)NZjDWs$D5LxY`GFf9ZH|GNDjrgio=f-4XFxoF&v$Q{q7{20G&k@b(z?PJ9&VlT^W z-0HlqXZV+w<253R2ZpJLPIt-a7Jl2xPrFlhr-81K#!5kQnllcsTq4sn@zMy};?~aT zN~3}{ru6s`Jvm-cbBvwN;i~nzNz>=4FAQ=}U9kJb&+>T4|8Y|JDoo`uLKi<+a09jY}(UfmbD$3JIN@i8%l zl!U0j;>zFGDq{b3*)`3smvz!@ci(>DX_~Qnb{v|v@OKx3N5_@&8+NrlxxJ|SUke<* z`sBY%FmE?37(c5$vLJS*slwCKJGRXb6Km)W^o&}jeT3%uNAAc3={0U%VTwJc^F*#) zGvd*8n$27PawzRpHaa`heDS1-mpWHy*~LjuRjTe`Hr{#sq%p}B-)^{e9bshQxYGO8 zbBX*(yLHO3a=amZbWP`Q&BnP)6x=EfwR*f&+CF}A#;hqD`kXO*e#XhIVUOXqtfdx- zQwK)XOy4(gy_DIq$~8mR9Zgp(R5)DcZ+5@ZA=2z&<;MY)$27*zY(?7g&%1+uVgWZ1 z=qFx|=+0;X&T+^zzUFq~{vIMMnC{`c2Ccn(DG-zJhXv{{fb`y?6vS*uV$uaxP7xO&L_;KZRqJU1N?|TgtKVQ9V z$f=C1Q}-?lj70ZD+f-Z;7Rw}Q%JragnNBLvl4v6Q`l*)m!Sd>UK!3O?sQ|4F*%7IS zqbAW2y#0c4aMxQ_okb_^{mz~wNX|tM#Jug{cl@R8)|w|{lJJazhG^w5cBE&eNF;0| z;U^cPF^MO|WtOBf_7JH+x`)yXo}OX|YJ z(J)I64+=&YBy!c~M#K#^I4z}jL*7f{5E?31KTKQu%*yU??+{KSILEG`@uJUrtk6GQ z|NCbR!YTJrzi|L{tvpr?yp#|fy=v(>G@ybHYy20yX@xl+RR41$uKHMqK5T{WiC>f; z_(MvF>&9RY-C7r9=-95Vi56K!oVwg;w8**hkL>LztL3rluXQI z$N&}qw&*D6)0Y-OD0#;Pad~Ypq~;(TmXkAJ5N1R`1oDPq#>P=()IWa$7uLm37REoK zWh673q7 zxr#`WoE;xF7X6957eBt1Yal|{rn}+AmG>&3@$3Q`YOQn|NEFVFI=1VAbN+Tp$khzK z!0&Oi_v>=NDw;lT?76n5J^6y_VAuwVH+ zk~a15l{k`cdA?P^T6oc1U=5SD9zS-Bp@3kjP$`ivM3{1yLn3D&Hs8Y1!)KH)qBMA6 z0bbC%dv}N^OsW&1e5HM^-a?ex>@GL2Lm z>~$!Gndi=Zq^qd%QY-ECgg%a$BGKHKG3T<~<~+e@%mk7oX+c!aL82C*>B=q9OVWKQ zCMjfl_wKzfBm^SXwedUaWe~3-?>`UxqOu?RcMiEP5gu5AAK1&9=ah`fRV0uSzB>-Q%c&|jNL@Tw}VsKioP%$@1i;w-cVUnc#E;oR)d@uw>8T?pL<{y~b2W35k?~o_Tdc-5wra2ciIb zk;f*?m4lNfU*`JY@A;_He`Sd^?Jn1070j>!Y+V|rQGSM3D4A&~SEWG`yF<(x#O6Dd(9_~jZv1(LW<64 zEg|15=VSqgqb%+dQb^)y{KQ$8N19-~_Qn+J)*aXq$H!j){|_vW9=T%HJ)tq9UG2w< zgJFC0ur3p(03|BsxI4~i>AB*)OqJSIabfqvG-Fc*moc~b60T&+DvR&k!vd8RRnYEy z+-ADrOhsk!(ftxG3V%YK5hI3d z)ULi8^GJT*!lT!R$6;|nx8~7pQIyyJD&R#rSkB>xmi@R#kxfs7%eJZgDGNW`yJe}p z;<0UR4WjKe zRifI913YV|7afm40gYzJ8MleC%Y>!3dWD$djg?8o1o+QJkm}xj?S>5rkV2jQ5V_Zr zJkPE#Vs>#-nh{f&*0hr zXlYFpW_xj{)c&@A3Bq>MXk=_DjzJH32=j4~954X-Qc2mx40~+Fqh}%7m}X5O`8)}*r*Xm4(-W2r@S_r5T;_w`kKjdNrxI9BbCZe{qS~TB z>BDy!g`|vBh_yRC6XLmq_;&WPUG8iu31Kc4|3Y=2LjV4yF8airw74l=9Mc68aJQ~L zVWAv8O^!*mSRz^92R0c$ZX8J2Kfxdejyi{nT^f|1-g+`KIAeJ+I3j38Y$g zBTsr;2u+b==_hSYkwRgd2xgk?QhWgLR!?y+wxKP4k91>`v|5sfXlT^@{dW!EM)|OP zYY)-=c@SfUAHEANz4TPYXQW#>BnUv^9fQ&ssf4g0=W&XXWJsYPiLyNDMm~rI6P)jB z>s|?)ES_;?Ln8&{50L;99TKmerhAHB;GHY3=1tR85Ckz44XrEY%2ibt6BFyn&A^o> zN}%fi36R=7dBXmTB&JSw?WI_b_$|;1)HMCN5#dr=mq`5a_;JmJ;jOYNm#Bu*!W(*Zq9Vb2x*E8Wl;TwPf9YF%+5a|^PwpHW8!5X|=(;1W!;iDn(9hiEX!@_S?c z!@*SYcG*q$!2Lff95P%DksF1qCvWf+U+*s(Y-%_tzBb9t?9^Nmw)m$T83si8@?NH= zTTkp|N1AHE#yCa>44qr0c`V9SCUFG|BgIH$Ki!Q?(t>eM3Jp61(*}B!VEgR?=nt%D zYJG6-&_5vZf`L1Y1YxBxck0Hgb)^0C?Co8b)Dl*tO@Z1ko>Xs){+~^V#e*`%%Zwfp z0O+p)d3uroaKd?DHcH@LyNeu#1|lS(?Jsb($Q& z!EZW@8p&y9S>MMbH+1qkR(=%yrY~y{39hNgq>8)j`ruB3W=o5Eay1P+{7vDYW2-mz zir$X{3vy3X>m2!cH0?8GouKpirnqWFG^qLh8OKR>i%Uv4n~l@i)IvK|>kZ+)qX7wN zv;NbvN{dMga%SUG?G;##8PBKLD&zj(*;=zk&14&$Q3*BRYw`n9VNXUG2pA;+mX`VJ zrY2l&jh2@v2I7aP5+-5K7<9?hY3bGX9+15LX=^i3lDzlsBUe;EDdgna|GO)7t&Of! z{T+;V(Dy7HQM*l%ZhrkwfllPAeLpWZ7Gb#1E?(O2U8lt#I~rg=M4@_}%oa3`$` zdZOv4vG;r^i-K`*;nOro1&pSTOQFV`(!k z1CKMod~3KvV^h-#UB%lv)xmTbeWj#fr}OPFnNf}$aHp@a> zrkUGgc<0ik8{X-eOHip0Kani%dObQg2?9yJvo7;`VbIWVz6RKI|Nh+IBtYFcZfSE! zr`S4>C-$$6;7(7R@Mo(0)2B~0qerV)VpnZ`Q*(B__TjtDLn560<5xd~tXt@)qwsck z=W8z2XPdWo>8ZWYxMi}#3syAxoU!8zW5Rt7Jt9S>@`={yDlSgx*JubicyYgms;TA!Rlf!CmbKXF&1Zxv&_Z1d$8eP#dgx z)anP8yo{1oSAN@>RGJ#RRrx`@1RVj2bU`4K6p_p{3TC07U<7v6PFedA|eC=Q+Toy_U52?sQ^e%guqn8Nde*RvQ1 zdz6ohuA=70HMQnnUss3~Z5L}KpHY~-aBwZ7pCu^BimFF}J_2=aEso+ufW#3F5w;?oDb)lz2>VryId|z25j>~ME*v#^18zALC zk@7WGh#y*$VczMUxQ=5S9cw0X<~^_l(3yLH;b;0cCpjHozKV)|1Ljv{3>a)RlMgY3 z3PVjif5E)(E3rKb>y~ES@c}BL`_fv$r(d{z>=e*HAffgYPnmx3&4Qbu(y){Trb`ey z^e8J^+vSx*ee^l|TJuJFMa??#{COh1!#@qm zv?FJHZg^ik3r@Lr@!h7D=Bl(96wSokwOi2lTpM=vkZC5H-@ zQvy@nS4Ppu$S8bT;F+xTK{a%bTt1}-9lMx$&b(rk!wmI6*Dum5;MFbNuDLn-%<93b zRo$X4dkuBUGCev`0xss2g7Nt;D4v+6=c6L+^pIG5CR*Njta>}0Aryjx|dsqU)FQ5z!byG|w~ zlAV#+T9^jR`Zep*^G`ah2b!OKw%u*|@YylLkoG4NCVuRZ_*b$yRMIbZd;6a>$-SiX z+opCG=_Y3Pmom5ZJ>Jy~^AI}W+H^MuN;@ywnKAp_1Kqy`F}vEEFFo!w&kRrPXE4_9 z8yuW*9Ex}91LNL5vHO3fw3^qB7-r(Y{lzYJ>PD*{&!yQR-kAszIV0Ws(A`%*s`bO~ z2@MXvuA;+}RdU2>bRD)k5Fg);IHe8N#REG{r*lMmE+ zCjGTsGod`TN2^JXI;EmgkzdcCu5Z`29|UfGHc8K{_z8+#3OA5q?M4{ z3JolIf1{FCbrPkhhbc~Gr2Oj&&5R{d!*beBd{>Jy{+eGbDH5j>rNY!H+UJ;Q0cknx z9S&Wd(}WZxGr^)JdU1PDf7NP}bgg4suc2hzI^?NbNOI}W9v|juEcB^du&QCh$!-JH zFJ?`a?XpJ3-D>z8y{Mv~10S5e^iVTVZ4g&4Ro!g6Hs}4o`C~`}X5D=DETNqcIUP^s zX=Z=_kq>DWyDmV^a;@Pf*7ScPinuBgbuN8xfMWLt(4C-!lbSRJy&*U|CGn^kv?s&D zd5;8jQ(8XH3u{aZFQOW{`)bL6 z2~xN6wvE>qb+c{A?wb%FGMha4UR)RAMd^d@P1cf&hen0Ir}2VAa>Zt}7MX^ZWe58A zqzC%Y-n6J-q{ZPc^NvhSitl!-S`(Sq&EphnsvD?Bt!R_?3XGY!$bv#1wk{zKS82fUJqRlhDufcC5CJ7Ko;=23YCTs{ziO+XVDG&O< zd#4b3@lLqSp`AJ&!qhG0b%qVkS8jFhew4&eN}mUmXaX`n@BOmv9iK4KJt!h2kUutg zk@-=1f})91R0aAE?u+x+ME~z6o|wJOJ|DXDg^L$cZEpPA(U|M>O*C;HR*k)P^&YVB z>M&J01>(B%2Z{!k*I9}g7+JMIgoPOjZZz*77i?`QOaK5MEbA+ptF&m*Gva@5McqWD zt55#@9y;b4+`M4|$DT0wtC{3^UXN_g=Qj{}p0mq{be&?Q!#K$HaJPzbZBIceK)RSwh#9dwu1>HlZjD%y;Vu5}BKxskxsIHzw-vQERth{cbq%hZyiGk;T7&8DAHV@!Mm+9824~W}>nOf13 zbkI~`JU4Ay9*$ti(dcO`aTMza44%1WhSq^cBN(!g>vDHoC!PGNDxsdV(^~q-DYC|+ zye?AIh~59(2}@?Wntknf&M;379m?c+k^2*Go@9F!tu%m%X%VG+6#qZIh|bAde2Br| zSR@HiQG#~@d3rmbGTp(R5)usIdd$BD&!gQiJaPs?0{Fonnwq}j5iuwb+7je=dI^t? zO_!ZNUoK@|N&I*^sF+l$1$w%F=ZZNJhg!@1XDjU)eyYy{u~NzVo`MN1{XU%q7sPij zlVwnsaE7729?NR@p-r5Tmck4l#u=v23 zB$T=6BV1o`&E&Y1);Q04QF}W;OemTGZdl?d2WWi(gzWuDul63azwH0Nm zDm9@`#iQq%`t11kAmM~p`s^vr-HoAqr4#jPUH15B!B__HQU$Gp;rrvAYiMo>-39>sE7uUmT~m_(88Kpm)pMXV)>mV*qt5(+(&ckVEzH!{?(dh; zpE7}>hMrcG*2mym|K|-@kKd7R)im3{>e;7n-@+JzaCOrL>K3FU?1^DcausK&04X($ z!}n%u>*(C_+Jq|7%|Pi$%G{ypzLmH>#Yw4ACw(fAlTc%lMgLEl+aurYL|99D>OB+b zvVGc#lS~;&vz<9xZR(l65QrjHJtnyiI=8dv1)MCu;MmyM=^DEx4y<37Euj`}iW?AR6hol2d$JD;5> zn)r1P{rkDSm&^>X7q`u`OOuHv<^Sq8z9Pd;V5;I^PLCPZApyVJ)jkJ4UhV-uvfq}JE@4Iwth^5zJ*U9>i`*mA1ygXK2u_aU76sF;x zy#ovO-|CfrW!t2)r2YdXWe${H3B1EIK!j%9^z!A4p1U)~dW-}9IwH9U4CH)F(I$L# zj#}*jnK`7g4DodJ7@zmw|MND8DkHPjzdZ!&!|~xrt8;ln<=y&ghos9SY0Y3byi4BW zJvy=Fkhe+7v7-2M$1Ev2YukHakOR%Vf(w0zStlj@*le<|DB|ubyODj?Xvy1nubSyS zwBkZ*TEU{3DrXDU1V7!AIU{~f;vMHnvpq~Jdky^4>)0@{CXLG~#X)PP`B`o@!sQEa zw$16N)&9vf-LLJ$p#1P%+KyB~r{*@8NXuTbUkxn7h}Y3{%ume?{^;O0>@AQQa1H#_ z;=6Z$lNo$|zdKf_JnDkO7|&q+$iZ4`V`5rf%M_VFP$K zxc9fNvfY%e9CQy~H2b)uB4DKR-?QeE_Vyh)en-%;vs!ljq`T~m)RE7yYnM?Nap;QO z6zBYHPP<%W!w1^c#~2SvZICD#trIn-IsJPs`eNC=%DS9BO?b--{ap8WjAv@iMGj7Ddf0k%(w z)Fs5pppk=%cgB<^e41wxGjNtjywzyvA}(FJaaW;^-=Ni{SKZ`CO0QAzxwp8tqoLm( z3vs>b3qNFXb8}mMZa(8?pp>=ZcwxQn{5i z-F4CT>aFLa_F`0TAGL`3Zhl=iubL<=7SI9_EN`{DY@q3LXeifd&QjsvX9vONG~|ah z!$ZrOjNEIa)m)mE_CwY`tK(RGK>Om=XWzzVT&`+`pIlR+)4*_}2d>my_G!!#;v}p2 z89eWwL+5M8?|5?AMX8(mMo?>u!`EBOch1^V|sddQ$_$w`Ym z%SASFK?ilCx8+YE8+_AC&K!6@rgtsu-~pRI<>Qc$*pl~-^xZb=(UiXnojmOIKPplKOr|j2n{BkMtO>FL?Fc7(s!?%e{AB(MxS4QhS@HJbXLMz%6Uy zKvC&xWr0ujrs&Ha!-lOM!!rfr0?*DsXE2LToJ0!{2oouinEes;6DCGf@ z9gmne1x*|%&>4zdYQ;yzu3md|hTBB<;*Ng;WVNw_ej6~;7eWQL^LzG^>!Bfg4RI%f zQ2wkzp&Q#x?z!^@zlHfwo{v9Xerl4#ftHd-cJj)@%I)joNh(~lQGvj^GfsfMP2Myp z5T62i|H7>0%O7m4CtN0gEj)MbO3+sk58rBle8D8cNnXUsk&1iAOz1O);>F?x&?t#1 z`V(Eos}Y<<-Kyp4SYE2$(MTO1SonEQj9Kv6QT4x7D5f zn=pBtkyTkX2{?&|)9Nmwnl39pxOQAL;2^xeslu!_-?9htLY_xel}kxqqhy7e)Q^bxoHm8ID2iCS3h=l{(c+y3_cJaV1D{eSLe z!$@GJ;Z*y%Zw11oP~gFVr>Eg?5#IwKaJ*%N`3q7-Nvzv??o=SXVMK!%p_LX6WiL6- zB@!Orpyiux-??KdF1~vn8ip1tB^2P?&)-^z;3Zm+!pvp4TTh3CYq`UH}CvLsV}xq&a-8 zRi4vvpU%2JHedVmxsDvXz9~}@&TwM~Vj~v`Wq;6)&v#159 znD>;F#29h_^T`O0SE%`gYWB^8p4~L;v`?Qu?@3+U5eVK22ySXfEz7I2Xsac%H*Hg4J!JFF0zvD&}0i!m%qx6NfJNbs&@!k59Z zpx^9HeZ1gvNae;s3tlO0#m$tUMs#ZI`rQmZsV>t8ObsN8{{;=QRQa>h; zFqVWWwf*y~y6LO`#&$8`V-_$k0?}DaOl4B_p z1A!dA8W$P{BMonk*$hMX$g0>Dd~W|km0DYpGk0j{{|{9PW7bdq*u!P!5ylv-GPRxy z)0K(gQ>}&J7t*HO^+=^q7Fi6y1Qbkd`FW@-VF1B@(_VPR7>ixzMdAh6s=OT72BBAx zhqc#l$TQ62GrfKH?l2P*VFsAB^>bO@vj1`ctRX*8J6Btp)A7W!aopk?gxmK`P0TpA zzEEs0G(vg4kXi=p$j6(EK4sxgnz207mtYthNQ(pmuH)6dWEDHJcd z8yBr}{}ucyB)Dcf3WHihns!?%8Iw8w!+$z>ymk{ALv;ySsJ7RAbBed|fWL!f`7HnN@Z2*P8vR{ouWsT$ z(2+!qDXO0VH+H0do9}#w=bnz|vgw3gr``{VWw-~MXZIvVt8$seeU zRZIg2EQf=KGWV11)rHT{%Ceg=8-No)g~0o=k~4%chV+80mBXr_sAv-|TDiGMpsYkZOrQu~h{I&~wAT83vEU@;|G@`*T~JWKPMzTUY2fJ5{nT2Cu*%nlU$rID356YJpxBF(lpU3%^#+4C#*~7D6|DF|=2Go?nNyF%>Q-UlXWuKp z8k!OPl$G6Hm~o1$1wtu7PhZJuP!G&<^su*o%oby~-0TZ!cIl=ArH|0THZ98V@h@2; zwr+QQ0u(m4suQ8pG=hVI{?XPxrsYc4m_r9*dPm0>z~4px^ZUgw>?4*8^FFQ}p8{Hh zhsTSLLnGfnfElNHjs?efu;%-xWOwA>E-5iMcUThSo&(I(bo(Ep(bz^1sZI!QNqJ#k zy4xI!i~+2sn;J0e5oZ9$Vo&xjW#S8kC zGpr9TJcrzJv92PI5zk6FbC^yvXvsc;kL(9{3Qhw5`OAr7BX_*2nU{b6^t@p(l>-CC zRlGKGcbH`)CJq!{^aDNuWcFFoYTw{nV7689!BH!Cib^XKvD{8vBA4#$36IAfC+GXr$_{uB>`GeEiTLn>>wSUEa91d2=G;v~J_;zvu&^_WpMlDX)0Y z@bA_PxStAhD`K|E;&eNBDaECwgZmKxz7`KjsQ*ahUGL?!G~EtzWs<@YkG}t8n$Ew| zkS*BFGJliNG*6Df6|<3p+KE&i^ba;st-JEnbLAEb*EB!9`n&gpHs=+MMAHE@x{rRl z??YPpJ-^!kTo)*{1w5N<2A0~*Q`w*E1j9rwT*_jK1U)(u9LW5mAC6f8LFhZ`Ms8m{ z5KSckg$@VO1qk+5fmW0;r0P-wOpbJ@kXzx^Koty>jwrqYl?`a#v;H@zCG^hotEx1Q zS}{rr%ya#ixZ-ios)JptPL%Su{y$$S#96Lbq8yenX4AJbJf9|F$D6JpDZ1r-K(V5poxa#1t8cP!&ET4hGvxxl#dy^>EYxb^R!4Ru~FTN2`KahYB(>l|r*7ZVWTvYK&9m_bIEW zxPNYode-&WLIJ40%u}JW8a*qMQI7EBAs+}LW4G#e1Otk(J;A}hFb^jYxW+GV%xR-O z-!<=8O%LqUHr$|30M-k&hrIqF%X@2U#Z*D=E_RABlf7ZuoSZ!Xs^X~HTNT5+BOW?n zBu5SfwIn`1UMk~crr1)gPNIhFI5R>wJVFZ@E;ek%w!wSMl6Xux1*R)_i+zL4zO?=H ziYQ>;;rPIu`si8T-aHr1k1xW4A`r69&Z`}y5t zSXgpJ)XPgvSp;VJvVA{SPkghUG>Nz!)9Ymey*SJhjbm;_Kf8I(=diQD6x%rIjmAtrmz*SSDjelIo|2T5fhpd3=yd!_w z%$Z)7rf0;kAhtr|L2EB^6sXGJ<}Wx{rFN|QS}6mC9;RcDCm($oZ4Px+wzrWc)-EvP zEia#4ZjFMTWldf$m~oITLLG*92`O&c^ywJK)WX5b=>JbJ9gRrL^5V=(G2wuJi=dVt zfVO`9`mJA@c@BG<)p!#SJwO&8WVVH{wx2P~mn>9jeDKfJR-2eMxg?MrX{_zU;}o#lAtXEYRy#Mz|Wv(I~yY=}mE4ozB^#NTdZ&K0+;! z>W#c_h3Y@In_3VTKKFj>s{TJk<@oPx*l2Bd1O+f@wtR?SfWgs~^;jiQiN-ulG0%*? zU*&WTyEVla6K&v3E>E`$8+FQ7>~lx;-j5mBK-dF}$oMJWAl{Gaz5#nR*r_SK6>jgI!c`CUS#F+j zq9sFF{%^6lLy2t%T7FufAsJ%aJOyqEVcx+g^6+8V%LzgI;k#m`(1y+&f1;N|;$`=@ zojF@r8Mkki=Ea)P9>bl$4dwdD1QpZ`xdYGl$WhJro!~vFR{1P{;c4u$IWz8&w85zM z&_6L_hYX=4c)Ird=nPfrTp%^80b>dr&t$X2@BzV;8L?Z`{{0NzSaJZ&40MUckvL=!azBX|~A~1gImOLYjk_Uyosf z{EAtc5hkw&$ClpeGe;&!Tusoo%LLtqE@vk3*>~J8>3Jpzvln?*y!4Dbe{pDy=Vb>s zwI~CPr!gLtQv6~5wAi9626%#+WE_7X-D9WAv;f0Zmh)SVsZH|Hn17^Bv9;~kB-6*D z#-GjKV>5PzzR(&m;EexRKx0YbILb72H1XzSRST!s^%C5nlPB(o6KC zi3i>}P7@_@N$<-*VL3VH@vC1{H4HZ+xddQg|6<0j8G)-z3Pd=;>n$7%1UQ%vpcUB7jP9xQd%rTcUs^pZR!_1dxfTLa;Hp|5GFJl!R! zV*15UgYFm?dbF#>Ou@6$c=ota8O#MKG56*FDl6F#`2436sJFjDnNKTbLXGa9dIXvh>^ZOzr2Fm zf}qZ9+!W38cG}nnb5b`P7XPzz+l1n~xBSod4n!e zkERXJYLHYNSJUuv4l#lDl0at4eR}@Ot%MqLm-e7IoyLTkk%1EsSKXUkH#2KP*3k7D z+vC0K4_tHdbJqIxJx|~7nT~#l=tS>trVsj*Pu~|d*kn|L`OT)_z;Bf!#20vVFy4JW6X7Fg8CNj1qsuMTeKF&Re2zVh5Zt>}PU{6R=QBcy>eHvaj+SZEKi3XbZ%P0odc3+pRvLY{B8QUncwd@6&iNdz% z^K;>VhD+e)Lq^d8F3WqXxGYi6Wrb41KX-h~?*{akXnn9^<(UZ)hVv8zH8-Te zd(g-!q)MxX-w_Phz;9LvR+pl=d;PvtpYiE{}pjmn!mc@7}3fbp5M!sE2#TD5s1W6UUhEfi(0ut4M?RLGQ}Xk4 zM7T%RLnGH^3oLy35FBI8)YW<%(9y&8dSRyQ9|yTg!_Av@ZUgn3J`cM;2g zd+E|CVz0mcdiU<#b)@m6j9afihZSKr7P!gpYJO4CNy^S2V-MZ8IVCr2X}06S$Oq#) z6-_$asQKnu%yy$<22TAGeB)Vjf4S-zsND<9!w-qf$?Rp;40h@VS7F3Q^JlKgmA#UO zt*hKUF*D}Uhfm<)6E0ZFKf3eWlQ7{vI8DkVVa?d5WusuFbt^a|nmB%=U)F_Pt>#+8 zX$0V81Bz&P;D(DnVBOsppFPj%Z5;XBs7G^v=7=F}HfpZjuP5Ag=$3op_OKq;efMnW zVLRzuC;^IykL~P)@#Ftc<)XF)`l)F4W*Y;#yCZEvxyMp|%t47i5hwJoPeabtassI1 z2}s_fW6+qkKR`X{cC(YD%P=Vy{YMxKP`GSK&3DEj+Skp)L+9y?Us|snrg!V|s3YUa z2--**v-NK~8#OZ3Y5Ybv+p%)=@RU=U?z8sqx{{P|qQ8H2$7|g>{Kocy4_vU*e&?b- zLit^cy1!=ID0TmT-nqiPfDHATK})`|+}Yvj3;pHQ{@gt_N3rLI%5I^*cLsS5Q9EY# zT{dX;M>ox<|BP)B^M-@iw?`o%k?yLKogKP?D&8`$l^?nf&Fup=HT730{QUQCwrTEI z$4v}?)$k+^>=oyQ&>w6&yP(5zGub8#%-Ma=*hz?D}1J=L9Ye%C$yJh zc1rWRDrddhFIQ)gr(D4%r{sabn<3lP~Cg>d=WpPlPEx{U-+(_I|Z+P6ax}!JzXwG)ETBp zogvvA@<_I5@x!SoGv2;U-n1aoI3Wg zVO37v!E1Z_>W#NA`Z2D~ZF@Hvmsh>xTk~4FyZBAgi~wNg=jX3qupsu&-aGP0lE~SJ zWD5#e!jU8H(eJvJuI~4#*Iqb(Z=c__CDl-XH3I(pw?I&pkEQ#KZ(bjC#2DoBPe!A<`=wIn~SS zdTfWv~wfe+U@`@-`Fh3@m{mMblLi%?usA7z0fG3Ep2@q`^1{2FyTI=j9DeeitHEE97n2M3zUxI^6MCJJSS!4_X1z?Ku`VF8Stri3dQyp9k-*{GJ@i69H zTi!zrQ-Voe4x*JFdBvSdS37703**{dJp!%BH|Y`G=%Y4d$chK2=K)+Hssi=A6ugm; zc4h60U3l!#yZL-;JfH@xTa7+&UctszM_!qguMTcmFr~R_G;xqxV7Xk1&8chfVPP;o zlIp6smf(sWYlNZU`hRUFL+Q@bx?!)ua|)7f`0NY4Hj1wUKC8z3l=e5%YY5FSAo~qB z&i4P~M<;XRxP{CfVoAJPzSYL25-s9lIb%KmGAXh;p`itF4d4vW-01z%d8T7-AsGdO zUApCMS|@XB9Dh}fJ)QAK;lV>|xlcGli8Zx$Sr;DBX(UwzDibcZ%#wBhAMO^T?75t^ zFVAquH*Z|;DNl!OulT2qJdAKJ(8Gv9XaY@WHM78YZIwAb*BEc~BLvy|%&my=3I1;z z&3%7-QWJW4cc(PVVj1h`cm#f-8Z2ja6j%|o6}%o!g?>ppbLI&00=jH8R5fIZG4{n8 zIOwn7!%KZf!*Vmvj<4G2>+8*f!wbWEax)MmN)glw{h?6+hqK0YNR+lZ<#-DM4bTQW zP2SXHx8M_w)wNsl1w}QPAgsRm0jZubn<1Ri;u;@FidO za@shlQ>%!c8TPpF^)Wqr_ALGJZ2ayt@5EKBq?VJ=C{OGEwEv7Z*`+3KMjf4>> z8l*jb-`=rbe1go@0dJ~J-i336HYpmG)fj0g1epQfIssgPVD&L2n=!JOnr6GSNWhbU z#=y0whN*09Z`*iv;Q(dju^7YhG{5|8%gf8d3ntEFiyzx9Q_IraypT=^EmmAG<@)qd z3!jEB#kRj}TY*;2s;r<1z|q2_&aDV|`H$9I9t_Fhw?n-5B37nbSJYsxIc1c?_qzPb zZAn^fRi&k?Sr5R_{uWEM&p&FFW9SX{ZTt1k9Y7ZCBn zY>vypL6E7YdwQN9ttY@yF)^-k0D8ReVCfmtrv0EDZn5tdRBz@&4VIR`RA3_@>d>31 z$4KJMZ86SjPdh9LtizgK1fK2{V|id9C6z34eH z$URZ3$GM$9V7b>+t{6th7)`t0-CcX(#?j7sq7SCSS$zaWIrArUk9iXkM|l@@*S09v z-i-PR+XAsQE(tWv0TqzrPHlNB?NGx5qr>FilIBzK(!;akw z>kp&kjvFVcdH6eYv#d z_jbFa9{!pGP_Hzs!ag%8eV%?%^vd>mD~a(~c&*Dm66pRUC*#bSy~F!wR$WXU4 zajIp{p8aKP+W9=0qgK9jL&7AYI62pVBF~#5wpY<)^A9kt3S1;FS?1p=4xUi#E* z+0l=CY^ql*<&|$WT2)zaBucQ?N1^dz5m`DtWtgNKyKgzhCA*4AUEkPp!c4sx$p#Oe zmW-0T{H^{TQf!5LB_+^9>7a1V01cp&KF&DU)u8)zT}PrGe$xiZuVD zf;mB1*+=B|CxV7W-r+YkPhG@^(yRn9y&Z1iumEwDv?(w%JFg4^V{!3wow*1^*hQqs z8b_@ZWn{L0tX9lCLz{+HLawm;e8=I{&Yv58aC*n1D1ol?Y}3c_mC`3DHS=q0m4{6m z^FyzQB<4i|Bz3}W-7R6JoSND;)h}%PV6!APtJ2Qc?o(44cD5^h6x(v2^kcda`OZYq zDD>Kn(p2|nSLBb%5vtkePGKG@BZ+x?9(z4-;mmz zJn8&c=fo)7F?J3L2ehnPby$1BI(QhtNwjQ6A=STS%XxgnV3o|1r9(hREn*HvMXg-k zMRUlISk1eNrEPPZVSadzm`pq~dbSx;pYfwAN@{-cpzqjSg5q2yXME2rGqs$U2E`{P zJUpG=Jk6igk1iZfOmv2^1`Qc8q_J<3Sjh5Q-iou!NcdO_UAlJFvA>i;5a6foP?U`T z-$Bk(br8Qn-Gu!>%h2RbQ*bS=C^8k*y9?6}AU=Ct>iaEEFXlI#ft4)J(RvEncAw}Y zd71ry_UrjM%X*@thj7DIZE0|R}Uh8Hg;8yxRLDI^mF8&4R&%8ErK%(ah+3md*A z^TNBjY)tM5gM!Jn$_<5Yx_^<2k3pgh11;F_R2aMqPHBNPQnyoNDNLQCx zm)_Lm9I#MHrbFdUmJbRJRvNwT*eYQPDuI1ZCW9~h-={e3?R&V=yuW&zHP+&GFHe2>5bZ&y~7e*@%3@zI4QA#p^*oCU@^^(v$D34Cq6MXS4cTf?1=>eLX!jXUJ5C#l2OMvxP1&7a1$-#Rubjrq@GA z6T@#RJ`)Cw`q$@mnh&k;#jVB5>OXu4i}P}S-gsWH=CXpL!S1kxLPVMgAKywYlGtUS zA3|1m|5O!BDQI7O)|7X>?%um65G2B;Pl3C0{YOJj!S-mqi;D|pKA2oRT->OMRNJwDvD zc)rpw^YOH4({y_*%5a^>Sq%^H2{NEThQcVQS0y|8xc3+P-5-#79H|01Zo_RdRWziX zw+VbHj;*?p* z3w(Oi7bWr%=6`rsb7q;glJef==cE6SI%lq|XrN0hXa48Q-4QmY?sK#qJNA;&1Ku53 zik!Jqmggk(a5#xx$8P%ip@MtTDt@l|tL~5?-S&Mxt-apSv5xGkJL1jaAK z*m?(h2Hos_F&eyqJd#0iP;|*_1;-X17HP7u0(vg|wZPs!2XYp}xUpv+b?zyLoU|#O z${$@q$k^@E4z=AqwBFs_ecCjM1=f!t2Qf8+9yD6xvyRzc*zz=65HeWky-?6bg7}>D z<|zaP94hcoBxY^>_HKd7b7&bt>xh@5Y!ns}qReT*e;PJy7zxP2g-@Ruz&?BN{{0rn zYTv`HzLO4TpRq8Q2rxXAdsb9L~MMg8RQ$ z(0bLPl^@_`D-Q4F`~qqcde;Q&diY%=w2IQw0U3Q37H)cROENeK!brdQy)N#Iy-5)- z5cwizQ7@{D_0cxBh7d}bhpCu^8sbA`<&XidA;}!VaBRkm;3>(N4;SCQUGG~LoRoq> z6V|zc!ePSIlD}6?kG=-SH8=0F^q2cG6rJozmI1pLxVfabxOw;$}k+8ii)Oc$QTMb7A&(ihTX{Yc%r2C^35ATfeDa5 zf9~AE3(23+*$Aq7XygoRyZPCTMJZ<$$L^YO9F{qZSTg*k*EJPtX~{o$-KNhqkX7U!Mj1=D|UW>8gH_SU=Jxu0I> z^3VUAhjw5|%TdYxWPek%W>TWo%(t+9rRcUOx71BWqt zPoBg!`{Q4_6zm#&KHCYKqtEUJ2|b#ts1+>8-=p_k!RfQ|NK<5|K}-+b^87}ZsSce) zQi8~WEwuhW2?=cckKlVHLD}q`q0g>QI*A39mR1V2FJ?p?&5$q^p@0@p6tt4nwnBIvBmGwQM7G0u%jE>1)JnGL-;aFRwRj@0%xjY-;Eh6}Cy%YyV z&fxL>Vyt*r4}k`~MLd^)H*(QGjOEx*x)>`fn^;A)?Rs@;PthAi#)~Y?IJoeAq25P< zRlfXMLM=uF^P{4J68=B7-UA-XxBnZzLXnV_%rXiovR9H6B@_+GD6?cGD_?}Hl#x-& z%DA#ZMs~_7qmmtkB9c)eBV_#Fr@r_7{GZ?NxnB3{zV8yQ>pYM1I6j}xdnJB`4hfE{ zGiYQYs_=vYW;BCfz#*0uzq< z{dUj1R|!&g!Vu4M$W<^kYSnwN{<*QOoz$IrsY}hO7Ov}K)tx$anRvCr%8R|pL@Lf} z%k8kRu%IAld1kQvv$K2?R_^J{MnMMFOVUk;(JUq*|!WBPKcMU(P z4PDp;6HypgIJNoX*FtjNKP2D$P@ZAh2^&uw%hPf%dsVm@!$xvppeTa#WHjJESc^KK z+afk%%$QJbaN9BYggX^#(krZgtaS!8zeBSFC3X_tTG$Et z%}&>1pN8+%2dHeJ2q1D6dg;0HHn)iRoPnlP{FIYl;@^2_*tC_srcp!gorU}C&(B|p zN#x4oLaaJYOMoco&R?n@n~hZLGzdvNYjE7v- zl>51$KoYpPVGm(CAzt$hCWVqhg2c$V3A5p(GP~e~`wvi4OQp+Tc1_9>V5EWWS3v?- zV8egLhHooh;-cq2PiDiv$dkc0(Gy>4wJyT{4O-aOM@+#<4!r;U!l?5kT`E1SOons6 z1r|Z*L<*yjF3Eu)MqVMW_+@dGJ4V$$1|avv8RR^Xj6I$X>z=#>-}U%G@!S}dryBee zUGppN7q*Z*hbHn~tI6QC;I$us-?B;R&_=+)yCVgCD-cjPjgMdiB;7YuO= z5ru*4dPd|75@+?Y5afWjgW38j2Fmz*4CtUxLa{XJOvA^$o$t{aqlrkg0H=p4{Tzrs z;_Qs7^3`LpLtv>741jB~m3-pX;V(^8TA1JKh+ zgAG;JjAL*HG<^MqeHpJc^(v}K-Sg)GIXjqWXl&H0b2deu3Va828=XNS1v>>qIThYX z+zl5OWbx{cB7_=lM*iW5F=1d(rx}o+S3!R7wmUZoqv?4jW6#qrZ_eoIChKKQ2^DjA zf7uJmQjij}v$YPAfyZn|RMhk5&k^7P^%=ryr>AQ#psR1Zw)9G4LjvxYdD<{GA~vHY z5*6m3?p4iphHtZp72^*&I+1Oj=MKU&sv7;>_)*OI&@NMs{)&BwjB*eg&O?~>@FBpI z9n1^!^ZixWpz&^(`kI=W+S^$+oq_?-y<^5kMlk=G+YY{+!B_*1T<48ohy!_m6bp|K zRAf^q4PJOIFyDkEtN#!TTb7rXEmwU5N+YC^zT$9yy-)dVBe5eiWu>Ji2iBMTIfNnJ z9ZDTz0(l6Vu0UqXpR%dPA!z&g{quC@Kydi=t7fqqoM`IBKY!XOu`lZHk-dF+n!nQ) zeJcfw)F>&lLNGW!hkju88nL?CdYhWG*BCOmzL}>9!@%XO+`hn^e$CC*9om|CnszVj zTIe1=tofW@r?&delFuJE?&|jNR4cbLTnsxlb=pQSB)}TozKPz;{@>*|?KQ#q;~N7F z4Pw4C5uZFaSL}C&q}othD}d^D#}5B}oYBKOR{=~TZC%|aO5vL_stN7p{gTg&fc40xu z@KSS_QPr)jS(pd3cfpz%%G)WE*Ak8&*`5<|Br5Bz zFBf@3O0yqFQJU^}`@YTlFQWC*UcXx-T6Z@K*T`u2%#?74Z;AqAkpb?(CO}%erR#*K zrHL*4=e4AFCVg9!4||z<^D$j|*&39}HMNJ?^vLh4oC-&-7Gjv=9u$!$b@E2TODXHS zYN5VQXqr}oCsc}FUqGQbQyEfFe4AI6b6=CQ%08C`G0Wy;8x2GY!8~pZU)T5HvkY%<{uI;lVhi%$4 zYv~I8F6$1ISXT8hLhRbZ_AT=Q{?#SYQg8G+I7-CBn_`lXvyyT*;r38Y1d{rdJiZXp zSQ5$2*yIE^v8|KdkvH1RJj9VeB2laFqviNfdU?k6A9B;)(Voq^tO0U~HSEvJAKL8| zaW91Ukaw+5UV+LQqnB1&a;WMk`#Cdz-F2f@(y`c!iYaaOu&QCq0qiW6Bk{Y^>vbO} zLMX%JMp&SlJ1vsawu2m6$1c&gE93>eNS(8$WF38=_UFwug(o=38fmk7=5l+TRR8;F ztOXA5ZM$}m|Hh1QF9+qVZcDmHS%>OW%H?H0UT=5aEI7^g?1g!V^v%|X+3Js9oqo^0 zvkfx{a;1eN$IZusZckrCBsgo8Tu-gNXpvAIe>GrK??MPWeHHrv`vBuG8R~DX{;r}s6zWY%3?UxoRb~5QcI#)9yisG*gWmL8>^oI&WYAVf z3AgeO32Im547FJd$zJsH@(?IFwD==RBD}X1?%~*GLMcX%D=$9(+`wbyyiczDGuK9n zQ?C%-v90|wM_nUJJH6ki)B*PPh+CuILq{84&Pb}>fn;S7v#zBC<@a@cvHSbw&ZlwSZ#d<+wOURj#p;&8?F>`L zDBf!fZw?Iw6g|4`b8gQN)zd>gWEM*>gi@OH!M2tC1+BWLpHUfKwd1VVpjB2UL~X< zfUM3h*zn=KqwQV+B1^~{R(SSB?i0H#+RN1tez$j6qaB#gDONQ_s!@sg^T!SDo9FY^ znK9j2xu$gFnq+Ie=S=dB>qbYn+qcz+71?moa=F5RtO;5`2ql(>Ew=b+{??jYpwUp82K|g!VpRpm<&%@KRCnp$yFwJG_kf z2Eld5IK~Py8?Z~rKMF+gW{C+5N?V|I-=hUmE;D4C1a;v-I4TMIiGwRR_7ok|?F zyfGD!VG@W)I><%<7qw8#G(RpThlh6I`;6FSbs)_o1)*;FZ zs%I}cyBxhRt9I6QW*w<#P)0EUkXf^I{GcvZdw@NAalQTHeNXbZLj0&s-PtwhcP@>R zxh{R4SkVPZxhhF}F9;-rzo@$#V?%r7o@5fzMji441QKxiUSaW4~VRQ$g+G-FT3#Ey%SNW&n$`E60Z&mR0w$L zSGMu+= z{Bmiv3Dg!+eJ99z=9Sm`*yWb~eQP8<2N(9R!7PFiq}7U70)KxA%IJur_+df%dx&(l zwb$v5sMm36E$SWr{YNIXsIa6<0@e!ej0MDr0%rvrB$S$xLScWGgbX7)6!!!hMH8%x zY7>(`XH!qY_+oCNk09pF71HuT{zUMRKuKr~B>4;y-(i*yBh9z=ABavs-TCLI>p%!> zS6_h4hiM>W{_YsVe!sj$1%cRV2M<=G3+Az-A<1uR>5aw^48`pCXdZm43VL+{bhlOR zKwV2j=K!#FGo-EJE41%h#MlSPT)^le$ad>U)Puvr2vy{<3y{gr8V+2LB$cA!2lkNL zYQ?^qAa&_DdN#~dV8nRoQf>CTedIAI2H1B0V zsc7t>@omHK3E@yy-aXlG5W1-jz!-?s*fuvzz%ZAC8_d!)+Hz>|3W{A;{Vub;x29;n zEBb^jOuC6Gw++3X+0t(aP1icq#9F2$21zu>xZ8e4sME&EXZ zvHjr7_-kgy!r5QIACuwEXVp@KYj>DQZ`ldSc&x!nW4*;AUZ)QBkP^v{|O9YZ>r>6Et{XLKj)O zXTC`n_{haQXR$h93pje;s?9fKiX-k$N(LZ_*A|l7?g+8c0&MWzT9`M>p&rKpo0zv; zS1P~-Mx+TD44sMc8U@KY#feY${+S>CzB_yBK`TlBa2;V-2KNIOm$wDW>O^0AZ&1P3 z`CH-mre|M~=oyX+&hPK&fRF8D)&QW72_-l;?QnS6cCnnqQPCZ6byqJMWFb@j$K4t+yO8iW`eV`vtPy5 zUkecD1Vh-|%*$NQ={;_Qb_;B{o+gD*DI= z&@5g?zp|07Ch)hDf}N4k(Sqnq1MuwX?{&QEOIGcs)6~+!Q~<~ej#GK}nGB2@W@jzA z3K3!iTM0P&VA%+qf=3G%J3BikXF0qB!R_4t&#xW(_g@E3C9O#g%MT)YkUS!!F*(O2 zy!`P}x9vs3wS*=a@=zENL17gT7zi|d?G~ADy7aQcwwOY%#P7_xB?39+=lAVVB4zaK z5EMj6j{HYj8?ysVIbGv0UkBFmBU*sep@N`}HH_rfK6gbxIhYl_sxW$;xH`V8Ny zwRlM!g@IAA^@9QasjitugGdVha^Oe4>nJGrF1g5~%$^-9`TP{0n- zEF+qu_XDOc_RwR_dl(qRVp^iY%PwbcbkFkA+ZqFHlUT{jXwW)$kn3ZAfg@Ej@Km3Hyzmb`MFkZ1GY zh~UgzMqFF%MRt-rC4R>_6g>Yv60B-~2mxq)e27Ov8xGFgpDkfSN<>N#^gpoXlk2NF zC;T=mR~;Z!CFA39@$s;9#Hz;*2YuZMDxEd(?kMWA6(XMt`+&s7(5;){gOCJ%q^EKv z*clcg5NW|{;{S&QPC^q56Z<-DfZ>4p-|osjE%HjuT$fXIMp9fE?8nunn@I9x>3oXGg?{I0A1ac0)ChU>C= zs=IIJc3Q(hw-W#f6#dXcI(2L$b^OE6&rjH|0?^R@{O#iL|Ej}!7U$Fyv{Y^$9$Q&i+0~GKcpM1eLK#XPtlWaH z$XeKN_Uu_if8cGi6g|?*!axYD(4T$J&SKsk6~zLPAPY;>!-wx4n5(O+A3Yibo?k&8 zrk<$(%r!rIz5xVQKU^Wix@F72w^IN!4n`X1n+2%wc7s`B_~AoAo*Byn&O2FZ$vXY@ z95}XMwt~WexKbjT)ei&>HSIpXFy6t8QD6wt;;_fDs=*o%R|$~V&Y?gJ%EUAZ z^m`O`{1HT`G)*!938`p<+%63I>zkW5^TCH4kv^croVcCYocH1FQ7{9J9eWKBeQKx{ z0wFBi*T!dUpNEOYOI$eh^aJhDGf(~Ux2%E-)V-?B)=2Vc$JuzY{xI2C<{GvqG_dx~ z-0PCw>A-D=m9+y!D#+$gdzKl2X8ek%%GS`S2^p5p#dd}&Dx`n9-*k4mU^}!`fQ8c& zAZodZD>ff(y=_~mfLI_4WB^#qqm$SpwRd9^3Np2gS9F2sHuy)(I$6Zm;UkUmbrvW9 zErIV`d0N4&;O`1eutR8so90^kfcs}nelt~{S* z+ek-CYYp>SeB29CQ((h_1oCxgsNt*QnxU&0^DRbIyt(ZMK8cKWiQ#Rbh86#KD=m<{ zt`2}Lw&%vF*niZqRuM?P|B-<#@E1c95yM=mO1aorJJIhSEJ!+BSUhR^d(wV(>QMLV zy7tDI0OuxXnJ+xc`W&fz%Ig7c!C66!l{QYsW_WzuP{=8Jpre~MKfx3o2dup)Zt(8h zNhHjW?e{}f$;i^dx?R`F~si>$R_1hcHA?R3)p)<#+>MCo3GX+H7%H_GZglSl4>Jmm* z6HQCqXPkgUFV&nygOpTU^=%q)ILMbb1*nTjDG@*OZUYQv2nrKom)UWaG2p#GDbY zqD{#<&#>Z}*MEnP_}h$wkl7%VLGdH)Zo-~z?Ul3vVS#5( zp8R69J3GW!rUdgUC#R>E!v20$GjQl<3-zHe+Sw@tN=J)b8GD5h3 z%;OM|RTaA*$Aa`P;E=R%yGipqi;1$k>!`CL@*IvMo>z4DZYdd!WOy&UI_>*d+YI>x z4;D@zv9v@ufus=XQR(SXTdCkvXED`Bh=%Rzu^r6NY8QKBsnqX?!}7g(le(u84-^u| ze_XhsQdN8~U$;Pg6n1Vrv;6MP&d#?lajC6kAZ3&OZ4+_-zMOT3 zu*a~~zLBx|qxl@82ksqH`@At@ExI5)5r^fBoKBmiO;O}4@yBxHJ@ORr9)bewh(=BT z{E3CAgyvg4rVARCf8ainNO&H45q*I{)}y{2;Ja= z&?@;ka&2E@88yMy#OP_58`wXPpvDtL2HKzRcUg&_OKs|P*yR2<52G?_I_%T41`Z6> z_wV0-m3MSu=4GP^qPTEQ52|1S0ds++KD43U$(xzqDq*bWV1Ts;-4OC^HRGxRfx746xosR0_!4_H!PSwDJu49#F2Nbq(s_X6Tl-$0 zp@MV3m-O|mEJ*vW0<-J1#_5ftz2QN1gRE?WOsKGjV?O^`c2D{p5{*?pFL&JM;f@NS zKC0z-u2w=}7?@)QU;lU{NT0iR3)HSClA7&Lbz;Zg46T!Z-K9sJBgZ)fwuVJaHy<_Q z%seD;No1-zsf(qayAh96hbaU`F#h4_ifb)Wo-$+nOucZwbg9wAXI|c+z=GL_j_#LxMHY@}!QF4KV@D z@{aGmNUzv76SmL^t3wa?j$g~(669PpaClw#EsAWu zhUeR}y!jXNb$FQ*g+1ck?lpVBJ$UIbz&mm)FuXk@w=Uf@Y+*UVeCxyoio;8%cEn2M zYGiSRD{Ec2pII+>-(VXClKCzC7^wNZY)3AYYgx_REVSa>Mee+M0~xpcUK zbvznd7)u!uHy7{q@?>D?a?t9h(=F+b9(ls)ZvFz|^t0ms%Yd`!b>%pqU zf#-r6wXH&9jr?aMH4lAM1TDhzYKT+yId)MhH=aTR(L43QAt8mwtYx_C_Y{7eUPx;m zBlgjvFi@>xv&(oWrWDUExc9;!40%Nl7W7^3wFGcZ`7zraxiEIrBV1^?Lu}_91BA=$wwk=)t{b6D>ZSKWOp0J<;*Kg+yi^4;R-n^8|?&=n=ed$a_ z2KnpKA6pB!KYutFaN31#E#KPbD_jz!J}*!{Fzfpfv*4*bWl?Lcrjk>YDP3Z&*Es1m zXLy7GZ?QX!^F{F^LF6}08J^=NhH-Q-ueh&g>ooYl(U-u5lI-EzX@(D3acql&Bb*AS z>Gu5%B9EpVFB1i1ea>blOh!)%-=+ZD;l>(V??S2HY$x&F7)IztOi+0IF{*|%o1`NI z@@M~I zU+?G%o!wGzaq|}9TS@)B#2A$LN$-)kK_VSr`{iH}G;blqgd`uQwd1JC?vK&m5B?7H z1rqFbolNX*?a$24?k&6=1tZHsK9Y$co;y?V&E4CBuUsO2Ghi!a{Mw#KJb4JiC89|P zt8^JOAw&WF@DpqKI+Z3O6a%O86Z1nv!UK^I*{auJKW0&%CxdFD!ePL7JvDJNh|l#< zUWNh2)}7W<*Zisxdpxy#f&kO`olYXTbr9_7DP6cn!50-?afSMOiW8c+H;`naK&%D9 z7~Lf%WtZU$33?HHx5H$|iXi*?nI3C}C8(L6M#`_x>4`Vfu=Qo-h%MuV}Qn)+FJ zIi^R8n1QjXp+>Z@v}}TY0^%GHD5fvKAUiQJv2yK&U}%^MWxZX-kQw#(2N0MrmRtte zd=;f9!GHp0D=PNy7}t;S_1m}HN^X-FZ9SGYL7fF&D7x#yS22nTc;{egJndH@w~v7X zelpV;^dj|EkOp9+1gB!WUYSiHgbUVq;`ro9tbY^gDverPohF8D0L476#S3+^sggCC zSQK^w3GwuC#SNgkA9W;J3Y5@OzcGfzan>N+1PTw5*&`Fd2SkfjTqS#oxPP1RN4zI6 z**uHFKo!QCaBz&bKEZuh!539N+P@aQb3J##7rh3d1a1MX93%pI?I{^m^%_5FU|^_%-fEN&23ae(z*%wcpwt9#L7-Gi z)1az?r-}akI-)>z--3&tc^Z?e+ukVC?7Q`RQ2iGKZ-|Tgh0Vph=g16 zoI8=4WtQ)`b;*#7F(S2#fpZ!bV+iB`QQhKeMU2+IhJ zJWxFDTW6!0O{t~}hSWzq5kzi87>|vj)%eGv-Krym1_*(r8!^y523G+SlYaQwb1*Rt zjEz0k5nlPZy0TYRb}m%zQ(jdFyssht2BDSc(ji8KN*}sIw**H%f0(8f!6p*sCTQK! ztD*lP+=vwvh@|nfrzzb&pnjrrH?WDWOiB3yfdYuVn2y{I3d(EtA#!`c3P@XTvB{eU zX9R|aYMYTz4b!Dg?Q{$oQPrR`$E`reSb`Q^#`5)D;HRZ!WgM@N0m+`>TBt!RL z{#=;(79p-qNh!^WhyV{2W||nxqHox1P#EOT6;qDI>f_@BM*JD!r9|CpShi~_5Q!X9 zS%M}$KEC_@8;u4m32@W8+f1`hgngU``KkLm9EAU)w6p$DU`dl)xw7~sBaa|hFLpI2 zL_|nHOYQj`YhRT4)`-}pO$HW-5+M>)lhnj9eWsl&c~Op<%IH(hfT!U0d@J>fr}ZhaFeLKa1cDr zHzw(jW3c@2eu2&(&BxB%a73QT;N<)ZE-F=g)t_&NFGu0zeH8v>3^qznwC& zcghNH&)t0y7MPycc+smz#NciK;J1nyev*+vvw3s9;y!6qwu#;CfovVt?|IWS)>tq}b^;GX@$1c^x%D_n-14$nD0 zzUJ}c$gBLHdO3C74seb&=n2!j5X%8EFI80vRh+-J*fij>fycjhAU9?ZUKOJSg1dH& z#$9<)cJ1fGwRqr>uH5Zvx-k9yJvGH4ZsK!1UFxY2Fjzi+A`5%7w4@7u2p+KO07fC^ zS4Gk=as`%gjO|c1r$5Cyi{T`&w~H1Q(55>>vyB-l0<<3>cpEO!R?_keu6I|E`)NBW z{$A*aU0y2re_th25gMX|LxT%*MKEL2R;H zMpRr}&zjva=6o6~Pdgnj()F54!d(L=qPwpYw-=7UU;d;ETSL|bN4I31ywqC#MDC*M z=;LN)DTnzHZ;Ziw6^cJg$(Y>Sz0qbfHD6@-P!L00O|LqFvo=W>Ou$`AO7U+M`nP!? zx67lr0rJMdi3u+}{+OT%_VhITL!64Lk&#iuV>(gZjrS=%)s*d zlcFs14i&tAwO%odZeJJmx!pC}-a|^dD2ekEJOb#Ex;H{Wg1}F#WceL7hAr6XfugjY zjSK-^f=vV}Y9j6G0Nu{=aan3X0Oqx>^(d|>P_|K|_OeNg=g0U&_xd_-8k zvV@CF_hp#puW7Zc{x7W-RVAG%CVKPVQ1F(!{xBe9mHfNap&>d6oiw7G38_yL$r0Hr zhagkAHFBZAVxuZS8KOzX*^K84a^>scC?jzt$Xi8}m0#e!z|=>5;4iB5>K3m*z(B$_ z(LjjURFu_p|2Javg~5B78*ZAvhBm4ODP0Dxi^=`izyKd34Mw!bb-|rwJo1HoV2)U|zZh1T;cc?AwvC@CY|;MTFcY~3L@fb-BGhVNpcNGhHftpG)pvHz zqJY~GrYj^@sU~*5qM>{Fv26rQKecx-L)RFcl7Wf^l^22ALJqoSU~P?a9WezVmnS|J zZQ_IEJ|7DQjnOq2vex)-=)3@(2t_=;w0*X_t-sojt8SPS?=xO4P^Mxzx; z*`h9l11VCFlg-B*hf_F?+xogXu%sBLh^q<^?8m3)hQh4G(SQ~U4%l6L2%=Pl1K8-`V0+ft zyT^Kw>i zjK3jwPZGAq(+Sxyt}QlI1-Hq57=}PQ1u5a_^XJ3vyF_H>b$53IxsGDh61}wP(%)T1 zi-<}b9lf0P{h`#Qu+i81Ne&|L5-J7e1^7$|a#!@veS||S+PfgE3Ai`$`GY==!#XH& z(<5OKB_-~C6>!~qaQ80G`*f^#z|vQ6Z_)Ciac+hi-pJ^Pb2)%(sMg-T^@MZDuBb+A zRZUAO&MNa$d8?zBWt+?^_i@~@&u8_&4xDCkoh z@(xKSe`(_&CGnCp4j(+7ncYV61X6kq1r0O=M|afxq(RHN1X9Y;_h=?jJ)@%jpR&0> zs6CNO5fQ<}%$(9SuCWATW6ljw7zCnDYfpFK{qIE`$w`2vmWEgwnZ#|3h1*e#&lDo+%?#DIJR<1oU{x^ zpM5ju7)%tge}Z6X$?AnIuA$-RG`*mHi?NMCeMbJwcvrJk-pk=1u8-wpNhAT#0MNn| z0mx?wYwbN=;0f21`j;;sxIfJfP)(l4($0C%4+3wN3)hqAbvShkzb{`)Tbk{PJirZj?)SmaiMxLqjMtM^umZwJTu;Q8SW2Vk}sV+|q`0A(8T1~;`y zc-IO#ea{rtf6s3_=~jWA-_Rk+vahp{4_Q-~UmynRD7S}eNNgjtT$4R7M{!uwZC74G zMTTQ;2W((#9?HYw<+R5ad3C30H>KMt+>tU>2T>1VN&W#Dd~s%Cd=j-YdKx$s*kX=> zFT_ch2cC(1CzZ6+CGXJryy*2Q}bj{`jmw$S3RR7Jx*jv>m zNmnMU)Br1LC2Xa*QHA-Ma0|u=S8CMU5+;sa2|}FbsZOhJVY=;;Gc!aA&)iIVZT|Na zkimlPY@bV}BF3!s8cV%JVbBGGibJH2!ZSrrL!6hFS5WXGm|fVhc8iHYFZ=XNqzrY| z{Z|7D;BONDDLz_e@AFwB9SpPJV;GxYDBb!D^)Iqwm$Od6b;#>LlCJcU*_HUDHD%V0 zN2`|o3lc5gCdzOtCw@kPX+fwG1K7Ljty;5+grf(`&ogjQ0A7W%N|-G; z-xDD_7M20v49$&We#x9zQc@zfP0`)Wt-s`4`!sS9Ex2@-icb;hs#n)6)y=JWG3y`* z^bXs}r*w5Cz(PcHy_NLLA~i{fO1h*8NtIGpuU)J3`2A!H%h2=!;h}=c0q#FAw&;C) zX7_HvccGncPEtB$ry?gS^(6FO0OSxf2W4p@cyRN3v*S9gT_8Vx{~CJ&XXu7;^X%*S zHAqCy{i!DC$T)sf;DCg#mwfmW9wt>h;4qS1l0NCrAJH(fg^itG(Jr)AejVSVu5nFG z&CrzABb?mzl6o>;{-?$659(6eZ#~R4)ZNg8%(O|iDH=Zh-x@tkOn0^@J!e`^vF@@A ztSM)%NJW^3GE_TOmKz)Z%nT!x(@x}7V+#tKH8o39vdskisWyJDZBPsC%?R4PKBM#h zV9jo#dFJe!zGBddcdZ8_e%J~FeAK_lvAhTRIxFd8sgX<4-W8!mOml%|#yca9qQSxo zT=_gllt6qG!A6RC(fn<%k7`9(xwgM>Ate13cyK}glM|BMCX?*_jD=x`vF}mu#l!0+ z97nv5Y_g#B)w1CgEJGUdkfXwi#-jt`;`jd9URJePjI+^B%rmP`WWS`W=4;P!qak%D=0&mZX3oAcDdf6i z(EDl_2tn(_|-O0!tL>&(o} zAu)UYl*qj=_cp3eSR~b@fVO;nA*3ZY!_}k3m&ubq$-8f%w1n*4MZ?kP?8z2>m15hD za3%`nM=2?Qw4-jUd-%kZwU-^;BMJn}#w! zdg^Y=W_Y`C->eWkoEF8QB@h#4^@d*IMSFs^?dN>&u)%%T)$gtFWDJDINsML;u^snx zc{Co`Q>I%|pV+N?bG0T>pTD2X-nG%e$Ajs8Y3WT5505{8{&={%e|h+GboAD}d|hr} z;t-4qMA-SoQd&zFb)16qZ%XZ+S4@!@Zqs&g6VhNgCy1_W!PtZd!L$CqU=TxVuhONs)%cm+MV*iBif-TDI-3Dgo70O-Os8LxA9hfx<>>8Vdr2wI=daR`UwL47 z)T<?r<#%1oAaeCjtKp@Dj=~XnCla(+NaLL=7ouUr}eMQoZmh3 zxhFltw$t{q^Nh$vH*%b5;V~|ngFhJSt(H419uE0!;C_4C&v7n?Lbklh@Hy&3`C&Pp4>KnFwQLP_o^Wr{i(#4UR7Wh#n;I0R8IHyi_0awC6dRrSHQeIwio!>-)6vd{iGD?%bMI&tyS zd;upueRc)0Yk-9CG~MB}sQo}$m276;!!49e$Z?xUA)*p9(Cx$8Eu>scm^JX`O}Oj$ zynjqDA%`C#w{ku?0f6N9?T14H5jCjknYABRwmy`r1e5sMDvCOwcM{hIe{L}YI+y3o z=+sUG_a!Cyc!IQ$t`+kO0(3;+6?b+> zdN|CHd>%ZT`c3--2%yQTi8ECv5HnO-L56pcasTHn9xAr2Yzg4dj!q@wh*I)Q-5 zd;GnEynrNqE|NZ$X~4MzChj|lsT88BC1Hl==?;aWU)j39@6a4OZ`I1deR89ic|wBM z{Ec7+;n{LY%gxCN$ZT52OH=c9|K=vTmjs%*hw4Y~BVcgYFrc9TLh~~40h_0(@?G_vk#J$l!hlCIyAhyP|NX*_>@`|`3)!odyeI9V>_hXbz zI3S{gIhOjxu`JKaaQPl)Wm~ttu_)N^R!Tvk3{w(xNMw89kvJ$1ydR&%|9loj!Y9^j zLL*@{1J^MwEUEH!g@lCUY!^a5Vq3=Q5%t18 z>F(+}H@=m~;G{{$NAGI1Ae>vgR}>bUaisy7N*!c`G=-R@L%U*Sm7%}Kb>%+(3&v)c zVZ*D&#YI~~BU9=eNQO}3aIvx?_JNIqBPKpxD{wgJvahRsaJ8E~i92-vt6r*uDE5}& z73E)iV>rFE)D0OoejDiV&Y3?&#>Hjn2qXN+hp`+qQ^0PBD+ZL}1zZOW0C3p*yg{ha z&`N_N2~aBL@hx0qcMlJ6%IHNfShoq{roIan zL{bLOXdRt!6<$~;ATNxF6T5Tg1Qb>_+m!#kX@(TIX>s{Gk&J+84bsRWVb?#X^>suZ z5`vFtu2DNi43-mDYuh$4!kQ9&8z?U;Fkd{FFz?g^5qh3% zZKe{3_Tx2KUmWCzINC>@!TH+5mIXUX0>yT45WiWAlNd9HTOlFnC8TCU(SPHSoQEUR zTcKJoO4R`}00s8f!O+Fg@fUzMoR`J0kRqq1B;+rKY(mk5dh$xhV~@eFy%ummLK9XU)XDq%5*xwVq>2&1aiKurKQ!#7kK z^POX3W8k+SV`77!1T+XAKN|cB#lR^Fq`k8E-U8sb0jg8DLijaPSO74t2fl}Z3|J*# za1F^f^gxCDOjP;!jG3na(8b5cLo#)%-U~`%%#R7!1O#1#;dF!CiUt7La~#~<@p$kV z8LKWn-O1btqnqW{Bijce%`qszWY`%O?)UFXhXIPR`)E!ot|6wLk(Qob#{D)C?8R`i z)A(x}3hFdZ%}E_MYbP2^>w=W@7v>$jQy&ht>MU5|{YS7jKUo1TU` zZwjt9UI-QigvBW+t7PuB9sN0ltVU*yO5&l^mxw3wlBh4voHFKsg=c;{omh7RR_` z0%vZu3HnP&Z&;{w4Gp2W~hRsUgr5cC<8n(EMYHe!kR!kDp&vnDsn{a`-ni$=Ea@t->Qr zSbYJoh1X7XIx=K_BE=7VPt}`a5Kge%A3(#4X+4~Y3`^{PAm2GLar;3=v~~C(rAnAP z!P@9N^etKmtAs*f&k_Lp%OdB{5rV=FcMiOWaALrW?acj5d(c5j-8+=fh)#}46|E&k z_7pj-D{gg&hYNWa4gkkL9B$c|DPFvI(aTHuT{8SHb};k#FV6iK z|M~MX)Z@qi8QX3#LuoE@spe&6T1*U-ec01+G(9WC35tw@o^n=Fw?6P0K#ln8-TB&Y zG4}d|v0<0g6ufzMu+lQA!ovk&ZJ`F@CWr8~{VTb^jNrpFhe;IGK>~lk&Ko!i@a65` z6jtZ`@84}V_?e3IU?}PUKy(N#ZXZM#m}WCkO|6+#@(T&2V+G)xkz%JSGDrvyhh+wu zyN$j;Eg)@Zv_K-~_R8xR+Tex>I2nRBt-=dIDK2#%SlAdH-e!bIg`Wiz!%Vy>oI68n zBW^_10)NJG0M!*02yYa0PhbWd5EFa%`E#PdJZ9ni{*SY=rrKdu{v10ue}piwiHeGN zUYZ;|E=I=w(b0d<$`id?ULFtvMkA*=(BQNx&FdNb!*NWUIYZdD0BFWwGt)b~b#q8&y!O3EF){FehT+HB4aDU{ zAz*l)g2d(b;8`o7p25nS)xgM8l-ohTAGt(Yf;Qg^Zlon)QivV1?hbHH0an_^jIEj) z8W8iAu3yAqNW*u^lp`$p!V6CgM*rjKaabdUSDpuOJ;oDohcQ;cN$?;e&Qh9WToTOc zpe3NLl*4Y@bn&VF9?6kJMVH5zaT$pT(R{(?EWfn#cfb`11QpVjSpxd;R8D+lW@%x8 z%V^z^fjR*F0;ZrRHz@$x!YM=;a~2Oa>I1let+*_#&e(!yVI7X3ySwh&u*IP`oVw;; zKL}FBU0xc*l|Fj3!kS1wpT+F z4<3i9@@}a{Og#5Q9K|-3=pOxgG9*TkkLqAAXy+m#$AnoipLW5XFC!yEb+A81A5WD- zESPTDSX*f;2h|UVr#Z@=iX67UnTuMXSS-MpNW{e~&CZyXWcxPRY(jAVLqoCq@c1ey zFX!ZY`PGp)FF$4&wHTej5}6M7{M9Ig3o_oG-VFP4sKxT|JF%&q06U8CT{Anlw6WTo z9@sykB2m#}jhADri-H)!IGPt*31u;!Qeq~>sERoev;mO6fsTVEO`!a+o5Y+9^QLGZ zGLex5R;~R0I`Di3#|#oXSWPOyovY-NJJNO^_HKPAD+tjyrB^B_O!$U)KoYKOmXCaBkFcv87KZqJ*RE0hc7mXMp;i145fPhmX794xM!P55X3(uhr zLt-OJ*B4WDT!jO(G<-@=ww5%-nF@ZuaRslw0i>HYpX7KbaY_gb34k6Lj}q~+xP$<{ z$8kZixoc?L%E}tY1;arNirgr6Pw3YWGW}-cK*I=i-RXB1kF~{H6&bKM+i{?HCizbF z>Jh=ypzFj!vYz#4X0#SDDGL86eL@ACb4tm?3G-nbi~Natr%!w0@Ps=O4Ie}ds2s2+ z{5)qNa~gCkgFoqMdz`;Vu%CahodX?gGKuLsm}~%QhT8Fg(Wt=<*%sphnq*-5k-0!V z(3R{I6lA8#hZ>9FCg5XbR4KIyu&vuxa@`C-IFR_4^odjlGdjnB1tElb-xv43Q6DQ;n@5NXEaYFr`ny^la zu2~-f&{mcdy)1k@EFS{%0lfs?)wmczK|#3aK<)^PxpW`DlF}0XteEibKbJl2SlgN? zy{TaN6K(X~3&(%#q^y!~`SEcUoduq%d*U>{d9Dxcw4feB$v9D1D1B<xE+lhIaVgn;oY5-vbW?fjysI5;T zYbLJg6J*)~TV$l9oN%sSkbR}w7BIs3 zzIii_E{JaP<|`u0OUz+8EkE+5; znA(kR-KVJdQT&pBxb}*S-Ug@j23k3KwN@G=?qgBG#G4r*-vM1C>+$1;P=lQJBSwxS zAN;IuLqpKB;gRaV*@RjM^Vrbmr#AStVr!}U6m0o6F&xYJ6bm%N%+1f2W4mo-MZYO( zwkaXzi7hK9$0g%y6iNKH!=tI*;)NVIa6ymbu@RpSWt13Y6i2a<=P8N3nU~ zRV=2)amnSYAtY)fx4la93ee=M`Hw*KV3x{PXHhtl3Z96%Vb zm>hjY5;vTF-BLSEb5wG>2G86agBhi@@(oBwTU!v`^0KRoa1#{g{~$^HI7|W@q_uYr zM>krabpmf|n?hh56n%IMtY5XQJMyS~l$Cb~jJ#!{vcjKU?Rfc7Ym9(3x{ha78 zmx$5I*SGaL0trn=3YgTjk}YG*Mq*po%;D@7s}t#aliP& zI6CR6kJ1+0=T`4pIBO=*ROo`TqvRpCc%{KiB$B*dv7`IV=_pYdLlG2U6-E_&2J@Dz ze${!;_C41+qj0oPBw9CZOyLpKQz&u-4<;mv8Hfh=3gk53&?6sO&H3}e2tB;j_8qcu zpyg#;&PeqBcxvoh%u@U*bdkLoMGRxqpT5x99mQ%xLvNyVjZCiVtz7!`2HOQzTgaRZ zY*0KWtEu0M@?;!>P-!j2MBc3G#`=|Da~^WCRG9l!@f(Lsx#e^|&nu?#?=3Ig6;bi> z%Xrpde((wApO6fWS!-zo@6F7KR80=AP>DR3yn4R!@{NK8b!`$SV@{ySd_YPkBb^OT z;8mrScabL=6-8y5!Fk3pSAbTwL4WUU(;UB8Au(n#g|dXDS1NTPT=Zd_FHilU$~dSr z8?3cqszYr3*d5YreYIyGFbv`r=-6^QjXRg4F^`QAFiJgn@9tgh171cV_b?uTcdT5% z+{R}>P?9^XAzhrj$9~5Fk&y_%gsL-$qrO@`@=12~ORmOX{ulGlt+T{AYQAjR@}fiTie_xxFv%3&aRut2(v(2!J+_@D5QUv9lug z@J2P)3Ro!Y&E;Y2_vMSKvWtt$tIhEV3ED2%a_0afD<&KVv{EeGYa8O-GF7zh!WInt z^s;vL#9fuzavTXgH*$qL#*ZZ6TRzwpALg%S5>0Hr=IRRI{4z)+_zNrCFoL6 zakO>xnQz;+4aB6ct0KsQ6BT`R2YUXb(;{CT|4BF{W_kBx%zwB5ko9o;!oJrroV3mF zsQOI{A%U3wGxZyEJgzi`88`||sP25`+^EME&rDtK62_RyXMVxREm>#e%NLNp(6D20 zF{$2rIz-^|rAwE3#Y5!E%geu1zeo$Dpd|TlFvzeyT|xTYht-RZ10iBGMW7->s>a)9 zWIwE;LWrY%HWmI^vFl|uB_H+zEkQsd^Z8htZ@vz-V_pXN@$>U{290C1)Ya?ctLjFPt{&R51!4}F&iC(Y zFy!QZ47(o>;e1dxp%|FK;3&C|>_<2p7(H{fOK4yJ#Wf(%pxakAHy|cvdx-U-aU!Ot zwlu@ER8_6g_a1=j3$h3%M74Qwyg~3$-Mu#|xZapI=;1n2mGn((vbFx&c4I3Q5!3pB zYnjWno$a~`a#<@dQZY=m!Vgm+`z@^Pqq~RIX%KlSzk7GEET4&` z(*eZq@>2hyzw9U>w|LD~uBZsI%k7HJLGC?-H>OFY39e#T+OE3Z27Q|nbuyfK?Uzyr z1yU#jX3yNAc4qd1QJ0m6)mM-69u4fnJO*6R&cchWv99CwaRo%8nCzw-`Sd!WG~?^AGk?JoY?A(5+g}}zUa)(2}++$((TB@sfT9I z1I)xwV@kg4Q1#Z4-8DhO!Z?819!r}bTPc3qqZ`;cOcAc)=?6LF~S zal+bdwRm@0oxGFGbpE>Pp=T<_RG;oH?ol)PR{kc#YxO$Wg^%buJJU%W2Ha3dWhS0r zE|WAqBoRN*HS+DX_@bPFZnceUoQC=v?%WwI<<#r*m&*qBGA-OKo{^c=tVhfl^Tvh9 zR!$nLMRpgjubhkvo$iPwK@Wnqe7vk+5t@>)+6nZ-=z%NR+`j{ZU>|b)M_W7eSn6Zo zk7$Y>KZff%Dl)f$p4eEl3oYs_P0Vmb2hb0M29hFxrt#JAJ>$CrgH`tjPqEc1m$Bb4B|{hrHi> zC`+bwOsLSELB@%^CDJ`*c1z3S%tC{8IpsD91~+1u89*}t%V(l1_w#O^f`o$eZ$qGlh33W+{*SX=zc8 z?f58_BWBZ0Lq)QRo&3snA?|9wA?Qn3QshfZJ|XE%N=d`Fa;*{8T|c-nKovM5P(tQg z*c<;*dieC|QvkSVn)3B|87JM8ZXNdZK0kSadNw!b_$E@)Xi_JwmCG%R9LL6P6w)dw zDAAGeH!_R{IX-%!$?s{c{OZrA`%5FR6vW3^xcOvKH3iO^O+c&TI@xq4O;=+F*bIzoM%dU@sW~@)=svWP6xH{Bs4HrTc5rVl!g9xFaqH4w=6=~u?U`SF zVF(*pe78foJO%LIz|D}yOr5QIOBr-;9Vuxg<7ywqqaYf2gHns(p3I-T9{0hruZ{{g zYe&J0=$z}$vl{HokWn+RyJL|4XqK(>sr5k*XqPdQ^fh3w6%()R385=tpUdsMK%TyY{nJkK($shRZjV(YWW4jZHO4J!?YxKgo@vpeQK|3ZGE3qu*69r|wH*V` zoT?S1m!v=UYNt&@>5eq}N;1DkM#G8qD^>lp82ao!&dW**`-K~;yXH^be0F3f^Twz~ z*tg6}`K|ucxdE7KcdaPrd_Iat3}Kv|XK*wzsW$EVUTpo=u1kO>AwE9CT$Ao+o7FbD zL7`gFK)DundkOA~mr7qvGHk0Ab$L$<+g_N+#8A0>x^ntkle){N%NFdFveyIUHgLS( z9}>2hO8@gv-D7Sz@XJ;*o{QuEtvP(ibu_$B+2X0hN_2IyllcZhn@t z)d|qhFlV}~P@rAixnBu)W>D6)1M=m+x+1REDT}NKN^hj7yyR%LY3aYVmX*|2h7z;>VFBGBw5deiT zMcbxt2cH0%S~fwT{Be6|1iY!OUDc#MMK&d4)8(}fZ#ifG{h;}esnRI)lfeu$RP@r%sOyR^LM@W&Gg5??BLjq0;yPImV8YsdY0q7z^770yTD5!sCqH&P2s?7>k;ff>*|+Cz%7;2 zFk(`$r=;lIY#7iH=@o`LnxdFK8@1%kCnAy>r=;XSiHyO(bcP0=9!^>t?(ClcM;|7? zKwBq<_3%?Y-T?kR{ny7XF5)w%wOrn3mQ-9+6z94&anjoGi)C?JOLUuhTy}$4VRLnz z$afl()Z=$-Xg<n@+zw>@^F(7_d`%?&uSxwW~kl%+fDQ)l9t~; zK6&2QqrCmgge#d}sKq(L#D`&O1L6jS9Q@|>GvE<22$iK598fHPD>UrCVRACQrzKuTefsQrm55GO3pUrx<7J^m@H;4U6#^Bb2=&;Xz z-K5zEu|FKU(7bCTDyKP0)=b;MriY!3Aq4(pp=F&!q4tbtW9Ht$|J)tI@o7Tn-@Ai< zm!Wt`lup?F#-HE6Gx2pTOM`AF!Z3&9AW~pdGQkj_4WtW@Kr!tJ^}}DNedE?q`)}*` zd>L&Z&Euafj^6pO;vSsQtM|BWu7aD;`uX#rqIxj{=3!VW^~Ip3E)2=zVDQEMJqh+% zEJcz(KSh&fHTpBEs^{*FSUmQqc&yNezxzD#KMjQG7)IG&e5@j~j@FTfLT3YM|0abjTdyesD&i{Jv&plf~GQyLXdYu!(kBz)E}9Nw)>({SQM3%jEA_1 z9$L%*E7g-zH^oE3&y~YOjID(BA(}bDI1^rfeRk5MNqr1qz`;Nus?nWQ>b~}lgSsEd z#7&-N4jtg%zhUC>Jwo2IboK(%pS_>=&rQ2+PDU-7KaPPoq`TG#vpqWwR zTLsI;mPTkyS$gf1Iv3Rl*RW05fF9(tPXlD;q}y<%kqbq+An3l7nsA!yE#ijS`wL;iM|c6K>wY<=%lSz*2VHl4URN^UJNY#i%4h&``33@TQWL3qwbg&sb z2d9P^1}ZYJ6#+K_4kS%OO&@FU`SRXdT8F8IVVJMzry?tgd7OCmEGi$s)EO6Sb*QFm z-7`5Ia3Z;MPk~^nk7*^9F;NV`Dy}4zD&L%j%>R1j_d)lkMYsdeKOva2Gx6V=1%W86iOz=%AvC8TZ z9e;C92f*#wvu7RGvZWY*-7}ej{}YhG3Ro(1H61U`n?VjEyqpZ7b&LD?hCg)&Q!l;u z*E_hFgKQVpJgAgYdp$UC2G*j>Z^5IN_el6dtCWO`v`?})SxvZAZd(8AvnP_^asr+A z7$Xi_z9a@5M=Zkt9lUEVYUlMvxmjE*>Cf?@te=VB~lpA^Sy{xx!z z3@)m#EH4)pV{zee9brHWC-|An+ubadF2&cU4<1ketRn)rq`9Yu_k$hJ)ahSV2@e;o zaf&^SM~qxZ;5M?HB+oFj7BzE;IH#!(4~*1I&dPdH+!(n%Qu0MjBNdrR5gz4B zmM>pkGKw9=U1)d+%oc0vq$e4Dzwwh-nl)24oxC>fPO2GHlJ|PA`tdIQc?aewwRWV? zthPJ%?_UcYX8i}vfkUMQ=T+>xud{0SCS2dulcY|VQEzwojf4}kY!nFs3 z+Ej_VXy77zDz?eqc2K`*cRpf<>QH5~{fU{wr+0BIPx!IwnvZ`(n%=60aVy1#`6=>r zi7JuT_s`jtFDQ{1KtjZY;;K*G<}-Cnhl3yM`XEch7`}3f6(xCOr#DjmeoAw~lK~D5#pX%~*Nj zKi}P(AQY$Vad#3X7@uCAsdyrMrP$ zJ$gLZnD=3n==wgcU_k%=(qd&N*0ah4>ybg|MBBN-LoOayz=PWexxoqptiM#P=U-Ull|IvbpM`s>FSNtc{wL- zMOci-MOn)Y43UATkz`|=KEXg?iHpm4|GbqKA785TSsXa6+oj{(QlIEIEsXK-DIGf? zaI%iGA`XoI;2{8QagBom%ae7oPVwA24l0}mT}zm)I)nG*s3)x?5^{-nKP{ zQ3D3Y)%BK~e*TiWtW1}RI=y}`Ox+&(f|dV*)BvRp5-a8mWq`aK@gF@e;{HhraFveY zrk+<0PPTVd*k6T5cKg%whs~q>mvYQ#tX7dJa%!0pSrUKKx#Y|RgMTX~NMsLj+Aa<| zNN{$BOvT|9Dwp+sk)@?${Ck5Y54AH}WxsAHZ9GDnr~LCqfw3o7?cY^vrIPzAT-<=F0VhF5mbhX!g-th*v@ zNEZ`AL?nFC{GrYd?Tf;nTFmbS60v+Gf@|;liCt*E1y1sK(hCsy(dx2gI%>WHw8}T^ zSzJ{R>nG5lSAL*7)>$s()((4Dk(^9Hb)^W(wdj!!Gq%*erBD{m_r5w&R4Jx*d9r>J zMu3lWXtZfn6$LUVY3&T_PHt9G10;oNSS0F|H!-s-n1L@m<4RF(x$y4t$sx(H0<(Ay z6?vCmW^@8_NLy9ARHQt3v-#5G)gm{*a+@xfz*c;7>fE%-XIbfQchZoPwdpMCCVZ%H zMtp@TGo$!-G6fq%VG%>Mj0P$=9}~cDKGvYvrIXO)>ia(z1W%z; z_+_!bf7HR8eg>zwmp)%zDd?YW9RzbK(e-E4__FtZCkvk?{G7|w zjDn5#)LEkQfHOLAH2c0X%^jApzH!TmXJVpv7Bqqozjt67`u*xnxl^6Fqe@PV8Qp@k zi$srtF))C!28b^{%);CpE9VQiqe=zYH@WXp?rG=xj7Sv%Y(xQ>o*Mt=tNI zfAf?I2N77#WI0LO=kpZdGW-2_b&j)U)WVZ5JOvN>OP9XD#e`1z>8`{(xqXed;1obx zL0aB)Shg}&jPI$Y$?c2j!HmP#VCi&h6W7%ySG+|?&1B83AORn8zMVwu1lUNSgL~Tl zjggE)3lh($t%5@~_yDyVr4SPxAHt1`()GT;_mUa9po9B7#n1^AF=a2AiOia=$CaHL zZ;|UVta~d-=MN=;`F%isY(vK5s%Np>U=KkvkC89?1SA9FdXW4(VU-YJi5mf?u-LdV zUR^s2{2Gb~Y79`vsHiB)#fklURyemlI6aSvoRTdYaJ^~kEG_m4;?F(M8p1ZpM_e|b z@luqeZ89Y}y;oGEgI5zd1nfX4L(rCn$jE%v_V!cmYUg@}0tD6^j9N?$&Rk3%4CXfn zU8~fW!G@3K;5W$hkJPVH`VT2>nKJmMz8;z|(pbrUSj6-lwi(6dldlx-UtgEi!N+1! zxT5&BggRulD&uZJLZY$;_o9e=wEip99hIV>xk(lTTX$h1(8rJ#14bn9bMVoR)>kAYBlVw#eS;u9oED1GZdieX_2<*~N=gK? z9WygCnw2o72*Y|zkIZ)J9gEI|c~c?~5@fVv=@!sy>BL0NH)AMKaa8-~(+k_wOc)Q&{<|uW0?7><`y; zD4Mu%RyQ>_sh^e=J#mVvU zw=SqdJ%mi+A(+Mg__8-7q~gtHI)bW#l|2htFeJm;JH)7kg#t6zcUwAzYR)$(FduB; zNPcU6T7~L3a~Xr#SeWxl1P~B7SD5oC(2?O9*jTPC-Aw%J>!0`i)!~I0sLnktH_35d z#JP?YB*e~QN#F59u;Zc+`Kh(lg^8aq4cWW+Fq(Xbqfj&6VVcoG&oIB-N! zHbQWN-YOtPd=^W!;oUnE$K7iNdRK@*WC4+S?KaePxQgSocr1L84N$##qT3OaM7YE3 z5g5*VM?%qM_-kAdc&MJ&M^WzaW5+PdC#8S_=)r{2qjS-P9^wnZaWfs)1(Is@#WlSR zUvqhBoAyj~`k~kme;hf6ZQ5+{h~C-5H~?Ommc@*(iVa{(t1 z9u5g+2e$s~QuvNMV_`J5&zCv#=W`QcBF=c}Dj2?o;+SUPi_18MaU(~Ksw*sl?T0%u(Np$0AJV7)9T;^Dc|AL&)k_ zZj^@|fM~&5Y&afp>9nmuuIR`u(On!f#xFebZcWWJB_*-_A8xF=Toz%%M8nng*C~vJ z13`%2;TI@axsTYw44LZw3IqX22iuuapxr)(s9>P$uO(Hti-B4XT=q_Rp=k^5pXy>$v;nAQW9l{H#9rizYOFQ*wM1G81OeVHhO}u&eTB*E#{chu=sIQdd$`jDb05mUQHPqxq6bJTeHh z=ssGjTVe3!6TcA8WB-u9WY+L9e0&h2oLm3+!rp$PfG;S+lL*dK-XQjZk^z^fUG;f6f&vX!EloX9toCMCPqpzgRXn#&yY6m zDJ2ze`^4=L{zzp$6T-Uq#;v;eIJBRny7=7(gDc_8HUL6eTRR`l=~7xS=IGotYZ^&U zUrhOM>(2A%0`J)s?zZHi+9PAk|IS{JQ_@^HTT6by;>810&dgyun=mTg1EYPdE$<#d zfdBLm6a%H(L}+x~c6W){+lID}Qw5O2Wx4b^U$%wDEP1I>!-v1b;lt(BFAwb+&Z@y< zUl_HADtDI>4-6}10FCJeSEKffEs@ds(xTgJDMb%nXE0%uL>q^KWN5XI5r~sdNBPDKj>e!4Ww>ITpCL!h0dYzjM$N3eDukap^cKK-plQ84*Z)`Sw22LB5Jkh zcn$_s`aOb~+c}R2^KH59a!Dr8{Xir-KH7{CW z>cNqbi!OCk!|4*2_AE_!h}>w&+?6vrs!Twe^H%$$slC=uf#ltzH;yt&bi+sY*VfU2 z{`BHD;d#3EX9o|D$>YaWKap%T6U~vTSk#SlE2a~22Vix|(u{Au5eN(U^PaJ%qMc(}xoLf`P?XVj?t zcIo>Lt*Wd%spBa%@$+z*;G{_l4;S7kbf)Q_zBlan!fE|hUK%o4+`6Audc46On@_oY z+gE%v#`tA7TcD_(3%(??*?g-vU@fLbq%aT8)px(HFx5iC>7w^MX+ss6d2waSa(s@K zI3hWJDWymGZ57iC-&E&0GjGN3>HEUW#$mAPiPP`H)=!Dg7^x|KVex=PFXzRY-l=ty z9@%$w2WsJ=JVSiZPHS+CPhBpYml;-2_vy~h?r!E2c9?X_E8o7zgK6dTEm)cxuIFDi zztW8npggd2fO|qr#6LF%N!;SNXBF2rH@nmub}l`o>;3r@sSrV0;9x#d&+>40Pfks3 z#*@sYbnu_mw`;s9eZOC*#r&Y&o$PD3AwUNj`R_e<9sbm|?bngpb+z5UFAwa}N+WUR ztt5vLL;n?vEAM8l{_<2{s)PB2e+%LreAj)-mUCVlF{5QRWW(}N%~zhr~k;Rz;7m*h&Ssi zwvjRHPttpfy1z1QuFlw(`N`!7f)N~sQ!STRTE4tCHFH^LS~j4WbGmhs1rSZnwzflA zzmM)n{#YTkLhjRw&(8luy4^`p_8u}a?Tm+V%oOp1%_ikVW8JLEO)EZ*nS4cK+gz6` zlef)n5*zi@HK}e;;@W*i_dTwqtXh=Yzg&5-`ul?C>dRb|N31meFg$migG%t|6-Le@ z&acv1cd5r9t9>Po`O9_%5)?=v$~N@#&vWzioQ_u`!k5$)s-ollgOV>jy%GiEr*7mo z+X1fMZj86Rk}h$(rbZu?dL1V7*Xw9)MZQ-bc?nj(MKTqks}*kt9HZjufb ztG@Rg@OXjIjIBC_5b zy!w@_$k}F0oA>orlL=wLPd9FqwZ89J8&d9haOmK-ue(}**{6B@M~t7Ne}1jjy^$CH z2m`LZG>Y#m0#qiE&`cTF(^t8>o$I>hpOdxwf0X`c6f&^zd!dD?>!ti5i=OmPDhVnt zD370cA@$%tPZEtA0!_O6#rr&M>X-XO$9(&z@(dHXC-be9oWr`F+$Nen#kx7RMA>NT z+?3kVlMj08Z=L(o!aVxHkA*QhT{XH&c@&-*6}2ENB4Vvq_7T(361{rSJvm->@Do!P zgRCuzzS_@QZzXE^_;G&u7i+&2L%k0VI$CyXrL+HOmk8$%-9?Y6b^~!E+VCh1lm-?! z{SmqlE@opz#}$L#j=os6#r31M$>h+i%*>^kN+QwL?sb`xAn*QHn+D?E1b-Rp7m|(2 zf=<2#D^)+LY;l;rX_8}6WKc)rd~2g=iA5_N`oqVL8Re8k7u9e1YmX=G+-2pRje%j0 z)Eiu13YDm+yvMC$rSj0aw9f_Pt>j2ofMUuIW)PbpNAAwYmo6J+_OTH zOSQA=m4YZp4-m~iQCCpif&N~1SIr2(U$IuGEpKBdPnJ&B5m*>*qI^lSlfLkk z{$65tHBBSw0!(THXS=s}U1b^k`LMG+Zo<)7evsi3g``O+$P%+{pX`gor6!u$0u8ijWzv_MM$)c=e^>d*SJJ|2yy>KCpuUJ z=tiFEFb2p#n!4joVPPL}F-J4fY0=TT@~5k)6-1(A$m@g&&4A8ZxE}OK+WmAEEYudY z)@pSGg}=J;Az?)$*WBJ@g^UwDAc#uJLc7~*E4sw!aRqm;k=-yl{nD6qs@1rbK ztEN*I6ic=sJr|vm-+vp?G>G@R9y}x}A(}EYE-Slk)atqWCG0rL?aMCH5Bv|*;lJhm zlCEl=tRS{KW0C>{1elxr_}r>4LHXxBGUe~la~G!3p)rH8EPj9U+J3@67o^-PKPWcr zSo~FCRbqv6eJ+mk^pSb=uu7nkt&!rH3U+S>(j7)}uu@KHdmzx6;+V9n4>cKWBQO3s ztZ0bdHZT6Azr#-|m0UBQt?fqTLj{0Ev~sGf&FAFx&+g$MT1HL9M7$S?1HmBBz+9n0 zNe=&P>xXH0K1l^Vq#cUD(oYeeVT1xxF)Cwnq8jPaGq1W39FgJcT8z-_S zbNEiO@REVPihBfk9!=y9xeQOz7`+#!Ki*OP);T^Nbn9s@#{K&*3>2ZSOFHty`8j>SYI zR)L2?=-ktDsd6YO0W$z^*4{SEw>vLw=&+)DSkZhF6S(b-O<|QqMeES26J62!FqhOL z-t$EG;653XXep7TJU+)G71=)I*8Xg5TGM3q=rE#PW`VAIzbLMZC55Q}4+sk?M&5;W z)6VY0+Bc$sdm$dn#jqKiamk}3+om^E80gdfqiLeLppB9?M5=NzMwSOdkAkN?cj3Y{ z=dD)kXggizF!tzM2FcL97LV;S!ibIcHiZX+#25>QpD4ExCGTrEM;BK4@F0xo(BR6> zhhx$WjVyQSLB=R0r7z7-!vu}wPrjdEI~cCkWmx&eH4E8B0m$6L$+aL8y!F0AZHyyW z+T7DO7V_oNfI1F!l8r2}#YdD!SyNrjaMQN4l&{?ECr_SW9*8j)yhv%_4%x|#NTj4> zRef*T;rRZBtvyQo-;9i7PtI1;oMh1WiSOJB9;}!F{2AX8$7oE9$BpYXDw0kv!3K=J zgBXM98<`Xw6Y*g(!IK#pL)BZ+vNDP7RkBhQgDT*!sJ((HAuadM6Th5CLu_tU58e4| zqnX(uNkC}Pi^;I8V222*q-jgft<2-AY$%x~6#u*{#=AnF?UR>-)h)a8LerMG(noC9 znm&18j{}De6%?}oHZ;a}8yYyazAhV4WaoNxZvBT3`|H-PSg|5NP&he;pUKFWf)6V^ zp@|b0#+3=PM{#g_m4e`M_(Abu<%k$}?raCkD0H~+mxELKxeW>J$MY{fz1BcVZO~zE z{8a{<1*U|+(Gh%%%PR|MDFY?7BX$Hl``>j<&<3nC?hLc=mnuFG8~@n>Q$F+T`% zEn_%`GjaOrwPls(`azp8Xru7H87Q=rKOW~x43L&yDQqjymotQn<6GbHJTMU4amIA? z|AM8ieSaB@5)#svfE)v5@I*0F0+>4!afZ`2P}-*=V`0<+O*E>=`UcNFMv1R4jxG~) z(-o%8)vG5=BK|8{-nb}p*@VM|SD6{O!-JbDJ`8)*A-IHU81=nqA&P z;%F6GRDa{@$h3kVb(uHqHrm=MT-$XQJ86uii7uF5{3bFn)^nkB0kUg)g!Ir49zU*) z`TwM)wT|xc-c`?O6$0BJV|%=Qis5VQn~A$T%4`fM)~`Pk7FNYk0&M zR$HvZ6CH1paYFF+%=0H_`M`)>z5@{LKbsEEQDQAMmBw~aFf)wmMK|(!mIsseesI`> z`3_RE6LT$|vYJ$YcLRdshJftpK4bQnx2}R-gs#HG>C=a53R&ZOi0bW}sReeQ@Q(K) z%iNFL`NncGXW!;2dFS=hSJ_qE1v$I|KvrKxt{jM6|7e9fYyucWTbJ&^*ofW1U%=TFLSgke zK;grhBals#24BB^9p2$Di&RUp_%=4rlxksewX`9T8}nyEA)Xo%-RkI81&)Ci1@HtM z$`VMh7+ZMa|14!jJ@+3roHCcOjuUP{LY!;CZTD~Qmw$HPb3vX+WBQ79q@tM0KSUjf zX@JDHNi+_~N7={WQx7-%Cf`To<#2uPnrID^430@I+~(>)og0cK7WdAqg!KUmb>(wU zo{B z_$yJCJY-{!`spz}2#V~aZ>iS~bx4-K14+L~_^W3oJH^2Wf)zi=^p;@D6v(poC?uG} z`-2-qPoQG@PJ!OIn?XEhygZNsou;vxKGZ}}S{@&UDZ5^P?Asxw76A^M_6D?sVP=S8rdvDkmc9#%<}R!F*S^%qOx==_)*(FPS|g;hEHbs%9WB z%+xCE8onmJxwPqN6o~`Pj6?G4YG06w3Di9LQp$s|;(+(^#b=t!2&rtk93j!#_of}8 zezgJ?pw^8>qWUX=k8_LJ8L&rZz0$Ik7`-4x7F&$HEbNv=YGoknwM|i&ed~N zmGvr_qmQhTuZB(W=~>Ub4)joXDyepP@z>^8&=-Uf`=gu5Td}U!C7c@19!7$iWT75$ zCM(POv>CqacxGTHG%Dg6(UOkl#}sk}Ovb8KZ5GC{>5KOfGk8|c%#KgX`d}`1cUbrF zVr$eR%JUvxN`TmM^XBetj6J)uY=YsO;RjV^C8k7%41B>_x#Avdza0R+DoQP#VWsCE zuYYRUjqW%Tx>s4@~+V6iU2jJnh zkN@4?T;sj0Ut^Zm#~zQ@To@G)qc7^?c2lx!taG}|nT#h{7W*sXW@kIKZb@&n4SVQw z>8R~^pQ{LqQm3U`H&t4PnSIN;lyP?SY?)b)FN<9`bl`x)`=KB1x78c=?W?GCz2&$6 zeTRmq2+zP*QEQ%gI~vhIuyDF^bKML4KeX;Ow!la7anR~H;ijG1fK+!ac_789U1OL) z+E#q7@OFlN+4R;j2lc7#!;fz}la_YbI`zHYzph>(Ml+)3nReBXn?Jaz(D7o~@^B(s z-b&Mr)1Pd0TEpF><#2G$%-@)!zCI$_{l{tNzq4YaOqw@^5%vUX%#OxIkJyb1_GJDJ zU69bhF^n2=cYKe{(tlBX7-OVkNWZYr6_P! zH~&1xi&N#LzPQdCJG5Kt7xN`u5?jQg7BsqP(L^+gGsuT!(`LOZ%ydO|(Z}V(55hFK zBGJYK4j`wE@}64q!-nm;T6nIDzALO2-zjhO_Wy7mXfgeAjVps!4Q?CA--gTpfv#uX zYV|>r;jZ}B#(*hvCqDvcH%Adc@t|E}mPmbA)j?SFX@0x^m?^Qe0@dIBX}_PQ7P$9+(DR z48;aG1xQ1x#aQx~z0YE#wDCET?*BMW(>&t|@e?UTz>liPn1^q~4D^eeJr4+2<8slf zW8Zsvc+5NffI}jCoH?~(hklh=h)GxEC7Ey3*wEmtA$O!p={DOVQ0Rlbbx&HU80{?@ z-D%)RQH;cLPh+`6bI>j>H^j)l8R-w88}sb0jD>tf}`Q#k3OZp_3HRiG4mBK7c3cl+6Jln=o!*8O@!CJ##xIF zZrtQ_wZa)cTnbi5SEoC9wTbnf5H_ywUei%NPEJmciP%?TkJ71eirJJips(0JHLmyX z-gVyLKBq%`K;CF59gtsp?rHOKy&`dUp)R=8gL{xXWax6g8!!2WE7p`dX+WlP(#U$( z{PmYoPtjFj=vag1?7m`Z;3^dGa`O$V?q)rTDkw4dyZ&}n_g&F7e?-=zldgP=l_{OF zt^&VIo|>;D{&L~Y9}fY2jq2Uvs$Onx3)eZYe>FcZ620y$TxQL$J~c5v`B&eOK1HoC zEL^EdmPS_bX4^vtP45A#eeGRe!)f-tC*?kG+W?8*)uPS5v|Kd`9}v+o2y;5*@?gH5 z>m7mjT&jG)=H)nkyruw*?!>~0J^aF_@7&Rna0FGc%nH3HUBxa$N3zj{uf2K8e}6cS zN`$Us;{NqhwgLo^^t;&hz5S_S;^=0d7$FDmSiWfxGK#+Wi%M4?P-?5R*|4YzFbsfW zJEg!fy}X>rg6adp_`<)BukYSdXU|S3O&49?4AvEt9#m@hUy; zF6#!${`a9bd>v3w9kXtP@n<@{vwB!)g_4u~f|4(0aAjQY-_<+1bMd0muKIeH)0Fxe zvyWreb@I)n6F4Ah@n^5A6ogpH2Nu=)jP9*=`MH6>hGT(m`Z;&(QN!t)uWz8!T@NPZ zX9Z85T@+yw-}qU~U~^Eo&h-zm0Ugieo$yRb?@MN7kiy%`W{`7Xr1m)SbIqyf!6$_+ z^Y`+EA31mH)-9^!!%0WZo%$~qVAR6+)2F?s_A03UvqDpVpG(^eT=%A#7SBI)s--Ed z(`z|&DgZ2#y*{q|um;ln$LhZAe*d!^*kFYYH&R9$gq?y{((}rB*N68dznSv6PW|qT zU)y!g#7@4Q?>Bzc5eRoNy?m<=S>jkY_UKsdwBl&}>0EZlv+Z=i=0Q&?rE;4eqSps$y7C zEPpCy=bGy;%o`S#?SFo-fJY*vL7O{1O=vs3QC9O*d_JQ`=1Ac|eIIkVz&X9LqGGMa z@vJOd9ugkDA--D*!NLdJwu%`TKYsWeE_66=#h;fr;+1#rV%(@d7pzn|M9uJ945U#C zjvbp^WltHc6?%DVy^R?6L;uZ-#!Z|)6eA!2C~7b@C0M0YyyXqEYtB|Rz1f`g8Y2`L z1%P<%?X3U(cL@T#p^QCzzPy#ie|` z5T3A+1ww1ysPXYedD!i`3JXMG}vZZZX`Ki10?p~1-L^0;{Vrh}$;&{`p zYu1F+s?t)$zI(5lOf)cTd6&MTes@ED?cbBJqoH+T1{gx( z(4X)Sj(STL-VgqH1ck)3w5m6oM;q}AM=nJ?FJd38G59T@u=Lo0!#6K!M$E|_V?5Y} zxD(jKNyw^R&rFF_GVT!In3LDiRqyCu@4ly5x?qM5F_2EZhBQLBm!i{V2;zhnGBw-D zVo?Y4YZ;bTu<>f)hGBOqs;Y|W-FF7maQ@>mj&CbP+r)`r2fT7mof6AG2YANmMC{yc z*hfxot~9=wXwXAKLSE12iE|<#au6VYS+DYk4au+~%|y zIvk1o0K;L)(XgRM_jk`+HoCvrZ!s~0m9m!K!mU#$j2(*;6)pGy#)q^*nQDjg@$8v1 zV`3r{#mNJ^CB}ss#jU-tB@S;%IrK+3-8*ZB7>#hAQRWr3AZRXf9E89VHK}_#C&tHj z>uRhXp~6eIw-q5I@ zv7l5?-RCGF#sAUtIj;Rj?0A_X7(4hMd(l9H=t1v1Yu{2<`?3kMgXZCF{yjIqFcxOU zcK!MHq5=$8&AHQFR7OV%CaGDg8sQI4b^py_}nF_l(v4r5Eo&du>q)`AG%BFPlIYfI*0-yKyt>r zS&SW^J!E#sZXS%RL}GZElaeudhPevCbpCj;9RB$S>WZFA>_Yhdz;281^29o;Jr(5O zNf8+unFQwsLTuCSYv#|N&lX@klW2hzSA6o9`e*cw83wYgeOi6~{Ww8MY3AtucCxn| zFXl)rE~~eY$T!v6GwppV8;qP`mX~&vRI5x=>ksZ>c@KIN`;11U%a?Zvd21x8(Kd(q zk`}6R5-Kvig7OOs3*R7kYDofb@&@zbunTdw=2_*fEY&d>H2_pE%Q|>!vlT{$$fe|O z<4(iF9W;^c4cP>Cn~9KgW}V+A*;P8#a-2*s=!?C*y^WgAYdJcA%vPlcBsn!v?)T#p z1K)V2*Dg6;9OPmCZxV8xv6d@VY)H3`RFU4kp=?F@RScl8(fMO1Yvhp_XXo^&ZT&;< zNAo5;9nK{#0MMd3O6*>_Qq^?HqXN5)R#vp24;R(5ui5$F5&X*N0PWsuSG2aag8uOu zHY_jlv)<+tF}FqwB;PSf=@l&#X(1#$jC!gi5{WyG_H@H}`Mvtfw@poWVtr{Jc=X{J z%aoyd+vW@jdAB7yzgBwyD^?GO35Z9Sq6qx4F&A;|@dD-CCGs|kYUXAwP zRkFs1hR6oqd5W|@xKbDxBpD zSg@b4)S>v(q(wm;H&j`JL^wWUo`w8zG#6-S| z1XaZbslEz!u8}21HS#jW9NXYxdop$KO8l~V z#~^Z|nCR^Mws8&b`~UZ6{PRjzExg|KBm^YSL~qSx{- zM1youotHRnnwn(3dFm<-dkNf{qkiW_MFkK2nd#p?^ZAU~Y*(?tIkx0#1~?mN<(A!w zsB!I`toi*)7d1^)xeyjzY5HrUZFAE;#tMc23JSvqD~bEX*ghqBHMr-X-uB^U!}U=J z0@~(%mu4}X?WLReLhJqS-~;+$bZPx?vG4rlaDJd`Oz*e-K(Eq@i8$uxo7X*o>P0+xt1=yzII!8vLPV} zi-O?e+r{AkDrjc%Z2o(Dq7qJC-}yr0+FmN?ch7T~lDI}y_E}KWwVTy>?e;yUkd&2_Xc~?CKG-dqPIcD2T-UCLlu*;cuvxaCS><;%7o=p|ElWo6fbfR7zneDz z54Jr2yxr%TxbT$quW!CS?Fe%QDG7Jthl{^6-7|#nb;-$NbI+c)*Zow`4**inttQc{M~_{$39eFxlh=^X00))N-l<{9i7+8->(WO-87FVorT<8O z%b-uD%sACt)nlYn=Up*fEUBbjs%)doz%-YW!voD?U9Js)Pnu3DM-QkS5L-5|%;^$1 zMQ+PI9nPT|evIbw8OwEMW)H@tU45W*vW`Wzd*S^E^~jP9IjxoE3#T!gt*Gu3^KgKA zr^gus2f(s;N?(+z+g{KlCWK+)I_K!zn~oPFRg@S+I=a6Cq;61lTAi{`>gS#|JWOX( z-L+Z^86Z6~rBS1HwpJ|RupeLf_H>x79G#-jx_QS`#*lS=x;YRk1s==|%@aO4VPy$q z>$2m~I2Dxw)iXnEexlML`SUc-*;#QSzm{n;XDw4s-_n>eMG$3-9qUZv0LF^**2U9& z-_3ooy13?Atbj<+#d_Pc?2qG=NP!Bo`fmTX0gq?c*KhClq<|zGgtTe((QRH!4-(Uq z8-&NbAfc%&E~sS=4N#fj2ovSW5HAds50h8jpEoJOghJrV*|Q4RCh*K`Oe}&rwwYJ- z=w)coSKSDpYXOD+!;|#j4u9XxaJgt1ET<%K7_*B?6K6bl3_c9g%C6CayF*eY$ls-XEp6QJ|+T%e-*zoEu$#@M=fc+*g;*NiopV{HQ)MugJ9Ibi=2} zGN)n;&diFdzNgl>JioSFQ5sR>NA8SF@a_`Ft*&RTt~ZRLFk=Fb=QrDIeV=AJ;UvH7 z&p$#V5q13d6Nguf0{MM+T$)vCrO=aMi~}rz{BsE>eePx!LyQF}db8PwAp_8KjSpS2 zPNfwZm#mHRGKLfP*8vUu*!jC^r+4lm#+&F*y!!D59Znk+$8>AN8c#5%;D+Ef=KM>T zFc4P;aYxhH#LLSI8B@@#`O$j6@9+FGsr5Xh1$A|I2sQv)wJmMV>2e{LpEi@6VGrZ4 zY12nR;UvQlbsJLBuH8_5hqhq;laJ)`+lhs*kB!idLQ}A#@!pU_O5E%-3@!^haPs7{ zSEiU{_UzRQ)wc1Wncfqb((7dQwD-_nGAdRX>m#z0SWWx(?)~JrM6iy$Kkb{m@gepZ z{T7wLRSeLCqBJ2nx5$NA%9X6;Ifs^=x9fVikZ$57&2jE;puZf40F<((`||56+J965 zd}mk{&qy>n^orjiUKnw3PG#DP{ZGWgK1G%|BD1=Nhqd;kg$ouK8L;#CIumyKmh4Pc zGCpn+Punq8B^wvL;F}M={{Hx}c7|Rww{OShqb4a8|9*Nem%@%*)KynA_MR~P6K?TS zhx^<1Wa8m|zp=$eWeRtWn5MNqlR@9XH+`s1Xu+vT1c!tW9p_OQq0U;|KGhzg&seq|W?pSq##A9uuoefT!qi~0#Bly0@2 z9uli$cjUcNmr%Bd!BA##1*d*Nx6p7u`h#u*i|gh_VFc*>TU&daj>jBlji9h;|M{Gs zeoQx2A|Ha(pT?bk5{w6jN?k_L;PFgT`ZqKnR%*-x8I6%?LLf4U(+E96tVc|>y*f7`ctTSX1 zS|e-EhX?HElUy6g;y0n~1yYp*KdON-?Pb#^ci~lE;2D0_-jD?j`vkPdPHUET`+W7G$-uti@ zQ{8vJabbk|&8C0acM9%9vzK-Ahh34yeciA3L*V;>#&{3@^JHCGte&cKF)RmWLXfti zd1-5DB)mLrhKH4y_MVenHZY>3A@^7PL|ugs>@;oYefVOWGE15{oIX&q$M-o47p}PM z8kL;{e+L1}_z4AVJ$j%ZqVRdPek%i|_TNSr3*(JsNJQObrNUGeVmKudF=-noA$2uR zf}z*bmb}Pq|Ct+&p}I^{kF0Y%K?;&|VKXz4bAm)ZKsRUutK7n(oNvAC)&{7J_c1xT ze_xnWr7E%My@KnXE}OrZv)6(_Ly|0%j2X*0C6ZaPDAo2iKwM2zo_~BZBb_Dk<4qzi z;5hZ=XO>TEa!~3|Qbbh=8>U473h*V2CGwFyvh1g6SUMRAj~$BY$A;w2H-omh0w5ha zmA6uViA*)k7-23D#VP`PEqSO9mmaT2v3NsuJ&GYpJ#40Fj}qdRaQib{JZzIlSScYZSs9fC5@ov%bRQUWT_0tBIb|$>42sXm7wX|;c^cj zJqkZ~@I1E%`}0L@VYz>PteZKLRlwca4vnq6=xwoM3(dD4f@4%2cM3o6mIw1Dwq5E$ zv>Sf#HSbii;^m{OlH|(pXgMY|C*NAB8eY z+ad6IBO(~Ce4)abub+%1YDxupTSZfAv-@{kGQp4|?>4rKMy%>c9vN zzNs7F{JL8`hh5AE!F(Qe(l0jXl>N^MNI`w)l*-}HoA@=Mt#|42Q=YIX5n;kmk;rF# z`P-^p^l5eeA~xWVl0b2wT#y!n`_#g0Ec~h7e8Z@)__20uy`__Rbd049)|Azlh^L503NZ{L^N%v-&w&MDM3py<1>AB6fiS zu>?s`ozTTvs)7|)M1}KdnaQLK5EQ?1F?=c{=bunMN*slE;!t4Vqzr)?+7PNr-5b8>pKmZdwN6!5 zcY6PKoSm|P*u5XgTPe&JCLtEwg;ZrvUf#}o5e3<&JpxymC26Rue`ec4isBQWowuJ& zt^_28W(aId;ZHte!kPMb_kOYLLU6*&@u+i0J+V>ajbT6aENxC~b*TicU!Pv0#pTr|2rC$a5C z$B-h6n;bjSai4R&yme_l9(e}b_S{)yg;t=XH0r;_E4{s#r^-^3l-E)nF(ThVeUW*X z%2LC)GAbzYTidP8=~P+l$6$`7=i44GuN&I8uW+F4+b8k%n(-keVbTF-T|=4|vT8nf z%hL03!WbPJCh5^KrP}qfP!1+8oHx4vy@*MT&)ffKPWE6kuAlM~JO0hKcP8D}-2_*T zz8!iURKyFS{`ss!%1z<|eLrW*)NRb3ks2AA9q>RO?fkTf4k)1sbt8=*)Vk@m6i<>3 z+zv%$yz5V57u|$JJC2v<=k0^aoK7(0!b;`VM)}=OsK1;xjuUqN`xjz0#~!aIwz~AF zAbk>aZd}WRuz3j&$+p{=f8_aT@Z>63kWm}Vg#%>Zo1}`jkfu5kq{N{&2=A{q|Df>W z(|izlTc!Y3PIoMpJu>?;9$KDLE!e+8TsyuGtX-b&{G0RV-Kzq88m5j)oeGL_NQoZ2 zNA%jJZOoCrmpV20=96qsnAB)p7-9swEg7KGNdrpuGa@#jZF|-b2httZjq5xlYB3`O zZ!OC7(sZZ8@DwG6XqVTIpHHF)B`0m&hP3?K+&#t~R?nX`@#`kNX|LySTN#z}Ot-j} z9^ZBfOP!dxis2ZCkcedXd?hprlQ>FlXYYGnJ^obNhUYa4J-AzhYZnif9As*b(GeW@ z^2jQE0c6m_2{B#`G&8j)Z>ZavYfFB`?!s4(1^`uC-#}G~Z1M|ges#M7@#Is6v9g?s zMDwdFyk^bXoh^?=lel5uy#-bM_pEHe{4i#eyT8hc6bjwa<3g1Ccpi-uC?j+ zlhM$ueL7iPw?chL0O?uuASrY_*b6k(PUp^TJ_b_2kSipo{ zvp=)T+2vA0$6uR&E1@d)axiqWB#XHT57F6cI+ZGJa8!#dk>2F5FwG|>VNb>aFE1^h zYqpyv)Mg z+UgAq;$?s8flzpPeJ6@Q^391TqW8R`xbthNnZp;^*u77P-l08q>{}Lpv(@Rd$v3ye z^>{8=dp^$_ShdaW^3$XQ^-d!Fk24k)Y}yglQ+y9phx^_UG;8ca8yeiS$oI$xg*U%j75?t~EDK*dQ z>5oE&9N6I+O(h&+1WxL^^@7g6v}t9_lcNU<1cj(j`e7**yUxzy7G`bf{(Q#co?vED zL0#-z@j`m>EF(0p?h`!sZ}r(0(=`tl(od4;z(l*-otHgn)7NeMt?D7$daoWwY7bVj zGdDn7Y5{KGf9&WekxdIj19ecCYna(=CNk54YgLdAk6i1ZWaY{t~~yfUHm{%^2^2`$Ne zN@a}V%JOX<8|bj>ckIjb*Hs%TwH)vjeZPU(vg_&LXNUY!^CayiLeb6dyfD>rhV{*(dr5miK2bj0 zHA|+(Z|A0Ye!9luSdQo?*r!_$YmmAkWB;DU7Kz`g*0sA8r;ij3iOP8u2I|8-1s%M>zMK5 zn;&0H*uVI#*2g>J`Lq_ca;FIrPmpu;K4Lu6favQrI;M)sAf20_&G^r9Iv{5|*jpv- zG^hk&h+aBelaRVA!r0|Ztx(JXN^hf4v$C>+lL!>z*`!hb$qU1}87qhU`dtmwiEX{q z=JEP3Fz82sz-$>*T@M^D!We=xRqsyw7|d$#%zIs4r_uhId)nZSWN&7wJ$F!l+`MIC z^uSj$;3B+Y+mVv&fa4o-n2vdl?FPzX$BS6aMwUq8u+VVYdgn|P8GG5lYu#zU(^JFu z_|0a>WZQe3$dx2!MoM*K$Vj^NeC2-C=X;4>t3a0)xYBrx9_0wZpFNofO}RtAZt-IN zh^Btxsn_jz8~5F-G-V1=;Io&m@?m3XF&^#46SNlC4?+H`!WSe!EGd6WUyN^Lnd0K) zME*_?VbPNv0xWah;Yeb49$GJyD4<9DGymKwD2TDTnxglQluKBdQ~$j)C-lOuKu#iX z=bx5nq7(8Lk(rmRk(ElH-)9HoE58OLb%mAZwfi*N2gKjx`JhUQ-5DwoI4gs?J z+xokfSgu*=E%76;`kVM3}9xu zF#~3=mft0FDc}3R!InF;Tz8~#-_^b`)$2Cvb}%3%TOXUQ=$dLdFQ;h8kmaW9c0ZZu z97C3Q{yZc>VXm%#bR{Mpn0wmR6|-rv(!VWKH3_sYJ$Db+&|s9gPH%9c@*W{sV}FHo zR6KCZc+n#GGEfqckZMHno;~8+S-Xw94Z%%&^DFwR%w-C?o{!?<_7ys~Uz2;WZKH3N zlYWRnjv+nSlC*ljDzF8?LK7gfHvy&&zE)9w-^jT3$Tisbm=F8UL`vagwu~b?$sUW)3s8 zc=F=cJ6FJUe+6PR zLnn>?24tji6tC|$e>rZG=vbA$ha2U#|@ z(oVxCO=?NK{LJ}V(U8#^Ra0XZEL-mU*`(LOIR$jtw&{7yg=khfr+m~rNz*rO^FP15 z>YyQ4_Haq_79EeEE*_Q1RZUO;v8l;b-+T?@q z)(u~vI1SmxOEWg>8pTf1J{kKuqG!}J?8%row5g}&q6Ue;RTkr1HKly8T|FAe!j<|n~e6>$=dX+b|CaxH?^~Be}RpFcyZzh!ct^v6r zP~NTj_rcq9xBs8k&OIoqDvskw4^3%goIs*P%{3hn1ZR2qSP+D9O*8R9E?7d!!v`uL zpb`Y;mLj4{An{m0Bv(x)+D2GVtk5BlwMEB-fYR6%F-5^q@VR}?)=dBQM|Xx9hR20_ z@44rk-}m+NY01BQeyUS;W2Ba+xjr1#NTD8k9LbLeEbU*&8f?@#3-y&ahQ@}aqo3mV z{;b7`{r`V<)0>d0pmISC8SMHG5w?@%;BMXE#v5AR3jJ)oy1dkq6~~{BPD2(Cn2q?v zVE4+%eSRV0UqeJSkFSF=u;zaAi4a=xB@Z++=AlMk!##XO!t^6*@J{NzQ;Qy?x;Q9N zR|Be}kE5?4QA<04_6r8_@?`Jb`v*as^^d1{fP5FbySsC4ygR-$PIl~#oyg{g$_3vh zl5dOye!Xw<_DUU3YBVEq%P!67bQwOmHU-d<3B@{n4Lpe$!zpBsGaUjbqtNIl!8N(E z<*fPHT`Cf06UZy}vC>OE)kZ9E#22EK^4<^dP*qdokgKCag}bN;>jR*qAi(D9ZiD3T zaBDQRGHchWnk{8@?MqESJZ})()jb5*i#7t8a-i)weiJL(+}kUnT&t;L6Ub0!j($7G z<-_{ZWo17+@u&^5Jm3Tu>hSzo+os7?u)h|yI8%qp2vm6r@WgV{Byv1Ii%Mj3r%Vyq zFykl)(w;V^9gu)BxY^JNtsduAu5$?R0hzrERYu^g5g9)RY1|s%^FH zXuU+i3Hb$U0&1gD`K#8F#jOm-x#I6ZgxDmyLU@hAFXg+f7x zYXGEmGuuVy5Zz3yTx69#>+v-=MN}CU5?wdTi@AQx9wS*-baXzAdY*Q^03i!hYXbsy z1s^K{p`g@+fYO`dkN_`G&0qS2L=vEqdyIj)!f`87Z?{#kUeesX;X3vtKx8yM7|Jm* zu5)@g?Yt?kKz{>R0Ocg8NDud%Cmvm$tPM)~`%Uo+5gqzi=c_v)plCgZ$e7wRN+lr` zdK;*O<(^X1UW?NquCaTL?EzUOFYVS2;B~_g))=)ul8Ol<$MOlbMw98FB&O> zH{*1SttM(&jA^iZ!FgToJ*mF+Oi@qNuTrT5CS9H{X`<$0>62Fk+capt$R^-@)$}~P zndHfBCB+Th6WD4hh4)w&#koi=4zbm)5}FEf))(iM_Jhz;SUV+tUS}$8MuaYPYTU}j zhPUy^aitmKd>nl@{4(99ArYx?+(h1+_{v4Japv1aSDgssgKdWDbf&wHm)9UL&`nZk zl;J{HOxV)?ZcQ7#1i|(f>%o6!{H&b>Y!!{cd07L}C)1gl&J!26#p@~rFM~{pS$2hc zT~{iwBUWGgt2c#&g5&0Tz-X`m#@rSxp#Vr7cOC)(lfVV1`f_0MrY~=q6dOH5!Nwta zilS)a4MP+CfmHd!n$qkr*FnY|UZFX>T^L%xGH`#M)rF4O-%$W7TM^wPXYu^kMx|t?e8zhiJ)0{Q$9;AVfq!pKHCS3J?fo(Y^k{QfgOEYybHcA z@V~PuNjoWecx`8jO+#4U6^vFrzj~Hr>LX`o&$la2tm*NneZiu!MNx~GZZ@DPa3Sm_ zhd^bS&6X5MkKI{zChQ$rwbDP}vxYrjK$)3HgTT}e`?r9VNrfQd%|=2D;NWUdBtS`! zX>Kp#azS5Xl16doH_w}wzVbxiDBZ_TJRSY|E0G0_CzdYzF}!`%F81I`EWL~ zViT`pm&=hf^K;;FYIXU#sSF>md|b*3U7QKPilE>+~fM=rn3g}XX;$0ly( z`MJc#z`zojbF3@*!L1duik)a7U|P8P{(&URY-x})dMOrm`=`s4yAkJohlBjok}gIN z;CDxaysk@)<*}e(2UNVU$s>utL2c}wZX|jPwHlq2i;9?+)~h6l^VnAq#kNeLfL#o? z&wK!KP#gMr!*vJvcvde~LD;PYT>-sYym4Vgwd5ZxE`Ek#{2j>{>2LAtG>bdHM?v}w zaY~!l2M{*&m`ugKX)^4&ko0}_?CY3(fP=p*v2dRR7)nZZf}#-e1?NtEfRB7K`?3u& z8#hv_l5#JbwyQfiBI2z_-X%}iv1?ZLMQ#p$w6r{EQ`O9rgMl!{T4$qWS>V7(_7pqi1MpUthfJ(ZAt52nmh)vS&e0^9Quey2u zp-^ElCN~2|8${s6*>~YxZq!{knqL^SqswQsc-yTq41oQ}`4dp6`h}eHB4C)CRp=IO z{aDx+%zQw^q@T>| zH5d*;{eA~=75rX$G&@fU+fR$u@C literal 0 HcmV?d00001 diff --git a/docs/src/pass_flow.txt b/docs/src/pass_flow.txt new file mode 100644 index 00000000..dd6ad39b --- /dev/null +++ b/docs/src/pass_flow.txt @@ -0,0 +1,29 @@ +title Kong OIDC Plugin - "pass" functionality + +participant User +participant OIDC Provider +participant Kong +participant Upstream API + + +Note over User,Upstream API: When user isn't authenticated +User->Kong: GET / +Kong->Upstream API: GET / without x-userinfo +Upstream API->User: HTTP response + +Note over User,Upstream API: When user isn't authenticated (ignore pass route) +User->Kong: GET //ignore-pass-path +Kong->User: Redirect to OIDC Provider for Authorization Grant +User->+OIDC Provider: Login +OIDC Provider->-User: Redirect to Kong with Authorization Grant +note right of User: See "How does Kong OIDC work?" diagram for rest of sequence. + +Note over User,Upstream API: When user isn't authenticated (ignore pass route) +User->Kong: GET //ignore-pass-path, X-Requested-With: XMLHttpRequest +Kong->User: 401 Unauthorized - HTTP response + + + +Note over User,Upstream API: When user is authenticated +User->Kong: GET / +Kong->Upstream API: GET / with x-userinfo From cf8f12ab3c03122d22de643d2f66cecf35ea7b0e Mon Sep 17 00:00:00 2001 From: Ian Koplowitz Date: Mon, 15 Jun 2020 19:25:50 -0400 Subject: [PATCH 04/15] more unit test work --- kong/plugins/oidc/handler.lua | 27 ++++------ test/unit/mockable_case.lua | 5 -- test/unit/test_handler_mocking_openidc.lua | 40 ++++++++++---- test/unit/test_utils.lua | 62 ++++++++++++++-------- 4 files changed, 80 insertions(+), 54 deletions(-) diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua index 9b7b13d7..1b184fc2 100644 --- a/kong/plugins/oidc/handler.lua +++ b/kong/plugins/oidc/handler.lua @@ -7,9 +7,6 @@ local cjson = require("cjson") local openidc = require("resty.openidc") OidcHandler.PRIORITY = 1000 --- GET /api/groups --- GET /api/users --- GET /api/auth/bearer/login function OidcHandler:new() OidcHandler.super.new(self, "oidc") @@ -33,7 +30,7 @@ end function handle(oidcConfig, oidcSessionConfig) local response - -- clear important request headers to prevent ability to provide them client side + -- clear oidc plugin headers to prevent spoofing of info to upstream api utils.clear_request_headers() -- get/cache discovery data, mutate oidcConfig.discovery if it is a string (discovery endpoint) @@ -98,24 +95,18 @@ function make_oidc(oidcConfig, oidcSessionConfig) end end - -- unauth_action = pass (default) - -- unauth_action = nil for /api/auth/bearer/login - local unauth_action = "pass" - -- grab X-Requested-With Header to see if request was from browser/ajax local ngx_headers = ngx.req.get_headers() + local unauth_action = oidcConfig.idp_authentication_path and "pass" or nil + -- @TODO: move the hard coded path to config file - if kong.request.get_path() == oidcConfig.idp_authentication_path then + if ngx_headers and ngx_headers["X-Requested-With"] == "XMLHttpRequest" then + -- reference: https://github.com/zmartzone/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L1436 + -- set to deny so resty.openidc returns instead of redirects (ends request) + ngx.log(ngx.DEBUG, "OidcHandler ajax/async request detected, setting unauth_action = deny") + unauth_action = "deny" + elseif ngx.var.request_uri == oidcConfig.idp_authentication_path then ngx.log(ngx.DEBUG, "OidcHandler login request detected, setting unauth_action = nil") unauth_action = nil - elseif ngx_headers then - local xhr_value = ngx_headers["X-Requested-With"] - -- was the request ajax/async? - if xhr_value == "XMLHttpRequest" then - -- reference: https://github.com/zmartzone/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L1436 - -- set to deny so resty.openidc returns instead of redirects (ends request) - ngx.log(ngx.DEBUG, "OidcHandler ajax/async request detected, setting unauth_action = deny") - unauth_action = "deny" - end end diff --git a/test/unit/mockable_case.lua b/test/unit/mockable_case.lua index 76f59929..868500b1 100644 --- a/test/unit/mockable_case.lua +++ b/test/unit/mockable_case.lua @@ -5,11 +5,6 @@ local MockableCase = BaseCase:extend() function MockableCase:setUp() MockableCase.super:setUp() self.logs = {} - self.mocked_kong = { - request = { - get_path = function(...) end - } - } self.kong = _G.kong _G.kong = self.mocked_kong diff --git a/test/unit/test_handler_mocking_openidc.lua b/test/unit/test_handler_mocking_openidc.lua index 1c722b8e..2d4c5814 100644 --- a/test/unit/test_handler_mocking_openidc.lua +++ b/test/unit/test_handler_mocking_openidc.lua @@ -351,7 +351,7 @@ function TestHandler:test_authenticate_ok_with_xmlhttprequest() end -- act - self.handler:access({ idp_authentication_path = "/arbitrary/path"}) + self.handler:access({ idp_authentication_path = idpAuthPath}) -- assert lu.assertTrue(self:log_contains("ajax/async request detected")) @@ -406,12 +406,10 @@ function TestHandler:test_authenticate_with_session_cookie_samesite_set_to_none( lu.assertItemsEquals(v, opts.session) end -function TestHandler:test_authenticate_ok_with_auth_request() +function TestHandler:test_authenticate_ok_to_idp_authentication_path() -- arrange local actual_unauth_action - kong.request.get_path = function() - return idpAuthPath - end + ngx.var.request_uri = idpAuthPath -- mock authenticate to be able to check unauth_action self.module_resty.openidc.authenticate = function(opts, target_url, unauth_action) @@ -426,12 +424,9 @@ function TestHandler:test_authenticate_ok_with_auth_request() lu.assertEquals(actual_unauth_action, nil) end -function TestHandler:test_authenticate_ok_with_api_request() +function TestHandler:test_authenticate_ok_to_non_idp_authentication_path() -- arrange local actual_unauth_action - kong.request.get_path = function() - return publicRoute - end -- mock authenticate to be able to check unauth_action self.module_resty.openidc.authenticate = function(opts, target_url, unauth_action) @@ -445,6 +440,33 @@ function TestHandler:test_authenticate_ok_with_api_request() lu.assertEquals(actual_unauth_action, "pass") end +function TestHandler:test_authenticate_ok_to_idp_authentication_path() + -- arrange + local actual_unauth_action + ngx.var.request_uri = idpAuthPath + + -- add XMLHttpRequest to headers + ngx.req.get_headers = function() + local headers = {} + headers["X-Requested-With"] = "XMLHttpRequest" + return headers + end + + -- mock authenticate to be able to check unauth_action + self.module_resty.openidc.authenticate = function(opts, target_url, unauth_action) + actual_unauth_action = unauth_action + return {}, "unauthorized request", "/", session + end + + -- act + self.handler:access({ idp_authentication_path = idpAuthPath}) + + -- assert + lu.assertTrue(self:log_contains("ajax/async request detected")) + lu.assertEquals(actual_unauth_action, "deny") + lu.assertEquals(ngx.status, ngx.HTTP_UNAUTHORIZED) +end + lu.run() diff --git a/test/unit/test_utils.lua b/test/unit/test_utils.lua index 7540cd6d..034e6095 100644 --- a/test/unit/test_utils.lua +++ b/test/unit/test_utils.lua @@ -9,29 +9,29 @@ TestUtils = require("test.unit.base_case"):extend() function TestUtils:setUp() -- reset opts_fixture opts_fixture = { - client_id = 1, - client_secret = 2, - discovery = "d", - scope = "openid", - response_type = "code", - ssl_verify = "no", - token_endpoint_auth_method = "client_secret_post", - introspection_endpoint_auth_method = "client_secret_basic", - introspection_expiry_claim = "expires", - introspection_cache_ignore = false, - introspection_interval = 600, - filters = "pattern1,pattern2,pattern3", - logout_path = "/logout", - redirect_uri = "http://domain.com/auth/callback", - redirect_after_logout_uri = "/login", - prompt = "login", - session = { cookie = { samesite = "None" } }, - } + client_id = 1, + client_secret = 2, + discovery = "d", + scope = "openid", + response_type = "code", + ssl_verify = "no", + token_endpoint_auth_method = "client_secret_post", + introspection_endpoint_auth_method = "client_secret_basic", + introspection_expiry_claim = "expires", + introspection_cache_ignore = false, + introspection_interval = 600, + filters = "pattern1,pattern2,pattern3", + logout_path = "/logout", + redirect_uri = "http://domain.com/auth/callback", + redirect_after_logout_uri = "/login", + prompt = "login", + session = { cookie = { samesite = "None" } }, + } - ngx = { - var = { request_uri = "/path"}, - req = { get_uri_args = function() return nil end } - } + ngx = { + var = { request_uri = "/path"}, + req = { get_uri_args = function() return nil end } + } end function TestUtils:testOptions() @@ -77,4 +77,22 @@ function TestUtils:testDiscoveryOverride() lu.assertItemsEquals(opts.discovery, opts_fixture.discovery_override) end +function TestUtils:testClearRequestHeaders() + local headers = {} + + _G.ngx = { + req = { + clear_header = function(header) + headers[header] = true + end + } + } + + utils.clear_request_headers() + + lu.assertTrue(headers["X-Access-Token"]) + lu.assertTrue(headers["X-ID-Token"]) + lu.assertTrue(headers["X-Userinfo"]) +end + lu.run() From e737263e397a9c88a178fac916d8026d109196c3 Mon Sep 17 00:00:00 2001 From: Christopher McGee Date: Tue, 16 Jun 2020 10:22:09 -0400 Subject: [PATCH 05/15] Touching up clear_headers test. --- test/unit/test_utils.lua | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/unit/test_utils.lua b/test/unit/test_utils.lua index 034e6095..05e6ccd7 100644 --- a/test/unit/test_utils.lua +++ b/test/unit/test_utils.lua @@ -2,7 +2,6 @@ local utils = require("kong.plugins.oidc.utils") local lu = require("luaunit") -- opts_fixture, ngx are global to prevent mutation in consecutive tests local opts_fixture = nil -local ngx = nil TestUtils = require("test.unit.base_case"):extend() @@ -28,7 +27,7 @@ function TestUtils:setUp() session = { cookie = { samesite = "None" } }, } - ngx = { + _G.ngx = { var = { request_uri = "/path"}, req = { get_uri_args = function() return nil end } } @@ -78,6 +77,7 @@ function TestUtils:testDiscoveryOverride() end function TestUtils:testClearRequestHeaders() + -- assign local headers = {} _G.ngx = { @@ -88,8 +88,10 @@ function TestUtils:testClearRequestHeaders() } } + -- act utils.clear_request_headers() + -- assert lu.assertTrue(headers["X-Access-Token"]) lu.assertTrue(headers["X-ID-Token"]) lu.assertTrue(headers["X-Userinfo"]) From 04f7570464d566e0e65a4ec278c1302a11004aaf Mon Sep 17 00:00:00 2001 From: Ian Koplowitz Date: Tue, 16 Jun 2020 12:27:04 -0400 Subject: [PATCH 06/15] removed unused variables --- test/unit/mockable_case.lua | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/unit/mockable_case.lua b/test/unit/mockable_case.lua index 868500b1..1bba4837 100644 --- a/test/unit/mockable_case.lua +++ b/test/unit/mockable_case.lua @@ -5,8 +5,6 @@ local MockableCase = BaseCase:extend() function MockableCase:setUp() MockableCase.super:setUp() self.logs = {} - self.kong = _G.kong - _G.kong = self.mocked_kong self.mocked_ngx = { DEBUG = "debug", From ea1515f3d780cd4e39ab9874a96c65f335aab526 Mon Sep 17 00:00:00 2001 From: Christopher McGee Date: Tue, 16 Jun 2020 14:33:14 -0400 Subject: [PATCH 07/15] README updates. --- README.md | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a83fe07f..f91ebe1e 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,13 @@ The `X-Userinfo` header contains the payload from the Userinfo Endpoint X-Userinfo: {"preferred_username":"alice","id":"60f65308-3510-40ca-83f0-e9c0151cc680","sub":"60f65308-3510-40ca-83f0-e9c0151cc680"} ``` +The following headers are stripped at the beginning of this plugins execution: +* `X-Access-Token` +* `X-ID-Token` +* `X-Userinfo` + +These headers will only be appended to the requests if the user is authenticated or has a valid session. + The plugin also sets the `ngx.ctx.authenticated_consumer` variable, which can be using in other Kong plugins: ``` ngx.ctx.authenticated_consumer = { @@ -45,6 +52,9 @@ ngx.ctx.authenticated_consumer = { } ``` +### Async/Ajax Requests + +HTTP Requests made by the browser should include the `X-Requested-With: XMLHttpRequest` header. 302 Redirects are replaced with 401 Unauhtorized HTTP responses when this header is present. ## Dependencies @@ -101,7 +111,7 @@ For full support and functionality you should have a `lua_shared_dict` with the | `config.redirect_uri` | | true | URI (absolute, e.g. http://website.com) to which authorization code is sent back from OIDC Provider | | `config.prompt` | | false | Valid values include `none`, `login`, `consent` and/or `select_account`. Note if using `refresh_token` grant then `consent` is required. See [https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) | | `config.session` | `{ cookie = { samesite = 'Lax' }}` | false | See [OIDC Session Config](#oidc-session-config) | -| `config.idp_authentication_url` | | false | See [pass oidc setting](#idp_authentication_url-oidc-setting) | +| `config.idp_authentication_url` | | false | See [pass oidc setting](#idp_authentication_url-oidc-setting) | #### Discovery Override @@ -156,6 +166,12 @@ These properties are provided to `session.start(opts)`, for more information on #### idp_authentication_url OIDC Setting +By default, the kong oidc plugin prevents unauthenticated requests from reaching the upstream api. When the `idp_authentication_url` parameter is set, the behavior is changed. + +Setting the `idp_authentication_path` parameter changes the plugin behavior to allow unauthenticated request to reach the upstream API. Unauthenticated requests will be proxied with out `x-userinfo` headers. Authenticated requests will be proxied with `x-userinfo`. + +The `idp_authentication_path` variable should be a *string* url path value (e.g `/api/auth/login`). When a request is made to the defined path if the user is authenticated then the plugin will respond with a 302 HTTP status code to redirect the user to the IDP login page (authentication code flow). + ![alt Kong OIDC pass flow](docs/kong_oidc_pass_flow.png) ### Enabling @@ -237,6 +253,10 @@ X-Id-Token: eyJuYmYiOjAsImF6cCI6ImtvbmciLCJpYXQiOjE1NDg1MTA3NjksImlzcyI6Imh0dHA6 ## Development +The following references are useful to those that are new to kong plugin development: +* [https://docs.konghq.com/1.5.x/plugin-development/file-structure/](https://docs.konghq.com/1.5.x/plugin-development/file-structure/) +* [https://docs.konghq.com/1.5.x/plugin-development/custom-logic/](https://docs.konghq.com/1.5.x/plugin-development/custom-logic/) + ### Running Unit Tests To run unit tests, run the following command: From d6c32f9fdc9b20fe47bdc29e833b4a8bbbdd9b5b Mon Sep 17 00:00:00 2001 From: Christopher McGee Date: Tue, 16 Jun 2020 15:54:54 -0400 Subject: [PATCH 08/15] Variable rename and readme touchups. --- README.md | 30 ++++++++++++---------- kong/plugins/oidc/handler.lua | 4 +-- kong/plugins/oidc/schema.lua | 2 +- kong/plugins/oidc/utils.lua | 2 +- test/unit/test_handler_mocking_openidc.lua | 14 +++++----- test/unit/test_utils.lua | 2 ++ 6 files changed, 29 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index f91ebe1e..ed5b2b88 100644 --- a/README.md +++ b/README.md @@ -31,19 +31,19 @@ The diagram below shows the message exchange between the involved parties. ![alt Kong OIDC flow](docs/kong_oidc_flow.png) -The `X-Userinfo` header contains the payload from the Userinfo Endpoint - -``` -X-Userinfo: {"preferred_username":"alice","id":"60f65308-3510-40ca-83f0-e9c0151cc680","sub":"60f65308-3510-40ca-83f0-e9c0151cc680"} -``` - -The following headers are stripped at the beginning of this plugins execution: +For security purposes the following headers are stripped at the beginning of this plugins execution: * `X-Access-Token` * `X-ID-Token` * `X-Userinfo` These headers will only be appended to the requests if the user is authenticated or has a valid session. +The `X-Userinfo` header contains the payload from the Userinfo Endpoint + +``` +X-Userinfo: {"preferred_username":"alice","id":"60f65308-3510-40ca-83f0-e9c0151cc680","sub":"60f65308-3510-40ca-83f0-e9c0151cc680"} +``` + The plugin also sets the `ngx.ctx.authenticated_consumer` variable, which can be using in other Kong plugins: ``` ngx.ctx.authenticated_consumer = { @@ -52,9 +52,9 @@ ngx.ctx.authenticated_consumer = { } ``` -### Async/Ajax Requests +### XMLHttp/Ajax Requests -HTTP Requests made by the browser should include the `X-Requested-With: XMLHttpRequest` header. 302 Redirects are replaced with 401 Unauhtorized HTTP responses when this header is present. +HTTP Requests made by client-side code (e.g ajax) should include the `X-Requested-With: XMLHttpRequest` header. 302 Redirects are replaced with 401 Unauthorized HTTP responses when this header is present AND the user is unauthenticated. ## Dependencies @@ -111,7 +111,7 @@ For full support and functionality you should have a `lua_shared_dict` with the | `config.redirect_uri` | | true | URI (absolute, e.g. http://website.com) to which authorization code is sent back from OIDC Provider | | `config.prompt` | | false | Valid values include `none`, `login`, `consent` and/or `select_account`. Note if using `refresh_token` grant then `consent` is required. See [https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) | | `config.session` | `{ cookie = { samesite = 'Lax' }}` | false | See [OIDC Session Config](#oidc-session-config) | -| `config.idp_authentication_url` | | false | See [pass oidc setting](#idp_authentication_url-oidc-setting) | +| `config.force_authentication_path` | | false | See [force_authentication_path Parameter](#force_authentication_path-parameter) | #### Discovery Override @@ -164,13 +164,15 @@ These properties are provided to `session.start(opts)`, for more information on - nonce - Replay attack mitigation - last_authenticated - used for silent reauthentication -#### idp_authentication_url OIDC Setting +#### force_authentication_path Parameter + +By default, the **kong oidc** plugin prevents unauthenticated requests from reaching the upstream api. When the `force_authentication_path` parameter is set, the behavior is changed. -By default, the kong oidc plugin prevents unauthenticated requests from reaching the upstream api. When the `idp_authentication_url` parameter is set, the behavior is changed. +Setting the `force_authentication_path` parameter changes the plugin behavior to allow unauthenticated request to reach the upstream API. Unauthenticated requests will be proxied without `x-userinfo` headers. Authenticated requests will be proxied with `x-userinfo`. -Setting the `idp_authentication_path` parameter changes the plugin behavior to allow unauthenticated request to reach the upstream API. Unauthenticated requests will be proxied with out `x-userinfo` headers. Authenticated requests will be proxied with `x-userinfo`. +The `force_authentication_path` variable should be a *string* relative url path value (e.g `/api/auth/login`). When a request is made to the defined path if the user is unauthenticated then the plugin will respond with a 302 HTTP status code to redirect the user to the IDP login page (authentication code flow). -The `idp_authentication_path` variable should be a *string* url path value (e.g `/api/auth/login`). When a request is made to the defined path if the user is authenticated then the plugin will respond with a 302 HTTP status code to redirect the user to the IDP login page (authentication code flow). +The following diagram illustrates how the behavior of **kong-oidc** plugin when the parameter `force_authentication_path` is set. ![alt Kong OIDC pass flow](docs/kong_oidc_pass_flow.png) diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua index 1b184fc2..0b4ad873 100644 --- a/kong/plugins/oidc/handler.lua +++ b/kong/plugins/oidc/handler.lua @@ -96,7 +96,7 @@ function make_oidc(oidcConfig, oidcSessionConfig) end local ngx_headers = ngx.req.get_headers() - local unauth_action = oidcConfig.idp_authentication_path and "pass" or nil + local unauth_action = oidcConfig.force_authentication_path and "pass" or nil -- @TODO: move the hard coded path to config file if ngx_headers and ngx_headers["X-Requested-With"] == "XMLHttpRequest" then @@ -104,7 +104,7 @@ function make_oidc(oidcConfig, oidcSessionConfig) -- set to deny so resty.openidc returns instead of redirects (ends request) ngx.log(ngx.DEBUG, "OidcHandler ajax/async request detected, setting unauth_action = deny") unauth_action = "deny" - elseif ngx.var.request_uri == oidcConfig.idp_authentication_path then + elseif ngx.var.request_uri == oidcConfig.force_authentication_path then ngx.log(ngx.DEBUG, "OidcHandler login request detected, setting unauth_action = nil") unauth_action = nil end diff --git a/kong/plugins/oidc/schema.lua b/kong/plugins/oidc/schema.lua index cb0b7e23..8f66ab5b 100644 --- a/kong/plugins/oidc/schema.lua +++ b/kong/plugins/oidc/schema.lua @@ -62,7 +62,7 @@ return { } } }, - { idp_authentication_path = { type = "string" } } + { force_authentication_path = { type = "string" } } } } } diff --git a/kong/plugins/oidc/utils.lua b/kong/plugins/oidc/utils.lua index 91e0684c..a9255dbd 100644 --- a/kong/plugins/oidc/utils.lua +++ b/kong/plugins/oidc/utils.lua @@ -42,7 +42,7 @@ function M.get_options(config, ngx) filters = parseFilters(config.filters), logout_path = config.logout_path, redirect_after_logout_uri = config.redirect_after_logout_uri, - idp_authentication_path = config.idp_authentication_path + force_authentication_path = config.force_authentication_path }, config.session end diff --git a/test/unit/test_handler_mocking_openidc.lua b/test/unit/test_handler_mocking_openidc.lua index 2d4c5814..01d2eea1 100644 --- a/test/unit/test_handler_mocking_openidc.lua +++ b/test/unit/test_handler_mocking_openidc.lua @@ -351,7 +351,7 @@ function TestHandler:test_authenticate_ok_with_xmlhttprequest() end -- act - self.handler:access({ idp_authentication_path = idpAuthPath}) + self.handler:access({ force_authentication_path = idpAuthPath}) -- assert lu.assertTrue(self:log_contains("ajax/async request detected")) @@ -406,7 +406,7 @@ function TestHandler:test_authenticate_with_session_cookie_samesite_set_to_none( lu.assertItemsEquals(v, opts.session) end -function TestHandler:test_authenticate_ok_to_idp_authentication_path() +function TestHandler:test_authenticate_ok_to_force_authentication_path() -- arrange local actual_unauth_action ngx.var.request_uri = idpAuthPath @@ -417,14 +417,14 @@ function TestHandler:test_authenticate_ok_to_idp_authentication_path() return {}, false, "/", session end -- act - self.handler:access({ idp_authentication_path = idpAuthPath }) + self.handler:access({ force_authentication_path = idpAuthPath }) -- assert lu.assertTrue(self:log_contains("login request detected")) lu.assertEquals(actual_unauth_action, nil) end -function TestHandler:test_authenticate_ok_to_non_idp_authentication_path() +function TestHandler:test_authenticate_ok_to_non_force_authentication_path() -- arrange local actual_unauth_action @@ -434,13 +434,13 @@ function TestHandler:test_authenticate_ok_to_non_idp_authentication_path() return {}, false, "/", session end -- act - self.handler:access({ idp_authentication_path = idpAuthPath }) + self.handler:access({ force_authentication_path = idpAuthPath }) -- assert lu.assertEquals(actual_unauth_action, "pass") end -function TestHandler:test_authenticate_ok_to_idp_authentication_path() +function TestHandler:test_authenticate_ok_to_force_authentication_path() -- arrange local actual_unauth_action ngx.var.request_uri = idpAuthPath @@ -459,7 +459,7 @@ function TestHandler:test_authenticate_ok_to_idp_authentication_path() end -- act - self.handler:access({ idp_authentication_path = idpAuthPath}) + self.handler:access({ force_authentication_path = idpAuthPath}) -- assert lu.assertTrue(self:log_contains("ajax/async request detected")) diff --git a/test/unit/test_utils.lua b/test/unit/test_utils.lua index 05e6ccd7..24677047 100644 --- a/test/unit/test_utils.lua +++ b/test/unit/test_utils.lua @@ -25,6 +25,7 @@ function TestUtils:setUp() redirect_after_logout_uri = "/login", prompt = "login", session = { cookie = { samesite = "None" } }, + force_authentication_path = "/api/auth/login" } _G.ngx = { @@ -59,6 +60,7 @@ function TestUtils:testOptions() lu.assertEquals(opts.redirect_after_logout_uri, "/login") lu.assertEquals(opts.prompt, "login") lu.assertEquals(session.cookie.samesite, "None") + lu.assertEquals(opts.force_authentication_path, "/api/auth/login") end From 91b0a2ca25aec85f622bdcdad5a4f726b7776ccd Mon Sep 17 00:00:00 2001 From: Christopher McGee Date: Tue, 16 Jun 2020 15:59:42 -0400 Subject: [PATCH 09/15] Updated image to new variable name. --- README.md | 2 +- docs/kong_oidc_force_auth_path.png | Bin 0 -> 67006 bytes docs/kong_oidc_pass_flow.png | Bin 118919 -> 0 bytes docs/src/pass_flow.txt | 11 ++--------- 4 files changed, 3 insertions(+), 10 deletions(-) create mode 100644 docs/kong_oidc_force_auth_path.png delete mode 100644 docs/kong_oidc_pass_flow.png diff --git a/README.md b/README.md index ed5b2b88..f582486c 100644 --- a/README.md +++ b/README.md @@ -174,7 +174,7 @@ The `force_authentication_path` variable should be a *string* relative url path The following diagram illustrates how the behavior of **kong-oidc** plugin when the parameter `force_authentication_path` is set. -![alt Kong OIDC pass flow](docs/kong_oidc_pass_flow.png) +![alt Kong OIDC force authentication path](docs/kong_oidc_force_auth_path.png) ### Enabling diff --git a/docs/kong_oidc_force_auth_path.png b/docs/kong_oidc_force_auth_path.png new file mode 100644 index 0000000000000000000000000000000000000000..96475bde6ebd3537fe838af2ab749068f7eb3bc7 GIT binary patch literal 67006 zcmb@uWmHwsyYRbEK|o5SBn2d;*>tynbW18764H%;AR7?{sZE1`Y*JEMK%~2o?(VLA zC;xNKJMM?~j{Dv*?&1Tm*IIMW`OK&0T+eTXtEtH2Vv}J*5QMAnLPi6E?y5u3oea!7 z;1jVsWoqCT#v3Jh83=XzlU|=213^zA1sO>#&*ZIX4^P68Noeo%W!gmC^pP>9sO$F^ zu`99&jeEjD*oF^?3z#;--c*nIAH$b3f9Nr3-209>=(Ec!A@$-ZO$Wn-(DJ2Ov<0rh zODSyqnc2lfX-li#WI>meZsFCJG>9BDDNLFW0&Ht7KPw3QA%!_2^ywV@q6xV}{nz*Q zoYZ@KGqKw<8Nb80sBh1x&9x-p-=1OGd)*y&doke|=Zf@y8uBGQ{7*CJV*dxtm~9B( z#pHd#QMcEe$YaIuGQp{ft!hoP;cOv-*KU*(=df3JS4LibOkZViXei)(Ild(f|FM*Y zhK5`e73IT+87SAixhDP@&lY|wHMRcLw1Ay15vYXKjxQ;R@2&U0w^j6vjPZ(sjEt-C zCjJw(9>rsu$}e7!a+*rSvm14G2XjcmGYfR=#)^z~>kd^uFCLjNsw5}G$DjTscQmYr zvpnIk#DPSPhc#1#JsRR%JHN%m9Ij{#i>@bIvH znPrNo&!{=K=*`)pauQ$RMDq8XoSNyK@o~N2CaA)2u13SHB_J}JJD328Mke)RW3t@l zE@a|=o_(`ARqcXB195_>spD)KGb~%j(U38}(y` zmzWP8)Lx(bt94y3wdzZ~+-*etet-9Nmg`SvHXG0Wgg^E<-APGItTt^5I^G-$I3Cfh zuC6{@>A4#i`&@U%rB4)*vgzNUS3Yj_Ua`9)?p31AntB&KikMJ23>so z__2k)nE%z;U3?Kvr@7x6o7#lS6IN;Hfj&FctDrw)j4BD7^F_5g7wfrcso=xcEul{$ z|5m>Jrx<+?8W9P^T129}@@o!`jw?(HkzNnU@Iyf&$owPZat&}F_cd|2`l$uKQ__3xfpI@q~*!eRU zj8O6KpD=uC|J4)^ow{?c{~QesMU8A7NNha3-uCv7pFhVv>)3Wr>am=C1$v$O_FrXo zb~Zgdy)pvE%*y)G#C#}6d2_T-*ki{~U0vPP_2~L^b~aP?0n`uM2C8M$=O-J0i+m3%fJ@GCs%wz&us-$vz6s12yRXUZHl>v?M+nbY&Xni-N%#TYg zb``5@+|k|+1y;@aUnV&=WY|oabDxt4d^5>^K0~=2J2>K7dj_O>+=l~U2F<;zPW8W7 zS4k0C=LtBOu-Y6e-u+j#+k!7{xSjI3KQdcP_{l@tlB0ock6Az6-563n`vlgm29vP@ zeNC1#&!YkPji zYvHo&PH1j!271_&CLRE+fuhY1C}%@$1(dFxuhR&uIuw^YGb`(KcUC;$#uxfxalTW# z+uPLzl&nkF#P4`F0Cl;c!ky-Kd4d+$WBJ^zEC4ucEiFQ5Yr3{d@gKK&I{`G_;8!d5 zl$?-It6u&dp)4?ERp{xnXW!McSxNhO)LIlSVr!^R!L8bkG(l751i~F8Cb%(uEQ&T{5u7Qz(k!XW& zn{qe>!E#}75e+yEvGG!it{mm0s~F_VLUzYnA-4)P3i05JojrxR)5K@zouJ>qiI$a> zEiNoz;E<{%W=de9nTk_OjVz#so7V=it^+QX<4vHaEG(U;FaE@+ieW*(xRCJhu2D{;iM!&tyb?T5~-RUZ&)(9(hREiZ2aH#&qWFc+VN6Fr9l zb8JMH`QA=yRlr_V+D`zz0KukSui^T{;Cf8)4Am2OIX6B)to*5oo{d`Aiyo^-;kF%&m@P+ztYLy`E6HRuhTIojcGI97uH|VUrXzMb8dz5j|b8~lW6-) zsUJ6z>$*Kj1mRJO`MP0WBy#iflR!s!mFz|}2`_URjVhSnQ2Obk*acT1KOU{r8NW9_ z^^VX*sZ?W$?+1cbu0bfWv9SRz33WM(+G#}Hu&^0t_cS5`6ylwb*8t3f#O)2t1y`9q_Sz2YyoQeHRG01cjbM8*rkQ(avhy;7VS zA+N*KFBbZseq20|QXzMNDva(@2dpGo`Sz7>3`C=<>w=gR16m?bLAtYzCJcV#M@tt}>_>v)8P$)SaX1!xWg&jzp0l)@NLfR6{l z|BjN9Qhv90t;a4qJoDf7&B;H<>s(;bU7N>bIHADfS05NS&o`rAn~Q+H?o8JzMK2wD zi(jnKp}e%TueZwjSYCX$8OoWi^>75~6#6^~v?qdZ(Tc4-dBuYD-~stot|Gl==li?& zp{HVEsX6OJ&vmR3qm2QmNOJz$T=T-E4NA9}1Ubs-&a}_X)p?r#1v3l=V`Q|Nsq|T+-d!i|uY$Vdv(ReN;q?%#P2wo zt7~((IS#s0XS_S#5@r%`?FRi?{45MfPzU#RcXxMocDA=C@V!Nd9p28N{dkF}&xwqz zEbbHTXUxo45GKv7e2Q-6gGSv zjzfoLdsIQfF+i=%de^>!*6bDPqXS_9$)69rVX4#ZmEZ=HcAVbNq{WB|d=mb{j>pi)i% ziz5(?eu%#q04jeyT5}+VNuw}`)XoR4yX9p2pHlQQ1r6Xt#ew}E0g`5{cPzy-pBPmv5CGhF2=VBzV_x0WT7|`d%ICi58kWIPmOih?_a^ehuFlv?N zHyU7FJelgfkq2^@N&8BWq@An}wV}uxfQ{7*gP53}{xoYq!1rtq*wlt&sM5=qhBdA> zmnYkTpFw_i1ES~Ao5s@_pEQu=f|SP&!JshM{*`X5*o2yl?A6SX?J6=Tx?ud%6P^YT z0D;pOguR84-Nz+6>U>_jh9!0~ZU$sP(KhWmq?{dxG%jQ>{>D<~rfVgqPIxUP8^BIV zqeU;lFzPY7(d_o?TvAf<{QMmF zW}APNZ~d0h&g($$G;?0A4`j7n9B*z4b71m{oNe=l6w##x+?<0H8Z9uB>H6){(`k=c z+(&y&xQ*vO-ZbQX+*`*DLEgVLdpaORQLuaiYgrL0)pzd>L{Fy{YmYbNoPr(2kmH~U zkfy!;sV5gnrakK=`9re#r_p~etoxjv-v0G}v}*qUY4QF4sTs}eYF_0bnDTxW5*!z* z6)`QHv>^~At4=68;Ezdjp^BNY`R8~ldg>{1*p%<%^@rR*@8PGmFMj_5ll37%bvDbm zcx>I3QZUBjz&E31eZZrzp|RM8uILF(h{cQYNR>|n&lJ8rQy`R;B+!c+>B{sk3nLgb zT4n3N%{;)hl%6p0#Qwp7n;m-ZlU?41cEov|v7>j~_0R_!n~9nHGWFx+F#%i&yf}7z z+x$Nv1_e6#t#7_Q3n!2oa`juqrMcJ7`6`-RCY!7qqoQ$-Pz|3<3m1!Yq+sLdKZyu$ zd#Rz;(%EUBRp(^h*u&g-m7b%JLlP_+oR$*SE>0X-bJK4@jf%v%0lX9qyY~@XLUgKN2S6C_r6N%ttH))oD)!?-Y(kpr3oR^P%SGL(2#`Pi{C#qw2NPL>#8kPuWXHcy%WaI$k^skC7hz7A9tLjuqmvGnSn71 zW`f0e8%eYHRC!L$tp(a`F*DM@PpCYgyc%lckaxiwYh2-`~Tw zGGtOU^t8Qn%e~f5Ht@cP)L8ic)3w{e6u4_8>e||I7ASsc+S>vAxE;WhDc_&l0n`i= z{PzH)y2s|&W6K`}@;=Jglnb^~a3EObO~CaCm}gFRfK8D-;$$%yxqISM>sd}0qDGHy z9Q?%7AVe(@sWoz!@4q&iq{QA+9G>5A1RGB*1fIB-b8jC?Ss;D2@t6K&B-=#-OzmYK2@OLA>{k>%r!%^C^D8dy3Vr{jylYPQ>8z=Uz zpX(Ct#;^C|MHid1zt)@ix)4_{B}S;s3O{Av=Yrte!(--aM{LJfb9JrlS|TfsfBTxa{57xOxXlG3 zU1}5O4pplc-pr~ci9V*Lcc81En+pvw0fLrYb{d`bL$;hs6^{Wu?{Vc)TRr$6FO!z+?e9k{DY6eCp){Q*5pXOY^-P| zwg<~{RA;zQn|xL^{t!OXBQzoO(?*Ye{)N**x1?&Rw_$_BicV zZM}NUAVK6hxzFC&dG1ZUPPq(c@{1SyoFBK`Dpd%thpyzUNT+$sJ8K_s2tI2fY%aM2 zRsW6D)}Ao(tTxCmg7z*EZ&hmJ`6ro>o-Nv~o24pS0VC8P?d@)|Cy1A2(vC$bC^=gFzH3r7{{Y z={glrKF?KgaqnuT0YW*Z8buqH(#vcggTJ9kxplQ?YLzUc_G1dXn&zsPGRCt)j`JUQ z?M@S=WAvJSzqCrJaH` zT0l<;l?PZetd+I3TJ!UeGv$w@)L}{k-4*;5z_ku3cQh}0c-#qeOLAv7sZY#Ym%Mh^ z8O@$P#K-@YaK61WL~=qoASVL5j{`l!)GB-b%Hi;{Fm^QRdpn;smeD{XVg#<6Fu`>7Vc!pnhT31u zYNwQr=I2|OvbK2?(i5glAChS;*QedV=Y3QNDGx;`Ii90I5rJ3L--VwrA2i#FyO|*;{XlTm&BgRZc<1i&m^z=OMXX$+sOz=$6USI8# zHD*G?OtipdoK~W|C4wBL&^H25zn1J*(N^{Q%9|aw2xM-a4GYa561Tt{X83AxVg?f& z1Jc%(7&`iuT_+&3FHlqA@EuiacgavRiKZ0Dk$it(U=ptAa-WH;+XGIQ;r$)$}B6Zg7nY^UJyr-iO`u^M0Of0 z09CdnNF`_%qE>!eH)z&R{5~Pxo94Yr3%DL2NLk??hG+= z3w3MhElqgOHGg&GV0;l3X)X77SGDUjr3<5p6i4EsqN@BO|F(dWdk3{3gS4h}iKMy; zfm9x{pe8~9@|e_LRH;u*4jQjgBQ zu0Gvqv1m9r4?R=xQ+yCiI}yg3N;5M%y5%^{%D_7A$slUA{+H+XKTqb5YUK-VPu4OU zQd;Qj-^l4uDQh|p(BxO;QmUMm20i4sB&Sf;hG~yP~Z!8uc zFLl<^E7@;u4a!dH^Zwn9&7d43{7k9Gj7{XhDvt|lDiIOOCeEGd_i+RhT9iNSVLKWu zIQrYo%ONsoGPkx%@^*KMfrg90bD(C}CEiHxYkhV-FQ3RC2M(b)M1{X9h85;(FSA9` zpI!ybf4UDSQc?`c-*x2`h=j%mX|-OCx93n47EO8nP%a~lP#1W2F$ibNUC1oB7G}hx zsJ}M-yAy*qV_jR5Ycix2ll~nR?p{5$zP=h06H`+e{x2qu5h0D0!K*xy)lSFAQ%O-DD8KW#R=>j;)vFh^o!= zxx6>~2g|ISE2go#!-GMFbjEK*C#iMr(q?n#F^7L$jX{#XTzF&k+vMLa&|X_j;b&jQ zE^@`@fDknah0lC)p$M?im)NM6WuQlg;7VR{o@h+2db=0sfaUzv`Slfj{NHd%Z%2Zb z@Vc*W1Qbk?Exm$yg_ts*v|tOX8ojE2?bt~5Hte|3=CJmVye;9;8!2e6Fv>EC4q-r- zgop?G*Rxp6Wh{jA8ola_8DyQEZ{a|S!Uq94y`=o$sd+`%ShC%JUdbd|q z7PIqHQ+&$JGyaw(&xlRF&3KV_8#El2dEFPNQ7=x4F5|HDJ-T*BtYFGc^QN0QeR(}o z+(mg#;_YEWWzXBEU&q_nzU@Z*N3WiTVV3L-&s|93--53-0_mAm*!fA`=M`Hthfk6R zmDkQ}<3q&efJ5NGQ&&5aJT@PNaFb zb)q$buOW+x5WgmpYS^Z?*iJ05Oq3~;S+;C?QjVOy!Er37LFU3uIlyyL=B4L-1N-T>bsewUq3kF}CKv9~j}ow2uW2e99wu$?l;#Ie&Q^hMA=7s@H3_xz$zo z#QID#OpUmV|KfL042QkA1G#QbQ9*>-ejBk-KJK1>%n55NR9VIDRZ<=xsy)(n-twB{ z$tG1&`<|FY$S56|sp2Vos^;$Y-Yw}Z4iE^KzJWn&14U^8mKf7_=q^k?Mun#{-GQo3 z9WQ5e8;d7h61l@-$<%Z#R9AI$q}n&c`Kg6`kIr)$k9Q{=x>h$MM@d5)AI+51HBlhi z5B`c+)rftt3Xh0BdI%xry@F%;_0|!;d}MU-xzdoG%=;RrCs^kv&HOjVCO#SYcDe2z zQFYpf#5G&z#SJIvBdmTG%gMM&r+S4sd3_>-*?x=cJ(YnucOYf;Mm7|k=;6UcIjdCA z9yWf4L@WUfnuKwKXs$#AP89K{Cc>5h*0lIo4=!PT);|aevwEj-Nle13yCIoO2m(b^ z41pAvNS8vgc?PM&W>dGnX!_fH20R}fUzz(*$-f62hH-S!X2;|QFl96Jn4C@tOyzhU z>mPaWv20JumdlF!fnC*JtK6m8PbGKr(`{_m;clxOD=7+H!&9=wqTa>N4xW$M8}I#_ zT>6vH@p$)%V98=-J){4nnFmnI%Tw#iliUaQ%$$-e)te+kyQ+h01| z+lmnaRc$-;^ZB`cH9K8bYMgUoVBx2pJW9<}Qbzc~iP2?R+I}H@P09c<-QLvUX$29w zdncjlY0+ma+*6AzYIX3OynCE04+uanjl(d=psh(4)0HjR zbMzvVkH7EG-|(u_Pr{ymyAWBEz}V=Q)&< zoX@m~9Wl`$2qpbgoNaON)9Ma3H&&Y8@nMbfKk(4f#M|4q3dc!o{C{czRG5vDil<9Z zFXcv;Q+)8=&Q@2Il$iczOW7rzavZGpixWBH(Ba$+8@vgYpS{>i`W~{zZ{jb)#s04A zq(1G&QSxwUJWrE~N_b&KHlTM!Mk(*1v8?;4{TL<`S2*K)@N)D}wS`U8!TWl#)!2ik z2kxI#(C%ftE~TakG`Dr(3xdPmAbHpjkD4@?BXNh9IM)7Ys7)G$YU0m zF~!Z*rxHFVz6bTQ1-7ZT|8Jof$1_?V@Jw zts>D6?xsY@Q@!lln8{&-SYK7fS>hI$4(b*n;b6^_XCbrr=SMSbn{=P=j}o0Io<_Ue zp#k-W={9f44a{f@CIqXSbXwY9Ut?t)9zHP3OgB0lZ|&k=%d%XgPN_Mx{w!Gjb%2Zx zq3kwF%>bu`41aw=FVKg5;7%TH2&ZXhwKVGXGCzQ6>c!k$HNgVDE60c^=@ls(Y73; z?bJ-rYI(qv8zIm0!afe-ME$0t*@-UkjzW`v($pXEb2oORWKPt(Sj z>itEsQ=Q84X^C9AF%gJA_hm!xrHS}aLCw-{5zogA9vRi`1*BPwPdr{#t;d3(K2?-s z#v4J8{UxnH)BMB_w5^+OJj1`?;8`PV=a%@`-Wai;*7W#%B=Ei(u4af_5XzRJ{Pm?T zT(W`u-Yzw->0V*)pK;831+U8(!2)wLy^Is@vJIgXII|YDfO{>NO{=t>2YMjnT_`l_2%V+(TW%o(ZB5c-LvFToS_XE_{HO(tR)R z`@Ci2y}`_=Hio-wizxjR-sy(I5!2MdeMkwn(#5&VLnV|TF;SLl;Gj9KJ5qI?Er7ZLjjychAnU0)E zB_Q#$UWK>Ft2)kl*fw?6%Ph;P)58 z)oTJB3g73#$wrpyQnwDlVza*`d?bKg)P9jxkFDvE)r?)zdjKU1xP5-zdQ>0+z4#cl zqObgQx?x|k{^uP?>IZjHysFrx_i?C^N@DGoMdFtkG|t=i%u4b(Ziap@zvD@6S0dJd<%gg{pDlSrh6&-ce79HJRAN?vij9VUE1hKJ@`4l`cWWP@^qO%y&|$kw=v_4ePC z>gsbxWuH4oVM>Z(7IHiy4<1<~KxltW`uVkNkHNu5!m%okmo#C0OTtDD>T~k= zH8wYCPm)b7Jry*yM>a3y$JQ*8dVgl-b?fe=C^UM~wwOgI;yDsFV>9S*K9cgHXf1w4 zA3_^4y4%!I_YEJya()OOWAibBj}cK*;y{TcF4j5%&NGSbG>m-QXBDed7=h;zy6_ye zCR5F&XcGCyPeaU&JMRYe&po|e(CQFXd)~z|>}G}n89E}lU8aafnXn#)ykSzK=jo{> zMO_iVixw|a1)0}OOjzH}R=P!4DmaR{w4KHK*EwZ z{fSrEx$?OrQs$l?Gd+PGdQJyQ*Wkuckw0UUqnvdg*km4r@d_aY_?TD@NSXeUh}a-A zZH*^36<@$^(+c9&z1k=vs>>@6jL`|C^Z0YsX%hPf8#8>i^OFnYdc4Zo7R5-zbvHV~ zY*c*A?j6wa@F(%u!Fn^#LNsCWkF^QP9r$?}Lkj-=y1of$u*6e_CBdmno=W%@Vxip$ zG4v{m`0_j@8fv{;L0=p?0Mj-X**5sg4EH|$)d6yR#yt4xv@Uf-WcXIXBeyjvF>Q_2 zA?^pgOK>>@d%fuJ$1ial)1QnQ3F`k!u#LZ&SzEy<<}IHR%TpCJiD`|=!{h=5t91S$Oi z877loazG_ruYz)H-Wu?JE@wiIAF|IBW@e{=FuxRD_A$fB9#iiB9ag}2f2Us~x<$;( z;*9e8l`&S(CRUe1Chz>YM*uSu6C4LWQD{C6*Wly_B5p8qeeb=|gEGzFwXN6n(V!F} zElF@-0Y$oKVofH?C9h&K2rD$&v@|jZ{qbR)%`9DZF`;x-eoR!9FM-otCJXbg^Lcq> zt;o&EC{$u`Nd@O0#MzDbzChbubmdAOFYK_?1C_knu5>oL=<~EyTRfYqqjlT7`E>M2 z33}>dRN9v4H-QI5KBA>O>Bh_&G8#NCq6?Yy+bYfc!8P#JvGL-&QL{rxaa+F;XUaDP zprhT1UhM=rpNQfeQe$rPwnXX2xT8!erTsX$vtt>Jt19Z|#rYEMBzg2%-D5>M7w5zU z!n4(h%-pp0J7bP#3_>YI9^#2_G2tus%8;GY!my2**U>}kminQu*9syg^7$xSgZITv zID8MjKFkU|qT>Bt#rhma`tI+)Z!eD)axtZ^THb<^;|t4<`9DmH%5RezPP*%FhWPC# zu3Mu5$XXD*s^wyrb93$ePoV^u``VX+t6bD|m{?!!P}(I4O@n58_0fYUk?Tt9NFI!~ zpULyJ7HwpVA#R)BxYyq|#ZdihBj!?89-O;S zZr^u5aTLCp47my?iMXv1cc?TxttH1sr~OyK&Ck~!jj5Dk-iv8BcIt$&XSnE@7_XaZ z4pR^>zCL^{e&d03%p6+x-fa{o56aYUN+%>XDf2s9(QJ6aZf=a=^|+qS3OiX#n94FM z<*;wBOQ`qVR+%BFb(>90n&k6Zp1|S|&AKD8*${Jtj-}?k>s%DhTY`$yvG;^AnYDsgY=|gp;v5x-^2QmeHkGk;oFIys6~!dqxMDnfk@9_ zx1P@~6avCk${(Y!JZcQVzQFZdmn?$juWfj8?Mip`CypJm$$Hr#nN%y)?4081I>(90 zyQh(BccEnS*CMU__TX_LIsJIfmEHO8qDzd^?S3XM3`iwe=yJ34_yJ156vvJwLCPym zP_IjHfCPnR$W?K1;iBH;gRW~J0qHjNz%fSX3p&Xly2(N8g~pe+=KLbUvyE>5cXh) zrvE^(O{KXpdvuo=@BjQNSbZK)Fe`YN8~KSV^)VY^&k7;;WmHau197eAGM}cCh+~Nc zjyzAY|Ba~^9V3}n@NrL{?(#AT-qycXGV`fAzqAgf3Wtf16`3Xi5maA!*}97yuKjGC zbKQ&<(5uyGZDGNIf_UgTDYK)fZwQSTpdIK@xBy4do#sdZZV zowShI;_~iLw|M$uW>x%f)cl&uO4NTvhNo~pB=h)2C6vf>fELj*bFmOrS9gV0<+`G0 zdDVZ?!=#al`nWIO>u&U#(oWjVJm2mjz*Z zJSs6_lE=zCN1<#!H=-^-8CnZweL9}Kt!1WXVHfINfA@C0bk!v7=EwfSxG#U`$@{`y z@#C!xC`SLuYU}&)&bgSBj+E&GjfAz%nOn;To>gL;-PuyFcNBePxf(+^dW~lLorTpZ zJK?%kqJlf43<^J2ISiApha5RX&Y!mZtTWdZ%<^aA3i|rarCj4mfbBWy^zVlnSDi#E zoM_7rvSD9yg(~6q1Gg{xHtIca7}a1d0zEsiL}eZ0*?vPtZSRgfSb36PaLu7epR`&3 zd`Nsfn~~8Jk}0B6yWnPnctux{ayE;m`7=2=S-+9;-@8nWF>PaAN%fuc%(@2-@T-#dH^n)Uc8HaO z)INwyPus$(i5~vuWz)Wf+S07Qf7aR-QfBc3sKNn7^3R?<8@K0^B-mq@2-z@NHh84H z@15)}@1HZ2y6nD`2Y<=K%Auc~{zBB%Ws+mEOq242Rr_R+)v-i|?Cnn^3&~Ql8?oV_ z7FZu4=JlJNkp|Pd2soCkb9fGFx=)r-oF_WSry@O>5z8`V)_C!(50kAko{W0vCV~v& z9S`=q-aCQJ0=)!;vSqFKqc+F|_a!1@u~qk_Lya#3#0FREm=oLVHHP1k=1Z(P!ERL< z7!Ef4TlYMUgYNRp1DMgL2or;!9EW5PX6rWS0fT%(hkd%+{t5zF7xJCj*JVa4;tMwqf_ zRY0{V_RkP{m&}Px7S?t_O;5o{wQ}=tbFbi9rZIgd^^;#eWhQTLm?7Pa(+XW52 zd89smxzhhk2Ud&ig3X@I0&g>qSp1$o>a69xF+W}FE=(rIV!)DH}SW?YS zTFuh+8GMVMFSqhC`hdvcs(XfzQX+0#W2yVj!rkhGKnCW7uQ<(^ z9t#}S????0T4KUAh*Tw25L@iS23WH0o2Tzz#5rZLRW8MFBF40}zPRKtaRe_%uJp?^ zk!G5h106is(#pN2WlZo49$92@5%Ifeu0n zD=ejz$jSq}B^K@DN$)YN7V=L``$5cFCqlg18BC#;=%MjPXg)feiKHs9P^MCYAwu~4 z6CHDbuWGQCa2yVW6(@c7^#|O*#_DodG6j<%&bob}^B``iA3Ex=E+t7EMuj*`6QyP+ z+MaM&%jPzBPxwl|93qE63an@kFrYb^vMpyc>kzdNOY2Z8fv=XHvp$-B%n>V2q83sE zICPwKGF%kLW2;n52%?@09FB)jDE}JA%YldRH|SZ+0+QGV{jjz@jO&9GOMxcRW+#kb z-dEZp-ZP{s2e|$H1*Ro(`_bqS>CB6=J2Xqh3JQchgRFhwmJ^$UTKd%4U|avSEND~4em~wkdQwW+4}E^UJ~{=Wlm5`zJPtOL3BDj z>cNf{oFb*jW#N_uPoCEQ{jfm}5Vw#Qz^C&%L0mzH%R$CGhA&${aEp>85EFRTMcgLP;wsSfM|64}iu(xZUL(X;M7Wz159wd5na zOYZc9HzbK#$MN5jJ;Weab}6tPr2fko0)#CHQz(^DBUI+8`_T?xc&#THK-jG-cEN=9 zJV9$B>%E*hP7AqSlb+`NcW+yLL)35>`&s*Jh-V3Z3G) zYsPDJb}5+hkb#Szd3{`IBtcCP0sO>KL6PjuZ*P@{qxZ{KN8)h2&v_{I5YBQl z-Vr;cq2?z8Ibo@5d|WBaR;LSzTx&cYrg>lwnffNY?D@?k)S3a|OulY2yPu8ydI)YqchAYN?erUr1sN*JKt5YU@5YbEc)@|t04}JV(X6|$i zhD|_!H$5Cqu`SLTVN38IK(a_PM2(e$D_QT#C}iQQHxBxpA?+&ubh6M}STbW%-y&>I zy#?%{Jo+Jb??7Efao9tSKx)mKxh z2yFuuc>h)5*XhVfzHwXOXJqr^w!$wPsau$)xuqHz&^^myosv z6?Q~?3ApcWE9~%i+d+jLQez~)B#j9UFXc zZ*S;@_21s0HIh$!NH2%k6upXY(c2U`xBBGzzQa8FS%)scaSC$?fkg0sZsSkDb-ulg zo%he}ZLdc12@VHfYzhnMmGDHinibzsTGg8;EQ?ipdwX+prezbXaM~75LhXxucd%zV zpazOH|IC8UI@~t$nfKRiBkCjhdn%TQ9C`&fRuzton>#98(PR~1e zicra_BkN7*6*RPY1qG`WVi>evsjZq|!<1bp7!{%?>?>at>g12u^F0WX7=jru(YU7k z$d3EIV`TPEn*%vuIy!TM{Cek)rbNBnn!KyD;1|2^x22$TAtkKO6&}f|U*Ne5rBFr5 z?=~K9_ab+6i^r1UdC9WTO5YJ z2*7ge;lrsDl{8Lmv$l~W zvG$yHz5ye~XdnYKhV|3cNK&_J7jBFlnZJvq(EZa_ksC^2>qNHpGoYo?h_|Ai-yRL4 zF0?}0@rU>@htMlD4PzF;o;$+ z4!_XRJN@Kjq{ZcbUBZ2P3Ba4BLvg|*BFF`t(jC1eLjC>=GGF_feR=}m5klyW@K*lj ze--_%)eP4AoVG@g-1i;-Z(iNOwV@=6fZJ(KLIXg6|HGw+1&s4s_dgAN4QdXU;1(0V zF)#nCT)02d0?;y9a*-^Dxd2tTr4}fKTnX+;65IobcyalNGoIbu|6=27-s6yRJ{1u7 z74!sL8K0PF^HUE{d(RXo+D7zeY>B{C(@cO}H#0LE8XSD{=FNsM2k#;fI<^R1!c zEWB2GQ|{wYFflRp=h{z}=K)OjIKH+M9vOKJ08oG-Jr`{3vE(6(WbGQYEh>`LuEGRv z$fpnm*sU&iv zL&ko`BR_sH#dHi;*y+~0V(3sYfcAC9f%)dm>GlS`Z|QN_-A(*R_+!$SXfz& zT`NAs_AF&hdYJ=&Z5zZ1pbY`amK7y>GXA`{F4JZbC=$A)Q?(&r$Dl9C$szzzL0#_# zWHR-p2#;;MGcquME?gh24@Ho0@Fn$-^E(W$+7JKuib}r87j~M1KsCn7M!;uMu7yOa z)I?zqhZir}K}V|tP&a^&Jq6f#@zZ_a+rfJi%v#|@Hyy^moY26|m4LIG# z@$snz-!0t=n^hlhzF)WxR~qdBvo>PqDnJ2nc0jQkms$2iiQkZtlM4gP=~aOq$N?eK z!S4z@R=rc@Hk#hvH7)ad=mEH7VlD60o~GN>04)Jyq!4ml`x{9vA4w*wJ`CRUfCqtB zJZwx=^Yk5FBtO?F=yx~qBhCt%Yn*~abDK7B33jhH>gmj7w*Tq)> zbM(Bo1!xO^p}kMG6fkW@kVKF#&a%C{uY9U1Uu13rf-%>N8+ zrrsxtN)&9tFm%1kOFH-Epv1(&>geke2Nn*_(J6K(@$Ukp$fEbW>Io^#x*t$SK$~-3 zCT6aF5Bj6bpcxyDG>+5KP7!jmefjbw0Pw+U2p|YAY|$~E#l>h$PYrm6VUyErlmh1Y zzq;7!zjyEBfyU>(8$LXwah-1V7Xw`alb)-bE~{sXwz-?kP17jN$!$YtNY zkH1SprAQh?B1u-t%)W(`kxgbsX2=W?l@b{ZBP%N_D?7UqvLYj)sAOejugdqhbbp@D z^E}_@_xXN*zdwHOKkmAF&+EEguk$?4<2=seT3&wGXg1TA)nJ@M@}4|S9$ZUCdioSI z&lVUH#nv7A@udp+$)NmogTm9VOSHF{d=@vU5@0;bM-@-5qX-A6Mk^|hRwoJ>u>Apqne7Eblo9y_1A zfnN`>gHR#L()Z@ z*8Xd-K|Y>tqlTHPNlk!#=_d@Se?|n^d(1!-RupSH6F)r5pdULzO-=2{xyNNl+Ny^dtw6#d#f0SlBHjYa8QI~fzXj<@bx0=T+v;R#V@|w_HYh&9QfzO(3DZ8uY_gHo}9SdG%E470o&fNnlAmauN(|NvtITEi%;`Pu-oAy3*tj3 zeIJQCPO#E!T|uBulHZGzYn~0UA4yWgJCYKAzF3SOB*ULP*HV}82PuHjN}Tw!-}ird z+I#iY1)fx`*%;>C+_bnu$~b_Rpy=g*%<=(%KL z;~Y&vlDvy_w~Ch(78Wj!ThS^U+_!#UlIiBl3pv`jDEKryp`&mE8Qq2lGuBj&Y}T5D=*Dli>6*=JZ=MuISHj*W=Glwj2tr|<1)6%`e^xziYY-?3wdRJ`)q zr)is*^v?`6PxW*dKa%9xP~UgTKVdjYoIBjw%F4>j>~>_f#v=t*-zp=XeR|xTuU<(p z-~U*CwFvW|7#W{zO9>8oxQ=9zgK+q{D4n0@`UUckN?-q|yl2{+54B)6U{C+ya7p&k zaGEL4K2}!N6A=pB;cY{5t)r>JN}EV=)r%hD!L|Q&FsUAtBhx_!KN4vbU!Ha{oY^VG z=5LI*u&Qx~?~+0w20)Bzf@G}Z9Nv2o)cUnj9kN~Ix8u?#*R8_}9-eV4C2iss z5O6{CM-`03r?0R73E&?FA?0Od!)GT_Vz1GiFuh}J5}{CYfrp%F=gyr{@%IdBcm)Nu zC|58GzkBcAVEU7)CMlRu#yIjpDvMZiq(N$G>gD-ydGcbXkygy*b8&L^n#Pex7k)l_ zyE(24I08Zb$ez1ih$OJbSzcMm)+zW7e1KIkyXo!Qw+3gCam1Ey;gOli^-G71=ILpr zGiPXz8*d1%RkJ+C#T9enqJMh&C>*7>Fa-t%R^8q{+Fg*2br}@}i-jS~wGRx?$RJ)c z)z$gc_TRdF`+W!Tz!dt((#(+0y|$EdB0@qLxFDTS`IRUXF^QN7{N>=_@H9L77#ka5!(zG;3 zuD%G@1v-(ft|OG!Jn@ zF&z_=#F_@_C#oZl#ja{*>QsNZyn|kdikf;l*$rQL|7DIosR^s^Na$Jkj9itv12-$I zt+>B#>M&{!n2L+XR(dQ=;}n*`MGK2}$JVXOa7h{oo}QVJVOEip#2mF^%&|u?F=7{9 zkOuZdD1<$FBy{10_wcYqj<%k%@(=h6DbsW;H?GT{TAVWROd*jXjbbPz;i(~#qg{qg zays~cCpH7X9y>d`YH!@LXZIQg*n2Bby!xNYQUpA3n;pI%92|VMG%0BSRsk4OpMfh9 z1q_w|AaDU_w%$VQhaZ4RUKg->eb3~_;p5ilHm~?ZDs{yHB znx4=-;oz+akZ?s?oAAcz9lmyo6i0?#5SedUM}7KqEj-XrN8P150fVYXkM`Nw*)6xd zc_TLvXjtYNKgE-t`|aB|lm&U(k*lAuC9rt8Pn^ij$+=H;0_8zKK)|zSJn*$ZId5)i z%2o(N3cbo}V!^e#SjMm(8M#{8!V2VK`$>4$u7`U9_r(<$z}5tgZdhFY(g_{uT1B6K zZYH_PE6=RsI|5G+K0ftwefu67XOvfpo*~iE^n3Qa_XzgC`tq_+G^{Pyy5X)NMSk?y zu_Hv$-0}9U(v%7S?(U`M&!6)#GJdvscs5BjjSnkBOspIrC|xW20Ll|39#V@4mVex# zf`WpPk&)}yuP-ZYklg#t!A()I3BRN2)hl{>`fI=DwA|P2C(Ul;XY>ww6dC#c{rm0@ zABIJCl471_WmN#s!iUGk#s+{-_x$;^$pDft+o_XITaEv2sBjy;($$>|Nh zxFKX$xN$9xx5{d0>}E0@s1L<8%*x6_IGb5m=)9szVz?XM?g2KTy1IJ#EgT1X6K>z$ zBqe7{JhHyh-Xz8CzpXm6ar5TN`N-2GQq^DCGhIDB9FL!__o2$s{@9puNkA9rZq%bm z^aB;Cchjk~C87?KXx@s#8QWY0?n+o3Q$0x;X_3vZUfpOiYmO2;#>{-7HB*`_Mwphv?_3WvApc=pMdSI%b2(QR6&jPkQFu{ z2tF)&`7q9R7ma1fntL{qyyuVn|CUahHu9awX6T0F9@2OJ_wP>|G6J@|CoW11V#PZo zp4Y}xphb9`hLyd%R$>43>A8K?%a_-CUvzbK$=9KzJ6-t>u=H4L69Fh(A zJmtzhj#UXW4SQ#2&&3~1Oiyxh>_Hx)KEu9oc63B2q<3@nc1Aseb0B))7$09gR&7?6 zEtr7jScxM((Fpx7UmATXamG8E0=R{QT;Y&4JK8M1GKPHg#L#Q1dM`Kw^$kyEt~fd- zvaz$W-llqR|Na-K+>MNO9yq}Lu#TJwMd9PekLh=uK1hYqEvigMJ`w(uc)+g9P>hC4 zRFt5Wwr}4)8-y2m?o={?Z>G9>2tY$@^TPam@&Y?I_x!@b(3ERXP!MP-jm8glmA?dB ze|$b}Qp0vzwrKKGsg|1%e)=(kvL91Z@tx~Cd^cs^T3aL$i1n&8{C2&f1G3iEqbLgB zWnVlI@ojg>@;lYDXX_EcLUjRlUsYB0xeYP+CuA8`isNjTeCq660PF$Z0DMBZeS2ub zfYS;f52`o%{rjULBTI~`HVr5n=Pcq?@T|Oid5xRZ*N>^8_wev=aC96|A)*4&n2_C-4=CyA&^@dZwf`zDBU9b?dtQ*scT@f4OM9`m zBJhP>Q()7h6M^aD~=oLFucXbhAub$r!KW2Efps+A2JNt+a%sqvLg{h@> zFbIc4MXkiH{;d7@Q4}lj-5hq@g@wo%rz&y^r9kv0y4=FY!=I8UBJQ+dN z`r*Uk^nkqk&E(%3z)7SaeE^%usDO-N@qzZnY4p9#()552)#lB<@O)xBe*C^T*CeV+ zpxjwg_RS|fm-DADgUupm3JVKEIP#Um78CwBq}19=<;*Dfh5YwMBV;rd`I zxOh2C_KF2EY}~LxugvvbZLK*%2+V%emO{jL<;2B(#==7e!~?uSV{`N5`^>2Fa!=l+ zysk^jw+afJ5fnl9+`W63nNd)%C?SEFD@Do(InKbq0G@Lnb1!c5-1H56#!~i^loaca z9BgdEIC)a>m*LJe%lx&#x)ZUqw9;X?CEnkEtGkJKYmHuD}Ru&dH z7V7(Q`6jhHss;48i%Lp#R=%)Vn_1+81M2zk!Q$kLAhJ;+S-uU}FQ~*GdTsUBf)ACW zqobBq=U+EB6^Lil*Liq|dtu#R*}H+<1UzJ*p_v8w+r~IBG;~)w0Xxe-AyU{7@apOd z?{)QDCn7ijdhu6)KjWO|xQMVPR5@lr&ICk^qa%29AX;hWcZ4eymeK%OsSnkjyD};v z(#)1tLI~tARPvvlo}R|uH@CDr6S7rkc{#vL3Iq^9q#a!1U@+JO?lJz}wSCN2eQ5^xR|7k+Cs=-j-rV^J-N?>ny|fLVN?;u~5Ze3j5%}gFRP_ zLe`*xh>5v5s=#XFDO8d%k&%%xF)@!GrI!7L^C@$uc6CW} z!J?l;ysC~r-JalZ#PO;by&IYwjw zl=q#xcR|m;z&1m{LzJ-a_(H%`fJNKUqiGS!@P>*(bd~r$6%4owLpP27VsAP!|LU)Z zbp#_1!t)q6w~MoL43E+Jn=e5JpM(Rai_1J9IiBuLzP+kL=bK#i5-v5Eo9*Zo-FqdW({JLxCSB;OZNEjNkht@759cn$tn_Q*(2ur&TCl4b7mn#mmbJ?DQTUV2q5DBO`Secw8nv zM%=%D-00N?WKbuLxhqSM&>m(;ui1YJnuuvD5l%SbZ z{%)sDqV$O8*4EZm*cnTBEMC4Z_oPn&mAr3Xmgb54El;e4mTv@vp&FP3gg<{iA|^(E zKkFv0xNEOr75cHh9>uutty>X~9etFbN>b8@$TqZ2?M}Bwl51#a_}oLoEq{8%>c@PGS0ccf ztc(nPE-L-TzCOdgGb1~QOS$&mHm#d<+pD=^US4>&cW+yfoqF+!n&)e@V)+(yX+(Lp z$7SBB{%R(EF|P|;g29mWpe1+BW`0HzX;{(1!s4{hl><)yj@m2o;;u*Q#O+^$)Gyxf zJAbnEy|Kng2B7<&oSY0AkFZyLZr{%*KKG|Kd>G~0d%dSl zt$p@|pTuUzXGsuGa~YYL5q&nS9nT}{NpZVBrf($09lj0L+4K#Sr};Wk99PCaz5d@m zE|dAb9Gkze<6uC-0F2t;UN-)nV7RQb#$K78u(@=JnVA`vY)*)eL^8QyEkyckQ`gw| z#1M@S@>{R&+#z2p?h_uUS*GlV$?L~YpX|_D1#=G0Z8>KWt5(CnwA9d{$N#osdd|KX{pgs%P?{*}HdTWo5=y6nPf~ zacdN)v99j!=_L<4yUC0UPWNoEQUJD7u4OGPEhQzwQpjaNDJe&Mt9Fua0Hdk-x({CG zNUpbT$)FVm>XGt;dL@Z;n*vFrWs~WN2x(@OGTVobIQKNXe(lp_mY&~?^aEIeHoK*T z#Xfj~B7p-5fnEW>;~1~J2*?F9YP2F!VTcF}#D4T>PF~(2g4c1I`daOC55=f0unj^R zob})VekVA%xv?=C#RxD;fAJ0R%mnuSqFR8JZi>EA>QUdKde_gWh$fC8ed?Hr#;G z?%Z~;zrVhA7g!_teKI6I0hbHO3jxwc>I;0jQ5U3sxchRkGFAkj0tG&lLdDOYv(bI} z_z{a{xYIvW2Eh)oWX_vz#ir@rI+9b|ugn>-Yd=5K)X4UoC%y0*>8q^t_1*ky8O&qm zmI7ys6k50c(gKWXGBU>E{A%my2vjD4!}XIEaT!z2zg$ds8N-2h0(}-_9im|_C3QoN zMYT5_I}iT8+~I08NfzpE@`<{zMbDsCHmT&oXuWq(eu{Gi@+`a_TTh#lUTDw3>#?qG zq+lZ>)9bFT;<>7?%1U7R2%Zu}wt|ui+k;prdaE8cy|M_So1MT;YXIo&?n3P!el| zJ9KAuY>h!XnblZPXyPW4YfpEra39nmi3th7bw}>Y(e2+q7qf%3&u7anR>Z7(_wM0P z9g9DH`)0bsx2>h+#h1&31^4puGQj7tip3kfu1M9tfB%MMc}`9aJj@Tk0T)ap{*~w~ zgE|6&Ccxtuc;)mB?H?vl?>GrLk-P=XhDSY!N(wtrjs*_6>iYT&Tg6GrJpBBq=0ndW zVFh2ic8!*n7TpFsP}U+t;$QH0^eW>8VT?*I=AN(3Np!P;9+o_=fm1azOUCvF_QA#x z6BFZ~PdI=xDoig(l9X3=DAuc_eUg+EBjNR!dyFO!XbWPpcL_3BreKxX&wLj%Cs~}X zZ)mtW_gzC%Q?@UEBZW^5qZf%`RJrfeO_4%fHMKmf9-tUxi7z?wqzli6?}mVySc`i@ z>q$S{LFB{;*)zkO9jIMI1iXzP2(P@U`cMw%(7mMmtN+L^V*1e^5s{wve^-S)CwV@IZ$;b&`hk;xo>lcHhzAAiU`1 z%a;_JPBl1JKzb2#7=4YMe zVSQiWxfPoic*(GG%AS26%XPr;p&EuuDYi7w+>%Gda?=zM{XYlp(`!0y!m|(G1=rAX zAoF3}jtco}&Lbje{79xKzc)QKMPMQT$w$XcTty$lOud4axXp%z7e)DCqMNHL%aJ2{ zX=psq{6)RrH$uEKpLaZQFmcO<8^Eauoag%d{{Gjr!Ne|to7;&0_jXDC)v=bHekA{M zI{K&d(l(dZ39O?I{E{4#+qhlOZK-h0xYK7D1UWqo1&UxsiMWAm>= zEN;Xm$1VzQ7;q?lC$S*k$seoEzMY(0=<0k%&J`(Wb5 z_0Vcv1J6S=hLMlVPefpKfNb%h>gQf@^4#vL&ff9omF%DtAgpk~i_!9h$OzSE3SLRj zCL^B9ZznQas&e!h7Rd3bac^sDk6^=qNI-$w(V_9qHY45B{kg4Ht=QUy_}1V55UeXb z{YOOX7cV4bN>#!<*T6M8!_~=t*l)($<54E zC>m(cJQYcHf!AH`EAY&B;`?mFiEWrD=k`l(<7z_>1si-4r z-7U5C+z=Sw>m+US;I=wD8ejF$ji7u{B#(ge_rr&3nwsw)9G2JFRk)q@^QFp>ip+)X zGq_923yIaGW(ah@f47RcxRId?M8C6{O_QFheF!7;Jd+<}zxrXV1tfDZ}ebeeQuC^z!mL5R4bg zt#;lLZ_U3lX%Nb_dsycFP;+dX-6<)l!RFX=-9tJ{ z7uVd&sqd&0A7WVZ5Tl3-y4?h81-^Q9Mq)M3xO!``-s8~F>H&w*(NRQdawe1npHSMM zo#rOmi*tk<0*rkA{0y$#Jwy?*swGGP zyeTs?6BbG@30|hBM<3Pn7Pak?W9m?v{b#yLA6$vuE6CRT{PImd?<&U?IoaEH;U)oy zrHDX@iHU|ir8Q^b$i&@e?@*~CY5hD#lH}MaRq=ay6rj|g#3>Co4k#?tRQXw8jpZ)1 zanmMl?PrqQ;lVhmg!E@&lJU5)j~@3bs8z%#Zm&7R#0L+k-B<7}+z{-div%vh{~*LS zP@=ayPjWD%TRl}_)xnN6F%au#b_49Uz9+eVh?{gZf|`A6bdh_iXIvgW>oZuZ^IG#6sB9kBwbI zRB$*E`*o|w8mz8IHxM}ViWgx)5A01>Y6=R{IYwx*Ig*s9V}k?@A3K2@5z?vH%)+E8jwO!PJ$4IoG> zaGW*Uf#`83mwf@NE8CqM9XZ(96AU?i(|>mp;Jv&X>!Bdx@Ob4l|4;gQdT8CHT%1&_ z2D7lY+=WE4+qy7B*3UxiN1*8&H`ed)1-o^cd;}}ez@Qf-I+lg?-1x}V4Eg_J2W9YM zG>Vm;rIqG1tgiS3V;AlHcf2p~l3$hbFtuO)nKLrTlFRUFCEyq+i_vC3e{kl^(Fr6%b7IHo9(=r?ObAgr?0exBKx^8`)Zy(GzAF;S} ziBC|lv*JqNR6(p5N%^|7IFHiA#Ka|mt7tufqj74$Ek)4n>;(34y?Rx!AUrS65oaCn ze77|_ge2MH4Xv#Ys1k&ZS7PZngC2zR9Kh*ZkdD?TgdsmM!CtZ**J&I|A8C} z`#APCG7jo5gAq&CrDSF{3yD2}@yiR7vEkvT7i7rqL)7G`)~jU_JU>5=rLX3rk-aG+ zGZUqD>eN;;koh2rs!yY0z?}lrx@5)9jc@MFGG7TaJ98BsEwW7%EjS=-zGGN8dxl6Y z_d%xgzc$Xfy@R2|y!pUDq#gDyjuNDo;y6D@s!ca{Qd2vClSajZwh&0Tg6#2h^g6`c zXSH*TWzge6!(q6m=0C7_Hs>z~#v6#ZT)n!29fdLgQW%czTT)+8_yhxOVfDRu@xttZ z9lO*v*0Uz5MCS_?6S``}5EB3rf!!m5S9WP>se3RJ6BAl)2z@7Ecn=r-VGhYq^icd0 zXnYTaDnj{IQsNH4Pu#x+cL{@b!>svnW^SPS<8I0_{pLbrLmRV^0)l-D4J|-V=fj5& zXw#2h)mlJr7i${jT$$w#lBDv?^_{!?q`{4%6#{TMb7heCf2*3hKh_1myf6lF?x8~_ zuY9&3NCLF`P#GHbp=$~afP{nu{*K$1JO?h~dM z;?9QN7w-InNEbwZaymV`f_m#M;)=rvPr3XwbONtmzedFm?8F9 z?bA9{yc0V;r?9YQ3oRPw$P?!aFP#Uzcqe*1kKrFQA+4v94ab=zRnYOMp=D)d3&rUq zd4c%tdb$5e5}5ugEq&8Aa55Jfacx0p<>AI7BV5&9K(bd9p;cK8bLW#RiSWVw;RbL} zxU*7U4-c!P?~PHHbuS(rk7)GzHEIZi2Z(~X44aunEIZf5A4XBWHinUrK7gdl5qz11 zP(*M zI(eQmgCvbIj| zHzkpD#vn(;ONt5#s_nEIF8q-YqNjGZ`UFm5ZZ3e^cx%#K00$@uJbkqKA_~{(cY64D zvG|~3#7K!gd#C_JEhzZ#6@Ns03W|ysPtZbcM*+E=(|9Le5Lv180zaczD8;6#*RQ2nAJz>xEYqKHXV6&FL+*=hM!ySX-==rE$>BQ^cufd7@J{XZ_8 ze`a}QFM^7LHqhrD?$g0^>NdEmmKJ5tBT0X`xt)|zL2z7Fl8)usLL!wweldIK@L?Gi z>Zv6UXyX2qaFAE{NlRJQR#hdYJwuxDxrbh{@X3?tGjg5Jl`cADt?KD1CZmEBVzd7# z#8C;UD9IScdfaV<@Tos!XP3(Kho2dnn3y+3?xv+Bv}!;@`p+*j2@7{OG~CVlhOL=` zpT;H-R%eO}M@7AJClk%qk&B{;GIP(+9n-S6pF$Md!UWP1;}U`C>FGhYpGf?75frpQ z2s}29dc;{nUmGcC_gI_rH`q<2m+zC4l~x^3QOpPl3AOAOLR0Rj+hqB|F!K2x2yADq z_lq=slmb-wBMr?qUiF#;gY;aIkMO{IGf{EqOp(?0}UcF)#71d*X zXgL<5ge_HGugmVMgFe)gGY^L=)Mew37bVZ53{fw6FSKPg3`!422M7EL=o+1!owLWw z)6QV;7p>!G9PWk!?5IC+J{%I!8wNlh?u24?x_7INhDF6J_9h-z`@VZ)CP~8_n*ZHk>5N2cew?f zAY_irOy5ws0W*RSKj_1Wt{|F$P&J^a6>|6{#~YKSog?KYKd0~4%_*4_1WiQgp(9M zpuj~J@Y2WU_o-Ub)Q(8qL0ZR2(bJ1AE_TD|zxfjNEFp`u0P^y9nM|So z2dl`$biHAKS_;D}E|a~VP(}bV?2-cCB918|)lEZTV#x6hC)%9vbdk z{k>2r!@QHp6e5y5b!|s2$MVtY_mmH8KmAU@_WMeOOIYNHjttH!Iui5cm6jen zrl|aqwH(*IX!-0R-co?uxSdIA1>yCW%GlO+;`?`D=q%s+YD71tysE1^3YcYYZ~+xy z<+Wexg=ivp;qM>=e`#`ugC7PF>I6)4-*)R2q7}%BG2Ac@vJ)p0VDPK6!%(XFV_*a_9DL_a zDa=ElU5ud=h!p(q-t9Q`uZNY?*$vGB*sw4zU8I6ThYl4?G6dB9TR%Nx(uwqW6==x) znQ7gFKkZOwh-e|93P97%&ujdn zXm_A-qOGgDdGqGB@qg{LCwZpOok|OqGO?vw=r9X2;DEp!RIYK3Yf~gYf@?>`6`m9S zTXWpf>oFOrOe~~#^=R^1+u|CORkKSgBreI$JwRpeuP`$}BIyRPKF}HJpV^qZ6Q7IZ z56#V-X!>ud=Oa+?2@HQvFyy@5JZ=DSD@cK_!(Vg>9oIzUSYPF8=Df8s&z6?;SP7U* z#VwQzGc!?3S=&1ccvtMJ7w$um&nK?9jYMJiM~H??6IC+&n(fmc4J=aI_bcSz-#}f; z8w+x_SdZ8Xmp<@-e~pfg-jQ3eepC9X%o*DHavjhjALtqeYqKK>F4Iw(_0jg@9Isl~ zH8rfv%n2nWB^Sw#WIh&lMz(ZvaKIYW$u&K*&Be~bVi+wDq#I&eb!BYyqI0$rb{SCW zG41_NGcI=a`2rEUa8LH@s9peT^ea5vP~`(CqEFwof4m0*Z|Ea2{7{kfF(0z_2L!fb zlz@=L8R9KlO!4&82L=s+MR9)q7330OiyeJZ7ws2$}$Tb$8;`_#}y6vuY6EKtQ7t?HG0L6VxBLs{#H0Jhr{?IBRbMW% zP}c$5cC#lX=bMdX#ufo!KpEuq<{lHkjxeYb6t9Vii7GkkNIw~iE6|6wg)AKBqwNZ_ z>@9wz4mTDmU$H*Z^OV2Otyla#;Sy_ z?V!)cGPk^pi~uT!Z*O)Y^`cFm%#7f=xUzyqEodrOJ18HdVyiF#j8$hzZhagRL(GO_ zKSIgihCGnzmt6-OmP(vQT}68d5u$;C zEr1G|Qyix&?E7VT+X}$d`zPQgs_`c-&s_q-ErYN`hThy96T!dFA9toZqS?RU>ABoj z5USDehDAiAJwC;|(weLkLwDf7ZwygDZ53#X=F~wS%vA?mTfvg`nrRZO_lmTuSh`J> zizE(iWP0gmC1$Qw)71MZQfIUFt>7kzAztRV7VlbGKKJ*V*w{4nPwDCFBgv#sd&XUf zAIeM%LdQ}=RTcF&Q+PvQP>`l=MrtblFaGQUI^K8tD$}x$Z?DwP^x3lER7-q?FR^>h z?#y!@)x zux1BT2t6nWJ!~Fj+h`zH+|~VCcKQ;!^2jqk+s;YYbmiWv?LRv7qZ`h`KMqDU;a3(; zzd%E?JrB3|E`RuNS9vGy{rE^>5bCO;`$@5hE{n*|M)!GZukH^ zAe`NE7gO53EiKQ0gP|uJ92#oIZBc>xP&O2!i=gV>XC_QdzM=l;(O^Dq?x5QKj`#1M zu6k-bXn*8av#979Xo>RpFv{Z_JLbfso6MtWWCGOLF=mEP5-H(Tp~np!A3RXPjq^af zoR*fpw8nC4s_0)qj&3GFZm_g7^ zR4u)Wm>>t=%)S%AqF68Mr!#-79{0l3)Kcu~QY@;KHvR;Gw!;tWfJ`uA9&=9Om-@xe zba@b0bHf)zfEX%|jg9@Op?`H|P%&^q(rLOBNI%Xd0Slt8QC1oOZH!hTvk!(MwTjiM zE1I01Jb2*n0Y56;OV>hC@xB8qUBBQQfAW{2^iX0vQn-DAYG{Tw4;s=vccC-9dGlr` zQHm71jO&1oTF` zdT#lnhRN?zX;}2V@w()|#` zdPh{fuGF2IH>(h#vCl#qlF_QdT~&t)UM8uIpa+JDA^f_gC_%K->b_i#?7N5x510{2 z<5_+_i`DKkYF)V8;H$F{{g$B0okBR{n8dp}h&X8F7V*Q{T;Y}iD@GD6aH@@snSZ^n zsWC%s<^QQ*B&3WzrZ0a1l@9>McyDNPhsSR)2WW4M?`<_rsU=%>)0nCNJ4Up zm{sA?!992Xw4|E{93YuJN&glV4)h&D@U?)A1vIzQi0~M@v0#s^A;)d&J8*F@!$wU@ z>xQvy6x`9m&h^ORXo!F={P?j9Ic|0Wv$pTVVbK9(0SFBVkl3L^{m{+f(Ca;+_cBLM zn&@nLtyaXw_JK^o*yBYbqZ}w5vF4DOsHC7p!MYvMh(O12+qS!4WI+Y20@I`EOZ4sV zg?Jq@bS{E6w7e+h4!{Zl0;yR)z3!+#{y-ghFkGo6dPTVZ`#_S2j-1?`<<|mpM=TU~ zC_+uw0{KPA{L-#mvI#yO?N8$4Y1k1-FSGaK` zVD5dW4g?>e*$Raj`mHr)dAk>qH7C?_J}f0yJptD8tNx0f8d|Tzn1UPwVpL1nYSAct zXka#^vW7$&e;}^J{PS2-ta!xZ#}lKY)=+nO3@aCHDU|=-$%he_L{wb_#dGbK`-KZ} zXdU2zGldZQ&0z@j*)&;W9K`44n z>kyi4q8zIoxGS|c{6sZBJ)NV4m0^U!duYAt{8d>O9+ccdt=VpPWY@@14F+RrZ= z;V<>Emr$P7A4kNbKX4#Rane7B7{#uy>vZ2g@bLaHW^B8~uCkc9(lcn-C4yScl67uo0?RIO}9 z3^_qV!X=2g13P|N610qjvkMe)!h0|q2}J=d#qF?B4{U2;dDtf$a*u(;!yszE>NSt_F|iB zx36j7bm~4^iPJ&)zhehV33qfCv2oNVnh6Cq$?kQ_wxf`O5*_WNq(EBU+qL~^qFD!s z=kkq)`5Bw4st&FWp+7yk z_5r-(*=xn6x8T}n+y6)ZinU_1dpoFlm39;{I)zt_jF@By!wH)xTpGzzm}3b08?D1Vmw`cFOG^;D z18W4hO^t@A7547ki^%lj$K?ox`2sjrae-b+a_2Wj@|);2iYgkkKz zrG*DO2(=0}08|hUUbg%YGX#TlW8*f+m_zQ}yNtr;lQ}wEaq^s=M@TK~*tf?81%v(k zU@ZYs5-1AJGHMqtT)?mza+0Eg0yz^LV!n$!hQ#vSyZcncz!FqY_wG^Yrx2fWN_*($ zd?pI8>S~#s2SbB{n(FFK#pm7SEnJ zQwJ9Tv?-8(R!|6`_+x-C8322%$8;U4G+1*vLF@;G7PKUP^_{=@<@=}71;k4Evu9^x z$Vo4Huo$`{pt&>3hR+YBhqwe9xV*e=RaGWvvE#^*{)zsFf&%m;7m)9=D!LcILDgM{J|2&XAyMc5FLVO-25E{sp=>MKajD#|eZ2kJ#n4SBCi}eiD z)ErUVV#XY?7AdzNCr734%sNs&ZM(;XXxNOwnd=ZJBs2hjO|JgV1_Y|$z2TBrQnCy- z8mpwRpa2Ju`BhVVjXxuR0)PV^P)8yR;=lMiApnP$#@VFhCVEmF?QMrk3pnkFW|+qg z@GT-9g1?qgwS#tOvlDNbP}k7dDFwSK+TFVcke?wZMx+}Um_t>F8UsIDS^4tNTL$si zV-M>fas>*7QZ^|G#Y6j*2@;78;VnEQL|soWW0I3Z`YjK}mx)D?cwB*wYi@h%$Edji z=k2Kclaniw3v2VN=PLV(-}XH?n!`EN=G?Juo7y$2 zJX9_X15F=a%Ji4};OPy-I0>d_*y`Kc^CMPf;-7%H+YXY<$q7^ungcAK#&zeT!ebrV?2nclt1bEeXQxz3m7HgajX1QYn(} zjCo9<88zlO))*B(C@^1TBtrEqnTOqA?k1*jssKBvA6; zJ_G}-WvvWtVvG>Ufc)sc4p}D^al$iletvMu6>1yw1DSmw^ZVO*Wp-Wde^1L;vcEzT zAFgoK{ZnJ(<9oSuSZKCxVS={-jZF3H*KDe)md*dFlT_UP4d)jvVpQdbYD}LJDh|aA zAyPt;#mUJD@i{6Drf;h`SBC5r^{g3RG@G6~Xta56NR!U9I|sF8m=ogURIa9Lv%gQ$ zFbp^7EP20sq1%9?TqCFOy?+98!Si_SV>j0OZ%c^N{3v4|&&F&W7O@bVR$NTQ%)H*O za+2}dE7QS~&CwAG2bwuiFh^!*XUnmmeTmt@Y?p3#3}Av?H#79YkSO}L#)iRg^1FMi zqQyz7siW@Ao7DHp{FP9M!Gw+m1|&Upl{so3b`}7V%r^s|K_b_F*ujP)y^AeU6eDq` zEF)kIshT$SF3}f(LYjGMdRo|JOuHcS8K#_Fy0pG)1QJqU6aXhqOoOACf~m^Zt>9AY zP*je5`=-uyCMIGyz_8~nxaB5#tBT|lWws}(M`5GGMuQ-~jhy_s$C3ktm~c8n$V8#E zo{S9W7jziHZd%@r2$U$O3PAm2@k)W{1hPVd0FA5)2zxP?ixPXM6fip6FomxDbXBAu zAAyE!+xG2%n4>@mFfHW=Ob5@~eyQZ?)9;L{i@wNjP;J*Lq4;yN*#=SM1;|qYxd0@Q zlU3Mgz(d=+xL~-!pv?8SubQV_NW;KbE}tSwKp@CRM*F1XG&RG(sJzYZ>WDz=+2vHn ztEcKu5d(J6@nNJ$98KN}={7M2bmyDvtpxm8y8#sbJTP?#f)db+oC$n6jtDRq(o@(D z3RUq47b$(Zsv)upzSBP;-|?Ui@^?>HSBFBb8LM!AXW zS*cuIk&t?Wz7){tn)=w@!GSP^1XqLs&PE>CMp48zAMyD)+jfq>9|Z)VHKxKDR^z>a zxgfsvz~cs$Ax0-B2M6at!CG~CbX(?WJw>n0QV>mmWQKX9HLHRWv^>y7$8tWasJNYi zqP_UK0o@X8{aW*K$7C_G&$J&cQg9}b$yl-=rS=u;DUqMA@Hi>b3|vCLdv|DTtR2)p zmg;K3@5{9cwB}Jo0&qcOG}LW*B#n1h;nwUum8fi`JO8ZHnx#mE%a?i9bkvNPv|bq? zY-DkI_Z)j&TMJdi;J0tkCFW_U*kCcQNSXU!APRW0@be)b3xD2USqA0bzkG?Oy*e{J zO~`wjx?qwwk`54n$174 zfCw=ocep&cN}4)4yXZ#TH9K%$4vt54{TJa#w`!?=)Ope|KpeYjH!3yFq-fnooC5CwgppStT`3k#?_q9NNr zvjuvWv6;eZwp*C?@XNyYoU=$~Tqf9l2% zHSYwa9?FQOftx5rCd+1m-pUfB3)UjO3&^yx^#;D|;@)?sxWkVeJ`6{^N;I%=MnQ0h zy3eN0`+c&qtZc`;H@ePHQ5F+r<=7Zz;&4JxLqgjpb!YIvj>1v{y5b3r2H5pV!Il*j z@tfb6DQ2LeqN1l)PzhnZ^H$cdfJqa?O@|e~NV0{M)%TH+F6cmF9KSb8r)Yh*!7P(F zMdBbaP>c~?Kt`N~8iTuLd>C~mYH-4^i!fNl`tz;YvTYkmcSz2V>Arv$0;PzU%YU&x z1aS@{;E&7Wa|MJC0qqmhCPc%FXfurW?4_oD)jtK%2&m0Sz_0M|l=FI5-BI71m6r#| zaK~)Z@bK{S=R!?f`TSh^CGD_)!2BuzGD3HH{|yY17NgmP-2!*F6Og3>cXvjg#@Rz* z2iGquW@&UIPNzT_ZM#mKb#4pnTAd!Pvw(MMc8b4?-7cmu55Ga_~Pfva@5vI3F$T zNuyUjDBv+7;^LIYio`a1wtPGC+G)q^C6xP^51^%@x{MEltHiH!E&R%BYJHbWD8~UA zFr1^42?Jb&u*NrUek?2ix`XK_3=$#y0*ioL{#cpX?}^z4YybcZQIExEI23%y#n^%z zG&L|$_w2@#~Y4N z&KYIz@(yox`?1-=)UM;&hp~w-Y#bbfYbxG}kpL{jC}9TIJp6FTpafx=cJCg6DnT?R zza^Ix+~IqOaE7p#8K3##TIT-o*hW%|P^5g*75G1(JAgSuEP~rce1i1D`H*SV)Nkv} zz#hk14xwrVBaS_!J#)d_dr&q>H6k*y&~o5`*2;`k2A9H|gyt4f+!p@uNIUFP=gI@3 zKu&?IWPy`7MUjU7WEPL%U07;7u({Upu{ej?E~yWO8i2)ke3^1}(PSn27DUt`T~^%u zeIR*-=#?01mr!fBTllRbJp*&PVBkAH-lviqoOebZkA|=np}K+IHG9mNC6D>@QCP9c zj%iDfzBe0)pAR2hx@^0b6zM;B#0E$~n)yCdownU1(#@7JZb5g@9yt9U4?_?!($7e1^_OcGO) zdax89a5zc7LnJ3njf`aBx=DE^t>ZhcJnCdDC{jS69E%Q2i?H}H`2fRBKWSK=X8w#s zr__6s**<`yyi*>I%ol|&BvqR!L|aHYoBCOifURUem9R2 z{B^L?7_TiFAxmHntF!N3>5~ufBwg^Jh#OQ(?@)|cPuj;-tXF|Ok2W$pjXzGCrP9&3 zF*0xwkc9NQI23z;`^0Fn>AqxeGm#_2w>-kP_;M_fJ}b6yuOMjgwW-Xn^L|IjY9;Sz zcAX~wt7|iiVuH?hPxj%pgb9FTv_Zm&6Q zbu@adX6ke!&QtqAJ(B!#fA@3yL|VwZxDHqQCb+B$ucQap8jV!s3Q6F8zgT{omSN|3#UBZhQLf`Z`*sf3JW z$#iZB6&mCKP;m02{Fb%I%FTU{kO~AK{I>7S2>%U&lMD?#O0%`8Id>gtAKT50CCtDP zbF@$vU@?q!7c`))2Jn|@$c7ych!}bnPMKZIFIv!D{{<2s1HDtoar*^`b`LQ{g+Po< zmYSN1%L6t_!fo30wO4_}KkgB5XD2EyRv&`7<1N|6z~Bju9{OHrssZ%>!kFFIEK&{* zN0f)>2hta`bGUv3a4gs_a4rS|rMR+%$XrA#3d4J_ba3rZ>_Zwt69$=#U#ieOTEYu@ z6N2Q!Lov!vsY$flJ@x5RRW=%oK;OiI9Hz(}l!wz28x1NH6ic{}Xa*VA=A+FGi7J3z zUfv88mR%9fO6@HkeVqe$S8-N==XP(s1%Quuf5?XdLPJNLAD{p+k4v-S4hgiO$COM# zHMD2Y7jf*lTV7rcy3;_nvD?8Q-$Er_GxLcm{A=xO5*0D80W%Z^m;<0bwYuBt4=HzPdD&l@84MYwajeXFAwl@nB-lrAnoyn*1`6mSS;XYY~CS+sGuc8|)7>J|2K+-DZRu z^yz@xa0`<^;rfswmhdxCnA!n122G~Oh9}kv+ zZRqy-P$j8C&S3nf5eC{&`t)fSaX@|r1K_8CiWF6;9ad0&LEbuF`UT3Y9(dfka3Hz> zNbaDdJg218n`3esBJMD5{inRiZ=(^bvHxSBcmSv+Kp3hN5uvDg1aPnpFcQpKy4FgI zk)>F|_beA>4GtTlAqa0;8X6~sgkTK=p9#37K2$tc>PHOepsBU>mekd+Sjo5<#0#EA zECO;S@K~)ZGpJ`RQp}Bvrf}_vHOsk23*1RzChhHaeM#=`?{MV-J$;aX_Xz=+LeHXf zNasI}!A7JKjsL~lmxoiizHKj5*oG8|D3l=?A~cX8Q6XfWLWYc$%yU#S6(vbz2$@6X z%#|YZJeDL=<|KshovZ!+-rqaF-|_wNIrh;$_HJ3vTF-Oe*L_{*b)M(-@#oZi}^%AiF@TbA@0n)6P4DnnzcoOiGP@8I3SPc^I5 zer*#paq&UyI6P;ltC4@v$%4Gt+lQ7i(HZQjo?s*_VJXkd)nxT0rWlCYb=e=wOiN?; zLrAXF7mdxbO-;?R(2dO^G86zLOkZ}4mg>}7n7DXxJQTs`t;{o@bhtm0+; z8=E55ooLoM{SL1HyZQQYpXDb2>9E$yoF-%`ut-n9Uh5q3=L0IUy!?DD4iuOLW`6@Q zwkqC}LFppna5MrcfC{kXiSPjd0cFd6JYHCaOL`{rNUiBFbW%c_iPQkH`*aHrXSLx@ILlF+gS)1s;pue%}FZrtq-4%RJ+!}KO)5%#qnj$Zn zyNRA^SXHGb392pQrTw9?PoFkOUAiB8PEB(?6l$U~uYKcNdhiMaIpU-b+!7>Y4 zNl8fy4%1?VqTb3pF`pbpq)H4AS66mlJoirMo{M+&1}_~2WV!&>!vWdv-MbFt6wx;d zml*wFBU}P8wN6E`bB$)YrkLZ=W5-&Wnut~cV2xI7Eau>7263!FzW}i5p@@2DsHCN< z;6%{HSk_H09m=oGNu2EbDU{Mxkn1rDlDpBgj;E!v_fASNO4wBk?< z-NT58#b${)I$0PlW7G+#2NKSc45;N1)R7ymuB>Poe0uX{2yk7rbl;p%tg!Rg`HliW zPJnd*=x(Fg1F{K6tb#whVR84s+(Av$9qy?72lz=R`lZ3B6ikK}QR){jmgAWqpncN| zUPK({V+aQHj-?AQ3uvy&+5nLO`_x!9vfDf4%sr;uzXiLtwZ@<*gUhKz-(8X`iamf< zB&u!R;CAyL?X)khzVXQP)cK}aJ8-Xdc*0A&jjzy%xZbc|i9JNU;29U328oNthh4tp z&&E$d*=2e8vbDbwv%mFgGZ>MZ2!Du%S$8)qSfHrI=>r&q2uPvv3K|XSOw615GZJA8 zUm7YkBEKe@eyZmiu?|#*!{*_^gI4gSWCPD}n);-pN&;}|0u~ytM#?nKKg5k` z$*1CGlZ_{i9C1L-LUbg7^N5jATpYOx92x!z3l)xD>_AV5XmAVA6rd)?b}XP=@3Oe= z4+n233kE-v%6p z2-K=(#xlC6C1-~|G&HbCxLm>I+)u({qYI~4AIol-tFZ3e35#j`>||nc!)@>9?oJt7 zCkN$^oWrkzavmusn1NnWgGi_FDW<7Gy&JuL9M9ik^EXCJp$uM9zPkti?Sj%*LItUSTUKGE4qAL6P8$V zauCX5(c?i!(V-~Y6}wkgKsc64`{~)WeH4EjTc6kjS+{&|&u-OT$imaZNdD`iU|Ep`<`4=?WIm747_#K#<;4*N_XqTvY=MV>|CHSP-u7cIy5CqD z0uhSH5p4|~n=l~}M0sozMgOUKo;!go;e=b}(&=F9NgkDClw&C=M7lFOyUaK>%37dp z%5mcc@4LF3G3E{gO?wR<)3nx`#Muk*F?eRbug{PrII;Kac^r88+b=K#$wl++Hujh% zU2nbF%37|qmOwICO+sUfx*E$1nq7P$G|n*i;o9UqYHD!|oro6c^!i>5tnp<_B&+#{f@L_PM4}tDO+iz!i!y#`bQ-UD8XI&qcizmoYQUa z0Mm9yi|;1*_LvgH*k}t0t(urgdB3(p^M*1^+ho>>!jrTJNPR9G9GQ1JPDkRKAmVFz z#IfY!t@`bR=v#o00hR>G5y6gD<}*#M=un{iLt6lU!b$~J%@K<79Znjl+X!a@F#yc% zBnWVPd?@7fQFAGB?v#pei5t2)IZYr;)&U1;dJ{>9-O!Hm8I?kW;(MXt7ReZh(k>5(UX$gN4Dz|Bz0rc&ABH3J z8NSVdOH5+%_%_#%-%@W9iWaS>GblW3rhUq@UV&K7ZqnSb56mG%4H#>ABJ zg#|7ip5eB7yrPv8lU#@p0R#gGww!nhb4f~XfUCBAU5Izc;=r9>Vt^tC~r3_yi`=T1c8B?LJ%P#^ulN0xq6 zrZmrnSlx0g3;DDkua!{-Vg{HM9Vw)-fEl7EYQ+0{wk*#ab-0VaCx`>0L{?49B=ig? zHEb}VC(h_C5f>!5M7t&WkDlf&q;gnKW?fTL@^^!%jHMojEO&|pFEb?WQVLh+2fM`ZYR29^6Ij8GDs z)wHydFC0X@-bVdn2hhed{Os&skSu}6vER@9^5qi}5^(t(!lNcu@a~{}C^tpItbb^T zBfJj9;MopQ4o;XvA3S)DpAmUEs;;o|<20o>DQp~VUXmFSv4{A-u?Hxz^$XJAgNO{a zrzdjnwoHLvNcTS@;kHS-k3KV+u$I-`)X52&hadqpfsixo9E_BR6axcA9QS^7xKeOp zcedf0cxKLC8^C+fCvm9sA=SYYm@i+50@TlK?YeP+n?3>>u|9`vmQx??{2B zm@@jQ{{#8J?P`E^5&6FoDSq|ntw$$NaNy1%RRgpo4Xh3c6PS&OBFAPf6S1gh0q_mC zY}*Fq7w}RP9r^lqXb5(XQaVMVZ{7cbL*hWqsKcm(JM`HgheKHdpWU}Z*AW#cIq-e| z#_6VGfXtv(?e_p(JYoY`Q?s|P55~mtK3aCZmkvji-(!gZQLNcYFzyIe-?~elm-f+yl z!tHSj^UZYrN)Gui%1WbveKx3lV55? zVMxq=!^00S{53N(L&+haU+@9vld5VwTE$H(eU?qwj>s8_#B32m2qWNaACsSAvnfC% zD}%<0ya@7u&BYua@SZxkUa5$k_J(6cwCk~d-)%oK^CNe5Q^RMy%kt^)^^NhW4i5*j zi7UcKjy$Zb=Ga5nLtV2%xEF;eBEzl=rQ=0G%T%a^iP*FNNLh=ESyy?%F8P;g>_hl@ zZcl5X3%DO$6Ae8M5jxrbR8=LcZtY=KTpIu$j&A@;q02>ORYjbli3gj~dwcY}V-xxT z{=rhNNS?xk>5S#I{)WjbZU0iOy*%TBqIwT;KAu_4@H}z`wE43Q7uGQ>3O5m=(Lw<+ zr0#!=rXNEk78O-;edsM9x5|Pnv<5NMzyY=mSYFtbpR0VNIXM4gu>vCS`mHJIb zGEcPJaW-ML1?W|YJX~-Jgq0lt4hYr|ME-nQA|LfXru1!5PnYuWdBhB;|3K&6P;mk` zkpQD<>6$UY*8_s_OCxyB2$C*M7{ZaTS?7f|1uw5cmUaMU@@(6NDH@%l3OCS^Lkf?5 zk0J+yCia27!toA+n1qGfdU}ot3AF+ru7AY4NR=(}XsHajIOU%?<4@pZi|*~u=W-Op zGYE_N_xd`HoAu~SV-XBAnE^Wi`>7W-06EaBk< z)AEX+AY*tT#H;cdsLB2Pdw7T>@MrEoh*5js5JnIMEQ1~plA{)_a(~j{|J}Izf22qf zPx8&%)k7B!i#iL^q~zL4nN3O%4`SjnsU5aHRF$HVYV!Bt{EH3G9FS1$Ftf(MTicN( zBv+?KiCp%kC;vz^Yc!X{PW`7e6QLYZLE@APoE{;>;f58vFpHdlp}?l=uiEU@Q{=La z&nnme|LnVOi8y_kI0%{#m|~C|4D0(u%9UfS$*iWMRXZ@-kT`HkKp$vxvU(pejhXp) z>`xZP9d^ztx+XXCGckp?nhRi%#{`Om3kXy|Pb`I}zVWEOiFp`hq zFVNyq8r7K}ikL*4#hW2~psv31=RJtP;&GP>S|@f<^8U4ieS%c*QY&{ z{{i=&6I3Fmj|9m-Inw{F@6^Aw55h11NuNb;BJZ(*vIChC*uL_3!*AiJLFwq&BNR~r zgH(j91tLJLL%Xz&pNCPqc2Sknfarig+kB-{Zd?pfN{=!;CF`Ui6iGb^(4+pz2~ z03G#d>3HA2_Rn_6f-H%i8%9+dU6v<~Q#6U$E>rwJaxvdEe;FI=R#qZb?z@jfy}&A- zwsmz~jt;~52D?fw#=Duya1HH-$NbpD#LD-f)3Sm8iTlaKG4iKBOY8w+Zjov3aZEu% z5%#a$CBFwK`QhFToIK;ji|Hm8l$lHn$m&WV%ecTGhAHDSL8xtk0#DmUr)V9<+|}g| z2(Xau-&}fx2#sVEtrzrwfqwTvTONzl5hGPx0m~yU`3D4uP*c=V{i zqG`{}1BWyT`wN{ehkr0URfRu`8TI_95&NmAcyKUr z6M234yD9Q^)9#cdHs#l5C1PnXij92RHh>-H!LmLS0jImX&_9C>-yUc4y@p}~x6QOA z1T#l~^=|-D>K7@n8~i+e2cxM|Lru^fO7pIrMc)7(84$Jro~c4!GjrnaJYXH#AGD%l zrG1PnMNuU$9NkfdCOqbhDQ_$|c?Uo>$wTZQ)~&4$KW~s6FJGW0oqciCD6xYkneJ-xP&ADV=fC) zTSbY~KQsY=p#oJ#fdLP5nD+Fvus##)FS@#h{^cP0_TY~APJ-AXLu|@IV}iXs39a1b zuUct9^XUC%NS+42^&DsWZ}>;JHu3iK1GOE-OQ3A%cY+ffm(t_&u#W+&c>*n5fYaEI zGqbam5HW)P_ScqM_ypE1RrnK@_Bh|+()1hFS^ahxGrs^+1>={O-oTa!Ud`U!tY5^i z9IgU}K~j#dg`1T%vm=7gN^Es@+8_%<1`Gx=dXQXxm{eLe11Lj~-zke+GCV8{9%$gINrO0j?;dqi4C>;G6&{5!nuiRD zoXzXC)WCwR1x6jD2bS#%w3}{v7Qa6qUaJ_yOr@1rUyKwLmdZiYt2p(rBN?hmmahL<9 zLDd~ytY2W2PzQ6h(>`9lHE)E@>*@7D=!j7nxM};b&i3#BUbVxQ+iz-xut&k&eFdoo zXe`mFX0gf2{aon=WFhg+tDE@*d%{deh~YITRHhXU-DtRini~1QNw}0O_UR z0Nn56OV`%2DM)bLAWTIDg61B@Uw_$5J|}z@Y)T&ch*|*RU=2%> zOH4MN+-x!;V5w7Z;64JjxHqjNY!(DTh*Cx{*c2@G_a zKVwA#(UHPX2qZs*@6yC`Q08`t=W=#d)>V8Zg7_C#1i@!-Fze8&i1@d-&Yxi@|7%Y5 zU!9T!LT8~E5qgE)%Ki{|<{MMb0nAuee+0$`g4P7E^vJzzk9cxI7RiA0P1Z!Z1n1I`mx( z48=L6q`NlC!w;hrWh8O| z$D%b4_!GnjC{%D37Jy!aI2487L8j8@9NhKM(FFPCA!ptyZXoM z5zme|oWzA51PA;8nt|)%Dvq_P)yYg$eqg4|xC4L%r%UTl7kX?^^ASn9P|~2T2P&jd zHiik1mVbsEzIcHlgj`&J@91UG?}q~sra7fV^}T&-icSeg-Ov$Zvl1;~IONhbVRoJ? z(%Bt_-XctLF*h^yU+0#)mF@Q?~0oC*0zn@c8y&oL>)@pF-@BO;#9~y{Hk1?cK&E+dnu;%jbb3U78 zp~7g7d@j0b0D|&T3!V-UMZ=j*Ok4_We_2JxLFxmx7+7bx-k%{s(*{>Y&r;wruMlvX z{n3vF%!T`dh9sE$dNYPgitq55{~Kk;2I);-ZgTp0j*$9mGUzrWJ_v&G2^S`B0^hLq+Ba_<&!(XtYl~d7c#FQMDY_^LCi%Z4e&~FQVpJM-F|3C{)zez&M%e+(&dkgV{YL|B?Uej( zwL=l&cJykQUHDLFOQUlG^SX|GA!h%r&I4IhD4(p_qvnZe-^8)t3Yeio9Vi^Zcm5j;iuJRIb|#b@ zfKzeELqO=U{<2GO3^SLZ9Ik>y31`9}k^JZ5UB~B_I=<>-N57-(DKq;r~aOh#93o9RtC}R3~!xmB&+(4pw2e_C&4NJ<21if(F3{2nJn5UxV>F3h*{A; zRUbYxFc`tWkViy!bHrm%4k6}9KcPwtl|@%dP|y7BV+rezcsh8Fl)!KisWH}`;Nin9 z9UYDk9k9~!Kv@Yfw1|i!=E{Qm)HztX51$Q+06gMJsHT&Wk}yq8beX>jNp=_B8v{3&8c9HR{&$vdlwIo(qEz&IT<&b znSk^ZXPq-Kjh*>OPt39D@%47>5Qa$&loeJjU@q68F33w(FEsE)pW7XBaCGYLHH=QG z`U}j7cA3MEU*-^(U=IVw zhQI_F7W6a9v6{m~hB-mm0vwF#kVHGOrUS7F*15}j^INQ5xUAi^|6?+)%nkOzLZ%gg zhU>@?^_DWkSQ93f7}XZlA||#!X|y?Xx`Y0<;|XD1+6$0)-INhRTMcDL-uAs$HX<2C z*@-VBTpF<{vs=#k=lnuwb8xI+ff50L0iTMdgMT`O1hZ-w&w1UDk$DY*(9}HDKj#-F zTwua_!3byIH!01@%zr*V;mjx~D&P+&$I9p59vs4@{tPhW`E%9(d4S>nW6u76o$=pa zR&)fsB6LrmO1VQ+Ip419@NG~^L8ro>0C`sBFF|cifvM_fWM zi(S|A4)gLtiAx-PRcF3<_cbP4wIt~qIK=7)a_-Ec4p-ycX&-b1ee?#&tp*-P$ z!mw?cnNE1x8p%S_KQ6ZG^ya@@Y*8m|#VR^GBcpUV&D>D-#)fgd|A*fpFCQM1mF!w_ zv4A-q&;+zt+38>vp3+Q3pb(BZP-pNpnf(0ik4C@#vNGRR9KaOfF+KSSi?BzyR52Nb zgPSfrGZvLlaYx(Ea&>kCPZWJImGu& znEC5IQ&A&l9iKaEE?qW@i)+a=56qHYt?AAq2?UQARJ;hquHT1w32sVE-MDDNxUcoI zk5tAaAvH3~bV>7yWviK8UM&p_Ik83u+>Nr)NyW^?^t7}KX#T%{t{lriVCwy^e~+)z zOH?_tbJG9AOJPl32Fz1Ozfc!9nat5% z$i4qjm;&wmj10w&t-oHAiPHN!bGj>iJ8@~xx23l_GD*U%lJBg_+p{-ps;W(7*jRx5 z9g0{A=OB3&CG-rpUv`tEgRXdYCF!1Uj#-W~!x6Y~X)DyTRf>&NTRb^s@=dPe;&NBX z&sPr+9}=s786HyU+~k=x&$3?yWQ5MJ`Mp9Rb|C~Ok7UCED_fX5pk@{ti&icBg?dr) z-kh(sm+h8k8UwD*W`7R|^Zkb(O~u=}neKt-Z)Sd-RQZ(q+w(qOFYnGBuD=7I%w=01 z;Lo~H5p;&+^+CP5Edvtzg}D(z)Fo?aCnd*ozP4BS^yO#8a`L}660y`vwi*8XG=Ax- ztu4oXzqBqV_lVLjIrWb2s%(r}-S_w-zL%C6oG26>a!9XL%@n-o^Eh(zq9twg6YzAk z)3V1REk=GPs~`KVP(3k(M&4QnRrWx~yqPxHXjXsWQRNex$N6$zy?J`W`^w?HCl(Ga zkBPV_#tXXajcw`_r4M%+SD?I+F?4m=--gV9iX*;uWlB#gBGFy)QLQ336Z6+|6e}$y zwY#%7TP%x;P6s!e>64}WJYyp@xctJ8w7EN$QkBi&yuiorTTE%QzE4@nQ|RR`>1^%k ze%Bt?KwlY@Lh{<`U}pWQTU`y!1m~B{<#W4sbc)+d1l6;T)DLENg1y!}QJ~wHdJdv26K2k-Vs7m^AWNaXQ zX+}6#k19^)yqZt^HZ@+plQHl5h1Z<9hBmrIw0RgFE6J(b?lYF7Sd8XV>d44w=ee=h zo020ST!c^Yk*tOi?fBfT)UNvA@jK1kM{n%S$`ibp&F{@En%ipLd)}?WY__+3#7*DA zJ?K{L?v(=iP?m3UYMnjO+@pg6yOgdTzj#AqoI*J$i>B!PUN0lg2Tuw|uDd_VyOl*# zxnUBZ-m1u7n0)+`PH?)m797qzuTGnbXwQ}X+%0e<_X>Aelz#HJX-@MV6}?sVmENsU zAtJ`+^{q~qt<}zwN4n5zM@JFAh~(9=GwU3jMg6q}iK#7Y1IKyuukswp_3Dain+WOj zdhs=&r#>z^F!|`o%5zz(Yd&tORDx<2_jE04hkjTW25a+Co~D;oV-*Z&NIHHoIME9K zE0alIo+9D+McPPJ`&ZOiDP4;GDSfB;&1sUxbw+o9=_LR`S`Hqvxat5n++E%cC#c@ zW1Fsal`5ZmFu3-4cJte?z*yVep1opr6ZQ1x#CtUy&#tL4M0n5F&w6jFrB5{P%VxW? zfUBp`QcIRZfjbB0>x9Am`-eL>T)@*Y-D=+q|LY2j75))LuO9cEafm}4bm$% zQYKKWc=q0}9#XrwPu{*@yFKgdAbsCy_-VY~aqne*+o3y&U;7^aLXNl6W!s}=W55A< zUsGkK`lCpxlGL>8`~5T@GxGBBZ82pYqSMcM-lh0f$S)B$!r(x=4VQAJ@yKc17FyL- ztF5Mb_NP`vx;zD49M6!eGZY>bcX9o?YwBn$lfQN*LxKLAR#D1L_8Q6SW_$xxadu z<1JB~dp}oMd*uhS6cf*xCJ01PCRe!bKJj=VC)A;B0!s5as72Y}DF7;pCU%;T) z$V;n}^+I&$@m7~YTN7SEH_gUThyJ1>DG%|@ACg?g=E0jwEUf<8BBD(?}TNAuCm~`Q5s{&*1)s z`ugCP=5EFmzXxqYH&vA)E>@cN)r_3j>^aN%<=RKjQd^$0Jf4{q>BX~B>7u(9Je`ZI z%q$Jn)m;|5lZMBsws3cQB}_;xnHC>aw`Ddy_+?|UVERKH%l%+?*`O0y+8ZL%h9r?v z4_(s3Gb^IfztuOreI9GJ0%92Bf>y|T-F)ZkYlJyMo$ImBx4_Gxo6(8+Fudu069+iGm}Bk?ymA*nsP&{~NF5w0x6o-s>8 zx8V9HC1-H`L*@CX^|jR#MOXW}VQf=J@osF|icXcCG1|e6l(Ou2iM%3<( ztx$9ODd%!wd&~AUr#jvBj}lAjXFY9YKh&pXKEbVaUn zeXZKmSe+;5+-U7voIgRDt<)kov*B@(u5d;)lJD8^m;`U{7mdnaeWW!vrccQnJH|() zH(jaGQlIf?SIdmRBfb<^8er6;pW8+(d3CGJWm~Gn;KRQK8abnX9%(j;TAU#X=KD6( z)zc|A(z7z>6&l}MG4DG>$;nVGOdG*XYSW}M#AuOn_MwQjog!2coWi#Aap6uwR&2T7 z=EAQHCCt@s#QmP@?HCjIJbHcQMqHLM*ISuESFuyKyyij-nN<4gp!lS;Vo4(nSaWz(H0N4LSeBT)^pVBWS?pTSCvokjeE~_RCM^{II|q< z+^lYibhfv%-oImqtXG)}w_lpINB^z4^@>eZn?p-e(?6HbvM)ST=hl^!d@Z{)SaERO zX|~aBDY!|0({Yl(v$h#$vHr6HEgS}Ka{AHD zYLqa@F>aNoja<~fIiRK6rlsv|JP&EGwz;A6t{z7npU;W64%Q0{RR%rSLPt+g!d}~G ze#FwXXYRg=zpuj44`H`g(FzWao1L7*KX$HKJs8%t(IeW_xTsUzX+O#vluLb^aOuaZ z8+QkPyDWa*Q?t`s`*vRTwt%G~4!`azy$(WE--pP@?y+?FOxdz17s>I*(Aph8l`EHQ zf2(dn!sPsp<0F>lNn3s2-+I=&<$aA&;O7JWE`cjfhD{1#XQ|IQmq@A#=zm@MmBZA& z`Ph0`;lr?N**;INl&1YvKWfNJ43_$@jBQ=m6uKf)^YTTOj1%D!v&H-RLY_l5p%I$< z8BWc8KbVoJ7!pD9dcr}cC+yXeEo~#0gjyVK<+r=%WgHc6e;jAU*Rs5S3(X?Il*wN{ zPRXg0*5-?dEep8hX>?_^|m$~G4@&Zo=~u~SJ+C~DZNqq(Of~d@LIz- zUw3LM*Jsz|tPXDK{>r%z!G)e@wyUrm%Nu;FBeh#Ov{G+Alp;B$yHL>e=`%S}4#Kmo zQ(c7a)1S%b;u)-qNA{llJ=AU|AGbcRSA+hm86`*Qq=As_IX`)i(UAK`uk}q_?`3np zv=njMgLbOKWO3|t>O%hHTAre-f*uX2r^r)B``;^{^&WE0^u{iK7un3^{&}pAUjC-f zucaFgKX@0rELb+^SYA#UTnk_>{v>MAQB>hxdzVY;UT)XQowISC6VjFJ<-Z!^J)Bfo z+fVlyYH}#1Y`TBZ&)+}u+4cMIVI70U6usi}!T0Y{u1*y^I1?D^TjOQ8g`;%OkDcs< zm!5OmH$7aVGMhKwRp)z}KUdxt;q|Q7_41%xgaXyZ?=^{3qmnDtW##6QnRj$F$dXoF$$jm*udL+0`Y}ZQWissc=4$(o z3$Lpk)Wem#JAEThU0-;fK)9eWbx2}V_-rlna!lYU>boqNg;YtBaSIb3&m+iv^;4&& zw4TZY_N#qa{qpprF&)h}=12xMJuO3e>tdDIle84}B?Cc}x!#`dm~Yd3o-gw(9*qqQ zoH22Eez1t?G5xpGQo)lC87RqQto68fp1fpdi5+5kJiH~jTZ?V4wFqx{b}8LQ8!mr3 zQ{BcO!5lUMtBb+G3wAs82*=g5-`urO5f$bq_ob8NA0xT!e$3k-3$w1$>^r23r#;?VJb&*wSyAP*BzM-MHfqj3->ELdu7YMn(n~-$w_&XN@wAIh()v>e4btYG2q9 zQ!5wK7g-rK*2TdZJRxSf(=MLu`&KP^a{4bG-;7cX(vOeYxnuXlulZDULSRrHz0cJ& z;nH96JVpYJj%O9`OTpS?yL8FBB)$9bzwJqUt1X6}8Bwj|vM1HlkjOgS(OI+LSy{h1 zS3E6m+BuX|D^kX@y)I}o;nRDi9YeIYT+dgze04L{SAU_F%G@LdW~ zaphbLYgFUs5zf+CW{`K*fAfHrz+~pfBtva;ubR$u%S|#um9&g+LArz7xt(r=v;{Xp z;2_%Ep~H05iQK#_`9%-UYg?SYKV2W*)l&82bM(yn?kDFDcoVL#J`j-l$QqTgZL*9@ zp5*oRt!H-`WQcJe_~N|pcP=TRH2Gbc_>0d!s|%+5m6=4WYL$$Q#5ng7Ds`jy^b+0b zOkc#)C2p&*req}aK6RzwonK13CZ!{PTH1+yLcxU)=+tX*{%NOZfJM0Mp2IwXY-aac zisYP!<)}Oy;|0jMtTsP)TwpZwK7*H->|wyEh8VHrrZsW=@x~D;$wMGe;{QBowt* z!Dw0Gz^TalxjbV}t_1Zl^AhN+?>`Y>edo z^j<~|b(+p8aTBKJx`{hj?iY9r8~FSE6dBBIEo^PQ!gBkRvvf zi#4&AsZI(&7qKyj)Qo=D8rRhQ^JP3fB)9n~4s4=?+e`eU?< zq>Xh~)F)%n6TjnZh7D9M$bA+(r)@}M(nydIdT#&lP9(qIH;yJ60&5L*Lsp;m$(d4< z;p}}yrdrvOZ@orRhXd|r?AO>9QyIi1*Q2>@2jROL*{v(X@=71ZuYK4>61tV3ySzSD zb#ncodFa@dt#q=!zYje;A66sv=GOl2E=GBIG1qy^-tga;SbTGP+vlTZKTbQQuK)TV zaXHS0QJ&0qknMFj=Lc<-yl;VIgt%c*v1i9ZCtsWHbNp*;*YHjiUn?8m%M^r8&-GiZ zZbLI6BYC0MUI`;EsZ>Te({hnNx*59`9B;th87!xHysD|ru*Ru5D zMvOr=$oi8{!~2f$IQGBW(J^NVZudk;V78Yh(ZaN%hIvgpw@re2ER$6m*KLUvi z)54SRb7}LtwAQE3HtQc0N;E!1c%oddbs)e$^**!Y&pMy%3+wx=Vm2du);+7cy;L9Y z=FlG6F<`2TfFxm;>NA0- znigNC9L#7qczld@%W2XULszZ2MfcP#ef19N2fr{&9Hceto?2i#elc6l($?mg2??pP z&$WkivQAnWWHzreuUE2USCSGQ=X_$1KCp1tP|8PU=N)5XX}1agBSr<6PH~rJ2mG!o z-9PlSsrE$Or|Act?|D@A@ly2yE#w5vm=_i&=Fg?)JTDjLZJz&ix{BO4xj{!^?4Vk%t zjJJR5;gQJv*s)+2z5XF!l*f$ZnP;)NAr-Ud0jYLs!sXG3Koiwt;z=TLKbh{u((R^C zx8_i$u}UDcau2991k$v3eBEv*&HPt4eIn1hWAC;tE}pvcX6Q@Mw`dhvn-B5P79_s( zmm{bdmsm4O7KWA?ntLP;tZvR$4Vc_#YCF8qut>94m$J=S?73}fd?|;&@P<~|Z#=9x zZI^obH6N%^ix6cOAt={Mel^Bz{7NnT}gvIEkjPKh*O42P9u{Uz45<0eX zk?h%H!xG@nAs2c5x=fC_a)(`%Guz9ZW0wu7B$s<76@u(#xa>*I5o2{Vor`=? z(+X_^jpbG~x89lxcK+JZmevv2_SyTU%GbL;()j1ns0g!h?v7^?r!#r;9K}TJK5X;N zk^t}Ht;5@&!V{`ZEKj>6KhKyIP4k_&kw{7q6?jx8pxRaN&ab!XB7C1c%STZp#GkXx z+s}&dEc51t*GcI&{e{^J9#mxq)5PtGd;fcVLv07+N^N|o&&CXGxWJAeHMYZp)P&{r z8>?AW^{rFEn#;LP0pme~%a!9j>ylzzHm{X_T98sPQss#?vqo7sa4L-*RJm~DvjVL! z_1L?;(vQB0*EOGKImVei+o>ioS9$rzIl_m5u$H?PM!8w_0tDZY=UZey{IEL~gx@=I zfSWa&<1zjAeS$oGsB(5#c1_wSPOCpNaG)lz%Y6J1Y8xH*gl?_#)`{Q`ga6yLk0m_9U;%V4s)#T%2Q*>=;He96vqES~M6tgD+9zWjDqTt*^A(PT~A1mUGc zHKS49QSXp>YCj=r!Cw;$9M65?U+{UzPsY(#?BtL*kc%-!v@L-&v!#wU%evE9D|Hxj z7x#&rP&C`yK*7yOHFWOKiSDniu`d@2^HU5d37Oq?@nUA5M3#-?!@gecp8EKsUgZ(| z&csG^ZdYdPIYw|&4OuAVGgYpX8BTH~lWmMUEf$@^!~IUcYg#op(ATO$WZ3A2)8r%j z6N1I`gv6xjwl=lg+_vRUC)#v_f44t4-6MNDf4}bIzNe8@%NLw;JG|bqc$YWlx-Xj$ zn2u#s4QgchL#+Rj{psGi$7!PP8Cx2(85hn}(VE3bC~KVF5Er|UbFAn{eAV3_F>?!Z zN&yy8!=_2n-c#w{<>Fg5KQ+u9+Cf=v)#mK{?)B_}ZO!v5q^tqL7JRDOS5Kex-W0>ipwCc zF066B-gA(({#?jDDNf5~JD%p1nTbbYhTDI|)axC1c9i=T)8o-Cj8w`s-%tDQiB6@f z_Ptgv$S+}g2lm@z%f*J9zsRcG3v&1IiEFQ}M3bI4beI0oVp)R)7V*o=AG7yte^-0f zRE7HJ(SrxJnHgnVU(vqWE4(q8z*g>LH=5r6OPAcn?dg4ckG3i)-DAs3wif4^rOoPp zUDqnHU&wyeGVsK9TVYn&@SQtM{Lx91H`g1!ZZ~%O?OGi$GTm@^b(v?%V%=jpk!SNo z#-SP}!i__MD?Um+(WYxZ5|f9trfQC|c7ES?w86ntFQoFQYl~RYw#r|fpHghwME8nW z|Mgt_PD|C{y$^Y7-=Fb$Wq!&nv1Q!2e8h}v|4sT`O&!-;mhPv{ZEv|?WIq|JdhGL$ zDV8&|ifktiO0phB4A(EY5&4Ys>PO>~uZ+hwCEa=sEI1RsiMWL3vXj=hd0d>5w-XrH z2zZ+FtLbM@Rg{#lSLKVrSI%9fSteE#<3)H4bN@ESVZjAHPZcm?ZM` zj%SL|uB(wGUp7jrVjavz%Tpt%g4bn3WNxULN~Q9M&h^b*+ZTR)^!53G0eu~vDrd{j zN_Jk_vm-N<16$u0T^qOG=XH85Ifb+4*Y6GGk4qKbYmOvx_P?-?&*qadT3WTc#uPSi zK$-4Uk~~khUEgNYD%-Vq@ofaRzTn$1G~*4P>}P7*7?r+X}y^r21Y5R|6NFL95 z`CL`I{fE}arcj1cxx!B@h3zg%AAj>siThNp85sxnhd44sDIlz#q=k6(MF7_Us!*fyW}-KfO)m?F?5WIXl> z{noledWrGg-dP9_)hfe2J z=f061+(>Lc&_}N>l*8WHs_|83BVpv-7RLM%gJr4BoKZQIPp{@4>3x7z=dwLEd$H2SAnShBa<1!!sI8Yp@$>c{;d3_%zWQv4hL4{(RWwmvcRb>yl_}}T zOtEs6hM*L}cM37;lDBs)F1<})2-{+D0TXI^!(1EPJObRqOzdw2Nj$e<%(w3K-B-4~ zYmXVfnUSfGsCUS{T29_>8?Vq{2X=qT)ld2#R0D6EQk1aiCrfe0h@QC@#|swEJ)O;z z-6&n{Z}+fte{GOy%fYyC%T#CoS1u*dvCCo?jOQ}Gi#Obs+RY(8##P5EaQ5ANqCC|~ z#jIjZ+5T_N6Vde!x6*p$!%z2U84vLKzp*$Q%(`RQ*yl#lM(?DkhC7(Hkidb|G~-fs zFt}hhyL@3;Q4eP+<6o`JZ3tT%R+XNnRo3|gprQ?>#5E{x@w1V^Dutl zJh8`-FZjpaR@95);~Qw}cvBM^L(RGN$BphWdU2qX@w>RBSS^`RB>UMX(+V`wdlR;i zE{ZJ{UN&;Qv*-H}ex7Jn2f3IlL2qu|qEo*urP@TPdXL{a7zmpn~%ho9T{1slYPmqG?rHL zUUgM6)k*oXkg5|61s>EbQ>xXA3BG5KoaNgwU&{C*Q&5d;U((~&PT#ieaz!?%58fo(_e*8^*>~j8rzCE#mPo@Q8Ka6X39`4rV(YL3~`ubM-?ccYK z$gAz%Rqb$#^`^UCQH{Ut&PFBv!@0Ublb0Vy@~aI{w$YgiAGW_mN+>s1yM2Rji|)2= zqbbS4&bxQMze*o^1S}X(mhL@y{twh+Q6ht$mvmL~pb-?aPWHpT_KhL2ew^K!=1jh6HJp28c&nx0djBYW? zOXHAk(@Kg6HqmWVz}uy$p2~|p;2ph3mO_{RWsLd7&w<%TbYGWy@g}kQT`+f$eoTL& zt?}iPNdCuZvky;1)9qb2(h!u#RWov~TPy-^(ol1BXX4Z8pj)P9dU5p1)MN7R-{hU- z5a&5q%2+xy8K=`6PeG_T$4vOXqB9jE#c}9NLiG<(NGA@I!`{m2bLq^@0ss0+{lnH!u@^Ez51Jxc`id=pkhmi3kO2nX^P6Fw>m%YFA zjyd_(J%M z`Cpd`9G<>pC*zTalrH^O!T+bSGmnOH|KqssuVpGfDYS?p%O%F1 zP)svXWT|P9U74{jow5(9TW)^VRy(7nO$up5WVxxd*vTDCsC0?ps%%YJe(y*3oZsI+ z$6s^idFJ_kpU-!B&Us$1x5243!Bz~0NPo%)u5Fcnzgo0-<@M{ib^GIk%`E>lxZq65 zjN)NI@SAmNK4r61a=T6KelnTol+mEro?_bEDZ$S#VW#O8sCvrEDKIEaT}?>}%R)1l zMW5SmwN9n_i@o8ka@O5&)uHbM(^pjXa&?=}Y{gE|y7&~q-z?pC`N{QkkC@+&mgSiJ zLe3WR-=6AdHFA0eWLwJzF0A~wC@ed zMvYtA?aQbzvJPIE`0uOU85zyR_9^A3z3O+*e;2Pc$}wDgzBxyqOJPYb3$msNdUiM; z(d)ks8@ADd68$F!vR&him2#JJ)N;&n=@FjM9F@H50+y5qkH0C-$Ce+@I-De&S7&on zcBUo@GtO0xo4~w~C*@pNGt6={r8gMe=0u5U=d=V*Ry+t%T}f*Sj~hB|WN&>U-K(r- z_}+_nmtQoJ8y#rn34y9Z1Cv>MR~a=0QoGM8WQ=oY1v=H zS}gxidZTJ-o_buvY(^$Y;;Gh`5}QD$b-&HQN!nzjH+GnP@ zAl2$uvb=Mxq0~fRys*{HEJkMgsEkVx^>9&azHVm21NE3t(+E#wji0tTblFMSp-^jE z-xp5mY0EphDHk;QoZ`P5K8sYZd;K8jB&DIIJtx#elXLZMnyTYU2?+!~sjrS#v{=hH zXZYjrh)SH#n(UkS@oC;NZkwzoYw4qBM$StIb)u+rN{n{8eM+*sp?0m&ov9)KDwa0C z4@LTD-GCBNU?g&(HfLegxH!#pg?vNPIh*v3^0XUi(2fIV$!t)r)2V!QJvZsP0#7kD zHZV_X+jHU)L*A(FL0_=VX5PA)SX}bcchp+D@bp?s_uz-zf&vY3Qf}TJl6I0n$)x=K znnU8WwG8V0^oCb3*yDA34UNW*`mM&Qkk? z{s!40vBHEEqEC+`gtJo>EmGX=Q_SdkH7=~00|%G1X!~BOd#0JIwe8z{%Xv?TDxk&@ zH%DX#sU^7Epxj4+v8g!pl!=H|$?B~i3>w!KonwzkwqFbCK;w=VNO`=NznChcC|pb< zH#f(z-cw7A`E5?@Ye&f-V=tp_@Qw{#*8ask6kPSyn&Edug?2eF(M0_SB_~{0jr|_n z!LVowj2kjF@(goshJ==*mgB7h4I_`4Y?^V@7zUS(hly?J2%SA*YA zjPR$PuW{8gfpj_?G+FHcM7!{VWHpugyDk@jEXx`Y0sRUpFJ=QvMVu6!Is?e^(&fw6 z%5Bb}-BRq?E?*+AE|${)1PW5h#dR zczBt1kvE@6h61*};@IQTTAb17N0BItlH+$1M25&`!}x`x-X`6H7s zZI%>2x+nx}O@Zw->c&K(w%bm)_&<4M_38>-g2Z zy^~w?&+j8{Nbogd1e0y;2~&_aWTD!U&6!i1&-sSQ~!0S*TpawGp zYTY=n--`C1-qF1l7G)EEI>HX!i$qw9OZWnnq|K=XM@!f$KzEVJ0n8`}djL2YA$>$8 z4q9l!F@ERHI-rckQ*YZ|yZqZX#PXyG;a^a;$%3Z06l@D*lVa;{aLU>HIASz zk(;gO51t&ZC!kNzu*%BcfR~JL7ziWzlMmsgre0Dk0$!{=(}!Avf!%S>$2!ewKWR&X%D|n3^GcL1(?LN|8p>?#66LGZDxMd57n$kfy;?Q%vsmafY|XHx4Z!uzkc~rg-os- z%DZcqGV{E*9^;PLoFoSJQ+i>yl??rOef0IV{4CZsdsv-M*YEq}iqcJa?B^(Y;W z{gsW&e&CS*KEXR91gIuLLFUS9Q<~GTlK{xOohn{XK9q+cknga$&x+Zeb8I5=He7@~eOJAxfCK4?!@-BS#-VFzfkM}ym*c9JA&<>y%pz6=I0Z7!bS?g0OM9m8^X76Q31?h70@;?dRcR5i{<$Z#xRk~$GNeHzw)+0Vs1Bh z2FdmPFYl4-bip0OZaBa*&5F-8KtASXr>X%c+tIH;iCucdJS1ciuGDOs+ZSJgKTBA# zs{+9$2^9FK-6Fk=bt#bJ(dRqKf4U6uG?*5PubA7|G~%G{fGPX*r4T*bDG(qX^ZfR& zFN1l`5UB^4(vh#QSw#gzSFIoTxBz`!GP!3pT02*M6Y!e4iVA787J8B*^-MOqr#4x? zFge6^ei@1?s;Qx|2SA7>QW$P-;xsH319KzW5Qc^3%<>GkSPS^2qv#13K1!jCgvQW{ zy**uTk_Ojt7NUlc1`anJ5u8VYa_}#MzcD?ksjAwS2dOrVffdB;>CA)L#Q@A5;AnWN z^`^yQ3Iwo;fKi0NVGi*C*tsMQ=6fnvc*Dt#i1yTrjaWDW$_H=ZkO=|r#j|G>h|MM| zts*Ui#uf<|QJ8-bbo7#`lii*(3K{bnGuUSmK^p>DERiGCI?%4|!~8BA`u1qOLfr`{ z`MiglLXqUFaF|Svvh7Da{p>KeNjis!ze4wx79Y;s@XVuBPjcDBaAzRUH=$67Hd^i7 zTRl?3?|SsVvQNPX8?juw~TYpDjD$#pY1bO>@} z2DkH`tpIv30HmAZIA4;+W@mnYk9|Eh4Fw1M9DKMBzjD(GZ$9U*{cX$RpItDHjZGHf zBNZ*6hsSz^ogk&xc|dYZzO_FFZ6kI=4J;6?lpn)fl-0w~U5(ZtmjU@Bk|L3^F=Ds~ z)pF{`Na;xC-T3Iq0phVmWk^R#bn&T)yRMbUv4l;<5t$hXb%LU~rzgGK?o$NB^EkEh zEewDjn7@C`i97+n3d}$&jK`Z{3hCN*V9j!54-hAd8~X0Whj;>q{NMYx`Ge=5wCIxU b6Eml-?xu9~U)ilhP)8PKHl_u%BWL~#row@h literal 0 HcmV?d00001 diff --git a/docs/kong_oidc_pass_flow.png b/docs/kong_oidc_pass_flow.png deleted file mode 100644 index c0802d01713bf79325c1c8c03f799589b9360247..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 118919 zcmd43c{tT=`#!pqSSqYC6*3kjq0IA`BvWWYgpwq)j3HJbNhKjuQXwHp=447Thh&}; zGAESS=jwgG$M3t3WAA_WvDf=NJ-y4a*5`BI_jO(8b)M(7LJjne&~IknOdt^Gk7{Wc z5(pbx@NW)r1D?6|Jl7BZp|Lu4M1!zS`QPKx)JOt>hj3Iw)z~xsNAE>X<`aL!W^=FQ zUTc*nX@~p_7W!QLgvLPbGnt1N7(!pky^WgdxCXTbwd$tB)X!>zv`8$%B;uY2DjVo{ zpZ*Z&_K97pER6T)dD#0(ve2K~WlHaPylk=0x5Pj3vB}%0ujAt>4=Qy=cdGyV)pmsE z8_mDJ^1S;0>~Gm-1x|y*5y}ki`zDfGY|kG$W7O@Ircrfj1A!z!xe9V|7@O$3m2Yv+ zo;^!G@Zr}~w}tokvto~#n{RiB^cH)F%F7qOe(mz}drNF=tVyPnf^??A-ie8cz>{xP zwv1&{6L@-5>gfqY57E+}pS$udo4&PQsTXhZ{ndGK&z?QJ`)E{2MBZ>sru&&b50jGo zmuCl){C6%=0U0(N8zyJC*Jw3gQlbPO&6M0v66*oe$JtrruhzM zi?2>i_ZBDludRf0NdKDd{nK)Un}wOV{*h$eIk5*(QP&n4q$34%Z-s^Z`7={CRv+7% ztRAczC)GK1b?iifoV#6Li5Gr8@g*~^)BcyuBrf`|b%f%VCx^pU7RF}!%Pi83Z|vHIvglkUrmCF15`M}}GLr(Ob*r&|;_{|%)^1w}- zZv@I6d@QN|S6jyM;{`7QL6^0vhakbi9)7dhYH^}{OBuGi=FYCm-ER*t96TfZC06|6 z29p48zh&Ni`$E|}=2uo1Cp(7M6P2z#YOom|=VZ88L8d$QQ20{k>roEJlEGJrH@2|x zkr}v^eEu^_3&LUaE8USqq+25M>*Y!<$AIH){iIk)cv7wB+U!b$80t*Vyi zhMg_HyZy$F3A1idB}FK&$*6tDp`icjQDPISp{A&4Yd9-*yN1i>cKqjJ564iAp&H#E zJ%voXKc|al3252W+XhWwUXK^%RmTGxY!tbvd1;Y;l9B?KW8K38r?SitrUy*k#K?PO8SK>{rW*_8oc5jRD|MgzqWJe` zD;D|6`!7o~{mPaV)Nu_0B%;#V@-ViTm6=)i^s94oL)AJ0u2|&1f0j;Vv~x0~TG!mM zm--Xu_)e9WX`0{Yb;2%>otJsnuHF|XG9m@__2Q(iG$kswKG&7^oIU66z9>Ia!oNM# z@9$zqeSLjjsSme|)8kjKn(guq#V$&F#3Vj#8H3ZSnPju&tnj56FI2D?)hK*V-G47IcTll6c5Nh?jt>-A#`VPRnhSnD3E2Bk?xkY1Z)cE7!{Fn(-0x#(jy z_3x!4Ke7}MHKo`7{Cab#)hRY3Bcp8X_hfkxt;dhAEp?Bm2^y~qX#Wxdcw(g;xzude z*Z#VGtG5)}K}^1V`?jLbudnt}fjn8}rCnKP^JancN>g?3>yR&CMNh zI~6)ogQCs7Lw|?HD|mg5+g1KtH%?PT#_fCaty`NF{vsblYd;$)d!3u>F1M?&4R8Nv zX+}S#<>OA26b{DL(w}%uMwjXZqM9|&nw7+^PmP=@2pgd?~oIbL)r@-0z z>eZ_eT#B3yv1%zTAHq3~d{Jn5ELu1=!B@6@M_+Sw7+Y@?ZJFozv*_8?T$=_pq9V>m zU&n3&kBe$Oy^7H`4vu47Yq2`t?(aD!!A`%@Ki-OjhA1|5EIo1hbWB`aolWkF?^;Io zyIX5hI2P~2R+q}w_oUqFu<$Q^@}$Bpuc+r|nCQC@l1Zs|UggjIr?Pm+zZWNu=?@@J=o*H#yr=mKqf zix&AK6x2vnw|9!CEjr=AlMPU~W=*5pU1s_enA}BQvA0F)d+}c{o zz0-GY=y1sc4L+~=TET58nFaEU#k_Y$*s8XH^n-+isVs#80?yAKB39-3vuC{IcgsUtW-f0hkP3kq z9v?06S`gTIHoN4f(JylW4^xgr7zzqSeNwvin}__?v0qQGC-)+w z+IQS8*RM@A{wT_PsQ@xmw01Ji-#L4HhJ(5Nc!r-MKhZG>;KbT=WSvD~^1RvB*7o*F z_jc-oC`{yL1nQid!d;K{7bm!0Z0Z-W`Sf6)XF;LswIb`B(_3kR%FoU2`|x+Rl5y_j zTZdjdskk|d! zrj^ptQ{;ZR@+Lh}pqH1|v{38W!-Fy$Nl};bx^k>*9B{Bv&BmINM1_Slh{xqQL;M}u z#4mheu2>TFDs4aPwwMyK6FhHL{)rl@!{8(gfW=^)Isx z(*15RgZNW}n0Y3brmWO!!3Kwkq?VqZPE1~2UjFn++t+mzNpm~(^{s5uziX|Lot%X24H84-ozGSy#J z_WJc_uPb%YqDP3OvlUyYReMT(mQo^=wDt5p$h+gjD<$ctw)Xq|xneQHmSb5-!&zTg z_a*iDbA&n5`qL?&rRh?~{&(0K9`gPB_h(~vdbC?f#a)sxQB&K%H8^aRw01*O{4k{& z-Qgkn@<%7gdmtY^(oA7tVTpS10NLgGs*>>8qBe*8;R}~9UyeRt`lZCnl}rjM-yvzo zyvE$4yTmp9xWIp1$^A+3C%03_Jvmz%6XX**)(6Trk_{%mWTrFKJ`(g@zu#eccH~rr zrTX-zpr*Y_DP#)mVehR5|2tk&r?v+wD#g3rXv%w2Vp5T5OTQlN+5T+V-)B ze;9P4Vc`6ldr_YuIEdtp^5N{bjPo^X4`5t#iYm*Zj4NAEK!9dxvDH?>W4sA#xUs3y zDrful?M?#~=fuqY|GFP~pP=loT#go&5eN_)ns^o~O=g*_;J zEKS47Cipasylx;w7~xF??rjHV zfiRFnD_CM8BXiv+PiC|i0qJqt+MGY%_T@`a-1N2dM4S0{W-sWU=MP?pRQODVVa>TJ_3YwROSn<@fv=F(^eZs>7rr$Vkobp$NMMUmYTZOYrPT=-O6u4eoSX*5IaCbhH#PuSJ zN+_J_*tR@*@#2$J z&g_b>ueX%<&+n;;-kWKkqgg1e8&5n!B`f1T!5r7HHWo7sS;f@Mlb1I>1lqH;v>e0*u@{LG-k9moKo|BpRc6N43Ks%Ei+5F^>M@*zHSQ;K^cqFM#WMO3; z;?R>;LAcCi&XvS7l;r!b`$cJw&TpV0sPJp@6ZzUM5C|HHuU{YX-4cd!z{bLIDbM7F z+O`R`8|E>_$Nc>K06XNa{_q_C{A|E+m#36%^W)Z3eKt0>i|5aii-ZXQ1IZoATL=W1 zOJ81g9^t-LHMX!YKR?}HrhNY6U4!Vo!sMfQZj)c8Pz9eVsca*MqMfAdqu0VWlGDcK zHkCvULbFpxwuS#(H5+o7|L^hCr%#_6unC%}; zBM?+(?K@vTLtn5<{_0kDRRTeE6PD!PPawYAzRM}u!$s0QCX zpb3%v`!j&R&zw0k)s<&`Xwa6Zvb((O8s4UL{HJ%RT5|KaTfrs+^wkNCwi4{&nyBk} zCX(#*s-!lXa)oW(gi9`%cLqZA*8+MXO7CA=5wLLRDv*ZY%;;y%qW}`W|Y3$fD zLr%r8YODDh8hqtPv~giJxz7yu6|(qp=5^Z3NT7oQGA%0l4JZnXv;V+>D6QQon&Bp| z&mTQ`@?o8eN#++IK@pQTA$m*dW3RB7wh}Uj3^LkHGLhG@o;TF4TTJ58%^eTLy2&MU z+JCXjV-4GsBs(BE>!~omg$X4WMf$;mHe5frj1Se-ioSHJBUq*j7cMl!NiWrTNXC5J z@yK^DApTB}`XS#@CmCNQ3%+|q>J3~Gf+XVZ?Q{_}!!Cu#j~_P^Vaq3kY?rnwsD7XA zZ03-2diJRN+IV`q9nx=PEs_cz=oHlU%E=W`xE6Hf{qOz)Dt|^ZG~@54RMm6h#EGLv zkLn1B%gV|sDk{p#o)L=DJaPn!G%>@?tC7-z&r{P%H}0Cc`phttL%u{D8*=!%IP2Bo zU7}(8^@O7C`+F%QVm(;|qqJo?86s-biTjv0mxOfMiy+4K@0a(OHoJ7`(uE6q$h{y@ z0=iF-?`rJ^{Zb_xRaI5ByzFV`vPVkltocFF8_GMh3fr zx{L#)o~V}me%o8kl=871ZIxN4g;`hCg`$So6u20ZWM$T?j}3;z`<}(39zX6p-BSqG z=A^OlZUKSc`L|T4)3dVlKo_|bqH5xS*uVpSDeyw~S-y{^k#Bh5t8C2Go#v5cTR3Uu zDpS9lchcHyA{b?!o&DlP5#lNDat8&VVhfO1GmKvVM2h~~037B_lf2(6V@WKV4+GYo zI1xp;QgMefA7!1%;iT=M8e3^7m--YZcRP{VOyrc#^~pOrr|w?S-k8>I2f6~J%gIa= zNl&nNB#BL%HuV;{*EKa|r>B?GMFE(ChQfJ>uFH7w0=fOCw_@T>>14xn$+=1h_49}JMQQg~XBejI2r%h2 zuy3Ua*Hq66esul$^Cz__0*gFCQQFSO)iV&4M$dK56gVX>lsWXj>qQ6K)6+9FG=!p% z+j*PxE%uu|*8iUVi@ts|R%RBN}G*h-QYQFy~ zUa+K@-4VIV=zD+Wb@iV=nt7;YZ~A%4`~b3WK&qEs`18tI<^`9G)4ArxNZ%WOh_lBs5$GI%&YAP=QN-_jcz(GfpM6o5vZG+8BDYS`hI7LecAndzrza zjed$!6}hhuoQVd(vA1Z`K@X$nEw;82T_5l9r&}MRkSdyLBGGlD^N${}E8N+Vq#Wr# z_w{V_S-a(1#Gg$>df!9byLKhqzaLn9dG@1-g2MHh;d@8hwe0CjP&hA1uuG2rh;=+D z9bHG?9l*g`bxy3nENe-gkw8cu)lJ!-p?lzT7Ng=6UeOux4vDV zB#8$UIK|qY5r~wF?5Xb2es+jY>3K}dj*!AQnQ+aG2R+2-r~?D4dccXVT010NY1esQrT#yIEa75J^w!4+gnMduIY&+4 zU38-(^sjbleDZVa=n&#PZE>V6}S?i}dXQPVDhTdh8w+O-Z3A|Dd6g04g}z!wJIxgIf<~>{3)yTc@rT=ZpK4^@S|+ z@IuMZxU04EO*1nPh6iKZ?T|`twU6h-R1%9rgR;bF0iM5ts~z|g#(@f%rK*PMMoeU-PczK=)TkPsMK)FELW6szJ6Z|LMQJis!-G_yg`LcZi9`higZhf*Ftx`BWO2y)HeV1we`O<{zz~eimC^`_ZBaqfd4H} zduBK;($p~O!asDoy7Izf+#)f^TjJ>q?gBg@ z=q3l?&zOVOU=t@S({J6nMa#(LnY)&8DqCr(#}#@-YSO1kmROyu>uc9;s14S*d+#va zzE9sTfN}r~4%k9pKq!37zi#`o!rA^PF!{S{f7su?)Tf9*8YGeE%ZFmQ{1i`Ro1cAk zu6%W6AvZTS$?IF}KBMP9!BnGQAdeGy*~7m)I~IM)+-ncIFHj1|?Ba0^5I#QD);eqT ze;XU~nCVMEL-zc6*6EyzI9)bo<{y2fs9t?7EiFufdOi7$N!3MIZWAng6t|1SMCH1SY)I-$xmc%go(-{1)4Yx&(RrTu&b&1!0o$+=221OzZ7XrPHm<(A;CcEbRp}|-7RUz9Dis&~r zu3r6x-uQ}CH(Jmn?}>D@e$C@Q$z(E`te+#bkzgq1&BPFfHn~TzIp9nA$iP9lV3u$K z%?q3?#~KsN-wuMQg#5*SgG|GC{rgucbcu3p=*Q4_=jNmYE%&y?$!%JuS1f z=%z6r+0WlV31~liZBgd8JOzCLmDR-1@R0jN+u<-)+;?MKl*Epzp7(Vz-E{^Hd&ZV^ zGuqAH`F2`LSqw{;b(eVMYVCdmVga(5t^iYTJHi|S@t)qHS z5`{!XmtMWNnCNALlRVOmqW9*_8*r|Zpue|ozTr~Hsh{6T;jolFXCF)Z+^>Jh4pKV6^ykstj zw@6<@^Tj<&fq{Y0tC*$E-{?3XA;nfk#Xj8*Y@*Mifef1I@Sp4ZkyW9ojak1$$)>hwB(i5S5>{P z!sGd~<%lx4$3#URaBL*%Iizzw@~2#<0McndoCOWLmHxf@tA_UWoQVmmmp+`eG{N9|*&{|3key$TQ)f{z>JB;t0ot+U(vOd3lkm;C~eb=ziUPD!M0+E-*cFf9& zo-IPIou8jK7HThYpCkr0+e+Xz--l&el&wLw60mkF<5bd1QaV5)_WbpLSa!C^ZSJ`g zy0{Mfvs2tgEVjO_&6rcidJCI~Tj30cw8M|K^j6$Al6G|6RA;VW;yNTn#I{}Q^M=4p zTcBu3n~u2@p6A^7=s5`MY?HhfeVqzqJC{N;9ug0k>)OwjmoHy}bQNOW96i^KQj{*+ z6CWR+4J8iL6xyj##^zD|cEk?1QVDiGTGZn0X^_WmJEa{s&j=No`9W|A{<74=b%vZUt8+E$A1Kz^plhn@CIcJ z+$etFPp>ZZgWUCA77g_dCU4`{1kLRD>l#`{G-kEu9pH69ij!b(IDe?Oz?q+ymse5o z8i+Jd=!HN)C}DX&!GOBV?Nu8YUZPJu@usRkHrDHKYCa7gI-G@^k&9KIB_`CbI2Y z)QT;v!ZA`;*n=xqz|#VeK?U{s`TaU+$fXb~x=T$f*`Q5+Anuc09$=BE#k-zAhmm&3 zWVK|?lyna%7$-(Qu_)}`rVnEPZlo903%l@fE*gpPh@IVwu@iZA?RH2?BlOifzQZM5g6cx*lL9yG&8@lRT8K{O@k`A?*$ zUWM*^?tMT$bQ}DbmVr}+h$f4Vj3sefU7iEK1nk;vFLm+a#hMQvK8?(1=OoJYl;xNL3c>nq_?$Xg1FDvfYr$BDTkpn>QPd5@2h%B^ge*x>o6@2Ph>l&50UINif)yL_XW6_-m1LLa4fqDg zhZ`9k9R+0MkaOFsNt{UD?43zPh=1kDzma^XwSzATts3Xkk*!g;oq@+7w zG!n>n;2vZOXXiO+?SReW*_Ace|60{ujZVyJ3|BpXWn}-w9SmW|h{=$vOobnMFI^j| z3Pp}H$z*MM`0(LdWNP4Bki`Wj* zMj%T2l0?@;dj{zDuD4g@T}HGjbXRY(feOk#aM|QcLCBlQKnF-l+1VX^8MP#e|ORXQ`WStvn zc&lu3vB(8ir%dKUP_2*#FG)NCr-A&iMYLoVnFdB55_OJk3!euan_NO4#B-!1L-kr< zC;;l3ni~0f(CYZqf!F6yx$bK}6XCEMlj^a_EuH_gUnX@AYZwr+C-m+4vSZOApmTBi zvhI8I73Qk2w+NBO;knboC$C|qXAL&ovF*r>;<~R!5p!sW+>U5$YhjT&cpAoZ#+9~4Dl3iIVzR|tc_zJ zpdfW}`jJ7ChU*HAT6yVzji)9Vnz~BGm0oP(iq&}-6SE9)cnp98 z;k)_9P<^a81Sbyc5)3S*7Ax4I($yDK1QnTObU|~EKYYwXxkAn;+Pe7Tst@voO8zv0 z1f2;Q>Ya?@AsSCgN=kx79Mu8V)OK%g_Yn_9W1#iy^8hm)ITIjIKT%=D@{5?){0Mw( za{3-S%L+|H7aaS0_1!_)GM*XmM!qTiGhK`W`oa=cjvi#SnXx5H1!=W3WJ@+tb4Zpi z^^YAN9T};QIhgY5l|ixrY*Py7h`c`m#qspdiT1E~@q-6*fLw<^gfIAwf+FPSPbt5! z5r!tFPz}!=4kIQ7PQ35*@qdiZnXK(+~f`Qw+v~R(v6(<|?2D^E4umM_RBs}ln zR7fozOKh~dv=KE6^DDa3FnvY0_EtNJ$gclVTs4Nr?yuOUtPc3CXz1C=*aUhbGqWG9 zx=Yu>3M22|=X%#-nR6QT$T{XK>YRn&$|!PIR8-Wm8k6r}i2jI+7pfumYflQTY?br% zoY;Wsbx12u=j#R`Fx@n*M|X4`6zoevOBmbPj>|p22-q~HsnPm(&wEr-n3tC%wSE@^d->Px1yAVC0XL9b zX@j#f^P3KO$n?8#iyYoS(BKRytW+(vKK4NSf=p^W^8WxguKdyaZ-tfq3jbjUHw+h6 zQo+r)V=I?UT2|Hv56dm4czd0_%oTrk2X372p?nq}9bOUFkSuc8=+q2T?qxeWC?0_) z6KUYn#QK2PPChlGe&TwW*6#by8O%ODMk+a_7!3 z-!8%DC3Ya)er|oPmw!(Pe^Pgf58!$gSY{ z_+&J25t$Xe#jH_%4Zjo#AWQ%VwL4Z|xS_-a2}KJ4b^1|emQ z;~U%hji3h)9-s~KiQ!#c=m9VS3z;mkiC7Be07&L{5wj{u``PF7hj17Y^e#%pfeUK4 zJCSY-MLD$k)w3|a5U8GR zoG9-h0tFe6d*8lv&@e!hNP|$ov1-Ds&^}@NJDE`%wmN$qo}K~q$L85cZ0_#v5bLnC zkQ4Jq2p4irbHcc=z{nY5J>mv+`om9M17tKb13#|HCrm&2({YYMwPv0~Q!DGcTuCdx z%2xKil`fDcnvZ|G&OdbsbOrO~lqXN9H>m39=s+3w_4RdealxO4hW9o2F3pO(x!f@g zUuw`xBc_Y_-LR*N!+MH-AMc!?mx@SYr(fG(t^I6!8H9Q4aoLy2MTU%u0}-c%KM1Zu z4grTj`)PY9Su;5zUlBpQS7_ zk?gFjhqdSB67J}w!fN&w03PcE`Wdy@l)^-;sj2UQ(qNZ2;U*`_q0gRoefA}!ElEk1 zvWHr`Ay)@Cj%;yxQt3tKWivcG*U{cSIyS};{^7+7q2k`gu?66jz9)yb^i1E4(GhSj zxLtk@qK5lA)X0%7tKsNp{j{}jMayr3RAp#tS`5GeXU6#p7j!{>e|=@S*6?&<@pqR$ z@Q2B%5f|CmI~Bo(x9cAnnOXAG0gO%JXZ2A|)c8nOBiA4Xt%O0=MHtuGZ*9AH)uM7S%bz#<1c$_>r^n)j& z=9sRoE|~pe$13x5xlFgIA<}%O<4iLBW(Th82%tVw9_i`#YR^-vn!$FyfB*h-?Q|8r zqjk|x!EalHY4F8=$0A!nsb@?#{xr5QcR5rekef}EM69wp7+g6x=jp4Yyv(@EAGTs} zD7AM@GTK?!hd~CetgOKLv*G$Hkxm^ z6ZSF>`R<7Q$(N!ZzdNPHR%wr0p2>l}z0>n(6&xHCHl@0N<(p=z3B9P0&{fB5>8b)e3t&MG9z3{jADzdiKRINcp@D2gE(6lU>t)To%y3%1uaw!; zvu7Dy>u}kjSTt9|W>-MP7rzmu6YO&4u!4J;W}_aJwM*YtassMvvl!xGYdJklkXkaRa`e$=IaW8??b;_7&vQj{_8k52sen87 zQT8Iuberabue&Y|&z3FwDk*)LU-4CVvukV$|A$K~=!i4f@?>J&=nLZ)V%#~KRh)KX zJYj51P*BiEb{#Y^T=K{MJpd751xP93obF3$x0`#<*h7EAXu05Mxguf5bShu}&>i72 zK__)i*9Fg#t}YY184ff!A^apF7~;7Yy@5SQ^pUl*wHpb#W;Qn8!1r-DEncLio7=Iq zAXu3|kl4^1BTX=7C+zl}EHsGbd!@$d3PGbOq8njHTI2DxC!|Rbw6F@CZ)9-$L>22k zg25%iUATp+daiGxAPQUR#|It%y$pp@#@3lYc)Ts(!Ih0F&!|*De%s~AwLK#W?=Z#k z4OpuF_xGVQI^7+kAp~d=Dr#r~_<0DsLkc(EDLHfs4^XsbC-k4Rg^?xd=Rt76cBS%Hk z-m8gvN?%%by8pdyTD38#ycvpQney8M#1j9mcw?bO8>#uwrA5T+nK!ogq{SokhhDPz z)h8~vt&)_2L!r=&THiMNLbvjxDLD2F-#xIi!J#9=hgFSe4tl&-ZDJ?9KP44MZ()ZM zk3ibVKeWtpq?BRdF7F|Cu6eo z8F86)n#qLZZ9y^JO=&xMeA})kN&;UzGlaMgvyxsa+HI6|s~qsgxErw@@O4#Nl`|oV z9rlA%gexT7ScYAIZFgi9gVXA*2*Z(sJ7|ml8N8nOGhBi&fKVM#D3C>F+i;zbeam}< zpK-NKU9wP(OrqH7TwI3+v$j;H#-9DP;rO3~G&3o-f(GXpEydOk%$pCpyXOV(bPD?^ zCNA;5^2pR;q z9@oEGJ44Ddig>iVZSxHnRQ~=+JNlQ)KwSU4*MPxhf|AmpZwx}o5pbo&_Wxvf6S&t> z&I8Cuu;VA@+0yLcGHq9tDvmxgTy_1Re13Hckks-KHuN~7E{FNHMbxGhT`{^n!$ZZY2agEIGOG2D1SErrVL{^8Is;1`+m zw91KrZDhswo)&o6Lx&FG*fB(}_$o!$v4mAG?}uAw?)3msL0y75qGn`;2_ z&qO*`UeN6#q6@p;So7s?t?3)0Dnq1$e>_&7iKrBl36`m?95^2QIO$U_&vC|R&cfoV znnE(~nAq2r!TLVSuW9P}>6L=hv)5)hHH#;Wt3T@R^beF-WeL>~W<7?)&8UcJv}&t+ zvNp)NIWg5%Ff1N2u*o?sazqE&g<$@qb-e8*A5;QJ_n@0>8so=DFMPVU-}B%ScoWc6 zL2qR(j%TNZgoo2x9`zk1O&kx-mW|hyGy5^rJUm0HRch_pT7hkh`a*I&sw z{WulrACGhA6FDyTSb7*N{A*1pPYEA5a6nmk9b+kPyQf?VOR};W?WH2vCGDU|TrGyJ zdOTU=u`)(`C@&_co%?u~7t>{ZKporE0HYD!7$41Ow}C?uhhya9J>c|Yk(7RFQ6kpg zTuFw~jNmAFTSMy+x4FIG26PprEy=EHeXB5N=?ya+M1vv~|6T-2ezxH%$C;iTB{6X| z!?McjJOA^%kW?H+*--q#ueM3@o5T6B{r{flA+cNZ5dUk&C5ncNI&7WroYwq;VNA+n zL-Jg8czIairVZE87Il65_oNCL*~0F82NjLzH=t3NiEQK0&NhFKijMA{`bBA_2mImu zoA05g{`b!76aVpysGr?T2v{%ooW98vRxK1I^q*fVfWZOSX+QHV12$^>CdpNra|DA7 z4?vgXd(K(Gt3O``2~is~GQ~QLc~~B{`kDVYE;<4>!Hd1(`>w%e!RKBHTS3I*^7i>z zFx=?r>=_8*hQmHt$FNy)2@G883@ZG&z`BgetFJKNv0{O9(~Ds^tSTBH441AAL^qVd zv=y0A~!X_g)S3S*(ncKMju_g@<$Z zc1h1x5TLMJZ1S3>xv#aGxP3c8LJozlx6Isg@CIl!AmfmK)ILqF@l!C71$E^{{uufpL zAw6tS)7r~iq(kN>i$KrGwg8h68x`gL>&F>#Gq`ogOaUbCsl1M__P=T)1$(b}LrDM{ zY*W1qL8kieC0uBX#HIVjLb^wf?v!#? zO4!~lUM$`(3-YuhE1|)L;-i7y<%|!EYxn}{_rU{ZSR}?40ME`&KQ2EPBYBxMsQht@ zEoE#~vcRKo25m#HfZgTG+~4?T4LoCYZf0!aH8wT<0}Z}q{3oV|FdypG7v{acsu1L0 zAP@A*pruV???IGLyOa?K+rsryi|Yb3g!oPaRD^35<9s#0B@&2%MyYzdWb_{JKY=s& zH%=&*kOjdF!*f*&!WQp*Azo0c`u>^9H%xa!2%|gU2?-2@wQ}}*N`xOgD(D;PKYj$~ z00t6$R2Rm+!ZqO~#`A9Z<80=hl&Ma8so{K?$rVhoqYAL_KDc)eLq|73_d@ZxA6C#a z1WhZ9gx`(mbwHQsx7dCPn#W{`Y?OAML$6#QPfuq5*;@F`TWsSMeWdcH8ft4-pqYTA z4;{84zWg6AKt@Gur#%-m7lQ!VOFx~PvZUiLk>)gE89HxDx5h02RAg( zV_I627X(mkgleidb7O3?^BJ*lO>xZSDy+lqMWHWk8Xgt?@g@-Xy3iiEy11yF-R!^F zyk3`tQ6HIWzum<0v5*o9R)f&h(8#J2DMJv{syLqLEGZ)^O^`M*4A+ES)2R?FZ|djq zpO9=!GrutGlB=qzNy3=$n>P~j^76dA*Lgyq1i(TIeG9t)f*g&4iz35^2yP53kmjc_ z*;_e0_duJ%s>bTrVD<*`2wXk({!{YQMXXk?y=Ujnl+1UMcsK>BTi3$nH zK^0OtV6~f7YFQ6W&nP2_lCWOrQqQ6-j~Yt|0W`F4`MoN==}~ z?31h-CT9)<*?~|2liyqFBMs|?)8Gc#CQRdFG^YBT7;Xs@#8B2L+5zTi?=;v%U^+VW zK%v<*B8?b$`t^A_HCu>O)T$pxUE(!73dfP)poId01oB|+`P6k4ieR&vjXT#*kc(;> zgC?>DI#ZH8oLaS@dkC8)?>=EXlW3P`LT-k7GVbu#{NXArD#T=%RJs?weYmsh&*x*J zgB{>S&QoR$tzj2ioGz}@U7qB3G8aE{0D>JC3X{IiphLp+=7;g|CHO{zKpu3)A=~&5 ziHloXSwY1VY?7oSglIrojFWY>Njo;EuNqzmR|iEeJm;{DK(ZZit-yNbTGud;N#UB^ zNKx)woRy_>A2^n$;1uB6wM!9Z0N8xDQy(`m@kV6@Fk0;oWfFY;{5h_FRqDWjD>(2X z($`j(oyi6!CMGbGjk|e6$N8AUicx(YVxCDU4l=CqaALq6g0ofFGX#+b2&T02OwQ@s z9u1?vONG7M-6hp*SLR0(^A{0bU}>h|L4meROvdr`U7f2TCR2#!g?Gh0vTz_B# zVMBwx6wCySoH7R49pHA3Mhd_`a)e=_1lA$s7e4iak+nZDZ=(S1e0%8AqM|O#Z`fsS zWxsgeV%(R$(n?kD7dQbv+T?-~KnPzrq$xpZ(=TJ(3k=bN+VeMV+yHkAR{r!```Eez zCgRTe%|dEn#Qi`hgv#-}4;@RE8ZWE}X#1m%gCR;PvL8X@f(WG8%6GRV><60Sf8avkAc*Pdy9Qu!xE}u|c9F z?s8B(@Fvv21xt}^MMS0n$PkT#24XM*pLul-h^G?;KW)p9bp1Jp+f8GUz0HIG0TC&w zU&zsQwYB5z8EmpBh!oKY)ywZ=)Y$(`pc=y1B3DE($tAzqdHBQ1g}?Xq;A0`l{K7!- z4a;)$;)gTZH{YoEmmeODB_6t>t+VSrxBEK+eon0P$ z@BdzIllwmiTLH3wO|ER)v)SBpH9cZ)ssFv)6Z#KFe`H+{yDP_58j)xY%1Yr8@Nqj6 zlaZ+@$AsbX83SvFLNhK7j{o&T4vzhiwUp1@GVy%^x|`;&9r`3&?3&k;UWZfZ#*M89 zSi??cxFIDwbx&(V%=b?1`OP=f zCYW!h~UR#S$njWJs>cF9Dd*+i!9W zv#h@G^gE}K+>v9AgLhoT#yFMaXdgB5rZ?E&dl?p4KaY0xT0zmqY&}80KMm{{p`N4i7aOCGTH?qLn{Z#Z;kz!OM-LYPrQiAxhwS=T{QFA9w{82%w_fBh(*o^Bh|)d*VjT4BKW_Ff8ZPt;52B-C zaveZvM&{K^72LB&60i@M9(`k_e`{+iWL0*Hd>X>Gnq=h$-u^KKkrv+Y?_y=HR}C?p zA?{jlx%|X+qS?|f`1Vs*r8eG{&|JC^Q;$m3^iOqlD1eGhOsauwuK2ba;0sb?AEpRU zk5MDa_o2Zfyv)j)hT-wqI_T}25kpvS@WU8mmeV|pReEOlPj0!PW@&8v0Gk`CVJ6a1 zm!m`Q9GKtC6wS|)@F(Xijgv_9GXWz-;Ykutk=ffmp3lkg45Q9{7SYjSUQN8=TINh@ zE?TRyKgEiR*T}w;cbVK0`+2!1a1XQv>aXuNjiCvl@bhS^Rf##BKQMm!!7XBZApF3f zOJSqneyf~)HH)Kl~s)&&TfH05J39Kn_)e* z`B%3ho)_$IvNVXTyxzmh;Iu>bTl3EEVtvAaax@9*inP-r5xibpa}l!sA`B&kE?pOn zCv^On|Lqt(>2c;o@NLlq*(IrB&e88KAD_666-w7>@7^A)^F)0o=etq{W$G~p-(bmg3NsNyIbs3(UUsK2zfP4DVi(VEDEJ zRR^UbYsr*6tHFoUdnAsB3~y_L4F_7fv@I-0F=k|Fh`#q|+LjF}1-3m0Jwj$?3I8Fi zXHVbLIw~7XC$nM00KsaS5XeePAh6SZ&;QBNwu8Vx8GdiNA7;RNr!cu1LdXZIE>{cH zaH;{qd=C}%zqjDz3H-@|+y|>mPFtnV(~hg@MA669#BW zN>UV--Z)%dc&l^0ZYm_i$4Vc;xv1<8oXw$P_aIXRWP?*b-8_Wn_z4F+{=Est$U zAuPfPyA9Y0cLM%h)ahoOf1fmHz484v65+*%zhMC}6ybndrM{QK?i;|n@al0j6^}g> zTI}+^f3$}N!M2`*AViN}NC>9CR^MAN$rkW&9-bV02?*wJc~CKiUs+Zv{r=7mR(rzb zIp9Q9mz1wg z%Suaof2<+qpt?XL+$U-j)3I|a4+;* z97_7d=ZkPVK%<0vkfK(m9Z$hmL15S(Gm@Z<)kzwV%F(l!<6GCDhd}BbRIaje#yS7b zbh4Y<8)>fssA>^PzinYx25K@d@tlL3{ui7j(rA^+i(O%ohjdJChC2?%-8HNMP4;GT z*>g@;{n$en+R~20p7YE7fA0FACAK%b*pF)VGe9KZ1B}clc&x&wRq)L{{-wamg@uL0 zWLy;kzO@H7X;|qg?k>2=Fuj72R#E27e}0ZvjxFd47&$mh<9k{XI{G1=Hf=&Hj}`+) zwTg-xTk_GP;UA2{D;_v7WqH*ONf#ctHGC%!h$+hV9l`8J;m+md|5$!mS^rwx`br?{ zE!BI${b%SbPf?kg9Db?YQk3kjy2<14BM?N}yHUT*0+CCu_- zxiC4f*gfM!ThWQklg&cs)V9A?xxeBUUsw2C{3wxkH!1NC?I|sRi;X%0f=ynHu{#Ye zI?Kex*rM%#t?X$AlF74RLN)Gp+i;Y zn{GqAhWY`*bX9U#-4Nj7f#S3J`X6xMcEOkj2QAJXLOm1U8Td3iKu~*VczDM?o3sua z+6~*Cz|uVUsiWGBjU;tHaV&SU#QtKL{V>pxEG{IH1}``3D0V z>3B^*H|AoxkV{8LI{|Y6SOwCO0uD$3io9n5OvAI{3qFyDhX-wnr>>KaA(;|_4lgSs z*c+G?zHM5@DG@ut3+tFvk^J#`S7HgLgWGB7~xoHUqUc zk^`EWo7o}m)z{aDLE!yEe)nTy&>6kE-;v;>N+-yJ2#qU+f7GGp&!2jEXqJYz_Qko`c3JCAoRej^yDIpF?iw3a! zOrU7NVgi&H!xajk8bDnsN_<#J0tS`72GKY{dLyOEG!G4rNii8!%jJO_!W^;K(8JULedI33uKjN zcy6?NR|Om(Yqcto!9LL`x-8QRvnd7JZA?LlG^ALov2ug;ubkj@It?t`I8V8T<5I{!= zD!WcBK~n|DsFm)?+otZ3WbP}k*s;6W?ZxX~?T*cVPx{X}a|c9(%}H&mARWVzL^Kxs zh)0_7LoX>2C4bBe9u{OFk8_YY3!pd^pSC+cdF$xkSJ^zdvebw4YJj4r%&`iNsK8`s zX=t8Sh*isrNRP5bJbK!dmzD{#*`7V=3cNQo8uqegL`{(4WaW5Sm7Zf}cWm(yfoK=X z|GJgmD88(#L+$bhd{b->7dK-zCQutrWHKqkWFtqHH%LfW82qkz3f3YRE_fH6_#R-A z*Y))>nLAM{WKXJ=f+87aACgxE^n&2C13JVCD8cIkK?DPWhEubcsr!6(-4LQ!)8}_P zi@NRNHDR*#tg>?UtXLd;p#Ykw@C?o^p^J-U6uPg7FuPsUR$G%#a-OW9>)bhlqneU07dOUe8cjVM|NO zsBZ`oi!5vS5Z62k)tkzZpF@7LS=36qVvmki$<*0OCm=T5Sv{~pJ;S0RWOXaSqpa@g z+E#XL@oeFZEnzCSSTc8kKKw12`OA-4IyW-KdvnD!LJsyIsHc?x<;CJE@K3?pU(IB` zzv9^8J+mwJHK3&L-!Gv}0(YKaR7nwPCrwOpPYJ<9)g7`3a5GjZk~?gMhlhzh4cxXZ zQk;|_*5KU56Uc=FmgraQXc|bOlT1-wX&(5*Cr24-vhr$RQ2EFA`t_B|0X4P3Up_}| zUP@IRHJ&k?A)DJf?jteK#w+j*8%w&Y-m(ylzw)vzI`ix$MymUjinp)M)qgpEOViTt z;`5lNboJ2;j1Kw@G%7-|V2q-VwOThx(@pnwr7mJ)cf*^NI_^9{{%vwx-Z0T^{_!kv zMkk%9S%XhxKEt61QL%-6$f;AOnt@#6Vo}KW)0s{6bl`*qRUeKR+(%E)ZCt)_=w0zA z zKjB$76|uOOvj+?h-IKno=G!$B7q=`lSl3X}UgP|IoE{db*&8bru&6GT-`miQ4j+zs z=cD_THMp1-mzD@C!1NfX_x(pGjNNwhu{#&(XG1Sq1?a!z;vQ?sXUPv=K4y1#b%RruU*w`})B4^}!=-wp-)d)vxcqQ+$eH-`(_r8F%9XW| zvxz7<9$&8*>1x(s<@{4f$W{64m6<+a|6<&vI!nX=tajL)1I9- zpEn#0>^6)Z_q;FF#6s$t`Nr8~BMWJ;GvAx0rYvNp?fyHI?(gvToBNhqLDUV8V%?yV+!NM-H7r-q{}ns%^pwPT*byK< z*?;+q_UMbh=L)U^Fv) zUWlrGXLXUFSJt=z?-ponlTkAJ^c^UI3dexu!xILY~2t?KufBiA0u*$7@Sl2J5r zRX?hJ;Q4!&?P>obvA>T%t>s8TQD90hmQwND$iN9yAH`YbN@aS}N_{)&RGgI`Zy%@g zVS8D5a=>q8u6SY!> zUY1}c3Y2?TzNC5M!;GAeJ`(b2$aLZLWK+rf9TwK?$cYJzhP3fb^o}_&5k@|LR#jC! z{WF50Je5-MFkx#)A_-bI44R{`H+KxewX!kFglxjg+N@|kMOu3x3*LXb12Pm+ql`0) za%EcSXR3VRbmruy>VE~|Y{D4>g*7aj+`1lqboOhWoCSzMlA?Zd=V0~R0U_vzpxA`J z#aSk0&q_3E98mOtRn*z2mF_BYX@402$HaIk%_Bf=aZH0<)k3nHtMn(g+ z1y&GP%~QEL@}nzv65!5Gys~+u-HcAZvB3OPB?M2(aYs z3spZ7Kt-mPSlRH!CA>*t%Y}xx&k=!`rQg44sfn+}U%y}yl=ZsgQ>hmZbnVFeUba$f|fe8be>3z5}oI3DH0SEz_f+vVdX!3#O17$W6 z$8=Vl#;BuC_ihEIf+i|a1Oq-ietZ>H81NP2WMeaoiGX=CQFB4&ymxt8Joj}Kv*!jL`IEkWOUE`Tp6wN zY6)dZJR-tI?XE{h+Ud2H*71?Sqj&jBw%?)PEwlF@09@)pZwPhT+Z zw+@P0Sf|}?8-q6$Y75YW9swj^JY^19IFcQh%C@z(-dFJPw6uIw8>h|p{{lhoQaQhD zd^b~tTsAq`|Ea&e$n%TCY77&0IWs*ABaNH={8okB&_`-{{TfnV1Kg{bx%q|PL04-B zxq=!bHt*S!2OS`K_s?IyMj~(5_oM*oL`VT4;#Z$9eR+j>Y5^ttb9j(XggI63i+*1$cnWVe5k~aYXD&(H)qyG&eN?0W#3k zyiRzwW3~N(qH)9wTc4bQl2=wc0+tw_9v%SD9k3i>wS{DuWgE|U#MU6ZUe=$>W z?XxXSP2tzC|CpaA@WUfV!s<4GTvdy1H246&C-;ZbXB$^Yb8!toC0IQ6{@pt)B~7NF zx7Oak0I@{jCmY0M1Kbm|7|{nlLj6&UHv5p zq}sfI6CHX>b1H0g+7N0{gJucv6VAb1T|e=XQOZDKv>{!Fy%kFT_!~Ern5ds$BQHSC zDypA902(C9L^v0LOl+Y8wwjyBD3B1K2{NsW^z?_xll>KO<@$JwkiUSA3Y-sX`10i+ zsB0VbV0=PY5oVy3ji10_iF6Zxjay8MJ=|(vJ@@tkXdvNCFoRN<6kSB4%I;GhnU&P3I~fK@pIz)UAyS?SL;_Ss!&`@3(gmxsdlxXYOUWzCp70S^l6 zi^jB!?2tz&lY>J-;6DWU{KqF3uZS$5gAXDE?g6LrICizWyUa(iAjpQUcH0pWXn=TV z_Rj8H8BK7+%LF0@OK^=#3Z!YY929E5;+Bd_KB!ZLLC+0!PbgZaz*&X{D&*NfwAHaJw>fYE%$I!!TnDBL=p&{A>*ld8W)&mA5 z^YHTrv%J0O#z<$)yXDaV+Q0f zu*+o6?&Wkn+zhQ11mnP#+`2#kP>e9DaLvK3P35Y}I|HgEybRI^D+v`?3tHWTIS`M6 z!hNn#7%uPzA(>TxR2&G-DT7-O`4Px>8lbb9oG>tfj*aX)J2d@I+O~b+fk4I?tZV!-WnU#?| zVuvhtVD^cV%snJEFr60=6wK2vptQQXdDEtuN*64HsH`8bg_-~QUOh***TfjsQ`);U zwY1Q`)X>s0DYj;I5!+|LR%+S8_MJ~TkPD=LFt3A8*1@NI!&R*5kI16IUBF32=8o5t zChRxhXTOJ-KLFMVvMn&_qu)L*c_C`}+#6I(z`Fu5N6=tl-HW+BiRfsQr`5TzZlHnJ z9nxRyeW+1C!5BzJhOqI1UCzwxtjEGP)|_ZOlHi~q2rb8B+>>xX#4Kx*0}+>Mk%Zts z3eO*d0NBMNrV*gc8{l5!vNR2m0R2XDjp4$$N*L<>8;CHQpbWX$+P*;AjC`h3tx@Je z#L3u_Q@$D+I5b^4uM;Q(^~{m>l*v1GrZ#L0zkgOX1a)`~g*SA7&EW$)q5 z1B@O~#b`$`ZxDE#Xz8T`$<3y`u>LL05aDceZaqv~?u(y$f!rU+l%@bOJ-~J36e733 zFISF#johrMsd0S1B%sjP;R~6GK#Z(WK3a)C0S|c8>vsrZn6X5r^STl+GrnNQ0vvS=Qx| zim|C=e8vSsTJ&M?gE!;iwzaC6<8-MXMmg0P6cRFAzB0wbL`Js{tmn|U{Y5X?EI$|v znxU@>LEiH#URA`05}j8Ok#7(~PQ&j?$DTdQ=6-JOfgWAAoo?nStg;+k z&^b{N!3+ex^5WZJWo?qDP9F5Tcmd@>Vd17juN+@S&AvPz#8ggK2GDiHTp=lHTI32q z09=1hTf~b7(eHBqz0xPG-$E;OFA)SEOwWSHfo_&4WVUSiIEeug6xY;6ch0ny_7-+wJO6lJCB-B=$d6PhLvJ3F`7GuZx3GVI1&P5GmV~Fs6@r5V$#anXy1j z0fDIt;8iH67>U(yv>+U5Sk`ppYq%*8YS2`aQ#AMn62n_WV{$IW-ZfAymN;1 zHS~feqMQmAFh0!(a7T5=EW{(=pdEX(&ikEffDD0gL)9jekL{UPxo|fsY9s65U_;dP zbr(;CB-JzT)#`jFSws4%KSL(9{u+)>yf+(2OXoBY>F67#zO_Lt0AT#~4ZsK>)3OymM;;PTfKj3IMiTUVi|L4ATor2AAh_TyxP`&ECFyn5%v zwZ&KGoI1M~ipm}%6T|I);IjBS$9bsl{F`W$INLs@g{g_K5T>SRPrWW2m&~*?#>+lSdkWR<*edBH!=UHhZ)}qvLHe+mD}mY2m*-Q!--p< zDjw@t=e5B-AB7B{r!Y^Ud<{NSb7QDg`t^nPU-D~asPx9QZUE}S(_j;TPpr8Onu0wO zuux=1Xvy36QLZ0#?h^X~X1Bl9fRhZ9k}f?U-{VBj6?sw25eI-7p`oF$ITg>_|H+9M zxk##(O_t9?|Ap%KJPajoTDg&fUw{dZPRyf#vjgw2S_zT#04vvMuGk0j>XX1`RP(xc zVL*2dH7pbWXt7lYf42NjBx@td-Wm^-r;&RHz5$>BCS@=KkqH9MK=14R{ujhjBmhiz z8tb+!`i1Q?8puj$t|(#cplZOGgg#XNzQ>#U{5X&Py%m3Q;nRU_OzvqobP>SuxfnOs z((jUan0S6Wa1-}IW}_X*?|s$ro|JJGHg{-DV|QZDSTs`n}~)=|vxlI1jkEcP1*A9($T!`Axm-*~M7t5Qt3 z(?OG(wP)genM5e&xcUy2QBQ5%Kyr#liBkf32{92ykb&kfXym?j(g_IVvy<hT3q!g=wp;3%%*|G&0@)$TA;HEB_C?r)u#R1~8mxLVx0T{dpieQU^ zm55`tQ=sDJEf|{SC^5l?`3L|N z#4*bPUFb@|m_W?|Xg53}qGYT`AHeqP&!1y+OC2BAiHWejP^Yav@((Gx*>Z14?L{|H zn`4PzG*5MFqDVoO4-=wW^}~csmRQzyBpsOI@y}hUnkagDdbEhqnOXwo4BTy-ItH7v zaKHRE2L$`&{knWe)GkT7xw|jo^dCu}z=h*Fx9|YzDW;Mc)W=3J75+m+<7EnPXO_R>CZ$mbSL2Ix`gV zP;MAk`Eqby282bFa@<6NRUs)UF3zgLB79%LX3ZEU(!F+SQe)BB?e;K+A`VdUui|Oq zQ&m&nLZb_USb3oX$=`Dlf68+M!^toO34}7_*+IdDhAW$dm*T!0c2ARa6SkRA_{F>V#68f|DRK@$n2 zkrQAb0tpo*C73m*af;?xK+AvY*30a$M6OX+A~ta;H5*T4?|TnS5z({Cd5p1D9E2Mr z?iEij;XNNq(PpB?;KSdo2dAYRKYD|RNI^kSd>+DjigXwf@!)B)+!D z@`;yM4eTz0g@#Q>#@ zz~o@Vdwz1!T#}8EOvd#+5QWY3;lqb7#5{|)6Inos2-;5X>Pd86!x1J=!~xmp#p=Qz z1CJ&8SC<+gWWeeJvr;oj!RKAt5n`w+#NhyD0c#_$q7D0e`Fj(-4KWnSnSzYWljLMm zkndm)B^jTMBMWpuVw#ku05P<9wr_jT8!UhDMoMlb?6b8bw%M&5DpRl(L6X_&-M>kt zodUTe5R8rU@pzK&#mK0^Av^3leHghBX4Prquun9x15*`28$KY3O$jZd2rDO&P}2Qh z>gY)JFebVU8~DyBBd!54hbQ07n1~Lq75bXP9`*7f9d6W>H91#Sb904Fir*E%+ z&&N(s^fkoG(mHh#E(CHR`@4c3)=6`RFqJ~!vtngh?JOj1IQV8`40A_+Nj@=+60ww6 zOh6TZeStKM4ojn6YHDgG{eGKv@>#EntL}0;b4G-0&2|JuG5SZ+5pFZK9Nn73O{b8L zmpyxS@2S70KmwHF2{!00if!6Se3^VU!_GSkh#AWxGv;vLiOp7NP?fNL|=EA&vx7G4M`BCjv9p5e(o7#n~cF(z2Fx<&Q_3gOAD` zG91s#p6x)J`L`es+GB59yUGHs-rfY)k_to7zFPN%63Tu~XFp(siyvRGfK{53k5Wx6 zcN1wRRsEB3%rA^U%{MWRp=cP)H}AQe2H&{MQ!o$ptbCrGt(ny^KJN*C!fHp^m4|$L z0~gB}LLMupFs)_`@Ub%5XDX$aEItv43J^wjAEwYl$Ji+kx_o_i9v;h}yK3!;|F&tb z!Nf=X37X#R^o5;=E+)_UADnC+h?Mq-v8F$Nu5L%9ES4OdjMD^+gTG<2=2i z6ODh<3p$(bJk-S0zT1Y*X1o3GPeOh|PE;7pfdU%LyM+bD4IAKx0~Cgf2@nowJX`2y zsh}sV;#d?`d*rx=0^Kg*+iWc}a9NSI{iC-7V~DvZzulyV>BjI{f#$Ckk?Vf2&|58> z*!kcEI>KC}BPvR#zU{szOKD!=R4Dx7-m2yC!F@p!Bmne=*x5J?b4s8#+#@EI3vT_0 zPGEiJ+p2@lM`i;yp7rk2K0d*Ha7y}-WoOVI3i*9vDG@Tm)$0yDS}?khs4=c`V4O?F z-s0K;SGCDIx^72#GGzN?hNuWPzr))&vla(lc60QeD~^Ej?)h3#4g3N=<%rBcUD%fP zFviVRq4efrf{eW{DQ)K^Qak%S#xJBV8SMvAxpZF$aJXJKNVasWaaG(X;U)@zB?$y} zL_M5_qOHwY5ZmtB^#KD}-t$s@-}{I$zI*eVVL?%vA0q|lQ=QmAgp`}WrGpQ*SEA_{&zqd(Zf>&>PN z>j#|-F)sxy9;DzBwGI(#MQ}MzukV|uj2vn3o3Q&-9hRM#qdX~>+#}~!F?E)W(*FQG z3J+qM(puOplOc=J@(z3{_2;-?w?pKc_6MtvPphO@%? zT9*YHSkkdqkx^Q7AD$$D{f=E*9y1~@7+wCH$Q8C((>8nQNKUjrRXZ# z#K{WUk(D%8z6`gkujr$bD3{jXY>MW*_vhHtaJ=F-54~=?p4t54`!U;t`;-|fAQhQF zLE0XB))Eij)kfRH;ogrD4&mXm^1V$NryipedPf&`^dXeX00-4oWhjBJ;(vO3&xpmr zp_F|mY!2D8ZcwncCJgCa6ge+(k>2RK=P}FgG;QrW4h>7t_E5HKZE=wcc(y~T9LV3E z-MdqAL)pWteMpy%*#5kq`r@r@H>n@QVC z@*KT3XS9h|+$?c3R|Q%V@ib;kAeBMVwT4?V^3+V04A-l#N7x??B-5%(%ZSx@9A)1= z7#++7x3@+kURD<8awD*Lt=I;v593a$1O5F;%M$~WlP$xu7Lu$hO5A?K?sE5m*RMPx zwZWXU@px%uvmke>wx+7;?@_<{CaoP3FYfh}p?&k&eDv-O%P7oU1;s7vsZts5b>|9N zw$11=louRSk}rF;vw4uY_whdSo84~bMHc6R^A6wQP%?LwD9Z@ zj?P!?cQ`gS8{WL$9baQdeWHVH3XYb*dkUP-SyZmDbVsg>f84y~ME9aL8<*{{_??LR z*C%)0oivGv$RuL~E1J8~1ua8t7b+#kugcgSf$bO)AC#}|W{qg!pfA^luA-aXuq6ff?RBmmPC#!j6qOAO6>>OgvFbJ&^-x{;nWxc#SW0#Z-F}jSFCoG-%4W zKD|X7(l6HHtT!PE!Y00|ufWR-gY3bAWC2ik`!;5{?-A)lvlsyF!bH~|F0Sf+m&yS z7lSTQ^}9{k%|0YtPI@?K#&>ram%X%*tocJYzJb*d3n7O5x0Q`z5#{oWAC=esu-X8d zaHO1LO=pZhG2MvIB}UT|U-==L0$0lU83W7tLB{$i4{D{g)YA$UhFj3^+msNjIu}a( zFnpPb34Nsf;KZOoRl4xlB##qt5Xw7DQl5ToNO1!GQK-<+6|E4a^#6_C4WvO+hB7e| zfu=j7^b8EX7IxrlOeUsnRC<<_=n)3v0E_^@IRduI&ECo-YEU?W(+|i;`PyfIsu9yT zvi2Ef4mUJZDk=qW$#H*sj>WeR`=BQcm=Z`R-Tn=(sc44-_Rs_Sc;ikvCpTk~(_WZq zN|arJFa*5=Bd}`FR?W%C$X^^s+6V0xeD@*C;@zg#{1tr6q@<+j>K)+Gz^}Q#x4rYD z`oN4sW;s;oyg}J5QOn>I0Ed97Oruqwe#g~sSYcj(7NC+Gp1MXFuw-Yfe`WOKSHnXO z2bq1;{=gsd42nhp5H!aT13vKoM9B)*L%6}@<|R0TIm*Z?IRZGj!)F-84N&BiOh$Ks z=!tBhHMhS?TyHQt%HN={wxUig-t|RMab;zt=yO6b37(F2Ql`gg3f-Kj>n)a;z2gR~ z4ughuZPzJs(0Vx3*Fet1qzuMz&oMNmBf`UfW0b>7vspB*jSPg}q5jVPJdlam4&bj; z!HZ~l**lO+M9dkK0D=-O9aD4vJ3&lBWBL182uZZHP1XB3>WzYn6euklS=^2>G!<`d zbpkl@VJHj6AYeWc7nJ!;*3u@dB(?Q^>f7BNxl`&GzOXB%kzmc&>(csL`OB3J6KJ6F z7c@KsIEf)mkl58mVcZ8X84Xv*69lzVor;Wd#{UA!l2ZUHt-#KToPtFHQ7Ht|wppzW z4G^=XnoJQx5k%2r$TgNYYErK)Y>(K*O{*ay9BYn$kDW@WDu<*t z6zI!AF81MrzU}8TS>+mhp2HFQ(f9|Y><=1pNNzhVBwdhM0t8-jj6CGM_-2S^{PI)$ z!9^K%mhcWZ$l1u8zt{`2&yv%(Zr|=4;my}sLiB!ihDjL|YG6H}oT90R_*GoF_4E{z zWgQcsV|4CGj`R)z;9iP4=;7r#J3D6@@PFT2{N!0(R1{YzYEQIn(Cr0GiC-d@Qr9D4 zUeL;dLaxlN``sEEeICD{^ygNS)VkExg|}L@*$be{h&q_MY!u(Y$*LUM^cfTS#sDZt zkJI?q&pngd&tr5RNEI&XQujD1BLQTKt4yAYGv`nyI}u;vN=yj)Fdlr3*)TJb|3_LQ zADNgW_rG!um6(9b`~!WCni|d8RAHcz#iirmasOIcI(_QYfZxT=Ianlt0lfzLVxS%H zSSaeE9Sfek!k%X(eBsVXCqQ;74N*Kauo8qzb}2lU0=cqd9djUw!~9*pnHt*m+cu!A zArwCI`7Ql%t0q`5=vbnlMcV^b)G(I>eqUTUiDp4T=`}WAYH6Y4Q?~(5?*Hh{yK9#< z{6o-j0SU3Ba%-tuXx+8U4uVlU{27o6q5KAhX?Rc$0!L7}J!IQU^;;>Qa z0n)gDocSO)mY}DqkW1{kZ*ql#o}{j(1|8qCW?F%FO0l7> z!Lfb2JD7neR1j|XcI^t~3WW?3 z`b-2#_z}q5dy$(7Hg|9^`-KKXcYoxz75dP%af^G`BX5)Ath_TGvKNe@rd$WKe z1IB_NS%9qk@C3jZ5GU~+A3iJ)1$-!5z-iFZU)-7~b&@*gV5OkQ# zC|Y=?+H7;Cw|ac1>1l@*yiEjrdz33}aCn12Mgnvj>z(hs}R%dz%G3!;PyOQVWl$h{D zWWpRSc7WnX&&a4N6icmiPtM~6&kYg%d{Px5yg=)wK)(-C0o*oVA#9KwIF=(le*9Xr z!&-`*f|C{Rru8m_+dM&HMo&z=TzJ*4FQRWbI}FRoolz*8)j*8;Tzcl;m_FiwqnTCO zPQRq|g<*WB5Rt(U?t5Gq8UZ)WPaw?!Lq~u)(;EV5EPz8hX)jPx)lzR{+d%#SpxnsN z@Y=Qn7>g;B^CC+-2vR1;4lHK-u3V0}I|aH{;WP7(;nF@+^_Ku@9{c*jHa`#Y^(T zyOtYZo3ulphA~aO6K=h3mEf~>b-4kQ0+EfIJoLB0z(tjez9RZ*P!lgZT3cH~#87v7 zxRDC26|`uq*2Dq4AuraZgTbs7!)0V-WY82uTLJD4EL}37Vns(Yc}eR6bpEGE|9Rp* zKk(t!Tn$UR_Mxd59UcAS#}Di!?jY!1(0mMGx-0KhI%!|_gwD!`nngIutqBD30dU<3 zRhhX$@0oKsnzl)&G&CBpyJ2WVj3H!a_lBapP2sm4X3|Q#rq-BhXlkmEBRCJ;&mIRw z7Jw0m?{^au<>5gI{s=lq`hDXt76qTha1@#1MN5 zW)fxAZ_V)8r>BI&)e|Ge5Rghs*TRv#FZxw*%>Zv1)28y^ztsCdkmUXh53c#1?EC%_ zCjq3g`0X#=4;q)Mk;aqJxIm*CrzPA7D@_P>3wGM=(q=4AP%0X*(m{%~gWR3~FU(=gR-gQM_4WIxy>w1%ytMD`@Jt_`oYy0Jl_{)=-Aq8WmgX zfT$w>=`%Pturv8&xU|sajXquH&7Wz|lX?5vsHjjIe8VAz77N;RIrbGLr)6e&O?7up zvjA8;ZUvYT@)p>ME}#vZ)khb8-tc$Yb65{R20T1_bpz{n1klaYC@Ii3JD*hmuB%yP$2XnRN)nfKWM#o)nh|$KK9yI~}CP zmo9zB+{&4O!>}LM(YZ0{bABz>)Xhs~+1pcv+3Ym!l&(rnCXH1!9+4zT>7#vt9)a86 zQ(*t|tlN_oG^Fagm;nQVEKn5KPnfJ(bYUlDV@50THf-O0BHjoN$TmhAO)&KV(FJ3Ij%gbxhrSq?! z`T6q@JXt`BfW@YY0xLWFGTImde0=TsGdQsRYug4rNhpDXqD%H+r0KiepS$*y%ram8 z`Yza2@a};V61M1oy$ADQM_havEKk7cKADuMo4AfLfa-s{oFAT*Aa3Dtg{eN7`ACgO zj9hT^kT^-o0@VQenY-hf>^rmLZ9VgI&zf`SS-ELUp8kg996l24jDoVV24Zo0&XhJA z@b{h^gA&RJvoSef>%%QowTc{X=osXBMgiq*!KNG)=V&+hUor>%wNo852-o=j1p$T zkTCfp=HH;>_o>1yudM7Ry4RoFhZ(l%!JDiPN;@<)*1q4E9Josu9)A{7xuJW@FFS;R z0{EO4;yM3c=h65Ag~yc;crXO2rAn|xfb<401%bHH^7E3c#AV^Dng-j533X#+%+ZIi zD2}!LTcyq)1N@>){@zFY`I_4lzF8VNZVV?Gp6xScwz_no88Z(d^Cuo0@ugjbzutK4 z67RP9J~(eRxqLN9So@1)-`%33^K)~~c(2V5CEU)Re;C5BdF`)AW1h1^>tG*%dKIjq zwLi0ieh1DgQ@O!0C>nGey!m+ypBTVh#!!e zAhH~=gJml9*9fX0g1)tWxlIQS{)@^3BUhl+j8HS5rBGs8G?qe$v@D8Wuvlv{t(!bj zX_EK;tM&1lpHHG+<>^_X;^^pz&cx*DH4%SKr4V6HkW!+DPFKV+9@XZ4iH7$81>qO=Tnkyheayx=~i*}T-a2Cp4_gN)LZH({2u*d}}3w{}T zIyy78Yb?WiZFEjGGcj=U#U7pLr`}=vn>DMD7Xc5gzJZ5e$^n>|bcTN{B8WVRQ0`nM}D>XPrB)irT)7p`;flmse5Dr-sUO$K95ZtsZZy_m+ zTKm!znDf{zC&ymTuvm6hAO^4i;6`54d%7x`Q%_I^>q^5-Jg@h^vNt;%J_JH+a+GcJ_!>&Nt6~%<^x^GGN zy~UBVMMp84uV>a&H>?x?Xk2iLkhlIrZK)o}(z$oocl4H^VOxOgBc)@9#eeTCZe8zu zJy1Hd=G#X_D=LyUKOEyQqQIsE#&Hw#YjdQ4a!{`FbD|pzmvuBT2BcTPY6r2w)vZ7A zm5av|x<{XI)gmI-W&Z)l1Ldx~xcHm%u@od3`h=E8s=oK#bWT4Ks^`3uN>S`fS;VU} zaY208*RbAS)+oM`KMcaD#R$tZX${D^*AXK(~p1-ua$4H>rOy&G+F@vGEGk7sb zVtp`9wOPB?%=-MSw?nU>M=$wpgXan~E7B|(h0`^1QNdTGTMwJhrp0-_9(tG+-QpWw zBHpfc{FULhaL*;$aq^}m`G=89(R=GN4)1?5cO}H<@w3Z!oIx&cdtR-V7+Q{}GWXaU z&vHDD=B6TMl@-SeWzd`?Mj{e9Rh8c=TNl0muNG^m&I)?m&#~z+^M9x=JOWpni@-Css0CCh`>HdHHAn;rKm6|8%qS@9y8qF~}|5Aua;%GZNAG6^AQ|sT0zyVrq>JTQZNa*Ny zlGvQr`h6SB9Q6DNLq|Chl=TGJLm$-AsCt}AHad8Wf9(QDAlwtbsiuU|nBoL)GB+%9 zfB@?4+A@_(CY7xFpC8T6uSkVJ46R!Jj)??$UG;T!$SNtMQ7+3jlnHVd6ywKM|qCbW%ATecKKSqKa5RyJ(@-mR|1KJUUBVcT-C@jto9`pho7`f=aD9(0K>t9y#`kHNbP{0f=`D?1sm|&<&L(s$b*sk#_zD6T)K-fQ2=1t zt^Q)m_ny!V)WB*!HX#8vXVq9%3s8u!?0>O`i*%=ctejbgb{W=GKvb7&>rcn@;ek#Yw*M=rLGR(HgKLc%OYlFAatMxwd>)NczAgsX+%D5c;bXv zLC`+i&iw9gV6tJVdW+dQyRJE4n*ivkm73vpw%UDgIzJ~7ttDlw3 z)wj?;FnV?MZS)7P>s2o|#cq!%;8Tm>zblyh>SL-|Z3fdZDJIUl@)QLRwzzd0v#_}S zeCF3YVI&FQRV4>r*46n!;hr6GTl}1E2>McJ@hX{;hanPEvY* z(!haRY%Rb1_2wThV{~iq`Xh_zNH+A)tN{hRRI-&ZP0e}=TL4V|Cp~n@okf6Y-Q0eH zIENe?G%e6aJ^wRms_!HWjsZ!X2Q`x?Q;1g{;2!rM2{MAbvGEv%}8V^)=nBp!og z;VdC9By@Dw7Rc&{VZ=yI!Kz`6c!et_sPv$@z`hTrHu%-p=lF43(1&(iGsG|o*;+8Z zAJ#qnkn4N-vXpWLo*wQ6F8#|uF74CxW<$aKOsU`o9tkgj6*vk`%>TlU1$8~{K?W$^ zji0{*$iN?7`?zWTnrCh~3b@E=dG-R!F%!h5iMOdCypxpvJvFHO!HS-;5oXtjc+-bg z7k+_T$yUW2LSBzuwODcV;Q^Q%Vcbl2;b*`f7z+<0VOZiIh>TB7!CWvD-Hm=V9hix# zkk4()`vd7HqT%Y;q1D~O!l}D#0ArK6X|B8l5fyk+L4JPp2nevLAtCC%z6#Q@O`lOl zpqVj{gS9~BhNzU7OB)!7v=SnLVW6@~WP%Z=jM1_9O+GqRQ*6ZTfpCkpS?d7}|quI~n!4p6Yd^b!@xhf06 zdjn#Pd<%FShBbnQ%D^U7oq(JLb`JTOEE8rGzkoA?A%f1J9Daqv&JS97Ll_IW8ILpyv<{%l$Sr*l&`xeiym8}guJJ*=GZgKfunlD1vPC6|k9D6-J8-w%*9hAPb6S496#tSxq>uaHXvxiZICanX(OkCT??tO3Ac$T z7xtw-RYN_3EtmB4xtP1oI zDIV?;lEbT;85~uoCIg6c?06iTmE*(@fK|{(!1eVMp^wHc(#mHb*~q{RViA+3jqQV} zGMVo}oZX8P@glLLiT%8RhF4Aw>F_Ylz1qk|9IDz|N^o*vny&UP*b59JO3;6{*ovv(z}8FDXFnFp82Td>*YmAmVS@+Cchqz;Jak z;s1n3$Qwi$1?aRRi@>8~-S7$kCOWNKn3%*dedpSPv=h6fF92jDr@;M+h{vTA?s3@b z=xjj#JtUC`i$vgXh*iKW-djt_q*qm~0!u-|wqHJ6+qZ}Iw{^bD@>RL^0OK!$ znIOhtJwm{E%!Ca8#i5I76=C5V$y9fLV`j`Ndpn+rPiz*K&_Foc;MRE?6w?7ZPS>ob2AAGrNO@1zg@wHl&Xb#=wsP zyr}?1|1t9Mqeq{5{S=dxQq>`HqEdT|F<<;v)Fvk{&#a6ARUm%A4Jl=p4JL6QOMoV8 zBq}TnqjNz?FEl>VL4+K z8q@5fiOWxsVZ85^^89jcRoSYXDa*M+4$29$fSL@k@oqZi~Vmz@BwNM`V$cm z4D#Rq!ZwT){)E<*x4-#ARy518pE)e5vH6j-H%jexth1H^4*u>W1aaWDB3Prj^A9u` z+PhHb53J?{*B)AY-?k2unH0(gva><83Lxl zZ`c5sO8VW`Q&XWNZDY;5QeP1?-KEwMdUuWkQiv!+mt<#Xs7acMNl6uI?F^kM)a-O2 zwX$%-9exeoT*s~_%*t?{0hK1(gbEm#oSYm2AEE{tBHH_?Ru93U2VIcn*4EaRmh*`3 zn7O>!>wTuRG1AA<=p2>iqIgUb(|1n*&$&Q zgva$-*0zU2F^3Dj28ixB|9{9_dprY=Z&2&e)?=4*7w6|c58tMa6C#hW!)3015>_so-I4z@tRo~3eATn22}vK@*AU4AUuQ6dxbx15Y+x6LP9UPi583+Uw7!ehgPW{ zo72Kl9AEs#Y(+vkx0ntQaq4by^!0y)(hKs&HO+35PQd(@SvR;CzK8)kCbAsN;x+OA zEHT~_Dlmb#CY(D+wUXMP)su|B-s}l~)EUFl%a9JZEqy;f_u6oSWWaqBQnjKT{PbF{ z)(_)N<+0I2ua2U&iEw`b!3R8v609*c`m+B<*qev-+;;E&9|{>tDwRrP)-K$xou9Tys)}wETWuSC*qJ|ik_1TwM2u%e~mu1-hL54#dll|jr zBY_S&_WFXxc#9Tg|6LZdN}yw%$_}) z|8-lhclb#?!x4I|^w{miqJUizXL&d-F7!!nhSCm=%z3OMN^$GO`dlkE-A&3YNTzhg z{oxfS!m9G;8N}awF0s?ptmpo`87R(gyXc>B{M=e*_eDL%fAG-gWBbRsj0kzOC+fu5 zfMG=l<7vhFbL5?tvk}WT>U-@q&m+xN;VLf~k^Yy9=g)s)?+~m<-B?Z$!y!Vsl7ro= z)NZjDWs$D5LxY`GFf9ZH|GNDjrgio=f-4XFxoF&v$Q{q7{20G&k@b(z?PJ9&VlT^W z-0HlqXZV+w<253R2ZpJLPIt-a7Jl2xPrFlhr-81K#!5kQnllcsTq4sn@zMy};?~aT zN~3}{ru6s`Jvm-cbBvwN;i~nzNz>=4FAQ=}U9kJb&+>T4|8Y|JDoo`uLKi<+a09jY}(UfmbD$3JIN@i8%l zl!U0j;>zFGDq{b3*)`3smvz!@ci(>DX_~Qnb{v|v@OKx3N5_@&8+NrlxxJ|SUke<* z`sBY%FmE?37(c5$vLJS*slwCKJGRXb6Km)W^o&}jeT3%uNAAc3={0U%VTwJc^F*#) zGvd*8n$27PawzRpHaa`heDS1-mpWHy*~LjuRjTe`Hr{#sq%p}B-)^{e9bshQxYGO8 zbBX*(yLHO3a=amZbWP`Q&BnP)6x=EfwR*f&+CF}A#;hqD`kXO*e#XhIVUOXqtfdx- zQwK)XOy4(gy_DIq$~8mR9Zgp(R5)DcZ+5@ZA=2z&<;MY)$27*zY(?7g&%1+uVgWZ1 z=qFx|=+0;X&T+^zzUFq~{vIMMnC{`c2Ccn(DG-zJhXv{{fb`y?6vS*uV$uaxP7xO&L_;KZRqJU1N?|TgtKVQ9V z$f=C1Q}-?lj70ZD+f-Z;7Rw}Q%JragnNBLvl4v6Q`l*)m!Sd>UK!3O?sQ|4F*%7IS zqbAW2y#0c4aMxQ_okb_^{mz~wNX|tM#Jug{cl@R8)|w|{lJJazhG^w5cBE&eNF;0| z;U^cPF^MO|WtOBf_7JH+x`)yXo}OX|YJ z(J)I64+=&YBy!c~M#K#^I4z}jL*7f{5E?31KTKQu%*yU??+{KSILEG`@uJUrtk6GQ z|NCbR!YTJrzi|L{tvpr?yp#|fy=v(>G@ybHYy20yX@xl+RR41$uKHMqK5T{WiC>f; z_(MvF>&9RY-C7r9=-95Vi56K!oVwg;w8**hkL>LztL3rluXQI z$N&}qw&*D6)0Y-OD0#;Pad~Ypq~;(TmXkAJ5N1R`1oDPq#>P=()IWa$7uLm37REoK zWh673q7 zxr#`WoE;xF7X6957eBt1Yal|{rn}+AmG>&3@$3Q`YOQn|NEFVFI=1VAbN+Tp$khzK z!0&Oi_v>=NDw;lT?76n5J^6y_VAuwVH+ zk~a15l{k`cdA?P^T6oc1U=5SD9zS-Bp@3kjP$`ivM3{1yLn3D&Hs8Y1!)KH)qBMA6 z0bbC%dv}N^OsW&1e5HM^-a?ex>@GL2Lm z>~$!Gndi=Zq^qd%QY-ECgg%a$BGKHKG3T<~<~+e@%mk7oX+c!aL82C*>B=q9OVWKQ zCMjfl_wKzfBm^SXwedUaWe~3-?>`UxqOu?RcMiEP5gu5AAK1&9=ah`fRV0uSzB>-Q%c&|jNL@Tw}VsKioP%$@1i;w-cVUnc#E;oR)d@uw>8T?pL<{y~b2W35k?~o_Tdc-5wra2ciIb zk;f*?m4lNfU*`JY@A;_He`Sd^?Jn1070j>!Y+V|rQGSM3D4A&~SEWG`yF<(x#O6Dd(9_~jZv1(LW<64 zEg|15=VSqgqb%+dQb^)y{KQ$8N19-~_Qn+J)*aXq$H!j){|_vW9=T%HJ)tq9UG2w< zgJFC0ur3p(03|BsxI4~i>AB*)OqJSIabfqvG-Fc*moc~b60T&+DvR&k!vd8RRnYEy z+-ADrOhsk!(ftxG3V%YK5hI3d z)ULi8^GJT*!lT!R$6;|nx8~7pQIyyJD&R#rSkB>xmi@R#kxfs7%eJZgDGNW`yJe}p z;<0UR4WjKe zRifI913YV|7afm40gYzJ8MleC%Y>!3dWD$djg?8o1o+QJkm}xj?S>5rkV2jQ5V_Zr zJkPE#Vs>#-nh{f&*0hr zXlYFpW_xj{)c&@A3Bq>MXk=_DjzJH32=j4~954X-Qc2mx40~+Fqh}%7m}X5O`8)}*r*Xm4(-W2r@S_r5T;_w`kKjdNrxI9BbCZe{qS~TB z>BDy!g`|vBh_yRC6XLmq_;&WPUG8iu31Kc4|3Y=2LjV4yF8airw74l=9Mc68aJQ~L zVWAv8O^!*mSRz^92R0c$ZX8J2Kfxdejyi{nT^f|1-g+`KIAeJ+I3j38Y$g zBTsr;2u+b==_hSYkwRgd2xgk?QhWgLR!?y+wxKP4k91>`v|5sfXlT^@{dW!EM)|OP zYY)-=c@SfUAHEANz4TPYXQW#>BnUv^9fQ&ssf4g0=W&XXWJsYPiLyNDMm~rI6P)jB z>s|?)ES_;?Ln8&{50L;99TKmerhAHB;GHY3=1tR85Ckz44XrEY%2ibt6BFyn&A^o> zN}%fi36R=7dBXmTB&JSw?WI_b_$|;1)HMCN5#dr=mq`5a_;JmJ;jOYNm#Bu*!W(*Zq9Vb2x*E8Wl;TwPf9YF%+5a|^PwpHW8!5X|=(;1W!;iDn(9hiEX!@_S?c z!@*SYcG*q$!2Lff95P%DksF1qCvWf+U+*s(Y-%_tzBb9t?9^Nmw)m$T83si8@?NH= zTTkp|N1AHE#yCa>44qr0c`V9SCUFG|BgIH$Ki!Q?(t>eM3Jp61(*}B!VEgR?=nt%D zYJG6-&_5vZf`L1Y1YxBxck0Hgb)^0C?Co8b)Dl*tO@Z1ko>Xs){+~^V#e*`%%Zwfp z0O+p)d3uroaKd?DHcH@LyNeu#1|lS(?Jsb($Q& z!EZW@8p&y9S>MMbH+1qkR(=%yrY~y{39hNgq>8)j`ruB3W=o5Eay1P+{7vDYW2-mz zir$X{3vy3X>m2!cH0?8GouKpirnqWFG^qLh8OKR>i%Uv4n~l@i)IvK|>kZ+)qX7wN zv;NbvN{dMga%SUG?G;##8PBKLD&zj(*;=zk&14&$Q3*BRYw`n9VNXUG2pA;+mX`VJ zrY2l&jh2@v2I7aP5+-5K7<9?hY3bGX9+15LX=^i3lDzlsBUe;EDdgna|GO)7t&Of! z{T+;V(Dy7HQM*l%ZhrkwfllPAeLpWZ7Gb#1E?(O2U8lt#I~rg=M4@_}%oa3`$` zdZOv4vG;r^i-K`*;nOro1&pSTOQFV`(!k z1CKMod~3KvV^h-#UB%lv)xmTbeWj#fr}OPFnNf}$aHp@a> zrkUGgc<0ik8{X-eOHip0Kani%dObQg2?9yJvo7;`VbIWVz6RKI|Nh+IBtYFcZfSE! zr`S4>C-$$6;7(7R@Mo(0)2B~0qerV)VpnZ`Q*(B__TjtDLn560<5xd~tXt@)qwsck z=W8z2XPdWo>8ZWYxMi}#3syAxoU!8zW5Rt7Jt9S>@`={yDlSgx*JubicyYgms;TA!Rlf!CmbKXF&1Zxv&_Z1d$8eP#dgx z)anP8yo{1oSAN@>RGJ#RRrx`@1RVj2bU`4K6p_p{3TC07U<7v6PFedA|eC=Q+Toy_U52?sQ^e%guqn8Nde*RvQ1 zdz6ohuA=70HMQnnUss3~Z5L}KpHY~-aBwZ7pCu^BimFF}J_2=aEso+ufW#3F5w;?oDb)lz2>VryId|z25j>~ME*v#^18zALC zk@7WGh#y*$VczMUxQ=5S9cw0X<~^_l(3yLH;b;0cCpjHozKV)|1Ljv{3>a)RlMgY3 z3PVjif5E)(E3rKb>y~ES@c}BL`_fv$r(d{z>=e*HAffgYPnmx3&4Qbu(y){Trb`ey z^e8J^+vSx*ee^l|TJuJFMa??#{COh1!#@qm zv?FJHZg^ik3r@Lr@!h7D=Bl(96wSokwOi2lTpM=vkZC5H-@ zQvy@nS4Ppu$S8bT;F+xTK{a%bTt1}-9lMx$&b(rk!wmI6*Dum5;MFbNuDLn-%<93b zRo$X4dkuBUGCev`0xss2g7Nt;D4v+6=c6L+^pIG5CR*Njta>}0Aryjx|dsqU)FQ5z!byG|w~ zlAV#+T9^jR`Zep*^G`ah2b!OKw%u*|@YylLkoG4NCVuRZ_*b$yRMIbZd;6a>$-SiX z+opCG=_Y3Pmom5ZJ>Jy~^AI}W+H^MuN;@ywnKAp_1Kqy`F}vEEFFo!w&kRrPXE4_9 z8yuW*9Ex}91LNL5vHO3fw3^qB7-r(Y{lzYJ>PD*{&!yQR-kAszIV0Ws(A`%*s`bO~ z2@MXvuA;+}RdU2>bRD)k5Fg);IHe8N#REG{r*lMmE+ zCjGTsGod`TN2^JXI;EmgkzdcCu5Z`29|UfGHc8K{_z8+#3OA5q?M4{ z3JolIf1{FCbrPkhhbc~Gr2Oj&&5R{d!*beBd{>Jy{+eGbDH5j>rNY!H+UJ;Q0cknx z9S&Wd(}WZxGr^)JdU1PDf7NP}bgg4suc2hzI^?NbNOI}W9v|juEcB^du&QCh$!-JH zFJ?`a?XpJ3-D>z8y{Mv~10S5e^iVTVZ4g&4Ro!g6Hs}4o`C~`}X5D=DETNqcIUP^s zX=Z=_kq>DWyDmV^a;@Pf*7ScPinuBgbuN8xfMWLt(4C-!lbSRJy&*U|CGn^kv?s&D zd5;8jQ(8XH3u{aZFQOW{`)bL6 z2~xN6wvE>qb+c{A?wb%FGMha4UR)RAMd^d@P1cf&hen0Ir}2VAa>Zt}7MX^ZWe58A zqzC%Y-n6J-q{ZPc^NvhSitl!-S`(Sq&EphnsvD?Bt!R_?3XGY!$bv#1wk{zKS82fUJqRlhDufcC5CJ7Ko;=23YCTs{ziO+XVDG&O< zd#4b3@lLqSp`AJ&!qhG0b%qVkS8jFhew4&eN}mUmXaX`n@BOmv9iK4KJt!h2kUutg zk@-=1f})91R0aAE?u+x+ME~z6o|wJOJ|DXDg^L$cZEpPA(U|M>O*C;HR*k)P^&YVB z>M&J01>(B%2Z{!k*I9}g7+JMIgoPOjZZz*77i?`QOaK5MEbA+ptF&m*Gva@5McqWD zt55#@9y;b4+`M4|$DT0wtC{3^UXN_g=Qj{}p0mq{be&?Q!#K$HaJPzbZBIceK)RSwh#9dwu1>HlZjD%y;Vu5}BKxskxsIHzw-vQERth{cbq%hZyiGk;T7&8DAHV@!Mm+9824~W}>nOf13 zbkI~`JU4Ay9*$ti(dcO`aTMza44%1WhSq^cBN(!g>vDHoC!PGNDxsdV(^~q-DYC|+ zye?AIh~59(2}@?Wntknf&M;379m?c+k^2*Go@9F!tu%m%X%VG+6#qZIh|bAde2Br| zSR@HiQG#~@d3rmbGTp(R5)usIdd$BD&!gQiJaPs?0{Fonnwq}j5iuwb+7je=dI^t? zO_!ZNUoK@|N&I*^sF+l$1$w%F=ZZNJhg!@1XDjU)eyYy{u~NzVo`MN1{XU%q7sPij zlVwnsaE7729?NR@p-r5Tmck4l#u=v23 zB$T=6BV1o`&E&Y1);Q04QF}W;OemTGZdl?d2WWi(gzWuDul63azwH0Nm zDm9@`#iQq%`t11kAmM~p`s^vr-HoAqr4#jPUH15B!B__HQU$Gp;rrvAYiMo>-39>sE7uUmT~m_(88Kpm)pMXV)>mV*qt5(+(&ckVEzH!{?(dh; zpE7}>hMrcG*2mym|K|-@kKd7R)im3{>e;7n-@+JzaCOrL>K3FU?1^DcausK&04X($ z!}n%u>*(C_+Jq|7%|Pi$%G{ypzLmH>#Yw4ACw(fAlTc%lMgLEl+aurYL|99D>OB+b zvVGc#lS~;&vz<9xZR(l65QrjHJtnyiI=8dv1)MCu;MmyM=^DEx4y<37Euj`}iW?AR6hol2d$JD;5> zn)r1P{rkDSm&^>X7q`u`OOuHv<^Sq8z9Pd;V5;I^PLCPZApyVJ)jkJ4UhV-uvfq}JE@4Iwth^5zJ*U9>i`*mA1ygXK2u_aU76sF;x zy#ovO-|CfrW!t2)r2YdXWe${H3B1EIK!j%9^z!A4p1U)~dW-}9IwH9U4CH)F(I$L# zj#}*jnK`7g4DodJ7@zmw|MND8DkHPjzdZ!&!|~xrt8;ln<=y&ghos9SY0Y3byi4BW zJvy=Fkhe+7v7-2M$1Ev2YukHakOR%Vf(w0zStlj@*le<|DB|ubyODj?Xvy1nubSyS zwBkZ*TEU{3DrXDU1V7!AIU{~f;vMHnvpq~Jdky^4>)0@{CXLG~#X)PP`B`o@!sQEa zw$16N)&9vf-LLJ$p#1P%+KyB~r{*@8NXuTbUkxn7h}Y3{%ume?{^;O0>@AQQa1H#_ z;=6Z$lNo$|zdKf_JnDkO7|&q+$iZ4`V`5rf%M_VFP$K zxc9fNvfY%e9CQy~H2b)uB4DKR-?QeE_Vyh)en-%;vs!ljq`T~m)RE7yYnM?Nap;QO z6zBYHPP<%W!w1^c#~2SvZICD#trIn-IsJPs`eNC=%DS9BO?b--{ap8WjAv@iMGj7Ddf0k%(w z)Fs5pppk=%cgB<^e41wxGjNtjywzyvA}(FJaaW;^-=Ni{SKZ`CO0QAzxwp8tqoLm( z3vs>b3qNFXb8}mMZa(8?pp>=ZcwxQn{5i z-F4CT>aFLa_F`0TAGL`3Zhl=iubL<=7SI9_EN`{DY@q3LXeifd&QjsvX9vONG~|ah z!$ZrOjNEIa)m)mE_CwY`tK(RGK>Om=XWzzVT&`+`pIlR+)4*_}2d>my_G!!#;v}p2 z89eWwL+5M8?|5?AMX8(mMo?>u!`EBOch1^V|sddQ$_$w`Ym z%SASFK?ilCx8+YE8+_AC&K!6@rgtsu-~pRI<>Qc$*pl~-^xZb=(UiXnojmOIKPplKOr|j2n{BkMtO>FL?Fc7(s!?%e{AB(MxS4QhS@HJbXLMz%6Uy zKvC&xWr0ujrs&Ha!-lOM!!rfr0?*DsXE2LToJ0!{2oouinEes;6DCGf@ z9gmne1x*|%&>4zdYQ;yzu3md|hTBB<;*Ng;WVNw_ej6~;7eWQL^LzG^>!Bfg4RI%f zQ2wkzp&Q#x?z!^@zlHfwo{v9Xerl4#ftHd-cJj)@%I)joNh(~lQGvj^GfsfMP2Myp z5T62i|H7>0%O7m4CtN0gEj)MbO3+sk58rBle8D8cNnXUsk&1iAOz1O);>F?x&?t#1 z`V(Eos}Y<<-Kyp4SYE2$(MTO1SonEQj9Kv6QT4x7D5f zn=pBtkyTkX2{?&|)9Nmwnl39pxOQAL;2^xeslu!_-?9htLY_xel}kxqqhy7e)Q^bxoHm8ID2iCS3h=l{(c+y3_cJaV1D{eSLe z!$@GJ;Z*y%Zw11oP~gFVr>Eg?5#IwKaJ*%N`3q7-Nvzv??o=SXVMK!%p_LX6WiL6- zB@!Orpyiux-??KdF1~vn8ip1tB^2P?&)-^z;3Zm+!pvp4TTh3CYq`UH}CvLsV}xq&a-8 zRi4vvpU%2JHedVmxsDvXz9~}@&TwM~Vj~v`Wq;6)&v#159 znD>;F#29h_^T`O0SE%`gYWB^8p4~L;v`?Qu?@3+U5eVK22ySXfEz7I2Xsac%H*Hg4J!JFF0zvD&}0i!m%qx6NfJNbs&@!k59Z zpx^9HeZ1gvNae;s3tlO0#m$tUMs#ZI`rQmZsV>t8ObsN8{{;=QRQa>h; zFqVWWwf*y~y6LO`#&$8`V-_$k0?}DaOl4B_p z1A!dA8W$P{BMonk*$hMX$g0>Dd~W|km0DYpGk0j{{|{9PW7bdq*u!P!5ylv-GPRxy z)0K(gQ>}&J7t*HO^+=^q7Fi6y1Qbkd`FW@-VF1B@(_VPR7>ixzMdAh6s=OT72BBAx zhqc#l$TQ62GrfKH?l2P*VFsAB^>bO@vj1`ctRX*8J6Btp)A7W!aopk?gxmK`P0TpA zzEEs0G(vg4kXi=p$j6(EK4sxgnz207mtYthNQ(pmuH)6dWEDHJcd z8yBr}{}ucyB)Dcf3WHihns!?%8Iw8w!+$z>ymk{ALv;ySsJ7RAbBed|fWL!f`7HnN@Z2*P8vR{ouWsT$ z(2+!qDXO0VH+H0do9}#w=bnz|vgw3gr``{VWw-~MXZIvVt8$seeU zRZIg2EQf=KGWV11)rHT{%Ceg=8-No)g~0o=k~4%chV+80mBXr_sAv-|TDiGMpsYkZOrQu~h{I&~wAT83vEU@;|G@`*T~JWKPMzTUY2fJ5{nT2Cu*%nlU$rID356YJpxBF(lpU3%^#+4C#*~7D6|DF|=2Go?nNyF%>Q-UlXWuKp z8k!OPl$G6Hm~o1$1wtu7PhZJuP!G&<^su*o%oby~-0TZ!cIl=ArH|0THZ98V@h@2; zwr+QQ0u(m4suQ8pG=hVI{?XPxrsYc4m_r9*dPm0>z~4px^ZUgw>?4*8^FFQ}p8{Hh zhsTSLLnGfnfElNHjs?efu;%-xWOwA>E-5iMcUThSo&(I(bo(Ep(bz^1sZI!QNqJ#k zy4xI!i~+2sn;J0e5oZ9$Vo&xjW#S8kC zGpr9TJcrzJv92PI5zk6FbC^yvXvsc;kL(9{3Qhw5`OAr7BX_*2nU{b6^t@p(l>-CC zRlGKGcbH`)CJq!{^aDNuWcFFoYTw{nV7689!BH!Cib^XKvD{8vBA4#$36IAfC+GXr$_{uB>`GeEiTLn>>wSUEa91d2=G;v~J_;zvu&^_WpMlDX)0Y z@bA_PxStAhD`K|E;&eNBDaECwgZmKxz7`KjsQ*ahUGL?!G~EtzWs<@YkG}t8n$Ew| zkS*BFGJliNG*6Df6|<3p+KE&i^ba;st-JEnbLAEb*EB!9`n&gpHs=+MMAHE@x{rRl z??YPpJ-^!kTo)*{1w5N<2A0~*Q`w*E1j9rwT*_jK1U)(u9LW5mAC6f8LFhZ`Ms8m{ z5KSckg$@VO1qk+5fmW0;r0P-wOpbJ@kXzx^Koty>jwrqYl?`a#v;H@zCG^hotEx1Q zS}{rr%ya#ixZ-ios)JptPL%Su{y$$S#96Lbq8yenX4AJbJf9|F$D6JpDZ1r-K(V5poxa#1t8cP!&ET4hGvxxl#dy^>EYxb^R!4Ru~FTN2`KahYB(>l|r*7ZVWTvYK&9m_bIEW zxPNYode-&WLIJ40%u}JW8a*qMQI7EBAs+}LW4G#e1Otk(J;A}hFb^jYxW+GV%xR-O z-!<=8O%LqUHr$|30M-k&hrIqF%X@2U#Z*D=E_RABlf7ZuoSZ!Xs^X~HTNT5+BOW?n zBu5SfwIn`1UMk~crr1)gPNIhFI5R>wJVFZ@E;ek%w!wSMl6Xux1*R)_i+zL4zO?=H ziYQ>;;rPIu`si8T-aHr1k1xW4A`r69&Z`}y5t zSXgpJ)XPgvSp;VJvVA{SPkghUG>Nz!)9Ymey*SJhjbm;_Kf8I(=diQD6x%rIjmAtrmz*SSDjelIo|2T5fhpd3=yd!_w z%$Z)7rf0;kAhtr|L2EB^6sXGJ<}Wx{rFN|QS}6mC9;RcDCm($oZ4Px+wzrWc)-EvP zEia#4ZjFMTWldf$m~oITLLG*92`O&c^ywJK)WX5b=>JbJ9gRrL^5V=(G2wuJi=dVt zfVO`9`mJA@c@BG<)p!#SJwO&8WVVH{wx2P~mn>9jeDKfJR-2eMxg?MrX{_zU;}o#lAtXEYRy#Mz|Wv(I~yY=}mE4ozB^#NTdZ&K0+;! z>W#c_h3Y@In_3VTKKFj>s{TJk<@oPx*l2Bd1O+f@wtR?SfWgs~^;jiQiN-ulG0%*? zU*&WTyEVla6K&v3E>E`$8+FQ7>~lx;-j5mBK-dF}$oMJWAl{Gaz5#nR*r_SK6>jgI!c`CUS#F+j zq9sFF{%^6lLy2t%T7FufAsJ%aJOyqEVcx+g^6+8V%LzgI;k#m`(1y+&f1;N|;$`=@ zojF@r8Mkki=Ea)P9>bl$4dwdD1QpZ`xdYGl$WhJro!~vFR{1P{;c4u$IWz8&w85zM z&_6L_hYX=4c)Ird=nPfrTp%^80b>dr&t$X2@BzV;8L?Z`{{0NzSaJZ&40MUckvL=!azBX|~A~1gImOLYjk_Uyosf z{EAtc5hkw&$ClpeGe;&!Tusoo%LLtqE@vk3*>~J8>3Jpzvln?*y!4Dbe{pDy=Vb>s zwI~CPr!gLtQv6~5wAi9626%#+WE_7X-D9WAv;f0Zmh)SVsZH|Hn17^Bv9;~kB-6*D z#-GjKV>5PzzR(&m;EexRKx0YbILb72H1XzSRST!s^%C5nlPB(o6KC zi3i>}P7@_@N$<-*VL3VH@vC1{H4HZ+xddQg|6<0j8G)-z3Pd=;>n$7%1UQ%vpcUB7jP9xQd%rTcUs^pZR!_1dxfTLa;Hp|5GFJl!R! zV*15UgYFm?dbF#>Ou@6$c=ota8O#MKG56*FDl6F#`2436sJFjDnNKTbLXGa9dIXvh>^ZOzr2Fm zf}qZ9+!W38cG}nnb5b`P7XPzz+l1n~xBSod4n!e zkERXJYLHYNSJUuv4l#lDl0at4eR}@Ot%MqLm-e7IoyLTkk%1EsSKXUkH#2KP*3k7D z+vC0K4_tHdbJqIxJx|~7nT~#l=tS>trVsj*Pu~|d*kn|L`OT)_z;Bf!#20vVFy4JW6X7Fg8CNj1qsuMTeKF&Re2zVh5Zt>}PU{6R=QBcy>eHvaj+SZEKi3XbZ%P0odc3+pRvLY{B8QUncwd@6&iNdz% z^K;>VhD+e)Lq^d8F3WqXxGYi6Wrb41KX-h~?*{akXnn9^<(UZ)hVv8zH8-Te zd(g-!q)MxX-w_Phz;9LvR+pl=d;PvtpYiE{}pjmn!mc@7}3fbp5M!sE2#TD5s1W6UUhEfi(0ut4M?RLGQ}Xk4 zM7T%RLnGH^3oLy35FBI8)YW<%(9y&8dSRyQ9|yTg!_Av@ZUgn3J`cM;2g zd+E|CVz0mcdiU<#b)@m6j9afihZSKr7P!gpYJO4CNy^S2V-MZ8IVCr2X}06S$Oq#) z6-_$asQKnu%yy$<22TAGeB)Vjf4S-zsND<9!w-qf$?Rp;40h@VS7F3Q^JlKgmA#UO zt*hKUF*D}Uhfm<)6E0ZFKf3eWlQ7{vI8DkVVa?d5WusuFbt^a|nmB%=U)F_Pt>#+8 zX$0V81Bz&P;D(DnVBOsppFPj%Z5;XBs7G^v=7=F}HfpZjuP5Ag=$3op_OKq;efMnW zVLRzuC;^IykL~P)@#Ftc<)XF)`l)F4W*Y;#yCZEvxyMp|%t47i5hwJoPeabtassI1 z2}s_fW6+qkKR`X{cC(YD%P=Vy{YMxKP`GSK&3DEj+Skp)L+9y?Us|snrg!V|s3YUa z2--**v-NK~8#OZ3Y5Ybv+p%)=@RU=U?z8sqx{{P|qQ8H2$7|g>{Kocy4_vU*e&?b- zLit^cy1!=ID0TmT-nqiPfDHATK})`|+}Yvj3;pHQ{@gt_N3rLI%5I^*cLsS5Q9EY# zT{dX;M>ox<|BP)B^M-@iw?`o%k?yLKogKP?D&8`$l^?nf&Fup=HT730{QUQCwrTEI z$4v}?)$k+^>=oyQ&>w6&yP(5zGub8#%-Ma=*hz?D}1J=L9Ye%C$yJh zc1rWRDrddhFIQ)gr(D4%r{sabn<3lP~Cg>d=WpPlPEx{U-+(_I|Z+P6ax}!JzXwG)ETBp zogvvA@<_I5@x!SoGv2;U-n1aoI3Wg zVO37v!E1Z_>W#NA`Z2D~ZF@Hvmsh>xTk~4FyZBAgi~wNg=jX3qupsu&-aGP0lE~SJ zWD5#e!jU8H(eJvJuI~4#*Iqb(Z=c__CDl-XH3I(pw?I&pkEQ#KZ(bjC#2DoBPe!A<`=wIn~SS zdTfWv~wfe+U@`@-`Fh3@m{mMblLi%?usA7z0fG3Ep2@q`^1{2FyTI=j9DeeitHEE97n2M3zUxI^6MCJJSS!4_X1z?Ku`VF8Stri3dQyp9k-*{GJ@i69H zTi!zrQ-Voe4x*JFdBvSdS37703**{dJp!%BH|Y`G=%Y4d$chK2=K)+Hssi=A6ugm; zc4h60U3l!#yZL-;JfH@xTa7+&UctszM_!qguMTcmFr~R_G;xqxV7Xk1&8chfVPP;o zlIp6smf(sWYlNZU`hRUFL+Q@bx?!)ua|)7f`0NY4Hj1wUKC8z3l=e5%YY5FSAo~qB z&i4P~M<;XRxP{CfVoAJPzSYL25-s9lIb%KmGAXh;p`itF4d4vW-01z%d8T7-AsGdO zUApCMS|@XB9Dh}fJ)QAK;lV>|xlcGli8Zx$Sr;DBX(UwzDibcZ%#wBhAMO^T?75t^ zFVAquH*Z|;DNl!OulT2qJdAKJ(8Gv9XaY@WHM78YZIwAb*BEc~BLvy|%&my=3I1;z z&3%7-QWJW4cc(PVVj1h`cm#f-8Z2ja6j%|o6}%o!g?>ppbLI&00=jH8R5fIZG4{n8 zIOwn7!%KZf!*Vmvj<4G2>+8*f!wbWEax)MmN)glw{h?6+hqK0YNR+lZ<#-DM4bTQW zP2SXHx8M_w)wNsl1w}QPAgsRm0jZubn<1Ri;u;@FidO za@shlQ>%!c8TPpF^)Wqr_ALGJZ2ayt@5EKBq?VJ=C{OGEwEv7Z*`+3KMjf4>> z8l*jb-`=rbe1go@0dJ~J-i336HYpmG)fj0g1epQfIssgPVD&L2n=!JOnr6GSNWhbU z#=y0whN*09Z`*iv;Q(dju^7YhG{5|8%gf8d3ntEFiyzx9Q_IraypT=^EmmAG<@)qd z3!jEB#kRj}TY*;2s;r<1z|q2_&aDV|`H$9I9t_Fhw?n-5B37nbSJYsxIc1c?_qzPb zZAn^fRi&k?Sr5R_{uWEM&p&FFW9SX{ZTt1k9Y7ZCBn zY>vypL6E7YdwQN9ttY@yF)^-k0D8ReVCfmtrv0EDZn5tdRBz@&4VIR`RA3_@>d>31 z$4KJMZ86SjPdh9LtizgK1fK2{V|id9C6z34eH z$URZ3$GM$9V7b>+t{6th7)`t0-CcX(#?j7sq7SCSS$zaWIrArUk9iXkM|l@@*S09v z-i-PR+XAsQE(tWv0TqzrPHlNB?NGx5qr>FilIBzK(!;akw z>kp&kjvFVcdH6eYv#d z_jbFa9{!pGP_Hzs!ag%8eV%?%^vd>mD~a(~c&*Dm66pRUC*#bSy~F!wR$WXU4 zajIp{p8aKP+W9=0qgK9jL&7AYI62pVBF~#5wpY<)^A9kt3S1;FS?1p=4xUi#E* z+0l=CY^ql*<&|$WT2)zaBucQ?N1^dz5m`DtWtgNKyKgzhCA*4AUEkPp!c4sx$p#Oe zmW-0T{H^{TQf!5LB_+^9>7a1V01cp&KF&DU)u8)zT}PrGe$xiZuVD zf;mB1*+=B|CxV7W-r+YkPhG@^(yRn9y&Z1iumEwDv?(w%JFg4^V{!3wow*1^*hQqs z8b_@ZWn{L0tX9lCLz{+HLawm;e8=I{&Yv58aC*n1D1ol?Y}3c_mC`3DHS=q0m4{6m z^FyzQB<4i|Bz3}W-7R6JoSND;)h}%PV6!APtJ2Qc?o(44cD5^h6x(v2^kcda`OZYq zDD>Kn(p2|nSLBb%5vtkePGKG@BZ+x?9(z4-;mmz zJn8&c=fo)7F?J3L2ehnPby$1BI(QhtNwjQ6A=STS%XxgnV3o|1r9(hREn*HvMXg-k zMRUlISk1eNrEPPZVSadzm`pq~dbSx;pYfwAN@{-cpzqjSg5q2yXME2rGqs$U2E`{P zJUpG=Jk6igk1iZfOmv2^1`Qc8q_J<3Sjh5Q-iou!NcdO_UAlJFvA>i;5a6foP?U`T z-$Bk(br8Qn-Gu!>%h2RbQ*bS=C^8k*y9?6}AU=Ct>iaEEFXlI#ft4)J(RvEncAw}Y zd71ry_UrjM%X*@thj7DIZE0|R}Uh8Hg;8yxRLDI^mF8&4R&%8ErK%(ah+3md*A z^TNBjY)tM5gM!Jn$_<5Yx_^<2k3pgh11;F_R2aMqPHBNPQnyoNDNLQCx zm)_Lm9I#MHrbFdUmJbRJRvNwT*eYQPDuI1ZCW9~h-={e3?R&V=yuW&zHP+&GFHe2>5bZ&y~7e*@%3@zI4QA#p^*oCU@^^(v$D34Cq6MXS4cTf?1=>eLX!jXUJ5C#l2OMvxP1&7a1$-#Rubjrq@GA z6T@#RJ`)Cw`q$@mnh&k;#jVB5>OXu4i}P}S-gsWH=CXpL!S1kxLPVMgAKywYlGtUS zA3|1m|5O!BDQI7O)|7X>?%um65G2B;Pl3C0{YOJj!S-mqi;D|pKA2oRT->OMRNJwDvD zc)rpw^YOH4({y_*%5a^>Sq%^H2{NEThQcVQS0y|8xc3+P-5-#79H|01Zo_RdRWziX zw+VbHj;*?p* z3w(Oi7bWr%=6`rsb7q;glJef==cE6SI%lq|XrN0hXa48Q-4QmY?sK#qJNA;&1Ku53 zik!Jqmggk(a5#xx$8P%ip@MtTDt@l|tL~5?-S&Mxt-apSv5xGkJL1jaAK z*m?(h2Hos_F&eyqJd#0iP;|*_1;-X17HP7u0(vg|wZPs!2XYp}xUpv+b?zyLoU|#O z${$@q$k^@E4z=AqwBFs_ecCjM1=f!t2Qf8+9yD6xvyRzc*zz=65HeWky-?6bg7}>D z<|zaP94hcoBxY^>_HKd7b7&bt>xh@5Y!ns}qReT*e;PJy7zxP2g-@Ruz&?BN{{0rn zYTv`HzLO4TpRq8Q2rxXAdsb9L~MMg8RQ$ z(0bLPl^@_`D-Q4F`~qqcde;Q&diY%=w2IQw0U3Q37H)cROENeK!brdQy)N#Iy-5)- z5cwizQ7@{D_0cxBh7d}bhpCu^8sbA`<&XidA;}!VaBRkm;3>(N4;SCQUGG~LoRoq> z6V|zc!ePSIlD}6?kG=-SH8=0F^q2cG6rJozmI1pLxVfabxOw;$}k+8ii)Oc$QTMb7A&(ihTX{Yc%r2C^35ATfeDa5 zf9~AE3(23+*$Aq7XygoRyZPCTMJZ<$$L^YO9F{qZSTg*k*EJPtX~{o$-KNhqkX7U!Mj1=D|UW>8gH_SU=Jxu0I> z^3VUAhjw5|%TdYxWPek%W>TWo%(t+9rRcUOx71BWqt zPoBg!`{Q4_6zm#&KHCYKqtEUJ2|b#ts1+>8-=p_k!RfQ|NK<5|K}-+b^87}ZsSce) zQi8~WEwuhW2?=cckKlVHLD}q`q0g>QI*A39mR1V2FJ?p?&5$q^p@0@p6tt4nwnBIvBmGwQM7G0u%jE>1)JnGL-;aFRwRj@0%xjY-;Eh6}Cy%YyV z&fxL>Vyt*r4}k`~MLd^)H*(QGjOEx*x)>`fn^;A)?Rs@;PthAi#)~Y?IJoeAq25P< zRlfXMLM=uF^P{4J68=B7-UA-XxBnZzLXnV_%rXiovR9H6B@_+GD6?cGD_?}Hl#x-& z%DA#ZMs~_7qmmtkB9c)eBV_#Fr@r_7{GZ?NxnB3{zV8yQ>pYM1I6j}xdnJB`4hfE{ zGiYQYs_=vYW;BCfz#*0uzq< z{dUj1R|!&g!Vu4M$W<^kYSnwN{<*QOoz$IrsY}hO7Ov}K)tx$anRvCr%8R|pL@Lf} z%k8kRu%IAld1kQvv$K2?R_^J{MnMMFOVUk;(JUq*|!WBPKcMU(P z4PDp;6HypgIJNoX*FtjNKP2D$P@ZAh2^&uw%hPf%dsVm@!$xvppeTa#WHjJESc^KK z+afk%%$QJbaN9BYggX^#(krZgtaS!8zeBSFC3X_tTG$Et z%}&>1pN8+%2dHeJ2q1D6dg;0HHn)iRoPnlP{FIYl;@^2_*tC_srcp!gorU}C&(B|p zN#x4oLaaJYOMoco&R?n@n~hZLGzdvNYjE7v- zl>51$KoYpPVGm(CAzt$hCWVqhg2c$V3A5p(GP~e~`wvi4OQp+Tc1_9>V5EWWS3v?- zV8egLhHooh;-cq2PiDiv$dkc0(Gy>4wJyT{4O-aOM@+#<4!r;U!l?5kT`E1SOons6 z1r|Z*L<*yjF3Eu)MqVMW_+@dGJ4V$$1|avv8RR^Xj6I$X>z=#>-}U%G@!S}dryBee zUGppN7q*Z*hbHn~tI6QC;I$us-?B;R&_=+)yCVgCD-cjPjgMdiB;7YuO= z5ru*4dPd|75@+?Y5afWjgW38j2Fmz*4CtUxLa{XJOvA^$o$t{aqlrkg0H=p4{Tzrs z;_Qs7^3`LpLtv>741jB~m3-pX;V(^8TA1JKh+ zgAG;JjAL*HG<^MqeHpJc^(v}K-Sg)GIXjqWXl&H0b2deu3Va828=XNS1v>>qIThYX z+zl5OWbx{cB7_=lM*iW5F=1d(rx}o+S3!R7wmUZoqv?4jW6#qrZ_eoIChKKQ2^DjA zf7uJmQjij}v$YPAfyZn|RMhk5&k^7P^%=ryr>AQ#psR1Zw)9G4LjvxYdD<{GA~vHY z5*6m3?p4iphHtZp72^*&I+1Oj=MKU&sv7;>_)*OI&@NMs{)&BwjB*eg&O?~>@FBpI z9n1^!^ZixWpz&^(`kI=W+S^$+oq_?-y<^5kMlk=G+YY{+!B_*1T<48ohy!_m6bp|K zRAf^q4PJOIFyDkEtN#!TTb7rXEmwU5N+YC^zT$9yy-)dVBe5eiWu>Ji2iBMTIfNnJ z9ZDTz0(l6Vu0UqXpR%dPA!z&g{quC@Kydi=t7fqqoM`IBKY!XOu`lZHk-dF+n!nQ) zeJcfw)F>&lLNGW!hkju88nL?CdYhWG*BCOmzL}>9!@%XO+`hn^e$CC*9om|CnszVj zTIe1=tofW@r?&delFuJE?&|jNR4cbLTnsxlb=pQSB)}TozKPz;{@>*|?KQ#q;~N7F z4Pw4C5uZFaSL}C&q}othD}d^D#}5B}oYBKOR{=~TZC%|aO5vL_stN7p{gTg&fc40xu z@KSS_QPr)jS(pd3cfpz%%G)WE*Ak8&*`5<|Br5Bz zFBf@3O0yqFQJU^}`@YTlFQWC*UcXx-T6Z@K*T`u2%#?74Z;AqAkpb?(CO}%erR#*K zrHL*4=e4AFCVg9!4||z<^D$j|*&39}HMNJ?^vLh4oC-&-7Gjv=9u$!$b@E2TODXHS zYN5VQXqr}oCsc}FUqGQbQyEfFe4AI6b6=CQ%08C`G0Wy;8x2GY!8~pZU)T5HvkY%<{uI;lVhi%$4 zYv~I8F6$1ISXT8hLhRbZ_AT=Q{?#SYQg8G+I7-CBn_`lXvyyT*;r38Y1d{rdJiZXp zSQ5$2*yIE^v8|KdkvH1RJj9VeB2laFqviNfdU?k6A9B;)(Voq^tO0U~HSEvJAKL8| zaW91Ukaw+5UV+LQqnB1&a;WMk`#Cdz-F2f@(y`c!iYaaOu&QCq0qiW6Bk{Y^>vbO} zLMX%JMp&SlJ1vsawu2m6$1c&gE93>eNS(8$WF38=_UFwug(o=38fmk7=5l+TRR8;F ztOXA5ZM$}m|Hh1QF9+qVZcDmHS%>OW%H?H0UT=5aEI7^g?1g!V^v%|X+3Js9oqo^0 zvkfx{a;1eN$IZusZckrCBsgo8Tu-gNXpvAIe>GrK??MPWeHHrv`vBuG8R~DX{;r}s6zWY%3?UxoRb~5QcI#)9yisG*gWmL8>^oI&WYAVf z3AgeO32Im547FJd$zJsH@(?IFwD==RBD}X1?%~*GLMcX%D=$9(+`wbyyiczDGuK9n zQ?C%-v90|wM_nUJJH6ki)B*PPh+CuILq{84&Pb}>fn;S7v#zBC<@a@cvHSbw&ZlwSZ#d<+wOURj#p;&8?F>`L zDBf!fZw?Iw6g|4`b8gQN)zd>gWEM*>gi@OH!M2tC1+BWLpHUfKwd1VVpjB2UL~X< zfUM3h*zn=KqwQV+B1^~{R(SSB?i0H#+RN1tez$j6qaB#gDONQ_s!@sg^T!SDo9FY^ znK9j2xu$gFnq+Ie=S=dB>qbYn+qcz+71?moa=F5RtO;5`2ql(>Ew=b+{??jYpwUp82K|g!VpRpm<&%@KRCnp$yFwJG_kf z2Eld5IK~Py8?Z~rKMF+gW{C+5N?V|I-=hUmE;D4C1a;v-I4TMIiGwRR_7ok|?F zyfGD!VG@W)I><%<7qw8#G(RpThlh6I`;6FSbs)_o1)*;FZ zs%I}cyBxhRt9I6QW*w<#P)0EUkXf^I{GcvZdw@NAalQTHeNXbZLj0&s-PtwhcP@>R zxh{R4SkVPZxhhF}F9;-rzo@$#V?%r7o@5fzMji441QKxiUSaW4~VRQ$g+G-FT3#Ey%SNW&n$`E60Z&mR0w$L zSGMu+= z{Bmiv3Dg!+eJ99z=9Sm`*yWb~eQP8<2N(9R!7PFiq}7U70)KxA%IJur_+df%dx&(l zwb$v5sMm36E$SWr{YNIXsIa6<0@e!ej0MDr0%rvrB$S$xLScWGgbX7)6!!!hMH8%x zY7>(`XH!qY_+oCNk09pF71HuT{zUMRKuKr~B>4;y-(i*yBh9z=ABavs-TCLI>p%!> zS6_h4hiM>W{_YsVe!sj$1%cRV2M<=G3+Az-A<1uR>5aw^48`pCXdZm43VL+{bhlOR zKwV2j=K!#FGo-EJE41%h#MlSPT)^le$ad>U)Puvr2vy{<3y{gr8V+2LB$cA!2lkNL zYQ?^qAa&_DdN#~dV8nRoQf>CTedIAI2H1B0V zsc7t>@omHK3E@yy-aXlG5W1-jz!-?s*fuvzz%ZAC8_d!)+Hz>|3W{A;{Vub;x29;n zEBb^jOuC6Gw++3X+0t(aP1icq#9F2$21zu>xZ8e4sME&EXZ zvHjr7_-kgy!r5QIACuwEXVp@KYj>DQZ`ldSc&x!nW4*;AUZ)QBkP^v{|O9YZ>r>6Et{XLKj)O zXTC`n_{haQXR$h93pje;s?9fKiX-k$N(LZ_*A|l7?g+8c0&MWzT9`M>p&rKpo0zv; zS1P~-Mx+TD44sMc8U@KY#feY${+S>CzB_yBK`TlBa2;V-2KNIOm$wDW>O^0AZ&1P3 z`CH-mre|M~=oyX+&hPK&fRF8D)&QW72_-l;?QnS6cCnnqQPCZ6byqJMWFb@j$K4t+yO8iW`eV`vtPy5 zUkecD1Vh-|%*$NQ={;_Qb_;B{o+gD*DI= z&@5g?zp|07Ch)hDf}N4k(Sqnq1MuwX?{&QEOIGcs)6~+!Q~<~ej#GK}nGB2@W@jzA z3K3!iTM0P&VA%+qf=3G%J3BikXF0qB!R_4t&#xW(_g@E3C9O#g%MT)YkUS!!F*(O2 zy!`P}x9vs3wS*=a@=zENL17gT7zi|d?G~ADy7aQcwwOY%#P7_xB?39+=lAVVB4zaK z5EMj6j{HYj8?ysVIbGv0UkBFmBU*sep@N`}HH_rfK6gbxIhYl_sxW$;xH`V8Ny zwRlM!g@IAA^@9QasjitugGdVha^Oe4>nJGrF1g5~%$^-9`TP{0n- zEF+qu_XDOc_RwR_dl(qRVp^iY%PwbcbkFkA+ZqFHlUT{jXwW)$kn3ZAfg@Ej@Km3Hyzmb`MFkZ1GY zh~UgzMqFF%MRt-rC4R>_6g>Yv60B-~2mxq)e27Ov8xGFgpDkfSN<>N#^gpoXlk2NF zC;T=mR~;Z!CFA39@$s;9#Hz;*2YuZMDxEd(?kMWA6(XMt`+&s7(5;){gOCJ%q^EKv z*clcg5NW|{;{S&QPC^q56Z<-DfZ>4p-|osjE%HjuT$fXIMp9fE?8nunn@I9x>3oXGg?{I0A1ac0)ChU>C= zs=IIJc3Q(hw-W#f6#dXcI(2L$b^OE6&rjH|0?^R@{O#iL|Ej}!7U$Fyv{Y^$9$Q&i+0~GKcpM1eLK#XPtlWaH z$XeKN_Uu_if8cGi6g|?*!axYD(4T$J&SKsk6~zLPAPY;>!-wx4n5(O+A3Yibo?k&8 zrk<$(%r!rIz5xVQKU^Wix@F72w^IN!4n`X1n+2%wc7s`B_~AoAo*Byn&O2FZ$vXY@ z95}XMwt~WexKbjT)ei&>HSIpXFy6t8QD6wt;;_fDs=*o%R|$~V&Y?gJ%EUAZ z^m`O`{1HT`G)*!938`p<+%63I>zkW5^TCH4kv^croVcCYocH1FQ7{9J9eWKBeQKx{ z0wFBi*T!dUpNEOYOI$eh^aJhDGf(~Ux2%E-)V-?B)=2Vc$JuzY{xI2C<{GvqG_dx~ z-0PCw>A-D=m9+y!D#+$gdzKl2X8ek%%GS`S2^p5p#dd}&Dx`n9-*k4mU^}!`fQ8c& zAZodZD>ff(y=_~mfLI_4WB^#qqm$SpwRd9^3Np2gS9F2sHuy)(I$6Zm;UkUmbrvW9 zErIV`d0N4&;O`1eutR8so90^kfcs}nelt~{S* z+ek-CYYp>SeB29CQ((h_1oCxgsNt*QnxU&0^DRbIyt(ZMK8cKWiQ#Rbh86#KD=m<{ zt`2}Lw&%vF*niZqRuM?P|B-<#@E1c95yM=mO1aorJJIhSEJ!+BSUhR^d(wV(>QMLV zy7tDI0OuxXnJ+xc`W&fz%Ig7c!C66!l{QYsW_WzuP{=8Jpre~MKfx3o2dup)Zt(8h zNhHjW?e{}f$;i^dx?R`F~si>$R_1hcHA?R3)p)<#+>MCo3GX+H7%H_GZglSl4>Jmm* z6HQCqXPkgUFV&nygOpTU^=%q)ILMbb1*nTjDG@*OZUYQv2nrKom)UWaG2p#GDbY zqD{#<&#>Z}*MEnP_}h$wkl7%VLGdH)Zo-~z?Ul3vVS#5( zp8R69J3GW!rUdgUC#R>E!v20$GjQl<3-zHe+Sw@tN=J)b8GD5h3 z%;OM|RTaA*$Aa`P;E=R%yGipqi;1$k>!`CL@*IvMo>z4DZYdd!WOy&UI_>*d+YI>x z4;D@zv9v@ufus=XQR(SXTdCkvXED`Bh=%Rzu^r6NY8QKBsnqX?!}7g(le(u84-^u| ze_XhsQdN8~U$;Pg6n1Vrv;6MP&d#?lajC6kAZ3&OZ4+_-zMOT3 zu*a~~zLBx|qxl@82ksqH`@At@ExI5)5r^fBoKBmiO;O}4@yBxHJ@ORr9)bewh(=BT z{E3CAgyvg4rVARCf8ainNO&H45q*I{)}y{2;Ja= z&?@;ka&2E@88yMy#OP_58`wXPpvDtL2HKzRcUg&_OKs|P*yR2<52G?_I_%T41`Z6> z_wV0-m3MSu=4GP^qPTEQ52|1S0ds++KD43U$(xzqDq*bWV1Ts;-4OC^HRGxRfx746xosR0_!4_H!PSwDJu49#F2Nbq(s_X6Tl-$0 zp@MV3m-O|mEJ*vW0<-J1#_5ftz2QN1gRE?WOsKGjV?O^`c2D{p5{*?pFL&JM;f@NS zKC0z-u2w=}7?@)QU;lU{NT0iR3)HSClA7&Lbz;Zg46T!Z-K9sJBgZ)fwuVJaHy<_Q z%seD;No1-zsf(qayAh96hbaU`F#h4_ifb)Wo-$+nOucZwbg9wAXI|c+z=GL_j_#LxMHY@}!QF4KV@D z@{aGmNUzv76SmL^t3wa?j$g~(669PpaClw#EsAWu zhUeR}y!jXNb$FQ*g+1ck?lpVBJ$UIbz&mm)FuXk@w=Uf@Y+*UVeCxyoio;8%cEn2M zYGiSRD{Ec2pII+>-(VXClKCzC7^wNZY)3AYYgx_REVSa>Mee+M0~xpcUK zbvznd7)u!uHy7{q@?>D?a?t9h(=F+b9(ls)ZvFz|^t0ms%Yd`!b>%pqU zf#-r6wXH&9jr?aMH4lAM1TDhzYKT+yId)MhH=aTR(L43QAt8mwtYx_C_Y{7eUPx;m zBlgjvFi@>xv&(oWrWDUExc9;!40%Nl7W7^3wFGcZ`7zraxiEIrBV1^?Lu}_91BA=$wwk=)t{b6D>ZSKWOp0J<;*Kg+yi^4;R-n^8|?&=n=ed$a_ z2KnpKA6pB!KYutFaN31#E#KPbD_jz!J}*!{Fzfpfv*4*bWl?Lcrjk>YDP3Z&*Es1m zXLy7GZ?QX!^F{F^LF6}08J^=NhH-Q-ueh&g>ooYl(U-u5lI-EzX@(D3acql&Bb*AS z>Gu5%B9EpVFB1i1ea>blOh!)%-=+ZD;l>(V??S2HY$x&F7)IztOi+0IF{*|%o1`NI z@@M~I zU+?G%o!wGzaq|}9TS@)B#2A$LN$-)kK_VSr`{iH}G;blqgd`uQwd1JC?vK&m5B?7H z1rqFbolNX*?a$24?k&6=1tZHsK9Y$co;y?V&E4CBuUsO2Ghi!a{Mw#KJb4JiC89|P zt8^JOAw&WF@DpqKI+Z3O6a%O86Z1nv!UK^I*{auJKW0&%CxdFD!ePL7JvDJNh|l#< zUWNh2)}7W<*Zisxdpxy#f&kO`olYXTbr9_7DP6cn!50-?afSMOiW8c+H;`naK&%D9 z7~Lf%WtZU$33?HHx5H$|iXi*?nI3C}C8(L6M#`_x>4`Vfu=Qo-h%MuV}Qn)+FJ zIi^R8n1QjXp+>Z@v}}TY0^%GHD5fvKAUiQJv2yK&U}%^MWxZX-kQw#(2N0MrmRtte zd=;f9!GHp0D=PNy7}t;S_1m}HN^X-FZ9SGYL7fF&D7x#yS22nTc;{egJndH@w~v7X zelpV;^dj|EkOp9+1gB!WUYSiHgbUVq;`ro9tbY^gDverPohF8D0L476#S3+^sggCC zSQK^w3GwuC#SNgkA9W;J3Y5@OzcGfzan>N+1PTw5*&`Fd2SkfjTqS#oxPP1RN4zI6 z**uHFKo!QCaBz&bKEZuh!539N+P@aQb3J##7rh3d1a1MX93%pI?I{^m^%_5FU|^_%-fEN&23ae(z*%wcpwt9#L7-Gi z)1az?r-}akI-)>z--3&tc^Z?e+ukVC?7Q`RQ2iGKZ-|Tgh0Vph=g16 zoI8=4WtQ)`b;*#7F(S2#fpZ!bV+iB`QQhKeMU2+IhJ zJWxFDTW6!0O{t~}hSWzq5kzi87>|vj)%eGv-Krym1_*(r8!^y523G+SlYaQwb1*Rt zjEz0k5nlPZy0TYRb}m%zQ(jdFyssht2BDSc(ji8KN*}sIw**H%f0(8f!6p*sCTQK! ztD*lP+=vwvh@|nfrzzb&pnjrrH?WDWOiB3yfdYuVn2y{I3d(EtA#!`c3P@XTvB{eU zX9R|aYMYTz4b!Dg?Q{$oQPrR`$E`reSb`Q^#`5)D;HRZ!WgM@N0m+`>TBt!RL z{#=;(79p-qNh!^WhyV{2W||nxqHox1P#EOT6;qDI>f_@BM*JD!r9|CpShi~_5Q!X9 zS%M}$KEC_@8;u4m32@W8+f1`hgngU``KkLm9EAU)w6p$DU`dl)xw7~sBaa|hFLpI2 zL_|nHOYQj`YhRT4)`-}pO$HW-5+M>)lhnj9eWsl&c~Op<%IH(hfT!U0d@J>fr}ZhaFeLKa1cDr zHzw(jW3c@2eu2&(&BxB%a73QT;N<)ZE-F=g)t_&NFGu0zeH8v>3^qznwC& zcghNH&)t0y7MPycc+smz#NciK;J1nyev*+vvw3s9;y!6qwu#;CfovVt?|IWS)>tq}b^;GX@$1c^x%D_n-14$nD0 zzUJ}c$gBLHdO3C74seb&=n2!j5X%8EFI80vRh+-J*fij>fycjhAU9?ZUKOJSg1dH& z#$9<)cJ1fGwRqr>uH5Zvx-k9yJvGH4ZsK!1UFxY2Fjzi+A`5%7w4@7u2p+KO07fC^ zS4Gk=as`%gjO|c1r$5Cyi{T`&w~H1Q(55>>vyB-l0<<3>cpEO!R?_keu6I|E`)NBW z{$A*aU0y2re_th25gMX|LxT%*MKEL2R;H zMpRr}&zjva=6o6~Pdgnj()F54!d(L=qPwpYw-=7UU;d;ETSL|bN4I31ywqC#MDC*M z=;LN)DTnzHZ;Ziw6^cJg$(Y>Sz0qbfHD6@-P!L00O|LqFvo=W>Ou$`AO7U+M`nP!? zx67lr0rJMdi3u+}{+OT%_VhITL!64Lk&#iuV>(gZjrS=%)s*d zlcFs14i&tAwO%odZeJJmx!pC}-a|^dD2ekEJOb#Ex;H{Wg1}F#WceL7hAr6XfugjY zjSK-^f=vV}Y9j6G0Nu{=aan3X0Oqx>^(d|>P_|K|_OeNg=g0U&_xd_-8k zvV@CF_hp#puW7Zc{x7W-RVAG%CVKPVQ1F(!{xBe9mHfNap&>d6oiw7G38_yL$r0Hr zhagkAHFBZAVxuZS8KOzX*^K84a^>scC?jzt$Xi8}m0#e!z|=>5;4iB5>K3m*z(B$_ z(LjjURFu_p|2Javg~5B78*ZAvhBm4ODP0Dxi^=`izyKd34Mw!bb-|rwJo1HoV2)U|zZh1T;cc?AwvC@CY|;MTFcY~3L@fb-BGhVNpcNGhHftpG)pvHz zqJY~GrYj^@sU~*5qM>{Fv26rQKecx-L)RFcl7Wf^l^22ALJqoSU~P?a9WezVmnS|J zZQ_IEJ|7DQjnOq2vex)-=)3@(2t_=;w0*X_t-sojt8SPS?=xO4P^Mxzx; z*`h9l11VCFlg-B*hf_F?+xogXu%sBLh^q<^?8m3)hQh4G(SQ~U4%l6L2%=Pl1K8-`V0+ft zyT^Kw>i zjK3jwPZGAq(+Sxyt}QlI1-Hq57=}PQ1u5a_^XJ3vyF_H>b$53IxsGDh61}wP(%)T1 zi-<}b9lf0P{h`#Qu+i81Ne&|L5-J7e1^7$|a#!@veS||S+PfgE3Ai`$`GY==!#XH& z(<5OKB_-~C6>!~qaQ80G`*f^#z|vQ6Z_)Ciac+hi-pJ^Pb2)%(sMg-T^@MZDuBb+A zRZUAO&MNa$d8?zBWt+?^_i@~@&u8_&4xDCkoh z@(xKSe`(_&CGnCp4j(+7ncYV61X6kq1r0O=M|afxq(RHN1X9Y;_h=?jJ)@%jpR&0> zs6CNO5fQ<}%$(9SuCWATW6ljw7zCnDYfpFK{qIE`$w`2vmWEgwnZ#|3h1*e#&lDo+%?#DIJR<1oU{x^ zpM5ju7)%tge}Z6X$?AnIuA$-RG`*mHi?NMCeMbJwcvrJk-pk=1u8-wpNhAT#0MNn| z0mx?wYwbN=;0f21`j;;sxIfJfP)(l4($0C%4+3wN3)hqAbvShkzb{`)Tbk{PJirZj?)SmaiMxLqjMtM^umZwJTu;Q8SW2Vk}sV+|q`0A(8T1~;`y zc-IO#ea{rtf6s3_=~jWA-_Rk+vahp{4_Q-~UmynRD7S}eNNgjtT$4R7M{!uwZC74G zMTTQ;2W((#9?HYw<+R5ad3C30H>KMt+>tU>2T>1VN&W#Dd~s%Cd=j-YdKx$s*kX=> zFT_ch2cC(1CzZ6+CGXJryy*2Q}bj{`jmw$S3RR7Jx*jv>m zNmnMU)Br1LC2Xa*QHA-Ma0|u=S8CMU5+;sa2|}FbsZOhJVY=;;Gc!aA&)iIVZT|Na zkimlPY@bV}BF3!s8cV%JVbBGGibJH2!ZSrrL!6hFS5WXGm|fVhc8iHYFZ=XNqzrY| z{Z|7D;BONDDLz_e@AFwB9SpPJV;GxYDBb!D^)Iqwm$Od6b;#>LlCJcU*_HUDHD%V0 zN2`|o3lc5gCdzOtCw@kPX+fwG1K7Ljty;5+grf(`&ogjQ0A7W%N|-G; z-xDD_7M20v49$&We#x9zQc@zfP0`)Wt-s`4`!sS9Ex2@-icb;hs#n)6)y=JWG3y`* z^bXs}r*w5Cz(PcHy_NLLA~i{fO1h*8NtIGpuU)J3`2A!H%h2=!;h}=c0q#FAw&;C) zX7_HvccGncPEtB$ry?gS^(6FO0OSxf2W4p@cyRN3v*S9gT_8Vx{~CJ&XXu7;^X%*S zHAqCy{i!DC$T)sf;DCg#mwfmW9wt>h;4qS1l0NCrAJH(fg^itG(Jr)AejVSVu5nFG z&CrzABb?mzl6o>;{-?$659(6eZ#~R4)ZNg8%(O|iDH=Zh-x@tkOn0^@J!e`^vF@@A ztSM)%NJW^3GE_TOmKz)Z%nT!x(@x}7V+#tKH8o39vdskisWyJDZBPsC%?R4PKBM#h zV9jo#dFJe!zGBddcdZ8_e%J~FeAK_lvAhTRIxFd8sgX<4-W8!mOml%|#yca9qQSxo zT=_gllt6qG!A6RC(fn<%k7`9(xwgM>Ate13cyK}glM|BMCX?*_jD=x`vF}mu#l!0+ z97nv5Y_g#B)w1CgEJGUdkfXwi#-jt`;`jd9URJePjI+^B%rmP`WWS`W=4;P!qak%D=0&mZX3oAcDdf6i z(EDl_2tn(_|-O0!tL>&(o} zAu)UYl*qj=_cp3eSR~b@fVO;nA*3ZY!_}k3m&ubq$-8f%w1n*4MZ?kP?8z2>m15hD za3%`nM=2?Qw4-jUd-%kZwU-^;BMJn}#w! zdg^Y=W_Y`C->eWkoEF8QB@h#4^@d*IMSFs^?dN>&u)%%T)$gtFWDJDINsML;u^snx zc{Co`Q>I%|pV+N?bG0T>pTD2X-nG%e$Ajs8Y3WT5505{8{&={%e|h+GboAD}d|hr} z;t-4qMA-SoQd&zFb)16qZ%XZ+S4@!@Zqs&g6VhNgCy1_W!PtZd!L$CqU=TxVuhONs)%cm+MV*iBif-TDI-3Dgo70O-Os8LxA9hfx<>>8Vdr2wI=daR`UwL47 z)T<?r<#%1oAaeCjtKp@Dj=~XnCla(+NaLL=7ouUr}eMQoZmh3 zxhFltw$t{q^Nh$vH*%b5;V~|ngFhJSt(H419uE0!;C_4C&v7n?Lbklh@Hy&3`C&Pp4>KnFwQLP_o^Wr{i(#4UR7Wh#n;I0R8IHyi_0awC6dRrSHQeIwio!>-)6vd{iGD?%bMI&tyS zd;upueRc)0Yk-9CG~MB}sQo}$m276;!!49e$Z?xUA)*p9(Cx$8Eu>scm^JX`O}Oj$ zynjqDA%`C#w{ku?0f6N9?T14H5jCjknYABRwmy`r1e5sMDvCOwcM{hIe{L}YI+y3o z=+sUG_a!Cyc!IQ$t`+kO0(3;+6?b+> zdN|CHd>%ZT`c3--2%yQTi8ECv5HnO-L56pcasTHn9xAr2Yzg4dj!q@wh*I)Q-5 zd;GnEynrNqE|NZ$X~4MzChj|lsT88BC1Hl==?;aWU)j39@6a4OZ`I1deR89ic|wBM z{Ec7+;n{LY%gxCN$ZT52OH=c9|K=vTmjs%*hw4Y~BVcgYFrc9TLh~~40h_0(@?G_vk#J$l!hlCIyAhyP|NX*_>@`|`3)!odyeI9V>_hXbz zI3S{gIhOjxu`JKaaQPl)Wm~ttu_)N^R!Tvk3{w(xNMw89kvJ$1ydR&%|9loj!Y9^j zLL*@{1J^MwEUEH!g@lCUY!^a5Vq3=Q5%t18 z>F(+}H@=m~;G{{$NAGI1Ae>vgR}>bUaisy7N*!c`G=-R@L%U*Sm7%}Kb>%+(3&v)c zVZ*D&#YI~~BU9=eNQO}3aIvx?_JNIqBPKpxD{wgJvahRsaJ8E~i92-vt6r*uDE5}& z73E)iV>rFE)D0OoejDiV&Y3?&#>Hjn2qXN+hp`+qQ^0PBD+ZL}1zZOW0C3p*yg{ha z&`N_N2~aBL@hx0qcMlJ6%IHNfShoq{roIan zL{bLOXdRt!6<$~;ATNxF6T5Tg1Qb>_+m!#kX@(TIX>s{Gk&J+84bsRWVb?#X^>suZ z5`vFtu2DNi43-mDYuh$4!kQ9&8z?U;Fkd{FFz?g^5qh3% zZKe{3_Tx2KUmWCzINC>@!TH+5mIXUX0>yT45WiWAlNd9HTOlFnC8TCU(SPHSoQEUR zTcKJoO4R`}00s8f!O+Fg@fUzMoR`J0kRqq1B;+rKY(mk5dh$xhV~@eFy%ummLK9XU)XDq%5*xwVq>2&1aiKurKQ!#7kK z^POX3W8k+SV`77!1T+XAKN|cB#lR^Fq`k8E-U8sb0jg8DLijaPSO74t2fl}Z3|J*# za1F^f^gxCDOjP;!jG3na(8b5cLo#)%-U~`%%#R7!1O#1#;dF!CiUt7La~#~<@p$kV z8LKWn-O1btqnqW{Bijce%`qszWY`%O?)UFXhXIPR`)E!ot|6wLk(Qob#{D)C?8R`i z)A(x}3hFdZ%}E_MYbP2^>w=W@7v>$jQy&ht>MU5|{YS7jKUo1TU` zZwjt9UI-QigvBW+t7PuB9sN0ltVU*yO5&l^mxw3wlBh4voHFKsg=c;{omh7RR_` z0%vZu3HnP&Z&;{w4Gp2W~hRsUgr5cC<8n(EMYHe!kR!kDp&vnDsn{a`-ni$=Ea@t->Qr zSbYJoh1X7XIx=K_BE=7VPt}`a5Kge%A3(#4X+4~Y3`^{PAm2GLar;3=v~~C(rAnAP z!P@9N^etKmtAs*f&k_Lp%OdB{5rV=FcMiOWaALrW?acj5d(c5j-8+=fh)#}46|E&k z_7pj-D{gg&hYNWa4gkkL9B$c|DPFvI(aTHuT{8SHb};k#FV6iK z|M~MX)Z@qi8QX3#LuoE@spe&6T1*U-ec01+G(9WC35tw@o^n=Fw?6P0K#ln8-TB&Y zG4}d|v0<0g6ufzMu+lQA!ovk&ZJ`F@CWr8~{VTb^jNrpFhe;IGK>~lk&Ko!i@a65` z6jtZ`@84}V_?e3IU?}PUKy(N#ZXZM#m}WCkO|6+#@(T&2V+G)xkz%JSGDrvyhh+wu zyN$j;Eg)@Zv_K-~_R8xR+Tex>I2nRBt-=dIDK2#%SlAdH-e!bIg`Wiz!%Vy>oI68n zBW^_10)NJG0M!*02yYa0PhbWd5EFa%`E#PdJZ9ni{*SY=rrKdu{v10ue}piwiHeGN zUYZ;|E=I=w(b0d<$`id?ULFtvMkA*=(BQNx&FdNb!*NWUIYZdD0BFWwGt)b~b#q8&y!O3EF){FehT+HB4aDU{ zAz*l)g2d(b;8`o7p25nS)xgM8l-ohTAGt(Yf;Qg^Zlon)QivV1?hbHH0an_^jIEj) z8W8iAu3yAqNW*u^lp`$p!V6CgM*rjKaabdUSDpuOJ;oDohcQ;cN$?;e&Qh9WToTOc zpe3NLl*4Y@bn&VF9?6kJMVH5zaT$pT(R{(?EWfn#cfb`11QpVjSpxd;R8D+lW@%x8 z%V^z^fjR*F0;ZrRHz@$x!YM=;a~2Oa>I1let+*_#&e(!yVI7X3ySwh&u*IP`oVw;; zKL}FBU0xc*l|Fj3!kS1wpT+F z4<3i9@@}a{Og#5Q9K|-3=pOxgG9*TkkLqAAXy+m#$AnoipLW5XFC!yEb+A81A5WD- zESPTDSX*f;2h|UVr#Z@=iX67UnTuMXSS-MpNW{e~&CZyXWcxPRY(jAVLqoCq@c1ey zFX!ZY`PGp)FF$4&wHTej5}6M7{M9Ig3o_oG-VFP4sKxT|JF%&q06U8CT{Anlw6WTo z9@sykB2m#}jhADri-H)!IGPt*31u;!Qeq~>sERoev;mO6fsTVEO`!a+o5Y+9^QLGZ zGLex5R;~R0I`Di3#|#oXSWPOyovY-NJJNO^_HKPAD+tjyrB^B_O!$U)KoYKOmXCaBkFcv87KZqJ*RE0hc7mXMp;i145fPhmX794xM!P55X3(uhr zLt-OJ*B4WDT!jO(G<-@=ww5%-nF@ZuaRslw0i>HYpX7KbaY_gb34k6Lj}q~+xP$<{ z$8kZixoc?L%E}tY1;arNirgr6Pw3YWGW}-cK*I=i-RXB1kF~{H6&bKM+i{?HCizbF z>Jh=ypzFj!vYz#4X0#SDDGL86eL@ACb4tm?3G-nbi~Natr%!w0@Ps=O4Ie}ds2s2+ z{5)qNa~gCkgFoqMdz`;Vu%CahodX?gGKuLsm}~%QhT8Fg(Wt=<*%sphnq*-5k-0!V z(3R{I6lA8#hZ>9FCg5XbR4KIyu&vuxa@`C-IFR_4^odjlGdjnB1tElb-xv43Q6DQ;n@5NXEaYFr`ny^la zu2~-f&{mcdy)1k@EFS{%0lfs?)wmczK|#3aK<)^PxpW`DlF}0XteEibKbJl2SlgN? zy{TaN6K(X~3&(%#q^y!~`SEcUoduq%d*U>{d9Dxcw4feB$v9D1D1B<xE+lhIaVgn;oY5-vbW?fjysI5;T zYbLJg6J*)~TV$l9oN%sSkbR}w7BIs3 zzIii_E{JaP<|`u0OUz+8EkE+5; znA(kR-KVJdQT&pBxb}*S-Ug@j23k3KwN@G=?qgBG#G4r*-vM1C>+$1;P=lQJBSwxS zAN;IuLqpKB;gRaV*@RjM^Vrbmr#AStVr!}U6m0o6F&xYJ6bm%N%+1f2W4mo-MZYO( zwkaXzi7hK9$0g%y6iNKH!=tI*;)NVIa6ymbu@RpSWt13Y6i2a<=P8N3nU~ zRV=2)amnSYAtY)fx4la93ee=M`Hw*KV3x{PXHhtl3Z96%Vb zm>hjY5;vTF-BLSEb5wG>2G86agBhi@@(oBwTU!v`^0KRoa1#{g{~$^HI7|W@q_uYr zM>krabpmf|n?hh56n%IMtY5XQJMyS~l$Cb~jJ#!{vcjKU?Rfc7Ym9(3x{ha78 zmx$5I*SGaL0trn=3YgTjk}YG*Mq*po%;D@7s}t#aliP& zI6CR6kJ1+0=T`4pIBO=*ROo`TqvRpCc%{KiB$B*dv7`IV=_pYdLlG2U6-E_&2J@Dz ze${!;_C41+qj0oPBw9CZOyLpKQz&u-4<;mv8Hfh=3gk53&?6sO&H3}e2tB;j_8qcu zpyg#;&PeqBcxvoh%u@U*bdkLoMGRxqpT5x99mQ%xLvNyVjZCiVtz7!`2HOQzTgaRZ zY*0KWtEu0M@?;!>P-!j2MBc3G#`=|Da~^WCRG9l!@f(Lsx#e^|&nu?#?=3Ig6;bi> z%Xrpde((wApO6fWS!-zo@6F7KR80=AP>DR3yn4R!@{NK8b!`$SV@{ySd_YPkBb^OT z;8mrScabL=6-8y5!Fk3pSAbTwL4WUU(;UB8Au(n#g|dXDS1NTPT=Zd_FHilU$~dSr z8?3cqszYr3*d5YreYIyGFbv`r=-6^QjXRg4F^`QAFiJgn@9tgh171cV_b?uTcdT5% z+{R}>P?9^XAzhrj$9~5Fk&y_%gsL-$qrO@`@=12~ORmOX{ulGlt+T{AYQAjR@}fiTie_xxFv%3&aRut2(v(2!J+_@D5QUv9lug z@J2P)3Ro!Y&E;Y2_vMSKvWtt$tIhEV3ED2%a_0afD<&KVv{EeGYa8O-GF7zh!WInt z^s;vL#9fuzavTXgH*$qL#*ZZ6TRzwpALg%S5>0Hr=IRRI{4z)+_zNrCFoL6 zakO>xnQz;+4aB6ct0KsQ6BT`R2YUXb(;{CT|4BF{W_kBx%zwB5ko9o;!oJrroV3mF zsQOI{A%U3wGxZyEJgzi`88`||sP25`+^EME&rDtK62_RyXMVxREm>#e%NLNp(6D20 zF{$2rIz-^|rAwE3#Y5!E%geu1zeo$Dpd|TlFvzeyT|xTYht-RZ10iBGMW7->s>a)9 zWIwE;LWrY%HWmI^vFl|uB_H+zEkQsd^Z8htZ@vz-V_pXN@$>U{290C1)Ya?ctLjFPt{&R51!4}F&iC(Y zFy!QZ47(o>;e1dxp%|FK;3&C|>_<2p7(H{fOK4yJ#Wf(%pxakAHy|cvdx-U-aU!Ot zwlu@ER8_6g_a1=j3$h3%M74Qwyg~3$-Mu#|xZapI=;1n2mGn((vbFx&c4I3Q5!3pB zYnjWno$a~`a#<@dQZY=m!Vgm+`z@^Pqq~RIX%KlSzk7GEET4&` z(*eZq@>2hyzw9U>w|LD~uBZsI%k7HJLGC?-H>OFY39e#T+OE3Z27Q|nbuyfK?Uzyr z1yU#jX3yNAc4qd1QJ0m6)mM-69u4fnJO*6R&cchWv99CwaRo%8nCzw-`Sd!WG~?^AGk?JoY?A(5+g}}zUa)(2}++$((TB@sfT9I z1I)xwV@kg4Q1#Z4-8DhO!Z?819!r}bTPc3qqZ`;cOcAc)=?6LF~S zal+bdwRm@0oxGFGbpE>Pp=T<_RG;oH?ol)PR{kc#YxO$Wg^%buJJU%W2Ha3dWhS0r zE|WAqBoRN*HS+DX_@bPFZnceUoQC=v?%WwI<<#r*m&*qBGA-OKo{^c=tVhfl^Tvh9 zR!$nLMRpgjubhkvo$iPwK@Wnqe7vk+5t@>)+6nZ-=z%NR+`j{ZU>|b)M_W7eSn6Zo zk7$Y>KZff%Dl)f$p4eEl3oYs_P0Vmb2hb0M29hFxrt#JAJ>$CrgH`tjPqEc1m$Bb4B|{hrHi> zC`+bwOsLSELB@%^CDJ`*c1z3S%tC{8IpsD91~+1u89*}t%V(l1_w#O^f`o$eZ$qGlh33W+{*SX=zc8 z?f58_BWBZ0Lq)QRo&3snA?|9wA?Qn3QshfZJ|XE%N=d`Fa;*{8T|c-nKovM5P(tQg z*c<;*dieC|QvkSVn)3B|87JM8ZXNdZK0kSadNw!b_$E@)Xi_JwmCG%R9LL6P6w)dw zDAAGeH!_R{IX-%!$?s{c{OZrA`%5FR6vW3^xcOvKH3iO^O+c&TI@xq4O;=+F*bIzoM%dU@sW~@)=svWP6xH{Bs4HrTc5rVl!g9xFaqH4w=6=~u?U`SF zVF(*pe78foJO%LIz|D}yOr5QIOBr-;9Vuxg<7ywqqaYf2gHns(p3I-T9{0hruZ{{g zYe&J0=$z}$vl{HokWn+RyJL|4XqK(>sr5k*XqPdQ^fh3w6%()R385=tpUdsMK%TyY{nJkK($shRZjV(YWW4jZHO4J!?YxKgo@vpeQK|3ZGE3qu*69r|wH*V` zoT?S1m!v=UYNt&@>5eq}N;1DkM#G8qD^>lp82ao!&dW**`-K~;yXH^be0F3f^Twz~ z*tg6}`K|ucxdE7KcdaPrd_Iat3}Kv|XK*wzsW$EVUTpo=u1kO>AwE9CT$Ao+o7FbD zL7`gFK)DundkOA~mr7qvGHk0Ab$L$<+g_N+#8A0>x^ntkle){N%NFdFveyIUHgLS( z9}>2hO8@gv-D7Sz@XJ;*o{QuEtvP(ibu_$B+2X0hN_2IyllcZhn@t z)d|qhFlV}~P@rAixnBu)W>D6)1M=m+x+1REDT}NKN^hj7yyR%LY3aYVmX*|2h7z;>VFBGBw5deiT zMcbxt2cH0%S~fwT{Be6|1iY!OUDc#MMK&d4)8(}fZ#ifG{h;}esnRI)lfeu$RP@r%sOyR^LM@W&Gg5??BLjq0;yPImV8YsdY0q7z^770yTD5!sCqH&P2s?7>k;ff>*|+Cz%7;2 zFk(`$r=;lIY#7iH=@o`LnxdFK8@1%kCnAy>r=;XSiHyO(bcP0=9!^>t?(ClcM;|7? zKwBq<_3%?Y-T?kR{ny7XF5)w%wOrn3mQ-9+6z94&anjoGi)C?JOLUuhTy}$4VRLnz z$afl()Z=$-Xg<n@+zw>@^F(7_d`%?&uSxwW~kl%+fDQ)l9t~; zK6&2QqrCmgge#d}sKq(L#D`&O1L6jS9Q@|>GvE<22$iK598fHPD>UrCVRACQrzKuTefsQrm55GO3pUrx<7J^m@H;4U6#^Bb2=&;Xz z-K5zEu|FKU(7bCTDyKP0)=b;MriY!3Aq4(pp=F&!q4tbtW9Ht$|J)tI@o7Tn-@Ai< zm!Wt`lup?F#-HE6Gx2pTOM`AF!Z3&9AW~pdGQkj_4WtW@Kr!tJ^}}DNedE?q`)}*` zd>L&Z&Euafj^6pO;vSsQtM|BWu7aD;`uX#rqIxj{=3!VW^~Ip3E)2=zVDQEMJqh+% zEJcz(KSh&fHTpBEs^{*FSUmQqc&yNezxzD#KMjQG7)IG&e5@j~j@FTfLT3YM|0abjTdyesD&i{Jv&plf~GQyLXdYu!(kBz)E}9Nw)>({SQM3%jEA_1 z9$L%*E7g-zH^oE3&y~YOjID(BA(}bDI1^rfeRk5MNqr1qz`;Nus?nWQ>b~}lgSsEd z#7&-N4jtg%zhUC>Jwo2IboK(%pS_>=&rQ2+PDU-7KaPPoq`TG#vpqWwR zTLsI;mPTkyS$gf1Iv3Rl*RW05fF9(tPXlD;q}y<%kqbq+An3l7nsA!yE#ijS`wL;iM|c6K>wY<=%lSz*2VHl4URN^UJNY#i%4h&``33@TQWL3qwbg&sb z2d9P^1}ZYJ6#+K_4kS%OO&@FU`SRXdT8F8IVVJMzry?tgd7OCmEGi$s)EO6Sb*QFm z-7`5Ia3Z;MPk~^nk7*^9F;NV`Dy}4zD&L%j%>R1j_d)lkMYsdeKOva2Gx6V=1%W86iOz=%AvC8TZ z9e;C92f*#wvu7RGvZWY*-7}ej{}YhG3Ro(1H61U`n?VjEyqpZ7b&LD?hCg)&Q!l;u z*E_hFgKQVpJgAgYdp$UC2G*j>Z^5IN_el6dtCWO`v`?})SxvZAZd(8AvnP_^asr+A z7$Xi_z9a@5M=Zkt9lUEVYUlMvxmjE*>Cf?@te=VB~lpA^Sy{xx!z z3@)m#EH4)pV{zee9brHWC-|An+ubadF2&cU4<1ketRn)rq`9Yu_k$hJ)ahSV2@e;o zaf&^SM~qxZ;5M?HB+oFj7BzE;IH#!(4~*1I&dPdH+!(n%Qu0MjBNdrR5gz4B zmM>pkGKw9=U1)d+%oc0vq$e4Dzwwh-nl)24oxC>fPO2GHlJ|PA`tdIQc?aewwRWV? zthPJ%?_UcYX8i}vfkUMQ=T+>xud{0SCS2dulcY|VQEzwojf4}kY!nFs3 z+Ej_VXy77zDz?eqc2K`*cRpf<>QH5~{fU{wr+0BIPx!IwnvZ`(n%=60aVy1#`6=>r zi7JuT_s`jtFDQ{1KtjZY;;K*G<}-Cnhl3yM`XEch7`}3f6(xCOr#DjmeoAw~lK~D5#pX%~*Nj zKi}P(AQY$Vad#3X7@uCAsdyrMrP$ zJ$gLZnD=3n==wgcU_k%=(qd&N*0ah4>ybg|MBBN-LoOayz=PWexxoqptiM#P=U-Ull|IvbpM`s>FSNtc{wL- zMOci-MOn)Y43UATkz`|=KEXg?iHpm4|GbqKA785TSsXa6+oj{(QlIEIEsXK-DIGf? zaI%iGA`XoI;2{8QagBom%ae7oPVwA24l0}mT}zm)I)nG*s3)x?5^{-nKP{ zQ3D3Y)%BK~e*TiWtW1}RI=y}`Ox+&(f|dV*)BvRp5-a8mWq`aK@gF@e;{HhraFveY zrk+<0PPTVd*k6T5cKg%whs~q>mvYQ#tX7dJa%!0pSrUKKx#Y|RgMTX~NMsLj+Aa<| zNN{$BOvT|9Dwp+sk)@?${Ck5Y54AH}WxsAHZ9GDnr~LCqfw3o7?cY^vrIPzAT-<=F0VhF5mbhX!g-th*v@ zNEZ`AL?nFC{GrYd?Tf;nTFmbS60v+Gf@|;liCt*E1y1sK(hCsy(dx2gI%>WHw8}T^ zSzJ{R>nG5lSAL*7)>$s()((4Dk(^9Hb)^W(wdj!!Gq%*erBD{m_r5w&R4Jx*d9r>J zMu3lWXtZfn6$LUVY3&T_PHt9G10;oNSS0F|H!-s-n1L@m<4RF(x$y4t$sx(H0<(Ay z6?vCmW^@8_NLy9ARHQt3v-#5G)gm{*a+@xfz*c;7>fE%-XIbfQchZoPwdpMCCVZ%H zMtp@TGo$!-G6fq%VG%>Mj0P$=9}~cDKGvYvrIXO)>ia(z1W%z; z_+_!bf7HR8eg>zwmp)%zDd?YW9RzbK(e-E4__FtZCkvk?{G7|w zjDn5#)LEkQfHOLAH2c0X%^jApzH!TmXJVpv7Bqqozjt67`u*xnxl^6Fqe@PV8Qp@k zi$srtF))C!28b^{%);CpE9VQiqe=zYH@WXp?rG=xj7Sv%Y(xQ>o*Mt=tNI zfAf?I2N77#WI0LO=kpZdGW-2_b&j)U)WVZ5JOvN>OP9XD#e`1z>8`{(xqXed;1obx zL0aB)Shg}&jPI$Y$?c2j!HmP#VCi&h6W7%ySG+|?&1B83AORn8zMVwu1lUNSgL~Tl zjggE)3lh($t%5@~_yDyVr4SPxAHt1`()GT;_mUa9po9B7#n1^AF=a2AiOia=$CaHL zZ;|UVta~d-=MN=;`F%isY(vK5s%Np>U=KkvkC89?1SA9FdXW4(VU-YJi5mf?u-LdV zUR^s2{2Gb~Y79`vsHiB)#fklURyemlI6aSvoRTdYaJ^~kEG_m4;?F(M8p1ZpM_e|b z@luqeZ89Y}y;oGEgI5zd1nfX4L(rCn$jE%v_V!cmYUg@}0tD6^j9N?$&Rk3%4CXfn zU8~fW!G@3K;5W$hkJPVH`VT2>nKJmMz8;z|(pbrUSj6-lwi(6dldlx-UtgEi!N+1! zxT5&BggRulD&uZJLZY$;_o9e=wEip99hIV>xk(lTTX$h1(8rJ#14bn9bMVoR)>kAYBlVw#eS;u9oED1GZdieX_2<*~N=gK? z9WygCnw2o72*Y|zkIZ)J9gEI|c~c?~5@fVv=@!sy>BL0NH)AMKaa8-~(+k_wOc)Q&{<|uW0?7><`y; zD4Mu%RyQ>_sh^e=J#mVvU zw=SqdJ%mi+A(+Mg__8-7q~gtHI)bW#l|2htFeJm;JH)7kg#t6zcUwAzYR)$(FduB; zNPcU6T7~L3a~Xr#SeWxl1P~B7SD5oC(2?O9*jTPC-Aw%J>!0`i)!~I0sLnktH_35d z#JP?YB*e~QN#F59u;Zc+`Kh(lg^8aq4cWW+Fq(Xbqfj&6VVcoG&oIB-N! zHbQWN-YOtPd=^W!;oUnE$K7iNdRK@*WC4+S?KaePxQgSocr1L84N$##qT3OaM7YE3 z5g5*VM?%qM_-kAdc&MJ&M^WzaW5+PdC#8S_=)r{2qjS-P9^wnZaWfs)1(Is@#WlSR zUvqhBoAyj~`k~kme;hf6ZQ5+{h~C-5H~?Ommc@*(iVa{(t1 z9u5g+2e$s~QuvNMV_`J5&zCv#=W`QcBF=c}Dj2?o;+SUPi_18MaU(~Ksw*sl?T0%u(Np$0AJV7)9T;^Dc|AL&)k_ zZj^@|fM~&5Y&afp>9nmuuIR`u(On!f#xFebZcWWJB_*-_A8xF=Toz%%M8nng*C~vJ z13`%2;TI@axsTYw44LZw3IqX22iuuapxr)(s9>P$uO(Hti-B4XT=q_Rp=k^5pXy>$v;nAQW9l{H#9rizYOFQ*wM1G81OeVHhO}u&eTB*E#{chu=sIQdd$`jDb05mUQHPqxq6bJTeHh z=ssGjTVe3!6TcA8WB-u9WY+L9e0&h2oLm3+!rp$PfG;S+lL*dK-XQjZk^z^fUG;f6f&vX!EloX9toCMCPqpzgRXn#&yY6m zDJ2ze`^4=L{zzp$6T-Uq#;v;eIJBRny7=7(gDc_8HUL6eTRR`l=~7xS=IGotYZ^&U zUrhOM>(2A%0`J)s?zZHi+9PAk|IS{JQ_@^HTT6by;>810&dgyun=mTg1EYPdE$<#d zfdBLm6a%H(L}+x~c6W){+lID}Qw5O2Wx4b^U$%wDEP1I>!-v1b;lt(BFAwb+&Z@y< zUl_HADtDI>4-6}10FCJeSEKffEs@ds(xTgJDMb%nXE0%uL>q^KWN5XI5r~sdNBPDKj>e!4Ww>ITpCL!h0dYzjM$N3eDukap^cKK-plQ84*Z)`Sw22LB5Jkh zcn$_s`aOb~+c}R2^KH59a!Dr8{Xir-KH7{CW z>cNqbi!OCk!|4*2_AE_!h}>w&+?6vrs!Twe^H%$$slC=uf#ltzH;yt&bi+sY*VfU2 z{`BHD;d#3EX9o|D$>YaWKap%T6U~vTSk#SlE2a~22Vix|(u{Au5eN(U^PaJ%qMc(}xoLf`P?XVj?t zcIo>Lt*Wd%spBa%@$+z*;G{_l4;S7kbf)Q_zBlan!fE|hUK%o4+`6Audc46On@_oY z+gE%v#`tA7TcD_(3%(??*?g-vU@fLbq%aT8)px(HFx5iC>7w^MX+ss6d2waSa(s@K zI3hWJDWymGZ57iC-&E&0GjGN3>HEUW#$mAPiPP`H)=!Dg7^x|KVex=PFXzRY-l=ty z9@%$w2WsJ=JVSiZPHS+CPhBpYml;-2_vy~h?r!E2c9?X_E8o7zgK6dTEm)cxuIFDi zztW8npggd2fO|qr#6LF%N!;SNXBF2rH@nmub}l`o>;3r@sSrV0;9x#d&+>40Pfks3 z#*@sYbnu_mw`;s9eZOC*#r&Y&o$PD3AwUNj`R_e<9sbm|?bngpb+z5UFAwa}N+WUR ztt5vLL;n?vEAM8l{_<2{s)PB2e+%LreAj)-mUCVlF{5QRWW(}N%~zhr~k;Rz;7m*h&Ssi zwvjRHPttpfy1z1QuFlw(`N`!7f)N~sQ!STRTE4tCHFH^LS~j4WbGmhs1rSZnwzflA zzmM)n{#YTkLhjRw&(8luy4^`p_8u}a?Tm+V%oOp1%_ikVW8JLEO)EZ*nS4cK+gz6` zlef)n5*zi@HK}e;;@W*i_dTwqtXh=Yzg&5-`ul?C>dRb|N31meFg$migG%t|6-Le@ z&acv1cd5r9t9>Po`O9_%5)?=v$~N@#&vWzioQ_u`!k5$)s-ollgOV>jy%GiEr*7mo z+X1fMZj86Rk}h$(rbZu?dL1V7*Xw9)MZQ-bc?nj(MKTqks}*kt9HZjufb ztG@Rg@OXjIjIBC_5b zy!w@_$k}F0oA>orlL=wLPd9FqwZ89J8&d9haOmK-ue(}**{6B@M~t7Ne}1jjy^$CH z2m`LZG>Y#m0#qiE&`cTF(^t8>o$I>hpOdxwf0X`c6f&^zd!dD?>!ti5i=OmPDhVnt zD370cA@$%tPZEtA0!_O6#rr&M>X-XO$9(&z@(dHXC-be9oWr`F+$Nen#kx7RMA>NT z+?3kVlMj08Z=L(o!aVxHkA*QhT{XH&c@&-*6}2ENB4Vvq_7T(361{rSJvm->@Do!P zgRCuzzS_@QZzXE^_;G&u7i+&2L%k0VI$CyXrL+HOmk8$%-9?Y6b^~!E+VCh1lm-?! z{SmqlE@opz#}$L#j=os6#r31M$>h+i%*>^kN+QwL?sb`xAn*QHn+D?E1b-Rp7m|(2 zf=<2#D^)+LY;l;rX_8}6WKc)rd~2g=iA5_N`oqVL8Re8k7u9e1YmX=G+-2pRje%j0 z)Eiu13YDm+yvMC$rSj0aw9f_Pt>j2ofMUuIW)PbpNAAwYmo6J+_OTH zOSQA=m4YZp4-m~iQCCpif&N~1SIr2(U$IuGEpKBdPnJ&B5m*>*qI^lSlfLkk z{$65tHBBSw0!(THXS=s}U1b^k`LMG+Zo<)7evsi3g``O+$P%+{pX`gor6!u$0u8ijWzv_MM$)c=e^>d*SJJ|2yy>KCpuUJ z=tiFEFb2p#n!4joVPPL}F-J4fY0=TT@~5k)6-1(A$m@g&&4A8ZxE}OK+WmAEEYudY z)@pSGg}=J;Az?)$*WBJ@g^UwDAc#uJLc7~*E4sw!aRqm;k=-yl{nD6qs@1rbK ztEN*I6ic=sJr|vm-+vp?G>G@R9y}x}A(}EYE-Slk)atqWCG0rL?aMCH5Bv|*;lJhm zlCEl=tRS{KW0C>{1elxr_}r>4LHXxBGUe~la~G!3p)rH8EPj9U+J3@67o^-PKPWcr zSo~FCRbqv6eJ+mk^pSb=uu7nkt&!rH3U+S>(j7)}uu@KHdmzx6;+V9n4>cKWBQO3s ztZ0bdHZT6Azr#-|m0UBQt?fqTLj{0Ev~sGf&FAFx&+g$MT1HL9M7$S?1HmBBz+9n0 zNe=&P>xXH0K1l^Vq#cUD(oYeeVT1xxF)Cwnq8jPaGq1W39FgJcT8z-_S zbNEiO@REVPihBfk9!=y9xeQOz7`+#!Ki*OP);T^Nbn9s@#{K&*3>2ZSOFHty`8j>SYI zR)L2?=-ktDsd6YO0W$z^*4{SEw>vLw=&+)DSkZhF6S(b-O<|QqMeES26J62!FqhOL z-t$EG;653XXep7TJU+)G71=)I*8Xg5TGM3q=rE#PW`VAIzbLMZC55Q}4+sk?M&5;W z)6VY0+Bc$sdm$dn#jqKiamk}3+om^E80gdfqiLeLppB9?M5=NzMwSOdkAkN?cj3Y{ z=dD)kXggizF!tzM2FcL97LV;S!ibIcHiZX+#25>QpD4ExCGTrEM;BK4@F0xo(BR6> zhhx$WjVyQSLB=R0r7z7-!vu}wPrjdEI~cCkWmx&eH4E8B0m$6L$+aL8y!F0AZHyyW z+T7DO7V_oNfI1F!l8r2}#YdD!SyNrjaMQN4l&{?ECr_SW9*8j)yhv%_4%x|#NTj4> zRef*T;rRZBtvyQo-;9i7PtI1;oMh1WiSOJB9;}!F{2AX8$7oE9$BpYXDw0kv!3K=J zgBXM98<`Xw6Y*g(!IK#pL)BZ+vNDP7RkBhQgDT*!sJ((HAuadM6Th5CLu_tU58e4| zqnX(uNkC}Pi^;I8V222*q-jgft<2-AY$%x~6#u*{#=AnF?UR>-)h)a8LerMG(noC9 znm&18j{}De6%?}oHZ;a}8yYyazAhV4WaoNxZvBT3`|H-PSg|5NP&he;pUKFWf)6V^ zp@|b0#+3=PM{#g_m4e`M_(Abu<%k$}?raCkD0H~+mxELKxeW>J$MY{fz1BcVZO~zE z{8a{<1*U|+(Gh%%%PR|MDFY?7BX$Hl``>j<&<3nC?hLc=mnuFG8~@n>Q$F+T`% zEn_%`GjaOrwPls(`azp8Xru7H87Q=rKOW~x43L&yDQqjymotQn<6GbHJTMU4amIA? z|AM8ieSaB@5)#svfE)v5@I*0F0+>4!afZ`2P}-*=V`0<+O*E>=`UcNFMv1R4jxG~) z(-o%8)vG5=BK|8{-nb}p*@VM|SD6{O!-JbDJ`8)*A-IHU81=nqA&P z;%F6GRDa{@$h3kVb(uHqHrm=MT-$XQJ86uii7uF5{3bFn)^nkB0kUg)g!Ir49zU*) z`TwM)wT|xc-c`?O6$0BJV|%=Qis5VQn~A$T%4`fM)~`Pk7FNYk0&M zR$HvZ6CH1paYFF+%=0H_`M`)>z5@{LKbsEEQDQAMmBw~aFf)wmMK|(!mIsseesI`> z`3_RE6LT$|vYJ$YcLRdshJftpK4bQnx2}R-gs#HG>C=a53R&ZOi0bW}sReeQ@Q(K) z%iNFL`NncGXW!;2dFS=hSJ_qE1v$I|KvrKxt{jM6|7e9fYyucWTbJ&^*ofW1U%=TFLSgke zK;grhBals#24BB^9p2$Di&RUp_%=4rlxksewX`9T8}nyEA)Xo%-RkI81&)Ci1@HtM z$`VMh7+ZMa|14!jJ@+3roHCcOjuUP{LY!;CZTD~Qmw$HPb3vX+WBQ79q@tM0KSUjf zX@JDHNi+_~N7={WQx7-%Cf`To<#2uPnrID^430@I+~(>)og0cK7WdAqg!KUmb>(wU zo{B z_$yJCJY-{!`spz}2#V~aZ>iS~bx4-K14+L~_^W3oJH^2Wf)zi=^p;@D6v(poC?uG} z`-2-qPoQG@PJ!OIn?XEhygZNsou;vxKGZ}}S{@&UDZ5^P?Asxw76A^M_6D?sVP=S8rdvDkmc9#%<}R!F*S^%qOx==_)*(FPS|g;hEHbs%9WB z%+xCE8onmJxwPqN6o~`Pj6?G4YG06w3Di9LQp$s|;(+(^#b=t!2&rtk93j!#_of}8 zezgJ?pw^8>qWUX=k8_LJ8L&rZz0$Ik7`-4x7F&$HEbNv=YGoknwM|i&ed~N zmGvr_qmQhTuZB(W=~>Ub4)joXDyepP@z>^8&=-Uf`=gu5Td}U!C7c@19!7$iWT75$ zCM(POv>CqacxGTHG%Dg6(UOkl#}sk}Ovb8KZ5GC{>5KOfGk8|c%#KgX`d}`1cUbrF zVr$eR%JUvxN`TmM^XBetj6J)uY=YsO;RjV^C8k7%41B>_x#Avdza0R+DoQP#VWsCE zuYYRUjqW%Tx>s4@~+V6iU2jJnh zkN@4?T;sj0Ut^Zm#~zQ@To@G)qc7^?c2lx!taG}|nT#h{7W*sXW@kIKZb@&n4SVQw z>8R~^pQ{LqQm3U`H&t4PnSIN;lyP?SY?)b)FN<9`bl`x)`=KB1x78c=?W?GCz2&$6 zeTRmq2+zP*QEQ%gI~vhIuyDF^bKML4KeX;Ow!la7anR~H;ijG1fK+!ac_789U1OL) z+E#q7@OFlN+4R;j2lc7#!;fz}la_YbI`zHYzph>(Ml+)3nReBXn?Jaz(D7o~@^B(s z-b&Mr)1Pd0TEpF><#2G$%-@)!zCI$_{l{tNzq4YaOqw@^5%vUX%#OxIkJyb1_GJDJ zU69bhF^n2=cYKe{(tlBX7-OVkNWZYr6_P! zH~&1xi&N#LzPQdCJG5Kt7xN`u5?jQg7BsqP(L^+gGsuT!(`LOZ%ydO|(Z}V(55hFK zBGJYK4j`wE@}64q!-nm;T6nIDzALO2-zjhO_Wy7mXfgeAjVps!4Q?CA--gTpfv#uX zYV|>r;jZ}B#(*hvCqDvcH%Adc@t|E}mPmbA)j?SFX@0x^m?^Qe0@dIBX}_PQ7P$9+(DR z48;aG1xQ1x#aQx~z0YE#wDCET?*BMW(>&t|@e?UTz>liPn1^q~4D^eeJr4+2<8slf zW8Zsvc+5NffI}jCoH?~(hklh=h)GxEC7Ey3*wEmtA$O!p={DOVQ0Rlbbx&HU80{?@ z-D%)RQH;cLPh+`6bI>j>H^j)l8R-w88}sb0jD>tf}`Q#k3OZp_3HRiG4mBK7c3cl+6Jln=o!*8O@!CJ##xIF zZrtQ_wZa)cTnbi5SEoC9wTbnf5H_ywUei%NPEJmciP%?TkJ71eirJJips(0JHLmyX z-gVyLKBq%`K;CF59gtsp?rHOKy&`dUp)R=8gL{xXWax6g8!!2WE7p`dX+WlP(#U$( z{PmYoPtjFj=vag1?7m`Z;3^dGa`O$V?q)rTDkw4dyZ&}n_g&F7e?-=zldgP=l_{OF zt^&VIo|>;D{&L~Y9}fY2jq2Uvs$Onx3)eZYe>FcZ620y$TxQL$J~c5v`B&eOK1HoC zEL^EdmPS_bX4^vtP45A#eeGRe!)f-tC*?kG+W?8*)uPS5v|Kd`9}v+o2y;5*@?gH5 z>m7mjT&jG)=H)nkyruw*?!>~0J^aF_@7&Rna0FGc%nH3HUBxa$N3zj{uf2K8e}6cS zN`$Us;{NqhwgLo^^t;&hz5S_S;^=0d7$FDmSiWfxGK#+Wi%M4?P-?5R*|4YzFbsfW zJEg!fy}X>rg6adp_`<)BukYSdXU|S3O&49?4AvEt9#m@hUy; zF6#!${`a9bd>v3w9kXtP@n<@{vwB!)g_4u~f|4(0aAjQY-_<+1bMd0muKIeH)0Fxe zvyWreb@I)n6F4Ah@n^5A6ogpH2Nu=)jP9*=`MH6>hGT(m`Z;&(QN!t)uWz8!T@NPZ zX9Z85T@+yw-}qU~U~^Eo&h-zm0Ugieo$yRb?@MN7kiy%`W{`7Xr1m)SbIqyf!6$_+ z^Y`+EA31mH)-9^!!%0WZo%$~qVAR6+)2F?s_A03UvqDpVpG(^eT=%A#7SBI)s--Ed z(`z|&DgZ2#y*{q|um;ln$LhZAe*d!^*kFYYH&R9$gq?y{((}rB*N68dznSv6PW|qT zU)y!g#7@4Q?>Bzc5eRoNy?m<=S>jkY_UKsdwBl&}>0EZlv+Z=i=0Q&?rE;4eqSps$y7C zEPpCy=bGy;%o`S#?SFo-fJY*vL7O{1O=vs3QC9O*d_JQ`=1Ac|eIIkVz&X9LqGGMa z@vJOd9ugkDA--D*!NLdJwu%`TKYsWeE_66=#h;fr;+1#rV%(@d7pzn|M9uJ945U#C zjvbp^WltHc6?%DVy^R?6L;uZ-#!Z|)6eA!2C~7b@C0M0YyyXqEYtB|Rz1f`g8Y2`L z1%P<%?X3U(cL@T#p^QCzzPy#ie|` z5T3A+1ww1ysPXYedD!i`3JXMG}vZZZX`Ki10?p~1-L^0;{Vrh}$;&{`p zYu1F+s?t)$zI(5lOf)cTd6&MTes@ED?cbBJqoH+T1{gx( z(4X)Sj(STL-VgqH1ck)3w5m6oM;q}AM=nJ?FJd38G59T@u=Lo0!#6K!M$E|_V?5Y} zxD(jKNyw^R&rFF_GVT!In3LDiRqyCu@4ly5x?qM5F_2EZhBQLBm!i{V2;zhnGBw-D zVo?Y4YZ;bTu<>f)hGBOqs;Y|W-FF7maQ@>mj&CbP+r)`r2fT7mof6AG2YANmMC{yc z*hfxot~9=wXwXAKLSE12iE|<#au6VYS+DYk4au+~%|y zIvk1o0K;L)(XgRM_jk`+HoCvrZ!s~0m9m!K!mU#$j2(*;6)pGy#)q^*nQDjg@$8v1 zV`3r{#mNJ^CB}ss#jU-tB@S;%IrK+3-8*ZB7>#hAQRWr3AZRXf9E89VHK}_#C&tHj z>uRhXp~6eIw-q5I@ zv7l5?-RCGF#sAUtIj;Rj?0A_X7(4hMd(l9H=t1v1Yu{2<`?3kMgXZCF{yjIqFcxOU zcK!MHq5=$8&AHQFR7OV%CaGDg8sQI4b^py_}nF_l(v4r5Eo&du>q)`AG%BFPlIYfI*0-yKyt>r zS&SW^J!E#sZXS%RL}GZElaeudhPevCbpCj;9RB$S>WZFA>_Yhdz;281^29o;Jr(5O zNf8+unFQwsLTuCSYv#|N&lX@klW2hzSA6o9`e*cw83wYgeOi6~{Ww8MY3AtucCxn| zFXl)rE~~eY$T!v6GwppV8;qP`mX~&vRI5x=>ksZ>c@KIN`;11U%a?Zvd21x8(Kd(q zk`}6R5-Kvig7OOs3*R7kYDofb@&@zbunTdw=2_*fEY&d>H2_pE%Q|>!vlT{$$fe|O z<4(iF9W;^c4cP>Cn~9KgW}V+A*;P8#a-2*s=!?C*y^WgAYdJcA%vPlcBsn!v?)T#p z1K)V2*Dg6;9OPmCZxV8xv6d@VY)H3`RFU4kp=?F@RScl8(fMO1Yvhp_XXo^&ZT&;< zNAo5;9nK{#0MMd3O6*>_Qq^?HqXN5)R#vp24;R(5ui5$F5&X*N0PWsuSG2aag8uOu zHY_jlv)<+tF}FqwB;PSf=@l&#X(1#$jC!gi5{WyG_H@H}`Mvtfw@poWVtr{Jc=X{J z%aoyd+vW@jdAB7yzgBwyD^?GO35Z9Sq6qx4F&A;|@dD-CCGs|kYUXAwP zRkFs1hR6oqd5W|@xKbDxBpD zSg@b4)S>v(q(wm;H&j`JL^wWUo`w8zG#6-S| z1XaZbslEz!u8}21HS#jW9NXYxdop$KO8l~V z#~^Z|nCR^Mws8&b`~UZ6{PRjzExg|KBm^YSL~qSx{- zM1youotHRnnwn(3dFm<-dkNf{qkiW_MFkK2nd#p?^ZAU~Y*(?tIkx0#1~?mN<(A!w zsB!I`toi*)7d1^)xeyjzY5HrUZFAE;#tMc23JSvqD~bEX*ghqBHMr-X-uB^U!}U=J z0@~(%mu4}X?WLReLhJqS-~;+$bZPx?vG4rlaDJd`Oz*e-K(Eq@i8$uxo7X*o>P0+xt1=yzII!8vLPV} zi-O?e+r{AkDrjc%Z2o(Dq7qJC-}yr0+FmN?ch7T~lDI}y_E}KWwVTy>?e;yUkd&2_Xc~?CKG-dqPIcD2T-UCLlu*;cuvxaCS><;%7o=p|ElWo6fbfR7zneDz z54Jr2yxr%TxbT$quW!CS?Fe%QDG7Jthl{^6-7|#nb;-$NbI+c)*Zow`4**inttQc{M~_{$39eFxlh=^X00))N-l<{9i7+8->(WO-87FVorT<8O z%b-uD%sACt)nlYn=Up*fEUBbjs%)doz%-YW!voD?U9Js)Pnu3DM-QkS5L-5|%;^$1 zMQ+PI9nPT|evIbw8OwEMW)H@tU45W*vW`Wzd*S^E^~jP9IjxoE3#T!gt*Gu3^KgKA zr^gus2f(s;N?(+z+g{KlCWK+)I_K!zn~oPFRg@S+I=a6Cq;61lTAi{`>gS#|JWOX( z-L+Z^86Z6~rBS1HwpJ|RupeLf_H>x79G#-jx_QS`#*lS=x;YRk1s==|%@aO4VPy$q z>$2m~I2Dxw)iXnEexlML`SUc-*;#QSzm{n;XDw4s-_n>eMG$3-9qUZv0LF^**2U9& z-_3ooy13?Atbj<+#d_Pc?2qG=NP!Bo`fmTX0gq?c*KhClq<|zGgtTe((QRH!4-(Uq z8-&NbAfc%&E~sS=4N#fj2ovSW5HAds50h8jpEoJOghJrV*|Q4RCh*K`Oe}&rwwYJ- z=w)coSKSDpYXOD+!;|#j4u9XxaJgt1ET<%K7_*B?6K6bl3_c9g%C6CayF*eY$ls-XEp6QJ|+T%e-*zoEu$#@M=fc+*g;*NiopV{HQ)MugJ9Ibi=2} zGN)n;&diFdzNgl>JioSFQ5sR>NA8SF@a_`Ft*&RTt~ZRLFk=Fb=QrDIeV=AJ;UvH7 z&p$#V5q13d6Nguf0{MM+T$)vCrO=aMi~}rz{BsE>eePx!LyQF}db8PwAp_8KjSpS2 zPNfwZm#mHRGKLfP*8vUu*!jC^r+4lm#+&F*y!!D59Znk+$8>AN8c#5%;D+Ef=KM>T zFc4P;aYxhH#LLSI8B@@#`O$j6@9+FGsr5Xh1$A|I2sQv)wJmMV>2e{LpEi@6VGrZ4 zY12nR;UvQlbsJLBuH8_5hqhq;laJ)`+lhs*kB!idLQ}A#@!pU_O5E%-3@!^haPs7{ zSEiU{_UzRQ)wc1Wncfqb((7dQwD-_nGAdRX>m#z0SWWx(?)~JrM6iy$Kkb{m@gepZ z{T7wLRSeLCqBJ2nx5$NA%9X6;Ifs^=x9fVikZ$57&2jE;puZf40F<((`||56+J965 zd}mk{&qy>n^orjiUKnw3PG#DP{ZGWgK1G%|BD1=Nhqd;kg$ouK8L;#CIumyKmh4Pc zGCpn+Punq8B^wvL;F}M={{Hx}c7|Rww{OShqb4a8|9*Nem%@%*)KynA_MR~P6K?TS zhx^<1Wa8m|zp=$eWeRtWn5MNqlR@9XH+`s1Xu+vT1c!tW9p_OQq0U;|KGhzg&seq|W?pSq##A9uuoefT!qi~0#Bly0@2 z9uli$cjUcNmr%Bd!BA##1*d*Nx6p7u`h#u*i|gh_VFc*>TU&daj>jBlji9h;|M{Gs zeoQx2A|Ha(pT?bk5{w6jN?k_L;PFgT`ZqKnR%*-x8I6%?LLf4U(+E96tVc|>y*f7`ctTSX1 zS|e-EhX?HElUy6g;y0n~1yYp*KdON-?Pb#^ci~lE;2D0_-jD?j`vkPdPHUET`+W7G$-uti@ zQ{8vJabbk|&8C0acM9%9vzK-Ahh34yeciA3L*V;>#&{3@^JHCGte&cKF)RmWLXfti zd1-5DB)mLrhKH4y_MVenHZY>3A@^7PL|ugs>@;oYefVOWGE15{oIX&q$M-o47p}PM z8kL;{e+L1}_z4AVJ$j%ZqVRdPek%i|_TNSr3*(JsNJQObrNUGeVmKudF=-noA$2uR zf}z*bmb}Pq|Ct+&p}I^{kF0Y%K?;&|VKXz4bAm)ZKsRUutK7n(oNvAC)&{7J_c1xT ze_xnWr7E%My@KnXE}OrZv)6(_Ly|0%j2X*0C6ZaPDAo2iKwM2zo_~BZBb_Dk<4qzi z;5hZ=XO>TEa!~3|Qbbh=8>U473h*V2CGwFyvh1g6SUMRAj~$BY$A;w2H-omh0w5ha zmA6uViA*)k7-23D#VP`PEqSO9mmaT2v3NsuJ&GYpJ#40Fj}qdRaQib{JZzIlSScYZSs9fC5@ov%bRQUWT_0tBIb|$>42sXm7wX|;c^cj zJqkZ~@I1E%`}0L@VYz>PteZKLRlwca4vnq6=xwoM3(dD4f@4%2cM3o6mIw1Dwq5E$ zv>Sf#HSbii;^m{OlH|(pXgMY|C*NAB8eY z+ad6IBO(~Ce4)abub+%1YDxupTSZfAv-@{kGQp4|?>4rKMy%>c9vN zzNs7F{JL8`hh5AE!F(Qe(l0jXl>N^MNI`w)l*-}HoA@=Mt#|42Q=YIX5n;kmk;rF# z`P-^p^l5eeA~xWVl0b2wT#y!n`_#g0Ec~h7e8Z@)__20uy`__Rbd049)|Azlh^L503NZ{L^N%v-&w&MDM3py<1>AB6fiS zu>?s`ozTTvs)7|)M1}KdnaQLK5EQ?1F?=c{=bunMN*slE;!t4Vqzr)?+7PNr-5b8>pKmZdwN6!5 zcY6PKoSm|P*u5XgTPe&JCLtEwg;ZrvUf#}o5e3<&JpxymC26Rue`ec4isBQWowuJ& zt^_28W(aId;ZHte!kPMb_kOYLLU6*&@u+i0J+V>ajbT6aENxC~b*TicU!Pv0#pTr|2rC$a5C z$B-h6n;bjSai4R&yme_l9(e}b_S{)yg;t=XH0r;_E4{s#r^-^3l-E)nF(ThVeUW*X z%2LC)GAbzYTidP8=~P+l$6$`7=i44GuN&I8uW+F4+b8k%n(-keVbTF-T|=4|vT8nf z%hL03!WbPJCh5^KrP}qfP!1+8oHx4vy@*MT&)ffKPWE6kuAlM~JO0hKcP8D}-2_*T zz8!iURKyFS{`ss!%1z<|eLrW*)NRb3ks2AA9q>RO?fkTf4k)1sbt8=*)Vk@m6i<>3 z+zv%$yz5V57u|$JJC2v<=k0^aoK7(0!b;`VM)}=OsK1;xjuUqN`xjz0#~!aIwz~AF zAbk>aZd}WRuz3j&$+p{=f8_aT@Z>63kWm}Vg#%>Zo1}`jkfu5kq{N{&2=A{q|Df>W z(|izlTc!Y3PIoMpJu>?;9$KDLE!e+8TsyuGtX-b&{G0RV-Kzq88m5j)oeGL_NQoZ2 zNA%jJZOoCrmpV20=96qsnAB)p7-9swEg7KGNdrpuGa@#jZF|-b2httZjq5xlYB3`O zZ!OC7(sZZ8@DwG6XqVTIpHHF)B`0m&hP3?K+&#t~R?nX`@#`kNX|LySTN#z}Ot-j} z9^ZBfOP!dxis2ZCkcedXd?hprlQ>FlXYYGnJ^obNhUYa4J-AzhYZnif9As*b(GeW@ z^2jQE0c6m_2{B#`G&8j)Z>ZavYfFB`?!s4(1^`uC-#}G~Z1M|ges#M7@#Is6v9g?s zMDwdFyk^bXoh^?=lel5uy#-bM_pEHe{4i#eyT8hc6bjwa<3g1Ccpi-uC?j+ zlhM$ueL7iPw?chL0O?uuASrY_*b6k(PUp^TJ_b_2kSipo{ zvp=)T+2vA0$6uR&E1@d)axiqWB#XHT57F6cI+ZGJa8!#dk>2F5FwG|>VNb>aFE1^h zYqpyv)Mg z+UgAq;$?s8flzpPeJ6@Q^391TqW8R`xbthNnZp;^*u77P-l08q>{}Lpv(@Rd$v3ye z^>{8=dp^$_ShdaW^3$XQ^-d!Fk24k)Y}yglQ+y9phx^_UG;8ca8yeiS$oI$xg*U%j75?t~EDK*dQ z>5oE&9N6I+O(h&+1WxL^^@7g6v}t9_lcNU<1cj(j`e7**yUxzy7G`bf{(Q#co?vED zL0#-z@j`m>EF(0p?h`!sZ}r(0(=`tl(od4;z(l*-otHgn)7NeMt?D7$daoWwY7bVj zGdDn7Y5{KGf9&WekxdIj19ecCYna(=CNk54YgLdAk6i1ZWaY{t~~yfUHm{%^2^2`$Ne zN@a}V%JOX<8|bj>ckIjb*Hs%TwH)vjeZPU(vg_&LXNUY!^CayiLeb6dyfD>rhV{*(dr5miK2bj0 zHA|+(Z|A0Ye!9luSdQo?*r!_$YmmAkWB;DU7Kz`g*0sA8r;ij3iOP8u2I|8-1s%M>zMK5 zn;&0H*uVI#*2g>J`Lq_ca;FIrPmpu;K4Lu6favQrI;M)sAf20_&G^r9Iv{5|*jpv- zG^hk&h+aBelaRVA!r0|Ztx(JXN^hf4v$C>+lL!>z*`!hb$qU1}87qhU`dtmwiEX{q z=JEP3Fz82sz-$>*T@M^D!We=xRqsyw7|d$#%zIs4r_uhId)nZSWN&7wJ$F!l+`MIC z^uSj$;3B+Y+mVv&fa4o-n2vdl?FPzX$BS6aMwUq8u+VVYdgn|P8GG5lYu#zU(^JFu z_|0a>WZQe3$dx2!MoM*K$Vj^NeC2-C=X;4>t3a0)xYBrx9_0wZpFNofO}RtAZt-IN zh^Btxsn_jz8~5F-G-V1=;Io&m@?m3XF&^#46SNlC4?+H`!WSe!EGd6WUyN^Lnd0K) zME*_?VbPNv0xWah;Yeb49$GJyD4<9DGymKwD2TDTnxglQluKBdQ~$j)C-lOuKu#iX z=bx5nq7(8Lk(rmRk(ElH-)9HoE58OLb%mAZwfi*N2gKjx`JhUQ-5DwoI4gs?J z+xokfSgu*=E%76;`kVM3}9xu zF#~3=mft0FDc}3R!InF;Tz8~#-_^b`)$2Cvb}%3%TOXUQ=$dLdFQ;h8kmaW9c0ZZu z97C3Q{yZc>VXm%#bR{Mpn0wmR6|-rv(!VWKH3_sYJ$Db+&|s9gPH%9c@*W{sV}FHo zR6KCZc+n#GGEfqckZMHno;~8+S-Xw94Z%%&^DFwR%w-C?o{!?<_7ys~Uz2;WZKH3N zlYWRnjv+nSlC*ljDzF8?LK7gfHvy&&zE)9w-^jT3$Tisbm=F8UL`vagwu~b?$sUW)3s8 zc=F=cJ6FJUe+6PR zLnn>?24tji6tC|$e>rZG=vbA$ha2U#|@ z(oVxCO=?NK{LJ}V(U8#^Ra0XZEL-mU*`(LOIR$jtw&{7yg=khfr+m~rNz*rO^FP15 z>YyQ4_Haq_79EeEE*_Q1RZUO;v8l;b-+T?@q z)(u~vI1SmxOEWg>8pTf1J{kKuqG!}J?8%row5g}&q6Ue;RTkr1HKly8T|FAe!j<|n~e6>$=dX+b|CaxH?^~Be}RpFcyZzh!ct^v6r zP~NTj_rcq9xBs8k&OIoqDvskw4^3%goIs*P%{3hn1ZR2qSP+D9O*8R9E?7d!!v`uL zpb`Y;mLj4{An{m0Bv(x)+D2GVtk5BlwMEB-fYR6%F-5^q@VR}?)=dBQM|Xx9hR20_ z@44rk-}m+NY01BQeyUS;W2Ba+xjr1#NTD8k9LbLeEbU*&8f?@#3-y&ahQ@}aqo3mV z{;b7`{r`V<)0>d0pmISC8SMHG5w?@%;BMXE#v5AR3jJ)oy1dkq6~~{BPD2(Cn2q?v zVE4+%eSRV0UqeJSkFSF=u;zaAi4a=xB@Z++=AlMk!##XO!t^6*@J{NzQ;Qy?x;Q9N zR|Be}kE5?4QA<04_6r8_@?`Jb`v*as^^d1{fP5FbySsC4ygR-$PIl~#oyg{g$_3vh zl5dOye!Xw<_DUU3YBVEq%P!67bQwOmHU-d<3B@{n4Lpe$!zpBsGaUjbqtNIl!8N(E z<*fPHT`Cf06UZy}vC>OE)kZ9E#22EK^4<^dP*qdokgKCag}bN;>jR*qAi(D9ZiD3T zaBDQRGHchWnk{8@?MqESJZ})()jb5*i#7t8a-i)weiJL(+}kUnT&t;L6Ub0!j($7G z<-_{ZWo17+@u&^5Jm3Tu>hSzo+os7?u)h|yI8%qp2vm6r@WgV{Byv1Ii%Mj3r%Vyq zFykl)(w;V^9gu)BxY^JNtsduAu5$?R0hzrERYu^g5g9)RY1|s%^FH zXuU+i3Hb$U0&1gD`K#8F#jOm-x#I6ZgxDmyLU@hAFXg+f7x zYXGEmGuuVy5Zz3yTx69#>+v-=MN}CU5?wdTi@AQx9wS*-baXzAdY*Q^03i!hYXbsy z1s^K{p`g@+fYO`dkN_`G&0qS2L=vEqdyIj)!f`87Z?{#kUeesX;X3vtKx8yM7|Jm* zu5)@g?Yt?kKz{>R0Ocg8NDud%Cmvm$tPM)~`%Uo+5gqzi=c_v)plCgZ$e7wRN+lr` zdK;*O<(^X1UW?NquCaTL?EzUOFYVS2;B~_g))=)ul8Ol<$MOlbMw98FB&O> zH{*1SttM(&jA^iZ!FgToJ*mF+Oi@qNuTrT5CS9H{X`<$0>62Fk+capt$R^-@)$}~P zndHfBCB+Th6WD4hh4)w&#koi=4zbm)5}FEf))(iM_Jhz;SUV+tUS}$8MuaYPYTU}j zhPUy^aitmKd>nl@{4(99ArYx?+(h1+_{v4Japv1aSDgssgKdWDbf&wHm)9UL&`nZk zl;J{HOxV)?ZcQ7#1i|(f>%o6!{H&b>Y!!{cd07L}C)1gl&J!26#p@~rFM~{pS$2hc zT~{iwBUWGgt2c#&g5&0Tz-X`m#@rSxp#Vr7cOC)(lfVV1`f_0MrY~=q6dOH5!Nwta zilS)a4MP+CfmHd!n$qkr*FnY|UZFX>T^L%xGH`#M)rF4O-%$W7TM^wPXYu^kMx|t?e8zhiJ)0{Q$9;AVfq!pKHCS3J?fo(Y^k{QfgOEYybHcA z@V~PuNjoWecx`8jO+#4U6^vFrzj~Hr>LX`o&$la2tm*NneZiu!MNx~GZZ@DPa3Sm_ zhd^bS&6X5MkKI{zChQ$rwbDP}vxYrjK$)3HgTT}e`?r9VNrfQd%|=2D;NWUdBtS`! zX>Kp#azS5Xl16doH_w}wzVbxiDBZ_TJRSY|E0G0_CzdYzF}!`%F81I`EWL~ zViT`pm&=hf^K;;FYIXU#sSF>md|b*3U7QKPilE>+~fM=rn3g}XX;$0ly( z`MJc#z`zojbF3@*!L1duik)a7U|P8P{(&URY-x})dMOrm`=`s4yAkJohlBjok}gIN z;CDxaysk@)<*}e(2UNVU$s>utL2c}wZX|jPwHlq2i;9?+)~h6l^VnAq#kNeLfL#o? z&wK!KP#gMr!*vJvcvde~LD;PYT>-sYym4Vgwd5ZxE`Ek#{2j>{>2LAtG>bdHM?v}w zaY~!l2M{*&m`ugKX)^4&ko0}_?CY3(fP=p*v2dRR7)nZZf}#-e1?NtEfRB7K`?3u& z8#hv_l5#JbwyQfiBI2z_-X%}iv1?ZLMQ#p$w6r{EQ`O9rgMl!{T4$qWS>V7(_7pqi1MpUthfJ(ZAt52nmh)vS&e0^9Quey2u zp-^ElCN~2|8${s6*>~YxZq!{knqL^SqswQsc-yTq41oQ}`4dp6`h}eHB4C)CRp=IO z{aDx+%zQw^q@T>| zH5d*;{eA~=75rX$G&@fU+fR$u@C diff --git a/docs/src/pass_flow.txt b/docs/src/pass_flow.txt index dd6ad39b..4bbecaea 100644 --- a/docs/src/pass_flow.txt +++ b/docs/src/pass_flow.txt @@ -5,25 +5,18 @@ participant OIDC Provider participant Kong participant Upstream API - Note over User,Upstream API: When user isn't authenticated User->Kong: GET / Kong->Upstream API: GET / without x-userinfo Upstream API->User: HTTP response -Note over User,Upstream API: When user isn't authenticated (ignore pass route) -User->Kong: GET //ignore-pass-path +Note over User,Upstream API: When user isn't authenticated (force_authentication_path) +User->Kong: GET /force_authentication_path Kong->User: Redirect to OIDC Provider for Authorization Grant User->+OIDC Provider: Login OIDC Provider->-User: Redirect to Kong with Authorization Grant note right of User: See "How does Kong OIDC work?" diagram for rest of sequence. -Note over User,Upstream API: When user isn't authenticated (ignore pass route) -User->Kong: GET //ignore-pass-path, X-Requested-With: XMLHttpRequest -Kong->User: 401 Unauthorized - HTTP response - - - Note over User,Upstream API: When user is authenticated User->Kong: GET / Kong->Upstream API: GET / with x-userinfo From df16237d16a204155d1f253c6ada5e842d7ae3ec Mon Sep 17 00:00:00 2001 From: Christopher McGee Date: Tue, 16 Jun 2020 16:05:33 -0400 Subject: [PATCH 10/15] todo removed and log updated. --- kong/plugins/oidc/handler.lua | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua index 0b4ad873..bccb84e0 100644 --- a/kong/plugins/oidc/handler.lua +++ b/kong/plugins/oidc/handler.lua @@ -98,14 +98,13 @@ function make_oidc(oidcConfig, oidcSessionConfig) local ngx_headers = ngx.req.get_headers() local unauth_action = oidcConfig.force_authentication_path and "pass" or nil - -- @TODO: move the hard coded path to config file if ngx_headers and ngx_headers["X-Requested-With"] == "XMLHttpRequest" then -- reference: https://github.com/zmartzone/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L1436 -- set to deny so resty.openidc returns instead of redirects (ends request) ngx.log(ngx.DEBUG, "OidcHandler ajax/async request detected, setting unauth_action = deny") unauth_action = "deny" elseif ngx.var.request_uri == oidcConfig.force_authentication_path then - ngx.log(ngx.DEBUG, "OidcHandler login request detected, setting unauth_action = nil") + ngx.log(ngx.DEBUG, "OidcHandler force_authentication_path matched request, setting unauth_action = nil") unauth_action = nil end From a3ebee53dc60b91c24f39802adaea157d3054c68 Mon Sep 17 00:00:00 2001 From: Christopher McGee Date: Tue, 16 Jun 2020 17:20:18 -0400 Subject: [PATCH 11/15] README updates, file extension update, and unit test fix. --- README.md | 8 ++++++-- docs/src/{pass_flow.txt => pass_flow.mmd} | 0 test/unit/test_handler_mocking_openidc.lua | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) rename docs/src/{pass_flow.txt => pass_flow.mmd} (100%) diff --git a/README.md b/README.md index f582486c..d66d65b1 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,11 @@ ngx.ctx.authenticated_consumer = { ### XMLHttp/Ajax Requests -HTTP Requests made by client-side code (e.g ajax) should include the `X-Requested-With: XMLHttpRequest` header. 302 Redirects are replaced with 401 Unauthorized HTTP responses when this header is present AND the user is unauthenticated. +XMLHttpRequests made by client-side code (i.e ajax) should include the `X-Requested-With: XMLHttpRequest` header. 302 Redirects are replaced with 401 Unauthorized HTTP responses when this header is present AND the user is unauthenticated. + +#### Why? + +302 redirects are followed transparently via XMLHttpRequests (xhr/ajax requests) thus there is nothing the client side can do to detect if a 302 happened. Returning a status code of 401 allows the client to respond to the request accordingly. ## Dependencies @@ -229,7 +233,7 @@ Server: kong/0.11.0 ### Upstream API request -The plugin adds an additional `X-Userinfo`, `X-Access-Token` and `X-Id-Token` headers to the upstream request, which can be consumer by upstream server. Note if these headers were present in the request prior to the execution fo this plugin, then they will be removed/overwritten. All of them are base64 encoded: +The plugin adds an additional `X-Userinfo`, `X-Access-Token` and `X-Id-Token` headers to the upstream request, which can be consumer by upstream server. Note if these headers were present in the request prior to the execution of this plugin, then they will be removed/overwritten. All of them are base64 encoded: ``` GET / HTTP/1.1 diff --git a/docs/src/pass_flow.txt b/docs/src/pass_flow.mmd similarity index 100% rename from docs/src/pass_flow.txt rename to docs/src/pass_flow.mmd diff --git a/test/unit/test_handler_mocking_openidc.lua b/test/unit/test_handler_mocking_openidc.lua index 01d2eea1..6db3754d 100644 --- a/test/unit/test_handler_mocking_openidc.lua +++ b/test/unit/test_handler_mocking_openidc.lua @@ -420,7 +420,7 @@ function TestHandler:test_authenticate_ok_to_force_authentication_path() self.handler:access({ force_authentication_path = idpAuthPath }) -- assert - lu.assertTrue(self:log_contains("login request detected")) + lu.assertTrue(self:log_contains("force_authentication_path matched request")) lu.assertEquals(actual_unauth_action, nil) end @@ -440,7 +440,7 @@ function TestHandler:test_authenticate_ok_to_non_force_authentication_path() lu.assertEquals(actual_unauth_action, "pass") end -function TestHandler:test_authenticate_ok_to_force_authentication_path() +function TestHandler:test_authenticate_nok_to_force_authentication_path_with_xmlhttprequest() -- arrange local actual_unauth_action ngx.var.request_uri = idpAuthPath From a5216b8f884a50db73ab075fc759c0dd4a417dda Mon Sep 17 00:00:00 2001 From: Ian Koplowitz Date: Tue, 16 Jun 2020 18:37:47 -0400 Subject: [PATCH 12/15] merge request updates --- kong/plugins/oidc/handler.lua | 16 +++++++++++---- kong/plugins/oidc/util/constants.lua | 22 +++++++++++++++++++++ kong/plugins/oidc/utils.lua | 13 ++++++------ test/unit/test_handler_mocking_openidc.lua | 23 +++++++++++----------- test/unit/test_introspect.lua | 9 +++++---- test/unit/test_utils.lua | 7 ++++--- 6 files changed, 62 insertions(+), 28 deletions(-) create mode 100644 kong/plugins/oidc/util/constants.lua diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua index bccb84e0..356f0648 100644 --- a/kong/plugins/oidc/handler.lua +++ b/kong/plugins/oidc/handler.lua @@ -5,6 +5,7 @@ local filter = require("kong.plugins.oidc.filter") local session = require("kong.plugins.oidc.session") local cjson = require("cjson") local openidc = require("resty.openidc") +local constants = require("kong.plugins.oidc.util.constants") OidcHandler.PRIORITY = 1000 @@ -96,16 +97,23 @@ function make_oidc(oidcConfig, oidcSessionConfig) end local ngx_headers = ngx.req.get_headers() - local unauth_action = oidcConfig.force_authentication_path and "pass" or nil + local unauth_action + -- If the request is an ajax request, set unauth_action to deny (don't redirect user if authentication fails) if ngx_headers and ngx_headers["X-Requested-With"] == "XMLHttpRequest" then -- reference: https://github.com/zmartzone/lua-resty-openidc/blob/master/lib/resty/openidc.lua#L1436 - -- set to deny so resty.openidc returns instead of redirects (ends request) ngx.log(ngx.DEBUG, "OidcHandler ajax/async request detected, setting unauth_action = deny") - unauth_action = "deny" + unauth_action = constants.UNAUTH_ACTION.DENY + + -- If the request is not ajax, and matches the configured authentication path (redirect user if authentication fails) elseif ngx.var.request_uri == oidcConfig.force_authentication_path then ngx.log(ngx.DEBUG, "OidcHandler force_authentication_path matched request, setting unauth_action = nil") - unauth_action = nil + unauth_action = constants.UNAUTH_ACTION.NIL + + -- if force_authentication_path is set then allow requests upstream even if unauthenticated + -- if force_authentication_path is NOT set then redirect user if not authenticated + else + unauth_action = oidcConfig.force_authentication_path and constants.UNAUTH_ACTION.PASS or constants.UNAUTH_ACTION.NIL end diff --git a/kong/plugins/oidc/util/constants.lua b/kong/plugins/oidc/util/constants.lua new file mode 100644 index 00000000..e60567fc --- /dev/null +++ b/kong/plugins/oidc/util/constants.lua @@ -0,0 +1,22 @@ +-------------------------------------------------- +-- Declare Contants -- +-------------------------------------------------- +local constants = { + + -- Request Headers + REQUEST_HEADERS = { + X_ACCESS_TOKEN = "X-Access-Token", + X_ID_TOKEN = "X-ID-Token", + X_USERINFO = "X-Userinfo", + }, + + -- unauth_action values + UNAUTH_ACTION = { + PASS = "pass", + DENY = "deny", + NIL = nil, + } +} + + +return constants diff --git a/kong/plugins/oidc/utils.lua b/kong/plugins/oidc/utils.lua index a9255dbd..b3fbd00c 100644 --- a/kong/plugins/oidc/utils.lua +++ b/kong/plugins/oidc/utils.lua @@ -1,4 +1,5 @@ local cjson = require("cjson") +local constants = require("kong.plugins.oidc.util.constants") local M = {} @@ -53,12 +54,12 @@ function M.exit(httpStatusCode, message, ngxCode) end function M.injectAccessToken(accessToken) - ngx.req.set_header("X-Access-Token", accessToken) + ngx.req.set_header(constants.REQUEST_HEADERS.X_ACCESS_TOKEN, accessToken) end function M.injectIDToken(idToken) local tokenStr = cjson.encode(idToken) - ngx.req.set_header("X-ID-Token", ngx.encode_base64(tokenStr)) + ngx.req.set_header(constants.REQUEST_HEADERS.X_ID_TOKEN, ngx.encode_base64(tokenStr)) end function M.injectUser(user) @@ -67,7 +68,7 @@ function M.injectUser(user) tmp_user.username = user.preferred_username ngx.ctx.authenticated_credential = tmp_user local userinfo = cjson.encode(user) - ngx.req.set_header("X-Userinfo", ngx.encode_base64(userinfo)) + ngx.req.set_header(constants.REQUEST_HEADERS.X_USERINFO, ngx.encode_base64(userinfo)) end function M.has_bearer_access_token() @@ -134,9 +135,9 @@ function M.cache_get(type, key) end function M.clear_request_headers() - ngx.req.clear_header("X-Access-Token") - ngx.req.clear_header("X-ID-Token") - ngx.req.clear_header("X-Userinfo") + ngx.req.clear_header(constants.REQUEST_HEADERS.X_ACCESS_TOKEN) + ngx.req.clear_header(constants.REQUEST_HEADERS.X_ID_TOKEN) + ngx.req.clear_header(constants.REQUEST_HEADERS.X_USERINFO) end return M diff --git a/test/unit/test_handler_mocking_openidc.lua b/test/unit/test_handler_mocking_openidc.lua index 6db3754d..5236d15d 100644 --- a/test/unit/test_handler_mocking_openidc.lua +++ b/test/unit/test_handler_mocking_openidc.lua @@ -3,6 +3,7 @@ TestHandler = require("test.unit.mockable_case"):extend() local session = nil; local idpAuthPath = "/path/to/idp/authentication" local publicRoute = "/this/route/is/publicly/accessible" +local constants = require("kong.plugins.oidc.util.constants") function TestHandler:setUp() TestHandler.super:setUp() @@ -80,7 +81,7 @@ function TestHandler:test_authenticate_ok_with_userinfo() -- assert lu.assertTrue(authenticate_called) lu.assertEquals(ngx.ctx.authenticated_credential.id, "sub") - lu.assertEquals(headers['X-Userinfo'], "eyJzdWIiOiJzdWIifQ==") + lu.assertEquals(headers[constants.REQUEST_HEADERS.X_USERINFO], "eyJzdWIiOiJzdWIifQ==") end function TestHandler:test_authenticate_ok_with_no_accesstoken() @@ -101,7 +102,7 @@ function TestHandler:test_authenticate_ok_with_no_accesstoken() -- assert lu.assertTrue(authenticate_called) - lu.assertNil(headers['X-Access-Token']) + lu.assertNil(headers[constants.REQUEST_HEADERS.X_ACCESS_TOKEN]) end function TestHandler:test_authenticate_ok_with_accesstoken() @@ -122,7 +123,7 @@ function TestHandler:test_authenticate_ok_with_accesstoken() -- assert lu.assertTrue(authenticate_called) - lu.assertEquals(headers['X-Access-Token'], "ACCESS_TOKEN") + lu.assertEquals(headers[constants.REQUEST_HEADERS.X_ACCESS_TOKEN], "ACCESS_TOKEN") end function TestHandler:test_authenticate_ok_with_no_idtoken() @@ -143,7 +144,7 @@ function TestHandler:test_authenticate_ok_with_no_idtoken() -- assert lu.assertTrue(authenticate_called) - lu.assertNil(headers['X-ID-Token']) + lu.assertNil(headers[constants.REQUEST_HEADERS.X_ID_TOKEN]) end function TestHandler:test_authenticate_ok_with_idtoken() @@ -168,7 +169,7 @@ function TestHandler:test_authenticate_ok_with_idtoken() -- assert lu.assertTrue(authenticate_called) - lu.assertEquals(headers['X-ID-Token'], "eyJzdWIiOiJzdWIifQ==") + lu.assertEquals(headers[constants.REQUEST_HEADERS.X_ID_TOKEN], "eyJzdWIiOiJzdWIifQ==") end function TestHandler:test_authenticate_error_no_recovery() @@ -262,8 +263,8 @@ function TestHandler:test_introspect_ok_with_userinfo() lu.assertTrue(instrospect_called) lu.assertTrue(called_userinfo_endpoint) lu.assertEquals(userinfo_to_be_encoded.email, "test@gmail.com") - lu.assertEquals(headers['X-Userinfo'], "eyJzdWIiOiJzdWIifQ==") - lu.assertEquals(headers['X-Access-Token'], 'xxx') + lu.assertEquals(headers[constants.REQUEST_HEADERS.X_USERINFO], "eyJzdWIiOiJzdWIifQ==") + lu.assertEquals(headers[constants.REQUEST_HEADERS.X_ACCESS_TOKEN], 'xxx') end function TestHandler:test_bearer_only_with_good_token() @@ -289,7 +290,7 @@ function TestHandler:test_bearer_only_with_good_token() -- assert lu.assertTrue(introspect_called) - lu.assertEquals(headers['X-Userinfo'], "eyJzdWIiOiJzdWIifQ==") + lu.assertEquals(headers[constants.REQUEST_HEADERS.X_USERINFO], "eyJzdWIiOiJzdWIifQ==") end function TestHandler:test_bearer_only_with_bad_token() @@ -355,7 +356,7 @@ function TestHandler:test_authenticate_ok_with_xmlhttprequest() -- assert lu.assertTrue(self:log_contains("ajax/async request detected")) - lu.assertEquals(actual_unauth_action, "deny") + lu.assertEquals(actual_unauth_action, constants.UNAUTH_ACTION.DENY) end function TestHandler:test_authenticate_nok_with_xmlhttprequest() @@ -437,7 +438,7 @@ function TestHandler:test_authenticate_ok_to_non_force_authentication_path() self.handler:access({ force_authentication_path = idpAuthPath }) -- assert - lu.assertEquals(actual_unauth_action, "pass") + lu.assertEquals(actual_unauth_action, constants.UNAUTH_ACTION.PASS) end function TestHandler:test_authenticate_nok_to_force_authentication_path_with_xmlhttprequest() @@ -463,7 +464,7 @@ function TestHandler:test_authenticate_nok_to_force_authentication_path_with_xml -- assert lu.assertTrue(self:log_contains("ajax/async request detected")) - lu.assertEquals(actual_unauth_action, "deny") + lu.assertEquals(actual_unauth_action, constants.UNAUTH_ACTION.DENY) lu.assertEquals(ngx.status, ngx.HTTP_UNAUTHORIZED) end diff --git a/test/unit/test_introspect.lua b/test/unit/test_introspect.lua index da7a96ee..0148318c 100644 --- a/test/unit/test_introspect.lua +++ b/test/unit/test_introspect.lua @@ -1,4 +1,5 @@ local lu = require("luaunit") +local constants = require("kong.plugins.oidc.util.constants") TestIntrospect = require("test.unit.mockable_case"):extend() @@ -6,7 +7,7 @@ TestIntrospect = require("test.unit.mockable_case"):extend() function TestIntrospect:setUp() TestIntrospect.super:setUp() package.loaded["resty.openidc"] = nil - package.preload["resty.openidc"] = function() + package.preload["resty.openidc"] = function() return { call_userinfo_endpoint = function(...) return { email = "test@gmail.net" } @@ -14,7 +15,7 @@ function TestIntrospect:setUp() get_discovery_doc = function(opts) opts.discovery = { introspection_endpoint = "x" } end - } + } end package.loaded["kong.plugins.oidc.handler"] = nil self.handler = require("kong.plugins.oidc.handler")() @@ -42,7 +43,7 @@ function TestIntrospect:test_access_token_exists() self.handler:access({}) lu.assertTrue(self:log_contains("introspect succeeded")) - lu.assertEquals(headers['X-Userinfo'], "eyJzdWIiOiJzdWIifQ==") + lu.assertEquals(headers[constants.REQUEST_HEADERS.X_USERINFO], "eyJzdWIiOiJzdWIifQ==") end function TestIntrospect:test_no_authorization_header() @@ -56,7 +57,7 @@ function TestIntrospect:test_no_authorization_header() self.handler:access({}) lu.assertFalse(self:log_contains(self.mocked_ngx.ERR)) - lu.assertEquals(headers['X-Userinfo'], nil) + lu.assertEquals(headers[constants.REQUEST_HEADERS.X_USERINFO], nil) end diff --git a/test/unit/test_utils.lua b/test/unit/test_utils.lua index 24677047..27a9be99 100644 --- a/test/unit/test_utils.lua +++ b/test/unit/test_utils.lua @@ -1,5 +1,6 @@ local utils = require("kong.plugins.oidc.utils") local lu = require("luaunit") +local constants = require("kong.plugins.oidc.util.constants") -- opts_fixture, ngx are global to prevent mutation in consecutive tests local opts_fixture = nil @@ -94,9 +95,9 @@ function TestUtils:testClearRequestHeaders() utils.clear_request_headers() -- assert - lu.assertTrue(headers["X-Access-Token"]) - lu.assertTrue(headers["X-ID-Token"]) - lu.assertTrue(headers["X-Userinfo"]) + lu.assertTrue(headers[constants.REQUEST_HEADERS.X_ACCESS_TOKEN]) + lu.assertTrue(headers[constants.REQUEST_HEADERS.X_ID_TOKEN]) + lu.assertTrue(headers[constants.REQUEST_HEADERS.X_USERINFO]) end lu.run() From 186919d20a869ab43393b8cab26c4bb84d410963 Mon Sep 17 00:00:00 2001 From: Ian Koplowitz Date: Wed, 17 Jun 2020 11:25:34 -0400 Subject: [PATCH 13/15] merge requests updates --- kong/plugins/oidc/handler.lua | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua index 356f0648..a3b23002 100644 --- a/kong/plugins/oidc/handler.lua +++ b/kong/plugins/oidc/handler.lua @@ -97,7 +97,11 @@ function make_oidc(oidcConfig, oidcSessionConfig) end local ngx_headers = ngx.req.get_headers() - local unauth_action + + -- default value for unauth_action is based on force_authentication_path being set. + -- If set, unauth_action is set to "pass", default action is to allow request through to the upstream service. + -- If not set, unauth_action is set to nil, default action is to redirect request to idp authentication. + local unauth_action = oidcConfig.force_authentication_path and constants.UNAUTH_ACTION.PASS or constants.UNAUTH_ACTION.NIL -- If the request is an ajax request, set unauth_action to deny (don't redirect user if authentication fails) if ngx_headers and ngx_headers["X-Requested-With"] == "XMLHttpRequest" then @@ -109,11 +113,6 @@ function make_oidc(oidcConfig, oidcSessionConfig) elseif ngx.var.request_uri == oidcConfig.force_authentication_path then ngx.log(ngx.DEBUG, "OidcHandler force_authentication_path matched request, setting unauth_action = nil") unauth_action = constants.UNAUTH_ACTION.NIL - - -- if force_authentication_path is set then allow requests upstream even if unauthenticated - -- if force_authentication_path is NOT set then redirect user if not authenticated - else - unauth_action = oidcConfig.force_authentication_path and constants.UNAUTH_ACTION.PASS or constants.UNAUTH_ACTION.NIL end From 6a972827cb551b98030edcb1c53a7f36016b333b Mon Sep 17 00:00:00 2001 From: Christopher McGee Date: Wed, 17 Jun 2020 11:39:44 -0400 Subject: [PATCH 14/15] Fix for 401 message.status property and updated unit test. --- kong/plugins/oidc/handler.lua | 2 +- test/unit/test_handler_mocking_openidc.lua | 30 ++++++++++++++++++++-- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua index a3b23002..511e7afe 100644 --- a/kong/plugins/oidc/handler.lua +++ b/kong/plugins/oidc/handler.lua @@ -127,7 +127,7 @@ function make_oidc(oidcConfig, oidcSessionConfig) -- code execution has gone this far, so return 401 status code to allow client to respond accordingly if err == "unauthorized request" then ngx.log(ngx.DEBUG, "OidcHandler unauthorized ajax/async request detected, responding with 401 status code") - local message = cjson.encode({ status = ngx.status, request_path = ngx.var.request_uri}) + local message = cjson.encode({ status = ngx.HTTP_UNAUTHORIZED, request_path = ngx.var.request_uri}) return utils.exit(ngx.HTTP_UNAUTHORIZED, message, ngx.HTTP_UNAUTHORIZED) end diff --git a/test/unit/test_handler_mocking_openidc.lua b/test/unit/test_handler_mocking_openidc.lua index 5236d15d..a7022a0e 100644 --- a/test/unit/test_handler_mocking_openidc.lua +++ b/test/unit/test_handler_mocking_openidc.lua @@ -12,6 +12,15 @@ function TestHandler:setUp() close = function(...) end } + package.loaded["cjson"] = nil + self.cjson = { + encode = function(...) end, + decode = function(...) end + } + package.preload["cjson"] = function() + return self.cjson + end + package.loaded["kong.plugins.oidc.utils"] = nil package.preload["kong.plugins.oidc.utils"] = require("kong.plugins.oidc.utils") @@ -248,7 +257,7 @@ function TestHandler:test_introspect_ok_with_userinfo() return { email = "test@gmail.com", email_verified = true } end - package.loaded.cjson.encode = function(x) + self.cjson.encode = function(x) userinfo_to_be_encoded = x end @@ -361,6 +370,10 @@ end function TestHandler:test_authenticate_nok_with_xmlhttprequest() -- arrange + ngx.var.request_uri = "/api/auth/unauthorized" + local statusCode + local message_status + local message_request_path -- add XMLHttpRequest to headers ngx.req.get_headers = function() @@ -374,12 +387,25 @@ function TestHandler:test_authenticate_nok_with_xmlhttprequest() return {}, "unauthorized request", "/", session end + -- mock encode to simply return parameter to check message used in utils.exit + self.cjson.encode = function(x) + return x + end + + package.loaded["kong.plugins.oidc.utils"].exit = function(httpStatusCode, message, ngxCode) + statusCode = httpStatusCode + message_status = message.status + message_request_path = message.request_path + end + -- act self.handler:access({}) -- assert + lu.assertEquals(message_status, ngx.HTTP_UNAUTHORIZED) + lu.assertEquals(message_request_path, ngx.var.request_uri) lu.assertTrue(self:log_contains("ajax/async request detected")) - lu.assertEquals(ngx.status, ngx.HTTP_UNAUTHORIZED) + lu.assertEquals(statusCode, ngx.HTTP_UNAUTHORIZED) end function TestHandler:test_authenticate_with_session_cookie_samesite_set_to_none() From 4e9583c5a3c4d7b8205b493a0b8b13c562e6913f Mon Sep 17 00:00:00 2001 From: Christopher McGee Date: Wed, 17 Jun 2020 11:57:48 -0400 Subject: [PATCH 15/15] Updated readme for json 401 response. --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index d66d65b1..73b3cdae 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,25 @@ XMLHttpRequests made by client-side code (i.e ajax) should include the `X-Reques 302 redirects are followed transparently via XMLHttpRequests (xhr/ajax requests) thus there is nothing the client side can do to detect if a 302 happened. Returning a status code of 401 allows the client to respond to the request accordingly. +The response body of this 401 is as follows: + +``` +{ + "status":401, + "request_path":"/api/path" +} +``` + +Currently we do NOT have access to the redirect url that **lua-resty-openidc** would normally generate thus we only respond with the above body. When **lua-resty-openidc** exposes the method generating the authorization code path uri then we change the http response body the following: + +``` +{ + "status":302, + "request_path":"/api/path", + "redirect_path":"https://idp.com/oauth/authorize?client_id=a17c21ed&response_type=code..." +} +``` + ## Dependencies **kong-oidc** depends on the following package: