From 0cee453202eaf7e92ced1151d44a7030d9172be3 Mon Sep 17 00:00:00 2001 From: akhilmhdh Date: Wed, 5 Jul 2023 22:51:21 +0530 Subject: [PATCH 01/13] feat(secret-ref): implemented backend changes for multi env and folder in service token --- backend/package-lock.json | 255 ++++++++++-- backend/package.json | 1 + .../src/controllers/v2/secretsController.ts | 374 +++++++++--------- .../v2/serviceTokenDataController.ts | 56 +-- backend/src/helpers/secrets.ts | 336 ++++++++-------- backend/src/models/serviceTokenData.ts | 60 +-- backend/src/routes/v2/serviceTokenData.ts | 27 +- backend/src/utils/setup/backfillData.ts | 196 ++++----- backend/src/utils/setup/index.ts | 11 +- backend/src/validation/serviceTokenData.ts | 250 ++++++------ 10 files changed, 856 insertions(+), 710 deletions(-) diff --git a/backend/package-lock.json b/backend/package-lock.json index 524a6017b8..0a4a2db17e 100644 --- a/backend/package-lock.json +++ b/backend/package-lock.json @@ -71,6 +71,7 @@ "@types/node": "^18.11.3", "@types/nodemailer": "^6.4.6", "@types/passport": "^1.0.12", + "@types/picomatch": "^2.3.0", "@types/supertest": "^2.0.12", "@types/swagger-jsdoc": "^6.0.1", "@types/swagger-ui-express": "^4.1.3", @@ -2200,6 +2201,26 @@ } } }, + "node_modules/@jest/reporters/node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/@jest/schemas": { "version": "29.4.3", "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.4.3.tgz", @@ -3241,6 +3262,12 @@ "@types/express": "*" } }, + "node_modules/@types/picomatch": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@types/picomatch/-/picomatch-2.3.0.tgz", + "integrity": "sha512-O397rnSS9iQI4OirieAtsDqvCj4+3eY1J+EPdNTKuHuRWIfUoGyzX294o8C4KJYaLqgSrd2o60c5EqCU8Zv02g==", + "dev": true + }, "node_modules/@types/prettier": { "version": "2.7.2", "resolved": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.2.tgz", @@ -5680,25 +5707,6 @@ "url": "https://github.com/sponsors/sindresorhus" } }, - "node_modules/glob": { - "version": "7.2.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", - "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", - "dependencies": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.1.1", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - }, - "engines": { - "node": "*" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, "node_modules/glob-parent": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", @@ -6481,6 +6489,26 @@ } } }, + "node_modules/jest-config/node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/jest-diff": { "version": "29.5.0", "resolved": "https://registry.npmjs.org/jest-diff/-/jest-diff-29.5.0.tgz", @@ -6776,6 +6804,26 @@ "node": "^14.15.0 || ^16.10.0 || >=18.0.0" } }, + "node_modules/jest-runtime/node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/jest-snapshot": { "version": "29.5.0", "resolved": "https://registry.npmjs.org/jest-snapshot/-/jest-snapshot-29.5.0.tgz", @@ -11071,6 +11119,25 @@ "url": "https://github.com/sponsors/isaacs" } }, + "node_modules/rimraf/node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/ripemd160": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/ripemd160/-/ripemd160-2.0.2.tgz", @@ -11669,6 +11736,25 @@ "node": ">=0.4.0" } }, + "node_modules/swagger-autogen/node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/swagger-ui-dist": { "version": "4.19.0", "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-4.19.0.tgz", @@ -11723,6 +11809,26 @@ "node": ">=8" } }, + "node_modules/test-exclude/node_modules/glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "dependencies": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + }, + "engines": { + "node": "*" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/text-hex": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/text-hex/-/text-hex-1.0.0.tgz", @@ -14154,6 +14260,22 @@ "string-length": "^4.0.1", "strip-ansi": "^6.0.0", "v8-to-istanbul": "^9.0.1" + }, + "dependencies": { + "glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + } } }, "@jest/schemas": { @@ -14988,6 +15110,12 @@ "@types/express": "*" } }, + "@types/picomatch": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/@types/picomatch/-/picomatch-2.3.0.tgz", + "integrity": "sha512-O397rnSS9iQI4OirieAtsDqvCj4+3eY1J+EPdNTKuHuRWIfUoGyzX294o8C4KJYaLqgSrd2o60c5EqCU8Zv02g==", + "dev": true + }, "@types/prettier": { "version": "2.7.2", "resolved": "https://registry.npmjs.org/@types/prettier/-/prettier-2.7.2.tgz", @@ -16808,19 +16936,6 @@ "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", "dev": true }, - "glob": { - "version": "7.2.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", - "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", - "requires": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.1.1", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - } - }, "glob-parent": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", @@ -17371,6 +17486,22 @@ "pretty-format": "^29.5.0", "slash": "^3.0.0", "strip-json-comments": "^3.1.1" + }, + "dependencies": { + "glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + } } }, "jest-diff": { @@ -17606,6 +17737,22 @@ "jest-util": "^29.5.0", "slash": "^3.0.0", "strip-bom": "^4.0.0" + }, + "dependencies": { + "glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + } } }, "jest-snapshot": { @@ -20674,6 +20821,21 @@ "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", "requires": { "glob": "^7.1.3" + }, + "dependencies": { + "glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + } } }, "ripemd160": { @@ -21129,6 +21291,19 @@ "version": "7.4.1", "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz", "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==" + }, + "glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } } } }, @@ -21174,6 +21349,22 @@ "@istanbuljs/schema": "^0.1.2", "glob": "^7.1.4", "minimatch": "^3.0.4" + }, + "dependencies": { + "glob": { + "version": "7.2.3", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", + "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.1.1", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + } } }, "text-hex": { diff --git a/backend/package.json b/backend/package.json index 448ccfac2b..0c0f0642df 100644 --- a/backend/package.json +++ b/backend/package.json @@ -89,6 +89,7 @@ "@types/node": "^18.11.3", "@types/nodemailer": "^6.4.6", "@types/passport": "^1.0.12", + "@types/picomatch": "^2.3.0", "@types/supertest": "^2.0.12", "@types/swagger-jsdoc": "^6.0.1", "@types/swagger-ui-express": "^4.1.3", diff --git a/backend/src/controllers/v2/secretsController.ts b/backend/src/controllers/v2/secretsController.ts index a760a511cd..8307d373d0 100644 --- a/backend/src/controllers/v2/secretsController.ts +++ b/backend/src/controllers/v2/secretsController.ts @@ -1,5 +1,6 @@ import { Types } from "mongoose"; import { Request, Response } from "express"; +import picomatch from "picomatch"; import { ISecret, Secret, ServiceTokenData } from "../../models"; import { IAction, SecretVersion } from "../../ee/models"; import { @@ -9,7 +10,7 @@ import { ACTION_UPDATE_SECRETS, ALGORITHM_AES_256_GCM, ENCODING_SCHEME_UTF8, - SECRET_PERSONAL, + SECRET_PERSONAL } from "../../variables"; import { BadRequestError, UnauthorizedRequestError } from "../../utils/errors"; import { EventService } from "../../services"; @@ -21,7 +22,7 @@ import { PERMISSION_WRITE_SECRETS } from "../../variables"; import { userHasNoAbility, userHasWorkspaceAccess, - userHasWriteOnlyAbility, + userHasWriteOnlyAbility } from "../../ee/helpers/checkMembershipPermissions"; import Tag from "../../models/tag"; import _ from "lodash"; @@ -30,7 +31,7 @@ import Folder from "../../models/folder"; import { getFolderByPath, getFolderIdFromServiceToken, - searchByFolderId, + searchByFolderId } from "../../services/FolderService"; /** @@ -47,7 +48,7 @@ export const batchSecrets = async (req: Request, res: Response) => { workspaceId, environment, requests, - secretPath, + secretPath }: { workspaceId: string; environment: string; @@ -63,7 +64,7 @@ export const batchSecrets = async (req: Request, res: Response) => { // get secret blind index salt const salt = await SecretService.getSecretBlindIndexSalt({ - workspaceId: new Types.ObjectId(workspaceId), + workspaceId: new Types.ObjectId(workspaceId) }); const folders = await Folder.findOne({ workspace: workspaceId, environment }); @@ -73,22 +74,22 @@ export const batchSecrets = async (req: Request, res: Response) => { } if (req.authData.authPayload instanceof ServiceTokenData) { - const { secretPath: serviceTkScopedSecretPath } = req.authData.authPayload; + const { scopes: tkScopes } = req.authData.authPayload; + const validScope = tkScopes.find( + (scope) => + picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && + scope.environment === environment + ); + // in service token when not giving secretpath folderid must be root // this is to avoid giving folderid when service tokens are used - if ( - (!secretPath && folderId !== "root") || - (secretPath && secretPath !== serviceTkScopedSecretPath) - ) { + if ((!secretPath && folderId !== "root") || (secretPath && !validScope)) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } + if (secretPath) { - folderId = await getFolderIdFromServiceToken( - workspaceId, - environment, - secretPath - ); + folderId = await getFolderIdFromServiceToken(workspaceId, environment, secretPath); } for await (const request of requests) { @@ -97,12 +98,10 @@ export const batchSecrets = async (req: Request, res: Response) => { let secretBlindIndex = ""; switch (request.method) { case "POST": - secretBlindIndex = await SecretService.generateSecretBlindIndexWithSalt( - { - secretName: request.secret.secretName, - salt, - } - ); + secretBlindIndex = await SecretService.generateSecretBlindIndexWithSalt({ + secretName: request.secret.secretName, + salt + }); createSecrets.push({ ...request.secret, @@ -113,16 +112,14 @@ export const batchSecrets = async (req: Request, res: Response) => { folder: folderId, secretBlindIndex, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, + keyEncoding: ENCODING_SCHEME_UTF8 }); break; case "PATCH": - secretBlindIndex = await SecretService.generateSecretBlindIndexWithSalt( - { - secretName: request.secret.secretName, - salt, - } - ); + secretBlindIndex = await SecretService.generateSecretBlindIndexWithSalt({ + secretName: request.secret.secretName, + salt + }); updateSecrets.push({ ...request.secret, @@ -130,7 +127,7 @@ export const batchSecrets = async (req: Request, res: Response) => { secretBlindIndex, folder: folderId, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, + keyEncoding: ENCODING_SCHEME_UTF8 }); break; case "DELETE": @@ -150,9 +147,9 @@ export const batchSecrets = async (req: Request, res: Response) => { ...n._doc, _id: new Types.ObjectId(), secret: n._id, - isDeleted: false, + isDeleted: false }; - }), + }) }); const addAction = (await EELogService.createAction({ @@ -161,7 +158,7 @@ export const batchSecrets = async (req: Request, res: Response) => { serviceAccountId: req.serviceAccount?._id, serviceTokenDataId: req.serviceTokenData?._id, workspaceId: new Types.ObjectId(workspaceId), - secretIds: createdSecrets.map((n) => n._id), + secretIds: createdSecrets.map((n) => n._id) })) as IAction; actions.push(addAction); @@ -175,8 +172,8 @@ export const batchSecrets = async (req: Request, res: Response) => { workspaceId, folderId, channel, - userAgent: req.headers?.["user-agent"], - }, + userAgent: req.headers?.["user-agent"] + } }); } } @@ -195,7 +192,7 @@ export const batchSecrets = async (req: Request, res: Response) => { listedSecretsObj = req.secrets.reduce( (obj: any, secret: ISecret) => ({ ...obj, - [secret._id.toString()]: secret, + [secret._id.toString()]: secret }), {} ); @@ -204,16 +201,16 @@ export const batchSecrets = async (req: Request, res: Response) => { updateOne: { filter: { _id: new Types.ObjectId(u._id), - workspace: new Types.ObjectId(workspaceId), + workspace: new Types.ObjectId(workspaceId) }, update: { $inc: { - version: 1, + version: 1 }, ...u, - _id: new Types.ObjectId(u._id), - }, - }, + _id: new Types.ObjectId(u._id) + } + } })); await Secret.bulkWrite(updateOperations); @@ -240,25 +237,25 @@ export const batchSecrets = async (req: Request, res: Response) => { algorithm: ALGORITHM_AES_256_GCM, keyEncoding: ENCODING_SCHEME_UTF8, tags: u.tags, - folder: u.folder, + folder: u.folder }) ); await EESecretService.addSecretVersions({ - secretVersions, + secretVersions }); updatedSecrets = await Secret.find({ _id: { - $in: updateSecrets.map((u) => new Types.ObjectId(u._id)), - }, + $in: updateSecrets.map((u) => new Types.ObjectId(u._id)) + } }); const updateAction = (await EELogService.createAction({ name: ACTION_UPDATE_SECRETS, userId: req.user._id, workspaceId: new Types.ObjectId(workspaceId), - secretIds: updatedSecrets.map((u) => u._id), + secretIds: updatedSecrets.map((u) => u._id) })) as IAction; actions.push(updateAction); @@ -272,8 +269,8 @@ export const batchSecrets = async (req: Request, res: Response) => { workspaceId, folderId, channel, - userAgent: req.headers?.["user-agent"], - }, + userAgent: req.headers?.["user-agent"] + } }); } } @@ -282,19 +279,19 @@ export const batchSecrets = async (req: Request, res: Response) => { if (deleteSecrets.length > 0) { await Secret.deleteMany({ _id: { - $in: deleteSecrets, - }, + $in: deleteSecrets + } }); await EESecretService.markDeletedSecretVersions({ - secretIds: deleteSecrets, + secretIds: deleteSecrets }); const deleteAction = (await EELogService.createAction({ name: ACTION_DELETE_SECRETS, userId: req.user._id, workspaceId: new Types.ObjectId(workspaceId), - secretIds: deleteSecrets, + secretIds: deleteSecrets })) as IAction; actions.push(deleteAction); @@ -307,8 +304,8 @@ export const batchSecrets = async (req: Request, res: Response) => { environment, workspaceId, channel: channel, - userAgent: req.headers?.["user-agent"], - }, + userAgent: req.headers?.["user-agent"] + } }); } } @@ -320,22 +317,22 @@ export const batchSecrets = async (req: Request, res: Response) => { workspaceId: new Types.ObjectId(workspaceId), actions, channel, - ipAddress: req.realIP, + ipAddress: req.realIP }); } // // trigger event - push secrets await EventService.handleEvent({ event: eventPushSecrets({ - workspaceId: new Types.ObjectId(workspaceId), - }), + workspaceId: new Types.ObjectId(workspaceId) + }) }); // (EE) take a secret snapshot await EESecretService.takeSecretSnapshot({ workspaceId: new Types.ObjectId(workspaceId), environment, - folderId, + folderId }); const resObj: { [key: string]: ISecret[] | string[] } = {}; @@ -418,7 +415,7 @@ export const createSecrets = async (req: Request, res: Response) => { const { workspaceId, environment, - secretPath, + secretPath }: { workspaceId: string; environment: string; @@ -435,8 +432,7 @@ export const createSecrets = async (req: Request, res: Response) => { ); if (!hasAccess) { throw UnauthorizedRequestError({ - message: - "You do not have the necessary permission(s) perform this action", + message: "You do not have the necessary permission(s) perform this action" }); } } @@ -449,28 +445,28 @@ export const createSecrets = async (req: Request, res: Response) => { // case: create 1 secret listOfSecretsToCreate = [req.body.secrets]; } + if (req.authData.authPayload instanceof ServiceTokenData) { - const { secretPath: serviceTkScopedSecretPath } = req.authData.authPayload; + const { scopes: tkScopes } = req.authData.authPayload; + const validScope = tkScopes.find( + (scope) => + picomatch.isMatch(secretPath || "/", scope.secretPath, { strictSlashes: false }) && + scope.environment === environment + ); + // in service token when not giving secretpath folderid must be root // this is to avoid giving folderid when service tokens are used - if ( - (!secretPath && folderId !== "root") || - (secretPath && secretPath !== serviceTkScopedSecretPath) - ) { + if ((!secretPath && folderId !== "root") || (secretPath && !validScope)) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } if (secretPath) { - folderId = await getFolderIdFromServiceToken( - workspaceId, - environment, - secretPath - ); + folderId = await getFolderIdFromServiceToken(workspaceId, environment, secretPath); } // get secret blind index salt const salt = await SecretService.getSecretBlindIndexSalt({ - workspaceId: new Types.ObjectId(workspaceId), + workspaceId: new Types.ObjectId(workspaceId) }); type secretsToCreateType = { @@ -502,15 +498,14 @@ export const createSecrets = async (req: Request, res: Response) => { secretCommentCiphertext, secretCommentIV, secretCommentTag, - tags, + tags }: secretsToCreateType) => { let secretBlindIndex; if (secretName) { - secretBlindIndex = - await SecretService.generateSecretBlindIndexWithSalt({ - secretName, - salt, - }); + secretBlindIndex = await SecretService.generateSecretBlindIndexWithSalt({ + secretName, + salt + }); } return { @@ -532,22 +527,22 @@ export const createSecrets = async (req: Request, res: Response) => { secretCommentTag, algorithm: ALGORITHM_AES_256_GCM, keyEncoding: ENCODING_SCHEME_UTF8, - tags, + tags }; } ) ); - const newlyCreatedSecrets: ISecret[] = ( - await Secret.insertMany(secretsToInsert) - ).map((insertedSecret) => insertedSecret.toObject()); + const newlyCreatedSecrets: ISecret[] = (await Secret.insertMany(secretsToInsert)).map( + (insertedSecret) => insertedSecret.toObject() + ); setTimeout(async () => { // trigger event - push secrets await EventService.handleEvent({ event: eventPushSecrets({ - workspaceId: new Types.ObjectId(workspaceId), - }), + workspaceId: new Types.ObjectId(workspaceId) + }) }); }, 5000); @@ -567,7 +562,7 @@ export const createSecrets = async (req: Request, res: Response) => { secretKeyTag, secretValueCiphertext, secretValueIV, - secretValueTag, + secretValueTag }) => new SecretVersion({ secret: _id, @@ -586,9 +581,9 @@ export const createSecrets = async (req: Request, res: Response) => { secretValueTag, folder: folderId, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, + keyEncoding: ENCODING_SCHEME_UTF8 }) - ), + ) }); const addAction = await EELogService.createAction({ @@ -597,7 +592,7 @@ export const createSecrets = async (req: Request, res: Response) => { serviceAccountId: req.serviceAccount?._id, serviceTokenDataId: req.serviceTokenData?._id, workspaceId: new Types.ObjectId(workspaceId), - secretIds: newlyCreatedSecrets.map((n) => n._id), + secretIds: newlyCreatedSecrets.map((n) => n._id) }); // (EE) create (audit) log @@ -609,14 +604,14 @@ export const createSecrets = async (req: Request, res: Response) => { workspaceId: new Types.ObjectId(workspaceId), actions: [addAction], channel, - ipAddress: req.realIP, + ipAddress: req.realIP })); // (EE) take a secret snapshot await EESecretService.takeSecretSnapshot({ workspaceId: new Types.ObjectId(workspaceId), environment, - folderId, + folderId }); const postHogClient = await TelemetryService.getPostHogClient(); @@ -624,7 +619,7 @@ export const createSecrets = async (req: Request, res: Response) => { postHogClient.capture({ event: "secrets added", distinctId: await TelemetryService.getDistinctId({ - authData: req.authData, + authData: req.authData }), properties: { numberOfSecrets: listOfSecretsToCreate.length, @@ -632,13 +627,13 @@ export const createSecrets = async (req: Request, res: Response) => { workspaceId, channel: channel, folderId, - userAgent: req.headers?.["user-agent"], - }, + userAgent: req.headers?.["user-agent"] + } }); } return res.status(200).send({ - secrets: newlyCreatedSecrets, + secrets: newlyCreatedSecrets }); }; @@ -696,10 +691,7 @@ export const getSecrets = async (req: Request, res: Response) => { const environment = req.query.environment as string; const folders = await Folder.findOne({ workspace: workspaceId, environment }); - if ( - (!folders && folderId && folderId !== "root") || - (!folders && secretPath) - ) { + if ((!folders && folderId && folderId !== "root") || (!folders && secretPath)) { res.send({ secrets: [] }); return; } @@ -712,13 +704,17 @@ export const getSecrets = async (req: Request, res: Response) => { } if (req.authData.authPayload instanceof ServiceTokenData) { - const { secretPath: serviceTkScopedSecretPath } = req.authData.authPayload; + const { scopes: tkScopes } = req.authData.authPayload; + const validScope = tkScopes.find( + (scope) => + picomatch.isMatch((secretPath as string) || "/", scope.secretPath, { + strictSlashes: false + }) && scope.environment === environment + ); + // in service token when not giving secretpath folderid must be root // this is to avoid giving folderid when service tokens are used - if ( - (!secretPath && folderId !== "root") || - (secretPath && secretPath !== serviceTkScopedSecretPath) - ) { + if ((!secretPath && folderId !== "root") || (secretPath && !validScope)) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } @@ -738,8 +734,7 @@ export const getSecrets = async (req: Request, res: Response) => { // query tags table to get all tags ids for the tag names for the given workspace let tagIds = []; - const tagNamesList = - typeof tagSlugs === "string" && tagSlugs !== "" ? tagSlugs.split(",") : []; + const tagNamesList = typeof tagSlugs === "string" && tagSlugs !== "" ? tagSlugs.split(",") : []; if (tagNamesList != undefined && tagNamesList.length != 0) { const workspaceFromDB = await Tag.find({ workspace: workspaceId }); tagIds = _.map(tagNamesList, (tagName: string) => { @@ -762,8 +757,7 @@ export const getSecrets = async (req: Request, res: Response) => { ); if (hasNoAccess) { throw UnauthorizedRequestError({ - message: - "You do not have the necessary permission(s) perform this action", + message: "You do not have the necessary permission(s) perform this action" }); } @@ -773,8 +767,8 @@ export const getSecrets = async (req: Request, res: Response) => { folder: folderId, $or: [ { user: req.user._id }, // personal secrets for this user - { user: { $exists: false } }, // shared secrets from workspace - ], + { user: { $exists: false } } // shared secrets from workspace + ] }; if (tagIds.length > 0) { @@ -801,8 +795,8 @@ export const getSecrets = async (req: Request, res: Response) => { environment, $or: [ { user: userId }, // personal secrets for this user - { user: { $exists: false } }, // shared secrets from workspace - ], + { user: { $exists: false } } // shared secrets from workspace + ] }; if (tagIds.length > 0) { @@ -820,7 +814,7 @@ export const getSecrets = async (req: Request, res: Response) => { workspace: workspaceId, environment, folder: folderId, - user: { $exists: false }, // shared secrets only from workspace + user: { $exists: false } // shared secrets only from workspace }; if (tagIds.length > 0) { @@ -838,7 +832,7 @@ export const getSecrets = async (req: Request, res: Response) => { serviceAccountId: req.serviceAccount?._id, serviceTokenDataId: req.serviceTokenData?._id, workspaceId: new Types.ObjectId(workspaceId as string), - secretIds: secrets.map((n: any) => n._id), + secretIds: secrets.map((n: any) => n._id) }); readAction && @@ -849,7 +843,7 @@ export const getSecrets = async (req: Request, res: Response) => { workspaceId: new Types.ObjectId(workspaceId as string), actions: [readAction], channel, - ipAddress: req.realIP, + ipAddress: req.realIP })); const postHogClient = await TelemetryService.getPostHogClient(); @@ -857,7 +851,7 @@ export const getSecrets = async (req: Request, res: Response) => { postHogClient.capture({ event: "secrets pulled", distinctId: await TelemetryService.getDistinctId({ - authData: req.authData, + authData: req.authData }), properties: { numberOfSecrets: secrets.length, @@ -865,13 +859,13 @@ export const getSecrets = async (req: Request, res: Response) => { workspaceId, channel, folderId, - userAgent: req.headers?.["user-agent"], - }, + userAgent: req.headers?.["user-agent"] + } }); } return res.status(200).send({ - secrets, + secrets }); }; @@ -925,9 +919,7 @@ export const updateSecrets = async (req: Request, res: Response) => { } } */ - const channel = req.headers?.["user-agent"]?.toLowerCase().includes("mozilla") - ? "web" - : "cli"; + const channel = req.headers?.["user-agent"]?.toLowerCase().includes("mozilla") ? "web" : "cli"; interface PatchSecret { id: string; @@ -943,51 +935,47 @@ export const updateSecrets = async (req: Request, res: Response) => { tags: string[]; } - const updateOperationsToPerform = req.body.secrets.map( - (secret: PatchSecret) => { - const { - secretKeyCiphertext, - secretKeyIV, - secretKeyTag, - secretValueCiphertext, - secretValueIV, - secretValueTag, - secretCommentCiphertext, - secretCommentIV, - secretCommentTag, - tags, - } = secret; + const updateOperationsToPerform = req.body.secrets.map((secret: PatchSecret) => { + const { + secretKeyCiphertext, + secretKeyIV, + secretKeyTag, + secretValueCiphertext, + secretValueIV, + secretValueTag, + secretCommentCiphertext, + secretCommentIV, + secretCommentTag, + tags + } = secret; - return { - updateOne: { - filter: { _id: new Types.ObjectId(secret.id) }, - update: { - $inc: { - version: 1, - }, - secretKeyCiphertext, - secretKeyIV, - secretKeyTag, - secretValueCiphertext, - secretValueIV, - secretValueTag, - algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, - tags, - ...(secretCommentCiphertext !== undefined && - secretCommentIV && - secretCommentTag - ? { - secretCommentCiphertext, - secretCommentIV, - secretCommentTag, - } - : {}), + return { + updateOne: { + filter: { _id: new Types.ObjectId(secret.id) }, + update: { + $inc: { + version: 1 }, - }, - }; - } - ); + secretKeyCiphertext, + secretKeyIV, + secretKeyTag, + secretValueCiphertext, + secretValueIV, + secretValueTag, + algorithm: ALGORITHM_AES_256_GCM, + keyEncoding: ENCODING_SCHEME_UTF8, + tags, + ...(secretCommentCiphertext !== undefined && secretCommentIV && secretCommentTag + ? { + secretCommentCiphertext, + secretCommentIV, + secretCommentTag + } + : {}) + } + } + }; + }); await Secret.bulkWrite(updateOperationsToPerform); @@ -1009,7 +997,7 @@ export const updateSecrets = async (req: Request, res: Response) => { secretCommentCiphertext, secretCommentIV, secretCommentTag, - tags, + tags } = secretModificationsBySecretId[secret._id.toString()]; return { @@ -1018,9 +1006,7 @@ export const updateSecrets = async (req: Request, res: Response) => { workspace: secret.workspace, type: secret.type, environment: secret.environment, - secretKeyCiphertext: secretKeyCiphertext - ? secretKeyCiphertext - : secret.secretKeyCiphertext, + secretKeyCiphertext: secretKeyCiphertext ? secretKeyCiphertext : secret.secretKeyCiphertext, secretKeyIV: secretKeyIV ? secretKeyIV : secret.secretKeyIV, secretKeyTag: secretKeyTag ? secretKeyTag : secret.secretKeyTag, secretValueCiphertext: secretValueCiphertext @@ -1031,17 +1017,13 @@ export const updateSecrets = async (req: Request, res: Response) => { secretCommentCiphertext: secretCommentCiphertext ? secretCommentCiphertext : secret.secretCommentCiphertext, - secretCommentIV: secretCommentIV - ? secretCommentIV - : secret.secretCommentIV, - secretCommentTag: secretCommentTag - ? secretCommentTag - : secret.secretCommentTag, + secretCommentIV: secretCommentIV ? secretCommentIV : secret.secretCommentIV, + secretCommentTag: secretCommentTag ? secretCommentTag : secret.secretCommentTag, tags: tags ? tags : secret.tags, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, + keyEncoding: ENCODING_SCHEME_UTF8 }; - }), + }) }; await EESecretService.addSecretVersions(secretVersions); @@ -1062,8 +1044,8 @@ export const updateSecrets = async (req: Request, res: Response) => { setTimeout(async () => { await EventService.handleEvent({ event: eventPushSecrets({ - workspaceId: new Types.ObjectId(key), - }), + workspaceId: new Types.ObjectId(key) + }) }); }, 10000); @@ -1073,7 +1055,7 @@ export const updateSecrets = async (req: Request, res: Response) => { serviceAccountId: req.serviceAccount?._id, serviceTokenDataId: req.serviceTokenData?._id, workspaceId: new Types.ObjectId(key), - secretIds: workspaceSecretObj[key].map((secret: ISecret) => secret._id), + secretIds: workspaceSecretObj[key].map((secret: ISecret) => secret._id) }); // (EE) create (audit) log @@ -1085,7 +1067,7 @@ export const updateSecrets = async (req: Request, res: Response) => { workspaceId: new Types.ObjectId(key), actions: [updateAction], channel, - ipAddress: req.realIP, + ipAddress: req.realIP })); // (EE) take a secret snapshot @@ -1101,15 +1083,15 @@ export const updateSecrets = async (req: Request, res: Response) => { postHogClient.capture({ event: "secrets modified", distinctId: await TelemetryService.getDistinctId({ - authData: req.authData, + authData: req.authData }), properties: { numberOfSecrets: workspaceSecretObj[key].length, environment: workspaceSecretObj[key][0].environment, workspaceId: key, channel: channel, - userAgent: req.headers?.["user-agent"], - }, + userAgent: req.headers?.["user-agent"] + } }); } }); @@ -1117,9 +1099,9 @@ export const updateSecrets = async (req: Request, res: Response) => { return res.status(200).send({ secrets: await Secret.find({ _id: { - $in: req.secrets.map((secret: ISecret) => secret._id), - }, - }), + $in: req.secrets.map((secret: ISecret) => secret._id) + } + }) }); }; @@ -1179,12 +1161,12 @@ export const deleteSecrets = async (req: Request, res: Response) => { await Secret.deleteMany({ _id: { - $in: toDelete, - }, + $in: toDelete + } }); await EESecretService.markDeletedSecretVersions({ - secretIds: toDelete, + secretIds: toDelete }); // group secrets into workspaces so deleted secrets can @@ -1202,8 +1184,8 @@ export const deleteSecrets = async (req: Request, res: Response) => { // trigger event - push secrets await EventService.handleEvent({ event: eventPushSecrets({ - workspaceId: new Types.ObjectId(key), - }), + workspaceId: new Types.ObjectId(key) + }) }); const deleteAction = await EELogService.createAction({ name: ACTION_DELETE_SECRETS, @@ -1211,7 +1193,7 @@ export const deleteSecrets = async (req: Request, res: Response) => { serviceAccountId: req.serviceAccount?._id, serviceTokenDataId: req.serviceTokenData?._id, workspaceId: new Types.ObjectId(key), - secretIds: workspaceSecretObj[key].map((secret: ISecret) => secret._id), + secretIds: workspaceSecretObj[key].map((secret: ISecret) => secret._id) }); // (EE) create (audit) log @@ -1223,7 +1205,7 @@ export const deleteSecrets = async (req: Request, res: Response) => { workspaceId: new Types.ObjectId(key), actions: [deleteAction], channel, - ipAddress: req.realIP, + ipAddress: req.realIP })); // (EE) take a secret snapshot @@ -1237,20 +1219,20 @@ export const deleteSecrets = async (req: Request, res: Response) => { postHogClient.capture({ event: "secrets deleted", distinctId: await TelemetryService.getDistinctId({ - authData: req.authData, + authData: req.authData }), properties: { numberOfSecrets: workspaceSecretObj[key].length, environment: workspaceSecretObj[key][0].environment, workspaceId: key, channel: channel, - userAgent: req.headers?.["user-agent"], - }, + userAgent: req.headers?.["user-agent"] + } }); } }); return res.status(200).send({ - secrets: req.secrets, + secrets: req.secrets }); }; diff --git a/backend/src/controllers/v2/serviceTokenDataController.ts b/backend/src/controllers/v2/serviceTokenDataController.ts index 304311da78..d81fb97d69 100644 --- a/backend/src/controllers/v2/serviceTokenDataController.ts +++ b/backend/src/controllers/v2/serviceTokenDataController.ts @@ -2,10 +2,7 @@ import { Request, Response } from "express"; import crypto from "crypto"; import bcrypt from "bcrypt"; import { ServiceAccount, ServiceTokenData, User } from "../../models"; -import { - AUTH_MODE_JWT, - AUTH_MODE_SERVICE_ACCOUNT, -} from "../../variables"; +import { AUTH_MODE_JWT, AUTH_MODE_SERVICE_ACCOUNT } from "../../variables"; import { getSaltRounds } from "../../config"; import { BadRequestError } from "../../utils/errors"; import Folder from "../../models/folder"; @@ -46,14 +43,13 @@ export const getServiceTokenData = async (req: Request, res: Response) => { if (!(req.authData.authPayload instanceof ServiceTokenData)) throw BadRequestError({ - message: "Failed accepted client validation for service token data", + message: "Failed accepted client validation for service token data" }); - const serviceTokenData = await ServiceTokenData.findById( - req.authData.authPayload._id - ) + const serviceTokenData = await ServiceTokenData.findById(req.authData.authPayload._id) .select("+encryptedKey +iv +tag") - .populate("user").lean(); + .populate("user") + .lean(); return res.status(200).json(serviceTokenData); }; @@ -68,29 +64,7 @@ export const getServiceTokenData = async (req: Request, res: Response) => { export const createServiceTokenData = async (req: Request, res: Response) => { let serviceTokenData; - const { - name, - workspaceId, - environment, - encryptedKey, - iv, - tag, - expiresIn, - secretPath, - permissions, - } = req.body; - - const folders = await Folder.findOne({ - workspace: workspaceId, - environment, - }); - - if (folders) { - const folder = getFolderByPath(folders.nodes, secretPath); - if (folder == undefined) { - throw BadRequestError({ message: "Path for service token does not exist" }) - } - } + const { name, workspaceId, encryptedKey, iv, tag, expiresIn, permissions, scopes } = req.body; const secret = crypto.randomBytes(16).toString("hex"); const secretHash = await bcrypt.hash(secret, await getSaltRounds()); @@ -103,10 +77,7 @@ export const createServiceTokenData = async (req: Request, res: Response) => { let user, serviceAccount; - if ( - req.authData.authMode === AUTH_MODE_JWT && - req.authData.authPayload instanceof User - ) { + if (req.authData.authMode === AUTH_MODE_JWT && req.authData.authPayload instanceof User) { user = req.authData.authPayload._id; } @@ -120,17 +91,16 @@ export const createServiceTokenData = async (req: Request, res: Response) => { serviceTokenData = await new ServiceTokenData({ name, workspace: workspaceId, - environment, user, serviceAccount, + scopes, lastUsed: new Date(), expiresAt, secretHash, encryptedKey, iv, tag, - secretPath, - permissions, + permissions }).save(); // return service token data without sensitive data @@ -142,7 +112,7 @@ export const createServiceTokenData = async (req: Request, res: Response) => { return res.status(200).send({ serviceToken, - serviceTokenData, + serviceTokenData }); }; @@ -155,11 +125,9 @@ export const createServiceTokenData = async (req: Request, res: Response) => { export const deleteServiceTokenData = async (req: Request, res: Response) => { const { serviceTokenDataId } = req.params; - const serviceTokenData = await ServiceTokenData.findByIdAndDelete( - serviceTokenDataId - ); + const serviceTokenData = await ServiceTokenData.findByIdAndDelete(serviceTokenDataId); return res.status(200).send({ - serviceTokenData, + serviceTokenData }); }; diff --git a/backend/src/helpers/secrets.ts b/backend/src/helpers/secrets.ts index 51731bb6a8..cd964fe9f5 100644 --- a/backend/src/helpers/secrets.ts +++ b/backend/src/helpers/secrets.ts @@ -4,21 +4,16 @@ import { DeleteSecretParams, GetSecretParams, GetSecretsParams, - UpdateSecretParams, + UpdateSecretParams } from "../interfaces/services/SecretService"; -import { - ISecret, - Secret, - SecretBlindIndexData, - ServiceTokenData, -} from "../models"; +import { ISecret, Secret, SecretBlindIndexData, ServiceTokenData } from "../models"; import { SecretVersion } from "../ee/models"; import { BadRequestError, InternalServerError, SecretBlindIndexDataNotFoundError, SecretNotFoundError, - UnauthorizedRequestError, + UnauthorizedRequestError } from "../utils/errors"; import { ACTION_ADD_SECRETS, @@ -29,51 +24,42 @@ import { ENCODING_SCHEME_BASE64, ENCODING_SCHEME_UTF8, SECRET_PERSONAL, - SECRET_SHARED, + SECRET_SHARED } from "../variables"; import crypto from "crypto"; import * as argon2 from "argon2"; import { decryptSymmetric128BitHexKeyUTF8, - encryptSymmetric128BitHexKeyUTF8, + encryptSymmetric128BitHexKeyUTF8 } from "../utils/crypto"; import { TelemetryService } from "../services"; import { client, getEncryptionKey, getRootEncryptionKey } from "../config"; import { EELogService, EESecretService } from "../ee/services"; -import { - getAuthDataPayloadIdObj, - getAuthDataPayloadUserObj, -} from "../utils/auth"; +import { getAuthDataPayloadIdObj, getAuthDataPayloadUserObj } from "../utils/auth"; import { getFolderIdFromServiceToken } from "../services/FolderService"; +import picomatch from "picomatch"; /** * Returns an object containing secret [secret] but with its value, key, comment decrypted. - * + * * Precondition: the workspace for secret [secret] must have E2EE disabled * @param {ISecret} secret - secret to repackage to raw * @param {String} key - symmetric key to use to decrypt secret - * @returns + * @returns */ -export const repackageSecretToRaw = ({ - secret, - key, -}: { - secret: ISecret; - key: string; -}) => { - +export const repackageSecretToRaw = ({ secret, key }: { secret: ISecret; key: string }) => { const secretKey = decryptSymmetric128BitHexKeyUTF8({ ciphertext: secret.secretKeyCiphertext, iv: secret.secretKeyIV, tag: secret.secretKeyTag, - key, + key }); const secretValue = decryptSymmetric128BitHexKeyUTF8({ ciphertext: secret.secretValueCiphertext, iv: secret.secretValueIV, tag: secret.secretValueTag, - key, + key }); let secretComment = ""; @@ -83,11 +69,11 @@ export const repackageSecretToRaw = ({ ciphertext: secret.secretCommentCiphertext, iv: secret.secretCommentIV, tag: secret.secretCommentTag, - key, + key }); } - return ({ + return { _id: secret._id, version: secret.version, workspace: secret.workspace, @@ -96,9 +82,9 @@ export const repackageSecretToRaw = ({ user: secret.user, secretKey, secretValue, - secretComment, - }); -} + secretComment + }; +}; /** * Create secret blind index data containing encrypted blind index [salt] @@ -107,7 +93,7 @@ export const repackageSecretToRaw = ({ * @param {Types.ObjectId} obj.workspaceId */ export const createSecretBlindIndexDataHelper = async ({ - workspaceId, + workspaceId }: { workspaceId: Types.ObjectId; }) => { @@ -121,7 +107,7 @@ export const createSecretBlindIndexDataHelper = async ({ const { ciphertext: encryptedSaltCiphertext, iv: saltIV, - tag: saltTag, + tag: saltTag } = client.encryptSymmetric(salt, rootEncryptionKey); return await new SecretBlindIndexData({ @@ -130,16 +116,16 @@ export const createSecretBlindIndexDataHelper = async ({ saltIV, saltTag, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_BASE64, + keyEncoding: ENCODING_SCHEME_BASE64 }).save(); } else { const { ciphertext: encryptedSaltCiphertext, iv: saltIV, - tag: saltTag, + tag: saltTag } = encryptSymmetric128BitHexKeyUTF8({ plaintext: salt, - key: encryptionKey, + key: encryptionKey }); return await new SecretBlindIndexData({ @@ -148,7 +134,7 @@ export const createSecretBlindIndexDataHelper = async ({ saltIV, saltTag, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, + keyEncoding: ENCODING_SCHEME_UTF8 }).save(); } }; @@ -160,7 +146,7 @@ export const createSecretBlindIndexDataHelper = async ({ * @returns */ export const getSecretBlindIndexSaltHelper = async ({ - workspaceId, + workspaceId }: { workspaceId: Types.ObjectId; }) => { @@ -168,36 +154,30 @@ export const getSecretBlindIndexSaltHelper = async ({ const rootEncryptionKey = await getRootEncryptionKey(); const secretBlindIndexData = await SecretBlindIndexData.findOne({ - workspace: workspaceId, + workspace: workspaceId }).select("+algorithm +keyEncoding"); if (!secretBlindIndexData) throw SecretBlindIndexDataNotFoundError(); - if ( - rootEncryptionKey && - secretBlindIndexData.keyEncoding === ENCODING_SCHEME_BASE64 - ) { + if (rootEncryptionKey && secretBlindIndexData.keyEncoding === ENCODING_SCHEME_BASE64) { return client.decryptSymmetric( secretBlindIndexData.encryptedSaltCiphertext, rootEncryptionKey, secretBlindIndexData.saltIV, secretBlindIndexData.saltTag ); - } else if ( - encryptionKey && - secretBlindIndexData.keyEncoding === ENCODING_SCHEME_UTF8 - ) { + } else if (encryptionKey && secretBlindIndexData.keyEncoding === ENCODING_SCHEME_UTF8) { // decrypt workspace salt return decryptSymmetric128BitHexKeyUTF8({ ciphertext: secretBlindIndexData.encryptedSaltCiphertext, iv: secretBlindIndexData.saltIV, tag: secretBlindIndexData.saltTag, - key: encryptionKey, + key: encryptionKey }); } throw InternalServerError({ - message: "Failed to obtain workspace salt needed for secret blind indexing", + message: "Failed to obtain workspace salt needed for secret blind indexing" }); }; @@ -210,7 +190,7 @@ export const getSecretBlindIndexSaltHelper = async ({ */ export const generateSecretBlindIndexWithSaltHelper = async ({ secretName, - salt, + salt }: { secretName: string; salt: string; @@ -224,7 +204,7 @@ export const generateSecretBlindIndexWithSaltHelper = async ({ memoryCost: 65536, // default pool of 64 MiB per thread. hashLength: 32, parallelism: 1, - raw: true, + raw: true }) ).toString("base64"); @@ -240,7 +220,7 @@ export const generateSecretBlindIndexWithSaltHelper = async ({ */ export const generateSecretBlindIndexHelper = async ({ secretName, - workspaceId, + workspaceId }: { secretName: string; workspaceId: Types.ObjectId; @@ -250,16 +230,13 @@ export const generateSecretBlindIndexHelper = async ({ const rootEncryptionKey = await getRootEncryptionKey(); const secretBlindIndexData = await SecretBlindIndexData.findOne({ - workspace: workspaceId, + workspace: workspaceId }).select("+algorithm +keyEncoding"); if (!secretBlindIndexData) throw SecretBlindIndexDataNotFoundError(); let salt; - if ( - rootEncryptionKey && - secretBlindIndexData.keyEncoding === ENCODING_SCHEME_BASE64 - ) { + if (rootEncryptionKey && secretBlindIndexData.keyEncoding === ENCODING_SCHEME_BASE64) { salt = client.decryptSymmetric( secretBlindIndexData.encryptedSaltCiphertext, rootEncryptionKey, @@ -269,32 +246,29 @@ export const generateSecretBlindIndexHelper = async ({ const secretBlindIndex = await generateSecretBlindIndexWithSaltHelper({ secretName, - salt, + salt }); return secretBlindIndex; - } else if ( - encryptionKey && - secretBlindIndexData.keyEncoding === ENCODING_SCHEME_UTF8 - ) { + } else if (encryptionKey && secretBlindIndexData.keyEncoding === ENCODING_SCHEME_UTF8) { // decrypt workspace salt salt = decryptSymmetric128BitHexKeyUTF8({ ciphertext: secretBlindIndexData.encryptedSaltCiphertext, iv: secretBlindIndexData.saltIV, tag: secretBlindIndexData.saltTag, - key: encryptionKey, + key: encryptionKey }); const secretBlindIndex = await generateSecretBlindIndexWithSaltHelper({ secretName, - salt, + salt }); return secretBlindIndex; } throw InternalServerError({ - message: "Failed to generate secret blind index", + message: "Failed to generate secret blind index" }); }; @@ -323,38 +297,39 @@ export const createSecretHelper = async ({ secretCommentCiphertext, secretCommentIV, secretCommentTag, - secretPath = "/", + secretPath = "/" }: CreateSecretParams) => { - const secretBlindIndex = await generateSecretBlindIndexHelper({ secretName, - workspaceId: new Types.ObjectId(workspaceId), + workspaceId: new Types.ObjectId(workspaceId) }); // if using service token filter towards the folderId by secretpath if (authData.authPayload instanceof ServiceTokenData) { - const { secretPath: serviceTkScopedSecretPath } = authData.authPayload; - if (secretPath !== serviceTkScopedSecretPath) { + const { scopes: tkScopes } = authData.authPayload; + const validScope = tkScopes.find( + (scope) => + picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && + scope.environment === environment + ); + + if (!validScope) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } - const folderId = await getFolderIdFromServiceToken( - workspaceId, - environment, - secretPath - ); + const folderId = await getFolderIdFromServiceToken(workspaceId, environment, secretPath); const exists = await Secret.exists({ secretBlindIndex, workspace: new Types.ObjectId(workspaceId), folder: folderId, type, - ...(type === SECRET_PERSONAL ? getAuthDataPayloadUserObj(authData) : {}), + ...(type === SECRET_PERSONAL ? getAuthDataPayloadUserObj(authData) : {}) }); if (exists) throw BadRequestError({ - message: "Failed to create secret that already exists", + message: "Failed to create secret that already exists" }); if (type === SECRET_PERSONAL) { @@ -365,13 +340,12 @@ export const createSecretHelper = async ({ secretBlindIndex, folder: folderId, workspace: new Types.ObjectId(workspaceId), - type: SECRET_SHARED, + type: SECRET_SHARED }); if (!exists) throw BadRequestError({ - message: - "Failed to create personal secret override for no corresponding shared secret", + message: "Failed to create personal secret override for no corresponding shared secret" }); } @@ -394,7 +368,7 @@ export const createSecretHelper = async ({ secretCommentTag, folder: folderId, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, + keyEncoding: ENCODING_SCHEME_UTF8 }).save(); const secretVersion = new SecretVersion({ @@ -414,12 +388,12 @@ export const createSecretHelper = async ({ secretValueIV, secretValueTag, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, + keyEncoding: ENCODING_SCHEME_UTF8 }); // (EE) add version for new secret await EESecretService.addSecretVersions({ - secretVersions: [secretVersion], + secretVersions: [secretVersion] }); // (EE) create (audit) log @@ -427,7 +401,7 @@ export const createSecretHelper = async ({ name: ACTION_ADD_SECRETS, ...getAuthDataPayloadIdObj(authData), workspaceId, - secretIds: [secret._id], + secretIds: [secret._id] }); action && @@ -436,14 +410,14 @@ export const createSecretHelper = async ({ workspaceId, actions: [action], channel: authData.authChannel, - ipAddress: authData.authIP, + ipAddress: authData.authIP })); // (EE) take a secret snapshot await EESecretService.takeSecretSnapshot({ workspaceId, environment, - folderId, + folderId }); const postHogClient = await TelemetryService.getPostHogClient(); @@ -452,7 +426,7 @@ export const createSecretHelper = async ({ postHogClient.capture({ event: "secrets added", distinctId: await TelemetryService.getDistinctId({ - authData, + authData }), properties: { numberOfSecrets: 1, @@ -460,8 +434,8 @@ export const createSecretHelper = async ({ workspaceId, folderId, channel: authData.authChannel, - userAgent: authData.authUserAgent, - }, + userAgent: authData.authUserAgent + } }); } @@ -480,21 +454,23 @@ export const getSecretsHelper = async ({ workspaceId, environment, authData, - secretPath = "/", + secretPath = "/" }: GetSecretsParams) => { let secrets: ISecret[] = []; // if using service token filter towards the folderId by secretpath if (authData.authPayload instanceof ServiceTokenData) { - const { secretPath: serviceTkScopedSecretPath } = authData.authPayload; - if (secretPath !== serviceTkScopedSecretPath) { + const { scopes: tkScopes } = authData.authPayload; + const validScope = tkScopes.find( + (scope) => + picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && + scope.environment === environment + ); + + if (!validScope) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } - const folderId = await getFolderIdFromServiceToken( - workspaceId, - environment, - secretPath - ); + const folderId = await getFolderIdFromServiceToken(workspaceId, environment, secretPath); // get personal secrets first secrets = await Secret.find({ @@ -502,8 +478,10 @@ export const getSecretsHelper = async ({ environment, folder: folderId, type: SECRET_PERSONAL, - ...getAuthDataPayloadUserObj(authData), - }).populate("tags").lean(); + ...getAuthDataPayloadUserObj(authData) + }) + .populate("tags") + .lean(); // concat with shared secrets secrets = secrets.concat( @@ -513,9 +491,11 @@ export const getSecretsHelper = async ({ folder: folderId, type: SECRET_SHARED, secretBlindIndex: { - $nin: secrets.map((secret) => secret.secretBlindIndex), - }, - }).populate("tags").lean() + $nin: secrets.map((secret) => secret.secretBlindIndex) + } + }) + .populate("tags") + .lean() ); // (EE) create (audit) log @@ -523,7 +503,7 @@ export const getSecretsHelper = async ({ name: ACTION_READ_SECRETS, ...getAuthDataPayloadIdObj(authData), workspaceId, - secretIds: secrets.map((secret) => secret._id), + secretIds: secrets.map((secret) => secret._id) }); action && @@ -532,7 +512,7 @@ export const getSecretsHelper = async ({ workspaceId, actions: [action], channel: authData.authChannel, - ipAddress: authData.authIP, + ipAddress: authData.authIP })); const postHogClient = await TelemetryService.getPostHogClient(); @@ -541,7 +521,7 @@ export const getSecretsHelper = async ({ postHogClient.capture({ event: "secrets pulled", distinctId: await TelemetryService.getDistinctId({ - authData, + authData }), properties: { numberOfSecrets: secrets.length, @@ -549,8 +529,8 @@ export const getSecretsHelper = async ({ workspaceId, folderId, channel: authData.authChannel, - userAgent: authData.authUserAgent, - }, + userAgent: authData.authUserAgent + } }); } @@ -573,25 +553,27 @@ export const getSecretHelper = async ({ environment, type, authData, - secretPath = "/", + secretPath = "/" }: GetSecretParams) => { const secretBlindIndex = await generateSecretBlindIndexHelper({ secretName, - workspaceId: new Types.ObjectId(workspaceId), + workspaceId: new Types.ObjectId(workspaceId) }); let secret: ISecret | null = null; // if using service token filter towards the folderId by secretpath if (authData.authPayload instanceof ServiceTokenData) { - const { secretPath: serviceTkScopedSecretPath } = authData.authPayload; - if (secretPath !== serviceTkScopedSecretPath) { + const { scopes: tkScopes } = authData.authPayload; + const validScope = tkScopes.find( + (scope) => + picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && + scope.environment === environment + ); + + if (!validScope) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } - const folderId = await getFolderIdFromServiceToken( - workspaceId, - environment, - secretPath - ); + const folderId = await getFolderIdFromServiceToken(workspaceId, environment, secretPath); // try getting personal secret first (if exists) secret = await Secret.findOne({ @@ -600,7 +582,7 @@ export const getSecretHelper = async ({ environment, folder: folderId, type: type ?? SECRET_PERSONAL, - ...(type === SECRET_PERSONAL ? getAuthDataPayloadUserObj(authData) : {}), + ...(type === SECRET_PERSONAL ? getAuthDataPayloadUserObj(authData) : {}) }).lean(); if (!secret) { @@ -611,7 +593,7 @@ export const getSecretHelper = async ({ workspace: new Types.ObjectId(workspaceId), environment, folder: folderId, - type: SECRET_SHARED, + type: SECRET_SHARED }).lean(); } @@ -622,7 +604,7 @@ export const getSecretHelper = async ({ name: ACTION_READ_SECRETS, ...getAuthDataPayloadIdObj(authData), workspaceId, - secretIds: [secret._id], + secretIds: [secret._id] }); action && @@ -631,7 +613,7 @@ export const getSecretHelper = async ({ workspaceId, actions: [action], channel: authData.authChannel, - ipAddress: authData.authIP, + ipAddress: authData.authIP })); const postHogClient = await TelemetryService.getPostHogClient(); @@ -640,7 +622,7 @@ export const getSecretHelper = async ({ postHogClient.capture({ event: "secrets pull", distinctId: await TelemetryService.getDistinctId({ - authData, + authData }), properties: { numberOfSecrets: 1, @@ -648,8 +630,8 @@ export const getSecretHelper = async ({ workspaceId, folderId, channel: authData.authChannel, - userAgent: authData.authUserAgent, - }, + userAgent: authData.authUserAgent + } }); } @@ -679,26 +661,28 @@ export const updateSecretHelper = async ({ secretValueCiphertext, secretValueIV, secretValueTag, - secretPath, + secretPath }: UpdateSecretParams) => { const secretBlindIndex = await generateSecretBlindIndexHelper({ secretName, - workspaceId: new Types.ObjectId(workspaceId), + workspaceId: new Types.ObjectId(workspaceId) }); let secret: ISecret | null = null; // if using service token filter towards the folderId by secretpath if (authData.authPayload instanceof ServiceTokenData) { - const { secretPath: serviceTkScopedSecretPath } = authData.authPayload; - if (secretPath !== serviceTkScopedSecretPath) { + const { scopes: tkScopes } = authData.authPayload; + const validScope = tkScopes.find( + (scope) => + picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && + scope.environment === environment + ); + + if (!validScope) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } - const folderId = await getFolderIdFromServiceToken( - workspaceId, - environment, - secretPath - ); + const folderId = await getFolderIdFromServiceToken(workspaceId, environment, secretPath); if (type === SECRET_SHARED) { // case: update shared secret @@ -708,16 +692,16 @@ export const updateSecretHelper = async ({ workspace: new Types.ObjectId(workspaceId), environment, folder: folderId, - type, + type }, { secretValueCiphertext, secretValueIV, secretValueTag, - $inc: { version: 1 }, + $inc: { version: 1 } }, { - new: true, + new: true } ); } else { @@ -730,16 +714,16 @@ export const updateSecretHelper = async ({ environment, type, folder: folderId, - ...getAuthDataPayloadUserObj(authData), + ...getAuthDataPayloadUserObj(authData) }, { secretValueCiphertext, secretValueIV, secretValueTag, - $inc: { version: 1 }, + $inc: { version: 1 } }, { - new: true, + new: true } ); } @@ -763,12 +747,12 @@ export const updateSecretHelper = async ({ secretValueIV, secretValueTag, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, + keyEncoding: ENCODING_SCHEME_UTF8 }); // (EE) add version for new secret await EESecretService.addSecretVersions({ - secretVersions: [secretVersion], + secretVersions: [secretVersion] }); // (EE) create (audit) log @@ -776,7 +760,7 @@ export const updateSecretHelper = async ({ name: ACTION_UPDATE_SECRETS, ...getAuthDataPayloadIdObj(authData), workspaceId, - secretIds: [secret._id], + secretIds: [secret._id] }); action && @@ -785,14 +769,14 @@ export const updateSecretHelper = async ({ workspaceId, actions: [action], channel: authData.authChannel, - ipAddress: authData.authIP, + ipAddress: authData.authIP })); // (EE) take a secret snapshot await EESecretService.takeSecretSnapshot({ workspaceId, environment, - folderId: secret?.folder, + folderId: secret?.folder }); const postHogClient = await TelemetryService.getPostHogClient(); @@ -801,7 +785,7 @@ export const updateSecretHelper = async ({ postHogClient.capture({ event: "secrets modified", distinctId: await TelemetryService.getDistinctId({ - authData, + authData }), properties: { numberOfSecrets: 1, @@ -809,8 +793,8 @@ export const updateSecretHelper = async ({ workspaceId, folderId, channel: authData.authChannel, - userAgent: authData.authUserAgent, - }, + userAgent: authData.authUserAgent + } }); } @@ -833,26 +817,27 @@ export const deleteSecretHelper = async ({ environment, type, authData, - secretPath = "/", + secretPath = "/" }: DeleteSecretParams) => { const secretBlindIndex = await generateSecretBlindIndexHelper({ secretName, - workspaceId: new Types.ObjectId(workspaceId), + workspaceId: new Types.ObjectId(workspaceId) }); // if using service token filter towards the folderId by secretpath if (authData.authPayload instanceof ServiceTokenData) { - const { secretPath: serviceTkScopedSecretPath } = authData.authPayload; + const { scopes: tkScopes } = authData.authPayload; + const validScope = tkScopes.find( + (scope) => + picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && + scope.environment === environment + ); - if (secretPath !== serviceTkScopedSecretPath) { + if (!validScope) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } - const folderId = await getFolderIdFromServiceToken( - workspaceId, - environment, - secretPath - ); + const folderId = await getFolderIdFromServiceToken(workspaceId, environment, secretPath); let secrets: ISecret[] = []; let secret: ISecret | null = null; @@ -862,7 +847,7 @@ export const deleteSecretHelper = async ({ secretBlindIndex, workspaceId: new Types.ObjectId(workspaceId), environment, - folder: folderId, + folder: folderId }).lean(); secret = await Secret.findOneAndDelete({ @@ -870,14 +855,14 @@ export const deleteSecretHelper = async ({ workspaceId: new Types.ObjectId(workspaceId), environment, type, - folder: folderId, + folder: folderId }).lean(); await Secret.deleteMany({ secretBlindIndex, workspaceId: new Types.ObjectId(workspaceId), environment, - folder: folderId, + folder: folderId }); } else { secret = await Secret.findOneAndDelete({ @@ -886,7 +871,7 @@ export const deleteSecretHelper = async ({ workspaceId: new Types.ObjectId(workspaceId), environment, type, - ...getAuthDataPayloadUserObj(authData), + ...getAuthDataPayloadUserObj(authData) }).lean(); if (secret) { @@ -897,7 +882,7 @@ export const deleteSecretHelper = async ({ if (!secret) throw SecretNotFoundError(); await EESecretService.markDeletedSecretVersions({ - secretIds: secrets.map((secret) => secret._id), + secretIds: secrets.map((secret) => secret._id) }); // (EE) create (audit) log @@ -905,22 +890,23 @@ export const deleteSecretHelper = async ({ name: ACTION_DELETE_SECRETS, ...getAuthDataPayloadIdObj(authData), workspaceId, - secretIds: secrets.map((secret) => secret._id), + secretIds: secrets.map((secret) => secret._id) }); - action && (await EELogService.createLog({ - ...getAuthDataPayloadIdObj(authData), - workspaceId, - actions: [action], - channel: authData.authChannel, - ipAddress: authData.authIP, - })); + action && + (await EELogService.createLog({ + ...getAuthDataPayloadIdObj(authData), + workspaceId, + actions: [action], + channel: authData.authChannel, + ipAddress: authData.authIP + })); // (EE) take a secret snapshot await EESecretService.takeSecretSnapshot({ workspaceId, environment, - folderId: secret?.folder, + folderId: secret?.folder }); const postHogClient = await TelemetryService.getPostHogClient(); @@ -929,7 +915,7 @@ export const deleteSecretHelper = async ({ postHogClient.capture({ event: "secrets deleted", distinctId: await TelemetryService.getDistinctId({ - authData, + authData }), properties: { numberOfSecrets: secrets.length, @@ -937,13 +923,13 @@ export const deleteSecretHelper = async ({ workspaceId, folderId, channel: authData.authChannel, - userAgent: authData.authUserAgent, - }, + userAgent: authData.authUserAgent + } }); } - return ({ + return { secrets, - secret, - }); + secret + }; }; diff --git a/backend/src/models/serviceTokenData.ts b/backend/src/models/serviceTokenData.ts index 57528a4e94..804184386a 100644 --- a/backend/src/models/serviceTokenData.ts +++ b/backend/src/models/serviceTokenData.ts @@ -4,7 +4,10 @@ export interface IServiceTokenData extends Document { _id: Types.ObjectId; name: string; workspace: Types.ObjectId; - environment: string; + scopes: Array<{ + environment: string; + secretPath: string; + }>; user: Types.ObjectId; serviceAccount: Types.ObjectId; lastUsed: Date; @@ -13,7 +16,6 @@ export interface IServiceTokenData extends Document { encryptedKey: string; iv: string; tag: string; - secretPath: string; permissions: string[]; } @@ -21,68 +23,72 @@ const serviceTokenDataSchema = new Schema( { name: { type: String, - required: true, + required: true }, workspace: { type: Schema.Types.ObjectId, ref: "Workspace", - required: true, + required: true }, - environment: { - type: String, - required: true, + scopes: { + type: [ + { + environment: { + type: String, + required: true + }, + secretPath: { + type: String, + default: "/", + required: true + } + } + ], + required: true }, user: { type: Schema.Types.ObjectId, ref: "User", - required: true, + required: true }, serviceAccount: { type: Schema.Types.ObjectId, - ref: "ServiceAccount", + ref: "ServiceAccount" }, lastUsed: { - type: Date, + type: Date }, expiresAt: { - type: Date, + type: Date }, secretHash: { type: String, required: true, - select: false, + select: false }, encryptedKey: { type: String, - select: false, + select: false }, iv: { type: String, - select: false, + select: false }, tag: { type: String, - select: false, + select: false }, permissions: { type: [String], enum: ["read", "write"], - default: ["read"], - }, - secretPath: { - type: String, - default: "/", - required: true, - }, + default: ["read"] + } }, { - timestamps: true, + timestamps: true } ); -const ServiceTokenData = model( - "ServiceTokenData", - serviceTokenDataSchema -); +const ServiceTokenData = model("ServiceTokenData", serviceTokenDataSchema); export default ServiceTokenData; diff --git a/backend/src/routes/v2/serviceTokenData.ts b/backend/src/routes/v2/serviceTokenData.ts index 33ffad3cf5..84f443debb 100644 --- a/backend/src/routes/v2/serviceTokenData.ts +++ b/backend/src/routes/v2/serviceTokenData.ts @@ -4,7 +4,7 @@ import { requireAuth, requireServiceTokenDataAuth, requireWorkspaceAuth, - validateRequest, + validateRequest } from "../../middleware"; import { body, param } from "express-validator"; import { @@ -13,14 +13,14 @@ import { AUTH_MODE_SERVICE_ACCOUNT, AUTH_MODE_SERVICE_TOKEN, MEMBER, - PERMISSION_WRITE_SECRETS, + PERMISSION_WRITE_SECRETS } from "../../variables"; import { serviceTokenDataController } from "../../controllers/v2"; router.get( "/", requireAuth({ - acceptedAuthModes: [AUTH_MODE_SERVICE_TOKEN], + acceptedAuthModes: [AUTH_MODE_SERVICE_TOKEN] }), serviceTokenDataController.getServiceTokenData ); @@ -28,33 +28,30 @@ router.get( router.post( "/", requireAuth({ - acceptedAuthModes: [AUTH_MODE_JWT, AUTH_MODE_SERVICE_ACCOUNT], + acceptedAuthModes: [AUTH_MODE_JWT, AUTH_MODE_SERVICE_ACCOUNT] }), requireWorkspaceAuth({ acceptedRoles: [ADMIN, MEMBER], locationWorkspaceId: "body", locationEnvironment: "body", - requiredPermissions: [PERMISSION_WRITE_SECRETS], + requiredPermissions: [PERMISSION_WRITE_SECRETS] }), body("name").exists().isString().trim(), body("workspaceId").exists().isString().trim(), - body("environment").exists().isString().trim(), + body("scopes").exists().isArray(), + body("scopes.*.environment").exists().isString().trim(), + body("scopes.*.secretPath").exists().isString().trim(), body("encryptedKey").exists().isString().trim(), body("iv").exists().isString().trim(), - body("secretPath").isString().default("/").trim(), body("tag").exists().isString().trim(), body("expiresIn").exists().isNumeric(), // measured in ms body("permissions") .isArray({ min: 1 }) .custom((value: string[]) => { const allowedPermissions = ["read", "write"]; - const invalidValues = value.filter( - (v) => !allowedPermissions.includes(v) - ); + const invalidValues = value.filter((v) => !allowedPermissions.includes(v)); if (invalidValues.length > 0) { - throw new Error( - `permissions contains invalid values: ${invalidValues.join(", ")}` - ); + throw new Error(`permissions contains invalid values: ${invalidValues.join(", ")}`); } return true; @@ -66,10 +63,10 @@ router.post( router.delete( "/:serviceTokenDataId", requireAuth({ - acceptedAuthModes: [AUTH_MODE_JWT], + acceptedAuthModes: [AUTH_MODE_JWT] }), requireServiceTokenDataAuth({ - acceptedRoles: [ADMIN, MEMBER], + acceptedRoles: [ADMIN, MEMBER] }), param("serviceTokenDataId").exists().trim(), validateRequest, diff --git a/backend/src/utils/setup/backfillData.ts b/backend/src/utils/setup/backfillData.ts index a77d3ee275..98dcad90ef 100644 --- a/backend/src/utils/setup/backfillData.ts +++ b/backend/src/utils/setup/backfillData.ts @@ -13,14 +13,14 @@ import { Secret, SecretBlindIndexData, ServiceTokenData, - Workspace, + Workspace } from "../../models"; import { generateKeyPair } from "../../utils/crypto"; import { client, getEncryptionKey, getRootEncryptionKey } from "../../config"; import { ALGORITHM_AES_256_GCM, ENCODING_SCHEME_BASE64, - ENCODING_SCHEME_UTF8, + ENCODING_SCHEME_UTF8 } from "../../variables"; import { InternalServerError } from "../errors"; @@ -29,10 +29,7 @@ import { InternalServerError } from "../errors"; * corresponding secret versions */ export const backfillSecretVersions = async () => { - await Secret.updateMany( - { version: { $exists: false } }, - { $set: { version: 1 } } - ); + await Secret.updateMany({ version: { $exists: false } }, { $set: { version: 1 } }); const unversionedSecrets: ISecret[] = await Secret.aggregate([ { @@ -40,14 +37,14 @@ export const backfillSecretVersions = async () => { from: "secretversions", localField: "_id", foreignField: "secret", - as: "versions", - }, + as: "versions" + } }, { $match: { - versions: { $size: 0 }, - }, - }, + versions: { $size: 0 } + } + } ]); if (unversionedSecrets.length > 0) { @@ -62,9 +59,9 @@ export const backfillSecretVersions = async () => { workspace: s.workspace, environment: s.environment, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, + keyEncoding: ENCODING_SCHEME_UTF8 }) - ), + ) }); } console.log("Migration: Secret version migration v1 complete"); @@ -80,8 +77,8 @@ export const backfillBots = async () => { const workspaceIdsWithBot = await Bot.distinct("workspace"); const workspaceIdsToAddBot = await Workspace.distinct("_id", { _id: { - $nin: workspaceIdsWithBot, - }, + $nin: workspaceIdsWithBot + } }); if (workspaceIdsToAddBot.length === 0) return; @@ -94,7 +91,7 @@ export const backfillBots = async () => { const { ciphertext: encryptedPrivateKey, iv, - tag, + tag } = client.encryptSymmetric(privateKey, rootEncryptionKey); return new Bot({ @@ -106,16 +103,16 @@ export const backfillBots = async () => { iv, tag, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_BASE64, + keyEncoding: ENCODING_SCHEME_BASE64 }); } else if (encryptionKey) { const { ciphertext: encryptedPrivateKey, iv, - tag, + tag } = encryptSymmetric128BitHexKeyUTF8({ plaintext: privateKey, - key: encryptionKey, + key: encryptionKey }); return new Bot({ @@ -127,13 +124,12 @@ export const backfillBots = async () => { iv, tag, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, + keyEncoding: ENCODING_SCHEME_UTF8 }); } throw InternalServerError({ - message: - "Failed to backfill workspace bots due to missing encryption key", + message: "Failed to backfill workspace bots due to missing encryption key" }); }) ); @@ -149,13 +145,11 @@ export const backfillSecretBlindIndexData = async () => { const encryptionKey = await getEncryptionKey(); const rootEncryptionKey = await getRootEncryptionKey(); - const workspaceIdsBlindIndexed = await SecretBlindIndexData.distinct( - "workspace" - ); + const workspaceIdsBlindIndexed = await SecretBlindIndexData.distinct("workspace"); const workspaceIdsToBlindIndex = await Workspace.distinct("_id", { _id: { - $nin: workspaceIdsBlindIndexed, - }, + $nin: workspaceIdsBlindIndexed + } }); if (workspaceIdsToBlindIndex.length === 0) return; @@ -168,7 +162,7 @@ export const backfillSecretBlindIndexData = async () => { const { ciphertext: encryptedSaltCiphertext, iv: saltIV, - tag: saltTag, + tag: saltTag } = client.encryptSymmetric(salt, rootEncryptionKey); return new SecretBlindIndexData({ @@ -177,16 +171,16 @@ export const backfillSecretBlindIndexData = async () => { saltIV, saltTag, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_BASE64, + keyEncoding: ENCODING_SCHEME_BASE64 }); } else if (encryptionKey) { const { ciphertext: encryptedSaltCiphertext, iv: saltIV, - tag: saltTag, + tag: saltTag } = encryptSymmetric128BitHexKeyUTF8({ plaintext: salt, - key: encryptionKey, + key: encryptionKey }); return new SecretBlindIndexData({ @@ -195,13 +189,12 @@ export const backfillSecretBlindIndexData = async () => { saltIV, saltTag, algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, + keyEncoding: ENCODING_SCHEME_UTF8 }); } throw InternalServerError({ - message: - "Failed to backfill secret blind index data due to missing encryption key", + message: "Failed to backfill secret blind index data due to missing encryption key" }); }) ); @@ -219,17 +212,17 @@ export const backfillEncryptionMetadata = async () => { await Secret.updateMany( { algorithm: { - $exists: false, + $exists: false }, keyEncoding: { - $exists: false, - }, + $exists: false + } }, { $set: { algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, - }, + keyEncoding: ENCODING_SCHEME_UTF8 + } } ); @@ -237,17 +230,17 @@ export const backfillEncryptionMetadata = async () => { await SecretVersion.updateMany( { algorithm: { - $exists: false, + $exists: false }, keyEncoding: { - $exists: false, - }, + $exists: false + } }, { $set: { algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, - }, + keyEncoding: ENCODING_SCHEME_UTF8 + } } ); @@ -255,17 +248,17 @@ export const backfillEncryptionMetadata = async () => { await SecretBlindIndexData.updateMany( { algorithm: { - $exists: false, + $exists: false }, keyEncoding: { - $exists: false, - }, + $exists: false + } }, { $set: { algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, - }, + keyEncoding: ENCODING_SCHEME_UTF8 + } } ); @@ -273,17 +266,17 @@ export const backfillEncryptionMetadata = async () => { await Bot.updateMany( { algorithm: { - $exists: false, + $exists: false }, keyEncoding: { - $exists: false, - }, + $exists: false + } }, { $set: { algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, - }, + keyEncoding: ENCODING_SCHEME_UTF8 + } } ); @@ -291,17 +284,17 @@ export const backfillEncryptionMetadata = async () => { await BackupPrivateKey.updateMany( { algorithm: { - $exists: false, + $exists: false }, keyEncoding: { - $exists: false, - }, + $exists: false + } }, { $set: { algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, - }, + keyEncoding: ENCODING_SCHEME_UTF8 + } } ); @@ -309,17 +302,17 @@ export const backfillEncryptionMetadata = async () => { await IntegrationAuth.updateMany( { algorithm: { - $exists: false, + $exists: false }, keyEncoding: { - $exists: false, - }, + $exists: false + } }, { $set: { algorithm: ALGORITHM_AES_256_GCM, - keyEncoding: ENCODING_SCHEME_UTF8, - }, + keyEncoding: ENCODING_SCHEME_UTF8 + } } ); }; @@ -328,26 +321,26 @@ export const backfillSecretFolders = async () => { await Secret.updateMany( { folder: { - $exists: false, - }, + $exists: false + } }, { $set: { - folder: "root", - }, + folder: "root" + } } ); await SecretVersion.updateMany( { folder: { - $exists: false, - }, + $exists: false + } }, { $set: { - folder: "root", - }, + folder: "root" + } } ); @@ -355,20 +348,20 @@ export const backfillSecretFolders = async () => { await SecretVersion.updateMany( { tags: { - $exists: false, - }, + $exists: false + } }, { $set: { - tags: [], - }, + tags: [] + } } ); let secretSnapshots = await SecretSnapshot.find({ environment: { - $exists: false, - }, + $exists: false + } }) .populate<{ secretVersions: ISecretVersion[] }>("secretVersions") .limit(50); @@ -377,8 +370,7 @@ export const backfillSecretFolders = async () => { for (const secSnapshot of secretSnapshots) { const groupSnapByEnv: Record> = {}; secSnapshot.secretVersions.forEach((secVer) => { - if (!groupSnapByEnv?.[secVer.environment]) - groupSnapByEnv[secVer.environment] = []; + if (!groupSnapByEnv?.[secVer.environment]) groupSnapByEnv[secVer.environment] = []; groupSnapByEnv[secVer.environment].push(secVer); }); @@ -390,7 +382,7 @@ export const backfillSecretFolders = async () => { ...secSnapshot.toObject({ virtuals: false }), _id: new Types.ObjectId(), environment: snapEnv, - secretVersions: secretIdsOfEnvGroup, + secretVersions: secretIdsOfEnvGroup }; }); @@ -400,8 +392,8 @@ export const backfillSecretFolders = async () => { secretSnapshots = await SecretSnapshot.find({ environment: { - $exists: false, - }, + $exists: false + } }) .populate<{ secretVersions: ISecretVersion[] }>("secretVersions") .limit(50); @@ -414,13 +406,13 @@ export const backfillServiceToken = async () => { await ServiceTokenData.updateMany( { secretPath: { - $exists: false, - }, + $exists: false + } }, { $set: { - secretPath: "/", - }, + secretPath: "/" + } } ); console.log("Migration: Service token migration v1 complete"); @@ -430,14 +422,36 @@ export const backfillIntegration = async () => { await Integration.updateMany( { secretPath: { - $exists: false, - }, + $exists: false + } }, { $set: { - secretPath: "/", - }, + secretPath: "/" + } } ); console.log("Migration: Integration migration v1 complete"); }; + +export const backfillServiceTokenMultiScope = async () => { + await ServiceTokenData.updateMany( + { + scopes: { + $exists: false + } + }, + [ + { + $set: { + scopes: [{ environment: "$environment", secretPath: "$secretPath" }] + } + }, + { + $unset: ["environment", "secretPath"] + } + ] + ); + + console.log("Migration: Service token migration v2 complete"); +}; diff --git a/backend/src/utils/setup/index.ts b/backend/src/utils/setup/index.ts index 16d9ee1ae3..00f41fe676 100644 --- a/backend/src/utils/setup/index.ts +++ b/backend/src/utils/setup/index.ts @@ -14,17 +14,15 @@ import { backfillSecretFolders, backfillSecretVersions, backfillServiceToken, + backfillServiceTokenMultiScope } from "./backfillData"; -import { - reencryptBotPrivateKeys, - reencryptSecretBlindIndexDataSalts, -} from "./reencryptData"; +import { reencryptBotPrivateKeys, reencryptSecretBlindIndexDataSalts } from "./reencryptData"; import { getClientIdGoogle, getClientSecretGoogle, getMongoURL, getNodeEnv, - getSentryDSN, + getSentryDSN } from "../../config"; import { initializePassport } from "../auth"; @@ -79,6 +77,7 @@ export const setup = async () => { await backfillSecretFolders(); await backfillServiceToken(); await backfillIntegration(); + await backfillServiceTokenMultiScope(); // re-encrypt any data previously encrypted under server hex 128-bit ENCRYPTION_KEY // to base64 256-bit ROOT_ENCRYPTION_KEY @@ -90,7 +89,7 @@ export const setup = async () => { dsn: await getSentryDSN(), tracesSampleRate: 1.0, debug: (await getNodeEnv()) === "production" ? false : true, - environment: await getNodeEnv(), + environment: await getNodeEnv() }); await createTestUserForDevelopment(); diff --git a/backend/src/validation/serviceTokenData.ts b/backend/src/validation/serviceTokenData.ts index 0ade7f96e2..580bcbdb98 100644 --- a/backend/src/validation/serviceTokenData.ts +++ b/backend/src/validation/serviceTokenData.ts @@ -1,22 +1,19 @@ import { Types } from "mongoose"; import { - ISecret, - IServiceAccount, - IServiceTokenData, - IUser, - ServiceAccount, - ServiceTokenData, - User, + ISecret, + IServiceAccount, + IServiceTokenData, + IUser, + ServiceAccount, + ServiceTokenData, + User } from "../models"; -import { - ServiceTokenDataNotFoundError, - UnauthorizedRequestError, -} from "../utils/errors"; +import { ServiceTokenDataNotFoundError, UnauthorizedRequestError } from "../utils/errors"; import { - AUTH_MODE_API_KEY, - AUTH_MODE_JWT, - AUTH_MODE_SERVICE_ACCOUNT, - AUTH_MODE_SERVICE_TOKEN, + AUTH_MODE_API_KEY, + AUTH_MODE_JWT, + AUTH_MODE_SERVICE_ACCOUNT, + AUTH_MODE_SERVICE_TOKEN } from "../variables"; import { validateUserClientForWorkspace } from "./user"; import { validateServiceAccountClientForWorkspace } from "./serviceAccount"; @@ -30,65 +27,71 @@ import { validateServiceAccountClientForWorkspace } from "./serviceAccount"; * @param {Array<'admin' | 'member'>} obj.acceptedRoles - accepted workspace roles */ export const validateClientForServiceTokenData = async ({ - authData, - serviceTokenDataId, - acceptedRoles, + authData, + serviceTokenDataId, + acceptedRoles }: { - authData: { - authMode: string; - authPayload: IUser | IServiceAccount | IServiceTokenData; - }; - serviceTokenDataId: Types.ObjectId; - acceptedRoles: Array<"admin" | "member">; + authData: { + authMode: string; + authPayload: IUser | IServiceAccount | IServiceTokenData; + }; + serviceTokenDataId: Types.ObjectId; + acceptedRoles: Array<"admin" | "member">; }) => { - const serviceTokenData = await ServiceTokenData - .findById(serviceTokenDataId) - .select("+encryptedKey +iv +tag") - .populate<{ user: IUser }>("user"); + const serviceTokenData = await ServiceTokenData.findById(serviceTokenDataId) + .select("+encryptedKey +iv +tag") + .populate<{ user: IUser }>("user"); - if (!serviceTokenData) throw ServiceTokenDataNotFoundError({ - message: "Failed to find service token data", + if (!serviceTokenData) + throw ServiceTokenDataNotFoundError({ + message: "Failed to find service token data" }); - if (authData.authMode === AUTH_MODE_JWT && authData.authPayload instanceof User) { - await validateUserClientForWorkspace({ - user: authData.authPayload, - workspaceId: serviceTokenData.workspace, - acceptedRoles, - }); - - return serviceTokenData; - } + if (authData.authMode === AUTH_MODE_JWT && authData.authPayload instanceof User) { + await validateUserClientForWorkspace({ + user: authData.authPayload, + workspaceId: serviceTokenData.workspace, + acceptedRoles + }); - if (authData.authMode === AUTH_MODE_SERVICE_ACCOUNT && authData.authPayload instanceof ServiceAccount) { - await validateServiceAccountClientForWorkspace({ - serviceAccount: authData.authPayload, - workspaceId: serviceTokenData.workspace, - }); - - return serviceTokenData; - } + return serviceTokenData; + } - if (authData.authMode === AUTH_MODE_SERVICE_TOKEN && authData.authPayload instanceof ServiceTokenData) { - throw UnauthorizedRequestError({ - message: "Failed service token authorization for service token data", - }); - } + if ( + authData.authMode === AUTH_MODE_SERVICE_ACCOUNT && + authData.authPayload instanceof ServiceAccount + ) { + await validateServiceAccountClientForWorkspace({ + serviceAccount: authData.authPayload, + workspaceId: serviceTokenData.workspace + }); - if (authData.authMode === AUTH_MODE_API_KEY && authData.authPayload instanceof User) { - await validateUserClientForWorkspace({ - user: authData.authPayload, - workspaceId: serviceTokenData.workspace, - acceptedRoles, - }); - - return serviceTokenData; - } - + return serviceTokenData; + } + + if ( + authData.authMode === AUTH_MODE_SERVICE_TOKEN && + authData.authPayload instanceof ServiceTokenData + ) { throw UnauthorizedRequestError({ - message: "Failed client authorization for service token data", + message: "Failed service token authorization for service token data" }); -} + } + + if (authData.authMode === AUTH_MODE_API_KEY && authData.authPayload instanceof User) { + await validateUserClientForWorkspace({ + user: authData.authPayload, + workspaceId: serviceTokenData.workspace, + acceptedRoles + }); + + return serviceTokenData; + } + + throw UnauthorizedRequestError({ + message: "Failed client authorization for service token data" + }); +}; /** * Validate that service token (client) can access workspace @@ -101,42 +104,42 @@ export const validateClientForServiceTokenData = async ({ * @param {String[]} requiredPermissions - required permissions as part of the endpoint */ export const validateServiceTokenDataClientForWorkspace = async ({ - serviceTokenData, - workspaceId, - environment, - requiredPermissions, + serviceTokenData, + workspaceId, + environment, + requiredPermissions }: { - serviceTokenData: IServiceTokenData; - workspaceId: Types.ObjectId; - environment?: string; - requiredPermissions?: string[]; + serviceTokenData: IServiceTokenData; + workspaceId: Types.ObjectId; + environment?: string; + requiredPermissions?: string[]; }) => { - if (!serviceTokenData.workspace.equals(workspaceId)) { - // case: invalid workspaceId passed + if (!serviceTokenData.workspace.equals(workspaceId)) { + // case: invalid workspaceId passed + throw UnauthorizedRequestError({ + message: "Failed service token authorization for the given workspace" + }); + } + + if (environment) { + // case: environment is specified + + if (!serviceTokenData.scopes.find(({ environment: tkEnv }) => tkEnv === environment)) { + // case: invalid environment passed + throw UnauthorizedRequestError({ + message: "Failed service token authorization for the given workspace environment" + }); + } + + requiredPermissions?.forEach((permission) => { + if (!serviceTokenData.permissions.includes(permission)) { throw UnauthorizedRequestError({ - message: "Failed service token authorization for the given workspace", + message: `Failed service token authorization for the given workspace environment action: ${permission}` }); - } - - if (environment) { - // case: environment is specified - - if (serviceTokenData.environment !== environment) { - // case: invalid environment passed - throw UnauthorizedRequestError({ - message: "Failed service token authorization for the given workspace environment", - }); - } - - requiredPermissions?.forEach((permission) => { - if (!serviceTokenData.permissions.includes(permission)) { - throw UnauthorizedRequestError({ - message: `Failed service token authorization for the given workspace environment action: ${permission}`, - }); - } - }); - } -} + } + }); + } +}; /** * Validate that service token (client) can access secrets @@ -147,36 +150,35 @@ export const validateServiceTokenDataClientForWorkspace = async ({ * @param {string[]} requiredPermissions - required permissions as part of the endpoint */ export const validateServiceTokenDataClientForSecrets = async ({ - serviceTokenData, - secrets, - requiredPermissions, + serviceTokenData, + secrets, + requiredPermissions }: { - serviceTokenData: IServiceTokenData; - secrets: ISecret[]; - requiredPermissions?: string[]; + serviceTokenData: IServiceTokenData; + secrets: ISecret[]; + requiredPermissions?: string[]; }) => { + secrets.forEach((secret: ISecret) => { + if (!serviceTokenData.workspace.equals(secret.workspace)) { + // case: invalid workspaceId passed + throw UnauthorizedRequestError({ + message: "Failed service token authorization for the given workspace" + }); + } - secrets.forEach((secret: ISecret) => { - if (!serviceTokenData.workspace.equals(secret.workspace)) { - // case: invalid workspaceId passed - throw UnauthorizedRequestError({ - message: "Failed service token authorization for the given workspace", - }); - } - - if (serviceTokenData.environment !== secret.environment) { - // case: invalid environment passed - throw UnauthorizedRequestError({ - message: "Failed service token authorization for the given workspace environment", - }); - } - - requiredPermissions?.forEach((permission) => { - if (!serviceTokenData.permissions.includes(permission)) { - throw UnauthorizedRequestError({ - message: `Failed service token authorization for the given workspace environment action: ${permission}`, - }); - } + if (!serviceTokenData.scopes.find(({ environment: tkEnv }) => tkEnv === secret.environment)) { + // case: invalid environment passed + throw UnauthorizedRequestError({ + message: "Failed service token authorization for the given workspace environment" + }); + } + + requiredPermissions?.forEach((permission) => { + if (!serviceTokenData.permissions.includes(permission)) { + throw UnauthorizedRequestError({ + message: `Failed service token authorization for the given workspace environment action: ${permission}` }); + } }); -} \ No newline at end of file + }); +}; From 7fe4089bb0c2f22e9722dec5ab5479a9983d49d0 Mon Sep 17 00:00:00 2001 From: akhilmhdh Date: Wed, 5 Jul 2023 22:53:03 +0530 Subject: [PATCH 02/13] feat(secret-ref): implemented ui for service token changes --- frontend/src/hooks/api/serviceTokens/types.ts | 11 +- .../AddServiceTokenModal.tsx | 574 +++++++++--------- .../ServiceTokenSection.tsx | 56 +- .../ServiceTokenSection/ServiceTokenTable.tsx | 141 +++-- 4 files changed, 406 insertions(+), 376 deletions(-) diff --git a/frontend/src/hooks/api/serviceTokens/types.ts b/frontend/src/hooks/api/serviceTokens/types.ts index 0c68aea798..d6dc322ccd 100644 --- a/frontend/src/hooks/api/serviceTokens/types.ts +++ b/frontend/src/hooks/api/serviceTokens/types.ts @@ -1,9 +1,13 @@ +export type ServiceTokenScope = { + environment: string; + secretPath: string; +}; + export type ServiceToken = { _id: string; name: string; workspace: string; - environment: string; - secretPath: string; + scopes: ServiceTokenScope[]; user: string; expiresAt: string; createdAt: string; @@ -14,9 +18,8 @@ export type ServiceToken = { export type CreateServiceTokenDTO = { name: string; workspaceId: string; - environment: string; + scopes: ServiceTokenScope[]; expiresIn: number; - secretPath: string; encryptedKey: string; iv: string; tag: string; diff --git a/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/AddServiceTokenModal.tsx b/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/AddServiceTokenModal.tsx index 338738ea2a..82fbf9edcc 100644 --- a/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/AddServiceTokenModal.tsx +++ b/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/AddServiceTokenModal.tsx @@ -1,9 +1,9 @@ import crypto from "crypto"; import { useEffect, useState } from "react"; -import { Controller, useForm } from "react-hook-form"; +import { Controller, useFieldArray, useForm } from "react-hook-form"; import { useTranslation } from "react-i18next"; -import { faCheck, faCopy } from "@fortawesome/free-solid-svg-icons"; +import { faCheck, faCopy, faPlus, faTrashCan } from "@fortawesome/free-solid-svg-icons"; import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; import { yupResolver } from "@hookform/resolvers/yup"; import * as yup from "yup"; @@ -27,10 +27,7 @@ import { } from "@app/components/v2"; import { useWorkspace } from "@app/context"; import { useToggle } from "@app/hooks"; -import { - useCreateServiceToken, - useGetUserWsKey -} from "@app/hooks/api"; +import { useCreateServiceToken, useGetUserWsKey } from "@app/hooks/api"; import { UsePopUpState } from "@app/hooks/usePopUp"; const apiTokenExpiry = [ @@ -44,8 +41,16 @@ const apiTokenExpiry = [ const schema = yup.object({ name: yup.string().max(100).required().label("Service Token Name"), - environment: yup.string().max(50).required().label("Environment"), - secretPath: yup.string().required().default("/").label("Secret Path"), + scopes: yup + .array( + yup.object({ + environment: yup.string().max(50).required().label("Environment"), + secretPath: yup.string().required().default("/").label("Secret Path") + }) + ) + .min(1) + .required() + .label("Scope"), expiresIn: yup.string().optional().label("Service Token Expiration"), permissions: yup .object() @@ -60,284 +65,301 @@ const schema = yup.object({ export type FormData = yup.InferType; type Props = { - popUp: UsePopUpState<["createAPIToken"]>; - handlePopUpToggle: (popUpName: keyof UsePopUpState<["createAPIToken"]>, state?: boolean) => void; + popUp: UsePopUpState<["createAPIToken"]>; + handlePopUpToggle: (popUpName: keyof UsePopUpState<["createAPIToken"]>, state?: boolean) => void; }; -export const AddServiceTokenModal = ({ - popUp, - handlePopUpToggle -}: Props) => { - const { t } = useTranslation(); - const { createNotification } = useNotificationContext(); - const { currentWorkspace } = useWorkspace(); - const { - control, - reset, - handleSubmit, - formState: { isSubmitting } - } = useForm({ - resolver: yupResolver(schema) - }); +export const AddServiceTokenModal = ({ popUp, handlePopUpToggle }: Props) => { + const { t } = useTranslation(); + const { createNotification } = useNotificationContext(); + const { currentWorkspace } = useWorkspace(); + const { + control, + reset, + handleSubmit, + formState: { isSubmitting } + } = useForm({ + resolver: yupResolver(schema), + defaultValues: { + scopes: [{ secretPath: "/", environment: currentWorkspace?.environments?.[0]?.slug }] + } + }); - const [newToken, setToken] = useState(""); - const [isTokenCopied, setIsTokenCopied] = useToggle(false); + const { fields: tokenScopes, append, remove } = useFieldArray({ control, name: "scopes" }); - const { data: latestFileKey } = useGetUserWsKey(currentWorkspace?._id ?? ""); - const createServiceToken = useCreateServiceToken(); - const hasServiceToken = Boolean(newToken); + const [newToken, setToken] = useState(""); + const [isTokenCopied, setIsTokenCopied] = useToggle(false); - useEffect(() => { - let timer: NodeJS.Timeout; - if (isTokenCopied) { - timer = setTimeout(() => setIsTokenCopied.off(), 2000); - } + const { data: latestFileKey } = useGetUserWsKey(currentWorkspace?._id ?? ""); + const createServiceToken = useCreateServiceToken(); + const hasServiceToken = Boolean(newToken); - return () => clearTimeout(timer); - }, [isTokenCopied]); + useEffect(() => { + let timer: NodeJS.Timeout; + if (isTokenCopied) { + timer = setTimeout(() => setIsTokenCopied.off(), 2000); + } - const copyTokenToClipboard = () => { - navigator.clipboard.writeText(newToken); - setIsTokenCopied.on(); - }; + return () => clearTimeout(timer); + }, [isTokenCopied]); - const onFormSubmit = async ({ + const copyTokenToClipboard = () => { + navigator.clipboard.writeText(newToken); + setIsTokenCopied.on(); + }; + + const onFormSubmit = async ({ name, scopes, expiresIn, permissions }: FormData) => { + try { + if (!currentWorkspace?._id) return; + if (!latestFileKey) return; + + const key = decryptAssymmetric({ + ciphertext: latestFileKey.encryptedKey, + nonce: latestFileKey.nonce, + publicKey: latestFileKey.sender.publicKey, + privateKey: localStorage.getItem("PRIVATE_KEY") as string + }); + + const randomBytes = crypto.randomBytes(16).toString("hex"); + + const { ciphertext, iv, tag } = encryptSymmetric({ + plaintext: key, + key: randomBytes + }); + + const { serviceToken } = await createServiceToken.mutateAsync({ + encryptedKey: ciphertext, + iv, + tag, + scopes, + expiresIn: Number(expiresIn), name, - environment, - secretPath, - expiresIn, - permissions - }: FormData) => { - try { - if (!currentWorkspace?._id) return; - if (!latestFileKey) return; + workspaceId: currentWorkspace._id, + randomBytes, + permissions: Object.entries(permissions) + .filter(([, permissionsValue]) => permissionsValue) + .map(([permissionsKey]) => permissionsKey) + }); - const key = decryptAssymmetric({ - ciphertext: latestFileKey.encryptedKey, - nonce: latestFileKey.nonce, - publicKey: latestFileKey.sender.publicKey, - privateKey: localStorage.getItem("PRIVATE_KEY") as string - }); + setToken(serviceToken); + createNotification({ + text: "Successfully created a service token", + type: "success" + }); + } catch (err) { + console.error(err); + createNotification({ + text: "Failed to create a service token", + type: "error" + }); + } + }; - const randomBytes = crypto.randomBytes(16).toString("hex"); - - const { ciphertext, iv, tag } = encryptSymmetric({ - plaintext: key, - key: randomBytes - }); - - const { serviceToken } = await createServiceToken.mutateAsync({ - encryptedKey: ciphertext, - iv, - tag, - environment, - secretPath, - expiresIn: Number(expiresIn), - name, - workspaceId: currentWorkspace._id, - randomBytes, - permissions: Object.entries(permissions) - .filter(([, permissionsValue]) => permissionsValue) - .map(([permissionsKey]) => permissionsKey) - }); - - setToken(serviceToken); - - createNotification({ - text: "Successfully created a service token", - type: "success" - }); - - } catch (err) { - console.error(err); - createNotification({ - text: "Failed to create a service token", - type: "error" - }); + return ( + { + handlePopUpToggle("createAPIToken", open); + reset(); + setToken(""); + }} + > + { - handlePopUpToggle("createAPIToken", open); - reset(); - setToken(""); - }} - > - - {!hasServiceToken ? ( -
- ( - - - - )} - /> - ( - - - - )} - /> - ( - - - - )} - /> - ( - - - - )} - /> - { - const options = [ - { - label: "Read (default)", - value: "read" - }, - { - label: "Write (optional)", - value: "write" - } - ]; - - return ( - - <> - {options.map(({ label, value: optionValue }) => { - return ( - { - onChange({ - ...value, - [optionValue]: state - }); - }} - > - {label} - - ); - })} - - - ); - }} - /> -
- - - - -
- - ) : ( -
-

{newToken}

- - - - {t("common.click-to-copy")} - - -
+ subTitle={t("section.token.add-dialog.description") as string} + > + {!hasServiceToken ? ( +
+ ( + + + )} - - - ); -} \ No newline at end of file + /> + {tokenScopes.map(({ id }, index) => ( +
+ ( + + + + )} + /> + ( + + + + )} + /> + remove(index)} + > + + +
+ ))} +
+ +
+ ( + + + + )} + /> + { + const options = [ + { + label: "Read (default)", + value: "read" + }, + { + label: "Write (optional)", + value: "write" + } + ]; + + return ( + + <> + {options.map(({ label, value: optionValue }) => { + return ( + { + onChange({ + ...value, + [optionValue]: state + }); + }} + > + {label} + + ); + })} + + + ); + }} + /> +
+ + + + +
+ + ) : ( +
+

{newToken}

+ + + + {t("common.click-to-copy")} + + +
+ )} +
+ + ); +}; diff --git a/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/ServiceTokenSection.tsx b/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/ServiceTokenSection.tsx index fd31870f11..376328673f 100644 --- a/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/ServiceTokenSection.tsx +++ b/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/ServiceTokenSection.tsx @@ -3,14 +3,9 @@ import { faPlus } from "@fortawesome/free-solid-svg-icons"; import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; import { useNotificationContext } from "@app/components/context/Notifications/NotificationProvider"; -import { - Button, - DeleteActionModal, -} from "@app/components/v2"; +import { Button, DeleteActionModal } from "@app/components/v2"; import { usePopUp } from "@app/hooks"; -import { - useDeleteServiceToken -} from "@app/hooks/api"; +import { useDeleteServiceToken } from "@app/hooks/api"; import { AddServiceTokenModal } from "./AddServiceTokenModal"; import { ServiceTokenTable } from "./ServiceTokenTable"; @@ -29,7 +24,9 @@ export const ServiceTokenSection = () => { const onDeleteApproved = async () => { try { - deleteServiceToken.mutateAsync((popUp?.deleteAPITokenConfirmation?.data as DeleteModalData)?.id); + deleteServiceToken.mutateAsync( + (popUp?.deleteAPITokenConfirmation?.data as DeleteModalData)?.id + ); createNotification({ text: "Successfully deleted service token", type: "success" @@ -46,32 +43,29 @@ export const ServiceTokenSection = () => { }; return ( -
-
-

{t("section.token.service-tokens")}

- +
+
+

+ {t("section.token.service-tokens")} +

+
-

{t("section.token.service-tokens-description")}

- - +

{t("section.token.service-tokens-description")}

+ + handlePopUpToggle("deleteAPITokenConfirmation", isOpen)} deleteKey={(popUp?.deleteAPITokenConfirmation?.data as DeleteModalData)?.name} onClose={() => handlePopUpClose("deleteAPITokenConfirmation")} diff --git a/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/ServiceTokenTable.tsx b/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/ServiceTokenTable.tsx index 69dab23dff..ce39abde2a 100644 --- a/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/ServiceTokenTable.tsx +++ b/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/ServiceTokenTable.tsx @@ -1,4 +1,4 @@ -import { faKey, faTrashCan } from "@fortawesome/free-solid-svg-icons"; +import { faFolder, faKey, faTrashCan } from "@fortawesome/free-solid-svg-icons"; import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; import { @@ -18,71 +18,82 @@ import { useGetUserWsServiceTokens } from "@app/hooks/api"; import { UsePopUpState } from "@app/hooks/usePopUp"; type Props = { - handlePopUpOpen: ( - popUpName: keyof UsePopUpState<["deleteAPITokenConfirmation"]>, - { - name, - id - }: { - name: string; - id: string; - } - ) => void; + handlePopUpOpen: ( + popUpName: keyof UsePopUpState<["deleteAPITokenConfirmation"]>, + { + name, + id + }: { + name: string; + id: string; + } + ) => void; }; -export const ServiceTokenTable = ({ - handlePopUpOpen -}: Props) => { - const { currentWorkspace } = useWorkspace(); - const { data, isLoading } = useGetUserWsServiceTokens({ - workspaceID: currentWorkspace?._id || "" - }); +export const ServiceTokenTable = ({ handlePopUpOpen }: Props) => { + const { currentWorkspace } = useWorkspace(); + const { data, isLoading } = useGetUserWsServiceTokens({ + workspaceID: currentWorkspace?._id || "" + }); - return ( - - - - - - - - - - - - {isLoading && } - {!isLoading && data && data.map((row) => ( - - - - - - - + return ( + +
Token NameEnvironmentSecret PathValid Until -
{row.name}{row.environment}{row.secretPath}{row.expiresAt && new Date(row.expiresAt).toUTCString()} - - handlePopUpOpen("deleteAPITokenConfirmation", { - name: row.name, - id: row._id - }) - } - colorSchema="danger" - ariaLabel="delete" - > - - -
+ + + + + + + + + {isLoading && } + {!isLoading && + data && + data.map((row) => ( + + + - - - )} - -
Token NameEnvrionment - Secret PathValid Until +
{row.name} +
+ {row?.scopes.map(({ secretPath, environment }) => ( +
+
{environment}
+ + {secretPath} +
))} - {!isLoading && data && data?.length === 0 && ( -
- -
- - ); -} \ No newline at end of file +
+ + {row.expiresAt && new Date(row.expiresAt).toUTCString()} + + + handlePopUpOpen("deleteAPITokenConfirmation", { + name: row.name, + id: row._id + }) + } + colorSchema="danger" + ariaLabel="delete" + > + + + + + ))} + {!isLoading && data && data?.length === 0 && ( + + + + + + )} + + + + ); +}; From 7ec7d05fb042fc6575861796d39d9db437b9a2ae Mon Sep 17 00:00:00 2001 From: akhilmhdh Date: Wed, 5 Jul 2023 22:58:36 +0530 Subject: [PATCH 03/13] feat(secret-ref): implemented cli changes for secret reference --- cli/packages/cmd/export.go | 2 +- cli/packages/cmd/run.go | 2 +- cli/packages/cmd/secrets.go | 2 +- cli/packages/util/log.go | 2 +- cli/packages/util/secrets.go | 105 ++++++++++++++++++++++++++++++----- 5 files changed, 96 insertions(+), 17 deletions(-) diff --git a/cli/packages/cmd/export.go b/cli/packages/cmd/export.go index 453d1b75c7..c41750134a 100644 --- a/cli/packages/cmd/export.go +++ b/cli/packages/cmd/export.go @@ -83,7 +83,7 @@ var exportCmd = &cobra.Command{ var output string if shouldExpandSecrets { - substitutions := util.SubstituteSecrets(secrets) + substitutions := util.ExpandSecrets(secrets, infisicalToken) output, err = formatEnvs(substitutions, format) if err != nil { util.HandleError(err) diff --git a/cli/packages/cmd/run.go b/cli/packages/cmd/run.go index 8b82faa65c..2303cbe2e1 100644 --- a/cli/packages/cmd/run.go +++ b/cli/packages/cmd/run.go @@ -100,7 +100,7 @@ var runCmd = &cobra.Command{ } if shouldExpandSecrets { - secrets = util.SubstituteSecrets(secrets) + secrets = util.ExpandSecrets(secrets, infisicalToken) } secretsByKey := getSecretsByKeys(secrets) diff --git a/cli/packages/cmd/secrets.go b/cli/packages/cmd/secrets.go index 0d6181a565..688dd55bf1 100644 --- a/cli/packages/cmd/secrets.go +++ b/cli/packages/cmd/secrets.go @@ -65,7 +65,7 @@ var secretsCmd = &cobra.Command{ } if shouldExpandSecrets { - secrets = util.SubstituteSecrets(secrets) + secrets = util.ExpandSecrets(secrets, infisicalToken) } visualize.PrintAllSecretDetails(secrets) diff --git a/cli/packages/util/log.go b/cli/packages/util/log.go index d2bcbe6b03..a9bf75ec12 100644 --- a/cli/packages/util/log.go +++ b/cli/packages/util/log.go @@ -45,5 +45,5 @@ func PrintErrorMessageAndExit(messages ...string) { } func printError(e error) { - color.New(color.FgRed).Fprintf(os.Stderr, "Hmm, we ran into an error: %v", e) + color.New(color.FgRed).Fprintf(os.Stderr, "Hmm, we ran into an error: %v\n", e) } diff --git a/cli/packages/util/secrets.go b/cli/packages/util/secrets.go index 3f742372f9..8a7117a9ae 100644 --- a/cli/packages/util/secrets.go +++ b/cli/packages/util/secrets.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "os" + "path" "regexp" "strings" @@ -279,22 +280,100 @@ func getExpandedEnvVariable(secrets []models.SingleEnvironmentVariable, variable return "${" + variableWeAreLookingFor + "}" } -func SubstituteSecrets(secrets []models.SingleEnvironmentVariable) []models.SingleEnvironmentVariable { - hashMapOfCompleteVariables := make(map[string]string) - hashMapOfSelfRefs := make(map[string]string) - expandedSecrets := []models.SingleEnvironmentVariable{} - - for _, secret := range secrets { - expandedVariable := getExpandedEnvVariable(secrets, secret.Key, hashMapOfCompleteVariables, hashMapOfSelfRefs) - expandedSecrets = append(expandedSecrets, models.SingleEnvironmentVariable{ - Key: secret.Key, - Value: expandedVariable, - Type: secret.Type, - }) +var secRefRegex = regexp.MustCompile(`\${([^\}]*)}`) +func recursivelyExpandSecret(expandedSecs map[string]string, interpolatedSecs map[string]string, crossSecRefFetch func(env string, path []string, key string) string, key string) string { + if v, ok := expandedSecs[key]; ok { + return v } - return expandedSecrets + interpolatedVal := interpolatedSecs[key] + refs := secRefRegex.FindAllStringSubmatch(interpolatedVal, -1) + for _, val := range refs { + // key: "${something}" val: [${something},something] + interpolatedExp, interpolationKey := val[0], val[1] + ref := strings.Split(interpolationKey, ".") + + // ${KEY1} => [key1] + if len(ref) == 1 { + val := recursivelyExpandSecret(expandedSecs, interpolatedSecs, crossSecRefFetch, interpolationKey) + interpolatedVal = strings.ReplaceAll(interpolatedVal, interpolatedExp, val) + continue + } + + // cross board reference ${env.folder.key1} => [env folder key1] + if len(ref) > 1 { + secEnv, tmpSecPath, secKey := ref[0], ref[1:len(ref)-1], ref[len(ref)-1] + interpolatedSecs[interpolationKey] = crossSecRefFetch(secEnv, tmpSecPath, secKey) // get the reference value + val := recursivelyExpandSecret(expandedSecs, interpolatedSecs, crossSecRefFetch, interpolationKey) + interpolatedVal = strings.ReplaceAll(interpolatedVal, interpolatedExp, val) + } + + } + expandedSecs[key] = interpolatedVal + return interpolatedVal +} + +func getSecretsByKeys(secrets []models.SingleEnvironmentVariable) map[string]models.SingleEnvironmentVariable { + secretMapByName := make(map[string]models.SingleEnvironmentVariable, len(secrets)) + + for _, secret := range secrets { + secretMapByName[secret.Key] = secret + } + + return secretMapByName +} + +func ExpandSecrets(secrets []models.SingleEnvironmentVariable, infisicalToken string) []models.SingleEnvironmentVariable { + expandedSecs := make(map[string]string) + interpolatedSecs := make(map[string]string) + // map[env.secret-path][keyname]Secret + crossEnvRefSecs := make(map[string]map[string]models.SingleEnvironmentVariable) // a cache to hold all cross board reference secrets + + for _, sec := range secrets { + // get all references in a secret + refs := secRefRegex.FindAllStringSubmatch(sec.Value, -1) + // nil means its a secret without reference + if refs == nil { + expandedSecs[sec.Key] = sec.Value // atomic secrets without any interpolation + } else { + interpolatedSecs[sec.Key] = sec.Value + } + } + + for i, sec := range secrets { + // already present pick that up + if expandedVal, ok := expandedSecs[sec.Key]; ok { + secrets[i].Value = expandedVal + continue + } + + expandedVal := recursivelyExpandSecret(expandedSecs, interpolatedSecs, func(env string, secPaths []string, secKey string) string { + secPath := path.Join(secPaths...) + if secPath == "" { + secPath = "/" + } + secPathDot := strings.Join(secPaths, ".") + uniqKey := fmt.Sprintf("%s.%s", env, secPathDot) + + if crossRefSec, ok := crossEnvRefSecs[uniqKey]; !ok { + // if not in cross reference cache, fetch it from server + refSecs, err := GetAllEnvironmentVariables(models.GetAllSecretsParameters{Environment: env, InfisicalToken: infisicalToken, SecretsPath: secPath}) + if err != nil { + HandleError(err, fmt.Sprintf("Could not fetch secrets in environment: %s secret-path: %s", env, secPath), "If you are using a service token to fetch secrets, please ensure it is valid") + } + refSecsByKey := getSecretsByKeys(refSecs) + // save it to avoid calling api again for same environment and folder path + crossEnvRefSecs[uniqKey] = refSecsByKey + return refSecsByKey[secKey].Value + } else { + return crossRefSec[secKey].Value + } + }, sec.Key) + + secrets[i].Value = expandedVal + } + return secrets } func OverrideSecrets(secrets []models.SingleEnvironmentVariable, secretType string) []models.SingleEnvironmentVariable { From 13eaa4e9a1a01976fb05fec82ca159b0a3e07560 Mon Sep 17 00:00:00 2001 From: akhilmhdh Date: Wed, 5 Jul 2023 22:59:10 +0530 Subject: [PATCH 04/13] feat(secret-ref): updated doc --- docs/documentation/platform/folder.mdx | 2 ++ .../platform/secret-reference.mdx | 26 ++++++++++++++++++ docs/images/project-folder-token.png | Bin 316225 -> 71817 bytes docs/mint.json | 1 + 4 files changed, 29 insertions(+) create mode 100644 docs/documentation/platform/secret-reference.mdx diff --git a/docs/documentation/platform/folder.mdx b/docs/documentation/platform/folder.mdx index 716cb4e46a..e285967cdf 100644 --- a/docs/documentation/platform/folder.mdx +++ b/docs/documentation/platform/folder.mdx @@ -37,6 +37,8 @@ For more information on integrations, [refer infisical integration](/integration You can scope the secrets that can be read and written using an Infisical token by providing the secret path option when creating the token. +You can provide the folder path as glob if you want to have access to multiple folders and the tokens do support multi-environment. + ![folder scoped service token](../../images/project-folder-token.png) For more information, [refer infisical token section.](./token) diff --git a/docs/documentation/platform/secret-reference.mdx b/docs/documentation/platform/secret-reference.mdx new file mode 100644 index 0000000000..663f4ca78f --- /dev/null +++ b/docs/documentation/platform/secret-reference.mdx @@ -0,0 +1,26 @@ +--- +title: "Reference Secrets" +description: "How to use reference secrets in Infisical" +--- + +You can use the interpolation syntax to reference a secret in the same environment, another folder, or another environment +The interpolation syntax is a way of referencing a secret by using a special placeholder. The placeholder is the name of the secret, followed by the environment or folder name, separated by a colon. + +For example, to reference a secret named mysecret in the same environment, you would use the placeholder ${mysecret}. + +While for another environment like `test` would be ${test.mysecret} + +Some more examples of referencing are + +| Syntax | Environment | Folder | Secret Key | +| --------------------- | ----------- | ------------ | ---------- | +| ${KEY1} | same env | ssame folder | KEY1 | +| ${dev.KEY2} | dev | / | KEY2 | +| ${test.frontend.KEY2} | test | /frontend | KEY2 | + +# Permission system for reference + +When you use the infisical CLI to log in, the permission system will work the same way as your user permissions. +This means that if you have permission to access other environments, your references to those environments will be resolved. + +When using the Infisical CLI with a service token, the service token must have permissions to the referenced environment and folder path. diff --git a/docs/images/project-folder-token.png b/docs/images/project-folder-token.png index 4fda56d275b24e30b2de719aa8dae9f11ca886b9..2402acdf21853625dcbaa8e431f9ce21153ebc6d 100644 GIT binary patch literal 71817 zcmd?QWmp}});5R*cilj6cMa|iK?6a91$TFMcY?dS1c!~gdvFL6+})X-^Pcyd9Q(XHKPGV++ab=fci(OGrTkq8o^S z)%w#{b!jT1fjfzdqrO{!2ra?HLLk)x$I?bcQ(EZvFDU_{a0RY;?X|nC^P8}CuAWU~ zdhCs5T*3H8np{2%*RX@p09Ax*n(#lc(x!#ugLCS-{Vuso- zun$gNUYSK_{+eWC$?ZM`%aI2ADJ@$>Ob8ZFx>a0MyA{Vrj@Prx$B`Uj3(+${LsPy8 zt43<++jowZHK7pk@-gea^H(I+o+0aYKi|q|h|lB{T!ew z_;fHdx}}KAmvkUfR@hRA1vY!;c#G$`pYG-p3*o(<>;w)biPcAwarch!T@GPO@eJ9O zz#2Q)P!qUm$0$17jIr1LLH5A{)4LsCbVZouF0d40rzHr__SK~(u^OcM?U( z6*k3mNAU_$Vuni!nAhW9L@erdTtq<*O76WlH|N5b@N4Ssx8?SPs0z^fsdet<3g(Rz zlMf~XQRq7(mYQQq?V>_Vi-#40p2LxIsVH7zuYy#DHXq#@fhW{1>?Le4jmeH>SxCCF?TNjm`8_SM%TWw}Uklw~Y}Rrcc!X$fzM z!5#4I`C1FF?o~nX0|q}xuCJ;eTkp=mqIP`I`WV&ueMm3OW~7~bv(S5tO{#Bx&l}QkY$<6e+b5TTbt#O3n}W5%)EWGOkA;&T?_^>|6%FYPA&fp5!W%}9uEx62 zL?p~7+$0)}?hX+qStStU}WBxGK+uHjf}0-d(@Tc&CLkN58MZoLiE&UpAyPrd;tE zSbhIFtZb(=v7lbLROcX!RdY$oEzG|468u;Bh>gmQ%KOjiv~IM;p9xEQ$|TCV%Pc;l zlslJ1mzS2im0!%?mNt~OE2$~Ed{$7|sPvZhQVGc0tmvL!thCeE#`>HkQ%tEGQL0vA zkXDu^kVZN#nwFWCp!uk&ueqezps7$Fw#cV^bG$m6rpRX8aV&4#Ijtf6 zg}I4EfkW`?>!Qeyo(0mCyy>m>!Z?c2?{k+~SW6?L=J}rk=6Nj)ETV6~j|A|;<$TAn z(^b>Y8l4*`heyLcUNQUVeaE7-Fo@5#n{S#N2N<0%D~{HNwETx zXjJ!C6_x?d6VHVwoeQ#up!;w4{8yZpIQN{;UEm$yZ4i$*M~u4+RVYw?kzLw;3jWst zsxaE>{@UpE1&+fJdJ#XJx=%KGF5Nf0Gcg#5)WEJ*~S|uLf58Rl{^e41~%o^(`oBMHKa9~>c;C3>IAK$7gtmA zlj>+p_NmUY%N!^i-nF!Ay>EK|jQhfNw>MF#s&!}e5;r)}mTHrwoA_4g``PviCqg&e zCv_RSsnVhCX1Lwy8lyWOJ{oB z@9W!Euoush^YN2vyrO;QTxETuY=fo6QlIzjYZhb`j5%@{!I9%WA;cWZ{7S)3IZwITJL2J_+pKf8(!|uneBv;Rfmf0{Sq)~svJ}5up@hgZ)O=sy z%%h`Wy7prA-7Laj8hg47(}?b>cbF^9-pt&uvC-}E=Uq;Q3kK0jIxV6m@y4~b?>jPk zpF7JJs@=3LEQ*_SJ5C+j4}yE6t~kv&k8GCK%Z_RexLj6tZ(HP7CR%x&UGQ3u+wj_O zoOBQE4$NAP?CzHN2impna5m1oQEzjqT{O;wh}zD6_3nh65f<{Nc>+s`X0z|a9;K(1 z=Zk-J;=k(f>hapzO&Qc|YYf#5idN(1XMSIo1F7gnvzg{bk6c2|1CuOqf zI;T47eWLDpSW{n-?kexwHtz@!u?{4$#{Lf5cdD7M|ZF31P1c|JOW;ZP>ni=bAB#St04UG}p`f$V9@ z(7e9JA(sKRnX=6D#Fj`O= z77PL$9Sjnb0tfwqg_was{VNRyMhSX?j=J%|U@)L3I_Or+f%xBCNa`HO|D+*)7Zg?& zm6irQl@08TjI13@Z5$(xZuG#wAo$Hx)E(93WO)p1tQhqTZN3^Yx?0)(t^&sA$^%MT z89C|`yINUVJMg&jlm4p&4=DZnH4`cEzlu0o@RO>`DH4m?*c%aZFfubTlM28S6BF~< z8yfR`5|j9Mb}aKRX!Ni`rO$Dmn`M*DU|8{AcDrEB>oX_5XIs#mx0*mw)8^QSf3ABlHLrYsY2V1$1vYgg$j4L2&%7-aTh+1Eb!N7E*sP~70ePIRnz+JXLw*0c zcEJ2JxfNkP3qy$s{dMty<5HW$k`hDwd2x#hLCZ|6!haU~tE`w1bolb$?S=|XpvL;e zvo(oep@E~J{&B_n<#GJoDrqbmlwr=!Sf!%)KZG#MDM9+Dz=$BhxE<(J(Ee%_^|!c? zf659<|9?*09Qno%rP}3<<=TS+4P!;aqocR%g&2P*@3$iTD&P!_a(4FiJbDdhi^i=D zHYJ*ju97Mc6h;1_611Ttp)hEf7x$Z0>^eyf%f(o$EE%f5EDF++5vk%a0F#djKozw6 zA?_dQ4iyr|7&6VdXQAR)7aNck-+=hV^mhZOu!bCpmO^|6^5p+eKdGVy6e~XUF8>nH zNZDv!^w&Sz_8m3NVg6QQeDn$7ACsg+79tfXaik(>1pObQ2PY$j6d(V4u8I+xzzzuw zr)uSf|D%f`Atn4jCm$$1gbTr{XuqpkLi!JJSrzA?|1tmUgMASbGg`39LjU?`LVXc2 z8~!1eUj_*=B!!7}5H0E7`T>b+_5Vt76{$?jFA3BNH0q42EEX88XN%;lM-oe|UmkBZ z?4lYKE~4;0I6gewcp8r;F{}ur(&GFzy-J87z8U8@o~{lzm`?Y6FrOQmFIStiTCC}= z)M;O4(Cz3M&)}}}XJmS^^te6VOk+3OQdq3f&rj!bv%jTEW;06Xu=)~$d{Q@JG>UBk zJ%`z3Jf2oDgYuqh>VxT2SMkeX`SgH?o9Z4-++WJ~#DSvi7h2K}@vHh=u1d3zoSkjM z|MakKYPR$}=;`su=8L|*zD(N4>LPH7{f%_#yOD!>Wuj36WfXsiB|GubSf#i^{iz zUkA3>Bb8Vl7O?*{jcWK|RhnT6jYcc8Fb0Go33wR~XmFWxI>~@=W^1kA(%H>sI2QU| zA8(G@Y&x~gvTd5U*XzxclarJ8IILIqk%%HQ2cq!XKqI4=-9p=ZE@9@#m(OhVUI@pc zqu;U2*J`$n+n{`=XGFs1aNIdr#nz3PFJ}u;k859c{-5!b!id9-5gieJ{-C>-iuu{oyvV(VMw^K=H`1O}-J?L7qZpt3SWF zIcf+j>l{5;C=H;iUHEqayDf6HChH!lP>*-ct9FtI9_FV}F}4EX+~LoWxM3`Ga_Jm) z0WfFBC=Q5Z6x3?~0=NKDyIZPk&$K+mGvL*PaSl0SwtG%&ll9s%m2s>mGhn&FV$c10 z|Fm~ngkSyB56+Fq4@REi_AV=pR$nHw_?x67YT1p)7HED^DbQ+$;So$bAtvrSbD=;6 zv+x54!?fZ>qn&zKompc76QzaD~$hhe26zI+ygvG!lxUP~0TZIr>rgv4??r z|Mc669w5h+%{Cnc-ZM7Sd3hQiQR!E@L57;5;!lunG2h_!#KxJmzv3Wh+N-K4Uk|NR_hQ$Ty$=;l-a9U~d@dQAhB+|3(DE%<9hwNj2U9KjFZW+f0uU^86) zqSpa_Lka%;bh|PEFX6?alOm0jYi%$PS^HRJ*Y18Ji-!qd2waK6=M>-ubUL3bCl#qt za~Oq%z%owb_E1N->!DhGu*`7#O4&LoNECNn6^kbE?eDV-@o$S!x858ru*D3i=7SXy z1!bbl9_3BN5b_VuyBAsiPJf42uv07K=x1b``%T&hjIX# zlSfU`MC6*uK?pd(YcwB$EF{l}y&<)1BpDIHuYvR=ptbZCWMfj)btCo^tnXyu6}Q@ zds25zm@ytuuUo5Okg$!4pEl6Dn;GDiF~~8nULc+Da*rL2#z^(|ehONX{6t6sZS*nq z=xY!+Kff1M^u)zr^}M$g4CSfi+>|q0;n3HsVR9!79=rUdrOOxEL-0XfYBB{bQ9m+d zDqq1yPy)G!TVD^jf%bs$A@N7`Ml8F$R1f#`6~F^M(4M)#U+gH7MOjBb)(sU%r3Cu; zm1cy(@ZOWi!M1!&XCduw6DMGy^uIpan5=_a>F)ZuoVSh|UHzqnmLd^3pJugAv*9v6 zU_StS(9-H1cF`cQ+l>9Be;nq>?596YnmN1ZC76)!fB*#j*bmSU0h281{xhpN!d~fK z<#D(eVYO(RNn%*fH8Dos-d}CK7IECqd!5y{;D{{|Np?c*{h5zG7hN6Bukh@*6%f9b z*ek539)2m7KT&i{O;!@Pm|{03ML%&L?#C0GN(1Y zqr>jlg&|yA8i!Td8GnpBJ|3s_){jc9qhdHpl5OcE#xuw?a_wbv>!mL3qc6>Zhw$~Z9)+w2YXEM)~r;&nT@b8%eIjm^ko<5%QK{3g^JeCHF z*Jl;b$)BUL@ZxTppX;FxVDnLoEjF0Vs)~}$Wj_ND5*g>po4>YJ(&i(ChVi_)t8gglwVJGl-z)CqpB=&)@QL_;uuy%vOJ+X8 z@*gC@lL@L7&5Ary@9-2?g@zyD{57K$(?scN$qdMI3*iYg0@(C$+!$6MLY~DjYV)Mq zX9G$m+1sXZhZL_OH*oB#5lM>jhl}4ibNI6mye;!XxiLTzn$fC_6 zjf=rqFe}fSy4AXhxj1n9X|VDDXT>#wSyXk1Y}S4{uYYAMr~gSL90M^$Z!tC+w*tM+ z@WL@sqD0M6 z({v=KVxLzDfIz-oz^?L5^}oX^WAeL(L~7i=x%?y!golM^k$~a9111Mr1#YvMOk5th ze&|_*bw2lwgTPnGG|!-yF86&xoOupI$)b|B+temODB?ukRsbXjXO>C=vi+2>dVb`Y zT{Pz;vQ^qL%PaO2%V%PLXS_leaM&f+@s*-kj&`|5)!77x5uMuFLgX4nC``{go}P0G6EY7N%Vz_hC5X8S$jk# z1g88kjy^h`S29heOA$(i;K?z}BHOR6#*v|=XriI5&~US?R}+aPaRF#ji#T`Sy$oNJ zxol3Bovfel;f8I$cZFPR~r8d@Z=1j#rl2Pwr*im|L<%9m9S3+!JyT4&a%`$4m-ZEb6g-KWxmR=@Gjy{ z@Go?V4nqEIcM>1|Lau&zk|6RRs_j>+-XE(Z2#;z1#$$KuCB}aaid1nM1nElcn!e!B z|0R3NM^G!L>-h7se~D=R9z+0qI88e87ylD%5xc;FfZ>`)ep=XHB1VBwWZ}S?y>`uC zBidmEwbJ5Yqr&!=h$VI)b8 z|D^P}s?Tk=38_y?=yF|VhSaCrK{V~r;BwI86J=|`nz z!;BROlN{rIyBwn&C@?6VsH(9|SgFzXqM4ki+;KXbv(s+H=E|xC?KxC*3q@8Q3$1ea z3(a;IO_wV++Ix)J+6hH+FYc^ys%2Q<8&$lTZR;wgC+?yXI$C>-YhSj_7qRg<%y*Vu z_IFyUbvqeN9&BR58_ZTFI@(rRKGStp&YhippKCAU!!c@U9O0o#-;njTFnvouY4YrS zyzVRqN#La2=G3%N{+zf`equ)ul}v^3Uo!Qzf7vw2fRK0y$^3m<`=N(WQ z!@Jx;*@kYi!7F+1N9lf#$IZc>;?NA7Ana_Bth`H!#A!JQYN^T7iJsXkl{HvQ<@lv@ zxwgebc(aX82MG)U0xgNU|Q@65semk*Mzc*_BZS7)pjn(&7!D(|V}nOOxr+%>4G<2x6jm1a_i| z<-m602G9+m$j~ z*>QO5OWUzbse(>s>w{Taw~{%l##~{kh7FsdqVenva+OB=2%UW4aCK|($xjb9j<$DK zd!P3UZ};a1?|v$z^R%ekwd6=L+2n{#iVh25<%0BwSrg%o^bYav@05k2#agStmI9lS=NAnc{d=!JnPq1%;qarD|`e7vGcrWn$ zbkw&1dA1^(`LKB06`85QA5|LLhl|Y$BJ-#{JYgzu+Y&Peu?dusck5)15+WQy!lCMFP>G9 z_;g%p0MQwH`D~=bQrUinrZ3th~j9_{Be2kxzP?59ucqUOPs@AN(4MbDa#idCLeuYva8`{jHr zSm(|2F2-vN+H}1J8@7(Zmc7zXtp@9a+mQnmBm-5AJcL}`2gG9=Q3NzeH3NFYo<-bi z-ar=H_xbra`hq;D@ca@m?(nUuI7ce-R9ZK+5;{wgA*+@Ha1u&`(U}pEu(Rzm`>~Ge zUz^FDnAv(RD^N#J9tn-?t*7GDAEn>PO8(NML0Q8hNV4OCUC~Cc+yejD>y%?-7d38~ z0U)_L|C)_c4hanXRBHB#h7fc6^zj7E)94ld;z5)`cGxI%ZiZxWnIKMgevOoN&AFKBdq)-( zLWrC&mM`MX?maRxS$%f2)ZsN)u@v}hBAdNyfWPUFLmTuPV@InqVgA9?sb z&h%PdB}5EHlvA7t@dkkh@JPs$dDa)5D1r%ZHf1Dgs%bGx^pI06ul-?I-SOIti&JbJ zHEwp;_@mfH0ll$|5#or%5fFL3K#JwV*9Oo+6)(kF4oRY2IsTYs#`z83jHgpeoBbVK zz;T>j(D!JkFuzaL!scYr!TNC^7U_erHs|H$SAb|Ud|ctjnMu6f-kuPNm|v0j82QxA z;BH*ZQm#47&i+%r+{LMG7Or4uhX5dk; z)B3+>Y#}*fU*sB=B0AJV9o6phFc7qzvdVkX$mX{wI&gd^AQoXaGH$i(ZHz}|51mh( z5Xk&!n}KY2Ez6UXk3LTlfGiQ}t%ClG{fc00`lSL!JFK;zVzOrsZKUAX5TM4F+sN-H z!=m_IKPo=D4MZnj#1HlCj3cZEl;AV&;MzFq`>1ajlZnA|Y6GVFJGP(#!ca~nze3n? ze`5OjJ{ikR2Y|vVI3B5WJjsb7O-WLZKo+84tN%%rhlG%=yP#vmytBB79wpsW{#vu% zkpoV6>?c_tqF?SGsH=kx0ss>T#1Ix0Lri%5nJOe0AJ6Sl){f4noA!(9z`L%q)mbc(1qww5gyEZzR3`1h4q?HPSl8x{qx=0D zv-~1#dw}MHx%G%HF=&hcXOVtw8d!gjM7^;yY>5g>7%$ty1z3k4sZbAe8Bb$bGpM}L;K#(Fq}f@ znwTv2Lh7<(?m>mrBa6?+F5EM^mzQh4nUeHhFr$bL&Ib*f`}iwvLc0yC{ijnD%IsGl zbhytdSXi>~9vzPwD&;$o=N(af6U&z60d_KyIlA}A0c)cBK8usAI}3AppZvXt&@;b_ zPm6ujU$yb@;FLv;%o5<}rF|qokHozOmgMl}75{*u(fv3akE&|!I1pfq$H@S6O0}g* zbiy>mvtLxuG=3x{FH_#D!ai#n&;mx`Emxp$kg387!@Ct}F@CA(0#b1-4qr;-GM&Ds zH#ScE*^8*<%EE;MXWijsk=oH5XCt-Ke~f+;f%h8x;Gms}PAG(!-B;h$-~}nKW^$|F zTwhzu?R5CVP8PE(#}Sd(9U;XSSLa~y=S4TMmI2!r!}tb{k5BrDa6mj=nP^@c0(16>bjIUuNNeIi`6z zjt@BwhVU06ox)~=b$%1**O~D>g;Sz%NTM;lDf-KX)hqNmDOK>^LY;)X!V0t9 z=j(IT3&fibHEQ%z`UE&UUAQ|NbHP}Ol8#b{WFnpZ$StOup4(Hion`*G8VC&4%tv$t zhf<_aNWJCJNc(38PW*t&c&o*+#s$GZ`D0gtvQg(UGgWZ4&xY(zs5F8{;A}*gUbf@n zK?A|IqWRmLDNj6z);-L6jgZie2JP5;NN{d!S7NsL7q^dFffBWrG$d+T&xy8Ui{g;E z*3=iUb$ToafLTNbBzF4rqlrV-4HQ-;8teofm?Kvuv5ULZ!B^&Lt|*+NY}AH8yH6<@ zSG)x2d;yT@B}!#f7i4acnYW=9`q_H{rU0q}eP)gGoIv-%tJ%i?tSaNg zikjNK6JLM`)C;a)J(hZfh5d+nfl9fOtP=r>ZakLxbxlR17}f8biY$qAYo=&ES4r;{j`lfP#X3A8B{82}SIsD3)%E$y=4YDERTgJxIZJPU*#>Q+_0sHuT ztdR=BlZKIUv3kB;BML{BFwM|U*?D9k*Yj4XCTueA@JW9ygQ2e~(!g|VBk{o^(leDR z^_PboMe4lKBv9QCU~C9ixwVj z0`WqhATPG=s(x-7NaMv~87o_zb`CT949BC+jF%_q-zkog1m6nz26M zq&LLu_lc)lOH80UUxdFg_^y~Y|M9py5w-dxti1kg{pSn8>-hey&=hg4XWci;5!wmY z;l>Qh8T}8%9?W@r#>yL}?mxDJrMYx8A(=CZ3;)+JzOV&kLd7OU(UXn`Y$v_t-BZ3Z zGG<5#u|7Nmk!o`1Th?{BtC~ksQ3#K_W$2FbRr$;Tb|T&YT_qFnn?=IsEvNDR6Izp; zL~PPJBYmr{UK437`Srzg?f>l{R0xaQ*I!pjraeZJ-gtJ^W8{2t;hT{wB6OF;Kz& z7iRs7_8B7h%~b8_lu-V6DFl&eirXNLsq{il2<$)B`JEtk`5lvx>5-fEr++jQ)ce2VqFa&o~2T^scIy)`7tfKmH%#a)a&wMu>XhKS^J$`ah7wMgH}d5 zw}Wx5S@~smel*Xrw%hzS>&mrW5O?!A?Bnn)q3S??#`Vit8&QVmcitJUi7d7i2A%p6 z*6>OWqn(-dF>LeRV5Bvxrk9bEwvE@*HJ6Ry-?1xxpU_M25tAYi=d%`}%|2#z2(aQPyymxxi zv@ue4NR3UE=@_r@R18C8Yw@FE*meEXARGla-cR&5?7!)s!xN*Tl< z2?qq9W;Sh9C60nzbmbOntqu6x_J*k=qql@fG*_Q89Opl)wVl2Fgc)XAcR!Njv_4+k zxxLjqu$CDSd_6n(TK9DE4ySoKzmt|jj*)OR>+Ui^L2zXkozrshC#5XlY~5{-;O_eE zWrJgI^!s+KD6-SjNoS|vjbL^AuE0aV{Y3QlM5T3;0(zsvj8)R9(vLX5DXRs&y~opX zCdrnbo}NVb+mnTj2AhrUvvgLsPa`Z=p+ZiiIjGf#j-2HW4evcxYlrFh4)^opk2Goc z{ZIs-rx?_0y1bsJB?|>xB289r%XM2|2%i&pPn*xav4pI0F;JIg`v|PQ94}|LzI9wk z1gTVb2S5*dUKkfYS+3JFxuC~a>ZNqi2nueTG;hnFUXE7VCTn}Uu}h~eNJilu7>}i# z7Aa((c03-AvhFFbhRy%Nr8&iOs&Iwa9*nsI1)7iKWWu!ZI5pmqNk%2WZ8!Q9OI>`J zRYEKI0->el{VS<_Ml5Fz>b7nwoEYTlbzsn}w*^IzAhgxfzw>)KZC|*EOUx1ix$9q~ zQJybietZ(B#5!+O}9gj#N?yl_qdUFmuHsWWlGVF zn^#;XJAd0nR4GbwFqIp?yPIOLmY^UIXYXFE)BX&I zClPgakV|8~;Ln;Ac(Rm9tFe1LFlqL>T^j^BizhF&4+LJWF^=3SagcG^R$Vr{*362t zPg|YnY;O+d9YB#Hmn1|e0_Q@td-^KcW+WnzFvyN4%MA_)IE;?EJ}(VzcP@7Y)QXX4 z+&{Y@3E)-rHzlfF+b=IiPxDD*U<`~HUxo{t3BQDjrl#q`owjl)GDIUAolg)eCZ^;UhYZKged{6qTOIVngDIrE3 z>CE2#ZEvqnp8TT56!Q!P2&1o%(9P*K9ZPjzHwu$=4&@)FX-=ml3FU$hGHr5Y+D>`; zKoJKEAaZsj>h+NBZrP%mvYK-TOIOFI7b$CcAS&qedRG1>WK!@AqG@Gn?b%Bk6bA5Q zKSzDn)XAUvUfHob#^)HBz0s!Qq3Fowz4M|zj1P**WY)>+N&y}O; z{Nn1t%1$6fs*Rc2Y4dhdRgQ);d_Gqk zWyj?RcJti!uQy6RR)WUj88!?l&-Z5>ov@fFZIMzT(L*i%(?yFj*Xd;t*l9 z%?bCG!ETo4vApb}qm#8_an`;jx%=UH8xp0p!D6A6sROWy%(G8ieg1OWpo22 zHO6B7_JYDZIT~H1TB+IL+0!iYaPDzEE!fs07j!ztHX((besYC66DQcdrCcO?d-5~Y z-QClMRNq9S4LkN&?WNe!KXy@{?h5)&RNgg$gD2Ux9OVwe2*b- zyP)$_m#D0ial33`<1#+4*0R|f^2Em+eGf%aZ!|yh*_-Gl6py;?_x)5#MRshWBY}ws!ioRLjkel~s}u!b4Ga@2ex-r&*f@;ju4T zu@jlRyaH{h)6TaVChlZ4S_{^%Jd?a<&#_}nEk20;S)4XH%PbV*=^tDO!d>kkpeYB) za@7Icoo#ml)v+P6EybS9zD(^qUpw1e&ICHVvOLz^NHkig$Q~^3O}s6ktTx%$B$$EC z3IP53x{Wo57^Wkpn3s9{tX#bT$cv?6#Im{xzFvIWTyGp*dugfN*$lgZ)OC#R9U5WR zM(gK(xpl6=A>=Pitz34MBx_a1CFiA|+mbvOMNPni54`R+vU_Yo8+Zle=;wZcOvY}Q ze1jeXGYL2;l{@0-h`QUK?#-U`g8O8;Jud&c3F5cZzTi4P{HoFKeV>gzuGJhu_?W=? z)#Lg&HJ);1&rcews^c*&(E(0)d$xbTxczBjrC)%IhRQr&0u@#QKGUk3EA?w8;bq2L z=t^}2I|N=po^k9I6l^IjpKDDu6@N>0$7Q(aw8T=*9?Q@N4rLs89J_tNw+AHan6;1x ziWMb&Vp?cqk?KRcLBegp3KOyrBD+9^+iy3QL~ebXuUCiV)%RXcsh={XZx;KJNvoR{i$R?9@t6TcqO=Q-H(ySZugb+{bBUR^FZUBGZWt%kau^{AYowGz~>=?=}xlvd8)WD z`5{Sn9j`3qJGm;+cHhEXkuKN$wh<_fD~rC$uZ9R{4Zx_6DaiqDxNNiw5S#>MIk`{7 zFhjCuf;Ky!^Bd&BXr4=0AMI6qL^9wzSAE4>nslI9G4-BFmXj*iIMW6CyNQ0>dh#kQ z&JFxNK>zfl0%P0Q-n&8OTu4G>=mlL*r5-8Q+f);v@TkKlJsp;?YfNCg(C0|*7@TnIHGLa1wSmv^16lO@t0p8mrVeNqbNQyrlKPBgD-z5nvYSxNARiL-|r<(nmFujVJ9p@vWr( zXiC6HR^~e8hj>owZ%6amsp$tGA@t{bu9-TyNN)az?Qm#V)@{{T@0X{i`OfEu$zf)K z#AiV*Q)Lxs4Qgb4B5M7GFAfbTx}^=wytJX`;pqi!VW8DzIg}eB8lb&o}oRibQrV_^A40 zFcXXD5-9F)3x&vYsGB5}j2y}BWL_=dDUXi#xF&z&x%}q)ETn<}wMEmKbNSO>(x zl#AIB_PF3Ik3K(au0@Q%V<;2OFSKn~NdFp;L6o|;?a#YInw>brFDJ)lF^x&^Em>Az z**MW=`aewRc-!z_NtqIP_r4->PC{<-7Ldg-x2f|Y_|QiEZ0SV^UNyaow57Quw?Q;F z93<@kmE(K8SDnz;wfhKkzL=bjv#m?FX&r9TKI|FObuFb-$U2T9zw8ec!4;fahLV7W zNVgr=w%pArnaavv=&sdUwYA!jlOjjAim{x`VCh}^O5#Jqm%i;smX>V$KVmAP7rWkB5?Y= zdJ?_)925%L;b<`3&6O&z!JKv4gpbteXnd805{Y?xBJzyoC^vN-0p&GHUmemhc?1|T zd7L5iq+kw+O=-PuMKD<>5Q>&67t4FU6=!>;*=NM^2*A!Bky6Yfy<^fkm@RHnc>Fy5 zbJv#84HW;l5R$@D1R2BytIr9$jhLt0o@YuL$RWP8=_hplNjz#W41?0*^J#6XrHKzGG?e5-DsN=3FyO+O4R~0PBlvNb3 z^G?FtNg_4E5VrMNosW#i9<2;kO`a-(9YG)T0!5|ld*w-TG4|yr zlcVrIhZ3d8@wf{dP!u6HaJWOj6#RL4V^Tdc?;YEn~+3y9ggh=TiE0U$LAXk zlmey_-eV=QyC*8iDlx~6r#Fcu+~3@d|Lo@NYsM?;L(0`T>wN39nh7TGTia!q6-l!^ z!k#gyL#&;rjO+3Hv@eTK)?+hTut#>o_?G zUwKq^f$)?3P>oWtbKa`sUWixjco01^@pr7AMgN8TW(RDBWpe@)OgCp&|i^ zE(q^XB`|Yj8~uW%CbQams&?WvBEm6xltdKxAx*MfpY5{WZ|_`CWznCi_(bZMRt2EA zu?*dQN#~AmCvsoZm#&_;KA2TDh7UJcZTE<|uSz^=iiCmmLE$|Q53lv+mk!#;mt^O z0UP$COje|!bzUs>448Hz5rDfs^zQAR#gY>mSNyF{ic@Q6UybXUZ8uOO%OV(ow)g?0 zSppqVCa6riXI70ZdKCk+m`&pd1aVol;OECj%5w+IW?PLn$b^gWS@ZH7(LY^BBcel_ zQIi^nBd?g(Dc;8jkm+Y9eFzZRri^+Cf}WJVF3XpIw{c7cp?1pH{pHdLwGxZ+8K|D0 z+L-PGSYm?u=0Db)@ejYfpyt_a2H{Y^%s+zn#^HwfUN|Yi!o#1=$N9}JJYN?ND;CR6 zDP{yTffo|$>v}@xIPS5%oV1<2OuoFFy`AsrRWQpP;iYrnl5DVW=;6>%Q`a20`fM#c z^m-7$YCWFk$25gKC{Tu1Fk3_Em#Jg!wK(iqV}uY%pSp4bdQ@t=F#^H+$5d>&pE4Xq zw40*D2_w2WDC|)O8i`>DJZm_odR|wop26WitV0g$iUldQSopX{p=jhsyKG$X`fvrx zq3!lM!ECN~oh1)=DJU6!3gfAXnxv0`9LQ*U0{-k z8lz_UMf}UY({m|OJmqx+DorH7{VBEkFnf~k2u1_r5evPr4PziBg>qj!!X`O6`auW5=5yO(383llRLn)0`f%R>u+z9NH=Xm265@NN9+ z&eQGZx0~uc;8%}Bv*INW68UQb{N;MH?K%;SnA<7ItC%VbTG648Z={oADJ;}!l&!D6 zy48UM&uT${Fmme)*#F-QGHUAov`O@=E*B1g{lk{mL`1CNm`tlje@5R{GwT zfi6SdULEYuE0l0|AqO$3@F`~jpnpXX`1QJ(8ALN+t0Hs7_q;anBg6f$^mIQz=9X<7 zEotBmy9ZF;MX|<)KHw`p`osN(qU%mK7nh`e*gc(Cj1*!%v#W7g%c=9Lw(d8Qu6qo_ z#CB6A0U^#WeIeqI!*1DN@Q{!JN@Jpk{A~REw~M;Zb8P@{5<-GA1m)QohmWRkBjk`@ zQ^Daini#Jtc+_;A3W-+bc@p^&OZF@|2rnf`M#;xg9IwVXA8=b0<=t-%Pw>*fB^F0x zB8;K7SKH*4`iZ*$U(-|~p}p$?AwsUmJx=1u-ek9XzsbM5uC0C?9Vu=+V|Yd<=pTky5>SM$3wRh5bk?{X+xqQaELcb1lRGsQga! zIfAL8J38 zWIoUt(E7^qbuH`vqV6r@qUyRgU5hL!?`}OGydI8IbN4 z=|Q?@7;0$V<9$E(^FH_g`}^Vjy3hHov(H}pth4vJ)^+XXxi-Tl!6ce7^)&l?x6T7+ z-oGufA+J7zz98jJ#Ddr{-Ur_TiB7sp?#OtrTrCe zsdYKDKjoNbpiS~i=dzCT7O&G@3oTODUXFX4;^n}@NXJ=|$=YWY-N%Dxi}q7J$Giw3 zHI?^zgzk)*MfE6#rPD;RDUxv5j++g~`{gsp$H+31hA{=3!S*GXMR4jz)EuA1Gtj4T z9+m{Qm{%`aIY1XhagDMpnN54}RzGWc1Ye|T!|AAykwgF}N`{BP+LD(iTSUseGr{mn z>aNxeHd}Z3<&v&Z0-;RvCrT3ps7Oy>WLOf`aeWxT5T#0`p5wE!Jhk3o`TDHvuSA~1MHaKkI zBkb2k3*|u)X<}yU3IEBJ)4J-;tprcU6jqh)5^H_Zn{E$(y@5lr`ua6IdH1hUZBezr z@#0Hum6|00k{wIPkrv1)E>uwkQ-{p7L*~h51iWFi|7>3`hDIFpb_QPb>aY25j0&9RK*+QUXU8 z2)JnuGs5FvxJw|muO0@6d&UaDOlpQmNO_OW1t?>pZNRhGJTWOaHnYaOReLsaYfP#C zi_4skKKxk)Dl6P^ep23>B8YOyxy_b;^T4o}g6*00eqyNYkjeL)NSgow8jg?UE>Hd` z4gNxfHc8AG?h5~`!;YzvE#|(s$(@;fgJO6h=1Gb1Ts0sd@~lKUZGo(4{=Y@Z_GD<8 z!es2O1OA)qDgt*P6cfJ9ON?3utrc^v!z|OR592;{Wkp2)z5nl5`-zA4#5RwqH;Y{9 zv}GpxS5Z01Kb`pV5Y;Z=<3AGl0u(4iK0ca|2} zz-#oK)45|mxF}X$F0`UWbxnaU&>dcI%x6W{${n2>89MU*QN#QC(H%S_^Kx91GSfn zlgv>>rA$}3Nu2EZ#mkwAFDMz}6J)|ZdRcJ2#&SuNsp^To-Hvu$8fkA?I6Y{WPt=HV?YO+wxW0{BOz5M^bw54lKd_e$G}_mlsNIXt zuL8B6$DnKfqXls0kZR;vzFpwL0Az$Ee%@@KxDLHemGZl~0EbMzd0m_b=ACJiXKg&@ ziMWC_-u+m2)tfk|2FJnP{Q99&SibGk!U?d8^@2L$@6 zxCLD>6Rb~k;)jy%KL{AlukyQ!tGOnHe5w{dRaCh$s5Royj#P6|FJ*f< zo$?F|`<4ACy~l=mWm@hJqsec-?k$zJQ`!$6VeAdOJX^FgX}AB`6k+mFTD=m>;~-<& zOt3W74{QIoP=yJ?7<>_yRlZes=R4?rvu`f!digV}+~DOa>mQFp4EKaUoD6#$DO*3; ziI)lkT9&yD`Knc>Tg6^C=pm%4GTkfO_J7WC3*cMwsQ%S`N8T#8EJA9REk}o{dh1{; zc>9!CyjWAStL4Q||Hg9SL682$Ps2Yb?q5s3T#;MK#<@;BagY713Ok@6d=X$B8ZNb5 z#A;P(O8YOP*rpqtI=x-Dn5Jr6dPT`v&?MNsy&X<>U&HgI7uQm$#8F5aN7=N~OPTX`0Rkw5=-NM)QCmUz)0g1T@;%^~PKf5?V6vzG); zwyN^}$>Oc(qejwr8wUbrX|9^OVnuqP=hxCp+q~^g-~-pd1;h_|Lm)DNS`N7#f;M6p zGJUo6n6P|)Yf2tNm;~j*#N77RNk?w+0BL#UW58v8^~)y5 z)7=@*Q2OWwpy)I_AQ1^ObRHR_{s_wXjt>uO@9Tw#c;%l739>5v7fW;trzSi}w zH<|IK;yVP^rq>BFzKlFn``CC%}ry{g^)E0kHdzd}C9 z8L(GD6{l8u_NGg7mwW2`wpSEeTm4<50zOBYQ;vkVLn=b8g{;TNX;;CBuYI)6xcd|@ zRNiY(I_D}+sPVN+8mM!YSKB-bPZ=@%ev;)fi~Br%X1_h!e&{j- z>CddOomN40o8z}KM+r*jGA|8Tdru%T%ZEdjXT=82;pcOY8ZQw&;j~S{8?EST8w*c{ zZVVrFO5a{?DA8k>d22nu_2h?NC1->;te+#3n1_pX>s3!muO_K2QZ!U zi{9+hUUkWTgztC=_B=`#@DAqWTHH?YUj--l3KC^BS_8^dJ~*PI_yMhF)Yr&!TK{KS zla}dnQVagRd_Ecy7eBoO+9l62CybjFYna;t2G=8C;{_U{XdYk3Y_H4?-n&Z|ercPC zzC5A+9V?9tchEJC1JC)azfV^_?RU#1U()Qzw+!oi0Zl4YTdcl~?Qi&@SPR z<$E`&4DgG6eX8!8Z_-f?b>SbRGD>?!9fZ>`h8|50=x-UViw@@s_r(rUIjpjI|9nphi zsxbep5ppwRRXPt{FvW4kZahq3TftWl{@5p5f`KK=|B}B$q~k{+ncv9nbQ^cP<;>FA z;oze^_Ytl29EArx5Py5xzILk9u=Z4WkA)@HWxqJ+jR#Qmej|j!EcCcID)!IxAR1es zWm_2wlWv}O?c)0=-n-%~^pRPDx1KS2@CoPVi>(kVSF+ZUro3UZdUu{O+CKipFI)Ti zQ)>fB3(=XY;P;n52Vm#R=7<}rv4=W3naY;$Io*eUcZ+OobV`KRd&+sPj+r@cygcUo z3e4&wC;^^Pn|!bD^GRBs2+%Y9U(GPg-hc{ssl(_)=t-CE*xA6Jxs3GE&xd{}155ZR zgTybdORiwd>#19`nxcKej<9tP%7#=)+K4m173K&Jk+HS_%S_qDCS_g07TyRwMvK-a zus&5Bze%hc`RYn*2!cqWhIQ7Hv6ntuPy)X`7nc`0m`c$Wb>UzFu@0hiL_vxWh~&X} z%rVksTBVj{qJZDx7spFG*vkVOW#cOJboeU8rf=vim;)yzy=L;;!mF~I8?+sONS9zY zU8XMZES%R@f}1Ts+xs|14;mikcOvxMG2s(2Y>I^3NAd2kRUD%D;K8<)bo+F8;tgWy z?vhK39MQa%YV1tK=fsNgqb!Qm$*uDA?gp}K%!u*=*$X_O$11M%QWa~(JHm8?tEaDG|_C;lFGR+ zp{^aI{zZJv^Ig6D6Ui(O>Ns4;)@Y6eO{$ge(_VWnl{J1D`gJVw9{ATjV(9US0wRnu29S11^7z7Kjc0Q#$fOEV|q$H#rv(Oss&$| z*OMx~YBZHutUK@m0*JXE8K|~v6s(C)#9VW&k6RHom{Cj135*}DGB<>FthdPTyd-Jv zjzexmk}#=`p-GEvSF~9WUau>fCTV^Jyq8Ji>ho%gLn0&5(YNRx&m2v7`!2Qid}SW` zu1WJc>Uzv}2!>!`)9+*UxK#V$A9`C&S;|R~LvsDEfeA3Cg6#~sC2MRY<<`kfSsldn zt{EVRb8E!k~`wV?DFh;DAW)?8a#8*e7m27@9Rw7xCB1apdeOmI+BipWHb9M7nQrt zrotPUr~vMJ89K0SnqJ{~vt~z!frD-_L*M0#{Sb##azyu1;}B|ft@MXahsx{aC%AnQ zs)a=&8*0o+QWwSB%0hJ}&85zjOSf0y8BMDin!}M?w2h39WnSSpX)*tix6VhbV^idu z#L_0rL(ZBd?g_V_Dfg5%nTaQp-03%=y@aB0YG5$AF9dRO=X5J#+72OV0+zDdU%9`* zdJ;ov!4i@u?}#kxtXI&&gQfhx9DkYQeH|AUUWnW$P1yM1tdDQyXs?;2o44bt1q0nKD4h^;~UCPHVS_ z`TC-@S%8;rJC$f>c*5uIf}*tvfx+5XR@Tgh>>aRhmh@CKoK7Od4Ullt0ayt>OzpJT zPvj5ltpv0LmWFB%=|U5hBTTcj&Xh9e@X;+;%ez{>@6DzNEa)jO3rpM)5q|lK0qnSS z5x!5F9sEPFueN8umfKC07)^E^wtK=(^a2Gs-rkeo)?Nu`;BaORF=wk=sq4i{8;=^P zIltH+VoEjggYHd~$05=c2J*?;pCzX1*-BG4T>4?Dj&9!?u# z`pcasC=OVIig&y8#dZLUt%GuU0fJrcNODSmqo`!|s>u>>x3-@I*HwPP5<*HZifB7F zY4pDlJN|uwqESk|JHo~kmCMmy*^#GzMC8X3nb}6em@Oo0P}oPsd`yW8<e2y+tKfj`orAwW!@hI2cO05yFZaY}Qr>x6 zD#bA~$tfroZruEL_3X&+Pgvw-u}AQTZn!yiu2`}Pi?M&cKs(C&+1+Z~Q1h+~hayE)}c`cvLu>(U!q&L=Cw2im3fHTwj0Ctu}j zZ%~Jz_0YT&IJv!oiRh}OkFbXN_+3t1#Ujy-TIOZm3hH3bt%@LuyjPk_m#Csz71%PJ z5>_$8FGHEH^EINayf44D`=H|#BNu7!y76~?Z@#DMjFyx-jrpCS%(y#T-RJemir9W_ ztiU*_Pw=@S9(wO5m7s(VQ(y;$hu zd*^UaR1dP;hJ!E9E*&%Jg1<4Zf6V00B8XyTNFR)1LY7;A5N1?b`m;ndsM|Z3b2a1y zf}-QU5nIk?u3_8px}FyRg}3y@U0thMFCbkD7Ral}S@S?km;HHhOhs zz~}7jm9bGWuNky_Vk$U{vUf9{2hBP<{n~o1(1|?T(5PmC+TDQ>l^+stH^)wEpt496 z8a6YF>)8p1FEMeZ6`1tO2jXsrHG9|Cz496={ezZ|RZn1^d?A7Q@AzomWtNtT(8p%n z&+79>V8ILVmtEKTV)>a}OzwD6tL;r)XB-|#)ko1*e;F6-S9?DLJ5)6>>Gk5H32(X* z9D|O>Twm)}n;r}Xf|CFwJwwsvSNcdK0e2Ih!JEcl_^q3zP$X_I0r~_5es_gVJ*&S+ zp=80vhQ=of930|%1hqor$?sQB(ku5KP=*kv+QUaCi=+IMhHb2}5q-4D-AQM%U#KH# zQDutNu!T^QY}Z@nwk_%5BGPKIg_8o$=WqHA93h)PxPOptNL+I|RjT0}!WD`W1`hsC z_~EqdbsLCJo;swHA18`f!pF^gqHh6Z%ke{euWC}fL;obMk!-Q9^O-lZhX013Fly1Fj_ga{YQDYv{^Fw=Axoy zs5!(~j2&+L`E%cvkg}?@;3o~K4K>_@%i-tsNE!5f@nk-IIs7RKw!i=3ZYI}_MUZTr z2}t9NSo;Hu<2#4yr);@pDl+uOuTMv(^LzqMI$Dia=%bmQMoE=@NllvbP+`Q=u=IW4 zya}<6qJ1KFKNyP%X8z6)c72#YCK--3?}g?wrs9Jx9$9G=k3cSfw&9N*F{WAt6ar_# z$-YOQG?+8LpqrcuVFFcQM=F#nAg@$d07_jD(-zE#)rGrpxIvbCYEy_AylfWGKmrbm z5KxL@#i+&;oZ##IXbcjOyt6L|7g#6ztQK{BVMTiZvy&SpZyIyQWCx0$>|6AbmCgxT zf?a|Na-V55kZwc`Z^9sUx)Q`~yY_}y8P#ZGtk4{d>g@ygj;t0W%mbq)rI4xN5QdRi(s^1CQl4^r%r!xyA&m@Mc}8e1 zu7DyZ-yW7W@|@uPz`oHi#`9l3QxxFPj?%i|TPyR8&5KjpuoPDKlQ z=FVSawtQxiS zB4F1-6z6qSOqF9NaifM%m*jJ}JDXATMIul3*RxjJ90jJu_v7w9hu-`J=Ev)mI{43< zP+Q(&Bamxia$#@mwq}_0}olWqB`{l3sT_F}!BGpoc*!Qe~R% zA5Ur4$u=;bp6g)39(01`szGe2p09^%M;o(@Z=tQJ;4%9<&WJ@JVA4dl$g&7sXh{jA92RA zy8nKbyM5*}A@tcmCoxE_HA? zW4`aiXxd~gGZk?hCyt-t-#bYEi32zHI2tQxQ3JIm?egZe+nBLZxb|`_6kdxz7V-Eopw-dic;dPpNDKneB<841ToQ4ui8~&Z=H^f+%WhZOf zb#)omBx?RPOX#h|U|;_a1^an;pak3VE#rV0y?4x#Y?3}F-wqR6Z011q@rhq`OU^}R zs(vL6RF?&%vF%Sum+{BCr0R@Dsk7Aj(`3x+?a%2B6io%2Cjj@9aW>|ZzK zPfFHEID#pH{_vG>dAmIRC?#y37N zkq&_`778jMA0OE}fjq}@K%)!+WKkbfs@&i;g~! zi+{nN^l5pM&i(N)(X>_d|1d@YB*rCHCgmhgEmMg5VXb3(o4?;`XeA9Ugz@_x6YRZ2 z0L-_svn2M#gyVEe3hK)K&+YK`8UJ3l)T}e%fXp)z_527Kc_g z50s>535Xs)i>g`u{%;UynLUWZCNKE~UNvT|{|%;N*0e){Hu-PLRDAhBBoFC~ui`-YP zSiSgtFxnrv!AbRzMEALF-!|2*i0rWT>U>(`19avci-%bKc}j=91h*SKu}L{`|7X|| zWG)?0h7~sKyRT+8yA_4zDcuV@lS{GJq=NaRdhD(m7?W0G^9iK9%nE`DL)T}9JjrR8 zA1V+`4nWwPJBUM8WWDBsAK*f?iSQDv-@!OTxaHD^S8^QJEN5$MTsyZTOExa$mMGeZ zIwuNj>UsVp@zX4q_wFeh9)@CYK9MOgX&4`$6vxXh6+?jM;)nhAgnSQRCn@{C@oyE_ zIJ6YRIrN}II@7a1j1nSeYVX0^Cr%7=CQRuitquEqYKo^$J~Y|HcFk4Plc{6fOGabBV?0K;+W&slm$_wa-XBHa+KQEqOB~?L1Zm!3_p&zTP6QEK;S#)(ky=cPO4; zB0PWO!>^-ws%vL-UUQ6Qj*W?-3d(ero@$TLNM1EX`MbpI**ex&k51O;l6k@(q|Rfo zLd%XVcIW@bAQ>>qii2vc^G7-@B1JJ30gX>Xgp{9Qcr5j`g(Jt}hmhZ?EQG&DOqUZ2 zg0{&q)wU>8jG^G>ZB`$y3PJ9gxKG+SoX9YqAP2p4bIIjIO%t5_r^SXBw9SZHuwZ?H^IJST#X7nit*s zwJ1$~!47Ko9NKQLXuZB%P3&yF8L(ronv_`1ZY6EvIs1Sr!zyg)_rI>JZzjL*0(kr70t%rS|8+-noFYU;WC z!Zm*(BTwCM-Wr_P|i(4S0exg7#q?r1+-^ttk(lE)rQ&}RM3 zv|Yeiu4Z%l?S(9Awf%O7*X$2cS1ol@w!85K_8(Y2o+(}oo1wXNw?d6vnjU1KebRN( zGQ9g8h}y|+!@r*7)^LjX@ka=5jPT=SH*p!)&mtp+0P)+Y&F40gMP8GjhBfyLVaGi# zb62hpoE*T6jc{nWNT_GWDjQb-P{F12EyL}n&o$I!`0RS?ljrXa>+3*N8k(M0+%p$9 ztasaLGo^@ocQk1uC3yjoJ|A>~C;>Jt{D=HwVa5>>S3$J)8;>yXc?Wpuo#4r~He$9p zD(pzzbE(yUEg}Z}9n>e~>WVl(DAv^%*4}igA-oXVxHmqbsrEz73D9eCAG=;o8W7Xg z^8xeY%ou$6FZ?A9`|7Hv=tucnMU5G1*5!k`7QFjrQ_ce#N~GI%P*4z42LcYT}7@DYhFW%H9W)*Am!Cpe?Y0fkiGSZm66Cr57N)P+Ak06uU61J`u;orVi-EWw}H5VcZg-BK1~GDb}4+qoisCSwfDP z+KyznA`2jt)IJoyv^3F|^LtPB(@%8|O-Ja?yLP`{-elr%LX<dJnlbDbW#jnqZW>{&!vl0*klfkDN>;BXp-Td&Ltveg~ zxbTH2{Y=VHi2(IFs}ZL-$x9if3`6+$vHL)V8((>t)cU|YXo(ficb@X#2!hM2x>@IO z@D$Z+$J;z%;=eN1e%X?FGb?QDPYFM6b%eqfWHTEcRv!!O6e8iIM}@27sI@mR zp*7rb+P~PoK`P8zj4c{#y~@QzZ_G9roJKEFXY0q+)sdNdfcha`;hOU ze@+mp9o*@$*-XZ=r`ghT{?ZjG5mAD;VnzMn!rQtt4=(q%+;n48aL&i9F zAc=6~jj^rfh)HE%?kZcn!Yf0m;@tQyrhLKdSR`um3_vC)JdjpojqIUTp z;9mXVU^jLtKsj~ z>uoHWZG+bvdoj73)HT83R3`xb9JB$v(Ls{mUGkI>fa8sDw$7?&OH3dZ z{Hp!@o|1S)6GlG_6`HPnO{r)UkIUOUf1G8dz<&_m5Ku)Sz7xvt0f|rXc(z%t4WsL2 zqn3u-p-$7P8$`ouAB&wRA+m2KbMSNS&$FN&Hy^S_)bjIK&HAnT(|BIv@4q9W44!H&}jkQMp5^Pq9-Ly47{~k&FDAG~XDT^=eO7qG)k3}1+cIcMzmA6n5 zODt;Px??;?*t4O~U#;DLF@lvf?nz%I1jM5M>CN9iFOC?Q6ja`;r(bOi$3Ig+g`x?4 zY^^kMcjfiJuo!>z!xv!!#emOt4^RPrQ2wYfX?Jy)?d}=hORE_6)lfmdOC**9guQe< z-0&`H0W`ny)22}RYF!@H8(@6Yrzw4f=D2vWBRsCorDKcqS-iOUTkmpAuGT^qvTO&>rLL&AbNntH9RQ$dmg#}&l3t<0`5Kv_@5@Oq zr1<_AhAz+DMI7rj3yhd)>GT|3AIRPmkQ;}9vN{(W+cw8U%KAh2=91f~M{t8b3}M~M zS8mZT?shCMAB;)<=#~2Io~I~oxbS4=dXXh-do!-@u3jK4>##0B|I?(3;ARWze7HB_ zG>(iym)R~a`SI3+rpqjB|i;MTeVO7^~=H!p+0Q26C3W}+vD+F|-F@4-D_Xht6bL$Gx zwxJ<)BLBv$PvR_Vua1M@m6LZ zAJqT|YQc^PPPbnsImdXt-5kx?017530zNr&Mh)wRihYu3%YUQ;ZclAtS)!sbnv82U4R$?t|J6}w$r(V?V%dyTkR6KWP zuWrB85s&~Bww2-IU2zRNd6~>GT64+q6HLX85n*Fx2Y>!+UB|o=!5&_6Hv0WfFW6>6 z&z?PFj3gjVc9Wa%_qpL7ka%mez%zlaj!g`mX1gHA$RbNct`R}6_IY=FR<|tYdl%4C z^VTPcp_82p*eeg^(hQV+wH!j6&wt!_hUpqz#XiI*w7;Nx6xBJab<%E>Am+MQ6k!ha zTphFvSlQ$6f#6j`uYCpD?cWq+sTlZ61VCsPTQ5j+o`i~33xzO;l774~YyN;_&@EYL zrVO|+K=5C>tYcRfxl$EhzCD&O^q4+9t76Dh9+x0g@;ja+91TxcfLe8?(R}ODfDxm1 z`VinTk{zJDAi-YV3n!i$>k-c{8DxaYxx6@C)?>$>Q{g2zpjc?C@N=OJwDv?^K{4lh z0;AOFic|iLi?319$ZwEbZ_Ld+ulHv@2{Zl4;~%asfDPWkW*0g#$Jb`8k7x6HXJ!Op zlp+fUkP1;H1-X6lsurgJuHH7C4Si2orb z7fcei*9}y5x8L9+6>!$93y7f71`K0n4T}v{nGwHK_kdMs5Ap0Jr-82+^^+hrpv1r6 zS$&Q!#y0YWH?=i%*d&f-V^7HXFg{wv{8Nh6I4@CWhsUxVts`EZ{p|uK$y8U&qElVi z`fY%Yyd$YgQcu^x23j6(p!5)W)R{~X^X}-onP*o17pDH6#mi14t%s*)r z{GjNe>2eN?*^(7ie2XtwXVy)^TFfoI{-n409BhT-*y=&uMNcahN`{Tjlzq}zqk*_X zP@@J_$H0#FVMON)UT^p~;FlxZ{#V$U5~e^GuH0`S7nhum88=^nbMZmjh4`@JzBZsm zc(&wmNesbln5l&JuVf|46Rg3*@c0+Kn36X?P5cacWJFPY(nuOSI5oYI_`XQLpZS_C z0Zd%(hE!j~#HP4tE9e@Vf6;Ck9ne%ay78j!^)O3&RJ#>x#qaRKs!U#a(W_)l=a&%i znBv0U+lMEAf?bc(>#BvIduFdsDu{C2R`E5y%l@zfLHfp{MQOcHkp2YX=w6C3#XaAa6;0Q0bNI9N}+2=@@|VAJe1-SsL=KO#%yqk7@iYo51v} z{g&n|1fJk&^Au%^3mrCn#V3;00Yz7zV{8bhj}i3-(5Q>|Vri436>`zlHcKr0$J+JR z+dj@S@?yR1KO3F#%~*=In~|p|*hRJY&ia(^_7g$I9*c|GVt+kn-{8g_WV^(+zb`Tc z_M=1Vse|Av=eRU2)1sIg+2+OX+tiF^YAW@RB>VUGdY$lu<(I3XO18W6R)Gig6{q%Z8)$Y;z5pThjcG)=Bcb}eChkS&!t<7!cy(1OBP$=>Z`8{p3lDe*8gH9;Rt6BqD z&w#YK{ie9&5kHB6oafQ=9r7Q&;a$=fY#Hjm_JEZW@AaOIw1U+iun}~AJVs>k8}z{t z7Z3T&f|1!-HC0g=WH|;!2|KPOIGpI2Fj?JKON~4GyL|Z-UQneo$&;jZmnT6kgr-hB z`P5!Owvz%y_-Oi*<*g&-x$2@=z7bn|wtc)1^pMRQ0Xh8`6ZUome8w*a6uKOM_q+)$ z36kGP(48;|dS%JBvgu45VH_7cXwP65V;`h`u0(QkkMT+Rqg*Xa9HAsMz9r7y z+4`?Zz`~==272%v>fAx+bL8LrCCkb9Ezw{IS|ok&N`%0e7gi@M?T2Z}qmR7{p-1yW z$*((mfm_jBa0d#Ri$_x*sOmfJ>^g&>>BXfN>PGKpgQ%inpt5RIlP*` zXs%^(-eayWx!vhyN1sR}uCbtm;jnSvTef-8oSdy(buYV|^C9^*dpuV-J?dCKlP=I> zkNJDkhqL-zH=V^}86P|bxxwE=EF|ZPEQvCo6?0$PSU5vAF@6R0XZR>3_eeT5v?4p z?Z=Yk%^A=ZPZZo1^=oUp4!i{jIBbX(W*=vx{Kn3yZ)bKeL-lvH92X0YIRZ>(qANTi zqu4piwLFM0=4~eF8Kn~0F*I^SlK zi}7%({(eugK4CCt!F`d70GPcP@Y%K=UQsG4e5no6!Y4`ZsZ-O&!3GV@fj8d{ACAVH zQdCQqDN5I3 zrN-S51l|Lj6ST;fCyL&XxJZf0-{B`s&R@yUF78dG=a0>rPXUo8M?d9ziu>0C2$b#z z!MNFMwd{k4z>YX#GAR`Dfpizq6dX@+{=VUFgZr$3G6T2#CE&ttG$G^4{?sAQD(Sk|9Q&_7Ol72C9&S6WRInw(*}*; zf$5=qn9BNF4`Lb752*7=@jqkuPme#41kpFseVT$PRq(?QIP279ld%t3npE z|Hq^u^Z3NX#L{Wn=eRWSHAox3-or`63v5$as8oUsq*x0G}rYr>p$i!V934DE|e`|7#R5LC20kz^2@x#{6#!3_xpy76blY zpWZ)@j3)scP-I#{^luAA%iSe^fgCKh|tifl1XMpLF}k&R!(( zHl`@-pNn`n_i5A~<0#-L2j1f`ekj9$`|rn50gqdEDk1&%*s*fL&Np8@80fiEuhjc4?sivF~YEK2Mdk(`cb{H)OH{cNS;CK&p~ikg}qxF z8y8Yp65f*m9v&WN>{`9i6y`*ty8!|igVz_wm9@2#k&%)1z?mp**&VzwVIuTeXbiq` z|A`jkCcu=wC1MOvd6*S&dr_i%#TX~?o|~In2so0d_4aZPG*R%>k7gMM{JM#kj#i2DBqEj%V5lKzk#+F&6gBfBa+ zCSp}#)yVorX6)6`3k+mUnRR<;bOnvi;PT?4eKq7Ll3LQ|rvaM-^z_XFaORnM8ehjc z4-1ms?3?SBhC$8yFb$N=&SWt##(dywWZywqdDRh*F^8h^6))sauDq)1Y#E;o_K zB(ZVVS`h@Q%yu0Wg*{OTwgs?ItGATb5f5*1QfKDpcNd<5pxBX#L#gxSzM6nO-ZFJu z_+w+&k>@!H-Nvt9r;r7@aQ@+tX{}S_)*7=%OjHNl>@}^bfBuZi)AYkt%ReH0D>nc( zzp$YGi;w@6(I1huHP((g(1MU7vo1K6N_4ftd}wJln^YEh`qDlApYNyN9t~rl)cRUw zNCi|DMcL2GrlgH4Q1`AUOX=42Q@|oJ7Y{L4*EcvgxDQAZ z#jfi?`l2ZWAx#Me$rzz5!%3xTu`&tYC?tLAbDQi+S#B=1Ih@Qr4!+O4Q&*3fo}Ru? zu3xNR!b#@f;7|jNV~Br>(*|!meI8$=+%`z5E!G(&`2F=pHW=P)MN%qc?78GFRq`@e z`71Atm|~R+k=quyJ$*h%%4{4ZVnh`XAvLm#xgx}Zd9Rwel`1)%p z(`q#1z~6GtTF=ZD0J~ zNp9{DqNniEvymbbE3}eWHP7B_{bJ>R#L6F^qG+M?g5#^6^kAVptd+o z$Krke43Nz zLeJis8>~?rOm+1X6uiH4?d=$U96`0@dKw7CyQ#jHyZNgeo|;pv=G z5R=u_*0wQNt>=FQQFq2|BWcA-xqQef$(KyN$8&s=z!;8i5Ouu$DMg_*ieq&&Z(&P95V)rE_sg#_@&!_ z;AG|Px}g@Us^AwNT#xw|+8s@td=&gGD`X~^xIR5(b0gCV2d_TO4wew}pEM%LhBG`) zJacbR*4I+_CM}|vtFzXDAt+KcMieQC=)U6)>MnzTDZ|;oUle?LF zCoZ4m+J*RClT-d(+||jHCRmU6RG-J>a*Rg9EJ}vY>~XAJK^5yots3O|XvlxHlJ&B7 z_62K7xpZJH4u&!@^2dfszz??rL+73+9cGk5kcD>ya}#lo)VDXDGN)G3DJKt1e}!D1 zd@woPnJ39LeJ$v$wHp=Qgn38C#0KP7m4e00{ZxvUT!y$kc8XKytNl;QY4p35IxWuj z=lr8zn1|8Dl zGw-c{_vkK$lz5;TCBz0?=n@$8?DVJ2ne|z1Z58^&J|r!6ee>|t{BY0Eu8&!~lrR?N5mVImwWsm^i?*=d^DD(xw1#>o3gXUnW+O41&8 zIdy$SKukkiMdjng8Mi0yF;n8nZ}rvgtdqBh#q>;#5q6fA6s11#Ac3JJ+L zQwzgw4%ZAc8m`+>Y;NEA{~@c|oer;ki&j3hdp+l$?2+iZ zVYPL+g=d`a$N?1=R(-JtEbbNc}dU%bIe+p!w}w0?kaRF3qB%_u`9T)eRVT z&h9XbEjhto)0Gi+shQX89>LF?&>q2ehV}q?4cu{}9~qF{cjLO)%rREy_^~WYVysFl z=JTbcd}39s0vz&5J3r=$vWR_m@nZ+$QlIsztcYdA30?VJ%1dP%`Q9(OESz$ zR#Ay$Y-QF+COIbT&cRDoEE<;*`pKjJ{X=tt(nHpz9}WJkrivuk7o@6~F%exu}8K>2iRP=4_Wgnyy+jgVR)p zdl9p$pOGepVC@~G5sS+v&gzI~7^V->YIJ>U#+rgLtS#0OHRZ-pN_UKD3yUU@d?HS1 zT<9_QoRVS?Mr_Byn#I)CdGHHr^ef*`HJx2+(NsA(S$t#RH;ZJ;wynbSdFc*!CAaa* z-PKo#J9gpVNO1Sp?XogkL~H@BE{lNVgZOmN;7^+d&>pF$nP;xZx~$0{-Y&g}K{^n6WI#N@XP>~s$}TK1Tq0SN5#oHekNIKpTV;NxS`B;GPQ^DdPKn{si-DRR1NY0sAHW_(9%xYplTUtRT*6OscYMsn z+98^89!^UzG_6|0Xy#lHK0w50u#^R?6ve*AWS|>6t-SQ7DZ7QwLphHK#KrDD5supZ zIKZQE36C4PB+ia)4WD5&%tZ5arJnJX$8QfYpV<1ahl(a)>oB$cCgiZ4^J1|6yEW1q zCh_HfuF{~DMZiplFC`iAu2GY?2OaCoU;=XCaH!}LM3lwoT)XxY9z%de-3P zC0)Gfe9zp@`T}K^n4wH>agT_%@W9S#1 z8+?qY!DPhOH}q4qf)6q|SzdJJ3)6(0wk6IOgGU5^HDR!m=U&{Tb7aVU zH^52Zr(DFn{%5BazlXtuw>f4)*X|kje(#JMU9RBj<0`+~vgA6=wE`~56Q9|oA@kxe z2cBXtyyDBt5NE`KZgyr0%WcaT7K#p_?9vT@Oi*77M-&h8z-d&fdE1Mzqp|(+!p%j% zk=H}bHkA=vWyHy)nh!I6>6XW0Ua_jBk=tL6-C&))Y_l^4RIFanuG4e}#!`!qf*;yA zl#^#0DpPQ4b++wh+#BfD(|=7t;mDNO|Bn`cIQzySQ{ChPMfPmscQ;?Ujp9`vgq7+A z9BN`-8w;j$Z%C1Ps7_G!gcRYvgBxdHV=0q;TMTr;FP=d(Ch@*dD7tEz_?lanPyjux7#>Pyi5cxiK;>S;eVx- zrZD~=_TDlesx@jGRs<=P7Lb%~RHOw4rH0O-K?&*ZmQW<5LunBdq`N}|DM{(>4#}Yg zzI#+W=RD8%`}^J>@A>K3?3vm7zSp|0Yh7#I`;Df1ab4#&)jA`e6jGmA4Cj`|Db_Bm zPV7{C6yzjoF>Q;^Y=GwL6{oMU8HYV&MqwN4P9UjYro9zDyli3I7P|?f0>i+n_h{hvp0WfKkG&;v}`pbOQcs zHyGvW56%f!+fbd8Dj)~?07Dkb7Wcl3HmI25AKY*UT<`V=CJ(A=c2@+ z2;E9NobYZguBjz{4WkyA?eq~Mjov6&m zl=o)Q+d9^%RBJqHbFpQ*8yYdu*e`sv(oD@}gSrjgpDsxdXHd$2R`)#)Ce3#&Vldu% zRvd-;M!C?jIBs+BTDL~XeKedR$HnO=3;I1tChy@_6zj(GS??L~ZC(vJWQ z;zCYFqs+dO$qZkD-e84dt(UFr)uoM_thkJQt?2VL4Bz|a=ydW^vglako0eO~VQzH? z{8MgYsW&K#*5V=2^d@PWVQSAmpWx@PZ}=m_hYV_IN6Zu+KATQ@y^EmcD%Xf~=zR0_;;Q z!tNYt@DH+1TdKvj;0)2Lba)v@;Xgm8j@=R)IF?84N*3hI8p6h=qOw0LHIZ9L8^?I$ zRk~nTX;pj@dPi-(8LAyl^xSC+lQ&$*d#+M{0NNzWVUl36q}5@H-C@hy=#Xp>pH8X9 z)$#5-*4atl&UK}tyVZ@vd~j+sS(&~LkOsat4l691yYa()z99n5_MShf3Z`)Mj@*fo z^)#IDiQ(T$A6&bQFRvx&aXPj22}A3LmP|``YD42NZ9M1kQA7qJ_A{9RijiJEVv`Ee~BUU3&Y_oJ!2EbbQeC%KN_b)P0qtjW!05LJ7g zy&h+Fs^4%Gg1!~D)_uj>?!=4spVY*dj-EgarN;9n=8BbDjJ9r_G#8dh5-F})jPWpjC z2hZ?!*EsJn$%<|L&+?_$_)5FoN^GIhF(zG>;fx`@PdDmZ%S&H#nUA*Urx{q5{l|6{2K~>Jp>a0B<`Gb>;yjqKy6s+us zNEG_2*IDebsHFmJ{2`x4)3Lvee!!_U>k+ByKTi1e`VG{WHk<7Cts=xwj?vtBtRKft z9_F`{&mDM`uXS17=6o#>)RoSHapR6}sN>F^(kT_iF@gv_QlaN>C*cJ>BPq#SnW3+v zOR2c-VEmSVWFYXzlLSsS147DhX?)b;AfSFHN^o_a&{S|}%2RrnqBYTVev8}sB|$fi z5=1EWA+Ma|g5tK_26Ck(X*=6Spn?3t(91zOZ1i}JUkki34Y&9Iye1R>TNF{mT+z$+V8BEfeGJ5QcG`C@5l@+C*~nG@+~UdO z7amIyPcwT7@gQj#7>@=o)zsf&ya_%eEvY>~h*WAOL?7||dU*oF&V*(u@y_+2sYKNbqPw)l5m`DdP(-c}Ckkv2k zcCf%DCRfWnmSKWp&50{AGM#yKb?o9F9+&-HwP`*;{71}-Z{483=X_?All!^+%{olr zE2P5A_~^BA;sdL=&FPxXJ7MI-{CmXXv;OG0#qKdgL`0g}+KCjo<0fxz2GZ7Xu(MW- z6%piS7`^3OZhP;ZBUs35|7fJGv$JA!uiI{s(m5_f_lvc@{xhW_tI^7D+hihkpJQXy zHN3s+D_|Srbzil#wa@OCX}0p%Xn38Rt(JJz307D=px|U@F98UE)nU`z+_JE)rb2Sp z-0*P1A-Axw_u{*5;Yd)q)zHSoBo=mvWm85r!}U444ULjbJ3o%6KR)1^cqQ-{h8Zeb zj+f_FIJX+Bc9G;za*sKzZLAb}g*~Ib?(a+?GG$2=JJ{_SyS!$(>sKUM^{GBaUG=zp zU~}4n`$MaSx2SI!|8+qfDnUU(ul(T8kvv0ooVH#{WNO1Hy5oqVnX{8>#JT6-r~88T zM`?17kJS+I^i1DjjA5yKEjxMp8{_0pij?X=3HEm|Q;Pemnk}FvHS-8Xy*=++H}#a{B5aXjA@h#HLfD+0F-*HEF)L?F z!>oE-#Bu~zzj?Xs7BmNNZ7>wYITQ_CS|VY#cNAGG3!_-elX=cB+1}C?AUpdf%e{4Y``d z!TnsOo07K@P~hDB!gh0SD+El>J$e@hGqhkhni?oMfeecYbm93F+qnXQ1PmpknuY^g z8mnm~ELmRmJD}?Oe`+IhP1KRG&^Wzq>D<-nV_a^_B2=N`e?AD#v)VoXTs4N zjD(bwCyTdA118F}w6$s#2kbOM&OSM?W9J%r2c8mX`1)=CEssTbq7<3H+HKIeA3trw z9H?={*Sse&G~jOW%7FBa?go_4$?0YMxjnXKRlD`f0fF6x(v8k+sus3VzICYujjVfe zG1^*Tf}Nr-QV+(qhc2JboA^Vp?C z8zcqd^Pl>JmnR#f5zyz;vCMr+(J@?%&f-g!UsgYBzhTlI*{HG|P9eA^-nLr%WoXsG zPpC*3TON~MUq1^+Yf)}q+z-iOLG-6CLj^^RIFT~O$QR84xi{6iyJSRv2FtycrU0D8lAwTgJ^e8=LXDYG72DOZD5>^N)ou1hyEC)=VM^WU*Y;l?y9T zgZxJQGu{%FIdqi1>lQc9$Jy9kF@<}nZFF>RCi>@2(KyW=^~!G1M>M-25{R}+w42*n zEYh+^TarRa1*fX~2etjNGmw(N8ZqW?D00Pj0Kd^MO6zP(6PRy@|!$sPMGJSJCbo?!O-!YU+cjmCi{Td(4j{4 zSu*U9MtV~<3YX^ zl(d7#l4w<|wn73FF4n@u=BhO$c$$yyB+0;VA5OAcOHUjdP6X5n-V!I6OcpE`BmOa8 zlhP4iGZOaXQ-GwcZRe7c-h}A^3q59lmxr^M9#i&7=|WK)KCH0LK>dWwCf%OsQNCLF zH@UYPldS`($>SAA^sd*G-g{fRT-_>q%Z#ggUrz$3dX%KIT*? zC|KuuHJ?v2-}JR~`cbQcY5jC3l?*dlLDHRT-|+9bF9&%CCyR?lFEk#oR44s(5!xJX z7Ab5-ZFS6tp{nQvjuG8r!P(7X_br1E?Ac<~XuO0=+H|rMTOaIFa_AO^T56nr41Z(S z$7r%oo1pLN#1UKI62sI!mth?B)hc9=BX5O>Gf3tkSzV%ph%_knR(i+UG-#Na&DaJz zou6>qyee^>W!xdAD;hSp(z4eyB-MQ$5&m1p0B|Zw0RThKrGd9JDE81O?C_L03+T8j z)PN?A4|6$wTuC2ltyuh^t&TN?TA8$X3AOWfD+|}7<8Y@(eO{uqP`(C+3zKN0K`1PE z@Vq2X`#$^Y=#tE~<39-R3q9mU$INa<=|g&IZ1KXQqsS4VS+0fBk}XAq{dz>!YDHs@eQDe%nwSD(r3^@JqwHahG~MXe+kbB#JtM9rcxJ+RDw5-JczuPd*xTqD6oA zen`o0&Z;+U!dq*FM??Q^Ci}N@;ep?a=Af;}YW1}gs2`*pmqgi@M#|l=0u_sfUYq0H z!lB_{;&|>kBxLeFA|(MrLDa_gQf${ zKof|ZGgzV!vQhZ**?!51(1EV|`)!XN&1CYLw%#eqOu>?oP)&!tqFE`X)?RBEEPmWi zoWQDoArb~tGB`fgSbP=7m-&lPKm_o6&2_O}tA7ugsE#t@&jtvaJ#na$o562sA7(U6 zZIdK^)5LC#+Qo0~1e#WudW@c=8y5q-B`$J;ALLe=C~bX{-m0MPqaU@H3@xgruCo1o z<89(7Py!~uoVSE*|Nn%Q@@1p(J zR>Y4qF>yVS`%5H#v7K|k3syxWN^$?(>laP=Kj2d8dI-N;|L*Rd{dH7|mw!^|A84(R zc2AE$pr)Elq@YnCk5=#Y;gd9UUl|##jiy;Ep~Ia^OPB9H_0O>&1CMMc4fltyV30Io zlpQo_$xlSY#F{21oF)z!D0flt8C{0H)nz>9AN{pdk%@X0b!`mT;R5AfUb~As+>%q0 z^TSA-nT_p^RMnr#-X;2iq)nsFVG+g-3=KVZ97d^qYEKUUK6FqyR;Hv8=Rw z3<@u(tQ^6@!op0Vx?&{%KOADT5sHm3*qG6d(O`-iPsP!?7iFFkDL=>K8`XC35L!{# zi2R!OGtN}YF86C3mCQrl<3E8Mm*fV@a%=)Si=1h~aKRdI7(dw!IA&kjd3>l}md1>sG#B=pzb4hG$?h zX2|F8Dg^?C1|bjalL#X>d-LW^xy3Mtp!eBPull0^?ocw`Za8CBdR5iv;nt+Z=H}*? z{HtE_$pV7~6IsQ7kgl&Ppz;|}!cOqS#_#XA3SjKn<+vbNS$gH!5%R;`Y)>6Ldedzdi84a-^{2Hq+wbB1~6zld*V|K`|eko2U&=!`qyy z6NJPaq$ZTQI6IFa{asjV6Wrn?AcnXfC+(_e{`8oU5yZ=+W zetBkaFxJI@P&{hz)MUo_b=K}AKD#DxXe1h$h_`3+=XATc2vR}k+;%?(muyhlYzdJP;jzBa1@ks%W@@cS+c&&?fy436RuxfB+`_t7 z+{v*wL|_a~SsXvBDt2$9p|R+BjYnIX7&}&Hzt|x~=02`?F~C_S4x>R_DC%s07tY% z%L=gPcOjyDH$)K7y(=UPIn z_E-AqA5|@w_8*?noF}Q_+Q+@sY+PJ|4ylt>yA^9> z#=11rOEs#kcZBMZYi~U5EDgLx|9m%I_!c9K%rWJ>he<+mxcY>}8Gj4k=ud`+6eC@v z;tB3ik0AC!3d5G6ZbRFhssXVh@<6s{Z0*=189(a=dPRuOOHh zJD9&xT|3g4d);`AL=`20yhDf~DaHGQ)Fj(Einyy;l=RKG^&?K-yNTszAK?#O+p!UO2OarKTP0F{gVoK^_ zD~KRUiTw=jie|OD^Q~6*jYwO*$|C`0)5D|r@YCEc2l(Y}S!|iE#wY$t4G+Inf25Nh z2t%C0Jt{s=!4{QktQ!!Al=Q0!(cJRTIdyBZ;smM2HA!gtlQ|*1{vzsnnc>=e*5oID zxG7yU5E0&$W?Lv?m`0IkJn};k6p-gE`W$3-uRV&o&-tEcv}r_0*hG%evq&=8r*fDb zSU%GCQ0M607Fti$@<)lc8Yc&(%v>MBF^(Y#y3I5T&0`~D(Kcpo&y;{#-D+0VCzzT# z*}(3c)lVqxEsU&kJ4$XZ! zwvTd&OS*Vphn4oLL_>phFb*#6PK1$JSANkKsdjd0Iq<;*TM51Xc4Z%#|sR7^CLoG`M|lrhG(S3}AFG z8Y8gKx3xav>cg~2Uwqlwy<}C@#r#n+`lzuBiikamhV*G{P1f{if2QO6>h>@a2et5< zlC`HVx2$nni$bgaqcP$Pv5p(N*HeQfBV%QU*wHdN6Ap(e>IZ9#S_qh`mzo~)Gs&b1 z=+8NWV~)!`kL`V=ZkK}Q-b(WFKe;m-`MrtU*5pX91`$>rn`Y8#8tykgilkFddfIfS z`ToiyO@1RZ(%^>?m^QV}Vj)?s$HmVY*i;jaEZ$$kRKg^X>s=IP^u5y@4z`5kZMI}u z;(LqHS72$bws}b|Q*Kk@^2?oSY*XB{ykF}(V#s30J{CW$r>Ae3`phVkII%+qbM#Cb zj#*Pz7ICx!9wE1NSy!D8IysGa4&6KN3e6v6 zVXiA;5|-r^VA{}Z4hO5+@Aa801Xo2aGL1*)l525jZ0Q7Z_rnXm1RG^`F*uW|Ol2;kqB8y| zcO@6gt>lw){qdQy}BGfB1U;^0Hrh zlsX$^bZCp5@g++BMO7d+;9u+dW=Z~YiwIQ|)OJQ9-dF&+p2($TRW`q>a`_QcseqI+ ze9v)Btt`rJR}i|^oYH|SvT4B{qVO=^Ligo>AKK(SCPIV-dlQNd-ME`ZpHxO?U+=*S z^-gm`+cytG4@W9``Gh-(xp|9~ z#0&|hzqD;SX$X!)OhOoW`P?&FP#fesFg1LV{^`_nSv_tnxA+-MMb!vx>shB_ro4;I zqme1=!~|_i&H1ADpI_PEy{t&hfz};){P!`*ZYXwIE7tp7^i@t}Wo6>cQ2k^6TVQ)q zQ(na+5?V1O6aKzmL67HB(2s6d9JnWR8r+Rb-J zjpx`<3g?pYNa0;YYyR{^I^H?s8unPkF<3Y6L|*Oxt*#T|k#r1JpZv%KH}Dyg)x&58 z%OXhf)t^?i-=XXUq#qNYp|B*Z|8f^saJQYdLaKi=Vq7T!@H6`(RqlccAqQ&k?vA1I#0*qFHBaE^cF3aWj4BaynkP02Dxq5r`_6}E56pH18!3X*Nt z^?;=$3SXDnc?uX;^*3Vs;`I!x$?`#1zJ{5Tlaqk>!R_MqW%i&5S1<+1MB96>_QKn? zlfgpBnaw`*CdL9j_z4_uoNw(Pgu$ntQBY7ge@7^R(pwo>u=US6@A)^p8`~FK+tH7o z4sB>UBMyeg{c#?df)*J$>12Q1_FA{S4Nj5sc;_CIts;OmaGZC{RHm{L`i92(4O$bz zL9RB%0FP%9bqevuMtgC@+82NF2lmtf<&W_GHA!!)a4&j(c;1ThPYRT52Cz*JFcdG+ z2wV|m!=Rj@p&Sr$0naRZb5p>L)+c`}v`e-8TrJ5E^sv`;16V zP8Qm|T@`O9t}VvG%9>YIbsSnNB>(6@+&C^KW@Kl+wTF*@NdgVF@2&RdNX zegTBnjkBK4osMSUyv$zbE#iX zc5bC`VM;`7E}su+E1vJu`m8lDo>-I1}m9z zQtVgeB6$E*mhIzj6(?*L>+1SbCX^2#)Y_PZ!RqB=}PL86H^WI(u7xboL|L8tVW=1%9ctLCxv)a?3-Z>Eq{c|EL)*bh}<- zjD5gOR(<_BN2Q;h9&XlKBrM2e$O2j9d>Q@1aJpgp^so^eh#r4_E;F^bilpEu5DtBH zeTOm;No%zbV$O2Fem&rNk^ODr@=+H?Jlw>Io%Cg{>T=`l%l z8=7)nAFquSJzl)dfc-j3CqHHju~c`i(okw2A2m@0V5@iLr(|uF2&1wH42&?d3!oji zH-D+!@0W4z=3hqY8-715_daehS_Olt&}+r)+T~(ln`332NVhqsC;n=x{6x8x_QF}7 zcKONXEbS}F!{n}ShnwTFG>ZuVdp2-EBOC5_v{P>?U(QnKm_8BdRIiOjf=ZWZH?8q})Lf&)0R(O_H{- z$Z@H|GKuq0a}2(f9xhC|UBgB*s~Vw?d%jljVJ|6icHmY^7Sq9y2*tMPc5iD$W}#Ge zL4gdJUHUD3PqT`$_1JhllHzlfzx9M`ATyGZ@OF1lqXg$wE+tsh=0xS>#I?xVSN)Ik{q;_mgehZ0dDDhq3gTzMHZytdbiNl}n>VA+y6KdWY9KDcpzOe&O}B)97OS@vf28I{_>62=@0qVkhy6 zq8!mEKYJLU8JPfdmcV@jqQ~5^2mtQ&Me61P1R2`{r0yx?K6xXzA2LCOv^VThg z!H*j4T8x=Ubgpg&?}AoYm~zfx?$x=vHA^>~gOs@PDyGc82I9awud%|!4VK#( zQ$mdfqZ;&&=7=}48B=$!{=}M5|A_!SABgol%c>@3#4Hu!z5c@)6OmI*n^6y;IO{pF zH=u#DriSi#Ob**0ry=1@1lX7%CIN zd1T3NcOt~}MHp=i9hM??LYzdru7Ze#RD;b>XDdkNi=T6*y5-T?pMwat912qVXuvt+j%&Hf#fPnZix3!$U8h*xNy4rA|p$I4F2 z5%WZnhz6@(m ziJbokA8l?|*(AI8DK5BTVE9W$p2H*IeHL{pXh%KutlwCbGe0yk3gb-%A1ZC01>)+`6kniei#%(k|Rvu#_}5r~r3`*f*u5-8)(O zIffCs?@DFl`96!%GyIrQ_45_pG4$o+E|UkRE3%UNJhl6!(Z}WZCE&)#wm?zq#+VB3%EAZjxCsIOov-|P^ z@Qr)dZl;h71voxlc3weYX0YuMf@f5ssp9;>vsY0210mig4`0UpxAIdZ58(5<`W3`4 zL;WTAy@Pbj^*!w+yo^UkaJ_(px%v86_o+}cAE)Kyu*$eU<^><`NFA{<9n&2x6hEt= zHvS`%B705b;5jk4*!hhK?0|tY9Br_~9D+XbPAuOaIJw}v;^#>>aqoWul zMXn0_O;1SrV6N^g)#7Sh!!)V=?Kt zFf0AZD89ZU#stt9rX_CtQcX4dVO4;k95jX;S$e_ioxXwC?48C%u=h>Ji2eBLbd#BY z8K3cUDypv~O~lcpNTR!({)1O97_wiAiw_Nsx~(lmQhs?&dhOmdvb8*h?mAAqPH3eE zV~zY+-?!_mEF48jWo58AVJMPIoIHWtXS84MpN=}u_;x6N+L!Xg+1og~i-qht_g1~y zy#TwIKefifq@zap(?K6fH8#Rft zc&d9z5SX(t`Y>VtvQGAEMUWyF$?P?$y~`+tr0)@O$fxpuFa6(7Ano4QafLmH7>K6$ zOCsV}4R7H)9$B2e`S~0c7B*!|A3wg&58nOzC|}%Fti*T_40)y$siq2=b5l$6!<^Uo z+#Y-wOAUI{)zj%%W@=25{XD_y2~IhX}vbOAL#5T=Y*MwB1?N6hI}0H5lOLi=COEwD!8 zGCgUHi~11(&d3hg{7QAM*q{wljvA4<>(TjXuyQqsjM=m9{wH3a9z^ zwb@LEK2!#|q^J1I2&lTgSJ|XpYfWB#{S-J`x?nzq#cpS?z z3emfTj;qG?NqrwA$480`(KEl>-Yx!o)(3Jwg^2gWRt>=Ad#T_k$UvMDk<*g!fRds= z+9}vk_I_7x$0U(F7vNV!p_L3P1#|9P*Mm?yh}7B2s4k8eBj>E^j~S38(yICOY&qa; zZQfR(&^Zo}iy3H6FTIAo#>QFDI@=b{tin)Z=mt!(J>#H+v;kTu8m6Cre>)q$ziDq{ z+ptkwG2%3=Yhm~;v}m%%WgPtGYvUy*;XS8YE)AXCB0fQ2eDwFBJZ+Qd(BZYls+niQlaLD2Qj~>2Rm37o!r=bDI0ZOm^q7{Z+ioY5W-5a3lm}O-%si7KZ zax|UpvW1y_<<=lLUs`%TUThpv2l~;8#Kf_TqCn4)^&VelC@Ffv5ol1Sy5LviG91}E9&a>`Q~)8v2h&%Wq9IP zn)C25)qdQ2BsuJhPE9odZU1|5B&gDmu)n4%Wl@j}u+|3NJwz$CTw#=|sNcNpF`j2r zQsA|j>ZfZbvgl5P5v<^~7R_VaL6{0(O0;oCS=1vAfACG4osJ=<+;SA)1B;2uEsfZ& zL|(~5s1)j=xO2)_gv_uA;zymHqZDMq`_v}UZ%sX4XYpk~F0H5#zT}D0Mh7SxZyXHA ziwA?DA0@<01Pr0!8{<_D@zXF;`^Bh1BS6@_Qv<@h{RRe|KE7n+`^Nas^1BX}-vcHU zNeO(7YR7CF_|81z20+W_l5@|dYO92K#9*(VYTph6LW9JKrn>re1*2SokxgyUgpEvZ zv$Xwe_3Fn&&lhKa3f2k^t@LqQPixm%yzRgm{=i45X$MpjUcJ(Q7AfjSj@^D}lV!{o zVEg2imJVQHW9Q}PceggLtbpo;8P21hX+2pQWI-f<-FCQA^vJETs^X$W&>PhVw2H%a z1#g!AZZezNFPgklTN4@G4quinygXa=&lmMaP7cUw7irp<-rpU*x5&xFbg#;jxlI^$ zLs~^88jS1c0xHEtPfb8kt}((R6o#3B9JF7JFTph$yt=J zdU~yEUrc-mHf#+$ed--V+Y-;FKef4gxX9@~!{jbLU4^D(@Vhlh7;fs+1L;(iZC`jARj z$K3QK#8<@i0{^AX(Y=(*F#nsfY{7QuAe9=q>bpUmmKkzzS?vYn;GGz?Nc0^UZHL4c z6A`;#Z8W}Hku$H>9nIg0!{1l^GlZ>;6y)k8(zWl~rrI7ki#2f92xUpg8TYNfc0uZU zs>sAG9%ql93@P!@f32CaNKCDKox&Og&Do)+WXn!!2KAr$SiV<*aq-5LJD)PbASx>U z`uG*S?5!a+>h|A6lZ0$4Vv3KVFVV@1Mn(J?rG3Tz%neb--dR0A*CWNcST$7*JEb6^ zYABbPDJIjBn6<8k{Hr*w-wr$gS9|5I_%_8xM54ZBGg&C?GyVH0dKm$Rf(O0+W0|?6 zK$mWazn_ZqHu(x;&dd!m(mY7I>ANT0C2X$c6>{n91pbMYa~VI#M*y>o*4m7vYKUWR zkI|eD9ln35lj{g8_4sx%zh*B3YUg8F0+TZFcOzR_k(d2mWY?1cg6oY` zrvCRoQr}YqU-{~+*7@wn?w0{= zqUy)8J}3*g?6~juNg|Pr^XyCFv8Ap=xqM@wRUM8PhHDxdXX@I1L1XBA9n}#lqv7FE zqw73seD1l~01RH1tzi`9_KVU;mzCAQ+F&{GYf%&~rI^2uEBWuu2gc*fnbqglFGRWD2zJVdIae3>TnPs=@%0g2+L_lpNdhj_gRGgoxsp~FwPB-{8 zQ1IC{e*XN~5)3FiCyyN+99*oRmjKSf^$In4T)_`KP(EfftIC!15Sk{2EcGo*bR5dk zSFf&f2Ip7KVfozpJ&p;v1t2^GptYgvLt>^^^l3~k!R$T~1hPJfMuNG+@`}1HWZA~X zN-?(s%#$MNUSq#o9Ki(Tn*ig1^zJ=67*G+~Mbn4nX)We4o#Y?Ib6X6#-lgkHcRUzW zKdmIP>csz`5j{4hWplr;zP9#}msmfT5?8m#VERN<)Yry8m$$eV6$*<5IQ^(#Sl`F1 z*?@q2`S&0p;1(1R#%sdVb(qvbuxjLVdW9exDmZi^L7q3-&6#aQkIlyW1#qOxk z<7>dZ&UxZ6UGEjCTO1}8&~_kw`&LzKyD|YqDHZ=+^Ct#k=~C8)qRO=)Z1nitvxFM@ zr3$PuXdK3~kN%Z)EP-0wUXIu0d(K2T4{9cF##JbAlwAc!h%2AIY>?FE_cQEE#i!++ za{W+|@sO9-WB5MijjC7lQNYQOu8#2ozQPkQ{x0i^bjHnJb2olRn^oBtBr%SZ6k|Np zD1caG6JIG#Y8zyApQF-yCPT!uf@lsRz#Pn+aj$YSBf4K@*zT2ER>u9_Ar|UJ{|HRs z8=ogHgNh#glb66akHWNt6QT%TggR~&Yzd1It;vF4zs1gUkX2K|PpxcWtITq=SjxF> zS?sjbJPu_hR^;`;Yop+j_wF&JSn&bhj&|k|QBBXV17V9%ua!nY5wv7!>Bnt~WY+j1 zK-xy!mXnwLS4;rknrtR?czoI9a|Pv(*ao?NsK2F}FcBDS@R08D!%=lvXrWQTp~AZd zEu8G+l^)EMx~HXM@c}Olq)Yd0X`rkw%z9!?Vj=?iIf3m5tia`dmH~~n{Njgpe_Hwi z!2Kh&2GxduxQ<@?W{j8@)Tx(%Y~g`#ZBzPOO2I<6@tyrTMqf&GiEvIHn=e&EBeoeP z=MOI!)C&Nb+tkBoGoTsf2zpm|K--H_qgw*(ZA`7Htn|4CKI{|_!k?RXlQ@z;>@>yKt~F>(Fv zhcK9_Nl~i>1ifCILgG;6B~G*c%zTWHMbY}K$BEVr=Knn}8$kOzVf9AL3sk6yWb2D5 zwFkWd{5Zd}cElFy8DeMPYYh+yqo3XtrPjunnTrK|$(aa9lF@2oKl`ujNkWM7#lKdR zIrK4g1Oo{EW)E;5&ddJtSFFo&Z2WP42mJ5m=HBtCU-}>NyYI`r@OVBQ+7^i%=lPBc z#y_l_%gE2W;7Ic8yIhw7t;B5QjG6VH8#Z<~gvu;)C^JZ4VC* zBawfy-WAXm4_pEqHs)joDEJK9Rr5kHMa8FJE52b>L{{ODLotzQ9$k=i)OF(rIFnMrZ zvjO*p!#6B0j<`8tpcd+5QQQ;|jj90BI%tM|>EdyBz%cL>Kbi4_@87-Pb0AURr{0u& z5DEc~;Ym0+BjbG_WwFoMn2460on4cVDUd3Vl8Kg<_6Aq#aj32f!s+nC#f7BaiwQ(~ z%_b6%7`Kn@Zj|(lRWuw}oi?J2JmsBqjP_ay7d8sKMX}q;d1(=tMs&Muf@z=fmEI42 zZ5GHDo<^muZ4IC;hkG{!c7ztk0sV(*jSk-U9+!(9t1T#(6dQQLi zTr_SWzSSLOHe5sr?f#^l`ka0Z41+9;WmVU5a46CB>KYU-(5V3vDlNe*$MSh_a7&rG-{nLSKN1oZsq? zS~$l*`8KyUeS%nBXJAv9L8hI(V!}X+$g+EaKQ1-ZCR}*e)F+4T_eh8ZYF}{QcVZpO z!WUJq>BZ+Vv@6LwMQI#KQ6@nav89Jli>1}pPN28hOceHQgOWIWgkrnyt3)Wttf7MU z(O0Th_S#~hZDs3Y7WqX(Log38^wWJ|_RkPvYD!;7Mq890Uyx)FqDtZlwsig*KExXt z2&zRd~qsBbjdy8$dm9Q7tC{{`X!P9q??zK(Y)1g;jMk>UI7^` zvxt{Vc{Hl6G&Vkls8LSubUg#&9?sU;wT9C^NxSXfrLQi(0?10@6;|hiuGi#M$c7<7 z!(hK z<;25uZ(qKgy4MFqL-C|1l*>K>!uBlvZLEUN(vK-_*;Xp|pYO@(p2Yvv<{M`~{Jg=T zAl-QvMNJLJ%&;YO-Q#H>7XBDt`5TM@Co+))l&WMte$oW~b8T&hei^KFkF-^aUopn$ z8gl7BBV6^z_(@5af9>C~7(#6Y@O%GrCZs*;UrFl)WcCh{7yk24{jY$EX!XkP)gKD> z=YL@k=KGe?N5r@Kt(gh(J^bAk(I0#T{=M|htve2JU;&t5M*Ij2gLn(aFZcFk8vXkC zHU^Xlt`f6{tJqwSUpLs+3uq&FUrIrF=eLG#_V|Ae;MkNDeRh|IUZyq9`WHq=&ivr( ztBXR`v>J($D5Oy)s#-NzP3>csvUxE#mm^VC54@ie=<9u+BV#F`MnzQCt~8S zE(Z^{Fs$R;^9gXUTUh0~{J~%|5Etl>*`55E3jga-_&!8B!{)!d|J68j`Dog>K_L6T zm;V3!1YTARJv&JpMSb3#WJXUt%)~%Mk?*DxjH2ofDKiXu#a+a*#;*Y+Gw1$O+-Li42IvCQn0_>OPSrh6uhw}vjKF&R?W7yTz1%k$NfDeZH z`whSV?DQ@m^DjqZkH)cUTTWIx)h8qScL3vFj8#8_1H<|Vm?NGGS^>kTM6AhpEPpz! zq>06#4j?r;%rdST4AMHwi~<8jb-mG=e= zg+|VdX56y>5EV-=mC)St_WoD-B)(_hJ-}<|DIcx^;rVC20eHg|>-jbRPkUb#RaF@l zf-p|rVgfiRFl_Ye-+mzO!Wq~Ag40up^L0^B_giSY;EkIN@ro#v{3wph9D zl3eN%+)8isCp=X=4}GMZlb!90*o(rVd{LjRA3Kb)43@x^9kqJsu`i02Xi6VYAmtiP zi(YeZaJ*l=;&q%|eQ#AdONVD!6qz?0GGfb27tLu8_V?r6rQ-!8%%JLEH2R|FAdJ>G znWCkaa$8+bZvn|~l+U!6dJ{ckpkuI5f74qhIO(s-LjlkXI0u5FC7ZVq)=AgPEZ2Ei z;ix&N(LL4F)aJNoXg$-oG0#7UiyXZVW*w}ZdS;b`^Puixzi|DkRVt;Ffw%_gx@tm@ z;7L{o2w-Rx6U{-@U^!4NV+=F_<1&`|tTI!)$q&(jg`WN$LONd+qE>Lq*x9IAp~Gr> zo>s9r$oQQ=rw+k=X63nibW?x}hp>D#f~0`zY1Isl$s6+>kC|_5QeT_DQ~I|qx48HQ z4FqF6`^sURXNv+=Ov%d0X+=rRy z4rZo)9B&Ud&~iTW$kJb_VxqI551Xn45Ta%u*#ig3ukgmmq%p&L&h@=BF&P#{ZHCE& zonF-&>0seKDoA$7@5Qfh#7rBX=nN?p^Ayv-$)~1e^bJL90@RgD@Cnd9HiB9PWWS5# zeh{Za8fHYjxGE7$k;wII(UpBn=kdZuYQ1yS`&8Y zjeYTedJ9=fRQAyVCVlh=C4_t97#qKAQY#KwAUb6ir|k}1kj1LLgw|!FO|GP%^eWiM zNX+J^DwpUO*j_+;SlE78o{d_j50d8vo9Bd7c}ilD@nHdR!Hd1VRnihWG0L~wPJ2`g z<(iTbc3-NH@uwyD?M@;GX(I1pVyf9$yG%KTy?>JlA?e>PrGtGWb>pmKdRHx zFg(naBjo`M!qsOWVx!X46NkTL0L0hLPlVw-i0@JeXWxCN09brf3is>3rV&wrg-7QV64Eet+_>>#(!#!Xtzezg$fF=kri0uoc|lXyVbw z{yfR=#}Q7JKzx5k=JQwE-U`I{%x@?{v}`*)3)ae}@K~Sy;v>LxpPT2Aekkl7`XNCy z;<*PK{o07=$sTj47fog7uN{OSwro|aB&KM6CRswOPY>#x$XuyzZbPN^hl7_X+C$t& zy}N}(r^|OIytC$xR2AhS{n~sJT~QAA4>TiWUc(MrDYU!u%s0Q-3okf$Kg^nNPkTEf z`ET|LiIPJImsPBt(_`fHQG*3_*c(^=Z%S@O$! z?}SM1{#i*lc!HK)uHX*{wfJe{=&G~ z5)?|{%`15gNk2$VrK_F0?HkUOzbdAHsX%rzt>&=xv2RY6PRbgKUu)1e;PF{+NPr}n z>(8@3W$#qUpw{3APYt+>PKuVKBtbYcf9_VJZ%9Ya#K2+b0@}syfOtkttI`7r1QXIg z@IQ~Uvy<$b*L=S5|9?Ndo(FMtnMysTf`*GaB^}Rop>cBS*etkjCOB^Ku-?C(|4G)&Za*<-DR8FgICE^AZ1TC z1CP4Fa=9s6>*Py>+1lCp#34g5i6zPHpwjsgx+$BfkRVt4_|>mwV1DPblZ0q`Rti$N zg9HzQSn|NUcHM!v=7L15dOi!*0CvM;;MHWI5pjMAWa}m#0$B|Vb=)v5r^5J zoMq)af$c=Kqr<}Y=RqSy4*uq_B6Xk{&HIp8Z4IrKjalIe7=gep<95QE^i--I6%CEZ zwUOEJhf`v`rfN^S$QX#%mP!hNj4cg>{BhXA;nL$&@ytAsQ1l##=VpU3x5)*cJMOR0 z=;xowaJ=m;vHl^URc06SQ{`}P&+d|#RNx6KS69ETS6Y3E%h)?G54^C07BdeNVJuJP zi$q2~6}_=!-_hPiU@LfANYiZ1!PwJH{h>Qvd``#%xlm7B%!e%Z?Z2cADMZoA$9+P^ z=IvOGv#Jg8XRRDYL~^?vn=}M`bcW!NE+oNjtzQ|WbensA^2Q)&h3>D4N$POGT)JQ> zstFvWCOzK+K>ESn6^&$0!fR(zY4+T1&!B4~4Bn3{)&I!tw61PHsGa|;`3J2#n>Viz z2X~KhLS~ZdsCjQGJ(N~#XyEK*L|@ibq&D7uP>aoaMyw}<67yZk0F0R{auSrYL|D)M zY5_B^Uk;X4gRuPK2gjq{0~42n&B@Kl&c7#07ztJBh)>GVBR}p=^BTR*>$>93Il7<| z38@@L?j8(ddE#k$u;<}1`RDv@*K^018srsi?vrP-QZlCu@wtiTIw?Jfct0CBzEn~w?oXheLVZX4`aQ9t zV<*4=rYSI(LFdNxQwvT=oc5v(f|5&;5Q3+Ry;;DM-D;{!9I&L86Q$?ef=B?l*i&E^ zmtno&G<<#J8B$a<>uQ+rJ?(N&<0rFDX*hU|BZzn>dTqTuxDa$TjWX6}Xrw&dJ;72f zx{#U3FUK6gy{5Vz(nFAnY&}g25FO7&WAmGO3OcP+d~Hd!<8mG#A34=WEHX8m(f;x zemVz~P0m%W#M2Jjg@!;Vs!Mmhh>By0n%!s=GRFq0@5HjqP_apH3gH=V?3V@^2kD?5 zPAW_7GV_>t*OO(NrUXbdiu8)D4rmSoPJcN|?+{<0uG^1&Hn$1q-FQ5UkI3{O1St~o6|Dti^-2Eco+ffP^Bqnw{A#>|aYkhA+Ut3Q z6QEw`$I;7+%!Vn}#~k22+HJv9Av<&H^mZtzvX6O%a3}BekA?P_R}usT)hjZ^Q>Q<$ zgg7?4h~5Q02mKz5Mu$Mxl@61}{%q9_C^qJ8I}Y(%C^h+(FNhC+akEqQ*15UyoW>V- zG(rPID@5d8=pB}_@D9=IZG`8zUCbt>U_bdEt&;tYjEpN=nz0p1a{7-7gMm z^0vrW(Ko=!_PLVa?yuv!vM`~OEh<&Tnpe>m{s&W1%$l1M>HB1CcAqMJ-7Wh%A}%+HY*5|NYWFLx+qyKv#ni}b#1yKRSxw5HW{Z`eNb z^iIWC2|p=wjF4Nc+}Q(ddopDx zMLR)>9R;UaJu^dTONq#l*v&bMvA`PQMdKB(N*4T1Tp?Ix0wu||J!j^&76+$fq?Z&yQ9wA|==PT;6Ri!rym~lsN!dtNeX>}ArJ9AF{m0)jo~@9X zy-iu{hm-fhl?McEB=|*e;_qR)UWbsv+#ps45p4$@Hirq$UWT@$(%#(0LmB15h2APF z2#;C{#?Q7OrJ~jKFmHtys@2Vqk6A0k0^9I32bqClO9sxma8_o$i}g!;EV^@wzunGP zS@*kmRVQr=qd3XK<4yy*hsn{@OY)^C51~h5lFA&*7B;YJ#>sT9uFT@sUCN#iEM2|I((l+;hQKbSpt}& zH{nTPl7!t9jV;r+lMsU@#ROXeqJENeh_M9zD_BM&pb(aR#GRSz?vDHRk#a7A<$cc^ zqxK90(grUx)1OBWiAYznWHwyK*uhW)#E02qhXf_na>N|wuM=k`h8-Lo93XSOd~O!D zWO5b2(2Z2Ss_GN`rOUMRItO$J`g1EH8g??G^%kuIqH{w__k*Xe8(Rxs`|jSyIvo5F zvXTWax4Y0G9u&iGh%O>S{jltBY%a~D#OS*!F`)8H*oyHvC}8x&b?J3Dwl72+Qsnm>*!GwEn#{X8I|VDZe=@q@oWc&rnNNQ1 zi0IjN?nSB5H;l9eb!!;J&k@a4IQjzl- zGDe1kDd7tI(k+~c#E+#LKP@#I`b2_QaT-@{VyWk&_h=|rQ}JMPY|{wiM8NIB+2Le4 zb3UC=pKT0`2xO|PtPG8cBMfJq;EK|Fm)&2Wt21#qbh=GO{MfAmdVbcD)TS!r#xV1E zpmMg*?KqeIVuz8Xu(MC;$@TlD{sw2J6k1`MrEP$eA)i1i;JAlPs{Rbvd>#jYEapMX z8X6O0n&AL4u4PBdt*j8dOIHV5M~su0d7(uH$LQ<^DGqMi{j77KeN-rDY2&K^zdF#y z#hcuh0me;Hb)D@HsUFZw)`&sht-sk>vIg8sRF}{xzdWPKT{1xN~+}zWt zgrf9aEBg!e^{w^zaF6-CG*@VNT9%l6)-SGHS=pmXb;gL$7K97(y;Ng|Dx#Puwfcs_tAvMn*>N z;xoyUSiXSexSm%MaXb5-ZU6u+@I#FnF^$^c9|#o{70J2JT9P?!KU4Lo9WvD?7Q-av zRqNzml?xM>v?#IE*3bX3ARi|#>B=$O{o;WN%*JLV8fx}{*TxRC3-T?<9VxSq<8cF+ zb&d{l_A~yen~9EnY$P&)PPsXL{uOn3erg3hrZpWc$zGeN8Po6bXMr}?3GI0!ztE<= zi7Ql8-E-ah*C5)YB3HG33p2W43Uc2VA}y{^!b9*Lo)C^eYYf{oXoGv|Q;fS3q0$Ro zajalC-lIZ$wFdd!g-+mCVxvo$!8pBeAf3kQ5}#dRtqjj)WK5&q*m5DyLJQ<}Ilb?; zVuo~W2wYfb(_y09$wbm((w5xDR56lEn(oT5{Fw%ki}Hj&auDYDN2WBd4PJZ#&Pi~UZKTUnREiL{n^-FqbE`=g{b~&NiINC z$6m}Z0_J7icDwKl1h{z_3o*<{srJ6mrMz z@t5-KOAi$)<^s8w!=Kzl8fl4uBU#z!VGg8x1nQ>Q-}C||!1ha_hc9i-*C9BOA!ie~ z*}xAK;>+UBc~@by+aQR;JCB_&_r5!ymW8d#p2fryZa{Ilj+)zcnJb1$89lQ1OtLSL z;WrMbB)xW*>^Kun@MT+@n;(&RIB>q`W3yw3isJw$d;3)b!Qr@5(B9_cB-+}JnAgJu zbV6oB!;{whX43JLh&I6+6Zq7fUhmx=ZmC?bJD)-CU}Z-E=&fTf+Xw1u#5Yqwp2TaG zPCCWd`;gD$$uIhT$zL=sbO{|+*Tuu%LYA_&{&wjyg`rE5Dk5wNdtR(1$;9yxT~}@* z%bKbfRbcCx%dbyWFLWh2OUS;6cem(-0Tb-Z$fTB*J^D1gaQqM?bcQp>l}9h8JO_a>Eh@u`-s=oO)8HL2qt%D`1f0T9 z{ou{X%=s0IV5^F4WUX5B%DwfWp>grH1cP}az%UgP9ru`;ZrJJ>btPK7`7kIU{>dr-yX{&TU1osZt@9P_N2Bt4P(_FV7jd36GBY66d0;-TOZOfad5~rEl0tL z6g?9Wdu}P7yZ>F|QqiRvg!Hc%W5<|35^;zQ7b-r9Tfm?L0TLCEie6y}Nl}hy=+t+Nc4#ONdzzCjH@id( zm#m==^*3=cASb;#G^-XqoZh)QQw_Xtc0d+Ltf|FQpF1JI!pDZhZ(9X&d1$|wcw5NX z-L3q9RJ^D0n3$pxW0Gn=WWtom?z3V=5vZm9#8`rLe6i{XOK_X=IZPDne`eiTm5^*r;(N;pbsX;K33>$Y6N|fe#t>Cb;_)Fe zT2roizvH6*cwtu&7cGry?lc7WORC3zV`r*|*480BcM&#{TYA%F(`6SGQs5<-M0^%{ zsvQH!a$A@g@9wi~-gkUSb}!zs&M!Pr1@JwwLXVamsF3Jl zS)aoYf`*2m?=mPGe93bCk2$~k5yYF+0$GqxWLd!zw~^w(Z_5^(f{-U7-4m#|VYGVb zNgqbqDZc;O7*8xy$h2EoFF1vYbxh$t2$4d|FCd+5taVJ7B%A@+r+3JC%n_1%UmfHv zUbR7qnZQ@w483+3o9K@k+p1i2jw6veR?r<)^Hr;z@mXyLL*m~XTK*u>v9t1Lr>#F2q>&-3>~xQ6dhv9FJ{ulco z*z#pUwhiD#E}lW?SH_fVRx)I@w6xICKUmplYscOn)@Nwkg*5L9>EHinho{lUIw zTFFz(dsCi>WYcuH7dl$nH`hGtkgTJ80x(S^MLj%A+Ykh2T&r}JDvOreJU5Xp`% zg_{jb5p!kX+iRY}X9KtjUlrNyLM8NcV+hB~^jA{l*u-!N&o}X}%#4G^Cqp zzuesN5c z5dLJ(XRHm>V6~_EV_v|?DFcMy@Te`llGVnb`ZtAN`39Evy{|2K%L5?#+&>p){;Ty%9Z;nCf0{p*BM1ap7~k?zA+L%ddyD#fb@k(g=4lm&^~%cLRDE_Hv-e{;OuY1M zP@wUqfq+`X9yF1vkc(jxruA-Vy@9<~)e4+$A!$a=1 z9iRH|BP8-~dvkPa$1iuk?0l@#XF3$%Q472;NE(7P@*=nVo$!&Kv`e?K*u5dz;?*9(~NHUzzi< zy>T2}VR>t#JChI>T2&!kWsSpdp^A&-eO^9am zch)D;t|Dat_xq%M;>RW`A04RM9n6)|qK=f*iV<^WGp4evGI({GQt3Qdi)eD)@om}L zI5N;Gd+R@b>2I6nn#x<`wt3g#vas#-L;$AE+54E=_r_IzJ=dD+Z<)BHuG>v$umK4c z4q#%cA&7GNHUP2S5@!`iNUF6wRG5^fT`FT^Ydeo3RG~atV)|+)JTkIX=<+yGE@6da z`l>D^4WJ8Jt8z=29GSpId7VqcH(tvLP~oh2)j62{;ltpfBDS90>VwhMg|pZ%R+F_h zJ>seDt}b=&w+)E6HspJ3Z%!RWCDJ_+>5Ypo?;`NJ={0yAAHS6{b9*~OFk-BP;jj24J7$bd@5n>-`MI?;m_}$vI!_`eGEW10+67LMj65lIF?Rh?1f$CJ z^r-Vk38nm>953u&3Oji%XsX?Vk@&aEa?*8ym|46b+!fgU!*_OZJnLz9J6$jd864=n6wiOG^l-!U0{F zbke?lRVt`lAilgXE2z}AvlDOAFE;v2G*Wq>J?R?eOMY{tN)Qe%Hb>KF(hXXuzb?eV zGI-bdxVY1`O-p;zUiLvV&D~tjOib69Qik?MZEat775v!Q;fsofla%BmJKt{F86+oY zb$C@JRUGMHv#XogwxvwkvD8FlTpsCUc_tj$KFOpD<%%?O>mLdz2&l=CD!6z_uDU>| zI@lVuTh{E-X;;i1A3`ACp)(&tF`uI&GgqRq-~J@db?N(ic_5==>8#g>_;1fnhDv-U zZUH${aue0n&)K29DdM&xHDg2i(AgMc*Lg%fr!T0(5&_YVOu zh?#nt>2bdGv0SRgQLr4Sj4|hRXY=eAJ7n*tT$e!!fB&+<0>xkM^D_o^a{qfmC65)n z=8iUwM)F}d>WsdU^=Fgh@k{Ww#z!m_lddk`F5i>V^duWzPW(tY#v*5kIGoU9AQ{?- zn3pY!bv`{L-Cx9V`9j4RYowq}wQFSgsIc68+|1SLS#eV@}BtH-kI0}429B(rEwZS;8ua=|KYH~tuzc=KrJny=!7e3cAs((fj(0L$X zOQ=D#hvjZ4tT$+68QAC00@*Ajb#xB15aYol=hD4?@fDPWWWyqM``ifj#+qWR(&mW7PP_u!&P|Hhgq{c!(xNJwc*gI=oRYYXKHt2U}Hw4m~nRsKsb{%O~)81|+XlIq3oFHajt-haIIWYToN zliBHpisAQ~?FVC2Q|IW)srQ&ZuR)HdEv79Di%BZnR?P18y4;VNr;V;yHJ!Rf;kz6XlDF9{?$~1{6+a#zmyEICO=o)UZgUoGWnG?_rTUU;aS`3v z@0l?>rd;{@sB3rLD^r-D{-k!49o|z(UhNW-2cU*JJ%C(jqC_N9e|Z$E#%l-^U{QfG zLAHh#&|zYpeE(?Tu$EBM$-coEh|pIe-wtS#9{pmzY|Ju@O7c$IRiScEk$qi(qIHrj z+uJE&LA@EegtwuKS9YG-$ z*@OfyFZ}mb)^ads$ipcrMS`taiwlQ7VV9hAuK2Jngl;48VJa(YcxdR4oz`M~ZZnCM z7WTp*n~YcUG5gfT@ypuwD``nM@vj$ON8gPnO3J@m)A22G$Vu3?$N1~n&X*ROeYgDx zs6G4K=ct7?sJheK{viuHGebbWW@1k`eXavmAb}DMQhgagLq$~4&(+#jT9Tp zO88h2M=A7OwTMda-mp(oB%d6Oe>QdiTKUDoi47$z@kWB0!nk^q>F?qhpFpZ&>^X0v zEcvhDWD%Feh7eeXW4Jd)YLI24Hp~St>I353)ZH!1>YjK?S$WykeIf$IU4~@c^u;Zi}C!y7T zBkVD(ZT3^d)K0i5mI!Hj@#&{?x>u0>T2za(I{lW%A|U$$+s(l&GV z!wK^Oi$2J%%+idg7PLuGTkts{si|kz9qw6lDqVyTep=^WMeZs z&2&T}%T+D8iq9i$&8FW<10BswZ)E|g@G+0`R@N@Xk6Cr-L0a<5jOTni#cv0smdf__ z_OiN2dr%&|saJ_fYmi+cj;PpYjq_vZ+Mw9GF+}qv&zU$wL&0G2?!T2Qm5NSf2`?)wHNxVtSJQCUb zI+iAD+0B0IK##BHRPGq`D*mgr{Pv8Z?%&Db{~}~ynLu+7c$r>1B>aECFbIVa@Gg-5 z9dJ{aUK!yG#w^r--;15R#r2yaxcN((3Ya(!T@i6nq;cbCA1oJL?BK^!PQP9!upx%( zfFQl{lrG&2^1>}U&G_fxqsDM#TjD~!6^XxD9Ogiy{#LrEk~{&hkCc(dI-ZH?0H<t5u|mv!lvuK5R`bRaB0(M*Io>Ax76f!VZ0x7eJ%f~99!J#A@&u>5Rmt)ASvr;~*- zW8cv-!!t(2)#OKeqHFhWt{l=`X|1X=O zzEqT9&qj1i$~{!c5+tSn>z*F)eJRUdvHtZ4h&W*R{%D}0Ve-=CFdvyNK%|HKb%WXm!uI8fK4DP*HsO5A^g@o7l~R3(1cG3Pip_-!}fauvuQ2wRW6eX}&PG0k8I{F76-T8p|$9vTMhES~4bbmZ2+j>M_T6%V?(sn^CpDt9-lrdlz}6;h-Lpl2v*t zY#iPB^c>F#8x@>;9As~Kbvo?LMM8M_ff3c;!h-M$`p?tzIH*bqKhf1&{H7UNsc_;; zXo#0yq`r8ow8-;*(C^JEY>&=8+3&2SN%zQ*4`IB~U&!kS>F9;uWahIwUT|>e71ClN zY5`P#7G}#6ZU|0qsWHv!7BF29#Y`0@j1dDyL8GNP(kzm_58YFtQLWbZF4|ETJ_0S}|9VqWHBraj!TX z`@X#V9|l!*#_qA(*T(qAG{Yv>=4pTqdlq6DFp^W47#`q`3Md(*0V?cWlz5{69^3u? z2$er)cq>o%{$#N;snbDWeVNbQ;;K5z1Guy2F^z(EH zJvCSe(F9#8`OmAj6xo~Xg+FunhEe`@M#19<)~-oA199W97|+sK7CrjmWi+dz(+0xb z&s8&m6w~rEAO0*Fb&~t(Ink?*nRc>Q*{`1__X2AkL7V0tjkM?WXn{gp7V~T_V6{Fv zS4`rMWmqFXJu3)ErNQTC3SKR1M` zQf%=(?j+Wj>E`YddxyxtB~tqwLS0~Q}H<&^7N4O6*k0^)2Wb;lwpx|e)^?s$MO?;_;=y0Co=F)@d2VD1^B zDEJal@%Q?+2pcG-q6R33uho0TKd4nOFvt-7{t|qgtk%r{bajeaFQ!~e=g(9ShAY1% z$~rdqs~$^(vEcj`qdCcw{olK6>jRv=c;b=-@ifQ{pJshfi6koYHXrp_Xk7T{?>+xs zm}2j==azg58fpbt@dCuUb!^mgVcHkpQYW)$t{zf&9#ORJl0lPLk}9|#Tp|q0)J(TDA157T?%Pls%PUM4A6jO)h!CwDMr|KuE%ZfH`lj*2d=4K1^=dV zfO#G~zy>+pGPk8(Z&$$S-zVFA5qpEpo}l#?Wf%2>0U&=JHDWb0p!nA>((V83li!}> z8TbwZb%?Uof7kuDF8}R=|IWvM_TWD|2_o44*)MEe!mBL=m3js{F2aF7(&7qY1)?uJ F{~xU-5DowU literal 316225 zcmeFZcUV););0_Xf}kQQMG0L+K?p_Z1VoAgQbc-*fJi6wUPM7aN<_Mp2uLyX8bS#I zLJ$N53@!BDdngIz-JbHC^F7ylUVqQO-}S^RSBBYp&Fnq1X4bv#wZ;f74V4SD*J;Vf z$Syp7r1+GKjE<9x>?|eCS)it*8jd6*qy1w0@S)b@hYvZmTwyP59jwU69z`T1QESBw zGhsLObHYLrFG+=re@2l#Rj|q2f5~%$T;ZJXrDv-h)3n7@j0{?ori|Lo0bIWmXWdOrW*EzJ*{b;+*^6^-t+6NL zy9XhPQcg6_UtQOt`uO!jOBaK1OUoN_3(=X0wPRVbCox`kd8JDUCV2u+V|M8OtE1CCf?%ndg$l1?(gBWAG^%IPg^|xTo{P?IpODNDmOe{;fleR zyb?%FO=V)^#7kRO2V&k!7NlGO7er(Cx6->JV&@`V8?5XjL|Uv4kJN(pqv0I3E*y<t;_MW=eW*QQW()QKD?P4`E<4PgoiCZ zSrjk*-Ha@+IdaOshHU(NQq%oS?HUFQ&BQCe=XZ`Svp*z{ z2fcgS_s}qlahr0E@iyFy``-2f?8+^fRG(s^hEWVuIJvDEi~3;QxihQZsoyT%;nmsr zl=C*r9U(?0zFGcwzO-jGIYL>FwC?G>xZ`?N|Bl}64DD52kWSX^VZP8iR(BkqN@ck} zSwf3w3>ysVr{tM@s)rta*e0V=68=+4)y-SDme5 zuj*NL_ka@46C9VHEW_{rygq-O;kw$rJv);Dmfp{HwYIMJBkyV2Kz_ci`T_NOhgkK0hd;ZPUH*9Ae&t|`^earQh|NP2%4i<(e7G+!I zx+tkA2umsp_8LscNhHuI>t(apckwTxJ}*?o2=`1Kj4XWz&)c^Nbqe7vJ@FthuX~!J zB|?o>4@eHet7Y{@<&Bs#VRVxkjl8I!mixc%F!m>rlG60 zg_s(h{Uo=GJTD%oQ&uy^I(k6|dx}U_>6_*R7+2B_`!&%Uggy-=Q*1V>;*A;CTdj3SFT_#{6qH8>!Gv{Q=8>kq#gW*W}M?T zTc;Y8pYt^H@Ns7-jVKp~uZCwS3cQoLOn{6?`>O4>u=KM$RyQtGSUnmV8KQTAxZHH< z^Ikbf*b={d?=t1Nu85j%L*L#+Snl{Qtfh%dOt=J29r@9zGu<_HcFb&R{t;@;eCO`; zU8$6i$M4jnKJ12GY5Ou2b+aOlKTZXGcU^E@ErS_G4NKnW22auF)a1o~meKUk9LtbO zn@`dED8~K#TnAN2|CzpmKDiemR-lgL_NY#W_GaswR_P3UbfO_^!&1X)6?KYCSqic4 zWh>L^kt(eZrr$_vb-zxVH{t7J8H-O=4Sc`5;4`Z`8(?y|Zg%!*PEK=URC=g7aSS7_SX_yJw+%UH?hql>qDgQF^-9y}l)7T(NO!-WXwal29o=0s?%uMbJo5ybniu4DwC0|tV?86VVBCc= zbwas!tw{~84F_z+^rZ894ST_ML-yRqBGH3`(vA8f*cHD(xt)_0Y9IPGj$)q>pJ%%U zTP{miig@ogrXG)TdVI)O+h1xtytlm6LcadBQ_l6|K*V4(>Zs8Dkyrj6dTeLFym1N- zo^N3BzvC+jd3uo7he#+6Zs0i8 z+SNXunbM5XWJAnA=%c}huSrk$aI5y6s82BXt@2y96hXq)NJe?Ci+P{PHs>#q%~F!x zM#Y|(kGspsTK(J=|9Um}^jp8|e!L{P7W{miBf|;>8J0oZ?2Qc%Wcad@ANkO@*}Q1O z#xn%O)?hZ$3PHL-$iLZR)8SAXc3Qk16!ZKkj{L~&h*^LAY{4YW5P)LI60Hm#zkKq9 zj1MT&kWrCeCOZR^$bo-kcg) zaeeVp>ZzjgKg5B*WVvnJ-JPYtU@tE(K`&83n5#8dSW;3FEF=OJ5fK3H5ODKxayR!D zaB}1Mdn5mBN72g7($&`4-4^D=`MX_n3z&zyEI0S>j{fWO_vf_ow*6O6PHz8rE#L*g zzpsFW1%<%>H!*kHm;XWR_m#hk{q4Q}-kr?v#-w!JtXv<$938Ek+#&xOahbpM^#8f| zujl-`pq8z-m4ktzEgi;ff@Gmil@V$Fr;eUwzd;NcxG5ilQ|6c#!Wi(xFfpIkd z{dkan_VMp^|F~ZU{96J3O(FiSZGWo;)D1!_1O6}7h0r40O5MrG&o!QTgw;PScIMnz06pk6!|{&Y;d`_&grz8)JWVjHT4)kBG=tCF3Ky2XnvQW7faq+ z2meTHQ7E5dFqWxPy>sU+n>2fgMNNXeX=AcpN;u)_t9T|y1(`Himcr7eJ?4KXK`F&_Nq#-KMg40H{qKtUyS4cL=hhd@$Og83@E6VKk2hZjitv58Pg487z74Ll zXl+*f$S&(2FK8lx7;o?sr}z7;M&ZU&>bW+u+|WDGC{|>IOCs*<__78biZleueta7S z%~gT3=Oi7Xm0ytshh8!m7(^}4C^*=Z!7PW%tpvgjwq~X$4OeIEBdodqig5~lOsQ97 zln}!qcVd|D`ayTzU5`?%=j4Qxw)aJpqJlAezcnUZx?s{pCPTyTnCQW%hzVHHyLhWH zqZ^rcQ~uT0N=nQ!nd>=%29tuOPDEvAQdOvY$etL2py zwXKi!L8pSzF&JB)gwd~GiIuPkOy$e2kGp$o_}$5-H}1#8Xz+aHP}@!`r$h1|QHg<2 zFpb{HLBA%Q-d4?6%rRl&q-gAJ|GB&Q^3P5o&YRCiYCTrc9QJ{+UFw+Y6xdO7D<@CC z#JQigH4`R-@xrmJkhGyeg4n9}0c&G*d9<5iu$`rT>!qdsyso&$gPmj2eokg) z<~<>ypRS{*ZJeTYPlkPz+f3VqC2-JTXNZ-!(`fQQk#SOYn&AQeG85kWx)$B;WF8{W zp}u4}^=PL@u0LJcYb8$R)*qqPycQ=Phsxwr9(hjP!|WE781=&p@BMYt>+I~s?L-oZ z*A(*lN2-{kDl^#R5j_Xwn>wI5l8gs-kfxQUQJPidWG`oDOOI)@I!{xhDkN9{it(p# zN-Kmm_@-yb1(_w}z&GvB-54aLmiC=T+}mfK!IzppB#@Unjg3_L5|(=uK5#(%+ZjDo z`a6?aeEjMAXRz>scXh%c^CvGQ3aOw1#SYRR0QBFS8XPCxFp(91p3jWUi# zsq>d8`2;Th%xqiH$!$Fb^q?PCpufW$5=)%*3927z6Wx#=tqeZ+fI|wjmHHL9d;}E# z|E<`GSziYn@lQ`js?=N-+tis>8cr3m%4g?de%esVdaaM9=oOntelbk*pP2ZLgia|9- zZ=>$xq@3HW&Ex$E&1(>+s%$NI6rS4! zx971*y54iVPON`5ehgy41Rne1f4Vg6)7(-i7I2F7!q<7hMn1H(6PTuE8D;tVLg^L? z(hLJKumEI9j*uUuey>I*&PTg3R3^JN5yYu4XQoZ{fhRugR4&ZjxIe+8Q$#!TU~{U) zb^;Tin==ATpe|#0w(GV56kTCkxhUtP{axbqHwNzU#-JeGbo8!%wP{-)l2op)si`?q zVXZmd!-hNHjyjs}GUl4qv#Cg{_S;{-XXxxzz7Djg-_TZ+7~w-V2IxPN@2MmF4--ps z$-p}p_=Ha63tTpMK~dC<)!sVjNZ=Pe$vL3mLG&cVWKVAepP|0>OflxuPOSUAbXgLK zJ5C5hK?x|uc8pT`=e*A-{W|982J~F^f?xN^_YczW`l~CPdXE( zha}wQ)!!`-t&MO5rDvZQUlr&SoorSH zimr(H$?4yX>1cHu1~&Vo?voQgsgEt)#&&potf;;Av#qI?fzYc9uIGu|@}K;uYDHd| zyslmuEGglmQyCIfsAZTI*x|k{#k6di$bEEpbhvYMZh@yJHM{K#%1epyvMI{RG;q|I zjl5T-kYlBlxK*E*mnZe0#IPSBXj1btUktQkTxHN$nXLl<49x32;yWJ%9Gr8&>Af|r z^bT3OG2T#=2wy8Us^V*f>=6jMriqS;!fgj_NI68ienndGUfC|RZ8GpBMMDF>ak2Nt z`0?WwtW^#)@URN0(co&eTTzHiG?@>G_^lpb^XIAm=5zdK2Y%j|6B)z-aedMJGD~&K zBn-a78jkVX_RRidWh?wP{{v|Fo}&xR`NTn9YkCg3zv9LGd;Xqv!ye?bG(*ZOE5<4O92^A--?W!%)WKY1Gz=>F`}19?hl<3z4L&=$ zQYixq*zXXEtTSiM=;llZ2NQG;P#EZM0j^v*SuyVxlbrJH&G}wK9OT zr<^cz*{*n>ZKlp+#nU4T{@y)p)zYswtAvr?cl&^d+*%v1kXACN{Q>U$hEXAtz8iRQ znDiSqD7T}R+k;--DD^+|eqTTSp#EigbrLviC(FecROuyK~HuW&#y|e5+ z6KKhacmL1at0+2V!OwnP8w1w&*|C0H)dbUvTuDrpXuz%}==1lFqL>XDUOpktr&>l+ zIgQuE7Ms=$c#jv+0~=wy#e^DQAICpu9+sP+0g&zbFJ4C{5tOCuE)Nea0Yv3JC+R*@_ z=hY=l*GzLF=@ty!vf<@xa1OcIOWSC>yE&)j$1sfK2n`3ezNWQaMDBHW(2)zq#Y)kz zF)9awA=a}@B=GC^?<|1(P!k#LxMV+8JQzPz>!C)NyQx9eirlS>-)KCXPel^lcOW5i z4SxFt-?g~|dNO1WttsCkmxszudz%F)MqTP+YduGRJN@x5oBVbPIj^d<07A9Bosdr;OO)fh`} z8ymNg8eynz+{0PGZnZ`(;4l+i&|D@R&N>P7pP`c!vqa#LqVJx=JlAXnXwu=LzbA%p zXeiQFd7l{^^+S19mzxY3z(%3{y=I&{T+*-|lDKi>ml-iCD?Pgeidqw`X2cgZ@>;NJ z|Ip$2`Q_`+pITV*+5B53^c-Hb(V=F7&26!g(R+dm2O)52z{cEqWuj2c;2U+xhVlx} zB~T9!*|i-WN}u^38@MLzTx`8w5pH*pMk|GC;=5EV0&2lLlZuUI3HdH?6(rDFP<-+kwj5cXkaRPA(q5Qbeu$ye0w$X{_6J zS@e@v#~TU&bI~?Bs=3?nYot3}`nvfbafrwNI`F(l^{|O?Vqx11jh)JK38$@EQ?zT9 zFWYrGe_tVqnkAjkm3hf4h>|Wj?MoIdwI#OOBz$`y zK2qft>`tXzce)y!L$+J;n-%)e+DwkntdekBF)gP`yJu&jfbQYS{3}P9M)#$sJpQ0g z4O9YzN6Tlbxz)rsu#(nW*}DdPdArzD+AU$Qm+$BrK7!N6MBp+$nlQt3tQ1LF1S@3e zP-Pb|8XfTx!;K3$aOphlAg(3ikVRnpS@?6iFRwxUwP>YF(#-|wm8Fr+4$lUo-yd4o z`Rycil?}T2X1{yoK{>(m;%KF$@d<41PNG@GOAq1+X@mEIB5IjC=9p%h{^G^li9qRu zg8Oo?Dg(=rh%4BFIo2yu{+Br1w|teINw6T2UzojN)SvN}kY8{eTEe)F_M^0$ODkZ+ z@6)a;-JhkYSDJcI5aVcN`Qkw?5G*4oj8w z-qcFK*Pl)X){3;en>ju{UK-k(!LjtD%ci~!!-8E?P{EqLE`yZsc^AhOnZ))VhX~geM~^S7l64P66+P6;Ey}z!>zRP2va8 z@-IFt3(!8&z-1Y^oV$ZE#<1IEAR9&Gh*Dalgnb%GI!@;F;R!5BfL6KqdvNc4`+?6H zCM<5VxPp#@;eKlz33kgkVt=|Vnw7QSBK&-w3fjQ7p|#`}437~w?K}Fo%)BBu>p!!& zXoKOLcJbYQvCcp6~+cC20{U>tKQtbk)+80VsR32V~VGeU?*;IncqHO?*L>=okE%V#0Y;b5SluMeL8G5

>qx_ux5%%nL^iobM^J~nJ)eT5mhj&N4Q|-ozvEp5+Jw8%wHoNzFP}ezvH&N`e1Or+77o28i$yL z?tffp-2oKwGaZ^67DA}}LZ#X|RsN!mcGxO#6uZS5dK+JLpiA&}Tyb=NhwLbGaHs?M zZTWL@_{BN$CiY5Q3IBAM*%DT;2@8ncW{&|)By{TM7P6Z_#o1NJ2zY(Uz z0-5X8+R?^Sd85Rgs4hpplU5>g5A-uMD7}t5Mi(J~bWL(pF|(Hvh?zU%*v64Cz0Wa( z=uSVLso?Z50hNIf3#yT;v(@!S%ODFUr#e@y!x3Bof^DPsG*Q5EYLbS($BN9yeb>V` zX(xamV(KgcD2dyF#NM6eg~-fkj_649dljIEzy@?^rcl#sN+~k49ChFvgRLkMGI?u2 z(XiFzzcY_Gj2=tnt~4TY(7g_H2)WmpJPmOw8*hzdE|9m85j;*fv3BFI3}3@)ihjc+ zi5v+FR9}JBIP>Xaf4nqSvmG0nus&Qaa}Gybpn2mdP<(zQA!wbOqOO;HmY)L>2rAHE zTfu&>)s5t@pYGIckPVdC;)^5Je_`JkMQ77SqKpI;ut{!`d(vL(Vwm<;Y6BAnaUmhk z`^r1MTcNJi39slE=-X?2b4(*G0X#uEq(xinZU%OJ#Np1#Hn$ZSrEyxyWh?kJu*nQT zyxBkDo4kuGFeK=Z0x~7Vm8Op{HUU>RM!1Dq>N8=6Y_HnzrW3D z?N+ta#|?GgCUM*fVe71S%6faN25qs_Dy}_$=|#j1_ym-EYio- z9X-q6*%3Mn3EhsHcNB*g`S|omUm2>maua;v>(Cd<{cxwW~R@ z299CxYFe7u8PZgj4jJY12N|}l98x5<{;cJG1)_Eb4KXN0g`65xO}UH%%Svx&L28i| zAH{TR)(N(u6!4nmr&1-WiQ-SZ1Gh{!fGBhh7Mqr^V=Mdg?@BWZR5Q5k_1kVTG~Un)_crH&m1Ddy=9H6s_e0vueNfdjcwN`+RJ{l zMkaMwRAAtr-0J`~Ee}GPW`W+A+3Ptyg5IiM&w+b3&5AU}k;dx0s!UgPPrkgOkq|eA zcI&T!r1zdMDmqoUnndG3^2Hn|f`_uQSx(T=3C^G(CvdydS#F?cD%`BHD;0%F2B$Vf1drmJ&s#D6tC{o$Rh|;^W_h zXde`ZB%_@0<22G3AcSGs;42{Ob995+jI{0h#@1SJ6&TM(S$I&{QJ=S^HS^RPU#i*L zHRAnD2}bbQO&7OFNcMG4x0)Is^tMbQ9AsEY9P04j?`Ixru(ueJqm@wpS;f21pVi?W z@>nf$P#6i<#BpEo5ea+ir@tr06rJ@^-;Hsik9*bc1_Hc1HI^qSegLpkCZ+*agbV>@ zsc%#lT#ig?oHGj{MWlADV>h#!V!~X8Nv{_+CS9OF66=#$DY0Mgw+}&}jF=lnYg~lj zw$leH+dh2nq6Ie$GYVQ@4p+CL95W8~@VhJE#(B$Q-C@N}($HzX7zfsevXWJ@$-jHF z4hAD0|42z(>B4@K*w7FU85Q*RKinRjyJB5eV#**dI5oC?>$@<1RV1+-e#z+>c}9s| zHQPReOf;BctBC{e2r5O0v3Gu}JopsTQPpcIHX| zmqWvV!6%X?PJ8n&nQYwBXl`g|xWhM7ZC9X=DtSL@cX$Xaw$^e79zL=pu)mejF$AN2 zbT9)aJjTroO-N*R@2aUkC!gp9-bVOv*|C~56e!)PD}m~bjd%@q+CYl`hIm@8}YcpC$6%% z0e4%t-tumNfp`o!z^-i;N*9+1pYw@6e9TMyYm>omqU9}K2n2o)ZlJlM5=kgALw`Kk z);#@1!=*CS`avb)y^HOj>%l?yS{bxD<}38*azG`GmSD*?%S>iRc?{`06?c?G{{SEJ zl?Pq<6=Y z;&?UZFS$T1V~v4DGF<8_{hrQcpyHi)F|-F4TO!V6SY_uyrqk}lgKciF0c`6bMOfKfXC?6%13DWc?`Hd(QCc`X z$d)Nu=b=M+jv2g?+_UV-7>j$GUoz(~*=2IGwh~}UayKfh&e@iH*Ue$BeZm`3f3+Dq zHONRl>&mHUxb4f23z$J7Y<3u{qXTCyfbbFgXR_3NK%WScuyZ%C58St=TbHfrEz*-A z97U@ui;F`T=E(9Q@3^1~Yw8%)%=(j}J@MDIb)IVu*F2-&4M1xf0`Nq;JemdN_bC5N zd-jDEfTv3lZ4}q+hH_8zNce-&tB4djVwd%6pS)!2RC;vUc$5^xSD;=4pA7UzM>FXo zjAm?RqyV>TY~DO0HzJhEDL2&wk(h!Sf$Brhn12OwTxJF$sFj!CU^FiCtE% zzUe`+wd@c<(JbU*j#`q=Gu0R|y-i0YMv)k@t#{*^ho90MrAVZW=uHCOU_r_qCnF~Bdc9w0Ke~HBHwS z-&PW!wkKamhQh$Edxh+f7@r=uN2fqs)V8IqY&xZE4BRVqjtiWy>2ly-?3q>FbEFYu;uXRDv72+531o<4w`Od{b` zGBL*y{BuUb1C3hPZE;xl>X~(1!Jw5JVr;Mx6eQM9`A1Cr>MI4^uZr^og||2TuC_!h zSFep6n;7mc#`5Uu_AJ_)Uc9Fa$u^51=yvlfEf(oU{+tBMoo){o=KnBxjg|IVLn_1p zTzY$gCgPcSTaTWQxe*0n(AtQ9K2&9AB}I){zo2!6qhw!w#Gy?nZY>~sMe*j&xIdSC zNW{!QT7yxd(E?iwlAS4LLHFQbd(K-Tld!)qYP|M3cxb%ZWU2;TbnxuBMjei97j@Lk zkm+VtuJ4{&EQ`ESy|BCl-flgggNsyA)+>Bw2HsiO@4`;SiDBI+tDqR~l(S+{Y@}GZ zNbbTSVxSq_!$A~b8TW|im5JQ`K$2lNHZJu2#++&wHiko!-;U~KcK*U#XA+ZzP5-zu zKxNALvozB3-ca4F31OT0bf-U8;Qn{oUYH~&5NwXm`e5(Rl@9|0sN;#GPY@93MP7DT za>cY=J#IU9(`ZL*8EViWQM-1c1etR08=-pNX+QFqW2Z{}&@fW(7>fhB)U!#smlCrM zSBH0&PXKyc;LP_TVsdxo!KJ(U@9&j}rz2no=+>lx`IB5QT2~12`kh{eACgvlZzA(-(88Zt_SEOFt#8=kB+Em96SYDj(KzTyl#bZ&^~s#3_v34!ry@t@aIo1w}92+uxo%IZg~vdW#&ls0*9P z3b`}VF(Uc$osw}k#%sfAqz(qX4+DZ_$Xs^Kfd%KIk0&Q~zDEn|>C(~IBKBWBy23%9 zyIL>f>iq@plFxc$_z?SV!zNl=&IurIqwKT`-ODOHxn>1YQR*zy78g0N@^yT#Kvq9e zjYA&Iy!&)`J}%LD3-Flx0lJWNYDUj8VsZoEw+jm1ogD4xd3>-oGGRT%+&_ zhe4HpT=HaE@oi~I4-mox)Ol;%?Mh@=jppxKw%SfjiWn3xj`;%Rx{|rfi%ttnd$o=_ z+_YV{MlQHCI}N_I-c+hGg%;(iI0pgA2aN0Vk?135rz+Y0zmVlf$0fA+<%6TcilYFj z(%(nZa)+=K9Z^LMn`n3vaCn-PFzrfkXswe8sukGg%hOEPAnk1wh}s3Dp3_%A!FT zoQM25CUf##p}A|P9?`-YFt`1%EXfzpuEegWMK&2*`RlS9O*r2alzW4R+T$qHE1cbufRnH#*Jqd)X> z01WGa#NA4V2I^(w6xITBvvKA9DNLC&Kom2#3Q>IWvAgzniqD^jz`HMl52_ZTCGk2V zokol!`&FvxvE(U*I8nBocdiYb6VFyqE7C|-gk(T1GFRqarKG-?DS}(bw8Y@LdFSmA zZ$d|c=UDQ|V@~9G6$VV-^i~mQ=;(40BxdNOB2TmNn^3J?YU*3DC+9g9R?R|SJo=0q zoishg9UF6|b)H=|joBTCWtJ14MXkHl4Nlka5lY5DEHjOLPTitlAddfIl3S<4j@iaU zBf#6rsiwLTW^C})PEYpN$JHKISstx7_!YesHaFU#Vlw|#Tx8T>*IXzL%MEgA4Y|nF z6bG!BoJ)|47+{W)$krAYSC*0Q^SzIzTCkvMHfe={5~zNta5kTVY?L&9CU2LKqYxXz zRzQ&@oM_dVs6REaD3=(a*T$mH+&V)O2e8z4(>wHOTO)FJbp>QPPvbE}(%|gme62F9 zYz(lo1s4iztW2UqWenUYcz8)}Pffx6Qdd^^HL4T&><`cpD>cUceMEh6yOBZ9Sr4+Zd|@huy(8zk0(eo;#e- zYF~w0Pu*MW&91cG7;lSl>tBdyml@@Y0ppIl!%J_5JR5)*dEv=! zK>&y`N==zhp`L-F2&IcAdNtrgb>6U2uT=CM?kvcW=7?+3p6UiK%X#T#hgC$T{A@LS-ULh)9%HQiOReIWD)kO!nbx8GC;qqzcR~MSA};1Nc=a zs3WO$$>IL%ZI}A4N~N1~o{r_<+O>fc2jbfcXGCc^ywq?j-yQw}#!SS>htQyYDSXln zu4d0IpjM!ETNI*YsJ83XwAD5z0L&7uKmWDS$h&dIJFbdFMpwfDj*t|jdAc2RtVRU9 z71qdayEU!VsdykOq(3@U{Cb>ziIZ$~8wL9_irC@nUDrPKahDpFn3?8kdNy+D|A4s8 zKB_V+WQFIEI;YFb9O^1r`n~6i)sKnmJeDj|#I96veUzU0RJ5c66xM@~gUPIIaEM1o zY(Z?D9wLxb;+imm%m93U2giS9=9mF8VL&I1MP~(WeVwnTC-BYXY}B+*{>*Gy0;0H* zxBY861QUHk8-liHAN!_9HYYL#<|s{KAjKjLhbKN!je1)FHal9y)sUa{1|ATjemQoH zz{4ez{o&VY?g}CAH4!HQ>9Ss8rWk+Q@2jn&H_RG0*Aq)&A-{7Uwr%erIye@r87cu4 zH-2};`L1Z{C)h3{YSH?bNLT_g^9sjHb0#iB0Hn&gI^7z1_^KuiOOSwh88V(_r(=Z^ z7+`ygJk6QCDoa7RpUcJ;tpUUKj$b#caZ7CP;Cmc4`jvZ>lCcy8781>^90g5!WruO?cQDfUWPbL5&v%gFlqYSD5LhI_x zf+qRrv!r$#PgWXpPPgPvCU)gc7fzD`j|r%)P+9K3uw!!v({N_U93F?L)@UmcnnNS6 zC|_d~;yH6w0C@u#3~r@YrQ_V3^#T*Be!Gk2J_eyFP#F$79_+UU(%usqfwszaKahko zC%fJnzyjd{uIfa+vKZBvg|3eGX4%=_1q?yb4E_!fFJ}tZdf9+GGfP-nV^?V_L_3aD ze(~x1+>?qLmdSmrzdoI!y;PS0r(Fpk?Thb82(sjdec)+%)~NOT#fzFU2bugv)O3U2 z(ZLp9ql9_p#SBHl*13daH}=g%aTVT>C=OYWTroHNV9aY`Zhzm~Kzw{$*T`ruaqrp0CR76-__3&WR?pt9paGic2@A(PetlzCZiP* zQ5g0o4DDvBj?;O4Pp|v*8>qb((+GD_QZ^aZrfA3+*_<+&CJjP^o&aP~fkOM-!`d$e z)tWq`toR6H|7!qsa^(vOB@VML9C0aR*|9*EDH2oCra4I5&Op@nck1UCU&|zy*3_E= z(c;H&xs&&Sr^gN+<>5;=AB}nn3A~K=0M6yi7cgE7pjE~WwP6|cm1KVKrVS|z+xI3s zR+Hy6!`38J19@d0jNR2oqI3lM_acp>*zZ0sX7zkVwgUXy+k~%RHQZ7)sAg;WZjOr+ zn2y^t&&G@0`$de@_MbXAT!8lV`{ST>04M(qA!UO~Tl$xa`k$~@@F6Xf9mq3m@R2^T z@8{Pme8kTK?v1Yt2lcj^gcO+_OPD3J+nPuOK?365c$ak}aRvQBq$D7qwY(6PRuRru zy|uEEb77(WSE$La;_>b|)sJ$s$hO!g@9MFriGWnI=vioTPl6cFN-qLtB@;V#0OY?G z;CP@{hx0zjMNCd;71NTYTX%MaRWijKMzxNo{e}lx!e*KlM7jd(g8`Q|hfUf`?4@$4 z2t`_)mHBnL1!}@q`xHpJr39__06$EHL->}X`lL1_(QADKHyPeBwT299%-5BRVazgE z8c4(Q2@oT`ZsSof9cUnZ;=WOeTsjGe^cIZ6Z)P(N7tHW#e1^J_ciJrMpt;9Oa>_lP z(VhU)`B?kc_QP)DqQZ23i$e+eO5{(_PA(pZF{XPiAb-S~-gUgOKe22eu#>tmW5Ud} z1Td(A4&hsEt@LXnEg%Snu;h<(y4KIE{QO84n!MJ9*PDJQba7h38?dgYcTA+2;-h-j z4oYLLEJhr)MbhKE**gd6kM!Q~n@<`P7gl&}Wb7XA^A=p1GvE~Mrnh8_wnW!lp8oYk z$JX7wa#?P^b*4X0Q#@A*DlFT^6!7iw)C)`pC$SjD&yIDCt1`$fyaK&z!7)P{TILvk zA4`D+(pQSwm;>58tJWF9m)n7m&Xd!VjnmlQRDdUTIzXsjOh%^96_??kW6FEn<_C`1 z0djqx)TB$e)VoxfJY#|l7DF3_=a`F^%y2j-8B%Fl(I zVpH;8D^x`{0O=pci9t&~3LgCDY3~u!sWZtvvOolvh(9{v0eeD{7AH)proDM%(LOv|JySsZg1w8@#dV{iRnZJu8=sZ5Bm?jJ-`l@}@&>g^N!yl1`|6Gx@U}fIA>tp)jn%8y zPbj+{1R|NPwcdVY1ltM>Ail8BZf)Py-N0#XR1F&-Wc|b%lP1K)40ZW>lvLFs-M+5q zUkRGR)NW?p@jsf^i76`-$CD%)Wq|BU1@V1XWtZBuU$8u#v@3ab=Kg}zM^+XTYBsroxN z){gU{v^ybgdc1*EvPf=yDyEI`PDUNxw|hoK%s5*f_Zm_Cu4rT~f$8uQjW)E-w+NYR zg3xDIxj7>W5Wy*V$Qly?6vMdiX~!JDedLFvy^~`DLE((Sme!&Stl#={D;=7TSXS<*0jHt zNy1o4_Q#~X`l4CIjbj>mZ6m1(Zg`T{4A)}0%`PhmBp_&Gqbsv>9JWPRK2CsexBE*m z2aKVDg08>YT6mpI*b_v^ZOGLi1fjLh5GJyLrx0r{9{R&20uok$agHjg{D5|lDQRHh zu!DE{?-xx1k=Dl@*@Not4@U?G^c=a`ucMGON|I)VvN^OWt#vpy4H>iJ_FP;V-m=x5<8AzLn zF7d_)Bw4`ekK|54(n~Tub0e0lYetmWD2L%REXrQNW5ECu#igOg3^prNtyLj&FFzS^ z#O{VNhR;aw(V^_NTD{A`cz(TE#Hvld)VZx{!~0_me!S3gIH^}4ti#bN7D%q>btN=4 zHT^z=lDIQ{Mo@v&J3bE{SsVHJGq+lfbP4Kyx}Ai$4(%Qxm`nZ9lPZ;<>Yk%T#1jqp(sfHfO$h7Ltsi}d+7h^Kv?d+{!)c$Vaqk}-Ax~KGa=n9LkG1*S{F)C0EkFB$+a_rBV5{wQs_U)!_TKCry;x~t zjN>okD6Y1wCs)Hc9iAyS2Cf+i{;H|=?NM^RkKFNe4XlknQ|=PU9mTJ=``JXUigq=r z=;-$;8JRR^jsR4uK9j%m>4SI1bxf@~rw7m2YJl9|ZvH+0j{6upzgUGj%yNIw;o$db_4hb4PVSVw_)fhaqvrRk56wZt_b&<*{w#} zX=InO7ND5w%$mQtXsJXT(kLpEN#?3-iaBk`j8BGbC(ufJI`rt@tj|YYfX86Ed2#zV z5g^VZ$vLX8D;sm=vHyWGfAEwyC?Ii7DO|DxsRHeqnlTVFDl}GTZ#>>JmU5X^^!UKX zHD&P9!Jh-^>>34I=w>^7NV3wEm3*BIOl(p0HQqc7Mi*_gU27M$rE{UzVj>G}BV0Xd zIX+*0Wc7TN&Zw?Tm;azA>oUtVA6?yFF_u+mrSKCxtg)yW(*>pEejhmf?SMIc-eabt zDy8~hns_6rY@){HVW*(y#<=dWA{IEW!kR-EEHq5tTOHOhjnGHNikJBFLaB6&&T%I# z5J&=t9a)xG%y(XrS~OUmLFOVH2tLdr?q2gl3=D4lg=0?FDbhnoiESA_dTs-Wgs7Bi z8a*+6srAZ|VW+zOHGhFlrKu*;{(6ppF-pwS$3C#0JM0_SL}H@7_1??w%?Gn~S=%na zW`^9-&^vN|o4SI;ai3=enkge#*Y2$juIy5T4#R8%eGQgp5F81ugZ6_|@88r=24pw8 zn4sMbHZzqCB<58hsE|OO8dj7XXB4o?9$5} z3{im`J6RJ8K+47KL3ZlAHCM2svHddF?b-`sK8dZAtYl3=VD15s%8m%8ps zrZUOxZ$eL3f*g(0B>^?#$36!o#Z`Gv09leJZWo2yXtq_}133_?6Vjfm?Q$yHNU7Y= z7~?xBf8>OjQ1Y{9xIu=nt(8uNb`J)4o#CW^aXCJ2;!G?XzrgEeUj20S-$^e7Kdy02 zAldoRG5X+TgDh~m$P^=!f&0?4^Lu9d8CW!jG^~qmmO7l9HS5gz*)vx@eRIh8tyzXj z>!feKI3EW#DK(jcyhEhqE_48X$wj@+mtb@f@miEE6y90eYhB1;HT-t}i^MAzaWh$ zh=2kTQqs~5qpl)S(#??4-3^MMA|Xhp(mB*HG$hAA(cK849 zKfDI!a_>3kp3nQ!?*kP+gBPu9Y`gO^?*2EA;5!;N-XV7fHoaN8nCr=bS+us4PAe9s z9-}>da0COft{utEvyHhn=eec6a?7E-qk=G+7SR&hy*{9j0Wk>N`yK@*DK|qx2n~f2 zElFc2@m#9kM7tF27O&54mr!V49uN1qUkdGI8b~kY00O$iuFbJ~k@VI&F!BUK00Nu~ z@+?zS9p6M91mHjlZ3nllNjLYHwcb9vvM$7s$wY0n{5rYoV0X!~E@4btT=m3}$a~>}EO9Vyx;M zvfNJ4QMCY6bvs!KjK3#g&qGxuECds%`xahyeE#=6_F#3o2eGJj2v5S@PPdbTH`upE zQtG@^{LaUc&PAkFjcf^d4XBo%2DFAHpPueJ^Wz4=tdXLIw6KLm2deHW7*JoPc7NXW z)fEP3>dkD;dJ$(`(Yjflt(~D^4cS1knrgJsY=#a* zc$~{!7tH)6w5f?fLv*VWY$s0mf+Jv=pFhisEY(yKC>CktJ z*$n`_gD%k>$zpE#JS`&&mfoa-qCJXt`1SU4?6~y9)j6}^FK0~ST{~hA=j)M<>sc+H zJl*lOWqJ)!YPmFkqQV|bzq18Y66e!7?ruLrXOFk=kbtT0+@)@@uMv#e{!mXN>HXmh z4k+bvul=I(iz4RFUV8CEJHGDjl?1oJ4Zd~h`M4K3f(jc%!trD>4i1jCx=z@(^rM9k z3T`z7HTC$2BZ6o9^w=%6E3wP!P|J+@zjqpa2a4N-Nq`4*3bf>^;M^74u*V@3)G$oB zPoYkKj|KDnuE)`y1uA5&YbXNfM4}!Ainot4D#FuO9I{1{E0W{x15Ijzn7?w9So1;H zS)|SRF^ialYk@A)6DI;I$5uDBt9Kx+7%lT24N?nfGr?>l$497qYDt1wZ~@^6jL@o7d zkF?I(Y+|_2Fw1vT{vR^b2xl*LK~%6=-)e}Uel$Y<>CwT#m&4uLr*C&3ylWA}E5EK; z<7$KIn7&LUn4#w5lllr346c`hI5{+$ReA0Jg=u+r0t%0KLV;&Eac-&MM6A9>72ElE zo^C$~3|mFyOX;u8=7$d%|Lq$5kX8!VpwNu#ctu_^8+(Pq?MvxM3%pHIGw6Rz<1b&O zd11x4^%RYe{+s6l>$RW*y5v#+3iY=oir+W*uhFu!5G<^Snx*D)_P-CF{rFP;?`c1- z#>JBU-%9?pv3?bb|Jx=1w@d!E;`RTK>#sWC|4{ia2HJv-L35s3{-PJv(cd>n{scv7 zvRJC1jYx`q+rQlOr|W*uptSLi~9h;M_Jhh}mI(J&xrgyUoDcCtGKyfr}~s`SUC; z%^cGcA3+EGKD{`IUvAN_r^Xpr&v@n(Aqej6-S>p z*XYOWZy9TBPE)W5Uc%%fiQ5^UtrH_vU+sKg;Gx*VFNjVT4FdFzJxC;m;mUplxKM}bmgWzDz`hwN{;?*!2u{{?&xx?BuUE4g6SGxzAIj(W@61F(E@1hl=8#pNO_5bPvtCeO==R=Vi95xCSXtg? zo|{}BH3pvH|M4#W2YhR?U5sHqnpff9jUfcsj25v$Zh-+#- ze;+9M@lAezTEn0%=dm(Xh2Fneu>fomVvs)ZbE;*^0Mk3edb`?V?~AU-?IbVPA=DtS zd!2pdi>8e_J4M6?*o9m5&NwS z7BiV9vynt@csy2pMB|4|xlJVZUi%2gKU;kyGoAmq4P@!gXe#SV{}7X;Ai%-?Xa9Qf z8tzE|FMHWTE8$=K4;c8~&-A+BpC0qSMK>TG7(~x6U7|nAz~9fK{z4`pd#}JbNd1au zR7c7PtznecL8ggKY-7Q165iboZ~tdE^+p2d1m0h@+x%yM@O^l4vH&`1>yoFuY5WlV z#H@eWNL!j|sCm!wCSgEOO=M6s?mrs?aa1x>M25QEOzuU)G7 zch0Lr`W^8ruZIYWm-SB@Jb{DL9*3{#1 zf&g`$rm90#!IQtaj%Tg%ECXccXrY|r*nmi1i+?3zzU zM;RB`1(~{A9P+oDpwWnYq{7FG@}}nG&6zP5E0yt$iK@gD39sR}4Gav-5NU(MnOkq) zdlO-jU|nPpE=;v%reeqW_Cc8C&N z_BSr*>z0cwJ%0Kc0DX31^Q*LQHxC5bMkG%BS!y{W4fp1WN%2LUlPzcZke(QDuK&HCuq>8myqNmtjTp2?3_*ytR!NS(cxto4&}pzi@%6ZkRf z4vk*BtPW?YDAI?v4etwm{kD=xw0>z+Vr zdL7}Kfm+>F%R0>TjymtvdB=&_Y6TBFopoJ903}S?8$CwUH9RB-30QaBfe`I*x#=oe zx3E^Kd3QdQ>)k;D^&0!n0;k!DxefC?>7wzgu^YJu>{pG2^Fo_J?DLSrM|^_+dEbrK zNnRUlkDb^JvP;ghjuDA1G`OFALasd$@Ih1*R!u2@1+q*#Vlz=y!XsO)PdueU?--!A z9Gq{QaxlHj)sHZhKc_jEZVJv-*Bac7Rkk(ZqL2QNAS>_V!gvqR`eB|W#J`Q|o?d|3 zAzKIOq;DcSP5AlO4)ZhV7w=Dk6#{3{DINXJ@Z-$c9q0RuTf(w|*n37cK-Dm!iWTm* zKBgwG;|pUsf4}ej<)nFM4(PVCP^s5;eRL+1IMNa;@~n`AuDB9w_?mUjixyK=hrWv} zU!GsB?#emC!%-F>GxVb^m_~&Kv<<(y1*{>jZ}Z)AyFiB;zfA?tvo#B$wNF0Zv7A`b zAmE~VR;Si$Q9+Gfm<=bk*EauSftCc?ZnSWL6K$b{FM@^)JZ%NC@uhy7P6DQ(jYfda zqb~;uDsc`5siJfrMBl5qjMOKN(>7=ip{;exeq8=Fl41mCVPWt-Icqw0UhdD_TU-9> zN398TA&5HeCF`<0tvme2Td(<06j}jN#eq$94wN9A`q{_rRKJ_qnM8D_M01h z_VM4*P9tG<=-;zcY0SjYA+k00(_hS{XXEx)hVq@!Yw>&A125R6)c9FfeU^_+9ZDMc z5zd!G`9>f6JOL6o6R|B=)oK7|XY7_klAC_$6+&9K)exJ8pI_A~){LKBNW=WB-I4jW zknc$$gyi@4v-C@vh&T29xi~c7gDH}|(7_E&755#N*$**_zZ*j~6vn`>YsVBwO+Tw{ zQ@Z7lJrt#bvZ4gi2hT7(>P=AJ)vD$%m_RLO4jW}GeVzMRt@z2>*?J;ud7`eyVkle6 z^OLq?d2)?wrhH;he_nn4H&F!4MwUv*wjiaUdq|c$Noq1qgXYSWD;YqIenw8wc+DqR z0=18%A6gvQg^0K2DA@v?wS=sTRb-!?o#nl73QU&{3LZGc-5+>)ysx6_8fGf#dlI3L zDyoK}J%2;D)n^x`7OnYsN9wh1wR;JV-35e4`^_+q(JpppM*FZ20DMauW^@{U8?qOj zKHU1Xt(S#=WZ5?wlnmz2Pmxr+tcY4 zDktm)=h?@duBBD3N#h#npUsPEm9!Ii+VdLlN#Qxr{pOkIH~-|1w$5G!V9mvkJo!D~&UKa}u;1<9o%7~UmXscoATa9NgQmFIX_Z8iaywELmw)#ZsAuf;M`qc35%#RiI~ zHwt0y+|oBa02+=J-=?5Y3sazBySMx_g}Pe5!B!8tQbT>W2u4ID$d5J!YURhOoZx}} zu2`A4LRZyct3sZ;2OGm0cH#gRtc|GaiMzhgV}Xe;CdU=)A|J#fk|+5qpx%dH=fAI^3=L7jvOWiV>#<{+v@$;^Q8si7(J(nUaxTr^+j)tMh*KC z5C}0Z;8Nk@N)ghAFEkpBKSh*!$dXBN^_V#}tg0LcbKRz-xh2CL3|=72{Km~VR%2#& zhTj&@Q>`DLUr8f!)D^h3U9-Qbyk=}cQa=&b)D0YaKTnL7J+tPUG9c5%#zl^%Spe}J0cY|C(lR=g`QoUPd*!~h`c3eF#Ob2Obw6q1C*h~F#zm`9^~ zRCz(CI^dNa<=;Kq!AaZ`iw=N%{r{f7vQQgQJM1~qQBk4g{*Nsm6dIIA+3s^=O z6T24S8r8GAiTi8awqM**hE`gpi$vn+{V!qS(f#lPv`XANxs7u3IZaGH+i3V$T~CQ-whhP>Uge5eY6NOPlD);)*xA?=BEHo@qtVfFzYfGZ;R2NAL_o zsEPJ5)IZbkup!X zz>y{gVPa2Vw#Y828yNzgsZ31GrRLjr@)Nd#La9u)KRr@7&=e}VKiT}e9$D)1;%jn^ z^ZT#ske0XYPvgzL)E$N2bRC$ka$0%4MCn)Q-ty(id0=GDGngY@nlYXY`}p_iI5Puz^`~@tMiN z*a+amM}>&{&mU*)E%iNo97fH08RzPUxep(z<5AT8c`U2LMbTP(X6+{)yO>2b8dSsa zx8iT5nC|TCBsmaa;^uwG8~PBN2uZTA9$4wws2@SFJF1CycXpPt=!AP5x}56NxQ1Gf zmNxTE(rDfDtCwhHz{IBib6FQOJU$XvKrLPeGAk)Rp6wbD`w*HT4ApW&{ zaA=&tS(%QnetmgI+xuGs*)pb&G9{`$hf_Z9ZtwiyOzNnhs2KI`-4zE7GS^KVx0#|Z zy2{$r&JCGLIrnsxm9N_$Q$8&!$oueN?nX9cS)IWVnm98o_6F`I_))WZE)Sw4Uj(tb z`x>M}_T*{aDH(sSJhshH;Oyg{CkLXV!CIR{txp2SPQ?l1{66o1AVOkE+sfNkcX|`B z@aSM!Wn{rVLvcW9b#tYt-06xtspuzqe~>kPU>$mEEVPjHv0Z{(T3+7M;R1b|Q^vSO zAAR3?=Z$f#F;iF>I^O8Ti>4r=*xZJb{xr!Y!5Y_9=G$VfAIb;IU&G$V#V!5vF<+j^ zw9uKlAUZZ0JCSUAuf2T=W7WWJmbGZ5_j4XC;`Uu`Zqh<7`GUBXl%>$Pm4A|RZHX_c8w ze|ptT^dOftR~PC4YZzBw-G0^GW^ zU%JB8rADs)3><&Lk&9n@BQXQRU#4QUWzSf|6w1wdIcy%#5ab>Eq|cfr_f9>-~oHMc>PPy`seImlIlBco8xq z%{ag%?bRxw>3lmG{k7`6y!QCih-c^AU9D|x4#VKO=THv4(yzB*xXLOj>-QU^iCD9< zGqnbsoDd;FpDsg_#>XO@(>&xw3canW=HkxFp>~t{1aQc;N--i97EPrU|FZbkpv3F1 zS9?xuR^%Lu|9J1eeF`Km4j~NGe_Qp(7u$>xv8gOoRW9d`t!Z_Dk~u~IaY>7yi_6A3 z*Ju$KvyQu)vvr>6JzEim%A&0+o)-Jv0piz>FaYKzcl9OG@6#YQ#USb&$4W}? zt;dU%@~mp_YfnC8^wy=2tgykOM_d=LU=ElY9@ILbY`~321$?{A^ zj}vfXB2H?(^GQY49Zlw1-zzIC-!U~cRevqa&aT7D$H(~j#7u}CPglz#Tsu57GgGtSgfa(lSCrDbR4B zez@2-!MA4(<9A*3-vs$JQNY@obvDDJtca+J()H$~@{tef_g#g)w46;FBU-M~@2`vw zsECXe1s149uIII(MaAy`2z55UqFpMqMit;r)~iZRgn?zGK)1#o1-I=4>PZKM0}gi= z+7h5vNulQEfP9;?VR%>!zR zb%aKE_?EUnmHRPwtY}L7dse*~XDB+lOadrI79KtfNH|j#b?c^PU!yj!pAZ1*+;mCr z+r}f}EIZH4x{_GQqFu;7`W#m|4n1XMQH$=x^PKXYr3$T z+FDFrpbk*DS!X*TbBk^fN#oQqva)5q4ufYF&5N9gLLF1|4-+i+ttkT3=^M>X)EyF* z7{3ek_w`Vs=xx9cq3+u*7q zFRY}arG>=Z98s}2qB#swO7soyLq04$WNJrR=H(;P3oSLnANd^)^lp)>I8@TNMAk~U z7Z~ay71Cl764)wqsyxncb+~$~KV~s8v9xieyF$rxi*jR9eNT7>XE=H7vfnc>aYE71 z^HqpS;goBLb71nF-Upa2n^1(wRNCzV{Tnu8BM<5fVSjI)@| zuu!<|r5nu6QU1QKxdo#=sRsDnsf*N9RbQVCWkAG>Q$dgQf40u+YXK)G-lQA1&2M-52fQ>H?awTI-euYI zc|P9MbAMx2j-8d&At=!k)YKxj&aZr(^m?I~JM{YQ%%hOby2mc`9anZc&}sKyCKY{% z2lJ+@9gdFPz5IQoKY{#@=no>qH%YW?skgB@RA;x>HG0rOnP!tO|FGqV^J}P0-yQtx+_zUW{LNri6s=8cFSV+xRM}Rv z?sGFRsO*T{h=Y(T#$-_5wQi5^4KmLv&$Rh1 z8QMHbN?l!5yMcePJijgkW_(|I*+7yoCcZ~hds&N}*6g{7`_V^wOUgeB{a+T8m>csE z;52;B;$${f*H&hu6ty*nPP+3<3lp2mVixlHCmDTV#=b2kw#drfajrl>v}Sq99a$}) ztgO4nk$?H{w&+s@+aj|BuMCi=&d@6Vczq8i5ZRV(m9NfWPp3iIKeVbbPC1{nbSJptU ztN&8VXDgvg1X0B1+5szhmWMXOa<};1i%l}%I36fwi0kN?(EDZXGN*;k7&cN(+ipQK zwDm1>Hfq@9S=E!5{aRToC1;g7nTK+serMthJsBIOH~%b9-!bA3t64j-aYZfv>#;;d z;X2+DHzpqcV>*y!1y5o~vJ3R7V`*+2Jk!dJv`8NB)}5<^R#rZwY#Za5HDp{@Z_sqx zq?)N+9X5R^Pm`mLQ;Y`yga19yW-x&k-U7X0?RHS>=pyGufsoo)#KHrZ7kE&!d+6-Uk*!4D7dM3LCbXHAQO$G_m?h(NxEs4!*V`cMrdBZ0V3kf_&ks8%5B zNH?v*d)X-eZHff9fPj28YH3+ZN~+;yfr}b^)ey7RwN(o~K)g5eh_GO*q%Ikx79{4n z($9!7H!~xDKfGtT2OaS4ib^s!LkFM7z&E0l*@1Y^ckx;-9rKG6niz9LuT~%VjdOOW zo~=%#$MWTx4?Na_xrXv}`^$n-BNh%HJiHVza=n*|^}(;-2S5Nj?aXKGkup*HO*B7!y#5qG@@HZBqot+7FBZ%{}MdvwHdZmaqz@O-v*TN={` ztcgFw>7RWHs9+$D#W0cZ5fBg<4)}I#vvF6sPqvdZ1UYeYqTE zku2)6t%^UK*X}B-*i(#K*uqN+x;g|nQ+ENV6$u#>y0Tty(}<3hRg0GwQ^RA}7@pVd zDtk{YZXHMfhh{66OCWtYczxise-H3~-K}iIFrZ9JuSVv9kshaPp)$2hM{DPY7cash zH%J#axwstF6&28>(Ul7#gjG2FwFP9+q!k+7a?Yp@sAf72l-Hqn<*PQ4=h^sZ(K@_J zRYR>Ri|_UCo8_<1`!5>}WR77MDY#e4BPPVoE?e!oYKu~2$H>mgd}H^dGRIt{_iTS% z>fVxgvXYh(Jrx05tb?(d4R7`9PU+V4f(qHi+WvMS@#B7com(i=4N#qRbI#DgcJ|@w}SwN zgLkn4CWR+8E>=}eAJn3wl}%o>=m^@mX1$`+taksXn&487+89vm?;j{MBqDNKAAYD_ zq-h(9I3KWVA6<7`Q)+8%bq=~r1h^_&az!~gTkmjh=XP-5>SfUL4R+wu0PK)?_)ln|sIl}T!R+mRKt!!+_M(47ybR}^7ivRCgKX4VBU~r{K1=o> z>SL)y8;V(O(^OTb2aOFsk-cNUK{0%ixAOik#0$6e8$HaO421L?0sb9oy)jH z0@DV3T?L!AlxIXkj*h!0Y@9W*;F{;q+@jjP1XYW$^h)#exr!bqa+#ji2;a*%iDz+7 zd$Q64j=-9lI#r`ux$!uvJf5i3#N2^3oIfP&pM83*g26_ID_o+c7OlLHXI~&PQ-t(7 z;H>fhRU!I!DQ+H{n(KMmxtcFwuCns-usk}%>`{*4%&Xl+ z?eGm#WXBS7`OMZ%rmV?q(1U#rD*$?V*Lk(`1)pC~E@icwf-TA)_Eug4WX3rgkC&T;4Y;1T{iyS4znNoBS1MWL4p^eod~0 zg}O$EH`|QRqjO`A#QNw%<0?qNQPyVcM%JV{=+}7s7DbL1cj0YHVRKxokDuhJPAQ%f z{KcUvw+t9Zd#Il;b|phkg)JMb?yU)3tyoFV+Wk>_dWi$RW-#_xl9+NxSbZIS0&NSa zXpR{tzg8_1HhSW96m*F!jA0^H3w%yepLs@KU!I}47d-p`6MsRGn+T7$;+fqjC#KC~ z(D_|$iX;O2ky_WwY4`B|Kl`^no#5JcE`UGV=>NHVMvsnX;#$P)?>UF>82SIX-Jfp} zumr^T!%~=ZER8VgQ*z$~jEeuTBJy{LcaE_VOv0^i{N-Lo_x&62zkbn5yY}O{_=8j~ zk_K#A6(JxW?CY;J;j!=LNzAVT!6P~Snl1;*5!{RWgYwCyXeo8pbJPD4_5S6Ne*@7k zuil6LY`XH?1zi%sQ6$j&In$wCbLqTxWUPnoG+ZN~Zhu1OaVRAjB)G)^iW#7gEZPRN ze494`NUyi;T3~8PQ}#4G|Sln3f5fvC51GGDT-nX=jVx5 zyc``%otK``4XLROyHb|F7uJzES0_eO;m)qbiBSK9O>`3%`Q77N3kTY`~Di*o1G($xEktzUi-|3K0NTgXnA@O>t98 zHFB@KJjYs+Q=oY?%xfgR6_igR>^LsW;$4tD;m~s16o}390%w}4J6$RKn4SVR^z^h^ za*WznV*e<)x7hH+)m1%eGhf6t?fx$C2pxXa!H6tBw8(J*pDA#{9FbPC3ng8|f~TUK zY)CSE-l<25`(e-(hp?Q|(*9en*Hl$ipG+U2N{!~99&R;Vo4>t#5;8QLufaX)wK=v` zf>x5kz3n!>y)zRMWen}uBLsH*7U|u)cOwj&+{&}|ml5!z+S;n}uXa_>NcWt+C@{DQ zruvl@Hpg)5FcXq*O+ao2Mm&^oiVOa6C*c7=7<8Ihi@MDs@h9WP+z8`Ki%TOewS5|} z08ZcHFD<2qOKQW2AL8++gDjusO-?AQoMs<#4ic~=*?)NxnV{}vO}M}v0h}{bO-A$R z#QAXIcw?WC)(TIfDFz7o6mEb7IuqW%@5}Kud;U%OW{nbF0mu5-y!#DhfR`cM1jHHkhFu8JY^hJ_>b9b7e@s-EfDbVnph`97MF%U=2B@Y0cnEl)Q|@F{hP%U_Nppq0E|gCrgeYPZ&J6$ zuHw|(Wvqj%p>uTdn$!vC(rBOgSpdLWE$i!>QZ`#!%3HNLact85!7bV13Vwq(IZPiBMddpU4Pz|unOx^ydMb*(@dLvG06iD({F=H+QW?~F6Fd;1p$ ze&(q^L92s{sL0Kqmm?sCT=;0om{CN8)j;T~*oi&BTwoeEqKkqT^d$@m6VFAM&_FMG0Vn{e-Ot0GH4Ie=2Zf+KLaTNf0<(PRjU5V23U>I%_-k|hU zNefL>8+YxL)*~qmbK>}4qrAj=7-E6C+S)6l#d`Q6>@~@J$y+54KmR2Ezyed<$T`*U zFP>zd#4#0~iz9!1oNfI=xHHUIKfgWz2!b13AL};jTBGwns3o9Px|?*YG||p z+_a)inhtKqXOs&fdAabYc=6ZRSL4QQ8P0}Rp|(cG zMp_z(jh(&Fsmy)*&f!wiwXUiokzPxT>~$#oyzLB^nhx2yTL@HQD{Gag4HxKHVIIlO zL*e=YJe_O{`hqq-X z-Fewr;=DYjR$5wW0wj$~$HX^*6S#3bc0+~M9$l7HNOCVSF?p`JySLf^C2-Z(Poef2 zcPJfD5Q}$0C`Dc;HF;Iix4Vskg9Y-Gk0p=Stn?Yu3r^Q75Vk3j$sP+@3$+l3ET65< zxEK(jPzef8?^zZ(d-QHM!ma~gR(f>ox?~tE1Dt3t_o&IW6k021TeB{>dz3uOfk?W% zVfA9e?X()T(=U6DH;TP~IEameIPAYYN*J)Z58j>lxGB%d%35mPcc+i|AZfG=ct5@l zMMN7YXW_WX*7pqaOU7aE^(DMy6l}v#o|*6^8?6_XxoL;11PrbV&Un;Q!*;A)Su z&ID9qCx6f99;tJVrFvwGnG_hR=(Sk~t5OJyk@Pu=vw9M6gN&>V2*%GNHtUIwDSJ_? z1LZv})J_F^OQTJmlSA;9YSgO*AIE6#tuwDsPoKeT+JG3Jh4}18cFrq6g|mRpB%kYu zA?_jYvI@5i7KD14U6Ku!OHaSdRv|7+M4{5wC{&llj)YY^Zt8@5w$ zT#wIY5x0NMPgwD~yuS>BKA4));nLw-cF1+2T4oj&kBWSZg1+?q=qLrzw!k5M0?M4d zf^wg^R)^WSPa#|}uIr@|WdNl!7bUrPH`YA?ERP`wgY`MU@_1}pI~|l3Ags62 z`|w&cAy@4aQRmiuL`+bg^d>A7Up!2Re$KC5MNx7Y_D-Sq60)u6SqaW4SKS`(t*YH8 zJv)^A@U0ZDQ9ZdOk;qFshf&?J-Fl*8h~v#wh}g6~QS##4pt@C}q>pFsCC40NfZa6w z9VN7k+H0+32QU#jqBV3k*4TUf$Htv^yOOY)!El4kURQZ9{_N6We+O3?W^isUs|&jwZGR#Gden?oWW9V_-G0ZF zRMW;>YCRO}gA#D;ENK}@XTAYuaO-Lq0IHR^_#s2H;ZofM8i)a)$|hKBqcWY^x%d7s zYF^RLvzLIpCblHFM|f9m@n{#2gm!OIkk3)P8511q39?XQb7J^Vcsqj>(Bavwm-i>( zX|v)}jh8!JHi-ALlBZ9vjZEGe4(N|mZkV#-l3}6?RIP?)2NKe^P$LP!6gOzncO2X=ydTI|)?+~@il1y>$>+-R8vSE>$(1ddo>TGVJsvgJL z>nKU|c+F`p3}NT=pmJk=g|A@q77XcHL-vb6ypG}kJh*}(On982Y|{P|)eRjgGvIsI z$(zc)cBynj!H%(1C(Vgs*~u?wyLMC;g5nFZD+>pM5l56hOCP1M>lUbO-|dYR$zOK= zjM>_Uw(azSFZCVA?|+&+rl}ApN`;NvRN!xsf?PxHy#sj@1`^V*3Qd@pdHF%^cvDaI z;D=rPS@AcrPo1(CyU`f`A$KHrjLaSn4M_^V0K!NN!Q|OzA}{ItII{F;SA6*@zagk5 zI?e!Tmg;L6+8xKE_xRmSLn13pS@s)2`ML$4wI+K*>THgABqa2@MOQiU-xf=74yLO& zCOe-UrW7Y`?ofUherBw%U(d+=Xt4)}^0n8=8y4{Z*2&YcS;|Xw>u5wFF|vcZ!9=lW zKOHA`qyCsir4FVt;v#StwRv89heFT&e&f9fEwg0KMY*J#{qk;~79YMW*1o+LL{)UH zW>RJmOni?qhuu=3132R-ZY2?FXhihca*9KB$>LyZI%TUw-KEgZ)Uc4z`)JuLP(pou zcEamCwbmLFu95J}D9zUbdsu9vwn=patEPCLDV5tO0AMWb1x)Hn8i8_!h;|#;nNm4raSigk@v{2Xs03$kanKB) zkgw(|FE?}^;te@EIn95RI&bFoUaRT;7))dIWktmB@`?tC^<@+tt)X}Oo`1n66=|1CD{`Y|UtjTwct1SJ_8}xxQR4JnZiTPQ zh~)yq2%>$ybV zmq_+NKq3bBd@lmOXJW2)Ge}#qSKKGnbMC$L*Q;YV+TT*Lgo?$F;SFs=8hRFaItox0 zAw)V(B~l&?|E!(S<5Q^ZJu5Gyy=nZp!c>v_?vjC?ljr^lXOG0bke6c}P5S!nuKgm< z+jxWw{-8u+JhBJO-qa_o5pkNw`^u?ao-ZK1b52ItEW;naX}TpOrQZHA;sF{b7(A8z zboOZ==1fi4R?z|>Qe5fRZkZcxQ+pTD&6mJn!-;7Kk*Iam>B!AUy)fjdh^NX-oKj7Q zd@b&_*rxiR<0Z_o3D+-`2Hgzj88SXc!y80*eQ=qRe5=6+m08adPXIUg(-03IAFt_$ z+}BpYR!~Zt%B<YZDrGS9$pWVpqSNm64VCv>Kmd16KDXADv$AT$Vd{ zl6h6zX0+54orcOe9(dcmku?+wu+@r`ZbK$)_wOFKlPxE+{lS$Xg5MX8#FONY(_;kR0+N0iM z7ian= z3Hom1(b|3|+bpacx|`O|$I8LU(^=va+DIgle;fjtURx`Oz|h@ts|1sqA7w5CO)7xpd*XM6hPPxKDsRXN~C7Ns> zCX*~xK_GpgY2#Dtw4UUZ6-$7P8?r>Cias1#?EUK016_dcQ+_;so#n4p;dDs#3b+tiF($q{p$MejD_Dp*0@q^Fc1m;@$b(UKjL_5oqY}5h zpCh>Dg_tfFb2r5?Pg~vwe*I;Yma~(%f#Tbg$S2tgd6mP9Yq)KTP-hTW05bwX@i@a% z<2ytF3#2(b=XA2aMsx9;6|E4Sijr$vP2!3#_p@qO-!<%_5sqz4u}>WxBL!@L^TY37 zZlxUGBMK+R9+X{$VsQV0irSe;=Mr^AEeLSaKhVQ zkQJ12Zj$$W%uu}0HviOKBYW5qx&ed|9IMv)WyKdCge&FSh4FuUUSnZuS!lg75hKxa znu9TTyx9Pr@SY{wH?cYhJwNRsSQ-t0oPJxQ;PtPa^fgYhQB_xeQ$%YqU|iX+y6X%h zVjgsz#$G&Ddqv~5_1O{W0v8EzAo_B);nuJlNDpcFOcgUoH;IDlZBjfRf;Y>sq|U9W z=d&H#cEsN@nkuT2dE z8}Q$;fgu-`HNYxww3;Rz~jxDo`D)4xmQMRnNx4yKF$ABSx4k$ zSl2c;ElndpR)o-s;t%xs`d+$S$FAOj`}&p=%xx%I<07iI*?Hl9drW=CO*Sab1MkOMpUm@uH26C~M~;W!IG0pZSi?#~ve} z%y1B!Onp#MfMWJoH)i5Ueh5SQ+a-jBFM^CXXo7IUqaq_2Sw%)qrt1X#JLPjr z+_QeIm?vhyT!2J-HodKPV@zy+dUR%}F>d*mW~Zeu>zQfdZ^mP}FNPbmA86L^0FHNA zqW+++I<(^Hx@yCgW7&G|nb^#01||lE|3}$dKt;KBZNSnXElM{6M=2GN4rvtxq`Q>v zhG9S&X+#t^(Ixw5No6vCoCM_vdc&@y|A6+L_V}WtG92C-^>6F zZKrDN?#+}Zme0kmc6sJ8TE*N#wD`N{jcu4|d}%iPq9JlA%7(ewU*|ZAYnYABw5G>1v_<{b8orc=>(Krz$=*T0fvFPxWyC@x?oJL5kO%Qyy#Uasv95Hh>f?;UdN zy&Rny)6cdlLmYjT8>SzsR4A@S&Ve;sMzVrEGQ1D*%t1mU&4#|iHHc8`uoJ#LB8J^( z)OJ2SNf%X{8NNe2-Ua=7-lH<_tlB!<#w4t3vb#aM4E6`W#d&#QwA^^xRZ#M7xcjJQ zw!>D>7C{&{)RQN`A@)M-Yzf2jjK}xD25#gmCF}fx@Wg$0a$@F(!5g3J8IY}$nH>Y} z$s7VeO*S{E^w(oU7;f*_rO|TSR`=yw5v7*O`b(gEzhX$GZ1&xLIig#4n&A!e8 zEvZY%SLfy#$tBP?5KA~|dd}B*iwY`Uvz~))y4}mby!$`>pg?=2aQ)zLe&ODZLa0OL zx3aeK_Y0?1k&sVNIf&rlDsi&-=ZF86fvCQ&B19wM^7^a}7>)GE!1SgW6Ho zOiq2a&mDslM++I|OF|3n7sb9UH##U{$m_(PxU~>{~~pbXkbGTJCW>p0WGUieTMbIA^v znd%UIK?uw$(G$Dal4{--TIN0SSwXQ%-<%_xF}U-|D7baD2F7Uk{O8q-d5%}sDA2J_ zVCR5^R}Z9WYN`vfvTDml6M+F(bV9DtQ!2j(Y6~d6YbejtBf*!*<{Q?PsQ<{H z{Nb7@pEWgMBD=!v4Fv5p^7j42kLs@$8>*j!oD)^7Pt(h#{9!SQlv^`cKd zZxIWk;i@X<-8N;0Lw;l1$k&Cw9{V#j_liVkaUVc;9SCW*^CTUhP~*beUrICG-sKliP3gq*&ghf;cnk}Vm3X&0|aTbo*m1R z!$9$Nhf}&)SK1Lnb{l@`NK*cOL-CL**j;nlE zSP#Iv@Y}0?wV8pyBS=WvDW*t%T+#$B)ua{kuCd4*wF_6!;#K=YCovTWm`_(GSB)~P zHsQ&2TtH7|UZFu_Uvi-_&_SzU-tY)JWmWI;@XglUQbk8S!kLXiK!L+z0#u*wI;s5^ z23F?Mdk@c*ETr5h32l+)(LIIEb!A2Shj^36fsV;3B&H6pO_Ad?$}9>L|*P3c^%q#pn3|D%SGbc_iKH;%wz>Vr>3%yu|sx| z-_edk7(Au38<0(D9xI<9J6oNdtl#*<1Fe=JC>A%`Wo=QtOl=CE8!%!sKzTw!l!l*W z^fYP%ln7KxDHYS>XkA#kr!<6NYYU&f!=Y`d&ruHQyi# zv|)keoM}ODcrM5 zE^>B;*I+5{Y$uuYM=YQ#;Z;@Pad2zLr8@ikqM}&w1+RR>TIMQ1k4T(%gAS@8VP=vrSi!E% z#_6tYZr;A%3re_X*X1u*L6zewo4LSiKclc8Uk7qIGiHaHR;aj()8 zFtc;9sc_Guwr1q6;ApDt9y0P2w)=PqXD0xp^Str<)xtWQy&bR_fH3^nTf}vT2dJ0~ z6hAAYlbl=>e36(io%+8R#C|pRb5WXuUSK=-I`;mFK*TnpAU+YN@z zs&gM68;))9dFel`6rgpJ3+&{6A0({Ad&>?``M5LGvz@#qF*D*5B<0a53J7AF~mkKPAOTu+YZF4?ye-ByJW80Jw? zQ4vu^*kT0$$3gKJcN1-CO(6WYp}sbJsT4=JU1+~6)!w74J@QNp;mz?SSa;Fg#{k0L zki*n-QDuR3;SZbQU(%!DB&u?mKR!Qdd^t%(*Rb4K$BIErNGJ6C{heB=rkm3pR73wD zAw4$dqenz@Pp8Ir%$hvQ1&3s^iuov{Is&MDzz3bZq&y6Et-wU^{sq+DYHg{^RIZ3c6I&lz)0m2%L zI&GD@frDkNwWJXI3m#I^!y&-QB{Idw{%aV=i?%<3%ehIN5h!G@4ZeV{-liXm^>bJ6 zDS>5E_H$S^71q1V$74o3cQW5KW6+HvDdTDdGzWe^wImww&v0T+78Q2GG@kb#sGiqo zC(Yp97Iw0+j%5>f^73-20>Sm;?{WP$b3MzM{yMl!w2k&!7xr^bPij`9!gKpUNyR?y znmvk&iYGuu6yF3%E{a|G#ypjDlZoPh_xCXui`9O3qpgPC6UUa$lM~6X$k}R&+NylK zrfm*kGEWCb(RwVQtq>VQ`+9G4%f)GX1 zRp^g{?J@H+K=g@Qo4PFg!oUd%bMFBFX~Uj%ow0$z)N1K*{lzfYquxiPg*o`0zpRTm zdn&5|O2Q<-r{qxBKWluXx&~BHBY;^3T+<`NI8B?f#i-W2t9lfPBEq8Cy%yE`73&x9pnQI?>7jsm_zf)QT^i8+tWE~9xC8?Ki(dj;vtwHrnKr@<5e)^ zlU@gLS1?42T*^tGmx$nf(YcR3UWl}WZ>HL99(2?5Ph?AJg5Ew+@8FZDt#v7{+~pCw zX?UuSTMzG2q!H~u-kIs=rMJmaT5N)71B_|UF0kC|0cTwd_X`~W3~8=M)M~ONwSY1= zr?Z(6r<27zUlI+ydfm%?R<$=yY@xPuHLdnOoJtl&&ZPa=@FrkVdH-C8Qvv8RpLg$% z#6AF~q1pHRj*oel!G5mh)h%0uLs13C;|hh<)rng0j7j` ztw{zAmIyCcHq6^@>HO?_^ap@8A@=4xy3WwK-27&vSwb}DeloIIiilo!xRScLhTd07 zjKKu~zuF_)@*>Z5A3csb1!-npKLhHwv)K~hw(cqtruVvSC%L{DBai6;s>W~l!5zOE za*Ojj&z4tfeEc168!#m}@wNzgplz58CO?~xv2J}l@FmjFvHem=22lNKLp)bZeKBaC z0%{`?Cg3&POkGo;7IrHjlbC!G>GR3I*1pe5l!ZWsi2C{Tj6o(E;VU;F4NR^Kz$?5y zTa6y_0N&DMPf@log{sIg03w0_qVrb1CDdV}y)#m0!u}Wg+(#LYC*!si* z`x1g1Nv7|&M!pWc0|50W6H>?oVzIN9yU4oXpx|}`uWg2*vO&@P=9{Z2z_lN(#z+yx z-ul<+fE{#eK0fFgKrG02pL#Bky*s;E4}`fV3&9{P!j`%W`&*P*{bZ_9;SDiGicxX> z32bUul-i}nSKNNuw>@~oc#%x$tnmT4@8Qp!wAcAqSafRuS1rz&{p~Sy_`-EpbnN-` z^ygt=CG!-EtlA+NGFS1P)T>nndshetJaTuCg@4ZByPoIz19$H!i-F^X(Q|^gZ0+jlKDO`J(7Z9%oj-L0pWiJykM$NC zK`J*!%_s)IVyl4c7}dz}%hX5^Al~@;U1MOUr1F-D;^a+i0T^%R-2VF23j(C%vSg28 zvOS-rb0mpVs_;7PtvC4}%5#ONU(1gWnj1to=^HC7K!fDZ&jy)dDA$o`B?u#x1w&`b zQsTeOB{!pmQdND*j(SOCZ$xUHcoRZ%Xub$OB`>tH;wNme>U>jQXlO_wF`oA`04Icq zV%IC6jkDZj{VwQea&_dZutyh0BmvC}&XF}QCFcm}npf(Yl=DLx5ILNxz%7V$=q9xP=xOPT=SUZP_3BfX@fToYOC$=8i)^0AaXf_%HgcuEu$guMX_Skn zAm;DZ3}fMMfB-h+Sof_5xVdA0$FuiyXDfL;K;LK+VgOn&V^Q$Nsq(ofVfY_Y2JY$R zDN&sIbsfC6AMsi`K-N*tqdEk`g67{mxhCfC9{>nJZ_0#q8XRG}AWkHHiEBPbKa#4v zM}zB9K~9tbLBmmtqV`e z&CO_|3Y_#&C;QmMRQFE*01x-}sdH_@e3~uyK$_DS=D?=3;6=ZHJ%E$HI-52CI(ZTk zyzGZY^7{T`cLS)13ZuiFTB_*h)8d$XrWDf;ZkJhthE)EEVbH&IYre5M0Km(udNyG7NC9&)2u}DX`33a?{IMiPBsHpZ-2SAN_5DK_nKuzu-eUIwqBEMK<72x7L zc|hD~m;pDC*i84F)P}zzq@H}73I~-<78m0mW6v&42M`lIuU!~>p6Nb0W3DTn198*o zIa&1CwH>~UV#BoMH>}3zsq29}I95S|4pQ5bCTRxf|Ag+X!jwDTjabD?%R`lq*K3ONihdO^E13x{bt>h}OhTbwGY z#K2$g&yGlOJ}UOT>KE0G659DgaAVq3bPQ01V#253cFA_#{xxGyWxjEWRw!!)-Ttm| zV5e9J1bo)}BdLnF1S># z(+Dd+`zeW|#>d9+$lelz$|J>a=3)IjO)k;Fv{6;=&ll_cT}61BUDXJPCw;Sl+U*sV z2B+ahfm#O8$@wmmkgw2Tjn-Kn&b0E<~Z;jK+Zj&yr*qBu+rzH^nGw2Al^kefF z#;bqjzQUI6xJCQ7FB#Wd8fhmwDmZM#VesgZifj<>q`5D;--40eDSnE_ZXL8H5&zB= zi%@jl=<(eURL?>3&u_JWLXbHFby^b&0!nvWL`&Z!(nJkKyXZC3&(rPgOciJ3%$9?M zsU<{_bK-!~jK^74oYLn{Wb8WP)Mkxq_w2R$8kgzh#<5OMJT*|>y+Juf(sAr%Q1kremViNnGBx$O2mRdz4>%@_h#VejICc`K1%rd zti1}}M^ z>vM`>lf-0)AHh`furVbu*XWch153MS(^I^IqE692i)_R@U;uF>q$%8s#2S5`LIweeTj zrC-Y1DWp8ox(I}%_anD`Fa{uCERVS6_m274bJFJ!WM1xODSq|vCf$qU?NxreCS`1nzSb{;5Pr9*&nTkri0 zPcFUzrhMTjHwDmkI5r?Ha=TPV2-f$p@0LGFRK5(Pwd)*by zz$3(?V>|jS=$VlO?DTjyg2D6n>FDc5ol0enMtBtpUbYDV^$Mu!zj*p|52jD*y6by` z%3$Zrd*D$CKAA|=NRkNQYXC>#J+jW7o}YV=JF$+hI^(zqMmmy@hV=o+N+Ltk%}ane z3Hq6v`@|q%?IGDEfQ2QMrx7(A|9S&C=!&w)L;+>UxW?1j{@E|6-LK*(P7l@v`BP!@ zAzIJP^y+nh3gJ%9z-tyEa=apQ*AIwGR zJWi9%6@x~?(=A!#;179{HfI6$qvc-HEz0rw<{D#dNs8#jrcuG>Tr;q$kUQn&vA8&Z zZVbDQpjIlis1?MSN5SW1#V@#(DwPIZhm#-TXm=kvFI;GDp6+#ftzi^hpsZ-G- zG=wogh)(@te6<=-T>(*2jHCO&Z10}d_iRueT1!JRs0fJDJJgp}LI+U8nWQRL;(VJnKE2k1z#;^K8$8*&<%E-mY(cSYzA z5t(=!9dCixhkZS@3@*AC)2&CvP;d^N!s^V-fE=Wf_|+G4kaH~ZkwIlnnvtE_NKDy0Ij5FUqdj!B@ZexO2lBbUxMptq z0?;2R7{&q2X|ZrOa-k)Q|MeCs?dsZ;=Q7w60#K&M=_9wErYwy5Abw$JHF*bZ3Pkb6 z@9?L_R5fkxRvIE-0k!@!ijfgVDgSOeDnh1W1F3b>YP?$*=y#U)0Xxu~bUpM)F7Wqv zae+OT|HX>nm~B>Hpes;iZo;sc-|scy`DBh|{PZn3Q5!HjqH6RWp=Ekiivq2pt+)>eCdY_H$oDVlwNTeF~_)eeB;1lJsuu$rn3JhDngir5h z->{wS6^%oGs>&rhTwv~YyMqg}C?iP@Z&}LfiZewk1rz?2kISwtT;~Ap!z)F_gZW0h zSgYe1R!zK0 z_#_91;dv`k1tL*|4L@dA1M(ZXoytVe`Fi5}TNaPgX6)(1QRUR@nt=VG0T@O&IafkA zJ$T&Rsj&+Xe%i*2aqavnOb`#M(sVXx@F-1d5REB1I=;N#{wgj!>`cfB9e$9`P#|h1 zImn^mA!XH?;HosW+rc-b$EB1!^_|XQ^3FOKDb7eXEC|&;HW)K3l(f=xoA9A?>S3CU zE{_@hs8IrVf{?4Bpkb4z!n43xphH6KCXOWDoV0dsPI^5(mOY^{PY0C11-G-}(ogtC ze1T>R!BwHmVxGoeL$~t}L&pHERif$YlxEj6cbKEGbhXD(PUr~8pqVe6M}fM|*d7|8 zN}W{2>9H1Q+$a0T4_yR4bs7-`WYYQ!g=o}7w2w$^hx5EWZD4ob(_#dMkEflG*#rO+ zM5`8x0|xE6#%_)>eEXZ&)(TtQ>bExogb@v6^n_=*FXurByh|$PrMpme**~i#voc`Y zI`QbONM-=gNjUj_WdC$gY$Rqgx#&-V$ZXZe>qtf+{{bUoYs9OJ&c zJgY@*pH(H%llS9~@gb&dl74yjtun`eI`qr$6cAqn?&bpSIdk{70lwxC$2#@G83;LC zB|mDxq5Wi;+D<8MBc>P51ZJwE~wYkCbYh@Kc9_Zdazhth|~he_!>Y_ zC9XLGs1&_G%yQ4cAoJ7Fz?7b$!*!Nd$T_(BghF*tEg;-a=i9Kk^OYCujpC0D#ndo# zE;zqpw6>I|+q!l$7IRYOa6iDKSS-)d7;b`J)NMv+NH({rJv$W2c zD=Rx{L$UHx?Q3V8S34ICy`LJ%%m6OM@L9jwaCItnsD0fzIYB!+>rG$TyI~CE-Q$Ls2 zLu*w#`AkXNc?+bOWeY?KP8Wd(vE1-#y+6_C9}@^5CgN)rgOc4Nle~!wYoz^Ohy0&j zsR9e_T4$1c=vntaMI4^zOJKhGY6ep}cAo_LOU%DhyQDo^*EbjWg+@qK-`+yaHdZW9 z4UM4UecyIAw$@yHquJNr59=NJ?!$T^Zg`!O=Fx`u@agBy4$&F5j)CTQ%+NL&8vs69 z{Am5KnEi4NAPN1-BS8VpB5!JELgwe%Pb=gZ0M~od7q4kx?61R%K_4!p=dv91Y(@>t z&EpQ^ZE=*VQ#uh{Jsw-H-Gq=8=H;U)E@oqkU+xF!xoxv1d_s7GykWDIPCJisdcJ2r zLja))tQR78asyCe6dypHfwoBd!+~u_S)_vI@3vvP@EvzXtZpP=SQ8w`9@{oU%*nC~LyVgZx_vNRmFCiuK zxY06td4}$dNB)U7vM|dAQ7#tk)%4t^c=$u%TA?C`p*6mX>jiM9>-SaZPz=5|^*^82 z_v#EGeXWp_srK5%8Py8}w1;ZK$fJS+k&;q7l&xy%1@IV7_RQvL9De~_hvu{Hi#{AV z>0V)%yBRm1fpo{b4kUs4@pTL!w*b5jB_yZ0$L?g^ZU{Xwvcd>W^HTQ|E9U_dZ!XT6z(~Z6@9uv>`HvhB(M_WvIql7G) zv#qKonldnj*#6Sz4J5-owiKBY8n`V8{uUdDegK-$2L?u(VL=e+mg$=phQ_jgF&i># zF(0>I2DnS1NKau-sOB%(DaB8xHm-3-g5l+S#fe|0>kxj2SC{Who4Wo|_Av-=GbYNE&3QX5fFcNAi&MEcc zrUr4RTHm(COw6h~8!Xa*Yz)Cyk*cIR_RKXqeH@~x<1Ma$X!ZN==bWV$%aWrsL@9aO zgR=AW$S3?=U$g-|o}*2^vx_M;uuUFp=cFvBcEM$Dx|bHEvAdB86gg#G20a04^@pi> zs|*nJ!n}J%Bg>8%;M>j@exy&qw#|P$KjKgKXokzWlxg7t3y8}U18q7jM>YsTn`@bt z5;52UZ!}s-P)0!C|G(p}jt~hzWNK3)Z=l(?azmr>${tyGPD%X>xsUdK-s+>TxLwZ> zdf_U~5?%$t*k48wnjoQy6;tVJyvVJHn|#L!mi+J|ZK3&d=xxGo@+R}N@kxvD%IPc2 z7}H(vQJTL@$wZM+?~dT)#T(yCtZUP}dgPXh?o54&LjbMgnejFL(?20!M!VZyY1q&8 zmfy{<4v^T(jjQUx)^$H`C1*0t`R(#=Z^RD^5E91V=~4S1qxBOY6F6T}P1`S}p9Kaw zuI%C7Hf7%vHKzKP765=QZ{hA&2W$zHJ@}uW-CBL-I@V|1Cj8@nZh_yiYoK-YdkYXu z=O4qMnt=SN=zPW%)E?p}``b1D_I<`COlEvW_N0Ifv+*;bBicW^6ajfGAedm=y7xD7 zwxasckZSd)!Ab33_a-6W_c8$c)$7+`=B2>ddwXOf6-@uG$?Hno1h*LW+Y-|M&dR&v zH_1VweW&(>o zf4Tz}v^<9H(cU%Xzi!y#rJr?Clg_j9XNB~fdL@}yptho2mVKb%tFJ1>w#*DhtzG5; zXqfQkh~<}a{sja+$h_-BBYHsl;vc36j2c<15lW{e`14C|@VBPANZYKo%UiDhahrcG z0FW?_QrFLKphV7tC}tbb?)>Y){Ue2_kn!sXCDtKR|6d5D9{QZeYMT+sKW^>z#+k{N z?C+AQmNNc+X^bRs=&?94re!FXyZ`GK|M$B8!+=s$Ki+Y2wkqfOhpjP2Vdkpcmt&8U z`p*T(#KJs-O5$ghzxn46UZbA?wj^y?Z1b0Fi=P1b66{%&5_ibIqSF8KG5mYG-~RQk z`OY(=|NI^$+T;5N&wsa*Kkw7e0(YN3*y4{e!hc*y<~guY`I`kne^=fA|2&h-iMtP{ z>NhVM59fk)>|ba|v}iIiF}(z;5r53g%mCuToB(kcsUPSF05YBE4f<6padK1tVF3Rh zkDM_};tHdOiJu~smv2kZCWLNhzE&ojycd|Fw9{yyYhb)J!gQ#fLBV zaI>baP6tTof4DgRyiaad5}f+O`K8;h(o6|J(AQ>gaH#Jypqn^T;%FN4BRS&V7ACQW z>!4({mxk}<|L-^d{7XUvcWaTlq6FtZgsw7Aa4SCDDT73HbaY%~JRsA{mf_B1S^^}2 z&9Uh0hsfcyyO&?S-0uanF`}^OJ{){z%|3K^1SC*E%h(7@~Bd6)0r^uFh%ixcQ~%Bko5DfaH3Resx1c zJ$oB-=N9^;ph5ZMw!W24%KPNLZb3o8NxEl3?RS}w+bq21gP&7UsLf|KsHYqL>X^;S z&Q1|_t$ICJwSkawrsF{Uy#xJ5&@U7T>4aTBXJtLqt~ZNRQ&$f%@cT^;{Xg&G??)|> zhIwO?v4sB9MD+b1(kAW=|F=`Iwy{HMBB<_X^M zHdIr{l z3#)@eOY3MfAW0(0_>ifQJxhSw5#dzL3E-{0Wp!%^ux!f2r6vlY{_DuUtiD{;mshy{ zbA~4l^Lt!RC=@$HYBX(5kI!;NIvx_sy|PMQX^vP3-J#F-=KLbU>X&pcRPUom#A&>e z(i=@)vmugg%VJj-w>)4J1Hl$<%|`}dvjQ?7X}#vD@o|AEf!?7$4bv{Q+=d3d1Mk%D zSS2JCZWZpi?IFbdN&z`7m1Rz41))6?p6Z&K9OGZrIv%meMvTydp~ABhquJkgjKGaM zUqB^5S3bD8q(maoxnZ-$ioCcUg+yqQG|gh$gT}Jos_!@9@LEeoCa8~MxD}9e zsxyGS8&UHQ#T%Uvx32rNbMzYhIPH8o}UBxq%c8KU* zE;?R4WVb-wKWK?KE&(WT_yK-Aua2bvz_dtCLn9$-abo_*Y=`wT=?O~y)&lu1JcCJ3 zKvSBgwOZYvhh&9c-f))LB7!%fy26Eb1?0>_Q5^AIHu4t*K)%VlXz?@ZJQTx=`AE_d zCtXS&BAG|hBFyt0p^s3{Avk~08=FBI#4Cm zD4b_MX869iJpE%iw?S?`AtPfGbA979L)cG*3GE)^fAjKVlD{ML{8HELtzEIyD_=!U zE-n=m5{7ga{?VqQ85(UYAQ?ehggZmdkm`+1hB5DPZQet6YanZ*$Nb9pfig?@Pl*WH zMn{?9l`=IXu~7{C2KcU|IOs~%Ph1*sJ!KOkCYd!lo?`ns7ZrF>vLl(E&zHI8ldq+q zdg?8tV{6s0o-Mzn*5_=SCtxQq`I`2Nmh0Vo*@yhLJYw80V1Dx@sk?TjwL5|j%O#w1!a&d!to9$yq)ix9i8CO!d>oC0$n49MpiUCwjSRBLLzal6!@DJ zZuHZx#(_Yon71r{K6uJG%#y7ix*9sv{X@MP+J`<*gR!0fRaF1k5(DX;LwJ_V+ss^x ztZN@hqHR7Z2>KevA$M?ym8Z;Zr&erY*O!M9=>OF#<^r=T0_J+G&GMFnX(&jZKL%G& zyx4Fx{-W@x(71;Aef8P&n%NCaGu~<}=I2+Lh9B;|;tGz{?FLf8p8(u#Ny@GKGHI4^ z!8|g@z$2tmCV5{vf(saT2Ic9q=Xw+k{;tUU7|E(rK3noxx93(8ej) znW(r+HCxRqipryeXc9a02UApcjldrZDN;{8ma=0d7|~h6!_;1VtnD+Lt(u%<+SUhA zHgaFNaPlD6omJefIV}2uJ%z5{wE%%LvTLQT*_Um6`V+c}` z1IEC@{KBy|Q$49nRTY&YD=RCRv^XY6I7+5D@gW_w+N3@3<(6kwsY>{l zaOqrr*}!ik#O+SbPOjH}9o0Yw=FZ20>yIS&4I;xk+qnXZp0H?%y6q)J1spp1e!&fk zXtfnx!MRt{a&*L$Opy9M)nV`{705@V#Vv(Zf;WWQ|iT^i62F{!J^Tb_)`o&s~q3UAr zivzDM(#$B2t&>N((*Icdzc%Vm`Hyw$YI_eRKViy${QG4h*TNEqqNiE*E+5qM8{HM5)(MWmv zwwCFw&!bFuF-%5P{j#;{(EO~ojgt1bkSN&9_s237xG!H2n5^#=*pO-?L7!i&%X$Sm z(0-VnoZB<}I5$7Wb+Tt}`|G8P-I1)Yn;OhzC#>n^%}Z$l`_U&~^qCuo`jYU>NZe=~ zpRPz2G|8P&N*PLI3OaWY1o;HU$D{7XEdPL30fnTD>yD(4$!?iGSj^XfBh=`ohImcy z(&^HL=7!=nA1+1T>B`|6K~fCUMRh(nE`epYS>KZv@%yfY%ZQNUeBu9qJW4sT>!os#NmvK~xUj z*m-&eHB~#ddkyPTGIr1lyQO*K$8UAYdKkKWdP1{kBKQ6)Q3tdtGO<&WmG#Hr+hIrl z?miS%_(vmK+d`}Sy|X*`l@J!Ws9*TdL;S@mgRJ#>&UOra+9wzsb^l(0&6;gBn^T%RzJ&c_F_3PVi#|;o9{#P%6SXk594YP$k zX6Nrd2;Nf)oSP2yZHG??b(V=83~=a?KI`m0*dyGa<3S(AkNH|e=U-G3kvm4{Q(W*c zi5p^LOwvA(BKjuWRzW0GJSF=4t(!h`E|kYVMq+~;-BgnFL8$pXTu{W>wDiXi1D1y} zT2dMEJ#*cpEA+aUX{`RL?zL=U(z#V<(}CaV_IIos_@YT(zWW2)zM;xkCYY1~y4qr~ju>b?xOp(f%dFp8|0hAdR+90bDDhv)0v z@&(IWMZ4}2&}T`JGDh!^u`v+}%&eFOwlaG8%hN-C7+X+?$g$8edx8k0GS`d6qjia& zG|-R9Gm>MvAr=a=-==>%l>UP<@1=KxX$bE52eeM*3Z{!X+A#gj7bm0^v2^GcSUo{e zcRZy>aXqU*qWeg%F`h|(Bj2U{p)^6~gi54@y+Wvg9C_rpI4U2Re+B3_nV}W;0Ti}) zEYWi@WOOL*bxQih>3n2&O#&A4Ao;f za`X5e;=|n8rg`nq1dcQX2peG(8-aDO`R&z#?=RhR2qaQQm@xi}-*?e3-W+x}{^ zi7OT)r-)AQ(7vcQY3snVnwvh@NDwnwR<+YE8Zuq&iqxTnllf8nR}lsfh>&2RRiD*t zNJP3-sBsH7NbRln(;at5q>YZ$v6vJ!Ycfes zS`I&9ft2zFJh|US7y8a23hyCLv1X6y3gMT=B;nU0<3#rds_HR82Ix(151!HHQ6XyJ zXZuYAj%AkOftCAq1j|N@Qo6PQBz4`auP2fE=vr9;)r$^<-?DnSmAc^~UX3(Jkg?lh zH(y}Afmxu`2EE9A5LL$}NjME@HrL(LF#EQ>%TaQVH^*h(iIn*CRlq4)nPV&5Bp$p~ z-3V&LGIaBT#7Wd(MkEQSk(Pa0e7qoG2|SjcFBw%a+qz0r{SqU|Rq~%UXqJ}XHD6No z$05fF4kqoJtV?pSA@NKNoo$S&T^Sc{cNw4{xCv7Tyu7sK)F$em_9o_R~7I>Z#Nw!Vu4h-Qr3qB~@15Ua# z6n9rrvVIs@sK=mX2c9Y|Zob_AaZWuXp+>v3ZMpP&QgL5MBe1va4?mSx|2nXMlk48A zmW(sXy4u);-~lel;I4v&N-|sKUApix|4%W?AMY{m9Y?ritdx*FN%OvdVok9>HWYvogsGA@Q)}%XB1{k)$7?@I?D~Oab4RL^0gB6O16bEI` z-gh#^y^2Qdxb(87yqqitGRf9Js}dbS6*A4?AiTY;7hWXxg)Lw=z)%p!K!TJ^o3X)}GCiH<;D3 zJrUk3#^q+ilai)ugv$pSmc@BiR$q~^6Ok;;GOx9Ai@lgb{}j_5LARCkdBs#J zs#}eHDL+&3WVS2U$3ue21OJ#zo^cjrpZW3rf?Xp4dg@Q+JOCou=Ma1!Y=lX)ynk2O<)iqhKldM!(|#YIC$4+yvhdV(W3W3KnJM=?t6cxLmWhs+~rYu zgjyrr37YAnGaah35STsRPs40uB~j3$-Seqg|Ka7m$j&=q-G4!7jy{&Hq$ybT27>_K zwge+Eae1N6br(A{nzWjBQ50c2Gf}*hdo-!9W{QbUn1kEDHN+(#Wc73L% z^ruS0DdL25f}V`{cA_~Vk~Zh2P4y_W&FAUqsV&sIqx%oHW^di+4AyQ|${N(OZA|Ph zW8x0lItLieAf=t%@^^_Rbmr!(KN5w{_x1H%ZFm6?DZ{~2<~AB$T48$67i8`4r3Ss~Jk(8=llquE0OYH4?`x4H3TkKCHo0RrgpOMhE z?;hmFe!nkW-GyHGhp1PDw(I!}R?7m+2vGft+B5~uAG^gWbuKN3Z%rMOLLS8{=?SsP z%d1x&s8d_EPs61@OI3{B!&g)~#gXYT9zlSR!sdvga@b{ma7^T-}4L)=RWW3egt(bNMb-QC1q@9O)WG!P@PuB9UAOa z|1LAK{9)RPmU#_~LZar}Kr#8V2J0RuUed_Km(J;XrZ0W`gmQO8^J6nI5P?z(grvq# zobh8~v-u<)9ZSmYIX1VmR{1OEkD7wKLUWytF0i1}*<$wtLVIvyn6!vAMdp~kxj{?7 zU@55py0x@uZa9SvUucL$^~Z%zJ!JPn{Xde@(2$nZW}gY%%~g1fu5vFoO^@n14lZc< z$8-iCKf{Upn;HBBYMSV?$dFFn{g|{^2$O-&m|6m7%l4K91@VC3Tk3|Xy826B`{&^# zLI&t-K(|87wTyf%N)W(_=9(AjMC`$ z8A5QwM&*rS$mAK;PLw=O*cDT9JD+A7c^vW?n3KK$%5T*B$#=Q%o{@w zMin1ZH*n3q@VOL-hrHN#^k<~=e{8DAO~f__uE2WRQ!QClihLFt0!-a4%vRILdusZ) zgV)`jj!`Q(sbA}0%j5%ox1zu=rKBgV=a23UCteTGcVDkONy9`Z{kY`;t%BV>0`w|W zy=gH`SfXlTmzMab}E3i3&kV4!cOkoa3QtuVPs-n2~lV)GgN?t3jR>%ec*>8%;(WX|7<|9?1n zw6N%_vHn>7y(>>~**xH^1~VL3JbXflOQ5D8tF!yE;_|-aJ&$$#Q`3$#>{phrKJ}*> ze)otG&OU`h&A)B2u;D>%N^z^m7#^({Kx6DZJ!|Q{+}k9Rv5Bl}3%3sr)hdav)5Qg4 zwKmI1)sx!7Z10M9Ej{o$%zAa#;Cp0iz03NS*L2v#14|~0{0Hxrr`hPyZHb4HleO~z zFqlOwWDCc{7WY@=%Pd#<4!y6G4G)mV#{w!G@4Xqtb=O2*SN#l;r&;w3#0`1#=6$%w z8-ACw5o2~yX`}cuR$lJ$GM$;AQgs)*x z@`+UgWxLdqj&H6w#5*VwS8BhffthhKxObH@MVWj2-1VwQW*$B4Wd{aY*A-po`PtSH z)4?ffFT%~++|^*p0A{bO%{&f_)NWKWk31hSFOZ|==6HGpFdTz1xySh#4iEi=AEYjPc3!z_0#E9+4dw9Bl`yX zA1F;W8bmT}6crSV7ch;Nbq>foOE(DBW9d!5UWl;%!VjK(o__U`3fhzLmp6Xmfw%Vs zN!et)Vk~+{A3#9<#^AU*szHimW7z5FFikfdjOZI0x^_1MWDK1bcOOoJcWK2-dL@T@a$0nKv|w*TAd{1(LiA8!Kr z-5h|p%>3b%Wz+_hol$ApXz|lhWBPEk-<_FLFZc2Y%a$pyyDI`$dw1|XyB;-O)?>eG zmDD^wg;+1eG=WyRKlF5U^JO}+y-@l2>h4O-CD{$%=19leFq~9X<38m@lQ>H{Sa)>m z&tE~zz|3shZKtz)>On_zb;tP))-MG_0% z_;)Yyzrc`MQF~QOAEv)De;+<7L;2J<21vd9imDps+o8;bh{Z}Zlu+<|z4klgso0qs zUEohQ$sln%-;SxFnY?OEK;XMt3u?0d)NF^ z9NXJt(y7@XBKL!*m|Y{b%eYU=Y-Ixp4xU9~zKfTz!Rm2vPV~nvE~*j`7=KK?tdNas z8YX+J6tjQ1OAeBpd*__F$ij&U`SFAGtxCNcf;_s%6{Dj%bYyO>pvrEZ%|F%Wt9*_J z)~UIELT0xiZLxy~HPHlPQc#F_sEx5Gc*UwDuzHiL=)!A#S6%7Jd=U6P7OgVNF^-Ho(#4n6eH9lzVXpS}09-@V`Oc)x!*ZieAzSod1% zx~}s&&vPAe!8>LutP+o-%qrQ1!PCq_e@xgWI@=5zQe4dW*cV=WMn7I7$2c|0jUbPl zo!;d}KyA8C+mg1x1ec{MuYTV2tr(6u+vit%@ndayFFcxOWoC8;I}~m^ed^8~-rAx> zrg(7K{bY39@0L4Kl#;qBBzK}rGBG*X!Cbg^;v9~8;;z`#^ws{y1CO0+f+^l=`%X{lBzLVL_xk+L6Q zwA|~wGB2?JZ6BGP?Cwmh(`?O`bpk4A{_fHMfM*kX&hPPaGbm$nyui$$%0lwfR5Ldj~-kER1o zfs7E{+WPcaWyw&Uuj)J=mis~D3$|o*RQ^k#-Hqe5f`LqtMJd9%aPR458=5PZH|0z7 zmpM2id$*L_NF?RBsA(Pf(pa3`Pk1}jzFR7L(`-A|4rqz~yx5czCV*@En^JyGjw$H0 z5YTrLW>1O!4OPRZ!TA22_l~btuLpsfD@A^~Q5PfJ?YC(F!Tl z%W1ibu>SEK)XTbBlY#hxu^#8I^~Kr6#V-Lv6aft$8sUwkrHnE~neYQbhUaTk99xGt z1cnnX2KyP>c6RX`63LeLWbo*mVW|QSb?!`L1^plMVKIz7rl{0ZL>_yzuj`FMr8t0} z;;6HT(4bU6RMWJ`I#Nk9upcLFCW8h28QuPxC}wh5Qc3WDE4Grj2m z`5|MNQX}%Y>9P9cZi}g=iHR=3C`hq+$&M$h{slH0lkTy^w?+)UPyD~54QWhh?B^g# zMZyKn{I_jg0StGJV0YH(m)qIDGK4-CTA|Dr&DkKJephH$>V@#cLbZWzT8!mW>E^tr zjZC}^T=#wgZs1btTRQIfMBQG+)Bclv`tSBkRmx32{D`7rqs8c#8Q>U#M8X?wfb+Hc z5=C`F;~X69N7LHnMuyTAgb+aftHR=v@TN(#WZRKEKJAja8{4s6KLrc0zCTiP4f3t` zbfPO}R@PKzX#7I@UcGjFm|K7+7^k|RK&4WzJh+N(pHEdqh4_fyuRB!w|JHCtzmFq{ zcJtXRzvP>2YQ>M8N)7=RUsA*A$586WP(Js^&-fVOlq{G(4YZZg8-iUrdZRD{Z~M^i zxeH{Lz9Nofb9y*3J6urDEQJ0?kJpDzZ2k*;p#Vs8${9u3b;5xbY&aG7n6&%M#7K_Q z&cs3+HyCtdJz1xr$A8D5T2Sx~{oxbJ8(+5?6`mcW2xB8oN8mPONkcP$# zl9mw3n>c+d!m4!t-Sn81D>lZAe-zoGSvi&?XKEuz+6LfWh`C}?LMBka2`^6a-Z>Ac zzew=Ht*nKnP#Wah*wQ1-Bs8emN;N9zyT>Dzzpq_ojEmzPm0D-iD=Lp#%y*&VdIsv=w|w@;ST*Gby$wS1!?YT$ z3xsBDCkW9JAvHC%jHp?2z%>?D)8Bs&Ig@l4?Ck>h4GIxtaNaIzbELT-YqH{*^^dEMpZ#7#fR z^N4sZ+@X((Ux3pN6cU9-zjZn7m5$SEW)JHtq9rv?PYkW5(kp_+RsfgcuO&VlO24?0E>W&1qPG3 zF0g5cQ-l~9nMlPz8Mq}@43VasdwVHMxp{dyBa|;ZxGwxVWw7skP_Ovp_4X(yKi_hc zE+w|LK!VYTt8bS9)KTO}LaFw2d?if7!EvU8Hl?QkU-|gmJK1k3!!Mit9KWM)YP@>G zhIh~PDl_OIDINo043i!EIVMjLacQLWJeno=bdR8csu(gS5Ak6xta;A*#y*z~zPWmL z`pKme(=pkqzP?s*=2E;7YM zzluTj#YM>=+JJkFdy#XG^M*6(y5=C9+%)211lf@B;|KG*wlxW`m$)kO|h}D zn=Eu3f#Hu?DCe)7t3o0j>>WlkLWp>S0FdgTKEg{sCNkM1H)+Y{Lxt2i>c)w>8&XLX z{HTmNgiV+mIFyE8Y+RJ5Gn3NzAvXr7fbx6AQ3uIl`6Kn)W zpNc7i4E?eN)W?1owAt~j4lzj>Z#y}^wX>nhs>Qm>wPnE4)f!*^CU?#Rq&OH~_e~miiNR~ljdSUIR&P;nr@>MT(t>t$r3*|r zI@@NcSRwsld<_ogoikEl{arDKw-qdg`egH!^wrUXHWMA1VRNA?y$V3dD>9|eeL>j`@b1DII(CDDhdk0(yk<- zPS_d$V$GD$=*-NP|J@)WI7i`BiNwke1mtUL=*TyX{C)C!y^|fwpx{U}K|w3MZ%QE3 z*bwV%%e$~pQJ-6-jzZyo-%fRHiA+CZB}p;3wZ~5s&ZVNA<(Cbdn5`{lW}gw$rh0Zv z!e)+-`H)HAA;QxM1^zt1>S|41n+TOVAbMf=j{IKqNYKXS;i3k7CrHI=noIr-6q11J z(@SoWoK2yrRd3S;r>3N?Crwoa&RmpdeQW=|pE6WewZNSjip8mRUq%n((l}TViJ7R= zB?6sMW*t9Zt7{{qSrQqxJ&l^G&wHU_g-9@039o`ScL+5$(m(I<|8I2e3GBKBu@*CBj>KBiKz30r=v7 z7biUtXw}8G{%Q}XR9}y5KAM#5>giG2eLOunYUG<_u(vkUe>TO-oa~SiC02?f=6za; zy`!MI#}bPvL)(lw--k$*zQI%rXa@o#J|{+!PM~_w^TDJ`UkvalGrI^XiQqd?#L?;T z<7-tPFVC#s!{_gxCWFK$;THCT6JNywsGgM!?FY<7uo%pcS)Js6e%vUrkGS~kllDi~ z^=~BcIqh7Z2PV7~l&S#Dtq)^6D8?0`CVc=I^hUlzzZ&2I6h@W5zki_O

pFcy2gd zl}%?AfCKc~g6SR4{LcqM&{?Uv&ax#&hx_g``v=fAOCr0+BA zSq(Su$-4W&F#W}g9u*iYqHL6#%Li=+o^Nd`uw2=voZa_Qxy|h;N2wif@>ANL(a5Z@ znWa<`kx%pWea8E0-|u^6WuC;5zoSALUF5;zA*c=MaDG>w7fvyDFOGZr zbSP!|Kvh%ILd*sb(zpNw*a23$)?^}lr0&4IRi)mm<_*&W4gXr=ew;i$w{F+85kL$&iPZNS2v*eZ z^Xm;~4ZP+y8Bo!P*D$}i7TMU2={e$0t)^Kc>p$f{kgc253xAArR}g4W-m{voP(P$o zXNy6ob@ZS_+zh27S9-LaNz+@*dc51H(X|a`-AN_)uU3@WKzGuT;5d#FmP=0Ng z9AUT_-88C;Cq->^%SrJuykUD~>%Z@$Axwi$o<$hG0WvSP2B1cbAC+;PB;O}M^P8MO zu+Ka*<~U*61Q3~dDO!J>705@I4127;I9|1EzhKA56WKP`ADB(BNN;^18lYbC3)55c>tK;j?`0$wyzc9afiLpk*?RR4O9b&Gq<@DJ*`Tfac7K; zu^IQ*SF5C=_cX!+xOPs*PHvYEvrXsG432U43+Whz+D=-XMz|jwsg2+bh^#bZ7Jj&n z1E-lyzzDmp*9mTrMA#Td1PFMvGEH#%%}Ef#Zc!}htR&G|b%oe~SaPF6e7@f4=+4nv zt5=!dk>F3Um*{Sr;c6;&vfmP*9-r;GElCKcJx;F0Pf8*v7rhz|M{SNQws)*U$LEBZQbN+K8-Xt}E5b79Xm~J9}d5vr^z&dctock>Fson>XLM@ev!& zvo47U_lDif8zjrU3EG2c34-hP5Q_CAUF2Ei#r4`SHf+^?KfJb~DAlDm6>+_~eaza3 zJa#yn*Fh;I@)e$h;Bih~Ku?vZ0#90Isn0x@4N^Y`a4S1fUR)V%__-jhLp8n#?i^Hl zDv0CYyB#iIOEn#Th7uq}<8Joq48$X+i`Q0$ydd-I@spm~O{ighFOBhbk;uiXW59sf z+`FkSZ>Qv;@QzcQMR4o3^SK`vbk1WId!_ntmXmJKZE~4-9b)hkTj*JsOL|!J&(ink zs7EZHrr71ZPP{~^q5=}1kR0?TdVNH`z3x?xbnU0wfz)-pW<0p?{_zGqi#LR)W(dlESG2x#?ZnSJ=-rIXCT;DtBlw$z&X~@C@;@ zUbniIM1G4F)Q5Gjfwd9um|*#xeEW_A3!0UdpKLCi@lQQlFYLEBVm1ild#*I9mTuua zWAj4tUY8CpBpNFH^gFrg4k5~eCP9p9+%+TZQs_=l>I)U^-+<0pQ3-YTiCUEYtMdwt zchw3V0RQSbVc5Bcdk`FdL4WyRhZ6o zdh3U?g^dk$JSKk4QH4#8Aee=W_T@ABk-OThQ0JcQh}bdj`1nLNx*}XY>67htaBAB0 z>Lcj$hb)Z32T6F8MZ-*~x}CBy$|FH60Em1ldNt(i@ll*djng=ZA*$G>MR>cVJv%29 zVHZFJnRh?$6*LdL1n6$T>W?p>=OF|4KneI=ZN!6!gEee~D4mwm%IL<11p>vd7#2ez zdabb?G7@7o*yF5o0p)euaUZDo;#KHA?)c`D5tn^v87Kt^w`QqX8i_Bw-eRr-6t?nl z%95@H-%$3G2Q&=#Ae-9E^pBUG)bl6L<}rb9q#|v27 zbvF!C5}CCr#|QSqCN?VV>A;~HO7O|c5u~*v_@pkPePXY7f`LOsM52)fXpug_=VpXqB zt-o>i{y^J@ut+fn|0iwK$dV0-%l=yf9Zqvu5K0EK&}8W4f$iMk0l7MfxXJM<)Ds?ILim;V{r^@po8x!ZSC2B0U;STVTBTW*onX%~_x z#snE@nleNL%52u0cn(TZ*s`o0v;|o$EIc`s+PjS(*~lbvAM?O|wg16fDqR%sZT23U zB6X$|rJKwOtJ&r9yEDM{P^(b>rIR$p<5~UnM(90f#)(Fo$a@l}2Lq6WWuNWubpBlQ z0RUjNH&ZLuIa_8Cw8Tqv!v3IP;+60NKT-&e5-ok8&rzh;u2t%Gfz9cf0_?_b>Fc@B z_x*zL(a#E-qnvw}mRlp-{e+4oa=k0w40Vs_MNXSTw=9b4z6>Zxjx3xL%$c&KL)q@5 zhcAqdOys1vUZ!pgES`~5m-g{ZReANhkOruXX&{qO@aX5y;E=icvKJ><=LBi5mMtKK zu13EWPad@0!3P>(N;S~J;3xSw$N zD+Po>kK`S`Eumtz2N0(xazZq4U;MFH*dh+>xSQM3a<4l(UOAOvm1YDz5P5g5TW>Fc z=-sN)b>|#(PJ2ziluFpzS8%j**l@=-aT0^tqu68|cCziS)wopZyb-{eB^D+Xc4V|@ zMNK{42jh-wq;0#)sM^VPYl^!lY+G&RD$HfD&iRArYM3%?lO{4tzQ};bpp#kDORw6+ z<^0Oqb(|)DIAv?-T6K@s#&R*^1>uH{6OnvDu*1NKXlHAlDE{_jgH@Te&QSQY+0>MmFeYZp46D{;G4T{0cpB1G#*1 zf2C>PGrOu=Hgo>rR;QTS;ML;(3q*evn(SyMdsM^u9uX&5dIB zGn|9|EssJA$3~!TPn()LcYfA-avX!I8OxU4dpHdZ=nBxt@d0{Dc=O4Y4Mp-Z+ym7w z8?pO%BR)hBuxtQ%FC0n6ttZfMzKEhi{t~SBdhl=(Qk&gxf z2%Qhh13dq}KpQSHnaY@068{mIyfJSR`W#pAjn2(w**mylNrH&PlCWFHnxBt26&I=o zHJ9z>3m&+lLcz0u)l|_rrS^-xTdktKsM#{j)QbxO|3K06>scthDtz*)%gg;uEbhXs zeQx@fNvUqv?J%cP=~Fk)3q0gQFsf#?exoe_yjd)`$jNfC&?va>LH`3wQm^rRk|23r zO>zxOX=NyVREmiT}gxQpnX}eHO=KFO>%8f{rSf?wm<2&%}9MfaRKHs zc!`1+m@(|sJbJwJNx#yuqw1?vi@5{zP6-CgBE(IRFcs=sF!tA$*v4bl+3~gUyuxa2 ztC`~de*GrFI-xmQ5B;`IGVI3F?h}tiR*@t8J($oeuG>nx$%q^~Wb^IPa+yw*LM6qD z@7{(Av-{38DTqzKS}LxPi1H6FfJ&+~M>mKN;Z;)7BYl^Ht@2>g?F&TpFqjFlGq)cjoMh60%zDe{ zR@YgoNT=<3S<;vn(-T{r_>Jv;9esjlw z;InY#(C5!21IR@`e)ky{C)W(N#+$wY5C0yJpXarl&T!~c+B#R%h0V*xvy~g6(I$ON zW$9k&HMyl2vJdl5_E$9q%=b{J|^+T-IlZEI=(X@tl7s=<7LEaRI#MN55sb2xMh?#uVt7U~}<~*yKwU$ouSix2vvuSnOZSUuB5=xqA^#LuoWT*A0 z)U@Za!6=rj=MsD!?7bTL8 z^c}oT?}KH-`;umvc{+}!ncdp`I%-KXv$-iv~nq+Z!rx;=(O(c=W9%%&F<^$uJpCuJ^{F z^s@dE?zq-f1QH@yu*9ze_1CxTy2EKUNoiVdRRA3BcXE=!diX824D?)j0`yvy@RR^7 zbJ4oWsYQcivFn2`IQwBnp``2TafI1)?5%D6r23n+sJgy&HEzBw0c|8m(b(8{U6ahB zB5t%TNPRW3@gl~gIyf4LpFPl7Hfo~!woX%|hu3xeYN$ykE41TEm5`W*P>&0LVEL!A z;y7~Q(!@7dG+gAWjRE*S{3Tu=#)@8dNGd(&F~OKGp$g>O9~ZrHYH}DIflIEYT*x2B z(Uj1(!9ND5kMB@C2;93($b-MM9iQ!5FWPAU8w_aM70t3K5x}5k2ygadI;Sv(Wa^{e zUL+URyME@7TVXZ1mIOXuPLpGE-gqy#INo@==lxX7_Ut2kmKSh!)PrGDI&V#^GC=tV z=hqPvI6c!1xCcVdg`Dd4?~nwZyRe#`HKyKlxfl;-1DJ|qX=$f@IqDu*d2^Y~;`%tj zueho`j!-ty;sWPGx>{ok!$!?0b8?Q)`Dh3uxFiX&?cORFd2;FPg4?2Ra9oXh(d^u~ z(tC64EK$BhKP8A5VJGiYKapcZyf!Fkr_TG_xFAS#B~G%hYe!77r0bJ#Rw%bT(II^1 z0~ECk(C4WOwF@?-WG(LFD<|8_`sdtpOAKQk!B~mfiw5Q3IV;XyIDU-Ssh1p%s8o)l z9^@aHq>l{F;SDeI$C0lY>sN`+k2%SM{$(ZHCida|>}}kV@gjTYk%u-OojLa+m8DHs zLAjok6hm^=ut~pNf1Y9JzSwQL4MI`+mDN>Gbo=%=I~bob%U4S+t8k(nsLzS4fpYc$ zPc~HA?ZPyb!hUFM3MFN=RfW4VO{mk_lbbX0&XplQRDe6uU#^WJhZA0YjP!Y!k{TXI zxJSyiaYSbIGr_glp702O&k}#g zh4Uf`yH~DjIfhAn0yqe6RnkXVA5K=kyV&C{83FU>fRUuS=Q7Cni*+K@g9JbxD@NVa zsFJPWm>$HTxxS3v^ASV(+WN%=TQBKD3)NIzDt*SEyUH|R-6PsJMyP56iJ+rFV}jvMOi1CeIZ`AE##UiD-Y$gZYDO70xVv1HUJJx6TQ zaQ!~Q*HZvE!dU*DiW2AZ)N~yk&pkmfWC%; z9v94^0A*`l(%R(YSN4`*!z}@<0K5Gn>6;yLiZn|%?NqlGcd#}Kk{mqD0o!UQZQtHu z0iAj*a?;ymHNozdRXz2#seYpOeam&xD8w{Wts4J#$?<>pn`nK$%6~a2qL-)+u%!40 zHV+UKLz;4ldq#*+b1 zrHAy3V=+RTr>5U*Z@KqRPfsUXxUt$6t~6Wje=^&kaP~lin52@G(6(HUYKR+xI!ystycRLD|zZ?$DFhA7TVhpM*7aJQH$(dJppt{x> zy?Tlp?OuvgUf`ZpK0J}B_O@Vm$%rpV&|&onJo25UmQ^Fa^@&JuJ4Q&`%$}c?fiN8I z$oEVvxU*m2!rk#)18JsbyX|9MKg%b1vM^CjUY4}h(V9mzFJuO>mt2WhKYDA0cySDm zG)lFeF738XKnnV2PIORd%apabl@rEK8+35%MK!&MXAYxd_d2+}7+3o8SaL4`pRkej zvnAAZ#BjyMe_{qse;fvqn*SAcNs`JX$4l}RWsFJ_MJja$&pIsF6Lr7ISt2pPOJpfx zpK6ysX%}5A>WN`1JAPHIE?wGwllJ5ZhREn`6)qiPtG~EegRH zgd|=1f{oZu!GraZy#yAjtj;Mm#qpK8U$2{;#}*`lMktEvGa6}TkAANeYBxWwZ2~)J z72@@AKTUIr1v_5|<+QO@7+EWq#uLtgdR?QAyJ8K5)vy;S2{zyXLSXyV(Sl{v!a{F%?&Y z!HRJ5Brw}{^GPiH9uM&aW7T_Z2~>cUg#pAueOh3$^da>-(p2{Z5`)&wr){OrN60q! zXU-<+tJ1~&KURE!@Y{Sj9Zlvh{Doe-Vx0tP=nE7;9QVM8PCL(AW@Bh8g+Erf7?_sKX5wT+Zqw#KEiG6mIgG#gl_tV9&B8 zg72u5A5W`zw;iI1?Hla5y}xLeVpgAcuPZG;%y{a(fN@Eru&0`urHGj{m(z^n9jCjB z89w=ig=5tP&bK(!>{3i%g4^;(>jSg7v_Ho~eGMC$F>Y}?$@BVB`GuFjdM?g*EGln% zopk`)n%eW?U0|L>iXIocE+N?Os?&O-7;t_f9Q!Ut#vAsicpZ-4A~v3LvZW;-crbrF z&HK+>p-<2q_)eNE8L_R4GIT4^(@5>S{A~;SN^0W&D2?^{hq1uFOaXiqjH^PY#mQ%v ziBU(9GJ7oVU4Ccb{jD)7MvuESTPEj5D;1xeY8S!K)OsX0AnNC5P;_%)t6gGw)hwhq@PTRi*Qw0swaRqbXEsw3Rd?sfJS~V8RD)gOu|(N9nc2!ikBAmb)K#o{ zdm_Zt@1hd3lRPW>A0DiQ4u}>EIHPi30o7v$?OPV+qCsTVC2@~7f3~b(OJbfz7pG^7 zWB?V`C3)S_Lkm*@OW2YpzVnv9=GUzTESc+{H;m_=$*>FAL+X@<`NJMkzms*{*#U-qZT)VCy!yiXm|V1 z1_pwnvjyU&k}Ll?8!;cDDecX;fH&aLl9SZTdOoV6h)dgDVnC0A7S1`n|>DS)>} zCHdJpk!FRL;Lit!XhC!5M_!Tguu1Qj z2WHVob`J(CgIL7s6%hbbtDHy%KC01~v6}ww5JcoprL=2B5dmHXwlv?CXW50?;4`c% z)NDz1NHs|0fS%z3T6(8r4$=C!}SUS|5MZXnafjG#f0Yu`1t z_>-%3|C#PhgGg?zB7~0@@66pEDXyZSU{g5Ya7yDT+(oW*-E}(vd-wl=*dg$HkhO+idSYe zPo6~jj03r_Pca`mI|5g`WTv(;_hft2Zs%;9{lS#s)+HXh3dm~GNwV(6Lt&-5(etuB zA|^o(12>E#Qqj2u5DXyOWKA2?aVK&)hk`q9F3uv$W95nXysl+edFGWu2itD(;}3L( z)7*rSASXlSlMl`bJVyw-CQobu95^Ky8lYwsOrjSjT-VlF#s4a0{bjE z7UtnKK88at)d9)j33rMSPOKg%bV=~I^pTvR!_=aqsHz_Jy~F-a5QGhY!a5}cAvLNf zl!vi`MoAozrOkJPi?&lHF9*m`Id`v_q%<7=`Aus_H>KVx|FEimYhpcNvqA!7lrV$; zTtm!-#Lg=8gfySP^IT)06}Jj*yaMm1#&oGpIgL-^hq~@q6V>y;*kkzSg*4ENkhs_~XxO zXR{Dxr&)bY(TTI_fgu#Uak2BNLG&r&f!EbAO47EjRW{J1Q=RAcYL$*enti8vKis(y zlbPlqKi-1yWW%C9)uPU(@p9BA_vWMzm0RSwG~Iu}{=t9(PiX7p`)mb3@ED^$AiRx2 zc9c2LcSxt5a}ZjU#NQS=IlsR10BFPgmr&zB*R(3Qj4bt7oB>RR=~pg{mRTz z+9`ZktgWXeHtUDD)0lUwO{kqanCtuz*GILZ*-+=anqN^o^{T~c!(rb5x&5N>qsSc5 zP&Not&`U9z)1ppcnq`ok%;7r!`}fgm6@fIbT1W6p*s*5ITbwmI9;azRq*lfp*w?m~ z3e|9Y1+AQZqj|`il4pUq_=-ND@(s?=@Vd?jo9pms#Eknea{Peeae)UalQhMSjlF7( z3#l)staQg*7S zL!#8{G~XaYGXGVT=}IBHMZtkM&VUvUdMTD9n-ACwN;dO|p zHHnTMHi4K1H`yMA z+#N{~!npL4xu4gO_WO<+NQS;dWgg5M+V`h7nhZL|bfvXw=HmK*`j_qPJ%TN&?d>V% zoRCIm8(Yr25Q-f_{Yf<)SJh;Xxptu^6*Z09o6g_-zVqf57Cw&&4r&jH&OXISratSu zwLn6obO~VJ-+ncBLlB#b8GY4~p!Mc7M=9qK+g+u7ei=NJ$pFg><=!o$VpH6O$2+koB zUh@UJD1y1XLN~~YOMBF8;~H`%MVo+gX%U?dGuIJ=~dJgxU zYXoAqm%itmDib21z%1RK=F0;*Lt@fCq!t&GZW|%ej;E=fH_VQC5cab(taI{uAY~g$ zQ9J2z58&CY!HXQ}aMD<0_P<*CdNFb#dPq|f0n%Kk_LbJ|^;uJd+dH`p^0~w>{UW9I z*U#Vgz_kf;_E=(GRaKYn9ohzDsA*1R6X;88A)Pnt@rvaREeVxs?@#l`TRBrMrcqUz zRP(>>RN82U#@+>B*h}ghg*igB#oW1T{!dQgET?_IAzs!@n12Em2 zQ`3F1#<`o=!MSfCafs-%J~Vel=w7gAkS_sb)N`*#M-5bAJy|XuPOX);`d+tQJ)$GU z>loJ|Hx1ye^`F6{=ml^C+=?yJlPmpJXttm~8dsQ|gKfPsJfE}GFPb~9P9isv*m}FF z$%*4P*4lfjDE`O$3T+b=n~^q~1BiVUM;QR}zd&oC`t`+6?{v&#w?TAD_Vph@WY5P$ z%YXmMNDBGn?@R7?am5{sYpt)0Ip?PaqF8#kzJ2`QIn{uuy#uzCpKU5AK)h~ z6jR&f%q7((JTR~o9WR$yFVE^1Xy-wGa6p>s^}N8vtvZ^$Ed)fx4n50SxcoUBT|NM}xe`Kd7piWS>jiZ*$H{IVPkB2M2_S``73$+}~CrXweIX z=$*O^Z<*a*(0Z=aGSuH~&7-)Of+{}w}vLTHD=)NlehRCj0O zllhbv&N@Vb1+FG{w1ibOH5*9{54KoK>-HC&b9Al_gZdA!n^`*8F;^XssmlydD7^zU zrbvZ&RY*HQ$L?EkbzF3+IvNT0FxP}Vo5jh_k|nS}tk2YvXaYu z1fDn6+s7*t+a^3-+yeMHg9d%U<(xNH`zE6A>H>st@4vg>KY^S5qJXvY@F2j2`k5As zjQE9>;+e{HMGk3-o4HuUUV_P3kygPjgrZd#cVO!mBZo^P%CClxa%c9axoyvRhPlOv zY|2kc$`l|YQ23r9uFkXXI4IkHtmb7~4|P{>Lx=#5=P3OVw`8w*Xe6Mv z$uXCju+scJRVtLOLVmR+_-s;s;8c7mQGHWJb5lvO$-tIE3@1(jJBX4b0RB(G=Q{8m zvs9KPkqQMpY@dPTp&C$H-(^zY9hdI{Sp3IY*bq`p7hP-owl zh$m($5AMEh@F)@vvnj&9K9~M3k2#@jM(gVv$CS`W(X_M?edDUm%S&yCDUxM%OsMTj z<8}BIT@#ilP*4CISOKO{$x|!f5bqx<)EU_GdG-|kiT4=`W6RhKxL0&Y_9isdU1yu9 zs8k!ToUlT=j;6(eYf3+n3IVNLT60)O$n;h!UUbs!pRY$Y{bHcRb;@Asspz7!9RwaC_muCwf|Bvq1y*>A$Zy+Og%DP;3}^5`6JGU`!3< zbE8m4)DoIMP0KNA(C}@jdSz4*NP%s>!&wI>#6{;0rghB4(@0Hv!Rj-+jiQ$k%AY+j z#7Ey76}i0cUKqOY0puTVB>l~LuiPjgo)23cK;a@srwmXBZxI5w6^gzj@5>#4ZkB6) zK{8N%_kh(uw&U5RBT?;5u;ACSbT6NdQv3W9r`EH;t<%g*ZH&lS?h0I%lk{ zj!Pw8(2RM(!*0`mD3XIgnz zPdjO@YHLsfjnac?p}!G02y()x=1n}sKfSD;o^(l;<_3X*Dt1EG(xT1m>^_ddh;ZK-R7L1S13pGHsHhQ`yizN$uNF^{p-e`w3+ zG_~8J6<{LS-&n~iby{~#dZJFQb@?p&tP?dK>mil|f5j4fJ`7J!BfP;dv?p&Xjf1iI z$?9M~Kg#JYW^_*tb9j;#70wk^SkJ}H+&PMY)?~cyBhs@D!r7qZ3J{?E%;a@TDKoRQ zy}aBFa8mLN=-XWrHdwV(VbnBEzX#;CE_d4WHTahUToq#NJHsj19fb=kLXkZiS8fJc z^1TOs&ON`h1Xx%B=85q7@T`6?+uJSpOYQIa@!7h-(MkJijoz5AN2YDYEEo-5tCq z&bj){G{s2x2HubQw%^BLvIF5&ZNNK5A+kFIX0OGNzvc6nVvcz4*kAAX>^Ie$BDVp3 zd~KwOD*!;{%CFu4=7n7t6)T>N!u9*_krR9?3$+*iE_iL44mDF{CMN2_?u>r`ZLKrV z!1F7kY;qRlt`osDQ_7S_Z)9}toB+DbxuIX^u0DZGKic0nU7rVZ^JDMz?Y49)tj{Pe zY|Gp5qQobUA_s3nZWDX1{~=Kk%g1RNR(l#E@kDHATjNfY0dGq@!LJ$C_SrjCXVmw> zecG5!609!qm-~Ex?eh719N57*X7=460<(buYZkS-gIRNc(cs9@W{V(E>@NQ*JHLrI zPx%qmNZMkt?A&nlJ?Ehd0R6vYFjPXvPYFTQcQ%?#=G@U=q?7hGFzIr9Lh-vXC`cM3 z1Vo#D{(!Etgeac(ZwV7)Fd9}DE(R4+pKB?}OMTM9C(crFnfk4sQA^ildV~IT!Y(*!g@*j++FilL2%~4eVORZ_yKK#ABz21a)1$^Os0jd!(~SqT zzWiYBSbKp4#8>Y*4UQsfiAOI^auJvNUbD@0)byCfq40?bfP2_yrrv2$c;U@eI~eDm z$d|9OZDqCkQTqNaV^hgeNPy2jKiFTd%uCP;Vi<0P5{VJrZdR|v>HH}vcAL=t&6@%z6Z}TS#fU_#KQUc= zc8uQ?V!tYSnCQVKrG|GU`;bJLo1yz84TGj@^*rS}+B++*; z?d=_mKCIh~4h>N&Ic5R4!T$dK$gh+X_|@Qj-84W>X)#aHU?ce4sJ{QJ1IeC4H!O&aNpzm5*e)(7pquV54veu!G zOXw~FAB_|L3@w58e4qqfgQEdA$i1(AKCFLM>a;$Rpd7$CZ&!lC6LV^MD$V>52;u23 z2HIL<(K`Egx7{lKNn!sT>Y}y7r0m0@GGV&s8YcH5($4d%iS&2a8qn^3goA%ZXJKWQ zc)v*l_t&riI!1L5>3`{^|0$&Yw~OEiG+wfyJvrlzW!$LfN%PPD#k*GmanLlHsn?0K z+CN~7|07HMAJ6{ZzXe2wpn`z0w=%8aw+$vZ$uRC_p}F9^qfh*c#jK8TdMW~lE4-fQHYxTvX(|uZ>U7QK+sNtW{7qZ0KedPZ}`uzX+yB{T*Oj*{h1OzV) zG@g!fm1K0+{rT=dVxOHI>w01w)z$b>m)1LI6moypRQ)-e|H}p4eU9@x0v>*=zI;`< zFTEjE7m?o;G0@L(U>NU6WPjc3iToFAnznttFk;sSblJAjCFXw{-T&pjf4)bS;Y)kx zgx(t-k~bC~$`gv`)d^)9(BjSe)sG$>(D_V&K4BWD`FItw!^X>uQ)5u_D3i^WPVtUA+`9T-s^eSao*Y|6gz;El&4&#mg%xEST z?X%CK#nUu{Ij$%~;7a2qgWdZR#((!T{oh6z#D~tB!kPCIRDdQethAEQgEP5U{(mi8z(7@8 zOxTe7Jwkpj%7ax zWdG|3|2fqE^P=e`J?%Yqw`AHLLZpYN#J3R3PP`&@}0H* z&;3uHCqW_&eR4hty*NLVWBnHp0swZ7aA}T9y2SegA>BD$zT@tvlY$@E@tp*2`v=20 z0+@cetE#FEq?$t>g?7FE)%9|~jw|QJC%33Ze^`N;5dIXve>5H(9K@coG%tgHn-}xl zuQ?=0$|ii%f#Q~-m~o#)8)$mEBIM%Q$Gq`R144pB^V+rgKG==CtX#g?%iNWMF`i4m zFd06C3Yv7)0~_9ey!7>TLb}_#K|qb2ODtd^Tz1ubbe2i)9IS}d<`fndqM2HCj(BnM z(q;pzbZ%OAbgG^8SiaU#M0QN!aa+=P`(_aQsD%%PM*i0LeKNMPDESY){)dB8*8tw6 zTyER>r*r z1bjCXa)`nLVxj<)ozVemSmJvi7VNPWGLUpl7Q@i#VXe^>OucR|n%+6<)59 zZJPAawYB#+EX-Mp|5rh)x4#gsM=~cY=jVN6+FYMPGT^+7$@%x;e&N4E?cdweza-Xo z0Ci-Im(!Qto+mQ|x=2PC8_xy{2LKgFkx`I5J$=1fmWwax?m*q0@A(-V)WUloQ$ijU zG##aJ^>u(8I02(A!`zsoLP$GjaU=VFXNSujBwO2g;~K)M+p-t1h`v%+=VZPj_EO|q zd-A88{VsD%rDPA4{BK%U1yFPT{U|um`MUr2&6H|8Rz9(j{RwQ|L3koS^N+WbYQ+6jjR84hB>}nuAMSp7C;OQ! ztvC9dz!*Si?nJs)p57-3i7{lmRNe_Hs#NL|mnR+Gr^&A)s`PUVYdVB-wWqpt zo#=flD=UXq%Cw=er1+ZT<^1Y>ZxGOI-wQO`F9|;#9MI@ho8?q~=;eyi1mY%X4xi5i zA&wMElET6wSbKW>hAzKk70@xP9Y!I^JK|A3%clG1Vvf5gvtTkVBznB`B``1W z-dtpQ!xUlLRP*ap1QVM2k(|uTkK(?OmNpg+iqy+2Px3#1R&Ev9J~=^ZoEQl^OxJV2 zA?5=EDqVq{JzjjMll-M+E4i6-)gj-sQ=!Ck@R%EY9bCh-zmeYKjA974mWoOUFbIje z#Ans4ZmVWN?Y7ZToBpGjOHvc?PRTALySrj{j3jv1EQ6tQ(m9c_jvS4w_ZB=#Bj~xa zMdE-qqLn@6^OYWTdtQ^V(y|8FqPGG%{cY+{V2Fh@ErzW{@=3v(y}#WvQ@iQ~arp9E zgTv$4gvI8YAFx_C)(k*%m;b>_{UP-?$Oh)ZK4fxYRccto>)mgW7?Hi$4^Jf;%|b9M zkkHZj%aRR`jj^cXKE3CXKcM@4GG#pFj_>u}cqvsemd3AuIvS~VjH;H2XG`ZXQOsoRI)<)@V8ki8N%?Y?edq)qPgG{ zHr(MF^0>EwX-&(P7;-S}9@Yo=N3N&GMX$$&59MgPK=te;>jmvx|JPWkHZg3z=!ww_8rHNZ^m1WDdsVYidlZz^o5ke6$?U!OM2}MkHa(0dOdett*Gv7+whSW)E z*`8BTD@OtC_-@m!OXS6QwCQ!`2ZTKH6m#ZD_8{a&9X4uV8(cncEKKq?uUp%JZ@!1d zy97V&F9lCO&0cvR$f+z1y9O?HsENTrw7Ztg6U`lMD22v{4)2IkV&Sc9G^(LYT77D* z?44Sz0_MXfx5La6-|Do6afPFs`TbzWa1tLS`NyyYeu8LjG_cB(5761$&x%2n;x!p8O#yAsXg^^YqeuW zvCOAz+!IveTYK09sUZ4PdYGbb$6ba5#xV^W#rXsR9i5|`-CeXYlpo{l_g^iH%wCDP zBD%whbhVx|WAj+T9uLIzuRd>Ocq}u!cEVsv=B8m2)yx69*H1W0%a`T)s+QMHYHJR` z#E3ImHwZw3qs!`Y?QS=}-x=%K1=J+nINt4Wzja}3wT{7o-}~#9chzL@vw01l{mIH@ zJf8sb8i%DUt?)i7%=T3@G?<*PdP$J+AT;`sB0Y;?<=pA*-HWsez4twIS3l(NN?-X0tsv5gI zY2TuW{6#-wzdpGV&$Mkct)msZO+b$Z9_ z@@0h5&5-{xMlMB>{h&s-$TL-66bA+oy55N9EjeXzyY~B-p8d~`nzu>FF%6eX?y&bt zR_n~6+Jia2e!qL9NkY9j=1^+5RRNbSo#+zE{Qd5l9G6L`*xlBKE?+R17t5xK*B(1% z9T?wnxROKll1k$0N!D}H!x#~pmpS*no60UUImWu}ALoqetaG>N+ALVeYMhHs2@|2x zZ?+P@(rVy?gm(sol~mu#gAREhsS6tIP5lgP$BJX9%?w$dmo(xZ9y07mEbhN)jJWus z4u_7L8CzkZ-;~(Qeuao9d5*fBDpRn{_;y^yE=%6ku&^81QG4jl0t-5 zs`_Md9s^RbHWSq^=Pjd}C*rhkil;^KOyuW&>df80e`-9$=t1jP-XVum`#kt{B52y( zWg`Y!oxV&=F^R*lE>U#Wut^=18^?091|vK~b)eXQrOkqm{T0LbZ5Z6=V)gxpP1CE5 zkn@MJL&x6h-2F6kv6by~8Ok$%CJjZXU#h-cb}^L2>dFI&%NsQr!IoiCzVDg+*0%by z6y9Q41x9w3Mzh8jQzq&-RmGcf{Cf5v{EX7W3dLO(nCVEml+c$WX$tfb2aOEyFDKcp zYPppmz6*Pzb4b+`IfPUB1;6FR-f-he_P)hucF^6kSt3QCeHhJ{e{o}LzY4Z*DWxUS z364(oU9LO6v&WnTLJRR%=iG+q>*YdSr+oyz*|ikddh^fyL7$U%9NhmUQ4ijfc~H0E z;&XFNW|h3~;C+c7*QfJGyLA4(zvbt84@U0^aub4PP#nEyob>uR?ejVevB#`SdFvWoT>!YxQGy?&GhGYfKfuW zhY&t6i@Jl;ZrjBtFQh?N%Ut40ZNV!|3o5ML!R*ym(z-W#*J#kwOHV?@E-JD!@7yCb zhhW7SjRy0xT&=TIYVpHhJRSP?9j3k9- zA>J^-kWD zeVnj`Wp2eroLs#=EELpiuqYcD+k{QH)n=aH^eEp}kQ7#74s}$4Hda-`ViDms*-1GI z%f!D-PPh|HWuEd7sfsqyXqUilgJi%0ZXaVzd0ew3awkiBkU@-*T52>}xsCPu8eq4@ z+Y`0RHG_~}s|HkaH$e?g!R>}8@{B4PZ=%a&5cfO7Vp8A89N*xq>4o?h&B=54;Ax$w z4gKntgiIn0!2}(PNs1=yn_FK3gHOIeu-624-h)pfG{8>qn!2bGLc{~{L1dIC*DdT9 zeY@%zZb~oxYeLhz?Q{rjN+a5X43wqd!^z2pPva?#>;l+V>c=Be~SCj(Wx^T-lNf*V<#_uqX$PP)M&}+FMI`8 z@CSW?)R z0Pd-)#eCgfNB{~KQZ~@gtUNKK4M<4@bX_al4KaMp_9hNYb$!AOWhmNKe*W>W+aX@@ z3S8^`hwk?DL<_*{8437x^|wYhHa!BVX!@^)z`@5Ctfs6ct4FoWZBfHA^E*ym*_Z^e6M2Jqz_ALA! zY_%@YtHYasm~^5E3i6q;EyYiFBns{=3aQ4j)*9A2mTEmfqf=~rr(b8OKx#>am!5_7 zN^L)nk=m9Q+ce?7BLX7VXva=XU)?PL712!tiS-k^C9FKVLz#WN0??_mG z;Tqhuht0kB!FM5L>MlmtST8@;zgm^D*MXjN{e(W_am|oxGMG1zTtgsf%5(?4B&H82 z50;z|?=b8k$KleOC?)E?Up?uv={d@n=RjuiHJLYGz z$-3{-)={^JB(1DpR5&-EMqLPcA2))BO29*I730*~eAlL-U6mA%6S7{0eqoAvilUvQ zpYq$p)@`MT?nn>5@Kkk%wYbQ*pwyYV2J81AMc5eXS?IFw-kz#$8N;9wPmWdWt!%N; zmHqD6`AYoO+BU!FiG^NRwxbGMeaE~lsX_h-Lka2(`#o4be|qvky!Y!EW6~+hJxmez z_>S*PVB^=lSyHS5*&2iJVT+rs10+y-4PTG)ofqAzrFNsur=7@f*%RAmRW&5!oN#ZlHLlOH)8mDunl3OOj{Mw!cNgWX{oaCyumpR#m6vCe0(wM zV+(5K^JIVfSB?2yfsFi#3ZteN0xYRA6znZ*5-e@GY_xk1E-LGLO1$_(`@&sG0OLL1 zsJ$|B@ctL4!y31!)mdfzt3`Ho#B`rh9ZxjJ^v&77)G6}0)4G`)w!c-o`BdPh--dMx z|4Iv5d>~-!|J^kbw7`A=d4h%}j-Awn@w9q`S4{{F0Jlq@z_5wvZrAy_y zUyFo?VH{pjpTQPj{bNbWRY$3^`{C(50krg%F?j26nX}Tvl~nyS#SIPTn-ndE=z$>P z@SMyI)ES9=e)hZY43c;KD$~2{+V-47v=EtFGNm1xLQtUUPD_o3@a$yXFRQ)Uw;o60Q`-$7w$afrytW4l z*dHr|n=HMfroD8t;=N*Zsq6ZRdy%qA0;F70Szy*i|2zUfoZKhu@D`5{na6uF!P5O! zrn!(_uxsQp+%FsvpBq#sjZv%EEHDc_=VqPXIaAZ@Ksr!l770>$K!282)YYBCn;Ke~ z4J~^B)F3jFy)`Pm(kc^w;M>&=-`Q#%w;1{|zR-=7CyLFUvPgzjtqy-cG8$I8hK)Vk z?~koC|HUw3aKZ~g{s6`UYJoYt&~JTUIGzzIzHfx=JZ9;GD1TJL&Wo*lL>M#HL)8)j zrz_cZo%aTkP8e391>k9V6BQpB%Wso#& z5I7X3sXJP>xBXZ~ASKD(d62N$R3%|P?Il^gmd^8$0@4o51Yfj6R*q7yR4$*EFkc^Y zvmXRn@NJ#FExWBFec3+@yW4J`@w^TU#&(f27yAXBm*7fp@0L;i+?ySmAVKja^{Wv7 z#G)4W+B2G?jpl#Hyx$!?CmSdu5p33yPk$vxHX!ToB}n~%#8CDRk-5tl;JPk(%y9G+ zr%5Wgrj6FL5;#CqC-YeVFhr@}z7AGhXyuO@i*E7}X>o=8>CHVswM5*D#^ zis#n3eL7ny;rb)yf?85E)CRDfcHYOyzJLl#; zNbSFW-Fvex%pIbinZJ#nV)(-jvXZhvPhi*}#5x_-f9U4bfHTZ^`9(f001gRBTA3W zlIL_hvnx$$a7K$ysOE>CYopD{dtC^wnN|?8-xP=ds~NM5g+DS4lc`?UX@ZH%6qITs zE#62QowA-88tkQcp(McqSN0Xtz`5M@RI9W*?}&lyY{P_qin;mfLM7M8q4YaStDuhMx#puj6Mk&JpDMB%-uU}bW zS#z*L$!)L@h_usSg*d9cg4r-9&^xflvPT&XSPXa+m}n}ONw|F343EiCfN^8bFjl>e zIw$EWDs_uNH3ggH5cKhM$wUpFyokZ|4U8N5kTuu4%B6FmP=%}BVk=Siu9Al zy9t?$+;tl_TtjE1t>h+1y16t3XZIfk5Y(JFZD=n0dJ{Qny7?^bZ*P^=-pV#B?&22!A7Zdwy}sU7 zsiNz7P4{!?^~y^_Wr{l;1LLgKU}aZ=vleh$OYp=`0*gS>DaD-gY+i?y2GZ(bq7c8D0v90XV_C@ zn()r}Rp%P6r1$}?kltz&{5z^D6Ku2NKRPT9wK}o^N&oC*#nd}jSKzwSPwDPz69*B^ z>~F~!Rw>t=`qOu191lniSw+IftPtlUTtcf(kU!31RpT8iZ`el{1PA)WAEjdF=$-^} zjONp&1QG!w`sJU^(|@j9+<+XL^_^;bQ#(a5Tgx3kT%{^gWW78S-RZn;#Nr6+x;DLO z|8&{DTu4})sf+(9!%2SK{d)r0E1e-U!Ed7Y!Ir;9r+LW%fDTbLwo(-xthE9?_l+;K z*3?IME)$#7wRgm`*FAuOK_#xUFVLczqoam)>4^@Z>O{TTR7Q2aHsZlLK6hb2ggNPl zGQ_ahSOcjM)?9X~60i*q_2E9J%*zpUsM=-gbHKC?FW$$#P{oO21~qib@SxENpyNAq z+4)9BPB@f1@deNQDsps{ef;nz`Scr3@8b**t?XIakQdys+B=(a@Frq68*>P?wN@%< zA@N?bNQFs%>qf)Ln!E(zdFK=d_Akh%li(DDG^-9~ddN`HZD?17x#mzabTx5+l&bce zh- z4Q9E42kUD&m$&O7tJJK+h6?i+3i&Zz#uT?)$`0VSxui}d#UbtUN9dn9}3 zw`sdSy@)Jl z_Jx*+b63}ptxM@DL)tx7gvGMKsRibo<2(8yyvb$^k0MKf-XF{L2{yjz zY5XPQ;`pA{4e8P0QbP(i{^i&=zD!dZ`sc6*UMSbd0s`j6=>37(%(24QXIWI|TP&vq ze6#l$RI-+5!zTQ)vD}~_WL;e`v^W%Lgr+|e4v4SAoapsHow)%W(OqDb!sTJkYnekq+brY~R_tbbQ>K=W!2}c>H$Rj`StW0stvvc>o6YUajj=nZyT( zKN@I?mmUmw@K^)WW_h@ReaJV3k7CAc6{PE3*))51i7|4nVn|pSq1Wn1R8otc)N^<_Y@J z%51r|-fgwmTyR;7jqP??h#V6bI}^kRwsnk)A`dAECs~U!Fv1+?l0!( z7IBYEyoykDVdxAz9!#M*y$3A3cGPIcyERXokbnEE zqIPeY1zhFoa>`RHvNs?wIA*@{OqFF55c!HtTPFJwZs)b0bxY2<;PFAX%r(SfsJuWb zH&-qnwAu|38sy4g$jh|+{0yRBX6tZXOuWQuvfn4CW?22@)}G%@h5{TORXdME7UdVm zZUGr<#3_tGQO}DxSJb$L<~vPLx@k&j>oM!a-fPt5zQVIUM;<`T5F}++y(gNImpEx2 zIEt*qI^!{`6+zI=yp?$N^$lRQykL%AnS)oN{l3ZeN9y8c=#W8BZj5-5G%$*lov~mg zn^xu}ldAChmDN_%YCGqFb#B>Wm$uljxS?qlu=$hJ;I*$&GKc-g-sZUlC?Yzpn53KfG2MoMW=bBGH(&)6j z;#-^U4~?3#;Eb;Bk=Bi#yH*=b(XVKJ=7 zQG|T?Bi%5JC^CN_)(W}Nd`@2;f9m;I$BhQ>Aj?V5Sq7)^Pfwc=J<84Vp%b?tfwMe%I7IWW75WfiV^69u`b z7*+tcbStuMzfk1i^lllMUgzb9Mg{7ZTE8Aym<_x6G`Eo0Y#of+6Pxg^8ns3>CsVH~ zSJ5OWSGlf-U~^DPnQxrXqM?4u>SY7dw2>$7^Cdl2VVsu-&AKBt zCOf8~D$SP~8QYsyJY4!Nzn4beTZ2`?7r355aeuM%G%?Ci`NbZzT-=4<24m-UjIm{e_Q&Mx$B5nmT zLUHPfp)PQv-AaAqtgAfvKw_hC+R6xjR(j>Gw#ptQ>+@lstTZe1HLuAa1Td)wwl-2L z75&-8<=V0$VbJ0EBE<9m@^Q zhJl_a7(Vk>rrhp`^zALwBE%)KB`_#UJYQ6EUK@2tb!ydzcNCMicwp;&*)&0sJOeG; z!E6p*DoshsjqO3pKzsxr7g4>D0haKhkZ)WMsm5rTr8^9_f%~yxWfBQ-x&_u2UvMH) z$*ViHUK_ml_@dTijsmtzOgF7fHWQP5mx^RRA#}QB?oKV<3A4iOSfF-CH%c;|%71a^ zR)pdJ36<7_Kj@iG>sS!}R?_~AH)J`4NZLM&S3IP<%TJ7_;AQzX<;Jw#M~WS@pDg6a zW)K~Hnq@kHjjOWGzuqAB^2?qpUCR2>2pf5Iw>vlbxx?ChPug}4lr`Bj*p40CJ~ndt&+%1y3_vx zew>z~lbtPNWv_pwNE!!pd5S!Qy^h`LL0YnM?5MyXPf9apF`b{+aIc)YrEz_z!0k+; z#Yk{v4{8h~@7sRt)*I{^OrhFvgi-WU~@GPSDt%-oYAhNCJgD61~tFpF=y8 z>-o{8J>b;ols?ZLG{@n5=f`LOQ(n`#LtJMssrf2z=b^|_tb{Lm*};o{WnY0^vAnL? z3ll9fj$Iv?4RNAznUqGCwKis57BPT%T``4!UQgvdjxR-MJqYtfZEo+c7O6@-GV>Fb zG7EA{@FPbYTJtEX0$3D$ITIcj+>slxWTn9B4s2S{Rhatb@rGE;xutSn+$^f9W3Qm6 zY{CycaZtoQxzf1YkI-b;Ts+)z(>9d$Ol$$oAI|$7Hq}OTbBRe-*KOLnH*9*r1A1wm zn@3W&dV~#-RD#(LnotJyH>$7I6&`vInafp+qGjIEvT`M{A?Hr{COtVA*X@5(zO^ZS z5`tI?YVslQwm7U7WpYD29xZO#?;MC2ovQ*CVx%{@M$3AupRzY5|8oFDL?T|%9mlx~ zuCyTgz+9tzQK0f6oJ7~Jy=C`_iD6ukADN(Bl0(Fm+_>h_WMdy&YFce1wD;IqNkBM( zQ2PGiYWZRPr;U6Nvlt>4ilbo>>?*dKZ16p|FPd_{y7v83?od$VF+7HK3ToZ+`t-{; zC6MWhigBf-xJ@XCr~CaK_Ex=1kH>7>_QydkAo96G!t^!UM5rkZ>-7%j(#T+Vj{XyA zqZ^ZJ2-Yg-w!>-8xYJi4Gs8S%Zq;knx6rHnp>0*~unDHI>p5-4K% z3@c*;MZ0QDwmA8S5}uxu$uob%KbUUkS2TKze6csda9$QNX;cmGNMy$!J~p^KXKy;; zj>zp?j;!&02-6024WkpI-~-m9h3&l2Vq&IPjfg8MA)!j}na5tL&$GI{fzH|& z{Np#wUmlod6A{n7m2z=D8^FQ<#6KNML=_7BLZYESKNx0z z1mzMy*ZT%TfPQXhBwZ|47L;+<_pdXr-LnOMsen^YY0^ktZI&mv9u3-#^Uy zRnG)U?GUk}!SX1&zdkD|UREw^*mf*AZ1G%Tl!h(yl|Rdwj*dpTHb)x*N8NQ8*iJ7) zs9x#(H(LDbH&qi6oA5XAe9Oe|AM;J%@s|^tT;U$XCbgOAjS(Fr%YU%h(@<^a*uSNH z|M49IB+j%|6FHs>Eb#gt*t}8%2s6$bBkuY?T+Dq{mZ;*rF>k0Wh|CdM_)sAyf}j|! zo*vlq&p7j+r1a=-YJns%%(7QjbpoTv;uMmoNX8>TvQHR(?u`UBID|;sVk}hh{w56n zNVo5Z+~y7_B(ootxW6)8(p~$s_^Y^A|Ms^3qIR#y1jYQ7V}<%XOxZ|E_`{o2bn#1T zbl*MZuTuKg7Yi6;Y#S$XT-Ps9{O#lKzN`NvAN;WRvgi*hzbuk+Xz}Dp;e5kN>+|elMoXSJfaw0x{=guXM+}6FZyG^ElwFZ3nM( z)mavjs|;#{S$PcmcfjoX%m4D27_Ou>C7%a%Cay%{r}J*$3{d1Rmxl35L_}n#Zt&VK z8T%Zl3h;dwdHffO1t_1%K#ej2hSVE9;PxMS3F^ph%?1Wjo;TmT`g!#)kN=nd%GS`U zEu_|_8wtwzD~peMdTcxPS?~hK zh4#z*8+`uz{Ri&U`?i*eJF6Y0c?7Ica`2>o(M2zQfS)|ohEo!4W&1?^%K%{N0y-#{ z4CN0$eS9J_HG9w2={jd8H)6Oy;1?GT#;o#iAj>QS)5dc|7JXs97*_IW(PC5 zhktUk=M4d_9ZHiOH}9V5$>^Ra;Qt$4Gvot$r6qM5CT8g&FNG?eguax$R0_)Qx0c&;Jg@=?pH=4T?e((rzA0my z=Q#~WI5#nrBmF+Gq4U3Z!GC^&TKdtAT*la4k3jOzT?;(Of>)MEJVceoFw2jGek0d! zG5+FD%GDqlOY=tlNxwIHfDF)_ z*bGrLp!)6#S;8-OfgB#E;GZn@@l&$7=XFHi{J@X@@)KE6D$P@}J?)`Sdfqp+g+?@}U%L2v2qc&uWBQNg z=U;WP?QQ@Sfa^Szomsy9ydS-ZB zFE9sW*O@pK9#BSzck})*n){VLvMt9i(aH9dKS^%-j_ZFR-oO1iEGdvCVR-c-SQXYJgs!wV1naIsZAyHJ~2#x%>QIZ{| z8mglLQjnjFD#g7Up*kw0aUGSW%-{FV3f5)*xBB%hF#D+(=W_N)IKK?;qM z4nVR!IE@bC|ADb;P9%{hIn3{!8|D>%8(YOYB1lqlgnD&5XVz$binu_f02#5#j2}qU zh&Hs-EGOh=_BytQ{52F5`%(xcihZ7u}U_ar# z%Y%B{N;DU9LY58gA2oiZQaRqwV-)>4k0%Qy?;sD?s39#4{*!S(el&WqkIRcD6{q+f zUYNQ(o*7{=D%g8aEF8iT`St7#`}(!AS31J?DlA``At-Gj(%B-Uc3e6 zP`Rw@xX1Bm$2B^(`x}N_4O-DbKmJ+2in|C0@MHs0{5^yU4V!SA^Tv3^LxKiSke;F# zZ3^pb)wnBsN^Gr%OJk z#h0D!Ai{2N<@wr;UB;i(S`L3%sZ%dmWqS%J{J5_A1D4g&siau#(3fzbvGvZKI0KPc zQVLAeYQVF$J9qAEn2#3Dn{7_XHB?faw>n6^^QJSWm5j{tA%_sE`u@wgk&8D!j8~~$ zF6~JENh_eH5^xM=AahaM4hbz;o~ZHa!vb`R1GY*U;c(d7bja_UCJqW&?257CxtvF9 zW}y!-kEVtBTlW8;tZ?X)ub2{5fa_`-_M9Wb82JPg=1q9|&+zI@abLiLJki`cfz|(m zISwx&IZoQvZtfTXF3i0QB9xnUe#~WsnpGQ5H*&jKG&~C`wfst4R?E$yL0-}EAzSB8 zKv%^!)ZIV(=d=(&)12V~{_(CgDssVNWp<3#rpQVcQQ2x4raWr~6QIwRda@CL8Farx z6ktg?cd8)w1zXn7eUI8j5;ULxS{A#K)9SDdOo7_&BFf%$-qNo4j97S7l=;`~Z7YYc zHL4$^_@8zT5M~z8kOz!iO0)l#tuJ6HODb6O?gr>jmf9-aA@azYjJIGOa}~JWeT+ra z`YF|k6Dpk_J<>e3&!ou(4p0>ZuicxdDjQiFt3hP%JEvad<9kq)IGEs0663Jgyec*L zbJ4ae#~>Lu;6cZTK|_-YAssY(^#O!=#ypeQ?fL-H2GK?Y&6Tu%**9mdbtTD>suY=Z zcc8gj+1zYxbMY2~l_k2>?ggX87ETrOD}&G3q`aaPs99s)6E2&fp)mAv-{7i_iv#z0 z)t`&{hysdFJqecIrQX8>2F}v$tm=BmbptLGR2JB!38eG#z^LV84Zda+WY4_be6X>wB7V&IDk%7TX|4_qhxm|0;!!{19-s`o_A ztv?z514kUJD&Id2BG8eG}jDq?`Y0kT?KM+6CbWNJ(B-9i!+of`;Z~rs!VC^8jPf(qJl1Nyx2km zDAYBuQJr5op*eY~(S01IRH_eof#ZH-^Q!N$_c>@u-y9wDrEoOy z+(eCMj1h)YE6#c5RlyZ)tFh1bOc4gP-W9r~)*dCLQLiHzPSTWBfAlbmq6YSc12p5c zSf>iA?^EFNWF5G|R5M6N1~ANp3?Id!0T25@zeSZv+PnP3DsJlqwGz)b_m?b)sLfb3 z`3c5YpiY1P!j(D>8A^pRTi95!CCJ$E7tNNO`!Yc1GYg$GMiTDOY)Pd`%Oc#zru63J z=!!P5l4#IYnUoY6BkpAO#arR$z!Z=eRR-b*>sF=NPwl)3`|sPWb1FN(oM6{>t7^{% zN8xF(s*%r|&d)Uj9;@hRo;H1dj*p8=fPh1X=ola-s@&|p6a&3yvAKp-x0Saq%D*@n zO399R+>ra#!NH*b{6*`Wt(ih7lPwRc*hyf$pWYEOJqw7z*h*`2>B?7(@jEC+qqV>X z@2agLJ`#PdPncjml7BrpcFUib6mYgsrkZZP^!t6ancR-3i30ge-x$s6Gx-|) z6rSaK484E*b7tIMmYT}MhkTBuxHCf~Pp@WdXBmk=>%zPhN9<9Ub;+(YmALWV0|K7s zX5tlD{V9Ep?+plUFBbt>#-oSP^@H*5tDvZS|!*cZ2~raG|l+2e(to@Lrz+ zuUFw1sas?gqJCE|2Y@D}m5zR_e4>2bcOkGe=*2Tt7 zUvZ;f4f_T19oe7>Ndn$|&Y zk#roZgy3lCW_MRXM0+K0aF|@U@k53~1!;?cSI0&5#EOP<49y+m=Epd!7n4ZI$@dgw zsK|Lts+x~^ym|e)i;tBz6jnLr!YaaDW1@N0eWKb!&R(aJ=gUpM18*V6IZFM88}MT< zS)&1ADWA$&$cil>X|A;y$#2Lus2B*V)Lxg7k(qSfFsL*DYR4WQ3wM$4O%#IDqpoHN zuZaycYZ>J}0JgH__N1oBoToc#pbTLZlc3PGMwEtZI^0R>QX~rSW$i<+xsY7h?<4bMJyh-tI?my*z zX)wu3Jm=|2PS4253R;APkrV@cJoyaXk|P3+7VbKOFKEs^PE*0x9~ZG5zj5L0aH`Vc z=ebxBo)a8m76X@b(vyiC^Nr&JQ4qMG&sxN9YK2_tkAX#w5Tq9R%`{&b&>%C=65?Ao z5Ewm*kvYFZEfK+~>YBb8scqyic`RamF=F=r(Jt8-#(9p2&Ox(u?NrjX(e_gwnpEuU zLcZ}9Lm3~^-B3mg32qaeE2jz>)$W$6#ED*!sY{Lf08b7&!4b8FSY&j_+g{`sz$d5O z;Wbtq4`HBsy)g+sGh++bl%1KY%=}lcz8VR|Rg^vRtz@`GcsnBd%SEW|k)6@Lr|0L* z&(&7;Xm0q5SXnWysL(~q3nKs+TbF>qOQP);05~LDbE?fkcDLLp{wd8bfDmQ`lX%uU zG(JCWR_}k1=7ySR@e_L6*lIPLeO>7zuZTwagYMn@+|X^rbW4P9c6v z<3Y^hD-Ysz=4+*~<1$@ds2c5gG~u<_xP9RASjih!pOwt??w#d9LiSrfSQ+m!Zgah$ zl}*fPu?L;v0Jf``_re_Bo2%M8!Z5%rmfPc|F#-QgorhBW3;Ba-h9@ZniRYNK!GNQ9 z2B1Nnm)RBo;(A@+j8o<2<#mp9hYfbel||2YMscp~m_yD{E-cP{07*~O9s1{tfjrwY zD)YDxwbFt}JFmr--7U9ldO?l!2AKzP9$x=_7C^4`n+V&wctWEMFyy73&qDigcCO50RKA9YT@ghM5V<(e~LM zyVJql)gIeTZ%l^rp%ROL4e`->stHSMs>72D4O%Awg*Lf)p!JV_#ud<2D=9--&#BQe zg^>Gxw3ykL1L&b$(rQClCm;S<#d;~C8;FGopQH2iTJzwa@6ASc3jEiKgu4{PreJHb ziU}<_KBXwF8S6{zjQ4%p@2}OiFiP1c@%pd2ow16AL~Z0zwLoV+`bxO0MCVsg9V{#| zelY;L1#KF3_=0(a$xq)Rg*pm*?+OeyX%TE5@o?cwO*_xXEI~=#mLKZPUyXKmPXe62 z*?4&hvN!*ce2TgD4YvN?8~8qj8MKfm1un%iJI&vr&X>@Yp`P+=MR|IjUSXovM^Pa2 zUc{9Kdlg!fg#_*64ESJAz$TiM`jd$LwhmsXB3pNH+!bMSy{Wao6*^f{yOYWv16*{c zw)V9Rt$xaBVp~!Zs&@gSVAu2SE^uHun0@luC^fEJXbF`M1zIiPg zV~BJkkBoO+A2Sucrh#}7!m6UmdQ5AOy+ZLV)1x!|Mg~WS1+>ibj8&AkGc{PgiB;6v z8RS!vKvJ~^goE9ULF`t-PXQ-lK+XvY9Kghi*qEKUrZ=~c)$xv`f}A`RoH~}J{V9vG z8laOgVSL;`LuW*YX|g2iD?{K#oCQ_{=rWwm@GZUDr@HP9G(5KWN*3na1?dr2B_-8k zYO*1E3dAe>`yc<0w6_k3a@+og1wjy`rKCYckr0sXHb`OU?oNrJk!}!?1`#EO7`nR# zNs-Q>o1vS5-{ZaaoZ~s(d+ztXFMkbtV((|~wb%Nr&sux0dqDOb;1ztsx$s$6Z$;Un z66kL2@+SX*iTuu)6f>?D^BdEhqJBizbMa6U^t?3`Ye2AkyN}?@Jy_rQ(Wb2bEgZQF zVXxj;8ES(dTo#XS`-ejc0Aq6?9|$rS8rf;VxHi|UWJUs|5c<>BC;J?c?rWLB4E^zX z`dj1dru$1@y@xN?6`~UX)rzs`O&b?Aa>7TY3)%x;o;s||xWZorBfeq$9p(CQ5|#C4 zRlFs>R+Zo4CtBYE1G%1I)l$2RiCX6ri<#PZfq)Mz2i7CA zv8Jp2I*90LoO?@&D}7qykoFo@`^{)4U?&sMEd#zrvVw>Xc|Z~XJ*=XH-3um4jB)^4 zppy7QN;2SSR6}D&xN)fk%~cE3=Xq9jK?GKZYf1>bhT1)qc{kv;7#9iw>)o1I3jkXo z+dMUHxC3U0V3U!PaAv>-w3Y*r-kH@Q5vSoW4pG9_@mrcGTdlUWE^o1=5$*4@G3|`t z>!u2B?K!_$-wG4fXT%0c7WI7qyXx9(6#twN@%qU(z_}c1@Ho-W+8l%OhyZ2Irgx;g z7q%wKws(li`X1-VvMXoHI>a3b_*0`DHJP277&TZTO=Cqm6vEFgM7J4_T}Kx}EQljNfAS&TW*EGzo%Q+DXfb=XnqjvxkU_H- zDMnnVJb0->>BLkSo14MafRwy2rT#mnP>~1~Sg0{cvvJeD+iTGt=UFZn$J;aVhrw)t zW?sJB?gM}xt~6Lw$YM+Z<*Oz=luJ(RPZOvCL*7hh%UKB&WRzx$n6l|LPOm)yx5>54 zf)7X&V;O?#EPIp3>cLJYM7oH%775d@?;e1PP*rEVA#9stc2B)7R%&b?f8H)s5dv2g z_7;fxp$-*lB~aICAIA3#ZkG+<)*6MT_w)WdbmM5>My?0bvp(0zkX;A2*?ef@3S?{J zgo6voN|0}He!90fI2U45rQkuBI{`bSPJ`3b(>%Yg(MXg*0B13C^bihQGUWzZ z7q*`hEgsmo^9apnyJ9T)`l2aAjSmxQlWO038~07=~i0T zG>l%S@79huvja9`YycoNYMgQ}UR^gC&eosx3&i80ssJV8S$|%*zj73c#6Sw)SBQxi z--Lp&hOx^ylLD2%n{q$+bjZs#!|@+BeM{wD0Si-@UZI+gFY|<+A^()fN2%*fZ685p z;=Bj1K1i!5;Bt~qg~85^Qm(4U0QF6?egxA%qA0a20$xoD;NNrOSKhc9OErw zy@GA78cr!3F{&yztNZA0kK`vHB@8rZMdKrhMFC@A=mCKFLsQ_GuUYKx~R=~tSry%b3Vji+MoK}F6A~` z&OGOU;83dD!fk@MqYI-d+nMPBb{OU2+X1ZfQ5WT|Lkjq5?FEv%-tI_Y%s0wrf9b_a zjtElYOB1mSf@kJUoX75n-36f9!!c=cHu%@SWj55DZ?M(PmB15pFOD`>z3(=I*0h`I zaz3rQnorc9F1(7Lo%TgR_5t8o12Mb1VwUO<#CJ5T+^68ZuS|-Hw?pgMuyIZ7xotHj zlUjFq=}9pw(*FZ5)htHQOku0qTl7vA*Yhd)^yjtEqg|B98N~eSOY8hssAx$VY;yvdYiF02t49SnRZ= z&{XsJsLTa*v)N9rkQRxzfG~f~fE+skP6Q&leIw^eG54k3ASmq!=88P^TEkm+e8gHb zJ$9(NQvFVc`v6gI938Rz6KD0D%@6Qcq~1Kw90y=$N}h6#YHfG^+ZD&YDl1nktD`K@N!*gLUJ$tkGZ+dEcCo`EfXgPM zbah(>*}V5&9-J=vIE=)!9RQ`G)L1rVU6wJ!(OT zOE#Rqu6}Q7#pi0(hv=%GLU#$UT_ zsFMtTkb2U^5S@H5ATogT!DQhz>AtH*H>q|{zIuN?32RQzsgG-!IyXvJ%^QB!AGvZo z<)esjb!*y6WH-9huTj&9yGFvRs;?F1ccRwEv40wr*C< zxOnth_6=Sb{qt(o|3Gg%=kc>dj~Uw5e?5_rR_BtOcf2W6RX6zgYh!!ELO z&9g36$emxuCj#KgDhQ7Tab95OGgt+a6nR6Ao5N(D=lsqBa_HWIPKp-3(K6(N+|)x* zI2`)s6hsLfkLzDq* zi~NPF-Cz;OH(vG3WhoNF>980?Xa$F z4k?J(97ZZZ3Ov8RU`+bJqE)+m*II4JA1zw=JlEr!x}P`5cC>P&yr6%m*7*ybyHzri z%Z10wMXU~y>&pYgm73Htk%Az*TgEr!aUh$vCAH^nwC4N24W1dl7xj5)0*9_eHG)^#i4>l~&qsOs(p;}vwSACkHjkWDBttmr z#SIJwXtfL0cN$L8!3&{`+RY9b$kBUV7u`_rBP-JC!_743(IoGuz}>q&c!ImW*tkGg zq(v2LmW=siCB+WC?OsTcO9B20K=!^hS?NvEGVmQ`^PCSfnKzR206fM>)S~ljaz3G> z;h~l7D)@1DifW-|5@0OQ7O^xhvW>1g*t`u)2hxpbKC^J2t5O{y0W`lCP8KMDfk%Be zVry@IjRAa*o9mkz}dOtXNoVIqs>`nbF2Jf>p> z@Kgl7y0vfeuo1V2wnXK$8L_?s?!A*Kz<5g&H*j5T5ZZv{V^^0s2}iiXhpXV1D?HMxiets%8?_lCr~0*e z?Lp(glXkh?IR7Qk%OUk~@<;wkk|Si@%!_!Ax)5rXzW9ePm}`Rq3PN_UA)Wy{TDyj+ zwUG@=64(+Zl^dH>V$RyYMZz*PUT>a4>>|#l;OTcdk-p-w141WwB9?98eKt~aK`m}> zqQv2CJwdA$ZU9rpO17SpzhP62L#a+8JbG9)8+L~|H~|L_@b#qvLPgHk7}U;q>m!0j zc+fv16&5=qXXsfp%kAS$ko&+03b2pQ9j^JER+vepj~8|7Tn_xX&iTz1jlXHMfY7tD zrX=u$C<(@+j&a!FpI<0vVKqUXZA}4O_z$Hkkaa+2o7X5`zCEUQt>8v#s}5YewK-A7 zOh%Qin=}uwsGXpLKt)j`II&oG8cqK`n3I|~7gbh;( zegZr{nX`WpBSdH~n-n;R+%-FdH}GVxtT?BpMAq)wFad1CJ1rnkP%3gy>N=LGhNbxK zpV6S`Lu^?foQZBpd>>#qBl7JbVKws~Qc|q^yAtXk4azx<KU7;fvy3M&B~2{r{IQF!Hv&)iY=oSL)l4-Q3CyP8-UJK(tGvt<@9N_!y@t%Yi>ca zBS#@%Yze~i932X>;S<1vO*obT*H=)m+gzURWowj;gA9Q~-{j0wg<9KaF#^sTcej*p zVv{h3kex6%s*G&tHn`Wk0D^kQW!(+wPW=;rOD0S3;Jw}`{#ZrRQ^RoKWnmI z@KDSP)Cw}uQ5s|VC&$CLRFnoEUI10NMec0ms~_>SSO&%rQAz`D9epDLAY^SS9748k z`kk}rH+>raa5Eo%i&E(K1rnXS{iv(je31SmtG~i(tUrRBvonH5q#q#I>{e5qqRxP$ z`@QE!6w{yA=C&uyGL}i@P9Zl;3vTQK(K4cNxP|ksBr|aB;bh2OnDnPHKy2#<6{HHS#=35pOZBKZH{#`5dZE8267ns;ug0T& z@+`&3C-_CDQl>s=J#yr=R~oawBXH{J&4YzhNsC$9~LiQHsQfnh_IO0aMpGxv-~t;TuU%>Iar+Bu2gF`VE1>%(=rA>;(2qZow zFQy!|3(GyIEfI@}aq82P`cCZcom0A5(m0EKFL@jIac}cba+Mjh-D-IsCSLpCLG0?o zi5rdpNYN2h6PsC6B^`V5h6W;V)%^sTOu!&brq>5v`DJl@d3{o|noi_O9$2}o zs>VXm|4L_~MDK65c$c8xd$bs$yXaAbFTB6z66XtQ)>n=9CUK6TN9Ughf9ytR&l_z! z+3n4C7j^Gr4u^iI+~fd;ge{Tw)Xum+iNY&)!4As_R@~MS=xjpR*pl zJ^~p^0%mAf8dGcyldK4qCQRb>|~Ad*B5r~?bn3KR6`ql>b)U5yqO zKPJXyYn-6O92P}oq-q|e{^(h$5v>1PBKv^gK|zv$t8II^I)i|#bP=glk_r&4D(uxV zumW+jJ`UAU;?a)RSbZt7m)!5OIcfrWqrh)bssWg`!M2fkRkg7f)p&VijXRAOeRw{n z{&Tw3hu>ex0eaoYR$M+j6_hi^i4X78{y0=QQob zMD3b{1NyLcuEpP9r|E1ZrNy4(=Ad7mpp+38da>6K2jmfDgEtV^F4Q<}yzf2& z#;O92ASVJKAb_#P03^T)BqwCs&DQggMR9#>K68M{6$2O8`%mbdb#tv?h@56l)KzWK zt=87czm@-Dt`BfkD*!k0j8x}M?37_Wz~#Gaj9;=#yg7?p|*-SVS=E=+1&SMw2UcF5InZv}P_?k&QFo)cs>)ZZXgK zw~XJzBa1xa{cx**{mNX6nsXoXsZjPR(Npo<$a_m-)PAt%ZzLp6re=1$E*dUgpNuxz zX?Tq4x?T-@<&R}#VBpAtlya1nreA|*LwFq)n45UXiOKiciSGZWVr>6xk0C%E6ZgII z&R*PmZ$I!g+fe(FPI9*a`>$V9OK)y(|I8p7M6@4$wdRx4xEE>Xe%#|CA|2Gxkyy6d z7M$^zp(_x3FZ!}8VWg@FnHJy}vufsZY&J4H{GO!I`(g@?%j_oqNS2TmEil|#O)Wte zd2;P7dm|i8aMc$%q^vJ>|h zF}9?a}`D|i9$_OVVl#l3qAmK|>PGEPoqoGa6t93__v=$#!R_K>$m2RqkS*W1h~ zN!{Hqj|Q&Kppd{obfMX%gER$|?CCl=3f@1}WBa8h){o*?e&K{6jWoxfzH}X<`}JU^ zbK1vFbR{y*blu_~O`<{tix^9}HUC~k>mT2+Ch+wyrV>F8i4=OTCwRXY85wzu`EJk8 zcYhUdghxcKVAuX>Ag^N}_72$fJS5V~3^{`U!*_?dvnLc{~+Ha<$jL+j4Y&TNwX6mCJcUC}y$Db`gkt`SW| zT`jHrz!i}_B9TlcrcdHtWmGx83ie-H?1?e8DKM7ui#f-oe=4E(&n5HAe{loR0zf3S zwziX0-1?K*n}G_YzPbBnPGGG83(bLh2wX4j9~~XdzUpf_8`I3KFDc2qM?tX|Fk$a-HCokZ zLJH11&_iyhjX;r;&=&%q`s?vi78Xf?rfXvLE}Wdz>r)yZ8Dx*onN?KR@y^u@4G7@6 zRTvl;Gz(G+9Tvu#!aqxRUSas`Vr(S%oF#aLYv}5Zvcgw9_LN1Als6cC_8CW3R3e^X4Y z`2oQxuxP0~M)rPD0YQBS^w(;A!Q5NAVASg6)(s+Ul z;OLLL;c!3IdE2*aABc!=edg?wP}y)P3Zy94^1S@Y2nSsQ6)c->o3!0_d-LWQE0t|& zUtizt1tUz)p?NeaHH~-ZyXTSc(@4=zhW2C>6t7-uE-*#-UteZiXH*kkA7)%BKW z$n%Oi%xzjh0fGF@v&pfmI6LxjdoM2`gA3!^KFF~>+}42%k+Gt}ua)eZ^&4-^51;6r ziHu}ipJiCB8pe?-SJO(QURFT8!HpYN1MqHaNgcL|EF=go<0xXHli=LM5qoc?G!L_My zQug4jckc*~hD4B@@{O|5M7#OUk7UaLNZj{xC|1wPi+`Qr09ku#!g7u*xGTmOe; zkU~XYUMAl8KCwF&h(3_ifBdDPKyY1pvZlB>^+C*ugen@=9l|aX)DHT4Vp|BriX$gm zgH7OqXV*W~b+tU&r&V)_s$l0Fp3$))xz+h^SYtz|V0GM264fi|TytdFy1GR?{T$qfBDQPI%@rDtDOI)ppDTkl>_Aq57mgzXp( zEK<=7Zgj@S6E6hl2GbN*w=3zO@cK%4p;uucIxYbUC#HGY?5uZO?vURpm{d|y!)px(JSs3mmF zC9px!Kx3B77E0>i*|2t;FoCoVZ~HO8358Qz8*A%ZUz0}!$w*_nj=WEw<_q}7$Ng5k z^7jgIe|e#O&#!z6@0L##ms|ggg&w zl^a`9IlX}uYy8y;{5@>?^ScRRzNkw*AGQDZgij)eswZm@kRX?`hO$B#n z%+UK4;Lq`}JsH<{{NE+?FO&Aqf0xkxUJ=l)q9>KTd288U_RUb2u-X$9{qnW0u<_`h zAL0M{`1U$L-DOXm6Tyq0Dr^5=zx-2|tF-nOs7rHKSuIZKSw7PNKyB3E8%J;1>|8_gUoa-}O4ATEuLVlAORQzfc6i454g|em4I~)qN1fEUo zjJKC~{ZPFhJ9*-jfd9XZRxL&}3Nr>u%g3Gcj{?EJb@#uHvxp9uHR!y&S;GIX{V-RL z#;W71jbCj7SUy$`3i5-`6ceH_{xS)`@>z?`o;($}8C>xv)A!$W$?uD-t%aJvD%x0S zJmK&smH5AElr9O>yR@tG@+JxY>m>c@^K+$`cXd=-Tx!rucl+gc)9})VszS8YV*%`s z{@z-`6mtm~!xBT?i0yK>`;Nn?_)l9T28xD-9j;YQy=bpZ~`~ z7CrHci*wyLT~nl@riK8XfU~FP8y%%$_^-kOmZoJuT@p0vMEpKsf4mT-M8S;idBRkF z%4>`MZ)CWL3q>%|J?pb1aSuil1)X@*)|O(3XQ2$bfWlA1{>O$n`=K{4$D_BS>i)C9dLxtofD)ua0XFzv@TN>^lw zx-RIjTQG|D+5a@3KpJLu&y#Y0;;?{SHyak_w?;KJ+Uk!oC@cy>rGBj$uKfVj4Zq@> zV1&D80rzOzIggQ!P6G-3qL`{+@x9P3?Ju?^g}*O?#zRFCrq>lXCJ;!iWFS+RiV{0i z!VH{H><&1H_tBzo6^0T0v6GX6iktZ!`}iwL@20h#iEkUr`g#)27x(@CJAb^Gley6k zbMs;~1cRlvx2*HNFBmp$$^KfFxw;c=_ahTMrLNM&#RViUPw6^4;1x$&40Nwqf9zlL zMoSAU{uKWckdCrOGfN^+(%KiTRN)5R3zd-%YYHB&Uo^F5l@B=GDDDJyO~3`#EySeJ zyIQDJ{a0o2ZhZjc_692Wx-Scx1B3skB^OP`yh}pzxEe%9D;%|Dt?Zflu#!3GuR3Ty z=?1lShh3M+`hCf+QyZ|G{l}26M+lqe~A_;-M8`AMYR|CY4o#c^~#L488=R!x5F4;({#WRZl-+!^w;NTU&uNS6( z#;^EPRF}Z_!U5Rwh@nZ%#C{mK!gYfDujB5zgThO<$nyZTiG5EiPVA4p$Bn{EQ{^gy z?#@U*>+c)=$tVSX6&PyKT@=26dETH!a#R=(&(!ww- z>`(wc{9>&7rEWAm-kTyc@U}|Nr?r**?Kfgv(I)w``e8e?!&#@iJI8DSlBi>8H=?X~ z8|ixY5Vf2&5M<7cv(gjFnPS$Ir#*~*Wdx7r685c|6H|WbrdjS|@gpWtVSe5>&;^d4 zg!wngNDcKpv#|g=w=gpO9XEHqLbbnHXvH+-B_JGyb+})ewRQJ)OmoFU{U|%$*+KNP z4cx#2%ozWk>$j`*wROHMjDFJ$&33woZKBGMpL(Zt#hh*yaC~rTt%cYks{G~oiycGIe5&k=z%@Kg6inW$=bD2ouGwdZ1onu3xJ@{ z+Y*C+>g>0vbxdl;aZ2D#p!iz(tCCxKhH_QeyFSy_`LFjxRWVgS32W{O^0~tO-MIQ+ zfb}J3(2sHgx+)3NP@4Qvf1UgN3#?CR)`Yy;Qm8=EQs#4#k7X}^6B1x_BBnHox5^~QuZ;g+AFoD56DO9cjo--?X+-r1mjepaS7V|$rER)y*(h4^Hp>5f8Ge=3ziBCzpTok8DeDix z`PJtAPc6I;6eS7&^k6Yh05jGz^6lG4NN%no3x_4Mfkt3$uY178a%g0)1g( zVF7h?Jb;Ks@nK+KoD+p^bH^74zkegK|8ZVvuQ825zNtRE6Mv|rP5F=c`LDRRxbl*d zEm`=F7fTu%3RP8AhlhvD`T6?1Q?D=QTJ2UaivEGhZ+ok#sblO z1L#Lvcw_wV-Z+%4qoc!ps7HW{Q-vj!U@)Pc21myfj?CN0fGI{kco2vkS_J>`1p88Zr8=#0w`3WueVpX zKupbZ69^pqAo@Y7s@Xr}6X2BqNvU0Ecsb)45#1Bk!+cRX+3WZ}?R>`+->UNmZ8oei z=Wk!IzFqCLC+%0&Nq@6woo0&2m;K@U_#N&N2I{GS;bq&vRDQkvjGH^`V|6R%PwY||FV%J6J2kfPRqs?xqXcgox0ju6(^^- zw*nOcw2ySu)$fjSCeQ~tk0nHz{LnJ^s(qU32v(xErV$x{qIc{qrV-{HiUt_V2Li zznY+GO|%7KHVtb5V|v5aq_l5W?Q_%#{ z>)nrD3)D`U0Cep{xWfUU_buH{({t>Hjq4p2gGfZgZ`3q2WTCg&OS@pSe*}R*2;=Q+ zK|#R+sVYP~{xLNrB@)a&mp?Q{vBTKGpIMf@E0uDb`CLY=}ZI9D*i$lP2pJbDJz zrmk;18VBd-{AR)`qe6Oi-}V{u1g@-mK`L$=(zfjzb8>|=Xc*Xf<3Ww|#q_baR}>Sy zygYM)BQ-&wq+K2VES^RT8qZz79Cfl~iQ-7S#Cp%Om+f6vE<_6}fDt3^j7(6UF^-7p zuv}NGAW>~{Khg|r`wIIs@!`)L@!!vU*8@~O2GRZpkH{@v&F1rQipR$PYqJ1XKZ{0e z65Cq`wpl>bb>-7w?@?UgKnepRFGb-SetXWEcq*ngGIcpI^5j0EpAV5BcBwzWwdtqmHPgfG$A%Xn|) zeW1Ei3hKN>KgDL(m2BPRQP zKg`AtZ6n|tTL5w)R}n;%u|UQWgW=qFCs%Bvs?1C}1COl}SaimtDs!q&(`6yiaxLRf zfB%~=bmHW6Wv#5N1f>RDs6D9Z&8ltcZuZ0MM}-xdODK!J-XSc${XRZW(pTHDNI@g% z`sRHXs?-5CRN{CLq_RGkyAX;ANLi^t65e4%tMvjIYamT9%oT@cDBm>1(sY`b)f!* zpu>S_hNYF&tMS9rQ*{9+0629PQczMJE(IfND=NM`WXu@`GKM-D+%=-VR!5qkpz>j+ z58Tr)0V2L>={7v3u6%2+l#~p#9o5v-rb{(^m3gNln=WQ{@&L5~nV8TR;9k6#n4Pud zUVM*coJzT2#Mk)+S%O!0DnGv2dpQ_e#VJy$2+aX5j8FU04W3M}U-+N?3Dr&@emG za9UIO2o^sUH1l|6uE-7}&}=a{f3P1(z9AnZl@eCOH7Eg(N|-1_l3ueI6S$CKPCK)# zOu{DyWAzTcPEeb{gbRp@lJe9BGDH^^m^eX&p8{O!@VpRe*IxK`Xv-htqym3P7sXXK z#LT}I2MUFTk2}3?uQ#Y86N=`RC|GyF3R>iBhv+&Fk1^JAhzHab7sn`iLjn*8TLm$0 zG_d_Jx|RTK1T{6aDxkCtBEhj_x%{w~Fpr_P$cbexXr~t#IIS1Iw{iFL&`S)AP7H#NR3k8He6a}gc zw@ycx2|xTVS_n94VjZ@7dQ`UNl>|wC?d(zgAa2BC)Y)-gUalSomc(>)IM&n9D>=kC zfcpAA^{X@GECY7zP)k{U53A+$kqHyG`H>J!tFUZD7qHc${5q&SaY8%%m9Uk8 zj0~ftrF9>3heaM$0q8eJ&k9X<7B!4Kt`q3k&TTDu8Q)SlKWc#$d0| zD&HdM^RVre`~$cDC#w%Is9F^4Z4@5DDRO}n2OEx;$mES$j*;P1x1BA)Z9zU^r6;dS z_NQv!Vh3-ZR|e{ws`y&xU?jmO`0Xo+;e;SvrB9X{3p-l1J$(G{dA2l<0NJW3)Bd`= z9B2c?BfQ&MqS7@%o-OG#R8+7?zL4)kJM_B6gtqdie9z}JBb<0?JVK+lk$y)Wbsmq? zV&FtFVr&j!kFhtYr<>U5muM32%m40d?I+%tcA9^~FX*Wdt}*Z(6v8sE9)TxWhtFBp z_R1O?V>vKT%2m~joPIGqJsr(V{eApP-#f08Dhoy`0p}REZV{%2Cvg9W2Gzp7++g!G`nLOW`a60&SbCZ#D3J#*&X7Aj*Os`Llm9 zp&OYccUI8T&{Wh)*@R@~X@FEmy5R8~I-~RRnQyTV_>0VMg(Oe9gT}snj)tFl_->z^ zxQu*nP3>j$A@Z#|r9Y$iHZlZ_!^1ru-Wm=N2rsifS>Dyx>yv#zJ(T~&=E%|W2`lTM zPySqgQ&UsUR1mj&pblbkqf}Gxz#FJrR09I3j&0E2(NoqP=o8C>DsEfbC5?fU)~t`9RXZAa*Myr9W{JpVeUA2xD^Qkv3$B4zK*C!z0+> zb7L(|8Lj%(m5Op+D9k95_aH${k(OHNe1#yo9xPB5m>oo@= z8Tya>1+Cicg6ejd`6>i6Xy}1xe}{K;g9hkC#5`-$mK8x+8H%=_*j#~6>+0;xS7-0x zp;b4&-5uE;Gp*SAq&u>WV!!Y!4o_1qq#(@coC16xEvKNcxi#*xHoRO|RHRC`GwQN6 z((7%~-5@?qY6?L5B`lQbij!)()F*vL0>G#o<8B1xMpFxoBASGRW+2%Q2e)}ZJ@fK+ zNM{Fx!-d*aR8^Dbw!$0%mhUsG9jU%@bixxWAYh@fEznW(Iz}{Oei932B(SkT7?`1J z6L`8Mh}-2YKO~k4zFx7r>a?|-uGdnrR2ARa8u2ch#Z2rgP5P8JK|*^`@^ZP7B2-e+ zyaJk5E9dhxu$Uj@JBGZ#6NGKAt>q@Cr5&)eZr_iL(7YdSSU`c2qVtq8c2B5<_Xs=W z4l*^Y1c%oxP)oK6fKTvT!&NDy>kL<>{^@J?tl=Tv&-O!V@V{G*cTXX<#&X z_MYn}78Iv|pZRJ^l~}SKQB1yln@t3TqrGp%j!m+3XI3g2CAUsIpbXP~huERYfLd-S z|J@bFeDxTdwT?0b0%-Q++FJmKD?FPZ*3bA*5me6W_GW20DR6!~2PxrtSVFqIa9YO- z6B2kS8ROx!8-)pVpu11vE*NShf>wP{He?Aw=N$rF7r->)q4|f_1SnPzkG3%Y5(Ya9;)x^LdZss#zJ&<*&P_S18#-Z zAG~*-wYfY#8CBf~UZRiH8Q8-xm_ig)G2~k0B%D&Qw#3DS(hHa2WP5K54XDe2Pp|G1 z4Kota7DTI2jlY6!)|i+CSklwN;QV=%JxS;wmaJuJs?R1DjD~M!K1FLB zPrwv3c5vFQbU)ZgvIRIJxL_w*r{Ck7CXHT5@g1u&oc0>8n^lyR&qerJ;xk-p<(ab( zQAO0-OLY{X4Yl~2vU5B5{r>poBF7W~ZEH7CH*4F`J>BWuS-%hs?CO={G`M3w*6kMg zzRiJ`VV+qLk}DGs{fxF~DZNp0k6ry^nw$D9IcDbi%<~dtPmaUXB({!_7e6!)j-Zj8 zv{&zJLkTeg_c5R@C;KLn8(Q;nPsJ8_=_h>s&nd87Qm7PGS0|;Ts`QYGEPm3Iv=7{3 z)>>Lk3}gLSW8a2euMt1`Tsk=w(nF2?fS#kMXs_|w8@;yc;XBcO!mbx6`zGHx0Czsv zW8!m8G6Gy5Hu8i8#HamxnnjEc+VSxc*A6G=x&N%#9Ga4?msgtShEQNykhq6O3XsbG zN{7FVD>>rBXesp;FnHl$N*TT*&0a=_wm6?P-?4OfLdi6Pq4z;r;3?Ui-87Cx z!lItE*1pSaD@)r~__R4zG>I;bFMkV{{}Q&Ud8u#m*wkK8nb8jCF3gB`p1znh_r}@o zuKH@UHBFaupV4DRCjCMY|LT*p#HZFpJNZW-@XhtvSeNxe!V+s6uNp}1VdD;1sVFYX z09_0rm6q=M8IJ#KXNRg=Xr8F1NTWb}xnrNZF2;1jcJE)cj@%t8hqm_Cv0x-)Ikt-*PJ$DX zj&z)9l;xtA&X1U|AZ&!4HH#ooO{W-DY7DHM^I${k`|{SIM!nO$?=fG8-_;Hq>>oWY zYA&jnqEDA1=dBd&)p)J>VeUBGJLM_89J9ohWdKAyJuN+gh=##Nqdf~h3Ck#jn7tg!OzW_^NpFho$CG7 zIG4{JG~*^t>3?v#e}VFjp*I3rQ*stS<=FDg_|f+OoCl3fyIC`vpnX|aTc6b_O$b#A zN?^bepPIcoe?Jp6ez@I3%yL!EX=k&QU$ZVZGL&I{%Xn3w$5SKsc@ZD=x?EH=Ja3OD ze`B=4bTxTFqq~*s>)_ZEOB=4)7x%WMWg`ni^CZ(qYLY#0p2LZY^!>;0W|sbNZ;yMI zYWevi$Q_^i>2(3)Lc`Wf)VL;Pzs;i%e+tbI6<4IIeWTsu$AB2a8-$q>u!vb?v^DehqkVXw4o{C$$ zy2qG=)HHl5Efv>kM?VvtW>J8zQL9}p7^*y@PFT~-Eh-{p{90ITrWSFt{E3w`X-hW{ zu2LxobYJM&h7B&2=}^ku%f@F)=TThQ-4#08()g5>4VG%~iftW^v!v0d*t#w(Ossoc zIWrL|G-KOc+q({gRa-Ie$VA^qW89vj2LgUU5qmts!s$#;#^OZvQS*CVLF#i9R-t)? z3iz~RJkR(|3PaVuv)O0bxO3>{TJ9GyvvmhHNwY8q&Ji717X%+|1Z5|lx_a4ksG0Ne z2z;>x!N;cFhlQLnqqLaG*&HrdXANVBl~ECYz-C43c(_$5W^NfCCr2$yXWrm^BKA7A z?8o%zr^+sQ%sS3Yk)LSi$)nBZDBP~$pbEnTn^?>`_!Q-n5)?a-yDYOj3gM?osd_Ru zZTx2G%i^h(8MH7w4cj+=OoDap25fG$61TykCiRuu?U+GtOwR^Gt@eF$PE=I*0agsM z8xLB@2h;yiK-D-*-*h2beEl-rJ8(?ec$-CZ$zWN9;A`2-^OC_ zjfdJNkFxay4|isy`vHfp=d@2gd(jU5qb6|4ds^Yj9{zC=RR*>XBj1Dw@W(o@lmcfjE2{Cl}4a?U2v5(;;DxxOsS_1oyXOO^gMc0x^{lcTlz5*()CF>dp1b25!Ai>=&Xc8<0wZ=FJ;sWeo&Cg(oCj!Ol!iWI|c z3umBQD^Z~tQo!{JKJKj`F=V%3OI=dM3chdr)DUiCppazIHU2Ak#(4CkUuF5H;bCsh zR5k?Cx&e~aQkR;=XaSaIMlE6iCSLx~Kr56P(=$Ir3h98cS=Q;9jwqP=@6UePHqJdY zzQA0JHPkx)f_`$MZ4W>~q8co}c$ruv;W{@*>BjK5vw71Sc1yk~xZ)<%MSL15bD(|K z%g5qrB%2H$Vhx^!g!A>=_=77uQeGw=f%3_~^^EwncMkPmu?6V^JgfAq1|{S{{_N&( zQBxp)p;^&ug}K-fVAC-8Up5Wga7D80unyja^+Lsz%>;<_Mo2Q)jIt1#v~I|a4&j6m zxny-*_Q}v)!^Bybz7;qgx> zRPC?ox;HMD_dBeb8-^1JzD~ZTq7n~!&Hc=#>y;rWEjfwMFjsWAB%x4&?;9Etc(uYZ z4XEzr>E0xo5y_qjD=J(EzqGYJ?5?M>%@lY6vG&)lW)=&knv2?-uS`ywg=9EWM71+c zU;AGZuje*ZXjt2Z`S-3xt(&0J8}L~gX6B+SfQh}U59}my3z%C zOn`$1c$4nue>g8%|YiwZioo{iX&7Iu6ap638UU_1(4jGkpPZS=Bb}U{ zE=)hnHO-CVX1Q+ov4{jplu=l);s6u$4znVO9}k>o!TRHqoymQv7&=w`qShyW{Ow!5 zU&9JY(}c)OGUzmB*yqaroB86(uutGD9FQ2$q4jeN|CQF|vh?tvJC3m+tI>MD|kNYWm|KP1r?$@7Y9 zAETt?aN}q_M_@2#T~u1Cz#!JcpPBT8qLOB^_OiL_U7Z&X!Xcg_bY8GZ9sydu~}ioft;PJC$jTCOSbMV3M< z#vEg$zjCjdujf@$xW`Ew)5mVl#&J|r^hkLHWE(`iMr&;TpY-9v{E5WCGUs~|c1`{{ z$AC=o^Jxk35D{A(Hs^J+u278!$%?}>!h`VjXTFpxiB{kCeT8Tp?D-v;L@n;yU4_Dr-Q1v`T<#z8kDpA$#C?Ginblm5fR zva*M(fht3`TB>J@ak&PDG<($SB&p^lB@z^rwg@oq$fuk{Fw({b^1;$~mD91=!uQ#& zF5b)_HriJe{ZxiFVWd>nwLv*$s=25=BwZTC4o*5QG zH=h@lQhx`@5=#$Ro`Q@Rrs1__Z_g|F^Dqr<)uz(#n4?UXG;i+iWKcS^aIMp)PB41c zRCF|zbMG)-u^5;*=%O!1w%}tM9HlgH^tQW6bah`uvUlPzH9iTjd2ZPLarntM>xcxo zt_-9B>U+kh)Ab=Xe~$Bm-;%^?btUE%Fe9P(SO~#<}SX1Ez>Ukuu%%##;;A zkAp<6Jegk`*X*qLB?2YtBbo`L3C>%B?8xB^>Ogl0J!#BrrA?{~5Eg!G`|#$60eu1F z?=&&Vw&sOuI;Xb)h)Bi{4ZAC;^}chv(B9HhwhL#UM)K2A7dZ)u%C%0npWm$&+(u&2 ztbEPiYl&DQVI+e<<4a4q>2iTc+@xN3nz66tj2g?!SJOPd+ zoo9Emr)xUp7>tH z*9Z{Qk=}mLBntqND-F3U3Vv1te&Kc%#{yB18)&O@jmDHtOy$|rWEo=mH}JWK96+f^ zVfoA3hh8TW3mwy!;LxyJYC3eVG-?BUPG^^w%U!L3!&s`1gB zSsT$y&v@nYj>6^rBZ)N|$adA&gx1?; z0cqCM`?{x|j%BZeefUg2PjCeF)!XJPHG2~`^OWj_oARj0)Ly0T9=wINBqid%3T*ZHkSa8~w7r}UwT{H)obE)JW$H{OJZ$%Dl(~JfT8T|!`Rdf%{{^FRc?}8V zD8EwiGSXWV)_g~BLQmuq@%0OgT;}2lwNZ7LV&=&e7J*$Vl`(0Q!k68a6gPh(#q4fxh|-KAvt&npJ;mVWFwt z;c$1)LW7%^KI~ISaBx*+>D~R)Z6T~hkDyimkfF<~)i%;c3o1Tc091S1poNKvS#*0l zt6ZOpan1=bc;70bAMtH*`O&8dhRFKp@bK-dZLVT?csb=H-LP=AE@?UCv2fkGJqCv9 zI)L;lN@CUHml6|N0*D^~Vhn$OpE+Jn3-gyC$!-5L?5KO057pDY`hS9EmLCYBm z=%0>%d}N-UqA@7IEw5u^1Sf|JYZ#t-%8$~B^jtCyhOd<_d}~!tP#s5|np*3#VnLCn zfgodc&RPe)bN6JtxsSLfw(xgUc9)BqREkrRQv6ZZibzgThiyusB1%! zKLIe*MsNqT*lAVZAh6ia_*V(UU;g8lfSGAaBs2_I>DfYICgMi_D9ARkm76{DQ9aQ` zBW!z4g#hT%>L)7!kZoP$gPJAqj)cj%=XZUftVYzlJI15^~+NR?8Eh=ip-*a|!4X`zSPrSP_`SBRfEc5Cd}!GM23sD?99_rF z8CEEz>h{akFsmn~EzOI<(5$D_pVT9wqdlMZ=B(!KnTlTPI1lc}0cq5Yr|;L=F~G-{ zj?3YUOoOO)W@O~#vU4csXEd;}s9h>a#L4-zs&}mOPpzUcyR7=xzFjPtV$PuroAS&V9ETgTQ z$bIDf^?LM=gM)(tK_`E{;pzOSC>O;gtetsZ*K*Oj+gmyNkt*4dyRv0~vty&OR8L9e zxj1jAGccD}ee|lQp+g8ypGMcv#Pj-Hq#7~+R+%*%uXV_}mrX3731Po5x;Y-ofmW1`{Ip~2Z9*_c^P zOY!nl?;SOIFQVz_ERnRt~BWdw|P6Py0~0ZYim(Z zI@U07JX+wf4}~kDdFK+cSfc{BF){H4#(nuV-9*$%Y2$<~wxALK(8FbFW)|%F3w7z! zsHU!%Sapmt6OWoH$V;aG92CdDwWaP+b+v8vIJ-?oT3lx>g^aZJa_}6#d($HI0?!l4 z(!@d>wEX4zfn)8_>ihxlD=RzW^uKhfXLjUB=jhW#-Sv{|u#HD|p1o^KWQ{C4^mW{j zHfT*b|1F(hoXhx2_%y7hlsak}rP|Q5V7}RT*xJS0o>^|C1y;_E_Zz4QcY5nVcC)Nh zOWd$C#hy4H!o4T%Rz|9eo}wo{~wT_d<#p?+@t{D9F;7e6W?Vy4(eKkI5L|n zig?Fva#%ysYZ?b)?63pdMGMwZL!$aX5Gr(xzM7kl>6mLSU^`#Lrc<^^_>s45o>l49 z@r<7-75c89p)N!O_I+Q(A(X&kqc@>KWFO>-zfJlyz0${Np7Z8lO++yw8 z;Hq`r5nOCAs2LCOgw>)~Ee=sR?Qx|EGgAfISu{f-fth)KwI|Y1nopoH8$dCles3Qo z@Tou3zu}<7I4+Dfp9yIjnD~a|ka}TTv6nJmhbWPhMDRYK%{I4iPpf{XHY0}cuy1p- z9JOoTQlEY_`2Mi8ID$g9$a1d>p<|mj{9eQA=s->IR2wru-b-(UL?8P$8%@&CG5o$X z%!l%%`OJZLDaIwGW@?J}6KzkEX)_jmYU`2NbmH?D)#=%T0|p(+jZoDN($*kO;(Sa@ z>pK2`Ap6dq?rwlb2}%K-s+q1)pr1R;i+jOYlYQE?W6AC2sX>{iJ25?n z5Kn2Rh~2Eizg74CJ?U2hzt>elkZHs&SWP|BL8_1l=`1+f=1ZRBs%*gd#At5rqrDo( zv=U&28nZZ~7Ka=XR}z@@Lz2OD&S>)s#|WoXJ#PrfkD@%Khw-0Fu_+lENk4Co264wN z)9J0od1}D8GAlR9`IF~cx1|;~B`R2+srjWZm4l?%w|A?jLig~$-X$W%%4ea8UYWvQcF(wgbks#`KjeQ>OML~W`8?(f&d5u~AY{|1 zIAHsn5n*i|Q`Ail^*vMwD`g3fw}}qh_8tHtYWZ1#75DGE8)GZ@uLC~?a={DOy*|f< z&!*y=OyBgw(C_y=5*|}%aglgO*d=tGr4Xutfr$xankUBuf0MbhS!~EjM~9+ejjRMd zz}NNy8x#ABtaPl2g{HYY-3O|Ti}3gE(1Q?4pZvwM1EGA%s4zF@2S9Rh{bQR;OU(J% z1J^k&_*ux#JnIS(l0MJ8afr(mLsH8?U2#lJR>@o#8rqzdGqV=!;aa8yQtYC1r3;Y8 zki&61-zmQp8=+jl=r*-}LiRaR$Q@_9&vL-;j0rvr02b2i$|(zV1-gJt#Kaov>vvx| zNi|=uR+YtQ9S~GSVi~VDb;xR@7NV8;+?-Ao$U1l(0+NV359X4lCzf%nt7K0%JMejv z;JgF0FWqlH`b0!V>S;9n`~{O6m(d%8<4#2%!M0bp+Rejs=AbC^xByZO6w7b=EN!=W zG5yJV1agy6s;+?gh;TvH>ir)6!X(+s{=kqYCO2Zq?d|3%$ZhQehqXDUsRZj|5mJ1a zlv+_O{e{q-Jyl!Kr=pU0W0|AjS2ra@^6jpN$5fZMTzssx)vov!B{{gyzPULZ-({Ai=0*x@+_M zHrlWJzh9lxHb%WR5>)sR9`bqk$U>+pyhftW>YI4iOnL{ivVW^3Uj_|Bk%bV#y5%bV z)DJS}S~CmtBq35{g|5hor8=#3`mwN(z^X>Ye9!ln)J4zPEdyU=vRB4%Fy#`$unosO57^c&H<1+{m6zX8YBXI~YU6874OAgZxDHDDSwE zI*dCiZ7WUI{{X%RRLjW1Q8<}O%S|IAtA)o|$iwOA8D0cgR*>6W;!_$4_9rhdN4Ax9ftr>OWvsN1J%;HiTu)8AC) z)tz_%8Y|nmJkzTt&p_R%*tPs_YU=9dwZe6)?g*!^;3HsU>qtnq^}eri?_E>bO%j5u zL$Z1Zc6nqUS8C9xN&Hxl>M{u*Fh^IpuW zLQRh{#H{bDGKxh=+|S$Wka=Pk-QuV~}zjQmkOsakC2uw4s))5!@$FVou91<^utL)91= z7&rY#_v)6tk;Rp6(w{2XjuyNo?pX2HzS_8}&smH*Nd<~c*bfC;_(W5y$othg3Ti7D ze)2AbH8JC&PkB@1=kNK7;|Dev%pW~{ifz;!H< zV1E&xjjUb&!n+~XWvMG6_kvazSrC#saY(1DW9kaNj||UH9FkY;w;kHqU#5x)E^-X= z8p}-$ti|tvO|w6_tIbt_ujuILTDy-R0HA^Qi2ZbG!nTaO&RP8^up|;)^_d~L zVdb}P475NN3o@fmd3}+-`_~I#F}NGW56T~lYEW(8n13ax^|2*G%PO<1bas&xn`8$v;B5&c zU(jW)oWdKbICuk@D7onr{|0em>W4xHB$9i$4t-j&($A#UHB^R@@K{@_eRiZ|I7;x} zenYM%F04q_b@#pw9IG!Vc;nm9An>d5^v5CS;3fJ-zsb<(V5F#f$x947)!QxmoP}#y zFDML%(m+)x_kJQQ$D}2$`k#5+*+Gl~H#~K$GmmS1+R4b<_ z_lrxjvv}L{?21Wxm67(gT!UX4$XTGy1zYw}{;i52?+`xz*J9@uWCHR&-)|6>3SqG6 zDHJTs%5$ue7E-CXGXbt9@h=g$#^OcK(Jf8ZmThYwLX3;i|!j z)ziMM1p{YC^y6ts3G=NN+IBPO4%v8>40YYXL#xZQql2|+em%jYrk9^^B*#AE03*UY z4fAU{Qs@bFN{^4VrDamccvGfB4^hvRt%CzY!8N2v7i50u;t%F$<=T(sg_v^xNT@j7ozAYiIAZ1SE^7cu`Ip!6I8walD!{?Bb^mzK+XDok1K~3 zwdl5x_CPcrSoYjSp8KVb;T3{*Xhfc8Zz;Uwg{H;3gkF5JaEu7OWZgO~qo09U3AXg1 zZ5&kCc5pM+1o_YAU$I9)r>3eKu1ogNq1RS>DP*46K`UmAr&GLKd(oPiS5{O}l@dH3`5Ce^TgME!_~0e(6Z@oIhH%++V-X^# zBI^iYP*M7Y~F(7HR5^aYtYLetG1@3Hz_bY`|1%^%$Hz}`Ne z0Q;L8pE^WgJ~s*-8)6$4TCX!}s1qO>2wx$;@)jwEdKuZpmM#T%Z5_~*F_a12LnNj_ z#O<*s96US2(vb`TYxD?7_V(yvx<|qg8@qjqDJO@6GppLXTYls+mF#O=%Rm}`0#Aih zCrR4NpKf=XxywqBB=sUq?mO&>ZO(#~Mg&*zQ}OP!3cg)ME*bhO!ma=E-a$r#C3^lh&C~S(W#~sAUV=y$7m=XX;nE z(5@sVlbo(_#q(ohvDF8^g>!S4=jnD#@HT?`PA;MOF4G-Fx}B@}W01-$v}aErqfD~c zlazwe$Ug0@aJ)512BrdcX_#;FUdL=`KbKx{eQNc_N=-{^nuMbZ{dReId9j>kw5A}+ zg{2)8(KJqZ4-GOyS);oz339{rWnFPgWr(>-UA`|;nH#ARAvgYcq363V=S<^BWD6IA zS+`z-{2?IEq5WZnia}gkN6|CY%XK9R41pKj6tKCaF|;N=w(4=M3iZ9t9S6G@6#;T0$n_WCAU>Y zbV^2XP06FN@Ye%j483IR(b{gF_t11LVli^QUJ-(~!e(lD;{Qb4n;+C(PgLGWI==js z3UV}P4?9w?E6hv&wPX&%*ELbnsh$AD{swt+IFcLtmcYzZhb(*1pJU4;Z{yRW^Hm`y zb7%L}^|d7BUAcY*PjY}W#Ka~)aoT0n5)lh)R6)MaehIR=rV*utMellXIe68q@{{Mw z=Y)Ij+3C`LJK_;ZF)QKQt(?7G(jUEK%BDd&y|Wt8zRDwCHumEmb~pRN9TSfCJ}-fD zBP!+c=zFTPd7?a5#uo*%K&@^EcI< zN9xR|DzMe|zIUxP)uu4$z1rMrW4BE6(2u3N{G+vpWsl zJ9Q71%nUinOiNH}C>E{Fm|TIB@qEYdEFa!XzW}XRPi{6?{l{3dNxckyb5Eq@H~`7) z1(dwp>ZLXEslIV546Y`GA}Q3WD9h&PkVXO$g@%fyw5HPgPrh2H+m@tcy!K&k(UPpg zvZExIK6=&UQ}g{$#B8c`EH`sS_=N7@9DStuO7!CjWFu68dWRd%$WvZQRc;KRbRgU2 zvp$^)bK{>>V(u_&JX)XVjR^%)mrD1g`&8H0&>wb}-+3iW5VHE$G(ziah3y*O2;X@v zX>#9MXriO?M&QGz0U%{!@y*%_pX1Ud{$r;mDoprQqUatdDMUH6~Tt9p_38aeI?6ECw`a*i&5gc)yICb!H2ufy}L}14wu1R z-HwyK{t|!=qCyCfT)5{}q7l!XpBJdi-`X}nd__N=!v4+RS$ohJl1mAbhl`2HG&U8) zrsvQL)M3;px8N2y)<-S~Q5y94zFuA1zjm=dlTk!1W{VTDv$vP;$+M6mzxe8opBclK z&bGpb&NJuct8;ea*Ophq>LZMezGgx?l)rPw)XTthya`oj6{KoGV`ytSsM!#|S&3?$ z+d6V-n1_G$!@X;5xA2i;;M2v+OWGTby*KK~Skj2t(|JWLPVrBAK-)#TFH(&GNI0q^ zCraj77kYi2v4OMk_|Vgo!%(}^sk2@OY_?}CovJic!s9es!q^;$$VeYf{O_0-;!o~~ zmZSSd)ILx<#dr)M7$dO;3JBST3UY}&Kec<3HmLN}hp@Am7$}(k8q`Y5>Qr-j`qmp3 zMQUoT`QWPjCE40V!AY%vUcSy{ z$i0np>(zxl4}0qzi&^S;uo0}Qq1V7i-X1)bnxowYW1*XTlfdcbng$wPl6!=c{`rgB z?l_~O3jrbc7^_zOp(cE6j;<;EH6jp0hm(+7MP>7DgmWvjT=9L-vRg%Mrz^K=nknUX zhPeIzbg=oFN*jK<0_?%9c|BI3h&vy>tsmp~ z3}-Fx!*Yx13}i|@4-`6C@u`5F{ospEl4VGagS-k_{G}lYbKEvZ9y3(6K~WkHs!G^Z zS}SSwu($h-pk6%meuLBfE;Y1(F=w%N?Vb!YXAfWY;z@@IZDGye$E+Fhi;hK|LEe2J zn%c^1aj5IZ(Jv~WuU^`Pd)yec?^0gsX}(4)Gg>xmh1?Za6~7J-3#@sf(CrUM#dEDOzc$X`Y_# zG?!M@CruXt%q^yK*`&prH%*uU z*dJK_LoKYo7gbpW9;ccgDHvL|KO%LL!u4`D24#7<5ySYQrOKSMqIiw$`wfjkm2Hqhs zfe`|H5xw<|NH~=&xFgTujIUaoRV{e$Gd;EH5g-?MDle!7J z6Jl(rCk{Uhpp>ZWjHM0U0mV>;ah>=hy~zZWf(e6Ydq7dF8j#x)Aht$*CRT%5-{sDS z@9HW8nVy&+p%=5Uv2n2ornM_AG$L z9z&|w9MzCCm606VzA%bAbav7T)pbr6n^eLp+z(((dLZEDZ7v`%Sx2V~3$x7!VG~I3 z0a@ne^S1!(P3xHeZ#7E~_DKUp9jruF6PK?KV_?ASAf~djIymG*wQU(l$Ib8xrD-1B z{xThL=P|fRijD3IPlA}v;!A)dBV2*Nj+ZAQc9cyN|X z9EVo0O)uf(8oPA`6R!DQ>nY{V{N!~8DidBI>kz{_jA2YoNoAsl{oLF6P&C@~A4u3FX)`ya>)_`#4bWZKc?EN&&U2 z=uIUy=EUssIcl1vpaP3HAMM+9hYl@B zfw5;3@ln!nlRy)(Q1x_;6u|O7U0p3_K*cY@8NA?my=Zq`Qedr$NRucsD>^~K%m*b| zeDA3q*|9A&&O4TM%r7hUJyNmI4~tNt4RtU+{9STznZd+~x(JX?C*@tdc`v3tku!09yP~5T>qaC*Ff- z_>|_()xkGUBkk)dM!HLOLL#f2^SI`^W-li{?&TASVpNZ^tdMvX-eU1 z@5r7tEkp-eg$SXdqTVV4^kx>8o5Q2puQ0u;R7OT9a>FLbD=reNul_FDjm z5Orgy?YP-_d2LPN6s|Ba;@w4_DgtO;jkK!R>4Av}H&kECgp88>e7nyW-)-qGuW~Z; z$eEd#@MP~pHJx`S0X7hsh=>6oXQX0kdcKGh++AP)_!MBt^>iJ9`<3XuV;Pxuu;8! z5|_7!O6fxdr%anuJ>xN|_g&-&r{o7(K0hxHk0eu5(aJSy`2AgHr^1sm8&}sEO$DCH zmYPzMy?ti_q~yGAgqsh(qWW>~UVIM%s2U**WFTdLCkWY{BY};NFAJamOMM4SCFvc# zT`A|oUAMO>7G`C){KB+}SD$!KC&x!Gqg+&#b!ipF67m6=nol{8<>tW|z!7iZ<)w=| zv&4@j%5Qr>C|)P|5{>HS>zq*ssAnANXZ~vwzroW<%Zx-CSUT#i#tp*yU+knN)h|fa z{6Lr6Lx&(YqKVilbjR{ivobIT7KXqDdCJl7&YS zPw#6``L(0<1`~3k!B@IL*?8K6L)hTa;3qj3JJB33RTrmplM3Ie=1h1m&xo|rUo?4e zCM3Uo^D^gj_=q!m;L0a+`>ds)wD^8gbTq|-^tcoZcBNhhlrd6wG3t*71qB4GruN@( z3JH;=$$G1^&GD-K1UQn;DoxDHW}_-i9n%O|b1Akp1xIe1BP)A7ZtYG0a*^SwqEFNT zH8nLKnp@twPecU;|An%g-+%kvL9JLjLd;d;i!$*(B_#Z#jUM;o4`WWQnOw$~`?v)L$nc^U3dm^-wty>kCoARz6szf&xSY^NmT`=6*ZYm7@yTPtdxq*LLsjAMoSc< zb7D@euC>V-861UL06fO_u5~WGMZ1>A^dO#e8((llW-_93C~8v8FRFVW;K4<3WPF@` za%pKR%5md$BPy4of;_P^xLr*;vD|iYauQkJwpEBS`tE^jxc3Vm{U2n?{%hNQlLWUy z!P9|puiS^oOFet)4%7KAUrm2KDvB0%Z)N2jTRQY3!*Su;qk6~f1(w1k$k^D5&*$i` zZ#z~8I{WvpJbf%I=7S?GbrJLt+&lF_zK4i`fhJ?Ym2r@bjqmO=QD^re(SWLYDvQ$r zqdg;4N#;gw;R3JCf*fe*-Us=`R~tr!$$t~Ig!vDm!@tS5y-@QN^J#^kQbsL+I&v1)(AAaIeChh(0~Hb#7-F~iaCcRE zuJLLUnj#lJEaY=vhk8wCD=I2#Ycp5aQFz!mnR{0BxcYWDIjX#=Db1z2kmKs&Vy^65 zbNxw+&pII4;&^o^OdIE9-4%64&O2i0lIE<~2N4evYX8sOS5D4vfk=12y9q zpzb-yXkuW{q0{OkyvdDjJIM8a93H9|M*q(#Df0o0o5|iGleU_=s@5zZuODh(N|xg` z&(Eve&xQw0eDr-3d;9AgZ}p89n3oxWV<&lM)dbDj$H~XM+}zW}ocL{Z7)|Q6>I-g8 z(bf-J+gtB#l5F&)q=Jg%idSmpeIhHT)vQVjt1>Qy8jd&+iYG5FvJwe*m{WyEd#Xo# z5NjkqC}%DF9CbK6$20BM#5XCouG?d5kKe9~A)QijTvsdcv_n~^rVMIiIvRW-|${bfg; z8+6rx6juWygch)41bVEZP{Pgo=_E=#o#jq)kS^oM^4wg)J-RG;fO)gZFw4pp580sT zOrP6=Vnzy6k_xyXf$5o+%Zmq8>O2bRTpRK*XW5$1Wj+|5+8P>cw{zCoT3Q^pb4NUa zoR;UxNF`#na|hOFd>-Bn`$v2*@g82ZgsfBgtzc;^JWQCi9Z6h#o~ zfNj0^RXJNa!H=r%G)33faknON=oiaXkTrWLh=`D)hT;GC2r(ywX=trM{0@ZO?9c5x zcrONK{(Jxbqpf(~#LTH(w7f@tGB0&8Lm=~k)J3N!3Z1>}BQD~10HHBrct?L+`5(%kVV5gE(AswVokQevR92&k3R_>q+ejawypOV|=nRLvXWpH)BO7m-wUC z&q`-~c+v-nV1(`g%3U88kB?uoHA6o6`y;lO0<<`&$$!#v42^G_*J={Lzgd5+tM)YT z4}G~I)z(^b4(2|aKvoF*!~anEwXwh(G|uK_xqj;A3AqO}xi+1cRt>k$+sM%V7=>2G zkcvy0QYXStaEo5>nmAvKorg#LV_5#ynRpp~p4R4#B{L~pe^&HFd6SjJNR?#7oc@rg zNy$M;Ds4n`leM09gB^O$tc`Pny|vx5TKxAhX`?3807bRF)X`QpRYRhpJS~#C`a_uX z?_|uHiTAKB*wVA4SX!Fk{PXj05KsjC()i*Jwr+24DQEG#MEl^twS z(uuf&HThC!}^uZ zu_voNvm*l4yJOf5IJOaM!ka-U8)5!G$^n<5!m8$`Bq!T@0_Ts(DFAQ(p6b8Z0SEF< zbv8(1uljomNc;T*UmVf?-v;)Di2u!;TRZCBSN!E_(=H^uRKG{zZQmn&$aOZ`(rfsb z%FzvzR%1LC7DKU>GNj`nK_>M8pMM(Q#`_QYJ|ou*svheadg+Z-6&7l0>W=OtQ9*yS zcq~}hX0;!d(#dlL7oxr5tysCiQYWd6x_V3=;0f(E7x@G2?{!$61 zzU!xP$Ir}PYdA>-vDP&n5wow$o>d)qRDL?4GxC&nYpjGpZks!fDhPOVN^|8$wK z_hPn0tgOs);IR^JfE@c3R{aZhqCZW>V$#2S;mTT|sOSW&Hd@Edi2b)#X1zcl*is+5 zJ`OOq0dp7|KR0m>5)xNhLP8_)4@KR%N=@-u-o2tIVMCz76&n$WOMOTTa(}bS4Hu&9 zXS%f7#Bz@Ek6=Q@3+J)!=3y~0l+dk%RNvIJ5Z^rz`M8(AkQS8v&*A*-3NNK?e!c-6 zojG-L(>VK>y?tH0G2oo=x9{@5M?zajw}&-SMPz2?miEod`sFc7*kgC5Ew|-9%i}2O zR2;Ay9nJ9PWdC^hZzDj(0OvvLZWE@Yb+q zBlW@5RJ`w|4kry47T$q5>$v=`*#xtA*-=Gwr24p>V$?@ESS<#QfnHVu#=n#HT}RyM zu@0I?z#q-;PhS1Ek7D|$5ojaHcdly*ukfcCm9dh|#P#)5Jfg+eQD>L+ZiTlxdv70d zmmRA*2trj5j2?IsS;<};kbYj0(e~Rms{*rT|2gvf(bj&SEc_Rch3W(i0T0)CzJa67 z&1K>{Ju|J#z2O}69qH{RMk+0}pV%RSm4+NQx$1>RYp0j;reQ}fD7%c37GI3zK=#$q z?-ucwU;oE$hVhq&4LUc;O_ZBC5tv*6ZHjvtf2CU9N|gIGP$AkMyxiK+W--;6hQMTp zQ4@{D2w_})WU&Ip*u>J)u8gEKcC!fQvE*0Sot;Zcw;}&SHv+2znyfO=ay2sPLU?lS zG=uW;JN-gSLpn8()(eTOOklD05w37WM6}T$7aH<{PMQ#jLgtv_#RQB4JouS}`2W(V zzu8_N%8StZHZ@FdtT}8BwqF+HFOCzs(EC9JkFPQDA#skJRZ&~Yh{%0ny~-U6nBj^T z`u;5x{?j}E>WYR5s~*PTBN+eRCYAr;HK~r^;A75wkazy4Ui;Hj6hw>F599D=`sbW& z@&)x-xxQp@ET+InGNpgta>eslN_`(2vXMWpBmV1y>|Vgr5Q~Z6RXD-@$wvN%kN!v~ zSYlBtQpT_U^q&9A$Acs>qbGgOHN%Ztji*C~dV>Mu64~K1_4&0(OO*8acvElB$N0xN z{l7NFPizT+hE!~%k%|0wr}`h7@Q+)l0)TO$byFh7`M*5!_ZPZ*jiKG#EEvy0e|K+cLd!aTE0ut4cYRtp` zAte00BVN$>_W_$&R+O}dL@6g!5LB?BjgEjH5f)9g}v zt1q*Y%FhpfCAru7x5r~~`{QWCwieX$TXY%-L687_l9au@J?onPt;d5{u^8{E*#em1 z-a3}rY7PM1)0gCj{x#V-BmQP>y9wzaPplZ2LK6~=y~CXE8b6quv+qOa%GeML%D?b? zZ>1?A)n~8g*SlPV0VjlvL+u9=V8O4>{botUth}o#rCBaW?kG)@=cYqVYNf6}N>#0E z-Enz?-g_+rEy(=v@z@9dD7vdfAPHA3a7O{9Vu1Z*nZeW1^~f7KR+56nx8rbe5jZa|X~}bQs)sLJ0i?jf zVWTFS_o%B(Qc|LvlyS~}aPGhD`~I{N`R${mW|kRT-<)1oXcrYNN5lb`RGY@G4?$&5 z=_MDih?G3V0Inwx9F$-`rjm`H$X^1;~H_|?T$ z#Y9EG?v?(|PDu;t)@zx(yU~ZSl{Wny9Pj@nt^m7C!1+j-5r1FS`y1d85fd}yzpd?d zvOZ;>PTn=orqnt?Du!T^po>ts=?JN(#s2>tqMI3TgF3Kiw#?t`-d_kAAO}tUJmKbi z4(QfYHNODXTKEYGHV=CPVSvc=QiU}W0VjH7q;#(e{#MY9J10MXxv^ktRxy*w0OP>o z!Nl4(NM4tkg{_S_yQ(U;G`<&oPp_P@Y68T>+L_r9UoTx$jY2eo;T5>_uxX;QCqJyc zutAWM(>gaV&&!olq;Q$U)7d$)Xn}FCp#KddBq9FJ+*7m^-?H97erj)@RL)x>FqM+T zYlZ2`!J7f<_V%E9@*>8*A=mQjPxU#=S_?)aMFqJp-QDL`64!i!?}?r6rKW2yDLe zu#s1k*LpmkVVwM8qz+PAbe&=}vlc{QmH?J-hyDD!qg{c0XRlcHi|5GtrP%DX5uH9*WhB8l1Id8u_K)1oqdP@plYfh`vCcLY)h9 zjqkka_|pR0i^b!`rPI39a$Ek_X8wn?2r`}W`tuZ?)>C-m&9@_v)v4T)lEwVioUdaQ zJZ9|HHlB;xof3h_cSfAqY-gViGgcZHuDuK?4?QClSIvE)Q?)ghv@DX|SBKVw8>6|c zKB?Kg3UyR9Tlhc8>s)8R4$&xxu1*xyt4k9f+$9X-v~&HgntuwK`(nZie*ZGY*HEIK zj2?4m8VfozW7@xLC=j^2p4I5c7-lZ9X(nJ`5(X0a^U+Rp@MDosaN_WY0%Y51O``)* z*-UfP5TRr0exEtra5#8RCOBl_DCk%O*oXf0l=UxB60fCgt8qC@vWJG8~& zY<2F~XVv^d8+ObNW(qvoeR0zJ_F~raHllETYB~;9+xkJuB2owg|ZHkjL-7fyu`0()sCCp*R?uI>+6nG3)I_x zs?3O}QE)EOd*TLkAd~kQ(9Kn5R}MOn3ujz@DGXa!oZK(;Gqu0|fU62UgnIW0%X}U! zh*SyErZz|y)Sax}I}k_&UWXJCI8fO6G(wp>DC*)B0;Pz;Qtl5mu9=%6Xb8!_B?kXu zDj3J1@*^wR?>GB>9grmk-(%&hv0P|9%cZI;rrIvat=g^nTxl6ErnoFYaSHEV6@T*6 z2|FjJurVM~c5lMNw_w7E#*1*)kBg#RXr2jVY}5;!9B6lhL`5mBmVW#olMA88%TUwM zu%4ozC0mGOm4C>C>sYlP9UZP8=r61i5ae9%DH8VPl2L&eg}nU3#7VS%ml2S<`y1H@mm>58Ec` zc^E|(D47h;QstFjUv%|TH0s?4zwbUGomoOZL?EYCziPgB&df)tVc?FALTfZ%R=il9 zJ(2Wmwc(A9{JK3lFi=raA^hQRsebd2_vU8W;s}~vb$n(!jA3Tw)U{CWJt#LD*6RVf zR#VRuuqwG=*S^tOcTT7+>Fv7CZ_N1l1Zh6EJ@}#1aEwEjj_}7)9mr#zx$dF2<^T*+ z^_UfKne*o)+CSXmpJR&GA|_=2{(8O713rw?%IJN~9Q_@0E&n?obr~Q-DYbEc_!8?z zTaB7LGeYpS#t4v2x?>qLDQYiVv&_x)D+-9RKtXk#-RmlRr)3eCi!#Xau_JRn7ush6 zFpmTwFgwUkg<4uzJ`@XYy%XotWK@_#X#^%vmS?l$L#oy@LV)>Ai`74M7nQLKOuGy@nP-QF=#e2%(1>dVtjL^4>V(%xm-c z$CS&>z2}~@&)#dVy|zr_fDYHMPHfOudJjomE4Aikn!xPmetLe%F$~|==cjT}#zIXl zW5Uxl%mh{vzZB#Ddab4@_U^!FcqYpsLKvhd9m@_0ynG4C70q=F`d(_t3aEme#0yJ4 z5}g!adot;elXG)N*;R+x7JPhAW(fA{HU19+*P;1D2InyCtgLY@MU93U4NlwbW|PvP zPvY4dF8QnE*5?wN<`aQE9AUWwEcCHHmIJQ6yu1)mkM@P8vYdJgyA`UDfx)cm0HE(k%ji|g1}2YAMt7x z$>rpwofyMvYQV>6w6l7YhjXBEgP3lb@0l&X+e0`itq?yr?Cy+RL9ck>ze8s~`sjbz zKGW)$KL;C6@I(`Sv#vm5<|6V;?`^)m&Mh4yqxhbY$7LhLyPpT0IoT1fhog&}H9O%0 z&$#N?^luU|Ti6-_-Pf0eBUuhptJX3^2$>+T10VATeOR5YCPPE!95-Zze)sOxIi_ft zx|8{Dmyox1KBs+h1}R;DFqh#_t|K*@L>spitZ2P`nA-r4^!8<0|J+%oomJ-8_hpZU z?<@uM`{;y4QAt=+Fggg)+;n%=HcTO=v3XSeHOQtKRJ!EQv>MZ1l(lFi(|$b1m9O8K z=~JtPK_wA$B?p~brTuo5x>m_q%MlSJO`KUPD(5h3R>19)SGisDUnaY)I-yfb!R*g) zcJ)t8v@V(_WoLsn2fW71cgRKri4jR`?fLVcE{v(sYYsaHZIYl~8mDnVyJu>~wK*_p zKCZhDmfQoVSrF`=Op2dj*3z62B?U`~ej2y5cZ!DnAgI9hJ^YsgI6${LVdo_;+1fVELY8=8=ukiuTR4b?6)_w^NdAdu2isRwJhubEIE9^SOJ zXl`iHtpU5>PMQ07z!lD>NtU1L>$`u~-(_*ucOpHH(cGo_OCW>oKJ@ChJLIfyj>ia<-w^DtY$Pm)mHX|6)l{N+xKF zwBosOO;Lv1G5<Ex5RTu1(K z{q&iEvd*R9!k^NHuHA;DP)NJV6<1xogG{t>wCT6PFfbg4fx;Hg@*XaJdIbpiwN8` z&sdFVfFq6@>gn0uUWpQUfmkd|Y(Uj^cEZ9v$}aK0lJD!a*@{8zJuVys3fA9eXSZI4 zUltdK8E~6kk=m`3l9H)Ta|z2^<9FI7zORjpirj6@6;M~dsiC7&!iV(iDFPzUgx6ge zUB58Qrq?r+6#w*r$a0xA>?Bu>fW(d2Jbkg ztmW~___e~odWiw|OPF2}R;&(HT+IK}qLCcdt#cajA!n9~bPm%O(ui0g`r^b#&0(XN z^qUdRX{CI&NL6-FyT0C6(KAbX<9(xZfrENOuNpQG%KZ5i$=ElM_nw(_pOt2Q!pF-y z*1b5In8OH&2-+h@NHrW_Gw|bxoj0UMqR>tZFr=j$Yu)tv+p^7B2xe$P_0AlyjCO25Jn3G*5f>K~aJ z(y}rwukT7O4HfW1)C$Wl8M$5?6W@sf<&*RboF~7#{wd_p~Oi5H7+gx|Vwv-B9o0v3+Ez zQ4+(v9v=@86(obkXStrEwcTwf-En5WrpII#%l#eG!OM8VfWaVM%Q>2CZ=4`*Lo~8g zWOw*U*<6V6P0*aM1drC(3ZUrtld|A_M$oZAh*V{VsfUNWyRl7ZsN#I3eNL8`_<4Qd zL7e3lyzl)Zqk(JKf)iB4y?#RY_?t`h6jpKNAf_i{Ru%ha?m)~3I#ukUzCdAUZX1y}}RytPvwqGd|JQ_FfO8~5dP z31F&Be?J^;<{sOS_l1^kh&%kN=u^$VkxzIQt~~cmS*oe!;`iAeq9!^adQ|k)=bj>w zr{SV!v`2znTy?hfpddYXaw`LZDj!0GJ4ZkR=75F2#iQt^%bxg5-ZWLGyq}NYMiu02l_jH+Zt(WsVy$)T0p|#@NGDAdZ)R{ zLsh5|br|}{TO5`JEcwcYfm}XbzJ8}sx5ZLfFPgD4QU|gYBJjV3U#Jtkdj&B2) zV22l(4n~IMr;L-|508o0RH6$AV+2XjcKARnSA+gF$k>JpE}|Qac@##RO}8Jfif_~$ z+5#*?2L6rnHXD305PfMNgK^?&pZ3P4(Imysi`+@^pWnOx6Map2qv%^!++g|4S0~f% z{>Nc6*{w&A##9rG_Y?bHXabrZ(S~xKk=glT)h?f|A8P+T&Hjsb!Jevok0ts9j@Iq& zQjELWfA0a1IFdUtk${vGFTZ&pq=5^7$;vG--X1-V-#-Q#S3VFBFuB%|U05uV4ESa& z)qcL3L%q|4tnzX(pP18~QAeHiGGNHbyQvvT2`S^fE|jK4IAUDnA!fj%L!4cpalpf7 zIurr2CYu+l#-p+XK*aSEpf2Lp=(N)-6!q5#v$CA#WYbg)p;KTmn_jcyucY1QG4(a6 zJ=?kyRbO5=(kwDBOhXGfESDz*9d~(mYZp?C%O>@tu}tbw$-f@{Y+p%{77L1+f1fR~ zYL9tb?XeVYVD?gpgY$*LctGFjcITKV@_4GBcvN$g7yJZPff%@2v_l>wLz~%IVoCzE zP8aQLA947Ys>6|tJ+3abK!d;RDUOgfq9X(&{G z_}Xjh<#wPQTcyY5%{CY}54T1v+kx<$uGf)~AICf$-M>Lk03CJ8fQAk_X1Isk+<22~ zrNxLgUA@r*OHD$ux@;cyA_A70K6RJ4ySg;s(tPJGm!+FgKMTLQCUq_P>$nl*p5VX^ zIz4+NGQiWb>C)xPr=S{nInIYk;C$ZPD@*e&(f7iPr6adHDp_yV4}bm2tYeW=Bl2#A zDH$ZLbg}|j#w2H49J3U&&~svXnlQT8R`07z2ii>XKZM5SU2_n{kTRq3i}vzse#fka zr0>4h)eN_T;kcJk*#~xeCYX>EC;Dj~ry*Z#0Y|a|auWS;wfeRf+wI%akW|Vl7Bx-8 z5ICUMYJbxP|JAZo{i$p(n>9Y7UMf!1>_?by-@+|v6#(0ZrZUB zvpKNG<*3woiT3t81Rq@|(WD&Lk|2RcazRw8VpTpWtE*z7gp^i?&QB-UtYjTSsS;_8 zT&z{ie+LSG^V7veP|KUj7bEP}XP>@XnR5h|8TpcVqb!i+eD+#7SKc->UZymDQaydb z9p>$Q(PAJmPv*L;#GArP@@{y~RMr6dguvu^3g8iB-m@@;c4K$BGN!jMFt=XL_eTLN zL+_}52U`Kg$#<1``;DHNw6aYHGb=c?s~n(x-u_ zi^rar-s-JP3b}W{uizg>ZV%Wx*+s59$ZeYqX{9@us0XclTdlq|iKPmVlTb~Q4v50a zCsW1SnhgEq9a5-$#m3;aL!pYHf>U@@Bx}&p`;qd6Y+*?O(D>4xJLMOzLO(?Ud19tI z=_CMyP98%w)C0P?GKGE}QZf*hNh>QRs#OL&wh1YhoF9WYkHH%2Jge-|J3}aq4c|5f zMMP~gFfwoHl-cm{dY-W$%YRd>;=p=rK|Ww_bt7juB>rPZ=DmT=J%B0FB? z(WtkhWwI?lFjA_avc|%+euX|a0x2(N)h+X1s}IgoO;)7j;G+?z3NjBb=Aiq_eSKZG zt#DwTx5%BBtPf;LB4~Lq+H*xtz;88B@{TOK;m%cpHu9I{IA?( zOO*00P0f|K9mHmTEG1dmFBsrz;U1RDx*ZHJ>^y96S|#LHTzU3e{hw;Wk3Q0=)Bl)+ ztZ%b)vMIkWblHm$^lV_XEeqkF`*f{i`PDsd$dG32<7#bURinuJT|z9<)f1!u;k>#X zqRz})0z(7>?6{@d!s3@Ysu6`F1o-NT`-;6iQ2*^wmUCD^TK0|1H#nkzEbFxVLJn+1Js{HY^^v)gri&r~W5PsIuOygTd@Z zrJ=srY9Pn_d&%-eAgKasg{`QM*_-4T1wh8!4GcPndG*B0bBg>|whn0R2;kWXNC8Z{-UN0dnxs0WUFU$D0WWY=;GY+=&FI z7;}VQWZm#@aq=#*JbBLQ=#hDkz>ob&=|xwcE1x+$oc5yO$vzXqT$~ZK(xsuj>bFLm z@10hG=s?f2>k%w1NAxZUoIW-FHKhsK&Zggi9Z=aQjmb|&h%VVdG^fW4igKLY%3lyY zHHXA1`?fsEGnP~p>`vvp!|q83Vi^9*?gQ_8U70&1Kjkx<>qXdYO=to1a^kPD!9hNQp+b()}J5gAM$F~^JdlGa?ROeVmL@t5yZN=gSEb%`Gadaxqt}9h( z^}6rMs5E0s1pRHV+J9RJg2w@5r{A~g#u)I3eb%1Vs+78X{ zHh|v$zp2&bzXu90jDioi_HFAIK8TG9*k@_$7nn){|D5gt6*)e;ldLK>)|zx|yif-K zp5wyQzds1UtBgR>9uD-Ol~jT_#KrHCwXDT1F$vp;xEQ(UE0s11r441!DXDbvOa!9M zgMbWNLTc*h#Q3cG;T%%Dr(A&Y3a1MfE_4_dlucA{adFKBtoo(;5J&8caoe~PRHXIe$2~P0ZK890xLw<} z9@mXZLRz?qhxHm#J1+SuHVz||c^n3zeGb&CJS5x4rl_YYK-+T+Em6@g{*6{fGF z155E;6y6-Rih_4_vFjKZJR*#v9B3Qj^u8K00U9*_E=ou%=?ZTBG!AHYt;I{N4rv(P zS;awsVvIsEJ=Vb3c&ykAq1d*y-VB!H5jS;j?v-#y(Fv=yoW`s{X;DEG{Ft@6dW4yE z*KknxTKo3u$*S`I#pxod1s~W5w|^d>dpetNqB-<&QA4vCb#w?;;eEa^71>TBw3|tE zEA1#ElgCdEC_?&ciujhjhc8fqIgHTr9E^|lX-cCnT*{M75_?Nd0yDcMwQjk?ou<{5 z08FHipHDml2p>T6@S``WEoV94VA>>@UG=MBdfNJCw-P>(w#K0}ty*fBuMD%Z%er9V zHyOs$cPLtEx1NJH%xr-3T{0Z**58Vc`r3wdrM{^l$N^8Z11J=vnFnnA0)yr4LFjWq z5TH5Sk({>n_RjU`=FSMktuvb(^hvMxX5=z6w*U_3cmDaw*LJ6ql!C^0&GVo1;K(SP zgW_&|XHQu}59r(yUWuATcT}r&PDrKirFx~C1szpb^rdWR(@Xa-Xll*grV@Q~4Pj0q z*RGN~UW#8Zd>0p2sO-EJM__{0duhCxt(<|CDa+Bw8o?qUDyezltu=c zdQW0HgcR4GKRs3qHfvz_Y!WX3#H38W{-yTfFZ;*=M%fb=J4fF9?3z|yPBcG<@aJa- zlerL{{@bI{N)Dr=qfZ|F3yjwiRu@HSi8}W*Dkf@gT8U<*67B8lI|?1!#>f+gZ|KJk zcaznj`0Yun%YNGf`Z{`Nh?p$D4o*eAi5)Xqd+Nw>MJ+`=p!9Z+hdyO>s`+z(=Tx*m zdnW_}5dzMM+?!WdvJ71339`7ed#wh`qPX@!PRlzX6FMm?>z`B;saQc#Q`*wjaCX+- zK$x2bXt0A>L|2|7B>YcO| z_nz*J;c26tL6fXzSHQHj2yCgyTFP~gw*AVVVZ9UD^6S4eP};@OZ?B+Z5&)XwkBJfLSNkuqfFDR)jW z;fhIPctty@@%}8ZYrPFLQcnl^2&x7s|9EZE7tN@-ew5v2C8y?ZiV9GPLoGE?VQ+ff&YuX$3Y5|5XS;=m!sh zJFaWDO;wkilK4)px;KGZ4T$R1&Lj#2Z3u~R!kysR*}|JkXxgoew1QEf=xlFBNa+z% zCYt{#9PB%vE*MN9Ejb@#u!hlVcND762UEt}R{KSUxR)Kq<-7>HBc~Mrf%=hJYSl`= zZbKkwR^;3grmik{4}~L_rb;{4tcUw7oSpMo&OUj11(7&wIzhs_(GLOE1Yjf#J)<%ACpT+E~ zv7wKPIrkfZ%0&u`sekV|x;(7AcYLrGqgD+5ZLoiPbjnYeN6URsyFe3g;lp6RLt$^w z!2U=w$WTT&BPPg1j6NmThqB&ma>EjxmYF%~?%}a#usJIpB>R4R;maNIfHP+tmv(}H z&5rWXkFu2oX>1M*V=PYH>#(Eb`uTVJiJk9=u=89zHa?_H@5E6eQ{AILX5_*m?u%P| zDMMEcM01yo+}vVP-3Oiljo?G~x&w(N!V0DV+tNI$L_PsI&oKbap}a)zz7+Id)+cUn zp9(_-$OVwzrOy11RA@*Ih|`4GIxGrY?Y*wt1Nf1hK>b!JSIW3lWBJcNv4!X|l6bMe zep*sfvt0Z3y*)Jh-Gd)WNR`)*9A#ts#J>d;6^70N9&UZ(YutOOq^oA3# z*Uo{h+})*o-mvndD)}ykwiL#`Rb7Y(%59(Tqnd;+*p4^>v&n0K^%P--<=Dc%FTpl)RT;mae0#t5&~aaI^g zHk(5{(_tvzL{d~#^aA%wbkp4%mSE*T+8#a>dsDqx198`>uwLc_LNEyt7Fy{=*vcCH za#`o=Bv9)KR1_`G0bIjAr)s{4na~A)Bev zg(|0P!_1{*d%w8<9%2YSKE`;1M;RzUW;Heo+~eA5ax65r`gs8JwiWY`mdPf#Bm{l= zwXGA0UV}M7D@N}jU>uePH*S0qzB~ZWIiCqM1d|L-%7_uYmUCPGyo`Ky+dV*hLiW0= z1$f_dl$L(M{R-yil`4@eIl?3&F3!==Yh}QyHm{2sA$xma?+PG0eo~;m zz!e8GNVmd{q8CCa)xVDtPv2-Jc$inbEf6`ss?Mr!ZE9%P=KbPvp-hcgQ!;xiKwv7` za4*M#qGT}v!~bhDY`nN%Rk(KJSACO(!I(nFP)hBO16((Ge77&Ymh)gV z*Ye7O>?5=IQX%(^C7=Yd!9U*?@VTG3omPr?nXmO-3m{N_+5$5=RS;X+3kaSy!8kB& z+1U$E#i%=Un!)BA-1)+#JJOO0$rWY@*pI96UmP4@9|uBSPLBh!Smyi56UzueJG4!e zTM>VVsQ$P_?dXuFS^X0%o;-O4R7G;0-gnhC?dPgK1C@Ds179qQ-o>VE!z4a^`c$9Ix?<$cS;~&w+wQWCN{hPU+bgSf zfy>RbY{0@6)ROEQC>E)`kddcqW4LV-+(N@(D^;urEJjI4-NSV>D-tC(sW^JT+)Qgs zD}2UXv9ixYi=(Ul2lMflP39kO5AXX`Pw(Z%s8?6LqT7!lftH?#Hc&=E1MK0$D?sd% zZ#b~E_39KKSdwXn<@kH8R7D$rWPtSyya7ZPj{v2f5??i9B&0l$4W?!lDjT?5k<$V- z6+p8AGNc{L%SnKIKSW1IhxS+)%*9DibZICpm14mI?UAkmapK%yo>Ar{J=?BSIcHJ( z*!O^l??@`S-lZ!=!67k`7dGM5SwkFkAS^wD2IN##jl$fv7o{boq&OW5j-U(*7ENM_ zHH!Y##l=9WVpC*+829)j5Dy_SdItmgt4i#;E8HIWdV7EQy!hTQep|`qXWGCQz;GrmjtLwg7h)r2~ z`lyuV;o;%ge_T>Y36IFw##lYYDRY3;`w{O4M@KE~9UMYk0BQl>Y5gHbPfr;ip1B|5 z=Zl66s0;Q0bmB?zWh;r{IP2tB7s*DWt)lH~@qV>-?Q_6pF$Z`P<(Ik#oD|$I?5b|#(qXQ{V&p4A(-(E zyWmo%BC{OOH3ilKwP;_4zhEq|E882q42MrmVsbr|4)RIM$S{ZWon2XxnIDbq5tRkn zN>--6*Z`dfEYWoq5&f7nM!6d1AA@;wR^9j{#HW(j8`UL!?b<`!6;w*ibGZKQ?k(~K zPahwj24ChtQBk8YIK`K#8X;oZS&@5bT}JM)0r{~4R}qLmkq zjg61njt7!&t3Ix%suG!19KS&(WkQ}&H;RkD-Dm~-ElcoG^46;>)Wf2sZJApj+ez_( z3p|}uQy7Ug^R^?(fnUbLBVg~hF=pQN##LJ%$s?UE z8z}8-{s75yRpdA($*G5Po;~Q(Qb$LwpOy5mxs|GO`69l4BJ?Q~almt~L+wbrZY4yv z0wK}{L^pSawImVqtA~qTyDVzR&b%CO;|H1m zfT)V2w!$t~qc?67mu@4ZP@kT}0jCU{bK^6B}afN4QI)`KeP15B9=OpP- zl`hjaRlT-5Wl0k-*WF#OpdB4d;yM0{?WY3zH4#Ja0c^t^ml88;G5kLW@gb*=IL29E zdz~WurUB?te?&${9D3xUeqL?d9D6Fwrth7KLdIf3*UqT;x01a+rFoITZJ3Eo= zTdpbvkV^SHs}{c^nsTNu7Usyny4|pPvVc~e$0i~(=fxLL8^XiO3vNMf+J2iSFbfx1 zAN;0UZ4egXJYMrCJUrakjO!#}dAT%wQvj)mQ35`RB(R|NPCEe!I*`Z-hrK)_qzSXc z>U|@lCC2J1g0EF&uikxuQvxm#cW+piJ)WHaVx`L3DlP-sdXE~%`KKS9$CpdY%>0#x zjfSQudz&)e#`dC$`Xk3SGV))z6sq(+?bwjx38Szl~F_8omSt}-G+1HXh-y}-~R9rFHEQsyP z8*)Vj-Wl3r6WWjCp9~;6a)zWw$~ExarCQBskEOVrrxYfoH7ZfL{R&q9v8K)aYO2X}i<)OT)X!IbEl{I%mY@|0;+GNd~y-r>(E8zH=2UB4bnD3azIk2kl+^8p>eZ-d#T^7*OyDW4~DF`*Aog+L>=!jeY5;>EAObh zmKAuzA=f)jt3KUx)b%d8)ltPSq2F5P%=X%F&Xu+>7)+*aY_cnRtw=-)Y>gqv`bGz| z?p3}!nRP=et>!~Rq_FW^>Z6`9 zSc|6($#@VOU*_aEI0=QhawSGu>TFw~QU=gB=2!h%3-UNDI~GG5nn6iq=RDbGo34MZ zxlSv}9ywzifZsTD2uEx&`BTE@>zP8{-ksX=YTtFvIZq?59@6;u_|vs@pqC{Om*4`~ zR3^2-ik=pBMtd?ii)qv=X#I??bF@hGB2!B(W=#aq4uwbC;Io4j2e86>sIN8=b>48{;nw;igELLZHy$a+cG!bo3#piveUO!Ii?}~YxVW&Cylt}CDHk{qC+2U z_hu)KUy1vqic)-)XkV?-jzEZn4zRIB5_29ogzl~V0%!?cS;~=dP>Ic(nlZ{O7#fgq zbKA^JPak(qAxfCsg$%F*&|tp3K0wdN&dq&H)joO}Pt+M3Aj;RmAf}OxEYSgiScONeO((CK+J^ znl8x8qLZeVAWrXJMk(^@z5|4)Gynvh+^Zm=pkN~)e^M#|aVu+)0fBsl{5wVDP6_L*#>E+{de!9Hcpt7{oI^Ptv z=sED7>$;PpqsHf}*uFl?*8&Rm1RNR-*D2)q!EgNG>i^AR`RBKs&-Nz|AQPl=U~f4= z(zcclv$4bW6gWcWSPB6@%CW^)Xe|G{Xu^1i*7`w*KDcBn;J5t2hgOO2_#`CGth54KIraMS zVSO9k$J|&z9P!u6fti_K3MunN8TIZPUx08TX}UE=Nb}l+oRpNK{|)Qp>4vb)*6OM~ zRvxjFVbME%A|j%Zs(rPefSL!BJ9kQO)|h5@u?0_lzSFFF1H&)6)uTL_Hz$uk&pIIo zkO7;M=1S;zb>>&v$&1oaO0)`D&*kAbwS{r8!1&Rz`1q_^qLF9E`V)omVp&3`B7gpV zIXjCK`}2PXXZ)wn3e6bbcZIE{%G?7{y=+DyYlqEl)52&;^; z|7@FFB3mLyjYvnHIqVY~qZ!I~AkWOiL|RQ|dDMcb%|0(LZw_$LfIRRQ4NYx$ILWs^ z@FP}ATDof6Z_nzHOYc4v4b1E0;82D?rFm^8L6W0V@xmpIL<55nsko|!HAB=kO}if6Rn41>QPONQ=rhO$jF4f zy}hRykBn<&+?mJ$rmN`F{WZG0&HV)gblvg1Oh?feGOpdE-#oHpHzVtMSB$-)Fe(EzF35jfIw$DGl5i8m>Oou?eiZ+-6A)%3ebkOix zp#jdIdp6*Uo}iwncofbsFAt`2z@VK>CYwMf#rT%>bgmhtTjk8nQNaL4FD96O`%CLe z9&-FDu%6zd*tc7A#%dTl5yzLi-?(O6;zk&{SXqTG6{t2=33>X0_g>Tk30%Uf+7GUG z?%dG>6mz6%{bdzR4YI*78TX{Ine8qh=avvjmhhoE;h|x&{Ji?Zm6eqv)N|m?aTK{+ zb<=udiV2SUdfCrBpuP3^av4&Xp2Ytm^gkNffBQutPe{w5=&%oWADiLwp5AU2uid4= zP@G%3-q&i{|UWAsEmOi{LC&yI%Ah!ehi(d2~5=bb# z|1^8v$e^k}%#Z4-Ao8o6f&whx3~iCK+!dyOUIR@d@!jNlXJlxkVRPfty}O=Rnsbxh zX90eGDFp?g6Xm$hSE?NaBb!M`AawTBqe+edu^P4#0H&mByxX@N3Q$e}Shj?a$$3$f z$Z^hjB(Z{`Z2fE zoXp$>Eu+dET_6Qk2>mpRgzkCYF@k`-*T0%C-~wrz_3kQ~%NvBdb$SD?T*hn>Q8CT= zE1YwtCMF(AAnM$QWThan&z!lST2L>cOj<@dvG48up>Ci@lF8}(@^U~L5989N+x)=9 zNP4!&m8TED)JLIao+SWsu#^}ZA79<$l`kr`nyKANUfzh)RP2~c&H`;rqGSw+xnqh^ z-#Ev`=k&_gLta_Rm@fl2uIzH;3q8)0=uc_%i@8Bc@0_Zdd&T`{I5=(iATN9h=k2?l z+|H+_jUeba3cmWM#M5sFzPM>Vz|DCX=)neRsYa!(tibB?K|E1MqYiFTsa~Bxsd!Fc zZkQ8BcW>G}YAUHk=0VmR=A%ldc=^r1xW+7M^_a zL?OMqe#l9?pjRk)k!Anr5IkxtHsA+*@m~z)pRfEMCKeC?yS;-i4DPbJ-w%6Ei2o5zlLH3z7SL`eKss@5e_pLxn2^|Yt39$Vk`Dr_ ztN7;b&VS@dQ*12PO{K|9|2dSOS0{jxG`>vuvr^rU-t!MX@TW&HoT1#y9PLcpPG}Z0 z9XpHZ@z`^XIROi=6_Kl(?S%3Mbo{My*eNYcUg z8_W5B5f;2?8uIq|PF~6<-%FR-Y9~v)RZhzO*@INpJ=m9JmvOa$bNcRK10}yljc3o! zy#(kNU(a}#$g-aMXEgu&3#26CE@j2f)o!eUHB2!MBjlN%}cPs6!>Frb8ze|t!{B(ETdm!*7`(F#a zLRJoL@!nSgin;W-Zf5?N+1Ypc?tTVHgXCEG3zM)Ki*c_C$^K(n>;pLoQ#%6@+eO2a|0FSweeXCf@Y`ib4 zwpV*J3H+ydeDMLpPRL+n(49-eDm^ZLLZ0hbhld~pNjF-rm>F)D`{a`r0b#=^poG># z;na8Oof(6)4!ui9SfZ$AAEv{Ems8iD%kRAH|3?|dGE^CjGbux$1fKm>u<3;%AbfhK zt$l?jYn>zFM!?xC-aq{G2f<_FLHyrjJ#f4*R%Gl5nEB0~UhhTYnJ*IWE_7W*o?xJz zG8Zy*d|6k|y2h{I?bh`SP_3I6@3JX+a7=N~EM*&Mzr$mX@|g&HVeqVI|6+QNKgif{ zDHXez@nXaM_jBVg1kC=bPK9+|sik~F0GMJM;u8(cKrt8X=RCAL8PUA7l(V8NnPb#^pd5&|JbT!>wV#yJ9vmFp4KTYDpXl=Y zYW&C1EEnn=I+-%&e);Wh|8e8d;tcf588T0oi@Em}S@4|+2N-4)?%UD_6i1vZo5faE z2|zJ1?Pr&*#&i2rB^pZtzzf+sv6kBAHgM~3#_X!CK$dEY0*{ttUH65yFDnTmdIu%?b4!+;nQe&U67YJGQLJHNXFo&Bdb z7R%sc>WYqxZ_qY-=XxxvXXmwlI{Y*T9RF@@DEsG%nWO)MoAaAta6LCs!mX>)_0z)? zb~Vcj+G|PQ{U?xqT@dp#vSD;fP+R)rf)fhAX*T`IqWo^)zgw^nwTtE@++uDP)pL?3 zBMRf)AMpWPG|Yjb-?Q|;a!-h(TYv8O>qPwF_J0h+<#+@`i`+^Yi&+?E_)VTKzXSs+ zt*@)fl_H+ETp_YVWC+~+O*e4Tq9$)%M}pN+9`8NJwW(P*{I`59b0nk6+>^0>rz4xS zV1}6*Gsf%RFD2~4G0OR2M=h?=lk#3U-WHn%mA~svH0&HEq zeR2iODrqIJ&htOar5^|Lk3;;92?p1&)O^56Z#?SyfNnVOM~v_{Ul{?D()oS6F+XJ{%tfY-zpFa;@$Y)TJ zoL3j1`*%yWOY?S)n$EF1y{xn2V(hNhcNNw)K6j@KDB`;`bCY8(pIv=#cg zbLZHYapCJD2VKuUUZ1+Lna&Z^aylO%x&Y5S_EPho{f+N7@wep+(%#<|OiJjfC^?40 z43QHGwC&ogoy!XZcRP+F#o?NR!A}H1nsZOaSUD3%}qP`y2oOYna35AooX`) ztG^6B^M$n)=Kv#s_!6LpvS>V1NpjAQgXZWZkmJNmM9gZp+ii~(YuoYu<=X%CZOD}) zUm_myhyTkhhsbgd7u&oXBh4Dk*0X?1yK6jG3@f*a?*NQPkt0Wr#CRl>QA>OXBm90M zg6SP+-zkQ4$;MdaNi<4?OLMP&e{}!e2(YRJA8je|PM&^M)U3*@w3Tv(4PusTX?<$* zYqJmDRB$fHdioXD>oB5OdgT!Q)gLFDGgt=Ff%zJ2%Z91|1MeZLAlQ{TPwKD+4=Cd~l#v^CjlT)0)ZwXeVbEClCX z;(&IuqLQ{Z7P|dM9k2WE7Wyv{oMpZ4`1)2Q6z#1z2UT-&a{lV?U*qoKd8;#>*Jmaw zs-+x;F{Wk}r(2nMY(rfMmH1JsrK;EbvOh;D5i8`$%O!yk{XS!!WZ2vH?=J!+2?f^e zIYs~re(zbXL3PtsZz#azvH|*iY+!H{y{f7z|EBfV_kdnGtARV!voktcaTJRGBS%N6 zA!1J`$1OLv5+BO>)rw!V6t;B@kWR_g*4DoQBrwMyhw6Q5dEEH8X{y@;wtngTcVby7 zo`|FDN89j9bf3z#2G-fqe(e~5%XAMQetoK~H3e|>Gf@hp_dpi>L6#)0z>n_X3eZUJ z+`IP%8#o)Q-H?7FSq&@DkWatOL9x_(0lw$E-7m<$An37o|7qIRbl*@_KrH6PyywuTT}M z-LY=Zy-;_$t}k7xTz7-C?c1%^ukpr? zt3xmHCs**b*rOoYHzB22NRMpKbu|h3&0NXz5QzRaB5A209=&H4G<`kj)~)CBcbFoj zb3B0@5DH!T@mp=aXU4rE#<$X+6aKsGcVXed!^$bMOQ(Iq2YURvHs0CE_`kYjWqX+a zv?ikj{p=m?nTI47>-_KQqwdu~sk`1};)-kEEundJ5$FPId&p|(q|nKP zaG)rlDb32vcjOas;pWYo8UUbvU-C{V;a5#f=@ONoja4OKfL`EfX7?3zNkB5?<_DFU z*4EY!n>`;G>Xd>e@W-?0T96mEHwnx0?`+!R6Gqa?G`rIe;b=spN59zQ)o(7jz=a*l z8+k3wR3fd84Z=eR@1la1r)}3Nwajs}fVmnetKt$z%=MHa62RZ`l+pRY_Z9rWy!8?u z&u4Ze$sRy9d|W#&Pw_DAJvlP=4`69G^U|;ar&xwXMnci`p473 z{#~;8mZ+dDs}k&9b2uB{vNCpXP;Uh3oC?6{7-z}Qq_T7r%7j2_GVu&IVKb&-9O!!a zm2xg90s_P z8`U^!m*fk-&8!`&E>OvL1amXA(z$ll_Lhc*RDctO61h=^LC-0+6nSjT->aORGg>|{ z-ahV;0MO>Z5WffY&Guw~nKSO#pN8YWuAQl*Y_xa6oYM+q!ZB-;5dv{60^W7u1gVFy-q9rqyY?&*txtKZnLC(bl6jHpxLwgZqW2-#4U?hsP^s zQ=Jk9-G>Uygp49_mF3PjiM(mq!+#v}k5?fNPCSb$V=fZ-{ZD^8fE%F;x~B@ ziW*{j_sBc`I4=KOrp1b`qJk=t2w9#cvR~6EPnypV<74}RTCF876RK#rxtIJf2EE(< z3#ql%Ea0WuX0V?zk$`pZ!k`?Gr~Pvy6KxDbQ-B^`9g6Gg>u-~jVLKeiNmlWi36SF8 z2^3KIxB*lyj^K^Ud}B?rey|%;3TIpKY>TPf+UWSj%`_uRSW=Xm4&JvT~e+^5Sz_RQ~Vpe~7ZYiny5-_g-gy2N`0 z{`Re<(<%;WCIcI_UUk!xaUQ>voSbYMbBNc$)-=b_*C_@X`%=7iIN#w0IoW@s)e~;Z zQQpSPV{8uX%&i2tA;j{M4WJWw)A%J(@sg!_5&Zvg_SJDwZfn~#7$~TSfC3UC(%qqy zG>X!tz|h?dVhau>U6LXpF!V5lAU%Y@&;v?$x4^f?y>YAi>~r4z`G-GX@>$PXcV5?Z z8`@VPbaCHfY&ck(@@=%&;uso0l|^U=2ju1{iM|<19CFyf$`5+NRht8F2^W0!`XPR% zqd?VUXlNd0b#!>(I)t*(U95mP?yNlU;t?^U!x9>P+F|3_E)IpQttoO0#Ze9`{}kWQ zUc|3jUt9)e2pJKXQQKHL>Ix_IALdOTp9%UcT#;lw#n7FZZmw?Y#S<-rc(oY0l>qnl#t<`yI?1;=1;FERDc4 z`Qr;}7gFcJri@ZOs;Ch5QWh5pewrZS*0MI)iqvOJKb$V}>ag{D*0R!>KY~UHe=!!I zd{b2=KAoWtc2T03*Fr(U8!%eNi-(O5nWz5qibUc8TS%$&ZBwL*{mq*<;q1th;(1vy z?qRKIgk9LjTj)47!UrnoYdB?1tiRPJj2;kOASWL>Wn*JiJP#VquKFxA2mNyTLjnBp z*iEtJWqBnkydnhs&iG^YoLd#qK3xEwr3B~+9g zX|^ZARR@g?yjMR##Q6B`qY~{OY4<7B`R%qEE{N-_zWy>uVL~4vB(e{pGy)1`lVrad z^at$r!9)^9 z)p-1TVbb8jcIVx^^>47SEHa<-wpLgBX@7pdIND@jz_2a)e*yl1`zX0VDASS27U)FLX#2d(lGoa7nF7(z!Sq8$DtCo zeYpxw>(bYzii(OXl7=WdcF_|}Yn7IpHyjA`MfNRxcGo6d)d9mo-%X>Xr8PcIe3Oht zqu+)N$>!=)!UD4p9C9-A{>d59>DN#_R$6gLGvu23Z5jy)GtPLDl5C6hLvLz_s~c(cZ!r-z$K&%w{Ipb}VgIA0hPnT1s+<7Ho*?^-H{C5R19P z-s{Nkk*bRDEWwa|iIn`8Mfs7!9){1$YJ2Z!1fz`#rI z#d*WZXd5vu0`DJkVBh9LjY@QY4j+cM3k?U8JZ#D_|tX|t4Tr6!x z3i#Zyw0u8pOo^F^^V4ky)bw}fXt9Levuj2uN1C@^hZ`vgOyLJLnyCNvtcP;6SFhe| z7vHzu-Eym9i!$^rN8~RKm9}=PirLs%rI(g!qP?9&XEdO25Xh&crPcS!3D}l>ArJ!5 z_+&y%h7^>mKN-^)io0~e0=;V_~Ghs#`Ho3EaiYtQ2W)^(bUN3g@iyD10!QI zQecz;v;w27^2%k!kDy6zOJ}r3OKjqtU0q}MU4l49_e_%tUcG!dVNA0hE!F_0HkyLe z1HGk@SAFQ2gk?_r`tT!pm62O6n9OM!UE&|+{%b(ovE7o?!m~Y?)=kfK5#8Zo7Ls3ETQdP}=iKye z*g$O{;iRscU+c2a^5N8oW5@O~7cP{qd-?29$63>(s)It~=`&q9HD>V+Pa~qDh8o4c zt<G*Ijm zwJ-pe11aU?qf_i8#B0SZs!Ini?i26j8T)Or81gl$$jgTUE?oIG({>9`c%VPAdSWUX zT^ET0VT$bFVL&zcq?2s@F;bo^!N#^i8*u>m$MmvvPe1 zudSAqm3)S4*J33Ck9Jd!E^H1KS%izOtP^H%U-%!b_!K>VtO=ni|5!g~)-%#h)ndq&sgxE$)>bK=o8y?3`*A>E&KW-|QdCqnv(X)~3JCkBJW#IjHF8L`r zTHi0MZ{D=O@|ShG3)G$*@kA-s=*%9r;r%#}wD$rI4}E!f9Dsxf$lR#by7zr=(3BnG z-VB817QibiCX#G-nLJiMkslCzwG3GTdCRywt_#4)1~r}&(5Y()R~579!@UmzcU#D< zE%Hhce*SB*30k;mE@J9zl=0*v+A9XuN>Ev1qj<_tgmeJRUh8B zEuXyDH<;rC!CKLGYYy~t@3f5l>}91pAF=0FSR*;%Pg z6{g9=$cQia2-8RU?kN7_e*sz-o-3+$5V2jgW6kqTL|qVepAnn3V1ApxFB?fZ_;8l& z6voF};kl_zsnRkF4TyRe8jgNbro(BEHxhj>604ZPR0H9?eeKh2Ewh_9116>>m91`E zSzHvqsny)j;o#sd^&Fy}NX=WZl61YWgii7teYc zR+1yi&Z{saM{{KiHHQx>n?lwAP)Ky{Q|O% z=4tEcMMpI9#B24e<-CTzad;B&bXJcSsGU1^jzL0Vv~4RcI^w$A-0K};g~Z@uO9B(I zQUYo#e|sMvpMI6_#6;U~ZY52pLzIC9xHj$=^~h9AeEHk@L<5x_Z^zNl=%L2pwC0g9 zitk-XWr`jFAp!Cz_w&)n^EB?br*HGrgEvO;F-gVKMKx&ZFC_aN^86*5{ZXpj+ySBT zDTeLEf!RdsrW3DjEt$WTC`KG-4rb&fY)eKt-=uP0JNwkHyO zby<4F(;gZY#;Vv7*(7q6R@-|D0QC}($;8{9*?4*uDp9!J?&lDZAz+Zg@HQLx0Rd?p@POD zTFq^3&cQZYe5f~ZaV$1Ahk=5K^*-Z^6!V+p3yY$q1Yxr-&XH+ps~jrkan%k9K8Vc= za{1+MG($wRoJTl&U!Xj%R`uF%!vu8=Sx;I9y4RkL-6-PbF3y|Of(09P z<0qC%@Jz!ueI{(T_m^eMQQqr<}JQTTRZ1$wAN;St))ZB(Jem16ls zilMivf=XD9j5b6vpR8SB8PIq+IMKG@t5pqK}}s?un9% zAKq>c>RL@)Ikue7O|ZAC4d^{GPC43QAAO?Mr{pROnz?0GLWDY3};J36D3#S%;!y*9v)mtISElEUc z;I<`XV%yxt#>M57bBA_P#Dy%Gq>M7hNd@{c;i8)90UbHPrGXCA@TDJ!y5}0$M_s48 zDk!Idf4un^ee&oQ4K?MKhlj}CeD@Gf;uS5}4Rg+%>J;eR^=)@Tq`exLb+b%TZ8I=1 z5Eedv=6&z!mS>h{KpmZLFRrwgpZC%?F1FY^k~Dz=ET4AHX?S?-20cZ|RpQ^+Yue9> z^rk;03$8AX++4H96(Js3T)ll5aOmGy_*13mc-6n#`sb$D2){Xm+@kl_c&9}NS)8lO z;X43fAFtn*`4zu~Cr!1al{e8|z|a&JWZB@x*Ir34&5?4;pE&pueFZ<5zT94@TODYr z%!>;D(Z_b8!7UgxnI?7k8w`cYL{YryvCp~)__ zyKX6KfHVToVjiwXk=@d`ri8(ANPL#T%(Arl%+@Y?IaBlNw@C^@vFZ9NeF!$XleHN) z8m!$kqmmFjRtic=A)h~`J1)!=SP);}wR++JCWv?#AxwAa>Qm|RhD`SQH#*1gJa z-zv4sJFc`m5q8{ozTvzbt`ewNR zS!x+SifFJ;P@>6-x=8EgobU7w4#~B@XvgWgm0~@;6fy^95QrbVR1B(dIEg9CO5#&e zQce_CS3#;kcZ~cUPV3)*f&l|0o%_RRCZfGl4DC7-?FQBis*z_@ACeM}xm>jS3I&ac z=_QYBXi!k}_BOPqcQ;2&fXNL#Wt!k#vAvKx?(tXN9Zf=u+Uw{yQnt)-wZQ`4V zRS!^(k`N0{{t|gHDd>}hg@y0FPB190q(BXwE)t7wkpq_g`SuC|tticiXHK{Kv`iHv z%SxmMnmSsYT)N{*60RiVm84CiF%zno?VNb3qNwN=+)9AC#1Oo#r2!VV5tpc4&($a7 z2OL<^;eg<|;{*3xKOjrOOvsf@3uuJ?nW*^FVEZt{ zz=B@C78LNAlM0mjTKQrI`E_2Dc7(`#lYqtw^_1R4E`9{3FPJLte(QUjrM`u82??)xa--S@W@~v?tSl_y!pI$xhw}0+X4x}~i+q8F2!YsBCr_nk6>!bG zi_IErS;^_E+l_`ly0vY*67Lgu#&V%&p1jG=-CV1QK{$qX|F<^OpAjJ~3V&lZpq&YS z4l&3&e!^W}f4sIFa*jmR-oZ*S`xT?e&=oCFlVQIr)YOroUr6QchwJ(Zga<|R8r!Fz z5?r0vS$vqI-nZ;sk%F*0!_r-DCh@F${NC{*NcIqwsUu~OMaIS{iKAB^vEJB7yh#vq zq>nia&rArM7{4EeckuFClcKW0|{sw>Dx8>UhX)H1+z(9=*^& zLjOn0qz`V(>Icr$;bMFa8dJh`URyA3CW0TMj2}wULU?FFOkG2 zUe5W0IB(Q~lW1oWD?iX-Wzm z>ogFaiP{J{J>IZVFHsJ9{lQrC7nAtBsM>|l`-Heg!tGc^69YEL@#lxKCf9yw|B5Uc8_wJ; z>UlwxSs^B0S?KEUMv(rtMxehGn4?e8Pa|$E{D3w*V);mP-@^9^Yqu&_~R$=-AhXN`-C^e%fw|=0-xpLQD{7iyy$lB z6|0V~hwQ?94m)ZQwu_p{tkWk42bnfVDKG4p!+WMzg|hcEkdQ~7by z20B2|w;L}i!(P8FpCc!`!o_@3#L7(r6=6zaUt+G|S=% zvGG!5jp~UQl(`Q(03@Ndx-K$4%-V%-w6S3ryDcxFp&_3XFXu?;vvsA0ys{!05@!Ly zY_(WA8tiv_aRkry?mepW>P}G4OKk<+B}z)fCJar+uFDIPLQekGJWy&j~?N{O9 z!`m~t>&QlUHP%E|Xcps#=g_l`)xM8-(k7KbGKb5HM^MaCGSmmxJv-Cd@`gnQrt%ohO9idzw!YBZ{B~p`LB;hXu_Y?m0y%T} z-AvV0dN0SjYwn!oUD7JoU*AJ_lK!Vs}@c1qC3de`0X937zu z$yq!|T&VHn@NM~2hSXP6qeUWth97S{VLg?++y=S~h6jIUv)R4h({RPkN}c!Sv+A&f z@Wt-o(b47ZDVyjyF|XxS>mN}ZkrEM}s-Zv^^e@+3gF|L+VY@0HnHZJCgl@x+eepJD zn22txer0YoKta_GO2IocG{mB>KaywbIbQtne8j>WNkcFfJ(V}eY%j?nR&ARsY0oz)-Z-y0ctlO2VH{X7_stFetD=4c!cr2;hbm!iT zm#V1Ntqar1>g8t3qOXO2e3HMe(M=OcR}P`I5?Fp6V#Z2p9 zdV75Mkau?+oPs-cLHXw)9`7kffZVbY$K;LASKsj>-bO`4GrV}wAi=gN5&N23RFu`z z`ugNdD19O5Y<0!G(2xh|y!SYlGnxv9@)aBX`svl8vYlz$jwY%gwXqWETPhN4-HM6( z6GNBWj+7{Sv$6{AynN|n_guKKH|K&uUB#gAYE<#tmNJiQ0qxwd(9j3>ajV>lN?#G& zn5W;1m*G)(>^R=%5rpD%a^XCprq9>wkpI02a9rEDSmBRm>C43N41CQN1&lpC?wT}# zA>t@owc05XGWt^7mYc8e6^gI%z`IUX+g1T+@A z@kPTlKH95uP_=K`ZV7b>1&3VE1FZ|2*kvKv5@Y3;+=84&XmVBlCFOa!`1TZ4tkcDh zJv+pERzG%ea0sXtlJ7!XPzC$JE~TD0{dEp14L`OyPO!Qq)hr=v?;=ZbHusPN-{ z%;oo6M#!Qp?6&5z&`Ko@y>b0}C+|7aU^fLgn?o(Jt7^!4qoB=yog9qABV`^7PJ7iP z&&>?l6Iqgme${E2`_-A~p}uKKwBgfHS^BOg1Rb7=VBE+(2&)Sp`9(4XW2w|^x7(*54^eRRy@fePGhI}N!HpX?()Nssdu=pEH?O@DAQIMN5(Qwe(8&QJ`z;e%)G8m< z6M^W`>QSG%0U_wM@u!6lYuCt+A3w_5eMM0TJkY#UJJJ4GZ8?sst~?2x%`$u(2-LyN z_|);O|8r9Wgy3(uDT73%zDm*w7CO=w{@$~K&25CoKOesI zb$onrL_0iI08#r zs9gBV;F4&QU^nTRg8~c@l+Oy)FH*YP&%P)4<~B2>IRI`#RODc!bFDWp-40N@p&9Mz z;T?dxeJEzJUfw&UeBbnqkU;{eWO}u?+8-8Ms|m;R{BknsW4(L#7+w{Uzkm#HUi9&f zCm^K}^X#b{n1zk5zhUu%`gL2kvS{Sl2Y-n1aawmYy#ZBQ7b=||GDuX0!`lsylqcF` zMW}Fp(3yb1;bW799^Ib;PX_wm~i9&Uh z-NF!S>xaIc!((H~F>Kn~XE)C7AT&?~?H`(zr#Kzj+?8P}Y9!BP0^G-?9*m0e6qMaX z{RTtk)Wq3?UjwMNhla@=Wk(Cd7f|=D>f^2LiPUU?9;s%|7%}w-&W!cb1#Ei z7_EpkF{LKvbfWnPW4-ddww7SZcCB8jBZUcj<^dXUf|pk{~)N%IvaG zqD-fVw6=CR>1jUdiOiVr%}Xb7c*vr6M=N96{l`IS8PIgD^E8fU_y?B4j8E3!f&#S3 zJI_AeRJ?>%x&iZj_!lzZPtz5SvnK*6BBW`Yc=F&5xR^UQlo35B%8?hubSER4|9BEG zat}zJ4`5Aj_SbKa$UKpmBAjZMxkd?PV{YOInTmv%IZ31376(lw9A#AiGfKQ7Gt(JgnyuZ*dF=$4-In;;f#B;HqJ3$7eS=Kw%Lg~L`ijNkyZF|euq z!9DR+#F%`x_`ojTiXdemG_ykGL!A<|Z}lVBQ#S+aMt}d%X6TRng_b1NACjTKSylfx zFKu)U95TiMs2N>T!EdR)Q65e|Cp^<*BfAIy zd4=Y8BE=e(M&PDkp1_o=ippz>c*^Vfnz)*(desJD;o<3-rJ4ZC`T#nfGci5cS~%G% z-RHDppW7qQBjOgf88LBznS&#$vQp1U)TU?Ml@jVGVLz6v>Src3`}Hm}2MbT!*5VKc zKp=+2htV-17Ht}oDGM6A&rtElvjeOoWHgZQtb&u%EA6Cgi5@Tcfpg6rt>I~DCQiPo zsm7m2M>&ABz+FvEf!TX6U%pH$D!Rwb{duvi7xB~&IK`e`RP+1$*$hlfLn~BoY=%m9 zgEITFK{eh4VshJaZ|72MZf><-O(nk^^zx?AQ-UKLr&YI}qZo@HDKp7)UTh!fywy|p z?)h?Ye`byORmCKq1b@RxVBM|tNtrw9H`o%%CJxtSe?2lTayi_$QpA#pujI+e$%Zm# z7Z$=IQ5R?D=feTQYMlzj_=(YRVulnBg{9oAi;0PWba!^Tt9@{)zK;RgUZ9`3ub7gQ zV^l6wUI;;2CMi{Vreff&D&o5g^d#l2lVC9-nrmP8P7` z#nNomGdt`x8Vy(RjO*|iA0H2r9OKQ((YvvWzq{5jZzq_!@P59dBaHEtzD>njV@-B_ zO9C=8Drx|i<(^V9^Z7=!*@I;|vdlV{;-m!$N_r5K9x#02=RF=B>%SYVH?A8(-&nmN zSe!chSEc%U;E=C|&%4f5+jweo4rcrF3ngj!@fzp_jE&h&S(C*+bMZ{i&#w{B2T}$( z0(`;M^RggGLiq9Dh$YqHVHXJu;Ir2VOwPs9A=W{)HK{YlPL`#n)_Ds-=Vxd6hIkbn zt*qjl`f^a=LH;wF^L^#0fuSKYh&zxHDC$Ts#dA)w|EL47ZOm+Jt0%-!#tDt&7cT7J zk&85H!CiB$j)01GQK?%~O-=n}0BdIi5GRjIn@?^eGuJc!b#~Oxb)F46AMAIuUb`C6 z{~Jz?^)|NeGrf?g1esrhI4?KSuc-!S|T|mGXb?Ij5 z{Wova#clljsw+29uIpvQRQ&w|A*FVs>_Aaoo!TygFvqYO-CijwDoO`;U3A2ki;9YB zzDpli5LsC%O3@LaZ2{`Dj{`sbr4edzufSvMD-Mg6WlOOit34=;MXnh zs^&RF_fmcs**_~6df4OJG6xA<2BX0o`IZTPnX~VE#$S?^i1j(vggIQzbLeUj^qthQ z1%1KL&#*q5$a2qL-O)$n_F6V-K^9sU69h8IWBEVqkJs(Dz2}^+Q6uR$^HW4 ztw(aQvJzrRQi$X5iN56jK2A9oMdC_CJ$D>6iY8RO0PB4;i6UFC$n!ivI3{f21mZK48R; zx1;3De~;e1?b|m|FINDO1Ry?TW#ui`2VdOPaz;op6mI$kklqs!*YZ1(tf8F-9agHF z1$7UE=ZDW4CTNA42GGT7W2^BH zQZ4H@-zvSka+=X8F)=RGY;0_3{ht!}-)`JL{VI-wN4p4CYmldAT$;Za%;U8CANEf`%qh&FiQ$nsA_CMP*O2VuSfHMhJ-02! z!O>y2A4GWtyWKb(UqGeAPxgGwNMJ(1aH?#{tdR`t&d{eX#>Kl9g|0EntE;u=W0ptY znn241M64Kxs^4gt3_HAh;o`*>a3s_wX;(zniF!@&v3yG*>*O17|lI-kkdPqqq zXH;0&SZ%{$J}}-6UD7C%B=PgjVLq-Nxca$gKo>*fJ^)KDR8)h_uySzt`b9*^+XvIa zBR8wjLK#ArS!s|;)?~zx_NJzMejhXsjN50hk{E!S*9NUVG^28dOpXq5Klk@DfGEPX zw7wosyVx=vq5R*OH2-0Ri5N&=6d^z@QQELekGIN=H4R@04a-mNq|SoFz?hGiI$P7}+9@~|jx6QkousC|Oj!ia$n<(-Db`BF`&3L4Pm_Q! z$b}kus=e(rHEn#TIBBvdC#TT|OM82@FenueJ5o?pg(5n%o7>x6Z3%L>x3^yr(9bI> znoizjW?|u(_sk1wJ3Y(gD}Md$33p!;DUs{3o)&wH*W0D3m3!LAe#>|N+po{B1w57)rJD&=qA zURmPD={nmy^N#+VH+7EpH5uF=g|}Zze1Eu)zyD3T2*6fJeLOz$lz;vD&?~vB$`=gO zEG#{^uQQ~Bsap)EpHNd&RL~po^z>X@Bx8wGd`chgfU&YG6%FX++>Om`dDZ3mRiNG$ z7W3sydvEeI@Yc(3)d#7msgtUyBa)IN(v9o7%E2_7r_Y`t-+nz^-NLw0snk4^_skak{Kydv&n{=2vM4}134r^MsDXb;wUf86(B&8n!-d7o{S!ADNa z#&>S~sT$5UD=TY06eRm4fDC|SV{;vI0KwPgyxd~An~Mu&Oen0)28s4sYi4>uz|X|U zBp((^=23XpCtnBk!O+aLdrVWzATXAYkT9sNnOWA}X3s=QsiGQ@T6g+$?`z6;V5+T^ z;Opjq1Hv>o-0Sl=;z~CASmXC6H}=~ zO-)^-H_{3+nvmw<>_17p1VZK!__pA)a07ZZuRdGjpz|u6fkENn;ij{nPp(fcybGv9 z3AVfDmR_RB%$+y9ch8)F&du5NF-h?kw!|RA1p#eQfOe=*nUjOc0*4WUB zWZKa)lql4&Hq zJz{ZcqH{qaBSK~nQ%uQ?VncL<3*s3sY{74#Z+z?4BT~uXae?{OdmX9ciN1RlQxCv6 zyS24e4#LZHbxmL6W5X;7WUNBU39hSur03lBTmQ(j93p!nBtRt1cy@w5#95RD;d{dP zY7|}vIb8~pj*GdOZ?Y?tw2z+(Y<hp{8gTmzyBfgp6pPTY%b-th!5oNc9N(W|R-y!W#oJ;Kp0$x#4>F;)Q7^qp4I z(lRf#vUke=Y;01CBF7J4K4E^+;ZaDYwCtZ{sDHd6KR-YliDAl4X15Ne=p=*KCX&Mt zlK0@#%gL~?FuG@FXig@$n`}9zD0m4Rkfl?9^j) zu@9$^xdLYYN*^*>A^@M%ztUk`W}T@mCX-2$H*;fqyR|(*#1ts=$>uw}pS?sw!vQqL z#4|t}t4kBL??<;weu=cfo^G%Kemd7{22I8dU z#{2(x@hKVb+UxMo4p%z_Fq{@4nk&Yj^?0*UXj<+&mH(mdllAq$I_>|A&iRj9I^a5n z81j<+qWWJIvHznT1XEk9z+p>VW~tfz7oT|SZ=Ta(uQPclZr6z7J9T$=^#h;S9Y$cWX&e z?)SXrq4rqOT&R`-wbgGYGTIoMo3?{XF!Q&+|6dk}HWp)uK4+7YuT@GdQ>=xocX7!^ za?v=)JNe>0Je1>SpVAbRkPwXjSD`#kK>hV-dUfgJdr5bfR^0a+To2_XtrCXm!hJk{ zDXu*%(3(D4$7B-#0@2w5-z4 zYG!84os}ZA_sD2*3k@S@%ugR|k9T^>ZnS`1M{3hH@$m)*aCOs``YBo1|C+<|>ypta z09^`F7oq6WzaE1c>r?R>V%$TSMn6-%zT4%g`$oF=KUO9t{e>X?(fD<-{@Y~)^ka^1NuJrlho>L78xQ#)Pr4XM z8Vy@!Dva8WrK$eg8ytURbUB8$ED*mZ z_~|j0i7!!#s=s;r3>?xXSc2d5=<-lsR4)dd{nHNn+qV4qQEFfu#AyE!Irrb*M$!np z7I#RxmpTkbu6Ocb;VCuXJ5H^nz)b$d4xyFBoZqffRPNeb=Ljh1TZz0A`U52+PSmeP zaku1M>i#$OGJ_2u6pCgANsgEM|Gu07Pnf`KKf6`>v$a&$M!bB|f#&svX^7H*tw*eyqx7ZIc?q+WAg{w zqZ~t}%PX^`A(WuaKMBT>f!-2>(|~TNZFoRHfDrxd+qd(<_|b%WxIR4G+-+7RK;>ru zaKDGWmQ{n6N1hzLa$`z#PXXzrsfzJ3pu_j{Oz@;HELf*@(80yT4XR@l|3?&Qw1n}J zUOz~h9)l3{OcEG^7vM*21mOp~( z>gY@Y24i|pA5Hkq4jw>^md7l*0d=3P3wdQ<9Wm53Kz$muP388(8Qn*V0R;go6xr0w=5U42K8C*^|;Xp(CVPX&h_~`GQx(Lm^$n>sv2C=%e3I@&_G_sTf-NT;$wCf z;#rv}BJR63MD#_lLkR^mm7vsOH$ZiKD!Z!cCeR$AtKRu^^d{+G!M86Tvjwa~IvezK z+ctM`a^qb8>$eT)C#S`ATrf1&`0bW+w&DQfRvwQvx>6gc|LWVI8oE^_=%e%;Uue~) z096(gdmp?c$*En)5v6UW0QheV3=Gi$ZG3#sq#H*IjGtv!R}&MzL|G#M&L%7-h8aw9 zybBt;V0Q=vT7mgx-e>lKUJNY|V1n#_@H?;q_4lY#>}8TFLX##ub?ZP-sV!M=I$(U- zBhw)cEliD!Y6kRqPi??QeV%|;HGHu8+a!lP$kBb4=H@8-4gn#% zshKH>0m%M@gLBrM5888D>cI|)jcEl1UA+=|RCZOn8JK}~PivW{LcS{z6(ITq#l)1+ zn|W?AXfTj)iVqY}!i*bVH)klv1<`H@=u40f47{39PuhzBtl;vDJpn(b;>v@?>1dm| zgC2EN_?C#k+WNX_-P3NFz!WeE-1;zRVYploLo~;nQy7cOf4vvjcptBkY+;!kVDYs# zJvaHrym$0xcQZxB$XZEulTVn=IMw)$fX}t#_O25L#(N86Fq~FHwzktrW5!mQWD)VPu@JtPfQCK;uUv{C8v*JM<}0NHjPvuVexCOdeTD7w^S1l5 ztU+1788 z9IdsEGU}FC7l7LM#y2}eu|BAXr)6iiE~Erh^%?A!x^4rBLHh1hJJZoBp9Zl<()7A3 z&5mGz`p~|_w=ZW~`>K7PS**0Me4v~jw!~x9Y&H{Lw}5x}9Zo|hY65V%A>zRgKPvF- z>7=KoO8M?}C&eTVE@3PA1djRZHWkxKq?(`whi)*EpLeTi`K&MI!s*TcN zFm+#G`ET3UB&20#w(gJmB^<23ZM5mPuUHr?X6Ywc_#Y`8phY}r_RrCVo)Awg6eIi| zn@Ycs)YB7<2}zyM;Zpv?$V{nA21-IN3w@1!MDW;l*gX^sJM=X;+%&AVA{a_^Y+=Uc znbgo=cfp5N0g;+DFjiLQ^%W5aK@PRJx0dfpAdLdXoF;BpPAkCk-c%n9y%;kdsX98` zH|@@tP6Nn@_)#EE=j8#8f^(F%qoZTmyLU~48y-g=jw&?4_%}jRAjC5z%G;^+ir|*6 zOrQnOlUQz{va4hUOiHT`HD5ExcZ*Csm(592E?U*o` z18Xl7c=q(^#L+?ZX#bFgOyFHGkNv@JJ=0<7K-$gr*qfR|U|_3$Z9PT{2sw6dUTa<- z>PE18jge6suD48iZ=S=;R#x_DL_|ct4~_TA&Doh~BF|#inZ552@5q576Zx3YU9E!y z1hD(CcsF!;!=<55Cm*AH;sosY4cmRYv#J+um?#747N_1?7Fuh+$uU4QH1+6NlxX`| zj|hiy=>$IGyRKsxpkQnqZWT3nU$d`lFax&w@f3#wK!MDw5w{$!CkecOjG zp?INB+$g|%={}57RRit4u3W7TJh%ShbiC8+vnN6_M25Sy2?q*V}5f?0hp z33RNqE8Po#tlE`AyHRluaO{KH+6dbg8Y$gHx>Nd03R7Yd3_WKj{YQ8O;qTt5DJUue z98r_j`Z@X#kC<$~vZ|($PPJvqzCn9P6N(=vgpC4yoF4t^qmDz#kBpc_xw`LA#!fK) z$4M`dtPEZCV<^mQTKLl<)84}4z2v%#MocMY-UBQNjEqOTQ~N*)_Ir(TpoVGEktlZ8 zaMXz31J^5;wM64cav2O_hG01Y3`uq?z^CXBsgHokL91TRw?)Aiw3H9cEdYeYH2>A@ zsKeK_+Ixy8$#tYfsBabg19EB-k#mYM1~{@srsi|fGQWz)Cu4woUbxGnDd*!1YP@JD40f~=bXiQKcG}~SvP24^eA&JYuv8D zKpZJK9bP8M1|s07;E~&8oHgF_xWMKokKeL&hHL zrAHY=g7NQ{0$LlT`*MuYP957ByyU{a;>rGI4M~~-_(pE6_W>BQa2#ZO|LM-vl^3et z>@eN6>G#;RrNe8gR|yL<($e~^dX$*L;Vf|1FV6bp38+D?_xqY z%Er9ChIBEpm=BnR=o$saj|^{3USj5y z`p%rrxR?Oq6$srN&P?=diO5h>Q{zlObp9Lj`B%GRl!wWb%2u3LK%|t0YLN1K^8TMOH+pKbsH*qVT^(O0h!&cLyTHdJBaeu-LoBlWY(IS zpIac8L1MgPOS9wdxyHrpre z0WfTln?+3_!PV@y22y`-H~zYzL$8g+C7NG^L`NoGmr2hGE5F`+83A{?O$pspG+bU` zjSs&1w?nTR05DbqRX)!E9q>>Q0^ulE!IAd(+`gTpqg{>lvS-wuTJg2$ ztHiQQe>;G`o=k|g(bw=AZQ)P?8V=nAMr|Sab7t|%hB|%xBXYmjvS=^jEy0(?G4%l{ zgBFk?u}bXJp7q%i;OB3_Oa$M-!?%(JIoT?JnNGaXG}xpV4UCWHUKKR#?-fpdJ6GGfqD^> z#BQ^X2JFD#?%l8Fy}^5(72gRNF=M|$dFgO2TURghbB!_a`;tdcL`p$Sz6Hb5==AS?KIiQ^dtN#`>}z@|a=VT%sr^qs zL~<1;m7bm_R{qwk>%AGiyf|fsapec)LYb5 z#U_Pid3FpuXVYDWfF!61#Gr)g+r1Lok!y8zQV{+LKsaKe(H`;i@(RY9)tr!%*ed`E zYdXk0H>63W+p+=u{wjA@jed4fF<|Cgu(GhU3gEQ~SVSni53Jd*p0djFsj! zYj5lz;{+5M(-L;v^Pb;8mDmckd6w9HdwaQMVuAtm{Z@VF)~QP2pXb@X(?RVb%kmaFX*|UE~xOH@urr zarxr$uE!OtZ?yTAa;sT_d8SNFnxK~ZPJfm+NZlqovEA}OF#N@3CaQZq1Yy3~C&dmz z0|f$ZE7%Ok9_>rE#I*wqm&XeFi`BG#F3(a&S_jx7U6@wvvF@LW*eAF?#;b}u!y|WQ zE_6K0sC^G8DLsAeutg zEiV0d<)S8L3q+`&s+y-WpAF2I>rPy~$8H`9iV(HeUHInR$^_eQJcR+8>VoI*F+B7? zp84mL@a-*_kSH7K<8ZNQD#O+3dy}AoV+vGoxIeJ?F%46*N9ICPO+iJ`vG&ZwW%Jb) zs>Jx!Z$2_q3eGA`wvBU^M;_+Dj!-@RCFG%WKJiG&xNNa~B2QlR+Muycn*bWhb<^}4Wls>;~nTg}D6 zLAQh^&}K~C4Y1do)yXj}W`;U)`v;({ksiRkc z8~!i8jrW!R|HVIV1m5!Cef z`nv`GXOHD4ll@0wKm5l zMu@AcYwb4&g)5_@Jw2~h4bD*E>4Jap5pGN0JVcPk&amrLRWzt@JcNvBmmsgM$x~!L zwDCo2E7|%tj_efM+kQ9yaryr18}uI^%VRUi@3Y9z(CAx!Dy;pZ^2HOnfBp!UrE4A{ zYX+DGDQP*~amCx=;j>R19s7m*#U?~VL_3E0OmTe$k_a@fr4gZsGl(CgfBoYQ4hxZo{@}2%ESLY5Oh!wer9Bz!2FPeudx+t55}WGDe!WbD znT0tozbQ2E<}l6hVOgxKY1&_&VG#r2%*3TW7h z1m3#+=Z~a)<2^hnyRVS7j;nTd=ee$ffcNaDr22)k(Y8P6)yM)uGG_WADjIeVS^S7^ z4f(uJ`tYW+4&O?|xFGwpQ4{j3zun%vDTX&YSqMCkf;B@|^K!Ljwbc9RAJIrXA5{8y^+;GaYeYRJzmEgRLng#Us}9dnU$oPnVFe0(&DTW zjF$3zC!j3}ab2G@3`&yX|ACwlE=%8>e=wm1Krt9il$G<%ETKH&o4A{AuRo2otTs0D z{;56_paNPR17sg^3Ant2C`KG5GO-yX0?H>y7wR)Wsxu|I(h}`rlZdC3qS!*?T>Wp@ z+y;pQZnD#C=9(!IeOZ9r;0$CCqX&qMl#cP47{wGqQIVg!xw?}@0>9Egb}XMfanR~X z`0(h?Y)k*QWl6H@+UmwC_sc6PEc(k;A8A_%SdCKCNv!4_@oj9ptgNPI-KF5pU4*!p zty|fuqM~way;nFlhuuz0sU@hNn**)XT@bI$`nSeI8pJr7$*En?4Y@T~@%F8%JqUQ4DQydl`?}6| z8}tqJ(-z)?_?vdcTfV)fvFs_ldNg}P*Xsg++7};&a&SXg`X3+dohqaj*?* zFrfJ&tgE1z*6pQt;b6+QHPJcNwJssIW zZ%yV|y4(~aUf!=t!O2ffuNt)?I_^Lhfy+zZNu#!aED` zK&H@X>Tp;00yNbqZBf-~+_TcE0_(#ngpVy@N(KvdBi4X8s}?}c#Ah+WhCf6+=`9p= zUgZU$xP7xa8AvQ;vCE`kbwy!TN35jR_)79D2F*VHRr9`Wu11c&^qWG$nQua7As^C( zzp+*BmGPE8nL3W`-(6_=5Me=yoB=m_%CP3ezU-pT{V1~$+WzdkxjWZ4N3%3bdv&;A zFx;l*uoYr?fAMS&CTYFL_y8`qDdI&D6l4|XGI4&+s!H5>JvLxJFsf50fWjm}!VwMG z8qe{Ji!wX-ExWX|flrJfkj(E(tp@86}{mOg1hP?op>IdBqU;@6L0z`SwTq?fU zy70qzHDEi$|O92s~f5uV@hXgh)i9Ef{tNB%fc|ib?}S+A-lAZ>cmh zzoZeS?k_d>EK0-3$iDd`t_3bH*R}zl{4PWMfcj+0oCwQK?=WqEFH{N#;8y*~CQ7*#B79~uS6wLtMHD|JAj_1gnFW-#YEbe?I ztB!W>ce9`CV zs-vh`bNlA#g#23TAC1#oLWJk?1j7Id1@zdd=W}=}q@FD8WZt;)BG%F^WY}Z^`iRI? zT|nfA-8xh_vghHoEuHrZ?86MyR5~CAsuL=|ZO*9aI_gDl%E9^tY0!bOa7Akc1?$mU zkDB|5opyJ20ud}3y_wee4r4*rVvqHeB-4S}ZkV3rO8oy1^;fR>qh)1($?2T^G*&Cl;kE7K?m*)fl=0)_Ai z+{?>N8zE>t$S%gR1I_P4Sm-%y6M~p7KYw{X>uLU`;HZj{TdntY?KQ}w&0Xg90vZHC z);0(>a}oe3yf3Hg<(AN2Ck-LDtSrNEHT&kJuW1$CSlz5Q-V!mioa&Y#hHhh0ss@xj;z!i8kUNtz943 zbMNSvF+TRQ2p>7tD8p*V!J5&!_|BJHS#{&weTw%l)7a$WPc(`hn#U2GIw!?IzKy62 z_c1Epl-O4lm)EkT{v_k;&fqBHwhYyQ*j}2=x7u6&$06w*#m6%&UHXaN&~b|EbNuG4 zP4balsKTy+Ol!d@n8B*$bwg(=vPweCqi(@bATtKaF@tDW^=VWsQK>a46t*{sakZa| zLYHY`wI|+==%=%P-EsOnebs(vV}Z3sQ@}d@u;WrI^D8?Cd;8V$iXvnuY-U&?Nzbmu zq*&Wvddz)uE9vfr%VNJ-a%cwn8UsT0jw$X!Sdp@6b(taJViSY*kum-ZHR8eR*Ry7u zUtLHU@Jk<{9n>}CAlx;t4WPfyTUhAGxtF;+v4h=!paq*kH|1{l}%*|M3P6pW+74mXyOfpf5w+`rGKlm7DT zFj-p_Xc;Pf&?e!Mi5VQRDVI=8G;{UMxVwvS`P`(MeBt}ix>l!4UW`4;{*lfe3DSkj) zR`9(n=xZ>bB3F`>%d=_)9R}UEa$4@Yi8EveI|ONn3qZ&gGjrxV8SYgXt(zpX*PA2S zV`K?52B0u0&2W3{+JtrV&2wf!u<0j-EiF-JjzKusTYU)fHZ$suzl3GvLIMHCWn&O_0(0FvA`V-tD=3aT2eZ$dJZY>1vr6<8prnbw%1p3 z?-EiW2s6LrQ1zJ;`9@+_LHre6(lb3`d9^>|K{K1>yxTi1*sWVCTk5;^n-)P759wp_ z@|r7`IvuY(Wt4D6lrT|pL1BWklgR=EETo}OT?=JniwRnNO7}a+4j;~sqvjco9GP-I z*y*gQ`hKwLq`|%c%cISE21)8H@jsY+hic~{S0eVU`F^FzH)!uKBo{A$Q$_IYV_u_$ zI0uJG<41|>MMuXl}ySrnDhtCFlNeyc5Y4vve$y(+-Ym{o+s3@#hsCt**zFnQ)_av-z?qg)Rb`Uj7`+EiJ+J> zXZc)sK_&!k{!z|KX~fsO?(5D6k+n36hl2frk-h<^jzeDJBFPH4BD1p}Xc?FFfGSvv z&~0t4$>HLurjRB~*n%*_XUGS$!o3Q({W2=`?!%8MqIz zkMSfaq#XI=n&5{ImnMg69TXH4xU+IRlEu3w&HE5374F!1geLJ(zQ0*pLVE~@cNj{G ztHPOpP{-AT+y@N%?QKCS z3vt%q$Td^tIbJllX@yK9rc%k|3WyNBGd+o!%AX4@#&?t8LjGK9g zZ-}eg?cbaV`o(lHpil!6xT71u5Qw1Q9w_8d=3LU4EajK9M%!es1 z4vzfV;YVsS!v{WLPF5f)!azOo$vZbINy@=$wdU&;^>`MtWj`uJjty%wgTM*wnYD#k z#hJw~MUE`nv)L5lU4;@=j>F~zWMpjSSy|Ufk2a%`NG5*Bt*YhThuSknM7560erE-H zHY5MW-vp{Vul}GucU6^IE6j2(iyrES|@pyHl+H1aYjS8j6JTGED+nz|KUcEv?*+#i> zHqzXBEyrNwo{*F3>NP`6E#gy+QN3GLbf-?0B_h4z=ar(KdhdCtiM!0omIskrUgKcc zwG5oj9n*z2Da6|7A&vu5Ad^;0R*k0g6xXG}EIzGbOZ%?+!RX&8>&q!gt9);@k(LFv zE!%VpRn&SiJP1M6&FNxi6y;EmcdD@El8oLs>ul1(Ywqwg-lD4h0xL_)EMePk@7+5E ze^75HN#_qPnc*1?B=67HxVNcnsDFnx|0D9DfBrDg6U(VW^pc)a^T|ujXHs-Rl>Wgu zCzVoX#Iq1kv?}-TVZelAa-t2uhRoVSTP`jwDI*9N_GL~6iE1ycv5>@=MBTeIois=q zBB@e6WUN7txaN;iFgbYKbS8TaxTCXySt(iB2qN-!P+>8aVhX$t;8mscsHRb}wB6g} zpxJ+h%4w32r8e3P7VH2K2Azfljr`*`SL{^6m+x%Gb8*C&I<1Tw0yJ!yx`%o{O!X)8 z63^QF^CPb=;Hf>C3g{r2Ox9-ue5mb~*~wTkx>U?Sj)${GlSaN6qFo3esRQWi8xvqqeh2IX$wA{-0r~-j(iH3bU1vC%nYjIEhC0Wl9~b`Z!TY1v8RK)N^$H zAq(e~+@w{|3$Jyi^ahF35?Z^;B5K&{Q;p57-2Ypr3Eb?G6oK%IzA?jF*&t!fx6Z*K zcjzy&J3tEy3ZnCiZhliq_lW(Nl=2~<0t9CwQ~{!JdR9h|D6+1lDnZ1-!KrbDK7QCT z<3syUJ(bdHJYH$q z8EdABRG;*2UR2Z6JUJ4FZ{OleF1}^!4hQ`eoH2r3ApUbhnD4wlz-cw;j2DKUJnpTc72i;zmSIg8HNVXI1Efg1N-RcT89 zm$;|fMQ$qq-c?(wuqvtN#*G^#cL0!u35c9oY0_EIwTqosbh^u(Z9YPHPg3YHe$ky>q9u zCl^$UMh$|{)7YpOQGI>*I~qsXBE5GQ84b3w3?(Y=+g#PojeT#wO+xKBwVP} z9zkAbgv4#d#~DmZr>PjlP8TvnJAa!7uxZP;=9S`H@M|`Hj5hqblr=Z#Pha^E4W~vR z%eOxVbTkGr1QLG8H;pLcg7A)4Y(Fl(rVST7N_u%Z6hLcuudo|sBtEgo(9B^aaWx+< zU7s^7{|NIO-&}|HX$Z)c8Q?^;NQEDz4`qKs3?a1_Zl;mNaOxHHbJ;=O#ze>X%pqA|XxVTW6#dCUdLS4G1B2*%scgX24k7^o7!*z6xyIgb0Th!h}P%Uby3UEaN z!fs~SA8zHJVl}_6-k)px8$1vRdVTBt(n6uj_tjW6Aa>Z55tj1jb5}`j2=GTuH7P_k z1kjf%sZf;We0i*uRor7_Y+O!O)X;F0&Ky#R?N3*}Z>cmn1u%>v9hU~txp{$z(|Vr6 zACSGa07eVMfa}}i_}JLrWWq=V@7d&1tn4EvoEnnX0i_>au_N1;)BvdGhu+v zqOeJ2-VdNRWMy3$HP2hlk1Kcb7Yw)2gv3B9OA2m08ZJpo>$X5UyfVw3a&mG&ub2w6 z>8+rs96FCjj4W5}q`d5AlaJ*NICUqJj=Addw>G(a@wecn41?Y(vp4C=Z35l;+1Xu; zKyPI;iwU4xn~4NsGm3H$t?is~mLPuF@hVwnEO#fkWpf?ZhfAv|?2JJ$X3!1WCvq7c zzd36q?QQ*Sad|m!Al0;#xy_Q!3gS1otzuJIQu0xPvf|pH;E89IG$&dt{%@K+C9X!Q zm$RNy2NF!jy}2^o5;nWHt%+5klc(2BdyVicblTrWH}g&;H1!{oM@xOZ#y|^d8*PqW zy^@(dG&nl?c#}nlTGYLHj!cL}%wb4XRd-?M>b1u;1E8RQTwbF;xMj@v) zr?zq*Hwn3Zdn0UB-=95IY3PK?9id@@yg^}?`B1am zktkMTfFVrR1;9fB2-i-=FTMYhw;J!y+AlLiG{QejEB~2p^Vd$6>!*sA^J!Yg>()P|0 zs>mvU$*S8v=%BYP`$RO0=q*(Dt7CHyn$}{j8OBIr5l^q%>)ax9Um9I1`Ne?5yN2;U zhN>U>)04M?)nG#76<JGezE*@n@>` zbM2&lOp9p6At9ykC4GX+|H1_P@hhwkes}xtB3@>o_gWvQ`3ibWN6*D%c%XY16H+j_ z`T6x$?lwfT1y&b*jw@rv5eW9=)`F@_T0KM9IUai=)oe{;z;(DpX#?tU4}&5|vLeaH zI)V>RaR~t5&-1OBeBODd973A^czOKuKe*o?x+%~u)bS(JA09?TQfkp{dRS)FUjcT` zlXzl`q=Kx~}1&E3ti zVa_Sc*jY%jx<*%WxE2ZO-lC)J=e*}+f7m&YNonO^??{!{l^k6yE-sAn+WUMU2%+-D z{jYNYG6ILr{EIL)xtYBOVG%J<&<)WJtclO@oR9~bwbLa`k-}Dld@HVGY7(G7jdypG z<#h2%eo_mUBJ^mpuuO3DrH7}8Q7^rl8}8ikajHs6ss+*LC*2-D#+|w8h>+Ejm-(Qo z$Pvd%wRb-|$^W#HG*=H58%X@;Ls3@0=j@*{QVnB!E?9mha&vQ+Q?}0sC66~cIlYi)H3?*v%*ascB-N%F@CZPfW3 ziw49eMfo_PQ~$<%kbQQzyS~G{y^nQ0XCV0&3n%%qGuuJRYLAk^M%;ZiQz_i2uIXeH zqa36HRJHR7JNZ>c_7heLWO^2qxjkCDAo@dbs+0)Pg9oO>^_6>{*K2S5Z%M1UO#+fh z8i{155AQjc+%fKvzvF0sxPh#6a7PACUOtm{n_Khsz*$;;U@SC<-^_`p4Z+7pr<&zm zj~)Ldiw@_ZDfzaz z=Ik6H?1eOmBMO7Os3K@)QPuLM5O?`w!SzBCXoN&l}#_Wp2W{ic5* z!+*C~Pn=WK<&jh`bH;Y+M}KFO`E}F&)Q7+|F21>at9c}gxcY$%o zr+^cYRxrVftNcB&?|)5kND;VtR1W`mQhuN8ebP~zsd8^mz!M3o>qK2T|HVGOI^4%c z36}V;4VBU#h<2=f&6lchyzfU{_I(+?kLUMy(_H7CJuZ5cveoL&aKrXhRjk(;W2~H5RpN#>&d_9JE?-2LhJH# zkv+YmwEs$0j{iQ`VoYTHZnT{Jtzz=?94?t=9eupNY!bn23V)_wdO-#-lX z{yFMxccftj2iaLQ7V|SxS=?ej$0-R2qs}R+XrE+kUhk4%`nQA4ekyi`@-+;9_4N@X z+HMWumqkUtIaPvsl~^HFafnkK4quPq3p?EGJdnxg*e8^D(P({h5^bk#NNw;SYT#eV zQ5Zn?`DP?cv;0e~rKr$w`te>>dS8g-J5-=vtyRU7|Yba-e@83jF2SLZ-1X-X9S zj^Xdbkz<#`q!y1%S5>t*h%J-JVWXT=kX3l; zU#SucLg58;k}ku|&Ul`B5F+>hz1R3hiNAgwk;-=Dm#@zfjywIS9L&xssyUCxirb@^ zmg03pQyO^eL;rg7f7(!Pexlw}QiGEjC-VrKHHL>9Jq33{{-{B!c|(%}!R;=qdFf?? z7NZ0^(3$?HvaRW-b(u}qV}SMidhq{JgMaQfyoED#kRXq;NDqFU;dY9gBz*dUTMIU} z|K%CG(_!eyxQ7{1je2>Tb5uW6N#Q-?A3o|Y6Xi8|(pVh%hyVR5S$L!51xM8`CH8(W z-U<7kKLpQ#+foBVgtEEMm`3A1%ad>7Va%_CL7i46f%ACIZHNCYnqCRuxiV%`KJ65uO^Rz6!iS%Ee8TbI`zqBFs?_68|ektG!SAoiNi+2td(II>j zCKqvWiZzrOe$A?NLyGsWmZOUox+f+QWCeGAzP?FVLlvK5-;$cC@>MGU&U?r`!GbDX?sjNzYlD?FEW{=!qSw-teZ=l&0$B1?W`TuVNnuU-1*6*zNM z|7i2=9^P;5@-KW^L!n%^C=DNI^DbW`Y#~u35T{yexL$I_mPK{{!7U;KPpxvw5`b1xh7oNkX6zPjljhqthiWrX{cAH1@K9Ydap z|4nN1`?n&k4y)5g&ak9TeYo;PNIL(_vAb7m#6=zmseVt}W=c6bUwo>qu4n}OA0B*J z)K?*NQ%L_kXFHpA{P88c$sD^Z_30)-)D`rxq5S)7q32M#evHTIFA<(O6vil?xz|Vk zR97d-K-)@LCHvK@0x(>d4e>DEli*j+{gIHLoq)=}U@~RHH->TuRitKl@#Ze2e~hrQ zQoNSSZ>~KGD#E35o4J@Z$A3VeaR8-=n4r(6!;?kjCYe){TAc~S_Ejbr`TW5VVr=ckOnn_EBX zh^b47dKZfel^V<|DuyZlGL`TY;`fiTfl`|vE#79yv%#mAV3#KBAMF}98_1d)I&o(G zC66f>H+^n=N&acUf4+G2h2TO*jJ!4Llm3s%$=@FX=1SNS4grlz7-)*lS*9-p^{H}^y$S#tw(%gA?D%6wYBi*M{ zFWc&5k6o5!4T!O;TOR&ygnnPj??1$UqEW1rH-TLv6B{uevDW|o>EScYfRPb<{I=gc zdDiWn|~<`iRlHC)&&;?=RL|e{+(B<3gy@;ni9Y z!^`@=B<1hv$v%XiBW&*L_3>dgJo4Gg@I?C;lJ{3?#G`*LsQCLw|L|9z6xga8LM@Ev z|NXnaKW5?N>B~=LueUo$^L5@M;+;mfh1Q>57*3WX3{ySaqTYB0Cp;Rb|0Y2xfi>Jm zKsg*EptC>8x-aM}f2v&MI#G#C>WtZ3BL4k@r-6U`2!9Vu4K}$uzaW$Tmjm;CVE4|0 zDamq%y*SzYheh!YNmvvhg(k`?x!Pyd`V?QXzOTkF|KQF#_8OQx98{Een&|txejN1A z=NEj%@6fP4Mj7yL295t9R!v~Z77%we-e=`lSh+aCw{VW_ouMCN=GXaoy2+q4&e=>xTj{2!wA+aWQInIKN2@J8GX>eq*+)vcZLU zHzYMjNO^aMcf5I11Oe3G2BMqRIx$P8v(fJYDqn)Drt=sbM5um9hs0HDN!~~L?DP}k>#rbAS6%X zR0=>bKYYpc_G8)U_8)c8+xtu}2k^MLH*IM8a2_Y-l4lOqz4n8m_&HEwJM+o2L4xD= zOv070EnQuF3A>{cA9boh0{@19K%{c2eAK~CHvO15ZL#4?zKNZ|;^-Kwva9BA0A5tu z+|<{L;Y)5}n_N00SFT;-_QI%nS?V3#X;-V>QAkNjIyaLfXgzLWRf$m*>^!8tC1zy4 z@7g|j{L1y~JmjaY*^D)Ed=VR!_-7*lo__7n6i*P}#KZL0*Cf5B&h4eiw5B3Cw70jH z?n$zIKtd$(?Nvx5VCP%kTkk5TIuU4tx!;FNiP>i*VF9E9Q2?b7R9b{6MB`$DMPDx$ z@_X%n+>dSU>=Xc1dyaYxg1SbBouAAeUqn;#`L=7eZRXU%?Ez>TlXP)kszSNcasb!9 z8n-pCthN^pV**f9W8FCg@SA!RmsZRmdhF480sTnkO zl^sf74- zU_HWXJ7Ts?Z$EEgeqNUR^JuBPtdrAw5v+ZexG4bNNiPVDS(R4J*0nr!UDK!@wIICe zu%_oy0jkvU9Ts>6A9^hqh@k;W->&%}bIw<_1DN3lI?6CYz7pnZ1AMxO;N? zv`41<1)9-d?)M}PB0RcWMhut+g;7`qPeE1qa!|V`WZl97^(DZ_9g5WT;=5C zDJ^xqOBZ{HzV^Y`x<1_Ad2KxWEzcRFJtA5H=4{|*$Y)z}s9tj>E`!peI<^vQi}0X8 zf7gDYF9?%Q0DH0RV*uRntjrOsB-@WB$|M)h>3fkH)7-r8@cz#@CWulnAA!(UEa$ap zhu?z)SO7R5FS0!VxN+ud0zWFD+zVAcZfw%=QstTlz<+tS?@)#~3m_!JQxJ$&$XPLG zWFusMq|6aIy67c1?vf06uWo?B^KB~Rc5#D3QTy;~`T6-4&C8)mB|Bi(Y|r)U4G@7| zgU7|i-2nN2xQhR-K>-?FRftKqssXrQ-F9OChQzJ`H-!DFy-|ALWUNP&*x@q^33( ztO3tDopSl*grVHKRlgc*BuH1~S z>{?9TbbgO|t2$_#sgZxVggKZ+a#B|igXYs^34XOJSiODSegcLq#VI+CZLiP8fD7q1 zQ$qa5ajF-d@(YDafQTzM`)dTT;V2BtWCd;QYcSqN80Ae+Iu-Bz`R;MesBLO>?;8k0RY~aLp0hFCb`7U42?-mYqXaXQQ z*NI&#+rAx*u=Xz6>g$!BfwPW0!_aGj&Tn0@SRwX(GIz#UmKkxS@u5pD@p76!jRSbJBiia6-6fcU$l?#5}gEKgy-nn zDNYTM`o3B%Te4Dq^yp;#3SqXjYg_m%0Bz|BHRw(YU#4LiNtJNSrchSBef?3W+AeGI zP)^hd@b3`HJe`6kugFiYj+XZAEt^UPoLzgXwcqVGWhW;sokVfnt44f>lFU-izJs6h z;}%fStzGgvN=sgw`3D_DCvXqGp1(y_x2?ar<1k zjgaE{v<*PSEnRmyz+q!R-9(4eb&rk(K6r$#+Y55)-5GLv&Kog;dY|iT&?Xh9tYb9S zzO`lB7&NVU9k}~|a?dCG4SJ*Wj#d0c$aB80=@=D?u0D4kfT&R|t}+1)H;@Kuq}DSC zzKTw`CU2urRRZs7s!jm-AopcQ)w6|Ec53t5N4@|oF#KxR<*ENT`lBu4=|Y9j}S5 zgz6fihWvcu&f;Lpw6}}=88yaRj)T?@QR9v%9aCo5hSGW?gLTR9h03CW*L6hz7S)Rx zqnSD7(WW*2S+^LoBd(iOSUBKuusb1`u=SB`^fEZ>yva7!C6~%rKI3AeMV+l|#CLek zvxvMn_BsLZ0PSiHF0zk#E*rAgOL}=!H&1!wn-7@V_sI#C?#g2Qtam~Kss|HXKDS6` zcTBD$scl_!B>lW9wmt`pL0@ES%To!$!Hj6Bf=ddoxK5n!LZe46?FSL#Q6mscyX@vN*FWVHah zItbzB(RRJ~1Q};Ty)ySor|8;=x+bzc+%%gcMH%AcvcJRzTkSeP`C12B7R_oD788-6 z_h~SM;^r>hdHDNl44=eS5P5zXs^gx!GM4-;gcAeee)UZh6d2^<*QIRh{Mru^#d`|- z(>|BExCG7PlH#x2Tdr?HjJtjLB&~J{ot+$-#xA*=VjfaF;pzS+i*Ojhz7%sa2LN|& zDkL-0$vz^{2!B#Ifta3;VGn1&DA=1qoyks|!6fO~4q?SG19OnydDONk@tm@_b?(tt zZB7Zr4EC-racnFmkTJnK!fPkh>ug~(@`d~Awh{IG^767xINX@VOk)<9I0uPK8(G#c zs7k0DD!4NyyDGzcf~Q6-yGq17Mq~ofo8|sc zE@?sC)baozbdl9HAsi4ZaS||ema>M%0^)W#+kFq^JHx;iaOx%|zOhzZjkBai4=5sB z+(#@~$nFl{(s1Fq(ZL5{348CyiuV$`6lwMyYy3kTVd*zZbk%lt&eLhrq4#QtCAj;! ztu)lsoa?4s8dX(Mo;xYf)`pd#-X87cn+|FtQc5qRRiQr7BG zrf8nm&^D?ZyO{^{5>~kbp8T6g9Z~+*TA3>VKGk|%r)h@gQIj_$q9=(UJ$QKwN^UEEO{Hv0wL1grLl5Da_Jae zFf)V&6&4j;yfHxRw72B!l7Mjot$FN_4D<4R&8OCgluT5q3K~fNrTj`z4L4t=gcCY* z{jU_w&#rK2tP~ktD5mZFzBbIRed9s4l%KXcNKh__7YF*)93#7OEUEYAck5OE1kwJ6 z!dg!4*!g1L3EZmlEVlXpmcx(R#=5UnqI}(GNpSvNTmG!FbPi?QNj32ZQBIA#j~z@{95-$XB2knnu#VmySybN&2+&Aa0e!h+-dzU1mQs2ZM9 zT^*kQw7_Q0My#u789y1(zMMwJXv8v7i-*dnH_<8zL zg6ulus?Uyqq1**k2d_SKJxu@>aqZ^}WLc{(AA|`qsZX@szgjZoq^zQ{oN@?LOaIPM zVOh|Z0j9t0$6#est9-o=lYw|=4rt+K0UBO{9O%b)M=n8*Yyj5eGS;-6g^C6!S=S+S z@dRX$?XmQn>PY>Vn=?T{uc%=f8d0uY?&DK_N*0b*Em(c0tFSq)e7a}6bb=SWJHmjlS4PR-RfH2LktyR zqb_P9_sI5?mF5Jp;@bl)ogI^~n3%cMi9=mL`SwzDH}okLA;T$7#VIdj~eQjQ)r z!aCWtvJd)3j25xqpDMB9w^K{C&yRRqf|Q0#sxB=q-Y5&v)YKfchaIvI%(Lf#&Ze^v zH)|^^%C{e&j{)ML)fGsgsRM_1P5@j-vOJ?IQl=T!nxeOA5QKSoukPwTR}Z*gw?5_5yA5YftOR|uUvtxAWs z*-|&;Ncnii3Fc#WAZD8n^>$uo5#qwqzT^&? zJ$Z71J&;qYNIU;Hzb}`e&k*AI+4OOga}+LBYH@tXor| z*LHj~G07U?xiqrS*E4q*A`+O`n-%Psz>Q51O&aRxJ&fSA&$yz^jRhnciv-JS+5WumQXTk(h!zH(3|0WJ)_!MQwEh|z0cfhPxNs> z1&-C*pV5-u65`FC&=D2MHYd~BN#QPyZX7J69oGd|G)e+Q3+$xKC#t+AAfK~`1V}Yi4cConljPuzbGr8gsr`UxW11 zM{z(X9}7CowoB2qimp}ksY<}ckJlELvKH_7MJ%~)iNID%=Wak11Jo*A8eZO$Dn}v* zV}*FOA{}8@OZJe?m2JLIM^6WF-xx$uqv!lp#l?FJ+ z?S7@_%(M$5%i8HqVpnL=#V)=_G#mD)@Q(^Y-Ug!pBY+<9KsBAZgyW(^g_Y8}Q4xUY z(T`_T8HPaO>sh!JNiC<49ZWvKoyrM*zp6D>zf?z3!TL|&%5 z!hrtN7&Lio)@I2pCfD+s?%JNfh9;6qaqDf2XqyOqDT*1gh`CN@D%q$mDc=aaHh#d; zEX^_m0HuTMXQSAmCLh_*ii5 zj28Sv=_c|Dp)vGA}#P&Agu3xjla2LJ7_o!aGxiWOGhj(58GQ1 z)z0`JE-ooF`g6=mthcXC9q%YWT4TqY6B1;%(sJJI7r;u=ADdL95Ez=7ZJdOZL((8# zo4N+wZJgz!u&bl#U(&n>5Rs9xeN|gInijr8lY?r$C~%LXSDQX4NuwtR`|OAcr}!ZW zjFt?G3f&ox3J9CGw~3@rb2H6dchaLvfm~6ibEFffUPy@N(=~d+xSK7))S|uVjUSE0`M#j42SqhwbW&*%84?^6!x>)umLtRGBv{c;2TAG?JPOiUNmMO_b8uP>EYrMYb z1DU8BQQ5*pLy<+257kPjxSmDGeOLf0Cr(uG3*QBc1uxyj1l31o7jUKF?L~WfszZfP zXWp>|phEsh4DOS?KP@G1$Kmk3IOorVl72M#Gmh(sXz05X?rg&57wi~6R5`#uZwEY1 zGt!WIkOiLM6mE5AXSKXBn$2AR%IhoaR)9_;{1z+x%DfhlnTd$sd1U;NnAwGuB;nH8 zd*`4NWo54?xQH~@DzUoB?Af_lRaKlrsYAww+hXHYTPwaH*V#<{$lnJyxGG0(?(bHc zbhS}%CPqg@%sEMifEb_eF1ifEzdmFbQocR8R8TDV)p0T8RtVy8#!Cb+th=%kf}6a(Zwj_6LY~*t zMb*!p@7aV%W8>W=%xIB8pgSx}pk1Tm zkNfkzUKi|5PzFw17HIx{=xw=8N_2oZm*9d8SmPUJPMzWx=uH59*?hPI6$685jG*>) z&k~IKcTf1|>{vZ0rehv|&Wyjc@2@2iAgwQ5`fyo^sP^T{d!gJ)mtgHBel%3SIZK)ge>oLW{GHe_wL@OtK*F-XH@0(B??4U=j29Qb{0~{Kw9m? z-GO`AWs47-gA1t0&M#FgM3d{K0*^Tt;@y?j27KP}QhR>R{#5(7X@JyJ$4o}jxDOj_UeW^wQB}R1*)DFa`~LB_Pp|Gu%FL-j z^d3HVp#4PDqiaX09@VZm@E&#m6w@^lWdT9KD6m|;@lA$z;n1LL_8yjlttJ@u4NJWz z9o;ukM(6hJb&fF)Ur&EG7-@)L@4D?`e~bPImH0*|j^Ja@C)bJ>w;`!h7&)i$dq@o; zTkA^9p#Hq&NKrHh0d|aw&iT9?0&weI_5-ax@@KezL!ztg=a8SCH!fnV#w$vtx71PN z)?T|>`GDaCxC1NI7taqn-|7!J8gbCS#_(jsDa^v&U(rczrbrCF&Y_UMb<49 z$ek*Dc)~wLrsfObaJ_R9G2s*k_g2Cdjiuyv{ENGhwCkW?>9X%7Q6A32QXI4%S>Ind zWq2;NqT|B}fV{ZI27($}DtD9tc1iH<>+1>tKKc^Kmxh$oq|ROq^Z@Cd-G)^j#*ZM9 zYCkF9yH=-1X0n}~7A~`Wd$MeF^d80lVykMiWh%KFMd9ZueA*VXI8f{Gj+E#Q-Fp=P z5nwrLh49EwjH&XV8wD))rB$FOp9et6`*d~@yBF#=yo3|HUJ|05cp31}8y7GZTTDXi z*|Z2m;}O4kp`YK~e8VQn^%ZMLeGpCS(JxlbR9{Genjc5@@k2lFa(rCI;RyVxWW3V= zmKzZ&M{kxz(DLQ8p7JsgpYB4vlqN{V`CaPxR5M6+dl#2Yenv)yPXov=*!8_Y+Oh}@ zBvb7!?mW`hxZVR3a^JL2D?~Y-ohb%bUkB5tB&sD8nMC&%2cX^>lh6wQp&{1|gV66h z%ukvCKVWm;j4~MIMSX7m&F5!(w9_ghIR>{zdmNU@G&8oB&RfZd@`bPe<|zl5B!b;w z^J)VJ1`}dHbJ*)RqncL>DX$P0**GP)J1j->_k+Bl3$ToNjnPD zyfCRxfZOU`4taKU)%8fq391*X1_yi(LRyMI-yV@pHQ?xqqSy220lohJkFu){i*ozA z*AbMEPNk(qKoIGeYa!A~NQ;0V-3`O2fQkZw3ep%L-JOE8gmmZ7-7&;>M#RhbdHr$! z@OkEunfE=p&pvytwKwM98%s+YbX=65y3L+9D4S{+Nhn?H9@BwIX6#CB=PKRkMF@ zv^KVkfVA$|%O$%VdnR**%W|qOE)|-7XaPmjTzc=IP~_aHs-aaXs?djns_6{8bj2!z z(^Cm4_yprIdlP>BY9stK_ye0S`Yp@x06J5> zN#MOuIb7%lDy;CskU21u6#xSDDzSG9z|28e4;e#4@6a7zhu*sh)A&l9?J_T{fQuut zN8mc>w=>1R;MOV&WR85WC04pqW5}mKK7X1n8ILYQCs|UtwFs1cDa+_xnav^SrHBui z>iPEm<%RTz#zVE~?s;XCpcgtlBYTC4n5F~UYp7~dW%6*5T+wQhg{<-Vu$G2YQgBpYSz5eOiR0os46*A11&O8+NTHFGIx&~E zV1V-7OIY|@v|3v`w zzNPQ|cB?#%{nf@uB6E9G?z`4d3)?n7EI${~d-&2_z)wRc zZ*RVYn&%3ezB9uUD9O%lKXE%_Hi(A~*%>}3-yaEX^q%gZzSw*4$+6>b! z>*YBIN$;9~?x%cqx0pLoH9N<$ITI&* zYh|)i?U!Qd3pG)A(cPZ>F<0bfBV8IYk%K%bFQIV;7vkdn* zGIFu*B0db4doiZ9jMscV3GVB4}-Y}U0z3jn5jYjb^i9CQ?UP-~Dd za5{ckM3c-BR6I&1&h?f5d$_k(b9y@jPbk8nDlsY_^36D(+tp<%F1By=B)`1GPG*98^7KspbaKYA$+|v8kW1-A3Yiq`{pP-aqWi15ryimJHDFZf-WhXhl1|+$rpTph@T7ky*B|<@7F65+|x;XSO5M(o=tRQ5N}r z`uh4H$OY49GBBM|GAI7n3KW1mAyMVJr%$`efZYX>`{fZx&Gh7egc$awUpj^zHT8xp zbAcXDHR~>BRaL=@v2m4mZeaoz<_fQ2d%JE=^Lgmdx7LACzmC#Hys}K>&xXX;kj4@5 z_Sy%`3-#V0$rlBLugiE{8@V|8+svT`eobB{jSk#SXg(&XxHG`KwCGiIt5Asa97iFI zr!fqa^7Axg4g(d(ALAn9Yhxj$4t=YJV;nl0@wj+9Rj}>^^l_kM+oc!vx z?$++9tvuVQDvB@M^%VHVPl}OT=LGq3Vct#gMV*S zr08nB6T8o``X)pw37YptyICqg9N?Hj51JrT!G(|7m0f%V2)l2&1 zIYLQp`Bk;0jv2tZnV;jx1BV7DWA}n(NBff#xOU0$>Xf3lm8XxN#K&k1eA{#qV|d4P zahg`tv1xlkQsS8l=Lh7fT#u5YGQ$9~^qbt9%Q$1KJ+|SlfH-8|XAsRj0Fru-xWCyN zuMs`xv6r1wRBzYj&9t%#>eL0JLXS0xv{M(?I)ck875SZpk4;l1biH|tfpzbW=&glipuZg!-dU?*RoPVD=YURi$vfV8Sw;_u=^}j3`~zN zJ-&1c>#je|XH1NHNn{DPG-jrkRHUby$zK~I+t-y_RT8p>P4?)L)G2BcRJtCkV?sJT zaF3~dc>EW`E38+X3{3hA3~%4=iOJ^@*sx}ZUbLA9kxRFYQ|oFCHVyNxjZXK+?z`LE zU#R`IQxpFQlsU4wCF>S;qFt!jT{F+7um`Z{%E2A)RWiPM3Tv|Y4)@*?cNSBB)l}>m z?NA|etI+|YJ%B-cFl()1NmigDxd+14J}oAz;ki>*G7z5xW`f?~MGzt}uBqHBymDDr z<`!}(sDv6|j{Wc)CM3_X9We1SBvuY=3L-?RIz>ZXQ~}C2PHOAqSsR$SyBSn(-nOtA z#A#S{(UV9i-kM?}%63oQJp(&E2$(8yV%}6!u>l>c(~(kROW_W?=Y(jDiv@ZwObi03 z7hhs`(T}RqHPS6RgH30t+iokXB@~z?t^Bl3)2+Iwg1b z*~)HxXwC;D#$w*HH1n?J4JQHGs(h6sXI^Zs+cA%tmwEdR%Ers>S2ghSJa7kwSE0K04p9Cq+ z-|-LIO#v)Sq7nhBDeZAALVBpjU&kOAhdxkhMVV}^oaR1HbJ2N|=q6uW2$8yFTm}ZH z#Wur?%X#OeIcfJDOIfl{+plO+)738yvBuM(w!NXrJp_9P=80rs`-Od z7MZIHal(1*mbC3x?16!8{-B0gD{lu8!wD@=K5|lb3Bk@#NfLNH!?d0@CwFQ}PGnYz zYLBzVICWKj@!P$)#+KsZ-LGjKJyWxND$@6-sd$|Pv#GSiw}(n(Em=!ETVxSF4sCsgKem=o%t~)|sOG2XC zA8m9V@1=C;mbA##cNs+5uAfiER5npCWAbp)ij_dQGd;({tA&#bEj7=Um0 zaISD{MazNNM=<+WA&1lo8szd__T1{u6ofl*CVa&V+^SN^=V6jOv^)?TOan&sc8K(LWnKRQg zCYxzrc>B|NUh+S#YJyy6$(V`q^Z5+?TKbd;5G%`1@5u(T=K%hOEtv-^SV< zxBS<|zFD4SDX###(kU&OQvPC2aJ9%w{eJt#v_;o`ix}0SL+ z`Ty;hP=Y6eLvTePXIVBmIq!2^(ql-Mq0(A_=lxGN1aQpG=f>bDx!0}<J7{H@n zvB2jdDkF!?dh)YmIdfv(_IE$z2+w^jf{Z1ROgxSZ+o2;!51N5q*J5enJtnVRXQV81 zFgpLwTK@A`)J$E*xdG)uq+&h$#ipWt>+r;VUmH*!Om%+`Q_ipV@UuSMWE>);W~SG`&3GOdeTGL>e@^)WRa@|F=f9&^nnt7f2>xyP|1t~;6h?{= z>muhAj1X4(ofM}x#%G&wjx`!_D777J0RDmxV}sG}4}Jm!>}V(2ZyJ55hfrNi^I;TJodf&Tmm4=lX_;go^W#;J82vBw8(V0-U@f#CI3 zKUo##w(|{~vGr<)&e$v*>)Yc#wMTm#=8=P3ezcFKhhXNS239ARV`#z|Kk+a zVRVBH^s)NQi->3ct?QX;QFz$ZW^*scgfG*(sJj4*L#NW&SW z4hf8JqbXuQ|289TFMo<50+LMp=gBC20x?rR)^+nGqwhnXBW~IsPrP}yDFy=(V1$*S z1nFw&&ImeB=5ZIBR5NNxUR!n4<<7!s7SW?k>k_e%9why0QsD`;0y3fnEMVL`-(RP5CB8C|@bP zsQ$vL758Z4hIJJlM(qFb-CK7jY^Cpqfm1zXme?pC8swcm8FP*aeQW$nZ{=JJTr2P#i~ za?RVA=OhdY&JC2uG@N{W$dmX(R}{35anJ`j%v=Qu^8c_CqGln){ylQZe;;wMf2@U3 zvd##PnUu;P2aId|^!{$=47t0Spx^M%HNSY5_AJ&8@;WkI>-D_uG>do0(d;AJ3upre zy>#ojdKn_N|Ih*81cg8wu&XQoQ@6pdcu|LUi_z0dfzUO(tc;+qt(MxJp#6m#nLY0C zTKTTz+V#|(!0Sh}i=;OPJuwiyOCPOGautp@}kCJ zMg4~-@bBn$<6RpnTo$JUl?Pw) z72W;pQ@%M4E9}$NH%~ELygwKG@K61}32aUt#v`VyXrshdTnb_tK6D5yB7iFi$%^|{ zfDB-#??nRs9&edeQh_bvrDXfPPUZ)9H6F46ZT}rTDSDb7HLo z=-*PXga?-*hX`P7Ul5(S6^K!w7@`unDrV7NXt~x^5*Yy~Y0MzBX@0|ZU@bexYiF&8 zyQ>7?ie&)FDSvBN%=I-=LIO}@SXWk8nOAqgZ6CK}qk=nNB=g<4gPi#02TK5*u}E^L zBx0pSZ1FF2C*}03B#ev?Wwyu>0L`3cCkSYk1E8!NuxxeOd{|RjV&_S#Va58iA5flEm;nq_qsFp zkz0(X5Wy_jHYLmkD5%W6F7s|fKq!ub(#AMP(x8tU`q`*V0nFekQM&}%m)HuSGWhP> zi>zheB*m;=n~xxq1EAglh|v;)f|9}gBo4k}Yn_BWzCE|)lccn#_oy6a zJ&v!XFb}(509EU0SL;LyciSzBV&1GEr#|$-DfFxtkDa7en648Ecs$YQI+hWglOw?1 z+;WlK3^picRYKd5s8$dYbfS_^u-`elqhxng3N~G}+5svddXmTqGHjywP;}y{W<>B{rIJ)cj~Q3D=8z)HxUM~{4hHqEAo zLiw#1rt5 zK34QEy~$`HdpT00S~xt4hh4F^W+Bnb0MB(_F7w2ts%>xV&;cY^Esdm&auKGJ9Vvcm z&cHzV2D=ub%%O?)a){!zANE&(hULA#)M4qC+xCnKM+~-5t6FSbjTrfC@P0Mgn^t(k zwtP{|Fucv*wbwGuejz<5oLWw3^z|cok^LR}dqblj1>7Z7>pOPnk&`9TPPg^GE1)3y z6NXmRog|8G!1vAtTIVt#UkVR<#xYy@xSh&8mq+F;FY|W8{I*H1Q4vZiXfpMBkt z+LQ`p@yscjHN#u~t_yMKT}()I-`UdtI0$sF^;sBWeSy5l`4U*Lu$}Rf9i5E(vKvj_ z;$fX`YZ;MJ(@)%9V0Tzi&AcH$lX(%gyKM=!-p$6!EecL`Qb2Bz2;3TZ_6?UJ;w6g| z5L&~ChmF57G7DB^1MN(6s_W*C6phuT$xb;pk;N}0 zv@b0Y3j*x(@;2pz0zh63L=3_W-ki@93IkGmT>#V7OnzU!Zv~1M@fcXv+H)*iM?#}Z zU@m1AJH3M)cRDI4bOIu@3mvUCR#Q~HY#QBkD~5sxMf))jU=$zGX})aN835S<@Y9kQ zeFe|X0246uj3e3TMlH~NBFp?>+wT{A9SYyOO9zWML@o?I;s_iGMu-U3IId2`+6xBt zi++`p!Kcl2TMiwFXU6B2m)8RFUtORb&te*#9lh6U7_phZkYu41{N{8nNfF9mdU?~i zGl}iIPI1k8b76-<7s!ug8|ncaRxQgpGfj#k^~xVyPT&Ley|0{2sr0+~0R)`Wdo2~syqdB4@sdpP@Ab+^ZVG}2`* z&l1or9^-OtTo#-!EHSzvo;6${#{t-~-QtXsve{a{wgtXz)UeIJZgc zOg5G=`W5;sfF1bI_8P+Z?G_L@U)aob-wiP#Z*vGli~!T~vC96yfBN0tQc@oD91V=` zzOr-nhe_tspidS&9auY37HC};nv@_8dTd)*I@Oj?-srxTvG7c_@N8P=gV^v}f%TyR z-YBM|7_Ip@uvMo(WcZ5qZd-~wnVj(C$H^=$hrUZFeYjXd`tm|K0fENeAkv}VX*?AG z-d-TY8~cW|P}NKs;a2XWz4FfMo|f#cLDFZbHULISUvW83U|ul0rvGuwkt_KjbznNs zR9#5DkuIUxydJMC&;Kf%*WhM(+Htfa1MSp?Ghj>!QM})7Yh;+Sji-lT%0Yd*L>c#l zx*k&E{D@ghT!3$_m-70Hm=4+nfi0p(n7dd>RSvYv^Nju9dU`}=RzYR}-Z01Er@EHB z(*VWoyU^^misLQ)=0yjP&OUWcL)d`~Yj{;^`241wg2rhMKk==J((+U=Xs6zKPzUCFgQOKy?m)CP{|65iO4=FW#vq+pm=RqH zf+yF=oUAa@W3vpo)q4Be&mIm(@jDrm#0)2xnnD^=Jhm^NUFtMf4MA=EcqB zA)~VITdwn>0tclZ~vU(*)-^hR4(O{8$X@q0~;$sxD$Zg!u&ur1GYl0Q=8`WAF~C01eNK1Ht@0Y``UyiV7M;}z%I&!@|$^2?TzobN^WdaNf4c2B_iMwbi^El zcYq8#jc{*WAZfs>A`uhZ7<@z(;HQ@ecE0QofRyq5#MbUKYim|);_BqyeJ6|OvUjmj zw8fHh%?Usic;izi0dqKRo+SmOJRU?(D*Qx*enH>D55MXiAu$ zTL397w!Li1naB7^&y;`G^`>c8*t#9LW$Or>yE6^-!94GWa=T6f-GbStCI2h<*udR0 z5>%BC++L`39GUvc|A$3Rj??-^Le84YShm&Xf_i62yarQKZ%Ib?J9=g5sJD2DX~e4w$oj!VLBCtkhZTMQl8EiPudGk_JO_w_2c4}kl1A#mel_C7OL?sPS}^NX%D zU3ox3&LztDH9|~8jMmsNNXs7EFwCkFKghnvET?<3rDYiit8f!kl5YBire$ zTWIx1Hi|CGIE%BKuVO*~*Wl8ZNOH=1Mj0$F-sWS>U%x&?;qd)6asZ4LnNzTz76!% zoK7alXVuEnvAd{%Pw57Roao|XLW%1=fLj8?2U|z})_InW;!#e+*c_B=uIauxTC><9 zFF|9TJLL8Kf>DK>E3gop{1D{DENw1VN07DLp0n#mDB;yTe6vIqu-p`aSZvL^(p{P{ zMmGE;QEr|tU3>VZ%q0RE0 zPT7;{v?$prM>+Ga`hX8#?lc}QFyq#t<)D=dUhiEr2U3=z8Iwc%wDb$+y@+eQiSD9S zb%iF?#SrWMm&TD$63p}z<+nxpB;~is01~=@u-hhO!-HB_Sfm^4Yhvc@_BegS){a6w zRY4FAE<*(jLhHjm+}J!)xy3sR-g~qW;2_%4-RJ|tN3W$x&+Z1;PRAqN4+E5bI_0R8 z6|7R9kI$P_?xGGr&YbP^==fmALU5h^xM<#)8a=e7a1tcO(Q^dSH2YlJPTge(L4n?< zK3w^1q6?+R%eCYh_WnWb(ku5TEZIQ#Y4LEX2JBj^m>agmPhOGUP zC$L*VoZ1c>g(ibgsm``n?%IpRwb%Y`WoE*uI4JrAF?_?13E0mwHkqgeY2EmW{dO7f zM1uPFCf@sb^;ndMiTR2w(&-ihuTr+Lf-Ddf+gNcNY)H!4<=vhga6cysT*{hB$9Zs> z4BRoOd&AtJlB_AT@P=j$kWCB9^R}M8Os?Ps^pL$X?hB7N0$%$~uea*V1B&E_9Y9QL zllQcn&KCK=YAgcw9X1SD^nxqAs~{`TNpk6R?`Q13bwD*FFJ-+5>eRHPuZB;+YM6ug za@$kz+(D7BzQNm9X#EUnPpQ59cSI77gUwV^Wwkoe-DnY@>4USHbi1JWlH2&{9lfdT z&YOO5Q!jDH+ZU>J^VE&uGZ`RCTlP>X3fD7>>`omPn?dWmzQ3fy`+9%x{{#;Wk(&D}n3D110l^#sbPJb1BDW!bos@nn3gkVtE zYoYJU(vL}=>yE_57Lz(_EpsA)1{}X^p-}UAI~$YS2aJ5C1n1TWuw;*$+`fh~?Td^l zoGhFCjNcquVhmY(J?~fW4ndU;?a9C3IJmYQ6j4w1#D%}`uXHiskZ&o;6;;P|T_*4x z{Mnah916%GT{G;Q?z5MAN?yLmBeNPEiD#yxaQI7|uB(&8e?*gVEw(o4lwgjRMi;vs ziBY77)xpWK?{la9T-wh^2{XPzZ;An_ZO^L>>>NBX{;U#>^p>`grdvzueX1ThEUg8iXZP=+ru)2k|9Dfv0S-#;8rS@{eDxzz?5G$2_lnXaS=?2<@Kw^G{18lrV_3IgE!j$7`92nKMU; z9{IdhJN@G^`OKwfwtDYQ&2jsAuxmu55wri#HSv83hcjH*#XvMHe3SlnPV0I`SyPX{uc0@SXqx3Nb%Nq~T=$O7EGDr@32JOPQ z8G<4uq|5Rx{twg`eLR(}M18=nZY%BZxrePUZ_=open*U&RQ6gv&nH!Uj`MeGRU9qt zUZDTxUl2w3EfglxW{LggNMHZi_F@PLh~Jt?)%KogaQKq>-w-f*N%&J%`fjxunlm0>+J5MDuJ2LcE z3nfQQ(hyH&oFM!mj^kq-;R|I4S7<`E1Skv!o0y-*bz96@Q$*^h6`Tbb@&9>0p^+C5 zMNP!J*;aMT&FPn%Zj1i~L`QHog<&8HU83C}vZU1!fuZO=&R_dx7>AuO@CDM@<%$mH zX6G*?id*n;*xy+K5ub`IW|Em19M)HET$O{*9Q5UTW1wo7A;55azn%rzeXWpX` zof!IuU{Okmd9T@OKHE&MP}&Nu3lmr28??OcD>5Okm>3=2!Nt+`J@gVre!@4rqJMV& z_ZH7mJV~IH7B?>`AU}*WD%is}w0VnTGttc}JRQZDny!9Y@DT<5n`*2DbWPoU_80s- zB%<*A&DtM*Ng}_YBED8Wta33S^6*-GO*WBK6#IOh)9moj(?g@4L+WLJKnQh$WA|86 z-+M?JNs<`;GeOVkQ5hdcM~GZCf6gkZD{xbY6*FRkw&j<>u4QTJ#XzL5Y8Rrv>Mk{8 zS7uJIsrM&??)xxY!Ey8xV)8+EbQCO)VOL|)(GQKX-c=mjp2-6Fzda23d;)m)p9$r_ z7_L>?y=u;(k4Aa|goY>cJV_6G-|D4w9DY4p26P#qLEpVdUcZvg(6b6J^Hg7&^BLSw z{--^6G2px11YW<6(OXEr3IFZeT8AG<--HhzW2MhwG&Vz9Mt{M>Ft&_2=zIPdK-Ax% z7cmPvOk-m5(f&J%1_feAC*q;4rccj3Bz!d9Mz<0j{%_Ljr7rblr#zu(PoRGfH6ivd z;LYw|xtDjTcO~LeD&;<(uwtU?f+7fam#;KT;@||QlTj;a?a!Y9VJgJ>^mVD{hx@}8 zsWUd^V<3{- zF%nfEv*gv{uQP&79q1}s0ieYbBhH~|3=Wjma#qKqwdN)p>S?_fKD-;fo}zoS-|UYp zycSpK!m+$1y_iS8X(ig|qu*GqN&G#+sEWMmnEc(eW>I0&y@Rl+2YZi_+z|;8(7RXR z?JV@;Z;0M#lr!EdxPktbKQsXKr>Gf7k}Q;~z<1-YQQ0?5vCX72VO+ zpl!X;uE_wsn+VKH+B0_fqcsA)h@B~ZOep7hYVR4^fg8C#&~F%`m#^Bd7 z84EljkFbvv13reO-&j+xoi6k;4um$?25T-Jl_c5Z3=Bw;K>HuA(P(S-$GdB>GFd_M znc2ZDfS2T|q_8G91BOVT>qj2UQeVid6tq80%Mk083cZV*`C7oo3PM3R1jlg+N099@ znhE{w_W3@Gw}4^bxD+P5?~B$l028d^3%zzEg6CaIxLgDLE#GsgW%(-5m6}VnNkd~) z@h_pYAWS6Mnk5yr1X&DCN#>eXR&|fE^GA(D2#e*$khizZ0L(lXgzj#Q1HlVva^6-5 zPY3KXCdK2T@fk6M8%XDe4~mz9e@XZyxsw#SHL}u|EiC5!4Z{COSBiQ=-t*aKA&dK1 zmkgrB^70#j4tr99BhN3M!I{k) zk3fZ$S>z+A@dXz=bbaK)g)f2pS{&4_3!jHRvKH}~y3da-gj>K^H32+Q-aqoEiHFOP zJ;~$FORUo%v;@b@X)N9Es}n9qGBKaPOz$8Koy)Z9&_NlEYA(w!K7Lqq8>J`9Kn(uP zP7Kd0O(4rr7iM7v_|2Sdcjf~SIop#Q-&Pc~-Hjgd*<1ISbox_t0|Tp-d>~=8*mkKM zfJD7-K736Yl8eyTion{xsIV{}gH#Yd8F;wbwtMQDgX%Vu-VaXY37qYA6Bq{wnh8zD z6&Dw$K4^)#pjY{PrT416vx`f)_wMi&5hWs$myLHEuRD%V4N$HDs2i~b)P=PRDA3!d z1h$Aj8vZ9+-1HQ}GyXB7#qY|*+!uI<;lAaJqJ-=$hNg9U|L}*6NIOAR#AXsy;BuoB zDM9FNxk=D$lhh586`SO4#V3?U?sY|a1GRlj{dWKSjy3?d%$-fWf3xQf_5d^%r`n-Q zd}&tem{9iHo}2ODIE!n%Gl~p%yKca(W|Vo@mNvXmA%`)Z_YHdOuTh(5jcO!YG*okS zqgk4}-e7bn_{p|F<*QqNYrfpX-CM_v zE^tB4%kQm%gs!RPefe7kztuM!n7!_E{)w)pX+>XpajMP2ozMK3Q7_^rC8x;)6Su9N zMcam<{u3@on!7m`TAl}UH|MIUvYYSk?_U5oQkFZVw*69F^UjtWYH##PxN^C!=+WVU zjP5rA{YF;9?Yr4g(995!FzO2~uNt;nNNF3QpfVuiLyTm$$eZNyFAToAEhk0%TCXek z@%c^1DBlAR;y3dGx5xex_J%3v+LG1H{#`QvmYCUt&S(=(q|C0ZSG4(?&}Au;kNj8_ zw(+HdWRI4ub4S)h%0OVNJo75F5HLf4m9Gq z=zf*WjTVGB?2Ky-JtmRA0qF+#dkY3a&sT^g%yp^eK~#s9i&pN$J0DcUA4MiXEK9h% z3l2YF3>X>llMt7MqCjK8alc0Fw69>5m4WDB`FlU{kajYM82L!rvBt>A2#ri5#e562 zZ8Ji)QCG56XVsUFVjCotY#ZFkUzxM&8;}xMU0Zw6+_#ake#NvrjP~6JbO%h~FZdkf z%R$WL=Xo9#1xZjzxyk5*UA<}sDmn}SYjN{Vv8z)q$RHK4M=E89 zYFHzwEi&eQVTr#cnMlRZFX7k7JDqq1&FgBq1%E*$5VP9Y>2y7xF7U}nd==g1wBO^# zz4Gyv<>LFC_`jrmA*5=Cr z;i$^iL`GbEPj9?~*k5M@vz|ve>cW93+TRVIqDnvDtVso7Wh&FhWEmo_v~)>lXC2ow zOFY|0X_E7rI|T$;`qM~+_J5{u3LfszFNCKLfVs)t!EhAUci|P0l^Y9rYEN!{W&kYA*rtb5Br4z!Q}+l>H(=N3*(ILMtbbNfZ4qDR{4l2X(n(k@!W z(&r}vv~@$WhDGe>HFLjneegQcse2tqUJPZWxS8ErS-B`jFtD*D5U|rCC&5{?gOZdU zSG^_2-HEpK1ToWD7^KB%SyR#PJyDDp`8LxAngP5)oPeM?nRFf9kt)54K~9}VU*xtL z-!{36s0l2O-J5F};siOn{cEbI1WZqX+>5dRgUOf(xi&co2svbvy9wH>@wR(_l_ItN z(t7j z0WIP3kCBGcVEBsc=3cOyYDKti4{ZaURoI)S927uc|9Nt83HinwIy3Rm*{XK_4Z zX=-U9=?9r`V|Dvhd_tRda%~XOzA}JdGD7F==Zat)LIH7(E8iqr5Fs;tM5nFUP4deeX#riQ|f zn&0`5bKd-AYLy{8*qc{ii_xhls|NrZHRPSP_?TAdpLXo~hjWbn^ElP7b-~qHPpzqE z>GK#aTogmp$?20x;Qp>=3oS(*OK%M$P8Y9?a(kBJOPt5s1DO!C9k&;&T1Ikhz+R21 z;uZs}4R^QkU_C!wQOl7>Wu6J#OvsJR?adhyQ#x|vXODZVo)ADcAG z=N6k}fh8d-}yqm#h+#0YA}o zcq9@_Rm)Df6XdJK=RB{K&ld*xMkwyIh$fZm*>*dC-^RoOTy`xL9B?b0_~>Ksi`QI1 zJP}g7{CxNF<5wD_0BgXq|C>)|KN7#G$e&gT+|{RN2OR)k>jL0teAtqtb<+Qe{e?o)@^8Vx z(pe5RR6-UUhhBHdgv-j@hg*lke!;2s)#b|9mp-Ai$u-x>D;j#csJd*xnuL&Nhry_O9q zh3vmKzJg?eOZ&#zU$5lxT$X^($#2WULbo?Nux&O0a$*b4qZ^uE9tsqdq=uM?;jaHD zsWgIrzsveXZc7Gdw`77^+H|1W(dSgh#bMO-jXX2v&r*dDPK87e6;of|3hk>nzX}K+ zZw6nnM?=?6zb?{`J`Hpqm#J`*;~+7nw}q4sBC(ViP|eYeX`Q{T;CY+le;xzE39jpu z?+#}3PsZWUccM;#_(a`>oA-V>V*fDMs6QzX!iT~An(XRzN(>gZ@9G<&&;IHzE`YPH z&Xh$VRr-pv+31PqZ>}T%zY~C{L&|+jNI)#kDDRs|@R5G=<0(;mp!w1ll_0^}pR3UY8R z2~w`{(x=~gBYwxCAOoZ+JXP0} zzRyk6CrBT$zmG8A@Zn7heE@>%=VzO+!wwG~4F?EA>v?Nep^XS&5@_}H-}I}h7ekxv z3xy#5UEY)X4;X;j@D-$NYx1)D@**E0>8sa3Jd`&2a6DAuEPTVzs(_gx$mq-C!}@3V zJ=`zr!HY#Pzd(quq@p^(`~{G500CtBUWVdYz+{x zsMg35EzoALKR)-H*UdrehV4_RMmlpe;g zOYKH~^MM8W@yc4ZK^n8ulCobvlKBT}bVrjodSd~Nr+$>(zB|UJNWc45lY>EkNJ;td zbW9Nb8wmD_@ke->Yuc6Ap#|d{?>ex7F?b2je)j(yJE3Yq2%l5Ba>6;Gd|^;&{^w$b zkKs5HbZN?G9d5h_)EyGIWTIYoxCJ1Reg>kYrB!pYx^HJEx+H~rrJ|!-au(J$5v7f` z4*qZRel`dWHrwMCscNGv{lg`=^#M4=!T~o1a?5xgU+1Is9Lx|6r$Pe;!k3me9L@Or z&++$j8Tk#0+q%Peb1?@d_yyW#_!7o}Kmo4nn*t#yc$u;As7U zu*44_`d6dd#(uQXsAN-kfq~$$S4Ss~{EvQv4py>Wc;K3o=ksF~H=Tj!Hrs-_vP<7W z$XmZ#uvv-;3s|7~ub#Ly(Zpn23Vd`PXN>o+Glv}As5r>Z&JM$-k#SPnr$k}w>cyRe z$Oo!=D)x@t`*I&y^@F@57YsscyA;$iXQz^xX*+f^(2mW6jrHq(sn&=pexl8ZC$zF& zvDY&NX_JB`uYa0Nx%I94hhG0v74+oeV~xN=hlzcca%XuIZUu;cm7+`Jg$qrAeX*h4gkLWY^X zz#Hp0I5mnk*u+RPS9^KM8x*mgVkcVysb^vYWSJ)|6V=- z!MqaHVxz-EKh86qxgT>8)})W2MT({3M`Gk3!I-h7LBG09B1YHaQM^hcAgX*yClO6T zNk2$*#zQv26vX=Ml}j6eeky)pcS&i3U`I({&wzm%RbCmDmo-5fqhNp$X*-_wKd7eG3 z%ziS3S)gLQ_{9p;vyc`kZzBK0OMON4O+sLspwJCxKc*N?h&|I=S+fHBimfgi*ePMa^ zHOU)*{TO`8q>B3i)F(SKdLXjWyxSR92z|p&rP}Ay0|YA?PJS8Ko^jC^u7a5WzH}gDZWoBbJZunbpOhwQ8M2CL zxm)Z|NQ?~NqmeYDwjf1rZf)}jLa{KuFL_hp&*sg17B4nTbxkR1V17SZd%EFi{3&G{h$S(#$a4*1kU37;))%hk&-yCZVQ5rg# zT4$uT&dqH1q`z$FFt@hB-e^MbSF!%9qlxRjmlg$0ia2RRU;pV+#O4n*1ZTksE;3F5 zXS~DTjPii+Y_2Eh?5G1YO5){p2LQ`Ijwbdu1nCj9ccxUmzsr|_!i9n5bFy}kaH8hs zwEEfQcd5p0@tMAG5et_djdFM7Y*5(N?s|z1vJN-29Q5dnuh7^8D(-6ukRVS0rHJT) zJfuU7yEF1Aen3Dvh30~%I`2xaWf?ZB*Lz=QDQkD06-nBITmTi%$c9i@slb4%bO0$e zNidK%b}j@2QJ)430}23?M|`mYl9Mu^WY4`ayrAteOV$r$n=wPE+6A)f(;`-O696s} zDxA2+jRR`$K%Yo;Ev8%(1tPd1z>L5H3%XF-*1Kb|*9D~OW~NO`?<@g@%1ynUN1lS5 z#U*1U7beG_pS~Et3u=7hf->zX6?T28yT_+>(h*}{MgglP?rjkhwSA|q)E-DT4YyqH zt1D}S?JlD*T!tP$R@jJuJ0mqHY5TMu#U&9U)N@?;{CX%pAsGiHJ4#*8|7E+O*{G=3 z;QF8umw-;0roV85KDn5R<%T(dWC{_k?yM~HsCG|Ig2W8sg`4#ja(*Ln&pF+x zt*aTNnwMPqm*@0hccTF#L!@x=g#{K*4CviMcu>IO9!Iy_*)JsWSf~Q2#){lIEpj5B zpm>GgW-f^F2Yi_QoN(4}y+0VLgWcl!_lFVPk7lZ0(nSUeo;pt{HX_OA_jKTq>PO#^4NzbXIrJe=TX-Q`U!syQ zFkqw#6ag6N?#(mz=9T-?@n@7(x)y1lo&Wl5D;))6Hqj>!=vrJDh@Y$dE`ENFgOEgK zx@VBg5+$`IByp4Mxp!~TLB0IqJ}Q&}^x>x?anXa>}89Gg22Ya&-F(orY!s5c`A!qiVJ-MVs=? zc{Sqp#M92q1I`sFU0?2W^2hH&$K+Dc-ZcO&2m|pXLBJZ|MYUSCDsoHtRCW$$8-2?f zqA1z8)(KLl1YGTdV`sC5+gj(2zR`(Uf1bJA9260(?aT2OfK&(Y>)!N{fE+)>_lVa( z{+0ezaHy~t$ce4K>NYNsxT%T*#_YlSD>Gm8$1@t7Z#y$rrW<{G_oW2L)6}$_hsrKC zf0%SALCTjIiZ6Ge%+N|iv^_a@F@qYXkgu)`wVz#UPA;*vCZ5aSx$5I2c^yd_6vbeH zdjedINo{uP38OF8yz4k!j19sr#YJlaWZ$oHwnJrLMjygM$9U$oC>s^1Id1HAv|WlK z&4MEu@B8j!vjkJ@4=YPe8W8!a2NASKU2Iyc>4L8o2Jrl5ajC!;-0kd zFpYcTkp({C_aXzsID!J6#}uD z2olU!WH*9<4X`b_#K+eOMrKe{B4R;hl=kVofF(WAN_qX*S}#Yt|Mea+UzqSa&b21x5 z3rFC5F*Ny8aT(;KZ?a65Jlwe%O(GqRi3!&bTtWuu9$N8iV=#jAU|Y~2&m)zxcDxh; z#XnU1-QeQ)xANzA#$`lyhyPU)`ho7yy`;Q3reP&66xlx2x4!>tHN$PlB_%a13v{w0 zOWA{?s#k)mw-u}P^z?wYcR$dFhk>w>zAZcnRd|WyEoDVw_Sc$MFaB(ibDh^{sqD@S zt?$$a=9?G0m3yOOtO4~2^;8Hqorf?x0@_bA+OmFIgL5O}M4-!LZ(_pbI=`C3D*5?N z(U&h*UvwVpb*+NLE|?ijI%y73(Ecuc>D<;H@VVTX>rc!iwY9a4D`qabRUPS0S(Pzs z8J9Yy0YBG+Tmz>)Alc%|r^o4<&B=3NZHv-^?9b2s*EbWuNYj#Y!a02P65U^ZFuVC|Ms8Z7Q(-p1 zxrp8#NJuPK!H2&i5QW1I@bq;Ju_7H~oISnl&gb6V-m)mnQG}%t?A<&GSarV9+uYnd z9~DH;7)ghooSf`9u~r*Ykmisprti6v0xNLBLgralb}zIo-B*bQFG>W8Uy-$&E4TV9D}mX!LNaWDu|) z1(tT0H2MgDf0QKy2CENmMOqs9M}H5SC-6_RBEh3634}w%UYK5>r(+Wz*T(u`rAAFr zC{dAX-|MzS`wh)>pkCj6cbkpF&RAh{YR>+>h4CK``CLGFosTP1@O&JaHgku!-jV9- z<5!$%cWaCE{`gI>avXj;AGbOb=_9Or=cya0(}2O^kx7q;w|9ANNr^{~pJqW&tGBeU800)!r6k-*-OZ7UI`hY0_UEPf zec`wjYiPM*@QG(_&;jy`6c>&LRVytQw|_f-KE8}>f4UVUD(|oT)5Y}NtNT9?FP9+Q zgvG_ejEoHPkfu_%)2B}_txVJ}6Tsa0Hzp>gL2%(h#iEzkTL91BT&Q}#aJ!?Lv%UO~ ztL=e{i_1z{g?(^M{Sc_FufFtfb$uYMHWReG>@W;GhTxhv=7VXN%hP}%`UQ_WKY#wr z>wob2v!)l@yWhQ0f49N;v&E(`hWs~@U;lzdO()myQTAUyDSU$*>bJ|}F9!zhEkQQ2 z&PmC$T#mm*dRx6yj5#2{O8Ai@Y=$4scZ0uuYgTN`g7aYBzXW8WE+W`0VS>8Aw8k}$eA07lTJGzgddC1EZj>}{7aPh*065C^YElwB) zBmzI&2}4XUr|0WHElLkKu!`;CfkWh=tCa6vF<#WNjm`fPH&FMvxEfFS-<~U^rX}Z< z^yNakQ-3*i0oTb>{PwI#y-1EQUCrKT;PMNrU0EF;{|uOu{x9t|hk=zQf5sxFHY2>c zbHWU=eE`(mSe9m`)%?xDbwCWo!VXK*yHFv$1 zRb%So*VLKa&;9WfCMsm$PcCU|Q{%sR^HR6>s-zsy336ZTc?<^?7z|OzY6ldm9OSo1 zV@DpgFc|%<@J|j790(S+A};fX%F4=(Bb}D0;^N5BUkjZ>EQ9L!gVwSA+yfvS7imA} zjNvtBx0`Dd9RjHv;n>2G*N)w8N>5BYl8;|mEVPMQ5D`c0`hsE<@ccVV@9uz|Pzs21L;+><98k6A7cu_aUGC*AsKMhQ}hS=+E=7 z|8dCvi0^+oi~)>iTKEJ6B#99->YjHpNWMdK;`Xd5%a*PU9LAIF-+#c>tXr&|FKG_N zCqK=SU*S!RiJ6MT_4dYg*_#iU=oRf=2vL!;ToM9qz{0WtX&&_u+k2(;#dpObV5OJQ z?(Xhr5OVbV{i}I>M!LK22vV%At>u)K4$!jlm$I@;ax8qt7A-%Tvia1|M|7lql>K7e zoYbBm+DwaPzIZXgFVxP~meu~F-k<$yzbbt$&KbciSII~T*%?DD{xA;vN5rhzV7~N* zFXPTZl;=Fv0d?b@nO72Of5ef0E%NQh^0iYB_!nMwIVlmd12Mls;MgLE4ZjC+DUAi` zB}`koOrIdhl7rN}re?S4|JWIS`#J+wsULjcOmgb~oI!ZijhWRyIcA=e>-O6Y7ImP8ZwyD|W`21u_A@7X2@c;fyk7DGlPDrSd>Rz7z%jf+s zUz&u|n5(ZIB+gc3>c`Jz?us~j{+GA#f7U(v7n#diQLf!G8~?3esQo&-=C-tD3+`0) zE%tz4=jMs5#d(o_wzdS+tP8FW*DH59(SkMR<~gxfDtFy4w38*?=L#kZJ6hr%y%Su4 z)%agO7hF2yPMecg`H=}RSKuuUS6|g=o$m;y{%KLRY(LR;)mC!YK2xoj;Xw)?&rJ%_ zd9hbXfd!ZUOTz!>b>lik!8gY|&^2@8FeQ~!8Wz+>sH|E^7V_OTikCkTAWo*{+oIQI zzqO=yueogD{%Kq!yB#XzPO_8s3wQ1_=j6BAw1>iLGwka}-@8P~zoc2Y_F-@?3iJ1V zZGZmg69K$D`88SIIpN=Is5$7*iierq$7(K17bsGxSf9k$iI<$56aDcrxg;kijjQmM zorc?Vx0NSNiTYnRMFZdGCMa*SBQt^;$sYbLP6Xf(bSC%C)-`>eLml z|EKf*iCdUQZdfZ>OI4v(0dnixab)4W&|w?Se80~&0_tM*iC_MNgiAX+{Ldlu|7^X# z2_0WmK6^X8m+JEhCO^ZO*%BLYPToXU9x3P@@oXLH67unO>|?U@)6u*F36C>le3eXe zxmHtgKj3sxZH)h8G^laCpmC#X4I#07h4!q*uBT+OK_o>$7WX)&VO}(puThh*biGOr zdg>>sq=7|&k(PTPZO3^kLs=EjlOc1X((b zI8p@4WKKj`Zp6-u^paC?siW@H9scK6^5^fy2xu7ohIepsjNVwi-d!X?{_^XqZT%_C zR?DN;XXUKO8ZY~i4f>Klyzu$v$|FgE{{k2M5&l-l*Jz4xzt*RtWG*b92R&WD%wz$7 zCz;sK4up8{R{EwVug<}c>t z(V5M>GvepshscifbIkOl-h6z z&-0jq?wip&clcIQtfiAW#bi|J%r;Jaqx@s*)qFVTcpvM+&u_QT#gdIkuvAhC<{ix4 z+M<(!qemmzrC!Xju(VQL%lr|m@b7Q9f5v<+QL;0X(V9gP4;6l2rk5e|$9WAivmO+h zGBZ6bSyrIeH$03Vm6Vdosi?4gDew3JY|ffuCPxIjl+FUweb7SNz#wrgT`Rim`}aO} z5~wB7z|NQEvbm9y@_*kPUB_n_b7;r@uUC}usRsBVCQ-*jwDt8TLn5cxp}?*bpm^f3 zf>8zlt*UfrNu4BfnVlYNh+yS07fMV>Ak+k$Vz_-T2!wb~ijX>NKdfwYwmp$Zhj!LP z3hGH%-EhGg=jhhX_PM;oZnvWkq?~c*oE1z1WDa_|+u(1j65pI#^K9qB|Fcg1H(TKN zv3JND80GtvllH#5G!$R#ePyayR0WY>Ho=4_>sJu=XI>Y`9}dYjx%P# zQE#76E;SjDa*A(LC>md?<4qt&>gY?%zfPzilo`*8Kb@`UjSJxw5P{hsH*fDMfx3bGO8BFlMtR1sgk1y3NL7 z^X{tX`*fWNEJc1t^nPQ&5WxxzG`eqpTuxz;Vk%??{kjs+RcJ%ZLiE(!Bi-EHhCmbF zrow%hdI3ym%5JSj=_x1#pwPubatGaV7JY3+CI2ZZ%b%utCjrtnn{}`u+Fn@-R>Xgh zpH!du0p~_ti$QhWm3a4S@`V%?S9Im8K&hfh@)`iV{I5;(W zeH&D9Kglcm4}U9TC@~A&5*;d89(6!vHxo{!mX1`~dkv?Q3erdAtQ3%yt?K*vRk5y& z6kErzUO3p3^T)NN$gmpmX0l6n)L+ElKsId2m{qNTKSYNJZ0M5KQFM<~+-IMB$ayyW>%|F6Iu@QdN5px_x?e4P%mvha@UrC`mzIX)+*#qY)qTfwr9r8^tttctU&ay>zn}52#uE&h! zZigNzHxco`wwl43`svKQZ=tE5Uu5ZcLjzUjF|n|M^(+Aoz3Wrhufeb41BU7*lHJyO7pi=CLC+gCr_P+wv-J_<>e z^_8?Cd|F=t-APye<;6E{BERuHQ2)6#)L+#n=kML>Kdlp0dSw&!9^wnO?y#=91M z`2}8$0K;eHC=L_|Dci&UKo2W`V?*ZTf=TLsx*`MKF+SpZrD8w&PP%{TF4?lqUAQr; z%xy}!nQNqcMsQzUy3p88k9_0_q^+NYF}`_*GNZU1q71>DgVQN>v)ua<;9Bq)2@iK}Zfc^Y!>jR+jC44*0nHK%>dn_EfJPc%ydgiX&P+kQ zW|;7Jd=ZERbNn;Rr3zfg?lPB%Eg)mzMSlQ?_!t(NhqWf^FzH7;ztY#8*)ERtzIyjn z_PNb(A05^r>iBK~*m(%F0T*DJe(iGAt^U#wZg8qp)A9oY@AC|3pPNe4_}muOw!1pT zb77P~K{I>oW{k@>TuEw1qfos7aGyW@jY(hxfNXL(v-acTwL!}+b#S)Iepw;?;(-kx z>TGVrikGHl5vx`X5=o!ebeBx?Iak40I<^{LyHX&gZ|amMcG(H(+XY*W>8#qu5eKV$ zNmuWoe0H6Orz_hKWQBE&-nfJG?W6a;hc2m6^I|a^h8_oQhZC}(OL4fNmDoY#f_4+H zLtlB62V;pxod;W%{)d*!X?aF-uXlcN!ZVZM|0y#BjQICqAD!sMR4E_*GtJK6`K>;| z={U_U)oeR?O?Z%OaIoNt5utwE!6JFt$AL7(P#j-qz)y!2&tkLZNAm~0P8o>bTpj&? zONJJ_C}aIWr_B<<@wA!ou+P5pi_#Xr192yuT;+%b%r~{)$mIM&BM?oDPjrL{EuXx_ zRyc4TZAts{ddpKoLoC@@Sz%`cD5dyU4D}@XF(~w{f@CR=kkh|{@WK%_uFO<4oMRge z7Vgc2=FI6d{8e&XB%8zwAUmH)x`W(4N%3CO=&|n;vIm3@qf>l*d?RJ$jW6&p^ux_~ zN%~DvU_TwF?2@Wl1qq<8?qoyA_~AR0|oAvR31blDoLea7pI?vQhO3fY9=5-k3rh#YiB{7cNbd>ZPl z(CGYW>-3L5;W>cHwSSd|%fPC_9m9e&XlT_D-UnjGbhL+&uELT+2<=MyVVb_d!OPvE za&lw2XLGswtW-~;^fPVTgumbGl9coZ4OPceE7vyPLctCA0%(4JBKa&XFNZ-}%*bE9 zmakk{<&lNAevmt4PU=rIa47qUiB>}X0>jYB$4xE~Qtr8VgVDW<+pH%l-&$`-x}gtq z0C?=%rbM+WRM%;OAos^6dz2E-kJ`o~@cqf(i;VXtnbWJbz47=-YQkH@DF5fZo*4DP z<7|J+Bj*luyS#sw844O3k)`G6qrQ?Vx5hdz%tr%|n8QUH>gi>qC(CPty;D62sz|pn z{tajzjn&<@dzlGG#}n)(Iv)DHuPoc!3cI>4_zwcUlvSb_y)SFcr|wL`D4e+Y(fU4V z4_#8-T6Q99XoKSm%_Bx(n2lYbGNEf;A7R!w>L9;?k9|r(%tKA z9k^bxrPZJMPv@G;E8y#?#$T}CM1RLE0v4_SDk76N7s9X9Yn=)0L99BT-4T+0&(Ay?KU=kP5MdynD_vqxXEZl@u3xVss< z9AGdHzAcWYFE@Eh+JHJcmQ8kx?*5$i+`}u=^BHr$F^{~3UL>x9f$>Sf@OWf?Ap*wJ zU98TpljnSD{Z~%AB$augJa=f6j0c4S2C>d8!5sX6GTQA*6Y;2)h&Al^?3fMRK3enN z|HdjC!CZ9!+)vEkCeipX_R!wLgytHex@6I7W?SPz9A{~9h@)f=ob^XzKd+WOZ=%Lc zeY2<%K{v!2oB-;GQS+7q&`Mp(6C0a3?G;4R+}x}hFfx=dG`>{YeOs^6-06oi<`6Hl z9Z`bmJhKJ0A1j-aa%ddFU&mW1=1x)kX4xLO5u14HTv*jPCA^jt^EJ#IhFE~B@EG2% z-u8ttEMwx}y`Np2Cyy4ae>O24qTOyiv;{2N4H6~En*?}FyW@5qdyu)w>q4(`77y?K zr1HaQ^Vc1WgV=*aG$V<+x0eZ1#eppzMpA+}pQ!ykD&e!tY z0aQGv>g9^U!miw9R*&HG7julOZ*lLWFC#_<=CwGbUFV}0@ZFG~&(^;rB2@C6>-0M9 zHy3+nA)ntt`?|Z$uu-Xw*u3oQJCOLZw$wCC7cYhgvN)w|6#>4+2Gb_U4IRc1h$orl z7M?qge3@p4N?_G4{!K<=cBiOoyiF}30n%=ZAClb>5{no6ihW^a%cAJMryl%*f)T9K z5R2yW@+&mS+xdLhA%6%{pWuKN#`){3k|cccldp)2S#veIiF{_EsJ%V!%<|Q@YQig* z#lB~xCg(@Tr<_9MJytZaq4{x|4O>+GD>zECf_`eyABG!;E4a86i49|P^0zQVIP3@f z(CejL>wEf0n{ZFkf~{f zi>GZ1wuwo4l2}Hf#gOUg*TjdD{Xn18hk4ZOg=c)g-xYxJ4Ky1Y8wLi=jbr&AS1Es; zJO)}cwYdB)Cy=}AmQ`hK7g&->sWFqkER~;>s|edpn)u2l3+hjelN55SEG#M$lb)&& zBW5WGlbfdIN+w8J&d`ZT;!{{fmk{z9I?ryG(o($Ia9eFvJI6D?c&~hCGD74EA4M?W zfs&~q#3f)*PbPW7a3s4BMJOtWlD>?|EjgkQ8d1=`Buc4Zocc^4xVjVqi_}5J7#<*nAuCUe@;K(6DI|!bp049V@fl4 zerZJN9CJqw+(**D3~%@qkQXRuaMQaT?X31bhg z37S*5G6y(g73~K=CCwAJ4<{7ub)0Lwelqw?wcECPwvmwo=gyCrGemFaiK*A2sl|~9 zch<9GvU6Iv?F8sYx&8O_B<6{EjAm^3CPxO^b>X>Y%>a!szrgV|=bbG@v}PU#5p5q^ zE9-?99`;lFa3~V;b zJxh#WuIz_rCy-&_TW70}$Vrt1d)WF|I#Zyw_*Q{3r%Qc@H>XcGJIr}Bbx!FuDhO}8 z2YT%Vw5<1bij2J%ZomP7I42j?YDA=kc?KDQYhl@4>#{DE#|72yzr4PDkb1a~Iuy7_ zvAl7u+WUIO3sl>JeaYA?F`KN4{-9rRYk$4H0zdCxOWlGO%P9fe-5TS2&lmvzH+~^w ztE}C>4bxB5P9;^OS$jO}IognlaiI3a?|!#w>?C?T%U=2ayP)E>P%gYFaUIt2{^uUk7$SBaRhy{iCWAg!z?%5+Z4vxXpcSIVeDqVyf;Ps;+(vq5nrz>!ndJAT2OE0^TNe>7-4tI0|^t-8pyU#V=4QTgY*VA*_?gDBYAq6%z zrK8waX`Vn4R<;a2lsy)%|7dJc}CLI}7&v^U) zdaLHP%Xv6Qk6S5tX(K=pkm@_DSFJAmiqOtxaeu0EEqv5c%7}zKTJOJBht)p-wv8di zKZi(L0nb8IhhGrM1PJnONj3-8!xH!2{arLXLG~Dc7-#*{EgdBnPHGmvQ1lHIl{{%m zbe}a(lgIh?4TOU}@^9wy6h+d)~wS2NS+?`>-#p)@LDztv>vs zibJ(BiyV9N-rnh))uolPtw^B>IFE{&B3BH>g$lbXF;T*?q`Y@(`cGst?d!98%mm20 zcxs|F_Lc^3liiV*4~Uyf9h=pu*0f6kX*X1N+U^0oyeDvpHuar z^ziy0BSO08IErOmZyrhxsk65uApF-Fx}EqL*>m<;JFlGL=;`lIbO=K)FLQ{IXDmk6 zUi8VC`@|ecv-Q3^;FMzQgP?WH0!UA!QhuIKlYr^1$S&CuQHGF6x5MEiVK3LW%-7=GlNz1%4ZnF5@OLZ^upkzAAZv=z zNSo$g=y6#r4HsoleP;4osT8l-PaUnk#EP+^ZU6Cuv}RB#&WB={=&Atdph)6u5eyj>S!sJ$uyFmEV1oUn|&)4?Q{xJu*1g^rSgs@>Zex-=mJgs^lAj zUbLG96dsI^j7q<{Ca_sdn-)u5neTSX)y8;wa~Mx|u2G#N4C0O_?%ymog|l|m8=VSW$bBM;r|){>}3HQ{tdxrD8lLj zf7SX)NEB4h&dkj08r30s%a1NOh|g`GNfdXU{;rwkbkmR-Ej=ntp`mQEyGxPwmdTNI zLD$8lzP`P%W%`8k&4)cIkTbn53a88ILn6}4%jtvWgiE2f83vGcx83Y#!X<~JG; z(fG?YuOFt*XFwCSo;>e>aVoH zj!uo+j&-Zc5LzS4#!$BXrDTn@H1I&|g%ORFQZ0fwwEH&2tMn+PgZ?}NJThYiCavz) z<&2S=pNs(*(%b>*O|`>q25%XiM{rP?Ym1cBArOeG&~+Lb>P)*6dRIJ%1}7>>=4W*& ze-GJzX|i8Z{hW)!?vY+(pUEC_-2ClA;>^An`*2vgptgPrj3W4bDw7)4jFv;w0gBEY z72cOnavZG1&>p&^`8Wi$X5XT|<(>(gCR5r&<4;*M6f?b1%}^OuoT>S};tmL7va+&r zB#WcX7iXDu_D$iXd?6dmVE8ZO!G&Qu^{Kg3w?XkE;ls4iCj8Mo2{SY*!BQ5 zJNy1rV`pyy=0KO3O5bb!LRpj;^eSErCF?DlRgMm{^^Tn1WxV)=)xLV_Q*j9v8o(~2 zt-ConFYBEnTvWGVsv009wDB#!0u2YZkJOCTNr>mC5P5DI!(v3;;kK9qhv@61tcj@y zZLNw&o6#}{u68wIJKk>1f+g2)e;~;+<5nB`N9VO4_2Eq%Tju>bqcBy}Qy~!Jtv%vU zS@VH+Y5tQ{XzKfAONvAJ?<5XE7uT+d8g-oCg3Ak&=k@m(KtIMWEQ)5wP;(&- zs@sljUdyi#J8!vOUhwR~mBe> zYSe;A4ayrjiWL>s`EL^E=g+#+Brh+qVWPBsHhXbx>qY?!YaLFNpCmbiqH_>Q2yNdV zSuI)AzwVOXhL{webIu5j^7lE4A`BFm9WFfE9QMGFj1KYL`@8E07PVpK(CRN^>9QcP ztblj~O?h{he^xNXnUwY$WWZshMX~p}cUJUSD#v+BTgROi0>8aaAnP_26#KQ^Y;t2U z->H5U2h{%DdwX?uLuzH$dSv-NEM3OZKq>p5_PeT$vod&l!@E$dc7G%|e?Bc4Wi>V9 zUbfp&E*k&rn3SOIcU;&2rev_Alf~&F`zCORu*#@logG-&}2n zkoHci#D0_-h9_5lqt|tS#<2$Ge&>sx_rZPpMoepTr%d&<==2;3| z4u7N?$D8d^NN7X#tf&u88>p*SCrb>@w(FOE?b!{f89X#o-H`NEqukSKsmtUJkyKr*j>|kRQo#e+b;=X;nMP=OZ^C<&`@6%+muAzJvuf$WzV;lG$(<-_)#)- zOmfc9&JC-d1T$sZYca3=a$&9rm*c4@!Wr^@3L6?G<-Q~g$x9J~L9IGu?ARe2Bc)F1gi#DuEmfAiFW8I99KcxT zoRtky2_sM#!M+}%3-g}3P5NPp{Pkw4OATS;C44t~L6b*)uuh2vXI8rN+grk%+))|p zX*!M%_p_iY+RY5sIHP)|-7!~e;?+7VXa#8N=vao*aTLnHLyYenZV?ar#?%~HN4J!- zN3;8LIuEUw*~GjhcZR;v_}1wg8>e!97zGWOW5~=DH{!K=OPd;c?h9fa_{YK~BhMQ; zuGG|y*FVeLtZ3@(HzaI#!{0$Gt|X*A71p~^B~KihVyM?^=XVbyiL|vdz2cnwM{<|fTQi} zW6@Jd%l(E`XR*v`~JJM<6lP z6=h8EZF^aI>a=5!frB;2-jaOWkcWM}?H zrZr$S?co=9sJKXMD%W|>9cB$&qSUN1dtrMf!YP!y9R5!pq}8(q^%(ho@E|i5G%gG; zf#CFmE)EJ(gIEgC?y?mW6hs3k&F>s^@sk1xiNOqEmwW^u zzG{g6JUl$?Kz>rskbJRGb%Rt|QqoR+^@w(!&TUrZ;Jaen2gYM0(nY1-C^0bgpw|HJr^`^KWakE>O{2kz4=q>y1%M@ru)rHcF2DaZ0&- z^}|6PTq=yh2e9=$hGoX8cslBnj7Oq-7x-VPEaM0j(SqWr-2<5`=OYfOE@0QY;hGF5IrA zZk%JecC?eQ6rU6N_jLi)1Dc!j3#hA^FA5OtaqWUDry5V4QnQ$fb13;Ow_nH;nZK5z zvzVKG=dh%iLuO!F`!-!3vkbeC&(fx*?#}q=`|7NAd}8Cla~=Sv$)_7H=$XMP?Mzje zCOaFRQ+XU^Z;DJzjeBEcPN9jtMQ9t}*w{GQ;Ao~Vv>~4jlJlKhPw1@&ss>E|Yz}m3 z8A@`Q5)Jl+IC&K&@CosoOFzdGSzS{&E$t367UReB+q_(N#KpBOl~Y~Xc1fNcuNQi# zzFvQolwf4a_?`b}9mUM+;`t6qVUDz{FIb!^Z!>V`E-K3JjpIN=C{? zgUPHmxyh*`Z%(0(JjWF)!S}MAW;cD@Cm$rkyKh6bZt?TG1of8F)6Da7>FVh{J|V#p zgT2gi?&AF|x)-1Vb(5y9=a6)5j1w|m=18flbD3*%yJd6f@KhY%4LI>5D0jkG<)K9{ zBkape-yTmcolnyj%Fm|VpA0ZA9S%Djvvu%M9XU}r`VoTDC2YbxeMe5L&FC0%$SlQk z;>oU1gl_6*^iP>k=>%m_7eJ?a;-to2f8I68MZQ&ZC)!CJNbZWv21j&d%(J+CwZlN9s0 zU|-e;8&&VN#7l9WzCjAsNN<rWd`fG)$@4#5b(+ z+7yP!)UCA7!dS#Cv)+5n&XS6vv0U?P`k=AmN9Pb2V?;^_^o07t71_z6BzhyP& z77usJ7(Ti>svFjpnk+heOJB6#z1pY2NJ(MPEHq)nD=adtJ%oPQTA0EDlVQ{O&B8^X zd5{>1=Foi9FST_|ZQQH=TW{OgjAaF`nSbqouSHPxy+6EvKyukclgdC_LPGCwY22GS z5)WIA>16Z)Xe6Z83+h&&sU+DhGujZMR_$D1m)Pbu3P}bd>Mce81Sp0S^p1fYT)&Y7+$CUHH>}EL=Gd)E8 zU5Z>B*3?vs!t=?~r^;*(A?}-~)p8^6g$}@>V7itU(^!{(BJNN@NBiE|;q}|@8Jo{g z6Z!rv9MYbRpkcIvQJQq}N1c{tRe!J$W45l#%h$@+fKmV3C8} z>PHP~sT_N!9&Fru`n36rshM?*m2?z3I)COJu5BQ#0R6Irw)I4$WYb>_nf?2vk=^iNi`&x>;%A&rO3o`diMK zoPIl|N4`c_Hfc5F`nQiz8{lrc#?dgszkwUQr*%?+ILvw27>eV9fr}sTK(hF%`@E1< zJ;#iiGSj(v*=sU=KW{<#c_T0yO4aqpRt1~ouSY%H&q7rC)+ehECj8%erXrxa_Fzav zV{@q^mLY!OAoA<0^+#iq`JTUC9DQN-4U)ggEd7Nm>31!F@EiGF<;U>x|645Akki~1 zbstJewtQI0+rny>zNr&DaClfd&c~amee>=B=m`uo%>FKr&t%J|I??k!p+V=H1yWF7+ot&z!ZD~aSg8!{_&5t(x-)`mgTBw4 zQUvuS_XqR%*6uz0^sZQhP=dGsx9=_I%Z6%AzRq{SJ?UbK4Muy{OY=BNZ(I%wY^?2Y z2xHLNN~i-|iTaba!3ja!&}wwwM4$D#@#iMWL{G_YV&J0U4G zoVB#Xb~I^W;cy8z?5AvCu5ee6G747U()JOm#o^SZBW~7pE}kl2=SEjUspx?feYI=d0igZc$h(wl#AlL~Rgo1eHt-`|rvMy0Cc!96XTmd-3cruB|@iu?Gi>*+|J)DSn(yS}mQ+?7MyC7!%`+^N&hi<(+pb zjCD$6zJJ&+1U#C1Ew*aaq3278Ry6nXlrP)IKGw?<1`v=G;kT!^oJz#}4}COmm_r_F z4_EnC9QWmp;T+j25cYA~zs0DD9+k(qX=6SQY3D*`LNzxj`#8a%Qwj30#G@U0bT#al zW2TLS60|RHNXyNij?2!@K5)#ces1yts7AQsHv6TBiHcW-z|3#g@mwroF&phV_$ydOS4hFtCPCR5B@Wkv2LasFug^Op}Ha7 zAy&PsDyEgQEl&|}wA6msk{c-C68zg{dG6b%l^McL1HrPRYx!^j35-ro-Fi-eSNGlP zc3&EJCS~B?XJcb)w>tTA8C~DEIh!o$)@W4mwhyI$ngb%9sPMva?F$&=V|uN z6}f%a=vDfr+~$IM*_gnUDcI2%OgYDW*P^~RSJ_)ALO1N+Ojt#`2h@{T?M>d9PN3r^ zOl(p6l}$SZ8T--N8XnVmuzD@?nStgg3HZ>!$VQ)H_&cY(Je&ir55G z02fNAT|+gEbO~=5cC>{h#7xe^RD!KA+A~WA){jnjwk5G85|b)ou%WU%^x99gOZ6wr z+chA;>$9{>TV2Kd;o&aH_c;|w{fp!&OdAke`q%F_J&Qk=?0rSVN|?IgdQMZeOZnrY z4pttYv?Y2<4P8r}Q=JQ0r*PIi=iK)6$y_NUrag(eUE=Ga?j_6FGa4toW|LhaFZ~O9 zc+LfS*9`g!>c$wqnb^c+q;4v!2S0T)Ff58~le=Vwq|o%dr%NcPs*-)l7X0>Bm8aPV zQm`Mr3E2X3;^C#dYy^~NuO$;#Z@HK&XI!Id;`L8VE$I}h`4wK?L>|9fS`HhUp`G`6=4#&n$1h@say0wHAcW0`H zx_7U;uLH<(7*w9g8e`96a`}w#yK#>UCbi;oa&yBgidG(5o8H`+@COw`TV5(&ta_&PJZm*kZn+4+ z?mO$Q0WBj}38^YnHJkU<9qv`_w%O}DiBzw2dYE_w8ee-xe97C${EYC<+VBl8 zFE0lZgV=CLnjR^0>e;s`Pt|6|!p+hC=}ay(*$_1?Wj&Uf!+$P?_=A;i*(Vqt#UZmO zr1Q$)%37jB)i0be(SU6O{LRmoPj6D6)a^SigXpcpYf=?wh6OdbaOIa9h62})4_p-ZvIx5;C8w0QxiX1 zuF6|rXyk|NwN1*Wov-V#doAe|740&IMQtuK^R*3cY}yr0*`xVA+nSZd=hC&>)jF>T zx142o)UMuiR#A;G5mL?j)t&WS$iMF5Fsj!O_g-&=2~d7u9tQ3gi&{2@GpAoLp6%-Y z!7uLflj$Rt7K6|?$>+Vvwgs7>9`c;xxB5DszuYfn%4aXN#Q9robX1`BYMm-IpRFB* zGE+!b6+9}4G^+}rin8|6{en^Kx>mkhcgE8Zjhy>WEiAq{pr%3C?HjC~@aOU#?si(( z`I5+YLRm~=!DqhmX6aYHs09ZjqXJT%@AI3$dWJS*J-zAuP(J{I%S#?8)+r~4r>@q$ zE$k?zzJo6VBrDVQbWhn;#1p`AYGUuE*|qkC)M-)4*;P*wj4KJZ!G5Po%9WdP*xEV# zMdCq~2*QRJ#FyWrcU$hX@4Vf-Q}x2ad~*YKfG@Ed8})UV?;&1_@4#<)5D)SWfTGfw z7SU~)6=Lix^V zU0WUqOiaiXo~Fc*o_Y))`jQS#I5~d0Ri{xZ?kVyFV6tY|$U*SymaA3o6--SaQHLXd zV>FgI?jBe>F}^>(QSG;GtcqoPnX$TSi(?iRrY!P*KVo?^jHL4r^@SQUa!2l_pn z)eu(M9T9-2XL)+1Ykp;EN&Yh=HUSR5dJ22sTTj91yk7Y5Y|TYRy3kKSq&yRZ&Pm<% zb(*WygZBnJzMgZ*AJffTUw5$^RH{#%K;LyUs9%^^Y%rZtB9RKZ{`wk8pEn@qu`8PgH9L)(=e3>HH zs~Whz*1IN(PSJUmC(B1-8U8V%rw&`<^^!ZD0vIaPq-qfkPzk4S>)VxJ!6jNS!o>nD%+kuDNJ9a&)e*$^5+V|9TOw>WM zd!?Vk3(w=?zq4{a)7kYKYhVP_SiuVS&~{JxYr`2^)05_#-K(}0&|p(`P2G7ZyOywc z9(9V2FR41zr})h|a_l~}Y`Kj>2E}v8JStZg@$KaS)1J+uM?btSfOtg5-Dr)cL^hrf(@c|?!ac^y^eCIS7*MlbfJ0tT%5K(kOa+xgN64#nC|r0=Hf zvJ#Dsp;NG++pR_`K(eYY$W)^4qlpdNVqNVNTc_|X>ZXja=#d&Uex(MM_nM0cVw+gD%q zTmonrxOS5Qt1zEO%5G*>WDjq?(^(y5T?ZOP8S~) zgvcW(p0miSZMKPU{9a@U_fj0|&D_Gc#&{Vkr7RsHyi>_^O>6ss3S+tPvnumnzkLnS zaeF|pbj2?(JJq)W+$M~bDgw&0Q(92)%U!ZIQwwcW0djiBE0^RkXV1J z)6I@%^>5-t2S|D4>g}#Fn0g<_f=0j{SG*#36JdS?^hb=IMKwv4wkm8FKP`!Z`+os=Y(0-iul0I-G8p zR3KpDa7ovHT=SeBQDXJb5%KmNqa+8cn|P)ioCHw|TtjzY?fB|D26SHFJoJ)G>Av%v z0bS)5P;_caoc^~r|0j861LUTwvi2P{b4SQ7?dj;CG&5u&tWwxor{7WcUTN+i^ul&s zi$jUAU;bM;T({_!@0JdS#eI@d(U&^+D$ge52;9?nU&Gz?lDD5*0Yod3O}78mO^rk* zs@^7z-aJe=HdhdLKFvr-*YNplJR3W8UdcTVDbuBic7rvLW{i1Cm&FD~vD*}y?38}K z+0QpSo4AaU^HTdpbg`5otQ_jrTS-x5HP=^v?)09NhCP%>7I+98Y2OQdyyOJAn4xa6 zqa@@@s)_qoXHA}rot+(wg1zlq)Y4W#FWAm)GR<`|g$GR$#{6q&X|OaR6r|IcfXKD< zli7pZQb{HI`RBM$iqvb84`sfC%I1En)WaOz%cv*!=`B|G*N55KCy;HA&6Nm896Xmq zpZ`>bG{4IePHr4nm`|S?D09g)5b-P~@K+u-@k?PhM7Nwr%Qs8ZVjB+}#>MuUbR)93 zwgCY|HEm^nW_4>}XLZV9=2wBNItp`&lI}+?lpO|dQRea`D;nXdCfg$j>TM0s&keMV zwcQI2P7kNKj(W?YXlAVvk!x>dQ0`en&&eZtn_so~6`vryH^8m)=deGKz<_z&5OvM* zxWOOZub;EsyL$TjlwHW+zX=8P6fDUmR{5>De8pb9N@*n~a>4JUq`VLG%Dmo>=?}B> z^yIV?%E|D%r^FeGl8zX4Hxtn3kw0lfuz0z?-7+;R?JMR;l$3%!t}cPBxpqn?y8Qcf zSdT#(Lq~)IG}f$Dr?eE{am43K@3OQt;-^9*QI+4ahKZW89vkCDV-ge$h|jnY@qM<0 zIjtzD$Er^@)X?Uenuflq)$Yb7?GK#3U#+7_IVP9Kq1vQT!hz=^m+-@Y37sU7yi3T6 zF9q*^j!bQu14^FCjesBi?hHhU*vKf~s8s?;_#{Gg#^O7Vi} zjRXi9_bW0xV49jSMG;EN{V04kzCNKYRj{qUiPM?S0?{>PrK->kRK@z(!4T8X+Il@Q zuvZ+B0tW~#aChB^-R?A_Kl|F4cX*8Ri1PsecU6u#+j(>M=lFZUV8xe;ohZ1s_c1wE z&2ckd4)*m7WWe6mRumF*iwJL{-$ z$&9*O6^PH7Q}#X31EfB;K;s+B>%7pJsgx9s%mmwXk|Db-m8>V5$~9p)wjv@_*Igh-foCsg|IAJbz*rHQ9Kv>X9Q*-uws@^wOg87Y!66_^UM1(W#C4}_l~`m z7oQK8<~XI;xvUtfS%4S`-|FaiPF*hF2$Qs;uLV@Ykip%;0~#fZ^)ZeB8L^;eYMkGj z$~+S(vtA%lW=E1_HOpUesN*k4=p!luS3*m?RJAxP?`C4of7a0_ra}m!3Lh^oSY>|W zI8<)c+6}+vKCYx>yzXtukdkY%A&0=uG^3~1#sUJLG|WE^@u0X-2H>sFTojPG^ZaB zMvRo9?i@ZEZ5hfbYCDIDbRL5JU0lgEIN~crMU~t(&J`<{mKPgnKzAIaC-_X~%Kjph z{4?MOnzyxe8g6xDIi<91KH(6(+jq_WAfViQunLixoxO!jtFPC}A!)WPmPzY=kgWS^ z#7s?@Wt{E#$g<7$x+7w51P`5sKf{IUbu@}CBC9%$f9Ch!NCf=uUaCaUegP-*RMZ_C~(QdpFKGd zwxe1}%_A8ZZhtL)i72AkhwTAV!N(2p)D`qbGAt(vIXVHi9gaz%Vz6_11pSf70MI%w zePV{qTKEi{96W;3?TvkyU;5EyB!Sm^;j)ynT$syW&+mVQ;F_75yK81rM-t_gxmORJ zZwA!$dfqEaRMZ4oFO?Q2KiGiTeXe1dIB+E3?&lpMolEV$1<9uX6xzk8GrtXRc?mRr ztQNIfQknKj;6B)ZE|6uI-5?`!BgY?%;)5UZEim63eLy|G@^ z9C{8PJfJUCVYUlk=l!cE>A!%hcKuLWeS%$ZXH`7ht+XtUMoN9 zzEXnelsvR6qcV6%F;HmVfzY266$0PPH5dMB?%YB*Kqej+&TLn+?4+lzn~0qFVrjco z6Mi^z#my+3vf-TG(H+5u#$3}5FL6&!ii;U?>S2C!k>KiOd+U35hCqsXZzZW2N3ERY zaQylH(>uh+d^PDmbuE8CDJQ25s^Nn70Ir~MKFzPFsi}Xvcx{NEpMRjD&$xiKP*qiR z^bKJrCdClX|Ni~C)BE?nLyeH-s;Qdb$lzqjmK3PwR=nNn!aVsUTjS#&$2A@Be_iuG zs|}H%QsA?6{#3?GU(|)hBPcJHKCq#)Y3IJyp;yy%vu?7utmtxqM!CDPZw$NnD+JEid9(*e0ld&wAFLbXX218#l9w>sy&CLy5LCeU4*s9 zfD0QV&}uPy$26*|;9(Jv4lfCf=TUvTR5Oz2M5!wfHA+eyTc;M;YX7VHai6|&x%jJ}9;uWDecbJp{L7rbSiJZ@&=qs2wRaTf$XqBxy8TyF^ zK~5PUO{RLhSZ4jlBU9e62RyDCAQ5J;aE-yhXkn?3%h5bV5t) z2(>y_fCpjs{=iw!`pfGe2kT^Rg}yz&gv@`JMTOoP7VskTY38O8ZvP&;%vpQ0a``JF zHJ}PsujSeW+a3s)0J)s$<8EauXRkB~|1ggDddI^Ttn_J+!+wpdo5>)-INh)YsvuKv z)2r`eJq44oy@)4!P#_dkP$Pq;Q;bOqR6;&OiuK)plf}}Y-IU%K&`;7)$m14g44oA; zEC|gZ0;B+rAustI|j^z$sB?)QBRSciAB7JhCbaxeT^px7o}v zheMH%ij^p!^7B!|Rb3%O%5`8!%|%a7#=z}kY)U*HJ%sMgq!6KNl%A9!oFs3goJK(T zkmYDw(y%*%S;f_5A}I<_rq#JvyRuyz6&qFxX ze&AhlzX}_aMrt;Spl$38ha6KPs|TP@=9eCK?W3Gs58)*=Dqa+}ou=cl+XSCRrz@P^ zkr>;~iZp>%XL3zyBp=G)&-~ybd?LqP7LFAb9%k+!66n5-cj5DsKZROyETGr_)SUx# z=veIcS6(0s6H&H+T6mVaaQKWaKrCVub01Pp6{Bi?-+iH97x(V<4RCT|$HNLy){KP& zbkp~qf9D1QdsmL?p2LF)eebW2)*bL_5>xGz=0|@Jy;T#|m|yaK1|D)QLf)n7mYlH7 zX>5J843r0rXTr9&B&>x-=ikQAoO^W1hK61DG@T53qvcS__%fW`(CGgtz&PZ_&2XSt!qHjjV#o0CtUyjem3nNc)wFd=)kMWfc7G?XsDb71p? zP`azf!ryXtDhVi<4y)X8{hxCApS*&nv7V(Gkm8TwYM%q5kSs z{6`r}&~{m+`8vQ1z2#bx5%thf;T0{xKf}R)8ufTuyvqLj&N9VG2@Vyb?w=@`q$Zq% z)Tq)&Rz4l){Gsq;|6O3e|K5L0-U!ZrRLy?UpA^|}kqr(==En2Z+VP2roYS6bCY%on zT)HK^kIQUlTQHBLO)%dT{(sbE9?s(~?lUpz{LXw~8OM{EUs$iz1??drZp4zV8}TU; zPF-*~T(zPc=!OGA;}%sdk9_(^ocGwva??EF7jLXzHF(r>U)t>Q|Lo2FeB)2F{cs#d zoQvN7W1q7;+#`6)#?0nDH4d{Z-GIkb%#|baSt{*F_(8g@Gvp$L@ZINkOdj>5QUYQX ze;MI_zlvn?heemeXf={7yBK#l+JL+=_aaz3VBn^NuYh3*J zY(t|J72_fjlgpdo^F2DP3}Asx(&m0Vs6E@RphSX%Kt^R*WMwmynesZ9Ww zSk)BRAH>t0BKC8Bm>o&5(DbFKg`et0f1kI%uevy-a6G2oko~rv4=D+n`os$hmh0bn z!7s)rtB=-PlRB&^_DRS){&5cF)L4x_I2x(}&Dv35zqi-DJ9#VE(hki3;Bh-?YxDD& z2ZL|e8E`yjsVyrT+H~4(on9v@l-Hf_=m6yHC#pEA`#4+sCC~|j`kFj0+lzTDh1yO| zdt=kXFAg^-&Q>TkGebBXz4R(pucAk2TKT@wB~%}0F{AThK7G;zfl4t8lBZdXdjJoi zvZ#n%P|WwddPdpm+p)I3&b!_=sq?>WLBjw-GnJiV><;BYdtR%5z5q8+rYK0kIlQZe z_dzm-ayy~GCn?e)r`JgFJvpG7^w%z}!;_Vj!PQn{O$GEG`VfbY?c5GGV0Jq%W4xdx zdZOQR0D%?cky@EMpu_8cjspOCf8DU8xVSj`V@>=A1Z(_+GJ>}7MRDhCfZ(`UgRpY~ z0sVOqnz7-;U+;XaG3q388zrg19%GqvjRobVa{`uAb=1_S5XMX z7w+G$NRiDy{}`mTIr>;P!1Md@ML-v)c4NavwR#?C>Np3gj0bWHZh76%0nG#4{pQ|y zbV#hh;-IMS_d3axo-c)s`hT=o))bi~Y))4SMyZX!%~waVw+^WieOFqU6xLfp-4-NK z^AQ`pcT=m9lNkVt3H`P`Z8f%!t9gT{s(Q2)jhd|nVfzGmtZCBNW_3gfTYx^=Jj(54 ztzriG_9fW@L!GvKdsO_FfMN_>1v{&fY;1c$2a-9xSn9B-`~3NwdfC>>N?C5I=eHX1 zRt~dJ3h-iQxK=q(c02CV_Zqd{{8sq3V;Oz8Rh@?2&)wotYiQX#L`<*hHM+tBTiu5Y z?g}~d-iez8$gW|4UR>iKVTyTz-E7M=6WB(mhhA5ns;YUA@~uGO zs0mQbMnv6`-vAnq4FiGPX#7@=X+BcM#ibfhN^2ZsR@=4vQ(0mRFg=vRl2ODw8>_1h zgJG!=8U{Yq;(PtPABq&1f4;3>_Z`p6^j6SNg;TO;>>?}A?rHhx1(Reyee2{LD3i7s ziJ~V?!clI&cV-#%!XL6DDzAQZV1`yC_oTdmaXATi zVQkpi#k(GZWj<}8w>vNwp(H7bjfsI7U?W~ zw9KD%L)1*}l-AkK$N#MA0Unnvd*@&JEk z?KYQMR?FUisNU##nf1!N9%0k?-O2q)r$T+rO|B7N)Lx1`NE7{s(nQ>2qH+Gzj%h%K zxl(V5AnEJ}GnV@`GhaB$9eDttr06zc$+@@Xfr#gq^=kn|Ef~$&AWdM%>8j{e2Q^qMtpblY~tAHXVHRL(4-Z|>M>I9d+AV3HwFi9w;tTMEKZf{pb?)&)?;?fTg7m_2d8-1uLd>fR zB9nY7wJRhYfQ>nvIcgTXnYU)!r(+OfS8D@%4Nxoc1=;4kg5q6NN9$Z%Tr$?x)z#s^ zs3Rt@WYt-LH-i{;P^(&u`)JO5@HeBtW-NK>QRf#rc{OmL65?gdyrH$V_1<8qpuxJQ zU9NKKu33cVS&3UK+fDDHy&R;9y(A#=HYIiNB=CM+vBHp5s(jh^@{aj4OxBsW*#&VL zKyKf0_9bJLzJ^8|nqgPno=sSksMJl0sH z9TTJ82p>OmAr!Q+F~(=T{(3=b4$>#-y-RVM`;G_x8-kB-O_t{O9`Dq0k2=0Qf)cXzcCAR#eQXM zU4%bfckjKmEJg5A!B6L2wlZM9 zvoTyVC$gYcur#t@Z?e`c%^Q&PuWjTD{IOX(%ekI3fjC&fF`NeX71z4A@6btMvY4?? zQr*8_EVTr?E|YRK3|S)z%i21CU_rK&i^Ee-_3z{P%TA2D1EKQG#d7&9&NRK@?ZiPS`$1ON_vPLta45_E^`s~Ud!WsjP?^OHPw z#h{+!)5L@2Ad z3bw@iLc>eIkE+NMTv+$ss$00Uooo?V zVaDSsi#ZqYr{5?+?x$@ZBj3*%7aswQ$TNL!nm*xtKW9N~-K=2uqSyK@(f;#CmOuhI zdDd*C?!C(oxgsVb$V93Y3H?7&+P50-yM<%7GCt=50*R5M(ZMf%*CmY<$5RnM`DEdj z8#_{AzpMcfS;w>BmwJV-Qq3?4ZfjYSMAU+gVoU3n=|J_Bm7_Z0`WE6aD_$0PkjfY; zJVmrA$M-mpxr^-0gv}SOrkwx{E|DEL;);1jQByx6t9_#U+aaS7J^Aj$#_+K0bgKtc zuo<#PxOwT)B{_mkPvV3i(e0*DGpY&OJ9qA6!eS`Z^id;mo?6KVBF7yxEte}TAw1K7 zYV4-hrnL<0O*45VX(Hx0^{nNtXQiGbz{ak{WQK6<#*VM*%$~-2pMoSg!6)UdpGrzN zL1|zkE30oMRxGD4$)8SIrb688?%_31~krrj8a#I*qf-hcJeOSs+W9tltv2z$$$70a7%lhPr zF8-B?jKU4ayejhBqbRxy#kdQe`hX_KeHDoxCeGD&iqZHDKn1(W@IW)n($&&jtF=Tz zoobk@%hwBhr+GkITYDoXIQS$m&!r?z*YN`%KYuSgvHGQk#@$2+fGdpfB$>jCi9N<~ z%pi}8fu~YHp-=$~a*Y2PHjTWL;*F|d+KgK+UWVDXTugrW;c0Ge^wr}}vA$$nNXZcMeQ)k)6kFNS9ubIF9aU=3I-j~Ik$%{sSyZM<$7NtvBuRpCn{vKjW z!R4{~%m!z7Yr3(SiGoRJg~NJhrKjh;#brA{Ty<<>0v=igBuO>lW_5s|L#c+OXS->B z*i34k3vl2!r=3TY{1Xp|uMvy1X;@nEd~$)-_Hs5jSg212;c4-|uP_t}k~jeFkdsU(e3kvmz1~GCG4X9wHA8WV zn}Uy?t8NF+V~Ne+KA?6gped@~oNebu8+qUk!BPI(Fa2_SSw;yPMBd$LWzm=rj6+DZ zGwi*$v-(DGgYsSSYHsSujWS0())jUxuH=(r#r5=+Z8`-{(l;Zuw~a2*eTi4QV@av3 z-L2)~nP9{2PgZ}(V?tLxa2fH7)zy45H!RO|P{0R_En9*&Xrl{ozn*)!S_7JaWQm1h zgR|guQ=oG|Un-BNgSE1*2ogdYNJ@Rlvw!i;Q$ijc-MKOyw^BO>Y`S_a7s|!kdkXPN zUw?}OO>^pUikRL#)~pN5?6_I$0V@q6oGAz-{op$Ww*ag(%)adBx zo2?;A%B3&JZ6-7{0_qwYw$yl^H)g_8@Bi|m|9<5rfl}T1(n%?=kcq}Tu~t%!slD%$ zvm%b)XZO5)<|ll!%o}&F@e$a3W&09_F|+kqmBq3#hEe7z7*-(eIyH^uBF% zG}jg<*UV?!rj72E&Z}!Aug5ov>fBli!Oxl;&YKl#Q1mG%bUL}A55~hfna9>F@jxA;S9h(yzb z93BBZUF`Cgn9I?Cx()MHaF^M(pC9Q~!?4tHHo-&Ujki|6Khz)V^*Pzk>@MR5b6gks z(n~!Jn?T|{GyDsxc4cIMSjS8KbmUZCRZ`o+aFqR{xKGS{_{kc6IEx-0lYqMWKR!>& zl{8rrtPkKpvb;ywuCr5eiYx$i*Ks8U1bGAvIt5L6hk?0Na=Uw^Q=G896(*1{Eh*=Y z26{qjDvm4y`YgV<__gp%=$Y&0t=C6P}>PeycUd7NiL|?!t)wJ08`FaDWy5{wP zi4DfG_k?lP@U*8MSKg`qZEAlpiL=s zfY;S^4IN)=%e`eaZS#)IsP+2Pwm?N=fVuRM&adcVb*Di^sS8X1o_HY;3Ar?CO_d>lXe1iUL1XfA8seGS%N`RlGOS-#WZ>9@nCOBC-UmQjT~Egn({MOt!Zwtoi_aMJgp6iWr<2c>Sg)g7(_k$@f{D&{gN$P z`H+*uREwE@xEd2;FTU0TfJ=6}1e=F-+(_w)(95+=Frxk$&-G$Qv?$1}5wF=QvKnqN zjI*ej;KuB;_@a~p!r%?e{qo<{b zyoH4Y9ubiTK;$zc#edAFKkT=}R?>9y_0fFiyIT{K&AY&CT|mxc=5-~4nuew?4YMs7 z-QF%OJnpK{vX`M?!m@mDSz$@6S=x)^iw=In007s%A$>)ST)-sk!Zm)Gc~qJ7WS2WhlSF^24`?+7DY5r+0X_i zt-h`WO_oW|oXKz3N_VW$-bU{MO*;mQKHK0l@|p?1b&9i-ccy1pj3c1xGF;R{qwk)v zGFg=e=qXK`#!(&&22zOKgX%hk*(z5`o%Iq+-YYJ?yEFxJs;D=uTuFXS=+Bh{jw{xV zu(Y<->CYIG{ly6UjKTi;Hy&-4RoX}=oRVgC(EIHdWIODjvUTFqW zA1o|s08)_S?jww*@5y&AWB$rTTOc!X1ZK}|A3umDJOSF7Vl|pkY64|&LS_{uB@Y+f zw^pD|JW^~ZJVKm$AhWs6XybpKJjA2VvWnY7%azPSdE1l6RGAR}S4#lcWg$0#Yb$U= zJbsPBx)$Bp!tv5|dEO;dA7H390GC-rYoRwx_Kogd!^qOPTHhjI&ICqF)}K}G%Eg`M zr^3!Vk;j2AF)lz}s?oZucCzKxx<1R`esV4-+m(*n{3AGgp=bV<{!U42DiOK$^1`6+ zVI>yA9e1=f%{C~0lnl*n{W!2BI*Sb#vp>VfLay|sp%!y(>?;me6~+@E)Yi=bSWBUW zRJB=hxZ3`y+|UF1&sDG?+x+DdufUl^qbl zJxdakzoWnc7Pw$$VsiV1QjV#pN4+=E0}d62!1H$y%YGRpW7S;}VngcFEdI>yz9n(u zoZ=DEPzj=4|D#I-o*{<)Ldj!TF;-$SywR;L0HXzhm&s_7<=LoSOc(1j}(9zy~SW)v3pvY(KcNRg{Ae{fXwCR z(%Qkp)xkpsH=IgQX9hrbwjR>bbk^oeyTYuw5-E%ZINLUIs{j&{kQ`ryJ5P75McWiv zl2YLXwY%b^1Eio*fO>dYQOPW3%MGzELl3Jok2u{Smef`EV)#Y;PAZ4=RdIfes+jX! z5G;RpwkW}OAmJaCk~ai7Ik}Y|Z%R^`6`!rH&h#h+{U|!V4p;>?P6gtpS1&ref@G?dkWIhoojg;YwJduqODbo-cON*l};&t_CuLdaEN_N!HCay6iv3J1Axh z{yu)OLJ#3#GiWSb&{dSxEop?e7N;sABJvpgQSB0w&^=W2`;Td9T;yToHTNN(6?YtN zzOwv%kl?S|kLRi1eqe&L08Mg;oXX2z_u={exf^*)1sHwp?CPrUp?ALk_MsMpctFRV zoR?{P-m!3);bWPmzvGZ8l9@tv#eIKRJ{y=|Spx(w9Enj0ANBECPikgAH8qKet^f)u z+0Z#!j-L_HZ!zWhk7Xoy_oHwMnHw)s1?LC{x}#}k6BcR=87gi_`jgU9r`!CmP}o?N(Cg@YJX3{{0K zLO}EYaBU~;&5}KGM9aTyi~s&o{cMpuxII`wM=uM(^%c;E;3Zn%dhx z8A#pyq&|9BUt%{J$CL#Q9iV0;y^~ECp3wHA)OV@yrMkM=z!K~e6I)=&wd?eZ(V$t3 zZDVFNlu=Kz^__0RJ&srvcAJYZWuFT3OkGi++*__$6CsD;23 z+opakV*KSp|Jp~T;@w9AS|6MoArUJAXRaDx%ThX% zWaC?5o&MeMm-mi^91$a)b9v6x$49_0PG=?w({V5}KMqwX z7VAIXlo>e_<=;O4iH!dWi%Cj=-Duj%DgmZ+N|;zq@bS(MhARSprT~bO-P<<4H zl(EbAUonus*6aLK8h#~s$%&It*Fq%<1dScuI>+0O3s&Eaj%>8$5-!9mb7KgGG|EFBsRzSKKpAP$0z+X7S#rSs(`QKL- zxW(sEDFrhC%xy{7=QmxvU{Z{8WH*uO$r>&-L9$45?TNmf{@lr6e}B*MvF04=)ngq0 zNjyv~qQvlQxdh9O)r~wOAvNi# zj=M4XWS%rAiXtE?7xA$ zBWf&yf*Lh;vzG59#l>w~5AN$BJL>-N=KWt$vET@+4U#SV$94HvU5&raOyd(NZjg|g zng|j^Uj{~}?e5yBYfneUB_VCias3~YhK7gstg05jRI8Tr^c?8>^2I%~FpP1z$ z9*SH$@u^%B^fp-l=Ra>9N)6mPONA@?KSV13@vAFqB5Wp?^f+u$(m4K)Nyx}A1!JH8 zU+Z|jwig~mR^axaJjN2zD|_B}K25S85gB+>*~Res0zqqL05o)1Y0c(aq~+&J_ijnE zco6_~use65r&kjaqK1cu>nNe6B<$=DD$u#Cca>a6J_x()?d@e(6ev_FK{|?PmCz_p zKw7=$)Kj9L5Pg1j`B!IEMH37E5IOW z-oQr{hg4NV2KS4cbSrbexFV|+Y!+(X^^mp@m27L3 z(M?0&ct1KrJFus_>w6l7+srBJ*RK4AhOW;quL!%07qv$B?{`=)>IbBt>&-(2!2?713F}On)vJ2JBJdqE8Buc6Hl7%%i6egH+WfmnUWFdejKyAOER3cnqZ08 z@;>r*PRq_VefdJmvYCcA7YMh7VRfWa%(S4ux=yqfe<0&}gp zJQPYtKCis+p}yo%D;Fzd``+0$j+?l3^N%0LN9s)yu>T&Om~bO~@a;bBJ1=bJp#1*H z^P!iTn)jAaHhoQNd!#<$H0!kKKB-n~i}6UBl6c*o<$CiKSdc^n9q-`d-{HYNnx6Y? zY${WY*gj^J$E5c~%ih0Wwf_?bz4#?7AJA>{l_e}qP}oc2jU`LyO7k|ofM%ps~Z zb?V&{KUFe+XDjLoGklREgHBKl`R3Q;bQCnBah4+H+fRh)s+b&V>Lub_lkh3?-RQYd znkb<-Tjdc#emaUH1s*0|#Vp_O_Ci~pnKd@$n}(3z9E(Zao6f`yrxRO&58-rFrZ86c zcFO4(AVliUWE&aQ(~1#p3hg#H6+~yL!qe1++WofVVe8r72$-xRi(4lRWhpOs?|$K? zzqUGyj7{o4-dB33*$oseLmIl+JVQmUQN_6Lxw>p7U0x=Sr0kApP?}jEn5KcD=<;AN zUpePftRSy)bqb$!0=_=xYxpo|mH)fWkS_(}aW<&0BjgV2uhXh7_Pi3J~&`FIy#6KSk})P-jpqE zM9U+D99R5Sd@}vJU&KYNR8PS@AMp)IsDE&ySmig|zF|CSG_dzFxFvt0DgP^x_n`1h zs7_$k0V-T0QLy&S@-?+~1}n(8g!=G;4UYS@w*%%w1c%+bGv#}Dd-H=s$>Y2Y7IVk& zM7jlf-vwor^l;fyW{lw*{kz)x|Yim3qHrnF+oqwFu<4_l2eMBBnP zkI6@+z~EA6*EbOcvsLX9yrFqWo#7S=&fSy5ZF}l}TDW*T)n&|{4SS1Qq$&utB`Ki_ zGGXJ(EK1rT5gxG_Aq+71)^5$}^Ky@zMJ9)P_8JV}pnjm)F$ZG1!U%-F*`doFkz4D_ z90;4(?|DKpI(p0-8fqHPFbza*?)}hUl4xO=$=Q3mEQ89?0jz(Kty(ERt*`Mla`yf~ z3R6jeA3=^=y5^zU<$|_Wum{!!P`KcYOzRbQXI(4{2+ZhnOS-agZ89^&?qw|`2jeaq zc+;4$$jZl7mG=^8wjN>f>Y`~{xSf1u4qp){m^OZWjng#L$$UXu2VO|@)_SKDy(8ny zmKdZ{8m*~LFK8RvfO2s_<{^E3R4XA?4AUh#&=ZTxC6ZZ{wSyaDg4ujeyo9q&`_!FU zkVMSZNg^QfkqDQR6)fTQ4c?ZZtsAy?8!Y4)$ywcCeOX7=H8#y%H8u!ta~ls<{6hgJ zn-4^<28D-M;js$Q9C@beHSe3RbboE)a@-IfeeDZk&#^GON&YzEf<&sVRCjJdIe(>V zWQEZ}4$FAnpTh=!4Pt0-pPQJ@k>&Z0WUWWBH7K5tU< zZIru@Q(Lp!LsR$;vAR6;pw!y03_NqIvs1un7Z{6UVqrgImNt%}TZ9iyE=rD>X&3WJ zN0eB^>R=k=AbAB^nd34cMDATAcH{lsD77%{suDBMc&W`;y^6A;XLljyZ5X6Re_s-{ z{FbPC&EtjFra@)jnufg9uua)B+67o8qhm`UTZjH&7!V^nnFkWP7p4$Rt`$-XszW@B zyMP`h*G6oXx-SywU5ut}oI;dxCa!Ao8W&cYNls)UXG~iT9-yiDoGK1W52^<_d40)0 zL(A(jwTc#+KP;|&@fyb-gxzyvsrtE7@gz$?tchx{^hP9L0Ks6*4T4GH&Mn3?b#Avj8lxf0C}i|Gh>ME`ta z0@H12^}3l=C1GO_ed2s!5{{1R^ZNxdd`4c6u3 zwjEV~UsyqgbV{>W^4bsu|FPqwNG^^grngt~NBO@Q?i_9F*(z~ztt28X<%NB)^~<>! zIfnBb9GR|OP)uPicSy`(C1ql%l>lub;ztEWyL3}W&udhcTKO$ExP%F`O^C8sNq1-a zw+_n&8tKiMH7S;0`*Tq)@1&pE>P=dW5vZk#IrNLZ>dul*uqs&Kx=(KIKVdjQXV7Kg zQ<-tF=&-G+XTg{7VHzqPn?yEPU!U9Tr)4X6v#`peGpiZn{N+dD0hBO^I-aZt#rlCr zSe}NwK-}Xr?_v)_$Ygagx7B6m*8K#-xdVN_!zvG6xxufmL(G6Avn+&sXM*K5czCZ6 zno3Qsuo+*SS11V0!G5p^ZsB&`@5vbYw$W-1^oF{wr5uu{Cr^oS^$2B-Yy^j&tweRQ z&IvP&C4uk~_+`pk{69;2woEl&DGUp$IXFt#b7$QZLzUu_f7UbR5kETIpUerEl1aRS zAS{4#*;B|y41!yoT~mLc#y$0r0|{-%W_xPsREK31ySwkvwMAmyAnTzDA|~r$KLejE zo2-*>BOigPHe8jJ`jRP=vsx3;ujWL+ep8QD$m@am>Mmeo=pKAE^yZu^G>d1xc`+H@F=BM6u`yYNF<@7NGfDwr*ylBLDIc8 z?;dStnN?n4jJklvzLs2xhuxY25QMPWd$bk9H86hlM>c)lJ+OU+)cll2QYh-i)2#u?_17%pg z67of_KFTgC61&;+l9#Me>bnT#t3oYh%va`n2-AR2yB z4tyzh)^|B|@WdQu_3^6BbW0ylF3cnX0|Zp(B;Q*a&O7CHP>N^PH;K?2T}L+0j$Zth z9I5NGEa69Lr1~-a^$Y*;EAKB=iJJ#p7L2hiPeBKUxdi&!ruXR=(wYzxcfiC+ym7tp z@uO&MrxmM8?^7=3nWyR<$-f~m~Ej@iTZcjt;7=dr2pwKC9OroW* zzOciFMU$Ru;{bnb?iTxjX|Dda>&Q)^xdCs=xy_lX;bS`p_G+O8HL~;Fr7v*)?V1(8 zDY57mtm?xpXisBN6~$05+#Zpc>{$0BznWa=Hat-q;cWCmh(&Zq+yt+9Z%>AqGw10g3y*QAYJl=Qo7 z>NAgUK;m4OiJ6|_+T#+fWVQ!Tb{8RrpM60;jko3PIhDzWLf5xxbKayHtyQw~);dOi z)l5S!E+x1e%?;Z~(jXD-`?SyY1>Lf*T#@-3dOA=1NAwL>xA$`~V+m59{jlbksg1xW z7tOzNV0S#m&D;ed?FQqU0hb_hkkfe{vUTXiH7KFggb@eb)Os+{=1Iueycgir{d1eYXvurxFRjpO`ovLn(3j* z+v{`_I+WzkC9HXnRyn%hAH)q-eoH{2aN_3Ghplf^>}nVVK?PNCDxlAkgI1hYOKYaM zQ3&ld$ETLZ>m25a)YB(jq6W3R@8I3r+>_+Ye>iKHjoWi4JL3zX zr=J932zm22s+a#5<@;04q%rz5#;7w%F;(aHWTdzR=YRr$$NdvfXeM|>(Q#npewwDq zOGig$E^tW9*ogDer*6hF!0*S$>c95(jok;q!rY9 z18I;iV#WcK3#Rg6Q0%8(cCU>UqiA6l_V45bh>~9Sms)D3t-cPU%dziSb=3`OxqGJg z>qK=Qxvmw^8f#>-gG2k6W6r#}u8GkV3PQXQ6)s6*zR$9cq*c$(} zQVYYPiQ&uzinyJMr06q#U9P6Z!BoZ>IbxJ8Aw&@6gwR~dg<-8={`Xw_7Yr&ByFyk+ktl6va8s!; z*?9cf?92=kmqj_80Fd8F24-$!qF_aky;>f(QZv(W787#UarUajRW*EeJ)F`SgVz;x zc2=;PcO#f9$t}t%+spgt+=0r9NbNj~qrP5vnLL=5midS{@9jp_W@hGVTKW*M_taaO z$?{Wf&LL^P>4g^SuCyrOwv3u@IS`$qh(bxzf$=x>)Cc24*-6lX0{)NY0birFs6`@x zSVS-Pun8DIw!$=m(KZ9!+*7(icb(z$wfMHv_eG02_aS^G&_<#eQAr3VW2uEfAU-if z_+ABUC?xpVV_u=g;g!Of5V|3+Et_0usHk!!7jz=}tc^^Lp53u;L>82`jhBdzc_JME>7GRQ?Hq$I$s zi@ubG40?PkLxk5Zk(0yx=2k>L=x%R`n0J5nu`4B9Gg=luN(VLVYhECHteSiIc|vmUOS2dUkVpjpY3BbE)t+=w4KzYDOrq{vhm64 zlH{!Anz7EPXVP2c#a-Dn??86jLap1enFua*)VvxpfgYG)7^kJ?_Q0WgB@-SA>W4hiHALEkDmq?~dQm);W_AO^K zLpHsh&5d(d1*fS;xIOS#ecml42}qN7OJkqQeDj*`kyksS2k)P&b{^NKYh5u*Ga{p) zcm_5A8Ae}Gou%?&tp~ErElvG@KnDQ#NZkokJ8cERaL{>@pT6WJpB>qj+Hd;1C3%WW3aB=Qr-i9 z4S9Ka8@)Jb{#g?bfb2Y$^{mIQ$ar+43On~2k$#ek^sZ$POo%!VCjknRg@R%Xmx?%e zV0sHwkk1>-B?;krKg^>i+Q!{Y_hO4HoS=k<^7xrFs7W;=M6a4mL%=S}t zzB2u5@WUF$#tkvI_!GF{NXJdC=W3H$J6zlbX+m?h2K@oy#U8357U>{ki&mnSc{9bF12xvm#XYgMZRA)KJiRBO&tr}2EIe?`6aA@ArrI?=s)yf*^ z)Yyff--fr&Sg~8D+l{_m7S>x8Ab;!zFyO{>+1j@1Lhp*A|sLI`5J^w_mv5rg}LN4Zc88;<>GuV z(6Ervj+-DLU0%<+q5-b5h+KmW9Ih1jPaIfZ)?; z4Vz7?*2H&eY#c}w#D6p)0tI|+2$6L}SeQaa?@XaIjI;1V%j(duFPvT#q!Ll>#)9P`X7SB*3b96)! zh^(->G_zvFtbQ2%BqV&4`LxjK5DY;E97Xmf7TeZkBAr?0#6QzQrmKr>SCTZ~tutq+ zcE66yo6wD94G3$APk!l4%Q_UqhxFDYf?#rGx4oJ*bZHqFszQdlEq9vjNSQT^(5~I9 z7y!G$Od175(kr!t}(zB^wf7S|+^lU%6?xJ>ID(?EVd0{(qD` zbwE_x)3CIFph!p~3L?@Wy(6tTUrbZ1`(B!^=#IRZ7?E|##+pEO;BZL|}p)<{Wz)f~xtTp^K=@pal z3NYn4>YNy1dw!j8{nv~0i++96nnt3IL)gRL_zBMfVKVe8eZ|6lX9H-8v9M{X*@dP+ zJjiBvqxb3ysY;|PKAXK=Om4qjVVu7v1|Oe*0^N>cM2@PBIl=6Xu#`GtQvMs$ix~GW?fwyo$|l$ z;kqeJuE;y9>Y-xm@555>Pg?|=aPn=F9F=;T31kB7dc2VE^t#D&t=y_gHQ&ms=Zky} zizqniu4=$%*I<%Y*-L%hF5Q*@vy-__+~w(?4FK;bwNEsX)K3$bQ~`p+MTAE*|Bdq< z4+L`ym2&p15-&t$S(@BMM0+XLA*H-rQh#ny@N>dcS()ut+DA;fc8xf0Gq`|#QLPEn zS_!qYtf4*wqI0j7<_$UmX}!otY;fHpqCIl&4%nSoeM7opeWv`emX;%(#S61=+ka?; z1_E@#3tK_>5e8C}oSDl0tgY+S7c^H^3moeb+816oH%>@Y8oVfz1)s}mSKd(ek_<{1 z+^ijivsriE3dS$_8fW<^!oVH*)m$RJyhKY6N^?|p^5~#f2S51{n$-e}-iiXb`nzxP zQb6{Wn7q(Uty`ES&lR49-agY{gC4Hk*ZLVn>S3n3F~6!S@dUV=0rF)pllHjBhi3bP zAM!b4B7=5bDM#bWQ+?qr`za!je|p(iy8qnDd&IiGCQpem4Pl)h`yvx-#uiu?6q4lQ zf1jr~&RCQ|lu3YFp;PM1fLZ45JpZu$WCuEl9@XiKe%);@gJHtAT|eLAf!9$^xFF!$ zMrhl3BrX}(%aGP-wl?b9@z>CEm}RNA>GX?iqop{r&X}*1oT7Y@-uq!vudi-0*s>g> z8Xn+Ht2%aDs@jQ;AX2KP({#41ZSR?5(iM%!W!f&5xoAbMVrEbM69>SSpFBN}FLKmG@D^gE=a75b-Sctny3B5ym0U%hm% z#?7?SNQy39-@37Ribu{{1Qk_zBfrWxOvN=2EWk_Q^d`PRMoKjbRt#u*(?=dUL`zUE zZP9ZP3!PEBHwS56G|`vKF-NT?XBM=i?$GclOJn0;lL>ts%(08Iy~We~jfxEJdBdho zFK3OL3_xb<(~Rq{Cv>B1os1&A_^d4>8#glhAM;}5==YsII}~HG)XUf19TXkR8bxUT z1@l&#aVLR*6P+Qp4x*_oVaDpxa^eGP({GhY=C9`>UVA{v^RDvurs~JVaicdeBpjr~(duN^;>1>jFt6p76&X9SNIKr^HHeYmLE>HFE&V5*2GqAc-Li{!8;o+>5i{&GcnBvb zc=xWsjZnggH@m1 zS`+;>c-rckuLi~C>wdwdCuV!6J;AgWnp&pr(JdRX(Aar>7+$A20Vn)ABJ-uCA(sd1 zIa1&PnxIPLKLiZ7gjOQjWJ@Fq&&gwj3s`x4XoBD%SYZfBhy7ac*@lP$fBB_zoC)1z z4S^;cz@32sgLovMBsMXxT#>r191MG;sg72OeE~QR4s-H&d=u!SDhF%x=gD(y<{wPe z_wJc$Y{cu#VeCfT?tC%;cfO8V=zQHDtBXVDwYARiPagSsPwIz*4w=R!c8?L935xvb zvEz{&J{h2gcRxdN3v_S*r#(pNtBmeI*#s#msRjr%{^3J~{(d83tLxVj5nL><81*x& zNd{D8Z$Hufb5`qj*+_2@Z~*clN37f}=wk`TTd z(e#s^o|{482FUf!6k+}wJ;amegEy6UF2ox%?g-enUts(ZHv1XrITF7|W20l9

M| zGDG6*^{TQy)+Rsn`JNjh!{UY=EC3r*e7F+jO*MR~AcWzw68iZlAgPG=tbl8JD<;i! zW5Y_IA^$_**hVkDW~Cz#xPZ_nBLW6%HZ?UbE@KS;`xUK|D`=2`6%at$+T=fF9{G2$ zZgL7rY9)ls9FQaQKtapO>H*xzS>Dct0ND7ib^rS>En7@0#WX6XlT`KZ@19%<1Pvxd zd}k1CGDfOHvxOSSVfA^RXeNY*SsmihD>b)k(7^j(AmaVc+^2uo;lC3OAayg-Ap_X- zIq44+>~C-ADa5-m1^kr7|ML1z0y{SLO*~?EYOD`e{x_libL5ZYcjnP1Gn-qZZAtv0 z<9W=LhbQW(1$R897*qVtQ~!TPtx3mAwnbY@XL;-@aZ^?waS838GydBSj{T356@tbc z{+omGccWmE-PuFavs%X%>wS3hpBbjdvr3Oa@7UZY;N8z0xP{)JY~K___7M;;`Ag?` zwErh<{YEeJp;+7(&>}nf9#(y%paQL8eNTF=TlN$Eiv=8iB@h?piwlv##5Db{JOz%X4ZJYrT99`Q;8BZPn{nZfkbD;C*-D84ndL97k)KU-4gk_#FvBKyfy!ymrXIwk*7-0Q_9)_dWm5p_HCMZsX9CP?o=7 zg{9*r2OgH7I2ScCl&IIhJ1yhO_6K?NPq0N^4(vp4h;;Zc9V_4UlmbWzuApA{RYmUy zVg1il-KjuBZ}7gBa_j#?9Y03pR-m822yASP&h2FEB)x z#9WfU7Xs02k0_v-4@XqbhB4DFhHMoj-sF=O{`Kv@{>pp-FgDI_RQ ziP)i7c9)>kmxu)k+i7l`&?>Le`MSf#XU8!Z`~}*@c_#3Tg7jY{o0V1_V?Er9S|cO{ z%cs6&EHiiH8fh3AI|;QKyek+txP?8L(rIz-NU*=-MJE($e9%wy82W-9hZAd%&oPdb0ymS8m?q{iuBCaB-YlglM^^)Px-7pK`Y13 zMa>(;1>?9`TyfTp5Ih?GClUNotI6^199+?R3q!tmEwTJy%0Q_`5m+W3qz6ArQed53 zOFv{6G*li5^^ar#MKS?}Psz_XEFfQ;Mp&963EA`p3L+2AvjPi2<__~@j?Kd2k+FO$ z4tfqj2@{!>lw@E_Lb-T~-gqPD#gLHcL5LoqVa}T?At+?Ku8(;L^v9R(c_SzMRIUh&Ms94B%3CZ-!zpqh{q`#3}31l7{ z$J)ZL(}!Yi5Y1HVyKw9%p&WXu(--N!z#n;RF^Ar6QTje{7;8dgfcna6L&q}$A{kbY#-7Fl%`PNCSluZm6If?34ox^mjHinqseFKSKj?VUeLsxzGb}mDr{e z9=PaE)NyxSEmYyvvUw6Ry369$)TQsRq;iFY^<8ftY{oemC=G5}*A6*GUw|k>I8D7c zD^Nvmacgk@tFeUd3)17_O6eBteDH1`_9YYIJnyUysRs6J9a69Bimdby>`78c%H1C? zH_)O(S8~OaW&$P`1h-qxp=0K$j`fZdb%T5Zq|dm-42OSs*`nbAG~Dj`nq5db_u}@+ zRUDra@R1%7cPO3O)4mnlC+!i~_^jg8Y(~c|1uS}l;WVwod;X`23Dhs%I1Kx6PoF7i z2f_(syARI5c*z@LTV0-@+4Of?BFqu(9GGN!}U@HD0+|J{C-cZ6~k1KSU&1qs6|$wAB2#Q$Jmmbb9Lqke?UpZfCO zRJ&4`yLaI`F7nhfhNN^qIRF;@&zDvWP|2^ zlin6tGEgUy4xgXNcV+4B7H+Qf`8$GT##GS8%?$dvr_di#45ppmL ziPoL}=t=i4I{w#KdVauel&#YZn4=DNGuXzt-ue(Ip(Q1n-vT6LoltOp`ty!3Iw-J} zg)y6BF%G#PKgA_dXLVhl+>R)C)0%7><6?a~Q13@ArMp!Wf5{*} zmaG+d5ZWLKtUW?|A6a%3>fxb42+i! zew_U~z37$I?DT~!l%gU;kSliut!s|eJanf&thv(>2UcH=>NEPV}K+=?kS^H)H#$Cf2Qi?M`* zB8>j`eg2tFaE#b$z8(NBhP?0u`~kGzQHJ3_ZElL8wgZ|PR`fnnNOCs# zJTZShVZw*V8sRF|nQ~9vMVSm!C;~>;=r!UPfN+G*m>TifVN~mNHz|t9(irwHmXr={sNyhhKxb#JhZrHxGS%mX>H|QAs8a zVrG`T{~oAa8=k8u!7VDv21f0+KL#3Ka&vNCCM6}c+MNn--0aolP|=jMw9KtQA)puI zcRn&daV>uZ{j-cvkaD-DQ1lJ+oWP$o2$FVU{|yZ_d00X+gbg&P(YP0OV(`f5sl1G9 zH=mSmG%-0MqS*u65t}#iW{?whqn#eZ8>F&~N3{Ufl9rdk2S=PNZ>lR0-wCUU9@)74 zHZyahYNlt? zTO|X^@9N!__hQbyYERHCD&{SpW^zIZoHQgF&;U`FB%{;wybiFjl4Jxj&NCA4KRB(y zlVSC89M?AjQ32*wkpR>-wnoim&KSdUB$#V0-7VJPO6j%n`*yH+%-02V=C`H`Rq1J1$F@z1tfG%gghuO~xtgej-Ur zS#NQdl9g_*W9!ayoL4E`>Q=qE7n>s`+ukri6d#i0RW`ZNC^k1o`)a`Uah~NmW$Ad~ zpx!Y2<%?P`?7B%R6x?^X$JVZIaJ#hHQAvhc(7czU^!45B61$}0b~axE*@jxM*aa^) zN13*$+^`U`rs+kK$9qdc^3}>xYF94Z1x2;)M44o-I`y{H0|f-)Lx4I+=Fw1XL&G~_ z0JIzH#kTI7uiN&jQ}LiF54s)H;RC7(2c@PmMRO?+E-x(=MTXM3+64Ie`8h6@JU7WM zRWU1Ju&G=gE|;Zs+tDsv$O|8U%m5{+?`mkoQHwe~)Nol1&jX6FN5;h1c(plpyN^q< zm-ZFdCuM4m8s>`t_qUsXGEJ@RXN3J%S62n=O9`Jpf4;UBUagj01%LcNRn=rqA)16) zrfH8U?JOcR zNJvONkL0n(EK`ONp^)2CQYHd7vdo}PqeiZ;a$LvnI<|Xdhc|1AU87LirgO-auUeU_ z2h#9{r#UqDKFBjc;1?Y0=`66t#>x1~- zifN`@ppXyqOuN_9Sp=!1q~s(c-EKpSpyAex4|`b$66iXiwp6h$)0v?EoA@{`7=bH< zU4YWhDd1fEJ;wb`9OR`TKy^lH@0+R}_P4nKMblTFn~Cnaq6uZG7pE<^-R8r)dP%?$ zmU@P2$Tb8wio|8XT#Dx$svBo1IKXvF-*K*)f5*PRW`?M8J?@2Ru0qvzJjb0|k6%?x z6>CzO*teMO?v6tgvMkmNWn0E{QSUiKKC?sjg-1h$t5(5!rlxP9F~n;UC= zx&gN`>s5EV!jX@fnwlzxk!V_k9hHc!K}Jw?<;yCpR=xdt=sx=HtOS^8HIH~NpJ(s% zCK+G;TKUMPOzDI_bgQWJd2uzOcm|WM+;yoCXwxIMKaOGpFhv)DE8f=L9!}&kh5_7> z8Ma)qZ4M&?>UoctdL#_<|DFqbB&)vb9T?!Bpb2_jEp^mQc!vi&xWjZ1&HHtS=|~hl zP#aU50crtrR8?^4h>qOTz8|+x#T(Mir$IBk^fVx+N;_E1Q9VD?Br^oaP}J{#+i0{4 zrb9-?2%K%}fuoSfNBj*+9?!SIqYRqJde_(J4Jt@f0Qf3uL(}}#*C0^27!RXW{ivu; z_%OJ7bBT3vb-qWjAwM8KsJv=Fvllt6iFjVITdZ*bC|UEs^r;7GF%DHvyS1fSy>vQ! zv;tvOI@cpdZ1?z4ZZTrNlwr34Ro08&V`iAn`M!nYl@Et1$AoV1TFXS*lw|y{$-If( zB!}Dd%-Z{E*Ft*{{0v4p`TU;wJ3LfGr*CVFjwcQrD{hv3jU z$O#Dxrz9r6*8?LTaU|vHGmca^=C{6~?!NW$n+K8DMWCEzexzqk<(5k6T&QU9 z{5&u&{GgY>d4F|AQBlz~#PTR>y+2Jb9PZ@UouR=Jg;4gP-Ah-jyjQiEW!`Vw8nf>O z-Ko}F9C+6Xw3?h8_o6Gh-V_zP+iH%q?Jwa9(FPKIw(`RJSNpMdPPE53fmi^$N(`_D z8wl$cyw=nbcWf@El#5vt$t__gtCaxtCpK)no;nu}r+?F7xgxVa<2wp34{wY|44X_c z1*2hyalpkJ_(pD7Buc5CST~Jp%6LtMHqTOk$DG!`q=q>)pC*RSb)Z zi`@MDOj%i3Yo+Z755hM+2w?4=syFcWeNGCoV@5Ra0I0b8bu?1#{rfK7-#r%GXIN^U zI>QgtNlt$x>{S{G!X`om6j$@=GY0HWz9~jbUt0=l)}(E!`DV(C??-iIiV(G~vs+g! zrhAPJJhZsT&c<=BH6rsdP=<3Ky*9h+Ifr*km&=-A01(reu)}eRrHBs_1q)AiBPzjV zx4%&}SK1a^Y!XI4-o7-ihq8{f``kDonuqw{R2<#=i1;!GQG9q}qJ;&*s;o!qJ)9)x zrh&4V@hPmn`V1%vLDbT}2~C6rKL@C=R>R&VzbxL z79Stq)P1#EQFGBWIwB&ldt z87F!})csE`%Pg0~(L!-g1BN2i;h~EWkK>Qqzz4t&v;|#yj5QL2vnNqGb(2laZWGA& zsm*QjX)kh)mXKhY>aVZu53HoozmDOqE@(Mf0aT{9eP4eAL)R*`P`0e?^xeHVbjSTy z!Dlw>TupB+L>L^{cfLScQ?_p_PtWVuB8t*7v9mxW86_HYLTrt4yR1c^_s=T&Cgm4Z zpt7@{pWjwtqIT@UKq0G+)oQkVR`Pi-Ap4y0+kDfCh2A?GOG|G>iM_S(TCac|#mXt5 znD%a)ebszcITjRR1C(2COm#^bBwa0Yb=I4nZfd$WH#g_~ruL7zGVl&MH$C$Mp4h>A zDp&P^koiphr@k||_!juj*_3|PTFaBuGBp+G$emw!*AmfAJ~KP|0`JOW(&t>NT?sl+ zxn&Qq&;@wD98mppZZ7gg!gR1idvkjg^v>20v;~t^0^5rHi$)+qbeQo>H*$3%;3lB- zjD%&-tVE(i2i%bRjvQ#EfO)PxywI0>!>npo-^i%HB9lLWme8PU>l$y;HI10Bpmf{f z9-p=n>KRURYoK#VaVCE8@RsL`O$Sy=Lup_rnxfy;{V^7TTmbw~nP(UNkslF=3FGU2 zrK}S`^DQh(m=S|aQAbHPY25dNkEy0dxX;TQ0gSwcyFAcctsy4kdC72^kj(zb@CTmQ z_2E_&^;d5|Fap)zW@m@x<#C^Hkd*HlAW%r{0o{Av|IPkC>^d1p>UteuCC{wy}$*=2++9g0*q*UbHahu;n zF}R8*Sq`chN<6Z)yctU5y5IevlAqf``1OZ{d$z3~Y;|bri&F4KQ2Xmv-H#L<2@edu zHGtC{=U2%_R{e{cpOb6ME+RX;kPqwX>r>vnvyfR?g<;@KdNap`0JxuYMS&y@C z23qq}PLPxW-3Mp*(qLVb3kyVnTXuEI9arn3TKht);ThF-K9-sQUn~xNRnWruhdlfh z*rE?agQcY0zYD47ef1P{*XI+EBFy4&mf|c(k{CE71yOqad^eIoPT~GV#nE?nx5R9^ zWM;FW&I%gV^XzZUug2Ry1@E`HapYUvHL7|tQe-y*?-aJSvi=w!TasKLXQx@lUN%rM zj}tflq7PaRtyGTU&+_g|?GFkkamn<{%JL()$j-v1w4ua^{i*3C-ohvp!t0=bVO#j! zfP5cCF`&iK^Rfk zV(h!z33_wW=bb;q3D;sdwcb%DT3KOoGTx65|M0PN{9$ zY}x?~{pcJ4U^pgT;{QHiyWjQnbsIKl5bbp8uWsT#J>-#-#BnR*fo4nU&lk z%a!N($W$^lT3;^DGEb}izO$#F^pv)@d^G#!jM}Ui+B9!(sPd9UYHlrw+zAr_2@ zr^A=*PW@jrmLbbv^#h+y)2`Az9GFS9X@$m`tf6A zo2-6iYbJcF_(P>|h97?a03R$iHumD!j!*X%{&Vr2RXWrvr?9ZK)y} z=nv-mb><41@uJQ}WweS_8z~&!mHr&;Y9++_`rkah5S{y`Rm+;=l9jy`50{5>J64l^ zEBZtZ-629HuFN2Zh!knTYmDHtFF#erprgjY`}M~Cz=hAM342A&-t3BvF3E9bx3A0} zh!7n_&zIrZ%f@{YrjGNNxWx1jcOU}s`wy55mL6p3p`7cFCy+KQz;z4X|Keg2$@ZCr zO~irNY&e|=>9qDXP5kY{dp-~2fclOf3hlGIO@$Y35nK?mN2;axt*(kwNa~E}&?}Wz z1n*zm)h|K5$6>&xS3a0GK@et+?2)K7K#f_C_afu3T_GKD*p%7HMNOklp*G|9WIx!u zY|U{BsuPq?4X+@}@yD%EE3D(1h|wHHD*yff)EJRl1-vXY6z~z-pF@$*B`ie^s6E$y zJ9JLdvl^K{O2U*z>-L4%!xvSjx!0?0YFpm5v5Xios0{!*DHZ1-H`a+fZj6>XUCX>` z`YfVTP+e?ai)DXE7U2Y6>zG*&pU&uysopWqe!h%K;_%XWJH4D095uQvp?M0rZH_Fz zN5zGQ4bv!B zfSRtwj_%To_qr|i2G9Ff;%=-1?kydnvs#XA)GrihQMA&dYVMU5KZ4%}c3jij8K*<$ zkH_x^YvKV_ax-jpher|Wz-;yp%Te%NO+v0gOEnG0snAKdA>&7_`I7xHBBWNHIkU^E zk7lNxkN=>~^duOO27U8jdZC|Zd@5Y?6kwIkOt9nslU9EGC&2_nR86{|LQYA08Fmrv zGIbDMdinaSYW;9*SPu?F>rPuGLu4IV45#NEEqbh%DLQNN)2nnZd%~59?YtwmnV6Z4 zuRZEXOHB=ee9bk6w8KDjrVbZ(z1MelE8SlYaC6}b>SM%2MxJgL+k2vYcV$N|a#Gy{TuA zZlui6p85zDhd`+6A|wGP%KZ1S4|+Ni1TCZ+OD ztPt(j5ItK4zQ+d&@rTa)1EDGE9<|g#=s39>!+vP>nxZ(tY5!(?jtXMrfaad}y};F- z9S5se1v*aDd^K{u8woIQZ98(I{dx69IMU1b-6kDs0($jheXOv(cm=kkN8#st@q0rv z->AD5qScQNbEbH7b&rM=(wD2{X11bkUv``&>QPX4f3Gw)}S8d&+H5 zv*HYLj>EN-eMewxn;gom-?MrCuJOS94AnKWX9xAHPXjK7v@K0Ds-=D3?_FNr14S`? zA!I#jhpyMu=Y0cLhE>kf0Noj`H*f>!mboX;M71pUBX}X5P|SY+*1870gVnCCc6wI`6Km;g*(L#S@0b*XB?);$4iL2 zQK$1hh29MXH(%PAnU&>yiMv=R%t2pfWRZ2B+xUT73lC-FON@wb_N?a=Rk%Rw6N7@!ucah^JVzOO0kc7GgjK?&QzD3_^lvaZF| z-RaioadXrnitUN1>2sj9VtU@Z-?ePd9M?sYZk_6Rdsj&TYkdxD%c1Sf9B5@(j@^`V z^|o_52Xwx;O3tXfj6u2oUbc~r*2>V(lMue2!N&Y8!QZs3_14R zW2K2zQ!?*zJR#RgiJf<^X>X1uQT2{bH3hP@de>z!yU8ivT0pK7`Q&K9B^K>so!90z6MUd1={_aX61AIyQDR%iLwO86L~H zXFT~3&OcsdE0Q;}^-i{8mnVHUsFa^7$Y^q)r1t$MwAPY^cDEkwd<@0Pcgx~d9ZZ3= z^)^FO7t!>I!^t&V63zN@Tqg?4diOK|5`UH!H-g{RU(Mm_%7@qDjefmQGEoV)U2OeH zA4-?1*nIf(wlOHIJswQg=Cbj5(g@+_*SgX+Xr9I)NpJ z*hwdkqD>=0l-Fmqt<9{&+FEc(wvLL2Mzg}|LW}@k_dP{XR_AXEBPGZ$bUWmt^E?4G zpTG~J;^OYn@@P9cmS%zFUiJs*qOI&WFkEG0+guC)O{nSX>tDIvu!_-$h>Q+c4^R%) zMU)iCqe`|GnU5qbeMfdpqr5Ye6JBSshqTCfyZ0gW)FZDRl{sTR)?;Sg;V)NcDS4p*DgXc$Pq1HpJHqE|fwWzjgwUI2$&~AP9DvNRP zOY+((Ok(w!&-Xk6mWL}9$z7j&2)*mz%WCp(}kL)ip5Y9ey>_D8gf zg&j^=JTv;@E(Q4?-N$!k^;nqt{peiRzT`?jeCi+UzTneX%S{2|>aer5%~~_G|F{~E zOctbRKfB#!)M3#AI^*$#aaEam zceAVRDD?F77;AbeL4hM%Gu1^Os=Er4-2w3QVYBac)qiWB!+F3UFQ8b90jJ}#?WDM_ zgxLp2Fos`_`XLyKgu~*#06f3(@g6fKE-xD=pQyT`ovUsV+=)jyJ|-%&DlRrMD_c?F zYqcbwWT{%VBk6}PlX^jSOXZ5Qwr;(h3@YrY6*>;`e_u|*DCo5y+!b>}_6OD*N^5{> zph2HX#9lhMy0XQHIOcJ$`MIJuOgvxZe1%C`Uo%;x5PSjazKTS4X>|K^!?eq1S+P&p! z&HjRNRT)rVeMULZk}`eX^0A|%;6<*c?#E6}>41-?yq{Nky?#98qcG*hn^G1t}?cj8sendLn z6?W+m@s{)oz%pU627CcxI?G5YZe}ph!`ia2EHfudu{Y}^8~r=PH#EnzuaqGJKH>hv zf)x`d^y^IussLzr#{f`DnKm_T`)T0kv9AMU*=nU{Pdyi3OqIJD`e7mftWlg*A)oEM zi1qJ-pI86{b>MrVxEi)`;bFH5&1q)#94KhMe>j_46Umb{?=&<_INq9}IA4^)5$C$q zPi(9c+8zrgA93EUd{4;9z-MkKv&{ zTw!5hLOLM$V*5BPb&H$6-fy{jTjRz1=Dl#8T)>sr7dLu+ZVQJlCnw8`2)u6rCC&M7 zQ~H;ngI~3fLbHmONOL|?)G(m?o`~%?h}?^`*2$cc;CW;_36REYLjl8!H? zKluuo(8wJ;z}-40VEavP7#ZW*xfI{5s*2$&NpV6{Re@31^4hX83!uvMzJafp{1PP~fk9-YTRpI+lkXy; z1#?H(O=1D=%<%@4E1ytekZ4ej+pbxPzR~Lref;z@hBEY`^5e^~8o6$Br> zfm_%XWibmwgK6OHkY_1&!5I!g;Hju(lk=u(XE!>uR)|X(S9c<5p0i@cPE4PyJN~V(G0HSl?2ogY%=^{%2UPT2 zEchgTVAfD_tj?Krd=xpb7h3k2=Tp&uoOg{SXs(pBz0jfUduZz)G;oBmyMWCQ=kJ+& zLg3Xva9x(dM>BnS^xwqB3^YFwCdRnd03&`e^Dqh_Ali$qGlqTlzlH?F4>yPnn_e4=$+m}KGSFRlERg}?+7XD8xAdNgSg6lBb>&EF9{=!% zKJ37UkzoWnb0xo@*PZ;32k3VXdl^bgYfx)^Q)~E>>>068NV7{h#%+V?d)iNiZuO#HriwcIVn#;9t7~k+!R(WDi}-(U2tpqK`qYC%S}iqf zS{X%&DFoOywo-47A<1dN+zs<(B4>6!F`C*xEAd zV=IS>d0Hgf*C$NqSY8cb+G>kE$EYtx<`QGQj)PJ$p?>B^(6 z?5r%B`^G!=q;>T;PC;{)Qq1>9`tK?NUe19LqEam-kXlzY++Mk2^~qrTJpyJYWV{ki z7fm?27E4|$881Xd>kPjs;OMmW=IfSUNzDg@-^z%p&v-Y-D52*5zBH_!(M>GkM=Sw= z4(vL)fa5ot$EVCIwl?8!siX6D`argeg$iZa>Ey@wAMhk9jXVzhW8?qe zm0?nfg$J}$7d2v9rH3>yeRg7oKaH1Q3p))8R9%+xV>oxH+Gsy`7~W%K z8DrxO@)}P58&d=TPvCQi7ka~mK1v$QD}E23Fa|#M%ktA%`@Zzri(^Fjo^ys#zeSp7E8W}4oXoQ&j-yJC5y&s1s_!&QF^|XJ$eQRB z8_@@gfJVe?t*^E|`^%+>o@<~-Q^r(Hnz)tn>ZK{>8pl{=G)h;waPQm{HfgiJI$zgGyhR{CrT=I85bg+j-p#>x0LkD}yoL_oF{2DO2f+?#nl&HWGIpRFmNs^$zLXTJW{cxZExTM0C zNRUKtFhf$tf*w-7?Ym8n0<~7#M{`7?l&Kg_e*Z6a*bxU9UX^=N(XRkHkNZ)nWtd>V zsMNd4c4+O+Blz;UqKt^@l3cAd%$&JeA7yoN+u#ijeL2tkj&VP)F1t;_AFZP#M zp^sjZJLP~+IHk?U@|OeYF#tLP|CZ@-^3{5QIk2aiyk$&yCi?C12M3HJjaPs?FFwx~ zMfpPf1o%2&kZ_E^;ZyuV{6|O~Dc=R(zJ2Exzx_s1zae*+eAWuhYMVL13!QjY^$Xx@ z(z<)-yZ}s{AZznGshz{RS+;+!s=-=wR{|ewZ zz`tU%_xkAmx2%#-4-y4puB*P-$>pyAljuP1ue!&0d-jXM7zDRH^(cph+f{mF+XtsFNc0qh_O_7q&m%_w)HN%o3bqZB7rQAnZt*bw+Vpqye8W;f zEhKDGZi+gc^x}ul0MQSc-c%Ku(&(vI(H8P)Fma5_9s6>pHDQ2pV~{*2_cn$F$*BB7sX_qr%V+49L)imlj;ZPXCXx-*npPDAO7gWiNl=dpR z#s0J$e6wq+Bv<`5{a$`@NaQSI(*I3oddksP_R20JGUSK0`ysaFq$lWu!U0B$O;1!2 zdSWGj^#}qw;D!#Qblt?sdUNkL@|=`D9CDpsY~qB)0b9Vrq&F}hc;LghEm6&QZ9Gf{ z=Q+-ughOQ-hy3oGU?2L$R+j@eFV(Dd={ybt?jbNBjC!bL1_OU1BN!RxS5dc$-T+Cb zr7$?AraXznO{L3?gsDh%SqqU7J6Cc=H z8JA`8KRk}{1L9h{6gVi56d8F2U}S zz^voAI-nv5?nmc6-aSjFb}-pJi7&_C1hr@|vhgj~yhO-?I#8YC7_;7zB z$*j>wGGfS2|pT=2HHce7>_m&^h}V4WMpKF zFZ8c#BR@78(_5LI|2?Y-g2W6XBmXd5URTp6i*k)#AFM>yffHWhf8;Nq1 z=P^irvsN9+`}+G&QO#3no0{?g$9S|f4l&z}6m%yDQ13!V8k*jjCw~64p|`ITooT2( z3@=YZdyZ6zZxEzjkxQDF7~>Ui)+Vn#Ojy2Iv8U0qyzz@O4pBV&5>gSLqg?l)ijZ&b zbY_v<24q<8hF3QgpApr`S+4@KPWl=o3LYmi;)Y_#{`9*>$k(0c`s&11tfNBw{SsBV zzWygD2-oIrLa6gX6vGDhPD!e2#tG~O>H@a1pqRi7Z~+;JIIj@M0qU2zVS)+2G{*LY z!x8bFW?|@OXZN2bZuzv9X-!U?)9F>d3X05^`+|LPk(UCy5oY)kZ!52vCk`;&+T(=X zxUIu;@*T#GdbG*5>cBQndd)1k#@J-5hh=`&6zan_Ip2UH)s_qT?__8?6rFqL z(ueM?yZGrsM=5y|{J2VnY-2jvq9WcCs8m*)Wi%6ra2vkPO3b)Lz+DtJ{`P|#JT7*? zH`~te`S+{JO0D0;i{O4jQq~funJsi%T9}r*%iJc0>A4DMoj;TVzAZB8NY#( z3fhAn2rv`-2XXxre!$AM7T0@LSZN03x$Cjk}kwIuF^5Vgv|5)wgt+9daQ( z4~&U}RwozXlQ4<6pz+fz_`W3A5*}~aHS_f1B3AzHGVv2+6G#VJ-6!~T=L8hBh%trs zuH+tgM^u=yy1$&4@3v6sS;IZrip7_Sh^W#a9*W~)z&8W}99<4S@c*J5p3x|@ZDlJ! z;Q15BHTOa6qXAvHCy4^rhJ9?L-1-LFaqs~~kkwgtkqZNCGS-tzz{S%KY;nXdiF_gJ zX;$l(tVMSL*Du?T@KCx;%GF$goF;n7a6;On!O+jGoUcWr<-Kv-j)YvGN9#8_Y1E05 z&5mV!I-S1d5LEV?z2|YMqf^vgA{3{&(eOxdeFtE|g}@{D zG~n!*P=!Z&(p9si6TpUy$-(@W3Wd{MW&;bb(}C*%v_Y{NHXiR=X3%J}wO>7&s4ch+w3g7|aO&tQDK z48Ph@EPEc_V;TS6_E!WyAs!@Ha=QIJG29XJR}#c`7-3uu^l=_gBhYatdYyQjth6iu zBadh)m&fX8-v?7|sB2xW(x-lTcLVW|6YcmD;@OlM;-Ti#@6S0oe%w6HnSl2&c@?eS zR6mL5**!+mLEK5rgxzhk^-Jqu6UHOjE4UIEY?2s5kn~7&>I5FNFtMzxiK3%nzGHW_ znvR2ewi?m~#Mg*)Fa?Qc2MtJF=LK+PJt6cMfX_=n%y$SqYki>pu6Wu+jN+$VHlAf zJ!3{^wRjwg^vfVY0*GDyz-)42*PT!Npk4CA_{M(w0Pf*FVfW9??i;7BlX2U&_giqs zM%SI>)pwXy_5lO^?m`)&N?vUzh?KMCV02o2Giwu-1oL*^bnarH$${5TN9*x} z)>Y2E=;hBgSGg%4^OIK(esGgmXhxk+@jNjfy)&@+{%GS@$6sY+>2S<6n_;uT5=*Q7 z)}+RF(pT6eZdj}|G{Bh8v=ciG)UP^D`ZaM78NeHM;upGp?BQL={V2lUYjW!#$r1=K`2tkyl3PY?lMTW@bi$Bq)%kBDy*dC;DK zMS^43gvj-yS^zL=9QtxBQzYk=yY7$?tbL!bZALwpL&AZCf%?_<^giDUTTeG(ovF>B z$~b-&0tCm+VMC+3c49Scstwx=yh6uW$M-eF@*J~i+i@BMTyS03fVr%_u$eT*i3gnb zK!w{ONxbIPCyYv1;+Y0Z?8!u~Hk%8K+sZe;A6D{+YVz{G0Nt=!B5dTvUM1kx|2}UZ zIqV5LPM%Q;Gn3^T4Bnx*h}n}-@zbXWh7h_l*UDpyEdo2gr)&Mh=>gjT2=(7Wo#O%> z-$ns*U@MI}e^$XY4}RlMb>{# z{(bqw2e|M$=QU@}oaf9uXU>P;1>SQX8izyUYBf6g=d0CTCF{vy>1U6|!5NkM!#dE& zLZMac6g}>ntRacTzduWCN(xZqr>Hr{#g=g-K*idEOx#jk{3}Pf=Aoi%4Y09#pU}$x z*sjp`#4X4$n(|1uE7X1oB5o6%Yr!uC0BLfSB`sXm6#1Oh{9~;q$p=`2#YfJErB_L5Ct0KizHYM>O#E zSJv9?SO#&*h&wc;YJYOI4%u_hsJh#_o7b2I|28#9!j5>A^Q~caFEQDy{bhkL=o6fC8ztG=9ecV!T+l$HScqs;gk} z($|@=|3nbYxCByYD9!@1-tkTBiM?(*w+(ssq@UqRtQe_RL5!&~v?9$@v-OdV zQFp@}X8jN%xt?ytWHYmJ(cjhrZ-qrg71yC=%urIV!a^=ffjn>H9A4mKGAgJwJ7K=f z{k=B(vZ6rpIxWIKyj2T*gR>L0qx*ygooja!b!9KLShW1T)Bv0i2NskL+#??YP_D1} zYX+sIGS)d=1M4tRQL6}fe;Zcbu&2w~tkdALxBPs5Ju0ki8ktozmq*3J>v~%?4`|Tz zLv@sH`s+)XkqXAzSPh6@sgq%uTr6N6-3DAWGoO{$h z42+Djh9FRWx^?prj`l~XM^Pb)VHMR{TRGv=34FqukjxyAANhLDYu_XC&LQ=%zobQW z59*^X5U(J5L?TGpTQeB)L6Z%nQ}F#e$*+9~ttDvkD_hdy7TMf z^KVqJxQN84sHyR1XJ;dthXKYVKhCOqCxK+F`1Jwqy30_J%O;M@=KV5?WLgv}U_(~9 z?i&($!(N!1b1Fy9+7Dx7nhw8jG1ecpDO~ffAQ@D5)w20)JMZf1Dp9I)MX=SF7ozdk z{(_2M^WXb)U(bTDZyVb=^W*?*pj7lO_V;66_nMvKAcIEd@BWGbJr);m3ljBEi(u%Z5f=KHmCA8zVE{t!agJ>U12m+|5g42 zvS@7KrONL%0+5q1iT_^H2>bYphe!5*;v>v5#!zWAhYk-R5s`_?XO`!j1$lger=ijW z;P{05Z(=)Cf?7Z#xv3d{8Z|E~y|F2mYAocqU_Gqh<+}=0 z4;n&D4|;2de9nGvG)We8=n)T(e#rk5?<8OdkAA zPXL(Yia~j%>7~a_O*BYohn?J+6fhC*;&#Wbq^2dl?dUEAH&u71q7%bDpQ?Td?B-!S z9)EC3bjMCQ=|bIDYw#J#-FU5`MEv{{*Kv)%A}%zS*UBHa5i=BzRSt4fd``T%Lwg-Wq)XFF|4UD< zU>X%qlWo8e3}zBl;Ax|J&}~mi2HaBGh#*W!sig9~Qe@K8B^55!-?vvGjZ$=U^l>Xm z8#R*_>lKBCwo5)g&MAIkGTA%9=4OG0Mn>z5*UN>!pt?ZABNK!f?Sh6j5W&nG#Ot6U z2Mz6!E84NGRVLoY&Zy`$-ry|K_B9W#v)0Yr!k)9FrQ`*2VHX#HqkHX}brbdz6J2{c zAr37@li-l9EY_ycuR+^dQit;iR@ zrovxKic8F=Y+yZ^6ACa=>Dm`P7r%OuaDVTu-+TkMtAk=&6+*lv$R`c(-;I_Vo<0uS z;cLYl%SzFiAUwxEm8#j8RLw)n`DN?nflls+LV9HQDaxp5GNLU;+3AL5WfYdIYm*zQ z<1rISa~%-3PaSu^2vw+{ZirU6Et5#OdG?K>j~;EpNrJzo+1&62@KnMDkr%{S4BiAyqKw#OMCJ3Hw!HdkE2#=&VoB^)<3 z?Bkb*ks%{tyu59O5PQL~@}jGQ>a(Pz#u4utHO-|GqFG;$lp1N2zy=QP^`wxPh;?DB zVb57p6ak1I`t0h`c!cg+x@%=n+a|Z-PxS(LqjCI>#f$wfKHx!&9qA4_Yy}TkZICr! zlSd+AMwg(p*OtaTGs?x0eIhC)8a3Tr7%L_V$aV%(ZucOiU>=5Lec#> z-IAQMeRFiwg<*p)8+O}H$7abtg6v(zwgJmndF3shA=f%^SS7@Ws~qwntT;6l-;i^e zE+i0b&N}!l@XyZ)10$tZ? z+-h<&GucnkhCm^oazzEO!6RYJBf;+W9qseuxpv+x6-Ns)V0MT#!>y;S}L?QG~3X6eR`%b&^f%+bJ0aZOUsfk zwUwUZp!aFcYqBrav|wuEINJB5r^B+sMl;FUNEzCt%2M=tS%)XEVlu zhlHF0N%%X45sxKmpO-^wuzEM(+$A3gjukH9WI>&j$41NmY}YnYs?I^-OdV@RGp*p- z0f-i`W(yWAFXMue&-vXP-!M)}+X5?h(-xlzcP(6m$Xk+YMheVhZx4>HXn_GjI4c_~ zeWESmbwEG>N91vsMw%?cb%*pDYHDiV~q7HgZs{w7h>#fBY3cn*yWX3Ju}C{rVc+)t5pVyd6FdN5%PCgY50F z-fWI5NmZFd$FP_>DDe!s)>(#amQ;j?vtJ1_%w$_v$-kp0Px|OZem(tBD;`G#CN2Az zB1WtuS0i`|NP;>XVgu0L_4AZ4cz}f*tMW9MAtxs{w71`^*>&NK_2ByH(r8D7_@)3pL#GhjTGB_U$h{BU~ zqbHIO%szXVR*Z$(dJ`?3e-P}<7Z;5HL+rV&ZJkMm;XLN}H%Y0jf!b{CE3wk43&l|l z85*}0y&mTfBF2kJT&QQ^lF)N(%C2OA7d7 z)T2O5H=2MVjDod0f^Yz%^r5vfJt1_{sP4 z-EIEA{_cmsoY9x*wRu;c1?|5Vvx2$_-;M?Wl6z)g^ts0<=x~N}zeI=X*qi8lW5n}D z)`xd@`#$14C3oGr=|=XFLRPVxq#iXh*n1Ok5o}t!E|nvM@_rH#>@I@zQiRgPJ-;kORyH=((4z*LxsoxU8Cw}pw@bvb8kEo8{BntmOjo-~ ztM@WG1~ndqOJbyLQZ0pZm3+{jiP9^8q4nr#IFGEE+$AoccFhM`P58#gAN#dE5Nz%Y zawyqtk{O<0rq*OYRy#VftRY#{q^c_JIg|BxnlxV|lz^N{^-IbQcEkSnylzx05@rrR zR~-r^@rSmIcest=rVYro>$9?xkEZIHF32uN#u<#Y9efW=Pve?w88YwKA z=2+x=ElE%vowL(Z%lwhJwvoa5Kb2>zw5VJkm_m9m2ff~(g4`HJlbn<>O*~6S^ z#=4@g=TRh=RF3idIl^3&Ey}eXC^2`%8EzglCPw+KXZZmY0Aamg)^{Nxs$9ahwv=bK zdY?E*E;oKT-rY1k;(Ma|(?ndNAzm+;;Sx~4x%_T#Vf@tl>C;S4x`!8`z>}L&1-B=G z6&DDN!rWmv=9}@E{;Ig3gMlh+fiL^kq5t2kd&~IHXv4re$@m4dR=L6q;6oWR^yIgzCkiM^IQZjCK;) z)OwvUyf@gFX!TX7?VIK_DxwslbR=J#0Oh67^#Pl$S3qX!atVNZ?Kzo$pXIyHH7!^) zq?diqJJLXIy!9m(eJLA-ppUjOb!M>6w0#Zq)y%ERdyf>@J(vr)J`KQ*PZ~^WqY5n6 z^fsBcnSK!wU&c*5O-&z;&jUdzS`wy+rh1LoL=2Gi+G`YY!>_90UUn7&IHd;9a=t!z zhHEU1wgrOtE8cnj)9F6E6RKB7cs8J+4|e{QZRjzEM&m)wITNgGs%{haqUtNlUF#bI zqgEu90fbgMR~|k;S55$M#1C#rt*dYG3nc$R0|Ig_!-0oyT{9()5i4_ZCg;xEyge7* zH4#gG_gy(>R|2vs$f{b2{fXr8#7H_wQ5~S8%(q8L*u*n)V0t_*ucLU^x-4xN3*tsNYa4sj zz7Zc=bm_CSyiUH+GyRB2hhQccP%0uJ-~Y{lsc~dPzI}IkWH%)d0ps zkNnxq8-a}*I@cP6c6$A6Lxdbkv!-TGF2%@ub*j8eyTz~Juhcb?VL z*3NRL)c+8+{^)#?dNh^Q@BS)Rzt~s+mX*RFN}hYOoy~(yWM1Snn{yV}_(-k3|H?Th z)ai`6JURvzZ(6`}WG_faU>9H3(S5%odDtv>4aOr|N3KFHso_FQ81cQ!cCAR1;5K5T6~ z+*P7d3%8UtAf6y>G;%*H%+8`b?y0{21wFH{wDh`*w&E*_(IP6bI}$&gQ0&Jwq^*}6 zk_ax$aZjok!B{0^tDeUyL-J(})8!IHipFHnABia-?zh%=DdbI*CJ%A6f>)UhKy}PF zH#KF*%*s+7TwGYJTYjEaSLwbdF_zHS7sMk-sort?;|Epl^=4H=H~^SIVE@Uys=Me+v*l2 zRbYS)+Cz2*)LGDna4tVArPb1_0MmBRqmMri504O=0K5Sinsw!CV-+7faw`i8`c15| zNZo->==IC}?v4SDZiu2GEzsO~rzK7%VYahPm^Tn<$%2hZ?y)q4pmBRicsy7N2-wZ1 zwq>~WlALXv+_D~dSju_3@b*iJW^L9WKSY*;s9(12PwOrwixE^6itHMAAzQB;eX$9W zu%P1jkMu^Ogp!}3p%g~Ut?$QSyuF4SghT+i?{}4hKD+i62v~m-gVhSQWKqVYC3=1P z7y)*72SNni?EUu=g&UdpV{>nR0PRL$33!T$8eMm6be!DZ@~{^WFFO6n$6s>CN}^L*Xv z-gqA7xY(uU6Jjhmp$!8uj5z2kzA~OnUm7cSt^QUR`}oFSRW{PXKBYJ)bJW@%SN9%O z0hRZfF}oj&dNu{F$i(C{7*)H$-7R!I!5vw8QqBcA0rtD4VA1M8kVH|~H2LSI6pjhE z@_C1AVD0`U=)hpCP)|dW_3#KtxLu}PeA36rDDFaE!TjK1AHd}N^|P2amJu-uaMyNS ziJP~*W)FjuV#oPT4|NTXr`gF<2h`Qn`c%6yC1s{^kFu^FT6ld4hPD2RIGu}0%mriT zR%n5hx~v2naRDl|J%}7=+-9|&%Ffcg>C-lOieOjG-(zDGMHE+6>A|YwNyjY;;_Xdz z8O_3isrOT536`oLTV^HRXX3+SqXYoiclsO{0I`TqD$J^HbxZ6--Z4V6IhO?6=LgiQ zuXe@p>%Pe6nG$Rlc~h0e1B7<)$|%*E5%g%K8kPuK;~Dqbi{vqxD%2(Cb@1_}l4p$% zekpP+2BhmXg-`MjFV8pb*pG1pX<_=TW7Q3;twr;@>w6z-XmAVNy&vE@a!dY>Y=Bh! zQ>YJm%O-M+_dP^Ntu-3uXxAq;jO(nCv@$xXxv#T0QLzuXsZG=7^pK1$Suv&ydT@xX4uRfSX^LD zC%XQ|ui&=qL^8sornEAC(%Z>=@huQf4~;XQ&$U~hh8)-pj$|VW4QbK%;l@cn6CDN* zFh@&4omzLR)oV4oRowqt;~FO1IiTAaHg($U+vcRu<2pS#r(UL`O#lKto#u!!CdES8 zh4eNqzqs&PF7~YjjU5MCsW@%y8!4It%%!=2a6_(EhuqlX_1!FZL~A@B-aIko9?K3AkpScc_@B z7{pv*71}QxIS=kt%wl{7x*uMfa{nAw3bAx!wq}IZw70Xg(#5iN9Wm|zJXpBgVu$xVDc)I&>QWcVARa zMgnw<9XSrp$4r9GY2N-VQ7kXS}d-tEIJO83)8l~knh!lt|) zpi|+Lw;o=7Fx^Sq9Iofs*u6sSxz^j}dg%xU7Vn{;qwR9$^p20^j}SGQ7jFrQgu5bN59zyC_GT9s zcXo7r588^i8VV*5Q4l!jZF;4&(p_-vqmqLN7MK)z%Q4&}i3WE(Gzw4XNr{BK_O@M&c? z*06_G-e}pKs@R?hB=iZHeFwA;WZP$7?w0)eg$Yj=iAMAD_-<; zGh|?3b?%AHhBHB#T){Kyp#?u`FS7G4q^eZaTl4JH>O%b|?zQ7Mz?sN+U7BZ(G{O5+ z>P&;J*j{79evG=iJj8QtzQk=U3{gHkj10cdF}Sb)oo>~X*j?v^w`G|Up$HrA`zL&6 zydst{@$jRg4_QGD8k!SVGFaddGrsiwb~;oLkFslV9vUw5GM{+Pu1^wWvCUEkWem8r z{Snps3&^x+(O}ay(@c4>W&s5gsO6m7yT%oV7Zk%^yNZ}h2M7n_>05EF+7W04 z&C0_8a0~)(Oo^w&1OAcfD?Q^>zu{d#CvR09&*!MLHNC5eV%Ptc*?g9novqeX5Y}Pp z;bE(Pn}fWWms>Cv(->*$o2_PP%s^?CSyo&;sEp4U?wAt=?l88qD|-xg-$OEL7Q&b{ zql|eLw&SGQ*Sx(}(itU$PM00_kd<>}dIVa;iU)AZ8pr zo)%JVj9Q4b!qetWVPlUbn+YD8u~Z$@xIIW&})PFFGvAM1KLBa#>*qxBgXY&pKB9g9k^`IcO4BlBz*`$18^cu;J#k_nx3>ue6)E{d z0MJaOncTH{tE;FiG3bb+b;fSG&Ua(Xv0KfunZL8U+b<<0rOlDRg)ORGdNOu8LcK~2 zuT7!6)cec}xSL2skFZSyND7!=eM!O1lh)qWW?A;JeKDF}0GlkWJ)WNIq-aP_R{sqg zw*Fes6-h5%&#sQ)pCM?eW<<^zEv##Fcae9}gT*tZ&|VO)K`#r_uQ>>SNZ3NnFE_+B zNBu>+n6~*}?-a#v?D9s28z9H&`M@Zpd@>~uWZ%T;Knfz)ju(%{miQ$Fd5No4a+vDD zfgYOm2W@MD2MeB)p8hz0VWNUd1KONg)TYblYHh@0$e*C-2UfU``=z#$ zlwH^QlbZVzZNLr~2PU>^{SkTn%S|t2u>%8is2CnNLaCA!GhdL8bIZi>$7aW0>mR;m#_~x5+Z+jBAgD1k0lu zc{>Nmxerduz4x?n+J->DaqvQIskF4RW^MEYkvW7-(_90WlqIMOg7*8}FPGk5iIv7) zA(NWuGzEdGMm-34atK8fT!p~7#1rmkCmZ|5At|vd3ElC6`ks`RI<0&{`YEYB?1USv z2R5%pkoJ85 z`^-Oit$+P$Pe9EydP{uaH)IWN13^ttB+!g#W#Q2$CEac#(|fJO9;e589F_ztCmrS@ zlpux}5+vgY(A-^pbmfj&n|ze}-W4LfDz_a=t+kd#G71W6PAPs71)ws6nr-B;0wIous!v*dfbW7J>)R;@@J2lbaG=7BYn*J%5QSbI z*_~eGt7Ae7jvL?ySEe&;cB6N!wfIxR-;`@px#LL0i>eZArR{RrPL@|*E#_%^3akve zs1z4{TKhqJIIWqI*Lu-By_EyNM7bGmJw3lMHKCT0Rj8BJ-8eHX-s@MSEA{HzMRMSG zk)fD+I%!O5n;}9oP5*Gh0D>DKH2G4fAg&WRVU<@GSFDethRX=RCd!sa4kEOtl~Li2 zFM2kS$}{Y~R$UiZpfG%Wauc6I{*paLY8}_KW9sKN<`}n{lw1Q)fkDRW&(qZX7>PJT%b} zc8H1hB-{5esYRa{Y0n)AR8M75<~-V5K`BJXv%hIw_FHtj*ZM~2;d9*83>yF-UX}=5PK74&ik~n|L z*qrotQTE*P9%jVq)ghjRW_QIgR5TMiF z#(=sWUf%IDph0HhCm{7c`*j9qw^2kNJnd_DxSf9KsI1h`^TaT6xwX}=Hm=CCYHz}Q z+9iy#4CufdBMMx!rNY~ogaEPUbvuoWxYcS2UGoPJvraVN#+A9+7VS<5THiLdiT=R-)>Fh<4v4j0$mG{IODZ(&=Nc1F zMY!|tgG1mZfOON74sGxnl4f`(O0*zxqTW?uS9#4E<6}nJdv22ljo6CrqS~if^bc0v zdo~ms(d-OAeHQ3g;0RodINc&pB$%TE`NFmjHg$f;dUt1Nh_`NVSM3^FW&E1x^VU%v z?VSFdXmoyEg}7*<>*3c89gVriRXp|dy*1cCafyi;$iUjFW-Lr~eDA_OCc({9t|R?s z&M!b%HOGRF;Ry|0nscCKA=~)>5`+PBdr;q2phfw zL7jX7va73;3b?%1Y(V~!kz%}C^uhk=$LHJm1NudT|TrfK9JOEwd zw$o{>Eo);`J22p<`C(68PI%WgF+oJ&CD{95-;KXj(sQ9BrY(D9Bu4THGkjrjF#|ev zgl_{9A;=Df4!Q!KqyCrf9Ko|@wtyHAoA?HtjjrG%LWFgYdV}lr(=3NbAr^_ zesJCupQ_o@=;{3vm^w3hbKY!Lrvt-t)N!j(blhm5P%s?GS^Kwv821GWHZA=xqFz5k z&ga1oe2jQZ+I1q4;BgUD3!R~ZL;f_bk^WN#9}A7ve}oTy=%GCBJKkrKS21EP#{sSR z!{qmYPyx><>Kb+2WH$+zNQ&0{_HzG#b<02ybymaFW_{$Su@kV5CAb-yleYGu5RZl(ajjw)9Jfw>CZT_A z91?5Q;pTA=u$*gW%gri0oPA||0mmJ>9wH)4e$Fvz8dVrSwXEe)Gg`AJz_N7?7>WKb z6OH{ODZXY(vbGt32n78Pt64P!&s+|_X4(EnQ&6B53?nq8ul1zLrEdFBG~GPW^RCcV z2lw>BVj>ZH#eN+WJzg3^r#~g`%LiQ@4LNNU2PDCB-4`6Cicp0uGCiNF=JMU!YA$WOZOZJHYS;Ek77@G^3ec5#-1>ZC(UWn3jQ)6KC8?eQP(Vbns>>j;pHsgKHd}B`5qqel%=*00_I(_hLK`w zvleYCZeG0}tohEkcy@m{v6t^~h>fKk?iU#(Ua4MPd?Q=meV;18*_Z=0ki+h)O`WOE zMOVEOG;irLH(CtWWS2*ps(^}+3WBwhSuUUdqm2xd0P7c!MwFo#(^&mQBmr* zjecoIK=Mn1U@EBH2M2$EwVjiX*Gy7R>Qw^1@1{&8z}t~21syYDQ&*oKAwZP(_zYe? zG+7+XO;kfS;p`k+hVZf=X({eZL%6_dQio5^CS$S6aC;uOtfi)3{m#ZJd!uo+OE#8^ zL6)cc$%A{s;VoZUV)(hcX-%j0)1tPP>2xUek`LEgTcriMRm12Wc!I$j3L1Nxv(2Q_ z^Npi=l+{{e@q1_8lc!JJHfIt`C;7SyqF7kQhkCrg7oZ1RUg9wL!DkHBx`Lt z-+xuA=xD*ud|BV-s@5s8eBFWgh;%FMv&<%NIoXCXtk%FTZ%9_rV=C7C;MLCQ>FE=& z(5pJ&Ub84k-{%zE1UXh$MM4~J(5_n82hSAQ70EnZ+sw$RD#H!v7Mz?G{m38zbAA7% zmo<8#3%5UgdsElr{_ypGzV%cUZrpt6=Iqmu#Ua&M0Vf^apjTH;j+Z@$utG@L`dc47 zbf68I-xcsUwmzWU`!^QA9eeu{4V9If?bwIAT1j3NJBPOTSw1zqas0qWWju%^0!p_8 z(G6^#J;04oKt1Wmu;FAo)Y`gmIE$&({$V4U|hEJovxh{ zQfD|_ObOjET9bEVOE}v~tXA+5I_vh{Es))65}4g2Ek$h(C~a}5-#SILpLIq+L=)9< zgV7M53H|CJzB9wKi-~7$ryJXp-7pb+c;mjREnT$x@e1F`p?dX4bzMEZdZXZB36I}~X;dN};CmJnvuB$ji_6RXY0IwFM>z+jm2RL&eU^USobdVC$9C>Q z33J4#ZuYvqO^=R~dLq#;%^}tD)d!u`-RvKljqTBoEdy(u`JO~9ennP{83{j&7r+?w z(YaY_QGPnE

RnLPr2+CHrji;H@7hBg?_@X;fYb(z&=)u#oGYItgg$5Pn0^*1lFz zD z&7V$I)2gKsy$)a8-#UGWb3gHPr~IwsxShk>4z2ndPp-hmU?Y~P;}b}s1_3_mFVa^^ z2770UM!F(ioAVO`*D;r&KDd{*+3LyNR%}`)Jj@m{3<$p3AuJ?Rf@_yJx3i~skD)X;DX`i{l3gA%#GkQ?vX`opa$YsbHK=@boYDYJ>TBS9?AWwsJ) z8Ax+Gp02YJrI{jquk;Ky8=Dh>%Hsl>qnkF4<>GkdpK;v!t6M}dbY1-iV?+9c+HYDT z9jzAhl|~kd`9cDPb@pV*0~g2sNV=TwZ;&jFNDy*ribh=)nfCQd=D*y4V)3Lr75WE* zM^%c@(Kjcor0>Sx>n=j>h>=9NC?2KpZwMrGk9CT-fYJnWUTH5V z1@ec4=<5+ob{h_w6{xy(1qMvGo0lspUsb15b)GS_aZ7VhA`jtK0kv^>MT zJ9t&$olO0ScG;59S6ZQ4)O2L}&cz`oAhIirDHtsXg#sP4QiX~TA$4Bz4=?JuY7tyG zTz?mV|1w!MZ}1wbWmQgm4+!C5^M425F7Uf`K+OvJ-2IWB0n>zqZ+S;Y?pyeF-TD<$ z&Fmrlz#;9}IIySQ{*E)z10{WW*y;i7#+ByYCR^t1CgbkJ>XwjdId&8R?8{G0Asp@Z z-WX|-ClZ7PEvMs%>G=H8C0jt(TCsCM;q4h}$>`F$)cS^{iBH{qM_5AXq`wK%|f|chu^s($s!gIw>46AHosH(-MJ6f~f87eL@4-)aZq) z=?(ckYR~8{)j+J!O)P8H-&pTh2Do72NeNL72b#M?qv->dHzp34)D@9?`sya^4@!=e z@hKO01c4e28P(u~cWKLWs+FpRqJ`bxZklQ#c8`gjRrt?(w0I8=%#!!rO~Q8z0CjpO zFS;Qs73c-}4{P_&7uwTJdS4LUZX={+duo0#>^znzm*y;2;Ouxq_Ur?bLMh%I)4Jw7 zWTOimxPn3?c#&ivbk=J`O@E(HEmy;4WPt4H6cX2C&9#2x_~hoGZ5YUPhJ7%k@-SA- zwLGMH!hO>?E~=2ti=OU3T#$dx<;Q_&K&!<1vVv?r@`wK4APZ_cla$SIJ%G7`gjy)w zKF97=Jm+#1z8wjxl6YNwkp}$#SubeOWn7w^2={s-H7>N0>GFIb3w@6>0dt262SW0Ln^Kc2jsAUNnx-vgvjFBnrKQ zL47pNK_>T>bx(P+veE%MCL36Co9jX&rAs&yz;UXFNFADoaj$6!P*0BDK~u9_~ztT1O?k;JYEh7GzHI zKOXq|N6eQ$;M3R|_GEqTCn0ooC|)wrT%jc86HWZ0l7AVc;Kj0zEJkMbAiY?gV9n** z^srMS+1%x3|6dhlsz|I94JF*qLj4}D{M8*ceP38H@J)ozl-sp7Xw zrc9}=B9Fg<9=P_Mio2^;xgK^pJXx-dS!rIc0skiB|2c%!4W>j(c$iGARpD5Y1V2By z6Bp}z0)9syt7_ITIdt6Y3KHZVxUo5HnAXSB)g>9xME)O{qW>Ok0ILlrG=thb!)*9; zNnacZi0G9_nQc(b-HH!5KK37dklGF|F3r%a#W`!WLVarci`)E!PqKm~47T39E94P3l)(HtK-m=(QU;Mr2sNpEG%=b(0Q>%3JBx*C`d4*G+7zs71e0iBJ)xz2M4Ld*Y_+?n3b&XylK_|J-_G&QMGAx$}^-!AHHrcKf$#AlOkuNWO4gc6lC{50O z-;I&|-Zv`O@*NdR5&rCE>lXpYe*uO6V*oKMbo9B);5XN3>=H3o@D3I3_B(m;WMhHS z^0;$2DiSkj*XPc7KJB<@FE2eE|K4Jik-VeW{6Zk>leH6NAScfM)ZO1+rUOfh;w|3e zFCh2NcJQK6BlAbL7>$@b%i|n;iC@ez-fNYCRk+zf1M#S!FV&^UT0*&Jac=0E20XL+-7eJiy1|jeJe+ER1p>tzBTaVIb3MdHR1np zZ0Hf&`OxtS&kJJe&2OJe=*Bg^R&;oMy@KU~)r{K|`2KHO{16IniPxF@-go1aGCNf1 zKZOVM*k?P9As>JcQHm&imgRxX+~D~^k*CM;Y5ziX|Gk=1Rrt6xQDCg^>X(WdYVnCi zvIj^e63{U(<66&@PY+}m3JA5)&QYvol{dzXgB(w9`nogDE(?WH+zg|OtB?ug|ClA2 zojDdgiTqyOA=~cnT(;Y#o*?Ajwe14%nRX1eB~&rg^jJZE&E+1`=WZ%w7L*|u>r zXU@ezMAVDbt7aH2s~*yPe^*8SPlY3A1|&~$bbC>0P(cCq@V2dw4SAV{0*^dlf{eKY&e=-07 diff --git a/docs/mint.json b/docs/mint.json index ba66b271f3..25db15c632 100644 --- a/docs/mint.json +++ b/docs/mint.json @@ -110,6 +110,7 @@ "documentation/platform/organization", "documentation/platform/project", "documentation/platform/folder", + "documentation/platform/secret-reference", "documentation/platform/pit-recovery", "documentation/platform/secret-versioning", "documentation/platform/audit-logs", From 5599132efe80f47a60869f8c2d354d3fc4f176bf Mon Sep 17 00:00:00 2001 From: akhilmhdh Date: Thu, 6 Jul 2023 18:58:48 +0530 Subject: [PATCH 05/13] fix(secret-ref): resolved service token unable to fetch secrets in cli --- cli/packages/api/model.go | 6 ++++-- cli/packages/util/secrets.go | 21 +++++++++++++-------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/cli/packages/api/model.go b/cli/packages/api/model.go index 954982dc94..09e6779e0d 100644 --- a/cli/packages/api/model.go +++ b/cli/packages/api/model.go @@ -181,14 +181,16 @@ type GetServiceTokenDetailsResponse struct { ID string `json:"_id"` Name string `json:"name"` Workspace string `json:"workspace"` - Environment string `json:"environment"` ExpiresAt time.Time `json:"expiresAt"` EncryptedKey string `json:"encryptedKey"` Iv string `json:"iv"` Tag string `json:"tag"` CreatedAt time.Time `json:"createdAt"` UpdatedAt time.Time `json:"updatedAt"` - SecretPath string `json:"secretPath"` + Scopes []struct { + Environment string `json:"environment"` + SecretPath string `json:"secretPath"` + } `json:"scopes"` } type GetAccessibleEnvironmentsRequest struct { diff --git a/cli/packages/util/secrets.go b/cli/packages/util/secrets.go index 8a7117a9ae..309b176312 100644 --- a/cli/packages/util/secrets.go +++ b/cli/packages/util/secrets.go @@ -17,7 +17,7 @@ import ( "github.com/rs/zerolog/log" ) -func GetPlainTextSecretsViaServiceToken(fullServiceToken string) ([]models.SingleEnvironmentVariable, api.GetServiceTokenDetailsResponse, error) { +func GetPlainTextSecretsViaServiceToken(fullServiceToken string, environment string, secretPath string) ([]models.SingleEnvironmentVariable, api.GetServiceTokenDetailsResponse, error) { serviceTokenParts := strings.SplitN(fullServiceToken, ".", 4) if len(serviceTokenParts) < 4 { return nil, api.GetServiceTokenDetailsResponse{}, fmt.Errorf("invalid service token entered. Please double check your service token and try again") @@ -35,10 +35,19 @@ func GetPlainTextSecretsViaServiceToken(fullServiceToken string) ([]models.Singl return nil, api.GetServiceTokenDetailsResponse{}, fmt.Errorf("unable to get service token details. [err=%v]", err) } + // if multiple scopes are there then user needs to specify which environment and secret path + if environment == "" { + if len(serviceTokenDetails.Scopes) != 1 { + return nil, api.GetServiceTokenDetailsResponse{}, fmt.Errorf("you need to provide the --env for multiple environment scoped token") + } else { + environment = serviceTokenDetails.Scopes[0].Environment + } + } + encryptedSecrets, err := api.CallGetSecretsV3(httpClient, api.GetEncryptedSecretsV3Request{ WorkspaceId: serviceTokenDetails.Workspace, - Environment: serviceTokenDetails.Environment, - SecretPath: serviceTokenDetails.SecretPath, + Environment: environment, + SecretPath: secretPath, }) if err != nil { @@ -190,11 +199,7 @@ func GetAllEnvironmentVariables(params models.GetAllSecretsParameters) ([]models } else { log.Debug().Msg("Trying to fetch secrets using service token") - secretsToReturn, _, errorToReturn = GetPlainTextSecretsViaServiceToken(infisicalToken) - - // if serviceTokenDetails.Environment != params.Environment { - // PrintErrorMessageAndExit(fmt.Sprintf("Fetch secrets failed: token allows [%s] environment access, not [%s]. Service tokens are environment-specific; no need for --env flag.", params.Environment, serviceTokenDetails.Environment)) - // } + secretsToReturn, _, errorToReturn = GetPlainTextSecretsViaServiceToken(infisicalToken, params.Environment, params.SecretsPath) } return secretsToReturn, errorToReturn From 5aba0c60b8b3cdffff267e75d1e678fa705a9493 Mon Sep 17 00:00:00 2001 From: akhilmhdh Date: Thu, 6 Jul 2023 20:01:46 +0530 Subject: [PATCH 06/13] feat(secret-ref): removed migration field unset op, refactored service token scope check to a utility fn --- .../src/controllers/v2/secretsController.ts | 34 ++++------ backend/src/helpers/secrets.ts | 68 ++++++++----------- backend/src/utils/setup/backfillData.ts | 3 - cli/packages/util/secrets.go | 6 +- 4 files changed, 45 insertions(+), 66 deletions(-) diff --git a/backend/src/controllers/v2/secretsController.ts b/backend/src/controllers/v2/secretsController.ts index 8307d373d0..b93846e70c 100644 --- a/backend/src/controllers/v2/secretsController.ts +++ b/backend/src/controllers/v2/secretsController.ts @@ -1,6 +1,5 @@ import { Types } from "mongoose"; import { Request, Response } from "express"; -import picomatch from "picomatch"; import { ISecret, Secret, ServiceTokenData } from "../../models"; import { IAction, SecretVersion } from "../../ee/models"; import { @@ -33,6 +32,7 @@ import { getFolderIdFromServiceToken, searchByFolderId } from "../../services/FolderService"; +import { isValidScope } from "../../helpers/secrets"; /** * Peform a batch of any specified CUD secret operations @@ -74,16 +74,11 @@ export const batchSecrets = async (req: Request, res: Response) => { } if (req.authData.authPayload instanceof ServiceTokenData) { - const { scopes: tkScopes } = req.authData.authPayload; - const validScope = tkScopes.find( - (scope) => - picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && - scope.environment === environment - ); + const isValidScopeAccess = isValidScope(req.authData.authPayload, environment, secretPath); // in service token when not giving secretpath folderid must be root // this is to avoid giving folderid when service tokens are used - if ((!secretPath && folderId !== "root") || (secretPath && !validScope)) { + if ((!secretPath && folderId !== "root") || (secretPath && !isValidScopeAccess)) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } @@ -447,16 +442,15 @@ export const createSecrets = async (req: Request, res: Response) => { } if (req.authData.authPayload instanceof ServiceTokenData) { - const { scopes: tkScopes } = req.authData.authPayload; - const validScope = tkScopes.find( - (scope) => - picomatch.isMatch(secretPath || "/", scope.secretPath, { strictSlashes: false }) && - scope.environment === environment + const isValidScopeAccess = isValidScope( + req.authData.authPayload, + environment, + secretPath || "/" ); // in service token when not giving secretpath folderid must be root // this is to avoid giving folderid when service tokens are used - if ((!secretPath && folderId !== "root") || (secretPath && !validScope)) { + if ((!secretPath && folderId !== "root") || (secretPath && !isValidScopeAccess)) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } @@ -704,17 +698,15 @@ export const getSecrets = async (req: Request, res: Response) => { } if (req.authData.authPayload instanceof ServiceTokenData) { - const { scopes: tkScopes } = req.authData.authPayload; - const validScope = tkScopes.find( - (scope) => - picomatch.isMatch((secretPath as string) || "/", scope.secretPath, { - strictSlashes: false - }) && scope.environment === environment + const isValidScopeAccess = isValidScope( + req.authData.authPayload, + environment, + (secretPath as string) || "/" ); // in service token when not giving secretpath folderid must be root // this is to avoid giving folderid when service tokens are used - if ((!secretPath && folderId !== "root") || (secretPath && !validScope)) { + if ((!secretPath && folderId !== "root") || (secretPath && !isValidScopeAccess)) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } diff --git a/backend/src/helpers/secrets.ts b/backend/src/helpers/secrets.ts index cd964fe9f5..1a68930bc6 100644 --- a/backend/src/helpers/secrets.ts +++ b/backend/src/helpers/secrets.ts @@ -6,7 +6,13 @@ import { GetSecretsParams, UpdateSecretParams } from "../interfaces/services/SecretService"; -import { ISecret, Secret, SecretBlindIndexData, ServiceTokenData } from "../models"; +import { + ISecret, + IServiceTokenData, + Secret, + SecretBlindIndexData, + ServiceTokenData +} from "../models"; import { SecretVersion } from "../ee/models"; import { BadRequestError, @@ -39,6 +45,21 @@ import { getAuthDataPayloadIdObj, getAuthDataPayloadUserObj } from "../utils/aut import { getFolderIdFromServiceToken } from "../services/FolderService"; import picomatch from "picomatch"; +export const isValidScope = ( + authPayload: IServiceTokenData, + environment: string, + secretPath: string +) => { + const { scopes: tkScopes } = authPayload; + const validScope = tkScopes.find( + (scope) => + picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && + scope.environment === environment + ); + + return Boolean(validScope); +}; + /** * Returns an object containing secret [secret] but with its value, key, comment decrypted. * @@ -306,14 +327,7 @@ export const createSecretHelper = async ({ // if using service token filter towards the folderId by secretpath if (authData.authPayload instanceof ServiceTokenData) { - const { scopes: tkScopes } = authData.authPayload; - const validScope = tkScopes.find( - (scope) => - picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && - scope.environment === environment - ); - - if (!validScope) { + if (!isValidScope(authData.authPayload, environment, secretPath)) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } @@ -459,14 +473,7 @@ export const getSecretsHelper = async ({ let secrets: ISecret[] = []; // if using service token filter towards the folderId by secretpath if (authData.authPayload instanceof ServiceTokenData) { - const { scopes: tkScopes } = authData.authPayload; - const validScope = tkScopes.find( - (scope) => - picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && - scope.environment === environment - ); - - if (!validScope) { + if (!isValidScope(authData.authPayload, environment, secretPath)) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } @@ -562,14 +569,7 @@ export const getSecretHelper = async ({ let secret: ISecret | null = null; // if using service token filter towards the folderId by secretpath if (authData.authPayload instanceof ServiceTokenData) { - const { scopes: tkScopes } = authData.authPayload; - const validScope = tkScopes.find( - (scope) => - picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && - scope.environment === environment - ); - - if (!validScope) { + if (!isValidScope(authData.authPayload, environment, secretPath)) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } @@ -671,14 +671,7 @@ export const updateSecretHelper = async ({ let secret: ISecret | null = null; // if using service token filter towards the folderId by secretpath if (authData.authPayload instanceof ServiceTokenData) { - const { scopes: tkScopes } = authData.authPayload; - const validScope = tkScopes.find( - (scope) => - picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && - scope.environment === environment - ); - - if (!validScope) { + if (!isValidScope(authData.authPayload, environment, secretPath)) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } @@ -826,14 +819,7 @@ export const deleteSecretHelper = async ({ // if using service token filter towards the folderId by secretpath if (authData.authPayload instanceof ServiceTokenData) { - const { scopes: tkScopes } = authData.authPayload; - const validScope = tkScopes.find( - (scope) => - picomatch.isMatch(secretPath, scope.secretPath, { strictSlashes: false }) && - scope.environment === environment - ); - - if (!validScope) { + if (!isValidScope(authData.authPayload, environment, secretPath)) { throw UnauthorizedRequestError({ message: "Folder Permission Denied" }); } } diff --git a/backend/src/utils/setup/backfillData.ts b/backend/src/utils/setup/backfillData.ts index 98dcad90ef..801a75e6fa 100644 --- a/backend/src/utils/setup/backfillData.ts +++ b/backend/src/utils/setup/backfillData.ts @@ -446,9 +446,6 @@ export const backfillServiceTokenMultiScope = async () => { $set: { scopes: [{ environment: "$environment", secretPath: "$secretPath" }] } - }, - { - $unset: ["environment", "secretPath"] } ] ); diff --git a/cli/packages/util/secrets.go b/cli/packages/util/secrets.go index 309b176312..80d51fcf5a 100644 --- a/cli/packages/util/secrets.go +++ b/cli/packages/util/secrets.go @@ -292,7 +292,11 @@ func recursivelyExpandSecret(expandedSecs map[string]string, interpolatedSecs ma return v } - interpolatedVal := interpolatedSecs[key] + interpolatedVal, ok := interpolatedSecs[key] + if !ok { + HandleError(fmt.Errorf("Could not find refered secret - %s", key), "Kindly check whether its provided") + } + refs := secRefRegex.FindAllStringSubmatch(interpolatedVal, -1) for _, val := range refs { // key: "${something}" val: [${something},something] From 8a237af4ac7c412ef22d3f905628c3b4737a9e38 Mon Sep 17 00:00:00 2001 From: akhilmhdh Date: Thu, 6 Jul 2023 22:15:10 +0530 Subject: [PATCH 07/13] feat(secret-ref): updated reference corner cases of trailing slashes --- cli/packages/util/secrets.go | 5 ++--- .../ServiceTokenSection/AddServiceTokenModal.tsx | 9 ++++++++- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/cli/packages/util/secrets.go b/cli/packages/util/secrets.go index 80d51fcf5a..d49e926072 100644 --- a/cli/packages/util/secrets.go +++ b/cli/packages/util/secrets.go @@ -358,10 +358,9 @@ func ExpandSecrets(secrets []models.SingleEnvironmentVariable, infisicalToken st } expandedVal := recursivelyExpandSecret(expandedSecs, interpolatedSecs, func(env string, secPaths []string, secKey string) string { + secPaths = append([]string{"/"}, secPaths...) secPath := path.Join(secPaths...) - if secPath == "" { - secPath = "/" - } + secPathDot := strings.Join(secPaths, ".") uniqKey := fmt.Sprintf("%s.%s", env, secPathDot) diff --git a/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/AddServiceTokenModal.tsx b/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/AddServiceTokenModal.tsx index 82fbf9edcc..a44db233b4 100644 --- a/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/AddServiceTokenModal.tsx +++ b/frontend/src/views/Settings/ProjectSettingsPage/components/ServiceTokenSection/AddServiceTokenModal.tsx @@ -45,7 +45,14 @@ const schema = yup.object({ .array( yup.object({ environment: yup.string().max(50).required().label("Environment"), - secretPath: yup.string().required().default("/").label("Secret Path") + secretPath: yup + .string() + .required() + .default("/") + .label("Secret Path") + .transform((val) => + typeof val === "string" && val.at(-1) === "/" && val.length > 1 ? val.slice(0, -1) : val + ) }) ) .min(1) From f82fa1b3b35bec04dff842518b99c8138b25ed67 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Fri, 7 Jul 2023 15:49:21 -0400 Subject: [PATCH 08/13] add secret reference support --- .../api/v1alpha1/infisicalsecret_types.go | 22 +++- .../api/v1alpha1/zz_generated.deepcopy.go | 16 +++ ...ecrets.infisical.com_infisicalsecrets.yaml | 11 ++ k8-operator/config/samples/sample.yaml | 15 ++- .../controllers/infisicalsecret_helper.go | 5 +- k8-operator/packages/util/secrets.go | 114 +++++++++++++++++- 6 files changed, 167 insertions(+), 16 deletions(-) diff --git a/k8-operator/api/v1alpha1/infisicalsecret_types.go b/k8-operator/api/v1alpha1/infisicalsecret_types.go index 203394417a..3b61bd215f 100644 --- a/k8-operator/api/v1alpha1/infisicalsecret_types.go +++ b/k8-operator/api/v1alpha1/infisicalsecret_types.go @@ -4,8 +4,19 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +type Authentication struct { + // +kubebuilder:validation:Optional + ServiceAccount ServiceAccountDetails `json:"serviceAccount"` + // +kubebuilder:validation:Optional + ServiceToken ServiceTokenDetails `json:"serviceToken"` +} + type ServiceTokenDetails struct { + // +kubebuilder:validation:Required ServiceTokenSecretReference KubeSecretReference `json:"serviceTokenSecretReference"` + + // +kubebuilder:validation:Required + SecretsScope SecretScopeInWorkspace `json:"secretsScope"` } type ServiceAccountDetails struct { @@ -14,11 +25,12 @@ type ServiceAccountDetails struct { EnvironmentName string `json:"environmentName"` } -type Authentication struct { - // +kubebuilder:validation:Optional - ServiceAccount ServiceAccountDetails `json:"serviceAccount"` - // +kubebuilder:validation:Optional - ServiceToken ServiceTokenDetails `json:"serviceToken"` +type SecretScopeInWorkspace struct { + // +kubebuilder:validation:Required + SecretsPath string `json:"secretsPath"` + + // +kubebuilder:validation:Required + EnvSlug string `json:"envSlug"` } type KubeSecretReference struct { diff --git a/k8-operator/api/v1alpha1/zz_generated.deepcopy.go b/k8-operator/api/v1alpha1/zz_generated.deepcopy.go index 97c0f4fc76..01000431c8 100644 --- a/k8-operator/api/v1alpha1/zz_generated.deepcopy.go +++ b/k8-operator/api/v1alpha1/zz_generated.deepcopy.go @@ -157,6 +157,21 @@ func (in *KubeSecretReference) DeepCopy() *KubeSecretReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretScopeInWorkspace) DeepCopyInto(out *SecretScopeInWorkspace) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretScopeInWorkspace. +func (in *SecretScopeInWorkspace) DeepCopy() *SecretScopeInWorkspace { + if in == nil { + return nil + } + out := new(SecretScopeInWorkspace) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServiceAccountDetails) DeepCopyInto(out *ServiceAccountDetails) { *out = *in @@ -177,6 +192,7 @@ func (in *ServiceAccountDetails) DeepCopy() *ServiceAccountDetails { func (in *ServiceTokenDetails) DeepCopyInto(out *ServiceTokenDetails) { *out = *in out.ServiceTokenSecretReference = in.ServiceTokenSecretReference + out.SecretsScope = in.SecretsScope } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceTokenDetails. diff --git a/k8-operator/config/crd/bases/secrets.infisical.com_infisicalsecrets.yaml b/k8-operator/config/crd/bases/secrets.infisical.com_infisicalsecrets.yaml index f47efb0614..07433f7817 100644 --- a/k8-operator/config/crd/bases/secrets.infisical.com_infisicalsecrets.yaml +++ b/k8-operator/config/crd/bases/secrets.infisical.com_infisicalsecrets.yaml @@ -63,6 +63,16 @@ spec: type: object serviceToken: properties: + secretsScope: + properties: + envSlug: + type: string + secretsPath: + type: string + required: + - envSlug + - secretsPath + type: object serviceTokenSecretReference: properties: secretName: @@ -77,6 +87,7 @@ spec: - secretNamespace type: object required: + - secretsScope - serviceTokenSecretReference type: object type: object diff --git a/k8-operator/config/samples/sample.yaml b/k8-operator/config/samples/sample.yaml index 971df9f7c1..4c5059d9f7 100644 --- a/k8-operator/config/samples/sample.yaml +++ b/k8-operator/config/samples/sample.yaml @@ -3,8 +3,8 @@ kind: InfisicalSecret metadata: name: infisicalsecret-sample spec: - hostAPI: http://localhost:7070/api - resyncInterval: 60 + hostAPI: http://localhost:8764/api + resyncInterval: 10 authentication: serviceAccount: serviceAccountSecretReference: @@ -16,10 +16,13 @@ spec: serviceTokenSecretReference: secretName: service-token secretNamespace: default + secretsScope: + envSlug: dev + secretsPath: "/" managedSecretReference: secretName: managed-secret secretNamespace: default - # To be depreciated soon - tokenSecretReference: - secretName: service-token - secretNamespace: default + # # To be depreciated soon + # tokenSecretReference: + # secretName: service-token + # secretNamespace: default diff --git a/k8-operator/controllers/infisicalsecret_helper.go b/k8-operator/controllers/infisicalsecret_helper.go index 32216e2e37..509de94ac8 100644 --- a/k8-operator/controllers/infisicalsecret_helper.go +++ b/k8-operator/controllers/infisicalsecret_helper.go @@ -219,7 +219,10 @@ func (r *InfisicalSecretReconciler) ReconcileInfisicalSecret(ctx context.Context fmt.Println("ReconcileInfisicalSecret: Fetched secrets via service account") } else if infisicalToken != "" { - plainTextSecretsFromApi, fullEncryptedSecretsResponse, err = util.GetPlainTextSecretsViaServiceToken(infisicalToken, secretVersionBasedOnETag) + envSlug := infisicalSecret.Spec.Authentication.ServiceToken.SecretsScope.EnvSlug + secretsPath := infisicalSecret.Spec.Authentication.ServiceToken.SecretsScope.SecretsPath + + plainTextSecretsFromApi, fullEncryptedSecretsResponse, err = util.GetPlainTextSecretsViaServiceToken(infisicalToken, secretVersionBasedOnETag, envSlug, secretsPath) if err != nil { return fmt.Errorf("\nfailed to get secrets because [err=%v]", err) } diff --git a/k8-operator/packages/util/secrets.go b/k8-operator/packages/util/secrets.go index 5087cd03aa..28ba472530 100644 --- a/k8-operator/packages/util/secrets.go +++ b/k8-operator/packages/util/secrets.go @@ -3,6 +3,8 @@ package util import ( "encoding/base64" "fmt" + "path" + "regexp" "strings" "github.com/Infisical/infisical/k8-operator/packages/api" @@ -48,7 +50,7 @@ func GetServiceTokenDetails(infisicalToken string) (api.GetServiceTokenDetailsRe return serviceTokenDetails, nil } -func GetPlainTextSecretsViaServiceToken(fullServiceToken string, etag string) ([]model.SingleEnvironmentVariable, api.GetEncryptedSecretsV3Response, error) { +func GetPlainTextSecretsViaServiceToken(fullServiceToken string, etag string, envSlug string, secretPath string) ([]model.SingleEnvironmentVariable, api.GetEncryptedSecretsV3Response, error) { serviceTokenParts := strings.SplitN(fullServiceToken, ".", 4) if len(serviceTokenParts) < 4 { return nil, api.GetEncryptedSecretsV3Response{}, fmt.Errorf("invalid service token entered. Please double check your service token and try again") @@ -68,9 +70,9 @@ func GetPlainTextSecretsViaServiceToken(fullServiceToken string, etag string) ([ encryptedSecretsResponse, err := api.CallGetSecretsV3(httpClient, api.GetEncryptedSecretsV3Request{ WorkspaceId: serviceTokenDetails.Workspace, - Environment: serviceTokenDetails.Environment, + Environment: envSlug, ETag: etag, - SecretPath: serviceTokenDetails.SecretPath, + SecretPath: secretPath, }) if err != nil { @@ -92,7 +94,10 @@ func GetPlainTextSecretsViaServiceToken(fullServiceToken string, etag string) ([ return nil, api.GetEncryptedSecretsV3Response{}, fmt.Errorf("unable to decrypt your secrets [err=%v]", err) } - return plainTextSecrets, encryptedSecretsResponse, nil + // expand secrets that are referenced + expandedSecrets := ExpandSecrets(plainTextSecrets, fullServiceToken) + + return expandedSecrets, encryptedSecretsResponse, nil } // Fetches plaintext secrets from an API endpoint using a service account. @@ -252,3 +257,104 @@ func GetPlainTextSecrets(key []byte, encryptedSecretsResponse api.GetEncryptedSe return plainTextSecrets, nil } + +var secRefRegex = regexp.MustCompile(`\${([^\}]*)}`) + +func recursivelyExpandSecret(expandedSecs map[string]string, interpolatedSecs map[string]string, crossSecRefFetch func(env string, path []string, key string) string, key string) string { + if v, ok := expandedSecs[key]; ok { + return v + } + + interpolatedVal, ok := interpolatedSecs[key] + if !ok { + return "" + // panic(fmt.Errorf("Could not find referred secret with key name %s", key), "Please check it refers a") + } + + refs := secRefRegex.FindAllStringSubmatch(interpolatedVal, -1) + for _, val := range refs { + // key: "${something}" val: [${something},something] + interpolatedExp, interpolationKey := val[0], val[1] + ref := strings.Split(interpolationKey, ".") + + // ${KEY1} => [key1] + if len(ref) == 1 { + val := recursivelyExpandSecret(expandedSecs, interpolatedSecs, crossSecRefFetch, interpolationKey) + interpolatedVal = strings.ReplaceAll(interpolatedVal, interpolatedExp, val) + continue + } + + // cross board reference ${env.folder.key1} => [env folder key1] + if len(ref) > 1 { + secEnv, tmpSecPath, secKey := ref[0], ref[1:len(ref)-1], ref[len(ref)-1] + interpolatedSecs[interpolationKey] = crossSecRefFetch(secEnv, tmpSecPath, secKey) // get the reference value + val := recursivelyExpandSecret(expandedSecs, interpolatedSecs, crossSecRefFetch, interpolationKey) + interpolatedVal = strings.ReplaceAll(interpolatedVal, interpolatedExp, val) + } + + } + expandedSecs[key] = interpolatedVal + return interpolatedVal +} + +func ExpandSecrets(secrets []model.SingleEnvironmentVariable, infisicalToken string) []model.SingleEnvironmentVariable { + expandedSecs := make(map[string]string) + interpolatedSecs := make(map[string]string) + // map[env.secret-path][keyname]Secret + crossEnvRefSecs := make(map[string]map[string]model.SingleEnvironmentVariable) // a cache to hold all cross board reference secrets + + for _, sec := range secrets { + // get all references in a secret + refs := secRefRegex.FindAllStringSubmatch(sec.Value, -1) + // nil means its a secret without reference + if refs == nil { + expandedSecs[sec.Key] = sec.Value // atomic secrets without any interpolation + } else { + interpolatedSecs[sec.Key] = sec.Value + } + } + + for i, sec := range secrets { + // already present pick that up + if expandedVal, ok := expandedSecs[sec.Key]; ok { + secrets[i].Value = expandedVal + continue + } + + expandedVal := recursivelyExpandSecret(expandedSecs, interpolatedSecs, func(env string, secPaths []string, secKey string) string { + secPaths = append([]string{"/"}, secPaths...) + secPath := path.Join(secPaths...) + + secPathDot := strings.Join(secPaths, ".") + uniqKey := fmt.Sprintf("%s.%s", env, secPathDot) + + if crossRefSec, ok := crossEnvRefSecs[uniqKey]; !ok { + // if not in cross reference cache, fetch it from server + refSecs, _, err := GetPlainTextSecretsViaServiceToken(infisicalToken, "", env, secPath) + if err != nil { + fmt.Println("HELLO===>", "MOO", err) + // HandleError(err, fmt.Sprintf("Could not fetch secrets in environment: %s secret-path: %s", env, secPath), "If you are using a service token to fetch secrets, please ensure it is valid") + } + refSecsByKey := getSecretsByKeys(refSecs) + // save it to avoid calling api again for same environment and folder path + crossEnvRefSecs[uniqKey] = refSecsByKey + return refSecsByKey[secKey].Value + } else { + return crossRefSec[secKey].Value + } + }, sec.Key) + + secrets[i].Value = expandedVal + } + return secrets +} + +func getSecretsByKeys(secrets []model.SingleEnvironmentVariable) map[string]model.SingleEnvironmentVariable { + secretMapByName := make(map[string]model.SingleEnvironmentVariable, len(secrets)) + + for _, secret := range secrets { + secretMapByName[secret.Key] = secret + } + + return secretMapByName +} From 57cdab07275e7cd058a2fc79f9dc7cd5a552ced4 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Fri, 7 Jul 2023 15:55:22 -0400 Subject: [PATCH 09/13] update k8 operator crd for secret refs --- .../kubectl-install/install-secrets-operator.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/k8-operator/kubectl-install/install-secrets-operator.yaml b/k8-operator/kubectl-install/install-secrets-operator.yaml index f362bcfa1d..dad6dcf3a3 100644 --- a/k8-operator/kubectl-install/install-secrets-operator.yaml +++ b/k8-operator/kubectl-install/install-secrets-operator.yaml @@ -70,6 +70,16 @@ spec: type: object serviceToken: properties: + secretsScope: + properties: + envSlug: + type: string + secretsPath: + type: string + required: + - envSlug + - secretsPath + type: object serviceTokenSecretReference: properties: secretName: @@ -83,6 +93,7 @@ spec: - secretNamespace type: object required: + - secretsScope - serviceTokenSecretReference type: object type: object From 5a2299f758fb9359c6de388d6c2723dc7fcb6e9f Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Fri, 7 Jul 2023 15:55:45 -0400 Subject: [PATCH 10/13] update k8 operator crd for secret refs --- .../templates/infisicalsecret-crd.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/helm-charts/secrets-operator/templates/infisicalsecret-crd.yaml b/helm-charts/secrets-operator/templates/infisicalsecret-crd.yaml index ceeac67093..51dd18a416 100644 --- a/helm-charts/secrets-operator/templates/infisicalsecret-crd.yaml +++ b/helm-charts/secrets-operator/templates/infisicalsecret-crd.yaml @@ -63,6 +63,16 @@ spec: type: object serviceToken: properties: + secretsScope: + properties: + envSlug: + type: string + secretsPath: + type: string + required: + - envSlug + - secretsPath + type: object serviceTokenSecretReference: properties: secretName: @@ -77,6 +87,7 @@ spec: - secretNamespace type: object required: + - secretsScope - serviceTokenSecretReference type: object type: object From 83aa6127ec3021749baafd6aa48741c758bfc193 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Fri, 7 Jul 2023 15:56:47 -0400 Subject: [PATCH 11/13] update k8 chart version --- helm-charts/secrets-operator/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm-charts/secrets-operator/Chart.yaml b/helm-charts/secrets-operator/Chart.yaml index c3e0073b5f..d44467decc 100644 --- a/helm-charts/secrets-operator/Chart.yaml +++ b/helm-charts/secrets-operator/Chart.yaml @@ -13,9 +13,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.6 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.8" +appVersion: "0.2.0" From c5aae44249669387f075c72b822e403225f0cb79 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Fri, 7 Jul 2023 18:56:38 -0400 Subject: [PATCH 12/13] add docs for k8 secret refs --- docs/integrations/platforms/kubernetes.mdx | 86 +++++++++++++--------- 1 file changed, 51 insertions(+), 35 deletions(-) diff --git a/docs/integrations/platforms/kubernetes.mdx b/docs/integrations/platforms/kubernetes.mdx index d797293a08..62af3aca5c 100644 --- a/docs/integrations/platforms/kubernetes.mdx +++ b/docs/integrations/platforms/kubernetes.mdx @@ -39,9 +39,8 @@ The operator can be install via [Helm](helm.sh) or [kubectl](https://github.com/ ## Sync Infisical Secrets to your cluster To retrieve secrets from an Infisical project and save them as native Kubernetes secrets within a specific namespace, utilize the `InfisicalSecret` custom resource definition (CRD). -This resource can be created after installing the Infisical operator. For each new managed secret, you will need to create a new InfisicalSecret CRD. -```yaml +```yaml example-infisical-secret-crd.yaml apiVersion: secrets.infisical.com/v1alpha1 kind: InfisicalSecret metadata: @@ -50,15 +49,18 @@ metadata: spec: # The host that should be used to pull secrets from. If left empty, the value specified in Global configuration will be used hostAPI: https://app.infisical.com/api - resyncInterval: 60 # <-- the time in seconds between secret re-sync. Faster re-syncs will require higher rate limits + resyncInterval: authentication: serviceToken: serviceTokenSecretReference: secretName: service-token secretNamespace: option + secretsScope: + envSlug: dev + secretsPath: "/" managedSecretReference: secretName: managed-secret # <-- the name of kubernetes secret that will be created - secretNamespace: default # <-- where the kubernetes secret that will be created + secretNamespace: default # <-- where the kubernetes secret should be created ``` ### InfisicalSecret CRD properties @@ -86,45 +88,59 @@ Default re-sync interval is every 1 minute. - The `authentication` property tells the operator where it should look to find credentials needed to fetch secrets from Infisical. + This block defines the method that will be used to authenticate with Infisical so that secrets can be fetched. Currently, only [Service Tokens](../../documentation/platform/token) can be used to authenticate with Infisical. + - - - Authenticating with service tokens is a great option when you have a small number of services you'd like to fetch secrets for and are looking for the least amount of setup. - - #### 1. Generate service token + + The service token required to authenticate with Infisical needs to be stored in a Kubernetes secret. This block defines the reference to the name and name space of secret that stores this service token. + Follow the instructions below to create and store the service token in a Kubernetes secrets and reference it in your CRD. - You can generate a [service token](../../documentation/platform/token) for an Infisical project by heading over to the Infisical dashboard then to Project Settings. + #### 1. Generate service token - #### 2. Create Kubernetes secret containing service token + You can generate a [service token](../../documentation/platform/token) for an Infisical project by heading over to the Infisical dashboard then to Project Settings. - Once you have generated the service token, you will need to create a Kubernetes secret containing the service token you generated. - To quickly create a Kubernetes secret containing the generated service token, you can run the command below. + #### 2. Create Kubernetes secret containing service token - ``` bash - kubectl create secret generic service-token --from-literal=infisicalToken= - ``` + Once you have generated the service token, you will need to create a Kubernetes secret containing the service token you generated. + To quickly create a Kubernetes secret containing the generated service token, you can run the command below. Make sure you replace `` with your service token. - #### 3. Add reference for the Kubernetes secret containing service token + ``` bash + kubectl create secret generic service-token --from-literal=infisicalToken= + ``` - Once the secret is created, add the name and namespace of the secret that was just created under `authentication.serviceToken.serviceTokenSecretReference` field in the InfisicalSecret resource. + #### 3. Add reference for the Kubernetes secret containing service token - ## Example - ```yaml - apiVersion: secrets.infisical.com/v1alpha1 - kind: InfisicalSecret - metadata: - name: infisicalsecret-sample-crd - spec: - authentication: - serviceToken: - serviceTokenSecretReference: - secretName: service-token # <-- name of the Kubernetes secret that stores our service token - secretNamespace: option # <-- namespace of the Kubernetes secret that stores our service token - ... - ``` - - + Once the secret is created, add the name and namespace of the secret that was just created under `authentication.serviceToken.serviceTokenSecretReference` field in the InfisicalSecret resource. + + ## Example + ```yaml + apiVersion: secrets.infisical.com/v1alpha1 + kind: InfisicalSecret + metadata: + name: infisicalsecret-sample-crd + spec: + authentication: + serviceToken: + serviceTokenSecretReference: + secretName: service-token # <-- name of the Kubernetes secret that stores our service token + secretNamespace: option # <-- namespace of the Kubernetes secret that stores our service token + ... + ``` + + + + This block defines the scope of what secrets should be fetched. This is needed as your service token can have access to multiple folders and environments. + A scope is defined by `envSlug` and `secretsPath`. + + #### envSlug + + This refers to the short hand name of an environment. For example for the `development` environment the environment slug is `dev`. You can locate the slug of your environment by heading to your project settings in the Infisical dashboard. + + #### secretsPath + + secretsPath is the path to the secret in the given environment. For example a path of `/` would refer to the root of the environment whereas `/folder1` would refer to the secrets in folder1 from the root. + + Both fields are required. From fd10d7ed34f9f6d618278102f4e36f8326c0e0a5 Mon Sep 17 00:00:00 2001 From: Maidul Islam Date: Fri, 7 Jul 2023 18:56:38 -0400 Subject: [PATCH 13/13] add docs for k8 secret refs --- docs/documentation/platform/secret-reference.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/documentation/platform/secret-reference.mdx b/docs/documentation/platform/secret-reference.mdx index 663f4ca78f..9d24e5255f 100644 --- a/docs/documentation/platform/secret-reference.mdx +++ b/docs/documentation/platform/secret-reference.mdx @@ -6,17 +6,17 @@ description: "How to use reference secrets in Infisical" You can use the interpolation syntax to reference a secret in the same environment, another folder, or another environment The interpolation syntax is a way of referencing a secret by using a special placeholder. The placeholder is the name of the secret, followed by the environment or folder name, separated by a colon. -For example, to reference a secret named mysecret in the same environment, you would use the placeholder ${mysecret}. +For example, to reference a secret named mysecret in the same environment, you would use the placeholder `${mysecret}`. -While for another environment like `test` would be ${test.mysecret} +While for another environment like `test` would be `${test.mysecret}` Some more examples of referencing are | Syntax | Environment | Folder | Secret Key | | --------------------- | ----------- | ------------ | ---------- | -| ${KEY1} | same env | ssame folder | KEY1 | -| ${dev.KEY2} | dev | / | KEY2 | -| ${test.frontend.KEY2} | test | /frontend | KEY2 | +| `${KEY1}` | same env | ssame folder | KEY1 | +| `${dev.KEY2}` | dev | / | KEY2 | +| `${test.frontend.KEY2}` | test | /frontend | KEY2 | # Permission system for reference