From 34222d12458927efc14ebc2336245d9bedb0f41c Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Fri, 26 Jan 2024 19:48:49 +0000 Subject: [PATCH 001/114] chore(pyproject): require azure key vault libs --- pyproject.toml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pyproject.toml b/pyproject.toml index fdd977f2c..fc0f9cad4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -8,6 +8,8 @@ classifiers = ["Programming Language :: Python :: 3 :: Only"] requires-python = ">=3.9" dependencies = [ "Authlib==1.3.0", + "azure-keyvault-secrets==4.7.0", + "azure-identity==1.15.0", "Django==5.0.1", "django-csp==3.7", "eligibility-api==2023.9.1", From d92a0916b944b8b4f6a52acc131c1e4cd4d889c5 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Fri, 26 Jan 2024 20:18:24 +0000 Subject: [PATCH 002/114] feat(secrets): POC reads value using azure libs --- benefits/secrets.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 benefits/secrets.py diff --git a/benefits/secrets.py b/benefits/secrets.py new file mode 100644 index 000000000..d3cf7df9a --- /dev/null +++ b/benefits/secrets.py @@ -0,0 +1,22 @@ +import sys + +from azure.identity import DefaultAzureCredential +from azure.keyvault.secrets import SecretClient + + +if __name__ == "__main__": + args = sys.argv[1:] + if len(args) < 2: + print("Provide the Key Vault URL and the name of the secret to read") + exit(1) + + vault_url = args[0] + secret_name = args[1] + + credential = DefaultAzureCredential() + client = SecretClient(vault_url=vault_url, credential=credential) + secret = client.get_secret(secret_name) + + print(f"Reading {secret_name} from {vault_url}") + print(f"Value: {secret.value}") + exit(0) From 1ce493bab5d26ee29244c756fd4739f659d54325 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Mon, 29 Jan 2024 23:23:24 +0000 Subject: [PATCH 003/114] feat(settings): helper calculates runtime env from hosts function rather than variable to enable dynamic runtime calculation e.g. for unit tests --- benefits/settings.py | 16 ++++++++++++ tests/pytest/test_settings.py | 46 +++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 tests/pytest/test_settings.py diff --git a/benefits/settings.py b/benefits/settings.py index 222312904..b326e3452 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -4,6 +4,8 @@ import os +from django.conf import settings + from benefits import sentry @@ -24,6 +26,20 @@ def _filter_empty(ls): ALLOWED_HOSTS = _filter_empty(os.environ.get("DJANGO_ALLOWED_HOSTS", "localhost,127.0.0.1").split(",")) + +def RUNTIME_ENVIRONMENT(): + """Helper calculates the current runtime environment from ALLOWED_HOSTS.""" + + # usage of django.conf.settings.ALLOWED_HOSTS here (rather than the module variable directly) + # is to ensure dynamic calculation, e.g. for unit tests and elsewhere this setting is needed + env = "dev" + if "test-benefits.calitp.org" in settings.ALLOWED_HOSTS: + env = "test" + elif "benefits.calitp.org" in settings.ALLOWED_HOSTS: + env = "prod" + return env + + # Application definition INSTALLED_APPS = [ diff --git a/tests/pytest/test_settings.py b/tests/pytest/test_settings.py new file mode 100644 index 000000000..816d3facd --- /dev/null +++ b/tests/pytest/test_settings.py @@ -0,0 +1,46 @@ +def test_runtime_environment__default(settings): + assert settings.RUNTIME_ENVIRONMENT() == "dev" + + +def test_runtime_environment__dev(settings): + settings.ALLOWED_HOSTS = ["dev-benefits.calitp.org"] + assert settings.RUNTIME_ENVIRONMENT() == "dev" + + +def test_runtime_environment__local(settings): + settings.ALLOWED_HOSTS = ["localhost", "127.0.0.1"] + assert settings.RUNTIME_ENVIRONMENT() == "dev" + + +def test_runtime_environment__nonmatching(settings): + # with only nonmatching hosts, return dev + settings.ALLOWED_HOSTS = ["example.com", "example2.org"] + assert settings.RUNTIME_ENVIRONMENT() == "dev" + + +def test_runtime_environment__test(settings): + settings.ALLOWED_HOSTS = ["test-benefits.calitp.org"] + assert settings.RUNTIME_ENVIRONMENT() == "test" + + +def test_runtime_environment__test_and_nonmatching(settings): + # when test is specified with other nonmatching hosts, assume test + settings.ALLOWED_HOSTS = ["test-benefits.calitp.org", "example.com"] + assert settings.RUNTIME_ENVIRONMENT() == "test" + + +def test_runtime_environment__test_and_prod(settings): + # if both test and prod are specified (edge case/error in configuration), assume test + settings.ALLOWED_HOSTS = ["benefits.calitp.org", "test-benefits.calitp.org"] + assert settings.RUNTIME_ENVIRONMENT() == "test" + + +def test_runtime_environment__prod(settings): + settings.ALLOWED_HOSTS = ["benefits.calitp.org"] + assert settings.RUNTIME_ENVIRONMENT() == "prod" + + +def test_runtime_environment__prod_and_nonmatching(settings): + # when prod is specified with other nonmatching hosts, assume prod + settings.ALLOWED_HOSTS = ["benefits.calitp.org", "https://example.com"] + assert settings.RUNTIME_ENVIRONMENT() == "prod" From 082d6cfc7941a778d17b816d7e532d9db8d7bfd7 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Mon, 29 Jan 2024 23:26:35 +0000 Subject: [PATCH 004/114] refactor(sentry): use RUNTIME_ENVIRONMENT by default move module-level variables into configure function, unneeded outside module, wait for Django startup before using settings --- benefits/sentry.py | 14 ++++++++------ docs/configuration/environment-variables.md | 4 +++- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/benefits/sentry.py b/benefits/sentry.py index 1362d6c62..86585e58b 100644 --- a/benefits/sentry.py +++ b/benefits/sentry.py @@ -3,6 +3,7 @@ import os import subprocess +from django.conf import settings import sentry_sdk from sentry_sdk.integrations.django import DjangoIntegration from sentry_sdk.scrubber import EventScrubber, DEFAULT_DENYLIST @@ -11,7 +12,6 @@ logger = logging.getLogger(__name__) -SENTRY_ENVIRONMENT = os.environ.get("SENTRY_ENVIRONMENT", "local") SENTRY_CSP_REPORT_URI = None @@ -80,19 +80,21 @@ def get_traces_sample_rate(): def configure(): - SENTRY_DSN = os.environ.get("SENTRY_DSN") - if SENTRY_DSN: + sentry_dsn = os.environ.get("SENTRY_DSN") + sentry_environment = os.environ.get("SENTRY_ENVIRONMENT", settings.RUNTIME_ENVIRONMENT()) + + if sentry_dsn: release = get_release() - logger.info(f"Enabling Sentry for environment '{SENTRY_ENVIRONMENT}', release '{release}'...") + logger.info(f"Enabling Sentry for environment '{sentry_environment}', release '{release}'...") # https://docs.sentry.io/platforms/python/configuration/ sentry_sdk.init( - dsn=SENTRY_DSN, + dsn=sentry_dsn, integrations=[ DjangoIntegration(), ], traces_sample_rate=get_traces_sample_rate(), - environment=SENTRY_ENVIRONMENT, + environment=sentry_environment, release=release, in_app_include=["benefits"], # send_default_pii must be False (the default) for a custom EventScrubber/denylist diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md index 574ca3f4b..7d5a478c2 100644 --- a/docs/configuration/environment-variables.md +++ b/docs/configuration/environment-variables.md @@ -219,7 +219,9 @@ Enables [sending events to Sentry](../../deployment/troubleshooting/#error-monit [`environment` config value](https://docs.sentry.io/platforms/python/configuration/options/#environment) -Segments errors by which deployment they occur in. This defaults to `local`, and can be set to match one of the [environment names](../../deployment/infrastructure/#environments). +Segments errors by which deployment they occur in. This defaults to `dev`, and can be set to match one of the [environment names](../../deployment/infrastructure/#environments). + +`local` may also be used for local testing of the Sentry integration. ### `SENTRY_REPORT_URI` From 4e941bf4b797ebeaeed94b29a19252698b63884f Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 30 Jan 2024 01:10:08 +0000 Subject: [PATCH 005/114] refactor(secrets): calculate key vault URL from runtime env similar to how this is done in the Terraform module --- benefits/secrets.py | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/benefits/secrets.py b/benefits/secrets.py index d3cf7df9a..5a509704b 100644 --- a/benefits/secrets.py +++ b/benefits/secrets.py @@ -1,17 +1,27 @@ import sys +from django.conf import settings + from azure.identity import DefaultAzureCredential from azure.keyvault.secrets import SecretClient +KEY_VAULT_URL = "https://kv-cdt-pub-calitp-{env}-001.vault.azure.net/" + + if __name__ == "__main__": args = sys.argv[1:] - if len(args) < 2: - print("Provide the Key Vault URL and the name of the secret to read") + if len(args) < 1: + print("Provide the name of the secret to read") exit(1) - vault_url = args[0] - secret_name = args[1] + # construct the KeyVault URL from the runtime environment + # see https://docs.calitp.org/benefits/deployment/infrastructure/#environments + # and https://github.com/cal-itp/benefits/blob/dev/terraform/key_vault.tf + runtime_env = settings.RUNTIME_ENVIRONMENT() + vault_url = KEY_VAULT_URL.format(env=runtime_env[0]) + + secret_name = args[0] credential = DefaultAzureCredential() client = SecretClient(vault_url=vault_url, credential=credential) From 1ce210d8a345913b6358be0f40569262d78a4dd3 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 17 Jan 2024 00:44:10 +0000 Subject: [PATCH 006/114] feat(admin): first pass @ django_google_sso; allow compiler.la domains --- benefits/settings.py | 7 +++++++ benefits/urls.py | 1 + terraform/app_service.tf | 6 ++++++ 3 files changed, 14 insertions(+) diff --git a/benefits/settings.py b/benefits/settings.py index 222312904..8278c05f9 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -30,6 +30,7 @@ def _filter_empty(ls): "django.contrib.messages", "django.contrib.sessions", "django.contrib.staticfiles", + "django_google_sso", # Add django_google_sso "benefits.core", "benefits.enrollment", "benefits.eligibility", @@ -37,6 +38,12 @@ def _filter_empty(ls): ] if ADMIN: + GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret") + GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") + GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") + + GOOGLE_SSO_ALLOWABLE_DOMAINS = ["compiler.la"] + INSTALLED_APPS.extend( [ "django.contrib.admin", diff --git a/benefits/urls.py b/benefits/urls.py index 57d7931ec..37ffa615c 100644 --- a/benefits/urls.py +++ b/benefits/urls.py @@ -22,6 +22,7 @@ path("eligibility/", include("benefits.eligibility.urls")), path("enrollment/", include("benefits.enrollment.urls")), path("i18n/", include("django.conf.urls.i18n")), + path("google_sso/", include("django_google_sso.urls", namespace="django_google_sso")), path("oauth/", include("benefits.oauth.urls")), ] diff --git a/terraform/app_service.tf b/terraform/app_service.tf index 37db1d5ac..94b5fbbef 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -84,6 +84,12 @@ resource "azurerm_linux_web_app" "main" { "HEALTHCHECK_USER_AGENTS" = local.is_dev ? null : "${local.secret_prefix}healthcheck-user-agents)", + # Google SSO for Admin + + "GOOGLE_SSO_CLIENT_ID" = "${local.secret_prefix}google-sso-client-id", + "GOOGLE_SSO_PROJECT_ID" = "${local.secret_prefix}google-sso-project-id", + "GOOGLE_SSO_CLIENT_SECRET" = "${local.secret_prefix}google-sso-client-secret", + # Sentry "SENTRY_DSN" = "${local.secret_prefix}sentry-dsn)", "SENTRY_ENVIRONMENT" = local.env_name, From 60d3d95c53c05723a7956eda50a75dec87aaaeff Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 17 Jan 2024 00:53:40 +0000 Subject: [PATCH 007/114] fix(settings): allow wikimedia link --- benefits/settings.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/benefits/settings.py b/benefits/settings.py index 8278c05f9..1ea2563f7 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -289,7 +289,11 @@ def _filter_empty(ls): if len(env_frame_src) > 0: CSP_FRAME_SRC = env_frame_src -CSP_IMG_SRC = ["'self'", "data:"] +CSP_IMG_SRC = [ + "'self'", + "data:", + "https://upload.wikimedia.org/wikipedia/commons/thumb/c/c1/Google_%22G%22_logo.svg/1280px-Google_%22G%22_logo.svg.png", +] # Configuring strict Content Security Policy # https://django-csp.readthedocs.io/en/latest/nonce.html From 33edf7dd283a0c170975acc1ae54037547877c22 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 17 Jan 2024 00:59:33 +0000 Subject: [PATCH 008/114] fix(pyproject): require django-google-sso --- pyproject.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/pyproject.toml b/pyproject.toml index fdd977f2c..a2bba5985 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,6 +10,7 @@ dependencies = [ "Authlib==1.3.0", "Django==5.0.1", "django-csp==3.7", + "django-google-sso==5.0.0", "eligibility-api==2023.9.1", "requests==2.31.0", "sentry-sdk==1.39.2", From e1a61c985fce18cc7203b73a7b54c7a54f8705fb Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 17 Jan 2024 05:22:23 +0000 Subject: [PATCH 009/114] fix(csp): add admin.js files, add google sso user icons to allowlist --- benefits/settings.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/benefits/settings.py b/benefits/settings.py index 1ea2563f7..67a2db48f 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -293,6 +293,7 @@ def _filter_empty(ls): "'self'", "data:", "https://upload.wikimedia.org/wikipedia/commons/thumb/c/c1/Google_%22G%22_logo.svg/1280px-Google_%22G%22_logo.svg.png", + "*.googleusercontent.com", ] # Configuring strict Content Security Policy @@ -305,6 +306,7 @@ def _filter_empty(ls): CSP_REPORT_URI = [sentry.SENTRY_CSP_REPORT_URI] CSP_SCRIPT_SRC = [ + "'self'", "https://cdn.amplitude.com/libs/", "https://cdn.jsdelivr.net/", "*.littlepay.com", From f603890ba6b7723b070c85d00940234c2a86e33b Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 17 Jan 2024 20:06:09 +0000 Subject: [PATCH 010/114] fix(tests): only install django-google-sso, only add sso url if admin --- benefits/settings.py | 2 +- benefits/urls.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/benefits/settings.py b/benefits/settings.py index 67a2db48f..ff8bfaae5 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -30,7 +30,6 @@ def _filter_empty(ls): "django.contrib.messages", "django.contrib.sessions", "django.contrib.staticfiles", - "django_google_sso", # Add django_google_sso "benefits.core", "benefits.enrollment", "benefits.eligibility", @@ -71,6 +70,7 @@ def _filter_empty(ls): [ "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", + "django_google_sso", # Add django_google_sso ] ) diff --git a/benefits/urls.py b/benefits/urls.py index 37ffa615c..fdc5a28ac 100644 --- a/benefits/urls.py +++ b/benefits/urls.py @@ -22,7 +22,6 @@ path("eligibility/", include("benefits.eligibility.urls")), path("enrollment/", include("benefits.enrollment.urls")), path("i18n/", include("django.conf.urls.i18n")), - path("google_sso/", include("django_google_sso.urls", namespace="django_google_sso")), path("oauth/", include("benefits.oauth.urls")), ] @@ -40,5 +39,6 @@ def trigger_error(request): logger.debug("Register admin urls") urlpatterns.append(path("admin/", admin.site.urls)) + urlpatterns.append(path("google_sso/", include("django_google_sso.urls", namespace="django_google_sso"))) else: logger.debug("Skip url registrations for admin") From 7360fd1bf54f67421777fef53011251e15d8ee9f Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 17 Jan 2024 21:50:44 +0000 Subject: [PATCH 011/114] fix(settings): move app to installed_apps if admin --- benefits/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benefits/settings.py b/benefits/settings.py index ff8bfaae5..b5e3781af 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -48,6 +48,7 @@ def _filter_empty(ls): "django.contrib.admin", "django.contrib.auth", "django.contrib.contenttypes", + "django_google_sso", # Add django_google_sso ] ) @@ -70,7 +71,6 @@ def _filter_empty(ls): [ "django.contrib.auth.middleware.AuthenticationMiddleware", "django.contrib.messages.middleware.MessageMiddleware", - "django_google_sso", # Add django_google_sso ] ) From bbb64a1641b181e1d3a46e3e52233dd3feef3625 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 17 Jan 2024 22:23:39 +0000 Subject: [PATCH 012/114] feat(admin): fetch and save admin user's ggoogle email, first and last name --- benefits/admin.py | 23 +++++++++++++++++++++++ benefits/settings.py | 8 +++++++- pyproject.toml | 1 + 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 benefits/admin.py diff --git a/benefits/admin.py b/benefits/admin.py new file mode 100644 index 000000000..9ccb900f7 --- /dev/null +++ b/benefits/admin.py @@ -0,0 +1,23 @@ +import httpx +from loguru import logger + + +def pre_login_user(user, request): + logger.debug(f"Running pre-login callback for user: {user.username}") + token = request.session.get("google_sso_access_token") + if token: + headers = { + "Authorization": f"Bearer {token}", + } + + # Request Google user info to get name and email + url = "https://www.googleapis.com/oauth2/v3/userinfo" + response = httpx.get(url, headers=headers) + user_data = response.json() + logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}") + + user.first_name = user_data["given_name"] + user.last_name = user_data["family_name"] + user.username = user_data["email"] + user.email = user_data["email"] + user.save() diff --git a/benefits/settings.py b/benefits/settings.py index b5e3781af..8458e98e3 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -40,8 +40,14 @@ def _filter_empty(ls): GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret") GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") - GOOGLE_SSO_ALLOWABLE_DOMAINS = ["compiler.la"] + GOOGLE_SSO_SAVE_ACCESS_TOKEN = True + GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.admin.pre_login_user" + GOOGLE_SSO_SCOPES = [ + "openid", + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/userinfo.profile", + ] INSTALLED_APPS.extend( [ diff --git a/pyproject.toml b/pyproject.toml index a2bba5985..39db5b170 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,6 +12,7 @@ dependencies = [ "django-csp==3.7", "django-google-sso==5.0.0", "eligibility-api==2023.9.1", + "httpx=0.26.0", "requests==2.31.0", "sentry-sdk==1.39.2", "six==1.16.0", From 575ef39ba2a54349b6fbaead25ad889f5ac668ba Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 17 Jan 2024 22:35:53 +0000 Subject: [PATCH 013/114] refactor(settings): save allowable_domains as a dictionary in Terraform --- benefits/settings.py | 2 +- terraform/app_service.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/benefits/settings.py b/benefits/settings.py index 8458e98e3..b9ceed23b 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -40,7 +40,7 @@ def _filter_empty(ls): GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret") GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") - GOOGLE_SSO_ALLOWABLE_DOMAINS = ["compiler.la"] + GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(",")) GOOGLE_SSO_SAVE_ACCESS_TOKEN = True GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.admin.pre_login_user" GOOGLE_SSO_SCOPES = [ diff --git a/terraform/app_service.tf b/terraform/app_service.tf index 94b5fbbef..8599fb165 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -89,6 +89,7 @@ resource "azurerm_linux_web_app" "main" { "GOOGLE_SSO_CLIENT_ID" = "${local.secret_prefix}google-sso-client-id", "GOOGLE_SSO_PROJECT_ID" = "${local.secret_prefix}google-sso-project-id", "GOOGLE_SSO_CLIENT_SECRET" = "${local.secret_prefix}google-sso-client-secret", + "GOOGLE_SSO_ALLOWABLE_DOMAINS" = "${local.secret_prefix}google-sso-allowable-domains" # Sentry "SENTRY_DSN" = "${local.secret_prefix}sentry-dsn)", From b8e0acb92b6445cb621f555a5d17621166121010 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 17 Jan 2024 22:53:45 +0000 Subject: [PATCH 014/114] refactor(settings): add google sso svg, remove wikimedia from csp --- benefits/settings.py | 2 +- benefits/static/img/icon/google_sso_logo.svg | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 benefits/static/img/icon/google_sso_logo.svg diff --git a/benefits/settings.py b/benefits/settings.py index b9ceed23b..523877158 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -41,6 +41,7 @@ def _filter_empty(ls): GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(",")) + GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg" GOOGLE_SSO_SAVE_ACCESS_TOKEN = True GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.admin.pre_login_user" GOOGLE_SSO_SCOPES = [ @@ -298,7 +299,6 @@ def _filter_empty(ls): CSP_IMG_SRC = [ "'self'", "data:", - "https://upload.wikimedia.org/wikipedia/commons/thumb/c/c1/Google_%22G%22_logo.svg/1280px-Google_%22G%22_logo.svg.png", "*.googleusercontent.com", ] diff --git a/benefits/static/img/icon/google_sso_logo.svg b/benefits/static/img/icon/google_sso_logo.svg new file mode 100644 index 000000000..21ec49090 --- /dev/null +++ b/benefits/static/img/icon/google_sso_logo.svg @@ -0,0 +1,7 @@ + + + + + + + From 35a6a469b92c34a6420cecf8d3c09b60ae2dbd71 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 17 Jan 2024 23:00:51 +0000 Subject: [PATCH 015/114] fix(pyproject): unpin version --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 39db5b170..747e79bf4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,7 +12,7 @@ dependencies = [ "django-csp==3.7", "django-google-sso==5.0.0", "eligibility-api==2023.9.1", - "httpx=0.26.0", + "httpx", "requests==2.31.0", "sentry-sdk==1.39.2", "six==1.16.0", From 8c21ca2edd9b0cbdf30e07e92181ae3fc1c735d8 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 17 Jan 2024 23:03:12 +0000 Subject: [PATCH 016/114] fix(pyproject): use == --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 747e79bf4..7049970de 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,7 +12,7 @@ dependencies = [ "django-csp==3.7", "django-google-sso==5.0.0", "eligibility-api==2023.9.1", - "httpx", + "httpx==0.26.0", "requests==2.31.0", "sentry-sdk==1.39.2", "six==1.16.0", From de6f66d1e3f6cb55ff3e854cf6ff782f0aa2b321 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Fri, 19 Jan 2024 00:25:35 +0000 Subject: [PATCH 017/114] feat(admin): create allow list for staff and admin + terraform vars --- benefits/settings.py | 3 +++ terraform/app_service.tf | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/benefits/settings.py b/benefits/settings.py index 523877158..77ca0e323 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -41,6 +41,8 @@ def _filter_empty(ls): GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(",")) + GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(",")) + GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(",")) GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg" GOOGLE_SSO_SAVE_ACCESS_TOKEN = True GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.admin.pre_login_user" @@ -316,6 +318,7 @@ def _filter_empty(ls): "https://cdn.amplitude.com/libs/", "https://cdn.jsdelivr.net/", "*.littlepay.com", + "https://code.jquery.com/jquery-3.6.0.min.js", ] env_script_src = _filter_empty(os.environ.get("DJANGO_CSP_SCRIPT_SRC", "").split(",")) CSP_SCRIPT_SRC.extend(env_script_src) diff --git a/terraform/app_service.tf b/terraform/app_service.tf index 8599fb165..bc8004731 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -89,7 +89,9 @@ resource "azurerm_linux_web_app" "main" { "GOOGLE_SSO_CLIENT_ID" = "${local.secret_prefix}google-sso-client-id", "GOOGLE_SSO_PROJECT_ID" = "${local.secret_prefix}google-sso-project-id", "GOOGLE_SSO_CLIENT_SECRET" = "${local.secret_prefix}google-sso-client-secret", - "GOOGLE_SSO_ALLOWABLE_DOMAINS" = "${local.secret_prefix}google-sso-allowable-domains" + "GOOGLE_SSO_ALLOWABLE_DOMAINS" = "${local.secret_prefix}google-sso-allowable-domains", + "GOOGLE_SSO_STAFF_LIST" = "${local.secret_prefix}google-sso-staff-list", + "GOOGLE_SSO_SUPERUSER_LIST" = "${local.secret_prefix}google-sso-superuser-list" # Sentry "SENTRY_DSN" = "${local.secret_prefix}sentry-dsn)", From 38e9a072d6f1c2c0a41e1cede365eda20c261001 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Tue, 30 Jan 2024 20:20:19 +0000 Subject: [PATCH 018/114] fix(settings): remove 120.. from allowed_hosts --- benefits/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benefits/settings.py b/benefits/settings.py index 77ca0e323..2cfbe53f4 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -22,7 +22,7 @@ def _filter_empty(ls): ADMIN = os.environ.get("DJANGO_ADMIN", "False").lower() == "true" -ALLOWED_HOSTS = _filter_empty(os.environ.get("DJANGO_ALLOWED_HOSTS", "localhost,127.0.0.1").split(",")) +ALLOWED_HOSTS = _filter_empty(os.environ.get("DJANGO_ALLOWED_HOSTS", "localhost").split(",")) # Application definition From 0bee9a9c606a6a3ab199ef7419a558fd44a31adf Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Tue, 30 Jan 2024 21:38:57 +0000 Subject: [PATCH 019/114] refactor(sso): use requests, not httpx --- benefits/admin.py | 6 ++++-- pyproject.toml | 1 - 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/benefits/admin.py b/benefits/admin.py index 9ccb900f7..9300fddb6 100644 --- a/benefits/admin.py +++ b/benefits/admin.py @@ -1,4 +1,6 @@ -import httpx +import requests + +from django.conf import settings from loguru import logger @@ -12,7 +14,7 @@ def pre_login_user(user, request): # Request Google user info to get name and email url = "https://www.googleapis.com/oauth2/v3/userinfo" - response = httpx.get(url, headers=headers) + response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT) user_data = response.json() logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}") diff --git a/pyproject.toml b/pyproject.toml index 7049970de..a2bba5985 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,7 +12,6 @@ dependencies = [ "django-csp==3.7", "django-google-sso==5.0.0", "eligibility-api==2023.9.1", - "httpx==0.26.0", "requests==2.31.0", "sentry-sdk==1.39.2", "six==1.16.0", From 3c3fdc913e9c3102ab6bb6829c8f26b088b640d6 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 30 Jan 2024 02:16:18 +0000 Subject: [PATCH 020/114] feat(secrets): helper function gets secret by name --- benefits/secrets.py | 29 +++++++++++++---------- tests/pytest/test_secrets.py | 45 ++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 12 deletions(-) create mode 100644 tests/pytest/test_secrets.py diff --git a/benefits/secrets.py b/benefits/secrets.py index 5a509704b..366642290 100644 --- a/benefits/secrets.py +++ b/benefits/secrets.py @@ -9,24 +9,29 @@ KEY_VAULT_URL = "https://kv-cdt-pub-calitp-{env}-001.vault.azure.net/" +def get_secret_by_name(secret_name, client=None): + if client is None: + # construct the KeyVault URL from the runtime environment + # see https://docs.calitp.org/benefits/deployment/infrastructure/#environments + # and https://github.com/cal-itp/benefits/blob/dev/terraform/key_vault.tf + runtime_env = settings.RUNTIME_ENVIRONMENT() + vault_url = KEY_VAULT_URL.format(env=runtime_env[0]) + + credential = DefaultAzureCredential() + client = SecretClient(vault_url=vault_url, credential=credential) + + secret = client.get_secret(secret_name) + return secret.value + + if __name__ == "__main__": args = sys.argv[1:] if len(args) < 1: print("Provide the name of the secret to read") exit(1) - # construct the KeyVault URL from the runtime environment - # see https://docs.calitp.org/benefits/deployment/infrastructure/#environments - # and https://github.com/cal-itp/benefits/blob/dev/terraform/key_vault.tf - runtime_env = settings.RUNTIME_ENVIRONMENT() - vault_url = KEY_VAULT_URL.format(env=runtime_env[0]) - secret_name = args[0] + secret_value = get_secret_by_name(secret_name) - credential = DefaultAzureCredential() - client = SecretClient(vault_url=vault_url, credential=credential) - secret = client.get_secret(secret_name) - - print(f"Reading {secret_name} from {vault_url}") - print(f"Value: {secret.value}") + print(f"[{settings.RUNTIME_ENVIRONMENT()}] {secret_name}: {secret_value}") exit(0) diff --git a/tests/pytest/test_secrets.py b/tests/pytest/test_secrets.py new file mode 100644 index 000000000..78ed8e1c7 --- /dev/null +++ b/tests/pytest/test_secrets.py @@ -0,0 +1,45 @@ +import pytest + +from benefits.secrets import KEY_VAULT_URL, get_secret_by_name + + +@pytest.fixture(autouse=True) +def mock_DefaultAzureCredential(mocker): + # patching the class to ensure new instances always return the same mock + credential_cls = mocker.patch("benefits.secrets.DefaultAzureCredential") + credential_cls.return_value = mocker.Mock() + return credential_cls + + +def test_get_secret_by_name__with_client__returns_value(mocker): + secret_name = "the secret name" + secret_value = "the secret value" + client = mocker.patch("benefits.secrets.SecretClient") + client.get_secret.return_value = mocker.Mock(value=secret_value) + + actual_value = get_secret_by_name(secret_name, client) + + client.get_secret.assert_called_once_with(secret_name) + assert actual_value == secret_value + + +def test_get_secret_by_name__None_client__returns_value(mocker, settings, mock_DefaultAzureCredential): + secret_name = "the secret name" + secret_value = "the secret value" + + # override runtime to dev + settings.RUNTIME_ENVIRONMENT = lambda: "dev" + expected_keyvault_url = KEY_VAULT_URL.format(env="d") + + # set up the mock client class and expected return values + # this test does not pass in a known client, instead checking that a client is constructed as expected + mock_credential = mock_DefaultAzureCredential.return_value + client_cls = mocker.patch("benefits.secrets.SecretClient") + client = client_cls.return_value + client.get_secret.return_value = mocker.Mock(value=secret_value) + + actual_value = get_secret_by_name(secret_name) + + client_cls.assert_called_once_with(vault_url=expected_keyvault_url, credential=mock_credential) + client.get_secret.assert_called_once_with(secret_name) + assert actual_value == secret_value From d5125e4f73e8fb2c7d4571cdb5e6f076ea9f383d Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Fri, 2 Feb 2024 00:03:11 +0000 Subject: [PATCH 021/114] feat(devcontainer): install Azure CLI allow interfacing with Azure inside devcontainer --- .devcontainer/Dockerfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 9063a1f42..581766f1b 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,5 +1,11 @@ FROM benefits_client:latest +# install Azure CLI +# https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt +USER root +RUN curl -sL https://aka.ms/InstallAzureCLIDeb | bash +USER $USER + # install devcontainer requirements RUN pip install -e .[dev,test] From 259bac6e988a926d9449ef7bb74c4b57eae07e77 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Fri, 2 Feb 2024 00:07:35 +0000 Subject: [PATCH 022/114] feat(secrets): DEBUG-only route reads a test secret the secret does not contain any sensitive information and is only configured in the dev environment --- benefits/urls.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/benefits/urls.py b/benefits/urls.py index 57d7931ec..660aab759 100644 --- a/benefits/urls.py +++ b/benefits/urls.py @@ -8,6 +8,7 @@ import logging from django.conf import settings +from django.http import HttpResponse from django.urls import include, path logger = logging.getLogger(__name__) @@ -34,6 +35,18 @@ def trigger_error(request): urlpatterns.append(path("error/", trigger_error)) + # simple route to read a pre-defined "secret" + # this "secret" does not contain sensitive information + # and is only configured in the dev environment for testing/debugging + + def test_secret(request): + from benefits.secrets import get_secret_by_name + + return HttpResponse(get_secret_by_name("testsecret")) + + urlpatterns.append(path("testsecret/", test_secret)) + + if settings.ADMIN: from django.contrib import admin From 660f26997a7e169cbbcaf6c4d2e03904b8d3a8e0 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Fri, 2 Feb 2024 02:09:13 +0000 Subject: [PATCH 023/114] feat(test): test in progress --- tests/pytest/conftest.py | 22 ++++++++++++++++++++-- tests/pytest/test_admin.py | 31 +++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 tests/pytest/test_admin.py diff --git a/tests/pytest/conftest.py b/tests/pytest/conftest.py index d3c78c512..d9cd8e5e3 100644 --- a/tests/pytest/conftest.py +++ b/tests/pytest/conftest.py @@ -3,14 +3,17 @@ from django.middleware.locale import LocaleMiddleware import pytest -from pytest_socket import disable_socket + +# from pytest_socket import disable_socket from benefits.core import session from benefits.core.models import AuthProvider, EligibilityType, EligibilityVerifier, PaymentProcessor, PemData, TransitAgency +from django.contrib.auth.models import User def pytest_runtest_setup(): - disable_socket() + # disable_socket() + pass @pytest.fixture @@ -32,6 +35,21 @@ def app_request(rf): return app_request +@pytest.fixture +def model_AdminUser(): + user = User.objects.create( + email="user@compiler.la", + first_name="", + last_name="", + username="", + is_active=True, + is_staff=True, + is_superuser=True, + ) + + return user + + @pytest.fixture def model_PemData(): data = PemData.objects.create( diff --git a/tests/pytest/test_admin.py b/tests/pytest/test_admin.py new file mode 100644 index 000000000..896a79c39 --- /dev/null +++ b/tests/pytest/test_admin.py @@ -0,0 +1,31 @@ +import pytest + +from benefits.admin import pre_login_user +from unittest.mock import patch +from requests import Session + + +@pytest.mark.django_db +@patch.object(Session, "get") +def test_pre_login_user(mock_token_get, model_AdminUser): + assert model_AdminUser.email == "user@compiler.la" + assert model_AdminUser.first_name == "" + assert model_AdminUser.last_name == "" + assert model_AdminUser.username == "" + + with patch("benefits.admin.requests.get") as mock_response_get: + mock_token_get.return_value = "TOKEN" + response_object = { + "username": "admin@compiler.la", + "given_name": "Admin", + "family_name": "User", + "email": "admin@compiler.la", + } + mock_response_get.json.return_value = response_object + + pre_login_user(model_AdminUser, mock_token_get) + + assert model_AdminUser.email == response_object["email"] + assert model_AdminUser.first_name == response_object["first_name"] + assert model_AdminUser.last_name == response_object["family_name"] + assert model_AdminUser.username == response_object["user_name"] From 066f6f97124e3f4c162aea51d4ce07c610bd6f62 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 2 Feb 2024 14:34:29 -0800 Subject: [PATCH 024/114] docs: README.md > SBMTD Mobility Pass status Because the SBMTD Mobility Pass enrollment pathway is available in production, I updates adoption status from "test" to "Live," --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 5005b2f69..0c7405759 100644 --- a/docs/README.md +++ b/docs/README.md @@ -20,7 +20,7 @@ The following California transit agencies have launched Cal-ITP Benefits for the | Transit agency | Older adults | Agency card | Veterans | Initial agency launch | | ----------------------------------------------- | ------------ | ----------- | -------- | --------------------- | | **Monterey-Salinas Transit** | Live | Live | Live | 05/2021 | -| **Santa Barbara Metropolitan Transit District** | Live | In test |   | 10/2023 | +| **Santa Barbara Metropolitan Transit District** | Live | Live |   | 10/2023 | | **Sacramento Regional Transit District** | In test |   |   |   | ## Supported enrollment pathways From 8da33040248fd65a568608e7e568cf0078e4ec56 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 2 Feb 2024 17:27:03 -0800 Subject: [PATCH 025/114] Low-income use case --- docs/enrollment-pathways/Low-income.md | 77 ++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 docs/enrollment-pathways/Low-income.md diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/Low-income.md new file mode 100644 index 000000000..2d7892a58 --- /dev/null +++ b/docs/enrollment-pathways/Low-income.md @@ -0,0 +1,77 @@ +# Low-income + +## Overview + +This use case describes a feature in the[ Cal-ITP Benefits app](https://benefits.calitp.org) that allows Californians to verify their active participation in the CalFresh Program—as a proxy for low-income status—to receive reduced fares for transit when paying by contactless debit or credit card at participating transit operators in California. + +**Actor:** A person who uses public transit in California. For benefit eligibility, a “low-income rider” is a person who has received [CalFresh benefits](https://www.cdss.ca.gov/food-nutrition/calfresh) in any of the previous three months. + +**Goal:** To verify a transit rider’s financial need so they receive reduced fares when paying by contactless debit or credit card. + +**Precondition:** The California transit operator offers fixed route service, has installed and tested validator hardware necessary to collect fares using contactless payment on bus or rail lines, and the operator has a policy in place to offer a transit discount to low-income riders. + +## **Basic Flow** + +1. The transit rider visits the web application at [benefits.calitp.org](benefits.calitp.org) in a browser on their desktop computer. + +2. The transit rider chooses the transit operator that serves their area. + +3. The transit rider chooses to verify their eligibility as a participant in the [CalFresh Program](https://www.cdss.ca.gov/food-nutrition/calfresh). + +4. The transit rider authenticates with their existing [Login.gov](Login.gov) account or, if they don’t have one, creates a [Login.gov](Login.gov) account. + +5. The Cal-ITP Benefits app interfaces with the [California Department of Transportation](https://dot.ca.gov/) Identity Gateway (IdG) to verify benefit eligibility. The IdG uses personal information shared by [Login.gov](Login.gov) to verify Calfresh participation status. + +6. The IdG uses the response provided by the California Department of Social Services (CDSS) to determine the rider’s eligibility for a transit benefit. + +7. The IdG then passes the response from CDSS as low-income status = TRUE to the Cal-ITP Benefits app to indicate the person is eligible for a benefit. + +8. The transit rider provides the debit or credit card details they use to pay for transit to Littlepay, the payment processor that facilitates transit fare collection. + +9. The app registers the low-income benefit with the transit rider’s debit or credit card. + +## **Alternative Flows** + +- Suppose the transit rider does not have a desktop computer. In this case, they open the web application at [benefits.calitp.org](benefits.calitp.org) in a mobile browser on their iOS or Android tablet or mobile device to complete enrollment using the basic flow. + +- Suppose the transit rider cannot authenticate with [Login.gov](Login.gov), or will not create an account. In either case, the app cannot determine their Calfresh Program participation status and they cannot enroll their contactless debit or credit card for a reduced fare. + +- Suppose the CDT Identity Gateway returns a status of FALSE for Calfresh Program participation status. In that case, the Cal-ITP Benefits app will not allow the transit rider to enroll their contactless debit or credit card for a reduced fare. + +- Suppose the debit or credit card expires or is canceled by the issuer. In that case, the transit rider must repeat the basic flow to register a new debit or credit card. + +- When the initial transit benefit enrollment period ends after one year from the date of enrollment, the transit rider must repeat the basic flow to re-enroll. + +- Suppose the transit rider attempts to re-enroll for a transit benefit as a CalFresh Program participant three months after their enrollment period started. The app will inform them they must wait re-enroll within 14 days of the benefit expiration. + +- Suppose the transit rider doesn’t re-enroll for a transit benefit after one year, but continues paying for transit using the card they registered. The transit operator will charge the rider full fare. + +- If the transit rider uses more than one debit or credit card to pay for transit, they repeat the basic flow for each card. + +## **Postcondition** + +The transit rider receives a fare reduction each time they use the debit or credit card they registered to pay for transit rides. The number of times they can use the card to pay for transit is unlimited, but the benefit expires one year after enrollment. + +## **Benefits** + +- The transit rider no longer needs cash to pay for transit rides. + +- The transit rider doesn’t have to lock up funds on a closed-loop card offered by the transit agency. + +- The transit rider pays for transit rides with their debit or credit card, just as they do for groceries, a cup of coffee, or any other good or service. + +- The transit rider can enroll in a transit benefit from home when convenient; they do not have to visit a transit agency in person. + +- Secure state and federal solutions manage the transit rider’s personal identifiable information (PII): [Login.gov](Login.gov) and the California Department of Technology Identity Gateway (IdG). Transit riders do not have to share personal information with local transit operators. + +- Benefit enrollment takes minutes rather than days or weeks. + +- Benefit enrollment doesn’t require online accounts with private companies. + +## **Example Scenario** + +A Calfresh Program participant uses public transit regularly. They don’t have a car and depend on buses to get to appointments and do errands that take too long to use their bicycle. Even though this person already qualifies for benefits from the California Department of Social Services, they had to navigate another extensive, in-person eligibility process with different requirements to qualify for reduced fares from their local transit agency. They now receive a 50% fare reduction but have to pay for transit rides using the closed loop card provided by the operator to receive the reduced fare. It’s frustrating and inconvenient to reload this closed loop card in $10 payments every week, especially because they sometimes they could use the money tied up on the card to make ends meet. In summary, this person pays for daily expenses using three forms of payment: their EBT card for eligibles items, their agency card for transportation, and their bank card for everything else. + +The transit operator serving their region of California implements contactless payments on fixed bus routes throughout the service area. This rider uses [benefits.calitp.org](benefits.calitp.org) on their mobile device to confirm their participation in the CalFresh Program offered by CDSS and registers their debit card for reduced fares. They tap to pay when boarding buses in their area and are automatically charged the reduced fare. While they still need to manage funds on their EBT card *and* their bank card, they no longer need to use their transit operator card to pay for transit. Best of all, they have complete access to all funds in their weekly budget. If other expenses are higher one week, they can allocate additional funds to those areas and ride transit less. + + From 93c79b8366720313e230fcc0b88c22445c46ae14 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sat, 3 Feb 2024 01:27:46 +0000 Subject: [PATCH 026/114] chore(pre-commit): autofix run --- docs/enrollment-pathways/Low-income.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/Low-income.md index 2d7892a58..09e7b6063 100644 --- a/docs/enrollment-pathways/Low-income.md +++ b/docs/enrollment-pathways/Low-income.md @@ -40,11 +40,11 @@ This use case describes a feature in the[ Cal-ITP Benefits app](https://benefits - Suppose the debit or credit card expires or is canceled by the issuer. In that case, the transit rider must repeat the basic flow to register a new debit or credit card. -- When the initial transit benefit enrollment period ends after one year from the date of enrollment, the transit rider must repeat the basic flow to re-enroll. +- When the initial transit benefit enrollment period ends after one year from the date of enrollment, the transit rider must repeat the basic flow to re-enroll. -- Suppose the transit rider attempts to re-enroll for a transit benefit as a CalFresh Program participant three months after their enrollment period started. The app will inform them they must wait re-enroll within 14 days of the benefit expiration. +- Suppose the transit rider attempts to re-enroll for a transit benefit as a CalFresh Program participant three months after their enrollment period started. The app will inform them they must wait re-enroll within 14 days of the benefit expiration. -- Suppose the transit rider doesn’t re-enroll for a transit benefit after one year, but continues paying for transit using the card they registered. The transit operator will charge the rider full fare. +- Suppose the transit rider doesn’t re-enroll for a transit benefit after one year, but continues paying for transit using the card they registered. The transit operator will charge the rider full fare. - If the transit rider uses more than one debit or credit card to pay for transit, they repeat the basic flow for each card. @@ -70,8 +70,6 @@ The transit rider receives a fare reduction each time they use the debit or cred ## **Example Scenario** -A Calfresh Program participant uses public transit regularly. They don’t have a car and depend on buses to get to appointments and do errands that take too long to use their bicycle. Even though this person already qualifies for benefits from the California Department of Social Services, they had to navigate another extensive, in-person eligibility process with different requirements to qualify for reduced fares from their local transit agency. They now receive a 50% fare reduction but have to pay for transit rides using the closed loop card provided by the operator to receive the reduced fare. It’s frustrating and inconvenient to reload this closed loop card in $10 payments every week, especially because they sometimes they could use the money tied up on the card to make ends meet. In summary, this person pays for daily expenses using three forms of payment: their EBT card for eligibles items, their agency card for transportation, and their bank card for everything else. +A Calfresh Program participant uses public transit regularly. They don’t have a car and depend on buses to get to appointments and do errands that take too long to use their bicycle. Even though this person already qualifies for benefits from the California Department of Social Services, they had to navigate another extensive, in-person eligibility process with different requirements to qualify for reduced fares from their local transit agency. They now receive a 50% fare reduction but have to pay for transit rides using the closed loop card provided by the operator to receive the reduced fare. It’s frustrating and inconvenient to reload this closed loop card in $10 payments every week, especially because they sometimes they could use the money tied up on the card to make ends meet. In summary, this person pays for daily expenses using three forms of payment: their EBT card for eligibles items, their agency card for transportation, and their bank card for everything else. The transit operator serving their region of California implements contactless payments on fixed bus routes throughout the service area. This rider uses [benefits.calitp.org](benefits.calitp.org) on their mobile device to confirm their participation in the CalFresh Program offered by CDSS and registers their debit card for reduced fares. They tap to pay when boarding buses in their area and are automatically charged the reduced fare. While they still need to manage funds on their EBT card *and* their bank card, they no longer need to use their transit operator card to pay for transit. Best of all, they have complete access to all funds in their weekly budget. If other expenses are higher one week, they can allocate additional funds to those areas and ride transit less. - - From 6b3f89995f6d0f8377f705fa69226114a21903f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 21:18:18 +0000 Subject: [PATCH 027/114] chore(deps): bump treosh/lighthouse-ci-action from 10.1.0 to 11.4.0 Bumps [treosh/lighthouse-ci-action](https://github.com/treosh/lighthouse-ci-action) from 10.1.0 to 11.4.0. - [Release notes](https://github.com/treosh/lighthouse-ci-action/releases) - [Commits](https://github.com/treosh/lighthouse-ci-action/compare/10.1.0...11.4.0) --- updated-dependencies: - dependency-name: treosh/lighthouse-ci-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/tests-ui.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests-ui.yml b/.github/workflows/tests-ui.yml index 98bcf58c5..ffb5f6858 100644 --- a/.github/workflows/tests-ui.yml +++ b/.github/workflows/tests-ui.yml @@ -22,7 +22,7 @@ jobs: docker compose up --detach client - name: Run Lighthouse tests for a11y - uses: treosh/lighthouse-ci-action@10.1.0 + uses: treosh/lighthouse-ci-action@11.4.0 with: urls: | http://localhost:8000 From 0d5984ef1b2c47321b13a4f0709989795c501723 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Tue, 6 Feb 2024 01:53:58 +0000 Subject: [PATCH 028/114] fix(tests): use mocker; fixed tests yay --- tests/pytest/test_admin.py | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/tests/pytest/test_admin.py b/tests/pytest/test_admin.py index 896a79c39..5183ab50a 100644 --- a/tests/pytest/test_admin.py +++ b/tests/pytest/test_admin.py @@ -1,31 +1,30 @@ import pytest from benefits.admin import pre_login_user -from unittest.mock import patch -from requests import Session @pytest.mark.django_db -@patch.object(Session, "get") -def test_pre_login_user(mock_token_get, model_AdminUser): +def test_pre_login_user(mocker, model_AdminUser): assert model_AdminUser.email == "user@compiler.la" assert model_AdminUser.first_name == "" assert model_AdminUser.last_name == "" assert model_AdminUser.username == "" - with patch("benefits.admin.requests.get") as mock_response_get: - mock_token_get.return_value = "TOKEN" - response_object = { - "username": "admin@compiler.la", - "given_name": "Admin", - "family_name": "User", - "email": "admin@compiler.la", - } - mock_response_get.json.return_value = response_object + response_from_google = { + "username": "admin@compiler.la", + "given_name": "Admin", + "family_name": "User", + "email": "admin@compiler.la", + } - pre_login_user(model_AdminUser, mock_token_get) + mocked_request = mocker.Mock() + mocked_response = mocker.Mock() + mocked_response.json.return_value = response_from_google + mocker.patch("benefits.admin.requests.get", return_value=mocked_response) - assert model_AdminUser.email == response_object["email"] - assert model_AdminUser.first_name == response_object["first_name"] - assert model_AdminUser.last_name == response_object["family_name"] - assert model_AdminUser.username == response_object["user_name"] + pre_login_user(model_AdminUser, mocked_request) + + assert model_AdminUser.email == response_from_google["email"] + assert model_AdminUser.first_name == response_from_google["given_name"] + assert model_AdminUser.last_name == response_from_google["family_name"] + assert model_AdminUser.username == response_from_google["username"] From 2e28ec7de000169eba060b332e56519e2046547c Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Tue, 6 Feb 2024 01:56:02 +0000 Subject: [PATCH 029/114] chore: undo test changes --- tests/pytest/conftest.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/pytest/conftest.py b/tests/pytest/conftest.py index d9cd8e5e3..842ea5aa3 100644 --- a/tests/pytest/conftest.py +++ b/tests/pytest/conftest.py @@ -4,7 +4,7 @@ import pytest -# from pytest_socket import disable_socket +from pytest_socket import disable_socket from benefits.core import session from benefits.core.models import AuthProvider, EligibilityType, EligibilityVerifier, PaymentProcessor, PemData, TransitAgency @@ -12,8 +12,7 @@ def pytest_runtest_setup(): - # disable_socket() - pass + disable_socket() @pytest.fixture From a0c4b2ea5223cd9689a78d3d8c15deb4e010a9db Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Tue, 6 Feb 2024 18:19:34 +0000 Subject: [PATCH 030/114] refactor(admin): move code to Admin.py --- benefits/core/admin.py | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/benefits/core/admin.py b/benefits/core/admin.py index c6744e380..68c045698 100644 --- a/benefits/core/admin.py +++ b/benefits/core/admin.py @@ -2,8 +2,9 @@ The core application: Admin interface configuration. """ -from django.conf import settings +import requests +from django.conf import settings if settings.ADMIN: import logging @@ -21,3 +22,23 @@ ]: logger.debug(f"Register {model.__name__}") admin.site.register(model) + + def pre_login_user(user, request): + logger.debug(f"Running pre-login callback for user: {user.username}") + token = request.session.get("google_sso_access_token") + if token: + headers = { + "Authorization": f"Bearer {token}", + } + + # Request Google user info to get name and email + url = "https://www.googleapis.com/oauth2/v3/userinfo" + response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT) + user_data = response.json() + logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}") + + user.first_name = user_data["given_name"] + user.last_name = user_data["family_name"] + user.username = user_data["email"] + user.email = user_data["email"] + user.save() From 4f98e63ad7c959454e75ba879a0bcd23402dddaf Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Tue, 6 Feb 2024 18:26:16 +0000 Subject: [PATCH 031/114] fix(settings): remove if ADMIN checks --- benefits/settings.py | 104 +++++++++++++++++++++---------------------- 1 file changed, 50 insertions(+), 54 deletions(-) diff --git a/benefits/settings.py b/benefits/settings.py index 2cfbe53f4..ed7a11e3e 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -36,30 +36,29 @@ def _filter_empty(ls): "benefits.oauth", ] -if ADMIN: - GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret") - GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") - GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") - GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(",")) - GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(",")) - GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(",")) - GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg" - GOOGLE_SSO_SAVE_ACCESS_TOKEN = True - GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.admin.pre_login_user" - GOOGLE_SSO_SCOPES = [ - "openid", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", - ] +GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret") +GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") +GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") +GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(",")) +GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(",")) +GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(",")) +GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg" +GOOGLE_SSO_SAVE_ACCESS_TOKEN = True +GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.admin.pre_login_user" +GOOGLE_SSO_SCOPES = [ + "openid", + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/userinfo.profile", +] - INSTALLED_APPS.extend( - [ - "django.contrib.admin", - "django.contrib.auth", - "django.contrib.contenttypes", - "django_google_sso", # Add django_google_sso - ] - ) +INSTALLED_APPS.extend( + [ + "django.contrib.admin", + "django.contrib.auth", + "django.contrib.contenttypes", + "django_google_sso", # Add django_google_sso + ] +) MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", @@ -75,13 +74,12 @@ def _filter_empty(ls): "benefits.core.middleware.ChangedLanguageEvent", ] -if ADMIN: - MIDDLEWARE.extend( - [ - "django.contrib.auth.middleware.AuthenticationMiddleware", - "django.contrib.messages.middleware.MessageMiddleware", - ] - ) +MIDDLEWARE.extend( + [ + "django.contrib.auth.middleware.AuthenticationMiddleware", + "django.contrib.messages.middleware.MessageMiddleware", + ] +) if DEBUG: MIDDLEWARE.append("benefits.core.middleware.DebugSession") @@ -144,13 +142,12 @@ def _filter_empty(ls): ] ) -if ADMIN: - template_ctx_processors.extend( - [ - "django.contrib.auth.context_processors.auth", - "django.contrib.messages.context_processors.messages", - ] - ) +template_ctx_processors.extend( + [ + "django.contrib.auth.context_processors.auth", + "django.contrib.messages.context_processors.messages", + ] +) TEMPLATES = [ { @@ -177,23 +174,22 @@ def _filter_empty(ls): AUTH_PASSWORD_VALIDATORS = [] -if ADMIN: - AUTH_PASSWORD_VALIDATORS.extend( - [ - { - "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", - }, - ] - ) +AUTH_PASSWORD_VALIDATORS.extend( + [ + { + "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", + }, + ] +) # Internationalization From 1092e1a46534fc44763fad95229c18955789155d Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 6 Feb 2024 23:51:54 +0000 Subject: [PATCH 032/114] refactor(settings): introduce new default 'local' runtime env used to shortcut secret store for e.g. local testing --- benefits/settings.py | 6 ++++-- tests/pytest/test_settings.py | 20 ++++++++++++++++---- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/benefits/settings.py b/benefits/settings.py index b326e3452..55647e1cb 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -32,8 +32,10 @@ def RUNTIME_ENVIRONMENT(): # usage of django.conf.settings.ALLOWED_HOSTS here (rather than the module variable directly) # is to ensure dynamic calculation, e.g. for unit tests and elsewhere this setting is needed - env = "dev" - if "test-benefits.calitp.org" in settings.ALLOWED_HOSTS: + env = "local" + if "dev-benefits.calitp.org" in settings.ALLOWED_HOSTS: + env = "dev" + elif "test-benefits.calitp.org" in settings.ALLOWED_HOSTS: env = "test" elif "benefits.calitp.org" in settings.ALLOWED_HOSTS: env = "prod" diff --git a/tests/pytest/test_settings.py b/tests/pytest/test_settings.py index 816d3facd..b7146c0c4 100644 --- a/tests/pytest/test_settings.py +++ b/tests/pytest/test_settings.py @@ -1,5 +1,5 @@ def test_runtime_environment__default(settings): - assert settings.RUNTIME_ENVIRONMENT() == "dev" + assert settings.RUNTIME_ENVIRONMENT() == "local" def test_runtime_environment__dev(settings): @@ -7,15 +7,27 @@ def test_runtime_environment__dev(settings): assert settings.RUNTIME_ENVIRONMENT() == "dev" +def test_runtime_environment__dev_and_test(settings): + # if both dev and test are specified (edge case/error in configuration), assume dev + settings.ALLOWED_HOSTS = ["test-benefits.calitp.org", "dev-benefits.calitp.org"] + assert settings.RUNTIME_ENVIRONMENT() == "dev" + + +def test_runtime_environment__dev_and_test_and_prod(settings): + # if all 3 of dev and test and prod are specified (edge case/error in configuration), assume dev + settings.ALLOWED_HOSTS = ["benefits.calitp.org", "test-benefits.calitp.org", "dev-benefits.calitp.org"] + assert settings.RUNTIME_ENVIRONMENT() == "dev" + + def test_runtime_environment__local(settings): settings.ALLOWED_HOSTS = ["localhost", "127.0.0.1"] - assert settings.RUNTIME_ENVIRONMENT() == "dev" + assert settings.RUNTIME_ENVIRONMENT() == "local" def test_runtime_environment__nonmatching(settings): - # with only nonmatching hosts, return dev + # with only nonmatching hosts, return local settings.ALLOWED_HOSTS = ["example.com", "example2.org"] - assert settings.RUNTIME_ENVIRONMENT() == "dev" + assert settings.RUNTIME_ENVIRONMENT() == "local" def test_runtime_environment__test(settings): From 0c28146534ae22fda2ccd354eacd2ba4a8ed9a64 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 7 Feb 2024 03:38:32 +0000 Subject: [PATCH 033/114] fix(test): fix test --- tests/pytest/test_admin.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/pytest/test_admin.py b/tests/pytest/test_admin.py index 5183ab50a..5a99d59b2 100644 --- a/tests/pytest/test_admin.py +++ b/tests/pytest/test_admin.py @@ -1,6 +1,6 @@ import pytest -from benefits.admin import pre_login_user +from benefits.core.admin import pre_login_user @pytest.mark.django_db @@ -20,7 +20,7 @@ def test_pre_login_user(mocker, model_AdminUser): mocked_request = mocker.Mock() mocked_response = mocker.Mock() mocked_response.json.return_value = response_from_google - mocker.patch("benefits.admin.requests.get", return_value=mocked_response) + mocker.patch("benefits.core.admin.requests.get", return_value=mocked_response) pre_login_user(model_AdminUser, mocked_request) From 5c00e190de731d9c39bb269c4a61d1aab89eb0ea Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 7 Feb 2024 03:40:54 +0000 Subject: [PATCH 034/114] fix: rename to core, remove unused file --- benefits/admin.py | 25 ------------------------- benefits/settings.py | 2 +- 2 files changed, 1 insertion(+), 26 deletions(-) delete mode 100644 benefits/admin.py diff --git a/benefits/admin.py b/benefits/admin.py deleted file mode 100644 index 9300fddb6..000000000 --- a/benefits/admin.py +++ /dev/null @@ -1,25 +0,0 @@ -import requests - -from django.conf import settings -from loguru import logger - - -def pre_login_user(user, request): - logger.debug(f"Running pre-login callback for user: {user.username}") - token = request.session.get("google_sso_access_token") - if token: - headers = { - "Authorization": f"Bearer {token}", - } - - # Request Google user info to get name and email - url = "https://www.googleapis.com/oauth2/v3/userinfo" - response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT) - user_data = response.json() - logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}") - - user.first_name = user_data["given_name"] - user.last_name = user_data["family_name"] - user.username = user_data["email"] - user.email = user_data["email"] - user.save() diff --git a/benefits/settings.py b/benefits/settings.py index ed7a11e3e..e3f16bed8 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -44,7 +44,7 @@ def _filter_empty(ls): GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(",")) GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg" GOOGLE_SSO_SAVE_ACCESS_TOKEN = True -GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.admin.pre_login_user" +GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.core.admin.pre_login_user" GOOGLE_SSO_SCOPES = [ "openid", "https://www.googleapis.com/auth/userinfo.email", From 0e55a8c11285845eddd1e50cba2f1e0ffe68f939 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 6 Feb 2024 19:01:17 -0800 Subject: [PATCH 035/114] refactor(secrets): fallback to environment for local runtime add some basic logging --- .env.sample | 1 + benefits/secrets.py | 22 +++++++++++++++---- docs/getting-started/README.md | 4 ++-- tests/pytest/test_secrets.py | 40 +++++++++++++++++++++++++++------- 4 files changed, 53 insertions(+), 14 deletions(-) create mode 100644 .env.sample diff --git a/.env.sample b/.env.sample new file mode 100644 index 000000000..e60bb329e --- /dev/null +++ b/.env.sample @@ -0,0 +1 @@ +testsecret=Hello from the local environment! diff --git a/benefits/secrets.py b/benefits/secrets.py index 366642290..2c7b96c47 100644 --- a/benefits/secrets.py +++ b/benefits/secrets.py @@ -1,21 +1,35 @@ +import logging +import os import sys -from django.conf import settings - from azure.identity import DefaultAzureCredential from azure.keyvault.secrets import SecretClient +from django.conf import settings + +logger = logging.getLogger(__name__) KEY_VAULT_URL = "https://kv-cdt-pub-calitp-{env}-001.vault.azure.net/" def get_secret_by_name(secret_name, client=None): - if client is None: + """Read a value from the secret store, currently Azure KeyVault. + + When `settings.RUNTIME_ENVIRONMENT() == "local"`, reads from the environment instead. + """ + + runtime_env = settings.RUNTIME_ENVIRONMENT() + + if runtime_env == "local": + logger.debug("Runtime environment is local, reading from environment instead of Azure KeyVault.") + return os.environ.get(secret_name) + + elif client is None: # construct the KeyVault URL from the runtime environment # see https://docs.calitp.org/benefits/deployment/infrastructure/#environments # and https://github.com/cal-itp/benefits/blob/dev/terraform/key_vault.tf - runtime_env = settings.RUNTIME_ENVIRONMENT() vault_url = KEY_VAULT_URL.format(env=runtime_env[0]) + logger.debug(f"Configuring Azure KeyVault secrets client for: {vault_url}") credential = DefaultAzureCredential() client = SecretClient(vault_url=vault_url, credential=credential) diff --git a/docs/getting-started/README.md b/docs/getting-started/README.md index 77a1e22ff..4ddea7ce1 100644 --- a/docs/getting-started/README.md +++ b/docs/getting-started/README.md @@ -12,10 +12,10 @@ git clone https://github.com/cal-itp/benefits ## Create an environment file -The application is configured with defaults to run locally, but an `.env` file is required to run with Docker Compose. This file can be empty, or environment overrides can be added as needed: +The application is configured with defaults to run locally, but an `.env` file is required to run with Docker Compose. Start from the existing sample: ```bash -touch .env +cp .env.sample .env ``` E.g. to change the localhost port from the default `8000` to `9000`, add the following line to your `.env` file: diff --git a/tests/pytest/test_secrets.py b/tests/pytest/test_secrets.py index 78ed8e1c7..57fa9063b 100644 --- a/tests/pytest/test_secrets.py +++ b/tests/pytest/test_secrets.py @@ -11,7 +11,12 @@ def mock_DefaultAzureCredential(mocker): return credential_cls -def test_get_secret_by_name__with_client__returns_value(mocker): +@pytest.mark.parametrize("runtime_env", ["dev", "test", "prod"]) +def test_get_secret_by_name__with_client__returns_secret_value(mocker, runtime_env, settings): + settings.RUNTIME_ENVIRONMENT = lambda: runtime_env + + # set up the mock client class and expected return values + secret_name = "the secret name" secret_value = "the secret value" client = mocker.patch("benefits.secrets.SecretClient") @@ -23,16 +28,17 @@ def test_get_secret_by_name__with_client__returns_value(mocker): assert actual_value == secret_value -def test_get_secret_by_name__None_client__returns_value(mocker, settings, mock_DefaultAzureCredential): - secret_name = "the secret name" - secret_value = "the secret value" - - # override runtime to dev - settings.RUNTIME_ENVIRONMENT = lambda: "dev" - expected_keyvault_url = KEY_VAULT_URL.format(env="d") +@pytest.mark.parametrize("runtime_env", ["dev", "test", "prod"]) +def test_get_secret_by_name__None_client__returns_secret_value(mocker, runtime_env, settings, mock_DefaultAzureCredential): + settings.RUNTIME_ENVIRONMENT = lambda: runtime_env + expected_keyvault_url = KEY_VAULT_URL.format(env=runtime_env[0]) # set up the mock client class and expected return values # this test does not pass in a known client, instead checking that a client is constructed as expected + + secret_name = "the secret name" + secret_value = "the secret value" + mock_credential = mock_DefaultAzureCredential.return_value client_cls = mocker.patch("benefits.secrets.SecretClient") client = client_cls.return_value @@ -43,3 +49,21 @@ def test_get_secret_by_name__None_client__returns_value(mocker, settings, mock_D client_cls.assert_called_once_with(vault_url=expected_keyvault_url, credential=mock_credential) client.get_secret.assert_called_once_with(secret_name) assert actual_value == secret_value + + +def test_get_secret_by_name__local__returns_environment_variable(mocker, settings): + settings.RUNTIME_ENVIRONMENT = lambda: "local" + + secret_name = "the secret name" + secret_value = "the secret value" + + env_spy = mocker.patch("benefits.secrets.os.environ.get", return_value=secret_value) + client_cls = mocker.patch("benefits.secrets.SecretClient") + client = client_cls.return_value + + actual_value = get_secret_by_name(secret_name) + + client_cls.assert_not_called() + client.get_secret.assert_not_called() + env_spy.assert_called_once_with(secret_name) + assert actual_value == secret_value From e055d8617116916ab33ae8ea529f9e85bc84d812 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 6 Feb 2024 19:15:04 -0800 Subject: [PATCH 036/114] refactor(secrets): error handling for Azure auth problems --- benefits/secrets.py | 15 +++++++-- tests/pytest/test_secrets.py | 60 +++++++++++++++++++++++++++--------- 2 files changed, 58 insertions(+), 17 deletions(-) diff --git a/benefits/secrets.py b/benefits/secrets.py index 2c7b96c47..293b6d909 100644 --- a/benefits/secrets.py +++ b/benefits/secrets.py @@ -2,6 +2,7 @@ import os import sys +from azure.core.exceptions import ClientAuthenticationError from azure.identity import DefaultAzureCredential from azure.keyvault.secrets import SecretClient from django.conf import settings @@ -34,8 +35,18 @@ def get_secret_by_name(secret_name, client=None): credential = DefaultAzureCredential() client = SecretClient(vault_url=vault_url, credential=credential) - secret = client.get_secret(secret_name) - return secret.value + secret_value = None + + if client is not None: + try: + secret = client.get_secret(secret_name) + secret_value = secret.value + except ClientAuthenticationError: + logger.error("Could not authenticate to Azure KeyVault") + else: + logger.error("Azure KeyVault SecretClient was not configured") + + return secret_value if __name__ == "__main__": diff --git a/tests/pytest/test_secrets.py b/tests/pytest/test_secrets.py index 57fa9063b..1029538b0 100644 --- a/tests/pytest/test_secrets.py +++ b/tests/pytest/test_secrets.py @@ -1,4 +1,5 @@ import pytest +from azure.core.exceptions import ClientAuthenticationError from benefits.secrets import KEY_VAULT_URL, get_secret_by_name @@ -11,14 +12,20 @@ def mock_DefaultAzureCredential(mocker): return credential_cls +@pytest.fixture +def secret_name(): + return "the secret name" + + +@pytest.fixture +def secret_value(): + return "the secret value" + + @pytest.mark.parametrize("runtime_env", ["dev", "test", "prod"]) -def test_get_secret_by_name__with_client__returns_secret_value(mocker, runtime_env, settings): +def test_get_secret_by_name__with_client__returns_secret_value(mocker, runtime_env, settings, secret_name, secret_value): settings.RUNTIME_ENVIRONMENT = lambda: runtime_env - # set up the mock client class and expected return values - - secret_name = "the secret name" - secret_value = "the secret value" client = mocker.patch("benefits.secrets.SecretClient") client.get_secret.return_value = mocker.Mock(value=secret_value) @@ -29,16 +36,13 @@ def test_get_secret_by_name__with_client__returns_secret_value(mocker, runtime_e @pytest.mark.parametrize("runtime_env", ["dev", "test", "prod"]) -def test_get_secret_by_name__None_client__returns_secret_value(mocker, runtime_env, settings, mock_DefaultAzureCredential): +def test_get_secret_by_name__None_client__returns_secret_value( + mocker, runtime_env, settings, mock_DefaultAzureCredential, secret_name, secret_value +): settings.RUNTIME_ENVIRONMENT = lambda: runtime_env expected_keyvault_url = KEY_VAULT_URL.format(env=runtime_env[0]) - # set up the mock client class and expected return values # this test does not pass in a known client, instead checking that a client is constructed as expected - - secret_name = "the secret name" - secret_value = "the secret value" - mock_credential = mock_DefaultAzureCredential.return_value client_cls = mocker.patch("benefits.secrets.SecretClient") client = client_cls.return_value @@ -51,11 +55,37 @@ def test_get_secret_by_name__None_client__returns_secret_value(mocker, runtime_e assert actual_value == secret_value -def test_get_secret_by_name__local__returns_environment_variable(mocker, settings): - settings.RUNTIME_ENVIRONMENT = lambda: "local" +@pytest.mark.parametrize("runtime_env", ["dev", "test", "prod"]) +def test_get_secret_by_name__None_client__returns_None(mocker, runtime_env, settings, secret_name): + settings.RUNTIME_ENVIRONMENT = lambda: runtime_env + + # this test forces construction of a new client to None + client_cls = mocker.patch("benefits.secrets.SecretClient", return_value=None) + + actual_value = get_secret_by_name(secret_name) + + client_cls.assert_called_once() + assert actual_value is None - secret_name = "the secret name" - secret_value = "the secret value" + +@pytest.mark.parametrize("runtime_env", ["dev", "test", "prod"]) +def test_get_secret_by_name__unauthenticated_client__returns_None(mocker, runtime_env, settings, secret_name): + settings.RUNTIME_ENVIRONMENT = lambda: runtime_env + + # this test forces client.get_secret to throw an exception + client_cls = mocker.patch("benefits.secrets.SecretClient") + client = client_cls.return_value + client.get_secret.side_effect = ClientAuthenticationError + + actual_value = get_secret_by_name(secret_name) + + client_cls.assert_called_once() + client.get_secret.assert_called_once_with(secret_name) + assert actual_value is None + + +def test_get_secret_by_name__local__returns_environment_variable(mocker, settings, secret_name, secret_value): + settings.RUNTIME_ENVIRONMENT = lambda: "local" env_spy = mocker.patch("benefits.secrets.os.environ.get", return_value=secret_value) client_cls = mocker.patch("benefits.secrets.SecretClient") From 49c78a3fc3f5a51132550360767568f97b95ae3b Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 7 Feb 2024 04:00:08 +0000 Subject: [PATCH 037/114] fix(tests): remove tests, un-remove admin check --- benefits/settings.py | 104 +++++++++++++++++++------------------ tests/pytest/test_admin.py | 30 ----------- 2 files changed, 54 insertions(+), 80 deletions(-) delete mode 100644 tests/pytest/test_admin.py diff --git a/benefits/settings.py b/benefits/settings.py index e3f16bed8..842620c42 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -36,29 +36,30 @@ def _filter_empty(ls): "benefits.oauth", ] -GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret") -GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") -GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") -GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(",")) -GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(",")) -GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(",")) -GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg" -GOOGLE_SSO_SAVE_ACCESS_TOKEN = True -GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.core.admin.pre_login_user" -GOOGLE_SSO_SCOPES = [ - "openid", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", -] - -INSTALLED_APPS.extend( - [ - "django.contrib.admin", - "django.contrib.auth", - "django.contrib.contenttypes", - "django_google_sso", # Add django_google_sso +if ADMIN: + GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret") + GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") + GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") + GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(",")) + GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(",")) + GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(",")) + GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg" + GOOGLE_SSO_SAVE_ACCESS_TOKEN = True + GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.core.admin.pre_login_user" + GOOGLE_SSO_SCOPES = [ + "openid", + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/userinfo.profile", ] -) + + INSTALLED_APPS.extend( + [ + "django.contrib.admin", + "django.contrib.auth", + "django.contrib.contenttypes", + "django_google_sso", # Add django_google_sso + ] + ) MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", @@ -74,12 +75,13 @@ def _filter_empty(ls): "benefits.core.middleware.ChangedLanguageEvent", ] -MIDDLEWARE.extend( - [ - "django.contrib.auth.middleware.AuthenticationMiddleware", - "django.contrib.messages.middleware.MessageMiddleware", - ] -) +if ADMIN: + MIDDLEWARE.extend( + [ + "django.contrib.auth.middleware.AuthenticationMiddleware", + "django.contrib.messages.middleware.MessageMiddleware", + ] + ) if DEBUG: MIDDLEWARE.append("benefits.core.middleware.DebugSession") @@ -142,12 +144,13 @@ def _filter_empty(ls): ] ) -template_ctx_processors.extend( - [ - "django.contrib.auth.context_processors.auth", - "django.contrib.messages.context_processors.messages", - ] -) +if ADMIN: + template_ctx_processors.extend( + [ + "django.contrib.auth.context_processors.auth", + "django.contrib.messages.context_processors.messages", + ] + ) TEMPLATES = [ { @@ -174,22 +177,23 @@ def _filter_empty(ls): AUTH_PASSWORD_VALIDATORS = [] -AUTH_PASSWORD_VALIDATORS.extend( - [ - { - "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", - }, - ] -) +if ADMIN: + AUTH_PASSWORD_VALIDATORS.extend( + [ + { + "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", + }, + ] + ) # Internationalization diff --git a/tests/pytest/test_admin.py b/tests/pytest/test_admin.py deleted file mode 100644 index 5a99d59b2..000000000 --- a/tests/pytest/test_admin.py +++ /dev/null @@ -1,30 +0,0 @@ -import pytest - -from benefits.core.admin import pre_login_user - - -@pytest.mark.django_db -def test_pre_login_user(mocker, model_AdminUser): - assert model_AdminUser.email == "user@compiler.la" - assert model_AdminUser.first_name == "" - assert model_AdminUser.last_name == "" - assert model_AdminUser.username == "" - - response_from_google = { - "username": "admin@compiler.la", - "given_name": "Admin", - "family_name": "User", - "email": "admin@compiler.la", - } - - mocked_request = mocker.Mock() - mocked_response = mocker.Mock() - mocked_response.json.return_value = response_from_google - mocker.patch("benefits.core.admin.requests.get", return_value=mocked_response) - - pre_login_user(model_AdminUser, mocked_request) - - assert model_AdminUser.email == response_from_google["email"] - assert model_AdminUser.first_name == response_from_google["given_name"] - assert model_AdminUser.last_name == response_from_google["family_name"] - assert model_AdminUser.username == response_from_google["username"] From 147cd51ec69332924d0a6e4f8585388979bb0c41 Mon Sep 17 00:00:00 2001 From: Machiko Yasuda Date: Wed, 7 Feb 2024 04:06:12 +0000 Subject: [PATCH 038/114] fix: undo admin fixture --- tests/pytest/conftest.py | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/tests/pytest/conftest.py b/tests/pytest/conftest.py index 842ea5aa3..d3c78c512 100644 --- a/tests/pytest/conftest.py +++ b/tests/pytest/conftest.py @@ -3,12 +3,10 @@ from django.middleware.locale import LocaleMiddleware import pytest - from pytest_socket import disable_socket from benefits.core import session from benefits.core.models import AuthProvider, EligibilityType, EligibilityVerifier, PaymentProcessor, PemData, TransitAgency -from django.contrib.auth.models import User def pytest_runtest_setup(): @@ -34,21 +32,6 @@ def app_request(rf): return app_request -@pytest.fixture -def model_AdminUser(): - user = User.objects.create( - email="user@compiler.la", - first_name="", - last_name="", - username="", - is_active=True, - is_staff=True, - is_superuser=True, - ) - - return user - - @pytest.fixture def model_PemData(): data = PemData.objects.create( From 643f8308a8fbab3ed95e9e875aa69cc8d071bc1c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Feb 2024 21:06:44 +0000 Subject: [PATCH 039/114] chore(deps-dev): bump sentry-sdk from 1.40.0 to 1.40.2 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.40.0 to 1.40.2. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-python/compare/1.40.0...1.40.2) --- updated-dependencies: - dependency-name: sentry-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index f38537d97..bde31af9f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -12,7 +12,7 @@ dependencies = [ "django-csp==3.7", "eligibility-api==2023.9.1", "requests==2.31.0", - "sentry-sdk==1.40.0", + "sentry-sdk==1.40.2", "six==1.16.0", ] From c4f7b620b12aed40634a16f8224c6f2d4ba5f61e Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 6 Feb 2024 01:01:39 +0000 Subject: [PATCH 040/114] feat(secrets): Django validator for secret names Azure KeyVault currently enforces the following rules: * The value must be between 1 and 127 characters long. * Secret names can only contain alphanumeric characters and dashes. Read more about Azure KeyVault naming rules: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftkeyvault Read more about Django validators: https://docs.djangoproject.com/en/5.0/ref/validators/#module-django.core.validators --- benefits/core/models.py | 25 ++++++++++++++++++++ tests/pytest/core/test_models.py | 39 +++++++++++++++++++++++++++++++- 2 files changed, 63 insertions(+), 1 deletion(-) diff --git a/benefits/core/models.py b/benefits/core/models.py index 8de6ec1fe..ed5c1e3d9 100644 --- a/benefits/core/models.py +++ b/benefits/core/models.py @@ -4,7 +4,9 @@ import importlib import logging +import re +from django.core.validators import RegexValidator from django.conf import settings from django.db import models from django.urls import reverse @@ -15,6 +17,29 @@ logger = logging.getLogger(__name__) +class SecretNameValidator(RegexValidator): + """RegexValidator that validates a secret name. + + Azure KeyVault currently enforces the following rules: + + * The value must be between 1 and 127 characters long. + * Secret names can only contain alphanumeric characters and dashes. + + Read more about Azure KeyVault naming rules: + https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftkeyvault + + Read more about Django validators: + https://docs.djangoproject.com/en/5.0/ref/validators/#module-django.core.validators + """ + + def __init__(self, *args, **kwargs): + kwargs["regex"] = re.compile(r"^[-a-zA-Z0-9]{1,127}$", re.ASCII) + kwargs["message"] = ( + "Enter a valid secret name of between 1-127 alphanumeric ASCII characters and the hyphen character only." + ) + super().__init__(*args, **kwargs) + + class PemData(models.Model): """API Certificate or Key in PEM format.""" diff --git a/tests/pytest/core/test_models.py b/tests/pytest/core/test_models.py index 6df589ce0..36e5a5b09 100644 --- a/tests/pytest/core/test_models.py +++ b/tests/pytest/core/test_models.py @@ -1,7 +1,44 @@ from django.conf import settings +from django.core.exceptions import ValidationError + import pytest -from benefits.core.models import EligibilityType, EligibilityVerifier, TransitAgency +from benefits.core.models import SecretNameValidator, EligibilityType, EligibilityVerifier, TransitAgency + + +@pytest.mark.parametrize( + "secret_name", + [ + "a", + "1", + "one", + "one-two-three", + "1-2-3", + "this-is-a-really-long-secret-name-in-fact-it-is-the-absolute-maximum-length-of-127-characters-to-be-exact-and-now-it-has-enough", # noqa: E501 + ], +) +def test_SecretNameValidator_valid(secret_name): + validator = SecretNameValidator() + + # a successful validation does not raise an Exception and returns None + assert validator(secret_name) is None + + +@pytest.mark.parametrize( + "secret_name", + [ + "", + "!", + "underscores_not_allowed", + "this-is-a-really-long-secret-name-in-fact-it-much-much-longer-than-the-absolute-maximum-length-of-127-characters-and-now-it-has-enough-to-be-too-long", # noqa: E501 + ], +) +def test_SecretNameValidator_invalid(secret_name): + validator = SecretNameValidator() + + # an unsuccessful validation raises django.core.exceptions.ValidationError + with pytest.raises(ValidationError): + validator(secret_name) @pytest.mark.django_db From 5c94f1256d2617211186e3f8187e523f14d81418 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 6 Feb 2024 02:54:04 +0000 Subject: [PATCH 041/114] feat(secrets): Django field for storing secret names --- benefits/core/models.py | 32 ++++++++++++++++++++++++++++++++ tests/pytest/core/test_models.py | 14 +++++++++++++- 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/benefits/core/models.py b/benefits/core/models.py index ed5c1e3d9..d2db9664f 100644 --- a/benefits/core/models.py +++ b/benefits/core/models.py @@ -40,6 +40,38 @@ def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) +class SecretValueField(models.SlugField): + """Field that handles retrieving a value from a secret store. + + The field value is the name of the secret to be retrieved. + + The secret value itself MUST NEVER be stored in this field. + """ + + NAME_VALIDATOR = SecretNameValidator() + + description = """Field that handles retrieving a value from a secret store. + + The field value is the name of the secret to be retrieved. Must be between 1-127 alphanumeric ASCII characters or hyphen + characters. + + The secret value itself MUST NEVER be stored in this field. + """ + + def __init__(self, *args, **kwargs): + kwargs["validators"] = [self.NAME_VALIDATOR] + # although the validator also checks for a max length of 127 + # this setting enforces the length at the database column level as well + kwargs["max_length"] = 127 + # similar to max_length, enforce at the field (form) validation level to not allow blanks + kwargs["blank"] = False + # similar to blank, enforce at the database level that null is not allowed + kwargs["null"] = False + # the default is False, but this is more explicit + kwargs["allow_unicode"] = False + super().__init__(*args, **kwargs) + + class PemData(models.Model): """API Certificate or Key in PEM format.""" diff --git a/tests/pytest/core/test_models.py b/tests/pytest/core/test_models.py index 36e5a5b09..e8b9e62ab 100644 --- a/tests/pytest/core/test_models.py +++ b/tests/pytest/core/test_models.py @@ -3,7 +3,7 @@ import pytest -from benefits.core.models import SecretNameValidator, EligibilityType, EligibilityVerifier, TransitAgency +from benefits.core.models import SecretNameValidator, SecretValueField, EligibilityType, EligibilityVerifier, TransitAgency @pytest.mark.parametrize( @@ -41,6 +41,18 @@ def test_SecretNameValidator_invalid(secret_name): validator(secret_name) +def test_SecretValueField_init(): + field = SecretValueField() + + assert SecretValueField.NAME_VALIDATOR in field.validators + assert field.max_length == 127 + assert field.blank is False + assert field.null is False + assert field.allow_unicode is False + assert field.description is not None + assert field.description != "" + + @pytest.mark.django_db def test_PemData_str(model_PemData): assert str(model_PemData) == model_PemData.label From ca91759b0225af0a2f6dd5a02f0bec5bf6f4bfb0 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 6 Feb 2024 03:57:31 +0000 Subject: [PATCH 042/114] refactor(models): AuthProvider.client_id is a secret field * update definition to use new field * update migrations * remove env var from terraform definitions * move default value to .env.sample --- .env.sample | 1 + benefits/core/migrations/0001_initial.py | 13 ++++++++++--- benefits/core/migrations/0002_data.py | 4 ++-- benefits/core/models.py | 8 +++++++- terraform/app_service.tf | 1 - tests/pytest/conftest.py | 2 +- tests/pytest/core/test_models.py | 13 +++++++++++++ 7 files changed, 34 insertions(+), 8 deletions(-) diff --git a/.env.sample b/.env.sample index e60bb329e..b2d3b49ef 100644 --- a/.env.sample +++ b/.env.sample @@ -1 +1,2 @@ testsecret=Hello from the local environment! +auth_provider_client_id=benefits-oauth-client-id diff --git a/benefits/core/migrations/0001_initial.py b/benefits/core/migrations/0001_initial.py index ad482b829..f1ff709af 100644 --- a/benefits/core/migrations/0001_initial.py +++ b/benefits/core/migrations/0001_initial.py @@ -1,10 +1,12 @@ -# Generated by Django 4.2.4 on 2023-08-16 15:06 +# Generated by Django 5.0.1 on 2024-02-06 03:46 -from django.db import migrations, models +import benefits.core.models import django.db.models.deletion +from django.db import migrations, models class Migration(migrations.Migration): + initial = True dependencies = [] @@ -17,7 +19,12 @@ class Migration(migrations.Migration): ("sign_out_button_template", models.TextField(null=True)), ("sign_out_link_template", models.TextField(null=True)), ("client_name", models.TextField()), - ("client_id", models.TextField()), + ( + "client_id_secret_name", + benefits.core.models.SecretValueField( + max_length=127, validators=[benefits.core.models.SecretNameValidator()] + ), + ), ("authority", models.TextField()), ("scope", models.TextField(null=True)), ("claim", models.TextField(null=True)), diff --git a/benefits/core/migrations/0002_data.py b/benefits/core/migrations/0002_data.py index c1807c2ea..14ea86a70 100644 --- a/benefits/core/migrations/0002_data.py +++ b/benefits/core/migrations/0002_data.py @@ -160,7 +160,7 @@ def load_data(app, *args, **kwargs): sign_out_button_template="core/includes/button--sign-out--login-gov.html", sign_out_link_template="core/includes/link--sign-out--login-gov.html", client_name=os.environ.get("SENIOR_AUTH_PROVIDER_CLIENT_NAME", "senior-benefits-oauth-client-name"), - client_id=os.environ.get("AUTH_PROVIDER_CLIENT_ID", "benefits-oauth-client-id"), + client_id_secret_name="auth-provider-client-id", authority=os.environ.get("AUTH_PROVIDER_AUTHORITY", "https://example.com"), scope=os.environ.get("SENIOR_AUTH_PROVIDER_SCOPE", "verify:senior"), claim=os.environ.get("SENIOR_AUTH_PROVIDER_CLAIM", "senior"), @@ -171,7 +171,7 @@ def load_data(app, *args, **kwargs): sign_out_button_template="core/includes/button--sign-out--login-gov.html", sign_out_link_template="core/includes/link--sign-out--login-gov.html", client_name=os.environ.get("VETERAN_AUTH_PROVIDER_CLIENT_NAME", "veteran-benefits-oauth-client-name"), - client_id=os.environ.get("AUTH_PROVIDER_CLIENT_ID", "benefits-oauth-client-id"), + client_id_secret_name="auth-provider-client-id", authority=os.environ.get("AUTH_PROVIDER_AUTHORITY", "https://example.com"), scope=os.environ.get("VETERAN_AUTH_PROVIDER_SCOPE", "verify:veteran"), claim=os.environ.get("VETERAN_AUTH_PROVIDER_CLAIM", "veteran"), diff --git a/benefits/core/models.py b/benefits/core/models.py index d2db9664f..5fc688010 100644 --- a/benefits/core/models.py +++ b/benefits/core/models.py @@ -13,6 +13,8 @@ import requests +from benefits.secrets import get_secret_by_name + logger = logging.getLogger(__name__) @@ -104,7 +106,7 @@ class AuthProvider(models.Model): sign_out_button_template = models.TextField(null=True) sign_out_link_template = models.TextField(null=True) client_name = models.TextField() - client_id = models.TextField() + client_id_secret_name = SecretValueField() authority = models.TextField() scope = models.TextField(null=True) claim = models.TextField(null=True) @@ -118,6 +120,10 @@ def supports_claims_verification(self): def supports_sign_out(self): return bool(self.sign_out_button_template) or bool(self.sign_out_link_template) + @property + def client_id(self): + return get_secret_by_name(self.client_id_secret_name) + class EligibilityType(models.Model): """A single conditional eligibility type.""" diff --git a/terraform/app_service.tf b/terraform/app_service.tf index bc8004731..f1f32161c 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -119,7 +119,6 @@ resource "azurerm_linux_web_app" "main" { "SBMTD_PAYMENT_PROCESSOR_CLIENT_CERT" = "${local.secret_prefix}sbmtd-payment-processor-client-cert)" "SBMTD_PAYMENT_PROCESSOR_CLIENT_CERT_PRIVATE_KEY" = "${local.secret_prefix}sbmtd-payment-processor-client-cert-private-key)" "SBMTD_PAYMENT_PROCESSOR_CLIENT_CERT_ROOT_CA" = "${local.secret_prefix}sbmtd-payment-processor-client-cert-root-ca)" - "AUTH_PROVIDER_CLIENT_ID" = "${local.secret_prefix}auth-provider-client-id)" "AUTH_PROVIDER_AUTHORITY" = "${local.secret_prefix}auth-provider-authority)" "SENIOR_AUTH_PROVIDER_CLIENT_NAME" = "${local.secret_prefix}senior-auth-provider-client-name)" "SENIOR_AUTH_PROVIDER_SCOPE" = "${local.secret_prefix}senior-auth-provider-scope)" diff --git a/tests/pytest/conftest.py b/tests/pytest/conftest.py index d3c78c512..883cb7c02 100644 --- a/tests/pytest/conftest.py +++ b/tests/pytest/conftest.py @@ -47,7 +47,7 @@ def model_AuthProvider(): sign_out_button_template="core/includes/button--sign-out--senior.html", sign_out_link_template="core/includes/link--sign-out--senior.html", client_name="Client", - client_id="1234", + client_id_secret_name="1234", authority="https://example.com", ) diff --git a/tests/pytest/core/test_models.py b/tests/pytest/core/test_models.py index e8b9e62ab..a5050cd0e 100644 --- a/tests/pytest/core/test_models.py +++ b/tests/pytest/core/test_models.py @@ -53,6 +53,11 @@ def test_SecretValueField_init(): assert field.description != "" +@pytest.fixture +def mock_get_secret_by_name(mocker): + return mocker.patch("benefits.core.models.get_secret_by_name", return_value="secret value!") + + @pytest.mark.django_db def test_PemData_str(model_PemData): assert str(model_PemData) == model_PemData.label @@ -88,6 +93,14 @@ def test_model_AuthProvider(model_AuthProvider): assert model_AuthProvider.supports_sign_out +@pytest.mark.django_db +def test_model_AuthProvider_client_id(model_AuthProvider, mock_get_secret_by_name): + secret_value = model_AuthProvider.client_id + + mock_get_secret_by_name.assert_called_once_with(model_AuthProvider.client_id_secret_name) + assert secret_value == mock_get_secret_by_name.return_value + + @pytest.mark.django_db def test_model_AuthProvider_with_verification(model_AuthProvider_with_verification): assert model_AuthProvider_with_verification.supports_claims_verification From cb315e6497e1f2073228a0066dfd839bbc1bb24c Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 6 Feb 2024 18:39:58 +0000 Subject: [PATCH 043/114] refactor(models): EligibilityVerifier.api_auth_key is a secret field * update definition to use new field * update migrations * remove env vars from terraform definitions * move default value to .env.sample --- .env.sample | 2 ++ benefits/core/migrations/0001_initial.py | 9 +++++++-- benefits/core/migrations/0002_data.py | 4 ++-- benefits/core/models.py | 11 ++++++++--- terraform/app_service.tf | 2 -- tests/pytest/conftest.py | 8 +++++++- tests/pytest/core/test_models.py | 19 +++++++++++-------- 7 files changed, 37 insertions(+), 18 deletions(-) diff --git a/.env.sample b/.env.sample index b2d3b49ef..4a2e616e9 100644 --- a/.env.sample +++ b/.env.sample @@ -1,2 +1,4 @@ testsecret=Hello from the local environment! auth_provider_client_id=benefits-oauth-client-id +courtesy_card_verifier_api_auth_key=server-auth-token +mobility_pass_verifier_api_auth_key=server-auth-token diff --git a/benefits/core/migrations/0001_initial.py b/benefits/core/migrations/0001_initial.py index f1ff709af..a3f3c630a 100644 --- a/benefits/core/migrations/0001_initial.py +++ b/benefits/core/migrations/0001_initial.py @@ -1,4 +1,4 @@ -# Generated by Django 5.0.1 on 2024-02-06 03:46 +# Generated by Django 5.0.1 on 2024-02-06 18:09 import benefits.core.models import django.db.models.deletion @@ -48,7 +48,12 @@ class Migration(migrations.Migration): ("active", models.BooleanField(default=False)), ("api_url", models.TextField(null=True)), ("api_auth_header", models.TextField(null=True)), - ("api_auth_key", models.TextField(null=True)), + ( + "api_auth_key_secret_name", + benefits.core.models.SecretValueField( + max_length=127, null=True, validators=[benefits.core.models.SecretNameValidator()] + ), + ), ("jwe_cek_enc", models.TextField(null=True)), ("jwe_encryption_alg", models.TextField(null=True)), ("jws_signing_alg", models.TextField(null=True)), diff --git a/benefits/core/migrations/0002_data.py b/benefits/core/migrations/0002_data.py index 14ea86a70..b509e3d11 100644 --- a/benefits/core/migrations/0002_data.py +++ b/benefits/core/migrations/0002_data.py @@ -203,7 +203,7 @@ def load_data(app, *args, **kwargs): active=os.environ.get("COURTESY_CARD_VERIFIER_ACTIVE", "True").lower() == "true", api_url=os.environ.get("COURTESY_CARD_VERIFIER_API_URL", "http://server:8000/verify"), api_auth_header=os.environ.get("COURTESY_CARD_VERIFIER_API_AUTH_HEADER", "X-Server-API-Key"), - api_auth_key=os.environ.get("COURTESY_CARD_VERIFIER_API_AUTH_KEY", "server-auth-token"), + api_auth_key_secret_name="courtesy-card-verifier-api-auth-key", eligibility_type=mst_courtesy_card_type, public_key=mst_server_public_key, jwe_cek_enc=os.environ.get("COURTESY_CARD_VERIFIER_JWE_CEK_ENC", "A256CBC-HS512"), @@ -238,7 +238,7 @@ def load_data(app, *args, **kwargs): active=os.environ.get("MOBILITY_PASS_VERIFIER_ACTIVE", "True").lower() == "true", api_url=os.environ.get("MOBILITY_PASS_VERIFIER_API_URL", "http://server:8000/verify"), api_auth_header=os.environ.get("MOBILITY_PASS_VERIFIER_API_AUTH_HEADER", "X-Server-API-Key"), - api_auth_key=os.environ.get("MOBILITY_PASS_VERIFIER_API_AUTH_KEY", "server-auth-token"), + api_auth_key_secret_name="mobility-pass-verifier-api-auth-key", eligibility_type=sbmtd_mobility_pass_type, public_key=sbmtd_server_public_key, jwe_cek_enc=os.environ.get("MOBILITY_PASS_VERIFIER_JWE_CEK_ENC", "A256CBC-HS512"), diff --git a/benefits/core/models.py b/benefits/core/models.py index 5fc688010..070b8ccb7 100644 --- a/benefits/core/models.py +++ b/benefits/core/models.py @@ -67,8 +67,6 @@ def __init__(self, *args, **kwargs): kwargs["max_length"] = 127 # similar to max_length, enforce at the field (form) validation level to not allow blanks kwargs["blank"] = False - # similar to blank, enforce at the database level that null is not allowed - kwargs["null"] = False # the default is False, but this is more explicit kwargs["allow_unicode"] = False super().__init__(*args, **kwargs) @@ -164,7 +162,7 @@ class EligibilityVerifier(models.Model): active = models.BooleanField(default=False) api_url = models.TextField(null=True) api_auth_header = models.TextField(null=True) - api_auth_key = models.TextField(null=True) + api_auth_key_secret_name = SecretValueField(null=True) eligibility_type = models.ForeignKey(EligibilityType, on_delete=models.PROTECT) # public key is used to encrypt requests targeted at this Verifier and to verify signed responses from this verifier public_key = models.ForeignKey(PemData, related_name="+", on_delete=models.PROTECT, null=True) @@ -183,6 +181,13 @@ class EligibilityVerifier(models.Model): def __str__(self): return self.name + @property + def api_auth_key(self): + if self.api_auth_key_secret_name is not None: + return get_secret_by_name(self.api_auth_key_secret_name) + else: + return None + @property def public_key_data(self): """This Verifier's public key as a string.""" diff --git a/terraform/app_service.tf b/terraform/app_service.tf index f1f32161c..3a95f334f 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -136,7 +136,6 @@ resource "azurerm_linux_web_app" "main" { "COURTESY_CARD_VERIFIER_ACTIVE" = "${local.secret_prefix}courtesy-card-verifier-active)" "COURTESY_CARD_VERIFIER_API_URL" = "${local.secret_prefix}courtesy-card-verifier-api-url)" "COURTESY_CARD_VERIFIER_API_AUTH_HEADER" = "${local.secret_prefix}courtesy-card-verifier-api-auth-header)" - "COURTESY_CARD_VERIFIER_API_AUTH_KEY" = "${local.secret_prefix}courtesy-card-verifier-api-auth-key)" "COURTESY_CARD_VERIFIER_JWE_CEK_ENC" = "${local.secret_prefix}courtesy-card-verifier-jwe-cek-enc)" "COURTESY_CARD_VERIFIER_JWE_ENCRYPTION_ALG" = "${local.secret_prefix}courtesy-card-verifier-jwe-encryption-alg)" "COURTESY_CARD_VERIFIER_JWS_SIGNING_ALG" = "${local.secret_prefix}courtesy-card-verifier-jws-signing-alg)" @@ -172,7 +171,6 @@ resource "azurerm_linux_web_app" "main" { "MOBILITY_PASS_VERIFIER_ACTIVE" = "${local.secret_prefix}mobility-pass-verifier-active)" "MOBILITY_PASS_VERIFIER_API_URL" = "${local.secret_prefix}mobility-pass-verifier-api-url)" "MOBILITY_PASS_VERIFIER_API_AUTH_HEADER" = "${local.secret_prefix}mobility-pass-verifier-api-auth-header)" - "MOBILITY_PASS_VERIFIER_API_AUTH_KEY" = "${local.secret_prefix}mobility-pass-verifier-api-auth-key)" "MOBILITY_PASS_VERIFIER_JWE_CEK_ENC" = "${local.secret_prefix}mobility-pass-verifier-jwe-cek-enc)" "MOBILITY_PASS_VERIFIER_JWE_ENCRYPTION_ALG" = "${local.secret_prefix}mobility-pass-verifier-jwe-encryption-alg)" "MOBILITY_PASS_VERIFIER_JWS_SIGNING_ALG" = "${local.secret_prefix}mobility-pass-verifier-jws-signing-alg)" diff --git a/tests/pytest/conftest.py b/tests/pytest/conftest.py index 883cb7c02..920aaa9e3 100644 --- a/tests/pytest/conftest.py +++ b/tests/pytest/conftest.py @@ -32,6 +32,12 @@ def app_request(rf): return app_request +# autouse this fixture so we never call out to the real secret store +@pytest.fixture(autouse=True) +def mock_models_get_secret_by_name(mocker): + return mocker.patch("benefits.core.models.get_secret_by_name", return_value="secret value!") + + @pytest.fixture def model_PemData(): data = PemData.objects.create( @@ -108,7 +114,7 @@ def model_EligibilityVerifier(model_PemData, model_EligibilityType): active=True, api_url="https://example.com/verify", api_auth_header="X-API-AUTH", - api_auth_key="secret-key", + api_auth_key_secret_name="secret-key", eligibility_type=model_EligibilityType, public_key=model_PemData, selection_label_template="eligibility/includes/selection-label.html", diff --git a/tests/pytest/core/test_models.py b/tests/pytest/core/test_models.py index a5050cd0e..8f959ddef 100644 --- a/tests/pytest/core/test_models.py +++ b/tests/pytest/core/test_models.py @@ -53,11 +53,6 @@ def test_SecretValueField_init(): assert field.description != "" -@pytest.fixture -def mock_get_secret_by_name(mocker): - return mocker.patch("benefits.core.models.get_secret_by_name", return_value="secret value!") - - @pytest.mark.django_db def test_PemData_str(model_PemData): assert str(model_PemData) == model_PemData.label @@ -94,11 +89,11 @@ def test_model_AuthProvider(model_AuthProvider): @pytest.mark.django_db -def test_model_AuthProvider_client_id(model_AuthProvider, mock_get_secret_by_name): +def test_model_AuthProvider_client_id(model_AuthProvider, mock_models_get_secret_by_name): secret_value = model_AuthProvider.client_id - mock_get_secret_by_name.assert_called_once_with(model_AuthProvider.client_id_secret_name) - assert secret_value == mock_get_secret_by_name.return_value + mock_models_get_secret_by_name.assert_called_once_with(model_AuthProvider.client_id_secret_name) + assert secret_value == mock_models_get_secret_by_name.return_value @pytest.mark.django_db @@ -266,6 +261,14 @@ def test_EligibilityVerifier_without_AuthProvider(model_EligibilityVerifier): assert not model_EligibilityVerifier.uses_auth_verification +@pytest.mark.django_db +def test_EligiblityVerifier_api_auth_key(model_EligibilityVerifier, mock_models_get_secret_by_name): + secret_value = model_EligibilityVerifier.api_auth_key + + mock_models_get_secret_by_name.assert_called_once_with(model_EligibilityVerifier.api_auth_key_secret_name) + assert secret_value == mock_models_get_secret_by_name.return_value + + @pytest.mark.django_db def test_PaymentProcessor_str(model_PaymentProcessor): assert str(model_PaymentProcessor) == model_PaymentProcessor.name From a4b367584a6b54b28f960c11f162c276705e219d Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 6 Feb 2024 19:50:25 +0000 Subject: [PATCH 044/114] refactor(models): PemData.data could come from a secret field PemData favors the secret, but fallback to a remote URL this is to allow for simpler turn-key local development * update definition to use new field * update migrations * remove env vars from terraform definitions * move default keys to .env.sample --- .env.sample | 63 +++++++++++++++++++++ benefits/core/migrations/0001_initial.py | 7 ++- benefits/core/migrations/0002_data.py | 70 ++++-------------------- benefits/core/models.py | 29 ++++++---- terraform/app_service.tf | 11 ---- tests/pytest/conftest.py | 4 +- tests/pytest/core/test_models.py | 61 +++++++++++++++++---- 7 files changed, 149 insertions(+), 96 deletions(-) diff --git a/.env.sample b/.env.sample index 4a2e616e9..b5aedbf6d 100644 --- a/.env.sample +++ b/.env.sample @@ -2,3 +2,66 @@ testsecret=Hello from the local environment! auth_provider_client_id=benefits-oauth-client-id courtesy_card_verifier_api_auth_key=server-auth-token mobility_pass_verifier_api_auth_key=server-auth-token +client_private_key='-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA1pt0ZoOuPEVPJJS+5r884zcjZLkZZ2GcPwr79XOLDbOi46on +Ca79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2RoxFb5QGaevnJY828NupzTNdUd0sY +JK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68UAlK+VjwJkfYPrhq/bl5z8ZiurvBa +5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQNd3RaIaSREO50NvNywXIIt/OmCiR +qI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5epTsWcURmhVofF2wVoFbib3JGCfA7t +z/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUViwIDAQABAoIBAQCIv0XMjNvZS9DC +XoXGQtVpcxj6dXfaiDgnc7hZDubsNCr3JtT5NqgdIYdVNQUABNDIPNEiCkzFjuwM +uuF2+dRzM/x6UCs/cSsCjXYBCCOwMwV/fjpEJQnwMQqwTLulVsXZYYeSUtXVBf/8 +0tVULRty34apLFhsyX30UtboXQdESfpmm5ZsqsZJlYljw+M7JxRMneQclI19y/ya +hPWlfhLB9OffVEJXGaWx1NSYnKoCMKqE/+4krROr6V62xXaNyX6WtU6XiT7C6R5A +PBxfhmoeFdVCF6a+Qq0v2fKThYoZnV4sn2q2An9YPfynFYnlgzdfnAFSejsqxQd0 +fxYLOtMBAoGBAP1jxjHDJngZ1N+ymw9MIpRgr3HeuMP5phiSTbY2tu9lPzQd+TMX +fhr1bQh2Fd/vU0u7X0yPnTWtUrLlCdGnWPpXivx95GNGgUUIk2HStFdrRx+f2Qvk +G8vtLgmSbjQ26UiHzxi9Wa0a41PWIA3TixkcFrS2X29Qc4yd6pVHmicfAoGBANjR +Z8aaDkSKLkq5Nk1T7I0E1+mtPoH1tPV/FJClXjJrvfDuYHBeOyUpipZddnZuPGWA +IW2tFIsMgJQtgpvgs52NFI7pQGJRUPK/fTG+Ycocxo78TkLr/RIj8Kj5brXsbZ9P +3/WBX5GAISTSp1ab8xVgK/Tm07hGupKVqnY2lCAVAoGAIql0YjhE2ecGtLcU+Qm8 +LTnwpg4GjmBnNTNGSCfB7IuYEsQK489R49Qw3xhwM5rkdRajmbCHm+Eiz+/+4NwY +kt5I1/NMu7vYUR40MwyEuPSm3Q+bvEGu/71pL8wFIUVlshNJ5CN60fA8qqo+5kVK +4Ntzy7Kq6WpC9Dhh75vE3ZcCgYEAty99uXtxsJD6+aEwcvcENkUwUztPQ6ggAwci +je9Z/cmwCj6s9mN3HzfQ4qgGrZsHpk4ycCK655xhilBFOIQJ3YRUKUaDYk4H0YDe +Osf6gTP8wtQDH2GZSNlavLk5w7UFDYQD2b47y4fw+NaOEYvjPl0p5lmb6ebAPZb8 +FbKZRd0CgYBC1HTbA+zMEqDdY4MWJJLC6jZsjdxOGhzjrCtWcIWEGMDF7oDDEoix +W3j2hwm4C6vaNkH9XX1dr5+q6gq8vJQdbYoExl22BGMiNbfI3+sLRk0zBYL//W6c +tSREgR4EjosqQfbkceLJ2JT1wuNjInI0eR9H3cRugvlDTeWtbdJ5qA== +-----END RSA PRIVATE KEY-----' +client_public_key='-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pt0ZoOuPEVPJJS+5r88 +4zcjZLkZZ2GcPwr79XOLDbOi46onCa79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2R +oxFb5QGaevnJY828NupzTNdUd0sYJK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68U +AlK+VjwJkfYPrhq/bl5z8ZiurvBa5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQ +Nd3RaIaSREO50NvNywXIIt/OmCiRqI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5ep +TsWcURmhVofF2wVoFbib3JGCfA7tz/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUV +iwIDAQAB +-----END PUBLIC KEY-----' +mst_payment_processor_client_cert='-----BEGIN CERTIFICATE----- +PEM DATA +-----END CERTIFICATE-----' +mst_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY----- +PEM DATA +-----END RSA PRIVATE KEY-----' +mst_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE----- +PEM DATA +-----END CERTIFICATE-----' +sacrt_payment_processor_client_cert='-----BEGIN CERTIFICATE----- +PEM DATA +-----END CERTIFICATE-----' +sacrt_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY----- +PEM DATA +-----END RSA PRIVATE KEY-----' +sacrt_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE----- +PEM DATA +-----END CERTIFICATE-----' +sbmtd_payment_processor_client_cert='-----BEGIN CERTIFICATE----- +PEM DATA +-----END CERTIFICATE-----' +sbmtd_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY----- +PEM DATA +-----END RSA PRIVATE KEY-----' +sbmtd_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE----- +PEM DATA +-----END CERTIFICATE-----' diff --git a/benefits/core/migrations/0001_initial.py b/benefits/core/migrations/0001_initial.py index a3f3c630a..db5f9936d 100644 --- a/benefits/core/migrations/0001_initial.py +++ b/benefits/core/migrations/0001_initial.py @@ -92,8 +92,13 @@ class Migration(migrations.Migration): fields=[ ("id", models.AutoField(primary_key=True, serialize=False)), ("label", models.TextField()), - ("text", models.TextField(null=True)), ("remote_url", models.TextField(null=True)), + ( + "text_secret_name", + benefits.core.models.SecretValueField( + max_length=127, null=True, validators=[benefits.core.models.SecretNameValidator()] + ), + ), ], ), migrations.CreateModel( diff --git a/benefits/core/migrations/0002_data.py b/benefits/core/migrations/0002_data.py index b509e3d11..a78b8e495 100644 --- a/benefits/core/migrations/0002_data.py +++ b/benefits/core/migrations/0002_data.py @@ -51,106 +51,58 @@ def load_data(app, *args, **kwargs): ), ) - default_client_private_key = """ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA1pt0ZoOuPEVPJJS+5r884zcjZLkZZ2GcPwr79XOLDbOi46on -Ca79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2RoxFb5QGaevnJY828NupzTNdUd0sY -JK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68UAlK+VjwJkfYPrhq/bl5z8ZiurvBa -5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQNd3RaIaSREO50NvNywXIIt/OmCiR -qI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5epTsWcURmhVofF2wVoFbib3JGCfA7t -z/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUViwIDAQABAoIBAQCIv0XMjNvZS9DC -XoXGQtVpcxj6dXfaiDgnc7hZDubsNCr3JtT5NqgdIYdVNQUABNDIPNEiCkzFjuwM -uuF2+dRzM/x6UCs/cSsCjXYBCCOwMwV/fjpEJQnwMQqwTLulVsXZYYeSUtXVBf/8 -0tVULRty34apLFhsyX30UtboXQdESfpmm5ZsqsZJlYljw+M7JxRMneQclI19y/ya -hPWlfhLB9OffVEJXGaWx1NSYnKoCMKqE/+4krROr6V62xXaNyX6WtU6XiT7C6R5A -PBxfhmoeFdVCF6a+Qq0v2fKThYoZnV4sn2q2An9YPfynFYnlgzdfnAFSejsqxQd0 -fxYLOtMBAoGBAP1jxjHDJngZ1N+ymw9MIpRgr3HeuMP5phiSTbY2tu9lPzQd+TMX -fhr1bQh2Fd/vU0u7X0yPnTWtUrLlCdGnWPpXivx95GNGgUUIk2HStFdrRx+f2Qvk -G8vtLgmSbjQ26UiHzxi9Wa0a41PWIA3TixkcFrS2X29Qc4yd6pVHmicfAoGBANjR -Z8aaDkSKLkq5Nk1T7I0E1+mtPoH1tPV/FJClXjJrvfDuYHBeOyUpipZddnZuPGWA -IW2tFIsMgJQtgpvgs52NFI7pQGJRUPK/fTG+Ycocxo78TkLr/RIj8Kj5brXsbZ9P -3/WBX5GAISTSp1ab8xVgK/Tm07hGupKVqnY2lCAVAoGAIql0YjhE2ecGtLcU+Qm8 -LTnwpg4GjmBnNTNGSCfB7IuYEsQK489R49Qw3xhwM5rkdRajmbCHm+Eiz+/+4NwY -kt5I1/NMu7vYUR40MwyEuPSm3Q+bvEGu/71pL8wFIUVlshNJ5CN60fA8qqo+5kVK -4Ntzy7Kq6WpC9Dhh75vE3ZcCgYEAty99uXtxsJD6+aEwcvcENkUwUztPQ6ggAwci -je9Z/cmwCj6s9mN3HzfQ4qgGrZsHpk4ycCK655xhilBFOIQJ3YRUKUaDYk4H0YDe -Osf6gTP8wtQDH2GZSNlavLk5w7UFDYQD2b47y4fw+NaOEYvjPl0p5lmb6ebAPZb8 -FbKZRd0CgYBC1HTbA+zMEqDdY4MWJJLC6jZsjdxOGhzjrCtWcIWEGMDF7oDDEoix -W3j2hwm4C6vaNkH9XX1dr5+q6gq8vJQdbYoExl22BGMiNbfI3+sLRk0zBYL//W6c -tSREgR4EjosqQfbkceLJ2JT1wuNjInI0eR9H3cRugvlDTeWtbdJ5qA== ------END RSA PRIVATE KEY----- -""" - client_private_key = PemData.objects.create( - text=os.environ.get("CLIENT_PRIVATE_KEY", default_client_private_key), + text_secret_name="client-private-key", label="Benefits client private key", ) - default_client_public_key = """ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pt0ZoOuPEVPJJS+5r88 -4zcjZLkZZ2GcPwr79XOLDbOi46onCa79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2R -oxFb5QGaevnJY828NupzTNdUd0sYJK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68U -AlK+VjwJkfYPrhq/bl5z8ZiurvBa5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQ -Nd3RaIaSREO50NvNywXIIt/OmCiRqI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5ep -TsWcURmhVofF2wVoFbib3JGCfA7tz/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUV -iwIDAQAB ------END PUBLIC KEY----- -""" - client_public_key = PemData.objects.create( - text=os.environ.get("CLIENT_PUBLIC_KEY", default_client_public_key), + text_secret_name="client-public-key", label="Benefits client public key", ) - dummy_cert_text = """ ------BEGIN CERTIFICATE----- -PEM DATA ------END CERTIFICATE----- -""" - mst_payment_processor_client_cert = PemData.objects.create( - text=os.environ.get("MST_PAYMENT_PROCESSOR_CLIENT_CERT", dummy_cert_text), + text_secret_name="mst-payment-processor-client-cert", label="MST payment processor client certificate", ) mst_payment_processor_client_cert_private_key = PemData.objects.create( - text=os.environ.get("MST_PAYMENT_PROCESSOR_CLIENT_CERT_PRIVATE_KEY", client_private_key.text), + text_secret_name="mst-payment-processor-client-cert-private-key", label="MST payment processor client certificate private key", ) mst_payment_processor_client_cert_root_ca = PemData.objects.create( - text=os.environ.get("MST_PAYMENT_PROCESSOR_CLIENT_CERT_ROOT_CA", dummy_cert_text), + text_secret_name="mst-payment-processor-client-cert-root-ca", label="MST payment processor client certificate root CA", ) sacrt_payment_processor_client_cert = PemData.objects.create( - text=os.environ.get("SACRT_PAYMENT_PROCESSOR_CLIENT_CERT", dummy_cert_text), + text_secret_name="sacrt-payment-processor-client-cert", label="SacRT payment processor client certificate", ) sacrt_payment_processor_client_cert_private_key = PemData.objects.create( - text=os.environ.get("SACRT_PAYMENT_PROCESSOR_CLIENT_CERT_PRIVATE_KEY", client_private_key.text), + text_secret_name="sacrt-payment-processor-client-cert-private-key", label="SacRT payment processor client certificate private key", ) sacrt_payment_processor_client_cert_root_ca = PemData.objects.create( - text=os.environ.get("SACRT_PAYMENT_PROCESSOR_CLIENT_CERT_ROOT_CA", dummy_cert_text), + text_secret_name="sacrt-payment-processor-client-cert-root-ca", label="SacRT payment processor client certificate root CA", ) sbmtd_payment_processor_client_cert = PemData.objects.create( - text=os.environ.get("SBMTD_PAYMENT_PROCESSOR_CLIENT_CERT", dummy_cert_text), + text_secret_name="sbmtd-payment-processor-client-cert", label="SBMTD payment processor client certificate", ) sbmtd_payment_processor_client_cert_private_key = PemData.objects.create( - text=os.environ.get("SBMTD_PAYMENT_PROCESSOR_CLIENT_CERT_PRIVATE_KEY", client_private_key.text), + text_secret_name="sbmtd-payment-processor-client-cert-private-key", label="SBMTD payment processor client certificate private key", ) sbmtd_payment_processor_client_cert_root_ca = PemData.objects.create( - text=os.environ.get("SBMTD_PAYMENT_PROCESSOR_CLIENT_CERT_ROOT_CA", dummy_cert_text), + text_secret_name="sbmtd-payment-processor-client-cert-root-ca", label="SBMTD payment processor client certificate root CA", ) diff --git a/benefits/core/models.py b/benefits/core/models.py index 070b8ccb7..2280e55a1 100644 --- a/benefits/core/models.py +++ b/benefits/core/models.py @@ -2,6 +2,7 @@ The core application: Common model definitions. """ +from functools import cached_property import importlib import logging import re @@ -78,23 +79,31 @@ class PemData(models.Model): id = models.AutoField(primary_key=True) # Human description of the PEM data label = models.TextField() - # The data in utf-8 encoded PEM text format - text = models.TextField(null=True) + # The name of a secret with data in utf-8 encoded PEM text format + text_secret_name = SecretValueField(null=True) # Public URL hosting the utf-8 encoded PEM text remote_url = models.TextField(null=True) def __str__(self): return self.label - @property + @cached_property def data(self): - if self.text: - return self.text - elif self.remote_url: - self.text = requests.get(self.remote_url, timeout=settings.REQUESTS_TIMEOUT).text - - self.save() - return self.text + """ + Attempts to get data from `remote_url` or `text_secret_name`, with the latter taking precendence if both are defined. + """ + remote_data = None + secret_data = None + + if self.remote_url: + remote_data = requests.get(self.remote_url, timeout=settings.REQUESTS_TIMEOUT).text + if self.text_secret_name: + try: + secret_data = get_secret_by_name(self.text_secret_name) + except Exception: + secret_data = None + + return secret_data if secret_data is not None else remote_data class AuthProvider(models.Model): diff --git a/terraform/app_service.tf b/terraform/app_service.tf index 3a95f334f..a59e7dd30 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -106,19 +106,8 @@ resource "azurerm_linux_web_app" "main" { "SACRT_SENIOR_GROUP_ID" = "${local.secret_prefix}sacrt-senior-group-id)" "SBMTD_SENIOR_GROUP_ID" = "${local.secret_prefix}sbmtd-senior-group-id)", "SBMTD_MOBILITY_PASS_GROUP_ID" = "${local.secret_prefix}sbmtd-mobility-pass-group-id)" - "CLIENT_PRIVATE_KEY" = "${local.secret_prefix}client-private-key)" - "CLIENT_PUBLIC_KEY" = "${local.secret_prefix}client-public-key)" "MST_SERVER_PUBLIC_KEY_URL" = "${local.secret_prefix}mst-server-public-key-url)" "SBMTD_SERVER_PUBLIC_KEY_URL" = "${local.secret_prefix}sbmtd-server-public-key-url)" - "MST_PAYMENT_PROCESSOR_CLIENT_CERT" = "${local.secret_prefix}mst-payment-processor-client-cert)" - "MST_PAYMENT_PROCESSOR_CLIENT_CERT_PRIVATE_KEY" = "${local.secret_prefix}mst-payment-processor-client-cert-private-key)" - "MST_PAYMENT_PROCESSOR_CLIENT_CERT_ROOT_CA" = "${local.secret_prefix}mst-payment-processor-client-cert-root-ca)" - "SACRT_PAYMENT_PROCESSOR_CLIENT_CERT" = "${local.secret_prefix}sacrt-payment-processor-client-cert)" - "SACRT_PAYMENT_PROCESSOR_CLIENT_CERT_PRIVATE_KEY" = "${local.secret_prefix}sacrt-payment-processor-client-cert-private-key)" - "SACRT_PAYMENT_PROCESSOR_CLIENT_CERT_ROOT_CA" = "${local.secret_prefix}sacrt-payment-processor-client-cert-root-ca)" - "SBMTD_PAYMENT_PROCESSOR_CLIENT_CERT" = "${local.secret_prefix}sbmtd-payment-processor-client-cert)" - "SBMTD_PAYMENT_PROCESSOR_CLIENT_CERT_PRIVATE_KEY" = "${local.secret_prefix}sbmtd-payment-processor-client-cert-private-key)" - "SBMTD_PAYMENT_PROCESSOR_CLIENT_CERT_ROOT_CA" = "${local.secret_prefix}sbmtd-payment-processor-client-cert-root-ca)" "AUTH_PROVIDER_AUTHORITY" = "${local.secret_prefix}auth-provider-authority)" "SENIOR_AUTH_PROVIDER_CLIENT_NAME" = "${local.secret_prefix}senior-auth-provider-client-name)" "SENIOR_AUTH_PROVIDER_SCOPE" = "${local.secret_prefix}senior-auth-provider-scope)" diff --git a/tests/pytest/conftest.py b/tests/pytest/conftest.py index 920aaa9e3..cc62540bc 100644 --- a/tests/pytest/conftest.py +++ b/tests/pytest/conftest.py @@ -40,9 +40,7 @@ def mock_models_get_secret_by_name(mocker): @pytest.fixture def model_PemData(): - data = PemData.objects.create( - text="-----BEGIN PUBLIC KEY-----\nPEM DATA\n-----END PUBLIC KEY-----\n", label="Test public key" - ) + data = PemData.objects.create(text_secret_name="pem-secret-data", label="Test public key") return data diff --git a/tests/pytest/core/test_models.py b/tests/pytest/core/test_models.py index 8f959ddef..ee8345213 100644 --- a/tests/pytest/core/test_models.py +++ b/tests/pytest/core/test_models.py @@ -6,6 +6,12 @@ from benefits.core.models import SecretNameValidator, SecretValueField, EligibilityType, EligibilityVerifier, TransitAgency +@pytest.fixture +def mock_requests_get_pem_data(mocker): + # intercept and spy on the GET request + return mocker.patch("benefits.core.models.requests.get", return_value=mocker.Mock(text="PEM text")) + + @pytest.mark.parametrize( "secret_name", [ @@ -59,27 +65,58 @@ def test_PemData_str(model_PemData): @pytest.mark.django_db -def test_PemData_data_text(model_PemData): - assert model_PemData.text - assert model_PemData.data == model_PemData.text +def test_PemData_data_text_secret_name(model_PemData, mock_models_get_secret_by_name): + # a secret name and not remote URL, should use secret value + + data = model_PemData.data + + mock_models_get_secret_by_name.assert_called_once_with(model_PemData.text_secret_name) + assert data == mock_models_get_secret_by_name.return_value @pytest.mark.django_db -def test_PemData_data_remote(model_PemData, mocker): - model_PemData.text = None +def test_PemData_data_remote(model_PemData, mock_requests_get_pem_data): + # a remote URL and no secret name, should use remote value + + model_PemData.text_secret_name = None model_PemData.remote_url = "http://localhost/publickey" - # intercept and spy on the GET request - requests_spy = mocker.patch("benefits.core.models.requests.get", return_value=mocker.Mock(text="PEM text")) + assert not model_PemData.text_secret_name + + data = model_PemData.data + + mock_requests_get_pem_data.assert_called_once_with(model_PemData.remote_url, timeout=settings.REQUESTS_TIMEOUT) + assert data == mock_requests_get_pem_data.return_value.text + - assert not model_PemData.text +@pytest.mark.django_db +def test_PemData_data_text_secret_name_and_remote__uses_text_secret( + model_PemData, mock_models_get_secret_by_name, mock_requests_get_pem_data +): + # a remote URL and the secret value is not None, should use the secret value + + model_PemData.remote_url = "http://localhost/publickey" + + data = model_PemData.data + + mock_models_get_secret_by_name.assert_called_once_with(model_PemData.text_secret_name) + mock_requests_get_pem_data.assert_called_once_with(model_PemData.remote_url, timeout=settings.REQUESTS_TIMEOUT) + assert data == mock_models_get_secret_by_name.return_value + + +@pytest.mark.django_db +def test_PemData_data_text_secret_name_and_remote__uses_remote( + model_PemData, mock_models_get_secret_by_name, mock_requests_get_pem_data +): + # a remote URL and the secret value is None, should use remote value + model_PemData.remote_url = "http://localhost/publickey" + mock_models_get_secret_by_name.return_value = None data = model_PemData.data - assert model_PemData.text - assert data == "PEM text" - assert data == model_PemData.text - requests_spy.assert_called_once_with(model_PemData.remote_url, timeout=settings.REQUESTS_TIMEOUT) + mock_models_get_secret_by_name.assert_called_once_with(model_PemData.text_secret_name) + mock_requests_get_pem_data.assert_called_once_with(model_PemData.remote_url, timeout=settings.REQUESTS_TIMEOUT) + assert data == mock_requests_get_pem_data.return_value.text @pytest.mark.django_db From bce9ab32c41b8eab285ac7f576b15d32b96c5b39 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 8 Feb 2024 00:53:16 +0000 Subject: [PATCH 045/114] refactor(secrets): enforce name validation in helper function --- benefits/core/migrations/0001_initial.py | 9 ++-- benefits/core/models.py | 31 +----------- benefits/secrets.py | 29 ++++++++++++ tests/pytest/core/test_models.py | 41 ++-------------- tests/pytest/test_secrets.py | 60 ++++++++++++++++++++++-- 5 files changed, 95 insertions(+), 75 deletions(-) diff --git a/benefits/core/migrations/0001_initial.py b/benefits/core/migrations/0001_initial.py index db5f9936d..5eaa52e69 100644 --- a/benefits/core/migrations/0001_initial.py +++ b/benefits/core/migrations/0001_initial.py @@ -1,6 +1,7 @@ # Generated by Django 5.0.1 on 2024-02-06 18:09 import benefits.core.models +import benefits.secrets import django.db.models.deletion from django.db import migrations, models @@ -21,9 +22,7 @@ class Migration(migrations.Migration): ("client_name", models.TextField()), ( "client_id_secret_name", - benefits.core.models.SecretValueField( - max_length=127, validators=[benefits.core.models.SecretNameValidator()] - ), + benefits.core.models.SecretValueField(max_length=127, validators=[benefits.secrets.SecretNameValidator()]), ), ("authority", models.TextField()), ("scope", models.TextField(null=True)), @@ -51,7 +50,7 @@ class Migration(migrations.Migration): ( "api_auth_key_secret_name", benefits.core.models.SecretValueField( - max_length=127, null=True, validators=[benefits.core.models.SecretNameValidator()] + max_length=127, null=True, validators=[benefits.secrets.SecretNameValidator()] ), ), ("jwe_cek_enc", models.TextField(null=True)), @@ -96,7 +95,7 @@ class Migration(migrations.Migration): ( "text_secret_name", benefits.core.models.SecretValueField( - max_length=127, null=True, validators=[benefits.core.models.SecretNameValidator()] + max_length=127, null=True, validators=[benefits.secrets.SecretNameValidator()] ), ), ], diff --git a/benefits/core/models.py b/benefits/core/models.py index 2280e55a1..7f5124447 100644 --- a/benefits/core/models.py +++ b/benefits/core/models.py @@ -5,44 +5,19 @@ from functools import cached_property import importlib import logging -import re -from django.core.validators import RegexValidator from django.conf import settings from django.db import models from django.urls import reverse import requests -from benefits.secrets import get_secret_by_name +from benefits.secrets import NAME_VALIDATOR, get_secret_by_name logger = logging.getLogger(__name__) -class SecretNameValidator(RegexValidator): - """RegexValidator that validates a secret name. - - Azure KeyVault currently enforces the following rules: - - * The value must be between 1 and 127 characters long. - * Secret names can only contain alphanumeric characters and dashes. - - Read more about Azure KeyVault naming rules: - https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftkeyvault - - Read more about Django validators: - https://docs.djangoproject.com/en/5.0/ref/validators/#module-django.core.validators - """ - - def __init__(self, *args, **kwargs): - kwargs["regex"] = re.compile(r"^[-a-zA-Z0-9]{1,127}$", re.ASCII) - kwargs["message"] = ( - "Enter a valid secret name of between 1-127 alphanumeric ASCII characters and the hyphen character only." - ) - super().__init__(*args, **kwargs) - - class SecretValueField(models.SlugField): """Field that handles retrieving a value from a secret store. @@ -51,8 +26,6 @@ class SecretValueField(models.SlugField): The secret value itself MUST NEVER be stored in this field. """ - NAME_VALIDATOR = SecretNameValidator() - description = """Field that handles retrieving a value from a secret store. The field value is the name of the secret to be retrieved. Must be between 1-127 alphanumeric ASCII characters or hyphen @@ -62,7 +35,7 @@ class SecretValueField(models.SlugField): """ def __init__(self, *args, **kwargs): - kwargs["validators"] = [self.NAME_VALIDATOR] + kwargs["validators"] = [NAME_VALIDATOR] # although the validator also checks for a max length of 127 # this setting enforces the length at the database column level as well kwargs["max_length"] = 127 diff --git a/benefits/secrets.py b/benefits/secrets.py index 293b6d909..0d1668d5e 100644 --- a/benefits/secrets.py +++ b/benefits/secrets.py @@ -1,11 +1,13 @@ import logging import os +import re import sys from azure.core.exceptions import ClientAuthenticationError from azure.identity import DefaultAzureCredential from azure.keyvault.secrets import SecretClient from django.conf import settings +from django.core.validators import RegexValidator logger = logging.getLogger(__name__) @@ -13,11 +15,38 @@ KEY_VAULT_URL = "https://kv-cdt-pub-calitp-{env}-001.vault.azure.net/" +class SecretNameValidator(RegexValidator): + """RegexValidator that validates a secret name. + + Azure KeyVault currently enforces the following rules: + + * The value must be between 1 and 127 characters long. + * Secret names can only contain alphanumeric characters and dashes. + + Read more about Azure KeyVault naming rules: + https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules#microsoftkeyvault + + Read more about Django validators: + https://docs.djangoproject.com/en/5.0/ref/validators/#module-django.core.validators + """ + + def __init__(self, *args, **kwargs): + kwargs["regex"] = re.compile(r"^[-a-zA-Z0-9]{1,127}$", re.ASCII) + kwargs["message"] = ( + "Enter a valid secret name of between 1-127 alphanumeric ASCII characters and the hyphen character only." + ) + super().__init__(*args, **kwargs) + + +NAME_VALIDATOR = SecretNameValidator() + + def get_secret_by_name(secret_name, client=None): """Read a value from the secret store, currently Azure KeyVault. When `settings.RUNTIME_ENVIRONMENT() == "local"`, reads from the environment instead. """ + NAME_VALIDATOR(secret_name) runtime_env = settings.RUNTIME_ENVIRONMENT() diff --git a/tests/pytest/core/test_models.py b/tests/pytest/core/test_models.py index ee8345213..8637fde50 100644 --- a/tests/pytest/core/test_models.py +++ b/tests/pytest/core/test_models.py @@ -1,9 +1,9 @@ from django.conf import settings -from django.core.exceptions import ValidationError import pytest -from benefits.core.models import SecretNameValidator, SecretValueField, EligibilityType, EligibilityVerifier, TransitAgency +from benefits.core.models import SecretValueField, EligibilityType, EligibilityVerifier, TransitAgency +import benefits.secrets @pytest.fixture @@ -12,45 +12,10 @@ def mock_requests_get_pem_data(mocker): return mocker.patch("benefits.core.models.requests.get", return_value=mocker.Mock(text="PEM text")) -@pytest.mark.parametrize( - "secret_name", - [ - "a", - "1", - "one", - "one-two-three", - "1-2-3", - "this-is-a-really-long-secret-name-in-fact-it-is-the-absolute-maximum-length-of-127-characters-to-be-exact-and-now-it-has-enough", # noqa: E501 - ], -) -def test_SecretNameValidator_valid(secret_name): - validator = SecretNameValidator() - - # a successful validation does not raise an Exception and returns None - assert validator(secret_name) is None - - -@pytest.mark.parametrize( - "secret_name", - [ - "", - "!", - "underscores_not_allowed", - "this-is-a-really-long-secret-name-in-fact-it-much-much-longer-than-the-absolute-maximum-length-of-127-characters-and-now-it-has-enough-to-be-too-long", # noqa: E501 - ], -) -def test_SecretNameValidator_invalid(secret_name): - validator = SecretNameValidator() - - # an unsuccessful validation raises django.core.exceptions.ValidationError - with pytest.raises(ValidationError): - validator(secret_name) - - def test_SecretValueField_init(): field = SecretValueField() - assert SecretValueField.NAME_VALIDATOR in field.validators + assert benefits.secrets.NAME_VALIDATOR in field.validators assert field.max_length == 127 assert field.blank is False assert field.null is False diff --git a/tests/pytest/test_secrets.py b/tests/pytest/test_secrets.py index 1029538b0..0d4341530 100644 --- a/tests/pytest/test_secrets.py +++ b/tests/pytest/test_secrets.py @@ -1,7 +1,8 @@ -import pytest from azure.core.exceptions import ClientAuthenticationError +from django.core.exceptions import ValidationError +import pytest -from benefits.secrets import KEY_VAULT_URL, get_secret_by_name +from benefits.secrets import KEY_VAULT_URL, SecretNameValidator, NAME_VALIDATOR, get_secret_by_name @pytest.fixture(autouse=True) @@ -14,7 +15,7 @@ def mock_DefaultAzureCredential(mocker): @pytest.fixture def secret_name(): - return "the secret name" + return "the-secret-name" @pytest.fixture @@ -22,6 +23,59 @@ def secret_value(): return "the secret value" +@pytest.mark.parametrize( + "secret_name", + [ + "a", + "1", + "one", + "one-two-three", + "1-2-3", + "this-is-a-really-long-secret-name-in-fact-it-is-the-absolute-maximum-length-of-127-characters-to-be-exact-and-now-it-has-enough", # noqa: E501 + ], +) +def test_SecretNameValidator_valid(secret_name): + validator = SecretNameValidator() + + # a successful validation does not raise an Exception and returns None + assert validator(secret_name) is None + assert NAME_VALIDATOR(secret_name) is None + + +@pytest.mark.parametrize( + "secret_name", + [ + "", + "!", + "underscores_not_allowed", + "this-is-a-really-long-secret-name-in-fact-it-much-much-longer-than-the-absolute-maximum-length-of-127-characters-and-now-it-has-enough-to-be-too-long", # noqa: E501 + ], +) +def test_SecretNameValidator_invalid(secret_name): + validator = SecretNameValidator() + + # an unsuccessful validation raises django.core.exceptions.ValidationError + with pytest.raises(ValidationError): + validator(secret_name) + + with pytest.raises(ValidationError): + NAME_VALIDATOR(secret_name) + + +@pytest.mark.parametrize( + "secret_name", + [ + "", + "!", + "underscores_not_allowed", + "this-is-a-really-long-secret-name-in-fact-it-much-much-longer-than-the-absolute-maximum-length-of-127-characters-and-now-it-has-enough-to-be-too-long", # noqa: E501 + ], +) +def test_get_secret_by_name__invalid_name(secret_name): + with pytest.raises(ValidationError): + get_secret_by_name(secret_name) + + @pytest.mark.parametrize("runtime_env", ["dev", "test", "prod"]) def test_get_secret_by_name__with_client__returns_secret_value(mocker, runtime_env, settings, secret_name, secret_value): settings.RUNTIME_ENVIRONMENT = lambda: runtime_env From 4ae08a91c3d672208c8a73aa5d97f8df8aa7d64f Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 8 Feb 2024 01:04:13 +0000 Subject: [PATCH 046/114] fix(secrets): env vars can't contain hyphens --- benefits/secrets.py | 3 ++- tests/pytest/test_secrets.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/benefits/secrets.py b/benefits/secrets.py index 0d1668d5e..08de13692 100644 --- a/benefits/secrets.py +++ b/benefits/secrets.py @@ -52,7 +52,8 @@ def get_secret_by_name(secret_name, client=None): if runtime_env == "local": logger.debug("Runtime environment is local, reading from environment instead of Azure KeyVault.") - return os.environ.get(secret_name) + env_secret_name = secret_name.replace("-", "_") + return os.environ.get(env_secret_name) elif client is None: # construct the KeyVault URL from the runtime environment diff --git a/tests/pytest/test_secrets.py b/tests/pytest/test_secrets.py index 0d4341530..53359a982 100644 --- a/tests/pytest/test_secrets.py +++ b/tests/pytest/test_secrets.py @@ -142,6 +142,7 @@ def test_get_secret_by_name__local__returns_environment_variable(mocker, setting settings.RUNTIME_ENVIRONMENT = lambda: "local" env_spy = mocker.patch("benefits.secrets.os.environ.get", return_value=secret_value) + env_secret_name = secret_name.replace("-", "_") client_cls = mocker.patch("benefits.secrets.SecretClient") client = client_cls.return_value @@ -149,5 +150,5 @@ def test_get_secret_by_name__local__returns_environment_variable(mocker, setting client_cls.assert_not_called() client.get_secret.assert_not_called() - env_spy.assert_called_once_with(secret_name) + env_spy.assert_called_once_with(env_secret_name) assert actual_value == secret_value From 0caa85143a65d31035c60b74aeb70cd995050c8d Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 8 Feb 2024 01:28:03 +0000 Subject: [PATCH 047/114] fix(ci): start from the .env.sample --- .github/workflows/tests-cypress.yml | 2 +- .github/workflows/tests-ui.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests-cypress.yml b/.github/workflows/tests-cypress.yml index 17420a0c0..eaaa1f222 100644 --- a/.github/workflows/tests-cypress.yml +++ b/.github/workflows/tests-cypress.yml @@ -15,7 +15,7 @@ jobs: - name: Start app run: | - touch .env + cp .env.sample .env docker compose up --detach client server - name: Run Cypress tests diff --git a/.github/workflows/tests-ui.yml b/.github/workflows/tests-ui.yml index ffb5f6858..f7020e1be 100644 --- a/.github/workflows/tests-ui.yml +++ b/.github/workflows/tests-ui.yml @@ -18,7 +18,7 @@ jobs: - name: Start app run: | - touch .env + cp .env.sample .env docker compose up --detach client - name: Run Lighthouse tests for a11y From 3721d8c9a953fa4405c3532afe73f0c95a3475d2 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 8 Feb 2024 01:49:14 +0000 Subject: [PATCH 048/114] refactor(models): rename secret field for clarity --- benefits/core/migrations/0001_initial.py | 6 +++--- benefits/core/models.py | 17 +++++++---------- tests/pytest/core/test_models.py | 6 +++--- 3 files changed, 13 insertions(+), 16 deletions(-) diff --git a/benefits/core/migrations/0001_initial.py b/benefits/core/migrations/0001_initial.py index 5eaa52e69..1d7ec7edc 100644 --- a/benefits/core/migrations/0001_initial.py +++ b/benefits/core/migrations/0001_initial.py @@ -22,7 +22,7 @@ class Migration(migrations.Migration): ("client_name", models.TextField()), ( "client_id_secret_name", - benefits.core.models.SecretValueField(max_length=127, validators=[benefits.secrets.SecretNameValidator()]), + benefits.core.models.SecretNameField(max_length=127, validators=[benefits.secrets.SecretNameValidator()]), ), ("authority", models.TextField()), ("scope", models.TextField(null=True)), @@ -49,7 +49,7 @@ class Migration(migrations.Migration): ("api_auth_header", models.TextField(null=True)), ( "api_auth_key_secret_name", - benefits.core.models.SecretValueField( + benefits.core.models.SecretNameField( max_length=127, null=True, validators=[benefits.secrets.SecretNameValidator()] ), ), @@ -94,7 +94,7 @@ class Migration(migrations.Migration): ("remote_url", models.TextField(null=True)), ( "text_secret_name", - benefits.core.models.SecretValueField( + benefits.core.models.SecretNameField( max_length=127, null=True, validators=[benefits.secrets.SecretNameValidator()] ), ), diff --git a/benefits/core/models.py b/benefits/core/models.py index 7f5124447..8473fc2cc 100644 --- a/benefits/core/models.py +++ b/benefits/core/models.py @@ -18,18 +18,15 @@ logger = logging.getLogger(__name__) -class SecretValueField(models.SlugField): - """Field that handles retrieving a value from a secret store. - - The field value is the name of the secret to be retrieved. +class SecretNameField(models.SlugField): + """Field that stores the name of a secret held in a secret store. The secret value itself MUST NEVER be stored in this field. """ - description = """Field that handles retrieving a value from a secret store. + description = """Field that stores the name of a secret held in a secret store. - The field value is the name of the secret to be retrieved. Must be between 1-127 alphanumeric ASCII characters or hyphen - characters. + Secret names must be between 1-127 alphanumeric ASCII characters or hyphen characters. The secret value itself MUST NEVER be stored in this field. """ @@ -53,7 +50,7 @@ class PemData(models.Model): # Human description of the PEM data label = models.TextField() # The name of a secret with data in utf-8 encoded PEM text format - text_secret_name = SecretValueField(null=True) + text_secret_name = SecretNameField(null=True) # Public URL hosting the utf-8 encoded PEM text remote_url = models.TextField(null=True) @@ -86,7 +83,7 @@ class AuthProvider(models.Model): sign_out_button_template = models.TextField(null=True) sign_out_link_template = models.TextField(null=True) client_name = models.TextField() - client_id_secret_name = SecretValueField() + client_id_secret_name = SecretNameField() authority = models.TextField() scope = models.TextField(null=True) claim = models.TextField(null=True) @@ -144,7 +141,7 @@ class EligibilityVerifier(models.Model): active = models.BooleanField(default=False) api_url = models.TextField(null=True) api_auth_header = models.TextField(null=True) - api_auth_key_secret_name = SecretValueField(null=True) + api_auth_key_secret_name = SecretNameField(null=True) eligibility_type = models.ForeignKey(EligibilityType, on_delete=models.PROTECT) # public key is used to encrypt requests targeted at this Verifier and to verify signed responses from this verifier public_key = models.ForeignKey(PemData, related_name="+", on_delete=models.PROTECT, null=True) diff --git a/tests/pytest/core/test_models.py b/tests/pytest/core/test_models.py index 8637fde50..2069b4d22 100644 --- a/tests/pytest/core/test_models.py +++ b/tests/pytest/core/test_models.py @@ -2,7 +2,7 @@ import pytest -from benefits.core.models import SecretValueField, EligibilityType, EligibilityVerifier, TransitAgency +from benefits.core.models import SecretNameField, EligibilityType, EligibilityVerifier, TransitAgency import benefits.secrets @@ -12,8 +12,8 @@ def mock_requests_get_pem_data(mocker): return mocker.patch("benefits.core.models.requests.get", return_value=mocker.Mock(text="PEM text")) -def test_SecretValueField_init(): - field = SecretValueField() +def test_SecretNameField_init(): + field = SecretNameField() assert benefits.secrets.NAME_VALIDATOR in field.validators assert field.max_length == 127 From cd8bf53d7743802e4413222eb12c955c57b41746 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Wed, 7 Feb 2024 23:42:46 -0800 Subject: [PATCH 049/114] chore(terraform): update lock file after init --- terraform/.terraform.lock.hcl | 1 + 1 file changed, 1 insertion(+) diff --git a/terraform/.terraform.lock.hcl b/terraform/.terraform.lock.hcl index ac67d9d3f..515d05263 100644 --- a/terraform/.terraform.lock.hcl +++ b/terraform/.terraform.lock.hcl @@ -5,6 +5,7 @@ provider "registry.terraform.io/hashicorp/azurerm" { version = "3.37.0" constraints = "~> 3.0" hashes = [ + "h1:83XTgyPKUKt706IjTLHo9HL0KN5m+DwmSKuVQv6dNb4=", "h1:tD9TmGFgYV/oxZQu0pXuA46H+ML9nALCDwFqoaETjGg=", "h1:yBkhudX4uTCZAUU85SVr10C40bVlK6kAVGU6IiTUWSU=", "zh:2a7bda0b7679d1c791c762103a22f333b544b6e6776c4177f33bafc9cc28c919", From a7a5f54a7638bb6c7f8d35293050b2349593cf3a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Feb 2024 21:19:17 +0000 Subject: [PATCH 050/114] chore(deps-dev): bump sentry-sdk from 1.40.2 to 1.40.3 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.40.2 to 1.40.3. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-python/compare/1.40.2...1.40.3) --- updated-dependencies: - dependency-name: sentry-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 68c0ce508..918ab94d0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -15,7 +15,7 @@ dependencies = [ "django-google-sso==5.0.0", "eligibility-api==2023.9.1", "requests==2.31.0", - "sentry-sdk==1.40.2", + "sentry-sdk==1.40.3", "six==1.16.0", ] From 8523ec9f11a76744b169a638fb4275ccf4ac1873 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 14:25:37 -0800 Subject: [PATCH 051/114] Update docs/enrollment-pathways/Low-income.md formatting Co-authored-by: machiko --- docs/enrollment-pathways/Low-income.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/Low-income.md index 09e7b6063..fef3a8ab5 100644 --- a/docs/enrollment-pathways/Low-income.md +++ b/docs/enrollment-pathways/Low-income.md @@ -10,7 +10,7 @@ This use case describes a feature in the[ Cal-ITP Benefits app](https://benefits **Precondition:** The California transit operator offers fixed route service, has installed and tested validator hardware necessary to collect fares using contactless payment on bus or rail lines, and the operator has a policy in place to offer a transit discount to low-income riders. -## **Basic Flow** +## Basic Flow 1. The transit rider visits the web application at [benefits.calitp.org](benefits.calitp.org) in a browser on their desktop computer. From d6bebe20e04883b42eaf5a7367337762d55752d6 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 14:28:48 -0800 Subject: [PATCH 052/114] Update docs/enrollment-pathways/Low-income.md remove link to application Co-authored-by: machiko --- docs/enrollment-pathways/Low-income.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/Low-income.md index fef3a8ab5..8d3db8c3c 100644 --- a/docs/enrollment-pathways/Low-income.md +++ b/docs/enrollment-pathways/Low-income.md @@ -2,7 +2,7 @@ ## Overview -This use case describes a feature in the[ Cal-ITP Benefits app](https://benefits.calitp.org) that allows Californians to verify their active participation in the CalFresh Program—as a proxy for low-income status—to receive reduced fares for transit when paying by contactless debit or credit card at participating transit operators in California. +This use case describes a feature in the Cal-ITP Benefits app that allows Californians to verify their active participation in the CalFresh Program—as a proxy for low-income status—to receive reduced fares for transit when paying by contactless debit or credit card at participating transit operators in California. **Actor:** A person who uses public transit in California. For benefit eligibility, a “low-income rider” is a person who has received [CalFresh benefits](https://www.cdss.ca.gov/food-nutrition/calfresh) in any of the previous three months. From 3a490c08d082eb0348a0e50d68ab9464d89c128c Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 14:30:16 -0800 Subject: [PATCH 053/114] Update docs/enrollment-pathways/Low-income.md remove link to application Co-authored-by: machiko --- docs/enrollment-pathways/Low-income.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/Low-income.md index 8d3db8c3c..02e176ffc 100644 --- a/docs/enrollment-pathways/Low-income.md +++ b/docs/enrollment-pathways/Low-income.md @@ -32,7 +32,7 @@ This use case describes a feature in the Cal-ITP Benefits app that allows Califo ## **Alternative Flows** -- Suppose the transit rider does not have a desktop computer. In this case, they open the web application at [benefits.calitp.org](benefits.calitp.org) in a mobile browser on their iOS or Android tablet or mobile device to complete enrollment using the basic flow. +- Suppose the transit rider does not have a desktop computer. In this case, they open the web application at `benefits.calitp.org` in a mobile browser on their iOS or Android tablet or mobile device to complete enrollment using the basic flow. - Suppose the transit rider cannot authenticate with [Login.gov](Login.gov), or will not create an account. In either case, the app cannot determine their Calfresh Program participation status and they cannot enroll their contactless debit or credit card for a reduced fare. From deb0fbb60fbcf3345cf9e978b2bed6643574c14b Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 14:30:56 -0800 Subject: [PATCH 054/114] Update docs/enrollment-pathways/Low-income.md adding code syntax for response formatting Co-authored-by: machiko --- docs/enrollment-pathways/Low-income.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/Low-income.md index 02e176ffc..276ab843f 100644 --- a/docs/enrollment-pathways/Low-income.md +++ b/docs/enrollment-pathways/Low-income.md @@ -36,7 +36,7 @@ This use case describes a feature in the Cal-ITP Benefits app that allows Califo - Suppose the transit rider cannot authenticate with [Login.gov](Login.gov), or will not create an account. In either case, the app cannot determine their Calfresh Program participation status and they cannot enroll their contactless debit or credit card for a reduced fare. -- Suppose the CDT Identity Gateway returns a status of FALSE for Calfresh Program participation status. In that case, the Cal-ITP Benefits app will not allow the transit rider to enroll their contactless debit or credit card for a reduced fare. +- Suppose the IdG returns a status of `FALSE` for CalFresh Program participation status. In that case, the Cal-ITP Benefits app will not allow the transit rider to enroll their contactless debit or credit card for a reduced fare. - Suppose the debit or credit card expires or is canceled by the issuer. In that case, the transit rider must repeat the basic flow to register a new debit or credit card. From 4c10d2c6a4bddd4638415d2693b0b933705742da Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 14:33:46 -0800 Subject: [PATCH 055/114] Update docs/enrollment-pathways/Low-income.md remove link to application Co-authored-by: machiko --- docs/enrollment-pathways/Low-income.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/Low-income.md index 276ab843f..029927d3b 100644 --- a/docs/enrollment-pathways/Low-income.md +++ b/docs/enrollment-pathways/Low-income.md @@ -72,4 +72,4 @@ The transit rider receives a fare reduction each time they use the debit or cred A Calfresh Program participant uses public transit regularly. They don’t have a car and depend on buses to get to appointments and do errands that take too long to use their bicycle. Even though this person already qualifies for benefits from the California Department of Social Services, they had to navigate another extensive, in-person eligibility process with different requirements to qualify for reduced fares from their local transit agency. They now receive a 50% fare reduction but have to pay for transit rides using the closed loop card provided by the operator to receive the reduced fare. It’s frustrating and inconvenient to reload this closed loop card in $10 payments every week, especially because they sometimes they could use the money tied up on the card to make ends meet. In summary, this person pays for daily expenses using three forms of payment: their EBT card for eligibles items, their agency card for transportation, and their bank card for everything else. -The transit operator serving their region of California implements contactless payments on fixed bus routes throughout the service area. This rider uses [benefits.calitp.org](benefits.calitp.org) on their mobile device to confirm their participation in the CalFresh Program offered by CDSS and registers their debit card for reduced fares. They tap to pay when boarding buses in their area and are automatically charged the reduced fare. While they still need to manage funds on their EBT card *and* their bank card, they no longer need to use their transit operator card to pay for transit. Best of all, they have complete access to all funds in their weekly budget. If other expenses are higher one week, they can allocate additional funds to those areas and ride transit less. +The transit operator serving their region of California implements contactless payments on fixed bus routes throughout the service area. This rider uses `benefits.calitp.org` on their mobile device to confirm their participation in the CalFresh Program offered by CDSS and registers their debit card for reduced fares. They tap to pay when boarding buses in their area and are automatically charged the reduced fare. While they still need to manage funds on their EBT card *and* their bank card, they no longer need to use their transit operator card to pay for transit. Best of all, they have complete access to all funds in their weekly budget. If other expenses are higher one week, they can allocate additional funds to those areas and ride transit less. From bd70f889b5c83809e5ab55ae36dd52aa37ca38f5 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 14:34:09 -0800 Subject: [PATCH 056/114] Update docs/enrollment-pathways/Low-income.md remove link to application Co-authored-by: machiko --- docs/enrollment-pathways/Low-income.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/Low-income.md index 029927d3b..24b1b140b 100644 --- a/docs/enrollment-pathways/Low-income.md +++ b/docs/enrollment-pathways/Low-income.md @@ -12,7 +12,7 @@ This use case describes a feature in the Cal-ITP Benefits app that allows Califo ## Basic Flow -1. The transit rider visits the web application at [benefits.calitp.org](benefits.calitp.org) in a browser on their desktop computer. +1. The transit rider visits the web application at `benefits.calitp.org` in a browser on their desktop computer. 2. The transit rider chooses the transit operator that serves their area. From c1bed4e7c6b171dda63a3a1536d954fe2aac1fdc Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 14:37:46 -0800 Subject: [PATCH 057/114] Update docs/enrollment-pathways/Low-income.md clarifying acronym Co-authored-by: machiko --- docs/enrollment-pathways/Low-income.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/Low-income.md index 24b1b140b..a1d7bd588 100644 --- a/docs/enrollment-pathways/Low-income.md +++ b/docs/enrollment-pathways/Low-income.md @@ -70,6 +70,6 @@ The transit rider receives a fare reduction each time they use the debit or cred ## **Example Scenario** -A Calfresh Program participant uses public transit regularly. They don’t have a car and depend on buses to get to appointments and do errands that take too long to use their bicycle. Even though this person already qualifies for benefits from the California Department of Social Services, they had to navigate another extensive, in-person eligibility process with different requirements to qualify for reduced fares from their local transit agency. They now receive a 50% fare reduction but have to pay for transit rides using the closed loop card provided by the operator to receive the reduced fare. It’s frustrating and inconvenient to reload this closed loop card in $10 payments every week, especially because they sometimes they could use the money tied up on the card to make ends meet. In summary, this person pays for daily expenses using three forms of payment: their EBT card for eligibles items, their agency card for transportation, and their bank card for everything else. +A CalFresh Program participant uses public transit regularly. They don’t have a car and depend on buses to get to appointments and do errands that take too long to use their bicycle. Even though this person already qualifies for benefits from the California Department of Social Services, they had to navigate another extensive, in-person eligibility process with different requirements to qualify for reduced fares from their local transit agency. They now receive a 50% fare reduction but have to pay for transit rides using the closed loop card provided by the operator to receive the reduced fare. It’s frustrating and inconvenient to reload this closed loop card in $10 payments every week, especially because they sometimes they could use the money tied up on the card to make ends meet. In summary, this person pays for daily expenses using three forms of payment: their Electronic Benefits Transfer (EBT) card for eligible items, their agency card for transportation, and their bank card (or cash) for everything else. The transit operator serving their region of California implements contactless payments on fixed bus routes throughout the service area. This rider uses `benefits.calitp.org` on their mobile device to confirm their participation in the CalFresh Program offered by CDSS and registers their debit card for reduced fares. They tap to pay when boarding buses in their area and are automatically charged the reduced fare. While they still need to manage funds on their EBT card *and* their bank card, they no longer need to use their transit operator card to pay for transit. Best of all, they have complete access to all funds in their weekly budget. If other expenses are higher one week, they can allocate additional funds to those areas and ride transit less. From 633a6e6db83a07feecae658709514683483dc342 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 14:48:52 -0800 Subject: [PATCH 058/114] Update docs/enrollment-pathways/Low-income.md capitalization Co-authored-by: machiko --- docs/enrollment-pathways/Low-income.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/Low-income.md index a1d7bd588..6caf7c014 100644 --- a/docs/enrollment-pathways/Low-income.md +++ b/docs/enrollment-pathways/Low-income.md @@ -20,7 +20,7 @@ This use case describes a feature in the Cal-ITP Benefits app that allows Califo 4. The transit rider authenticates with their existing [Login.gov](Login.gov) account or, if they don’t have one, creates a [Login.gov](Login.gov) account. -5. The Cal-ITP Benefits app interfaces with the [California Department of Transportation](https://dot.ca.gov/) Identity Gateway (IdG) to verify benefit eligibility. The IdG uses personal information shared by [Login.gov](Login.gov) to verify Calfresh participation status. +5. The Cal-ITP Benefits app interfaces with the [California Department of Transportation](https://dot.ca.gov/) Identity Gateway (IdG) to verify benefit eligibility. The IdG uses personal information shared by [Login.gov](Login.gov) to verify CalFresh participation status. 6. The IdG uses the response provided by the California Department of Social Services (CDSS) to determine the rider’s eligibility for a transit benefit. From ea09cec510baaf7d431f9edabfc261c4b119cbe8 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 14:49:17 -0800 Subject: [PATCH 059/114] Update docs/enrollment-pathways/Low-income.md capitalization Co-authored-by: machiko --- docs/enrollment-pathways/Low-income.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/Low-income.md index 6caf7c014..4482a2719 100644 --- a/docs/enrollment-pathways/Low-income.md +++ b/docs/enrollment-pathways/Low-income.md @@ -34,7 +34,7 @@ This use case describes a feature in the Cal-ITP Benefits app that allows Califo - Suppose the transit rider does not have a desktop computer. In this case, they open the web application at `benefits.calitp.org` in a mobile browser on their iOS or Android tablet or mobile device to complete enrollment using the basic flow. -- Suppose the transit rider cannot authenticate with [Login.gov](Login.gov), or will not create an account. In either case, the app cannot determine their Calfresh Program participation status and they cannot enroll their contactless debit or credit card for a reduced fare. +- Suppose the transit rider cannot authenticate with [Login.gov](Login.gov), or will not create an account. In either case, the app cannot determine their CalFresh Program participation status and they cannot enroll their contactless debit or credit card for a reduced fare. - Suppose the IdG returns a status of `FALSE` for CalFresh Program participation status. In that case, the Cal-ITP Benefits app will not allow the transit rider to enroll their contactless debit or credit card for a reduced fare. From d0ed1bdee732b8a0fb1b08376598d6daa31c7722 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 14:53:09 -0800 Subject: [PATCH 060/114] Rename Low-income.md to low-income.md --- docs/enrollment-pathways/{Low-income.md => low-income.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename docs/enrollment-pathways/{Low-income.md => low-income.md} (100%) diff --git a/docs/enrollment-pathways/Low-income.md b/docs/enrollment-pathways/low-income.md similarity index 100% rename from docs/enrollment-pathways/Low-income.md rename to docs/enrollment-pathways/low-income.md From 73e0129db5166a4afa1be7dc2c134f003589b6f4 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 14:54:23 -0800 Subject: [PATCH 061/114] Update low-income.md removed extraneous bolding on headings --- docs/enrollment-pathways/low-income.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/enrollment-pathways/low-income.md b/docs/enrollment-pathways/low-income.md index 4482a2719..0002c88c9 100644 --- a/docs/enrollment-pathways/low-income.md +++ b/docs/enrollment-pathways/low-income.md @@ -30,7 +30,7 @@ This use case describes a feature in the Cal-ITP Benefits app that allows Califo 9. The app registers the low-income benefit with the transit rider’s debit or credit card. -## **Alternative Flows** +## Alternative Flows - Suppose the transit rider does not have a desktop computer. In this case, they open the web application at `benefits.calitp.org` in a mobile browser on their iOS or Android tablet or mobile device to complete enrollment using the basic flow. @@ -48,11 +48,11 @@ This use case describes a feature in the Cal-ITP Benefits app that allows Califo - If the transit rider uses more than one debit or credit card to pay for transit, they repeat the basic flow for each card. -## **Postcondition** +## Postcondition The transit rider receives a fare reduction each time they use the debit or credit card they registered to pay for transit rides. The number of times they can use the card to pay for transit is unlimited, but the benefit expires one year after enrollment. -## **Benefits** +## Benefits - The transit rider no longer needs cash to pay for transit rides. @@ -68,7 +68,7 @@ The transit rider receives a fare reduction each time they use the debit or cred - Benefit enrollment doesn’t require online accounts with private companies. -## **Example Scenario** +## Example Scenario A CalFresh Program participant uses public transit regularly. They don’t have a car and depend on buses to get to appointments and do errands that take too long to use their bicycle. Even though this person already qualifies for benefits from the California Department of Social Services, they had to navigate another extensive, in-person eligibility process with different requirements to qualify for reduced fares from their local transit agency. They now receive a 50% fare reduction but have to pay for transit rides using the closed loop card provided by the operator to receive the reduced fare. It’s frustrating and inconvenient to reload this closed loop card in $10 payments every week, especially because they sometimes they could use the money tied up on the card to make ends meet. In summary, this person pays for daily expenses using three forms of payment: their Electronic Benefits Transfer (EBT) card for eligible items, their agency card for transportation, and their bank card (or cash) for everything else. From 8af3ba39734716d5aeadc4e95d3ecad7a20095bb Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 15:16:53 -0800 Subject: [PATCH 062/114] Update low-income.md added additional benefits to using Benefits! --- docs/enrollment-pathways/low-income.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/enrollment-pathways/low-income.md b/docs/enrollment-pathways/low-income.md index 0002c88c9..eb526b189 100644 --- a/docs/enrollment-pathways/low-income.md +++ b/docs/enrollment-pathways/low-income.md @@ -62,6 +62,10 @@ The transit rider receives a fare reduction each time they use the debit or cred - The transit rider can enroll in a transit benefit from home when convenient; they do not have to visit a transit agency in person. +- The transit rider does not have to prove income eligibility with the transit agency. The app simply uses their participation in the CalFresh program to confirm eligibility for a transit benefit. + +- The transit agency doesn't have to craft and policy for a low-icome discount; they simply use the approach implemented in the Cal-ITP Benefits application. As more agencies adopt the application, they also adopt a standard policy for transit benefits. + - Secure state and federal solutions manage the transit rider’s personal identifiable information (PII): [Login.gov](Login.gov) and the California Department of Technology Identity Gateway (IdG). Transit riders do not have to share personal information with local transit operators. - Benefit enrollment takes minutes rather than days or weeks. From 03727b231468b69b7b794a46971ae54ac5f6ef2d Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Fri, 9 Feb 2024 23:17:03 +0000 Subject: [PATCH 063/114] chore(pre-commit): autofix run --- docs/enrollment-pathways/low-income.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/low-income.md b/docs/enrollment-pathways/low-income.md index eb526b189..b8cf39640 100644 --- a/docs/enrollment-pathways/low-income.md +++ b/docs/enrollment-pathways/low-income.md @@ -64,7 +64,7 @@ The transit rider receives a fare reduction each time they use the debit or cred - The transit rider does not have to prove income eligibility with the transit agency. The app simply uses their participation in the CalFresh program to confirm eligibility for a transit benefit. -- The transit agency doesn't have to craft and policy for a low-icome discount; they simply use the approach implemented in the Cal-ITP Benefits application. As more agencies adopt the application, they also adopt a standard policy for transit benefits. +- The transit agency doesn't have to craft and policy for a low-icome discount; they simply use the approach implemented in the Cal-ITP Benefits application. As more agencies adopt the application, they also adopt a standard policy for transit benefits. - Secure state and federal solutions manage the transit rider’s personal identifiable information (PII): [Login.gov](Login.gov) and the California Department of Technology Identity Gateway (IdG). Transit riders do not have to share personal information with local transit operators. From 512512c4d9b5c07c4b7190f1d2a0fb1a9a9a936d Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 16:03:22 -0800 Subject: [PATCH 064/114] Update low-income.md added sequence diagram to basic flow section Mermaid! --- docs/enrollment-pathways/low-income.md | 36 +++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/low-income.md b/docs/enrollment-pathways/low-income.md index b8cf39640..e514e4ded 100644 --- a/docs/enrollment-pathways/low-income.md +++ b/docs/enrollment-pathways/low-income.md @@ -11,7 +11,41 @@ This use case describes a feature in the Cal-ITP Benefits app that allows Califo **Precondition:** The California transit operator offers fixed route service, has installed and tested validator hardware necessary to collect fares using contactless payment on bus or rail lines, and the operator has a policy in place to offer a transit discount to low-income riders. ## Basic Flow - +```mermaid +sequenceDiagram +autonumber +%% Low-income Rider Enrollment Pathway + actor Transit Rider + participant Benefits as Benefits app + participant IdG as Identity Gateway + participant Login.gov + participant CDSS + participant Littlepay +Transit Rider->>Benefits: visits benefits.calitp.org + activate Benefits +Benefits-->>IdG: eligibility verification + activate IdG +Transit Rider->>Login.gov: account authentication + activate Login.gov +IdG-->>Login.gov: requests required PII + activate Login.gov + Note right of Login.gov: first name
last name
Social Security number
date of birth +Login.gov-->>IdG: returns required PII + deactivate Login.gov +IdG-->>CDSS: check Calfresh enrollment status + activate CDSS +CDSS-->>IdG: return Calfresh enrollment status + deactivate CDSS +IdG-->>Benefits: eligibility response + deactivate IdG + deactivate Login.gov +Benefits-->>Littlepay: payment enrollment start + activate Littlepay +Transit Rider->>Littlepay: provides debit or credit card details +Littlepay-->>Benefits: payment method enrollment confirmation + deactivate Littlepay + deactivate Benefits +``` 1. The transit rider visits the web application at `benefits.calitp.org` in a browser on their desktop computer. 2. The transit rider chooses the transit operator that serves their area. From 094f12c69480061a5833ced8594cc043963be47b Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 16:09:05 -0800 Subject: [PATCH 065/114] Update copy-delivery.md Updated name of Copy Master Removed "(Configurable Strings)" from all references to the copy spreadsheet. Since we moved away from configurable strings, the inclusion of this qualifier is no longer accurate and doesn't reflect the current name of the spreadsheet. --- docs/product-and-design/copy-delivery.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/product-and-design/copy-delivery.md b/docs/product-and-design/copy-delivery.md index 443ead508..ef920fc19 100644 --- a/docs/product-and-design/copy-delivery.md +++ b/docs/product-and-design/copy-delivery.md @@ -10,9 +10,9 @@ Translation strings include all application copy, including: - In-line link URLs - Error messages (like [no script](https://github.com/cal-itp/benefits/blob/dev/benefits/core/templates/core/includes/noscript.html), [no cookies](https://github.com/cal-itp/benefits/blob/dev/benefits/core/templates/core/includes/nocookies.html) warnings) -## Cal-ITP Benefits Application Copy (Configurable Strings) +## Cal-ITP Benefits Application Copy -The human-readable version of the English and Spanish translation strings for the application are delivered to Design and Engineering by Product, and live at this link: [Cal-ITP Benefits Application Copy (Configurable Strings)](https://docs.google.com/spreadsheets/d/1_Gi_YbJr4ZuXCOsnOWaewvHqUO1nC1nKqiVDHvw0118/edit#gid=0). +The human-readable version of the English and Spanish translation strings for the application are delivered to Design and Engineering by Product, and live at this link: [Cal-ITP Benefits Application Copy](https://docs.google.com/spreadsheets/d/1_Gi_YbJr4ZuXCOsnOWaewvHqUO1nC1nKqiVDHvw0118/edit#gid=0). By tabs: @@ -27,14 +27,14 @@ By tabs: - Engage with copy writers to get the English language copy drafted, proofed and ready for design. - Engage with client editorial/communications team to ensure English language and Spanish language copy are edited according to client style guides. - Engage all necessary stakeholders to get English language copy approved and ready for design. -- Compile copy in [Cal-ITP Benefits Application Copy (Configurable Strings)](https://docs.google.com/spreadsheets/d/1_Gi_YbJr4ZuXCOsnOWaewvHqUO1nC1nKqiVDHvw0118/edit#gid=0), ready to be used by Design, so Design can sync the spreadsheet to Figma. +- Compile copy in [Cal-ITP Benefits Application Copy](https://docs.google.com/spreadsheets/d/1_Gi_YbJr4ZuXCOsnOWaewvHqUO1nC1nKqiVDHvw0118/edit#gid=0), ready to be used by Design, so Design can sync the spreadsheet to Figma. - Engage with the translation agency, [iBabbleOn](https://ibabbleon.com/), to get Spanish translations ready for Engineering. - Transfer translations from iBabbleOn to the spreadsheet, in proper format. - Ensure English and Spanish copy is ready for Engineering. ### Design -- Sync copy from [Cal-ITP Benefits Application Copy (Configurable Strings)](https://docs.google.com/spreadsheets/d/1_Gi_YbJr4ZuXCOsnOWaewvHqUO1nC1nKqiVDHvw0118/edit#gid=0) into Figma. +- Sync copy from [Cal-ITP Benefits Application Copy](https://docs.google.com/spreadsheets/d/1_Gi_YbJr4ZuXCOsnOWaewvHqUO1nC1nKqiVDHvw0118/edit#gid=0) into Figma. - Ensure the string is in the appropriate column (e.g. `Subtitle`, `ButtonLabel`) ### Engineering From 87c17f01bea68c683e4b637ab8c847b1fb85cafe Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 16:19:45 -0800 Subject: [PATCH 066/114] =?UTF-8?q?Update=20README.md=20adding=202024=20?= =?UTF-8?q?=E2=80=93=202025=20Benefits=20product=20roadmap?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replaces iframe displaying a Google doc. --- docs/enrollment-pathways/README.md | 67 +++++++++++++++++++++++++----- 1 file changed, 56 insertions(+), 11 deletions(-) diff --git a/docs/enrollment-pathways/README.md b/docs/enrollment-pathways/README.md index a0464a970..4e5f69a96 100644 --- a/docs/enrollment-pathways/README.md +++ b/docs/enrollment-pathways/README.md @@ -14,18 +14,63 @@ See our [Milestones][milestones] for current work tracked against specific featu ## Product roadmap -See our [Product Roadmap][roadmap] for more information on planned feature development and prioritization. - - +See our Product Roadmap for more information on planned feature development and prioritization. +```mermaid +%%{ + init: { + 'logLevel': 'debug', + 'theme': 'default' , + 'themeVariables': { + 'cScale0': '#ffa500', 'cScaleLabel0': '#000000', + 'cScale1': '#ffff00', 'cScaleLabel1': '#000000', + 'cScale2': '#ffff00', 'cScaleLabel2': '#000000', + 'cScale3': '#008000', 'cScaleLabel3': '#ffffff', + 'cScale4': '#0000ff', 'cScaleLabel4': '#ffffff', + 'cScale5': '#4b0082', 'cScaleLabel5': '#ffffff', + 'cScale6': '#000000', 'cScaleLabel6': '#ffffff' + } + } +}%% + +timeline +--- +title Cal-ITP Benefits Product Roadmap +---- +%% Cal-ITP Benefits Epics (2024) + section 2024 + + Q1
Now + : Benefits admin tool (Foundation) + %%: SacRT - Launch Older Adults enrollment pathway + : SBMTD - Launch Mobility Pass enrollment pathway + : Release low-income riders enrollment pathway + : Migrate to Littlepay Backoffice API + + Q2
Next + : Benefits admin tool (Agency configuration) + : Release enhancements to Veterans pathway + : Support for expiring benefits (low-income) + + Q3
Planned + : Benefits admin tool (Agency users) + : Benefits admin tool (In-person eligibility verification) + : Release Medicare cardholder enrollment pathway + + Q4
Planned + : Release riders with disabilities enrollment pathway + +%% Cal-ITP Benefits Epics (2025) + section 2025 + + Q1 + : Support benefits reciprocity between CA transit agencies + : Implement evolved organizing principles for app UX + + Q2 + : Support for multiple payment processors + : Integration with all MSA payment processors +``` [board]: https://github.com/orgs/cal-itp/projects/8/views/1 [milestones]: https://github.com/cal-itp/benefits/milestones [roadmap]: https://docs.google.com/document/d/1IFoa8Ye0IXwGXXwxFjMrm1s3617Dbv6l-E-aCB0kgnA/edit# From 391d593bd0a1b77961d3052e0cd0865e767c06b3 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sat, 10 Feb 2024 00:20:06 +0000 Subject: [PATCH 067/114] chore(pre-commit): autofix run --- docs/enrollment-pathways/README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/docs/enrollment-pathways/README.md b/docs/enrollment-pathways/README.md index 4e5f69a96..a06298f5a 100644 --- a/docs/enrollment-pathways/README.md +++ b/docs/enrollment-pathways/README.md @@ -30,7 +30,7 @@ See our Product Roadmap for more information on planned feature development and 'cScale5': '#4b0082', 'cScaleLabel5': '#ffffff', 'cScale6': '#000000', 'cScaleLabel6': '#ffffff' } - } + } }%% timeline @@ -39,30 +39,30 @@ title Cal-ITP Benefits Product Roadmap ---- %% Cal-ITP Benefits Epics (2024) section 2024 - + Q1
Now : Benefits admin tool (Foundation) %%: SacRT - Launch Older Adults enrollment pathway : SBMTD - Launch Mobility Pass enrollment pathway : Release low-income riders enrollment pathway : Migrate to Littlepay Backoffice API - - Q2
Next - : Benefits admin tool (Agency configuration) + + Q2
Next + : Benefits admin tool (Agency configuration) : Release enhancements to Veterans pathway : Support for expiring benefits (low-income) - Q3
Planned + Q3
Planned : Benefits admin tool (Agency users) : Benefits admin tool (In-person eligibility verification) : Release Medicare cardholder enrollment pathway - + Q4
Planned : Release riders with disabilities enrollment pathway %% Cal-ITP Benefits Epics (2025) section 2025 - + Q1 : Support benefits reciprocity between CA transit agencies : Implement evolved organizing principles for app UX From eed13195c113fa1bc6bd6d1b318b74682fec679e Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Fri, 9 Feb 2024 16:33:31 -0800 Subject: [PATCH 068/114] Update .pages remove design style guide page This page currently links to a broken Figma file. I propose we remove it and bring it back when we have relevant content. --- docs/product-and-design/.pages | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/product-and-design/.pages b/docs/product-and-design/.pages index 6fbcf6eb0..2b0f7392a 100644 --- a/docs/product-and-design/.pages +++ b/docs/product-and-design/.pages @@ -4,4 +4,3 @@ nav: - analytics.md - copy-delivery.md - copy-style.md -- Design style guide: https://www.figma.com/proto/SeSd3LaLd6WkbEYhmtKpO3/Benefits-(IAL2-Login.gov)?node-id=4942%3A17385&scaling=scale-down&page-id=4890%3A17182 From 5b57135168d47f442c35b28136168f46c125d3eb Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Wed, 7 Feb 2024 23:44:10 -0800 Subject: [PATCH 069/114] feat(terraform): define storage recovery vault and policy the vault is where backups are stored the policy defines the frequency and retention of backups these are linked to the storage account via azurerm_backup_container_storage_account --- terraform/storage.tf | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/terraform/storage.tf b/terraform/storage.tf index b69c44159..891187e04 100644 --- a/terraform/storage.tf +++ b/terraform/storage.tf @@ -23,6 +23,45 @@ resource "azurerm_storage_account" "main" { } } +resource "azurerm_recovery_services_vault" "main" { + name = "rsvcdtcalitp${lower(local.env_letter)}001" + location = data.azurerm_resource_group.main.location + resource_group_name = data.azurerm_resource_group.main.name + sku = "Standard" + soft_delete_enabled = true + + lifecycle { + ignore_changes = [tags] + } +} + +resource "azurerm_backup_container_storage_account" "main" { + resource_group_name = data.azurerm_resource_group.main.name + recovery_vault_name = azurerm_recovery_services_vault.main.name + storage_account_id = azurerm_storage_account.main.id +} + +resource "azurerm_backup_policy_file_share" "policy" { + name = "${azurerm_storage_account.main.name}-backup-policy" + resource_group_name = data.azurerm_resource_group.main.name + recovery_vault_name = azurerm_recovery_services_vault.main.name + timezone = "UTC" + + backup { + frequency = "Daily" + time = "14:00" + } + + retention_daily { + count = 1 + } + + retention_weekly { + count = 5 + weekdays = ["Monday", "Tuesday", "Wednesday", "Thursday", "Friday"] + } +} + resource "azurerm_storage_share" "data" { name = "benefits-data" storage_account_name = azurerm_storage_account.main.name From ed704d3a128ccda88339091513414fcd5cc5d9b1 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Mon, 12 Feb 2024 14:08:30 -0800 Subject: [PATCH 070/114] docs(terraform): add step for local tfvars setup --- docs/deployment/infrastructure.md | 1 + terraform/terraform.tfvars.sample | 2 ++ 2 files changed, 3 insertions(+) create mode 100644 terraform/terraform.tfvars.sample diff --git a/docs/deployment/infrastructure.md b/docs/deployment/infrastructure.md index 97afea83e..14047ae23 100644 --- a/docs/deployment/infrastructure.md +++ b/docs/deployment/infrastructure.md @@ -131,6 +131,7 @@ Terraform is [`plan`](https://www.terraform.io/cli/commands/plan)'d when code is ./init.sh ``` +1. Create a local `terraform.tfvars` file (ignored by git) from the sample; fill in the `*_OBJECT_ID` variables with values from the Azure Pipeline definition. 1. Make changes to Terraform files. 1. Preview the changes, as necessary. diff --git a/terraform/terraform.tfvars.sample b/terraform/terraform.tfvars.sample new file mode 100644 index 000000000..7413007e5 --- /dev/null +++ b/terraform/terraform.tfvars.sample @@ -0,0 +1,2 @@ +DEVSECOPS_OBJECT_ID = "object-id" +ENGINEERING_GROUP_OBJECT_ID = "object-id" From 20ab413d6736d73ee7e8697e547a91566c076944 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Mon, 12 Feb 2024 17:28:27 -0800 Subject: [PATCH 071/114] Update low-income.md updated IdG hyperlink - increased linked text - replaced CDT generic URL with a much more meaningful one --- docs/enrollment-pathways/low-income.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/low-income.md b/docs/enrollment-pathways/low-income.md index e514e4ded..90dbd3bc6 100644 --- a/docs/enrollment-pathways/low-income.md +++ b/docs/enrollment-pathways/low-income.md @@ -54,7 +54,7 @@ Littlepay-->>Benefits: payment method enrollment confirmation 4. The transit rider authenticates with their existing [Login.gov](Login.gov) account or, if they don’t have one, creates a [Login.gov](Login.gov) account. -5. The Cal-ITP Benefits app interfaces with the [California Department of Transportation](https://dot.ca.gov/) Identity Gateway (IdG) to verify benefit eligibility. The IdG uses personal information shared by [Login.gov](Login.gov) to verify CalFresh participation status. +5. The Cal-ITP Benefits app interfaces with the [California Department of Technology Identity Gateway](https://digitalidstrategy.cdt.ca.gov/primary-elements.html) (IdG) to verify benefit eligibility. The IdG uses personal information shared by [Login.gov](Login.gov) to verify CalFresh participation status. 6. The IdG uses the response provided by the California Department of Social Services (CDSS) to determine the rider’s eligibility for a transit benefit. From 1dffc3a96c6b2d9dd44deb2c06e8ae7d2508381d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Feb 2024 02:39:41 +0000 Subject: [PATCH 072/114] chore(deps-dev): bump django from 5.0.1 to 5.0.2 Bumps [django](https://github.com/django/django) from 5.0.1 to 5.0.2. - [Commits](https://github.com/django/django/compare/5.0.1...5.0.2) --- updated-dependencies: - dependency-name: django dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 918ab94d0..76750ebeb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,7 +10,7 @@ dependencies = [ "Authlib==1.3.0", "azure-keyvault-secrets==4.7.0", "azure-identity==1.15.0", - "Django==5.0.1", + "Django==5.0.2", "django-csp==3.7", "django-google-sso==5.0.0", "eligibility-api==2023.9.1", From a4d5c54fc8dc5845e2c555ea3c1ebfe14faa5bf4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Feb 2024 21:32:59 +0000 Subject: [PATCH 073/114] chore(deps-dev): bump sentry-sdk from 1.40.3 to 1.40.4 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.40.3 to 1.40.4. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-python/compare/1.40.3...1.40.4) --- updated-dependencies: - dependency-name: sentry-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 918ab94d0..7b9e4655b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -15,7 +15,7 @@ dependencies = [ "django-google-sso==5.0.0", "eligibility-api==2023.9.1", "requests==2.31.0", - "sentry-sdk==1.40.3", + "sentry-sdk==1.40.4", "six==1.16.0", ] From df25d789f207418532f888955dcdc225a722b129 Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Tue, 13 Feb 2024 21:42:42 +0000 Subject: [PATCH 074/114] refactor: use cal-itp/littlepay to check API access also remove workflow input to simplify since we don't use it --- .github/workflows/check-api.yml | 74 +++++++-------------------------- 1 file changed, 16 insertions(+), 58 deletions(-) diff --git a/.github/workflows/check-api.yml b/.github/workflows/check-api.yml index a5361e6fd..5487bb8a4 100644 --- a/.github/workflows/check-api.yml +++ b/.github/workflows/check-api.yml @@ -2,81 +2,39 @@ name: Check access to API on: workflow_dispatch: - inputs: - environment: - type: choice - description: Select the API environment - options: [all, prod, qa] schedule: - cron: "0 12 * * *" jobs: check-api: runs-on: ubuntu-latest - env: - SHOULD_RUN: | - ${{ github.event_name == 'schedule' - || github.event.inputs.environment == 'all' - || github.event.inputs.environment == matrix.name - }} strategy: fail-fast: false matrix: - include: - - name: prod - cert: API_CHECK_PROD_CERT - key: API_CHECK_PROD_KEY - ca-cert: API_CHECK_PROD_CA_CERT - url: API_CHECK_PROD_URL - data: API_CHECK_PROD_DATA - - - name: qa - cert: API_CHECK_QA_CERT - key: API_CHECK_QA_KEY - ca-cert: API_CHECK_QA_CA_CERT - url: API_CHECK_QA_URL - data: API_CHECK_QA_DATA - - name: Check API endpoint (${{ matrix.name }}) + participant: [mst, sacrt, sbmtd] + env: [qa, prod] steps: - - name: Echo workflow run information - run: | - echo "Triggering event name: ${{ github.event_name }}, \ - APIs to check: ${{ github.event.inputs.environment }}" + - uses: actions/checkout@v4 + with: + repository: "cal-itp/littlepay" - - name: Decode cert files - if: contains(env.SHOULD_RUN, 'true') + - name: Install the littlepay library run: | - mkdir $RUNNER_TEMP/${{ matrix.name }} - temp_dir=$RUNNER_TEMP/${{ matrix.name }} - - cat > $temp_dir/cert.pem <<- EOM - ${{ secrets[matrix.cert] }} - EOM - - cat > $temp_dir/key.pem <<- EOM - ${{ secrets[matrix.key] }} - EOM + python3 -m pip install --upgrade pip + pip install -e . - cat > $temp_dir/cacert.ca <<- EOM - ${{ secrets[matrix.ca-cert] }} + - name: Create config file and set config + run: | + cat > config.yaml <<- EOM + ${{ secrets.API_CHECK_CONFIG }} EOM + littlepay config config.yaml - - name: Call API endpoint - if: contains(env.SHOULD_RUN, 'true') + - name: Run littlepay to get access token run: | - temp_dir=$RUNNER_TEMP/${{ matrix.name }} - curl -i --url ${{ secrets[matrix.url] }} \ - --header 'Accept: application/json' \ - --header 'Content-type: application/json' \ - --data '${{ secrets[matrix.data] }}' \ - --cert $temp_dir/cert.pem \ - --key $temp_dir/key.pem \ - --cacert $temp_dir/cacert.ca > $temp_dir/payload.txt - - test $(head -n 1 $temp_dir/payload.txt | grep -o 201) + littlepay switch env ${{ matrix.env }} + littlepay switch participant ${{ matrix.participant }} - # https://www.ravsam.in/blog/send-slack-notification-when-github-actions-fails/#using-notify-slack-action - name: Report failure to Slack if: always() uses: ravsamhq/notify-slack-action@v2 From a7084bb4f3a02a87d9aa03e62f06e93a09eab035 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 13 Feb 2024 22:13:27 +0000 Subject: [PATCH 075/114] fix(secrets): use literal newlines in multiline env vars Docker, bash, etc. support multiline environment variables, by simply wrapping the value in single quotes with newlines, e.g. in an .env file: multi_line_value='first line second line third line' Resulting in the expected: $ echo "$multi_line_value" first line second line third line Due to a quirk in VS Code's Python extension, multiline values are not parsed, see https://code.visualstudio.com/docs/python/environments#_environment-variables > ... Multiline values aren't supported ... And more ongoing discussion at microsoft/vscode-python#18307 When running locally in e.g. Debug mode, and secrets are read dynamically from the environment, Python loses the multiline value and we end up with: >> value = os.environ.get("multi_line_value") >> print(value) first line This changes the samples and docs so literal newlines are added to the value of the environment variable in an .env file: multi_line_value='first line\nsecond line\nthird line' But the initial value read by Python contains _escaped_ newline characters: first line\\nsecond line\\nthird line Hence unescaping so that local secrets contain the actual newline character: first line\nsecond line\nthird line --- .env.sample | 74 +++------------------ benefits/secrets.py | 9 ++- docs/configuration/environment-variables.md | 24 +++++++ tests/pytest/test_secrets.py | 13 ++-- 4 files changed, 51 insertions(+), 69 deletions(-) diff --git a/.env.sample b/.env.sample index b5aedbf6d..d619baf55 100644 --- a/.env.sample +++ b/.env.sample @@ -2,66 +2,14 @@ testsecret=Hello from the local environment! auth_provider_client_id=benefits-oauth-client-id courtesy_card_verifier_api_auth_key=server-auth-token mobility_pass_verifier_api_auth_key=server-auth-token -client_private_key='-----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEA1pt0ZoOuPEVPJJS+5r884zcjZLkZZ2GcPwr79XOLDbOi46on -Ca79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2RoxFb5QGaevnJY828NupzTNdUd0sY -JK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68UAlK+VjwJkfYPrhq/bl5z8ZiurvBa -5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQNd3RaIaSREO50NvNywXIIt/OmCiR -qI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5epTsWcURmhVofF2wVoFbib3JGCfA7t -z/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUViwIDAQABAoIBAQCIv0XMjNvZS9DC -XoXGQtVpcxj6dXfaiDgnc7hZDubsNCr3JtT5NqgdIYdVNQUABNDIPNEiCkzFjuwM -uuF2+dRzM/x6UCs/cSsCjXYBCCOwMwV/fjpEJQnwMQqwTLulVsXZYYeSUtXVBf/8 -0tVULRty34apLFhsyX30UtboXQdESfpmm5ZsqsZJlYljw+M7JxRMneQclI19y/ya -hPWlfhLB9OffVEJXGaWx1NSYnKoCMKqE/+4krROr6V62xXaNyX6WtU6XiT7C6R5A -PBxfhmoeFdVCF6a+Qq0v2fKThYoZnV4sn2q2An9YPfynFYnlgzdfnAFSejsqxQd0 -fxYLOtMBAoGBAP1jxjHDJngZ1N+ymw9MIpRgr3HeuMP5phiSTbY2tu9lPzQd+TMX -fhr1bQh2Fd/vU0u7X0yPnTWtUrLlCdGnWPpXivx95GNGgUUIk2HStFdrRx+f2Qvk -G8vtLgmSbjQ26UiHzxi9Wa0a41PWIA3TixkcFrS2X29Qc4yd6pVHmicfAoGBANjR -Z8aaDkSKLkq5Nk1T7I0E1+mtPoH1tPV/FJClXjJrvfDuYHBeOyUpipZddnZuPGWA -IW2tFIsMgJQtgpvgs52NFI7pQGJRUPK/fTG+Ycocxo78TkLr/RIj8Kj5brXsbZ9P -3/WBX5GAISTSp1ab8xVgK/Tm07hGupKVqnY2lCAVAoGAIql0YjhE2ecGtLcU+Qm8 -LTnwpg4GjmBnNTNGSCfB7IuYEsQK489R49Qw3xhwM5rkdRajmbCHm+Eiz+/+4NwY -kt5I1/NMu7vYUR40MwyEuPSm3Q+bvEGu/71pL8wFIUVlshNJ5CN60fA8qqo+5kVK -4Ntzy7Kq6WpC9Dhh75vE3ZcCgYEAty99uXtxsJD6+aEwcvcENkUwUztPQ6ggAwci -je9Z/cmwCj6s9mN3HzfQ4qgGrZsHpk4ycCK655xhilBFOIQJ3YRUKUaDYk4H0YDe -Osf6gTP8wtQDH2GZSNlavLk5w7UFDYQD2b47y4fw+NaOEYvjPl0p5lmb6ebAPZb8 -FbKZRd0CgYBC1HTbA+zMEqDdY4MWJJLC6jZsjdxOGhzjrCtWcIWEGMDF7oDDEoix -W3j2hwm4C6vaNkH9XX1dr5+q6gq8vJQdbYoExl22BGMiNbfI3+sLRk0zBYL//W6c -tSREgR4EjosqQfbkceLJ2JT1wuNjInI0eR9H3cRugvlDTeWtbdJ5qA== ------END RSA PRIVATE KEY-----' -client_public_key='-----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pt0ZoOuPEVPJJS+5r88 -4zcjZLkZZ2GcPwr79XOLDbOi46onCa79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2R -oxFb5QGaevnJY828NupzTNdUd0sYJK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68U -AlK+VjwJkfYPrhq/bl5z8ZiurvBa5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQ -Nd3RaIaSREO50NvNywXIIt/OmCiRqI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5ep -TsWcURmhVofF2wVoFbib3JGCfA7tz/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUV -iwIDAQAB ------END PUBLIC KEY-----' -mst_payment_processor_client_cert='-----BEGIN CERTIFICATE----- -PEM DATA ------END CERTIFICATE-----' -mst_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY----- -PEM DATA ------END RSA PRIVATE KEY-----' -mst_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE----- -PEM DATA ------END CERTIFICATE-----' -sacrt_payment_processor_client_cert='-----BEGIN CERTIFICATE----- -PEM DATA ------END CERTIFICATE-----' -sacrt_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY----- -PEM DATA ------END RSA PRIVATE KEY-----' -sacrt_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE----- -PEM DATA ------END CERTIFICATE-----' -sbmtd_payment_processor_client_cert='-----BEGIN CERTIFICATE----- -PEM DATA ------END CERTIFICATE-----' -sbmtd_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY----- -PEM DATA ------END RSA PRIVATE KEY-----' -sbmtd_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE----- -PEM DATA ------END CERTIFICATE-----' +client_private_key='-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA1pt0ZoOuPEVPJJS+5r884zcjZLkZZ2GcPwr79XOLDbOi46on\nCa79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2RoxFb5QGaevnJY828NupzTNdUd0sY\nJK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68UAlK+VjwJkfYPrhq/bl5z8ZiurvBa\n5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQNd3RaIaSREO50NvNywXIIt/OmCiR\nqI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5epTsWcURmhVofF2wVoFbib3JGCfA7t\nz/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUViwIDAQABAoIBAQCIv0XMjNvZS9DC\nXoXGQtVpcxj6dXfaiDgnc7hZDubsNCr3JtT5NqgdIYdVNQUABNDIPNEiCkzFjuwM\nuuF2+dRzM/x6UCs/cSsCjXYBCCOwMwV/fjpEJQnwMQqwTLulVsXZYYeSUtXVBf/8\n0tVULRty34apLFhsyX30UtboXQdESfpmm5ZsqsZJlYljw+M7JxRMneQclI19y/ya\nhPWlfhLB9OffVEJXGaWx1NSYnKoCMKqE/+4krROr6V62xXaNyX6WtU6XiT7C6R5A\nPBxfhmoeFdVCF6a+Qq0v2fKThYoZnV4sn2q2An9YPfynFYnlgzdfnAFSejsqxQd0\nfxYLOtMBAoGBAP1jxjHDJngZ1N+ymw9MIpRgr3HeuMP5phiSTbY2tu9lPzQd+TMX\nfhr1bQh2Fd/vU0u7X0yPnTWtUrLlCdGnWPpXivx95GNGgUUIk2HStFdrRx+f2Qvk\nG8vtLgmSbjQ26UiHzxi9Wa0a41PWIA3TixkcFrS2X29Qc4yd6pVHmicfAoGBANjR\nZ8aaDkSKLkq5Nk1T7I0E1+mtPoH1tPV/FJClXjJrvfDuYHBeOyUpipZddnZuPGWA\nIW2tFIsMgJQtgpvgs52NFI7pQGJRUPK/fTG+Ycocxo78TkLr/RIj8Kj5brXsbZ9P\n3/WBX5GAISTSp1ab8xVgK/Tm07hGupKVqnY2lCAVAoGAIql0YjhE2ecGtLcU+Qm8\nLTnwpg4GjmBnNTNGSCfB7IuYEsQK489R49Qw3xhwM5rkdRajmbCHm+Eiz+/+4NwY\nkt5I1/NMu7vYUR40MwyEuPSm3Q+bvEGu/71pL8wFIUVlshNJ5CN60fA8qqo+5kVK\n4Ntzy7Kq6WpC9Dhh75vE3ZcCgYEAty99uXtxsJD6+aEwcvcENkUwUztPQ6ggAwci\nje9Z/cmwCj6s9mN3HzfQ4qgGrZsHpk4ycCK655xhilBFOIQJ3YRUKUaDYk4H0YDe\nOsf6gTP8wtQDH2GZSNlavLk5w7UFDYQD2b47y4fw+NaOEYvjPl0p5lmb6ebAPZb8\nFbKZRd0CgYBC1HTbA+zMEqDdY4MWJJLC6jZsjdxOGhzjrCtWcIWEGMDF7oDDEoix\nW3j2hwm4C6vaNkH9XX1dr5+q6gq8vJQdbYoExl22BGMiNbfI3+sLRk0zBYL//W6c\ntSREgR4EjosqQfbkceLJ2JT1wuNjInI0eR9H3cRugvlDTeWtbdJ5qA==\n-----END RSA PRIVATE KEY-----' +client_public_key='-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1pt0ZoOuPEVPJJS+5r88\n4zcjZLkZZ2GcPwr79XOLDbOi46onCa79kjRnhS0VUK96SwUPS0z9J5mDA5LSNL2R\noxFb5QGaevnJY828NupzTNdUd0sYJK3kRjKUggHWuB55hwJcH/Dx7I3DNH4NL68U\nAlK+VjwJkfYPrhq/bl5z8ZiurvBa5C1mDxhFpcTZlCfxQoas7D1d+uPACF6mEMbQ\nNd3RaIaSREO50NvNywXIIt/OmCiRqI7JtOcn4eyh1I4j9WtlbMhRJLfwPMAgY5ep\nTsWcURmhVofF2wVoFbib3JGCfA7tz/gmP5YoEKnf/cumKmF3e9LrZb8zwm7bTHUV\niwIDAQAB\n-----END PUBLIC KEY-----' +mst_payment_processor_client_cert='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----' +mst_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY-----\nPEM DATA\n-----END RSA PRIVATE KEY-----' +mst_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----' +sacrt_payment_processor_client_cert='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----' +sacrt_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY-----\nPEM DATA\n-----END RSA PRIVATE KEY-----' +sacrt_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----' +sbmtd_payment_processor_client_cert='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----' +sbmtd_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY-----\nPEM DATA\n-----END RSA PRIVATE KEY-----' +sbmtd_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----' diff --git a/benefits/secrets.py b/benefits/secrets.py index 08de13692..7a8f650a6 100644 --- a/benefits/secrets.py +++ b/benefits/secrets.py @@ -52,8 +52,15 @@ def get_secret_by_name(secret_name, client=None): if runtime_env == "local": logger.debug("Runtime environment is local, reading from environment instead of Azure KeyVault.") + # environment variable names cannot contain the hyphen character + # assume the variable name is the same but with underscores instead env_secret_name = secret_name.replace("-", "_") - return os.environ.get(env_secret_name) + secret_value = os.environ.get(env_secret_name) + # we have to replace literal newlines here with the actual newline character + # to support local environment variables values that span multiple lines (e.g. PEM keys/certs) + # because the VS Code Python extension doesn't support multiline environment variables + # https://code.visualstudio.com/docs/python/environments#_environment-variables + return secret_value.replace("\\n", "\n") elif client is None: # construct the KeyVault URL from the runtime environment diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md index 7d5a478c2..6a80d8881 100644 --- a/docs/configuration/environment-variables.md +++ b/docs/configuration/environment-variables.md @@ -6,6 +6,30 @@ The sections below outline in more detail the application environment variables See other topic pages in this section for more specific environment variable configurations. +!!! warning "Multiline environment variables" + + Although Docker, bash, etc. support multiline values directly in e.g. an .env file: + + ```bash + multi_line_value='first line + second line + third line' + ``` + + The VS Code Python extension does not parse multiline values: https://code.visualstudio.com/docs/python/environments#_environment-variables + + When specifying multiline values for local usage, use the literal newline character `\n` but maintain the single quote wrapper: + + ```bash + multi_line_value='first line\nsecond line\third line' + ``` + + A quick bash script to convert direct multiline values to their literal newline character equivalent is: + + ```bash + echo "${multi_line_value//$'\n'/\\n}" + ``` + ## Amplitude !!! tldr "Amplitude API docs" diff --git a/tests/pytest/test_secrets.py b/tests/pytest/test_secrets.py index 53359a982..8cba4d5c4 100644 --- a/tests/pytest/test_secrets.py +++ b/tests/pytest/test_secrets.py @@ -1,8 +1,8 @@ +import pytest from azure.core.exceptions import ClientAuthenticationError from django.core.exceptions import ValidationError -import pytest -from benefits.secrets import KEY_VAULT_URL, SecretNameValidator, NAME_VALIDATOR, get_secret_by_name +from benefits.secrets import KEY_VAULT_URL, NAME_VALIDATOR, SecretNameValidator, get_secret_by_name @pytest.fixture(autouse=True) @@ -138,10 +138,13 @@ def test_get_secret_by_name__unauthenticated_client__returns_None(mocker, runtim assert actual_value is None -def test_get_secret_by_name__local__returns_environment_variable(mocker, settings, secret_name, secret_value): +def test_get_secret_by_name__local__returns_environment_variable(mocker, settings, secret_name): settings.RUNTIME_ENVIRONMENT = lambda: "local" - env_spy = mocker.patch("benefits.secrets.os.environ.get", return_value=secret_value) + secret_value_literal_newlines = "the\\nsecret\\nvalue" + expected_secret_value = secret_value_literal_newlines.replace("\\n", "\n") + + env_spy = mocker.patch("benefits.secrets.os.environ.get", return_value=secret_value_literal_newlines) env_secret_name = secret_name.replace("-", "_") client_cls = mocker.patch("benefits.secrets.SecretClient") client = client_cls.return_value @@ -151,4 +154,4 @@ def test_get_secret_by_name__local__returns_environment_variable(mocker, setting client_cls.assert_not_called() client.get_secret.assert_not_called() env_spy.assert_called_once_with(env_secret_name) - assert actual_value == secret_value + assert actual_value == expected_secret_value From e4794bca931985ba71403bc7d6b02b8214b1d572 Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Tue, 23 Jan 2024 20:26:56 +0000 Subject: [PATCH 076/114] refactor(admin): assume database and superuser already exist --- bin/init.sh | 23 ---------- docs/configuration/environment-variables.md | 47 --------------------- terraform/app_service.tf | 4 -- 3 files changed, 74 deletions(-) diff --git a/bin/init.sh b/bin/init.sh index 8a11d863e..c2a283c2a 100755 --- a/bin/init.sh +++ b/bin/init.sh @@ -1,33 +1,10 @@ #!/usr/bin/env bash set -eux -# make the path to the database file from environment or default -DB_DIR="${DJANGO_DB_DIR:-.}" -DB_FILE="${DB_DIR}/django.db" -DB_RESET="${DJANGO_DB_RESET:-true}" - -# remove existing (old) database file -if [[ $DB_RESET = true && -f $DB_FILE ]]; then - # rename then delete the new file - # trying to avoid a file lock on the existing file - # after marking it for deletion - mv "${DB_FILE}" "${DB_FILE}.old" - rm "${DB_FILE}.old" -fi - # run database migrations python manage.py migrate -# create a superuser account for backend admin access -# check DJANGO_ADMIN = true, default to false if empty or unset - -if [[ ${DJANGO_ADMIN:-false} = true ]]; then - python manage.py createsuperuser --no-input -else - echo "superuser: Django not configured for Admin access" -fi - # generate language *.mo files for use by Django python manage.py compilemessages diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md index 6a80d8881..32701a1c0 100644 --- a/docs/configuration/environment-variables.md +++ b/docs/configuration/environment-variables.md @@ -78,17 +78,6 @@ writable by the Django process._ By default, the base project directory (i.e. the root of the repository). -### `DJANGO_DB_RESET` - -!!! warning "Deployment configuration" - - You may change this setting when deploying the app to a non-localhost domain - -Boolean: - -- `True` (default): deletes the existing database file and runs fresh Django migrations. -- `False`: Django uses the existing database file. - ### `DJANGO_DEBUG` !!! warning "Deployment configuration" @@ -144,42 +133,6 @@ By default the application sends logs to `stdout`. Django's primary secret, keep this safe! -### `DJANGO_SUPERUSER_EMAIL` - -!!! warning "Deployment configuration" - - You may change this setting when deploying the app to a non-localhost domain - -!!! danger "Required configuration" - - This setting is required when `DJANGO_ADMIN` is `true` - -The email address of the Django Admin superuser created during initialization. - -### `DJANGO_SUPERUSER_PASSWORD` - -!!! warning "Deployment configuration" - - You may change this setting when deploying the app to a non-localhost domain - -!!! danger "Required configuration" - - This setting is required when `DJANGO_ADMIN` is `true` - -The password of the Django Admin superuser created during initialization. - -### `DJANGO_SUPERUSER_USERNAME` - -!!! warning "Deployment configuration" - - You may change this setting when deploying the app to a non-localhost domain - -!!! danger "Required configuration" - - This setting is required when `DJANGO_ADMIN` is `true` - -The username of the Django Admin superuser created during initialization. - ### `DJANGO_TRUSTED_ORIGINS` !!! warning "Deployment configuration" diff --git a/terraform/app_service.tf b/terraform/app_service.tf index a59e7dd30..9bc66a5da 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -69,12 +69,8 @@ resource "azurerm_linux_web_app" "main" { "DJANGO_ADMIN" = "${local.secret_prefix}django-admin)", "DJANGO_ALLOWED_HOSTS" = "${local.secret_prefix}django-allowed-hosts)", "DJANGO_DB_DIR" = "${local.secret_prefix}django-db-dir)", - "DJANGO_DB_RESET" = "${local.secret_prefix}django-db-reset)", "DJANGO_DEBUG" = local.is_prod ? null : "${local.secret_prefix}django-debug)", "DJANGO_LOG_LEVEL" = "${local.secret_prefix}django-log-level)", - "DJANGO_SUPERUSER_EMAIL" = "${local.secret_prefix}django-superuser-email)", - "DJANGO_SUPERUSER_PASSWORD" = "${local.secret_prefix}django-superuser-password)", - "DJANGO_SUPERUSER_USERNAME" = "${local.secret_prefix}django-superuser-username)", "DJANGO_RECAPTCHA_SECRET_KEY" = local.is_dev ? null : "${local.secret_prefix}django-recaptcha-secret-key)", "DJANGO_RECAPTCHA_SITE_KEY" = local.is_dev ? null : "${local.secret_prefix}django-recaptcha-site-key)", From 4625f250f48eb9071d9b8fdc79e4dfc6cb2ee625 Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Tue, 23 Jan 2024 20:50:43 +0000 Subject: [PATCH 077/114] refactor(admin): admin interface is always enabled --- benefits/core/admin.py | 74 ++++++++-------- benefits/settings.py | 97 +++++++++------------ benefits/urls.py | 13 +-- docs/configuration/README.md | 6 +- docs/configuration/environment-variables.md | 7 -- docs/getting-started/README.md | 3 +- terraform/app_service.tf | 1 - 7 files changed, 85 insertions(+), 116 deletions(-) diff --git a/benefits/core/admin.py b/benefits/core/admin.py index 68c045698..bd32e1369 100644 --- a/benefits/core/admin.py +++ b/benefits/core/admin.py @@ -2,43 +2,43 @@ The core application: Admin interface configuration. """ +import logging import requests from django.conf import settings - -if settings.ADMIN: - import logging - from django.contrib import admin - from . import models - - logger = logging.getLogger(__name__) - - for model in [ - models.EligibilityType, - models.EligibilityVerifier, - models.PaymentProcessor, - models.PemData, - models.TransitAgency, - ]: - logger.debug(f"Register {model.__name__}") - admin.site.register(model) - - def pre_login_user(user, request): - logger.debug(f"Running pre-login callback for user: {user.username}") - token = request.session.get("google_sso_access_token") - if token: - headers = { - "Authorization": f"Bearer {token}", - } - - # Request Google user info to get name and email - url = "https://www.googleapis.com/oauth2/v3/userinfo" - response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT) - user_data = response.json() - logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}") - - user.first_name = user_data["given_name"] - user.last_name = user_data["family_name"] - user.username = user_data["email"] - user.email = user_data["email"] - user.save() +from django.contrib import admin +from . import models + +logger = logging.getLogger(__name__) + + +for model in [ + models.EligibilityType, + models.EligibilityVerifier, + models.PaymentProcessor, + models.PemData, + models.TransitAgency, +]: + logger.debug(f"Register {model.__name__}") + admin.site.register(model) + + +def pre_login_user(user, request): + logger.debug(f"Running pre-login callback for user: {user.username}") + token = request.session.get("google_sso_access_token") + if token: + headers = { + "Authorization": f"Bearer {token}", + } + + # Request Google user info to get name and email + url = "https://www.googleapis.com/oauth2/v3/userinfo" + response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT) + user_data = response.json() + logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}") + + user.first_name = user_data["given_name"] + user.last_name = user_data["family_name"] + user.username = user_data["email"] + user.email = user_data["email"] + user.save() diff --git a/benefits/settings.py b/benefits/settings.py index 3323fb03c..9a0496cbe 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -45,39 +45,33 @@ def RUNTIME_ENVIRONMENT(): # Application definition INSTALLED_APPS = [ + "django.contrib.admin", + "django.contrib.auth", + "django.contrib.contenttypes", "django.contrib.messages", "django.contrib.sessions", "django.contrib.staticfiles", + "django_google_sso", "benefits.core", "benefits.enrollment", "benefits.eligibility", "benefits.oauth", ] -if ADMIN: - GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret") - GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") - GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") - GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(",")) - GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(",")) - GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(",")) - GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg" - GOOGLE_SSO_SAVE_ACCESS_TOKEN = True - GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.core.admin.pre_login_user" - GOOGLE_SSO_SCOPES = [ - "openid", - "https://www.googleapis.com/auth/userinfo.email", - "https://www.googleapis.com/auth/userinfo.profile", - ] - - INSTALLED_APPS.extend( - [ - "django.contrib.admin", - "django.contrib.auth", - "django.contrib.contenttypes", - "django_google_sso", # Add django_google_sso - ] - ) +GOOGLE_SSO_CLIENT_ID = os.environ.get("GOOGLE_SSO_CLIENT_ID", "secret") +GOOGLE_SSO_PROJECT_ID = os.environ.get("GOOGLE_SSO_PROJECT_ID", "benefits-admin") +GOOGLE_SSO_CLIENT_SECRET = os.environ.get("GOOGLE_SSO_CLIENT_SECRET", "secret") +GOOGLE_SSO_ALLOWABLE_DOMAINS = _filter_empty(os.environ.get("GOOGLE_SSO_ALLOWABLE_DOMAINS", "compiler.la").split(",")) +GOOGLE_SSO_STAFF_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_STAFF_LIST", "").split(",")) +GOOGLE_SSO_SUPERUSER_LIST = _filter_empty(os.environ.get("GOOGLE_SSO_SUPERUSER_LIST", "").split(",")) +GOOGLE_SSO_LOGO_URL = "/static/img/icon/google_sso_logo.svg" +GOOGLE_SSO_SAVE_ACCESS_TOKEN = True +GOOGLE_SSO_PRE_LOGIN_CALLBACK = "benefits.core.admin.pre_login_user" +GOOGLE_SSO_SCOPES = [ + "openid", + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/userinfo.profile", +] MIDDLEWARE = [ "django.middleware.security.SecurityMiddleware", @@ -91,16 +85,10 @@ def RUNTIME_ENVIRONMENT(): "django.middleware.clickjacking.XFrameOptionsMiddleware", "csp.middleware.CSPMiddleware", "benefits.core.middleware.ChangedLanguageEvent", + "django.contrib.auth.middleware.AuthenticationMiddleware", + "django.contrib.messages.middleware.MessageMiddleware", ] -if ADMIN: - MIDDLEWARE.extend( - [ - "django.contrib.auth.middleware.AuthenticationMiddleware", - "django.contrib.messages.middleware.MessageMiddleware", - ] - ) - if DEBUG: MIDDLEWARE.append("benefits.core.middleware.DebugSession") @@ -162,13 +150,12 @@ def RUNTIME_ENVIRONMENT(): ] ) -if ADMIN: - template_ctx_processors.extend( - [ - "django.contrib.auth.context_processors.auth", - "django.contrib.messages.context_processors.messages", - ] - ) +template_ctx_processors.extend( + [ + "django.contrib.auth.context_processors.auth", + "django.contrib.messages.context_processors.messages", + ] +) TEMPLATES = [ { @@ -193,25 +180,21 @@ def RUNTIME_ENVIRONMENT(): # Password validation -AUTH_PASSWORD_VALIDATORS = [] +AUTH_PASSWORD_VALIDATORS = [ + { + "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", + }, + { + "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", + }, +] -if ADMIN: - AUTH_PASSWORD_VALIDATORS.extend( - [ - { - "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator", - }, - { - "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator", - }, - ] - ) # Internationalization diff --git a/benefits/urls.py b/benefits/urls.py index 39f12915f..0a5d658ec 100644 --- a/benefits/urls.py +++ b/benefits/urls.py @@ -8,6 +8,7 @@ import logging from django.conf import settings +from django.contrib import admin from django.http import HttpResponse from django.urls import include, path @@ -46,12 +47,6 @@ def test_secret(request): urlpatterns.append(path("testsecret/", test_secret)) - -if settings.ADMIN: - from django.contrib import admin - - logger.debug("Register admin urls") - urlpatterns.append(path("admin/", admin.site.urls)) - urlpatterns.append(path("google_sso/", include("django_google_sso.urls", namespace="django_google_sso"))) -else: - logger.debug("Skip url registrations for admin") +logger.debug("Register admin urls") +urlpatterns.append(path("admin/", admin.site.urls)) +urlpatterns.append(path("google_sso/", include("django_google_sso.urls", namespace="django_google_sso"))) diff --git a/docs/configuration/README.md b/docs/configuration/README.md index 9e0a29e96..ef12dcede 100644 --- a/docs/configuration/README.md +++ b/docs/configuration/README.md @@ -55,10 +55,10 @@ from django.config import settings # ... -if settings.ADMIN: - # do something when admin is enabled +if settings.DEBUG: + # do something when debug is enabled else: - # do something else when admin is disabled + # do something else when debug is disabled ``` Through the [Django model][django-model] framework, `benefits.core.models` instances are used to access the configuration data: diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md index 32701a1c0..7967ca615 100644 --- a/docs/configuration/environment-variables.md +++ b/docs/configuration/environment-variables.md @@ -48,13 +48,6 @@ If blank or an invalid key, analytics events aren't captured (though may still b ## Django -### `DJANGO_ADMIN` - -Boolean: - -- `True`: activates Django's built-in admin interface for content authoring. -- `False` (default): skips this activation. - ### `DJANGO_ALLOWED_HOSTS` !!! warning "Deployment configuration" diff --git a/docs/getting-started/README.md b/docs/getting-started/README.md index 4ddea7ce1..ac2b5475c 100644 --- a/docs/getting-started/README.md +++ b/docs/getting-started/README.md @@ -56,8 +56,7 @@ docker compose up client After initialization, the client is running running on `http://localhost:8000` by default. -If `DJANGO_ADMIN=true`, the backend administrative interface can be accessed at the `/admin` route using the superuser account -you setup as part of initialization. +The backend administrative interface can be accessed at the `/admin` route using the superuser account you setup as part of initialization. By default, sample values are used to initialize Django. Alternatively you may: diff --git a/terraform/app_service.tf b/terraform/app_service.tf index 9bc66a5da..f50175f95 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -66,7 +66,6 @@ resource "azurerm_linux_web_app" "main" { "REQUESTS_READ_TIMEOUT" = "${local.secret_prefix}requests-read-timeout)", # Django settings - "DJANGO_ADMIN" = "${local.secret_prefix}django-admin)", "DJANGO_ALLOWED_HOSTS" = "${local.secret_prefix}django-allowed-hosts)", "DJANGO_DB_DIR" = "${local.secret_prefix}django-db-dir)", "DJANGO_DEBUG" = local.is_prod ? null : "${local.secret_prefix}django-debug)", From d9b2c28c01003e2c3979b19b1ef1af8091c90d57 Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Tue, 23 Jan 2024 21:00:13 +0000 Subject: [PATCH 078/114] test(admin): update unit test assertion --- tests/pytest/core/test_admin.py | 8 ++++++++ tests/pytest/core/test_settings.py | 11 ----------- 2 files changed, 8 insertions(+), 11 deletions(-) create mode 100644 tests/pytest/core/test_admin.py delete mode 100644 tests/pytest/core/test_settings.py diff --git a/tests/pytest/core/test_admin.py b/tests/pytest/core/test_admin.py new file mode 100644 index 000000000..086d60b36 --- /dev/null +++ b/tests/pytest/core/test_admin.py @@ -0,0 +1,8 @@ +import pytest + + +@pytest.mark.django_db +def test_admin_registered(client): + response = client.get("/admin") + + assert response.status_code == 301 diff --git a/tests/pytest/core/test_settings.py b/tests/pytest/core/test_settings.py deleted file mode 100644 index 1359d43ae..000000000 --- a/tests/pytest/core/test_settings.py +++ /dev/null @@ -1,11 +0,0 @@ -import pytest - -from django.conf import settings - - -@pytest.mark.django_db -def test_admin_not_registered(client): - response = client.get("/admin") - - assert settings.ADMIN is False - assert response.status_code == 404 From 2174ac81f080d186638e942333ce3afe2fd9042e Mon Sep 17 00:00:00 2001 From: Angela Tran Date: Thu, 8 Feb 2024 22:06:45 +0000 Subject: [PATCH 079/114] feat: add script for resetting the database --- bin/reset_db.sh | 21 +++++++++++++++++++++ docs/configuration/environment-variables.md | 12 ++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 bin/reset_db.sh diff --git a/bin/reset_db.sh b/bin/reset_db.sh new file mode 100644 index 000000000..d408ae2cc --- /dev/null +++ b/bin/reset_db.sh @@ -0,0 +1,21 @@ +#!/usr/bin/env bash +set -eux + +# remove database file + +# construct the path to the database file from environment or default +DB_DIR="${DJANGO_DB_DIR:-.}" +DB_FILE="${DB_DIR}/django.db" + +# -f forces the delete (and avoids an error when the file doesn't exist) +rm -f "${DB_FILE}" + +# run database migrations + +python manage.py migrate + +# create a superuser account for backend admin access +# (set username, email, and password using environment variables +# DJANGO_SUPERUSER_USERNAME, DJANGO_SUPERUSER_EMAIL, and DJANGO_SUPERUSER_PASSWORD) + +python manage.py createsuperuser --no-input diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md index 7967ca615..305131cf3 100644 --- a/docs/configuration/environment-variables.md +++ b/docs/configuration/environment-variables.md @@ -126,6 +126,18 @@ By default the application sends logs to `stdout`. Django's primary secret, keep this safe! +### `DJANGO_SUPERUSER_EMAIL` + +The email address of the Django Admin superuser created when resetting the database. + +### `DJANGO_SUPERUSER_PASSWORD` + +The password of the Django Admin superuser created when resetting the database. + +### `DJANGO_SUPERUSER_USERNAME` + +The username of the Django Admin superuser created when resetting the database. + ### `DJANGO_TRUSTED_ORIGINS` !!! warning "Deployment configuration" From 0e0f37cf6887df3d44b603951d046bb0b9ffe600 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 13 Feb 2024 16:54:49 +0000 Subject: [PATCH 080/114] refactor(settings): consolidate template processors remove duplicate django.contrib.messages.context_processors.messages --- benefits/settings.py | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/benefits/settings.py b/benefits/settings.py index 9a0496cbe..5ece74f1d 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -134,6 +134,7 @@ def RUNTIME_ENVIRONMENT(): template_ctx_processors = [ "django.template.context_processors.request", + "django.contrib.auth.context_processors.auth", "django.contrib.messages.context_processors.messages", "benefits.core.context_processors.agency", "benefits.core.context_processors.active_agencies", @@ -150,13 +151,6 @@ def RUNTIME_ENVIRONMENT(): ] ) -template_ctx_processors.extend( - [ - "django.contrib.auth.context_processors.auth", - "django.contrib.messages.context_processors.messages", - ] -) - TEMPLATES = [ { "BACKEND": "django.template.backends.django.DjangoTemplates", From 84956df1d0b7ef6c73fe972e54ecbd3ef51a6b21 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 13 Feb 2024 17:38:56 +0000 Subject: [PATCH 081/114] test(admin): assert redirects to login page --- tests/pytest/core/test_admin.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/pytest/core/test_admin.py b/tests/pytest/core/test_admin.py index 086d60b36..e02280f50 100644 --- a/tests/pytest/core/test_admin.py +++ b/tests/pytest/core/test_admin.py @@ -3,6 +3,10 @@ @pytest.mark.django_db def test_admin_registered(client): - response = client.get("/admin") + response = client.get("/admin", follow=True) - assert response.status_code == 301 + assert response.status_code == 200 + assert ("/admin/", 301) in response.redirect_chain + assert ("/admin/login/?next=/admin/", 302) in response.redirect_chain + assert response.request["PATH_INFO"] == "/admin/login/" + assert "google_sso/login.html" in response.template_name From eeffe2ec43b5af53ae2a4f4870731dbe99579be0 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 13 Feb 2024 17:40:37 +0000 Subject: [PATCH 082/114] test(admin): pre_login_user success and failure --- benefits/core/admin.py | 10 +++++-- tests/pytest/core/test_admin.py | 52 +++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 3 deletions(-) diff --git a/benefits/core/admin.py b/benefits/core/admin.py index bd32e1369..cb468b629 100644 --- a/benefits/core/admin.py +++ b/benefits/core/admin.py @@ -12,6 +12,9 @@ logger = logging.getLogger(__name__) +GOOGLE_USER_INFO_URL = "https://www.googleapis.com/oauth2/v3/userinfo" + + for model in [ models.EligibilityType, models.EligibilityVerifier, @@ -32,13 +35,14 @@ def pre_login_user(user, request): } # Request Google user info to get name and email - url = "https://www.googleapis.com/oauth2/v3/userinfo" - response = requests.get(url, headers=headers, timeout=settings.REQUESTS_TIMEOUT) + response = requests.get(GOOGLE_USER_INFO_URL, headers=headers, timeout=settings.REQUESTS_TIMEOUT) user_data = response.json() - logger.debug(f"Updating admin user data from Google for user with email: {user_data['email']}") + logger.debug(f"Updating user data from Google for user with email: {user_data['email']}") user.first_name = user_data["given_name"] user.last_name = user_data["family_name"] user.username = user_data["email"] user.email = user_data["email"] user.save() + else: + logger.warning("google_sso_access_token not found in session.") diff --git a/tests/pytest/core/test_admin.py b/tests/pytest/core/test_admin.py index e02280f50..36bfa3434 100644 --- a/tests/pytest/core/test_admin.py +++ b/tests/pytest/core/test_admin.py @@ -1,4 +1,12 @@ import pytest +from django.contrib.auth.models import User +import benefits.core.admin +from benefits.core.admin import GOOGLE_USER_INFO_URL, pre_login_user + + +@pytest.fixture +def model_AdminUser(): + return User.objects.create(email="user@calitp.org", first_name="", last_name="", username="") @pytest.mark.django_db @@ -10,3 +18,47 @@ def test_admin_registered(client): assert ("/admin/login/?next=/admin/", 302) in response.redirect_chain assert response.request["PATH_INFO"] == "/admin/login/" assert "google_sso/login.html" in response.template_name + + +@pytest.mark.django_db +def test_pre_login_user(mocker, model_AdminUser): + assert model_AdminUser.email == "user@calitp.org" + assert model_AdminUser.first_name == "" + assert model_AdminUser.last_name == "" + assert model_AdminUser.username == "" + + response_from_google = { + "username": "admin@calitp.org", + "given_name": "Admin", + "family_name": "User", + "email": "admin@calitp.org", + } + + mocked_request = mocker.Mock() + mocked_response = mocker.Mock() + mocked_response.json.return_value = response_from_google + requests_spy = mocker.patch("benefits.core.admin.requests.get", return_value=mocked_response) + + pre_login_user(model_AdminUser, mocked_request) + + requests_spy.assert_called_once() + assert GOOGLE_USER_INFO_URL in requests_spy.call_args.args + assert model_AdminUser.email == response_from_google["email"] + assert model_AdminUser.first_name == response_from_google["given_name"] + assert model_AdminUser.last_name == response_from_google["family_name"] + assert model_AdminUser.username == response_from_google["username"] + + +@pytest.mark.django_db +def test_pre_login_user_no_session_token(mocker, model_AdminUser): + mocked_request = mocker.Mock() + mocked_request.session.get.return_value = None + logger_spy = mocker.spy(benefits.core.admin, "logger") + + pre_login_user(model_AdminUser, mocked_request) + + assert model_AdminUser.email == "user@calitp.org" + assert model_AdminUser.first_name == "" + assert model_AdminUser.last_name == "" + assert model_AdminUser.username == "" + logger_spy.warning.assert_called_once() From f394a3c5b01e1e915254b4642dbc104560b84957 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 13 Feb 2024 17:42:52 +0000 Subject: [PATCH 083/114] chore(settings): remove unused variable --- benefits/settings.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/benefits/settings.py b/benefits/settings.py index 5ece74f1d..0ce3ffdde 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -22,8 +22,6 @@ def _filter_empty(ls): # SECURITY WARNING: don't run with debug turned on in production! DEBUG = os.environ.get("DJANGO_DEBUG", "False").lower() == "true" -ADMIN = os.environ.get("DJANGO_ADMIN", "False").lower() == "true" - ALLOWED_HOSTS = _filter_empty(os.environ.get("DJANGO_ALLOWED_HOSTS", "localhost").split(",")) From 6f9ba826180eb300d2c5e927e160c615379474a6 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 13 Feb 2024 23:32:02 +0000 Subject: [PATCH 084/114] chore(config): add sample SUPERUSER env vars these have to be present in the .env file to reset the DB locally --- .env.sample | 3 +++ bin/reset_db.sh | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.env.sample b/.env.sample index d619baf55..c79424341 100644 --- a/.env.sample +++ b/.env.sample @@ -1,3 +1,6 @@ +DJANGO_SUPERUSER_USERNAME=benefits-admin +DJANGO_SUPERUSER_EMAIL=benefits-admin@calitp.org +DJANGO_SUPERUSER_PASSWORD=superuser12345! testsecret=Hello from the local environment! auth_provider_client_id=benefits-oauth-client-id courtesy_card_verifier_api_auth_key=server-auth-token diff --git a/bin/reset_db.sh b/bin/reset_db.sh index d408ae2cc..7dabf7e48 100644 --- a/bin/reset_db.sh +++ b/bin/reset_db.sh @@ -15,7 +15,7 @@ rm -f "${DB_FILE}" python manage.py migrate # create a superuser account for backend admin access -# (set username, email, and password using environment variables -# DJANGO_SUPERUSER_USERNAME, DJANGO_SUPERUSER_EMAIL, and DJANGO_SUPERUSER_PASSWORD) +# set username, email, and password using environment variables +# DJANGO_SUPERUSER_USERNAME, DJANGO_SUPERUSER_EMAIL, and DJANGO_SUPERUSER_PASSWORD python manage.py createsuperuser --no-input From 409391e6818780fdbf86c39d79311a743a304d8d Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 13 Feb 2024 23:33:24 +0000 Subject: [PATCH 085/114] feat(devcontainer): startup with the reset_db script reset_db.sh reuses the existing init.sh for other initialization --- .devcontainer/devcontainer.json | 2 +- bin/reset_db.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index db78bfbcb..7cb87f035 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -5,7 +5,7 @@ "service": "dev", "runServices": ["dev", "docs", "server"], "workspaceFolder": "/home/calitp/app", - "postStartCommand": ["/bin/bash", "bin/init.sh"], + "postStartCommand": ["/bin/bash", "bin/reset_db.sh"], "postAttachCommand": ["/bin/bash", ".devcontainer/postAttach.sh"], "customizations": { "vscode": { diff --git a/bin/reset_db.sh b/bin/reset_db.sh index 7dabf7e48..126500c3a 100644 --- a/bin/reset_db.sh +++ b/bin/reset_db.sh @@ -10,9 +10,9 @@ DB_FILE="${DB_DIR}/django.db" # -f forces the delete (and avoids an error when the file doesn't exist) rm -f "${DB_FILE}" -# run database migrations +# run database migrations and other initialization -python manage.py migrate +bin/init.sh # create a superuser account for backend admin access # set username, email, and password using environment variables From c2b074fe6d526b372720778d389530bdf8066fc3 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 13 Feb 2024 23:52:15 +0000 Subject: [PATCH 086/114] refactor(migrations): remove data migration, use local fixtures dumped the existing (prior to this deletion) data using Django manage.py, excluding some model types that are defined and recreated by other migrations: python manage.py dumpdata \ --exclude auth.permission \ --exclude auth.user \ --exclude contenttypes.contenttype > fixtures.json then cleaned up the labels/names of our sample data for consistency updates db_reset.sh to load these fixtures after migrations are run updates the Cypress tests to use the new fixture location for sample data --- benefits/core/migrations/0002_data.py | 335 -------------- benefits/core/migrations/local_fixtures.json | 453 +++++++++++++++++++ benefits/core/migrations/sample_agency.json | 9 - bin/reset_db.sh | 4 + tests/cypress/fixtures/README.md | 2 +- tests/cypress/fixtures/transit-agencies.js | 10 +- 6 files changed, 466 insertions(+), 347 deletions(-) delete mode 100644 benefits/core/migrations/0002_data.py create mode 100644 benefits/core/migrations/local_fixtures.json delete mode 100644 benefits/core/migrations/sample_agency.json mode change 100644 => 100755 bin/reset_db.sh diff --git a/benefits/core/migrations/0002_data.py b/benefits/core/migrations/0002_data.py deleted file mode 100644 index a78b8e495..000000000 --- a/benefits/core/migrations/0002_data.py +++ /dev/null @@ -1,335 +0,0 @@ -"""Data migration which loads configuration data for Benefits. -""" - -import json -import os - -from django.db import migrations - - -def load_data(app, *args, **kwargs): - EligibilityType = app.get_model("core", "EligibilityType") - - mst_senior_type = EligibilityType.objects.create( - name="senior", label="Senior Discount (MST)", group_id=os.environ.get("MST_SENIOR_GROUP_ID", "group1") - ) - mst_veteran_type = EligibilityType.objects.create( - name="veteran", - label="Veteran Discount (MST)", - group_id=os.environ.get("MST_VETERAN_GROUP_ID", "group3"), - ) - mst_courtesy_card_type = EligibilityType.objects.create( - name="courtesy_card", - label="Courtesy Card Discount (MST)", - group_id=os.environ.get("MST_COURTESY_CARD_GROUP_ID", "group2"), - ) - sacrt_senior_type = EligibilityType.objects.create( - name="senior", label="Senior Discount (SacRT)", group_id=os.environ.get("SACRT_SENIOR_GROUP_ID", "group3") - ) - sbmtd_senior_type = EligibilityType.objects.create( - name="senior", label="Senior Discount (SBMTD)", group_id=os.environ.get("SBMTD_SENIOR_GROUP_ID", "group4") - ) - sbmtd_mobility_pass_type = EligibilityType.objects.create( - name="mobility_pass", - label="Mobility Pass Discount (SBMTD)", - group_id=os.environ.get("SBMTD_MOBILITY_PASS_GROUP_ID", "group5"), - ) - - PemData = app.get_model("core", "PemData") - - mst_server_public_key = PemData.objects.create( - label="Eligibility server public key", - remote_url=os.environ.get( - "MST_SERVER_PUBLIC_KEY_URL", "https://raw.githubusercontent.com/cal-itp/eligibility-server/main/keys/server.pub" - ), - ) - - sbmtd_server_public_key = PemData.objects.create( - label="Eligibility server public key", - remote_url=os.environ.get( - "SBMTD_SERVER_PUBLIC_KEY_URL", "https://raw.githubusercontent.com/cal-itp/eligibility-server/main/keys/server.pub" - ), - ) - - client_private_key = PemData.objects.create( - text_secret_name="client-private-key", - label="Benefits client private key", - ) - - client_public_key = PemData.objects.create( - text_secret_name="client-public-key", - label="Benefits client public key", - ) - - mst_payment_processor_client_cert = PemData.objects.create( - text_secret_name="mst-payment-processor-client-cert", - label="MST payment processor client certificate", - ) - - mst_payment_processor_client_cert_private_key = PemData.objects.create( - text_secret_name="mst-payment-processor-client-cert-private-key", - label="MST payment processor client certificate private key", - ) - - mst_payment_processor_client_cert_root_ca = PemData.objects.create( - text_secret_name="mst-payment-processor-client-cert-root-ca", - label="MST payment processor client certificate root CA", - ) - - sacrt_payment_processor_client_cert = PemData.objects.create( - text_secret_name="sacrt-payment-processor-client-cert", - label="SacRT payment processor client certificate", - ) - - sacrt_payment_processor_client_cert_private_key = PemData.objects.create( - text_secret_name="sacrt-payment-processor-client-cert-private-key", - label="SacRT payment processor client certificate private key", - ) - - sacrt_payment_processor_client_cert_root_ca = PemData.objects.create( - text_secret_name="sacrt-payment-processor-client-cert-root-ca", - label="SacRT payment processor client certificate root CA", - ) - - sbmtd_payment_processor_client_cert = PemData.objects.create( - text_secret_name="sbmtd-payment-processor-client-cert", - label="SBMTD payment processor client certificate", - ) - - sbmtd_payment_processor_client_cert_private_key = PemData.objects.create( - text_secret_name="sbmtd-payment-processor-client-cert-private-key", - label="SBMTD payment processor client certificate private key", - ) - - sbmtd_payment_processor_client_cert_root_ca = PemData.objects.create( - text_secret_name="sbmtd-payment-processor-client-cert-root-ca", - label="SBMTD payment processor client certificate root CA", - ) - - AuthProvider = app.get_model("core", "AuthProvider") - - senior_auth_provider = AuthProvider.objects.create( - sign_out_button_template="core/includes/button--sign-out--login-gov.html", - sign_out_link_template="core/includes/link--sign-out--login-gov.html", - client_name=os.environ.get("SENIOR_AUTH_PROVIDER_CLIENT_NAME", "senior-benefits-oauth-client-name"), - client_id_secret_name="auth-provider-client-id", - authority=os.environ.get("AUTH_PROVIDER_AUTHORITY", "https://example.com"), - scope=os.environ.get("SENIOR_AUTH_PROVIDER_SCOPE", "verify:senior"), - claim=os.environ.get("SENIOR_AUTH_PROVIDER_CLAIM", "senior"), - scheme=os.environ.get("SENIOR_AUTH_PROVIDER_SCHEME", "dev-cal-itp_benefits"), - ) - - veteran_auth_provider = AuthProvider.objects.create( - sign_out_button_template="core/includes/button--sign-out--login-gov.html", - sign_out_link_template="core/includes/link--sign-out--login-gov.html", - client_name=os.environ.get("VETERAN_AUTH_PROVIDER_CLIENT_NAME", "veteran-benefits-oauth-client-name"), - client_id_secret_name="auth-provider-client-id", - authority=os.environ.get("AUTH_PROVIDER_AUTHORITY", "https://example.com"), - scope=os.environ.get("VETERAN_AUTH_PROVIDER_SCOPE", "verify:veteran"), - claim=os.environ.get("VETERAN_AUTH_PROVIDER_CLAIM", "veteran"), - scheme=os.environ.get("VETERAN_AUTH_PROVIDER_SCHEME", "vagov"), - ) - - EligibilityVerifier = app.get_model("core", "EligibilityVerifier") - - mst_senior_verifier = EligibilityVerifier.objects.create( - name=os.environ.get("MST_SENIOR_VERIFIER_NAME", "OAuth claims via Login.gov (MST)"), - active=os.environ.get("MST_SENIOR_VERIFIER_ACTIVE", "True").lower() == "true", - eligibility_type=mst_senior_type, - auth_provider=senior_auth_provider, - selection_label_template="eligibility/includes/selection-label--senior.html", - start_template="eligibility/start--senior.html", - ) - - mst_veteran_verifier = EligibilityVerifier.objects.create( - name=os.environ.get("MST_VETERAN_VERIFIER_NAME", "VA.gov - Veteran (MST)"), - active=os.environ.get("MST_VETERAN_VERIFIER_ACTIVE", "True").lower() == "true", - eligibility_type=mst_veteran_type, - auth_provider=veteran_auth_provider, - selection_label_template="eligibility/includes/selection-label--veteran.html", - start_template="eligibility/start--veteran.html", - ) - - mst_courtesy_card_verifier = EligibilityVerifier.objects.create( - name=os.environ.get("COURTESY_CARD_VERIFIER_NAME", "Eligibility Server Verifier"), - active=os.environ.get("COURTESY_CARD_VERIFIER_ACTIVE", "True").lower() == "true", - api_url=os.environ.get("COURTESY_CARD_VERIFIER_API_URL", "http://server:8000/verify"), - api_auth_header=os.environ.get("COURTESY_CARD_VERIFIER_API_AUTH_HEADER", "X-Server-API-Key"), - api_auth_key_secret_name="courtesy-card-verifier-api-auth-key", - eligibility_type=mst_courtesy_card_type, - public_key=mst_server_public_key, - jwe_cek_enc=os.environ.get("COURTESY_CARD_VERIFIER_JWE_CEK_ENC", "A256CBC-HS512"), - jwe_encryption_alg=os.environ.get("COURTESY_CARD_VERIFIER_JWE_ENCRYPTION_ALG", "RSA-OAEP"), - jws_signing_alg=os.environ.get("COURTESY_CARD_VERIFIER_JWS_SIGNING_ALG", "RS256"), - auth_provider=None, - selection_label_template="eligibility/includes/selection-label--mst-courtesy-card.html", - start_template="eligibility/start--mst-courtesy-card.html", - form_class="benefits.eligibility.forms.MSTCourtesyCard", - ) - - sacrt_senior_verifier = EligibilityVerifier.objects.create( - name=os.environ.get("SACRT_SENIOR_VERIFIER_NAME", "OAuth claims via Login.gov (SacRT)"), - active=os.environ.get("SACRT_SENIOR_VERIFIER_ACTIVE", "False").lower() == "true", - eligibility_type=sacrt_senior_type, - auth_provider=senior_auth_provider, - selection_label_template="eligibility/includes/selection-label--senior.html", - start_template="eligibility/start--senior.html", - ) - - sbmtd_senior_verifier = EligibilityVerifier.objects.create( - name=os.environ.get("SBMTD_SENIOR_VERIFIER_NAME", "OAuth claims via Login.gov (SBMTD)"), - active=os.environ.get("SBMTD_SENIOR_VERIFIER_ACTIVE", "False").lower() == "true", - eligibility_type=sbmtd_senior_type, - auth_provider=senior_auth_provider, - selection_label_template="eligibility/includes/selection-label--senior.html", - start_template="eligibility/start--senior.html", - ) - - sbmtd_mobility_pass_verifier = EligibilityVerifier.objects.create( - name=os.environ.get("MOBILITY_PASS_VERIFIER_NAME", "Eligibility Server Verifier"), - active=os.environ.get("MOBILITY_PASS_VERIFIER_ACTIVE", "True").lower() == "true", - api_url=os.environ.get("MOBILITY_PASS_VERIFIER_API_URL", "http://server:8000/verify"), - api_auth_header=os.environ.get("MOBILITY_PASS_VERIFIER_API_AUTH_HEADER", "X-Server-API-Key"), - api_auth_key_secret_name="mobility-pass-verifier-api-auth-key", - eligibility_type=sbmtd_mobility_pass_type, - public_key=sbmtd_server_public_key, - jwe_cek_enc=os.environ.get("MOBILITY_PASS_VERIFIER_JWE_CEK_ENC", "A256CBC-HS512"), - jwe_encryption_alg=os.environ.get("MOBILITY_PASS_VERIFIER_JWE_ENCRYPTION_ALG", "RSA-OAEP"), - jws_signing_alg=os.environ.get("MOBILITY_PASS_VERIFIER_JWS_SIGNING_ALG", "RS256"), - auth_provider=None, - selection_label_template="eligibility/includes/selection-label--sbmtd-mobility-pass.html", - start_template="eligibility/start--sbmtd-mobility-pass.html", - form_class="benefits.eligibility.forms.SBMTDMobilityPass", - ) - - PaymentProcessor = app.get_model("core", "PaymentProcessor") - - mst_payment_processor = PaymentProcessor.objects.create( - name=os.environ.get("MST_PAYMENT_PROCESSOR_NAME", "Test Payment Processor"), - api_base_url=os.environ.get("MST_PAYMENT_PROCESSOR_API_BASE_URL", "http://server:8000"), - api_access_token_endpoint=os.environ.get("MST_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_ENDPOINT", "access-token"), - api_access_token_request_key=os.environ.get("MST_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_KEY", "request_access"), - api_access_token_request_val=os.environ.get("MST_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_VAL", "REQUEST_ACCESS"), - card_tokenize_url=os.environ.get("MST_PAYMENT_PROCESSOR_CARD_TOKENIZE_URL", "http://server:8000/static/tokenize.js"), - card_tokenize_func=os.environ.get("MST_PAYMENT_PROCESSOR_CARD_TOKENIZE_FUNC", "tokenize"), - card_tokenize_env=os.environ.get("MST_PAYMENT_PROCESSOR_CARD_TOKENIZE_ENV", "test"), - client_cert=mst_payment_processor_client_cert, - client_cert_private_key=mst_payment_processor_client_cert_private_key, - client_cert_root_ca=mst_payment_processor_client_cert_root_ca, - customer_endpoint="customer", - customers_endpoint="customers", - group_endpoint="group", - ) - - sacrt_payment_processor = PaymentProcessor.objects.create( - name=os.environ.get("SACRT_PAYMENT_PROCESSOR_NAME", "Test Payment Processor"), - api_base_url=os.environ.get("SACRT_PAYMENT_PROCESSOR_API_BASE_URL", "http://server:8000"), - api_access_token_endpoint=os.environ.get("SACRT_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_ENDPOINT", "access-token"), - api_access_token_request_key=os.environ.get("SACRT_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_KEY", "request_access"), - api_access_token_request_val=os.environ.get("SACRT_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_VAL", "REQUEST_ACCESS"), - card_tokenize_url=os.environ.get("SACRT_PAYMENT_PROCESSOR_CARD_TOKENIZE_URL", "http://server:8000/static/tokenize.js"), - card_tokenize_func=os.environ.get("SACRT_PAYMENT_PROCESSOR_CARD_TOKENIZE_FUNC", "tokenize"), - card_tokenize_env=os.environ.get("SACRT_PAYMENT_PROCESSOR_CARD_TOKENIZE_ENV", "test"), - client_cert=sacrt_payment_processor_client_cert, - client_cert_private_key=sacrt_payment_processor_client_cert_private_key, - client_cert_root_ca=sacrt_payment_processor_client_cert_root_ca, - customer_endpoint="customer", - customers_endpoint="customers", - group_endpoint="group", - ) - - sbmtd_payment_processor = PaymentProcessor.objects.create( - name=os.environ.get("SBMTD_PAYMENT_PROCESSOR_NAME", "Test Payment Processor"), - api_base_url=os.environ.get("SBMTD_PAYMENT_PROCESSOR_API_BASE_URL", "http://server:8000"), - api_access_token_endpoint=os.environ.get("SBMTD_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_ENDPOINT", "access-token"), - api_access_token_request_key=os.environ.get("SBMTD_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_KEY", "request_access"), - api_access_token_request_val=os.environ.get("SBMTD_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_VAL", "REQUEST_ACCESS"), - card_tokenize_url=os.environ.get("SBMTD_PAYMENT_PROCESSOR_CARD_TOKENIZE_URL", "http://server:8000/static/tokenize.js"), - card_tokenize_func=os.environ.get("SBMTD_PAYMENT_PROCESSOR_CARD_TOKENIZE_FUNC", "tokenize"), - card_tokenize_env=os.environ.get("SBMTD_PAYMENT_PROCESSOR_CARD_TOKENIZE_ENV", "test"), - client_cert=sbmtd_payment_processor_client_cert, - client_cert_private_key=sbmtd_payment_processor_client_cert_private_key, - client_cert_root_ca=sbmtd_payment_processor_client_cert_root_ca, - customer_endpoint="customer", - customers_endpoint="customers", - group_endpoint="group", - ) - - TransitAgency = app.get_model("core", "TransitAgency") - - # load the sample data from a JSON file so that it can be accessed by Cypress as well - sample_agency_data = os.path.join(os.path.dirname(__file__), "sample_agency.json") - with open(sample_agency_data) as f: - sample_agency = json.load(f) - - mst_agency = TransitAgency.objects.create( - slug=sample_agency["slug"], - short_name=os.environ.get("MST_AGENCY_SHORT_NAME", sample_agency["short_name"]), - long_name=os.environ.get("MST_AGENCY_LONG_NAME", sample_agency["long_name"]), - agency_id=sample_agency["agency_id"], - merchant_id=sample_agency["merchant_id"], - info_url=sample_agency["info_url"], - phone=sample_agency["phone"], - active=True, - private_key=client_private_key, - public_key=client_public_key, - jws_signing_alg=os.environ.get("MST_AGENCY_JWS_SIGNING_ALG", "RS256"), - payment_processor=mst_payment_processor, - index_template="core/index--mst.html", - eligibility_index_template="eligibility/index--mst.html", - enrollment_success_template="enrollment/success--mst.html", - help_template="core/includes/help--mst.html", - ) - mst_agency.eligibility_types.set([mst_senior_type, mst_veteran_type, mst_courtesy_card_type]) - mst_agency.eligibility_verifiers.set([mst_senior_verifier, mst_veteran_verifier, mst_courtesy_card_verifier]) - - sacrt_agency = TransitAgency.objects.create( - slug="sacrt", - short_name=os.environ.get("SACRT_AGENCY_SHORT_NAME", "SacRT (sample)"), - long_name=os.environ.get("SACRT_AGENCY_LONG_NAME", "Sacramento Regional Transit (sample)"), - agency_id="sacrt", - merchant_id=os.environ.get("SACRT_AGENCY_MERCHANT_ID", "sacrt"), - info_url="https://sacrt.com/", - phone="916-321-2877", - active=os.environ.get("SACRT_AGENCY_ACTIVE", "True").lower() == "true", - private_key=client_private_key, - public_key=client_public_key, - jws_signing_alg=os.environ.get("SACRT_AGENCY_JWS_SIGNING_ALG", "RS256"), - payment_processor=sacrt_payment_processor, - index_template="core/index--sacrt.html", - eligibility_index_template="eligibility/index--sacrt.html", - enrollment_success_template="enrollment/success--sacrt.html", - ) - sacrt_agency.eligibility_types.set([sacrt_senior_type]) - sacrt_agency.eligibility_verifiers.set([sacrt_senior_verifier]) - - sbmtd_agency = TransitAgency.objects.create( - slug="sbmtd", - short_name=os.environ.get("SBMTD_AGENCY_SHORT_NAME", "SBMTD (sample)"), - long_name=os.environ.get("SBMTD_AGENCY_LONG_NAME", "Santa Barbara MTD (sample)"), - agency_id="sbmtd", - merchant_id=os.environ.get("SBMTD_AGENCY_MERCHANT_ID", "sbmtd"), - info_url="https://sbmtd.gov/taptoride/", - phone="805-963-3366", - active=os.environ.get("SBMTD_AGENCY_ACTIVE", "True").lower() == "true", - private_key=client_private_key, - public_key=client_public_key, - jws_signing_alg=os.environ.get("SBMTD_AGENCY_JWS_SIGNING_ALG", "RS256"), - payment_processor=sbmtd_payment_processor, - index_template="core/index--sbmtd.html", - eligibility_index_template="eligibility/index--sbmtd.html", - enrollment_success_template="enrollment/success--sbmtd.html", - help_template="core/includes/help--sbmtd.html", - ) - sbmtd_agency.eligibility_types.set([sbmtd_senior_type, sbmtd_mobility_pass_type]) - sbmtd_agency.eligibility_verifiers.set([sbmtd_senior_verifier, sbmtd_mobility_pass_verifier]) - - -class Migration(migrations.Migration): - dependencies = [ - ("core", "0001_initial"), - ] - - operations = [ - migrations.RunPython(load_data), - ] diff --git a/benefits/core/migrations/local_fixtures.json b/benefits/core/migrations/local_fixtures.json new file mode 100644 index 000000000..0aaf9a808 --- /dev/null +++ b/benefits/core/migrations/local_fixtures.json @@ -0,0 +1,453 @@ +[ + { + "model": "core.pemdata", + "pk": 1, + "fields": { + "label": "(MST) eligibility server public key", + "text_secret_name": null, + "remote_url": "https://raw.githubusercontent.com/cal-itp/eligibility-server/main/keys/server.pub" + } + }, + { + "model": "core.pemdata", + "pk": 2, + "fields": { + "label": "(SBMTD) eligibility server public key", + "text_secret_name": null, + "remote_url": "https://raw.githubusercontent.com/cal-itp/eligibility-server/main/keys/server.pub" + } + }, + { + "model": "core.pemdata", + "pk": 3, + "fields": { + "label": "Benefits client private key", + "text_secret_name": "client-private-key", + "remote_url": null + } + }, + { + "model": "core.pemdata", + "pk": 4, + "fields": { + "label": "Benefits client public key", + "text_secret_name": "client-public-key", + "remote_url": null + } + }, + { + "model": "core.pemdata", + "pk": 5, + "fields": { + "label": "(MST) payment processor client certificate", + "text_secret_name": "mst-payment-processor-client-cert", + "remote_url": null + } + }, + { + "model": "core.pemdata", + "pk": 6, + "fields": { + "label": "(MST) payment processor client certificate private key", + "text_secret_name": "mst-payment-processor-client-cert-private-key", + "remote_url": null + } + }, + { + "model": "core.pemdata", + "pk": 7, + "fields": { + "label": "(MST) payment processor client certificate root CA", + "text_secret_name": "mst-payment-processor-client-cert-root-ca", + "remote_url": null + } + }, + { + "model": "core.pemdata", + "pk": 8, + "fields": { + "label": "(SacRT) payment processor client certificate", + "text_secret_name": "sacrt-payment-processor-client-cert", + "remote_url": null + } + }, + { + "model": "core.pemdata", + "pk": 9, + "fields": { + "label": "(SacRT) payment processor client certificate private key", + "text_secret_name": "sacrt-payment-processor-client-cert-private-key", + "remote_url": null + } + }, + { + "model": "core.pemdata", + "pk": 10, + "fields": { + "label": "(SacRT) payment processor client certificate root CA", + "text_secret_name": "sacrt-payment-processor-client-cert-root-ca", + "remote_url": null + } + }, + { + "model": "core.pemdata", + "pk": 11, + "fields": { + "label": "(SBMTD) payment processor client certificate", + "text_secret_name": "sbmtd-payment-processor-client-cert", + "remote_url": null + } + }, + { + "model": "core.pemdata", + "pk": 12, + "fields": { + "label": "(SBMTD) payment processor client certificate private key", + "text_secret_name": "sbmtd-payment-processor-client-cert-private-key", + "remote_url": null + } + }, + { + "model": "core.pemdata", + "pk": 13, + "fields": { + "label": "(SBMTD) payment processor client certificate root CA", + "text_secret_name": "sbmtd-payment-processor-client-cert-root-ca", + "remote_url": null + } + }, + { + "model": "core.authprovider", + "pk": 1, + "fields": { + "sign_out_button_template": "core/includes/button--sign-out--login-gov.html", + "sign_out_link_template": "core/includes/link--sign-out--login-gov.html", + "client_name": "senior-benefits-oauth-client-name", + "client_id_secret_name": "auth-provider-client-id", + "authority": "https://example.com", + "scope": "verify:senior", + "claim": "senior", + "scheme": "dev-cal-itp_benefits" + } + }, + { + "model": "core.authprovider", + "pk": 2, + "fields": { + "sign_out_button_template": "core/includes/button--sign-out--login-gov.html", + "sign_out_link_template": "core/includes/link--sign-out--login-gov.html", + "client_name": "veteran-benefits-oauth-client-name", + "client_id_secret_name": "auth-provider-client-id", + "authority": "https://example.com", + "scope": "verify:veteran", + "claim": "veteran", + "scheme": "vagov" + } + }, + { + "model": "core.eligibilitytype", + "pk": 1, + "fields": { + "name": "senior", + "label": "(MST) Senior Discount", + "group_id": "group123" + } + }, + { + "model": "core.eligibilitytype", + "pk": 2, + "fields": { + "name": "veteran", + "label": "(MST) Veteran Discount", + "group_id": "group123" + } + }, + { + "model": "core.eligibilitytype", + "pk": 3, + "fields": { + "name": "courtesy_card", + "label": "(MST) Courtesy Card Discount", + "group_id": "group123" + } + }, + { + "model": "core.eligibilitytype", + "pk": 4, + "fields": { + "name": "senior", + "label": "(SacRT) Senior Discount", + "group_id": "group123" + } + }, + { + "model": "core.eligibilitytype", + "pk": 5, + "fields": { + "name": "senior", + "label": "(SBMTD) Senior Discount", + "group_id": "group123" + } + }, + { + "model": "core.eligibilitytype", + "pk": 6, + "fields": { + "name": "mobility_pass", + "label": "(SBMTD) Mobility Pass Discount", + "group_id": "group123" + } + }, + { + "model": "core.eligibilityverifier", + "pk": 1, + "fields": { + "name": "(MST) oauth claims via Login.gov", + "active": true, + "api_url": null, + "api_auth_header": null, + "api_auth_key_secret_name": null, + "eligibility_type": 1, + "public_key": null, + "jwe_cek_enc": null, + "jwe_encryption_alg": null, + "jws_signing_alg": null, + "auth_provider": 1, + "selection_label_template": "eligibility/includes/selection-label--senior.html", + "start_template": "eligibility/start--senior.html", + "form_class": null + } + }, + { + "model": "core.eligibilityverifier", + "pk": 2, + "fields": { + "name": "(MST) VA.gov - veteran", + "active": true, + "api_url": null, + "api_auth_header": null, + "api_auth_key_secret_name": null, + "eligibility_type": 2, + "public_key": null, + "jwe_cek_enc": null, + "jwe_encryption_alg": null, + "jws_signing_alg": null, + "auth_provider": 2, + "selection_label_template": "eligibility/includes/selection-label--veteran.html", + "start_template": "eligibility/start--veteran.html", + "form_class": null + } + }, + { + "model": "core.eligibilityverifier", + "pk": 3, + "fields": { + "name": "(MST) eligibility server verifier", + "active": true, + "api_url": "http://server:8000/verify", + "api_auth_header": "X-Server-API-Key", + "api_auth_key_secret_name": "courtesy-card-verifier-api-auth-key", + "eligibility_type": 3, + "public_key": 1, + "jwe_cek_enc": "A256CBC-HS512", + "jwe_encryption_alg": "RSA-OAEP", + "jws_signing_alg": "RS256", + "auth_provider": null, + "selection_label_template": "eligibility/includes/selection-label--mst-courtesy-card.html", + "start_template": "eligibility/start--mst-courtesy-card.html", + "form_class": "benefits.eligibility.forms.MSTCourtesyCard" + } + }, + { + "model": "core.eligibilityverifier", + "pk": 4, + "fields": { + "name": "(SacRT) oauth claims via Login.gov", + "active": false, + "api_url": null, + "api_auth_header": null, + "api_auth_key_secret_name": null, + "eligibility_type": 4, + "public_key": null, + "jwe_cek_enc": null, + "jwe_encryption_alg": null, + "jws_signing_alg": null, + "auth_provider": 1, + "selection_label_template": "eligibility/includes/selection-label--senior.html", + "start_template": "eligibility/start--senior.html", + "form_class": null + } + }, + { + "model": "core.eligibilityverifier", + "pk": 5, + "fields": { + "name": "(SBMTD) oauth claims via Login.gov", + "active": false, + "api_url": null, + "api_auth_header": null, + "api_auth_key_secret_name": null, + "eligibility_type": 5, + "public_key": null, + "jwe_cek_enc": null, + "jwe_encryption_alg": null, + "jws_signing_alg": null, + "auth_provider": 1, + "selection_label_template": "eligibility/includes/selection-label--senior.html", + "start_template": "eligibility/start--senior.html", + "form_class": null + } + }, + { + "model": "core.eligibilityverifier", + "pk": 6, + "fields": { + "name": "(SBMTD) eligibility server verifier", + "active": true, + "api_url": "http://server:8000/verify", + "api_auth_header": "X-Server-API-Key", + "api_auth_key_secret_name": "mobility-pass-verifier-api-auth-key", + "eligibility_type": 6, + "public_key": 2, + "jwe_cek_enc": "A256CBC-HS512", + "jwe_encryption_alg": "RSA-OAEP", + "jws_signing_alg": "RS256", + "auth_provider": null, + "selection_label_template": "eligibility/includes/selection-label--sbmtd-mobility-pass.html", + "start_template": "eligibility/start--sbmtd-mobility-pass.html", + "form_class": "benefits.eligibility.forms.SBMTDMobilityPass" + } + }, + { + "model": "core.paymentprocessor", + "pk": 1, + "fields": { + "name": "(MST) test payment processor", + "api_base_url": "http://server:8000", + "api_access_token_endpoint": "access-token", + "api_access_token_request_key": "request_access", + "api_access_token_request_val": "REQUEST_ACCESS", + "card_tokenize_url": "http://server:8000/static/tokenize.js", + "card_tokenize_func": "tokenize", + "card_tokenize_env": "test", + "client_cert": 5, + "client_cert_private_key": 6, + "client_cert_root_ca": 7, + "customer_endpoint": "customer", + "customers_endpoint": "customers", + "group_endpoint": "group" + } + }, + { + "model": "core.paymentprocessor", + "pk": 2, + "fields": { + "name": "(SacRT) test payment processor", + "api_base_url": "http://server:8000", + "api_access_token_endpoint": "access-token", + "api_access_token_request_key": "request_access", + "api_access_token_request_val": "REQUEST_ACCESS", + "card_tokenize_url": "http://server:8000/static/tokenize.js", + "card_tokenize_func": "tokenize", + "card_tokenize_env": "test", + "client_cert": 8, + "client_cert_private_key": 9, + "client_cert_root_ca": 10, + "customer_endpoint": "customer", + "customers_endpoint": "customers", + "group_endpoint": "group" + } + }, + { + "model": "core.paymentprocessor", + "pk": 3, + "fields": { + "name": "(SBMTD) test payment processor", + "api_base_url": "http://server:8000", + "api_access_token_endpoint": "access-token", + "api_access_token_request_key": "request_access", + "api_access_token_request_val": "REQUEST_ACCESS", + "card_tokenize_url": "http://server:8000/static/tokenize.js", + "card_tokenize_func": "tokenize", + "card_tokenize_env": "test", + "client_cert": 11, + "client_cert_private_key": 12, + "client_cert_root_ca": 13, + "customer_endpoint": "customer", + "customers_endpoint": "customers", + "group_endpoint": "group" + } + }, + { + "model": "core.transitagency", + "pk": 1, + "fields": { + "slug": "mst", + "short_name": "MST (local)", + "long_name": "Monterey-Salinas Transit (local)", + "agency_id": "mst", + "merchant_id": "mst", + "info_url": "https://mst.org/benefits", + "phone": "888-678-2871", + "active": true, + "payment_processor": 1, + "private_key": 3, + "public_key": 4, + "jws_signing_alg": "RS256", + "index_template": "core/index--mst.html", + "eligibility_index_template": "eligibility/index--mst.html", + "enrollment_success_template": "enrollment/success--mst.html", + "help_template": "core/includes/help--mst.html", + "eligibility_types": [1, 2, 3], + "eligibility_verifiers": [1, 2, 3] + } + }, + { + "model": "core.transitagency", + "pk": 2, + "fields": { + "slug": "sacrt", + "short_name": "SacRT (local)", + "long_name": "Sacramento Regional Transit (local)", + "agency_id": "sacrt", + "merchant_id": "sacrt", + "info_url": "https://sacrt.com/", + "phone": "916-321-2877", + "active": true, + "payment_processor": 2, + "private_key": 3, + "public_key": 4, + "jws_signing_alg": "RS256", + "index_template": "core/index--sacrt.html", + "eligibility_index_template": "eligibility/index--sacrt.html", + "enrollment_success_template": "enrollment/success--sacrt.html", + "help_template": null, + "eligibility_types": [4], + "eligibility_verifiers": [4] + } + }, + { + "model": "core.transitagency", + "pk": 3, + "fields": { + "slug": "sbmtd", + "short_name": "SBMTD (local)", + "long_name": "Santa Barbara MTD (local)", + "agency_id": "sbmtd", + "merchant_id": "sbmtd", + "info_url": "https://sbmtd.gov/taptoride/", + "phone": "805-963-3366", + "active": true, + "payment_processor": 3, + "private_key": 3, + "public_key": 4, + "jws_signing_alg": "RS256", + "index_template": "core/index--sbmtd.html", + "eligibility_index_template": "eligibility/index--sbmtd.html", + "enrollment_success_template": "enrollment/success--sbmtd.html", + "help_template": "core/includes/help--sbmtd.html", + "eligibility_types": [5, 6], + "eligibility_verifiers": [5, 6] + } + } +] diff --git a/benefits/core/migrations/sample_agency.json b/benefits/core/migrations/sample_agency.json deleted file mode 100644 index 6060e4980..000000000 --- a/benefits/core/migrations/sample_agency.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "slug": "mst", - "short_name": "MST (sample)", - "long_name": "Monterey-Salinas Transit (sample)", - "agency_id": "mst", - "merchant_id": "mst", - "info_url": "https://mst.org/benefits", - "phone": "888-678-2871" -} diff --git a/bin/reset_db.sh b/bin/reset_db.sh old mode 100644 new mode 100755 index 126500c3a..b852e5586 --- a/bin/reset_db.sh +++ b/bin/reset_db.sh @@ -19,3 +19,7 @@ bin/init.sh # DJANGO_SUPERUSER_USERNAME, DJANGO_SUPERUSER_EMAIL, and DJANGO_SUPERUSER_PASSWORD python manage.py createsuperuser --no-input + +# load sample data fixtures + +python manage.py loaddata benefits/core/migrations/local_fixtures.json diff --git a/tests/cypress/fixtures/README.md b/tests/cypress/fixtures/README.md index 5fc857fec..023e67a56 100644 --- a/tests/cypress/fixtures/README.md +++ b/tests/cypress/fixtures/README.md @@ -1 +1 @@ -The [user data](users.json) corresponds to [the sample data for the eligibility server](https://github.com/cal-itp/eligibility-server/blob/dev/data/server.json). +The [user data](users.json) corresponds to [the sample data for the eligibility server](https://github.com/cal-itp/eligibility-server/blob/main/data/server.csv). diff --git a/tests/cypress/fixtures/transit-agencies.js b/tests/cypress/fixtures/transit-agencies.js index 6a9843f2e..7f30e7cfc 100644 --- a/tests/cypress/fixtures/transit-agencies.js +++ b/tests/cypress/fixtures/transit-agencies.js @@ -1,4 +1,10 @@ -const agency = require("../../../benefits/core/migrations/sample_agency.json"); -const agencies = [{ fields: agency }]; +// extract the "fields" object from the first TransitAgency model fixture + +const local_fixtures = require("../../../benefits/core/migrations/local_fixtures.json"); +const local_agencies = local_fixtures.filter( + (fixture) => fixture.model == "core.transitagency", +); +const first_agency_model = local_agencies[0]; +const agencies = [{ fields: first_agency_model.fields }]; export default agencies; From 4bac3798e7fd73717f0efb4c51e9c7a5d5b0e581 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 13 Feb 2024 16:14:38 -0800 Subject: [PATCH 087/114] fix(tests): container startup script specifically for Cypress --- .github/workflows/tests-cypress.yml | 3 ++- bin/test_start.sh | 9 +++++++++ docs/tests/automated-tests.md | 16 +++++++++++----- 3 files changed, 22 insertions(+), 6 deletions(-) create mode 100755 bin/test_start.sh diff --git a/.github/workflows/tests-cypress.yml b/.github/workflows/tests-cypress.yml index eaaa1f222..ee8bfb7ba 100644 --- a/.github/workflows/tests-cypress.yml +++ b/.github/workflows/tests-cypress.yml @@ -16,7 +16,8 @@ jobs: - name: Start app run: | cp .env.sample .env - docker compose up --detach client server + docker compose up --detach server + docker compose run --detach --service-ports client bin/test_start.sh - name: Run Cypress tests uses: cypress-io/github-action@v6 diff --git a/bin/test_start.sh b/bin/test_start.sh new file mode 100755 index 000000000..12c0ebeef --- /dev/null +++ b/bin/test_start.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash +set -eux + +# container startup script specifically for running Cypress tests +# needs to reset the DB with sample data and then start the app normally + +bin/reset_db.sh + +bin/start.sh diff --git a/docs/tests/automated-tests.md b/docs/tests/automated-tests.md index f8062b93d..1b4e6e894 100644 --- a/docs/tests/automated-tests.md +++ b/docs/tests/automated-tests.md @@ -21,25 +21,31 @@ will install `cypress` and its dependencies on your machine. Make sure to run th If not, [install Node.js](https://nodejs.org/en/download/) locally. -2. Start the the application container: +1. Start the local eligibility verification server: ```bash - docker compose up -d client + docker compose up --detach server ``` -3. Change into the `cypress` directory: +1. Start the the application: + + ```bash + docker compose run --detach --service-ports client bin/test_start.sh + ``` + +1. Change into the `cypress` directory: ```bash cd tests/cypress ``` -4. Install all packages and `cypress`. Verify `cypress` installation succeeds: +1. Install all packages and `cypress`. Verify `cypress` installation succeeds: ```bash npm install ``` -5. Run `cypress` with test environment variables and configuration variables: +1. Run `cypress` with test environment variables and configuration variables: ```bash CYPRESS_baseUrl=http://localhost:8000 npm run cypress:open From 5956e1cf11d780eaa4ad4b0baa35c477c05d8644 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Wed, 14 Feb 2024 15:47:00 -0800 Subject: [PATCH 088/114] Update README.md removed directive from Mermaid chart I used custom styling for the roadmap timeline diagram. mkdocs is not displaying it correctly when published. I've removed the code that constitutes the directive to see if it mkdocs renders the diagram as expected. --- docs/enrollment-pathways/README.md | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/docs/enrollment-pathways/README.md b/docs/enrollment-pathways/README.md index a06298f5a..0a720e28d 100644 --- a/docs/enrollment-pathways/README.md +++ b/docs/enrollment-pathways/README.md @@ -17,22 +17,6 @@ See our [Milestones][milestones] for current work tracked against specific featu See our Product Roadmap for more information on planned feature development and prioritization. ```mermaid -%%{ - init: { - 'logLevel': 'debug', - 'theme': 'default' , - 'themeVariables': { - 'cScale0': '#ffa500', 'cScaleLabel0': '#000000', - 'cScale1': '#ffff00', 'cScaleLabel1': '#000000', - 'cScale2': '#ffff00', 'cScaleLabel2': '#000000', - 'cScale3': '#008000', 'cScaleLabel3': '#ffffff', - 'cScale4': '#0000ff', 'cScaleLabel4': '#ffffff', - 'cScale5': '#4b0082', 'cScaleLabel5': '#ffffff', - 'cScale6': '#000000', 'cScaleLabel6': '#ffffff' - } - } -}%% - timeline --- title Cal-ITP Benefits Product Roadmap @@ -71,6 +55,7 @@ title Cal-ITP Benefits Product Roadmap : Support for multiple payment processors : Integration with all MSA payment processors ``` + [board]: https://github.com/orgs/cal-itp/projects/8/views/1 [milestones]: https://github.com/cal-itp/benefits/milestones [roadmap]: https://docs.google.com/document/d/1IFoa8Ye0IXwGXXwxFjMrm1s3617Dbv6l-E-aCB0kgnA/edit# From f9cc62aaf8789c497f78319dcc61858e34463479 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Wed, 14 Feb 2024 16:01:03 -0800 Subject: [PATCH 089/114] Update low-income.md changed ordered list markdown to all 1s The ordered list under basic flow isn't presenting sequence correctly. Instead of adding an order to elements in the list, I've changed all numbering to one so the elements are ordered when they are presented. --- docs/enrollment-pathways/low-income.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/enrollment-pathways/low-income.md b/docs/enrollment-pathways/low-income.md index 90dbd3bc6..ced5deada 100644 --- a/docs/enrollment-pathways/low-income.md +++ b/docs/enrollment-pathways/low-income.md @@ -11,6 +11,7 @@ This use case describes a feature in the Cal-ITP Benefits app that allows Califo **Precondition:** The California transit operator offers fixed route service, has installed and tested validator hardware necessary to collect fares using contactless payment on bus or rail lines, and the operator has a policy in place to offer a transit discount to low-income riders. ## Basic Flow + ```mermaid sequenceDiagram autonumber @@ -46,23 +47,24 @@ Littlepay-->>Benefits: payment method enrollment confirmation deactivate Littlepay deactivate Benefits ``` + 1. The transit rider visits the web application at `benefits.calitp.org` in a browser on their desktop computer. -2. The transit rider chooses the transit operator that serves their area. +1. The transit rider chooses the transit operator that serves their area. -3. The transit rider chooses to verify their eligibility as a participant in the [CalFresh Program](https://www.cdss.ca.gov/food-nutrition/calfresh). +1. The transit rider chooses to verify their eligibility as a participant in the [CalFresh Program](https://www.cdss.ca.gov/food-nutrition/calfresh). -4. The transit rider authenticates with their existing [Login.gov](Login.gov) account or, if they don’t have one, creates a [Login.gov](Login.gov) account. +1. The transit rider authenticates with their existing [Login.gov](Login.gov) account or, if they don’t have one, creates a [Login.gov](Login.gov) account. -5. The Cal-ITP Benefits app interfaces with the [California Department of Technology Identity Gateway](https://digitalidstrategy.cdt.ca.gov/primary-elements.html) (IdG) to verify benefit eligibility. The IdG uses personal information shared by [Login.gov](Login.gov) to verify CalFresh participation status. +1. The Cal-ITP Benefits app interfaces with the [California Department of Technology Identity Gateway](https://digitalidstrategy.cdt.ca.gov/primary-elements.html) (IdG) to verify benefit eligibility. The IdG uses personal information shared by [Login.gov](Login.gov) to verify CalFresh participation status. -6. The IdG uses the response provided by the California Department of Social Services (CDSS) to determine the rider’s eligibility for a transit benefit. +1. The IdG uses the response provided by the California Department of Social Services (CDSS) to determine the rider’s eligibility for a transit benefit. -7. The IdG then passes the response from CDSS as low-income status = TRUE to the Cal-ITP Benefits app to indicate the person is eligible for a benefit. +1. The IdG then passes the response from CDSS as low-income status = TRUE to the Cal-ITP Benefits app to indicate the person is eligible for a benefit. -8. The transit rider provides the debit or credit card details they use to pay for transit to Littlepay, the payment processor that facilitates transit fare collection. +1. The transit rider provides the debit or credit card details they use to pay for transit to Littlepay, the payment processor that facilitates transit fare collection. -9. The app registers the low-income benefit with the transit rider’s debit or credit card. +1. The app registers the low-income benefit with the transit rider’s debit or credit card. ## Alternative Flows From a00f70ffdf9fc2638f1ff0dc57abed15bee9a5a1 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Wed, 14 Feb 2024 23:54:51 +0000 Subject: [PATCH 090/114] fix(docs): clean up front-matter front-matter should be in the form of --- key: value --- this adds the colon to the title key --- docs/enrollment-pathways/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/enrollment-pathways/README.md b/docs/enrollment-pathways/README.md index 0a720e28d..54a726910 100644 --- a/docs/enrollment-pathways/README.md +++ b/docs/enrollment-pathways/README.md @@ -19,7 +19,7 @@ See our Product Roadmap for more information on planned feature development and ```mermaid timeline --- -title Cal-ITP Benefits Product Roadmap +title: Cal-ITP Benefits Product Roadmap ---- %% Cal-ITP Benefits Epics (2024) section 2024 From 22c7938293381fdb0a2823f2358d341513bcc201 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 15 Feb 2024 00:27:52 +0000 Subject: [PATCH 091/114] docs(roadmap): use an image for now there seem to be many interrelated issues with material mkdocs mermaid support and the mermaid timeline diagram type which are preventing this chart from rendering correctly in the deployed version of the docs site --- docs/enrollment-pathways/README.md | 40 +---------------------- docs/enrollment-pathways/img/roadmap.png | Bin 0 -> 113095 bytes 2 files changed, 1 insertion(+), 39 deletions(-) create mode 100644 docs/enrollment-pathways/img/roadmap.png diff --git a/docs/enrollment-pathways/README.md b/docs/enrollment-pathways/README.md index 54a726910..2d46283f7 100644 --- a/docs/enrollment-pathways/README.md +++ b/docs/enrollment-pathways/README.md @@ -16,45 +16,7 @@ See our [Milestones][milestones] for current work tracked against specific featu See our Product Roadmap for more information on planned feature development and prioritization. -```mermaid -timeline ---- -title: Cal-ITP Benefits Product Roadmap ----- -%% Cal-ITP Benefits Epics (2024) - section 2024 - - Q1
Now - : Benefits admin tool (Foundation) - %%: SacRT - Launch Older Adults enrollment pathway - : SBMTD - Launch Mobility Pass enrollment pathway - : Release low-income riders enrollment pathway - : Migrate to Littlepay Backoffice API - - Q2
Next - : Benefits admin tool (Agency configuration) - : Release enhancements to Veterans pathway - : Support for expiring benefits (low-income) - - Q3
Planned - : Benefits admin tool (Agency users) - : Benefits admin tool (In-person eligibility verification) - : Release Medicare cardholder enrollment pathway - - Q4
Planned - : Release riders with disabilities enrollment pathway - -%% Cal-ITP Benefits Epics (2025) - section 2025 - - Q1 - : Support benefits reciprocity between CA transit agencies - : Implement evolved organizing principles for app UX - - Q2 - : Support for multiple payment processors - : Integration with all MSA payment processors -``` +![Cal-ITP Benefits Product Roadmap](img/roadmap.png) [board]: https://github.com/orgs/cal-itp/projects/8/views/1 [milestones]: https://github.com/cal-itp/benefits/milestones diff --git a/docs/enrollment-pathways/img/roadmap.png b/docs/enrollment-pathways/img/roadmap.png new file mode 100644 index 0000000000000000000000000000000000000000..aa03d31e97891d0970186c19ccfa1c21bba85bc2 GIT binary patch literal 113095 zcmeFYWmJ^?7cPuqfPi2C3X)2ff`GIjf^>H&(%nd_fRupJozmSMlF~VJ2r_gI-DmUv zuk-zUIcL3Rop;vrEQgtU?z!*%+rMjH*R}Wf$x4gj+#$MyhK7bC_D)zH4eh2W8XCGN z#&vk54?C&@{=u|*r)GRBYvK=TCN;-k}_;jm5r`nE=@9HuA{&{6h z&1kL~+sl`w=9A?V6cqZW{stw-Q&qMo-B4;N@iI94(*0=rgVWA{D4F?qaT=cPbhW*) zu`#F0FT(^U>Q}E+F^XJ|ZA!*9hYg(TW{h4sJ2`oO`^I55);~U8rC4yEjI6fW z8FQWYSMin0i*4qbymNCIS1f60GCG;CKZ}dPM#+51#l;oNX*pAA{V^GT%h%V}?eu_2 zr@q#BDE(vGcjK8_r`E_qS;OAA@xl+DwW@jQ>~w--RkntblHEOghHE2vX*WLnYYU_f z&3abzD6q|9x*CU=BX_|*q@_hzzk{9KsQ)iAQpbJXkH(H$tK+cRoJ7EVil3i0yu`4t zt-T$K0&e389-gcSlD;=s;Nob~vLRegqE7pAIW_n$oasaJH>6fJPv2a#&+hK7H(oIR ziBZ{o}^Mhmbg7JFhxVYN^! zHgu|aBc8W$Nx5wF&W?5H^0L59+i9jQW#om{h|<6B78{&yM!j zMo06tYT~r#+sQm~wQ3Ij{CwKAa?H?OW;(jiV9z}*O6H~rtK}4!k+JmkCYJyB`QFNq zysH&Yi7I0NAq(u5YE~Sed50A^r zU>aN+v-uZ|Qlp&_4a=+q0XjN5US8MT#hy+__pS)0H$HdsR<)AS3|8;6u(0U6%HGG< z>|-4E!hEngob{ANJ#Qo|EG(2pW^=lxA}Q&$_T}%}WTlV}rOkR%Wr~3c7BT09%4b__ zCu;=_2kYah>sy7ot^TBZ&XBvTPR3}N&;N7Z<$yYH`3$4qNq7z*f0gqw?_NFNw1;tA zw(duBw~f;fCR*iYs0Z)z{M-Gvi=kDLC0*o3-uZL)u|@n@p5uEpp7v z%s_fD&plY(Kk*@RA9Ht0D2Sv^EMkB8y_#P_)+(L8XB6@Ta#bDe36Rf z*qA6Y-I}RGUK_KuvAMW7-O??NEiEmDOUp=4hnrnRzbPB=yQ`MuLD^ z`GV1|RLjchYHl7LjXY)jY~=d-`symZ*PouAp1!_{aWj+?ZC;pzqm`AFqoYb)N~^A4 zP*A-MQry5G9bpnKGLQqCZ|E=x2wVc_c64;8si|#lZX$A2EQd4Y z#P}alw7_!~o%*=&aOB$BWRjp~2sYy9&z~R4)YBSpZh4+}8GrKlu@fxN`nuWe+qcQc5=8=u zoSdCaHlt!<;B@1|!-|jz-1e(sztj}ube6iiyV(qTpFMkabadqP?c0QoA+u(s)&44C zYHBJeDaoKGhU=A)qF6|1DD0Q5g@uK$U$3uV;orZXGD^tLREP44Z1^MO+XdCH-j$1v zuA{m6DI=rgYWrJ`d(LhF1Waw;9}i{9Jw+VA+12Y^t85$%4VM7? z+)y1fP>;h$i38hIblmpCRkZ2s@Y=tA{R+`_-AAYZFm~?u_V#L3+dXDC2^$W1TWq@| ztv^92CMLEroE5rvm?@X4?Su^f_3Ih3|CZayUNo;$F`n*tu|Cv&rHy(kC~H`RcPKV% zw(9NIMmpADsYY_ub`vkpX!!WF$^s%IRSq|&0g*LH*{EMah~RoO%FTX`dinTtVK#-z z@YBtnlfJV0yF8Ezc~WS%BA?YZ)8OIZ^boCMyu=U=ciUT*Lp=Hd0KlYCes$G=PjZT4 zy>VP6kg~qM7)WghVHCH$$<9CPgSAna&1d(Ch_b82F(|G!ZKSrdnD&#GM*Y6`o+?f* zEG}A1lp0T#oBR3sWrtK)&H|yB>r~(Q``h#B)2B*(IL>D=aG-l8#SL1F$<9I>$>NZa3ow zKjC5pGSg4;;K2hz7VWd$K7lTZAiNYP??dTQIXVsQa`^UgW255(1J;nsI<7n3ap8}! zzX2jjMzg;4H;_)`uLF!i=00(EcekuRHjta^!WB5%22iB$qxB08?hAnLM|H7G-nQ+0 zP!Bi=;1ulZt6KQ}3w;&b=*s$dNg9ROwJ^<}DmT#3I-4P+;SUHtefl(}f*yu_s~N)1 zW4HVqR#vOV!ELvPvs0%JP#L>99&$Lw%dbmXr$vF!IC=8x@Ams_4G(pMMXzfK_y=q%3%11 zP9ZEU-3xWoY?fLR<7Z6F3D86)_0o6vWEd2v-QCNr%Zmb;M1BYu<8O+HBB=Lu+f7)+ zoED|QxL$Ywp77KaNZN*Jp1u%*L(qwz*0RCSz#xIw$)+QOsiK3D8*;=RZcK8%Z$xtvX|%adNC^9}0iQuRa~?el z8wkqQWW^Rhl}^4stv1li@PLCXO+d9P4$Q2jzI>C3f?}?ukKbj^n{Yj6NXQrPWp88B z5!g-k(QAwkCF4O)xKN!81y6WC^}DxMR#tvNzkPA^FF0F)5{fF2&bhg{R$+kyoh2%X zh+NGo`5?GGf&e6tuy`KFe7yPj)_`W8tB4BuwzRZx&U|{x%d5G+0O1CJQ^=5J+WQn5 z8VZoauiJug`ao%%k@o4+e@8q2fRxF#-bP*1uChtXOhuQay?+Dkwf9xk4GVx%kC@S) zHKOA(s+VR$zCx|b_A%&<%R19qURoMWe&aKer@`Q|UZ7F2+4u#$LVdHQ8wyo#0v`j* z2%yZfXToJYAyg9e7bm7pFUZONu4E)aWp zBZ1err#k}#FnwwLhpl5Sz12DNA zPCF`{Qd3dE*Y=okbeRJC1kb?Ho*)xc-u`!A_-)L=L)M=AFdZe18%%soo87^W}$3rW;GA$!RChEE1@fl$8 z+HjTv&`Tscb*S;l-U=orW+zG7V-ZD$^YimJZ{BEWYTDQWqlwor8ha+^77w71Vy2f| z3ZVzO)f>&$?q2waLRe7n%lSKIxZl%0kBg@))z#Jfs6S7kRx1U)N5O7k)F_uMOD&cW zwy{CgI_*kQhXw>lynE+svKP9yx5qi_s(}CbIxT74BPd4V_J>&@b2!fxJtnx!ba-IuS&>-BZVju1O)-9s7#J@vf#-RZbg6%4B zy3U4tlPVG@U#7?Jc2ZiL-47KUAYc4<;J8@=q&zSTFFZ)e-(PP6G=@5=uybhxa`YGg zGoMwE;X|&jUL_tgT>kMOkHflbdHEQK8CHcK+~n^(GJgH4y*ODLB)J$K9!7RW_Qi22 zU<{NP%4FpojTL=F)^ODX*5mRVbs!o{>h>>?^H=f{sI>KP^FaLxcT+e8?fGxqxbeq>L7)b31xVv# z>~8?*BUuVGz`1(A-6iACJ(C1A3YzN}_UhWca}MI9i>0AEmQ$v_;k<`)miJ)nV=&)A zRBhdA9IUky$e3T$^VZhZup`4yDZ_oPFoWx02}&E6e&@p#?LCOtjQgqiipl$uad@%; zTM%e?u6kLg8ApM7nF$~UD(I>_4^N3~^6Dr97c}`JqEAK!632YvrGAc=bUe3I+$%YH zNpbPcl(zv3KVR9{*ub7WhCd@ zV>Scfw{Nc`GRTdDgalYV)du&vGb3SPVMWETDaofaG@_3Us;a8YCrZWc{8Ug-0KjE5 zq=gDe#$gs!Y#zfZSZOu)6>q+3DS?>H;QN44sd`?GCLoSRQbNN8jd7%NVJJ4QhY|9mR?Yhp2+ zK?OcClP(o2lqf(!A;=Z92*r78ZjJ(RM%5|8U{Io#e}F|HBqVg}?h{%TkY{c{vOrlz z5Wv3WvzU72=;-M5j#s}1nO98q~ka!x@+GoiBJP06{FZ z+fCqHY;IjWbV7dKlt6-X;Bnkk%r^!T@XnLxEqgVtYOHma&8AtUqH{`>nb3HLj6`OM7}7Z;bv?G{=HMgEmY?4%%e zb9D_vk9@-Ks;U;+051_Ts*-zH0p-^LK4Bvq1qKCF`3|xltGZ)A(T=wup1Im}>h;_7 z8P@lNGEW`{0=Sa~HyXVJcE-laDv!9E`3SfqncLpL(_mgoFAQvKNPxljlp&d!nINxN z)QW|xWrIn0IN)G46kKX2W)tjdZBzxXUcL)Nd#` zv!_2Dph{ z?cpQ}4CY1oYGzHsy~|+=ff50wnV~rZ1PNAKhE)7Dsg?|e^mi8eh}65da;T(5Mi_=dPIH|8c*}VUw)cA;e1dOz$G7oFA#SHGNYA;~Qz%=fFQZtsf^iEj~t!T|j*na6KyA@d(>>jz|V=!_^ofHmjz8NYFuSSxdqB z{+>3uuEgYg>*|*mAPp+Zgl8kvNrd{H3>3+<10_v>Wpv3isV)^SAkFW&=1yRPS zW?3NnAmoltkoyPA18??ISnBo$LB_BLoq534`E~SqFkg!&bs&?M4fs?+98(%F)Xp1o zpo&nl;3X|XX#&-J^{}x~L}$+IWkw2)6Th-bS{2%vvhBOldcCh@5_r|VdZKUZT$uxR z(uh895G+*;t?h#{Js4WStl@9#oK#ct?$8Ta!lD(CmF>SWW6lsDp@49?pYM-C^#qG& zt}}XpS-Unf*AtlgBrbPSZgXaJK5d!h>`Z<7aFQT;m4|VIg942b z11T>3R~{Fx-c%T!g5X-BZec&#{_BZ*HM}$D|LQVtftET@ z@KG$#u7k<~j>Mp@iHV80xOj90_VrE0|HkA2QhLPJfxIbK4;%gakmP0hg2rN^oU z<*7BLx<|FCsF;9JRd%>AVAkzWOAUeE^&>HH7D%fE>v&Ba5xWVkz+jSFP*9Lm%uA=`WFL_Dzp!;XJt6wBmi1XN8E-nKr|Uq^ zAFLH<)ud}OX1n|}(W&zGHKFA{bznF+ji5m8F$-awQm9xy7-Y-m>0xw+Zh z-A5>Eg3`}JXB!+4lS%@F$L)hR9E*#KS7g6Em@GIbNLogwudgpM=p8$O@r%gA#>PgW zf-94$bL~Fnby=JL20Z(THWb%Px=smQuwfu?BNF#tAnx~jL>%>Vt{4?yGhfM!P1 zmD~#h6O%66t$5sQrdYoV+{S0;>3zMu39R~^U^_72u&6YxdgUf1k%I}+?@r(yq^qjf z6*gF(e{SZ4Z13n;Ne$*F;&U!_bJ+(}1FeW+ zmXzOr1#a)f*>UzyBKEA!;~eKZv|S2K1qrJt=8JPJ2YY*^eQMfzoC&a(mwI9y0|*yV zxC^rGmdA-Kqiw$XPgLxIUR~@B$)M&zxhmo4NLWB@7?g8m^RMIqXbvAApWp9&{r!s* z(P~Ww*7mchTe#zUfz0&vu{?YB3tSM+coHMnHp{?Aq1Hhog4kFJc+|!DsmsAS-MafB zA;LjDEAvLOqGG|?(o)8{f_cH&Orj7p4lJNJK*ha0?(}+f^xPz(kQw8>~jf{zli-W5GGf_O?$`D`8%2-Igqfg~QtmH$z^~wpgkSZEXKYArg!QINw z&%fn4*W&jed+}D9JPKDDA8*PZR!$m-As3es2$45JLbY{uBu}0U4h?w#?rG44tR{)u zQ=>a_{YL=Gv(HX9cwB-H;y+6ThA-%2&=(s6sXneA>`Y7>zYw(p4T*4m5a!Lt?-BCNxGf-|^i-_~_ zX^(pGQ3M$H=2R6l6|Ph(`$;MuCFtd5Tmj9(_rIlhFTpg9d1)*!;(bo2G?7xxz^pL6 z5t+`0=TLF3#90yGA??!X{Bfs`ZfAR2HmEW>JY31ORMA~g2Rw%0qL1yMn?$us-v9mz z#%}fuGa^<;a`G|qjYz6or{@)k|Bfs4=1nA{8fBmr-DB{~k}Ge%5JaH6t4ktZLbJxf9C9IB zuvKv+UyGQ8gsG>UfPjF*dcFlXB&mSA<~V*i09ohJ>oNNsreu(+gEF%J zbi9$sbgrVIqEeD{Qal`EShtsu$QbhW_U_m9ZEZM+payoa_JII<30=7B+B?u#i3`IPlM}Z<9;H@$GfxJCCb3MfqCYpY&9X5Lg z)Rvx;_=T<)D?i>_9c-mK<2&cW`8o~Ei52+NbaY}|Z0}T6RY9?b5ofkd(~6jxBr(Xj3?l(~1o@p(0G{W)pxK2&1tf6w<7=6FbSus72Cx$>Q|u zm#K#j;Y7qiE2fSz>;w9Aw$MIl=YAlV0rZwB*&HDLy$JcagV7>8h#Q#dRa`=MyFQS6_{(@kHiPFpwVr?IldmC7hiiO(p-ltX%s&LLP3i9&nOG^yt zp&p>?!veCMsJ!sN?u2gU@=!(}2vY=PQI+iy!M3F$$?0ME?vA)Ey zWey_SOo3dX?hA@J`%s*nTo?RoIl{5Of8XmPPQX_?`0yLdk~`BCnpr{b?41Z5lEq#C zNwR4Z7t_>?LwWoFn4ff5$NtM9eAVkS0w_|Np^%i3A!F7116)9CyiJ!Ek>f5gO0KnVdUj0+AJYN2CL z5ko)aXcy@42l$eL`V$lA6hYrjXL)@uJ2tLDBQOmLDK78!=UNbpt%)8NYGplOfaJy9 zO$A58rc3}l@Wez~1F2j3`9r6x7QzZ_d=6UNsg>W`jt0=wqL|g1MNz zat>{`WKG4pEb?bG8q`1%wVhX}oCZwF>i0)9vUhaSE(DAF1THlZ*J+`4fbE7#kR5?~`+*1$TU=#4y-K zYA5m#T7q4Is>z zjD{i%<`NK-Qr*@&$U^fEA3k(W{sL|sf_f0g=Tfez)d#H=2&s<8IX)qw<6?I-Y`=+F zp;|8II&HNFT^${dIW4B3Sp8}RuM@0b=-gaM#w$>VkY>l2UnpnNpMio5o7j~&w{~@P z4Fb;?%%|_)v2zgIU^^frT>uO~+JzA|H#J$fX?Cz4g3n5~mI4~w%Gt49eRB8QL zCYXrD4Z+}qWk|;_yam$%K7TB62(%fzy85VZ#7!1nVF3PhpmN}lJGi*ev|oV^Q9v{X z8-S1>O~Mbt2lwxTaYyS-0xlT1VVw?=*?~%l>u}X+7MJ>y$5)+>YuB!!bQKkcLEwZD zmzs^sAD?qOZchCY3tcE#hVy|5_&qQ%obwa(Es)yS*#UFFZ_`M?mj_4r6SzFackrW8 zxW};4Ut1fl9#)RJl&% zkL)C9DBYL7T-@3c04;&EJOQ0m3*N8|6D=Pf^fw0h`T0T4?Ck8Id@+T5nYF5Ei5aI- zKwh5#_py0;47-i*biD+G7pPZ$er+|;_~#$KW^*3pWkSnOyC5?05=0ejoLX4SR^6+f z?(g@H*iEkNoL{186g249uLC!L?xb6+D;GvhUa8T5F04qR+d*_`RA?w0lzJeJlhD>; zXIDZ98+C@!Wg9;QIH)%4BRx)Sa6dnR4ha}z<{YsvO|&X3rX99sm@Esb+pk)yGW^HF zTv;<$+rey{k_9M9buQD*~K=SaMj-XtE=^@~rIb<6l{)6w`EpPXPP#7k1TRU*halYsfAbI?*Kju49vv zlX|RlJ_2|`S9S-4AEgTk8rI_q&Aonb5s!5*c!P*0X`S=n7|b*W2L}s4-&$B0Sb&v{4Q!9W6?Ho-|w{vPI3vJaLXKYlFl+7I^RK&mJM znS26`kgo|MTPmKrEOS6a+if2qO6nv$uKijG7Yu97GLvu{-gmJ*Flv;-SOsGeSH5QN ztB|Y733jW`(3}n$R97awGO$TqB(-10_J9qnV4w|cb1)HjTa-K@0Rb% z5W`_^a%uf%=QnIQXz-;~nA5Ncr}sWXeR z^ItsOFnA!zCZxI?v1tVw=O_EK&TDyKlhKMsg5yPNw~YYaf3*GNix} zH|UO%;}=DnD!S_bhEu2E6IonTC!N9296RVpA1`hAlE`#8a{yQ+Kns`*`%wB>?2>HarJ*EL z0`&0h^}oqZ?zQLE0*+3|q`ue7vo#j{)ja?-x^k}S3&>sS7>)_;@0Uf2gYg8Ho3C2bG&-u{#G3hy9#6<_ZDhj} zmtVH5qd*~}7l244=n37!P*MM;>iXNaZn;Az_g{Ok3ZJJU3VO6Fpx)(1=BPl~Ls^9o z{Ip2};bAf#%=!ZO5fU2<(sa7ksl>+9WwXiWXY?`dp)AVOVSuY17793) zs?%pcaTY+8Y^9v2_ItEUTCH}5*U?@pz)Xa=xc~6#*nhnVs@!eSw{KfpTcQ2%`SWL> zln9nB;Nw}BRxmDdRHP~mP7~$Rr)lMzFhK$ormVmt!UtL;P+8J5GN3B~V*x*Y{9wgp zR0Mkk3M9ZX45rD-$|n23l*QGS|Mw4UH30nBSdI7Z->c!=lKYUWY-(p`CoeB=VUZ8I z8TfYx0|H<$z|ZfV(9!AXXqH0z`{!Y+Xx%CDRbaf;zhp4wPVce`9AX8pG z1TF<+&W2|LOk*4!eS%RqSjzT`*pQHr`;Q+-$HuO$tr0(Y;u?#65FHiu=<#D?*63fh zV*6E~h@hQhXlQtPbo2*(k01K(gDW&%SG8}7P=x3i6&qU#7!c>KO-Uxid26!K%T*16@3M7Bgr=y zVZ3@6r4pk5=gI$VQ?HA%<2N(2&BlvH;wn3tVTSiL;^Vfdy~1fL);*oJx7R+)W8hIH z6?e&Yyu%Z3k03D(x)^y!W9|GZV7wPe|_JU}zT!b=Ij zLuaUY6fOb-ZS*zRN@5o*p1GJb^feD5N=ga6O#Nw-GxyELilzdtqoq9{Z&3-?`qugT z6-L_opcye&I7pV-Y~1>$p^A}tSth0b)j=%6V%Ph5@Gynw#_oF*tW&~4Q(U=XF#`F^ zwP=42>>}@W34yvo``r1VD+n>MzWIQ^%Sr+8W_45NO97v5v82*Q~f=LJ`3S^M_Nu&<&-k2z)T z9M~ZU8zLE*CI_A8)4~`fR#gHSmd4P~D%Hq5p0Jru=+|jyj0UWmt$ly|yTkwyPC8M! z(`H%_?`S=+W=F|6dUCvkqw^_QWXHwZ$FR)INofCmhK#_cSvL!OC)q~xAYmLd3rEig zZHeyZqKvq8XU5IDWIl_F8tu9M;iNHVZ(SE~hE~${``n&58>lTKKMj?#6qs&O5jUJT z*N-bF-$qA!t#*WrEFDN?>5Y=3VJ|Zm7oV)MUF%ICv0s*r!J9`Rr&P54qFxm_2sM4= zwBY41mfyIB-uw0~lAu9FJw^?@cEz=pmi7gYK%&PChtI!E;=uAxjYt~A24^&%xnC=D zCGp0CrC{Mz-#ALsq!4zfx9^%OwU#-)b;^ZFVRFnJv@%z-@?KrKzAUOvZ`-O# zD4{;wS{2eSWNmae(WTd;Gwgl5GzP`Yr_}P_Nv9hXb`&ku_M>3H8TRI;4q?ViOD1Z! z4-FMsXu0mVh+zs%SLfH)2cZN!lM6{dH)?&?#zwQ!u(jzof21Q(Ma|WvIXw-&Zg6iG zOCjH*lfI3g95~;dZk7+Jph&UV3Cbd$(KYirD^2-$qVHnmB3)seC#xE z;ao>kq{=8*$h+h+UstFX@?E35DdbCpxH$HEAloB|aW7U=wp%-7AZMNw%XV$oSLN+P zBDBvo9PVdn>SdZIdpm?eEv?AgH_l9r=3F+dgZw(KzUgI2Xz1ojMzfX{?k6V_?7J8C z|JsQ06+R{1p%6s-O#iR%&y+S+N}}5z+m=v%A>Z2Tv3O16JBhahJ_%LAm|M(cF(^1v+$A zC|AE_HJTBZGNx-_1uv1NE1;t#b-t5eb6noeC@HyU@l$qp4?>+(+iMkQb|_dpCW+Um z$d}l0$$Erc{S7B@V8H3EIoeb_(9^#TheIp51BtDWYB{0|GRTutlNv=^wkNMb&)=n9 z&Ila8;O%N}?yoGjec@tnvbedm-`6TIs)ty!PyW*Du6-5^{uQek$4)m}1|Ki>tjBD( z(V0q4wZlesPxOQEaQ&avG{4fKgUR|nEycS8%$m0PkFA?^{SqrndmGT|uqf%UySRyO z|N1qeaqBHwWge1ntS#Sv?c}rQd;9j#$jj)UA~_~Q6`J!*3x0_P3Fpk@ouA(JKtUlFP`9Div>1s58j-qxr%Cts|-JbjVKaI#^uN7IKWnhGjF3*aKxeA&j4wUF4=s zepgjGQ-4Y0!BEeI_FWM}gRyI};mcFkwW>Fm972Qe6(3Id>3-a`=f3x7Ik#@*QkAiM zZB%M=^P35x65&73{$Sp-llcwR-+*gSh+|7;Hat>kpqPuv%F-31`~6PJQ7ajCx#ozw zsr+AR^S{E7p#EGv{@?mx&)smX&)F>$M}j$tmimzp!oPQuId9=N2nx4!;Vaxnqs8Z} z06yQzEUZs1NPF{5{B0b{(qajSs#Uuc-Nl@*?*+cXT{uiYV0t>5ydM_i>S2_MBa}6a z*OXJ-1%Fw!_ZxZQ5wvYEqg6ajEh?6f6@#B$<^AV9c-z9UrTXea|Br?K|Big)QgpbM z{Y=9lj)`U@f<$Hf=I;&ZC4x-0TPsu7CF-#Z3B|AeJTz6x)&j0O(((YQNIE5EvAI5v z^1ff~_dwG36NPlRgt1iyCSHmfoueP&{5QNEr2La9V~hD4HK{+y!-AN2dhK+n8ye*3 zzj4<+X%-24CQAFNrU@web$>6OZ@o-^@TP`}b})LF%*U;d8?cM@+m&BuSsBtEk5g5; zChyr<2=;D_gfZ#~P_N3hE=5E%hFXRT$y?UW2YYPTDaEt&g7DD zGa%~O&nz8P+&%tLFQ2P(3Dl<_nID}8#-`e0*_iA{EKb)>nM={9^Hw%LTHUiTVQ)Ax zm!vUJPie@DLj9GNFUF(L_I1ZsB%dw@D?M5cr3z}DaKGqCoTyX-lEamH}8q(G)Tszk+yxDgg^Q1EW z&ZQgQx)G;UiO)%2gZ7`#W&WE}Rt+$3Z2C(?t3q`Yc=usPNaM{r$g~^RXq(BB&a52f zl&8{`aDhxJI@uKpQPK00-ux_XA33t~8TIB$guvr}`|ta%wA<@&y%N9O7su9FH%aqP zoUirrlYSH8lz7J(%T(UD8icROt7vaL9^q?x>~wR)rIv*F2G^SXD$X6oa`+IPTEq_` z=`vTY-?DdNB3WXk;(~jEWtcE>Hy;r#=a%rCf7Uh9u79Q+>s$Q+wg3E675)Vo?Ryr1 zSt8Pe@EDVWU0bt$81N!+M+u8AIXM$$@2+8`+3lOmAiJuZ>zH4SrAd+s`|I-cJZ{09QF$_j#1E^2 zhJU!R(ouR^oPi-bCTig;rfL4x1>YNtx%JFGb~W@I9%6y2!M7$U?W)j4OW{SSXL$|06C7Bjik?rK)o6 z;GYUVT2$d&tW*3rKje`(~fI&wqEe7 zkhx|Sv&o3(E)LUNXD32_B-~*f7E@`VG;Aa!;I;JX70-Ayw9mI5IxPQXvfSNie=(G< zHL_;!T=%E9yf^9|uPMROn3lgbHf?-G1=aVnm*t`ieY<3w?~b#rS5-dnq~8>se$K~> zM3w!zZX7$zC~+G7v&N&ZR^Zon1}xS=rmWC)AL3%KhOAKUH04zm;GT}_nDQ7E;8bYl8_j)&N+YO;$}+lS?(NC zhB!fuAm)b!>8_e4l7RR>Zx{QTItA2=?O7o?ABnf<7VR%vn;<)*9A~m3V=4@$TNz$}re;SsF&HwZIKa#I~kAEVZ1!*oE0q_5S3S1{S`3y(OE` z3K=dExQ3$fc=M!|KF8_Vmur40$To2XFpl|7eRz zrwK83^{l%@!EkZv;1BYohvg*F6__v5Dylou8X}v2^dex1C3}i7D2PTKqEB^kZlhm* zNq&gJGUEwKZx}0&aSPblsdJ4dv5UQ%hDouB0DxwJP3hlO{}c6KwvS-*oWH*vB@*9^Kbq~AT?n2x3NTAr+E8_7HD z2u@EYP-W!M(WyR~PJ4$Zd&e+;5wYWlV#&4FjJ+jN((3SnxnW+yo2MChbXI#^W9>xb z)MrX-FVM6`ShK6d!)PNoD>6S;#DU>g?29DD?5@$opH;JG5&Wp3u|yd|Cine>JB-xX zze05CFZ?^ttyBhA<=EpZCBEP1apTUBBJL9+b3Xb|P-0lZP{~^v8pj_`ZqaW&(w0QzQxIaiu4JLm%^r?(+IhJh=Uq$Wrj{4PH{;{(j4qRKAL}~Xj8_~`o z85$Zn?3~t#WllMm%zoG=(Q4w4;nA(z7$*sZ1ye|HGbjXUndYk#T*kc2V8+F{)L#}){0k^&W z{m)qd_yvibZE`TRLDW{(LEnC-!2?^)S=EEY1w^XJf%~7Ful~N-xr&hmOra(kx#h4? zng#sMFZ33_98=hJ3B3^ibR5&b{<~F-)31Y2R@~iP8WS^Jh)i7aWmV;}AFkEV*%|mv z@R|u?xU6Ydv7}X3K^iM2!D4graJ|ZQ+~;l?NS{0*EdNQ&x<|5i@;2GqGGh8#9}X(b z{T(+;EvXlKeyC&>YI4ej$XwhWS`i}ZqSBA*YhMs}bTUiO#1Z>wM{K=1QU0(ePr~){ zefkY#SJEh-Y~TLI#Wfn1rG)Q#&)+`GcotdEVz(P|DPdzjh^ujr$4IR^N&iL1mto=f5{e z4X(8`9?XDebhIH9w3=L{asLTUb>!rwqx?J|{`xW7ZhM80`f#cfmv}Z@Zz`e9^;;rO zxDI9b`t`~&DdI>fi<4gg4sr3U8t`t-CTF=AC6(;;{T5u>LgGPz&iI1m&u(Y*cYiIt zHJ~7S#B#><-*8s$y{BL4(;#EKysP-m3P+o~2gJlKSMz>E8pd<7tk$1SO_b+Rdlini zu=T|qY(GCc`e-X4aO+Y1sGExp2JkcP(r2KMql;nS??9{sI!5vme19acU0aJ`aL0cIOY>-}}0}(sz7lgj`w4 z4zB&6zT<{E&>2#xCsphk1*?OC!(*qn#klV{!%*Xwf&|9g`~HD~N39GU$h9xd`TPlY z|BY&1F6<}ulP`f`TEaO~c}SWeQWnQhb5uDE7{$In?y;|NakDhJjS1*Nvf(JWMP?5!@%A`gSj4NB=c>13m`eHJO#SwjwVtT+;DU z9ao zG{|34&L_qVPfjM29@=b*4=>Ad_wg^_t4{B1jt9dwu755!b zH=IhP)OMu~F~jfF>l8g_#b^_9Lf!k;s{+B@JbatlzsEhVT30Tv<@$JS!={+Z_H>={aW83_iEmX* zkL3eC>?UVDi)8tm&ZI?j(uht<=4xf$>i=kE^&!C`jPxxRez<)3`VsHZ)X%3YgR?ox zt$FJBG+sv=6$Ey+uXl(zUM9R6usK-I{LtJhK@kS-h>PPalg1|2@$5T9jRO@x4=JBC zo#Q&9%WD8fB$T2Bx?hk5SZ7Fv|~eTmGA1GUpy=Ho^9%2AVXi%5oo zMu(?)Nh0i`grddh6s62M&=-h$s;sQ%WMQjWFaCCkU}4Z)rYP1fHz`H&=J>+p)FyjIIri6@Ok;7)8)${g{ zt}gt%F)v(;b}Hx{p4IN^h}FdN`jOUG3IUwV_6hh(5|#*lFN|EnFS$Oh4IkTghINH&J(-f*bDj<&k-C08ZldCHcgDpd zAgDKI{r;Ro%PWjZDlM|@WpLWuzw|`M+S8hf7@kkOU>B&kHE!1QyAksnYa0>^=>z9S zlp6mYO1~K^sZ6ujD5Qpk!%oUI*rZnsF}2sMlYMmmM%XoXkJPhAQOnp!KllJHToA)N zdKg(R^Fz6A{3jJ%wfaFZKO+V#t8n>eQ!ifCSUr$5m_&XGJ=-$T z{qm9}b$#0MK8=TUU9mrnh6j1srOzm|ifGG-jSY~P5h2F~f_NW8u&NvI-RQGJcy4K! zr<`gG%wGOftAf_tnSje7$*dyc^4gh8iDR_{o!xb&HwOv&N`iQJg8dn)!mcfT81#2m z|GjpTb)Q$hp;swOcH`mW>-t@c`eE0-(>*!Nhr+3)*tWKU!n26r`O20Rn<5_RsJ8tPD`JT3rer4hXF`*z z_e*rUhc%sKM9b~=1b<`Gm$gg}!VFWsHaaGr^PJTu5K$ISXsuL@R59#3HvF`o|Ht7j zPBA+0x14ZNG6W@^d%C2X`Y*B$f4705lxwW&-f$qJ&eoP{;De>2rlm$Q-~ zwEuk4>9XV^6Fa(|N6YAV!}RS(XOnOC^7jUa1s>kr_(jw&Ehfw;QE(~yh>+RslWfnI zd6c=n4JMm0TK0X%QqvVJpI){4StVuJMWaQQnBmz1$GES)4sp-Tc`Ra1U;E0_lT+rz zyDcrH@LT)W-ajok{f_;{R%Iozl7^gB)kY!_cZ!}qn!GT*86)<#uTn548S7U%r1A14b);5OT6h zdP)5zwtZl@0C%?z^F6$Q-?mDz!7EM!%^eXX`|Y)l23*LqEn zD%!_`^OhBnRP{gg9SaZb<;{Ec0pSJX3OjAM?0l=|m-ucq zb-6AKRr1uC4G@vO7y|8HW>gWp~Adca_%+nHY=^l7n^OuD@AYCxc=w zTG@OwQlc9&=Zj~QEFA8BLY`Hlw`rR%kWlJhR?Iw~JAdM+Ad+A|a5BFTY|9ccal2F@ zp||9&3sX)~_gq!SoSsiz#Qt$2Row*bNee@S1rzbXgtrNggfOARy62MCyE<9E($vny z_cU%lY)y5*ZTZX{<%y+4=SMi3$6ixsVKv@9r9$MTv>>ZH(%MM;6M$h01&VuNz>& zn$cTXf^ip@xvt$FA$fjZu0qu*b(T=+mA1=sy@Rp$lrbE<s*5*r?*S!Y{MKaj@o+Pw?t*+-^_5N_eR+Y4db<6~_RxX5Cw*rWPP{V~@j zJ?^EWDWcLbesq%iZHIvC%iOm~QNHT8{4!j_VinASF$mbO)i%}}9mEgyz5p~$cE2jw z{bf9eCV(r&;20L)o5NpUDb+>(;$GlN*2?z!ID$?;7zbDNL?vse)gp>8EdtATxl4+w zrl=DD!s-V8jY{ffo*dHU9Jj@_03Uucrkun56`JCluAbgg=V8Qk5eFrYx~jd(eD0!> zRRrRs`?^NX^Nyeg=|87m;u|dWDl9^b;m;^pv7G1K&u^#X95Nq@pL%Y|D@B?1UQpS| zy1~cI>e=}E&p*Qbht#ZZB<+^Es zZ07z!bB`}=!?3peN-2-3M|j}{Wk54`)_{brGlhH8RGL}>J@b=RF7qBDYJ9)*$DFpV!L#0?+vud zy9gJKxp~U*nJ9Cc-J>OVuBf=hV30pn`p>J%%}eqrVI@zLIJFTO#iY~V+1U2y=IDst z0UO8T&%PoKL*43a=Y&CMXpQlh5JhFI&}MD{kIgzA|Cy*K>ZcN(1A@X7?)D^fsth)l z^^S4rPM<%?RC7_P)*jj+Y809}yL;nldV;YJWVnp$YZ!tKlX~%8R1$tm3*)+teX7r| z@4iRIOqFuU`|y7-_m*K*M(f@$sECr%ErJNrC?#E!knS#N>FyFlTDn1`ySqW8OGou5>6;F+5Nir*9(D#aC(C$7#}w z@<;nvRv+;C`<$`>Vd188gYCPi9lfM$<50nOW|Gz;x?Z7;hf1kN1>1*140oR0lid7; zN=Q3su>q5=I`rx-cyCaakA6p+m6GyUJxy}0zssnlReKd9eg5+i`w0VZfzN23SQiQ2 zLag|(InC7Ce%`4sW@%C9#gmaMI6#YQrnbn*6CnJMcCI|ftR($*3Z#VZ7RVnH-d~=s zVfsfw<34y|A`1xcsO)HwlLkIy*qVZIFlkce`fz!mL-0#LXJdw4Ew|N5pg&sOZEawH`PX`VNX9BDH>NdB zzfPmAkwgi*+jdU+E|nzL+}BM)jS7g~j{>~Ap5-9nes9NK2h{Dfy;aShg4v$?`H+3! z+xK)|3D=^9p&@U~iQkQ>Tvqv8@4hrZ5u&mmud3mQ(SMchNS_5^X{<1nsdwpmI{N)g zoP29eT-(y|wl?R-VkZ1_Xdj={STJ%{DzKqxvzJ0TNw{Bf7jki6QHAqw0)F^-7 zHdY#zU3m_$Ze$HZjr<>Alyi^5(z(lR~N@9$BjD#Eyf_-2_DYdiXQ>K_+k66 zoG^coe^UZi<|B-3)L0pzs^wO|+`CgrgD-CLT6h2*?;Q%ABNX$w?QkxEOV+t{{xM+l`Jw zynxPV@l@BW4Tl}iPLR0SWQ z&0dusv~5l?b3Bf>HnneoF9pt)A|3cfW@K}TnpjRPbLq0%c8ACA<0!!6A%MEdYoQ@- z9QrihYwAZF^A9fJo`!yIyjb`8?c)TJ3^2ME2!N(Gi6?UI*02BC)fBWNFgI!I+KD>9KF&#j z;c;vq97JPWKs5;aC6}(dqy2YiAR%t*fX536g+Y3@@n_!1=ADv}eIwx$(~S7D_r=%O zAy%zg5#{4UH8;26Zw$m;t>v$lQ`ei$bT9mKHN|u2L%xeE zR~&&--b&wDO2_-DIEHmqPUVoSSmEMzMu#C2rw=RnsbQbgr=(mcip@1u$?vVPq6(5k zC)(p#k$zE=? zr6o{#^xF`=c@t6@u#G~zFr$rTE&LMCWaYw9!~|13?*-=xr|ZOOL3TTd1U1fU-|Z{k z6C+JNhbpulCdF$hPirb&d?a-9gRl3;NAPmX*M(Vfnr1jSaB$x@b@_;3b3x!}6hipN z1n>XqD;lwkje(OU4Ycmm=Wlq1a z9|x;3>x&Y(D0(-I#E<5BnA}}D)eCs$zt`3-7rnRTDpw7GP{f(lqAfM_uLVD+d4elZ zv9z?IfxqskSEE6KRv<=!6P%@Ke5fX@iMa5%Sg#f>g!9YxljiL}D%_7%8J-s(xF!VL z@s=k#g$npX(Mt@4KX0!`>%fh;(RIFQ>|0Y) ze+2(~qrYZD^3&;q{S}qAbJ}(^^{0-GDNV#fLwcUdGV>k!KAV}ThVvY1g$FHnSMQ5` zFUn<$A6h@OdsZxgEr&fp;2!JdD1t4AXK8oAG-T|3dpM$%ayNqR9B8SkQT*`Y?K!+8 zHs|EH%k$mND7k!el^??G}>!l zE-KZ_;Wu-)`Y-e05cgY?v`ru&GQ$$e_q?`wx~cR!Cgi$hL+jU*V!eNqW;nQgCPaA4 zucf7>VEJy5a-YMq1+p?#Vp3Al=g$YhmmIKO9-QeQ;Ud6Dj1)`@0E&WufCbJc2MRzi zC`pMGT!ut9>#knJ1_Up3bRpX>7VPk24eJK~dHrTImA`9r;k=!4U;O>||M9VP07%x; zCbsEuktYPa{gb70v`ZKn7}j97`S>wUy9AK(G!fyS19dcjR903-Z@*}j0gJ5x5p>hu zmgJFhw_e%C=~Yk=Qn9c1kN^UBBLG|b;^zmJ70bYW*gG(Qij2GsbnoE$shwe@q`0_1 zX2x6W3x^IA(u{O;=725(B7 zwOv4mUY#ZbW?(Ja1MZ(pA({+vJqEBVM~Y|J)@i=RhCQ#?YwX@t+dRcyU}CBSNy@lB zf-j5UZNtSVBKubL%HsbAJK6zN!k?p+OYwjIxUdGa0rirU8dat^us12Ms4#r1rm0B` zGXN$Qmf_neu;?H5jDY9JkRTZwAKwkj@7mgT;7dx%0Qiyy#0fnH<$xMw_m8)?wtGj6 zRxrM0&shh1x$?qs)2cr?<5@nlt6VU?YHI__j8$8;BIO1sto%?V4H#9aA9k4j!UnlI zZtC!k7}z4!7YVdHe-3B=|M6qj!U%OOb%=<*gF}@_Mg*{+F?_QPXA02G38pbIF@FiYOOWjef~ZI+}t7!=o9@p4$yGGGR*(!V=ad^Alm@w7l16mvTy?^b%7uc z=xksa2gIrJnwql!W(2d0J)p9Hlz_1Z3K$kZ8 z^j-Npn4}7Pf8N{O%|sXqWNd_?Ux3NkV`5@}D#)~olb81!EDHb)p+>z3#&r<~J{rCm zutWf25?l!KyiTLSz|u+16Be72m_EB{u*-N8xI$F zRC;=tWrVv4D3zG$Rlmit;ZtiPX4v}!!QoMSVRagl8SE~@$)!5-$LwNa-rW>o$-;XR@w&43IBb|1=`r+yE1;Au_^_B1`;m& z-N`hwoQ7IyMZ|vb$6Rr!hn^yTQhI_ zUx~Nh>c%T(*A`3V7k;HF@D1QqtEXYE`MzoN>Pg~~^xt@D0k@Blg-+{qS;21Yw#-mN zVYY>FP~fjIy|;1ju-+`*m7P0Q`_?`d=qNk zR)B*Dw1@zNfy`Q@H5x|t3HO6lnU`%w$>j|He+fiXdiVc9GfvNjff|DJ%` z*;-KW2M|lb5@3^%6pe0z)QKl1@OzT5s{w=zxEhSp?GVc~T;+w=-V`WQZ@=@)o*9k7 z|6kS0lBlNHS{51fb2xx-ce2^z8YrNE=XUO%pZ5Z<1*^iqqrimFK+i}-L^wrvm&qj0vc&t`1~M zFdI|?nIX`BLqtTbE-yjeTu^dxT?5$Nz~JECSRNM0VSipAR0BFyAU>C)jQW!V@GgMj zjGB=#EI4?X6ZrzSU%)#_ABe&LK~qLbY8B=`U0g1K%n@kpU_KxR$h`+r`S@sQgJIPk z_$`o9r`ntV)o0g6_E^*k+0n7FrYwZ8J6BoEoB={f zC;4w{jxUC4#ms*zM0CKN^*`4Fc$c&*fiCW!<3B_uDF>nKa|@gg586Pn0Bdvd6luz4 zNoMVVwi^hz)`wENRb1uOBf&y4nTFS)677O$DK&i=NyCNnj z83G|+1l4HZ@^~G{7){<81MUGmC=Tph00#slU_ej|3nR#U+rp!xSvMgUP8gd#T}O(F30zHP0rk_i|Z0I)%?R{j|l4S^YrzsLUn z{1Kvw2=@($&W`~BwQLND1;J174Pb8pPYJv2>F$h5kuo9z0xUv#4cN#)qwNHBz=P#A zPs>Y!GfcJ%N<|Pw2M(&CL>=%*)GzSyo(1iUc5A0XDk}R;Ykp8jbj!Y{>-7 zA#4C$IWag17{9;=9B};0=l>sZ`Co&3JN=1LfWkZ-XhnhMA9npnF$&6p=2O@MKX~u}sH7*;g^^*e^g%UtmGd9d zjBs!lod5DIaC2$@6`TF{kL;pAuPiP7b;=yp>W8;4b_1yO(9k;gq5%33;LNxwtfm7V z{6J3+H4P2S<_dtd3(mAJ!ul=YQ|4g11338FPn z=>IQln){-4fGn=BO1%hHmB54XzxZWZWm=U8D+%IR@&)5T5OSCc2!xOqDHkZx05@`z zsaybl!0&zQQhP~(8K_(k)3*w4p4$E=c=(%N2M)Pv{|rt3W1s6^c?)}vHx65hpZEd0 z9dw}J&^PTlKk+}q!fJ;V91zkXKk|u=#)h5A%FKN7$Orrjl%fl2N=lIz&o=BiVP}d| z%LHFMlT6`^`A22-P6FP_y$X>9HsHTxiEgM03T{MEy_Qr@v3NK;pZt zv5?IK&=pBid5Yo`m>{&7uhlFDUA#~H-^Wd1p^&1Q+NSlpG1DqBiY4HRLfaQ}3k$IW zAutmHSA~Ov!w@G?Fpl)-9rY7-z%OM^8o&&M{E3R(k^k)hkYfLJ*MIx(fBR@{*Pp;l z#mRXE@cOX4k_94Od;1e__=kVo763bKY-|9)ViK$&ff4k;$(5ccSdOviwt9n;0O1ca z(=8BhgV5M+t^ZH)E963D2ehkSo4^qV!hVb9FO)NClk&h>qGV#*z8-X0V82pQQ2}56 z2CJa81R3Pt4)Y&mQ9YTXn<$ST{;oY% zwjV5nG&C|wl+1} zsC5d$e>3jCjWqnvZd(?#(#s$o0qEPw%8yw8aBChQ9s-<+KgI>N0+e3hcwnA;1CYr8 zqZMFkS3ow5f;5+4~4QOLE)6P$r{XkcwW$Nx44 z&|XeALEw!pub==JhybgCiGk4uYfJO<^FhEugB=9mXrR05Yy!9qkA2gC5BVE!g1!>~ zOrRnm0Zut7EXIN1fs~Y3-7l>D1pizDWE_x;gNy?_k^gsw1`!f)pMa%<4zmZ!V#&6K~Z4^4S2zwsi@@S8-UJ*b+5pv zh_&4gXvF|+E+HWS<_g~?NCKkU#p#3&?823RI|n)s8>g~B*88W01qmKs$~GB_P53RTQUEA&{ZGSXteKk+J9#76gqoQzGg>);GR^;ff4a8 zE}}fR(Ii{AZZ+dG^c6 zd$2ZlAjik5TYX{G2(N6Ke)gFe@2c1CD%-0T{RM znM$w<;o#ma*ZC~e;j}U95HIe^@{C&goK*pKgThE5;LR9u8 zTy4*Pasz+!8ty-YcmE&%Y#}klVO1S^KgmrS!)4i~e|IX{Gls{^cezE5quRyo(&=2B z-$NRi^+x8~`xz}yEuvQ~@pY%?k(A>0tREZtK#DJu8aJg<**~>s+Qh70YK-!|@x2{C zuefLB8nvA}x{M6oztORb;v*kkL+u#V=JnD_B7RRzbi9&4*}L3U88>7#C+ogVTJv7_ zqMj2)hh3m)u`k9f>%n$am@e;yyfZ%fyk_+Ac)5>8a?bDZ$L*tDDj_aM{Y4jJ2U>J; zhSFctGBcyQdmZri-@ZLr?%d7N7~cnEJHY?hIN3xDocuV7wm0oS%e!YqyY}Np=>jB*&)zA==wp24+PkB|cS|OS-QwHm zzB#W*+GCzc(3f&w_7Q8f4~~fn4@AO{=m=@pJf9EhnPlmLlXkon&{vMwt!E2*5_wTj zToSCjO(*K4HUHJ~rJ8W{DPri#N)PYo*m;E+7d|sh=%!n(m;6j@hfDAp@s-o&- zZ;+-=5Pyrxa*fgU{w}qJ^?CAOl_jUEhm3g9Gl*Y6$@!rvqhoy zxQ@%?#2=KdvM4&5d3^3qyGV>hNbyd%xZiQ`tjC{2ZAjgzx5E5GcX$nXBd1QPN(*xN z@PF@r=IHqINY*wuAsQMrMxvrtas^JI#4d$)>%I@#vY%p|VQJ03`vn30nP$C6WW0Q@ z>jCRNJ^M{t(D?LXynGNC-z`>mpS9;vNvCLTx^O{#V>v+&?hdHNgHXX#>R5b_#{dMnj8|nVMS$gym6cA9HhzXRB`P{ zVieKbr_`~a0Ta@ zqVC2+0y<@$?&xf_j8VK-T^|(D^5tolP^!Ea6NJj18DAU=E6n5SV^YqyAiGp^T3T9* zi9LQ>+pU`Uvn9?Hvy%;$0@iS`A0JV2q*a>C)n>r<9040u6MOY1Zlr--WX3bqUg!jv zx)o5nP2t?tNZD?leT;cgx_0Q_{t}-BQ3sD zq5Bfq9rm^yOtPc*XVtOLVxl4JO)wd zwWPSwdT&)ngG{0p#A69NEEK(%%lz!uPeyY19pYpZM&ywb$&Ph zSKQP~L5iU{BK%2ZH6mT;eb8^x{IPBXu!?SMe&zTTp6KZ>_1&E=q983g9uF(snYrnQ zGkvjEv`XR#Lt#%Xhu;fBTs~&UaP?{@OqDxg)qTEP@DesuD*m(^bDxMWzVw*YnQdtL z!s_#DuBxMgfh@4P>;wFg=;Q0ET`iT!gI_E@8V z{S1rpx3KS?{GFL56ZL16+Khq|A@Y1qohoOcp1KDbrRq$@B|7_LaUvXuNk?D_q^Oi3 zrKmY`&*;mCF-6$g`$f`u9&O^cv{8b5S2}VL!*vU*-9;^NwOvBw>Ec~o^El6&bOVth z`mGc%>!;)0r$}7IovGJ-NRf0Bh{e+|$rUQnmV!{OBBgvZka#TgUF`EJ{W?i~x%mL(YynDkAOv+DhNn zmWcf7=6DpH`UGc|3?VpeX=tBs6-j0|6B z%l%dX^Z7if{Z{m)KPeI(z3K7QHl8_~<6yE~`xk^+52uxwC9YVyI_m>nVb%DP(}@f} z!GWxKuKRO7=2|T{eY?0 zL_zuw6Q)T#x`1M*Xoi{UqV2VTR}g9PwrUFwG(?U4rUK1cCeSTlgMe{!Vsde@C(hTq zU?xQ(M>^j))nc`o6kQ4eF}T~v*ukQbBn$=nntV?a(x|^4--FgM;LVg}n9em8QY$3h z-q;N*amp;SM+el!qFs)wq!8k~1TbPis}fMAyV} zAs_$`QIwTES`PCY;`7Smmn`-}mf^cJK+Y<+G~Nv3v)A#68DgrmUd-dL(?faOceILN zw^rHmMI~b};^igSi9%J|a(`0pbk=Sdazx~!u=ut%sO@}mGFi{9t2>cla81pZGG*Fk zgr&KLvbfHEwqeR{zR!`ph)4EtaLDhWQOdEx(=Yalo=sVqLlwr*2~;f$T0hC}u}=fK zb*O)J`zfuSf!=1t37d%OF?_ZXl9DZ1+1T~GG4E|grl^^4OLZ?;l~t7(DXlcvDMw3E zMEYK*tjSzV)bRXwP@KwU7jLTCsGYmos6@H7}t@$+pRT_|qBvb)F7EaJKMr&FX~YQ3^1Bn8fY{d6*BQ12k8 z1Vz(faQ^<*o5z%qFWqO-|Y!_?JKw=vw-pb^m)5{$x zzvfZ^7b8aTA}{`_Y~W|TD^HcFNct@MDGfVaH??g7WBf0Bo9W6ukDAsEiZ2h56n?3A zsO=M}lTlU{rEk&e;ro1|DwoE;CDeY8nC2y=8{a?HIKbdOb z>vKDf>YT7+yCWjI($}&%Stej>Fw^5JlI7n`<+z5Pvkv_b!Wy!9s zk?%h%>Y}<|tVAG>3vuO5v&8XKQ1H3T#r*DWJ#cWt>_&i4*sDAxHgDN9zB^V}3~x|u z=Pa1Juc|%QCy3L5ET@sKk+LIDW*Ki;oS!Npe(dmFPq{xzN<4j{egFDAO}H+iExn;3 zml1nfFgp`3Cy8fX!vig98LSuGBwa1$Q_YJ;3fSrt();*p)R^z0$l2N0!JPU1eB9ep zLkFw*agm9>{R7jd+ZVy}w^=6bbBP6*o|4pFW>Skks)YCMi~0)_k1allQ|6MO5IG5w zlZ#)4NvoJQM#7|~z zK7}sF4BV$@zACl$4?mG1V(*IEbZ9h*$|)!iB2>HU~{|a%62ui@eC0J5?)OL%yR$S>1E{~t^61md5YlA z8;s*lA~5?xU8G`d)1`lXI#c0nV_BlTCE#0GpuDM3Gbe06HAvB7Qib%%`*NoucrWf8 za~$dDBS7P-Iz%+a=7=ut-a27tYj4#ri6&bOUjlMDWCX_;@>Hv)RSt|oGC zf69XKjr~+GeaPnNF6NJxABZJGNkwWue<{Oj|%x-JT8>|nO_rY&;^T_&-RLPp+DOT$uv@G3JM+Nf zhTF_$M$M}G7Vu{XoJt9A`;%X&(l~b0CWw6?rkq2KqEi(T&j-e4Hiu(=u zLI&!WxGqGAjFqp%eV;0nrsgX{Hwwwq{W}poj*7m~B!>>}Vy~;aby2Gf1X`!g2Ut)N zT=crol*+{$98Qzx^i|zfuw`On$_2Cfd1=>6YPHH%g?c!LdoAVilheGZU-K&AE6;V9 z_~Z%6q%AMvl09^7pXh4p=`P+1j1mkqx#8zqo2w-85AhX!^t)xM)a_x$y$Uu7jmuIQ z6Zw^6)}6uE@#eG)uDQ%b_(-{rI)&89hpHDfE!a9mn`@03%|B%~Z+0ih$;+pvDtES4 zXL>z7%GT&Bw&=iG_}XLW#^gu|GJgwKP z!W@0ue7mv?H*U4N#>ag&+j9-sf?B)@OIf~ z=5JdVyC=z=Y^mqLkRsd}3K5@iDlFeGeLRYb|K-d`ar3vMbt=ywL-}oG!%dYMD%BC| z4G|g9b+@RCU8i5;y*LF1R00B#@k}^BsC|KnR6I@5GBPzhL%iOuqKN09XRMT1JPmDN zyD7=-?JQQG>}|SyDRiT}Pe+9)k^VR*@Qph(ws3HruP-Vf-lmBaQu)E-a2Q!B_TC}W z2$S5^y0pc8_HdpJJB(z0!4)3;_CWFLY1s$()J8Qs4#~WpIuk9M0j5)xO*1SZC|_9W zv$y6_X&s%e%{5o(G?>T%-LjjL&5afr1W3l{N;{l}y!VFgl1{7`(0PrFMEiW1Mj!64 zJ#q7k~!Eq7!FQiv`Gxl#g6E)K-VU3bbto?@j3e3s9%ZhtJ~ zdB^1BZT#)yAqZ1S8Zm`4>u-kDV!?ghiDp)4 zb-O~5qxxzrXXBY|4Y1o~9jZXLZlO#+BM?ld8KG1d&NnYLduX^$f{hQOygOq|N3%srOe_Xj?t*Rp#6eCpKlD%{jxI2jZTDolsw0ZZ|0_PmJ6--? zth|O`KEf(>*j!rnbtQzwAizs;ta&sC8BC|HrG4BQJJ~R~v}!qZ7~Ye& zJ)9sV+SJTO$zYRH%Za0n1%kB~7oYjUlo{r9RU6w5PGd)aT*4qA^J?U2)~P>@=(&7U zk3bAszWvE=AuiL&`eNeH_3sbz=XdNFRi+GN>E-eb6Ge@fm%*$^ZOl44{TxQ*h!XOP z%=c&|31Vt8)?BOk=;{$7CgWZ!+_fmvwYY z-S2%st{J++z&%?OcC=OPRJUZ`*S-HVqSA=v3x>yuPI-+wrlRc|66u z#y$23j-9=bszK@+3!l1_3A-$?v&i1_@8 z&BT)clbuQ3h7|hOOs*zx329LtyV=@mEv_y4ClQ2xjkK02{r%6i0Fj9b<;$IZn)P*bH>nFYI^jXett*nv2be;E3fc)Gpaj1Mk6EyP&I-@3A@R$@qN zl}Q-7aoEKi6f6;-O5TPg^Alhu_#r1785aF(pSwuW=c|j%e|^sYb-g=WOIUc~WS6_F z4C!3%4TiAD<3LFNHy)gCNuKvj6x4ZYyQ@slde)cep+siS8R#UJ7)Ui6ye7$j6KTd4 zA%6DaIal@B@ahA21zBr5<*Abc!MfW+|4)Wfd(elBr`lbUWq^X<)`rzDaPU-zdsuG) z8Ydm3p2A4q|1>pG?#K*LJ`hQKx5P{5!nK|HS6y5-#$&VXIRW_gXAz^q2Kqc!t10Ty zmxebh=yvJZsb>mLI!_NZSXd>AoTiX+ao01fHkxPDa0%$1$|75!;YD0`MG1vDwxhq?L)m%FG-udP?Il8~#EfVgS_t`}4$$ z9Hn^su9_;9#0WAd@%h-4kNovcjz;ptjB0GW+gH}PwUJ<=^rG`bWc>5`wQtp!n$;EV zuZDP@TRQ!U(plxZ5ReAtFh}GuB_Foy<(s+1=<=t?b~KV-H;gdrAkLga(=A0l0YS9H z5Nu6GjSQT@he{4o5?@}XMH!Whbn){_8i>Iz~s@{{gZe;;= z>R60J7}wJWI1>uj6B=)Z+#L>!Sp6c%BB`I=SxKY6yze`6U~-3|`HZErljbMLmbw~u z)CE^ZR*`IsjPjM#?7nAb_Ep%nTKcxA)1@C)zD3ur)5i(M#~tDoGoEer?d)W^bS2?c zC!Tpq|7bjBz(d_GbhXekDIvR?nBmiSr2T=aA@@gG1oC#6bJffEi8pn3B-$JRv2uOI zb0P4Rb|O*7H17T9>31FBU-S9Ui1sa>S6=2G4o&EH)1IC>Xz_lWZ=M1>S>w`^llKkr ztq;Z97~S7BZEgxRe)9|t2p_*ACZr)F_ie+)bsVS6kmHBYtB6d*rHXMa(Kz%LOao*BuvQ*p>U^Kk^=yh62i_*BCN37l74wO2i+FbC!qX>~onceMVpi1&xA^#7tyc^QzS{P@kmrY-SbAQ0oz4W6WK?^@0j4cNkjuPE!ZwE_}|r92?!E z3=Ge!o*;Ue|L%hGwcqEwN|txeSk#im6I$)C_7SQSq_;}6%CqdxM(HWYMdSbKu#VA^j`%jMYqHZ%=24llu=9&#Sb>)d!;JM4FO_gShYGav~19&aN>i|MYD~7 z))S0RvBcS~9O9SlXb+0XMdtE(!9 zBoelD0Fawzqy8#K%-K&)j$F_D>~TsykP})Qao4lew$oA)6KQ&JefV4nhK5r`L#BkQ z<)C8_dl{91eSg}9E}DMjYLybMCDlEnaGCgLL?rb4!^^U2YIQAM{24|CRc%D-YHH_r zre*H}#nPTRn_vd}K@3PzS##_*vw;@qJ3FV% zQecYE8JSnRFJpT|Gu!;GSEB+(dQ-$-PmD(F~i-+vhN*-*n z0~MGU2!U9l2$omm($rYRQ)cG&1<_I27|^l3TPyNu`$|hf3r*zByyW^GPb%hq`#uM= ztar9)iNtYVjPTs(3hLcL`t3$jUKISI#CQW4%c%OXr%P*F=y03ayIEE2tgpc;YhdTp z9Wa;a(FOK9oo`(E@>1qwdK0oCSiv~H^@W4I?+_~k>O=}6vucK`Kl9gohy(PaCR5g zz9g9$qT6@pKc8Y@badu(vj{_S3BH`|mzZ%n{}O`?53}25YN@I^O#z&=((X(_K&}eo z?r@@YT>Ev6c2lJzml;@XbE=Kli^vYv)bK7!Hjjr}vSlV6k4SnI(l)R2 zsmY~93fxvfPI@1v@$Jw_OeqS|MWo#BYzOBLclFG$Row-Cxn|;E!jX{2h?QEy$genyd0{wrKw&~sXC^qc3w{~TuhcyX_ES& z4InxNvp#E$DW~hhy>Vc>@^s!?);DR9fyfn5k9OO(5e5#Awl0@%`v;xX`S-u=-PZcY z*c}u%Uy#4$sv%}}2r+fHC&8j2OLy=Ofk3j(@=A<_{ltzWh#?dq;f_I(O_hQ&!ffRg zM0YCoZ)aRzG7dQ8-?IzCFJ(TuS7{mLvZaHpbeHvCOW*(E=R=BcHeGtDgWs%Z`ysDK z;4zn4a*3y7*=Pv!ATcdQM6i}y>+2|{wgDoUx}OIQT!fBR3m!bI=k(o_6;T0ev!v!s zoZ33c+jn<<84bOw8KWbP?7TtEreT4(z>m|dN?3%M{}>24Jcww?1hr;vLU5!LOu1ZlfH zPX$|?FR!o5K(re2W9eyMlw*{6-NtyVi1{w3l5q7ZC_r_#KDZrrAUC<01w=nj%IxX+ zz}Ot`@-fYMRDv-j^=+2g?KXz#M;1YHPS3`pqtWWU;9R3Y`x0d_jcNm9BW0=7=OPf$ znN`y?ce~zI*z+w`$T_jSj156)TAx^aT%Aw4-;L2EU#FE*P%6Wh)=KK=r0M+1vv+rfnBIG~>qM^^ z?^*Hf2MJJ7U3~5WL%=u8+l)6gQoX+ce)V;=dka; zJx*phjF zgU*2O4fD0FDDSR7XelK6$kK~zZBdwmvE;QihTm17Q!~*v@9G9#Nv%58y#el|PtI6K zJegju~BpM-D1C~vS(-%t`tq-Wzx zN$Twc@v!aqOqw8#%*f+TcK*I@oJ5E%M<#UJJ8wrm8>BbhOW|M!>&pn#@85AfFOvMY zF)wYsXSc7u&dgI6v0p1WAAh>|m6$EK*;r123%+S)1iMDS$yUbc9oBGR*Acefh8CqS z{*>Cqr9qC88->idC!tIzr)@5@q@Xd|J$4YyL$}K~n)Wp6YI^sEk8wFcIdYC$8{w2S zuLgRgb@_9~2{+94!Zkv4&-mkP>9r=VTpC$ZvZ_k+iJ#VP=T~{15^6*h=cipzohysA zdYMLx8)uc@SCXo!b&jc@+h0u5O`lglXC^-87e?nc^>O=)aO0jeNo9Oc3mDB3)0xP7 zde(MMYJS9Z?@~cMZ!~bn>pw(^ZED*Ici1~+`FsDjYO)$)I}eq6O5LgR)0D6GQuZ!f z{NLYj#;|BNa58~LE%s${oJyjHArN5VOqIVw}G`ZI*U((Ly|q55g<){$W!_wQmU zK8LMp&0?$ZAg6WdxW`eRcXi7rn>O}W99&!?E_Ie$igBr)TdF1I*jQf;;-R zC%97I$rToj4l<}N%+**C3lIl?MazvbSQS@w% z)8XU3~S{sZz(s~r*<3%fT7)SDddi-eNXMPGY?fapJ6A9LCLwcr% zZ!$%>y~yZf^L^#f5tWOomWD3!)l)lFxp(lZ9G@0_5)YH-Ax@yA`hfbBQ1U*Czxgq7 z`nMM@Lt*L;kGutC#2r2d$c6Eh#$>Jwl z(^YFmfHnHcl>7I%%AVuO?Zu5>X~>)K%$K9;EVvS{#6{C(k-6$ON29z&tfmt>ROiPj zh~uk*+eTwd?N}%%2m|O}w~Cmm&|>nkRv|4Sd+&Z>^Dq2{apOaghsg6Ceq-&^V_GtJ zR{j#4=;n{3QMAg=gDEpezu;T}3a^ktDII|YE@y60XF${pF4i#4{NeWps;3D3>O3A3Cyu*03 z@d?RWW0l_WRUYQDsPS(VWwZB&O$YI#-48CuHfZ;)gz=YuBoIDeS+a=FfUiVNIUcKo z=k-FX@fc5Yf2NIv|7gp3k@vdb$=C+Un}99U_CihhZQ^5+eFT&z+Rg+89TESo- za`t-b>Rf}eVkqF?Dr_3qFdecr%mfP5+2#Cm>>yt0pjH_l3O8*&Q?4m4yhm0Z+!@*S z6rg<%SLk`7F3+m%#9GeJ%c{H;SBG-?>(>mE|9H5P-%?=O(hIP!(Z3%oD678wU>WQ` zjzg4pwwWGDY^O3o>hIIP!#%@TG;EdUo7R5fI=+ zMcqWZsHCsZ1)D?hclLU0{vCwP+`1kaj~oKhoNt`!s#YVF zhSbJiaUSx2G8&s*8KHPZ$L@7su9oRM*B@_lJd%ZX_~{Pnt4KzsLPOL0EsGx;8~fe` zJa$sMibi?Ha*WX9Ab82J{_p;?1=n#2-%Sp9@4sz03!4X(w~b*r~S0;tezKzemTzkho<#|ao!(>DS zcjcGu#nkIpC*f{9e9jl;nXZN($H$fPe#>0b?HVEjUn%pvPVF1zFx;~v6K!c3QqP+e z3pKsi`Z)@8#8@%@hu@Vq!)ECiUr(eP9iO8l2?wo*=1{4e2=azs`bwt`!hP#TD&e!w z&0Xk0Jr5(r%O78ramDG__Psm!kZ+Ub?3&xTi7JqguUSURXQ+#8GfD~bIIeEc!n&xbX4=Hhy z*$ov_C|~Q?%=5w^uFuJ!B_*yr;pc^R`ks}Nqp4y2z9(btt?KIP&#M-ub;6;M@UE|T zw{|KFDg^3orF!|Gw$@FsO?OH%CZ!HW_<-S#p_5XL=Q)P17-& z{u1vtvc|O$>yZ(mNZPz(`9>Uq)PA-~A(yObpHH}Zg?U$ABoZn|ahz6(^bgjC<94bB z{9q&`mifJ?*@4{B)nUPgnbYSKU?0VG8Emst{ILO}U8~EmBbK7sDG4eL6^l@5qk@)M zDwp_zGkZOHWSfP{gWkv(4QXtD8Hc<%UM*1(%Kg%vfH~hQa zls9bRus5Gcb<3A9tYkn!?dhgR#|3^ZQVTBq#NSw*^0cl+78mtbTK;VG;ecOO8T-4#f6B_2P0*vYRloi zLmG@!JTIKrQ4uL3ZEq99c+y@nCew4+XfVWVyKAbFqExM4AHlVT@>m7jBJ!X_!&*_%Baf5m)V>^|Z0@xosUovr@WU&LUrf6}YSC68+gyLGntYWi1{+5O`&O{OvIz8~~A z1u)+q#?nuzsclh8P3|{uukC8>#>T{{G`iR+%SEugXkEKKZwig|=|wz@rE|$04ws1I zC1m2)RLnd)SUA~If-bsTlrHoqM7kVrNs_?B4JP-zv;H2?L2fkU2==+Fzb#^)*#6xi zDk|Z^?P^d*&``UZQ_OY5Y zfaFvtAyr?v$%J+{yE6DYirdS)B|u5c0Ws-orxtRJ~L1ere(L1XmJoVHW@%cb~sv|o6XT~ zOUa*$@p}5<_3Cug6C~l|^A<$%1Ujj!>lO(kPDnUfC=Vmy7+>n?>Ea>8V=#n1SWyLX zjRBE-$=xX&GVTLG*l$P2gf4*w3o0OPw@$gVH7)%V>T0=uwd0-P8|_TJ<&Z9T7OO}} z8kYvGZ0>ts0)28why+6-yKR>1WL80ZqUrtFSd*Pl!CVX!l%LrQ50s*&Wih+eN&=62 zosehi)<1rv1}h8nD)N{uB5wQI+V3(l;o`AcDIArY8riNtb!IdqxhKJpdTBkZ5b zbmubHP-1OI5T7`Eru?+pa4`J}1=E=!IZae38J;Li#Bk%yD4zTM?`>WF%%uBU&-#5* z0+pvjlWAW?YgHx7va8*StL@r)3{iEly&Y+UYhlO1KrO}l7Ow&ip~CqfD|yN%81ry9 zw2W`_rb8QoTj)XDJcDIo5z)#N5H3cm@8|mZ&F!+9Z!QB!RFz|Dz?}tXA^47}aEJfn ze-|KL9xDhS>syCw!{x2PntW>9w&B-a_39Fe0+D*;VavK>q~@Hg z%S37B;K<5|{fk`!SGO-}R?Reh_yodmDL>iPeysRC9QE{d(GF~=q^kMBqV=@?nf!J6 z!=lb=0NH2nAKJg$_ugx5So}K%ZE;wE)htjXkMW6<@k$_?`S6Le_&HoSz8?eEu#}_o z`86-BPzq-~H1vmEUe)7?AwG)N%Ei47^>uoT???JfY0oO&#z{-J1yzL5hIG0>g9zrN z?~tUzhRhq%JG(y3Q@An6k8775nP>7j*YUz*)*#`$M{tc$%aWF?!lG=rYGEnpUi$gslG8}No{fEpZqli@^?C#=w;2txr*F~GLbx1wQmYm^8 zA^&N0?pHZQ5QBKJL~}wJFsOW>sDnH2tG%Kv0e+ncl^0&T{B}jGtXY_c)B6|SK5BL? z4O`XJ9G3K%*}peU=IPEnzu27&jJX*r3b7ofIn-(AlYjeozBTTw^19IrmZb30j^*^R z*r@+RqV4S+Okj`(@}+=~&6FW>kmqIJ>)Y%0%ZsbN{y31w&G{n@K}y&Ba*I1xblqmk zZ>2cacCB^CZrhsRAE4{ro+*?Bt+rA>U-XD>_d{Za9AOYb-yaKw=_1*6bnXRBCXAb! zv{Xum5V6t@9UmUFUY~7Z`+xZG&Gc*|iRbwEOzHaIJUnW{&Kje$+%AfIEszr%nOF!X z_97`-o3!o^&qF{z(iPxxvA(kD*u6iuQB^6pz3;F)R*Af9%GU}LMhWO9#h4WS`pezD zFZ@$Tyvx@@8R>_E+#uiK2amau0oBR`sNk>>2istk;u|a~uH#!4&ek~CUbK__a``Xdka5toV9CMF|An*$8qnE$D`nr@_9B5PMk02 zh}emXmo%<@JY7v*XnVdLmc)*X+<$v4B&Qo~Hj-SM%yv;N2U|!1Eb~R}#Pst`^Oujz z2q+j(Qbh)H(><0yKuD8=;eHh2XORY=D4>f46DDK?~V`i@T0|VG< zU+#~Jr!bSjg9PqQ+}yVN%PO=3yq*@%*3!@ST@WXG%&jzPDNkc%i6>I;qb3Srnmjlr zAg@S*7(IbY$gts&L^i}+!t`4Ys&d-<9Dnk-?ehaaV=jI(sqKdC+uQELYri;TRYTDe z4p!WFc;MtWBzbJluOImUVv5?SJobe83q`eU=%d4MI;(nfp|X_kDsqHQpX!7QjSm_7 z#l+X{AxRASb_2~of22cycmDrafcMsAxFx6$UXsEnV23CBrL4_6hr*Vzl?3jFLMvNS zX;Ep^$ML|E{4X-mn;D=$DA3+p6fbozloprZhC~d@s~%z1A&7-Mr6WgDm7XQJU(^}c z9;vo-Y4=qeQc7R?aoXpOiuAHc=crumzI7kkgnThvY|y(g9s0*Zy0o^$cHQx^@WNOA z*q`&=x$Ih#^`kzGUDCBzLnGGl;Cw>=Im&(A zmH$^ZyiD1B!=B^S?&-=bG;9GVADN__U#*EcX9>s_BK(IflWLxVwdf7J5xAj(Xy_S1 z@o%eMj~RX6wVNdCS{TI8%PwGDZ}Z1H4c9hEk{*B==ij@HxcjkeUY! zW}pN_Wggib4owHXlXyVmvm-eY6nLj5GmD`><0}76NW0U%OFVC)%h*TLlL*drS@iec z&-;=s(_T?#gN9fBogs_#a(gKTj_k8QDWtfjcgn&@0=3yAy|OyEeP;cvF)V*F`sgI| z{Z-l4u3UD~S3;Wmi}%~z>Zye%z7&D)*W|NR#`190SNjG-<)rJAiu6Sta4_ zE9?S;S(u{M32+?wp39jOgy<4C@IB4+V_k(Xw(FXERlr-Jme3c-j0ZcnF`39* z-LJbS(2TS{QeIzf6Zbcd3HtZ``NM4P#F?rM+0L2Dnv2QKM$^}C2X%MzSXs*W+$#6i z7?mIM3^M8edg@cJ0Wuz!BH*4!CZ&`L*6mnx>4NqFZTGu9Kcq#34imDE zmR@nLK3+o>Dko6T@1bFN-M<0LakCRGBh%!MO}Y-xX2%7FclYa&{TZLvdRpIV1Fx&A z96UyuX2;@?c&&-FB~QRr!frb)2<pdWL;qNI73K3Xn~bd64)nANyKFcSX&#IF|jdadk(k?keugLU1VU8nEN)mh54c zuTc}A@A_X*M#U6Dbvl(+GcbJDWwrhFyPUu1cEEZFbaSYEC?c+B88w#NV$b$FF;Kj% z)Fj?ZTaB}i3zWDOF9knU=09W=az1ih>UaYO80kmIwpce9Hh|g0)sreWt3DVM(MXCB zQ->LWsl7_ld8lBQ5@=C5(WT+fry!Q$1~4GLin7%hbDWLiVd#q=nMk+qF>XnPmk#Cf z1P*7zHhc;UpRBGJG(VnH9k*gD(1W6yQp)flZD0ZKAFJ(0-DHi1WMCw~Z>qpwY9ZG@ z>eq&F{<~i$?TRTMXydpanv{OZPk6TcN?zMijuU>hWy(fTm=z=`%DpCDIoQI80IK(% zpg7El{+@RKEd%T6XZkNu_R8X1=g$mV)gk&YeIUJoq-jxXw@K_SK5mix`Ix!MY8C?Lc%jaAPpAFL|)ibO(9kq_Rei09aunaNoW3b%v)Ba-{M zA(MgmOfl9@G(jip(Y6=Mk`=O=UOpdFI&V}$Tne&HwKI`+f%E@COh)!63+-oYnmr_# zq1(W?f@9_>tR&Qw*5!^P2-zkrmcZoSKp>}wlDU%YA;Z@|`5{FfAqHMKN1HB=6m(Gd zsqzFDW?-;cPwv=yMy#7C8WAG9*W0snxTJi-m<<=O5|O7|i4Nz$2KdvHjnSz=lFk~G znM3?qmd%|E-9wLxMd}sy%EiQ{NLh`WKD~#8(tH)KaWL@^KsJTa2IgusSpW!)h{llV zgN==%X9(*|t;Z=8-K*o}*phZ-!W zgz8LUmQnV{v5>!t8qZ!-<-{h2bqRB)hW}z8L%MnmXz63F?mobgNf!)Y|LRB8#KlQ{|LuU(AeiV3NhK*k{c;!5)esMOGyt4mdWcw1Wfkek6#2y}V0b#>1ED*KlE_cQH>t4<8(D&&(r0!JibY zq8V+rct3(F4!l%yo0%zn-f>#^epzRfV_w&~wUnc2otSzT^(f^4`?1psG}G?XDqTp5RtNfk;j8r?{Xn@0<8X zSi72WL__O}<@p3Cwtnj3<@B+o0mUH&37g)Pp< z#@8M1`CiZTz*Ik(?t|ap@uq{pz_6{I4_I0i#H;OnC#e-wB;F1K{qi; zxKxH2wOWbcfBPXqn#Ez(ZCqM1?fY~vwG|#ttn6ZI%kzC&g5Ov}wLO*KDEY&6&|o|eE`?Y6U9lTZb8GN`u^0`o*s^m?+bzV>kRy4jl5Q# z!Ou+G2p{_k<6HEC4W=f`ve{e1$)J%Ae+EM`vz*p<81YN3&6*D&8tM9+CYSsh`3!df zk3Vk37|8h1&lI}P9<@oZpn#OJP-)c)7VVL&84$UZ)mo0wn3+H+&U%rW#Lkm@0UA+~ zzF!XQ}dBE4x!{goc&kT+k336Ad{Ib0#EmxP%{(Z+iZQ=9R%p~Ng9RA8-a-cXG z6j0Oq7P1E8^{wQA&?ig+|HIrWHP~2jQ?{O?@NXZ8|EZ{`6#6UkgG=Z?($Ju^5+I99 zp>NqAf`&(&RwXR_r3zp=_h%x6dSgD8JLGP+z`=vLxLI9Jhf~;wI2mNvO=MIhO=!kK zUCfHBfv($-6Fu2awWOIkGsJZ-lOIkcrtfd;ppGm7m_c+Bh7_i*PoOXnkeKZG=AoJH zvC7g?UqTE)>cj$4bL*3GsZxPzdQuXW>eS00?qx$BUpA^pXkCvNW1kyv6YLH+`aIuFR(XXW#6!6YR`k;Ts zKMH)TEShA~i!nVLA^Wf@Re{UME&`XOTpNg2nkZQh95aiUW*I-JVv@;fSP3qA<%wAc zoXjT-G^W0mn=MtSe!P!ZAXd@_-X^RRQ5HmlzwUX{;%hs#)uCnu=OeJ1Ga{X4}lk zP`v=GA(P+koy&{p1V$q7%yl_2Y6MQuiy6)>Def?+ceVa^o4#}T2?4`nT6rH0S1+AZVq>Y z(P+MX5L*L-QX7x=_SKOvn8~soFm9VWXMVo&f3c6atWaMB2$=*tZ%j8su==+9Ibm#F z@TN_LrKFmd%Eh)1rX*tK%GxSc+pTm^q$;0QIg8as%UDR_5+!MAN>EWP8>G+IoHZME zEZ5T748?f~+cg3XX2o5%10Rp`p_Y9f-D6{wjRm=AckH!~=WpXG7_=>&xD+ZY$FIgx zcdeE`fKvW9EzF<{dT3CPuOmVbrKFSw4UK%En2t=GGx>-I{@r7LH~{8}UOxL=VjpqxmA6m?7vB)Svkk^VgU2Ud)ge8#I$2Q*)I5&hc zkAr@U(?JC_T$*A!k}Ey!9<#We1e%xzxilIv2M46qW=#ua>)u%5R!*mPtt3+@AA}3` z8U2epw;FQBVs!}p4icdHLAPb?4mbNm)2IW&U@g4CDSzSBO)Q4a8d37P@_6fAb2j~J zv0hIO7a_o^OT)A#NjdrNo>UR8o){!1OdKV3V5DkcBi}LJt#Wo!c_#^yI-`Bs&5RLk zG@OiDm=OO5DYHiJ9{BNYC-1&#$SfuxX}y#|hHr;Xf$HkWi01sl3ck5o`gkBF-un9} z@MN0CAB<|C;d7a1Q`4rcmO)f3{aF`Vh7N(Se@ryKr^It?Z6sgvr@5vrZn(Wt5h{W# zHY-mPQR@#{=lx^WIl03Ho3R9H+WNmqk1{@&11(pf5i;HRU_@FHgto+0U(nsCouKn( z%XPju(!n4wT@%lTvFxSk^;$BVGh{~XbdAP8f2*kfJQ|DxX|k7;dFC8?lKKw9AN1!K z=A`SMih%GA79_LMT51PYHv#9SmqLoNM}`*SrOqS+IVMPX1bS;;_?c8|PS> zItY!>DxG5auym$1O|7|)l0pbN5eo+xOF`&-u)^mSN#_(!bM=f1}FccdKa<3Uasf#EuB6A#Fum ze7IWe9VLtR3Wnd9KDW6UVVGim?pwNxJgw%r9ie834Nt9eIBelJ2S2yQ&Ct#pZ=^S@ zt$JHMfZ-SNIBU@YJsV^!$-)897vZ7=<2o$G5Lyf~*taFln$D?;x52kV3703#4rVFDMELFMEBhBJv zYt{T|bZ?h1E}c71L|px5GalAoEN0*YtJBu1HD$5aHO^NytoIcuo6CsLd0giVH16>i z%n%iym+3RNb>hK1v(;(^9yz9N*zdT|UD}pts>^}wpQEahdYiKE>SY~_B2Io^@4o#6 z;VnFY^upVz+@FEmFTEtM`175K_x(p_-$^I;oFZ8|hskt>=C>=2On8w8gL)Se{*2c+ zSdIInkYm<+x+~L_+G&VyXO28t9}7g3j6M!&1bi8Wz6#^n1kjcZZ3auczdQKUTz4gP z7nwT?_!noja>>m6&w)Y0l8yA?7QlaN*W~4J(aU&mUBdIADATFV;j1o-@_1cAR2i=b zzjV$GA0mZ@p|)6HEm#n^3}u!v_{s`g^pvWPNedfV4r}UXo(JDLyDr+t}Q`+|N$+x#b zmd;BrE$62Xdyc$xQvCmS;J?BeC5GqZ@#(?*C ziV(NRBb-k<{{V*BEh>HAnM}I;3dYCZgN5aV0#`%AZ-9Ji9b{+#y)>A}XaLYlkLPWv zz2-BBmG|rS&ZL_a8=@9xoU2DX(>gMswYA<@DP2x~Eb_IbQ$YXujzhDNPuER~>Gxm% zE?;8al-cJWZ5gmtZVuOXr#8zgB>R^PKz9cX-DXOz;&Mt9*y~H>Pel?G1`Pajala7Y zGmk5#20($$aUwUU!FU}UHZc3i- za6akYMtvbB6XjZ5)~RXaC&qWRn8=t9!}Aap&I7y(>9>{r;hT>g4Q;D(-Pj_2vHbpf z-(W=_h}K4i@p;=ehuvxz>{6-OCNi5wt*G_j$t9Tf^058vr08*5lRu?r;gL4Mf4BY5 z?fnHyZ!_>l^xuD@m^_Nr&>)}A)mNr_4mjSj8pH&I8dT4EJr(=tWkvOInOG3^8IweW zkA{aJ!m6cnHGAF0+YCfYcTG8;S_2=x2B@~Gl}pz*xv^es3gJXJYtiw^6pHTd zTjb;xQ=q&f<)Wveon z<;F9?L`4jN|NVW{%-m|)ImtRd%=Ao}Btad~tbkCC7z_Y{LgRV}E<1>rizq!)wXBrN7A|L(m|u|Mn;)Z9PbAi@uw>rH zmN>6l(wXzBIbx_)vy*WN+PO6@=@`-QhB{T{3SE%@5=ut1he=DWzq1H`pkzHtIO!)T zFW0sZ;V8NNHuXoca==d=z)p1=KhFmOIBSvk52i6E`^mV!Ad+#HOm+(&ZeTye+8W(Z?b(ck9%WI8j{d%mmXixv|{O3i4%19+-=S#^xLykK|0tsz>U zN{Wc2(OS&kN@PopI!?pe@C`h2L^faCjd_kP<206Xlg~~su1{6^F5>p&0?;%DCyjx` zc>pCkz=M>o9)q@_W-Ck;;qjoH4-cpPnQOLAT3e_Hq~WDr6=#9k>Dt}=i&sv66ID&z zeT@$Eq$%@?^>D4uBO-(GZfJOOb75O`QS#ll%Q8^Q=I(aR^X(8IfHhfozC(YMgARwc zLNLZ3^>Ra18AKQ7Z5W8xlS4)(t;L|NxzRIiS7h^<2SWlb)qG=J6IzS+2>NF{ z^mt+vXpO7Xo&a8rD~mV^cqooLEc6F;*ww{)WVPb6^z$0r2z$?&QG`mKHK^{%GxplX zJ+`Zt!x4ow?F@4^k}S2B<5ov8fiX8%2BNbQDpnE@2Fu29i4otorpn+|Ds}$c?21$z z$Y4QFymkjn98qqDy&4`g2J5DV!8ecNRyGFZN66@t2_AI@6!fpx(=1LD=yAFqv!Bu& z4sDH;Q&H4}Pci7fQfg&RdV)&Fa`IVh#D9iT1;Sm>-$X1$;HOT3ytjW1O8MI8nvTmm5 z`>O}Qpf^|@t5Z*!e(-%K2Zpr{yay92P@pwQuNtILmD#$bM&rchtC^_>+gYurUaOFr z@gx-rpGEh<2FcU?h9J{z#eSHCnvm}?g6z_LsXsSB^{bbh3k7Z8NN0Jv-ZtGrJ1vRO z)Wy7%B0{K>yMIs7v(UQa6@k;apmASxe8z-ON%lF#QqU^i)qw?HR-hr{pAJ=ymb9WD zt-8}mu{{G^B<<>Jo;z)gCKMr}>lWKxI_m3tEbkwUN@^y!5s7O*nsiu^ux;S1EZ2&0 z+e`Pi|Kr_!6Hfn$gcQn=d2j%(5RGPG!OmeMii&Ilj85y$k2${SsLn}5wkb#ZO5Ya{-)_*`T6$P9~n;h<6 z4y4L=bIV6uZA;yT57t_%HWb%OO z_YC~LQkee}ONNGn>q8clw1#A`x`_|Z)lyXB<>l^Cc3@K%&`WYUls!;0GE9a)l0J5P zGXLwhg=)}0P+S;^3*AJh&1G)QqVsN5y!X1kor^$#WB9lGb4*-*AznhfxH@t{^8aH2 zpdtbk>wKY2e-un0Z*=*;L`BguYKH#0-2OMD>xJ`Plb;3L2ZJ0gEbvXh6I4=~YCUaE zPqpJAQvXRjHgebpXUOMVgt5!D{Z5QV7rkM2o55;fOO;w7sYp7*%eo2B*gEi3HX|Qv zXF=2CDP$ZY**=(*unyWcqc*Njktf~-PoLIaA^;2Rk%4{e2`P|~S?LH#Gbq^E!;QyEa5;vywy$+Ng)-5AGH>Z|X-z|>pWoKf z&;L>2IE&u1z9M2$knKEp zMPi`P_6EEFNvKpm|4aj?!}vZH|9?st83sWmSuRv3M-wPcijEU_d6`~dnvP`#UU+8=&npk_b|sFwSSH7CMY9_F({?|W_%C%Wkj~9JSt=cEZNs-!fLzWd zG(s+HvVP>{rxe)*;$Z*TVXO2_S*F>;bY=;CtW+wK-~))f zeJuvE7N!{=Z4iX?XsOZhjWDkHI*?kAw3{;@mmSP)s3|DMkK zD-s4snNH>0{^H^ZRzdLrBjrfFwmrGHAz@_(o z=e?cIS1>V|55>{ZswfVYAn)UL-Z3_@NK3+7r8jEq&_v%9vI#K>mwrn)`YMn|A}J=)7g1g^F;>Yc5s z^w-s}90sB;efmU$j(+#@D1CY=?XmjyU~p9=kMU0^USZTd7(@IUPw#00(wRLMO zwKg=g4$w)Rcbr?Ts%%W>(<&n^w0LM`9tfANz2a~bm=g|irscc=V|kkJ}otDiM%$k>gbsy3%N>HK~P(CJ@CnyzQBe)8wBbwI$W~Qcp5;Z0|dh zE>Zs7OHNp^k1Xly+=v|+v3E8D=O+Wtt}fmeqST-d;GrG;kwWAqM^NTFJ*SH-8c4!x zz~y86D%BzIC9i7JlT?xq8$$f$v%zgvvfFZ1;1!diQ}k(B9RFTzmzfn&q#&eS@b#n) zURayPE3z`fZ;L-N@`RK2v9<&0sSyX|fHZhjchSoDBO5s|SyqaNFCdSx9ixNPbF7EH z%0|kJ2sUwE?TvbqM+4p!mUx&3QilEe>&6jUv1|QdBL*|@04}`ecXQZVS{eq(l;r6l z$^6bD63x>WDjr>r&sUT)ShxKYh!HB*pb84=f$|a4{XVO?zr0=s&b@ndpnZ}-vinpv z6SvT-_q&}5NP?9+Q^=>(S_&gB(EkD0%9p@odT%wH3K z(|}gnQuoii14x7Qdrsh>e*woZbRr2D+g*vJ8Y60urR9M{{-3derIiJPk+l|%e5YeV z;59Rqn@;|*T+X#Rs}mb!I+pVAMd%FNT+Qv$K*U69-Q^dg>lrOiEt}ylR40+2`D04G zGN|-;_jo~?4=p-6Su!CH7Gd3HU1zd_$mZ#$x84FPTzr4R#NAcvi}=ksBVaQK&EFB` zOVD`+apQl{qcPLKB8*tW2!NU?hd2}qXPt;vW^r}(hta)?rl6dw`I1n6ImdlE>XM{T+SeYyDg*{J z`ufE~AsD8~(XTU}+~}!`U2g`;P>jt-B(XwchuOC2b_^A04P1Zq2BZVY(x$L9Y&(-6{Y6(3PgLG&N?ns=EJktqTmuCLvz@M@GtP$VvV5SMy!1|4O#9HD!| z&Uo??EQl=+$4L3y0dYekM!_MAesdh&_N?9Wv>m#y`VOdOgXEcOfYL4ZJq~ZWYl0&t zhyYcCh_j^hbVr;4METFL>XZHb$ZJeI$#?ou1rD8Nh-9T0ubx5&psZ+11c1jYdTW?jqtUq)h~&BL1r?Du**L;CV_M1wlmE?of%iw>~#mXo&6 zyV;Rlx`tU|$Ox3a2K#wZT$ns+FDLDHk{kUIEL2pulbyKX_h-8%hDvl=2Z(yWvg`9s z=-WE3{Qtw;SSYKPZgNG#>>Ut5QUID&XCk|z>uqL{=5&9(?R@wVrU=9!n3dBFR9_5i zt2lfy$+SLf-OQB+@Vc`>s>xgynVv5$*g=8l1HqVgKtNeS>CMsH>;M&HCH4NSW$aiY zBR2Q(uu!F61Xd`}RYX*Bp?u`!$-+Z`1QTGh($4{H0n7(PJFE~OxVQgEAd>K&lxOw2 zc48R@pQ$reX5irxeR>80@*}l9R4~(67Rc=*=WW}%U%yr@Gljwbzd*iHdtMM|P_pDjn(WJXD%+AqTi`oYxFxRD+itD26Xg2T|2EJ7A#kbv1iSr)g7SG^POx79Heomw;A&U0ZF zbx1n%NA&n)Bn(VZ%GD)to5nfG)?_88J{RVr*zg~Ivk*YEF;c2gxpUk@2Zlt zT6jhCCD(-ZZO#xbL#{bsR;dFJV1W!g77cODB8X7|?i2Nx{AA^qEll+ov6U6! z_)lTsr(jGp5Q#vk%6LXb+Th?#|0+Lu?-0PMkz$8>KjtHMLhsNhC;!X_8b zY2J5%u9#EZlc1Pk8>PL7!o4{;Z#+^s3*6)6&$;%y2-V zp~JK0J&V=KVWx|*l*+u?ZwJvVKNb-u3EqE2*bfgD6*=Pm50A=){|}FfB=D6|QIX3+ zL@ft@;r;GpD}4=>lM^ZybF#YBel-r>&>J8VMS`lc90J}Tn3(7wgIi3Q)cG_P5;?in zr`9zq5bym1@E-c&>paEVTD_YpU%DF*VW z&qsKeN5;O|K!f@##~K52qtZWAiq^mNd5;nSV$tz;daE|y=-lS4)nf%ZFOtzyk!DRc z8PUJBn22(=WuQ%VJ#_xa!`>Fc8#_kMrV+!|kGeCx?z5ub6P@#EMoYddA~c%9%4(_U zr4*l3BmFr;IC`<;b;8u zkfBs^f4OPfeDfDp1kk?&kD3jnrB#x-*xEewXZLa&2?PbjVF97x);v99fZf?tI zgZKUKmT_iwxQ(K>_Ba1TxxJfpV?1QNIR!V5hwqN*UKZ57hJZQSVxP~zSlK%_*RG=A z);!z)3wGnUat7F=$VVIR%P8W1U`UJ-V@qV*XFEXaWMXXxcYvC7-6iIu89fq z^GoR;;D9sqxW_HiNq^hVghNDprN%Qu3RV3)>~}$4cYyl0)$+?X9o>vw_Kk^DUt^y1 zKXLirq%S*1oFqF&o(#(z9CV2VH;ikhOLL2{KBeYBPnM{k#(L=(zX!&U=DL z?M_tGl}mg@Rf|dy9_@;Uxj2~YHvf2vQDs*Lp>FJ0HRrRI9_);)xXB<9nO)T~MY&AV zP~O$x7Pf`1Dzt?`jvFwAQipt{dkW>{W+#x9b^o-lX1+!H3Cz7Qew)u}54KZrZ5TdE z4pU7GXNxzf4MDNm9??j9JAST`rpe(UcN7)r2;w& zMoLulIRN=IJzc%ln8IdxwuqLMWf%uZNLV<2!jF#&T&KxF2pUVVgIaB)J)avfRO9w+ zntb@z(h~KH?Dy|sUf$B5FZe6E7XEJkVmwMi4y;**25b%?Xs82vn*9ho|3^@PR3?>Z|cOMJKhBb}lr4X$P8E4|I52=z>Q zQzTrwX9cr~e~J~NPYvg{)^v4+fQtWNpozQ+?Tr*G(xao)6*_bE zo^{)G5lco$ugzkaR6hEZq&KxD-0-lgCo@#;0PI1pxeT>T;xn4g|Gw#Q-V6uZq}`qt zpIND1-Ca9xMB;O@R5)QJ0I$UTdvS3RYPE&RVj&WF_6-B*_5Y_SL+u2+FrHU-kb`P! zW+PREF5%&IP5~U$KvdKh@jy0%?rbu<0U8hKlejpN06NCrwx_HtgRegV#rD7o=t#Zx zjNPK2IglO%3pB6+kyo>w5Ug#-Geh$*0+ilF(k9q+D))=fXICCg0aiDAEo0-p_ga^A zeQ9m4&z&6{v2>&-6r>-{+R8Pxif}}UfK);a(K&EcWc$2Eqc*^a&MTXgYnJ}N zhxW5HtYrH5bI2+8(O>wGzhOs4hu@rpYHJjrUp0u2p@`RV(% z{Z9!CD^QHQ=v(cAAf2`Cu8Jh>XC2$7goFHuyX zAcX+8^Wgbr)ckJdZChOX{g4A~Q}@7fyRp7<;{8(acji9C?3_wyq34$o!7%WtL9h0}abWwsxDqlM_$G)`L}!hN|D?6&2aEBSdh z4GnvB)~BNKs^5;DB8eFP5n0sx_^5&i*?aHK8QGKOtL4_)BXMz0q*J$0@Iw3cv|B=# z8}BV3PrsJJ?@lfaYpEITYm%1&A_%v~(~pmKjiw4GV)@^KOUQZnJ1Q7;20w*|;o{;Y zk0Mi34|BUnxah0Z4IbW|T82IWsm8rA7Js>2+@+E~n(Nz5b!|R{f4U1oZ$v?fRsbO2{;y;?>|@{*Ot7NtiSV($5B50_{G z+t{uj9L^`TiiOLr?g>ZJox$NJ*-GZ0!bcJk@Z4Hc*VYo++v!1NnhPZss+d6zkkJ$9 zL=W%d`GRm)04Q(D2p(bY4-s`?6dhr-pP9hfa|sPKwb z;7@sF!)%lBW~L!2A8SdA+^_mdsM$7{1oh|knz*xTT0}K*7z+QeQ9PgomzXo=?+XX@)nF)9(L(b8Rx zOHN~oBH_^tPdVBhSF7X~{il(=+2!z^AO#3WoZOSj*L;}uD(C~62zrMmvPC!=3&UAk z@-RrCz^=CHf*M98W}K|Do0URne4Mg5?9)-7o-g-JN4B9?(|07`qTF&_+?{!LkkCqP zuF7(?>2j+t3`hvRyt`v}rV~!5(R9fo(^GJ=Q{*GE1Q}e+WS5MJ)BSA;!zcK2ih@IZgDKN1Pvzhw4lE0pMoc;#S z?5k?iD+6W3*Yr_JqP=Vnaj4>my*;LWG-g2Ab%xKQfkZ?e(C8B2ee-^zcH8WxG;%KM zI~R%1hTc$;6P2SP5u`^9usI~sbJA*cwcGBGSX)~I?voj~$=9Fe7{Or7PoLc0-(KtL z*bESUvN4se*Pd2?oxX;Ua&SkkBde>Tzon?(I@Mv)pT4@?pfK8XWaIXu1r$ks0f_SR z^@*XOVs}M9*AdIb$E!l0+B_tyhx;+YF8t75Jl!UzgAG9N_1(o~%^#r|(vn)CwrO^f z73@v}pWn z9-H(-4nxF|x$`M42h*{^5{E}s-v(MYkUrJt^({DXbZCf%%)nGjOU1bXEQ0)}>jk(b z#+-;Z`UgKIcH&yM#z0$5>!CB&zjb`Tl_HtboBh*hZD4HJ8m!<{x8=&K3*i0@xNc4B;;|u z=nKOmA_AWC2l?|T0@xhuI^d7w+;@(O3;JtqY3`1W{I&o z!wSFlmsdI z8;J&<0;zAF{~-8-NKExMDFJi^%;KGG8l1j~LC{YO*h>vK7^**d20?;s9~wZuP@Uvt z2)}vq;Ijj}_oKluIq;5+=GDj9VtzdX{gHvLEx`XR!W8+4E&jm=dZ9iKEsiv}|Cro% zdXX6e_5Z`xTL8rob=$%N1W3>XcSr~lJZK2+?iSpAaCd^cyX)W{+}+(Bg1fu@o$tQ; z?qBb{swt|vx|!}d-KWpqd#$~eD3x~(RROYaM6c+81`^9>5B~D@V6~wp(WP+ozPJZA z;JVesxxvTpfg#f(miOSDkv>;nw)CGNnGx(;?~Cv@sl*VIjfQObU2I1m!sOIph~+&7 zlLQGLHdVop;4#bl@_y_wkC&k9{IC`Mh|d9?^O;nt@V$>o+Q39`PYDUjd%<{&Z@~Bb zyC-Wu7$3>`{tYE)Ks4l?oOY0ZC8y5uzg=cyogYy0?!TCYt3DhC1uq7xfnd6v(%K^&aL&pRDey66~z~^}9V*(b%2M(l=1aav1^L~6MhX~E9bBq%dP!ghr zRHojZ%n;NU%*;y?^i#y_>BYXli{{|){F1I!5i*K?MWo2yc$=CD8U`QHqc26m{|n#Bu#`R+*aj;}>X6d9WD0>M-p1kh2n^zve#(> zaWwF=|7W{c7`W*F*)GIO9*rhBBo<;+6zfCDA*$NmC0t<_`HIH(*t1YI!_+nQ@7@Fr z{ovrJ&}f_*9UWcx&5U9S_eKWNx!U~(m{=zy40_K1hf=e8hgazXcRmz&HuTM!NU}+| zrM_)25)w96>S0$5DVko@HhD2FV9+dV$dcWT{@X^9z`8et97rpf#WQzj!0@J)mQvaY zqtoS?l?f``#|U+XsY;v8QYe{|;RTSwBNZQpYe(*(+A0%?u{RIbTrVqmiDr_xXH@wX zItg|hw}HIR)rC>=iT?iV&?j!V6&_F%GFLzt{ulyHX3+Iq`v%cyj&gZU$cyE$+H6+N zZ4cpU$_p-nf4eaf)4!(JJfc{xJJZ*CNrzMfrA?`DI_K>ig_e|da4ed8NpUq7upgR# zxWlrwvs-R)sj12}c{k;4^=}%=ok^zTJ-sP!1<27aLc@3i11W$w0Hx(&dFOF&?W~;O z+8Z)wMbn?m^uql-(Pp(yo}ZBUNPcnO9sJal1|e+Yz;?r6UN~1rw7;IWVbcbZ}+Bh z=#k}LRwY*9v|Fw29;RZnrHj;l+$KwA)BczZ7&Tz%f2V{2ddV6l#%7`bhq7rbbj}(C zN8bDqtJ9gie^gAw^T>yxSyZxmaqTIf9)H;3FM~aXv!42IF2EjUF~3&kznElgf$t-7 z_?Hi#uEOMlqloFTC6T^s=+WuWoYy^?1z(vL=S}xe2b6|pun*+aaG**K0jD=q0Flf; z+i-8SeyFP;RWRAN^K4{-3pTeG+5-1}LNs@5{q>O=HC)C1P~F!xL|$(yZtvMPJKJ1N z5MA))w(8%@Bu#PSs}2kjv))HBG1Z8OJ2dol8|%vAe_mWOve&u5)=@O* zd{VX^IwI3#r&fi51IJ($j<3%Xms-DG;qmoumj9S_pa zYS?raTC6E0zDmr5Z+HKDi6&u)iE^8ij*NSq7E_1*F<$cEShkri0z7}vv=y{EZEREe zvW28uTWEB;7hA`|kA`5*|0dgCY;MoTnVyttZ?5FGHwZTqG^91Y+3uQ$1d`xYTZI#X zCaqtLjzPsou`*q6FKokuJLTt5WtG;#eRCN)J1b#3w}WGTde`3{(cLL}GL}rkjg-XA+T7##NUifw;zPumT~G zt*7Ga=~eQlL2+{cf~2?e7{MOTH=nsKtnyD^M9|ye7&j=*Fh%`z)R!+A4=3Q7WXYX? z7F`NH=($PPLk#V@KX})hpkPWLgF(ldhN)kAe+qY!#&Rvwp10ybSMy!J3`d{L@^fJ~ zOc9q5BZk2-ur}qr_6;q@sVunsW;B+1={W5-SDnukOFU31plWB2$HGz3=`#*HGF@{D z@-P4Gv9rEzdxy}NS@Qyh^Nw%Nv$yEOXOnF?Fc~VoVAcHqOC6cFy=%^T;>zBZSY*t` z^pmgZNyGJ5j?cIu5}1PEz(UD0HHc<5y9QS#cUuynRs92bcrA2&rH|4l>h*JVHGW93 zIn&y+Sg#a*Os3ddLt>3d%4)rc{B!P(g@$B;RDB?S^UbfJ(65GUGOuahSepdfIHLAv zwHB%aRX6E~*`Ke?&B%Jk4iroSE5vayfD37K%|SkHj53W#lWs?+nTF;{y)q832{4_M zaU?5wpYsW!$Q9j(QkyDD*{V-a)^eR_^Jw|_VrwMROM2H9R{^r%c(@JHdAg0_aQf=b z&BV#+H5j7|^7c7v3;pnZfQijmCP`0?IG&i*dbs6PRB-6T zBq!fIofTc}vS_ycELEYuiYC>BI+-n@uh1He5udeKM&NnK`=%q$+Pqw^y}M&79A*s* zns|FjyzVD1VrM_ZqJ7uaM(165xq%GG*>HOE`KCG0S7-!>27gQ9sBb(qg-DeR6a5Gkf`ZldBE0!41gwjIXW|N!rHhr(L!fXAZXPnf$M(Shto7{~ z8fvcEEyEE{X%}7XW-tP4sM+DKXF~n&MR!jjP8p*U^m4s}Rso_sII=bUdif1bpQP|f z)@)c|9Oe-|e-kxhXJKX(daz`Rj>mQD*pqt-C8Bt><$5}={rifyNsnnBk90?mR{ zSO#=ym@U)S)U~~ywX33&FVvZI-rb^TG_%Sk3d+jbPDAddr{VzdB)~L&=lTGOT3Ha9 z3KU7a_wXnzok^4wm#0(n4Wv-Oox*bD((KsviL?}0B}}Ha$+KuuS0{4^pYAC3r?jhk zy!IzRGBTZhAL?W>cR%>EF*4Oqp{~h-!JQ+?epGaA z!zBgp^wHsv(yy>5Fh06~{mK{*lplf;Mty&vJ(x+IraL@ol{Gt+8BuN4%m8gFzF-YH z{+Y=B$G6a5ppnIeg`qTdfA0t_51ahykpC}cO$$w%y7mu6hXlo%EAZors*?R7#2cs@ z9HW;xY!xmh*T8#yDhoZ_Y7I_Ly^!&kC%}L}FJ=lK|44t;?C+YxJ#$1qc$8?LmyryA z-}3OIKBgGg#{?&A-g_raTRK4znS@m3Y8Y9J$!%QUuA?6wo8E|sC!^Y> zX0=o`qsBN;D$V5R44^NaB1@5%EtT0-gMg=N>39ZSELz* z$Q|3;l8G)cX7G>4W03LK^*fM>AO9TBn>~1K1*-#~RAD$g%$3D?zNASQ79=K8EY=?F zc)d9sOm=_jn8>DEZPLtSzj{b!I#Wbz(M3Qf|23X+Ll6bs_57?smw0(m)n-HL(E&2{ zZnOS;wLhsGu$&maeX+&qpTiSsh|tmbd%6BhAuCJr$p-=T1e51;PKqeLpKCB*`eXS+ zY&y`qafPBedf3A3!}LSvF+?;EYrfo2VzznQ_?SDhYEOQb*vXEd_jm;wZwU<9MxT^rE}>t#*?bw7Eic&-}5M)UNhOOzt_b;oB> zyVpj3!|=xBLx&?q+KM1?B!i}FN&$5! ziq>d|q;k`OH9|;6V5VCfTXFMyd6vtW0foCm5xOg7mgh4oB{!wP>EIICN%Q*t z;oKdNvt`R7)A4WwjmfIG_4SbvgCUjPP7H%;8$S%mXQ>Yxj+LdxcE8IXK^<-$;`PgT zQ#ICkB}TUdp!AS{N(-ZYF}jp?NZf}P2@H;4RV54#?9A;OvqAcDj5@tL@L2mHeVIEZ zkl)IUd)(_@pfjSPYVrHz9J3b46hz|c!xTbcW*x39`gCT|X$-vEZ+5C#cavGKk5FrC zx#qeWNq)?L9r1Yj2@pqN1`rTzFE1~pBylDuVdHxoPc`6xW||OcSaO-VW?M2uA>_ys zB(1M#%gc7dUZtm@Nf?!21`zRsd;}Xx#zf*A_oP>NCqRfX)Cw|0C1oGFF zuAX?6(RY|tm!0PN&tERNjvFEFMj?Vi<|VbcwW>BqNFmT!lhCj!Ezo5SWUW3zlHIL; z3}i)poME4Kf8G$9$=&m3KY-m@w!$h$c$Rqw#K+`4Y`)xtqLZnSw9}Y%Xusa6h^e%x z#HTnhHQ&ZBcfkZ}zhoThbtlhhw|LfZ^%z3Dqs_V1u-%>$dU{jzKkHG=s%2H8u(F73 zSsG7t47H5R&rbdV7~{m7a@Hx+w+-?e*%2vUJ8i8uFfdG@9BO_08*Es;-qP6(f`$*KahZ%3?)G&b zXH~whyZbU3Pc=I*mD&D*mKa7;1x+M4DacL>kRD;9Ncc{|6Q^k$PAO~W3 zn&x07>dw41qrh^b_(DDqH?CppzN|c$ckQ&D$;egJTN}Oxhp0V%y2L*VEYHDhD?0p* zMo+TTe49u4L52dC51EP^LO~JVDdqUVjyR!F^SXt z^E`cnJ>5%3x162jw{&7CS}dG`1{x2) z>%?ewQ(x&u!#Ie}4~S8Hmh?q^Hs$f39&&kgE>4e4Qo`lGN^r{GgWk^eJIN@Jk4O>hL|H{P&B&fl9dI;rO z9;UjTaDt%j;o-l}57!cjj18CFpsBxeRfl;w7&`LnP@k>Sttyg9D!3XBIw z_jIH8w`GVGPFL|uVY11m^xK{hX8}nPGFQqG^u|po`MG6I8B$hyy^i1T#4Cj}M7E9n zhNk!pP%9*iD#B7)NIhqr@hd*n63A?t2GMZy7Qe-c40h%a&@Loq?D9zoh@El8C4G@A zs%5U81^sMD=6oM($ejo!iWEoGq*nGpKk?yLW=pKcof_7Ry;=}>soW1d_4PN2R^<6t z|8f%X_iOl}Xo;*ec z{$d)xN%|%TSKIc|e+x5H(QZLdAR?vVgKC5mclD2SaIJf6CXUI1WJB(Vq{WBiA0ld@ zWCy8oh|CtNcY@I=xZj@bfMViDK@Z{NBnD{cJa4S5`Em=_Ym-B-H!^7EEG}yj4ayb- zN|0oxrPsc!Ek8e8*3F#^w;g$I4#w(=Gg>eey$m#O*;x8_(viX7r_1~tu;Zg9ATi_M zz~b`uBD=bc0@zTCMC6rf9;tQfZ?;`UJX9M-pS78nxpCR%%`VkW(qI`{S;-k~U6K}Q zYbvvjnuYQGVuHUqNr7|tF^W)Vblks4K>M2*X!qauu-BL$7@_M$$ zJ6!qO)ZjLlp69X=A<{B)Y{?Q>di%FZ^cpwk%jY__qep}*K1VG)-FsUgB~n;td-L!Q zy?Zo~dn-VKQx2j`x|UpH-qm33-0ljjcopjyXVnumE!b9t|y z3!*%#6s zI=Z`LNy&6Gr)|-a+mn|eDeHUdJ*RakW~OFZteW)nMpPpE)p~l}#p;2c9v@%$W;`R~ zN_3_#ImU0Vui#rU?o6@ig{s^|fQ=BJ>Pbc}RjpdN(L0ttYELf`R++-Z0iL6A^Vkat zL1{@jP;oV(HOHfsL&U&!%7N?J<9pl=-=&-rGfRzs;At`ck*Mn^xkE~X9Us5alD6=zbVlEaH?kKNrp!#A(Ol*Xq>_}P}KALfkJ+Y;Tp)L>^kk8 z(1H*s*%ibvIQjT25We)mQMtHsD@r`J_PYz$2b_P2sQNpkQs)z~jqTLXd<1cC!wLR0 zxJ#&n&5apFLJ4}&U=46Us?%6V^OF=sI^qHaxJm1@n=et z*{$C#ypgRq6}HTe@A8oeBURnmmm8`m7x0nVM6(+nL4}Lqfkc7)$&g_H128RB^FTLm z!VZM)-@pzZ_VZBkr||#F{>cGpSp73%7uzeks@XeSgvt^f#U*j&PXKg+EMFv_4lQ0! z&*8#oyEo>{)4m3RpRioTTW_v+$#)vdpE6Kx8Twe?Vir1I;K*YfPk?vf8g28xKmo1L z($Z3iL^>|_`-z3$AKy*lNTzJ(DR(bDE)~i-rLw+IP>Q!%6-j3qkW= zC@BY)mz#k^h|O|^!I1`lWT44qGEt&LzkdG?J2pnHth~GJ!f>(s{{tg};C`cp()QF6 z&!v%QVHVYX`5#!~A7GNbDIss7O_fEvtD-%+fnP=7=nItWX5y7BM2xp8p2{Jjz zKhmd5mw@-ysJ*pF4R73q-MYq%etS+=HCvyG!OYzY+!NmJu5@SpCHhfNa{`)?S6yZB z<$5}FG}ZTrs@9c`hQ@Ft$&Ghaa^LaF=sAr&^6+aBoHXnJ$k3%E&KpTKUZZeeFuJEV zzeKSS(+i7{SF2wa&5BFjcVc5v8qqM~gR3iB!OZ0zs$G)44*`$6mLY=7m#Z_sfgzcd zGz$tNDA@rPp!Tg`rvwso4=9n^+?gi+MjMyUJfBPc#!;1@b zO8sguMQ9ANE)~+n8kZ^?!3Y66HJ$t*uS_u!x*|^t(8$P$>+SJklY=?1n#3i<#RS#6&o=eMtio^U~AEk z$7f4y!gqh+F*Bm@>jU-mH5>95XKlM~e;~D72sUT=kn`K-Y%xxAe{mG-#KyGRj;b++ z6s$r(lMGxH%VxmyjQHJ|4|q14T9v6?LbmYFl@WWJUWedI^qU)gh9#bK%Gju^hbO1u zwn`P7RMJa;8V(1L_-u>pRQ!xVbIIymW;_7rBO&&Q1EqBh2Q}8T)uRw5R#_5TK)X6Js2lETbX% z7L5V|KBx#W#j`M!;_pBc&u3npFmU(S7)f@GkjK%vib!165k_EgT^c;+iH)w!@U?I+ z$>l<0A`CB$y^7A@+FnfJgq;~Sz1hxPNMh22B48Ii?jsM*K>fXnybP(AkO#jpacvv^ z9`O6#5(-R4gwn2lRV0KI=U$cefR6Te*EN`#Zu{bP~zA$>Z$f%E$T($z$ zt~RmL1yd;6@eGvUr5jsCmB|MYmy&`-KJAX8gEBXC@@rPBB{4-R9W39eeAJGfv|8(k zts9bqwNTYZJiiUM#eS>3JW<6l)-)kf8d`NMsle0%Zb!N;Il(qHUlbsz&MiZzDKTN! z<>X{acvWD3%c7oFkcNc(aA*)d-fEe`9ijSKkgK&$b`sJ0|t=u*}$5h)jP-0Wqdvf$M zb0SM~uD(jt9*7Pdiq$p0ic1X7g4GV7Sv;=P=JE^VgB4FK`&BnAzM1sVOXm6Hoc+IW z3U$v(x$tQvZHB|Tc5AwqGZ7bv`z{b3h_k%xc`as+IY6JU{uZpb?MmPZp+}}q6QlRo zNG_HVQBV%A&rU;vY|*K`*Ev8H6K82X6dm$r1w1M((5dU@-%Gp%jGr35;ZtgIj( zB_`tgNJd$26?uMR;kY9{r0tczxMVw5;ROG#{RPY6rKzXazuvW$qXQ<(ZDhH~@*wt@37fPZmA_{5zx#=;Bz4Ez7mI3FbAIe)lEjM0t3(zk&v_qXW>_6Hz29yo6tb1izKRX|J zg8=s(8_ZdfS0&J_kNQ4=>Hmm@mXd=>z(*WT=1Vl06l)hvIvux5n(~44%$b-@9^AaB6e1-%A(H z6f~Ps8=uake;_Umo2nQcP;kBdo7K7y&&*R9MKV2=VK-3MK zML1%~NX?|wiwHEa|DEFb2{Bod>;CKyMp^@zDJw0;LkdD7`V9gscVZ_MmF?U~5OEtf zB$>+z2-)Fv8Heu#Fsck64~h<)i~_wL)DJuA_$yGl%Df4{$7_DhqH@fgunX&~3*-1S$$2ynpoAce!_PU^*ztR`e8NK45~VI^VY8o!?N^}p~6 zz=ydPLfy&{3Lt9#uoXG!P!E@K*U>7BOo#7##5*Wv6eH2*9JIj=4*8V}Mf;p`60-n| zGqQGbnWmlLJq$YUEl)fa1%_u7lt*@`qqHuVM>%e7o@} zh94ax@6nsYjK5Y-XnUpzYQDnQ#YHuZD|K`8Vtp$ARaf^C5LD-ROIxYggIRTKe@$sJ zlA7T-0KzuIlETs=)V@oBT!s`(A`!o_(HKqhO=iTZ{PFi~@qq`XEJ9xv-& zHRO_&7Lz__Cxi`-7Fm|PMG6N*FAX35n+u@riMw2}E>M+pvO@+mL{>SS!GrGI1JtCL za4P>8Tsa$tdS9X&Fcvl1b39?kRcDp~^?^Y#zKmFX-Y}OjfJo^Ro(;JCg?fUS%iozoG6X}KF z@1eZEsi4biD{Dl%}?NAV6$jKAdj|{p479x32QrWLuDzqTwZgoado5{CN zXVGQqJj^VH;e_U~2@tek%Y29tw5XU|1mV+&HBxjkQ@4-r6%=?C@9m)AQ>G{0WOKc$ zcu3duRl8<0f4xO0{*MVxX2spVwiT2{O){CynO;Op&Xo@n*~<8AeXUnx7Meb!+XA14QuXA8M~VlxHTTR_vJ*B z9cCDxN!i!#rY%nsAR+L&sr*A*SReNq?J=O7@sy&j6(pYO_(3mA=jyc1pYFA#pSYE- zrOxqm7q2V+KaJsHmZ&<{KT_Ss4S_Y(eOfNh^PAWG7oJmVi9Hm4&{<^7hk#-AotMrlAH?bLZ4h z3KSP{*0McmF{9~1O}UeC6_=Pcn*RfW{y0%g`ia$n`fgYXgx{?>$8qR17#`5#0)n=T zw^sJ>3^p+qLnC`7k&qR9Gr2*REibIL~d4i=#4(f7Gu zxeO(RO8nV24bu^KXQ5!kt?j_Pa~f6L^sr#Ji&DSfz^%XY!@QijLK}axIQN^ArT8OK z6(}oMWd${sP>a{q?~`CS188B%w$Ae8Js`l(m&%H2VR6FqREiAZ;IM4>lz}4a&}G26 zJKGyFcyU10heyF^Zd&tt<*YT7;P9QvGoSC{bYIAqz=j721pah7^R!!QIR}sg6`ovJ z#I6)p7Ir&G;;E^1fpiX?CQ+I88C(!$NRx{~jx3T+jTF?vvfb0I2Li^zk{SxW5$;El zmwi&8aPv#f$6{$=X~`CaK=gSVUDHLHm^116VXqwI@K7cV3A1^jKvds z2Bovt{CMdNO)b?T#KcbA{Huq|n>}!IH_qYFM9V9ahSTC&JDjLp2fwki(`5k2By24F zg6Dne#hzUET-KOB*X?<4jGb8G@a)3+ON}-F$tG&pmxx<(js-0^M0|Ke5fyK{aFTP{ z>ULfm5GcE0Vrpi!$r%m$qzsU-n_@dBfQYBYh#eYeUs`Rhe+WRfdAg0aNPs4fb-nz0 zwlmz>L=G}C8X=Pa?9ai-mFVd4JkJxhhl;46?!e}?Mp7WGc|EG21>PAqH{tHrl#S*p zt5)IHr>n=LB5F`sl<#20e0|}eW*Th9kotNR3Z~B1PT+Npf5C?|J#GVr*kdRvqC9G4Kv=& zTn23X2mq+!9j1fOz&X&DK38E@o1H!Ppl>tG4I}<` z1iIrzCN5H26o<-t54x)qf%cgMQx>*Ct2%EVmbchEb=chFSiD0cuS~L>;6MF?-~@_^ zW~Hw0wp!%BrCkjlO@*OCV_v0g zdGuP&fcuYq{NCX8Z@rh;+XU&AbmM7at;GE$;#RiKxklg0p`7vVjFJ*=(8NEOQJ#Fj zETi1@L$s}b2+?v)VWtnPo8B3MxxO(D^IyO=XNLYuds?sqRj)}G;iAx=Cyh=HmTb(A0c8hnxvdg^`gl_QSqK^>3f`NTw>AUshCE>VjR)^`Xbge`sK@%ynI}y`_#LRhbvr<$0Ypg;*Hx= z3(o`j;LoTooHY@ILcptmm2RP#t#dW~?5`fIDCw6=4|j0L+Pm5PNmd)cQ$X>{;NbXt z1YUlHtWnEdhQ&^2yWs-Re`L9=4CuZBzH}oQCt1y{^L7rkW5f7=%o9cUeSpcTgR&P8 z*w3R<(RaW$0F(~SNt|vDyCARBDoxMV3i3kwA0vpZa%I;0`_=MuVq@(98PF*+V0LBk z<`2aW+JeD9fI1Nf)Y*KdX0fh?vx&;{73kebWugn$vv##*-s|Q00TqFPRnS7KkeZg_eqMg{rG$BNKy0cA&xC>Y3ovSql$9Ga;8B*y$_U0O}y(L8C;8kKZji>AD zFxOgR1peKtP|yp3I}^~tI{2VjfKwcC4wqNXCkz+IcYrR?opJAQHxj|=;KX%aca3)b#;GVOcoS+;$A zs?(8+&ljH22oW6JlT`}KHc@Ly;FD`Y9WeI1PoL=e_5t0?GP`-mx{ij<2R!nNiUm0t zGIZ55s8d0`oI1LKxBhlTS%#%W=x0u`;7CkaUcFz#O8xrDKo$cem7Kf^ENzE|yTwoo z$=JlrfiT#V?R}k<$F;1qoaeUnrG95PsjucaQN@0=dlR#zG9s$cbVxV-xgwEpfYSh= zS%J@HiNk@FgP^SJ4+|YD231LU7%->@<*lr~U^KM2xbcV(*T_!I)haluZ(zVJ<(os7 zIQYBVQFtluYwzK#T#1SZ?kO>`_JY^YQd7hJgiwB&p7PKTnnp{*;NwkI)8tdz8@J8C zN5oa8wY;zXH8sJTw6+5 zr>EqcL`=+za|JTGtBWZtdW@4+WW* zwB37dog0%30|F7_I1_22D6|Gu0ypLxO00* zwF^~CN^DDu_pqDAIX>M@@f%C1w9(m3k0efei}uS0*{c0&7po7Lv=zOdKROsr0b@Op zA@Cbu5t**HxX-O35g>p9g{oBJE`>!HBr=S`(C)YhSXo+P_y69FN`M8RI{IG3j9+Zg zy}+ik;virRn$hjE^Y}81{ew312#1*F>BaK4AP}9nZD75=vn*yNNR44rR-A=*{+?^) zB3eLAdXw3Ye2ze<3C(*Z>;2RXHz=_9l2i9P@+DS{*TUadfwsOkv9-uIgPUiX%N4x& zXwot&`p4qjlmhdMTQGvRB;Qeg_F%k<^GU1~gC}2|BqHw}VNok6!P!QKgU#mRa^flI z7g~33@8iPvqrLG8AkboVu0+h@bY`dmu>El!iX*nm^9`#d40TInel4wwiad>SsE$1* zkkEKWB+o;S>CqfY)0IJ&-`4wbb>9W$BuX(u~QB9{2>)9C!;oGqCDM1{fCU7h8n%-8&46_51bN$l?oxXMEDx z)ywjuRknt?@91(ee0!RBJjimr>@Nh$qMRE;k>NFrSjN#oS=mAHzHs*=5gsG$>SwoW z9J?Zx1}du8N+QTzAdvG9YtXx1tbP5bCpl>$e4cQsy^a!M_0O!eCVo4=sa2oojKhz= z_y|~tTltU_f8*4!WC+mstypZi+SDV+1oTH0DgNRA41*)&b%?k2tdPzTO2j?FBKjMu zP%9rU`|=$&9rzN^)cgIrh$`N3;3NEMm*uJ;z){2vixGW#+H*Kjb9^OS3;LA6^Bm=T zt`n1}qWc6(LGj6#kINIBL|Rtj;Apo6^_~$&;dZSR0dcT??s8`gfM^LglN!LP2khQJ zc`lXhtpGgDiV~PZ3A#V2ca9J7yxvd0+H*U4E7v~5LHi;hN@>j5TObo!k(|jD3k~Ss z_x0`!87$o#t%gdYjiz%f!f||0pmSKOq1b#nLtpclN1(JS&ku1pv%LLtJ~Vm`{#u`p z4EIoo_lfRmOIP_w1~PVCO}YHXdB-_b+sYVzbrcRrD!Z-F)5;cJo|0j*YC)AYUT8DS zGuOb>e;_au>?L$UPQJv^{eUpQ;!pZJwHku@C#jk#yNFPPO;}&5anTl(<`IVoQZ2^S z?rB)Ej$xbyovtUmr{F|%`*qKRj!80_P`u2>0)(WrwiH_E!sw^-#EV{@G%U1&a9PGy z3T*0QekV2q@=#GC!|GC~tJfC%MXm1rYR22e?F%pRPL5oy>7)3VIL;LK-l>Fpd`U=+ zW)sf#0=9?kU{G)}6(}7$VEh-cy0bC$v<7lio!yR72A&+^DyIu5M=LIwFITy(Jt~*Sw&w45QxTD3kW!r zL=>1WfZxq=OTN96IK9qSZ!+Hd7ly}HA&29fDp)cJw@;r|MZ&dOikr& z;=NBHY#G*a9oPISs@LtJ9e3t;=gLinko}p#F(Am>LRVzA=hr%#tFO00Et8`&pJxTc zes0>|(4g=ph<<#e!_cB-zx8An{Gu!zfFKLXe-cp2*hpiS=Hr_h=MGKdUWK9rJGPm{ zo2#YRzP(~M`EuFs3+d(9j;25iuK-+(oI(cjdMPn~=69!Knc z-e9#3G`{NwqIBg;XoFzA0lG~?2e0WO^SUjQ(GMQ?q^ofrRVL$vjFW0p1-n|cWyomv z#s&uO2NUlW`nLD(Kp5GJpotyOfXZD7BR)gU!LC|sMg}as5U>`TrNPtFks39nN@>vP zWH-jghK6$x;N<`Zk{!u-=@}jU`n~ENNuzCLXEJvM8DCGOlv1-_E`PQ}b80#spVe=l zYKxy=-npejSNB`|nW5RxyN?)gD!13b9^OJ+xzrlG>|cChR=ITrko!}NGL z8gkpKS}yhXKJ8aCO3a0St}DkNU@XZeo>>!9bd;;V*p`)4R`S=3yU6u;O>`-TSJz7_ zmQ5Fj-1x?=Kx;;VsiV@VI$a&2)lr}$lViJvJ7x5+ZpN>r9*u$HP5c9fuOtWJf#LL* zZskFW#U>#+4dA{Ec4@+=Bwyi&;owJuwLlbjdShg5;+O4T_}0k)y}`92QWpvNBjT?I z@zECDgp$1`i%jiQ`n)^wIW7iRWit@k58!~zi(B14%?Go&Zq%?KE zy`}0bud-2nlSn61iaa%X?9~tf&2q|sIzl}3eV1pfw8mBwDL3R9VY#M<^+q+|fvSm; z%1t+=t$EE;)?067A6zmb4iIV5;pjfxBv0AJo6azMrxPzaU4=`IO~w5EtOXr?LPBpanq3!6+Zjgaj08 zvjyI^4eu09a6K+8Y(vBjxZS@HC7*`Qq69SHP>_!2%F{hGG+eDKug7_o2k@@1FPBhM`zWD;z=pyZL@r z{3F_5rD@6FpFsALjMBRFkFwFTz}JFD2GA_tAq5SWkPOU|NFd`&kN*67*!MzZ7XG{q z*-lrIgT-Fz&QWvtxD#t0RrZ^uxsu*D1`fvmO?i4i@wZrK3?Q|tEi`_zJMf*%I)98f0JhAAnQZd4=#{i>0;=KR;%?u?X#HS0IT((4o;&teOx(#JCu88;TO zK&MNf{!-$vM8yzuNZnlX4OV{@kK~ze!_vIF!Kkv0z3AL@yWjaMrEZ=24V@BMDCsU>5;~LF!&B4Iow|B{WGvOc z;Dk7oUIHDwTJ*&F@Uq~w7K*B>ONm5R7`!adhSE}o%7?<@C5SC^6l!I0DF;Iq>`Va6 zWUH+Y$bNLxY~pR$`!xLTekyC6WP++qp@ZQkhRVOS6u)CD*uCci;o`ip7>XQF6Un9M zD%5ruy*!6=c9HVA4Uw~$MYR!SA6o!#i=7jTMpp;+TFhC<(M5lm<8zb1?o8_M(j^dn z7@_Z{DAxB@xF||`5dre|Bes_H#Rfk#^y+}sR-2B{;zfKG9^^cNhWY`yVqO&kJp5Eu zWWp|&nOviz6)s=6B9lN>vvQvHshXse#LzZlCi+3)m^DqD=T_tpUcqc}S2R-Cg}6`) z2$T>o6F30}w`r-s)F# z`wjrcvw+a}TGH(P)2PeNvVJjyYXnL-KY8v8-%Q;pZ$S*(p;8PPNS3Aa1C{pV^tP=G zzR_T0Q3Ks^MSITkiycr(yERLm|1)i~O2Bv#0<^`-8MpADxZ!-hv)=}*$!_gR0)!Jz z=-qUw)AWQk=lay5BKYLTyoJL%uv=-+wL9CuXvEeX|JJAjR~8*YB86j`1#5_-~=DOQuegcYH|B=dS?Zh0`PHL$mIXF{hl zV+KtK^zItGxT+MzjY!Eb6YY)FT1`WYM&%!`s}=xm&fb_&t=Tv~GaS&rTgYT^&hO)l z*f?i47q17snI-+VWWt={;{((%P4)PV-kTwnmeH0C z`cVjyPF3mCrVM=e=|t`TZ^goxO8TF!>K=2Oy)nXU*&pur*8ezy09(kxcZP)7=(kg~ z$T;e}6o=S~)y<(@qHuS{bTFXQ9$_7{^yvb(oYg-TL!%+;Vz4uh&XSyNj-Y#|R@d2; z;hPFRYkeI|+n;00go+8tH%7>9CvbUDvX++atj*ODmI?|9si`&rzBV?S!M(MoGa5J9 zQ0G^}%?=Xs%QQfE<@E1?>(}CprQ=T1$VC4dWIMYnsW7!w*Ym9!&!JabU<=@(-2G%* zZHLiETsip>y2rs@hmA*9;g41jh-?h(DL1!(&w`xyi_fFi*JQ4IO`Lgm!OE~$l}k!e zYJdnp<%AqR+p4^g$~1wV%w;thEQOowPrwL9MPr21Dm{!A{po0cX5!Y@khy9Tps^Ql zTyKagn$i(PogVF%{}K~Vo8Hi-0CuSH(r%6_%Af2@e%i4r0`wIc95MJH?6yB&q$?#6 zufb!PEMs^OOs{IRS%|j0vX_q2Yu$F3c1Ad^`O6b4SR^)=Lct1dIIV0^+g(S6lidZm z+wGOacqck;#eEc_N#B3RctgV;wGe-G0BTuEEq~);p_5vi>or)!;COjH1X_6jf{yT4 z>N26Q@2w+lNEk4b={kTv4iX#yZ~pX@=rUA@eGGC#K_gXa1c(^3u@;D=GRojbT8kx6 zm4e%6(8Rr~Ojn%e?yZIYfIQ*P)C*?uvAl`qc%7+V)Yi%Dn-6YuhUFPXDxB?2DQit^ zy8KpGkaR7JxQ55zz89|=&*s$h*b0j+aJ74y)aF-fp}oFU?-qSFq_wp#J1ti~#UIZ? zao^y?^KC86jZgo6sH@adNhb;SqB8)RS#$Hh=lNQXm>hMfauy?;jixo(`{>;@URMgj zW)1@w?~kcvgfz7AG@$KtiZ~|D%yl+84$9(PZr>8xu&}gO-$Jm@AuHvcLQIq zJiWex-)GHbd1j!#buhnEF1r>p2C4N`)F|EVzGl_B3mo8_jrGBN3}Xfw;{{Ei(qdhy0yVe5w%l z(m0NOZLq)d&mp@?dAkugtrAs@?y7Y4Si=9!`o$b#({!OQI9W|gfq0eQ6rrVj7HQ*G zcF??@g&57|bwj^M9O;-B_6>zuK zM#vd9-^aJ_Cv6^)q+dcz@VH!qD5S4JKR^fw2zO`W$t)$kF=VJsPS~jUyB|!PjzvR4 zVxI1Q(f-=-IFQfix3zSV-d z>i4-)7Y)U{vuP0wqEn^Yu}E$=)|-iJcYOR^5n>k;=IhrN_OsS`$dcpkF4psd@u}Nc z?Mf5NcgAXfOVjM`f`~N?nG0X7CiC3jZN{P{2nj{>dZIO+D^+&8B)-j~ILIVm}64T{<-U8#f(Q0yRABN6iRJ2Wc3+3o#qe}8`= zGQk_$ojdGXD<&D41lQXgbS%@wI;^3T#mosSuV9HJ&~GA|lQ7HEvk3w!F^VN++H3`% z#icq+h`&rLjWp%}3^P%XuHTRYYIVI4_{KzNS>O&oxkQZvNN$vL0_^c6fCtdEVkG%X zt}*}jpXN?Z2wuj?kx6Rh?yd$djlJWMOdid)gRzo3c~Do^hY6lfk#e$`rppU1>)#?O z6G=DOHfxOKL@i1Uwg-^C9A1fVZr}fh3-Hp%V)3V1wNY2NW2>JK5J6d*inPon8Q(W~ ztka=hii~gwGst7>T32`_#wJIqw1h!gvg$aNAD{qr&S*NsnBUAFm( zC+qIzRv^v+_i?dj82JG`&3aJRrZtW#!LW9_WP9ZXZBdEytHOTps*UScNi*snj;7`< zC#TI`j++@-5PC0^apFHEhGs(FqA!HZxyN!XRDMFpZ)qQW{j=!MNSmF)Tawe{8I6r0 z^G59^k;gVdor;;doF?Y45EWrXQPDK=ldo>EM^$4h*dTJ z4?l>3NXp%iXSSwr%;-RuN0nG*62Mw=Vwo}61<_(C^4`cO>RDtsagI`C!xg`$t2gV z3(4w0Ue*%|i(B%sIq+vc@8Uel?U8#fmy4!D!F?j!;iPu@V4nCRHy5`C(puW3poQF~ zJTAY}ukV(;A&x}qocfIjTCN`~w_B6Ja_g0~nY@#;n;2rA!!X)ix~kUXFwh(jA(lPl zX~=8c>&>wYn?GpZv{|&gngosdDWjW=uOUQMDmPut9&MQ+dHr_EIi7or)7{R{Fw?Z% zmAoT;KJLkt>lxC=Z|8V6dv#7{%q~b9EG7Ax>v+0?8@4l)zz~bB6A29v%!FFR4tGtsb-45_+8XY$hhTT;_s12|t$AW|FA=hub<1$I`Kp6Z#Kj=DO$m zc_MjISdjJZYTTY48&d_5{rx#z0rSE_1Na1GKu&K97OK_#qUEHIPxpJc#nICpnzqmK zi`Ag)vR;ptUV({qv0s!U@Xb)DGed(*h>fv;q9I^94%1q$}%{7Od%-4A1L|; zGPdn?*cUcxSRD3jJ+KZIxp}fO$KI)4&aPVgL%p=L_S5tXwQ4l0?ap)C>quR#0fb!y zp%Sy%_rnQ6Fht&q)2eiLr-Aq^B`tSr!~LO!+~E1wN@t|4ldb9Iq6`m>W<*bfVyJ!f z#gu>YS z5_n-CXp?ICKq)_)!+-Q9{K{w;5j~YHVYB=XQ%Sf6~@% z;Y+`rS#A7UpPH2gXBB7KzS^;zP+A&FmXSpK%JD`p6xC`%3cMthvSWrRKbHUT-PL;< ztxndWbLvassK;nSeJ@9T8iCjPk8lWGT?5O(rP_r>r*tI7=Sy}XV7^Bm?Nfz zw8VatKLhIwyN~BB?(l3$Pl_RYTn(65#P}*RhZ@eV=dYnDrfl% zY2%)pp}<==$>mS5HZiylarWH3?@9fCdbTJd5}3QynQe3?u+3RKM?Upr;n$~f8tsW3 zPGSYHm1=B2Xp;kLEmZrPT}K^7nn^-aCO4@4!7Xg(k+PetKS|C9IKJdOVm9y#OWiTs zuYV7m4&ee2-J!%`NIjAsoV*Cgt>&lB$yH{&XFnESgv@xxZ>csD7fG9P=0*nT2cgtl zZJkcEC2uvaxw8Oho%pJLtFMo4GIK_KFq%K3BPeXhC0CQz_uJW;3ox+Jy^vFz2}6k7 zt<`qcX&7yBV8=?ce)XgyuYQFyKe^L7Rqpg557wzlBZh!I4?S8=ayv~`FFLk#+XO{V zc!9PDeMEA(lIH!}vhe;HVBPfsIW@@dq61BC4Xkt(MRj#(UTfNs5u-e1Ee3Axg;;Nu z4M*GS^|;-GLv~rn|B;`d);b zcP4?zKF|oNN(eETU=4L^8yipEgfCxmTyOL|pUw}xJf;h`><`^`hFy_(mE(&_j#a$V zV^^_Ypj4^2OrqVL>cO#Qg@Ttf`TDrJDHyV#xHxBWNJYhjNOXdVy8zjKwmyPx56)xF zC(B8%FRnIj&7u_GR}7+xEN^>Zx9@zDR!FI@-bAWE?sM<<&g&Pdn$)PNwKbdhg8T~9 z#r9y7<IT~Is|3TuIpMlM6&VUuxyD-IMPBO;QGh&5YO;D0XpK0~{n$M`4s`r8zvi?3QXIL143v zeWE>knkuk{MY*9BN=+-{aIGZ+cs-628Ch8VbnroHPvv8()qVyNMXBU|=KieaE6?t# z)9Y$_`*D^p*H?UYS?W)^6|t;A^5J18(~2WlCw?0sr#Q4YHXEc@Bm!6oNe)*6w8otl zQ?iB)Km`ZP~*8%Kz5>C%PQz=SOmfEjLAA0?Y;588{EJg)r`YEY|#Us6= zZ(7VMZ&TXq<}GZ|uZ&nIVTiYBS2of)H0hD4_~g>%%AIE+#!{*(Mxzy1C@KrF=6s$j zWnCcaF3oS@Q^}i~G}e^4*g5whQr`HFlk#&5nhe(B%#25>B2Nl46ZM=+WBXvxBn7X0 zqGn=z4$eCxU3N;n#&rnhg8PMuzFc<>Vrk`)hxX9sH~JP8)YW41k(CCdM2D!%3-7|3 zQ6Ye^D4B_hmY!Zv`nv2I3?#SeHbN$G%sYu2swwKk&R>8UWub8V{?mCm_5BJzJoL}p z)|r{d>r(~2gs}Ba6+b)Dn_DClTvt{kPfoVY3ll)zSAhbhFt3cNDsj}8l45KTk(_OR z@kIIahwj<9xKvHUPg&Q8o77s=!NFhxj6`#OZ#;avZm+fVDHM^(>*?uz%>u1~xO2)U z$0w)V#55`_LQO)%CPS(57|I?dmfGC0u?u=T=gKmNcA*BkVhI&aV2lvu};tCD-O z)8kCko=8OVVsyAVdpiDim-iY1LG*q+7y zQDk+Wr(v1G2#=LLM*ITUjcV)^V~xLtmeUIBUPBC}p4k%&g9|DWVl{-azHlH8wvjF; zds#~_k8SSRT8ADlQo6nAZhHETK`s$@GD^DXZ1AP+k@Buw9{k{9ws?xFhmDQ7nKFX` z=bu4Jz{rcv)__vhee4P(rN(AuRKeF!-s}|TFO0BJt=f6+e<);S|Eu3;iGNuXmp%XX zsp$Kny6pCI0Elw1<)t>s294QW|DXeSztWb3^rr)3jL(eg3F`)0U*s`KDh+n}uK;k> zdI9GWQgU~VdS*8RhsfB{CdNlmrV~V%oID6^dB^i4tsLBmsRVyjN@TgIV4?|4tFN-` zQ`0Z<)mPo{Gyqtn|DI8Qw1*f4Haz85!8i^e7h;U!nUR(^{lM>Rx(HXQPMv{-y|7yP za_kJjH83;An9t`}I7)8HenMWTe~UZaxC>#n5L;m;#hf;1M*72cK3YgjiQBCPGhQLT zrov#xjkJuVdDr%!79Kt2dC2r;CUo>>*NN4J6lSqB@kDk-p;d8SP*wifqH(SwZ1T_u zSzv18Ipap`RZlG;6llV3i*9-x?lv_hS>nO(_8 zcn3ru=;y#FHHn(;(wpCf7H7hwn1SJp!#j~K5!6wBgWQGX<-!YeB_#_Rn{7H3iRm}@ z_o}Y04%>#au~a34uPcpA9_JeZ-d^*?IB|peMvROa`$`iP6J9ikFo*#M=67L)TmuO_ zJnL7+JfxGkGtl@1loPPD*wLDnh~iM~^9?$RgRwhA)f7AIY}Oka6exf6bJLu+6}q$m zkls=gr}T_sA5*9bNbAs1(v%I5P}9kXOs3~YF>#B!IjCOZVfC2TF1E=kvUha3`?pw7eCr>H@ z0pXE_cFf>pX=k(78A@JbvZ|6%hpx!xIKGH7uX+lI*A!*4)Fi~?;A(l?8^29SF8$ea zM5l`n)?~qmQ+vGiF=GFY5tVzM6&UHT2%c3-SZSS>u8O#0C&t2U$oQTc!iOsq;-DBxw% z6Gw|=5=P9xOfn)Q`l2CJcs_By3rwkq!+60asnuQ-xhTmnrxF*@8J3-Y#~8R~I+ezC z|ER-24lk>pLrIII|HXXRe2h=Y_*xyAjqB}(^V(&?MB$fAJ$iyPt$XIVEB!4ia{tVM z-`hl?A%m%GmmLWV9?uWX*m-A8!nj0Y#?sPYNrmA-1mh3LfpEMTV~f!m&DpY-%RTnn zQfoOmFx+hy8WNkOoNnAz+ZPm%CDqY8mqo=tyE5j?M6+;Iv#cSYKal4;i;LUx z)_Qu51Y>-8yxH#V4fwS)G5tpm16Ctv0*ZXKzgW~#f9UTZl0Xi`Wfr&D`hL5hC^nq( zxUkeO+^+og*9o6*Ddx-svOgUt*!`B3Z|V;ZvZHF zvWDuaxR`kquC}v6=XeEp`}rCgrB5_W%`?de1nyj#=PTMG_tJ0k4i5cgipniAqsA-w zS#tQH`~Voo_xKUfghA0amuT2UP{b#Lu#WF>i%@{%(9+7-^RCYnRPG1zFGNbgyDixo z*ua~+iyHRE&k7pW$}tal1!B!kQWj*|F-k;Rz2u@yHEs3<#aUQdhUxm-8k0GV{%K@! z-IQs3PNQ2>F^9j3AlffCTDVs358_r(CZ?T(L>bbI_Pg@PmqN>wNhxHYL3hoSMO2Jr zHs2@zrV*@HyHfJ(7O(9QsI^1$o^;e0WmRildzd{WshQTA9G0|9tE`Dg)jGQ8h51gh z2GojtWJ2&JQLq>0|CVQmTJCS+gXJpve)<3^YSCx{ij>OO+1UdE0#w<5DQRe@)6&Z- zeyJdGf2{rbAw4!PdZwfV10G8HrA1L#IElR@g-1)zu#ejFB2F|!R19zIsS@7hZ0)Wdq6Tr)nMRXg*7xJ%v0N0fkg8rbR=u`NzlPCywb>f8A3Ah94)uu`h>#P4y*HjS^r ztSSKR*hEsT{@Z}p5TS6YHu9;DWy*Eued2pYdwati^b80!2*TXHQ|eNfsa}0wqYr^z1{yvw4LO?Yyt<{3bma z`07P0kLap&5Kl?!@G*oAM{pgr;DUK5s{q&)6zaQH_Fcd4ie&6GOTG;hz0smtL6c#$ zRGu#ncQ_LH=n&#)h=HxPj(ONiEdihS?$wX-SNSU9dzyQaraf;+_6HDyif}N5a}FhI zLZu=+zFW-M@C*Y@PZ~v5bD9>bd|g8hQ9g;ukxxR$>Wh5PR8%ctrlBdz_Tzl3GS^4s zy0c?aYv%lR3}|tG>qyy!mANW*!J1sS@+hL)BdMtg0&7MEVd=8Iy7Gd+-ZSCh&-ZAJQ<^kX2ZtE=CG3SYt}4^qj` zj~7({U^r7y1mpt(HAf^2WNsS5w*BuTnmLDe)B3QBymfRcotr072=$=ezO83=e=u)% zBFf=$u52Hb(l&6}9g$2;Rov|D!8IiLymhpa(&E-&ILw-rSy@stnwK4a&`D1Z9~^A= z@*<_VD9A~)bsR_%hI?FJp^R5cD)^`pJi_bBVQb-j4As<2Vvbq2llHn~`ovNY;yFSO zNb215Fs*Et&8K-fZMp{WETl*vHCC-5J(h77yeuwdg)#a1kbhRq%PL_V+N5mO9)&6Q zjO_cRAkw*J1OpY)iBD5h?;2} zA!4w(tz!F^LVu{YqgjcHXqd;$hyLG=!^g^(E7+ts4z**(vc)A#MGahs8(1rgl33I$ zAa^ML(KuBtg=mxRwD^|b${3z$4_UBd*5CEAD7LriaKFnHChx@Ub||L5`OK9QS)nk4 zi-1k3?aI6U0eZ5g#@^74prAOk|1XKjxZo{LL z)0NUdY@}Ay5?m$j6{Z!p$uBLui@N8ZFwtalGSo~DAMw2@Q`lH6>}qQ-vrLIx3qZ8;Fn9Zfl$ZZD|^ zecz;|(FIe`LR5+rorjZlZ}jJtdzgk3CYSp6lZAAp$*)XjAELt`&OiHoTMWT^?&>e!MmISH$(>AIHQ`VR{wDyPK=hz%iOkcPhx)JaD+6~ z7#f1pnjP1xGAI57B^1`!W};9TgAvuI`*f$9G*glSvDA!%ijP06jgJ*FPeRi8@@!6{ zb)sj$-Y))q4-?-lX_&iXm%$iU%k!AQAXI6XmBZfVdG%HF>DkhR5hfTiZg8o!#eVvn z0|X=re?tV&(s*EQ$&9ut6a1}Of*n@Ek?#Xz!U_nj zWNRXfM}AE{)e$L|qtp;Cl!~d7yT6kJ!{}m_U;yv-o)HWNA|R3~C*&V47N7HfW)c$d zP@FLfx;^=zekl+3W3P$>?q@2viapH zPTZSH%Y%hD^KK$%W!ivx--SIZ~sOVL(_ z#u**R)@QyeWk54}DTJZ5mhJ;nUZt&39oV6b;W5nCWl(8q>@Wymq2)vX(;v4a3oi^Z z`86qVf$VJrzqj0Dfxf8NkfD#(CPi1~nyfJzdHl)3Fy@>QI)zXxBZa4$a&gj?#=;W| z{!7$>FX{Io7v>mxp=rWo+%x2vY=dR*@yWp3t32vBxVQ&qzi-!Qy@?_%*~Y9?5q*A( zRf~1sFimO!@Fu?t^ilgHS*wN>Y{4VTEx`cq^C4Bf1w~^4G-IJr-Flf(;|3-sFHe^u zPnRhRs(EV`OLiSQ(zu^V1!Wd%?O}j?$CIH%uBL{0DOwZrjhAflOV_falFwBTl-pA> z!tEbE-6tsB?0^+wpX`sN7=)`z^-PY~3o{QAk-bbE)*=QvIPGCrHrT+r=5HVXegn?> z$aItW(5eS0`YW)4!E27&@z3dqSM{Uud{Nj9=;<7>I6uEPgb|$RExdCGn2c$xbPk)n zjFgl+(?ukMajwjf2Gf*^PWSiA%}(dVbu6c8p4l3Wb6-`bCMNjay*VHF$n>`Rvg+%S zh>WTfvw+yWjt@hiNDWf?7b2qY4{tZxK2T1is;P%62I z9>n9IhaP7QL~(R_zRtB_eqTlpl888YPCO)7>IyxjY*?gFyDvXnZP$_U)1nH<^)c=I zGIfb3Bt#}8+=+Yl2Ab=XgBlh#$hXT@bC_1 zA0?2?&2`J-6Ru@L9`m-sZZ|TVx0#bcI@8@LIu_PQ0veb5gG74&OREteXg;Z+|K%LX z3vz7cyo0n!1DwWD{`nxdLVP5KqgCI)OOp}RGyB5HY~{;aC}ETxzQV^cAJ=eEIr;Ip z;4sg;9b@Fx=x@Rg=I`H}YXyPu*W0)8pmsC|>SHRA=c}6I$sZV$SjKtl{aOo&-25sg zO2|h0N5hLPj^4H=hZfM6>bh{yh?8?fDg}2^uMTv>*ahiFsNIy_yFGY&H0rmG9@jXc z&*4@6mjR2ua<@p{0fg7vy7oVY9pBNUmXIOTCVwrrLkG(uQRvaD=;`UXxi$a2HlDkv z=>9+ql~A}_Mxd$w)1}nk{NH3Q>~@sFNb{hM4A0A+VMjUWIsyNkRM5vs!Hsi)&S^g@ z6Bd4P1|!HVB857-0FfxH5*CQ@SnYVayxppXXjxQgBiI4Bqa>9^U+LtsvUpZfmUrzB z*FOBE-Ax!tuUS-*58k$7rGQ75b+!r=jxj76TK zD)jw0wMVM6m6y9mJ2yuj{FE>#ZH_f}OB(mhDi&KcNPMW>ViK(;3iMvbiwvJW=_6pZ z!bmsNYH2e4hYQdEoy44zms60$v0(k)cs0R&(@fdIlVq( zdSL+RcFT>z2v{y@Y*Dsryxf8O!^!)q%yZcZDpI^>x2t6+_)aXGOXD4UHqS1-H^(ab z`&=g7BH-u=tmgahQ%Ud?Rn1WC=CzQS|L#D0UfOirHUXy8Tl5q1TuseMPT%c5&AJ;YtzHQQ*qHL8c#a*sPsLUv$ z8?j$%HRyda)2THONFUSeKB+nyk0ns)C3$U?x#%HctAEq9K zBfK|v3LT?nz9(Vt3##~1rw{mX=8EdBmE$--Vq)hWCzjKbkVrA)XRR$j`9D^}{+XpG zA6iYw5mUgyx-;`!F?_U@)L^)FzkAjh56HSltvXZ{vk1B=DU+qlQ;NUmH!y2VlqUjd zf6Yhn@8J-Hndj3)@Fqioq_)3W8e-L%jL1Fj&C zXU<$HM>zOk7`?8*RgJcl*&adJ*FKPIIS)d|;Pk95M-=|c4dm7&I$NyKL68%D`E){A zT5=6xwPmGg_gmIJohz9QSUJ)iM0mVii)LZZcqzcWABgm6f2*O%+d(o=!e4EzQCVW-eem8U7Js5$hICi<|AEtklm6)&6j82uVw85l;Tmur{t~{PTx}9}&1)-(*`XoXHROsq*gAqvx z%@c5SdJ3VvPz|fw>jWwOKUp-5Ec_PUc6Qs|HU&zuzk+tzss0eGD%V>FmYol4=h&c? zG90h6GFba<5CMx+vvq0csFvw zNmFj-`?`~OkMF#{f$0gam#)uvO3oR|d2ZQXf6A37$cv`tHj`^%l~z0eUJ;bAyfPV> zyddTZCeAIAX?$c+w8iVAnzW8LRU?i}{$|r?Ii<6w$NS+ZfDi+gH1>Ju23%twdLG3e zG&&@^MkZ7cU=QSmV_0p_l4oNXbz}y>!bb=W09)PUY+p@Y@Q`yg_%;QizcvT{8B)a_ zZs=l1V2LIvS#n@s1rt-bA%C7SKEB<^nabb~tTG(+c)p$mi6`YiLG@=IEe>ZJ!IbN} z^AXvC()9H1yVY{qz6DT{M(cT(Ay=dr?v+_xEkG)#szUesx9FguRD!IGfl>Zu7#_*? z7nI>47vdxEsX>S5m;Uwhv-Ib;onYb-oXdjnSc*f2m0&MnBdojvR@^ezHY1UHmmnf4 znUr)eou@Z zO2c>w3Rb4)I*?BWxPk##YeozY7N*wpBM@Q0S@A21>aDs_gKc^p%y2 zz|vCjKpvy1fqpV|B;b{VS64a;Rx50Cvd-jfH=79sizGARCYH*htet3{^O2E-D~ds} zS5*~G${yKIqPD9SnSwR~lE;1VA9WG$QE0C5F;xdOLev$kc@zqB zAkJ73(M^2gNLx6@P7X;@dj}%NiMmbk*mO2Q;CDSO4|`%N&@xv1&=3|A1I%1;iYBUM z9!}5T>crmHTpj5ik{g_|YSPx`?Md3~C%?N1Q{w{Z+vgjb=kY+cEJ1`}B5~9{5KYFd zU13tD5&plC_h=0J>Xxliw+!&?cpY-VM66mPhkwHrR%qFWw)8HqV?)FLmffmxTVtb96sj1YsUHnzY>%a_kb z8eFxb4;xIM&~i>cny5Tsep_R+ap$V?Y~OPC)OG>&mj-e`&gvqTsFaB}sqrQ~wWhp) zjh{qK3Imh!3VeRoRd>~LcXzK9fPODQ&I(fNd*Yv1A)x(jrqy#JBjc3aeT%ake7Yb) z#yv{vzfk5f?q7dV<|27NVd252XNeY!ljSH^7u6U?ab|`h_3uBaywJ!hLHfYgwD{k@ z6q=(C^Ve30RS;NPNx!48cVlj#BhXFQMoKuQV+6kaQABDa60rQ4HQY`Bk;3>$mr z@bCnmGGxE+82Q#qk`r!eEHVJJr(-t%Xxmp__x2Qx4J~x~s>M3-QL9j`;^Q#uPu{B> zot3jDM;a_B)c=Kw{u}G;{sN>cvp5*bj)g7+up7z@AI*_v>W__&jV09?>R}n%!{GL? z+pc36nXd%j8#`iFGXi?XC!Y)0om8hAk9x3scy>d0p?VrgTq~j6??ZRgX~>Yh`0KJk zr|gtU;`zzQC>3qh0;GuZ4;n}@gf;qx#b)v>=L7C+$jo0$$xzzYB$>%92S-<zW~br$FTbMFxyFZALBL*7H^LN`8TMG#6P@2MXT zdrD|(HfIu-h%3I~&5M#uxM&{^ONz~<)>>P%ltY5S0b&aE7Hfz0CzF`;6xr0&n(9^^ z2zj_~_Quh9A;?Ek#Ew_EDwSxgM^kgR+a4%xZp`NkE1>&ce_`bbvg|q z-?$2{gbT*KGrmA!SZ2RMhq5v^U!G4Qs;51#sh|V?Vr$aE8H3TRiz_lm5RSpy50s|O zrW)fff`r1BF>igd1fMfQwgSXV-ILAde~-DU+#XnjYLB*_HOyi?+OlzFnYjvEcfKGQ z(lg2(!A`e^8p@2%dkfmCxX5Duf1VVJ(k8?|#9XIC2qgXvSfvh&V>6N_>7) z-ezAz_EPaZF6;f0pE?fW%89FDS*~;4*@c0y@$9BfwHR9%rX{T6fy^`4rO*J#9;lA` zl{-!*puWqVN~!rAf+~=bIIw-_kA{ZE;BvKxL8++Bj@n7@@zCEUjPfqZS(BJ;#31c- zW_V{ejbrAqpu=|=Eai(8L@n~U4+_%aczMyG1M*g(=(piey}r8kbRp);3k%8bO*an# ztMcRDBp6(%!$XBfaaxeE)YtLsOyQX$vQzWpS*H>S8#d=Uj+=-YqQ5htBNyof| zP%Nl)wUmCSrz8e&HDxLZDh$IcsW47>oQSiaAEwi{C&-bQ`ie&AaN*D8YQo^+BF4Wc z?m?v2p4Z_G52<=tSoR@aV3jJby&x)1p{7`H=V7$iJzVXhy?bZ9-s!)#rY+X@t=Wv2 znE3CD`1o$?ozP-^7aQ<3cA#|(f)P-Z_yulg0tgUA!n^{|e#uQW^hLPVH!VU@ctJ!v zMl&!JQ8Q|rEwsBk2dc(H`6;spU`>>2H06pX&^upjrEoZ^vSVf%e{=?`_2v&0)P5F0 zADG06Ka00AZBIcB@e#{`{4%BGE`4}lqKiAvH}q|I_KDNro;Lz$FR;_S5*Vy4z;jQ;g&tVoGQOKZaHF^DmR^KCam@D`twY+nS? z=)eFjz247|kdPeRkDAQ$^Yh?~j@H&VoKEFAy3W=uZ@{~NKHPzMCmaX?Y5j-#DcAzsP zY8d#~UJkRYCbQcQOn9S8{MAl{`eglGR=z>^{psgde((JDb87q(^Zw00GB3Y(;2DTG z&XAu|Ase8{-fjqHkN7c9PW(?u7sKyStA(%^Ax8}F~$MT;8Aqrl&zx@pG z(tmj`AlI?kxor=|2H<_dlZAN5=H%jv0}<{0edB#zO(P93UO4|&RbdCvQ1I}yfnD-= zf3L!hn%SRWlvrzrNE3dil1<5RzNMa}x3CWVRsny*>@I}MDF5iutf0q{?YyTx*Y;BgE)U*Nu!&5j%qCM{?|y6c1E(F57*R5*R5M-v3+VTw%IfM%2@Hk{ z)y9);o}S<-j8vadK(kIz9Q|W`slisMR2{q};84dUqocDvS!w`{f?GhSN>h?jsWh3x z(c;I)eP|I*SFl=kJcr}SN{cHM!Q1hzzXKF(+rNJf{`!ml=KyRmQ32ooy!kfM<8u@- zc*PXn5Am$lnJq1UKOejS_=bkNpbtQ;#qt6;G-&c7KMC*b?jpQ_6oUo7h?|=msbun8 zi>o7e$jF8+F&P`a-t&$J0UX9)%vY|S+hHG&6MOFPaO-o)&6sW6A9RUv9XB&Gl^|DLQJkALS|1V?f7Nt>Ba#Nal=3J*`Q_Ql zdnTPR`Zb~h@-w~_u0zvc1bicWJb~okUu*7_Go)?wscmxrR7@GnGKjiJT;fYFDX^ zE;qxyV&9s7fgb$rw04GP)YkE~D9^W4HHXJdF7eZJ@ay2)VTRt zD{}crIi9T}*IP`P0$lEQxptyji^yKTM$hcbj0oud8QcPLV1=KrJAdd$e{|ILw%N-b zuZWSzwTaRE!kM8yFE`W1tTu`4!Bu3011o_#(I1HG9r03%&3piyO4wKoc1?3%_x7@* zCkj^cYMf8KH%1+-wpAIcVXP~3Jv})+=kelH%{BG(WPs>85YNcJMP_t zCau{|cjvCaWY^%+h~2y$)8(W2Q>5RFhti%7t9^C)VC-*zZlrNE2TBYV?Jywj9OPV# zSY$%Nzv=$cG8a8v>!&`@9ey;6 zAgIoKttho<;ch-y_b^o9*STT^B+*Mouqs%srM)kh7@LS``Y^R}HBw$& z{V6UOc_o@HSh=W|tujgFxsrx#qqTF{yJf@NkTvGGF5u|q6;fnEgcHd;Hs=!%!WW}8 z2{_GHjk@m)BR)E=_H5MkvO^e@DaA}b6UcMRTCmFg`jumiO5fQS(i9M_fo5mdJ>Q8o zenH$YvY2q$ff`gJH9uS}+IFh_a_?%h;I(pGyozj_pOXd&qMk-mgK=x#uhd4+6Nz8uG&r_R6}rsB~EQ9UIiXB?oSW|#dZ=@Sw0I7f&lwa+yT3b zN()bKMKi+Ub5V~gbqu(fSSDbz4G{foUK}>bVm^pXNFFREcicwtY+V7{T^wME{=*uq zg^q%RgoKRTYPIh3cgg<7U@-JuL_|bV^5*KQ+U{%j;Lg+ir5qT`a5`U%q;OCXAdFWx zcT)8x5kf@tQ#8S4Pfp)h_Ndp>5KT|##!#}D4R1!Yxv5`%O7lozcT%W~KyZ{-O7bKm z|GcR)^@U=y*qVrBF3dqDc z!-XvzzrxjQrvY#q^EzkPK)ik&6T@tgjX|q#!s`GDnhshO(70*--U>T9qK<0XFOeeS?DYLiG9E5PCIY3WK8z7 zX6~`YQqhTDu65|_7`@%5_~vuH$fJ_PH(pXv(%Jr0O&^<5J|t$6vN{E-zOLumA&0;p znm}F77KskI!RpFRPd?0>t8eS8S4x+@?nti;8B+uQ2C<)9{|#c};)2pA=W!9yY401W z9l)t7f{F%A_X%Ho6K0zUoz+g?MXs}C;ecoW0dSz0N1b*|YOYZh3y}fZ;*LYfk~VpD z>ivv3U;(BV1O^Ms_{F3^($}EK2*QdZ6z#{M48gnSwoxqqFo&V9Q!lht^HcrQzzX)Z z6O&}cy46eF%Qrxs*`8B0)_%?YtqKqh!sB;Bf2~Tu1f*Ivl24ELGk3}09QGzp+7CyK zm7wEAzB7&aw+Mlj{Q-{ezLoll!zPqArTyYt7to7&9RH7kAv-cG2YY zMnll9vGLBEo<>c#C*wCLflzIq0aZX`HYE#smu| zFA0;@+AHhpIKOQhv}kDhWxo}SXV*TMplnh8UjFI$6HtVp>RyQ3zMe$F&jIJFg#}VI zAz9tT7J9=5?aJD;u0ZWX*^Ap>?F2jU-{cWlb$WoyEd@eAXZ#1SqWw0xD+AWdG~-~O zKa@6@OuEuiLIxBfOTEEP{;A3}BpatS$=>2DHT61j@^fR7vPJoXGrmnzL1%|!&NE(b zlY$2QFghX{+8UlYO0=J0JKB7+_ZjT=uuDPd1Bg&KNBUe#PB*!k`9KuY0OK4tAw!~< z3N?F=EH&6*&XhT|2uuJ7lOTiN3Co|D9}xGBJE3f>sbmHf2iTL7wL<5A#H4pH55F}< zYvdLu^!Ks*g*m(_H*&ZH^Blj5B1y?Fbun&;6}Lkh!1<>4z?W=}{GR~zr{Q14O#JwA zPe<7$M6}7CwN{=7^N90)pgvnWlbvFQL(fVwhN~@w=VvM{wfi;@$Yw+`8A~}3#51DJ z2Q#O!$Nf9D3B#YwsFNm)j28f)1X9qD=Q6Q{X%m#$5{4%Sb<`H+Hnqp5B$q&pnak+Z zbWU8@wWiiseshS#M47bMOsI_*fLaqhRjvAlHpuPdQI!(I`VC~mFi~fL6D^?pZ zX43D7+LyJVQa6b%>`$Dd=F0i}H5UYe7+kJ6h@w(Zyown!y@@Ke*gubmOXdD^|U?d0U7tfB($&o)T5j*ga^Kq_s?AL(uZ`)rsF9T-RS8(bs9r^g~_*U3G@owa@UxV|HEEqz@9oD>>)B6si zWx0Hti{}U_f%{IlT~87>KzdtqeapN|>}WnchTrK%DOxz@D^$~p0sd8*NhuXqa0Rsg zfP8?#ST0|dL=`AGdNbtRC4rUf-D0jGw4B!Rv7~v@JK<0vr)}6BmOqw64qY_D-irXQ z{a-A9S}N_qmvgaGqL_z8naZ>gbcaXs^E27e9~sDCP0RYMv%6b`Q;(q?A$QOEuH@r{ zFOGV6;X6{thDucY83~YV;)U{R1cTWUQ*nxy@0}FArhqEv6ESoXga+&WHfCZ;>AoPHm9fyj; ztx8YX@FQ?rI|EJsydUMSO0eKi3(=l~E`lBON1x!Y4@ltNGyw6_G)v2h!s48@{R0fa}5LomC>5ddHeM){dd; zLZ5`w^uNgiC(H6~Wp`k0%DiD;juDLb#(=c_Rk>#CnAv#3jb*H0h&Ojij_`r7nw$~u$na_^O?A;KnF z41CRx`y|QSqA*dMC~94S>YnYqR`b!W!*MiS>W^%l`}0ce4GlSV8t?k$O3*L`(rVW`TP=wwweB;-atPw>aQt zEEs=|k4pfY82eXq_%dLvUQNzHO(0mvqp+@h0JjpH#*BV?@RNLkG#4uNFnbbBY|vCt z+;#l*-^k?Xhtlaa&XhZO%PO?Y5Pv3?L}cyHsv*m*viV!(>vZ_RRJqTdSWol11tX|$e zs_^KA9_kO;?S}t1jk~x;TtcLWP}WgJPrx(4Tp2KC>ph3J7SntYJ}8IcDGZ}6mzYFm$B5UvPGZo zw9iYWI3+Iqiq{-w3{M9FVd5tOkWR?mJk@q4&ho^tM|4+IPC51_(M`q(f_=&mZg-TZ z!d!P&U{)b0qvqW$E=$N4ylBW+BZwC3as6P99Y9!V=QM)L-*QC_W2c!E12Sa5fDcXxN!!8uLdcb)Z}eb(N;Hb1zgXL@?N zA1S%(uByYimE#T5x!tO~FsD3d;)_|TwC7G*w)uTOx~J;jUCHT`Qk0$0=x2ByI}J4l zWN@XFMXpWL0u%E7F#(jgT z$tp&2!j4fVI0jc@?^?<)H#W2(g<}akoSWcD({cSdq0ToJ{Np~k;`OtB&#^u$>wTUw zK0f~buKIW6kjO~RMCnwZl{mty*ETZZN|;z!*}1v2m?6J@k&5*Qry%optuDHvK>NSe z?df+z_;d6PEcYaXGi$xrFY(%6`v%!Uf@GEx8Iyy|3-qzw2s*%p-3!#3tSbeOFnl9H zYgYVNi@lMl==R9_|2zL#tkEgRcELw;*P&(p{V9*){< zAe3{cvlV9b7J8=+N~m~$d)n+NCbp?bXQ`3Dw!gPth+Ka@MVq2COtDm9qm$mmg(zDt zFCAg`;M*BxahHSj#-zglc#TZO1}c8g;sY)tEyLT9@2omixhtEnsPK4qB_$zod)7lj zM1)``LnWI6z$0ZlZxGCMfHu6c5)wdnRmjUnJTXG1%wG*;OKpw{V6^*~hx zF=Ne6_TH*%fP#k2OTOZsh!(&dF!G)si+)0NTCI6lwZrks=@BcE4ONfn#B=fG?^*M{mw-|+W>Kt2sg~acTcM;NfC;{@CPn?S_x%&JhvqBHB$^9(x6ZVq$hCMmnS68i{w~ zxQs_*I(7{WMvr6U7Y7l!Z!ag*a(H;yT03PmqmAkEt)%^zlX6&^p1zM5M$)dm$JuW7 zy&70R^jk_&{rq<#zYk>WZ^A&%^bxxtVb(csUtSq&f%Tw?`Hpee;t?Ti7lG+)s zyS$--=Akbpge$Pf@9IjH(>&;VCYj}HO_SatJ;j1U<1Gj1$F$VEQkdO*Jkf!;I+B{0QF=vslyV)~A)*mr42A`7%e(b>Z^f$dlS~V&L5>+| zq656Fw2ns^qRKG5Xbq}!2v(k`(OToklN@FS;+kjir8D>G1bgxg&LBU3r^}g#Tvam& z{Z^yAZPx|qtuUyRwQ+bQ>57C}xa48Wo?=V56;$sqq~`OTx}2p=P(U-Vn)v_TA>{^I zi>P_U-_L*5rIb%_5`r8Eb}>p{dtF@&-nUa=1i7hVZfTD{+UMT{P{C9`B)FVQ=9R$P z*u~VCzy~*xN!70{>7G}F4nB5JR1hm!&qnbxv^RxcgjLu|QkztzlhDw7D7!SLa=!*} zlsL5ZdQZuVN8PSEbB7-#s{vy=Iz$74n@PF;%u}W3CMw1mbvAz%e0yT12ujPfnum&R zjo9-m>a%5UMqmOsu)p~F+dQX0=D)7!@j$(-!13`>+*dnQ&T3B!f?G`wP7$9weT<$Z z=zz##ag*uQT^RLAu8SEx;iATQdpvi;Gi~1N!Ajfy+5Wv zqdVgZ#X{y3q{(rpnJn4t(wpvh)@Uiq`*;ni{m+zHNs&Ya&e2oJ4KS*3^o^A9_JK~( zmQR_b&&Xe4qCq27ud+D!pG(VUfu;_R(HnshR@i<=?mSRe@QaXmL+K=Ae z7OXtWdyA^@lelua6QLoh?K@BGjBI@(+XDRv;X66u8TJHE1*vEetRQF^?a8Ut1)#U?AfVHI~n{YU4EnXjeAi$80QC7w-os-V%? zm#It-1J2(e^KN8biePxD(wo8PUAo$GyRK(mR=z=Enxb8_&oWhJoGX8ZopT{t(o+3Z zp^El<83_*#5Y>4N4Ig`9f8?+{dJ11mxBp6NvssGs;9fFao*5FbT`gNfYD+*)Kk7{u ztWi0F9|8F&4&R>^RfBlokUSV0w-1KFhWZvDNwk-z%HZgT7JRN4tZw#gO6Hk$*&7=^ zdZOqXAckPUHZZpa-zW~Dr7kUmLf!P;cEo=XYo@Nvwfu~>7cg0FvVFHQ&AGVBf}C`_178 zE(e8}llg2bP#7GD?uO4nGlp}qc4|1tM3h=!S*`SIl-$+X^HY1g@lDf%%y6anElg&k zo&kZbiAuL}2e04`kuDL-sSvDBnL@J{Nu-Cj!}YcbS#v4{3ICp;os6a?$y{28NNx!p z5*R2&L5K>fMdVIzA%I>T>xrpzD5iU4fJ}bkT++clO;pT0dP23nR#HpXzFnaS5=spA zs*ShoHk;Y4)Bpb%|cwUy+vL|>(kv>#>KIcFQ2)f@$8l}Wz1X8 zjPjPjr7hF#}}7?YNZX|Ep--xPEJ%fGZe_;K-Q4+cc`DC_nB7*6a=+X4N**la7H}O81r36$f^A*K1uDmV9gPj*{1p_|u?k_`nn65z z47k1&>eAWQOmA|LAT-_yJe_qqx({gZx)oD637C1+F*2f=;?JjKc%3#oLc|G&5Eg#Q zq%|935$GPGJaZYKIS@t`8|lv{Fq-+eJoG|LzFXP(Xo7O*W_)EgO=#9YRe@eshIW2R2{bMGiR~dG9j{6E0P3GIrc*_Z!@t;V zW_6}0zDgEbDg*1tw_VsE0pi$>mPfvU7O{KN{io0ZwCSPVno6`{owd*l%|v?jQ<3XT zk}L=!mf(HqOkrMs2>d*OMutmlj~_QmkERj&r>ScD$?a)Q5-A_w^zqT`!uY}m+@p=< zt?~2fT0%I`Ksi$xx5&1U;3ob3TFwq5i#46r?uG(8ADqus8vbt2uNghJlD2a>&}Krj zV2=0Nz+r?OmG<0Nm4Ur~edTrDL$fD;EeJ^pz=#;e&v6$YvhQhcK=xC{_eDTi-0i!q z{Gl3E6Z_&|qqZMLj(>Y=ul?5Ho& zKI_}#cBg?qjA|ZfF!83f{25+C1d-b=kZ7S)DlGtjrt zZQF5!-f{#4Kx|vg(g_NNmXyhY+_vgk)zZvjz3Uu%B!)tDjUHW8p6B|L<2+1D+eP6R zv6(bGWYi3J{8Zl6ACWN;GNA~hVVt%{LrpDHP2D2r$f#7GZJ}vKrKHN^kIHBkEt=Nt z88-~e-5%4X2=9TDW_^_ek$JFxh0yWFuX3^ZM>1I{b ztI>X75o`8-+zY}aVR&7g%S$B~Z(1CMUFa@}P#gC6K$mNyd{@exI%Vb5uI=s_@Zzh{ z<9;!#;?swE2a2B41nPqDdz(#6p?CLm<0Qu3@1WW5Ce88Y5MfMLCd4?-1UpfxX6) zRY$_z?)J*uCd3s5bdPbP$Xqk2?w0MyaGR58Kb))F+?b*Y_sh^ifnP*F!yvG2ue1O6 z?0XoWh$CyS><+Es3LB5IxpwSa0@@LzrmA}MI;dZz($EK2^VA8w7a`tI+uqC zO(izyL)DX=&P>sE`L#@5DRC&(&87t%LGy56KtRCKrHZrjPd9~FqX&TS-PcbNS&)f_ zn_9&u{A#YcfoRavi!hL2wDOHha>yhm~QLol|myOnY ziYgH#uNR>iTW#h|tMg-l-~y(Wu<=32y(=P}_(P>!#2?uYkK1xXhw%A=++d3wv@7Xe zwx#boSDrEkjm=vp>5XRfnb!qdkPae$5&(&NRd9BeH+I zb4nf(o%j&Ns}B?(4q~=X0(9)sS4$?H{{P^Vi91$1U?B)=1-Yn9m^K%DtVgugkEu%+HM3r!o z=_*W!%EaTgW$z}60Pp_MWcm}%D<8OunUfwPtNThEkD>27mx8QU9hW57a86CS!!{e$ z&N(ZGS9l?0Wlxda{LGUV6}LqUIe5^blL;5lxNO>IfTP!EF%bY`(3I2Nbd@mvX^=V5 zA`!nLU({K3XdDsa1!t<{LeVlLa#GCgydCZ0;rULWPCE1I4a~@VaolTFOij`q;rUTz z93EuJ!XFo;#V(c38?=Rj+k6q)B&zQg{aESB`}nZ)PERK_ zJK+9j{dz>DMX9jiH-BUZKKuYQ4Mt~*IW2xAzMc2k=M$WCME`DRzt`TeD{A~ATarbE z^X;zZG~2BuM9BBq|ODRK3M4HHs93O5uhxqk@I|)E*dC-8v zKt|p7bnaX3x<$Ze^^nT`XZ6=0T)F7J7!h?QwVk>g5K6ey5)Zl>0-SH*4bxHQ_*d}O zz_Y`{+^{n}Jz$^VzCuW@4)yuAy3F;wRErhLsM_;uUo%jp>^gXDlW(%Nw`RT^~Ey)0b=z$HVWa5U!g|pU#YzQD59d!aJCPdZF@S zigYyJ`!9Hvm7M`_g~_HK>$8TUJFsNv&By!&d<9p`aERYElUH3N6rBX*x12QEC#^)5 zyox+A!pVnv4dNIcf=7o>8sNQ<*hJ1y+-F z1+-&>`-ZOgrA6PVSV&$@VSsW?fT{l=qIz|Dxah>H&`JWqESL^k%FfQt%q$ZdgCZ-h zQq#)Lu58Ho1*n8gl+IaSH}Gp4JUyyHl-o7eUF`_hCeuD$1LoaOAmJ|d+n%%uOqFC7>DEW8JN;N$s##N-43v`pu(F63ONkm7jn{ zi?{At6=8H_7zX=C>vZmu{+2GO>aDolq5^^81in`O!YTw%kRJvZ(+jLkzsVZ;`uyY3CkZVY2sNs07Q6+xd!Xr`TJX zV%O)~6{HBA@iGpSJ(@(~Ef{8;j{u0wm>Z(&%Az+A=|)u&bLW1FE#~Io{A02ro_*=& zTFwnrO*od)pi_O>HBG=_!aw_Eo=m>-^uY2zVZ4kg%M~qj2N|2P-(tKqx!oRWX~vsz zn_p-iFZG1nzj2Qyx9DZ5(cTL>=uO0H7~Z+pA|{|Y=S{jVtPV%*DaEX^f;g;)@d?)K zC^||vl>26+=06U9%5z#ce!z&AvikUJd$uSc@P}$6lcVI0!)4F0#S5GV<}JFqS}jW0 zAF!dgJI-y~9mp0EcrcoH?B^u`x#a*sMTV?cx9{B1cLVT|@;*>LhAlWrMYv-lURT$P z7Th@z-`YhcV&qQ?Aog#FRkWM~tt+NgpZN15WX1(~OH@SuY_oOTHz3o{zDK3NMDp|X z#b1v2p(R`gW4|N*{;ed*56v+p6v%I)T*lK-cMhb&7_~``qnh;$wPVmnC#IPAJ%I_v`iZj34$OaS_6R7Gv@E;=5G;DmZO9q0Zn_V3X-l@k0%`-{baxF!(#v zfUwOGH>>xM?9`9qsI{eR0yIp2xyX`}HVnU`tD`!l6`Am6ZJxqpN3gU+k4Z^$Da)35 zoSms!-?izL7vq--n_fSt1HAv@0vO{rk%aO(YjEbJd${^AnLEu}Sd1Tv00^o#B)(Ay zxuh>UMStmi^7Dto=XRCSDu_K6;j-2ARLJLEz8Y>`!Df5+0Ejb|r`;cPff!Qq7jbrx ziCp3FCf@J4cptg>U~@_VnzTH$w!^nz=ZX55TbwxFI_3VCK}U%5HGQb#w3Ekqdg1}e zq7ujNpi5!%IaY^9DAFE;k92y~jW|ep{h9q3XW6{6=I&zd5&K8pr-jyspLIbVvhjl? zdsPs}K6g-SGp-eZ?zh4wF2UwX-P+9t5ut0XuVmi7ZBo%c4Siemu3_HyqsrD8iz0x9EzV3;@#xZ7t&2=aiv6WfebebeRL36IyY{?(A*R(3$ahpf<0p{ z!O(sET!U{Y%$Dc#*;4qmaDo% zfk2@pPjv43g`8Z2R^EMoH6!~NuD^#eZ+7dG3zN^O&M_bA#Yn6osH4Z#N_`9!KU6?N z*EKt4#7OZ%#z}?6>yOE;4az(T@CSZ%?(5X8(gBc_m5&rjhlf7szZc;`I$o1HLL=AzMDE8?*8wPhGK4Do2`m)bT$0GW6Q z<2F8Qp>!e57=C4TYWvp|v4#p4suhEESHoNFH{^T2=vjp2!#u_GP!uyUa|xhr#|GBL z^MmvIg`HZOZqIQY`iB?Ca`>d+OFu`gK<0*Cy0^Cc?OlK{L`$K@BU<&kvFtk;n1}Ld zyW2dUJc%q=xIw^VDeg0X(KCelB_pR1sW;Z+aX#Z5o5rUwIM3u>`@6bZ0=f09_)x!* z-&L(53>4)c0{|I`89Vvb)NfS#jO*37OK`ir4cHph9=|qbjqvh4>ARmQscjm_DuZw9 z=bnhy)&pJMS4s4-L+!S3<;~yY-Ns$FfmXj5F~Fd9l&QMuWW}l(?L=pC)Lhq_m3jdX zSCrb$R!u4Za-po*fj%Rf+XE+?_pR42>)#V51+56V?_98v5G z45qtgqF@^&V2FE6EEI^Nc-htNW~8xL|0rGCAam&gk}3cfaw1nQy`<%79)MPH*vuz^ zMhu5Qnoug`XVM{{P-N3f##gP~#v!8s;{K( ziUvtWx_J$zXr#$J=zvVz*}A5gbOH z!>NM!zhV6}gIcjKL)3m}-6Y2}(Zz$)c~$7x*Xf<(u$hfC+kXTXM{UbPwnmqmeM&Y-Mdzxcg^N zNXalOKM=?30GCGixFTP3k!Pd_f>L_QtYUNBa9%Mo;miq)gTSTQ1o0OGjzl+;Lfu4y_Zirkx%b>!)j z$4m41HVnONCG&c<*SaD@RVQ_~0#bS1yY|j+jAtF{mY#(C#Yqr<{NQIBSw44qoMWl3 zu0H$hl}3ThlnLM8W~fPh(~>^b-rnA6eaAwpW>r0_Zb}ErvR-_b3JYtDi=WWueGZEJ zv{N}2FV%Ay3uQW?p($^0d-<`A9H#%d*lLIBhBE_`0=x7(ch2%{B-}^UweX!EOKuf` z)Hy{1mIqX(6VcdqmOs_8LD)7!RU-v0&ovL5+7pNHd{A^ryGrr~8r1?FPqWu^Eo|0? zjM`ioc`fZ)vr_+{KyZFnCoPlX)bVehXsdB3(r3&Z`E{cydLS zA>;3iKGgk_Ey6jg=>;SoYskRD%{hq|qt~%5?4s!+_RGK>WA>9SW*(n>SYtZHbyj8J zaz0QPYBM@o9fB`4v`cqY{)SF*%{#vZ45)M}rFdv_I+rrPt}u z=7|ko<-`8_bm5`^N*If}L2Ol;^+vwo1&;@c5wbFjnXICe?HQ_Z3?C1Vv%D#?6|n+X zKf@*XZh=a^tqK$91~l{4;ywC9tWlwHs?UUFAMz$P>|luH8+n&Xp4Z>^`LK@P8J(F}_5iyyf3+=KSe=D< z({eTQWEnV)A0_;cU{mEfocEWPab2*Qo%pDEl$9A$2vbWqDaLKBt<_6-v0AC}sg_IE2N+%*rP*vJWmTNC-oFF*-r&m|t+ zFP64&zYx3`l<5#H6M&p^uPasTx;`UvGa}O3$RmXeA$RKf61Hv4T+z$f=BGB`iG7WD z;dvvYw>ZxrqD{L`^A5j>%V*(1q&p-lU@UE0L+m85v3YC(YtZA)%p+I*q$) zYh!@_56EI|d1+~BfI7X>>?QIJUqviQLq}&B$eRN)kUKg$2$qu;rA#TiJYu}OJ-*kW z&(s!gFmo2!_xxICR7Su>NZL!$m#_0r{?gT}6>hXmg@@d8U#on#n$~54F5d$*($>OGRI@1bo)((CF!WK1Rglch`m_;-+r&}v^BF>Ld1fk;h7H66e zCk`=$dx^FymvYpp)i3ZNi*~t`ZxlI^IAv@0M5evL$!J^wjtxty>JMEKOWt+bCDFQ$ksTam&^t?C1Z(Lrh4h4Jb=f zsaXUllH$GIpX5NMqkGdb@OwBhKYy0ltOzhNGXD1ud`vF{19X}QH9wk}fm)dMcYM=~ zF5`)tejfeX{8_j)G+32)^nXE|x*#BSFDwp|_RO-=c069)^tCD`Rhvo4^@6$%JPN8ksrE0_d zY{n`$+y9ATRBrG^lw+dSICtN?x-7gz4LhMz zmANj%SHRRN;Ebe=UgAqDIlW9NFnpLVqdqxc`nbnSfAVZmvWGRn&_lTw;Fsb(WNm@ML z>2R(IKxBp5@eWvW86}GUSZzf#z8NU4f#BS^ol};`Xx%Dw*Q(?JzHg`SFu+zA`CM?M z#qiAJH5n2k4_*V9GtZPU?lR%5IdLSg&;bya7|%zr$k0{Y+m{DLA72MT-ooNuZ-);q zDV;5KAxR=yF59}YoJkNTKSj`gG9_p~l5G+36cAu+!V!2dsq%ueX1=K(eKPa{9r9+T z&W^xbF--S?sMe*}1s$Dj7~xi_cF=U4iEb%xkhZP*_lanh>&OUEj6q2_C0@0>;7@XM zO3CHEUavej1N}NcyTpgi&rzE$BW4SiG0d%ki0%``#nQjfTgRm8r+6py_Q0j{jkGraI__D7GOE;H=0TBxRumHZ3J)jJ(H@}&MloMbQ^ z{Uro6DMdy^v;$zvJ^2^VGd+tC15^VN8v5;5HV;MAb$tm1a=o|@3Vr6vO%{yDBOv3o z73DSdmD5SlX*I--fZ&z0-C}^~yd$TMwFxKn8vaJ>p?pR`P#~wDa}#2=q&b^Qc-~lu z--!+uU_hat$|!93_ATUqEG4F1m{yV_GPp)|W9X3Oki&4b2itO%Ug%vs+4ub z>C;VWvhfUzJ`ppO>5vaEK+aGK1ki_W1@Bg(i&<0fh&r^@{EyhV^29`&xren_VY01N?d zD5cyL*Op50hK&PXAV^<6t77ubJGfbriSE*<@bj#Hp3W=2z!5{~9(P}l z3mwjG_LxLVkSPfIA1P)6#JZ@n?0f6Eco4=7>VgTDyKeyo4>kdE5iI-h0|XVzhCe?r zpo-BA^b)qU+$Ti?$s++#+sC`e?Ol9e{`EBF5$e~aT1XcdeZMH^>|*e?wC~y% zLGN|h{V(&HlQz~71x`--S5BR-FC3sjmUooA4ZV$~ze}1N6~VUv0r0l=!oSTLBzonn z+feYUcJlnzw{;1T zRj?1`d|M3Fti3<<5x%}g2`Q&B-T9_T{=-e+LEtiSiA>~WB_k8!Dj@KdGuH2Rd>nNI zSV1L$oa9-~^yT;Va5KeU?l+_5=4))8+mRW$c(B)fq8BUNpfuDbd^1NH+LYpBpU|62h08 zK+IVlZ@D)Cg|+2jSQ&jcQ%)&@Ja+kp#9!I`=TbatZ-4*Y<%As2)bVKd<9CaBpaF7j zy0@mH;yQ4MTyMYC4;;F0_P+V6dOOMsGYw6J*nFziijE}^5fSU^>WFw8PhaTXbh1*f zCcVzIYf18Gj}4e)O3fUmlfK;Uc{I!jz=DuB6I(&ez6~zm<<8%&uK?=*4{0D+C(d=+ z7;f^K4STm}ibn80K4)e9eMdy`BI#PujHlR@z!w{4CtW8V@Kd8`=H6IlkoK~_5G^FZ zy@64&W_NcNs0k=4DoV`jJow_pPXaeTIXM{<69be2dNCA-ri-*pM$-5#rVHt{s$Zs1 zdzU(pGDDEzpwjtBO{>OwsoZFwP@{s72-(aSIp?-$F|p+_zHx8DTndfZXXT4-^2b)v zU)8j3P=2io&F%3Qq%Czem1O_{)7vd2@*)QfUvx<=Rma=S$kFi<5Zmv_&E{zSYUI07 zB@}=cFJ4Qf8o+liqT0val=;anEK*>AC85wlx4sCE@Gr1~V76B~08}t`MCrt`f1h=404plZMHMBoi5z@ela{WK<%+%&IN z+qy)jDG&uuSdRIJaSu~ieEiI4#wQ@9@c1P+VcotC1`Y)mDBL6d9L3Y zdwWl9laPWI{kMfkJGr^e_z<#;O!bIg{Z+KW);RoK|3UCq05r`%A0Uvu&P4e~D81}+ ze9;2#sBJrdyH;CU3z&k=$BT0>wx~EzR=13toZJwo8wJ$daenz>pk^@eW~S4@G*E}& zg}?@DwcJ>jm9?3dn|6MBYWs3dXIB@nqW(DS43mpRI0Em~$-`yrg>jE|wI{q*iU0=j z-MDYG&is4*VK;GMBBD^%H#eVfK_$!)5q{{3xg!GibUZxuz0Dbb`ae zvQVJwFjPx)Qj?N++|IuOK|Ny}po&jFZOLE~dngM+7Jfe|+fN4U;0q!me^&h2H!!?+ zpx_VEz#R-z?a)>}qX>gvjN!k+n5-sZTgdbs5DU@L8|-H1arpObdICV^z4NF58jI7% zF%#6Qi^2c*H_{ADk&>63l*2C6)=c%J4)#ec5yW$I&U2b5*K;?Bm1Q`bPPRy z;=U5NgTES!A)=cUeVvdm`_z4MOz7Vk6i)@T*ms9j1fL#4qF4Vsk^f|{vEutq2}c)4 z&_B8kU6BMII4yb==B-%IY8DU}G&ZJ;>_J9Bd6^YhB0+CHK|yfu4>AD(fryBJ+N6hv zhmD@d`Tm zL?}{QM-*8aR@N%3g|xP|Hfn0>mka&^N*IZWiIMO+)3LCO0~b`oz`=p^l1G02?=63M zSTT|V{AFbUrVv{LAQI+))E1z2&_EnLa1AaT_mKbXy2blYrZ)VGDLatJ;`)g}!>%a5kIhL@}QVyM5ci&BIUWrEj-1|S%rq=GxDJ5pURDt`85tQRrD(wv50Gc<3q-sD z&skX5_wNE*?+RsRW(KIwFD{m{ygWJvMs!rvi`bvYK=Iue(n;6ZfbHe^rkWdWvt0@AF<8^u4+t(*4tisNgy*#*P=i&t@j2C}~#0VmwS_ zyP-^NDW7--CkRPUP}wyI|J}cf*`C)GP|BcIfZ4zDMEe9`lxfkAMUDc@Zd*_PLm+G8 zIzAD{aUmivzIhTKq)s@S+#)D?z_9&f(^%8j{sh=iT_(^_mWwIu9PJyDf%-jpQ6=$} z-%^6!UBr7J4O0@-qQE&v@o|h12s0#`Y2P?i_q8`y)4Q1B^vwo0gU%UZz1>Smn_3BX zhjf|73shXps<fCcDUI#v8Gd&*niT0$Wy3~y``xydp4;rj+4EM@m-*o1YzCh#m% z{rnka6xx#`6%Y0qE7EcIHLmnr9%87l9Egc`CbD4ul>z88qK4=x(2)buM2B_Oazb6a z+iag4Q>^bs`~BMmgR=qdf7SETb^RscNzN^;YtwwNXo>ij8=2wxFI)G;OR>*D+?)}d zO8$mfPs5b{$fO(Wq0C>HoF(UR7Ik7z)tK_iXN~3hi2uEI9sy2ki`djRhhkjmYHAq% zLXJu=p0%6sO_6{k52D%V6=xmaKFehL7WjC-;St@(r=UhkB9AV+zQtO&XqncX4_SO~ zO58uG(Em@KBR&ZCf6P-*A?%t|i{1vuO>v8}mDgCV;8_*q*^R1`u046H-k)=-1U|>A z8+)ecvsC=o?o@;g7qUg-Ah=&wKPev3_3MA73*{3D!4{bOG)?wVePB9!dWu)2!1#vV zT>!l`lN>Wm0jI0|e8BQQV|WiYX02?9`NkKaHW21#~qxV%r^xMNk5^xtSmH3=F9rUQVw4a#1mr8pgS zP(T2X{`Vqyk^rlc79HW{!8na76deS>WcvF0lG)=gq7vZRq=*C|MCwsIhdu@Xxh5MY z0gT}n`A!3a@BPLGWe>p{`cSaXW8cp63Bp2u%uT?9fWSxdJt^j~wqd?ds(e1DCe+t_ z>8X9X0XnIE=I~J4plO3=yoDM5rdI7Z<3Ci!Q|w+D(=3MKTZYJyXqO+x7RrmKYi6u? zTtx?KKTTK^TvGt~C?kd7kezQh&b)ui zL`{R?Ge(Zd!nu9$xaG&iLBf#2J&2(wS}0o?emT!^m!;2)$8c&U!_uY;FT*-l0`J?u|9|&3i=GSDeq;;c`L8;1; zPfwob>FUx*1t7Hg?s76+s1SWpr0RX<)Xb;*Hta#~Es>B<*1VOV((~%aV{?l5|z(aGZdk<)_Dhqx;@t?T3GL!?-ZOXc_L*WvVW@p8;b&-o$Trl`T72 zO$mGitr~QlzQVpY3^|zR`j60*#+M_f!0%ir2GRYbdi`KJ4t1+PjNg1p<(WHH9e+2k zr~boqUff^abH1`-7zcIqamA#is6OTM$#I97Ch5D zP?bZVU+P^;tyECru;%0J?F+_`R4{-FO)%U~eKrMs#Y%$e{j3ebQR>$#6>dxCmM;6M zCA$Vh>_^p!!H;*XZo%xdh1D}*;v+LHBUM=hAocOrHlFFcPNjZ2=A2S3r&_1Th z-wmZF&7rwMn-*aHk)ppn%LY}>TwZV(!+p5X2#CE9YUCL++4$BDP(Utv#@|KA_Lx`Y zE9bYj3%~4@XwgiCJZ0mG7sCqYD@U>lO{{3<3;4y3g^iuBOj9s5f12aZrl6sbD49(| zP5mz})>el?yibj7r;9t$Dsl)&LXay4qk9D32vi!uQCHDMvi7qwD7^Kl6o5FRJ-WWBv7IsZ>;Eov*LO*P(})VAP#$j%S-r|%c|saKo(Ka#Li7Y-I`eD4FK z{G%B>MA96R30-s(ZtiPGg{JC_EmU;tExPG>CQa zoc@V)bUPUr|1fVwucPR_cz*qU7^3dK$EEsI=5#fF8UWGl|)%8|T`o|3Y1jA9-@ zJ&t*i%Dau_3f+h zNn>?=-KsYrl$U}4u{enoh75$dSmQuA&gJ{F_N&1LrPzi_z{>}GeK>gd+^np>$V?zA z5k3)-7vNp?_KLr_{xX0=4*0-;0~$%hyZzz@n*+G1xw*Ndq$H4s4mcmh#s||yfU}SW z$X)>00U!W72DWH}P&N;{w;fC?g@{lvm`OE6N{qNF_v1hb-(PoLPMp?83RM=CoD9$e z{m_$(Qtd|8f-bh1`FHsFlEZ$DaTp0ARza3K8XI~?bcZRBao$SoYdrg&f3kr9BWt|< zg|V)A_q}{&J*(6XXWYJVG{0lHbK-Na&!b&zPsmu#W&F3K7PPtL3zXyPa=sQ zz(RPXZOt0aLdgK20;WhN$?)GQ>DbWzb@#I`CWQIeW z_GFe0fTZ3E94f1ucgQdF%71h8>5S=R?^+&*>QB>xtBi0n%9Oz^{bKq9Out*h%n{4p zhSGP;ru_U@dGt1g1Wr})wGh&!oG;6$-2-xko%NA8@pt1Ek74vBwObD5k%0_ngu1ua zFiglYnKkIHC5dpi3w*542ohR`mNRpp%=Nxgxw;A3gW(aEwQ4bI3Qi&kP;cb}Vr%m| znhR7Ki#JNkfO?o?^-5;O{TI=w;{>K9d;DZ~J!jR=s0wzw#=AH9T*uw>#~(w%$Oi1z zEjE~e^#L5{H>7`)=>LOPYrb4P{g9u;KIm|u-~{A|xll<|jh{zC`z+sqO`IaVet1(1 z)IusyhY0@5$X?v|;5VvR=N409^x0J<;NlzNIAP(v@+$X!Y;L#UrX<0mGWTg* zDeV_Qnv>p0O3g2r>*i?o?NV4?pWh~0tdWY<_?jk23*v*D>xO`bA_qQ12XkfK^%8r} z67W$TpR7Y5m>~6YD?oAUG4)a^3Vg;HUN^)gZ`#>hYeo!; z+s4($R;Jl(xmy}DVNC|(yq(G^^ZVP}#=HX-QOFr6l3I4sL%{p?bE9>; z*Kw+^KkKxStZo#_N4oXi&xD|~w-LGi1^+8I^Lk##^Zw3|BnOB%T_V{5RT2)xo?NB` zRNBtbCd7)w5wCD$_jjIbg!5)5xeW6&rZcsgl-Mgnm2nTR0ULkh`GdLba?nRcVo+vr zcNSt+m!y;wMraoiue0Ne&Iu>vR;0sD=dx>mQAdvJorq=Xd_cG3zp@s{-0U*2)6`6Q zk+r7x*GC3GxQ;IgHbq&?5M48${vMe>n=no!ssD1XtzC`M6%D_*6sIejU`OE3Z0YaR zN28y^_11DvFXYIsq^nFJcijva>wd?UHS|^Iym*TXgM=d9o))s23V+lp0iBOf&+N)J9jhre)DYb{x zQmNW%sVxX%djut|C4waKOrG<8IM?-le!sn6GS_v_+?n6~o0wLUhZjy>`znP%=4sePpyf5fPM_f%q=-|X z)|aclTV8M~9r4tVOw}%eHvH1v-7RwXfO^?w`oZM(n;Mc|{Hg(EHi=*t)`&CLS!sq7 zi)PBXIbvphVk4h~S{yspda<)zVCSN4kot(r#2>2niw`dSStK?Q5g`Vst`7-# zT$wh6(Tf}#EyukXE&tLu5rzp8mK|>-YLw%KuM?j-O8+HTs_Yr{@RL#oc9QeUJw*xT z55lZc5xyUuO`SyV+GOtHsGK~i@fj>+yGH(tAL)5!+Ydj43RFnZt(LIywmr)WfuPap z<@D9!w&6P56tK)kP0@F#a5!96l&Z5c``uc4Cr>(e`g&ByD3`ssd!_l_`^5%KPqqVt zETD+JQQeUMiD};NHI=n9V4FG_Q#>3p-ZqrwbMZ8Hr|G>-igW)&~bqOzNw{ z-0WQl^NhS8IGAlX0u(0mTAAK96tlTae^Jj4v9|h%re0Va7}$?rW3iO+=V$)pZ+~#I z@DK%VI<0w|m6w-P)ix=%>3S!^zgn@@lQSc+<(pn}lE)7f6+}BU@>-rvc2C^r+Lyp} zko4$E@40*5RGWuK-E(XnK&}p!G~S&LaS1ikE8WpM&d4Y4|>ChEp z1PQtwG9BZ&pK@NT49)4BIpv*1kFHrO|A`EXp7{owR)g_@4=E`rEOu;kRMuSZQprGW z@Z{KfYj*#UM5ZX45-ZqMcS^{J_vU7+^ZG(1Ad#xQsP)$w9waPumfRkhag?Ht}o%3P3z z;;zu0pT!0ZqTgg~Z~0N9c3a1iMX5(_A`rzYGFuxhmWUHD zJWO6jLODg~Qi)c-B;!*B#R8!d;opKp^rVr|C{`61I)bxj$=BHHv1^z;Dib>$L=l$7 z?{1f()2B1-Ox|tbTWSuC>8)_GonPvza@G+X#Msbr^CeVC;NDT_e(zL; z9Ai#)O3bv0`Ap1Kaw|_4Zdf^gkvea?YSMt0{>2_FNhm+5G{5=K!O6)_^AvtvQfN8C z;7Qj~k>qJdN5>b|mq~qgDyphoKAQ8NWxrS9sq))kbPaKXVBGkm!TZ8mufOlNE%e9C z4bVyxTMT?>WuaN{^>6p@{}>T-HjbnndeQ&k`rRq65qBzp%nf6lC8Ek3)(Xq>g4D23 z%Ⓢ+&-zTJ~F0YCBdIUQ>SipTf`E4x(b|;%;=dw*CZiQb6+!)Yc{?~ZPIuu!;E`d z5Xz}9QYT#ry& z2?z*yWGHxKYiB;4JUo2PweB2ULB!C8%TIE*wY3co-vqmy=0(jlo7fvYy}i9S94<^i zG0woyFgG{1w6v6$6%5Y10^bM5#>Tv?>8SbC#l^)nN_~ec)~iGAAQMk|Km6c(0pB{w?c#T>4R*w_3Qe>nNLI@KHq~PT;K-~iLlPoZVGfKPS z2S9z0Yw^5le;ZQZC114#TSJ)>ffXa8qtl_JqX6@ZXTQ3;0Er$iQUW06qO?v>@w<2K zjS&HWvp0aPL&D-8wkHC4PnQ?H(KRtK0Yqm2GOvy%$$PWqrKN$u3c!kNQVj*W0QEH? zQwF>t036h}T#h`x{`j!0d0<24}40 zq`2Y{xw)2nY;xCEf{kbQ}Rn5A%KI{O>%P z8o^!bbM4@+Fn`4Wp7_G>a0I=9297$@qMs9iN@0&zL9xvQEsfh*2^ndIfYMg0K?MMV z@9SjpKif3`(wUxh)_Ign*45GZEQ>uj(S$}~Fr0Vw(^5!CWqFcvEJz?$4)i$w+WLB3 zZEd5SnRs67fyKj-fq{XE2~f$g;@aBUSFgNA-a7KKR$T%ghQO?rC*cgL|Z%S!pZawC)3A<%}Xn1`*U9EbM9I`PhiP+ z${Nwiv;t}U#vCup=Mp)(#vBl_yWVIU6BH4)zT9uoCKJAAfb1T3?#G4ikuo$|Tv}!u z7}B>pxC=0O+oGW&Q!%SS3I$C)VA>~J(eUHGSRabI+)vUdFq;9+|EH7OnU;k#Y80u+ zHdZpzpCsJEVIcD4wF&HJx!y-C+8myypU0e!NYlq)yqB}Vl|i5Ch9Po(DXm0IFA{{2 zb{OgHZ+(=S^sNXe_Vq6y4VPrpt$vXK6DcrL5IZbaFGK3Ah)Y(Y zUGJ*u8KJH7N{m4luh$c((f=g@l|$oH{#^)cK{qAGpDUgFU5dM zBW_VKT<;-?yGWn(X|}$+2IevR0CTB?eCoIOi*homZCOu69t28w3~^flD0(LV)o%Bk zG0ogEwX1l7yps0lJG!4Zf6aVDWO5-Ne-m<)fA?$bopyck1at1`E@w$ep)2B6eU%y~ z_L2{9PFT!#0-F3)w!VMW!aV*x{$h;Gf6?tTpqX1Rk;nU&GGmfndG6h`RR8d29tx*8 z*mA|T$)-G?a3BK$XzW2W=+jRqjkc98>UXq3x*Tk8r#*NT-epLA<>CKOPg65uPuPxg zqT!G6ARW30=;y7WG*@1FQTr&c)&JW_|9{p$r>y@=HrBX&I{t+xea&Z5Ks9_;mu!A3 IH}|~%AEufdc>n+a literal 0 HcmV?d00001 From 7c6549aef86b48552fb94df5cf7b90bde685f5a1 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 15 Feb 2024 00:43:35 +0000 Subject: [PATCH 092/114] docs: update roadmap image --- docs/enrollment-pathways/img/roadmap.png | Bin 113095 -> 459485 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/enrollment-pathways/img/roadmap.png b/docs/enrollment-pathways/img/roadmap.png index aa03d31e97891d0970186c19ccfa1c21bba85bc2..df980309e0a40d2e589d66906e6aef8ef7dc6efa 100644 GIT binary patch literal 459485 zcmeEui940+-~Db5Ig)vZq7X&qnL$C11bW~f7nv#{0L?ThEA6C&Lk!bKO zh4bc(_+Pfkb88Z52T5J!puT&|_bxw|=4qcfG84tFD;qX%EE+^w$`U{tqOC1><24fPfjkc-BBlK@xu2|ccC^f$?Nquvv zUiO-+>n~1T`?6f0<$dIk?=H!L_%{PiVSbL|!;`+Hx3A5ry`S`5c-%PZf{XdzkDyz3 zeysW5zaWt=uj-Jt{QFlFTqNQy{&`$pPfJ?&&yV=-z}3x{|NTNc4z7Rmucwf1?O1#I z-@iG$bCQzuoH8^tWK`_wdcG}tr|)#SSw*JF>;8C>lNvD&3}%U!SCs(yC8wiv9wOP(mFshS#X92j5uIj+se|A#+aKEL&UcoWO9 zW5?*+x?By31+%cb^@>guX*XjmoWH~;azjO(|)#lN=8&`b7sJ3ljdJ>%c{P}0G) zskynLoJNsdT3VVVn(ohzh#dO+W>N#ON_df+OFufWL7|0(h1S;Af!D8JmvWyt{qohT z$^_*bT#AZ{l$4a_?{DoC##{3V3Wi}(`S$G#b*___y#Ckrhd+b@_8v}ctZ!}>Jo@|y97!=DqBPdwnIyLj>9`m=9rZ0Zvak?&@C?>06zF1!$qHCzf*RGh34QIVWr;Yi|>Cr<)JYo(H8Re8_M{ODx5d-v{%cCY?-LFAF7 za1N)=^sExrye}7z7z};z5BHr)avCq5<(SPE@+IHYJ$CF)eKGcrOGrrQ*RNlR+1dMR zr3ONnCC(c~Mn=AC%dtp$`BLoH3?t-l1{t= zOBWNd&fPcvCeWS<*mw6Oa@9clx%kk^%F2*T6Eic;>FH@QB3MmD1@EpID`CsYw|b`#L&05(^6E z?}umkEKCKxs8f(75`&v_{_rXHzJU5Hvr>*2#@opW2|HI-##c)^2YUMZ`=w^TIEUw7 zD8Eh}Ynml6+#u`X;xaYod_hI!%$YOZ6W2IHZVDFiW#;z>GmBUr4zDA<`CxP5LTF1% zi?yw7Fmj7?`aZD%LPFt3go?!ki>Dfhm7~$2z-_-7{f|sg{Qkf- zwz<7BjdS@8GK?8|7FzO%(&6+Yx3v-*?`7$*W3r>OlV;U#`Li-j#k(N7feyQ@P=U;R zF2wnBdDE;2?Np1#6s;Va#uWGdAYOCig0Sniru*V{1~EP}?d=>io?m=syO^}Jw7N>_ z#?6)`?`pV?ir3>J5;HQi-sn_{i;GtvEG$MFlAU^dW-BU~%-G{srcx~$9;>%=P+t}# zZg22oRMoG+j|1^5qw)Q>j|c{xcwtp>h{+`KM?JBtQXA%(yoql}BfIbIJIQEh=Ht3F zaYONY&fKh9?#q|&um@~@3#oprW(y5b=5=xM@(Sy2d5pDW+$5@rFexCbqmRAPt}PJ$)YGtFD{lh z^&Cx}`+iQ5Ew9_t?t5DfcPICnTWdyLWbO%?usRRb1dU~tDzs#pME{5&u2HJuZ!u^` zpNx!5|JzNRA)WTG_p!3FK9|>4QQ2!!D27CQF2C{CK~yWJMlHz-`PnaYKYsjZ=SVd? z`P@={sXc!AgxvB}V>`zNPnF}xk0VxG78STvLjo!2c-WmzqJ?Z>-v6l4?k`p`K4fWU zbA7LW@zSr4!d^4q-G?5WdoE8&VtMH~{q6U4&-VEFq5fHUu@l#)O}oNCMSMfr_ADny zxMZ$EsM0R0_}&lQu!)>-pS_e+R4?Q=ex~;QbthiM#KgpVfUPGG8*1ehV=8c0qoTEB zCih8JR=BkDkfj& zca{9lFxj7hc9{h{NnVX!XfgL?-R#eI7fIW{{vlzQuuQ(LY38$j>J8525w#rK=BIN}e)CZ%Le(=;#0^Yc%>28mQslagcjxzAXWPcKs_K7w zgSL}^VP?olhvMn{x1_3B)X7SsGM*1#)0L8(yc@gT%I#(1J3pvay!wy zHmzm&qyO!=GBe)8Nz`JrsWW`+_0S@w9#+)Q5S_B*^f zVdR0Tb6)iC^DlJ1I^^Z$71iS2v)Ii2@CoC03rO zz#drWrbz(-fu!fpMHq!lz4aEgqb2sGXg+92Zue^?T7scf16kS}ex;)*+w zW9=NthIS4P;fv#?iX5IJ3FpJtvgD!63&twiG(4WGbt|D;UYzx-v$*v03kx+hbv^QK zR?h0@mjYb_14hNUw=`j173C|-i&d$L%cFDYr3>lWbv|Oq2^N#^#;Uy1zL|RyS z(f874yNqbu9;cSg~eFEm3gOfYDtwthYscaIA|p| z@n)Uy+3H9sbp03d8d)<7V_8*CkEbW1X?G?aP%WNrIT@=U$;-=I^6PFEyXZ=2Ao0}j zMdnDnMf~d0u*J;xc5?sC-`U3)E$I-3UVBI;Htg-SO=>naHbgVgJ#m5s!0+4C7q!Nw zCi)}y_I?<77^8rqJ@E7OcvuyO*WTZi`mfI)3l}?zAXM9c@fi10H=<^@weHtX0UWHio4!RVN%c@?GibVkuD;MPIFa{cvZ% zIezifDaW@PSWe#g+1${ujaX7|Aly$ge8r~6kKZNTKURw?mi75bJp0*;+Uj00+H0F= zh!w1?c_1oU_>;WXD0>HxlBbJ~_P*xkW?{dTrTfAbs@N3I9HjZ~g>#gtNkDHs%Rk)) zP%vv|_=sztQuCm{t z5s0EhzjG)etG>+3<8=EJ7iRN5uEb}tl2>v5!yFcg<0j+2V86vYznf_0+F5RW0Zf&{ zimM)E3!z-czOwwmdnXg~^QAhIEZ^PQsZ5~7@k04nZ8hLQb}7dlNb-2HPt?AX_sHTq zI|18L>*U9aCPk#wFCk{mdac)9gQBs@Vrb%e959%-Gl^8(L}Wey>H8VxVx#ObjB>cTy(d4puP*k)*SiuCD>Y5=cV*dGLJoDX+$F^(Y_8(n zM`ac$kX0mt&F^;gBZvh9!=V!=PMkukqNUC8TU{|iA0b*uj(t~QQszlrUD_nI@SnfD zrvw3>i5?CRDB7PAZU1dbre|qLl7P9q-rflAXQv9DH!dDhId!T1EKqP$n)7gNEZebE z?H>&*T|e*_!EE;VeI|L5=cQnUfgsNr>mW+kjo1G!@{!qZpde6inP1AG9z77J6O1kSId(~*ma z$R2a?Dj9q?I5cGCwSJp@Pl*rtrr8o#r^S>f0pN2is(y!l{_4u&z-VfG*b%{k#~;T$ zy;EO%#Nj3{AG`CPD$y(3Gp`-hn*Z%-djFW&swX`o<0YF|bg8OXw{8|(y;GNKYsKX? z>&)jS`dH=z3?B_MfX$k?buqM>xS2$?q@h7!dADdazn(&6$t+!2AiBltq88v3(fzcy z=z(+y5Pr^U%eF`09wn>G<5j2~uV2;z?-zRSKBKLLi~cmTdDoXZ-7ki*SKLh$Zd6VD7CSklDv%IH^=KcLUL2y9qpS>{C$eW+e^4p$n zm=%_5*IJ3K!nQ1|7ku-k1-Rdh_;qzMW6#cq`*j$Vczb+D9(P*A zM52lltxPLg;?UoO-obY=S_+t>US}D<f?<%yDwb0aKp^*0)VZALpM7>jnhQ$+wv^=h3PRSg7msi^fJr1 zSkp5xRiO*^e}7RIrhbQ~BKu6ah(sN91JPHE&}n6U*zIEnZD}zjQLxOxY=7@Zo4uyoh%F&P!ubt4qD(G5NI!c}@+w^xk{T}Jyp&lV%T4?#XFLLDQtE~9+MGb&3n!Y>mOxl**E z8Kca6J@VwPcf0lYkiXv1iTj*`WXf?T_gkpG!8!^%bQj&1bm$h&dcLGB_sVPbXIu6e zWdfmbaS<8}K|RonlR5{6E!v>~%0alu0VaBqmL@%vGw!_)uc2#b$VBTj=Vc5bhG>e4 z^LG@3Al%qL5C=iD2$yFh6vfom{ISf}{h6KJc|`*TKrkE_|tu+{hX|L z`LM!lK|Z;XO=qD9g@gE`rLoc#yVRND;W)4UI4{Uz&P3-2#vgC;1?46{Jr$E+2$Pw& zaJT1J#z5TUYriU6JG+70R#Vyj6~%=l#b7F-qWyv;bN%<_Jf63nT&?3=>Eo;vZ#_ka zja;oC6-N>FQ(EJQQUN3xH&M7cL9@D*;D2FWr;r?SOB3bf$@o<{tbO-nK1wHX@gmz+ z?NLzCkm4&658X6JbXCdC#Fj=Q!HM+%4VLomnIjJngpAmSb8#M4QN!PY5q4N_)4j$o zNBm7?iM&*p$qBCrVG%X&eRE~Jurxb6Tei|$2YT-^?RbuMCDZ_CJwHjm9&}ufIq3z< zPY*a z(VqaYK}@FZJAGFs<2h%`Z*+SoZl%>VG1)FuJf(+#D;~I^FqQD+*|QJ=iEiA&{JG15 zvoUSKIfxuk5^RR6-dg>oxWd114x&m9m^_uu2#?{YblpY3|9+5*w?-q{x|FIwmd z7QgS?KU;fhT!9VcKt)MODYL40URq+u4if1o+Q-zlW~%KnE}y@Nns|H5K@7YOK-mYf zUBHoQkRA~k>5uNWe$ytRD3LB3=h`Nyg>%dS$xN?!xeV8CXIJ!PN4HTud^oU@x*ZJe z@R1|RcqJ|_uC4U+Q@`vkUAi;}CE_!-q_2*{BPcw))iV(|uCX4wd8#xnCMM*rfFTiC zSr-f@pT_h=Z=&JoZAv?a1}ptkKkX{8P6GO}YUh-u3h@}DO2F7&(t^ zNXK_?uB_|p>pPP@RMOO>zkcJ!lHB=Y83q>13)2(R)1RgfnrY!`Pp>S^8|B(EsD`p8 z>t2hw&Be`~b8%1uVk?bpu5rZl%F3d{Gt*+$4CCA~2+Z`+7oQoV=Qs~*qxG!K$;kX+ZW0sb?h##rhB;M54{`I3HS2@qV>u9cRv$w^I=g+h4 zyJQGmuqV{)Fbk*e+|Ipw_uh(#*hw$6AgxJ`2;LS^-&ELM_iua8I8Y!SDu(oFEopVtKY_xX|NhSWS)Q`Hq(qAESiS z%*_)WyKmjvS`#Bp2f}$@%8BctmSklCmsv&oO_6=P47xIq_P#Jq#jx++&li6U2@9(PvdQsTyo9Sf zmSkhA5^y&th~i6ER{*D6cvzT0KGy(u=g8wJ{SG2$1C^*19J0s_|H#`9z$DP2UJ{+((R&fNMPSSYAnRW>@1W0t`A2p zU6KgfE_)rCULv3+kRyFC{T{BOZrpOVJK4NgGfN<_$yOX#KNPS`w1?uthPQ|gGG<4; zxDlDUySHvlJlB2G+{}QqDF+PQNJT{zJ1iK88oCLz_uad9n=8h?d3r${J5_oQ1xTPeIl>4;wf)VO}RWX&ZWd%$rKor5*v9|bb>eD`zo~Fub$_PjF^2F zMtNh!RP}y>H5^Sh*mtVn;vqhT(x4(P3@7%x{X7+WL30}?XZY?T_f8|q=T;WS>oZMc zW50gTZ5w9;mmt;U3H_nAXD6*+*6-U2OmcQnP`x^UI8atI^ zvI?CBHliCoYI70hvcM>CUtb%fqzwYX+V}3=(<7s4AA7Rx^rwg76H`-7Cnm?!@h|KAQ7!9sBDi-dU+;y?AajD#UAVah*H}_gBICeUT~qT8 z;>3Q(-UA6kUAXBpK&SWjpDB~=Tw>d{?JDrQ1vEd^`X#olTQ5Vw|CT&Is|7(~VrHfi zKTgHH-mxdJwX?0w2sgMiTsJTy>EE< z#+r2-ckJD(nOaaAD@*)vSbVkQ8&J<2)7hv*K&J>4)Xaw5==$V1UxVJZ2jmU2^}&y8^r>*NihNp?LsUD^+k@YF2^R zjcHOaG}CY5LKBHBg2QLX{{HJjSj9Dl>C(!}%gLW4dv@&EqfXAfcI_HwjEc~uj*xRF zw=ptaM|@a!?SFZpQ{vR?OIm8j8N3l7h@Tx0f-a2ci9N@^xO;iAz0@rL4Y2NfmGSl$ z(|VCc3F7a{JC529sHITjE*3oxLL?PewW-^Pn=CgHQy9goqtp;gI)4SfS5@g>%j= zEGT6dusz~mYkF!xWsmEH+L{{wygW&yVCrm70CeEDjg801v;6_fzxVw*HCu}Ny0c13 zYeCDefSnr|8#B(?kfnQCQKx{TwTI(JAynL85HKiO8Yh0oBC4A6N#^1UG=RCqMS;F!n3f{4Ws7$9Hmrem5SKoHh6V zv>@W^`vcJF_!w3(Mt+NKm|*Mjv7%xF!c5qOg=8wnCyTaKENMc^K#$3BSx$R<`?&Xu zx0u%^_xE^>%cso|*M<58L=|PMR*9?u@!V28{K=!&4T7~p?CCTrEcyhQtn2a#^$cir11jyI7ESB88dw1XK@e<`zr((F+v`6)7#plpvS~@o> zBQC+vH+Wk=*hRx3IWX#z-U*i!EXc-Vx%Z?vn09CEt-`B~5S$`^L6 zg6lVI*z+8*p10q3$vswkwn^pUMUfJynrnsCgCp-mL|kDJwPJo&AaVm}0~m0NvGTzk zjqmI(T*x@RJL@&r^T+Em0N5Im<+dH9qH}c|;M)iIqqd2Nh`=hN$al#UT6YDO#-)3+ z^S7ow>({S;q@SiI^GW&5hdaEW>~fap&apk)7^h72YHrTG&*;IYofqjNM`Ac@dRJ z#jRnhP$^EEn{%;`qrU*rQd9|iYHc;l*~qW;Rc^2S=9^4H_e=*cMIeIWZM2{ByUI#) z(58(S9J$W^XvKLj*@6}aajm~3ffWey`kU|85aQ@anhcN4e1_V}O!n2P(#Qi18k;&kAeiGgrM z)~Sw>-rmzL(LTj?Kf8+s*abRCMZU|PX?5Hh1X|(Ij(O5HWE(&(sRv-p#uf+gS9c+q4GA4?JVhdaMa){w z@fcp6xXo1^?d^Mvg2)df9pdzr4O6va{VkN0m8TV)4C%VNyEmjH9FNL0Ee;0s(a0c# zp|z4ul6-udp>v|VJ-+oRT9U1BJ?TI=hx`^3r7K5oW#zF++P|w)Tn&kgq#w=w6-|n{ zckenTj^DiXqF=%00`##yP4&^lgyXZ5dD?HE{<`GG!8hinSKV z_FBt<0-O!d@82Ir%I`$GeHw>#>;=Aw z$yOPU1Xrf0GI(KX|~>fk{HR!op?- ze*Md#q10%kPKz@aFg+x_efw5vOjS*dpvTN&*0&rlRC4XuabRx23%rwE!P|)659P5w zL3vYCmKi62m=dZDhoWx?W^jFI!)2dFQKXasQgy-m(iYxlCnhD)GBWbys$%nXF?)#Q z(_Q=Krg{$ctqfI5%-(9BVJ7=Si3|M4)y_OJNOzk4cD&Es#LU6%=a;lL<9TsX7AST^ zL`3l5u?EzsY%~L?AxHRpAw9+&5h}E%gENsa899OZCq6E_&Cj7jpTar zUw{4e#2|yU`rbY&m>-OcjCKeM(}Ee7p)w`c@v4Qfzr|R3(nrX;CQi{W4DXo$v)6UO zfZrS2?R1{R^G`;ITn1A=nV>OM*Vrgpw@JF|%a_k7T5K56tk2BMEYOzGR#(3Q zHf@l3YR`1eZ_lV5~_? z69Q|{qgmpRay($W@GL!D00FhZ(6F_2rAR4&@`+&ajWR5oYV|8^I_|49{ogY6^ zAxf_n%#W?UGfPsXera957DT)1*@+j9-`j*UTElMMEC;t2wtRo}TjcKKJ=b@` z@!~}#OsluDvE2kBBfzZQr^`g%N;+_$L!QAOnVdV5?*Q{n0Ai48*xL{Uf(kit{lyDW zO)V|rh9JT16cf`=^#GKg{l$L%+_@XzQ0TR)w(D})fnE@umv7#@*(3u@IMSTXgkYO* z$%3Mv1Y;Y3)CN{b`w+-VLxl#oT*kddJEl!}1O%vfwPOx|r3ADd)qqiu44{^TrFf5k zz_vSmeNQXrJ$Kae2bSSKt#?bsqu8>AK5Vy$1cc2ywueQAK5a71MZW@F({z|u4Py_2 z1VL3{b@uFA^kpeG2y}#`0R$yiH$c=mB+VI&gWtb@|Cyhti(sDAGrd`N?$Dtv1~Tq5 zE}9;L`EUC@A+x_=z)h2z9q*|E4?kMyVw2GiPaYO*b6*i!5{idKTopRv0LB<^0f-!- zGG;iR?wXcd;pPyLGb#F ze)Mp`$Z;(}K|z9kb^ERQNXf`>0fm4pRszA~fTgdMl`qJS@ClD8@9NqPPv3!J&*_U7 zuIi^Z0})daga+zD$*Xw{-_`(7TH;**#nE?9!=j-i4v6(V!>(ZrTvFI`$~vv*4#cza zmKKAte28Fab?e^TT;zqf;dg&{d^lp&dl_#Gm8uG`C%_q1js;~^*Ya9!nPblg3_8J@ ztGRi3YM6G{KRqrWB`eDfVGGv_9eXp;X>%zw59(!}k_PtM&gnhz)~^KlwI4G*!Y5Vh zx^9CmbZt1c`Hf$lpO07l1vbtN457F*ac$zdnlxzo-Y)pb2muFIU?$5XZvB}AZK%A8 z(=P<9+2&;!0tGDahR5X4naQC~Wz#Y8UM-KP-+(kIz?n4P;#>w#&oyk0IkYc5Hg+)Z zUc8p0v-6!jcYn8n!<1~7|IoMJKW;fNbMR+TiWKuTaO2ak)>~tAgUS*B7)qHn4GTm+ z?tJs+&0B-RZ{Aea*N?3C(+T=D+52|g60}b}J2C6e2NG<%w{MrdL~s8dMDM6Thny|I zLV@$}Q0G!Kv3Ho)h$FTiyJn&$7n6mVEzP6O$$44kphgA3JSY-2BA z2gUH@#Kil&dC41TX?xH-0>FQ)moIxl=U7>uH4}5_KJ{3Wp9Cc3Z-Fg;)=b8$O-xK& zzHws{IvvrN32uN_@+e{KVIUeLb~j)kHa3>(-J%{01!72j$jmAzTe^uV6!)W}xw*O5 zQBY6-xd1}cjP z-M_o|BwuSf^!xL*mc01yco<%O6=H5BlDfI<;-fyvmb zgwY9YDhcBYf_yqbq9#;jqD3uuYc4pAHtZ&X3&7yEv0CG-iv#7BEh_Hr`HtPUcONl_ zgyrb!`e~YZ)22-X$ppXntsXlA*=R>>JpE>FoGoa`^Eg6^-04tSJhM`b88MdaiD|J6 zrhrt$Tm~|evYy^;7X@XfOP4CKa~n2ox^XIe^mD?xnwpx&zKT8ixFur7U8lv!CT4vZ ze3?2fE>2JDF)$Ksn9uRr#R;V+_c;Bi@Aa7~cfjs0U+ zP*B(}>9=Sxfx#a!g1~HTKN8jQ>{*Io8P6%czXSFCqhBQhhyPI)Rb*({*aX<^&YhcW z3EEfr_|Q#8#OGy@g(l?~X)GTvgV5yueG$TeK|ycfK1t9^^KX5E3&!iyKYKbchS44* zEB@T;HP;4EL0a5p48lFSAJNuk40A<0!LM>0dK5DJ%&3yE z07oQK_{iNxs@N)`CJ_@IOodb+u+=|Sr-Q1$4m#)|fYbUXy4)^sdZLzByWTG<)&7qc zAQsh?TVCEIKMcKNxE*pIgu64pzJ4ex(9_dMLJ2bWY3VdmAk}N3HYK=hy(G z^L0d|`e0(w510&c_Y`r#b-W)A3-4&Z9?LUluAqXQ!HJYP7*L&KSv41CC;F6;LA{u` zmtoYsyK9L6N8VHQYDzgG(R)a5&^jj1ulO8)ed)*N*KQ7drvTSCQ&Tg9`P~)nkI7i8#qq5Zm5TyIFJFd zB5?P}%eONZaLnX)|0wgPXoz>%w{KrPI$GZxri*DGMiRgO_#u3uLoC#HJX*}=Do&Q@ z@%KReP453w-z@(vPmwG+!Wvv|TO2e@(PXJ;x#;S8*H#mQ5QAroiC1^Y%CZ4ysiL-% zao=gVkq^I42@=rEs^cuVXv+$UOiO8-~V0S34ZA(v%v8 z&tFVo2AfglL3#t%%Rp6l>zq3c4GrqsVSe7hpC~PQWKN$cTC66&$&D1cC+aK!a!^C& z>{i)eq4Jy>xk3;yGjH++NEk$wIrPg1o_{5_g5A8lRDK+!%b1EkLf0{_AcWQd>Py{L zfIwwA4k9g!s!T$rkq_V7+1gS2!Vwo8X*CaMi>eBww^$?0r@9 zH4Bh~s-nH4gHo$9I4J0#re?@dZ4tQ$D>6Gq^aoW`{4Z7%aU%;ISC%}8(IPRXhtc`g z-MhPUQ<9RB-m=Q0dQfw6avoB!+r`5}siU~bG^Xc}gvbbpgkvotkc*#RBgx_{+u9ot zbzSL#Us2aTet?kr&AGZ^GAHE8s|*nev5I~xxvM6{o(w2U$G^U4O#jxJCA3uX6Ej=D z%dNHhMA{qCtm6Gv3LI;%%I!I3HXCZ0MMq3j@n3H6C=`8N`(2NI3=eIjX65@e`@JFg zra@H{|8b3U)j>&yuZv;8z)=fv3SKjsZ*9ere$>?=ROjSkfSK6z$bSm5$h*A9{}4+q zt}`OkZ@6g6OQ|eVYJ()&XjvLic}$~??tvz}d#CcQs!BP-K;U6IIvh%JVxk?R1V9nN zgdu@tk{_om#mKs8OTEIsm*t={UxOk51wA+TwZ~+NqxJ<95$e1A#~Wm7ySq8SJJhVL zpBy#4P{PZ9mvZOMok||T@GC>7psHAV00cZBrJ@VN>9DY{GLH|AmcI5dMMFv0%A@tr z9|doZ(eXY^Ld1+toG4xzhkCMW*RCA^q2TGkL*Kp>fX7UiM){%h!*?fD(IV?L^Gsh9 z7KYe>eq8TgpyKZ;Dkv&8ZQPiMaP#1}gRS1@T;Cid?LH%D%m9v?lyU&4-eLO5P0z-_5P-jC zdS4g5Q0TDh1;xf4E%_#pvoXbBgo!(9Uia@E1wN^h7 zodhlbs=>$tnrAf75ss$mE9ESdq#A=-C)jku$ngd)9RJDd{{D}^y2}2uvr_+3j!{0B zP_m9@-!4l+9+%}nQLva=ns){>93EUn3`}6~TM_NI<}_TG!C5ETkh$z2DnyMZmK)Vf zJ!_9>L?(RJWjSEN&@&#kH~}>17O@CQLP28+%YdWW@tH*HP1q|bCEpZ7G}(^{WblS} zsnJ~p&T3M;EcXs8FQtP?fZDEwWlTHIvmBEY)7Raqs;XQH3Z~>q6ExTQJO{Hwtxf(( zN!-K}!GJ4TA|GtV@Wvn77e&Rx2M_uHUzut%)RRn*xJ~B@bQG7Ta<5;!@Y1GHRZ6J1 z3)7zD{sNn|gUN>@xb7?ZDQH9q?kl=pGyn47wT)%NGibXB=x1dGXIZ0M)rsVi2!5iM z96a&39gY~vVe$2DZf*&7i8aI0q$kHx!#)=ue^3NhNmJ< zDfTjyy7&JraR;op?(Iyu%Chc(>K-5QXS6Iyfd7EhU7yb~Q=`;DKuK`uDM6i+f$Ssr zQX9kdvhwnPF}{R9%hJr{?~y8`5QGG znIDRs|DfG_p)EVX@mWnzXt(xI@x9{WV*PSy27CA{=WrnRC`7hC@h02crlGwe!^f}@ z=u~P_rYUO-qNbdBU^Ar9N!;``lMc`~*nT9zPTa1AKKM>-k)Wr1bL;S7@k0K}fj7&6VcX4^L$;!%VJ{0?aRm#AGi8%MD zbmujPf;XSsna?#fTObu~3;uM*!9j?Ac8+Y3R`d{M`kv$Ypl!STEpprUb762R6@KT= z9ml;B{kZ~4W{Qe>aqv_oe!2qX;mxCi*LnvB10c9Lzo6fqek}Db&)J_DvqeND`h%XfL33(`BGjs;cK}j66iByU-&=o?hS65Wj7=#%XvX zam4dVlMD#InyTt`$D*3~qY^6s5PAin55B9?ij+zsp&J^Vrq!q1G^buXJ#Xsc6ZW|1 zgSP>WEk1Sp4kYVu@i+2$z*b25rz$79MF6T`i`G5b&`jtffZ+Z&Zg4|TgLDP?UV7WM zZMPs#hlGTzRotg+14tA3kUlmFLv6ykEpsB8GAiD8LA{WcY{CRVh?ZNm7w47;J}wq^ z$0J`1ISS#2F)RvL+a<2Nqr>>ytlkjoGwKKNeK@X&gA5lpq}OXg=IeI8eNhG$Qy66g z3aySF-3rC9x4)l2Z`)9bZgsrBzVZ>J9Y-kw3JO*@`*46bpx@(|p59{~&gzo!TS0Kh zU`A;f_h~1bJ7r_C($ebU``SA@%V8HHlgVXvpI3F$oAngy_>Vv3Goof-#5$LO!zN1( ztofR%RUN0Zef#zRi?h+Edn%27vVDj#Bs~J*)gwcT(7Tf~{h^`)-G62>X2ed}ES@_z z;=zL;sPv%5>kxMU%xf?x-HMST+Sy}>pWNI@N5yx1jOnyAAL#GD1r`63;_qC3zvJI? zaFPg3C#4i;k5f{<$*Cc1lKZEpdtV8!Y-wz0*kZC)o$%R_VUbjq+)@lP z*?OzGxKNl(9-&NtkMW{EK6Q_C3&rtVLQZS8+>LT#LKZ*U)5`XI4fBB#>Nhy9M`!vP zLVsC~H2e1L?WAY72*ho5(Bk29^}^xa-pg5~E3D|Q*MfqAxa<@>eyK>kLXp&K)L1jG zT7YRh1g}%>)E31KM1$xv5)~C4on3$3Q)j2rlymI&Vd?sD-GeqH?ITCZAuAJeA2{I{ zgBRa*K+L2IyXzBw|NebG`700q)Wr4whJ6RDE*dK-UA=mDBnsXD7k1?nH=GT*L|cZCR$_62a~Kg$2L-qNzIzbohOFD#d9Uaoy` zgMxaGloT@#U7(iwCmh+Cc#2Rf(6$RCsu&pwYZ~OmG%^_=vjW8{2go_?!xuP;2*n%b zzI)?2m4)rsGI^p(HG-~hG&!QBC0=c1?6b6VI1kK@aGaFa)#;>qpu|kzu!%WjE4YnC zaFXy*qj!K-tc>eKqmJTRAg)KQ@3jwlvDH_0vTJCz3g|r!blkpY&mIq76EukoDiVU2 zKJ3%ZN$K0BQ4b&TGdS4Ur61jG`5oSkPynF;^m9WOlLwP&n%83V>;jw2n33ILR{Tz} z`|k~@U^%XdH8Do+De36QvDid78q#KW1_aa;sLvFEmGLnAF)!`X@D|wnPwnK|#xt4i z_)fncG$1~E&(cYCCVqRoi&o<~0G9M2Ru zSdNVOZ&UR0+21r>V^pFjjln)KH1AD~_cfm!U*#3ueR5_v9(Kw9+-vav)x*&?yKBiJepyQomCn|VYj~H2_OU)$?^8r``vR%u&^mdREMjPCT5Mb| zezsO}L&6%P=sleQqa_gue)g3YWB2RFR{mOEW4a`W^Y(7|M2klWNA`&QrxaIWdw2cs z?KOCH{zTdwUa=|D!w4i5mXYyvi|A~e`w1_9Q>T}cg4e_!H+ z4WPhQQ(`g#@#;ui6-MNgS!Qi4<;tBg{u&z&;xvwKmZ`jEv;;MpdaFkX$Yw9x9_7&L z9`iUeFaow?&_s(Yx{hwj3?c5ipt_J{bnRX16`b|BZOSbv(mH(g^R07xr|L<2JKtHH zIg@~h-weG>3b+}}I9V?NJB6y$=&5C9X6F6t18=aFdz5rMzms6Ip{V_t*ABa!W8I^8 zNNg}`A8hwOL9`zfjLh}-& zF>`+W$rkE2OY^!1`-XPE8u_V zLAq&ryYut&9|62SF?sz;Hzq66>cWM64Dm?Zt^;xS${uYt5UDwEYg@E(kw7S~h@!IA z2Z;$QOUt4=S>&?XmKH`}Wx`R=LU_yw`z}%X5AOpg-EFGep*i8hre(?rR|0Jo-NQZ} zN)I?Lm_ZTGj)+h`CNOke=ksCJmG0l*Ga}(XW2HZxo&?W1K{EP+_zg2p>E?3{E@MoG zu5-_{3Y;DBa|41g4jiokW5hUfW%x`37#?BnX_yZT35beff;eM4BGRq?^XJd(moMq< zA43c(L2*=n6cq!b2S20-m=JK=$z~FOYQ#8LN>bNK) zfz|m|P`2hdxJAhy;R+^ZQ(;lMm;+z?y3cy=zI|ux?FHp3(*0If_)H34mK`6g>+Uuk zmsa;96la*4wy;ZW#i4cH-{v+sv?Agd0i)olCwHdPPTz?oJyRJ-)m(SnmwLBID5r+l zrO_neS33ejLz_LqmQv)0d11!{^rt+oydemutD!{&Kx(C^5HiXp0TC#pAtZmhB^}S` zKdI$A+*sz>6WB^|+Z7}|RD$~BP1rMV&PNuuF7>3b*ze-H@s_5%IFzSXaJFao57!AY z|JRCL$uB6NkR+Wud$te2c5bRshappgg-{9XJ*$O*dS2SKYA3)<6uG-`f|ipreq30j zkp}LdFhV4iiiHem z>c=w)l}D-h=)uNU7f#}``!J0%u2O(BP`bJz3vSMJ{94UCKFo&^Fl|4uuIT`LTxB^2 zR(>zkVHc4-Z^qUa@91Q9!0;G0v`66Gl*je63CBLB=Sn#kz}>6(ebC4mR1kmXJk0=@6JVZ1*5BDZx~$8p znQyAB+z6f6gX5Ud?>rNE{`@(iB&LaDmyTOQSt;P@26pW;f_b1=llD)&_GHukm$l;- zxQu#5JdT@Syxu?~I97&}GX56W{J(T`bTS6;qW;c|Dv+>5T_{u{H`Ra0l!n_Lvz?2} zg&4(8bbu4S$B)iF4f0G(OgP(djBkcO1%}FzuPGV$-*k4eVJcCERCL6k{ZLD>%jh=D zh%?_CTgqYXubZH>0ql~h;$z&ZCEMl6Xg)B89Yr(0`KdEsJ$nib3UFCYVySEgzi#4s zO-;>Pv9bH;g*-!f2Z)CG(zclr@;OuRDrzWB<;%eBvbnS!x}KwpE%RYnFUt-QhM`@}V-X5+a9o);%VYR0%r zwakBqN}x*+-M=QGkI`K8s7-MofKB53(aaqI5G#*}SK`xq&dqBFf7mBP8=(Nemd3+@ zN>9H>Z&#fKrv1EM_TIvj8vvB5;`T+$OmdWvnL*}OF6x5({9a--54aSBU^<+I`X;~O zDVN2r#+R4Cz|+1!uPn=f?POm2k^tnIi3PYqBW*)AMA~q*+!(Hlr>gpvp3{Q<0Ueep ztQ6YeRV30h{LPykp3>3MuJQBp>-&Pr^P4qA$;Ve0F{VSu7;c5r6pUg0ME|Vn^_)|@ zBR?!tKf3+sIL@bi>6)kyOv(&lccq1@HP8Nuq1zSz_RHBeriAJ*p|QaIk$zOX8iTZm zU^z^o9S+*bDYe3TpbGrY)>cW^%+I0m0{+i({xCB^Vw4@YD zH};l!_Z+@6TIE4ONqIY%hKlM=FmE}3O%`=>p#9A4Teo)P9*p>I7yUa34sZN7w;X|i z@m?@tFb8i&T<^O3 z4}+KQc*BK_(=thphg2TE0CR*fgE+F#CvMq8cbjbcB|pdUJm?xU(B1UWadBaU&^erm zBl9Iy@3sA4;Eg$Geh7`8vI;HOkWV|qU;wy?p*DTrgHJM~(_prg$GNI-!sYXBdRtT@5G*iaE-RRnjb|KMR0Y^U&CrjeZxoU1U_=*OHy&m$;Mj0~5+=uihBp^eKaa7=&aQ>DJ!apHj~jMoF# zqf99D1CsV%o}3ncOa&HHmLsAizVLN)G>x3H!9hbuXL#3`oBs5-W@13!H;1Z8Rk0n% zU(g-PJj88Y!mx9Nkha49_`Z+u8N`R?kWO1zaI@oF2bWmJ99+JKH8tsL(=&e8MF&jN z@t{1;tv%!!dHZ(a>D>XxU}wcyXTQEV3~0IGFXVfL_Fd+ILmo~rk0rEW-cK={3!4>` zq+fC=**%g^PrOKR{EpZSh!!rma*K?UZd=0`JWNPJ5>)$N&3=bZtwF|W_Gg!#^jV(g zNL4&O{GT2U0IcIlxFq^9@uSqg^BTjhP#*RN(a}c+X+20Da4we7G|4rM)9n7S?rbR@y)#CtpUmJu-qMJ|}C~MrYSsM}@te3s5OBgCaoGN71+O)`V zK9sC9t-bg-1%amZg&^^LG5AEDdTZ8akc0ItTA>OCDCEgQ$r+BH?bgSc)V?;@8E|S* zZ!8~pigK8~@8?g!X1R2|wCvMw*H(Ok#%A=wiW*bNq~kF)(|qtK6Y3jzJQ#E7BgH&` zPl0d^WeflsbIJW+B*6>w$Tb8i3=Y)zJNv?7wqN|yVop<;Z_nWr-TfHAVuHdDJh)M* zvTiGz4B_XMN=>lttYL#Vof{DhBJk88gP;9xntt=&)U^dBP$(D1wxPIed?FofxNhDdzkM6>lhj4NIKla`;tjV-(7Y#CsBh48rC}0U7 zBA_U}IXWtlDxgS5jUqMl4#7cSEVM+r5YQl^Qlv@^$^Zrgl-`T<-U*>3`+C56zx955 zAIIK5*80A^)-m~^@bKg*_kG=0J+Jew#{B+_1Zic2rDG=-SET7%2eL$;iu1^o7@5bh%(Ry zf+hg8(?=TFkn$rm*cet+pF^=q^qke{0Yw2sj;H%qU{=-VfgNEWJDL zl92wIx52w0oO%daxZhhN_S^%IDtpCEu@65bjoMlOo4@izBk*}B@RuN^3gkN=4#!TP z*1nHS95l&o2mN&kc#6J4GaT{~fJ*1hxQ4(oyX0~_W>0~fK#H#%L_XQ^*I!CRl$7`Y z)m{eL5`j%SPqc9AXP8Eqwn9Jw4sGL#d%MUS08M0l*FQAz;sBL^0QI3$>Q9Id`ax75 zr<+B~Dkuy9GtI9dc*yPoR7F&=RwTm(EO019vbVs6f1JJ{?qF}fJ0$qeKee4>EubR= z3gt+@-j_HTt+zBg`Y$GLfkotT^Z81oh@wMuq)oQ_!xFc4o`mQx*Y2RNF6eG4gRHLgdWp6UlrzcSFJ8EC&TgA8+}{`4bW^=wbmZeCN-Dw0+LVd7ob2pu z2k3Wz;y*P1>;Vde{nb!yC(ZoTTzv4w$F74eV-4HEG=7=`I0j7Rfrsf22+%^y_8 z9fW!>J2)r@>aIfu`5aU-dk1!{`MiXDo|^4mA|(F7;`1FJ2(&xSvN}{&8_R zH>q}`52VH4#47^nkO@wYgP<50>SRYiJ?fnNQI?M^NMb+oA1Q-lWe`mw=y&kd$gR76 z{`n(tmw>Of9dYa+Hnj((?eEWuAjl&lcSKx8>cUWW?St!n@L7{a(s`f?(Sm}QAqnsg z;k<{!U#Fnq1R&EFp>i{?C=R$g5P&Mkoj;rpy9d1?nMm`qVeVBcKBx&I`8fn?AQ|ur z2J#En6ZRzP=;})Owiy}$9P8V-JHXEXeEYlmogfJ8p_hjRxKe%tP!;)AOINASA)p5Q z2oHmxjEd`uUV(Ae2~GgBUk>&TvRzNTGlD%ZnwphhE8lz3>;QweA3`1!3P@)9rFvZ; zD$$vP63Xw0b7b=j*8E4%A@-|_mWp1>93YDx>8YSaEgOXpY!}Sg{pL6O4D;dlTNATv)pra1r1r{Zmt7hi3)`{2>Vg?4KOqFEZ(#&~*o(&0t_5Q`MjV+d}dU z4IfC>{sslCStRBD9ICC`QOK(e4;QGE<^s4pEjA!R4`SjmDc`jz8Aw(kL_IhqHlQWF z1^6SR!U-7S7CX*o!8P#E@_VX}Y}MKz?+edYK9}xL)rCPH^vp zi#I!wp+O{#*ApR2fkg$~^J*t7fHDJtC|Na~a0YH3P^BC7XCO=~hf-ZmLf6JCP@z^$ zPfej)*5KyNKFD)ETjkiz%exCC;0sAbrC!704}X6|DS&Y89C`7_MORin6%~~nh$wog zvk>JRRPsCrwH)$1j}Bn{6qS@9$3L2H_YCpp0cU`qp>#Yz{JsL#CiO?N^}mCPUZXOz zvOd9^LOC$GEf)F$z$OOw2(QINM%bCtlsFo40{dL z!bC78hE;%FRR6$o(EZzem^Xh&{+lBM-13eGa8V0SF>qHf-1ZYKV#tgDVE!7G_}J|l zDE;Kv4=e~O6aid=lOG5c<}f(vb+p60d-nJvsdVVz`T$X#xbX)+B=yBRN;#?b`pCWv zoz&BggQ}oG4kEqx08bA~NZ^7M423M{b>)E9^^%LY)@k_$bUpaje$YN}704?3vj~J|)u{!(@V@_+AcsH_QV4$m zIEnQ7)@CaygyiFHO(c)a0H~XW${R|KWTr2hVK(Mp&^1RS15db-%x;d&a z$-Z%`iXtidZ}xxRZkVI<;2FOMpXy@Nv05lTuKcFiSApII>4^`}PzmWMq`?SaRJ#HC z0(!I$dc$_zP|LUqDi-Hk*d!vK^xX1m=vT16KJAN0AX+WWphsp4j@pePqivY z1?&y97$QjE)ODnO1rh>n3x6P8OwMBsC&0Eqnj=vsH4GR6fSn4$eJF_&xCx@8klp+p zR82B(J-j+}E&U0Zgilc8gT|OlK!8I+FFZDOb$%qO@u2=e{!#H!AY1quTD8V1$05D` z9q|IMFS$a{TLDZ5nRlwVP!g|xM##&M9w!h`D8lZ7iU-sMks|y7apN+GBgu{cveSFi zK>af&HugKfFsr~7OKzc7S2wgzkfGi0HN^HU4q(ErVP7VL3b+Lr?}mxdt5A7FcrnIY zfb=;NDwEq!HUtBH3MouIw%z?wCzUMC*nKTUlW(l`Gdx}<=-PmjCyS9x6bJ7)RoR~U zdTvPArrsb{L20~yZ0r%_^LLJHH$7Lw2TfL1!CeUZRB!6bjFXeJV5F)idAGU`MqXzE z#%utJ!JokQOxC`u7Y4GF1koYn2YxX{D%_xfEcTWL;9|9^Apw|@qFEwYLL=5erauLw9&`hyQvpt%t6OrqMq3|&dPQQq4t zfOOQD##SP06gmoDK!Wh#ncF{sR3tAv|2?n?=)b@%)R6TBcr8%6JX~ZQL_x+W7y%?{ zV9`^M^Wy@zA+SRw9h-oh-O&>#RKs&sjl+*!(uP4ZE_VO+HTk}nxHuQ$1Ar-a&MJj$ zKES$O6LYB_KxPM?NR+y_dz*$qJH{OV3S4-PSoQ8gDVY6NHrKYRgHO2E5+yzgAj70l zmyX>~{X{{z=3>;GCP4Eq0=~>)^y|^26;QU2&}9Q~MC(Z;DFBUr5=al_GyNze!vIoy z>1{LwOpu@BVBNuiV4k67d%O{-!%}yc_f;sBLIGvpDov!Y1=6kXzU5!V0{4H7M7T^jzNe6lO`MJPimJFjCWGpN!zQjtY zS#iQVBF_jV(_Pmutu7BmnY{qj4Mm~7Ezmx8F-rT$(oApfS3zx-c?4ngVfbf=JrUG8 z)VDq%-83J;-~0GxR|2fVEhN+ECEzCL14hPC$%h3+MdeU2`g*tcEXdJzC#Sh~QDl8U zN-y{E`<$GIKtBS-fq;eaKY*PQobcQbuLIME;0bC+XJ*0~E~8&ReihtpYO{O}EY-y* zKxM+`C%=CeEToSD>2rm`#FwwhJI?}77(Bvaf*V++`@N+lJqy47G6czK$rX47B=<0u zi?pa9TqzIUeBKRNP9)0?6~oT2$zgxUyH4(eMxl#Q*Al_NM+JXdNk`-U=LY3{I;<%g!69w(rXLpp0g=aG9H0hflXY5*QT>v23uh1?$` zAEcalW;kH{-QC?)(-7qTQE_o-MT4};zSs4v&}aueSqa+5XNv55KSOKI9%0QUHSxX* zmq&+K4ywTS!0*1AAqViKIk5C)R4OLJgFOqB>PzUvgL&IbgzZHATOw>18N4i{q2Th` z>=_jB4zhyn^sH$GoHx>b4sCi(Mw-W76hlp}57z$$NapM_%7*TaXrOUUBFWwaM5RGL zpilzdzI_WK8UQt(@m!Y7#O(L)KZ3vH9`b^T*f5Yly(6)HU)?J_i!@H{J<0|l22aU;SY%WC@Mfm^0-r5Dm(9fRPlnZ+|{ zZj`ldIbdUDE3Sh)#(XKQ1Xnfz9G;8MP+Jt9dsACWrd{asQIzMv&#=ERLYYU-5vxq6 zYH?L_S|gN_P7n?WV*tk<4m(h=Wc>U!o?ZOI5y+45hW#uLjH_NwK%^Qc@A;?vaP*xl z=uUxk{`PCyS1lkdf2TM`CeG9A@xIzA+_b1WA#y?j^v_pzbytR6Gc`?sXqLZ;x0kV;zwq@U_tI*y zTk!y20kE*0bsYTc|E5&defbQr`VQw^T~M?jA>3>{ zKp&dmQ=$BRoBNVHu(vtZh~*FNA+7x7x5F76rFf`iaa1oJTI~fHKxSa1T!1l~sOfs! z99k-efIYYx{=nXS_2aY1$YJ=EchNHbu;)opQ72%$90YVRe^X%)pX*Ja7!EY{7>d{^ zb%k+2*zd?WIXS(pP>XU$#9;X09!*sOs4l0ke|+GB`5S66!qtkTJeN##sRK$%W7u58 zi{bk&HI)i+`i`7o1|Sy1+`1gD0Es1A$?`|fdaoWL!XF-BcjxoU6UxdHf8W<1ms-t8 zkdLLU!saQ%L+rqPo~V9wX7s~ANDWj)&O+wM*8q2-7zf0Gk>EITw&e@}mo9q7y-I;F zxvEg^bvuI#Vc+XnNT6}t4@NlW<9nRMB_!%$096vDxGzJC7T|`TAF#fJEjlqN(fgz@Cts$2*>MXDgz->V~RFH-)UDoSIJUvl#x{< zUc)KVHT!s052z*{36~|ldH3#174Qps4~d%bXd#Q^fHVL$Kk}=YQMAc#L9(1 zVq#d$Y*h!Ypqt4roAVS%=JLB;jeuT}aZB6RHy(;gbYRk@6$4))eN9!g5?`OEl!%yE?LK{D2W@MF=Gp*Sa7cAZL(g;_frj`l zC@@w=Q5j@5boKS46lRLgBK*~@xj~?#AVH-CBnTnEpXO^q+nB-QL0val_WrS*{juj` zQKfv~$nj4&SE>SXM_)`)iHB$N$yn(^_5q-Il`!UEPo0w(N5G_vfP7ql#9Ai~;oThs z%1G}Jx#4JEBiNcIk+O4(YQF5~_ae&SVmSq|2|@!7!zFV2hw=kOSu4wY#-Ywo-Pz2aLmjFncbs1>p-$0AP`FJP2GQve3-v)%uPfw;#Z+%rZ&@fk&_3V&Vx<;7X z+|X!T%vj3UTu%r!@0vn8XnaYq!jQ$5z^^uv9GM%mksy`zTcC{vhF~lFhGyqcqv*S#{V+9dE}pW* z)ug5*bkukAw*g_YzH8iZplQt$TN=$*0zwR@#@6AG;LPqDz=7RxIu>0vL{v22?_rP;4 z0AA&VDI8t_P=IDodZCRwyW73PA<+G6i;4WdGkWk5xi6=kc03a9n*RuJ0!8pt_tulNi@ zWxOs$c`3CtPr*FTuDio>O)A4fgRx}Blme6%4))fWhbt_)rvVP6cp-k~3%tIe-pmv% zmC5?d_zf4C-N>>*X`hDhxb}FcA_3VtBTm}38ZnN@9yAa~SXx`xK#iA(2LGciAr!zN z77+EuoU_yco~-9kJiR;Kl?ZjDkbisB`&yXFFEUm1nVcUcl;9Hag zssxxq$&lS+ z!l*=$V1E&y3f2Tn4FeePv2c-g$oINVwuM8+4tD+`LtW|$zXvu%e*87UNeuQDc~gMr zM?xYF{F*!nY?axTAY9GuwG1uEg-lKH>?d{~`Fsfq>tZEHLR1jH=Lx8YsKZTs={07< zq4@QIgx+gF7!iXE9#B2<024V-KtzMiJp=FMs3|{2_NA{P;}xnnuZk#O#Cn6f;7f!& z$cPqxRTqXrB^jb%*f;C~bgIX|^Fnv#$t#B)eh*Pz9Yr1%Tt#C<_?|mfi^Rygy!k4@ zIz2Sw1C>p8e&B;ewo&k6_;f?E03JUAWa6+()3un>w=N*h0$z;;crYGQ)@GeEjS_2b z;9iIjflet!c9l{$GV1gV6$KjtAX&uYL)QAlwXf-Lp4nPQtLM7k1H^w~m9ND?&Ca9m z0UPXY6iO~A@Ti|T1f`_Uw}SX0kB7+KuBQ=TCxquNEe0jAj-8E^2?ArS-SG&pD^U?w z8rfS0SsLMxbWmKI%=Q57)!5P!iL5`QqXHZpaPA96Xm1BX6vW|HHK1@2(PEidxC=V^ zHe7==*dHXI2?@>wVCF=I6($-HVwyKo1)j9!ShW4U?bvxBaRFrT!>I;D$@tS)6PE8lP%lSDS;M}#XNHu5W6%^#qw#uW@-rA`M39bTR=sH zA(8{;p&rVUv9L&lkRgGrk`C;qH{wP{oE&KVjsgDx(HW*2T|Q&UQHARzcg+BVU9!5C z2x1P&b>Gm?nNfg(*CVdahOZr1KHv(!vbi(?$~m)`??gE4@YgS1j25su*^U5t;%@8x z40>QgYf@xS!pux&6CZu<+7UG@HlkNJT;|5b1Q zU;W1a`^m>YBlN%BlKww>%0xt*Sy3688*Z329C5jp`eZ6#dTYm96soWJmY#=>yflxG zagxHAaGV={U78xQjfQN)dpPzg@oD#lgYyF~mQi)o!4t(6rQwR%()5i`VlVUc*Y3X+ zQ1NQSb@Wh*P==gR%&I=MKO$iIH5)^putr#yr5@itjqE|_?&5iopi3+krYh{}Vn5x) z*$HlS-31vIj%)SlYQBr#25HReqrkVa^$ASxe@WOgLDXf4i16u;+AY67ON~V{&rE0FX~v>E*+bP2Oi> zvJ%UJ6(a^qFbuN?Ysg|hi+=4xPtQKcoCFA}1Qf?&|*gny8XF9i#c6Dz<{xUg~g~-|hS)@F*@m zM4dh@>zcE_@b4K!d0Ky+q2K2j^hB;-B6ysYg9~2DUUB9-2XX{HWk)UG6#G!bCTdUq z1jBO_#laCGeZXS#&+reIoIfwhPOU-t&n4v0>V?ZY4jx8k{GfE!SH8c``f5~uW$)&V z{f;f@BppHp?)?9i-|>I6lKMZ>Rs3H&WjZ>eTYB8|mUY&2KX$4TyOBW{uEk8`p^p>i z&tRILkypvs{zJs^dH>gqvG0737_8Z6_3L96^2kcmXgJ{^c{rzAifhK}5$7RdWe~Aa z1GC_Ssi~2=EF7_iFrJF(mcvXv^mpfD%UsT;UYelUMJ2@M7{?v{61AnU4i*}=2wS%b z1y2xPy&@+|wKtSb@Ty(9u45A4)FQYr!r!&@XA38FJc8O0HDQC%iG8LobiJ9nPRE#- z=zJU5MlH;xc2r`0bQ`*!=ad@1ysaNRUO@d+NG^=J6nR4!PkA5e6Rb6DiLqL92kkRE ze%c1YCn}a^t-A4O zc1nxC{7d3?c0%BSmxF)xGPavW5Dcc$WN4Gm#!>`pl*5`rCM?4fEIp2-mMVGVl`C(q z{lqF$ysl$|l)v6PG3qUUJ$BUSlUKP=DlFpv-qGVfQ1wMU@|4>C+NrxqE#xF+gJPj} zN56||DQLADLQlMOUkVx&oHJ+$vl*wdi)ait33I9u-()33yv|UKRPpK?SXKj9>2Vhs zt+lW4XY-v0O@B-%0lR@0YHmeGNiCmVk3%aEW@LnxFWyJ#ShVWeq>U z)IKIBvjycV#(rT2VSA#y_!%0II@0V}uBT>cD5;G2C8+IBA3eNjdBBdO@7y#-O#sf1uM<;}S@p>_Nc*h=$-}zEn&76lCU+{dti{=+GsOJ7DOe=uW~g zNzfYKCTCnUWIxXz_Zcx95Egd9sapw6LNCv}al;2?gSG6EDy8KT zETawET|`LdpX_nglBCsSaCC)`o;Q_>r^XQUo?^0&ThgyLtk^fSC0))#>-Rp_^Hq%L zf%P=5L;x1i~y%K&i$`X-2k5t4{AvO)a$a4V3%0;Tq6uz<6z2+1>;;gE^% z52r8#vE=mk3&h?7#u4v)@5ls53pO*K+f1IO(>~P@B1UF*F{a;+G0_Y9=+F}H_0NNW z6U2%=g*Tb{m?@PR&TdUP5reEF2JW|8#iW$Nn$lFIU3ZRa%1KzRnz#NokkB?OfT@i& zk;#0fsWFVxXj%7c9l5HdVVK^{wBB?;2A5<6g-y!ORMIh{P?Za_Sb9JdE2+% z8(YMFBVZj&T3dMyWzb75)Yz)!Y0>zYcfDbHZn|#@j;0pAxOm>p+p&DyWQo?=+Hr~c zX^1cVfQA--TUe8`LwNFC7oCLzMH!d~A&X`~wJ5ZcXwm)GVwT3wo4O0@rBd-)H(Fg5 zE=Z%BGqg6%dI<)Po-+wD_}Q{@$(%$#|T zovTh)(`yoZo1sxzudbZ0Y(UA1o1K~F&8;CcN4fTtxZb6;k{dec3;V>IKwf-~Y~@q- z2E-PU>49Y5tM&D%KKhO=pG!KYRMe!M_dU1OxWV{PzTAejoO+Nld80%ul~nAu)*eJ` zu6ObArhmbfXOa7Zl}LR?bCu-jHZFxcba0%f`+RAh(38j+PWezdDFaWdhP;<+jmU~Z zp$he4-q~Jl5z{#7<;g-mX<*#x(Yk84tt>5=I?mO4rP4V1RJ>Q8q)QD!F4-%eLOIp` zwRTQQjX2DS@o{_kC+%91tlZm+!OKh3z`XQOob}lHc>_e(CQ58&aQt3;gYA8nqd|Dw z9lc%AVx7zQ`!%6N7rqObjlI!d_?ojNmqyTD(_?Mn@78b8s-l+cyF-Sj_jud2H>^n! zuv3q*^b9xLQ%t1K>C}S}IWBXXTNQ))3pX|UjCnKS`k|6QPEMV;)0(C!Z^|EI*1Pen zU+E-qHRQK}DnfI&pkHH9lum@68^>Ippjes-e|%)f0A7t)&0hj(dcV3K&w0_1{<*Hx zM9Icyqmo=w?mCsKlyOb&Z0fYOMR_POGM#&dm=(^ZJbd1eUv*qTQ4ar+jTkUMu#sUo zxH*sqz3-OnEKQ$~<#Sh;#M{-^r^WZm-S28^TX6Dv<4tO^mtpm5>}a4DKKr>0RD;=% zbXHJKi;qy}ji)_KhY5W1tvgtqv$+Q@38AIWh@i3H~ zVU+XP#C)w~AF+Mi591UxP~uwE8c05G_54~eq+QV(^-GQqrfshBD*W^e46~D0cu)7N z0QEa*y60fbsY1n=&Kke7TMt9AQfo<{$W#)FQE_7iCNu*Zv@S7jw7jnXOtw zSLkuSxI@GxzHQYJxhBR$&jRnNpUZ5i4FQ;`F7g{m5ecC7o&(dv4kK zHV;I&f;@|b;xOuIwV|@=CxNo@p^F$apjMaIi&Tx*Ok3bE8%0wQckP?b97g}E4%TA*u12-s67>uxlXQW+)Cv*tN;htR;)nP%ig zsbu89!x>WCikuy@$ghHgaT@!@w4|rGWDu=E&tr_SZ$4~dy&MVwtoLJIYNyWg{Z#d#RO`DzE%cPg0r$+1XAcuCB_23U#F&N&K#p%nzpRe0@Ie$_?37!kV6rw~txt z3)Yx%{T7Ph6`!FGnr}Xi--E0|<${;xi@n*A=%wz5_c}Y|aZyYCx9dtrCX4Qw<)mqi z?|1tkB&BSSw^-&M5S6C&X1^fkAwu;y`OV4HH|i%(x|*d}sTmp)I46iM!Bl^~(i`oB zu4_@x(lmIjxEWG#n;`K`2NKoyb>28@cDY0sM;vUZA=10MEWhQg-3bjhIouY{AL!_1 zIW# z=0le?pW0#UEt9PG<@dj<=?g80dfMB0=ujk6RmyI;u)A%{1U6%QeCGRVjuShHLrc_k zPE6W_3aouBr^F9&RBDNB>WzNaUhLNTd^@K6%e0nP1*f1-Oi$4U%6hqBe2BVFrKd=V zk%P50;coR2H~4VO!<9C?xIhSON@5wcfDDjVu4#{I$k{f z`MYBB!o=1hJ7}XJN~G&g`uJH^3fJ&@NuP1+&9pOnMVt20B(avIQD1am>36)`YKs*O zy!=Ee+1|dBx4ilMnQL4AEtdvGKPm9hz6<@ZtrR#tj$lOUD6(FiB+vOPag>HkdmB$I zi-%6?Ohh88pWa_$cD#KbBdrKOW0(xYnfNF~`sjxk#|_pSyAK^F3N9(BARZq0$w$tm zsar{?EpvR~BX)g_ZW6e^IAb@oFWx^REv;lGsZlN&bIB|rp-^GnYof9QI-z3ENpsYd z-+Vhkh~+Z-bNLnaqQIxkwd%j61GT#hiI+%M?KawbOklNEu9DffpY|pzrjDL|pATBA zbM3NWzDrN~!N!{Hgm*n=E3^)*9e4R(wptJu<xtfx7g}c9%4*l1H%_4J)w1r}IZpU{xoH@LolBprkV^Hx9;4@WswMJVKF1B%H#xEG z+1|oUKgdr!S7=E_sD>85ZbZ^sz88O{h_y_?)iy6*s21bt(2I#BO%$6*rOR-l->SsH zl*$w<+;hxY?I7o+$dGKb_Dg^o@#W-+*PBv}>~8dTazocDEZgO&M4js*K68;Jk1vw* zqB6G1AO}07&!Kbm(eg`nVD;?@c>?jkT*uG?}&P-+iBNy>vi`LFiiaAzTI-JoLi-+PT1N>T#iaZw}00EPIu(ceR9 z&-M$zwKtsY=WsU&0m_xZzv4EkJzsM} zvT-4@C{$XmUFt*pms~GOo>Z#`k2OJE-Ol-5R0X;HrT~*4FKS5=(1y^wl|YY!H*}X& zR(xFn596Qb_I1nXt*Dp@){=yya4uXv%q!HcUbNP#<3j&&%pEj+mZ4c{=1s`KN2@Pq z5@#kU>G=ED@rWv8dl@;rxZH+7{6)49p|nP&>BH+M)`%_1wx(V(F{=)aL%x40I-fJ} zoS;&4k#|R#yIGPjuX;45d+n%S`v-MIEkl&)7Fy?swUYDw+4$d#tCCxC8#VDL@TN8E~QNZH~Ph~vaMZ_S(@+FJ)G;(F_Pu0QL@sBGs z9I=J#FA9c$L!T8ctjs5zO~VeIi4tR+lv}%Np}43cxiK$vpi85UlCR8ATD;oeOIZ1# z>B>4%KrAde74|TNFhYcwf%yKZ8fwh)fJB@UalLRtBRwdNIw({$oPG+eOXU8GGD2wK zs-UPn38gR>Pq0T3Vrop-E)!zL_-=yZJ=^pvELHfh<~ts@ER8cBdyLmA4bSlnvzhm< zjMO+sXuT{y(7UeNuzo$O_#>U2gbogs=gvZ77J{g4m-nn|IWCtBF5+Fe_!3k*m|;&J zZKcrtQuHSDBwdn38A_2~a*3(_3JUdK6sSq*b8NMPHeL%ZN(XBbLM4O0&ApksGu1>ze#Ls z+pg?;29O9lN_N3JB)&L=85p59r&qg$#aulQ~?1mZqkSy)XAN9^~iy z+=x<3H+H;=8sTMKp7fI1V5E?fEeSWBwOQ-&qK1=}EVCleYpdrDpuWCcP9;0s+E60i z$q*dqEdF-d`?Q>sG*5RQEp2R&O(0#xbuu^C-p%G5k11yV2(i6=u(h?7KQU}+9V@OBlX+Y|}7%f|GeQFg}abz*`k8LlBdu6L&_&Q|qay_X`x*qHZjC@o;L z#ZOR&xCMNCB_a=Tvz1K9an zy09=eZlf^#4po977(;pX)Xq)qHWcV$ZnK#q-!|9hRSEw>A>=4y?x{eM2K^+Ts6Zox zhhrBNs4HsJ#kbT!c7Ib?!SE>)mwc`suf>}}Xm7`+M;IHaM%oFv1royjscknU< z3p^S+!o+?R{rfEQx1~}YRn)*WStJf9bKMw&FmdwNZRUw8%c~<>p(uDZsg13h#=Fll zF`Q-f;{Ur%-gBa;lD!as@ErL(+v*qFCUEJl@{rzvx`|ne? z{=b?1|M9K<{cHbd!maW6M-y(1!#|qv$NKp1)P(nDkajN-# znHZisaR-mYj5$AwkiNM0lbv$i<5&l@(tV(#U3UW@~K5 z|J-5zW0ZdU_xd>Rf6mE--2cxh82J}J;0yoy?*GyY$+XI&{7!ulx{{zZ%q8T6k60hQ z?>LMj3h<@6U{PhwD=}v3yf}>SJ*S3wQA|xYb@+nAyPk~|0pd%1?D~e8kW;UQW*s_3 z3!TE0rc+Z5udt!s={3H(&DD@2V#x?4k|+x8i`G|qV60hfN>ZoQh&(6$h2^XvHWl*S(q8`_)`MRGlkiFr3 z&vAIhijN1Csl!=YQA~EYGq2V8*n=w3Ma*G%rX4qW#gw2jBL>Y0`ozO(j^EeuEPjV- zR?+!rdH~vp&=pTUPW8w5<^?*4wLU`M5g8W5M+|ZFC} zSVAd!!s>8M#rhpW3Q^ICF@q`_Upk9n1fjKr=ycwyZSSu0`aS4a`B*ww@AWu^xeaAq z6(~l<%j+oizcO7fpP)XO(HN!}O{k*$tP1HP1TUs-)=;?Nm8{V!W?1p!&G{0QRCtv0 z*Gt6c5loQ+Fa5chrM@mLfvdOg`a}v`>(u^G6w10@V}gLE z;|OL9oHZZDanOiLQqi%=V?njNS{5dlZEOtMGRb)kUwmZfbzV>6i13w03C86Hx##B? z7i!&-+6AMdeOM?nCYV-HfjR@?3as2?MuI2O&RN}JT)p?4b2QH13 zr6nxRiVu|;_&i#bF@xV%OF^Bli`OvqHk;D?px|?io;?){!u^7>k~ZjNmR8$=OAt#~ ze@j1rQhh8(b#rUB+n}tx9yUWI-k&yixDzI0-3)apH0AosTo%98`EoS#E@6+9A+tzC zntmTDbv^3y572DZd^(Nh@7Hq5A$1D2+YrQ@T3A@1sobw{A8&fO>7FA{S8%vXePWBYNlVnAnC|O52~y zKSEfa;C;uAYRXqpebK`Dnv1jSyvurDJyF1i(sB)jS{e?@5K>Xp>z2aLzZ@JT-Eh-D zB{DV!_2xHldid_+cQzjZ-+Rd9kTqNqcaOZ|31jBk@9e1JX3{J7@1|0Gs<+F}p%S}j zgmsTJe^kp(n=Y!bICx#kU}y>Dcc?rLv#jr-QLl#bQwtYHH7Btgd>uleIqpDxc=$#J?Iqv=6)8+Ev#PBZD2o|h7;ukuVubt@~%?r>u+7wYD5Sg6eo_tIN_ zfuR}~W`DbR%2Bw=I7Z58`-}t1uO`(qy)Wixl)XrE-5$lW$n_IYdO@(5>_w#N{Tk94&gUIC;_j}|N$RG9~^1!(1iwQv2M z4EbS9U4GxHz5dI#qMCl;Ec=h&ke{@#z$^dTq4Rv-{&Vu=p9}pnM*k)w|MTQ1JkAmk_mnbmjOQB5fU1Juz6*!A4orjkmeF9}yQNn*o-ViWZvf<}b&eBo|4v_^y>Z3sJQ zF6rUhP0xN(puHAJo=6~%Okp|;cb(daYN8OSD<83w=OsPP#mJj_1L8#5(ni%Vme>-E zSsNx#Oq189$+_D+K0#%4^y5OkWyk?iGHj@IGZrVT9#&d!3}0pzzOk`vbddevn@4^F7+YUMdpIp_3<0$~boP_k6IP>NXH9?$caG$^qg z-eNqyX)DL>6@ahoDR9+QDcV?L<8zm~}@Hz9T431-KPmSOsBrNltb{e(E) zx7jUkwSwzwZx0`;;X1zl#-BUxc zZJeT}R}o6ZM2)#$r?Jrlnd^-4cT4_0)cm41+55E}q^N2)%xzAzGvbr)@cQ-dSb$r= z_Ig*Jh@t5*C)2j;bs0-ahH-ERvPCXj82Y0UYvh(?t>0jh6c~r*>5N%azJB8lL?Cwd z-~v@$H_kXteQ+|JO|RiE`z-4t9*nQm)1A(^EGPX2{SSp5tp!x9xxQqMTa1)Y93kNW zHd8G+sMq*`-V?)Yr0AQsh#G|FR}%!(e3$NEm^Bp*%R|wga$~DE zvo-)I!O(bIe_weql{_=FuW}cvsl;$lQ1r~2V*@Q-6wi(NFsBi^Ppf9FHswYefRIv% ztX>4>o8uyr@5+iI+OdhE?Tlx37OJLXahME-s2?t!9kp7 zTCD>w_ zwMFOjIQj}V=~5TxuvS7bvV}PY?u_6;e-cJWoz&)dG;}X! z+2?&2UJ<2^S_@VPS`fR7pi3IV9Dd6*126iK;gF!HgW{N%xB=DF228o7<7p8^hq-&5 z8b-vr5OSKBr4s4>7Y*UYM(SU`OX?clag_I9q>`OZ^6+8g)4vZ@ceyt-#wkkt%;G0y zX{RXSEW9Ss;M4g*WNcEsqmz)=vd~M?xR*ktJ{ml4An9};*U%ip5h|!;t8e(B&AGU! zxc`HkM`GAs`6qO3HC=~V>KxYjoSfdTBS{j1-BZ*RO(`K%*)i}E%8X8ZF)pUNO>`1X zxCOi2j2Zo(7AL5Et%M~1Czpg%LWN4S1jR_|yF_0fj#;_UkS!b|BJ#UOUlJPDZp1W} z8`b5mDYS9Gl3`ma)=uvs)27KT-N`tTLc&w;vpnwa(InaHr>tyO-6ic?@3!=WIrm0z znB6~SN>ZHH&Uzb`V}`9wSR+0tz?!?wKk|PvuttgG=#5%5sknRsb>4@kJKo#=g-xcM z$6^w8WCODnSkvV#$>VjVeW^D2lJMFxx|@^Qwp^o#YmerbQ7tSDJA8HiyhQ^=X{^Wb z(F{(_GhaA6L#V_|HGz`ZlZx$oiH_Z0{CTsiw<=>+MPF*!se|_=Plrv)Wy&gM%ZMzZ_q?PI*-6NpiC&ykzjxJD z)uWG!_NSKSPsT#D7j8PY9En07=pDf|GqNz5;HT6^^9@g@DU$dy^6`MqsvzA za)rK-+}nc%gY8+vy7jLM%-Ee{LGl$3XLnz!<4x!6Tx^W4O=;3oqq+=3+~`sqGm973$zdk=*$ZBFvEd&~{@lB_gbLxi;KM0phAIYNzZ z9YvXIAP)1XGjp}yMck74H|*z{3L{E)TT)bbyiT?2NxDv&XF2h3o@Uh&7Vy05a3HtR zh+yG6;(geHSg@~h8?2LIF0?|;V}tyCg!kO&s7}45+lJGsmr3gUH_as7kB#*bPZ>{F zx?q@9FzU`?wCG}&iaqqJJ=^cjOVQa;U0;VEdt9`vRb7auw(Y^RM)2BH=b~8;w4cU~ z7GURh<>&Phoo$W#9o+=G^Tkc9$N#DxhNx3Deo!zf`!sR!*K~1G7V~DF zajoU3gm*ouDKn9t&V$~{nV$+eyom3UvN~Evi1GSXUu>_gRz2pdGN}=>vAnvvR%4}J zIVABz(Yyew7*KKG7$z$>jHBCWNjDF?0T*$;&V^vn10jpbIqvcr3scn56e2^Rj{C%J z(0sR6tf}f$mw_qjXEwsna(|?C$8!$6`PlT_SqY)?sto&q!Uzh7Rf&?N1Yfk;J$+d= zl(vdc6`>^M>W&s+e+5E_i@sccAU08=Ape%b=;9%2`dyn?SE&xQJtyj~qxu4G&^)Ly z*pU$;>xfgxu)>p+UuEJ8J_&)w=CrtVil-~zc`_W*0?N8V6f+&BKN%~+NQ^LU&npz*;vLI=E^ zT4X`lsh>P}x&S zWVZm}xzdVAZ0m+vP^GErs|<&ZCow0xg-VZF+LjLLv-o+svJMK~F~cM%c`|PMNM;VK zFFeoo#G%Y{dH7CteqMTj?c! zq6jKEs}wm(&V}tkUM0yc$xujBBoWXervjw~w6?ANS8U z?zrQ=dpH=5s=aIPz1CdMob#E_T8nh>dtJZSFDwy#?rXV|H$m6CV-BqoQ|p#9G4#FE zt5Q;SQT>T3iQ>;PN(QRO=L{rIKrXK1Ub4Y|;hvwTHy*;awh3=l3GTuJ`JCvSRx!El zvV&Ld8$jG{3Mz~B09VX0QtiEqXHKk@OjGTgA{_cak-=StNF-gVW z8CLnC)h%^EcPG3S8yir5s>^|15`7BP>#Q%fM_E2dUYdJgHwuF1Rvj2{X{2&AswFH{mP{YS6vX~)% z3{{fKCVfXUv|Gf6o#X;gsiHL=Bk(7;v!KfjSqXN+1F-=n1x_eTB`VSqThb+BS8D9E zgi=mj2=$=1h(=zSS`&qy*UqU(rDAu9mTJenu#U36wvqRaL35pNugTsD{$S%nHLRW- zFwMJ2U$RhvY2s7WLRXiIdp91C_6(6SPw_bSu&5hnpz4G^9~;?nRayw;$AZ;< z+>T7-3+Ppvo`FcNuwZN^#xb|n4ff^vaN1oYSrHJF`@Kf8<`&PpGkpC_Ja&^hNjdT| zsrn+0VoE@b9-GvcV&r1S4Q#UdTQqui$?5j4?qBzPsFadF+1+#p2S6aT0EH-~s==h& zsy)Y`qSjDZ>slGiRccKQ8SCqzPgJiBRQDtONf5-Gu)SDAQJ@c*ykW3Jyhu}{Y}7Wq z4Z?t=a#b}tQou(G#M>pk(sHVXl{JGjoWEphuuy8C0?ibjC!G)4Nx%ixX~{rdLPZ1h zxH(It^WlutX_z8_8F=)edE&%SLkl5KeEYxD~F4Kfp$ z&imkEJ4D#hndWfEgkZ^spBVE!$fS{I^1iO{!yMrOOM(U%RF{7|`UBs4F#AhK;#g`! zgEF%JWpiO)xDl|%_CAQ4^Rbm(QpMX$(W&(gV!`lmv#tJC^52ImAp|xLNp{G{oUtBV z8Jn2dSm8$LK_?G5$tl92E1#zt%cd$x^AyrDlVms}1r4vv$w--}V1l>ADa@K}b)-ok zF_s-F&@8jhAFZe~4t&s0s*q7OqS~veCV${1Ly%JaT0N?GAbYDq0eSsyzUpPr$wzyH z17YQ^=DOY#2*QpS%>(Vt?kg`B`qE3ic`^L&x>%aWGP|P`697xBYN9wTeKL4bcs|*t zD^r(8RC>9$iok?#WK7o)-t37=%Ro2z(QQOqc~tSd6l1YyEy+=Os^(*#g{>Q#3r05J z#V=gnK?=t4|3di*7m6HTc)*uC8UV7VKfwP;deZnlXud9c4b0wxad%5zZf*V^^mm15 zmmiPltvfKz^J`;QDNdN=T(TS2<>q05Od@q=MD(VPles^o z;Fc~^4-(&Tc~UbtG?L1#_j;krCyfgpO^}l&RT2lK7mdiviIX&SWGi0SJqvRq&dA9F zdM+|2A;q_+0~m#M-VWq*9O*#i9bi1F^5$>i$hZ$Zh?N3-9{4N6(HP6b!2z~OVIMn8 z03H*IG6Cpc;i}KnS9x& z6dfsrijw@bMG+N`zeFDiJV^j)QMPF0@438f?bzTf-C!(h=dT94nLvf#fwC(_<*@Sl zyht5@$M%h6SFgzinnr%d3cYwiT!U%J1PU)tsURa_<{b1Y@0swAi7LlEk&Im4SPb@` zPfYn4W9(vE3Tg@I+HC4bHoF$Dl1O|!s=o`}co!edw2V`QiL8WiG=Vl|aJI2*QZ*lTYKbFv zqoy{9#{qsThfv@@hoS_rkGLDYYkF~uxqojr(0(RMBE9sruygUpVZC(1n|O3qLj%rB z10+0bK&NkH+%PG8wT{p*6K%xrsrN|p>1-=YL`80eI3^{tWaYaaWPuLP=SBBcK+t4y z5GJqm>f-zccfVC$BtrU_xsYyqCM56z-%`!oM<_z!GGLCMqMU1loyBT2!hTOxF?@48 z4sGa&E#ZgbV!1N_(5t5rw#X+wKNd=~{wtJH*&&u?x3o!GNzIjV7~On>n`9QLRd7ND z*hTv;sXWn)WMDJ7n=gy`#Ri}ZlzH-oChT^RPi4bf_7(z~@|jGEpxytr;=(>@cFx`bp;Ut_vD==`*uB4WC?EU z^}E*rVKRJlV>>|hk9GiVA1dHVCxB%Fvf1+oGId%w0V`b?hjaRwbVKeB4%b6H+^MEHcPidIFr}`;>O(RAS8hlVBmdMs=URL zkkpLap@s2+0K7fXs_U%oi8hMiCt`W2I1YM#V^9T7LhVpY8?3jQ^8(23+Y9xh} zYv*jo34)~x&?MkZIK`(4tH9!lWP7^wP=wsa7)$Eww^1@aT!2$tkWy!CM%(FVN6)wS-jtv&;R#PR! zoRz5Y&}JLRX1O#E_iti!6s1yC6Yu3pLSD@UK{nnvx?Ez9Cn{^_gRx|QbkJX3!PB|81>A8F4I+ntm5R~q z%cgp$=|vwPCQQ7;cD-abTr+n0HE?1ce^akFYOq(y7>!!e!hk z!5;E_sTcX203mzim0r1U2ZJZpdXk=JT}H<_Efl*-3=9X}7a~xn$Fv?1x^0evtTkt# zlL&vYNFm*{*jLV4*mWR##jeN2q4sp1=<<7Fcb98hFh{X4mTKz%q5b0kTp1l;n}h-%0=da#P}P3r#MY!o43uSDho^qf+R-Te?gCiolnQE7$Oq&B(e<=y#$&Tk~6=JDUe1p{V zU%!^oZde-Jc9P_~l(cZV;PT>pC(af*wH`YJGfTh|s3!Sx!^eQZ#K)n8#GKB78t9P~ z<|?AVdho>!UTAxI@n%FGPRnFWOP1B5S4n-< z*WFywD^*||LmOMTn>ifND-OLO_)TZ7-QG4T(i0`7{>kC42t7!YW*WRUB7uAkDY255 z1+1;{;C`J((EbGSv6A})3p8A9@g%4j?wH^diR=<4IGS7&T}BF#{P@0!OGMedmgIfp6=MC1G5E zO_wENYCc>%XulG?{uXL63-idPVa>UT-3M7oCTtl9hZsByeWek!){ME^Jhhw^evvNP z;oOhTItY{v9ALx$1cIP}tvj+-mC8uF7-pswX7UnfVhY0z8A;DICV zN-}J|*NnOqNZl^Rh4OVdNT!5dqzBh7Tx%SHt+yrcr$9-(R~8g~FZA^$aBzyG>$K<# z>V%ic(MMBtB`4%R7rrJ{3DKBtvbM66sRUegBlTyHFPLCuFTul>wXTDqYYSVX95kP0 z%L(B!0&+Qkx|)t;!`7J7RU*yJfK|#oi>VFPS#sCcP)*|SFP=rSKxSX2Er49UH!Dx# zh{YLC#o>{QL98P1A{UYexM2|PgQeJZzZ3?6V5m?CnHiyuq5LrX!uoa016+dNDr}Jl~3zIgT-IaUE#_# z+gl_%9~miUXKkKNkuo$)PsQzfc`qzj&V+&{?q)5m-`WQS4bvz1G*3O1DwF`o5hXBf zyQISN2*`&hJE0Eym&u3MXsCI@0}5&4^r0pMRhYKbe-Ax33bB=~eEKU&NkvMj7oE?H_7ZhZ z3O8IeU2jG;9K#H7_k-GlCJ5`Bu2&2v#^6=xd!cK&N=f1V3r^&1CvrflkNcwTjk8!4 z`8o(P%@O8f`cfHI0L{#L(@^;{gfK3IVz1v98X{XRM5l#LE$dV2%a2MY0{Rr+z?uii z&e|$xsen9GD)$5QGojKG)nF^u#;q^B$H{Xju4U&#Z4~1BRJkTS9WT-)s7K5)W2(ni zp^gda?N+@ERfnFR>cfCB{1hc{fLybr4ka&$xz4JWH|{ugd5gH{o*hl(Sgc?B5d_S< zJ=DY)15}tgl6*@1VBu3XZaJH~m!bj3aBwTxHNZ%B?or{!4ZoIq&}Q}0%8vTl@F)fx z{+5XKl`Hcx-PWkA1Xd4o#(^bx6EG{eS4$qqtOlH}QnwRua}!8T6*^X|zJXCWxhjBc zYb8Xh9Rv> z5#B@b)YIlR>ws0F+X5 z=s7%CDclS|R|xq83dmlvL8w%Xg!W8}V3n2Qu~ou$S^6pi#_Cqk9d5udF6?WQ*Kx92 zI_*^X-F*K(cPVNvMWg5bl04W4+7qG(Vg)P4cs& zQk3bns&tB~b0RBC(+iUhVC|pD7BKM*$?;t38H1J<_%VWWQAy3zo0i)89gQ?!MVvgj zCywaqP71DGDwU|+(n45WeOEvEY5(0aZOutm=H(Ws0}6T`EdWQ$G@an6m^-S4-OUV=yUhrf^iQe35=D!`!esgQfvU#}krEEd>Hhp?Tk|@uWw{%|r7+7oa2MgqSyC(@Z*^Kl*diS~q6kzh< z?wUc6tiMzTq11Daa@4~dq}dX<5_Fe8TD8@c`&a0di65u%F-~!Tq3y>c>4Kx4R6k-7 zre0!qv$W4Py3@E~|uxKh@U;=m6* ze*)sq%Og(M8#f3c>DZQOLVhjb!DEZ#;3+VAm_w(voyy$iJ>msL)}pZEkP8Nk@SEoR z@SAuMP9-UUa3&{#$m`1W3-rq0Z&{mIb9A?Bw|~=d`1;w63eA)lwP*54F`3~)^dJ#F zP4lu>AXn5r(pN?2#o>HWG>f#9c68RP{t2`z4-fQ;r{e2drzf4#Jj^CJR*U@10-=to zC03mLgakAkG9V=|x@SdQzwLenw0{Apad07VmdU3CclB=v>T`j|v$j@8yk@Ac8O@mO z9^@bYddmhU2~^HQ1hz@HL%1SwPA^Pu9rb~wtZdq_r9ad;N+CItj_!A)IWCFMQ-!+) zK;OV`$`IlRX1Ps)ogGxP6;W3~?K!#Ox$?@D+dJN}rs)OXjb1ovtsb)?tpNa&|cmf<^i2nH$i6lYCdCm@{`tt`-yMr}@e;0{^ZZ2kfS!Tn1( zm+T|0-mgat$k(H%|36&*Qw#8)I-LLCb<$sN6k(r^y>Uu}eMTzXLoax#!1-FQ4y`dV z$&%o4$O9FSS9u9^cHViyQV5)My5;JkIHT%ghOg(k=QnA1wcqQZ4$?U!5h(1aVs^rW!m~cm59JLNEMoEj zgK~6yKK+#${QCd@{1b6qA371y_hpmhZYpaiTV5!ay01+QuJ9pZY7h6`WzO@f5^Ca6 zdILNc0fCHQfHt>Q`>dA?(48c0V&+>&VLsF#$J^Da&SN)Y&jHTlubD>dRz~f9008bh z_8>$8D6d^DsWq=vWWM`))21n4R1wAtpRSSDDIfu{&;sRMdv7=~Jw%-^SOQSSW$MmF zewU$}f8-kox9Wp`C{`QnR{c}8?x$*Ac-a*qsVukuXCP62M=wL@3|zQ|vhO9D>a8g$ zIMcqF9ZmRWPnqb4OT?uY#Ym&eS3imM*)s&Q#LPbor!$5u88{{GHaVe zwUv2Y;>!YV3i4V!Z3&O=Ni{NB->%}EP&9>v{f&XKLfniGW}JW-+T;Y<6ZX^a+XKw@ z6vaoDFYG-1&;o?4Kh$rxA@4IW@d6#+ZdE`&(hx&l0`e%%u?Al!Q2zX)>;4vqsxK%b z#;JkA$|m#YpyxViiXuSe+;SF^hHaU##h$P&HaCNsEXvQ*!vka)*T}`$xKIrsQE&i| za&)|U1QPNH;}>8g$64~08i4SNk|f?MiGuE&gb6R(-zMN@f#9D7>KkAz;bs=Gtv757 z^~6Eu*H4z<3kB#^XbKk&{^Os$aN6Ie82q>7VHvVei~D>G`P757Gsc1Fsbmj+AYmM1 zFUc3C%%`5Bdlr*tfC9@2O#?fX!0ZWN0vxGfrd01#=axtC;+T1T_)ar28`frq7oqPg zPF_Ynl9$8OorfxR4og=Tkp(R&K{RypuQ+cQjIhafxCJj+KUAuEIti5e^ara@k$W&P z1nzHZm)WnGd?*~NovuPa;;op(tp6!wV;#+k@zfL?1KJO;C7dbDpzi6T8n;R%HS8xw zkOhJ_7i1Do?8FU>Pi`>g!F?3l_O0uz9AN}358{gatt;!Nma3lEo~3iTOS5RU`YFGg z<@7Sml+Zt>7blGIS#!ic^-V0g=L#p(G-3sChKoWix1oohk6= z8yP*_Uz{Rz?NqKx{-p5v)bQWk1&=*@>ipz;lG0U+q;nq6P3!P)zsRXgTzZsB7d4t| zf4bE7tldN|uH;%FHR19Q{i(m!0PSKx#H2@zh*N~gzEizw%Hl6S$XDcCiOm$;Yn9m= zXnADkvUldo0QSn%-p-zS*G!1jlv-%ldN`3AX<;RtoQjJ+0iQfHTzh+mzEY^kub!uJ zU_s6iqxEHGTuRSa!g|yBbgz={%5Ez>u#18hOF0_w$xHc?=H!nmeE=w^3(KdASi@p^;H8&aYCF*K07AX!8?P@&{Nq|3l~G&d1ev#K}*W$u6V4 zTRvYZvhO3^lb=621}sOSz>a7AX~lbFnpGq8HrZw&Kg z8fiTd*E*gpV`}UCM|I@Yu6t?yX!ohnf$#Ia1a&2DWa;@Y==+}$2tHuH*kHSfyvV*k z+=87Trnw3pej8P~N1LXM<_C8rn-nhZn4Q0*n&LK+t z-){}$g((DNm4L9<5w_}Jy?Au`65rueTEEDqRIKjog37ZEO|MPl*Va?k6wyN>Ncgs# zoc~(&I_dho8+3;(sv)8b(t;#6b+unaPAjHtSZN2_7}zZ6C`#xIW@#&y3g9z7?p|~L zbAkQpF<8zTv$u=W;$x5YUDQ=!8z0+MK(?}1JmXNY$ycsI($Ny07Y^$7sE%LWtsC+} zOPYzkp_;Vd=Nk-7Vl*#IB;;yJ)jxBq6{8I%mFqin!|cfGQBu%d?=Ls0l@dX#!ywwZea_S8&(>y*AOb~%VgnREx~G-9#hq8`nav(`Z}TRWeDE3<)G>S51vNc0 zPkZ?S6UR##yA*aFF;Z*2WXqQ5F_O6;=$P>o#i!d@Z?jvreR)kw6-H-iSC(X1z4sMq zWowm;{kan@(1lL7IgL+fALH6k%dVnX+cB=^Xsel|u-i)sLo~;gD(;Dl>bv5;sju>WKx=kq8 z{Yn1>Bw~WdV3rd|jCg`$OFD;2T=Wd=NFkPog1yVMc|-&ZQ13WCcFqt4CWvZ(9afP1 z0ENsv@Crhztl&$IAD=8MEy$rFO*ZKM!EvW$5u0x)AmPu zFnif+oy*G@3!)@`xU#Cu$N-dMF&%wftPz;>heqi0XIKL3WJNPk_YZncXihm2egz* ztq5*r1bGRu;)v0q$30-g6-a}HZByF88LkQ;;k-!ofl10*pAZXD$&1;*T zRECrg?+@tG;tP<|9CEf{m`vBMDlM}$P+dhGD zz0XmmsC=L#6jgjE!`R9-Cr88hP(^3r@Zzy1zrw?}vo~AzkLQk9=U>5M$z(BQA}&0P zTA#OJ_58lGv(?S?$qgE5{xaFm_U<2L6kN|b@+kkq*yHLVIht1>O4^&Asy*=qhq0z> z#0%*8*TV}^C_732%d9{oujQZ;2dq?v`MA{W_^xSbKYFGJlf6E(|g5<+N~U1|7x9qn@Gbo|GBoC_W1Q% zVO|5_#j!Ky(m3W{xaM6_&~~SM{>l)qlHG74G$tQC)fwjmgz8lK%v*` zJgr`Wwvza^)5j3kTG>55#)yU`Y_$iM&(2J;!dtBbbyYZ4^S4y(TD&8b@;m)Eu8-~% zG?M${g@>3Ku)HA~%jcdbxCFc0Or4Zd5aKf1I-~6!33=fS$obL_CgZp<6MyF)gSZO7 zQo848!!p6Lv*<$rJMX8?|J71QILRrpc&Oma=zJeI87Y9oDIhKPMTnJZL^WEbnv(pq zvd=l^5MkP8)6|Ur5tQ5Ir~)nD{mx^M4h!|(Pq=Y%A-_=XXr>#}h+3yYtM=c&v$|%F z=@}#~+U1S}N*%Y~jT2GTPi%BTvXA8+W;V*xcB3$s%~LbwFAW9-#g6N0;O~$Qb^tM) zGZhsq>5rB|VXW6CxsZO=7EaEpa24A60j{|-VSDFZ0QEkK7My#WsxMsJ#rw9=4>7dW zu6!xrGfF1WiMOR4_I!{TwuuHkU@42i8Z`4^me-PuFT6VJ?_&JuVMDJaoWm|E_k=N& zA!+X25ZLaW^b8f(SAQ{h^*EBJMVMNLEAyy_HV*gcsn_S5F+)8?;4-3v%ofy2`z=}_C+tH``NYe0;Yv01xl6M(8VC|Iln3JGpTqvl#q?%T~m_Den z8;?q7BbXQ_y9K%Yx#Ic9dJ7IPAB@P##V#~!YsNseNKKAc=!!NKA33n7CQT;q35da! zR|Hx?gt&XX^;G;QEiWjHQMU|1T zy`Pv8FB(*7794#XBAJAfY5l^M6t(c3fKT-oDVE^uY zI&MB?yL^3RXU2v+@2M5#rlD%HQ{`ks-NmiF%N5e&jTfDzr|J zABa7Zr5qgj(=wx*%YlCxlV-vza;Ki?OH8XKs=q@j6)n~_P)0kd&-MW*@J+b<>DrdD7)sxRiE%0p6&>zM+I3b7h z&SjK9Deq|>VRvqhz&PuFEL`jQM}C~^)I)m>F7v15>e99JPuxV)7)Rz4sz>J?lIZvtc3L>y;zraRf4^8kqq#xTPYfw!zYj^0UCv$X#@Pquf7e9H z_>^28z&FiDw2GA5uW|yyg4*d$2l}?vq9Jw1tZcH+zP`YS0Pt)@i!3 zDZXdZo+qv69BW$Vho`+A0wKsgwODcagJWomH4 zj2b@hel_(NW=JfzF<|kGzbim^ZWScLi9-wC7xS460e5FNQ?z}zF%40o+K->j21 zzkO**AY-NXeuah=vnEyyzGpMJQS+mLfN4)FJY`R`th?tMaiM`L{*8WpnlJZK-PD`z zWh7C&#?e>P(FPkA>oZD}Q9V|rX2oonT*5V5n`)kfKJf*!%Jk^+XPM4O3XazJ#ffO`N=Q_g>5XBa%IwO`CEh zv}7X8Y$P{q1Y-(Mzg5YFDz+ zW2zNiysXWg^l^H_Gmy#|8mKVVCikZx3zj9!=tSe9Ma!mTJ10s zRX0S=FAOKRS*brZrnTPR?VUCL%&Ta1)ydzS`~vub!dH~ZYo0gs-kSLt(EZ{$1p)+g zb_LJK{b+ZNX8b93C$10E^Kne+r5=$l%_?}+i5jHgEKv66-kate(;!b9IT}Bh;O~;w zf@%%EVbC8oo{pRxtKS-^8}z_eoJ6)-;k;#z5iQ#_#yz|OW{;3K^5!QWq72f|{hcaaO{wAMbd-l*);=NRuBxw?=jHc_x2mE|JQl`SOAe-d`JR@k0bM zud9o_HH%L;nwXi^YY;y{)^bkC4GNC1J66g}~(8I6z z)pzyq-cXV#&6fSa!A`rVR(Ct_Y6J9Xi%{u=^7S-?htB0P}|3mWp$82|G0(oKKx|u3iL=8H%|y2!?oTS z7(bkrvGYOx5xz^r-2lz0mb{QLz2bR$5b%prn8w+2oj=dLR> znmjiTKgva}&cjj~N&6$yV9{p%N?p^PfO9lvqi_*ZK4_~+9_-3P=NHp`J}eN1b{zys zvp_P~JOaHpax>HM^4BJ4>MaB1l6I3eI8KX@w;bbEy|*|+=;y}xod1VqEP)$v9P4#A zL>BzdViYC#8H|!EPEO1@Qtoe}L{ql!@pVPMfzwV@g{ShIdXuxu`n7Ca9%=n4+H6pd z%ac~rfn8kV4jP$$v4feq_)nxpwDXAhZ&$5kzp_p{F4T>1j_+8S{O$~_=QKC2CyNYa=_pE; zSm_N!zOFlNqrF>dkFJ;9{q5}4lZ*9Ag`YqAE~otf8P5LAN!Yr#Q*{)o!^N&*CR9JW zul>9iGxBrwnHJ%1oh+YXc;x9mxZr=UX_UVIWoHT3<0{l@_ppJ>oFblTdr2c~?(`Er z?YLN4f}`=lr5OqRG~U=VTYhNPC}#MAw)bCN2agnzZ7E)xvjVOv>|7qTalh(YJ(K74 z=Q#o8bs5ECl4AH&&(tN!AUFr@TSG6o4>*5INY4dLM(vVXeiwo&E<`a^A{XDM-ze&s) z;w5<_S5I>OtB@6tAG9FAV!Yh*oOH?ccQ;nw5jax6OmR`|TkW`5{kK&7O%%iLZIDT6w#{ zZ|1oi^D9wMiedw}WG|{0y{Knz6QZH4-gc}>ZnZxDb+vZ;9jXHD=_+mVZ}CI*ZwZj0 z0q~UCc35)FPq%9VWu5nIoY($_Wdnw=V1kUj$1^l*Y~j5f2G?MK zJY7vQ(Kv2a6E0smYaWV(dMHVXzieWG zJ7bow;p&)MZ~48ARbrUonI|?+-XU*Jn-<0W&A(stL7 z8~6ZO{*J%bi7hhcCrX+LbmIj`UfsB&>9zqmP1T%wY? z$B~Ak6l1mYIFyI{8iR2$MM=Cnhp{Ew%i6)-nFfFwYGvp0(gd5N-MwIJ6cRw~zWu3t z$BMcY8pQR7YxLb20L-xJI16;OMf@C9^YQ2QtuRB&51R$64@f&sQ(wAq>j{O6Ia46e zsq;tMm!?wF-85AyHle1N)V~`yRkwxJO*I$8+(n4n@;tmmJ@45*To)?bpsrRNtmbia ze6{OynA=0rA|!wmqe*AP0$4wzB(n6Eq)zzzqb&^*0~X&b3m@e-Ng|7`B5La9Pu(tj z?`x2yQ_EIV)CHWRc-`C0lbCgCLUT!TF0>;2HTJJM{vDLpUaBUNnq01FRjq+AmxUJ% z&zR6dHG)c{{hfEr$bJX2K51w52H90lXVG;AKm5QYQ7U%EO1su!Puv!&zJcY5voTxn zHSqo`X8u$-zFqDK?Zx<-qgPbJ|*eJpbVIv=1$Fxo$_O4OwSjBi+_s&s>US=wp{Tcwmmf$m9lkcD# zMef?CqyI<;@G53nedio)Gn7h}qo;4pm2eivqdB>G?&X8xs0DQD&l?@+JW z=sFGE?R6q}n6SCEr}yV6Vo?!btShP|XIz{S`PycXh_gp7JD4W-z8=@cg_#*B4ZDKr zu|txGlh~{0GXZ7Yb$FlpTGH7%OI}isrxUx|g>J1SSnt8SEekKoDuwB0c!q0yU$u&} zHkE)1Lpqy=m8QDQHTxBv1^Crwa$DbN}BWfr8R>jOH3o9R4gGAF+R>Qsra0J5DeHHhrHv|k5TzC+4bMa{#wQ#xnVubQZ5xGm{0 zXQ>{Phe+oPToQ&EdWbO`S1sYnhdWDft=$P@hCPwEWj8_1Z-8N_1AM}7xm!fi#GA=6 zt9eOLfS6Lk2V>gIf>(xP*~gIN4=EYmcr4kqUSOl8=P8Km$IjMCbWw3vo2yM@Zr7r2W?H3FgXuGy;(st4w`5`4}!o#s&A$@p?6P5W8dE}nM>qw{T6X*4bd&a6}84EjC z0BeZDpKmW~EZT7V{p38{i6%%KUR3sIbAU>Y6}u=gIo&={^>ce8Z)#Gr#meG|PPL`*aF z_!(;QWf-@jKqgtDiKT3MQE$rCxbmBzJEFC!GC!H76@(!BxtLbLXRp1GdYq4?H$MB( z!5CI?TQ?Ll&kJjUBH4G4F7>ANWLZGseGk30kNI$k6uM|y7;q|#9-Ggbcl#b9Z@_O? zixg(HM=Br(^YD~uP$zkXi0d*Xpxex!7Vm^u+#E#spc3|VSmMxUE!J-;R>q`6EKI}0 zEJfT_@$s_$=uF;jP?tTZTG?WlyLMBtA*cI=Gi~)0CG|}t(yi3LVTq|7E6^W$1L80q zooQ=O@)TS1Vp68JO}07j8`sy+xi|BH3G$@4KhgG2<5P^knhv zFSaG-KQvP852gl`ifbw@pooi#+;;GB%sdxnJ_j>Xgp@QRM>#E+f_DW@BT*#HZ`-En z4%I6<+hoeeW^x3JI)`cSjarq6IETnOOZs#_9ehNZ=q5SOe5|&U2IP?2&fNFx@f;Eb z)HN6KK_bq;!1+v{EkV2xn~L2Av=>;+VoNxrmSFd8M!QWXd!aw6yD{GwOYk+=Ap^}94{Fg?Uy+jJHkP?C zcQ)vTOd}|uUvREhrG0$nR-Z4=gMsByMJ_-&sl#J?J#Q|ki`%BLSc0}g$F+W3rhhJ+ zY>&i+>(RH%U9OW?-+5KpPwj z&|c*?7)lR!ci1bcQ>d})Xy5t~k|w5|o&eLa?kTl<*#e@X>6(j+LwQ}9W4dGc5kSe{ znNi+t5^@7$UHEW=(eS7@_PoVyr)&Zhf4UBMtnsZ4~7y;zDqgzRZ;S9?Q!QH{{_zy zY5=X6BJ7c2N@t5;3t8`|^4?i#wCbmLjEvMUrfb=ZzBh`kk=q}ONV9aP)O#6gc1v*-B8Vy2u$++tt6heIM~4Rc3h$#Vclg{N^9l z)~#zpjR!|Bjz27`S*93s7yM9g+D|Zz#++Nmcsn@kegEPELhzg{J={Hf-?-mKAFtfq zJ%qC5D6-#8bjRj(kuRy&Ei8j&E4+ze>p3S2HG(<8=0nzb+Bvb zBlG2BjWRxABlW){njKd7%f`D)0k$9Ths#>B($bfPD}y(!!IBRe=|dh|;N->rio_Bq z#Xe3TM0s!f&^>%LS}AG>yvtQ*XT}xq=9Hs%8daAY9^>e8W_i(RfDcC11so>VGo}xf zhW*1f7kya7j*goRO7d?+sH zoy&KSLw>+$kka9P*I|H7IHR@M-DhSrWzd3!AG$LwpzJNXw{>vg;6O-q@n9|a7~gM! zb$=SOKxN%EK4_o)ox{Y@(S&za$r6^zqCas!(p;m#^KLdF?s)yIrL!J&2V1snbA6m9 zuSB6cim6A8-@hFZKmS*!I&D%5-Kh*LpdN>~x3|7u)Wa;LBUd8KJ>9|Z6)llOSX;{b zP>fB~VRL)(vG#j{XLpaa+cavgWwn-%JjLCQ!A7L|x$XzBYFAFJ`AyCfFpP9#a$614=wU`xsn?I%t^HXvuhg`o=AQY96DJ-Gd4SW0L)SaZtG(`m;RGsc;8ZEc z&I}A5f9N%IQfc^Ux<~Cr!TryyVrG1hG(Ug>MP5lO?fa*JkbQmq4QIIY(MbDtErmj< z-|V*xn#l}!H00vq;yvVEWuEaplyVDP^1chtT))Mh*O95Jw7IznfG+*(Pg?%hIPHJU zIR6ib_}YtoS)itcSNKDw+Gej|az%izFRt&!5zs*?#rj0G)W*ZT#x8!(dYNIcF<`Ra zeE-yh;9=mm=6vwr!G6csz8*La04nH|{T9#t8{voB_(lNGVAuyV?v0$$3|I4PJlOIY z$_yAyjpbLGJ|?(x`P&a9+lB-9TJDkp_%&WRc>o?X#q7|!!jl?8wr%>E{g$4_&rbvJPz_qcG3QE|qMFRr z_^2Ts35#dwtkByaa!$E*?AS3{rMo3Suc`4$u&(+vA#0xmT%hy>Wp8A8I+E8$`>Sak zY>#D)F*3)FVseMxHmSx8$E+~Le1ojB9+oxU_9idQ&V$&zy#PGqq}1V>RL{tW`tX)( z@`#%~Rb8%^`(`_^Fct(;RYw0`fC0w0P-*>| zPB?Qti?gb)zu#f%Ln32VOVi@b2PlFzy;wEYskz^*IoX~n2OQRPJ91=+QG(&s->h`B zA;f2G5&?HtZFUFf)7h%Yynh#Xv>ONDM?NG7X|1){GQF#dDHM(EkpSDH=lp7bit6g> z%3hx@12si8{hrvKx&Yy3;IJa>pKOas%zWJPEF%&(HIF)QvylKZ4;Y&~(LLzxJJc zpOB#%Ah}H0Tk;x`s2YajLnnn&l{{^}p#lMIFrBY?;QZA;%*`?JTT7CPC2u?TcE;o; z0vC3K{qMEnGJa}GywAOygu3(tm6Wa$DSz#U@?WHqqeaV$oNT3DG|ZViNou&<_xAV# z+m9u;&-WEvXD_%NZSnE4Yc|_OB#!4l{#5zy;_Jr^6DKR>KJC<)sYgvB>uQ4@$;#-A zu9-E#iwx^_V_(XQ@4MMqCk_q{QZ)zkKE0-<=2F0tmAI4?x+*R%?$c{KEhEvyUz1s& zpz{DmEWQjhGX2h|2XCb9wYTf)>g(sd`T=@h6x?vOOKn{@bma{zQe0Xp6(^v|6R)xB z^rQ`nsCQOOU)^8tYNhw&6D(hw#T=pJS)kJX`m6Hl>H;9}oi@(y*x3pEAMCw#T$Jn9 zH$E6x2nHcix+O(GKFydrV(5-}uX{XupS|7B zAJ6aidCvQu&w1bZ;~e&kcU{+7-}PPJweIVR<+FQWdK^}$RHPn6q2tau1D47g+FBZ# z+F6~7=Olose^kzDC} zmD(XCqt97e6GRh+8yg#Q&b|OQpl5B(ZftBkxj0aOwlXxNC#L3mH+d6wP42AO&z|=` zfDtCb1V-%7A8(?+ZTtHA*F9aYJv>qK=VM^7ch`^U{`H%$f7?;Y@NYZJa{X=lSjxX` zRQq4tPG~16_F(E&s@B4GMz^b+TPmMsrhF!ZeJ#k=C}{-zi^6RiD+98qkv#ARDNwgu zyGKW9#e%8dc64-Ll$lBO_4R+l4=Rn2%kAfGZc|-yqB7QyXE``IrQv7c?c295z*3Ss zOzBG|CiL1OVKBB5``K2Pai3HAPEI_i&F$?bU=99RFmE9<4ILdFIkyvF2<~NRR=M-D zYgb%pG3G{*1vJe4`0-XIh9?zox`6SN+D<(9^yw3QNpW%U+~Q*3hYufq8W}Gyg_M+( z-LwHc4Gj(Fojarr`kW0$uzRC-t_G=UY6b$k!1RLW0HIY|_86?N8*t=Xw{B@}))fLX z@$m5I=;}gFa)FmB|2{jug+JQ_|2anqmq9lC=g+-=w`u;n)k#9;yQXJs%m|SPZF^k0 z*Is%lh>eP>Ct#Roz!y}sT^Wo`OpqF2du3q#OvE$-q0o@nM7J2n3b}I4Z$5{!lAg5# zLGBAgx}o1f($dp`2rw1|b{EGeXDUs8@T2v|VzKyHQOs600M}#JDhnOvu^FY_9=4YY z3=U4i&!&1dd2Z#F`uDarrjpUo(b9#Sa(y_Q3z{@-aQEKfr7o-b6-RpueZv$K6pE_H zVHh=Vlj#Yb0*(SWLsgwn7;%3++;9ulmhS+!k_Ha~g zJjI)g$Np9WVDYRF%6(MNZbZt7P|mg`$XOd07;p**+{Awm&__{Dn9QUtUdH;yjT;@K zqwLW4N$y)UshIZ7l%=J@9Qsfw0NEj^B%qma2O)k>^fDk!`7t}ubIgMejWfqL9xvk zEx=jSvzuYSC8h1iVDH4Jc&!5^Q!iy@WudKHT=)P=C~BUBVI+n?#`Syanitt6g4fapoGIk6T68zUkG%Po@RdGt=?_H+ttS2LarFF z1<0v+`1r2)5z|~60ubZ4xA7yR$2_m1B6b*D2r{ReVUqas?Jn7PQGw%a^zH08QC7pH zoQ#Z&lYouO*ipjXQT%Q2-aQ!ntB1q9+s=67NAC|q_&fbe=nUcVb#Fy*)i- z$;ru_w{O40!^q6c%p}+*3O_vp0s{I?!88h)O89g7LSFn<2e;Q}w=vgYf#v4r=H%y( zs{0LgEf>I!(E4}o)!I{Z^d*3{@i{H33hm7$v#=kBt)&fEHmt4GqM|Cld72Pr>I=wOWK`7K0+TkzlK1c5^8w|ELiDVS78V_}ls8zhSWd zf)6~E1Pi$Q`SXs0qxt~;DF?@`vhsT`Ku%+Kw~~XibGq;;t|p4Vnz(oPUWwO!37_5M zBWW3#2A!j6okoymQb(|BNxG36zUKHP3}&hVw>2-i3Pu==0F+&E-n~l(+|xfNC#P`s zzWFb(b#Fc=&f!CxHmnj(ln2Wt`4fjUQP5qWy`ujvUz zTvl|!AQ#ToQpo;Nf->w4WnEoQzzIQl znGV@;FL3n`$drXij+%b)FYkp`a8eK&srhWL0g=?E0ZcY!D#9JH5TkP&)_zH6_nXS3 z+t~i--EGNKMBP=`wYFmGk*iQTwm4GGi*j^!Zo-a~bfq^KzbwO|iJRlHq$k%>;!eD*E!r|69!6~0pv~LCm z2JkoztQ^4dIL^e(jKy=WE1^-&Yp-h#iwzdtOBVI7_akY-U{bC`E2Ca( zn|lM87!(xnJ_*?Q}-aTt*xyqSFWtU!Ad5n;o;%>dU_KdDbm6uQ|A^I0^;N2 z0ob^^3ax&*yjpjT!+in=#(1U5WB;Ic`?LXTtaNO*(-noTlU1{`Sjcb#TE0NOc zBVc)pKYhlfmd9|1V^dIee6Z6bT6L3fwA|T-^sFzil4rjfUydf_ahuT!e!z1`$M$+l zCP{EBBn>r&FMe^Yuh}5uZVd6< z+_o$Sx&QQdFj%Q9l(a$+vlWO72jbSwOVOQ|JA-{ynX1#*nyaA8M=P)M^p%3t#WO?S4 zir@vGUnXe$92baiU0q$A!oqBXGu7WY{u;XzPaZiF9Z-0!QmnqDJGi#QZy5P2a=F)j zn}#orRf~d&)5jehDzHa%#Xoxe>+Dv+l5~#Be>Eg2kP)W~Pn=U^kC*}pwcXCj#Lm1* z_07HM>c_u4XJ@fU*-VR9zf zSaFEs@B+~G2TI_hB6S(-)Tb<1pk27^PDlKVln+USN&mu>L9Gl4W?2@0DDVs11v!yj z!&p%-5mZo6Py=*djl$c*_?*cGN&;+fTQ*a_C(Tfb(YQJVh2fQH;N5ax&T&+{+X@^T zNRx?~q#E0KLM`IXw}l;{0x^3@!d+tb*k7H!2KRC<;?6G+49jUB8HsyT?L2JfHy089 zYZ8WXHrgn+8LMIrqmN8!%KdA${*|GFLv1?Z^qVaG=OVtZpF0VDhNo(>Hx*kAO?IYAp|h*2MfdgrHvqg=0YEtLihh*637nNY zAP;EJ8&3#esJnoiLef5z)uKjh>(49PBL8^+NO>*Cs)T{j!LyWZ{(1*J6XF z;GF`|{Q_WJ;?{ta16AWGbb}qQ&r?mx9bx1q=Q@(n+49VfQlCmdOkKt6pvj9GiA3fV z7l#jnT1j$wxgeC?(=GvL0Q!}_t1CYWWZsa7gy$lAz_PDG-bot}5P-ItY7F88;00pT z5$mIBchFm&3pvBF-$xVw|6fCx;$42zcA4!LKsC*={i$UTA3y`J- zK;@&K;W#_HAyY9u3DQ-70suYZ01XGGS{ zZ2~$PUR7~)bo~D&2==Jx1SN}wXxk?MYKlgqNx=f;uFrD&rlL&Z-;#*zT*I43oVq=h6TC1m4H}hSfJK6p zGx`=*K}y&FG-2dWe}Dh8`?q2DSiiTlGyo|y7F6v}L4ko^e2$;O`;^4>pV{<3Exl&; zm&owHSK9luQwzDQM7!D8*qpThvfL0z{)e5%Jo22EM=`x4 zBQ)jC%d+_7erajR4hY~^XlP`teIHy0%oIN!J+&`SC6|=&iX3iqVVpogOboC^JY+;i zM!q>k=YIQY&=WWnU=DyD<2kJpc9@bxXyqOtLyRRyM@Lua=;WX)Fj*~tk68#bvZi6p z5gbho0TjstmW(C(c~?L|BM)%EpIK^E6)h->;&UsIev!w;#R2UPFIt6wY*Qc5;2ihB zl;q?apth5wdh4h11Tr`PU3kD792zpv)vaj;yM%_T12PK&bCz}_kdTsqu<`u)^FNZ) ze@-&^i!0?nM-I9tQUNktJ5XG*z>e*64<#)v&s#xLY2B2Vnfr%WofCKYSQ8lK8 z57aNa7d9bnW-?sE`mGqPD?RiZt&E&p6DWUDLE29?P;DS)0o3H5I0R%j;7Xch4lF1u zz`U`j*?7o|@Fb&1olVFE?#h;|{@{9&MGJ ztbx#BVbcXP4E*8vtNjKc_~>X3Y7)ctZIA!ScB}!$x5EKTT zfS{3>`mx7c2!O8L(ZMc;2S`ysxxjyKUZf7yo$a<32QWNq!O@6m&M=U;X{6!%jn1czZH-biC`iRglmCa#RGAM+41q z>|loXC#PM=t)>M!3jhYh(D=A6uwHRXQ1 zIKKKV$Z9af;Fco+bZOXB-i1sXlBNHG1J@q@hZ(`YpCtHSCptj;HHmj+6xkVniRta@ zqX0@`0MxnjJ2<%T?|LCr zbOg8*z)^K&eSIBm1&kMn2X^?P6(rsbm?Q*&QYSO&JTY-&J&7pw_L!H~AE*R_p*l_P zOoEF9|B-e9>h+U#4-TqBC3~QlA~iCV`~h)=TqGAj3TQr{%FEA342MTV*x|%jaKMd;Giq{G%wfKGR|clrIY` zz;*x4I_Wxy?LY(ji|2spqZ?&{`%s*sbD z=RDU_2ZjPvZb+v8zo0a+0>yMRk|`JEH7hvw77|YXq4`&=ePhMXO<7r)ep|e--CX<6 zT5p#n&lCoYRLJeaOQ#yvCC08((n*!ZhSc zP|>T{b$zCEHr@>~BRptygDhjIs88S1Qv{zqX*rLOfvgxG6&?T$r|`@Eay8u;?r0m_ z>Hg3dzPtz}K|j(H{^|HYZ(+oj5kXbLzD<|{=-?=zb(Zd9%OSSX3~?hVj!IG>JEN_} zsyyt#+azb9Tpr4PKpm#>ADM?LsFMEtzQ=sETT!lIpuhw<^!2NFVM)n3=-)H{|0@Xm zcNzr#?4;hfhS4~&foBvuNx0rnr5PXTluMTgeNB&XT_GbQO^L#E>X(zQCS@;eiVQ6* z)TU?oZCmc`UEO~^WNnpD7^GtJaLTHD%BA5*vk4{_g(>36Wlzt=h!XtrM>Cyqaz-GN%Ggv*8ByU{s+IwHp18RGtz-T{T*~u zg5-vlCWgmK9eB60KG^^6;$2=|&|bn1x;iK3R6%cnaa+8WHrNYAuO*hB`yBZ#s0DAX zAEdl-K-a#cNB|2m{T9j+CFXYsS>!QZ%`}P(ojiAFu=Z9prw7! zOpjOB=Yl1604;txEyns=V-S^CQ*=yBS4YQtV0R^73}N?fl!4lQS5HqE5T-ivqPR_F zV(nWMiou%E=9}|9KR~6{#%6i0Ka@o=-{D86gM&k8BoWN?4glU}NY{%KbPf)diM)Ls zYM7H?ic^9vsKES7!RMauod}x0&JnC%?DyrTfB)g;qksEvQi>Mwce~jQ6h`3cqHbG@ zlr$C=7R{hyX}_4)6pkOA`ucjcBJ*cu<>g?!qocVz_BL**<)`4sdwy~8dpH|dN1TgG zfCtR*E$s?EgT_D>PD)t2DFCsxx#SRIU0q!V%Y&U&{)tzYp`$M$f#Dc~__w>6>lFtA zSVtaEQf49zf+fVn#NMJ|-cLRN_~~u{%ydZ;R4wJGbU^cIIJ=hmgWte}05xYi+9C%H zvaCA-JVxI_HQ{Im*EY9N#h(U3M1%>@InYFv_6dmINTK@6?>q1SO~LXCSA~soWa; zq*LwbU^(+W3U#p7yq?BenF)U5= zd?Eo~`3YK}^8&S)-<%J`mJUd9G3rQqj6a(M=l$ui;Dv&BC>U*%a!nhy%$t~^fLg8gPv4rMa9L&5Zc}`d-{iu{Bz2| zUu2z{PJj6V2GgZGsr%QjGA{hvfAg+4AJnpfCP0<DInXl)j*2C$cjgK&_M1@6in z(*4U57X zSqJnw4zL)YMTG=I3~V;mJ~;n8nD;D|Tv;%|pv6qADNQ;Gkt!9D2DCf8?WvVmYe5<# zXlS!{ummg&ymTiaEAS%)f58WTVP%}~3`kOn zf5HPTZ7X;apcA|mBGB929SU?Ye8hm9S^*3x=&(e9E~Jh;C~|-X5lU`j>7M`%SS2L4 zfM(jCr~^Fh9XL7y&yhepZp{UqG@y7H92^9&y@}dh8eobfL^;j^#7$(cI$W}u1=SwU z!5x1xR)~LIx&(O8$E+;YK23WW+UIj0I`UW)(=Z4rcC_2*di+lV0ZnK+2a^;9&o}2g z@&N0uIGE;W1LY~LKk%$%%yZxKam?cY@@WIQ{m3N9Kp|;T{}b8@P|neF5*=G=n#tA}`DG={bA?_yrOX z7CcpK1)Yb|;C(Jo3`{m?qH)#)>5mFNXJb>#r?>G~(12ca5`fum(Tv+Q?dWE-xP+^ zKzkKev;R;F+xR3wNGnHJ!uU`Fq3$(+9zU6qxd=9x>X{ccvUlqgxM3FazOY4x@s@03 zLTq4^3hq{Q=7%MTwr_@Q^ZG$tg{i7Bfr~7Hl&}@|J4FoHVoO>P-(?%C3soZu6Xc!p zU-DL%EYC7zA*%e4wKC|HUPDu{0gx)qCTH@SMHM@1aWPSDPwH!Nc}fhRiDj*rDODpD zcOQ4!dvTSDP!2!+B=Ka6zNj`IY~_6_3miflQ7A2=p3Y(R1F6f+IP876+wgw?F~#T(9#HpSAPLsmE}8>qYH#Yc!CKS|~@q77Jj z88r|aVU%ZKE~AZ%QF+^(Oz25^CMGp`V`gvqvo-eyoZLBn>=hWc2^#_7k2w8pt}OYH zBiD}}BPRaOU^|o%KO_xrc-#pXUu+}0^bF33Ys!Bzsqf}h7a>;+PJ-vKjsBrgIyf?- z*9<)zLNDg^nR!yF z`SHr&`%kzm!+H~ceUR&1Y5XoT<8deI5UZq*n^9+@91XX`Ipt5kHUySps$s_jR?9j0 z5ygBM?54nV*lE}}jqaanCNAo`hloKOgwV4hEM*mTPQtWH8=0aaFiG^)5tG3+&+@p? zbg7WD1Wolw96eu7fNiG2h`PtH*u4=*n+ikFL3ap5Y*iN!jfgktbmpxoPxWhzdqD z?){{7ja4e6q%xDM0U`$);%Pnsv~M_&Tzl)TQk`6yZ%MB%*@e!e)~Ri zbbFfN`X;*3OL~tE-lqdI6>pIk`mSGJ$X}fx%~zB{eaP~yIze3FsED1wyYY_5@=IA!@~tI$D~cw$1WX z(pa~GH4dSd^F({ZQ3=%Q9`So8#3%aXXKu z;AIAlBmN(#+*d^P5>-e{fdn=Hoa0V@JbelMZWFyI2TOe`J;f7n0CVq2il#DH2GdF1 zM9<<|QiOdGamQd8{_)SyIfCD!%5AJV59{GGgs_h$h9>zxyh86d%h^Q;!@TLy;`ytC zdvY3760e=;%e}%kM$*9sltDQ>u|(FgPGI9&T-hs_hlFRi;WI?-r5UhSy^#unOu|#G z^I%L?|D`Kz{0s@b8lb+3KESLTpGxt#mw||KuSe*}nW1GrlfDRlS+l94$CM?bJX#S% zR#~_T*geOk9na1#wK0CNJ%n%;a6_p7D@`0etmg$ua&QLINwHa02Xt zjL0FSdS%J3hxKCClZ7P?ej@SSgG?cLyDDW{#V8#tLucG1gKiJsYgMC?DDL+-4|DPV zV1;fSnipN(%I)(42Thuzi@mbfLp>yxIgnLFd1hB(@>e8Ymm}k!NsQGy#=EtQ`Z=C~ zt-Ly-uNH^f#LbRGW11Y}FT*mbxOy4xB|in%Gw751CJU^nQ#{|^)gygTEsV$}dpQFh4d z`-Y!|g3lfhs=%;~=3j=vp7m_oddyN~th<9NCyyrR?11ex`QCkC1D>(>{VrE1k(Cso zGks={i7agVEAXS&+w}D#64}+VNb8aP&+G)S_>a8ktxB)nX7Dg4Vbp4x>jd3?$8O8h z-S9AC0+V9yA_gw-@sA6rM!;ZgY1$UPY3f{^Q_lRb8tx2+qKQfi-{)lBZd)QSSiCuX zgTROQle*Q-0O`LhKl8@lasA^Puo|E4@|`5`4kh&)D2HWm)L`vKysxEy=on1`QmRVT|N#QkLq^I9)~XAqsj!^1WICe(@H%4p`T^-1+U6|pVe1}jl;|jH??B! z?7EP{T*!-j1X>iO*1mwFS)vh!^qE23W)BuF!Nvyy7d^TIV#dJOcPauWzh7EM^gAW- zHc?jmb`tin4ulJs>8*dAF82S<{QHpqYwIKbZsYuqdJXjO#L4Oiz-rtQco`@!s}RY1 z717_2*xMG7^Ixtn?yrj<3tXpyQFoXZ85*XzjCMY?CI<&){6^;tR{C}2L+ve~gGA+M z``<0jNd!lSevd-jijJw!vs)`)z9~rGX4n#fY${n66j`n#r3kv$V<}->W-vCG|vvZxp1g_r~^# z)8(XPMbj(z?)jc)thM5_AFT;9>WH@cY!EP%0)nlVm)0s|AjI6y_ zK@l4>1b=FS&+!6wpL*lZqOOahm{G7ZxsPFIDdsK{lT`tt^lN+yvm92oGbZVcAPc&m zdhaP#yt9C1x1ka}gEf@aSW7~oS2-lPRxh+Yb~OidZZL=bp@gEFKd#zuqJVRj7ltq# zDZ@}yGsnxt$5vn+QyVAvEyv>Bart#e$YZ!FhdH zV&~D11cXsDBH{4XKv~g_n&)>;bkbwAF9jpekq6EYjQidP%1XQ?^X`|sXtATze!Vp` z?U=TZvPkUW;)n|D=*t+B*I_ksKoLnL8hT4peYss|V81%@U}w~$si<%EEBm0OID5rS z)L|7SD4jtEyk#C>%{Q6t#=M&yvMhM?l>yyE=IxVSy6%QPnIP`8wJ2KU=)Af!os4d& zmJ~S{^~m*Vx{JnEVH8yuZQR@rxeMCPS!;2DZ7p;CJNu+&7maExa z(G{2of1Vn}jgf@dt#ouQt=nFolNB?M{C)=q61S#-eno#sLO<(%ORYczwRRUhhEoe( zOn50)+IDz*cLg`-Tmkm5M%<`?0X>4jYo!g{-;0r|PKb5&9C*t||4C~6^S}tweX14n zdI-5BjDA6h9+Q#Key&7{5r2ZfvZ4E|C9U^d^9bsPbP_7&H>lU1V!z7gSF!F6*)WRg zL`YL6Xs*sGSfPbgdH?j1A0E{a;gV3L}NZKSV$y@8&_ja8jL zXss0ZAF_4Lj8B7MlEiF$ORh-toya7_IM&9hJYCcMG`xf5@o5qJ%nRSfQ(_9j5yD-wE06n zC)#gC9xCv|7W8HbgWz-jpjWa&0{mXjiFc!0cF)gGz1@_zw^!(V`Ej6>({ zsZC5a0ymCm9e4Y zNlVIn9wyo!9yMjru`!)msngSfznYU^-&r{HYjsyxL*pW2ixZj0gi1Mg!S(`cDoY-< z;U3dtOb7EFh8=a!Po!NGa@5M7c@KxfIH+y*bk{Z$MD{JzV~}8f(Jy%tO&f+C9cc79 zgp{m|_CY@V)WRjefTnG>IB>0T;RlC;$n^;N`XbDP3_4_43IKHq%0*^Y@#wJ3*aNOG za%ug+cDup;w`z$_-giVc((0t%J`Xc;IZ*pd=%O*XUMts`zB>$NX0n4rh__P+N+jZB zK|m+Qtci)HK#_E$anXZQsk>c1-_BxfCpg9V^UlG_Q4=D5)X;ojf^V%Gaa4-|%0jr7 z+qtrlhB$BTm0QbH5}gT#%nh&48cY_LGNXfO8fbWzQA}#(#eAbhSv!L}tLW}bG-ng3 zvzk^uy;?;n^D==@gq(X4GXV(+(`6<`lejQVyT@xu6l4~iO|(+9u7t_VpHAdJnjaB<+~?73E~K_XjbZQq8hw_shp$9EP+B zaqnW7kX^D;#g;5QMxb>UQBqwQ>keCafJugX`(L>tS-iwfyHHGDa(Huhm;||fV32RC z4DT^QhuO&F83_3`=y+P;rb09k?gw&PG#vf=d^icZjMyq$+;)YjEb+$!w-HB)<$Lhm zC^RPGz}VG{$b>rLK)0o8DzzyrVp@I&y^YjyU`VHniM6vHF!Mg1$IdcF;;E`hz5NQ9 zT!|NZL!2k_`{2Gy&#v6_uEoh<7P(M+^%#DBU=GXlPTvzggN{kA4sp_mCa^eayEs=fbR-UG(QVuo`jq%kL!7A1^jB?W>d73PJ# zkE$>}&(M`2jO!*0xqSRr=j2V?w&=l|Qs{{4SfK;kd=EEHp4;-I>xh(821;&5O5Pmi z4Cxr=lgnSlx!j!K!}m3L3!XdXy{)bDMK5SOmmWQVRYz@C@$MeXChS@W zI+2DrE+D{~aC~x%XfzXrvwZd1x4mi1*E|omwOpL~fl%e7f4yKIiKl$1d%|Z2Gx+|} zesG9LnMz@!@89%+Ul7@-H$&=bx<7_01BjVmK|~4Q@cq(>&7kY*?fln8c{Si|-)*aO*ziBY9WBx<}s)bp|ox=;cw*vb+w zTEXwSB!SK%XQK4--tI;$2_iU-uA#u{3@f1+um@N9vD@7(1|baK%|`TgwGQdh>(~BV z%K(T{BpTM$vzf8yiAWnl*);s&k|rjdBXJe$agSN9#4pZ@%8BfC7#S zU2g#kYssqp_vs-ZE;^2l7K|q|xy!`6nfe zsfRUkU7FU*nKu(`ys&*W89&ezBHB)G9vUn}C+QL@`8i5BW~-LtR#}Pj+Z_&AkwZGJ zE9-o`>lJsH=yr8i`6kaVdhtpnUOn2PK}#j%yFShiU&L}?ZM|?)Xtrue?2#kq(W~=< zh=@ap{N1wtSj=sg`7%sr7s*=CI?~8%TZj>EJ>x2{pJX`w*eIRvj=T10vDbE1XbV~C z(a)u&NFyLA6Z#=XeGCD~tCeXOc|kW4zu2$%Nzt>E@duqWV~~{g?izIm75PeCPj{?z z{CiEf!rI3^a_1BA+;`1H|jBkq9C39YIYfssfeT=Z%w@MQet}#6R$&& z@YrS`jEJP?F4vtxVK)SL&l8iSBjdDm^IKJcF+&rr#_)&rNCSWU<#Anw0}sr5OfA@S zn##X#dy@h5kOb0bY>mCTx!3CKFDS{&%Oospl>R|FOJ&(j#7Gj3y>BfIHn4^Fkm4R> z{oV`ktfBElfwAy5%6NZkQnp^BgprCD1aN|RBak(ODk6@K4x1?0B-u-^@gMC>VrNH2 z8X9jw9C0IkAGdhWezEF4uU}if(PoTAga2WO&Z_@j%XwJPccVd=WAAWi>^2=SwkRZ5 z+H)U?)*``D?bk+Q;)f7jZTv#JSCzMq{5YcRchbtNcPI939)@WxyV2cjDoZKj5izsk z@{~r@JDj>bYkalmrKprsS^Mdmv;Hbf+;aSHC`1qy+jNMwu?id0<{S)1j@(gQ1Bu^o zW86L+T~3>HY>b&|InpNE9UDO~Z9#{uIM~5x*@!m^<^2%1T8>*We~fmP0~?e)gfEPs z&pXp^XUjb&^gl0M<)8uYD*|*s_(cJ_Vv^|<0^F4>$uH@jy9VDgjT5EO=Mh6CxGK`OoCIxo(MGS+j3E)Nw z7z;;+-`d8@$Jhi3o~>fItliw;!*-{(tHQ%ydRZZcT}|@M6jw#OKk_YC95z?4&oYhe zYb(G!c@}yZ`g9W9kJizE2)b~?4WF;n0>Tc6;fFO$!t9h4^(mO+lmV~zS;4(-!-l(P zsnM{5`8p;{ifYh4j9D~ygV zWl}0~kd{2N0|y-^SroLk;qb4NIhA*R_{B+d0?u{S+XQ~Nxfz$cFM+d8;LEGBKYs6q zB8)Jj>@B*-W*;{oxV)0_aU;abxYO;yu`|LO?3K>)CzK5H%C}zopC2yT#+LOy%R86j z|DsdrIg+^3?F`$Q%#=QK;TYZWcUg3(;B}*MXVErpIk<^6|LiFDY?VEBw@SxuxFCO9 zx}I!SKUI3R^iy`g;{Nj;)12rc^=TZF7*B0Z*Lkh8WMpCMPlBZ8PYGWMEN&>{I{9?p zI1E=3>of52tMudPr164s>XS8;C-0rP&?C=K#+R7^*Hq@Z-eA&Qr8bRY^3#F|Lam`|)rG{9FWC0a zqy$Q!h>}>SB=CNDWuo|8-!hZ6WudF6iMA| zJ+h7aW;0T~S+SSzby@zTk~iw?_b27>Q|eok<^#FCeup=OohT!vYE56%T)0M<8L+u7 zDK)U6dq;JY#Jk4y+V`i71)ogV36p8t@98pMuqxq@i+pb{e`c=6^4-?FEpeTZ&QaJqJ}JD_PRxgZi3N$yXwr z>~5X&c|(iff~jzBuZ4|SLfB(lT{=rCpGnEn=fc07`N7}bimL8@pv!mRM{3}fQIC{s zW?`WWa>OxXxk~AA0|^W3WeOeEmgw5-lAD)t$G$Y6o2dw!g~hXq+;Q$-$||2EOLv>x z{`x!~%lo9cAab4TOz&)-kRH#_WWiv@Wfx~h9`z|&iarLWQ^sxKJcN_9anWZh-BiZp zv`WRwhtfCIO^Y1wv>G`R1*I7;jriA&9}cVL?(fnzUoKKe2qgO2R>HQh`7WH%BUl(a zpH(PhJ$#x~QiK_muPp-aZO-i0f=W=)Dd*g#h1jC%tHnW7Peis zwx1QzWMx2~Zo2uEB7cAXZzpToiG!P?d_}N{q{^RO)A7`XlSW;zxP9N9UbFKoYj}OvWv%h(7WLyu42{j#aol z&vnH6;aa~R!JeFmpWm(H*PH{rZN~EVZy&GHCKk1RJ*DX|s?S2&2;R{xCK2$r9FbdPu*=vS|u~ z4J$ruqU8%aH!GP^S!hjUP*xjvBXLUCT+Yn+MRjjY;IiHnXH&?qM-!~7iUeEsu=Yr< z-m99ySdVGs9DjVtl@yT3HC z{7~iI$ z*hl@%Tkoy6?YxwX8?Wq+`_S|5^Xr_|+ay$Vyud^4(=CMZI%SFx8O}Z#_~UFypx*`G z?FsX4JOR7n3(NZIb`HRTpxP!>R$7c zHJVcAI}Vid#u_9>Cn)mrE>A7{P48oHI&?2t`i49r2@Cpak)Ep;tSve| z-f7qUkyW{tz-+&OmydDUZky(K*PBgB(eObqE4>qvayiw75lIpj=z@jVVrfQCJQ@9V5M>T3>@Bi>r47r zO@rU~6xnBYQEExQq_a_$ql^TvonC49)h2c@Ulwj(@zBZcZaOirPhYjWB`1z{I^Y{u z?u&_{fW0lAZqo7H4j&9}^VAe({J2>)pfh=iW^s&AYD+xO<(A?j9f6l$7_6x3S6XfR z#OGAI++GqmW&5d7jkncz#!IqZzkc?4(QB$xwb@8m!11mI@(4a0u`LdjK;vr7Dscg`-S#f`6`hnPT9V${y^Z?ZKt-ba2PvOFQEke74%X=`0P(w3g)sr`pUqMMr+NUv?TV;;?o z5E453rnQiD4?J~JWWgBKZB2b%I1&5(b;TtKhf5j0Z{)=TeR$rsC*RfVB#h>Hf=!N} zWDGc+&qcD8`W3|=d9&@r&5!iTGXB1@Eqb<0b6o^=REk*-#{JLs7gJVgGpshg$yu2r zePc>+CGj^pCz@A1`{VLAV+&4SLrjjpwMdksyQXyF|NVyGQ&B!bLY0T3GT=1 zGdAD-bkjRj@$-)hi-N}~!~5x(di zxD3Cy>4v(wtUrNQe9%g?;4+=M@IF0eYM}2>SD;Ylm5R;FnK(8_R?_XdFt^l0Lkh|A zz##9TC-tEn{hGCGvk!Gn|1kT!d1X=bcqV^md{*EEYUZhvGF11=>CJ3L)E{aJeS4hk z6sl5FCOT2Qa4lKBinS!f2YthCS=l<%xslUlLFMhjz2ZuPTbjak>&1-1DYUOkD84QS zzqwGlc*(`~(yKcWj%TIDBgS-Bop!Z4D=rFoU3Ng7*wv0oOoBNr`J5cmJ-p86p!}td z?AhnN!~^oTw*IyH^%IQ~wq2^jqHf))mlz^zql^0cgNPWJ-cxEIPVw{@91e1YNeSYzZE-Dyab1Tsa&~1F(qI%R5zRO(AKu4)t6g6d#Y+{ z@!~32ui#xA+hkV;v$*67?MmJL+jE0OGfmuA_4b|mKi|)J>{J{Z@%gqHRh(e6;}s#* zU6E|7EHlO3qm6l^{l)S7s@0=T=luhwRaaNxpL~w%eR&fd;AoL0A`rJ|GWBGjugasi zO*Y}RMQ)hKU>B;O@TA+Q`{i&pByOnKS57p$Y9zs{?#0Q^&+o|v??QpR8ylm_{dwJ{K!^@N`vjY5TgEGsb?P)=?_8*dx)^IVOZZ%DR zcxZvULgxwKf4m7L{dOn~wdF|jWlbgtQ-J3~d?-=bN_F!8vh$wQ4^1J5J zpn_n*J?-YLx{YO{By2^KPk0rbd5?`Pju$=>msh;*k-5@vRs7(BNaeXSO{t}FzKo2W zi?f#_QkK25Mtz0ZHD9hvriKi=NMm&(ocze-d>Uo)Pday-jHy^`vb@S*>0vtRJ6SZs zo2z=l*;CI>(*Xp)@mRHMFNR6N(bx8$RqAzc-z%6O>VCCBv(iTQcwF~3N;_Tpl$k5s z#zmian3qt*>r%oA{Y}b<{-*x&-WoDoIA2|S;7$JJn2`Ev&j@4x=9xN= zV%q{_IV3c;((3l59@`e|-KBn{QPhI%x_vT{Nc)gld#~vEEo-*E4-Px-ckdh$DT|)h zdL4&bm9u(T+*O%7%RRl);k+`e$!xbuBck$Ku1wQ-OGCRLrKcQvDsc-d!WXv&*DBAUDgQ@$EwShKlYQ(@I3+DVlXG8}U@A?Jk? zx84NNoXBv=WRJy|O28(iNA4Tth3G+S%;9zR>tyjq3a$2bsD)>rrjCQh8mfMK#eQ9? zs-ZHfT(7hI^OWIc+ovf5sjaX54a*_*WXx=T~GrY_yQJ}0o9x3DX3Gj(N? zk0&_^UYnG6hOVBi?s)PU$(x41C23eiQA$t0v%6HKL(=Rlk)Kxw&uEtz`_S>m`!?5! zOFUBg-Bf<{uLv$6#FtuOpWnO>Xsvr8^I4abTI8Io(VE7Pz-wC4Yi|iBiy!*Y?+n2r zxu~y})U97BJtJwa*Q30%#BnixhP-(>3m*4|LB`23`1JcPmq*m=vTsbxUr)3OT)1pb zNF*P7CV;p0fbHql0oTQ+DwLRL(~I||Oy4bvGE%F5ssA!+iwnEZOWjwea9N40*|2fB zul9AlZSg&QZ^`DW<9E2i$!Q4fd1}UkZJSN63}1G2dUo!&hscZYHN#leyK?gi3WOJ* z^EqFw(j*8dmJq!8@!j*7miFrkvGO<-!UD^Z{X3TY?6V&fxo-Rrfk{skyrV+iOdX3)qsp=g&Jw2;?NW5bvyeP!bc20_wp~HXR zR#NL{-8Ta)Z#f#Zj`0S+4yL)Nm!4(uLuvcd0}yN~&icdkIs|s~gsH_N+{{uNg38sX zHM!gEM0?j)r=F{pos*q;)4$=hG;qt2B)<^#RsP}!Crd)!^Dix)5UjF)oAbHH_UL5o zduht_z%zcuGP)0JPOo0u`q*9@eB<*TjJoyRc2a%Hp-%7RI$=wV%$JocpRw=goy@4u zM{L_v9J;i*b^Nii5 z<3n%q2SxHO!#6iH~uzab-tzGKJMxcr7f+w255yd7|+Cjc<$bMKeve>`&|6icdwdOuPMM zPl*M8ZH{_ztgo8G!oTN3QR2NXDfYAeJ0D9`zgcpji%y@pSS!&Se%tOh>9~)>hlAhZ zg?|$oEbVZr%x*e;+Phu;V$9J_a$(3m*8YES^$y&Tc0s#vY}>YN+nLy!B$G^xiEU$I zI}=+S+qP}nI{m!wIqO^N+drW1eRucXRdt~XAA2?+yh z%!3oBXo{57sgg=j!t85=e5O#kf6-!%1C=G4pZap7OE4*wzb$UP`+DLpc{5jfss*~J z&T746tjkknqr9~qTc-JHTa{p4UG-+E=-M^+cDOOGu+bYy_SEbsKZV4A#Oy3tBoUVa z#MR$3c3fZ-!6aWK=DL#0N= z&euC7YB0Noh7<8ti}F=wL_|VfUn&K+=G+`XDz#E@vAjVIJ`qxhk}QFak%Z);Z|39_ zR=`sRXSJ}fqnM%dao=T2f1+~VIP>y__V3>_Wr-i%u8jIF$%+rwaV~_w%>b95Bqqpz z)xSOnfx}w>w@idrHPOE=hQ!t+W43XMcFgzPo-h%$!^3eNaN2c~gNm`1R~t@(F@IrU z$#jtVlyfy*TI7|>hNyMrws}jlpP}raoG6d!6L&Y8Z{454V#jPNYL}OCIPbOZu-{ju zl?gWYO)ksa#eFBs-s@8K{$AY)(C5kmmB!%g9Zy06-%<6S*NP#4cjM*rnSxNI{xCKW z!Hw@og$wmQc4x}WH$OwLDUo|<17!}^!EV3Q2r{EC!-hLLlj+|leqd-}fA7h1jK_I-XS^ukK6 ztU$G%ehcJLSL_*7rPHixApjzcAKLCs+v6@q1DfQBXyyK&y%^9l`)<`FMAd54e$L)| z%T6!K87^}@K~|{u!17?8zHdu6fxlj@TH!j01$v{XUCz(kSf}l3(}DfI7zVs#&MH{bF!^lDPLLy58N$b zP@k#(5Q!LhD{iLVxuq&wol`f4nfVn%!C2FU_5bQl$-wmQ-8a@aEuyVU;$EjTA2JV|gBne{bRkhX%`<$~irIGj;}idb4C2k7?`kCua;iK1WI3^h41m_R`pOJEEf4thS6Y1V+Gh zMpK$&%5`tk!ajqEqbFhat;O7&vbE-7q{^=rijk6PSGUZnUIjX}rj$7CT2cw9!X$?3 zjTuCZQXo=!AQe{lXC>bBilsH+&cQPTj)-JtS|wVB$Nf999Yl~K%o0MlW)9qT9lu8{ zl$E%SAuH-E{CispCwL)5PIj84fU~Hvq!En@S8qJU_Hw1nlSU=B5su=xhlteJh*=nJ z+rYSdYZjYzFHPO+zeN+t{2)cc6cX5Qvv2ic)dXWUNd*HNx?=q5IUpGxRpVkaS`_wB zcryj2-GR>rPbm=#mu$u$iX~b$dY4UGli=#uEKfD^WzIZe|$OnMVaTWF-u6P#e2Z^=& zQZg!2IU2D;Ssom108_4D3F#;RJH5Pwi-!kW@AprXIt|T8z11?co0okuFb3w-HcASa zEOQPy)xbGbRL7!!V{au&y;00`ZbenorjuE;Vkztv5*;W641LjQIH*(^3Uj&1Nh6N} zE^-@_PZt5$hA6v*st=xyKdm>kv(C0Wq$MywLCMUJkW<}jRmd|@itAMg!U_u{L^3kz zuc0AD8-A%OS@8XdpSFfil$9tH{-glg?h~U`_U_P!Z_t6rE-qFDqOiQm!?C>;HIaq6 zXekT<%Z7W^Nx*d(l(TZ!Pgj*@)V2EC<+tXu%F1z~N-J7>lDVhnNo^pYz$b}P0bRpOV>_Hv5kZk zJi3ySl7pC2KI>~u32FO3cY8o(XXZLuA3nEen1J)k5+$(NE#8jnh&&*^?uif2EiC#u zmu2RXTb+~bp`E&$=St!zKpjIkL+8&4bFp!@ z#BL{lZpP@H43U>f0vtWt!o7|s6ZhN1|2NWVvAWFJlP;irgWYl8K3R2U%=h3!;OZN)Cu_t!9kz;ZGoJX?!wH^enqa0d z#fxaVoMu@YWb`?f?m5qn|Et?~e+(RX2XlU@MFjtDOCU918k z9U~zJx%)cwnrn?9RgOM?dEVi|z_L(8#{F6TW|D9C83;1AONnlqjk5SvLp&AtRzAj} zhaTGoRpk0h66Z;+(_vF`M#yV2h2m#H4b>1+eA-+uq2N*_(rXc8geg?$X+#{h>%A0j z_$B=y2BM+MC8#Idd{@k#(Tq8=(V>;*V`tYfYiF5mH7*#dmYnsU+hJnQSZt>?r37<# zgS>~Smrl$O?w)94XgxHfFotPh&)R!cv5LE~yAC?YuflwCRE1Z3h{Q~(FC$~+;5YZo z4*iok$g?Ppu;J+0oI|llsh$R___`bku$}Eny?LA4~4sJtDosr{qJZk34XjUOwOb6KmTU_G?_? zFZ9);Zz<%x@z{IpHD^>%yHwxG)eMIe)mrWd>ht!i-)aIn!D#Rja$kB)0F}^^%6})r ztK|C1$Ml9zbUhv{o5=0Y<<&M4Q7%dM_a6BnQS%{>cjJcZH(2X-qb)*Vjk;#n+sQkS zV)66227EmG^~7b`j<>CjnX)S{Xl`F{JHpKRQVUIS|abUytT_c-z`V}m$Z>S~-b<0;HBqSuX29|*MW*plz=XO4#A{<8&mtt7*P8Qt-?RfV@uHoC zapyp#{-C;ThNDE-B4sCg?LH+sRO4_FCOc!{gOWq3RlqVwV}aiEs;{_;Rf`&y4Zs*= zjyDtmU~pSx!UO*~GM$yY7{_N)U7BujjWGVDz^X!LIL>Ep{LOILm4|_p6B08_A*Bsa zOQ_Eo({N`%$2ja|rr(W9Mx%#-5;;C%X@f_&A~_aj5jksr=cwFZwxuY+NxAxK)rA3j z*$!?vAn6HCAV~lI>PlE-Hs0CjgZ9Uc?sCgGDJ|bxUIN4>C1SWiv%iMFNKrCGY+BPn z$L;rWOrdCDNIe|tCy_!bS84{bqG`U7R}VI56{I4F1V=($_~dZWX7*^%eCtdl-12QT zD%~9g7Y$QO_~qY~D;psKr4U!bjig}&%;LFbc*b?ExS%IRP+|#YQj-}!nvPA(Kgsba zV9e9WjvX^3rxw2y0%534l#Km9412QO6-{M(+LZ>5LNI4)7!mA{1$E`tm#q%*E_rCD zzhcd0jXIAxyqnSZnu4!7H?#PGd}e%)2#%0G)j&|VVD}dukx!$^xCXwuW@OL5JQ0G8 zy?v7hOB^{|C2vtHbS22!9_YcGX)_qbY2fACM6me zKQYt0ZUU2fZLo%oE8PFdqNCaa&|M z&o*Q(IQ#nSTrMsE)2vBpZu%LLw7u5M=bB_*h^myE;!|V9>;eSk+dkj7=Y~2|upd1> zU49dj^sP!0{dI+%X=?&#^BX>PMHa3lKb?){fSJur_4t{&0T`x7czuneOCRg4f(cI-0fa>jk?kQUS+Sd5!6&PYX})`g{fUh70z? zCH-@U^D%|!aHWouawD5Pk-ksU0EV2ba%wlZG%z-YAp=Q)yx(eNQCnJeM#S}7I#QIqAX8yM2^tz2URU%*2gKTKF zz1rks8UKtA50F23aGy9jX*uWcW`QU2`k{kc)wgj#RlAQF-d*&@2hJSgw*kv7aIKx2 z>K77bKfDjV`&J!iq)NM|LeIEQ`siHF+t1O|A*JANQ6m0|n!d7Do#L0}>rSt~g!oSp zMBhv(287BrAR^KDOg?t+65BVxO%S07M{UQq1T+cA_GP6yrdh_r`~k1-hMoF=^vS^l zZDdBWnewg|`w|j_-AYqxf`0!T>O=Pn1C1LqQ=#|CZTS3td%T$lQg=qb;D`FUb;Efm zEu?une7%t;g!NCoOz!Rts6EJKd6FwvJUWHl@Zk4;qg2Q=_wpMQqTvB?+&uqhBcuig zp5vBf%-4)x>4|E&3$WtexvSU}KHhm-woPac*!6kEV}S(-Z{G_~^)-SgzTqfq;){e5>y&+)}K7%b7N_uzb|{d&i>9fEY(7s5jv zg`0+X!DCx%`terlgO=&{oV-NOzL(gxi8?+$h-E4QGh*QIka$#>Z8y2!3dFX>&K9IL zbfKX$#<%Nls>i|6!6I;$E3340sGwZTy5qB;1sqPM+iO74))4ENqm2|$eAEMB?s4Z` zkf(1qIlDVk$GiB`elO$Yn14F$5#!LRAFq>m}_R23m zK^azPVTGPbdQ{IH!QiyD_*>Kjbor1lLG=aNBK7bIMwbSkN0MGM z9ANg$a6*c02-LM7Czrcc%rZP zARCs#M_B5}n~uP2xW=2_tOyB&=&RfJz4|7}B`(l#8O1CUWyi4hg5GoY1M*67ux$N> zpTb|bMZmK&`WnY~>q$|zA^OCNF3)3FD#5Bpg3Zq<>PC#HZJ)L5hvziHWzND7@AL#{ zL?DKc6@#w?^HeJJm8+x%CO_p()cs!G+_XE?x`M2cMdM;v1W^Mw2lcQb=}l&p9G8{G zQ-l3lV*N>dNZ1V5I!76f+am@emWskY{%HHD2N&lDIOTpEn_137{_K;~M&hzKVa42& z()Pw0dz`5v=X~F?A|XTYq?QMZ-IJ5G^5Q`ZO={b+C`O9SjV~h9t)jSvK}_Pq*6N!= zcku9oaUuobI?Ja~3;y;jd{7kBiwa*&ZLUQ0Uvc+Pfn?TRD1x14?EuN4yzl#!VQs!$x$R-u62zSR|Fn$?zN0}MRf+Xx7UN!--16(VT$Nwv^Mj)VJzJl=0{Rl_O`?Aqs|;{sxU|e-qy~)T);IPB z$u2lEC1)P`;GL?`(IkrOTvnFOO=d{aIAqs!J=?Od{|kA_D^X&Po~Vx1M$CT9e>AHS zx*Z*BO{HCqACU+pCf+{o9fk>GBWMl1QLj4G(4t@Z>#&&qV0=SC$$k7;)L4vTcV|(^ zrh8s<+?N2rISIc$sJZ{x^)}B&`ZWP;iI28EnMo}x#6&eVzWXneVB70X*8RNd?ELAJ z+-?jAj7$rf$zEh;(6L@6P>#j5J5dVU27eHvfo=QhbrR71&%y?4O5;`pq6CtM9c5r} zgE5zJuMVp|4)@f}aqlfb$@V*~&r7{kxocSHg(k<)>geNqGZ?PjOo{!K9X!M|8io%u z#ypQX*0oq%@$ZUwyV;EBXx1JDe&=5- zwscH`-AE99$Mfb1vB}%6?M8$W7%JwqjL+8a&W8P_OZQ8klHMA?76#Dv0s-%`STV+( z_@MU-by#kAZpfnh#zFJVeixt*Ov}}rDIe%Vh9U2+d4FMZmU&?Z{kBwF4(~!%yCZ|L zlMSm(7T?t~jn72DCVccZQYsHH`q^{6R{jxOeU9B$ZGXdR83YY?xs4pw?sE=5|M~zi zYtuK7JnYNk+C$s9n$Fv>W6Pzls{|)yd8c%=Z>oPIDZ0L?dU08N=2Z9jK=d*>Hy13A zve8eV09)0~<-rE-7c!#r2Jimkk`Kq2`}d7I7Sa1zXsmq3U~jpbgWnX`?taO@=y3X! zqRB14I{NC0{rj%k-h?S-H--~Zu2FjD?TWj*FVvz0*V7*&xZLf-m#t|%gPL`egG*h~r-kl==RnpTAmsj%e!BxsbLz@s zSL*vdx#;M8<3MR3?`2n-;rb=a}(;4@&>KRIE0`(kvcNZp=j+5F{* z)f{gG$L{y||Gj5-qmK5&5W!ZD9jXUrs!^*Bib1;;q{ZhQuDvO$Q3C+PTo zmK510bvT4L*+gDz4wZscH4+m=2Ls)`Gt9MfScj3ZW5~qT>e*7uqjy}Zfh~`e*wD_$ z=HA-P-kr;tDWH@XkZa{MslUF#K_zpufd+@_O{+s$PB^O`{6)hQu-zPaZ|{*z5!~iS zpzoZ{^KWQK+&K7xpGI|Tvygs+2UN-}DEx=VR>LXHhYJJ^f4B9af=W6?D-cKOehkvG zPjH=UC2zE35)1vOSlq>l6@j03!oaXeDOzkxjF@kP1PpAWs$z;RI2QI+BG`1ip3f z=ADV>Z|JfG8xUc@5z3~ouB+LASvG*(Y!f}lN^wqun9Kl*aPvTeh}fJ54p+_4dannB zW@^GJiLG9{Ec=RlBnC&H4EX!~^I87z1atlyn!fK7rwDK|mEX{+4*IkhC|h3SWvmFk z9A^A^NCGG-=Aj*y9I^1r_IHK^5Hyr7^zP0(DT(gQ8QPMp#8FYAMO%g}H znBsR3@lP)KRdO=3xo=FZaBXrS!vXK!UNSKSg(Tmv{IH!AJsYxac8et5lBMA~1*(@5 z^2~i5F))D}e~Q5KIms-A{{BNA6B9CT+ik-En(Gd7yWhVWc=my$X1GD}4}FH}25O~n z|360xfH@~4n^o1=^~N%umfs&Vpv9vU$4~z<4+vbY7>*e@)Pn^?MaiUW*EJ;?YC5UJ zR2p;$K98m_O-lHWCQ#i>5@pZ6r~Sq_?bkKCq%}dUe#GlXO=U|$aQJp~*kc~8!53|s za7D4u(8yH3Dsrz@djJ_-9Wil9n8mKnaPzBr{Ba&PrRsd@vj(BBiK%QSBo4ga^J@RX zjfL3eT#*`ed5>>zXR5Pdl7L0+p6dSuAO?LJpQhvs8`%utfDf+SlaN??(Q5XFUlH>a zm<_o9l%I1=H@#~1@2yQf7fbHG|-I zj|Z6%f#Sif|7x%8BGUXD51Rct_|k~fm6B+sRecb2sTxM~8-3?~U zo3p0aalfTo3BAFSLEg0-BVuqeOdEUz`CJDDn42%Qyq?FisFV>1etOgP2-6reKID-1 zODIGa&zEK9t7R>fTj(=BCQ|t<#mWt?i74$QIi3!m!hOBmN>#%ezVmmyQlYQ#ExWti zg3%1$fhKT*ROR9}omu3)gcduHj@H}YNScLo=Bq(39dY9|^H}@rIO{s@zMx$n$Xm1? zTeX4Yk+C;&7qx#GHw)9Ty+}Xf`w@i$QtgRo)X56=f1G~t(to4f+~*_b|M|7oEo)!YK@Zj=f>t|>UKhmuiPPly*Y~6 z(z*}DOI=C%q-82=ag6r-4~o3CnD|vX7gUW_TH7(kSfiQ;qi{^JPc!iaE~G~a*5?mm znG3;<92R^8z(~fzjB?I|H0d8VR^v`c;l9_S6(y%i2NYw0iIEE6Egx^f zNUql2ftX=LhP!A}r!5fwL@)ETWjsVe2wY;6j9(|4BI}|JjR_Og8vo3nMbMBsS;rzG zKqh1ksHNdHuOK~4uH9!Lm`t)pL4){Q>q!ztSw?{QQ}-7N3@l#*9$<&_M@IdhOVwO& zglX+(FbunC-|m_3-V6a=%=y#L-}Hohy=m1b#I)0^O2?56RV~52QVoq|T);lG<0dyE zQSwz4o;oa~$9-=fN`EQHVX$O@-InKEfPAcYIY)TMXGhda%qMWzuB8+27AT1dfEO5KQOnGUjy z81T#X?}0$hTh-P~S48-r3zSESj{9GQ9xW9WIdu$yPmT?Tpl~>#f+S-q6FN?q32dyU zJ5;R%59nV)$Dpul(lVg@DXYw3OIHw|k`nxooLp-W2dLqCsC&A?WDQ?s7;Zg4Lsc1Q zmv1&FyL~ejn8Z$H z6U|mFlbWxlbd*Zaj{#$HsDV$H^y_r3N6*{L%e{0%Il@LdK49RI6t3fpv3smq0|Vjv zCfaEXsVRMS$PsV&1wvnP#o4SuQu`;`7qI88|J_fwLv^OHVp8!!JZ!27u$2bqp6&1f zv}zsjPE`!rJAjXhxCpEBGwmoW**ye$)8R<`8Zk1D1aT zp6lvvZimNOzTd2e%_|CPm_KgAD1w1c0It>_Dv&+@CELCVd00ZN;B3DB@7IzlR9Dj% z0~ET5`Xx8eG(Ct)iAbqe8eNys^hq^dI&Q;<2*`=}|K-q9fW-Cdc0UjgMAam`*`e34 zhRn)U=x3fbI#(Mw!cZFFDbsx)rVQ{)w7~#rSn@U=CL>?i_yea!D}?I%F-%GE!JA5pX~q#WOq>9WfTiy(+8Sz7T|;!Tx`f;J;H!u|v4+c-0JDKV4w! z6ZS9A%<}X1(fsw8HJZ0zN><1Oa6;o8I;+`%T10(rl;qgy8P!E2h%}^aHKKV?(AQ8F!Z&>L1xN3+%n{K7P6oA0_!KLnu@NP{4=1}Ucphenm@Hp)iJ-p;tk_) zxK%zzzT8n|fO27*N6IG_n47+^Ye4ZNA$8k^ah@MGd4gAJLq}=$YQgWW+V50<_jF_T zesOqI&lcluaAOT21&d%`5&jZPGVj|`r=i1cS?j&bmxu4*8-s=t-%oK;hJ{57xErI6XINq1+=BgO1Y%n)8&L?MQybB+O&f6U#&=e9tctG}EJ<0= z3i>5WEjUJbE1Z=0taO-{>J2?GZDa!ssQt;TyzS^*9C#p=%%WKM_z*7lyc_Fa%>17@VTHuA7-?TwG}Er`(f)7$M<6&yN>ge0& z6(pb06vkXQgS{>G{3r7|XL++CqPQ2lusm^@>G=f^NEVSK{1h;2)VjV#G=Q8(N$uJJ z`%S&wIhRc$TYnxlYVKxUHEb;zGKlD$77dlw70XS$93QM452+0UQ&ULbPiZNZdc%6 zv9~w&=WYTTP*i@;^&}w~QQB&6bhysJK}x!pu-?&H|JV=I>Eqin)r5r9jw!NjcY2w8 z`@RZuX;$aYSqr(>hF^e=jhk!>nXgMqM!?9P0&}{hBN=NJp2+m9-{EgB^qQ>cs|-_F zQP^IFM*rynw9wE<*wwChrz&+JO^0NNKNi%SnA_srUrY|qr6hYxRhrEkR=IDT4G7QI z?Fmzje05$OK@7bn9bfOKeb&F?guV5?#eOaU_2*@3KI^`F62lZUa{JEo%lhPC*8in? zK;<^B21w<9Qtn|K1r}Q@2m@F*0a)IxU@|K0pVUs5Yhbxl;ckv->7Gu6b=0hQVisSlBMYG+H&nAbKqcZk`mu?L?I!6!jCrc(>*ZWE(qeD^piZI+g z8Q{&5F;Jmz?v*d{10LgJqXau*S6=Gs7dO02pjiAq%bs)!^&lc@uSB}MNdbFah6ay5 zh#JIx2c-ONTn)Hulm0bbz4pNfa?xqsF`FbG^QLXl7X$#(MvTjKuc8#eYodX8tI;k*)nhx9xujY6jwi4^c) zV%mFm;c;;HkF=Y7s&?>g@NN(Lydpx+4F0Y+ZWa^u`F~pxin5C8cx+>mMeF^g2rPNOqvg+>2@1D{eyOW}WU&!et{^LaLm>N5)`WEjOLqtO`9jxx zff-e&6e02s#-mU^pBz^Q;8Tf2YvxRslv$w>3&ss?FqV0~;e-F@jk*g7 zEd$IQf-buO>5=jsb=Xz9IA)YB3gLxhNlJzV)rihoxdqd%++We%H$6`Jon-#)>Fp%P zwA|Y@A8*}?3}H#ihd~G5nU(s7f(B~m9u6>KUWc!l3gX1i-(%Pl&{s3*;^sg> zh4WdHSruJd+T|$cB}&!ki#1KKp=1%sS$DNWipc<~tHTlg`kKAN($F|!MCNm{*SWQEDqNj41_r(0D`0zsCSh{K!*Cbj=uFCi~qIZE7(+f!? zN5|N8T2k6kDo>X5fvU$D(&=^Wh`6v!d#vMK_>gdzZOC!)&=F1u)NW$IGtW-NOdGJ5 zc$C*z9E35$)>bak=2e8j!5=ESoi?njv3r#E5K!SDLT&#~3&6*x;Q5xrCE@dtOkZ8w z6fmKH>g)4X7JjdxuC8vC$m_f_0K0ruKR9^vwC>d1y$3fkQu=+j2w`-kM#5Smc)rB> zQMXiC_gORhg0&p5fv&eA7{%+M`r4eT|FgZsFq%Q{2;hBQ1w5^9=Y*-L%vxQS!e6`Z zx4=&at`9`zSFQh^q<#ic1%>oA{%FA`h>_BNs_#+ycCU$=54>r-z`a{k^a*nO5SEeY z8}euDer^PC%)IQV9!0C(8s&0zT`uz$wrp*RID;<^8@;}or1SilVyip&gM{FN+vW|+ ztOPs-V0A=pD(`7|A2=5Ri0@P3L57a43JA5iHT6e%^_!PM`v8FzXcJx#MG~&Qy3H3L zjXt)F=$cV_I4+@kY`f_TJ(VcJXz5dmK5`IBC+~4quHRLE2-vTmz68Trn|1UksQ_(m z`0_T({GC6VS~ORY=1|`m$BCQyHXkDmCU5L zgoKikv7Q=1YWpGu)Y;C-LCZY`z&*CIV2|7To8-ZTb;y`SR0Y=zbL@KB=sVCf{ciQG zpXE*i;7QBi4eNk)s^icVhwOoS!|L23cr2H6`h8x0ZC(2ILhg&7deDDMj;5A15?TO< zYNEcnX`MU-+n%+b@YID}qGc_;Y-#l4|95>6Bo0n;ZOeZXVt{04_A~bHMv~5u;gS_P zoTF4U0G_b)60|Uq`?>x4h`q|6W2%A0RiZ^YrOw}38`R{bTH?iXQlLB91d8sl_Kk#K z9IY;w8$k+{-9j%oNRwMJv3C+B0k;&)88->Lx6H=l>u);qx`z5FPvm2|xJoO9Hzy9z zl4kX$gE%13t06vM?zU>kOATaW2*A;63tgV-TOR-?A4#9#q%}~H)aEjG| z+sMQNs-!|Zgj2dCe4(`sa^lQ;f{dcx>$w%EaJL1Ltyi;UyDT&eb9^8mfr>86WsKk0 za5I*qT@e(cJn8W3N-|{rkbb>6^DL#{`dj#+E)6`-k|3fBR%2f?C?{D65v+G!WgT!& zIRSTQQKoGEuw!z@!?ZkFbeF|i)|PnCZ7?23@54l=YDh(*R!9SsdSj6TYhg<3IT})- zeU!EgKb?iiC{T1cp{lT-jp*@;x|`aBGC&Le>S7*Ol(!UAn&5M|@3QSz3C zL>QP64i5*iD-F^c{w2y`O4)dA2i361*woraCyVlL5QQqid9<`!EoI}T=?Yw7n*Jj) zne7#-jk+iE(7x}ADdS^1JEA9Ri|@^jj$d9ro2Xb&+5GR#ihnp7e}h9pa~)jP(8G)}N#X z+Y2`get~ApRsv*B4+=Tfm>U*m`v zPO`qG;c=|AOy;S@(*pW`(<9XXO^;NkEjeda<$sm_?YZos)?l$9+IS670AbDC4KX?Z zJxGjG-)16ja2+pKqxq^h@>h}P03!XEih45d$OzuOvy(3lP#Z6-8@G@f>~J}m2oarU z02ZB_z2}=n-O)P(y#v115*~guT2fxnr-dJu^A7?L3w6FPAmpSO--=^^_)%I{{j2x` zPeJ7YK3?+diL$P#*1mgTBoXQo)9eu_$bEM@Iz%ypAQ6RD>XI4`bG#3QvO=$ z05ddzp?`|_QOU(~Opr?RXTPb$c0YsIC`SGx@r_`(w5ASd%)-02l|j5T}HEmP?}U^c8KxL1ab!aYc#Uh8I`#!%@@ zG2L}!m)zk*8@p-{k*j0&-C}6hgL4swG&(2j>H&^sWg`%ttPLT{0)5dWOk*;{%*P_v{we;+?VSmirn1bak`Pf(%auTy6;mQ}vK z#EmlS8QHVy{s5sE)Rq{MgKWctfdz_dc5%tQJHVQAF^=~>f8Y5SddXb1leb5Jbjq_q z3>L_ES3}s63~+>K-l7mtTs|0Qz%1%z9^gm`9u&*Yff`_PL<2Md;=SzB}NacvY+?pUxI8G{T+6$m^nhqosZr{h$VzCbEwj#Vh) z}>El%1n;Hr}@Z345XD8{<5KC^ol7lw*? zIvGDqEGnd$u7oU`ccYRDCN?KY5s-nQB?X)LcnC<*M5->^!da1qU$xe$4Cjwd23e3j zWv-_0e1rr%4!-71ZP%V;KrlOq*%EUI8&QSWkCF{7$5(e?2k0+SbJfiNfL?Di2Ud6a znDjxMV*7k{{U;d$kdc4@i#)?H(IaYCzj2=sFJFy*WtR3LWC)xU<@e~i?55#@16IS#$@m0dR?j@(7o3Q!=nV#~!QB@` z@gPF~DfaQhQcr7p@@+`R9}`<8D4WMt?WDku_ju#W%86j$a+auxS*_LbhLtJ5;0Xe` z>xYGp5in1xi3s7n?lrC0$=6xThQYp0&{AdS@D>qk+WaDneDkPJvaf;4O{vPSG%gxxaH~5k&m#E1P9dKX$DcqNKw{#5>_4m}(3J zc-b(OS0MLo811}emfNeUNk82eSHE?Imd9=HK|8|ovb_D)b_1k5M@0dOpt`jd0Rw-d z$e7B8fx1(?|G-|ig8rR<`3~>eGi%T{zj#vNjhOr?y(9ph6ym|o+5BLJL)le`sM)n()^GlZXT!Ho$MMBl8~MBVs*RfSIZWb1g6w19T&TF%spD21fFvC?@l#57?XPbwp`6%7Y{n*nZCdQaL8RxJ%g6+gjJ$;3}=_P$LXcZH6Dn$&#uDfFiMS zXk>+ug{N|^O*pBb#+rsE`Lb#{K3zMI-@jSBxV-NXJ6`|k|1r`>h{Bc^xsBoWhBt2< zSc{yNOO%cE*s9gO$k(scfPCI>qocdXmn)ooJ}Xy2!UT>dy*#&xU1h-ZZ^tWC$W%Z#L|^6#SOV;}hqUM$p)2REs}n=L zYst|T^N}Nh&=;#?v+OePeAAcxn%}8o-Ze?hQ>+?4ImM0*h$9|yBgzr5JB9W%dbRfA z>of+uSpnWuwONeH$3AK|JyM$9P40}0KlERAm5r}9xhj002?1x6$M2z!!I?^7xcwwm z&?phn50?%m6UlD98<>p3UDl8wM!r2T)`KGrM_fqq?|NRH-2A#eKKJuEg5mc??eL3d z`bTB=w_#?>Pmp8hdFtTG@08Wo?Kj3WpGC>^&pQ+j?VZOTje-WffO(U}-?i41ABSr0 zej(1nOeHAQKA2xGsNOEv(P>Lu=aUA=xGm!(G>B-0J4@^)PdGSPp%irD4&_g`U;2QL z!4%@{>(2y{j}I7sHo9tX(3b_~d`IEJ*^oKgMP^3>W&cOFWHQ1pM@aqWjL+)fE(c-| zSHa=hYn_pkb$6jS4^L1Ne!};UX2I;N?l(#dkzD+u0%Pzf-0EC7Erq0jHL=9Mk%36q zKT>Ri!magu-IwD)ji!t&y9Xpe9_0D%1f-<1GgZnP*faB_38JUK2r6{-^2rdb?oG6q zZ1_M{hj+7yjos}}_>+EB{LuZ|5_TcvsYBmqpF z_jgiD#A=bTg)NlZ92SvL42IaU!f-qu0oc8Y|8?z0!aA%{^g6O?s^+MRIJX zFW%F9JP7g-9wyCn-$|z+6Aw|gcK1vl)a%M%KRnGhe4PPB!E&y+GV0$ryVA#|dB9#` zVuaA#^Rne|tRVBSyQf$PO4d(O5E5mD2=$s}Rpw)t$|+{qsQ!F93l8+SG~w@_Bi6p= zA(T5-N|gIv^T5fs^zruZrk1RiL%i~Uq*dxq>BNr38`~@82fMcr`j-`pz$7L2PkR-$ z*;}F@$Oc72e7PO|aHl|+_NQDw^r>?tJ~$Bng}0z7ennbVWT3@NdIbb`$=Wb&?Wm!8 z%<|@ecYsKI5=G0^rpX2mU>`}ln~09y~a$yi8xeQD1cI) zgj)-2e!ZoCtFzVw-20VM--~e~)BBg%^bz^Jnt@$vM+pG6~s_+i;-S1fTN)mh&~#3O5tiPU?z8;0am) z-DKyo)OnMsm3{4Xy6iCD)TooZ%aeM>FKHfs;=4qZtl6xnr+$oj>6EW)(u%xX-Kw4} z>ww;7T`|^KjcJ2cxG`O#u5~2a4UsxKJYH^z;eMhDX6v<<0s5v8+(O;A?s2okeKTUA zx?0pb3x@Lw;_XSD<)=cwtc9rdbw=>j=}k7_1A`k~glO3<(TaZQ#BkH(lx;0cKIYPm zm`F^7&vZmrCL+de_|$GdAKZ2hPP@2hz`w~0(qSk3L#j~3I%zyLJVUqbfj3lSJ%?*? z_7iPq={T#u8(h`+TusFDoEV>Es>#VJb zHGTJAU5>xPTHv(3=B4ndAj6vSC0)K3L`;K z_2Hqzf|3xGLdFq-iY4+t#5ehZT5(k`2fH5o>#+Z2>Yz-S#ftlGZ445m1NF*6va8;J z3RTowOZxJ}FWY~02iN>YK2ovuL>8;VQ_hy-!22+d?}`WC>STy>858wJ^Ls6k+c@R9~$#~gF- zhWmGo;EJ81mEZq7PsJBv`<3)R#O%-O?LnV~nepGHm0B=Yq9*0%OC;y-Q0d)mIArPI zMc)Xg61V#MhuFfaV{1*piz&y}>85VuU|=gcZJjFrb2g%tqc!H)ycjr%D<&yt=LsdZ zSAjKez^#CREbv=yKlS&8eZ3hIdoNmr$t3D8yr~)fL`xM?dSZ>!dlrT?XPhoNd503rAU7zSsbyx;xyp1phb-2I0GobG_+rY0G zN3`4T>-tsA;=UZqCe4THiUt&IXC0s!TO7odP3hj#U}lBxbFx-e!+)nE5i5Qw`) z0r298Iz5f%W;`a(+_i?1&^e#4Lnkndp^)?OmvFi59rx9h$@%Ad8h-60&R70N^BeB% zn|A1v9M>RJ!<`%IPuEb3+r-S}3U5i8^rCNlUTT`&?xw-vF}r$tmO=^Zc-VJL1xt~- z+CL!{Pk}8J|2j$6eUU!t7gG7_nvC&@@*dM=WAnsJII2)-Vm&Hj8f1`?FsdVhUR z(&+Sgq>Wa_$?0*0FM}>q@la*`WlPk^&s&97E zI#<&|pJSY;NB8qpu_x%Gc~k2saXHjuV01J(h{Mm3ReuIO$SZ^2MaDUU*DqpxUfb0F^Kre_~5d8rb`OcT*ZEqZ0r3qR00zf|KTwD1uN$5lwRu zvhWG}h(9(PTM}2D5!Zx;U6FS!3Wuka@wl5##l>VSX^FVdb?9RS-QtH8C63=qriNd* zBgf;53){Z4%xX+Bkkpr}sWtMTbgfvaUYS)eE%Rf4R4P{5n}T|d@Snqk*59*|QS-wW z=Z@kHmLv79L=_#%Cm3vkt4Awsu2|zC+8{3QdzDy?^xtuPL18@44mWC?cZ-?z4QH=I zKorI=IlnlIYIvR-gZE*$rp7HV>J1oMVw5#_-_sKN2uAi=5V23&lSNQ))_GFw%f26) zw0*HhKp4BeBl=qFSlsO4I(h>t(sL9Lu2i)Te>`eh|fzZ_s=uZ!O;1sOBq{ zUJPDB;I5lysNNQ6+`+JSTESkT?Y_RAbSR8r_>7qHzC`ZiKJvo7xrKq;zu7k4;{Y2B z3+lYyojtQwQl`=kuYozHRa6m=j?&?o$kc~*-y9)5X+!}H`kR-RubcFck_u|M?4byX zj;R;O_;x}}V|~|IjAK}H+MSc52<*V%w{IeEZ|srLWw}w6H7TLRErx4XN4-Z!)Vw8F z&%-lMzTjoid|9*e&aL^=U_930w>EzCrDyF5HJ-ICBkP=YH&3;L%(^*TU8^pFzNMO& ziClpnfBXG?Vun8C++qgRo+Gn}KI1M))3Zp8kQT4*btIllSt4Yx#=8f@^iJ4cOkJ}w$PE@4f%?mKUEw>1U_;)}h9}Gq}ZCsYb zOU^$2O!SXNi)$Yl;4&ySYO&yyJN+Q7z=71fbZMQ+B6Yla14T$tZJ zM8LCoZCsO*HhRpnDGF3#`VM%+EW!8?P0bUKEfPjK=o(OTW$b;E6v9s z6sbJqgu0TGp;1Alps9w#I!?&aw$;TDh2Hq2k@elI;?&!faYSTHAlpW}3*KdnfKJi@ zsOzvm3XA^}e4-;8mZQ0q|07cA@tLlKgk&$}5$Hbu5@1n=Xeq}llet<*v z_6lmEFSYFL$!pGl^4W{n`%q|7`c_zvdg?xFWg(k!(=giK9|Y)3L>IhyNbWuzFLbB# zC}X#e#2>fBvWbanJ^CNfLuOny4NXwdMZT|3n*mDUMw#XW=27Vc{S z7LBQo>zS!2hqO7F@sDZTTmetU?zxQ$`Ng`g1NjMOnpkEZ2X3v5BZorG-Y3WdB_|f% zQ5ivt@*cxy^~2X2cJy$+K=3Z}5bWk{#WHxZmA=bs=_$2VI*47Lu&qh^ z@=88yS|jjw)!)sulc4D!(vTsmd-mH6c@gY_Jh4}4u1~)A#B+^?W?L8YO9!ZR~! zKUhIsb(CJkcx?MAtXs-z;W;2!$Nvb{2-Xg*=OWIqR@xQG_CP1h=EQvkbfrc8S~L1~ zb*nSTLe`EszSc5WW8ISb$4^ zcGneR{T6@Q>mloyIcV?D}(k-&_}(?th?GbYuJ)Gw@N) z`h#;6W#^{Izf@Jz6)-sOG>Dm_$Mj!FCR_}!i~ z+8h#wNkF)MGPycApOz?>qD!DQ6?h$p5B_r~5^|5u`L45uMB8@?C1+ruhk4$IIhlEZ zR0i{4KT(yqG1ba;tPQbv!G474VU;++G1W3;U3V1V=SM!~CL|lIq!M@S)+|l>IzLU% zZ7Z5Iy9|%mTi(jK;-pC;G$ozSo+Wh-K!8ndueQ%X@=4x3l}o(tt}!zwIJ~}?%&o;k zB!>Iu<~|(i+zO?lcDU=TdxMF8bI<_m+xNT~->VI7y}oZH8Nc3qS*xc}o|+7bNY|?% zJV)Mqn>7pftGI$p=3%On$j|+v8rYBj1LOYV#tIx6@tRbHv02L=7A|K}I%NSas~ad^ zT3PoYYEtUa$i4211|~eCyq_WSPbW7PpZ4OpVS3H-(3+p!*gr;ID~VuVZxC#E3Wj1% zRxr-?jg@6b+qC9IFDqd5echQFDwrOhc0+E3%ewsfu!a0QF!JIZ?P1SCqka0WM%PZ} z$Do0ywmC;xXZT4Q{%6`kz-$bL96T7~ZApd>4AGiDbIN*8immjp8*`Ct{8cw85x;0Y zS5`!(9OMdJ{pOs2uE>WHr9YN6J1d{J(WwayGS;CHE`ReWbvRc-unO?Z`)xb zN;<&Vdg9TiEu@0z^#Jau0(YQeS>rmon$YnR)RzyLzdA@EUOjaK6SlsHcG{8-8SEI9 z{*U#ZyBM#DVk=CITbbp|L7Y;LZY`Z6e$#vu!3yFWMUdl`AlEfMqS=4^!W1BGFiDJI zB}{(XTurMsfRViJd5Ql!56gif&0rwKO*jCYJ**N|#EB#JkGVwfElp0&;(G zy8IT)iew41izcRucQ$)m=dKC*tZo@pUs|ervoo;M4ZqaHv0vz2+}{kg(vs9Rc#}Y_ zrWMVDUF=*r%ZqswE)bVaA5lm>XWx7iPOCdLcINMGQy?6aAG7jIh4#I}2(@to=3-6h zS#J=xGzq*aW;|YoFaQ**)EgV0*Eu}yx@tEag>7LkwhExK;xW7 z0xDF5TiB@#w}a#v>cc!f@CB&j{<0=K)owr)Mbil#QLxht*oA`Z`m*+Ik8@pH=e2ld zonvE>`;DI0ZCa`-8ee``;5OvSa^et?3$L^Txq@9Fj3p(=enP$UA4Xzgb@qf^cVV!T zjLd&&o9>#h8x9;-VYOcSo1j3H!Q@i2J7d@J+ZeNFT;Sl_%lTY^ zWz!K7xQV8w&G_fiZ8uFrJ_hMcNShrL>wN#=#j;(>yv;8y^a&9BXkersfnVJJvvIQD zkQ6Wfz!f-Ih(K3iMpmR37v3(Uv9V{?-6I_7&45@6m{fbtTTGzEP_$uhVa>$Mp_^fH z0X3Zyo&N2Oc5hzYJWiU-`Bi$;T=RyaAW`{yPKo9^Oi0#j@&h9vM;;>7@ATgu;X9E; z2N)VO%Z;sCy0<}Z1JuDQzNy==j=1u?kOsG<;xs)CKTbLfLyhu@DhA6SD#7sY7l+BT z!ZmO5iEWT;)e`}s9dr{N#0z^+X;P@mT~rp+X;1qBTVKnoC-U1nq=rgsml>ISa1x2@ zdn7gejf4T-h>CD&_!gb<@!X_#9XjQ zXtRq}=w04o1I?-rDj24O9tVQE#O6;1C#6ZXcRcde0x>4eWyj+W3DzsFY}Pz|oX(w;4jd2P~M)velB}R>;T3BFyb|^_&KtgSHd*udNE_FyDS~;4|+IOg)J5$;#}FzG5z0L|d-9)A)CqE5H#|1;V$drJ2twVCC`YCk5yn za!NNcYMgL4uKh4niSUngw$Y^^nm~z=YdHZceM@4qu!zcApb~mZ=^wWTz z$!>nhso4rW{#9{e2rZiIcf0%JF1wv~z+fn+hw)hhRM=n8UYJy7rCW)$I*4 z>pG8)F9PzOcCVQus-FMbV~}s`%)c$ zpt}A>2$A5y^6I`P7I-FO+1*~@o^hhGNsGP<1odK}4HNvdB}xik^s*1P$i9vc`*`u> zk}dF%Vxb-^`KwfRaC%~Qpw3>l>xPs6923lScLa_?s10kxytckD2WHA#8x!5>nrQL{ zC$Q44;~Jme6m)m4AN3w65>orDBKA5Oxh8>JCDma=eRGT{wrhJyPPEHf8~R)-qzA-wgKt8LjkKG#kJZQ{$^N`@T2@u4#D_@qUC8+_@s?c7;I zK!Eu43ek<;U;fefz&yO$r&%<-norUgOMy7u^yHWW!2e|(e|}`YDB6a$1eaiZ{n}S$ zBJ7#}YWasLHr`UDQf69T7o;vY;Hq}sE+zjo_y{V0#}h8G1*D#U;vLwWod;Z%4`IPw=sHy$7wo9otT{k3jv#UB;kCo>f88PUNQtdtqUXw4x6W zW@cxFLxW&@Qs|Wy`cs=-{e|Yr3rN@>LgVI9IXCeEpGm)5ztHRYlhgf0HGMD!pjl3wL(zYHRozxp-D z)l|y=3t;Pb%$lv2#U9?(){wmAMd->^t$>+p<6dT_7Tsg5LxyFmFa(IXajkUU%k`uQ z-Ca(wZZ{R2YqNf2$EEP(i_C4Zl5w|Dg=W>N&`F-yj|1harwVR5Z{HL3`etd(nX&F^ z2VU~F*=3vadvh?0Go>-ZI}?*GDqPlQpL*{x@!71+061Q)cE<@ytmbrY#i?x<#7J%a z)H+)s>_Jp}z~1NE_)o}ror4)zfYPNs^6Qqc8w_SD$WP05bmVR+YI(xAa zNOuioH9o5}vOckCJJ9;gge^5#$ER9zU&=2I)~{lGDWP^tyt$+er0OI}HtNfELcXg{ zN@g*jCCN^Tn1>OTIG^7!^;c$GfVts+AhaoJNhsT;x!W-a^=in93&s`F!g_k1?juK(uGz^(qp}N+BcOqHTxS=Xu*#^?hEE&M9;9uk!$d6 zvNfR=kpm>>?u}h|kJB-hnXD4WPb4&G#QE_Z5+fhR51*BNRdB@7CA>PZ{%#m}O}M@5 zzq4w6wpi_g{`e+|obNt<^l5N^ICgl4?xlWrNre^U?W%6Uk**vE94qrfw3T)o zW;q!Zfz;DF-^X1|Wa7-eVeenn#Pm>@IXaT_hmys?Uy)YIUP^VL*;hh7ccJxcw_dJT zNFi?%k-zl5c(vh+OM!mLz9+%{(h;LG-#2BOaMU^ni~R)|JPy5^X+D1GuI-(nb95fBwb-7r-zCU*e_FT4UW5z?&EUzRAj#_+!|#D&Dx3E=^cST{qQ42!a$xEAp#o0wtak0MlO z%+YAW(JKgChrJ*Y%ksi_Oi=Yn_ww%dlbDAzqO0=cw%lV`7cV#-l?9;hxBtD%)?|j$B655Ly;qkb`!zkC4^E zWrqA=6y93=kvQ}`EGdHpI@j;L5Q-DF!kYJrlS;Va{{C>iL7 zllPYm#HMpaLZRfVr^okLkGr^rhHpD=@PC+;RI5K1Zn|$=XbPXW6H$mc2u0tB?=&(C zMM_YsKRum^gB=y6&mLc^#14FfD!9_OD3+%#)L0NUO-?Cd}f)Bn#)r#vVI z80`6HP}Jj<$$SzkdDrbs9tTc+=;Ld^OMQdZL)Cg%m47vV&N}N6etnNxFb(Npks~uy zmM1tn$3K44G9TB_V7+e)W}Bbu|CRuxP4V1H7Y?j*4G-(l$IF#`zO-NpiteHY5(EV0 z1uEU_-*js7>FmQ1EUyUVgm^+m- zxbRa;^*s70q4PoB$;sQCPV~vy`gx!f_1x^pmH)ChgjC2FBR&0CG8zvSR-LAINO>QI zV4jp=$F?A*VHuiJj4loe)FS%vW4PXFRr>rV;Z+|c@k`s1@E_T#%(0q6%{oGs{6pse zJ*VvSQW!|l2dREtXP>)G_i^v{mF0DWuVfI>bLD{t2aio2yHK0^BrvE_kZ&4yc@~_S zogD>Oo-MxGI%#dJav3HI+!ujND9E9KyfI;;#1d+~Ts-QRLVNQt7K$3o^~T8zOn>Ro z1c}iWF~AK83Cj&s0@?C#C-q##5hJtUzUG}PCLQ{qT}K+<-``d3`!cdT;vP=M{LsH} zU2WF9Wbx?XIZ6PHj2uINb!z0ie}qw$rpH*dMzC?Wx!kbIW^+?S_PA{e!rW`tUmSi> zd(*QN1m?VkPxe&9^RS$Pf$AQ50DL%>uR2Dm7B=qG^LYLGUP7k4DTdHkX4Zpm4$ze= z(|L!8;YhumeH{|THS7n7hWlA2TsSQ2u{^4A7YSH(mfWs-5Xy|x}==EHA^1kh%eXn5KY~7tr2)`+pacG zu_Of6y5Z`dO7FeRb+GZaV_9=SV7C;8{PC;LC5EV z=jK>nSPu>eqdd-z$gWNhhv?0@Y(-h?lT^oH6+hY<_&Zs9@&3mW1F=jvCJ82>cXbtz{D6$HwOrsjD?r`QGEUZlu&psr!21hDJuh%%^i)-ee8o!ZM z=h{i<;oGk0TP zc>s?xU^!-)?^+l%UsRRKmq}q>ep}j*6{I!3C=9n1g(5c>Y$5(>_~HR}(6b#piEK;} zr-+fQNMbT_&ii3&Mnc#htJe4u>knRcS;E~iP#+WY5UnlRAYbn4m?G|Had#krtK1JFriA4SYTp27Zd41CTI3lRHPj=qam zqcx|sN1Q**%vlwYz&&M<4(ylpep;uZJoVPbiBn%+-Au)9*qZX7VBID$a~Q*VnFQuT zPRoWpYdj{ZW6@2tprKCD$6u?ka}}}^J0&hhxO)H2KuQnw-y8OjQ{Y7u`Ve17=apWkdHOql(ZFr znhaR0>EM6IsMB-ncg+wsw<*B68*?bfVWJ~YR3vxB1@{=}4|i>CdB0D5A0rpaLG7Sx31zR5VxbAvRL zGK0_5$b3e~!L(W9XY;)BaHeVPXX(hJ8?p|x#cV?z_$k;|#Qpjz5cag==Wog}-@w+|}W$ieG#nb>sU{>P5dB z6;;Ds_c1}p*(Zj1XP2!|(XcKbjJ6g-EY;w%zNO}dXZP+kykF$MdS;OB>N9W!WFWu_ zLBo$0!-~@MP$=(^)rP?n`{|hykMGl7XDON-T01nGvO$#Yoz)jxVRymjL-HZ=fNQfj zMmwG)ePeSw4_3{IUgL|_@on*2^+`Mk=~VVxqT>6jy@cZ1eav!e1yFl(@)eJB6nKE31rxuN+7%$q=QD*}M)KFZ zcBXizEOy*76&Cr6cn;N zlnKPV_97u$fANAIg7gPUNiM_P+oRThYZ+g>GTU0G!*7v{FaB&FS9XWL(SRtG$m)HK zXRSqjeJz{>X6KbLkKYXxsXI`o@wVC^2+S2l#f9EQ23y9I^`2Fw{Mw?hIUH9gz0W7w z7uq@iDcZzZsg5_bEDq+E0r-DT-qfE<;3$XEj3|GYUnp;W%5WW!z731TQ70?@K9~_k zExf$3QGe0!2bssb52esCm%I0C4O9$S)o4|D7N3{A>+r!~a7F!nRP8NBk(>Naoqcwy z5t+i9ls>zN)>|Sf(mqxBi*uTL$k}(u3G=oC`CQb&kR5bcLaA4Mt=f5IM>iMTm>VS| zyATj9fb6?KBK#E03^$)wP)NU`2??Q(IYWnhLSiP}h|3_~>f55uJ9+guA9kl&3{(9x zv-XFln!myEmNDS)3=CZ#eur|ba2P7$9v3RQH4GVI@K7-3V8j#JC=hP+?0r-$8fHzt zAUM$y^hc)rgU`s8=x=z=QBbSUoemxl+E)jJ_Tggqkl8sv2RAtK+a9Y%bsbd$wL#g7 zBFW-$UDLHy-$z}&wE01b+@UM)Fw?UkEuWi(iLBbCML5-&C{+SBYXRx$Gt8(ZYiuHG zaGc!D`Y(L2&V+?c<${^u`e>nd@E}RibEQs2hu8SAKY%i`#79qyQYuy0IZFG)w$%sc zbPNX~H^?32Je8Pctdl0kb>D@QK4Zr5nTWZ)u{qK%&tKm3D_6l!Oz-ow6k*`YnA-ZT z1di)yky;@7ZlfoAkzL@4dh}b2?ESN}w_-G`GEAkp1gqqTjgmU+Mg|zH0ud;(`2(1- zV{kP;7k&fq+V+)O(iXqicMDmF8P#unuGS_&BT5auCMN$SSefzm2Oz%;c%L{TvXU|G zC&X52XCfTn#G-+pA82v?Uc(m50b}cx+@WXO!EZB`EtfljcJ^q9MSBOi3%;KR{!V9^ zwI5ivM&1vI8Ux~$-jAd~I|)YZthl*T{iP0ls8gHxctD~Qh^TtcbxO4ftfdONBFug^ z8#OxqMF;r+YHI#oc*(b!>kD=47*!~e=sfK4=2FyBfugW5m7cAc@fsf2!_(hjABWN4 zSKq0f0_v5Gm+Vp$<0~tmUv5lGmd4t=$fF+ns`b03r<0d*3#4y2TjW$9*`!RVd)CFQ zboizAA+n{&HQucxz&Upa;staDaWaajh{?rI%kJo z1uTnR{WIkZk8S;C;p(fVuGZ|}j*KwgS_d!XCL*{b^*X$iN zf0D45$)~EaQk6AjuGDG|mt=doHThS$JTo~@S=@BA-s7}a8-i)6?!)r29%wK0U@w5A zzj#R{N{4pftU9Kl4FTO9|3E7Oervdv3Ou!^@zq2m$~lLuIH_w9 z$sjRS{4%#;A;;jA0A`unKv*x{*RR7E;LHWkLc-e=+tOBVpRJR|;wK<2v+jS4J^a# zn|1`^w|<@mRlb+Wq2XbdO*|q7pb2BiO{=71Zv46}uQq)pMJO$AapW#(Tb5c_<;a7+ z4gA3Lyrqf9O|e<*E$}Wgw{8rqjPWJeg5jT`3~9w=1uO*xB|SK@C8%C|Y{b#8XV4=u zXpuj*k&ATg3uSd$f^@$ZiGgawR?i~e%+$*tQPa#2Wgc%m%Jo9x6#pPGiItY1GTZ#dz?M>r#S>g>r~EdeknQ^sM^JJe`J zv8g_qMzSQ2NE--2bd&qpt#>;&cSEks6>`mBjP9q`L}U?*eo=K#HjkmbM^JAwC6B9u ziZUtM{OVz*Z|_2i*(fW=0Mu_MS{sWL%3N*@hI_TM)E3ee_Or0+36jX!3Y$x$`?oKI z|L`4V#AXg*4UILp+U(aUQp6%I5=H#1_uPR<${wX&1>eH}9c1EE2%jTq7n&$7O>p3D zQOda9m=Lrv%?ftS=aqh2n)QlGL28>z3L@gd{(W^tgncj}dl94Y0? z;TWM?W=gl@vk5pi9855}6|9S4b!f!+Cega~q27CDSUF0z$#H#_IyXanB6{$C?u(zL< zgqB$iC}0)EY|Foi+I+FhA#!JOx-@p2{f8@a9+l3_t*b;nr2`aJ&}|nENdrp(#ri57 z$pA?jv-6Onx)U14Kz9|Ma8cT=?imT%G0^LTq@LG9y>;{~{B+tmEO|O`k5r91L%yn2 zV)m)lI_A`!{Fr`;@aHs(7`PSF zx>0>C4_hz4&U|89Rs5c(-wH^Rtk_<`oB{ASRwVTp z)jh3{EnARFjB`+^)l%CfaR}HJ3tjY|FJr@>20=r;kd@taL5cb?a%n=Wh*9THLj1;- zMQiH9qJ$uH>?YHcKt{`rzzoJZt8jZ>_TF;VgMbGr15K=ClrzW2_X>`KwmGO$fwn!%Dn8!+UUU}WZeJ3!)<3|hko<{fePw;1Bs?ki z@S;OckHZ>rxl`v#TV+Lhb*4V`)jDZNM<-rA)%q(wxc1v}4McK_68!V2s;2P_g<&O* z+nB@75D*~(gtl~J9sJo4wQ{Y(x!`&hC1P7Vd2f4=rH!$>X2BS2RaUC;JK)dDa<;(D z*D$;| zflDjGvfH#3I3Jw?oO!iAv7v#xc)$v4dNE+@gvvO-f-)4Btxc!41EuuYpFFBsN1HUSGlMe9QIU3h|{*rW~$rH6l_p zH^oj`N#)b#FVl^HZ0yB(j>2k>@kle~yBdXQHt9+V*_@89FOFsIQ!ZS^55%c6H;C01 z0B=fEYD9*WAJ8>vyBL)-`QM@&umL+JP5L5+G`?Vs|A4c z_LdQWr0_)KelW=d1}N#sRfH@5NISFAvEZQ$!BxG(ED=Z>mwfYMUePI;NaeYS0A^#c zquSenll)u(d~XgNUgJ5l1L#kt)remmIfh?qW8aE`o6-%{b*JmGJnI(4r&PZX1=-*i zjwr?h_TbA&TTb#PBrOWH9QcGDLA3K{#(M>&=Ka+r>Eu7EtCjmdkx&J*D;3LTkeQMc z&MCWbZf2@IU4Kg#ywzdd7<2xUjfG?E%-9g@$}pB(F?^4;fzctrrZ?zIW!$v)r`AGK zkV{2%=8y;-XFeS@2USGTK=SgB$siLkyJ+*u0u0yAY?6m>uGlvv|Cb9!e$~ zc-$Nl93VE^aTnWSVw3>+0_i)X>qTl*2|dRu(MW3)X92ch8&2TDS?w-&b2Ir@0lw5J z55H#pZr3juuHu?gY%=Cpp3k3Gn^}eRm?Nz$1@}N;>bN+K^Fh=fQsxYn+(mxH@nQ#% z+UG~=6=6{^kBzDu?yL;b86E;o0eS$5h*DAQ3?G}Q6AW;6<}f$cW2-e&wqMR?fmFY= z-Lmqiw&1&?OE{)k!|BdS&3up^NWZkCTQ13^QZd}}?R$|oAxQ>OziwbV&?2X*v(4Bt z^D<~LQ%PybVU?JGVE@W5LAkf3;Mgayt?ST+iD*W_e?M3D48zNq<`iw? zS<|wTJJ-bXc$w*(fH+;Zvut#9Q&!KEcZe=pagEu=hTN3I??kq+=||71fkDIFqpsF5 z2NNz{jkO`VYgDFGpR(@?e&#?VF=LZpNe5_X1CD@_%Mi!-0iuJRj=;WkkI~!Z$fp8g z=Kjjq|M3G)h2qH|R6&TZL8{)M7}zvgWR&2M zWP!;;5%!M*EFwhYvaYJS!gi437&<5=)_2w^(8XtmWjlhn-`20)$8UcE1$qlNw&ptU zQk;82Eh@!=>${|g$ou?Q#KBN2yqYbzHOgj&ViM$`iDu&QBopCw|6shx~ zNRWTdZG<(bPHyFTAR%(UXo?SPzI(gO`$_S`^*-vBr$#RF+lYHqe!m=D_A4nJt!|Er zE}?T*{r%d{gui-!L(FD#xFxg;^yUo^nlvs;%Jt$(MyKYbt!!=6N=i?tS!;-);okC8 z#xizKE063dnk*==4b6J~8owPN&#_i$sCA9zUqV$p{9e!d-w^G;&=9~dKKaL={(n*T zzc$o=Q1}<}_Y!n?NdI{?@T=Qul|09|L+CpXU?~J{0DFUHFi$+f6KV?iCU&Fn7bH!))-NeklK(s zwn_E$1CONbek_`sS#Ekh-GrY1N~P+2`Rc#O2_PxW8iD*li%y;hwc44P&%f97uhq?t z{LqI&59&_v_2(7zX|!kwzCBsNv)qf&%kMwCOIGltIPrgq(hXw}ca61uN@f=~rvG~x z@3mt*3i2mpP9K_lP-uid$n~To zL~qOAHE8^siuz^9(Ev|$@Yzm6A~Z>m0b{}vcUumuO1OUb$#e4PdX?>e^X%{XDqQ%= zBklyF(MC#MoTnNQOkPu+^a%r5C|zF$ITH-RIc0Mka}i>$_l2ST^iM#jJ^KH#-RSC?dG6|v|@L#eZY;VHlX$GbDda6v1;DbG%9Px#zOmt^4yUvrg*6 z4$WI_wFvkflVI0WuN$z#r~-jVqhFJ)I%d@eojpDiky|hz=<(y@*3kK_@_kpy6RoRL zS#+Om;zh0OKYJ!8{Xe$m67*En+9UTm^ytd-yYVpH5nTK~cktieEKJ-OHz}cq0A>}V zO4pF{uA`zn>cDLMfV0l~eoVZAp8(NsOp!?P(Y|5A1Wu{dX;w;v6Z>rjn1ziI6I7GRR&Tvgtu0NQc%#D9mx znmS@?2@m7S#$`a?ic|&X$ivDkmVb@wYxo)9u{w9$oFmH~T(7bK!(=GO_6e;WfL>60AEQh7RYf5P>tj~%zBKnpqzCoD-FSSIvKo-Ze;L>zqY|<~ z3f`hPc*=Ghr@LE6)I6%#AcZG5F)<2y?DApZ*!-6FE@Vj)aaI0FogO8rN(bwd%Mo&h7)i!;J*J9FuV!G z>U^4C|6umnN(*2NeR-@psiyIL7EbEhuu2b76k3NK4rJu?T<7eO_-hpqII6DSpImw% z#DqsNalGzTfsm4jcE7&y3H*(gYt`nVQgE=uFPn^y&9cAD9%2p0Av>CP00u65Nf0#_ ziOecbVj%Xq2Y9UUb&dmI9i?X>as&N{AAf*~zw!skiYh|6IHe1vndMbcVp)jA$$~D> zbO*HUFk&$L-{kC5CWU5NX^@=<^qvH~ODkITi2v)mjeR(I$}fDn;zNF$BTihZ?FPW} zbkfqH(WFXl0xLm$r-ugs^?|K67<<3}dy(fVa7*kShnzmY;J0caau|=IcX#X+=Pi*= z>^zJLztIF8w;yYSx2gbhclpgSuFFFu zNrVh(30>--N?kt6ZEXw`c6) zepq^%8&q^14q*QVZ4Y&R>ad_oZyGnMB#Wc^id~?=Z&p zi$VDAwCiE^j?ABlh%Yq4d~fmNH@Ve0fP@KHSw7hpH-9D;X1X6Xt_~1&R-z!eq5jUL z9hDuOrIn=}Jx7@d@q;6+b#0f4$_2XIl(+ZpVa{6;Zs!RJHjZZ*1td@&Ho1Z)tS5YJdASCj$SzyM#T+!>JJ@h%NL-4v@}T zV8<#I=;9D?ViRY@ER!A)NF;(ox+w`Fgfa{Qh@B;@R!QME zT<>%>Ve6k;ZAQZ@*0leQU8X3$a#EhL|AR=y{19Hlr9J=6i7_h*d%^$7bgfprL>h+i z-)01ic!mR+?!D~HjO*cK#hKxAmWgurOC_Vd?KTIdV?EbA@Ak@dxo>4S{9_)2psMdU zZr02LcbuuJRDtfdeO&$1#grE>vbmr#dE)r*A})#Zdp=$JbB{%$@K_!)fBsQ#nBjb% zAXe%5iJC@={L^s`vDuKdbiVaXb$nuCQ$NZuVV8`yJ6=j)`De$2_y1Y`^Q?u=``)rR z+5b@BfTOsBFCUoe+g?G{xxSTWrk6E@k>6$w8Dk5{HGotaF-=i>m(DxPhVS-T0n%|t z4PCup=~U3X+Y7qB+VY5(aBv<0>d}3~G!6P0!UCVv`1>`bKM%I#T3Hyx>AS)JfSNQ; zuj^Eb&WD&=x8~EznVXebrGoPp$8*mvPjB)JG{ye*cphD65P%z%fIX^#7!H$6BC)5M zwP5|rEpE!gvCp{v!G7~f>)OxnjpdlFHvc8=;7%b>bXL*gYngc}J0TbF*ebz+!|Gu*+BlZ$7&PuxYD&|`*)V0)^IuJt8xj<0s% zyLeRYP};GMzK##84i8(OK_IgbY`-dp(T3$_xz)VAm#qN42~kJ&N8^2<@03i2Za$fO8iJ2=;-^5Q%YXO@|AxADk&t z9~cD?|J`Kw)c!*gMq*4fOLBXUVmB6(4DjE4pQ^c+Joiv}>q(P6oId~Oc~a+8@ETe!0xw(s=eJzEyq;fYHsWIz zSa~-D^rTSeiw2frORQ5zFncHTqh|QP;GKN{TaeiukGt3 zV>0>kDu;7p5{kFI(!*6i?{1@ibHkQ^q!3w_#Y=m$~557ZH zH0poRbd_OIwcUCM=|)PrQM!k&K~PGhySux)TSP!Q1VQN@x?4J>ySs+wY~SxX|M&qj zTr>N5)>`+v1DTqY6xbelJZN3#X)r?zm@z0jC|z*7Puyqcv|Td$CyALZnC* zbYxb;`j(%BVmm#$y2`W{&dJCBJl=SSGP^LaU5F7%{8l=0G$r?KQr$7ACr|XsbQYrP z6;Bf6if>%ACH7;3)K@u*<4kiJNMdaLnG49SLe;-T1tPBxKOg88-yb75mK6m?NPwRi zWe&2sU#`VGcW_<$i-2!?CYqcq?28Ay`ca^okdZ_B5)t#!WJSF#XtzELE-OzT2!9C= z6MR*!w#F1f+q_oyt8$y8N4k?g~T#%hZ?WabNTNRQBfJ znreg31U1uFtNw01&XcV%1!itmTB1MJqu=BNX2RnZO-F^)ypgQn8*f0EwhN84^Aj$q z@)c$Mq>9*H7MQRr7m$vJ?SU1x{*)-X2zT>Yb`^O_qnq8v@LCkS?W^z3MU?%b+?SDO zKPGQ09^-vBR5o7V2a50ZVvXT8oT9L5(82DEB4c_NHsDC&QfmY6wKbX`*#gwZV+Y5Zzbmke9PIXIv=a5s zY>_W%sAgt3l-LRxlDnfEhJmMks?v(_C}MNKO!Tm}^?`{s?98!P1v#BR!u>ec!(nXu zHBomj(ePm;3Na5#w%@Fe7o|Unf#0jDD#yERK&-c5p;I3@wLe=1NDj$tbjf&ZQS_QR zI)cW3CEc00Bok0#1GFTQe(M|pf~dvgjo!+D_Dq{*@`c)<4@oV@%3xR7(Z2xacPlcp z`zzirnf;qYizbyF2m*!LlVecmdgYv-JN6PdJ{+I@;RdXbT2_m3g<)i_N0!IL zmzO~L!*(++9=zRR7c!;hVg$b}pH(Uw7R9&Ijc`oo8C$S`bU!g6BHU*lq12fZj!1HkfAQf_MQ_B7(tN_HtdrT=fW+(HK!5JQ^3z)+= zwTx+8_drDYC?2braiqvawy;a@88x8!y&qfkmV4QXoqv%zf?ZImkicTX!9$~ApzV@M6oDS?xB0*5`FRNX#)7~n?$6@1n|uNj8C4} zy`z^tI2p|pIGd2Ev`U)(rAR&~W(X3#`a+h#-}Zpj_W0SKkzACe9XFjf$tGYo%UQmt zyC|ot)@pJ^DeEhzcz5`C2~jKsriQjA|MrSL0BHC%b9=A>B)?bz;L+ezX!YjGCK15v zi~ZFUTguXCA)j6PiWLs*)a7%QGt8b^)$*^~v*tU%4g9a|3sbT<4A2#Jb-JD@#0xvS z**$AGrLKTp^zVCJH29{X7&H}jVPkh|i87>F!yjUU4d#vdlpKd4T0Dk4CF*>C1Vlz5fa;gL+p-Z(5tga1MT+RtIER?W zH!OqZ#)j2#N=MPkHV+QrU0=g0TcX#;ftF$+P*aDXyowmdnSoi_3)qaar8e?UQTWzy zko&yi)Guj4YSF?%H9|g@fFQ!`vB;sgf&*b6l)cuBA zvOgb3R^gTW5nveMupCK7XFeBU2mg0|9&HillIlT^b|N&L{C)DFV<+J{_CXKtqcn$j z33F;uRy<#iyy`c-Ghm%-cY~pzFERt2dQKeP?SKL(4G($uwsF8=z2VakHBx0ay2If2KlpZ}Uf?z=@|U|^sUy-0awJa&3gJu8!P{KPyyCy} zfah*XMR-MO$LYhmDb`l%fZx)3;Mu3hxZs>QS;x4=aPcD5NGzg6n`CfqvG_>|vxk&1 zMy(A-Jl>esaj&DZ7%+aCmnAt#DN?^qi3ClZ;H*1&GC{&(9C-u?7x=;tkvr5v&WH^Q zS`csSf+*EHDi+s2H3>Hlum^2$;r4^S1QICY;yu>we})#LFZtru+9m9-9`iv!8OaEX z?wyR6>kX}w?XSNL+zy-Lb6VNbJyw3q=3e5!3BL{>Z}L19E6r4jnP*-z4Uf%pFO>K} zM?8bz#NqDz4*&T&1W{2Wk$HENmx7r!A`6JL@)R8%4cX`dkwuVybTKnJPmS5urWpBp zF5%P|39MOZ;1wgo9sI-E?ACvx=bj2gc2^d;llIgDZHF~cT3WRyB?RSwhEXOI0bmVF zHna%i)(Mi){EmyeZX468SxZuaIDSc_-iVw0j9U~M7Nto`EkQV7;EKEClE9m&>r{mz z-u9v&DyXGJ17&)f$R#NWna3w(mTZ_-#WmFR$nqC+Z+1UYR#uw>;)Vt(3FzU2n@@lM z<$@1qcf08Wbx=*ASs?$C0r1NNv>(^S2JHtXuE_*MjFMWZpB(1cJdb&C$+86LcW1YC zwU3NeR;0Dlr_Tdkrh5Fs!m910!=`x!waeu;`)Is@8~ZR=69=x>A}0#WFQT{bSvm3B zwxi`PJ)b&+(CW!Ih><=<}f)fsjxtW<0kA82?~@m>6`lOy?Ir>Qm?s&v;_m;`y+lEEnXNEl!E z%&)-!UBF$~OL`hBX^bDVA zY4lByi0^efe#3)9-9UnS`X}w)M!&rc<uk8}Z)%6rA$o&nBya%R}bVAA?wg>=iew6}n-ixrLQoX7Q1 z&3e4hpX9<%)26d!_{t7mjfi`ibst~6{M%v;W-C%pWit3^qGRG`FaBh{9qZucDu(E1 zBZ{R7Yn?chXgsu4OhZ=uNh$oH-iM#|ZhU~)g8j|O$t$mqa)kylxihkGSkZPs^~dy7;YWNR9R<=|Df)@6nIGdVw|N6RNn*~zSf?b zL)2@g%ojNUR*3hHYVJh-k3(xW*z1l+kDHt>i=~+eA^PPlzj|IN(H5!ic zHba2p5!I0v=5D*Ge?}C#X=c4C{0^C4yhKAk50Pn&?#k3%KCbSB3gK`t3s}F6_+AGm zw>eU6{fh3#TBm@gKNEI$!mkov*b@Eae{CL*L!Ulbi%AwNZN8-xg8#A-+X%ID9n~ zj9{v{^^~yIrc^SDjCV$RXFq?AbR=fgTDp0dH>Gm%u!`ZMB)(f@IGN@6P_{EHpyERD z;2)A5aLK}U^WGR^+T%TuSOCZLU4pyl&x%)*AoQ4$Rc`2*C>Mru{WQFP1~!7hw>uJM zTQG`SiF1Z%h>2)*kR$ZatMztO)+Yo6F7Bsfw(ral*wsxi>#S0E7Lo#Lr}TK0l)a$5 z0f=%m+3O_uGwyYtv}Beh3O4?PiB;Ot+|P=z5XSZU=Px>@pFy^TAI%(18C%Zr#vIVmHhozAkj`(}A3zBW%ZE49!zj~b<<;Y8G zfH>$A-~G!L>W>29>nOr^bTev@(t1VLBko!dnO=hq@gyaDm%rX)iE9F#Y61phr3y!; zKjG5DhF!K^KfmfQncUnm6_ZlKFQYYs;VcL~KFkMvgbZSvbr&K8nZA2PiK@M*0^qrC zQbAxL(&uLnEzRs~Hu&!E#JH7zk7@F4x2SJ%2525(D@oF8Y(z_fZl;t}=-Zc<($nr& z#VDrkC!xDJL`F_(1%;i=6$8fCKV%9qJgOXIBd-Js3)2Jp*HKE(e%7iIb{7?OlR88? zo=m^}CH48Md-g{;v-QXIZW_Azb_2u~_BP8Ex3W_C9vrH2OC=F{HkVhgXduqyH5DdH zEm}jm_3}4nHG|jkA1BGohliytlTsMm06`yw6G6>ppln5gt7{5N_bi>d zT~Mi*-$4vL557gxE!1+h2YBe(1982>&o@UCkPf!>+QeJWk-_6=W{BZB9&{{+eRNj+ zyPz8W{PZu{2aMNz8M+nco7+NeSH-nep@?sX&6BDxFSm&&Ckx_^S6EN_5EPJ_7OSO~ z5;RJ`@R3un%`ppT^(+t&I6Djs<3|W-kodqpK5%^2WjQV}lf&(y6r?+i2pbd?Sr&T3 z`_%;A$ssm!yiII4#fvBdTDfR+WBcSIAW-Q@z2spqvuk*6eC(DbxZ!>n^+(={Tcv0S zhPdU;W6RXP>u3qf_Iv1&a5&W$Fko*n9R0;VKG%&8NGtsYhwz-H<_uzl3|wmobKz=l zk`t-j1Ux@282Pt>Gv2+fOU5LHe9^4P);B$fTW+RzaIg2pHt_%J8{o8uQ)@}R%I^W^ zq|i@5))Uq|K4E@IG2QX85`mjcn91a84Eqfk@ytNEp0iz%d?E;=bM4`D{r<45ecbXa1Ff`*zzgJg0K}Y z^Afw1YG=9r<)!${!t+vGeou zs3=oxBZ!Ljv(&QhkxnS#tH`e&$UNE~;a=NDKo{%A>?si`TW!nYQ;NfHU=RAx8;A7U z1}(IuX-c*u6wD;Zd<(Mz*>kL-LWn_FX|`<7{W}x~){{6HE_x9M^mLv0f3q8WS6`j? z#EDw#<5D7meoh{JMxi(|e^J%mjW?{*W4AK~+h|av-qyqH+`*GLmKK9MCp z^S(KjgbWL6^Y!X5g(>s|yRi`-J}znfmoi6bOl(l}aPR(ejlue6?*c+eg@$;@oYAAp zPK=MyJNaidIfDiA@&ime(r8jsbLz(?DKdhDM(GpXCi0a#42sfs-(?70J#pNLmux>D zcDwoInyAReC-yemz`9#Txa#*7;PICGw3QMj5j#K*BlQd*e~)ZYkx_#NE1*o@CY^<> z!zO2T?;C%ZoYm-vCvYMJ(y{uD^g2#GqM;|UMx)>%dhQNeGgKG{t zU(t>vyD{ttE82y|E2&`_I@{YotBDF`!}d_X>2KM5YWO0#ms_RAgMA@GzCChNbo-7S zTLRU9A68Jb<3QE}iy(>ysTIc-LF=uXql}dg5CZ+=iCdF75H$0!_4st#T-%N=bkNV0 z4DL2*i*@~e`)_<|!^IFJ)#eY)gr9ds%+JWo+w^c&V^;uSR6m7$1UM8-)-+g510mAP zh8twJemN@BB$(tG9l2N=vKe@cSQQc6+x#cddX;x5ncwNlJHi-(qqTmim^1j+gZy=A zVVk#1;G)LZ#HRW{Z&X9{pkNwYeR~mjo14x&dED$9TTD;Xc^m?2m&doGV`IPBFPV3F zA{gFY2>)n-kI(tqn9!JEbov3DjZnic+val!$3PfNnEc_(gqIGL2&Hy`_>22^P2p8S zqR|&UlnkuFTbp6r4;5l4fXD8k<93)hxwY<>#BWV!17(gjxLaFY-_p*GKcbd@7Nf{+ z#q)MU&Y1uy%^rHHR_Li&NUzfS0L0{QJIXl7|*-E-f>72 z6%ipyIel&9_?abhjwo{KROq{%Qr@R&eSp^(^!)AZhNg}#MwyP(!_7tNH@e`qc})fI z!6;+SK>pJY8R@gdybvJJ^^|?II4_UpUbk7Dte?+;Flh57Q=*PR@pVurKN^~8=N)V{ z28EGFHPqvHLE?0U1{@oO>$H$3wSm;&Q2}+lxq#h;As@Np!bDzLGMRCzwmX8Hvo|)S z5k1!ep?2lEzfgGsp0z@`Dg6qf^8J+686<%V5to!zn+|u{D}eJ~Q2M)QO07xx;6oGqY<|X=$Msfj7Hp6~VJ(N#cI-NV0{pJX_K_u0r zOfIt7A|cjGcf(i-sw*ndmSnf!=?-RRCptgf8g$Oy+}!p78;7EVAI>BR1GS^(ioJcn zYq3G;q$n|QV`n$UP#0Ti{@B?bm<$l5%*>oI5Rjt>02J+xqOj2F_;8$hpO()S2U&d1 zPcN@H4sa?$JY!<{_Rv>1*R?mX05+aub6U?9)m!|T3kt`?@64Bbw5f^0x%ypFYX>_@ zv@24Ws%L$R%Q&9QJa*)ijkVb~NI6i|-}sc>^5jm^pNX0spnsx*6|uDH(DWfRgH=aT z_1jX0|D*EBNbjhHBo?x+UtJ_qvm3gt-_A%08E8G-212}8mXTRh%hM>v~DJ@>ZQ zJ6@#soZuc))dRveu1{LxNQa?@^Bhj{Y;1(*C%~jmdPzB!(U#(Le0#2z3O9KwcJ(Ee zK%!4%&VYS4Pm7ymlT75@oO2iAar3rdK*JKvCa=dr{YDK+;2prCl&VR<8k8pCv*;o zf(-&jE5?c#hF=Z=+(B^JY{G6kf44OG`t!Q@J8vOV%zb%{~G^WIHq{kT9gNHoX%B<~fU6S=QPIi1{) z;VFaVOh3#VXixGu#*}QX_L-l^432d$o0sliA|jNncGk}2*3uic-PGY&(jD|OL&(|u z_1H57NdWj!@1;pi;9}dA(YtnNChq3yb6BYE-%Fd3WbSjW4vP)*fmjc^ls0o0?^NF; zG~)l+^x&Kv4=*a?#5H^mJc_^JWJod>unpM4-5z=;cm&k%&mJPAF6+M#BjXySXB>>{ z&esvFJikgg`DQo746niHLt;vi=$A7PRLp@o4cKvwS0m8%MNTnWx;0hG62|UOgmrQ4 z%@eZjMF=T2w8FI(j5<|~SM$;pMe5k8hO&&hf=x>&${4To;VMRO@+`Em9;>m+_s}s9 zRSKCJpz?^t%IkQU8*N78H@31Laj0!&BM}SsG(b|=U9d}2{|!$*TQRgGLdl06M|TbO zeiglWDjK{|XSB~;Tt?E>JMpBrSazfmuzJ~kN^!F7NprC@>=O53x1%MDlV)P1EcCb6 zJw{+2i0Gj@BEo$~?cLd5JSS&;!0}WEw~<*)jdf6?a`R>s@}zdbgRA zXLmS_B?@-M(ax6fu{N$CnE*|2Y!E^(_1N|i2|4Qn%UfKDMYGhXTiXR5+#?{dn60Rd zus`4e)fbip_6ZM*`gGd%0I5vNWa-MN0}LO?E1blDjQe(0yHXd+9UzcqNl!UWSn5tk=cc2x?8=Tt8*v*qPckX_c!iG#&%eTyAN3Wl z@u$kq??fPWy?4jtTY?zGYdRhF$p8Xt@c#YK(rlJT^uY9!E+LUzBk=okZtIc)Dap*z z#TV-lZNtQ3`uG`q)`)=HgNFWF$v9w2b*i_~xKqTYU|Cg8^?}JyM$ON)+VR-41eD)5 zqM+jk$*axL1A?nYvzXdK0G?~kJf@Xh1GGk23GsvzE+3+5d#_v@6;lmP{1)qMwzJ`# z?Z<@1T-qGk61{p#S*)fs^nWc=;^XtKJ2`P?`jmgWn>VR6k3-4-DIX;22hrV(1B$6b zrtsT-d_o4AV@{K;wl!-5z6`SATnQR`-wjk;p5){xoP*}mt=rep3j<`knf^cC<2};Q zOTTzEyVKZaa!OGa73u#EvoP+E=YJC z?7g1QV<<$G~IiQ+;Dk2xE9Rqxe(1Qzrt24SCNg~o9|KA=e%pv7Xz9iPcn!sur zoe92gwWeG@q@%6jT@1S$WJt1=-+p|>8N7CJ9=Lp{KBL&6`u!X!nXv1?5{p@Xyq(uX zI^5RDc^#Nb+W08!C~OQtjR=*lL{2c||~J^C^}Ce|0+H1fb8GrPAOCS_Z>?MCcH&}QM0 z?o%uW7UofvTOdE{C8K zDIc6nx`h3_mpEJ&XAsqoCiNpCI-x@Hwy%*9A|&uB+3IIFcU+N_Zi!ZEn zD&q}gxSg(^fBabvB$D{IT2&>*8ek6evN0O*cPfcPOZ7SErp=Rau$(3~#-nB-q}il? z`|7h!$K8_|%XC##BnvbAE!oc&jQE__4eHH$kW|_xsj<=O0kL;*wi6dbgy`pk<51kp zWeRUt#4`eQ6NP@iAhpq_3X)i2EGZ@E)S&3Oo{4Aeip8yoPkiodn~Uro5)tj4M2& z9d4k!y0{$)YhWaVq@?Grp;8qdy2Aasya`3SE|KpIA@eb!V(AMfMlYa;bYQ*ZBv`OQH|bq8?#Ehiy_*Ud2xOI|QNCjoTKP%C-^y_h(#7PTE`aeWmQu76+WXZK2c1Ph;lz9=|Pe2xKM{ zvkLqN2Wh^_DWB1~6Ba-NoN*N7^G$z`Cr9sLsWvOXzDYq( z5?0B9>&9=xaMA&MB(+{R=XV>ulSnO9-gUJl8^(>#b9#)%NdVPD==F{-1CRibljD{W zId`umr|r~cF~m1QEBmVrJ>C;#7; zXV%nw2-ZvAvOg)^7QjaBCmX4o^HU+uK+K6HAtBYq>nwK%ycfmoCjv-qS2&Cjg)bt> z)p|S}4R|TR?n_MDf8xgimdN}oF+u}EP0(t ztS%Do&yGB}Ia&0g`7Qk6``5MKy5#-i$4cgbH(6H8lwb}TBG-<)`=?j?8s$M}d^`1i zkBUxyPF3qvwg&4W0dALft+%>}`!tRCnY#?5Y;QxBT30SfUrDj+zbZ&C{-o!5Er@@o znED#rP?xflh4d{e$XVf2)-gK+{7O^%fiK9U{G0S|wpe3s11P&ak`~jyt~(lJ6ftA( z=b8o1O{9Dn3>{mhSi(Mu+-(ykvEM7A-*tfN7j=;)?nkfC!{#&Sl+@)3ggKN5W(Wmj zGWPrp`=M3$S3Z}*=9eEo z?FbL8_2yhTD3C`uBsviY^M1_Xo53csJ{hBuka@4W6+k}9V`k45M?kQ0sa4q2=XszEOp+ONfkyxOoE&cRO6QO0v>U2m0*oW!KQ1 zC&e)~>~LW<1u?{+sczk)!QGiYCp7#M_xoTSn=d2s5s=s;2DZt{zji7fzAnv|TnZck zmjy9QH(z~5HJvThnpq6o*+8d>Y<#fCwOIU(vNm4(3q^6vS=41QxC=q+45Qo z`Yrw5$cV<&T>vfhTcpd$$#V9kM*lTXP}&X^GVVu-aH)+8utvQ`0E^7i6|!}L=!K5G zi3`8-=%Vc3k1J58ojw^Q(O*iW(ynMOP;}aou5Igs4Kp$L5$|rjaY6G~ucDbbgSn!( z^17g{81_HghvO2#d(g|V0Hk`h<);09FE)Nd+AP8SegUzkErFcGDE#aF2uePKhBjxq4PZ=0&@f8F7K zc<<|I?)YW|3~^QTvAaKx4-tlk7RRUGoIW>Vw7JJfn$>i6YiJci=!AXJp37iFw?2^0 zLJ4@+0|(I;Y4YoRlNFlS?Zf3qP@kSvTjt{E7ZU}!&HO*r#nn9*&QnDKPXaLry7y3J9;TS>9l)!p=?CSh(H;9HuDvM zAc-nU_UU1fRH5 zk7>tx($7{;0ms#1K8IT>knkgeHwZ6s*d+n|PwHlrvJ~~~ai;utndIQ?5XX%(Y&N99l4K|6QFfS<973^ zeqFgnUlGp`ovub$yIem_6=)JW@;)~?No z-NeKOmR>T-v~&m(9vuksCp(4Vq&}!XUqs=Po-RhSFQT_Wi)QEvUj`x~F^Bjw4Gl!z zWdmYXBt>Lpl`alA5G>e1AltqwMb_}J_i?5#=8;ho%_J5UKJHbe@rSq+Y!bu^X*^?* z2}CjuM1_SrOEd)0=|jsN8N+jVQrj>J&yJ<~V@#L6{)CK0#k~H#f}@zj@~NevPLCI( zFo*V;zB~}%x#h3(!=zj-@u${8?Sv4OMz7d&o|4A4^&$2L`%B9rMX#}4f6?J#W}!vz zu07Ys0ot8Ix66^8i^dpziTmpygb_QNKf8wyrzbay%?)*&g;jn}HyMrp=t1XoT5Md1 zNTTk49_#=06U9$VaQ`W7Mp@i<^Whldk~mvYcr;CqzwPa_-Pgg%LsDFJQ!cOfbLKop zHI`!!f(lpKqo_YRywBeCjc7RhVQ_67#=F}YUVRIm?;&2)#?);2ynK8btv@?tZ5_LG zRH&dzgSwGlyX8-r^x@w-R`#9a-@DobEbWniivwIZI7aApO zgoB)c+EeA(Eb3Q7AY+g#H}?Ay`n^ptr+x{Wf1*f~}Td89$7x@%AO zaY(JHH$|zz2`@kBl!TC0%-X2RQDLn!=6b)Gp;L+-Wc7Sn19S=0e9&HFj%Gu$cE(XI z@Z?d=nl-RWdu=GLM z`Fks_emXpQs>Fmc6(ve&O-grT4vne52JlxTUuaoi#*%{I|_|XUpdlO2*Z*;2uL{Q_VYNdivabeknJFFli?3811NF1BY=I_X8Jc(RJi_Z?W%fC@s^M9;ox?Iu3 z{;vGn<23JP=j_5;q)N-IVXc@O6*cMq2TVKrI-Pe4g2|RT`@4K3LCjh*7htR}Okrdn zL`9@eh}0hOwHO{Q)T3_}v3U26Yc*vA?+qG} zZZ5gZdnDVHBLRR4_mz?BGh$g()Q0|YQ=M;ia$(eZT&X@QjOa@sJdr0#n}#alaMq;- zP{+CAV|hHvot+^pTW#!0SRFG?BEVM7^tJT{>`M%T{bf=4rV5iabBJH*hqEx|;&3sh zi59o?2T$|uIHPcZD_%HFC7aj%*)H*Q$IDrc4Qd2r%Sz!`bt&z3I)0SfRv7+G(7sks znCOl-g}-J%{EGK5%pV>7I=%}5`Je$7mP{psi8-cU7W)*p=>71#yS*<~p`K3GJsj7zs-hArs+|>1O(bsioYIvZKWXZ2^#;&K`L%i%~?EUgZtQRuF~p zlB(g;63#NuJC>z`-RBTlw}y6#U$fECX#6ck)c22C*G5S$oObST)t0?oQe41!{^V)i zZlv7qG|^5HUpfQp_Q2?Zi3nm)P#`G@(E4Zp2}_R2J?&lL*Rt~*@Uv$=ygr)1OUa1D zYQ6~+eL8SWV(ZmEWB9{6*;-ilr2fXnOY4u7YwFSIm}e&ffFMjRj{1{$I+HqpzdL*VBgAl5^@{D`^P$L>+d!-RK$;A?33-T6!jJ`el`5Ev&@- zr%~$RK3~u}eggaQH}u<%VDgI?I&uQIGSVpYG7{T7oMeo*PB?^U+XO+sQdto{AIN?A z=2x`V(8@J;K6T1PxHpBwc7lW;D7gG=oVYq_9+Ck5(s)I~G!}tRLQ^U74J)njg5^i8 zypO-SHj+^MPz~1H%?VtiFD?axNmwXx(shl5DO9*ZE;3l9@sl=IKi7Da#>?+---efT zvTH`Nhr)IP0vjykK7IKOsABX+11Yg03ee>eZ*aVk7P5g#PzRA7q`B}!Kg1-%dXl_E zK<*LXTN?JQNNf>qSi^T$h}|7s?@k|Q5!UUYQf7cxL`?cl>;$TpTyCP-Sgw|i7vR_E z@m6c}?d{L-Aakp7D{{Z1 zSXpg=k4KhI&x{l>$VuL=k_7Y`wnat)853|dO=)qr&W?g$ZJJ*5`QBl)X3``5aj1G$o{XkE@%e53j zL`T2B?5#&8^fPK7;B@iWs%NSw=LtxM)K*+w4c-0T^alJaJ(kc;V0sZ!=o`78rul>g z{4#n=g&G)#T7{D|Jd1oh4i|x$;0YQNM_Pt#$7%c;H-jLRALnj5*gvEFlNTgFuV*pGFqI0BVRS@Cq}{zulDh zbQcl^AkJ_@+yoO#lp3!4%NQYq^LDN-XurU4dA#x<-N9B~@d8p^=UA+F=4Wyk*+5(p z9s_HzNga=%fm?&vk48y$^uq7M4VT}q{T}k?w+g%}`?QfUyW-saGldd*Iz&QvVY~Q^l~w|-BwN&{ z)C!hJ8*5}cGUG(RRdHM6wD43({w$&**C&&v1HHMG)#O`gL`U}J!9Qsk@pef9UpXxR{6u~123!_83Ubm;f`~6J?i~(uAB?&r&*7ZwHOwvM&}iQ7)a#iMo>&~ zvXY0sKm0*YXOe+UKCIgL)-dSN%?|Fx`7mvnm zwOV@8%#0?b_#=pn;FaBiCNuMhT{a!pWcp%S3=}NT_vkC|^6FLgCAr(-kNo`7hP?ES zT#1d)2Dg&Pj}~J$Y@lorQedeMPyrqPn$7B}j%+BAB3K^rMQkZJdXKY$Y`q!_uqjG2 z$1t!WQ2gN)5-4cW#hfG|Rl}*>2-tg9=X)}0Nrdz4Nzpex_hnW(Wt{YbN?Djph+wIu-AKOP>{#a z6?v^T)nP0yUo32n2Kf>#F0_n{5HOb93&os z{0@LqakBQH?&hu$6GaEg_vhAM2W2ncf5qJBJCfx1r7U1Vr+VHoWDpyJ8n@epaZY%6 zGxZv}FJe(}r7aJfq>P;HJ1O~sb<8Au@_#RXrqJf(Yu2)=F3sm_>?yvo1vjSU$7v$s zNPJek#z+hD)6XBYbB-=O6~aNZDNVN7<9;G%_uSZ5P6rXMmHj>2&mFoGO|MWA%U=or zh=uThzTF}V)?zIth5D))8W{D|vxnyuB#yh9Eoh+F(Vza;-3;V@)vYX&n0yk45$MHery`bsy^%ng1qGlZN5UHaRHin~fHLyjzE39I_|t z1j3@L$BFz96tpY#^phiiUfuxNXOgM}$GxaCNCog2lGlRsTLd7eJOi1?QgjID{Voae zH-e5Eg|l@sO(bmvYQTjOi2E#_S{`Yr$PblxBnz5B0xO2u~U_VQJ%gn zA^CC6{Is;S^)~EcY3EK#$|n4lfex}{U-os4u(T~-vIk!cmG7~Uth1mKG(s%w+p<4W& zNY;?+X9R3NvR_t9ysw4PEtFEBU_k8nT~zOc6Cmi4x)SA$X1?v;!#m@1DEH$t3`D8r z=ITjveD-Z+I@(hP4omV(QG$hx49tb#&AZ(>%0z-l@wTc6fz$&iMP6RrW%KV(h{4b) zj<`s!yB0}Y;;)Y=npQ0VO~LM&Sne?{bTdI>yF<{p3YY8K&9j}1*% z*dVi=K%45ii%6b$_y2=sQ#Cu;x#&e*eTq!MS7OhaTA&sW_EN|4r^u+FY!PYGHyFZE$|HuZX4hMj z+9x;7BJ{5)eB^b%JW&e^gUgrrNHHi_;0;qRPr@%Oe0< zg-O^(#XwHgF>=Xjg}rd&Po3qy)#qu_s;VH5c1*-hVGaHz(5ml`0EaDE=#%??Kx?Bl zBi$ZCuWBz~Cj{^_DiSDDJ6Ont4lY|B%0-{{e(b=oc~2h<>^)PsoM@K(JkEy8tac^- z&0D;rGj{*##zw5MZm7B{!jcX?CKl)4u3E~&P%3Fl9>IP(+nUj!lj@^%yS-H-<9_TzjIYQQN)8sHa-NHTOB zU}Y{+hjsUD4!#R~AGF{_4y~f}tyldz>><%hfnrx?md0hk{_PFF@TV~3@F|ki(7N!{ z?9fz-z}}ek-d~lL88=>50!zFfmQF-H6F**x*7^PMXzD*j-E@FshJ*e4q~vjolf)C* zIHS9%Pkw7^QXM*qYe}0?J9Sh_SRziBu^We}TXcFMtj+6xZ>1o#kMLvciSqB30H?e{ zo?8D^lBYscE0IFZHMM>j#^Dfil@`Ux@mpw#pDevDd<(HC$(GnT$0Ir~=7Rdta632M zyi#cF7pJAA+T!aJ$wrq9v2qnw-yOV9wub0Q;+A|6Y;r<)^7KxDtn<^fZ*pfRR*T~Q z{7}w|I)BU3y!&`RAC0!pP75r?6FO$!E*yJkN{8`MOH>vY2L=cKz9bnOoz;&BOY@+v z@zz@knGt%yxKtX`D{Hb`)`p}4S};x)9fr}G6MF}43+r7jdTHH| z5NYW!hEH|D%}j$jq%IDW02BEC$olHAru**y(J@j1xqI-~>xP^23%sKIEE7!5Z{ zDF{l72+}=ZG}5WmV8lj^9$jPO_wl)(=l9R|`~%mnePZuA^*XP^L4OF46J)?zsLcoZ zmz%^be$a%-Lar3NVd_C8T|YuaMYQc=1VLh=k#mSH8sthm;?+N&;d(r4lS7_7FK1WR zxEb7s=nor;$~KuDo@W4-t;%cAgusM{45gy5-Q9 zJod}(?#E1VdYL7uCajkyFu?G*Au-Uyw|P)susH?r2+#y758v2}s;wh_AOMr7o=YwB zzx2T48Vsh|?Dty<$GKWQ|8!d9-FP}dOf+x>f&UCSJeGLYFj<5@UOX4B9Nor5@{=NTej_-%)Ak6CgGD) zyMJ4Z<@S}t$mq>fH8@xZTg(-*ryl?4H?&BgYJIhHa-isu^rOiFg8SuOS4tr!=AE?f+vPEnl`EPJv`6M7oV=fa~mx-wgm+)nM zO5pL~Vb`8)NY8PXx+qoo1y6(wJi+v;m{xL09cXFJvQ8~7u z$I)ezy5_(Pt|uqIdGn7r`5%h97St>CM>O1uZ1q9-CyqbmKAE*+MyHfTMErItb<>^7 zpFBpR)i&|HK$zn8a_!I$_VY&jCKc@jh0H}~P7G!dDhu#dRq`m)g4x=rvDGxuWIuF2 zP37i}Hu=AfMn5nxr*-T;;*Ag^?WI@jdly0})`uMd--)-Jf zbOO)}K>qjkeHY|^(&ehkQ4|FvW;gu49x6P^wr&|XSJ}cJ#d~dYkz{e3(la*?h{pPl zIj=2yq`o;n#08Igj^!2|fG(Q!vVmUlH>UFL=QMN5=WUmN{dpLqU-H=rxP4c4{CU*g zggf~8Yn#k6{mYX#Yrd7W`xcYoPl%-p*b`pzHf4jO^$C0l0A3?FO!$Ku;o}8ZmxnIq zPV0ib!@5U~ux_x*qY%_^IE`K|F0AyyHMHfLM4#ySyT{yz98Bnaz}NW3_F`cdwdp4# zEmNJ#^S6da!)5nq>B1d%f8g_ViQjjbM1`Zp-vEx15Oy<(HoHFG1Q%(oQIb;Ix%_fw z=jZw1Rvfg;A;HX^EonMOo~XcuNO&U*JaQq09k( z>Cy2k_5P<)edP73Q}@~Zqwisx3I+$ieDQ1@`M!VoG#V#t6rt=!o@n6BK!4TvNF53b zd+2J)j2?xgw@Vxt`EAMj*;aX8@~NoEfdc9?4?RA=-Lg7P;OL4f{Yg%zr1Ytm&n*A6-pC)MROn^IJvi*}&Thzk6E)p>D9K zCkfGNJRwl7SI$Q=$WIVfAE2b`R7K)W?eVTSl3&uy|A=e6rhagqkzrY*D!oy*r02Nv zb93Sgm0fd9jv9S+*4I{bq6!5MT)=nwD;Hi)ZiRgE487K25^5P76tB!I?-3bcs#7iq z3PgiM%t$+!pBilm%IqKX z_pk8CzdSHSO#ZyZ#Yr>QXryYD@R%%iWu<+8CHf7B!}h`t{L%#p`toIW`mG+wZ|R|F zO)oM2efU*S3zPTHLb$)1vUXg0W&Dq0~m2= z=(lzN{OusMo~ov%rqj|G&OuO6kmM8f^OTmrIm3j0x6sKd#v4ZGlD3$KZ6m*t^QY|y z<=|)ZSEDq%@{bnM!)@4&jp( z$y&MC-fIh3VRuP(g$gN=%|fN(OfU~Mmzk1hx)IIoJx=^w>>cNi$E^M6f}>$1ymBZ6 z;nYwBWY)D8)P(v(2(p>AGr|N)x)=K52@R)&tc8pZo7lPF0G|+cCQ{$0(67b5?Vo}5%nUxtqV4r7O-`#u`)^aw>uGHKur!CVNH+>V@F zKp}nIv(-w^d>+mR{zfSurF2wnH>sI88Rk$AUh!aTl%5$nU}LFhFK{ovpoGRCA1@(~6O0mzcP#4#zFoI__Lhr@o*&NiraV+R zpi-z!w=2P3Uo+mtzFQ84Ls4Cx>Dywn)7Hoz&$$-2)j1j2reeyQly1{)6o0uVDo1yp z>K@taQGSPset>+o=2=!Np&>=u%){p<*olwR#wZ zCdvMR=rbecFye+V7B^Xn`SyNe!NdmO$E|}9Bj5fR%VbI$c)j_eAq)a=25()qh1EJw zBCAMC_f_`%HsCgT3Vr^8#-AxNs;e?`UcCHv^-q})K*^yzK^z`|^P4&TRQ46ldQU@R ze7FAA-ddVvl!Fp-jd zD?$hfu&aLkGr#>d8*-{dR_gI!njHX?1i2#17uv@RMWx0IM%u^5zpI3&fii*{GkuML z9#>eL?1C4OSDMy&s#@AkksCg!BJ7a&tj&99#a6u*DWq&j_` zU-mqr%}sy5WwSi{bnoHjqY8N_@B~WUEJ>m zo*NB)GO6{_JF7&8j~4Mg4r=Os+YO%-x2Y|>;<9(7{e-adkS>mrmqT^bk ztgmDKJfHWSJG@0Ss&Ur4g8u$k_0Ugg7oI?dh|%lJ(a-;wQa-Xzgm;uKks&OZlQgU* zMr2xA7*&l|JZFQh7H5}<@kFa%K4x`-O_L}V{e1cxM*Yk1UG}A2E&V>aShnRTXy%wK z=S9`nuxJE!{(!JIG}LA{FEEyZvLnp4i7jWQ?NPK>B6}}7ojqw>a`69k)6X$ItrnC7xA(TQ>^V$msx$iab zlkDAR#Zdf#k7*-KZ~0RDic$S)d8Ha(SRX6tZ+EC+K#VwJU!(Gh-NIu#+Jv6Vj>D`g zausBsT}y2Me3>HOYH8GB&^T|*(F40sBUVcUN{B=|Y8rH9&U~zd3gnq$f~CLPx|lym zFCTd-Z5yR(uBqP2J9?8-T_Y!loXsta&-i7l8>Jl7lHDfZufEbvLmMs(_Eid{b6uQX z*rZlS$Zbm(H2aD-u`iEYbahp@X5!e_uq*!2Z02#5EWeGsKiKUFa~ z$^q!5{RJ{hF>q6sxADf5kVF{P}18qn7MMbQW_oS}5 znN9c;{TB*?&K+@6*rExe&CMBSK$!$lrOQ&inGgM#<%<2$(zq#xJEmagR?^i;sYy@` z?*nM*TJ$Y|UeKEt%CBPy24Q$ zas-*NEqqtGuj@woMMbHCqs)KeWW~#MWzKqYAf_V#-8dC!Lm496hfod>eYUuu6gZLG zV^eWqx#F)Pcwdgd#4ImTTe;E9`Wezy5X)yom00MuON}N9O;BZDd~^zD_sz!4we0Bz zD%wChSHvfkznJie?YY8gxwB4|GV&Vy*OYL_&3x^|2gb(GcB{7vLuSRHPyOHqDV@PQ z0{*t3)VqQn9EIo8Z_30M+=2dj+sSlf+EdkJVmP54=x%@#s1iE&&%AHurAQ0K&6DFR&OkC~bt|k6?;Wv-%rA*H z)-+;*EQ@)e63)?)rW45C{TyvOnvw;2iiZ1x3uMU;R`pJIslX3YC-05==YW0yJ>w=x z{cFX=ofQL>sAO=ph^zLPU%@LWwCQ^jH|zuw4IS}p$!(21=;50=xwDB-hdG*f+!A-S z;ysMbJ-c}iTh&@BH|3SfY^qo8yOQ(NJy|i_(@}JlLYZQzkz$i2p|`UtB%nE#9{;@H z!L^Z`UL2r}zET80<}1mpkM^q3RD5l-`=QP18o5u{<(59o@QpEvv0tpp>Ph(Gtc!E% zdZN{qW8Xt&YMo1Yu9D?xTSQiE)Igk5_AJFvV(GFLYk5u+_1()JW~y!R?SoHmQ*V|B z6Ed87rl;A8W-2>>-bqVyuv^;*s}22}L~?naY7|*I(CEGU=ZW6#Pl!dpyy5K|+2?*dN#*9XRlB056g@T<9H26F{IQ-<$E@Wk4kr3*bIF zQW@>E8y=nXari8Y+K>3?{l6hbQ33#-c|@!^x^{XPFXe+70g) zT7ELC&LGhfGK7~FQHG?7pFoIQvK?UYQyGZ&PV>|mqMqZkNT~0^(auzg$>d+V^ppNO zc}e){O2G3KU!L$1j{>ug1Y6Lm#?l13Pu+{H+r~`vE37668A&#;^&`KvdFH{ z10Nk5;{p4}=q?k?@Z;+2{xEzqOBx zHNLOg_k2lfjW!0Nz_`$Si$I& zkDcy))rdGn)^i`P8AP@1;P!)eqW4Ck(|N-$SWSd&W8*Md@#(0FVfpN7&>sY%-`8_wfNVfxbzQyQ_LDd39G89u`>ai?xw8n|tL5;guN^?;UU$U8?yGic+qCPy&#~3^ zSM?acKl_l`$wKD;ESaG=IO^vBKcv;@-cB0bPe|y#XH+5e+St5$n;2jKw^-1422+k$ z=i~$ich$AL{!#(C-*hV9q{>bk>w-TWpopm73S7aB+0F|>3rOTw21IIB8mjHE=6+{S z(poyyJDKf9%gH{dUhDYeWc74ZD@r3l2C(k?ZWMr8te^9~8}6QVqd>apbd8I1Y=wQM zfll6$yESp_Y)3O_MU@apmmS0?kAlXhUhG?x9d$OdOUbkye%YOE6|hJ6s$N?{UQN1g z;UzsA1gAJ^D=H^qRRK!U77B_wNVxBOMR!+zE>CtDXx7BYg&`sYKT~KvU;u$^8(@LoBWNX@|1UF}KP$O*85zaW% zYCF=Gblti9L%_wJ5BI}|<`c_Do0ueRbnVoZ|BLjCKyc0FLH6-Q(W7GH(S{2|1yBUgE_5+@>sB}A9gsyiUvS7oaVZZUZV(}}Ju@xI%Z@dC z6O5rii7Wa}5|LF>rnR)z{uC-DuPZu#AOZiniBQxJD!^u0oPd}TlwO9bO4p4)p7Js@ zRCg1iVnE94TD?0yWZ?9{xuPVV5eaUJ1w|F!#YTxXID6)A<*ju^$8mqVQ#5WmWxtsa zk}K^;SDRR3=#bBiRt|u|AjQ;@p}{Z59Izq^la!Ay$>@yIWQOWskwC2XR5H5i*ROEl zYYTzZzD$iW_!9s+fW-b>eQB7YuHF(grltAa{|`rwpx~e7?xO=&eG7(EOSX&_L!X7X zU4r;7wZ1p2BT*3UI;_S{eO zlb`kYYE-qJMo!UH0pSa5ptHVUtLpDWu=9dH1r<_yO?}zLKF)I4IfOekyc-V`abbj zUyz0mT5<%ca-+z^IBB$N!;w0@!_o8sB29{rFIG>RS8${G&O8G;q3`3vPgYG2x@9x@ zA}qz~eg{35%t=Tzk{)M$&ZN>lv{HcpA-xW;1NR~>MijQM(nh_x@KC?i0oYS z`(6`VgsN`nlkDghlx-2A5_RHU&h&fkAza4*m*4J)n@HOW0TJ@7mZnvIK3YHrG!R*R z%J+FK(Z5=x2hlF@r!yf~P(T%?^s-}v2f7Gao8r7;zvT_lml0W@QzgC} ztNRc&eD}CPw)%6s8sWJyrG;;&@WKNh-a{uUGK4xVo~_J<)4sgtOsnEL8Jk;#+h>$5 z{muMQ0h(dCYYKH(81BrDc~pg!(x>Vqv`Mgd1CM@XT0;{rPdjsax}l@&sc9Vz5kYJ0 z65cBzXCKoHFD-{8PB>|5cZBFw$o33Bhrez^sz}JOD%{X`PmRoGEUs%WNntCTuU;6o zH$b(q+UJ^x=g5=x;2mIws4-Z4X505)H zcL=(q&-zJi4b*xr&Z;X;p{m%U#6t33%lzK@%>&>oo%<;Xz;%Fj4B`h0O$F!Izz?ShLwyI)_NMOq_g%7L0Uteb%ug7L> zVEH&5FX8WMjeZFWRmGN^EV$W?VLD6IA%@A3nB(p0#N8293+j^=dhJ6pd8T z@Ph0*l{ika<^YSr(WOvP3z3+;l~gvbQomVbC0mVyi>NtL#jJH+J%P1-Hjc|~Rt`K? z;|fV}xhEx(A@BJEGF2lD4&(M_nSECr>Etxl+8Wu$7mVykT3ITgs8?Lyef&(7vCJ@UN-NybM5OsD1q7 z6%-D3k*CZTuQ=S%U}jdAt>9Z%;qR@d#GLi6KWhM0CvUelSsJA11NiRoJ+qd@M2ly( zC%13NVbC)X5p64}77kAPuN0%;uC#!KEO-sguW-N*DavMT{Zx=Y?MeJ>f$ji{x|jo%8a`%ehbbmo%CuWS&KrgWw1GLg zUteKaSj!sw=R4gRx+otZt9yoJEyd(85pANr05v$;w(p8!4`TIN@h?;}0+POs+HSsF zFKDKE0&O6@*QR51?~Pyi!er_3jFM9_J+HwYZ)UnP_S?Yc=?1j#!hP42H_*BX=knOEWb;l}Cd{ly))+N8=1uIrxU&Rp{U}koFVb;POe2|VldZDQq zm&i3Iu=M8bsBm8bo8cUce<%X3_!{98{z za%JU40|bqHeq3D;)LoP>W9ggi#MMM@tPSXNcmQ+srQ!|TbK%8{ZR6?M+cHX^*;hR_ z63d-a!kKRjL~figTKj5hGH7EHLM()gMDZu2^}8Rh-5Rb{lM}kp-S&^lMWJ=-J^k={ zY-Zaq-V;+w*HrFAKEp?U55~B}>pdJP<%!8++%o>u3h++Z!bsbGwOzD!I-dAP->KSn zk%(h&DLu;_GVnD$VL3#gXsALdv{u~;&+LfxzTd8b=FNYq&vAx7r;uk(x|X3jO9LXi z2oSJ*t^xAHzcj7wbj(&}Swrrs%);uff+)GRmU2K6(CvweyK?~&i8elMthFDW@-2p) zF?N2kIR(0%s~gziJ&n(NQ7TwsoMSCad(<*ciT=lGyZne8RwCaut*Y0Ro{a(i0gel5 z!v~#y-jjApJjg^~q9^9@j(b05TAfMK+{=w@4sU`i+m|X2s`{~SYH8ftTiq%jx87HX z7(To9nlL~J2=zr36txQqwlk4R(m?xZj?D=(Pmzgl1jadqx0LU+P((yeQ&dOZG|sFm z9H(q)d{aXIZ2v+w6bv$H8hW#g#EBRC&YUp1KR*sI_Dj=!v0A4#P_-{md=WMo-*=4f zF7Hu)6?^ZV33ZJVy$LU4x|GPE#WV8vvYo5ViHFx~sNpXwBD>i7hwerk(?C~fBwVRk zp6;pK-qk{VhHm#%Efp|qM#8Zgu4 zTXM?JY;zAwIgRJ!Z~f_L77ql)M~X6!*Pi30fcz7<57&ZH4>U7lqn@woQm0}) z5Erfvfm&x-In0+?4Y9u4EVfbvv$h^zyEtjB3kD9YHd&=vmFN|$MTLwaYEoRFy`vRI z^tA2ltzDm;?%+59KtBV+b>beLKra^ zHoe{v_^yHZ*P+d5zO4@8sb4y!2I$TY~ZwtuI*aDEmEL`OYT2sM$`^8q6r8c$Nq(RT$qrro}L zsVkjxMY)Ajwr3Mx;mgJ55U7JAB3|@YRwe`mnG$pE>5^w9dGZ9}-_YPwlAJQV)VV1) z(s1?$Oe<>R+A~@8nvLa&UL98J(Lc(*<;``gpxw%znZ2)H91re@)!D;+-2$v9RwAxu z^q7$U>gW*B`IKgQveX{`4;634ir$x(Bin~w0Ynq-C1z%-R?3xS<&6M)4itLvN`n#0_hr|11^UXD%6;OT$4X(k6X2|+t^Ev>l|umNw*Rf2rrI$Lj{Sn_&U&rWE<jv)9t!^kRR<9eBqBmmfm$huA+~@IS~D(&U~?$n5f+A z=##gdr=g>Fr`21(G*rB~Ei&h16bj$29$iZ;gZ5~i4r#7Ug5Sa6u~jX!jJ54!@!Meb zOd6OHqu!c5O1v}>QHG>+_L=r!V60_Yze~WJu(#!3<*!s`x>gTCIao5Wg6$tp`&wK# z5Xisaw$=WzU7Vt5J7&#QSXUA{k!mTx^oh=1KSVp2ekzliOcCX;9RrqPKt7Ny21rKU zIY&`=TZuWO+hU&<(2JAPksAMt#p#*kY9ro`NNA-L`0R!|D}>oehW^3%K?$ zfXlQVn(KJ~qAs>JNhKi@8GYADZ~VGcmkT_bUtrO-0EB!6jm^J`!i|K%Y`({Pp5Mzm zIsmf1(*YZi!m*a-NP-NcD%MZ+(xtumo8YF#LJQD~(O9(9q`d7oUo7a{l%f*lS`C>j zN}+fq>sA+BW@?8?*m40&@_Hv5T?^dPLM7~}1kdX}u0r=6j99eQJz)=U32vc~oh+>m zYK5d51;%}-v47PT(pK_TofIGnIcm_L0vl{ExBoz9#(GOOhxphk3ExNm zL>ei2RXEkeiAw#6|1#eUX;t10F|rdAt#xuNHl7Z)Xr1rK2JB+@;CcT#f_B_KK_QJu zz?8#k6DI(>n=&@Gs;%#bF54}O>hAc|Loe`Gz-tfUQk*31sa>C$SXK4-u55E%5CA^B zjNDE=+ARI%1~C%8dS&a(*lgf4wEu2PslCBRBknR0naQxO7T1DU?}kmW;$XRVHO*ze zx~4s0o5qUW#^rTW-{ugar(Aq)_&4KsP}bg#TLb~YA=J^7MaaGG=!NI%>Mm^|v9Y<~ zR8uNJ8l~2d^5?pDMd@9eep4npZg(D)kx|XyAKSN>B=9(6pA#9Vudq_I5+HeAG!-Pb zRnC5eeX~Gg1D}B^hM$-}7MSsu27fm2`^Mb;bnVBXwT`w|$U11v*Or}rAXbo$MKqlCwW|P^# zsQ8A%{WtBj*;rC%*48sWZL5!i6GF3k49X?!qx0;RTJ7dfc8N--c5zn8i7%*27jrCx z!H;dcn<7nw>DI3mvO<)UwL6M15+?zE0WyQuV8!aKZ;{Dz9Fr4bi7i_${ACwvzY}L> z9-f!Kpq}+oo|PuaB66$X`-JYi#;SSU@X`x?t_(rNDbZj%qM;n~^l!=!>|Zx_j^L1M zHMqg3NUrU$JfseS-_gOh9#5ybitTK?-?cZDOqA?I1lixif7H-iu3%!A$^wl%g}(`w zyf`KMzzN&^4*PjUsZsnv`}GR2d3F)YdC{`_$f&-ZUA$%=ieG*$5Y`S1B`-#0Un zA9z0H>QmKw&}Aqx=v4KvoIxdZYCF)2PcVxIcI^og{=9=`j9ka2k(m_|0d6=Tv8B-Q zh*0v<`~x2*>(<0I>+^d}USv%K(ZEXb&n}_L(>^UssE%Rw_#G!Qw+!zq=%wEE2s7l# zq;DqTW!~3S^=m-J+UTX~+QhKfAyu(u4{weW#TOU9C8~mH8ImX}Cvut^{s`M%Zw)sqZwL~j3W4jX1DhkGOE^tp4NOPuhgP@WDN|+~0u%-gy zxY?pnTIr(Wi59jgYm0dTwXAd-v;~Y2_u?sLrab-QL~>OJ19^^1D+u!Tk&*X~SCE%I z@QU4TcV*0%>CFH|uHEPl<&5C3k#@mn6sslG3)E5`qJD`?^vbA? z-g)TYgSGK4v2m9aDl!GL*Ar!>Tb|CfWUm@s&c`QZI3SkbwM6JHMVbKf=uf`cRB{tY zSQnRQZ^QMmA{KTwl-KVhnF_}Q8K{@gA&vr~sQy@Rf>OdtU{sL#VSH$vmF*ersXKiM z%Km`DVY*||&Qyq76{PUp{HVGqkYkcQe&>ym%crHEDrpvuJV0aVQHWLtGnYoEX3rwH+s62m>BQH(< zacQebL210s(}RaV18~a7K#$i)3luNvJAylZo(A8&)gSyqzE1n>K{+dcSO?8^G{{Q$qxua@$?XBLw<{FCi-r?0tkOPO9cTWio1ro z2#5ceE}Nxk4R!E&Uzq!sFT)pCua;h09nF=w9CuPF)_kb2Y0a#8Y-IK&Qa#|Ps^w`0 zwN0>NX!IPSRNc`s0}`F9u}!E1)DJEGn+8>Zn-#*`v{C>t&PaQ&-a^V))b!Sw`P30$ z>S0HaUZ&fH)A>*4Qeef8A60tm>PBv(N;h_kjOuhfJViCRxSThq5O5>tra|Z1i*uLo zEM?4ZZM(iJ#e9b2b*x{;nEM-VF@eIU`b*fkmdPpG7QAfx7#cGrQVKs$}Q z*A_LFjTZ=4RfS{^X1ifdF9HL~0JRcYI_AvDG`SK6#7K_H zMoZHpn}dL6Z0we{1Er&7naX?@6AjfzD{Fa>U{9<9X8&Se?PFfv_WeT7x2U@750P~n z%Noof-Lri3K~|2aN&KF>d##?B;E~r(!*Q0pzf>Txfg*71&(A84p3H?>&9?*{<0|ax=v6L8C*Aj6DvkhQx2Z`< z`x5i5${tFev-|E1A}&Az_Vx1mSZPO)`PayBd;9GmphF%??CR|f$v7qGYD`D$%KX-frr-fNwn4BDcDbC z93DtK&2lN{5^tqj2znd-puy6|(@|z6s4m(A~)#DjoZ*&CS1y7We!rknn!rDJP@_II#V|!9QJ2_ z4%Z%JV=ny+q*TI$3~AytV)7rxF!y5pqj@8h;6#JwYa> z4p@kQ0Go9}0^Gjj2V^|~2;Iu0r@pnTj$Mg}Qb0+lv;?cIm53l#u&7`f`dT6oF_>s_ zuJSF9>=&+auxl5x=^Vx%o2AUtCMC(}gaBbA@7P!ubm*+*+w72oYlf0YHFb4D_KVQ} zoIH>8;b^_Cr57(Cio9mQ;ESXmTv{Fy6;1zqzIi3k0zLyGW8Fb8@&<@F%sEbG!FXNE zyfTMp8>mbWs@xF~awLo6hTx7^ok+d5I$K|L&3I4|NCb$9G1J5KL!t{z?+K3tC(9Eu z&^}KzNjE!3GIzz3O}-eOnrME1?#1zP;+)N`>Nr`e&A6?n$R#>#&=TkKQC&N3@vOWV z1vh%}$XrviN%yM*1`#XN03))LHGSyZ;5zNcbqa{_D>zum2R2|*%=GRlkm||bb!bk~ z&|+5F%OCsjKJ5MGb9rse8-P=Gg+Y?W=RoTfcrzo6x+MAeM0DfYwqtvZu&lN zl{Q8(YMO8)IpR!En℞ZR6sZ$;v=f_wAX|_KWE()51b4MZ|>s<}-&cF7We1VQE@} zZ~R@Umfx~BpNq0bJX9ahahM*3THEsm2zu!J^S=7==Qx2IzdAnCmkL>?N01{XOf)8& z1-Gc!)DLT8E5!qY#ETQ6T<_UL0v$WkrC)LV`X$|T#oV>b$cs|36(}SUnvnU?n3WJm z2qY~Qni`EAyZ`8EjYW{O*W9O1j0}ddhOb^NDeDW9d%&a*z4N`D5&y(Uv%(dT%5q-Z z@hGPmY1~FTP(;+e`93D5H%SC!|LdQanDG&f*1F$C!m|VtC`T}eP5xy{8(B&bTi3(( z(p2(tMIcY8%-#e|89Vet&!2=(ra!C?`gNg87Q zBRVhACN4t5xsjNZHU9-@@Oy6<~fYJjJ9jEo)wwn%* z&;oPF(9JkQO@Y@>y5+uEI=@ZDNB1A(y(Y+oeRo-bDERjwHlj7%ErIG zFz{8)lR5I+CPjm?JJ0!59p?5t+BKkaWEIXd=wl2C%5F`!0+Q`%^7Mvffa`VdUFzBm z?fQ+I1w6cz;>fvp}W@?k~Y@a(S!y)gs-BUwwm70&YKAu##w|pdCr#8t7uxMRN%G$3h6h&3q|ju z+PpkbsMJf%XNa4?M0)(VvK%ou9p?YJ%1hGMVVvtqkyo0EUCQ1Cy?eUKz z;dc!=W;s7D@k>(1KC$cMO=|*KpAXNZ1RW~!OWv7NJQvgfYXLE{KkINR<8H7RwKm(<@d*Qg( z)_C#2IwXGYIkUu47W$9?O@v?bd839Pr=|y>Z|FU7+YN)a*HXbPE$lJW#^Ni9iIn#E z8G7{o^9LT!0&e_gMGG2;qu`yxnM~|dH*Z!1D?d%A94oM3k`tk$qzeha)$;!xo)~hV zi|%Ok?HU&vPELu}v`U9euihw(W%%F9c;__Q2tfG+@BGzOLs}e`!TuGB0)n9uPD&qW zeQpCoYTkJ?)D-4CL*nQCV=nOMv;$G@P2IdFhTFYHKb-Q>3WN z_*k~A$6Y5F5NARPq;Ckk-`?G~&Svm+BZ6dGjquWL7isf zEBWs3`6k=pkstqUsy~1DW!XDAbKPv}vAjCE^gjApz(Qb9&C{MDUMjz9W4DpkwE;f) z{)QF=9PEEZ=ac-~I~Ns{Ql5kWKy&V{(nAOP;>N@!WwU87>lvwOeDs0uOIpg%&Sz8I z%qJ@EjEC+{Z_{4N{MeQ7dwa#w%dsNh-w_2Ch*wpW?VJLTMgTz_?r1(#PnQ8Y3D5f9 z&hWZYZ`r={_n7WYdcCYu%mj>@V0*#ev-&?G{YAJuLRdU%Xu!6c*0h3oax1J9&kqOD z#^!2~-{{eRvv5o?4s%ixfNly-Ag`wppU&I+w-b}>QH`EbANa^mGAJOFRETKc9n$6l zN#_TnvOl*?3EQq4o5Hz#-fFl4JzF2B(*d+Ct?|&uu=+shUnlfFBaDn1jli-sMWBWQ z%pYo$`#|TR_4vS?po)OMlMBe73-2`$;e2|*3Zd@e@(gjEUfLxMaH_^~zmqR6=6Js4 zxKFDmN7CpUy|!k1VgL;8@~+pge8nr8t!aC*vKk23zPs)FBOjH&C+Sc)Y1@D93f#9w zFc&2$vCfgkvem+ErykJeTTY2!7Zki=NF#B01Mz6=n*TKsB~fHE)4ww=Q_>ac^dk>q}t8K;i&?qA& zUfNEChLeR(*)32;I%D<_0GxVYtm5@3^sR+@>#Khs*~-Gw*2&l@-r5#I0`1{ROa^v& zUy@Tdo!=5YI4|3m*Al8$@xL=^k&hze?~Vl|-mptz)i|xWZ0AwA;%{OQhRhFEMo_k= znB669I>mNxek1?wQ@`xL>sKPbBmPX{N(|Vk{NGD8e`)9ES6sh3iK_%bQJ;$>O2-NeXpj4P6qA1p@Ul-$_#WQ}`nQ|dM3Pb2t{cQ8 zL?c}ECb$A(7J(hL4G^3GV$Y;aaX_?{41wgHtqlYmpgZ!II4KT#Y_p9Rwf^! zP92aR83yV){**F(bQ-&;8VKMOhRa&P@*N@bD-kdf+V{C4^y&!_ASey@0hek0@2}Sb zIxODivJSV_8Tnid8tL zBG5J+g4#+m{9D!ZR~T-da{`+1uPjp^?XuvGPfj`u_w?|ESx|tPq41Bi2I8IS8%-zs zBR$evWY)xSViQrRtp|)~^bW0HDh83W(K14&?kKwicVMDbA6(pjW=ZQg)foSM??tiSfzso%7`fnd(@{Tl>_c6oeB2haM2bEp@mStfGbR6rp+$Ff&m?$*nvG{j!)9ZOy%WH^`eiT{5!&$@s?Ek znCgbzZdk4rDcv>$1lTR|i$JBScndX<=8flJyPyE$>l{cbE7{H|z@(|4)m_UdM0|H@ zHcAk_o$ftne4s3;u8wZjsw(t=c)AQIBbAC##o;e=DlJG>yC8$~(=D@=1+{Q=QSnCb zU=LqsUV^!)DTysj^5`?5N1EUIO=ttUYGCXB-!mJK$D4hyuH~OBYKGmnMqg$ZeW}Vz-@2?=>cd8sSEGmv$cv7^l1alK}9^v~IA7)5L|$(fZ>j z(TpH8=vR-$#6)A@`CXSer=Bt${y1LxOhwc}3-|l~9Fbm5lL#c-2lgXh(6|=~dVLJi{N3MqVg96IB}U@ce;bf2@OcI_%F0H*ub zpZ+26pJIh1xb~`j>1X*TADu_*0#*e3vbwQQaCL94o$cBarhzjhhOd7z=6|>Vxc|hd zp`<=&?}r)-=;H;)nLz37p;}));d=^ZBfE_`Aa~ZUcu{5hlxsG|UTz4D{?P!|*(yd3 ztM69p*qzhrrK2VJ}}1+Z)DLROIf-WT8_X;cPkIR6+0qW_I|6`sh4G=Y`UpK^bc_yCn$Y>Y#dP z4-$O5-cywQnxYYN0}MR1ReaP(I+uCi>fLX^Bfo`*>m}YL1cs_B2NzSX?ImY?;tRB2 z`k3ko39Jo9VY7H;XCP!|*0|CE$6E30_FJ33rVc`0AX4ZYfQN1L#AB7J=eezC>ZHo8LoM%)N$e33Oqzds@T~ch>?X&vKL8Q&yT8y6U31)G zrZi0hyFq>TnUI$i{MSpb@@!)69s%usk4oDtE#W!h#Rzc{a@?odsuSa%4si`9UApAw zjyZmY@W$zD6MLTSM333n|9aPZ)Bkg|T<#aq9LGc1(z>Q9wYuw?Q1rk-rR#$A%b;sh~-qAJoc;ow2 z59+V=MqHV`kO8$3N74i@mEJJu`%y^9h~Z zrfoWx2UXdx&${!Pxan1oTpMc$*gFYCS5NPm^-oNNC&enz)^D=IG4SA2{Vv%>o*OC_ zXcH*rL%AGidvmqIPwumPS|8|1Bz*UN?P+Hfp`g=aF+D!?F1OtKapdW!H*2F%f$7DH z%2rUxJAv!LOTC`FM3sk@y;M(=L;DO%D} z7f=)YAXF5?mL<>L%G=^o!@|Uej~PAFJ|B6NE;Lg8_-ZifQt{Ik(T^Mb8*4}o%}32=ywE$hMc?#ZTds{!%NlPsi*0c;ZZ~UKx|@)Sgb1U- zjk*4*XSq(|!)4CkY0vi8X6Z$yIEP|^7m&}ojL&9)}L(PY;g3x@HMCRiaK-D)jS z|0+k?ygBqkTW6l%@tKV2J=ys_H9P%c_chQZD|QTVOzVDbsA1^^q~dK;9M*wbP!6C&}%x!#ANR&~v2LImo^&&}tLjWu@= zBx~pn0{CWv;<{+X_7MverW=Cuxu$C>^^rldh!fS=u?NU6>Xg)o)e}x~ymkw4SF`h; zR6@5B4v~(JqZKuq%HYVV;DvF${~5Ngf^`&{#=FLv z=h>g(rGB7eOipKqPhebu#E=mh#Dt2_y4WJBjI6FIa!#d4qj=kaH=nQ$!{w3J%o_Xk(?93TebU0dC;+YuM zBg|HYRO$l||B*Ss3olVuHyy&@zmT$hDg*~Otf7g$ewxV#ii?rvf&#n&09h|exOLRU z<>WLuHMl>Zo3DihnB+GI$RYDOOW#&ny1RmbELLx$dDRAN4Y!_wJCnbxFWPRzafgGKKQtOOEHsYau8gGCn1+yUd3%G6x3&O7Qci{XfIy)(M1Lq}zed&O&(VAAXG7H92>%IgXQ6l(l*N zBuxP345|&53j2$=;b>vl%IEERo~8wwsPI5vXyiYG*a2L)E5}m+X#?{ZV5#3q7egT=wI7ey)32Y2|Bsu00!N zV+sjFJ`rg2;VCXzxYVz&aX(&Jn!RY+dNytp7u}QEo@j8dXcvW+dcX9fYDpe|K<)>j zkT!2?;>PW^4?*?5XD7Y)VvwABR8NyEpOS5SS9<|lrE7b*#-nmNeUvrCbFI?9qt#;} zh)lh7QSjt7@ODf{xSY|y>r9chJy{%~J#4i#NC(4NQ{#9=6OfcKbO%14sw`)2tmgW` zOpNntQWzTL`5M+x1vHdlq1S?$nQP?60}Pppr_`B=U3a46!kI$NrOU44EUtTPd!tpv z_!GKSB73>W_=Y$-hQym$j_XAU+e96Koy&Fo10&m%MKZ(GJn2S6^A<=kc+ICw=wvCj z?jOEnhl~p%JG6YacK`h=v~l%|?E=`I(^=V`g_?ROz-^Vv$O$r(IJ=99z`Lc+A*cRq zs$>dpEMTq(UNM{gg>oX`Zc4#L1a9rc`Ztl+t#0$`?rsaM#l_6~9GF&89BDP2lF9<8 znnL>Me?45TlThb6ARJ%Tv2K@#*;3~g-Mp+ZbzWh0*(B)##l*=&^^L-`)9%N(T2+mZ z`2ad7UEywk_v)T6zNQm6Yu=() zSj#s?>+aSZm+N=qT|%QrZ%iWEM#hexZP$YKs)LBDpd>f&&k$(s6JvX;?sk?;`}}J~ zR#9YclA2&X2BHAulBY|*J!4hc>fi7d#-0JNcrUo&507dkNRn(pdcNx5;+>%tg!B#= zg~rF%PS?Eg7tAUj)YD8v^fiP&7^B(87j{b2q0p<`aFu{dwLC2EN~QF&q2wu(9jc&7 ziJI^1=1nAP5Mrm{iz_Av_+I|Fz)ST1k9avd)g<)MfN=D*?w0mMZIIa~cY8w|?mF4R zi=+JaSlNOktfGjIckgL?E@>cz@@oxpOMa}v!Xr}(;S19C0$fXuH z>9rt9>BnO*iZUsrb}rNl+-5Y{amXRjybDCyNst5SdYfH_DobJSVcxn}jOlNOBnc+l z?I&+Z9F#LiytA`Ik1~c}K|c7q^1K1{DF+u zClO4KPE6*F5=Oy(Df>`13OG5|o|sH#`J3zn z-A-v9c22`QJ3^$7EG4T8k*wcU{7&U%#S%3@w2BXBDt&hsz%5E?WT>&R$$alt5?Q}g zm!EF{V{dE7-89kSp=^L`ont!d#ee6uKVP)L=?CtWGeL^56zldClU@786nxpzfyRlc zZ$UsU^==J^-x12d4a;pmKH|@DjpVF@*E7}qE&dRj>kPgW%&J>{Kzm^?B?FvI1+g`; zwAv!-Svy_G86-dmT;|7=)CXj%s_-uQHWIr5!SU#fPn>|tR@A;}L-b$H$j}#-;iKwa zuJK6OP1gQDvm;$^isYSC*ZY(oYWV;?RqCA#g8k`1n%UE3hN+#)9ah9YgdFwdr_(d4dAdbX>UZ!ro(+i&37sckRvSwpZv(wwaI+ zB%q-s?@gP0jcTPE0{@ie;BQ*j9r(ud3MNMR@M}_oQJlutTaGAz&fr`jki+oSvRUnM@y~NXFs%(I1k~;OHL2r){xRqTv4~ zCSqvhy4Rzr-7Rtl;9c-W+KEry5oBMEg89P2E*D!gtCqBl5FI;NEFaBZ{hF;tt~j)| z)+M}I4CpTpPa0#2Z9)Ny(}=kr*7tAT-Y#)IS4vHrNX_AX*GUGY`b;XG9WPq6S8^)V zZ(>%ROKrMUaSROSm!lvLczK!dy~~5r(LTD4bDB4}{{+&){|%%XKdn$>U$U4E%P}{L z@~88|-||{9Wu7%*B#Zp&@yx0}laq&24ic-t*Eox*LJqD_7ZzaFBAcEYo2;0#KW;z1 zu~nvYhbbSUseGTe`;yMrA&Q(~C)-Ns@sw!R{vF&C=h*Y5lKqZh{>!A-S1Ki~9Ej{z zOt@84Y1C^GW2p1z{__YvC?>X21es;zth}ItRsRZy^B7m-C6e5pmXctJ?le3<$?F5* zrgQHtESCmcvIm&ms_>IHS`+JlEm4AWv|&CXu~Y4n&)Y{7f#8eFDxqN-h!82S4hdM3 z|HQ;-VloiS%LmIAmZc*yfFP1NRB)*sHb9PNH%miXc?~-LS z|8&j1B&tC;vW4La6@1gOSi6@+h)RQeO4XvTsKO49v3SV_-5-TbSYd>NMrRlEn@||h zx;>XR){LV=4b+)1ZMP2L7-*#=8mViV6pB5{=tIx6yDN}QZye^XLiZ75W5ZQlb6SBo zI6{vh;bjGu3VzvA%;5f3WvI9LpoIN%aeHAX4f^~@<^0yOh6`R&5!5^&GsIOUUm-i6 znL4$*Ag!u_*q8@NlX`x4>y}tyRPY|Z6 zTWRIbeXeGdbhl$;r~6_WyjpIjr&Fu`BoGT`Yjkc8zE9Sw0J( z`(pO-8-mN#ZbKV{fhJAJo9`Xo@VWTPHauR8RJ+p6#jyy_3|C<}pH_v!^*mU~BIT?T z|A2<`L$PR`?xF}yNx)+)%Kf02l;V$aEIBqoy<3G(EB>LsX&-R$W1gD>J7tA=cm^z^ z${C{+^>q+bL}&_49jg9tFv@Rh?A@lMMnxVlGchTMUg6u1J4C!E$CcP!m(Y!mNd_Y$ zC%@R$$-SngegH_>N#d>UTwv4=1mt87S-B+tjLd^C-aWmR#t{!q@i(>wR+p~3T};(O zw;8`{JGVBA?X29E${8_5xwuN~Z%>lJ{u{7s?pGgs;i5i2UyWDM|5j6*de4k!ZCjza zc+~|t9C&7g>FOWF_sZ|5bGt>C*F=jP8IxQVgSXeN99MslD>5ZEH7y+)aK8~wb>ywC zMp^s2I|R$r_sL_Jk5=Z^TsHC=AK-(vYJ;!B@MBX`lc@&ho*$+XDz#J==Iqj3vX?Ye zC(eH^Y5-OFAQ^Vjk9v*x=1`c0z>js2Gh^l;y7%$Z#(`l%XE;gUDdYbDAy59v^erGW z!(sqs4SU)bPz^#MroA)S%fZ*t&CCSdjb*{(8_l2lpdxnV1u!1i*!sV%WgXghZDS?{ zH#(yKr~(SbK9pdmF@e{&z+O~P9Z|PK#9nT)Y_~r6-q`au5&x@~KstQSKpd({8fL8U zO7jVCvobLapZ4PtEdJ0dO6U*fxu?mZo!nu3M8q30WDlXg)t|h+%zrO7&Q96J1TBFJ zy2gxGfM@|Zz%urs8SQHP(OW}H+ObOi;Y_J?Vx6L63NUo{NW#gH3hORO-pJ;dpwfjq zvm^^=0-a#r>(kmV4I^4OEynZ?CbcwN_O#w~sx!dK- zWSTqoBW?N>G0Z%ee|((0MZri}Gy^)lZC~$oTg3_7t=k7(h!nnTWc-@LK~g1z3FnbY zUdx5n`#BDavZ+lEd{paeS>vcrx5b{w0tI%haVUcwBS56`k%r z+9mlIj7;10OO4%K_MVj?*2Y(ClSNh8xb&B-T)N3Xv4>%r!n2|9T)y7d1#yUwIZ=K1 zab~CC&LZD#Ty+yS$9)pE$G(QeLO6}+2V*-PJ!&BQF&Jp+9`_scc zqL!#}G!|ot>Onu0Tpm-4A`RSx|MbtdsvRmz<+`!pzM=XYw3zEe-v&zoxrr z;pK@bYVR?`kTzVcb%MvhQ;N{Bh_J(R9t02=BtVellq6_THP4G?4;^{xC{!)I#jote z#MIKGw3eifXx(iy82GH?aUF{gJiG);#Iz;d6AmCrZGF@CXv`~&PZc!= z7W*oJpE>+Do~gSA^Hm{^o%Si(*vVg875g?a5EjJf(35Hf>12h-nQ<_E53~-*ebKt% zD*!FpR}$DL5o;apD%*&Vu=A0|+PvF6g*@Ulc$u3odsLVOpqJM#kZblK_L-oo)3GoC zCX-K|8JP%u3c24@WeFkBm#N3qU69uoJWURG8LAzTguMma4$gG(>*V^bY9K&3jL}mb z3oU>oCX_pen^f5^ECOAxJ;)oO*xN4yaZbN^ zE=2|PKw}Tl$9Q;fBEG!Yr8A6|hRSGw5Es_Xm|4=kcW;CO_hcD8=9`~1l7jr_(-mo9 zMTHO!b3jQms%J07rJ}sJBhR0Zx2POb#Yk(y5D?#!kfx;-H zj8pmjprwng1YjODR6H~D;dYd*cY7E$CdAl}@`yx`+Md^~?0EcQOS%vZ5fhOEFseVu z3&1j^982XI^jy9B|Cxc@u&-XUP9}o>2 zQWx=Q8u>l)cJiUA&)#7uyM<8(>2+cEtSi7*0_cJzFURYKeAomf&X zx$iF>-I5Zl)W$MdT37&a7>Ex;#NPIbj7z=hiYJ}&IGT;>^4U+6LLz4uFa8vmlHMDF z9<8{IQ!3<{R=+hELqdj2GdLX#?Gmr3lD_4(%)fQAn}Ev%$nMfOCd)kzZ4a~iw;T^f zB4oyzjN;wz5)0g-k*B$7Rn&XGa~Jq9m|aMJ5&=|{wjI5cdr_lo=|gSpzM~I&fST34 zxxktBj1t<8lWgDp&5?8pkNn4PQf}_)fyv1`ZQOuya)rlP+Ep80UVvVpWHPJawy6Cg zw?JuXdTZfZz-5%dl|&V`h;Q_L zi7G>;Bu7A3|8zxJw0T1io=Syo&WI_=Wra}S!|hH6hl}CpczVa>?UKuiE2kq_wm*28 zjgW>*{WaI=bLlgnD^qo3>H&5f=F2$A|C=1_NpXYz>4Z~?LR>QL^GlzzW(o1ukVX8T zhkU4lNRhzeAIzY=)4K2Bg?HAh->omfLsoZVy$d3=>P3EV+Sp>{Xq;ue8Sy9oR7S$) zq97FyCQZ55FZ52MbJ)oEj zE!&y3Ed?E4m=-f-rGEzeD?Wt%MIy-y^3{b_*qg<~;@bs%hJQ|*h?Sry{11;qw7K|D z+wovbzF~?_i4rAiY{A$szo=KgY8;=Zj6edIfXXtQly872QPa8^<}sb<_8}EK()u;L zY4<2WywP^-2=T{YSkK;iuA@>?NCSV|wr9BIOYqT^bXI{AGBp~Hsw(;Z4C3vK+`*bX zG-H{k9pk@IltOxU{`{5?+d+3}G0((AQ0nkKXS~q( z{X|1z+J2g=!96d@tb^!W{Kl1chm5MM`d)o|is z^~EDx@+Oi_8>|_XrBIcKG?kGMgxBCxyPo6=J67|8JXZo?%h9^WDKponrc9pX6Xi&;je;>ai~*6?HY&ndQ+ zVhPDu+2%2iTpbiH-tOru8Xq?gO21kysV&zp_e#I)BMXu4Kh|vv*wY(`kv^h?hUz^0 zvP+Zgrc3FyZe72rULUe{b6O-M^m^kBJ`||K;|MQff3wd4AM)~hDKHGhw6^+4iQ^ro>;!u0c;v%wkZ;-78A_3H|*B6ih zH*WH%R=Ztfw2_ zrUVYgV#+ldi)j~YN4&dTiY5GVC-%mm1}pX`ySPMu*2(r#RHJ&k)Vvqn^{2V6zQR`* zn^u;)52#=-_}NtYa-y(-opNHfiXVy=-Vx9;u^4K=lQHmdet0bVO4sy%__l z-`$Hr37l2}A@TKPIm+j;u%gh^|@PyRuNVUT$wDQ zk+-w{Zr}*EPaa1n!I<>whI+GndA-ZMbks;Opz||qTpk?4!Qsx{yWBYseB0A~Z!CE> zQE=(A4w*^cNBH3R;v;aj=KTJJ+p&#u4w`OU6gluQc~9`-;_`6K_!NH4SLN_eX~Nkf z91wW({C64N^q4`mFcMJ!#Rg?<$W%`V>&J#SUVIYtP1X2YRBFT4pt)AicUb!j@NDT+P+ zj6>*(*a-H{C1+`B?RY+t;QZxF^lc4l%>mKoL@%~7^AhTQQ#r%i$mC$WxobT->iia! z{V`zf{ncCpDdhc#wut3}zH%7d=}jK32fLj=*@x;>1Q`nGOl`K$TTroPKi3^Hc&Epa zXqz5<2s2K|1fF_loQg0Z3HY5U+6+B&f6n$47*04#ncQgn3uncV7Wn8SZVKsFkHve6 zuVy04cR!u!^lT9s*^3LpM}QaX7ndZ_IR;6wzTu*!MpApvdJ+7=>{JUnK`Sc@4*u@+ zMCf#=5qTiqK2)jZoR|TDi5I0O6xd$8l!p$;eyxc=i@izAzA=!p%XxcdBTm!3D;;xp zzvlUw`pzPJT)X$s@XLEY>R%+Np1G(i@Sho$x$I#Q6A``-V_-8C9)6AkWw9U;T#*5E&cN$Im_!iPB+HI#i<@271cnHMrHi zlMn~g9TA;Pz&*FjQC|(zptEk@8DaJv|I<2Cw1%Zaw+{msX$2&UrE?AvClO62bEKR;>gfHeVNLRE|dt4*n-xHhV@ z@X$y*Y+P6dckDbgB5KTxC8nQ0K{)+`3fyMKQZn*^{8x%PO{$^HSxO-2vqc(EEZglV zZqm0Fy~Qd|M}SI`WY%tZ8HtcI=zEJ}U0x;&qhACJEnUaut{2Xo7`9%YN)$a6Y3D?b zmv#GA6xiIOO3vEM6(N9t+$N_G68QXXd;c8Zuu98B>-ayNa1u@wN>8oT)=GV}m9+ro zEcix=0k)iSPiujl2==6cfH12+CzO@O@b2a76BfgQLps8s=NhV2wpwRrM0iX5S(YQ7 zz)4Yplm~FHi(3w+MW#tc|5lH|Nh#aoiv@DY?sy7zd(OXvgRr#{5!jmJ#5{lJ2?b7<&LQeBXF8bPhZ6 zmydq?)S=94mw1%rYL*L6e$4_=?UJ=E%3a@)zlbqNzIOihIjJ=HsOrk#^-=-T<%Prg zi@`V?s*C^ao)|HHki@C6IIXU8`p*~4UmmK!wM)4TYQE6?&;0{tLUHC{??rE(_mjmo zj9+;Y_twNNpZB+fKDnLKL71N37*m(WChy@vg$=|cAcgD^WlAg$r|!v1;n0nGaJMxYA69H5#BEe1dnzGbK11o-g*c9ChTSzrw6ZKDGka=a<_T4 zcK3Z}e?reCf7yBI8p&JkWWB70BokS4eTX;-PTd+C$r+gbr@SJu{iE^jQ8|fNff1PY zj{%x`@BgF+2KK_3swMJ5D3hVcae$&ug}gJ<7rTQ z+|p$$a}N7*qKW2{p*6UT;#VMdWLQEZ!FQ*s=X=s&me(O$y41XD7DtvtSE3QX`=}JUYK>|afhb9puPsI} zgKTzaftidbNZ0j{oUc!0HuNY@j41NdGPQW()P#bD2f=f5q^^ay=J=U~kTXhKUf4jG z@DcqwB~XO@odr}Z5j2&rxK~DGvsmdnAMlw=n_P786rAaHsJICb5K3L6yKgYkHH*sbCXT$%BrvUivk9o)D9b0DVQ)tyAiTJhYcW+$oI zaI|lqkI{=JGv3EKNt0ESf4;u%8aZ6lq&73YtQImgby~D$r7QyD)z%r-M)QqDj?g9_ zn>%6xi?MK+90JXzz>(em#J__x=VDoc(1m)jU^TTnR$rROS{Pd`JEg2h8>Qj7m(vlp z7_QSafg8t81N(YEI8Z_#1FI}b_)R%==gAPCabcmyv zaZy)N;>k(S#8~zLaDxUut=+tLZ;N$%o zbYT<4*PFr19nOa^?6X^2gqVKyAFK=)I3IF!R%jI)7rtr@&JJO(UyU1H@(;m~#tnBW z!=a_v<|PA|+~IfNtg?4EJtKG9{wrIv{cpCe_pJ?ZmPUu&&w?^nwlT`}*542hw)K|f z+vn=`@=+%z{Bu}b4u{9am;3q|F(^-0P9zeL7BGyl)FdD(BeGjH+HHPbXWp`=dh89= zA{qK)@WpI>QVc8!$P-}f=m~2~Az2cw+gEq^_YTA0c<*0xQB2yO_eAH2L%3Y!Dfc?U zka@zPTp5fpUbg454S2oeH<@;x-Te2SM-@J9q47HrIEhCP@SD<0(QE}4f0l!5N;pC$ z-8#H153hvpvJr<+j{J-rAz@cKFdBstVY(u<30u}65x_8yijSRFliwNC0=YoZ} zRZSOFe~Mn}lCYD9X(lx^<*r+E1P@A7 zmMx1G^;C2RvL3E1$wRIyn5wy1Z*si~FJ4eUnR=DAYyb~r1jqcKuuuxh-% zXJl6P4y9A~^6yFXz(so4tCH==5tK{$xaVEM1CWpd9;8?4s3Y6#H7>XNb8iwwOfOZjqt7!p%=Gtgi|Ih?zXBs3nX+A z939;buN%!d-#XnYYnkSK(D+VuXI1A|S8&yxhY%oNZ*p@b&3*}!dEJu}L5{}!VxHj5 z+Ig#Ia?tt6SaTCHgZ8(@oib8|)cN;Z9H>z5nCJJKpP#lkn4x+5B&*3kRydr+r?%4D={F$-4$ zx+*?VVVdGOTpFO=dm%<3)AU&OgPHyeg=S(FvHTgI*eqPxnZ1TMyrWcKl7ayZ zbXeHAK%%O~Vo6NNilt11l+y~4CZkUV}?+;p^RzxemSH^G~oOA|Y7OD{tD_6lwYQNRqr@ z{pHJJVJDeubRofCU%csTkFR^Rou7_Ym)*5ZELjZp0q1Yr;1c+zbII`?$Byrv${ygo z8;|GvuF;GB&#+Z@!3IT;aHy9Cw>%5Im5n~E#(^Ts9{MIb^)k5-3h6DYS&HleT^GV~ za#e^95Vyx1xgPgUbMDjh-8TP@%>?(u68{`qwMAayJ8xE%)3s+|ZQqv(e*?XBZ?8FX zLkRS?!E2-+%zNV9YwY~0JfAG&+{ox&J_KcS)t<+L7t@;QgSydBKfo?5nQjHle?<)2 zQT>28qvh08nMNK|v#9snwB+h7s~(@u?PVWj>%C%>VM>wHkFpC9h=AHSv~CDtTY2H; zoCBQV^8dDWo5aLA3Y4V?Hiw0or@{z)<9OC!0OO@E4{DD%tgU+|7k1QY@Gdl5JRL0& zL#YVFI0P|>5fj-<5prXDQZ-~AhlveI^~jBNGaF}9;g`<*JsA?zlkdow5j$c)E5}8l z3Fau(S-cY`n`cC|cTq)Xl!aLz8Ym>7vL_>g+7)aT;)eMk6x1({BXCxaW)bKu%r61j z*dh76iS(eIikoH^mLq_HJL@ITz-zssW-nor9WK1t z@y0*9iU2$foC1gO*AtH@q6H!gt6qHLp{Ga$0uCraPY17;3Dqd^Mw8&|Q8bc7*|K!w zRlys3q@Ok>)I5-@)nY)u!r&8_WuqyC)q+1!xN%tsAV z4=O1_bl&MQPvJE*ygr%9ge#z-q2fZa_NspK3!5|BThbga?dbun z5aPU$P0Qbt&ONX{8C)uG${$sDYB5bqVCz(S6NOD|JeWfscx`}oO$IB)?VfOlJI zoQR;t+5Cl@CHP7ZwZ<~WVCk#8gv87E=GI2X(>nQ^lmBfGGM4xKS6k{42YLAyw^sz2 zT#CC=WjGWBVG-H2EWYuE=TSCxJDshAHX0`?!1VoZrY~vF{~uby)ak+f-{ z>ONP2N<=X*ZLtq4JQhoRg{Rb-$3Ov)5+J{K%w4^|^Y{a|nq&%HV8XR50>4`sR;xwS zHZ#>k&h`;|BJ_6u%zgPAv9QsXEeJhu4Cy|@(wYj3hQ&w7sFG2l#PU}o5ZB2ougR7;F5Z8vTVf5BPu>;gYDf| z=-?ulWtirgMG!T$fx$388JTeu>p+6l^~y~+546AW_M4jqXSTKlH8t)dIby~z?=Th| z=h@%XY)?G)m$YYDSi^fGHnsplIs^$Oq_tAUuc=|M{rTkknvZeyn%>QkMGXy8TBq32 z^C!7qq$xtf<#A@j*?oWOOir{brL&$tU!Ct4foRA?Q9554L0eyW025_)_i`z`Z1#eH zj+4|&m!z4_2bsbe!J>xQKSQr|ONRElPLUM0q00u^Es+SALC_^J-D~_@oCf~CHZTya z7izmkUCpSWD*Hi~N)#E21CL4`9#>0M%_RKmKE{SDW;(7;3G1iZIwHF`(j3a_FfwOP zgvMs&Y-Xs+A9v%QV6c=#-rwAPm0j~KL=Ac|8c+DjSk|)D)@aY*m$L^+7DyuK7S#FN z?_LSkllBQX;UN&fI&J4;M+BE#UFY5xeZT8leWDRr$$(gHbetYRmRb7ShROT>4-EvT zWJUeMMsxNAR1qnZ<6sMJ*<(Lg&#JUu8Ool!p#gDOLwD+ zZX*+x#VBXCp9xCc4=0zZ6!pt~LuU*s8Ji5~eFK5fWaJ3Zy_(8@!u5{MplL+8O%km{ z2d&I|@j;y^FCuzVy!|8;%(!BnEDBB%Nj*v&he$*-sw42=(47hVd?i-g?5UGG+t!dqkSHgmTrG*9fpHDeW+}-^NK?Hwhd$I+pByIp`Bk!$C+xS66+lZA7BhzV# zH)@sF#lq=mNkj4-CBPPPLyM3i^4%kiTGrK|z9VyX#;W9Fl&_jQ{h+86$HeHA9~#Q7 zG{G^FNO?YQ4x$P;hqPN`Eqv(k2W2`efF|=J&?9u~)_-wH!`N5bEkLOVQ(~gHx>|Pj z^+&al5i%@&AO3L8T+I5DPr=od#Gi<9jTbna zI_9zL=M0vMB*Vib=BhBrR?i<__gD1CU_1C{7NP1Ep64UO4j&}eyP~Zr)}6(t;zuX%IDQ_OQs3XxjbZS+CsbE6Vn${ zafF=r%_Hdd?If@_FT&2f2NBp;{6#QNAYb&#{(&;v^gW787;FG4KT`9-t2!CQXPWI$~nu0L1Jm`8v0 zqjj_Cfl#kQG%KR`mIV2kHd)G)r?JNsH(9PD8BQZj+szcdeu#^r?qEn%o->pBi(@h) zW+*}vT7s1kJPP4T!nPc^al{Csl8F8$Ds##$EVw~T04-$Uiw)hxbHs8Pm=u*+;z`ToyRy^>x zuUp!9u`l)jQu>h0}nAmAL+FvpwQ>6>Dg{M|ZvDwOEi{#W~t zGWrYwY=>5s^Goq~SSn6G_9ruidP9ZT0$Xjbmz!_MYM7X>mJQ}R8R|GRPO(xJj?8hB zXY;>Fwasler7Tv>9sLZSY-~l+_03QcJ#ztqGkM_hvmY^t6;1RRW7QX(EI{X!a)mAn zARo%f<@#&Adak%vrkCDz*nao7z7{QLo_jEF{JmOUlkAg%YD**1^!w(yr-;V z!do1hi^uf1^&`_rIwYqx#!O6vY@>xy{Y)@}+dd=)EofPxs@;lJ_vB)zGij7L~NDbfGQVlJ)BNG6t`E&N${d2LQD_hQMcQ=;*=_>ZNdRwsf@|=(LZoi2)iwWdGK@f*^LS{I-kytwzi`dpCj;LkqCiZ^bE*CRcANh_K z6+KRz96g-@o+R633vx=R27&F0Jy(mimC07>RChjG?Z$%cHhQ8;H2)3^ z_PGB$UiMJIua21Zz52=qai?%$@OnexMo6kd_Mn?Pnv=!RRMehyOapNyw(Tnth|^e@ z;#-p%u^+L6!YeI*%-A-TFS`o_ayA$$(@HRCSOUm?F$NA?_1F%VE2CJBf zm3?`6NsUD#%MAv0L!+5uORImR&^Hxtr0xpxutzDFco)#_EN#`r<)*v7AZ!ixhC-nydrMRIb zXn6U)rVf8%6_l9iZMXu8xRd*f|;ra8H?w(eqyA$Lp zh~w=~e@h2zqNiKf+>d8Q<2xouUG2WTxgwXV3{dbRw)!$45NLFDQ~;T0lb3~O(OdG=c`>xS9D+n>SQJOpKH>Y6&Dsamt6 z!)xf9YFF8A);l3zA0zDY66s#ZV%Pu^aSUy`_rUk8;v=W$<3G&+{|XeX0HHE}cLT5p z{PyB_KJs+PG*q6o%ne|&%`(*5Mb$@DAwp+v(pNyB_P+Y8y*B%C7%TmF>N~c9e*?z@ zKJ`~C-y(H70$xSx=!H7NO>Y3=eD}JWMWx>u#fNKel)l7N$~&Q zU1C1C+>aYTXZ_P${~K$^`IztYx2`Llh7s3=xjx?BaBtRX141u>)eJ=pyj{JqQQLrA zB^nxO(2VG7)81a-oA1%iK>&KIujlm0^=kU+(}^rbEcoxtAO#$R)b-EnEZ=Iih%vt7 zsm(1mu511^Z%=sX@m!!Z;9(Iffj}*AbuG_i22`E`+OC=)n&V zZRU&6tCkQAX@S}pnED3Kk6bwns52{Brp=-IpE0AehuCDa4qO#|r~0Z{lJ7KO3w{-4 z=$QNGND1t6NJ!zJ96}+wV@avO{#ZntffdIt>Z|uG>@n3)k*!MR8L3#`bE9YK)5)4I zXd~b~4(V}Whjdn(=p@EikzF)LsDm~8kgos=4F{TI=!Y6sQhK4O23uP9aUT-28uFsS zq(TzgjNeWRmQ|4nJ3BRQ41kvKXu4%xx9{1oak3mJ#Ly*5c1XsUfq~r`E0&nfTT2^| zVW>9<<+-z3MT_{;(BLG)?SVyVFFdl)9Wu~A29`Ag#S%aQ4P;u&u<_`KRJlFkFNY$X zEFz^Ej%BKC85zJ8BhJ)KXlu(9;O>6&XpNK}i=1RJ)G{E6C89YaMPsNC87+v4%C%2V zo_D%vPtdwS7)cPAl9qK4J1QqI`SEXukfmyD67Ds^X6;zG-vs2qCuFN9V&@{fx^_#J~sNVIvJWe@wFj z$C9bny&g`LoauVe1GaggROvv4`SDg zAZe!0e@jhoMGRudLG++1(mq}0@1fFJrdJLWUEM$4BX4X>h@tv;!YCl5X!n*I)|^1Z zHAX=*GHs-@)bOYmE`~?+tg}vZB8SuA3(>N_QxuLpgC{)#E#jo~Jm*ntL70dXHrR50 zYoVW_r1j3#und!DG7+2N0cxfBY#&Bo2Mc(MFp=_ntE@5So`0G`Ki?O%CB%m#V&|I= zc3nlq;yCkDOC4rqExD)#QLTVh=Vm2MO-Hwh?L?mxx7%;W_9v_SP3k1%Uw;GqHCq8Oa?zJRUO9jc&O+_LoNJogTqqW^_L6xJnw<4WicPO(Ye8#7&Z?8 z_W;@(n6!Xbzj4>h>ite-WzmJ3)s4ibwcX1IF)!A)E%M*vb3k=Hs-5z0m_|kmCI_g~gbw`u4LW+Td@sc295X7A8K-4%T+F5-|b24Pr1F2Pi;@ zL{$&5wJs=HCK;fgj>*Xao1fvz?$}tff4aW%IE{;(zud8Ck3F3!gqkMSvNjhVcmqZR z(ee5ppwOQbU6Pd%vQ5JyqLeZ){-B-DM*TL!S>)&Xm&czTjtoSzR}= zqqqn7qL#H|p5_M-=th90iMoO5MjqB?DbU*IY`%_rs5FA-%4(X(m=J(G*@0Ti_WE)* zD>Ckd{li=tNF2YZ5(xBx?SKgK+vi{UBPeiu%K)aKhs3vHAzax={dhf%T7AS){CZQ3 zRnRVw?ay0W+>~~8dH9~k!G5`@Rp^XTk7`^lnR===*>V(+^zyYTWFZo{Ucxon~WK|?{vN$aGPehv{W6z>2 z;W7{;40pr!{@Dc8p#%Sx4PT)Z!b6JzI}K zi;1i(qTEsUKJ1+{jo%}7+apb}BP<$~y_)77BlHpFd_|BUE!4Mbe8~AP zPEw8KN@j>5M%GSaI{Qh~YGvqnJ%MRGS9v|voe&X;uUf$sZ>bQls>!hWd_94kq5Y%Q zt5P8>QeO1e3c>gEx}pYfKp^q;pjuK3ksTegw}zgoEu?1|M5ODoZG~Z5)$MQLjSmbSw?E4=xpdm6np8q!2s7{w5puW0fR}&}(_*P9{ zxlaB3yUur3sfBrk$NYcHy=7dKP4qWT=fcw6E+H)-p!5=gNGS-?tE3XEbT`f5XN*@D<@#*&|CAJz3D z%j@t_T))rfhd+UuDRE9tVXJ!!>jeej{_FW#*<*2!%)E8D-aOx3D}Euj22R%~J=$7c zqZc**{yy}}y)1qq?wdC&qg1$d3>qp?S1nhq%e&Uu9x6!3NQqe+15aOcM|){;m35y_ zbHd(`W2SVb_j$$gZpkC`!T9CgT=m<_qu|0U5!1HU6n_aL9o-av*Zh|wAJqavj@m8i z=r#TBBHk3EN^Zc%Z0I+v#k){1Ceqk-;yi_#Qck~Eq{1ej44*Lc2*ky-&R|s} zcOGzecq}0G@06#Y<~mt+Y#zhxuq6lc}2I>8-XhLP^y5@z)5z6U+;rwEJ^OksTie!=Os7= zD)R%M?OM!KsdObXO6Q5=CwN(PatbvjWdmwz+uzR^=ZU9+Gu0vuaDEi}8+5e~gYvXj ze(31@+C$Lrvk>^yj9AE&bJNH+1lSED&RlxRJp7iPF%hee#Xs(-acU>q zto=-`bKuMTSJ?1P@}iP*K783@@>xT?hjkq~nUvqRKUX6c6sg0K~z#iG2w z^BOQ=-Nhp5@%4X%RX2*>X)W`sq!Hgn5ZVgoN;t1##KA<=9_rk(SOg;7#|Jsm-SpG= zgG|_QcRbS#{bRLPrtuw8NfCEpqk=uspsKc@sI&Rw4&iEU=g5TZaS!EkTcPuEYVj>Z zCy{OOjTTfW{cr*J_HGxgRhUNb7p-6)#QeqRZok7eySvZzl4HHBD$pt+^TN`JX(Bbz zU6>z>-B9qp@tfLC%LLeI&$Si>GD^~fFN^f!9Z-+iy-~byh>R1{{yLUxI+JLvVTw4w z4B*t%iDt;nLxKIscH9o_$S;bDl^18)Sb=l3fPD@*>k~S`?ZeuS+UgBB9&Jr?-_PsC zNjBw$<|mZ3(M*CMSj(x_jTXJH%|$valN*!<1F=%1^m9vZB8IgAAct1@WnT{&z4;JJ zoKs#N=i1Zf6=9u0_!4E(j)L{_?}NTSj&qvz(yHC;7e$)Mg@woM`d#R~PuOlt7H7SI zg+~%7F=sbN6Q-+Ck~ z=dNur@*x7&M`MeK5K7t{>al6g0H|v@;ts*gQcB_gMXP5Zu`!03&+--%$L!T^L{E?0 z1;ob_*!|INjZ^iAW6WWOw_9H=JOga%p$z$=mY}4%HLQU11K3ckd$bYPcyU^sac%I{ zo!T8$N*2MmfjURpTTP9Ixe9Y`tlqnXk&O5zO?Mgfbyc$`T8yU3YiYJx>Q2aCG&u)! zvm%Tf$e*|6VkHSC`doG3S6+D@#P2<^e^-6d5mf#xc|W;?f3j`d)JSf-*7+yr)-_d( z@Zr0_gY~6m_+|}<;Nj}E<(HA5IB`IoaLL0Ti_|!L-M8#pG#xRO_^mXElDIb=; z>Vl&fn3N4M2Eu3{OYjw^SLtZ#PgYS5trzqlv zGl9EbxuvJzX(*ZbZoiIh^(f+YNN4(Zm$Fd3>{KGQXjVzv8uf$rZ%mkUbmG(xWkB4r zczQ0Mxek{)%x0655m;IAC%SOC~rLp zQf=W(Ecea!zLVKT$^m76&p!kz5r6Y0ZdoXCl!DVuS18qD^G!Pr?1r$b^mz?U77)>P zRW!ZMKZ_-|9Y;`xqJgswiNEAsw5(EmTrJ&Ke*ubPgXYHUgy`na_Wvl3mX;ks{<~r2@x#VOQ}i^**As|8IQ@= z^fzMP43i@E6RHP=ORV=e>45c+=K6Jx0+($;9a(_QOsb+`C~>|G_m8 zsAhBzJ3D)2R9qa#y}D`)>E|54JvP<)Fyt#Kx6-fNTq=uLz!uXZG|YCoH$nL!kD!AQ zR(UVPheOK9V)*7WrL3^%q)h_CxKn+-a9yXB*!{SCNQ#JZ?v(f)3b#Ta`ka5XQ8iL} za>79@U?ylevB?p1xcbEzQG9l^lB|p5qQQ0Ec>OvD4pS57 zI0AhY9P?P&%l$7LRa>(H7qCeYa{b%R@I<`_*DiA3sOEo;5G1;Xfv4tnb-@wtvm0J* zVw$D;Azi#zmV}t{(S%jPrl3&rZ9P3TpU%#-vDY0r)>_9$ZOZ+pC)TUr>AHybHO_CD zre~+`-{-*cP*;x15>bXA5v-w^Qk+-sjFdAj4~VvYV7aWRmXN-Fy3x(LG^(5BeZMp_M*90{NiB`+sjBI~2UM(2WzSFwom;{1ZaGDc78VdZ{AWAso&RiS{T}Ir()LR^$S5>kjS&n# zj*?^;0Ux#!A2ss?iDbU0kP}SBadN;rr7Q0Ge9xW1q7APqD=8r9QaE)UwKpHY$nI!8 zZ#jd;U!el)H*Z{jcG_td*p`JGGY3-Y>M?!CjX_B|CxfpqgSTC3<9)za*e>OV{oVY& ze^8!avl55!)k(`(I9wV<^=1XzTIQNgBI7k_sx3K2mSb$P@s+hZkw^Mof@YFCJzo|7 z;L-&xz_lE2XXbN7VcPocZVd!wCj}g*Rq5G;QDG0A&_gnKMwWSE}-TWENfeikU)N#&aRftx)hDB10+~F(YG-#PA zhraB7tg3TC0mpYM%ihD#(7RHTB6j$^=*2ZND!TvI1>7>xH_|oefmj7Sb5qj2&H<4Z=>q) z#c7SP2|rE!*6lc+du{^bzWl6#U(l-;Z2k_GQ>Cxik{l1+A z&b8VHw}EL_yI((Ep=$K;L-@S3O>B>meK@RZzF}F3=kz-&G>Y#pZ+zejhH5T;JAzre1tHpN?~P zOtPBL?(TV+oVTR+rN{cGHchU3vFitqtktT|J`#YF)%aN4*~(wU$1j?0e`G{ONkq;7 zOHuEwNmj5Nh}M)K*-Vh~6CEcfu3%ID(UsNUt23vgURQ=E8wTXMz%g|lJzvtjwi90n zHmYvLF#ufut+#^p?e3Xr>d&fy=qC`$v;3c-yy)8$p`C730Fk7*2GlwUG6If^*;0TT zLjeD9VPt+pP598Aft8;gUuza$%amkWFmz~KO)2RcMR|%PhLxeUq*r85S{!yzOX6na z7JBtc;l~g9CBmGEEL_G5&-L*7_wC#Tq9o=Eu7B>aK*AUDUkJQ1CK*{aOiF_G&&>p zMo@*!6!acutx7p0HS$oZebvw#E#}^Ss;d`Q8#5lx8Am>IXGa?oZWK6b{y1*;jUo4Q zA$M~vCN(*Po;OQGY+5}_d(X|is@C|;DwKW)Azr)I>yAIjm4=qm;Zio+nQ7|&m(L3OnS&1gXD)OYl;MZ z?sbQWyHbfB3l-?A_2OkjEh;G#F3n950rjzTkK!aJ7HBv~l;8Mx#vB1v#4SmoHGS}` zgvG>_Lg7ccp*U7JL`;a3#Ens0ej4U}BD^6*Ei3lUuln5^2t7j*?O4b{IgGI145Sey z|6x;x^hw`%V%M%p4u(@vPV3rfU-v?}4dHnw0=CZU?%;SVds~X(xR^I2$79%pMZTCA7LN4tuB`Yp`o1b?_yIy#@|41!PHYsNl z>ro)U(!Ga1_q`?{fDAeI*$yi6v2PA=cbBwls~{gMCBYoF?E8p~KRSxu|H97ioyRu! zZt#}l>{6e;CR%|vj^KQ7J6L-yni&~h_D;Z`Zyd2Mox>5K1$wb@h*XxdL zr4HU_2M4H(Z>mqOolli@#9SB zC57E1SbkG;6DO_Kj&P1vFOSvu^mqZ5y|&Ix8!L33aQy^)#V$tMiiS#l%*;fcRh0^6 zEDIPxtDK#jCWf%_9USHi4d=OiIWqE|bVGag0k6QR(_p2!gx@Z&0QccLB2;BsTKVQP zwStdBmb^C)V(rBkum*#IP{%@sVkefq2l}WWR*=Sk+&RoWdVK>FGcYnzE~K8+{#pY) ztXS^6`hMN05`u$w&MAd!odM;Xx!uJHj*JmTEXCKp@9MPdrH*FY8;23jSB?J?BuR{ z*2SJ2!qHb$y3NHUWKJ$Et#fY`A&ax^clFMG{Yy4!@{o_9-CoUj=eBw3J$G3LTf(7q z)?;~s2+fZ^M;(Ki@b5U@mwV`$?a;BKia7;dzOJE*vn}H8Q*2g(q0i&H6)_=w#bupy zS3W5_?E%9ZvXXRza}(QYF>)+}s6gED>>bS#Cyr<1p+0j>65csI#6rQ~C-ig#ZC7G9 zL%L_~$YRCFh#wrx6|LSTjfV{A#z8xV&R>aDjp(>Gsrj5ND?D}WyNGj8^9M#zYO;?lkG zuXHm{ui2dGf2k5si+4V1*!I${IT&>09tWG41s%$TUNXD+dfjKK>>8HAXi-E3m8-lk zwiAl#hMqYp6BT{R$$v!_mcg@;hS+Cgl4FHtRPc!Db_RNyi?od`v&-PvFDuTw@((w_ zbC-x?=>rlr+1VJwgWJ*HRl??;O4+fzuw9`iSZBGXD9*~@Pgya%V)y`Wbcsw&q+x9C z`e6D%sB6uhPwYU5uFE5OZ%Y?0?=6tDhbs|mB_<<;pR7{L;cI3xILd1jKrt#yHVy~syxdX< zJ3)NU$Ktg04}%bz}xrA3(Th?ca-7_$ZABnc3+x2Egx1TTzzp^QE=z=rcu zM?3jkjIPVV+4>D1(qN^GzbJOflEUZKiWX{fwoO?#Y;5XgR1-}t7kXl!-)oUl_u5Jt zs*wnbXHNy& z{2Uz#h`A})<&DkcPV5W5uvd?c(?)Mk$VTDn3C@g-x8iMkXdSyfcwj?z*>mT0t>daQ zf#AUr!rW7k)}gH$*;pxJcl2pHF8rr1WrzxWBAQCJU0~`b(@z!^YOh%nQr6^ke#@am zz|GF=Q=jAcgtWUb6LI~?a!zTfaM%3&G3ZIurzb;YqoWCaTg@|bPE|v4*uJzWavIZ3 ztnNN(wFQ$uj(7U9X|D#_2w7R!)f$b&u%E&Ip+Nav zW56k)8)kR%$0=Z5phP&o#J=kA?PGXdGJ4 zSSWEIPn>3(dxe}@hPMkGTm~DQxX15Hy?*^;t$qF7n-UO-x5PD;w!IiN0#VJck=_D& zdJ=6~Z@(@cS(il7bylQ&icEIcb`}3PyWtx%S&kY@Y8&ldeo0+d>yvWoG!XS|Yx|bk zQM7mK1SQaRTduVJ<<7f+5aJ;kO^VinZL@ITcIWFFljO(K$sfyPYZ#Jb?>9gHCB&bi zYFRzr+41XMc<_uN>DP}(T#Wvl8Zr1+%-Z)it^+9|zv^#bLI$+WW?W7VYTS;$%oc>7 z?^+|Z>Dn$Q&3I?|8}S8f0&x8v{7QWt`2@h8*&p-Q9feG>A zj?sD%sKtvtP#&WFQ~qQPv8nfsb19mjP`o#9uW#M^)$F&&xgS{MfBiet)#&&*RoZ(6 zYz~p~{o=)n!Rt7#Jpx%oVPAQiKYbu@K3PWV$n>+eKR?cnjd0A%m6)7jKI5_yAZ`Fs zF#q*Htcf1uw{+b4ty@7_m(tCrOu~}kxTh#uKgO&X-;)8q{RFqiw^yewm*?8ujzavp z^U5#guw0ax{}c`xfSVm-o%i_>3bo)UDoV5h_ZoI=UkZ936l?PY4{yhFqO0V*maP+i z)kV~-c>-HCO<)a>4=~y*3||6rlG+HlC_iz_;V0Z~WMz3o3a*7dAo==AfuE@GHj1$c zrPWGm?ImP(nLJC%$I3Ujkyfy)-P2X*Cur~ zw6tDYzw(aUGsiF(5mUozcntozMCFe>2D90wfvn~urn@XFXZJ9?PtE2UQu7IwQBPQb zH>WWd1(g0yTe1tJ{aJyuTnh?MFW8a8L><`Fm;O^9vIImy7^c#7F=D&278p(1W7YKn zSkgbobZTAgA7A`_^M)0M!LN>+xe+6Ppw@tw`#kL%P3qeA!SOw@-WetSEBP5}7Eb~e zA1ciZ{|*H@7E=4RYu5moAI_=beBXh;EeiZ}*PsGR_VT&=scni>-Gmp=65t(HL~~HS zU;k~TB*t{48|Apkc|W1`zGB;u!*$FI$zrEdRpcikp&r&H)++J0-a@!ZM_KCss?*PG zjm5wXKffKgDJG`jP&340+lc+#<1}Jw$gS@o??!f<5y;&Kxf)rEoq>#hTa$JX3I0%zDIg>ZM&cN z>}H!A2q=H2qSoh1KviX5@OvF@G`Jh_(<~qnEZ>j(u8txkQvoR&MdhRRF(u&)BlK_h zL%PQm9}AN49XkINa~ctL``<6hv3*MufQA)nJ^ub-`umO~C%}Zt0QBL^z$re;uMNlV z0(*raSeXQ!U5sk=1hmngtTUGX;|ox;8SF|A$!TH))5*QuKU{zz=rYFQ-mskU#@m0S z1vF9gzxf6r9_DmCn1pPEN)fmJ2vsfqbt>j>UGh6)erhfTwomyJsf^W7jXv{9qMYW5 zpg&TB*xo)lDgRTkpTCMK)7+k(e{h9ywbO?lVQkl~K>U3?;#`IKdm{YKZyQQ?w`&~% zb7OSgS2$t=rn~Onv}q3F|F#%NK7fO}!WyVg+R-rk7<}!|`|}@*VDSI>0@PQGa?u=( zwQ-wNCg=l;%HP61Pzn7UiT@^)-~@x@k*qH~!V3MLvSCvB^9$qTBZaX}u$265m{hSi z^UR(|RBU1iV}TH5A>=%ZNa5P3i4~@|pEr%ynHfSpU(f~4?x8dFQSOqt z?!H3Jo^(@#ihd0D32oj4>k*^ksL}Ixd9oD=+GcrTAF&0SBiLuK5n3Ik*WmLO27coh zpcr`$JQwQndU6(+5(ilXmPe0k*D58ze%g@4;g*8-!TE`5mWFSG#RUTHJXBn`X~oPG zxZH-H?Z=|&hVVIm{{>B{g;g_t%kCQdl$`C?aXBpeGZeTD z=S&moK{VUI;=9z%UNb)ug<;!sq-c%b>`Ud!8dNvfKIyQ+N~$osOC>fMy4PlTv&4)j z{C4L_o020C-cLt=NCpTqOnEUfxUAl%r+cQY3-C)U?^9xQ3t-`Qo_ikCZUf=I=bL+6 ze}oe4q2Y2lvt7TPE2GG`FU)2NCgfGn`v8S0ZB-R$bl z3O=$ASYZ+*9&XX&Tso+ z47GwBvqA?k>H32Y?)bl7DLJ4nFU6I;q-s7R4-+?*eI`wmNGLf>+7zwmLeHN{JS2_r zc0KqpVx)Wl!`n+}Lyp-2z$QWt(1Rq}u9=pIFX&U4yDuw~B#BeeJo7r6?*}Qr@BY|s34l#KKn$)X7SkjML(MDsBhBp2;2Ce5Wf>+bPK)c@KuzsI#(iyi4y6Dmqv zvXb)h%nka)4uVyX7cfL198ZiK-t&Ri(ng#4D{i9Keb7&0FvkhqtnSROkRSIu0e}bH zr(mnuU0oY$&G(&$l_%&qPdvrr`ghoxE>LzbtGiV4%^n&eBz>(Ip}@hg3?1}CsvQA( zOh44z;rmPR+1F{qxnA!cT?>8`oe^MN*9DyNmyk&oqwt8L=#xKGk|ij$e5T@&ma{yU z=#;CGL~E21#SfuCk5RIyV4rW(c+4%rZSbf^M8k48Lae0SUj60_t}G#kng&z-qXRv8 zeWb7ND1P%ny)L?MFh^AJsc(Dy3wWrN!0*IFa*|r*x>m@ZsXlpNTL@Nu6??hQYi?;^ z-)wMq=hXqZ%_G7{aRF|1^WM7#Eo?Yh2odzu4M}$*7F$$hIl2Y}>N>=RF@|92z6x$X z>EwgX|J8()!0HMpd}SXW87^U7s? zjQTmRTKtwNE;MKF!5oo&dtno7$=luemYogZKm~?%lj0L}Z5Mj1VVL6V0z0-((FIq! zk)9{ro$)h{?qJB&F5EVg_(&)a->9p0jW>V}L=rqUQMOGqy~f}_V~<>NyPz<5*!#iF zPWNFa0)S~{NrJG;FQ|{d_z?_LjTWH8-=RMjvUw`2JBY9t`j^ow0ir#NSVqC6oWUJI z>hqs1%S&(JB<1NyPGd_&x4Rv7bcnLUo7U;PPmRhe>BnR-@>TTdgLZEl$bxH`K?+j~ z%pF*hoE%G4Tn(~s> zwF^PD(1x`;<5d=dcBTx27lEEU*O^Jevk}{y2)}QXgMMD%^R7~On^_jNSoGF2s;6tH zw|eN2j`D14FY{?%clVo0KTHhoV2U5` zAy5d%ju=^-a6+v12J#hK#1|9f+xj9ZaekuB?&QpD;ELolM*@NbZ=Z`MF3nrr*U)_p3Z%N5Q;YO6)^jB2sj{{#{=GRsZ=MVM-kR>27&zl7R6+eFC*f@^QvJ zKlOrr@C-{N!^+IN>tDnGsQqwvo8Fn{VmOb?Ch(fKSr zpw>fvu5S{;F`1KQw(>b4^Dd!%%Fw-SmJ}Ejp_sS(c@KHReQ1ZwRPbHfV}Golia-%5 zQwPCZPe-~%b>fgJEht)}j&G&ZMMfz6Fu?jz8+N4GeNK^}2|o%jZSrhLTaWj7bS`#PSDy=tI7}9U0dP zHM&DEpoy@-Nn@PvGBUrUVCxO;4&r$=){YHsuWVpvN+0Y*in6o$yfwgjnhsMivEgCq zZ_g56S;5@ZFOdKT&6Mv+Iv*me77$78V|v>9C3N9pePeU3%kqtBV%X`trHk{Y%>UT(ucXl?y+oFAs zFBxOE8V^se%lk>#Nf9i2b$Zy8gbEb1nF3d!{}qBD>|Y-S5X=lE#SMdR80pE1c7aI~ z>dLv=4~Vy?$e@*EScPTGA%iT?sXZFyT(UC%qDr!&fhENVJFCU9aT)poHFtCJ5_@)C zR@5hQT1VFvGgreuV5KpZGTnzUO;UYwS} zTS6ctsyL^Dh=Y8E!QbSLe=8pzZ@V_@h9lT1pQ5~koaQE3V1FGCIapxWGH;z>+N@Mk z0=T-Zg5jZ@GJ%6G36 zP_B?{c7C=wP8$p@Uv=hD?+E>%tv3)g$4(L8&a}qIMh%v*bVAY}Rbs#a6=VK{Pb@OD zA2=Qg(fBaGEE zrc?pCxYb`3Jb1<0Nv-DXXxS&yQ_NGbVgoucK!@$0tKb_<)o!6n2od3UW+AdI`rsLR z_Ipw^Sgj;WoeA+T75kXNGBQSQxT|->wTex#JnZ64C_V z-dQ4CiO#PDg7>~_9XLG4ee*r9>T2yvW#nt7+yozq_crVHPh1Gz9Fm5(&dw?bI<_z; z1l^Nhx(za$!@H0cm-Z_>mlXy8)fr*cyeY8gp* zTD|;;Y$P;XV^1YOE=y>(pO_lF!q1Im42Y(LFY@P$YU>j-CPOPl#Dp9TDWcCl@4*^o zy3M;7a%gzk=Y=<(21WaZsX(XEYgRdSfdNGA!uy#4%dVYurr4-CW43)qM8J%&H;&3+yDI*oXHKlusqB>@pl>Qw3Ew|sH^mR<;xWN1 zSkKvI=Xpd_QA7p;AjOgQL>@ihjviY&Z{|}!f*^c0CkmB8#ad#bpu7M8FmQGYQ!IJ0 ze-PggYZp*?Q@euv(-^dw{4pmTPLe~64bEMPd)I9lBjg{61Y5G>xFST2nK1?x0NU-2 z6gp(Pi?I+&X~)kn71S56{fMIUj?hUGOK%99ja9Dv4l_+uu=$=nI7=m`nrW=2-N~^% z)j@KUekzvs9mZWnf460rcFLAK!XSRiJ&}wR32MKbLC>`k&P~!>!DuV7$qb8Z`R8`(w@$+t8xhVXvT&-Vf!=4W!3f z*~A@RS83RBG910oVieG!bQ*;DcIp<{_nA37tpjXMVPS&lIik(h0yTqiP{cBPCzE$6 z5q|a9{Zig$&1aJ*V>Os_AaLusu3&_!h=noDx&Az#&R;+Q0ah3BpeyNvs7Jj;8+6)~Jm_n2j8j%1ar*25$T^ zVh{hJm9wpEa|+SDGO%e0zlRJ}jEAh6>hZ|?Vw{?VIAsTHIm*}O{SvK|z&NGv7I-t@ z6s*wIo#RZR^x#9*y~g4t;=IikiKosj&Z*M-g)j(XshJ&lYrd_kJDuxh;8hLDVK!;q zyEJgyX&(CU4$@apHwpUKu7QU(sEB(C`C7Vqp5_DdlmiE$KtxUj!>lA>5dFj#yr2th zLy{ot`2klt)vgR)cXwP}(~&?UQ;N=py{GfW;Ec6EA8zwrBDzly5Da!yi%BlWBp#RUpvzoQsw8^QF4aF4U zMqX&47TXXVEuns#YH1oo9xHyhQ#krn zdwM{^9rJ1Sl?{Xv(^y?Q_Z%+RArzMwS>oy3ppM-hd3oXq5d&%6#VPuP%6tZUj;-xa z?1LUjM~O1?$X~IY&&yA2t3s-;$+hB9)YLh@`8(D50nmA5zt^=hM5sOFitw6s>PWYP zdVIduoko&DKhoQ6poT59ATagwCwb*?TFTlRu1I~R*#KBJ9HMsr2B3S7PS6sskTcpn zG+rF5rHQ?r;iPmK8)ai2sz)6a#K;aBXo`!e0DC{Nwm(vK!b?P~U*#I|;PB2CVhT6d zeAQ(vn>7#_H>~Nc6)yki`nNWMH9i=G*3f%;uuEQOgU-HJAiQhsq}+~Wp_?k~eNH9m zmJ!`l0{$2Dl+MaVAj(0~SzJssnG4p%VN--Ea%%utoBJ_ltde%uao`&1cZC*^2`w~k zb^~2W(vGH*t-75R_}a3(_Et5~5jY0VSIVCsWbB{W-MNs@PYC7@9VHf;bNpk_rCILc4{$So&U@K6jGg39p-_H@66S{y2T%?PJfU=0~+hu~ZO|jCG z73>9)+tfL+mVoOvZ4G2)un>dos0YBg=^2}Z%lWxDTaFuNAqzmM2XMN&70D)&qyQh%Xz5F=Eu#N<&k?m30K|w< zMml#5v(w!o?w^03Ef!?C2e_)f?sO|{9hrN>)3{gle8J-E)r}5MLvD>m;;Ry)DCjS0 zBQfH7RyHLFQV)+hA{>MLcPx~y#lBRub8cyn-Y2>7R@mvr`}pBurq1#T8=EgPK1_#9 z0f$*+!SAjk5J`&7YimpD56Z1pZJLCJMRDY$iKf9&Yd^{6(SmYUawT4_ETne*rELm4 zm3&2pP%1`C2E+Iv5#xAgd;`kcg(TRcX{fyqUy<=SKSSVROi8f80TlwU(tax&hF>#= z?i;qx^qq7&@2-~+H7u3Ej`nADr&~9Hxguq|$h6-^)YXkXpiqm)0rYk#xMP?x zHq*jTdqnT{DN4Pp9aZPQe{<^<0%_`Q&waj-^|{;@BKBFfhBUq=`I`jM=leVwq3zb< ztk5iOA!EObRMUw%{L3S-V)~}V`#iw4OS5Cgc?!-7jh-zZOy!~osbnx1#Yrqc2Amv- zA9o<(_Y$5Ph|@kC#J^i=Dx2oN#$|9rh-nUaj{u|1nV=EB>p8G!MKJg;j`nruY5RTH zx&4(?@#3C$Gf_K%b5@{GGlrLDaO|$G(!%gCPK+S&@>4dFGNwSEZrE}K8G)cy$W?1| z_zsut->GsPm@2D-d{pMgs_tE%?p@eCRg2eU>Oz>q&E6ORlOoN&GE>-@ta3R*22dSo zYL(2WgZTc`$66dSi5$WHTSwsbY#(OQ4Lm`zDSw1N%p4Jo7?g;U{y@Vv>zSHZ*8o|TBx*D*F0`XPY^j3sW1jln~y(VVGOObFmRhGi0V(~QR`egVaH*@JVl_Uy-@gG zIqe`&=CDqyEiKb6(jYnK{VRF|=+MBUhrnt?AG6HtxowU5vrz2-+1(eK6; zhn?9-3JB}{$i2VYzIjAo%s><+?}FR>gjw1T16bo_6wwlL1Pb%k;+<<&Z+HS`JBBCD zzWchbn%fYW-ju_EnMu)1!OFNPfK(bZ#H;l+?#aetbA>cuBFIeG_Y0(p@?H@K8H=_GB zsY6SS1}oKU8h4tsbG;kcNOeCPEs)4UsPL^cV0g?>kHOH&Z$YMf$2aViY0Iqcb-Ql_ z+p<(iQZu-PjX=B!-!atX{SyG_7pOMDMs^&1wnX#EVJ$Z*)*q-~nsaDBAYt{E7Q^>* zlLNg*)#SlW8n+cVXnvIP2l!oT8jRi333^?DqbuYeQiIfx5cLF6+^~5Ybe7i8taI{d zDM5Q2D`E|{tV74((;&$}_^z|KtjZfgRVecv)QZQOGhYHXT7ML1 z9~5eZI=P7s=SFRU+lS}6c8DKLFRM}&Jww?)oBt35-|((qB+@n_)hY?ajWT9|{OjLx z0D<7GW@9sV(c(?Od|Kt5L^nZU7;iAW6^nsU$+^2ayrxelcnJAPf9O^8m29?x;;B-5 zv8|R;M0CV^ppk{$n0!J9wJP$nc zbW)^PWp_+@G&+-A<)=f2C8x(QPrM0exxcf+Z`ToJwSq4vW7>;=*bLj(R~lQ?!%7rm zB_VU3;P(sV3j!-FfdCz7mfA|~y*bQ;fQi-w=Myi?1Ry8M^%H6*1>z^S2YQyW21fyB zn|*7eYjtA_u489fzDaDZu<4Q%BVP#;w-3GI#`ilEn0OAsc_($I$ao`;?4#y~?ygz6 zDr(zc38a~;5edc?H29*NARaGZ&Uq;^f@SCwEso!t^vA5z&e{wi7^?T&m zqwK{2*+4@;i=pf~?LT9mX)-TRZaL?w75G0#<$b|(`-0ezFidk>-rWQ<>DuK>hsM?v$Oc=LosHN7 zAQd#$^UMg)Z}lDyH=FHeAc5uNZ+JoqA9fuAlk{GF17Ny0f_WX#lW}nXtl62wZ9dE4 z?jzxSg~22(I$LjSLKLyw9;6OizpaEBT=jYjKwY_>YZ?W$SE(^%oL+~ zdqxP{kGR`ieCOoY z>|Ke&;tjflQ-ds393vE+u(h8rY;xT-@9ILI^>z9}ZEj`h6IZB-twuAK=@laj=xe13 zvAbe>qsof;32!c;G7@k&wC|GwL8v}ff@Qcbv$n^=W=K@%g+nP~SC;@oAGmk^rnUs) z8KU>^_~h#S6@}0L&P&Di9Y5qZzHOq*6B+8~GoaK+e^TL?N$~!@c6#8{>2!Sn&-*@e z2m1cZ{)=m|_c}(DAAHlqd93!PlsLIJtQ-0Ey0L?bG-*^6N`(5efz6tUOnCX05{C{? zaj4#?M4h(*q0#~@`lZ?+c|=I}M-3TS0OJ5V)*{&4#jy5@V0}-+=05rUh1jEZ_f-DY z6R^heulHExT+jg?BKGPqRf};up2T*7dDJa3vx_Cgh(ds}6ep zt-kIsFjEuR%jsu*sNNcFQ?SxYnH*<{V$4}wJKjUKpRAw8?A43+nfL)ow%@XVwZlu7 z1|acN{S!N{>T71j^{twC@TY!T_e0269DuxK|nQ4^_+ta_fF{T|8Tyu28mFJ(f1HdKT0e-%?e zBu_)f#~y`sZFri{>_qnb06c$B0szEYac3{sAnPwBO8<)P2teC_FJgVaiA!R6oWIC% zfK>2!BHP>5B)#!Cg8O<&k7pUtQJL^^=3QKa+xWg#eEg4yfIg^p2KOxS_AEJg%K?RW zExq7;|M*MQJ8xglT7dboB^v^*;EokD`tyS3zoPX2`R#Y!0k;2$EHi{4fO95v7q0h=Ko)sRqWqjM4G0Ij0}^sdu%{JKtvrU1>ujOY^`U{o{@9^b>r?E z88LEeWkC{pjho+r3KvPxqErk*7m>O=jrL` zelV&(2@nH6OfxVr7&N)slNbJZks3uX*lDKLp3!dd>6z{C_#t=g{r;~%Kt`1(7-Ms5rBiu zPJ8e9Hnl|W!@9IlubJ1IRbR5tx*b)T4DH9Ct{+`^4yYe)^-C{b7nNG>Kgr4t`#=9h zau8ue{GT8F{`LQj1ha7t{{Pgn2hPjKw~*zv1zQ~{SoTfI%p8d4R97k2l`MsXK5>3G3dr-3rEuYg^J;p7u|amp zo`yntEaUS=4l8uK%`U2+(xVA>(V>5Inm+inyl zrPq$V(=m_2YSfiN4KaFfcm401^9nPjU@yj)H=P!fPDJ?#-Xi^q6(!Gi*Z`T_Q&hI- zH)xjZ2*lml`;k&_EZ98D++L?r3InPs;?K0l+G5tG~&WdPR? zjn7_85QyvQ$4w|X|Kf?CKlMB#J*ko+nQg_DYeRcB?xo$wty^mNpC35c8w)x|{eN7& zby(A1{5DS4VD#ve5-CNxLlGqmx)B5f1_LCdN2;VCp|qk%j_%lo64DJDu}Sxk?%()) zukZ6b*YEwudtBomIOn|LzR!K`lfc-^s%^=ae&)Wjul3MiW2kNrhF=>!B>vO^pa4>N zO`S%ecvAP5E_|jR_c~W=vfjn}+raahU%f2IBC=D3NLEq-u<^3a;ik|GXxnszK)Jfo z(RZISpZ6=7@8Ze1ljgJ?Tla_engl2u9rB(?kgHP6QhfTxTlp@Y5>n+B#! z)U*c%A1Lr5*KO{oU$JQiiE&}N0-4M1qjQEwL-PJB2&^awI?DTGGI;pdTua?N%dC1z*yt-0g{Lp5 zzJlrcqh~+d<(B8_OR02|Y^?@;z1u^Hl)+n=8OP6fzR#AA+9<%rM~Ck}<|{Jd8`;ZW z7Av!*wMbdgF1kxP{6@a6&i-3>d>ya&U*A|DMgS7Y%gvjXEd;JH|?~ z6DAYpfcx+4w*yH6XyoIgLygx>@e#50#4ch*csth{RXJxSl6P0GI{ zFrjoTB*jJ4{D9inCa<1?uoO-;OyT`X)Uob@x(?bA#C3((sqhiH~A1;T9~eex=*#2 zTPY?QUxpllPbL{F{dfdYFn%*M`Sr}M7Gl(`KbTYK%^FCrcIc-=sZEBUl3^qjHZkpK ztdzQD9X#!OB2izTrjv&;g?~4_=QN~)HV;@*IEh{5<%}F!An6EFThi0q1vt#Uuff^6 zVL$rwriTY*Aj{09ih>I*g>K^c);G!kq7#2R4ij_3o7K=^Vy9&C`j`%v1$TYur(VMx zKzhQ5142Lms`vOcd;%gmBC3PaW5(d(>Q@x?y4pft{%3s21ew|Of0esFX{6-md!)?= zYOoEO!yH282(EY?9nk~Z`lPq9NZmJgT~uj&oy$bE46Taa7jVl31Y-^(CGCcIdI*y` zUi_?wy$^hbzyD-FKY8oExqLF=?-zVer;FPn)56nTf2zFh78_WFUOex~dD%@GPGQ6o zJ~_FMmS$@8=n;>)cTwG5&U7O&$j2gq)K>`gK|awAt~FM(?@<hDBh&mWRoFReYt6!-sfUoBc*Lj`$LjlE`Au9VgAw1Q z3%*lMdPK_|P4DKSh@?v~8@~^(%C%j$9us=5_pRK*)%e?8vjGa#swhDN(Mo^T0}NT8 zi~?kkCziE0lcDW6{1v_r_lI(s{Z^r;r~fR^na>_TR?3h~S;ksW|0}#9e3x)D9Mt^D z3jf=WUIT<1(5cEjDm)c7$l3eweGkc3g35P2+Suvrm2?aFP?C8RvFC2IwQ&9qwlA6{ z-v!5Lqi0N>?f>&OQ>01PkFBN>DI@SVDf*!FnlIpl^khY{;O@8&qp}3LVQz$Hj(XxMDTUMjB;*d*ml zUFc;#C#ku!m2IQKC}gbZaocg}fC0yS=WC^}((JkTPmc|3O!dc5tBuPc+Q*X9Xrv_~zmUEA z1s3ahAUc(mfBcdHsBKZuMi?AQu@osxobzJcM2v8xu}w$7`sf;aH=FcbomL|~Cpl3Q zW{7(ogb$y0@8W9(Ozd}Up*bQKH<|6@_dB~Qgfs96`}t6Y0G0q&vpm-%WCuPj8DCHY zkoS;!ho`CAXfgoCz;WzG4lG&$mTE4ZUv@_~fksp4-tp9i$3`jb5t3JAsXU3QMLDEigKW z9J?lNNvP4!SCl~645&Sbtg+-}TJOGm!HoCmSE^{!ebbxy_DnvP+yA(`x->VjX;Iyh z#G(_@%00Og8N2XEf7+UYr-RJIics(coa+&nw|)il$G!gd8Ubpx9#Lj8ZAEl9t9kZG zjJsEIy?An)9wCN)9BroQz{!rn*d-XJg`Cg;NEYO2RegwOD>=RYglohLK9b~|4&|Jm zCEgqFUim(TeZmvrmhQ8|5kr;#_d{ZAnt=VYwCK9hEISKIv7bc2ZSJDLEPr?^th3C! zaWhb)6ggP@h{aeCawsP6HQB|Up%*!m%2qQGcFYyCYE$F&8*PI8+g|eOzwRKiVniy5&#gwIK$$G~@LRJ8*N4m6-NpAHJ&@r8LVS83ggPp1 zO%vH(zBj%~5Q1;U^izxUM{E(Cw1Josgv7*9cy$szpj0*%+xBgkA(r7RS7*~l>lNRp zW%KVD2Ks#K>dL?Z7oBN&_SkeO-B`)os3A2w=2+{?%%yej89xSHKvTO90ehlG zD0gGfXERhOMVT6bQlf_PYrfeE#N2*>eIVPo%&`rjJZJ1>kMvb83bh7p8SXu|pL4L&f`Li@eT(ZJf` zlL;ZO4ej=>)&c9u9YoIEQSmR33!9()4WZ>NSyfRkNYI+AM}wt+6BN@ei(Ki%eV4{% z9jlutYzzSf$qgpZnqKbxGt|IbbIyc{GzL&wYnF?UY{zrTyWebY6@ z`&0f@B?!B?F0*(dMo6fpCkegt15wRpk{~GQ!l=NZ1u4T55Ku-L$PfC#dW7*wr1 zO>II`I9=Rp?7Z+~b^~Fk1IRJxJoJK;^U?iIhs^>RqR=FLb=3(w#LSLAduSNVxZI%) z;fc0*FgEt-)XQr%d>TD-c$z(Ser3#@7bYe-9ZcJ;{4uIt8ba84I@N}@RDM$<&1 zzPMiyY$>Ouy^Lc$_KJTZjELlclAqUbkssy6=*OO!h3g9pkndMiqRpnBlItX)h~5jf z#na;xGCn1XDOEiVI^({XtWgy7IJ^xm)7dyjJiVIYcQAwhQd^I8I#S%uk1biDdH`R= z3<>SMllx)9qm zz7*}ZBty)r4hccY0{-cr9KEQ-=Id{igJXDF38%^<)YXJOIi1;irRkH*zn#_WAM%W) zg+a^2O6in&@ymi3wiSLP@@WNO{RAWIiH=&_;UJWTMSKoX_T7>SJ}d$e_z^yssoYW& zk>s}HXki_`3yaN=L%=2x9J}bKbr;Th?nudNmWw!+3L8?@!w1@q%HDtJ%IoPMnx$R% z1oKF^$^t+rYymGKz(D|Kb||C9mkOBO$XoOo zLBKotXApj_7hk;Z@v6lYsI}|LzhSTEF(oh)VkJMytAD)Ge00+;Yma`#_haJ}4frNk z`(a*ZF&aV|?f~x{7njvTGvWJ!Dy#q=YDM7dhj;O90x|x3xeCedk*f1FNO+djk(AVcKtUw2pA$%Qw-e|HL8De}mQNUY{aKPl-d(%}$u zPs*ynS{z#{q&oguUbh1-soh_?Ze-?o)W#aGbkgi&OgRE636hvS@<}|}xICY~}Aq-asEV#&fneDvBd*-P>B$u+oe3~V8)*h1%DJ`7s1si-F8=5V4>rm?s z%TMwT*VbvV&NbN9+kKLP7cOmvjtm|7HeBY`-(^C3Ddut%jiItC#>d{MN;J0%=V}9f z8ECaqwmiKVn&*G@=~T)eXg*Y8SxQGly73YQZwo{ImWAx7nGv@nB0hLG+isPWR$Mk4 zgrow_-dt{FDd;MyI{EEn98OF*$>%BQNGf z$$gjAYw2_6Nx<|yRLBqJPmSGEt-5Jgo|5FX^N0elZr7yfB=fX2a5v_B2r(tBb@jkR zh}%?AKU+_mZ=&$;ae+0iAFuwS!rZDdojIYDkbVN}_xi$}GZt@D2}*ZbJ;g>t?Bz4}+mY}qGi zP0Dx!^mTpN{!Gd^i5k+@zq&5&ktnCLtIUiIw4ejs>*%MqqAXv8v=owBg|JP+`uZc) zJxV+$bi&2iqJO-A)T46MIygW4Ao2k4bZHfXWwh?Qhlmr{Hp5aj+}=vFnn8R-j=QTM zp0&)VEKJYcX`er5Ep`rqu}R3>fyq2Q07(Ia!SQ>XvvB_D{qdYysc#Fk(agy&Mym9M zDMvsqB{9Be%xCe*Fyfz{Q0pK*Vf)KpgWiCG0MUSm9MnQx$2`f$dZRp9W`lzpqytcY zn9fCRTiN&3jOE*lMwwh!okG&De1PY|48@_IfwR1Th|}bcN^sKY(R22iRa%+p(+|I& zucGmnw(BfRT>Gsf)Rr#8 z%k5zc;vgXM4#!qVf5GY$>vWUI7iwq(cdlGW_KVe@ZERn`vL;Ns7dFYS&Y60)7pit% zTN)7k-7a>RdbxOaud!`Kg&S8i?;mk`wA-|4wJ3EHE~7=w3N7Jp*TZiZy?rwbkz{mdbH+&VCFk3#s9hrXJFJf*>x&0_!kZmf8e(r=^skOKbRtq zll31xkss#X{Bh4kZq)y?DjOaVI{1QuLmlKUJY<%Zfp+tLB=tP_@+n5GBtyPq?Zn7- zK9+u0n9-vRm^g*ZQz3Hxl7E}T&@+07D|}WNLMx!IlB+-mj#*)s52c#iiB5>Mo1&DT zArRm8+g>5b=jW-&q-u}|=KyK^zK>fzV0f7TZ`Q}{?P}^vGyPxmb?^;*ce;bafi)^{~SZRCz&u?wf%$}JQ1huenmwquLw_C0y`03MrJ%H5sV#lvB`2x?lU zRb+&2WuU}t6RXfrl%2g~T1GRcT8b=N+d7FmiX65TMH7p8nqa(RAjGFcEJ|f(qF|-M z=wV3#s2~Zm8A3yv;JbB;!*9s^cA{D4Bjt|ZSPOZyE2AOc9u^Nn-zv_w)JssMOcm`6f2TvmN;zRG8w1d$2Q$W zZZi#ZJ4PT}H_4l1+rEe2`qUYP`=@qrNesg*%c6@JTW@Qkfwrw-2&1A^78M z@5E;Hmd#2U0O}7Y$vZ;2|< zuzmB)nsC5;yUtSGOq|OdcQlz=AY1PI%PAd2$AvLBYD`QM{ttl~-)X|3Rk{;>EV;JS zC_J~St4imD!DY9ZqNyc6t#%@BLl%|IWOzz`XqfB~9NlJCPm0N3zu($HYco%|NsENK zazwuW#V1TG#De%M8nj@p!1L#a87}iG{?-i|?;&A%Ja!rLY2dXFAn_t8HqROd+{^io;2?*W5W9%D@7UJ`(uo^8R?l) z1ZaBwHM!EY9lS}Q{@L>Kcb^z->|@tf)RpZK9dGKuS6-I5L0|X| zLl|-c7_UwrY}P2{fU1BGz%M$w#K4|~fz;`r95m(& zu!xEx&`BLex@G@F2^&M(jnj(VswmS8!O$#E1JdyGu|x}if4xrmpYAWelRuMJEy-WG z>=1eK1s_(kU4cM3Fo}Gev2Aq~)A4hnpVLO${Z$w-tYWx1>ivYYM{K^#*qxFXF zTl`Kx5-C$6usx-`5aC#X5y0}E`6_qb#Z&FF?opn~WauQVAGAWu=D%m-$K5Jrs3-KF zj=fBMahwB%T_c53LQiaZ`nO-*qI6MmNDa9@(p6Gz+-d?;Z`XlvXn_%zej!J>+L;ii zj7V674NKQ!0e9rdm|@=deyh+sHT3VWFzWpz2x;lgnsBH%2WN>?=^sP zpWxp@e(FU(V{-hEHpv$=mvnj3LV_O|YpD2u62~o;^%?*_m=N*afjd5e1z75fwc7y0 zT-VCq9e?%#7d4Eo5%?CbDE_J6?6@#N7;9A){hRG@{9-zpw3;G^a8Uunon$I^9ES^<;c{bkzomZ(?MNb5q>#Q zuuu}GA-w*t8x1|G!S%c0{0%J{<<_T(K0TQ6v#Ghabt%u;aGdkS36KMuBad|z3%-ax z&tJM{L}_+Yr~*G~1Dfz4?$Hnf9_Bv^lNdREc+LYox6aZ!L%4l+cg}7t-~9Oxu^a{^FN();X@h6 z<-2N>eDE*@{>s9v!VtD<9*k-#9zi*h?bPYkz$eb?Z*%n@mb=xI7@-q2e{ykKQJR|{ zoLw1B5nZ2&ZmANcokF&)8keaWOa2I1p0|QdtUGveXDMJEp3JddP*|2tZ2Bo=aXWb= z@3Gts9=O-8kf_R-_;B#_dRw5NjT?VLE2n$Amid*X)SE6QcjkPL+*`90N$sQb=>tGG zvKWW>je|arY8gekiStc+apulZ4S}mv{}hv*%)2FLk>|D0UW6FAl9u8E^HG}RFFrgE zDL<`rq58C9o;Eb5U+KZ4T*D^IUHPDCu-@FvdtUFPha9>CN@>fL@#|Fp?+Sw{>Nql}Bwx63 zJcZxjO;-EN7iQaD2pb5^d`{YNtZL%5w+>m>AB!>JqO!Xs8`|S1?*T*U7vz#Yb}2-c29Ng_D6GiN}i`v-BxWH ziAeYy+UUx@WI&w3@^{b6Mr_oL*|vxYIbu=zbC$bK7s?FaTjUo$Oaz2xs*qo;>XeIu z_oyNMFPOhqGhCrL8=Yi>SMsnq#B?9vXT-zaNaR|@vp33&iP7F!DDmX;B3ih(oF;GV z{!uv*-bq0fA{e}G51{F0kS#umrok0|PR^MdAp3fAll>|iV58aEByEjx3Nf`49btaN zzPTkEP9g8BPG<$3KQ0iY&H^IKs80Un;PzU0OT+htE}e;`E23I5I(aUq=Wn6-pDqw3 zwG#K46y5aQH-X5{$@{rh%5thC!$9;P>z(F(5-<(kQ}qM^D_2X-p!64mqD=`@#CSi& zBRJ4vc7e?!NXXPswAuwlSvz~rTB9d7WR9~jkWK6@<<(zPlbroW;>wp2Rw{DLdfN_f zE(6*Qp)2|kk}zn}91uFXk2WQO36?}Kae`DHsY{a zor^9`!!?~seWPkW&715<{AG`(57_0kvhImqMMCFdG4JKdBV0$Jt-Q0o%)!gIq{0xV zNxkGNuyC0ojIbe|C~l~9^QLpK9BGV}d*Y3GQHniQqkiEGv2kf;X!K}`hFxE*f|e2l z%h<)urjMnkI$3sNKfKPKvW1aUm;+61$il8Dwv_F+gLg$*TUb0``R7lsA2fb~4cMoZ zgkO$t;zofSJOeZ+B7!g+ftW4w?JnsnxEN+I3tR4w2~#2S+^PRCV(1aGo`zdy=vnjV z;GAya2|Z)qdX)3+L-5Ix=t<6bzN^rxHRCcI>4w>{2>2(+!GiLd?aB|W2mLUFCd~qO z-pF{ey_JCH5x!03o0c6dzX_a?u2kC3w=N0)t8+KCPTTP%d*q8i{HOZ!g5L|L;rg|x zpg%(0SHUV}Y7}{`KyEW2b6T=B$(0!7?OJAl%sWc6kB$11mW{tf2MWIn@7L>yXSVE8 zw>EW`e2?LmY9cVP0*1Yz{WP!>_UPVaD^Q&veK0CIwfu|z3kp01kmphfc{!!~YxS4i zwU=4TP{}7fap-wPOj$UXR{_^4b#!8H(qzrD_cN#an=goLaP54AQA?t%xryg^zw_X= z9}QT|W6Iu=#E&cb!`p9?Pq)1_%q1@7$+0Vze8Xc)s{~e66rsm{S^bt{*(FA`Jlydb z^_{1?Y(N2ateQ>at>X7xO&X1!w=a5y3-VKPh4-Ao-JV|`^GPytTM^RE6PusDxt?E+ z-YUk$9>Y0W%AW^_xH6jF8o)3e{Nv{PFG@0uf|wF>!{;pF3%9jbk}V2FU&c{wD}Wa% z@F=9)%7nUf6`|#Z`9OML)>~HvoS%7_rk1LksYHoKBV{&Fs8mCQ8v#L$9pn|6w6wD%mb9Jc!s2h<*0Lv>cGg}1j@=56 zoNHgZL~i^@e1KjthM{w9egI#&|s|gdeh7}}kS3yD~mxQO8%OE>?x6R#wF%s+5dAN_?Bb21R&P@f} zfyJ}{kyp|ty)1Z2sRWVN1`sV-3+3eP)`a`>RPG@m)QJ;l`IYSq7mfBOhbT@11J21d zT0@U2hZQfxKQ>%+klpFMz$-E-4*Z2c3;OE%jP6RV%t5v&swwdZ<2#bU?q$rAo(;zf z0Z7ruFms~oOVv!2;04;;fHL?5NYRbu=&0O79UCI!I51rgp2{ZNJ#LrwXlhHAVY{bF zYCs$I=w=Q7^={gZtnq(my82&z`0w>m^}lTx`Xyx1lseG~wzP7Qwe}&#PUd3S0p|%r zaGApAOc8(Cl5L$Pr01>>#-yrfs<7+$xwF518eTxFAcff$YE|D`j;3B-sjJ?Y`DM`K zGS50u!61Ki-OtQ-8|`d4Ar{#839??}n=vIX%>qds9SN{;E`4Typ%?C1VidBUVO0Y{ z41K(gX3JUe<3;6Wvn9)kUFvm1#QVaXc<-2LQ|8%x{aNvWn%-lq2@a+;(vcwtEp5aSo9StJg0t|B#Of4s?D!y^!E@2a9h3VbxSy!6z!R2jkODtJxkzusWH_bAoJr=H>pr zYTS~H>F_Em>eFq=07HONDya{7YLR$P#Ile5eA#@1sRfy|^K?Y`IsxPXcbOT1@mOG( zyBC|@?!ok#iToT~&@yc|rByc89Bn?`GSwB33S@HbERVCFNIOueXAe({bEo!QVB_GJ z@uQwc5l%^v`DeIpoF{fFDQ$<^Eh@=LMiz%;n}){|H3r_c>R=2#t%#nM68!g`F~PNtI~!DqY0JXjrX{n~ z_9jmx;BXu`j6e3uv(ujkdOW4INckx0g|QKte8IqWwQgp+hlfp4w7ZG~Kxa@iHpv#i z)5^dQ`lyS%VZf&vLu{(~puO%}0S)&81sJR{y8x|M3lx5>MbW+iPx;{k8Ki{#t$@ zqqJ$a8H6Uh*H0pNpuV$dm$`UL@<)63C{rc0V0+jGTRZvi7)fovMdgUHQY|Nb`E9;xqX-M1HxI zLzmy1p30C0E0}1Ey+8Dh(|V=aFS5HPndcs^<=nhr;><1ApG6&4GzNb%7JrE3RAfBi^eAFG#m91O(M&hzXA{==yQw2S*Wi`#Zfmk%L zzi4&XDXjOUW+=|HH7A`K__okTEt&b!xKR4V)Nld&^jnG)`mUv*Bz*t*|2#dAXQcQo z_4fjdCS?)K`YZEuIoS>6c|zzn*Ly(pbi-TFa?g!~SCs8sDm6;P5=yPB z?L-F^>@h7ZLt8d&JNyEIXtxwzrB46(huL{$;^p|&%U97h(P4G->k5WOpl5sI->%E} zYa&lEqAI#y$mDkxm2xw0pL=m8PMS3`Z3T4w{pMrf;72BwGkJHt(U7~RZ!5Du>rMEM z&~3c!!m}VxLI67~ml(lEeNE(eZm(-xa(USlItv=ynZ0_dZSQ}RZ$Ezg^bxQ3G8*19 zR}o*I{`z=CzBUR>?XayH5R@k_di0SQvLGYnCQH&>yfQOSO(RnuKtJ91!1C7Cj630C zd$zJilKwGXF!yvyGmoovi{R6z@D3Q&x7!+dheKAy=MNV_RNKutA5nQDA~ggngV3f_ zF^ac8=&w!%@sg{&CTw{Ijq-BE`DW}g}Z0Yc~#h%#mOrv3Hn#=yr#=f4Z;=R-5} zQ0M)H_cEa)Uz)BZdUf>Yz~LmGU0ACt(w%PqFb(@?m!Tg6V8Q92T z!OJX>+!bH{*7%fl-6rebV4~MzGEfCf6qq+H=m_6^BN zPtV5oU!)X{`^r(Tod^S@EBC4jIKv*11})N4$f!HeaH`O>7+63W znrFJu$h(gO6wmU6Ir59!lCFLd)A0R#y~A2_docQs<{4MJSWms%$lTDmE$&22WZl_p za#=AUnfWG1I)i)fmLH%>{H0LdJ%#Rd4C6UAV-qt%Q@PkkYB?v-k~=zOROH@d zT)a^bIOOv8P@VUjAqvLmr~h487|;V9x*w`VBQ_)gWwT_c_XLHB~;H@_`eKr0;XJjl%* z+xwzpo@ozb1B2~vy6ry_P}(`*jK&ETX5annC%DStAkH7#t1lIXw>_u!uq2T#;VmKw z{!DF6Hw`@^!+TZaTF@qWM70&U&%&1StI2I8}%HCg5=UrlxOg)kkb`r z3Zy)5OLKjod~vBPBFg@2znRaBz+a+j1F6pkaG&H1|N7VH=QJS-Gc)jX%+W`+hzXJK zgjc>tH^CvD`29O$H+^yw>0pzzPJenr4Bp+?a!AAX#jbyj1+|YTwri$-?%8js3uEh* z>_w8T+4o|{(Tb17zn`YNrN&=|X1TBX5lXZef^WGix=ehMsEaFBUNi`ERvTxuZmPkmoh2n#C%yngIhx$CJhF5Z+A(IPsXYIz zi9sw}Hi+TV60jo7`z`4wmSJa}Kb!i8Ua^g^d(Y3Mzr4zT$L>V@_Q6)kVd}Ub`KYd2 zsBe{r?+#b5hx#DL3@0bPl>w@b84*EJfFa)%^))f&WA=;77xi4-Rmn@AUWyFVC4XOV z*4Q3gU3*kVn(ojh&Yd3aIEzHu#o5uwKiypZ+D`MY5wXgKksX_jZ~i?maWm(Fyq`-% zXh2KHz7{9>9j&?hNe`3>tK?V9sp#VJ)Y=#K3oBv?|Gjm`_V{ex^Q#g6FS!5jOCj%u z#~I}_W6cZk{d_`m?CxNQd$x{53sD3u*u>U3AFK(?wI zV$%$1p!IUW-=TS zcgQ`tlQndbWr-~3qh-PX&SwAJ?RBYCFM;>(zonmg z*&MMK;MHrB)!FNN^;TE0IQfJC7N`C9;;x{l9M&eIugiKgw#+uIv<00$M(?QBARhAM z_J2IW|9Oqx38|Cd=V$q+xnp#adXCvvsXVSF^_Js_fvCunV%Rry3qtYqfe)USkLjR=1O;3KupZx+} z?U~D)IWW2dd@!k{ST~-?3*7@njkA{}|A3E>nmg|`^x9hsXHE7*xCRr1^Q&k?v#Zo# zR{v$3hlI3xx1$x9A+?idM-v0G6_p~rO^G^ia`UUi*t+g~aZ1ORaqK(9Q$7BCUz8p~%=CILe3YXDv8xqw2K3jrgc#Dfvr;T~3AR+uLI)>h-iArUNz|kH-=JHy}Sg zd4QMM(y!;z{xG#*{@f{J@&Iohb3_J7$>1fR#zaTBLt3B$zqsVlP6b^W*N8tc=NX-w zEd}*#i4%zW?WY!$?Vtd6VtgOXu)NGH|l+GZ0}( zo3XD=kzrN}Ml@W6c<*qA$(_2*h1D3+R4nbzuF}O5q>$E;9La3cKfO^lJ48B3_G{K? zLOV&kLO!39m%U*MQx^5VB=CK_{6engn<4WDv&{0ERy~p4ZL{p3^=t;?(oXyO`1z7x z!*fk`y{=}}oJU(Rd96fAuvp>=S?+@qp-gF-&{77gNJ@Ui%Ke`S9KRU-xNOvDRo^Nx z>Hj#s%S_I&cV+y1;7|B0@BL`^R$dfY6$s~i1pC}eA%G&cxo`IHF3XZLDk4UokK+kd zou(!6lH+KH+YA&>0!&QP6AaR5K07*1Iwt3nW@#bh;Mv(_d{cXG06MSs32KX=-<;Yu zj|jhi6{g}*u)gSvyV7_k7wIYWHl5=Bq?Ue-b>wH&OaG0I}+hp!^|#5bE!rd>H?ARNtEWt&zGDFy4v~8UG;cyWcKVW{U;VY z)4>1ldZuOfL=mPqw3vs#0#&fD-d%U6?U+s}(IJ)lIqzozVoEUCw7v6;edgTl%1&yf z{_0BUP69SN5kdxD0il802AoO;vx}mZI}hq#nYV3DUM~833iOGZrhu8l7GP6##ycUo z`^rOa|0pPS>@zlba0jmOfh2A8M8=PjQ&Lm49)EBG)BWFwrDvm{!uJqtJ1@U=oh2g# zhN+h8z=ZKOa*l;I3du($6f^mKqke>`HY`i8>R-`rGs?yHL{CU#T|U!1M+Z_5rojgp zW!JkQpW0zCZv zLiiS)d(?I}IwH1Zxw@>c%I6MU)cyn=HLAK4C>Z=$H;+$xJTZ*ex-a48);MPOi#6+_bUlT1U`LJe zJP95_Y9@I~=bA;`unqNtqDQ=Ak$a?FM<)L$%&O_qw;J>c5p+f}7NF&kTWfEtVTl)X zuUW!#QwY{?A8-z{LIKO5My{b>_NV4j3bcNlv2>H&b*m(LxkNw~l_QR9(b!05w9s5C zqI1N4Gy)>uUN%hd;Fi4spS!Z7Z_^U~Y8Nse=LqS?R=n(HY-2u^m+;m$0lSXV! z^8d^o{cD|lSNvI2XL@%dyDes#v#mX8dkUG(dB&T1daF5Gil15e)>mQx%!#dY*n)J( zBk}{;`Nux{%|14oimM7qwjE27&%H<6-xW`=WC7lQ`}LYBETDwgB~1wRaq-=+=UMr$ z)~9QTuZ~_%`=H2J0`F2l+>Cux&uNx}F}Oxl>2BzCZKa(j4`ZU8bn zCv)4xHm%@>-qzMe#nm%!^kIkjzIk28T4w_4Gy0r1Hs4RD?N;V&*O(dsei0N$T^V!7;ZcHKOO3WovioO8Qw%&O z&(RSXZdurI^Pi$|>EBcDop9uz5GWs~lRoPj^GwbpO)WwcDrXhKW@uqsu?wCND}O4^ zX^0Xkoq5U@s95mQG44;n7+q4^TA=ZGXK&32W~X8!v~at|rw9qI0Y7iDn~reL3#8eQ z)IP6Jl(^+M75l^)vpj%5ghaY5bZWPJzws3){XuKwIA^9@H<7=?WvS#&R7Qikk8#V{ zye^lRDn-~d$@!D=cIP7apU;(c_bzvj@#n|?--m4_CMZ{n{v(Ga^1jn=A^ zPD@(e_W~Hc&Io=re~h%}xR|h_RZ2wA%EEtif>^(-Mb9{3zun;ztXiFjLCWGc!-+Jx z7I>-%+pq*A7WwTU*{#^?hITOS`w)0DXv^eLfCjh4D~1Q#IO`vp;bh; zDKd69W~q>HF1wVUv&zBRnyRqtTA_$BMH-$)1mx)#3%~n0U7=Y94+J`;VaP~1EkB7y z#w{O>4$>hWCDMf;W}Dfubl>JG!9-@^PLx9Bxqy+(^jUk&JlO+@Jiu)>%m>w`=!oIx zUpGe0f)KV7ZF;Pgx=_Doc+GhA&%;cf=K1JWU{vS5VG;|t zt*3diVS1+ycf`02r`CT1%@(L>@8TL2Lj@nhW{k8)J*|~2D50{Mr%^*u#15LDOCpHn z3?nB1P=Sg}Oy5T`01LcL2Wy&z_h<*^MtUj(R_|b;_#-L|%I`7pWQEa@bnelU59LjP zo*>IGWXK)683wXi|Byzop(}g*U}UYf%VFm!d%!CeF|nwoF$4$Lmi!V_wE2Y8ls~%# zZ)gwn)ra)G5n(5#e2vks_WLoG@QRnlOloiM1+G6Uokormia#f9L_zua0Q_8@b}1>M z_*;1gFKa}?Z`@Mg$v5NVd;E$Bi(f|}K6v#sm0B>q-z8wvos@eqHdbf@G?S;_u_bc8 zBaS(To1bK`AQ+*Rs~RuK8oz-z?FcM33zh^fFura{!slZ9u5S6X=-X3?(V2;5E79h;-c2C+vwbfv!MiC$KjS6qW+K{IxS-}HxCz@%7Mx3KRsIt zQdE5$0S%H_>|(>zvUX?Q0l;wo9#+)<1WBXZGP9UYW0_BrKVyDtFsahL^t&Z69Y?%m zFys|hLrztY#N#Z(HM9jq#`=?^!NG`6TWG8tX$!r6R0u>>y3s;n&sp>3tXdD?F;m-5 zrSk<_C~i`b@P^s-nVk(oB)nx>YfKpCd0QO|K`t}WnhoUk%q}ydab;fTSzFHOZohkm za3vo~AVu0x$44kH!mzX~WCnPA+yU-y$E^6B&R(51;#{URT$H!`jtKEe6S3F+j%<`O zA#&~AJBlJJd`)oGmGcImw^uB!fN1WZx;hDF2*4rdB)k(MYZ?boNm~;CsTDGHT(SLs+;Y-r=|LIji(g(?M~`FR7uWV`Nnvhu$x(mDRl+9*B_;4;g!4q^}RE(z^(6tKKUf(RdkbNTOTdaX4^L@lSw!e zh~(ncvd1vMo%yRjCE*y6Q;$rj2R*8nqA+w!%J>B8;E0PYm$Q|zp5GC9L_YI^14GcL zYNJN>&b=zphO>Ooy>fwWc7MB_i1Xv@H}W7~oE65fvMOoq=RUmfc?%WteXayQ>kBi) z`hqrkhYll~V`-4^9PH-Yj|dC)&=r@Pf#j_NAh;s433;} z1O(}h$Zx3*owJTUIf=CVIiDlXU^3Q-u>_EGiiEZ}b^vCWB48Hd?c6#2^Q*tTJx&1= z4*(a-$-A0H&mSAS?LkFTk6~lp8Sf~huQ#b=_iV0KI|!=yMCy^*9lW9JFez|41(*bjrd^Oa3)%P+Cth4-tph7t2g>_1neqvhn^SQ}KCx2<% z{~8%`f_P>cPICShzOG?!K#R}28Dd&6H?UYKERyv-^_tdhodHuw<^Hy8Z{c&%S!;dg9u!=VGca-Yj+Q#92kj3=79y z$WL5mP!++J;wo(CTnWYUELNW@pS*k~=e5EgCi3anaHjim$SeIIw&7XTEFp*<4F{S# zZOXIq&S6_(i{MKxwW*kg`-sMf5GVPFZ3ej@B(WKlLNe5eHbNP11i-H3 zQCVM|%r*_|#Pzx*a{se5%*!5m5Q2|^u=Z%%s!p`8S{!S=aW&=XR+I0_?P6FL5u-=} zIC?9lYIAjjkO48nlCZ|OYL=^?6F7JN0pecKb52$N*h{iW-9860_T~YgT;ba_&)@6u z+Q6d)_hccQjS4(ppmI}-&?fCToDWy!iqvcdp+p_bZl}muoyMQb@LO}2R zJvafaV{DtY*ld~I&10E^C4U(9=Gv&N|3+R7mTabz&6 zrL%uEW~=lT4>#J+7WuKEd*LH>a5e1JYP1mQh8vmHQ+x?M~e1tc<`O z`~^m`2@3VLOvH50xzz-hbJ0Tc{gc$1oPqy-3m(H8!*ku*OqKtM+ta(PN>E{*7Hmc7tvqKkkNXLMat$JfNO$ zRA-wPdBvT0dw%Je-RX&oQS{TsG>Y3{_Hu4j3G9q<7P02vmm_TbyW#`s>u%v<)Jbb0 z;lD3c(m>%Zd_BLs&JfZec6@rdS`nQ~964~ju0oO_8Dt6!?Zj;LrG;$7g203WAWUPE zIlv#-GRW8b(5ZhULPZKlUNsBzOf^NwATJ!TH;8A(Vf~}b8p30_9 z{Isx$@K&^ULMdZ$J@OpNJ#m@)qk*FI^F;B_4!u?g$J@JzfGfg>`sHe7Cypo+D_ zu*@RLN*82&WibG*Ti}ot5P1)Z-b%bUhJI!meQM5W<=I$`3AD`hpR`*hI-B({YwMM? zVSL>fR6BNaC+$}%34?eHHX!GmrK4`;T<{A^iM(Crb*NRA`(0Uf2ECZH+SokC``?5F znd~p^yHX=L*=0Xl=gG6Bp2UAO&$dQwH5kmF^XE@QrS6`q*WlXbSUJq<@T}}Z9F(!j z?(~DeF;UKGA?sIsw-pA3@hU1?NA#Q`)}QUK=RuE{tUlFURr0H9d&)3*iGw&>@x_y*GNNc z+pt^y%Q6FBGwcoUfr3bnIf0%v=}IA`{-)ivkX!)AsEK;0egK!-c;72N0Wb95DlcE3hjEk_!v@dE+9cpKFUb+gaaYuS?0Qz|neP3c+w1mHz8O5P<58s0 zJ5if)I>U|itUAoLa#9sGpr?I%>xCG9BEAC%7OFD`+zh^M1+oCV6KUKZ2dhvhBoa17 z4u(P@e=z{@g_W!jw4Y0THKzQVgpWdqBj!uIrOW-m2FjQD@?Cif+wsqh@nnha8RZa? zb&?UBc3(UgXKF+agLn{(W1F3S#n?wQKFL#BQX#`DM1_N`QzDi4@cW#)f8T*R07z(} zirSv~B?-Qj?P$kJ(EYUG-LGg%>Q|hUocXSsV*}DmcR!q}_x_W<{2t6ft;Yfm7IDj? z`J^c3D(wiVZ&Kg5fvEbHUSPNv-o~DuM;(1Zssv@BVz2-9HZ>dhkytnl1^S$vo=ugh zjqK)TQsu}u512bS2(5ynM}Nua4>UDvEh5vrnN<5u9(az=N0qMqxwt!DI65dT13vU$ z6U+pYYa!Xekb9Mj(t-m$+_?6Px0I(Vlqs&rh4AVTGZRPk?5zhz>69(Q(Dr!xj$G&o z)sSG=HWOA3Uwa5Ebu2owaok=dYAr#q!GKu&JP|f&toqm|#IDclObee)o}!jB<_&np zhX#3$=-cep&$L_C(|NIbzlDU~piW`Uuer^Uu(#R%c_QUdAm&)A6}%sY)@k{)Suc*+53`D6d%mNSwN;M zV4-T9jgunV5N%Kh+Ro8;2!`Gm^w_b|(T~a4l8{=-lB%K6*C-XUY_m*2j^Qn^zx^?IRgf*F9*#|L4+w-_oo9&m>UB zLmiRHna!*-6edxfUt(15a#{2qPY#4eDxPmM6F& z|DgJRdQmIzzwl3xvZ0 zi{Pi#W}YSi9Unc!)#QkT=F(+Y^1Y=6|BAEJeDP(^mjk(q#j297`4xYnp_6)4n+UAX z0GDwXl}sn$$EOTB?QRNHoyEf@3SE#zNHE_5sCZo*@`)T zaR~BX&&%xbGG%p`8P{HnSFX=Gd-!7U7Yhq|r)39|K$N4%C@D$YtQS8WOK4=_Vav$S zJ@uK;g6*#hU!4+?dq!{(rK6Vs0(0>>7wZN_J~6%jfNW}7U5+A!alt=lGW2J7k9{~p zTgU`|cY!46@CfPO)DKH}p_3;41VFshq@6JHD)==I2~Mm8YH-nQuLsv*TL_iys&CHh zJ@-)oH;n+!PwL3ted4YgO;dMG!Tz*B$vQ#Rd#dZ-4+e^eM^iE6-G!6;)R^K9Dy=d# zE>h5u0ySQ$boZoqPm671%&Mvdxos##{bBn6lM-8iDO_Rgg^4UlwyQ344Gz#`T4xc0 z5y2ye3QGVC^@;p`uA<$&+uPHC)asyvxvJwO(aypSdo(Jua=Mm_`_d$W>S{%JX6y!4 zPqqrFC!+%r$}Vk!G!{n!UCFcXB2G-seh{WBBoYIs#{XaeVwH>TLo1lB{-B_3M1Y@) zzLr=Fk{W;D>*v$lX3OonA##Ck*`I=?7ZBLClc)sAwkncMLA>KA!&g1W)I9MvZmL;` z-O%5XBxW_gt zNvU=B?tW$wg4JjC^mG{zvz87pl!FTqo;kQs>EA^Y~kRn8e>1=`#H9m77($ z(Y4S0`?;9haCMVp-#({Hky$NA)i?@%PAY;V6bO`jqxQMc(;mE9caZ*l%x=y1?!`iw zTm)4&ZHNm=M2JwCYdoxS^oDqGx?6NH^G8PJF314oZv(OU1UJg~C3~?7Ab1pG zYL>bn#n?`Q{3Lo*2^$&^lfY`f85QDQtDMpmgy-@qe)002oAMz9WgpuPA2 zMGceT*nJmt+ijVOxz1ZCQ-h=$8 z>-#IcGfrJl7}E}HZPzhw+=;p_xXQ|XM;KsbU)}gyoJVQXUpOg8T(%fZPMxd`JDqj2 zob46G|CTc8y^FQu%icFrL-vb;DhQQE@>yFo!9 z`f1TidgRE(L!D2yQ%?wN5Gx2JbXVW3h4MBA7M0fzBID3`kdPn1lt(z(-~Ibp`W=G& zZ)UZzyQV+)3T!X@6ouGB>lXwC?5+JKzJP*c6?Vn3$XsA zhD!Fa??y(H;ipGMNjHVL?i|c#>+){=c9#nzXJM&|#_ijK?bzfW<0Im&pT1*R0B|>4gdL92*1>TWN!4h4&4&{$cbM=AYN z89UE=j8GI!`o87ek_~dparx4%KDRFBEOO)sBbX<=5Zh*Sv>BD6c>QC@N*vlM5ar{q zfcQz2#`>ls{XO2?XPMBi@7th3_^(*NypqMtvjCSNCmHeeXn&YB%bgBgF64VHnl8`c zJ1a6;+F(ELCT9zwPri#=;4ko#^P)?6#S065J))_+#C_k$KK1zNI}>xf?F;UlH)AoX z;rwN46LL8UgZ0>rGUU{~{gdFs?km6U1SK;SvY>pRS@s5lW^L@{qHE;bh7L{8PEsJN z{bN9Hj!ui=d#xUD5|Z3Esj+%sVZjm`^jWDdjnnXhmRHIPD_MgIXS4anZ^T_V#oYCU z9pWPDzE`o~d+a%WFDah#@nu=rop=oi0{iwrF_L9D5*2r7VOdKt?B9lE=DS0ya+ran zZAE=2Pz<)n^=Si1O5PwCT}pZ9Uk=aptf&U58M#EwONat?niAd>& zvR|x=0&;d&2li&2gOa76`~j9z&E0Hzy3X`pZ5@tEbg@RWyT->OMss*T8V=b2y_5r5 z(*yYm_etct?idmWAkdMZ!H*{Fs0Vb^zRvGCHmvS`ggVLWk-TnuV}C3;V31TGfL@}T zjhdRzq~%g%W-v%_Hnv+0$x)=#QKuJ4rno~7UOj->J7pbztTHE+D!;RjU#4Q#L~3;_ z-xBsdSTIwGA{@ynh~_<#fM6j{*Ch_ z%anhQ-(L*fEYO(OeE%mx2MxpCZGnl_I(B_t6!n*MXdfWS*Hq{`$+zG8;@ z-ikmI5?b11l$3oYD~zCv!dZr3?|=Zp!0(yJQ}ufU9jArLrEjz56ZkS-D8p_rbpPIx z@MI9N_CV$lLU2K6%cmkC^0JH!;>2T5b&9!BGnKX7hSB7u+LlI}31rG7adFB#s)wXy z<@3*?E}kjwvXsi7IXfZZsV!g?U&vK{-x9oCpA2e$Y(cJiEe~|{vb~aAjE=rQ{s3Ia z{nvj(`So^x1ul8~HxWjUNS?mlUleQoljVlzYb)I?9KP!HE;28Rlp`BdzX;7o2!>oZ zqU`2u26D-53t2XCmUauYtxr%{b?%>Z_YwM;tCgH_znyUAL~aL`#AvCTzGyZ!IZ)DA zPus)&q~bHSi?J2N07XtPeQTs!Iso>zGImdfdMJo+P=B6qt=8!!h-S6$dh^neQS_{( zig?=+?Z$lZ0|KVG`oPGq-y?|+*ze!kOea|ge@nC#WveyRgLtuv)J>JNmvU~+?pV%@ z61xn(J}ZKHGZNjGsHN$;dS=!^dhDA*;mnbvvS1UhZy~lADZU7t`nCi?42xd1mDQ#T zY_U9yUT+e|Un}940`J`0%uK0qO&Z#^Rr!LfPLD-7*0U~W@Wtgy&)1X_oTblm_!)R$ zu>O@9j~0bjsAl4uOo7!VlnB_@d`>M}OT+0`u2g^A9bsWn`h9vsL{}sYDdOi2SV-i6@jngMwSlYr%Kfb8;SODQZg%s=MlCghK%t|(+#_{^o zEcbmn@XI9kQ`uta1w_tT#QQ}R7i=Vdmz5#j3LU_sucPF`XX=T8H;W?p?{8*c#BLCz zk?aXO28aN6hhu%vM*57Un}fz&xW81{9q0=VwD-g6T>q$I_MbY4QS zSur5Iq;49rd%WY{>I<5yGfo|u*OFK$bIUR=ebj$cz4l?DC{JVP=3dl`PFa(_n(atzXQ%vfU02s^y+Wbu z<@lOR|7edyqe)LL{frB#HufgDxoUB#qnhvUR;~HthM@L~R`R*ki*1bGKgo$i8f~vC zwI?D2S{h*jObOPo;u`N_UBIR*$rWU)R`hmp>b*=^Ab6nMssE6N&}Gv=(K~juFYBeo z($c5dtLA?>1-qOETe*#R7HO7t)9Z#p3db zI9-7aBoG#NFe%4fo zwbUpPqUz&uGmt1H+9%eimsm5rBR!oUIX69>#oE>j-HnaLve;WL1KfuY2Gd+Ti7tiUYEf@}1Ema(F1?L$TQ_aN_DZpWF#YnSf1~SrJLS zmbwE=zA9C<=!~49UQ7p&I@!`>2B3DT(J@(m5gOgoUn~?C#{#iST6Tpx77IYPo zS>xafIELS^dv4BRL-k1GCEIrRwjIFNv400 zV=0?xUNrAl{gT;UYTEMNBuzGFrIBS@!S1iac}`*4j3`nWWEb6R*zmj*&!qhoz_%`5 zz``Sc`oz5VH!`KP5qC;WoXR+X`O*;Rk3V6D9JS2jsa5pMuPi(13_?#{4h=PVR%#S? zvE4Q>R}>KiYrP^g{ctHZ?i5Kh5;!AHOJV(0QVU!7%O|d!#qD#-$^8VZ3i`mzQuNM} zjW?(AvSW7?Ch1eV+tAoRJT~r^Yc~Lv+3;|yN}S;*)hMEUV|*)IUZHg4XL_F-U{+so7=qn-gR9$zip0fm4jYl^b>lYVA2lxtuGH7RSkJ) zbsi+q{y{%TX~2$59JMZW1t?V8^qxPM=Y;j${-i`1rCR1>)_KGmT(8eQs^7vYdBnw| zI=YiKo$1!;^QAc|dxl?l4Yz6bVY;?A0OONf5p{Q3ZJOE5y*V-~!|^gQ5thB z9j1$8qj1{gIj}gEIJ)u5WTpp6r$cGJVi@jjo?Za7pEfdQu3WqB4C0VyLwOSc|GA`}+Y(%jwVFA=508^Bci-Fhyp!LWVusw?HS(R<3 z;g!r;m93$x*P9IoY>IHsV^2f!*R{MUJq zo31W#CK7Dd|Ll`T0uLkF>CUTxI=qEeV#xE7X0{nPiGI|8L9C+7eH-FNVw^;SF;kqV zQ835Lv>ps@b*a=B%l+i8nm^u~&h#RXe;*RkVE2_`Kop7}zT`}`^=i@{KYx|s)9oaE z9Quzn^pYsQx>2w0GnvF~dWM_G_vXGwUIXkTg>N||Bc!{jZDRhD+EcxzH)|i9nG=7v zU!j`7xYBT`jQ4_KG=r`)I%0)b1j}w@;DPR=5Mk&T%F77G*yEr@((TDVkDV{&MlEODECN6{)*t zj_2F368GT}DYnd6kN@G=*|+S53}@m}#p-@&s~PxM)Fk>leTf7k!;QZn8YIO4^MZ_B z$K*LJ<#-K@RKO6Cc)1^xEDEa{jq9|c(s>Xwkt-oY&5)YpoN4cezYbV|@9&0q-Qwke zJ_fHzR!1D24alDV4_NM?vh4`WPT(5jAO>2I77HJ!^ku+U-S_8%C z77rqKu}3B$mf@37(xm{pbIs)BWtigV1Dk=N1R+QJ3Emttx3P9|B8Ci=6hyK=6a!td z#B=%C^Id4R=_iX^7{k?8#mvd@SR6czNX1|EjL;~GA&9X@7>A7t<`47PZwIioS}KbQ z07L}*eC?J{iYLR1Kb4~UKckyeUZ*V+t(;S=ziuFFI@wJMRJ1#y&C{vuV(#$99OdLv zd%ARsHrQMF3^5T$^E@eRxP(S=dMUbK+}!HI^$fn~&j$@jw+71S6_N_cqhEnogFmz} zM4c%`>@b7(aYwjS%V_d5k(ko~`;cdV%q~1^E8p)ss2j zNfD-}cJz75aKf(hNQ{5D+ntL&!}}9cqp0bt#bLcT_?g7Tv_Rbh(=fV`poJ&+NmM<$ zu&T860g&Rdn7}KYrmGr2?}RN+f$WWcn94HiY0ruhez?H`UYd9$O&1QtrI_k>TwDS1 z{*oZNhoEO&eH|~u>{x{fLD2=ly31YBj-OtCSxr!>CvLvyx^eL0-^p)SOnip0saCxHwaa!16P#g@kMKH&up zZW+`6>CyhIBh)GRQtU>(WEZXmqWkpSrPAG-K(a^PAKU5JXH{@{GmS^v4r2nA6cmo{ z(*o-Z55|4q29h`oVhL~M1nx#}3!NR;LgGH9MN+8zE@@tQ_ZFeJH`_iqBl{8MxG)2Qf_|quM$f4nc zI>+ilG4t=Ccs}7kn!dJ!ptj57XKLuq-LqfXwG{k*a_F>cCXNuUF31bib8xeA_-S*2 zs@>1Av81^MNVtMxGamfU>zzv9+3g-6L+?5ByM`h#aQ|}8@{%A&iCN`TK1Z$&GbSx- z**V|In#$RNe&44B({gfFx4$)9;MuP%Tp9dxYgBO$0l!G8URjO7?IjsTd^jEYGhK_` zs@TE&4uH*6Sxg_};?-vx`fCEUQxP9^8O+|M+d01G*RNlb_OV$Zj2kOxz$|n{o&?^H zhpfGz4HC8P>evbUsfSpbyd2WDwjgWkdZKcJrf*R5L9?QN40%Of%!4|5*p7AK*s+t~g(*i9*(KD7i<~POQD!_jq3cLs5sjmz6qTuiBFT*N@ z`S>8YABv*p3*+hO#o;P)1^e%6&DdXAdn)*~iPh#Yip_>{gnL(hu5&IgpFhZx>YrDU zmq$erq=6Z+?M9Csjz87c@66re`&vU{TyDlLbbC9D6=)6e%Xku~e-djDAxK)ro<~Q1 zC5|+aK}apwpF0e^Xdx{7Mm)|g-cm&!y5)Pyt@Hcj7M>hMb(2vC=hfxSv&)la^_)F8 zbhw)2q5ZXaNEqud2l(1qbTO*IS!innp_fE&ao;z9Gs0E*!ljb3KBXF5-283u8M=zn z+w#uMt3wX6j$X;!09GO;BNjjt5^)_magsfm40=yf@JLFb(xu-)AOwO4yvM)TfOk^p zUCD|GLbz7k_Yhe#2%Efuw_NIBDP54!5o&5qGukmSBXB^2M1b_z3|x z;bmYH5s%T56Y>vkw0p040lkf5LK4RKcxAh*c!QEXV49^{rQW zuQ}_3go-68mpbzzb3|I*$(35!HijFk{7jW`j^KP1GI2P#b|$AhqQjknCg=fv*Ok zkf?Q+94S^h$zKXOB{v@$BG0S$w`~OFNwT-GD)TIjc0v_ByQL3obad;v-h2yfzPPD- zD^P>+Cv_ZrzP`CSoUxfRzTv6K$%b2^eH!>pgbCwIKf7bE5IbhQ9HN@H-h-mt-`|n4 zDX@-Qv38CQv$@hsSfya$>`!IPU=?jF%{xhZouru4gUoU^+JkmWVmS@8 zR~KTf*E5(*>-sPFqtw;hSMiuY?-{M9enum*Hv3t3wKuN z>He*=En$z)YThsxf7E2skawpX5_-tCI)F~1U1*LMv7Ijhp`LNNQ z6RD{dqT-rwal=J(-uTneL5x*aq;~^@tYFxbHjA&X)HInduGr5|rVs)-Zpg7P%}b6w zT^U+ruk5OSOLwU!HYAwQO*LJHJ+T(3u75zfWyKkJWrZdkhsrAowV)vCf7S%d({VMK zC&N||u`((1qRBzSl(*1i+e=@uIji90ynZM&Sas!I}l!?s^fc-Ai0#3C+2QAY|b5q z^s{8c08S%P8KdZasDlgrvS4 zwzslzia^{p^lRLk+qXp!{7j9P8%O5oo==Y$@cxY7XW*U81b$_qz#zxb{Lj#TumCb6 z1h$?YB8a25&3OXRy!TZr%NRh2P+p$F?qI(sn`CHr#iu{$$ORnmrN$dqwXoE@Qf}BX z7PZb3AFL{U*E}-(WUg6l!z|KY&db`}oq@E`4qxd|2NetTfkTka0*3QfUe_%(-yequ zt_N7`PfdTHC52yiLR_)=UeQ+}oeX+(iYli|uDDvq&L9Q*Nq(@`QJ5%Gc?&**j}Ism zo6#iq*azN%ogVE=N0-k2y;z~ z+&k`O51wuR5qRLR&_x34EBhFDd8G`9th*h#RI*M_H+Pn#zkc@cp$E*M#)^#d3JSve zTKVzo;1RYVh(gS|zMY12_TYuJZc!*Pps&OcIkl}WBJt2k?uCX(@$ScL?0HB(d(h>l z&vm$!^J7SC?d#W&F`+uoXq!TPnZsYDLDavPD3~cM)Ue{w?y+xytEelZf!%D}sjYd9 zd4m`C%iX^B-g6F{`^^vr1QU!u@m^4^{=<5;pU;4jf(J}XFK67}$Z7ast@#3F3qO=c zthvLo$MW6BRD&1o7vPR09cLeuQOf&jmO(#LJv<@YFDY5E3MZ@7mgd%CFawq2xB4eE zd1xM{M$bv*Q>!*x4-YSg*Rm^(;g;sP)>4lBB0)=fI&Lu6{?vu;=cXJjnF0`poXw&Z z3Pc^+5xO&9S9$~iN`K+zrVDf59n_mo7wK2-%yumm2Df-O`Sli7IGlPFjqT3yXqly- zS_jY7H`Ip}-uMvN=I6gtC?8Y>GEzNy1*$BP1IX~@{0rBBlyE~IL7ES2gkK!+x!3D7 zPoK{4%SFy-H90&7Wt=>*T?y?Uw6yT(AHXzybLZFJ{?o9~Y|gG4Ji7h0UnS_z%H_N* z=QgHVqQy=a%JOMbNcIb+0Hsw>W+*0=^-iCc}cdG#zv5GxYCT)3;jO-z0MP_ z{C6KUlmIAj#@||%lbQy14E@VKGm{D9n_1sBs(bcbozn{$M#>jUSg6n2BN*%Rv;51ilj8wowvJ85N6mOj>R*znI60aM+ocVfk&nTLu>rfXg=R;;DG4m+^9QE)4 zlh(ceMMa-KW=hE9dc`s&K2UcOFj?L42Y4GKd+@n0W?E z7w1kORHosrIF1Z@0_3}899o20CJSTRJFc~2EJ7TGFPsQF0!arwcWmDMXuzdR+MiZu z0S(Z@llq?(xOc&KwY=8zU#QUx^X4GA-V7q2KzSGH*_?;$+4|PZ!y`LA_c}3(FvYbw z_JvdCg*6GP_jP=8Z>sG0gfrggJQ}v6;?jxZQsdqvW?|ps^vQ0==ayDWPmtR@Rk}>a zYyVA#KrbqGA3drI(o&m#=>U_8`4F#KN7RN z-LUBm=;sD!VKgQ+F|!%HQYvybgz#uk;SyPeaqoVb@`QkTYWq59fQ%&hTI zuTOq-Q!9(^Us&$LTI|N$lPi8W{_M`8efajrsc!4iIMp$P&ZaiP+o%zFLcYugn%s9iZ;Wt)-rW_3=UEaBl|Muk$QVHPTEy&OS8!GbQuzf zKEQ+n?=ce*M?0%SY2fF4-jSt;<3=drw2tcVPv5kc5xfraI;P5yb17m4uMKGRNz?NBH^?urzr^@Atc1eUy z0D)N=Yx{e26VLu-x|@U;@prm+Y&?A>ZLQKI^^@a^bO|&3XFnVE$7%)dJdL1OFW(eJe^z$iCn0a@N0jkLn9@|C~!v^QdHrcz3*^D9eZ- zHP{0kkTN3<^ab&I$ZYGy{=4@qgv^HVz*&PWfQ>x13Itxe2kmTpu$ir=9P{ zLz~GRv?@1;bP$!r)tt(=>`!8}F*N}dh3ZcHTdrxgW0@B1@8qDLS-V2iBj+)!*K*l$ zJvEzls-d(|b>^PPA9`&b0$(w6N&Sou^~S3=6@cam@T;o3OR}6XKgi2Xek*IPm-qB( zh6SOPNcveDO(;HKT-EDpey*NU3cCo0l-J*=DXJ}dNyu>tyKIen`Qe$w>2I}5=GU6B zF*7yb!IH8Z;Wv8Sb`ne!#PLYG5cv1`+a3qz`(71gQ6_-`bFs3_iU}8kFX~vdr3tX8Xr*Q{GFCM56Be9K?HOO0l`DLmE~F= zy1Vp`iF=V`<6vMn2MFVL2L3^g#72wzotq zd%JtueJB3!{*(= z*|UPN44!r>`0tM;-p_?i2i=2@Tnc;wn`&Cj8$O7S?Jms|2SA=aeO~)hr^ANqAo^JN zT}6fKCq%Ee=^P0OA6L7tdR!+V$<&qYg~M!MME!6sAqF+XCrdL94?jVa>rd>h?b|22 zs2z7YJWtr*IXE2J-c$_UwrHq3KYd zR44oPCbP%j`OKX!mB$5AuIsPd*kUMAw_{`a`jo?^`<0Gf^+hG!MI=S1nlA2w$j#eLG6z^gR5@~)T()-nY`1nub-g#KtR~cDh zAszoCBU&fvfI#W8eGmf;RI#cJc6?YCd zAL=`A`>In=c zaJZbmdct+2U3zm)Gvx{D^=o_7S}cCGu~un?w)3xDs{YO}CA!p=@V(gwGK=0LMV+1V zK_^}XJsO#b0RS~3G<3eXl&7P4Xpp?NE>RKB)g{&1mW-^uXs&^zFyb*v;*+wZWOrmc z+_vA#+r)Zm>eu3KSGb2JqO)^5Gfm}-O#R%HI30bDP#0p#^HUR$eO2w&HnLzYW*as^{34YSGm>`pz*MXc0F&?{c=AX_N&9 zqhcJ}<>Si)b>~P_Nh!L!*nKxoZ~ErmAmOwoy#Aw07nau7@z~6`MD1RS>84dMMZN#6 zAf=WP{MjHY{Mf4)0uj@<_Z{4CbRP~qw{;M(6|A(g61m}|^W-kK`~K(G+pM3H>GW(> zIdAJuF|v~(xbo$w#dqTcmY;7cOi!m;gq(lS!SS1_ABk)C!v zN^Lj#zizFn`KRSa1W$FxN^PeVEi#3f(Y6^EjD)1z`pncId6$VI(fwYME{5Gx^xekWPYzQ_tKK1=;uk|h&_ADg zxkKHd^=vaEWFv$JbgENU=_!lLQt#KA*{0hicIBtGlKTknYeTD!)8Z0A^c+?6e95t)L)8f^O6&>4eed@Pe3$VL z@%*q#Y*k585D8(D4Mz3vf*3bLfsV$TQCGLIilr+fgYiubO}nDs-XK~hKSp{h<7>0< zX8oBIV?XsNknp*cE_Zkb@Cx?4?=4oR+V&S87lOgMtq$La;?zTSxH>F(?rd~3L+w?( z@@t<-@jN(sWG(Ea@?o7eX`7E!Wsdh?W3UYxz?^;D^|6aR>acw`Px8$=TlAU(pW=}2 zBy?f?a~tN}CG_+yo##|b&zLO=ykfX?_ob0M=`wx@gydqQ0XwVGWt=~Sy9|cQe#VSG}sn$ zMHSZ%68A}p4k4xjqKQ9S&@TkuR-brTzUI>Lx14y0E&6E?e4P}1PksF}5R`ebLx>(` zg;S~BJDhi^R(#oDx1`i+e@ldH1al{dOuYq#0EgQLSI;=Gi;cj+x6!fGc*gr!0d#y% zKN=9n7$SKp{xR40^4@IYy)pa4NxolRq{?YwL5$c>j|w`T5q&R8TGY#dr3;61awcQ} z6`}0ay7V(yF)hrOJjO~+aj^-78sT+{&SSxj$Q!9eNqef)WY6eUYz({xzJ?yrRu_0% zf9QfW6FjVcx^beS-1BEBDg*k4Q?pYEx-kY8-3#Y<(ox6D{P`b>@ZoVg!;#U6z# zCqfMkp`%r*)aEC8Ta)9VPAX0iQ@{Ln8My#D;&3h%*Zg>r)d6{Hfv$0@`eIU(5lvJg z@;_k&)4LfH`F43Wx_9s1>WCPd3*FI_5Ih)}skTSn_iyMW-P$5&yFN&30t{r+&X2G5 z&sOFd=wdr?HO&xDs%?iW$%UZu!T0`6~hP2+vAE1 zB-Gnx3oRJs%S1}QZ+Y^@n=_N8&EXi)=?p%ah;>@ByyY<6WY1OyGmr#REVm4VYgBnQYh-@G@p`rRo7<_p55tlu)A{uDiF%Tvymzk zRR#}{#!nYkDje}*Kwd|YU{VJLiC8U0oEN?vrt@rN@-BR4H5;C=+mq0jML@8eG99|x z*l1(l?07ESHJY6@S}3g<1M3>sQy=9%R&^zB$xNE*lbK}?mnSm~^`@X8w<$g>+;0TP zOLS{ZvV3mWInU3tztha==z38P@EDJu*BfL_%@m_62l6N;5?RfHh8)`T8S9$X^UiKv zyW&GD^F^2bEOk|$IX53O(@MV(&~DzI6eZ?-n<9FjJrzOlY#B`2@0ucltouJILYS}piGHw@mY7S$Izw6UA(Mvd<6xQyL+7zw=%>`Z4gd9|D} zGsrvs(9c}tdwH}XwYAaErl;F>%qHRvldMD(Dr=W6Qis$7F{?6?W`Mb8Q5)v>e13Mic>R-X8UI_hNFoNcbSntP``52| zv}6WVcSOYAyt_JcXR-$C^ueK49x6NSb}g%j9hn4;7#5y*N!$msS?N1--LJA21dyhEa_I=BindUZ}r{{Ch6hpv? z>GuI7ksLIG(xhp4;OO6NnK1n-nd@)p?cNTaq{#esj)T&nZ0mr({Bhfx_c5_h>Nqi4 zy`l6?Ed$K1HP6$@zEqE0s9%|*wh&`RIz>S5onIezlyvXAx>T&G6biQ-`6is-~; zYk+XIg)F=Gcc)ah>eCJ;Qk*=T-ojwF>F@%SauOOJa1E0Gj@&8_#x80MT5?rc>`$ z1@l18qOKv#JJ?#1sui-?{gc-NhgK_k?d-v* zd7bpr^wrGk+9o8*eGCCy_>t(j6qFI#PeJ(T4iXnWJwZIuRtyaW|8`=8Qg8mT)}YyLaWTV){xbw zJk19*ueb5n^9uaY#Xkbf8~c8>I9PQZzq7zoEA++dvY{>ilrgxu@Z1q?g7~qs$K^kO zQ|$&&WAOX9NeRl~hfYIE8uy3e%;olsXe|~%qE0^`Yy&5QJitB;PsH$p+j|t@=ChK> zIpD`9K(;>cmu-NJ;*e1B3w137PT0i#yjwml6%lIY402)tglOv!QIykgz{zz9%JsoZ zPPvIi>L34sv+XPmw@dY>9V7>O>l6Q>E&o3zZriBUk~il^dTobG0P*Wc-W^j{pHuwmNm}KT=U1&)L$d;u=km3w#mnj$z8~8I&WuPGS@SUuw+ku zVyy1&JJ!M`s8(x+uOe%WjdbX5?=Lvjq$mpun0J#I2!`*qFib5i#u#B!)bii+MAd(-;!O~2lT{VK2;34-2{F;dO#?YJL}Ic?Ngf-PfEr*C0_v9} zX{?di<@!yu>v>9l$;t}P^qR5D8|r%@$+Lz?v-xz#bgzpx<#LVVxfL z)oBg>7H(*-WQ0;$)p_Ed0R@rCss2le0wl%bw_ATO9M`~TnRKN8|RKD#^jt$9R!?J zs!(ldO^1^+*Utu1td(}PQ5tW%IgFg%8&mS|cf;VBuyTMT;@zvOaE`8p&@(nv9 z@vRS|V+)rWU2?K>5B`470~@Yo{66oF4U(q$s~yc+y9KhjrF7>Wd|btQ8T|A&8*cMU zWnH?JDM{#NT+YsfZ7!E;h6e3g2!O>(b^W3Osg#5JQ`e@g%Cp^A$$gRL@8M$H;kdy= z13Ov@srR`BK>)z@iDI9mK%Qwq5h!|Q4%&6&_t~wvVEp!VS~wglKE-l_?2>^3>g$5x zk8)bZMJ?0Fx3{`+Vqkl3O&JgWxxU%e)*OG-*@)8&V>8f5O@^2vVq*tg8vfUTxO30bX-1Yl3az?>pz zAg!bX(~D8h?MGBoevLKJ>snVy(Y$dl{XweF)}TS2;|=0lsOle20QZfuDYj`Ua6-TqjZ z&k*)Xd}QyJ!T^{{f!{d;nGH&=*k9{D9jf$yor@LYCehx#?u2x^mZiNE=56S`h@^mLc~sptukzK|Um zmyk#W<_#!kWdEa6mB^$P0&un@G3YMc&?7h1y`yQoz0IV@{;p`A|y)S7LIwn}*k z>n7Dhf3hq-p$^L@n(B!}^vft-CQKWTDN_a0(xFa7#(RUOBlRT{Qu1=4Gj8m*WZaIS znLQc%B|@Ffg**@o%tg#F@0xoVf2}F@KA19_qkiKdn92Q0Y3L8-LImUzJzF$Bh*At9 zD6wn9n&cSs2D=A%-E(+G_vHP^V*)x`jIn8J^vMJ1xV<3-g3viGSKS;f98>vYOBAI9WgbO1jwzBaL9MHw%7N5;|Z052RFxvc6 zw)KhYpY(+x%$=0|V`j{<4F&P5kp!ydIOK93A0BBZ$z?MJiVI~d{8CkbBD>7>%3_)4 zTkGvM8N|@{&PSKQJ~+)D^Q%s+n7^bf)pi(s=l)2U4#|(t##02#UP2?}=Y2t=oj%L< z=mz`+o=tgjPj`{mxoa_m_62*u?vTW5rFfY2ND_zj4R`!YLpb~V4a$&WD|JsMroaye z!F69Gys%2p+=+^}uJpzsUQa2v#V!#FQU7<5O?)VATe5RL8cmICLj?9qJygREG?|bv zus|~6AN>=m39a)n=&~W2qnEyIdyp!I)A9VaW>_jf@uwf?63X+CW{oSy;gi?#=VF2U zJvT2M(G07Q)RX*VR>A$b-SMGqUAW z_p7*GYLlEW*AjTKU~;%CI@Q(7oy608AswM^3F5hx}}W~ z_d_Bssn#Y%`hUFuaF1J+4U1@oN*~~O%`4&{-ZF9qHkap@Smk%+-e+#lf)Qo>n#h_xI=+jq$+%n znu@snF_&GhZ<-HvXWL2ee&(y5^I-=TK-U)ME!K>bY&s;PC72*wTI#cze3XSBDFK(@ z3j{kMogQP{)`!x5Bv`U7HkRuC)cB8PFSA&$ z&E$Hd+uX;b6z_Sxonh)DQ?n=!(K2eZOlHJh7k21hy3GZz>a+}J@={|=fjNCsSH+`3 z?DEgkC0g3jrAr%xAB02;8enGXV;$zHQ64j#-)Ue{_4eYNDgLWa!t_WX5l+Ij@8UGh zZ~xj@f5_eadS$BAP{$@F7D#pS$ZCH2vGro0wSD`vhxwC1`)ki=xDjw^FOxSP3*u^v zN%$*`%lCm_;V+Ec^i{{KTr@Lt$(;o(7R`Rtj0*S0RKi@o28WY&d*N>E%;YDlKuB@JS2E5 zta}?CPEAK`@HNuGfFbd$AphfB{8E02D%y zuFiHOCtIb&FLqG&T2EjaH4%|>`yYp=Q%$PZv2o&7Ge;hEw1WdeYA=BbUsyP5ADdXH z`QNe!25l}C4`h)!Y%I#ASsRrOk@fO=dR!+1JAFD`8Ql5(NbKx9mlh&(^ucQtJnK!0 zyIcF;5Yov!r0)6JJL2Nz(PU*8;9%hz3@oh^O}*6<50@+^%i45px(uJ=;>x~#*Ke0- zI$SCLa{p+az2E|eDz(pTK6yMsJ=kZHY{bEQjUkk&-vHQ zttxhqGa9RU81LcaLK-Kx`#0l;i9&lScJ;lZ8q?Cfcb|$t9$v{y&Hw1~he?RjzjLDJ z9k*SHgUPiV1HZ4>)_ov>p-;&IakV&{JAoIIvY(~CopCI0jQ+}hJ>+_@35#ha;Kf=X zv1geCg=XW&UU#s6ded_w!R4jI*|BHbBrMIrXV*czGzi3%8Qac3>)o=xQr$jGalZE% zKrQ)X@20}{6o^>AQ73q}Z5h#dbExdii5{dzy6oG-8AG1yx8GeIEqHe$+znl+ z!Bva*el%xSs{UO@Iw7Snuk3?90l4Uw?9Uw?1*HZQdt39Lh!{a<#OgrltGMEIQf8WFSmN#Bh1kgPu5~ zCj3^Ylu~j%tkJ?oU@Ka_LRA@BjS4XX8KY2IV50Bix*>099d_y>fjJL-J*ql_P4^-y zQ0p29L>fY;_*MnYKrMX)t0U1?)$cq?Xp*OQQ2paKuz{cGyrx$G6a0jdahOh3LsB*e z$rvD##i_tG&99Yf?F=}-MvYxM8xg)GTFyRUmqPfh*_r-^A%%C4S|J74DMj8x*?_ zlnDBFK#RxVKv37>LBL{VsOO@ziX-YKKe5k)Y8Db_RY2SfW|ug6He{Km%rwEClJBxN zVI%S9Q)H(x^WMm^Zql84J_;7*E^H0W;w%64Z$zst`<+J@A@S^X=k1tY1&ooZwRaoDiI@*Lti4l|6K0(zX4mFj0%Iq?hrzyKzq?pl^0 zQ>&N?ze%t8i{j9HPH6Tn?;5IcjI575`x$L|- zg8tgt0qo)u-iAFreIFQnV~|zx81Q`=c_>xKEJMcoK;3#MOz*wGhcAxg;gNWMUnm6u zkbqD`(yv6)DseDcNzH8Nej%_3m4(n?Wf==u26#6UZSdutBx;VfXQ|cs+1*abB+hiG zcS~9^`8Ix<(HyWODEp3;|KB&tO+#&;40jil!Z=cULu{=gj_qXjyBPs%V~%8|)MJ}xVb4wdQKUpmjAm_ojhfO9-&fbERO5EYhn$6tmgpH<16z5g~J_q5si?#0tPF5^a!l3x z@j*t4pWwz77>;|=8Xl?cNz6}ob1ap?h0(b=I}5}%=;T|Udb~`;Ul#23L`jw%5!Pc| zxD5cLr8Br*o`^_?iM8JzMl$RwNKNxN-RxdJT3WGdz%YK={J~{!uVW?V7@3?@s=&~f z6#{#IR`MnKKhP~80r3+IUqZ?h!5167EIEh7C0Z46K-NR`-WYno_Em6^E1eyy04(mL zAHl8YZfF>~UnA}q+6s< zm43&>s&U&7R57@Sm(D1?o2{~4so9M{+2u?uOpt5y_FqeWWc*mAEjR9cWb3*SjKfMC z2jw&wDB)vgQCs>uj?wgJ4bn~4Z!)~Mn%)h|Fp3&6nL|$^|cA>M- z+g?nf7m&BtGmLdi7Pb%m{$rU}U#9iBeX9Yc3Dx|DGh$;q!1{jMRg}5AU%YKmKopIQ z(W%GQAi$COpceZMG-@Lz@(+ZoACo1d+)r#&-)~%-k8yz40KPuBKV8~x6Lkd`wtrTZ zDu)K|X*;qB!bwEuj58Xd{xsO*aZH4aKw>6*6A`;%M;T@>B94*p9duMMH<2q8FY7kr zSPO}|AnfY9Y;QOD1wnfVYi*o1pd~m4zl#0%1lPg_@WgV2R`i!G{$u?A^*DquxBf<8@ZBBYk0qJ-F`1tQzV z-(YFrJ16+NjD<(;Hfj>HhR_~~$)3b<{VC_#Tdopzk>^gAm0jpQN=j$m1?N#E^e50g zxY`7FhQCEIBu?95q@h3W{zA#oKlcE+H|!R(;u#A4$nOtSih99ILyqgYqB76;2%Kaw zBO&jO8tdMqEQis>&t`9w7#TI|tVE~*Zget_&bq5FuYavA1S(!+KRfyosMW@vdQkO3 zY3YDjBYK19MV<+QUuN#h<{X3F6C2E+j1q3Iaq`(otwSCr{o!v};vWqsp59lO-1d+z z*>RynMm7Rp=p!r9_6vmV4Y*>Cyr?sN9R5O3gC@0T&bc=s&v{qYhLs((TZ#m7q8+LU z{c?Q0QUDydSG#>S<<-<(HWFqjuYgA?pK7G-*=BE9tQG!VQd!iDpSkPrvFsC|{G!@j z)-Sr?eAo9&HrW3h1iDfndR!Zw=m= zXwi%&8*Q9=nm9O^(oDLA_gZohi-e0?AXQy@;nMHLYT6~9At#4&y6V53f3hv9DMURt zsJmWVV44{+^i*sxQX8H5fWr<=qcI?ekYW2825?4QZT?ZcKCXgp?=qt``<~u5Ek3-=xG7uNOF+ z^3??hf|F0?JyKB9^AwWkO`5%_D}R|C-{;MdZ=a2P`Cp&8!@>iF-zsgLefe=r@JX#1!c3tJ{-8;(a~0 zgkAj{oNmK-}H%!2@Xi#s?51= z$CSu;k1leD5_a*iC)mv5WF`$rDc$qbd0EZ6q{RhGwdppsQHkf_nbIE9&*Xo0qG9Km z;6zCa`P1f_o%OOEi#X=E7n8H$K}h#_V6IuVJhXuL2|rDa@~&!&o?_|ofReLI7y#Z9L2)gMN!nC56U$%Sj}%Z(CxSOba6b$y_90&-<+e@GB+ z61~1GQ}Y*$MK(`bQ)c`^vP#I~OC)M)8Tp`b?8>LN?g+W!P?c9C8M_2*GRDHCqJCr1 z6pKFvG?!I>Si$iB*&*qud)H)Hx$LFqkdbQ*Q5~`uD}^j=Er$`?2|XL4(ud1~i$`+) z&}KqfgUIDk)Dvwl%Tw>mI8zAV`%HE;EA-)1d~r*w!ex%256)zLuX!a%yv})wFdL>3 zKd;UFUf7B^!)od85Kj&bni;l)A)_wcH*8@Sx;tcxxA}EM@5~sUsB~wC04T`aLB~>* zSbU_Bn;j#fXhj4*Ms?)XX-IbY9Tz9}?VtS3JcCRc%*D42PymmOX=j8H>CZBTcuw_x zoKEfSY&5hK9@IBl!xJHKUo5Ur1bJKZunYUf*J;LJvA_46!+-Ks<(zMF7&v{DQPqK` zKNNjN)!(C@?90M(aEhv_JcDmt!}+pF=%7F|5fWVY>GNnm)IUy`g0IMbk4>$R(T#^8 zuA`>bABZL(<>2r~{Y&aUV8R$&`xQ_pDXNnOLs(IKsiP*_~Ge2Ub}Gn;N9S%F)d78Woka6h@>F zFQY=QTzCX>m~cME1@hM71?k4Yh2^}cNnSsLwDcYsG&XcxBF_8D1u13fD^5X;G6jBk zJ=?~WgsQ8*-{hFt+-*uD#|2ZI`|ZA&=W$G@?{$uVx_bVV>kz7iC3RNtfZ*`VH}^xfxTEw4fSLS2vV&a+4%xT!O%agfU z1sa!1%gnxRM|^cRH7g8?PqM4-68r*@WeIt;Yk4lWf=&*fV!%c zdgm>MET&hT7r%rJY}g=J5D@~SNNn{r4Jz4P>Mt@g`RlLR^eEdd6oSB-g;(%G-K7b-t~FR+^)6qLJ0$_;gY-|DivN9{6UC{0J- zU=!~0#h#~6nn#cE{@w8*r19LccN=bZ}}+YPpe27ul-b z_7!w30V_HKqec&i1stWbYMRR?Nnz?MB%D*}0zcUf3+N{AIkj{Rq9I*JmgV6SLUbwR}b_BGd>KXpVY2KA+?dpSO~;2qPs1L#l5f5$fq z&HrXuW#v+l2vIj?>`u_`0pAL@Jxsv01i^ar_3oXrct3K@%4uUo1hv-+M2 z!e{S{e+!k$eL_8v*7&zZYX>Po?A4M<{`ixd z-)T~a5TyvJ?+;(%^0q;+-!OQyb|+ZZ0er9P!JSIkb4-?XtV@*oy@UdHdY_8??gvxX zv%Oy!3@$Zy!Qzzy;6~|b^RG{@&k;{T>y)1s{IRP4LYxaS2+O;6!6MkmU?Bz|U5P$*Y*zrrB)JAJ!8-Mkrk6d$lV9M<&A@Ef(eejjq4M*F(<=ic{u)+5?9PVEOy4n4JY6Qn!ISz z-JaIw_H}7Zz}{=&2QLCz??SZEg{m8Mnj$>=Ciba%4Vuxl8SOK*T%{iE&FW;SRkE(* zhZ`4@=vF$jaAFf@9%;EbVLa8~AdW85oo9nh!{T>Z4I%{y^Nhwe%!wFuBxx*yqjSU< z`@s_(6evivZDFf+tLxN}JQIGnO%IVNcC>}QwjpCPfM}&@7o6oJ9Y)?16W(9(?@G#} z?9b%$|GuYxpr9EXU?|B{Ub7Mcd#>1@Y4y~I^$F}vfF^5(hyQVf<@omw7`5M=4 zzCfqdswNVhMT%h4+A47=365fRZg>|=BC=787OTKbO?Bu=rvbO(e4tf@k9_s*)Qd(V zTYM>bdpY>5rR{#>YGt*P>3T;@`x!Qg2`sNNzGscGtEsK6m3geUxjKBm^I&p$bZYAp z`KFY4c%=BVtE5CUvl1o5Dl#G>x3X}C*^9A_7^-P;v6}UZ1>ahW8{oj^sULI&i20FbR%C0VxDC?+3QDJ(m_im2$ie&0} za3a(`;!C2-zgU}xh4J#_@lJuUu~9yM*1@Wwl%hbR{SH?B*XIlQycI^8p2+q(_JLIsJ_b-$$Cwijz2|N$7vE(ceI-M znYU58(4|9z?|@+>pRw$eGk$a1l<(7;?%a19iG_^egNWZ%B+&&VMK!*D14ffa+;p$Z zU9YcQ?;1>4XENF?16O526FqhH#;1Wy-i<8$#3)KvSvp=VH`xZ0@jRDzk~hQsYFZiTC`Z90Pe{3JwrMh7|=0 z_|iZMTbzg27^WTD)%LG`viTK#X5YsvxlNWuwuRw3r}ACJkjM1yO0LxA99jD7!F{0l z@-2Lo;JFVHrl{sVn0$^*K>tuk(e7@3Y(|JjXVV29b%VEje!ty0X)?O~G~qk3QF?aD z!%y@)Vr4hw@bu)N)rcPF$mF8^@XUs%GbL|A@+_C21v+%K?`U%UUoU{wl0er3|7Klw z3O@f(OX+PPSwQEtPB(1AL3i)&2;Ar-)4?z9Y7cK?I4k(30kP0%I=LdFgP9l(-SqbaIyf@D>)W&ZT&EEZoq_{?oL#>Q6`HqGQL(gha%m=AIZ1)&Ajfq|-&Vl{fvWWIVLM|(q5e@LVu+C5#h%Cpkx z@%myh37R)BA$5Vk;wlB;i7=3gN_2|E=^Yw+CmRck`tx#AW9rXTyh;FXhli}YHQwwEGZzd8s-$2b`wa;qK*w(@fw+j!v3}?D;timD zh!6b{Cm!Rt$?1J0`DFh@);M#tiV#x}6B^z=BLMGYO~Zcl(w5H`gA{ zx7UuY;0Wo?V`nV&|I<;cw4qM0WY?}<9RG%-S#p3c<+tG zoy!oun^Z%GX%b*v>cZQy%XbZt=>jyh0b$sQ^y@HS&k|1TpXA9dV?z7|ysSMjhWU%5 z$M@W?Hd$7ItQFPyxCWch-&u3qaG3`Q>CuUw9n1_q@zq1(PWh)u!;}{A7@H{%ySrh+ z1c+v$II3)`p6!GjY-enbIZZ!XYJBRK=q!H}^(J|JSErgTwobZk;zH6$>N`cWj!!^r zgsB!UpFt%K7;2KL-X~QYHwM+qX|*CF${vii-!ixR;774pMA~&?5%O+db5mV5n-cIf zLz+!MN@9wNY5R9ix3<`zdYMpS?H zgd|FS%Htz711GwvcT=D3Ea-zfgt%rP%-5W3S7uSV*2`ZeK~*3SXHUehTHI|EpjY0 z%+~ePWl97X(I{2nyt3@+N6HsG)XJ3Z=Talk!1ron()q?=hWBA@E-%ESqTCxQc*#lH zn@GW&o5ot?(nF(l-+$WcztR$d;6OViR=LlAA$D~iK*{IYs-`Tx&ziNa_w;(SQ<(m_ zscKn^Du@WJ&HE3<=9qKWi%%KoMC{uJH?iGS$MrOLaj~KH%0O3mc;H!OeELsO=nMgr zwI;(a5CYyjJe+!E>#^UnfBCQ{zBw+?g@u5JiYT`EJ%P2qus0s=j=dO+ukyt0-tH-{ zY@hy4W}_Lt(W$A)ReF__D5)5V47|GHq zS@uA`MdfYfw5ra$Z#)&Vz{Pb8@Dxaf%nMJ(PlyXqRA52!l?1DkiM!ckr{5Op5Q_j! z39F)f`+oMhEFZ^!mu6}69J|?(fNL(*YdTqfl3fG6QZNT%wp+~RG7$Z`qGqT_Am`$1~KIjHIY-~_zMUrlhnP0 z+q<-C?AXxX-DY(_v%bN!)bsHGyh8PdslX1;|a1Q^3+wRtZ%Z_mMneDJk4MoW2E@393LdG z=oN#FHa2S1hghvBViz81XA&-L)bh83`e#kgy2x@faopF>+N5Q2xEgK0{bl$qKNbNL>1Z>tDgC% zkDxQ;3|`%-!axBl*Gd4dawJr;0CShV#(cZo_DhDThCVdI+4iSQMWIW%P2Qa#E~#I` zqk`LjB_NdCGh8n9uDhHGae-c8fvIW~H1Ulw=!dV6_u>^i6>93?kx2%%inHtxpUJz)mw?1&`fkoxu*`_}= zBZ-BsfTQ{KhkAXAM+%?4eJQIfpN5Kq`>D+UVsU94#PUIa_e)L-!Jj|9;Gsr1RFc_$ z4rIe9$%z=hw!cQft)AEGe9Mwf9~wp7-l%JwAP%7!i} z&TWgE7iuyluGCw%6RM{@vfM_EA^jSt&ObO|SV%}z6eQ9yUVngmZ+CZ?o@iCRO`Z#wshRM)B`B7996j17W1H0Y|k6Q_l zWJ5##DMa^08%b6}XixfSfgU_T1h9N;Y4|wX42tIGV&g6Q@8m`jQrO^B1f5q}c~u9i6B)5`WfvEqHLGjd5aC|&o2HCO>KT_)qV zln`aDBmDjGY+y`q)xuK5DIizSbSU$}vKGiUO909vz z0o9%ywC9&@LHH<|;NK+P)AKmEzduvc%xD9{!eZhG5nHbA#T6%LYY^0Qp-8m&peZQb(resvM6`{TE$^6~C`O`hy>hA|hU0nc)=8=e)y< z$Kq%`1W3Cni26qn%LF(ia`pD+007UuPMNmsKo$J{k&Uab zzv@Df=Y_wj85d8bmx{Q%2Wll*d(c-t?w z;2+FBDG$>`^!!}ds0Z$n^qQRmA#&^LCjR_{-h9^(A}%wk^vTe?NbCbEx69X|cV}dJ zgTa3%l~ravE*mZTg?Qb&X%WQ~fu>_KEPD;ybEj%;l-O1wzh_O(%#!OM30nPxueK#6 zOXPi-TB)Wn3UK@ILGV`0h^gjgS3e7X_GsAI9dK}uBEzlf0FwnlUs6j;;8T{M;r+@o zz5;6Px3Hj|Ica!-4RA!Q%lR}9GB}oVX9uMIShLsv@Z^pH1APRTA%cSvVEgVU zP!E%PemR6j`)9?>S-B#)@oZ0d=GdZV)Kq(YE=US|Q?W@gHMS83XKuH26aRpSwt_;F zShuS-5Rr(19?yUZjkMDza#lqn=B*;yFQ!0;Mx5negB9rNA3TvZnljdzI&CyYwU75W zOn?Df?Y+pEu0==&t7vaFIb;Tc1rV}CG4aS`dhTJn*Jb`hs9A|;SjE;?T8NW3>uv$) zcQOS;4JlrH8P#4Sudid*Cy|JafaBv}yi)3;Br#%ahMxm0%!zuWbB4a>zbTiq(VS=%0qKhikLn$hhSSWduV_GeflMILGHwJKU2=(Dv1x}oSW$+~CaAHU}#p)pl*%CQ$K z{F%J5-w#Q(v{A!qrWcWHNkDVvRHSvo(!uL&Vb>6o&fR}GI@(#lPkT&Wr9CKakwHFN z7fP(|fh;x3#^MKM>obCgcX}4R7SuM_pq?~4W(^RN8dc-tMFWQx!2GAaPR_K!K;epN+^L~F9wy^p8vC?*R+&uZR{XGgU_*L3iZS<(x8V;m-a-h32tyP+HSXqW=08_pvt_;{tU}drYhXymrjm|a zG0AShR4K*f(FQOp1X*68ixcF?#g=+GnwZ~}Gz1L*#QGXG=SsW~{LBPZ;n_WlE$UkDy_Q;2Kl1DN+co}Zo0M=9)+x>#8OQ@k1$7A<*$`ZB`t ztW3h@=Woi2TwLgYyotSGsi~!fgs5jBRZCbXbWQbQ54sW|l|^$55E+>jRwm7sZ@Hqe zMz<$(tG=jk;OK!1mmhwvGZgAY_Z~RU8%>H+{62c|F32b+dTE@BSf+A`mTjua@{!Mo zqN1x=R*S_|oCZ&LY(Iw8kXDIIBU1I|zFGWY8B9r+f%0-nEj@mIBW!PR<~`>})s3bj zPK||$W&-sq)6I%Az|!63@@WQg!hyDj0T#Rj2jsov$j&`hZR~#7Y6w@0GNF;XqMB7` z4;dj@9Pm-Dft2ufy&l`a=3~}r>6lg{QRvevKy>$>Qw?g1-hPaF+EDL02w5HB3l-%5mz6$p9`u}_y zg^o!rAVYcDaSDezPG%qw@CMN}HD~f%O*ZvR12=)}gW%j$1sWRvHoP*!o%`ar?eI3E zD`EU|vwox|PC#uPIk!Q)qtjjQChN2knqD-=2Fl-5rIkV*uL%hcl?L_#DBSKCn_Xk+o+0NOx`PkHtIGZooRSTI zz$GZ{|1tHJ0a10``!GE)q|z-SA&qpWq=drIB^}b;4Wgu|w19v#gLE^15(3f;4MX<~ z()}Lq=e~dM{|kJWbN1P1pS{=KYprWt*QBd`?hm&*{@!?2exmUYkIiv>PaL`<9B3um ze`yNBI#T18r9rPt7#;UkM#UCo+(q;F=zn=MUzo*_s(IwKJokaoR93@k=nS;!s4H{;#JEgMgD2T}2o3GZcAN^!cs3b(Ho7AJ z<-G38%u2O#gw+ZPd&bB9q+>~URW+iHZqXC7o{4Ql))oI{Wosx2kKhi&8o5UA!y=tw zx9xaVr}vu|;sFdk(@N8oe5R@RngE88NUFQ9Q^w8zcH!hrx|BM)H%OevmjN@h@yvbL zkPytN5?l7{t-9S@w&&kv2~4OsF<&Ag#>Bhx+YrdpJ>p& zqT$2tCf@X*v8U)Y={@8sq_7aHtnBf9RcZM7Qmgo2Sy_a!%UIwZQh()JzTACdpznG% z4U~qbB;stLIpx}}zCIu!PBg@1%f`U{I|sJr-}MUBmn#R@O!MS;lj(+E)Sj=0y0lM(fjR3pgwEttxTs=TL$~8+ttQ~LO=o(WK9ew`v^oCYL2%s7f z;@{ga3B(L9KfbfHBnu$aN0$!NgYUa7Kci7ja;%9DA6?%kCl465@6ObT1FDlVGD<^W zV+EO1Ycu@V6Ce=zf@vMQ$08jM%X4_E+thXNweDEUH>LThEgimq=?ay8zh_Y+2h{+V zgo%1iPDnf0wf!-GTrkSOB&W^_k&fgb=lO z3N~%Z;S-?!Jgo2imUBZTLOJbe8^-7Y-tsc8Gk3oBp*3j4%*~67mDl(nxRcV4n zJik!83*1QBa%HjhKs1OfXmLhphRPGty!J@gFx4eodQH%qYGAkEpNsRq|tWp1XZtA(N}i zXYZD^-ZnS=IsriihW3M+oQa;qEZv8T8+6(kkgxC`-V&U41%ePFpp%SwMA+r?YDbER z-42Dzk5Z}>@P1|*oR}WqgQ-NwHgX2rVlXh4VcbG z-Hk(uh$c&TeYmq-BX5=S3&OuAZ9F3I>ALHwJ}yk;ZN#_TP=Gwpxw?4gZXP64Q_DEV zQ*6EyvHP&8{h_2w(kx_6p{W(pSGVbbfOSeIq`CV>shA!@GDlHH(jQkAG9v}!HO8fkcqaJ~`ro_$D)IGZOo!@v$XKb-Qf3vRuO|3<@OZ_aB z!YC0X@lvyRN!h>oE_gLczBTV`?Zn|W`0R~y+7Xul37*sSZP_EqHq#7(PoGlMdV+(i zt&~r~m-3mgiJ-mTt%ioX*W$3=fIyH>f^%Uj-O=FX=0$PFWj}@RUbmTJH5Qhg(;o7d zPEKqT&!jyRNqJv9sSaS_S#%l03Y9z9>j(yaRH6k+9v`pq1q7ThK$WUJcV3+`Sy|SZ zF9+-A@7lvX7sXA_fjYO}oOiBjSns*hN z7Ux*|5=+e=5{2kPo<5PxK-ed3ty&eeUhit4JfuW(#&Yc>d>yl5dwPIDcX{#OdjCxO ztajy#BjJ-h`Y>OomF9D@AdPpif#pm*Sp(E3pKy~ZbuE6ZMVy&k%nJLt(t0&UaiD{E z{4XG?RS40WwL$IqlJ7yKac=iPD&=p#J~UDBqzu{FGex?)SLwG#273k&#<@2a;Gpia7E_p`8Vb)p3!=o3a}O2j#z| z{cI@PnziI8Vlit{5&0}6GM^d;>=(2@Qd3hcPl1pOF;zskW;E4=^pu!6)uF^U6XkOZ zYcx@xQ%4tZ@4`p-%&z8oaD1*?R@$vb=Za_@mZ;bV6DzDPgd~2;*-2eo^@eJM%4CZ{ z!6MR~i5n4KZhe*z6JSCHxXUW>EYxCs{;ezet(?(p9zW|$R-cxUVF(%KUj**7jgtE!XJlXOcVZ}gx+RbbftcWDN%hj< zqXAwR!Hj0Pg$9r>p3#TjvYjH&^pv1}`?2}LGfkMn^si(*O@i$M34;7C86RQ=`mv0a$2mxoV7?!;Fr+SwVQu$EiURzqnhephT4aMX7%d7(gBkrlsXUMW$iFgr z;x#h{(x}Ye-QQF&YDFAKRlind$CB)pid!K$5$vANTKTk?Y0pWgW@M&V2q$*slN4%ba8$ee`T;XHerL!bW7v|Oy%eF;uu1(MOqfv5jP%!xJ6)fw|sdM~2m-f7UWV!=By}nt4cCKT*cXofJ|SR;AiU^dP;nW$yvIS*dm{ zOr^_mV(zTpKhHQS)p5z94e9>4#QN{Kgp(8(_L&rMqO?E@_`14@9eXttuHDw2aCRlXv(j~NtMQkEgAibUWE3j z-Eii1Bc(67Ev;cEeoFtlmc0Z`y9LnZJP3$hXHgYR|j zWZ|g3&FZcR4zkYZCQR)ny!?s!DWttz#fQwGxBw*SbI)PB*vZ*MF3`_N#&NWE0XsyN zYnN7oJTecbppreBR|ajseT-YYw@9taII-*gnDk;THm`)llC+B)OmdBr*NJB~hi4ut z2T9H$>eq@bb_xFx^zAH6hpmvcCmTa_ssar)zz2r{A@h$K1O!^dS>t)?coHB zz937fBV^k(`kbg|x&3Q6RNz&96(oOd3@Z!aGy;ow+*A(ss9_Suvs{I3O#2Yy0KvUm zQ@0Dzpfzm5L?3ZMlGES2{T8p$#1ZD9MYq2CQT7bvFyW)YVg>Aa!Ay8o~MRNK*4 z;ul+R$ahf^UHknz>0i)*@YJ+R|x_4pn^4H zET#;mTRwFIW3(tSS82=;b^fwYZ#w&Wk-P)NWPQn^gJU#)f_Cyyf3986fi=4z1u8Ps zV4fQHmP?e(v4*aPVIsY+@)~R234shL)n5BxSeCaBUQDH;i8|E#TU@ucml=<7(!3iU z?WQcm?5ab#@CsXN880EntpNi6<=RmR?#?wOw25BPK(i|eCdRR_N5cusZ+@Ptyf2B@ z$P=R_^#g*pngdXMwG-yFSGTCaduFWP#=*COifJJmr%&zuR>^KGbEY{-q9O!K*u!T8 zd88TWGPU;`_4h<2C%*1o+@GtrcTV9mNeg))`$|WCU`n~IKMA_l@Vg6+7AI|YTMqJD zp?DPM;5)?46{%Gf)3YTgX1x69=0*y8q%#Q0ffblKnFM%8_g%;dYaldJeP0(*=lN?z zOB(ZsS*y3!aKy&@*GFbEUW%!?ZPl2TQmCS9Zy9b@xjq#b)cepevJnu#?kHN5Tq?hg z*H4`N+e6JqPo!IW9KwDiim3zu%%C@|);vhqWaUl_0-IysWDXNb6ZOz#9VjWsAJ#YAwwzCQ0!=j{S` zD=!Djs$z=2MCcUfRcas-LT~lyYZd>GF3Burn_hl$L3RZ0+mKWCVF9I*BF@7#zeeRY7h=e^opX|YVWbSLr=3~saQj{&m zzHWb(cz`JD1L&4H)_|&l5gA6j16w;zZAwO&JExyNy8xZ&7(#II>3Pq*Yq`|b;&Sv< zIWtpsN?l#aD!_siF)=&Kc$YJ&>-^q(kL+z3G!_|5JU)Rq>Qk;Nq#|(4x?7XssGuUX z3TF_I!iv=4_0xa#)$@4r>0%_nBL#3CP5rRyYwpZRK_`|f+?zc+aI`Y_lRM|i4KWJu zADerw&F*^b6CI6gaasooz&;t}lCtG}f9d=SVAb%kANY_0|K4g$ig$CfWz<{$%8bb0 zKgF?mzOlzOq~IXy!ym+`lX)(y&*gb2{Mu9eRAP*d+2224_{;}8);!ddR906vevwB@ zR}CDr&OFy=+)!e4;M-Af4roTm>rMCHj?qha1uwK227kHmGi9UXp=*~v)J@B-0K<-s z#CscD;ir|A8ht=~JjHQ}d0=qjl7hB;%Xy(h1_Y|tC@U{$71mO8|1Lk^(wH~^pl7rg zLJaoA>B-4U4;)Y@EfOMVNQ?NH`=nBBvmD~6KFSY##KVpL%Z@%|pY{1>9Z5FGfUCBK>W zY^tjz(yhf1^95;pbsOE?1#_|(XUlG=cb>BYs1z2|I%cvPHdBTZ>jUWq44>S|24?`*A3&dI8YVPV_GMxTL@%WcL2F#b z|6UNhq7@cP(R1&QnK<^<3*o5MK8ea>!0i?+W2H@wj`FrT26QBfox7CO%jQRv{G zXSbD#hQYRn0EJSVbPUFB)>LEn(ea!a4zqT1}Mzeks6xg3XbrS?{&UoqOVrmMN z=5VpoZs5s9O9UF{chYJyOhlO?@W?V-SNh%ilk`OerO7RI(!b^hgog?w9BAu#l}$F^!eUNj&TwZK?O=dbd*|Sl1)4bK&m$0M&Ec&!4)pCHpm| zwv<9;Z$Acmqp~9N2Z}I~AA+1H;~BohtH%bqz=J;{JIfDHOL!OUNC)ahJ^7b0RrSNB z)mwsZM85{gU@?hN=s~*e4krqq>I6J%82iz)OO66nqKKieqku&%fB(kB(w{6X%6!a_ z`FuO=+XgGbD@k+s*JBj%MAIgDn0s00Y0-84eUeF7gW1Jz@yct=q4g^Bs)ES#!aZ_d&7MbXV~A8;+?1&RyQPU*ivhMN|zEGlG9@=%p| zw0@%(vn-2R(0Ii z{Os!~mZ^kIjD&nc0Sv<^;`_Y3o$(^@=C@+bk}-I3*znGT+kU!yC7|PY-6<1-HnTT% zl$%<>5sd7FKGM;L|0qMmR2pID0*M?ZpDOZP`GI#Zp;Juu&bZ;tIvSrnW5~@KYDgg9?(P;P5?bIkRR-bn{B~xg zrDdJfahy1v-(~{k&w#`wWN-}+J9c)5|NgC+qi$$e_E?;p%Z$Ktv&58+PS@=idC$NQ z_~P|&lV~(O@O0^K-^}RT+D`TS{;1ZkDJO29hg_;d<_PpHMn>R!QS)zsB&$YW;!b8$ zQ1jf|6bx8tX(rX`4F9RSxWp8WkYLHXs}C%@%*`f_xrvPW+TOPTw=QO8PYV6(%cF~n z_ikNg^3FQ)(eF0QCyACqTC0f7kU#gD9a67q%Jp_y8bU+8$kWq!rm%Q{a-3eX09BdL zZKmij`b3peL^M8>Yrom6bZ&cEPt;HQ`V4ueNj|S%`AQ=D^Eb51X#7kPn;x7~Lt|rd zKhs(qfEndG=ej1S)^Z%x%Pe*Y`Mn+ciHdyheG@y@Gj?+QH#kU1JcyPR^{s|5efm4P-mEQ%jQ#xlIZ z6&28#KfUok9TRqb)yc&2yl?NjRf=@VUtev6tTUe4D!$o443u z$akrSF1NG7QnE;X?gt$;IG>>m1#ja)YWOSDhAF=~>4WDO1;$r8o=-G=sK7KaMAa*k z)6MyqMAB!qB4pru4>rBn3BEi8`3{G7`e9Iz!L%A39_`x$+~ocv4fc%jUO};X8k6uq8#ct+%AVL&r-o&&+l5IdP+FfvJH^$mk^ zh%2_0;;Gl?HpaAE&c54v{65D4ZM2i*B2!my11@xDx_dK zNzC&r?LcqUK-&G-_CQ22(%vIZVM{PWex^zX^$E#o(NImr&`E#TN)JiN?PXd~;8D(^uArH|RoCC80FcW>p{{T(*yr?SxXr5}1Tz*M$Mnwh?qhIDwG_yrxi z!h9xwU?7I}ZkDgN(px=aow_CV{n7R*sr)CS#@w)Tt)Poz8^3lsB2%Z@SBOJLzbm)$l&@`Vko8C1h%OBj$vaM zy$jl;$1a&yxUKPZBwM9(xoGeaV-nIkN2}^<-c$>}KGeQnUp7lxXq`7N?$|2Y+jp1q z0ZXB6>4>n8%WZq&`OP@lKxJF9XRI10luNp$N7|6GUzihs ztRsK#0$NQ?4G>+iwXj%;%-z`7KzPi)AOMc8+*6bGeCGhInf25R)n%veQaB)+P51*^ zrT4sf#|Yur^obKvbTVs4P9)}zVHWiAwS1B?=HmPuS=;vR_{!~q3AS*^maiZz^x1GO z@%=$(*ZtixxYNh`>Avq~JkDxyp<!%!t}c063pbw ztPj5!x9FnRQksoE>n5kDttH3FP$3a{s)`JCBe^@4A^#@krP5W|xHK+(?nf52d#G3P ztx^NY%u767HFeFy^W{SLyoeB}90|)b%hqzy7efX+|=*nYFE-4*rZgbAM`;y}BPRlP^BK);d zV-Sqv4d5eo4xeQoVjj0D})J>Wq>7hNEkzRi<~Q9afAse?r; zC;1BC^@cioV9V1D7F_ro4X^$FaxZu}7`4IM1CS9KJ=B<5^*^2z&J`~r@wQ^VS*4si zL?oZV!Xk=7Z{gZ{K9^m9t`Y?O>~cj}=9NKPgC1h-bg#Z`#=v>`3q$+zwBD_R5F}Od zChh*~tt2D@nO5FnL~fr%KfzB9FtS_;tu4|R)v2T!WlNUs&7$D#GzjA)5QD#BF8xx7 z@m`x}aTOG(oCuL?ay_qymX;ms-Y@9B%&&Ge&AEEw?3`&|^i9cG&%|Wi;ElbuL~1Tn zH4qHe&A950-n-=i+qj@Z=MB4g(<;uh)zC1Eatn~mBZ)Y zk;I<^KL`Ib6;P#ZV|gGtr3ux4A^K>6T0nbyeX7Dx?M{ld7*Qz4F_|^Y*>mOCSHafC z>r?0=523xr8SKw1)Mi(1h|;I+kQ%e8smxZg_#@EC^$|afwee>{V%|utB~YALyabB7 zjSH%^cR;gto}(G9);<V11H6L8G{Hs@O1)F0z-s@&)}KSkzTpwJCN$tf=;8&)N<1(E-ymg z$#gJ9LnV0#-8A1pVC|x`3`Q7?owN^?z+^vr6b5y>HvQVWwSnDIBr+fFCFaGz8bEHz z@hi-@d`10S))8B@Lfz>GS z*_T9ZO?cDv*ZMhGUrVVopesiCT{*woSL>S1kOj ztj5(YSHAfa!3(2nQEHaIomAv4EGlm?--&E|Id^fb0bS|uJ+`FeZL>~m$AJElS=NnyKwYTyNC3hzNSQLxymH|G;b zX3>UZ5ba0(h`>6uY+75go??cGjAqoTo?oY)-0BiK1Xzt|T`G@Q7Pbae$D$s+x05#l z>xBaKyVLy7#prgR8w|Znk3j?c9+p@V9qz5c@?>qg2X; zMl$R$g>1z+KD%v!eMOuM(U{;v!dT}Veg9;&T;jKp#SCE|s8K`4)e^ctJIc*d^_sF< zdJ9?PU$a(Z5Hogy)PBWPIs4exB+1-y8yMor%wq_7kB*k^8JcgKMPZskt*lOF`2fK9 z_{y}{6`lBMjeM$1b5u?@$jQ>Y(~>4sewx1Tr{h!Ro9 z3YamLN|!;QEU!FP1d_Vio?RRT%=nv}Gt31{vY{@$37X{hQb?}20NM@D_g=1leG)pK zdtQY$ibYVB0o)1fHF3b-{!LeA(EC^Dp7^G*D8BOmD@0E;xhl#j^7weTRT_&Hq`&?*JJmxq+~(Btf;s`yFnw;<>2Yw}Uo*m(durRP%t40QA&xP>wmkDO2 z7R239@Fu#5QB#9QJI^vPUcM%+jG_IUTCn2q9Q&_2;IOy%(~E;+hxQyzXJ~qQzu4u) zTG^ekq1cg)ref2syU*EArnCFJmb{6Fj^ z%gZtz+9JGKq=|r*3U??{%2XmC;IT87Vz0cPWXc_Y)~hP8()d9_S?v8n^<`G8jk>i* z<>}CnZt~GY zu3p~xi9>zX@bDThKplMBwq&M}?Y8@|;T+LJ>6%nmH-IN?XUDm1YE-r+(U!z(GAey` z%?x*h>IY|kee8#lGnLsK&brxcfGhYnFQvh0OD6%Kz1rl!z*=aijv;laBV$O%L}_xM z+OMe$g1j;xhE9SZc5e$SV^Y*8R2DEU121_lpb3smylhe~vJCb4j?&;|z zZf9H4p!0=-<3Af|#UY=p{>IHlGW~#m@EFjqV?_ARQ7N=&Y7z;vdJ^J~6g_N*VZp_x z;csljo+v&*#lMdYq+lOf@#tE8h%H?30qeXXJWvm|L^BhhJ2ht10%O$ee=MT`^`GZb z$)pDJDjlOw5!Qn1=pVMZ8Q0^me8AO`F8kHtdie5mvbK_jFO90aD@T(~!c(~fhjxONgq z0FsFcZgpmnjO{LvqDqdiSW4xWT_Qv-xdo5Ztcp2Gte=!xdUa2=WUNM12pZI?U|O!V z^SOS*kWS^H*o20;4o6f5T1-5Ea1-c@|9%ni%cRLlc&HRd>miL0E&e(8bl!BKLH{5f z(@754{7Nv$fqNf#1+Mx8n*9ZV67&ss20{;>!59{S*JE@jTY;-byI4)WgbS_UM8?P* zwmR35Motq+(Zb+tI^v(ye4QkR>6qW2lZyHR2M)y%Jn8}MFXbVM?%(FTee1$C0KcfG zU7Z|l$|nfJT!32b z84x-Cr6#Cz9{)y(ZibN-Q()ZdzzGS#6`CHLffIv%u=VWwCre`2Xu7W-s>110FR8tF@o^DqJ zNB?kSx&iw@^z)x9?z_I0O54gqIr!%4F>IRMU8!yt5m(U&Z3^~_PZ?MOwUcZ)5F#6a zQ2}3bi-&Y!*m&Q9r$@xcNZxD^$}I+mOb~T#JwgWaJ8}4+^bcqgz-F z{SeJB!*wa0EF_6ksJg z#S0(#dV7;X1;YPj;q1D8`BZgG=H7$gLf$!8vZ4)h^LI@9wZ$>N=vc{!{`Y)U>P^aS z?qf1r7N6BU@+_kBif9Raxr3K89xve8F+SKSIYg(-HK}=mUi9fY44Gt(A4j^(h=+J0 zKnmBDT*kTTY&9c7=DudbAh}bw@GLWW((lb zT$hUdX$P|+?)l?i?ZCS)U3n}-GAcE>N?;(R?|kJ46$0*JkEHb7H92nr_$Ij$d?GLb zBa^!Ndr52cFRBwK7mbHHfJ0p$@zh}^|MBoN~yN=q#`(AN6~8`vBM=TE}-f)WxS+TNQl zAVU>pTd5+x$J(?ar6V-}R+2iy0oM*|G-h>VT&X=8ISK zjkDwv&7kr@v$Fxv<4p&~jjg>4MlImbg1|3xY<3_8Vy3cMzKy*NHn!c_Vr8sizAo1H z`nvWWQB^z#BLiQ!M$_Y{XkKOIW|a2%bp|@*37c@Y)x7EpasNICi^Ib7^gO+(;*pXu zVe%E+*(pOAnO6FQ_7UX-1_!6`-A7=H!LH7DCsM1^zUc7EyZ{FNoCf(s(&T%jeFNdZj=N&Y-y)GOc29{!A0kIJ4 z6ZQo$r_WW3{{E!IVDTKs;=Ao6fc$T+kfVr@(2>o`s=g9nQui(`Q*$otE9i`6Yv>=O z?KEacqfMOFGS~M>sZ5CW%SnIW~R7=RlA#K)oaCe(>=WF)mYH1AXa&67KUEJ-_ zvoTeZ?8I67s?@XzX}|W&x6EwHTY!k+TquB>P4+X)U@dC)qOYl`t2pzyl@ju{gwIrP z(PKI|INH6^>B}_`q7f4VU-B9ihWtJ|pwx#DF~)N0ZD(gn=)bmzRY2PPrlU8us?;*d zoGS%%j&*G}w>u@Monrw9bO3>iqnrr^utuyew}hKeg!X~-5x4NbzgUY1w3F%XVDs4X zM5l$-Uuu4byiAQ$v}E=}Ua6N)*)P=J0&JEL>F_{eg|)`~OTd#eU$mk2Y$xb$W`zVW zqMmXYWmeMuPQ(jBADtz#qZK-emdQiEU@=V2!R8?@0FgzIY{#DQMBBH>Pn}?NsR;cv z&??Ea`0AqAYDonw@#V@>`+Z$|W=`sNHB3w?+tAC%7HWp7$1@@&YBq@77_&xsA_qKh zj-RE%p1?F^fZm;7Mk9URgzS&$EoueAQR-(5Y##cf#l_{^d?`Zh-|V_Vb$l z=^*f2#Q=FyM}p{%Hctr!$l5B|H_aDVTSfW%_E;9xlyfa)>{-fL7a;L$BJkc`S>VkFAddq{}tT06Nh5c>duuKZi2`r@RQae(Qcqf0BFN$ay0-! zCGg7TN2?bTn1h0jw@{Qaud)o1i9*lFZthYS+MF$KB>S&9tR>N_*7w?l{{e}?M_XZ` z#JB#(csS%Y_HXF!eWe%(?MHrhTx_+sgLk8QqMtvfdBTveWQMH?Kt7SHmQt+O&Cbr? zZmIjWyW2?})FP5Y6ay@rEdxcr?BPsiVR5LwRqT!k4{LDHNxjR-A*{7izQ3tXB#LGd z7q8Pql;toaO-u0eKSZM%$q-24FjG~fsgTk0h9P!$$uQ8cV>mbq@F6BUo;}}w`Gl!_ zvLE%}^p|f){%N$)-@^*o~e~UZkYt)BQu)e*MSe z$AH76;U|GdUIReQTO6GxJZ|n(>ett;b96`vT^sAz1#t=*ZLFwEE9n^6J6|DovlbV@ zk|2x}4!FB}z%n)U7^7>N)~A zLpA9SpDgs0ptDU(m=fX?5owVvT85tG*9(m+5kS=>+7jNr&+-cdgc`gF8k+$LbO9zg zXhsG#-tz6XGAhBfQ&{QPNXbo3Z^pquufgTt6d1h8V(_eVw35q&e(Z6jTBr`|@!^-Dn2OcEkQ z-uBzskz)53{T4G!OmIU(-S*|><(O+voM@olZFxBQt%S7M?dDO$+3T&5J)!Pf-!ydu z5^xWHM{_zb&dr}LxOx9UNvmrz_!|Qf(dRT@f&jyKEi#9Px4V0C)77QYFO{h_Ksq-5 zb*;0U^Od{QO$IyLR!<+IRA+a&duDH9vM|K&BAceNJ!ZgF!sUe)+Pw%LaruZtd~;?+ z^xsOTp%Vc#B)txKUVa#cu8KW3;WMV{aV zy_CtEQDoPOVrLU$G$eRpv(4|YkevKg`J+{?iaOlNgy*el)V^YRl!mBy@#oZ3TvGNQ z7J$d`GY11e4#+XR5yd#AufDDBpyDoD-y}dYe@r#nLnUw-0LrVCd4(=IU7%`Qaggyi z!mW_Vhwh~;t*-ygXTzCxY2YaF7d_!FD%gMLfl>DQ=%`FMpn1f!W_?aZgrun{!qg-i zBRrMKq|)VgHfLbYM=~i^g_mO+AOU>*)28VW!Yqz?^s4>q>cYafSUsq&$-)o$Q&M-9 ztz|z;%c>xAQx0Z@DJEXHb=@bcfnV=BGLJU;eUDBvnQ~oKot7~5?e3Aa^@}&F z1%TE$Ye=Swj9tw<(Oo|c5*0R81GW#VaQ_kpju39ntb=L5#f)2egqOI z;YAy$6q{rk=+NSsk)J2!#r505Kk@vwHP{gU8~H38d9kny1C{t5449503kvOt;q~+&$tRd}A0q0fH{v8~>ClERPsPYDy)FDovJ;E%xR{tUX1(C9KWR9}}J>&^d0 zGo3aSJM3>K1x~SEo)*KZJFmOo*z;#FEfED@nIBDnKX+)1ceJ$E()(XyUsJF+KX>)% z$=NB??h~@VT{Z38&yooPv zRy<%gj}6SwXJkv9oGxxVMw$6=i=7a|+-`Y97;@Nk`g#hlADnUjUF-kXb(60}*gz(G zrjro|2X+usq|U@mnC+uA_4kU+7;8^Epz@F3cK1jjlnpC##jVt6P*#Lalpyq!jt&Zk zZWMR9E~3X>&g5zQ+hPXmJM|T-a|LzE{jz94uF4D(-!7c_G60&xZ(BAOM0U4EnVgD2 z%o8ORot#YYMbxb?Yyz7IgmuF=13EoL?c?}un%W=WfReMozQ1FeZ48=DjKC34;vlIN zf?xr$Nn*lNRD0t}U)F0F=;*uKGKN7bLHX#L|N9a^Vi_TIFPSZl{hp$$J9;hFZ*O-c zRwl~)o+dL>u%o7p4j|9|@S$qf@$ZZEraKM&JEsEz5Q`e4<9P1;qXKBHn%(NH2;J>o zh!KWl8wo?3aU|wHvkkcA1u2n%ILKC#uum&o22Ei65udfE1hrMK9vq`{hG;niq*h}g z$E3SnMyUEOl1jwuybFO}U4?T7FZ~0ZKnKnrKh*qAgdZ`mL<|e*c+xc>!`4L)k^s^3 zP3ajAf&kE?UQ8fZGA5B{&*~!wz{ma_SRhG#rC%wj>r&Tl3{$M!z9gs zfo|^tu3*aHI_r;PeeKU+>cd zHD!bEt4wi2PoEUpye2pPcOY$Bj=JO3q~iHmX^zaI{no6!I=2<2=*mG6ByH=y^d&Ua zJ^9Nc8dL3s_j^q2Jbm3o@UDh6R6V2ox$L?fk?!#0E__dX#QXD}Ir5ptwEyQV(z7D^ zFb@vg)^X`1aR&yHKVZbgk&kgyKg%40TW^On{WD>k z`DgXF|2C8nu#lXBRf;z{TP~N)@1hbHc_Y|lLv-^~nW++EZ}`6f%V;psL|d-2WXKMR@iO0R#lFtm2}TKPy;DPWsxT**Qw; zZg!haX}6wF)4KSUISy`SYBG1-`t!b`v}!F@*y>~w5p1=_mv^=p;=Sl_~sWFl4t3_G1&Rj z-ruR|d911h??J}0sOJ@61_bEh&1_AKSt0_Wq8D8wn?o5r@XkB$@reoOTIOG1%9v;lpIsuuKlh4Aq~Sk%cJjYv zxcTbeCA5JT!_XtfbLm;J%(&+Z7>4vc8}<`iNOhJ_ z#5q^?OgsMHkzEjUbab4levJvla~W?cpityj+3NpiI{kfYvkw>AUz3(TNQz}nd2+sk z)MWd?5-#AfzD#%`=UR+2DNeVN0P}lS$ zxR&$%|2J6w{{Y&4_@`_X*occ69nZSv1M@>k##2{H=O5M6(S1=5@x>L_>LFf=u98-H z8yUFOT|vHbWR~(95Uno5GQ8EvmBx0ko+LD9X|BWQ%s)V1|N)u5Cvf- zr{fIxuOwRSk2;XtM2ua&bYl#anGS`1l<c_<;Ub4c=B{4%<@QSQoePgvU5rHm5rMpfqa z)EblL-SsH12oOg~#L>!NNme`*Li_!iJo&#ZiOO>k(ES~e#O%DQzgt`)`t(WLB*>F% znab*g*G&j64)0yYU=fm}YSW|2i@NI(7RFWUM5zp0U=CBwlD<{eKSP!N{on7~tB4go zN+<_ZF#PjYsl${3Sm?wp>KkoUPJ;X)7JMhgY$xfOdjN=jVxc*}&k3|Ii5;nc>Lx1T zik$VNl0u`4I#aqhaza5}AB<9s7+v>13nR!yNs_9(w#dFJX}-;g%>UXl_K_4nz`F zNT9-t<;&%x_4B{4oPl9vl=ltiuZvxvoZoRbhwTPE{{xIqJaX0!v5}Tv&iO~6m{j`S z-=LjlbqyLsE#U+69O;T97i>1fFr8F@h`M$te-u#RADeUP(rORp#$us2at zC#Qh~?BpTjA3sOH18wpbL+^e4w&=I_A}hEqe(3}JYY)Kx>q>fg_y5il{7MmF#NxC< z#^#n_QBvpLf1DW;dhSy<6fOZl*Uhv3rx;Np%5xq14w6jW; zwwsQqe<1w%dsa5IwvcuVn74PzyY{@jZmXn(`q&4M0;9Mf`h{;ko~hl#S-tU~RE5;jMfq}0^N zT9Ojlmz)4!U{lHZUoVAOj>DTYju|+?XMRa z)iASqZ&?TMY?|HFvERtxnWddQfBkpT(#XxexY#zWMhde5f4Q6zA z3DaMsP`60V!l0`zdaZpkT%@7fvcb=r@OO-rXyAQKwBxdj)K0(J&M0#Hz zB9lg{DA2+ev7f)=IF=rfei9~S_bWq6K*Db6Qr@#R#21zKt1jSl0}nRepqlI>ep)+> zW846{I!*rYwT>|6{8{LofaGo6lj~JW=D$ipk%(OjEQ|k$*s6P~NKx(jk9crCzld&Y zCh@L3wgG5{fU8VnTZuK{-Cag1s$m^+DAV4^-%c_3n!>Ounty0J-+9^pVS|Gi-lKR`r{|IbR!Yr&fE=}laYA2qmct6^sX+N0lo&3Xl#{ZDCYYjbC z;SaJSn9uHa7HJs3sz%C2CMUxG@?muklbi@05R6O;c`{I4snPAMN%S!dKz#pyOuc1P z98J`&jZ2V8fB?Z|aCe8`?(Pth;1b+DxO>px?(P~ixCWo#KDfizPrmm(=ltpgi^cSG zRafoWd*9a$s3l7}?0Bwj`hG%A=%WZm<6z`LaCV-9PTye?NReY08AjP)AGuA1-DUE(VjzEXp&tj4$%3 zuhmiDgOtS){G@=a!G9**ZrHfAKj3oGvF^#U;HTz@as1IZa9X)5GJn7%%U^r)%&z51 ziaxu_c3@L{z^z<3>XcDHV$?&ij_IpM{@L~cV6cvvi`}FDp5^^Nj|aGkDmGc!gy!|~ zga4)gx#QP~-~iZ?@bXB0==F+Z?>0GydTg> zIO4XeaJMvMa_=blLs>zC(Q??m$X#XHYq3(jVLiOgjfF_0s-%0i_-JEL z3bl8onE@mP!`+d}=Zpg2H>HOEb5IF_Sed2}{qNxQAWsM{`M$AXmg!!&2Z&3+kU~#? zVa($}G_cY6s$9M@!-M9ydVfga*GM-p{DXC`lPnps^4ds0Cjrp1K?!q2sHh?bQ3Y3q zz5(;)7$oLP&2xjqrR_X)Zw>l=wn>V_c^fm00_l!Ju#U`0-oCyDKvaX-t z!~VnipD}w=8dKtK={LX=^c%-#PGSqjQduq41~_?9%0!~fTpk#7^-#z&=v4H_Tw-`l z?l-`l5wb*^4)wh+NiB~CdE33dN~hX))JdrA<;Eb^gz$3rc^eJ$lk% z7QkeKeig_L53^2ziyZWoOQx2FyGj-Io3IA?GZz8#f0Y@K!fs!^_$(1e|7!3HPu8>% zW=myu8^jlw!f(L1ubG6OFB)dP>Qr|Nx;_ILI>-e&OJaXcNcRL|3Cjo7BAM9_d+GX& zCY_nyp=FdH`-Yv5FH8ZxtZ_=4dQo;`c7DPqy_2vOf|lVoq=Y;Zwee7`h5lqKh8L%X zCV;}@Q1zb3&Y>;05${2d%+_L?d|^q|<3mjByBygZfx9251~l?G*!E^y5Y-ptHq*&( zylNnErFrp1va4pXJTKtSX=|wA!as(ER_Bg7YMug91CkXwxsi&F$00pQXi#|>^>WI0 z{J2N8Aw>CHB_Ie&6?kQP5Zv<7CUzALg}0e_S3H1qcPjLhHtq4|_ab_ZbQr}&8;C1( z;LDs@312{X_M|Znvp{BP&=!VX!RDnUTl^x|AjE9`dY?bt;xVcr2F}N%V2?Pv8ufRj zf!2yrur7zmFU}>0w|br?du+13v*y^IjQ=xD|GR`VQyINJ1gZAJMtSmA2^y+TX~xQ8A+>&W6loA@xr z#Dc?hfG-LlVcbO z!>92Y$;>8_n%khUB2@BNyu8Y?)RxaO3PE=o-3AWPzm%#m4wVDP4p@voNEDVBbub%l z)O2UUVH#b3hNHinOqlioqD31YgRJq%5bG+#1< zHk|_(@hbN2KFbWxb*J>uGR`50hj~IW`70@v{smCNmW6WQwEY z(Nqo&=S%-8mX09Cn@BS1?^6^tAfpwKvVF*|U5hRGsu$(9qMD~+rNfgT5kK0V{?BsK zRU?^*P}v`><@hNY`{WWfR%s1`Jyx0`LGVcJxowy?IRW*GQwt2=*o2WBXLIvZcFJhK z4=7M1V))4XZ4fo5(OB#+MJlnKzJEMPcTkE7TIEdRM#W9;zbcKx5hVyMhx}1=xS;r* zjSi~(Zpop6EN2P$%U*g5#8&98KqD-*L}+%v%TEI%qnr|?m@}$+PECp*+|n7PFj}vw9UFB zlzqFPe6F&5r*W&XX)PJ$KsrP@bGr`(yKiwco^yg0aCr^jLnr&cb6?jA=e#a?6AN_1 z%{YC~wDE(Es+)NvOjJv6?u9xHz{^n>1k1?k-0ga`60?=kP&WDIm7ud&G~A zo2F&2PFu$TP8elDvv|3!Xb(07*uNyj^%4&AI$*x0e*6RWd%;R;@!tyR;$HH?F%m}6 zSME9Zx&~i?>u$pnQ(XJ}zr6s*LS6?grDVjyj_{27Z`exBG8b81+B|a?j8m-qbUj0_ z?v-WzWp!Dt*%_HbMvYJNkn3n3yDuf%dU`}|r{?p# z6r6EB<9zg-#^1xgFd}0wL zp@%&lLFRFRrN<|i&x@H!lgO%CuSBv5y9ih_Wc03?mmXZooKr~idnQ}L7N@H0L6{|- zF!RV61K3FaTN8W4L3(I-}FyWpgmU*@_J5LQ3PDukvL z3?m*x?&TChep7@gtEZEs&eYxSy)&HHT$QsS8lbWydY{T~L&AoBDF;dMsJZ8L2K5G9 z)*P^ED8S2aw*6j2WhZC0 z+kSj_*nHdw74o7GII}2H`Yuh<%4r;5L`pVg^y$+kCFzGhM$ASUFEPaG4XrP}KAOGf;Lz;a8B3NTJF~TgcAg!0j;ABW3co2VOigV9 zo>+&W1Fy;Xr)b0&62uHetTT8}6w}T3yn6N9;TzXA}u!v&o{ zA8EqxJa3Rht9dxX`mYcNe$H{RAAtBmB~@%o3byUJpIzW5^0!Nt2^++|?)V`=Gp zme&!%$P<;@F1SC`WfI2cYkKuMbRTz?svyRUe;hpdgl|+5Sn>JpHk7lL1pbPX*6|O+ zkg0O?%ppl&3+=GdcfRj6U#VAXVIoGUd_xqh-}+t&K5dw57Q|Ku*gs)>F7S7PNuTIZ z_u6cw5C5E z%oRT{TB-C_d2?mB0Wvd(!K-4)S?~cObY?@$l4=PlHy6pMDo{JNH=KHZKQSyZ18Mfs zbWKpF8|F>1Y*dZTdzb2J#EH!B(bA@4biA{Ssz{MlC&yws0%)g3=#uZ>=8%{c5Rh&z z^lcAbLJ!|9Ig7n>(tA!&mlIT&2t-sjSu@b#!*iq&w{hI(94tp}SG4uHR9$k1!(5;* z`~4F>;V+p8F>X@NxRc3=_b^MciCg%bP3R&0-LJ3iR@K{t)qbC9J4w6l8;tTxY5h~X z;R?}MXMm6&HW1ny7-+j7KDX3jz!2|vMTFBe)Z zE|uI{_zdY)^@Og(0U~E1KIXZ(@?urvg`tLQs%81VKc^+Y^Na_1X@C5~877x)LcCMr z=VOI@T%l#W$^kx@|8zc97)~I)#)(JLMneDfqlVyBLtoJ|^y$Uq&!Y{NB)ly>(>v-f zJo0&NRR-@QQT1-sCcntOf<@t)#4_S7PEN^xul-;PVG@$JL2 zA<&eW_Sbm3V9*-Jm|mzGG;qVqCgN)u+3RoABEV;r>G>h)Rp!3ds^%gdq?Rl;cRL*%7 zNEMa+AVFn1Xol49g$NRC26a8CuNBw!) zPl|*M%D_HNyAXFe)MC04hc3p5&Ldt6VHR_X(hd82Btla7YQ8e#BtPtlhEs>Uh zCO^hmUFU#Qpghwd#|!ax?^^f`$7vZIm$(sXgCC5)Nx`G{Pguvu^QU&5fj@$bV?HDF8nUYo4pEvw6+ z1{O2TK>WXj_KYkⅇL;=Dap!m2ZUq`T1phUI>dVF#*i4kj?0^7epFmfKXKxf-RxOx)+_ie ztks3<>#2$aUwAuS+9Wbg?UKg<5J7l&8)jjl!{Z57S%2YU^m#BHOJ-|vvl{YID9N3U1X!-EIwcqbYS7eCAoB$|iCU?|pwX&` zQ&^g%L~SU0Q>2JCS{z^F*S)Qgf$;_n(stB$tKT0UK|qHkMS)?A%FnN{-o$;aE1znG zo|Mgu%1a|{7P!_vpQ@bhd=F>ATUJh`@9I|mYTT}6Ru7n;Y&GXgQ|W*(50@n+EobAR z(0A^4GpOv9vj~24tj*@LK~k9L_2uPN23+|yNmW(p?SGybb{Y6={r#1?Ag&YxUe-36 z=F`(N*^whAELE_px3sxBt{*k_750AGqFfpL71=AeV&gDGTowcn9zu8>KAM$x2`5vk zg!E8TxUEsia`9;Io$RX+cV9$QiR$Y+c-zz>#4^z*Bt1{ZmJv%(90U#$5ON!MzD%2C zWD=$EfP|s2(YAf44O{d5r)y=QK95(~+1Z=;9Mn=~zbhEi*d<-gd*BJ2Vld+_0f5~W zX@3kcebCtZCj)MtBQ9L|loFzG+q zoU5`1@>atpkYydoZT)8$Q@q4^P5Y)oB*o-H*7sL$SZ<;?8&mSM1%DC#rB*HX7nCP= zZ0~EOmPcI4#&8LGm)6`)DtGo)mCCiabtoy}jG@966kWqm7 zjiqVnFZSc_pOd!msPqN9@Bnz&-a@Z!IeEK<&UUtS*f{F^cw9U(%Sp(YjelbFi{Z)B zPR;$#Me5Sq!hC3CCA9L<odiZcX`2vKZ>=eaTg(fW6jn47WC)@8Vv$` z;ON8*hEbYd_ML>Tp+l8Wk?P(b)LFCq70=fzjbyhnLQmiD40tfQ9BC?aFh_Lb8^d`H zb77iJLSNk>GdG*!k!I~k;3L6S?a0vXZ!8r$rL?k?qqFd@S4p^{D~9PU=MSXpx{L{) zd4oDj1f(47>A{~Y%LzyrgazT!uo~a zt*AuBf)TGK@}qL^me-~U@lsZVL^=_u6g7eUn0cQtaKd*afNOk80EV>d{TphIkZ?CT zRjmF)&TH1_LWlHpuXNM|8B)9(AN0TGEXwauT4ZrZ( z!+u~kq`DB(D=VToUjq;q6l0Q1hZjb{)(_c#(B>6Ko9D|M3&9U#+sQv?cnZ4y9BC#s zv*p0Mb2fRNy4;-{MdU4*t7pT*vEfE%gk(BQZ&c@41v@E15A<^#g$Ja_mYQzME3eSY zNY{Mz7P-0gY$JnB1ndq|z)oElZI6)Zj<_r&<+H#ITlEK$oQLrS3BT(Ws`jQU8T2aa z&}`Vd!1rIrujT8v=1=quK-z7U?wJX``S}fO%8NfoPjAY6ITAI8rt>ef(&58V`!8%l zvydTpEY@cJyCjXJ1-!#Dm?UTCNJs7U#yMlYgcUi`D%9C9S|Id$(wFUGS>{tB6$0F( z*WcUnlwhTazzUpXF9c!eP0xZ4^oXggo73e;8MQW!2zmO&b?e4>w!YHJeu!Z64)JcA zsm7s81gj|CA0xy~gpIWmAtgyx&DqOYWJw>MX9xR_PfszQe-;-%iOK0_9k!tOtQsIk z3$OyU-Fp1G;k+gf(jXfyp_y&BId(H0{ZDFlPy8)Mp5Za^HjKMB{{2Y80!zq{`4gzU zU&_+qHDdRf9#h;81U@rKbx`l_7Bo7?%KPy8VbT&+I4rjAkVJ?-gU#MmcmUam=ZdGl zXbt)ty=>8c`X+_O;USy+x*oXeQXhvQy6}n1U5<;kmdydWyXl-pRl}bf_`Zsa7RN4w zMeHK=r1Zw2EL|XB2W;?8G^6&oWgnhOx0y5-oH5 z;=z5yTH9O+((^Rk`!Ie|kx@Qwro|XIz{va#5KHEh0&=HrM58rgo0WiJRQunR=wjO4 z1rU+rnXe?Tk0d&szcc3-*d1^LEZA1!VX zHs$d$Gsk?!&K~$L`FHjSlQe|%<*kvgF4|3}Q6-0r(#_;MvL6F>+QD^~dsMJMNi^pn z2|Ooreh=pM=iYgUeN_QBXOl>NkXHZXb~wQ!n3kR%O!j@cwlFFmijl9Dzb*X*7v zb469XGSa~coKdy!%xSr8{9j+}Q9qDP^N@?Ohs>8<@Mh7g+g2X#U0H_b8$YORt6HqA zP)T23^>n|sBh2-R&P%H$%v`!VV;~_@LFVRVaS!%Y^mKE%$s^+iBxHZbhpib^U#zT? zBzbK8b&g^9zF2Optyw4&50K(~V`5UAvBQY=UCWL1^yfn+vo!@=_^Gxf`f^?nHlC|y z4$nXlYo(=F9vw!q?9#D)KR7&nZt4@_^!2I?e*D{0{Z}gQ|8iM3{2Bbg(Z*x9K@#Ok z=%@%`y*Zv1`m>XuVxXF9k!xiCncZGVsb=Ha-I=-Fa7ZdWbj)-^_JPOI-wOVmP&rIIj zZ=WS4x7qJ&%?NInY#uz$|DIFcARQk3{vcc3{aiWY)EYQbHCgP+%lcE%h}l5p1sQ2` zTKan3_(?22^5`h2&f)9suo)r2RavFxAE1+<@sERTeVg8%-zi_=(WT{Td~zW_W)vGT z5+|k*Ky!ckD=DcwF&tL0PC)2#8~_h}+=%Tcl9erc?ZG!U`8b_CnWMdif!;$IYd}!y zVe;_{hQ$5J{?w#!j&M1EBPySEiOUhG-G}^3??eqcQ~sN!=39vR0#7%RcMBX?FrV_s zSQOv=nZY6-e8XIgd&cErUAr+72~8dXPkY}8cOwvet^K)%D1BtQ;d?j8;m`n!W%iR5 zjU9^$)*n}|=|)Vy8&^5oGN9W}3=QwBoe+ysr{eH}J_o3aeS_<|53dV#o#?j$+1uN(Pb*#kBS{u$^9}DhXS4FVKSwgO=eSSp9QH!#&NHk;7by!x;0wa|{M;w^M% z%bcn+(9qr9#!rbG9+7mGhLG8}j;?Xf@kL&U-J8 z`O2di_#e1@J-tCm+rf0P$cIOppz6}9$;Ptw-wGjhg4Yb{j#S+IKvCx4Yk0o=nCW0r z?W3W2Gez~wz9z3m`9|`NY?+Q8buT-$oX^Izr))b7vz5W!mGHHhUm^;}S9sLiYA>%G zi4U>bCmamAi{5tMYKV=G1J}&wne{xK$8&_p$OYMyrZ25loS*R&KX}-fH6OaZ^6gaT zlfF2=rN1Dz$ND@JyP>rXoUCVTsftlZ+K?C4&?iXTt;+LYn{OEoA;k-Q7vJAvzmVigo@($Pjx4g~$1-diJo+v0{FifWmI zH<86X6@5Rq7Z!@GJxi3#h9eEzinwXK*Wu9c?vKW!#(_e*5J#lx4!R`6Nqs4)kP5tY zs?^QenptRiTl^)$rM#)=2g*lM7U$-kYVIC4;~61NYPk(3nlB$c0}FJErJdd=3N42n z_ITVKZXKSz9FoW|eSX?+>33MpEk-mFfPH;vI9;oqj!W6xAfk}FT~8pgZDM;Dz)nM~ zH6BtYCgg5^60&tY%3^V9VH8es1$vDU@S=Zbi_bwKT%Gsw;t213_WpWESYz*lY{C!h zPsv4Vg=ZH+;)hO&5~v@q$m4Af)3ph|B?&nW(*ckBjABovIyLGT&=72fH(Fv z8_^g?&>2|*bi|>CZEDK5#hI(uK0EaF zwoasuD}8HNQJwhL;~3|*#t(r9F665@;hjtQEQeR7xHN2CBmRfn2f>EMKEJLKVeT>G zP&(9fac8f2mgXyjJuM^Qvip4d!5$2TUMxcX&IG|Up7(#7kM8Q39IgacJK%h%6>@C< z)h*fh`1lt2(f+NS9fg^Ks2lf~9d~&J^95kZ6#Y7hX@kql#uVTzd$v}O447e2bUf9? zgvVs-6wII6p^^c8blV@A_2Hx?zf;8g8j=^*>3o6 z=>0GY_>w|4jxJ^O?jay57%DI=#c6}3y)bD%pQ}RN-9#4sWhP&Z&4=G<@1o=u7pQB$ z3}MRh1_fdH`kteu2@{Wwi5H&(XSoym{$Ajh2?@?G$qd(gGD=#{Je(zpnwoSJMQbEB z)xbl8+VyS4>bHnzTwsA5efrWhY21%U1ELDCoNUK^) zpdse+cSWu0mjCWo)TYA1ga-3*H6g^$7q&ox$jzlR=k>apoJny==rYPz#4Kcxgu@&u zwz4w$t>1p!;K=wme^Z@WMr`o%+rlcPtv@u`Q{PHUt<1^+YX+nl3yZ0xuZzsjuS;xq zIj_@PEw@I*crlP`74>{;&wdObsh;#eB zLcmI|+ca&$0Ok$AB|a65vOcsa{c!xk6Y*b9O1~Fi%lxl(Dk~Bs2y`fM-2on;O1+u&vT_jE-|DnSYUzkw8`qQT%X?;MX!kNHCW3oqA zI4gu8vIbYH3jH2RR=>F%k^Sr%&MOq8hvGF$q{Bm+qMWFJOY14=`|zdZ*ceQ_bn-#b+J315u5svobYXsu^V)33thvol7`1* z`fF%}*~}8ySf9(tqce#-*`IUU&mavEYrl9JHwPavc9MMRljtOJkQq22NjR>pAkrF7 zI9AK1`LMJ*14s~Kddj66@D~o^{jX2Ksrv8iQW<9z8-1*089t%^=Tcke4IV3G`vPTj}y<3&_i;osKGE_ez0p zV=Y?t62|*P6CW*iw%bpsxLZTNdeT2YdkE45zb3OUy;~u-Aml&`5 z!r_hwCgAkR5!+P_t{3Em2s7#`g^4pDprTvbKy-SmV3IMD)g zKp%xH_4JD;p(8zw?&O*eh^Zu@7Lsmr^ecK#kOP4|PfF`KoqCvhKF)@gKai_kn#SikDG;$Ay^Uy<`> zPofd$`-rEJrIvx*c+DqiHO7{k2ivj<@OU*VJ>_H6A3Zm}mZZHo7H1fT!c3BrZU}?UdNAawqPXi&;INR~4al|axm2zMP5mf^8(r2pGpQDKk9(8Nd|_BTqe)_z2z$B-qJD`$|2;pawkw=#z4&WwPIL!Dy9ty!K-+qqTv*76iNcauNv;FQp+=o!MZ7QX#U z8P>(0`Q`HZO^qd<_hs?nnUE3S!}GGm5r=Pyvm*oTRY4ZKfAh2`KecdVOq+ppS!5w> zCK?`WRW6BT<&wBt7IIwU%nbeSN4m=cvP>ztvSII8MGyl&vh< zCz`$sUU|&zLN$PYYxZFMzxDC|4*64y$lVXg6wsS%*`AjBuacn*^fN?mpYr_RS=zyg z3tA(Uu_DZWOmFQ_(W$7g5GWu6sCO^7rk7vC1>9C)NndJ$gFiNChMFDkw-WNm0rrrK zkM#67-|q$qsTh#KSQ(1FvwiP=aBH zk>ozdzh+Ro=2Lsz$bs=x;|2W9K1A8-w^e6~}5S-@w7dw}7cp@E<^bsHM zLY>IUscs}HEj`3$!oBv9Pm#HMI&}+5xRYl={IU;8xcmDn0?zw5EoQA%9m~np)%{0D zvGgJk>@9XyC|HJK^>}%?`277lSM9eiP5}D+wJf{CXny438cXN(iYA(n#URc^h_is( z6Bwq~XE_c^N_QK-*TNxgZmXwetNFXU@=2On_kN^kQFe~^)3>MXriU8Q0)PJoE`GbV znm?KJt2%N&&3qAYDjGCmGtD->zLD!_(!196-F{~qlaN*U5E(JE*V#@8WZ>_5L04-( z>(x(=cT%|~h>fx{i8?>pZv8M1q;M4tn4zOZ$zu68dzq2{PZWSgFwy6ht&Y>vVlk4s z@$i<>h|f{fkiI4lPKz<9Fk|!V+0jN?xLN&Pbx z#k}88;y%BJ8Po2myoA{M=1M*@$Kuj-b%2Dms!%T-4EBTlJf)^17~X7BF7_AOeNXx{ zh{xT*I*0Q5z?f;7LX?mN2deP5Uk81d?P0IDorM3&6okCcn@9**nWS&iS%i7A5@5`J zbF?7toksgj8@pW|jb#=Kz>z^GL85~iQc<5S0(Qonqr2}I4E5XPBROs}6Vo22A?ILN2@KYB6~-tpaxmh9}OY$BAP=_<@zkRPvxDs{YkR{Fk#(ayKNM zkj6rr&4nKhN9=c}>d>=E2FI=Mn0J$@n~(Km)wEar+!^W~@)4o>dwn8)DD=2ub0w%h zN6Q_C|9)46S^Mk1JK=6!RY$p*HY)~H6@cAT#x%TvW1sVPrSP(NC6Z<|}z z`Z`tTjUb;ERx&M<&trY1SlUa(2aM-(bkN)kK$iDWVaxB~2a3gwQYbVqK3$dN=yC69vIKFKT_qO&nN;mcW*h)LU#9vZD1UIi|YUNlWa=L3Pz|P4~%B zzMA_{hff}a#z;;Q=>A-H{e*RQ7wvEfi1?zdV}Ji)ou>^~elT7*9rM^u`>BSr#P2 z43iJ45Hw-`olzRfQ;TZA*L%eN&AC6OzouSqQA8N`R0k%f3x0R}#;+ScWk`aI0Wac` zoKh0BY{XCT?e3mlhxNVVB{^TDwGnqvuS0TeUnZ6<+_xspt;{Vv(@D#g`n0KA7}87& zl!$7rNN$yOJ0!}7chzV{B5>WSWzi#l%{Cu?0DdK=9AudJ$>4coa~v~ z+csBsI}l?=DJ>HuTTH{yKV7TDI_Qri6pyFJhey=4ZC>=-96(d91hMx9}j% z8M&X>8BrS=-#RfUHFKND%KP84gs}L+;7;r%oRJoyK?XHz_Nnd`W(mq$g_ig2rMXr~ z0$7a_FzO>VZ8BnP_x+ctOYpgbIsf&l|LcA2Z#28L1F+{Kpy}y^_b(7q@Xwf-H>q)C z2f)H7TVqtcZJMD-ahCInZv5i-`G7=#`U5SK;`CQi_m66lyn1@zi-pCby(jOx$nH4K z_$(hwUk(nJ^;H9*%ZD8nDl*03RRiGq#k-e+PWBS#!v{bb3>2x;hcHp<(C|W(X~+^Z zwEFP6OJuCgWSK@ruyWbi!6i0JKkKr1b3J|P;T#HZ8vt!c{n0hDxbe((FW}I z-EOeZxs4{tZ(z5q|N4~>Y-Ro4w5DDiPMg;CIId#b@xZC(E5=jKE2XR@C-7hO&J0)8(hcu6Nb ze10AayS=>;R$M!k`*X_{rck7;OpBwaQIoy4r&93(ZiNBez02MGVuh**AlMmgb18o~ zlc8KTV&={`+@274Z`qjlcZN;wQy#*2Al&?QtZ#w0tE<)TCfCYA?k!0MC7G#Rdad#a zt_2r>q=@k6*hVs1$VcxPK;BY_Oy-EF9V^NwB6NAw4+^@tM5qbc8@a>Y4Zkx4wHu1C z7+0}b(%#Q+O}psUBa!%Mm?gEST1zD+Xh_Ej=AG{>RF-Wl>m}a@kNo8#mC-leuddb}+3qR1pG(@}0>?GZ!S2@SS{vDweYTzsoz=v%oZq<7@DY<;G35Ze&cf# zAiuN0Qv>q{dVgzq?rabRZW3>F*yU}ZTzbbfnm0VV(c))we~Y2Exqbx6F6JCGmHK=2uALI=Arq1{4hw}BXM{RrT-Xa*^m@9E9jA?&c$;ED!Ql?u zMSTx)I$9p3PXd{DpGRWGM#+A$3~{@P%NLV;k{0tuugF3y#}m~f*^)=BRWX7^D-thy z4UjV9;dK7qeLDyiv%(!Hr1)dj5lXH#%o12C8R7i~i<bQ&{o-=L?ZCzgJZ?5-a;;xec}!lAk*0y6E2`U!u5wm8Gc zIikVN(^}aY8EYc$7ci`2D4Bd|&IQ3ecdO?ufh7pZ za*`xs@>GUARtHJ=bzv^_?dESfg-qb>8@XQOQOx^Y8{PeWjw7~v**b{;>7|=Kiq1DK z7W>}yGeG==V5r_l8CN0HD8X6dZp9$y&zc^7N^8RZu(TCT$i!Msw7?wV{Mw`@6Kt8Fgxs1!Z^Yn>JrVxEdbTguV?Fx7wQQX(>*6YJ?B?QOmb_0mFZ=_Q?=HVj8 zHm7eN@pfW3nz2%IU43rV!fq$Uf!cj(qy%R*4;}odBUdW?;qB3KfVJSzS74g`%ZdUQ z(|Wo*ZSf%AY);w0FJHdg@$CWl*1Msgz|Y#L6ct%~*t*N`@Cj(AUHWkL;0qR+m!&2} zCvL6s&zYelZ5l7c4Be#nGTZUC(uqGl2)7Z?lFFwdeUE739wCm$BCV!v;@KeL&m)%c zY`tDE=^`McBJ9@ecw&Egxs9MtO+q;H%Awe%0vlvqeI1|SB9eb0R#L-Sb&{zLl!r?4?^n@)K@?<6nLG66 z(!pGD&yA_L?Ox6DKrGvW3wt03dv|R9ex92}S#9fl3mR$MliGz~d>_HhWoa>mzcoHJ zPZeI@sCmF>RN+hh)pUQpDVaz%eAcqaq(zcJs(}eE7w^k0slnpZSz!l zv5PWIf}HQzmFntT>zN#TYWHruPJ4%Xn50A7JEbw^<8PQ~Cx7JMBE(cy&bOF#xVC(W zt64<_%dm`O#%j018VnMov_k3j`v3Y z+pt3z{zv}@ofts&Ie|Wj;ya3oMQvyQ8WZ=^MI_UF_pM&7A-l#NkOrc>7Lqg!`?|hc z?I6JFllVgkyPzp%myV0KoE0&JUFv`kmx2JQ^1p5t6Qjt@hd%VoBFCPkbi9d6MapSG zRYODVcHl-NF~ArrmMsF5QEl&HNaut58^K(v(`yOT*!+$vSgYJ3w4HFD!AG7n$`sDT zQTz+17t*XmM`P{Sn2UYc1mXM#;SOh?WEeo$iZgJkx_UUoIwi{-2-QTI0+`ZraI2hz z5qlwVe(>P_Ecw8|v^7AGiNiDreA6l%rb>s4K(I!vHr7f9y9|l)3x-L+Us)9+oDR~3 zrrz&b4iXL`nYt)w#iDxrrjN~02DHOy>l{5 zTU$-=pLJ0OzSd7@&z0w%tnqKlWe;FOAAFR9_gF^f(&$)Hzfq1MhRKKIbqtTrE+G{Y z;Ec~5C1$#B*`yhuEa-^Enhy3ZBAc_6*zy{vq!cR()eR*&hQ_C36n>A($_txj>WsKq z5RuU_HFLyeWc+^o){$@D6L0&YmLoJ**@J{Jvn-AIXa7)z=dfI3_nKp6z+}l$wy4>$~6+q;#n3Uv*DdYZ# zg>g8=wQKR7C6&mx`cT$+AhN-b2^mqR8k5p({4;yN-?B7(cPmOd$J0AaP;)<|$MMEw z+L_FE`?1W*bQbkmwsv|M{cn?G@Ch3GWg}oaZ|Fn@wDz3Bp}SzmGyX_?Lu!O^yZ)2i zXkrOs8vrUhG`Sqvyt6sSX>sBzh^A>WV){f*L->ZHk=A_**5|nge=E8fhm?rF+I9E5 zOfDs*w~_(O8(N+}LgldaCe7&W6FN~vK;mAwjGa@mwBUdI^Du|Ld-;$yRsUM zdQ|5`LS+`-@$7!Wf=@M{^JMs(Y4IglIn?73D204`;UtCIm$!G37LU=eOt0 zSg4t*HnP_Zf@H(}7fb*Fj+$X<8G+Q{C-St*1C4#9mAzZp&{`H3$Ht2m-4pON zu(mY&G{>{IYs4>ArvqL{NtGY9v6)-4GTFQs<$VXJISyv~r6&+2OAVV8UZo`I{DxvA zo3wbP0f2Fv2z;Z{^c58@Zc14bKivZ|qkEIPlN;hyWdJXLxw- z1|DAVHyu5_8o&_SGa9$MpLk_9|9nH|)9H6Khrhuur?Gc%j!`va)a zk(9cRT(;?hy%6p+*m-Nf!_f2Qwp<}TZ1CSe8Q4a_*!;Ilxlz0FI*=R+H0rQ&iK=RD znf2}=cdNeFwpsLD`7ZBj-bvbHX8C2nCziBfMMu zi1u~N5fZOY&Xw@1+Gu}YEr~c(e+bXKFK-luCYI4eR{g4$ZD-E9|`{`%z%`4KbMrlbIkLru~@9;;oyHdnVg~X~5)@5Hlpqv__2pTZTJ+Hq6?zd-I$} zn&;hnTIuwWqLw4@5z-)-mPFe76~&(l_AhqOty{Z(28BDt@nX^LM@!g&XuMumUM*X_ z`1GG_A)rF8lsP_XVesdr0N9^+`><`#)y&VwPKT!czw#d2XNm8FGD=%n3t|3ZRoQr0 zt-Mz~#VEDFN_sDD(1M{LHnl)U*RfHw&7PP9GN)LsoYQO@SS^Jh{Z#nU4yPUCo}=K%afd2J7koU7 z$Rc{H%lEMs$Ko^1c!rNXW5nK61GIWqgqnwN8(gO>9ZD7!T31%F+LyS1Mz1?__;C2m zrJU)wf~_E&L)!<;EXus`kE4#Jb|2o3;L{MW&*t`YPxWshrV@vlWHa)k{+;3ChOpHspx2UcrLcEvA{V6MTdL-neR}ir}=x-mQwhGcV{bmcGTVBHA-xp^-PAB#{(yY2{qkX|j0|w&)Es+16>+pEj(P!1?R&JG(NP zmf}whMcgFt+T-sW>xO4(%N;uNN@b575P4xJ+f*EK#HBWI&%4oDK1`7t>W7M-n9tMG zGNP0Izz3sAFQ2lra~h$~9aQL27VgT#Ub}PN;FsGeX9olFuRUr3{p)SlP(NKp%CXf| z#t$M`uqu5$X$VZFNCbV2YH{?%g%%BnL$*=6g7vT0KlW0l2s8ASh3;wY{q*ss0_V(>qirL%&*UCfYiF$LDbk4pcvh5bx( zB>EA2F}iOiv|dXZXfXEwarM=4O~2pUq{M)c18FcoQb6erMM31F(k&f>(cLit0Ra(_ z77?U#bc{(!i{yw+Vn_~YMm+D&_xt-jujlpLf9yZTJI?O=oa><^EroEUv|UMi0pOLg{1a~=IiGVJcLs#n!xjIceJB7TV#j2OrFJ@y?t&( zwy_$}n7^wQdgVr^ef%0hkYZaRUB&fmJHJb%k-iSS!kaYvk6(v+{<{4BkkYqNf3kw$ zttLM#6utcqgEKUAeDUkZkm|`1lDkw{)~l#;-^p#fHqz5@@13+OrHp=jQe;-|{qpzz z7fKafW~qNjm(RQ>8xGD`5?!_@hj8T8pd1ax7mIX9ZISyn5moD$BeLsdC2J~)rOtVp zV|7PYm|J@0jdV~Xl^f^FkDy6FVW(kqlKI^TX?8@6>~l}ZD_#EIh!6BdNwZ6`#a3|u zv54)>^PimP2(BBP;|g#3tY>Pj{zs4F-{ggtojq#8IX(T(YfYh4GQoSP5fhU|IN6aA zM)n@1v9W=7uNa;*)D!LOFy19$hNzp&egDhxW^{T{sdj|~5RrgD-3=Qo+Ad#U*SaH9 z|JlAlLx$QHwqkXe6j^|6)!Kx4y0n(oY$U0 z$0aOPGSfcOJ_1|;!@X81Um4sJf<66_ac|G*bJ0V(PXn@L6}l^LRnM|NF&EEl(TX=8 zA380}ju)JBv5ousg3+a2g=$AU8y=)v0e!D~sj0q|=-mSYN=}z2t|77?eg$J9`mDq< zm%JB!k(51HL7^9z0_`OZrlLdAJyF3o?a7aM6x!Y6URsI&k>h=%a&~(g&1%9Os;qTM z>*n&hY0Feo@+w;~@XG>ca;d_hR;9z4u6Rzdt zixm%HHhFtM&+Tzth?~hs*=?-^3uXl>X?ik{Hj(Du$1Fm>$0JgGvis5MM5~0ryg&e1 z$dlN@^0gZtPFn{@_<`l5i&Kq1CvYMBTlxTjLp9k=Z$Nh0BLMvS6CEIPE` z2F+kLyyB8*5WKTlk2s>ZA+9|!XGs$}fO=xMo7DQ8u>mF@n)G8qS*y zPo1$>h|VeZqO}wFc@G1-*dXgCHU=$@*zCI@A-(;P{R*uFI{UhL8};N2&vzeaQx>6n zEBSjdMUB(k9*y&3;yf|M#Wgm>6}g~Za>JH1*{_4v-s26YL%a08N}Q**f-Qx@&N+Pua1@ep%>X>j27hn zJ$VZ|UuEg!8mTHE8;V+fcxy0fZi3r&bo{fZ4N{*-;S;@Y8u%xZTgA^k_>x$8!w#Db zhnD8Q%kKBXhgzNKPjwP2&pnKTTFGI_T=iWtGG?cDZrPp^ii=HH>Wmv2Y3X*qmY`R@ z^FMreOayZkc0)U`T`TqJTtR9%RnX8W{z02+{1g*p(0l|U4TGBW3C8Ln|NbZ zqxiTnM=19Y8?Rg-KGf9IZCG+)p^%iKLJ0+B>wIpN-}utD}Daj{>U z+#3m;@??*bjh)W>-kq)uL4LSH8*!!x8i*KY`*=U>=VXz}?o#$1LmD%RGmc|V;Z@u8 z47jS@+`ztRg7U^r;~R%7BL@e!y)KTE$H0py(7ROjwZhtmp-k}8i?D)0m;VUF)hM7D~_`Y`9sQG0MAV2>PA4A6-w z^_Mh8uefB7DPzi7QyeVdRC7FC7RF$TSBrY(@7K9)*QR!r%Z*t(PxDvnZHI9;7mYt9(Y^0<`=%CTi*S{Sx#M8$9uY_V}sjHi`w8~1zd4IGHvm`^v#W6YLs2#6!6 zR}gHYae?@5$N@D$isqTs!yd!QuZvdCSdqvFhOKUaxeiP;N zSfosfS~gFzMU0ZceGf6nHm&#o2A+3i3> zb}R8nm&KyPuR@|A>E~T7Vi|*@5}JfrTu=~vM-U~ZDy51YWAj7 zoSCTe;d62R|18wT_S=i?0~3Q9r>AVJAHE+; zDaVa{htna!;glYo&V@5oVr}8CKgULfbe>S$CW+LZ>NeKmaLA&erNtNVAa@u279FQW zP8V?2$J_DYyT(>c#xdm^NJ0wE>Dezt{2SeeH*eNBrHUp@Ob{#hn+8azET8w*px~n8 za}zd~mwibHr+&>5nUPThdZ7iP5AZ;+tX+VLLBuEa((-7>{6^^6{0#6j%ZBQB*T-6H zZHizveN3kafb67^M#n$4w{qlJzJ;~f!W(t`jxl~W#rF%Nh-({4h8_m+w6?l+PL8aD zWTbnf#{LyuoG5}_wl-?L{(LmZJw_0o_Vb%JhL-lXPn;j&{|-S!+@Y~e%W=Vbq2WXU z*I}+`7;iA@M)2ilS`|V_k(EgA4)?V!qD{doN0t*Z{On15s4j=}tEp9v-u~rzEn8rt zyPH7L&Cf5XL|$3;SC6+2jFZ;gSClEE=tC= zmDr`~08hV66FuBUv@$tzZYn5RAn*oC{x zLY6>j^zVA#jCVsewi#=k{l@mW z=2yfQ-H#F+)RWj(xuP+!L(W5l+CoGbN2sX&OXxKZM4*M@^fnsA3GhO1=guTSiK{apwvveyWGq(G@L_;v4MU{|szkb6%5cQc46e2>(pXj3} zZ(bg7D^Z6Z$ly22A(T(`;(8NBYwAK;4DQo;pt?hsYDqiylO_y^^L`-TT3yfgyv)so zNC#ecf;JZtpnmfGO)jgdGTbkVs4(AyL=xZVI=ar7!VZ40l#jN$vQ`*N$Zh~wUaWL* z@Xkr5NXx@S^Y6WCCRvNr)Z4*_0{Jnv{T1TZ%h%}hs*!AuP9?&L8BDGnqs?nQm7Kzp z0#$Hv6&-K28~jcdQA9PH?9)}qUDU`Dh9?c!yjT8t8)j@)W$s*UZ@)Ies`{-mb}tls zyxUl_t1TpCjU*vlR*AV**E@>RE7Vwpo>-JGEi8lY+^KPyB53rWJX`wipV*UhqS$12 zVJ(=GurZRqMHaetqnrx6k0n3&(K9e)J!K|>Fr+%WV!oV2`J9gKb+`9Q&q*9pkcMa) zVYeY+Y;PY9E8f_Y|#-%ZOU@@np=p=a+lV&M=J zQ??D(-0b6R31V|@euE2jg|N=M%xPIdK+s==fuv7KXI1SQ3`jL1b{7n*GtJ z>B(^IfR^KWndSoLlkLtXvyaz*PvMP2qKq)7_h!A=j&q~uACIjoO*%HgKF+dM%_=Th88O7?F+twX_R!-tEBBNP0rjPx z1X%9@FJ}j(!t*&?2%Hp>*)uQKUVSc(@AMwH;6LpXusJB>3sXse-UeiAorM@lIb>UA_3MCZh7GPL|$duH;&^yz8>2#9v7f(MXqnk zDswr>$QhZ7LcDv$MI>@6X;BYkp0aAl?Li0M*$aNo%6YkZo8dp}rWI+lxRR1#s)(VI z5@eq8AgHLkfE}tIPyp*)teGHlySzdoafLp<$mikI;vHl=JCLi;!+%brRceIbb8{N- z=ccA#4ae;ix94na3WhR8?dk%h03slStdr%Dce|#m;u6K><*n=FHv>DbmlWG}mOV0F zF9(4D-Jo*(mY2!>Q;ZrxrG!Zu8nv)6VI<2{`SV3NS;!i-d7DG1F|_i?x!iD3k*M7@ zGghB)UeT49k^&`8fUzueD$lmEDF02>ZhKpjm#57#XM9L2D9v288f<%g{!<5kI0;*S zI}&Ny$=P{fZ;Tj@>ekp9`!fltN%nJh3~BG6tL}2gZcmm}p8t&^fA`6y>*Y&Qf#>RG z+0c{CDF|osUA(+O%VMhZUxH|Nn~jEBp#uX$szTO(PXakUdsW|s2p;)hKDHEt!&WA_ z%HKo5*z5>{fOzN6&f|AKNc%t9#d(p$3+mFZ#{`H6Xt2JFn$_I0CW@lM=xZBk?lS9X z<4s^wYc=tN5x|TTdR_878%1dv+u8KoSXP2QCSwiX0(cCvYY$j&Xz@i&_jj>YTyEXV-%XAL*z}Q?xNXIBPB6$p zHIPb1$?8<`ovih5RU;lBvIw$YIL*PWxEKy}O}0c5dY&CSvWQ==9pBoB28%|kgp#a} zIL^}D9+)K^SQ)|9j?rV|A6j&bbGveo7ZTzKz5R15dc|8tp@p%YJ#Fi)h5Y}!P3H~k z65QBnOr07F`HuUY+_^)#zT5^4>BYpvAX65n9n=<$g}xpgYL=bT;#QvoV97y%AK9zU zfjMA7CZtYT!LIv~zvDU7OIdxM*1GJHpPvqZ?NtV%G2)Ee#?*Iac>Q8WH}L zCr=Kin^Pu_hG=$di46?KEB|Ws72ZZW+P?Q+ZtTyN^S(IgDj&+b^!cm0t!mb&5I zJ?S`hHX?WD$Q^WL()l^B_}KZyWA0ill{mAvMb+ZRM;xwO;8 zz@?Q?utH4+LP{hVnJ_WL$CK8*TT38d)Nh%4MErbx=UIt_m{W5&aXivyC7 zK}BtC+f(Hx)}U5V-TU@+oOI>tnOScA>d$%1og+Uu42WC*BF1bp4?Jl+{<^Qpbc4B5VqnB-$^>uaq!noV5 zx`p;IgSC|OpU0+zio8I|%nKb#IT#1WM1MykwC3#Ru<$+%M)XK z4h}?rDb#%0Yw?C$?QGU{iJLjFnhgMVWx0=4M_4w&Xv9po0V?N2}`3 zCEB)8b^n=F_vtTxRqew{=cynG%6<$%3frHby=ukcWA({dDuSMBDF-l)uYQkgzuzygIMC+M6{R(xv47EoW zDS8(Vy`9HAFcSGz(`>l3lSR)GVE``*Qi_IQsdHL5Z`QNgcfZ9;e3ob%;Br)xsHkor zvg36!h*(ylINkZwJ^B&>%RrMS4p|$JYlI2E%OKI3J8rWs9QJPXvryxqFG^3PAV00-56`KhxuNR@5gO%l;Fx%GVc1#~XQsJ~6w`mVYal1xJ(3U$)FM z+5+2i5f%HEh&AY41`YXK_bb!)qE1u!X7bRS6|X2XTvYY*l_?NjHU9>B*VR_n`j*x8 zd2o|Jen{Fej7k-FZ)nZHz}t%GWsky{zP?%Rm2p18=ndY7Q{3L47fw&7rXV!&y=Mo8 zHtx4+X;U{No;=Yvm6zp}%JIg%{+KV>+i?WB*y=K!(#!|%cJU}5WW|^NRlJ#ycnkSA zk6Si$UcF>&Ki}V&0pVN1t^6nGX6^HOTC4d z)d?``VacW#&1m-di}kX^2hlRgfS&Cdfv1=XJO769kltL zOUF8~7SR0<{>1tkkj+U*;3w4jdwlu**JmB3nOv-jIlc)>d^7N?hzL09be}65TL9LG z(vDRf9DW9BE98`io{oCDNzn=FA2S@8!h;Ego74{sH13;|2gs^zctmF|$BtSON>&4m zjfgv+n8&+6{flhU^<*tbXExu+6NOYj{BjfAmWMe% zTJ`)o?;G++ylU`8yWa`oyOYYmdhy=`JJqbHeL?6THoB4mY)ancWMF{I_IMPj?T^PxNZ{5fE7oBQgOv9a(r-e$H-<($By=)@-i#Ctp%8hSOHHLa2_XKVY$F)z}# zU&N=)nz+K)Mh!FQa}n?*LBv>JM$8?C_q`624f<6!E}v`oC+vaE$~0tkgXYeU@n`dhA;AH>K)Od3&#cq_<2`DwZPVdM2-u~KN}w-0{?}v z_+C28$Gmx?efZlt?4HQISlN_kU)shgpLb9v&G52~tP*&o&wh>(qGTsCZrxOFXMCZ~ zlg43+eT*)2{$lMyAGN6OE5=N;OPomxAPq~ssRiXRx4Rb)D(629*{G$3I%0Q#^qSG0 zQuYm3@C0XhQxs`hd+K0k=q0RJ?gww;n}yonlQvJthws%0bt_%s=l?l95-TkyZ@sC! zK~EMGX;={b$86+*p(j1AzRZzMWIS*`Xd^MDaJ~RsWfdp01f;(OML3AN2Xk7Tjiuas zhsb`YT5={BIT}4aJ%BIdQ-QGU+2i*aDTaR7*gH+I0;UI;xu(K%X0p%U9xQ?z;O>*Y zsUOj`T%JpkxE!;<%n{rX%x$>@&U9r9+mEp7Z#Ba#7S-T# zEb8&Cm90lVvvj|~D!aJOKiy&q`^i|bYHi1vMfKJ z?y+#X;N#ill@(EumnL$aXi$xp{q2gmNn7GoBdes{&gzaEW=)Sy+5qEaUJcjs#u4ov zXq|_Z&zM98c{F~z9{*DZ(mps8Esz&sP<}UfsL#sbuG>5_RcWrGGhykcGU z_{vZF8J9Urb88Sx3xnkb9F+-+#-PgEcjs%Fs}cyiZPToK%V40Hv4wDA5V4Ryv-!LK z?xPb3|31ScptF2vNuj!3QbKLtj8AkVxfo{M-a4Orb|u)A4J1wRvHvMxLyJ*3X$`g3 zXE`35F+6(_tXA+o9r}$sl2{+i2>39%i(-DOaKGK4vqMxU_b$@b)!Gu+O5Jy3O8ilI zi{nddWn>}g$9R9_lobBCcz27d^o*n^6}K_jpL%2=b$4`2;TJN1!uwO*;6qhI_w|7y z=PZbemVSHXvfoM;kM>|$GObcY$>E>JK7Gn9INY#u!|n54)#UgzC-pD5058Rj3&lCK z2!Hw*?a+Eps7~SS$tYN35*}5FzhuRJXV|Eun6DYPG};*RE1(Lh>i$-QFT!B~*RrX; zTu=9Xb<4QeYeg}T-d<@`2fW}?X!=n{p&9Eq39B9;E*|ITk8G57-MZJB4K=i`?rX5qGcOhm07*q&P8dH&7S0H2&H+n4&b<5jS@x|U?m|jx$f@$es7|O9}MW$>Awt?X%D4N&W+gJ zn)Mvlu(Rs1S*DxyC$bEf9OY8-)jV#a04*QKhINq!RrP%E->yZsZeL1EQAkQgN+f$6 zyx8&9mThi00XXp_qBA$#yiX#a9Qa=A7dPBYNnABp6wKtYbD{W^8SJp;6iBSRtjV8<7==xwvZul?k)(V6D1^+AHor8!`cz!On#glSnsSjVVXUw3{H zX^mLzVGIap$;IW+m3l;%EXS2tMNbd;iQ1RCiXy`{_Tmt(;~~UBpFau)D44#Y28+~o zmypVO-ppINvB%jUO?52QOsg?N9d$X5zM(WizrEJs3CO6d7Hi!F=Tt@ekEs^Gk@*uE zDO1a|My{CNCQOp8AB|=&D9;Wb2Z?lbirzHca9drkK4Yr_y<$dn47p+DN=VDZP~r#_ z_SW#OEtQ;>OS$}6kUXR*IUepvyP6tHyp zIHbGbDx6e%?SH8+4phwWuLX^&d%7+_ibwBbZ5Q1^?uu8Zgy`EV&_0@g!+*4?Lc!jD zZ-;D|p(uibgRy5gtip0+YwJeY*~mv5782yVJy7K%Xo?Y#&P(X&e#*{C$7D$Dj~OdC z&*ebb-Tr=5G`Pp(a{7B$XF75%im=xtl%ZEb-V%N!42-eHfsga#NUyiTO=?8uspI+i zo6;K|n7zLx&_7z-pKOA!F6qC50;Si2{IncbB+&)B3%PvB)qcuv-fXS5h+S_vJ~qW1 zd0bETd>a|@tFmmHhSamo=I6?h!s)c48nC^OLOLg)9`?lsGqigIg}vDoe{fT&^ILN< zbU%;= z(~e;Tv|;6p+z&ZL4jEIyIb413L(9P4sP4+jlPpXE`vqRT`#Yp*6sn;2dDsywLG8v+r3P9 z8u8c&#R10(C}4u%24jS-yto5e{9xm|EYdtOSj!HnK>^QsaA6baCc8D7N;Zh$>NiTi zj*N4%<7XuYwGLKgnZkDjvfeRH8Gioq^nk88SmKLa1lpCS;1Y;LI##hBf6M6n-KbGZ zZG6vW7JiL_Z%x`*$xZ!B59=Ph!x1xLJM9j4!6vFis9fz zsOGA@SwntF4-o2NgL`T;}$JH{NQ`c^>$xLX~nlX&g5(Axa@< zmLFBXzh4Rjr??Xf090;!Da@e(XuAC+?KR$2)^kEA8e&I8*E~%F==h@rfVp;%wuo@O zDss*>y`4v9;9eAbru)nl|APS}=&nMZX@*JCsIj}jY;V@M(HYjfME7u}U^9)2wJTUA zgqP#@jkikePhcn1%>lHgtp%G22BqOaO-We8_oyC8S8*%OLyCf8(#exW;06(RFGTkyHwcV;w)NaQ4b zk_*C_XJ%K}WJ3Nf+rc1^iw?wWRSFLU@<1Ee7p^Q3!hdZ-@2sv#t_#1;I5T|aJ>zU9 zOIda^;D5OQYpeFBOXaY}o72Owzce>CYhf?!iQf;CJU$(IB{Q5$!P9cXSG0!k;Marh zu6C-&E`aj&$Cr#$lQIoGwd@MuZ6%P=C%5aF;i%_s5pwm&hd;z^v{sMbrBT&8XoP)A zsvNb9wdx>+yNF!K-Qrjux$&I+){Wa-_iA3tDF(5JwJt);6#S^J&NE>x49cxHyu6T1 z9{Ij}K9$83LGqZN4`;m=`iOa!DE%wflL-)hIgVXZs;y)*m0we!YOdO+?cuXT!otW* zw<$kQW5UsqYOrulX|4A~Tn1*S@j5@tmL(Ppw;Tf!p~LKVEZ`P$zeOaLB)reP{{rSyAyHCH%vFS{SZYKBSm#XL(g*P*`QHVnyB{PE~%gnXF$ryW>$@mmT9%)WOL;DqSS#a<{*F4w8xpYHrKHkE|zb zMr!4Kp~t4TiE{F9*vsjDdsp|Lt#cq(>=tR*^@*q(pz)(`1y;HIW+M(#6yr_{+|Oo4CDQlmH&lX^V}9)Sa3kHrmm!=1)+C#uI2ri zrv$P5R$gDD<5~{1sYieJBCf|2ZKsBg_u$pxi#`42MrPKx*c$rf0>Wo{-wkr)t8xW$LBlSG$nZ*K^-0Hkv90x4I>#ps@K?0`-tf8;K3O@D@SUDc{O zl@*fdxT2bt>hz6Xe>TwN6nh}f@6~47G+Nec)$SDPHCqNW_LojY-_(Y8DLoHqPtr+9 zC}?K$@`nEN4pz`qKRG&CqG!T;w)zCb*J_@+|Ksh=Xu>z3jl9w?+RVx7h`Y?mnGoN_ z9LyPGlVsesfBmux?E`kf(7u3yQAEFsOWoCGH*xcpSZQeu?_FaB0QxnEO5tuK7Yk7a zBz?>-)*M)pr6eoncg;LZ%q%-xK$STv9xI=-q;?)c-4U3>(OhYHq-Fs&n*0^GBF-61MpAJUTaOj2@N zc6%40W#Z!E<_4%EC7}`%cLI)e|N3i)Wp;#-lS_}fyG8@d-C$Z3JTWNaUn zKOfQY=FI??^wA?tO?P2BUXH7+73tcm3>1XBd7flBgf6U|YkCy%)cG3~25jnEnV1B- zkmT$jf-XYHHUgdM{2e&&ph|Wly?yb&q|3ht{Fc1H@pN0%iyZ2wkt;Vnt5GxunI)TS z@Y2WJ7O(h3evK=7XYg&aOT$ZJm*%vZryjqzBz267*TH9$h`g)&x^Q>&?s-8IxXNGs z=%K9Ngk}0tn6U&(T|Rvj%KCoSiYD_@K?`b0_G=%Qh7Lp|$)-p0}L&E9ZS z!c*+h8mw%zC%kg8X6tP%S>Bwp+M^oso117insmSqyaK*vKRue6EqZ$2KsKbtNg|{Q zZ8=ma;Py|vZ6ky_Z0F5RX1{&Enm(=%A%I)|EomW=7>^ATUcDE)thlMQ0?dU6$N{cs2Od#1gg4?}r*NKZ|CS@c@ zVuZo!4r0w*ehWF(@cAuB+=zCax9;beWKlS3cV-%z5Bem(y&xsUs@y?0Ee;ZWaKDe` z&r2_x%hv(8b|oX766o`1q!(`Rr0nyHW7Ckeuz(6{yvvV$;6PyC*db0~I?ib<7*C|w z!5wO9Q;O>SnsZfa?ehyB))cP*q}tlS(p6D04YhkIZ*;xIK3ct=QFYneG50AR>|-TL z9CGuFOf9>PGkA|GQFa2Qwg(Q67UQarGGSCI^EUZl;lF&njx(k``8+9>G3iEb#Bf?~ zOk~?#7kG&*T=d3%F?>5{stqSfc5(jCY&hMA_w%9(4J2XSB^?fMF=K`6V|L^F;J+HV zep-AB^^{Ap)DM%6gF^P6ZAEjN($pVxZ`EoE9vh(m;t&4u6G({DH__I=^|{hZ+=EfC zn;j!9+5me?6f0(HtS8dDri@e39W4+}WGEWRGQ@V&q-$S{->2AS|1L}cwdukwMTX+6 zHSUPy+ZcEgi%FYkZCR8+ZD`=As1Y6$s^<$7f5>$!t)b(PTXKQDOSi<}2G^oP8li~) zZlTOlj&v7mR;Km~m1d$b|566-4*sa?jz!sEqrct-3H$iY9W4bOh^SuRQBCgr;hqu~ zgZaky?FoJ$*6k%|#?Ifr{46IyK_X=4Rvyb8AsZTq>gOs-UPQ8@w8{rJL1ekIHfnJ@ z=v!k9Jf;JU9b8ow^}M=zbQimOrmE`-%UPYo7*R738ty7V|D!U4*2`Y;&uv{pKQ~+)o7WSRi_*BlVe`3^-F-9)&rnj`cpGz-Ng;Rgl<`NlmR&8LY9z_n@CNt z|7}1SqUY-~h!LS#65b~)Fik&gx$9VQ`_&heQ|ja4kEf@b zMmw{im%gs`-Z(d!I$L;>R%l`G@?}_Xcq78J&EMZF`1JB+NzZQR$y|?MQW8QOz>mRU z*8R_3e}+05u`2$hyg>2@5{dBh7nS@6u=Q{s$fdnr@#nq7r4GL92$c@}8*)j|prhMH z6;9f)Y}BP8aUDrQS@IDgrylu49-NA8LqZaMho&rfGAXp~=`geA+-XSp5Vky}dy|&F z1e}f1iD;YdUT((lgps$6bx#>?oR}3CN8^^mGhx9Bx$m~4+aG{7b*b**!xileNSg8+ zYR0D^r_<$rqzdg%>nk=bCVrRVQW6KCqb%V1^`1Qe(>tTM6BD8@-$+drZt)Sv-7^hh_2Qd;!~{C~nYX8K zP(Q_{gHdl40gP=HXi!b$DoL+zfr$$L-Tyq>xj{+H_Qs8Chp)c+_xolyYJ^ZPgtIpI zNBP4=KmVM!N0vw#X{@|#x}2K-LB%x8ord(vxHgJT!zVRCcS6qjFYMYnARU)AD_=tWy7nbPxCz5o!6!X9 z8B~`C-0|cQE0LIJ++*qP{Y1ooc5qW{{PiE1=zK>@;xB963B|Tfw**A2D6j8O4({Xo zY(VFhu7H$%_hcJ|qCjfAUc9BCE*zeTV&#quJji0S&5k^8Q%|?oNUs2#PD<$+r9PUf z+5Z=~2I^P)Aq>ZIP4`Noxam>j2MEaT^s;blK@XI8`?jhLUxf*fyL|vKfWgY&u-W6V zgKUWIVjVdOw>N`+U+f?EAgl#V!b4 zW|(gsi|X2rqqBR>i^rb??wIKR0a?|AhHid)vgpH*`efw*`6B~j?dDwDdrL^DujzF; z%4SN7RkZGD0~Z%W73x~A3X>)K<1@b(r07>QI?`CMz37kT2MZe-vjtcSo^=zK8>1&| zt~+f|r>|a(3^(jgOjk~4<|sIZ{)r-AVIn#vRPqFEOO!JcdO*`w79G?b9jUeN`fWoE z4L=x2UmccIa>aqHK4c(yu4~ETmjh5e6Hur$H)T^j8oGk45aA$%Y`#2ZpZaBtZvz+% zp{A|B=5gbE!4^nF_{yW;ynV{_=Xb<1xh4VO>DUdckO?6I0%2-q)xn-6%;0{2-^$AO zDBPH<@5cqOg98H*g8JcIx!}#sZQqLOrfaarbsX)>@_}do0#W(IFUZe7nNLBz-qX}c zqk^XHS_0v!)I-Y++Wzb|szwYsGYPJ&h&ZKZ(43hV&fP8|;*`l2*?1E}LG*i}mLe8) z0w#Oh*@Y(e|27YSnPYwTkyd= z5fup=Q4F^WYc7r4pNYsz%Tq|zI)oOE;#LV+mi0gM7JlrzOlI6cmnRY> zUb<@bTD2uc7^F1;i9sI1QPBctoO^_P8VS!kmYO0Ze}XEu~t zZ^neBLv za$< zDirCI2kM40nRVvT3ODr}?5Q3ZI8kyrhFa4n2)C3B+SF@Z&eMlRp35D@C|Q zWOGTOmQ*M+Hw((-8C!wppZMdW*Z=O%67EgpGLn)aB5fY|v9AHz#{JSs=fbRu5JE?z zYhgjRy1=er7t_EghzG1E%KAflCX_=15gpusZ z7p~6V4DN!A5L{2ZBo$8!pj%5FHQpuU0j6d<^+8Xm-@iA;JMWl+Y+|Cvbv_vTcD!c> z5!0S`TkNWY0!l9-`mdM+X%iCMx!DJQBwUO-H7`Q0Ztfhwla2xg zN0TqF&d%_)DahZweiZ<1a4+%$gmC?qCb+_PYkRh=v?d~3B|!@Z&P0Do zY^{$Sq}>~oCF$S1I?a*uUfoxFk#xu3t|>yP zSGzaG8luphu)-Z3=Wn5pJ?oWm7lB)oj-w6Z_-L@Hl`^-M&u%9N9e2znL9`}hE#Xp* zTV4SgE+h<(~%41`trL$$mAkM^FFKww_2nd*66VA7!r~eWv$1H035%&XwT08P0BSwyf zf7I1LAN>5eEk_`DjD#+_bBF^&GW%Y?V>;qW^yWTFoA=5qFZJ=p#vacDy;a-Jzkdst z^KG3eYFx&E#+}H~k(U2;0=0s>v|G)}*Rmfy7&^F;rDtvEDBF-D5paN$M`&rT9%IP7 zFia^Zf!#>bew#6%V))f$n!)a0`r9Rp{XGtuASswno<|dxC%YHRk`aNv>+r!Ies}(H zaN#Yw4VvJDP zEZ`Fn1fj3R=4^WdC0x{5&5<^QP0_&$8(H^L&05jos^_kb&!KfLPeX3A)dxXVM~RI1 zHMqlp=RlMR-nAsFr-nvt{=J!cpYRSS!5=EhF)hgwwdt8@AxAB<-Lmr?QtF+;4v7UA zTB4izlt4cxt&eq$CtYwzST`}h!3bkJgiP=G4G%@>n^z8(DWucY4T<}}G=_3cDyip_ z36JSd_WJrxILRg^2RiR-Id4qLPbl)OD$&zA-aCn<8h&f_*rEKm=YGbj1+q*pyyKd? zm|jfo3}vRhn5|jLYZ7>H*27eGnw8;ZV5ZbLzCva_86;R;6t)m_Yy_D_@71w5Qv|Ze0e)GHm$9|F!Ocx9m zHzm0vW$j(gg$upXChz-2Ht?*;b6r1$A=Am~4a*wpb1WW4z>L4lQDEGBs&nJ{1?7$q zzkfxqJ$`P)&;p_I;CNo2s$BTyVjzlGP76OLfGIke&D;wfL(a*UdNc_&c#4_*;uoKS z_?t+eI$!zIz5MfQD^l(be%veg?O#r_0@3M%Lnm$lVV3EU=(i8H_CCbiMZ7&+$hueK zK==KuBHvVc=GJEj#bbEd{iXZSoOmHOX18@8TmoS(7lAL8ZY8i=7Xgsl?*NXscG;ixfJrIOwZNb?pE6S z{*Y}I%C@nd*c%-EcL)W%T+_o*54~?PJB>VxradSWME3J~)OQm-!%zzuh(@!4h;x8_movT5WBrSZRc_vEnr+W@BD5*(V+w>!%3N^>(-@XIJjtHts&` zd*`7QyW{O$e`!^rHujkxZJ9Zg=elFMHDo(?%p&aec4E$X=cUQbb2<^~p-fab!DBiO zS&$@NR9U0&fv~V7le!{qL1g3 z50_x_(2Mu^9-!3+GU#CD3emK*?T_r$Cm-Jc&<3tXdOX z*92g%nqNOvJXfEvimHD7#%p_}^x(ERf&0M)#o^SmZSQyhqCHIal3@-Tx$>dQSl|{= zVlBi9z;>Q&C`;9j-2u9bnjWB#6C9pZCHB~TKqp#-ARBVTWL#r*8$t!*yH4Rdu*I;y zzESXIKsNYyyg8oRqu?({fB24sIuESdPLmrE*+O zSs|}4@(qt<#lcrQ%M~OZ4SbV-Fu}{w;inX`!PDxWuMeN&(Os1ZwfvK){)jFj$mjDM ze#z8^r4RoB)BfjUz?ck+mzxb@3p(%q6Okc>bq`(spINwL3^8ZG)_TYrA} zE|(@7f=qkb{cw&0sG$B`{;e-dL~5wsrP{C@YW98p+Lv5jGpwtvlij`pd|g&DU^!6q zxUindTx_<6m>RU>_@94LDJS;dKmYHiq$#m%*o~zCicj+0D{)B&n5zs`63oYKT4sQr zq37o(U0hszczD=;;&FC%*8E`W70@CzEw74$qIv0Sx>#9J+jHq{&m=E*7O47@=f=3f z??0%UFRZ$!0|DW~NIA>4^XuNmR&*4}Y%{})7u|(>EWjPw5&i$SdW&+g5`Rn_u=4TQ z>^G5!#{i3^rS!ZSs2GJ)RIX&p4J&*0PP$G!=H}*Z-?{Vbx8c75ry3US#)1tB{&$*> zOJRG@U1m7HnyBXONM|T8a4|mb5-u(jRjec6pZ#z2W{a9x6a1W9Nd7b45eq_Y<^G4c zoBHh$u{H2${_jfthw>1acMD&xG`>V?GKk-Qh{v`OJ^Kl~B4>xmug}susDNiD`8Je* znRCSE1zY!04-Bwfop7*Ya4K+s6=zLltbaht6Y>3f{IX@%xx50_Q6)N$TS3fWj9bq7 z>KKi$^gvcw9G^7H8aL5RSLdJZurM&RSZt#yR4({9mEAxHW>(Z=Ws;T_$PEZ^T{pG= z|0~>ZkF0krtOTvI{9EAuAGY2yDz0YR8pd4$1b250uEBy^aEAcF-5PfY?hxEvg9P^k zf?J?*XxyFP@a;V3oO|wl$G6A+(PQ+Ms@hens^*$=t>s%uc{1Rm)c~9t;7D8^E>SoS zA@8lK>mSQd)kWUfQPn{@I7mou`CmuT24;Vy{8wEl zHu{tl32OlkiDr_2N)Nc=+YGe6-E4^SdyMsWSz9Nhz=`IC$@lhWg6jt6suB}Ef2Q+2 z4>?b*d++gQ`!qt4lnoy)#OVScCP4Yz>U|Za{Ry)}7XKW#?l?3vS2eYO6ch-b!o&>N z{EvURTZsk0g+LN8*23v^$2tEx!$#5Os?q))OcA)edo&4>zn=lexkx(V@vvM zA;ia9NuQ4AtWgV8>$iCQUAI7_Sfs1n#eU+y4axTpEBAlfqkn$?daI>}vi?*G&mB)1 z0w{`HY$ZeB<-L7a%QF(72njh{=~#4OuJ)GwuCC~PFwHBS{{q-7V?GyDBw`qQlahux zq?U$;crbC%A=~Cc;ky%IJhm)N+_re2uH-I!K*b?6I`LgvH8bmEuc_%kla^16T&p%T z4Nu=>01|lZwp=!zWnazfTKb?4d``mL|ECrI-2>FWP9iF#FHJ_{>n9XaY|zNj4A<7NYN=(@=^dAVv0C~ zgdRA6ruV|*FO6SbUg3n-u+3mLfc)=GmyCbmbgFO2;SQ$vj_?To;R3`FzW@gE|Nltj zRQoG{mny^$eUI<)E%*UO`i9o%X zTE?VZn25F;S(AOuTEFCjyZspq|GHp+TI7`0lKFR|`@16P zwQuzO1TePHOLMoMa=<>B zU@89|i3jqtoIqhurTU=xh61yIBE>!gVVrx4bC?+G2;l_5_40%douG?2sO&o%77WFb zZ*4{WVx3)tp~dbK zpn7?HSaJPxyZaf4&oDDHyvkN@FXZ;iALxztIE|K=Pvh&oaim%|;JuJ0?sIQSg3vW1 zUEn#KW6i(6rK06O9dIQQW@;8?^ zJ}*4>hO8m}dw6-~ZwBv&iQNO?b@`n(QVGHC4$A25B2ndk7FT2 zB(`Sx=g}lq8D%@&INReN%Gu`Nvt633<17zlkH+C{XOb3Bj!v4zVp8>I_edrdDn^fB zIAZTJi$FrO&%4iCLPdm7uqN-ZQ_NpP_r{1^d;b>Ds;bVxA!9I1gwH8Zu);hV98;AD zD8tr#uatzzCVgJ{goTAaAn^i!$1Kt@A_Hz;U~T)IxAjVSp<(BFV(wT?0|-EiLPKxc zxH9Rx%cl=|QOd7GIXt{RTQRtq1~98071@M4+snHDHYY(kEKVRgP{S=7YN#4gr((Ph zAJ)&t{x&x`h@`%gWPT!Kbq+hQDsw}MwOS87xw>5v}d8E{r2 z`Nfq_1{D$rQoVX|TFdkdqISeNiS|!p(<@N>V)W3&gOz*Fzxd-KrLylwJ7>d^Aiw+N z-5%5Yv(3k&th0 zZ|j#-d{;7{zf{PEr=|i7hl%etIFUs+s`{9?I|=--&TDjj`G$x%={mcq2Ifr*r=2$5)g*mBfmHR)d7hhnJn9 z|5g8WUqz^YdaE@Onxr4@-3JOD_$d7MpYZsD-<$_^5QjgS{6MFsjN}y{O!`Q{Lp6k&@u1&q|g+NnW*BN;`Z;RvA++FGhhLDW+eQ9IdH$R0eXB zym4`0X6R5Z00X4iXiVG>trq^3fr%`aYuXWUO2Ed6Uy{?&;F=VXR>w6c}{zeX-FihHJG;+QIdPa`==Mf2l|^xQ(0xs!3nJdcz# z=iwIrYH?I^5H$1ES}?t%GwA)k&nHVO*egt^M$Om0{1MbfE^K+-VD8nEcW9ZljAJVijv%DX|pKBP`1k4!T$Z*&4vR{3D(I(w7WVYSE-9697 z|D3jMuDImUG&23Ow{z~j=kinM+LEPcBXo3_8@R`#^P!~^jIe)PR_Lh;Mx|yH6A)ixKQyw zZ8$_Mxt?#Tfo^Ct_#}PAVi2gjR)xt=^-zzrCB%Uz#*9|suX*E(KH8IJB_s5BqCSZk zha6Wk9l%GRChzDlm*iKNzTTfsBdWn)+W{ z>u*`ItwNVDBJIe?i)kg*@L2Lt`B*~Yt0Nku6Vk-kn9dlo1z^cvWrl%K*Xm68G-TYH z-9YFIJ&n2kjQg~jjD30eZX?UHAKZhaO9w?9?o22*9%PZKstd*1HMKQQGBb}N;3dnJ zg+ZQO9f5?Uv>o1fc@Ph;bUcwh4elXHLAh%!eF5l zDUEGvkQ6^h1rg0%(w()_M_KLjvUf9vGp+Q@QYT#6SUfxH`;Yq++`Iz?u7~Qeq=(6( zJr9~%OmBC3pFZiRL6445c2LkrDANuq%e*lX&3D&Sz+7p^6Lo$!#;Oj4-#2|_G_(=sX$qDrcSwXgbL%bgf#kR*2(nS#W|Q2FDLIYf$&N(j%+(){ zF~oTEg?TRoAXFX}G|NnXPsY|Dzfv$6pwel4pY{DmWjuro zwEWin&yqOE1)tl^#-6_piEIV>2(02-jcMdBGsNpzMJDP;z2aNM>){m-wGoz2oVh%Q zslxZ(Psk0uycz@1ytqHxKt~NDEA71nJdI_6<96YLsVA}UjbNug%tQF^G|V+PVm|Rr zjr&+SB>KtTy*HruU#l;}0o&-a6bx1WfguwWD@lrv5quV7gxD5?yUX5s`-p z{&zS4t}s_+I*M0b{-rMF+y3eNeLPv%lHO`GA>s5OL_nZ2npQz0Pa$1dShRf&sCKls^AWM|}nPr|8XuG^i&El5%9&$AMty}VS7Y9EZ64`-I}f9C?g z?8|fIdY2D%kB|%8%YHnCSimvoY_r+dN+y2Lo64$!E>Z*pw{^A^Pp#T)FLDu2jFM&H#Y;x@G{d!M>a5DpmxWj?M$3rggc+V1D}Tk`N!q``o?|fk8gfZAC1plM2@c=Wp~YQaRsC5u*$USmwAiPW@PGd?EjksB5H61_AIU09=@?UXXIvVlX zO|+^YDQr^uZB7_@5Av;ju-Gd{T(Bq7S1E3269NxyNtpoi zy*BZ>L&tLR2ClNZBwGTE+=!s5@ty`A5im_gD!o$ zNhg~68)YCqb$uT5P;vFxMNGp1h_^H=~y)}yu~ZBf zJL*Nq(euVZ7nZyS504Ea@=LNW<=Ql=&xEXo!%>93c7Gu}$8SXTlb|7wfdV4AF-fC2 z8B@HKcKJlp^?@SxPGdo+4wb$z-tk61Nv14E4b7Z=4N=#b{KEGxM`g9(4|H)&cbAI` z=zJ_e@IRdzu>6~aemhW#gHPZC-dmT@NjkL8wA-`#9wO+}gASX{CCpem>oJW4QRb8~ zUlE1%%I;w^vyyRWjVw#V#pzfWr|(-F!^U9PDa_`a|1^?vWR-*WCQ=S}PeO>LSR#rfOht$zueeMNogK|(^cZ;qJr3D+{Ve`UFk`(!IUVJW9~drBLlHk zdVd3uzjdPcgntHAM!9bmu{jd6+$e2wTB&f1G4AH3@4^Q3r+)rQL4E^ApMsMAk87Vl zzZ;AZe|fXHVfx_D7t`Upq5?rBUj|aXq88|_V!7zGBP(g z7nPbglkN{q6R=6r{zolzDlKgSmy0oIa^DCE&o`ri^k~?E{g(ycDod1p3l@fiH$Llr z=R!U2-ckNM(RvnntcDBy<52>+kfJ(jGmxj})86bOf1zCQ+S|TCNWy#ib}AQJMI0gN z)${7Vvy&*Ju~whJFI;^^Lo3%hHk!=hwwH6>3#v23QjqxL!}S)7!#viwKV&z~#DN=g7g!7QvY14z;O zddY6HH$VTafm1f-;5Zw!;&uYs3_Y|0vl)i0t_q&r364yHyMmV;BUF4PHZ_F3{7-o1 z{EYKz^MYYkTb}MGA!4uUJx9kHtMD*3(eb|KA2e~2*NkokTGl=qAMdM@tvCSkuJ@OE zHcaN03bm`2>mqp={+;u}-XC z!SLsM0kz&4ici;|jWB%fQgQ+8ioNsJ+?3+0ojqIho5Xl4J9d_A(X+=teaR}7&qT!3 zH=9=#Y&bYWwK&ny&5)t9XCpg^`}YaL!K1k)$Uzx349M8nJa)&a+`qBWeeLE5vgXq~ zh!WkY?)<CLkODvA>dFd|;=yeoWJoh|CdLFxt4%P*%^|9hKb_V2kT5P~IF z0z?S&oZP2;Ewp183%@oWW?55{BdqbmewXP@GdSt4+QC*Ylv4_CMx{Yi`S3=L;q{vPX~SKPZRZ}_e#RiGcaJ#Cp`~~q7^ocaUDRGj z%RS_k@lG_|QVe53b33Zbwe8hs!3A1Kc)`?KM!|1Lg2BqNpI}l)&(Z_u{K=xCBsbkz zI@FoNq(xxTA0XaE0xy+RvgV*1WBi($PXGQJ|bId?gC!L>*(* ze7n(ElzBAqz3)PBVWy7LSzeqK$&z>jRI>{kh+9%`BU(I^WD@e8yz@Jz|20#mv;4FT z4mQOA{Le*fW?1Oh0#eva*U6^diVt@m*^gU!-=gzh*M|p4%{YDvF3j-gDDYG*G;%52 z{ZXwkzBfI_9NP4o06-j)4&OQUs;mWu;A`+|Cx!N`B$)5t+Q!)&2R|tD&%y0wK}K5! zmfRDB4OgK<1~MOg^f%fh&j++=U%mZCd_F`~+Bwup4Q-brYJ_`3=3s$;-X6@62mYoR zzX{98tP5d)InI}vG4o5`t?!1u>k7Rqits?|z1MO&n+qrGP?mcFV4|*KT3f%Ziwb2M zp@Ldk)aWC^47 zGnN70&k#I(Ng1*1>JZqu^LC$=lPhCSGX*M>~1dig}qL>pUaXLO0Sn)%3jW883-k%vq0^~pCh`|lHJ zJPN6HUvW|05SCIIAI~Ym~nBsICll;`hN>!gS#L4)LzIDfA!o{QooA5M19dCV{7m z&g)*83cj^yyI5(ZktN(d(u!RFkzeU>5>JwLZ6wRgW4T-g0qb{+seu$%EnF@u|bfE2HrAT1{vrUKsneuAB01JUr(&bp!oj>Fi>rdit7tfR=UU>XDku;Zxz|$(03IjF0N>r%ub^lP5P!R3_@l6FF&g(08A#9klY4Rlt7nPALLYuef+ju~tk> zbog<(0b~HRg{IccgX!$xfJsJ2f}Bu|P)JBqMkZdK=;ctGcH+lqZ{T77S;XsI{4aMb zB&phH6V<}&orL~%f8v+hSFPpvIHuTZw@Bm20v}w+A4i8Y7LPyG590yPb+Zb+rnTE3 z587ESw5`L^5^1x|zK|umja5%-+pW9K=UIs!9nO%XWmbOU^qwFmm|7snom9>V zX7^W1I=#CZ-28z&ZrbzGJkJ5#JP@BvQgU=#RomXK!6zq|X-uCi($SH6oA<0p+y)X( z?A+TsdRJ7G8O?4mRaGf}5U|6%v|!N?YnJPW=YJ=;&?s}zYLIv%0qVjwD!RF4?kQ8Q zK*JOT?Mx6F;$w@m`NDZ$`#r*-?0;sGhX62RwV2 zGg?Y$8@!ZlDlZL@nuz<&D8H;OOv@5L!SojK85?HQX zQKf%YC_#30<~Z>xE|+y{fs^Sn($We+JNg@l`flC_t^SO5Mo6Q(;oWw!Q}}NmC;BHn2kPQw(QHma0=x)omyvd& zZv>!bAoDy?WAi)=gxfVX`?dfoS3dcZ3aL;0Ca5oAB`FKqvo4}3hQNXcSh%3kSoB_c zVgJr-#}#>&C2eXB^%zsm*)(C#t_-Q9i*%Pmj`}EAM}qyy-g_g6Z!PRh7_(0E;OnN{ zLKDV#akzp!7r-up_)S-bQFY*WI;W{gsw9((?|RH0&us z0{>$PX}x>M2%(aLpavfF)}_Eqk!+LMcPfH0p5WA8Dv)UnLK5pIDZ*?>=6!v7dZxCs$*cd~8lp~@f zaZ%DLW%<3e5Vr_A^w%Uz**Pke<$$UYsqfI6aZu{m9v@l@l6K9{CuoTNs-sMfSlvZ?;*_h=+^HB@0zYLWkfDLDRqT2&xiYeT!GGk?v zG~)dHQAfR2Nf$f&kh!KSNhE$wQVEFf5V}*6kjv{XGMVzgc6UL{msrh8z!%$=m6)GPnQ}@ zOV{Vin#sJ@KPYP>jzvz(K%Fy_mt|6$q04@$ahL{as$s;*6~-Cw2VU7Heb2#|b9F}M z9}+1}&O+BE#P%P(;-Ral``up8pv@=kN1YVunG?Kf>8_;NVw2NqjBGD?&NGj24A95i3OKR7DBNa~Rp&zd@%M}$#_U{Z}9%X!a{j*NvVZiqA2=Q4@9-E%0^Rn8Jm-f={5ycMs-lprf z70ai=SEei{?9#T8wI1VlIuJoyce-A8i;L?tfL;l9dL<>*B($}8JAAe+C&yw7mUrtS zn3<*3eE#Ej^gNYtd9fMo-Q&Ufl>UmH7}oz5Z!j&>$e-}#k0Y(FR~L3{8msy;t8wig zBsiLW5>Xc9>TV;6lSzL%uV?-B8O{q1eg?U+W=+46?^<4lt*T%%qud8MhuSq`CV2Qm zpSCt^PXKdrKl=TlqQGZZMC7oMy{q`Bs6!tMac?r-7^*vIYcW-Elq04pYhLSaI{v!x zyVg<3zI)7Uh1co6T1}0O4fh%ld1f1YY*z!j87aKBUe~reOy7(k=&i9eH>@qw6@`M*%3125H z36r(AyX6{o&?Mg8R*|z9GBFCXD&4n3!he;DHyUF8oy#svd;jfHh9=AV5mc?w8i4xr zTvp(;xbUkfOt$s;gc$PbgYt3@#%6j5r}?q+4bPz+J;_Y^JFIMkPhG@{;z9$`N9HdA zX6&pHB~`R9zBdt34D%=9mKc4o6A22w};)U=n?jGP!-UYIo zie2>(fy;S0JCJC2Fvx+TWQaZF>mO-eH9{#69~qns7Y`Q~t_->*c&jPf4?~)z40*E7?(1h4ac_@&xV8QL-B}!l!j3zuq&EIHpwJ|FND^@W7b; zKuLPtoBK|1uaXON?%n!1XJ%9}tXL{?Xm%U2YKFaB2m$E-#c=EBxUn|MayR zX{TX{>XZ(q*KobJ0FB{i=++8-KfzUa&*~r* zyNDeHnuyXchd}iBUed1mSB9r!cOc{9PC%FZCtEM%F=Ln?OYm#ZSIm%?BihvTl=5d3 z*S9wdsnw#p#9^!vyRz7RjU;Ly^_88$s0VQI(>Lu z>34PU$x2aggzMh;TN1A{=_U>|&PsswRJk6(8sI?&g-h1HvT*D^|h9)iDZb=>&x4eu>{>m@>P%bqchan>Mx<#(=rt_fmVD{pkrbt6u z!7ZB)6F}c+%(izA`(B*hcJ%j;YIg%{qwTz}NJ5@WBlgbUPKAm~Dq@V-SG<{hH*umg z9-gj}J}c+`?kU3w%mYcN?e|}vHCUWyOzyWn`66>5BQq^;tWeAJSF zhf-Gc;4Hm-b(VS&G@3?`)jK5jsjxVoV_*Q=dEo8aa+Ztht#_6*uGMZ=Y_fRGU{PQU8Q2|^|?nTbg5$hAkhE^Z-&oNE5NWr>z2=e zZBAdJe9#4ppf$a z_x5f=&}&t-ZLZND`tbesktbe8X2$Q)z9tNqj(j!sQ1V`yc56oDSB)_z*&SNuDTm^1 zg;yG7T(67boc|HZUv=>On^~t`)`o;fm*~tBMvh-J+Wr}nAJMT-k=Yyb| zmjR)o=W0pAhq}p5qaD6ZBY^-TR|OV1cisuY-3-g7S^-bxJ)O3Xwga|xnjH~E0*}v? zV4t(O%;Q9vCWy3Q4zGVj`4>a-Z>>(^LmHYDtEX);M+N(r0L;8pM6EaZS>!KOYA^!& zUxYHVa2f$zi__QV-%|ItBH8beeYcF{nAZKIT`Vodgr9irR$%UvMZTQDML~c_jplUd z9uA?lM(O;A7YBQ?^l+&3!^;+fsc_5b{p4bAk^;=65!|5Q&u=<5nsLr&oTamm_9N!? z7}%0o3UT@~<)trdPvCFA(3sT`f59SU=ZC8!BWD%_5)S2xRSMQQg!O$!Cd4@$Kz*E) zrrQ5p+K;Z_p8K`9Z-muZBMQer`uv_W3PxBMJE_EWV|Uv5R0Cn9gOJQiKkoopZbire z8M!wZqPe|!s5Q)bz$P7|P?b&R0`UI^X_K^J6m}Vt?7;cF`TTmQ%iaYv(F@qNZz_)< zpd4NgsNsT9CNl+4kpF_u+ciP>oRFy6`$gi7pd3{VjEVB{(_sd7X|Jfa>mo=!AQ>;8 zE))knMpG_YuTO&M5(+q--m-~?5nWM0E_HoK9I?cvxrRtFjD^5Rkyt*%&kkiqi6>_I zjdt7u_RO+{&Y~f7pGk>AoLWN|<5paU6*MpDf?vhzspHVNsQFHDyY|{l54^pcyVS*H zef@T=Vn{bNs_Qjv4|b^BE&VgJ2^_Jq1W3rawo#C1zCIBl3QJ`xj5v9A*suEe_dQ+Y zx!&3q)i%LbO7)*`TL)JO%FmLXjxQLQPRE%c;phoM5u8WyG!(?Y*aE#Q>TR(2Lnw8x zx$0s&|7s0RY&Whvd(+SpGI@B#tl#@nri6NUd&V;e0?Fc5yJ2=y!sp33m!?zUvs!w? z)mB;LjTI^Hd+&rXAfG5q$Av9^T0{n;6-l^0G zTrCErAm7A0HcI>FVdcN`05B)SRAIO1&n%_)R3o04NlTB9X>d0eQbl3{AsJ~Bw}xmH ze^7se5AlA#zLV5?Ngq(SwL8|fLQ51qM2&U!eR+fZMS^Sd4)Iz2qsHmTh%9#_a0@Dl zSglnRF7CI-%P?m?WRS2lV{No+D8OnUbvwy{6zD9Sk!5sfoqbjxQ*J~1vS^4G6vk=#xwZPf?mAjYDM!x(|pdt#9qwgw1L+p zhc;Oy{$Qxno(}QxrYSJ?sR_+E*gr|-NdAhn+%k~&oUxr79s5O?^xy!yB6~uP_fTd_ zLON{e?AjXH+^BBp?pNX+{01{muHnHy9IJ~*TDCR+j>1XDMJ~=vN1IAsCkEzZ24Q}N zd+=6}@vB~gy?EcXt1(Bp03*Tg&WCYF8;9Y^JVC0up(4(cDavuci-qk%?k#)iyxHor zbZ|g~&&Uh18XwPrhOLwrV02V#q8faf_Y^r#;N@jjV*bU>91F>+ z3rpcob1qQ*600#gN1nC|5 z-F7S;@2vO=^Q~iB*|7ztLbPlGq){I{>k$w#DfqoJxVD4culjIDM!%4Iw^MBNDDLHj_bYdzI!q0N#cqVexvODaNMNP}N@fEilEYpB_f@O@S7Eej?<0s?E0uaLHW8ysqp@ z*OyADVMTn{=!M^}iRd-=qe1F}2Aw7p^1y6c_73riKfImh1IWp2h!Yw*qL^u^Od~tz zNF){MZ=yYuLc(dG@~o%%)02uB`gfA0N`=)ieN=3p5bYvUyOmm>aQfAr>$ zzx}7pXxEdZBsd{0S=9+v=ppliHj`mM$?*1)i`$X!M%Lu!j?RB&4~#$+ls~V@D3`#m zsSAbOn~E%_yU{v^4f@(3+-l2OZ7izx;)h9ZzSn<}1xcGzO{locwGQ)~Jfee7u361a zNTeX(L3d&-S6?lW*fB7jw)|+4kN>5+mZZKI zW}Yo@#qB0>3*D*k1D^^#DRppCSv**d%>$rZ)3W5^V<+3&|I;`BZfO5GKOmK?a_0k=6OdC zu|DuxPOSMlZQ_VWU8UGihIq>dw*f3He72Mgw{f0E`q%K`kxT>NDjpteIee;5-kk=+ z7sv9Yf5}BkpXpXS^Qf9tXr)R^nUWsjNU{BMl%=}@9_?cvFQ%5OZu$V`7Taf+`Ck%3igVFO0lU{A&u3>d(lTNw> z3Gfh=xn8!tp0qU26Od>WZ>sozgt^vm&q*pAx8Su??LveRR8flM)s7t8n>`cXi}57I zjx#5TUgW1Q_s1lip~FW;)&sBk``F#{W%f(hhdV#t$Pb)FfQ`Z7WEa&+2nbEJ9Y<_6 zO4@a~MlWHDRsV9>*8iKAI+l>_)@tuA^(iOGTt^21%#t*Q66FiJ4yGDZQsB5oq3EN0 z;HlJ}Di98P-T(7=vk_o|61ndJae8lxXJji~yl1fU-x-a@;8p3+gp3ET(zu56;==*Pyxj!~Qj zaY#8<*tVAGezV=B`e!O&hl`bek6&cdJ-@J}U~alH0#gVFya^ZnfhQ7-{lOzAzqgVZ7FN-Jypd;5GZD+K3d!_1e=srSv@=A4 zzgHwS<*9<&O_hgIa$!*H$~E z9|I?=rqLrewIU4Qv0eNABy3 zHEid9z||1jW}2Emg~N**M(-{EW|Kp%ZzVv9lDxd5P0A>+>YYB}I*wh*M@ddYWXA7( zqOw1qok5MTDJV+**5Je~xx^2#tK#h%mY*XK@;u!c?)Z;k2zS150>IA8jS$Sswn@L! zF7T@7y3!#ctz9l~iSsZ(uz+G=_;Pl21dfl@^ZHXwb{ZcM3Kz+k_f%}2#{4r1H%W36 z3ub0^=mYV|NopuT^qLW9FJ~$|mO*|g$5URytH()j?!#!>&)a(eSDO0bP~Lredrh|) zg`X#BPs`x4TibbA*{FzM7`c2?8ymW)q{v9DHe?#KuFH{U=cU^;m4&TBQx`M$FuZa(35j( zC)xE&zw{WfAFtI|^=@7HymS`+z{HT}HfsAgw7YBcG)NW%MIuC}=Iy4jc`#ptEmua( zu99VKZo&Bc;5`@Ox#EhLk%5)bTq#fdJ`@~>KWdjfyEogmv~=C+Y+7*GQf_5)&!_18 zZ60@L$L6t?ttNT(^lrwulR)%_an4%U5Ak!^zt`Tm98+4B4gH~SFDTKJ;08!B9IeU0f&gp8=XU*}IQzZo^muLHtAYzv z%AWWqAgc$Jd70c7cq9ax2e=_iUieyFG+oB1OJ067pUHlE>LuwDk&GYcb!6Jya%Hel z4JK3z2Jv{2;jP^WCa#t~%r^F+&!Qnon{(>0nbC|hST474J#8=i|eHi2X= zaSVEn930XQBaqQ{I zPfY5;>aLQHP_2lPUfG+`*Fg9yd(OA`E*Amgh#B>!@M=d<=aU;>cF7|oPdK=U%(`=_ z@~-v*nR9;?DgTmBuK&8BkzyRr{?;C3;H|LNpNS&vc|sCs8NdI8={8WhlaLXCr>!pi zDF=QRUqa1URy8kDQ_|d#$;88gr4molM(R_b0G(tm_r-8a{r9I?r8HmD?jq!eIZ6symK6poA z4LT)pDv|vywpx9o?*7i;EWFdo+6RtkIln;Rgo_>#Fa5pNXA%o!V{OqvBW<;wTl9Up zPj`Zs_ohF{x7y`H-LFg~X|wI72t0~04iB5LBqY!(x=Y}d!PYn#@86`21-V~Q_y{tt z{&!n7==}P8>k2mX#EN+cncHzm#8N@x`@1NX?8_ENEKj*e$i>LwJuvmD)0P+xL%kr) z%3_9YE#BU|^!^4=>u_-|0z}1(VPe+n$}N&3QI(X;e*WGWrIy%zl=f~PAy)a_#9<3& zl5liy?ry2A({59z^9!`_&deN)`mwm^UHaKqqf-YCCMk^s!_RVUQGgSrdbYw}M~6Xe zXN>SJ?-gfh8FJdOzK%3@;qt(JeZ9Yae;>umpDdzpXd*Gy)7mai`) z($Y)SChcF^O<|y|?0$!n11|q!qsGsluNE(NM$U3Y^a8T^3tZWBC>Z$_HF3GQrRK4- zc*U&`O6<+2f5W-E15&(OT3W%LN&NLI4z~1p1?4iT1ztXt?3VeOS;4A0l>@)W(NZ&hD2~y1I_taQ;CK5&)OT`@yodjC z%quQvSpKs&0it%qymcCk(%~nROTz4*?iTisgfIFgRh$s`P7nS)USTTBeatn`qrSaxs-H6xcfSz5z)r&IQ88A2WR5Fu-!H=;0n} zs50k%Me+@@nW*zAk}k3@Z4QjZ9dG4oN6{^nC7s&}PoOu#{4CvB-hU=C=z05*K3anS z&X?miW(eiMwp0jQ%AmtOdD_Yes#M`qyNK#Kt_=6C6a!;;mbRQM*|of?wIJ+$SOUSb zw2W#ZMxLMc&88EB&87@r1qQGMt3?{FZ@|_{?Q7$WZI(H@DS29H+oGz#>|bnG)lkag zodHM5IggY0@Ovfvdu0RHJxa>sAA0D_eH%TUl&4 z{&}c?d;aY%evjO&m|ZgdbuwL4U;?))o<*97jw8<w?oJ^cnMN8x{BFSb7(?)--fpl+z>-*pd#2|~l2sTnj|@s5o0ACcg1=^YQT=($x4t4!L$oOrXf1wr+TQ z;dE-FLA!hQR-&W${#`x|UEQemk@AclP&;VxHvWHHop(H2@B9Dl6{}R#rd4XUwDwjy zsj9uzCWxA~S14*1wMU0m>=ApWcI_g>NNgp<-u%w{v%ZhV@BD+1+|EhPec#u0y{^~O zy1)PC&+ZNCTR;rB+swUoOSH%gPYIip#GdY8);O z&x`V+(nTlOlh}vt)*OU)wmyDbN=^0CaNyf4t9cmRBOm}YbyQZ?>TQ;<2mF~5D#d#U z$1-oCV&kqr#&A#1$3qPORpN3p<}X_UK_E8luha##a_}{34MKo$Gx&8}CK`7gMfai? zkkwvprPRU;DadRm=_MqkG&=U0ND$SEO@#)h) z{vC4MxB9O}l%(kP9~q8cV)MMJR^Gf-M%?)yLK(k~XfNOQDe}I5zF~r&eXTA4B1`=q z{DuN#f6m+X&%ax}9NvV3j`x8w(GDqo_lZ;RKl>fmS zls>#Q@DRubzOc2DDaj-U^13r;eHzk6#BhBT4c47FlS2`x_{|LQTM_DaV_s%RJhSOH zuPZD#S6x~QdGc;|^ej3rjyza-R6D$5fS=%)I&RSVNt-$Ii<8jg4Qh1f%eiLv-=0t2 zh#k~)h6?&F)fdJf4jmQ5w^BZA(S0<_qJIB~%j~06W-8TB$6q1~tx^e*tPWKV%~&b| z;d@yPpm~|1r|slo?HT&Mhteg2Q7!}6ZoP_nA{`HHU5pV!XbNMk%u5{xcb|#_&)(+= zko?7?r?Vd$()NjowF3#wm8i~#9b8aL`fPD0dR(EF%LPfV+a~YjvTP*=HT1rO)%-be zqmsFWKDz(xoL|NEfiCzdeurahxV2S#dF`7dfS;+e8xP zl(L0{0&lF)tSKDSjBQXoU!;Y-NV)AqSKW{f-I#t!3nv!|>hfVwAS{Ia<0s}|TY%+XG!K;6z&?WU%WpYxID*3 z^WWsauVw+=Sqifq%Ie%;)rKpWSt+xHu>qob7`tPYpwFtMjG zfoG2DHm(kd(gEvgDB?wEzvQb92QD_hn!bv2V4a`>pk#LJ{SE3Pohn*$fJH2j5_7I*uowmFXh`9^9@x?U5pSVtx*27 zt7Vkx8yt~ldNBcOP-PV|(>5X<)hdV+7-CZV!O>N0OO6~#oR})m^Gk|i$2{>~QZ@xB zhTD;rQEi8m=RWns6O0&FxINvAzfYefTgvl4xv^?08fZl?66GI>jeGN4DR6 z?d9q$)wx>cPTYMA{8tvx^!z} zS0E27Z}-(f^l3w{jJuX-eW8^9=ZJ^Qyu-S79Fbr6F_mWczYqG7)XWD1fA;lzNE11G z&J(MsC$@b41{0!Wu)lLwM!W~ITGOn6(l(#aHhY@xxh1e^N&XD*AL?X0x7-AT7k40r zWErH&dn>~!La$f6hVtif3eG5x?RS2dGfGD7s#yp%*OLb|kOLkMM~Z=>B1X9Mn@&CJ z2Q7*&@r%1=+3kS>^$hmqIA$<%k-?=?{NZiFdib52N!&Nin)1KDW^m=E0F-xUnx2HB zKZHYLh)OGmYdbUeP!FjySe_StSGcK%DmpVWExD3ZDWp-&XP%cQQ1S;I>8hzQ`(8T5 z{^6Za>#z6TC9iR8$5V_;eIy2)H_k{ac1lQgzj#3r;MHNeIbTptQvqr5UtUV`@Z?AX zAmL06`Tx?5-6Y8=OztjxU%%d4G`>~NtfBE;>6KrjO_xyg0O`-4)gG=1{I`pE`G(A8 zB|26z-}^V3I%VBAFJJ!s!ph-k;O&>LWnaf*?;2~z+l}5n>6XGYZer|}Qnp4X?w)=r zP}#BYCDbpEM7siHZhoby)L%=lIbiM$-R5t0lQU(Hq!ajCmkQDTl8%l5g^MINKu2e& zJtWt?zgJsHlXh+=u9bhoyC?pHozCE$d{eR`OQgG3O0xLAy|qqZt^f_$Bc+$Vl8?xY zjEu*Boo5e>jG#R1ZGLZ^+;=Rn7eV$k%rSm@T`qO|FW+59+U7qrH)ppiPlx+PjUR2? z&N~zk{`j~p&h9GUWRclwNnXL-7cU<~j;pv_; zP+ePXk|Z;B2RhP|TytMs=$*v&tu}9~w`ulrGxQDZURV1pjJoF> z=Ugwmxqpk=Z-;|~;z&^E)8l7p0w&3}eZan+$xS%jtN&_o(6!m$`#8PY{V07=fxmBh zPCA-{AI|76(kE%g%UsMH!;ppQBGXSKQ7JrDlxS0Gm0+bO3T5$(&YP0Cb0a*%Kd<3< z$b;+m?C?IRES3w=5ga&KTrgN`l$9aQIjLv74*!M@qicGFBvv~L)dD_$z6+{1Ii-aA z$=&*X2g7Sgoy}Yb5|;A=oiH+F2w~Cv26qcZC2Q=XEN8;^?U7u75X zPMWY%U=D7!Pi@+?)S$??Kc4|COg6j z2Om(CFkZ0a>lsabNeE_cXWj`}nJ5^6e$)xjHm8VZ+2SX*E?$|}r)jHYi2=1gfVEY5 zj1}Z3KD$=+kyBfnb7=Fu6?qACJ+_5eaD~7*z|TuWYTUar-vN8|6C0>+dAab#qL%N` zqaSW@mxuL**#g1OvlBB3;rePS0+0sMqh`ADRyVyLS&fk7kCBqT*U6fhyBiY~hqOOR z$P8{vu*Oga;qz|g-E4(j%M6M8nP8aRI+a?fqeN#Oi%s`|3m0lA(!eTCveE&VTTG2E zjnqnhfJMI9c(WzHzUbOk9F0d+0WTfHlE|`u8KtO2_+2&nbb__=_Mc=~(tJGgVHML2 z0rw^00wFU*($IOqId8VUgZ!n_^V3xRh?V%^av47ut6HXiM5L1@YAv zo2G-(r4f3uRrtOB*GLd$OF7Y81y1v1SJWZ?E#LW9VM86Of)!^o=$Rn9EFBOEWiOAs zyM#ji@Pat&4lBRiP3rIdkKq&W#af+_g5~^VbeJ;g1>e%U!ON~At+g$^Gggk58H0zv z-fp!qXPvJ2+LmIt@*m#LI)51 z@}dZBKO6|es{q(T5aFwpSyNN$zP_dFvLC&I90mr+(|t+4_iG$Y-;2Kx$8**7i67yr z7Zi3$W_=do(xt`+*qcPY%SvYS*Yk=Fb;rIjTZ2GM0FST)qJQ~JzNN>byAG|}s53@B zz^FTi-DP?1TD|;MPheUab$wX~Gs^+=>k-#@?u$va#LwLkR(YRi_FrQoJ0U+rL(ahP z%z)+F)JH_mBx5)I*Gk`-Yf(Xr$XZ7yc$Z4|EbORi4wMb@NPPz;m30V?auJr2sH^(g z?qcqErme7|g$SR&!t{%=bzYZ;%mvU4z1^my*VDP{yq$s07&nWW`#%0$@@-s_uC$~f z#3O&GcP5SWl-$^bg~AS=L!ET_Z|~<GE4E(rZH7Bo;LyDq-ppzR<>%CQM$Gz=EDc-uc286+KD+k@|`1@{;}y zptbD@wjl?6#c`|Z{>7UtEF)Wf1-*E3J7Yp%6=Q2}FJXF$<(ie8#@b8?X&d1ys++4u zCx_3oG`HUsu$+}I0YVt8OqI{6A|;#MssNK3M_RwJt-zlgES zw7T8%zQaW1i#=}Ft#cWQo}um#E|XAGV{ zKN#KsFq&3YoC$M$5|Zmu%yu3*fMHKN^L+fii!VxWx$AASQ_XnkQ`WLARti+bFkr)JG4SA%ln-ldgvZ10UMf|@c~R#wb`BZy4t>SU|dUfdeqLrbfLJ7HmM zym~*nUDx2t1yJp<3ql54hx2|y7g5)i9ShCPYzD-`y%d2y@}wTqd4nsBkC#^^8wH(f z&d$rrn^|3$u!h5QUxa90)t2J1NAU(U-k!G8cwhTQtaZZL*$Nm8P?Plgd?a~!Q4x2U zn7kE6*Ocg@Xgh?;+p$PVD~-UGIBTuE$RRDZ^4axlnUsO-pMf&+?9*b37B%8_e5Tq?ffn?5L< z_dRyr7LT&$qq}AZX=OPHu~vB=f_B2-7{R?jqUcJ9{$-8wE0Z67#u~S08>ksHg0;6J zn}rR{sF*YJ{R!q3NnahQ+}5}Cu|#!B%JgZQTX8v=@>AT&!4Dh@pWvX%?qnB5Q9QwY zzpxgn6NOP4Zz%|SR2+F`Upt4U%@d*m$r{U4`~;=Xu!Bn@v$p4Q5|o_AVO7(CSM!+i)X*WwxHdmHvXT zsmpZEyR1u1gVx5TvrrtArxd_xJ_Bk~w9$K0?%nz7$WUA24kK0n=gP~6(h%#91y`hJ)p5+{ zQ4ok>DyZRo0Zx8~fc;1KToEpC$9v}2eT#bLG%?~=x20yqRN6H8ZVm(q+zYd1N@U8k z!Ct zAOF^Qh&&i|RVbju$jPlWsV7~s#13h}Ct1@H?_b6^^!0%kx2Vhp=$*5^3yRVf7jGea zAIy5ClZNEICp+4zoN9FA3OH^8(;L;fy3Rb(2cSL0Aka>DaWN`weBLz`*B+(=`j%|= zhVkOB0T@B}0}vQrnxU$?h*kl|&r1A=?r+=R@2zhhuRiy0I*hAa--tf=#yNZvI+Fo7 zDzD|@A61KpB)Pv9-gI`Zc7}whY%;%jqhwmD_+V7Em^Mm}Gq>NHMMz{YjmWornT+o(lS`My});*Y=tD$b8x&_74Q;)_0>R0VI=G{a@D%~vF z7CL9K7ywJZ#o;d{&W6?p3`Ywxk#9->Gs_;e9ePjmP|JtGcru<5@|~Q@5DH~g_CMf{ zKl>#Kp8QqA-ryFwq1Zwdz!*W%IY38?T#>vLZAB*9^MfiFB+Ir4)0{}6if9S1xE7}N zM#}LQ1m9XT)lQ>fSy|HUIP92vAz~VYaAr}=fp^ZK^@JJ8ot$U==bGFMIiRBVK}oISEtTlyO}hh#ZB zV*vO@#tTtHbEl4ZoASfd9#)JFF|}j|j0`kG6Q`__so9^H+86QWwe45bW0u{5o``d7 zE1|Gu1A$GEvX-E)s!Q`9G6Q2s-ts#r>{XuWhy?QHarV?YK)`xso4=pLk$SqNA z?LCxV8rrj{ZNF7G-nrOj#2*fKHd3+q*LosN__3x6C)U}N!MCsSHGhwyX->ZQYpFHG z&2?Hw{N{zTvPt~~T?-9@wQzsy0=0AKd_-ZL7tzQz0)_Aq33@7M@NeB!V=oJf=9X5F z$jH2t#7SP$+j8_$B?~^Ux!$>n3<)M`md`9c*1d-SiTWN5n z4bP}^AjFDC`Vf}-AG=V%ff%q55B$y=8_SG)Z^?XMZ#x*!q(~($!6PNL=V5KVHQ{4# zY+}Oe$x=Fyj-74j9nQ$8gt7Lde7cby@X`dZBa$EcX zLg*?&;Y(MSin}{6)bmi#w4VO_-QP_S2V!uQfN*vtpVo`O7QH#ptFT5pnpuB0Pr|HR zPEfyAm+6uHUpaM~vWE|UdE=fLq{G;eDwDIOAfKV`2x226Nmq&}FXW|ZNyq4^^y4+5?!ChXYivP;yM$r4*`h!d%Eu z`w&-$o0Ucn2#X>vS?0lO!{}PZN?pR%cU|!<_$x7i$_Lm0P45T)zFT~-1N+>1i|^Rng#Qgl6}En8?o6I5{7P&8L#1^xj&E3^$e8Q zr3t+Z@>?gu*!n1;PiTC5;3Vr&Wv|b>aADaup_<@&8dYd}F|v!D;HYEuTgAPF$*FmA zF-};ktAk^0Ogk|$@s^v4s2dL>*~a6?b|!Y5y6LL=Kg!FTBi^JJlyMF{M7?LUbi5%f zkQeYS_C&Y0FY;!dNO?6Ktwn^hL1;$y`*Ewa73iC=juDZVBCy@eGGpt=DMqzACss~2 zT9!n1ldPb8N-&cwT;HhS-a|H_lmOKHlq>VcUjeix6zrJiA%zUS>#iruPVih1^d}Rm ziKR`X#S{$e;KJ9qlK&hk)bpvvf0P>ncSp5=1sG6-};Lya2V z*Z`^=LYgM{nAq}il(B)mRoLktG{}DF*HJbA&8;8?kK7YQ2)2*E)+c+BX4)37;Qzhu z_s{2A2!g)=34({dqM}Eas7~VNcQPHFtp!a@=z#-d*v&co^85}DI++3P*GykiXTfzM zDoCYS!wP$mE-e3$3D}MO+_{<5@NVzxVeDw6&a3Q-eLraeQzOTMo=RY0!R#7xag`AT zoL1%RBLmGI{{34Lud3h43}`U6Pd1*TnjR|5ltjl~@ys?-ZAx9t9I_VN z^LVP}cjz<<0W8FzP*KW%Ed5{Gb3v4-af9>+9!n9A=_BPV(XJr1Q)2z;QhD;d{`N;_ zYG86-g(Rh*CqyHoY?-e&H3sO~pGr0R-HexdOmsWNUA9#9^SBk)2hU?9)NT1i7-<*f zPXRE|QN73?_aB_1k{uh)h@3G-?6$4ckFd?qE|_+zwbe{6;O#HHCF{cE#bKCQ7Z>Yt zo=_K5&M%<z^kG8OAtR#Z01+e@-ReHq6PzNbWn1>8MS-={B)Qn;kXuqGCTnkA>G^ zf}hLSO~vv?(&_S^iVMphpp$lJlJiFs)y`x`G}&g;(o)HDsQc@isRBz@uWtzV*S5}a zRZud`%hAqp{5EB>WR^Bd@^HIOtbLR@EzBsMUvg_t$E7NMJIMF^Cg8S!&1Hcsd46P3 zljcaGROX{jjBo$x2M~UTvbc=2dV9kPXP+8+TB2M-SvdEz9YU54y^{tb&J`)l2B8Nv zdRZK-m6TTC6%~ES`+q^Dn9n!M#&67}^InNczi}%#a0vhInm)%)3ql;x!CD`hgjlN; z(ZzW1C=GT`q@ytbDL~ZIFoh*1=v{3xa%U$D=J@k499!)*-;9X%yw|C{!zR;QH_xfw50xqcjn1wZhpnFx9E{jk@ zE)yd%_a%~a_5WCNKYrZV*tqrfa(;fDGkAUEF!ha)pyf*cv?E$IJ;$YE460Y1!jGLW zSgX?ntn&>DY52?=-n!66aaC1WZj5cz0lu@Y4R;xS{49^cp^MC?z4!px0$`n!hfMWY z8|Y81a7w-O_eBwnRg&}`Z^L{RYJ;0h!4RX$x2tFwCTw&XvXJHq;LSQ`{%y?|xOy2_ z^x=0ZFk)}g`gu2poUpE(JY>P5+z^=Rrm3vTOzZ0T2$m# z0KzIf?nyVoXIdPz<=1kwA4*)|ws0`C_UxIqnG3pSqlQu#;a2yIbG3>J?=Uf;pCQfe zxsA&SGAT6rK5TE@4(*zcB$G>PZ2Dr-GeQqQZmnCBZh+>10nxs##O+qql`g;~TTS_w zhy4TATakfl*l%_DOROYMDx88tUrQ-b`yj87_*dm7D@IYsPBOp<@)vcP5~!(wcR=(n zIf$XnIos)lb1vK~lCyF(izac2UC_QPDb-`e1+%^fYbZAEe^ z)|YmxTB_ZF7T*Apc&YErX#GXHV%rtWNf$=;cTC?7?{Gx;yh7$yBZSi#sm6F}NwSv) z{nn}i(=sj3-5f}U9;!GikdU3?gLc&{dpjFnwGozcCA6N+dof@`YZFtPHeGgL2DF_= zYT$l%xzfGmv2RIYBfv?<5d#+fC&JUtp>qHRxf3>SAQEAiMhYL`zLWC|KD-#R!UT1W zJM5q(&vvPze00PW8tQEs5k34WD4%YfjO>=ur;W;xe7QfllbrCc(`cXYo`mR^ z92uVxY{?L#=R^0s=sycnJYRow5aEhUY0mvg(W01ut_qpE1Sf8702RHMr~({SGlFYg zP73x+*v>==@d~+yi6#kET;HsGUfz+fnVEFcZ7C|lvw_CkpG!1191|Cx$2|h_r$w?o zDQG}%3l4|Yt|ZE=wj?dXmPy#)1P{GcJ=i`{Ke(zCcRDTS2!-d2lINr}AI*EoxTt2l zC>nGx7MkSlG9-W(PtI^$gs<%h&b)0YLKFI58ItC6XiPuvEB~(+;PNHluh#emKclkAXwAvy zXK5=_B3yZB;ac4nJg-30BZ~e-%JOUy(8{@+C7S;4*0d>6ZYS~)Yk7ETEhmfVQHqba zxwL3`>Gz{FXHHU7my>SxeUaV^Vzgr0#mXU1+bQ(q{>38msKU`yTYSybMvd~{)xmMM z@Bvbv1rAC^I@-=yu}+EM$5N-;5C_M~;s(nFDL%fTS8|;(v4Dx9$Sq*kAmXJKYFgzpG3x+DWN!d0Nkg(V z>w7$xWE+>3Nd-4hb1jRL0B91;?++Y2*M`^{&Rs#z_<2#MYv0l_MM|{~kO4PGfKtWK zP_M7RBd@cGtS@G(3dbnJ`#c>)%VN!zJ-QYP%bP$Q5=8CeiE1@zo9~=eTsW9fOtG^@ z1AK+w{5jpg)qRWcH1t9aDW1fxi5TwwtOXLt?&i>X9(vlf$quQyj-*&{%f(NZkRr{;Q^KibzA+^>IM+)6k45l(CmotbnopC(eRUdLT|p?A#>oEb{V-f?<1pp z6gDK@yxxQKtG%U49aQO7CU>}%!)63>E&mJKq`ulSpj*rCE@$t{@ZY>3!Xs)!di*3K zG?ux!?@Jm8JmeWQxfU|^?&KG%?=?fS&-~Dw(wy_!#lqjn)QQB;>`vAvkIr%6TM^x0 zlz~0Zui61_ct{4#c9)tt+46T(gAJ6#J2&hw3d^{g_(@}#kx=PA2{RkU-VKQ`8~Nk1 zR+&+jCdWbks=Z-fJD2W}dI4^er^=$8DE&@5Fxe2v#j85k#bE{C<=^k=)|Kd5iAdsZ zK2rpwJj@*0dag^vrl{6qll#6?H%_iLp_pdP^(0K_;G>GdRit%Nq36B6njX(1qZQOt zf~p?R&Gb+to8KVd>qypQHFb^;HiuoVL4?;lAJ<(2`v=uezICuS$GPEiPk1DlbR^Wu z@5n#+7`wUPv!5?NReZn~i5R@v2mjp$;?0V$^kd_u zI5~#y1TUyYT^3Ld!{H+B(hDm6r!`i@@+aIE<4Q(MbAaBr{CXyg!2~huOSDra3fj8~ zHkP*kUT=!nvd;}|miOJNeA@0=gS7%$tk64CWz&I1Mu=-<=<0?sf*Rop12LBr&UeM) zac=0{eUvqLuOSI*CG9~rAH-H%jA6{Hzd8 z7Hq_%TtO8l)=cn9QRZq%PEKU@=%3L)C*H4(iU04`90N5B-ap&a)+VsHs?w`TU|Taz zKAx}M2TWfj`J!X1_t!EXB^5VR^8h57b0gpDz^q#Z4J@t43Ub2=7ZrM+ILdh5|Py1AR}+o8PW&0<<@XG?n&!h-`SLeF2^ zN%=V(IXy!Q?EJZy{>2^n)y_sf5W_R%IMIEDC$Bhisc#|cuNKjsnI=CMYmbe>K5rt; z3)ltUzC@Cj%xpywQJSObQDJ2wb0cz=Or5QJ3cgSpNHIctqMbgwflO}Gvga9y4q{9~ zR~Fgk3s^4~`rc5icYAcPZnoY4A^c>)74com*Rw_M4~{GByC_KH8qN>VuYbQ3+SR3< zNN6A{{Hy7_=CYWZX4}XW`4oPM=2_jg>)p<-$Yh-O zN1YRr(jHwizO5|VX0&=;iK$X8X7}eeP0XpB`>_X);L=Uk@)v_3=%P5}M-<5yD3 zCWtMd(bn0+9&0?O6&8)^R0CVO?!dTOozHg}g+vH)mTMm@ojQa0g3lv3-o%3PAA)Et zYAnxeoc65L9{_Hc5dpZ!BOynQrksjC3!DsZdw>IRx>cz>h&sjc#+6m+`r$8*J z4=jfM!$xhNk|2Q^Y5;Z2`h4Z`MPj<0%3LEH%pR{EKqU;XfbOMwXL+`7R2(&BPxhpx zhB<@VdjCTY`lmJs^i-T*1z!i9q$pJuyEsqHke&mWF)n~weq~@@*`9^8vKsB-s;lT4 z6czyrmU?InId4P!@t{=c;>HoK;@vk`z|x{H_vnn%gvqPi8hpo8n``Qt-E*yY(x+k; zk#2z?@14jvwt}j$;tf(F1f37AieRHJ#oIzBnUq24`ZNO`vAS=Rc(`Q*ADNnV+&s@} z3(b)e;eGRln1ux~bQJ{Zn4B`9SoBmiSBW%7kA17KiRP$dVF7zm zkqF~G&T2@b0V;dvXJB*a2Zsf&ni#QMTdoy8%Jk>@+;-IF6U zcy*?x?<}WoJ|?i`fAi_CVcXa^F&bf{e273plH;1?&jU@^0Ek`SV6MVZ^?+@{=_0cW zySO=l4__$|$(fjB!IXi-NKo)Fr`(#p-t@_@ojQ;Cq&wcU3vCOzONYko2Ox_I{CeDs zi7v@2c`K%HpB;oC5?zP>Dp)t~R4${m&}|kT?p-DihT$tGU4E(lDW2bcOml^SPTv#%m`^xz=yQt=5nI>cABl%HaX-VCZAHL zWy#1zbX(l=F1LSC`fC|y;=cIra0GKmI3f@L>c000?B8MI2M-hORf{>o;Bz(*c3aV! ziMU7K&_i}B?82rT7JQ8fLe;a#FTu3fG5wKl@+3F~#P3`}hmFwd{j|AmQK?6S+hwrp zvwJ1NVfH>I4n8{OhP5QQji4*+-5+k1{Z?*yHB*dEwC=9;a4_c;`)~UzW^!K!E45S@ zzaKfywFs#?8td#TznQ5(AMmr{Cz+OMv^-!|L(NrUPO{5L8WM&l$ws#%d~IB%t%y zMwT7?*38^>Eg2s{N}$(JQA|C?S3Id0|5X?Dj_u@0`}z07CR_{HN#0|y^OFFjcPkZH zX&#QP>Z%I9(AmQhokY~S^iw#h$pC$d)o#&a4%)cK-eQv)Y9i`DSR6-%w%u@u$SUG*FCx=X{Tsfo7A!p* z$l6F|ImH4xygD&+W>a3sCw(DzUNUIn7FBDDzX-|-xI=GUJ2t&Yr)*uMhg9$-97|C4 zE7bgOgUf!+D!3it;!&5Q1QbKA6`N_d(GKU(+5U<*pK>Yk%$%{KQt`;F9-QIe)2e9Q z>;g-tdIhyRlJ0$fbxv|#b-Fm07H^@BBP9s8O=QB1aN z0-|y87Djj?W1p1J^=Tn+D|9pNs6Vzl<;A8af6b1Xf~OsqEvSP=}+&|??!03jdD ze%Sci&_6Ktj~@+t3o1ud!2lUvi!+!#*RNl6uWeeyi0FEy4R!pq$=ir@UM))aYYLEZ zA}ShJ6(c4FzuVfX87^-sZ1{eMOixdr!|gfOMDJ`PE~h8$aL-@W zC3Xj2BuE%sN|jX518@MeWZMah^r@%?qCc?7d%Cg3+_|UsgG*kSC|cw4a>+oNdUK=F z`sl8ahhpRe7>f4(r1UZot?UUHIHhTc#Anm z^{Oe@K5zn}e@*k^d6i&05{VDKcC*omg&UMAy?PP*a%dFo?Be2Foi{!PDNHC2o+GMZ z%sJ9C^5n`PpoP-l#nf|rVcG@DheV?C@LQ&>YbbOHvipQvHM(Ab-9+7)>w{>t+W)F zNX3G$k8#)5{Pr1fwvj6XNIb9+gS9p&Q;-H3MB2HXO!I3rY)xL^tnO+&&;6}|tPgBPdSzQX7z9Cz}_>K2L z&FD0xjqw)f`CAkM-6>*O@XbV!TQQ}N*p?C>ZCl~;YWZ~6U0+?KEF?NynURyje*LGL1f6LhY-)@fbWv8G5Gt!U`Sl+0+^>xLF`(t6rg;WXI8cAGHw zfERv}{rTxjwAo`D#Ho0G<8RgX26DLB70>p5ogc!mdP>1}@dK0@GSF)U@R7e2f3rIg z>x{@_|8Gb>TM9DV?55|8%-wkxZ12|1`fu+RwM|v2X8nZ@4pc6*K>J>YCV<{MvvvW8 zxTd2EwccVTcD;8G#?KY9C+};;yrp1oHQcHq*A`C_qRnQeC1?Mu$H)s+NDUv!%I*Ic zse_b{hMtpw-1z)m7Gn^c^^=ZzkHb4g-p|pr`es?a-Q@FyO4yuZP)uz82Q)(g=neF#-h zM`gI3vLFy+p4(zLj%f$+0ORrq50kST;B#<>aTJxzRX!gG2XgGvH!17FFKM(*XekvR zO8%P!n&gN^xUdZ?UCR>_6LZbhSs}?3_cMm?0RYjx2T7SudW}FWw(Z&>=B%Hs)cGMjK$HcZa|Q6CQ4u+^0Ek=o?CNRiayEExu~Ll&yzp9GT#>9;2Y zLkM%`%|U|?AH|(%@z(?b&!1jiosl%Iw!4^Wu!|!N%FGhE(6w+w&+N1X`TNTw2I0jJ zrNBctm?-z2<-_#kWK8S%*5$$QHALknLK4Jj)@W1SgZ6dkdtC(&gJ znf$4#_@ZDZraa_CAQ1cJh2!$-rJE+deI)^i@q$YF`o`CcTy6z9hW}MxbYk-L!Y!J> z#c-Uw-$gylnVcNQ{=hFFDZ^3ExNVOK)c^e}O2$SM;GcX+Fb+Q6s@7MiYnTp8XBIPG zn8cr!01B%%F3te@G_i#3fVAYdYwd-%eOFmFgW1?zAU8ODIu1AcfqCqyMt5BKm(m{< zl&Vh7A}4+aKjQQ{RV>=B&sMs-)Vn=bR`g$cH&+~1*&fXdnPovoL%-3 zL`+JY4oyE++xg1@g-T)1e}~}!dykZBHc^lG+TuaBFW0=R9rJaaCz>nC=$Uq^J(DLq zUD;H8R8QfcGlmAA!;12v@XoCwcxK-Qds3BLAWJ7H7CB@4C2bStKc&1=K^m}EEo|ed zM$1ipg|EXFm|)_*Ko7)gywO|@8PC8~4fYwN@k*G8X25o_UsXzgQv1!@j!!?Nc_apN z7bcyDElkNwo3k__kt%k8x0B0$9^NwKqM%w!g2RB_qBA zF8Tcoh6YdXb(adVlD~&l+$BvDj`Xm{;#s7?tp^%Ah6!qg!_E06Hs9@g7NiyV)r!{z1fQ*)+s>;qB%PcnTG*dhb|u9{I< z%hi!N8bO)z(MM+tyDgV5&+N?+I%kgo{2JqzOeG~tL_)kKFdUC05BwmVS%2l_CS%3h z*^u5x-6}!Fn)zdCH_c24_dG21V0tsHla9wCVv$Ttl7s^`!@~pNdV0`WDn5Ght<`+39odQS2fb!n7cA>Ej;z}Tdv&L07piv8)w2G zWaPNoC;JyCz91qy8^c8R>mWE$09KXv;o|ON)!T6W=_AwT6XZbVkT)B94MNzADi}`= z-VQv}ga7h5EQSHZZjf?`;XjOTY}VM=dK%Y2(5=#{F~ne_7kCWSG!HgkZ z=LOyRxue{ZC8hWSA^um!wF}DaVQr+O;Lm5j_)9DVglpCSPjZnuLqq8_#E@OEWZou2 zQdatc+uC;FZO~MinKRSk@pkRLd3~XyUt^qrq)XNH)E`uXLlxB8mmxBf74DRkr_>Vj zLq*p^?69$dKHNY8d{&2Ta+(<#tdD;}nGyc30t63L&L zcU{YX;_I4c`Dlz9#t=)7(O+x+@HrXQ_Rj=kLUNi|SxfpM_kAw`!x!*$gQ&b?pYPiB ztKgY#o+2%E!8;aBb^~mjh z-2C}4C)E~hIVUUUBW7%K&X?)TSyhdb;ovyhsi|2nPyIZA}KhffldB8!{*dY(+CXdm=oO38YJKdEq(?(jYgWH!zX$HJ?d%CbhZxlCQdoH_Kp zCUIdg?7e+NYd6L4C(86h#3Q3FDKehNCKTfI#SyH`#TA)bwa@dPJ;UtL&yldJ+}e&p z(8A}@at;M%brKBs2451t>f{{&p(Gu45YTr!A(}UD{Ni)R*Soy`NeTXOz!!EWp6zIj z0|ym&c;hKI!CfP;!_i}j_g#i+Bh#dsIf&*C?TK;eI#OtLaw&s*w$uSD;IR)m_dqG_ z24%a-HOXRhQeerKgju>@?jMs4A0xHfILL8qY(Sjd%NOIcye7^_V7sV~WctJce@7VMDIK)M+2s!gveFbBIe1B~!<+fx#rI_UK*h zTx*Lo*+R;SsI#vKQHSj+MaO#&g@Oa_;q$VbEbhY+Ixv<$=3FMZbeENl{chrD9A!bl zmv?;6M9_6FsIbFIbjNOl3Ehzr{41jOE?yl4+jrU|f$VZS$PkL>M?@7c;% zy4JY`jSH5B!KkmdcZ9h~!0b*A75(tQK*SbwV&eC2ln{MS6_@K*KyG^HpIZd_O%a%2 zYQOS=LTzl-nMpRbYNn>7>>3?2jeRe?0P6pnJZIlHWhSxTIxAWs!>ei5p?6k5g z8V?hE_6%`hsD=v+)PEq(jt~{7#7~&Apvy_Z5p7SnqQ0m}x3nB_vfuh#U;1xpx{Y8f z*#)Kceez8|x)W!Nf$}hW$tzdMVR_<(vouZU1975-^V~z3XU~q#C-vFxczT%y$3J~h z{fv=;p^#4U=&<8-KWPN=dh~z~!s6o4+pX&2GFhJR@$pP%He{{()2EGB{WmC3vc@Lm zTs|=PHLzD~Oir;jnQ9LascxA=jB7hEoZ+4Er?;1w>iqXy=EtpZTYsxOy7ADjf>k|? zM&?>t2NNFl))`A1o7L83U+#$KQXAxGY1Xdr^Zo*3O3UjW{O$cv>(!V1(_lFVj^k!% zc@lcfY#9I7Bc>OkLwD!)ZH6!H0aD7Yv?>%w?PA9!hYA%HC^hFVB`=v1&;P3hFc!Wo zPA9MU<6d~ov|&B+ogoWl;tixa+o-7A5P5^*=gC?EEj+J^>)69|#^f|kD)J!`y03QA zB7$1I!?kFe@93dV4-GTHE8%8{IFDq@?{wimDM;>A7cCJO5ZT;So_uLew;6H5d+%w? zmC#lMui+<>*te#scR0s9w!k!Q47ztaq*HdE*!BlTvQdGyB=3se>#ak7f}MRWA?c0T zquKcoRrt24OW0u|PpoeG7m*fui6BgUg+4u`JMw=jZiZB4%Rg%~sIK$WREcUx5u=kc zPSWh|UGG>8J3h#~{Gr#kA|$Tv)#WKx^5rAER1QwkJGjxb(xs{I_pd4jhLSVmnh9tA zluW0(Q(ZHcx{TyJE`MqN+lqO5YguBIM?%rj`rpL#tAUn=wSQU~z!Zl0k07$vA1ebC z;rX&`@|^Gk^ZNr00YI*(-e}bPoZ&7YbsUd^kH0d|(c%52@Wu{!8+T9bytl|CnwlH_ zRs90R{VNN58}ypq&&29nWu2``F!5wM?no{(TJrkYv`D%i#d*LU{v-BTO=Z{>p8nq%u^TrU1V|2F11%81uha-F zfk%^Id=wq#zDxJm-9m0CedX`uPYV%agAV!-|D(OK5q)GH`o+GWlK6tqFq=+jfafj? zbjWAZrhjpf8%|Y~OVHCEP^SU>B{-Wp|4+a1Kd=0MN3Z6y{|v%QaZ<1&7!XYENf$Cs zsLq1#)p&X^^q)brXgWh>QT}9&XB|tChX7la)-{esX@=bunohW)yeBX9uK_rfGI9T> z2m5FHwY>V>E$*L(R$tIlM7Uyu&#m%FbN$KZrD?;FiOVoKW;H+!zPMW3_0LB_JY6II zim3TLh1R1^42AA$C bYcg{z5jh){`bvZApIkr-DCgy=#JD0Q3~*MPLYNMd z{Q6t$tZYHlzla^%M*^h&841iQl}O-#;s58!|2y7Q>k$02pS8)Q_HGZp7BF>axC$yF zmj8d8eFapMU-K~COGq~e3ep17jS2`70s_)f(zSHw3Q__R(kh_R-L^>{fy`s#iDQ#2rTywp{= z-%gkeas3J02D|c5kG-}U#s8FWq7<+3&c_#<9l_X&sP#bzFNasae7GbKC{8oK#{YY^ z_m?BCxjexM<;Qj>cRwbfp&hS4>r!~S;ENqd&fxyVoJgl)=&oI@BmG(0fSijEJbgS5 zaE*D{X@@7H%tlv-ll+XCir_IGDfU_f#f6`ZfbX)ZVh^Ul-s}}u|Ia7Y{(3K~0^JDl zc`B=!92PLHqwDtc_1Z2gtfd)0#xT6!2tUc{Hmv)3tp_IANN`Wc=LR5_ii^oQLOm7V zAsJJkBEGFCLd^Uv9m7YCP<_hDyY~dqaGli?Q8zeE7hQBU@YnRDeLM$ zAP@-wR!PIa8u$if{^zWl!otxc_szF0tgJMjJ?n6GddXJ+lVUr=##E?;%_u~QKYO-*&Rwzj$*p886;xN5F^ z(!N>FS6f=*LXJl9x(@J^h;{Dau7Mw(O4ss=i>G~H^*ds|xvN3WNMw9U-H6{FojOkI+S~`^WB`CCv*M)aG@?7;=|4$nmcqfZUkExnI(E2@DBu!2 zNznSuF|0I%ojp})ol!3GmNB#6Ef+9+bJAYU6w(oP4vfR)u2?%U<<@vm%yw3aZ2|}#T_6~C%TeAi?S)A)j)%aG>uq(41q#}`{QtGe_@ zI0z^*iEeGJ836h{-c5mD0{VZh7m|ps2vQ^z|6m7*c6hCjSJT+u-nko}fan*OJ_FA6 z6jegUjUkztodfe{KoXsAC7e{DS?2^-b%o!fUi?MJdC&i zW|ny6^-|9bbg-q5P)EiU4$s1|JWs3(Og6#L_0j6a#zsBc^559)O#ELvQq9*!@jr7` zd=#9+?0N1sQO#Yy(t<=gTNdV%AgHTDejzQj?Axr?`^}u@9AqdI|AD|OGdyZU%X9tC zL?iW#0}xjQWG-;uOgZubYC|5jIL01&1KCQB&Q_S2O;z7=|DMqe;C}PpI_}pX-&u0s zp#kZq+3y6I5XaC3F>U}sO6cE1w4SI_+($$8Kp z5?ldTM}2(mA44Z9XJxg5eJDyt$j{HO+w6NRQLO?D2(pCcD*93fekbXZtS!jyoI5CiA$ zsg$eV`4^@5iNeFfJx|v1MZJHnVjtES@Qjrh4;TZn*!^Zb!0_KKEA6L+=76AS;632F zuDUu&`m{otg@wh8LH{<;sf(GlHF87~aQ;NKs|iUps7c>QpJ@LA<#Ad`iNH`z0NX5v6{PA*mhEx~#2KMp7n zF|N(Df8^93;I2RU>7AXOfC9FiEb#qj`}3|V*%iYa7}C2qc2k1$MZfMEfIyDSzZUVo zTJOG2PPLYu@9y5%F)o8{tEpyYx&Mh`R{7>? zemkd!43+nklk7w@tvdD+CsgGWRnU}LaYN(Oan#wv4y2M@yCvy&>hcGMeWo;3d6T8K z?A6q)mGLDl*aZoR!&PLS+_>>vT$OJ62U*V^`*iuTHPOb!kLhX)ec*2>>HXn`SCR$y z*1rCH)q&%Vm91^S80E8Pc$%@SO7W~pL!r-GK(76UWNmBpGv@ z#j_m?Wh(vEVE?AxD%zj-S0ZjQ;cH;MKZFfaMeAmm! zcm_pbieermbWRHNU1cu9GK{!DUH;2}>(OPrc9o7U4s$9<+oOSqQerFz`!L2cl&6J( zvA!P$wI5wWwI7RW@*6%Ho_9E%GAAP7MpXNaY%@;qRtOl~oQ8Rv!GUG1UI$g;xMQWH z4^28qM}f#sHXci%5NF{{93AMBv$_O*H-+3+7j}J=t|?-yq^lViCPdRBvM#9!>4SmH zbMvPrqZ~&-GWM^OraMMJwigqGoNj6M;OH+X3^N0iu3IU^e?TyG%blj zO&hI#22fcQITUA4pnRx5c=B8~iwbjeC%9fsZZsqABQAaLEnvJgF_N8qP8Bj)As_q2 zj21txu}ga(wF8j7p~@EK{)!S-a!$jghbAdmYELUD*s9FiR?`By+;5S)>1@CM3ks0X zW$+(*g(Yp^&H5i+l5C!~WG`XDTH;xoW-ZdPf8b7>PCFe9C|l&Kfs2-W z?D~ch`^LFxN^)6_(M$V)T~g1@yDuCe-`*n-5YuCqkHz8GjG?0iu#|k&w!>y@H7PIq zs^0@+ilZq1Vv;A!7Sq|sULpt5Imau+ZshehmEr}>Z?4W^D_j!RAGFpE$bKy%ZV6Va zQyxOmtFj^2*4F+oye6<=*_$G3ZEcNO0Q3XXbK9T1tf`jM9IlG?*!@0vnVc-It$kTN zU47*QHqjy->I2WQHAvQc)F^*w zBiH37e~Kk?aqorKH)IK`5{q^_^OiWzfYPQLz#J{kZXQFOz^AJdt>AbL1v#}ix7$ru&Brc*U z;*>zLz7)Z=ndu^3RK{b)k7ZTlziNTPTh5XTN`6CD`VYunx(wEl(_B!$%?vS6$l(M) z4@;CH>{F937s3cqwxR?O$)aLtXqclM$Eq}*N-bbARXG?0$lEzjbQ&7Dj#s;S}fJldKO~ZiVbES6FS~|ww4TcTy0^_jR2IkaIea9;jJ&ayIJqU2w`ig z3eLX&cNRXMgReD8tZ>PlAP57nyjRzQt+GIiSCflp1u0+!UM)!A?-TJ*G&4NGfgOD7 z3Wl!q&=}#Il@~djuYq4b^we+gcp_!lc_CmLBR}$HB<9g>vgv%YvSWiQ+u2v+R>~Ht z`eU>xdVIzcVlD&EHT!@IS0K$>&L`YQ%2yTFgRte;;L4whK!$IBVce+0Gk2+Jt@MxBTUx-2^vuSwXAZIY#~2Q zJB83SenU2byJi+=f9DEqO7SDSt}9T+%ez`yt!n;gfbf`Wa)P5Yp7BS~VBWgLT$t7e z7;mdH(_>f~7+=5gdGSk}@%bK90E;U3@bG*Grl}Sd12gLg-%8@%2xz)>%QP+7D7b?m zBqoM$Zg&Yu+v5BXeSs) z@JBojslVbUc7v1v<5PCZ72|iJ{9-mxKp9nU8n&C8QwM#il^V|Y_6#lvlr!xp<|lL{ z?)-d}uF=I}bwS+qcH$dDZ^lWk#@$C$R{eA-g1A!0T|FKI%_$y@ETMsyOU80CbyehJ zCBnbgQaBNM>osx!IXv>tKnf$B`#WLM;bJW^ikdVj3?ETFo&D(!7*#c2 zzEg++vhbXpmq->~Utd}*z2L0dM3clzG@qOd+nm%fwzaUpA)fd5Syd&-5%{hBolH@5 ze-8!p8lJ%34GDNJrvqpJRwbR>53JzT3_)vnd(>CCad@38wnHy2DUeeBs)ZmOKsdpp zg}X1=m{ReQofBD=*10p;!I*z{cTF>ZlAHj-K+WbPBfa5~T=&=HbXb6)(uTa^*lFJS zF+`W(Dy8 zD8e#UB2SdS7(sJCN?=u5*}&=!x76u+&Tfphw8yl(aYHE{+)VbRU5<<_pw4f z7+_j=n)6$YJx&*S9qa$|y_S|1StA$nr3b>Ptb;jqJ+7uYjaAWqXW+N?A|%s{`AyLLdudW_CfrMsK~oLtPj) zgJ&zs6|z5&uqAW8tEdQHUS^%N`?csE^W(mMSQW2$#7wFb!fEuk9rkY=W>{dGD9JOW z8aI|l09aPO*+LNZJe#g04CwacDMlh6xa9F~Twl>;$tCx@i}Q2;p8&e{nIoB!Id4Zk zZ#Ie({0Q(g4ccNLe>VC{JcC!jg#8~bCFkHQB`qC}Vtx-d2>|%&B>rZj5z=1s5B5L2 z=1Nw6-Piu|Y@&cwss5!wF%IpL5{+GT(=|$iS#dJXePIuPp>C;qHo=6@ehNk5Z>rYt;#uonzyoI>xiLmFgZW^v3Q4v zhezf?e0Zz~Vjrq*fXm%J$jtikt!*6wIIGu9{Qy;V zIj92g^&6KDKkE`axdZH64T=E`$&r|pL=nRv`AAJ|Al0qQJifkO>|rc}VQV)l`7;fY zFN=tKA*`U=0Jz~Y&i=0j<0UW85@rG}&nXLy8{D}$b&9zFcpm1lsuL!{!<0U}wjD2i z4D8MVdNL(_`U?w+i6@}a!} zM>yl<6WU z7uH@t5@Ad(m3Y=@svmNczf{EE?S6Hz#`V8a?D;<>$3NQ9Jd6+Hk+~k;n*B{;BA+P~ zV`^#&K+302IeB?`f!e>iCVy&Z2$bGc&24Bn?XCZ@*pZ;fil_VLx~C_I#N=cF=Y{+H zslBOgi|x_xKY#vw)$qgXFINmjbE5`G>je0WondaQ^rh(p+5k3=qL4*5nbcw30N`x< zNnqpAqem$MR;t(5DF6*ep#pl!h(W=_wU}l`wN!-v*W$vvlYNmR2e|z z($W&wv&xVE8nCLWs&T_`hXYIvbQVP~o`lWlTRLd*+W_G#cv{2(#{GqKSog>$%~UZr zo17ki5G=ZlgP6Zw`->>Qzlil*i-vz7?^g%$f>D2I>i_X$ILZG9LH^QZzq|j_C+y{4 zJF$QNVoi1TFT3vFzkpc&GPV9an-8Yfl==7D*RT9vCiB`n2mcqZ(md+x>)V{EOE@?< z5ZD0h_Y@#k^l-i!FR%ix!40c$+jy#)E+Wg5EM8Ik`Ew)?Di{AK7g*`nKR+?0llD)a zZSWYLob<9ZbauY0nWtj9@FfDX@QTC9uAm-@^W5!XtGm27<<)I*-+K16*g!8Z@``h+ zfOwYXvnAdNtAR{`jn4%IUYDoy16F_^BHGj2*OSl^xf1QU$wu$;^H+N7z4n%W$y~NK!`G3FwOlIii(9BHl$^ORQs}=zb!z}!@ zG5b_n?J(Po&)X=YqcfiBmXVRMf^oguREmEXzt|C50RaBjBCg%*7stO^Gc-yIe-_=p z$pQ?g=Z=!3<(Zl=ScP8iE`P|}DJWNsS#D398}xCI{1FX`a!)LBOS;bKymy8X+CP=U zt2hLInaiYs+r^<66}}Lm&QJQtQnsApC3!uxrzbr)W<1AF0K5~@i>sIwYT%Q@nII@b z@ipyuYG*5_X&hGn@nh zw<+6L4;ri&J!ho-2iL6Gx1*GPfGRPDEoaGZ>_hV@y`>_5|MP1pA$6Yo1K}U`u8g9e?+7aG0~0Q> zxTQmiy*sPT26f^;)C94UCK-r3-S8$1-QS|kw&#xW=8d}GOXR^ZMIf?mDd~>PM1F8H z>8xJKGLwxt{01ppNHd1!rTB=1`fB6{{H5%C5}`)Il19u=H*1|G3U%@BY2q2CYspxP zG&34a;_P>1b72Y(gf9up7M?UtFNgeGvs@J;k!!tmFYYtw@xt#N(lxl@4W_#hK1wVP zt3hwGLc&XAHt?sd@#f0C<$f^Q)`o4)61-FC$e0%@EkP+4bI23iUFMXA3g6J* ziK$!}7}Z^U;nTP0#D1W`t~cS2a|a_GSomOiU;}Es`h93{_a@!>H1S2>l?rbXw426{ErC2f&0$BKzW{b2gf0KpmWJ3@rr1r<7eIuGaac9r z%l{}|Fy2BxXK9{Uk6vohs9G?ql1fg4#$CehNGF~Z)q3Irhs%rnktJn4m0^eh=h^uo z{ID6bPPuU_@sW%dZWKp|(tFd3`?YQqjb?-@nFODnDJGiW=!UR>N*scvFK$aTt!=Ik z-K@1mJ!|VQ8Qn6NKI?&g3qgK$gc?h`y1U&ZtmtTC^re$JAG{Y8K){sXeukBUIeHn4SD}B@*p>7+=^zAbwTI&j zF9OiZA0MqLDaB*R3^1=wV60&&J`S27Hp*JAXXYS7}Xo zM5XDxePV#IX19tqHHEu18`lL5N?;~9J25)Sz(!m& z=UaMM?6Cb{aFj4@!?dT(=#(m=<$|nj#2WeOP}cq)c)!&r8ODu|Z*nDU|ecW4=58;+A8icBa)NlO&V`oDlkK~zApvDfc|D$0V z%|))-BO}E7i+dgnCWJ5ZhRN1jb~7d<8FnQ$K5;uPDfAMJ2qv zzTmVuw+Px?#DxFR_8#)hipgHkAhjpV$kP;kMvRh!jZmYF#(Ci`5V;YSAjh`8-;i@b zwOI(U6JWI|c520Onaz2H43|_-477IR^C#Q14h+f1TH^Z$7UKmKuhx(6q$cxO+D2gK zHo$_PlELU7V);H$;#&JztR4Wuu9&y)k}v_!Ff?3?WQGr2N&v506RBWpGLO633AsBy z4x2p(p(w2QZ=DP2Zi3my_gV<^lt<*bjG;!7;k+L?M1C)Ut0{pE8ylMxVMn8D`<5jFFyumbhjCI#Lrt!a*GH6#SsI^qy2-t> zd2ujV;ql@C5Szu)8PoWNL3qqqpB~j(;LZR6`u=F%{G|=3?u?KI79M&Bar&4ZnLPBN zqBwhq3XwUB;uj`8j0hL@&p5`553CL);i}^aA$F7>^qGdSCK);{<>9=qLxF23PGE&B zeDWU~<|Iz(k*h}M--_D`wez5oj+C>SHYZ{2X3`@`@~3w#nR1;)7+6lhoXsnk`DkNh zZ=yz!u|C>6W$%d%s57yWVog_n;3-iJ9;X^I@ACLXfXiKnN>)Pq=-n)-69m}ma{^y6b{|$ zvB{|=e6G~rdkE(Ikj6agRehm#Cov}Mokp_gL69%uYgUj?ti&!(flkTob+;wR!oqV7 z4vxRKJ-u1dSpxwVdn*Qf+^H&0fWza~tE&h_Kz$6sd)&g+!XMOKAJ2qm7SA zl^wx%_=g3LP60!DJl{Ykhf_U=)fB3m;w671L@8^_R#{C_Z0%9zF|-%dtRkK+f>P3m ztL6~u)?j+6w7MQNbTdU4U-&WPl%kFPmB|d5;!}`ZtstXQpS#?~T~9Odvm-Z8Yqk+# z8CM0I^q7M1umnUgCUW~0pY3h3Q5gxZRPT4hIGfg?iwg3P@01>`w5O(O=z`UBj9>V zP}3LwroyzFOfkCozKIZ?Y!{f6ZUTM4G2BYHt^M4o5|@8+@UF)*`Wb%Gr@Ucr@Uv}v zam=6={e9Yzf#x?T)IhG^KMBKiNjIlJj}>w(U8E0bW$QuJn|Ox`N;fD}gO`R8(SC>- zLu=Czu^OM*`JxVZl`sNQ0^^+zZUPNXVSZv&VF1uu|uI;eTbxu3{DLyP8Z1zm&UZoGH z;Ggx;97(r;-gCkaw;}VFRICr>^T-djf*FfK*o0b>LUJzNVKmwriBNjXe(N~r*BxL6 zPNGVRi;D+u{n?RPSXd;!c|%@L0I1>M>$5r+Yq-rb72wQ@g!vKVsoeRNom*6_ot zyC@PaU$Z}mVCa~oceRpO1QGbPBxDjLy3+xd>NhT0tl(i=Im0$w?n3C}2|;=C$Yt51 z8XfrZ8dCqT4SPE<-kDgLk1wbWr!y?MfmXQf(if|_1@-OJKmlZMvbGu3zmmlAoD9gi zD&n0M(QPj(k*3Pquv%I+ zy~cXl?bMNhb4!yQQ(Ya#{_}~?gXbQT;E7T;jPz6c(v^d?(*{f-``{Kon&v|roIL2H zA2=5_p-%)o9D`vygb&Q3M-U_uj_t&1ta{Ek(-|3H2keo0N(E&7EC#{v)26=&8$S&9 z@*m$|RzEHF$P~83irIp6_+uHLdrWwd3(e``@9AM`hl`C5&mUSt5ZlOtuf*mcDOz)W+_7}fOQ!XB{M z9%c>aI$5aZc=arDJ(G`!Z4}y@s%}6ToHcpTd{3OrRXo^^_H0-C2ugF*l|*d7{Yb`* zdPH09ff7!}fjLx4wK_cR$2L~2nQBT0IuGN8y#&U*H_gTFoe5Wok=KvH7mIm9;?EY} zi_%DMGDD_`XMed@cT6MaR?#DyT1K*uf9|EY=E2 z+_G=VPV4b{Z&H~DFE%Yf`GQwcN!x~!OxDK zJtdf>P7xq%A3qQ~%kczkl)q$%lFr|Ude-LM9!ITRTA|r@s1>zem z&kgY7wqRPsp)?M?VX2dpx+|h@{WcV`(i-oD%-v~iX{17n2a1J^yTi(JW!{ZrS$o0Y2R{i7qgMIN>c|v>jC6_Sy+s)>iUP5d zVUCgnuP9ynjg@Yr5%C6#C&6?APy+TlW-msB*1vb1a>1= z_rSMW39^d@!>%s6tZx|ksR9b-+8X_>Xnr1$?my$%-D3~76K|{{9c!dROa7s|>T=v) zS8C_YIK7m;Pu5sUVl;*O0Jqke&Uc-m){5K@8)Z@50R6C8AoTcR6MJxs{Gi5Ee5M&= zf!xn-T&>Psw}v`%mM+HH7v#GegCF8!^(D}y)=%{8#CgJv;6O06zdo%R>epk^TlvaP z2UoyhTS4Pat+Uun11orVc9s||IGT;gCPde52R$%vZ14`19MjMCR6e)%TkWx^x$2|i ze&AZi3l7Op{=)uDDikRv2HnEoK5^Q775{*30Hq;;hRxW?H z#>Zr%c#yh2S0L0bf3%Hlr=IW3=OJ2TN9%e6lNl{d-pk|_P z0v{wG4y8~S{dg(eJER8UBq3K;;CWn^3Vh_#d|vL?t9yoe^~aCttEzqzvGebn-=Eb9 zub5_WC7VKmk7b+^!wiVP)or$pZPF6hY7PXmR<@k*?Xc4Ir;7XJ^(wIbCgg5EF+tHC zNCRc7q4JtIlh-q}hojKQx>6JL!Xn5R&qNg?Aw&2bVWa2M%3aX11Y~zVaVzKJw#UP! zOXaUH4pm>tHWE+_giTw9**6U3_^d9YJB?Qs6z12kMwNuDxiO=pM`u@orlzysoy?@Q zFESJ0#dXQ*h?`F_>$z3WamMdhHXL(%9vAs$SJ2H>kj>S_HN#r+b4|vyJXg{OqYpjt zH>GiXh(cqaKh~A)e7Ga!UU(m?c;+&Q)tjC>c)AJCJX4roVM51_4cl%}NRxlz_BDzR zyLiH6U~70b@({Xl3jMtMyw;U)rY!2J=dandHyrdZY8->_Z4@sY@#M0Fel(uMT;n36 zY=d?oxAjeja)Vbxa>f_2=)O-W}Y=(lxIAG{$JKOc{}zzSkn-44vamh%`gN4p&z zu9U#Ufqmj-{Fs&$tyPj*#04!TBk)HE6-uTj`jw8<3gf9sBWlf?Ep@r`MVUvU{UdGl z7zD-XCgI}4woN@gn=|rlANFN;3~qb%0J4~S5I?PCXmBc@naySYK$KD`m_wqBdDBeh zK5?$;4r1^QO|}Fkuvyc$bX_Yw(%vo^xIBFFj9}^bRGd=Qibl-mMA+Avgewhir4m+$F3&9zB1289S(F`ptk^m9iWSs|X2-1UppXuP z3CouS_4H6X&h!cA<8L_`EZwb$Mc^dp;*=d6Bk4>fre?V;1LNR7tgEQ$`G6RSAU2X{vc5g7;8ej5 zp7HC5&N;OMoRYx!z^-9{A#{|}^rr~>=U`8bl6oF;o?bb5v(-ma3Al%v9H?uWPS5vp z2k>PSi0G_w5Xv~SuV|-Xb@fAbTjWY@jj7BSXJ5jd2;Dcs7a@r7wRE3ejn%xfhmv;U z7`eyrm2&FPmJ0(`1Mj;bQZ)ijjUmlqWkapRJJWXuVsfilWY z-vgDx9*5)(pXg1gOJ578-wNb|zrbHNjo$i^9ZX{iDBO|#SmHge5OZIV4Mfn#%7NX= z1Sug&?k`@5(mpS844l8P)GgNH!JBnz7}9CpqSkw17Zg5*-1_8xw8scp`W)U92Irw> z8r{Io4{4!RtdZ4Wp_8N$W8V?EA@{zIo>?TVKU1xHP z>dzUhr)dIgBP}&?MjR&SlYl_tLtP(uQB%&TqYh2`c5D1tO%H&t3Exh`&Halh zmKq#l8Qn0^*-W&SP_P4C2WJ?dV|50#>@xPZqKXkS9j&90a(q(LsFL~c`{;J!IMcDM z7YPX8N)Jf3HxC|B)xq}Qonsp^O4&Z$k5t10pz!tU?caJnxIX@8)mbLsRysH4BHC%* zt$2d#d1cbE0A&7i5k2P~nZReyrBWpB;m0$d3f?J0-b)Sas^YV_q3)b2>pD0`5?tJ5 z$o0Zkw9C`Kfpc@j`yp9%bUH*eJZJ zL9S+CxWm7$bpO_y*1jING-a66il$>LqMexC-;JoTndqXU!s*cWsMEgGg-2@^1&}1l zE~YplcqX1)xj5{)8{GHKR|n2XhWX52!}RLv=swAJmj_`y@>kp&9`)Dl`OtKK3dhk540)_Da4IWoH;HC^M(Dee%zSk4 z{b7nQy3}1EaMD)AdoCHW`u7Ll#Xq#0F~1bCAQ;g$HcwMl{9@X!TZ^zkOY=%qS*7zn zsrdF)Ddh=vf`aj^XVns)HNi24u@T0kkf#~x*%B#ocAxo6Do1eHsJag3n_ScRh%b|a zFL)^HBetz^G6H!EFerFJcvXTAi$feQ(2VBs6;x$`ST&o_l1sF)LI`mFHNG8sSR7b? zC$114e7g0sF371^K_^tkb4eRRTshJNK}O|P7k4D1*fv95`uw(?6jku2v~|-{Bi+&z zr*vT7g*G-03u-6UH5A298ffhHBm6oe<;Yk@^&#GLt%i!V1f13r!8BaJ^PE}T5L|TH z2?;pd2@W_SIUC-~fw^d)*>GkT^M^($KS89ZN;|w`2cyhQqd?RQCwUfs5To!k1@||| z@BT|p7f1e$>(1A~VHJoFPLo-l2`@nmtt>;v`eGhKELNT}zY?DNT^L+%(ONEXeBu2C zA8$Rx=`vKV2%e~`8^8Mo$taDIbvZa1s}NZ+E6?)M8{S6`>>Aq4Y~^Lj^5`fYhn*(1 z`n@vgCu1)`?cVJm#jZCww?(qehcY(J4V<%O`_eTY`q!QcP1N4m+jymSyy26Jh|CAb=G;=S*htiEFrymDvMyH4W(co8`o(%G=lmAAM;*iF z3bE3Vn?>K-dz%wwAu6|BEoZ+(kRGopNI!b;74W43T(VC^{xcrQqwP7b`Vvy-@X zu$Xpi$pHLiuKgPXpZx8R5>0nEo6JEEjd23V%{V-0zqg`~$g3(f;UJ67+2H}!ovN(0 z)JRH?tb#CD4hLzdwCce0MJ{=0XkpO#URsEXf5a1FPKH3g`-5{B1I1yCEetVr^<1Hp zm%}WjXSaE%BctDy8kAvtST|XkE!}k&X(YS`tRPafp-2!z%ReIt#@dRZWT zfa5}s9NH+gG+bRUc#CKFHeiQYw+WBE<;(InxOqG;AKBFj>_+$7d$yhn5p1jL>tYo^ zjdTY@5H`cr4RvQ?VrwYw;KnnI_=njYi~;G47f6WUy?YsY!hm~}6o7V@;m5+{fGbH@ z(j(a+wH9R>IsF=krIO2&lF2Gtz!4WxfDLqh6%R5Uc0TBTp~N zvt4eHZ&=d4pyl4sQ4jgXlI=InAK4)qOU$GxeX?e>fx+H ztfD2bL;@SQM65#>+6rOwM|I7E2H!f~x}l!hQi4*hCo)E$kXCo1zM}r9E!`TBA&s>x zU`eAEaW0QBx$`!svm!$$dAHixA?xwdmYkI7GGf7^PROGQK$8>gRnH$PNeRx(Nuunh zQ$TjhkyOD>oB73+5jbsRe|!Oo_m<#Vq;?aSj`SeISB@XUiRK9lcHr@dc>(4XW;}6% zlk5E}I4oXCUNSyA2f=ORwL}d#{CQi>ri;2BjT)b$jE-J=zg;o^%dhx`fqzgcUrhCs zD-@Ch`^dlA-`ehnOsH})XY{L?SCP@iRQVWGzTlLQ#3SNQR*|CfALlV)MQME}CudxxA$AU8r>=^Ol z!=Vppm}Yy7LyuSF*j8Ag&*`M`OuuXP4GxN-?Em~+P)_IY zF?hjz)!+9sy=rElU59o|YM2?D>1CJGi%+b*^{AGQ7kBADzDM<+G3Yn>w|Q1z`InoY z;4W+SXNqkg>+)O1;6!^vWbbWH7jE;ZRe`f4Md*k#pTInIMFp)<5k$u$taT#}dpVxZ zi*80l%6Iw=q3kkn=shmLw-4TzQIHZ$dwErd#^7^^wNW)KAw7QEG^#dQ&oT@<36|1r zM6W*`XmBBf`>_DDlKUCMMPv0v!+VApI`|2WP@c&)SXYYl9Xs88QjG~LZ&0tg8MXTf zAX97msxH1-4X(J~Xdi)A-erD~)&*^QIN?EDUUW_+9Xv)j;YUF8wxld+?s?p!w(n(p z)?nSyZ|LHOZJDnO3E(a_SGT23Ya=>fW_in(Ry$I#0hl zw!0fV?}*WVo-gW`{-c+bdZ2NSHI*&ZIWsj%QzBwGok3h^n`#jYD`agH9Ey??jp}6*^12Jb4v-6ZSog+ipRJa+?Wm*`*~A$(l7wXT&YOvt0Z3`S#RLL_r;To zQHXB)fo_G_Y167>D=G{@wK@NJduQl+Zs(gUW#In=qNR_lQ6g1x06 z5^6rqp3l2u_h2V5 zNd5_b973{#Ht+q1(!SxpgDd}hbcS7*HT#3RVpT$?2W?fu@FZ*E<+8{OM!N9Pw49to zSC}0`XMf;VQl@)z7j++KF6v1#{jh12Tjy0y`E1ji3|bwv@1=F;BQ8Sq!lK1 z9D+Uw8Pvv7%xd}&V&N#|5NDP^BQ5i7jR3l7Wy=2cktsR2$D1J+)Lj6rRfNo-PU0j){T(*hg@q{piM^x}s$xupw}uk$fGX_i^q zKl?4r$+D6~M_M2lj^3tdDWRROu*Hi(?DMn;$+fBL9v6Zxn?7fWO`sAt59u!yj9s6?J| z1fFowO&DNf-YUHyP8UIcwcHwyNm)mj!{>8z#ufBENk#*cEU|51E*y&I=^243Zb$+L z*Q}{kgpmv+w&k%@UsU9^qSsXG84DB8qrFcs-9r877|yMLhz9Z9B*e;}@?Hp)5%9DH z>NX$kog(x1DL%%;2JUV{D?p{zw1smPquy50!4sZNkPrb3I){R88e~uju1ybos|Y!B zo4q9LBVWOcnEwmNQoYF_v91uQ`*&y>UUB*cfYK)y)k2RY{XAyw6 zcOfriMZEDMdk{4{ddQza8%#X725pB1t+t5acQ=oE#5OeFk8_NU-P`}>9THZwXws&o z>y2SFZQ8N@S@J3F@#{w^;tVsd-6g7j_RV9sjXJ%fqG{ywCLrj>nBnszj(QZ-sa_!E zS4cKDMX(s&`sLe!Ke#ry!%Z^rO=~1KvS+l~@WxI3!~I(xcclMAP6huf%vz_0FGUh} zTjY6L!)Nb;%9DPIlq8Uz*$YO?y;dYwZ2&HrPAhFg&SyeG3aE#1C48fb#Z=|9cHaIe zx0dgMps(kR14>;cr-u~1=|kA(9|J?`=kBefs;nGwTE61Oz9!Q#}@NM;?B=;AVq3QF}A)cvPkPO}Qedvvn0ccEhfn zWV&jt>us*R{kCQ?V+TdGGBb-~3U=J5qi&+iq7>x{GAb^N)gGT>?XgAPo3?RzmJ(- z8W(l>FdAuvR$3EPQtr})f0^=59Dk-gZ|LIKzGs6-_Av|B zJl-ijBI(XSW)xvauQ&FeHRzh!K(1COFg zaPF|_qN%4X(TJcfljFkeqbD4-AvrA-P?Ke?qiWK3F#Al+H-q1+kjRVR{xla8L|v!) zOHhsUX(%>-1)|48=04S#o8BavQgI1!I5iil?+R|Yl)JmBdwoZ5F|G07f>lZ)w-bi|}s4#{Cj19)M232=c2>Q6v* z`Gwv;ib)SvYYAfUpDX}c3J4{q_;QY9rDNY*+~4fZJt6obKYxF|#?Sj_N)UtNVAIFR zr0GHMte8wIaZZA~=n!$MwoD0p)}*Ix`r;--iYWo06(bEI$em#Xwmf|55D~^5r%$lt zMiFQK^I4dd72gcydYO}fFDrp^a9SQTG^)5^q+E)dNI`95F(}IJXc?W4jn=<~@E{{p z;NH^*l{vV+{`xV~lQi|w(SeDc1)E|%tZ)gBI%^pG6(i(`-P51+dq#L<{g@lLfh+MX zG46X!#Dy2~#{*&p%#c_;?fG{u_}iHk3=Dv|Qlna9k*FnWK|gX&Z?!UafQK#Aiz`Z; zo#wU$)X&v)?H*iZ)3QONl?3}$vW%seL=DZ{2{B%G@Rp!l!T_{`Cx5GekLXLN{Byx5 zrI55dS<5Fx(=Ew#gwurFr=ye3J|5qLUc(B}HtIvFA1~bGJ`-_K2-tb}P`U35z4l!BhqoSL()Z=+ch2g;)k^=Zg z(}-xj(2m{+-dMHKdx&9v8(K6BpR?ctvkUHo{=^WuQ7AWSSfhVX)=-m0Zdj+4^*@Vs&StKq{FWjgzUs$0FXK?9f{O2p5p|0)@k7xPm2b;^1VpN= z9N19^BlLFLP@2iNsyH8vIdK%9y_{M)n=~$BYI-dB=S9KWKTY`@$nJwsKzgMQ@3l&rU*&@QL% ziI^o7Sg=G~u+e@kD3-Q7VN1kCgzII-l%a0@Y;Q7rV!QP0iz#watJZ?SZVHs<0{>!N z&`Q5hZL)Q5lFtK=wT4c!iqBtUMxxLCeD(hj_MTx)MC%%8=sh&4p^A#q1?j!0s5F%( zHGuRMTIeMN2o{PJq+G7*pL_N`=ec)&FvHBl%&=yy zufE^=-C$zOpVyna4HOahZj!i_219caI~_`C$x6$79M|xi1-YSmnRD@Z;&XPL#|YOZ z5oh}808oE6EeMKE>T1Y2x}rWi@=IDnBbMW_D_zDg^U9AZkBbL_av_b0!|F57{diwE zuPq1aEs7YXY&i+G1bzA6ERZ7&Pd5ZH3K3`iKc1hX5pmM zST-d_fti$uEiuGqd<~CGv^trtBG5H!6p%V}Z_dO;E9aEy^)W4fpiJ~Rm0O_elT7++ zX?nlJQR7yjqHOFdvu*pceUg=}diwfnXDj4zd3J_l%)5n!1&Z}|WOLijS19&4Am;C@ zd^0<{DCpGk@Q1@cX|eq&%CjnQnq;Du7o|V{{_YE3ukP;o;d!DxQ>c&lO9uXASH_;K zQDGI%-_+(aQW zC$qzRViyw9ifcQknJm5k`0*t&4FQ=!rFQh?t5;8+45xs|>@^=_|IKweC+xTw_@-s8 zq9s$&n_DY?YrXE{$4lfQFxo1s^Gk|Z%KkzO3=Cr!Onxpm`Dsw-9$@b-S<_YAB3Gcz zzql<_SW>dOUf0uOc!gYu^v|dN7lYV8?*6YIR!!vEBw#Slxsn8Assy~(Q#^mbqn`f$ zO9~1>1uf@G-0J$04q5g6e{DAZW>fv^?*H#Tkni98o&SBS1^NF!3Mp5E|C^8HUyA2N zU-JLWm-63lk-`3da|QkP+sKIhgY@iwe&>Hbw!1Y=HAC^QCzAIs`t%C2V}o+K*VH37 z-u#L}cD@;T`|p2~+{1P2{LNQ#X{T6wm~MtFXfyIt#AYvvVq?Yu_x^darn`sPC@Z=c zVHE*9BZU<;ewBy@P)F_AICA0v86Z0Xo}Mo*bzd}=^I)}e%eR&V-E`@!^a9bwR=D2x zKMDB)tIy@|i#!@IPUdq(b;s?*u8&{X_+jzytr}fa&CDo&Iz(!@t0i<7o(;)k1wH#omIgaQ5#o8Tnf}B$P>Kf1+2{R}Z!Nkas<&zmAjYqbKjtzVR2~AdL(znb^sKNI zG4OYD$d#P{+ZYcG7mN^c0jngC&8SeU*FU7?ckjPH#eW?vFn&0eR396&g)Q;C64jthw2)0=Rq{!E11fA__sgVswxnylqZ4}0 z)b!Dt1>rQ+fr6p;M%S_mTDhT1oqaew*<@Y43%o%l&)NA(M`w!WECp{+B&WqyN+rIS zWW(G6G%i1%(U`X?m6nR?GDsF;#@PMi-+4`^?Lf1&32&r7I1Z7MVxrv-0buE9iV30K zgq3yqoWz&w2 zqq4HH229A*Ln35GxP*lEcAfKuH&Q<`@*prM=u2g#wz~9<8?T=~XC4_Dp{;T!Ukt1_ zBipwN557=4Qc+XdcYGyyY(re~d;LUS_sPUHsk81a*Z>-DFihDwW=L8OT*C%lkXTy} zcM-(X*-=fFO4`vJA1hkdGp%MjJp>y4OnOc4)8cSz%lmvn0!;K)F;dI8T-{+gFSoPc zJOBJHM{{IRIa%eT-%{`sTkUdqy5CV*kV2mCJEgm8m~AwZteK@H6lz13evW5Hn0Jca z6M((*4^W{*+TU8jbet;E(9pOSU%q@fU@m$;pj$AM89Ye7zTj0z9;}|rf7fwUP~|a2 z8`trHMtinJ7}1RP0+r_zxxlMNJqe$~AO@5s7kDo;#gD!1LWG;$XN}SJ8B8Qol?%}V zX-dg$YMLeRC&px}dT-Lv8u;xE+pmVFo?rgRh4A(ZQH1u#H3nd}G+y+fX0*M8PmNO$ z`I^*ySK={bBeFA#iVXw|qb+C)c3x9FT}0mImyzP@=l zt5!i{NB;3}fSowhBiq}J3w2B)tIQYwADOy=Xv6%^kkHnA1 z?h0|UA9`F%c;N`odAOv#_C?}gKLhWmJ-XEPGA%9xgUZNn=+JJZ&&iMj9PgQ^i+lcA zHm+kjJJ+56x%HsVC;7+xX$_hy%)Y{uet&hNU(v*-<;Bl`+S|{%rD8@;^VR6SHV4x6jtzuJf3QAYRXn%S^e?2=LDD$Z!vL^ZfGoPd#&9~XaM8D!(1Q-*JcUK}uhZ15Nzi3BDSmltbQftq$)GfwO z4|^6)y>0)w68~-2eC}%*YTtPR@4SX*_^>9??jquSDIoz>3o57?&_i{^vijN4vk%Yo z|ATAp|HG~igzVy zs%>bG6qvvFX7gx)9$F|%8qUBq&0ojXFfTRv=3=h@FP%kkKJ}V%3{Z{NiR66yCcs=d zZjRM9sIZ3m<;%{M!cce*KRnHi80kBd)kOj1QPI%xAPzfHjkM}e4UH9PQ*^sJC0Jdu^_c zhh=jnbVD_j==i>N0Xo)*>Qm*(IoqSTP3tw|v%XHun3~Qg7i(&|&?3cWI!6}jsPb14 zn*R0>hge9vA;e%roJ#SexZD&5Xtcv8)7jZeA&s@|MDfX<+f#4nKTr@SBkAIC$lsYv zU8x;R8?~(Jr&F6<4f#CM8wt=_;F1r(CT%UXuQhYuk^&A#GNtE!`}?y5qKD zy#vSt+3EqgJr!<-?0_BP%afWPc$C1?A@st`c`Dw@cw~(78~q@bFgV83&M(<8uIkdd zK!b}Td|S~9hHMCF%LPIZ*yg0K@sgARux)jVjR&X-mV;H_$VhKr(m_-wRC6Lvy;o@9 zZOncH;cbYw=Lgy-Y2Ps0eVF=KLz_5lj#KCM!oA(-Ik!j>2)<^|IX&y(jrrZ+g68D3 z+rpRe?0`Og(ySCj{2Xs!X*I?(#g)3M-;OW-ow@0$PKR>z?*>OF{uI8>t4CLV+EUq> z`e{+Z11NM)hA!co4i*f#Wrz9~&*6WInqWP$dG?|&h3b0>f}oGbUh^R8`-)x2izmz~ z!N;0MsK-#JcGwu|RBpXHpIFve|L8d1cnpMn5d;6Fr@vF6SQl~apiEnw5lj+QdChv$ z-6z-1BsnFa5DrGmWvcSOr-O;*Obo|rO1A*Bya`|-0X0ut*++qrwZcidLcip+_`*AK zs!T;G2}9)GzgLdesk{n5^Fn{42vJwB)|d3BIM4^^KfcPGTKhYVkI_Y5L>?$`e@DZn zj)K3}cd{i7{m1!gCCp7bArfrH{G6Xr;g+tYTBA!-Bb&1$qaW$vH=>iwdLR6kf@OVk zH6L0d{Q}dYFLKhLTki4VZ)MWz9ordkthiPRyfztveczt>hM!Bf-@!HxQgr0wBoZ^! z7q0Aw=qRuD6#{70@-7Y_hMoz2TtRG|vi~)KX#;*#6R}-v`D2HD$n^yG*~A+D%p1%? z?R3r@akQT`U2vgG>?)5KUB?^xiEM_ci1izp3fvDKc5?kZq%nkdhk7!s4X-*>P6KsI;DVbgMB^OR5csz6kSD3E*fDj6VrCvvKNvVBXkv*3Alk^g&dW z#m;vw+gNFzF1?V`?UhV(4%>F-MljK>dRPM`F|NmTfp9ZwBM z&wWpe1*V-g?H<~mF=OT?NQaJ(fWl|_6H9|pf}3p}&v+s`s|$8lR*FRe9uS`hE48z9 z*iZ=zz~beZ9x|sO7|0E5>mmEQI?l4{6ZyU&g%G-9U$HVQjkt;a{U#cdm-FBwNMjJ~ zbnOM+X_9Lmma(hdDK_m%TyN;q8R?xSu`L6iVxJybq^NVcjv?fcU>6Tg6^LD2W}`zf z4wzzf|Iv+v#oe~8`A0EVPuOCRz?gj@0jX8{NLWUksHPN2<=9h@oCN`L>D|9PrZ}bA zv%qYv#NOU|0evg?cC5O9LcOW}*G#1|2Wssop*$Ql;^}%MHy+kRTsl)rgBloUl}sfV zWJ?w|T%jQZnlY;TEPKhm!7IkrJQ^64&*zM98@Sm{unAy7*Kcf#+}_ z)~?y(iQhDFnR14vbz2zMSNJK0bh$CTeEU2r#m*vo;!FqXNFVak@L+-pGJ27ytZ&cY zGea}z7hg|DSn&MpAFn%1{D~uE?^6Z%9`Q4KTjs|LlJNDpRe$IOWUE12iH+rHK{bT= zQNq*@HbMU-A3qF@k3Zt)64aWl{yjZZAdXAj>0#>0-e9z7k0k@9*n^IS&i_s4_NPHgj;N*f=ok5u(JT#%EvYTDZ@qMLjJ|+Tk!K>?-Tc z^QnaKT5iVg1F@mOk5Uvf1n3?jI=hQdzdX}lx^;MKEVZ=3aVT4+VpDWc^u#Pz2kpYY zumEIM1t2JE{m90K(g@_&p}%OFu)qxI4(3eQ({&I!UUI}+m5Pe7w})s)Z3uZ+HVFXN z5lhOQC7S6$y?dU)SEIc01S|QLwry|!oBk);H=uLR)h-q71F=a4@n`vttninzjrg7- zg;Ez$Ox}bOs`Q7jHJeRpFs2YT6dR{xE7 zeR8*%FJ-ku@KFjUQ6;hv`x2JK-n~HtOKjNmycr%RJUr? zTR6;DeEmm#)n@XggYQ&qb1%&{@doTtbIzj0cfuia-6G$qK%t%6-cCyaDlz=M-qJdp z^w>Y_oWMKR<>dMN@~J|l6M7y;@KE~2Kh+Bh5o@g--E(qksvl;H+G@<%n|+c}H7^&$ zcHA+DBL1;Azqk+UV4j_&l~n3Nh>M;vzaF0guV1N@R*)Z?mDPt+LADyX7mbpJ99ox@ zg~=tRQ|^X7m-=&Q#!yUa_c{W8Q2D3`ay2;*dY(ddK?t^l zK_$VJz{omAFMeBX*$-X5Gu=LMElZugOrjU7_i^MD3R&c#o&x>PT3x`~cah3-dRKE2 z!p~?yzt&?j5r2WUS4Iy4U(`Ox35sph|F*~m{$%2FRgrhxL zGHR<&C$!_X+IhxmSXL6XnEL7{W|6)MT@uKHj_U zFMrm$P49%A`k8}<(CH~OQyV8ixgR_*zipe@*gQK?i03`_`&6!f|7P~2AU;6f@Y3E1 zlY3XktOT}}E~dS=LjCnPwL3#asJ_B_AL8VYIAYo8s}{8z0SVv8IfzoN_P#kli)|8& zIZ|t_nHhM9tMJo*l?&hcNnXia&k4kR<<5;~BA31($o;dW>>L?E4d_??ovSB%*>xK+ zfR+JsGdHId$98XwQF{%un<*l_QD~|O&>qp#2h(ozRR*a#c#YaNC|m2OBEO=Wx0TS! zehC4dP_Y^ZCO>%d1M3#{nByyD>K+&>T*LT6y|*>#?}qa14uKfjhi^D!dprH?=@`}+ z00N1av0Atid%X@S-&E~ChRnoQ2DPjgx&N85XZ;ri@jru8?5d{!5HCeJf@nt}ch>n~ zesC9e*lGxqVoph2XWIQjZgjA!)N|}|;w#s5TgH}c@IFJ>4tZ$l^jwx(V6hG=G1Pfc ze3t7~uxN1M#DO6b<`Cv4oAV{{I1n3zrY(%ArrxxteW6LcF|ie&Usm;0k;Rz1h>5it z{862pC|j%TOcftQRX@N6jZj`ni{-v$Ol{?^d#j)o5VIrDTKCOiYu|QGOkbL91=ZkQ zJ2<6f<6<$OBn0#90>hBmz7J^z+Zkf5S+Y~H;E7~5CW!{>r^hi&qe7~#7L$89b-hJ% ztxPrD@W=u^ROiXjc1C&p48a*kOAxX}5ZOQ;E894csSlSef4gEBuy3gxTevE+shq0o zm^P$x0j6}N_#-MyLAM_-g(y*qRi|+*?|r?0%QOZsB!pVs|IAK?jZ}&2Jh;Iu4BTYm zoyKLP<~EcJ$!^BYwfb_s&WdK^ceZ#VrsqStabwb$!o;HUlrr+QMJLZ@okY!y5a=gl z0iaP&X}M7|-|~Y=R3?)3n*p}s4~#h;t8xDmvxn5Cl~s%?Ehg4%;+L>X zSbC<`BY2%R=m8|ATMST2&o{^iw%f@-L7*_ zr0j)YNkI&R*P{rbUT>$mmzOY!5ZzcS7k#&BKHdp8eYD%*cq}~Nt-fPrE33(xe|%?4 zzaix(aZ8q5OhiDXsh$;hCGKuKn@e=8Tsd-ec~B)wvreK|S8w!9o|w5gG#L%E3N8Un z$<`t_LUwb5y?BgH-AVQ%wtYyQ9sR16NV%ApttF}+*;)W`dk`%iJGHxZ?o3ipa_4A5 zd1Fo)HQIm@UK_2N{Vq#h!vv@nmIGT}g4}M(lt)!G6gBM>m}-gk*; zG5)%^-uwjTx?~Z;VrJvJWTBWs+(Qg4z~eyNKdElB&ds03CEAphh@SBt|8hMT=l@(* zzg@a4$CRQbU}>Qw3iME|WR0t&Rq}%iOCg_jpW<0C&SL9oI_8-_aSQdkS`U3iho?C* zwWkIs2D7^w=5XX3WQ$wJZqQdSZX)lkFQQXuh+baCv6@DLfynGU3Nlw>3v zBJsB+H>RGCQoIm_4)B2{`HRZ^YqBRT#-{wse`jx8i6DnZBH!v7nqt@@B*V%CwWv*{ zklQ=WS6bMu`&fRF-=hiRU$|MrA9j{LlfFK$P*8$Y9%t}_mpF$(xsEYw>5;vuExNKisVQoEI`|RhXrib2#WKDzxgOtD?#Ev%iU(4xp-cyfg~8 zQS~3n;(ZK0vmEtFS5qXnq}jR-DDPvzz2fh|BRlO(Z}YSm&URZ9uMCV?Uk#1om*S;z z8I^jxy!)t%2p3>NbHByKb@yg$>>}-03D@nBFRs&jfqdfZ7ezAFn6EG=I^AIta)NJ> zJA^K@dLe1`sT)(*ATPV&-8$)@vs=J?=zN7l33{#L4&&GGTSEE9O1+Lb) zp839Fu{$2-0S`eSjU+e6-7Mj!sa^AfsAslPajOB366g53oOy1pq@{awDM zPCJWr*=`i50t+SFYS@cK^Ma(vSv$74T|_}U_b<*Chi-iY**K2OPe54XRoJSY%I z)<98@c#1FfM=cQK{IwDiLaT*hdIl4PwdiF1>jweFU2iqjXs#6L2WliVZ3Gb>zuW!L zIGsA2(1~9!Q#0W^UZ)`^jd2JHAJoQcBXy+_4j;BK`wu6iw;vj&N4%IIZ!9O{rcCGf zncMfAg#{$y9n0c)8uVN>jeaIfPC_-lC*YuJW&m#>_Bs~pGyXbuN8;=4E@3MiI3%ra z@2rfye0zch`DZnnJKfKxp~UFygwal&TfQ4so4xNC8+C531d;)$TgUQ|d5*M$(g@R8 z<*JiaNm+lS$jy5q``>>+wggCm7kDVXSrBJqO80EcXVvB&ZcX{WizOlYO3O3y5bF6J z+R}_&~L|Wn*b=ZyRIZleUYDlJsk(SWi z#kj4I;;vaSNhn$vLnnF3r9-hugBB4>-Q~XDenyVxF176u=5&W4+mCsb$MnoqzwNc? z7%Y@hiam3Vjd)pE9)Y;|rC+Mag9=6UCzWCwwFxij-vsx_yjvc35Gr0VBUidQ!69h7Vy@zDtU4-BDPQ%O~RY#=(r7)JJu zu;%2p#5uvHLal9d6M}KRP0)b|(X3YJX=4YCFXm4^x3vVzW@!NOABx+B@eLw69Ext9!%P~z{|lD@B;sby0q~|=QN|W zJp1WkrBZtR52it%gvuCZ=lRabLPp3<7>%8&g^h4ADbbQS^&pQ z%s0&M2P;m$WYP|wEMXW|ME`kkFv_2)!N<|nY@OkC@U4{CYe|xVsQIF{yPo;Bzt**U z(X&wpl~{|n2>dG=L~qa?QZwxqwkUXTVpF=hw%^tB_+W}f&V~OYYXizV88@r&yB^|w zt!#$gl#Z(Fwn-PVy?2*cQ0`be-xhn#%=4&3~BL(+}DvzG7*}O zB>I2gAw%@GG^j{_MaQTdA5miLz4PBlZ!3|ca-y~=4raG4U0a7i0&MLpT5l$ex$rSZ z$DA)H7UQ;JDBFo^6Lt6+6at5#Mdu z@)my!b%-03i7Ql)No!aIPPKck;gIP0G=N}9tufVRJ4UZOsGW(l?He)6*LbL2^>=CK zNa2vK62<9{ol~IeyqAU^OSJpbeM?fTsLZin zB2DLZA08~KfdtAwbea{AIf{LHtXLJ(GGq9u;ztEviV>`%gF!1=A)&76#a)5)>nv}j zlZ^r9 zq7qB#QtNc87)%0HRxnHmRYAg>nr3|d+`EULNMuv`NDBYYMoBVn&k++DoU+ss_ zOzMRm^iwn{QE2e+B}_LkTknf!oMSnxgP+p*HX#coM|c4K3-{;gz_G<>Z{_~1(VGCQKb5jKzt1ci4>|CMRs)s^iqQPF{Be}O z8GkuQ+#rNbrNn<{PXr+Z8n7(J`f3r`Qb$jwAV=Uq?U0CkpCz>Y4T0{l8t9N8j?w*73$1YCgs5k8Mvoj=7#nY}}#; zrD4GfveK}@S=yCHos4U~Bvsy9mvHXiTw?3NP1*qe^>}r^_+(zS4aeB%a~q6w98E^U zTmBGOSNQc%8{ybW)o~zTl+(>6ytgiujx)J&d`e0`vmiOpwp{P}5Sz3V$p>g3^VK{s zC&jH|{NlQW*V<)==fQKPBEPrI?3_ktu`Hmuc<;BnULgZXu}hD;zMoOh?)tS${t$Mk zV*DXp^cbyfIwWHjlB!FbW+i;TjsFQ&{QgqnAj1(IdmOYib<#&mQn=0tJmq1|iV|(( zVQ*r*(N)M<<;)`>S-*CVtcQPpA`%7hch{Y@c%Z)~EE>5{EcdTL?F()b#ZLsOxPC9fMoPnH(ulpM!TzCu-I`vQL}x`nIzr`zlSfn865M9k&cZ4V*)qjLbbnw&OVv}eEUYu zZ8)nSRqq$zhj0`cuA_f>1*a1;G zwJdKV0|bu)$`esJCLp83Nsx%zTNApQM}7E77Rz$7i}kcDR7zF(7?;XBNN@eyv2Z)j=~14A*zS=i*`SYAc+Nkgbv!X#@Hi}tueH6a#5p3`vT$)T z8?K9yS-iLA1#!83pPS=khF^uVjK8H4P~l%wHhNp91!(bchGFx9M4J)-xuJ&uLV zZ@om~zIH5GOaPeREZXshXVhz~NRwFz@0AmU=Xa_>7d67fAlG3}DFT=Jg(#b(H7sY8 z7MaRlIbaztP=2Apy_M~jplwKgmLT3S+@ke@vg3p@YQ4i&JbH~UtRsU09JefoJ)qKh zNpQ>}oJsj>uOxO9lZgJ$*uv&*+5UppSVHrxY0my!jgOO8@ivrAYFZX zVc~b|4w~FK1^Rtih)EG(J+=Nk+F{KTA!fMeJa~l~o9n*RHRF}k)m=VUpTZ{0@T|M* z{k33WGLN(!WxoK`JhE%?12kGjob@l$1}$tRpk@7NI2zOW%RAy9OPVnhV;>r@{ZpBf zo_fH9iG}5|M2WKa$v+}B?z64oMp-u)@+)`aVcqkhSUbXQG8yG1fJ^KAE?DKsHw|wK}g0fY8At(Q7jav9^u)q!l(Ec4n~ioBOM)Dxjz~HpOpM z1hz3+{R(n`W!ZvE{ z(kxcIk^O>R*^Y_O))YfXc*04Tx~@deU3N6|_GHLrm$iAW;+tp z>n(LP=Yk8FS%*_pZMvjFNG3jBgQyfRpe5N4f3Hvuzq^zMBfc%zaAm7AdY<4K)LbEl zdn?B1_PlCi71eP24<9jnFnZ%%6w@(=rmOVJ9|(>zdHLsc?3*j4LJsU@R|S40A-MIX z@#LA}`w^IE+TTFY0xWxa__W;2_FmlRLpL<~Kp2RIe7aZR{!%MOkId@}_BkH`AwFg_D^;d&amY-+(GAlTzz~9eism@#UTEO0zaFw^LG{$j&QKx_}m5Yq{oPfHe zRIO3AaWKx`A_q;N8=r=~`_v#DOfHVe;EunhleGR-PZSSW~ho2zx z$KaltXGCmEWMRoHniV{L^)scvEV^)5W-YCYf*Nmj{l>mC(KU2WC~5RfxrNegGE50C zy)tvm@B$xz6ZtxIOT~gwzYV{+0_tPE;X=h7-MKU*qk>uY&Hqs9eRMY2vL)9vaCCgO z<%uJCS>ftRYixGCO08e|a=G-;fT~!&D-}^2iF_4J(CLwlg1=%j(nA%!0z5HBQ5#gV z$Ta@2L`s$JTgbLd&64_$PY?P%pjNhSmbi~?ju^#^;9Efh;U@0_Q}alN)DkC91t$)p zA2lU6e)d$xTtLk)3|T3HN6*G0c?I_-L|4 z460N~CW=|o&ni7dT~Gd@*G-rPC;?76CnZ6|$BEK(Ql`ZF1A-oc_DeJw|# zwpSmVubr3(qhLZ45^(e%%3k~n3&7o}oL3KN)rL4keYw^eHNi3}T7+O6&VcB<1>%D) z4NZXDb$omlwi_a=O;)vJ7);WznW*mk!L)p)fi;*MKne-DgI z8E9GII>y>v9|(P184IB))8@@`h^4ojxn8pt5fF-5VJ%Pg(KP5HWuVg>STuJ>)FJnH z3muB7v|5$WyY{*c)1x73zoMC#-XT0tx0fF)va&=@}LBa-7CD}L##zV4Oh_v&;DE)oK#02jaT>8M0&<#4B_GCABP z6_#rT=SIH}wy`DHCE9DNSB1+5iFigerof-y$b9Rv|49P0E~FQtda#O8P5-4Dw`5>xQZaU(d}%RVEc*_k8g_WK}{ z(Iso)4Pj41%u+6?GzWVXOqq&&ZC$%jM>D8Qhff$+AWZs_F;%(tp+br1M{Kw+fkD0u z0xDELVcQG#Fo1uQhEX3}f63>py%8kT%EX~Yw@fwu3S{F`|72LMnEt(UvtmPHmDQn4q2-f}~8XQLw)F!l9~ zYdd9MUX;^;563Df@PgtZIq~0~6#)oI0Tnv7snFbZKM_*H=e3>GdBR}JPV>KJdy$aD zn(xSb4P)&j;d$LyzD^YeaJ?jb;1AuPIf}Quq!0)=w$p;VPb+VC&cL!NZ}+1MU>F4JHO;FU$ zMb$D*Oar8Si6=ZxXR4n)>+s8Y3YH<^mNHV=446UKwI)2!l4jF2f81*FZ+zkWcgxa1 zB{OMXO@s!bcXG9Y>$Nx;s5qUPL$UJCa^^<*+3(<+7{(_6%wWRnFcn9a?&uTU#(B47 zmZZC|pOFQv6KZd7wGf)$v2jv0I*l`jMW-b`n9~C8x~8jY5!-_RELCd;SNk>8=Suzt z$5#4A(ygu@&2@9iOBJj$&}P%=`guL(a?G7UpSIN>8oi0Oq&^Gp1*AHWaXuFthko!u zpNmcLTu*;TDOB9%Zi_2ypFpEbtmbOnisMT2G1MVv>&C{*v4?FxaX3Uz)p>YiSqZ4M zldj3ninhv!`FA{?JJBVpqMbBU;ugH63UfInGvJAVU18(Z(zRgMnV!nhve9i5Ix5Bm z?hqzVVW!#=(rbwRU8~PEexxWb%fZUEdv~Fjm3gO4+*e+7>F28#<=-9_Hhqh41Q+%% zgc$;hDgCtjc1dJVZ*gj;f-OG7R{9t>!rcsQUf^fUu0+DHN52AX>Zc5+W~aFM0e!#g zNX*w>m}^0G?2Pd0;(9>3uQw;b_V8X->2hcXl~2n{XDX_`n`nkVxqHPJ){vh{Y_>-L z+<16w3!E!mY-X<7Y29D=hLW!DLrigQYTjVeX=5(z@JLlwHV+QJulb*d^-Fr^SQ6$} zgR_*ii*YTs_=?|@QHN)E!zVQ6NMS_Mk6=ew~KYnCH6L^d~b%#?A@!QlYdoK zOVC*;N+h?KVXil}FCF~&-H~5oBdr#vp=eyVI!X?cre_1ceH!`&H%1gTRgW^Y645f= zX~LQBm?oR>jOKxDt};<;tlTA)p79%WqDVGpD$y4Y#R+;TG{zJY{R!AG8C3`E12F-u zAWu?rOSnu_%*9Kr&NP`Hu|4~~Dyvz|d2mk#f(7H&Jzu0NaG@3Dlv_O`BVra(tOfDg zL4Hoigl$P?xPt`~Nb*wWX8p}4`4nerRHwU62i^H-?K7DhX8IOX{Rg%xM;AWG^k;Gi zA8O?JZJR6Z9ydGLT0O+*2ELr<9ij`|C*Ivh-SH2keW1I=_`qQv2DEL3 zIch(m4LY|N_UP(Wewkt_=MU@be(Jb3C2}yO;dYZ)tJPu^tcf--_UB66)eKGAH*>Uj zFP77G20yEhYYcfzorjbp$*>CMkM@FsxiO(MxZh98jQy;5m)wyqYr)vVx7tAYmty|S zeV$a)DO<&Ab)yv3LXrQGi%Vu!KCjM5`cZSyx?z3fZee=_Hk>2oK;B#ll{ZQp)$Ys) z6m`{zrsImTFO6=tCoV_JY1QT*9;Ls%_tgTc=Di;xo%3fU8+=OUC>bPVIZ|)>5$-x( z)@TRjMNyGWprA+BAT#FH8hlq=^~~i}-lGT%8&BWLA56cp3|Go|ukgnca>8-72QmH( z+^tnw74`8#38-w|>kkb!fXs5oitLBe`N!v6!#{oBcYWDTlcy|jX0Dy}0Ua;c@Hu?J zoHkGDxmgQxtx2iC%(;rue`#g&7x=!Yk8HzgvAASGD|O9ZpZo|(Las~UQ)Og-V&kRt zoDdxc(S;Pa3s2d@_3ak?;&>q=I-6B5y4LquAA`5sqc`t1_wwsYMrLCuQ8e!|EU&lQ zWpLuR?%hW27fDtP%5)dx@KCEIvVOD~{2lyRC_a4`a-Lx4l3)=!(a>mQUOa8H=%FGB z{@JM|cGA(tzB!3T?0zbb1}KDNi%+NRirQKsH}-)AzeMb8z6^0L?jzPDgi(bgk!vR` zStHwe%_b4(V~0@Syod@pGAJJ_8`~k!e#^Q;Q0RokN6QPI<@yQrORq6Rt1OFwrU`$C z)|s9qeFD%C%XfOZ1R+K(tc9>m?z%1A>xcQZj9w>F6bn$58Gc+(bJ=?QaR)h#YgpHFyeE}dE;g{`cXfVCjrCsa{Ce@IQfN9G zuiOPtum2WYTG9l*SY|&w2;KSi;~PXApk<8|%8TGMdHpEU#ZoBh4=_`K=dXM@#1sVHr=A8mr{ZCeLngcVz^doR zuA**1nfhe4+0j`8GV0tj;Dp!xDkQVP_{o@c#<{NG0W-XR<2i+sKq1)1eku)Cn1VpfIvXT46+2`L*v>DygW zYmze-q!Og3Hm1BIoY!mIbS%+4qbi^uWZlxCoIOPgVQzWyY!&KIcWd?s&w6Gs5SVC7 z6CT$@5LH+>mqp*Qo0;>DFGba6UFAhnuZ|XbmcDFSvMXu!mweZ6sA#O{ zI9$!HMtLU8;S^Ksi|HQNZ+g9+E|(89=KQ*QJTe=ie!JfPrU9*0U3bNOR6A?7tv=k7 z#gHyXi>?F5Xqz^vXlu!+5v&=t>erL4myeN&p_NUZ7N;`^E#Zv{z=?g)5cu4nUI4qB zbQjX{-gjgPIX{Vgx`BmMf})2;R_q`u>r+}X5qRTgdkK5UL4S+9Y}`c;tAZMT?^vob zntfe->)xS{dKLu-+AiZi1k8Vx^uD-XP(?3f!yw*=w^MvQhT6|Vco*q?e=OBA^-x?% z`QsI9z;)~04<-CpR8We~2}1)lFIz0P)E+VjTDzlkJx$?>v4iF|2g)*x?GU=@Xr`|z z9|o)Jyt6kxP=u(Y#P)-z4Aj!duyjs?)R+uN#`M)?Zev za-@9ZJ3yyb7RLMX?nk(^IE_YbjABlCd}?ad(~oxMJelH+XWinkQbfT~JYPD8u*!EW zY%uSpS9~LNn3M9D5>Eb#E9&D9{O0tXaSG&5M1C8^cuGS)E4Th4b@FOlbTL(~8SL9b z5iKqO%^Zc;ZPCx(>)QQUuNeQ_VP8*RzacYRqCk^dnR?6%&3HAn9nSs&dbPBEpdFm= z9>4&b4@~6yJE+axB++_i(zw-9xRpuej&RdlDy7x(57!)GG+?7vy+08WVTY!#?DOp4 zN~LpH+o$@ZV{)(tyH|R_?b=619l}AyC}L250NwNUen7=q@C4W2?7IdFPw@!{ydXOU z)LMOKp9CmbN^0s6NI(tfFIbCrjk+Nv8{gs|--?b|+|`e4Vfm}LAi(|7nEtqd7*SX< zyvc6BVdx7?^1jU^e(9TjL~A0nO$%315^-@#rh~_8weX@`!P7p5AAd4{o9uU5oLxjj zzh8;g0_l7riAbE(OP0kob8`IJ$a?`tX?etz*bqbG<^%m8|1nXLpFgky*XbE7NL-)^ zEhi6S`2#7`8XX?vuj67bysZlMvi$s>36<*X;mbENvFB+6Ensv5AC=D!jr14130Do} zPt8bDOBv{gkKYqj%8ik9eT$*fLuPbQMz4q zOJEzRCWx<%W)`D0YFA|`{MEb6DVP5C_iselh2}Ttgj@pVFeds_xGm_JvyO+pss-PL zirirEkp|}I|ExNc8>1T_^JwYYu~N)FsudBteBpVluj~!wt}hSG?t@BJNfnc9JonO; z`v1~E))*T%j@pH{-Sy3l2K#t@iylKYlOhLoY!k@d-pV95n$@yxCYIYqEUH5}BarNv@4(4$!j+ z^uRxb%I1_O1pP(>C{sW@$LyCiXwX|%F1gH}=8KhoVU9^v3t^f2; zR8{E$ebhGFn0?hi9(=f{_V>_~kj+?`U9$0N(^GGr7^ZTidZ39qAUWyBD}p8xmHSNO zy4j;8JFXl_mV`*Svy(}CNIK106lnzL!Ec;elLcpvprA`6Oy=# z!m%#~o>aNAjzLQrS|2lh{mR<<|1kI7QBAzt-zX4Bs0q@gBT}R*O7B=uswllnmEL;` zEvQIQs&oaBj`R*8Dou(Yy(Ez)(t?x#p}fQQJ-_#!bKbkw{r5h95N0KrHJN8-&wlp) z6m4F>|L^hw!S1kzd&$E&mGJs)ibi8r-0$lQ1A}%{SegG4I8r*!13Ut9EoE(&rw$ff z+H{m#cxn$uDZ6GT4@%iq?=>e7dzur2tlRPLs>XHQ5<;(DoH*pFm{e_kth(R67zld}hmJ{l%-D@mLMpV~ZaI-5e2p?vQ-Mx!)pO!-IL9i^Soc;9h zW?)P^0tm=z-`=77>my?xHndjlg#5RXHlfgF1;y_XX+k0~yQPy4*(ykIiD9F&U%E%SNR1^07=kN3;?^2f zpSWcXRv@h0-~-^0mN~K}@yO=Ds^&jk68o3=ho9h#JxHHad$6!qcyB(nYP_0@Jc7e) z64B`c`9ly#T+H%jW4D$HpC_@UTZ|Jn5H1$@N+@XsDEw4T@9KGL9s%_8PV7e`24Y$4 zh_W71RVzw}EiODaT-8a;a^IRRo^rbb%9Y-T;GY{t3|gW! zf5yd179@k$NL_;ct6b^qRdhn<~u{pQHPsS}$*)56&QdlaQ@Y;#^58N}l z#m$hBpGC)Cj^_@*&94$S>m+y3B98^Z@(^67R|a%VA>-jwD`c#n!zAY!?=4}Y2So!n ze2pE4xy~tuIW|hRlnTIk!4%Nk=tk(Avh+yo=?e^?VA@!EFFBoovT;X-xOyA*6i4Qs z1MOe$Ky+n{#MYB$cYS8`=ZbB5S-C(orQ0;{BZi){>(Q5w$k}7~qhaWrI68t@hl|W3 zLe*V-^h@!MBxF7Sq%}ZIR*^SP)P`3Ju~i;)jRLs;C!j(~{qb6CE18kI{c7Pk0MdJG zSAd-b2cnx=l@5Neg@mskjJN4r1heVUeUp2KSyH~LvD9iBLF?bi`HhMVi{$bR`-8Oa zZhl--C33W^UD$uZbo6s627hcy2@9A@x(JV8*`tY~Shpy#nvqu6cpVSw{NWY>@20cp{I*5}=7m-tn@f^QX!$QT?MYgC!>A?{_ z2@PDLJsls%tu^%=)bYq&A$$p-`?J4FHe1+9e3&02jqgF>)dpn5#A(+f=iKX^+ajiI z;6opZaT9)e3q(!g@a3nTfke!OL~+c&BM%*9yqN$)lI&G=q_5{a#B6Fdq<^>2b76ZN zcjDhH41V^6BCPJ%l_1B81sr@T9Shrs6tsH+2t)ha%@kbXyQ zU8B&I3Ec3NW<8pn4jQ^P12DUDc{*xJXtw^XGdfiat zu6TNMCwpWE5#@#J&*r(ISd*)mhRinx4!0Pb)4sL*RI`oU2OSLjl(ix?aALP3*sV=)e zwS4~4mY$i%+Tz$(IL24t?Z+NKTKU*HgdwA6Dgu;`NBPxp3&E?_>X}c6aDSjj-*&K1 zWdp;c;*t5)@cB?r|BIY9ed^uI<{0PBSrpCh-Op^;^m{P|jEAT4xI7P&v_`-$@+iA4 zB)lV})}TV!(qY_cy>$VD=DfDHJ*oLyj`P2*WidHO#fshT+G*8x z7f{$8{cSQ8piHKWCcX1o>I`KBpo`8Au5eea1+{;z!EqJT^Y71#0xE#oie2F~qS>>4 zCp!@|T0PMCwj$E-bN*A`js>e%uPA-ETd)iu%{3HYe+>~=*QRf; z8QgAC7$c`DfeUlyaBdpct7~$&Dii6plZ$VE4ol7=Z4!+%pn?wqc}-L*P{x3^H=+-N z!Xzs~1{047xnxBbiY~!P=$()5S#T)>keM`wHv_97;%sWz;I9)sj(DVFU=F-@` zYdfOyFm1tT=sR_Vxbf#%7tnNrG_vK^bRdh4K~Gt6&1&4>eE6l9+V@t!4Vlm*2@Vbp z=KR5-p_NX;HZK5GAvNO%5+vK9Z?D;A8r|4vXlR)8HFb3zw`Lm{n3xi+2QMQ+g{&ur zsJin+$iTn=c>B?#XUBh6L@e6_|Ml(IOJwW^ZR++5hrl553bZ4mrZiWqRXb%w9`Ot0 zsGWeMBa*iX*>wtr=G9rFx%_)tgp6;}tm?q$eKq1g7g+d|8&oJ-fDyx{HOm?l^8r5G zM4?$gg6|WcYC_|x=$y;f#NH6O$rfT`!=p7&%Pp>=DG#vaS}0{gnO=$;JGnc9m$hl^ z9})k$h544{S@E-sV@e9yb;kK}1a;uUBMwp!`ve4LzM2)H3N-A2c=x**PfQLO!<<~O zs~l0uFbb$f2r_Gp#AY2!@Ik(n7_S*Mv6;@f5)SjDG8W-L<+^xC4zbw8Fm?-+OD)eO z%slT4+LWhJ4qK3uHvEZt!iK?^7)xho z*IOh~-$-J_cWU>X$9brh&YwxX#ctk?fAx8!&WDkSKRhUjtj%mz^ppTE_MCE#Z|fnzXf9<{ z5;!?5kIv?B<&{#o`OqnyxMQ;96er>*CF6^Pkdf~E!|p=&i4YEG;Hu9)XR2?{loIWy zGFIFPabFP8`Syb6AUjLGYqWQcAY#qGJEFrK&KZd}cX4Bn4>~?Hc{)XUFCQV#+=K9l zl*PaPmh(SYfS}|QJ9KIFCL$t?NhjSe7rzTr{q_BEebp{*HN)mSL(O2N^H4;ggHfpi z?4D;kv12-0$Ik>6E?bOD5{V+ zn>G%NRty^xN_`F6CO&ttl|tvT<0Fr?@F@@+>?|o`wZ1TM*-6pY(2bms+{znD|7GLk zaa}>mbCO^*!)-nSu!?oUn>ZGQ;#S73pW773RiU?MT;&}YlQo^YS0cS$_$O^{-_esW z4zstlStmJiDm~MYwRBh;PqK`bhRvMk$s@P5rRt}{!}pSNU4C#jd&SXU8qci*3D#qF zY|9n(V9RN@EC2YF5aGU=*o z8FT20-eHt5Wtow;&#oniH%6bY!frgpS1xNz(^vsU_8yR;ch>=8uS$73Pqn-0?vvuaHTqBVP| ze$PT}n2WxcrJ>WM1k0O-E1?yRi`t@bpj=kd=2!Cz<|xt6{;z_>!unvzuCg` zpw*Rx&;~Nrb|o|X9~0c@R&w(EUM+nuQhn!hnnDLsj%)HZa**IEU#ri3^P5_|W!KiL zSqCbENm3!|>UTc^$d&*F{vaRh;0~g9(gcAX2o4OF-juV?)ugv2A#|b2jPk1hi{_=z zowUqu|&-YEwq@4~#H z@`b?-N_WfW9JXD1BI0jVu4#|EHF{gjd5sUO99EE>5srbNvQpeQqAjiq zSfGkpb?p~(nGz4DP!fTbyIXeDuxskXTX9TBt5k=-HJ?$t1~I%0EK%qmj^{ zLWnhOLkHk;Vnaio^Ft9djc?dpBK})sF2UjQ4okQ%X6ys1n59_B7Oe<5B{{{B9VNX; z&O`W(ZZJSKH4p)4>X|IuelXDS?8(x0o5WV3T(FNzP;#v;xlFe-Un7cGj3p?3{epP0 zJ+t}hhg-QGxJ?u2C6H4N|Hiao7hF3pw=YYC7@uA8GC7jq?Jx6XuruWw+x|EL2)!|P zo3r#LGfIn(O0vI~tSg0s5ygRX3vba~TCn;)Mf5;VbDmdEw!hH6Y z>t1R+0MtC2uN&W?de(;MMrhs^F(bL4g>^;Hk)6Q45}(HlCL@<}Ec!b?RzhvtN~l**53pyJ}DNC?BC(jtCioF3DqM7+}x zuwUiUuRVJE>h>v&O5{Lb7IcBOz^x>K9;Q^fNVH!>Gaa7KkD#cL3EW0JIf0a&M;1q` zds5AM5lYR};k(bR|0YZ8-o0y{{077o0sB6P;Oc_PC(adE9EeKE#7#NkU%sEGWwwv@ zVsudbK^p&ZtGQ}u?aMHXKOgd4p>bQx)%~lC1*T#nb&7UqGpuy4v3B-sv;Dv=imdv|*~+=9mHHnbNJ_%p%v6eX_~^Z7T6P>?>3Wfl?hT19jzXe1FN_Gg zXj~CB?#rRVNZE?vy}htr>!~Z#0h47llec4qG{4D~|R>qoS! zc?Jg?yC=lzEqz1gDb^ep7${a%AP!aTEPYpr-#*Eb2!Lwk*xaHjD z(BX({N}7?%DX;Brnu0wR+hEB~bKS^#3kiB_J$pBvt%&=P!<*a^njxvJ#O;zTqR%yf z#0evj22z0mC0=0>WTEymmTKPaa^lo|Wr`d>lV!UTTE)94}diD{19JOP7A1O}E&r-e$=s*>gZ4 z)p5f&LoS|58TZZsC1do@-5Tp_TDjo8kH#TA6tS@1p)@S{q))yfqCB_H7fUkacl0hn zQJ-+TNyuKVNcuKR+F4BlOJWYTlFLBLB}}Et!6j-sg;qzCRLkj1~b+X!5@1LFW}nM-APkszc1li zX=_D2?Ih*N_{9L?8!6R}%~LCx)FWXqXFMv&vM#J;Cn5GOo$Y25wmr1jk)j9=0H7WPh$z$wd!y@d8yHlyzmcPmNxU~yXbe`jJ2T46o#8Hy+BHzObhlj^E z88YA5V~-JrDx3Q$?m+33Wr_5GkccJ4t7)poeL(eTO zmJHZkKQqJI-*X^V`J`Nmu+8~rcAZ2@Ua9{I;px`u?-iCjZ?Tja7*8Z&8XTH8~PJHa0RQg|CvOaF_qqDOKTDmJOT7G7Q%Nu%U*N)8Y zx86amjy{%oLc9g16dZiX9c0cu&FoIwd_{`A{*e%=QsvsJx<9me{!FCg>OfhA^L_0n zpK4zWKIb4>`cS!N=5VX1D5|b{AUk}zS&}w<&n(b?-8KHjYiqOF!dBKtSzlF58uMm_B|)vfMaT2n)p%awha%-)#I$+C*U z`1Z!G`UAz(N#mO4su?*Nu<*N<+(s__UlmKw9+`4iNJlzzbNCrzE8E5DIl25R-kURN zJbY1SZEt={h9G}>XgPuxSUfg0+`*ng;ZN6#pdfN`a`M%P zy`$rjcgy`61K_vaV&W4JkOb@~pFMjfrj(JLt?BBzN#1zrfbi}8(NQ3vnZEw}ck_|C zp&`@5hYxwDg)V1U^RmnSpX2J%C3Tfa+%jQmqvOc@{(UfDtMIRnzcQ>aRy8$c9U2+} zDug;ZA8TqnNzE>at+qeDXGsPvr#$#nUfy(#;{?Ff(o4S`=-Os~Rwv7_UNy!uwfoQs{o%O@uGP2p23KT4tpbTO*w*7-0vh?>rof91IKM~~ zah0IwSMT+Uz9ZxgnFoE~91)~>{?PQnPx9O5|9ztFGhTMczco+Z3jE6lct&}TVcs^W znj%MIuAmoT=yTrGsc19|9ZFQC4N2;Jy-bM*Od`V}w{M$a^Uw~eu5^c-e+~hZ3HkYw ziC}ph9@#ZdHRY(1dU?`pjc&}J2)fEq2Z+R2o$@Bj?3XJxaJXLt2$sUd=ZURC?S4-M z6%#f`FvW_6&oAg0h&YQI+euw6H~?_3lGTiL(wQUnAQ~5|8)JEaffW>zWXKRdPp>@h_>YMP zHWIGA1Sn()UgEB?J6)szYD!-u;S~b19e1>hw3<40p7!cF-?z1)uVz+=?h;C|F$g7I zlmj=wBOkiZV?gE^osIRAi;%Ul%`nfZ*~{O0%l~X53G;Q~5MLsV`jwA#R94*IusAc2 zv2=*IXtU~3d}T8*R%lh-r#H9DDiTtEF|`oD!Gv*-%I*YfyB(fFx~TA?AbzL?;B>Mq zG)aumMJfv>l6lihh838FYeu9I zCCbrwh;ROXTc5;bUN#48&BI#_u03~x3pQ!D9c*!5v$YUyKau)*r)Nl$J6r*CH#g*- zorbymRm&OXca{o4EQWvJCP6h_Po@KRQ*Df^`)ET}3_g8=X^ZEPWQPMRH?muxqz(7= z+v9BpTM|g>R+ig_UgVHz|Mriu0&`Z$nT< zsVhf*GYtI2!(E*p6pHHU?w=#8S$0tFJV=Mo;`b1})m7&|zD|#tTeW9`MS&Fd>CF&!d&} z-T21_$1VXET}`8t1N0~!wB7{1q+Z?Lp7Ze||7rNe*R}T_KJgWvf67oQSNyU>$sesW5Y=!9fwgW+ca@H}PS15&V!<&dtm9l;LB6+LEYfr{m z1M2}+)`piH5wpzuNMl0C^x(!T>6$7jTvN38s6z>eowFPC#n;p-Le8yCn3DbB!Ya)s z3ey@D#$n!%iC?$pa4STh*_=NBO8t)3=#a=y-TCTQS=U2d<;I{JMY3!}#@f{psOoc<0d!?RvO7$f|M+(#qu+0o(Ws zv$n7-xXS8cy>S1NE0GmO(Mlf_%gilzGB#trbRxS3WSxILwh4XEl=qD}A*Pv`+AGw? z4fpeyHplnr?FO9HJ;?*rY^VZGgkh23jPdo(-mgJt7FKH|8$K436UQUxlPj>(g&)tu zax)g@T2E#_b{@Xsl`w1GVuzmV5a5=FA+Wiz9i^_EAe3u>#~{~eI434N-pK-aJcm^y z+mxkYcILS;nZCY9w*AC+d`DIQn81Nbv!=vc`2hd*QMsVMcAP=WR{-0nf6eZs>wI&{ zrPtN$>@1KT+1qzB8>(rMj1q4#)&wcLDwCEB6n4%;xl;VVjYI(SEA!2m!%3aM z6N69AHQ{dg=2WlJ)t*K~+cy#))Zkg#eHapRo9u5lsk$=QeeB)`yyK-3MjB{Kdhc|1 zdW08TDI2iqwV95f98OiYczfm(dfTpK?j-$tWP+9_-=e@>}T=M)QqU*&r*spTa zek_ffh+lhv(Fq59IQHU{TPqVfJPhygpX2&kVzYKr<}pd}ozYQhORl>umC=}^r-FS^ zS;u;rplv(PFNX`m@eRZ@o*0=;a`x<6Q>W+Ag0Lb1HDsW%1lg)K{L^g_+>8-hC=L)p z-6xaJ=nUo3%A*m>sNDGSeAF{~0)nd|dd3{b2;)ykB<%A^zf+Y4?Ts5~ccyoSGL zSwJC{3MkUoT-;7IRCA-RZ&Xi!+GcB`0Qv|M&=ZHlQ1k39#ec%yT7#^{&;|@}gS&Db% zB2DiqXYuEXep?IxOSY8a54xML3l2oPyt4jF8Un*?hj94u;To)Zj)ly=87b4On;2u7 zn4me40WaN@pZ-+U#AJRHKo*G@-==v<+5L8Gu=P|gjA?P2qIxqX1Fx!W`#Ya21PY*r zx81+e=1f)Qu{%1g-%ElQVmK0~TNRfR8z%Ar%CAIT zBBZ8!wq1=?#K%pMUUvTvF~=g%#l& zJ<#M`)6`}!v3IZjybUJ+#^0SwMP)l@NnIb^cEV!AKbwmGmY(TU#n1ok zP4;|X}|MS7xHrE}$ft{og>bknk?e8LOA}f2L z3iq?HIkIb^YdKjyP&6KIo4WTK`9gw+UhFDpPXP4LqCH9fkza`g`Pd@Kq?}VZ$VIaG zWl83DYbdFYpz*ct<<_`;@BD%WI#x}4?vDlJ092L`Vi1^m;8B@Ia?9Eib6FOt)_u^pE|bqNl*wHM2GM)t$`j zL;Z_N3fIb7MV6c`x@GezPl;p68WS$B>4H)Q)<+9-%q%c)T^q-&bMcm&=rD1uR_*qx zUQLX=GB1vNP_Dw-?Tvq3+o{0o{bi&PrRq?{~s&>V49TZyn%`y=68sNP-%Dv3$nPOAD@isp&^~2w8V#MN7tzc^Tsf3u9LkK6 z-@rN*Ye{-sPw-F|!uuDKL06G&!Zu&UrX#2yxfFgTn{}nzr-7w+qxw9sA5A1YZpDyk z^s07EcNy|@jbnx(FeP3&UTgh;bV#0SH<$ljR1{u;sv8s*RHL%nwV8G z+A9=8E4W!l92VRsn(F4_oJREV2hoLJSlb_g;X}Y8Whb1b+}kFiH0I{UyW*`aD1|H7 zqODINm0jX4Co(}(iyGpkdgD|d-PYoy z2KX&l-tJAlr?X}RX(BhhFoyJs=n<)hHA_xuq`Y-4g8>?C851oiF;ynn^RZ{vTHyJhn+Y7Cbcup1lWy>U&NxvB zpVJc)ajXOa6(kbdcP=Xh+HR)h&xH_Uj~XK;kxgcp4uhKA$e2B$KLwu+4Z}uWL#)4zY-8cqX}wC+(s+wEVCeuKyen=TI}7O9-a@ z607QKgDjTK2Ki)L z&mn~IfbNr71B}x`WQ{lff`mFZmXFu^Yqj<0*|zOL`dWdzQ1Typz6uF~SHKZ7W~3w)_TWbcvPszQ1Ej)LGaX6AAbjU8bFyZ}F zV!pep67^dIQLN|Ij`eOFeTl50aMA$*`vPV&OKW^4nEXR`?g`Jzr8%scyj`$=B@RRB{{L+15&CLpm*$-DxC3AK) zFBk54cQ_C|>*1Ea>R^W|wzb)pAdh!pCf(NJZEs=^-}N}&?z90&X_D0aagEM0p(<4- zUDG$#^otw3&o~%KK=jrpw9R%RT76z%M4OqRaK!>;(kYwaR&1%dok_;`lmai?8?Muo zuO@p26g`W~x0k-eqN0s@qNRx+=WYF}Q8lAsmnT7Q$Jxu<4BE6jcsh3-A3=AGTYzks z3(TAd-$dSue^=VHjopuIV9E=Ea9Uo+n{hT%bDERKT>7f?$0kYj@BA+Gmfd+xnc{-G zI#Xj!lF$#23~Z6|pGHm+*~ixK7#$}05mwmiN)4*YA$;BYuEr9a{E4X}gTDtOpAS=Z zH1dCv2hSaL3z%6SD76F_F0t=lyFqvVBQocTL;y84CuzEqgukS*vC)=wd@><8WY4jzx$Vg)Q?HV5Hx8hlLP6BfGk=Fa0n0ali$|l9(6|WJhYab z`9tqk<0gN4taudKMyj;sPfigNPfKwG_x&UCDLL7}l7b;!-8DXcuvUHP=FuDkx5^5b zJegL~S<}Fxe(S9X%@pk|9Fj~2-968bVAyU0zaMLZ5x23Ir}(+cfg{4WEG>DE4$-P= zDOlv#ja#E6swrD#U z?dsbPUE(G-u*bUB?Yt}Qm$Al?J%T)Vt2+7Nt5Dh=H1%OxryBz6Xw>ul1}zJ=qmsxw zsi!YA(5uu}M6@DxWRa2kD^I>=*ehQdMPvTC_G;2|ydjI!EPizF;TGCZCKWQ$3Cnj+ zTWOjpdg-bW`LtY$<$BKSJU@pXo=KC%-d1V8j>thbWu#qMy<4p1fsHYzLet&Zj#|}O zg>I4j&qHFWr@x#j-nuGZLzWA;N8jYNUU$w4IIx`IiWaHWg+Q9uL`zeS131zS1IMVB z1fq)DhNp=dYMgGgx3W*JK18f16CJyg2S5d_n>2sR?XYa#NIw`9jf7N3BY8vT1ZG`5 zF`r_R^3I+nw#_=sFpKc7H@gRDNK|*4l)-j{;kmK;vZp`HxcTXwE;_6;c1ph)YP?7x ziqL*rA>JM7G?ShPV#$2%op7VLJ!FH%_$Yxrztgyp{@PAV#&L9%?yzs!T>xRw6={Bj(FC-JpG}t%h z6cisD-vDIyn2|IQ+rh1i)I@7c#BMm;4yK8VAf>Cx7J5NO@%Hp&t#jyY6ZrmxzR-H` z6Jv_E=MYQ5NG|iutADqJi5&{SV6^Dk>&0mfTm;uZH(hx?_*tl#jt7^r#Y`|c|8~Y% zW1UKXi?NvqO_74;C8PLC$0|X?fME4^3CihGzo7q+KSESirWxCDjKOAlB1&< zq}t3qCht6~IsUDB)Jqq5uGx~VsMMxfHASKZKg54vxAusAsdi+S_Py!2z}$tEI`5UT z9{%5j`;^nb|U`ta`ZpBdm_u(u}Mr z9~NLi+@D1kb?z*x&~SJ7t(jZio>ZgCbDE053{@ldJSg6r?COlA(7asoz|cgEpZuxc zjrJ~zGB$;|7RCVih;~M>c(l9&5Xf=~oZ8ss7(W&H>YF5y9f0 zCI!u`kCJ-!@_XLjp#$o4@SLZ8@oAn`7W4^&G1eYDo!c@6IHJ>Sw<9OXpLZT{i-|Hh zP{;1o7Ex9YK__0*8JfQpz_yhr$5EK*Qw*=QySyfq&c84hdI8SlYriEA`BtPJO3K2n zf8evHYW$fEny$&1z19^&L_gm~dyTH$!^ec9-VpU_19NPzr_To;*tBC|5w}_5cRadY zZ*k{o2${kjv52KOqdh9hUfvNJ%kzSEn;Io`Tiu3nQ%MLrRx8(+5dG!0M6RnKTQ@kn zvD*U;7Y}$udrgX(9~$+1Mt_~}x?UqzrSvIb#$SV^NV7@P^Ut~jiz2d#cJ-Y?P`++c z)DTaagMeMj+<td_>2ml`&u`s-T~98g zxjsZcHRfG8Yf*>MRvL6dyOIukG5EmK@9L@jix?l?D4SIkmVCZ6|0q%K@2#tf`aD~w z2b@Ps5L^bFR=Oa2%Ofrz9XZZ5aK7c)=jeMbktw4`QeWjitVn6K{bp(3iLt%KP|j4@ zPvDEapT1uS{f>Ji%DzTUSLq@PWo_R2^c@tI4kv*cX?$(ZePB2DvJ7KYZgWJ`d=^ap z+8rO~5Qt%#dEnJ8yn}i(1hA=L;*oH5T?IoLaQutC&dx`<8=XhAoqNn9Q|_500mE@# zSO3nL=!>FhF7So&8YWZJwioneR-{V>^l1DPz9)puPJ$}Ad#lZ(r$HKE0VRTPA0nFb z5#XMI3uH<8vo=up(We+vl``bQO--S<{15ukJHl`Dh8~#B?-@*@Y9NJw?i4VCnztAY zdk(7=P+eYF&vlmLO4o)*kwJeki)IeljNyN~a2dsa6>ifq=|m6qJ|sKAam$#BMjI#) ziX9{IDFN8VtYq2#!CQZIs4q;vdlIx}BF1c2LP9(~KP?OM_;7lDiYu-XZo)UJNNNRl zcZ}#mQC=jD#F#lW zk1)S8wb|pD$vfB*x@GhebuS4uw$>s3VX8?0JZl)#Y4wHdmSSIvWxr#mTbHzQ+XGG_ znl_$I!gd$o+%<653%%$#NI8P5{=vP6R^Yh*aUjT4`vdj#o*QR-9jD>)K>bA!8SOL` z+lN#+$7xoZIjN(CXU84&v&#YUVkFPh?ezp9w^;P;bIn1_Mw(y8Q7gD^KZ!89%&7Il z)?Vj~nw9hg+=0W<-kSFrGZ)WiSv5b4{)@(aPM7W;^C}ZEIKMQ@LYXn_^+HvQ=fG_^z9Co z=+&uX$CyxIxH3h z^WAJ;opvf*6o)$Chck{jLv$O3MacD0^LwUldJEUxmRVglcZ7>OIE~4@u3ETuNrt*t z#;ufNKY!Ifm~u)z;}K(juePF;KO`Gy9+aCCy(tERb;o3gawWt&C~6 zvhy|+9e(5s3tXkULLL1EInRba`Hy_h=zGcFdvE?x2VE#kg-X6zr zWUhDx?)=dafpXpM`K?ENtB0D_%d{FV<3_nDh@|Vgj}1I`bpk^_KP6H!1dW7I&?Ar) zCbXF1I%jpN(>={~5fe+Qx8R2u8=PnS>o?F;U~SnL_n-~!vY=!9`H5VkT%?OYPk?x= z%~e`9u?YiW)43v)lZhxpnkrINBQf&G4lTqGGOj10y3E*SXEyc>+xg1+#IEmAx?a^+ zkz8rv4IBTPBHm!G0cj8yJ|4f<;c{K88;5+sD6;WfX98|TLf zY{ld5h9swfovxZMePrPdCWx~8&7W8-FBlfj4dsp|Z$IkAm9MEdk!}lh^Jgk8o}HIZ zK16tAn4qke8PH{qZxqW3MwXvr!dW>e**K$BpC||nl6ERnbVkt6AEN0AJaxkE|8 zwPQ*4gfj)Ms#2C?amW(-w_<1TZ!fbvworO`1kQBS3$wva1RAz(fU0miD@&LU7vMJv z7vba*1pUB2QY`0^rKj6}F&jAl0Ag!-^Zg>nqX27?%|H^hxFDTiPS3r7LNVrHg2%Lx z$i%u%Y^%dGAk>k=biJ($13DKcn z3r)xdUF@nCkS>}MOPhOA8a=(?=in3hf${HOY*x~8>ohhpl_m3?=+wj-EG@E#L*^;} zM1=CZ;1rVaz&nCRh~?Qen`M?(7}1>FXxv(Q|DEz5L~F1N;`xtI`1io$u+oYQc!|;i zC3-U*j{5U%S!ukFnk5zb@zb{S&~`FG7(s~{x^*@3t3&jaQVA(dupk>PA0CzfX4ztu z=^=))r84!PGx}O5rTP^UzRO&l-i}I<5Yp}`6&+T6+Bw79HP;gB&C&WyI#Y>AljwUU z$+vL!%)$m5DXzE-q)b4Da6 zeY@n(EgzOGt(tvQUIGPxXzd#3r1|kOw;0_<6&{nkKtX!&8^dDD7iy>?I~J6Ciq=9}i6n=bkHcfzoDHYkU{eKc;DiQGejf%WGU9t0`0FRuz|cRqdr0*?e%JEa(fR@3r5KO$F%HQ zEfyS=LmAK%e}pf8dzg||HfcIk6{*5atf2wFqFxXl6C(yv3v)?wpTXp&=^r>ds@uem6+}Ww^yWZy@DQiFhK3eE8pMkVbWT!h+k!N``Sm>_52MzI!{Z^ zTd7E#bf(0{vTb%vP4YmcoM)p45+0PK z_kxDmNbU+Clc_Zx#u>7;x9P}Ti>QN~H&Ac05ncIwS*j~{jw~Q*-g#ymc=aw{&~`pj zMT@TJE2`=PZg#3x*GQJ@3KI897&8l)A&!1+_o}I*wY0dgHz|djU6Akwf}Ig>dpkoT z=NstQjhndqsUDymBM46Nhmwrhaw}f#5!EjRO!azxiC08!3?pg|k@I2KNP~#<6aZK~& zbo6ZOfmtL|YlU6wnM=UeC&^{-;|L;DcNH^z9w;O~w%P1@y|2*O7Qu7o&VsI_2XXrZ z^_0R^_!jdkOk%9>3^Xk4)Yra0S|UJInx5r)>dAzAU`Q@uMY=1tt!<{4;1Z%E?ecd% zqSN!|3oKfP4@pBsa7|0qcjT4-Y1A!Hj_J_$9=WDyC^Uf%V!Uo2q@(0ZOU(gWOG1>O zfofEogK-{}Er2xCk_eDAehd2K7I$Jx*Lk*0-As7IqClM#0cRmf$f4dV>3PMaac`kk zj$+@vFPZ~ly?G?YG^XPh9V4ZE-{jDK3A_Eudi6T@`;D~viSCyT-sj7g`DYYCJhpr- zisze8Ivkp*3~StpRPGQ5y)}^TnF`_F6K0Vi(ua(D;3>@0GCwwqN{UkQ_n8I>0Sb zjCv$XB+M=rdCv+ppy++!WLH+d7a&IRBq!vrp0%2kmJG}xF|zl6(e)i*O$FQ5p@rTB zLAoeaiXgp%BBB(LUW0&ii1gl@iUQK5Dk9Q@^qx=zL_k1#3tdVeNJ$_-{-gKZ_uY5z z{m;io%1P!-X6EeKduHvm7Bj?yjEF*-NaAQBV_z(gR#r+klR8PO`7xaTQg1qzNcaWw zAc}Y}ZhNVVy|D1&9G?~8=={W7uhz_jG5R&fVXEs+xcF zk=@N;?Rv^1-r`?|pB1(pb=kVJ1Jz2OE8om#xjcr%?D9YlsY*XTRXursldZ63v~it= z14Oy$&w1%C_8c^?Y!USUym@B_qv1_yt-|v@|);y+L&<*#{hC%a|}FHCaB|R%E3x6 zY!hYh;Jd??U%-wI#=DOIJE}52vf8zbvKcE{S_)r$t!FaY?FiQySG2)}@1J%mhKKzA zQA&*`Y&+o%DZ9h2WKafbsjE{%T~?LgJ86{)RBB*2^#1b~=y^;?R@K#;n(#cCQ)$%1 zl(y4saUHX9^{=NZPkhdO?kLTfolcP^S#6$%tnUq%5S_UP>)v-qf$#qIh2AJm`~9l+ zY(GN@Jzz{es2K;3B8Lt-08Nub8L>QrUZ6y_-D*BBcZrz@hCJa^wxWzD(LSD0V1^@8 ze3Z{Wle`^Yem5gNB?rCxis`pDH$KaA(7EQDs@}~BFVF4FM)-G{}@REMud+a9rC57NcM)8=geK@%}Q_+}1#abzk(ljz3%Z=sE@8!Pme zN}?bzZB%&);@2I_ARq6?Ubsl@^2=tQ#V}@;J9Jg=w(}b&gxmuP>kfUt$iUAy(5E!b zdg<&Wjl+t!&x3Ob$kNsD9WrbNb~ookny4B!)g5Xue&V2mWf;_ab9rf%&~{C{$+;os zt<_wr$t_&rzb-5P&$Rq=>mSR@841+Ut)kIt(XF(0C#H-cc{?5g8!@KAJc>$LZ=X1YWdf%qNmL$b3rM zF;gC@8(w&5>^=R4?++8@l~QxI;RYr;8LGE;n#@opTWd= z6R(ks$Ekg;?fQ<8FfE`I(dnr6wrPIK-oqDw54lep{eyetK~=%-+-(Jy&zo(r=~m&^ z52dwBTyw0-XslF-x>_jlEiv%eBA)Aa`D$m1CG=Bi2_QxEz+zm=0<|*oY21t)-J*wz zm;lBT|3v%v`-k=4bHBXs#T_HTM)442iA8JnG?~q1l4JVs{dN#L_|Hxfd2Y+CKsqgS zsFh{hjnk{J3*Y#cFfNai@a&EjKZZy7Q~vu)**#<|TMyR_N+|CKD2tVCKka%J;9rC* zMSxT~zG2oa!*83)Q?ebW9SdetC^$;vP~kY=eHzm7hDH9{;pymh zRSBvZCC5Si&<}q)Xr=!%eu-MU)Z4^@XtzHVk^5bj%Jla1iXf=KJWN0=QF5k5-m4Sd;4b3p*v%K=QX*HRe)eP=$GwNGOw2pJObk%^s$kFZ<)qtluq6b<(oN1g;na!och+_Ey%N zs#oahR|JVXUSf9JkigPr>ISYzj{7ayBZ6?kZZH5=Zzacb7O=$8rd^QQ7s5Wc0QoQf zWpwMx{KL`gIqio06elD5i0STBy>~lpQmf=q@^Fy`IQr&~##6>|9$ti1cB8`U;$)j$ znjQO_5eSL~2^c4l>jRl2yJQwo0tXYxU1f^O%EinaPGP2}(cK|)e910SL?4RnZozGo z<2!G~wOPW9K|@D@blAZ>gBR1wmcwx3!pZmsp-5r{%l33NkHE*~O%kM3oQ-vb#$RlSaex`^Y89A8af>B0|`r;4uyvZQm=Q z7J)9WqQ_j(zO7{+G2i1~C{cYI=0YtU%`o!ZfL|!$S@dUW9fA)dxNN^Iet{5%Ej-rR z(l@I9P<6QV4Wn++s&?%YH37qgX^lYE+QWLJwO2|3uGcqJv7mZ>{M4u92Q`#-S&>R>#y^z(ku*yU{g_-Omp7W^(0UWi*R?j(AB(V(qeTKk&m<+mGm%*F)> zzSEZ`r}AZ*(^$yRa!Xv1SXmF6_Q-VIdFcfWIL)V!&=>}>Yhq#tG-P zEW|^7Y`j7{cn#VgImKl;X}Ov3$ld^H7OTA}IGja!bu9dtxhRsBg%bO5raU93NRIg3 ze?<(JPt6Y2dXpLnQj2OPNr!$UtafL2ONsEpMR@zqF9ER5|5Ks^4FO5v({czS#MW7 zLtI)4q4^aikD-FpG-R9C zmB%R4p~UDyvZbVnAFATl-h`)x?T2fZ=FbGc51W@?=69OpFp>B9N^12vOu=85Lq^R5 zJKRbD@&-P*q{{xOeB#KFH<%LGt(d^gi={KGsz1u~KAKJ|ZO7*?V&^y!9AT}qEo9KD zrTx>8FOAxIz+ zEG>tgyyFuneY+n3${~7pt+1Yxu=RAWKFa~r7`YI~MS zwUUuSe%Dt;1OzY;B;%xkjVgHdHHMtxCb&XMp#v8$9QWP1vdlY~`7(@y=-r0yG#-5`zgjctL+TB6(v#GQs>YExD3S ztZppnbA!2wC#9iu_F#c6^o#>P4$tYlNGRUkzkhLEUx+zFL73YDrIjW1apBH|&w0;1 z?#<8bl?4r(bxedy=k(0V+ng}a8g6-6X6<=z0CwF-Jdio`Fk7H_*u(F0Rpi*UK=UOk z&k*6HeCYJLd1Z4YuB+o&k>TO%!_~GPCn&A;22^w~ld=J1GCe)TD9mO!`K|B?_te?I zX!6>_fazXhdfR07n?~+A=Ed$i+Y!dx{YjYZdy&t`D7p_VKTx9P=A4q%M!GZ(wrpO^ zj!=4W!53#7*IisUn{|zd&Mz4Qk79;sCZ*RJJ9BXI1kcD4LF%F5o~iVYz~s$yD0%&? z|27xv{bMe^8$z7*C=_#9KeQ)Q0~&qbVU*=ACUjRmriC!ws?;T!CQLL1LB}eT_dDpi za+hSt?1Imw2cxRF{Ja-a;!sTQ5&#!rP!y_+{U9{$1L~M3(MYug0yq2X_6|{U>}X!q zxl-xUk1H->MB?1$^2#S^Gw~M!iv5k!D3Qy(C8^hAk>fYzf8vj&{IW_~Mh{tj(Z1&& z-HSvCiDNQmY5H6WNf@rL$?m^MV_8z(OrYZuW)&_z(|d9?GNOZ-(sQ2j>Us6%Agwi+ zl~Hf6vM7YiC?KcLXsAM__%7x$`0RSuluKY(+2_NM#Z-Wa1)-=k*?sY$?ZR);H=rO) zKJ08;64kgLJ#KcT?SK@!CDDXQXB55>-eku4;4vCYjc(tOwG-w9t{BO&%~t%j`W1q^ zkt@iHdc8$&1=Tw56a(jm-O(u?T z_k&4C7SU5((1E0{am%U_4qS#cXhz4x>up?)lCw)RJ#gp!=|7JT3b^o)kjE@|?Derw z8w|&haO%W2`(m_r+PR zum0H@3J*^w8wXZy1#-?d@P}X)O-kCxey6soU!{wGT$>;7qr;rIe|Gx6-DlmJvlqLi za!}vPh8zge6;hp=jec3gvAOliTgr}$1~i_RPjiCQ>2rIm2ksz~PxqG(qH|N?QJr|+ z`Kx5LFH;Q?^pUHRR@Xmu6A{;(j1f^hQ@&-sT0wy_G@u4(5-)e$v1;!3L$g~(@GN%3{l`Rz831U`Np zMTH7QtIcv377V`vJc!a-9bH`-fZ(gHp@B2p9gAKjCdLN+{);7=P#7B@&z5$-mY$y8 zXY=skLtZ|bf+RhQz1A z05o&jhwf$hvR1L;NjiMg06XB%eSM(ucqh%Q>^)1aL%O?PmI7F!b}MlI$<&OR%+B}} zZf-zS?8Xo8@Jdf`eCI^4!gt2!FUvXoHw+tFWz-1r`*e~4OncNC!BN}x8`gq16XT^E zX$E<}^mQuV_nw+VmPAiddtpwf7uB0w(YX95m5Y|meXF@$ykc>E{)kq=Buf3CjOpxHot&&GZz zA?dWjcSnh+Qm*I{u*MP%*{?>LsU2X)dY=iM>Kb$zMvU~uE1+i8{xo{DmH&e8_k1O` z)`ie9MtXWR)2zkmKgRTDsg&JUDhWwRB`_b5wP}k+BL3M?SJ&6p(5qbdtWSLY{26e# zD$v=u=aqj}%zQ;h|7=4F7WBjf`#IezO(}x|>Ro9sjTgPTAEZD$FqFPcgcUSvCglZ0 zS<2**M~}4hqRD5(pEIy8l6qFfrMDKNPMErD2O&@j%RoV5Ox;op>xb@--K9gKOzT4B z+(RHfuBbG}asaZI9zr2pO!2yS$4pm$C%3P@lTY)=vt)7nvCl`tndciLf@Or|)Xu*o zmraedk2xf7+i0 zm_s(?EboXRGaMbbyqhZ{hL)!j7i#!ixi%L~JSClacV)|Uvt zDXPcHIVEV!erYxW_Y$!Nd}m3ZaamreNM>jM)uHF$tISRS`Qi7cLx#!Z z5r&{i{nvlq)+IeSIOyr?!(dzh@7-XV{nIEF@TfeHn7W-`rMk6v-O0T-_}x@547eh76t_JiYv?#vsuF=c zONU;F>*{v}>vV&5kC0EBha(Ng%U!$Tn8&5qz2DXN2v4r)WWS|_%yVV|)Xen;_TS!d z^3y&)4vS@}QGrrCYc*HTHzlrqtY1=RL{pXh6tHtbErl?WMIRwh|zL9`$P8)TXXy{_X#533%A>k5eJI zp1Nj8Mwx*Wg1=FBDg(t+FUdcYR`YmosC~ev%&~I4*qjX5YucTrtQ=An-MM2=6+bG6 zZg+(|VkVX?AFo=X9eT}=Ssbq|{`OuNP!45w`n-|oUcM+ENOm_i3eikkIZvchAF=pktWY- zl86bp>>D}rFca$_9Q1E4unFX}3=~Nw5X1kt2nyt|#K|h1y|(Z_ zkTchjb@yLt0@i}QZ*Hqu-l0lJDXBD`wxPg1l=a_d%;J`&F!+G5Pj;OuG6Ev5K%2p< z(gKw+-3|sblWtKxT3U$!oN80qKZ{%W8u;$Oc!u<}2~}Wk?kKJx@(C7K{a-p@;>}<5 z{^<>IaNMVs=&*HP*i*_o6FBi&q7zhfcX5XiNcuiJahbt|Bzv>Iy6}Vr>59bq*hi!p zvbos0FK>s?CKO$GPkyKtRr0m=BUY_^w9m?g1A(5t1BaJk}om}ezs z%aSu>;qcTq_1tDdPLN8JeLZZ}B^Gl*_A0|O8i)nL>sx+L%7@SjSS*he1b6u8T*dX4 z%7^Ku*SZHsDHsOb+8;#dz2$ztfFzLOmkUS+3;`ta=UtX}H+UwPh1b&I`4_`N6^_4r zXCFL|`w;(0)hCNM;9=Q&7^os0>r((9CB)Gn8hC#jM6iPS2Q=#K;_7bn>t>V;xx
)9HW9C~(*)ScUD+kI@J|m! zsYu3Ke4I5u^H>ha$6rCsI z&pS;D*O2G@1m)zL>zm4Q zye+a1cXx^1REaObAr_;iE{^MqVVj?0-Xv<0zbST%5-famI&3@6--W*8Z?v;;4?WMX z@7Mp(qIEiX^>f@fACilUfH@Thn+G;B-r>Ao19NURxPT=n?@(5M>=mVRWOfp;-bA3e z*iP%j)g#_DW~1g*h%2_pC%I2s=CpXq@H=O}*W_Vty6fC&b@{o?V)ORo-->&P*J!nde_J`7*xIW8JR=|#CPl3HZ@yJEOR>1N-EpihH)63^Ge)3SE#(ZUbj zb^S?ENG|=<{lUlDd4Iq`ly;Ilf(F)Q9uZ7)$ec=L>k_$K+Td1|f@LZK@mrL9_5k(R=m#NF6OEZITZ4aACW|NOLDyif}yHq8Y!DBb74PD*jDGIlo4mB-C;S6mCv95(>Ki8*cm} z2Aq>S=&}-!@Z&K!9s{>1K>VKgG5@1{2x&WW4Z9{RFiqMZQ8?KwTB(&axqa@>@N zy^Z5k3Dx77AL&lAw<)6+FPG^rVSDX-RTMM+)i~>b4d4O{ttAaZlPwsBEF4o?9>r|B zHV%UhA@~em(HsRXui04Vm*tR+3sq+sNvSTSr2fL&C9~1h-8t3cs6t^IkrZTLu-*c( zX-j@dbyC3-RK;w*0884hFmr3t>W;N=+@Nno?@xb;Jh;m?ys}Tk=xn34u*KPAXpKle1{-q!;vPf}6C&0F=l=b*QOs zm|*zHs*@|DBJOSU@OE8ZU3@pi&^m0zBEXaAr_A8KnJz^lCwWFp*h1NO68VRxkXbEq zEjH@0XI$=)Q!4Rg8pDyq3Jt!k7b70A4cDB6q9%pT@bBixmfzE@wuMi*02YxO@6=lM zHBafk+M&qiP7_tYht1}dClB)yypo0(<~86rM)~TSlOFbU{koO#I+!;;x61h_qB_s&YsEYQvum4Vhw{G zcJ*rN#OG_*vt&65&s_NB$Fm`er?6VkWe4FKLoKq6dQXTy&m%T4uLKVdMbs?@x+>4O zx7xC%RJfNP+ZnGTS7zuqA9Ti7+^32@3J|DBj-+hhjOts8+4-cQ`>B@5JJqeb;x^q| z;;ggq_H=m>2l!aL?WEmaCQYWs36Z!G8<5bO;tT-$`i$-=xhYXC?Z%4vf7^F3p{a^q zy5*;$mlzR#@nL7Hx|2ZEjJ&`jbrXQKCW&?F;kz4kvZe2C1OjX-Uzqkn+QYIP`_}fbK zQHj2R$oTMpTn(YOP5-0hkuabgu~g?_6Vy&5f z#P{iS$__Sc?lm)9`ZZs8!VU%IWw_oJ6@Fy?t-W>xnJnJh$^dYE(%MEn<@{aekH1_H zec+a*f_1$&0Pq!hVK;D@4>j2>Lk~)4)r)_!4iU;lBU=O|Outp}>W>RVOQlbBw;$TB z=!?fkjuNuKm#JE3-@Wf(Zs2;0&;#=$s1JDrN;_q?Z)9^{2XE-c=#T;^E3fKpoAUKD zeAQ`k3iuO5JPQ>hL{^VIwO5U6E;ZP`64*%w2>esFz%3n)6?z}zs)HD@|v)|89 z1i!NF1+(N3Zm~kBe7H0;Q@vFv(3g|{ISHg0EdCAI)Ak>U+XZ zwSx>k@Z8Za`y}1?fD8uHRu7laizZoJuIhY<9of^knOJeF39rCVVcMV}PsMBu4>lSj z7w0j^aFo#EE-W>YugjR!o*uW~#T7;j@kGwO3?k>haaR@aDcp&M7(gC1>N-SM4B<7` z0!09N**tQ93J?MntI(pe3?Zm%Kmel9O1=71#IA=97jGN2Vslh$>q2vME<3)cDf5?e zM2R?>MKTa2vQpzii4+fLfK-UGj)x5ovg}pw#E=ezjk(1F@E1~HQ5w8l;R+k)(l>?8o zM7{^k9|o@$kw#2=Y~1d8Yoms(^b#dRABJ~#IVa0b;;yTNvg~2mZY^>%IdcV?a4tM} z6L+B(XeKsMO0a6%8;+RoTiEnYKSrb3e*gNm@9{Qyt&|M3Bu&KGOg|QWg9zfL$W80{ zj5dBGAC$OQf=XR2;mXsQJB0f$uQPcqqJHC&)<+lfycLPyqOU8_`xC#>_uN?ALa500 z4}^q^hi`(puWUSu3@%%1-GZ?GlvZ(D zqMzo8PPy=l(0yHp=N+zHes8(>jd#pMY$_~Av9sjxq+46eLY8imt9iwuY-%bvwV*(; z#tAXFLdE`biH#`B9`>asnup(LPtZt4JK!85XDLM>vAV`m=9V0R{Yg%jF}5UJ^`8?* zX>H^`f{R`T0+a9YpY;PyAC@MXEeNP(MR}2DUVF_jOHGrk>)ALIQ@){QOnA3LkOLQ@ z{q7xPR{(29muN-3A4Z8wdQbv?86;4e;?e+yL(;fmy|;L#2p%V2qh$QT%?;b1wF}`( z)QY{h$sjNKIpU%iNa3R!0#cCt0=9QGR=uc`*i-0IY~{^AsIdik?kEzAITTT_BL;iVdwM zuw582pQ74VCKt$CB$cZOy2#F z0@PPQK#ihNH2%JPa_axQtRAN(w2+Jt!h*g#Nn`uc>?{gUpVHR298dib>C2U4~G?XXJett*a4 z#;4z@c;nOzs1iA-ahR?QqU7*LWpzL6wGQe)wT7P_yoo}*__Evch$WANz{-btcc8)l zPAJ9Q-tPAo1|+BY*@kzVol+XaS$S@#mN7Yg?G7|cmbzOOceh8bvGXcX((-e0NBJAY z-BLK)9pz~=f#uz8%~A*>Bm?SanHBT#{zt9)^*X}@AEOr3-Jn}{q_s?WlqT^saOY9| z6oL11X)NOY-ppfvvd9tQ&g?h7cIT4A+{N4!ZcHSVvBBT?ti7g;&%JV*2&Rc0CE^h$ zoI$kRnkzUy_U}~4_VZNn)O5qRhm9Rx;~p|==XYgcU!-KiJTz)6N*}vDxsi+@P>=rj z)&3C-033;N1uGj5jn@?VRn@%Z@dilAu_2NzC_40<7$43 zEIAjn^+Mb`N(Xrm*$eX#Br3D23SSh8Kh8-b?>u!mx@bB9H=QvB1eJ?$eU6(8r%=I7 zqEXk(d6uYcu(v{%mC!&2-GB&eC&4IYP%Cc04Bc^xo_WX<{`e^L?RzHC*gOmnQ^4C@ zZ5P6Dtz+YkQ@3k>yMM`cH6dV~{Iq#TXBZY@jT{IFINF3l+KuQ!oMqA`&FiuA0IegX zjA-PD4Z$Pj4vf4R{vua!Q405jSYa=^BtHr_iTJAF*PhJo$Ru_3Dk9G$R;C#j5A~N) zyanx8wVOBFzPg1L;N3Au!v@&3jcjq_{rVsa=P8a*|q!Q=zfOqyIrY-fzWD zbL#5<(gptGNy>X!fXqt3`_fETKz9+=Rzv-6P6VD!N4Yt|)^ag$7DD@j$oIAWg8gP$`N#>s zH2CdPcYV*Wul)sij9dGkmHqhx=BM1r8+6{p-}L5D{wCDQKgJ9ncfnUq*3ZI!=POfM zv=TCPJy{Vs&y^g0GXd=+Rjh=Csnq#fg!4IceSez3x+lq2Ml`usgO@(AfVe$-Tquv# zLMbe3<)I#0H0G^dsvWF8fp{tR^4PT!=zW)KE(pfJwbm4bNwqYsjcR`=xU+A!aOi(!9ANRhp%@r}LqKZL0 z!H0SI9ReD#k12NiW{HXKUvt0CsB)4Q5c1NfIZuUkLod4Gfod1s+)m8YVvI@$B$ewU zKSC!H?wd(4YUqxNky(stol*@{N_-fVBO0|M#oog@}zbXt$)E>WlbhyO)wDH z7kbyNueIY4QeOnoOD0UN2 zM4}4*qln~~!=c~@3&wb~w6wfw&&bI5`u66-{*e)`?)*Q*r8A!Z4!WTnneo}#pxye9 zA8%|7<@5nOr+qL-;LBbO|Ijb_!;QDdaRwQBgZwZ@zDI61#qmFPev1Fw`&^-EQm&If z#>c&P>q#h?VfF(Ie|a3&>dYHGIQ*AFWqf^o`>ch9gjOt;&NBW|=6RW;7Ta@d&R4Fc zWoB{(i^#}iiiIpw{$U49=y!hqzs!AY!WH4N+$0>b+=Q7?xRfo-RaCkVe@XCAeMq&w~H;v0re5^ItCc`wU4dHpk1)qzq#j7LFq! zNzNwRdhlZ>GI|2t55^9?YGB`979-fQ8w>q6WBd1I3gf5$ZL8cG7xQHdP?)*OIi02N zLg`NGzh3yC&-+U^{`EJXA)oeZafY^L2ckE^;Zq(8r=kCqbXYF$4^{F%j$r|rB`TS4 zGVMmh;hb$Z&$I>kI`xl5607!PI?C))eOXT9p-9?%N^j%B(&7JTK;VrvE44qAk$;X9 zvc`~MPKmgcLa1O!81Pqt`{!u?KaXDTN=1Qr<^O;5v)*O;KlGuxG2sbQ93}Nv|4%u< zi{GOEpzBS1L;8!-%#W1w+K+!~!aMS+VB3)>Voxz7C=*bbMka9V4F4O|W?iZE5Fhbi48Zh*A?H7roLEfDn7 z4idzf+Xxz?{MzFEA2ri0{@b02-x}Hhm*;&0(|H(ngl)O&R>Fi)EHJ$9?S(OUw97QL z?ODLo36PA&9pqJKw+*Gb^Gv#@JlJ+P|J3y^g4Bo_x^IqMcnB=Zn|zN>bCb3C+unhs z&C79YSu&oSoJpJ0uBWG`H~9IJY^(otiJK3C?OIw|dduvKJyq}@T4YDYd%nO&> z56%pu)pkLhPH{!CWvCu}sX_f2lezcKquVxQQSAT)GCixL%sjN))L#uKg%}1xlU%hF zpIrEJ#`a`)2EYIWSG4l{xzO!RQ~y7#tY5Wge-QW(D1*7yfNt|*Zb2y^O+At-gd@*t z_D0P#P14U`86#vZq zQ1WLwu+1S3=%oy701A|OJrL zk#B};_L2dc#9ByEg%5-td@Y7vrrS;B)sC|HBOJVKPwqDDzY@0{HN|KxGBGS?D@48W z{^n+Ss4#s@7P4z+x4;%CBWOv%WzKAQdDe{-V{N_s zQ`3H04h~o+A=*?`?Pe?<|oU8iZ_i|1svg zY5{Nt6L$poqno=4RL*`)AK$yHOYL|&@I1SnQ}s!?VGO4Wt|*8$9KDQ+(pZO;NUUu}yUp#_UvL^N=^X_ShcO4W743Bo zII+zv(VqpXZ*JT@3l?hlduRVk75mU@8S>#PC@RVx~T-OkDq?d4ru8E?o!3U=u z(r{j^;^ZWKU_PlCkSozfJp6jZQA~k7@{o(D2YfPhyT?x+F~`XgAwL^RJ@JevJ;~j% zZc_&^T~jcQ%M(B7Deqw9fZZeqy@=4(R`PU|zFcE3oZug9EgMM6_HOnI(zSpL^ejj!EPp4)6si=5}k zIDC;?)VZ5f2_s#52Qj<6(}9>{;^9DkY|F0l>qfltYhmbRDm?F6lP6=~aQq3H~zqvps}T1dX?fzAqB z38Z)9D&vt_l|~c3a@;rR`Ru!L1z~P{AD>0?5>VP}7P0+`nhlyZ0>_sjp(1rYrqHSN zh#uMgp@Pay2MlZwo^3I9hBAql-6@3I3dJpJy&}uOULhEt(RQWuXi%Lnaa6& z0)JJt;FhY{I)TV>zgtp(;EP#jjzN%aEJ<0<;bX2om{1I9yPo)xmrOcuNHO7iQ z*x`2gh{#q#caz%UAESw*V4EW`NdQOpoHceYRNtK1nhW61Y*Z#?ouR)tB+UCUMG#Ee z-NCDGPE@b+W0EA)I>B2bNa7KoNOce9bgjoBiuVlxt|gfE{6NmhsXp?@rf#&JHLc(% z75Cm|^h9`kW~2K3#@Edkzj~nuy>tb4UZMcw-+Q?3eOlj{frGnqmXFG)Gj~ zGpFsCI^wJp(yK!;de+3_8Mk+jyHR)om2lC&)7^>^Z)fNTK|-h8dA-bDl!Hm)e1jj` zTFC9D^Av#5BmDKe=(YV*Ma52~rrmJ%e%6o$n+s--_Nn~vmFrEocpeqExU1H&!IQJ~ zx`BBlZeI*+pYvF@(d=dJRL!%Z*ROhdzP54MFKK2RnWwT$1<&&cM zXJT&Fj&mW-R}H1r+{>*nO!i%0O3|ZC(9vGir$<&CC#FVSTm|u@Qx?e5D(c_ksEaBy zVw*5p{X1B{R!n#G6x^m!)mh|covNn9qoFt;l|-RBF3Wio;~nABgpqDPulJ;Ol0Dl%EDBk4gmawNkh2UOX9Cj^(mB>fnZhQxKMWs!s@-(R zOP53AJ^^!%x7ulY4x*XT@Gn>h7U++;*$bUeH5(!3bRiZc41ghg3JQDopd;xhG=&5BBmc74# z@U}Ao1wuwQ074fN=!HHJeFYKHy>q&dZS%OxOimT70tMN8} zd)AqcP~?dgMmn}KfL zUw%vZVLtBPyvlx-Cx65l?THsq=pGAcr%{5C3;F&>(M0jc#Z6n3wLp3FR~okO+i)<` zr<*eopNQB$ zAChP~V9@%;f#qatfa`I^Phm84yv4aGnPr1^D-o>{BBaLFWaQmGGI9jDdFZcU0a&JK z^Jhe6Ir0@P;$aETEeZt{m_Ds{k!B+5uWA?!!#nuCc2g<ilh$m);Fefm@jfaHd&jj?=vYj(p%4w2Mg~`Pc+UHF61i* z159ZQPetzL7I;Lz^XwpeHWZuHgAV&x0tC>I;Ox9q8JezRVeXquEM;fVkGcU!rhsMl za@{MNaU+&4Mt~!DgF*?7%Zz@NJs=)_Dj3qKi|s8y<|IuoC21YIp9F-eoFgAlrYN5| z2$;)bH>xZcI6+}v4}A!bDwQ1A*^8YbN{~v;&5+YGpvH0&4H+c)SY&D6^2XA1z1GJD z56X^;MG*ezK6Xj3t3+A%D76mc)1|i;*Lq2aiq7r+L=(I#@3K6Wga_}Pvd@Pc!hJO^ zE(EdXc*Og6kt#dKs@|k-DpZ}pWI|a*=_ks z|9hdKoOavX)>}{!D{m=H>k-OTAuFbz?%TAF2!(k9rqv8P$VbVffjvQlHOlzHhl`|3 zzjh6vNA~N3DQnDl_LpP3?=PE-ba7eNWaiSeiv1W_XKw;BYtd60ay2;VVUOt+*02LA z#hRI_d+Is97%;9Sh$z>>DYX5W!(AJz|HZ0EoFeXb_4VUvx2*WX3!j`E{j zg+{lp9nQ#oR;F0wgE~+zG!!vvyX;=Z50aY+Ca05rjH%d+t_m`(Wez)NBMDas+QlCE zFWKf4eV~6M4R;M*##`6#^jlO%W_!bDRGz)}Q1~gL(S9wS(nQKxd1f5?5YWOL}6Y=E|}52;}(v zN1w-npOaH2&LoqbMXDs`2Ck+iDQgY6tM4lDi%-ul{S zJ}o1~V_Mn2T8}(T0Si<{1Bd_!^*K6KJe0FZ{e;I;B3Ffj##qC(#OT&6jB?S0F7$XY z6lWV=Op;6hpu(M>@bJyPlm()K=626m(t9c`gtA7R8m^GuJlLh`kxoN~+5rkZn6sQQ zLVbQ3yBRB{(##rmrPpsi)EzLqmGL$~EC;#>8(uz|<~=Gh(0PZjS({waYKq(Zx zwKTJ|>lrTfO{Od+)+W|{y=Z5NbcACgz8yM8iww_C3JaF1gkFp+f0aR|?B6bPfnW4( zAL0o*LvOc8<4?#8rMvO-BxxF#S1aY8-?`jzrWC_p20!+LaWXGGV+t=C1sHYrHygW& zmiWu?VJfW>EFdtp)8tP;A@?{`8Bm~oP%F(D6)&TjNJ;T!SHZhtaIe(o$P`*%Jih0w zSl_!B8d6N840SHl-q*)GYO$TOHfTd8lEucIs=PhIoeTuqN)5x((ItkjH4#nL5g+}yMf&I1n4-z7y6w4Qb>qhq|(visRBztyJB*P=oJ1FI0jstx~Vf)q^@m8`7=DD7LymmiMnar;B z)VN=s0%AXckbU$R2HIPn5 zz0iJ0cc(k@8r!4hk1QK{aTSJI36XC+rY#(ZtTD#3plPLa^r55e;uX{9JUx7L(*54O zk4#(HS^!(q9!keIQm0lF{o9nKwOLYDtFd(id{MPPUb|_54b%?{@TINuv#`iyG#-wN zQTxVuHL>yH!Hf8T)k>G|^Do42QZg{0a(#W^bL*1@p+?e8$IU2xELBMG^^ft!=oiu9 zrr;6x*b`AUs@5}|CMS{}S_V~4IH{f|6>-5u!BPG|_hiy1 zS)(4$yjCvGUizM+%ujW(%Xanzh_pICxIw;&?-cL>_dE)RpmR514+&`ISbD&E(%AZe zHGh^0kNcprHo9Nc2_L%Jm6j6qT}OQ9VWb`VQ*G%GC)V%TWLq!%*n#2jj>E6x>Z7FL!Iknllci^=FXs=hwFQbdEpAgohw{)pBQMTq^a@BlF094R zEz+n9nu$fT$mL3Z%mT8&Dq*vWjZ0!S5rB_gaApO3AeX41gGKb6^HiAo0yFgNV4Qh- z3lpEY+%N@MyvOTP#mKzCY*5USl}uw3tkSm0u8_IF3E<22%qYV{ZpuauM(^-!-basz zbDgsEJc@n6%A8NwnqQpyn56XH-5ZvkTy7%u+O;})CknWzZ0MGyYzasrRm7*IlfrtD zL~O4vm>9JnJuvBs2MY>9XJR9@VbL$*PbHVjNQ@o)%sF%aA9L>+)l{>F4F_o|%}xh> zXwng+S3#wNg7hvRQbX?$Iw}g9&^wAKy?00gC>VP05Rd@Uk`Sba@NS>yob{e_*7x^a z>$`uz&Q5mrWY5e!_gvRCb1Tz{q}vURUFcYBc^v527={QBYCKbve?|kDqu48&QM|^c zLhHcTQU1tNaLF~!Mv>y2016C!pGR*4zp50{<;BLJ?|Gpv^Hw^HfpI9ZZ>@7al%^** z)F1tFfIjer;I_i^o)ueR;yzuv^~JulShsPy>pnY5BigMyfgEKG?m8JA$PiFC{_uhG z?O$8Irmq;|7bIpZ9M@eJWuxmT@yHRD5QeG{>oLN1i=+PV>)1(7Z&6O%QHQ6 zzfZM74H4ZIrLi{r)-&B+a{TC*&G-MoXE5xK)YyS@k2g@l#>FodxsM1Tc9U#B`s&CM zJ-*N(%iLqPw3erart>FBPw@J=5tQG>yr^X6X_b)T9Tzx{i^U{4d3CBgpg<(R#GuEx zRIBB(E*edp8yRBLK-R$Hho9aOv!^foPA#3024;xJH8?upx@Ek7D(uje92jO)q&vH!r8(qa%oyz0rF+M%6x9-;v^oPv}|3$-6DRaAu!B6z|VtV7_DL7}2+e ztjw!@&=QWIn{E#^x-Fyls=_?5wVw*sl3f+b;sz|F?DLshw&#q&)ZIC#?3>*ARsH=n z^LrZ*_CZO{KspU4{K~cLCo(sAS0CuHyw$!O*ANn7_ei2FliCI{OoccIUK#=;87ph@ z{a*5{d{4-~J5};1;1F>3`S1(k-3&InOc7E?r~Y&LRVpVp*B|`6(xdtCAyu%#$4qyJ zM+>mkG3AR4=X(7Szy$U6)fBrg< zkyfyhqeWD|j84f$Y^L+}*@Q99hB|=uI!Gi$-qeqSuE+GpzqJ5MaT56_U<3(}KG7@} zL#Y4i-PeEV?g++ za1IXAS-;lNne;`PHC~Y5TIZWXq_k9LTcw5RrLNGk{IO|1-4DV=*@a}|j% z?>i7QJ)PMbo;}nBwXAD{R8$%LLV}z?{>we5jwH@FLb ztSNJEP_@^looX@U>icVO>oqphmK!3AAavL_EX4P47TqO$x=f^8`jwa8PZwln94UQ= z_X%0kVhL!)aS3s7RPcp{o~<6_t12WUR5vw+jpm|zVoe68_bj4y+rmY^VYypeKlXu* z`nWmr^?<4@GKC^dxV9?5gTvvb*b>VfG8(EO#U6pX5Z8L$?8#~RR{G9mE-}X!o>{Lo z#VVQBbZT7Rq>4-%US3tt_pCztTm(yRi^f~2yUX%$++s982fD07AV8@3`uqRH<$2M( zN=V?6muF4ex?%J15BMMR(%HG7zWyeVIBL5-J)KEhTwH_6?QsAAUwtqvtgVFs8K+K8 zqR3y&dq_JwI~Nu{Bys&=&VHc&rYnEkov1UdM^{==n^@8AZcOKQA(34awwCldc@)gf zPtN711CdlODwIJ(@JpOo7d4&L5IwRqw=1vIj3RT`;Ai10P&+RvU^7N8p)MM<>ejl+JS`=nCVAjkK|FfVWa%(~?RG9sc)8StZ&z?yXQ6(IbDL zj`{rumpgWOQzbY2{Zxa0$Q4NK#ANc$y$Gk8ZyFa^tMlu!;2Ab2HSA0C+7 z#!^I>3^uql_gp|$cCp*AwCr5J8o43C527`8#1?Z(gz`*XFg<7gaq&{WQvJi|6P@W$Qb-5|9Pm<)nEwY7fWVowvUXcid z!O8I}PEmch3gZc@*~Mp0IV7sn zNgrQQP;_%%+4mlHXokf`7+JX9>9{pnZbxpO@a9d^ zPQ#prwmco<(?6j!8F1bnNU~K|SI71@nVl4h;p)$l2LGFcUuX@e4c>Qgadk~@&Oo$kcao|q@1?bcmqY#pa?I<4SPbxE6Ed^_B^(x{!e zKTgs3K_f)`v~T^v^Uf=$AdG%p#Nn%nAlPzA?E6%Qb&j&jzF_dTV7;brSxnJfHASEU zd0i5oxr0XEtxii;2|*`Big)aKCU@)V2Qn7=S=?~AU>pr5H=b&K;^-a z_+@m&?`F@DvL$bQ&N>d3;4?@Vcjz&?^4(uV`6#~J*pr4OLWwL_Jmhr1k}QwmSh_G* z=?IdPh&{uR_#U?j-cVL#y0N+Li3EEv2c6yFJgYQ%${v&ymhrWy zy!C|K_-QK|y-4K}Z+Vt}^XlpT3F*Te;4AUZ7sLXt38gbW8Wz8r+8T;Cx6!c89<@|&*hkxyLJPc>&r7ok75alhX9Fp*BakyTKnKc(2?o6`=nrnz7u zsb01frx|2S$>dhktS0%yn7!IMKMIU`S{k+Gt*Xb;FB~CD`98;GilJ4|R-cj_ryQ97 zaT42e6zZP{fWvPs^|D#L$=APcRH5cs4& zE^Baz5a&d1Rlu2e6R881DzT~FFDsb;>JL_Uo`1WKYBtK~;qD=IgudEE83|@%;m8=w zU1Pl%pM=}|lk{0=h6y@ya%9sI)a*UfcFS+SW0HJ$O!0@5MOmk}dXliU3_0O)z8D`< zT(Cc@ufG^R@Mvj5ad^^ES?g8ocZoY5RW4FJcIF;|_2|r7_+aV^>0+i^j24eHA{w;{ z>L?TxqklKsNVL`Tm0XB4`fS|-`l)Y#e)MpVYVNPjR|!SgQPLaH)HVzva%}k3E%gy4 zdid3=m(TVSu5Nwny6F?0z*A4l{4>latjb#fd3vksQ9|cbki){2Fz5LCkmv-#7oe3m z?8!zd?6Qx^Lj-Bnr!!43E6%iZ9Xu03IuhF$JbaYr1cqJ2E=FKt?@JS6H;(+=wQa%NQ^|3W0p%JaRWAN54R3*+b2dF1t;v8jP@yrZOk-kxax-1d0|Wdu8YYlZwX za%xv5&vWD$d3<6g$>o(#*SK4{+*RJy*|Rr*LmfvJT*j;G8BaP*L^DiIKewdS8HoM) zvV!cfjObCh0N5bgeG12ro%TZs^sS?;*xwyAJVOpnLne+!o`#fdEmR@qqXy`23zMzg zQhgeJBkX^*g|c1$Ab?r`vK(~z+qcJ!q$7oN8z$N)|NTx9*Rb?7vb!TN!XuykC8ha= zq_rik?yF_uG)r4#2+`i1ynH}elS`?`_|(WCYH>+yHRtLj6-oT_nT~~xO>dftQW|w2H03%2J7&-3C9j1o73-+)p#RU6QA3J zswBBbOHnC`hULC$+@h7wO8>&Ar?5(kFYj z|N6`LfzbFk?CFS*>KJ?p%^a~h7Lh&TzOt6km6jLix+FIxddVg{{FMOmu!2rWbdZeK z0;1YAbjWZOv{*~0aA%59T8KHcy_!J!{&rJDJ^b;Jx7ys&meCHqa=iAN$d^&NUAsta z`RD|C>ar$V->e@Bd~F1GO<_-&mIho7=h-RdaZH=Z0PqzrXQlk;;ns83FE1CLNM{~` z(k1VN2C3igv18-zp=Q+nbSVo!t*f3dyid8b!DV#5vmO_vkp96bA zSHHT_=+MVo*#}d%Cfy_-yL>;$;c>hwi##6Aq* z_@8O=!$C3Z2a`X+^OIPBhyL+n0&?1Hw|pbeJ6YV z19m%qiL2{KY|q8t-smP@PB9>Ucra!763hK6foF5r`8k`6TBoccN9n;eXVnjME{dk) z?bZM>;u`=myCZnKlp!qjb!b!;w~ zZXhuvj|6$j+xWROk9->Qxg`y{XHu$arA7rCJM|Ar&sxVuspxjtLhOd|U?joEj&R*L ztZIrp2|;PoL^V1Z`Qu3?BgY)*9lQVbb1OVU-|e76c)}})#_fThTRQel+|3k`06Sg7Qx6jDj7dpN(H>(hSN&ArQo3`I+YWqaH zcJuALNBE7c-wA%PqC>BX-Yj2nKc%AC1ZDMgra|z9iisv&Vz93<0=;oNkyV~P)KbfX zUfI+@Z0_apN}ueSy5&UEZ7w?RQMZw;=#zsxysH;O^A1AtE7@CE3tCwGjgW8wnc0iN zIa1E*c~fw~Q{wQn$4zg2>Bj2-6->OV`UTJ}TtIJ}nVz>t&#QZOBMTL>`W>~I>wH!0 z=>oHm6Of@oMy*71&~&7gw%(8E-wGPrRUl8*x0G)KOs4IRAG$em-f!%PWNH0!jnN)w zl-;v*{_)1e^WfHkMrQM^W!ul~0cMKh4YPi3`guD^Xz-z;*4B3JaFykIDAitq-5LeW zfw6Q)!L?ssV===e@bFTHwo2LtstPpp=hD2YsVUP0|NrU`WLN&>6oXbS+Uvc=JXHQn4n_UaH)QY!GqvS*F#{sL#{QBU>5EFB_yfhvTKP z8}BQC+LVSTagE_tQjFKG#rLDQx>UbYRsW4DN6HVN{$rCBty%Nu5c(W>be4&{ z2|1aRzzQa-c=w1MlE8Eeqd2f0|J%~WqMRv0l!+oMm%7$TRc9W#1LS`nX5mte%J_2o z$YhKKu5cDuLMvY&!@5Xc?6O%-W}=bL?a1r!Wmb|3IcBjubv28B;hMGMe$nUUAq45Y zB5n^EM_2W`27jO*^X#VH>-bB1RQ~%L2wIM3uYCu(?^?@IW=bK@%qtA(Dt|%LBkFXjD=u0pGMWn?p7>y~QTbwM zi!9rFCReg?mUfL{u3eIZm_uhJOZF+@Xw z%WKMxJ}0J|rW;XcC)kC^`tEnG8H89WL@uolFetKDHTECOZPaa@7C(9~Y4BNttn@!)45s#^t;wLNaQ04n~ux2eqGM4{z*DR+C)upBV_|9v_ ze|`{8maIlsq`+=)y;JZc_db1-uSi+=Lg$bo$Fw)7Xb?#4nch-J(d$y?{dSBDX93dG zoRm^p5NO+0q7}BnchWbtvv)gsmwg;?Z6znOy{&k)NI!P^=)uX)=mUYKL)pL=659%w zCkC!;HTYa-wO{Yvh)5r{UuOQ^^No_zoE{QB&A&CCu*FH{Axbv9Y8DQWug@jVd}+A{+8xW^#~Yf3Ckg z@om&hOoUk=v&_3+uyy&&MD@A&QUqh;jIA|-6UforvHc!YNmHRfojdCgxpijr#EYqh zFGBv-O9taaGGIbfoDsRga`ofBByxx|HpHg>O(&>%Wr^rqRe14o?Hws$PwVGV1Ff#h zf`^^UC%=@W9!V@^tKKcI?I;-n$AgX4f?wFaFC)hz?OEONHJmi1?GWeNM*v~{=^C?$ z?9GnuABbc4-OlRh*JUNF5nF{GYh79WpN)7$W z5=}7oNCRJ%e5A9HRG(;%xgVCT??fAZ7`t{=mi4F_z0P4{d#4vwtYA$OeeLB>{|Ldl za!z7xTcau+R zp4lHS%~^_x+$>t_IJ!ZDPnA{)qB~Mt!mBz{Zp*Q>fyM0qy0LH4;ivY1qd)iMRKfxW z%{aC=qB+CAP0%I3Y*DrKAMwD$-(3uf@9;+n_;$Yhwnf!x$_&pDw?Nzl(|hdRJ`vBh zaXw2dlT);a;ESZy$h#HMY)fzBXTDc8T_GJv-LLP0U;A1TLHwx_5NrpLb(44NL+w^I zUA(0uyUZo>2bB2_6Myly7?t_+pfx^-c_LzRZBS*HOYG}C{>hS#n9Z+o=V6zvXDN3g zwRkw?I4i6u$7qB+GvC{i8J-BXQ#I_KbQ?Z1;=N4YQ!FT#mBB!1R)rW%M4ylkFWAgf zFp}V10yj^p#XMd}$*7eqRmk*2b)@JTYX`gweq9?1UJOEj`_xJjv?PbkL>9uc1T8EahzJjUv|xF3$#6jwB2R`Rk+7y?!2!>rsmCGgJbKj;`TjK zy`h74UsuZKS@~;3XZTLZLo*+8tPFD4&KE<_iMe>kDgLh)M1Zv+_|yC^48bAlBR{CE z7W^3~wp)Ev-M&%Kh5vdP$0&uAuy7|N)IFq0Bkj?7V*e7t%RfU9pN4ZnzIb&NvZbfG z8iiZP7ZguM)ep+tm3N7>ZoJN0s7B(xEet3PH=M<|IK4-=7k@1Fs(=E4>NeX)cl)qz^RPkwp z3&)X{z;g1o0kUjg8_ot0-IVb#Z)64|$K-6MX+IhIReM5@B0% ztt^+0^~kl$G*pLy+fM+Q;kE0RjUzLhv}KD@V3fL8L6Mq(GyoI>24)v z+osH)C?5LbkJZ3bdGhR@-($(MDlIvb9-z)Dsq>U;g^$|qvZjj%nw(BXLe739*+2sD z2TmV}zwxWXxA(ok5`SH(Z6q8uT%Qp+ydU#IKbC)`D=mOcRuRX_3`%V92BHR9Opj_t zPLAA9iT=><%aZ)uLij*Ucr@=-%0-eLVna z=&Q~5VnR?x9I{0Xd_FKRzhGI*RAC{hdNc(-ydT{D^cgU9jr#3tDt7aY&rUW#%f3Ot z_3{B3#?p>=7D(jIty?!cJ5_&I+Wv>n_;W}|EGl3C{(pLAOr1MI5z|&xJ};25pX8dI zNq6sR^s~G<52N`L!7<_rrI>4Qe$AF=haTs6V`Pu~8>RMWODRT!>%#BHw<34q^S@9_ zVdK`MN=Yy_>h+=Mqi?Uey#O{_L$^w;shC1;vja`Nb?`vFF$eaCuM`Wsx$vgzi2*yC zm_o>3mMyf`#F_8;S_H7I^Kda355{6tn2z_)p4d1SI4KxMRyTK@|JFO!sC>uu2mfkuuo z>IpxoJ4~ikJ|u^9n^(G>lJf^)!;@sX>?647mFe^B<@xt%?#uJ0jqInR=D@aWZ_KA{ z96J`jnWjrzdZEKK9o|cko&!!vYYkrZ?RAJ zy4n0!Py#H9q5XSZ9zcpUs5(*x2EP_bAEuS>Ex$$&D34w+s<=IzuB)R8K8fl}D0*P| z(6RG@pGuJX@0;$~SIN!7zTC0&`fIH};x{+z{3ZN}(l2a`iNBibZDecJ6>kD^^#xL8 z;czhit;*>d{j}GWU{>;V?kh#+N_0QRF1T~ea+cTbjY87bFlwp-GLK7|w&EKZEbt-E z$Zko82Fjl2wTCc_m9*hv&vUMK(UNyLgP2t)ZZJK1#1)8CyZ@z|*ZGq>{o3z_GX)=^lVySim;S=+13#7roQW^5uJ{*(f{C%l-7)+t(w3D)%l3-2RK2GJXY_ zy{PPw?sY?!DP#Th-m&GBPe+T>q&Z@pIo)X>^EBjK+|TmZd}kh37I=FGAv)72*?d^7 z)}!OSnt`f2;8F&I65X-m1#_amYEH#pTBYl_G0(%dM!5N=clL{L^b6r#vZAEsDFxB& z)}N8w)X+I&hQxN<#RUjM$P`aB1aVr;tv#7fR-z-K5&Ie z=SchhYDnSpf8~D2XOVloDpOt(wb#0L_V%T6Ek!c@T$@DDb_FbS6z88gqlWl*_HlN2fou$xH>|3D=?LNVbqfq_pesMTCnIj)hD_!yG=6ODu z)J1Zh{*!Ns*F!ks(Fdm|3=0y)-KV^gnm&f&PUdFgWvyR?NHt#C1WYPs#QpOpLh_`; z?At=@aROqT&yX+e(V%%2gWvc@nzD<+Z0|pnt3+6C?)8&c`ldSP!{R{nw{qDj`rXNo=O6eLIbNuZYKe4A!#l z2f}W!vQ#izNizk9J#9xNneb%gDUtMQ{r1(8=9-l^wiFZB4er>_LXRb&Bk|UioQkQw zJ9^k4p_!1EA2%ivU~8#t_bB9jti|oUGeDW#=rc_MtR8hRNXX%EZ1vLRPg=q zA;9wB=P4p&W_X8lAuZHrV#(iK*Sn)syymTFf(P3qIxqD1S{|tiaXecv2f z&wmc@d^&6W8vG6=FUllR2aG7l$wKtJ7oGV6L;uxWA_TZWv>?%r zb({`|McQvRcU4z#O_&-1wTe2hauj#4a`zsfM5XWY<2r{fdFU~lbbgLkth*yS?U(#l z3v3|^1`ISc^?OJ1$CHVgEG$%N$RrQ#7J0)LBgXa@o0OVEABa~Jw^=5+>4n#b%>4Gv z*p_X%(@e-NY(DRr4&b1mQUnn$H%#qL+{VD3m9X-jr z(#?I{qIazWTl2DyE34Nlj_nk`%fLM+&0}-yVfF(P2=*Hv=Up+UYNY`hpW96KcIf8C zp-(Jw%jD{LSOhRu=vxix_{!74B8sWewMU?0kZ_)uRR zNZSq@ZQhG#)G%skZW{!j*_ne`*$Y*lnx(qJ_A?$fPLPJWy1Gc~c8#Ui_nYKNdxP?# zpB}#}@pT3vFG{#hmRW}Gepjo|P8BkPzP`?9+;Sge8{_Qi+Bf=HJKi$Q(s$&M^I_jb zkZt-n=cyqmVx7e(t!x2GJWhk1Cu91@w5g%vpJRegp}u_jV0}{008hV{424{P79k;x z*S;H$Z>r3M2_bM##3WI=XkEEAo?3lv7gmWTH+6j|IqF0g^#$=E^lUMCP*746x2vPX zo>ix>WenCiIONga(SiFr5wN?c^w<0*)I&L6XG{}qP$IP^IVqvPU3q@Bl?omc7@$u6 zX&|tA$f(jvEPD#|I5${wh$9;Qg$JC>!a=$vIP$HloJ+c2bI-jl2e zJRZ~;D{L-2xy{jc^!}Y_6T^5oRxtzyCf+^%Wuk>|t!Rj;J=OPojvum0Ck`O^=KNDy z5Qi!?KMM>3phV(Nho8xXMc5yHjs<=$B%Umxk^uj#yYMbw8*S!Ffe>=fd`5D#a& zpXYX?5=^0*>liGJ`PH#UD)jLqIN1p1Tt=Ve+UMaC)#E&DLc6t#St7bz3~m+v+R%mj zgGZmF5nq^yef~yMgy&w)Y}m zK=Kl9fl^x|5K?1&WaI-w=o0x10&hr${qV&M2ERh*ITy z-rMgm)9J8ah^jq>LYmrjzV2)Y+w8dluBN|{>}caYciNyn-0!OzwjvBglGGfFN;`kX z84e-jOhm8G)^TMVWTEC#d2!apQI}UTp~5+z0c|`YMd9e%uzl$77R=j(q_7ItRBpua z2I0`^6gpJFMw~tskv|~etfiPhq;7IGW&a(hJ?{L?v#c_rhWLiG))RhyNbYF}Ds~SV zV42;o%;W4Vgqz!H;0`F$CGEf+aFGsYHauSj!KqdhLAc$VEi{(3CCss>Z;uW1xa6e8;UvakvuRZG zKmx7pVUuGC7n6nfi+`?f8!BHgsEEe~*R`onPVkQLrEaB7StUEn?=fWe%keb(KJeZG zJoFCgU;)*W#-|)C6g2kpnyq`8=%Gyb??72ni?HTt3UyPbJOss*}drxkxx)L#i*HlQPOhPX4 z-DzLQ7RCz|8NE6U1f*C?6RcWJfVnKGJt=MKDCT}Dv z&hQ25fNWLN<2m1xMQn<>P6`#Ufbs?E>gzw3mzR$^fkPHXEKbVI~Q8+R{bAI74!zAz&y+xx=*(;hd9(WE;XSljH|r*}bV#?G?bC|hUZKOTGis9$ zYIWK-#mCR?ZtY`y$pi5<4r5}IrchVy`(|#zNbaY?zMJ<}*k^lPEBB4HCiegU04>ys zI9sYmts|^>@8rD%$$ZjE|Fsp6mI(o>_Avxn>%`-;p7I(FBKlS|+lnP;C42q|(NhIJ z2VI3^Se_MhEZIRIgk#R+o@(OGDfG|=68a@G_=R{ya||TUbuihXztbM4eAwo#=owi3 zwyQf)uSir5&SL#xjoX!^AiJlAnzV}UQZ_Z=5S_q<-rm?^-M*5Od}aG^iX#LK^d#aQ z=UR$SfRhd(8lh!(h@90qT{HPF7{Y4*V!bAuZV&liA|M5~kVIY0BBe2eL4?pcKRhj_mTxwOGCX_}Yq zrR9CXuZ|Arn8&#HLDd`S;)*!Yxx`9vT92J1f8|_EDyFv<%4%)W`4d9?oOT7|p|Lio zliIHh4+b|oLDhQl#6>cE%*8!6FL7M|*GwW`tKFaoU~;OMm3f0sw_vp|`0|Lx1pFFi znGaTxTi7UFT+DynhILC@<*=?{R1-H~!s9Lhoo!)jp4(2x?0^M0&*uZQdy*Bc951Y? zWzp-VmI?N_bEIVZxOjKDLQ8FO>Jqhi6Lnn}{C+5=9vH&TLv=54oOxPhWVf!)IE+br zCbi5K7QlV&H?~58Y!GRMQq6>Zj9@^D*w}J&mroJ*mt6m^p9mx4JeA7w$FmD4>{;|F z;28$f)84X#{a#@7!U04kY^j6hZ{J0_VBTw z)oHGo!djT{c{;J%Ce3ziSEy}NK_Fw^J6Zp$rV_COqr1)rKHYNIFS6&{OTL7%X_r6# zY@^rA5y+GAK6C{P9Xi)0bU@fx8kACNU!;DwN_3o9Kt*B!*|PO}lf|uzV*Mwleb1l6 zig>{`mf_at@pDjhsk9LKQ~K1yfs@&5dO0$@vSH?g1Z}8In?Qzd-3t*q&C_knRCob} z2I46Cnn<|6jaf{2Wu@VjU^omS|0g8 zA4$OECzF>)=upjHc-IGCqeK6Vs#G!+Jpdsu1^a`={agrZ8>qL2uvVOQ`0tm5>4wpq zh6X8SX*tMPAd=luc*UG=Dza@3%r zPYwlq%kS+^UQg}5xzBU_4Wg;!rAA0XYr#)e zFg;s+&jqMMps7U!Nd>U~rBwJvFZcDtu<2S6U5*y+AbcWbOc07wf|e~9$ZhDl@K0S$ z8x%bk5os3E+(U(B-ZaWfl(;V)=Ycqv6g@WtF*%={^bM6$pFr=8K^x&bX8zXRJ?*RJPF)4D<-pMLLSHYn zUsps<-Z?7;W10}mqp9ZIn~muX-~l(^Jw9khDJJph`|&O)#wX561 z-X-*%{^-om+#9(?R;np3W#%6=>J?1rI)&mCp=D_6O)#_7;(FSk;GsiqD;fZX%gj(l z3B5nv*9Z9%>ev@aAXd&ijB8DzY``vy$4+W67f%_dW3Uq!W zSXL}r-uhTt%%AX1NT$8*R!@oi3N)cYFq=7xj9PV&k$#D>s5fx=eM*5Pxcg)@9y3?K@XxJXP0 zLn=Ko{xDBUNp|b^%0(T{$-M1_47Xsp8MypRK)&yk^H*V5#9VjEQb3qCmGvq45U;YS zMGLw=Jy|H-=fb*n4Z#8xLTb^G!s-+D5@7maGR|2XIh%p2>BK>YZXDmIAq|&JJ<>5p zv((J)XBdPd{6*+bm|80caxw)wgg1KcgZM^r9r}mT^b$4AzBz80Nc?QI*i&Hi=aKBu z8fd4bchkxxS=Q{}U=@CR=b?DpXj4~q&8ui zW4$Yml5(<+FM`-AAJIS`@dX1C3t}=s#@g^pT93A*vkPIfSk$g(4Kr%e{(G{&pqFE|rY#i>zGtq?j4(4Y>&J-QHB5A#u+
BXq{3Xb_uUsvy*MgbFg zPXI(ZA41T2G`!VQI!f$KAqTbHZ$E_rub^?rvCR{GQB9ssS7Z0bnKj;G;m)R zFs282emsGZunuQ1)ZrBOoIei`{Y7n{qGUC@pS7s``zC2=z-&N8ayE-N_Qt`&X>=;@ zev(#&Me192)@7Rrn4JqD03p{DgpR|wHa@FhTXJlWZYFV3Ni*u{E8*d9jL1RRUrB^t zb2;;Swl&_m%p7ycmcEa@JLcaQQ~&E8o(2~|w^Fg3HsA!U;ht%QZdDa=0r>LHTm~oW~=LqGt6{ z#{?@>i!chnB^Jjq^N9}gb#IJm|NCZIU?{mJJ@1CzXo`bL%}EDF6s#%brVn6wm+YbF zVE574RPX&Faxo<8Xbv-TIr3&9A9^B4(k+RWhI|YD-eWg&UW*H6{LgqKXUt}h_L*tEK92{Mq058I@%n>F^sly z@ZfYJ_jN&|EBG<Y9TC!Rq+MkQJAem-b004 z-$U;50aOho%2hTs6a{zP`T0WF|#nU8!fEmQ>x}zd<3xl3{ z&var=r1{DXVJr&}vbgUUAE=G;mr)~-XqxuodrO0jzd#WyleNmt`xO|q^V3+)(sKS~ zbi$y<;^7Gf*j^ZfuQ9KF{z%GWK7Dao-$Et;&e_r zBew@8qQG{4nzM6rf~L$Mu~E0_sym1CKKlMUvyx&`FZ$Dk%j;2HcK|Zs z$sKBjKmEjNqa{SUp|L{5xlEt8fxB;wPr8jqcCWuM{8T={cREYPFax_-q044|eycoe{`SZ#RgJM~@Nw7qvXc<`;Rkc_*EaM=uL z;pXQLysre*AW(kE{c%1Yea#B{fB*(s!tL5kJo<=nf{PS z|7Avhz{3Bsl2^c^{x5s>r*i(wz5>$9|2hGB@`xhh-$D34@8rMvLYjtzgqWL~3z*&niCq)6Xb_^KqniP?xI|7DYQn_9 zi*1*UDM4=^va_={?{>4++V>Ntbj`lO9Qm<@ z1w}Dq8=Jhz$;r3u@(ocbWFW3TUGX17UJTe9kX~O5!Lf@M_zh;u{;3IImtyn3Z}4KZ zH^mGd8YCw#Pu*Rlo0S>>-^($pd-;@7kR0?l6YyN?2{y#%4eoPNVp4XUF_vNb6V00? zr2>Ea*Wbh2KX-ZSDQH~wL%4AsT2WCES^Zf%ZS7>MlJRd>0xZuY#EORAv1o8(X3A2A zgo_}E-v77~8-$V#iI7(7vCtA(%`EZ40Vp5PYLQi6%YFa5rGk*R|DQB)i5Fqh|JDKk zKP5uo|6yy{6twzRrGP*w696@kBOkD~)DcZ?Ps1qE|MlsofBF%y{8f~|pG$$@Ojp<4z|e3* zAmZxUtZU`KO%uxxa5(($zV{ihzrSpx#<5R4F^KUkb(JBl{kZ~;ZQNCbx)*yI&L0tct$B%Q706xJ_* z0`K|Nqta2DJ3kAjHitpTz45%v`?@*~5s`KPBl2|P8VCeUrbntu0s+`dS66M|XMOGi z!iB0#5{YD&>B#Wb^el<{%(d5L9}dKtLndQT2R#D`MUn91(4WV7Xxfc6V(M!A_iZ7 z;a`_=8R-tgz!&>4k&Yh(j09Y5w{hWr{@zKC?wt_ffoBnJ`QGIN%jc{enh zd1rD8Lzo7sfm6&W4wle+SApT_Z)3_JHZUNyGo?;WYlQ!~Eyd`6VxF zDQTl;lflw-nkRymG@vJ8oBxNow}6Ujefx$7DQN}i5-9;GQ948pT?$A@i-JljT{B23 zse_0#Dk(@x$Iu~Z0n#I#Lk>0Z-Qao7|GdYuzV}(*df#V#d%2dg*t7TSeaChEuHW^$ zubUccX82hU0ug*CIrM-CVwE>9L-XgOs=Wnm41FL!&9kEYC2&z6B!3IE%`Ucu8vpr) z@Dn>|G<9@E zMaA4Fp<*3FL&IN2=~jX9z1`*SzjA7hj*cM9eJ7R-B33BrH1gbky@nrHOco|q340v| z;oC1kA$6mY%iwuVAWHjah2wSvY(GMj2{ywzwU{UYjLm5EBRfUhW*pFCT_v=m6o7tqE=_rJwX5Qx}Y4^Pi~Abn_tfMT0Qz zTi{RFe!-#Di8?8L#e>=BQ*%3ip`P#mGVuR$9Dk07|C_+#|Cp`aJw{PX%p&z0E#qEe z&Z11#)o!-L?+GAkWoG5}b66A%cH+W@#>Z2)2b2)M3?Q($TSAB}A>TenD+w`UbMurM z_XXn;K`>Zq(W8##_dmZqZmZ~us;b<-Tg@+ngU=QG(Uj4;$yWsams~HaYrVLf*D4be ztCWic7?;2D!&x~9aC}ky+YCGYsQP~l&tx@zA%;*cPNb|Nlw_)Tm!N!0zOqY7HZvO2-HY8LbOnHUrx$(OAt3Q0TzwDZ37Z5=7!awKo z$3tb3a4`N|IzdaSzg=R~aBQY=T8sqI*Axc$^s)EK4&G@_rE8fGLMS5+$+~x@H1%q3 zn%Mm98fkI@8=L*zRSgbb$1+FNY#{=OpzW72cnvJ^TTFomKz)B5Hxh_~o*=*137J(~ z`hj@=B>_0gE9kdbGh?y@e=~(mXOB&i4bc)xkE2FypAn+rHI-Bt=zZ+}{yKu*129dQ z(eKKiHuc_v9&)W>WHbBj9*v;opAO>Wn?`AeT8xnB^ZM90EfWX`*gs@wbXb|5xX-31 zgue4h4v)e1=qK|ZAS}t5&bZ=}2<_|CRK^GMs+@uXN1H-W4n|j3H|g>{trIi#_Wu^H z6O;Gz;u#PrK6xGALyGQHeV&SULY8D=!A|4V;u#0M4qLPF`oM60{5bo)80tBBI8ZulF{hjs9Vy`@u>lm(#m=3kk+bcfI=N{dPQZq0tItRx4R zzV&@wom|zVpQCY+h0F=M9Y)}GPYka)h_+p7=3brHJz>k*E5p{X24JieujCx!D+v#)%Axi?tjSsa|M&K_0Ir0QgH8pJ18t zj;8=P#8PjYo4bPz4DN2tcB^#g$*q0-6~lo_NoMsvkCs-$csEK#A!{O-T)O1yfq>d4GRD0HS;#erIQLynnxIXX$I$vA6v`HkLxl z;dB0EU|zj?HA(u>+cRJ^tb&3XX}K9tS>QSe?PfY+ddwWsc!`dkdJL9&Mw?j|dHsBHD(Ia+$*Xo>np8}XJpW~JnRr_D!@bLe!AO-Zx|3qNYGwwb;Pi4Z^pso!N3Ax^adVHI+KolehrPIHBD_y1xr>%EuFgvLHdo zWIiXwU|~uD`+z);ZGu2r z-+;JYUw-qCN~a%}#fC;kq_eoiAWd%j_#btsjrZ>h31(ccFE()NW<7m-@#(2k4A%&V z{fC+TMT4M2%$?25o@Y8Q$2Md}JD)4O2)5!mN3Z(weI|87D93dk9-b*q^~dhlY1ehH zyPQX%eEVC?j@BCnWV^f50)Fma&LwdD|MzF$=TJny9$Cu}Z1PtFfT5~cHiDcV3c#emSK|tUZ7v_jtLo=ipN*&3>+nzJfAm+_ns2?_lr$7YI zqoRNB@sIrF5L38T^MeqsH=X^RtD;)#EY{Hjc$N^9NWet>9MY%%3%o~DP#4^jOXZxUWd*Sd^} z5B8+5H*|Kkhx^DPy`#X2r+;~~%9B|y=-R(ZPW4djC+VcIH0RW)PPz6cmUvk5 zG`{uzyl3#a_ce#z@LZXTf=((UiU;lTZ__2{wFs|46R+puwRvBb=e+5g!j5J6Tn9=tELaIh}W0iDh!1 z9D19~{7VRu!mp)==3I$`Y%h+bBakM3zBM?Zgpc@(#2YKB`x9qkWg#L8BxsZ#k~6-P zcHNh19mZ);6>j~0qZ5 zoWH6NJ?@BOe3Rso7B#|SS*1zkKvWw_%fe9`)lk(OEg)tu8z3oFoiTeZ&zSl4P{g`( z2x{zeC*-@vCZ}8WyallxLIO$U}KGS!|!&lnxZEVzS zOnQs?3uHNk)qc;sM<|UvQ$5QxQfz(}#mzd@PoCZ*3Jp%eQ>^pe6Z-c4RNr#*i?!+A zA~y?b@&L(1D50=>Lj=djx%n6p+B@0{AyqbmO5B^7{bJ}%Q&(U$|1tj7gpcRGL8UPF z{@(l(H}t#agK%Ln&kH+jXU44X%%sdo&A!<@(%z6PUdG0pHlEgYnwGq7ImAxS@-!2k z&;or4vl8d_UGxRPniRQJ`qj;#|W}x&^v&Lsvm$kiahfUh*nOiLddyR%4fKXBb{r5TzebvfwGwtIz2v#kWKi?_G;iBvirC zA$EB$P~mXr#<%r08hV7&x(2W?L~ycxvmIk=80>rwYHl?fk#V~z-@Yzas7)1Xrair+|E4>BV{>hAb1`k9Qd<7v zVH)DX(}m)oSGAOUg`;gy0GAxQmBu#<@+*aZP5{ zEv$QGonD0f1L!s6!UgY5pX;ZLE>2U_*wt6BL^%t4Ftd4JVmjtOxP3NMHkmb9Clpkz zT3@(zO?Lds1)s)u;yBX#ZdZF*31Z$|tYw$ux>y$1{yxTSkzLGDnk~R6osn+(m9pEC z#EUl(9jzOtNHJT)mgh ztH3I2UGwsiEHEjy2Zb+X?8wN-j6e_z5JJ1S#4!%|U{)Uf@#B>;cWgv4NXdT9yU8tR zly|1Hmq!!Wwg+GN3=9lL8Uy|NP1_^s^G%95067|CXAdAry{5Ld9YCIU@7|q_=H=zR zS?A^a5J2Z&m)Zi1mQdy_hl4HEDua^x) zoWerFS1mAO_%qc%O{Fu1W68DdkzSc7!~MkBpg0U z7fV8?nHRTUVly(4x5SPf6a{zT8_5?G7@kelp4F3)sKkn}l5q2fb;_<$Byvz#-d1i+ zF7cA+y-h9(J$udqC3fg2J!kB*cNU#IW#m#XA`PkRjbKSswW?b+^+8Wg)HRxZnJ#G- zbH8~v@4>{hfGtjoOqPZ+rr>MlCU#@c`fZ(&v82U8Ro8&yyW4Kv z;%?*3CHiU8yTn4ldkLiy+$%%5Ed*6f;rNoCy}@|BAU}OlM?v0Zvx(`f{=pTlZDvZug9Tq=-?jLSh|?AUS8gcO zR=~5~0#N}OfR%Ruu$QsB`tVz(H)=8!dbsqcR|mjMDL~5D&33)G1mbgtOXA`$V%g;` zdn^u0+w%cD`A*!fLkzGXgPb2LT_%zN=rjcU`LA;+0){zawk<@G&Z93ShO#v2`jzkj zvVh@coHmYR1E zX*t$(9HgjLzBVu%!6-9TMetGSvb6qGA8`|RIu$wAEAJ)P58%PVdV2(fP(Pw`xW#O* z>Gcxw!Vgp3*MwD#45=nXr$sHu7Shy=REuL|iB+2jsl!AXx~fia%K}T=v z*is({kLrCX0r86$6ql}?H(?y}YI;F5fcY4gIknL>jBP+oKYQV}mXMuTwdFm=jr=(U zU|TtiZ>QXZe$m%$LvdqaX>ij^1KXg1MQ*xHY!2r5dkl}=#Q1w!`)o;Os_pN_HZd=> zU<3vOnXp|`l~-reV;xM3jS&sN4oW3Yb1}@Vu(ycj-I-K#9o-J!^9~_ zGoz)Hf8J~m(l2w_2LTx=A#OZmtKEy5k40{hA@_6W-kS4k3f6*L?e=;d>M~&NQcFpw zSZ;s`PZ7kcX^{V^tIGznzp0Z%d+@OaY)yN(hjKlR(F8p+U^p362F7HQQ7PeDw7WU^tmU5@898fuf84bpk$cmK~JE`c%wOa5;ew2Og_h zRbp!@iny2~4$0nbZ@;d52V!+7cveqjdqIneox`lsE;_z-Q)R|GjT91PyBw@h?MgU; zdU|pAH!IPp>t`@dV9natLv*N}66eD4bSA$5tu!WBY zkDg}814C`ux{(Gs>LHidwm_O-T<#xL=%94v;bHbK5;kqG;eGn0HSQjRX#o*c;SkL_ zE2+i1_pL-}Kk6(;-NM>pF*jOZK5Oki0hwl5{WbW{H9Se!3~9%jU*E>wg@q7VL!YV<+MS<_ z$o=A6RYc_{+~5c2%_5kZ$)cCVCixa1BU2-eWHPfLJJW!|dd?_o%l&Cmzs?4z(P+_MPyph51=M1$p_M-NMCJm5#LL zFYwm-G@YnGM(k*wQG{%bEC=I0^f{4K+8Hv5^682=uLf+qZ~EpN{#hmc|G*sc4PV#) z(gOVXS_z`ZK}r1@tB2-QBFnT~ia_^R&Gw!UU)3dgksob|O_6}0n=k`jcxJoS@@Z6cVvo$c=4{ZXS z{8zPhEl^|+#>ms9W@p{1rX!Rt1x$V9Y*ngKXNQn|hyt+VA2?Zaw2tRElBFG&J*}9= zn(C?Xa(A7PRiu17-s0 zGWKYkEbV|55xY5qluY}>j<;@@xV_+ad2a(1X&mWiI_TfH3%yQW2{{W-y!OtIxajE! zxzIxEUX<;6S?09NoRr2u(5l7PA+@9O?`$NV!KD%*8!6V)Rh$&-shE*aw}5vOu-`)4 zFQ{XfdO6eDI&V`H7-XNVCwmkZA$k$&N|B+%>@-FKF_gA_9d6^$jFG+jXLXgW2p$>} zJY;zENK)sB35TN&kf$gs^KQtxQfO*cc9iY#Y86^~J7t0S!Eo07quIbps2LS|RAoXW zGMApWZfYocasFx%{n6xFawtX6aQ5|g*XN5E3S7?p3g1^QJ{jm70m%gM6iG#Qm9>n5yQ2N5{r~LGAT5g~W+3}pNq8{z@or72T zJFGn{Mcpho?dWyixauiI{F}YG!EKlQjfgTs3`L26@Ferg!g@=C6=Ts+MbE9mv9U%y z|43a#`$DZ}uzD_hBlSq>X)5Pul80Uw)5alX+voa? zHJ%2>y{C_YV%x}7O+ONhS`sT2$5P(X2^NYC+xBm={gC;PE>rM^%w>n3fV@X$pWS1O z?Tw`sv8R2u*Y7x)zAU~;Hk!Twtz;}6krf(H)O^%fyd~)FFAZHbs9x>`-w>#MFcvx3 zEsIJH#Y|?DAu)2(6%UX|p!loNZ}r6#;fZkOE0RqZa$ znNV8_;dixVGv|Uwzs{KP<(fZM4q;(YFd8TFZ4M%|@Ps_MLAjRnWC?K|U80fJADW)) z6R#aC-`!RnQ*Spce<-b|ookdn@bW@^6;E#H%;8n9^zG0709h<2APW%9&FX9NRn_a# zG6oRJjX@tD#XZl<$b)AuN^S~Ee{|?x;QFm&&=$`&^{&Bp>WKCc7OD+BL#?Tz+?z9Y z+?GB>zd=ge&;$5Zs7>T zv&~AK>K&r8kp`%9=5Kh7K7E&h_8Xj6s8pC|EIt46V&f6V2rdJ0qQQPg05h06OX&i87Gc!xrn?P$x!jZSP-%InCVCD@it^>TrPQ@cq~ zcPvVn?Pm{a9t_G3q{fJ06E#fB$tj~NqYmvy80-kdn%4ML`>R|+METTzF7SmfO!{13 zJ^GED%W5$HasqdB>7;kvd{$D<2kdJ5JW{}1;bh=d&zX?DNL_O)7#Op24)*rV`cv1B z(m%Uy9$+ToZ$lZ1DLO50t0K_lzNMBzT(-mRTer?0dWP;fsD+M2 z%D4kO#REj!~0j|PQSku{BcU|PVoo? zp%*bU;f3<-45YbxcDM6e?>^rbcJ}Ga`D=X}slD>-!8A@JMzJn<>v=UP(PFyTh~&7I z`47sNSt98}qVp71y|*X>?rY}--uPU^1#l%$%(%CmRUgb$4jCMQ9<7;l32MT#;3jXb z6U%z9>wp0CejyNc{-U%^*kwIzK-B3pRw?YT+C)f`Wst4)C)*A5p;_v29ECvi=TN8` z#qh1bL^Re6+-ocESjMt46a#W95gi~pX6P(Dj&F|>2?^p-8B79@{;tqrrBFadTe(i0 z9`%UPcUeH6_I6<3B#`HHCUBFjzjCiCE1|eeUKM^*N~AA{Unyqo_V+DJUu&(=eWtn5 z9{&i6Ae28%cq-wyIN=Dmk+8n)Z0)zjVJq)|YKYIs*r5OUny}^aNc-y1Y zK+to6)4scp@W+RC@30!%^OOhrS!45Enr?elgP0A=;=mo^k&=7E+ge&Z^28rAdczQZ zfNkLyY@0ug6n(#ds+e!`jZmvXzodJ!>0Tns`!wEg`ePk(jr3`)$^%Wu^aYf*QW9aJ zT1}-o=l#7amn`Vpta~H&rh=6nR{hrW4Us=A+H>gRr-#bl)^Bj|a19K5f6~83a--B^ zsPj&nFY?qh4J@cLBW$He@W64->%e`Z{p{*iI$uo4GhbP+Dc|M(ZQ5;2G_Hhcq*pI3 zc>8cp$mdRr2wb=g%wF=Ks(UToUqklZrqzevW6RZ$jKgOv)adEsX>UNc~2QM z*3YzH9!=Ua0j~>GuY$1W(tV&Lr(#tbV*sg>{Mq*WP#w5Y<|ntcM=v&pXEWU>&vOwJ zF*9X+gxsed-lL%L#7PvUB;Y+DWz)MR$c{uWM|-)Y01au}9Yr1C!gvQ+%*>0-CK+Re z(Xbh%7!t`@IZuc0(-kYNDyRSoYy&6tF*-0(z2y5aHyqHTzR%t>kpS5%z4CPQOB&-aC>8i)|xY)R22?)mOq6x~Fq9=}V5!$iggvrtj8 zy(*t(VK2xeS2f%ZOC^#-Bt;cUts4@&Y#ndA>aCpE&z|wnfWY+v8cu(lv9(4`D24PTw8AihFpztY&|sEhn|(k%S7Y3>N|r}Y!?%Fee@4r zSFv%xWYL}r9yH`~Q8UYpZrT9&M`eV|^w?@BjpR}nYLV4mWrbxp_+}M-J<6HC**8x0ClW;**0GmH2>7nuhb4Z50g{Xy zxHF9hysw8p2!C{@EY^v^aa(E%P+e|0IjI5 zEFuFk66`}$%z*@Ap0=|IZv6;u6$%q&{E>J1VW-vek^2jqN3K-lj(D{3-AfWe7b`g= z6h6so4a!Mf|GHwkQh8o)g4{%rk?oDIRI@;uw-s!R>Ujd#Q=9v;q_eHt>L*`?>F;$v z))3j3Oqo5(V{T!S-CV>ef?RQg@=9l+7R<~?3rEc_#^xHfMW=<=4__Na6yu1osMF+M zy#be!zRx4A^<{r-8lH>%;2KQB!i2VWJ7=F!yU`PJ4I8|W>Q5q%70^lMWKOAt#2)xJ zJ5oO&v&Pa*VhR_Dn-)?bj0#js%mB3|-ui>%E3tqDhuPBLuLdHt?n)k`QkB^;j?Kghkv8yt2lMq3+P6@NAIfC~8yt<1G`t(Rwppdv8d-2i{LwX9)3^XWvCAcV4_hBoP z3JEem6Prya;_4;l>E{7yHgGA6y)^xhpVg+n< znB}ps#Sc=o00^otNY#J0^IS#o=HaQ0M-wxR7$`PX%9L%Aer zuN;k^s9i;7G7L5dr$UK7DpKY#`8U=*Hsv(+J}tj18J$kO4IOv~)xB@V8LMzcPv$MS zks|p#I#k9G**<`b$_QTX0{OjSyrSoH9@@=IYSH(~T*3LWtG!UNj@YoooTeRXo9}#i zH<^=%Lqt9xhgxc(jNXBT@aggG5WQM!{cx$q(0mHy!mSbkDmXmYu_}*-Jw+uWBzP}q znY61Eb$rT`Qad3zHRy?4%MDwSA3sVbdZ?>1CIu9{NvT2mx_vRxQXTmB*YR&y#;eVMAG(Bj9?#*7JXiH6BfW z>SLZWdmf8w-E8jr86Uxu@G3e?>;aT#-Th37>-d)!zh83tF=aCNY*L zA^eSK*bE|-0sP`W-{VVqJ77NzoFo}+bs17+*e+k@R^j&~dHBl60B(dXOd%c!V0gCY z4CzG2fEN4b{h> z{C1a9OWWH10QgyLsu3Fb5@0^dV}ci~>9YlEg=FlgSS7RcGZaCF>FTdb?a`}0z~*Xk zQ_v$}heEIl(PM2i0hFlvm3*4KWL5tfEH!x!hXcS0L{WhG?;;>&`!oA=oI(bhJ(*CdLl6%Ji^-GiffqugE6KK9F@k!1fXrXIa2E>1Xe%Ue15AcW0#+w|0ebr zU1oC$2}J?&JPazTsij5kN%RWzhcFPY*>3)9cbcfZ>QD$)IQ;otTOdcgWLf+2glxYB zB(LAjf)~!e;`E~|49M3aaOQgU_V#()fVBUz{*vifk>vj>ea!|Rc*okLN>=_6Su~dM zMnl_Ic-G~7bve_0o*PP&Nx!LovJ{>Hv#crpV2Td9Odzmri`f(NCFr%LMihqYBAQ=$ zP^D4yRg`7+r7z5CmYIi7$2Z(6bw zHWQBa`ypoQ#N%W^K`kTc^5bP8kK-d%y3%e3!NBiN$l(p zPN6OLBw$1Hzee0y7?vy!4l4+5nPfdw-mRxIZV~rxVchn%I&ysMreg--=Op<6F>Yn%^1}ZZ!V`sJx6WgOR~4GT9a7krG~7sSgzR#?y!1p=&=%E;94siFO^!zIMh?`m-<; zMz>YGZ&qP!VphMF&9gtn@)}1`ICWhwamu%+)xX!QR&MM~ka`k+|@Ge9woFA_S0 zIzofghR-SHK32^$q+d3U@Y2mRH(&fp5Gx;<2kjR^2lo~(ZY4ct1Uiigi+|c$c$UKP zJj|L9k)Sa65^UE_vOmvgLq3in|5kWPD(!Tu2oX!WoT2JHf#@U-vI3LvIsH?@+;$Nj zK`OC*4$ds{S43#}c$(_Z4z8ATjVO~gDXWJivNv)9yiV)wY#5E{d3H2O)kzZ*g0G{^ zt3E19N+&3gu<<0vRMU3!Q+5E1z^WfwSA6Q>dgID(ybsTsFs-+ODtJ7HZR6@A;gN+q zrZ~&`@|#!qdMP`l(y!(1SBVKhDH|8$QlWoI-UMx18#LhGXcdG9RBsqGx5btHMa%k&D#F*QxUw)0D(;3*tS^-te z1W`c-$(F#@n#_6Wb;8CY%Gz;e-?iZMjjhw?-`w3w?%A_vAAxk?7x%N=D>0A-_@le__VdwK9fzV>u0Cx0 zC4vNtyrRHLFnDruvV<`L8VJ zzzUKT(y(n-8{QKAP0?~!LTTKrrOs{2LD zF4##slNQ92pZf5uheyL(Z=d}i&kpoWew2y}vkm8^;_ER^hr$D+g6#w9ww!^d1Zo=9 zUB@As2z*Ck8kK&uaQj_!*a9jfLgX|JVwcM4wPB?1Z#JK2&Gy71e>Y4FpP^?B>U*TA zdh^iPTw3qx8=;j~A5^Ui7RUFjX6wz(Gq0wO2wX-tNuMw9aIf8DkuJRDvzjfCof7h! ziTRSwbF8m}f2wL5x>0i>%VCyf{PefzJCFW%a<|V)=nI7Qx?v_c&EJSOzJAJ#cb?<9 zZ$trtD)p*}@>=EX*2qU`^7gvHBHq{MQSHg!1)EzUGM8*`Ua}$*4J2?4q)_@0l#p^> zn05PxeQ@rt zYc9$!G?{N%*I`OG0%HTtium)f9OB2JPxn8n8mAVK2@AP8?@4k+FlE#Z}(7YRwsB_e(=YDLUwX|!Ky zH$|BqHTyEn+PsuYS`kA~1Unl}859u?snGfvPVPNbhumLoY)0hnJc*1W8Ms7b8Eh>G z)S{V=DQ@)vDoa+sXI&oX8(dc)=hYN^TY+rpQ z1p7lPB6og9dH$>Ha9VEl>(}>p$BX9_HG=vcgca-Rbite_eO1d&$y$?0A>go0S7mZ6 zhkes6@0M|@~AP7v6m-K_}Z{wKvIkw_(!3`KexQ|gI4iWp1tMC3>rJ9y%6B@B%Od~t*Mr(UA8hVjC>q z@E3wpxlL1T*rmT6Gme=aUw6CVo@Y)ql-&}IZw~z-1|#+uWqinKv{9+D9^#-F)%G{_ zmX8NxaYz;73F%}+AA*r%z>>rgM`JHfY9zFjLZyQt8p>7sX|7L>fNnoiPP98Ms~yKi znrKz;|G0Y~Ql1@_@=c_{@n2l>gA*gy7m1oqe(|FErf~I9i)FFnH-U?%INUCJED;-x z`s)2hB=ppSHSnHbef_EXw>NO_rbcS^_lk2{OA3OLi7$>O(NrCHQ-dY>%S9Ose0I$WZomz|=;;jyQ-iF!c91(*4d1;?M2x-IhMG0<@`E zdJ^#jp1i=CaG7C-*g) z>!i0s7uYG;0?uLPd~{>AoPIL^+d&4b4-ePS_raIKJ5m7pmkSppWECv@=d2mu&tD#+otF>_WRbUdX+10 zX3m(tWMi(~bE?LCu@q(BwXYtj_}aM9-MVUoVf_M`tX5h~tyg(Wj#*kVr4#jk6-e<8 zUc7%S%KC>_FnIE7VBZQvRxu*qARsZ`Q=Yf4Qg%8T0AN$+eyK^p zfk2ZtMgPwAqVw!}^~5>C(Ug_}SLF8{&U2wYrST4g@vdChRPF-~qrHgi1M+1n_vVnZ znC;`{?VfrMA0d5{G24Z6u(4dlXQ}*rO=j44*8Y0wsLp-P$P9fA+2ahq(^sb3oGonvaUM^`2-TuKvf!n*fQ^Ue>B#rsfV?s#p{nhjLk%vCTYw-m{ay#j`E7Gxw zXK+wHHie+PNGrQr*^fa6T-4?cNx)@(d5`g%yczmouX<}rO{D!4mO55R1|9e*IAQy|vpLWDD9Qbsy}IQU&Rn1P$3))bcLF<*HJ3Q6ZDw^(gEF8FM-nwDJl zS&KSw>zzWr+}!9F%e10ow4kAYg(gKI6Tg=%NsVAwoyItlz&0l@{Xd*0zuJb#X#&6`H;PwA4+IqWn`(3bf3iO2aiZHMM?I0|Q#HswoHj z@GqSz<1t~QWrTl_rnVsSDPU&v9i0wrm!61J#W2 zB`dnvF;qOh-V~^NFba>g2gY|(^Mt9rpL2|m-EWM#>KUx}c|e!4#Z22~PG=<7ooqfq z`}!%s6=N12=6N-(*8t#Ndi%erxMezcSp_(`W9Dq|jmpgHB+$5V9ns9KU`4D7Y;Y9t zQ6P@d0qe1Uopa66NooltqZ|47z_8ymo=;aAkJ$#R$LxM-YWu)qRVD?$E8X2Ml#0OG zX%RwF>MYl(#=kY-Pi_K0d^1#q)+VaU7D8niCz%KxGEACk?=A+C>Lgol31nx5&5VjO z%&0kbk7mw1@=9-+li+ybnHI!E9yjbn-RW7t$n{3vQ8H&v$yxt-*;Te-fhQ__+33#mL8W5 zV|EzpQ74roLsYCUH_ zx&1$>KTuU_8&ni32fZ|DFd(5cvs+F8 z^%@0Uo>K%SdHD(ktgqa=STj(rw=q>z)TrT{f6vpi;KRCcL4n5uvxjl)+QJ^C_j=46 zo5&blPs{aln9^Q;-Xu<7Pe>tQ+j8%6FZCrN$-A$bnIqEfNr)53`JZkk`I$K#DlI;u zcK2Lo={dP~QNpURqGgxz_u}|?t2`fBzps0kH?WYZ*oiVk>@DSHqaW40Z$#|PFp@zy z^@nh7TO&yK?8-Y^Xjb@GC4aGb+NEXvvWuFXHIC`{quH{m2K2?;0X@sAN}Z$J*Do55 z2C&;d(X(O41)EoE?(X@+mGEm8heWd`(*Ec#D@#|CYMmU@RO3h<9rk|nd~+itz4&mu z##4KX6qTmZdK-Jtn2H(YfB1FT8-KwUug_<88LKeWAal^VH#~pzx9SQIv0GGk#35o* zu44+G*g-nYbR~Q(=TS^Pa*9eQ-Vl+9$v`|`-OufQ`CJS=>SQb%+MKZn-O^XFbQv`NOyLdFbfklz@d5_-FRw35UMO z{1yD+?%lZ+d&!=!`nr~2OQat-wa1fF$QLzxY$Cdr_=$K;K6vj}vd>?4d-ilJ5eq|E zt|Z8x#q8S9xtWC_R2~08I_g886Ic@b*U=jTDiQ2@KM7h-N{k;eDFifL_fq-7kgJd7 zms)$jH3T%kZ@7YrM_70vxcVqvYs&)OlT!t&l}wD!IC|#3@_nYec=8oy7M5auzlPFv)(={0=5pT5HYg<|g~12-I1eng+LS`Gl<*0&tZ{rjlHVWS`0Lrh z2m5z7Py~?aq|Slj3ecE}8@=ClD++R_@B@3g+b!+g`$DHG=;*qw1MLr|9BLyO_lr^b z7`HP2nVMasL%b_~ShGJJwk8xfP+>UCIVrd8tGKh2zXFq$+~$b6vzDNVq~{uGz+de~ z%1AnEyFkBZbh~1@+5G!I7f-p1IKK8Up(-WIapIl!Ck6y&Zxzic=yew^eKxUl<)ENSU(!w$iO&n zr6AmwoGstQ=OUmzi8Q>{$;$T+dhNP9tslWx!FR0+5r>@%uh!aUg{Q>pj8Q%_-(XeHqeh){zrUA8xn_C%geFryR}QK; zGj1O}SpgeFZE+PMrwBVtP}4ZsEQ&!;%58I2ZRy6mk-(k z-IG9JtG|w*+n@?XreZ%IO~7Td?f7nO(F`F`7k%hv<+dnd{(b(6K0a_ONvY-!d?I`g z>$f$-nU1tD;ZefBhb--3?YHVUwYIj1y>(<$0@k*>afoE(o_~UHu|9NO&ib?0g&zl# z7F!>GD7fkru_{zS_ieV6Fh+2d#C^3X4ctOTn*6QLhFdrK zFCW5=`YEiXER~KX42My54ldZgUK4zHU3aH}6f(`3sC0P!@%PW$D|8P0`iu%&PFvG6 z-JF5qzCXJThOv`!@sw7XkMtjpp=a^Fs!d)CqC86b`Lq14nne~#A3yTMacU~!+GkDh z`{M%nN}Frl6V|T-oMdrxaXcCOW3$DL7@Bf@9;F?*ZqbP}OcSUC{9O|T@6K50w(GWr z@gD4}bi?G*F+(&wE0y}FBa7an$%KF{#9qw zBxhEO`h2(BxmyV#e!$ro|GgoepOrJf{xR6kTI#_2rt@cbz@dVsaj!Ev{Dua)k$>sn z#q5ZCe74;HuL<61%h?eQt5h(9sXjJS--=;`cT)3a96a9YgvHC_4Yt}`d0GnwT>WQQ z;oeHAm^wVlVoje@Z?sYA02Iu$o|~L4Q|&Gn<*^1EfS?Wo!7fArceV}{Owy*j)u?%4 z8^a5)R*Ez}na>YBcJjY$p+zmPP=o6c<>lYwPg@abaBWOeJbJ&IblCfMvwnjH6kPcB zO$i@YK4x->2frs5Z$1^U>4@82>&{T{6PZos;XK@#9d5@=?{*hsbsn!;>nTA}+q)g0 z!Zqu;aNrITGNj@4dv;$}#TnDO7hqgwhbr9^xqQbXWUJ1b&-JJ|YSk=Be%HJ^8TLrT z6g%EMJFF;v;3=Rj8&5hZw>SM*MS%YZA6T|IVFBHeG-1c$Ww=zdDB3+**a{G@>eptKDvG z&ARfY^b}8&e~|WNL9yfcG|kKGu#^$Ynz$_`9kl5e8LTs5kHdbT$Xid{Eo&EGW?oF` zQseuw_X2iXyX&UJnDf$OVU>Yf1JD`I@{Ed`yA}y-hi+S~Qo8AG^6XJ#@n7yGR%c2x zM+fehzzZTABnKk1yUpim%M?>EC>SR4CV96x!j2kig;Ym4E@ympgLb0(#9tD(Z}^JXnb5uZN;bXPZ9Hf-=5EvE3PS8HLG|;`l*bO?xKthL`3px|4@Ck2`buhI0q_ zrqIRl#kgFa9+9#K54MDqQZS!r_&6J-YK|znL*n%RpZ2aZs;X;SFH1CvN)in=N{j^| z2t+`n8@niAK&6)$1q2ZV3B9OMZUPbmA_xe06_9d3!6PEo7$itJN;w3S5^2H_5RfkL zzO@e#jc<&XANSrj?iijQDVx2|S$oYnzggB=-;6wIEVV*kYA3f}yxz&KXH+F<%N2Hb z`m(;2Vz2U>PIYZp_b~72mVu6cuJrP3Q$-t9{)EWF`U2zh74}aqHT6^-$?U$>`+`S}Wr9Dr?TnU0POGXI2nTd@OGwMm}7hqgD_g zlE^)C=1i)G>)Fm?K_aUKvYl$0am<_feWw~+GfF%Kxa zy|fnfe$|~d_|&h`2%JJ-a-!5bQXhhP=Nn4Bvv4{1S0+Dt3)z3J8MowEVnHv=B^$Jx~2)_Sx3f)-DzkU(!8dN)@DB*!9$QPI4fzwH)eMT#p}d*u=b#1pwjt(T zu5~>Z(&--s+M#?IjR7h>4W|V6*@E7>nr%yY)vq^Tmqqdu_pWT$wwRCvc4A77a${p7 zW1s#^1(skIxRf&akog9r$5+qWVA+xJA4k}oQ+6+4$l)&mTz|5al;^je@zKWHBWf` zIXtt^7W*?oCvH9VbaPHWJEa-iGZMWKW?JPHKy$i)kF(dw%APBd&P-yE$-1@l674Gq>TrD)*t8G8qMagU z6YH(|X08X1hB2;_(Q~GZ-#dl}zUxf`<4Ukpg zBUH9iCi}cqr0c3U?Mn$C=8S`zLmt7swH@Xd&lho_yZ;9Ydk%aJp0WN@eXCL_U0> znaeVu3I|)rOjw`#eMNT zkRk@MR{s~kz&V=Ng#Eg=KICR({J;XTVYza-S=X#L%qRLXFk9ftsC&@MO840$`eU{i zyYA19WAwfaoA}lhrs?eLOpmGP#>>a7Tf3Hz0u?niVYbN`tMd0B)3iH$m=6H$VCF6E zZY*$wC$O=@2E{{QrEc6qHppTB$KG4?*myy}UfWHZHc^&wCUE)M-rk;J8n}B`f_>t| z31#gMhY#AacJc`>mk&WV4o z`t&~<07-D+2cwk$=2D3GUbyzrCIHx|8Gmmx;71vIGDTe)P6%swWf}3FKWDb(lqghH z&?urhLfun&pw8WXo|rn|XZGnibLPCZaJf6R%MWj*U?eZS(`bDT-!ulS5S!X zlgTk)IRUmjJX8_+@Udg&JmKFK=DawqI`TZN(g=+C_wV0dtE_Cqzzz)Q4hx zsBvkccc)`i(cqwq$SN8-gXE%jg5o@d3pVH2B2-Lq-k(+ zw-%hx8F-IgVEA5JeREGIcr*ru*nl{XXPd+xJi4+ik?oKXF_6`&#^6Q`0^z#xu>ndy zSZU<#?OoR$;LHS0P%KE&T2fpmvY0ZPs&@Z6zp{pQ;Aq}#L3~ah#m-y+l=Xw&!2LJY z^RGF8LmO<Ct?;&`c zTS$MhdM|Yq|Ga!#0vl;YEB2(Z7)-LUx91qw4|B7|`chK3vrli74A$f)Q{ihHXBAtx#`Y5-l~enk&fARv9z#Xu$y8Nk#^$v019H9IJ!*L%4mCgIU+>@Z@Ha0EPx;@T0{xWgkOj*soq4^n?g zvoT9_`WSk)O(SgiwtziME=8$~DO>#Oa4hen3niQ$A03F&_wKK@;>pe>4~v1G5t&^% zD%h`X&E6*&Tvl7Vh6!4bk10hB{wkgd6tZC%NLg|s`QVdDp_N8WO@%>~HK1te?N84& zrP0yupHzFcBLe!ViRM5x*hHB&fpTA|0f&ZuFHpZwAnKlEv{YDlSB8lY1;)*n>)u=* zqT1Zb&krXRd&9poQT{ui@OK8Jo5V*zfp{=XgAH{@{GKq~rHdEG^AW<%4vxzt2%sCY zZr!?lO#b849IW3m*xjfEonYU>S!MJ%sABA%W>ctka6odLz`lI>G8nS6_$8b4bVW+4 z)6mdxp5h6EGCSVz=c|PUH-S7$zD)50oHZF|YNE0-?K3s>hJS zGU|e8eypQ0db~7J&6q`*ufx~beKM7LE$Yy~`K_JtW#Q9&zckB|CG>%>M6gu+lg5~f znMZd%lQe*|lzHI$cLI}h|1v<@euHYt_uJo*yNS%$etKH*1eGo2^?0?nrd4kYHuhMc>1?^0@V z%3WUKHkFJI);iaF(riCxsKlO|WEH>X0kmBX{va)qY;YVrr7?I)6-TKRce#iE_ddNno1n*2T6cA7r` zUKpl%b#!#NK7L%cFU^Z==pB5ZpA%R=K3dPAIdEE}y;pCzBVvWhBr&{FPET-3)7VHC z2ZFZc_M#?Igt8sJgFaairyh)oPqgJIZ61cV3hP5j#+Wg*@%0mpAQU=Wv9`^H1n2a)R%`29V&eIa5ucGagY}w zu)Pf>$gSdHM~~zTwS@I!oZDh_cOatCasx5=K~yT4pVf`ulZp)=VJ{^Y%w8-iTKd~> z+qLK*527xBWJ)1ZsSw5hud8MM-Bcp)3kP~tH@@O|%ZeD?_*gn{e1ooJuuYjQoG5*Q zHxrI`4yhzanMYx2!d_y~w9^d2wsJI~3G%|B`T40+h$Z@iuYp@I#F2ch;j;k&mKGM# zmg2LgVc6EztD7A%R%N4NN_!NAU0OYdG*r$b(UxchlIq&q67~}G2>LKmn=%1ntsbK* z0h>%HTq=oD>*A$L6YtVgNK(iTH0ay3wC|&54+kxqY-LezNkS526!h@O<=wx5_ZLGp zJjGORQTKy<97-?Oq69!2n}L&S%h^@5TG!BE0gx!D?uuuV77Dqt^DM>6JrSLDPOB%5ZIm6hpU`2n%wUdiB8 zbg)y(zEK7mdDK3a&}8%qendp&yW+O*vnFin3@yXkU|)&j>@K0%rzyJy_~sRuN*Avx zg#&6vE0H=oSPcsC4*8$zSGdsBXU@ENme|^pHs%j9#+|ejk6ObL9Ta6$kW)mrAjp@C z8&$0La6G#T5;J@)F{^BENQ^r&h2+Gb_>aj3MPy{<7;y2AKmPFd_pkU)mPAX;6%>p! zk>(7ytUy*og>)xl76AcFUmwh=7?-Jt=$9NsO9cE~B3Lu6CKn)hzNp!-YbLq9h#AIr zU3Hh>@Dj5DcC;L5tNJm@frxo1p*aqz8Ft77YtpV?mZMoSNJB8KPU8roVaFOFzl^bA z9(wnfHB#NJ;Bqf?cXy*{Td~bJl=}O_#3yXEkRR~21P3`R+1|&G%VVf%>R&A)4aWEd z%!#gah!xxW=uufrZ+PFVUkF*)xK|LfGht$e9kmlCMu(Mz@(*xOK2gyCm2NrsXhCL) z1c48LFilw^B|BS9#kn)Wmkx-H^Mi(`T?9^V#Aq&{g@9`))vP~7Cj9gbkrkKIQrco+ z;bNGy)vLupFuyr-=h9voz48d`ifJX<^#+Oxh8>xp*sxLgkUXrwAOTrr_4OK!p39dn zm#dpej(&+kIA+@r^xppcG~*Q%qz33U12$X+i+j-A<8QCM7KK#Jn6-)FVT71a6dj zL0MH*2>Kh8TARZS?$tL{Xl#`uBxC{+Io3Lpi0JwkEA#J%pP*KDEq>C4OJ zii|@;;aI-N3qRRk4f}ugr&( zViR9W$*4+j&Ya?BzoMpav8R0|k+q+&szauki20rUXOb2zXbJ)`v);KOz!!A(Iplj9 zZZUx`pK>>m1CUSoJb`JX`2O)t+4=jw#8OV%^XDc$)WmMWUmZH_=9j;pw%@|jAB52b zD?o7h>^@*6ls`^4Ug{wvCHDzc-AZ(|igl_*PX*cBQ-o--5);1&)@)YLn3L+#{q&G2 z25CHLKsS>Sn;VASB|fq8s;UtV8Lz?=#SKwglnnkcJYy>9jYSARAGg;AgsZT4m_pmv zXcv-|j3~d^VMrlm8VRNC8!XH^>atbx_jd=<@CiCF5+UdIu~3VE^ax>$ocjPf&9&Md*h80~d zd`a?;`TNlg@K|BhCU9@Q3|saM@iB5?9i^s#q89LY;Zdp~Ec4v4z(49>y$I^A=H_~z zU>5n1gsi-mja9>Y_wE6g1gLc!W~?I}*0EFF3)Uf3JZT*n&wMwcQJY6$!4zUM>3?#X z8i8;EDwDB-jGJR1N~N%e+ZVqevR&{O07Ge9MJwE$>hs9%FEGJ7VQ=w!?ld%F@ev{2 zLQi25y^sI%Sg1tgEuc<|DKx5hfpVf8V#hWfFZ0=~T==8v+s7KWM5Pl_p$k!L(HTTk zP(tISy1JY^2Kf=aQGI;&>~=$Aiql3kb!Oo^Cq%K(!vmrSQC)^6!22deF*pcOtkn4s zSodklNr)nOLKF?({wa#P=lP<@QncU$m&}rRxSh?94NP7*{R|2#Q+bMgV$woAaD_Bj zv9hufp$hT{Nwv%(dbRrcH=6)^JnBLY12XAVCOFo{v{9EM#}poag;hu!cWYx^5P8wY_k+H7L-pA>&e3}pE+TWf8^ z)%5g%lTO5EC>6U30C9LJi9YNxKmgF&j`#kG)&oAubneo|x~VR&t*sDX*8YY?l&Z9) z1Go@mt9A{|CV3w1&!4MyU9AUV(kKYQn$ut0$ob)X?HSN<82|-8tj<3_jIHLX z9uj!@B}+5`th!>07TsD5ez6QI!_W9_RpKfTB{c_h;|hSG8atu;&W7@lsdwXD z+)b+-aQ1p;V#om>xn8CP(--a6C#`|Mp2U=M;hYv~z=aTEYUptBOE803c;aHNBr;wI#x>#<(55PhXthG)<{}^SR>4-t` z!f4sq{=V?QSH)ahQLH0Y>lXz1^)EHBqy(CDrv_Lh>?=A@^EWZA^KnPcA&quh_LW0 zuaKlFo{^LgOMD7hzSa&km~|D98mi*>Efm%?=0j#JgCbTVb_OKex}swKqkxT(IlxVXZc zO{OL$6$jQHqJ#T5&UlKChC&pF*W8?cwi}fSzx;om`Q~Wor^NaQW=(d^Jbywy?(FK~ zjgDqprWx`iNZxOzW@cQ6jHG6VYPZ=$)&bvIIp8TGDtaq&D)BEa{Vucimgp2h$cw65 zkL^6Yytt*M0Sghhwy3MCCnT7JA@^v_oKCiP_x0_qudi3QxGM`;n|$Bss3}6wN~cQ# zrWn;qIO;b)KA$CTe!KkV^BKhP*5|{|-+Ac$EtsMA^Fr0+y}mHU@?IIH&(%nd_fRupJozmSMlF~VJ2r_gI-DmUv zuk-zUIcL3Rop;vrEQgtU?z!*%+rMjH*R}Wf$x4gj+#$MyhK7bC_D)zH4eh2W8XCGN z#&vk54?C&@{=u|*r)GRBYvK=TCN;-k}_;jm5r`nE=@9HuA{&{6h z&1kL~+sl`w=9A?V6cqZW{stw-Q&qMo-B4;N@iI94(*0=rgVWA{D4F?qaT=cPbhW*) zu`#F0FT(^U>Q}E+F^XJ|ZA!*9hYg(TW{h4sJ2`oO`^I55);~U8rC4yEjI6fW z8FQWYSMin0i*4qbymNCIS1f60GCG;CKZ}dPM#+51#l;oNX*pAA{V^GT%h%V}?eu_2 zr@q#BDE(vGcjK8_r`E_qS;OAA@xl+DwW@jQ>~w--RkntblHEOghHE2vX*WLnYYU_f z&3abzD6q|9x*CU=BX_|*q@_hzzk{9KsQ)iAQpbJXkH(H$tK+cRoJ7EVil3i0yu`4t zt-T$K0&e389-gcSlD;=s;Nob~vLRegqE7pAIW_n$oasaJH>6fJPv2a#&+hK7H(oIR ziBZ{o}^Mhmbg7JFhxVYN^! zHgu|aBc8W$Nx5wF&W?5H^0L59+i9jQW#om{h|<6B78{&yM!j zMo06tYT~r#+sQm~wQ3Ij{CwKAa?H?OW;(jiV9z}*O6H~rtK}4!k+JmkCYJyB`QFNq zysH&Yi7I0NAq(u5YE~Sed50A^r zU>aN+v-uZ|Qlp&_4a=+q0XjN5US8MT#hy+__pS)0H$HdsR<)AS3|8;6u(0U6%HGG< z>|-4E!hEngob{ANJ#Qo|EG(2pW^=lxA}Q&$_T}%}WTlV}rOkR%Wr~3c7BT09%4b__ zCu;=_2kYah>sy7ot^TBZ&XBvTPR3}N&;N7Z<$yYH`3$4qNq7z*f0gqw?_NFNw1;tA zw(duBw~f;fCR*iYs0Z)z{M-Gvi=kDLC0*o3-uZL)u|@n@p5uEpp7v z%s_fD&plY(Kk*@RA9Ht0D2Sv^EMkB8y_#P_)+(L8XB6@Ta#bDe36Rf z*qA6Y-I}RGUK_KuvAMW7-O??NEiEmDOUp=4hnrnRzbPB=yQ`MuLD^ z`GV1|RLjchYHl7LjXY)jY~=d-`symZ*PouAp1!_{aWj+?ZC;pzqm`AFqoYb)N~^A4 zP*A-MQry5G9bpnKGLQqCZ|E=x2wVc_c64;8si|#lZX$A2EQd4Y z#P}alw7_!~o%*=&aOB$BWRjp~2sYy9&z~R4)YBSpZh4+}8GrKlu@fxN`nuWe+qcQc5=8=u zoSdCaHlt!<;B@1|!-|jz-1e(sztj}ube6iiyV(qTpFMkabadqP?c0QoA+u(s)&44C zYHBJeDaoKGhU=A)qF6|1DD0Q5g@uK$U$3uV;orZXGD^tLREP44Z1^MO+XdCH-j$1v zuA{m6DI=rgYWrJ`d(LhF1Waw;9}i{9Jw+VA+12Y^t85$%4VM7? z+)y1fP>;h$i38hIblmpCRkZ2s@Y=tA{R+`_-AAYZFm~?u_V#L3+dXDC2^$W1TWq@| ztv^92CMLEroE5rvm?@X4?Su^f_3Ih3|CZayUNo;$F`n*tu|Cv&rHy(kC~H`RcPKV% zw(9NIMmpADsYY_ub`vkpX!!WF$^s%IRSq|&0g*LH*{EMah~RoO%FTX`dinTtVK#-z z@YBtnlfJV0yF8Ezc~WS%BA?YZ)8OIZ^boCMyu=U=ciUT*Lp=Hd0KlYCes$G=PjZT4 zy>VP6kg~qM7)WghVHCH$$<9CPgSAna&1d(Ch_b82F(|G!ZKSrdnD&#GM*Y6`o+?f* zEG}A1lp0T#oBR3sWrtK)&H|yB>r~(Q``h#B)2B*(IL>D=aG-l8#SL1F$<9I>$>NZa3ow zKjC5pGSg4;;K2hz7VWd$K7lTZAiNYP??dTQIXVsQa`^UgW255(1J;nsI<7n3ap8}! zzX2jjMzg;4H;_)`uLF!i=00(EcekuRHjta^!WB5%22iB$qxB08?hAnLM|H7G-nQ+0 zP!Bi=;1ulZt6KQ}3w;&b=*s$dNg9ROwJ^<}DmT#3I-4P+;SUHtefl(}f*yu_s~N)1 zW4HVqR#vOV!ELvPvs0%JP#L>99&$Lw%dbmXr$vF!IC=8x@Ams_4G(pMMXzfK_y=q%3%11 zP9ZEU-3xWoY?fLR<7Z6F3D86)_0o6vWEd2v-QCNr%Zmb;M1BYu<8O+HBB=Lu+f7)+ zoED|QxL$Ywp77KaNZN*Jp1u%*L(qwz*0RCSz#xIw$)+QOsiK3D8*;=RZcK8%Z$xtvX|%adNC^9}0iQuRa~?el z8wkqQWW^Rhl}^4stv1li@PLCXO+d9P4$Q2jzI>C3f?}?ukKbj^n{Yj6NXQrPWp88B z5!g-k(QAwkCF4O)xKN!81y6WC^}DxMR#tvNzkPA^FF0F)5{fF2&bhg{R$+kyoh2%X zh+NGo`5?GGf&e6tuy`KFe7yPj)_`W8tB4BuwzRZx&U|{x%d5G+0O1CJQ^=5J+WQn5 z8VZoauiJug`ao%%k@o4+e@8q2fRxF#-bP*1uChtXOhuQay?+Dkwf9xk4GVx%kC@S) zHKOA(s+VR$zCx|b_A%&<%R19qURoMWe&aKer@`Q|UZ7F2+4u#$LVdHQ8wyo#0v`j* z2%yZfXToJYAyg9e7bm7pFUZONu4E)aWp zBZ1err#k}#FnwwLhpl5Sz12DNA zPCF`{Qd3dE*Y=okbeRJC1kb?Ho*)xc-u`!A_-)L=L)M=AFdZe18%%soo87^W}$3rW;GA$!RChEE1@fl$8 z+HjTv&`Tscb*S;l-U=orW+zG7V-ZD$^YimJZ{BEWYTDQWqlwor8ha+^77w71Vy2f| z3ZVzO)f>&$?q2waLRe7n%lSKIxZl%0kBg@))z#Jfs6S7kRx1U)N5O7k)F_uMOD&cW zwy{CgI_*kQhXw>lynE+svKP9yx5qi_s(}CbIxT74BPd4V_J>&@b2!fxJtnx!ba-IuS&>-BZVju1O)-9s7#J@vf#-RZbg6%4B zy3U4tlPVG@U#7?Jc2ZiL-47KUAYc4<;J8@=q&zSTFFZ)e-(PP6G=@5=uybhxa`YGg zGoMwE;X|&jUL_tgT>kMOkHflbdHEQK8CHcK+~n^(GJgH4y*ODLB)J$K9!7RW_Qi22 zU<{NP%4FpojTL=F)^ODX*5mRVbs!o{>h>>?^H=f{sI>KP^FaLxcT+e8?fGxqxbeq>L7)b31xVv# z>~8?*BUuVGz`1(A-6iACJ(C1A3YzN}_UhWca}MI9i>0AEmQ$v_;k<`)miJ)nV=&)A zRBhdA9IUky$e3T$^VZhZup`4yDZ_oPFoWx02}&E6e&@p#?LCOtjQgqiipl$uad@%; zTM%e?u6kLg8ApM7nF$~UD(I>_4^N3~^6Dr97c}`JqEAK!632YvrGAc=bUe3I+$%YH zNpbPcl(zv3KVR9{*ub7WhCd@ zV>Scfw{Nc`GRTdDgalYV)du&vGb3SPVMWETDaofaG@_3Us;a8YCrZWc{8Ug-0KjE5 zq=gDe#$gs!Y#zfZSZOu)6>q+3DS?>H;QN44sd`?GCLoSRQbNN8jd7%NVJJ4QhY|9mR?Yhp2+ zK?OcClP(o2lqf(!A;=Z92*r78ZjJ(RM%5|8U{Io#e}F|HBqVg}?h{%TkY{c{vOrlz z5Wv3WvzU72=;-M5j#s}1nO98q~ka!x@+GoiBJP06{FZ z+fCqHY;IjWbV7dKlt6-X;Bnkk%r^!T@XnLxEqgVtYOHma&8AtUqH{`>nb3HLj6`OM7}7Z;bv?G{=HMgEmY?4%%e zb9D_vk9@-Ks;U;+051_Ts*-zH0p-^LK4Bvq1qKCF`3|xltGZ)A(T=wup1Im}>h;_7 z8P@lNGEW`{0=Sa~HyXVJcE-laDv!9E`3SfqncLpL(_mgoFAQvKNPxljlp&d!nINxN z)QW|xWrIn0IN)G46kKX2W)tjdZBzxXUcL)Nd#` zv!_2Dph{ z?cpQ}4CY1oYGzHsy~|+=ff50wnV~rZ1PNAKhE)7Dsg?|e^mi8eh}65da;T(5Mi_=dPIH|8c*}VUw)cA;e1dOz$G7oFA#SHGNYA;~Qz%=fFQZtsf^iEj~t!T|j*na6KyA@d(>>jz|V=!_^ofHmjz8NYFuSSxdqB z{+>3uuEgYg>*|*mAPp+Zgl8kvNrd{H3>3+<10_v>Wpv3isV)^SAkFW&=1yRPS zW?3NnAmoltkoyPA18??ISnBo$LB_BLoq534`E~SqFkg!&bs&?M4fs?+98(%F)Xp1o zpo&nl;3X|XX#&-J^{}x~L}$+IWkw2)6Th-bS{2%vvhBOldcCh@5_r|VdZKUZT$uxR z(uh895G+*;t?h#{Js4WStl@9#oK#ct?$8Ta!lD(CmF>SWW6lsDp@49?pYM-C^#qG& zt}}XpS-Unf*AtlgBrbPSZgXaJK5d!h>`Z<7aFQT;m4|VIg942b z11T>3R~{Fx-c%T!g5X-BZec&#{_BZ*HM}$D|LQVtftET@ z@KG$#u7k<~j>Mp@iHV80xOj90_VrE0|HkA2QhLPJfxIbK4;%gakmP0hg2rN^oU z<*7BLx<|FCsF;9JRd%>AVAkzWOAUeE^&>HH7D%fE>v&Ba5xWVkz+jSFP*9Lm%uA=`WFL_Dzp!;XJt6wBmi1XN8E-nKr|Uq^ zAFLH<)ud}OX1n|}(W&zGHKFA{bznF+ji5m8F$-awQm9xy7-Y-m>0xw+Zh z-A5>Eg3`}JXB!+4lS%@F$L)hR9E*#KS7g6Em@GIbNLogwudgpM=p8$O@r%gA#>PgW zf-94$bL~Fnby=JL20Z(THWb%Px=smQuwfu?BNF#tAnx~jL>%>Vt{4?yGhfM!P1 zmD~#h6O%66t$5sQrdYoV+{S0;>3zMu39R~^U^_72u&6YxdgUf1k%I}+?@r(yq^qjf z6*gF(e{SZ4Z13n;Ne$*F;&U!_bJ+(}1FeW+ zmXzOr1#a)f*>UzyBKEA!;~eKZv|S2K1qrJt=8JPJ2YY*^eQMfzoC&a(mwI9y0|*yV zxC^rGmdA-Kqiw$XPgLxIUR~@B$)M&zxhmo4NLWB@7?g8m^RMIqXbvAApWp9&{r!s* z(P~Ww*7mchTe#zUfz0&vu{?YB3tSM+coHMnHp{?Aq1Hhog4kFJc+|!DsmsAS-MafB zA;LjDEAvLOqGG|?(o)8{f_cH&Orj7p4lJNJK*ha0?(}+f^xPz(kQw8>~jf{zli-W5GGf_O?$`D`8%2-Igqfg~QtmH$z^~wpgkSZEXKYArg!QINw z&%fn4*W&jed+}D9JPKDDA8*PZR!$m-As3es2$45JLbY{uBu}0U4h?w#?rG44tR{)u zQ=>a_{YL=Gv(HX9cwB-H;y+6ThA-%2&=(s6sXneA>`Y7>zYw(p4T*4m5a!Lt?-BCNxGf-|^i-_~_ zX^(pGQ3M$H=2R6l6|Ph(`$;MuCFtd5Tmj9(_rIlhFTpg9d1)*!;(bo2G?7xxz^pL6 z5t+`0=TLF3#90yGA??!X{Bfs`ZfAR2HmEW>JY31ORMA~g2Rw%0qL1yMn?$us-v9mz z#%}fuGa^<;a`G|qjYz6or{@)k|Bfs4=1nA{8fBmr-DB{~k}Ge%5JaH6t4ktZLbJxf9C9IB zuvKv+UyGQ8gsG>UfPjF*dcFlXB&mSA<~V*i09ohJ>oNNsreu(+gEF%J zbi9$sbgrVIqEeD{Qal`EShtsu$QbhW_U_m9ZEZM+payoa_JII<30=7B+B?u#i3`IPlM}Z<9;H@$GfxJCCb3MfqCYpY&9X5Lg z)Rvx;_=T<)D?i>_9c-mK<2&cW`8o~Ei52+NbaY}|Z0}T6RY9?b5ofkd(~6jxBr(Xj3?l(~1o@p(0G{W)pxK2&1tf6w<7=6FbSus72Cx$>Q|u zm#K#j;Y7qiE2fSz>;w9Aw$MIl=YAlV0rZwB*&HDLy$JcagV7>8h#Q#dRa`=MyFQS6_{(@kHiPFpwVr?IldmC7hiiO(p-ltX%s&LLP3i9&nOG^yt zp&p>?!veCMsJ!sN?u2gU@=!(}2vY=PQI+iy!M3F$$?0ME?vA)Ey zWey_SOo3dX?hA@J`%s*nTo?RoIl{5Of8XmPPQX_?`0yLdk~`BCnpr{b?41Z5lEq#C zNwR4Z7t_>?LwWoFn4ff5$NtM9eAVkS0w_|Np^%i3A!F7116)9CyiJ!Ek>f5gO0KnVdUj0+AJYN2CL z5ko)aXcy@42l$eL`V$lA6hYrjXL)@uJ2tLDBQOmLDK78!=UNbpt%)8NYGplOfaJy9 zO$A58rc3}l@Wez~1F2j3`9r6x7QzZ_d=6UNsg>W`jt0=wqL|g1MNz zat>{`WKG4pEb?bG8q`1%wVhX}oCZwF>i0)9vUhaSE(DAF1THlZ*J+`4fbE7#kR5?~`+*1$TU=#4y-K zYA5m#T7q4Is>z zjD{i%<`NK-Qr*@&$U^fEA3k(W{sL|sf_f0g=Tfez)d#H=2&s<8IX)qw<6?I-Y`=+F zp;|8II&HNFT^${dIW4B3Sp8}RuM@0b=-gaM#w$>VkY>l2UnpnNpMio5o7j~&w{~@P z4Fb;?%%|_)v2zgIU^^frT>uO~+JzA|H#J$fX?Cz4g3n5~mI4~w%Gt49eRB8QL zCYXrD4Z+}qWk|;_yam$%K7TB62(%fzy85VZ#7!1nVF3PhpmN}lJGi*ev|oV^Q9v{X z8-S1>O~Mbt2lwxTaYyS-0xlT1VVw?=*?~%l>u}X+7MJ>y$5)+>YuB!!bQKkcLEwZD zmzs^sAD?qOZchCY3tcE#hVy|5_&qQ%obwa(Es)yS*#UFFZ_`M?mj_4r6SzFackrW8 zxW};4Ut1fl9#)RJl&% zkL)C9DBYL7T-@3c04;&EJOQ0m3*N8|6D=Pf^fw0h`T0T4?Ck8Id@+T5nYF5Ei5aI- zKwh5#_py0;47-i*biD+G7pPZ$er+|;_~#$KW^*3pWkSnOyC5?05=0ejoLX4SR^6+f z?(g@H*iEkNoL{186g249uLC!L?xb6+D;GvhUa8T5F04qR+d*_`RA?w0lzJeJlhD>; zXIDZ98+C@!Wg9;QIH)%4BRx)Sa6dnR4ha}z<{YsvO|&X3rX99sm@Esb+pk)yGW^HF zTv;<$+rey{k_9M9buQD*~K=SaMj-XtE=^@~rIb<6l{)6w`EpPXPP#7k1TRU*halYsfAbI?*Kju49vv zlX|RlJ_2|`S9S-4AEgTk8rI_q&Aonb5s!5*c!P*0X`S=n7|b*W2L}s4-&$B0Sb&v{4Q!9W6?Ho-|w{vPI3vJaLXKYlFl+7I^RK&mJM znS26`kgo|MTPmKrEOS6a+if2qO6nv$uKijG7Yu97GLvu{-gmJ*Flv;-SOsGeSH5QN ztB|Y733jW`(3}n$R97awGO$TqB(-10_J9qnV4w|cb1)HjTa-K@0Rb% z5W`_^a%uf%=QnIQXz-;~nA5Ncr}sWXeR z^ItsOFnA!zCZxI?v1tVw=O_EK&TDyKlhKMsg5yPNw~YYaf3*GNix} zH|UO%;}=DnD!S_bhEu2E6IonTC!N9296RVpA1`hAlE`#8a{yQ+Kns`*`%wB>?2>HarJ*EL z0`&0h^}oqZ?zQLE0*+3|q`ue7vo#j{)ja?-x^k}S3&>sS7>)_;@0Uf2gYg8Ho3C2bG&-u{#G3hy9#6<_ZDhj} zmtVH5qd*~}7l244=n37!P*MM;>iXNaZn;Az_g{Ok3ZJJU3VO6Fpx)(1=BPl~Ls^9o z{Ip2};bAf#%=!ZO5fU2<(sa7ksl>+9WwXiWXY?`dp)AVOVSuY17793) zs?%pcaTY+8Y^9v2_ItEUTCH}5*U?@pz)Xa=xc~6#*nhnVs@!eSw{KfpTcQ2%`SWL> zln9nB;Nw}BRxmDdRHP~mP7~$Rr)lMzFhK$ormVmt!UtL;P+8J5GN3B~V*x*Y{9wgp zR0Mkk3M9ZX45rD-$|n23l*QGS|Mw4UH30nBSdI7Z->c!=lKYUWY-(p`CoeB=VUZ8I z8TfYx0|H<$z|ZfV(9!AXXqH0z`{!Y+Xx%CDRbaf;zhp4wPVce`9AX8pG z1TF<+&W2|LOk*4!eS%RqSjzT`*pQHr`;Q+-$HuO$tr0(Y;u?#65FHiu=<#D?*63fh zV*6E~h@hQhXlQtPbo2*(k01K(gDW&%SG8}7P=x3i6&qU#7!c>KO-Uxid26!K%T*16@3M7Bgr=y zVZ3@6r4pk5=gI$VQ?HA%<2N(2&BlvH;wn3tVTSiL;^Vfdy~1fL);*oJx7R+)W8hIH z6?e&Yyu%Z3k03D(x)^y!W9|GZV7wPe|_JU}zT!b=Ij zLuaUY6fOb-ZS*zRN@5o*p1GJb^feD5N=ga6O#Nw-GxyELilzdtqoq9{Z&3-?`qugT z6-L_opcye&I7pV-Y~1>$p^A}tSth0b)j=%6V%Ph5@Gynw#_oF*tW&~4Q(U=XF#`F^ zwP=42>>}@W34yvo``r1VD+n>MzWIQ^%Sr+8W_45NO97v5v82*Q~f=LJ`3S^M_Nu&<&-k2z)T z9M~ZU8zLE*CI_A8)4~`fR#gHSmd4P~D%Hq5p0Jru=+|jyj0UWmt$ly|yTkwyPC8M! z(`H%_?`S=+W=F|6dUCvkqw^_QWXHwZ$FR)INofCmhK#_cSvL!OC)q~xAYmLd3rEig zZHeyZqKvq8XU5IDWIl_F8tu9M;iNHVZ(SE~hE~${``n&58>lTKKMj?#6qs&O5jUJT z*N-bF-$qA!t#*WrEFDN?>5Y=3VJ|Zm7oV)MUF%ICv0s*r!J9`Rr&P54qFxm_2sM4= zwBY41mfyIB-uw0~lAu9FJw^?@cEz=pmi7gYK%&PChtI!E;=uAxjYt~A24^&%xnC=D zCGp0CrC{Mz-#ALsq!4zfx9^%OwU#-)b;^ZFVRFnJv@%z-@?KrKzAUOvZ`-O# zD4{;wS{2eSWNmae(WTd;Gwgl5GzP`Yr_}P_Nv9hXb`&ku_M>3H8TRI;4q?ViOD1Z! z4-FMsXu0mVh+zs%SLfH)2cZN!lM6{dH)?&?#zwQ!u(jzof21Q(Ma|WvIXw-&Zg6iG zOCjH*lfI3g95~;dZk7+Jph&UV3Cbd$(KYirD^2-$qVHnmB3)seC#xE z;ao>kq{=8*$h+h+UstFX@?E35DdbCpxH$HEAloB|aW7U=wp%-7AZMNw%XV$oSLN+P zBDBvo9PVdn>SdZIdpm?eEv?AgH_l9r=3F+dgZw(KzUgI2Xz1ojMzfX{?k6V_?7J8C z|JsQ06+R{1p%6s-O#iR%&y+S+N}}5z+m=v%A>Z2Tv3O16JBhahJ_%LAm|M(cF(^1v+$A zC|AE_HJTBZGNx-_1uv1NE1;t#b-t5eb6noeC@HyU@l$qp4?>+(+iMkQb|_dpCW+Um z$d}l0$$Erc{S7B@V8H3EIoeb_(9^#TheIp51BtDWYB{0|GRTutlNv=^wkNMb&)=n9 z&Ila8;O%N}?yoGjec@tnvbedm-`6TIs)ty!PyW*Du6-5^{uQek$4)m}1|Ki>tjBD( z(V0q4wZlesPxOQEaQ&avG{4fKgUR|nEycS8%$m0PkFA?^{SqrndmGT|uqf%UySRyO z|N1qeaqBHwWge1ntS#Sv?c}rQd;9j#$jj)UA~_~Q6`J!*3x0_P3Fpk@ouA(JKtUlFP`9Div>1s58j-qxr%Cts|-JbjVKaI#^uN7IKWnhGjF3*aKxeA&j4wUF4=s zepgjGQ-4Y0!BEeI_FWM}gRyI};mcFkwW>Fm972Qe6(3Id>3-a`=f3x7Ik#@*QkAiM zZB%M=^P35x65&73{$Sp-llcwR-+*gSh+|7;Hat>kpqPuv%F-31`~6PJQ7ajCx#ozw zsr+AR^S{E7p#EGv{@?mx&)smX&)F>$M}j$tmimzp!oPQuId9=N2nx4!;Vaxnqs8Z} z06yQzEUZs1NPF{5{B0b{(qajSs#Uuc-Nl@*?*+cXT{uiYV0t>5ydM_i>S2_MBa}6a z*OXJ-1%Fw!_ZxZQ5wvYEqg6ajEh?6f6@#B$<^AV9c-z9UrTXea|Br?K|Big)QgpbM z{Y=9lj)`U@f<$Hf=I;&ZC4x-0TPsu7CF-#Z3B|AeJTz6x)&j0O(((YQNIE5EvAI5v z^1ff~_dwG36NPlRgt1iyCSHmfoueP&{5QNEr2La9V~hD4HK{+y!-AN2dhK+n8ye*3 zzj4<+X%-24CQAFNrU@web$>6OZ@o-^@TP`}b})LF%*U;d8?cM@+m&BuSsBtEk5g5; zChyr<2=;D_gfZ#~P_N3hE=5E%hFXRT$y?UW2YYPTDaEt&g7DD zGa%~O&nz8P+&%tLFQ2P(3Dl<_nID}8#-`e0*_iA{EKb)>nM={9^Hw%LTHUiTVQ)Ax zm!vUJPie@DLj9GNFUF(L_I1ZsB%dw@D?M5cr3z}DaKGqCoTyX-lEamH}8q(G)Tszk+yxDgg^Q1EW z&ZQgQx)G;UiO)%2gZ7`#W&WE}Rt+$3Z2C(?t3q`Yc=usPNaM{r$g~^RXq(BB&a52f zl&8{`aDhxJI@uKpQPK00-ux_XA33t~8TIB$guvr}`|ta%wA<@&y%N9O7su9FH%aqP zoUirrlYSH8lz7J(%T(UD8icROt7vaL9^q?x>~wR)rIv*F2G^SXD$X6oa`+IPTEq_` z=`vTY-?DdNB3WXk;(~jEWtcE>Hy;r#=a%rCf7Uh9u79Q+>s$Q+wg3E675)Vo?Ryr1 zSt8Pe@EDVWU0bt$81N!+M+u8AIXM$$@2+8`+3lOmAiJuZ>zH4SrAd+s`|I-cJZ{09QF$_j#1E^2 zhJU!R(ouR^oPi-bCTig;rfL4x1>YNtx%JFGb~W@I9%6y2!M7$U?W)j4OW{SSXL$|06C7Bjik?rK)o6 z;GYUVT2$d&tW*3rKje`(~fI&wqEe7 zkhx|Sv&o3(E)LUNXD32_B-~*f7E@`VG;Aa!;I;JX70-Ayw9mI5IxPQXvfSNie=(G< zHL_;!T=%E9yf^9|uPMROn3lgbHf?-G1=aVnm*t`ieY<3w?~b#rS5-dnq~8>se$K~> zM3w!zZX7$zC~+G7v&N&ZR^Zon1}xS=rmWC)AL3%KhOAKUH04zm;GT}_nDQ7E;8bYl8_j)&N+YO;$}+lS?(NC zhB!fuAm)b!>8_e4l7RR>Zx{QTItA2=?O7o?ABnf<7VR%vn;<)*9A~m3V=4@$TNz$}re;SsF&HwZIKa#I~kAEVZ1!*oE0q_5S3S1{S`3y(OE` z3K=dExQ3$fc=M!|KF8_Vmur40$To2XFpl|7eRz zrwK83^{l%@!EkZv;1BYohvg*F6__v5Dylou8X}v2^dex1C3}i7D2PTKqEB^kZlhm* zNq&gJGUEwKZx}0&aSPblsdJ4dv5UQ%hDouB0DxwJP3hlO{}c6KwvS-*oWH*vB@*9^Kbq~AT?n2x3NTAr+E8_7HD z2u@EYP-W!M(WyR~PJ4$Zd&e+;5wYWlV#&4FjJ+jN((3SnxnW+yo2MChbXI#^W9>xb z)MrX-FVM6`ShK6d!)PNoD>6S;#DU>g?29DD?5@$opH;JG5&Wp3u|yd|Cine>JB-xX zze05CFZ?^ttyBhA<=EpZCBEP1apTUBBJL9+b3Xb|P-0lZP{~^v8pj_`ZqaW&(w0QzQxIaiu4JLm%^r?(+IhJh=Uq$Wrj{4PH{;{(j4qRKAL}~Xj8_~`o z85$Zn?3~t#WllMm%zoG=(Q4w4;nA(z7$*sZ1ye|HGbjXUndYk#T*kc2V8+F{)L#}){0k^&W z{m)qd_yvibZE`TRLDW{(LEnC-!2?^)S=EEY1w^XJf%~7Ful~N-xr&hmOra(kx#h4? zng#sMFZ33_98=hJ3B3^ibR5&b{<~F-)31Y2R@~iP8WS^Jh)i7aWmV;}AFkEV*%|mv z@R|u?xU6Ydv7}X3K^iM2!D4graJ|ZQ+~;l?NS{0*EdNQ&x<|5i@;2GqGGh8#9}X(b z{T(+;EvXlKeyC&>YI4ej$XwhWS`i}ZqSBA*YhMs}bTUiO#1Z>wM{K=1QU0(ePr~){ zefkY#SJEh-Y~TLI#Wfn1rG)Q#&)+`GcotdEVz(P|DPdzjh^ujr$4IR^N&iL1mto=f5{e z4X(8`9?XDebhIH9w3=L{asLTUb>!rwqx?J|{`xW7ZhM80`f#cfmv}Z@Zz`e9^;;rO zxDI9b`t`~&DdI>fi<4gg4sr3U8t`t-CTF=AC6(;;{T5u>LgGPz&iI1m&u(Y*cYiIt zHJ~7S#B#><-*8s$y{BL4(;#EKysP-m3P+o~2gJlKSMz>E8pd<7tk$1SO_b+Rdlini zu=T|qY(GCc`e-X4aO+Y1sGExp2JkcP(r2KMql;nS??9{sI!5vme19acU0aJ`aL0cIOY>-}}0}(sz7lgj`w4 z4zB&6zT<{E&>2#xCsphk1*?OC!(*qn#klV{!%*Xwf&|9g`~HD~N39GU$h9xd`TPlY z|BY&1F6<}ulP`f`TEaO~c}SWeQWnQhb5uDE7{$In?y;|NakDhJjS1*Nvf(JWMP?5!@%A`gSj4NB=c>13m`eHJO#SwjwVtT+;DU z9ao zG{|34&L_qVPfjM29@=b*4=>Ad_wg^_t4{B1jt9dwu755!b zH=IhP)OMu~F~jfF>l8g_#b^_9Lf!k;s{+B@JbatlzsEhVT30Tv<@$JS!={+Z_H>={aW83_iEmX* zkL3eC>?UVDi)8tm&ZI?j(uht<=4xf$>i=kE^&!C`jPxxRez<)3`VsHZ)X%3YgR?ox zt$FJBG+sv=6$Ey+uXl(zUM9R6usK-I{LtJhK@kS-h>PPalg1|2@$5T9jRO@x4=JBC zo#Q&9%WD8fB$T2Bx?hk5SZ7Fv|~eTmGA1GUpy=Ho^9%2AVXi%5oo zMu(?)Nh0i`grddh6s62M&=-h$s;sQ%WMQjWFaCCkU}4Z)rYP1fHz`H&=J>+p)FyjIIri6@Ok;7)8)${g{ zt}gt%F)v(;b}Hx{p4IN^h}FdN`jOUG3IUwV_6hh(5|#*lFN|EnFS$Oh4IkTghINH&J(-f*bDj<&k-C08ZldCHcgDpd zAgDKI{r;Ro%PWjZDlM|@WpLWuzw|`M+S8hf7@kkOU>B&kHE!1QyAksnYa0>^=>z9S zlp6mYO1~K^sZ6ujD5Qpk!%oUI*rZnsF}2sMlYMmmM%XoXkJPhAQOnp!KllJHToA)N zdKg(R^Fz6A{3jJ%wfaFZKO+V#t8n>eQ!ifCSUr$5m_&XGJ=-$T z{qm9}b$#0MK8=TUU9mrnh6j1srOzm|ifGG-jSY~P5h2F~f_NW8u&NvI-RQGJcy4K! zr<`gG%wGOftAf_tnSje7$*dyc^4gh8iDR_{o!xb&HwOv&N`iQJg8dn)!mcfT81#2m z|GjpTb)Q$hp;swOcH`mW>-t@c`eE0-(>*!Nhr+3)*tWKU!n26r`O20Rn<5_RsJ8tPD`JT3rer4hXF`*z z_e*rUhc%sKM9b~=1b<`Gm$gg}!VFWsHaaGr^PJTu5K$ISXsuL@R59#3HvF`o|Ht7j zPBA+0x14ZNG6W@^d%C2X`Y*B$f4705lxwW&-f$qJ&eoP{;De>2rlm$Q-~ zwEuk4>9XV^6Fa(|N6YAV!}RS(XOnOC^7jUa1s>kr_(jw&Ehfw;QE(~yh>+RslWfnI zd6c=n4JMm0TK0X%QqvVJpI){4StVuJMWaQQnBmz1$GES)4sp-Tc`Ra1U;E0_lT+rz zyDcrH@LT)W-ajok{f_;{R%Iozl7^gB)kY!_cZ!}qn!GT*86)<#uTn548S7U%r1A14b);5OT6h zdP)5zwtZl@0C%?z^F6$Q-?mDz!7EM!%^eXX`|Y)l23*LqEn zD%!_`^OhBnRP{gg9SaZb<;{Ec0pSJX3OjAM?0l=|m-ucq zb-6AKRr1uC4G@vO7y|8HW>gWp~Adca_%+nHY=^l7n^OuD@AYCxc=w zTG@OwQlc9&=Zj~QEFA8BLY`Hlw`rR%kWlJhR?Iw~JAdM+Ad+A|a5BFTY|9ccal2F@ zp||9&3sX)~_gq!SoSsiz#Qt$2Row*bNee@S1rzbXgtrNggfOARy62MCyE<9E($vny z_cU%lY)y5*ZTZX{<%y+4=SMi3$6ixsVKv@9r9$MTv>>ZH(%MM;6M$h01&VuNz>& zn$cTXf^ip@xvt$FA$fjZu0qu*b(T=+mA1=sy@Rp$lrbE<s*5*r?*S!Y{MKaj@o+Pw?t*+-^_5N_eR+Y4db<6~_RxX5Cw*rWPP{V~@j zJ?^EWDWcLbesq%iZHIvC%iOm~QNHT8{4!j_VinASF$mbO)i%}}9mEgyz5p~$cE2jw z{bf9eCV(r&;20L)o5NpUDb+>(;$GlN*2?z!ID$?;7zbDNL?vse)gp>8EdtATxl4+w zrl=DD!s-V8jY{ffo*dHU9Jj@_03Uucrkun56`JCluAbgg=V8Qk5eFrYx~jd(eD0!> zRRrRs`?^NX^Nyeg=|87m;u|dWDl9^b;m;^pv7G1K&u^#X95Nq@pL%Y|D@B?1UQpS| zy1~cI>e=}E&p*Qbht#ZZB<+^Es zZ07z!bB`}=!?3peN-2-3M|j}{Wk54`)_{brGlhH8RGL}>J@b=RF7qBDYJ9)*$DFpV!L#0?+vud zy9gJKxp~U*nJ9Cc-J>OVuBf=hV30pn`p>J%%}eqrVI@zLIJFTO#iY~V+1U2y=IDst z0UO8T&%PoKL*43a=Y&CMXpQlh5JhFI&}MD{kIgzA|Cy*K>ZcN(1A@X7?)D^fsth)l z^^S4rPM<%?RC7_P)*jj+Y809}yL;nldV;YJWVnp$YZ!tKlX~%8R1$tm3*)+teX7r| z@4iRIOqFuU`|y7-_m*K*M(f@$sECr%ErJNrC?#E!knS#N>FyFlTDn1`ySqW8OGou5>6;F+5Nir*9(D#aC(C$7#}w z@<;nvRv+;C`<$`>Vd188gYCPi9lfM$<50nOW|Gz;x?Z7;hf1kN1>1*140oR0lid7; zN=Q3su>q5=I`rx-cyCaakA6p+m6GyUJxy}0zssnlReKd9eg5+i`w0VZfzN23SQiQ2 zLag|(InC7Ce%`4sW@%C9#gmaMI6#YQrnbn*6CnJMcCI|ftR($*3Z#VZ7RVnH-d~=s zVfsfw<34y|A`1xcsO)HwlLkIy*qVZIFlkce`fz!mL-0#LXJdw4Ew|N5pg&sOZEawH`PX`VNX9BDH>NdB zzfPmAkwgi*+jdU+E|nzL+}BM)jS7g~j{>~Ap5-9nes9NK2h{Dfy;aShg4v$?`H+3! z+xK)|3D=^9p&@U~iQkQ>Tvqv8@4hrZ5u&mmud3mQ(SMchNS_5^X{<1nsdwpmI{N)g zoP29eT-(y|wl?R-VkZ1_Xdj={STJ%{DzKqxvzJ0TNw{Bf7jki6QHAqw0)F^-7 zHdY#zU3m_$Ze$HZjr<>Alyi^5(z(lR~N@9$BjD#Eyf_-2_DYdiXQ>K_+k66 zoG^coe^UZi<|B-3)L0pzs^wO|+`CgrgD-CLT6h2*?;Q%ABNX$w?QkxEOV+t{{xM+l`Jw zynxPV@l@BW4Tl}iPLR0SWQ z&0dusv~5l?b3Bf>HnneoF9pt)A|3cfW@K}TnpjRPbLq0%c8ACA<0!!6A%MEdYoQ@- z9QrihYwAZF^A9fJo`!yIyjb`8?c)TJ3^2ME2!N(Gi6?UI*02BC)fBWNFgI!I+KD>9KF&#j z;c;vq97JPWKs5;aC6}(dqy2YiAR%t*fX536g+Y3@@n_!1=ADv}eIwx$(~S7D_r=%O zAy%zg5#{4UH8;26Zw$m;t>v$lQ`ei$bT9mKHN|u2L%xeE zR~&&--b&wDO2_-DIEHmqPUVoSSmEMzMu#C2rw=RnsbQbgr=(mcip@1u$?vVPq6(5k zC)(p#k$zE=? zr6o{#^xF`=c@t6@u#G~zFr$rTE&LMCWaYw9!~|13?*-=xr|ZOOL3TTd1U1fU-|Z{k z6C+JNhbpulCdF$hPirb&d?a-9gRl3;NAPmX*M(Vfnr1jSaB$x@b@_;3b3x!}6hipN z1n>XqD;lwkje(OU4Ycmm=Wlq1a z9|x;3>x&Y(D0(-I#E<5BnA}}D)eCs$zt`3-7rnRTDpw7GP{f(lqAfM_uLVD+d4elZ zv9z?IfxqskSEE6KRv<=!6P%@Ke5fX@iMa5%Sg#f>g!9YxljiL}D%_7%8J-s(xF!VL z@s=k#g$npX(Mt@4KX0!`>%fh;(RIFQ>|0Y) ze+2(~qrYZD^3&;q{S}qAbJ}(^^{0-GDNV#fLwcUdGV>k!KAV}ThVvY1g$FHnSMQ5` zFUn<$A6h@OdsZxgEr&fp;2!JdD1t4AXK8oAG-T|3dpM$%ayNqR9B8SkQT*`Y?K!+8 zHs|EH%k$mND7k!el^??G}>!l zE-KZ_;Wu-)`Y-e05cgY?v`ru&GQ$$e_q?`wx~cR!Cgi$hL+jU*V!eNqW;nQgCPaA4 zucf7>VEJy5a-YMq1+p?#Vp3Al=g$YhmmIKO9-QeQ;Ud6Dj1)`@0E&WufCbJc2MRzi zC`pMGT!ut9>#knJ1_Up3bRpX>7VPk24eJK~dHrTImA`9r;k=!4U;O>||M9VP07%x; zCbsEuktYPa{gb70v`ZKn7}j97`S>wUy9AK(G!fyS19dcjR903-Z@*}j0gJ5x5p>hu zmgJFhw_e%C=~Yk=Qn9c1kN^UBBLG|b;^zmJ70bYW*gG(Qij2GsbnoE$shwe@q`0_1 zX2x6W3x^IA(u{O;=725(B7 zwOv4mUY#ZbW?(Ja1MZ(pA({+vJqEBVM~Y|J)@i=RhCQ#?YwX@t+dRcyU}CBSNy@lB zf-j5UZNtSVBKubL%HsbAJK6zN!k?p+OYwjIxUdGa0rirU8dat^us12Ms4#r1rm0B` zGXN$Qmf_neu;?H5jDY9JkRTZwAKwkj@7mgT;7dx%0Qiyy#0fnH<$xMw_m8)?wtGj6 zRxrM0&shh1x$?qs)2cr?<5@nlt6VU?YHI__j8$8;BIO1sto%?V4H#9aA9k4j!UnlI zZtC!k7}z4!7YVdHe-3B=|M6qj!U%OOb%=<*gF}@_Mg*{+F?_QPXA02G38pbIF@FiYOOWjef~ZI+}t7!=o9@p4$yGGGR*(!V=ad^Alm@w7l16mvTy?^b%7uc z=xksa2gIrJnwql!W(2d0J)p9Hlz_1Z3K$kZ8 z^j-Npn4}7Pf8N{O%|sXqWNd_?Ux3NkV`5@}D#)~olb81!EDHb)p+>z3#&r<~J{rCm zutWf25?l!KyiTLSz|u+16Be72m_EB{u*-N8xI$F zRC;=tWrVv4D3zG$Rlmit;ZtiPX4v}!!QoMSVRagl8SE~@$)!5-$LwNa-rW>o$-;XR@w&43IBb|1=`r+yE1;Au_^_B1`;m& z-N`hwoQ7IyMZ|vb$6Rr!hn^yTQhI_ zUx~Nh>c%T(*A`3V7k;HF@D1QqtEXYE`MzoN>Pg~~^xt@D0k@Blg-+{qS;21Yw#-mN zVYY>FP~fjIy|;1ju-+`*m7P0Q`_?`d=qNk zR)B*Dw1@zNfy`Q@H5x|t3HO6lnU`%w$>j|He+fiXdiVc9GfvNjff|DJ%` z*;-KW2M|lb5@3^%6pe0z)QKl1@OzT5s{w=zxEhSp?GVc~T;+w=-V`WQZ@=@)o*9k7 z|6kS0lBlNHS{51fb2xx-ce2^z8YrNE=XUO%pZ5Z<1*^iqqrimFK+i}-L^wrvm&qj0vc&t`1~M zFdI|?nIX`BLqtTbE-yjeTu^dxT?5$Nz~JECSRNM0VSipAR0BFyAU>C)jQW!V@GgMj zjGB=#EI4?X6ZrzSU%)#_ABe&LK~qLbY8B=`U0g1K%n@kpU_KxR$h`+r`S@sQgJIPk z_$`o9r`ntV)o0g6_E^*k+0n7FrYwZ8J6BoEoB={f zC;4w{jxUC4#ms*zM0CKN^*`4Fc$c&*fiCW!<3B_uDF>nKa|@gg586Pn0Bdvd6luz4 zNoMVVwi^hz)`wENRb1uOBf&y4nTFS)677O$DK&i=NyCNnj z83G|+1l4HZ@^~G{7){<81MUGmC=Tph00#slU_ej|3nR#U+rp!xSvMgUP8gd#T}O(F30zHP0rk_i|Z0I)%?R{j|l4S^YrzsLUn z{1Kvw2=@($&W`~BwQLND1;J174Pb8pPYJv2>F$h5kuo9z0xUv#4cN#)qwNHBz=P#A zPs>Y!GfcJ%N<|Pw2M(&CL>=%*)GzSyo(1iUc5A0XDk}R;Ykp8jbj!Y{>-7 zA#4C$IWag17{9;=9B};0=l>sZ`Co&3JN=1LfWkZ-XhnhMA9npnF$&6p=2O@MKX~u}sH7*;g^^*e^g%UtmGd9d zjBs!lod5DIaC2$@6`TF{kL;pAuPiP7b;=yp>W8;4b_1yO(9k;gq5%33;LNxwtfm7V z{6J3+H4P2S<_dtd3(mAJ!ul=YQ|4g11338FPn z=>IQln){-4fGn=BO1%hHmB54XzxZWZWm=U8D+%IR@&)5T5OSCc2!xOqDHkZx05@`z zsaybl!0&zQQhP~(8K_(k)3*w4p4$E=c=(%N2M)Pv{|rt3W1s6^c?)}vHx65hpZEd0 z9dw}J&^PTlKk+}q!fJ;V91zkXKk|u=#)h5A%FKN7$Orrjl%fl2N=lIz&o=BiVP}d| z%LHFMlT6`^`A22-P6FP_y$X>9HsHTxiEgM03T{MEy_Qr@v3NK;pZt zv5?IK&=pBid5Yo`m>{&7uhlFDUA#~H-^Wd1p^&1Q+NSlpG1DqBiY4HRLfaQ}3k$IW zAutmHSA~Ov!w@G?Fpl)-9rY7-z%OM^8o&&M{E3R(k^k)hkYfLJ*MIx(fBR@{*Pp;l z#mRXE@cOX4k_94Od;1e__=kVo763bKY-|9)ViK$&ff4k;$(5ccSdOviwt9n;0O1ca z(=8BhgV5M+t^ZH)E963D2ehkSo4^qV!hVb9FO)NClk&h>qGV#*z8-X0V82pQQ2}56 z2CJa81R3Pt4)Y&mQ9YTXn<$ST{;oY% zwjV5nG&C|wl+1} zsC5d$e>3jCjWqnvZd(?#(#s$o0qEPw%8yw8aBChQ9s-<+KgI>N0+e3hcwnA;1CYr8 zqZMFkS3ow5f;5+4~4QOLE)6P$r{XkcwW$Nx44 z&|XeALEw!pub==JhybgCiGk4uYfJO<^FhEugB=9mXrR05Yy!9qkA2gC5BVE!g1!>~ zOrRnm0Zut7EXIN1fs~Y3-7l>D1pizDWE_x;gNy?_k^gsw1`!f)pMa%<4zmZ!V#&6K~Z4^4S2zwsi@@S8-UJ*b+5pv zh_&4gXvF|+E+HWS<_g~?NCKkU#p#3&?823RI|n)s8>g~B*88W01qmKs$~GB_P53RTQUEA&{ZGSXteKk+J9#76gqoQzGg>);GR^;ff4a8 zE}}fR(Ii{AZZ+dG^c6 zd$2ZlAjik5TYX{G2(N6Ke)gFe@2c1CD%-0T{RM znM$w<;o#ma*ZC~e;j}U95HIe^@{C&goK*pKgThE5;LR9u8 zTy4*Pasz+!8ty-YcmE&%Y#}klVO1S^KgmrS!)4i~e|IX{Gls{^cezE5quRyo(&=2B z-$NRi^+x8~`xz}yEuvQ~@pY%?k(A>0tREZtK#DJu8aJg<**~>s+Qh70YK-!|@x2{C zuefLB8nvA}x{M6oztORb;v*kkL+u#V=JnD_B7RRzbi9&4*}L3U88>7#C+ogVTJv7_ zqMj2)hh3m)u`k9f>%n$am@e;yyfZ%fyk_+Ac)5>8a?bDZ$L*tDDj_aM{Y4jJ2U>J; zhSFctGBcyQdmZri-@ZLr?%d7N7~cnEJHY?hIN3xDocuV7wm0oS%e!YqyY}Np=>jB*&)zA==wp24+PkB|cS|OS-QwHm zzB#W*+GCzc(3f&w_7Q8f4~~fn4@AO{=m=@pJf9EhnPlmLlXkon&{vMwt!E2*5_wTj zToSCjO(*K4HUHJ~rJ8W{DPri#N)PYo*m;E+7d|sh=%!n(m;6j@hfDAp@s-o&- zZ;+-=5Pyrxa*fgU{w}qJ^?CAOl_jUEhm3g9Gl*Y6$@!rvqhoy zxQ@%?#2=KdvM4&5d3^3qyGV>hNbyd%xZiQ`tjC{2ZAjgzx5E5GcX$nXBd1QPN(*xN z@PF@r=IHqINY*wuAsQMrMxvrtas^JI#4d$)>%I@#vY%p|VQJ03`vn30nP$C6WW0Q@ z>jCRNJ^M{t(D?LXynGNC-z`>mpS9;vNvCLTx^O{#V>v+&?hdHNgHXX#>R5b_#{dMnj8|nVMS$gym6cA9HhzXRB`P{ zVieKbr_`~a0Ta@ zqVC2+0y<@$?&xf_j8VK-T^|(D^5tolP^!Ea6NJj18DAU=E6n5SV^YqyAiGp^T3T9* zi9LQ>+pU`Uvn9?Hvy%;$0@iS`A0JV2q*a>C)n>r<9040u6MOY1Zlr--WX3bqUg!jv zx)o5nP2t?tNZD?leT;cgx_0Q_{t}-BQ3sD zq5Bfq9rm^yOtPc*XVtOLVxl4JO)wd zwWPSwdT&)ngG{0p#A69NEEK(%%lz!uPeyY19pYpZM&ywb$&Ph zSKQP~L5iU{BK%2ZH6mT;eb8^x{IPBXu!?SMe&zTTp6KZ>_1&E=q983g9uF(snYrnQ zGkvjEv`XR#Lt#%Xhu;fBTs~&UaP?{@OqDxg)qTEP@DesuD*m(^bDxMWzVw*YnQdtL z!s_#DuBxMgfh@4P>;wFg=;Q0ET`iT!gI_E@8V z{S1rpx3KS?{GFL56ZL16+Khq|A@Y1qohoOcp1KDbrRq$@B|7_LaUvXuNk?D_q^Oi3 zrKmY`&*;mCF-6$g`$f`u9&O^cv{8b5S2}VL!*vU*-9;^NwOvBw>Ec~o^El6&bOVth z`mGc%>!;)0r$}7IovGJ-NRf0Bh{e+|$rUQnmV!{OBBgvZka#TgUF`EJ{W?i~x%mL(YynDkAOv+DhNn zmWcf7=6DpH`UGc|3?VpeX=tBs6-j0|6B z%l%dX^Z7if{Z{m)KPeI(z3K7QHl8_~<6yE~`xk^+52uxwC9YVyI_m>nVb%DP(}@f} z!GWxKuKRO7=2|T{eY?0 zL_zuw6Q)T#x`1M*Xoi{UqV2VTR}g9PwrUFwG(?U4rUK1cCeSTlgMe{!Vsde@C(hTq zU?xQ(M>^j))nc`o6kQ4eF}T~v*ukQbBn$=nntV?a(x|^4--FgM;LVg}n9em8QY$3h z-q;N*amp;SM+el!qFs)wq!8k~1TbPis}fMAyV} zAs_$`QIwTES`PCY;`7Smmn`-}mf^cJK+Y<+G~Nv3v)A#68DgrmUd-dL(?faOceILN zw^rHmMI~b};^igSi9%J|a(`0pbk=Sdazx~!u=ut%sO@}mGFi{9t2>cla81pZGG*Fk zgr&KLvbfHEwqeR{zR!`ph)4EtaLDhWQOdEx(=Yalo=sVqLlwr*2~;f$T0hC}u}=fK zb*O)J`zfuSf!=1t37d%OF?_ZXl9DZ1+1T~GG4E|grl^^4OLZ?;l~t7(DXlcvDMw3E zMEYK*tjSzV)bRXwP@KwU7jLTCsGYmos6@H7}t@$+pRT_|qBvb)F7EaJKMr&FX~YQ3^1Bn8fY{d6*BQ12k8 z1Vz(faQ^<*o5z%qFWqO-|Y!_?JKw=vw-pb^m)5{$x zzvfZ^7b8aTA}{`_Y~W|TD^HcFNct@MDGfVaH??g7WBf0Bo9W6ukDAsEiZ2h56n?3A zsO=M}lTlU{rEk&e;ro1|DwoE;CDeY8nC2y=8{a?HIKbdOb z>vKDf>YT7+yCWjI($}&%Stej>Fw^5JlI7n`<+z5Pvkv_b!Wy!9s zk?%h%>Y}<|tVAG>3vuO5v&8XKQ1H3T#r*DWJ#cWt>_&i4*sDAxHgDN9zB^V}3~x|u z=Pa1Juc|%QCy3L5ET@sKk+LIDW*Ki;oS!Npe(dmFPq{xzN<4j{egFDAO}H+iExn;3 zml1nfFgp`3Cy8fX!vig98LSuGBwa1$Q_YJ;3fSrt();*p)R^z0$l2N0!JPU1eB9ep zLkFw*agm9>{R7jd+ZVy}w^=6bbBP6*o|4pFW>Skks)YCMi~0)_k1allQ|6MO5IG5w zlZ#)4NvoJQM#7|~z zK7}sF4BV$@zACl$4?mG1V(*IEbZ9h*$|)!iB2>HU~{|a%62ui@eC0J5?)OL%yR$S>1E{~t^61md5YlA z8;s*lA~5?xU8G`d)1`lXI#c0nV_BlTCE#0GpuDM3Gbe06HAvB7Qib%%`*NoucrWf8 za~$dDBS7P-Iz%+a=7=ut-a27tYj4#ri6&bOUjlMDWCX_;@>Hv)RSt|oGC zf69XKjr~+GeaPnNF6NJxABZJGNkwWue<{Oj|%x-JT8>|nO_rY&;^T_&-RLPp+DOT$uv@G3JM+Nf zhTF_$M$M}G7Vu{XoJt9A`;%X&(l~b0CWw6?rkq2KqEi(T&j-e4Hiu(=u zLI&!WxGqGAjFqp%eV;0nrsgX{Hwwwq{W}poj*7m~B!>>}Vy~;aby2Gf1X`!g2Ut)N zT=crol*+{$98Qzx^i|zfuw`On$_2Cfd1=>6YPHH%g?c!LdoAVilheGZU-K&AE6;V9 z_~Z%6q%AMvl09^7pXh4p=`P+1j1mkqx#8zqo2w-85AhX!^t)xM)a_x$y$Uu7jmuIQ z6Zw^6)}6uE@#eG)uDQ%b_(-{rI)&89hpHDfE!a9mn`@03%|B%~Z+0ih$;+pvDtES4 zXL>z7%GT&Bw&=iG_}XLW#^gu|GJgwKP z!W@0ue7mv?H*U4N#>ag&+j9-sf?B)@OIf~ z=5JdVyC=z=Y^mqLkRsd}3K5@iDlFeGeLRYb|K-d`ar3vMbt=ywL-}oG!%dYMD%BC| z4G|g9b+@RCU8i5;y*LF1R00B#@k}^BsC|KnR6I@5GBPzhL%iOuqKN09XRMT1JPmDN zyD7=-?JQQG>}|SyDRiT}Pe+9)k^VR*@Qph(ws3HruP-Vf-lmBaQu)E-a2Q!B_TC}W z2$S5^y0pc8_HdpJJB(z0!4)3;_CWFLY1s$()J8Qs4#~WpIuk9M0j5)xO*1SZC|_9W zv$y6_X&s%e%{5o(G?>T%-LjjL&5afr1W3l{N;{l}y!VFgl1{7`(0PrFMEiW1Mj!64 zJ#q7k~!Eq7!FQiv`Gxl#g6E)K-VU3bbto?@j3e3s9%ZhtJ~ zdB^1BZT#)yAqZ1S8Zm`4>u-kDV!?ghiDp)4 zb-O~5qxxzrXXBY|4Y1o~9jZXLZlO#+BM?ld8KG1d&NnYLduX^$f{hQOygOq|N3%srOe_Xj?t*Rp#6eCpKlD%{jxI2jZTDolsw0ZZ|0_PmJ6--? zth|O`KEf(>*j!rnbtQzwAizs;ta&sC8BC|HrG4BQJJ~R~v}!qZ7~Ye& zJ)9sV+SJTO$zYRH%Za0n1%kB~7oYjUlo{r9RU6w5PGd)aT*4qA^J?U2)~P>@=(&7U zk3bAszWvE=AuiL&`eNeH_3sbz=XdNFRi+GN>E-eb6Ge@fm%*$^ZOl44{TxQ*h!XOP z%=c&|31Vt8)?BOk=;{$7CgWZ!+_fmvwYY z-S2%st{J++z&%?OcC=OPRJUZ`*S-HVqSA=v3x>yuPI-+wrlRc|66u z#y$23j-9=bszK@+3!l1_3A-$?v&i1_@8 z&BT)clbuQ3h7|hOOs*zx329LtyV=@mEv_y4ClQ2xjkK02{r%6i0Fj9b<;$IZn)P*bH>nFYI^jXett*nv2be;E3fc)Gpaj1Mk6EyP&I-@3A@R$@qN zl}Q-7aoEKi6f6;-O5TPg^Alhu_#r1785aF(pSwuW=c|j%e|^sYb-g=WOIUc~WS6_F z4C!3%4TiAD<3LFNHy)gCNuKvj6x4ZYyQ@slde)cep+siS8R#UJ7)Ui6ye7$j6KTd4 zA%6DaIal@B@ahA21zBr5<*Abc!MfW+|4)Wfd(elBr`lbUWq^X<)`rzDaPU-zdsuG) z8Ydm3p2A4q|1>pG?#K*LJ`hQKx5P{5!nK|HS6y5-#$&VXIRW_gXAz^q2Kqc!t10Ty zmxebh=yvJZsb>mLI!_NZSXd>AoTiX+ao01fHkxPDa0%$1$|75!;YD0`MG1vDwxhq?L)m%FG-udP?Il8~#EfVgS_t`}4$$ z9Hn^su9_;9#0WAd@%h-4kNovcjz;ptjB0GW+gH}PwUJ<=^rG`bWc>5`wQtp!n$;EV zuZDP@TRQ!U(plxZ5ReAtFh}GuB_Foy<(s+1=<=t?b~KV-H;gdrAkLga(=A0l0YS9H z5Nu6GjSQT@he{4o5?@}XMH!Whbn){_8i>Iz~s@{{gZe;;= z>R60J7}wJWI1>uj6B=)Z+#L>!Sp6c%BB`I=SxKY6yze`6U~-3|`HZErljbMLmbw~u z)CE^ZR*`IsjPjM#?7nAb_Ep%nTKcxA)1@C)zD3ur)5i(M#~tDoGoEer?d)W^bS2?c zC!Tpq|7bjBz(d_GbhXekDIvR?nBmiSr2T=aA@@gG1oC#6bJffEi8pn3B-$JRv2uOI zb0P4Rb|O*7H17T9>31FBU-S9Ui1sa>S6=2G4o&EH)1IC>Xz_lWZ=M1>S>w`^llKkr ztq;Z97~S7BZEgxRe)9|t2p_*ACZr)F_ie+)bsVS6kmHBYtB6d*rHXMa(Kz%LOao*BuvQ*p>U^Kk^=yh62i_*BCN37l74wO2i+FbC!qX>~onceMVpi1&xA^#7tyc^QzS{P@kmrY-SbAQ0oz4W6WK?^@0j4cNkjuPE!ZwE_}|r92?!E z3=Ge!o*;Ue|L%hGwcqEwN|txeSk#im6I$)C_7SQSq_;}6%CqdxM(HWYMdSbKu#VA^j`%jMYqHZ%=24llu=9&#Sb>)d!;JM4FO_gShYGav~19&aN>i|MYD~7 z))S0RvBcS~9O9SlXb+0XMdtE(!9 zBoelD0Fawzqy8#K%-K&)j$F_D>~TsykP})Qao4lew$oA)6KQ&JefV4nhK5r`L#BkQ z<)C8_dl{91eSg}9E}DMjYLybMCDlEnaGCgLL?rb4!^^U2YIQAM{24|CRc%D-YHH_r zre*H}#nPTRn_vd}K@3PzS##_*vw;@qJ3FV% zQecYE8JSnRFJpT|Gu!;GSEB+(dQ-$-PmD(F~i-+vhN*-*n z0~MGU2!U9l2$omm($rYRQ)cG&1<_I27|^l3TPyNu`$|hf3r*zByyW^GPb%hq`#uM= ztar9)iNtYVjPTs(3hLcL`t3$jUKISI#CQW4%c%OXr%P*F=y03ayIEE2tgpc;YhdTp z9Wa;a(FOK9oo`(E@>1qwdK0oCSiv~H^@W4I?+_~k>O=}6vucK`Kl9gohy(PaCR5g zz9g9$qT6@pKc8Y@badu(vj{_S3BH`|mzZ%n{}O`?53}25YN@I^O#z&=((X(_K&}eo z?r@@YT>Ev6c2lJzml;@XbE=Kli^vYv)bK7!Hjjr}vSlV6k4SnI(l)R2 zsmY~93fxvfPI@1v@$Jw_OeqS|MWo#BYzOBLclFG$Row-Cxn|;E!jX{2h?QEy$genyd0{wrKw&~sXC^qc3w{~TuhcyX_ES& z4InxNvp#E$DW~hhy>Vc>@^s!?);DR9fyfn5k9OO(5e5#Awl0@%`v;xX`S-u=-PZcY z*c}u%Uy#4$sv%}}2r+fHC&8j2OLy=Ofk3j(@=A<_{ltzWh#?dq;f_I(O_hQ&!ffRg zM0YCoZ)aRzG7dQ8-?IzCFJ(TuS7{mLvZaHpbeHvCOW*(E=R=BcHeGtDgWs%Z`ysDK z;4zn4a*3y7*=Pv!ATcdQM6i}y>+2|{wgDoUx}OIQT!fBR3m!bI=k(o_6;T0ev!v!s zoZ33c+jn<<84bOw8KWbP?7TtEreT4(z>m|dN?3%M{}>24Jcww?1hr;vLU5!LOu1ZlfH zPX$|?FR!o5K(re2W9eyMlw*{6-NtyVi1{w3l5q7ZC_r_#KDZrrAUC<01w=nj%IxX+ zz}Ot`@-fYMRDv-j^=+2g?KXz#M;1YHPS3`pqtWWU;9R3Y`x0d_jcNm9BW0=7=OPf$ znN`y?ce~zI*z+w`$T_jSj156)TAx^aT%Aw4-;L2EU#FE*P%6Wh)=KK=r0M+1vv+rfnBIG~>qM^^ z?^*Hf2MJJ7U3~5WL%=u8+l)6gQoX+ce)V;=dka; zJx*phjF zgU*2O4fD0FDDSR7XelK6$kK~zZBdwmvE;QihTm17Q!~*v@9G9#Nv%58y#el|PtI6K zJegju~BpM-D1C~vS(-%t`tq-Wzx zN$Twc@v!aqOqw8#%*f+TcK*I@oJ5E%M<#UJJ8wrm8>BbhOW|M!>&pn#@85AfFOvMY zF)wYsXSc7u&dgI6v0p1WAAh>|m6$EK*;r123%+S)1iMDS$yUbc9oBGR*Acefh8CqS z{*>Cqr9qC88->idC!tIzr)@5@q@Xd|J$4YyL$}K~n)Wp6YI^sEk8wFcIdYC$8{w2S zuLgRgb@_9~2{+94!Zkv4&-mkP>9r=VTpC$ZvZ_k+iJ#VP=T~{15^6*h=cipzohysA zdYMLx8)uc@SCXo!b&jc@+h0u5O`lglXC^-87e?nc^>O=)aO0jeNo9Oc3mDB3)0xP7 zde(MMYJS9Z?@~cMZ!~bn>pw(^ZED*Ici1~+`FsDjYO)$)I}eq6O5LgR)0D6GQuZ!f z{NLYj#;|BNa58~LE%s${oJyjHArN5VOqIVw}G`ZI*U((Ly|q55g<){$W!_wQmU zK8LMp&0?$ZAg6WdxW`eRcXi7rn>O}W99&!?E_Ie$igBr)TdF1I*jQf;;-R zC%97I$rToj4l<}N%+**C3lIl?MazvbSQS@w% z)8XU3~S{sZz(s~r*<3%fT7)SDddi-eNXMPGY?fapJ6A9LCLwcr% zZ!$%>y~yZf^L^#f5tWOomWD3!)l)lFxp(lZ9G@0_5)YH-Ax@yA`hfbBQ1U*Czxgq7 z`nMM@Lt*L;kGutC#2r2d$c6Eh#$>Jwl z(^YFmfHnHcl>7I%%AVuO?Zu5>X~>)K%$K9;EVvS{#6{C(k-6$ON29z&tfmt>ROiPj zh~uk*+eTwd?N}%%2m|O}w~Cmm&|>nkRv|4Sd+&Z>^Dq2{apOaghsg6Ceq-&^V_GtJ zR{j#4=;n{3QMAg=gDEpezu;T}3a^ktDII|YE@y60XF${pF4i#4{NeWps;3D3>O3A3Cyu*03 z@d?RWW0l_WRUYQDsPS(VWwZB&O$YI#-48CuHfZ;)gz=YuBoIDeS+a=FfUiVNIUcKo z=k-FX@fc5Yf2NIv|7gp3k@vdb$=C+Un}99U_CihhZQ^5+eFT&z+Rg+89TESo- za`t-b>Rf}eVkqF?Dr_3qFdecr%mfP5+2#Cm>>yt0pjH_l3O8*&Q?4m4yhm0Z+!@*S z6rg<%SLk`7F3+m%#9GeJ%c{H;SBG-?>(>mE|9H5P-%?=O(hIP!(Z3%oD678wU>WQ` zjzg4pwwWGDY^O3o>hIIP!#%@TG;EdUo7R5fI=+ zMcqWZsHCsZ1)D?hclLU0{vCwP+`1kaj~oKhoNt`!s#YVF zhSbJiaUSx2G8&s*8KHPZ$L@7su9oRM*B@_lJd%ZX_~{Pnt4KzsLPOL0EsGx;8~fe` zJa$sMibi?Ha*WX9Ab82J{_p;?1=n#2-%Sp9@4sz03!4X(w~b*r~S0;tezKzemTzkho<#|ao!(>DS zcjcGu#nkIpC*f{9e9jl;nXZN($H$fPe#>0b?HVEjUn%pvPVF1zFx;~v6K!c3QqP+e z3pKsi`Z)@8#8@%@hu@Vq!)ECiUr(eP9iO8l2?wo*=1{4e2=azs`bwt`!hP#TD&e!w z&0Xk0Jr5(r%O78ramDG__Psm!kZ+Ub?3&xTi7JqguUSURXQ+#8GfD~bIIeEc!n&xbX4=Hhy z*$ov_C|~Q?%=5w^uFuJ!B_*yr;pc^R`ks}Nqp4y2z9(btt?KIP&#M-ub;6;M@UE|T zw{|KFDg^3orF!|Gw$@FsO?OH%CZ!HW_<-S#p_5XL=Q)P17-& z{u1vtvc|O$>yZ(mNZPz(`9>Uq)PA-~A(yObpHH}Zg?U$ABoZn|ahz6(^bgjC<94bB z{9q&`mifJ?*@4{B)nUPgnbYSKU?0VG8Emst{ILO}U8~EmBbK7sDG4eL6^l@5qk@)M zDwp_zGkZOHWSfP{gWkv(4QXtD8Hc<%UM*1(%Kg%vfH~hQa zls9bRus5Gcb<3A9tYkn!?dhgR#|3^ZQVTBq#NSw*^0cl+78mtbTK;VG;ecOO8T-4#f6B_2P0*vYRloi zLmG@!JTIKrQ4uL3ZEq99c+y@nCew4+XfVWVyKAbFqExM4AHlVT@>m7jBJ!X_!&*_%Baf5m)V>^|Z0@xosUovr@WU&LUrf6}YSC68+gyLGntYWi1{+5O`&O{OvIz8~~A z1u)+q#?nuzsclh8P3|{uukC8>#>T{{G`iR+%SEugXkEKKZwig|=|wz@rE|$04ws1I zC1m2)RLnd)SUA~If-bsTlrHoqM7kVrNs_?B4JP-zv;H2?L2fkU2==+Fzb#^)*#6xi zDk|Z^?P^d*&``UZQ_OY5Y zfaFvtAyr?v$%J+{yE6DYirdS)B|u5c0Ws-orxtRJ~L1ere(L1XmJoVHW@%cb~sv|o6XT~ zOUa*$@p}5<_3Cug6C~l|^A<$%1Ujj!>lO(kPDnUfC=Vmy7+>n?>Ea>8V=#n1SWyLX zjRBE-$=xX&GVTLG*l$P2gf4*w3o0OPw@$gVH7)%V>T0=uwd0-P8|_TJ<&Z9T7OO}} z8kYvGZ0>ts0)28why+6-yKR>1WL80ZqUrtFSd*Pl!CVX!l%LrQ50s*&Wih+eN&=62 zosehi)<1rv1}h8nD)N{uB5wQI+V3(l;o`AcDIArY8riNtb!IdqxhKJpdTBkZ5b zbmubHP-1OI5T7`Eru?+pa4`J}1=E=!IZae38J;Li#Bk%yD4zTM?`>WF%%uBU&-#5* z0+pvjlWAW?YgHx7va8*StL@r)3{iEly&Y+UYhlO1KrO}l7Ow&ip~CqfD|yN%81ry9 zw2W`_rb8QoTj)XDJcDIo5z)#N5H3cm@8|mZ&F!+9Z!QB!RFz|Dz?}tXA^47}aEJfn ze-|KL9xDhS>syCw!{x2PntW>9w&B-a_39Fe0+D*;VavK>q~@Hg z%S37B;K<5|{fk`!SGO-}R?Reh_yodmDL>iPeysRC9QE{d(GF~=q^kMBqV=@?nf!J6 z!=lb=0NH2nAKJg$_ugx5So}K%ZE;wE)htjXkMW6<@k$_?`S6Le_&HoSz8?eEu#}_o z`86-BPzq-~H1vmEUe)7?AwG)N%Ei47^>uoT???JfY0oO&#z{-J1yzL5hIG0>g9zrN z?~tUzhRhq%JG(y3Q@An6k8775nP>7j*YUz*)*#`$M{tc$%aWF?!lG=rYGEnpUi$gslG8}No{fEpZqli@^?C#=w;2txr*F~GLbx1wQmYm^8 zA^&N0?pHZQ5QBKJL~}wJFsOW>sDnH2tG%Kv0e+ncl^0&T{B}jGtXY_c)B6|SK5BL? z4O`XJ9G3K%*}peU=IPEnzu27&jJX*r3b7ofIn-(AlYjeozBTTw^19IrmZb30j^*^R z*r@+RqV4S+Okj`(@}+=~&6FW>kmqIJ>)Y%0%ZsbN{y31w&G{n@K}y&Ba*I1xblqmk zZ>2cacCB^CZrhsRAE4{ro+*?Bt+rA>U-XD>_d{Za9AOYb-yaKw=_1*6bnXRBCXAb! zv{Xum5V6t@9UmUFUY~7Z`+xZG&Gc*|iRbwEOzHaIJUnW{&Kje$+%AfIEszr%nOF!X z_97`-o3!o^&qF{z(iPxxvA(kD*u6iuQB^6pz3;F)R*Af9%GU}LMhWO9#h4WS`pezD zFZ@$Tyvx@@8R>_E+#uiK2amau0oBR`sNk>>2istk;u|a~uH#!4&ek~CUbK__a``Xdka5toV9CMF|An*$8qnE$D`nr@_9B5PMk02 zh}emXmo%<@JY7v*XnVdLmc)*X+<$v4B&Qo~Hj-SM%yv;N2U|!1Eb~R}#Pst`^Oujz z2q+j(Qbh)H(><0yKuD8=;eHh2XORY=D4>f46DDK?~V`i@T0|VG< zU+#~Jr!bSjg9PqQ+}yVN%PO=3yq*@%*3!@ST@WXG%&jzPDNkc%i6>I;qb3Srnmjlr zAg@S*7(IbY$gts&L^i}+!t`4Ys&d-<9Dnk-?ehaaV=jI(sqKdC+uQELYri;TRYTDe z4p!WFc;MtWBzbJluOImUVv5?SJobe83q`eU=%d4MI;(nfp|X_kDsqHQpX!7QjSm_7 z#l+X{AxRASb_2~of22cycmDrafcMsAxFx6$UXsEnV23CBrL4_6hr*Vzl?3jFLMvNS zX;Ep^$ML|E{4X-mn;D=$DA3+p6fbozloprZhC~d@s~%z1A&7-Mr6WgDm7XQJU(^}c z9;vo-Y4=qeQc7R?aoXpOiuAHc=crumzI7kkgnThvY|y(g9s0*Zy0o^$cHQx^@WNOA z*q`&=x$Ih#^`kzGUDCBzLnGGl;Cw>=Im&(A zmH$^ZyiD1B!=B^S?&-=bG;9GVADN__U#*EcX9>s_BK(IflWLxVwdf7J5xAj(Xy_S1 z@o%eMj~RX6wVNdCS{TI8%PwGDZ}Z1H4c9hEk{*B==ij@HxcjkeUY! zW}pN_Wggib4owHXlXyVmvm-eY6nLj5GmD`><0}76NW0U%OFVC)%h*TLlL*drS@iec z&-;=s(_T?#gN9fBogs_#a(gKTj_k8QDWtfjcgn&@0=3yAy|OyEeP;cvF)V*F`sgI| z{Z-l4u3UD~S3;Wmi}%~z>Zye%z7&D)*W|NR#`190SNjG-<)rJAiu6Sta4_ zE9?S;S(u{M32+?wp39jOgy<4C@IB4+V_k(Xw(FXERlr-Jme3c-j0ZcnF`39* z-LJbS(2TS{QeIzf6Zbcd3HtZ``NM4P#F?rM+0L2Dnv2QKM$^}C2X%MzSXs*W+$#6i z7?mIM3^M8edg@cJ0Wuz!BH*4!CZ&`L*6mnx>4NqFZTGu9Kcq#34imDE zmR@nLK3+o>Dko6T@1bFN-M<0LakCRGBh%!MO}Y-xX2%7FclYa&{TZLvdRpIV1Fx&A z96UyuX2;@?c&&-FB~QRr!frb)2<pdWL;qNI73K3Xn~bd64)nANyKFcSX&#IF|jdadk(k?keugLU1VU8nEN)mh54c zuTc}A@A_X*M#U6Dbvl(+GcbJDWwrhFyPUu1cEEZFbaSYEC?c+B88w#NV$b$FF;Kj% z)Fj?ZTaB}i3zWDOF9knU=09W=az1ih>UaYO80kmIwpce9Hh|g0)sreWt3DVM(MXCB zQ->LWsl7_ld8lBQ5@=C5(WT+fry!Q$1~4GLin7%hbDWLiVd#q=nMk+qF>XnPmk#Cf z1P*7zHhc;UpRBGJG(VnH9k*gD(1W6yQp)flZD0ZKAFJ(0-DHi1WMCw~Z>qpwY9ZG@ z>eq&F{<~i$?TRTMXydpanv{OZPk6TcN?zMijuU>hWy(fTm=z=`%DpCDIoQI80IK(% zpg7El{+@RKEd%T6XZkNu_R8X1=g$mV)gk&YeIUJoq-jxXw@K_SK5mix`Ix!MY8C?Lc%jaAPpAFL|)ibO(9kq_Rei09aunaNoW3b%v)Ba-{M zA(MgmOfl9@G(jip(Y6=Mk`=O=UOpdFI&V}$Tne&HwKI`+f%E@COh)!63+-oYnmr_# zq1(W?f@9_>tR&Qw*5!^P2-zkrmcZoSKp>}wlDU%YA;Z@|`5{FfAqHMKN1HB=6m(Gd zsqzFDW?-;cPwv=yMy#7C8WAG9*W0snxTJi-m<<=O5|O7|i4Nz$2KdvHjnSz=lFk~G znM3?qmd%|E-9wLxMd}sy%EiQ{NLh`WKD~#8(tH)KaWL@^KsJTa2IgusSpW!)h{llV zgN==%X9(*|t;Z=8-K*o}*phZ-!W zgz8LUmQnV{v5>!t8qZ!-<-{h2bqRB)hW}z8L%MnmXz63F?mobgNf!)Y|LRB8#KlQ{|LuU(AeiV3NhK*k{c;!5)esMOGyt4mdWcw1Wfkek6#2y}V0b#>1ED*KlE_cQH>t4<8(D&&(r0!JibY zq8V+rct3(F4!l%yo0%zn-f>#^epzRfV_w&~wUnc2otSzT^(f^4`?1psG}G?XDqTp5RtNfk;j8r?{Xn@0<8X zSi72WL__O}<@p3Cwtnj3<@B+o0mUH&37g)Pp< z#@8M1`CiZTz*Ik(?t|ap@uq{pz_6{I4_I0i#H;OnC#e-wB;F1K{qi; zxKxH2wOWbcfBPXqn#Ez(ZCqM1?fY~vwG|#ttn6ZI%kzC&g5Ov}wLO*KDEY&6&|o|eE`?Y6U9lTZb8GN`u^0`o*s^m?+bzV>kRy4jl5Q# z!Ou+G2p{_k<6HEC4W=f`ve{e1$)J%Ae+EM`vz*p<81YN3&6*D&8tM9+CYSsh`3!df zk3Vk37|8h1&lI}P9<@oZpn#OJP-)c)7VVL&84$UZ)mo0wn3+H+&U%rW#Lkm@0UA+~ zzF!XQ}dBE4x!{goc&kT+k336Ad{Ib0#EmxP%{(Z+iZQ=9R%p~Ng9RA8-a-cXG z6j0Oq7P1E8^{wQA&?ig+|HIrWHP~2jQ?{O?@NXZ8|EZ{`6#6UkgG=Z?($Ju^5+I99 zp>NqAf`&(&RwXR_r3zp=_h%x6dSgD8JLGP+z`=vLxLI9Jhf~;wI2mNvO=MIhO=!kK zUCfHBfv($-6Fu2awWOIkGsJZ-lOIkcrtfd;ppGm7m_c+Bh7_i*PoOXnkeKZG=AoJH zvC7g?UqTE)>cj$4bL*3GsZxPzdQuXW>eS00?qx$BUpA^pXkCvNW1kyv6YLH+`aIuFR(XXW#6!6YR`k;Ts zKMH)TEShA~i!nVLA^Wf@Re{UME&`XOTpNg2nkZQh95aiUW*I-JVv@;fSP3qA<%wAc zoXjT-G^W0mn=MtSe!P!ZAXd@_-X^RRQ5HmlzwUX{;%hs#)uCnu=OeJ1Ga{X4}lk zP`v=GA(P+koy&{p1V$q7%yl_2Y6MQuiy6)>Def?+ceVa^o4#}T2?4`nT6rH0S1+AZVq>Y z(P+MX5L*L-QX7x=_SKOvn8~soFm9VWXMVo&f3c6atWaMB2$=*tZ%j8su==+9Ibm#F z@TN_LrKFmd%Eh)1rX*tK%GxSc+pTm^q$;0QIg8as%UDR_5+!MAN>EWP8>G+IoHZME zEZ5T748?f~+cg3XX2o5%10Rp`p_Y9f-D6{wjRm=AckH!~=WpXG7_=>&xD+ZY$FIgx zcdeE`fKvW9EzF<{dT3CPuOmVbrKFSw4UK%En2t=GGx>-I{@r7LH~{8}UOxL=VjpqxmA6m?7vB)Svkk^VgU2Ud)ge8#I$2Q*)I5&hc zkAr@U(?JC_T$*A!k}Ey!9<#We1e%xzxilIv2M46qW=#ua>)u%5R!*mPtt3+@AA}3` z8U2epw;FQBVs!}p4icdHLAPb?4mbNm)2IW&U@g4CDSzSBO)Q4a8d37P@_6fAb2j~J zv0hIO7a_o^OT)A#NjdrNo>UR8o){!1OdKV3V5DkcBi}LJt#Wo!c_#^yI-`Bs&5RLk zG@OiDm=OO5DYHiJ9{BNYC-1&#$SfuxX}y#|hHr;Xf$HkWi01sl3ck5o`gkBF-un9} z@MN0CAB<|C;d7a1Q`4rcmO)f3{aF`Vh7N(Se@ryKr^It?Z6sgvr@5vrZn(Wt5h{W# zHY-mPQR@#{=lx^WIl03Ho3R9H+WNmqk1{@&11(pf5i;HRU_@FHgto+0U(nsCouKn( z%XPju(!n4wT@%lTvFxSk^;$BVGh{~XbdAP8f2*kfJQ|DxX|k7;dFC8?lKKw9AN1!K z=A`SMih%GA79_LMT51PYHv#9SmqLoNM}`*SrOqS+IVMPX1bS;;_?c8|PS> zItY!>DxG5auym$1O|7|)l0pbN5eo+xOF`&-u)^mSN#_(!bM=f1}FccdKa<3Uasf#EuB6A#Fum ze7IWe9VLtR3Wnd9KDW6UVVGim?pwNxJgw%r9ie834Nt9eIBelJ2S2yQ&Ct#pZ=^S@ zt$JHMfZ-SNIBU@YJsV^!$-)897vZ7=<2o$G5Lyf~*taFln$D?;x52kV3703#4rVFDMELFMEBhBJv zYt{T|bZ?h1E}c71L|px5GalAoEN0*YtJBu1HD$5aHO^NytoIcuo6CsLd0giVH16>i z%n%iym+3RNb>hK1v(;(^9yz9N*zdT|UD}pts>^}wpQEahdYiKE>SY~_B2Io^@4o#6 z;VnFY^upVz+@FEmFTEtM`175K_x(p_-$^I;oFZ8|hskt>=C>=2On8w8gL)Se{*2c+ zSdIInkYm<+x+~L_+G&VyXO28t9}7g3j6M!&1bi8Wz6#^n1kjcZZ3auczdQKUTz4gP z7nwT?_!noja>>m6&w)Y0l8yA?7QlaN*W~4J(aU&mUBdIADATFV;j1o-@_1cAR2i=b zzjV$GA0mZ@p|)6HEm#n^3}u!v_{s`g^pvWPNedfV4r}UXo(JDLyDr+t}Q`+|N$+x#b zmd;BrE$62Xdyc$xQvCmS;J?BeC5GqZ@#(?*C ziV(NRBb-k<{{V*BEh>HAnM}I;3dYCZgN5aV0#`%AZ-9Ji9b{+#y)>A}XaLYlkLPWv zz2-BBmG|rS&ZL_a8=@9xoU2DX(>gMswYA<@DP2x~Eb_IbQ$YXujzhDNPuER~>Gxm% zE?;8al-cJWZ5gmtZVuOXr#8zgB>R^PKz9cX-DXOz;&Mt9*y~H>Pel?G1`Pajala7Y zGmk5#20($$aUwUU!FU}UHZc3i- za6akYMtvbB6XjZ5)~RXaC&qWRn8=t9!}Aap&I7y(>9>{r;hT>g4Q;D(-Pj_2vHbpf z-(W=_h}K4i@p;=ehuvxz>{6-OCNi5wt*G_j$t9Tf^058vr08*5lRu?r;gL4Mf4BY5 z?fnHyZ!_>l^xuD@m^_Nr&>)}A)mNr_4mjSj8pH&I8dT4EJr(=tWkvOInOG3^8IweW zkA{aJ!m6cnHGAF0+YCfYcTG8;S_2=x2B@~Gl}pz*xv^es3gJXJYtiw^6pHTd zTjb;xQ=q&f<)Wveon z<;F9?L`4jN|NVW{%-m|)ImtRd%=Ao}Btad~tbkCC7z_Y{LgRV}E<1>rizq!)wXBrN7A|L(m|u|Mn;)Z9PbAi@uw>rH zmN>6l(wXzBIbx_)vy*WN+PO6@=@`-QhB{T{3SE%@5=ut1he=DWzq1H`pkzHtIO!)T zFW0sZ;V8NNHuXoca==d=z)p1=KhFmOIBSvk52i6E`^mV!Ad+#HOm+(&ZeTye+8W(Z?b(ck9%WI8j{d%mmXixv|{O3i4%19+-=S#^xLykK|0tsz>U zN{Wc2(OS&kN@PopI!?pe@C`h2L^faCjd_kP<206Xlg~~su1{6^F5>p&0?;%DCyjx` zc>pCkz=M>o9)q@_W-Ck;;qjoH4-cpPnQOLAT3e_Hq~WDr6=#9k>Dt}=i&sv66ID&z zeT@$Eq$%@?^>D4uBO-(GZfJOOb75O`QS#ll%Q8^Q=I(aR^X(8IfHhfozC(YMgARwc zLNLZ3^>Ra18AKQ7Z5W8xlS4)(t;L|NxzRIiS7h^<2SWlb)qG=J6IzS+2>NF{ z^mt+vXpO7Xo&a8rD~mV^cqooLEc6F;*ww{)WVPb6^z$0r2z$?&QG`mKHK^{%GxplX zJ+`Zt!x4ow?F@4^k}S2B<5ov8fiX8%2BNbQDpnE@2Fu29i4otorpn+|Ds}$c?21$z z$Y4QFymkjn98qqDy&4`g2J5DV!8ecNRyGFZN66@t2_AI@6!fpx(=1LD=yAFqv!Bu& z4sDH;Q&H4}Pci7fQfg&RdV)&Fa`IVh#D9iT1;Sm>-$X1$;HOT3ytjW1O8MI8nvTmm5 z`>O}Qpf^|@t5Z*!e(-%K2Zpr{yay92P@pwQuNtILmD#$bM&rchtC^_>+gYurUaOFr z@gx-rpGEh<2FcU?h9J{z#eSHCnvm}?g6z_LsXsSB^{bbh3k7Z8NN0Jv-ZtGrJ1vRO z)Wy7%B0{K>yMIs7v(UQa6@k;apmASxe8z-ON%lF#QqU^i)qw?HR-hr{pAJ=ymb9WD zt-8}mu{{G^B<<>Jo;z)gCKMr}>lWKxI_m3tEbkwUN@^y!5s7O*nsiu^ux;S1EZ2&0 z+e`Pi|Kr_!6Hfn$gcQn=d2j%(5RGPG!OmeMii&Ilj85y$k2${SsLn}5wkb#ZO5Ya{-)_*`T6$P9~n;h<6 z4y4L=bIV6uZA;yT57t_%HWb%OO z_YC~LQkee}ONNGn>q8clw1#A`x`_|Z)lyXB<>l^Cc3@K%&`WYUls!;0GE9a)l0J5P zGXLwhg=)}0P+S;^3*AJh&1G)QqVsN5y!X1kor^$#WB9lGb4*-*AznhfxH@t{^8aH2 zpdtbk>wKY2e-un0Z*=*;L`BguYKH#0-2OMD>xJ`Plb;3L2ZJ0gEbvXh6I4=~YCUaE zPqpJAQvXRjHgebpXUOMVgt5!D{Z5QV7rkM2o55;fOO;w7sYp7*%eo2B*gEi3HX|Qv zXF=2CDP$ZY**=(*unyWcqc*Njktf~-PoLIaA^;2Rk%4{e2`P|~S?LH#Gbq^E!;QyEa5;vywy$+Ng)-5AGH>Z|X-z|>pWoKf z&;L>2IE&u1z9M2$knKEp zMPi`P_6EEFNvKpm|4aj?!}vZH|9?st83sWmSuRv3M-wPcijEU_d6`~dnvP`#UU+8=&npk_b|sFwSSH7CMY9_F({?|W_%C%Wkj~9JSt=cEZNs-!fLzWd zG(s+HvVP>{rxe)*;$Z*TVXO2_S*F>;bY=;CtW+wK-~))f zeJuvE7N!{=Z4iX?XsOZhjWDkHI*?kAw3{;@mmSP)s3|DMkK zD-s4snNH>0{^H^ZRzdLrBjrfFwmrGHAz@_(o z=e?cIS1>V|55>{ZswfVYAn)UL-Z3_@NK3+7r8jEq&_v%9vI#K>mwrn)`YMn|A}J=)7g1g^F;>Yc5s z^w-s}90sB;efmU$j(+#@D1CY=?XmjyU~p9=kMU0^USZTd7(@IUPw#00(wRLMO zwKg=g4$w)Rcbr?Ts%%W>(<&n^w0LM`9tfANz2a~bm=g|irscc=V|kkJ}otDiM%$k>gbsy3%N>HK~P(CJ@CnyzQBe)8wBbwI$W~Qcp5;Z0|dh zE>Zs7OHNp^k1Xly+=v|+v3E8D=O+Wtt}fmeqST-d;GrG;kwWAqM^NTFJ*SH-8c4!x zz~y86D%BzIC9i7JlT?xq8$$f$v%zgvvfFZ1;1!diQ}k(B9RFTzmzfn&q#&eS@b#n) zURayPE3z`fZ;L-N@`RK2v9<&0sSyX|fHZhjchSoDBO5s|SyqaNFCdSx9ixNPbF7EH z%0|kJ2sUwE?TvbqM+4p!mUx&3QilEe>&6jUv1|QdBL*|@04}`ecXQZVS{eq(l;r6l z$^6bD63x>WDjr>r&sUT)ShxKYh!HB*pb84=f$|a4{XVO?zr0=s&b@ndpnZ}-vinpv z6SvT-_q&}5NP?9+Q^=>(S_&gB(EkD0%9p@odT%wH3K z(|}gnQuoii14x7Qdrsh>e*woZbRr2D+g*vJ8Y60urR9M{{-3derIiJPk+l|%e5YeV z;59Rqn@;|*T+X#Rs}mb!I+pVAMd%FNT+Qv$K*U69-Q^dg>lrOiEt}ylR40+2`D04G zGN|-;_jo~?4=p-6Su!CH7Gd3HU1zd_$mZ#$x84FPTzr4R#NAcvi}=ksBVaQK&EFB` zOVD`+apQl{qcPLKB8*tW2!NU?hd2}qXPt;vW^r}(hta)?rl6dw`I1n6ImdlE>XM{T+SeYyDg*{J z`ufE~AsD8~(XTU}+~}!`U2g`;P>jt-B(XwchuOC2b_^A04P1Zq2BZVY(x$L9Y&(-6{Y6(3PgLG&N?ns=EJktqTmuCLvz@M@GtP$VvV5SMy!1|4O#9HD!| z&Uo??EQl=+$4L3y0dYekM!_MAesdh&_N?9Wv>m#y`VOdOgXEcOfYL4ZJq~ZWYl0&t zhyYcCh_j^hbVr;4METFL>XZHb$ZJeI$#?ou1rD8Nh-9T0ubx5&psZ+11c1jYdTW?jqtUq)h~&BL1r?Du**L;CV_M1wlmE?of%iw>~#mXo&6 zyV;Rlx`tU|$Ox3a2K#wZT$ns+FDLDHk{kUIEL2pulbyKX_h-8%hDvl=2Z(yWvg`9s z=-WE3{Qtw;SSYKPZgNG#>>Ut5QUID&XCk|z>uqL{=5&9(?R@wVrU=9!n3dBFR9_5i zt2lfy$+SLf-OQB+@Vc`>s>xgynVv5$*g=8l1HqVgKtNeS>CMsH>;M&HCH4NSW$aiY zBR2Q(uu!F61Xd`}RYX*Bp?u`!$-+Z`1QTGh($4{H0n7(PJFE~OxVQgEAd>K&lxOw2 zc48R@pQ$reX5irxeR>80@*}l9R4~(67Rc=*=WW}%U%yr@Gljwbzd*iHdtMM|P_pDjn(WJXD%+AqTi`oYxFxRD+itD26Xg2T|2EJ7A#kbv1iSr)g7SG^POx79Heomw;A&U0ZF zbx1n%NA&n)Bn(VZ%GD)to5nfG)?_88J{RVr*zg~Ivk*YEF;c2gxpUk@2Zlt zT6jhCCD(-ZZO#xbL#{bsR;dFJV1W!g77cODB8X7|?i2Nx{AA^qEll+ov6U6! z_)lTsr(jGp5Q#vk%6LXb+Th?#|0+Lu?-0PMkz$8>KjtHMLhsNhC;!X_8b zY2J5%u9#EZlc1Pk8>PL7!o4{;Z#+^s3*6)6&$;%y2-V zp~JK0J&V=KVWx|*l*+u?ZwJvVKNb-u3EqE2*bfgD6*=Pm50A=){|}FfB=D6|QIX3+ zL@ft@;r;GpD}4=>lM^ZybF#YBel-r>&>J8VMS`lc90J}Tn3(7wgIi3Q)cG_P5;?in zr`9zq5bym1@E-c&>paEVTD_YpU%DF*VW z&qsKeN5;O|K!f@##~K52qtZWAiq^mNd5;nSV$tz;daE|y=-lS4)nf%ZFOtzyk!DRc z8PUJBn22(=WuQ%VJ#_xa!`>Fc8#_kMrV+!|kGeCx?z5ub6P@#EMoYddA~c%9%4(_U zr4*l3BmFr;IC`<;b;8u zkfBs^f4OPfeDfDp1kk?&kD3jnrB#x-*xEewXZLa&2?PbjVF97x);v99fZf?tI zgZKUKmT_iwxQ(K>_Ba1TxxJfpV?1QNIR!V5hwqN*UKZ57hJZQSVxP~zSlK%_*RG=A z);!z)3wGnUat7F=$VVIR%P8W1U`UJ-V@qV*XFEXaWMXXxcYvC7-6iIu89fq z^GoR;;D9sqxW_HiNq^hVghNDprN%Qu3RV3)>~}$4cYyl0)$+?X9o>vw_Kk^DUt^y1 zKXLirq%S*1oFqF&o(#(z9CV2VH;ikhOLL2{KBeYBPnM{k#(L=(zX!&U=DL z?M_tGl}mg@Rf|dy9_@;Uxj2~YHvf2vQDs*Lp>FJ0HRrRI9_);)xXB<9nO)T~MY&AV zP~O$x7Pf`1Dzt?`jvFwAQipt{dkW>{W+#x9b^o-lX1+!H3Cz7Qew)u}54KZrZ5TdE z4pU7GXNxzf4MDNm9??j9JAST`rpe(UcN7)r2;w& zMoLulIRN=IJzc%ln8IdxwuqLMWf%uZNLV<2!jF#&T&KxF2pUVVgIaB)J)avfRO9w+ zntb@z(h~KH?Dy|sUf$B5FZe6E7XEJkVmwMi4y;**25b%?Xs82vn*9ho|3^@PR3?>Z|cOMJKhBb}lr4X$P8E4|I52=z>Q zQzTrwX9cr~e~J~NPYvg{)^v4+fQtWNpozQ+?Tr*G(xao)6*_bE zo^{)G5lco$ugzkaR6hEZq&KxD-0-lgCo@#;0PI1pxeT>T;xn4g|Gw#Q-V6uZq}`qt zpIND1-Ca9xMB;O@R5)QJ0I$UTdvS3RYPE&RVj&WF_6-B*_5Y_SL+u2+FrHU-kb`P! zW+PREF5%&IP5~U$KvdKh@jy0%?rbu<0U8hKlejpN06NCrwx_HtgRegV#rD7o=t#Zx zjNPK2IglO%3pB6+kyo>w5Ug#-Geh$*0+ilF(k9q+D))=fXICCg0aiDAEo0-p_ga^A zeQ9m4&z&6{v2>&-6r>-{+R8Pxif}}UfK);a(K&EcWc$2Eqc*^a&MTXgYnJ}N zhxW5HtYrH5bI2+8(O>wGzhOs4hu@rpYHJjrUp0u2p@`RV(% z{Z9!CD^QHQ=v(cAAf2`Cu8Jh>XC2$7goFHuyX zAcX+8^Wgbr)ckJdZChOX{g4A~Q}@7fyRp7<;{8(acji9C?3_wyq34$o!7%WtL9h0}abWwsxDqlM_$G)`L}!hN|D?6&2aEBSdh z4GnvB)~BNKs^5;DB8eFP5n0sx_^5&i*?aHK8QGKOtL4_)BXMz0q*J$0@Iw3cv|B=# z8}BV3PrsJJ?@lfaYpEITYm%1&A_%v~(~pmKjiw4GV)@^KOUQZnJ1Q7;20w*|;o{;Y zk0Mi34|BUnxah0Z4IbW|T82IWsm8rA7Js>2+@+E~n(Nz5b!|R{f4U1oZ$v?fRsbO2{;y;?>|@{*Ot7NtiSV($5B50_{G z+t{uj9L^`TiiOLr?g>ZJox$NJ*-GZ0!bcJk@Z4Hc*VYo++v!1NnhPZss+d6zkkJ$9 zL=W%d`GRm)04Q(D2p(bY4-s`?6dhr-pP9hfa|sPKwb z;7@sF!)%lBW~L!2A8SdA+^_mdsM$7{1oh|knz*xTT0}K*7z+QeQ9PgomzXo=?+XX@)nF)9(L(b8Rx zOHN~oBH_^tPdVBhSF7X~{il(=+2!z^AO#3WoZOSj*L;}uD(C~62zrMmvPC!=3&UAk z@-RrCz^=CHf*M98W}K|Do0URne4Mg5?9)-7o-g-JN4B9?(|07`qTF&_+?{!LkkCqP zuF7(?>2j+t3`hvRyt`v}rV~!5(R9fo(^GJ=Q{*GE1Q}e+WS5MJ)BSA;!zcK2ih@IZgDKN1Pvzhw4lE0pMoc;#S z?5k?iD+6W3*Yr_JqP=Vnaj4>my*;LWG-g2Ab%xKQfkZ?e(C8B2ee-^zcH8WxG;%KM zI~R%1hTc$;6P2SP5u`^9usI~sbJA*cwcGBGSX)~I?voj~$=9Fe7{Or7PoLc0-(KtL z*bESUvN4se*Pd2?oxX;Ua&SkkBde>Tzon?(I@Mv)pT4@?pfK8XWaIXu1r$ks0f_SR z^@*XOVs}M9*AdIb$E!l0+B_tyhx;+YF8t75Jl!UzgAG9N_1(o~%^#r|(vn)CwrO^f z73@v}pWn z9-H(-4nxF|x$`M42h*{^5{E}s-v(MYkUrJt^({DXbZCf%%)nGjOU1bXEQ0)}>jk(b z#+-;Z`UgKIcH&yM#z0$5>!CB&zjb`Tl_HtboBh*hZD4HJ8m!<{x8=&K3*i0@xNc4B;;|u z=nKOmA_AWC2l?|T0@xhuI^d7w+;@(O3;JtqY3`1W{I&o z!wSFlmsdI z8;J&<0;zAF{~-8-NKExMDFJi^%;KGG8l1j~LC{YO*h>vK7^**d20?;s9~wZuP@Uvt z2)}vq;Ijj}_oKluIq;5+=GDj9VtzdX{gHvLEx`XR!W8+4E&jm=dZ9iKEsiv}|Cro% zdXX6e_5Z`xTL8rob=$%N1W3>XcSr~lJZK2+?iSpAaCd^cyX)W{+}+(Bg1fu@o$tQ; z?qBb{swt|vx|!}d-KWpqd#$~eD3x~(RROYaM6c+81`^9>5B~D@V6~wp(WP+ozPJZA z;JVesxxvTpfg#f(miOSDkv>;nw)CGNnGx(;?~Cv@sl*VIjfQObU2I1m!sOIph~+&7 zlLQGLHdVop;4#bl@_y_wkC&k9{IC`Mh|d9?^O;nt@V$>o+Q39`PYDUjd%<{&Z@~Bb zyC-Wu7$3>`{tYE)Ks4l?oOY0ZC8y5uzg=cyogYy0?!TCYt3DhC1uq7xfnd6v(%K^&aL&pRDey66~z~^}9V*(b%2M(l=1aav1^L~6MhX~E9bBq%dP!ghr zRHojZ%n;NU%*;y?^i#y_>BYXli{{|){F1I!5i*K?MWo2yc$=CD8U`QHqc26m{|n#Bu#`R+*aj;}>X6d9WD0>M-p1kh2n^zve#(> zaWwF=|7W{c7`W*F*)GIO9*rhBBo<;+6zfCDA*$NmC0t<_`HIH(*t1YI!_+nQ@7@Fr z{ovrJ&}f_*9UWcx&5U9S_eKWNx!U~(m{=zy40_K1hf=e8hgazXcRmz&HuTM!NU}+| zrM_)25)w96>S0$5DVko@HhD2FV9+dV$dcWT{@X^9z`8et97rpf#WQzj!0@J)mQvaY zqtoS?l?f``#|U+XsY;v8QYe{|;RTSwBNZQpYe(*(+A0%?u{RIbTrVqmiDr_xXH@wX zItg|hw}HIR)rC>=iT?iV&?j!V6&_F%GFLzt{ulyHX3+Iq`v%cyj&gZU$cyE$+H6+N zZ4cpU$_p-nf4eaf)4!(JJfc{xJJZ*CNrzMfrA?`DI_K>ig_e|da4ed8NpUq7upgR# zxWlrwvs-R)sj12}c{k;4^=}%=ok^zTJ-sP!1<27aLc@3i11W$w0Hx(&dFOF&?W~;O z+8Z)wMbn?m^uql-(Pp(yo}ZBUNPcnO9sJal1|e+Yz;?r6UN~1rw7;IWVbcbZ}+Bh z=#k}LRwY*9v|Fw29;RZnrHj;l+$KwA)BczZ7&Tz%f2V{2ddV6l#%7`bhq7rbbj}(C zN8bDqtJ9gie^gAw^T>yxSyZxmaqTIf9)H;3FM~aXv!42IF2EjUF~3&kznElgf$t-7 z_?Hi#uEOMlqloFTC6T^s=+WuWoYy^?1z(vL=S}xe2b6|pun*+aaG**K0jD=q0Flf; z+i-8SeyFP;RWRAN^K4{-3pTeG+5-1}LNs@5{q>O=HC)C1P~F!xL|$(yZtvMPJKJ1N z5MA))w(8%@Bu#PSs}2kjv))HBG1Z8OJ2dol8|%vAe_mWOve&u5)=@O* zd{VX^IwI3#r&fi51IJ($j<3%Xms-DG;qmoumj9S_pa zYS?raTC6E0zDmr5Z+HKDi6&u)iE^8ij*NSq7E_1*F<$cEShkri0z7}vv=y{EZEREe zvW28uTWEB;7hA`|kA`5*|0dgCY;MoTnVyttZ?5FGHwZTqG^91Y+3uQ$1d`xYTZI#X zCaqtLjzPsou`*q6FKokuJLTt5WtG;#eRCN)J1b#3w}WGTde`3{(cLL}GL}rkjg-XA+T7##NUifw;zPumT~G zt*7Ga=~eQlL2+{cf~2?e7{MOTH=nsKtnyD^M9|ye7&j=*Fh%`z)R!+A4=3Q7WXYX? z7F`NH=($PPLk#V@KX})hpkPWLgF(ldhN)kAe+qY!#&Rvwp10ybSMy!J3`d{L@^fJ~ zOc9q5BZk2-ur}qr_6;q@sVunsW;B+1={W5-SDnukOFU31plWB2$HGz3=`#*HGF@{D z@-P4Gv9rEzdxy}NS@Qyh^Nw%Nv$yEOXOnF?Fc~VoVAcHqOC6cFy=%^T;>zBZSY*t` z^pmgZNyGJ5j?cIu5}1PEz(UD0HHc<5y9QS#cUuynRs92bcrA2&rH|4l>h*JVHGW93 zIn&y+Sg#a*Os3ddLt>3d%4)rc{B!P(g@$B;RDB?S^UbfJ(65GUGOuahSepdfIHLAv zwHB%aRX6E~*`Ke?&B%Jk4iroSE5vayfD37K%|SkHj53W#lWs?+nTF;{y)q832{4_M zaU?5wpYsW!$Q9j(QkyDD*{V-a)^eR_^Jw|_VrwMROM2H9R{^r%c(@JHdAg0_aQf=b z&BV#+H5j7|^7c7v3;pnZfQijmCP`0?IG&i*dbs6PRB-6T zBq!fIofTc}vS_ycELEYuiYC>BI+-n@uh1He5udeKM&NnK`=%q$+Pqw^y}M&79A*s* zns|FjyzVD1VrM_ZqJ7uaM(165xq%GG*>HOE`KCG0S7-!>27gQ9sBb(qg-DeR6a5Gkf`ZldBE0!41gwjIXW|N!rHhr(L!fXAZXPnf$M(Shto7{~ z8fvcEEyEE{X%}7XW-tP4sM+DKXF~n&MR!jjP8p*U^m4s}Rso_sII=bUdif1bpQP|f z)@)c|9Oe-|e-kxhXJKX(daz`Rj>mQD*pqt-C8Bt><$5}={rifyNsnnBk90?mR{ zSO#=ym@U)S)U~~ywX33&FVvZI-rb^TG_%Sk3d+jbPDAddr{VzdB)~L&=lTGOT3Ha9 z3KU7a_wXnzok^4wm#0(n4Wv-Oox*bD((KsviL?}0B}}Ha$+KuuS0{4^pYAC3r?jhk zy!IzRGBTZhAL?W>cR%>EF*4Oqp{~h-!JQ+?epGaA z!zBgp^wHsv(yy>5Fh06~{mK{*lplf;Mty&vJ(x+IraL@ol{Gt+8BuN4%m8gFzF-YH z{+Y=B$G6a5ppnIeg`qTdfA0t_51ahykpC}cO$$w%y7mu6hXlo%EAZors*?R7#2cs@ z9HW;xY!xmh*T8#yDhoZ_Y7I_Ly^!&kC%}L}FJ=lK|44t;?C+YxJ#$1qc$8?LmyryA z-}3OIKBgGg#{?&A-g_raTRK4znS@m3Y8Y9J$!%QUuA?6wo8E|sC!^Y> zX0=o`qsBN;D$V5R44^NaB1@5%EtT0-gMg=N>39ZSELz* z$Q|3;l8G)cX7G>4W03LK^*fM>AO9TBn>~1K1*-#~RAD$g%$3D?zNASQ79=K8EY=?F zc)d9sOm=_jn8>DEZPLtSzj{b!I#Wbz(M3Qf|23X+Ll6bs_57?smw0(m)n-HL(E&2{ zZnOS;wLhsGu$&maeX+&qpTiSsh|tmbd%6BhAuCJr$p-=T1e51;PKqeLpKCB*`eXS+ zY&y`qafPBedf3A3!}LSvF+?;EYrfo2VzznQ_?SDhYEOQb*vXEd_jm;wZwU<9MxT^rE}>t#*?bw7Eic&-}5M)UNhOOzt_b;oB> zyVpj3!|=xBLx&?q+KM1?B!i}FN&$5! ziq>d|q;k`OH9|;6V5VCfTXFMyd6vtW0foCm5xOg7mgh4oB{!wP>EIICN%Q*t z;oKdNvt`R7)A4WwjmfIG_4SbvgCUjPP7H%;8$S%mXQ>Yxj+LdxcE8IXK^<-$;`PgT zQ#ICkB}TUdp!AS{N(-ZYF}jp?NZf}P2@H;4RV54#?9A;OvqAcDj5@tL@L2mHeVIEZ zkl)IUd)(_@pfjSPYVrHz9J3b46hz|c!xTbcW*x39`gCT|X$-vEZ+5C#cavGKk5FrC zx#qeWNq)?L9r1Yj2@pqN1`rTzFE1~pBylDuVdHxoPc`6xW||OcSaO-VW?M2uA>_ys zB(1M#%gc7dUZtm@Nf?!21`zRsd;}Xx#zf*A_oP>NCqRfX)Cw|0C1oGFF zuAX?6(RY|tm!0PN&tERNjvFEFMj?Vi<|VbcwW>BqNFmT!lhCj!Ezo5SWUW3zlHIL; z3}i)poME4Kf8G$9$=&m3KY-m@w!$h$c$Rqw#K+`4Y`)xtqLZnSw9}Y%Xusa6h^e%x z#HTnhHQ&ZBcfkZ}zhoThbtlhhw|LfZ^%z3Dqs_V1u-%>$dU{jzKkHG=s%2H8u(F73 zSsG7t47H5R&rbdV7~{m7a@Hx+w+-?e*%2vUJ8i8uFfdG@9BO_08*Es;-qP6(f`$*KahZ%3?)G&b zXH~whyZbU3Pc=I*mD&D*mKa7;1x+M4DacL>kRD;9Ncc{|6Q^k$PAO~W3 zn&x07>dw41qrh^b_(DDqH?CppzN|c$ckQ&D$;egJTN}Oxhp0V%y2L*VEYHDhD?0p* zMo+TTe49u4L52dC51EP^LO~JVDdqUVjyR!F^SXt z^E`cnJ>5%3x162jw{&7CS}dG`1{x2) z>%?ewQ(x&u!#Ie}4~S8Hmh?q^Hs$f39&&kgE>4e4Qo`lGN^r{GgWk^eJIN@Jk4O>hL|H{P&B&fl9dI;rO z9;UjTaDt%j;o-l}57!cjj18CFpsBxeRfl;w7&`LnP@k>Sttyg9D!3XBIw z_jIH8w`GVGPFL|uVY11m^xK{hX8}nPGFQqG^u|po`MG6I8B$hyy^i1T#4Cj}M7E9n zhNk!pP%9*iD#B7)NIhqr@hd*n63A?t2GMZy7Qe-c40h%a&@Loq?D9zoh@El8C4G@A zs%5U81^sMD=6oM($ejo!iWEoGq*nGpKk?yLW=pKcof_7Ry;=}>soW1d_4PN2R^<6t z|8f%X_iOl}Xo;*ec z{$d)xN%|%TSKIc|e+x5H(QZLdAR?vVgKC5mclD2SaIJf6CXUI1WJB(Vq{WBiA0ld@ zWCy8oh|CtNcY@I=xZj@bfMViDK@Z{NBnD{cJa4S5`Em=_Ym-B-H!^7EEG}yj4ayb- zN|0oxrPsc!Ek8e8*3F#^w;g$I4#w(=Gg>eey$m#O*;x8_(viX7r_1~tu;Zg9ATi_M zz~b`uBD=bc0@zTCMC6rf9;tQfZ?;`UJX9M-pS78nxpCR%%`VkW(qI`{S;-k~U6K}Q zYbvvjnuYQGVuHUqNr7|tF^W)Vblks4K>M2*X!qauu-BL$7@_M$$ zJ6!qO)ZjLlp69X=A<{B)Y{?Q>di%FZ^cpwk%jY__qep}*K1VG)-FsUgB~n;td-L!Q zy?Zo~dn-VKQx2j`x|UpH-qm33-0ljjcopjyXVnumE!b9t|y z3!*%#6s zI=Z`LNy&6Gr)|-a+mn|eDeHUdJ*RakW~OFZteW)nMpPpE)p~l}#p;2c9v@%$W;`R~ zN_3_#ImU0Vui#rU?o6@ig{s^|fQ=BJ>Pbc}RjpdN(L0ttYELf`R++-Z0iL6A^Vkat zL1{@jP;oV(HOHfsL&U&!%7N?J<9pl=-=&-rGfRzs;At`ck*Mn^xkE~X9Us5alD6=zbVlEaH?kKNrp!#A(Ol*Xq>_}P}KALfkJ+Y;Tp)L>^kk8 z(1H*s*%ibvIQjT25We)mQMtHsD@r`J_PYz$2b_P2sQNpkQs)z~jqTLXd<1cC!wLR0 zxJ#&n&5apFLJ4}&U=46Us?%6V^OF=sI^qHaxJm1@n=et z*{$C#ypgRq6}HTe@A8oeBURnmmm8`m7x0nVM6(+nL4}Lqfkc7)$&g_H128RB^FTLm z!VZM)-@pzZ_VZBkr||#F{>cGpSp73%7uzeks@XeSgvt^f#U*j&PXKg+EMFv_4lQ0! z&*8#oyEo>{)4m3RpRioTTW_v+$#)vdpE6Kx8Twe?Vir1I;K*YfPk?vf8g28xKmo1L z($Z3iL^>|_`-z3$AKy*lNTzJ(DR(bDE)~i-rLw+IP>Q!%6-j3qkW= zC@BY)mz#k^h|O|^!I1`lWT44qGEt&LzkdG?J2pnHth~GJ!f>(s{{tg};C`cp()QF6 z&!v%QVHVYX`5#!~A7GNbDIss7O_fEvtD-%+fnP=7=nItWX5y7BM2xp8p2{Jjz zKhmd5mw@-ysJ*pF4R73q-MYq%etS+=HCvyG!OYzY+!NmJu5@SpCHhfNa{`)?S6yZB z<$5}FG}ZTrs@9c`hQ@Ft$&Ghaa^LaF=sAr&^6+aBoHXnJ$k3%E&KpTKUZZeeFuJEV zzeKSS(+i7{SF2wa&5BFjcVc5v8qqM~gR3iB!OZ0zs$G)44*`$6mLY=7m#Z_sfgzcd zGz$tNDA@rPp!Tg`rvwso4=9n^+?gi+MjMyUJfBPc#!;1@b zO8sguMQ9ANE)~+n8kZ^?!3Y66HJ$t*uS_u!x*|^t(8$P$>+SJklY=?1n#3i<#RS#6&o=eMtio^U~AEk z$7f4y!gqh+F*Bm@>jU-mH5>95XKlM~e;~D72sUT=kn`K-Y%xxAe{mG-#KyGRj;b++ z6s$r(lMGxH%VxmyjQHJ|4|q14T9v6?LbmYFl@WWJUWedI^qU)gh9#bK%Gju^hbO1u zwn`P7RMJa;8V(1L_-u>pRQ!xVbIIymW;_7rBO&&Q1EqBh2Q}8T)uRw5R#_5TK)X6Js2lETbX% z7L5V|KBx#W#j`M!;_pBc&u3npFmU(S7)f@GkjK%vib!165k_EgT^c;+iH)w!@U?I+ z$>l<0A`CB$y^7A@+FnfJgq;~Sz1hxPNMh22B48Ii?jsM*K>fXnybP(AkO#jpacvv^ z9`O6#5(-R4gwn2lRV0KI=U$cefR6Te*EN`#Zu{bP~zA$>Z$f%E$T($z$ zt~RmL1yd;6@eGvUr5jsCmB|MYmy&`-KJAX8gEBXC@@rPBB{4-R9W39eeAJGfv|8(k zts9bqwNTYZJiiUM#eS>3JW<6l)-)kf8d`NMsle0%Zb!N;Il(qHUlbsz&MiZzDKTN! z<>X{acvWD3%c7oFkcNc(aA*)d-fEe`9ijSKkgK&$b`sJ0|t=u*}$5h)jP-0Wqdvf$M zb0SM~uD(jt9*7Pdiq$p0ic1X7g4GV7Sv;=P=JE^VgB4FK`&BnAzM1sVOXm6Hoc+IW z3U$v(x$tQvZHB|Tc5AwqGZ7bv`z{b3h_k%xc`as+IY6JU{uZpb?MmPZp+}}q6QlRo zNG_HVQBV%A&rU;vY|*K`*Ev8H6K82X6dm$r1w1M((5dU@-%Gp%jGr35;ZtgIj( zB_`tgNJd$26?uMR;kY9{r0tczxMVw5;ROG#{RPY6rKzXazuvW$qXQ<(ZDhH~@*wt@37fPZmA_{5zx#=;Bz4Ez7mI3FbAIe)lEjM0t3(zk&v_qXW>_6Hz29yo6tb1izKRX|J zg8=s(8_ZdfS0&J_kNQ4=>Hmm@mXd=>z(*WT=1Vl06l)hvIvux5n(~44%$b-@9^AaB6e1-%A(H z6f~Ps8=uake;_Umo2nQcP;kBdo7K7y&&*R9MKV2=VK-3MK zML1%~NX?|wiwHEa|DEFb2{Bod>;CKyMp^@zDJw0;LkdD7`V9gscVZ_MmF?U~5OEtf zB$>+z2-)Fv8Heu#Fsck64~h<)i~_wL)DJuA_$yGl%Df4{$7_DhqH@fgunX&~3*-1S$$2ynpoAce!_PU^*ztR`e8NK45~VI^VY8o!?N^}p~6 zz=ydPLfy&{3Lt9#uoXG!P!E@K*U>7BOo#7##5*Wv6eH2*9JIj=4*8V}Mf;p`60-n| zGqQGbnWmlLJq$YUEl)fa1%_u7lt*@`qqHuVM>%e7o@} zh94ax@6nsYjK5Y-XnUpzYQDnQ#YHuZD|K`8Vtp$ARaf^C5LD-ROIxYggIRTKe@$sJ zlA7T-0KzuIlETs=)V@oBT!s`(A`!o_(HKqhO=iTZ{PFi~@qq`XEJ9xv-& zHRO_&7Lz__Cxi`-7Fm|PMG6N*FAX35n+u@riMw2}E>M+pvO@+mL{>SS!GrGI1JtCL za4P>8Tsa$tdS9X&Fcvl1b39?kRcDp~^?^Y#zKmFX-Y}OjfJo^Ro(;JCg?fUS%iozoG6X}KF z@1eZEsi4biD{Dl%}?NAV6$jKAdj|{p479x32QrWLuDzqTwZgoado5{CN zXVGQqJj^VH;e_U~2@tek%Y29tw5XU|1mV+&HBxjkQ@4-r6%=?C@9m)AQ>G{0WOKc$ zcu3duRl8<0f4xO0{*MVxX2spVwiT2{O){CynO;Op&Xo@n*~<8AeXUnx7Meb!+XA14QuXA8M~VlxHTTR_vJ*B z9cCDxN!i!#rY%nsAR+L&sr*A*SReNq?J=O7@sy&j6(pYO_(3mA=jyc1pYFA#pSYE- zrOxqm7q2V+KaJsHmZ&<{KT_Ss4S_Y(eOfNh^PAWG7oJmVi9Hm4&{<^7hk#-AotMrlAH?bLZ4h z3KSP{*0McmF{9~1O}UeC6_=Pcn*RfW{y0%g`ia$n`fgYXgx{?>$8qR17#`5#0)n=T zw^sJ>3^p+qLnC`7k&qR9Gr2*REibIL~d4i=#4(f7Gu zxeO(RO8nV24bu^KXQ5!kt?j_Pa~f6L^sr#Ji&DSfz^%XY!@QijLK}axIQN^ArT8OK z6(}oMWd${sP>a{q?~`CS188B%w$Ae8Js`l(m&%H2VR6FqREiAZ;IM4>lz}4a&}G26 zJKGyFcyU10heyF^Zd&tt<*YT7;P9QvGoSC{bYIAqz=j721pah7^R!!QIR}sg6`ovJ z#I6)p7Ir&G;;E^1fpiX?CQ+I88C(!$NRx{~jx3T+jTF?vvfb0I2Li^zk{SxW5$;El zmwi&8aPv#f$6{$=X~`CaK=gSVUDHLHm^116VXqwI@K7cV3A1^jKvds z2Bovt{CMdNO)b?T#KcbA{Huq|n>}!IH_qYFM9V9ahSTC&JDjLp2fwki(`5k2By24F zg6Dne#hzUET-KOB*X?<4jGb8G@a)3+ON}-F$tG&pmxx<(js-0^M0|Ke5fyK{aFTP{ z>ULfm5GcE0Vrpi!$r%m$qzsU-n_@dBfQYBYh#eYeUs`Rhe+WRfdAg0aNPs4fb-nz0 zwlmz>L=G}C8X=Pa?9ai-mFVd4JkJxhhl;46?!e}?Mp7WGc|EG21>PAqH{tHrl#S*p zt5)IHr>n=LB5F`sl<#20e0|}eW*Th9kotNR3Z~B1PT+Npf5C?|J#GVr*kdRvqC9G4Kv=& zTn23X2mq+!9j1fOz&X&DK38E@o1H!Ppl>tG4I}<` z1iIrzCN5H26o<-t54x)qf%cgMQx>*Ct2%EVmbchEb=chFSiD0cuS~L>;6MF?-~@_^ zW~Hw0wp!%BrCkjlO@*OCV_v0g zdGuP&fcuYq{NCX8Z@rh;+XU&AbmM7at;GE$;#RiKxklg0p`7vVjFJ*=(8NEOQJ#Fj zETi1@L$s}b2+?v)VWtnPo8B3MxxO(D^IyO=XNLYuds?sqRj)}G;iAx=Cyh=HmTb(A0c8hnxvdg^`gl_QSqK^>3f`NTw>AUshCE>VjR)^`Xbge`sK@%ynI}y`_#LRhbvr<$0Ypg;*Hx= z3(o`j;LoTooHY@ILcptmm2RP#t#dW~?5`fIDCw6=4|j0L+Pm5PNmd)cQ$X>{;NbXt z1YUlHtWnEdhQ&^2yWs-Re`L9=4CuZBzH}oQCt1y{^L7rkW5f7=%o9cUeSpcTgR&P8 z*w3R<(RaW$0F(~SNt|vDyCARBDoxMV3i3kwA0vpZa%I;0`_=MuVq@(98PF*+V0LBk z<`2aW+JeD9fI1Nf)Y*KdX0fh?vx&;{73kebWugn$vv##*-s|Q00TqFPRnS7KkeZg_eqMg{rG$BNKy0cA&xC>Y3ovSql$9Ga;8B*y$_U0O}y(L8C;8kKZji>AD zFxOgR1peKtP|yp3I}^~tI{2VjfKwcC4wqNXCkz+IcYrR?opJAQHxj|=;KX%aca3)b#;GVOcoS+;$A zs?(8+&ljH22oW6JlT`}KHc@Ly;FD`Y9WeI1PoL=e_5t0?GP`-mx{ij<2R!nNiUm0t zGIZ55s8d0`oI1LKxBhlTS%#%W=x0u`;7CkaUcFz#O8xrDKo$cem7Kf^ENzE|yTwoo z$=JlrfiT#V?R}k<$F;1qoaeUnrG95PsjucaQN@0=dlR#zG9s$cbVxV-xgwEpfYSh= zS%J@HiNk@FgP^SJ4+|YD231LU7%->@<*lr~U^KM2xbcV(*T_!I)haluZ(zVJ<(os7 zIQYBVQFtluYwzK#T#1SZ?kO>`_JY^YQd7hJgiwB&p7PKTnnp{*;NwkI)8tdz8@J8C zN5oa8wY;zXH8sJTw6+5 zr>EqcL`=+za|JTGtBWZtdW@4+WW* zwB37dog0%30|F7_I1_22D6|Gu0ypLxO00* zwF^~CN^DDu_pqDAIX>M@@f%C1w9(m3k0efei}uS0*{c0&7po7Lv=zOdKROsr0b@Op zA@Cbu5t**HxX-O35g>p9g{oBJE`>!HBr=S`(C)YhSXo+P_y69FN`M8RI{IG3j9+Zg zy}+ik;virRn$hjE^Y}81{ew312#1*F>BaK4AP}9nZD75=vn*yNNR44rR-A=*{+?^) zB3eLAdXw3Ye2ze<3C(*Z>;2RXHz=_9l2i9P@+DS{*TUadfwsOkv9-uIgPUiX%N4x& zXwot&`p4qjlmhdMTQGvRB;Qeg_F%k<^GU1~gC}2|BqHw}VNok6!P!QKgU#mRa^flI z7g~33@8iPvqrLG8AkboVu0+h@bY`dmu>El!iX*nm^9`#d40TInel4wwiad>SsE$1* zkkEKWB+o;S>CqfY)0IJ&-`4wbb>9W$BuX(u~QB9{2>)9C!;oGqCDM1{fCU7h8n%-8&46_51bN$l?oxXMEDx z)ywjuRknt?@91(ee0!RBJjimr>@Nh$qMRE;k>NFrSjN#oS=mAHzHs*=5gsG$>SwoW z9J?Zx1}du8N+QTzAdvG9YtXx1tbP5bCpl>$e4cQsy^a!M_0O!eCVo4=sa2oojKhz= z_y|~tTltU_f8*4!WC+mstypZi+SDV+1oTH0DgNRA41*)&b%?k2tdPzTO2j?FBKjMu zP%9rU`|=$&9rzN^)cgIrh$`N3;3NEMm*uJ;z){2vixGW#+H*Kjb9^OS3;LA6^Bm=T zt`n1}qWc6(LGj6#kINIBL|Rtj;Apo6^_~$&;dZSR0dcT??s8`gfM^LglN!LP2khQJ zc`lXhtpGgDiV~PZ3A#V2ca9J7yxvd0+H*U4E7v~5LHi;hN@>j5TObo!k(|jD3k~Ss z_x0`!87$o#t%gdYjiz%f!f||0pmSKOq1b#nLtpclN1(JS&ku1pv%LLtJ~Vm`{#u`p z4EIoo_lfRmOIP_w1~PVCO}YHXdB-_b+sYVzbrcRrD!Z-F)5;cJo|0j*YC)AYUT8DS zGuOb>e;_au>?L$UPQJv^{eUpQ;!pZJwHku@C#jk#yNFPPO;}&5anTl(<`IVoQZ2^S z?rB)Ej$xbyovtUmr{F|%`*qKRj!80_P`u2>0)(WrwiH_E!sw^-#EV{@G%U1&a9PGy z3T*0QekV2q@=#GC!|GC~tJfC%MXm1rYR22e?F%pRPL5oy>7)3VIL;LK-l>Fpd`U=+ zW)sf#0=9?kU{G)}6(}7$VEh-cy0bC$v<7lio!yR72A&+^DyIu5M=LIwFITy(Jt~*Sw&w45QxTD3kW!r zL=>1WfZxq=OTN96IK9qSZ!+Hd7ly}HA&29fDp)cJw@;r|MZ&dOikr& z;=NBHY#G*a9oPISs@LtJ9e3t;=gLinko}p#F(Am>LRVzA=hr%#tFO00Et8`&pJxTc zes0>|(4g=ph<<#e!_cB-zx8An{Gu!zfFKLXe-cp2*hpiS=Hr_h=MGKdUWK9rJGPm{ zo2#YRzP(~M`EuFs3+d(9j;25iuK-+(oI(cjdMPn~=69!Knc z-e9#3G`{NwqIBg;XoFzA0lG~?2e0WO^SUjQ(GMQ?q^ofrRVL$vjFW0p1-n|cWyomv z#s&uO2NUlW`nLD(Kp5GJpotyOfXZD7BR)gU!LC|sMg}as5U>`TrNPtFks39nN@>vP zWH-jghK6$x;N<`Zk{!u-=@}jU`n~ENNuzCLXEJvM8DCGOlv1-_E`PQ}b80#spVe=l zYKxy=-npejSNB`|nW5RxyN?)gD!13b9^OJ+xzrlG>|cChR=ITrko!}NGL z8gkpKS}yhXKJ8aCO3a0St}DkNU@XZeo>>!9bd;;V*p`)4R`S=3yU6u;O>`-TSJz7_ zmQ5Fj-1x?=Kx;;VsiV@VI$a&2)lr}$lViJvJ7x5+ZpN>r9*u$HP5c9fuOtWJf#LL* zZskFW#U>#+4dA{Ec4@+=Bwyi&;owJuwLlbjdShg5;+O4T_}0k)y}`92QWpvNBjT?I z@zECDgp$1`i%jiQ`n)^wIW7iRWit@k58!~zi(B14%?Go&Zq%?KE zy`}0bud-2nlSn61iaa%X?9~tf&2q|sIzl}3eV1pfw8mBwDL3R9VY#M<^+q+|fvSm; z%1t+=t$EE;)?067A6zmb4iIV5;pjfxBv0AJo6azMrxPzaU4=`IO~w5EtOXr?LPBpanq3!6+Zjgaj08 zvjyI^4eu09a6K+8Y(vBjxZS@HC7*`Qq69SHP>_!2%F{hGG+eDKug7_o2k@@1FPBhM`zWD;z=pyZL@r z{3F_5rD@6FpFsALjMBRFkFwFTz}JFD2GA_tAq5SWkPOU|NFd`&kN*67*!MzZ7XG{q z*-lrIgT-Fz&QWvtxD#t0RrZ^uxsu*D1`fvmO?i4i@wZrK3?Q|tEi`_zJMf*%I)98f0JhAAnQZd4=#{i>0;=KR;%?u?X#HS0IT((4o;&teOx(#JCu88;TO zK&MNf{!-$vM8yzuNZnlX4OV{@kK~ze!_vIF!Kkv0z3AL@yWjaMrEZ=24V@BMDCsU>5;~LF!&B4Iow|B{WGvOc z;Dk7oUIHDwTJ*&F@Uq~w7K*B>ONm5R7`!adhSE}o%7?<@C5SC^6l!I0DF;Iq>`Va6 zWUH+Y$bNLxY~pR$`!xLTekyC6WP++qp@ZQkhRVOS6u)CD*uCci;o`ip7>XQF6Un9M zD%5ruy*!6=c9HVA4Uw~$MYR!SA6o!#i=7jTMpp;+TFhC<(M5lm<8zb1?o8_M(j^dn z7@_Z{DAxB@xF||`5dre|Bes_H#Rfk#^y+}sR-2B{;zfKG9^^cNhWY`yVqO&kJp5Eu zWWp|&nOviz6)s=6B9lN>vvQvHshXse#LzZlCi+3)m^DqD=T_tpUcqc}S2R-Cg}6`) z2$T>o6F30}w`r-s)F# z`wjrcvw+a}TGH(P)2PeNvVJjyYXnL-KY8v8-%Q;pZ$S*(p;8PPNS3Aa1C{pV^tP=G zzR_T0Q3Ks^MSITkiycr(yERLm|1)i~O2Bv#0<^`-8MpADxZ!-hv)=}*$!_gR0)!Jz z=-qUw)AWQk=lay5BKYLTyoJL%uv=-+wL9CuXvEeX|JJAjR~8*YB86j`1#5_-~=DOQuegcYH|B=dS?Zh0`PHL$mIXF{hl zV+KtK^zItGxT+MzjY!Eb6YY)FT1`WYM&%!`s}=xm&fb_&t=Tv~GaS&rTgYT^&hO)l z*f?i47q17snI-+VWWt={;{((%P4)PV-kTwnmeH0C z`cVjyPF3mCrVM=e=|t`TZ^goxO8TF!>K=2Oy)nXU*&pur*8ezy09(kxcZP)7=(kg~ z$T;e}6o=S~)y<(@qHuS{bTFXQ9$_7{^yvb(oYg-TL!%+;Vz4uh&XSyNj-Y#|R@d2; z;hPFRYkeI|+n;00go+8tH%7>9CvbUDvX++atj*ODmI?|9si`&rzBV?S!M(MoGa5J9 zQ0G^}%?=Xs%QQfE<@E1?>(}CprQ=T1$VC4dWIMYnsW7!w*Ym9!&!JabU<=@(-2G%* zZHLiETsip>y2rs@hmA*9;g41jh-?h(DL1!(&w`xyi_fFi*JQ4IO`Lgm!OE~$l}k!e zYJdnp<%AqR+p4^g$~1wV%w;thEQOowPrwL9MPr21Dm{!A{po0cX5!Y@khy9Tps^Ql zTyKagn$i(PogVF%{}K~Vo8Hi-0CuSH(r%6_%Af2@e%i4r0`wIc95MJH?6yB&q$?#6 zufb!PEMs^OOs{IRS%|j0vX_q2Yu$F3c1Ad^`O6b4SR^)=Lct1dIIV0^+g(S6lidZm z+wGOacqck;#eEc_N#B3RctgV;wGe-G0BTuEEq~);p_5vi>or)!;COjH1X_6jf{yT4 z>N26Q@2w+lNEk4b={kTv4iX#yZ~pX@=rUA@eGGC#K_gXa1c(^3u@;D=GRojbT8kx6 zm4e%6(8Rr~Ojn%e?yZIYfIQ*P)C*?uvAl`qc%7+V)Yi%Dn-6YuhUFPXDxB?2DQit^ zy8KpGkaR7JxQ55zz89|=&*s$h*b0j+aJ74y)aF-fp}oFU?-qSFq_wp#J1ti~#UIZ? zao^y?^KC86jZgo6sH@adNhb;SqB8)RS#$Hh=lNQXm>hMfauy?;jixo(`{>;@URMgj zW)1@w?~kcvgfz7AG@$KtiZ~|D%yl+84$9(PZr>8xu&}gO-$Jm@AuHvcLQIq zJiWex-)GHbd1j!#buhnEF1r>p2C4N`)F|EVzGl_B3mo8_jrGBN3}Xfw;{{Ei(qdhy0yVe5w%l z(m0NOZLq)d&mp@?dAkugtrAs@?y7Y4Si=9!`o$b#({!OQI9W|gfq0eQ6rrVj7HQ*G zcF??@g&57|bwj^M9O;-B_6>zuK zM#vd9-^aJ_Cv6^)q+dcz@VH!qD5S4JKR^fw2zO`W$t)$kF=VJsPS~jUyB|!PjzvR4 zVxI1Q(f-=-IFQfix3zSV-d z>i4-)7Y)U{vuP0wqEn^Yu}E$=)|-iJcYOR^5n>k;=IhrN_OsS`$dcpkF4psd@u}Nc z?Mf5NcgAXfOVjM`f`~N?nG0X7CiC3jZN{P{2nj{>dZIO+D^+&8B)-j~ILIVm}64T{<-U8#f(Q0yRABN6iRJ2Wc3+3o#qe}8`= zGQk_$ojdGXD<&D41lQXgbS%@wI;^3T#mosSuV9HJ&~GA|lQ7HEvk3w!F^VN++H3`% z#icq+h`&rLjWp%}3^P%XuHTRYYIVI4_{KzNS>O&oxkQZvNN$vL0_^c6fCtdEVkG%X zt}*}jpXN?Z2wuj?kx6Rh?yd$djlJWMOdid)gRzo3c~Do^hY6lfk#e$`rppU1>)#?O z6G=DOHfxOKL@i1Uwg-^C9A1fVZr}fh3-Hp%V)3V1wNY2NW2>JK5J6d*inPon8Q(W~ ztka=hii~gwGst7>T32`_#wJIqw1h!gvg$aNAD{qr&S*NsnBUAFm( zC+qIzRv^v+_i?dj82JG`&3aJRrZtW#!LW9_WP9ZXZBdEytHOTps*UScNi*snj;7`< zC#TI`j++@-5PC0^apFHEhGs(FqA!HZxyN!XRDMFpZ)qQW{j=!MNSmF)Tawe{8I6r0 z^G59^k;gVdor;;doF?Y45EWrXQPDK=ldo>EM^$4h*dTJ z4?l>3NXp%iXSSwr%;-RuN0nG*62Mw=Vwo}61<_(C^4`cO>RDtsagI`C!xg`$t2gV z3(4w0Ue*%|i(B%sIq+vc@8Uel?U8#fmy4!D!F?j!;iPu@V4nCRHy5`C(puW3poQF~ zJTAY}ukV(;A&x}qocfIjTCN`~w_B6Ja_g0~nY@#;n;2rA!!X)ix~kUXFwh(jA(lPl zX~=8c>&>wYn?GpZv{|&gngosdDWjW=uOUQMDmPut9&MQ+dHr_EIi7or)7{R{Fw?Z% zmAoT;KJLkt>lxC=Z|8V6dv#7{%q~b9EG7Ax>v+0?8@4l)zz~bB6A29v%!FFR4tGtsb-45_+8XY$hhTT;_s12|t$AW|FA=hub<1$I`Kp6Z#Kj=DO$m zc_MjISdjJZYTTY48&d_5{rx#z0rSE_1Na1GKu&K97OK_#qUEHIPxpJc#nICpnzqmK zi`Ag)vR;ptUV({qv0s!U@Xb)DGed(*h>fv;q9I^94%1q$}%{7Od%-4A1L|; zGPdn?*cUcxSRD3jJ+KZIxp}fO$KI)4&aPVgL%p=L_S5tXwQ4l0?ap)C>quR#0fb!y zp%Sy%_rnQ6Fht&q)2eiLr-Aq^B`tSr!~LO!+~E1wN@t|4ldb9Iq6`m>W<*bfVyJ!f z#gu>YS z5_n-CXp?ICKq)_)!+-Q9{K{w;5j~YHVYB=XQ%Sf6~@% z;Y+`rS#A7UpPH2gXBB7KzS^;zP+A&FmXSpK%JD`p6xC`%3cMthvSWrRKbHUT-PL;< ztxndWbLvassK;nSeJ@9T8iCjPk8lWGT?5O(rP_r>r*tI7=Sy}XV7^Bm?Nfz zw8VatKLhIwyN~BB?(l3$Pl_RYTn(65#P}*RhZ@eV=dYnDrfl% zY2%)pp}<==$>mS5HZiylarWH3?@9fCdbTJd5}3QynQe3?u+3RKM?Upr;n$~f8tsW3 zPGSYHm1=B2Xp;kLEmZrPT}K^7nn^-aCO4@4!7Xg(k+PetKS|C9IKJdOVm9y#OWiTs zuYV7m4&ee2-J!%`NIjAsoV*Cgt>&lB$yH{&XFnESgv@xxZ>csD7fG9P=0*nT2cgtl zZJkcEC2uvaxw8Oho%pJLtFMo4GIK_KFq%K3BPeXhC0CQz_uJW;3ox+Jy^vFz2}6k7 zt<`qcX&7yBV8=?ce)XgyuYQFyKe^L7Rqpg557wzlBZh!I4?S8=ayv~`FFLk#+XO{V zc!9PDeMEA(lIH!}vhe;HVBPfsIW@@dq61BC4Xkt(MRj#(UTfNs5u-e1Ee3Axg;;Nu z4M*GS^|;-GLv~rn|B;`d);b zcP4?zKF|oNN(eETU=4L^8yipEgfCxmTyOL|pUw}xJf;h`><`^`hFy_(mE(&_j#a$V zV^^_Ypj4^2OrqVL>cO#Qg@Ttf`TDrJDHyV#xHxBWNJYhjNOXdVy8zjKwmyPx56)xF zC(B8%FRnIj&7u_GR}7+xEN^>Zx9@zDR!FI@-bAWE?sM<<&g&Pdn$)PNwKbdhg8T~9 z#r9y7<IT~Is|3TuIpMlM6&VUuxyD-IMPBO;QGh&5YO;D0XpK0~{n$M`4s`r8zvi?3QXIL143v zeWE>knkuk{MY*9BN=+-{aIGZ+cs-628Ch8VbnroHPvv8()qVyNMXBU|=KieaE6?t# z)9Y$_`*D^p*H?UYS?W)^6|t;A^5J18(~2WlCw?0sr#Q4YHXEc@Bm!6oNe)*6w8otl zQ?iB)Km`ZP~*8%Kz5>C%PQz=SOmfEjLAA0?Y;588{EJg)r`YEY|#Us6= zZ(7VMZ&TXq<}GZ|uZ&nIVTiYBS2of)H0hD4_~g>%%AIE+#!{*(Mxzy1C@KrF=6s$j zWnCcaF3oS@Q^}i~G}e^4*g5whQr`HFlk#&5nhe(B%#25>B2Nl46ZM=+WBXvxBn7X0 zqGn=z4$eCxU3N;n#&rnhg8PMuzFc<>Vrk`)hxX9sH~JP8)YW41k(CCdM2D!%3-7|3 zQ6Ye^D4B_hmY!Zv`nv2I3?#SeHbN$G%sYu2swwKk&R>8UWub8V{?mCm_5BJzJoL}p z)|r{d>r(~2gs}Ba6+b)Dn_DClTvt{kPfoVY3ll)zSAhbhFt3cNDsj}8l45KTk(_OR z@kIIahwj<9xKvHUPg&Q8o77s=!NFhxj6`#OZ#;avZm+fVDHM^(>*?uz%>u1~xO2)U z$0w)V#55`_LQO)%CPS(57|I?dmfGC0u?u=T=gKmNcA*BkVhI&aV2lvu};tCD-O z)8kCko=8OVVsyAVdpiDim-iY1LG*q+7y zQDk+Wr(v1G2#=LLM*ITUjcV)^V~xLtmeUIBUPBC}p4k%&g9|DWVl{-azHlH8wvjF; zds#~_k8SSRT8ADlQo6nAZhHETK`s$@GD^DXZ1AP+k@Buw9{k{9ws?xFhmDQ7nKFX` z=bu4Jz{rcv)__vhee4P(rN(AuRKeF!-s}|TFO0BJt=f6+e<);S|Eu3;iGNuXmp%XX zsp$Kny6pCI0Elw1<)t>s294QW|DXeSztWb3^rr)3jL(eg3F`)0U*s`KDh+n}uK;k> zdI9GWQgU~VdS*8RhsfB{CdNlmrV~V%oID6^dB^i4tsLBmsRVyjN@TgIV4?|4tFN-` zQ`0Z<)mPo{Gyqtn|DI8Qw1*f4Haz85!8i^e7h;U!nUR(^{lM>Rx(HXQPMv{-y|7yP za_kJjH83;An9t`}I7)8HenMWTe~UZaxC>#n5L;m;#hf;1M*72cK3YgjiQBCPGhQLT zrov#xjkJuVdDr%!79Kt2dC2r;CUo>>*NN4J6lSqB@kDk-p;d8SP*wifqH(SwZ1T_u zSzv18Ipap`RZlG;6llV3i*9-x?lv_hS>nO(_8 zcn3ru=;y#FHHn(;(wpCf7H7hwn1SJp!#j~K5!6wBgWQGX<-!YeB_#_Rn{7H3iRm}@ z_o}Y04%>#au~a34uPcpA9_JeZ-d^*?IB|peMvROa`$`iP6J9ikFo*#M=67L)TmuO_ zJnL7+JfxGkGtl@1loPPD*wLDnh~iM~^9?$RgRwhA)f7AIY}Oka6exf6bJLu+6}q$m zkls=gr}T_sA5*9bNbAs1(v%I5P}9kXOs3~YF>#B!IjCOZVfC2TF1E=kvUha3`?pw7eCr>H@ z0pXE_cFf>pX=k(78A@JbvZ|6%hpx!xIKGH7uX+lI*A!*4)Fi~?;A(l?8^29SF8$ea zM5l`n)?~qmQ+vGiF=GFY5tVzM6&UHT2%c3-SZSS>u8O#0C&t2U$oQTc!iOsq;-DBxw% z6Gw|=5=P9xOfn)Q`l2CJcs_By3rwkq!+60asnuQ-xhTmnrxF*@8J3-Y#~8R~I+ezC z|ER-24lk>pLrIII|HXXRe2h=Y_*xyAjqB}(^V(&?MB$fAJ$iyPt$XIVEB!4ia{tVM z-`hl?A%m%GmmLWV9?uWX*m-A8!nj0Y#?sPYNrmA-1mh3LfpEMTV~f!m&DpY-%RTnn zQfoOmFx+hy8WNkOoNnAz+ZPm%CDqY8mqo=tyE5j?M6+;Iv#cSYKal4;i;LUx z)_Qu51Y>-8yxH#V4fwS)G5tpm16Ctv0*ZXKzgW~#f9UTZl0Xi`Wfr&D`hL5hC^nq( zxUkeO+^+og*9o6*Ddx-svOgUt*!`B3Z|V;ZvZHF zvWDuaxR`kquC}v6=XeEp`}rCgrB5_W%`?de1nyj#=PTMG_tJ0k4i5cgipniAqsA-w zS#tQH`~Voo_xKUfghA0amuT2UP{b#Lu#WF>i%@{%(9+7-^RCYnRPG1zFGNbgyDixo z*ua~+iyHRE&k7pW$}tal1!B!kQWj*|F-k;Rz2u@yHEs3<#aUQdhUxm-8k0GV{%K@! z-IQs3PNQ2>F^9j3AlffCTDVs358_r(CZ?T(L>bbI_Pg@PmqN>wNhxHYL3hoSMO2Jr zHs2@zrV*@HyHfJ(7O(9QsI^1$o^;e0WmRildzd{WshQTA9G0|9tE`Dg)jGQ8h51gh z2GojtWJ2&JQLq>0|CVQmTJCS+gXJpve)<3^YSCx{ij>OO+1UdE0#w<5DQRe@)6&Z- zeyJdGf2{rbAw4!PdZwfV10G8HrA1L#IElR@g-1)zu#ejFB2F|!R19zIsS@7hZ0)Wdq6Tr)nMRXg*7xJ%v0N0fkg8rbR=u`NzlPCywb>f8A3Ah94)uu`h>#P4y*HjS^r ztSSKR*hEsT{@Z}p5TS6YHu9;DWy*Eued2pYdwati^b80!2*TXHQ|eNfsa}0wqYr^z1{yvw4LO?Yyt<{3bma z`07P0kLap&5Kl?!@G*oAM{pgr;DUK5s{q&)6zaQH_Fcd4ie&6GOTG;hz0smtL6c#$ zRGu#ncQ_LH=n&#)h=HxPj(ONiEdihS?$wX-SNSU9dzyQaraf;+_6HDyif}N5a}FhI zLZu=+zFW-M@C*Y@PZ~v5bD9>bd|g8hQ9g;ukxxR$>Wh5PR8%ctrlBdz_Tzl3GS^4s zy0c?aYv%lR3}|tG>qyy!mANW*!J1sS@+hL)BdMtg0&7MEVd=8Iy7Gd+-ZSCh&-ZAJQ<^kX2ZtE=CG3SYt}4^qj` zj~7({U^r7y1mpt(HAf^2WNsS5w*BuTnmLDe)B3QBymfRcotr072=$=ezO83=e=u)% zBFf=$u52Hb(l&6}9g$2;Rov|D!8IiLymhpa(&E-&ILw-rSy@stnwK4a&`D1Z9~^A= z@*<_VD9A~)bsR_%hI?FJp^R5cD)^`pJi_bBVQb-j4As<2Vvbq2llHn~`ovNY;yFSO zNb215Fs*Et&8K-fZMp{WETl*vHCC-5J(h77yeuwdg)#a1kbhRq%PL_V+N5mO9)&6Q zjO_cRAkw*J1OpY)iBD5h?;2} zA!4w(tz!F^LVu{YqgjcHXqd;$hyLG=!^g^(E7+ts4z**(vc)A#MGahs8(1rgl33I$ zAa^ML(KuBtg=mxRwD^|b${3z$4_UBd*5CEAD7LriaKFnHChx@Ub||L5`OK9QS)nk4 zi-1k3?aI6U0eZ5g#@^74prAOk|1XKjxZo{LL z)0NUdY@}Ay5?m$j6{Z!p$uBLui@N8ZFwtalGSo~DAMw2@Q`lH6>}qQ-vrLIx3qZ8;Fn9Zfl$ZZD|^ zecz;|(FIe`LR5+rorjZlZ}jJtdzgk3CYSp6lZAAp$*)XjAELt`&OiHoTMWT^?&>e!MmISH$(>AIHQ`VR{wDyPK=hz%iOkcPhx)JaD+6~ z7#f1pnjP1xGAI57B^1`!W};9TgAvuI`*f$9G*glSvDA!%ijP06jgJ*FPeRi8@@!6{ zb)sj$-Y))q4-?-lX_&iXm%$iU%k!AQAXI6XmBZfVdG%HF>DkhR5hfTiZg8o!#eVvn z0|X=re?tV&(s*EQ$&9ut6a1}Of*n@Ek?#Xz!U_nj zWNRXfM}AE{)e$L|qtp;Cl!~d7yT6kJ!{}m_U;yv-o)HWNA|R3~C*&V47N7HfW)c$d zP@FLfx;^=zekl+3W3P$>?q@2viapH zPTZSH%Y%hD^KK$%W!ivx--SIZ~sOVL(_ z#u**R)@QyeWk54}DTJZ5mhJ;nUZt&39oV6b;W5nCWl(8q>@Wymq2)vX(;v4a3oi^Z z`86qVf$VJrzqj0Dfxf8NkfD#(CPi1~nyfJzdHl)3Fy@>QI)zXxBZa4$a&gj?#=;W| z{!7$>FX{Io7v>mxp=rWo+%x2vY=dR*@yWp3t32vBxVQ&qzi-!Qy@?_%*~Y9?5q*A( zRf~1sFimO!@Fu?t^ilgHS*wN>Y{4VTEx`cq^C4Bf1w~^4G-IJr-Flf(;|3-sFHe^u zPnRhRs(EV`OLiSQ(zu^V1!Wd%?O}j?$CIH%uBL{0DOwZrjhAflOV_falFwBTl-pA> z!tEbE-6tsB?0^+wpX`sN7=)`z^-PY~3o{QAk-bbE)*=QvIPGCrHrT+r=5HVXegn?> z$aItW(5eS0`YW)4!E27&@z3dqSM{Uud{Nj9=;<7>I6uEPgb|$RExdCGn2c$xbPk)n zjFgl+(?ukMajwjf2Gf*^PWSiA%}(dVbu6c8p4l3Wb6-`bCMNjay*VHF$n>`Rvg+%S zh>WTfvw+yWjt@hiNDWf?7b2qY4{tZxK2T1is;P%62I z9>n9IhaP7QL~(R_zRtB_eqTlpl888YPCO)7>IyxjY*?gFyDvXnZP$_U)1nH<^)c=I zGIfb3Bt#}8+=+Yl2Ab=XgBlh#$hXT@bC_1 zA0?2?&2`J-6Ru@L9`m-sZZ|TVx0#bcI@8@LIu_PQ0veb5gG74&OREteXg;Z+|K%LX z3vz7cyo0n!1DwWD{`nxdLVP5KqgCI)OOp}RGyB5HY~{;aC}ETxzQV^cAJ=eEIr;Ip z;4sg;9b@Fx=x@Rg=I`H}YXyPu*W0)8pmsC|>SHRA=c}6I$sZV$SjKtl{aOo&-25sg zO2|h0N5hLPj^4H=hZfM6>bh{yh?8?fDg}2^uMTv>*ahiFsNIy_yFGY&H0rmG9@jXc z&*4@6mjR2ua<@p{0fg7vy7oVY9pBNUmXIOTCVwrrLkG(uQRvaD=;`UXxi$a2HlDkv z=>9+ql~A}_Mxd$w)1}nk{NH3Q>~@sFNb{hM4A0A+VMjUWIsyNkRM5vs!Hsi)&S^g@ z6Bd4P1|!HVB857-0FfxH5*CQ@SnYVayxppXXjxQgBiI4Bqa>9^U+LtsvUpZfmUrzB z*FOBE-Ax!tuUS-*58k$7rGQ75b+!r=jxj76TK zD)jw0wMVM6m6y9mJ2yuj{FE>#ZH_f}OB(mhDi&KcNPMW>ViK(;3iMvbiwvJW=_6pZ z!bmsNYH2e4hYQdEoy44zms60$v0(k)cs0R&(@fdIlVq( zdSL+RcFT>z2v{y@Y*Dsryxf8O!^!)q%yZcZDpI^>x2t6+_)aXGOXD4UHqS1-H^(ab z`&=g7BH-u=tmgahQ%Ud?Rn1WC=CzQS|L#D0UfOirHUXy8Tl5q1TuseMPT%c5&AJ;YtzHQQ*qHL8c#a*sPsLUv$ z8?j$%HRyda)2THONFUSeKB+nyk0ns)C3$U?x#%HctAEq9K zBfK|v3LT?nz9(Vt3##~1rw{mX=8EdBmE$--Vq)hWCzjKbkVrA)XRR$j`9D^}{+XpG zA6iYw5mUgyx-;`!F?_U@)L^)FzkAjh56HSltvXZ{vk1B=DU+qlQ;NUmH!y2VlqUjd zf6Yhn@8J-Hndj3)@Fqioq_)3W8e-L%jL1Fj&C zXU<$HM>zOk7`?8*RgJcl*&adJ*FKPIIS)d|;Pk95M-=|c4dm7&I$NyKL68%D`E){A zT5=6xwPmGg_gmIJohz9QSUJ)iM0mVii)LZZcqzcWABgm6f2*O%+d(o=!e4EzQCVW-eem8U7Js5$hICi<|AEtklm6)&6j82uVw85l;Tmur{t~{PTx}9}&1)-(*`XoXHROsq*gAqvx z%@c5SdJ3VvPz|fw>jWwOKUp-5Ec_PUc6Qs|HU&zuzk+tzss0eGD%V>FmYol4=h&c? zG90h6GFba<5CMx+vvq0csFvw zNmFj-`?`~OkMF#{f$0gam#)uvO3oR|d2ZQXf6A37$cv`tHj`^%l~z0eUJ;bAyfPV> zyddTZCeAIAX?$c+w8iVAnzW8LRU?i}{$|r?Ii<6w$NS+ZfDi+gH1>Ju23%twdLG3e zG&&@^MkZ7cU=QSmV_0p_l4oNXbz}y>!bb=W09)PUY+p@Y@Q`yg_%;QizcvT{8B)a_ zZs=l1V2LIvS#n@s1rt-bA%C7SKEB<^nabb~tTG(+c)p$mi6`YiLG@=IEe>ZJ!IbN} z^AXvC()9H1yVY{qz6DT{M(cT(Ay=dr?v+_xEkG)#szUesx9FguRD!IGfl>Zu7#_*? z7nI>47vdxEsX>S5m;Uwhv-Ib;onYb-oXdjnSc*f2m0&MnBdojvR@^ezHY1UHmmnf4 znUr)eou@Z zO2c>w3Rb4)I*?BWxPk##YeozY7N*wpBM@Q0S@A21>aDs_gKc^p%y2 zz|vCjKpvy1fqpV|B;b{VS64a;Rx50Cvd-jfH=79sizGARCYH*htet3{^O2E-D~ds} zS5*~G${yKIqPD9SnSwR~lE;1VA9WG$QE0C5F;xdOLev$kc@zqB zAkJ73(M^2gNLx6@P7X;@dj}%NiMmbk*mO2Q;CDSO4|`%N&@xv1&=3|A1I%1;iYBUM z9!}5T>crmHTpj5ik{g_|YSPx`?Md3~C%?N1Q{w{Z+vgjb=kY+cEJ1`}B5~9{5KYFd zU13tD5&plC_h=0J>Xxliw+!&?cpY-VM66mPhkwHrR%qFWw)8HqV?)FLmffmxTVtb96sj1YsUHnzY>%a_kb z8eFxb4;xIM&~i>cny5Tsep_R+ap$V?Y~OPC)OG>&mj-e`&gvqTsFaB}sqrQ~wWhp) zjh{qK3Imh!3VeRoRd>~LcXzK9fPODQ&I(fNd*Yv1A)x(jrqy#JBjc3aeT%ake7Yb) z#yv{vzfk5f?q7dV<|27NVd252XNeY!ljSH^7u6U?ab|`h_3uBaywJ!hLHfYgwD{k@ z6q=(C^Ve30RS;NPNx!48cVlj#BhXFQMoKuQV+6kaQABDa60rQ4HQY`Bk;3>$mr z@bCnmGGxE+82Q#qk`r!eEHVJJr(-t%Xxmp__x2Qx4J~x~s>M3-QL9j`;^Q#uPu{B> zot3jDM;a_B)c=Kw{u}G;{sN>cvp5*bj)g7+up7z@AI*_v>W__&jV09?>R}n%!{GL? z+pc36nXd%j8#`iFGXi?XC!Y)0om8hAk9x3scy>d0p?VrgTq~j6??ZRgX~>Yh`0KJk zr|gtU;`zzQC>3qh0;GuZ4;n}@gf;qx#b)v>=L7C+$jo0$$xzzYB$>%92S-<zW~br$FTbMFxyFZALBL*7H^LN`8TMG#6P@2MXT zdrD|(HfIu-h%3I~&5M#uxM&{^ONz~<)>>P%ltY5S0b&aE7Hfz0CzF`;6xr0&n(9^^ z2zj_~_Quh9A;?Ek#Ew_EDwSxgM^kgR+a4%xZp`NkE1>&ce_`bbvg|q z-?$2{gbT*KGrmA!SZ2RMhq5v^U!G4Qs;51#sh|V?Vr$aE8H3TRiz_lm5RSpy50s|O zrW)fff`r1BF>igd1fMfQwgSXV-ILAde~-DU+#XnjYLB*_HOyi?+OlzFnYjvEcfKGQ z(lg2(!A`e^8p@2%dkfmCxX5Duf1VVJ(k8?|#9XIC2qgXvSfvh&V>6N_>7) z-ezAz_EPaZF6;f0pE?fW%89FDS*~;4*@c0y@$9BfwHR9%rX{T6fy^`4rO*J#9;lA` zl{-!*puWqVN~!rAf+~=bIIw-_kA{ZE;BvKxL8++Bj@n7@@zCEUjPfqZS(BJ;#31c- zW_V{ejbrAqpu=|=Eai(8L@n~U4+_%aczMyG1M*g(=(piey}r8kbRp);3k%8bO*an# ztMcRDBp6(%!$XBfaaxeE)YtLsOyQX$vQzWpS*H>S8#d=Uj+=-YqQ5htBNyof| zP%Nl)wUmCSrz8e&HDxLZDh$IcsW47>oQSiaAEwi{C&-bQ`ie&AaN*D8YQo^+BF4Wc z?m?v2p4Z_G52<=tSoR@aV3jJby&x)1p{7`H=V7$iJzVXhy?bZ9-s!)#rY+X@t=Wv2 znE3CD`1o$?ozP-^7aQ<3cA#|(f)P-Z_yulg0tgUA!n^{|e#uQW^hLPVH!VU@ctJ!v zMl&!JQ8Q|rEwsBk2dc(H`6;spU`>>2H06pX&^upjrEoZ^vSVf%e{=?`_2v&0)P5F0 zADG06Ka00AZBIcB@e#{`{4%BGE`4}lqKiAvH}q|I_KDNro;Lz$FR;_S5*Vy4z;jQ;g&tVoGQOKZaHF^DmR^KCam@D`twY+nS? z=)eFjz247|kdPeRkDAQ$^Yh?~j@H&VoKEFAy3W=uZ@{~NKHPzMCmaX?Y5j-#DcAzsP zY8d#~UJkRYCbQcQOn9S8{MAl{`eglGR=z>^{psgde((JDb87q(^Zw00GB3Y(;2DTG z&XAu|Ase8{-fjqHkN7c9PW(?u7sKyStA(%^Ax8}F~$MT;8Aqrl&zx@pG z(tmj`AlI?kxor=|2H<_dlZAN5=H%jv0}<{0edB#zO(P93UO4|&RbdCvQ1I}yfnD-= zf3L!hn%SRWlvrzrNE3dil1<5RzNMa}x3CWVRsny*>@I}MDF5iutf0q{?YyTx*Y;BgE)U*Nu!&5j%qCM{?|y6c1E(F57*R5*R5M-v3+VTw%IfM%2@Hk{ z)y9);o}S<-j8vadK(kIz9Q|W`slisMR2{q};84dUqocDvS!w`{f?GhSN>h?jsWh3x z(c;I)eP|I*SFl=kJcr}SN{cHM!Q1hzzXKF(+rNJf{`!ml=KyRmQ32ooy!kfM<8u@- zc*PXn5Am$lnJq1UKOejS_=bkNpbtQ;#qt6;G-&c7KMC*b?jpQ_6oUo7h?|=msbun8 zi>o7e$jF8+F&P`a-t&$J0UX9)%vY|S+hHG&6MOFPaO-o)&6sW6A9RUv9XB&Gl^|DLQJkALS|1V?f7Nt>Ba#Nal=3J*`Q_Ql zdnTPR`Zb~h@-w~_u0zvc1bicWJb~okUu*7_Go)?wscmxrR7@GnGKjiJT;fYFDX^ zE;qxyV&9s7fgb$rw04GP)YkE~D9^W4HHXJdF7eZJ@ay2)VTRt zD{}crIi9T}*IP`P0$lEQxptyji^yKTM$hcbj0oud8QcPLV1=KrJAdd$e{|ILw%N-b zuZWSzwTaRE!kM8yFE`W1tTu`4!Bu3011o_#(I1HG9r03%&3piyO4wKoc1?3%_x7@* zCkj^cYMf8KH%1+-wpAIcVXP~3Jv})+=kelH%{BG(WPs>85YNcJMP_t zCau{|cjvCaWY^%+h~2y$)8(W2Q>5RFhti%7t9^C)VC-*zZlrNE2TBYV?Jywj9OPV# zSY$%Nzv=$cG8a8v>!&`@9ey;6 zAgIoKttho<;ch-y_b^o9*STT^B+*Mouqs%srM)kh7@LS``Y^R}HBw$& z{V6UOc_o@HSh=W|tujgFxsrx#qqTF{yJf@NkTvGGF5u|q6;fnEgcHd;Hs=!%!WW}8 z2{_GHjk@m)BR)E=_H5MkvO^e@DaA}b6UcMRTCmFg`jumiO5fQS(i9M_fo5mdJ>Q8o zenH$YvY2q$ff`gJH9uS}+IFh_a_?%h;I(pGyozj_pOXd&qMk-mgK=x#uhd4+6Nz8uG&r_R6}rsB~EQ9UIiXB?oSW|#dZ=@Sw0I7f&lwa+yT3b zN()bKMKi+Ub5V~gbqu(fSSDbz4G{foUK}>bVm^pXNFFREcicwtY+V7{T^wME{=*uq zg^q%RgoKRTYPIh3cgg<7U@-JuL_|bV^5*KQ+U{%j;Lg+ir5qT`a5`U%q;OCXAdFWx zcT)8x5kf@tQ#8S4Pfp)h_Ndp>5KT|##!#}D4R1!Yxv5`%O7lozcT%W~KyZ{-O7bKm z|GcR)^@U=y*qVrBF3dqDc z!-XvzzrxjQrvY#q^EzkPK)ik&6T@tgjX|q#!s`GDnhshO(70*--U>T9qK<0XFOeeS?DYLiG9E5PCIY3WK8z7 zX6~`YQqhTDu65|_7`@%5_~vuH$fJ_PH(pXv(%Jr0O&^<5J|t$6vN{E-zOLumA&0;p znm}F77KskI!RpFRPd?0>t8eS8S4x+@?nti;8B+uQ2C<)9{|#c};)2pA=W!9yY401W z9l)t7f{F%A_X%Ho6K0zUoz+g?MXs}C;ecoW0dSz0N1b*|YOYZh3y}fZ;*LYfk~VpD z>ivv3U;(BV1O^Ms_{F3^($}EK2*QdZ6z#{M48gnSwoxqqFo&V9Q!lht^HcrQzzX)Z z6O&}cy46eF%Qrxs*`8B0)_%?YtqKqh!sB;Bf2~Tu1f*Ivl24ELGk3}09QGzp+7CyK zm7wEAzB7&aw+Mlj{Q-{ezLoll!zPqArTyYt7to7&9RH7kAv-cG2YY zMnll9vGLBEo<>c#C*wCLflzIq0aZX`HYE#smu| zFA0;@+AHhpIKOQhv}kDhWxo}SXV*TMplnh8UjFI$6HtVp>RyQ3zMe$F&jIJFg#}VI zAz9tT7J9=5?aJD;u0ZWX*^Ap>?F2jU-{cWlb$WoyEd@eAXZ#1SqWw0xD+AWdG~-~O zKa@6@OuEuiLIxBfOTEEP{;A3}BpatS$=>2DHT61j@^fR7vPJoXGrmnzL1%|!&NE(b zlY$2QFghX{+8UlYO0=J0JKB7+_ZjT=uuDPd1Bg&KNBUe#PB*!k`9KuY0OK4tAw!~< z3N?F=EH&6*&XhT|2uuJ7lOTiN3Co|D9}xGBJE3f>sbmHf2iTL7wL<5A#H4pH55F}< zYvdLu^!Ks*g*m(_H*&ZH^Blj5B1y?Fbun&;6}Lkh!1<>4z?W=}{GR~zr{Q14O#JwA zPe<7$M6}7CwN{=7^N90)pgvnWlbvFQL(fVwhN~@w=VvM{wfi;@$Yw+`8A~}3#51DJ z2Q#O!$Nf9D3B#YwsFNm)j28f)1X9qD=Q6Q{X%m#$5{4%Sb<`H+Hnqp5B$q&pnak+Z zbWU8@wWiiseshS#M47bMOsI_*fLaqhRjvAlHpuPdQI!(I`VC~mFi~fL6D^?pZ zX43D7+LyJVQa6b%>`$Dd=F0i}H5UYe7+kJ6h@w(Zyown!y@@Ke*gubmOXdD^|U?d0U7tfB($&o)T5j*ga^Kq_s?AL(uZ`)rsF9T-RS8(bs9r^g~_*U3G@owa@UxV|HEEqz@9oD>>)B6si zWx0Hti{}U_f%{IlT~87>KzdtqeapN|>}WnchTrK%DOxz@D^$~p0sd8*NhuXqa0Rsg zfP8?#ST0|dL=`AGdNbtRC4rUf-D0jGw4B!Rv7~v@JK<0vr)}6BmOqw64qY_D-irXQ z{a-A9S}N_qmvgaGqL_z8naZ>gbcaXs^E27e9~sDCP0RYMv%6b`Q;(q?A$QOEuH@r{ zFOGV6;X6{thDucY83~YV;)U{R1cTWUQ*nxy@0}FArhqEv6ESoXga+&WHfCZ;>AoPHm9fyj; ztx8YX@FQ?rI|EJsydUMSO0eKi3(=l~E`lBON1x!Y4@ltNGyw6_G)v2h!s48@{R0fa}5LomC>5ddHeM){dd; zLZ5`w^uNgiC(H6~Wp`k0%DiD;juDLb#(=c_Rk>#CnAv#3jb*H0h&Ojij_`r7nw$~u$na_^O?A;KnF z41CRx`y|QSqA*dMC~94S>YnYqR`b!W!*MiS>W^%l`}0ce4GlSV8t?k$O3*L`(rVW`TP=wwweB;-atPw>aQt zEEs=|k4pfY82eXq_%dLvUQNzHO(0mvqp+@h0JjpH#*BV?@RNLkG#4uNFnbbBY|vCt z+;#l*-^k?Xhtlaa&XhZO%PO?Y5Pv3?L}cyHsv*m*viV!(>vZ_RRJqTdSWol11tX|$e zs_^KA9_kO;?S}t1jk~x;TtcLWP}WgJPrx(4Tp2KC>ph3J7SntYJ}8IcDGZ}6mzYFm$B5UvPGZo zw9iYWI3+Iqiq{-w3{M9FVd5tOkWR?mJk@q4&ho^tM|4+IPC51_(M`q(f_=&mZg-TZ z!d!P&U{)b0qvqW$E=$N4ylBW+BZwC3as6P99Y9!V=QM)L-*QC_W2c!E12Sa5fDcXxN!!8uLdcb)Z}eb(N;Hb1zgXL@?N zA1S%(uByYimE#T5x!tO~FsD3d;)_|TwC7G*w)uTOx~J;jUCHT`Qk0$0=x2ByI}J4l zWN@XFMXpWL0u%E7F#(jgT z$tp&2!j4fVI0jc@?^?<)H#W2(g<}akoSWcD({cSdq0ToJ{Np~k;`OtB&#^u$>wTUw zK0f~buKIW6kjO~RMCnwZl{mty*ETZZN|;z!*}1v2m?6J@k&5*Qry%optuDHvK>NSe z?df+z_;d6PEcYaXGi$xrFY(%6`v%!Uf@GEx8Iyy|3-qzw2s*%p-3!#3tSbeOFnl9H zYgYVNi@lMl==R9_|2zL#tkEgRcELw;*P&(p{V9*){< zAe3{cvlV9b7J8=+N~m~$d)n+NCbp?bXQ`3Dw!gPth+Ka@MVq2COtDm9qm$mmg(zDt zFCAg`;M*BxahHSj#-zglc#TZO1}c8g;sY)tEyLT9@2omixhtEnsPK4qB_$zod)7lj zM1)``LnWI6z$0ZlZxGCMfHu6c5)wdnRmjUnJTXG1%wG*;OKpw{V6^*~hx zF=Ne6_TH*%fP#k2OTOZsh!(&dF!G)si+)0NTCI6lwZrks=@BcE4ONfn#B=fG?^*M{mw-|+W>Kt2sg~acTcM;NfC;{@CPn?S_x%&JhvqBHB$^9(x6ZVq$hCMmnS68i{w~ zxQs_*I(7{WMvr6U7Y7l!Z!ag*a(H;yT03PmqmAkEt)%^zlX6&^p1zM5M$)dm$JuW7 zy&70R^jk_&{rq<#zYk>WZ^A&%^bxxtVb(csUtSq&f%Tw?`Hpee;t?Ti7lG+)s zyS$--=Akbpge$Pf@9IjH(>&;VCYj}HO_SatJ;j1U<1Gj1$F$VEQkdO*Jkf!;I+B{0QF=vslyV)~A)*mr42A`7%e(b>Z^f$dlS~V&L5>+| zq656Fw2ns^qRKG5Xbq}!2v(k`(OToklN@FS;+kjir8D>G1bgxg&LBU3r^}g#Tvam& z{Z^yAZPx|qtuUyRwQ+bQ>57C}xa48Wo?=V56;$sqq~`OTx}2p=P(U-Vn)v_TA>{^I zi>P_U-_L*5rIb%_5`r8Eb}>p{dtF@&-nUa=1i7hVZfTD{+UMT{P{C9`B)FVQ=9R$P z*u~VCzy~*xN!70{>7G}F4nB5JR1hm!&qnbxv^RxcgjLu|QkztzlhDw7D7!SLa=!*} zlsL5ZdQZuVN8PSEbB7-#s{vy=Iz$74n@PF;%u}W3CMw1mbvAz%e0yT12ujPfnum&R zjo9-m>a%5UMqmOsu)p~F+dQX0=D)7!@j$(-!13`>+*dnQ&T3B!f?G`wP7$9weT<$Z z=zz##ag*uQT^RLAu8SEx;iATQdpvi;Gi~1N!Ajfy+5Wv zqdVgZ#X{y3q{(rpnJn4t(wpvh)@Uiq`*;ni{m+zHNs&Ya&e2oJ4KS*3^o^A9_JK~( zmQR_b&&Xe4qCq27ud+D!pG(VUfu;_R(HnshR@i<=?mSRe@QaXmL+K=Ae z7OXtWdyA^@lelua6QLoh?K@BGjBI@(+XDRv;X66u8TJHE1*vEetRQF^?a8Ut1)#U?AfVHI~n{YU4EnXjeAi$80QC7w-os-V%? zm#It-1J2(e^KN8biePxD(wo8PUAo$GyRK(mR=z=Enxb8_&oWhJoGX8ZopT{t(o+3Z zp^El<83_*#5Y>4N4Ig`9f8?+{dJ11mxBp6NvssGs;9fFao*5FbT`gNfYD+*)Kk7{u ztWi0F9|8F&4&R>^RfBlokUSV0w-1KFhWZvDNwk-z%HZgT7JRN4tZw#gO6Hk$*&7=^ zdZOqXAckPUHZZpa-zW~Dr7kUmLf!P;cEo=XYo@Nvwfu~>7cg0FvVFHQ&AGVBf}C`_178 zE(e8}llg2bP#7GD?uO4nGlp}qc4|1tM3h=!S*`SIl-$+X^HY1g@lDf%%y6anElg&k zo&kZbiAuL}2e04`kuDL-sSvDBnL@J{Nu-Cj!}YcbS#v4{3ICp;os6a?$y{28NNx!p z5*R2&L5K>fMdVIzA%I>T>xrpzD5iU4fJ}bkT++clO;pT0dP23nR#HpXzFnaS5=spA zs*ShoHk;Y4)Bpb%|cwUy+vL|>(kv>#>KIcFQ2)f@$8l}Wz1X8 zjPjPjr7hF#}}7?YNZX|Ep--xPEJ%fGZe_;K-Q4+cc`DC_nB7*6a=+X4N**la7H}O81r36$f^A*K1uDmV9gPj*{1p_|u?k_`nn65z z47k1&>eAWQOmA|LAT-_yJe_qqx({gZx)oD637C1+F*2f=;?JjKc%3#oLc|G&5Eg#Q zq%|935$GPGJaZYKIS@t`8|lv{Fq-+eJoG|LzFXP(Xo7O*W_)EgO=#9YRe@eshIW2R2{bMGiR~dG9j{6E0P3GIrc*_Z!@t;V zW_6}0zDgEbDg*1tw_VsE0pi$>mPfvU7O{KN{io0ZwCSPVno6`{owd*l%|v?jQ<3XT zk}L=!mf(HqOkrMs2>d*OMutmlj~_QmkERj&r>ScD$?a)Q5-A_w^zqT`!uY}m+@p=< zt?~2fT0%I`Ksi$xx5&1U;3ob3TFwq5i#46r?uG(8ADqus8vbt2uNghJlD2a>&}Krj zV2=0Nz+r?OmG<0Nm4Ur~edTrDL$fD;EeJ^pz=#;e&v6$YvhQhcK=xC{_eDTi-0i!q z{Gl3E6Z_&|qqZMLj(>Y=ul?5Ho& zKI_}#cBg?qjA|ZfF!83f{25+C1d-b=kZ7S)DlGtjrt zZQF5!-f{#4Kx|vg(g_NNmXyhY+_vgk)zZvjz3Uu%B!)tDjUHW8p6B|L<2+1D+eP6R zv6(bGWYi3J{8Zl6ACWN;GNA~hVVt%{LrpDHP2D2r$f#7GZJ}vKrKHN^kIHBkEt=Nt z88-~e-5%4X2=9TDW_^_ek$JFxh0yWFuX3^ZM>1I{b ztI>X75o`8-+zY}aVR&7g%S$B~Z(1CMUFa@}P#gC6K$mNyd{@exI%Vb5uI=s_@Zzh{ z<9;!#;?swE2a2B41nPqDdz(#6p?CLm<0Qu3@1WW5Ce88Y5MfMLCd4?-1UpfxX6) zRY$_z?)J*uCd3s5bdPbP$Xqk2?w0MyaGR58Kb))F+?b*Y_sh^ifnP*F!yvG2ue1O6 z?0XoWh$CyS><+Es3LB5IxpwSa0@@LzrmA}MI;dZz($EK2^VA8w7a`tI+uqC zO(izyL)DX=&P>sE`L#@5DRC&(&87t%LGy56KtRCKrHZrjPd9~FqX&TS-PcbNS&)f_ zn_9&u{A#YcfoRavi!hL2wDOHha>yhm~QLol|myOnY ziYgH#uNR>iTW#h|tMg-l-~y(Wu<=32y(=P}_(P>!#2?uYkK1xXhw%A=++d3wv@7Xe zwx#boSDrEkjm=vp>5XRfnb!qdkPae$5&(&NRd9BeH+I zb4nf(o%j&Ns}B?(4q~=X0(9)sS4$?H{{P^Vi91$1U?B)=1-Yn9m^K%DtVgugkEu%+HM3r!o z=_*W!%EaTgW$z}60Pp_MWcm}%D<8OunUfwPtNThEkD>27mx8QU9hW57a86CS!!{e$ z&N(ZGS9l?0Wlxda{LGUV6}LqUIe5^blL;5lxNO>IfTP!EF%bY`(3I2Nbd@mvX^=V5 zA`!nLU({K3XdDsa1!t<{LeVlLa#GCgydCZ0;rULWPCE1I4a~@VaolTFOij`q;rUTz z93EuJ!XFo;#V(c38?=Rj+k6q)B&zQg{aESB`}nZ)PERK_ zJK+9j{dz>DMX9jiH-BUZKKuYQ4Mt~*IW2xAzMc2k=M$WCME`DRzt`TeD{A~ATarbE z^X;zZG~2BuM9BBq|ODRK3M4HHs93O5uhxqk@I|)E*dC-8v zKt|p7bnaX3x<$Ze^^nT`XZ6=0T)F7J7!h?QwVk>g5K6ey5)Zl>0-SH*4bxHQ_*d}O zz_Y`{+^{n}Jz$^VzCuW@4)yuAy3F;wRErhLsM_;uUo%jp>^gXDlW(%Nw`RT^~Ey)0b=z$HVWa5U!g|pU#YzQD59d!aJCPdZF@S zigYyJ`!9Hvm7M`_g~_HK>$8TUJFsNv&By!&d<9p`aERYElUH3N6rBX*x12QEC#^)5 zyox+A!pVnv4dNIcf=7o>8sNQ<*hJ1y+-F z1+-&>`-ZOgrA6PVSV&$@VSsW?fT{l=qIz|Dxah>H&`JWqESL^k%FfQt%q$ZdgCZ-h zQq#)Lu58Ho1*n8gl+IaSH}Gp4JUyyHl-o7eUF`_hCeuD$1LoaOAmJ|d+n%%uOqFC7>DEW8JN;N$s##N-43v`pu(F63ONkm7jn{ zi?{At6=8H_7zX=C>vZmu{+2GO>aDolq5^^81in`O!YTw%kRJvZ(+jLkzsVZ;`uyY3CkZVY2sNs07Q6+xd!Xr`TJX zV%O)~6{HBA@iGpSJ(@(~Ef{8;j{u0wm>Z(&%Az+A=|)u&bLW1FE#~Io{A02ro_*=& zTFwnrO*od)pi_O>HBG=_!aw_Eo=m>-^uY2zVZ4kg%M~qj2N|2P-(tKqx!oRWX~vsz zn_p-iFZG1nzj2Qyx9DZ5(cTL>=uO0H7~Z+pA|{|Y=S{jVtPV%*DaEX^f;g;)@d?)K zC^||vl>26+=06U9%5z#ce!z&AvikUJd$uSc@P}$6lcVI0!)4F0#S5GV<}JFqS}jW0 zAF!dgJI-y~9mp0EcrcoH?B^u`x#a*sMTV?cx9{B1cLVT|@;*>LhAlWrMYv-lURT$P z7Th@z-`YhcV&qQ?Aog#FRkWM~tt+NgpZN15WX1(~OH@SuY_oOTHz3o{zDK3NMDp|X z#b1v2p(R`gW4|N*{;ed*56v+p6v%I)T*lK-cMhb&7_~``qnh;$wPVmnC#IPAJ%I_v`iZj34$OaS_6R7Gv@E;=5G;DmZO9q0Zn_V3X-l@k0%`-{baxF!(#v zfUwOGH>>xM?9`9qsI{eR0yIp2xyX`}HVnU`tD`!l6`Am6ZJxqpN3gU+k4Z^$Da)35 zoSms!-?izL7vq--n_fSt1HAv@0vO{rk%aO(YjEbJd${^AnLEu}Sd1Tv00^o#B)(Ay zxuh>UMStmi^7Dto=XRCSDu_K6;j-2ARLJLEz8Y>`!Df5+0Ejb|r`;cPff!Qq7jbrx ziCp3FCf@J4cptg>U~@_VnzTH$w!^nz=ZX55TbwxFI_3VCK}U%5HGQb#w3Ekqdg1}e zq7ujNpi5!%IaY^9DAFE;k92y~jW|ep{h9q3XW6{6=I&zd5&K8pr-jyspLIbVvhjl? zdsPs}K6g-SGp-eZ?zh4wF2UwX-P+9t5ut0XuVmi7ZBo%c4Siemu3_HyqsrD8iz0x9EzV3;@#xZ7t&2=aiv6WfebebeRL36IyY{?(A*R(3$ahpf<0p{ z!O(sET!U{Y%$Dc#*;4qmaDo% zfk2@pPjv43g`8Z2R^EMoH6!~NuD^#eZ+7dG3zN^O&M_bA#Yn6osH4Z#N_`9!KU6?N z*EKt4#7OZ%#z}?6>yOE;4az(T@CSZ%?(5X8(gBc_m5&rjhlf7szZc;`I$o1HLL=AzMDE8?*8wPhGK4Do2`m)bT$0GW6Q z<2F8Qp>!e57=C4TYWvp|v4#p4suhEESHoNFH{^T2=vjp2!#u_GP!uyUa|xhr#|GBL z^MmvIg`HZOZqIQY`iB?Ca`>d+OFu`gK<0*Cy0^Cc?OlK{L`$K@BU<&kvFtk;n1}Ld zyW2dUJc%q=xIw^VDeg0X(KCelB_pR1sW;Z+aX#Z5o5rUwIM3u>`@6bZ0=f09_)x!* z-&L(53>4)c0{|I`89Vvb)NfS#jO*37OK`ir4cHph9=|qbjqvh4>ARmQscjm_DuZw9 z=bnhy)&pJMS4s4-L+!S3<;~yY-Ns$FfmXj5F~Fd9l&QMuWW}l(?L=pC)Lhq_m3jdX zSCrb$R!u4Za-po*fj%Rf+XE+?_pR42>)#V51+56V?_98v5G z45qtgqF@^&V2FE6EEI^Nc-htNW~8xL|0rGCAam&gk}3cfaw1nQy`<%79)MPH*vuz^ zMhu5Qnoug`XVM{{P-N3f##gP~#v!8s;{K( ziUvtWx_J$zXr#$J=zvVz*}A5gbOH z!>NM!zhV6}gIcjKL)3m}-6Y2}(Zz$)c~$7x*Xf<(u$hfC+kXTXM{UbPwnmqmeM&Y-Mdzxcg^N zNXalOKM=?30GCGixFTP3k!Pd_f>L_QtYUNBa9%Mo;miq)gTSTQ1o0OGjzl+;Lfu4y_Zirkx%b>!)j z$4m41HVnONCG&c<*SaD@RVQ_~0#bS1yY|j+jAtF{mY#(C#Yqr<{NQIBSw44qoMWl3 zu0H$hl}3ThlnLM8W~fPh(~>^b-rnA6eaAwpW>r0_Zb}ErvR-_b3JYtDi=WWueGZEJ zv{N}2FV%Ay3uQW?p($^0d-<`A9H#%d*lLIBhBE_`0=x7(ch2%{B-}^UweX!EOKuf` z)Hy{1mIqX(6VcdqmOs_8LD)7!RU-v0&ovL5+7pNHd{A^ryGrr~8r1?FPqWu^Eo|0? zjM`ioc`fZ)vr_+{KyZFnCoPlX)bVehXsdB3(r3&Z`E{cydLS zA>;3iKGgk_Ey6jg=>;SoYskRD%{hq|qt~%5?4s!+_RGK>WA>9SW*(n>SYtZHbyj8J zaz0QPYBM@o9fB`4v`cqY{)SF*%{#vZ45)M}rFdv_I+rrPt}u z=7|ko<-`8_bm5`^N*If}L2Ol;^+vwo1&;@c5wbFjnXICe?HQ_Z3?C1Vv%D#?6|n+X zKf@*XZh=a^tqK$91~l{4;ywC9tWlwHs?UUFAMz$P>|luH8+n&Xp4Z>^`LK@P8J(F}_5iyyf3+=KSe=D< z({eTQWEnV)A0_;cU{mEfocEWPab2*Qo%pDEl$9A$2vbWqDaLKBt<_6-v0AC}sg_IE2N+%*rP*vJWmTNC-oFF*-r&m|t+ zFP64&zYx3`l<5#H6M&p^uPasTx;`UvGa}O3$RmXeA$RKf61Hv4T+z$f=BGB`iG7WD z;dvvYw>ZxrqD{L`^A5j>%V*(1q&p-lU@UE0L+m85v3YC(YtZA)%p+I*q$) zYh!@_56EI|d1+~BfI7X>>?QIJUqviQLq}&B$eRN)kUKg$2$qu;rA#TiJYu}OJ-*kW z&(s!gFmo2!_xxICR7Su>NZL!$m#_0r{?gT}6>hXmg@@d8U#on#n$~54F5d$*($>OGRI@1bo)((CF!WK1Rglch`m_;-+r&}v^BF>Ld1fk;h7H66e zCk`=$dx^FymvYpp)i3ZNi*~t`ZxlI^IAv@0M5evL$!J^wjtxty>JMEKOWt+bCDFQ$ksTam&^t?C1Z(Lrh4h4Jb=f zsaXUllH$GIpX5NMqkGdb@OwBhKYy0ltOzhNGXD1ud`vF{19X}QH9wk}fm)dMcYM=~ zF5`)tejfeX{8_j)G+32)^nXE|x*#BSFDwp|_RO-=c069)^tCD`Rhvo4^@6$%JPN8ksrE0_d zY{n`$+y9ATRBrG^lw+dSICtN?x-7gz4LhMz zmANj%SHRRN;Ebe=UgAqDIlW9NFnpLVqdqxc`nbnSfAVZmvWGRn&_lTw;Fsb(WNm@ML z>2R(IKxBp5@eWvW86}GUSZzf#z8NU4f#BS^ol};`Xx%Dw*Q(?JzHg`SFu+zA`CM?M z#qiAJH5n2k4_*V9GtZPU?lR%5IdLSg&;bya7|%zr$k0{Y+m{DLA72MT-ooNuZ-);q zDV;5KAxR=yF59}YoJkNTKSj`gG9_p~l5G+36cAu+!V!2dsq%ueX1=K(eKPa{9r9+T z&W^xbF--S?sMe*}1s$Dj7~xi_cF=U4iEb%xkhZP*_lanh>&OUEj6q2_C0@0>;7@XM zO3CHEUavej1N}NcyTpgi&rzE$BW4SiG0d%ki0%``#nQjfTgRm8r+6py_Q0j{jkGraI__D7GOE;H=0TBxRumHZ3J)jJ(H@}&MloMbQ^ z{Uro6DMdy^v;$zvJ^2^VGd+tC15^VN8v5;5HV;MAb$tm1a=o|@3Vr6vO%{yDBOv3o z73DSdmD5SlX*I--fZ&z0-C}^~yd$TMwFxKn8vaJ>p?pR`P#~wDa}#2=q&b^Qc-~lu z--!+uU_hat$|!93_ATUqEG4F1m{yV_GPp)|W9X3Oki&4b2itO%Ug%vs+4ub z>C;VWvhfUzJ`ppO>5vaEK+aGK1ki_W1@Bg(i&<0fh&r^@{EyhV^29`&xren_VY01N?d zD5cyL*Op50hK&PXAV^<6t77ubJGfbriSE*<@bj#Hp3W=2z!5{~9(P}l z3mwjG_LxLVkSPfIA1P)6#JZ@n?0f6Eco4=7>VgTDyKeyo4>kdE5iI-h0|XVzhCe?r zpo-BA^b)qU+$Ti?$s++#+sC`e?Ol9e{`EBF5$e~aT1XcdeZMH^>|*e?wC~y% zLGN|h{V(&HlQz~71x`--S5BR-FC3sjmUooA4ZV$~ze}1N6~VUv0r0l=!oSTLBzonn z+feYUcJlnzw{;1T zRj?1`d|M3Fti3<<5x%}g2`Q&B-T9_T{=-e+LEtiSiA>~WB_k8!Dj@KdGuH2Rd>nNI zSV1L$oa9-~^yT;Va5KeU?l+_5=4))8+mRW$c(B)fq8BUNpfuDbd^1NH+LYpBpU|62h08 zK+IVlZ@D)Cg|+2jSQ&jcQ%)&@Ja+kp#9!I`=TbatZ-4*Y<%As2)bVKd<9CaBpaF7j zy0@mH;yQ4MTyMYC4;;F0_P+V6dOOMsGYw6J*nFziijE}^5fSU^>WFw8PhaTXbh1*f zCcVzIYf18Gj}4e)O3fUmlfK;Uc{I!jz=DuB6I(&ez6~zm<<8%&uK?=*4{0D+C(d=+ z7;f^K4STm}ibn80K4)e9eMdy`BI#PujHlR@z!w{4CtW8V@Kd8`=H6IlkoK~_5G^FZ zy@64&W_NcNs0k=4DoV`jJow_pPXaeTIXM{<69be2dNCA-ri-*pM$-5#rVHt{s$Zs1 zdzU(pGDDEzpwjtBO{>OwsoZFwP@{s72-(aSIp?-$F|p+_zHx8DTndfZXXT4-^2b)v zU)8j3P=2io&F%3Qq%Czem1O_{)7vd2@*)QfUvx<=Rma=S$kFi<5Zmv_&E{zSYUI07 zB@}=cFJ4Qf8o+liqT0val=;anEK*>AC85wlx4sCE@Gr1~V76B~08}t`MCrt`f1h=404plZMHMBoi5z@ela{WK<%+%&IN z+qy)jDG&uuSdRIJaSu~ieEiI4#wQ@9@c1P+VcotC1`Y)mDBL6d9L3Y zdwWl9laPWI{kMfkJGr^e_z<#;O!bIg{Z+KW);RoK|3UCq05r`%A0Uvu&P4e~D81}+ ze9;2#sBJrdyH;CU3z&k=$BT0>wx~EzR=13toZJwo8wJ$daenz>pk^@eW~S4@G*E}& zg}?@DwcJ>jm9?3dn|6MBYWs3dXIB@nqW(DS43mpRI0Em~$-`yrg>jE|wI{q*iU0=j z-MDYG&is4*VK;GMBBD^%H#eVfK_$!)5q{{3xg!GibUZxuz0Dbb`ae zvQVJwFjPx)Qj?N++|IuOK|Ny}po&jFZOLE~dngM+7Jfe|+fN4U;0q!me^&h2H!!?+ zpx_VEz#R-z?a)>}qX>gvjN!k+n5-sZTgdbs5DU@L8|-H1arpObdICV^z4NF58jI7% zF%#6Qi^2c*H_{ADk&>63l*2C6)=c%J4)#ec5yW$I&U2b5*K;?Bm1Q`bPPRy z;=U5NgTES!A)=cUeVvdm`_z4MOz7Vk6i)@T*ms9j1fL#4qF4Vsk^f|{vEutq2}c)4 z&_B8kU6BMII4yb==B-%IY8DU}G&ZJ;>_J9Bd6^YhB0+CHK|yfu4>AD(fryBJ+N6hv zhmD@d`Tm zL?}{QM-*8aR@N%3g|xP|Hfn0>mka&^N*IZWiIMO+)3LCO0~b`oz`=p^l1G02?=63M zSTT|V{AFbUrVv{LAQI+))E1z2&_EnLa1AaT_mKbXy2blYrZ)VGDLatJ;`)g}!>%a5kIhL@}QVyM5ci&BIUWrEj-1|S%rq=GxDJ5pURDt`85tQRrD(wv50Gc<3q-sD z&skX5_wNE*?+RsRW(KIwFD{m{ygWJvMs!rvi`bvYK=Iue(n;6ZfbHe^rkWdWvt0@AF<8^u4+t(*4tisNgy*#*P=i&t@j2C}~#0VmwS_ zyP-^NDW7--CkRPUP}wyI|J}cf*`C)GP|BcIfZ4zDMEe9`lxfkAMUDc@Zd*_PLm+G8 zIzAD{aUmivzIhTKq)s@S+#)D?z_9&f(^%8j{sh=iT_(^_mWwIu9PJyDf%-jpQ6=$} z-%^6!UBr7J4O0@-qQE&v@o|h12s0#`Y2P?i_q8`y)4Q1B^vwo0gU%UZz1>Smn_3BX zhjf|73shXps<fCcDUI#v8Gd&*niT0$Wy3~y``xydp4;rj+4EM@m-*o1YzCh#m% z{rnka6xx#`6%Y0qE7EcIHLmnr9%87l9Egc`CbD4ul>z88qK4=x(2)buM2B_Oazb6a z+iag4Q>^bs`~BMmgR=qdf7SETb^RscNzN^;YtwwNXo>ij8=2wxFI)G;OR>*D+?)}d zO8$mfPs5b{$fO(Wq0C>HoF(UR7Ik7z)tK_iXN~3hi2uEI9sy2ki`djRhhkjmYHAq% zLXJu=p0%6sO_6{k52D%V6=xmaKFehL7WjC-;St@(r=UhkB9AV+zQtO&XqncX4_SO~ zO58uG(Em@KBR&ZCf6P-*A?%t|i{1vuO>v8}mDgCV;8_*q*^R1`u046H-k)=-1U|>A z8+)ecvsC=o?o@;g7qUg-Ah=&wKPev3_3MA73*{3D!4{bOG)?wVePB9!dWu)2!1#vV zT>!l`lN>Wm0jI0|e8BQQV|WiYX02?9`NkKaHW21#~qxV%r^xMNk5^xtSmH3=F9rUQVw4a#1mr8pgS zP(T2X{`Vqyk^rlc79HW{!8na76deS>WcvF0lG)=gq7vZRq=*C|MCwsIhdu@Xxh5MY z0gT}n`A!3a@BPLGWe>p{`cSaXW8cp63Bp2u%uT?9fWSxdJt^j~wqd?ds(e1DCe+t_ z>8X9X0XnIE=I~J4plO3=yoDM5rdI7Z<3Ci!Q|w+D(=3MKTZYJyXqO+x7RrmKYi6u? zTtx?KKTTK^TvGt~C?kd7kezQh&b)ui zL`{R?Ge(Zd!nu9$xaG&iLBf#2J&2(wS}0o?emT!^m!;2)$8c&U!_uY;FT*-l0`J?u|9|&3i=GSDeq;;c`L8;1; zPfwob>FUx*1t7Hg?s76+s1SWpr0RX<)Xb;*Hta#~Es>B<*1VOV((~%aV{?l5|z(aGZdk<)_Dhqx;@t?T3GL!?-ZOXc_L*WvVW@p8;b&-o$Trl`T72 zO$mGitr~QlzQVpY3^|zR`j60*#+M_f!0%ir2GRYbdi`KJ4t1+PjNg1p<(WHH9e+2k zr~boqUff^abH1`-7zcIqamA#is6OTM$#I97Ch5D zP?bZVU+P^;tyECru;%0J?F+_`R4{-FO)%U~eKrMs#Y%$e{j3ebQR>$#6>dxCmM;6M zCA$Vh>_^p!!H;*XZo%xdh1D}*;v+LHBUM=hAocOrHlFFcPNjZ2=A2S3r&_1Th z-wmZF&7rwMn-*aHk)ppn%LY}>TwZV(!+p5X2#CE9YUCL++4$BDP(Utv#@|KA_Lx`Y zE9bYj3%~4@XwgiCJZ0mG7sCqYD@U>lO{{3<3;4y3g^iuBOj9s5f12aZrl6sbD49(| zP5mz})>el?yibj7r;9t$Dsl)&LXay4qk9D32vi!uQCHDMvi7qwD7^Kl6o5FRJ-WWBv7IsZ>;Eov*LO*P(})VAP#$j%S-r|%c|saKo(Ka#Li7Y-I`eD4FK z{G%B>MA96R30-s(ZtiPGg{JC_EmU;tExPG>CQa zoc@V)bUPUr|1fVwucPR_cz*qU7^3dK$EEsI=5#fF8UWGl|)%8|T`o|3Y1jA9-@ zJ&t*i%Dau_3f+h zNn>?=-KsYrl$U}4u{enoh75$dSmQuA&gJ{F_N&1LrPzi_z{>}GeK>gd+^np>$V?zA z5k3)-7vNp?_KLr_{xX0=4*0-;0~$%hyZzz@n*+G1xw*Ndq$H4s4mcmh#s||yfU}SW z$X)>00U!W72DWH}P&N;{w;fC?g@{lvm`OE6N{qNF_v1hb-(PoLPMp?83RM=CoD9$e z{m_$(Qtd|8f-bh1`FHsFlEZ$DaTp0ARza3K8XI~?bcZRBao$SoYdrg&f3kr9BWt|< zg|V)A_q}{&J*(6XXWYJVG{0lHbK-Na&!b&zPsmu#W&F3K7PPtL3zXyPa=sQ zz(RPXZOt0aLdgK20;WhN$?)GQ>DbWzb@#I`CWQIeW z_GFe0fTZ3E94f1ucgQdF%71h8>5S=R?^+&*>QB>xtBi0n%9Oz^{bKq9Out*h%n{4p zhSGP;ru_U@dGt1g1Wr})wGh&!oG;6$-2-xko%NA8@pt1Ek74vBwObD5k%0_ngu1ua zFiglYnKkIHC5dpi3w*542ohR`mNRpp%=Nxgxw;A3gW(aEwQ4bI3Qi&kP;cb}Vr%m| znhR7Ki#JNkfO?o?^-5;O{TI=w;{>K9d;DZ~J!jR=s0wzw#=AH9T*uw>#~(w%$Oi1z zEjE~e^#L5{H>7`)=>LOPYrb4P{g9u;KIm|u-~{A|xll<|jh{zC`z+sqO`IaVet1(1 z)IusyhY0@5$X?v|;5VvR=N409^x0J<;NlzNIAP(v@+$X!Y;L#UrX<0mGWTg* zDeV_Qnv>p0O3g2r>*i?o?NV4?pWh~0tdWY<_?jk23*v*D>xO`bA_qQ12XkfK^%8r} z67W$TpR7Y5m>~6YD?oAUG4)a^3Vg;HUN^)gZ`#>hYeo!; z+s4($R;Jl(xmy}DVNC|(yq(G^^ZVP}#=HX-QOFr6l3I4sL%{p?bE9>; z*Kw+^KkKxStZo#_N4oXi&xD|~w-LGi1^+8I^Lk##^Zw3|BnOB%T_V{5RT2)xo?NB` zRNBtbCd7)w5wCD$_jjIbg!5)5xeW6&rZcsgl-Mgnm2nTR0ULkh`GdLba?nRcVo+vr zcNSt+m!y;wMraoiue0Ne&Iu>vR;0sD=dx>mQAdvJorq=Xd_cG3zp@s{-0U*2)6`6Q zk+r7x*GC3GxQ;IgHbq&?5M48${vMe>n=no!ssD1XtzC`M6%D_*6sIejU`OE3Z0YaR zN28y^_11DvFXYIsq^nFJcijva>wd?UHS|^Iym*TXgM=d9o))s23V+lp0iBOf&+N)J9jhre)DYb{x zQmNW%sVxX%djut|C4waKOrG<8IM?-le!sn6GS_v_+?n6~o0wLUhZjy>`znP%=4sePpyf5fPM_f%q=-|X z)|aclTV8M~9r4tVOw}%eHvH1v-7RwXfO^?w`oZM(n;Mc|{Hg(EHi=*t)`&CLS!sq7 zi)PBXIbvphVk4h~S{yspda<)zVCSN4kot(r#2>2niw`dSStK?Q5g`Vst`7-# zT$wh6(Tf}#EyukXE&tLu5rzp8mK|>-YLw%KuM?j-O8+HTs_Yr{@RL#oc9QeUJw*xT z55lZc5xyUuO`SyV+GOtHsGK~i@fj>+yGH(tAL)5!+Ydj43RFnZt(LIywmr)WfuPap z<@D9!w&6P56tK)kP0@F#a5!96l&Z5c``uc4Cr>(e`g&ByD3`ssd!_l_`^5%KPqqVt zETD+JQQeUMiD};NHI=n9V4FG_Q#>3p-ZqrwbMZ8Hr|G>-igW)&~bqOzNw{ z-0WQl^NhS8IGAlX0u(0mTAAK96tlTae^Jj4v9|h%re0Va7}$?rW3iO+=V$)pZ+~#I z@DK%VI<0w|m6w-P)ix=%>3S!^zgn@@lQSc+<(pn}lE)7f6+}BU@>-rvc2C^r+Lyp} zko4$E@40*5RGWuK-E(XnK&}p!G~S&LaS1ikE8WpM&d4Y4|>ChEp z1PQtwG9BZ&pK@NT49)4BIpv*1kFHrO|A`EXp7{owR)g_@4=E`rEOu;kRMuSZQprGW z@Z{KfYj*#UM5ZX45-ZqMcS^{J_vU7+^ZG(1Ad#xQsP)$w9waPumfRkhag?Ht}o%3P3z z;;zu0pT!0ZqTgg~Z~0N9c3a1iMX5(_A`rzYGFuxhmWUHD zJWO6jLODg~Qi)c-B;!*B#R8!d;opKp^rVr|C{`61I)bxj$=BHHv1^z;Dib>$L=l$7 z?{1f()2B1-Ox|tbTWSuC>8)_GonPvza@G+X#Msbr^CeVC;NDT_e(zL; z9Ai#)O3bv0`Ap1Kaw|_4Zdf^gkvea?YSMt0{>2_FNhm+5G{5=K!O6)_^AvtvQfN8C z;7Qj~k>qJdN5>b|mq~qgDyphoKAQ8NWxrS9sq))kbPaKXVBGkm!TZ8mufOlNE%e9C z4bVyxTMT?>WuaN{^>6p@{}>T-HjbnndeQ&k`rRq65qBzp%nf6lC8Ek3)(Xq>g4D23 z%Ⓢ+&-zTJ~F0YCBdIUQ>SipTf`E4x(b|;%;=dw*CZiQb6+!)Yc{?~ZPIuu!;E`d z5Xz}9QYT#ry& z2?z*yWGHxKYiB;4JUo2PweB2ULB!C8%TIE*wY3co-vqmy=0(jlo7fvYy}i9S94<^i zG0woyFgG{1w6v6$6%5Y10^bM5#>Tv?>8SbC#l^)nN_~ec)~iGAAQMk|Km6c(0pB{w?c#T>4R*w_3Qe>nNLI@KHq~PT;K-~iLlPoZVGfKPS z2S9z0Yw^5le;ZQZC114#TSJ)>ffXa8qtl_JqX6@ZXTQ3;0Er$iQUW06qO?v>@w<2K zjS&HWvp0aPL&D-8wkHC4PnQ?H(KRtK0Yqm2GOvy%$$PWqrKN$u3c!kNQVj*W0QEH? zQwF>t036h}T#h`x{`j!0d0<24}40 zq`2Y{xw)2nY;xCEf{kbQ}Rn5A%KI{O>%P z8o^!bbM4@+Fn`4Wp7_G>a0I=9297$@qMs9iN@0&zL9xvQEsfh*2^ndIfYMg0K?MMV z@9SjpKif3`(wUxh)_Ign*45GZEQ>uj(S$}~Fr0Vw(^5!CWqFcvEJz?$4)i$w+WLB3 zZEd5SnRs67fyKj-fq{XE2~f$g;@aBUSFgNA-a7KKR$T%ghQO?rC*cgL|Z%S!pZawC)3A<%}Xn1`*U9EbM9I`PhiP+ z${Nwiv;t}U#vCup=Mp)(#vBl_yWVIU6BH4)zT9uoCKJAAfb1T3?#G4ikuo$|Tv}!u z7}B>pxC=0O+oGW&Q!%SS3I$C)VA>~J(eUHGSRabI+)vUdFq;9+|EH7OnU;k#Y80u+ zHdZpzpCsJEVIcD4wF&HJx!y-C+8myypU0e!NYlq)yqB}Vl|i5Ch9Po(DXm0IFA{{2 zb{OgHZ+(=S^sNXe_Vq6y4VPrpt$vXK6DcrL5IZbaFGK3Ah)Y(Y zUGJ*u8KJH7N{m4luh$c((f=g@l|$oH{#^)cK{qAGpDUgFU5dM zBW_VKT<;-?yGWn(X|}$+2IevR0CTB?eCoIOi*homZCOu69t28w3~^flD0(LV)o%Bk zG0ogEwX1l7yps0lJG!4Zf6aVDWO5-Ne-m<)fA?$bopyck1at1`E@w$ep)2B6eU%y~ z_L2{9PFT!#0-F3)w!VMW!aV*x{$h;Gf6?tTpqX1Rk;nU&GGmfndG6h`RR8d29tx*8 z*mA|T$)-G?a3BK$XzW2W=+jRqjkc98>UXq3x*Tk8r#*NT-epLA<>CKOPg65uPuPxg zqT!G6ARW30=;y7WG*@1FQTr&c)&JW_|9{p$r>y@=HrBX&I{t+xea&Z5Ks9_;mu!A3 IH}|~%AEufdc>n+a From aeaa3aac62bfb6e78b16376cf8f98e477e56f463 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 15 Feb 2024 09:02:18 -0800 Subject: [PATCH 093/114] chore(terraform): remove env vars used in data migration these are no longer relevant as we'll use the admin interface directly to configure --- terraform/app_service.tf | 96 ++++------------------------------------ 1 file changed, 9 insertions(+), 87 deletions(-) diff --git a/terraform/app_service.tf b/terraform/app_service.tf index f50175f95..1d3a39dca 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -66,10 +66,10 @@ resource "azurerm_linux_web_app" "main" { "REQUESTS_READ_TIMEOUT" = "${local.secret_prefix}requests-read-timeout)", # Django settings - "DJANGO_ALLOWED_HOSTS" = "${local.secret_prefix}django-allowed-hosts)", - "DJANGO_DB_DIR" = "${local.secret_prefix}django-db-dir)", - "DJANGO_DEBUG" = local.is_prod ? null : "${local.secret_prefix}django-debug)", - "DJANGO_LOG_LEVEL" = "${local.secret_prefix}django-log-level)", + "DJANGO_ALLOWED_HOSTS" = "${local.secret_prefix}django-allowed-hosts)", + "DJANGO_DB_DIR" = "${local.secret_prefix}django-db-dir)", + "DJANGO_DEBUG" = local.is_prod ? null : "${local.secret_prefix}django-debug)", + "DJANGO_LOG_LEVEL" = "${local.secret_prefix}django-log-level)", "DJANGO_RECAPTCHA_SECRET_KEY" = local.is_dev ? null : "${local.secret_prefix}django-recaptcha-secret-key)", "DJANGO_RECAPTCHA_SITE_KEY" = local.is_dev ? null : "${local.secret_prefix}django-recaptcha-site-key)", @@ -81,96 +81,18 @@ resource "azurerm_linux_web_app" "main" { # Google SSO for Admin - "GOOGLE_SSO_CLIENT_ID" = "${local.secret_prefix}google-sso-client-id", - "GOOGLE_SSO_PROJECT_ID" = "${local.secret_prefix}google-sso-project-id", - "GOOGLE_SSO_CLIENT_SECRET" = "${local.secret_prefix}google-sso-client-secret", + "GOOGLE_SSO_CLIENT_ID" = "${local.secret_prefix}google-sso-client-id", + "GOOGLE_SSO_PROJECT_ID" = "${local.secret_prefix}google-sso-project-id", + "GOOGLE_SSO_CLIENT_SECRET" = "${local.secret_prefix}google-sso-client-secret", "GOOGLE_SSO_ALLOWABLE_DOMAINS" = "${local.secret_prefix}google-sso-allowable-domains", - "GOOGLE_SSO_STAFF_LIST" = "${local.secret_prefix}google-sso-staff-list", - "GOOGLE_SSO_SUPERUSER_LIST" = "${local.secret_prefix}google-sso-superuser-list" + "GOOGLE_SSO_STAFF_LIST" = "${local.secret_prefix}google-sso-staff-list", + "GOOGLE_SSO_SUPERUSER_LIST" = "${local.secret_prefix}google-sso-superuser-list" # Sentry "SENTRY_DSN" = "${local.secret_prefix}sentry-dsn)", "SENTRY_ENVIRONMENT" = local.env_name, "SENTRY_REPORT_URI" = "${local.secret_prefix}sentry-report-uri)", "SENTRY_TRACES_SAMPLE_RATE" = "${local.secret_prefix}sentry-traces-sample-rate)", - - # Environment variables for data migration - "MST_SENIOR_GROUP_ID" = "${local.secret_prefix}mst-senior-group-id)", - "MST_VETERAN_GROUP_ID" = "${local.secret_prefix}mst-veteran-group-id)", - "MST_COURTESY_CARD_GROUP_ID" = "${local.secret_prefix}mst-courtesy-card-group-id)" - "SACRT_SENIOR_GROUP_ID" = "${local.secret_prefix}sacrt-senior-group-id)" - "SBMTD_SENIOR_GROUP_ID" = "${local.secret_prefix}sbmtd-senior-group-id)", - "SBMTD_MOBILITY_PASS_GROUP_ID" = "${local.secret_prefix}sbmtd-mobility-pass-group-id)" - "MST_SERVER_PUBLIC_KEY_URL" = "${local.secret_prefix}mst-server-public-key-url)" - "SBMTD_SERVER_PUBLIC_KEY_URL" = "${local.secret_prefix}sbmtd-server-public-key-url)" - "AUTH_PROVIDER_AUTHORITY" = "${local.secret_prefix}auth-provider-authority)" - "SENIOR_AUTH_PROVIDER_CLIENT_NAME" = "${local.secret_prefix}senior-auth-provider-client-name)" - "SENIOR_AUTH_PROVIDER_SCOPE" = "${local.secret_prefix}senior-auth-provider-scope)" - "SENIOR_AUTH_PROVIDER_CLAIM" = "${local.secret_prefix}senior-auth-provider-claim)" - "SENIOR_AUTH_PROVIDER_SCHEME" = "${local.secret_prefix}senior-auth-provider-scheme)" - "VETERAN_AUTH_PROVIDER_CLIENT_NAME" = "${local.secret_prefix}veteran-auth-provider-client-name)" - "VETERAN_AUTH_PROVIDER_SCOPE" = "${local.secret_prefix}veteran-auth-provider-scope)" - "VETERAN_AUTH_PROVIDER_CLAIM" = "${local.secret_prefix}veteran-auth-provider-claim)" - "VETERAN_AUTH_PROVIDER_SCHEME" = "${local.secret_prefix}veteran-auth-provider-scheme)" - "MST_SENIOR_VERIFIER_NAME" = "${local.secret_prefix}mst-senior-verifier-name)" - "MST_SENIOR_VERIFIER_ACTIVE" = "${local.secret_prefix}mst-senior-verifier-active)" - "MST_VETERAN_VERIFIER_NAME" = "${local.secret_prefix}mst-veteran-verifier-name)" - "MST_VETERAN_VERIFIER_ACTIVE" = "${local.secret_prefix}mst-veteran-verifier-active)" - "COURTESY_CARD_VERIFIER_NAME" = "${local.secret_prefix}courtesy-card-verifier-name)" - "COURTESY_CARD_VERIFIER_ACTIVE" = "${local.secret_prefix}courtesy-card-verifier-active)" - "COURTESY_CARD_VERIFIER_API_URL" = "${local.secret_prefix}courtesy-card-verifier-api-url)" - "COURTESY_CARD_VERIFIER_API_AUTH_HEADER" = "${local.secret_prefix}courtesy-card-verifier-api-auth-header)" - "COURTESY_CARD_VERIFIER_JWE_CEK_ENC" = "${local.secret_prefix}courtesy-card-verifier-jwe-cek-enc)" - "COURTESY_CARD_VERIFIER_JWE_ENCRYPTION_ALG" = "${local.secret_prefix}courtesy-card-verifier-jwe-encryption-alg)" - "COURTESY_CARD_VERIFIER_JWS_SIGNING_ALG" = "${local.secret_prefix}courtesy-card-verifier-jws-signing-alg)" - "SACRT_SENIOR_VERIFIER_NAME" = "${local.secret_prefix}sacrt-senior-verifier-name)" - "SACRT_SENIOR_VERIFIER_ACTIVE" = "${local.secret_prefix}sacrt-senior-verifier-active)" - "SBMTD_SENIOR_VERIFIER_NAME" = "${local.secret_prefix}sbmtd-senior-verifier-name)" - "SBMTD_SENIOR_VERIFIER_ACTIVE" = "${local.secret_prefix}sbmtd-senior-verifier-active)" - "MST_PAYMENT_PROCESSOR_NAME" = "${local.secret_prefix}mst-payment-processor-name)" - "MST_PAYMENT_PROCESSOR_API_BASE_URL" = "${local.secret_prefix}mst-payment-processor-api-base-url)" - "MST_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_ENDPOINT" = "${local.secret_prefix}mst-payment-processor-api-access-token-endpoint)" - "MST_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_KEY" = "${local.secret_prefix}mst-payment-processor-api-access-token-request-key)" - "MST_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_VAL" = "${local.secret_prefix}mst-payment-processor-api-access-token-request-val)" - "MST_PAYMENT_PROCESSOR_CARD_TOKENIZE_URL" = "${local.secret_prefix}mst-payment-processor-card-tokenize-url)" - "MST_PAYMENT_PROCESSOR_CARD_TOKENIZE_FUNC" = "${local.secret_prefix}mst-payment-processor-card-tokenize-func)" - "MST_PAYMENT_PROCESSOR_CARD_TOKENIZE_ENV" = "${local.secret_prefix}mst-payment-processor-card-tokenize-env)" - "SACRT_PAYMENT_PROCESSOR_NAME" = "${local.secret_prefix}sacrt-payment-processor-name)" - "SACRT_PAYMENT_PROCESSOR_API_BASE_URL" = "${local.secret_prefix}sacrt-payment-processor-api-base-url)" - "SACRT_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_ENDPOINT" = "${local.secret_prefix}sacrt-payment-processor-api-access-token-endpoint)" - "SACRT_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_KEY" = "${local.secret_prefix}sacrt-payment-processor-api-access-token-request-key)" - "SACRT_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_VAL" = "${local.secret_prefix}sacrt-payment-processor-api-access-token-request-val)" - "SACRT_PAYMENT_PROCESSOR_CARD_TOKENIZE_URL" = "${local.secret_prefix}sacrt-payment-processor-card-tokenize-url)" - "SACRT_PAYMENT_PROCESSOR_CARD_TOKENIZE_FUNC" = "${local.secret_prefix}sacrt-payment-processor-card-tokenize-func)" - "SACRT_PAYMENT_PROCESSOR_CARD_TOKENIZE_ENV" = "${local.secret_prefix}sacrt-payment-processor-card-tokenize-env)" - "SBMTD_PAYMENT_PROCESSOR_NAME" = "${local.secret_prefix}sbmtd-payment-processor-name)" - "SBMTD_PAYMENT_PROCESSOR_API_BASE_URL" = "${local.secret_prefix}sbmtd-payment-processor-api-base-url)" - "SBMTD_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_ENDPOINT" = "${local.secret_prefix}sbmtd-payment-processor-api-access-token-endpoint)" - "SBMTD_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_KEY" = "${local.secret_prefix}sbmtd-payment-processor-api-access-token-request-key)" - "SBMTD_PAYMENT_PROCESSOR_API_ACCESS_TOKEN_REQUEST_VAL" = "${local.secret_prefix}sbmtd-payment-processor-api-access-token-request-val)" - "SBMTD_PAYMENT_PROCESSOR_CARD_TOKENIZE_URL" = "${local.secret_prefix}sbmtd-payment-processor-card-tokenize-url)" - "SBMTD_PAYMENT_PROCESSOR_CARD_TOKENIZE_FUNC" = "${local.secret_prefix}sbmtd-payment-processor-card-tokenize-func)" - "SBMTD_PAYMENT_PROCESSOR_CARD_TOKENIZE_ENV" = "${local.secret_prefix}sbmtd-payment-processor-card-tokenize-env)" - "MOBILITY_PASS_VERIFIER_NAME" = "${local.secret_prefix}mobility-pass-verifier-name)" - "MOBILITY_PASS_VERIFIER_ACTIVE" = "${local.secret_prefix}mobility-pass-verifier-active)" - "MOBILITY_PASS_VERIFIER_API_URL" = "${local.secret_prefix}mobility-pass-verifier-api-url)" - "MOBILITY_PASS_VERIFIER_API_AUTH_HEADER" = "${local.secret_prefix}mobility-pass-verifier-api-auth-header)" - "MOBILITY_PASS_VERIFIER_JWE_CEK_ENC" = "${local.secret_prefix}mobility-pass-verifier-jwe-cek-enc)" - "MOBILITY_PASS_VERIFIER_JWE_ENCRYPTION_ALG" = "${local.secret_prefix}mobility-pass-verifier-jwe-encryption-alg)" - "MOBILITY_PASS_VERIFIER_JWS_SIGNING_ALG" = "${local.secret_prefix}mobility-pass-verifier-jws-signing-alg)" - "MST_AGENCY_SHORT_NAME" = "${local.secret_prefix}mst-agency-short-name)" - "MST_AGENCY_LONG_NAME" = "${local.secret_prefix}mst-agency-long-name)" - "MST_AGENCY_JWS_SIGNING_ALG" = "${local.secret_prefix}mst-agency-jws-signing-alg)" - "SACRT_AGENCY_SHORT_NAME" = "${local.secret_prefix}sacrt-agency-short-name)" - "SACRT_AGENCY_LONG_NAME" = "${local.secret_prefix}sacrt-agency-long-name)" - "SACRT_AGENCY_MERCHANT_ID" = "${local.secret_prefix}sacrt-agency-merchant-id)" - "SACRT_AGENCY_ACTIVE" = "${local.secret_prefix}sacrt-agency-active)" - "SACRT_AGENCY_JWS_SIGNING_ALG" = "${local.secret_prefix}sacrt-agency-jws-signing-alg)" - "SBMTD_AGENCY_SHORT_NAME" = "${local.secret_prefix}sbmtd-agency-short-name)" - "SBMTD_AGENCY_LONG_NAME" = "${local.secret_prefix}sbmtd-agency-long-name)" - "SBMTD_AGENCY_MERCHANT_ID" = "${local.secret_prefix}sbmtd-agency-merchant-id)" - "SBMTD_AGENCY_ACTIVE" = "${local.secret_prefix}sbmtd-agency-active)" - "SBMTD_AGENCY_JWS_SIGNING_ALG" = "${local.secret_prefix}sbmtd-agency-jws-signing-alg)" } storage_account { From b71b52581c663f421eb195a52fe3d354eee21797 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 15 Feb 2024 21:43:55 +0000 Subject: [PATCH 094/114] refactor(rest_db): allow more local customization * devs may or may not want to reset their local DB * devs may want to change which DB file is targeted * devs may want to change which fixture file is loaded update docs to reflect these changes --- .env.sample | 6 +++ benefits/settings.py | 2 +- bin/reset_db.sh | 58 ++++++++++++--------- docs/configuration/data.md | 43 +++++++-------- docs/configuration/environment-variables.md | 50 +++++++++++++++++- 5 files changed, 107 insertions(+), 52 deletions(-) diff --git a/.env.sample b/.env.sample index c79424341..fb14ecd8e 100644 --- a/.env.sample +++ b/.env.sample @@ -1,6 +1,12 @@ DJANGO_SUPERUSER_USERNAME=benefits-admin DJANGO_SUPERUSER_EMAIL=benefits-admin@calitp.org DJANGO_SUPERUSER_PASSWORD=superuser12345! + +DJANGO_DB_RESET=true +DJANGO_DB_DIR=. +DJANGO_DB_FILE=django.db +DJANGO_DB_FIXTURES="benefits/core/migrations/local_fixtures.json" + testsecret=Hello from the local environment! auth_provider_client_id=benefits-oauth-client-id courtesy_card_verifier_api_auth_key=server-auth-token diff --git a/benefits/settings.py b/benefits/settings.py index 0ce3ffdde..ce3f7eeb5 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -166,7 +166,7 @@ def RUNTIME_ENVIRONMENT(): DATABASES = { "default": { "ENGINE": "django.db.backends.sqlite3", - "NAME": os.path.join(DATABASE_DIR, "django.db"), + "NAME": os.path.join(DATABASE_DIR, os.environ.get("DJANGO_DB_FILE", "django.db")), } } diff --git a/bin/reset_db.sh b/bin/reset_db.sh index b852e5586..26529338a 100755 --- a/bin/reset_db.sh +++ b/bin/reset_db.sh @@ -1,25 +1,35 @@ #!/usr/bin/env bash -set -eux - -# remove database file - -# construct the path to the database file from environment or default -DB_DIR="${DJANGO_DB_DIR:-.}" -DB_FILE="${DB_DIR}/django.db" - -# -f forces the delete (and avoids an error when the file doesn't exist) -rm -f "${DB_FILE}" - -# run database migrations and other initialization - -bin/init.sh - -# create a superuser account for backend admin access -# set username, email, and password using environment variables -# DJANGO_SUPERUSER_USERNAME, DJANGO_SUPERUSER_EMAIL, and DJANGO_SUPERUSER_PASSWORD - -python manage.py createsuperuser --no-input - -# load sample data fixtures - -python manage.py loaddata benefits/core/migrations/local_fixtures.json +set -ex + +# whether to reset database file, defaults to true +DB_RESET="${DJANGO_DB_RESET:-true}" +# optional fixtures to import +FIXTURES="${DJANGO_DB_FIXTURES}" + +if [[ $DB_RESET = true ]]; then + # construct the path to the database file from environment or default + DB_DIR="${DJANGO_DB_DIR:-.}" + DB_FILE="${DJANGO_DB_FILE:-django.db}" + DB_PATH="${DB_DIR}/${DB_FILE}" + + rm -f "${DB_PATH}" + + # run database migrations and other initialization + bin/init.sh + + # create a superuser account for backend admin access + # set username, email, and password using environment variables + # DJANGO_SUPERUSER_USERNAME, DJANGO_SUPERUSER_EMAIL, and DJANGO_SUPERUSER_PASSWORD + python manage.py createsuperuser --no-input +else + echo "DB_RESET is false, skipping" +fi + +valid_fixtures=$( echo $FIXTURES | grep -e fixtures\.json$ ) + +if [[ -n "$valid_fixtures" ]]; then + # load data fixtures + python manage.py loaddata "$FIXTURES" +else + echo "No JSON fixtures to load" +fi diff --git a/docs/configuration/data.md b/docs/configuration/data.md index 6e52de0b8..b87c79dea 100644 --- a/docs/configuration/data.md +++ b/docs/configuration/data.md @@ -1,8 +1,8 @@ # Configuration data -!!! example "Data migration file" +!!! example "Sample data fixtures" - [`benefits/core/migrations/0002_data.py`][data-migration] + [`benefits/core/migrations/local_fixtures.json`][sample-fixtures] !!! tldr "Django docs" @@ -10,14 +10,15 @@ ## Introduction -Django [data migrations](https://docs.djangoproject.com/en/4.0/topics/migrations/#data-migrations) are used to load the database with instances of the app's model classes, defined in [`benefits/core/models.py`][core-models]. +The app's model classes are defined in [`benefits/core/models.py`][core-models]. Migrations are run as the application starts up. See the [`bin/init.sh`][init] script. The sample values provided in the repository are sufficient to run the app locally and interact with e.g. the sample Transit -Agencies. +Agencies. [Django fixtures][django-fixtures] are used to load the database with sample data when running locally. -During the [deployment](../deployment/README.md) process, environment-specific values are set in environment variables and are read by the data migration file to build that environment's configuration database. See the [data migration file][data-migration] for the environment variable names. +During the [deployment](../deployment/README.md) process, some environment-specific values are set in environment variables and +read dynamically at runtime. Most configuration values are managed directly in the Django Admin interface at the `/admin` endpoint. ## Sample data @@ -37,32 +38,24 @@ Some configuration data is not available with the samples in the repository: - Payment processor configuration for the enrollment phase - Amplitude configuration for capturing analytics events -### Sample transit agency: `ABC` +## Rebuilding the configuration database locally -- Presents the user a choice between two different eligibility pathways -- One eligibility verifier requires authentication -- One eligibility verifier does not require authentication +A local Django database will be initialized upon first startup of the devcontainer. -### Sample transit agency: `DefTL` - -- Single eligibility pathway, no choice presented to the user -- Eligibility verifier does not require authentication - -## Building the configuration database - -When the data migration changes, the configuration database needs to be rebuilt. - -The file is called `django.db` and the following commands will rebuild it. - -Run these commands from within the repository root, inside the devcontainer: +To rebuild the local Django database, run the [`bin/reset_db.sh`][reset-db] script from within the repository root, +inside the devcontainer: ```bash -bin/init.sh +bin/reset_db.sh ``` +See the [Django Environment Variables](environment-variables.md#django) section for details about how to configure the local +database rebuild. + [core-models]: https://github.com/cal-itp/benefits/blob/dev/benefits/core/models.py -[django-load-initial-data]: https://docs.djangoproject.com/en/4.0/howto/initial-data/ +[django-fixtures]: https://docs.djangoproject.com/en/5.0/topics/db/fixtures/ +[django-load-initial-data]: https://docs.djangoproject.com/en/5.0/howto/initial-data/ [eligibility-server]: https://docs.calitp.org/eligibility-server -[data-migration]: https://github.com/cal-itp/benefits/tree/dev/benefits/core/migrations/0002_data.py -[helper-migration]: https://github.com/cal-itp/benefits/tree/dev/benefits/core/migrations/0003_data_migration_order.py [init]: https://github.com/cal-itp/benefits/blob/dev/bin/init.sh +[reset-db]: https://github.com/cal-itp/benefits/blob/dev/bin/reset_db.sh +[sample-fixtures]: https://github.com/cal-itp/benefits/tree/dev/benefits/core/migrations/local_fixtures.json diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md index 305131cf3..455a637b1 100644 --- a/docs/configuration/environment-variables.md +++ b/docs/configuration/environment-variables.md @@ -2,7 +2,8 @@ The first steps of the Getting Started guide mention [creating an `.env` file][getting-started_create-env]. -The sections below outline in more detail the application environment variables that you may want to override, and their purpose. In App Service, this is more generally called the ["configuration"][app-service-config]. +The sections below outline in more detail the application environment variables that you may want to override, and their purpose. +In Azure App Services, this is more generally called the ["configuration"][app-service-config]. See other topic pages in this section for more specific environment variable configurations. @@ -71,6 +72,39 @@ writable by the Django process._ By default, the base project directory (i.e. the root of the repository). +### `DJANGO_DB_FILE` + +!!! info "Local configuration" + + This setting only affects the app running on localhost + +The name of the Django database file to use locally (during both normal app startup and for resetting the database). + +By default, `django.db`. + +### `DJANGO_DB_FIXTURES` + +!!! info "Local configuration" + + This setting only affects the app running on localhost + +A path, relative to the repository root, of Django data fixtures to load when resetting the database. + +The file must end in `fixtures.json` for the script to process it correctly. + +By default, `benefits/core/migrations/local_fixtures.json`. + +### `DJANGO_DB_RESET` + +!!! info "Local configuration" + + This setting only affects the app running on localhost + +Boolean: + +- `True` (default): deletes the existing database file and runs fresh Django migrations. +- `False`: Django uses the existing database file. + ### `DJANGO_DEBUG` !!! warning "Deployment configuration" @@ -79,7 +113,7 @@ By default, the base project directory (i.e. the root of the repository). !!! tldr "Django docs" - [Settings: `DEBUG`](https://docs.djangoproject.com/en/4.0/ref/settings/#debug) + [Settings: `DEBUG`](https://docs.djangoproject.com/en/5.0/ref/settings/#debug) Boolean: @@ -128,14 +162,26 @@ Django's primary secret, keep this safe! ### `DJANGO_SUPERUSER_EMAIL` +!!! info "Local configuration" + + This setting only affects the app running on localhost + The email address of the Django Admin superuser created when resetting the database. ### `DJANGO_SUPERUSER_PASSWORD` +!!! info "Local configuration" + + This setting only affects the app running on localhost + The password of the Django Admin superuser created when resetting the database. ### `DJANGO_SUPERUSER_USERNAME` +!!! info "Local configuration" + + This setting only affects the app running on localhost + The username of the Django Admin superuser created when resetting the database. ### `DJANGO_TRUSTED_ORIGINS` From 0a562fb8e181b6afb8635bd68d041cde55312ac9 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 15 Feb 2024 22:28:45 +0000 Subject: [PATCH 095/114] feat(git): ignore fixtures except the included sample --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 46b0f2ec3..228504a0b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,7 @@ *.db *.env +*fixtures.json +!benefits/core/migrations/local_fixtures.json *.mo *.tfbackend *.tmp From 9cedf8d011f039b836552a4b03fbd8c9558c763d Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 18:08:19 +0000 Subject: [PATCH 096/114] chore(pre-commit): autoupdate hooks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/psf/black: 24.1.1 → 24.2.0](https://github.com/psf/black/compare/24.1.1...24.2.0) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 054f7687d..dd5fe4de9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -34,7 +34,7 @@ repos: args: ["--maxkb=1500"] - repo: https://github.com/psf/black - rev: 24.1.1 + rev: 24.2.0 hooks: - id: black types: From 8c88e8e33bfb42a4b704cf169a9e408950a17612 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Feb 2024 21:14:06 +0000 Subject: [PATCH 097/114] chore(deps-dev): bump sentry-sdk from 1.40.4 to 1.40.5 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.40.4 to 1.40.5. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-python/compare/1.40.4...1.40.5) --- updated-dependencies: - dependency-name: sentry-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 419fc6d06..ca36866d0 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -15,7 +15,7 @@ dependencies = [ "django-google-sso==5.0.0", "eligibility-api==2023.9.1", "requests==2.31.0", - "sentry-sdk==1.40.4", + "sentry-sdk==1.40.5", "six==1.16.0", ] From 94312c019717065c78930a6b675279806c3d8bd4 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 20 Feb 2024 12:54:20 -0800 Subject: [PATCH 098/114] docs(deployment): update language around config database note the use of Key Vault for secrets, Django admin for non-secrets --- docs/deployment/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/deployment/README.md b/docs/deployment/README.md index 697325fae..c3e7046cc 100644 --- a/docs/deployment/README.md +++ b/docs/deployment/README.md @@ -1,6 +1,6 @@ # Overview -[dev-benefits.calitp.org][dev-benefits] is currently deployed into a Microsoft Azure account provided by [California Department of Technology (CDT)'s Office of Enterprise Technology (OET)][oet], a.k.a. the "DevSecOps" team. More specifically, it uses [custom containers][app-service-containers] on [Azure App Service][app-service]. [More about the infrastructure.](infrastructure.md) +The Benefits app is currently deployed into a Microsoft Azure account provided by [California Department of Technology (CDT)'s Office of Enterprise Technology (OET)][oet], a.k.a. the "DevSecOps" team. More specifically, it uses [custom containers][app-service-containers] on [Azure App Service][app-service]. [More about the infrastructure.](infrastructure.md) ## Deployment process @@ -20,18 +20,18 @@ You can view what Git commit is deployed for a given environment by visitng the ## Configuration -[Configuration settings](../configuration/README.md) are stored as Application Configuration variables in Azure. -[Data](../configuration/data.md) is loaded via Django data migrations. +Sensitive [configuration settings](../configuration/README.md) are maintained as Application Configuration variables in Azure, +referencing [Azure Key Vault secrets](https://azure.microsoft.com/en-us/products/key-vault/). Other non-sensitive configuration +is maintained directly in the configuration database via the [Django Admin](https://docs.djangoproject.com/en/5.0/ref/contrib/admin/). ## Docker images Docker images for each of the deploy branches are available from GitHub Container Registry (GHCR): -* [Repository Package page](https://github.com/cal-itp/benefits/pkgs/container/benefits) -* Image path: `ghcr.io/cal-itp/benefits` -* Image tags: `dev`, `test`, `prod` +- [Repository Package page](https://github.com/cal-itp/benefits/pkgs/container/benefits) +- Image path: `ghcr.io/cal-itp/benefits` +- Image tags: `dev`, `test`, `prod` -[dev-benefits]: https://dev-benefits.calitp.org [oet]: https://techblog.cdt.ca.gov/2020/06/cdt-taking-the-lead-in-digital-transformation/ [app-service-containers]: https://docs.microsoft.com/en-us/azure/app-service/configure-custom-container [app-service]: https://docs.microsoft.com/en-us/azure/app-service/overview From e37ed91b39a2002fbc7c3508e5183b9dc4839bf8 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 20 Feb 2024 12:55:28 -0800 Subject: [PATCH 099/114] refactor(migrations): update helper script and docs now that we have the Admin interface, we don't want to regrenerate the existing migration rather, we need to generate new migrations each time to reflect model changes into the DB --- bin/makemigrations.sh | 19 +------------------ docs/development/models-migrations.md | 23 ++++++----------------- 2 files changed, 7 insertions(+), 35 deletions(-) diff --git a/bin/makemigrations.sh b/bin/makemigrations.sh index 4fc8508f0..89d755f0b 100755 --- a/bin/makemigrations.sh +++ b/bin/makemigrations.sh @@ -1,27 +1,10 @@ #!/usr/bin/env bash set -eux -# create temporary directory (if it doesn't already exist) - -mkdir -p benefits/core/old_migrations - -# move old migrations to temporary directory, but keep init file - -mv benefits/core/migrations/* benefits/core/old_migrations -cp benefits/core/old_migrations/__init__.py benefits/core/migrations - -# regenerate +# generate python manage.py makemigrations -# copy over migrations that don't exist - -cp benefits/core/old_migrations/* benefits/core/migrations --no-clobber --recursive - -# clean up temporary directory - -rm -rf benefits/core/old_migrations - # reformat with black python -m black benefits/core/migrations/*.py diff --git a/docs/development/models-migrations.md b/docs/development/models-migrations.md index 413289b9c..631fcc33d 100644 --- a/docs/development/models-migrations.md +++ b/docs/development/models-migrations.md @@ -6,24 +6,17 @@ [`benefits/core/migrations/0001_initial.py`][core-migrations] - [`benefits/core/migrations/0002_data.py`][data-migrations] - Cal-ITP Benefits defines a number of [models][core-models] in the core application, used throughout the codebase to configure different parts of the UI and logic. -The Cal-ITP Benefits database is a simple read-only Sqlite database, initialized from the [data migration](../configuration/data.md) files. - -## Migrations - -The database is rebuilt from scratch each time the container starts. We maintain a few [migration][migrations] files that set up the schema and load initial data. - -These files always represent the current schema and data for the database and match the current structure of the model classes. +The Cal-ITP Benefits database is a simple Sqlite database that mostly acts as a read-only configuration store. +Runtime configuration changes can be persisted via [Django's Admin interface](https://docs.djangoproject.com/en/5.0/ref/contrib/admin/). ## Updating models -When models are updated, the migration should be updated as well. +When models are updated, new migrations must be generated to reflect those changes into the configuration database. -A simple helper script exists to regenerate the migration file based on the current state of models in the local directory: +A simple helper script exists to generate migrations based on the current state of models in the local directory: [`bin/makemigrations.sh`][makemigrations] @@ -33,15 +26,11 @@ bin/makemigrations.sh This script: -1. Copies the existing migration files to a temporary directory 1. Runs the django `makemigrations` command -1. Copies back any migration files that are missing (data migration file) -1. Formats the newly regenerated schema migration file with `black` +1. Formats the newly regenerated migration file with `black` -This will result in a simple diff of changes on the schema migration file. Commit these changes (including the timestamp!) along with the model changes. +Commit the new migration file along with the model changes. [core-models]: https://github.com/cal-itp/benefits/blob/dev/benefits/core/models.py [core-migrations]: https://github.com/cal-itp/benefits/blob/dev/benefits/core/migrations/0001_initial.py -[data-migrations]: https://github.com/cal-itp/benefits/blob/dev/benefits/core/migrations/0002_data.py [makemigrations]: https://github.com/cal-itp/benefits/blob/dev/bin/makemigrations.sh -[migrations]: https://github.com/cal-itp/benefits/blob/dev/benefits/core/migrations From d6bf990ea2db4b9458371c7aa709e1ec40389c29 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Tue, 20 Feb 2024 13:00:21 -0800 Subject: [PATCH 100/114] chore(docs): update references to Django docs we use Django 5.x now --- benefits/settings.py | 2 +- benefits/urls.py | 2 +- docs/README.md | 2 +- docs/configuration/README.md | 8 ++++---- docs/configuration/environment-variables.md | 8 ++++---- docs/development/i18n.md | 8 ++++---- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/benefits/settings.py b/benefits/settings.py index ce3f7eeb5..35163a339 100644 --- a/benefits/settings.py +++ b/benefits/settings.py @@ -124,7 +124,7 @@ def RUNTIME_ENVIRONMENT(): # SSL terminates before getting to Django, and NGINX adds this header to indicate # if the original request was secure or not # -# See https://docs.djangoproject.com/en/4.0/ref/settings/#secure-proxy-ssl-header +# See https://docs.djangoproject.com/en/5.0/ref/settings/#secure-proxy-ssl-header if not DEBUG: SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") diff --git a/benefits/urls.py b/benefits/urls.py index 0a5d658ec..30d95f018 100644 --- a/benefits/urls.py +++ b/benefits/urls.py @@ -2,7 +2,7 @@ benefits URL Configuration The `urlpatterns` list routes URLs to views. For more information please see: - https://docs.djangoproject.com/en/4.0/topics/http/urls/ + https://docs.djangoproject.com/en/5.0/topics/http/urls/ """ import logging diff --git a/docs/README.md b/docs/README.md index 0c7405759..d7a01dbbc 100644 --- a/docs/README.md +++ b/docs/README.md @@ -96,4 +96,4 @@ All code changes are reviewed by at least one other member of the engineering te [interconnections]: deployment/infrastructure/#system-interconnections [hosting]: deployment/ [littlepay]: https://littlepay.com/ -[i18n]: https://docs.djangoproject.com/en/4.0/topics/i18n/ +[i18n]: https://docs.djangoproject.com/en/5.0/topics/i18n/ diff --git a/docs/configuration/README.md b/docs/configuration/README.md index ef12dcede..9ed629e16 100644 --- a/docs/configuration/README.md +++ b/docs/configuration/README.md @@ -13,7 +13,7 @@ startup. The model objects defined in the data migration file are also loaded into and seed Django's database at application startup time. - See the [Setting secrets](../deployment/secrets) section for how to set secret values for a deployment. +See the [Setting secrets](../deployment/secrets) section for how to set secret values for a deployment. ## Django settings @@ -77,9 +77,9 @@ else: [benefits-manage]: https://github.com/cal-itp/benefits/blob/dev/manage.py [benefits-settings]: https://github.com/cal-itp/benefits/blob/dev/benefits/settings.py [benefits-wsgi]: https://github.com/cal-itp/benefits/blob/dev/benefits/wsgi.py -[django-model]: https://docs.djangoproject.com/en/4.0/topics/db/models/ -[django-settings]: https://docs.djangoproject.com/en/4.0/topics/settings/ -[django-using-settings]: https://docs.djangoproject.com/en/4.0/topics/settings/#using-settings-in-python-code +[django-model]: https://docs.djangoproject.com/en/5.0/topics/db/models/ +[django-settings]: https://docs.djangoproject.com/en/5.0/topics/settings/ +[django-using-settings]: https://docs.djangoproject.com/en/5.0/topics/settings/#using-settings-in-python-code [env-vars]: environment-variables.md [data]: data.md [getting-started]: ../getting-started/README.md diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md index 455a637b1..cd150c283 100644 --- a/docs/configuration/environment-variables.md +++ b/docs/configuration/environment-variables.md @@ -57,7 +57,7 @@ If blank or an invalid key, analytics events aren't captured (though may still b !!! tldr "Django docs" - [Settings: `ALLOWS_HOSTS`](https://docs.djangoproject.com/en/4.0/ref/settings/#allowed-hosts) + [Settings: `ALLOWS_HOSTS`](https://docs.djangoproject.com/en/5.0/ref/settings/#allowed-hosts) A list of strings representing the host/domain names that this Django site can serve. @@ -142,7 +142,7 @@ From inside the container, the app is always listening on port `8000`. !!! tldr "Django docs" - [Settings: `LOGGING_CONFIG`](https://docs.djangoproject.com/en/4.0/ref/settings/#logging-config) + [Settings: `LOGGING_CONFIG`](https://docs.djangoproject.com/en/5.0/ref/settings/#logging-config) The log level used in the application's logging configuration. @@ -156,7 +156,7 @@ By default the application sends logs to `stdout`. !!! tldr "Django docs" - [Settings: `SECRET_KEY`](https://docs.djangoproject.com/en/4.0/ref/settings/#secret-key) + [Settings: `SECRET_KEY`](https://docs.djangoproject.com/en/5.0/ref/settings/#secret-key) Django's primary secret, keep this safe! @@ -192,7 +192,7 @@ The username of the Django Admin superuser created when resetting the database. !!! tldr "Django docs" - [Settings: `CSRF_TRUSTED_ORIGINS`](https://docs.djangoproject.com/en/4.0/ref/settings/#csrf-trusted-origins) + [Settings: `CSRF_TRUSTED_ORIGINS`](https://docs.djangoproject.com/en/5.0/ref/settings/#csrf-trusted-origins) Comma-separated list of hosts which are trusted origins for unsafe requests (e.g. POST) diff --git a/docs/development/i18n.md b/docs/development/i18n.md index 093a7e102..4dfcfb24e 100644 --- a/docs/development/i18n.md +++ b/docs/development/i18n.md @@ -2,9 +2,9 @@ !!! tldr "Django docs" - [Internationalization and localization](https://docs.djangoproject.com/en/4.0/topics/i18n/) + [Internationalization and localization](https://docs.djangoproject.com/en/5.0/topics/i18n/) - [Translation](https://docs.djangoproject.com/en/4.0/topics/i18n/translation/) + [Translation](https://docs.djangoproject.com/en/5.0/topics/i18n/translation/) !!! example "Message files" @@ -12,7 +12,7 @@ The Cal-ITP Benefits application is fully internationalized and available in both English and Spanish. -It uses Django's built-in support for translation using [message files](https://docs.djangoproject.com/en/4.0/topics/i18n/#term-message-file), which contain entries of `msgid`/`msgstr` pairs. The `msgid` is referenced in source code so that Django takes care of showing the `msgstr` for the user's language. +It uses Django's built-in support for translation using [message files](https://docs.djangoproject.com/en/5S.0/topics/i18n/#term-message-file), which contain entries of `msgid`/`msgstr` pairs. The `msgid` is referenced in source code so that Django takes care of showing the `msgstr` for the user's language. ## Updating message files @@ -42,7 +42,7 @@ When templates have different copy per agency, create a new template for that ag ### Fuzzy strings -From [Django docs](https://docs.djangoproject.com/en/4.0/topics/i18n/translation/#message-files): +From [Django docs](https://docs.djangoproject.com/en/5.0/topics/i18n/translation/#message-files): > `makemessages` sometimes generates translation entries marked as fuzzy, e.g. when translations are inferred from previously translated strings. From c736ad577db751628ef500dc6882fed755757c85 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 21:21:45 +0000 Subject: [PATCH 101/114] chore(deps-dev): bump cypress from 13.6.4 to 13.6.5 in /tests/cypress Bumps [cypress](https://github.com/cypress-io/cypress) from 13.6.4 to 13.6.5. - [Release notes](https://github.com/cypress-io/cypress/releases) - [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md) - [Commits](https://github.com/cypress-io/cypress/compare/v13.6.4...v13.6.5) --- updated-dependencies: - dependency-name: cypress dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- tests/cypress/package-lock.json | 22 +++++++++++----------- tests/cypress/package.json | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/cypress/package-lock.json b/tests/cypress/package-lock.json index 122161e64..cb87c6931 100644 --- a/tests/cypress/package-lock.json +++ b/tests/cypress/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.0", "license": "AGPL-3.0-or-later", "devDependencies": { - "cypress": "^13.6.4" + "cypress": "^13.6.5" } }, "node_modules/@colors/colors": { @@ -537,9 +537,9 @@ } }, "node_modules/cypress": { - "version": "13.6.4", - "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.6.4.tgz", - "integrity": "sha512-pYJjCfDYB+hoOoZuhysbbYhEmNW7DEDsqn+ToCLwuVowxUXppIWRr7qk4TVRIU471ksfzyZcH+mkoF0CQUKnpw==", + "version": "13.6.5", + "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.6.5.tgz", + "integrity": "sha512-2NxSDcO2zHw5kTcosc6dzv2zppEqiXrFFhZw5cx/EWrSNZABTzpr/EyvYzGgrWm46o5173JUfuJfDQcaiZZPVQ==", "dev": true, "hasInstallScript": true, "dependencies": { @@ -550,7 +550,7 @@ "arch": "^2.2.0", "blob-util": "^2.0.2", "bluebird": "^3.7.2", - "buffer": "^5.6.0", + "buffer": "^5.7.1", "cachedir": "^2.3.0", "chalk": "^4.1.0", "check-more-types": "^2.24.0", @@ -568,7 +568,7 @@ "figures": "^3.2.0", "fs-extra": "^9.1.0", "getos": "^3.2.1", - "is-ci": "^3.0.0", + "is-ci": "^3.0.1", "is-installed-globally": "~0.4.0", "lazy-ass": "^1.6.0", "listr2": "^3.8.3", @@ -2358,9 +2358,9 @@ } }, "cypress": { - "version": "13.6.4", - "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.6.4.tgz", - "integrity": "sha512-pYJjCfDYB+hoOoZuhysbbYhEmNW7DEDsqn+ToCLwuVowxUXppIWRr7qk4TVRIU471ksfzyZcH+mkoF0CQUKnpw==", + "version": "13.6.5", + "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.6.5.tgz", + "integrity": "sha512-2NxSDcO2zHw5kTcosc6dzv2zppEqiXrFFhZw5cx/EWrSNZABTzpr/EyvYzGgrWm46o5173JUfuJfDQcaiZZPVQ==", "dev": true, "requires": { "@cypress/request": "^3.0.0", @@ -2370,7 +2370,7 @@ "arch": "^2.2.0", "blob-util": "^2.0.2", "bluebird": "^3.7.2", - "buffer": "^5.6.0", + "buffer": "^5.7.1", "cachedir": "^2.3.0", "chalk": "^4.1.0", "check-more-types": "^2.24.0", @@ -2388,7 +2388,7 @@ "figures": "^3.2.0", "fs-extra": "^9.1.0", "getos": "^3.2.1", - "is-ci": "^3.0.0", + "is-ci": "^3.0.1", "is-installed-globally": "~0.4.0", "lazy-ass": "^1.6.0", "listr2": "^3.8.3", diff --git a/tests/cypress/package.json b/tests/cypress/package.json index de9cbf6ba..0eb2506b0 100644 --- a/tests/cypress/package.json +++ b/tests/cypress/package.json @@ -12,6 +12,6 @@ "license": "AGPL-3.0-or-later", "private": true, "devDependencies": { - "cypress": "^13.6.4" + "cypress": "^13.6.5" } } From 0f8ab2041e72c6b252daa9f9b3b92124548c32c2 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Fri, 23 Feb 2024 09:49:12 -0800 Subject: [PATCH 102/114] docs: fix typo in Django URL Co-authored-by: Angela Tran --- docs/development/i18n.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/development/i18n.md b/docs/development/i18n.md index 4dfcfb24e..7261011bd 100644 --- a/docs/development/i18n.md +++ b/docs/development/i18n.md @@ -12,7 +12,7 @@ The Cal-ITP Benefits application is fully internationalized and available in both English and Spanish. -It uses Django's built-in support for translation using [message files](https://docs.djangoproject.com/en/5S.0/topics/i18n/#term-message-file), which contain entries of `msgid`/`msgstr` pairs. The `msgid` is referenced in source code so that Django takes care of showing the `msgstr` for the user's language. +It uses Django's built-in support for translation using [message files](https://docs.djangoproject.com/en/5.0/topics/i18n/#term-message-file), which contain entries of `msgid`/`msgstr` pairs. The `msgid` is referenced in source code so that Django takes care of showing the `msgstr` for the user's language. ## Updating message files From e07665ef2265497fe8bc30d540a5ead07b259d92 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Fri, 23 Feb 2024 11:38:20 -0800 Subject: [PATCH 103/114] fix(terraform): correct Google SSO secret names quick follow-up to #1855 that was missed in review --- terraform/app_service.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/terraform/app_service.tf b/terraform/app_service.tf index 1d3a39dca..1b3679022 100644 --- a/terraform/app_service.tf +++ b/terraform/app_service.tf @@ -81,12 +81,12 @@ resource "azurerm_linux_web_app" "main" { # Google SSO for Admin - "GOOGLE_SSO_CLIENT_ID" = "${local.secret_prefix}google-sso-client-id", - "GOOGLE_SSO_PROJECT_ID" = "${local.secret_prefix}google-sso-project-id", - "GOOGLE_SSO_CLIENT_SECRET" = "${local.secret_prefix}google-sso-client-secret", - "GOOGLE_SSO_ALLOWABLE_DOMAINS" = "${local.secret_prefix}google-sso-allowable-domains", - "GOOGLE_SSO_STAFF_LIST" = "${local.secret_prefix}google-sso-staff-list", - "GOOGLE_SSO_SUPERUSER_LIST" = "${local.secret_prefix}google-sso-superuser-list" + "GOOGLE_SSO_CLIENT_ID" = "${local.secret_prefix}google-sso-client-id)", + "GOOGLE_SSO_PROJECT_ID" = "${local.secret_prefix}google-sso-project-id)", + "GOOGLE_SSO_CLIENT_SECRET" = "${local.secret_prefix}google-sso-client-secret)", + "GOOGLE_SSO_ALLOWABLE_DOMAINS" = "${local.secret_prefix}google-sso-allowable-domains)", + "GOOGLE_SSO_STAFF_LIST" = "${local.secret_prefix}google-sso-staff-list)", + "GOOGLE_SSO_SUPERUSER_LIST" = "${local.secret_prefix}google-sso-superuser-list)" # Sentry "SENTRY_DSN" = "${local.secret_prefix}sentry-dsn)", From acb0803b77d27894d068b8057171d2f73198b9ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 23 Feb 2024 21:16:31 +0000 Subject: [PATCH 104/114] chore(deps-dev): bump cypress from 13.6.5 to 13.6.6 in /tests/cypress Bumps [cypress](https://github.com/cypress-io/cypress) from 13.6.5 to 13.6.6. - [Release notes](https://github.com/cypress-io/cypress/releases) - [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md) - [Commits](https://github.com/cypress-io/cypress/compare/v13.6.5...v13.6.6) --- updated-dependencies: - dependency-name: cypress dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- tests/cypress/package-lock.json | 14 +++++++------- tests/cypress/package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/cypress/package-lock.json b/tests/cypress/package-lock.json index cb87c6931..91d5a3c2e 100644 --- a/tests/cypress/package-lock.json +++ b/tests/cypress/package-lock.json @@ -9,7 +9,7 @@ "version": "1.0.0", "license": "AGPL-3.0-or-later", "devDependencies": { - "cypress": "^13.6.5" + "cypress": "^13.6.6" } }, "node_modules/@colors/colors": { @@ -537,9 +537,9 @@ } }, "node_modules/cypress": { - "version": "13.6.5", - "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.6.5.tgz", - "integrity": "sha512-2NxSDcO2zHw5kTcosc6dzv2zppEqiXrFFhZw5cx/EWrSNZABTzpr/EyvYzGgrWm46o5173JUfuJfDQcaiZZPVQ==", + "version": "13.6.6", + "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.6.6.tgz", + "integrity": "sha512-S+2S9S94611hXimH9a3EAYt81QM913ZVA03pUmGDfLTFa5gyp85NJ8dJGSlEAEmyRsYkioS1TtnWtbv/Fzt11A==", "dev": true, "hasInstallScript": true, "dependencies": { @@ -2358,9 +2358,9 @@ } }, "cypress": { - "version": "13.6.5", - "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.6.5.tgz", - "integrity": "sha512-2NxSDcO2zHw5kTcosc6dzv2zppEqiXrFFhZw5cx/EWrSNZABTzpr/EyvYzGgrWm46o5173JUfuJfDQcaiZZPVQ==", + "version": "13.6.6", + "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.6.6.tgz", + "integrity": "sha512-S+2S9S94611hXimH9a3EAYt81QM913ZVA03pUmGDfLTFa5gyp85NJ8dJGSlEAEmyRsYkioS1TtnWtbv/Fzt11A==", "dev": true, "requires": { "@cypress/request": "^3.0.0", diff --git a/tests/cypress/package.json b/tests/cypress/package.json index 0eb2506b0..8c42e2c6c 100644 --- a/tests/cypress/package.json +++ b/tests/cypress/package.json @@ -12,6 +12,6 @@ "license": "AGPL-3.0-or-later", "private": true, "devDependencies": { - "cypress": "^13.6.5" + "cypress": "^13.6.6" } } From cb882c333afa9cf4a0ef96be9e6d6bf8fe49312b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 23 Feb 2024 21:52:27 +0000 Subject: [PATCH 105/114] chore(deps-dev): bump azure-keyvault-secrets from 4.7.0 to 4.8.0 Bumps [azure-keyvault-secrets](https://github.com/Azure/azure-sdk-for-python) from 4.7.0 to 4.8.0. - [Release notes](https://github.com/Azure/azure-sdk-for-python/releases) - [Changelog](https://github.com/Azure/azure-sdk-for-python/blob/main/doc/esrp_release.md) - [Commits](https://github.com/Azure/azure-sdk-for-python/compare/azure-keyvault-secrets_4.7.0...azure-keyvault-secrets_4.8.0) --- updated-dependencies: - dependency-name: azure-keyvault-secrets dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index ca36866d0..f6bd1103f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -8,7 +8,7 @@ classifiers = ["Programming Language :: Python :: 3 :: Only"] requires-python = ">=3.9" dependencies = [ "Authlib==1.3.0", - "azure-keyvault-secrets==4.7.0", + "azure-keyvault-secrets==4.8.0", "azure-identity==1.15.0", "Django==5.0.2", "django-csp==3.7", From f6fa110faedbe0231c748abb53e9c58a78ec63ae Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Fri, 23 Feb 2024 15:47:57 -0800 Subject: [PATCH 106/114] fix(ci): check for existing preview comment first we don't need a new comment every time a commit is made, only the first time --- .github/workflows/mkdocs.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/mkdocs.yml b/.github/workflows/mkdocs.yml index 248332173..f08636847 100644 --- a/.github/workflows/mkdocs.yml +++ b/.github/workflows/mkdocs.yml @@ -59,8 +59,17 @@ jobs: NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} NETLIFY_SITE_ID: ${{ secrets.NETLIFY_PREVIEW_APP_SITE_ID }} + - name: Find existing comment + uses: peter-evans/find-comment@v3 + id: find-comment + with: + issue-number: ${{ github.event.number }} + comment-author: "github-actions[bot]" + body-includes: "Preview url: https://" + - name: Add Netlify link PR comment uses: actions/github-script@v7 + if: steps.find-comment.outputs.comment-id == '' with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | From 037ba788cb35a8d5bdb42ac2e9c07952aac8b7e4 Mon Sep 17 00:00:00 2001 From: Andy Walker Date: Mon, 26 Feb 2024 17:41:15 -0800 Subject: [PATCH 107/114] Update README.md added low-income pathway to table within supported enrollment pathways --- docs/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/README.md b/docs/README.md index d7a01dbbc..9941df732 100644 --- a/docs/README.md +++ b/docs/README.md @@ -32,6 +32,7 @@ The Cal-ITP Benefits app supports the following enrollment pathways that use the | [**Older adults**](/benefits/enrollment-pathways/older-adults) | [Login.gov ID Proofed](https://developers.login.gov/attributes/) | Live | [08/2022](https://github.com/cal-itp/benefits/releases/tag/2022.08.1) | | [**Agency cards**](/benefits/enrollment-pathways/agency-cards) | [Eligibility API](https://docs.calitp.org/eligibility-api/specification/) | Live | [11/2022](https://github.com/cal-itp/benefits/releases/tag/2022.11.1) | | [**Veterans**](/benefits/enrollment-pathways/veterans) | [Veteran Confirmation API](https://developer.va.gov/explore/api/veteran-confirmation) | Live | [09/2023](https://github.com/cal-itp/benefits/releases/tag/2023.09.1) | +| [**Low-income**](/benefits/enrollment-pathways/low-income) | CalFresh Confirm API | In development | | Read more about each [enrollment pathway](/benefits/enrollment-pathways/). From afcb2ab156f8d6cb598038750961922da60388c6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Feb 2024 21:40:16 +0000 Subject: [PATCH 108/114] chore(deps-dev): bump sentry-sdk from 1.40.5 to 1.40.6 Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 1.40.5 to 1.40.6. - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](https://github.com/getsentry/sentry-python/compare/1.40.5...1.40.6) --- updated-dependencies: - dependency-name: sentry-sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index ca36866d0..a36503bd8 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -15,7 +15,7 @@ dependencies = [ "django-google-sso==5.0.0", "eligibility-api==2023.9.1", "requests==2.31.0", - "sentry-sdk==1.40.5", + "sentry-sdk==1.40.6", "six==1.16.0", ] From e47b6cdec5dc538c4c149e8bb8eb9e2d395394a1 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Wed, 28 Feb 2024 19:23:42 +0000 Subject: [PATCH 109/114] fix(env): wrap sample secret in quotes spaces in the value can cause bash to choke when doing e.g. source .env --- .env.sample | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.env.sample b/.env.sample index fb14ecd8e..b4c167aee 100644 --- a/.env.sample +++ b/.env.sample @@ -7,7 +7,6 @@ DJANGO_DB_DIR=. DJANGO_DB_FILE=django.db DJANGO_DB_FIXTURES="benefits/core/migrations/local_fixtures.json" -testsecret=Hello from the local environment! auth_provider_client_id=benefits-oauth-client-id courtesy_card_verifier_api_auth_key=server-auth-token mobility_pass_verifier_api_auth_key=server-auth-token @@ -22,3 +21,5 @@ sacrt_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE-----\nPEM DA sbmtd_payment_processor_client_cert='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----' sbmtd_payment_processor_client_cert_private_key='-----BEGIN RSA PRIVATE KEY-----\nPEM DATA\n-----END RSA PRIVATE KEY-----' sbmtd_payment_processor_client_cert_root_ca='-----BEGIN CERTIFICATE-----\nPEM DATA\n-----END CERTIFICATE-----' + +testsecret="Hello from the local environment!" From 67bc3f4815ab7597a2a6a301d70cbb73031c4f82 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Wed, 28 Feb 2024 19:24:48 +0000 Subject: [PATCH 110/114] fix(reset): correct syntax checking for valid fixtures * remove additional variable FIXTURES that isn't necessary * remove spacing in eval, causing evaluation to fail --- bin/reset_db.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/bin/reset_db.sh b/bin/reset_db.sh index 26529338a..1b3ea0fd8 100755 --- a/bin/reset_db.sh +++ b/bin/reset_db.sh @@ -3,8 +3,6 @@ set -ex # whether to reset database file, defaults to true DB_RESET="${DJANGO_DB_RESET:-true}" -# optional fixtures to import -FIXTURES="${DJANGO_DB_FIXTURES}" if [[ $DB_RESET = true ]]; then # construct the path to the database file from environment or default @@ -25,11 +23,11 @@ else echo "DB_RESET is false, skipping" fi -valid_fixtures=$( echo $FIXTURES | grep -e fixtures\.json$ ) +valid_fixtures=$(echo "$DJANGO_DB_FIXTURES" | grep -e fixtures\.json$) if [[ -n "$valid_fixtures" ]]; then # load data fixtures - python manage.py loaddata "$FIXTURES" + python manage.py loaddata "$DJANGO_DB_FIXTURES" else echo "No JSON fixtures to load" fi From 6bac7623b72f56f3759fb83536f157b32248c96b Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 29 Feb 2024 19:14:05 +0000 Subject: [PATCH 111/114] chore(docs): pin key requirements ensure we are on the latest versions of mkdocs and mkdocs-material --- docs/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index 028622c74..0211c4936 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,6 +1,6 @@ mdx_truly_sane_lists -mkdocs +mkdocs==1.5.3 mkdocs-awesome-pages-plugin mkdocs-macros-plugin -mkdocs-material +mkdocs-material==9.5.12 mkdocs-redirects From 51d0d6990540751f26bf211ea23fb3bd70e7360a Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 29 Feb 2024 19:14:59 +0000 Subject: [PATCH 112/114] chore(github): dependabot config for docs requirements ensure we get version updates for pinned docs requirements --- .github/dependabot.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 96c61c651..20ede63b0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -14,6 +14,15 @@ updates: include: "scope" labels: - "dependencies" + - package-ecosystem: "pip" + directory: "/docs" # requirements.txt + schedule: + interval: "daily" + commit-message: + prefix: "chore" + include: "scope" + labels: + - "dependencies" - package-ecosystem: "github-actions" # Workflow files stored in the # default location of `.github/workflows` From 57725c09c405a3e7b998255d23750cf9ceb12e30 Mon Sep 17 00:00:00 2001 From: Kegan Maher Date: Thu, 29 Feb 2024 19:15:46 +0000 Subject: [PATCH 113/114] fix(docs): fix syntax for pymdownx.emoji this is now built-in to mkdocs-material directly --- mkdocs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mkdocs.yml b/mkdocs.yml index 2e6881842..2ec8dd6ae 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -50,8 +50,8 @@ markdown_extensions: linenums: true - mdx_truly_sane_lists - pymdownx.emoji: - emoji_index: !!python/name:materialx.emoji.twemoji - emoji_generator: !!python/name:materialx.emoji.to_svg + emoji_index: !!python/name:material.extensions.emoji.twemoji + emoji_generator: !!python/name:material.extensions.emoji.to_svg - pymdownx.inlinehilite - pymdownx.tasklist: custom_checkbox: true From d7a4dceea9ff1d66159c2e7c3e2ae3140574d362 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 18:03:40 +0000 Subject: [PATCH 114/114] chore(deps-dev): bump django-csp from 3.7 to 3.8 Bumps [django-csp](https://github.com/mozilla/django-csp) from 3.7 to 3.8. - [Release notes](https://github.com/mozilla/django-csp/releases) - [Changelog](https://github.com/mozilla/django-csp/blob/main/CHANGES) - [Commits](https://github.com/mozilla/django-csp/compare/3.7...3.8) --- updated-dependencies: - dependency-name: django-csp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 7e426158f..39075f56f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -11,7 +11,7 @@ dependencies = [ "azure-keyvault-secrets==4.8.0", "azure-identity==1.15.0", "Django==5.0.2", - "django-csp==3.7", + "django-csp==3.8", "django-google-sso==5.0.0", "eligibility-api==2023.9.1", "requests==2.31.0",