From 7afdfd2ef46c54ccbec275b45b340def4846d112 Mon Sep 17 00:00:00 2001 From: Alexander Zobnin Date: Thu, 2 Apr 2020 17:35:48 +0300 Subject: [PATCH] Okta OAuth provider (team sync support) (#22972) * Okta OAuth support * Chore: fix linter error * Chore: move IsEmailAllowed to SocialBase * Chore: move IsSignupAllowed to SocialBase * Chore: review fixes * Okta: support allowed_groups * Okta: default config * Chore: move extractEmail() to OktaClaims struct * Chore: review fixes * generic_oauth_test: Handle error cases Signed-off-by: Arve Knudsen * generic_oauth_test: Handle error cases Signed-off-by: Arve Knudsen * Docs: Okta OAuth * Chore: don't return expected errors from searchJSONForAttr * Docs: role mapping * Chore: review fixes (searchJSONForAttr) * Docs: review fixes * Update docs/sources/auth/okta.md Co-Authored-By: Arve Knudsen * Update docs/sources/auth/okta.md Co-Authored-By: Arve Knudsen * Chore: log error if searchJSONForAttr failed * Docs: add Okta login link * Docs: review fixes * Docs: add reference to the org roles Co-authored-by: Arve Knudsen --- conf/defaults.ini | 15 ++ conf/sample.ini | 15 ++ docs/sources/auth/okta.md | 89 ++++++++++ docs/sources/menu.yaml | 2 + .../src/themes/_variables.scss.tmpl.ts | 5 + pkg/login/social/azuread_oauth.go | 22 +-- pkg/login/social/azuread_oauth_test.go | 12 +- pkg/login/social/common.go | 39 +++++ pkg/login/social/generic_oauth.go | 71 +++----- pkg/login/social/generic_oauth_test.go | 22 ++- pkg/login/social/github_oauth.go | 10 -- pkg/login/social/gitlab_oauth.go | 14 +- pkg/login/social/google_oauth.go | 14 +- pkg/login/social/grafana_com_oauth.go | 5 - pkg/login/social/okta_oauth.go | 153 ++++++++++++++++++ pkg/login/social/social.go | 80 +++++---- pkg/models/models.go | 1 + .../components/Login/LoginServiceButtons.tsx | 4 + public/img/okta_logo_white.png | Bin 0 -> 112600 bytes public/sass/_variables.generated.scss | 5 + public/sass/components/_buttons.scss | 9 ++ 21 files changed, 426 insertions(+), 161 deletions(-) create mode 100644 docs/sources/auth/okta.md create mode 100644 pkg/login/social/okta_oauth.go create mode 100644 public/img/okta_logo_white.png diff --git a/conf/defaults.ini b/conf/defaults.ini index 1667c8a9406..bfe7e768e1f 100644 --- a/conf/defaults.ini +++ b/conf/defaults.ini @@ -386,6 +386,21 @@ token_url = https://login.microsoftonline.com//oauth2/v2.0/token allowed_domains = allowed_groups = +#################################### Okta OAuth ####################### +[auth.okta] +name = Okta +enabled = false +allow_sign_up = true +client_id = some_id +client_secret = some_secret +scopes = openid profile email groups +auth_url = https://.okta.com/oauth2/v1/authorize +token_url = https://.okta.com/oauth2/v1/token +api_url = https://.okta.com/oauth2/v1/userinfo +allowed_domains = +allowed_groups = +role_attribute_path = + #################################### Generic OAuth ####################### [auth.generic_oauth] name = OAuth diff --git a/conf/sample.ini b/conf/sample.ini index f2398014163..98b9be12187 100644 --- a/conf/sample.ini +++ b/conf/sample.ini @@ -376,6 +376,21 @@ ;allowed_domains = ;allowed_groups = +#################################### Okta OAuth ####################### +[auth.okta] +;name = Okta +;enabled = false +;allow_sign_up = true +;client_id = some_id +;client_secret = some_secret +;scopes = openid profile email groups +;auth_url = https://.okta.com/oauth2/v1/authorize +;token_url = https://.okta.com/oauth2/v1/token +;api_url = https://.okta.com/oauth2/v1/userinfo +;allowed_domains = +;allowed_groups = +;role_attribute_path = + #################################### Generic OAuth ########################## [auth.generic_oauth] ;enabled = false diff --git a/docs/sources/auth/okta.md b/docs/sources/auth/okta.md new file mode 100644 index 00000000000..1ee1b9691ce --- /dev/null +++ b/docs/sources/auth/okta.md @@ -0,0 +1,89 @@ ++++ +title = "Okta OAuth2 authentication" +description = "Grafana Okta OAuth Guide " +keywords = ["grafana", "configuration", "documentation", "oauth"] +type = "docs" +[menu.docs] +name = "Okta" +identifier = "okta_oauth2" +parent = "authentication" +weight = 3 ++++ + +# Okta OAuth2 authentication + +> Only available in Grafana v7.0+ + +The Okta authentication allows your Grafana users to log in by using an external Okta authorization server. + +## Create an Okta application + +Before you can sign a user in, you need to create an Okta application from the Okta Developer Console. + +1. Log in to the [Okta portal](https://login.okta.com/). + +1. Go to Admin and then select **Developer Console**. + +1. Select **Applications**, then **Add Application**. + +1. Pick **Web** as the platform. + +1. Enter a name for your application (or leave the default value). + +1. Add the **Base URI** of your application, such as https://grafana.example.com. + +1. Enter values for the **Login redirect URI**. Use **Base URI** and append it with `/login/okta`, for example: https://grafana.example.com/login/okta. + +1. Click **Done** to finish creating the Okta application. + +## Enable Okta Oauth in Grafana + +1. Add the following to the [Grafana configuration file]({{< relref "../installation/configuration.md#config-file-locations" >}}): + +```ini +[auth.okta] +name = Okta +enabled = true +allow_sign_up = true +client_id = some_id +client_secret = some_secret +scopes = openid profile email groups +auth_url = https://.okta.com/oauth2/v1/authorize +token_url = https://.okta.com/oauth2/v1/token +api_url = https://.okta.com/oauth2/v1/userinfo +allowed_domains = +allowed_groups = +role_attribute_path = +``` + +### Configure allowed groups and domains + +To limit access to authenticated users that are members of one or more groups, set `allowed_groups` +to a comma- or space-separated list of Okta groups. + +```ini +allowed_groups = Developers, Admins +``` + +The `allowed_domains` option limits access to the users belonging to the specific domains. Domains should be separated by space or comma. + +```ini +allowed_domains = mycompany.com mycompany.org +``` + +### Map roles + +Grafana can attempt to do role mapping through Okta OAuth. In order to achieve this, Grafana checks for the presence of a role using the [JMESPath](http://jmespath.org/examples.html) specified via the `role_attribute_path` configuration option. + +Grafana uses JSON obtained from querying the `/userinfo` endpoint for the path lookup. The result after evaluating the `role_attribute_path` JMESPath expression needs to be a valid Grafana role, i.e. `Viewer`, `Editor` or `Admin`. Refer to [Organization roles]({{< relref "../permissions/organization_roles.md" >}}) for more information about roles and permissions in Grafana. + +Read about how to [add custom claims](https://developer.okta.com/docs/guides/customize-tokens-returned-from-okta/add-custom-claim/) to the user info in Okta. Also, check Generic OAuth page for [JMESPath examples]({{< relref "generic-oauth.md/#jmespath-examples" >}}). + +### Team Sync (Enterprise only) + +Map your Okta groups to teams in Grafana so that your users will automatically be added to +the correct teams. + +Okta groups can be referenced by group name, like `Admins`. + +[Learn more about Team Sync]({{< relref "../enterprise/team-sync.md" >}}) diff --git a/docs/sources/menu.yaml b/docs/sources/menu.yaml index 6dacae23540..58a3fbe5eed 100644 --- a/docs/sources/menu.yaml +++ b/docs/sources/menu.yaml @@ -56,6 +56,8 @@ name: GitHub - link: /auth/gitlab/ name: GitLab + - link: /auth/okta/ + name: Okta - link: /auth/saml/ name: SAML - link: /auth/team-sync/ diff --git a/packages/grafana-ui/src/themes/_variables.scss.tmpl.ts b/packages/grafana-ui/src/themes/_variables.scss.tmpl.ts index 10b7d551fe3..392336aaf66 100644 --- a/packages/grafana-ui/src/themes/_variables.scss.tmpl.ts +++ b/packages/grafana-ui/src/themes/_variables.scss.tmpl.ts @@ -229,6 +229,11 @@ $external-services: ( borderColor: #393939, icon: '', ), + okta: ( + bgColor: #2f2f2f, + borderColor: #393939, + icon: '', + ), oauth: ( bgColor: #262628, borderColor: #393939, diff --git a/pkg/login/social/azuread_oauth.go b/pkg/login/social/azuread_oauth.go index 620a232109c..3e40d4ce831 100644 --- a/pkg/login/social/azuread_oauth.go +++ b/pkg/login/social/azuread_oauth.go @@ -7,6 +7,7 @@ import ( "strings" "github.com/grafana/grafana/pkg/models" + "github.com/grafana/grafana/pkg/util/errutil" "golang.org/x/oauth2" "gopkg.in/square/go-jose.v2/jwt" @@ -14,9 +15,7 @@ import ( type SocialAzureAD struct { *SocialBase - allowedDomains []string - allowedGroups []string - allowSignup bool + allowedGroups []string } type azureClaims struct { @@ -32,34 +31,25 @@ func (s *SocialAzureAD) Type() int { return int(models.AZUREAD) } -func (s *SocialAzureAD) IsEmailAllowed(email string) bool { - return isEmailAllowed(email, s.allowedDomains) -} - -func (s *SocialAzureAD) IsSignupAllowed() bool { - return s.allowSignup -} - func (s *SocialAzureAD) UserInfo(_ *http.Client, token *oauth2.Token) (*BasicUserInfo, error) { idToken := token.Extra("id_token") if idToken == nil { - return nil, fmt.Errorf("No id_token found") + return nil, fmt.Errorf("no id_token found") } parsedToken, err := jwt.ParseSigned(idToken.(string)) if err != nil { - return nil, fmt.Errorf("Error parsing id token") + return nil, errutil.Wrapf(err, "error parsing id token") } var claims azureClaims if err := parsedToken.UnsafeClaimsWithoutVerification(&claims); err != nil { - return nil, fmt.Errorf("Error getting claims from id token") + return nil, errutil.Wrapf(err, "error getting claims from id token") } email := extractEmail(claims) - if email == "" { - return nil, errors.New("Error getting user info: No email found in access token") + return nil, errors.New("error getting user info: no email found in access token") } role := extractRole(claims) diff --git a/pkg/login/social/azuread_oauth_test.go b/pkg/login/social/azuread_oauth_test.go index e7e2ee97033..7fc04a9b733 100644 --- a/pkg/login/social/azuread_oauth_test.go +++ b/pkg/login/social/azuread_oauth_test.go @@ -13,10 +13,8 @@ import ( func TestSocialAzureAD_UserInfo(t *testing.T) { type fields struct { - SocialBase *SocialBase - allowedDomains []string - allowedGroups []string - allowSignup bool + SocialBase *SocialBase + allowedGroups []string } type args struct { client *http.Client @@ -225,10 +223,8 @@ func TestSocialAzureAD_UserInfo(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { s := &SocialAzureAD{ - SocialBase: tt.fields.SocialBase, - allowedDomains: tt.fields.allowedDomains, - allowedGroups: tt.fields.allowedGroups, - allowSignup: tt.fields.allowSignup, + SocialBase: tt.fields.SocialBase, + allowedGroups: tt.fields.allowedGroups, } key := []byte("secret") diff --git a/pkg/login/social/common.go b/pkg/login/social/common.go index 053379f39bd..1f4f8adbfe1 100644 --- a/pkg/login/social/common.go +++ b/pkg/login/social/common.go @@ -1,12 +1,16 @@ package social import ( + "encoding/json" + "errors" "fmt" "io/ioutil" "net/http" "strings" "github.com/grafana/grafana/pkg/infra/log" + "github.com/grafana/grafana/pkg/util/errutil" + "github.com/jmespath/go-jmespath" ) var ( @@ -18,6 +22,14 @@ type HttpGetResponse struct { Headers http.Header } +func (s *SocialBase) IsEmailAllowed(email string) bool { + return isEmailAllowed(email, s.allowedDomains) +} + +func (s *SocialBase) IsSignupAllowed() bool { + return s.allowSignup +} + func isEmailAllowed(email string, allowedDomains []string) bool { if len(allowedDomains) == 0 { return true @@ -57,3 +69,30 @@ func HttpGet(client *http.Client, url string) (response HttpGetResponse, err err err = nil return } + +func (s *SocialBase) searchJSONForAttr(attributePath string, data []byte) (string, error) { + if attributePath == "" { + return "", errors.New("no attribute path specified") + } + + if len(data) == 0 { + return "", errors.New("empty user info JSON response provided") + } + + var buf interface{} + if err := json.Unmarshal(data, &buf); err != nil { + return "", errutil.Wrap("failed to unmarshal user info JSON response", err) + } + + val, err := jmespath.Search(attributePath, buf) + if err != nil { + return "", errutil.Wrapf(err, "failed to search user info JSON response with provided path: %q", attributePath) + } + + strVal, ok := val.(string) + if ok { + return strVal, nil + } + + return "", nil +} diff --git a/pkg/login/social/generic_oauth.go b/pkg/login/social/generic_oauth.go index a4e10e05479..7a91000fb59 100644 --- a/pkg/login/social/generic_oauth.go +++ b/pkg/login/social/generic_oauth.go @@ -12,16 +12,13 @@ import ( "github.com/grafana/grafana/pkg/util/errutil" "github.com/grafana/grafana/pkg/models" - "github.com/jmespath/go-jmespath" "golang.org/x/oauth2" ) type SocialGenericOAuth struct { *SocialBase - allowedDomains []string allowedOrganizations []string apiUrl string - allowSignup bool emailAttributeName string emailAttributePath string roleAttributePath string @@ -32,14 +29,6 @@ func (s *SocialGenericOAuth) Type() int { return int(models.GENERIC) } -func (s *SocialGenericOAuth) IsEmailAllowed(email string) bool { - return isEmailAllowed(email, s.allowedDomains) -} - -func (s *SocialGenericOAuth) IsSignupAllowed() bool { - return s.allowSignup -} - func (s *SocialGenericOAuth) IsTeamMember(client *http.Client) bool { if len(s.teamIds) == 0 { return true @@ -141,7 +130,12 @@ func (s *SocialGenericOAuth) fillUserInfo(userInfo *BasicUserInfo, data *UserInf userInfo.Email = s.extractEmail(data) } if userInfo.Role == "" { - userInfo.Role = s.extractRole(data) + role, err := s.extractRole(data) + if err != nil { + s.log.Error("Failed to extract role", "error", err) + } else { + userInfo.Role = role + } } if userInfo.Name == "" { userInfo.Name = s.extractName(data) @@ -209,8 +203,10 @@ func (s *SocialGenericOAuth) extractEmail(data *UserInfoJson) string { } if s.emailAttributePath != "" { - email := s.searchJSONForAttr(s.emailAttributePath, data.rawJSON) - if email != "" { + email, err := s.searchJSONForAttr(s.emailAttributePath, data.rawJSON) + if err != nil { + s.log.Error("Failed to search JSON for attribute", "error", err) + } else if email != "" { return email } } @@ -231,14 +227,16 @@ func (s *SocialGenericOAuth) extractEmail(data *UserInfoJson) string { return "" } -func (s *SocialGenericOAuth) extractRole(data *UserInfoJson) string { - if s.roleAttributePath != "" { - role := s.searchJSONForAttr(s.roleAttributePath, data.rawJSON) - if role != "" { - return role - } +func (s *SocialGenericOAuth) extractRole(data *UserInfoJson) (string, error) { + if s.roleAttributePath == "" { + return "", nil } - return "" + + role, err := s.searchJSONForAttr(s.roleAttributePath, data.rawJSON) + if err != nil { + return "", err + } + return role, nil } func (s *SocialGenericOAuth) extractLogin(data *UserInfoJson) string { @@ -265,37 +263,6 @@ func (s *SocialGenericOAuth) extractName(data *UserInfoJson) string { return "" } -// searchJSONForAttr searches the provided JSON response for the given attribute -// using the configured attribute path associated with the generic OAuth -// provider. -// Returns an empty string if an attribute is not found. -func (s *SocialGenericOAuth) searchJSONForAttr(attributePath string, data []byte) string { - if attributePath == "" { - s.log.Error("No attribute path specified") - return "" - } - if len(data) == 0 { - s.log.Error("Empty user info JSON response provided") - return "" - } - var buf interface{} - if err := json.Unmarshal(data, &buf); err != nil { - s.log.Error("Failed to unmarshal user info JSON response", "err", err.Error()) - return "" - } - val, err := jmespath.Search(attributePath, buf) - if err != nil { - s.log.Error("Failed to search user info JSON response with provided path", "attributePath", attributePath, "err", err.Error()) - return "" - } - strVal, ok := val.(string) - if ok { - return strVal - } - s.log.Error("Attribute not found when searching JSON with provided path", "attributePath", attributePath) - return "" -} - func (s *SocialGenericOAuth) FetchPrivateEmail(client *http.Client) (string, error) { type Record struct { Email string `json:"email"` diff --git a/pkg/login/social/generic_oauth_test.go b/pkg/login/social/generic_oauth_test.go index f42467820f1..a3a82c9ec1e 100644 --- a/pkg/login/social/generic_oauth_test.go +++ b/pkg/login/social/generic_oauth_test.go @@ -28,24 +28,28 @@ func TestSearchJSONForEmail(t *testing.T) { UserInfoJSONResponse []byte EmailAttributePath string ExpectedResult string + ExpectedError string }{ { Name: "Given an invalid user info JSON response", UserInfoJSONResponse: []byte("{"), EmailAttributePath: "attributes.email", ExpectedResult: "", + ExpectedError: "failed to unmarshal user info JSON response: unexpected end of JSON input", }, { Name: "Given an empty user info JSON response and empty JMES path", UserInfoJSONResponse: []byte{}, EmailAttributePath: "", ExpectedResult: "", + ExpectedError: "no attribute path specified", }, { Name: "Given an empty user info JSON response and valid JMES path", UserInfoJSONResponse: []byte{}, EmailAttributePath: "attributes.email", ExpectedResult: "", + ExpectedError: "empty user info JSON response provided", }, { Name: "Given a simple user info JSON response and valid JMES path", @@ -87,7 +91,12 @@ func TestSearchJSONForEmail(t *testing.T) { for _, test := range tests { provider.emailAttributePath = test.EmailAttributePath t.Run(test.Name, func(t *testing.T) { - actualResult := provider.searchJSONForAttr(test.EmailAttributePath, test.UserInfoJSONResponse) + actualResult, err := provider.searchJSONForAttr(test.EmailAttributePath, test.UserInfoJSONResponse) + if test.ExpectedError == "" { + require.NoError(t, err, "Testing case %q", test.Name) + } else { + require.EqualError(t, err, test.ExpectedError, "Testing case %q", test.Name) + } require.Equal(t, test.ExpectedResult, actualResult) }) } @@ -107,24 +116,28 @@ func TestSearchJSONForRole(t *testing.T) { UserInfoJSONResponse []byte RoleAttributePath string ExpectedResult string + ExpectedError string }{ { Name: "Given an invalid user info JSON response", UserInfoJSONResponse: []byte("{"), RoleAttributePath: "attributes.role", ExpectedResult: "", + ExpectedError: "failed to unmarshal user info JSON response: unexpected end of JSON input", }, { Name: "Given an empty user info JSON response and empty JMES path", UserInfoJSONResponse: []byte{}, RoleAttributePath: "", ExpectedResult: "", + ExpectedError: "no attribute path specified", }, { Name: "Given an empty user info JSON response and valid JMES path", UserInfoJSONResponse: []byte{}, RoleAttributePath: "attributes.role", ExpectedResult: "", + ExpectedError: "empty user info JSON response provided", }, { Name: "Given a simple user info JSON response and valid JMES path", @@ -141,7 +154,12 @@ func TestSearchJSONForRole(t *testing.T) { for _, test := range tests { provider.roleAttributePath = test.RoleAttributePath t.Run(test.Name, func(t *testing.T) { - actualResult := provider.searchJSONForAttr(test.RoleAttributePath, test.UserInfoJSONResponse) + actualResult, err := provider.searchJSONForAttr(test.RoleAttributePath, test.UserInfoJSONResponse) + if test.ExpectedError == "" { + require.NoError(t, err, "Testing case %q", test.Name) + } else { + require.EqualError(t, err, test.ExpectedError, "Testing case %q", test.Name) + } require.Equal(t, test.ExpectedResult, actualResult) }) } diff --git a/pkg/login/social/github_oauth.go b/pkg/login/social/github_oauth.go index abd47fcb257..1ef08c60212 100644 --- a/pkg/login/social/github_oauth.go +++ b/pkg/login/social/github_oauth.go @@ -14,10 +14,8 @@ import ( type SocialGithub struct { *SocialBase - allowedDomains []string allowedOrganizations []string apiUrl string - allowSignup bool teamIds []int } @@ -39,14 +37,6 @@ func (s *SocialGithub) Type() int { return int(models.GITHUB) } -func (s *SocialGithub) IsEmailAllowed(email string) bool { - return isEmailAllowed(email, s.allowedDomains) -} - -func (s *SocialGithub) IsSignupAllowed() bool { - return s.allowSignup -} - func (s *SocialGithub) IsTeamMember(client *http.Client) bool { if len(s.teamIds) == 0 { return true diff --git a/pkg/login/social/gitlab_oauth.go b/pkg/login/social/gitlab_oauth.go index 93dbb07fd2c..7e59851cbc7 100644 --- a/pkg/login/social/gitlab_oauth.go +++ b/pkg/login/social/gitlab_oauth.go @@ -13,24 +13,14 @@ import ( type SocialGitlab struct { *SocialBase - allowedDomains []string - allowedGroups []string - apiUrl string - allowSignup bool + allowedGroups []string + apiUrl string } func (s *SocialGitlab) Type() int { return int(models.GITLAB) } -func (s *SocialGitlab) IsEmailAllowed(email string) bool { - return isEmailAllowed(email, s.allowedDomains) -} - -func (s *SocialGitlab) IsSignupAllowed() bool { - return s.allowSignup -} - func (s *SocialGitlab) IsGroupMember(groups []string) bool { if len(s.allowedGroups) == 0 { return true diff --git a/pkg/login/social/google_oauth.go b/pkg/login/social/google_oauth.go index 05ae2a481f2..60e1e4568bd 100644 --- a/pkg/login/social/google_oauth.go +++ b/pkg/login/social/google_oauth.go @@ -12,24 +12,14 @@ import ( type SocialGoogle struct { *SocialBase - allowedDomains []string - hostedDomain string - apiUrl string - allowSignup bool + hostedDomain string + apiUrl string } func (s *SocialGoogle) Type() int { return int(models.GOOGLE) } -func (s *SocialGoogle) IsEmailAllowed(email string) bool { - return isEmailAllowed(email, s.allowedDomains) -} - -func (s *SocialGoogle) IsSignupAllowed() bool { - return s.allowSignup -} - func (s *SocialGoogle) UserInfo(client *http.Client, token *oauth2.Token) (*BasicUserInfo, error) { var data struct { Id string `json:"id"` diff --git a/pkg/login/social/grafana_com_oauth.go b/pkg/login/social/grafana_com_oauth.go index 87601788c3f..4049aa9b8bd 100644 --- a/pkg/login/social/grafana_com_oauth.go +++ b/pkg/login/social/grafana_com_oauth.go @@ -14,7 +14,6 @@ type SocialGrafanaCom struct { *SocialBase url string allowedOrganizations []string - allowSignup bool } type OrgRecord struct { @@ -29,10 +28,6 @@ func (s *SocialGrafanaCom) IsEmailAllowed(email string) bool { return true } -func (s *SocialGrafanaCom) IsSignupAllowed() bool { - return s.allowSignup -} - func (s *SocialGrafanaCom) IsOrganizationMember(organizations []OrgRecord) bool { if len(s.allowedOrganizations) == 0 { return true diff --git a/pkg/login/social/okta_oauth.go b/pkg/login/social/okta_oauth.go new file mode 100644 index 00000000000..4fb30c4bea5 --- /dev/null +++ b/pkg/login/social/okta_oauth.go @@ -0,0 +1,153 @@ +package social + +import ( + "encoding/json" + "errors" + "fmt" + "net/http" + + "github.com/grafana/grafana/pkg/models" + "github.com/grafana/grafana/pkg/util/errutil" + "golang.org/x/oauth2" + "gopkg.in/square/go-jose.v2/jwt" +) + +type SocialOkta struct { + *SocialBase + apiUrl string + allowedGroups []string + roleAttributePath string +} + +type OktaUserInfoJson struct { + Name string `json:"name"` + DisplayName string `json:"display_name"` + Login string `json:"login"` + Username string `json:"username"` + Email string `json:"email"` + Upn string `json:"upn"` + Attributes map[string][]string `json:"attributes"` + Groups []string `json:"groups"` + rawJSON []byte +} + +type OktaClaims struct { + ID string `json:"sub"` + Email string `json:"email"` + PreferredUsername string `json:"preferred_username"` + Name string `json:"name"` +} + +func (claims *OktaClaims) extractEmail() string { + if claims.Email == "" && claims.PreferredUsername != "" { + return claims.PreferredUsername + } + + return claims.Email +} + +func (s *SocialOkta) Type() int { + return int(models.OKTA) +} + +func (s *SocialOkta) UserInfo(client *http.Client, token *oauth2.Token) (*BasicUserInfo, error) { + idToken := token.Extra("id_token") + if idToken == nil { + return nil, fmt.Errorf("no id_token found") + } + + parsedToken, err := jwt.ParseSigned(idToken.(string)) + if err != nil { + return nil, errutil.Wrapf(err, "error parsing id token") + } + + var claims OktaClaims + if err := parsedToken.UnsafeClaimsWithoutVerification(&claims); err != nil { + return nil, errutil.Wrapf(err, "error getting claims from id token") + } + + email := claims.extractEmail() + if email == "" { + return nil, errors.New("error getting user info: no email found in access token") + } + + var data OktaUserInfoJson + err = s.extractAPI(&data, client) + if err != nil { + return nil, err + } + + role, err := s.extractRole(&data) + if err != nil { + s.log.Error("Failed to extract role", "error", err) + } + + groups := s.GetGroups(&data) + if !s.IsGroupMember(groups) { + return nil, ErrMissingGroupMembership + } + + return &BasicUserInfo{ + Id: claims.ID, + Name: claims.Name, + Email: email, + Login: email, + Role: role, + Groups: groups, + }, nil +} + +func (s *SocialOkta) extractAPI(data *OktaUserInfoJson, client *http.Client) error { + rawUserInfoResponse, err := HttpGet(client, s.apiUrl) + if err != nil { + s.log.Debug("Error getting user info response", "url", s.apiUrl, "error", err) + return errutil.Wrapf(err, "error getting user info response") + } + data.rawJSON = rawUserInfoResponse.Body + + err = json.Unmarshal(data.rawJSON, data) + if err != nil { + s.log.Debug("Error decoding user info response", "raw_json", data.rawJSON, "error", err) + data.rawJSON = []byte{} + return errutil.Wrapf(err, "error decoding user info response") + } + + s.log.Debug("Received user info response", "raw_json", string(data.rawJSON), "data", data) + return nil +} + +func (s *SocialOkta) extractRole(data *OktaUserInfoJson) (string, error) { + if s.roleAttributePath == "" { + return "", nil + } + + role, err := s.searchJSONForAttr(s.roleAttributePath, data.rawJSON) + if err != nil { + return "", err + } + return role, nil +} + +func (s *SocialOkta) GetGroups(data *OktaUserInfoJson) []string { + groups := make([]string, 0) + if len(data.Groups) > 0 { + groups = data.Groups + } + return groups +} + +func (s *SocialOkta) IsGroupMember(groups []string) bool { + if len(s.allowedGroups) == 0 { + return true + } + + for _, allowedGroup := range s.allowedGroups { + for _, group := range groups { + if group == allowedGroup { + return true + } + } + } + + return false +} diff --git a/pkg/login/social/social.go b/pkg/login/social/social.go index 53be4ed6291..aa65d9e0240 100644 --- a/pkg/login/social/social.go +++ b/pkg/login/social/social.go @@ -37,7 +37,9 @@ type SocialConnector interface { type SocialBase struct { *oauth2.Config - log log.Logger + log log.Logger + allowSignup bool + allowedDomains []string } type Error struct { @@ -55,9 +57,20 @@ const ( var ( SocialBaseUrl = "/login/" SocialMap = make(map[string]SocialConnector) - allOauthes = []string{"github", "gitlab", "google", "generic_oauth", "grafananet", grafanaCom, "azuread"} + allOauthes = []string{"github", "gitlab", "google", "generic_oauth", "grafananet", grafanaCom, "azuread", "okta"} ) +func newSocialBase(name string, config *oauth2.Config, info *setting.OAuthInfo) *SocialBase { + logger := log.New("oauth." + name) + + return &SocialBase{ + Config: config, + log: logger, + allowSignup: info.AllowSignup, + allowedDomains: info.AllowedDomains, + } +} + func NewOAuthService() { setting.OAuthService = &setting.OAuther{} setting.OAuthService.OAuthInfos = make(map[string]*setting.OAuthInfo) @@ -107,18 +120,11 @@ func NewOAuthService() { Scopes: info.Scopes, } - logger := log.New("oauth." + name) - // GitHub. if name == "github" { SocialMap["github"] = &SocialGithub{ - SocialBase: &SocialBase{ - Config: &config, - log: logger, - }, - allowedDomains: info.AllowedDomains, + SocialBase: newSocialBase(name, &config, info), apiUrl: info.ApiUrl, - allowSignup: info.AllowSignup, teamIds: sec.Key("team_ids").Ints(","), allowedOrganizations: util.SplitString(sec.Key("allowed_organizations").String()), } @@ -127,54 +133,44 @@ func NewOAuthService() { // GitLab. if name == "gitlab" { SocialMap["gitlab"] = &SocialGitlab{ - SocialBase: &SocialBase{ - Config: &config, - log: logger, - }, - allowedDomains: info.AllowedDomains, - apiUrl: info.ApiUrl, - allowSignup: info.AllowSignup, - allowedGroups: util.SplitString(sec.Key("allowed_groups").String()), + SocialBase: newSocialBase(name, &config, info), + apiUrl: info.ApiUrl, + allowedGroups: util.SplitString(sec.Key("allowed_groups").String()), } } // Google. if name == "google" { SocialMap["google"] = &SocialGoogle{ - SocialBase: &SocialBase{ - Config: &config, - log: logger, - }, - allowedDomains: info.AllowedDomains, - hostedDomain: info.HostedDomain, - apiUrl: info.ApiUrl, - allowSignup: info.AllowSignup, + SocialBase: newSocialBase(name, &config, info), + hostedDomain: info.HostedDomain, + apiUrl: info.ApiUrl, } } // AzureAD. if name == "azuread" { SocialMap["azuread"] = &SocialAzureAD{ - SocialBase: &SocialBase{ - Config: &config, - log: logger, - }, - allowedDomains: info.AllowedDomains, - allowedGroups: util.SplitString(sec.Key("allowed_groups").String()), - allowSignup: info.AllowSignup, + SocialBase: newSocialBase(name, &config, info), + allowedGroups: util.SplitString(sec.Key("allowed_groups").String()), + } + } + + // Okta + if name == "okta" { + SocialMap["okta"] = &SocialOkta{ + SocialBase: newSocialBase(name, &config, info), + apiUrl: info.ApiUrl, + allowedGroups: util.SplitString(sec.Key("allowed_groups").String()), + roleAttributePath: info.RoleAttributePath, } } // Generic - Uses the same scheme as Github. if name == "generic_oauth" { SocialMap["generic_oauth"] = &SocialGenericOAuth{ - SocialBase: &SocialBase{ - Config: &config, - log: logger, - }, - allowedDomains: info.AllowedDomains, + SocialBase: newSocialBase(name, &config, info), apiUrl: info.ApiUrl, - allowSignup: info.AllowSignup, emailAttributeName: info.EmailAttributeName, emailAttributePath: info.EmailAttributePath, roleAttributePath: info.RoleAttributePath, @@ -197,12 +193,8 @@ func NewOAuthService() { } SocialMap[grafanaCom] = &SocialGrafanaCom{ - SocialBase: &SocialBase{ - Config: &config, - log: logger, - }, + SocialBase: newSocialBase(name, &config, info), url: setting.GrafanaComUrl, - allowSignup: info.AllowSignup, allowedOrganizations: util.SplitString(sec.Key("allowed_organizations").String()), } } diff --git a/pkg/models/models.go b/pkg/models/models.go index 2c0c653ceb6..777c5297b6c 100644 --- a/pkg/models/models.go +++ b/pkg/models/models.go @@ -10,4 +10,5 @@ const ( GRAFANA_COM GITLAB AZUREAD + OKTA ) diff --git a/public/app/core/components/Login/LoginServiceButtons.tsx b/public/app/core/components/Login/LoginServiceButtons.tsx index 22a54ca5327..026990ac93d 100644 --- a/public/app/core/components/Login/LoginServiceButtons.tsx +++ b/public/app/core/components/Login/LoginServiceButtons.tsx @@ -33,6 +33,10 @@ const loginServices: () => LoginServices = () => { hrefName: 'grafana_com', icon: 'grafana_com', }, + okta: { + enabled: config.oauth.okta, + name: 'Okta', + }, oauth: { enabled: oauthEnabled && config.oauth.generic_oauth, name: oauthEnabled && config.oauth.generic_oauth ? config.oauth.generic_oauth.name : 'OAuth', diff --git a/public/img/okta_logo_white.png b/public/img/okta_logo_white.png new file mode 100644 index 0000000000000000000000000000000000000000..94e1e326dc73cf83298d20d7dbe16e11152fb952 GIT binary patch literal 112600 zcmeFac{o+=_dk9T5i(~=h!dwW9x^3U2qC93CG$CkGS4$nks%pM2*rakW{AurBuSD? zp$w@^A!PooO+C-^@p*r`KG*gA{;uEekItpC&))mq_r30QuY0Z6dad1cEzOgA$XUrz zDAXQR6~!|s)Gj#`iinMD7kraPZ6*Q#>~>JmcSfNo=#f7=PziULQ7FlI>vMW8dK&6d z=JvJ%rg(cZf`Esu16++lNy~aTn3`WAxNw>gEUoR1b4^#&aB*7Wk8|lB)ezEfI6<(o zR`GHoob}Q?XYO^$ToTVED?={rAq5TC5?o9L4gAASC#oZo-@YeUF2ylg(z=@aBR98-gvt&czw-6aJ6)Iat}d*gIR< z{|}G+`}F_#V3-pPjlZA$ANy--`yU_e?4slbBKRrN|9GeKIZp?I;2DCmy{nTsLCFn< z!u_8{?_zE7&*c1z4>QPn_7)Do%`sskyZsBG*IGg4=KUXU6|&kDzGkLXbf;l3!SeUs&v%@KGtOkQDYP zzmT|;kkG#x*}8ID8yfa_YYWf+)P}H>u<*az_}7)&+kh2>H+3=nU$ye@YyZ^_-dxJU z-pSU~MaJ6J)RG|RU}q^U_|KRBy7F(mk~(2;WA6mrBFKnH3;w6C|8>`DkD%-lkZA1f+K;1`vY6yui=HWlT!z>0~BV}tp;HOKyX(7zh{Zx1@{WDSzLJ zzp0p*sVQFETv8PK_apv8Gym;TD%Q@Rub%(XW6)vXrSgV%=oSkp)7)OAG#&Z~y7m-*^7J&HBGj=l@OwTkZer z_W$`A?p6f5-z~4LrZ%topBr(uw{UScbt1@Hf`*8Wzz|MkZ050Dl__5&O1{}-mh z+0^a-Y$E=5>+1h-BK~co{=b}ve>BcrNqC!_}|Ul){Oqw)%D9L{P)!; zjcid;u#!QmOgC4Mu(aTR`|h77Z(Xm4tVkQz&FjI!!ADRS`TOUs|31C_R{h`K`tQ@* zZ~f;^Z98ih8L&f}9o_czzwScz(Jd2y7F<4pjM&kmB4CNPf4%(gjh>=4*kWhI zrU;86Bip=d`>FqUtNuT?9u@sBcmC_l&pWqf>tFua=0e>17Q8=jJO%&uJpbDo{o9!R z-~8pDA^qQMbz57197@8z@Y>>qJ$6Ugrm|A_1N z^4WIwkGQr8pKWLVh-;fbet-B!T)&skwzGf4wM`(uKl~%E-^*v)*+1giCXnAB{t?&j z<+JVVA8~CH$nOvTi0k+A*>?7ixV8!8_lJMP^?UhjJNrjm+XV9a!$0Esy?nNv{Ufez z0{Q*nA94L&KHJXz5!W_>{QmHdxPC96ZD;?8YnwoRfA~jSzn9Opvwy_3O(4HN{3EX4 z%V*o!KjPXZkl!Ev5!dhKv+e93acvXG?+^co>-X~6cJ`0Bwh83-hrbmU`9HOs1Uo3; zbcae!JZH}gRC#imtDMn5p}Y>FPys53Bb#tK zI@hwY4%@tcLaU^t6w)-DvQnLjQJ^7ykQMsyY$g|L1Q#1s{YM8*)`+KO1#&dR3=9nS zii+qHGECQ3mpsOEOHHuxTKf9CwYBeO9Y(7LW?0h@??9QLA3HfYX=!N%JigRr_Vw*U zp?G!VVj=%^AH_5rG=BFk+YcX^kW{kFj@>cMSFA)sO@u;Tyih~Qojgf;L4av?ZtkRv zzcl+v9FBI^u3elh*uXl@!-o&Q?&t`bopl-+8%xW~B%Pd`eBRO$lwtiKH>nsb^cGQck` zM5q#*p1_7Mrs1nhMsjD*(!XeFnOU7{Gp`FIaj59`_>vw6!@PdzYz7Kt;AYDT2+B7ih0So zaXxQcN}Y#ZRAXmA)VP**XVjqh`kvvgtSrB&-lNrVoMc)IBrww#AKzGAX?$$u)7CzC znnCHAnJ@@AtRWDOm7Lw6OrtM~Mn|l^WDFz8%2L2Fbla4)H7InsS|y0h&K(ZL(napy zFqEgE32RWE+ON@}JhkQ_Ekh@(fBQa$96AhLg$_ekePlSCoSi?;Eq!p2IuObQhcNH` zcELS1jUPUI7|RQqu@FnVZ_TQccR|uACESj*SERnaUa#1SR^dL4nwlCS$NTpWs3(f; zajV!r#K}gMb*IYjQWn+TK|H}4ic;Ke2gnvxLEhpcB?l}g1x=H;b|Z( z_*q_AF%?T>DG)Z1rWgcG|KU>|HD;KxdsomMVe?&}{%WUAnPTJbjZ3|F@q#myi|8`S zqBVg;3HQ3MFRZaq*@&&eWd3XCk8$IT(7-^VUFMXET(qL%;%PNC9EE)5psxbTn}{WzT+eAgeU5>IC&v1(eiHcrzLt;%Ggt<%UH5-< zV74e?0d27><)*tH9v(I6cFe`_B${q1zhKoWZOi~BS`nv+VF>K_awTsZdIk4!JEI!) zIzES~MvG$KiGK2?yH1Q&Wo2n&9js>#X05Tu#w+_-z&gfbcPrswv7Xbu+GBGKt(vm$ z218?8=;$b{ zH&9%-%+}V{L4u9jQS1}9a+@}E@B8=foV>iG?N$t^o9aAK>O3E3JcOjBrLmFbVu_%% z?VX)hdwb9Otj;uXch$drcy^|lH-(d#GPSsvp^44;<@3cp!$8hjvx4xKx0sF7rX`0h zZxZ6Edy>9y82PWc!st!rKDEM>cznFd^t!7n7|eI&^4IKdOFo~cr<=T|t4f;|$tPdq zD6cB7C+Z%grEM2*TMpmxc7Zq@HUW040zE3Q#&dZ6yj@xiD!zwO8qD;mKb*iZj7K+* zWO+yrWM_T#KY03jNa1KdU1SqjD?Y|kc^zM*UtWC7Zc@}^fx1J^8HZa|z(qC{8EJQ( zo|~Qh8d&#%A|b<8l+kM@NkI`lD0)u#+qn4wD=QnDqQ1WV+C)!Ln}C48`t8n(qtT!H zhi?%)FY~ofuu(OAu`4~sP8FO&MohHGLw7w>SvQfEmay!7kUf$c1e23v<0da(x52n~ z?|wm5x>I}Il3MLb+lYi(MxFMjsPoWL?%EJgeUr3L+|EZjN=0b*W(U**XlQADzl5E+ z-QL$n5!S$U*XhNfuF~S-3uJcAM|seyg-`mYhWqUnXEZbCuEJJuK~zHGN1dV_$4N!e z-EA_6hVb&9yl8D*cE7N2)<>COGtgy}zetwf<*jIBG;n0PdSyxI51~45Qv??be;Ir_%dA)%q68Rn747r1$38&47lqdO37sG*kneD7@VwQKh<c6KJ!nA8Pc3JwmI)K^lB7yeAA1Pz0H3RfSb-B`}#B-2zTnC0jd42@ad zb!=p*s;YXwD-0UM>{}V4+(C=8c;lL6?EUQ^84=hu+_`h;jjy^jUdg&|My#x?p1AZD zTc2EB^W%{Z!Au?s1v~l3tRXbB->x)?HeQc6*<)zhz`!7L{`+@121#Nb5cvz9i8bgo z^YFdXev>_MSy{}?%(bI&#(qV8lX)Y1k9vM;Oi2{*CL%~e)PKO1)3 zh4_A$Q$jnSwPHgwoxH7W?!(8A=ZTfMkAls##NpZxyf3^G@+K<78cbG1Lt^$YiGG)>!h3a?zAY@goK1oOiWB*NVa-TvDNb=PO>{N1bP*IvL+%BPI+Z`l5_u7#SI1 zh;Oyn#jP~*>64g#?mOw~voPe4!kwG8Bh5j{>Z>YGOhZD(-ra$dn7icZ+_V;EMA{gt&YuBVx3TGebGZS&CnY&%%bk)n%Ij5@|cdg#^ z-@Q_Ns7V?FQ&=5MDSr{ipv0s^b@e*(=pEj^hz`KuHSV0_MHGx~(~!VJHb1yVQ=%(K zCx3phRGWR>x(DuZ+!PtyxA{p8uSaD6_lLl?xw?Mcj2Ye((XX2oS%Q(J{rBgE#Ggmg z{{K6VabkLFd_KUh{W3 z`Z>f0UMMKfnoqqid-5sa(w$W}pZfi4ixBZ<%ip!{zy&f87ocUqUvC~EMcUcFV6>^D zR&lVI#vX?-#K2(Rr_A=W%2TqoKICF(sTK0( z?Tuz?9x+&(817|>Uu_)H38YDv<=Jf7d`0rt*Ad`$v#d-MQMVBvP&=XShs=udqAS<} zE(T4#E!D+q)&N z@J8~jg~=+yo8p5dr=V!>=-8(sf%l+!Z7f$n)tl9E%DMZs? zD;rjGPF1bujo;LOoC#9lEe#N52Qc7$nKRDNFam;$WKsoDmLR{a5hboD{Aw-OL4pz- z^tHu74uLp|`&uC}`HJ)^(dexUvk{w)e1=83X_P3bs8Sz2qRGw8CA+GirG4x2fdo`E z`hIS1L^Cx^#EU86-9MFNSnLCh(vLMiB%II6B9BtJLSLXr?=ZMEJUi{9oO~v8h7ib&ajTmy+m3|-S{5yOFZ_Wso*%@yMNyleLz9cT)NhBQ^P*bt#Mxq z*i_lZL{730MXu*)<+!3uv_cx49BPg)6@WX3-BgO=q+j}|NTWo1UyF={gam$p zu&MCnf!*zT?+uhkn_k>HvMER|?6T@l5os`JYk!1@Sd|VmS1x41O{?w2W(NhQj{K4} zE__ZFf@o2VVLX5P0OjYC2W9oP9vZVw_fsbHsx-t_3D*?4>UJBX9^e1cd2?l@=1+o*r_h+Epmv!AOG|3RNqu|n8mONLg9D_Xw>%9u=|P)xDY zeRJ+Z7IHWme%(S#eA)6cjc?Drq|KR5JwAQvSEnBa(c!M7Vx%dq@PtNdF7ArqK=j4C zJ;jV{b7ritGki1&CI_vB^?p8adga`&Cob12GC*Jpo)!Ilq5V^&TTgDhXZ-h*_ZgCK zg|cP5exmk;|Iy~Ey zhHjzX-S~oY>(NaELK~sP5%zPjo;yHB#GoXPjmOhnDYP`Hu9`I;sPxn;b2_*a(SA{# zHNKx}cIGN4893+C40 zKwle?>0Yw*micn)4xXO_t1xcdQc7IbmTEL=ky97yZ!Wf2DPNJFPk(cnlPrhm{#$mF zX@^gw`Dc+as7|H)8Ut1MVHzbIsNF;HCl;f~8p3^@Z~wW5)R+P}0Zl;1sPf2TTz9=Y zb`IHbXmO$6JN|t|mn)hMfT=U)TCH35;O%7gul6;OQN0XE*c#Qte&elCVdL_~!KIHz z%Y&D31smwdr~>Pq=n9X$(62V8i?-T`Z?O^MW}|{QS>ZMTuC?Uk25FLjhrU}O#%Zl! z(*R=jEZc4_CEO=$VrzG$rwCvgfG6%$U{TuC7h*Dv3C^Fr_|oD2vllU)7aKl&;DkWX zw6w2`gpn{{qRimQNH$r5$Hu?!s5zoaCnY7dWx!$u%y(_d6e9vYJ>trMG4JGvEjXt= zs?S+$U?Z038M&)1H3TBWJ7$*kq& z;z8p6l@@iH>5!@@jy&{QYG!G!n1fI->h@)JZr5u|d{>n{Ib1rFl^gfWslV z2Bn3|L51d8h$KNTUkg0U&rgYoi{pJZJR`W~tn6e9+iAD|#@b9h$2tw{5CCsdZpIKs92^nDFdI8kP%mF|l;N!=Sf>lN?hE1*><&Rfwv081P_dQ{@`y`X#6tN{6LEokda+=45W z(&U^!M9Eh{Hy;05UB+J?)l;psfB(|aQeIJUpalzXGt8B*?{SM)cVWZ7W+nRK5;EhM zhyvb|NH=zbf2B@dlkb7(8WRfmcJuX1%W8o1%?tv1iJ-%!eNiznK?w=0A*s*RU{%9| zYiSV|6qhjE!=bog%4U+Jf@Y>%Ry%m`V3A@_Vq z1SE$-xbtMEE9d;C7gvNuMTv0?o|A~7AfUFQ!8dn0FB0IMSG%NA$&_#)G~Pn%I6$LQ z5dHerSzccLu)n__bg_$SQ!OGXwv_BUK`c=pdPU-5IEEIRy#40Qo3&Tcb1z+2CQAp~ z7?cY30EPvCSeZH^vJCvSfI`y`$GmD&G2|~T=KR;nv@pe8!Gx(FRmvMO;2!9i&o?F4 z|kgr z^M>sXtc^<33YDaMt=>ZN{(#6L>3B+uBuc)AjBAeZdHixdd?1-0U36!x}?24BaV6F*SXxT;gQMZj*E|P6FCrJ`eAE# zU-pH`Tv#revKgnvF_;$Ug&XhML3ut`Cxw%&9#s+z_ndN##)w5n$+ z<{j!mu^yk1YP8ypSm>f)fEkJk)nNSHFOI-cSUJ`a>FVlwY;6s&(R~{%J70@izPbz0 z;M7i`&+}dti3tf(J19M+ljo^|%^|6?mX$@dGe!H>rg@Q!RwrzjbXh0t!Z92mQ+SM4 zB@IiJI8AfK0yWxrumQ6+wnlh-{_0fW zxHyj-<{%5pvLY8`w0PIl*K&hKi`Z_~%UGJ9-{c*zt}(5llzMTev3 z({xQfm%pNtrNuE)ozdW-7qcG-hvZ{vU#tAS^_U+JVhSa;Vgv+a3QI~B(2-5fR{$Q3 zWDn{1L90XySuV<28PK1TfXQ*ON4iTTy{fV6E&lRpeSKY{vDPy+4-^g(g4uFbFY^xh z-2VQ+Oq6G}=L{I!F(yXFWCMNuvg)Fuxi}6$JUNiettwrUl48Z{;P;LK@?G6r%ruLRc&X}GJvt|<5yVOMNRRJiqIyP$ z5>7gLX6a%y`hd82DP65XW``#oYGib@Y6kK~>(y0NYmo+}cB71m!{KSN32!e46&$>b zYotVpCGN2+t!S_-?fNu2I?3JQWC)NytmG`PPSVG!19-glek5+l(4)CxhH_Tt>1eO@ zkLG3!BgAA__oD{hxK?Q}G#o9@EB#VFVDDlf@u+R!RZjbX1F0`9ih4X2nlzX9Liz}@ z_>i_bZUU&cE+Z2YM{V}Oqk4R|XCY@<)Y8(@w)(x}wEghj*KuqnqOc zR0UE>tkUdl`(=OBQNQx|-hT45AN(cT+SWF9TvPO-k5xErsl6fL7TP+2lT4$KPkg+5 zfJ^mEMBey(DrUXwnOcTMqgwO`=$;V@BPeK0v}#$G({DEoUfA)hto4@RnPL*6%Zs8K zefO--LuOE3lvN3g6E^QCD{D;G z6z+#1vp;q%IGE**BW#NrPaGsb*~Oy2L0a{wPPVIsudi=*hIK30`Hmc&@#pdTAPG~$ zBT*R7N%lAz-AUAK|F#9gr+Q{zKq;g-nQQyX^YS}gkK4F-NgPUE3g?#rw~~=Vk>!<* zm^rvX(ktd~QNA7?%msRsgR7s!?ICR=8L6xKqB{FoV`C%5;Uh=ls3|FZ#;XBWxgK758hgvdkVA5MqG&2g^ejUI zq&G#WYcJp!vXyXr13kyEeUeG9uqXm#1D!9ox$SKi<&RfEi&0Ti*FXl1w;4Zc8`Jz9 zLbX1K`0@J6kf_zaa_3|*!*-X3Q= zEjU-1Alyhy7BMc@A>kqlt{8jd2?nKy(DT8ep`kLnQg0(q&n1P#RvmD{2cLK|T?$64 zilAN!=~#a*m*ET@s@YMQIlg?+uxqg0waWbaeL}1xY;S;E31520=L6aTyb1GT^aRZC zMC8JPn~wj7qRAX^zHmU908ey&y0f#>cvw4ndBV+mn8osL0Z+U-`}+FIw5&L-DvkMl zRJL3QHhKxLM=y1nE9M-YBT-FX$HzS*{db$E-hI>e;04v^@?>7sHy09HOY)oX3Gk~- zAZM(wns=xDO@78x<~STKZN|Hyp&`mcx>|-cqB;%pVjp|tm@SS$mTFfJ_gIa^n<~Nu zbI7@QR`geg>o)uVqu3sq40+$7om3JZ-U78FuB8F}T<-=83lZz7tgIX8W8jW4C`CbT zXUt1FnFKg3D}6R4ORcS~qv3CV&=VgpzC9X*Vk@qSNsL8X=VoQu6L}nsSI=v-Bo%k+ z%c1;o2Z#WC#?@>at7Ebs7gvBp!pxjXdH0dft96t4Cd*qKpt%lGNl#{997z%2=RbZ| zSM|IGADLyc=cl650k2Erz&z0fLwI9cu1)W5{b5+GuA{efWmqY9C8qeVFGXf(CWV5( zdT(NNX{D?PbLjYTKw4?>8`tAau%uw~SbJ&VoQ(-}CXxSua<~hzR7HWF^yUuDtg zRuYGjX1vueHvz4WZF;|Uo`OAZ=?-tCaJ%E;J-pw))%{UqRI#T~?56MnVc zUG946ovuI7PEy(cNOhR+)Rk=*Ik_w~o>P=u@ii+u%SUF=K~wY96Qiy`PR@9Bi&eM1 ziaisE9yzuq93_D3ecs53eWm``YtcQBYJ%0JPLuwmeasydfL5J5sCu5OW!6tD(e^%H zi)8qlk;RirxVz_ZIN`muhY~XGr=||2nF#%eEGa3`MXN4b3NgQDjBJ9mJ9t<;wk-wy zOV!G=+~VSkBs{V_?_S1>oUU41=#yPrU##)B<%$BH#6g!i(90M&?FuV~rfMerFlY89l z+X7>Iqu;$BTwf^NaH-!T?$bKy7CHVbpupp#w)P!$o(1O+?9GlZeAPptN9?3QsINq* zBr-NYR?w_lMN*$hx|M&M$LZ$6yOv^!Oo^?Z>L=Y+4e3}q~56Q}UbUqh$QE(S3z8{ZiMqd!<>U68{ zJ!IfISn+9TEX9AQ{Upa)_eTdIPV<1>G`;DUQwz=uutq>~1ah2~khDJl^LOf$ zn%eD(3j#Wxe@UuFhwkt>b$itQOZg2&u9?FDyfHvJm?X`bb0`*lq6-=Etn6%k5{1~y z5PU%F2%%=7*9trLQadmmkW92Y65F_Yxc*fGVbLf+%)vDO$ zWm0yJDagJ%3>(;2bppw)5kH23XazDSn8Sw^L|F-PX95a(jcABfqR$;{nZ3^w^F^zu z$0r06s;P|eZ7#Io=i|FTWU@Qp7T7@!7k78ru8xj5bz|c}S?CoYTb&oLIwp_nL7MsV z=g+mkFA2~uvN%9P=JO?GFd1#@QqjNB#CTWQz2CJf$bY48&;q>RZX2=criBF~JlW@L zb{`1QRnTXHL=yg#mx<2+*uUWJ&;>Um3gypqHX$cmJ*FT@oi?1rFy`Oa%fVYcCnD+`SvmQfESA zP-4^Et7;%m1I!9Yq#y!vhK0H;V#E@k4oUR;>FI>#U=F_@XYA~zp7?U$7$SD!J*miW zyAs9i2R1}SMK5#@4stwycXj8nH?I334u%Xow*iq8pLoHHu6AdLcR{Pgu@@Fa`!8YR zZ)3ki`M$SvPwJbL$%Md?t!A*M47_A}i0l0|d1CCrYe3k0-!Cs-%dm#*#L3gAslk1M zxQr&U$$iC*TH46)~S8W7B`U%PfK20(GtO|*4hzum?y@SuUolU%CDHwaNj_vhz0a_R0; z4$4ZK9-wY%`x34np-o>m>9H$KgLIQjir}SVHRX9}xw(5z?st9r5bXY%e%ff&$; zreS(FDl*>n5NsS@OUBaN7>9_EP_4Ib1&}(Uqv_thdp9+!k1Adacc(&ScV0XWAdAeG z84odU>Eymvi@5{pem9$jA6nbl$yoLj66_~xHrA)XejDA6iRoY_BNhTtpW!dgWTPUL zSsJ1D`SCH>xcpXLhV`Q!n~fGm)jf|NKh6zib9(-^%GTeEL`6qLrxJjV6CI*&ySj9B zb#(lyGBPZb{QTCXl|!n(E=LhO<6B10XIS^Pf{*5iaz99ST^sd8=^c8XFXQth_km{E zv_*MT=>UY1I(Dqd)!^Pazd=+jFi8r0mS*jffk)&%llA-pI2FNORYuNSQCfIUpWwqe ztDG-!`!iZgHqYADE{8+^D)rIpHF0A%{>B!{Z4NZMU z*3N$6tXNS`sFU?&N?V z38B}4Gx+X!OF&yR$En+Vl0(3c^}nO5WHILy<*e-$aLPrPT$<-go0vxZb5;g zsfI?xAsRAtqnGiT%fwlg=qtdWbx;=q(#g@olvPy0!-_G@E~%{+2G5_rPJWP+BaL9A zkE}Z~3}I=kX#v5q3W+6HG5}p^b_0@s;|T_4$0+hGECn z;hBjyo-(Nzh`&AtQOn2yM2gp6e{V)(*mWRuNK|IunHE4%Gr^HaICkvVULLsxHtx8O zKa~VxmDDpT5(ZV(Sjg9Ut<fcdg7xk=80x!s(m+rd1Qd;{l&>ATf_7!!o>IU%Y1b>E z)WVl}a4qj<`#?_!22|2|8rF1X58F;)7hhKta-X^YA^835?6Bbi;d|D-&&6~F;>Hsp z7_>2~8`m++-K2Fs)&o{*5)wRPNE&{5QUZD4q#N=jsci0TciJN8n*?<5%I7qF8(=s;R zcnll%n!Ub$kCSpRPeL=k7aZ_@pdp_gp81h-PP>XfUfoV?A^)!#Z>mS&xm8V@sz$%= z?>~-x^6K`AZZsM;veYL}o_q+T5bz)gNYYhY01`U?@G~~rh+7bIK5b(6=F2vR@oJqr zCwgYB&T?X)U9?rtar*K3+`-3vlbL`|>{7nQbH>QXNCVJ?(}{_R{$MQKj6vy>Qv8;` z>;upK>eZ{qs@fuE8nU#rq1Taj@7|5Fe7ayetM@q8>pK8rsk+9#w|3vGsx39jIQjqs zxb3~tQl?Z)f@N#MyzCg*v)+8)$xHr_ROLxTtERhEtPQQMu8PIAxRzo~%1s+vBs zi6c^xt0uf@IDcO@t(Cg@o|?f(NDRP;!y*2+eul>aHDM2UhwPEON2Uz)Z$qMKcYaqG z)OHHiZ9G^s zZ>|8}_o~?5wPBZ_l2t8=oKg5JatPZ!Z`W z_f+A&)?Hk8izCm8n*-sYksm*rG60?ZF!(21vdJ9 zeqo_g4d{5-fY*3#;=4S$19~DqsTR<&b@Q=?^&wEuxj*W~|LjEjLjVI!on8 zKcJa<$~%>Ox#jIOYv~+ zczPA382cssYvj9kIzYqZk#&nI=)A?(;tZta^)u(sFN?)+#NGfbt@s3$n~-rI?%P{+3G?TEfcPYeqawkHe*^Ju?A?T$DBy+UVy~8>l%gx zLVW1i_l1S07av=!qH{5!;OruveR`acm%XZLGuDWt$JWH;!%lDF1yve*Mi z81DRea-9!n8msA90>6K$gkl_!CB!C6K;e}FxT|d)4^Wh@(2{)obD(_RNlaWh9oaOe z8`E42iHdK8N+#tLl0ug+XTWS|uF|A)Lh`k=56O0Jk&N*^8$8UEW)2QCNJ5TdvCqCH z#&a)Tyk=0gdthK)FxcFuO@6G*93}>0DF}QXIeb*uoSf<_8P<@z1^^Jih_$@G{u(g^ zfMzXbYLBeQ;OW#_A!I z!f9)h)C{)Wqe*9mY6dyZ0DglKpcLU<=7VvaQji=zB~Ui9!6<0tL!OUX{+t$>%)-hV z3YOe)!{}}|SE{;S6S(q7(GcLOCxw{tT5b>w+i)0vVq#!e&8nWGZt-9f6%U zx6!n&xJCHcw{JqX`3>loYw-1TJpvbDuYgr-b@k{ zZsp_0=~0j-_kZLz*{ciW;HLQ%Fkeu3lBWa{Gcmo-(%;3^Rd@$BG%E`#-M|_few_Ep z2hjU0^WGP3&YxaNUW7z^FjR2Zn2KV!2P1$S?0OCuKR`=R#1$tyzmlw}oG5IO!OsSL zh60LL?iKx|z@uJk0S6A;1t)`?ev@;TzX3%57OJ-(U;$eP6-N|c8lq$~g+EpTKZVWp zEsi(Et=HPUXukQ|d*?Ra!EXQaG*=u~dI#b@tVD)j-+V5T1%AfP!m15Zv;guc}D*GK|aQo z37~A(oaBnCfwgIv0Qhtf>qvHl3hP1Z4q7pB8jKjSKOw3PG}dfc6jYo^Bx#;@ zbew4e1N-XJEd|9`!t_aCdLF}o4-Dl105>N1B7kTqF#BbJ=T|&F;kF_U>~q=X=H{jA z8P?$5QNGY+HY9=nB=4E_BgL4PA014f&f@dr&AOtZ^hb}rDMKnWT$hX% zw=ndz|swb?a8Hy966AwEH0I#hShQQwfT{ z3JdA{YEp!`60THVMypy~x^w~(+I*Hec5=4~HvQ#$Ax$88L^tn35=1Z0bTTKeO@m{& zGpO#v2Sv1Oz=n%O!!Px&Lj=qNQt!^M zTIf9{Q2Fg?6Xeuc(oTp9zqeZqg?gLQkSgCDn(ELty&tw=KtB#V$jUMUN+>blxZTCp zXB)NsA=(}oFoHzx(DHb`f9v@CE7MCc9~b)UWxW7upN1e&Q)PDN5567XYMTMJBRY6^04fe(9uHoY;QhbL=v|0XLcdL=oT9jcUs zPYyUX?N33Fn?V9TgeRG=WeH}?UjT!7VoXEqjqq&0r8q5p{dy6JGh|XClVWVrn2P`gp-24qvpeZF@^Iv%(A<8?E09^{?e6$=Cf;}U_ z#{O^}2*&yacK|H~qy#ecAeiw>mo9CXK0d$C^C%6_?1gqC;71-sIfK9~j$$aE7zQ^VCm@hc*itgOf&t#|?!#Jforbx{@rrr@VRrIQ5Wk)CK>8TSG&`*c>E_VE9)Nuy-o&!Gk-m6|Xq{kVIy^BRp>% zTxvN^n&+W1=R{erwpt__o;_QXQC$4p%xJfw;`j9FQ`bx;NY??EgiT`gF}D14_L0MflLZeSE^pV9jBTY~SKg}v8vPtNx}w#9-NH(TNy26<*Q@w}SzaCC zm0fCuXe^R&D(2%YU85y`YUyva5fH+G`KDh_PW(KrswfH-xmxe;t^uzVz%KZKZCoHP zH+Lu^fk#TU)Zk~IL?@E7&G zXO2)Vl46A7#j!clFK^O8Azy@cnghTCoNS1&07m4_k_GNEB$Ux~b&>w7!$+9-^uE>D z5U|CMAFnMT*~R>O_fU{WS7;joP&FD|hsVxP3UR%_0OT>f7-o zVb>hDt6uuVy;lj!k&|ObfL$4aIng8t;RUiOLXEpf$ud-ILAhCMT%2)xclVFtX8d9B zq-fjiYQ$Lrk8^xWROdk~FjxX6Lzi}?njZ~~F#En?4R4_KxJY0( z7a0+#BKVw*QJel60Cn7phElR3;Ui5@+~z#7ShKM} zq6`T9>@rhNhM$b?#q9!~K?fLu!9@>gUPZ2`oIbi1J&nd9=vML;gax}DKv+k;x@3vS?lA;XVi`de-9S3=?+i|V{Bdd2pu9fh@;HP8WOKrYP}Eh z*>^@uOUSyJba;Zgx_-;FJpZdf4VcK<+5m@uH=5K5vl!ZHal|wX`ZN&D5@=|d6HY}; zBr$f^`9{ssr^JnC%yfi20D;1Qdl9~{u#h%9S(* zP<2y~0zz|qEl+yCvXTvgW|ji2mhRaX7aymVmoJxq!QpuH_CbF1OjhcQ7+R0L9DY*P9D8#Lux^hoE>?I7=4ECP2|?xa6ud19{z~ zTU*L;?}Zge%*q%fgoHG%?tek!GmpAB+57lGetz3Vi}CvGR2?bD%Q=~l!kcK-4DfVo zfYN067l!oWbVx2;7^; z_T?Ay&X@4982Qe3?&AQMA~`@VAPkNtKG3@p-e3WC4+#kR?M_#y>Z?Y7m|KEGnPU$jF4w8-LQzi^ zzPpgn5)>&t`y3F|tH5|W54SOutW0cJu>-gnLEk<_9h)K9MQzKyOMKl zHl{G!r_}>|>L?_ERo~@$0Z{&6V<-rj_N+3>Q|9DC$w7d_0zsL72iWHkXZi5MH@93H z1W@#r>v9D&1vt(m;NDmiN#@GbM6H6>Jb^0x4IORm$050D*I?D@+LevorUxpF8hR1@ z3$!XY=eS0&3EZ6=btXc#*|OmyCjrbjaiZQ9@e@tP>1f+M%!%;4f+LVxL*6ryk!ZI( zIG$g#Zryl2#BIc>>;|Z&k8$*0Pd%iQ+hwz%a6nsoFIZ!@7~C3!B)bw@Z|ih&00n}X za_Gg8d>;>Bew=)y)cm@qXK8(7#eZX32*&`->75!KXNH_-zBzNf5KYCHd3bn$tQg2) zWtpTd5iEO81`gz^p)c)fj{2;ywdOv|+llqE|qD08nUQBR_=FYdsu&M`X`4g1ZIp zUr2hPa}a8EfM6ETnkWvhIUp6R{xLMTFzCOL#zM>03ooF!2X)}I@TvnFaIETlOvu8;n`h3Rol}9N{319GYPsS420$dDA-e}OzQ4%P`*rWp zYQWobJ~~J|0+%0wRqaYMSO3a^cjRdAg^f!O-heRM0XZYa5_H4@gcttsUZMf7lEOl4 zdNfDl{E-$c6fDHzwxCJnEZH}?jiyB;{hIfTdarkZ%%4gz{OtXsdi9=F}f$hiL#+Y~<(A&Sc2G7o(7@6Ebd{GZJ<2=wq!hs3_ zi}UI54E|hnu$4Uvz+vw0$V(2ufjnfmhlh*^Qp}L$76v3tA9;O)vyBq#B(TM+mZDCw zFL{ClRBkC9J~$6G&3r9381Tv)dpH2NROF;l$^IG%XesPW^-!|0L}?Hm5^~1u<;@6L z7e2;%$l93u1NH$FgjC0~Mn-<-8XB#h?N*}ZuZV?p()bO_8GvSktUoBn0)GqMDvR7DR|BJVcfM?#NFHu9{t!;KM(GT`Bk0U`z}9&us#;Vg-djw2N8#>^I}3p<<4gyH2)ed~?;>~q8tTcOOZ{mEfL!J3B| z8J{YlXh2(AglqTE;>yWaL@ey=pCHES`zb953Lyb{Xw5U?MI^i*>l3iwT$8$W#^OooP zz3 zMF^Fo{2uMJsXj|HBN5gE!quz;$f0<4tKgZEn7i1E%XtMzcn~u+Q~iE=&gzy>1cS7*^P` zZhI6c7Tk1Dx`Q%Z)WsgjZ3$;t%PEP=I~C|9m*0;Ol_oBl%y}cD#~n>H z=YR`lKs<#84D2yLm%7X2G(&TUM?#i_SWdrZM0F(2)9cy8HIiF|<;byfI36}=9IHU^ z-o1RYx>5hS?t&R=5xp~K0?OS+e)iZWfoQseCOJJ9I1WfScaWRk+PzHwRdtD55%Owb z-`V>HhYuene=+P(OmO>ll{xoxU=H)7sEOwLOR``{H#jJ^(m!mP08H1%A9JJq@2>tz zygWwc6l5477ds%-2p28j5I?eY-VqEPbK?-nEuwC0!o*+L(v4nEK<+8V`|O|4m0>oS z?r|tM!x1u6w87G-px=wf^7X-r>FK9Hd_ICOW>uKhZy(J~32PA5zeD*<;&v<_V^Z7M zK;|t#9{Ev)*?qLG-LBgYI_Lw?bp1Vl0F5K+k@r39S!>31KSa<#bpqAj(g5-cA3Q~! z8pU2vy)w?e|FDTW_tPiA`s!|ObAzwVXFfVeJSkPDRiYIE+Y$ez@3q@$-qqHUELmmd z+7ue0fFoER(YYJ&zyb_{c9ZBdeZ{RCLeKPEl;}lFbp5L-Ts7}5!>x#NNvN4tFLATAW$E;r`#dw3fx}E{52y_6n}b|7AG^!{~GMd$^$4giRy7FSDl-Vp!$Ie?b?N} zyb+tHnu^};OsvA(NAV>Dqcm-UyWHx|(p(>&yS~Bv;&)2|;WY;FP&CT{M$=H(UD<<{ zrI>pz=V=~PY-1d$bR1g}Qj%J2sR8#lgszP3>EmGi$9c)gKaQ$L{)gLS!lOi{R12UI zdL0p;6?fqHAd(h^AOowW5*b*F=gfzJB#>2++@J^Wy)s6SGS8GUhAk4~%-`s@XS#v) zWz_rstjLEI5OD)kMHB78U&6BnYx=Bz+K2rlzyN@t0r(#|n$u-c7juv+#r>fkC2eZz zmF3}Bc1&tV)gj2+XCg%hP?S)kRb0XP_=&?zRW6lWpXE`zx5OA+!Cacc} z{>=WSFDdPqvPJF3vl~ouE;It~sFQ0M^BiS8tsI-(d)o8m`pz2Er>NZjKI^6GS*%vl z3gAoBdvVfKQ&W@1I)_khHa#YTWViP1-Ccr!B*G1x&v9u;0elP6PLNqBg|FV#d{r5r z9RW(Hk1SEzpa+9dQjyi$xBufe5vXX7Gr!wRNJ=olZ$aKMy#Y%P#TIyC0e{wvrrsYsQOmuFfm`9t`vr?;~vyS z({p!EaKe{|y|2H2ZC5EHGGb1#&Mj2(I8BI8aM}2~1L~l!Y0A+pNUVMaMn?Zi5J5cE zX_H!m@ae6;S@?%Z#UOSJ%=J8n+tP=$YGU+BNR&~)0PKuj zaYiUC5|TyZze#5bFRc!<-f-?v|GtuL^VN0K*=sD4hxXWZyu|5R-k~0;tfJS!Luthl z_^qSkc1+AZm~mV!IbzElROg?ce}s5W!&kLeV&sa1Qt>WPS$#X;^6H0KRMXj(b1ChF z{^X>TOaCii(-Kpthsz~zb6i;! z5qU6-8ar}{o&z8;Y*spM6OsCwvntw0NXl}nt2d1Cxh_791R*G*F#se{2ve^Vg@}dc zPXLe}ot)IVH%W+JK}=E-5%li? zWCS39I02zStp0syj%eZVxUdRbdfAyDx?M6ysV5@T@=1z*zSH3L&Ivtz5G-Z@7HAPJ zgwx67(<`sfD(^vu4);kFpgtd1f2$RjVXT94stuiT<$yw#x&kO)-Q5r}+&OUh^=t`X zSz~8T<|)j`YJL%evXd~jGhyR!an5^R*LsgHim~syZju74OBs?1m#u=K2%|Dkp(O~q zS}thfC}pVSkOjBvp@j6BENo1S;clwq!BIM=r|0SjOhF1RdkiC6zIL6*RF5fsD% z^CwWDgIc*A!v~aUX+HZ767k4)x!FRYy{+v<@L}cD_0_@6>K_=2RVL%j<JUr@8_rR(G&?Ct$0&@G^(V-t>O{aH` zfDu6ch^dDZOpS+ewPdDprW$$BvE=Ul_Siy`Ji==b7P7o0L_Z2R1+ymN9MRxFohtHh zDE656GT_&3cFpYP73m9wMjc|ymajGcKSK0p4v!>Sdad8cK|npy13hx<)mb`7qMsD2 z-@?$|z`zxZR=**FkrJzYO1TG)w3cWPbIuyDs*`2@8>xqA9(jUraXrpatD07vxz!;< z>qrIR$^CkmyBtU>MG=PNtJUgvbvr!33v~V33n1F#XSL? zr6y64K#r#!M^>=K4|oht8Y;f@TX|4V$Eo(aUP;QfK$^vQIb1&5aA5PT-N6*+p)1nN z6B83Nnz7QqqYAXw4o5dvie-4L$4>vZ{uIe}Ow zHpL{j!#vS@3F#2^>~5V*@w_PZEeqcN<>}IpOAZdV24|Ay6^ek>1=T&4@faTlre$Hh zi+FoO?bNq?%lsX>8!r~RSj-B_2oOa3nQ+$xw&buPOBC3 zqI&8adxsbUGu`bt=d-M(dQB0Kng_+Qf@>T5($=9E((r{CQx{`060qX%i5eCSwGz>Y z{;zUIBYa9-of4+CX?}^&_Tkp;fK=76=q|GJnRIv3cWS;QwIHbeo4`me&RLA>gB_l2 zRUb-+%)09wxOVvMkB_WV<-o zqg&*GPZWhuq}(Y1v#z;T#myHuRO8N)`}f$&D$%|Jh0-1lctDrdjUjV^cPs(15{?2w z8k(pAhp$>9`2v!Qay@(*nBL&(x25pSFJ;vW9Hw_Y=NlC_W^2EF`*s-fPX0}ouaCUL z5uYR)^sV+&0_a#-xuF#&Mxd2Z74@%huIjCbbCoK$gjPe$OoR70rf$H0&7`2zI_NCG zmC`EB5*~x0{Q4IR+&oc?T%K-zMmFNhzt# z7(@84*ak$im@#gDMZ}s_LT24yhYxod|8!joL>;~8Xzg3@$_4+TqvLJY>uBGEw5gmn zMd$|bZ`C7t=Do{GN(jrEbi}3sMV`OjXKr{c_Sg%r;YGR{q5ygyqZjuFSi<0bWr+;% zcW!J&Tt6k+?`ZfCZs1YPxa%=bK;hvjxMpp(*ofm(efp}XnF&j=pk0NJEf1Xge`XxqLaPjSz#i!yFd5F&0j* z3((w&6drXb#&OBL3HxamAwj|B$M1q3u3bpy*b`QQvT&Xrlt9Npi!EswhLa~^hSmG> zPt%ei{tyBc;A-LthCA^A??-FgVqCQ%Mbjnshw*7p@M!a+=;(MOlvN9A+>u35s_2I? zydf&b){&uK`_gw<3nrG9O2SsyvJ0NbL=Xe|6f=Pe=CBg2z*lC8-rf?Y&6|ThOY2E> zKfv^Cd47?ynmyPdcQ-Zlq6=`PD#BP{YWqL^1a1YatJbB=x@f7GUGp}_AE4RHZWG-Fex+4a zW(m1u6eMVPe*d-ubfKQJAwq42S&HQTCvw zt$IA$y(oJgs%&RXBIY>ZI`~?sE%B#+? zkFS0O#qfeET=uXh69Omhahf=d5rb!MBN8Jccrc8I*U}`)a=yK;-I6Qzpf{ zf>AJ*-RrwQ?^hvZ<;qO(A}6w5?>#5YqH1e<2z}wJ-TTtzP&R|lV_6rtoBrw|rU_79 z1qe028q0XfmY)8f&n4q@U zzNFnVRSkhhzqME#cj`O&M_csaP*kBhSM@YHJy;>=#Fz}t&XD;!C^10)q079|sV%i$ zo}WMc)OiQ`Gz-Sq3Z`9%lD>>;V}UcL&sdka5GEir~r!-w?p0Ly)@E6yh_Im6A+x%!0Me zCLtoyW(-WpwTWhEo#fU%S1#r=kcRor5lA?)-qp7`zcIW9-2*mC7)F79Cd#xcIyA2U zXx9;s%7L)0H*BhXk5U20cqp-vJ;fszW#eR^gQc^~liOe{_99Jji!EC7Q}(URdKtx+ETpdEt*1Un0)($Kz|L@_v#oB-Psuq8U8hD$|O z?th8rr#ST3I=no(J(E=)Qkl%xD8hs>M6;a~@BF$FLS)St-}zK_)! z1!EOh?E!$06p#+5)pIh3rJ&Q%EfShb!Dq{rbfhHepDmy5D|4Tu2J168xR?)62c=f$ z=1!)Z%^?+~w#-HAucJe)KbuSU!5m2)O*V$b04Pua4vFzQ&HDjY#h7pZ%@K4P>+-3( zvNr&F2;Z10>7Euu+#UU2TK_`Sl78#605D3C8s0|b{10}7)g!39%*uN2Y@D?PDM;V` z5J7hmaYR7CY>43BZ{CG{d2Eh1kKFQ?MGx z-Fl1IQX-?A5)6qDc-dP7l!mqD$H9(HPIbvaY!z$7Q+)a`leG#Duv-BLR1KQs-YwBXgxkT1}mOhWj#lZ4*86sZZ94su>;{C4!hJX7DHcB0f{s0ZdY@J0~D zh(i$BdoQZR8V6D^36M+9fi^SvI`q?VWr z1q$O-(1Y+7gz-a?jzviPgdXET^O4F)e$_nvflW-GaTB#B){+ekRIr|YM@`MNWwv~(X)gF)(g zvOTSRi*0~JT!*O+JVP1|Ef)g2XF(<@0hw}*JXJ>)?(8>5@P6c>@4%Xnh_h-oD^;hq zOrg2etL`aVi71i>J$=?@5Mxnv=`EljnI?Q3ppf|H1 zp{2sQfUU-g-uL^lKRsL_UcV(w)vuf6g|px98!CG9|K0vh`XHk9w+#%+oA2-(4-HV< z_PqiXNzji>%6%|h(d=H(RneQ&=B8tRU(}yDaYL8u;b@_e5GM%`yDs{BWLV^IWIYw& z5+xFCjF2%YNeghzM#r+g`=%x)8U*f_^7idp0g&0E)wng}*>sTy&7CS*R z4*#>I9E@Il4TcMNz);~Z%=X-|s-W*KuqZG%cMjkykqyuZO?g6G9i}<_`-l(UmiaK& zp&%tuz`n$B#1}OOKmbfu0zloM{$Zv`e+Vw1F~i%ET9^DG3;sQ~`~@V{X@Ddf*xgbJ zX@h@EOiVH+DX#&Z6Dk~=>)n}L2Om-Zbcc&RREZH8j&~)W=9%b4pNB(^t+7joM4obF z8cg}B&IfBK%d*Dm{*n?uXG4r)Mj&g~4@_#fpFg2w*4;f;v2mH?a&~qvC&gP6^~gYY zTXtPk5sPEFK0E!&#NnFxlOiE##}Cv{;X@&cRgrutEh*u|#2R%Ut|S_(BWB&rdFPzm zpf& zL2(n%@+o6uCPWC{OA|Oj$if)h_%+MMHk=V*oct_tsibv;Fgp5YgElR%acFEDz$N5h z;9wA99!Q?yOLoxh&~1*;M5&&*Bf>?hy;y3yuar_=@bjys5~uS)}(=Qy+`j{)es-qCYl| zz>3x^?&#wXTZTv~$h5xf^Lb^yNz5BOyd zSSK46ZU?Ph*&`CY_o%owmM3uB@_3SwcgA4Bk_65EK0Ss^m~iY!;hW~AcuNZNpsz*B zJ@#+uI8;x42P?Z~->pZUzJOM;f7{wghI%Ovvn3`$3)PzQJCxM!Q4Y2T#R2EX ze-Xbhqq*ee^)K}}$DfC-Bb8-HyKpNrf$(qx_yhUK$Ot=pNW9cYryk*{?gE+avOYsP z@80YqcrhrcFoC@d#F)0cynk;nPdHx)YJ3QIVb%=)0sy?-3!>#xAf*8{gL;MFCuL&i zk_n?nZ@Ui=s$T?KMaj`|EKTb%dRurzg+)MPRferAol7VRuyFetLC*YIurE`7Ca0L*vbEdW;n9LV%j+7nn~9~>d^o8-mk~D9y$Ge%n^->7%{9O zLn%~Lf#uTeEGZ0d@DyBp*rwfOjNhtPYQszs)-oBo$PlJkFU(HD4NFOB8-SZx)E*gH zDUn4#&50o$O8XbB3ab}DeL+`>5zayN2UX>4DtgM$pTm`qc%+SZq%or7#i>DTHyr8- zX}3Md?aPw~H8{~6wQjC-*C=G9rEx=hN`k5yM$olwBj4tr)&dW&7DRh;087eTqK-qS zfhWK|#%E>z{^5Q1gAOZugLFj$qpP*Nf`S<)g!GhptFcx1nx8f^+g;GTE2rzfr=ND_ zbUpDLDrKePYLl3%@{-#CB^H6${7A@8ed8FKSne?jCECf?%Z;yO$Q`Ry;8-@@K z!3LaUaO`n7AQ6P4gEhqW#4<08`qh(<{KSGvM6++lh*X5ZSa4r*-qZiOGjw zNMdkLf9=f*}NsPBeb$W7S*Tf06<}Wc^UPttutru zr`gB7?d`MwzJLEtk6h!oE2ypx74O9oE~Fq3+-#oy)EX}cO+1B^C;m{aKT3^zdXGxs z>BzLyL+UGmLd`*L_fMvL6yv0XLf;kE6@~=IP&zQ)bM^@(PgGOQ^X!#p927aB+w+SY zZ+}(`L|CaDpvJDJs3wMi7nXIY_^(Dl$SDJ=+2~VoyN}Xc6ARPLIf0(o#>QC=Xh< z?;(QuuRJhLTcyU+GXa;WfS3YVAedx+_S~b~14AEAi>pnC5Sd+p%@HEcizR>A(pwiW zHR1*@gYb+=t*&N6N{*6IU^Q5G4Fh+t@R5Tdethob%a?0T(cU2^illHj$>2x4I-f7v zM=hB!?KH&p#iI(7o^RMiH-q_tHi?d8oYr8ZZF!*KZoQQQOJu>W&xQ(o7jjG)U3%|M z44>5Q+<2Zn4tIjZ?MbZhj~pMdd22A#KkQ-zX@~^}qwf+Lk+R|6zqf=8Nx+xSDCdLS z-TmmV@3dP>^p2i7F4$_v-8;17Cp%&?a;$TrHwy^93)n()gyfgz4Sxd zWj`3ID7_8|?&!WFWN1`hC_*kKvYU4Y* zm&D#HAbgpbBT2*^0rlMzCqo&09s>J4uxN94)$4pSMifMgR&h-%T_LEB z6CN(FF|yU}^qkP__Q3Om9-oi_;jtl)%2s_t>j>k!V;@}&$u&b#E;pt*Awn1I6pi>aGbS7mH?_D zjo~^XAaB*oMWN~E&`~);E@Iz%OuO?os8!X&VCEz&|7{j#UnjIBBknR#zmrEby_@Zh z?YHQ=#?j88a-Ey*o)BeF-7c<&@8v7>%gGDU#v^dHddhUD7keGP6+r;94(wMz zZaWcz0oPtNXJ`+H4WvU^pW8JlSKbgVkQLC45CRX>t3G2%fM588gp`3-{G9!#_ICMx zH5EY1M*htBtK%TzHN9*ZtwF6n6)?Cyea!-LFEm{7YKJs9{g2oBp%dMB1(~s%j}vkS z)XU$&ZoCbAw#nva)zftNDPbK+^YGiO%*6koaE1@>7=0sL6M^jlM31|=)AXLFm@ch3 zh?hqRpV%SPOrGH=MzJXoaBA8B=kF+FLxd^q&TkM%WbP#O4}{kJK!OstMuGSB*EMf` z1hFez!?5l?(?w>eVij=Y_BU7+T1#lJ^5)1dRs?K^;q1#EVmTv-5Pt~4`CkYfP7Vnc zyuNBK%`$Bn?NE#(H^`_y-o$_*12$7251?+Ar1IfJuCI*ZkXo#VXqeb32-m3!&2H;U zmkwk01~av5{M(8w>vpmrgq^xMB0E@qKTlZ}qr$$wm3UsYTl42SWnsOL>!4EA&v}5(AR*xjLS5i#teYPOrQk zc+%oJe=5OaTKb#`!;VIUq=L%l&x3b~G>l%~T7oygNFCJr9~tQx>%y;>w~4$^cD&I4 zEkgwO$d@(TaxJ!^|-xBp-qf5nD#&6jYdfA}K(LKJv zEE_H)=sLs3M&Kw#&{&knSil_8QRKY{b?owlF(4k~Q{NgtV?G8G95qRZ`}jQz!n-ew1Ro54 z+}q!Olj>xA6+%1Aa3tW_4}<0BS~sffjuV4U~!|vc4p}1N7E`GEUXAV)Ku}srmu?{3@Tv1v4Zhg=_Ah+G+0_(TQ|8+x2p%=~QD$@qCM@EHI!xr9MYLB)W};A4e0DF~@)-g;e$IZp=c#Y~_H=K-CHZ$(5_;{A^0zH4E3Q`E4%w zZAy*cJNV?kdc}wk4%hnDH1)|DglA%H>xU$Aa`FRpKmII0syR;EIMhIX>m}NgMyktS zJQ-JUr^;~ax?z@Ql^dDz*-O;vNgyIEYVCg9B|l=V#}mR6V(!m3p+`@jdI#72c%JYv zasz8ik%*yBzEIT4o&5Qnq2VTuJ6Qb@1^U{#8X#ddk-w`b+1Q_4xS@$jLU zSol3~wHb5tsYTLKimA~q_zZ5*@1MPX9Un!j%>Qv_sSHA|g|AbKX45A%BkzEgzlKlH zh>wlh`^|?%D((<2P;_2wZmbRw6w@+tu^_DReki{r#dUkMgW9bvV z>!b$kp7iv#Dbao%QRBqCnU?G@bC|gdbk0(25t{*eoErX1t415vU}C~D?#q{bN3ibC zCQxb>CubF_kIx`Z2anuLJ7R5`3)L8i>D7RnSLZF(e(oOx2h)@(Ve-H)OjFM@MKtnG z`F2TQCbJu-00m_%uGdpT0R3&@eW!sNfPnx+-b;>ca;nq?A=!n)@vJW)(Eeh2*~~y+ zU%&CoGge5xouuReMb^xE$$kGx<3gjHMVyu?Ai$L`L%vCueS~pPS{W@XKk15y46D=M=Q^ARESwEnd`!f&oA79MstxsZhh$g?< z*~#dM9KL*vEqak}fV3lzb6nXIbyhiQEu1~VzhyTJ8SimWoTrX56aMw)iu6t3oAOMx zw1y|s6|66V1$Q20izTc}A_&i_PXr#$jz^+@?wn@|=AKU{PrlF8iYw~86cnuLbm`JM zhLQkAwwR|_SpwN9OoNbprhG=!7;t3YU*|$c2Y2E+6fP^yn1l(Hl1@3GpfPtvb|V@c+bMpMu}_oo_AT&Xuvv6F@(cf& z;Z#RvEuN^eCMGx7Oa&`JHrXgAh-Qbebn~kjR=dK*P3vYFCEl|d_um{uVr1DhdDXiP zS3|FprlqC5y9tZyn@P!^*g{g|_EL~Nfm5QFcR71Nq-y9pTTBr#=)WC%{%X^;4fODd z|J@1_wb5lg_)-7v0Lwmw-a~$`(R$5Q~tgP|{*Z zV_m9o2I~=rhY86f8f6q9ub}Q=7v|?b7Jc}*EHr#8s}{fsHo;iu^8wV&8}gHF0JJ5d zE5&-Qn$>|BA{B`|V-n-}ySo0bx4SwJwMue9fv|1%a_BEDU^rz7I`*8Vg5HqG9gH=* zIa?oudv_@d6?c=3)m_^g)o!q6^9Bm$w%xxrER>@C-GRAbDnb{MMG{YS$rItx5DJTf zWJ+HfvLohW)VNQZn1uZNX@waV>ry-{3B`c|4cgfhowT(4(SzLuiMd_MXxQ|e_`>A*DW=+q|PSWFiQhROPX#He% zHnyODhhIz3co5i=)$Lfc(I814=L_PjOKhwlwZvU~1e_brLuTnm z*o<6ba_w#Z^XEz#cH_ z_NLqu&3O5RV7w|}lp1LH$r%k~*A;0w`8chOfS{XpY}P+vEkhhyq77*!1S!>x?`^8_ zFPnMhDxz$ekV5-aBRqRRlbMN!yX6l5;}<@b!Z45$;1C9IuizKB>4iPWNiAxf;S$;t zekd*X15u`kVwascMQhvi@|OC8dG3w6!5k*F7+aE2jJBN7wv~x902etoa1ZChfo+h>}YF!Z*!!eyDvUAR!WgALigViq^uyf0%iqF;Y`(Q z3q4286CAH3I1!*!Zu9VopyR}hk}bj-tv>e9JH1}}+dK%2Q1JJZykzXdg1tWn+ASwU3(nhr}OjY>4YN{dw znZIE1OL#!u0q+mKkAHyp=PFDUciO>s!Ke1UO+HHe`>3jHK+2rKMe5ZZ!2?ILY!DB;lMy>dSMy>*5~`8Ntr*j+xJkVR`~+0^Zc$ zUbzmD<6*_ef89pU5uK;Xt3(WxMJOY8VoDCA6awF^HABz<_KW*`{xM?jHf#Aiq~59z zQ{$p91OvPkUD%P>`y)O!luESNBY}FQ00m9NS%XL3O7vmf-hR0|WdIs3_E6dXMwk=C zZzw4e5?_938>&14AIw=4rAusRO;%Cc&pN8|i0=ia3k%Duyw)U)@HR#ZN)+429m=rq zq#rXc3+T}Du9csU#oQ|f6LO4Zvd2euMnc4lWz_h!@BSOuNWc!fdCBa#%gdOSGNBC1Zk*5ha1Wf zQ7)EzK-}*Smp)l!nxlrQUPhs+n)cC^hVZsn2pof~J`T39C5_v&;IGMezBS`>f z(MKTLPd`lXhcm><0oH1^EC9* z3(yW>pNS3)%}5Vp@hNEgOS&hjioh)z#A{>6atCi@?*mu*PMNxtgF3`bR&&lrPc zzEoCPTCE60gCkEmPSyczh=Z9|S(A%K}mCWH)2T9&W8|Cmhw5rg75-MFirAu-v}I_0F5bL$gxd? zH^8VaXrq084i0LLAX;W;v#iphb8$DDnLq?MaKGOCf^u*}i}|7Bp~v1M8ma}NlgY7g#rLNI(CQD#zEahhQQ8xI7pFh`JAXX9ZtklT#ilm zI@srQrRVLI0mV(50XI|+Nf|})_&9fNKmP*C)~UW0a&K>M8f@)p6&Fypwk{AnZujxA zUjOIM#qr4>pHq8x|M~Ohyn%tNt+Czl(Ha!H=ntSU`%VyQh6xmjEj7{@$FCZOBD^<` z6R9aF34W$5)H{P6Iy~In*QQ|GPQcsDIe#C|f8|`Zr22Yqw5H)~E}8lpNeHy1$DgOd z*X1m%l-K);T5tM`HMi zYLO??pSaN#&MJ!_{wpez^wxk&ruv4@vm(|zlh>TPD(LS-a#Y>7HAd8hxMe2*R5H|o zwIWm!+TsIP4)8+gK2qlR5F%nlSi5CsheWd5B=J$6P?MV9PW{`zxW}2` ziH)Ym%d^f`m^DSHYWO}_)VV>-!7&K5Pw@D%9pa6S-3*T=IYLrOK*Bqx%gc$PsBcOY z9R`An8N~^;0=0DgJ|gxWBpGFk2%?rByf#?qVMxVkGuW!$$Ne7qC_X;u&0?VA|>kcYuu*2N=toFakvoJ z$*Z~_j9Qi-L&D4V{dYH9&!FU9B>S)90n&*hrZicSA1rZEegZ|T9>L=G4PF&~SyWh` zX2P}!ka$&@%Q!ry?GUsvcDV_1BM(+HuijM9@SV)8`r?t`=||hqvLSv*>4ww>Fi--H zz-$g27H!j&5KBgc3@l7Pf86khY%W^LDMG4kCE%?hlYNOU4NGQK1s<8G=y9gGeQi;= zLjsL)?sbN@lcTh-GCX+JVBk1?_^;#A;U{GhFbB%p9#pFS;AM-<#0LUA5)C;Erp3)p zcqrE-9tk)^K?=b0_|XVTPWi(LI)cQU5ekrNlF%yY{T(71+NRy_vK&dk?}V+)23+U_F`izGA&QLx8`hhM-;}-3S8=nae z8YlGTNsnS;^#7)^u9JrB;Y{fC+t zL2&ws4D#zu0QpSGlj?r~iqWip9O=eWbBIaoo0mF>qU>E4g#1`eHRU?Cio&0a6okJ%($t z+ik#?wEkY}PZ(zE$W9d>B)P*M64yMj5MI_dWgs6H408lH(}3TbVUd1{qKO*LSwDmo z!P8X1zbpPaMAD1>hlN~eZlhWcrW=c#oyKwq4Po{CBUcMl&QOCiQM&IC@AK$3lNv&o zV$u0bDZtZIt9Nlbk#g`0L|u5Y>_UsTLzuiz0Qgk4fKklA<-rfq^xTg$@-Di#WE?X- zA@euaW8UvY&e~o#oa#iKAI;~-+*j(9xm-_rmzgj}4NN&kt1m(%kNVrF?jKOf&TXx6|(?%n+v0 zQYXvwPbue6Q;t0u32q@9V^bXyEbAjyi61+tVX-Z5xIm|Jwtj8r=>r}EKtC?uGW zy0#n}VZjq*yDKctAEFQE6nl4@9igI3Z8$ZDl#2XL+Z7rSRX7knI($jYg4POuTE z%NY3P`^F~lkLEp~gR zV_&zYqh$S3FJ;F9)@p)%hk$zvp$(MZdaS7N4C^E^&`7S`3nDgMCWO};XMmX{j`VdE zh%^kKAT+Abmz-O3b93Jj zG5j4dP2p3K6o=a0742s>ujY4Sp?xSQ+PDvJruD&(Y@v$yJz^j<A58}VomOnDuhzMgUHj)V<}O2c z144`nl-u^5kEV>SfdRxKDta;=c}#&YqyYSq`Jw2%_MSt(NY(?w*Q~8i%wb78S2tBF8<&=A5<)Sa4wGp!k`5{0iLRr&ISa6ycuJznPaEYFcSVO>d0>RAH3 zmUXa61~YUbp%PBGD-V%S30}VQRF;&M7Gl8;Vw>p@^pz7_`QiEod(mqEq=%Unrj-|$ zj?hIK==OLaq*?Op z<)kf?-hW_pn+nw8B)RKU1R{#471=jv@>c-&db6p>%;BqO!^&reS$p#38Tld4O2P;J ztboe?TeKaAI>y|8q1{YkxTj1lH&)2F#%4-I6dI&!n`z69JAS3$wkI`VXK)=LB5 zECyZmLac@FatT5dEm^W=-!_C-P%n{TwgI7r8R*IprVo4v1)8sxEu?!Ukc*v)8Rk%l ze~>iZ78y(!2^B$8o66@L2c~L2+VSyelWo>F2d14rsxN`!j0c6>h8&!ilU{MP?7^%L zJ~$jP?OGFkT*Tt2PS1`rbGY~cVtPp4%Jy;Cm1gk)`nRbj{gIs8UY@X<1kjp z9UZ%_Y8tJ@W4b@lv-_)Y_ks-vt#nX|&U^F3`tY?OjIw6z8Hzq)fmy>@0S_lbUAvjQ zLR-d+1ufd~*S4^mgS_dDD+}0kX9#sYqQZdW1tezt1+u!?3LyWfa`zo#_q!+L&(V@q z^ImKlub|dr(9_o^RndE{&3T6`QZl>_7|AL}6J-18Sc(`a?<*+I6?KZNEYcZvP?jcc>i+z~~2SI**m}wr&G; z8&l@ufv2=sA%f(-fIsP*_w3oN+wDyoq$O|e%!ilCD)CVkEzM?ft796?DB(a0 zjOqXcMPS&k z|4fXq#YQFufPV@wHM(FdImFZOQN$~Afc?(=5sllE-db-&sBjbEwGyFy#1p%>dDzOJ`w!n=ardO|%^ zQT6M1>CyoT&flXoopBtSir;=+XG1lJ>!UJQ?E~hQ_+l?6p#px7l!zrdH8n8G%OR&? zY)h5pHZXuVpAuc-eK_6Z9bG;(<2YBMOI3%esyN)*yMpG!oE)~*m|{|MsewW z4JjoYb=p@IEv|;*_<^nQ{O_P4>0U~!x74N0!?&Tv$|Dn0k)|44)9gtNzYmgq$t}W((>~z6+pM}rD-gEiqDI*%OaOZ}tm0Gt43Wl^! z$F;w)HF8P$r|n>!gU!BCH-56fo{4DDJS(%v_Hm{Stod$sU~pQ~2(ubAL?%qvY1en2 z2wqNXKL3ri7X>S_g_cyQb>ulqbR zRzHEk1JWRais+}Wk4CNouQlDPLfK}(Ri1CAJDjE-#j}l;|NQS*jdX|+JaT$?c8OoN z)sdu%B-rnc%uCQK(~5+ny&?LO{;tA^94#>4ZC zY|oW;+&Tz1O}_sO?A-65DBNvl#((LvV>)1nL4NRyK-t@TVckd#16u!)>z!IIjN~bV zAK?aZn*367?0lhT%;gJNmTxb&Gu~GugaN`uDGJV2p9JEa4z2t8S-ZNrI#~oLu&&~T z zMlG&5TEQkZLGp$1eCL}{`IFrq(k#?Cb%5@~3E2w(8m;o8C`(3EQUsM{IaR1x%uK$M z=J<}-=A-4jM+{^VR6%=yK5mMX^Uh=^7&;2zlUtfOIyyRSK2n(4yuxy7UF?KdTeauy z;FQN6^v^JH&D%9zWGTeoECz=zHTcIXT`O89^pUZ1ax_Y`TFXF*6o_g7*e(OqF^xmX z07*Vtk{rjj((LREmnfqc73`Ub&S!42CD*zIlF3)JJ*Q(&wmUvaDZy^oez4oPX# zdEmlE)dLm5lqWRJyZ&LKgk8TE#*@mx6hc*~BaiPX)wx$faVz&GAWw-H8+ap10jM zIo>0nV_5`_01P{YPoF>EZ^GOC(N+rG2qD@1CaA6-pPyDvzlC0lAk1;+eV9aOR zxHxTei2|bwYwe6NuTfsVr?c23p`E(H$Z6cRiTZ_@l6(D*vnN8|#?pU5bz9#M_A`|O zE-MCKSOI2$k#1Ds{b_~>7GV|nPd%4TnWAtcAeThn7001aCKHy9-9Eg5mY8ke_lw!? z`I~RXQIjF4cC||(>8!OuJCFW~q6`&031?>&EXcm=aKmrILc)H2<|VH3O%No(`GRfxM6Xx)(06wk z-nIlM7h=uJ@Itr6;Fki6nouu`(gDi92q|SHEc;MoR#emf*|aSXbEFO*l13bFMXV@u zKcs%7_cG}nOU6*yrA;%g|!7SV2SR2UY?xR*g5OXV`A5qL^LQPz?l*HcRoDAb18%*?8{_;quP`AT7i8r=*z?d)R&jBS6>~@S zv5S%MHv?(ruY|J6KWW(%xz1}Cnbs#(I6Lr?UQPH{KqU<_pnetu=ze}b(2Oe~+BJB5 zMtufM9lKi|{)0?|Em_dXoT{!C0>0_#fHveXZgo`LXG!nVl9IpysO~BDOICcwF~3-% zznL60W2)gx8(GzgS~HMaosdC@3s9ywG83zF@HF5-sKij8>pTSi_fK{QYzvK^yE$3m z1^!#Z3$(EO@=}rdGj*{%y>cYC4E-;T#_EcEdv~maaNUp6Y0X05QLmQaqhC+f6-o#b z$gI98HVsQLVdI$n7oY5V|7(E0p*2w_(~(z=S5^uv8@wwoENLQ^#&AS6`-3nFrVFtd zds{`t@89k+rLC^bvk z_B9I5LL=vT0y&JcWW;u_i}W(;of6|tdm^_ps5Cw1Rs%%{tD{0O1}^JMpzm%Rnq|?r zmUX@B%NG}4IDC9-emB7G9i9#|fR`XoNsd{|794!&JBH zqP_ooMOw&Pj!natMcG@UiRQ%BQ#{;CU^rkol@%(eR|C`WUlSVUE=wi3fQarkP;bQUC}8(>Xce8Tp0DwfFC~w=M-)GCt3K0#Dv|@&9?E6T*e5K@S7TeuM({>MYP^5FOA9wfv0d>x{>zu20C*0oe5{%sm z4Cl1n>p!V8sKnybcMT98q-~kH?06+6dCF?kh~A&T8}VyEFfl@tb4U@u8(xtTGTSZo zC=O7hMLxBbUhEPe5EIWzdHWB{0wHLr^x&|)vwgtPBnzI3ey!*T>^^f=WHu;`su zMX$o=nGpbh$^o4O_Y+s!fNtJA3(w7ShzuvxMxJN)J|QbdAFB0`Y#BfGh41 zh&K+)&lbRppF)q}u)F<}PNbLFzj$Q_1o-&gXAeTpK~R5T6yEB$Ar7RL*aSVz)@=Ke z(Xdkj_VBsK=BzK*pb9#G9o~lS_3ABheXA=p@Z5J%qTP8W_#;50{qAP1D^ggvXS~`m zMrBP5ZoI(qnT75d!$uLo59U*O0Wnxfh-poE!E`K%lVN5drw2ozFOMX$({no#zj z#CnBh6>h5d{7UyfdWuG}19r;Jwi{@PkcYon<7jqN{PpU-4W-WFFK=wYRl5+|Y@1FS zS2{FrQ_8y|v;|oqqj$4XrWt&c6uzH$iVaQ$Re^9-%4H=?rBJ>=+eGsTr+vz4{`1o) ztfA@|XdTIyNslJs`~#UVXdafsA0GWfUz&0qa(;xSv=|LO+~NG^r8#gEVe zLJ1@4?;!o7afZd>S8L1jeO}+?=wq8yJPz_MLjS5z1_O$Rx}7ljgz4Q(e+dO384+uv zh^En&0n*hjGsoJ6eM3X{O`>U;@EdofCER&@eiJb(Y$QG~;erVt{}(*WoE`}_%PGd+ zM8#<-l5BW1PU_52;!VqSjDivS9J2xfqaHuTj{6on{^Gf7El2x#bIKtIgxxcK!{eLZDj(O}6k! zyVcK6)NjA{J-M_2lI>k%Us6~ab>fUQ!9j#h-}1X$EJP_Bn6$Iv_Hi#f;{yD(4vXp4 z&#~5#d%K?BOy`9jZ)vtY=4Y|WAY>=$RJcDMJbJY86V6-Jp!8$7DR^0xnrHaf>C@QK zVHU|Q@+_Aj;W%4rO#^*8f0Xoa@x07N&WF(-H@i9PkAeg>jcT~I0$`T3M<&~Z3s!d3 z6Z{Rj+<>EI?RRJ_g;+oZi6aS2G^XMTNgAWyud!8sn_}tkddA#3GpB)fD%9gOGP?~I z#b|p{DO+x}U+tI(H{MF?vvZh+oxg8gEOMLsH3j1 zP(8n=JUb;$2+m9Apnj9=`B(RJXHA4Nbgx;Rz*nJAyv;{oh&c8m2|#Do+u)?Xp%$eQ z3*daInw7Q*0GR&O7)`*WGC%NQk`4H`;bX10N3n^wd>`HW>Vj@4u&X2+VCDd9%GRGR ztd*ZQ3CefmIkJRB=i#I4AGZcq+N8!67CxHzIe$?r5JXn^3|FxF{Y&*iSLg~1?h_8Q z<2d`#RG1%t1^O9?-3;V%lB$jSVnAq)B zRaxTxiDVh`4kE*S6m|Q*>@I4~Sj$W|qdMn*WuJ zAq3YIPY{gSH-l$cqMcyOK+I?7#4gQAdL96A;>O$z`-8%* zwZkz`33yKEFe$6g8zHQ!0@};fy4>7wZ{p4oxvo(2O^c}8V7A8&UopTFp+m^EH#hR8 zR(%+&33;LPbnZI^a@r%Zt(62vtYqhYCEjMkYoeQ6Zl*^pF%KKtGPzP zuVQ5i=Y+APLy4xxv&3v71qutl?LM_>OOdQX=|LLHcOS~n3jJGJ-yS?d7#%h7z74g1 z$i>2O3o$^|DD1iT&4 zwJ2iCntZF_7PuDSja6_nf3mt!|663ArH`N;Dw)th0aj2yi7RCvKI z>|?vpy`11|na!^mP0}zkIH6cNP?xbJxb?;|f7DMJvciq-ysRx4<{&g(VtuT_>4YR! z%)ey>|00AT1>$R8Z%;-)1TESkjdn~*Y}2Sf<+&o`OJ;l6jxi-%#f0 zJ{wCq{~c52tcxRco@dSX0L><-%Bj$`7BO${naXiEXQVr`DQhAmZssQjV`lK9Wpt|@ z{uRKae3hnrn5O$9sTos%@A%5W6TW~Y96Nqn_R%qLmiNEAiO{OFj&vQq&Dn3)WL!Tf z651^25GaVc-pD8=e(b833021eMiC&CmkLb;3_Or85sLPdd6v9asr2vBk*1NJLQ1B? zgQiHx+_w|V z+dXzrhCq$?dU${b10cBhhV@M4?z|FieGT%GzzWZ)ZaciR$!gwkhQu4XAly7Jogq); z28vIC55EV#O&Cm%-d=l!ZjE^*pl)weL^V*u;(;13rwX7r=H(#89KX&Ig1(#q0u za>Y)t9y91Qt1-$-3&}L7rc^JVKk9V+5C~! z4GPuTHEAZ9mq>5|9`+oXjbNY4Z^|4eZU68M%4)5iEPPkvT2GXZ2Cv ziP~)Hmc2j~#^6zLl4g@Kwb+!@n4+u_uD=^Z3puf%&sD@RdRn_DioA2?K?_jInX;N1 znX^S_wl;FY+#X%&ceL!E;qQcLz-~wo8;RQ=R1{b^;Rt`HGaK|YT{FMOOrNA)IoNl# zEL_>DW_QO#P4NNdYZMSRc1pheHN>`4RS7pU=7_@etL{X}gq3M;lBMVkYga5|EZOqw z*%n6=NM8OlLK+G7x1@NCEOEa^V-Z!hOfPoJ#xf{t$(afW3%h8C5>}#QxD1I-n7A26 ze+1hYIkwV6Pj5_j@A(~3vxJ#?+2cyp>b`B{S) zzPivj9RDnYk=KxV^n!oSEuDOx)=~#qvBJV^1lM8AKAv{55u_k8 zVDEVUOix$fyYv_})gc)B=yr+jzTJ9SiNZ`--TxpQvUv5G1sK8^EZrN8uFy7oLfT&w z>hEX_T!`p4$ewSm+9Qq$-uO{dGvo^}&{)xwiM}v${VQtO9bol_p@t;KPzz=pqz?`>7g5X-}P=Rf!k9 z4PAN-7;Y{=bC|DFU`C=6N%tD&pf?C%3zB?@t8yugvP%+EsjBsP8>2bbG#HFm*?qL_ z^WB9TFOF2OxRU5yq5t5PmfTcEoOl2EO|K#^-)`Ld3@_QFr+ofKOTgcm4XdZW@Jj#L zRoB|A-U#YhQXO2n=RC95L024P{Tz7zm_DjnoX52^ZA6O7R@7$(p-GgMLRFt2s6z5Z z_|M@~72iV7sWs$0bd7-b^}z^q*{s@NOwtgXZ72U;yc6`sD;c|$#Xmqfzwx3}NWL|k zAp!2DA;T_exLtiR@?WV<{4HB%-t2)hVEQ*2;8Jir&CAO;h;0hK6&3M|AjC)4g16Tr zi8Hael-7#Qq|Xbgv)&(f-r7>Mmcl3!o+vA;M{A0!0&i4$NEa5)^)5};)C~n484rQM z!TF9=?%A>fnT^5)Wa)Ai!3FD->@iZ8-$A&GaZ%*S9SA{zOUzka2*ce!>9 zi^$oS(dTaLz~#v631esYxX{VYJnpTJMr{F_ah`*{iwi8&nsDL8gVyIN1>*P*IJ$0z zTjMSaF<|m+Pu8Ua6B!0df-Ol!ERPF^%`VYJ0Ji{-7E|i(RC7|ebq465j|vKWV?n=E zR&Tta@nS&^kcU9Xa7&2;EdwTi$_Z$U)ZQr018StC-qPK#xMXQXEL}Wzi>02_Kky4l~)Y> zD0+SO>~mnGiv$o`VUUixNHc0v%kdQy2U^E^$`3JL(fRnPwi4(P0Kdwi6OWx+3gn$i zDyuwqwU%OM)+#8%?oCiIG@BpP9oQY*Qh)mzWLQU0@zJ!0^o z?e(np3Z>FyC5<-r^ba4*-SCt*--)9=jWAFtwi~?ms+>IG*1R$eU+y;M-6RuZtsl|# zILMJZE#qm@baltR@9zwBKf?kb1a5&S|DbBe;0`E$@az!0qFf0q6hgY*Kp2{?CFMEF za#^jKY4_l@g75Ndmu8ps*J-h_$RXV+x!Kz6A3?Mnn&+An?Q465AJobxythG%;O zwo=($6zQzo2(sgIzU0jGVRjz36SzCG{(jF)@m9$cp|{7Oyq!}9C$A-L$FzhN>+o!g zLhm;ZrfbUfP+gC+Nuev*M_S-xOEPeOT`X0c;!`UuD@NoTL1e`8MR=DjZ95( zPhmK1exaiitMKjC%}NaR-#aw`wP5~_?4+sJ7m8oFX5~4kmcLJCC{=*SSAM$=4Nv&j zvkI(o9ow?`&+)U3qvU6LVeXpqTKV>vdE@wT)~`z$IfKLYa(D6ElJ z{d+m!HS_ib7!ZCW#>RI`oI>J^n@WY4RR?%l-EZPXpIiSp+F?T`$S;&}J>N?ix7B1^ zK;}Ax^3~J)Fpo2+5uP%$`6&F#>^9|YQrv&#^(pU7>iR6y18eu5A_w){E%T%0MVSnx zW>_c$_Jo2Jk~)-{uYhGtjwCzYB#z?&t_LX$n3K@;>P!CoXl|xKEm^LW2)w(qCWS4 zZHG+T4-+m+Mi@u&Zw;Sm$Fc(yve;sMvTERhWm!H zYScU_FdT<<5jM+x!SspYuE2*dPVC&v>7mcO|5$Ab^}qw$t>i6-{bea~aWo4aV&0@2 zD03B#QSgVE7GN7k-5^-&r1+43EACu${`}<1>RXWbR19lbCWtmRhvA!1-+C_dq`#n0 z(16qia+SiY^PRPN9Tqvu3^1UR2L+(hQ`(wQXommtBNl zr;|>=qr&JEeF%fQB6?mvDCZYpJIYL}OwCjMQjJG67DCuOASV|2ebe{Mt$89WCVN`w zo7|9Wdrsf};Nccw9BvA!dL(Ol)Z8G@f*5=vIU6e}1>fR2m%{pAA32>`MPjW-32qJX z&Bb#?AaD1JUjx?|S<^RW3M=Dsf4Y)}^frYT@8Dt0*QOErRs#0x7B(@1SOz69 zfty(7wfD?HN_NUx@#T@&i3xZtM;L{8StqG-jmxHdA|&&iPd8j z!k?v;^BIW0ekl@xvU)G8wEI^hl?Yl^E^5l_vrG6pd_o3gZ?#%#dd3@v z-(Hls0#-PF+$1Go=&FC&^~F zitUWB0D&QVMyE%TI`l3G#pgILKDYdJ@8UG-2GOUGE8jRkJ+QK%^zV4mx1m)`z(y9v$>uLol|{1*f9uRQU$(CMlZ>zXe+TVXHwn|)jS9@MI%CG(sx1t-{{sJ#T{2($dNRn zy!#xTLC1!}h=G9$Ua-3&>gX7}-%&0fAS^+I{ybx%fLE-=I&f=9HKaDFi*irI1UF}e z{m4#E`B|e^v0ZtoI9XY-bbIY>1p~XzV^T4#`TPu}wXpGq@+hy_rOH6G?U%BJk=mv0 zbN4|TsRKP7VLX(;WCDD8x`~viKmO4gC`ENP|GQ#OvVSNah}1aWifWZ6JwC<4 zzeS4uBX|$P>b&9zocRJGZ3uVncI_UblH^RVHdC;TRVcd)UelFPsY2Zo&77EKL2PJc zlytmkTsfbbQMu+F5ll!=_7fD$-^3&b+>q1dq#Sg%_>T3K;;0?=__8*RT+KfA?Bt#*Wh4 zN|X(vrwTg)Dh;Tqc}!-ZtPk)+T+nSmBAdxX-i(Q?W? zk%Q!5$}=^zD`W}Hr=UjvazD+xq*NWTjvk|q@EO(3SAwn6s+wbE|2iQ5{imktU3;#)WJh`52WccV zK3h8r$@;d5O@0C6_7)j`Ud4pFlvfKL3prV^kkedgeV z9dTz@d%+#<8I24|;R_B9G#3ZUr=G!4HdAYSx<*I#*wraKe=P9S4KgIip=f z25l_`72TbI{(g0v6m?#QT(P8T+{PGCY6^zD7fa0xu`vQ0NA`_OFlY+EKPB1jaj5Yo z+`esi+SJqqyb#=G-$z&X;SgbO>f)K?m2iA_pK+8eUMFThD$uRmN)}@D#IZF)R?|}E z^hvR=Yyo47jtQ$sI7tJj$i7X}%6m3RyZf0o_0(Ko7gX>gtWvI@e!&1l=4rC^8|zTZ zlCvaqNmsM`BN+=gz)SDT3`{^X zHIr;k2(aZj=C9H=NP165w3Q06L}cAQ$|K#b9!ijZ6`+OV{V1vN!55YEzvj5)8WtdN z^zPMQ93J6dZv}4_K5w1HBQd|Nq+=FP0N;bzeH=+Y@UQvDi-6-oxs$W&ElF1QP38m6 zzjkAPi<=&g_uvC6hl~4;4<>{<7~~v2i3b|Av95xH>5z7!XS4PgYeg{t}!8N-0$-3y7;??5+L8~eErR5gl$)} zjg)Grb#n8K!Dr)e&eD-&R1=2hP#Ys(}5j0loYhU%Z0vdX!a(V10V8hfL(ja z+<;Vo6>;E#tAX_njdqA;!?F7K@nbJT>c#D{$8s50^Y$B1)3w)m2kVJ+8i)Bm7Lpz0 zpE#De7Ia-4ez2)OU5{o=AgF~3Dg)>#7)P682|UArp^FX!V|b4cLNU}FtlB+}H4D>w z4%kb_>KxGQvWwrt^c1`0RZ&19t5n+T9$J2Q<3#(KsG!JV`g*LY!X zcOHBYFh1|-;c0BPg{JV<7cU0-=;C(4cFXkeDF4>k>9cc% z=P{_)u1!F1NI;b^S!x1bYZDyx&sF=GBb);$<3X=#V-=Jfz%?i&r_`yZRN)5k_WVgq z??1kKcT9u9QU*)n&zo@IF>3ie4&TD6Jnlfn9}d)H6uL58$y=J--hHfOYH|a}wEd=} z_^{UwLPq75rFS*dEqJ90YaVzCsM37MbUYOR=02JEn=|vQG4-VSa>IuolXS;sVsm^l%<19}nkOk3}@TTvox@bnwECF{T^WE9R zK_gI*@!BUM{R@7}eh1QG>uU`+Iz5z#9yneBLR;9pd%}CgTl)>`Wvaic89*-&vM)ULK(XHrn*($LNn}v(-(s4R9rwRDJPuSYzu8 zrAnKXKPv~B**rc=xk$B^?tCXb^85Kof>T_1T`(SVUWB%R`Gs_k4f9`~-NrOdW@bzuc-vqZuR8Y@2; zr^|)zz$+$AGs0{$2t}-+w4(9pPbt850h> zdaWbqxsJXVbMK;DHpLVK`8T-KKcIpla5O9wZzry{^$$Pf=n5Cd^^#tond8EUV8B4iBB`kX`b91 zmC_Yu$<>hVo`xJ_Z~T4uvT6fA2SXOCWkmnxoxv5B&19Gdxx!V~3JeDTeO>nDi=v(} zqoP)gv}n8`VA11pR)7RsJmmvQVhT)kSPwbA%Z2Dx7IV_gRq z0@msDlFvz?u1$!A>gAJEOgrU3w8?}s9V4X$nQEBz0nK3RGx-jJs-N?>A8HWAs*vlj znx62DLFq_kAoGxf8*9iBw zzvTEn>X&ZJS2F4NZ=`djtTRfqQ{rhdX9WDzz)ykkE8F#1Hgg1fvcoUhfJ{$Oi+5M_ zAi=lnkmhCS?H*W*j+}Yp%Cs7sLpmB##^c7WfGx%GWJ?nb%QPSO=uI7$w2(5R3Y9xh^h6Hr1C;K@Oh9=*!GT z1W)l~!KrDVd$V>`M_Z4s|2{7eo)@rVyS0(GsOlHB+R}G8po|uNe(~i5&PP~28tBSj z!Bc`K1KY6~aknq8QkXX{Xyo^tul2Xv(jdy}RY%YBiXE)C2yl|Fn0c^IILyD8w4Qes zB@}^}!kju?lx3gXf$Kcxu7{$xAq+*ZIIHGX`$u$Sl5Eaj3jH-Zv>RuyX4^~-2cjlI z6ob8klRI&y={9$CAO%@^qYlg5folms`45~0HdfOP#qBHeRm}4q;`qHIp3e;R0jM}D*$}$gg zbFKS{7&Nig(!1_wsSZiykv#ck1w*c2K&%Zw^oNg}4GwBnrW?nnOy7H9`DkUxv6k6& zxX4eBDz1rG-N~Mo;nhwJ2iX=PsC}TOUd&TZhB)_qGpIiSdcwC~h-=az${k){LC?c! zm{34~=UDd5=*;PgMXflK4r`r}mD(?2Z!Jsy+}|%+v6rmZn0`}(D9%J^ZbP}v0WzF@ z>LVsx{gsh059n}l{&2L;mRf;V>1qpgsOy>HOKdk(9s+mjt$U0S5+HBLPNHS!o=^b$ zlun}rkb-$Jk;f>N*#L{`^NffcdT>8ht6A+y<-wy86lNXwy-t7`kt> z)*DWSQ@b=nJrfW&@Y+(cPP_oQUFk6D^YD9V+UJFX%lzGa{U>0t-|(+g5!1ML5-*#$ z$k5e6r~$>>%303Ou0Go;a>gYw7)?P>$hSi6+;M*O{iDDuP@BA%|84gnWP-z&Z(Ar? ze$T+*`k4F1E60iq^@G7vI~`NUo5#p7Ie{$G7(JvCvxL zZbX`_cYfmT#ut;gs$oTfVhv+(&#(#y6|l&6MTJYhO%@w%gN?$S17WXAh0r0uhX;-W zksy&}m6V80H<@B~2~=vzbNm-UB7ql%PX4avA3RNNgMmAssomI)z8{WN^#5#;J0?_c z{9|MmufruJxw2=ut5+-Wunv1u`b{UB$JcMi$FJJ2Tp9>`wr9_t^NHLbfnx~PUZ9bN zK}Q%*ENL4$h2wOfkbz-o zZDAp^924w%*`!e?*CA?|FK7c1&H6dVE#T*X!3=J&p3&{254Ryw8>ZoqNJV*v&b)ME zhsLd)sQvTX1OEP=4|me zYCJELBQFY+e3Y1#5F1-nKV>nSO)ii-VOpF=sswx zvnzV+i}4=UJ$8ZLvFTzzdruDlbFN$TK-yRLiGf^7C8^NSC*8)Z_Iqp|fqh&3Rc$Epi=AKP0Zovzb5oDzqQ22~!83uh;1HDzjP7EHqV%y9lc zGQd8de`&v4o$6ZlRddn%l7|nUT;7w&rVzL~PPT-<*EtAiH8Bfy+7bL=JmWo`ZBx z6Fwn0!p43-B~Ssi6_9Uh5QUlm%M9U{9Jm;tJzEkRbjp0Ou(GxXSatjjjf?P8nHW=M z6|$O86XsJGG`)nZ337@ppO9Gyr$@!hm*w$521lwP>;sFNpRfU2{`ED@KqlR^Z#ey{ z$=D{DTVs6TahC%}TeYKLyCHcs`!+mBx*_nky5?%-SL&k&TmZs34W=dkQ@gT~@$UoMd z9o~^!(0#1Jbo2Pe`Wl4xcNQiNI;L*LH1nw9q-!lLO3&DN;LNEL3FWt3#5@=&KX)6m@NW%OtjPOqPl@;H@_;hXJXB9B}AYc}gGL?k@*IxB6z}tvY7F zXN*B`VG%VaLviI1Xm@7lw`Va4Y{{@;m-?F-f7)<3x?56RjbDY42kaH8itE?^3NP2J z&~mnx_Jhe$q$MfG(H(WgxYHvW1r?q5_M}SLVbvid#+|$)S;V%Yd);e&>#H)d2y}m zTl{Xg4WMFGy~KAOb20~D=7t%5-wNpU8FNSHow@@t3WF+o8dX0qH31Qki_hVq7_+#t zW>h`uw6ZjdSE*QaXSpkW2{+&-_ykHmJaYi76`cyiKtT^Z1G-JcuU9Ds;886*zzFXg z{J(oYqzSbWGF)Vn5(pcbznH zK(|uCAHtbinxCJH#t`cEk&4+*>oR=sia4iTmF#OIlqA6#@x!)t-s;`WabHfM){_Nk z6rZH%@EwSU5ASF~Fo1^j;p8h(+A#1i3GKqxRAaG6K5}*13Ax|q>LxH$=Z`u?7mHaH zYCX^Qh$Z+-kHTm*U3<{Za4JovexyDz+rpG^MLeBAs^IKT-_CXVG~lqV`kojeR*gG$Y$F;0OrMWzekaT!>pxtjrceNzyi=`J~(T8>#M;1@qDtI^*mm5G_= z)IPNsA>e2&Q45Z`@m%7GX@jK(0MCo>9w=Jd{`)mn*r*X z3z(-Nd^=s{F*<{sre5|YWGe$!`wV7p)AJAtiy7B_RJM0~$K9*X4fSZj`Qzc4=@KNL zM-{u;3V;keAtiiZ;sk4il6cCi=JNcA-3cc+mj8vLu^{hHhH*+A8RYMQ$t?dA~@}f$V^tzA(|z z)S0CML{>MtRpvfqh@%}T?PKn1F~t|gQ^ajFuMN$*$Qv9ukHw4B2uRsL#;sUsJg~A7 zd+nI=&=a?PUY&2{KM8&D4b>*@HS|&w|K;Qv$ zwWUZ*9PzYydoW&IXm(CQ`a0V~=o)0cg~xG9U=_3y7LG##G|Dxp{83=RWqa(>c0q}u z0CQ(c%nKTIc*%$rONYgD$9vELJh;50o&k8nEDC`E(@L`gALh_~AQ6D$#^txpKfku@ z)=CzA;Y8Xl?i|R?LJJ<`r_gP}&tc9bUU%}?Mc4xYb+#?D@iekU^G5v==C<3MNbpUQ=n*nu#ae$0pUKAu)`)eM9 z5O-;%9o`Pqv&&x6Xyy(<)hd$Dg4TRFP!c+#pK47tw$}t|-8| z16q~Dy+aX6)GOwgr%%|Rt^M{qB#~G=eNV1Kw$x$9T&RtB0(j(cE^C1^AzQ>i&OEPN zl`7BC16x#$}JU7&rA61~! zh4e#EBO$fc|0Lq6iR2`}P5|qeePEH7D(TQo0YG?zJK~FnIc|-3_1wYv-;Z+alZPz49a1p&yGvEQ}W>S;4Z5Y2NL6QM24h? zEPNOOz4|R8rPESV#lIYtq?0oQ6>*~dHOeo1>J!l|HCIcRUf~1Po>00}VM23W^0OE37+BOZ(FIgwTDq8ms?#UHYn4BGMaU1V={((b%>e0Cr)(9~)I z%Vl3w z^S39k!rZ)HNv78}k%G4F>@N5&qk95r>;wGtsW?5_#PT8Zw9(=^rq7IV6oEGp-k^|G z$7}IQ6w{+9=G96L{@f4=K+MKj;GMmsX0*0;%!Ka`$lmL#v$9_N`pw;1iVG9OQ(z8_ zATcA~eQK|_n0C*(Rtp=(e}c*RJTb51zj=(neJ-=M^%QGiaMJ&a zu+Amcr0DjOClwv;=zrd7V4oH65ylIrXX|x(ROyJ{8so zhs(!NTZiGHK!^#d|KcY3nls9})5YvPusm8|VnmqwHFGV{{8^DOmMkgm-U;N)`j$OoC_Z z%vBN(QUzAQAwEz$UbG(EXFBPnek{xq1~5V?1LzwFt)-s$6}G>U(S&{qgB8sTnD z*wDL5-8rH<4M=LC6)k;FYphm8QU!z zBMg=8rP%Yt&$50h@6oAUhe0Jj7|92Mx%leeekTuhm7*oXktspAV=HniM(^;usy~dF zFnDYl2*=?7&gLg_5p{D8BrQYOXT-Zyfe8so16yeWF+8qas=Kq0pc0k+>w|xl{Kh1t zQKni|Mvb)h=Z=hqLG5d9l*B9UpXGtp7l&JB5kc(^r@Pxm-vF<29R*$RWh zNG`Gab<-xosknOl(GQ;wrxHJ4=dw3_hNIyN)C?#;r#`&mv~BZ(p$5nfDB0h0A%jHt z_VkXLlLHnA7`P0hQHR|&Gt=@J>Lg%n#JAkMZ5NqhY^Hv1@%%4@wm2u+_%aPUjyIJ) z9I`A~?a~slv2x-DV|aKAA7Wmij{_ifSW;U>j&pu7om;5Ya-uyQc*sLkv%5c@Fcg#s zZ}{Bd|3%g2&PG>fry_@Mw?(NC6|C*fmz` zJ>!rimc3jr#0}xTUCLd$~YG zAne_zcGGUr)g&}->kfrL3PP!5FMq$&u>wP0z!i8+LDis0w`QU%=0URM<%n#JK_^_dBC#xD zUp#>sv_BmM>HRiT+qO~1ZKaT45GZT;>gwvpk12%?Y!CqeXeU~JtTr6_616rru6Tiw z0##HZuQrj?o!w>M$g$d9Duh9g5Hg%Kb0 z4aW&5@%5v&Z7evNWc{C}LJk4hS~Bd{AnA-mzgff0n?v~gUKw_ouc&@(vcI|zc2);H zRZBbW>*s7qS)Py>cLjFa7|Rt4t8ZE|O#1pCL?0SlOYbW-8G3@#V$Ab_4eW1za79=M z$q!Ff%74F;T%`mP2apM+Kx{;1y(9Xy-!IOBM~|8aAkWvvW{jm~Z^}Nr;134-3$T;8 z85G4+W)@{?U)_<^-bQ$ZC01P+_<00lYcxE16q~^o!KQ?}_3C?~QtpI@#7<_LZccQG z8zX3Xb?=d=r_{}^+87aVlJ|gJ945LMez>3CB6o7?M+qI|_cp8ua$u1dZ<>=>jPLaO z?vD%`wGAU^~toP$3@?m-a9F92kvt|AYTyPwPcFAxAaGLS3ax9 zq3J{9X=R;1=;6wK+pcVYb8c!j4t77$QWA6Ym@A?0x4?SEY#U{he3!*5^boE{@7QIE zgjf2mTg~^$^O$M3C`=Z_KyHNKISQZ&kLrc4EyFx84}#v+?+Bl+XdU~Oz!3?df&~i! zL?9P#kZ>@Gi9MckLSQggo;U};;juLtNDFnx|28%;8Lnl%*5;1dK;8tzJw5(+Rvk56 z7e!Dp63fbg4Mkt&mj0sNx}n)dq!vOj772?3QCh3NEVD8V)~Z6ghIFvtl0_|E-XSDn zP0sy~v(yse8jC||n0T>Xv(sy*ms7Or0KMczG)dZ3T8z^R9z5P}CV_2VHh{ zp4EvuJ`Oxh6|?`b5sa$*zs8-98HGnZ@Jlg(9bgYWI8-iS5nyokEcHJf%w7Jdf*~uy z1c4EUr2<^`jfm(KAvqwhf1nh)G|dhV5>#shj0^)tZRshErDA8sT)xJ#T1~T^e*@}* z41SgMq0piCkVzNqX;&HzD255*D8jTrwB>~09#@`LS#pI+*;&ZHdViw7qFS_Jh_HZ3 zl-Xu(PrI-O4s5fl&3YKv18V{~4TSiJzUkS@n#SW(4+yKkpBOZ1-IU~{9GH0E+56q~L=J@jF2bE3EFTcGYVxMTgnUV)D+ zEGDY>*-~u2y(_4f`W(*G2nXd$)35U5S8)|3OFA$DB?S<6qnZw4h3g!$m0qhBw#Szz z_4tp?DvnotuEQK-@|rp+)JN{4^L&7Ik7(ek54abwmFnr|Z(z}2&}a6~orM8>5U5w* zf^ADM{y9o0A{EMpC%}cmo+pAxLFU4W@GA`P^DnQR0OZMdExg9^byU@qcdL+4>o}}} z>}s8M18={Z&c%8;mYXxS0a203RxyyuVl$e^JOQzQNLa+FJ+MKHPQtS@d?{Mc&K>c~ z9<`K@0+I18X+ra$peB zv0;l@azg?8F6mD5F3S>g9Mu<3N{V-YSz!vR7sV4NPE?Udz!A9_f{_dh3L$(eaijAu zceMvTfYc18b~rM^eB|gPGE1=RQ2r{Q1aqkIOR;H77F!^$Cs&Xr!d(7zN6iqtA&@)Br3vtP86M0I8 z!x-&hvP;YpP}s?QV3lBo6Kw$loJ#&Ek6LjW%cnPuk`A3d6YII|2SfrMEEpoPqho*y z&qTZ#7$0K32}d&^Pa0vXw9L`34e&G zze~-t=*iQ@>i|K`q>d>UOiV}-)V>2gT>j%K_2HOdXnB|wYLXFD&hC`^m6kqE-0g_v z!bir1e-Meur+WAseB?6fh-fMv9Def-Ae-MXYZD9t|m83!0?G!q}@qqYH?P6RU3y; zLR4!yh1*2lbcd>&7R<(nnWsJwhq(@Apw^$?ODnxnC;s5U9D@Wv&(P5Bjp{>=Ii-W= z$|sq~#D`r{nx;IDHk4kdFZOd|lU1+xe~gtB$bu-?avc)-Je^eopxBB4Gk&G=Ul?J;6l~z!MEIkmKvCv@LHX- zcjyJeZRsd{cH_L=X9Ob;m1bpy@CyI7ADvnlRby7A413{&*y|=wJL?P#y^SUPmu3== zI1j>55P7spm(iHM{?B3>msRgU*)orN=>Y1$K>^?gC&?a3gEI$3d5@nzcg{ZRtnC*} zM}J(xcEnVh?i;6-(JuU(fL%aXIgSgN0L2wb!`)njI~I!Uc-e&j+K67i_xN$#o5``b z600U1SeH(D&O5W?f6?}V>)`_~AaNl9+3#60l=)?VK{(2%=7jwxCPjbI&QjJG7ylme zek?m=zsD?A=8I9k|EMp@SzPCo_|Hw;$rgbay1{$vju%YzHbVE_NdYm;bh<^T4lE{c z5dNJUGrPo&;NjW6P4#y^Jfu5Ff+KX<0GdZa=?%Atw70$YM(VX0t*5ae;wLV zAQoVm!;1kWU^j?P{OA2pUR-w=u2rEB0NutSqu>EL)EtX2J%bMjKmy4E zZgebQF5`xAXy4yDBXgf!uH%wMkUD}3CnoA&Ed+?E9=SwN*ub~F|DdW)p+OV~1l(!2 z?G}E85QXTuqq}F#y`;!Dk>R;~X!WeM;mw$!l3|aTpv%h|zGbncW5JWma2Gu@UKk?7 zfPKR9w99W;)~DVALUW?{FAQ9pHWSHiw#`!~bt7t7VRnk#N|FtF4#`PAvS2um@5HB0 zTe{Vc+b)|Ql4`>PPL_x zWPdn_S#|1E{a&Yw43QK#p8X7y91<@_ETvt6@5k6dOaO6%O|`(X3UA6MqX}g#Xa-%0 zwHM1$@*E&DY=GLE;3k2+dn9JemlJ?4SX9dfHI^w3h{^6Fw89fahN_R{kW^oBaWNe# zZ^ByyeKuC=6Kxzzz=5N(%jY&t^N)U@k8E%gS3OkqSm;0umqK7@SJ0$}bF1la(8e0L zNP-BCzwmcmGyfcH-qvn<2V09G?dm-9YqJAU-31Xf2dbubc)(c~7Z=fq!$$zg#FE-h zeOnRUQUZl1NM1kiU;d(Ee%pqSOVg>T_XzpTuBl<8s_=Tu!&{vRuc759wWn?8$eT5->F-*;D&=3RZG@dlm zWBj@S1O+JkVO;Q5H1Y>i3d+kp+hAYuoyaLCX{6UYYWOS)cMVaW@1IN$I>Z-YVkp$w zU+%yJwFQz8PIJML6<#*@R7WNqZHi&Ky1q=f^Sy$j{>U8LpW_3yDE9ul&#N-r)Jp43 zaLvNN{Qjy0xL_ojGY`CE(pTbZ2|CGWaE3h9D-6$tcF6&2OcuAPgkGNDYUH(! zv8i{p83UpdS+ZU}kYocE3OMiu#2y1PSA`Yx)FK!o$1b*VVFji2V{zMK!b#S)ClP}>B>XWVQ% zWb@{x6Y;p0Q7+A$${cd3YWUAC6BBvGS_@+<902Mh4BpNdBzeGF2Gb_LwDuRR7wBQa zy~4z&Q|z#$MDZYBa# zC24$%pSQcST=F2j0Ym+;#pymft@E$F$9HcDCj7MAYKFzrdZq$mZ3aT99PPbKE@}sO zzV>Axm7xiOYY@m)`(mVsP>g=FYv6Fex(#UW4+L7RIycAhNbpCcI2kTKcrBkohDbBC z_y4=hcTk@?{k~`F*Z7hS%QWFVxmml1uwmk1p{-nBRy?ME4E~E4N73Z>RCk0$pFaH> z!_Obce0Wq3bO|%J!F#YBbp(~T)%oywi()>d>(+a3{aM~P>;w>7#DMi-n>QT7~>lF3oZ9?pE4Rj+*rQPpU|0eWVBPsh=l4T`S+Lv7B>!1; z%5cBCOVx@;goW|S^dHt6MPgGb?x1p`90^8;2aivui8g!YJ#1{>;U~TE1s((UR5~P# zxfy&Q?tR8b_2u6XDx8;0{eit?AtGPVuD&R}Po6hE;{d24$ho75cJa_rpH;JGbM6No&k%g!g2t-&aI z!yaUy*KpR5|MYF%B(kqE!$Ni2+nUUh`x7^ge8jLX1c7O%KX{p_VKlzrc~5)@H(yKu zgpIrNdK>__%`cif;@^s+0pHBjl#`!4W9Yi(fffJVESK{jQPVxR>x4oSn>4YQ#2OzD z511V(eDMMQy%d^3eG`*(x9DUU`LcJNopHvc)-93P>4#%RHGx?4H44+`^t?Yjg^|8j zqsH{s3anHN`an^cuaqCL{{tIB$Si-vmI)($rC$G?cv|tay@SItPKhFCCEbAk=3j&- zvOe>aGQ;S)m8=JSt+6mh`GnDKf8AyO+Y0*t@5`z7wCdKaJ%uH^M2oI^>A3XAh z@jkW*oJ>K!vvUmagh7uvWkY(c8-rEvmf|Yc9<_heg#iO?gE@=~peSFQuXTLfeVE1_ z)}Pws=nG}xA$G>Z?e)$R==|KJX}T+!&lKwhK;=N>2GvJptN#kOu7qU?553&?=d!SX zz;LljV-x7sxc1qRzVNTAH@xb$e)B~w*@Zv@D6*E2;e zlx;3OZMgmwVv{Fdq7JwY*xb&_$|46vd*AMZ9H(l=@zMjgD_(c0ZbP;+@_42>WUeQ$ zKkn*3WS>YX@Ji$TZuN5%zRwv;s|y`L%KC2z-pw}u8lh|P!3g#Z5o$f<9qT!88KY2O zqQoix&$sxgi$>^E(2C87(0H|z?=<`os`RTCAK_>=iTc*dO@TsT?>jp`jlgeZ@m{GS zh;y4wV{-X{d8K{JVotq6 z#sH%T4`-dH=77hA(dkaAU>e_}KNrif*XV!Zo3CNCPRqDlM6@UJSstR7YA+~G5^Bn?m{f{O3I_ShOVlmtEp%ybw_xoO1uV)NRHdySFZthW@cT)4 zU&dwY4CdUu`{@ZTtuJdxzfivSIPe1vD_x`k5%idm5jEq6R@>AU&tQX~-i{jT+3txM zMPKy;2H1Bo#ypz&s6zf*5q)bZWI_NWV!L*}5hiAvBSb*06K)K+3zVAu^D$rD51iL8 zYKwFnBwT;bjMhoBV4Q%Za7UU6k@7T{ZQ#kD`PE8aSYgAm1soW{k6B^TyHyx)Q$^Wh?9tFJCgpoun7RBc#vSU$NOTgsg0V7QuE13{^z)ekrQ=9N;s9&nEf(!z9 z2Wag?DwNE?hr=|bh-2R%^k5SP{~ZtPRpu{3>EZUXDMYcI7mijf1MB(4)A&v>^ACv1 zxH{vG2O<0fmVFyWU{h%@B+7fB-$v`@gL)QVlHW6W$8w6#u79T0Nu@W6PkL8_Ld5lF z_F~XVG{FM^&)jqBMCtDdxRF4Uf;>|1J>b0MBC`I5Typw5j2P2(te_AeD4j5n?m1T~ zvWMLh<12{F;+x1jg?y7rhGzKyI9!s{9-TB7-n9BeSukGx6Y(fE?>2UQLqLvVs{2>K zN)yt&cXBEtu#5HlVH7=deq)<>W~)aq(Ii|GpwImWVL&?!8u(=C+2f4XkOvYsat}HR z=%dwZalh!)!&_GY;!Y$U@bPIJ(he&u{6C_;1RTqCZTl@_rKn^|hDekmLo!d93PmXt zQ6vXcC=XiIhhY6jLwJ-zQ{=oAo_ziluwfuh z@nWVp?Cf2XtRCaZ|1(Iwl076>#C#E|d&&0QbB}id>uRuW+`n$GFAp_e@X% zAL$O8a?n~7uwHHCL7m=Y^EtLan0o^T!93y{AK99o0A|B{5R$!}i-{ku8^dw_(Y<<6 zDQp}%LVn>{NAClUuGFM$@<82~YY!$Cf8&(lO<`noW5y=eGz&sZueXI>8yXc!;!QhT z`x_XpCu#vI8CzTHq{;jA#f!@i2$6Zanw%Xz(9XoGUrl=C8ol$A3eiU zp+0R9)K9yS7TGrBl89W|gsUjOmCmEhJM^Tj+3Ty+`Y^%AXf)uD%?~@T1Kf2V8*g4b zsqmcg0$aX*i$<$%;VIXj*Gu2`Iq&JYPPNHjy`#|l0}3si5RlDQK@t9ER3tqf)_=OQ z8E|lWROotxQ+fiF9rvE4jbZIR!I%=b$gR(8ZricrMH@0^apVG{BR=rFN{B~4CGtB} z5u-jYDv8mw0`gq9Lp5;h&zqt@A3!`qVEJ3T7WN^XYJJ!@C=4NSbKw=bs6vlLR|NGH zkKG`U3OXzRfxlqCRRMd6Vd;H!tDj|NE^akT7;Q!-MK~4XS25Y~*F71;R1adKVpV4h zgn*y=v$L^fgE72WWP7g#$O~>?_7rwV6pm#NFV7TUKM}nd;V7Uyz^vWm#@>y^17h6` z%)ff}5+!1G zSg$wo00(+)0b$UQ-m{y0NdlwyY0-+0WN!YB#D%da(zTNOBY!x#mYGW5{PU{;dguC~ zJjYLJFmK-(~Fp#y=A#QQLHO zyv&6RhfpNY>|>1vZzaRIx3yC@l{ADFw!63(6Bz{_EnpTH_>_E|)!4of znsFkE!|&+)?SY`|o7DM%m9#;eHBb=!eIIWK2_!#}AZpRmzSq$t;&E5luCI~ zm)dD=Q$Xh!^Be2)bb@#or`{yeILl!jh#WLiI$FS27^e;NOkNAk)}M`oX4VIl{Yc*4 z=)-`s>T2>{vaXpW5WSvNLr(+uJ9SfF86xEzx`5^8M6xfcK{~V zHkZA3&z?%yt52f++b$-S)8fg7T3SE-3DgY!Lmzwn)Hldl)g`Sg4M>x8n1gpete_vi%&8-lCa`AF_F2HZLy8 z=MR3rr!#8=|;0X8zTNzXPkc_$oW&uN9q8z!Ze}GqA_}?H?0N1^=GFGo!6} zj@6ZdcSUQD8cC-M`Dz$|?h*m_kHedjWJyNL&Mq|KnXqKJ_8w_#wm7(D$(vrEzohN_Ic_DV6oEtxo9{4c4(}C9oBAT055nr|}#KQOpcs6&HfuR)5nCU;| zaEQ2pzPjtI$*a(0HTU;dfc;NG{oDa>4h$85{*df##G}5^7&VhSD?x7om;I?Rm$*JQ z1J(gJAr^pejRtRwzUGlW-Ym#jh`d$-@mUw zF$62qnMn7C|4lr=b|fm1@`0(DLyPA`IdIS{N}5G>9E09(4C;X;OLS;u5HApJ>!#~M z=^4AE^v)&dL$7@O`e8a%4t)dulE+8`{Dvkn3b`$FC(n4$>4d$Tx>;BGxc0^oP5)7d z`j==r&%dcT`|>mjq_5Da#ku-C{Pozz1OyLkNd#4}EswjE-54gbbTihe!NR>0jQnM>K3#Tiu)MBMM0E0)~q5>_AL(sM( z>aD|v*KG^vz|rtG8{lsQ6b9?==d_}LRidY9gNkvNY+~GV<;B)|DrQ239{b@;{t{pA zpeS2P>eDsdtwdwu%USH|@vrK@KTIC?EQyD87=+aBXj$bU6TNatt8n=h4kqPp^nC4u z`)lKYc93SIO*jO8( zi{_#5WSDhK!J#aB1j-EnQ11=2wq5-M2keoYv?EE>BZ&hZtdBb)b%oFiziR?w(83Ub zS`p%0UDjgC4dpw*nZ3RzQy2Q+(4@5Vg1oS z3l4DW`i_f;_RK8-$8$`VS8_w5JFgS`NIX40ili%8y)^#4?5P}CIn1vq@*GeWDi5A_ zA@UOL?hleW9sIi|Rx)r2$QSK;L)1PeyRY>GZPf=4<}eT`n8IL+JNt+o^`()KNpUCD zKB>O2&aR+w`?0epB2jD37J4l-CG|VD=F*`+`hHz$=R#9wqXgIOVr1s9Azv@c#j9_> zpCvr`JTDcP%G^u7mX$s7XbLW2;y;(fxKPFz*ieZ*o2@? z;|<9XN5R4U4jqh0D6Y`gtvHZ>8G>H)l7MctN^_EhpFV$n5PV=ztz&I5AS16yg1jcA zO;%sWGGK@gm0UO*v$V>ygDz}$cp0|Yz?3E8mb#G{m>{Hdr33dzwj2O_8C^u$f(LV) zEz|$M`WhC)^p0;Q>2bok@92jb0i8@)@@_Sl)K7BS#7_P|q(=01$n*ZCvxhra=|8tEq^i%p%g?MNQL&OoRgIfhj?F0wPexUs1hzGaDQjI<}3w(yTR zfnBDo2zAaBH27Eg-SiRPcx(YorOVv@OOGc`%vkm1ANEa;gIh% zVIto|Ak+T>F5Qt(m%#|!E|>s)RoXLT8k@#B zaC1o%Le&_+`%we)<*b}xI)s!@m8@6Dqe8iRpb&E*EG&~w|G`(ZcQ?KO=W+1~QX1|! z>^b}WfWyOPJCCy`xA!)_+C5)gu6PA>N3I~ERs}vuL!@wC1jmm9)!L0y<8FQd+Uf3^ z+>Q}xUWB3I_cna_f|^yI-S1&Q_6Qc#Rd$p!inAp_f3w!IOJ>{70km3gwh=_m{?CgO zP;&Ht{ra{4popkh%c**$n%QpD{>XJFi~?S`LoJ^wYF|S^>l7s0|L~l79E4}`P-;{e zZcklI0!12N7Mf+X<0nr-*YrZGDvzmxqgcgL=cI4Gv{iLz%E0HixmMJm%Wy#IivT+f z0t)%DVsL#CRe{o_*F{d*wYbwUAo)Plc6EtJ;eaPL30J>PkzJ^iC}I6^8ZY?IGWGeW zx{Lj~3!|&&YtK;CidCwQj2`k`!VEX($93uayBR+VM@H)kiEM1VH}LskI?$jg++H%kIM*AnhNKOKirPsAmy(&q zYjE9^;9K=&8vH%nS4gyxzLMXWNLh8O3`~Eq+FV_{JM&2eFI+L#zu6UJ7aEJYNia!b zrgg}d`_{gF?2NRbhn|STjw6XIHOGW&KkwBp&WyOdc=4&!m1Fz25NEa%v( zLHJZo%TuZDf&_)z>x+Sw#{qaJxGm02C_|(MMXpMi;2~cZej_6T=$9}iUqucs98@8N z$^dDxe9O`@RcD_d6yqac#Xn_$z;9H7qnQKGw^ICec-5B6Qc^x`fe9IIK^gt@D~K$) z89OjP$+|5pi#QT4qY$EgpKdy`a<=2O)5*)+13(S&X3zknEN<*v@FVW)?A2s8w7K(; zRhf)HZPYsNU#ARMW$q^b5v_&2b$n>jhF?&$J_y<)Dmp5IbEo@ryzG=e1ZkzR@TJ=< za>&XHP2rNK3c?E4yQS$7AO4rN$ayeZb zW==B~oSY_W0+Nm4CWdTJggqn+bI!ia-{vmXoyrFq$UaUMH;z8ROb=a#j1qF#zFUIZ)rFg*Ca3TH*Fv#}eiF?OlV z9kl@U`Y>x{-htq)dTvZLSCPu~3)Y=)Xy5ICB;z?4=J!pamc`lbdwh24XhTH=z){1% zl%4Xh;7Ef2T?-=9McFE>qs?50k~QutJvnvP<$D+BC#Q}*McLiSwry}HD#@^I8-bsc zRIQ+cn~T+L-krrDLH!jeuwxF8&c0qfNpkuK5UG;o{Tf+C}MrR&CJcsZ9y@8L#b=Nx((D+6H>CEJX+Y#6Osc%#4EcZGrnHk_BUEl4Ws^q z^be9Pr`$*XG4Zqf1(0b^7ie%{)aAt^si*v1rl~(*D;3-mOu3AL@eCHjs#|kc%~p1W z*E8)qAfMMgy>8XrII^8EAp%t!LKxdQ>!?7o&LQ+Y`FFP924 zA)3Si%tv(L4|X^CF8oVjgVx3&KJ)Qb7NjhMq`r$1?(lZ|q#BTjug0sjwP+C~>TvU4aP0@`dT=s^AGiX}!K2}1|B-mG&r zCOZCY9*%4AGUrV|(e;e_4`E_HZsegHdB`JG_+u>ib-s>g&Q(A&$08omkSWyZQ=p1C- zDz@q-y@kjvqf48&pZADCGB`SHK>hd^e#uQ#ocQaw5u7cB;cajs21w$ohc-PvI#}D^ z-_MK*fQV2DL^$Yx5#w&k(CYiJB%B??HWQP3XpX1b_J*4I>?f0GFb(<-QNnTaeaOLn zakhxU$>mik{;3x*z|B)9PDC}=+wY3RXZn6%uYG+uxV;GEgxm9*Vd9us?{s`iqzkMM z=|Gmcaz7xT|6^{)CMNps_4Gcxwz0D?uy`I^)r0rNLVKGnGrwo~w4tFlx|Y>oIz3eK zki*Ar73lK?RZN_tqX;lS75xV8YirEbJG0D%Jppv1O!F%b-mY+ro_TiM?q#wtFUrYm zu-s4K_{U6NN>B1qyTy|3hqo-Xx$4&wc`I^9ouHSk!HzoQ&eB-m;YfMjGO}%z#Xp3( zL~{#ViqSTY>=16*#ucy8&g(aiH+L%ks_#5st1EFzXtysd%h7ea#!U;`zJ6`9<6V6E zCF=ydr95u3&a@QWHucCTu$wW+%rfT9GTrs`V(!OHY&v|Ql-3%h7~QZMQMdEs9er~Q zZ){VauF{dHom+PAYhJxea)5}325yuMWC{l`-=h5vAIZ}5;v5^8s9cmH%Jgb+?gb{A zckA9M|FJJiv%OkUQiA>cPiyA61$Q`d5!I1BvcFeCAOZY-h--Tv%aWX(K5l<$_(zZHjbS|1<7!y+an_lZE{8ihSeuBr7w-#9xPA+E!@s+ ztZgQ`HP5E|pn5#_9#xij1Vm$H#6SUw5J^Yy=_Tu@wqhiW=M;ocnn-o zK`4Ph1?s^^&cdu*95shk&hbz{ zk1y|13VCNgYB;8wjtF}+;|Q&zmhPFTDkG%u$5pv z6JegQ={41L0Za~dS?@hqPc9GSHjb@Jj*gD*_5g<2U2V9L!I|kY_s-t_{zQiF3KV9j z*F#$`W?ONbj~1;My3SXS{&>ijj*2Y&Ymz9-M?3>)GpR9KAsz9 z*`lXkv!IMt*Vo^m_W0kYh4*T#-oJaNasifM%r|?scK=ZfIxE37*Bl=oznKybZsRHn z&`281l$Sk(dkQ1+c~q`$l))d@OAVUx@sbq9c0g`ePMVE%+^TT3)Bp;(hh4?B;C%sR3ZSHe+6$*ooAibYu z?5clCN6QkBRyI01dXu70VY-zI4zwcDA-Amc4)p?SwU6?mK3+Cl4s2|luzYYqia(vd z(s+>ylmM+0kkW^`LTf!kBf>;Y_!f!|F?*AoKM%@DGDGr8H{UM6*KxUGeP3)^0%^hn z0RHDI2n7%`fi>D;5O9P>bsHe?ChLUD)vN1?kS>Hco`y935~{lSo`p89woi`t-8^O7 z<;`izzno0;nTWB8RphC6pj`6i8|}H?C06UKox@I9+Rf*bij(5w)0T;HpO%-%e%N`7 z6G&U&z`Pozk`hR11KUv^VZb!E>JJ)>Lg=L4YH{wRJ{VDhk zYMcUeFMdJN7hiI1@~3>+#jJX!?rU6`-X@T@TS=(0R`U2+c6_n+Ws#7>DKrj?Ko9q~ zU53is7`y={RG9A#2PEjtC#ZL$;MJ?2#L(?GgYutp4=MMsDy-GBpgcYit#uWw;G7e! zeQzZ}CcLVrPHnxo|5Wbj3Bq{Dj+Jrbp;N8Cdm)zXI<(&Di_6qmd@eD??CnNA%?n#o z_Q&nX8o7-d{F*{A@R(xB-MceyY07Xi2P9t*t)++B0py3V4gLa@M+GG%ilU5ahe4&K zFi{3+e`%~!S);P|)@hwE(AV!fJ3HsDVy*0Pg1||`n~&8l_Ph;;=AVH2&6DmWBku0* zY_6`Z)N|N$xN<>;Er&=rWMMGq0W1h{tB}Y2%X};>bo(*@c`rm~;H`R+%s{cn8+8yY zb?hy~S@qojYu$#$)~r_1(yID5DWtX)lGg2P_kVyNP-G3lHt$iHjcU~|cLtpGZyE8B ziwULzZUJo>c;ev5h&m+E*0(|K|Qqp=!cM&u+bVo`A|5W>`7P zU)KQY@+=sGtVX${xVRV-!-;i1e9sh4+Q<573qma%^=byr#+yNdSHkC#N7WrLXX_F^ ziI_E-ckoZEKq-{7;)%x4V0n&-zT)Vt(&ZQ5=6)@9F)AH7VPMd}3^{|RI67xJy(YHN zjyF?TDtzL@j`yx``{SSzHOZv~L`SS2Fl`i%P5&}9G8!Bl%)IQmqFLC!tj86J{2z&O zG9o4LhihiW!om;g(iJz5r>c4ZR>H3eO6rSFHZ}vA!$L5ioFz9Z?C)xReOUVC-wXyP z=BiGzaWSFiq=V79Vk8k77l(7)Bf}-B@OZDaAzb z>Fnnaw-_j{f?$gyND~I#G0-T zYS$6ynWcRswx4(uZhd+mDe&KZFD}=*-?-5tcx;TBQvLCx8p?#(@y zW`NykAbNP#f%S+xRAnJ~j>KlI6@%>#bwv$Lq~x+vTfCNAf^q0?PpXfOQUyy>{93%e zsi*RHi$}11ut3u+)9_TN_ZOLj_JL?`N+4I>GpA0;532$#^#jUB=&xXwwzjsWl_ z`#d-{c1hv#cghy^oycCYH9s&acl|B<5cp5F=A}1fJ0Gs$@8!@D+~kZ7cs;he*~SC- zgD`r0l$W>JpY6GTU?j|W4OsVG|80d~@xhda)IX=)HxiU&iA=Qoy!otBM_q4}W1?Ol zATM8hz|4macsy6o2J1^tw(2#7CL{#Cdi81n`a$Y#O=*7r=!68tv3eLc*&r0b*#HW@ zr*#ZCmC!z7K#NJhez;CNZ82}A5kt+8#J<75!fKms><93}}WpmJtZEshmx)7qlyY z``A$yU+#@C+Vg^Uoo7^dxFr8J^5jh0EO*vAoAUTSvE@SRitt&FB;kN%sf;zU3O?l) z1O?4i5)%s<86W3qo`;YZv}NK^uvNyv7vh>3Z@5i@qd}HWyn7r1qWs>hdNk{P(L`G^PXf&$jp1(~=V)j;m ziEm++dC7wG@IHx6KB}Qcva+(ea%`Hs=B#F3Y&tvtWBy0zRb+-mpi6)<9<^DG;NlBzTD-naBo7EU?y0Eh01ktsm5x?}u zQLxhPOp_D_i$FsL!8tuuv~ROo^~OyalPZvrl+!QWSW zP-m(r+|#O-uo1oROCmD#82PoZNyn=wVf*v8%gb*C90b4_5|@+>0=9Q7IY2B0?8d)) z_d3A2LrN(;v`%kMlS|a=YisKpZ};Fp7zG_z%q|{pdswFmIXl0OVVku#Mr1foE_S@0 zJc36!Wh=G$cO`k)q>xI3D6EZfOC#}UY`6Jr8r2Xy{m?i@7GE&eR2MgiHke9ZM6 z{82If*D*P!qU>IAL5h6Z?kV>YR$6`mm;lui*i5FkxA#$c`p&F=rxM{J;Q*l2W5c(h zH}EOHg%)fD%R=hmn)%g)i**MMPJY4xDO5MqmL#1QgTH{}z=e3&!hAX}2@cWXcxSQW z<1WN?huMY=OYc-=}n z&LmtX!Sdq=5RZ`hY4s`!qJiV$?gMmRp-!w&&E4E&NX3OQ@|Bg5GOB$_>qX5oXU>>f zAI4=0x6*qDQ5*oz{HT9q24xOf3wV~alS6K2kd@ko`Z3odHFb4+Lj`TWtn4*1dJrD& zgE0`8(D1J?IKzv|9b}wua)4VCrh$!ocg=sv7`N@OTBC8!h@i6G{B?yw*SrgYDrgy;+6?6b7cQyT#O9z1R@q>2e9CR*xOF z`-XbCLGYx7DV?>1jThw>$mvKN>dDb=gGLps1GqZqoLYBKMuE{880XEFk(vERnZq6c ztXY^t(C*hcdV2a&3C1vIW=+xi=wvQP#pa8#aqmeSu$1C@i7I^MIO`q5eQRVt&71+O zF2$y0v5H|%5%{U=MAv#moaD7C2zjM9TmZ*nBnyA_e~(({p~R^i;c0#oK9@N7M5KsEGWQov%LA-*YoAHw79^6UZ8^RGPs~A@EfU0Juqnuzfdsy2?gmJ)Qi5F`}mVi8XATvN8LW+XNg2aFjplp ziedB?7xJ2Tk@6y&U8CW!;t^ExojYd214{qA25)|1Y-FTey;FmcUxnOn$-=L;27O4a zd-|6RK^V#n7b1eowsQ(_1%Z9X3>QTmGb{m7#-Bu}SwB60^U|05R)Xj26PJ@@I$fH& zoAw}?gqu}E)yoTn2ffU5rHEBRcTd^|JuI{o1KsK}V&MD4n=i0+!89kb(59Y;7}Nr; z)bZP2A&v{c!sJ9J0`Hkc)JgqNba=S=ttTrRWeJvcR31uXQ6NiL4eErh-}5)U>OX!w zw9u1^Rn*qr{?cp36Mn*S)Br114FfP!X*rna!Ntk1`ZA>K&hpQ|)cneT7j-~^qB^W0 zu?Zx;(qX*Vg&TY<+Qod@AdQG~a2M$}-UfH7t`1x8-d1(NEiv z1A74v(S43XXh%RU4Bk;C+oH@&#xXA+cv;2_yV(8^U2ihg$LI<-k$ZDPF zZ><{Elh~9V@BFa<+qRxpzpCd2@LXZmL&YiF*v;_YY1BgXrC)zw5Gby=K4x0X*^ic9ZaG>fKt*47|RlrRK9Ys6umwozBY zOmLGEolklE%Uzn;$Bee%bO2oj{ceTv`5WkW@Q5Z+J)n;*@dS~C*dbx-#6!~>?tCoo zj(GkKKRjp|k8}pS3Uhl$#}(!Km0_E1BM;nSf80yR1;G-3Oxe#L^Pe{r=zbKHk5;$2 zxo8QfPxJJO0w+&wdJ3pwuZz`Rs2Wf9_O2c7^gc_@#At;-Zk0L$D z%MG6%^(%}p_w^S{!H2%t4#v*irJ!BN+X^E8R!2r;=3sJJ!V8DaqTn;s-_gox;{v{^ z#YcsYw|@EJQfr*Zuyhqo;`H3yx%xy!?Z`*#`BQFNa-h0-EE)>SPl>AX^~~N#pLZBT z`J`VNR&zJO`J+fkhf9-QNLrJV@q$xuxdltEXu2K?tYb+Jf#||z0FXRscwElf|bhyVuCD0|FNuje#uPhbgqg@i)v zfeCr;swbZ`@0%~Z#Z(q#ZfxnaU_nl}4}y1wDY>_GYedcJh8&yk7A#iC7vog~8D2S= zXNQ0^{z`vOSnDdwiHpN6qDhExH3eN|Kys>)9!p4-4>)w69WPuk)=!DH%I)ehAGr4E zBqo4AEN|*!yQvr+yv(wN1 zUdX}Nn{K{C;3}NDH_)jH>Kuw;dMZ}&_Y{VYP@1jn#%~RIqwDEu;3nWxi~D_Rka^fM z91c@e_RAlq6kzBArwRp^z<%R;I&VIeCMn2)&4t0(5I~-=ww!j&mSS^eT1p);2SH=u zIeZBJDRdsimnjI*sw_|)(rOqOI&U_{VlaMr zwx;pPVaJsJJ*?6+WM?-VfSF0@EjCW(WbDG!J|jbCG389fNh*tDhlI8M7J0ursG-2IY(#q)1#>-<^ZSi8^X$v#=l2+9-wBt#bs4i4U`Jo~s# zkd`4&1$;5cc1e*rDR*kgUX06x4LYl9;QOC3DZM!__ROY6oA6cYy$0mFG2c;TQJfNv z@%n29k6Uo%s7L5=7`a1qjz+T-x}96Y)X+c(YfTqGXe(ClMbwjkmlpPMv!G#i~XJJ_kisB;xk>8rT3b5H;oj^~{cWy>!t zOhFO`;KC<%+gK#p{vYtdq!VWN8=O@7@EVfgv@{vwb@O^x* zEGSSlY8LDGayU{2;Y?VB5NJL=dSUQx*YR{)F8l&`MHjh%@i5m^y(8v4yj3ef(S;dj zN46>&z@V)%$&Vjfp3YU7uE&o6hQ4?jIC`y=1WL}-+z94dgSG?2hu{?m&ErDDhHBaw z0hMQiP#s4zdWSj}Na7BI=N#Gt1UhI{)~}KEO{7C&B596*T|_MLpceuw4`IGuOFg_R zZsa#S?!wY1nl0CII`)pnt}be14BsH)Y?fdy*H)S=2-e(nLoW-tV-ZfTSEpPbH+2Q;y8^yiutI2?KCc>;cZGrvYbyrut z1I{zkLhiG5PfxAke}-T+y3CA>y|j-wnEWC#6ZjcdL)W3SJbes*Gh3XgFSorrTXlrU zF~j}qX#d<~=_N=q0guIwPJ}%u!l89WFP#r5)+o6!jKXwGD0~eLu4!mhQ3?S~dyg|b zdwgP|`w$*GKwI!9{1#^?KMgn9-zHI~Xbf>l_C(RWpHeW6ssxqM3mzTMW_OXt{wJ*> zn!}uR8G)o87v{!0*FCexGfM@Hb(gIq!^0=7<@3KX#|?ilP@Jz^A%^MDuc6yCoV=p8 z0fvGYlH)b~2YW>!r4EtB z(&4UXR$BdwuNnqy*L$!aS`6kksTr!mg|9DJ_ymxg^_OU$G?I73!9)^LeokI%i}%s5 zz5q@=z6eH=(A|qHoB7#z6Lƌmpfe5tTXrT5`$Njt^@4`Ou2+j&CNS$reBI00j! z#f7#o;6B?PIcAkW&AmEq-h9x7KC*aw#tRaIZg$;I#iMMqI$2Sh%DU z#>yo^wyIrLqW&38W&%URLk8K6;;KvCOqWsTJT9&>)XTiFpZg;^g)ugSyy88=|3H`* zUi1kSD;H#7q1}Zl#$Vl+px8SVT<{VvFLXo>gwuhBr#oUE<>b^qV4C?eEgA|)6YhV^SppwM zN|S&|T8JBy`O)DE5#)s2ak0pQUy%{!=B}{wJwy8_vM7cnED*Ri53m5Skr>`*+FtTx z@8iqeZoQZmyrXwF#!bLV!8Hexu)ah#5g;tg*YL&qV}W>9eyO!eCB)D5Q2mz6w70cA z%CP&$fWj5FK^PE$qpf}axi-*h=Ql5I%#GK>vcv1NMoLs_G5j}=Xh+%C54n)c`u`d) z-nm6jz(ByuPfXxwRJKhe&%NcMoTrFh({zvV61eJ%9PllcV&9x5fen!~6jIxj=? z=_$D_xB^6ET#N=0`D?vl-T+f|+>oV(u+5jh@FmOzmYeyFR@Y^re|UtFo)|qBo*neB zBPln)F(%0K@^I}T>tj`1-5I1F0~ARc0R>QL9bgt;!8JK8i{>64%Zk|hHKFES`P1v` z37m$WqPnK$aor9pUs!L!+kmJdwFSd|JC@Ke_{c$k2Ff6bv-Rru`gL~Sj1=dyBRj{`soiVR7$OS$?axs8@5IXJ#J0 z{~eSF%~0*=0dw&AUQMO11WpqTCc73G4pwQK%jzK>wS4!A(aiIt6j zuK3b#$H&J{+V+x{d%~8NvWfzeP{!3T7L9B^f?<}|(L%gj1dp6TTBw*bSCH)_{nK&_ z6=Bx*FzJB=K=_YpwLxQ^3Z{+Z)h5-_-XqHw52@w-hPp5!69sDK;OOYm$CT~TdWVOR z)Pr6Pl^%o$9DcC5wB1ZQ54OEy_VedU>(-wN)5ieDL2y&ep|lh`&cAX^nErsJh4}HmsJVDU0lTw5O&WdvwDj7e@ z*aco5YI;8a(2x$Ty~W}@Jw<~;0>>PGz*+L-kXE}3Y4=hWCzSJGiyrA7AINfLajei0 zve$=g&CN4UR70&$Ie>W!>BaEDvl7$@rwA8-| zNPa35F0yAe9aej?FkC~oAiqOo?ZHi98K8WvWyLk`b6+w_FAlGi1m7POX7%ikv8iMD zSF1!{^SuMyG$7d8^XAQ)W2L(o!{Dn9vm{mElIYX#^WCknQaf>i4K#p+!#CXBPhbc> z^v**3GEYc44$&RW0}@<8r~%+7N>`h!BPnLcf)}oxTl>^3Q{9{IKCpU`wJ6FpKU?%` znbHAb(ZE0$5z-{n09DdQDqpWX5)RRaLlt}|)09unB+3BHs?K6J-iOLw)Mpg;XDv0_ z*y1hV_r3xsuFq5BWc*Bp*&C|b$9&ou%4dM<1INZh@YklY?jx!!VQdSFi(@se9>XTz zP$LoZZhS(ZJF#!Rhw@b?*|L&;oQ-p?Z5%f?T)fH#L5qIW^MaAT>hu9_^CX8DUW#Av zFXK1PJCJcd%B&W=3d>QP2{S>32ls1E@fBu0!G2L2D8fK7M8B%6FKc(?S{`5fj#* zhffRfUdJI-Y%>0u?E-Gu(|nASrGA;R`2nQGUR^`E=SRceYYY>HiERfie}4}w;6yny zKwq4egbW6-geSy57snVqgq-+@mX?-n=Wh>Q(T21LPwQ?0CvSGc`tS$2trzQn-#ThJ zIE?qYtnmiwL;?ZGBeVQ7d-XY1`sB&u$KPt=Q8P+QmEeq|Gp~k@0CgMLRX9RG83`MX zQSY|Ltw2uR;laUc4>eg)a!y7x6r&YZWuYbZ>jVs{v|#bAdm`k^9f>oq1!RkCtZ|VQ zp@GNKZM<;A)6~$Qv-V{vjDcPE!Y-uh zoOXK83qJ-`!{t7Z1t9~$bd#9NbsFNfkPA8;765@*;(+rT*foTW=M9(royGm!W96uYf_EFZaSF3)2QpNK* zgk5Y{ldk2=-@l*A06PlWWyFa@EUQ)vqdJ7o((~s`DBG>~g#H-GDc22chH=lI{dC7` zv@v_%Opb)#XhGEF&U+7XMm@W!hi)vT0Tv*)F|JXr)78hmoL+gYOD^;tEKs;*m#kS0X-s4r@xPW3BCt+ac)2*js`2ATDst5 z4F39=64+44O0BNewzdIAigxW4D$8>q9GKGMy<4wcrpqhmtL}sh^>s8#IUrZqTqK zy+ZD;(H9BdP_ZUFvLu90`3)CzYrivGzI+T#7Ma}IIw>&l*XSCsf*}Qg*+!s8WBZKd zjEo3Jf@r5E$Td7bo*OUy7?_obd%zpB-9n3LTvFzmu)V6GV1g@|VWF%;TVjO0cLRQ6 zu;ffF^+#$Q@nZt?bGx?h(6B5~D;E~d`H+yyE%z(8OMOIV61b(UQqJnZ1`6zCwwsF#Z1$z8X$qE@t1858IhX#;Q$~S!5akdj&0k``Sxnr( zks?stN&=izFoPwVx{N%$5Eq?QYHnWMky6OB8h33z$l_a1hgU8S;vN88T(4ydSnJCS zlslSYI$aE4T!x{!)1g4Ei-Z#^9DKGff+kdL7kH0?;Aem{uJ2keX` z?ngFl1ATpuVX%`#{zpTxX>=E+!>n3bTB5_BYgr5d{Q-iF+Xd9*@2Fq4l5;7w0V}Prv*Q3!k^argvDj2mDMUkQ#UZEis?_^QqbH zvsDm4i=e;S2OIGJ59L@XdG;9B$y9jr)r;Y+&q;0iZ^;lB+nnIav#27@aM3nM?b+c8 zoL!vbAjTO?^y;RxYVa4rLjt|-%eAgOKQlKsk=}4PtQ96tJ9lilm%0*9`UKXSc)R$% z*p@oV>@W~`A-eT>Mur?_W~DkQK`g)Hx|jOXvC>R*_o!;p(5aMqw~wKEu7I!o>{pV} zhVamd^b`DolGjVR%0T0}8E*OT7WTuU1qElNgeQCzG1h+y*@0 z4oyl`h)dk+I^JASMv@9BuOhs(t0)Lzom*^ZX<<-hX%u4o=~@iKoKq0>e-4K6M?H=U0vP0)KA75UE~UN5yxE8 z5I90M-~LRa`og2m=Nm7ofWPr6QE@9l)BUd0$qsAA%k7qO(P7%#6}AqR=Xut z4S%WzS);POsl7(Jo zRwali=v}#@CB7>RVx~>_Dh6az z8twv$af8E)evoDg!-eUMVO0DNW@ZZjD42qxUxktA>XLp#DJ~DpO+B^u91I>R@r$+S zUALA(GDNtxZY|gizlmXD0#S%#IyDCdVmVKq^hI1guyiD);oGPDn@qu&;kl`YrYSGt4oB1GWH6 zP<&Qc7#&>-nY1mXQZUdA3P9T zgK!$}%CqHOD|24TRDb2AADc{~XvoivhCBz>Vf`i#w5`q*vCAt*lv~^q4p499joI{v zUyu_9$mnozEA0~qc+3nJ1#qYE#YrZGJ$|w9VpQNm9@;f`)NmW=6!yH3(xa(zA_+Z? zj%NyP&i@XVmzU4HKpSo)E-wBZ2%oy+j`a64R=|R%=3hAVXj<9Wq<7rJMCh^bM||E+ zHxH%mm4Af=1;?hlVcpUF1}gDH;oZB5*D4N&j0`BlDAO}~7;b-O_;R}UVb+spYl7oN zYca1RfsI566^S&!p?mNXJN49>QO6@T?QwDOVi&5kq!*%bEVTS7xxCY(q!dOS%_k!h zjZ&CX3mk?pLCEhwBHO+t;3d!DztlAVXbKSXos^N5&Pp>-)f`R@*Dtz=SSwaqosF1N zcXoDO1!gG!te{{fN6NeATJ7i0SJ~Ow)k`0%0Q zKc9!z(h?&jnX!&H;ltjcPDq5zgZfJdN~MT}4!}G(fKX`pms@DpTo36vfQklMV>ejM z>9cA$$p>kx8Mb5?Wm2#8MV?G-!g*2*IcNFl= zx7lB?^G*RwZ)NfUnP2aw6vkmhu>x*adiE-oCtvvm3((*60m#^i)}%l)WuHL%_kY`X zaqen61AE56g{=K%JH2~npI5cL&}AW(Uvd~v^lE>?p<4&%BI*(FQ7{XgCwtY_gu~3M zR00rnO^qtdN%NAhxj7pyUD4Ynb6s6eD3AmEX+`~vj5|_*~sGUEPNor}Dtp_NP=h}b#@0b3@!UF80 zZo(H+)b;zC!co>8R7g-0nn9tsuSw7O3_gdQaeFbt*{o<5QqfojV+V*{s%Ak)@Jz|e zn^NSev{KN8MC`0+l>1I`R3+89fgwr@jCg;~7QCbXFU|nW@=Yd&A;HPQs$4O?f@Q!h z3-G@ioJ0;lV=?MBc&90k-am~OMf~%D0$)ZRR)sjghJE7Vmmj3r?kd5MHGQ^po7mnL%+lp!#8x3JE{&DgGSAR zsGV{$o7%#LdtTSBk3z{i{&^viQNY7*cD(gRl) zIj#g>!5mytdtox@Ihlo0A`O#km|HPzyMFa4QhZ@<5Ztq2u^uRrhQTlcJ^kJ%Q9HCs z9I#E|x;Vggl4!lH| zXrLzGFZAv?02D-UjYf(A1{W}hRAa3S%%n?hqEW@WevI7KUR@|L1e{<5^f?X#%Wy2l zEIaSi9t@?YB5SN5#I4FUD^5J~#<|ZnS$O=(1KkgY_*gEl(ykeST^x4mbF*SL{8>;0 zi72vDNL7q#4L)M8t5MweX$te#SYt3c4;O&qKO`u&+O7b$0Kd9}-^z8E3T?W_wCv?) zsWeB!&E$V%1{$v%vOdm}~ z&Sx;x8!G*~kww{1Umc#mb=#BsgdBq^PR*vFgM2LC2nWIhH-cEBw$QmBP~v>>McYxG z8z0sZ+%)tLMyfAB#Ep1P=lpsi)n*)%cx7U<`T3fHxt>5|=wu=O`4(cU^7CWl?iSrx zDbmeWxzzo*&XX)$3ROYkldnQrZ_QCgb>4ADmyh-GoK9OG+K_i4<0{B2LVP(66!Jr&a)#J(a*-B~)8yg!& zG-3)xJGP8R!fJ`kgGWbwKc7E*-xDl*@NiK99K+=#0}7J)qlQD(e{iUDK^?g==vKDa z`T56X<9MV80xXQYwYz=_+)B6m$$z}Q{O-LwzV!=j%3l#gd=}axZCQn@|8!H`iBu{xgezQ;D@I z#|!h-b&|5X{kY!{DPRM!cPE2&fOK(u+Hx(l;J4z^`H$kt>j2*b@bwqvrDAI?z=jDy zzvWXmKYGH>IRK>;^0DYpOlC=F&kPiy*q4W(^;d$i=!qjKQK2u79XmEP4h#5e?}^au z2U1?YUp}C@JP(pEE*N`cUOEr2lK6R5Lc08$=odOw;=_XiXbH%9%Mo*rnP%vTN0RZ8 zUGCr`V@P2G7ZW!odYS{lDeI}0z=Ud}#h_v#7gJbMo(c*{z^oAs1u8B9$rfmxah0^? z!UuOsm{BeGAL*9UQ%g^x%@;;oKGN#Uy$2Z_JQP$*>QQ}NSQxT6q?F-=;USe=^YR1= z8TbHQY_3l~(!5O27xW3|fJ)#_u$@v!wdDe10|+fZOWX)jaMV%O6NnCN0JhO?4&?-| zGF;J5%1B8~Z$rg>&h@>Y`Bp&|#+ykH0sLccW#|3U>>ByDNZFc!sBR8}2YF9`1M8ky zL;GQ60%rECc}r)fM?sn`W1TJUX5KW88Z_gehn z&r1dODFjEA?dg$>4a_)_52~{K?(4Y|Yq8`|hn+_(f8egE(Z$XenkgZ->eAEahVrV zLj{Nh&_LzSA^3`iX-G0#~a2I?_3-y95^uH7VZ#76wk_rMvZ z3>9f;5B&Lk3_v(!w}H4z(MZ4YfNmJHPjtaa&vSB=_pz?^&=!aZO%W19%9IQ#J#=uC zWh(M8$Lre|(i+V0Rf9Ze?Hww{yZZ}mPw`Qkze-+$AdyDzJN)8<9c^tN$4T;Qx$e1x zKX+n$bW{Nm8IG8vM120W1+NxqK=`mvXBqfK@GTyL%8VH+hGwy8*3(@ zryuX$y|aAgy@Nj%m&!8Kwnd;y6cQ*|}zGg%4ktVAdmZ0sn0~@ym}yS%Y7s`%rup zI3EQd=zI?$a9k#aW&fwCE02bH{r@9tOi@Wl_KF&kCe)QJYnGxEDodHNBqa%vP?X)! z+>j+}rci`ZxKhMa)>4E@vW03ak>&gPbk6UbU*~lHyD>ALd7k(CwXTaaczH-vRP^^b ze8v+fX1KSID>pM7j)KfktVK*5Q4vK_u%HpVtiG)7GF4+3s>nR>0DLBn$O|o*2Ic$i zV%R`&TJ>$B4#OgHyp~O5@N|q^Winl>54OfiAm@2-eB7ZLfgf!E5XLc;>Sv`$fTAC? z_%~S$_CiOMPjHc9w>6&LdHpZC4gsRE{4aYLD#__h)1o9hjTOJvqabn=VvNNsV1U20 zK^?BeFUEEEZSq5Rxp{>`Z0eQ1nhQH8rDw{w>Y2xB{++W>9*k@lWSLY?6D`?0I*k0b7}DD+?| zN1xVPF#ny7z&%a^b&A5-FX*AR_7|JI|5#dciM?F>%h$+3SUSAt*W;hM=5a>=H@3Ju zN5>v=`Tv&6J-|BbIt;3LkbGE=WK3@t;^X>;t&C_cM`fLUz4|(i%Bk?Qd0k++CLYBU z!YzRd2~$PkfYb7&A)3XAvc+t<;ve>_ZHxbO7b@xsL9UH?KCaB5MNnN3N_=3lzM5l@ zw^z|1rdWfeW*N1y!PrkTEz_HM8`@NO<-o^>kByy% z#`s_X;k15^`gPnyd-fQJ3LB)_%MmFWeeIi^<#8iivaz!IVjTXg9_qtzFh}4NqIRks z5WIGRMne)|008rgm#nSd!Y+I-tHq*<7^@AlS{~Y}!&rfB9)m4dfMwVy8y=N{q{g#` z-R~}>BX8J$=80?kfYcS|Y>X2I(CN(95!c}eOaNmb)MPhr-kcM=q+eq>UA|Hw;>$Gh z_T*HSa_i9N>+b!vvSIbXBjiI6o8d%0-g;;=CKyW^ApC1YPN_+CuQniDO_oZO*?Fy) z3MHav4h@%CnVBI#K1={F)WTy1@flsdWvflN?Owdi5N#tNV{J9~)h($4W>xeLr@mp& zS2imr@inngLmR9keSCnwJjYU?i>=lm?BQFxo}!;2&vLYmOzMGYzOibr&W@Ds(O|q9hs`EtrGsyo9ui zjj6?y$v@Bw5cRi?s!6I-J504zA>Ke~b+s>Oy8OVvz*u~qc`bWeAq(vIMi`Dh5dhs5 zjIp&9VAb$$-F_^SN)|EF#)e_Rkav}ty!0)zyGZ!RJzz|=uuEY!8rLE!Z3sdCa8FOq z9yb}fa^Df*7mIj1QvrkrGF7`1l#n$ChFU(EjM}3 zd3gciM6GU+01)XzpEXWL5HEYzQ13}cN5{b#+5H`W*$8+n-q;&gN;mGIG_j*cj|RQI zlG*(A+7EO~ZtN~@Msyd%j!**Ou&7OdR-gJX`utN9+z|h+lk5#lfEJVFHrXG>$yLmL!c?19D>_NR3E>yG?OCc~G zAk=u(k7oiU|59wd%yEq^#|vlbTLwHXD)OAg1zRL+kl*i@RxBK|;{Wf^Zin<*f80Jw zmnUBO!Mit#b*doM0Br?a5!B|RoWjD>>q_}&WC0$p`iphycLu8K3Q0#CGhD5|DC>XF z3{xjg&S2ncDM+0q%r}*~!9tlx@(bH2u{^JP8ayyor{Czh!qxbiH#FE1LV0WJKlmdB z1y>uAJ!`=+wBFFM!Y6;IpI0j2OdmRcG>H~4&t$U=n6-0`1hb3&+@sp8`Pu|H47LxS z)|W3S4>=jnCUlIQoMcFj5DEn?wxut4cS0UOtsh`}WQoWs7Qc*wkmwNR;yi4b4pyIz zdw=66ZuHqm6nu7#CUXB;4Z#4b*aqbcj-G zsyaqeMaVo-4BF!ayYTEKxXp*~LVwf((KpIJ6$8y=&`3nP&sN+5ojFZhGdi%Ey*-z40=EV2)7U*-^L{~zy7Si`k)b0 z3;VEFVaG^8?m?MwP3gQq;rKocSgIPA>>%$FLf*-Q&dX&G5hw$hZhBd)siTy5_Pw{{ z2&AI;sNbWv3IB}3$WU(=y2{D#a-*PlT!SEklTe<%iI;cXg%2mJ{xS?}$^n=Uo96IE z2qKO=XiyArHX5!we_lUfCri&V@jQZywwSbz=Nq)fD9WAw;w@7Gts1_K@A0s`BU(V1 zkUySn#G#&UCcm<~UC;R*!bOUUipH6aD!u`ll0h6g*9QDLZ>^>IkH%uy+dsu?GNi~Q z{9I}U>|!ic%tkT)E zM-mSjY*xd_BxEAjk300SS50Vqboo*ooghV1Ap@A-{+z9eg8@)p z>UaC9# zT3lXdfo5m)f5U{U6BM-g73a$4td>E3w{>3kfI_7KZPzB8_#a`^IZ7aw7ktxVzX6#6 z{yaJ#pOucX%&Qbu5pDp*>-t|5Nn72L5+4Tq7;tb`cT0G6dv6$UKG0TJEg>FC0eXF! z2tKeX15@XKA>5Z=QelGqo=77@kxM)0a$34Xo+xpu-bF!pEP84cv%g+ld+u%y;w zE?3yj@TTo5)%O}29`2N7slHxsbl-Q4!3yYbFt_29Ygdqa5_=mZ#V`Vmr$DH8VZBMF z`781v2Z!o+F0Z1pL9oHR>{83->md7|b;e>5`Qn|Lx_U3%pVZR4ynz}QYDKu6VxV$7 zzN^XJkW7~9;Pwcwt0VF~hG*oS7vGaKX7v614G-8vB}SkGSZEW9DIHb<@mVdfr}rbr z^oa*n*8K+ykL)PV$~s;GJ{8y1vu|16>)ew?EaX>Co6@OA8U0t=Hz^JXlC&;_aE;14 z{|01UUJLV6b#=8TTn1Z|;k0-~tlsTN2h2m&MQW&dm6rrgB%lQIs>1x{5ad)_3DY=f z7v+t52~NJZY8`YUNyWkJ^Uxmx06o+ytNIvv-7VWi$qyfCF9FSXN)0VDa`72~b8@cb z=xjlB;@D9kjzWe0K#pnj-%sP!{22cJ@a~L;wul4?VS1}?4+4aXDI8Rryx&P@q zucR+TTc_0av78yiZbRk?1mT|D{_cD_{ef+63?W>>`4gp!)F__{oRH99^M|4wVeQ*_WM#_=00# z==qtaJwMb%=o$0cHzn<+XTLsPpTy9RUfMO9 zCmLPHQW9ak-H-rw@Ib4>noh7Ri}1dvp3nkP0@6_z$&LgVg}MOF&!XTf&>Uu&7-K`3 z!WmZNC2`?ajpHMvqDk?GoZ%?wP&K8BPhRlxQN|+Z(AwQysS3@WUs`y5AFS@-P#96g za|SZxALR-5tYXq^tL!Zkdw*#zx-)2=Cq(OXl@h7SoI+Y3rS_4o1jt}`hc?5!4JXqq z62W^YgRxP!y_oAjrxv9+1c`0Jpm|s16>=D*(|M52j)wf z4^}r^eHhOgfh5J@9eR%@3n)vK5gfO^-KyavRB%mjA(aOqdQYrGWUD9{aFrgi@(Eft zIGDr#`WMkQPMOdq*Ygi-?kS5z?qad$oYMxjtmgWBOjoE12Id@{JQ+*jKr9A+*kV^= z6K()%&Glb1>*eeUH~AeMdr0ud+|5*A3mf=_INjXrmsWkl>1NxVt95S$IRZYLx(kzJ zxp+aWOd zXFiUWl(wZ+-5Kn;2;YvKgp2d{I`UN*CIu4-Hd7FyL{j&W0 zp}wlBs$Y&O3NZXalC-tnBe(1PKfYT86(W9#U+y3sd4Bfed2;O$XwOrVw;6(a48X0h z5i@kp589#xx6aEItGJvLL|fb1wusn82s38{fyc#NPl>Ddaw=qQ0%oPIUR@W6`~YI_CMwMSbxEE|a7QOYpj*Ype-!wb*H(YhGN8*8?+fE6M7F;avlb)$w~Cv;SlK~&x^kg zAzS)++;cREdw6>G{#X2c7K2k z2Iz%rPB+t4$n15@)vEp=5PFHhW)y(I0-P2>L)xaPIx+sc;Wvg+2ei6E#FFY>K}+Gy zn3Xm|Lm-8nBo#O3Jvhv6jr%-lQcZcCClI1zpkJTFWR4b7JUQ=MF#0D+Zaf0T%eZ&l ziSu(q3@yIeSWq!rFrh3FboGx?A>Cq zFvzZLVs}Aw?TNo%Z{4~Ti6gq)H%&V{MoMxm>Q@8jh}x20=ys!hP5Cf;PNq_4YZd$1 zeg70I*?5~g*UpL>v&v%$4c?Nh;sL&pGaFdNdHWoqi?H-xukY)EG(xQ$L2kGr54*d& z-+%bf+hy?;W}y=$mJFJ>LrLhYwRIrpe{0FLW{#rYtiqg>Pl|p!29o@YAK93G;0e}- zaHQW|jL6J*^yv5I#dV!xa`jP{3JVtM@+qu9Z1AS|84L>$R7~bKK{ELk)JjdtIIR^o zZyxd16)Mi}H@xtf>1tP*serW9581Ar2TkZciV?CuH5VUW9lbBCMdz7+b5=s>UKI}l zd9Y){aW_L;a<)W~!CLs#5s`a>V0?S9+^xkQZ8cG{_tzyROh0SEkf*S)?Oj4bv<-_e zh}%8&{n-ma!9Nys7*QxKBd-2xX3G8t7e6hQnbIf9m`qQ>v^SO**u==Sw>I)UQ>3uc zpbK6dwASFdex`%)iwHd29+)%^eod=$yc@na>it-a{UAN4Epr~ur6)PXZqt-Q(DaxT-V=HezAzj{Kwk5 zfF^q4Zm#QU2)?Aw+>eQr{F*@#)T>ISux@IcmBkqQ19bwuzHR2}1zLSk+eDC%WYWH~ z-X87o)tQ-JV)iL~MLz)&&xGfsO&*siDl5MWmA-zruwvNNEva1um$o_>1vapOAgGa4 zt4=Jh6iNsHAui45AI-4Abhga#Jbrtsc}acW&uvkLeLGNYK+zSlpxM5&DDatJY;jol z4Oh{nkuw??9tRaP=?~A9N(zbHDo;U5Xo4uO7(gr1=ZHUBL=8%qYdOM`mqFC=SAS3_jXGN-7 za>Gpzark3U7J1uj1%t-9ZrwU}54A2k2JHc=5pO{|w?0Jr6>?I00f5(k7@bPsFr%it zei)~ny^G`FU1r7Jwug4s*5zIj9kM2^77UskQjz;K1_!wJ&#KB888K*B|6o{m1k>X= zGrwR!^pq1)@gf#noyQ-<)EwCm@x=&Vz@Vu5K6k9RZ{2djx#{i483TTZ#Bf9=dK0#Q zUrF0eYNbNZtyXF=3}AFz2_W_x1k!kdlR>#qrGy^6^T&7OC1xn>0R~eD3DM^DCNQ%% zwopf%4J<86?F#a6vLxra=18nwF|+5V?^AbltySA0sOVVQ0D_5ND74~d6@SvO5WMEQ z-o)+|d+wNlWrhNO)7g&)V)}C3lhsoC9yOpiC7U^{&!8!_`!9l$^@rYr!baS46^&l>z6Wv)^)(T;4RhsZDiN*NuIW|2d_vRCJMf|@C+$Ltb}^a--Mq1FCO{p zlCc9%Eb`dY$QNFK{UtGF>{gn}@lfP&`Iq*1lQ6#rkSbH`!hsGBQkbmZ{zGF}m~6u( zPxQ+Hu*2Ngi5&E%BzQt-kO7_}whk8iX{eo|A6(>;SfU<*Zp}FgJI{9nrb5n(QNrU0 zy!`CBAJI+0Hk2|gVg7U0pHjOhDdJ^9ud~yywkukab?=Tkgo(*;BXLP4$!vz z*$qrVPy`7pB_#HMHgjS{x#{ zbbmude40T!*Y-G2-}2Np@#qDFhBhKJ#{ra+fv&FZ#lwdWzs3*?`dn`1brK1X*I)fi z2!%!Lm0}uK0@l?|jrw!kJ7|4=@_w7$3G}_J{x6Bth*Oj2@^w<{@ItDwJQeysxp-p( zBmho9mjTaT*`ENd@13Or&?^BU!3G{8Eivhzxf7?1=`De!~WCsSat@Jxr@S@%4c>m znQpkjyXo?8@kIs;6q)O4ALfKdAEKm*@5=*=B_zLRWbn#l83|s&?1fYMuc%0f6)e{BD_!>s=fE&KF*ymiNk@oFH2NX$ZY$63B_vGfgy$SQn-SJn zsZ==Rppw0nl#p-^VN;5DJQ7IzYQCHuD@1DAPM0dK1o=S@PpDHag_VOX5h<51NPB$Kni?-}Kbnbf z-_VYcqbS1d$-i^w2i{~NcPB3|Jmj|gD7kk_b8M~T-1%}Qvm0ygCYCC;e4fxe5%|Kb zg$?o=oRd-3p>JUM3zwt3we>ENCI)hn%Epo7Kn%z5d{l-=djo>W@BxYqS5}(QNYwr0vP0hxIK$lj5xgDXM| zEC3nGiQ2Rl`FFOkMkhPgSoX1sM}Y<(?-RR+VZrFAKUGt;0=G2{~EiJHO&V*IDbO~V?m zt{C%)g+E@ZVROi+_bC9yW@>?yj&^DDzvZb~+-dD8%ou8Q(ih z4Ebm2IvNsT9U}&yx&EpduGBbY^ldV(JCzNzJ#8R7Ez5>6nkb*2Ffj8PaXOHLA`bT| z%&Pr^XTQmj8UrGwWhs0Zi`{6cvm zwb#z7{bwZxxIQ6m7sV$uo={!xxMhxm?Ld{6ks@puG*ZCZF5UnHysDDhZcA<3{(GFt z;fPc$JyItcBuE)3e%T?x$JJ>8WRZ`wh?>^fyuIm#gmed}3L$$J;=hV3M|;{VZ?T*= zvO%zvvp~?8J}f%-fgj;bmk0djX_9ML#eSG`Rmch2HqPDouF30kWNKBGl5$8B+p?oV zJMz?ipVQyZODY6l*5+0k5gPnV`ZA`c=Sa|219zmfJmWZy7j$XVIvhOsuF_}Jt{0IR z@a6k_LJy^Zv=EMbm~bv*RKfpYwxMmHu;utw9A5o{931oCPJw1olbR54{=uWn;eyPQ zQS6}S7Nb#SfzdJO;>aTyG!Yqg2Ci~ROA=B&bm`d{3$|f6s&{`-3SIoZMp<*YqO)PD zxiSA6ldpHB?(>-p{M@CPbwi#vrY|h!ZnL^NUxWATPmS8%d(O6HMwW?b!1C9UfQl1N zOki=kLZbh&tf5Wupv$kW=pI`_@`HsF1kkP!X&VmV#$tp>3jp(5ts|@>x%_m; zu^3iWjBl8rb~nXM98{MHcW4`AKfir(b!c_WXUAosV>RxV1`|;toWUG+Y8nD6uGw^$ zr^DFc{O7aySYwukNT=hVT$~Dr)0lL*hQtS!1utd6BZiXzoIZVuES;T=ddDfBTKLv! zy3sx`=u7i_#O`Hd<|iIdE>by!NT0xqt4B#=n33=A5O=g$En zhY}qk4Sm_I6ThZiGI3^faaUdnJz*;n&a(jzeAOM1j9k~1q#?e=#=%1#*8*CKmLg05 z=5lAvb^iLxFW=5`;7O0Cl2YmNGH@UcS4)w3CeJ;#B~6{tAlot`(Gk1s^0iPSulM1L zN8^pJSPSP+{`u$PZ_|@zd-n?Bibcx(jtSdW;h}5)u|