From ff753e7ff2a304a63723924fcc68c6f883c96fc2 Mon Sep 17 00:00:00 2001 From: Kaur Palang <5758525+kpalang@users.noreply.github.com> Date: Tue, 19 Aug 2025 13:10:32 +0300 Subject: [PATCH 001/360] Initial commit --- .github/FUNDING.yml | 4 + .gitignore | 7 + LICENSE | 201 ++++++++++++++++++ README.md | 37 ++++ build.sh | 86 ++++++++ certificate/keystore.jks | Bin 0 -> 2609 bytes client/pom.xml | 50 +++++ .../client/MySettingsPlugin.java | 59 +++++ .../client/panel/MainSettingsPanel.java | 115 ++++++++++ libs/compiletime/README.md | 1 + libs/runtime/README.md | 4 + libs/runtime/client/.gitkeep | 0 libs/runtime/server/.gitkeep | 0 libs/runtime/shared/.gitkeep | 0 pom.xml | 165 ++++++++++++++ server/pom.xml | 49 +++++ .../server/MyServicePlugin.java | 80 +++++++ .../server/servlet/MyPluginServlet.java | 42 ++++ shared/pom.xml | 55 +++++ .../mirthpluginsample/shared/MyConstants.java | 25 +++ .../shared/MyPermissions.java | 24 +++ .../shared/interfaces/MyServletInterface.java | 60 ++++++ .../shared/model/MyInfoObject.java | 26 +++ 23 files changed, 1090 insertions(+) create mode 100644 .github/FUNDING.yml create mode 100644 .gitignore create mode 100644 LICENSE create mode 100644 README.md create mode 100755 build.sh create mode 100644 certificate/keystore.jks create mode 100644 client/pom.xml create mode 100644 client/src/main/java/com/kaurpalang/mirthpluginsample/client/MySettingsPlugin.java create mode 100644 client/src/main/java/com/kaurpalang/mirthpluginsample/client/panel/MainSettingsPanel.java create mode 100644 libs/compiletime/README.md create mode 100644 libs/runtime/README.md create mode 100644 libs/runtime/client/.gitkeep create mode 100644 libs/runtime/server/.gitkeep create mode 100644 libs/runtime/shared/.gitkeep create mode 100644 pom.xml create mode 100644 server/pom.xml create mode 100644 server/src/main/java/com/kaurpalang/mirthpluginsample/server/MyServicePlugin.java create mode 100644 server/src/main/java/com/kaurpalang/mirthpluginsample/server/servlet/MyPluginServlet.java create mode 100644 shared/pom.xml create mode 100644 shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyConstants.java create mode 100644 shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyPermissions.java create mode 100644 shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/interfaces/MyServletInterface.java create mode 100644 shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/model/MyInfoObject.java diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000000..0c358145b3 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms + +ko_fi: kpalang +custom: https://wise.com/pay/me/kaurp6 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000000..7321afa3de --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +.idea/ +target/ +*.iml +*.zip +*.json +plugin.xml +*.jar diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000000..3d33284651 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000000..208531ba5e --- /dev/null +++ b/README.md @@ -0,0 +1,37 @@ +# A sample NextGen connect Plugin project + +A sample [NextGen Connect](https://github.com/nextgenhealthcare/connect) plugin. + +This repository is used in [this guide on writing Mirth plugins](https://github.com/kpalang/mirth-plugin-guide). + +## Installation +1. [Install Java](https://www.javatpoint.com/javafx-how-to-install-java) +2. [Install Maven](https://www.javatpoint.com/how-to-install-maven) +3. Run `git clone https://github.com/kpalang/mirth-sample-plugin` +4. Navigate to `mirth-sample-plugin/` +5. Run `./build.sh` to verify the build works +6. Try to install the sample plugin by getting the `sampleplugin.zip` archive from your project root +--- + +## Usage + +> [!TIP] +> This repository is best used as a template by clicking the green "Use this template" button in the top right corner. +> Using as a template makes your repository not pick up the changes in the base repo thus avoiding file mismatches. + +**This repository showcases use of [mirth-plugin-maven-plugin-kt](https://github.com/kpalang/mirth-plugin-maven-plugin-kt) to generate `plugin.xml` file!** + +- Any external libraries that you might want to use in the plugin at runtime, go into `libs/runtime/{type}` +- Any external libraries that you might want to use at compiletime, go into `libs/compiletime/{type}` + +### You can choose between two methods when signing your plugin jarfiles +#### Method 1 - maven-jarsigner-plugin in `pom.xml` +Using the `maven-jarsigner-plugin` requires you uncomment this section [here](./pom.xml:122). +Additionally, you must comment out or remove the [Method 2 section](./build.sh:63) in `build.sh` + +#### Method 2 - external script +When using external signing, leave the [section](./pom.xml:122) in `pom.xml` commented or delete +it and comment out or remove the [Method 1 section](./build.sh:52) in `build.sh` + +--- +# Pull requests are always welcome diff --git a/build.sh b/build.sh new file mode 100755 index 0000000000..be34f3fe48 --- /dev/null +++ b/build.sh @@ -0,0 +1,86 @@ +#!/usr/bin/env bash + +echo "########################################" +echo +echo " Building jars..." +echo +echo "########################################" +mvn install package +STATUS=$? +if [ $STATUS -ne 0 ]; then + echo "---------- Building failed" + exit 1 +fi + +PLUGIN_PATH=$(mvn exec:exec --non-recursive --quiet -Dexec.executable="echo" -Dexec.args='${mirth.plugin.path}') +ARTIFACT_ID=$(mvn exec:exec --non-recursive --quiet -Dexec.executable="echo" -Dexec.args='${project.artifactId}') + +echo "########################################" +echo +echo " Copying libraries..." +echo +echo "########################################" +rm -rf "$PLUGIN_PATH" # basically clean +mkdir -p "$PLUGIN_PATH/libs" +cp libs/runtime/{client,server,shared}/*.jar "$PLUGIN_PATH/libs/" + +echo "########################################" +echo +echo " Generating plugin.xml..." +echo +echo "########################################" +mvn -N com.kaurpalang:mirth-plugin-maven-plugin:3.0.0:generate-plugin-xml + +STATUS=$? +if [ $STATUS -ne 0 ]; then + echo "---------- Plugin.xml generation failed" + exit 1 +fi + +cp plugin.xml "$PLUGIN_PATH/" +echo "########################################" +echo +echo " Signing jars..." +echo +echo "########################################" + +################################################################## +# +# Method 1 +# +################################################################## +cp {client,server,shared}/target/*.jar "$PLUGIN_PATH/" +# End of method 1 +################################################################## + +################################################################## +# +# Method 2 +# +################################################################## +mkdir "$PLUGIN_PATH/signing_input/" +cp {client,server,shared}/target/*.jar "$PLUGIN_PATH/signing_input/" +modules=("server client shared") +for module in $modules +do + current_jar="$PLUGIN_PATH/signing_input/$ARTIFACT_ID-$module.jar" + echo "signing $current_jar" + jarsigner \ + -keystore certificate/keystore.jks \ + -storepass "storepass" \ + -keypass "keypass" \ + -signedjar "$PLUGIN_PATH/$ARTIFACT_ID-$module.jar" \ + "$current_jar" \ + selfsigned +done +# End of method 2 +################################################################## + +rm -rf "$PLUGIN_PATH/signing_input/" + +echo "########################################" +echo +echo " Packaging plugin..." +echo +echo "########################################" +zip -r $PLUGIN_PATH "$PLUGIN_PATH" diff --git a/certificate/keystore.jks b/certificate/keystore.jks new file mode 100644 index 0000000000000000000000000000000000000000..9264d2df2404719347d5b953832d2980f86ada1e GIT binary patch literal 2609 zcma)6XEYm%9#0}cM2vD#tCFfwMbHqms`e;Fi&83e6Dzb=jaoILLTzf+iq*ut+^f`z zt%{V(wWVs8npNYP&pGd%d(Zpy-iQDBo!|O@{Go_!vLGN6iU?g|hF&EZkoMs~79g1j z9Rm}g!{_nvb#Zc_btpEN9f;f|UK8 zCBJ70D1YhMh2idTeEPn!k6v!2ZQe^=;T7m8Ch!Wlv(T@}JyQ-S1kOdv@2C zHAy{XP|QL@@uNHCG`mnS2@XG>d}vYfCS}24-(ul)z<_j?!NO^LNbWWTZP01_qFa)5 zyM({YVVO}Y21}YP#H(m!aOU}ULzZwPY?yElPQ6@hq8=9N2CLr}roeyUPo5n3>bSm^ z%0~8TQ)zkpNfx^zsFV~<4}SNFnZJ=}2UHF844Jf>>!r)bfoM5xNEd=}lyG?iA*YCy zDRzLZlFoy`&l%ZGr#mrPbADzIM=u@GmO$?_j)CGX#(RCbi30C}c1FWw)H|MYpogCu z=TdFNgGH#nIdc%jTJDWfJp`MD%60UtEY!V5fN#BqEeQiK`Z-8{$i4^ZiSB`)xx#&<$7kRYY}Mi4;+To-zdtT^P}4JWT+H# zL>BhRmZ49yU>_bCKED!Q&R*%>F*w+^6S`nSP4GnYEX4P^zG=4cnwq|=bPdfzdG%sy z3XAc%Z;LP;Mf3}KVV^HfSG)nG3iWOruY`a~46NfYn+>#}_NRrRlLRUzSRq+Kd82+m z)}Wdsb>rav)!^U(a3eea&GmK0#!dlRz`^}yH>LVZd$Eo}#0dDaGmQ}`V;*5%!7YZE z8~`oK9aQLxby+_hs88aDyoA+SNpfrp!|o*Wc1n{sA<43-L@03S*bN~lRo$h^!zuX)W<)O<)Z+eqegaglW*|SL-qr`vh$Q_QHKen7kdSW2R(i zD{;R`NrfP`ddbnLc)ZBygZFwYxg|yZGKl-<*dgvrdltl{;N1lHodP!zQ->{+;grv9 zX+n-OoXUn#+R-YmGGq0eM+oGR5I==rv5!~Ne^hm&Wi#45cJpPv;AHf%j!-s&gXUyw zZ51nRCAVcfkE63c07`wG)>^xmIPHrc=S(0WtqwOtTo;EOZyQzkqy;rS)2#3GWE%y{ zMyGQ`z=*D<@!S~~Yhw(f!gjT$-&HR01FK9lunV%t%ubyYmy>Gs7Y3b;yMrGh=pSxz z+8GuHbC0+H_7^P%!CNiCRQHQ=s;vcyv%GeJg=U98YTkdWf|HYVjw!a6O(>+kXQFY2 z&2-NILI84NZr674k@%4vQH_mlV#bY!&%_+?;OWqd{L}HcB*Eo*zsjl*Mw+UTP=K?7 z0qXMKa|z{D;1lHqcmePLcYxD5x&oX5PtF+*h4?4*lL9aJ!hKf{yqJPA8jVp>M5$sF zF=!MK%>8$Wg_%qQgHS}KQxFhv4*UN&!2dPZcg*`&J!5D^7y26|R-8vyg3gq<{-3#S zc&3tcr*lRRZ(};Hr~f!El*kmi&Xm2B*CA)dm5toCh<;=KfhJK$SdA=n330xF3^={- zfD^MHbek;h&+RF_UK>piyTjAVa%=%_V2vD=HFe*~gKj~!c@`SDDp_`__Y^fhd}A#- zT?Q0{8jAwc)3hrNqc`3%F(Z?=uVEfHl>&wNbK8e*Nx>mYclFBwwvl!MJ)&k~bj6x3 z6^MXW4cA10A1sPl-)Q+3N8*&BHe!w1m-_obBD}Gg1Z7w*^G*9|v_5`+DF1tLgkg+B zJb|PA)(m^AOjqu81^Kn9u`{v+aXM zkB#3P$T_!*^xJW0vGR$8wV+JJ^%ZND_Rnj&5+N7K&8q<=o(M(DGC)fNXSHRG(zM~o z$4^EE1TB>dHvsEEeoXJSI=w4qvzB1sqf7uLN^oTcw;oo2h5 z0$LkRescflAvSvms7SLs5p1ng)jfUTD)*Db1)af1JXNz%3w&7k!z*R7_H!4LF3q{J z>}#Vn{QGid?0oleS(M)@^Sak2EHe5@85zBBp%6~4Fh*QE*(s_p6q+Rc<5NhjLSwS+ z+F~Bs0x99>j*RuPbfC7W=_w30vLE8@zy0Ar-rV9idwRU70%wSn%$lr#VQ-<)*MmGAJ#|Ck>z2DikbsD<7v*V9s52Bk42&HFbE!>a! z9E72oj(3w64>>Nk17CPMNy2<^C*}M&0h$@J6jo(k5A6z*x$@1T7f;KcbIVOp682jB zW@b9TS{i_lLV7hl;=*t)?`>$zJgee!w{=c95Ew+qSFFpAj%g9)tpdKbF=F~|@7Z$k zjp%RtKg0sr8$w6Rc86k^UMrg#ec}#1k?_*0cTkEKKDj!UHdDZqGZ90`GNeLx-!e4! zeu0g@_EK>R3)DQEnB2aL-YSK1`^Aq2CoY>*hKm9lS?KJx0rWdH0~s=Y6fEx zC(E@oBvQ>bAU6EoL?P>q&1LB+P90|ds8?O$3MdT}0tID;$Z#-$1R(%0uPH8^61c~Z s`zV?Pr1y0hs#Slv2Il?q`gg%!RgnOb1;5Gs_f;pzv$_!w6Ocsy7Z!J>IsgCw literal 0 HcmV?d00001 diff --git a/client/pom.xml b/client/pom.xml new file mode 100644 index 0000000000..be08bb76b8 --- /dev/null +++ b/client/pom.xml @@ -0,0 +1,50 @@ + + + + + 4.0.0 + + + com.kaurpalang + mirthpluginsample + 1.0-SNAPSHOT + + + client + + + + com.mirth.connect + mirth-client + ${mirth.version} + + + + com.miglayout + miglayout + ${miglayout.version} + + + + com.kaurpalang + shared + ${project.version} + + + diff --git a/client/src/main/java/com/kaurpalang/mirthpluginsample/client/MySettingsPlugin.java b/client/src/main/java/com/kaurpalang/mirthpluginsample/client/MySettingsPlugin.java new file mode 100644 index 0000000000..4d6bdb5b7f --- /dev/null +++ b/client/src/main/java/com/kaurpalang/mirthpluginsample/client/MySettingsPlugin.java @@ -0,0 +1,59 @@ +/* + * Copyright 2021 Kaur Palang + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.kaurpalang.mirthpluginsample.client; + +import com.kaurpalang.mirth.annotationsplugin.annotation.MirthClientClass; +import com.kaurpalang.mirthpluginsample.client.panel.MainSettingsPanel; +import com.kaurpalang.mirthpluginsample.shared.MyConstants; +import com.mirth.connect.client.ui.AbstractSettingsPanel; +import com.mirth.connect.plugins.SettingsPanelPlugin; + +@MirthClientClass +public class MySettingsPlugin extends SettingsPanelPlugin { + + private MainSettingsPanel mainSettingsPanel; + + public MySettingsPlugin(String name) { + super(name); + } + + @Override + public AbstractSettingsPanel getSettingsPanel() { + return this.mainSettingsPanel; + } + + @Override + public String getPluginPointName() { + return MyConstants.PLUGIN_POINTNAME; + } + + @Override + public void start() { + System.out.println("Hello from the other slide!"); + this.mainSettingsPanel = new MainSettingsPanel(); + } + + @Override + public void stop() { + + } + + @Override + public void reset() { + + } +} diff --git a/client/src/main/java/com/kaurpalang/mirthpluginsample/client/panel/MainSettingsPanel.java b/client/src/main/java/com/kaurpalang/mirthpluginsample/client/panel/MainSettingsPanel.java new file mode 100644 index 0000000000..a76456f3f6 --- /dev/null +++ b/client/src/main/java/com/kaurpalang/mirthpluginsample/client/panel/MainSettingsPanel.java @@ -0,0 +1,115 @@ +/* + * Copyright 2021 Kaur Palang + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.kaurpalang.mirthpluginsample.client.panel; + +import com.kaurpalang.mirthpluginsample.shared.MyConstants; +import com.mirth.connect.client.ui.AbstractSettingsPanel; +import com.mirth.connect.client.ui.components.MirthCheckBox; +import com.mirth.connect.client.ui.components.MirthPasswordField; +import com.mirth.connect.client.ui.components.MirthTextField; +import net.miginfocom.swing.MigLayout; + +import javax.swing.*; +import javax.swing.border.TitledBorder; +import java.awt.*; + +public class MainSettingsPanel extends AbstractSettingsPanel { + + /** + * Create component variables + */ + private JLabel forcefulLabel; + private MirthCheckBox forcefulCheckbox; + + private JLabel remoteUsernameLabel; + private MirthTextField remoteUsernameTextField; + + private JLabel remotePasswordLabel; + private MirthPasswordField remotePasswordField; + + private JButton testRemoteButton; + + public MainSettingsPanel() { + // The name of our tab in the Settings menu + super(MyConstants.SETTINGS_TABNAME_MAIN); + initComponents(); + } + + private void initComponents() { + setBackground(Color.WHITE); + setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 0)); + setLayout(new MigLayout("insets 12, novisualpadding, hidemode 3, fill, gap 6", "", "[][][][grow]")); + + /** + * Instantiate component variables + */ + forcefulLabel = new JLabel("Force push:"); + forcefulCheckbox = new MirthCheckBox(); + forcefulLabel.setToolTipText("This is a\nmultiline tooltip ;)"); + forcefulCheckbox.setBackground(Color.WHITE); + + remoteUsernameLabel = new JLabel("Username:"); + remoteUsernameTextField = new MirthTextField(); + + remotePasswordLabel = new JLabel("Password:"); + remotePasswordField = new MirthPasswordField(); + + testRemoteButton = new JButton("Do a thing button"); + + /** + * Create the base container for our components + */ + JPanel deetsPanel = new JPanel(); + deetsPanel.setLayout(new MigLayout("insets 12, novisualpadding, hidemode 3, fill, gap 6", "[]12[][grow]", "")); + deetsPanel.setBackground(Color.WHITE); + deetsPanel.setBorder( + BorderFactory.createTitledBorder( + BorderFactory.createMatteBorder(1, 0, 0, 0, new Color(204, 204, 204)), + "MyPlugin", + TitledBorder.DEFAULT_JUSTIFICATION, + TitledBorder.DEFAULT_POSITION, + new Font("Tahoma", 1, 11) + ) + ); + + /** + * Add our components to the base container + */ + deetsPanel.add(forcefulLabel, "right"); + deetsPanel.add(forcefulCheckbox); + deetsPanel.add(remoteUsernameLabel, "newline, right"); + deetsPanel.add(remoteUsernameTextField, "w 168!"); + deetsPanel.add(remotePasswordLabel, "newline, right"); + deetsPanel.add(remotePasswordField, "w 168!"); + deetsPanel.add(testRemoteButton, "newline"); + + /** + * Add base container to Mirth's more base-er container + */ + add(deetsPanel, "growx"); + } + + @Override + public void doRefresh() { + + } + + @Override + public boolean doSave() { + return false; + } +} diff --git a/libs/compiletime/README.md b/libs/compiletime/README.md new file mode 100644 index 0000000000..b52d40688d --- /dev/null +++ b/libs/compiletime/README.md @@ -0,0 +1 @@ +Here go any library jars that you might need during development/compilation diff --git a/libs/runtime/README.md b/libs/runtime/README.md new file mode 100644 index 0000000000..7eabd6136a --- /dev/null +++ b/libs/runtime/README.md @@ -0,0 +1,4 @@ +In these folders go library jars that the plugin needs during runtime. +For each environment respectively. + +## Do not rename the directories! diff --git a/libs/runtime/client/.gitkeep b/libs/runtime/client/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/libs/runtime/server/.gitkeep b/libs/runtime/server/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/libs/runtime/shared/.gitkeep b/libs/runtime/shared/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000000..6cc1489ea7 --- /dev/null +++ b/pom.xml @@ -0,0 +1,165 @@ + + + + + 4.0.0 + + com.kaurpalang + mirthpluginsample + 1.0-SNAPSHOT + pom + + + + Apache License, Version 2.0 + https://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + server + shared + client + + + + 17 + 17 + UTF-8 + + 4.5.0 + + 5.1 + 3.7.1 + 3.0.0 + 2.1.0-SNAPSHOT + 1.18.32 + 3.7.4 + + + Kaur Palang + 4.5.0 + A sample Mirth plugin to showcase my Maven plugin. + Sample Plugin + sampleplugin + www.yourpage.com + ${project.version} + + + + + repsy-default + https://repo.repsy.io/mvn/kpalang/default + + + repsy-mirthconnect + https://repo.repsy.io/mvn/kpalang/mirthconnect + + + + + + repsy-default + https://repo.repsy.io/mvn/kpalang/default + + + + + + + com.kaurpalang + mirth-plugin-maven-plugin + ${mirth-plugin-maven-plugin.version} + + + + com.mirth.connect + mirth-server + ${mirth.version} + + + + org.projectlombok + lombok + ${lombok.version} + provided + + + + + + ${project.parent.artifactId}-${project.artifactId} + + + + + + + + + org.bsc.maven + maven-processor-plugin + ${maven-processor-plugin.version} + + + process + + process + + process-sources + + + + com.kaurpalang.mirth.annotationsplugin.processor.MirthPluginProcessor + + + + + + + + diff --git a/server/pom.xml b/server/pom.xml new file mode 100644 index 0000000000..ac8489c818 --- /dev/null +++ b/server/pom.xml @@ -0,0 +1,49 @@ + + + + + 4.0.0 + + + com.kaurpalang + mirthpluginsample + 1.0-SNAPSHOT + + + server + + + 4.0.1 + + + + + com.kaurpalang + shared + ${project.version} + + + + javax.servlet + javax.servlet-api + ${javax-servlet.version} + provided + + + diff --git a/server/src/main/java/com/kaurpalang/mirthpluginsample/server/MyServicePlugin.java b/server/src/main/java/com/kaurpalang/mirthpluginsample/server/MyServicePlugin.java new file mode 100644 index 0000000000..13b4e51f4b --- /dev/null +++ b/server/src/main/java/com/kaurpalang/mirthpluginsample/server/MyServicePlugin.java @@ -0,0 +1,80 @@ +/* + * Copyright 2021 Kaur Palang + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.kaurpalang.mirthpluginsample.server; + +import com.kaurpalang.mirth.annotationsplugin.annotation.MirthServerClass; +import com.kaurpalang.mirthpluginsample.shared.MyConstants; +import com.kaurpalang.mirthpluginsample.shared.MyPermissions; +import com.kaurpalang.mirthpluginsample.shared.interfaces.MyServletInterface; +import com.mirth.connect.client.core.api.util.OperationUtil; +import com.mirth.connect.model.ExtensionPermission; +import com.mirth.connect.plugins.ServicePlugin; + +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +@MirthServerClass +public class MyServicePlugin implements ServicePlugin { + + @Override + public void init(Properties properties) { + System.out.println("Hello world from init!"); + } + + @Override + public void update(Properties properties) { + // We don't need to do anything here. + } + + @Override + public Properties getDefaultProperties() { + return new Properties(); + } + + @Override + public ExtensionPermission[] getExtensionPermissions() { + ExtensionPermission getPermission = new ExtensionPermission ( + MyConstants.PLUGIN_POINTNAME, + MyPermissions.GETSTH, + "Allows getting important information from our plugin", + OperationUtil.getOperationNamesForPermission(MyPermissions.GETSTH, MyServletInterface.class), new String[] {} + ); + + return new ExtensionPermission[] {getPermission}; + } + + @Override + public Map getObjectsForSwaggerExamples() { + return new HashMap<>(); + } + + @Override + public String getPluginPointName() { + return MyConstants.PLUGIN_POINTNAME; + } + + @Override + public void start() { + System.out.println("Hello world from start!"); + } + + @Override + public void stop() { + System.out.println("Good bye world!"); + } +} diff --git a/server/src/main/java/com/kaurpalang/mirthpluginsample/server/servlet/MyPluginServlet.java b/server/src/main/java/com/kaurpalang/mirthpluginsample/server/servlet/MyPluginServlet.java new file mode 100644 index 0000000000..d6cad27f14 --- /dev/null +++ b/server/src/main/java/com/kaurpalang/mirthpluginsample/server/servlet/MyPluginServlet.java @@ -0,0 +1,42 @@ +/* + * Copyright 2021 Kaur Palang + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.kaurpalang.mirthpluginsample.server.servlet; + +import com.kaurpalang.mirth.annotationsplugin.annotation.MirthApiProvider; +import com.kaurpalang.mirth.annotationsplugin.type.ApiProviderType; +import com.kaurpalang.mirthpluginsample.shared.MyConstants; +import com.kaurpalang.mirthpluginsample.shared.interfaces.MyServletInterface; +import com.kaurpalang.mirthpluginsample.shared.model.MyInfoObject; +import com.mirth.connect.server.api.MirthServlet; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.SecurityContext; + +@MirthApiProvider(type = ApiProviderType.SERVER_CLASS) +public class MyPluginServlet extends MirthServlet implements MyServletInterface { + + public MyPluginServlet(@Context HttpServletRequest request, @Context SecurityContext sc) { + super(request, sc, MyConstants.PLUGIN_POINTNAME); + } + + @Override + public MyInfoObject getSomething(String identifier) { + String data = String.format("<%s> Some important informations", identifier); + return new MyInfoObject(data); + } +} diff --git a/shared/pom.xml b/shared/pom.xml new file mode 100644 index 0000000000..5d9deb4f3d --- /dev/null +++ b/shared/pom.xml @@ -0,0 +1,55 @@ + + + + + 4.0.0 + + + com.kaurpalang + mirthpluginsample + 1.0-SNAPSHOT + + + + 2.1.11 + 2.1.1 + + + + + com.mirth.connect + mirth-client-core + ${mirth.version} + + + + io.swagger.core.v3 + swagger-annotations + ${swagger.version} + + + + javax.ws.rs + javax.ws.rs-api + ${javax.version} + + + + shared + diff --git a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyConstants.java b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyConstants.java new file mode 100644 index 0000000000..a61127e95e --- /dev/null +++ b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyConstants.java @@ -0,0 +1,25 @@ +/* + * Copyright 2021 Kaur Palang + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.kaurpalang.mirthpluginsample.shared; + +public final class MyConstants { + public static final String PLUGIN_POINTNAME = "Awesome Plugin"; + + public static final String SETTINGS_TABNAME_MAIN = "MyPlugin Settings"; + + private MyConstants() {} +} diff --git a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyPermissions.java b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyPermissions.java new file mode 100644 index 0000000000..6342af8dd0 --- /dev/null +++ b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyPermissions.java @@ -0,0 +1,24 @@ +/* + * Copyright 2021 Kaur Palang + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.kaurpalang.mirthpluginsample.shared; + +public final class MyPermissions { + + public static final String GETSTH = "myplugin_permission_getsth"; + + public MyPermissions() {} +} diff --git a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/interfaces/MyServletInterface.java b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/interfaces/MyServletInterface.java new file mode 100644 index 0000000000..f5b997c370 --- /dev/null +++ b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/interfaces/MyServletInterface.java @@ -0,0 +1,60 @@ +/* + * Copyright 2021 Kaur Palang + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.kaurpalang.mirthpluginsample.shared.interfaces; + +import com.kaurpalang.mirth.annotationsplugin.annotation.MirthApiProvider; +import com.kaurpalang.mirth.annotationsplugin.type.ApiProviderType; +import com.kaurpalang.mirthpluginsample.shared.MyPermissions; +import com.kaurpalang.mirthpluginsample.shared.model.MyInfoObject; +import com.mirth.connect.client.core.ClientException; +import com.mirth.connect.client.core.api.BaseServletInterface; +import com.mirth.connect.client.core.api.MirthOperation; +import com.mirth.connect.client.core.api.Param; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Content; +import io.swagger.v3.oas.annotations.media.Schema; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.tags.Tag; + +import javax.ws.rs.*; +import javax.ws.rs.core.MediaType; + +@Path("/myplugin") +@Tag(name = "MyPlugin operations") +@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) +@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) +@MirthApiProvider(type = ApiProviderType.SERVLET_INTERFACE) +public interface MyServletInterface extends BaseServletInterface { + + @GET + @Path("/getsomething") + @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) + @ApiResponse(responseCode = "200", description = "Found the information", + content = { + @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = MyInfoObject.class)), + @Content(mediaType = MediaType.APPLICATION_XML, schema = @Schema(implementation = MyInfoObject.class)) + }) + @MirthOperation( + name = "getSomething", + display = "Get important information", + permission = MyPermissions.GETSTH + ) + MyInfoObject getSomething( + @Param("identifier") @Parameter(description = "The identifier of our important information to retrieve.", required = true) @QueryParam("identifier") String identifier) + throws ClientException; +} diff --git a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/model/MyInfoObject.java b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/model/MyInfoObject.java new file mode 100644 index 0000000000..1a4c3f7aff --- /dev/null +++ b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/model/MyInfoObject.java @@ -0,0 +1,26 @@ +/* + * Copyright 2021 Kaur Palang + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.kaurpalang.mirthpluginsample.shared.model; + +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.Setter; + +@AllArgsConstructor +public class MyInfoObject { + @Getter @Setter private String data; +} From d2fbac7328eda7b7a68348a4adcbb3a9961868b9 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 19 Aug 2025 17:20:40 +0300 Subject: [PATCH 002/360] Initial setup adjustments --- .editorconfig | 11 ++ .gitignore | 4 + .sdkmanrc | 4 + build.sh | 145 ++++++++---------- pom.xml | 20 +-- server/pom.xml | 21 +++ .../server/servlet/MyPluginServlet.java | 42 ----- shared/pom.xml | 6 + .../mirthpluginsample/shared/MyConstants.java | 4 +- .../shared/MyPermissions.java | 24 --- .../shared/interfaces/MyServletInterface.java | 60 -------- .../shared/model/MyInfoObject.java | 26 ---- 12 files changed, 113 insertions(+), 254 deletions(-) create mode 100644 .editorconfig create mode 100644 .sdkmanrc delete mode 100644 server/src/main/java/com/kaurpalang/mirthpluginsample/server/servlet/MyPluginServlet.java delete mode 100644 shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyPermissions.java delete mode 100644 shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/interfaces/MyServletInterface.java delete mode 100644 shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/model/MyInfoObject.java diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000000..f64953596e --- /dev/null +++ b/.editorconfig @@ -0,0 +1,11 @@ +root = true + +[*] +end_of_line = lf +charset = utf-8 +insert_final_newline = true +indent_style = space +indent_size = 4 + +[*.java] +ij_continuation_indent_size = 4 \ No newline at end of file diff --git a/.gitignore b/.gitignore index 7321afa3de..9367872f8c 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,7 @@ target/ *.json plugin.xml *.jar + +docker/certs/ +docker/custom-extensions +docker/pgdata \ No newline at end of file diff --git a/.sdkmanrc b/.sdkmanrc new file mode 100644 index 0000000000..b47567c2cd --- /dev/null +++ b/.sdkmanrc @@ -0,0 +1,4 @@ +# Enable auto-env through the sdkman_auto_env config +# Add key=value pairs of SDKs to use below +java=17.0.16.fx-zulu +maven=3.9.11 \ No newline at end of file diff --git a/build.sh b/build.sh index be34f3fe48..d4dec5eeb6 100755 --- a/build.sh +++ b/build.sh @@ -1,86 +1,63 @@ #!/usr/bin/env bash -echo "########################################" -echo -echo " Building jars..." -echo -echo "########################################" -mvn install package -STATUS=$? -if [ $STATUS -ne 0 ]; then - echo "---------- Building failed" - exit 1 -fi - -PLUGIN_PATH=$(mvn exec:exec --non-recursive --quiet -Dexec.executable="echo" -Dexec.args='${mirth.plugin.path}') -ARTIFACT_ID=$(mvn exec:exec --non-recursive --quiet -Dexec.executable="echo" -Dexec.args='${project.artifactId}') - -echo "########################################" -echo -echo " Copying libraries..." -echo -echo "########################################" -rm -rf "$PLUGIN_PATH" # basically clean -mkdir -p "$PLUGIN_PATH/libs" -cp libs/runtime/{client,server,shared}/*.jar "$PLUGIN_PATH/libs/" - -echo "########################################" -echo -echo " Generating plugin.xml..." -echo -echo "########################################" -mvn -N com.kaurpalang:mirth-plugin-maven-plugin:3.0.0:generate-plugin-xml - -STATUS=$? -if [ $STATUS -ne 0 ]; then - echo "---------- Plugin.xml generation failed" - exit 1 -fi - -cp plugin.xml "$PLUGIN_PATH/" -echo "########################################" -echo -echo " Signing jars..." -echo -echo "########################################" - -################################################################## -# -# Method 1 -# -################################################################## -cp {client,server,shared}/target/*.jar "$PLUGIN_PATH/" -# End of method 1 -################################################################## - -################################################################## -# -# Method 2 -# -################################################################## -mkdir "$PLUGIN_PATH/signing_input/" -cp {client,server,shared}/target/*.jar "$PLUGIN_PATH/signing_input/" -modules=("server client shared") -for module in $modules -do - current_jar="$PLUGIN_PATH/signing_input/$ARTIFACT_ID-$module.jar" - echo "signing $current_jar" - jarsigner \ - -keystore certificate/keystore.jks \ - -storepass "storepass" \ - -keypass "keypass" \ - -signedjar "$PLUGIN_PATH/$ARTIFACT_ID-$module.jar" \ - "$current_jar" \ - selfsigned -done -# End of method 2 -################################################################## - -rm -rf "$PLUGIN_PATH/signing_input/" - -echo "########################################" -echo -echo " Packaging plugin..." -echo -echo "########################################" -zip -r $PLUGIN_PATH "$PLUGIN_PATH" +function main() { + + echo "########################################" + echo + echo " mvn cleaning..." + echo + echo "########################################" + mvn clean + + echo "########################################" + echo + echo " Building jars..." + echo + echo "########################################" + mvn install package + + PLUGIN_PATH=$(mvn exec:exec --non-recursive --quiet -Dexec.executable="echo" -Dexec.args='${mirth.plugin.path}') + ARTIFACT_ID=$(mvn exec:exec --non-recursive --quiet -Dexec.executable="echo" -Dexec.args='${project.artifactId}') + + echo "########################################" + echo + echo " Copying libraries..." + echo + echo "########################################" + mkdir -p "$STAGING_DIR/libs" + + modules=("server" "client" "shared") + for module in "${modules[@]}"; do + if find "libs/runtime/$module/" -maxdepth 1 -iname "*.jar" | grep -q .; then + cp libs/runtime/"$module"/*.jar "$STAGING_DIR/libs/" + else + echo "No .jar files in libs/runtime/$module/" + fi + done + + echo "########################################" + echo + echo " Generating plugin.xml..." + echo + echo "########################################" + mvn -N com.kaurpalang:mirth-plugin-maven-plugin:3.0.0:generate-plugin-xml + + mv plugin.xml "$STAGING_DIR" + + echo "########################################" + echo + echo " Packaging plugin..." + echo + echo "########################################" + cp {client,server,shared}/target/*.jar "$STAGING_DIR/" + + pushd target + mv staging "$PLUGIN_PATH" + zip -r "$PLUGIN_PATH" "$PLUGIN_PATH" + popd +} + +set -euxo pipefail + +STAGING_DIR=target/staging +main \ No newline at end of file diff --git a/pom.xml b/pom.xml index 6cc1489ea7..0390571660 100644 --- a/pom.xml +++ b/pom.xml @@ -44,7 +44,7 @@ 17 UTF-8 - 4.5.0 + 4.5.2 5.1 3.7.1 @@ -55,10 +55,10 @@ Kaur Palang - 4.5.0 + 4.5.2 A sample Mirth plugin to showcase my Maven plugin. - Sample Plugin - sampleplugin + SSL Manager + ssl-manager www.yourpage.com ${project.version} @@ -108,17 +108,6 @@ ${project.parent.artifactId}-${project.artifactId} - - - - org.bsc.maven diff --git a/server/pom.xml b/server/pom.xml index ac8489c818..21bed44ae8 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -45,5 +45,26 @@ ${javax-servlet.version} provided + + + com.mirth.connect.plugins + http-server + ${mirth.version} + provided + + + + com.mirth.connect + donkey-model + ${mirth.version} + provided + + + + org.apache.httpcomponents + httpclient + 4.5.13 + provided + diff --git a/server/src/main/java/com/kaurpalang/mirthpluginsample/server/servlet/MyPluginServlet.java b/server/src/main/java/com/kaurpalang/mirthpluginsample/server/servlet/MyPluginServlet.java deleted file mode 100644 index d6cad27f14..0000000000 --- a/server/src/main/java/com/kaurpalang/mirthpluginsample/server/servlet/MyPluginServlet.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 2021 Kaur Palang - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.kaurpalang.mirthpluginsample.server.servlet; - -import com.kaurpalang.mirth.annotationsplugin.annotation.MirthApiProvider; -import com.kaurpalang.mirth.annotationsplugin.type.ApiProviderType; -import com.kaurpalang.mirthpluginsample.shared.MyConstants; -import com.kaurpalang.mirthpluginsample.shared.interfaces.MyServletInterface; -import com.kaurpalang.mirthpluginsample.shared.model.MyInfoObject; -import com.mirth.connect.server.api.MirthServlet; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.SecurityContext; - -@MirthApiProvider(type = ApiProviderType.SERVER_CLASS) -public class MyPluginServlet extends MirthServlet implements MyServletInterface { - - public MyPluginServlet(@Context HttpServletRequest request, @Context SecurityContext sc) { - super(request, sc, MyConstants.PLUGIN_POINTNAME); - } - - @Override - public MyInfoObject getSomething(String identifier) { - String data = String.format("<%s> Some important informations", identifier); - return new MyInfoObject(data); - } -} diff --git a/shared/pom.xml b/shared/pom.xml index 5d9deb4f3d..bf9d5211c3 100644 --- a/shared/pom.xml +++ b/shared/pom.xml @@ -49,6 +49,12 @@ javax.ws.rs-api ${javax.version} + + + com.mirth.connect.plugins + http-shared + ${mirth.version} + shared diff --git a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyConstants.java b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyConstants.java index a61127e95e..ed7ed6633f 100644 --- a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyConstants.java +++ b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyConstants.java @@ -17,9 +17,9 @@ package com.kaurpalang.mirthpluginsample.shared; public final class MyConstants { - public static final String PLUGIN_POINTNAME = "Awesome Plugin"; + public static final String PLUGIN_POINTNAME = "SSL Manager"; - public static final String SETTINGS_TABNAME_MAIN = "MyPlugin Settings"; + public static final String SETTINGS_TABNAME_MAIN = "SSL Settings"; private MyConstants() {} } diff --git a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyPermissions.java b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyPermissions.java deleted file mode 100644 index 6342af8dd0..0000000000 --- a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyPermissions.java +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright 2021 Kaur Palang - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.kaurpalang.mirthpluginsample.shared; - -public final class MyPermissions { - - public static final String GETSTH = "myplugin_permission_getsth"; - - public MyPermissions() {} -} diff --git a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/interfaces/MyServletInterface.java b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/interfaces/MyServletInterface.java deleted file mode 100644 index f5b997c370..0000000000 --- a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/interfaces/MyServletInterface.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright 2021 Kaur Palang - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.kaurpalang.mirthpluginsample.shared.interfaces; - -import com.kaurpalang.mirth.annotationsplugin.annotation.MirthApiProvider; -import com.kaurpalang.mirth.annotationsplugin.type.ApiProviderType; -import com.kaurpalang.mirthpluginsample.shared.MyPermissions; -import com.kaurpalang.mirthpluginsample.shared.model.MyInfoObject; -import com.mirth.connect.client.core.ClientException; -import com.mirth.connect.client.core.api.BaseServletInterface; -import com.mirth.connect.client.core.api.MirthOperation; -import com.mirth.connect.client.core.api.Param; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Content; -import io.swagger.v3.oas.annotations.media.Schema; -import io.swagger.v3.oas.annotations.responses.ApiResponse; -import io.swagger.v3.oas.annotations.tags.Tag; - -import javax.ws.rs.*; -import javax.ws.rs.core.MediaType; - -@Path("/myplugin") -@Tag(name = "MyPlugin operations") -@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) -@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) -@MirthApiProvider(type = ApiProviderType.SERVLET_INTERFACE) -public interface MyServletInterface extends BaseServletInterface { - - @GET - @Path("/getsomething") - @Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON }) - @ApiResponse(responseCode = "200", description = "Found the information", - content = { - @Content(mediaType = MediaType.APPLICATION_JSON, schema = @Schema(implementation = MyInfoObject.class)), - @Content(mediaType = MediaType.APPLICATION_XML, schema = @Schema(implementation = MyInfoObject.class)) - }) - @MirthOperation( - name = "getSomething", - display = "Get important information", - permission = MyPermissions.GETSTH - ) - MyInfoObject getSomething( - @Param("identifier") @Parameter(description = "The identifier of our important information to retrieve.", required = true) @QueryParam("identifier") String identifier) - throws ClientException; -} diff --git a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/model/MyInfoObject.java b/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/model/MyInfoObject.java deleted file mode 100644 index 1a4c3f7aff..0000000000 --- a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/model/MyInfoObject.java +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright 2021 Kaur Palang - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.kaurpalang.mirthpluginsample.shared.model; - -import lombok.AllArgsConstructor; -import lombok.Getter; -import lombok.Setter; - -@AllArgsConstructor -public class MyInfoObject { - @Getter @Setter private String data; -} From 59c86e4ba4f00d23c85164cf007dc747000cbcd1 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 19 Aug 2025 17:26:49 +0300 Subject: [PATCH 003/360] Improve README.md and add compose.yaml --- README.md | 56 +++++++++++++++++++------------------- docker/compose.yaml | 59 +++++++++++++++++++++++++++++++++++++++++ docker/custom.vmoptions | 1 + docker/cycle | 5 ++++ 4 files changed, 92 insertions(+), 29 deletions(-) create mode 100644 docker/compose.yaml create mode 100644 docker/custom.vmoptions create mode 100755 docker/cycle diff --git a/README.md b/README.md index 208531ba5e..3942cb74e1 100644 --- a/README.md +++ b/README.md @@ -1,37 +1,35 @@ -# A sample NextGen connect Plugin project +# SSL Manager plugin for Open Integration Engine -A sample [NextGen Connect](https://github.com/nextgenhealthcare/connect) plugin. +## Preparation -This repository is used in [this guide on writing Mirth plugins](https://github.com/kpalang/mirth-plugin-guide). +1. Install the tooling + - We suggest using [sdkman](https://sdkman.io/). Then run `sdk env install` + - Or install manually + - [Install Java](https://www.javatpoint.com/javafx-how-to-install-java) + - [Install Maven](https://www.javatpoint.com/how-to-install-maven) -## Installation -1. [Install Java](https://www.javatpoint.com/javafx-how-to-install-java) -2. [Install Maven](https://www.javatpoint.com/how-to-install-maven) -3. Run `git clone https://github.com/kpalang/mirth-sample-plugin` -4. Navigate to `mirth-sample-plugin/` -5. Run `./build.sh` to verify the build works -6. Try to install the sample plugin by getting the `sampleplugin.zip` archive from your project root ---- +2. Generate a self-signed certificate for a random domain name and convert it into a `.p12` keystore. We are using `yourdomain.com`. + ```sh + openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout yourdomain.com.key -out yourdomain.com.crt -subj "/CN=yourdomain.com" + + keytool -importcert \ + -alias myserver \ + -file yourdomain.com.crt \ + -keystore truststore.p12 \ + -storetype PKCS12 \ + -storepass changeit \ + -noprompt + ``` -## Usage +3. Move the three files (`.crt`, `.key`, `.p12`) into `docker/certs/`. -> [!TIP] -> This repository is best used as a template by clicking the green "Use this template" button in the top right corner. -> Using as a template makes your repository not pick up the changes in the base repo thus avoiding file mismatches. +## Compilation -**This repository showcases use of [mirth-plugin-maven-plugin-kt](https://github.com/kpalang/mirth-plugin-maven-plugin-kt) to generate `plugin.xml` file!** +Run `./build.sh`. -- Any external libraries that you might want to use in the plugin at runtime, go into `libs/runtime/{type}` -- Any external libraries that you might want to use at compiletime, go into `libs/compiletime/{type}` +## Testing -### You can choose between two methods when signing your plugin jarfiles -#### Method 1 - maven-jarsigner-plugin in `pom.xml` -Using the `maven-jarsigner-plugin` requires you uncomment this section [here](./pom.xml:122). -Additionally, you must comment out or remove the [Method 2 section](./build.sh:63) in `build.sh` - -#### Method 2 - external script -When using external signing, leave the [section](./pom.xml:122) in `pom.xml` commented or delete -it and comment out or remove the [Method 1 section](./build.sh:52) in `build.sh` - ---- -# Pull requests are always welcome +Start the `docker/compose.yaml`. +```sh +docker compose up -d +``` \ No newline at end of file diff --git a/docker/compose.yaml b/docker/compose.yaml new file mode 100644 index 0000000000..0b0d27548b --- /dev/null +++ b/docker/compose.yaml @@ -0,0 +1,59 @@ +name: ssl-manager + +services: + caddy: + image: caddy:latest + restart: unless-stopped + ports: + - "9080:80/tcp" + - "9443:443/tcp" + networks: + default: + aliases: + - yourdomain.com + configs: + - source: caddyfile + target: /etc/caddy/Caddyfile + volumes: + - ./certs:/certs:ro + + oie: + image: openintegrationengine/engine:latest + environment: + - DATABASE=postgres + - DATABASE_URL=jdbc:postgresql://db:5432/oie + - DATABASE_MAX_CONNECTIONS=20 + - DATABASE_USERNAME=oieuser + - DATABASE_PASSWORD=oieuserpw + - KEYSTORE_STOREPASS=docker_storepass + - KEYSTORE_KEYPASS=docker_keypass + ports: + - "8443:8443/tcp" + - "5005:5005/tcp" + volumes: + - ./custom-extensions:/opt/engine/custom-extensions + - ./custom.vmoptions:/opt/engine/conf/custom.vmoptions:ro + - ./certs:/certs:ro + depends_on: + - db + + db: + image: postgres:17-alpine + ports: + - "5432:5432/tcp" + environment: + - POSTGRES_USER=oieuser + - POSTGRES_PASSWORD=oieuserpw + - POSTGRES_DB=oie + volumes: + - ${PWD}/pgdata:/var/lib/postgresql/data + +configs: + caddyfile: + content: | + https://yourdomain.com { + tls /certs/yourdomain.com.crt /certs/yourdomain.com.key + + # Simple endpoint to prove it works + respond "Hello from Caddy over self-signed TLS 👋" 200 + } diff --git a/docker/custom.vmoptions b/docker/custom.vmoptions new file mode 100644 index 0000000000..d6b3248518 --- /dev/null +++ b/docker/custom.vmoptions @@ -0,0 +1 @@ +-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 diff --git a/docker/cycle b/docker/cycle new file mode 100755 index 0000000000..8859d4495c --- /dev/null +++ b/docker/cycle @@ -0,0 +1,5 @@ +#!/bin/sh + +docker compose down +docker compose up -d +docker compose logs -f oie \ No newline at end of file From e5c5555e91cef607acb14ee396fb6d7478a54e5f Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 19 Aug 2025 20:19:18 +0300 Subject: [PATCH 004/360] Rename packages --- client/pom.xml | 6 +++--- pom.xml | 10 +++++----- server/pom.xml | 6 +++--- shared/pom.xml | 4 ++-- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/client/pom.xml b/client/pom.xml index be08bb76b8..bf487fa2cc 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -21,8 +21,8 @@ 4.0.0 - com.kaurpalang - mirthpluginsample + org.openintegrationengine + sslmanager 1.0-SNAPSHOT @@ -42,7 +42,7 @@ - com.kaurpalang + org.openintegrationengine shared ${project.version} diff --git a/pom.xml b/pom.xml index 0390571660..51bd577f9d 100644 --- a/pom.xml +++ b/pom.xml @@ -20,8 +20,8 @@ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 4.0.0 - com.kaurpalang - mirthpluginsample + org.openintegrationengine + sslmanager 1.0-SNAPSHOT pom @@ -54,12 +54,12 @@ 3.7.4 - Kaur Palang + OpenIntegrationEngine 4.5.2 - A sample Mirth plugin to showcase my Maven plugin. + SSL Management made easy SSL Manager ssl-manager - www.yourpage.com + https://openintegrationengine.com ${project.version} diff --git a/server/pom.xml b/server/pom.xml index 21bed44ae8..de0bb5e269 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -21,8 +21,8 @@ 4.0.0 - com.kaurpalang - mirthpluginsample + org.openintegrationengine + sslmanager 1.0-SNAPSHOT @@ -34,7 +34,7 @@ - com.kaurpalang + org.openintegrationengine shared ${project.version} diff --git a/shared/pom.xml b/shared/pom.xml index bf9d5211c3..923d3e441a 100644 --- a/shared/pom.xml +++ b/shared/pom.xml @@ -21,8 +21,8 @@ 4.0.0 - com.kaurpalang - mirthpluginsample + org.openintegrationengine + sslmanager 1.0-SNAPSHOT From aee95e6c7ddfcb6762e23c3d27ac227a6b2772d4 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 26 Aug 2025 12:10:20 +0300 Subject: [PATCH 005/360] Package name refactor --- .../sslmanager}/client/MySettingsPlugin.java | 8 +-- .../client/panel/MainSettingsPanel.java | 6 +-- .../sslmanager/server/SSLServicePlugin.java} | 50 +++++++++++-------- .../shared/SSLPluginConstants.java} | 8 +-- 4 files changed, 41 insertions(+), 31 deletions(-) rename client/src/main/java/{com/kaurpalang/mirthpluginsample => org/openintegrationengine/sslmanager}/client/MySettingsPlugin.java (84%) rename client/src/main/java/{com/kaurpalang/mirthpluginsample => org/openintegrationengine/sslmanager}/client/panel/MainSettingsPanel.java (95%) rename server/src/main/java/{com/kaurpalang/mirthpluginsample/server/MyServicePlugin.java => org/openintegrationengine/sslmanager/server/SSLServicePlugin.java} (54%) rename shared/src/main/java/{com/kaurpalang/mirthpluginsample/shared/MyConstants.java => org/openintegrationengine/sslmanager/shared/SSLPluginConstants.java} (78%) diff --git a/client/src/main/java/com/kaurpalang/mirthpluginsample/client/MySettingsPlugin.java b/client/src/main/java/org/openintegrationengine/sslmanager/client/MySettingsPlugin.java similarity index 84% rename from client/src/main/java/com/kaurpalang/mirthpluginsample/client/MySettingsPlugin.java rename to client/src/main/java/org/openintegrationengine/sslmanager/client/MySettingsPlugin.java index 4d6bdb5b7f..38b36a6b70 100644 --- a/client/src/main/java/com/kaurpalang/mirthpluginsample/client/MySettingsPlugin.java +++ b/client/src/main/java/org/openintegrationengine/sslmanager/client/MySettingsPlugin.java @@ -14,11 +14,11 @@ * limitations under the License. */ -package com.kaurpalang.mirthpluginsample.client; +package org.openintegrationengine.sslmanager.client; import com.kaurpalang.mirth.annotationsplugin.annotation.MirthClientClass; -import com.kaurpalang.mirthpluginsample.client.panel.MainSettingsPanel; -import com.kaurpalang.mirthpluginsample.shared.MyConstants; +import org.openintegrationengine.sslmanager.client.panel.MainSettingsPanel; +import org.openintegrationengine.sslmanager.shared.SSLPluginConstants; import com.mirth.connect.client.ui.AbstractSettingsPanel; import com.mirth.connect.plugins.SettingsPanelPlugin; @@ -38,7 +38,7 @@ public AbstractSettingsPanel getSettingsPanel() { @Override public String getPluginPointName() { - return MyConstants.PLUGIN_POINTNAME; + return SSLPluginConstants.PLUGIN_POINTNAME; } @Override diff --git a/client/src/main/java/com/kaurpalang/mirthpluginsample/client/panel/MainSettingsPanel.java b/client/src/main/java/org/openintegrationengine/sslmanager/client/panel/MainSettingsPanel.java similarity index 95% rename from client/src/main/java/com/kaurpalang/mirthpluginsample/client/panel/MainSettingsPanel.java rename to client/src/main/java/org/openintegrationengine/sslmanager/client/panel/MainSettingsPanel.java index a76456f3f6..c942795685 100644 --- a/client/src/main/java/com/kaurpalang/mirthpluginsample/client/panel/MainSettingsPanel.java +++ b/client/src/main/java/org/openintegrationengine/sslmanager/client/panel/MainSettingsPanel.java @@ -14,9 +14,9 @@ * limitations under the License. */ -package com.kaurpalang.mirthpluginsample.client.panel; +package org.openintegrationengine.sslmanager.client.panel; -import com.kaurpalang.mirthpluginsample.shared.MyConstants; +import org.openintegrationengine.sslmanager.shared.SSLPluginConstants; import com.mirth.connect.client.ui.AbstractSettingsPanel; import com.mirth.connect.client.ui.components.MirthCheckBox; import com.mirth.connect.client.ui.components.MirthPasswordField; @@ -45,7 +45,7 @@ public class MainSettingsPanel extends AbstractSettingsPanel { public MainSettingsPanel() { // The name of our tab in the Settings menu - super(MyConstants.SETTINGS_TABNAME_MAIN); + super(SSLPluginConstants.SETTINGS_TABNAME_MAIN); initComponents(); } diff --git a/server/src/main/java/com/kaurpalang/mirthpluginsample/server/MyServicePlugin.java b/server/src/main/java/org/openintegrationengine/sslmanager/server/SSLServicePlugin.java similarity index 54% rename from server/src/main/java/com/kaurpalang/mirthpluginsample/server/MyServicePlugin.java rename to server/src/main/java/org/openintegrationengine/sslmanager/server/SSLServicePlugin.java index 13b4e51f4b..14e7a57889 100644 --- a/server/src/main/java/com/kaurpalang/mirthpluginsample/server/MyServicePlugin.java +++ b/server/src/main/java/org/openintegrationengine/sslmanager/server/SSLServicePlugin.java @@ -14,26 +14,40 @@ * limitations under the License. */ -package com.kaurpalang.mirthpluginsample.server; +package org.openintegrationengine.sslmanager.server; import com.kaurpalang.mirth.annotationsplugin.annotation.MirthServerClass; -import com.kaurpalang.mirthpluginsample.shared.MyConstants; -import com.kaurpalang.mirthpluginsample.shared.MyPermissions; -import com.kaurpalang.mirthpluginsample.shared.interfaces.MyServletInterface; -import com.mirth.connect.client.core.api.util.OperationUtil; +import lombok.Getter; +import org.openintegrationengine.sslmanager.server.connectorconfig.TLSHttpConfiguration; +import org.openintegrationengine.sslmanager.shared.SSLPluginConstants; import com.mirth.connect.model.ExtensionPermission; import com.mirth.connect.plugins.ServicePlugin; +import com.mirth.connect.server.controllers.ConfigurationController; +import com.mirth.connect.server.controllers.ControllerFactory; import java.util.HashMap; import java.util.Map; import java.util.Properties; @MirthServerClass -public class MyServicePlugin implements ServicePlugin { +public class SSLServicePlugin implements ServicePlugin { + + private ConfigurationController configurationController; + + @Getter + private CertificateService certificateService; @Override public void init(Properties properties) { - System.out.println("Hello world from init!"); + this.configurationController = ControllerFactory.getFactory().createConfigurationController(); + + this.certificateService = new CertificateService(); + + configurationController.saveProperty( + "HTTP", + "httpConfigurationClass", + TLSHttpConfiguration.class.getCanonicalName() + ); } @Override @@ -43,19 +57,15 @@ public void update(Properties properties) { @Override public Properties getDefaultProperties() { - return new Properties(); + var defaultProperties = new Properties(); + defaultProperties.setProperty(SSLPluginConstants.PROPERTY_TRUST_BACKEND, "database"); + + return defaultProperties; } @Override public ExtensionPermission[] getExtensionPermissions() { - ExtensionPermission getPermission = new ExtensionPermission ( - MyConstants.PLUGIN_POINTNAME, - MyPermissions.GETSTH, - "Allows getting important information from our plugin", - OperationUtil.getOperationNamesForPermission(MyPermissions.GETSTH, MyServletInterface.class), new String[] {} - ); - - return new ExtensionPermission[] {getPermission}; + return new ExtensionPermission[]{}; } @Override @@ -65,16 +75,14 @@ public Map getObjectsForSwaggerExamples() { @Override public String getPluginPointName() { - return MyConstants.PLUGIN_POINTNAME; + return SSLPluginConstants.PLUGIN_POINTNAME; } @Override public void start() { - System.out.println("Hello world from start!"); + this.certificateService.init(); } @Override - public void stop() { - System.out.println("Good bye world!"); - } + public void stop() { } } diff --git a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyConstants.java b/shared/src/main/java/org/openintegrationengine/sslmanager/shared/SSLPluginConstants.java similarity index 78% rename from shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyConstants.java rename to shared/src/main/java/org/openintegrationengine/sslmanager/shared/SSLPluginConstants.java index ed7ed6633f..60a24b1f34 100644 --- a/shared/src/main/java/com/kaurpalang/mirthpluginsample/shared/MyConstants.java +++ b/shared/src/main/java/org/openintegrationengine/sslmanager/shared/SSLPluginConstants.java @@ -14,12 +14,14 @@ * limitations under the License. */ -package com.kaurpalang.mirthpluginsample.shared; +package org.openintegrationengine.sslmanager.shared; -public final class MyConstants { +public final class SSLPluginConstants { public static final String PLUGIN_POINTNAME = "SSL Manager"; public static final String SETTINGS_TABNAME_MAIN = "SSL Settings"; - private MyConstants() {} + public static final String PROPERTY_TRUST_BACKEND = "trust.backend"; + + private SSLPluginConstants() {} } From 8cfb5cb04c7f8f2a4b2ed7f8bd0982758c0e6863 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 26 Aug 2025 12:11:09 +0300 Subject: [PATCH 006/360] Add first pluggable backends --- .../backend/DatabaseTrustStoreBackend.java | 29 ++++++++++++ .../server/backend/FileTrustStoreBackend.java | 35 ++++++++++++++ .../backend/SystemTrustStoreBackend.java | 47 +++++++++++++++++++ .../server/backend/TrustStoreBackend.java | 7 +++ 4 files changed, 118 insertions(+) create mode 100644 server/src/main/java/org/openintegrationengine/sslmanager/server/backend/DatabaseTrustStoreBackend.java create mode 100644 server/src/main/java/org/openintegrationengine/sslmanager/server/backend/FileTrustStoreBackend.java create mode 100644 server/src/main/java/org/openintegrationengine/sslmanager/server/backend/SystemTrustStoreBackend.java create mode 100644 server/src/main/java/org/openintegrationengine/sslmanager/server/backend/TrustStoreBackend.java diff --git a/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/DatabaseTrustStoreBackend.java b/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/DatabaseTrustStoreBackend.java new file mode 100644 index 0000000000..a23ce3e995 --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/DatabaseTrustStoreBackend.java @@ -0,0 +1,29 @@ +package org.openintegrationengine.sslmanager.server.backend; + +import com.mirth.connect.server.controllers.ConfigurationController; +import com.mirth.connect.server.controllers.ControllerFactory; +import org.openintegrationengine.sslmanager.shared.SSLPluginConstants; + +import java.util.Base64; + +public class DatabaseTrustStoreBackend implements TrustStoreBackend { + + private ConfigurationController configurationController; + + public DatabaseTrustStoreBackend() { + this.configurationController = ControllerFactory.getFactory().createConfigurationController(); + } + + @Override + public boolean persist(byte[] keystore) { + Base64.Encoder encoder = Base64.getEncoder(); + var b64Keystore = encoder.encodeToString(keystore); + configurationController.saveProperty(SSLPluginConstants.PLUGIN_POINTNAME, "additionalKeystore", b64Keystore); + return false; + } + + @Override + public byte[] load() { + return new byte[0]; + } +} diff --git a/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/FileTrustStoreBackend.java b/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/FileTrustStoreBackend.java new file mode 100644 index 0000000000..ceba622251 --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/FileTrustStoreBackend.java @@ -0,0 +1,35 @@ +package org.openintegrationengine.sslmanager.server.backend; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.nio.file.StandardOpenOption; + +public class FileTrustStoreBackend implements TrustStoreBackend { + + private final Path keystorePath; + + public FileTrustStoreBackend(String keystorePath) { + this.keystorePath = Paths.get(keystorePath); + } + + @Override + public boolean persist(byte[] keystore) { + try { + Files.write(keystorePath, keystore, StandardOpenOption.TRUNCATE_EXISTING); + return true; + } catch (IOException e) { + throw new RuntimeException(e); + } + } + + @Override + public byte[] load() { + try { + return Files.readAllBytes(keystorePath); + } catch (IOException e) { + throw new RuntimeException(e); + } + } +} diff --git a/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/SystemTrustStoreBackend.java b/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/SystemTrustStoreBackend.java new file mode 100644 index 0000000000..7bed5f2039 --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/SystemTrustStoreBackend.java @@ -0,0 +1,47 @@ +package org.openintegrationengine.sslmanager.server.backend; + +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; + +public final class SystemTrustStoreBackend implements TrustStoreBackend { + + @Override + public boolean persist(byte[] keystore) { + throw new UnsupportedOperationException("Persisting to system cacerts is not supported"); + } + + @Override + public byte[] load() { + try { + return Files.readAllBytes(resolveTrustStorePath()); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + + private static Path resolveTrustStorePath() { + // 1) If javax.net.ssl.trustStore is set, prefer it + var prop = System.getProperty("javax.net.ssl.trustStore"); + if (prop != null && !"NONE".equalsIgnoreCase(prop)) { + var p = Paths.get(prop); + if (Files.exists(p)) return p; + } + + // 2) Fallback to $JAVA_HOME/lib/security/jssecacerts or cacerts + var secDir = Paths.get(System.getProperty("java.home"), "lib", "security"); + var jsse = secDir.resolve("jssecacerts"); + if (Files.exists(jsse)) return jsse; + + var cacerts = secDir.resolve("cacerts"); + if (Files.exists(cacerts)) return cacerts; + + throw new IllegalStateException("Could not locate system truststore (jssecacerts/cacerts)."); + } + + public static char[] resolvePassword() { + var pwd = System.getProperty("javax.net.ssl.trustStorePassword", "changeit"); + return pwd.toCharArray(); + } +} diff --git a/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/TrustStoreBackend.java b/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/TrustStoreBackend.java new file mode 100644 index 0000000000..50f9a99f36 --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/sslmanager/server/backend/TrustStoreBackend.java @@ -0,0 +1,7 @@ +package org.openintegrationengine.sslmanager.server.backend; + +public interface TrustStoreBackend { + boolean persist(byte[] keystore); + + byte[] load(); +} From bc0b8d55b2a10c9c482d0facb40df4b588a76e56 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 26 Aug 2025 12:11:34 +0300 Subject: [PATCH 007/360] Add HTTP Sender TLS capability --- .../sslmanager/server/CertificateService.java | 100 ++++++++++++++++++ .../connectorconfig/TLSHttpConfiguration.java | 50 +++++++++ 2 files changed, 150 insertions(+) create mode 100644 server/src/main/java/org/openintegrationengine/sslmanager/server/CertificateService.java create mode 100644 server/src/main/java/org/openintegrationengine/sslmanager/server/connectorconfig/TLSHttpConfiguration.java diff --git a/server/src/main/java/org/openintegrationengine/sslmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/sslmanager/server/CertificateService.java new file mode 100644 index 0000000000..9cb0aa6cac --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/sslmanager/server/CertificateService.java @@ -0,0 +1,100 @@ +package org.openintegrationengine.sslmanager.server; + +import lombok.Getter; +import org.openintegrationengine.sslmanager.server.backend.FileTrustStoreBackend; +import org.openintegrationengine.sslmanager.server.backend.SystemTrustStoreBackend; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.util.Collections; + +public final class CertificateService { + + @Getter + private static CertificateService instance = new CertificateService(); + + @Getter + private KeyStore systemTrustStore; + + @Getter + private KeyStore additionalTrustStore; + + @Getter + private KeyStore mergedTruststore; + + void init() { + byte[] cacerts = new SystemTrustStoreBackend().load(); + byte[] additional = new FileTrustStoreBackend( + "/certs/truststore.p12" + ).load(); + + try { + systemTrustStore = KeyStore.getInstance(KeyStore.getDefaultType()); + additionalTrustStore = KeyStore.getInstance("PKCS12"); + } catch (KeyStoreException e) { + throw new RuntimeException(e); + } + + loadKeyStore(systemTrustStore, cacerts, SystemTrustStoreBackend.resolvePassword()); + loadKeyStore(additionalTrustStore, additional, "changeit".toCharArray()); + + try { + mergedTruststore = mergeKeystores(systemTrustStore, additionalTrustStore); + } catch (KeyStoreException e) { + throw new RuntimeException(e); + } + } + + private void loadKeyStore(KeyStore keystore, byte[] bytes, char[] password) { + try { + try (var bais = new ByteArrayInputStream(bytes)) { + keystore.load(bais, password); + } + } catch (IOException | NoSuchAlgorithmException | CertificateException e) { + throw new RuntimeException(e); + } + } + + private KeyStore mergeKeystores(KeyStore base, KeyStore toMerge) throws KeyStoreException { + var mergedKeystore = KeyStore.getInstance("PKCS12"); + try { + mergedKeystore.load(null, null); + } catch (IOException | NoSuchAlgorithmException | CertificateException e) { + // TODO Fix exception handling + throw new RuntimeException(e); + } + + Collections + .list(base.aliases()) + .forEach(alias -> { + try { + if (base.isCertificateEntry(alias)) { + mergedKeystore.setCertificateEntry(alias, base.getCertificate(alias)); + } + } catch (KeyStoreException e) { + throw new RuntimeException(e); + } + }); + + Collections + .list(toMerge.aliases()) + .forEach(alias -> { + try { + if (toMerge.isCertificateEntry(alias)) { + mergedKeystore.setCertificateEntry( + "merged-%s".formatted(alias), + toMerge.getCertificate(alias) + ); + } + } catch (KeyStoreException e) { + throw new RuntimeException(e); + } + }); + + return mergedKeystore; + } +} diff --git a/server/src/main/java/org/openintegrationengine/sslmanager/server/connectorconfig/TLSHttpConfiguration.java b/server/src/main/java/org/openintegrationengine/sslmanager/server/connectorconfig/TLSHttpConfiguration.java new file mode 100644 index 0000000000..fe3e14932c --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/sslmanager/server/connectorconfig/TLSHttpConfiguration.java @@ -0,0 +1,50 @@ +package org.openintegrationengine.sslmanager.server.connectorconfig; + +import com.mirth.connect.connectors.http.DefaultHttpConfiguration; +import com.mirth.connect.connectors.http.HttpDispatcher; +import com.mirth.connect.connectors.http.HttpDispatcherProperties; +import com.mirth.connect.donkey.model.channel.ConnectorPluginProperties; +import com.mirth.connect.server.controllers.ConfigurationController; +import com.mirth.connect.server.controllers.ControllerFactory; +import com.mirth.connect.util.MirthSSLUtil; +import org.apache.http.config.RegistryBuilder; +import org.apache.http.conn.socket.ConnectionSocketFactory; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.ssl.SSLContexts; +import org.openintegrationengine.sslmanager.server.CertificateService; + +public class TLSHttpConfiguration extends DefaultHttpConfiguration { + + private final CertificateService certificateService; + private final ConfigurationController configurationController; + + public TLSHttpConfiguration() { + this.configurationController = ControllerFactory.getFactory().createConfigurationController(); + this.certificateService = CertificateService.getInstance(); + } + + @Override + public void configureDispatcher(HttpDispatcher connector, HttpDispatcherProperties connectorProperties) {} + + @Override + public void configureSocketFactoryRegistry(ConnectorPluginProperties properties, RegistryBuilder registry) throws Exception { + String[] enabledProtocols = MirthSSLUtil.getEnabledHttpsProtocols(configurationController.getHttpsClientProtocols()); + String[] enabledCipherSuites = MirthSSLUtil.getEnabledHttpsCipherSuites(configurationController.getHttpsCipherSuites()); + + var mergedTruststore = certificateService.getMergedTruststore(); + + var sslContext = SSLContexts + .custom() + .loadTrustMaterial(mergedTruststore, null) + .build(); + + var sslSocketFactory = new SSLConnectionSocketFactory( + sslContext, + enabledProtocols, + enabledCipherSuites, + SSLConnectionSocketFactory.getDefaultHostnameVerifier() + ); + + registry.register("https", sslSocketFactory); + } +} From 46449fe126dafa361ab9a1da36083e9e34fca6df Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 26 Aug 2025 12:12:02 +0300 Subject: [PATCH 008/360] Helper script to cycle OIE container --- docker/cycleOie | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 docker/cycleOie diff --git a/docker/cycleOie b/docker/cycleOie new file mode 100644 index 0000000000..c1038b2d1b --- /dev/null +++ b/docker/cycleOie @@ -0,0 +1,5 @@ +#!/bin/sh + +docker compose down oie +docker compose up -d oie +docker compose logs -f oie From c78b078277e865a7a3ed17e033119dfa6923c83b Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 15 Sep 2025 12:57:46 +0300 Subject: [PATCH 009/360] A bunch of functional advancements --- README.md | 9 +- client/pom.xml | 32 +- .../client/MySettingsPlugin.java | 11 +- .../client/TLSConnectorPropertiesPlugin.java | 67 ++++ .../client/dialog/ItemPickerDialog.java | 353 ++++++++++++++++++ .../client/dialog/ItemPickerState.java | 27 ++ .../HTTPSenderConnectorPropertiesPanel.java | 311 +++++++++++++++ .../client/panel/MainSettingsPanel.java | 20 +- docker/compose.yaml | 3 +- docker/cycleOie | 0 pom.xml | 31 +- requests.http | 27 ++ server/pom.xml | 22 +- .../backend/DatabaseTrustStoreBackend.java | 29 -- .../server/backend/TrustStoreBackend.java | 7 - .../connectorconfig/TLSHttpConfiguration.java | 50 --- .../server/CertificateService.java | 39 +- .../server/TLSServicePlugin.java} | 19 +- .../backend/DatabaseTrustStoreBackend.java | 52 +++ .../server/backend/FileTrustStoreBackend.java | 23 +- .../backend/SystemTrustStoreBackend.java | 29 +- .../server/backend/TrustStoreBackend.java | 25 ++ .../connectorconfig/TLSHttpConfiguration.java | 109 ++++++ .../server/servlets/TLSServlet.java | 85 +++++ shared/pom.xml | 17 +- .../shared/SerializationController.java | 39 ++ .../shared/TLSPluginConstants.java} | 12 +- .../shared/models/DefaultableList.java | 24 ++ .../properties/HttpConnectorProperties.java | 116 ++++++ .../TLSHttpDispatcherProperties.java | 77 ++++ .../shared/servlet/TLSServletInterface.java | 100 +++++ 31 files changed, 1612 insertions(+), 153 deletions(-) rename client/src/main/java/org/openintegrationengine/{sslmanager => tlsmanager}/client/MySettingsPlugin.java (80%) create mode 100644 client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java create mode 100644 client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java create mode 100644 client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerState.java create mode 100644 client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java rename client/src/main/java/org/openintegrationengine/{sslmanager => tlsmanager}/client/panel/MainSettingsPanel.java (90%) mode change 100644 => 100755 docker/cycleOie create mode 100644 requests.http delete mode 100644 server/src/main/java/org/openintegrationengine/sslmanager/server/backend/DatabaseTrustStoreBackend.java delete mode 100644 server/src/main/java/org/openintegrationengine/sslmanager/server/backend/TrustStoreBackend.java delete mode 100644 server/src/main/java/org/openintegrationengine/sslmanager/server/connectorconfig/TLSHttpConfiguration.java rename server/src/main/java/org/openintegrationengine/{sslmanager => tlsmanager}/server/CertificateService.java (68%) rename server/src/main/java/org/openintegrationengine/{sslmanager/server/SSLServicePlugin.java => tlsmanager/server/TLSServicePlugin.java} (79%) create mode 100644 server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java rename server/src/main/java/org/openintegrationengine/{sslmanager => tlsmanager}/server/backend/FileTrustStoreBackend.java (53%) rename server/src/main/java/org/openintegrationengine/{sslmanager => tlsmanager}/server/backend/SystemTrustStoreBackend.java (67%) create mode 100644 server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/TrustStoreBackend.java create mode 100644 server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java create mode 100644 server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java rename shared/src/main/java/org/openintegrationengine/{sslmanager/shared/SSLPluginConstants.java => tlsmanager/shared/TLSPluginConstants.java} (69%) create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/DefaultableList.java create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/HttpConnectorProperties.java create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSHttpDispatcherProperties.java create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java diff --git a/README.md b/README.md index 3942cb74e1..89e60c392c 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# SSL Manager plugin for Open Integration Engine +# TLS Manager plugin for Open Integration Engine ## Preparation @@ -10,7 +10,10 @@ 2. Generate a self-signed certificate for a random domain name and convert it into a `.p12` keystore. We are using `yourdomain.com`. ```sh - openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes -keyout yourdomain.com.key -out yourdomain.com.crt -subj "/CN=yourdomain.com" + openssl req -x509 -newkey rsa:4096 -sha256 -days 365 -nodes \ + -keyout yourdomain.com.key -out yourdomain.com.crt \ + -subj "/CN=localhost" \ + -addext "subjectAltName=DNS:localhost,DNS:yourdomain.com,IP:127.0.0.1" keytool -importcert \ -alias myserver \ @@ -32,4 +35,4 @@ Run `./build.sh`. Start the `docker/compose.yaml`. ```sh docker compose up -d -``` \ No newline at end of file +``` diff --git a/client/pom.xml b/client/pom.xml index bf487fa2cc..c05774d2c2 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -1,6 +1,6 @@ OpenIntegrationEngine 4.5.2 - SSL Management made easy - SSL Manager - ssl-manager + TLS Management made easy + TLS Manager + tls-manager https://openintegrationengine.com ${project.version} @@ -89,18 +90,26 @@ ${mirth-plugin-maven-plugin.version} - - com.mirth.connect - mirth-server - ${mirth.version} - - org.projectlombok lombok ${lombok.version} + compile + + + + org.slf4j + slf4j-api + ${slf4j.version} provided + + + org.junit.jupiter + junit-jupiter-engine + 5.13.4 + test + diff --git a/requests.http b/requests.http new file mode 100644 index 0000000000..ee847c0b1d --- /dev/null +++ b/requests.http @@ -0,0 +1,27 @@ +### +GET https://localhost:8443/api/tlsmanager/importedcertificates +Accept: application/xml +X-Requested-With: IntelliJ +Authorization: Basic admin admin + + +### +GET https://localhost:8443/api/tlsmanager/keystore +Accept: application/octet-stream +X-Requested-With: IntelliJ +Authorization: Basic admin admin + +>> {{$historyFolder}}/keystore.p12 + +### + +POST https://localhost:8443/api/tlsmanager/keystore +Content-Type: application/octet-stream +X-Requested-With: IntelliJ +X-Keystore-Password: yohoo +Authorization: Basic admin admin + +< .sdkmanrc + + + diff --git a/server/pom.xml b/server/pom.xml index de0bb5e269..4af67a9ca3 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -1,6 +1,6 @@ OpenIntegrationEngine @@ -107,7 +109,21 @@ org.junit.jupiter junit-jupiter-engine - 5.13.4 + ${junit.version} + test + + + + org.mockito + mockito-core + ${mockito.version} + test + + + + org.mockito + mockito-junit-jupiter + ${mockito.version} test diff --git a/server/pom.xml b/server/pom.xml index 4af67a9ca3..ddeac78c48 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -80,5 +80,26 @@ 9.4.53.v20231009 provided + + + org.apache.commons + commons-configuration2 + 2.8.0 + test + + + + com.mirth.connect + mirth-crypto + ${mirth.version} + test + + + + org.apache.logging.log4j + log4j-core + 2.17.2 + test + diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index 06ca30a5d3..7f861e5413 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -46,9 +46,11 @@ public class TLSServlet extends MirthServlet implements TLSServletInterface { private CertificateService certificateService; public TLSServlet(@Context HttpServletRequest request, @Context SecurityContext sc) { - super(request, sc, TLSPluginConstants.PLUGIN_POINTNAME); - - this.certificateService = TLSServicePlugin.getPluginInstance().getCertificateService(); + this( + request, + sc, + TLSServicePlugin.getPluginInstance().getCertificateService() + ); } public TLSServlet( diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/CertificateServiceTest.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/CertificateServiceTest.java new file mode 100644 index 0000000000..e37d42b964 --- /dev/null +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/CertificateServiceTest.java @@ -0,0 +1,34 @@ +package org.openintegrationengine.tlsmanager.server; + +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.junit.jupiter.MockitoExtension; +import org.openintegrationengine.tlsmanager.shared.PersistenceMode; +import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; + +import static org.mockito.Mockito.mockStatic; + +@ExtendWith(MockitoExtension.class) +public class CertificateServiceTest { + + private CertificateService certificateService; + + //@BeforeEach + public void setUp() { + certificateService = new CertificateService(null); + } + + //@Test + public void testSetTrustStore() { + try (var system = mockStatic(System.class)) { + system + .when(() -> System.getenv(TLSPluginConstants.ENV_PERSISTENCE_BACKEND)) + .thenReturn(PersistenceMode.DATABASE.toString()); + + certificateService.init(); + + System.out.println(System.getenv(TLSPluginConstants.ENV_PERSISTENCE_BACKEND)); + } + + //certificateService.storeExtraTrustStore(); + } +} From 78ee75c7b36d55bf2b1a46862546d6a60caff2d0 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Sun, 28 Sep 2025 18:37:54 +0300 Subject: [PATCH 048/360] Initial TLS connection testing capability --- .../tlsmanager/server/CertificateService.java | 25 +++++++ .../server/util/ConnectionUtils.java | 69 +++++++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 4ff79cca5f..56daece9c9 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -200,6 +200,31 @@ private PersistenceMode getPersistenceMode() { return persistenceMode; } + /* + TODO + public void testConnection( + String channelId, + String channelName, + HttpConnectorProperties tlsProperties, + HttpDispatcherProperties dispatcherProperties + ) { + try { + var url = new URL( + templateValueReplacer.replaceValues(dispatcherProperties.getHost(), + channelId, + channelName + ) + ); + + int port = url.getPort(); + // If no port was provided, default to port 80 or 443. + return ConnectorUtil.testConnection(url.getHost(), (port == -1) ? (StringUtils.equalsIgnoreCase(url.getProtocol(), "https") ? 443 : 80) : port, TIMEOUT); + } catch (Exception e) { + throw new MirthApiException(e); + } + } + */ + /** * Perform a byte-level clone of a KeyStore object * diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java new file mode 100644 index 0000000000..42ef981a73 --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java @@ -0,0 +1,69 @@ +package org.openintegrationengine.tlsmanager.server.util; + +import com.mirth.connect.util.ConnectionTestResponse; +import org.apache.http.HttpHost; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; + +import javax.net.ssl.SSLSocket; +import java.io.IOException; +import java.net.InetSocketAddress; + +public class ConnectionUtils { + + public static ConnectionTestResponse thing( + SSLConnectionSocketFactory socketFactory, + String host, + int port, + int timeout, + String localAddr, + int localPort + ) throws IOException { + if ( + host == null + || host.isEmpty() + || port <= 0 + || port > 65535 + ) { + return new ConnectionTestResponse(ConnectionTestResponse.Type.FAILURE, "Invalid host or port."); + } + + // TODO Dynamic scheme + var target = new HttpHost(host, port, "https"); + + InetSocketAddress remoteAddress = new InetSocketAddress(target.getHostName(), target.getPort()); + + InetSocketAddress localAddress = null; + if (localAddr != null) { + if ( + localAddr.isEmpty() + || localPort <= 0 + || localPort > 65535 + ) { + return new ConnectionTestResponse(ConnectionTestResponse.Type.FAILURE, "Invalid local host or port."); + } + + localAddress = new InetSocketAddress(localAddr, localPort); + } + + + try ( + var sslSocket = (SSLSocket) socketFactory.connectSocket( + timeout, + null, + target, + remoteAddress, + localAddress, + null + ) + ) { + var connectionInfo = "%s:%d -> %s:%d".formatted( + sslSocket.getLocalAddress().getHostAddress(), + sslSocket.getLocalPort(), + remoteAddress.getAddress().getHostAddress(), + remoteAddress.getPort() + ); + + return new ConnectionTestResponse(ConnectionTestResponse.Type.SUCCESS, "Successfully connected to host: " + connectionInfo, connectionInfo); + } + } +} From 62cb7733d5a1a921584371b2d8a85376cd2c58dc Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Sun, 28 Sep 2025 18:40:24 +0300 Subject: [PATCH 049/360] Set plugin log level to DEBUG --- docker/compose.yaml | 1 + docker/conf/log4j2.properties | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/compose.yaml b/docker/compose.yaml index eda3864308..04c5ac57d2 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -36,6 +36,7 @@ services: - "5005:5005/tcp" - "6001:6001/tcp" volumes: + - ./appdata:/opt/engine/appdata - ./custom-extensions:/opt/engine/custom-extensions - ./conf/log4j2.properties:/opt/engine/conf/log4j2.properties:ro - ./custom.vmoptions:/opt/engine/conf/custom.vmoptions:ro diff --git a/docker/conf/log4j2.properties b/docker/conf/log4j2.properties index aee1fbe1d0..1bdd2b7621 100644 --- a/docker/conf/log4j2.properties +++ b/docker/conf/log4j2.properties @@ -28,7 +28,7 @@ logger.mirth.level = INFO # TLS Manager logger.tls-manager-plugin.name = org.openintegrationengine.tlsmanager -logger.tls-manager-plugin.level = INFO +logger.tls-manager-plugin.level = DEBUG # Mirth Connect server logging logger.donkeyEngineController.name = com.mirth.connect.server.controllers.DonkeyEngineController From de10f51171bf511990a7aea2023df62aa99a7953 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Sun, 28 Sep 2025 18:41:51 +0300 Subject: [PATCH 050/360] Add mTLS validation endpoints to caddy --- docker/compose.yaml | 10 ++++++++++ tools/cert-revocation/minilab.sh | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/docker/compose.yaml b/docker/compose.yaml index 04c5ac57d2..9c137676fc 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -69,3 +69,13 @@ configs: respond "Hai with revoked cert" 200 } + + https://mtls.caddy { + tls /opt/certs/crl/server1.crt /opt/certs/crl/server1.key { + client_auth { + mode require + } + } + + respond "Hai from mtls" 200 + } diff --git a/tools/cert-revocation/minilab.sh b/tools/cert-revocation/minilab.sh index 6dd2cc8b66..6117dfc11e 100755 --- a/tools/cert-revocation/minilab.sh +++ b/tools/cert-revocation/minilab.sh @@ -92,7 +92,7 @@ for n in 1 2; do openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out server${n}.key openssl req -new -key server${n}.key \ -subj "/C=EE/O=Test Org/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,DNS:valid.crl.caddy,DNS:revoked.crl.caddy,IP:127.0.0.1" \ + -addext "subjectAltName=DNS:localhost,DNS:valid.crl.caddy,DNS:revoked.crl.caddy,DNS:mtls.caddy,IP:127.0.0.1" \ -config openssl.cnf -out server${n}.csr done From 5f3cde519913d414b9510fc8aae5af3b4e77a07d Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Sun, 28 Sep 2025 18:45:11 +0300 Subject: [PATCH 051/360] More important testing stuff --- .../tlsmanager/server/MiscTests.java | 178 +++++++++ .../util/MockConfigurationController.java | 337 ++++++++++++++++++ 2 files changed, 515 insertions(+) create mode 100644 server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java create mode 100644 server/src/test/java/org/openintegrationengine/tlsmanager/server/util/MockConfigurationController.java diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java new file mode 100644 index 0000000000..d75c4f76f6 --- /dev/null +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java @@ -0,0 +1,178 @@ +package org.openintegrationengine.tlsmanager.server; + +import com.mirth.connect.connectors.http.HttpDispatcher; +import com.mirth.connect.donkey.server.channel.DestinationConnector; +import com.mirth.connect.util.MirthSSLUtil; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.junit.jupiter.MockitoExtension; +import org.openintegrationengine.tlsmanager.server.backend.FileTrustStoreBackend; +import org.openintegrationengine.tlsmanager.server.backend.SystemTrustStoreBackend; +import org.openintegrationengine.tlsmanager.server.util.ConnectionUtils; +import org.openintegrationengine.tlsmanager.server.util.MockConfigurationController; +import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; +import org.openintegrationengine.tlsmanager.shared.properties.HttpConnectorProperties; + +import javax.net.ssl.SSLHandshakeException; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; + +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.mockito.ArgumentMatchers.anyBoolean; +import static org.mockito.ArgumentMatchers.anySet; +import static org.mockito.ArgumentMatchers.isA; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.mockStatic; +import static org.mockito.Mockito.when; + +@ExtendWith(MockitoExtension.class) +public class MiscTests { + + //@Test + public void asi() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException { + + var configurationController = mock(MockConfigurationController.class); + var certificateService = mock(CertificateService.class); + + var connector = new HttpDispatcher(); + + var trustStoreBackend = new FileTrustStoreBackend("/home/kaurpalang/IdeaProjects/plugin-ssl-manager/docker/certs/truststore.p12"); + var trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); + + try (var bais = new ByteArrayInputStream(trustStoreBackend.load())) { + trustStore.load(bais, trustStoreBackend.loadPassword()); + } + + when( + certificateService.getTrustStoreFromProperties(anyBoolean(), anySet(), isA(DestinationConnector.class)) + ).thenReturn( + trustStore + ); + + when( + configurationController.getHttpsServerProtocols() + ).thenReturn( + protocols() + ); + + when( + configurationController.getHttpsCipherSuites() + ).thenReturn( + cipherSuites() + ); + + var socketFactoryService = new SocketFactoryService( + configurationController, + certificateService + ); + + var connectorProperties = new HttpConnectorProperties(); + connectorProperties.setCrlMode(RevocationMode.DISABLED); + connectorProperties.setOscpMode(RevocationMode.DISABLED); + + try (var mirthSSlUtil = mockStatic(MirthSSLUtil.class)) { + mirthSSlUtil + .when(MirthSSLUtil::getSupportedHttpsProtocols) + .thenReturn(protocols()); + + mirthSSlUtil + .when(MirthSSLUtil::getSupportedHttpsCipherSuites) + .thenReturn(cipherSuites()); + + var socketFactory = socketFactoryService.getChannelSocketFactory(connector, connectorProperties); + + var exception = assertThrows(SSLHandshakeException.class, () -> { + var connectionResult = ConnectionUtils.thing( + socketFactory, + "valid.crl.caddy", + 9443, + 2_000, + null, + 0 + ); + }); + } + } + + //@Test + public void test_SSLHandShakeException() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException { + + var configurationController = mock(MockConfigurationController.class); + var certificateService = mock(CertificateService.class); + var connector = new HttpDispatcher(); + + var trustStoreBackend = new SystemTrustStoreBackend(); + var trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); + + try (var bais = new ByteArrayInputStream(trustStoreBackend.load())) { + trustStore.load(bais, trustStoreBackend.loadPassword()); + } + + when( + certificateService.getTrustStoreFromProperties(anyBoolean(), anySet(), isA(DestinationConnector.class)) + ).thenReturn( + trustStore + ); + + when( + configurationController.getHttpsServerProtocols() + ).thenReturn( + protocols() + ); + + when( + configurationController.getHttpsCipherSuites() + ).thenReturn( + cipherSuites() + ); + + var socketFactoryService = new SocketFactoryService( + configurationController, + certificateService + ); + + var connectorProperties = new HttpConnectorProperties(); + + try (var mirthSSlUtil = mockStatic(MirthSSLUtil.class)) { + mirthSSlUtil + .when(MirthSSLUtil::getSupportedHttpsProtocols) + .thenReturn(protocols()); + + mirthSSlUtil + .when(MirthSSLUtil::getSupportedHttpsCipherSuites) + .thenReturn(cipherSuites()); + + var socketFactory = socketFactoryService.getChannelSocketFactory(connector, connectorProperties); + + var exception = assertThrows(SSLHandshakeException.class, () -> { + var connectionResult = ConnectionUtils.thing( + socketFactory, + "valid.crl.caddy", + 9443, + 2_000, + null, + 0 + ); + }); + } + } + + private static String[] protocols() { + return new String[] { + "TLSv1.3", "TLSv1.2", "SSLv2Hello" + }; + } + + private static String[] cipherSuites() { + return new String[] { + "TLS_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" + }; + } +} diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/util/MockConfigurationController.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/util/MockConfigurationController.java new file mode 100644 index 0000000000..549f7fc55d --- /dev/null +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/util/MockConfigurationController.java @@ -0,0 +1,337 @@ +package org.openintegrationengine.tlsmanager.server.util; + +import com.mirth.commons.encryption.Digester; +import com.mirth.commons.encryption.Encryptor; +import com.mirth.connect.client.core.ControllerException; +import com.mirth.connect.model.ChannelDependency; +import com.mirth.connect.model.ChannelMetadata; +import com.mirth.connect.model.ChannelTag; +import com.mirth.connect.model.DatabaseSettings; +import com.mirth.connect.model.DriverInfo; +import com.mirth.connect.model.EncryptionSettings; +import com.mirth.connect.model.PasswordRequirements; +import com.mirth.connect.model.PublicServerSettings; +import com.mirth.connect.model.ServerConfiguration; +import com.mirth.connect.model.ServerSettings; +import com.mirth.connect.model.UpdateSettings; +import com.mirth.connect.server.controllers.ConfigurationController; +import com.mirth.connect.util.ConfigurationProperty; +import com.mirth.connect.util.ConnectionTestResponse; +import org.apache.commons.configuration2.PropertiesConfiguration; + +import java.util.Calendar; +import java.util.List; +import java.util.Locale; +import java.util.Map; +import java.util.Properties; +import java.util.Set; + +public class MockConfigurationController extends ConfigurationController { + @Override + public void initializeSecuritySettings() { + + } + + @Override + public void initializeDatabaseSettings() { + + } + + @Override + public void migrateKeystore() { + + } + + @Override + public void updatePropertiesConfiguration(PropertiesConfiguration propertiesConfiguration) { + + } + + @Override + public Encryptor getEncryptor() { + return null; + } + + @Override + public Digester getDigester() { + return null; + } + + @Override + public String getDatabaseType() { + return ""; + } + + @Override + public String getServerId() { + return ""; + } + + @Override + public String getServerName() { + return ""; + } + + @Override + public String getServerTimezone(Locale locale) { + return ""; + } + + @Override + public Calendar getServerTime() { + return null; + } + + @Override + public List getAvailableCharsetEncodings() throws ControllerException { + return List.of(); + } + + @Override + public String getBaseDir() { + return ""; + } + + @Override + public String getConfigurationDir() { + return ""; + } + + @Override + public String getApplicationDataDir() { + return ""; + } + + @Override + public ServerSettings getServerSettings() throws ControllerException { + return null; + } + + @Override + public EncryptionSettings getEncryptionSettings() throws ControllerException { + return null; + } + + @Override + public DatabaseSettings getDatabaseSettings() throws ControllerException { + return null; + } + + @Override + public void setServerSettings(ServerSettings serverSettings) throws ControllerException { + + } + + @Override + public PublicServerSettings getPublicServerSettings() throws ControllerException { + return null; + } + + @Override + public UpdateSettings getUpdateSettings() throws ControllerException { + return null; + } + + @Override + public void setUpdateSettings(UpdateSettings updateSettings) throws ControllerException { + + } + + @Override + public String generateGuid() { + return ""; + } + + @Override + public List getDatabaseDrivers() throws ControllerException { + return List.of(); + } + + @Override + public void setDatabaseDrivers(List list) throws ControllerException { + + } + + @Override + public String getServerVersion() { + return ""; + } + + @Override + public String getBuildDate() { + return ""; + } + + @Override + public int getMaxInactiveSessionInterval() { + return 0; + } + + @Override + public String[] getHttpsClientProtocols() { + return new String[0]; + } + + @Override + public String[] getHttpsServerProtocols() { + return new String[] { + "TLSv1.3", "TLSv1.2", "SSLv2Hello" + }; + } + + @Override + public String[] getHttpsCipherSuites() { + return new String[] { + "TLS_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" + }; + } + + @Override + public boolean isStartupDeploy() { + return false; + } + + @Override + public int getStatsUpdateInterval() { + return 0; + } + + @Override + public Integer getRhinoLanguageVersion() { + return 0; + } + + @Override + public int getStartupLockSleep() { + return 0; + } + + @Override + public ServerConfiguration getServerConfiguration() throws ControllerException { + return null; + } + + @Override + public void setServerConfiguration(ServerConfiguration serverConfiguration, boolean b, boolean b1) throws ControllerException { + + } + + @Override + public PasswordRequirements getPasswordRequirements() { + return null; + } + + @Override + public boolean isBypasswordEnabled() { + return false; + } + + @Override + public boolean checkBypassword(String s) { + return false; + } + + @Override + public int getStatus() { + return 0; + } + + @Override + public int getStatus(boolean b) { + return 0; + } + + @Override + public void setStatus(int i) { + + } + + @Override + public Map getConfigurationMap() { + return Map.of(); + } + + @Override + public Map getConfigurationProperties() throws ControllerException { + return Map.of(); + } + + @Override + public void setConfigurationProperties(Map map, boolean b) throws ControllerException { + + } + + @Override + public Properties getPropertiesForGroup(String s, Set set) { + return null; + } + + @Override + public void removePropertiesForGroup(String s) { + + } + + @Override + public String getProperty(String s, String s1) { + return ""; + } + + @Override + public void saveProperty(String s, String s1, String s2) { + + } + + @Override + public void removeProperty(String s, String s1) { + + } + + @Override + public String getResources() { + return ""; + } + + @Override + public void setResources(String s) { + + } + + @Override + public Set getChannelDependencies() { + return Set.of(); + } + + @Override + public void setChannelDependencies(Set set) { + + } + + @Override + public Map getChannelMetadata() { + return Map.of(); + } + + @Override + public void setChannelMetadata(Map map) { + + } + + @Override + public ConnectionTestResponse sendTestEmail(Properties properties) throws Exception { + return null; + } + + @Override + public void setChannelTags(Set set) { + + } + + @Override + public Set getChannelTags() { + return Set.of(); + } +} From 55cc735c7555043336132e199c5c7b38c19865a6 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 29 Sep 2025 13:09:37 +0300 Subject: [PATCH 052/360] Rename variable --- .../tlsmanager/server/CertificateService.java | 14 +++++++------- .../tlsmanager/server/servlets/TLSServlet.java | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 56daece9c9..16e8406aa9 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -47,7 +47,7 @@ public final class CertificateService { private KeyStore systemTrustStore; @Getter - private KeyStore extraTrustStore; + private KeyStore externalTrustStore; @Getter private KeyStore keystore; @@ -91,14 +91,14 @@ void init() { try { systemTrustStore = KeyStore.getInstance(KeyStore.getDefaultType()); - extraTrustStore = KeyStore.getInstance(PKCS12); + externalTrustStore = KeyStore.getInstance(PKCS12); } catch (KeyStoreException e) { log.error("Error initializing CetificateService", e); throw new RuntimeException(e); } loadKeyStore(systemTrustStore, cacertsBytes, systemTrustStoreBackend.loadPassword()); - loadKeyStore(extraTrustStore, extraTrustStoreBytes, extraTrustStoreBackend.loadPassword()); + loadKeyStore(externalTrustStore, extraTrustStoreBytes, extraTrustStoreBackend.loadPassword()); } KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet, DestinationConnector connector) { @@ -121,12 +121,12 @@ KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet continue; } - if (!extraTrustStore.containsAlias(alias)) { + if (!externalTrustStore.containsAlias(alias)) { unknownAliases.add(alias); continue; } - var publicCertificate = extraTrustStore.getCertificate(alias); + var publicCertificate = externalTrustStore.getCertificate(alias); finalTrustStore.setCertificateEntry(alias, publicCertificate); } catch (KeyStoreException e) { throw new RuntimeException(e); @@ -169,7 +169,7 @@ private void loadKeyStore(KeyStore keystore, byte[] bytes, char[] password) { public void storeExtraTrustStore(byte[] keystoreBytes, char[] password) { try (var bais = new ByteArrayInputStream(keystoreBytes)) { - extraTrustStore.load(bais, password); + externalTrustStore.load(bais, password); extraTrustStoreBackend.persist(keystoreBytes); } catch (CertificateException | IOException | NoSuchAlgorithmException e) { log.error("Error overwriting truststore", e); @@ -179,7 +179,7 @@ public void storeExtraTrustStore(byte[] keystoreBytes, char[] password) { public Set getLoadedAliases() { try { - return new HashSet<>(Collections.list(extraTrustStore.aliases())); + return new HashSet<>(Collections.list(externalTrustStore.aliases())); } catch (KeyStoreException e) { log.error("Error reading alias list from loaded truststore", e); throw new RuntimeException(e); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index 7f861e5413..9679386855 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -70,7 +70,7 @@ public Set getImportedCertificates() { @Override public byte[] getKeystore() { - var keystore = certificateService.getExtraTrustStore(); + var keystore = certificateService.getExternalTrustStore(); try (var baos = new ByteArrayOutputStream()) { keystore.store(baos, "changeit".toCharArray()); From 85ab5039b331daf4ebf03300e717cb027c090737 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 29 Sep 2025 13:15:34 +0300 Subject: [PATCH 053/360] External Caddyfile --- docker/Caddyfile | 25 +++++++++++++++++++++++++ docker/compose.yaml | 30 ++---------------------------- 2 files changed, 27 insertions(+), 28 deletions(-) create mode 100644 docker/Caddyfile diff --git a/docker/Caddyfile b/docker/Caddyfile new file mode 100644 index 0000000000..d2acc6b50e --- /dev/null +++ b/docker/Caddyfile @@ -0,0 +1,25 @@ +{ + auto_https off +} + +https://valid.crl.caddy { + tls /opt/certs/crl/server1.crt /opt/certs/crl/server1.key + + respond "Hai with valid cert" 200 + } + +https://revoked.crl.caddy { + tls /opt/certs/crl/server2.crt /opt/certs/crl/server2.key + + respond "Hai with revoked cert" 200 +} + +https://mtls.caddy { + tls /opt/certs/crl/server1.crt /opt/certs/crl/server1.key { + client_auth { + mode require + } + } + + respond "Hai from mtls" 200 +} diff --git a/docker/compose.yaml b/docker/compose.yaml index 9c137676fc..5be39b86f7 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -12,11 +12,10 @@ services: aliases: - valid.crl.caddy - revoked.crl.caddy - configs: - - source: caddyfile - target: /etc/caddy/Caddyfile + - mtls.caddy volumes: - ../tools/cert-revocation/mini-ca:/opt/certs/crl:ro + - ./Caddyfile:/etc/caddy/Caddyfile:ro oie: image: openintegrationengine/engine:latest @@ -54,28 +53,3 @@ services: - POSTGRES_DB=oie volumes: - ${PWD}/pgdata:/var/lib/postgresql/data - -configs: - caddyfile: - content: | - https://valid.crl.caddy { - tls /opt/certs/crl/server1.crt /opt/certs/crl/server1.key - - respond "Hai with valid cert" 200 - } - - https://revoked.crl.caddy { - tls /opt/certs/crl/server2.crt /opt/certs/crl/server2.key - - respond "Hai with revoked cert" 200 - } - - https://mtls.caddy { - tls /opt/certs/crl/server1.crt /opt/certs/crl/server1.key { - client_auth { - mode require - } - } - - respond "Hai from mtls" 200 - } From e53839506cdefd7d3e41e8840ece9e2f1945ba0f Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 29 Sep 2025 13:15:59 +0300 Subject: [PATCH 054/360] Fix typos --- .../tlsmanager/server/CertificateService.java | 2 +- .../tlsmanager/server/SocketFactoryService.java | 2 +- .../server/connectorconfig/TLSHttpConfiguration.java | 2 +- .../openintegrationengine/tlsmanager/server/MiscTests.java | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 16e8406aa9..da520d0562 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -93,7 +93,7 @@ void init() { systemTrustStore = KeyStore.getInstance(KeyStore.getDefaultType()); externalTrustStore = KeyStore.getInstance(PKCS12); } catch (KeyStoreException e) { - log.error("Error initializing CetificateService", e); + log.error("Error initializing CertificateService", e); throw new RuntimeException(e); } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index 1c8f8d2c77..845ffe177d 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -39,7 +39,7 @@ public SocketFactoryService( this.configurationController = configurationController; } - public SSLConnectionSocketFactory getChannelSocketFactory(DestinationConnector connector, HttpConnectorProperties properties) { + public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector connector, HttpConnectorProperties properties) { try { var truststore = certificateService.getTrustStoreFromProperties( properties.isTrustSystemTruststore(), diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java index d04c8c3160..965cf7b113 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java @@ -138,7 +138,7 @@ private void configureSocketFactory(HttpDispatcher connector) { return; } - var sslSocketFactory = socketFactoryService.getChannelSocketFactory(connector, properties); + var sslSocketFactory = socketFactoryService.getConnectorSocketFactory(connector, properties); if (sslSocketFactory != null) { // FIXME connector.getSocketFactoryRegistry().register("https", sslSocketFactory); diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java index d75c4f76f6..4099fa11eb 100644 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java @@ -82,7 +82,7 @@ public void asi() throws IOException, KeyStoreException, CertificateException, N .when(MirthSSLUtil::getSupportedHttpsCipherSuites) .thenReturn(cipherSuites()); - var socketFactory = socketFactoryService.getChannelSocketFactory(connector, connectorProperties); + var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, connectorProperties); var exception = assertThrows(SSLHandshakeException.class, () -> { var connectionResult = ConnectionUtils.thing( @@ -145,7 +145,7 @@ public void test_SSLHandShakeException() throws IOException, KeyStoreException, .when(MirthSSLUtil::getSupportedHttpsCipherSuites) .thenReturn(cipherSuites()); - var socketFactory = socketFactoryService.getChannelSocketFactory(connector, connectorProperties); + var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, connectorProperties); var exception = assertThrows(SSLHandshakeException.class, () -> { var connectionResult = ConnectionUtils.thing( From 4a43257939330c112d3605e47383b6aacb7af447 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Mon, 29 Sep 2025 17:35:26 +0300 Subject: [PATCH 055/360] Add Express server setup and API proxying: Introduced server.js for handling API requests with Express and http-proxy-middleware. Updated package.json and README.md to include new dependencies and environment configuration. Enhanced ImportCertificateDialogContent for improved PEM file handling and updated Login page for async login functionality. --- .gitignore | 3 +- README.md | 8 +- package-lock.json | 1041 ++++++++++++++++- package.json | 4 + server.js | 30 + .../ImportCertificateDialogContent.jsx | 159 +-- src/context/AuthContext.jsx | 8 +- src/pages/Login.jsx | 24 +- src/pages/SslManagement.jsx | 7 +- src/services/api.js | 57 + src/services/authService.js | 44 + vite.config.js | 11 + 12 files changed, 1272 insertions(+), 124 deletions(-) create mode 100644 server.js create mode 100644 src/services/api.js create mode 100644 src/services/authService.js diff --git a/.gitignore b/.gitignore index 108e677b9b..3506f4df29 100644 --- a/.gitignore +++ b/.gitignore @@ -26,4 +26,5 @@ dist-ssr .cursor/ project-setup.md scratchpad.md -/dashboard \ No newline at end of file +/dashboard +.env \ No newline at end of file diff --git a/README.md b/README.md index 9ff0bc88a9..7cf58003ef 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,12 @@ npm run build npm run preview ``` +### Environment +- Create a `.env` file if needed: + - `VITE_API_BASE_URL=https://oie-test.quantis.health/api` + +Axios is configured with `withCredentials=true`, so successful login at `/users/_login` will set the `JSESSIONID` cookie in the browser (CORS must allow credentials). + ## Routing & Auth - BrowserRouter `basename` is `/dashboard`. - Routes: @@ -71,7 +77,7 @@ npm run preview ## Environment - Vite base path is `/dashboard/` (see `vite.config.js`). -- To configure API endpoints, add an `.env` file and read via `import.meta.env` in a centralized `src/services/api.ts`/`api.js` (to be introduced with a real backend). +- API base URL is centralized in `src/services/api.js` and reads `import.meta.env.VITE_API_BASE_URL`. ## Build & Deploy - `vite build` outputs to `./dashboard`. diff --git a/package-lock.json b/package-lock.json index 1fd29773e8..b7d18dd1ee 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,6 +12,10 @@ "@emotion/styled": "^11.14.1", "@mui/icons-material": "^7.3.2", "@mui/material": "^7.3.2", + "axios": "^1.12.2", + "express": "^5.1.0", + "http-proxy-middleware": "^3.0.5", + "node-forge": "^1.3.1", "react": "^19.1.1", "react-dom": "^19.1.1", "react-router-dom": "^7.9.1" @@ -1911,12 +1915,28 @@ "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==", "dev": true }, + "node_modules/@types/http-proxy": { + "version": "1.17.16", + "resolved": "https://registry.npmjs.org/@types/http-proxy/-/http-proxy-1.17.16.tgz", + "integrity": "sha512-sdWoUajOB1cd0A8cRRQ1cfyWNbmFKLAqBB89Y8x5iYyG/mkJHc0YUH8pdWBy2omi9qtCpiIgGjuwO0dQST2l5w==", + "dependencies": { + "@types/node": "*" + } + }, "node_modules/@types/json-schema": { "version": "7.0.15", "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==", "dev": true }, + "node_modules/@types/node": { + "version": "24.5.2", + "resolved": "https://registry.npmjs.org/@types/node/-/node-24.5.2.tgz", + "integrity": "sha512-FYxk1I7wPv3K2XBaoyH2cTnocQEu8AOZ60hPbsyukMPLv5/5qr7V1i8PLHdl6Zf87I+xZXFvPCXYjiTFq+YSDQ==", + "dependencies": { + "undici-types": "~7.12.0" + } + }, "node_modules/@types/parse-json": { "version": "4.0.2", "resolved": "https://registry.npmjs.org/@types/parse-json/-/parse-json-4.0.2.tgz", @@ -1972,6 +1992,37 @@ "vite": "^4.2.0 || ^5.0.0 || ^6.0.0 || ^7.0.0" } }, + "node_modules/accepts": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-2.0.0.tgz", + "integrity": "sha512-5cvg6CtKwfgdmVqY1WIiXKc3Q1bkRqGLi+2W/6ao+6Y7gu/RCwRuAhGEzh5B4KlszSuTLgZYuqFqo5bImjNKng==", + "dependencies": { + "mime-types": "^3.0.0", + "negotiator": "^1.0.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/accepts/node_modules/mime-db": { + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/accepts/node_modules/mime-types": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.1.tgz", + "integrity": "sha512-xRc4oEhT6eaBpU1XF7AjpOFD+xQmXNB5OVKwp4tqCuBpHLS/ZbBDrc07mYTDqVMg6PfxUjjNp85O6Cd2Z/5HWA==", + "dependencies": { + "mime-db": "^1.54.0" + }, + "engines": { + "node": ">= 0.6" + } + }, "node_modules/acorn": { "version": "8.15.0", "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz", @@ -2030,6 +2081,21 @@ "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", "dev": true }, + "node_modules/asynckit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" + }, + "node_modules/axios": { + "version": "1.12.2", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz", + "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==", + "dependencies": { + "follow-redirects": "^1.15.6", + "form-data": "^4.0.4", + "proxy-from-env": "^1.1.0" + } + }, "node_modules/babel-plugin-macros": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/babel-plugin-macros/-/babel-plugin-macros-3.1.0.tgz", @@ -2059,6 +2125,25 @@ "baseline-browser-mapping": "dist/cli.js" } }, + "node_modules/body-parser": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-2.2.0.tgz", + "integrity": "sha512-02qvAaxv8tp7fBa/mw1ga98OGm+eCbqzJOKoRt70sLmfEEi+jyBYVTDGfCL/k06/4EMk/z01gCe7HoCH/f2LTg==", + "dependencies": { + "bytes": "^3.1.2", + "content-type": "^1.0.5", + "debug": "^4.4.0", + "http-errors": "^2.0.0", + "iconv-lite": "^0.6.3", + "on-finished": "^2.4.1", + "qs": "^6.14.0", + "raw-body": "^3.0.0", + "type-is": "^2.0.0" + }, + "engines": { + "node": ">=18" + } + }, "node_modules/brace-expansion": { "version": "1.1.12", "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", @@ -2069,6 +2154,17 @@ "concat-map": "0.0.1" } }, + "node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, "node_modules/browserslist": { "version": "4.26.0", "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.26.0.tgz", @@ -2102,6 +2198,41 @@ "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" } }, + "node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/call-bound": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/callsites": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", @@ -2181,12 +2312,42 @@ "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", "dev": true }, + "node_modules/combined-stream": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "dependencies": { + "delayed-stream": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, "node_modules/concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", "dev": true }, + "node_modules/content-disposition": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-1.0.0.tgz", + "integrity": "sha512-Au9nRL8VNUut/XSzbQA38+M78dzP4D+eqg3gfJHMIHHYa3bg067xj1KxMUWj+VULbiZMowKngFFbKczUrNJ1mg==", + "dependencies": { + "safe-buffer": "5.2.1" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "engines": { + "node": ">= 0.6" + } + }, "node_modules/convert-source-map": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", @@ -2201,6 +2362,14 @@ "node": ">=18" } }, + "node_modules/cookie-signature": { + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.2.2.tgz", + "integrity": "sha512-D76uU73ulSXrD1UXF4KE2TMxVVwhsnCgfAyTg9k8P6KGZjlXKrOLe4dJQKI3Bxi5wjesZoFXJWElNWBjPZMbhg==", + "engines": { + "node": ">=6.6.0" + } + }, "node_modules/cosmiconfig": { "version": "7.1.0", "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-7.1.0.tgz", @@ -2265,6 +2434,22 @@ "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==", "dev": true }, + "node_modules/delayed-stream": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/detect-libc": { "version": "2.1.0", "resolved": "https://registry.npmjs.org/detect-libc/-/detect-libc-2.1.0.tgz", @@ -2283,12 +2468,38 @@ "csstype": "^3.0.2" } }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==" + }, "node_modules/electron-to-chromium": { "version": "1.5.218", "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.218.tgz", "integrity": "sha512-uwwdN0TUHs8u6iRgN8vKeWZMRll4gBkz+QMqdS7DDe49uiK68/UX92lFb61oiFPrpYZNeZIqa4bA7O6Aiasnzg==", "dev": true }, + "node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/enhanced-resolve": { "version": "5.18.3", "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.18.3.tgz", @@ -2310,6 +2521,47 @@ "is-arrayish": "^0.2.1" } }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-set-tostringtag": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz", + "integrity": "sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==", + "dependencies": { + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.6", + "has-tostringtag": "^1.0.2", + "hasown": "^2.0.2" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/esbuild": { "version": "0.25.9", "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.9.tgz", @@ -2360,6 +2612,11 @@ "node": ">=6" } }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==" + }, "node_modules/escape-string-regexp": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", @@ -2539,6 +2796,87 @@ "node": ">=0.10.0" } }, + "node_modules/etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/eventemitter3": { + "version": "4.0.7", + "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz", + "integrity": "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==" + }, + "node_modules/express": { + "version": "5.1.0", + "resolved": "https://registry.npmjs.org/express/-/express-5.1.0.tgz", + "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==", + "dependencies": { + "accepts": "^2.0.0", + "body-parser": "^2.2.0", + "content-disposition": "^1.0.0", + "content-type": "^1.0.5", + "cookie": "^0.7.1", + "cookie-signature": "^1.2.1", + "debug": "^4.4.0", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "etag": "^1.8.1", + "finalhandler": "^2.1.0", + "fresh": "^2.0.0", + "http-errors": "^2.0.0", + "merge-descriptors": "^2.0.0", + "mime-types": "^3.0.0", + "on-finished": "^2.4.1", + "once": "^1.4.0", + "parseurl": "^1.3.3", + "proxy-addr": "^2.0.7", + "qs": "^6.14.0", + "range-parser": "^1.2.1", + "router": "^2.2.0", + "send": "^1.1.0", + "serve-static": "^2.2.0", + "statuses": "^2.0.1", + "type-is": "^2.0.1", + "vary": "^1.1.2" + }, + "engines": { + "node": ">= 18" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/express/node_modules/cookie": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express/node_modules/mime-db": { + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express/node_modules/mime-types": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.1.tgz", + "integrity": "sha512-xRc4oEhT6eaBpU1XF7AjpOFD+xQmXNB5OVKwp4tqCuBpHLS/ZbBDrc07mYTDqVMg6PfxUjjNp85O6Cd2Z/5HWA==", + "dependencies": { + "mime-db": "^1.54.0" + }, + "engines": { + "node": ">= 0.6" + } + }, "node_modules/fast-deep-equal": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", @@ -2586,6 +2924,33 @@ "node": ">=16.0.0" } }, + "node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/finalhandler": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-2.1.0.tgz", + "integrity": "sha512-/t88Ty3d5JWQbWYgaOGCCYfXRwV1+be02WqYYlL6h0lEiUAMPM8o8qKGO01YIkOHzka2up08wvgYD0mDiI+q3Q==", + "dependencies": { + "debug": "^4.4.0", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "on-finished": "^2.4.1", + "parseurl": "^1.3.3", + "statuses": "^2.0.1" + }, + "engines": { + "node": ">= 0.8" + } + }, "node_modules/find-root": { "version": "1.1.0", "resolved": "https://registry.npmjs.org/find-root/-/find-root-1.1.0.tgz", @@ -2626,6 +2991,56 @@ "integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==", "dev": true }, + "node_modules/follow-redirects": { + "version": "1.15.11", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", + "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, + "node_modules/form-data": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.4.tgz", + "integrity": "sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "es-set-tostringtag": "^2.1.0", + "hasown": "^2.0.2", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fresh": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-2.0.0.tgz", + "integrity": "sha512-Rx/WycZ60HOaqLKAi6cHRKKI7zxWbJ31MhntmtwMoaTeF7XFH9hhBp8vITaMidfljRQ6eYWCKkaTK+ykVJHP2A==", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/fsevents": { "version": "2.3.3", "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", @@ -2657,6 +3072,41 @@ "node": ">=6.9.0" } }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, "node_modules/glob-parent": { "version": "6.0.2", "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", @@ -2681,6 +3131,17 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/graceful-fs": { "version": "4.2.11", "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", @@ -2696,6 +3157,31 @@ "node": ">=8" } }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-tostringtag": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", + "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", + "dependencies": { + "has-symbols": "^1.0.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/hasown": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", @@ -2720,6 +3206,69 @@ "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" }, + "node_modules/http-errors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", + "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", + "dependencies": { + "depd": "2.0.0", + "inherits": "2.0.4", + "setprototypeof": "1.2.0", + "statuses": "2.0.1", + "toidentifier": "1.0.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/http-errors/node_modules/statuses": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", + "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/http-proxy": { + "version": "1.18.1", + "resolved": "https://registry.npmjs.org/http-proxy/-/http-proxy-1.18.1.tgz", + "integrity": "sha512-7mz/721AbnJwIVbnaSv1Cz3Am0ZLT/UBwkC92VlxhXv/k/BBQfM2fXElQNC27BVGr0uwUpplYPQM9LnaBMR5NQ==", + "dependencies": { + "eventemitter3": "^4.0.0", + "follow-redirects": "^1.0.0", + "requires-port": "^1.0.0" + }, + "engines": { + "node": ">=8.0.0" + } + }, + "node_modules/http-proxy-middleware": { + "version": "3.0.5", + "resolved": "https://registry.npmjs.org/http-proxy-middleware/-/http-proxy-middleware-3.0.5.tgz", + "integrity": "sha512-GLZZm1X38BPY4lkXA01jhwxvDoOkkXqjgVyUzVxiEK4iuRu03PZoYHhHRwxnfhQMDuaxi3vVri0YgSro/1oWqg==", + "dependencies": { + "@types/http-proxy": "^1.17.15", + "debug": "^4.3.6", + "http-proxy": "^1.18.1", + "is-glob": "^4.0.3", + "is-plain-object": "^5.0.0", + "micromatch": "^4.0.8" + }, + "engines": { + "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + } + }, + "node_modules/iconv-lite": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", + "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, "node_modules/ignore": { "version": "5.3.2", "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz", @@ -2753,6 +3302,19 @@ "node": ">=0.8.19" } }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + }, + "node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "engines": { + "node": ">= 0.10" + } + }, "node_modules/is-arrayish": { "version": "0.2.1", "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", @@ -2776,7 +3338,6 @@ "version": "2.1.1", "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", - "dev": true, "engines": { "node": ">=0.10.0" } @@ -2785,7 +3346,6 @@ "version": "4.0.3", "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", - "dev": true, "dependencies": { "is-extglob": "^2.1.1" }, @@ -2793,6 +3353,27 @@ "node": ">=0.10.0" } }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/is-plain-object": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-5.0.0.tgz", + "integrity": "sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-promise": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-4.0.0.tgz", + "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==" + }, "node_modules/isexe": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", @@ -3176,6 +3757,75 @@ "@jridgewell/sourcemap-codec": "^1.5.5" } }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/media-typer": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz", + "integrity": "sha512-aisnrDP4GNe06UcKFnV5bfMNPBUw4jsLGaWwWfnH3v02GnBuXX2MCVn5RbrWo0j3pczUilYblq7fQ7Nw2t5XKw==", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/merge-descriptors": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-2.0.0.tgz", + "integrity": "sha512-Snk314V5ayFLhp3fkUREub6WtjBfPdCPY1Ln8/8munuLuiYhsABgBVWsozAG+MWMbVEvcdcpbi9R7ww22l9Q3g==", + "engines": { + "node": ">=18" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/micromatch": { + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", + "dependencies": { + "braces": "^3.0.3", + "picomatch": "^2.3.1" + }, + "engines": { + "node": ">=8.6" + } + }, + "node_modules/micromatch/node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, "node_modules/minimatch": { "version": "3.1.2", "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", @@ -3253,6 +3903,22 @@ "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==", "dev": true }, + "node_modules/negotiator": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-1.0.0.tgz", + "integrity": "sha512-8Ofs/AUQh8MaEcrlq5xOX0CQ9ypTF5dl78mjlMNfOK08fzpgTHQRQPBxcPlEtIw0yRpws+Zo/3r+5WRby7u3Gg==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/node-forge": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", + "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==", + "engines": { + "node": ">= 6.13.0" + } + }, "node_modules/node-releases": { "version": "2.0.21", "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.21.tgz", @@ -3267,6 +3933,36 @@ "node": ">=0.10.0" } }, + "node_modules/object-inspect": { + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/on-finished": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", + "dependencies": { + "wrappy": "1" + } + }, "node_modules/optionator": { "version": "0.9.4", "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz", @@ -3342,6 +4038,14 @@ "url": "https://github.com/sponsors/sindresorhus" } }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/path-exists": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", @@ -3365,6 +4069,15 @@ "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==" }, + "node_modules/path-to-regexp": { + "version": "8.3.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz", + "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==", + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, "node_modules/path-type": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", @@ -3442,6 +4155,23 @@ "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz", "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==" }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, "node_modules/punycode": { "version": "2.3.1", "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", @@ -3451,6 +4181,57 @@ "node": ">=6" } }, + "node_modules/qs": { + "version": "6.14.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", + "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==", + "dependencies": { + "side-channel": "^1.1.0" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-3.0.1.tgz", + "integrity": "sha512-9G8cA+tuMS75+6G/TzW8OtLzmBDMo8p1JRxN5AZ+LAp8uxGA8V8GZm4GQ4/N5QNQEnLmg6SS7wyuSmbKepiKqA==", + "dependencies": { + "bytes": "3.1.2", + "http-errors": "2.0.0", + "iconv-lite": "0.7.0", + "unpipe": "1.0.0" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/raw-body/node_modules/iconv-lite": { + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.7.0.tgz", + "integrity": "sha512-cf6L2Ds3h57VVmkZe+Pn+5APsT7FpqJtEhhieDCvrE2MK5Qk9MyffgQyuxQTm6BChfeZNtcOLHp9IcWRVcIcBQ==", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3.0.0" + }, + "engines": { + "node": ">=0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, "node_modules/react": { "version": "19.1.1", "resolved": "https://registry.npmjs.org/react/-/react-19.1.1.tgz", @@ -3535,6 +4316,11 @@ "react-dom": ">=16.6.0" } }, + "node_modules/requires-port": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", + "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==" + }, "node_modules/resolve": { "version": "1.22.10", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.10.tgz", @@ -3602,6 +4388,45 @@ "fsevents": "~2.3.2" } }, + "node_modules/router": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/router/-/router-2.2.0.tgz", + "integrity": "sha512-nLTrUKm2UyiL7rlhapu/Zl45FwNgkZGaCpZbIHajDYgwlJCOzLSk+cIPAnsEqV955GjILJnKbdQC1nVPz+gAYQ==", + "dependencies": { + "debug": "^4.4.0", + "depd": "^2.0.0", + "is-promise": "^4.0.0", + "parseurl": "^1.3.3", + "path-to-regexp": "^8.0.0" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==" + }, "node_modules/scheduler": { "version": "0.26.0", "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.26.0.tgz", @@ -3616,11 +4441,70 @@ "semver": "bin/semver.js" } }, + "node_modules/send": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/send/-/send-1.2.0.tgz", + "integrity": "sha512-uaW0WwXKpL9blXE2o0bRhoL2EGXIrZxQ2ZQ4mgcfoBxdFmQold+qWsD2jLrfZ0trjKL6vOw0j//eAwcALFjKSw==", + "dependencies": { + "debug": "^4.3.5", + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "etag": "^1.8.1", + "fresh": "^2.0.0", + "http-errors": "^2.0.0", + "mime-types": "^3.0.1", + "ms": "^2.1.3", + "on-finished": "^2.4.1", + "range-parser": "^1.2.1", + "statuses": "^2.0.1" + }, + "engines": { + "node": ">= 18" + } + }, + "node_modules/send/node_modules/mime-db": { + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/send/node_modules/mime-types": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.1.tgz", + "integrity": "sha512-xRc4oEhT6eaBpU1XF7AjpOFD+xQmXNB5OVKwp4tqCuBpHLS/ZbBDrc07mYTDqVMg6PfxUjjNp85O6Cd2Z/5HWA==", + "dependencies": { + "mime-db": "^1.54.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/serve-static": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-2.2.0.tgz", + "integrity": "sha512-61g9pCh0Vnh7IutZjtLGGpTA355+OPn2TyDv/6ivP2h/AdAVX9azsoxmg2/M6nZeQZNYBEwIcsne1mJd9oQItQ==", + "dependencies": { + "encodeurl": "^2.0.0", + "escape-html": "^1.0.3", + "parseurl": "^1.3.3", + "send": "^1.2.0" + }, + "engines": { + "node": ">= 18" + } + }, "node_modules/set-cookie-parser": { "version": "2.7.1", "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.7.1.tgz", "integrity": "sha512-IOc8uWeOZgnb3ptbCURJWNjWUPcO3ZnTTdzsurqERrP6nPyv+paC55vJM0LpOlT2ne+Ix+9+CRG1MNLlyZ4GjQ==" }, + "node_modules/setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==" + }, "node_modules/shebang-command": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", @@ -3642,6 +4526,74 @@ "node": ">=8" } }, + "node_modules/side-channel": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz", + "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, "node_modules/source-map": { "version": "0.5.7", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", @@ -3659,6 +4611,14 @@ "node": ">=0.10.0" } }, + "node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/strip-json-comments": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", @@ -3760,6 +4720,25 @@ "url": "https://github.com/sponsors/SuperchupuDev" } }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/toidentifier": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "engines": { + "node": ">=0.6" + } + }, "node_modules/type-check": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", @@ -3772,6 +4751,51 @@ "node": ">= 0.8.0" } }, + "node_modules/type-is": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz", + "integrity": "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==", + "dependencies": { + "content-type": "^1.0.5", + "media-typer": "^1.1.0", + "mime-types": "^3.0.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/type-is/node_modules/mime-db": { + "version": "1.54.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz", + "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/type-is/node_modules/mime-types": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-3.0.1.tgz", + "integrity": "sha512-xRc4oEhT6eaBpU1XF7AjpOFD+xQmXNB5OVKwp4tqCuBpHLS/ZbBDrc07mYTDqVMg6PfxUjjNp85O6Cd2Z/5HWA==", + "dependencies": { + "mime-db": "^1.54.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/undici-types": { + "version": "7.12.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.12.0.tgz", + "integrity": "sha512-goOacqME2GYyOZZfb5Lgtu+1IDmAlAEu5xnD3+xTzS10hT0vzpf0SPjkXwAw9Jm+4n/mQGDP3LO8CPbYROeBfQ==" + }, + "node_modules/unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/update-browserslist-db": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.1.3.tgz", @@ -3811,6 +4835,14 @@ "punycode": "^2.1.0" } }, + "node_modules/vary": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/vite": { "version": "7.1.5", "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.5.tgz", @@ -3909,6 +4941,11 @@ "node": ">=0.10.0" } }, + "node_modules/wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" + }, "node_modules/yallist": { "version": "3.1.1", "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", diff --git a/package.json b/package.json index ebdf34cc96..d9ff186801 100644 --- a/package.json +++ b/package.json @@ -14,6 +14,10 @@ "@emotion/styled": "^11.14.1", "@mui/icons-material": "^7.3.2", "@mui/material": "^7.3.2", + "axios": "^1.12.2", + "express": "^5.1.0", + "http-proxy-middleware": "^3.0.5", + "node-forge": "^1.3.1", "react": "^19.1.1", "react-dom": "^19.1.1", "react-router-dom": "^7.9.1" diff --git a/server.js b/server.js new file mode 100644 index 0000000000..66e89464b9 --- /dev/null +++ b/server.js @@ -0,0 +1,30 @@ +import express from 'express' +import { createProxyMiddleware } from 'http-proxy-middleware' + +const target = 'https://oie-test.quantis.health' + +const app = express() + +app.use('/api', createProxyMiddleware({ + target, + changeOrigin: true, + xfwd: true, + // Strip the Domain attribute so the cookie becomes host-only for your proxy host + cookieDomainRewrite: '', + // Optional: ensure SameSite/ Secure as needed + onProxyRes(proxyRes) { + const cookies = proxyRes.headers['set-cookie'] + if (cookies) { + proxyRes.headers['set-cookie'] = cookies.map(c => { + let v = c + // Force SameSite=None for cross-site usage (only if served over HTTPS) + if (!/; *SameSite=/i.test(v)) v += '; SameSite=None' + // Add Secure if serving the proxy over HTTPS (required for SameSite=None) + if (!/; *Secure/i.test(v)) v += '; Secure' + return v + }) + } + }, +})) + +app.listen(3000, () => console.log('Proxy on http://localhost:3000')) \ No newline at end of file diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index bff7d9a4e3..193da6d6aa 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -1,53 +1,25 @@ -import React, { useMemo, useRef, useState } from 'react' -import { Box, Button, FormControl, FormHelperText, InputLabel, MenuItem, Select, Stack, TextField, Typography } from '@mui/material' - -const FORMAT_OPTIONS = [ - { value: 'PEM', label: 'PEM (Base64 with headers)' }, - { value: 'DER', label: 'DER (binary X.509)' }, - { value: 'PKCS12', label: 'PKCS#12 / PFX (.p12 / .pfx)' }, - { value: 'JKS', label: 'JKS / Java KeyStore' }, -] +import React, { useRef, useState } from 'react' +import { Box, Button, FormHelperText, Stack, TextField, Typography } from '@mui/material' export default function ImportCertificateDialogContent({ - defaultFormat = 'PEM', targetStore = 'trusted', onCancel, onSubmit, }) { - const [format, setFormat] = useState(defaultFormat) const [pemText, setPemText] = useState('') const [file, setFile] = useState(null) - const [password, setPassword] = useState('') const [alias, setAlias] = useState('') const [errors, setErrors] = useState({}) const fileInputRef = useRef(null) - const fileAccept = useMemo(() => { - switch (format) { - case 'DER': - return '.der,.cer,.crt,application/pkix-cert,application/x-x509-ca-cert' - case 'PKCS12': - return '.p12,.pfx,application/x-pkcs12' - case 'JKS': - return '.jks,.keystore' - default: - return '.pem,.crt,.cer,text/plain,application/x-pem-file' - } - }, [format]) + const fileAccept = '.pem,text/plain,application/x-pem-file' const validate = () => { const nextErrors = {} - if (format === 'PEM') { - if (!pemText.trim()) nextErrors.pemText = 'PEM content is required.' - if (pemText && !/-----BEGIN [^-]+-----[\s\S]*-----END [^-]+-----/m.test(pemText)) { - nextErrors.pemText = 'Expected PEM with BEGIN/END headers.' - } - } else { - if (!file) nextErrors.file = 'Please select a file.' - } - if (format === 'PKCS12' || format === 'JKS') { - if (!password) nextErrors.password = 'Password is required.' + if (!pemText.trim()) nextErrors.pemText = 'PEM content is required.' + if (pemText && !/-----BEGIN [^-]+-----[\s\S]*-----END [^-]+-----/m.test(pemText)) { + nextErrors.pemText = 'Expected PEM content with BEGIN/END headers.' } setErrors(nextErrors) return Object.keys(nextErrors).length === 0 @@ -56,12 +28,10 @@ export default function ImportCertificateDialogContent({ const handleSubmit = () => { if (!validate()) return const payload = { - format, targetStore, - source: format === 'PEM' ? 'text' : 'file', - pemText: format === 'PEM' ? pemText : undefined, + source: 'text', + pemText, fileName: file ? file.name : undefined, - password: format === 'PKCS12' || format === 'JKS' ? password : undefined, alias: alias || undefined, } // Useful debugging information @@ -73,77 +43,50 @@ export default function ImportCertificateDialogContent({ return ( - - Format - - Select the certificate/container format - - - {format === 'PEM' ? ( - setPemText(e.target.value)} - error={Boolean(errors.pemText)} - helperText={errors.pemText || 'You can paste a certificate chain.'} - multiline - minRows={6} - fullWidth - /> - ) : ( - <> - { - const f = e.target.files && e.target.files[0] - setFile(f || null) - setErrors((prev) => ({ ...prev, file: undefined })) - }} - /> - - - - {file ? file.name : 'No file selected'} - - - {errors.file && {errors.file}} - - )} + { + try { + const f = e.target.files && e.target.files[0] + setFile(f || null) + if (!f) return + const name = (f.name || '').toLowerCase() + if (!(name.endsWith('.pem') || f.type === 'text/plain' || f.type === 'application/x-pem-file')) { + setErrors((prev) => ({ ...prev, file: 'Please select a .pem file.' })) + return + } + const text = await f.text() + setPemText(text) + setErrors((prev) => ({ ...prev, file: undefined, pemText: undefined })) + } catch (err) { + setErrors((prev) => ({ ...prev, file: 'Failed to read file.' })) + } + }} + /> + + + + {file ? file.name : 'No file selected'} + + + {errors.file && {errors.file}} - {(format === 'PKCS12' || format === 'JKS') && ( - setPassword(e.target.value)} - error={Boolean(errors.password)} - helperText={errors.password || 'Password for the keystore/container.'} - fullWidth - /> - )} + setPemText(e.target.value)} + error={Boolean(errors.pemText)} + helperText={errors.pemText || 'Paste certificate or chain. Uploading a .pem fills this field.'} + multiline + minRows={8} + fullWidth + /> {}, + login: async (_credentials) => {}, logout: () => {}, }) @@ -26,7 +27,10 @@ export function AuthProvider({ children }) { } catch (_) {} }, [isAuthenticated]) - const login = () => setIsAuthenticated(true) + const login = async ({ username, password }) => { + await loginWithCredentials({ username, password }) + setIsAuthenticated(true) + } const logout = () => setIsAuthenticated(false) const value = useMemo(() => ({ isAuthenticated, login, logout }), [isAuthenticated]) diff --git a/src/pages/Login.jsx b/src/pages/Login.jsx index fe356ad304..4377012b1e 100644 --- a/src/pages/Login.jsx +++ b/src/pages/Login.jsx @@ -10,19 +10,31 @@ export default function Login() { const [username, setUsername] = useState('') const [password, setPassword] = useState('') const [error, setError] = useState('') + const [loading, setLoading] = useState(false) const navigate = useNavigate() const location = useLocation() const { login } = useAuth() - const handleSubmit = (e) => { + const handleSubmit = async (e) => { e.preventDefault() if (!username || !password) { setError('Please enter username and password') return } - login() - const redirectTo = location.state?.from?.pathname || '/ssl' - navigate(redirectTo, { replace: true }) + setLoading(true) + setError('') + try { + await login({ username, password }) + const redirectTo = location.state?.from?.pathname || '/ssl' + navigate(redirectTo, { replace: true }) + } catch (err) { + const msg = err?.message || 'Login failed. Please try again.' + setError(msg) + // eslint-disable-next-line no-console + console.debug('[Login] failed', { msg, err }) + } finally { + setLoading(false) + } } return ( @@ -73,7 +85,9 @@ export default function Login() { }} /> {error ? {error} : null} - + diff --git a/src/pages/SslManagement.jsx b/src/pages/SslManagement.jsx index 7516cfca44..2029329fa5 100644 --- a/src/pages/SslManagement.jsx +++ b/src/pages/SslManagement.jsx @@ -38,10 +38,9 @@ export default function SslManagement() { setDialogProps({}) } - const openImportDialog = (presetFormat) => { - const defaultFormat = presetFormat || 'PEM' + const openImportDialog = () => { const targetStore = tabKey === 'trusted' ? 'trusted' : 'private' - openDialog({ type: 'import-certificate', title: presetFormat === 'PKCS12' ? 'Import PKCS#12' : 'Import Certificate', props: { defaultFormat, targetStore } }) + openDialog({ type: 'import-certificate', title: 'Import Certificate (PEM)', props: { targetStore } }) } const onTabChange = (_e, newIndex) => { @@ -82,7 +81,6 @@ export default function SslManagement() { actions: [ { key: 'show-keys', label: 'Show Private Keys', color: 'secondary', onClick: () => openDialog({ type: 'text', title: 'Show Private Keys', props: { text: 'Placeholder dialog for showing private keys.' } }) }, { key: 'import-cert', label: 'Import Certificate', color: 'info', onClick: () => openImportDialog() }, - { key: 'import-pkcs12', label: 'Import PKCS#12', color: 'warning', onClick: () => openImportDialog('PKCS12') }, { key: 'add-new', label: 'Add New', variant: 'contained', color: 'success', onClick: () => openDialog({ type: 'text', title: 'Add New Private Key', props: { text: 'Placeholder dialog for adding a new private key certificate.' } }) }, ], }, @@ -123,7 +121,6 @@ export default function SslManagement() { {dialogType === 'import-certificate' && ( closeDialog()} diff --git a/src/services/api.js b/src/services/api.js new file mode 100644 index 0000000000..2382868ebb --- /dev/null +++ b/src/services/api.js @@ -0,0 +1,57 @@ +import axios from 'axios' + +export const api = axios.create({ + // Use same-origin '/api' in dev with Vite proxy; fallback to absolute BASE_URL when building + baseURL: '/', + withCredentials: true, + headers: { + 'X-Requested-With': 'XMLHttpRequest', + }, + timeout: 15000, +}) + +// Dev-friendly request logging (masks password) +api.interceptors.request.use((config) => { + try { + let dataPreview = null + const isFormData = typeof FormData !== 'undefined' && config.data instanceof FormData + const isUrlParams = typeof URLSearchParams !== 'undefined' && config.data instanceof URLSearchParams + if (isUrlParams) { + const safe = {} + for (const [k, v] of config.data.entries()) { + safe[k] = String(k).toLowerCase() === 'password' ? '***' : v + } + dataPreview = safe + } else if (isFormData) { + const safe = {} + for (const [k, v] of config.data.entries()) { + safe[k] = String(k).toLowerCase() === 'password' ? '***' : (typeof v === 'string' ? v : '[file]') + } + dataPreview = safe + } else if (config.data && typeof config.data === 'object') { + const safe = { ...config.data } + if ('password' in safe) safe.password = '***' + dataPreview = safe + } + // eslint-disable-next-line no-console + console.debug('[API] request', { method: config.method, url: config.url, data: dataPreview }) + } catch (_) {} + return config +}) + +api.interceptors.response.use( + (response) => response, + (error) => { + // eslint-disable-next-line no-console + console.debug('[API] error', { + url: error?.config?.url, + status: error?.response?.status, + data: error?.response?.data, + }) + return Promise.reject(error) + } +) + +export default api + + diff --git a/src/services/authService.js b/src/services/authService.js new file mode 100644 index 0000000000..5bea5485d3 --- /dev/null +++ b/src/services/authService.js @@ -0,0 +1,44 @@ +import api from './api' + +function parseLoginXml(xmlString) { + try { + const parser = new DOMParser() + const doc = parser.parseFromString(xmlString, 'application/xml') + const status = doc.querySelector('status')?.textContent || '' + const message = doc.querySelector('message')?.textContent || '' + return { status, message } + } catch (e) { + return { status: '', message: 'Failed to parse login response' } + } +} + +export async function loginWithCredentials({ username, password }) { + // Use application/x-www-form-urlencoded (safelisted for CORS; many Mirth setups expect it) + const body = new URLSearchParams() + body.set('username', username) + body.set('password', password) + + // The endpoint returns XML and sets JSESSIONID cookie; withCredentials ensures the browser stores it + const response = await api.post('/api/users/_login', body, { + headers: { 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'application/xml, text/xml' }, + responseType: 'text', + transformResponse: [(data) => data], + }) + + const { status, message } = parseLoginXml(response.data || '') + const success = String(status).toUpperCase() === 'SUCCESS' + + // Useful debug info in dev tools + // eslint-disable-next-line no-console + console.debug('[Auth] login response', { status, message, setCookie: response.headers?.['set-cookie'] }) + + if (!success) { + const error = new Error(message || 'Login failed') + error.code = 'LOGIN_FAILED' + throw error + } + + return { success: true } +} + + diff --git a/vite.config.js b/vite.config.js index f033f538a2..60fed1784b 100644 --- a/vite.config.js +++ b/vite.config.js @@ -7,6 +7,17 @@ import tailwindcss from '@tailwindcss/vite' export default defineConfig({ plugins: [react(), tailwindcss()], base: '/dashboard/', + server: { + allowedHosts: ['localhost', '127.0.0.1', '0.0.0.0', '778ded44be8d.ngrok-free.app'], + proxy: { + "/api": { + target: "https://oie-1.quantis.health", + changeOrigin: true, + secure: true, + }, + }, + + }, build: { outDir: 'dashboard', emptyOutDir: true, From 49cc1899f265b62197d02982df4915c0d0703ee8 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 29 Sep 2025 22:14:13 +0300 Subject: [PATCH 056/360] Add more testing instructions --- README.md | 21 ++++++++++++++++++ .../intellij_int_test_run_configuration.png | Bin 0 -> 98948 bytes .../server/misc/IntegrationTest.java | 19 ++++++++++++++++ .../tlsmanager/server/misc/UnitTest.java | 19 ++++++++++++++++ 4 files changed, 59 insertions(+) create mode 100644 docs/images/intellij_int_test_run_configuration.png create mode 100644 server/src/test/java/org/openintegrationengine/tlsmanager/server/misc/IntegrationTest.java create mode 100644 server/src/test/java/org/openintegrationengine/tlsmanager/server/misc/UnitTest.java diff --git a/README.md b/README.md index 89e60c392c..a6c73e1807 100644 --- a/README.md +++ b/README.md @@ -36,3 +36,24 @@ Start the `docker/compose.yaml`. ```sh docker compose up -d ``` + +### Integration testing + +Integration testing is built into the included JUnit test-suite. All integration tests are tagged with `integrationTest`. +This tag is read by Junit to determine which test to execute. + + +#### Running tests + +To run the integration test suite the caddy server must be started. Run the following command in the `docker/` directory. +```shell +docker compose up -d caddy +``` + +Then start all tests with the `integrationTest` tag. This can be done either via commandline: +```shell +mvn test -Dgroups=integrationTest +``` + +Or from IntelliJ: +![IntellJ run configuration for integration tests](./docs/images/intellij_int_test_run_configuration.png) diff --git a/docs/images/intellij_int_test_run_configuration.png b/docs/images/intellij_int_test_run_configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..5cb1d1af5b65366425caac015cbe19273470d761 GIT binary patch literal 98948 zcmbq)WmHt}7w!NK2ndLzw4i|WsB}xIv>@Fh;m|R3cO%kW(hbs`Bf=2E(A^B(4R_Sv z|HHjs?^(=ZEjVYN_uc#1@jiP`h?0T~9u5T#006*y|4#BF0PuhW0KgD_h>7}3*OcsU z)GutCcbfJ90DkwM4_X{6KINag9i%iIEUZnxfDJ7)03bddu0}VytpDd9ngGx%5ZCL& zMU+gy^FL2GeX;s%?WFp}!NM5u5o*OLX>0^FrIWC>GWlW(wKH`1Vr^w#-#GgX0H6cB zmlRiZ*4vqLawbMxVIAzppUl&pD6wZwK0ei|)K%&*7mv=)_67o_RCj=^q9p~)!MbRb zV6>KxBqVIk;;sbGzcYQezP_#G@9XPJn))V>)|#=AWV+tGkv27_X?)z8lm?Le|GXTy zDhkjbuY@N4$&nw*!7SLS7`CKJ7p4DmW&4p)K91qbOGehqFB`lpkT?~RfTk)zB8Ec#K37m<9?|1e zkgie?Il8LlCQezjK~}VKQQSZ~lrVng{`a2E;qmFv<#kVyEZ1fw>ioVR<3`n$L&cTX z*Eyi5kwlOGB(?SuFGNgD=tp>j_wFrx)&kqkByNl)dcYsJ&WasJ_#^rLsRt`ZiDcA= zhH2Q{i+jC3Vydq1M_zUfXebwSU34QH-{vA_&=4`A6D9HYcH;1LmT(LgDlhw6_^}K) z5|QX3QN~T272$#(F{Qq~&DXk)c5mk|X7_IuKXvE=YDF7b?cCwl#UR+1f!1fEzk4hz zqG)$KUsZz>;b;*VO#f`MzETXZ9%!CQZSxhDuDA}6lO=8I5OUv z;pyRj>V1*LkqwVDePc?DHL!6*IB?goL-dOMQ#a;uea8+1`7UKqeUjK2_Va{)DzhPa zherLb%;1M&!SdZhlLdn_?2ve7BMgrLv14G)Eqchdk@SEaeEsv?`ahFXN8Yff!;c2m zRU375A3YS>lg+#aCeuEF>vm&aIs2?*^j>c+-}O2;xHKjj@GxD({8Ntu-|;7*6!`YK z1BhBTy$#gPXT><|feyF+vCf8iTZz~)+N}sgjvC`C@dI2L<}JdQ2nVvn!v3m&9`YrN zBQPQ|Kdcx8Ey?Lu1|!LbVeZ%t8DhtjxecMCVzf-emym%84H-DL!;UQ7rO)b#MwsH88*n@nz*EQ(F=8y?Z&O1U&#hZ1lsn3&8RPKoXKpZnyI zT2yYEi_SH3=KxO6K{x+IzH(83zfOsH3NN&UvXS@v2QZNw zU(JYOuox}TDnIv-g+ksSP~fa*!QJbaBKIZklvpJ7JC0$l1&flwzVM^)T4RU~H3l9S zIVnfiP-Sq=@OR4)NC$DF&tA?tmH=sZ@Kmr-j`H=tvk}uUb4uYJlX>ViRm|Q8@=KlDh)S=lqt&% zuNBTTRuXz0-SlC9C%U$)`!O(yRQ|^m|P+!Ee7>FcK$(hEct=T zLD4li$p(Zblk)-!aw*ZiPARs+y<08(v$kXHKY}7R6!C|-6xF{L^NV%y&v_ncuog* zzUez=Vxr69V7cYjGo8GZ2yaYml+zM3OpbdudxS{qSw0qe(NoH_bu5jifUWq2ZcLnu&?p zXr;9aco`->I^?i~bPK6v5hj&By7qGh+1xk|@1K!wpwF8bj{xS>i&9i`{{ken zv3i+lOr(BV=6aEBor!`jrRDax?-U3KErIN~qqL!#OxYI0?Nt38lHiU^(+IM7F zy0DW|D@G)NP%ek7!Hla^4Niii^#;`H)c23oOHIeaj_8L%Y6NIQ`KxQ_q7eLudZjBk(@(Tx~O{gKdr_b+t=%gLgpo z!&7Lu*aqV5Y=%qCJ9RRBdt{}Yc8ke z*hrDP-k#bwe$h+Al=pb#CzAo&kFVm=NuQ&8g=I1Wskajt$wPJ&<@@L+qNkCnE zo7s<Y*`tcNJXap zdK1ZUd11sR8lRZ(v z=?`|8130eSCC%XM*a+^<=K*ZB2kP+n9VCXmlV;{ZCP!7&MIET>XgF^XP6 z*3u32nM1WLvN$doGlclZ2!4Y z2daI*O+XHVqWAqPq+Sud^MS-}7b}g!DM=O^T`JjOB?Vr&=!>Ost3n`BIGT%|P6*w4 z_u;CmY!bIoiUl7Aw7*NG6NND!AnF_2MB!*T zR8Y2k22Og8jo_MQ_Hrm_E|n0KA*KI?k|z#Qr5ubgDC9Jb_XuHva#-<8e%IbWfiAR) z^0Vw~!O611fj?tHz@e5M1xs|13}++CQD5R`K5JzcX6CSd2kL{M+I0o;Xxx|}k;b7) zqUoA_zV#!sqZ427MV1@mM9$8v&^aB)A)j^CBT8 zky2Gx&nYTuG;#V@atO>yN%}Jg3C+gDe$_Z#Gd;d`6-tMUabt9U!a0h=GXcBM5|T;E z&5@2JrkYFg=7$00IL7>PNv};D8jxBMg~zAKXvv8}`C*0E8fY3EEjLA{n%DO9Ma5Hc zbpPJa5*%#v3`*yj0}Fw^ zh{&ClbV;k}mo{46QUtwhHVl>WNDfxwr&R!GCVYdMQ5ENG(8)3K!M zMS48(Zgf?3@&fW(6>8!lHP*~q``(zUbYx>fHka)r#9qLlE_MSGMnD6o0JSkvn7D*= zv4rPE#Z2?QY|W_e0*;YVyaNxtkt_YYa^$xPvy2EJLCH^e{Wp2wzx*d5`RNmh_r*i! z@;fp(25&Po&kX1145UjeO$J^o*Nt|YN`Vo+BF`8r54;3kOC*$sp`9u=S`qRu<2*Pm zdT?q^aJu}(aynh-VZF+aUJq$Z=RV=x@sR%8<>oLUC1r|t zztQ>^sIA;~~~jBaYLm;OX}fMhGkEq+v&~lc~8q@3dSBu9C@|r9n$@O*~og z{@Hy6`VWAyKjCOKE_52^y>=}uyiXj!NsUp?LMU%ub*?rm%kwpG_~x*>?%iBqZ&b=d zFy`bfJ&MU^snL{=v%xWmYryHPKPK0rEbAR!jbQ$pCkUwpEDFpSot2yv zfr{|#VtM7)Ov!i<39(`BM*|POQNFtJZT!;5^j;~<3(EHTS2WoO8&_z^x-U7eDxqGT zs*4+^N}gQDMuu19kmx#90AZmELLa-Nm6hzj7%yWmbF5%{R1<$OM@s_NDE++4$UZ?s>LsAX!M2%nJ;r1N6{ z7H#;xrX&Q>Ca}SZ%ZGfsmTv2WRY?atXcZOR@bQB%s!a#IXLehVmG$)x%)ty_+1 z?xre~r;1Pc_Gj(6EH+6t=Sx}H)L74U`nqvB+d{e9?z8eREoLKf4mb48L68#-4K~sf zkt=3m60+hi@VxU8nXIa+Co{GC0Kn?%`cea#X=Y>NoqS42aKYNC;MM~`JCZx%UI^VA z6(Z!k*5Avy97JQncAS1=J0lNexVF--kv$%dxfzx2S%3|9v29m$Lm`$)<;AE%`Oi5- zLZSI$Ju{unD>#OIzu2ljY?@1{NgU!Q?oN`8<|L)D8;6q)*|+Afv$Ipu)C?IIkgM0> zFeadTPE&pNfc`*y*y8=8p74qJ z_Q*6r#8{@o*6*k0_j*`>17{(Px;xs>CVQW%l80&-%EZsD<{&VX-bHVmLSn@wB?VeN z`#B#R&Ulu3GNpN|>$}pFx1P9L+Gkac-?iYY(6~QP6ux`c0uBxAjK!iYyd5}-DI@(f zVS@X;CUX#rKGB0Bmp=vP)nz~t)96G>Js@6VV8oyyXdkA|kU&y_|snAxn0 z6)*rsV6gdJ>^ljb-Hhii=(FROZTKpTw|Po#woFfUMyLV9`R5}VRTtZ?E`RoCn(qDx zFkA?hap$?0c+|4|itT0x%%*w6t>@`U@$p;C_U`M|Z(#?gybB#Gh4;8bftDF+|yK(dL?adJ`u^iKoc)uhF@E)0n?DlQg2Om!8FRl!SIdQdau-qfF*4d^b$>Qu8!B``iolC5b21xh1b4hjh{r&=3T+Zcrnj znbrily}pY_aR39FrD}h`Vw&NC>8ZE2A@79durrC);(FFj(j{%QxY%!4Hv@u5&c)$_ zMn=eO1~o5`Db~3y6k0d8QJcxpK0n4(0qsBX^XcvP^>nz*9$Ha|5`v}mwf8>+{&4|> zxhL$>FK}^vX0Lsim7~kMdZ;Lk*M9tIKKKGfyPXL#t@w&dR9M}L)~{y!KqvtFE3xr$ zhEt(&NY&E(e38H#U-U<G-Rg4tAb??CPN1oz4XhY;N21?>ZTcZQ267MJMhe zK)g{fAQ@hVsXj;d>U$zIz^K0SQ&gyH|FNOhjgr~V%FY9r+Z+#H6?*Y)RwJNUTBpm7ZwOM!bmcesIKT2!0 zSl(OdF)a0LOjXVe0;#|QW_s$rtX;cO(W5Kvsiopgj@dF||Ddge^>e4Eh)DsC*u@%K zD?GN-5suuGCkiW5`7WqXI!B_GNlz8|n{N`*>gWcecB13qA(f$q5}OPp`jqK5Etl5K z7qx*S$W2L>sn;yn9uwA7OipUt{5Zk7Y2LwVK3?BW(Fv1pmaQ%(Ct$EN6{1~S=% z@@{_949%1_rq@KGH}%9cQCM!TULV5i!a$2u_sKXL8N2{}_8Za}ryc*9-QEP;HqcF@ z_{Wb=P+=TlQyNJvxR@v+vl5qNjY=jIxw*N{Yc;$!d;F#h0xU&5LpxMS{KqF=hBIf> z8dVPbLNo-ZBu03zTO}v|nuL(hCqGXfHs5lMT0b`6;<&tqnT-t{aC36Z;$XI*FyHgF zt=wrImO;nMNq|~dSlc~kqlp9BVvDGRySoragY)C;oa_qobDG%r`0+g%Nr#HpEC&c_ zv5N3W@JW5Cx0d#=FrA>H(*kk{tuV{#$^m9Yz3nsZP^_K|O76g&jvIp$jb*8Ag=7Jy zCOyO3*;}#y`GRbz%Y}9#GU9u_TiXY94ORcLr%wUiitAoV zg0!Thff=4!p9D#Pm0uGwqC`9*%gAChzvrhVC;QfT-RqKh*G(c`val4jxW3J|)S~$C z0Y5XlQ@aF1OwEzUf`{_SlP3_c$;MAPEeK0hY~a9MDwP9rvQkej&n?PvcUrf}vTnxq zwt$c?*GqKLg2z7~paX*NoaJ5IK8;s*7M(elEuYx3L$uDP2|5`Lz*j(5jnVaoSIQSg zOT3Afy(!PyK+J^7vfprTUJ{6)1E!_LGOuW6U?+S>D+-MptzUKUKrW%@+m0qt+kO|` zgbO|=nR~2fNAgdfS@zR@&K7|pEc$sN#OC7EK_9ya)J19g+Z1o|j2(;+i5yluJX#KO z*_f|%0W4jF%4^c$)gRK%UiNBYhmBtQ$!NID5eT4^{ECH@^>BK-8gy8zU2(MWsi3IH zcXZ1ip>{tm@bcy9egeRGKO%FKn*k$D0NP!(#yVDr8K`4NSZg&Cd2@r_4eROJa#;Fy z|A?E7N9E&3WW?z2kI@MU1OOWW-HIt>=&JvPGfFRrNZcdbuSGi8eEM|Y zRVm}d?LYe*`vCe=9$52?ZXz@L3mxe@bEs%dG~gxUM0qc*8T@Bkt%sRem=hkiqVS@E zKt!mFdvP@*#mw=t1GPjnz-MD)1|habGPKa=fPHKD?QJL;;8CmdV^a1zGz8+RSIpU& zuMrAwpNnBMI_UA^+HF9kdqKy&?)Xw|Ti9+LJ)-~xX&8`tx=v!I))I2QJKRc*d3%kn zQL6U&vqOgz24}Zd0viypGh0K+MC0YYYrTL-5xR5gd!^$(BK9Yhd7snZ&NVugCNS&_ z^>xffiFV`=%tzr4iITnS>kAGE=^$)zr5EAA7j)X|yz=5%98ZDKqlyX;2von82l}%a z8v%Iv)d4ItPITobgX{7Sm1_(@qr;y6F=ncYAnkx#Y-+53T9ac=Ma4tZQps4)W0+Z3 zdQoBlVt%aT6xXgO5KQP9D=TRPw_Kwb9ig{<^z;I6O7xCpb|Z)}*t%bZJSwBD@??#v|w@cnkKYUU?_83Z(y_8q=9E(g1nsret&8Bh z*-o^a=d8A)$)z6w_R`-FE_j?iWnp2haPLuczKlyk8v1^VNeOe?_aZ0iUGOc867nyd zsWrU(mGSuLQ)~bVve*~GR|b3TLWi3YH5;aPzKY5$b96_gP75#$mA&4tvK*b&qx#)} z5h>qWMhYfU5)-{;XqpLL_PsA~Rr2e}bVPGjAe#(bQRXWrm z;B;QQ`e1!#-)QUAf$AO>==;oXsT)s1tP!1*#P9L6x}~7}hEsxoq@|Lk&yp zCv(4-zZo^wH2+*^QQ43juqb^Mii>IjzL|@|v5OHiAtno7U+eW%*3k`5CdxK{K4fk@ zqqDjBW2HX$`OV~I>a=ql_ao!8hp|%(N>)VM?^J^@gs00T6a3q3bsEnxwLM#KQIyZK zSXA(;wVW|n$%ET8=#bl-Y5v^&{q+8(T3OzbWRUOnP08ggfvT!%w)VuMM>pq}&aTt; z5DG#M z`z0N0Ov;k&r}~?pVQRHKK)|~n0ZTiZjr$GgVh!x*FASBL@x$J}*LXAg<$Ad8+%!0p zxeVS{7Tg~B@oo(Zb+*(aj3!KcbI9YcwR0OPc6N80c(lmyvyc03G@5-&)Q_`6;(RWw zf=e(oRF=!>&ev}_6bHqGj3JWjy2PyB`~+9Vhfr0ruS@Az@on0Tx$w`kB^MWFGAN`* zx_?|tL@~>VL?AQ*I3o77u1CW>191^3H^Q;6@6YUqYhQ`MT4g^{^MlfYbl+_Qts>_Q z1%BPq5~^5FmNZ${(-B=a;hu%ex$s(>$)Tb@`=P8YbCccwW&t2M#YEnXowVHM4NG*S z{EQp8^kuI?c~kN%SPGarf>W6kvZ)d#klBO9<}QTR1+yAoSMUaKMZF0Tw!vq?661$} z3%HiQX=i9O*cP1zx0Yt{6ZSv4E{L#U{^VU)Szl)Hr?tvyDy0?a8R_mrk2UTODm)~r zN7$nyJrQThil~-_iH}u@IU6|-NhljlDq)>E-apcx5Df}{psNcZKKC4&@BbKsDxVUA z!&VCIz4tE}!5T`uL}68Gb;d`OS>HBRsVYg!M?Y4x+jaB&V}g`3$MhkTh$Kj)R$WmT zm3rSXJI7?6@0AgJ(+<^MS?W_E6OSn7H?c0ULh0qtMa*1NJI0>97wl4LUxxQ z36$5Ec!r+C)2DR)hw?#wE6EJpHN#)*&4l$9g2+hH=_A6OTSkwPJv)m|KbKCg$<_TI zoks7qiIl%2n}tMD5uqq{IAQp**lnT}iktkT(lHUHq+cPRRu`dAMnN`K?~H-q=l|FE zlq7ywQyaUj1XWPlK%ja-=A~BK7s=MKDED|E;gKcHBxXtaYl^dG zO;c~yA}BCi#HAZdY%lRZT4OGA6Lh|>ET`=gg)SAi-Id|TM80}LuPZ0~>@E4`Gk z<-@|LqEQiD=Or;6mo+66BF1`;j*kvcsuiCJnrFm5)si_w`b4DEjfd4(Pmmtk+E!?= zp}2?6yVP0N2>ff98A<;MO6^j$dL1i^=_k%%cxYr{0j@p@sbNK2i&?Rx}AGn6ZLiNAJD%^Ux%&Vo9KW|ovZqKRVqzM-<_7{>Zf zXz<(K3|AHPoL}Ziz^goO3U!z?C{C0g4cl1dnd%r32YCzjUF&A z5m5yG?(a&MZAXi#Mhw7ksW}-ce^+FQ{e^5+_IMFe!=m3D)!D6XZwvHob9pv_LP|9e z<1y1v!OKiHjJ5h^s_`*KUt|QYp1MQ?qu1IqVw7}-9DA9a*);6-8KtiB*NhEeg_ee76w#*6OvP6UT{Q6Z@i_T#Q4vDaq(@}^v6<8#MP)->5QVW zcvqk=M;-%e^1@2&?VPF^4zlmj=MuM=@Nu-h!9g_%tO$NA|QNp86H>I zdx_3}2C2qghEuu7xAb->GpHMOx#fR&>O&L}z>y|kFp=JJ+KLlB&x7X;lsQ4-112kM zWq1Egm?$$8a_8!Jg;q9}?qO_#OZ8N^Ns?DSZ_bnJ`%cO9PfTEHRo9qL7p0e^t#Z(HCAtZQnaoJ8lSy>r% zM%Lj=Q-CH1YmtqJDUro#&Q46C-;!WT+s3uIh=1A2SR7C&;VAoPzj_;9+oM62Ppaf$ z5JiE?h2C>kGB5>QB~{hn=4PFGotuuN;D-PU9>L}1m61vnvd?={J-z74+a_v?6o?c% z;iBFfV{sxL9CX7^7|%XCprabbuYYm7N{m@v;=K{1;f@j8M`0`|FgErLF$qa_L4`LS zs^b>Yzb2_{h!z@(6aDR5o&u5bcJ_FTU0UIIDx~abwHAW8?3JMO&o?OVAs*uukLU+e zbIYJcTTp31jy@+_*)>xVRj4RO{Kj|@93HCHB{?Rrg_KVcVCrqW9jhF$D3kh;_b2NA zaMq2?59p{N`&Hn8I;$hq}`{?(F$fZ@iiNwAh6s_HH8e%9AOEXnlA^ai)bze75=3}7@OxjTD$q4VjHi|kiRmROTX8X|%*jw=0PtfE zp6L7uyV*)r8f@nq8fOEaE$(||K> zf9NF{$KC`!4;0;-)f}(&?h8{90-HYDBsMkG7oNg5{{3bk^_Im-_yy*8HxcM&u#&Gjjikb<^QFX~WZgR`=Y4liZ>9?D4ApQDZgkx8 zFWI3&b-qwPJN?rrN|xGuW5ozOHYXvK`YwkE@@Ik)pCaPgg~3_g<0w3Ge;bd99`bZt zHPv~`Y}RE6%Euvn$Mnnhd#fL4CtQJThs`kfeXw|akMBW!t=R-4{?hNlDw!AbH4^F$ zyNQ9{yAxgQy-A|`ETc)u%I*Ob{?E!R-M;rsqM1K1TFGfnI6{czk&G0k4TJdKPWMGl z^6ZZAwC*J~ZY;jkj0)HvgdwRK3Ku;@3PHaVTSWA7id_5Y2a>pPt4-j&*Q~FXChMNi z4x|TYR+|_OI;AL|H$6R`u*Qy(nK|2f7hZB*DR!-$(uerPJ9)EYUpntW4|Y_@}Y4n4X_F3KpWS3)k}#G%e{x8`Za%A)Lv> zGh#XZs`7ESMP%?vVB&=h--lm@@)kj#%?Zyo61sr6okTPAJ)VFD7vq9^8LHA?IR%N- zoX0L$kjPOjsnk&HYRs%fbF4_g7CeiQ!r;CubVbn{nmdka6zkVydz@tX)rdMw#;vSp zHb}2G)QEt-3BPkUMrOJG=SNk^-fYM&mh)b2d1Xx}M!WAM14mDHU)KmsE!fVSd)%W5 zpPHj$ajvr5sPtA-RPcU`}~#@5rm=rJxRyWJSOeoC$#7uEb~OTTh@XcT8sMSyN9 z&2PZB$o2Z-zM=54xy%rSoRl#$Rg%@rg5QhVwlzb!kJ9UF-{EpfMc!!c!R$ZjXXIaa zT_9WJZDI@HR@D>6QlIT8pV#9=YwG}czpq!H&AJBkJkQqEqWa)uEw1*3pM{#nxo8}` z)TG@U#d(f2zjWn5bt$p=l(a%`d^@K#BqjM!O;Z5i5*ScWP#`H4P}f64O&!qf|6p}} zZDKv>YkBhT3HJ&%GoXHqSzjLd-0!o2=|>YjdPH)ryPQ`d_a zYq2_gz21J=D#L>uh2!e;w~71i8 zCDzPeW2jF?*Sj7m`Fnt#PH_H`{N(JW<9t3^Z@+0WdpBsp$8c@5I(P2_?T`$=;vqs1 z>T+G&ncBo#Hk>5R4Hs^r%?jBu{1O6mHmzI`S!kfz_#$&UnBAu^e=_U#+*hEa+{m_NJ>v3+Kx-oq(Q9MfdlcTtL$a{I zkD0LprEflN1GyR~erHEyD2BcF47Mf{mt18M+;Jq(Q8U+tu1yBIoJV39z@pVfOTK)) z8eRNE`AeJ7JP1ZWWCBQYlwPmXcdi=xOVy^8Z^~0_`mX!_U z@#%ZG6>WLHpePPZCNA?08%;VM?ef&tLVKB|NdE@?BiN&up?ftpcjQxdZDwK5hFE-B z(G=zn{lB7-1CfKizrTWuPc1&!E4@p-DSDmjIpysEbC#!J@DZ?0 z7c}NTYEo&I|3`k^%#Lk`@}~fneC^RmGx0L&i> z{N(!~zPN$4}e^*f={yOj_ zK}s_o5Ku55Sbk?MATp&B68zn9^Y;sE9(A1Q?-ase0%tU)i$4zH67Ns(_tl9~r!;uZ zQS`VwVbaTcg|IAHBR;C8wyuGRgr__Y(c!3sWj9!JadNB6 zx3x!hFj=Z@)PDH%T}cax-{=gTZfd|RZAOmVZz>g%w!7kiG*sbil`NPoh)Qy;Em}P!luHINLJM zico>U8P(X%Y0h4U#OIN`gFk&&_IN-<{=@m*5C7hDau3^te=v_~W?kFUPH5xD0b zxN#Ro>MrR^ym8k5NYR`i;(|ibJzg6CkK$MMd-IEi!tq~>858MqP`qhw(VK|5zi5iP zHQr-myLEV4l?G6XWY6#lUErh%j1e5{IlDEx_+wvg_m(mb;i2{~OZ|u0d}^n9?#G)@ z4GU-oiE7hKV)@4JMXEZHyYcwDb?P@-vMO0GE53+HVlgScymNQMR8vR^*XEq`c3S1n z0G47PPVXQI+E>LGG|ocaJu_M+wItE8~b^AXU70L58)e&0~WkBZ&6;jNI8b(a3gNCKJ%xsNcYva zZU#^X&JGrZkb0Y*zI<8KgfR*q?j0tpeToAs{?#MAE*3v0?3JZtWS;SGV7gUTp)z2A z)aFR3?5;cH!>d}W1ym=6g+qLXrx4Wug@hK9ycxpxwiP1JF0+iItu3uAq*Kr+;O+s1 z1Sk9F?^rhruE@wW?ejdk%Gpc*74g!{xHSy!7mbDZgx~GB<^AB=byW~;W1Qq-%7eCy z=7b^r5`x9@I0!5~7g1a+(w<|_o9((CbzyxsN-k`L@r$fP%69p%ez^*42vbCMY-<4c zJ}7IfKQNGT&k*Np3ZlLSY^M7SG#CRti(DV86Wq~gi_QgxR-BP@?VxwxUa{P%2V9-& zKSa|nUzjp{yqEITr$@0ha3S0 z(@R&~vrhEb?>{7FxKPIC^wZjj4zA)?(sTQyYj)wvQ8bxoh9ZYL){fGHii%h)=31-I zSP7OraR7^U4K|rS9)Un3@*}EdEZH1ZHSh<|eoU13$Gbm~$bA|4UUKX?%l+kJP7kt( zUOtkJ8Ok z$6J3Uq9@fwadG(#u2Ksjt?>1;4})o;b@OR{Q~QIxtKhTclo#49=Sntv-M%ukJx+VC zxz>FO6YZdw;~tF}rc=4+Q{Dt7M@{U{pW~8R?*$%~xA;w%wno&^h&*lD80h$o zPT)}9Ba{(b0OX6Y{T&=a?xyV2t%cSec)`HYk$cNNS!K&Pn=L+FhVcXMtV`$zthKSu;_KjIr1m%x$9=_vH++h%v_Y3@% z@@6X7#!a~X8B(+a-NmC-FTuVa=SBxAP)6|^V}um2L~T1FQ4NCHxM^^2)PmfF$v%l2 zf|iZI(ce=2SHDY2%E)9D6;WJQoq_eoJyGQW0}IQOzV{*T-YdLy*P+4*L*A`^4(_A9 z$hsJLNenaNdFFhb62MoOC4%}U!P+pmzkMxA#QPX^M(Sj3%iddv;yP(^!R$3*>!?15 z_q3`o8eDC*7PMqU4AkIdc&P=3mGO<+c-~3S(mUSVl8=?;iLNos``KmK;ykLzf-8->edeP}}K^|pLX>brwD%>TpZ{mF%c8o~e_lG*_;?Bhr;%mjpF zGjO-7{v6KF%u&-Ge~ZhrV~2SceIcLZAC?s^Z;!iMcW zx<;ebQoE)9aY~#y?tFu>B;0^MovKkM*#Ugs976s=#x8y(K-;r-z)X;e`#wf(?*@NJ zUgLqA#giwNYs}1LCHLyYMNUQ|;aG>p@cYrT9M~cx9|Ipyph`>R?Is%E;>@bn5*PZt z!ftgVp(7*-I*OMraSK-6y}=)~*7iTBe=f-%s>F8xv=TFF;(#0JqI9u~QGcY(y|;4e zhI25p(`0jd9r7*|_yIRe>1E3lo_?5%2%)n5acoKZ_NahiXX()5+|nAet>iNiHd^y_ zQ9sSL_znzb%I~Igk^IMloh7K#P^XTypVQ6vLgx)pL;+5iS!DP1jvd-G?Qe66NzWD$ z{qp`wLRxt@f)ys=$htt)>{-%)Uv2X})%trrl#TZ02NX9;+YQXA3QVZEH%TKSbU>zM ziYjWXK|(yM&h~3;qW4Md7iRWjPoT+px*T5`$M-sUiL<-e=@ow^X5LKLh|vDXs9dwV7H|H3ZOoY*a805f5wzk zOOBj}T{jSpCFCuL<#nSM(0VKIbnyOa3zO=8^?vEqOvZ&Hlu>8=;q%kYAeE@#PEqSw zA1t!H()%tq_;C@u&Yz)jCWLQo(|O1FoMX1hApfrEbEz+$aJdJ`J+Im8baD`N8{&Fi zfVvDnHkOVQ&Ds-=Y_Ba%8M8UAa_nAH6!p2& zp6|gDwUT{*9XE)|T&1@v}yc8#D& zERD83Yv?a;5<=|4cOi~Be7pq4$e^5_$e$<&Fpm3}Gn;LFko@X$)}sC9c$#!e#*gPn zZuY$Fe29~SB}(SwXA+z+ci}RFgRAVJ4h(C8c4Q@ip>lMAu15<8Zs*E3!fg&|!=!4@ zo?_v;2oyp#rKF`Z-6l9D>!+^c5*XZ|urul=Wo6CtFX<@e*mCB(;qLuiVFY)ta?7c(EIkYk$QcxEMfFyi=I1dV&a*|iq4N+Ucy{`9bIb< za)dUi;UFoXg6@j}*`rPBC~jO6aJqvVV&VQ(Qr&6yAwZ|evwNl*l1vs~OMWx9U2izt zuz9xIG+D%tcY3S>GDEV3HyHpLy?C%vbkw?yPrAM^QTv=l=T6?uL}@fMyt|V571*7g zzck?4@-?vK!qS*=I(?jyMARcZqe@^YykAl3q|v(4*#jh0LD#S^Ri9}pqUPR+Ghf{8 zPPIT0w3m-BcCS}hkzmoqd9UjOm!d%}{sGxZWYCKe*1={ZDTF(MvfEj%a2R_8MpzB2M)Rv6w}XDFKEjS$|s7d#N1 zP??#Scr`}_#xYrK%0zW~7aLhwQNe{8!~+6>mq=BNRuR#bj1+*7f-2AE8)qetOtEWi z8!%%=3SOd@UK2~$SF-k?h^8v?OSIK(y^I%mtO~TQ&m!3-{iC*Z>36oFE~b^ge*SM3 zK*@uS76>8d;`@h+Pikt<+A<%uL>Wl}ggP&m`l&^olJPucN%d@{<_wkiU5VM`}@Lm1z>WHr^SqBAEl%ECBKpY2~+YZ(S z+75CBP_y|F@o6;#TU)!s+rc>ob=zeK>z`W=nRKEAQ&aOzS1J6fqN2JklNbGs(<#q+ zwB)cpOP2IdDtbi1JK|oJYMtFtecm5Z?kX+JqMIlU3YW+&%>0=02!56qP*nLiX%YiS zx$&&!{&Tw#nh-SCT*E=To~6cXyBN)FsH1*m@9xyIKV!OouO&DyWO7uYLlf59-ry#9 zMlKZj;uRr^bI-zY?1lrpy$~wM? zii8+nkV)&fJt=9EgUR35J>cK_d}F@sFl!%q-lQtha{{xeUeQ+Ubjg2i1e2*V{M|ff zlb;@7yK+VU0uj2fJ|AVufEwCMRCCYV>PF(s%rLP2tr@Iz{(IIOO`!F zYmcdZvX7X<+^mRh5v?oS%Ms&qK#fhTGD=i)Q=l7HY7j;z`W&UUE!w(0CLN`T{M`cZ zKD&2)NEq_;=j}DSF((FL<-7OL_X%9ugtUfe6nA~|(%6EYRC*rATFxa)!LlDDKO-0i z(#|mK9(hL4I^JjuBy!i9tcpvm+ch7qf27(JA%*p*KN}h+!YDt}%QcKBm4=QH@--IY zv6jNJom8KBUO58oQUOZd`edbV_onVigLwWAVQ&G|X47?n(o$TD6u071+}+)!NRi@D z+})kv?yiO6?#12Rg1fth8@~7b{`+59_pUWzWhKLt$(cE4&e?lU9^-R6|HI4V3SbaH z^B2U99c0jiW?UlvT10aBE)QDdcShxFo)%c+@x1F?Rw;mYY->To%9TDA3=U>c zzB!f3umCF*jh@dlcVtZjg`u)Xx+|)KKu#>z39S+;3DIGrv@TUe04jurg?d~K=rrcmx2{4nv zUdDHWmru+xJUin}@PLp}#rUe^$9$;3;7T*Bq(9lFsA(`7jj|8j_BNZ_0h+IUle zf42lRb`h!K2u-w}51CM%{A*mxc30N!;G+Wt+Woh_Z5 zu;tQOV5HsybZ*6ar6ebfYsvq*Z)5bzi&;9Lt>;nOA82)b zDH&Z6+UUm66D=7f+8ZH>CR`a*g)Z-)DuWN`hC{4)44u#Ja%Pq5Wl}ov0|p&)TKWSVYmiy<}jv zv=A({t*5c137jPAto#dpDD`{*$R0!;L9PSC)v?Y+jSO5IqrcjFxIo3;-__KI z;hl%9EryF}Je;QI<@C#o=I>pp(MZ6yz=e*9AQ-{ z37I^Rw3$QEy(}F`DJcI(PZ0FQ=$M$hgR8XwaJb6*K9OD4}pXmV)Fj5t!`#c+*Ovp{#8vFWI3OpK4Wc#EiL5RE~~lTQQ8r~ z&~}sdZ2T@~rh6KTvVj8#DI1Xe1|TSE{o!wd+Eh{!H0HvUozmYIl!61(*>jBV1TVo> z)X^FY!d{2K7hm-C&dU9gr6jCmla)fv)!_yWZ3y1!|4U-!OSMy)xbj`eFQnmAH0-J# z-n1`w3Cx2ks4-o^<9>P3CFDfjAvqUhvl$Oi z^8uq3!_u;gb(j!UPFXHqP1ie>-76Cn%02(-B0AgaTKMrF-ug3C(7%UUzkY>>|5uv? zmfB&kWB#itqoT5;`IqEYQhXPs{u6F8tqt+u6Un=zm=}==dXzSW?GzVZzmg-@*h=7&3h>S6 z?u>^wYU}6AgNsY0R144HEI@75Xo>l(X;S0>4lWm0S(4Z<5S94DRZ+XtI>)BhwTu@K z0#H42@yyyG8CC>e_I|U32TLsv3r}nD z%F~brpXaw9VI#GOYK)+e-8n{DwAQqWK)48 zCx?qtM*$jJ!E|dbhyI@%vi!)c8s!WVI7WkSG=;2YQn(ky`VGm--z^6?DR|k&>NC~# zJj1pktwa@5Zl`Q6X8?D$3&r03ty4R*;7`j(goYFoD+B}6c~sK&b;KFAs%qreu#>=Z zvM&H~2?TJLZYCK=8hnZ%F|nqn=lB4>QM*#lrpdp3ePS=U`2jga{i>Lpu?FA>BADWI)Y7*@<@0%_kV* z%w(z1iZq<5ZL8`D$ZC@lLX~%g4)8OdbNU4NVHJ|T4kO#a-!?Cn46b&myY7g4dF2ie z1to;~X%kZ9eOwFPciilj8WYEr9n2Ij5w-li(}g1seG}fy6ug;*&Ug#o6E1BfU^)=> zs0{QIv*dIVD$Bp(hHqNjQc!X^25ZT89;wiU>xQG3%a6=oUdb~#F9V5Z%Ch(?D2CQ5m;0Ew|X6f|U`n)+p9 z1^rV#x_|&Gg1DXaVcwBQBKB2{+fV&p36MV9cgG!FSe2b&9zX!obvJ?;{tQ83&2y~H z^){CKr2n}s@Q>c+8{a}u(>)ceFb!8TS71->&QBp!Ut3O5d24z5s`o{OU)w7g)YE%> zdzG#S>_O6NaU-*Q3|D*ETe#o2HQ@*s#7*1SSZu*wI9RU9YJl|xta-Rke&MPDNaR2X zrF<1*3Y8%IM1rKVpoDRGD+~T|4;!eYn8^8?Q9--3-{o3FKKvxc-Ojp`ulQYFFv)p2 z2q_X3I~|1S*fuR?X}cARl+VgaK-L#CTSlhOD4AmpK16=dYj8B^p%bkKi|FF}KT98$ zl70%)I|a#w4v|4&o`;ZuU2HRLSQ<1r33=LxltMNxf+ z5?wP?M!LIWKqAbU7cd`Pt1gzxAN{oIQ*HN9ZE|h7H_n)QdplXo+?OvR{UiqWK0E(u zo33nyBjO~rrH&M2?n7*Xet)};!r=+e4kV+**#{Ho%e(5=68Dmc9Q~(+zhrvwJ46bB zYUq12WWF09o&A&mz_)}nW_c%;b$HS1y>|4YGg$VNVlkcfWN&oCquB7haF0t(RF$wC z+~@x|;<`4(%4xrcKPNz>q(u97079ryqFkSDT z57s8rtNJyj2z<8oedu=Q=Qu8IYlWOnH-_|9CoIk$8a&U}2V8sz_eK`7dg>c>10%#s zD#NhOL6|5N1S#E>>}HPb7apL7lVk16rSuei3;pf$`y2{Nbnxo@ge>u4LGKL;g3$FR z5+vkV0fxWr$JlVH6c-Y=4xcHvDvOsl>mEAkFXf`YJn&5`AL=pR-EMHuq`>_*>tT0r z4|*~>kg_v)-!VpoPR2JbMqVlu&pZ1eF3cs4O3DX4Ig)xSBDoSY+urJIxvxR`VILE7 zD?)T>=la9XKMneIcsPrP1}}{v7zz0BmdpWJLV46PGAUO8>X^2h=AID!I7v7adE~&4 zqRM-eumf1x3xF|e1>`K=p}#NJ<3)eJydBIMlB{O7E;d!C`pqf`dHo#AU<=VTRj|JZ z1fTtCJ{-~88>_eYzZC!od zZsYYK7XWvae1&Dd#D;L-`l8Ub=8$j~7E>QL&75|BDvwO4kTnuvL0F*WmN16$_HiO5 z%M;G<)u(prW#+Q;4z9t{$>g?vbCEc{@q)f+q|(2I!w;z0`mGTb%b}B0rDa#l8jL0UezaAm^ z)+gj;K)kkh&~ZN)(FKuf^t|36Q6Pq;T-_melFKC7_9d3NJ#2=USz8mr0o&YI__L#r z`QM;GcL$`Ft4&P$e}>|!Il~8$T5X|}`I^WL?Jx{g)^0pVr829aufhRCNcS`Q0QuE@ zTAZPJoUkYV!N)>QBZl@0Vj46G4>;ufY!C>-5T?Xvm{et{%j{b&6=g&jP{xQ#`Tle- zNa9E6;|VV$6l5@O@9mm-+++i1j^D~f4V55DbxP40_qZOA5-hcA=U7|*RVWU zZ741p6Kxgr`c$21!Pho9f@hQzL6??5QTcq?W1=@ANE)iXWTt(8JUeW!5@@_%E4XR8 zAf668A{yv&fOpr)lfCS;x~5`F7Ni0QYdnX^3lvZYd+`q+9P`_VIVDGrd<6%0Dpm!9U-H(YiWkuB-)F~&d8eFwx?MMJULjMGmcAjaO zcn1DBdtsGv@I*|zo^lcBpYXY(;_>8`t>f!Kr0=+PHz{vTZ`C^_bRqF*%5a+3%4bA;m2AiDIbK4IDcct6jnNv_KMYb7jdY z;O%Gpw%xDiiG5DXef@=}3S(#6YuDvPgePPqd6{t$LI3%@`S^^(_7~38Buj!E45PBg zROXAB7uaYQH8#UU7eGl~OUXY&MY7^r6Lc@(V`@rl zN2EROc}+~>Kp1-(eOboFFoi4aWtlk$j}O%}GkP0KZGGg}?EylWSOO=77pzv+NQ|*S z*U!W2M4Q7ugm!I}jiIBop!QYNC+D{zM-ExFy=Z5gEA#uH1|t{i(ia~>PJ0n+OJ93m zN6kFL!t+;L#mn0E3M7#%>obge6J;qN&YdJ1+UIXD(X#FaK+&)#`1uC;+>A{$4k4x5VSPEq|T4 zb4)bjl;tcUnBs9v)^*1LQ;sgf$U*vRYip|>=WE*ThsHxn=q%%V)9DN(=ZUQkS7UnH zN$DM9K!2jGk!)?zici?4c86ohareVIt5=CU4@c@96DM(T9ER&9x|M|Kzj9%+*I`5X&-#M(&hyijH6J`;wh;z?Vj+<&4`;)PVX= z4)URX?RZS{YNNs7W$CLH0vCVII*C#L2~n3WS*et~#vo)5^XF(nRL9!`H-77>K$hH@u;x0~^zZxn20r#P|#qBf}t9hq$e1mMJwLD;SMFr(zb>huols)>Bn3Amr z^ZGqZ*Xd;rReWc!no0SF5xAGzC9%G5N_=CMYb2nfJ+8S(&a&diko`8d_x0A_2k&s_ z%V`DcO*KssHK(l3`vqVB!kmcdD^HC2m@Q$PEO+1gb!))>p`}S@YxLrLF0<DB}8bQ9UmC7??MHmBlb{p&cBey=P6TG((-lGreZtYy&b{J4fU#!T9n`bGXOnMaN*ehbqwHx%PnQl{4x-?PB7IGYaH0$(+M%f~#2?k(cPg=ymoH zF;?CmGE*{6)M)1`cOduGDj=$&Ul2EZw5r0$`6uid_O)vQ|DuGdORxGE?O!9E(emhT z1T#aQaaQrN%ZSqfSBQ@TVpFqINCdIWV!*uJL!eUQ3&ocVUZhotPR9K8liJDUjpWcETN zcc8T!3f`v5Tjv?mjA&AIf8zM%^{MH}$u8q$oey1x(XWw3MMVV|@uVvRi`vfzGOH+F z?KgOMRD-cG*942uX@?3K8-nU#rM}v|TO*ab!z?E8SSN+8wOE=-7e@5}1JV4jbGEuz zfCGUJrMC;G2qDgh2}CF=p}9b4pMh_N`_6Dm-DN{k@Uj-Yt)k*$m+4sshe;O9d6!Ux z=G<-X*8QW~Lv$zJp$3FFH^vLUkMMAh%(+Ln^*Jt$34c(d9rBqRkTk=wkXGRt{}zcv z3*^ki*8wZ3rmEKgzp`jVZLFnEbV6Z}E>!WsUkL)PPYIxT^)UzLDfA&b|B#`xm#0s@ zME0@R-e|Z0{nR_7{mnI_y(Y3vvvJB5v;YgbJiZCtg!d=T=n^gN&W#xxoIjK-`WT}! z=1&JM-xUBk602sQ?~`a1UF%p%8FJ@U)*^@nubfGsxVhx<-BTDBv?)hN*%S%>Uu5>z z_A&k1DJBXItruSsRSbO3a;*jncQGVjuwfDPrU*UgTW{ds3kHY+2+%Xp4m0OBV(0uk1hjnN`jI{kgckG!Wgy4CB=`;H;`DTRH zJNVYSXI~7UoGMYQEk+E}cO7Z-Fp}qO^0AhdYt5F|PLuxBA7OudqRr0WeH&|_J&}qb89?~IC#f8jZY#aAYW<2jX}+$t2~3?n2`9ctfCoI|l>r4R6L9 z4t+_C&}q(?=0NKHL~)mq@$yw!v!@y;q4L$x1Gq7Eaaayol(i@8QXN`S&ki}wTv$w! z1BR;#ZU-e_<)*r+(D$ffa9)|4o97l527Q$9ws(X^t05yD$!C!ISZ_>l9;|LV^ys8P z)}=9So}3ltw7qfykJ2ac{UQvZIQpd6;rxLM*pkBwLSf|&HD%=g*u{R|lfnH8dox!& zWY}FpK=EsYr>!iryKsNL_deFhcwG&+v67vVc@(FH&AeJ|tICZ5u0$GMh+dURriv&p z$&hJr^6KCG_QuIapHI-~I`5>C=vY`dO-f|kaTez8rtT(I4yVWU=OxZ_?H=jC;R8R@ zLU66$&vXGb(*>oB|LqfPg-=AY8qA^Pa$+91+##(xCV9H<>>p-Wmr0Zx&+wrM(Js0) zp5&{XnNv}CEq)uiQg{nUB;twuTko=sKP!|ab~v=4#OH;J#@s(FQ^NO%cI99cLrbmY zNWkV`LNqra15PCJcVRuBxtPG7LJU{~SC>djzLuF$dwg}9Hz6tohfJWFL*0r_6R64; zPlC6HQx&?V?U0vCW~7Dr0apVZl-(g(W7_3jJ?|G(4j@PbbP)!tpC8oKAn`a9aEv1> zpB`Qv#ZsXm*8}+B+TQH;!tykLPiyM^>XMO)isp5$YyHyqgV*^U`0yeJ+*pqmhr=8F zFW7_wu0E z>D0X(UQOLkIh}Z4)J@%s9(bMMyN3XebU5`|f;%#lWy7;Wfzka6Az$@=4tOyj7Jp)e z2DT3vlyuWS6 z)YlTP<2VtPE4TK=6T>259bcof?KX0VL3i4QE9@{$NundQ&`RTpJp3<+ zU@Hwi{K~^(62Y%HIXyi(;eA&Nw@snYZ8k5 z(=g_P`p?k}$dCz9w*uOgO$z-%+OCREwjMq4*5D$9ywI5Sd?gd#^Ca%5q~nD!+{1ee zq$4LPS4%ChYk_g=9dcXQ@eFe0mLB+-`W{F|tuiKnL~akz#Ly*zj%Hk!g+&_QRodzb zb~lsZ58%$Fs>_SrkYqfw@j2*Ls_c;WkrL4X2a2eH+Y>OGZS(no!b5%`!jxMMa;H)9 zArKe;)dE~&aAQ!=s!$3QH4V*#J*^dF=Lu6D5p`waN67as2)I)|gr-nMI~wz>IvNB( zHpK-%2>}(JYv24jZj^tGw;*!O13DjDEtjtNb=!yl#$YsyQ$9@o9hQCH++z+v_hvq) z?QlMFw`Sa5M##YF94~i<0~g!?BOE6O$Efi2fmc&o4HXni_od`N|MdPhg^Wpg^V20x zdNz5#khGk5#Tosl9QVZNDuM8!v=E0fHghDw;rz=wE{!zy>RgVp0rM!XI4@{*J+90K zpSDrF@tz+rhI9D*HIsgE_#aBfO|mqBJoO~I|Ap0IiBJs+y5TnB+K5NwJ`f(7^&~LT z2q||pmlFJN^W6%@=)9p@(y#|nm(xt_F~*jFE(RX=9t)`%YNDesj3?Rhl$;!$_j)9m zHK_(C@`(kauiOC5dneq(A?sK>ILMbf(n?rhLzMhN)a0*Y5k-wsk0Z^Z3Yhy$EbwE>q~BXW)3@OSPNjz$#z+#!>~$$RLwf9<0X=ee8)zR*2;i z?xdA8I@s&{8z*6>NzD@B41YrC*>NF>FR1~4vS<)+^QbZ^OHaKRexmV_&|L(6UOOyC zK-iLO0yfxR7~YBD^lWp01EXBb`Kp^gLu5r(6WRw)L10~MG&{wjjn_?|==E=)7qbvS zyqH$w#q<0_&33tgynq{ukDC#Ch20^`f*$j(;ua&iori76b~W`ebDhEO8~+O-G{jF# z>EHf^zBg0HzWDoL5WK$I*){?#6MmqYe2*%-;mNhBoj{N7RVP|QqtMh4W_QFW?=zf_ zX*kY>-0kXBz8GR#UX86LzjRcj_P)FK3t(aCOH8WUS>I~Y*KFa#9?!}%h-lCY*ZfnL za(ha;4R2=99;#4n(BOFe%ho-fIbmA+I`_7bb@L@F?yk^B`v`){1|_H9UJ;edw#uEPw2b95NY4A-gqXi0wlDkWz>Qt-#e3}cizHI zxOFMlrc|!FLIb`DLCZBCjGbQybb6&{g2IkCO>B(5IlLmxdL59iy4gWZ`N1{_hgtb} zWV8aW3YM}Dr%^&v%Y#r7K;D!yzmFkcLqyD|xp|>BMMMV=vgY8QP=A{y>>OlMwckaeW$JjK#m^eOeA@ndStdZ*X=?7qd%D5 zr{3{K!rxGlC{RQrvekuPh*@UCo7lDh8g*j0L1V_So!?h?cuthJe$-(Jh^dZ>?>I@# z0j1UZDd?DN>j}IdMY~v}{Qh#;%tA}0ne6T(jWg|{&|>R<0SfCgsB1heE-6X)C_xhb zmGJ8GCp9%NnF4;1GHFxX_dk?{1vs0vJFC*Q_$9yYSqtz*7Jbs_>=_9%ejF_5*!W(= zVH;kP%(g`kvv`a8bf zqIHV^9%70x>uF5IH-fy=_o{{$V@}#U_tT$LA}GZpTn*#Zu{DN!w2z_9Zm-!t9v>F= znSqO=JdB6jCd^8&DB=OGU)lG*l^XUe2jHJ9j=uWHuMbms#T`OzYJ36o9ULCYB7b?0 zfO&&}irFD_r*6E?qD(2OqiK3HuaDAm&(cWXp-9*LPvm|N-mvKJ{_7%4QC^c+R#tQwa>xE+9;|{p3U4g) z`(VXdjxW2Lj7-H+15|G5)R+Vg~L*2WG&y3 zDHeTv^?40ncvg#ne|X?9QOpLPB*F4My4`lbP%Ia`pR9-hz*9vbZ6U{b_fe;nfFM9g zaxZ&69G7@Y!ec|G*JBJBBKM7i`smU)8tdG&Z*$S?$pnY>LB{G=0e~{b z4@V$^HeSZ`3Ef&>x7|n8d4`=QgkKbAhvC5&pHv0A`At8Y&Lb~ac;cXy{*i0L$?8em zPv{#lbiBxo&J1+Arf(37Qz2>zJ7P#?*!uzGO^!cBGb731^A@i8kdIh;6vx&6zMkJ( z_Y}wGZTiLE`^BHg&YH$fYHVQ&Xa_V2^jX1`JjoqJ8B?LuQ|2DW1nWBBTT`564nP7y zv{U*iy(pALx8q6W{%pBAb4XEo zLK2y~NUDpgS>IhPb!_v2+*MZ-!!Rqjbq+CgpK~;e%&?kDG+>Hp;t}tvd}l--+H;Bt zolx2Yy+|@}(;P8jiD*xK;rL~uQO`s@O#)i5+o*n%G5C-OHafMEm@u;iF--P5E!UI~ zFX=TUzUJW(N=}M{-HsoSfH(m^HIE)=1|dY&sUr(NA$H=p&!mwO=AG&Ww}Iy7$m_>v zQWPLWF9c>N@;AzkS&Wfi;mJvLyf4aOdVi2QDf?=&_Sonyz3f-3EPMJtlVZxFa$gwy zJlRGH;JX|T>XBZ6g&NR1?1z56p@bP0)4r-N)2M!P0=<}^@XNrN>aD}Bya`#ftV2LJ ze)VSH8~WQboj{`0dmbJAg;QF2-X|0nd6I**xR;aqD30m>Tslf*+?av)(eo1mXFh3* zL4f9$cmR{wYn}B2CD6;w=Y^8!-~8)6*8rpJDKy_cUgf?j`$K@YqPLfs51>?h64-N? zQ?n?&&;PhkAPPT|%?rliXBYbzVpt;Et+szdSK!d+On8-o#~(s?9AY`(w^X(0ymkMz zk$()^R4JpH7WQ2I2fiH)ks_$g09imzNJdEoQcf5SV;0&F>21iWaUdi{Kn+LI1rCg<1Um<;?io~%`Y>NN% zh-oOuds;Ga9%;7a;Hng)x66_I+F#;)ST}Kxnnt&+`5Ra+7HUqsWLk4lke~kcnQ~W! zr4!?=qP;09fEs|dVqs5qQjb7=XOmy3M}Wkh$Xv!Bl0^V>K@jFZZui_znz8U~c67?@ zw6vG{fK$8QPH;mAv+qX?O9{=S{2tCZ-O14Bg;@elpUupz_kQj}*!O)+8gL!C0orSSka9q z)vv+SXNi6drx@Z|B={a7VfIF5{U*783*t&}PW^3pjsJ{8$_>sOABczcc(i}}Q2&>5 zEp{jGr=*wZ<>6EQhSI6vSqLxVOP(H+o4MdHf=m6TnJP8*w9~LZe>DpHmFZp z>2^;6fgg3Xbs-a3t}p9v(U>_)eh*RZ;gCTSYf`5x`JY^VR>D_RTbZo)q&faYHN^4x z`Wddc<(V?IN`033&u@H*3Q;pgLCc4zV_R)w94Ic-JCr`0X)C?{?_B9=S6}TTnJMDO zH*);*dxc$_GVGC~eslk(l^%>2Hk9}AsTf8@q8{KxL!?=!i;Ow#9sNNYX6Y2t@$wDdmDNqYZXo4-4F40} zq6`_Zj;fXB)Njpjs3Gl9{=}3-UY~5^&%1+IZH--RsjPSMFn*UnJbMT z^hpS>1Dh*aCQnz*>>U7H5>VaV{-4B2ttPPG_`uhwO69wb?6@R{1AQOcuEwsb_T!B> z?oqiYuXT4bi$+~l(&}bi4;g~-wfdAs5vrp{=+d!fO%+9l+>r32l!%=!(Jv5w5?y8( z-}ar;*8pqieC{b=){0)-c;q;K0GNCshMe*>Wqte0=nkf@RVlj^M^6f`sa4l*Py(yQxl@Ccw=Z-f zuoiw6dp_|Vm5qJk^NvUaXta2euq6=_R*LKQFq>e~{G^gran4LhlG!ac*9f`uGfM9t zl}0$SH5K|gBrhlOEhz?1Z*)AOa3s}QJ$TuX+(E|ZBOyce3v?2_{K8%7jJcoC&TnxO z3>?84B|aAlu1%plocSR~I^$m}J9pE}drXcm7)V3{4yl_d8>vr-R#~N^hbz>XQgwR4 z%#l3v=pF$S+6-ft=~N@`krv5_$C0$PY4LZw6OOBqBQvUhS24><7^Lu<89^-K#(A%C zCO%+Lwhe^>7eJ0rNw(3JC)`5%x#8gjLZi$o-Gj914l6ic$H3hK`0fNV?`4m^5 z#BCw09gSc$MDt4qxoR!m`&lPTw~Yj;Y(c7$HrR-oaEzfdSW5b%I^edNv7&^H0D!D)MLiq&gTbqKW z99~KXE>5{6a6I-YJB96~sae>Z)O$C-u%5MeU=PvsEx2wUzmO%OXl>u^q5J-Y73xkdy3*wb0B4GJ^nh=6qd8yl#8hDF~eP_-(-qT+}2 zik|n#v5t9%7zN{e*06*^h2*1U)N*}RF>rO_@&>z_IKwq!XAdi{6pbqip3dvot+5XP zoq9h0(VbP&)m65Zko-3dHU=EpSsKlES_&T?QqqB2;)?MH^7y~M`gUX@5H>GGOKSGM zx-nb%P|-n=FNFUEe(6ksn0$5h`qdBU)_13qHQF&$>i$_)(9!|>Ll>DM050DB=jz(L z(J;nw0SwO~ur{!{I7=+EHM!%Aec7X5T{Su=4B6_(0;?k%JG14F8CEh)3d1EQqBTBT zgyC!ROPPek{)43xnb%H{`_0=(jHH->04;0sfnTH?3&U-g#-vh_TwD+KMi&vt_Uc#6 z#VTvhW_Ow6{;B+F>qjIXv6;*B2M?nQ!=mOyQ-=!&-LSn*zjq7^!6f76XcUl zlS^geC?7S5*f!nGqkz2*-qN=pDYO`>M^neIWlv>G0*@@oc*P>uW^diVJRI zdfMRo&WdYOegKcjC^lR&2HgH0{cy5sUa+b=#|=d})Zn{PhUV%yTkc3zv4ratmw&!K zGP(9Z6-*L|<(H%(56*ht03RYYD_`!>ze!E-^h;6DB1?Eqv&*c3)sHptKJ9bTu!^rm zbRA?y%yuBKDno%!gMckt%5(`EB1$F$ zMoHAL0U2@9a9rY|-z8b!8?26_CiEb{8CBFP#sa0Z>0mLH9wq8{{-AzQEl-9WK|7}# zkRnBN#bh|Z&JCLpm*uT^WOi?RTin>X*s;c<^YYQe1z+B&T~wuPVP}5CG0W5vNbPOG zh5sxDPT9;-mnkzZ{4O_zVX&~UF2Q&F68iRd3}wcIw4X!|zmKKN*~rMn%@Y^f_QES0 z7dZ4?T&xsHr5lTOtu>$+^gwma<%Gxug`qBI`c#L859MY!jRZLH%7R%a*B?s*UR^9Z z=Ve+v&e$wenT+8QdRn98#wIW)bu&v_7A3euki}=#4BNxg<%hTxy{Ldo#LdC*+jB#o zoQ%}D?_`3}(6Ca-;Rq3uHDNF2Y8bLt3A3y6s|~onuC`zIl&z5vzOyTrBMzvkSVa#E zaV4rIiyodM$Uh0Yr|g{-2{cA&VzNg-le+EJrX&%)*`~^Rk=5deI4{zo9MT$V<4R1KC0_49=6>!;aiH67$c_vfu7GJhgiBTuD2`Bc;mCD_ zia%9V#WMI5b6t}0UACk%d(s!(MHi~@OQIR8uxg{Snn0$1!4J~kJSyBl{y5iE_>1Gg zf2>kW*%W^bx5*b7n&&mhSysxrm1Obr-u)_C+TOm#_`#MK#R@YNBWqP*LUk<)b|dz8 zH=>SyT`{HndtWYv7qn1bxaT|PR!f+62EXuCh)W_ zVo5L?vNd5kgVm{U?54LbW165$2JG?~UGF9Zwx@ISBOzs^7(a=v+V2-@8eO8-X~5Y$ zq6@t3&YU0|`G&OstoQNCj>B$H3~0YE-n9~4j3j4{KDqvWi8P;fp;)y8FSF3e07te) zmG+XXn(;`-kY~=x6Vs`!+EPVQ*A<@2lKGu_W`N^V-P-UAI2*-a3pbjzJ6)3OgfG!y zJ*{H)`HPd0*B66C^Xk!P+f^yj%?lNecA9Hm8>?B1WqT!?s;Eb+*wv1x*rrJg3 zt*LcoX;9l)5M}Fx&}be%GGJWs3Gnq#HfYf?DU%xo1O2JXx`E&(zbxRyx`xGPGgY-z zpAi?%$-0>3QL{->ec90-Bzq*ocj8eTZ8qDNb*46&tux#eb#p8jY#1hMl|HNcW0_@V z>hGD3v%Hq)7tARt_qycu4n{YTAJWt+>84b*{7O89@p8|`G%CT{w!_EdDHjiTv9t6m zwK~zG`)m&cM<&^nW z_;}(|>P9wh#G=wtlHuiJMZt~@Wz4>?{>pbn^g!3S8sq9_Wz=_yaye9CW51I9V~Wo7 z;*S7Od}g)$pX~%dD*WV|tKBa{MHTJ^BTM zO_noh3sO>qS`cfLFC@U*PLU%z|z z^;B7>cK!I0g%sx@?{>I}Yq(_>P6esB$y-ZWw-WFi2a=jwZ+n73gFPG&OoHV62r6`k z|KF?h>%8kV)kG%RX_u3yFQ*bIx~@w8%lPalpSWQ6Rzy6X z_q9B5sm+-uyTu4D5#@CA=PZCyTXg%kShm0Mzd9<3eUN=kHBP5jDsp1Rmq}fA*7h(S z6j2WoSME28DIJ?h765?u2c}O8m`FTA=IS@MgfSYaef4 z382iiv02R_7zIHyx7M1kEH22)c=5-tvxQk%KkTNhfZQ^I<2%atI@WcM_X$ztybHSn zpzk+>;S?>fj-2x@Y5*Xo)KpXxC*bI~p}MRq3Pp(OIGzYwHf~^KZ^q`zT^$_ zbPzG7ijqlJV-F9mGln@NJ@k|Au8*~sZ&8BU^yR5{@H1!|=S-!1Hsj8%!|OTH5%?gY zdq-9rG%wZp`+v{MhIN35h`-jhpITG*KXA|Bz2-Z)?JrcOVrz}>F;($NvIBmQePW2PW~}rZOnkT)%M8a;lqL%&ND9G6XjXon<4^*t3Oc!3n6f=7~V2n#@m8m-rOlH zIvxnJjxu+gzskMr4*2X9Rf1xGI-mO$2#d1Ro8Bm&w*(=PDNt|vYIcfgJFxg@dE6n=T?(f@y!%y*N(#QC*#f2GUy z)()tKi&v0j{yD^kN`P3HHAzK_23;2Lk=%C#9hZZoz<|0-AL`9FUD2L``f4IY7j+u7 z6J(3e_&?~E@#7}NJ7h+N2LoJ@o!Im)(i$$_D{v1-gy7bq3k1%INtg=c?x3^`r3vfQ zlIjmv=DBN8Kf0ORRE2ajeBsvK7D%U*VNZ#vheeki^)Xrzm84y{!`X(#4^g3!z?In1 zU|y!K%#;rzMG5%QyS+N$cjq^iT{Viq@D9)UZ=6xMqYslV{Yq8G%yo0Y%I&EGqnIi9 zm&Yh}+XFoa1LOp*9YD6}T!;;uYo;nv09fwM*Z49Z7 z5Nta|l?-w)Lg6ngMc@>$iTodEt+ZuiX7V-jWN9wq*jC4uEKXJfVGOb1Jio9xH9*Ju zCQn>mmmTmT;z?&g<1`jrS`b?ZuwZ)THnUnD`e2%n*PqCmv|rGM5X+aE*K9he!G75_ zOu9@VjJwpRkk{jbFaHPs5dY3lYB=A0lleE2SKZli_qf-ZnK3|Z_D?E~DKvL9zwke|Am8<$I~J8aPkP_EMPMZEGP~Lmjc+La-TnCM z7+`1P5wG(q(n+{;yMatquECi3abF&~F3^fH*`>s)|6E{@Hd`!6j%0!{J=GoyhI_T- z@NUy+*@)&=R-3_?pr}PR*q&nWXi-WnDu&5WhmzN2E47%aGoi-I;PCF06D_>nzr`Mg zVot)wg9ow)Q#w_TSDKxNs*mHQ%r)G} zc~^1avMz)Z^FUliKz>d57H^QE4-ce0PQ&DfmNq!bjOrMJG5{nVkF5nn0PA_^XZzle z@n7hD(biJn{4|B^A9PzH+9=l&B)yk3_=#87;1P*VM_Z=ilh#kv=HIb6V$d;`suP(~ z@~$x@xuH+-$&6!Ye`n79rlIK4a5@7haZVBxvL(FgQ*#EQtL;C_Br_EBqxEjjQCVvA zmkS${=@@!ZKdgP)Vcz?uCmKY4IIb6b6)9!%AG|M$RXg~9qkOh6+(sn>z1=qr_Xafd z{a-)C1zp8|e+T?-o)oY5tBek1PwaUsEJ2DHD!gg5g+I`$=@6_U|th zM)D*NeBKFH;<)>x1+!_h%t|O(wj^`4!_`Pg6O#e$buKMoCg=?B%7lLu#ewt+4Bdd-$`-4IfIT; zjsof1jrk7V9lB)O*U-XB3F4ljki$*l&-qZKs5NuSrlFFpGrc z#x37S#<_euyMuY{^(k`~i)wSKKP}uL;bXVtrBrauxKzsbMV-KPq4_Y^t|4VE zeq4K&8_qHJWi#nOQQ^0@hOFvS(xu~>vlYAj=$-t0bCgV_91h|2(psu2$%jasyX1)| zxl7xe+Vl>po7NV^St=&JN6w)rBk6X&Q7O2YIwi)+|2yhP{wM0J&}sYo>{6|U?Xst% z4-p^1pE@VE&;!k0NXf@pdalUfUJy-R1objEE_jE$;0NBQ3{%@cZAESNp_jed;Ep3(! zNhdNF+3Rwi70LWz-_cOllT>7yt<9P!X?m4u;zdEV!|}!}=EAn_U#zVk(QraL8V)A{ zdzOkON8?Y5=jlVR&Cn4EZx*cDyf$JuX1o9seP|hr_t3Wwan%W20J+K5*wd^jgsKQ9 zl!1E(vOZ2r@JG^!BMNeI*-I8(NoUDE+qfe1)Br;c8@T4&v|4GA$aWK#PzmX%#=D{(UVsa{rm{~t zJo!IZdkdhrx^7Jv2@pI45AN>nfglM^aCdii53Y?n!QEXuxI=Jv3+@ih-{gD0J2Q9g zUp04XPE}V?rs&rC;TH zpA5O_8EVP|iF1H@)QjwSLi!`RMZ6A4j@vp)AmJc1rzvNDhhm(57Ja)_Jgi19o z9U z!5GS@6FZCG`4~doN0t4C;P7!vm&5p~0=`E`vVS5e)hsE^mi34HoTJyzj{w(Lr*Db3 zr;ePE_L()E<(-FpD{NRXYhzqo!i1UJSDM1osZXy1rqn-MX=D5a?@|!YMtAwx6)Qum zNPL&Rv8x1|2{8M?n%Pjp$cPkqg6;)$ico577rq#aQ*37kqu&Cnmy{PQ;92F;r!R7(v z_g#3&i1#P*J7;=2T^~cmwT};U`kr4W*1SUo6jprkea|otWIGn(R@$QIY!><%3h&ms z^roeeIr1k(KKjIpeEi5u!afb38N1+z47-BY?AkJP_>w=pdIAE;UzpEMunz8Bd1QIl z^Rcz@dA6o6zpNb}`>`W%S&`K(Q}@dp`>#8Eq%X7LKJ=zjQ+7}2Low|Z#cp1`uj@3F zi9P`xm>jzP6lt;MMj;FHL66Rhf%%Z1%N$`nG9Rn$8KjWd7u;ZvgvXK?X7V9~P875^ zYm}t^84GW&m&NK{i82@p$0i~`hHelQQXd=NWYJ~LN>cCmoFswqCAxhtdbQ5CBUoCp ziNTPe2Z#GqEm$vrO!OcNxqK~7_vPAe?{K-hG2-?#01%%V*PcaTxpe-ClVWN+@*0O! zn@Ku-jc=1wV9suAmZ%K$YI<{8csH*xc0A#L@f}|vtp?q58&wQVhA>@q-;lF-pz^Rw z0&Z%Vmaq^>GMuR~mgd}XIm)N{gmq@w$=EXVju0fudd`@JmWnf6Qqn0x zjcI8PmBNzxrR(#DbK@taWyS8v!FJ)BcqfYyo}NpKcaGC${(PZ2-S_FyeaKFX0GBRk@dN|X;7@-BTB9IAgmQExuZ8U*y zRo)I0&~mSDyn}OTni6v+}CD%KF&YA{_0xI_V2+AT1Lw+9iDpu z3JY{|XK=H?a}>+5EnC7A@gdO3D^G6^$$**Ooar@pujJLippMO71iM|v4<%Msx(vHb zznCLiyA;HBo><)eFt7P|-_jGm|4~ecOl_7f5;Yp~DOGye>jWeB(WG+8_)}_AT8c#w z)AE%?17`)~jnW4+0Fj?qaj6IS(_GE_N4oCQ>F5M-%U%at`WqU2DrR*C6h_F^W@jdT zsj#_^@x&T7y@&aP;?$(;cw-%mNvfurbL)XjCNTa!hGgr;f?&{I!lQgMt;DzE6%~Kw zMLk8>cRMhEvseO$ZAR2PZBa)G|JyYoUwD4^$uZ6KcI27tSu;N;HfJXleZ1fLyxsGp z2DnL|Az{!Sa;S^J2|hvu=+p+Ytc{V0fK;R(Y3f3)N0KI6q+r9o=}5m4c4}sbeKV{9 zx1uK{09+@{;T|z5wqqcRn$$tB{4)&?pVUx|X=vzkD0T7gu1H+Iq*S&lN*b2Qtl8q+ zEdw35O`aqsO_Pa_|4Kl@Q;ebXN6$pZo};S$nU#;#b)oLlY@4br_>ObW&wx6veE~bv zB9{`}*D0h8xnfna?LL}xJctZ zF>pRlkZmViTFbf<@)Q&;spSuchHL3Y& zAncW$m%{Gy0r!;DrCg_%%hIv9Tli7I)PC#tJ0w@4LLDcTAvz)b@g)QLv_)S$rHagn zc^)eJt%SVL*Gor9dI&fHO4-7umaKiO70(vg|#i?80D36xi>XD{||bQa!rTQf7}k@$HMk3fwCaYHP_Z zu>dzVHK_nffG;}AQ2Sc^nQS`1Y)_q4X$PQv*>H7I}udF0-pOjrrKgy3XC+ zJI>3#fQ}6NevE#K@$G3+#Egy<{uZjPv#gCHt+GP7=x?`$6{0r+S?I8xJwQ&SkPo@R znY}fu;R}tc!Z99rHs4~suXHy$6e%5cXTprU?g{tgGz1ItvscEyP>I-QW#6+g?sO}z z@7&#Wj=JXPNVoj?ICUS~!XcbI12DB4DoJ0s1&Q3IFnVM;Z~;3`sXq?a4soILY}3cn zRz(=MttrTZGy8$BPS?Yb)o}}GM2KXWZ2QkmBK2@R@uK3%j7|qrf&S=Bo9!1h_f1yh z(`;EIm8oCN)&fV<+!^MzojLA&wR)?i7>y0OLFv$=QB01@vvtk4!M@d_$76a&1gGtf zyp`EEnxOdf;e2zl&}f2*T~(qe&j+FAi_5ZRm%YT57h%R1#+1GT0cp;5A1>dF_$c+7 zlp>oK8sB?cEEB7v+jU;y#_`tx>G}7RF;d+S868E;C2iS>S6JV1IK4#lR!v9OlgI1h z#Wx|Dx3~{`Y4VRBGA1knkgN@M>zt)X#Km1(dz4TXK*MfK2^{WsXteu*=KK7i_a0uS4%6nsDdf^Z?8n`uki197GXhMuD!NNVTGDe2y;sG}_IQtqZ| zF5*E1JPi(W*}EH_qu}=fF8b)7|2WnLKopd}*rBA$0>c4haqga~3S*!<#~Y&6XOL>s z3Do+^4UDc;OQ=*)B$e@LQNDDRsOtK66D9@{udm`oEtwO7tNjPq8NHKC^oE_5tW;5V z)#kUR$HyM!*5yHSEDY%Qu%}7U<}%I?8)Lzfx_VJ2W`3ar7117FW>>M`M8uudT`;} zV?L53)@wZGP31H)KH~zLFN!5&R$rLVLAT0X7!sH2#Xa^Svp|3jg*a4)2ZiD8G1EJ6^4?T#Ja?1$e%0w zd1vajA25Nw@BCtcKV)pPFjPv@)SFWaBCr&On%)J=?tm04H}YSf(_-rG0O*%>CqZrZ zS6s8$b>fmj!Iapw?wTKRt??{^Q!~XHIifqgKe9Ap=s}+9y!_d`u5;EEeENbct}O>q zSMV}#7|VPJWg^Xaf7r*Ru5O_3W_T_i1T4J`Un0FrclYAD@`!HP!jGFqc-X6%<$$I= z-FM=yxda-FPvNe(AKqx497{aphN!8Tu`W!`{R|L(24FkvF~g-+F&RvB{@IHu*#iX^ z6MFwSeNM9``L!C-DS&@Jf0oDmPI#IaoOm8iZ;M2LtmTvg@nm&K=g2G=>Dxe!I};`B z5HuWM&u=u1^`F6~0uTNqfJ{O^jk2oa@lqI(8ltzqxBBEIqMAM;gGQ!NotCJlk=lNm0M; zxM#&3QD*WSnL796rMegeK5r?au~x)iGYZE|%|zF8iL^synibjNL@3qNRQJg3V{Z7JNu;PEW3%i0h;6a&QC2Ul3r5z_ri8T#|T`oqa z)uyvyQBhPzX*d^we*|xYU3}fSI%K`Nb;=>>EK#a_Jvf2j7~1&DhKkAS1uFTPi-766 zhfp&2PlI(<9q)U1EDTMh7=s1LJwn09E26KRFR-$0yE@|>0SQ)`zv6v8vJx>NDAgTx zHY#d__5)J6rnr3Y=yVo(L%@3!W%Vs4=<@rgCLR8WY;eZrfQI(h`J#th>hf~s?kV>X zYCNvg0H*z##kEaHyVg=@xWx5w{k1i8ZmN48$9ZK)8~o^`K!i%c0mreM0ex6HnxVz< zrn46S*SgNHXav92F`{_%U%76pl9Dm4No{hDhDm2eUFg8wmPEm7ujji1U)CLLRr{&L z`OOK9?q@MiZhfP%@d_=$r)_N|9WR)on9N_3bA(ClxA2L{M5?Mnf4dTJrfAt;U|BA$ zX#Nz^T%}v+vM4yK)5r5Em8-ZDsf=MCX{1aWB^zG}?psD9aP#U^{BmVqm;dGB#?n%J z^2tByf5ONxN-^f=Q&LRlW3KMbkTANplCZj+u{TUa)=X=(;!dO`HNxSDBk=6)S+?jQ zRAJ<*JVD0(9?;|}Y@wGPIa3m=+KBb`ud+MOeG!<^)X0}*(48ML0>rU1cH4dZ_ z<_*1UhF5+pSzqsyd2F7>*?x+Yn@cc&WZAaaKWH1Mz2{2Z6yS*-IT{s0BVakZ&f40wz!shk*9etg(9gIMI~e#Vy4ZpOp+ zLW7jb9erPp`e4ujg%HvT{UGwUI`Nw;WA|Q?$kVgK59-(49U~GQNl3v4=UV5P=`r6E zeIfFZgs%iH-#&j={MndshqtKYKZEHXfDrQYgh*FkE{+I(q$v=lN^ls;Gx)E49z^}Q z3pjY|iMQ)h&d-2<5+8!IAj16pe>AkP&^NE>@AVN42J>HE6(uJ{p#A5&Uqvy%KH$He z26mGE$*4$*_HXbbDoVOlOErjUxibjRa-MA-lk=xlu?F#9-fY<^#1_Nd6mNeGxd9f)VKFSHb4&a|v0u+(fQ zF<*E8vR;)t(hk>rdVzU=0%Mi?A5PeEJJY{fWu9f@YbKF55NZ6l%Vy7;d0Va`CHu|B z`7@-R#2!kV;-`aIy*Pc)9n$GO8>&m_jLtZP@2w5I#8j1cLioPYIrv-=n-Xxu?NmMc ziTN2t^FOGGJ3A`Y8lyR4Tjl0gmiY(XuSu}j9}~BF3@Wb32UPJ8;9EUdcH8s9)|$h^ed2MlnloS9+c9+&7~MN*i^p`^Vl!;wc}nqitTeg< zY&jK;c)toA(#ztf`E8!|%tSC!y6;krs%x&?>fn;D!(rDDBNS;kzXF0KVQuvY;E&M1ZaY}dL zTW#%CsMo_vZ%ka82l@0Z9J+?G<$nAo;~<}<`c>?H6Nm64pL@x0Q$bT$`oauGyK>M@ zBIjj%UXPSP(Yweg{&3nQCrmQypZ}X{q}}SWJEv*0JI1x9*EfuLdz_@cn~?OS+iw!- zq&_LpUHQY(nCIR2h5*Eb(l4>s2%-(0vV@gzZq{+Z7l$dUMf7IxaRqhtzm@Y;|XIRy1pCPY~&U1D*fO2Gzs1;AuC$Cb?YHAEC&5k z)>fv^M_7vHLDeG4YFK{IXVrWM@y#h5L|&m)<)fX4!h6KGgK!7iZdnaGj5DOomP6iqJ|!%M}S4;XDmmjl3?{#s6->%Z#F?fx#2u3I~Pd$?6=%#ECs>GTz3h-qg z{#d;!z*q{Xzh;WKs8I_PtQ0u2n-{RH9wVCgu}ri-Kaky@k__CY8*pQ6Ga=1!M`b;_ z2-*qR;<;QBI{!tH%zAP4YUpE`hrlq?6G|{~ZAppN@JzIFef~O#K*4qpE%ESh9f9*Q z#tJdYP-VYwyJjLmv5`7VbK|17L8CeN#Z_Rq8w&1V0F)uL>OqlA@PZ5`9Bn{2FYkN> zozdl1AKyzs-Kbz3#EPV5Uv<~%%ENCQ_x1Tc@L|h-5(6JH#dklQ>@6=ju{Vr$*fGxl z*Y1Tmqc@UcZU$n@LCeO$N*f(2Kp%|Sfb(F$bKY57yB)APA?1Z26Za_p3J$tbt8e%r zuYLBD0^>U4*B}xc3|^{y%Qw98&D!;CE9YFd{#y&+01GA*)0;P}OBofK+b2^n3pP$9>+2GR zYo}VRxpTjV%6|Hs!4^nui{(H3eYE=VWPa*)>$*5m;9gI`Xjk^L-8y2J;`9KibENNH}XwYc6St!>*6fr zY`-81j0owHW7Xm1`wNlV-pk04(#-vuwPq(nf8ODNvm5Svfwb#YR@f!zjTMyLvqf4~ zu1l*LDC@_Gj$|^}49SkigrMFzlBnF_FA^T)0Bpkp8Z2n|=uVa^jN{tuP^1v0e~~|p zyjHvIy`zl$6XV#`blXiDg3*&Mt`XobREGnsn+NIeT1M2^#qwSvG4eR0FR$qiW}QD* zY--w1ZYStowH@^X!JHzE^S&a1?%I~! z3{F66!sDM=TKq*@GaMO(+;>e^ZXP)UtXGrEg4Vvu5SltVgXz;RafvdZB(Lwmgi)qQoq z_`ps}qtS$tcdOYg5GBkuo_oH_SB(Gi9varCU`qmU)k z+$6b-dyxMgH2sT#d*DxzI%j)1!{3;u-)mMRiqN2$zxJNI1~6nl`+LI(Z;69!UP04I zfCtbk0KL3oee9T_Nn;HZ=~(>8`T5e15l6wiIb7HDeG*=y*us+n134Kv?XYh_RGM z2s`z<#C!g2x*>D)rD?}(#i__vnr2axtz^EWD_uNhhFHA~(X5&mQZgK>w}^6+c8#c> znZG1oG+ACP?Xyw`IIa)&o=s(o;ztT6AVQmyp_JA^cAH|@v#X$u8;^4jgTqTYT5lyK zcJ~79B3fI9Y+z^7gf3U;c*-x1yO%h}N}fO_pBlXC_po1_k;5_P28KhUDEjT)SJJj=ZiiVJ4t#uypdo#)=;)9hST?>ef!U!?WlJ5#4DARf7!OT(Hig~0XlWonY<;p5B8X7BiT)aKA*}f(C62@g~)E8m- zz7_WOQAW`L-!+*^nZLpPt~2#pd*IaoL(|&s%eoRXeuN z+Irw3+J-n>AhRs@%bN4tiVbo>9)G<_6Iy7<@Zq-jGz=M^%9jUgtWNLrMRTN_BC>cH z&*4w7{P>f-Zpiqs?4$L?w4;58lc_s@pd4PXHi#)XFeMZy3o74zKPmg#HZ@JOq~HmI z@$>OE1Ss&>)VfSqD4jZ7<@0jXYCfD$(#Ub>c*_&BE_lK1N|^rL(cXGWzBb5zNmXj-FzJ!BOQ<|uwCy>^9sBd z9&kA2iT{JU_LFl+SR;F_cTV&}WN+v7i4mZViK={(3qvpVOAKay_x?a8O8^a7t2jQS z%Pn4)ye$c$kosrY56p;a&%mG^&U=wcg&F`V;R|$?_1Vw`_Nd+*GBz9MqCcM?WEG@d zT!RO0TPZ}HUsQT6%Xa)XJMn5JKP*o&j=}@p(9pr0ky5Q+Yu1@VI1ZvWEt)fvP6xV@ zw@Vy1m1I%Z+Xp+3k(ui@C4`^(>q9aMh(7#rg!;zFJQYJSn>I4;%vU-A7pS?|=HNpH zwByRLU|C$=KH%4bfZaIu;ipM-92zorLs|K*4N>h9-?8PZv_7RPdr+!M9hxa(;ebfB zQ}6J!XX3zBUWUT_t_c97i};gYIa{S)99pXPDeR>m?I@~y)HiudchsEyCxra>@7-*2 zg8j`G5^T;(EH_XH6ciM{kX;{xkW+Fb})Ph99O*Nd@E*#qoI@Fbd5tm&%xkvY)bEDJDv@E~V~*zA^*EX7Xdr zu%U{NN}DH;#eJgY+*j;&jH8=)uNZg5rDljqa}|lll9w!sq5XQ-MdY))I&P9Fu@KLd z(P+VyT5DY*Cia8>JFfPg9@M$W5yA{-pNzx?3+zt*M|3P2C4lC0n-F zI9U;}5OzQ8RZClO=shA_0QOllYP@jilFoqVF{1jyBpseNCK7wm9tW71iBW5(zrlnV z0wTi6kbFaQGLaX?83P;7O|Y&*lD-~H!~*LpJfWuv?(Q7M)2Ex%wukc=U*e0#Bc7+Z zr4*J3irdY?^(Mz?C|aPyHOkgP}a~a{AytpyVdP*81OT3^XRPJx~y~W2r{R=kKgysKBHJ6uGxEy$x@$ zA$vHn6Ax!-+&P@KVvX~k$=~3l@feY1px#=eV~XGlO67a+!B#yX*_JJ8gS310ls+*G zO%@|0!MM#nW2aA^f~Gf)T^620!Aq@G;xLVMBmvtP;JE&ehU8<8^-0IAK=PC;HDDfw zRnM{dVs;$fJzGcgbLbQ%-g_R;SV0hy)-vd;!iVw<_nmaq>7&6r8ts}e`5C>|n6!Y1 zmYc?DdPe~s%~G7(cs%=^j^4RA@m8AO4%&9m;@DFI8NzeE>s{EA#P-LS98x%|?3Y$zceMqdCh=%u)mL*(uw zG=rl>+{eS6>lZ;qK8`IA3Da#O1 z8op z!rH4-&0@WxnpaK_!W*&=4;|F+CapfvzNC^N_33%S;KJ{R5V0J5K2t>EKRCk|XhoPl zAZgwgoAbSq8Eb|rTew*FWj)U?O66{ij8zt08;+sjt7Vvgc(2fD&*;yhx}ke1wmMDy z$qWq5_L_{&@W!fBRkzs<>=VX}M|^clS~9zPn?S~waG*5!`Rv}LWZ&Ve^Q+A{D$4O{!hV>MPgnW7&&)YFx%>O$Vu-XW=~W}Cln;= zw92+HG>R7AL;i)UGLD<1+J-O4Q;ZVFZSC8$zZ$jEG68gZ+&-GG6h>h=CCTtSI_UMi z!DnI^wyj4@9PCoj_%7lla-W$6mmWwRlP+HXWB|TG!=BzNeWW1))|d88L`=s^7l}q} zt&koHP_`*AHCFYDd1Qdgr)}$Roab*LVSaeeervqjiy0rFkSIsIpyqQGnJRy8$$k!P8;9U^k2S*`WJq{j93y}MO_T1t+J_JAZ@?muMrv)(NnJnwr`u8$r> zVUBm%YIT>(p-elF%yl%2t#QM9TQH;{-2djiEnt9#cSY-qie%^-W0frxI45d5ALhdC zg~a~h#Xo)jC*%)iz5o4$(9r+KbozhmhZ#M=r2g}{79(~^iMgAhfgPB@wnBSAgAWo> zy7$`I-~WIFd$M>_eDVRUq>911SX3NL{R2??cO51>By4HD1j7*!nPsMRL`8i>k$Q-E zm%iK)b}V*SO2kw3S@40Q1{T(Mw1DXoR8mp`X$y-_n1V!@n1b3Eq3@H7!TD7DtJ*VW zX4pMl2pR}TNs${GkrM}Lz(InkE;qyW`^NdSqD0@W#rxIxq zczC|TZ9BDI)8&P->#1YOnohe`mV)2XTtf={ma_ld00j>|4m`g7mY5cE37o<$zqvoO zoCT_f)3;vhzuGN;iTORaIB1W59(qqSPuBKjUFzK!<0ZYPKT$M*HFk29Rt;!^-HD=9 z^^(zBXcD{UEZ>-Us2y7k$xeX>KQX|REl!6)_+kfJvW@of1B6fQ ze3gN!On%p_IdMYV#^ElWht>}Uz+rLE>5+Flf2NGLytJZ{VPw(S2RME+m307 z2g1o{`U6MkDJ+k$YDd2K1@3?(SboOWwd(Bhsn?lsVLA)Iw>#nT2J~Lii?9s2<*lk2 zdoDIQGwtT2v5v7aOSx9tctR@Mdmorg6b5t)c-GKZYHv%roSAXb$AXhB_y{3GL?wl9V1`UO(@lUBbnl~WgF%A%Bddmf+RK>oZJ zt{V=o4Y%?Lb{);{%SQ(Iy>ipVI5GP5IJv>5^ad%c8ml4Fq>6P_0{LHJ4pop&C?_VX zmj&hbE_A!_FMr}sOAtjjipgz{G+dJU&=nivWzy?drl!A{$-r1}^TSds&sCeuB5-1R z{8_7W9BW3W4AM-lbs8d7v0|w1aA`o|mnBL)Qn@-Qy}=N@`RUr~>id$mTSQ$1;k%6o zJ0dsPNgw_)8zHX6n`tOHG8kfN#J(#Cn{D$?*sT#Iz5oD`v3()y8QLLk#*!F! z+^ex%XY^7zo!ZX1$TudxdZN>RK)I{Zx$MDZ_me}$>cJ{Sp>sAe86XT>=j;5e@9v&u z*{2ijmzWh2mEZjmbuWja#vu5c@y%IYNTg+zjYwfapF_45Sb5mE>|_U%t-_Obys> zjTd3ZZ#TV9w9;E_{m5J3T59uLp_N3xBzu=9KD`L(7R+oTN-=_EU3qZuyZe!$wpto} zy8c&fH9h(?drf(o$0wbw?VsFLezb`1lK`sn->gJdKqu)W(j(nSsXwIaJUoLZhhJ3L zMj~jCp;GQ8N0{?+!%91tt4o{IH4B32z52vvZ`iysl3~FC@I!~Fg)Af@A%H!)MPVLn z+)C2$tbJU{8m{W5;3Y>=xBgLsswtbpb&3a7A9{4w;NYa8+sW*rJ_Ty0$$DFGNV6JM z0grlua%zhI_gm}r!SR5!_c#z(ow;cf!MjEE_2Fi=me4jNP>|?yMLO4Kt3ep9kh%hQ zALPa+Dp5{(TG^_zhg@|lh?(B2EMj$P#eK={dg+GEZ75!9Oo}qb+A!S@KDk%q18n`= zZ9Mth#6&6-8a)#%>D~GwEV@&@OK!c=r{%uJ-Rju|rB(Bd8*5fuAs*<2rpc7jyD*-8 zu6}2abjPq=rD+E@?A=KE6&WzF8aSI=fIeTnX&UyvA5d2U6ymEqZ7EAiK; z^Sq{E*UQzdOnn+OhoZP7t2kgysLBmt@|W-G=D2mb9$5#fTI$K14%av)z-xZv0^_&N z*jsOd#Zl=XWJ?16@L+-Yr2-YH(uk}=6Ja9sB^fb#KNoL;w8If>V=X2dx)+t~K?x8HZ&Ty|*c~!8|eEQd>%hoUA(rLSXl*p>}b4@XN z-DW`L_PFuV#`h$~rJC2|%enIPPbTlDPr9}pHte`>UsKGL#m?E{ zys&931}$AG>R^#qD)QDa!pX|fX2xgS4{Hcf`s@FgA1YR_^ks1-wrD!D!|_AoBb>d0r;y#4izEi|iS6HP2IC1Jd`6$wd| zpC)Ybo{m=IZqdqeN%u;lgB>Mbczs#*hs?RRdLrkeA%smgJESyRH-xB`$xkS1M}DmKGpqOskhV{T8^ zCg&+2?h1&`?vCTpvQB36hi>pLId5`%bI|i^vcoPdF=5Y2U&4kCj)HmXfW-j^ce24# zQh%YDP*1tmc2&}a@Q-^q+Lw8Ki75t`R{#<(E%c~YBjfT{pE1M($zkGIgMsN=w`276D=ZgL3)XKF0|HBA79xjC~W>5iLD`bM|u`(TgaLn_RC7`d**r_ z_?Zga8oFxdE{6!x#6I6rJbDkMwoC8%z|yMY409*wE>L3vpE~l|Gorf;muD?IZLRra zr7P<5m7opz<-+_SqvC>9reL-(WFmxVxoF9+IuGCuZ5N#A7`!{n7$S#K8b~g?yngQP zO6Gog#gqlQe{8S>!?v=ixQ|=tACHIN@^xQ@clL~y{{$T!De08Xn8y(=7a83 z`PsRuoT+X}9R?3FlE&v4@W9bJ&828)rK_()&E6vmS}#cA;LTLT(b|k07L}lXxoRQ{ z=AHkC55=jd+5gjF1*r1s|LUj$j}lL-~9Hh9+j`=Kl(kc2kM1JY5xX%4Aoy-3dsn7p~Z&Lku zLu4fPc7OulQtLb-?iq&<@n%qYiM z?UzgWDlJ_uP)3+tmC+Z`sehKWdRrcv;ePAhJ3uwVkerx&0pha_N{kH@`?mvOj=en~ zXVjH^H8e6-V>&xs;`m9iP8$2cm)z7tj~A8y)K|97>&zsn~6Jl2s+Ll zZe&pF5z^NCnE}Scxs%NPJ(aE-Cpui=CVXP`{xVPd%~{pLNfnUbtzU1M|AcmlN=VF0 zT|K>6tyFjFEcri944f^;?|A03ylq}^!O5HZqeddL_#l@vrk1Bo)kT4g?~LhFErmIE ztk0t(ILaV+-;O62pNkEv#yjq0#G?G8h`%*+NellP(DxECZ1;TxQ~(8ZnCj<|`}r!} zjb-AEKO*ZoSa|EtN!=edmb>C+Tcl6c5$~{D?o0G;MqKM!T?~~qA8Z_H40#LmVztx3 z3ypNjW~og=q@w;B$x2se_1{{6{%C?KLIi>zZ*sJd_m1-+{7z3Hw>zI?Gb-KswS0sE z17~T1>C%2-l@(G2#LtjT>;%M105)Mppj4$v`-iJ#-lk7|-tDL2i_yA?GEIq?sAIRk zE1v$xdzc7y-Y3YlwU4!?2ECD64lz9ySkDG~Rs1mY5U1Or%e)X(4nDShxLN* z!uqOh-vn;?(BD7jY=4(~8&dz>?PXV8;*)@@hl8`KUzSO=u4DV{b^LhfKfPdxI{Eyh z7@L!Yvn972h)fJ89^Bk)vNP@-4UUdGh$fu~J^i@IM9}2uK92O9Q0>Ij5dGIX@3scWVeB!^B z6vs9a8wi}rqMtJH@ugV9sS;?39>DveZXO2Sj=)%5Nkt=I0MAe^3Hptr_{+P@d=Xv> zGFIo#lvzLctB={>?(Ylwj_hAhWJ#`(ze%xoNT6;j@V~lWh9Bi=M|@H2gre<%I%js zRRy!fD^ypZ+ifs=-E0AkfY_Na0iLf06G?&PHCGB~Xa^feuJmEw!pJEo;sl@F7`g4a z4>(4`Y7}s8F-1`l&?H`miX0Ay^8Reqn>LOL93;2j+)4de6`tVNC|`#p^i|X{wAr0S z72L~AU(Y7b3s@OkwSoO$g6)ExWw(KbLhDAAVFjeH=LI#Q}@n?Q-SHj#= zIG!hC^t~<@*%M;Ve7L0y|K|)pZxnLS!c|`QNxMh?cA^%`@?vI5A zV2*;pkd%_LD%jCe1T&61)jNeF3E&d5TY%o=L_Nx0MbKE?v-vG;I78q9sL1YRY~TJz zUJ8N)=8@3y=VU{qwdQU2IoP~E?$0+X4mLti4}x3YGs`_s(6ZEHWd=L(c#7lV;;Cur zYpI~e_8XYEw$Hp0J)^_AAObXXwu)TayDFEs+087R7nbylaZ9p^kRw-2r@QG9q1;s$?jFDWqV!HzP z5{25Nq@>DXjFi0Q#X%MGM^d^t)EaSpW2i__-?Csb{IS9A*$==T7h%&GJS~1p%o*Dg z%w%$P@2Fc%^%=1$21X_HGx0lac=gZJpOuv{-_CIld{bV1CGuT0*EIFiSND+ch|eW9 zK)%(Hr?2THL=-oS5RalrtNN4&itGqp;QItAj3#|fAxyH>QePSiFsj||&UvhjRVR-Bkz)18U^!NaYz`}TQ+Vy<5pEi_mh$BX4bOwgb-F5(C9B59PG;y{a z{A#?3a@0N4v^MZ=LE+Yaz z`7>i1<^UC`!=J~)5xFlBJH)@^oxw02V2W6mi>(u8^9GdElg+CI;GcA}{rEPm^ z3sI|}=yY?6@V(0(|KNE) z;JVlVAEAPu4VKfafrB_;5^XSUFw~K0`}v!9Sm`(w6&+DT-_IEcDJ3L80Uiy!nc}@v z1kKg_OMjgu&lzZ2aa`aC3gl!$YgDB-9&&a*GzBF9vh!0;P(8m*ud*MyrgKR|CgKTi zTK9?yzYO=|K@|i7H-B6{$sqNZ?fT_#THSI-w`?1WyIV*hX}&w1rSxPaG}yT901EV6 zuOF^2{&AWy)^eSkbc%qQe&^`~)&HzrcSeE7nU1Qvu^vBx%IWzVbk=mAVm$hK_X_YC zqS5ksf^m|J3e3oMzY6m`zrlKejSO|7rzy$A5%4JYpsr_=1at0ApBu@>H}252+wYRo zA4+~fiz6tW5lPzq($)HG?tsl3BCLb#C#+U9POf%{S3-%Ix_WPfxs zJ=FF>G|FVTBU^E-niCdunX9Mx2tqRw-Tt8W1V~4DtxRA zx`)U*hH1aqfm(yA?q@kI^tIc@?YUoPizpfS0!A!xvO-rG+J@xsP=={bq{=+j!rpdW z#c$>X*wq{OZuk;6yF-uw!QI^*f?MP6?lOlw_s*<$%{w1v)}8tQYn|2ICFh)~UBCU`yI7wlV*SGIY5Hk;4J!<0xq81SWU6v=Bf!EGjYM>>cp5UX4X? zFo$Va|J}#KRs$+xPcRa!fBQJ^ex5IQdgAcKj%%RlTw!^jJ~UP5DM~!m$7n596Y$iT z4kLO#-(cD|9IKPKJ#c0}QkrXDvM`NV;B}8T*)fi-@Fea)m$O_p+DMri#thM?juF0) z3^L5NbPx0KW0hu(pz%pMN`7N+@M0i-SwO^jd^oXhd!{Ave4@&3xhqb;cr)g%EhxUB zZAt@rPIteVF+#rYB5!uEp-`TbUTZvY*?UPixpz@D-oAaajgD>-8TZ}zMLjmp(mW$? zkYM7z<6^1}Eq%W&iy^$36UwaJea5@-{>CTPe}N*HV{@f__F8oRa7WvD;KEF$?5pq( z+4#ixwXi>gp}M4dkbJ>Amxin!3*A*~s`qAPdG!Uf1ppNEH*lI=Ej3e9d(i1zDf7n# zH;>#mf)-~^@z%3{Rpy4JcuYoWp!#mcDRP22m(Nci`ChRON1;B`;4V{^@; zl@lv)Z{S108Y3Cm(L}Xm*{{4j*Gwv`>n*31_Ah>St50=h(9Paxr&BGcY3||8*Bq>O zLfW&kpmt@5>{tBmyu&qK;`T~11duCtU(N9eJ?0OCRHcqjs9M0ODHy4%m5gCqRohX^K zYzUbA6GDN#(sjqMlTc_bvAjHB?lEuDX^wD}m2IbvBfeVP(E{UxdJ+HGI0*~;(!4f) z^wwRQ9_Q(X-ffH-*}b*>Bd?!Ji?%tZgZir`#%~1NbzpJtCbuA}QUVN@6ma&Bp59tk z51AW1J$>4K;r{r#mT6&8Q0W7THBdnW;{v{rw1bjy#UUjn01OtAJ39fYMGgQO#Yk8a z%r544XptXSX+t_Yo5%OH5Roo|Lqn+*B1cAoii13pp*No`@rjl%s7mw^9pA7MA4tQb@(V+&jRw z_jcE2nx0lVoNKL_KM^q@)Di%8^+MWZiAzhxzrdbFB_?qM+Lb*=!vXft0mqRlb#bE zr;V^o(0X3I_SQ2DZvi`yFYqczd)HeaZZKH~X3*BJIg z_@v(Ng0zMsdK3~9bTSeCLrkbbFZcr$h@c5t_oK}!1>A4Wgv{Faiw#K6BZ3vHJGInU zUuR=gQhM%d2x&~S^hldCvyh2Kh12vpqAe`(tFj#yEkIPS!Gpw+rLMqJgET2A?Sk-o zn(DihjWoAGU>(vi`XqUbyf5C1A4+_m=OiC2bwZl2d^8OBpt!fEaO}&AWOTUlWuEsDtkhGHI z)No3ex-u?bJzPq>ROQo)$hahnJX%Du*(iYMd4gC|F`8>ja$uEHCP3?10>p=({Hbxj&l>cn&epnh?i4g1Pfi*P%OVqK>Y%6FY9Yt|AMdOm^2?}J}sa09S{Pz4%_wJ?t%wBeRuu$GNqGbN+ zC-qSwM;c`JuOjlBMlw7W$SzKF&weJGnL)Bfgu|nA8cG#A^Wc1PMFu@u)Ctvo0jS%b zu;u{m#~)pzUbsqu&pw%R!CFBz79aU2s6>CLALs*144G}v>tvkU!km_iMj{k~kT)hG z(xIMU!PpIt=e_5!R(gP{8*Yn%k3WKLpy0${85#78ztdN(HkP4*9N&5BhilxXLR3{c zaRbTle(#VU{?Ghe%$<_FPrvEXS(qVz?e{l-9Q0O3xoC_L5Qpcu!*5+d@P`S$NkVeP z#Ps9fNHxqjaQ)hM2#e+9=7yZuDd2_?2M0aEsj#JFIXJGysFFzdwFx=t*uxanbd3lf_~H#M3+DnN2Ia*ZnLZWSr*}tD;K4?-l}q zuGf@05+syzCb>T!PMw#Whm9v5t|&&~MD0}~c31EN%Tg+R(|=$CJF|Cv6T&X5b8kcy zjpVz|=c+mVhEWbo^TUvBAJccS+8$H_R(AT1t=V}&Up{yNKRH@zAO2^=P=kzjl4D*- z?~6k}R8+~VCbI7~9m6m7JUT7?Vkp>-YoGibFad7L)y|*TrD()2m^)`F(Q~tR;%< z7f3ABI0oy;$Dvl#Z|k?mkjHLLkwbmizGe4b6q+yrcim2eLw)&l%IAxHKKmi8*(cOT zmp4^uOPXk1lNj^$EWd~ZDb*JBZvRS!=?pOq)hSFW2DGP3_wF0Rp`~}fZNm*65nBt` zGB07yDzP{O>%Xs-nU$F-3D@fn8pw6wPs(sVN759A9j-k2+5N+CBh&xibpCf@gwog@ zFwORdV07SH0n5w^TaCcQ0&2$lt{B?k>I8-wsYU|BtiR2t>?nL{eyrs*W@olk+drs3 zgBHjGfscu)?hb{oN{mXc%|+s+8@k-CZ>L-5Y}4cc-2$CLyMh#eo!S#QJDXCYR?cI7 zD`4sC=v2mz?e{(ay9weuc7!0Fdr19-WghKyx{LO+T>aJIe)_yP`Jp%S>%d?Emy15f) z@WywqtLXuiy(4n=2$f+;Qo85E&%Lel zBAQqVp`oG4`}Kh|Qx;bRSW+s~N;uP4SnT%}(uo)AXe-Ji_s)Q@hUhMFeSKC+%APnZ zT$(Jv@(6^@9Fvr=K?g2TP*DXc4{5*7T!0;kL4qzJ;-Y3;0n{9*BBw3tEd1lYO*~;# za?Vs~2ng^hmTz9UR+!LddC2_lZKtUlAz=Jde(bR(vo)2hZNR!DWyO;{_>A(PBTVtM zAQ|*Ye_&;$t)>-MQlbpSVftUDhv66gG8n`h0qQ^kFtjOV%WD-@E6SjOP55Yk&uX&P|s zMa81ye)1On@UtU!PZRNb?{LNq8NJVYnyoq->Q2LO2tu;@whJ=bo=q{?jay+!&{D}n zLycuP6rW!)Y7O3*$~y|A$5cmqM)8D;k1R8c zeWjJ1zHdBl*W3z=3g2v-r&btHGkYy-0#U7Bi+lkuFtg42 z574tQ*f{>s$n_CeoQQW>kC7ut@g#*X`#$LH4y1WZyvKO6ARsyn6~X60ueA_^QR`s1 zgde+$O`;Ahy7Vaz;)oJEfjT_vi_R9c;mH+)wb5>+q248$xB?lgLeuJARfQ=N3|r2B zO5P!933^`hrVN%d0urLkW_Emb+pUCS*P>?^zE&4OcSd9IX2qG#Dx=EjS(c+OhSJu8JGE^ zz@>Y|gvEMK8i+s3F;#k0MQ64=T}wgg?aa7~)0t4>z~giA+93hgQqWHSMd?F5UC?CuJmE!0bY0kwC3q468~Kw=I#MI%X-9WSX0JM17Adro#ad3 z;hxd-1WT>`Xs~z_hwYSV>&rFavdck@*5ph{D$iN>A7K%(z|qz|vYc#nsZUT?n>*_oD7-{V%%EjK*j$H>R~^Jv-;^woIE*At&3;aaq+HLT@y$36?bebK)6##Cl9a z3bwuOwV$va8G6Vmj_^hrpp7vuul9h!1>T`1^1CNLC)*(t{H3e2h=rydFbcj-Tjx;Q zG$eyFd)MpviQjtmw|Uc+p>mBgQcL{Tx=Av@`JqGw_xQ%5J@hUbKnoO5kyyo=!B`@63*$@+@)pf8Kxs1;_CEX1tz~y_gt! zs`K8Cc?X`K<}^GH>NFf>hSFGF%F?BEBrc8aJx4Y?B%loxFLD`db6a{oa$2S|1_*j3 zw74s{#1;~{%YGDkX|tNi73Fo zKeyCg;vG^ce0w`OwwQS?ag{lTPBTwzj|;fH5)Rdf)`UiesH3IZ4Bs*BPr5`zr4MD; zZc@-T+cfkAd}-;K1y}7#O<&5P{ac2W_OH%gspSp296cK5$=1ccok)x^4s`d4_!Eg8 z7#JZrVGv@wODu;aoCh+NGb&~9}(+R#EVgYr7VSoU;7|3gh8dy?1qE-AkFVU@D=TuN`h zAZUC6X0XnXrsxp{f1$-b3ygovPe+PK zPriMEN)icmzL=j?lgE(|65Cc@m>i?s#nZ4E4etMF2x+Woz8NL_B7g_HQygX&MOXi= z1=t=-9h$4a{Ay$sKRL!9Xp*Rn&YteM&68C%06lYf1;A+{yqfTMGyDa}-~>u*K<{9g znC;oP=bWc{L|tpe`2>#pXXi47dY9hcVIiOLS?O`?Ac6c(Q&P%_sqZ;6G_*nSgQSOH z1f)ZwW29TlvM_bVQP!Id{LU7LRnPZat^N2z3{08b6M{=avq~EcTU&pyJoW&?jz*O{ zHfZoUu8+hy6g!?u_dVoA>Y3Ysz^|l7QEjRC-W7X~nxNTbq)oMTF3b`Rbwp+*0LQf z*I3eMP!KEaAxo0k%2sfGYo}vxx+WKmzwi(T|C|%g$;u1Sh2)4p7-Yqn{y|fl+X%_4 z^-7@j7McjT>E6Zi64Y~5rf546wlZn9X2;J(oqr~}oYmWu7P-7UtYgIAv;!F0~H}^sw1APG$oCYL=LwU6)t*8bINW)W6#) zZfZD;9hsWrwK+VBwC#&eZ8)3PF(u6^zsfcnXwh^sfs3blzuaJHfU_>DHKJ20z10** zx)sX6_|5}7KNH#7+SG8A;-JXmYTH2`$@aAQVzU#dcH0$bvzKn9ceffT_2LSDTz;J9 zIkrJ$kd9j!!>cD$e>rMb?ru*w*|reDSIlR$^uQgPnj&c5b_7#z-+MPFnBIY1<+y5V zzn#lRx>0*EYj;6-aJB$%{Wr{nyR9Xa4m2+nPM-e9%QH=5RBMEEr8SVc^LZdW!pnAO zsK{&*&mvfBQ`57_lt9cOb0A>^^p0@2`!A!Xt2u)u8*${2|ImR|Ba3VQS*5{D*HXPB za$h<}cxXg}pOv>3Ur%bCN#sS|GP?{da$CX+z5&kAfbDKBKQo~;eZ zeLqZ9tL%xnh&h6G$5hyyt=WsfVEI`50oolGWSPn+r|$O?vrM|-W@wR%LHd`M@GiIX z%*E&wH@m(Shu9?d6Q66k*L@sy4Y0FL56XThDskj+08HeDyzx7mtMc~Nj?XiZ4i#|#+x2zX$pP&A) zH?8&!n#Dt^go;$~%6*45G=Na?k414V8nJLSM?-BzC3|ej@b6+uS*nD+ySazi>fAFp5qG~gHWNx)0y?4n8ckk`?S%(v!HB5c&`3SY3+(NfVTgl1W z-rJqCj=Dvsk(VoKq?9z^NwM&twv99VSe2lRnVuw`J=s%9svHyYIuFU+W!!O z^vNMFYNB6(J0Vvw#$5!9bI}x;oU%tk;tM)RN-9jW>5>pmm$NPd3QXD7Y|G`e>|zAD zq$V-r%!1ODZ?(l=bVW1N?bHp(Gc30+LDDo+jfw6Z?+8XFnh87_QkDlFui2zp);^tM z>$sos=sc;5Ct1;0wOukS!eo&B0rGksH{MwdOSHr+j_%K&ZyQD6fU?Wi|K zK$lSeRv*!>A8l9ZXlyL2okZ6C$J16FyzH*D7GQO?{CI<~=7_vvnfQn@Oi<{wMJUy* z&4iQV*n(q3FGuN*1xtTS$7snap$o`68z}^xpR>PyOGyH58p9bvH#KpO653;YAW32R zv0xcI<(4*)sD+1=90{zCz_2uvw$28jvBsfhaaz^;zT4o-N)cxJb#cV)r*=z$KE8M4 zddz(lGb)**qI*xnnX!Qd7(7Bi6l$1JXk#0ma^^5}^(N+xXS-4D^wpyep2yPr0OQB25N#3jZZ z&2C1hm8Wg>z~HetP_%F{=_z4<#x6=Q&$|gyz?*DK+M+vWnV;Oaj!LWu@<+lwpA;)Q zU9ljqKRxt835Kci{r&O~y%bW@{4fQdWCZEB{D{(4`WLIp7S`(7j#DCWxqIp|;0$s2 z5u1L9urn_B>S6n%7o?0{yE%+ZgXp=K7^^xf@$0w|w)*@q%kcoPRSGO~z&BH?a9118 z)kcKRe2&CHH=(}HtypKG$)>Ns9DqivP?HBv>!r!7H@%U(({fL4_Ig3#zYUJRIBt&7 z`^&%~;kd&zn9u#2P|FeG!SPO3mbxNX=}t0)MplZPap$F~4$uaB< zlVBsnkg+t*S>MEJsW(i)@ zLn`V??hAP5iDd9zvxrGc)sM|Uqg%6TM+at6k$OI~Q4F_554U9}{vf%UR z=HeLc=qf4 zm+tCL22j$=@Rx_@-F0s9RJ5BC3egf22)KOh#z;cKGrt-EJ{#jw2#@_Zd9wL+mXH6|6Yd!0LT$A%6KV7| z0fqF3yx~bF%?+qGF5bzm&&z4u(Ix0OL#Eh*!+*IYD4i>|LD04SWnrk?^3Hqqd|%y9 zl*mseWc8H2z3K6Q71_Pie|6K+%Pxtc?S_|;F35JV=EXu?o+|v* zNbt@2qfUpU-(rOo^|QyIecbHj!vf+p}XYr>X}=t6+uk7IRD zvcZ`8u$EdZO-&|88q+yT*V6R@MI8PVtF+mDb_x6kmrKpLQ&W@4pvZZ!@)4;FE8GfT(r7aO`iP3bt-HI$NHsXrE{;M#}D)>)7GGt!dG^00)+`Tq z6GTnV!e3@^KV9{!XKYF;IuSr~>#%Zv{7dhujZe&L#BgJ}?D;5QnR3Q$m98aG(-tO@ z`4~B@pmEn-%jb8K;hcD2<&iWyYA5#vD`JVK`SJ(&2oEI#dD-op!Ls?Otl3c%MQP@p zX+p~YW~N0SntA3EG+-_ztGw7DGrg>7xAt3^9lD!8>5)+GWQcV<2y!jy)!yh%xZtv` zHf;?r*4y0d^rJ~oQPRB(k} zpdn?{d&5Fgu2LGU9q`wmIuxT<2;UEVa`I=#_5eQIIO#%OZ|?-ADSCc*H|wQKPWv(X zH05guZA%Br7|zV}53S9LC9Vt9-T-9P)v>#uP0y#SX3eY5M{0~H{F+cJRLc!#$jb;c zmRB}9UJ};HYMsq}d2)hjd&gHmw)v&$sYK2xu1ZFz8_{RGhlWS$f^ng1*)rP~St|^5 zT*;)SxR^rkux~&eH;$7P#;gHXz7a*yPl!CCDL~%$Tu9*`o9L)0aXC3XW2GDn3=BZz zDzYw*iqCM9Z1%s<>=Oso|MxVTJMB!^`P(N8&ri1=gYP2S*9!AmEq?H=n`+;ZKW^Lu zPVbFk;od&I68h{VNJ4_I4+C!ow;8s`Zw}xPUruXo%%JN;d7_1OcJrTN3#W=RZ`to} z_#H(T)cBuOtw62MCyzu)KIN+Aw@=}R3J;S_vR<6vQX~e;81#(K-<)9^D5Y1FPE?VL zISCV@=!hpTH!ki`tN6Czsc`~Vc&KfS59W)waw3TWyO!5aE1>EHEIpqLKc;e7AeWd< zsTpOCJ>J>T^p7ExAjZU{b#@2G-reRTXDNNTzH}?+fq_Ta_PbeWg*$x%YFD`7wLa%K zUzqLRM03#+yn|v}6#!%zsY&~=t!O1hvkR4wf_z{?BAFe#Qk&WMVk?8RiJa!K!hT0q{TcZA#yhfbeFoBFoEBV{9W)-XiXyeN z<&Wi$1Cyj}N-N}KiKcJV{nx6KyEoGv?ynu`PTe>oN}%}HEQa9}GF!q2>2B1a?wu?9 zC=zP7gVpZ!Q{cX%S^%9ickunifWx5P-YpRu92SOHf+(+~G?4Az;jy{d{{7XZMrX|iheQmfcjS*%v*Tp|j+6d1qnj0)|2nn< z-30cZ;{cUhy9_r~niv~k-lqmt^QW#teX21nzX7oZAgRyIYYZ{o>3Hk`z7_39{=W($ z09x+vf7jj9gNd8zJzYqG1mO8I0MDfji_xBst9P`#?w{+0ik4>MH1Mtksb0)7al1 z29P;`EHJve`^UF$Av83M@?T$bOCo_X6JyrNfJ+imQm7>fExG@>2Ne8dF(K!brki zl9A^C2whQ0snU4uO{L@UyONkEssHwNm?ZW_q_;o1{O?}M%FKVu5eeQIGROuICQbBv zg<3|(p_Pi9IUM#0I=Lklt`1Mg(aBS)%lz}WsflQjff3-P_-Uh>=-zeiD+;35Q0Yyd zh;3H8m{Y`5cd4&>KmCWxL{G$gQ8}n7`gGtq_cm1g0S6y@TK_BbuMdKe{RP`@Z2ix# z5+ZRo-G7*z#c{`pe#FAKIYspCjQ9LP_vPA^^XVPmSF?_mq2 zCE@9>$UZ}8ZuCS|d%T~CZqAj}a6y7TT`*IcgQ2(xQXb2>&J9NikJh%yq}}DKQ&)b1 z+7-c8L#UNqf@MzEO|0$_RFxaCnxu_QuU+pG;(=4;@hAL@D|^>-Q?A=0b>#eT+-~{n z`Y#$}StngUC8s8E!v(N=;PH9;Uq0u6uri&strdcXbIwEI9`4gPr7!k~!RSg@+leQQ zMaBT}XUouc}yIAU!`9BqQ;$FweWWvhj!uCw1L>?r5UF5}F=8*goV+E=r?vu@%;g z49)>r44FnEx<2Im(;t((#BR^6eEY6Q`g!%~a<4oINuC6O4KkynHif zBj(%1u;hifIT2wf>A)N(4G1xb(ngbhRi2--zLKY3tUTqfa~2QQ&+wgu#C-Y7-+^ml z`MTj!WV8}svYN=__B>cslcYDWm#K(6mUObB^?kZ zLBaYlB1UcOLT80Wla&!i!<-CAf8myKn?WS_^CoR@gpJYA*%@|v?QeZTTi4{6rv%tR zaQ#5za>T8hR)keKDO81-4#{BP8n4N*}b$XTBFTwMLE3U-NjYzxt*Y z8xA@>>yhYesMOT%7Ia)39dWcZm}FAV+*}#lBX+horzpj**(M`bPF9ZaOivU^rRC?r z{G(Xe&gWXZ2)lQoEXuU+3ru~&jjD9 zW~&@MaFm{v4|SG4_oCU#%j;1x4vKiTChq1s7vB}BCa9^VzO|#6Fj)QE*c)iT0*Ny$ zF|YtzS}=v<%$$gmcK!8>ae5k_smHv3Q*yHR*Y>gfon+oDI*hn%P$#(Y)7YYT?}A0# z!>_H|8myOu88ls88%HDYND>MWf+;M^A0ve$ajqTgPf1jGBZj|HLIE^()PXK`NyXBM zcx#PqWdPYn!K!KG^AECT|3*?R`#M!t6LMm>B7@6|o^4;q)whmB6nqWw?~DN+=UNPwdU7f=5(nd9M3ik%xu^`>JoaF;A%-8 zZ#7D?nG(K_fR@U%K_69fvYV$){ZrwvKDS7^6+y>kw^7yheZI5y391%kPnX_7S_TQL z8{*-=KP2UO@WWrSwV*1kmsq+x6iJ(MW3)2g8}erx?R(xsE={U|Nz7rRhTP%RrMG3I zuBhrPMwx*%@K08{F!f$GW%>jG{677$g%oOd+hA>XG$>lx)BTnJq^^T7TCsFKe8O`P zNZH&P4l%%7ZqS>Ku#{$MLTARn=gUoVv#R$E`$qStZ>cwjtyF*LO16sGTI>iWCERC> zCwecD@(g03azK!_O6JJ{j1z)wyMn8}0QSPk3%nt;Jb@BLUAfoTSgY z^p1X6(?=~`$Wl#5UV&`B_BRG5Ap(uW?Rld7I{c|Z`M%e%HcG7wIZvU+ZX+~uF*;mN zs24b=@0(QSS=j!p|Km!nyupG533Hmgoq*(yp`4-gui4WzqPA&C2ni-~`mea1x=|_#GV-{|}dvG&5y|Hn+ z9Wzd3Vrn?7W+ohegM%q}wdfygut(9!_cYro6Kbbpw)NMR`**y&LeOSs-{WM8-W;E) zdIaZEOqU2yaDGu&$Ke_Ry(EQw!#s`QduemmVU0l$n}eC1&_|Y%#s6I@3>Qu+bHfdv zVX<<$E-4sw1n;hKx4jqWY~#5MZK|jibi|dsA(J+EMlG{-iz)lV`r9hCp1ii|cQ>PX z6&bnU)YJZ;g`M3I({o!%U^$}fgenFq2Z9i3=BK+liw|Je*iv~3Fm=?RDM_G6u_=E$ zcagn=Va^T?_sLG@qq(^~oyLlaR}rx{H*as47=DJn^|+N51Z9$Dj=_USL0!H*1sYz( z5_-xc9G=Vqls|Tq*QA2XAotRkZ7Y#0>^_aNP0Mv(L(eXv>dxJ8ibwMnjPx5r`fIZ<7g{a zM|dTsVy_yX1*EDN9qooxBSJz2==S2QM$cQA|6tMQb4X7ikDx)D9$Cxs5SiyI&4hF* zlfGZdgXMQ72q0|7Nc=3d#(NIKdGJbGK}ombFoh<1i%=v>&7F@}g+pNm()_*q<_)Jpai@GLrPOy&;JjpIx~sa)?t2i2L<^&J_Rp z4muMlo-N5o3f)iK?$X4?jLNvUlje<#0`1ZcD&ZrAOsO;R(pS*Q!-L!>x*(S&2zlH+mn<>kZw)hi(WXRX*4C zfy?z$t>hLTfHpmQ*dK%fxMEIMQ1 z&>;dDV7g=ZRAkYwCcl@qo|l_TRj)TIkIYP?bA!zUy2WNv&)IXlR9doosM*wfV6O7( zjWm84PT{weypK&d%pFYrNqxfQ+uOWEN0n#twq^~b3#x5i_{|U5zjfr8hHXp5qW4pl3sa#n0e(ASm79Bh%*9E-LAVr=?{XtR6Q+bvLRw-kQ^I^kTBU?^^rRRE@qm zIvybnB2?V2%zMp9_@@xtZHpzm%iHc}y^pmg6cHs)Yj3;*beN1knI`ZFrp7!ANfgfa z=bd|x4F=_($ZhQ6$gT9t=pEX4bQJ3^u9K?j02=3!)2KE}p1&~gthN*H&A}YM=Zn-@ z80zH~9ZAk-7|2amKa0we1dP}#WV8ie@nE}EdwTuF;f#-14U(V+!mcvw!blSgYwoMe zSUoe$S!XG&yW0(t_`3s(?5TO;OCIRnsH49CDSUD(2W7@s`l9hnzAHoxq?CO0V{fdS zujYyWLLQORGy+u>7B2YGy&ZzHZl)X+-{4;lEynt%4#jW5L$$8ZdW9lfSolY#iF9Lg zg-Z%;5fhp_@h!-{@PtMWP6FaSX>!E| zKt^G6F|v`AHCMAxqE8pT?9cq46Ddy~^Om}y5!9pVB621p8C)31glo~9{P7$mmT4T! z*4-57R%O}c<+f;jG{!D!T_n=YlextOXZLU;eeDD!V(#pUSc%^;ouhD&aN4};?lg*= zGM~+dHF4GH0TRQQ?r?oKoGF;-``A2Q_(5WTMk){~ee z@At?c9vmv$ZmJXsd}HsnSeeiUSYUg4 z6jYN)|4CCZU)c>%%McK*1ArQ;QZuJwSFEqVMxQ%#R?@)%8=ySX8)y$crT>@^+rK!S z!&iC(pt-!h|4#PsKNo%Ts@47fB-Tacy2j(Z!tV`Y!Ng-Tef!kdiwXWYYJaL~j%p6S zhu9OeHT15job(Yac8jSip zg&wwxIV;16NdM?{easIktvr5tIT%hz{s9J3N!^6k#>pGge8>7eU+Dem)3K{xzb&2b zhmhs_mKs;OH*eOD&M{#-G_dBe4C718{oiOAr?NvPDMmQw!I>8i1~K-m$qccKG_N7; z{H#1XDR!V)htdY{=nlOC$O%?VDStsj@OC&uw6?h_{`&iQ8btt%lN!q?79Vy%kAK}% zxIj;{pP})R(Bi3ecP#ym_ zpR1>{BGfj;ZJa?BKt#djX?ddDnx#=6q1$d4^kt=k(9h2_sy=w$Ywa3rKHthr} z!!6$GdzZwWZCKdXsudJ4bdl`k)!3k=e~G;vYF1QMk=NY(FaZ%ZFo6GJx9Z^7=;1h6 zgtP}y8*43~7E$xdPQjmYEykJ$vqCBpiQRaEb3=`yd~(b&YGynRmu3SIbg|@leuo%u zpf3129JIoM-zvQ3%jj=&m*WhzR4^sr|?%Byj*R-w!Ket*jV`+F*^tk)p& z?`&;q?@a3xpBWxjoNQhSm17MobA=qgC$07is$)$c6#Q>YYF#r(Z)-Vb-Rzfw9C)#- zan7ZA9G!$|t)aLSd7{6T*GJ3JV)`QYzr(4ui0>E6iYC7phU4axB}3dAX$q2sYi30Y zJh+-PT!Yl%)y!x+?6H7I{1g~lqfl=xq zIs4mO6kS@5plaia$l}(7Kt<0sGv5yyaxWCPy0pK#F)~7#7O^-qg=8XB#7E{g=SMV- zE1DLjvmYULKM;E3e;kJdk6FDTw!cr0V=U}ZnEkSInkT~?@|@bQJa~(My5PjV!3EtV zeKn0JzU_;4yh}tH^ z%A6?f)e#^>e%OUeZ?GOl!2c9DFZBX)YYUwUVI zRMrhA(gwI;((T2XrTDI$^IT&iB#lB=lskqEb`)@qa!bg)-Fj_?|5Q>p&rz5=C$axV z41`u4!V|QEW1~{ig)diOwoyk&2nyC)B)uu;e2c6>sX*oS?vD4AkE&ud3BOAgMiy5# zfEW2PSPc{D^ue_}Qlq<~k9340pHxRBtdd7ENe)bmq2umCZLL^??Uf%HEs9Xx}`rqRJK*+GmetmsgK)$BTd?WAOLylf`j?;qe4!l2Wq0Cc}(` z0-NGA)=lQI)oO8R&vb2IZ3nRhJa&ztJr~DBbzOXC%0iq`A#x=iULH@qpG8fRbz=Ys z@eoIJ(hC#C!~iNMDnx>#p5ez*0N!sYt>!e?SbiZU2kw3gea9ocoz_-oGPVI#iy|qO z(B{Ow*E~bfHyBl+7FNyD_S?uf8SJE0`SIHVi*q%zV*PKs*n(;N!_A#*GDt9uk2_r- z^?Ti%qRu=TmPY3t+q4t(;sU;S2zYs_z)mR&RwHzLBqbmfuwE2}u`3O>tQG_%ew2S|q zKI6hvjN~h+7JfY2O8M-7>HT z_;`E_kxBa!Jo#&}tqlc5Y~LAqZ0geC-5XKdCN7KLJZ~5jtJq$#a17Hr z>Lat`={i%fO-~N@CLWyjcqgE`nhK~QGcUy^ugfIOF3FgmAxM=jb-1pK8~&g-+S41$ znZfI!mi;wXo8CH3G9%E2#ujHSP68EsoYx|ZJ1wudB9X5q?%)9Zu)lDf$s_+= zMA`=4jVmBXl+eU(G_TQ`Z_({xaol?K4}qBUJNj#~!9Lj!jZP>Ks_qlM@*w=J;HEmN zj+O%#H?i5>dn;7dt1ez0zN@lFLNkgrWSG^}ItgBbh7wjd#`BE-_}$#X@XZbT?v))? ziLl~lnDrL)aom={Bio#x&cCbff|n=uJI);wLoE|weLv^Y>4~w6su*#N7Jfx`EqCc< zu~Fv9Aj3sXg%PvwTSfoMhC#vZ>^#=5${Ed}z~A~)5@pyjB_*4_m?kf)?^h%3*Narh z6Q4x#EEjvNaI#L|ytK;AXJjhq%t+&K!oUizKn{gR@GMC!7Zdn6_{8Ab4oE%Kv7*Vv zSl&mRucWm>F>Yb+48S9G2?>=waV{3ZLy~)ty5RT70-b5T_}7?t$Q)AK`dtb3^8S0W z#Ikw3@5AbJ>f4@%Rgu{UJ}#_?=vUwc815$2G(xyt9s6Y2;F+JQxq6-M%q_Vhj=No; z-CN&pK>YC#Bw)=FY{7G~%oVM2beu)dda>fn+~r9hhnGcD{QBgyD)Ds+5@sBTTpcN7qHi${s6& zfeH@igN0L(9AS?|)w0)23S%rH?;esDC1CmW8L_0s3D>7d?_#k-oNG8Eu6?+F zhdZ))>*9xmr%z!xB6WtWH!)kCIL=ZNSN&C_Jeuoay$PROO(*-XtjeGY|NZ_-dc|Ue zDCS9U6s0HIw}XU4=d2F@{9NA!6G_!g_jry)H;f3pz&+z5ufYU75t@iOSJoPatUj7 zF2y#*mjiFasxQ(L29L4O407psXN`rk4wbEyu4>l1X0h7|uX{bAS(lOSiK*c~Fu}v& zY++G-lbODe%$#_ZktMd$b+l+~eB8zV{%Q6t^3e0!*q(rzm&~vy=2*W4sy(7C3(9j6 z&Y13Wz#&PrhAf6s6)BJsoblW>6+kTOKq=$JfW%M`C zZ&(XI+1DIrRWOMA4DlQm`+e6ydOpXOVqP#tO8L2{5j-`T%e(aTpqy{Khq6|$bfO1y z=zE}hH?PL-rIfzB%}bdAmW=*dWlljk>Tqhmu$6m84@X3ByxxNP6GCvp(h!OP_o=ed zhD5VN&xhF0LnN+4Mr`?@J`~#dg<#g%*Sy^>(o+=8*@2)l(v4#El zWtFbW;NuR9_xqMPEiD{te?^USepnOd9JPV#BfaImi3AgOt^acFbpCcPG&F_Q(Y}4Y z`t42u4!%x$0>8!<3Vs`st1(k5 zmrJtOB~4f)T!$s~czs6i`_;E>Q{QC&zDZ!H^MS}%pYYDq{R~zom}7ayi_if@|1zPR zz{KS;0K*xZ?CbRs#r_}cy=7EfO|&gaAVBaC z+!LJO5Zpp=hmZt!5AIImF2NlF1PCAQPUDSxaCf)HyP;o`@0@$yxZ~dUa-qvwd)4?_?tz-ILK{*Tc8>%_TeD>tHt1k77Juy#Y zR2H=(u#ZJcG{kU5{6+ap`ybxpeUZFx+K*rdx8olBKoXlmR(@2SqmHiZlDvdP2j@%Z z%t*(Fi(pwD)T}{;L2-B&W?R#NhRDMOMwqQ~kQ6@4D8$Kjo5gkWr)~n4IH{`n{JKBw zeX*3z`z@aYQWVTf4TsvACHd-Vj0_@a#=8hJT6Vd{)l{5ellB}Ab2G;FE3%*;)2c02 zcG$JQ8?qk8f)5aia@%#>xg952{vliY$z=KFif1~(0S&|fe;U=_+-y#aCOL~glVMHP zx8fSiP~@iOQ5o}>h#c|@FTqCpXYnyaEo~D%049j-m~rKpq)zS9zL-rZk)`F_317gr zK_5w{6E>U0p$!s9J7s8KlqVG*&2R>}GC2TV?vnaQt%1X2@u`PJ4_swH`k&TPjJUZ> zVJ*{RZkBlpWgGJ!9~m_biTqdfyE4qnO7ltptJ9uX_F+K3ZwB>W6=HEhGf}m6ORX+^aQK5g zQI=6}xQ}Z@A<4S=F}5ujaeE2}wJ)EfK`qjD-$8xf-pt~mYyFk;>m_-~&woQnC7q0= z1?Q(Hde%uMsGYVk&dj!!s%KKs!o#;e{$)`ND*cMu6&b{n+72hgz$5otj1QL`3th|j z3g?PEAGE0d#aGdPhQa?H@ooRbbMgEy4UfzJqP%SX^=AAnJQ(#q$Q}tqf0wAg6|?`h zRot)*myG1PSvbKa$3`WLBIw~ru!ssLcPX-Z6D0*tuo2vox4nQG(k~iMv$R3Xx4o_o zCpT@s+H`4g;73njfERTNH8QMUbZE9|(hUjzB#!t3;8czD$s~86wI`39Z+qgo%iFIE zYZn}vBVA0DCHq;z3J_XX0@l_PXy3@?WD~{sQlHtOnk@g2P`QN<8p#%UEFwC_%EMtpQS+ZZkcX=Pa}~whI3YjRB2qxXw|)NH zplNi?g3WUcGAzZ@A)~yP%(gr?5pC`}LUsci&wH`~;vFXfI=E!7K>jv&><*X|*YkFQ z*kSwc#h6ZldM&YGIA>TRj-Ne3Nt1h)I zk;mF54>zSKq~~FxGqCJl#pw?8G<^$#j$R` zwu|fmG4_doX*@*kV>qpvQ&hb#&5|g?ceLr%xX$o(Z?;KH{GBOxYUBFi6)Z@GuZaWV zB+&rwMPgL*_s8-tC#!xof zwXBsjPm<;T#9~fAJ~$Y@_^2wNYU})wJlq!WHpS7S;VavgHk;W^E!SyXC0L9v3v`^1 z(4jAsD0-I*y=&d$-cqGnCwCO9RdrpoxYPXO*K7=vtBUiW1QvR#kmdb0}=KLDP&7JNKf!%R>M=54X`Lu#G_wk4zIcXFA`cOQ{e!Pf996d+ z6W-^VID0WwX7_G8?%*@9y1(tO>7LP{hd?*Vl=&zvKGEKMYO~vWvbCRQx+2`*=saE> z*#h{5*O!}*Em6<8slFd;SKZ<&g4C?ZEXH^i6hiZr=h%R0*5= zbgMU+QoCPZd~f!~%vt&fXJ1SaAi8e6=)D-18@xw^m@LSD@SEB-KO?7%Xh-+xM6IM$ zt#%6Dv|li^cqusP-hag$}B-YHT z$H#A0FY5^`tRiit`NM#M8NqGU^5=l^GhfeXpScQKD&w5jM>#9G%U|N@yL5tIwnC$^ z(!JnhOL7#N7CEghL}d}C?rE_nAuL}AFs)y3&JmWowqBg8+m!@(ia=R1@`0$aHV zqy+Oxj!ASMpxz49H@C^O; zHT!db1}qjUzKa8aS$(W6a6DI4ykuuum(LXm0J*UDY##0vxJQD52#6f&N>fF{P-~ym zPN980Hir?QG+V##C{haSTg40&I}cw~rtGwT-%q$g$7NdYM!$+}HQV7GB{|=p&P6rf z9l!X4osED`l*(b-k9o*zFaJJU`#)wOqxuX< zRzl2hsskMRy{CWu-DEeYD&s^;$*4e<|r{d1oJc@wsFxs3_f?;8Db8XC8 zGgZ6WdOW`vZY2~yNF|b3fm%__lV#hCGCKrLui2b#V$GI}c`K4Rr^Ye;^CDnrUs=1f z(1tEi!v`gwau#^CXl?*=~SqO$3w%=o*SzFv`P^3u|zft1{7)100rIXdDo zbj!Bv7K_}sme?#1XOEK=N!z}vvvC{1lgiag$W|GD++Z=h#==C#7cED8CKIr{1WgMd z+}X<77Ev;*vv7C#U}Vt|{hP8AB8o?DghyeF z8-ZeQs(QGB!0ZMQC)H=pJJT`2$2?hHe;S*PY2Y*#7*8*-NxPVv^#Q5F*Hy$1L_5~L zA&E-QK{Dv$f+wVHQ&k z{g*07T%3U?VTz31_9X)u8iC?^bmhvxWxzEKZsC)CX;Zl&fyN?W7|Y#0wsK805nRci zns4FPxdWS*oA}lzm%7rqLv*&?Vo+Wc6oE!qXz~s z%3OZ9rt+$W%7@ga_!5dxl&}r`ArSlftp&2m-S~F3V?5=Z&FLcb3uEUDTd|xFjPf>U zt@RybR@8xgH-XA8q4rzlR>uk^04M%CiPqr{Tb-Ss#l>MQteNQo*1S4LM+lojC_22; z)6H1+qkt938Qz!-oR!`tEtM*>$DEBycFnG)K7u-t2hWUFYEAhu zW9ab$KPf31ed=hP?hw$qEU)&$o~cidW~qQgf%weOz1o=k?>3MY{moV@y@53H@> zS|D}DA(gZmL+&#;oa_;ekV3+bq)~eifHJZf#|iE+DE3;J^VkazG_JViblvGoN)=Nw z0oi=l(2cG?)t%Q-byV%u10ll+gm-`?S&ZthbVT zo|g<77bmE0z3!{rSGBsP-s1>8#zRsKZp2o(qne^EnZ;*N68HAy3?~`awE1s>jW-Np z)I#Sxye7Bb7*Zpn9>OKxJF1AHq)v;MfvJwYcG8n_ebZB{zpxbZ-`Hmyx%DLm##7YU z`2@Vv_<6-Wq>|UGsbpP1Wo?9f6ZlqdY0iiOVDkVW?QNK9wk6|)?-rxi);`_l+`(Qp zOw6fA_Lz13))bF8@yy`k>D}wQnYy?Ui%|5TvLhoVVEAnFl)1|)1ld|vJ_;pL?@w0} zz1}}K-N+Gx#!5xSnJu6VhtcADwK%K1if)HnQH0s>xDTh7QTK}%&3me92$_l4S~^4T z8ROihI2|H=$`aiSy7~HKQEgZ3B1KRL-I?gjobN{J!6?cVFMq-#54w4_-vtJR1uIg= z%ciK~(MY1ilJ2rh3t|d`chx#}(A=)59%?-znJ)iK$2%}`EG`7F@5YR?59aBcv!76) zfm%k~w1tipZwY@jJ-IR}#HW5*`zDB&!LxhxvlQ^yT;-u~Q8zc8@!GJ=mCE);AgL+3 z4195xD;mAfpJ}Zl;Jl$2nU9gycB16h-jGC4%xdW5NP@vI10D)>!H@;A)--rGqy-g( zTlc!km!V2h<8}rjb2uMRkt`aet?Mj%gC%qwRzq~%?RbuTGcBGTWGHo)GF<9fatpIe z*zQ=U3^)_1VWJtNw?@^(cPK=;k0MFsaTZJ8WOx%hM65lb9reO~xddl*>i3%(u*C63 z-ynm2uEt^6rPa^6k;Nv=whdc#BBk;NB|KpLTfQ~*62T>A!Q_kU?c%TRH>)%)!w5ixRR`&fma)0-KWg-F3t!BJ-5<|<_n?7qRCnXbPE0yHaw`-qWqQ8(Pm>O& z%?*FOxmEP5xsHp!Ss2*?$H8Oh20COGuD1)0YnmLDJCY8V*=X)MZ!J|uQcR6*PH1#L zAQxi=8X+J>xg*}-@13RvxOKOyRBy!_OlR(n#Q3BKxKW4H^Rv7@USkVwCG@Tfa+vSM zba~B0&gbH%hIJF*3{N=dU`Rq+@BOjos1!GE}op+^C!`{Z|u4PUB!c9^1_5kfNs zsPqQ|;V955KF#7edS!o#^Ajrl#)nPto}P!unxH+s)>zfJo(p?SIiA4AjDW|9RJ72p zuxMLv;C!Y_c#5k~hfzqK7AjdrVt#V;!n{XlAw=COV=U z_hP<8&ykIRsAI4+vq#G$*3LU%Z!vBsG1rr-)|$B_8!Rg7JGP7o$*12iOv^vij)aUy z#qzd|ly*H=%5*_|!jt9l#MHFr5#b)VuxEj{1g1YSW~g>5iE|}u;WSYy^9J=q~-u_QkFsmNbYUZ0P&6 zUlc6nG#5K=&Rn%K{Nbwk^KPkOC}ioxe79`j!_3_D4tNs&Q8gGJ(W-T9T^a0CA2QP& zE*$wO%M``d6g=)@h%QBlz??%uwO!VSf~9lwW^9VBGkj5W@tmtNG{tE(UEPty--Mj1 zY1d-eL3;GXJy-UyH+^gT?ekj{y%S@+o8`vKphR-_CkP32USax>uJQT!!`oSj->osf zH)O%X*azvhDpRZOh+A=DNR5pdfrs4b9I*YQi;VK|NvjHFw?0^5FcF*p6CADY7DR52tZXHoY^Ec$id&zhhCVjKRanN9Q(E?Kf=S9uE;k zA=Q=OTK1-D-2O(e(vvG##k20+hO&FS;J3N)9qY!du;Ih*$(uJo;K|u>B;uqX<=wr( zeYe@1^HP|^)#q^EH4Ny+O=wpwqBLtuB4G9LrHtN%(y1_mJg8sh9&`lxEzg!3>bmJ; z4&go5+@v(I!{w$m_?ic4OcGMmlo<4_%$^46JyJvAvnQ}x#SV^*POvb@+mk*chjz{(> z&bRfY9&PnGz*RRfgNLE(Wk=<-pXCTJAslB2)mr3Q7HgK7AMYeZ+r>8=i!nXWgBxCW z4Y)k!Zai&dv2hV^%#I|W>?B9xc@OoWQYlFRMjW6yeI(p|E!lB3o$KuAj;W$XW&d=c ztiS)^h4Wp*+TE*Lc(RgGyY`S%eI$ip(uU(m(>te>e_*C15)HP=NMSvLvn_%xEj~fh zJ{`&pvwt=m_ydlG$n#Wh2q^~VE!==3XZBPeI)k=&A-3~rJh#p2M)0mgqvI`^Z<=|E z8;R9Y*pcV@4e-2hxMHh;JLpO)`{mqY`Vy=;j5sktAx@X=EWPY@OF*`e*=CVo^fo!aa;kEB|0);BJ~S?g!m&zy#J#PC#|)rVb_Y4&yBt9|l5 zD>kzLS3yn?Q5z{q$p3Ma=nwsZR&H7{^edB>L*&A96E+wZ@G_mQ&pGG`PaOhlq#q%> z6T2{aCt9YN_yiXmEl#rluIH<)T#SWY!#$Q?+%g4prj$NcnSZ$kd1!0;bRy;wzNy<};{Kp4(20&mUhL zzU4-qzSOVG6>r#QJCwaXKap$Qc#+&t%P-TfQ20tzh@9r8^O_fQMu^}W8rIJ)WcThOE7g%Oe^89jH`pIYaalf$Spq3mympwYe<)~MSJN$ z!R{>jBtd4$#Lzue75}Jzj);VpGJ5re$N2W7nDnd#cT%HfRWF>U0QgCK^X3>k{7xuh zr}a%HhC;6xae>;S*>3hLAxbEn2ve$+A^%X7mRH0}L{yJVGEH>(YDu98$k$=8M z;(n)jqf~D$L@3nT{Wv#b>cVm4=&&tlN3QG~moaYe$D3!1233VI$*q&beA~nzT2+HtiK!A6Hu86v z-<%$-ub&)}``;>3KAM>N@=DwXrKuut^kfH1PxJRn{v&p05~%|Ktv(1+-&iG4d6Ryq z$Y-}*r#Js?>#{`4ny6VNB9SQ-@t~8)K>rGFSfDCMD-Ow?7H+5dJ;Phk;sO3ttt;_h zrQw>$`f9V$qAoIj3eWrxz-!FW!9<)!O`5osCk1L|l|7nV5ek{6Ad1SzKq}!5(Vg*k zk!^EnMRIR{K*}+3?&cX129~9UYsI><0N6akV_o5O8*3LPhrI3aMj(Cc`uJEfr@QBf zXD;dc$98-7Oo}BSbMd40z zeI4!i4^Em~xFJ)iYxlqeCl8C$zELaEmyFd6@XwW{Z4@G)otkI3TunZMgH@@2!75Eg z{Fzj1T!GD(h)-&Ic;(e9+wB&0@Scmdz!gqSqcK7PdyUm}E2#A>Sg1`htTOH%+flb= z3*fNZZ77le9JBhHYytP}n}~^(lb!>YnDeoHc+34={H-6Kp|+(iI5s!&FE;n))g9_t z?5P8Pm1db>AY4%>#3}<``=`9u8xD+~H!lj|t*>mT!Utjh8JTo?i5_-s!~#dp;1HW+ zKjq4AwP(x`e*Aw9QL=i%Ipop4ZmsY|BB0N>k0W|}f%=loG=sicGf9;D~elxGYd;0QH>ld@(>6rYpPJ-5Ua3crd!yJCBg znp$FiiV;p>*8L0k6~JTl-=I?`a6e;=Ma(*Ij{3wilx!O9)Et?>5D{+r%Mq?BjLq{e zZdg2B=nbzwoFp`lI}1Jy{P&!LAMZYJZHb1JFSZR_+MzyxM&GM zam4cV+UjWA^^I~%{$R*f^k%{RJ_AwBUVzx;XJ;1AhV5a&96GA3fes6ObD6iEyYm)J zMHgM;fDD{5r|OH-Gcc@uH7s3sU+;M3rlV?!;u+P2cZM1@>lu0{F(Hq|r6pi7Bln&4 z%o46mN=SG!^iOd$G?DKz(LQ%L+69$)lri2RSd%4HPa0!O%!5E9mxsjqvdldMNmFcz zR=H#Si@Bh4v&{}d#jStU|AfWC^m0^XC!c7%45EE$NS~8ON{hqsba*$7Ne=AH{acDp zcTQW+HgJFt13zf_SK$-E%s4joE{ z8U)&t=9G;uo17xsL-@H)*_Rmq`JFdq!qA+yajvSRF6G$u6h~1y9n(0Gql%6x^KO+I zHHF3T#G*?}TdHs_{u+t(D`xspYKLfZ`CO;|e%}$Pwv24;D*n>@4Fb=8V|X#S5TQRu zH?>5B>UyU|?zg-dUXL$nB7|ly%#sM`uZN>A=oKi!HW<5)*konPG?^T{nMiBiUH)D( zv@yK>@>yMU8*PAR6 zxd-d|O;QVs==HWydTGEia+ksMqSIZ!rhy}0_f!~`XTw^Thx#FQn;PSd>w>#cP}3c@ zC&&^`6*J2E`fru;O@&DVr;}WHu3iEIz`xj5Ty^JyQsqie^Zg6ER$kD9NnQFD*=YLO|@1n9kU=*rPz)nS7RoQv2$9!p72J*UFb2JOx9;Rpb%&eL7WD zNy|rr`@YItQys&*o6KkMWGlTR24vryU7TUU&j9d;HEklsx?NB0og2=I4P^s8(v(E# z`9Jry#%!0`arGG`Wp!#i9l?#oYhTJmft?A@;xD9ylZ2^tB?HlJa|wuj5VM5M$t#L6lI@q zJ)wM6jxaM&u*c3UYp{T*i7qDubL@ZPO>Y4}e(+0k-KajJWm(*ejJdC+BRwBA2B z$g>+ZHy_IwoqZ7W_xNNqZ0_adl^`Dl$8hy&gs4>DYuryndRCFlWM+-a4KUmGl)b^Y z{L-{=T?>t$o{tMEyGSd~wK6=$_J8(xHv>KfH-amLPPZq^#nI*eN$1Zawyukg_eN%rc)f- z9?dAdj2T||pX=v92fzA20w{XkP?4C((n06v{#3;p%z_HsMm zd!2jazs9JBtigtZ*zJD`Sl&?i#=J&j0Me_48#=5v%hA3eStyxKaf)qTul4ciQ;dW{ zEWa;@^%<{o`~UB}qw-0w&)V(;W7%2EE)6mn^&9*f{)m}sBt5AVUpZ<;DqOh0*@Ijh zxpy%)3Eb#E=tA+iW*D}-Z2fJqnZ>?^taaef2nLD_h|4_>-!WZbQqt%K_uLqbqnie3 zENSkk*ceWCwyG@VF?vxw>sz<5r@G12iPN*GWIRY0J7AaN_nnXG=~8#K<%Ht)xka#E)BqeY`$d$Unl2nMtCv;KdJ6ZR)VidVL}I2d*6yR*&Oi|_l|3e zYOa$}%qxU5OYE0bBrKDzYhV29gEglkC-~yoy0F9jZp)S#M{;8r$1X06q}Ciu z|B1t7x9n~QMD@$=-=Hq7LV%>f|-gx*-;H&cr<;uFRo(enemmHtBwY8J>bC>`j`Q;FFO_Vbzy zP4(odO9GE&MGhm7Z{2nBh;4;(e-HJoGK+nu^f)!c0P#Y)x>I3l<>9kJahGeb#++KkLaoctwU4k&nd={_eoE=VvMJLvll^ zEC|D2wr}ed3X<99jxvww8Jlqy9gd7ez57D}+_mpezk>>>S2-gbT9g>x52+LHg^%Zg zHwvo_0i?oJm;{j<-j|CzZU zJXworG@N(Wq-$d45nH`?FXQQZpW1ZIH{1+a{3@JNw?(z^zwodaA{i^e=Y(0j`zaN` zSlTljQK8pBxDmC0tnXPc&HXoB?Gw2*0?jK%aDTD6?7qm6PdNy9xtd()%4|yuU z=lf{+T`+9(bFv(tt)bT@xEGd4g(Tpu5V?n9sKjWYl*V@s*zEZvEN86rka@S9W1RCC z7$xco5+a+Wq2~I$qNnH4wz@r7uzQ_Ct0LHj$*i0j<6yus%CmujtwPf0CPr}rcY!#g z{+AEq7c%i5i;HZs;`2CrXyBaFf(co7=P6qr<7`YN`x_vq8ELvPu|9C*nq<(6o3vr| zi!@$TK>6>NmGyCB73)>O3U>d)Q*zI0giqN=ED==1zDV`f$xWNPn%zcBdEPyh6!KbDqRR?Y~m_-iJpfens>u~c~FXd z=7Rng<#t3<03U83p?%7Gi!HNhzf56np7hb6sGT}d)twBIz;GLd(qf50tMnl<-EY}A zCCd#(s?>gO6qf-XL9tteV!H;C#1;CY=Pv9zN7z#mUL@PJ ziOK|98V|I8NQB`wnRA*DQg$NN(qeJ!jH{UGH`!^B$;RWH_EU(Y;A~1nRq2b{J zUC)|q1H^>r$jO?oTn`I*zm65Ke+(#8_Bi%AHmW8|056ox3QA{PsQ+U)$>97-^cv^ zKV$sw5dU|MF`QkWfK-r`;AyepN-9C08Q}WCURPm&oJ(M={znE0o8TPqQ>SY;Y;83g zB=;@l77>>H&*7o3msjrTf{`H#iWDz0-+E+hq>d!D28_ns!NmBk*fyi*pv(w}_Aa=`*;5aDrw zudd(CMIYOI|3M+scf+PXgQ1d>j2;c$6N!29DS9G z$J+PUK$Eov;^C2G!zWbup}p);{D~=xtuEV5phd%#dUam3_79)o4Ob6l@rGiVC|Gz# z2BArysriF05dyWP@U^|ekQIX$rH&r%OztJ8jg2RQ3hb_6zSjPe2=Ly#newZzXbLD( zWfE`F_eQ6Rn(}HN11cQxSKyKb-qc_MvG*p*vES<1+_2+J*}k;P;p-w({`*(h&>OjJ zbx+Anir;#kh#C2%uPeoZ6~B{vj_(QtTAJW|zYI!~FXCurfq&sMPWMwRtfi)uDeEA- z-+rmuh+fZ=n3h2-@<1H#A#|9j^MhhJ!t{NB?iex`_qa+9s4eA-V5p|v%lmEG%U$TE zrw|WoxB!~zl-7u_A7XrwYj|rIXSyuGm{yP`_B=?dkRFIcsUFN{w34 z)yc(I`7x!ciDaE$-m_NRj#xX9df~=l((uIlW1z-A=+8)lICwZ?4=k*|g9843jn5#~ zILjuyYq;&|FXjfumnlXLl>DRwYej0 z>X7-bc#fO4yotvVCdV3$zzxikgj75u~56eX~23tjohnKLJFwpDtBxG$n`6xWDkO1Qj&G@CWBT=b;sR@9x)W z1@%1;$?JZaAI{DDF6}vZ46sxXJAS}-)(gyG_&#|RXzh3zr6TQTjL0*}8NCeVJYH@F zjCCXZjoDFSYWl5OL%exXY-BbIO<9)m+q8;~q4%FZn7>;bUKhTiT!!3HZkvEiM#=0X z8^KXp76>)OtuTpsTnJGXIfM-QR3URbs(*!F1~`G>EeDrfi+lkI;EI5#72 zycWASmw<4%+3JT9QMtok)_gv^p8?kPkyMtHxRhvuS*s|D z3Xm|lirSJ zc38vn{t;CnHGX8*o5J0=b$ff7RuN$%ZgTnPalX{L-k=|<&i;r$D|#m?e0P#Pz}JSt zpywsv)nW&#l|ab1_}L2P_Sn_|#F|#%j#@m5=r^5kDf*n1ru|T1@X~dhquckK)$@;G zKk42$(+h5=(UM$*A%Jq7xDIm`afVy|&5x`$d6$h&S1JRRI|KDQR|vP1uS_7J`cM0c zF0KewyMuBLbk=Lf*VlW1forIAQ2v!lX^Si6V_zFSCxjnMQ9)v!G?Xm>q6yy@g2pg9 zCsc>+04kc=i$9uHDbbg$6F_H>OHZ~hVGsm6&&|yK_xP^R%3i(*fZ@iDuX0C=+-EyA zt%FJI7j&Axrr`VzUS$N57?2S1K#yyy8B}!R#(%Fo!y~n$_Dwn2fE|HfkLV}26A`v( z?#Hqcy!vY<%rmc7JV#^FK>~75R##$=m`(_n1xuWqp2RfX#kq-@%K;bFyfeIn`f;sP zzBrHMgX9Rb98UwR#NU087j^y^0I4e#*1;n&Z?jK64PUTJoA{F7cTpM5Ri3Q}BL00# zzha(!VO-!xIcr8&(dtlt_jxT+^Ahb>A82l+7x&jnL;6SDtWfM3MLSRul)o)gY89FK zn&P*dFemd~ES2PYFVam%)M;iCrfsgGM3;@-8h^ZsKDX~WxC(Z;*J9dD5id-aXVX9a z#Jm)6L@Xvdu>g>hsd&9JJ_wS%(z&0!f!+4S0kY2Qo3T%rzWk@#2wXANstjXc zmLkT=q|K&cTrs5b#TF9tCY_`@42WXjd|Lsx|T z`KdWk{W0DKYT6rDd|)8X}H63bgF4vlUi77;FFOc6R!89B+Zq z){dq-bZC85lrQ$`3(CirJf&-q70S-8(8@5Ki#eg&i{%c3pKB|j*X;8j9*LDPzI9xo zWIb#WCEXD9ABf+Q*h@-a`qv_|T6AEPZvlHd!_DY^h9AAT63$L0+DK}A6j(f>`RGSp z68~a5TU(MEA&a*z>r&apo%aO-H7h$PV_HApff3=uPb;v{#L^NWRP?X#`DBgxnKM%` zVVT$TiYA=|o>*tW+5>rLZJgowi9t`qQb%-Zj%YxZP+&k9ATmOItES~`+#mxms0$Cq zH`d`q<_6g7;peEx7+uEmc)DTV>YZEmuQf=L zq(!yEjsxsB2E9+S@3DiNw%twER769e0%tu%d~Ia$5o^Y45{>y6JIv_!dh>uepvg`H z`+A|pHb*^7XdZU_?rKbQnC1R)t(zMaM#%uX0KDZU2;hFOj>a~}z-ry`8XyyPQu%Us ztxahUbrc3HX*hOUcZ55S$-fJtmz1^#o#u*Z-Puz|B>^yf!&E>_03U&TWg2QccjMcW z#<%gHvR2B-4mR;|=PNeyLvIS@wqu3?I_KXd6rc%_xlP$_vi;?UsN^?@4D||~78BHI z*3^=y$gK2X*1!X)gx`z9jxlr^;0A@&dleNs0AezcR9PODve)Z$8&x4vi4XcgK7t3+ zy#nDgu5VMQ#0ATN!(HOPDkvtGUvs7Z1ig<{SC5mW_q@WxQa=0Rae>U{whG08Z_892 zC9VB^=ug1V!dKMSdf_q*KXTHlJ{*b96--sm-FRSA*HiqCP<)$xQ0H}AA>!EAA=e8)j^)e+O(le>Kf;zz=1Dui+Tey3rreu3c>4U^g(geGI`;rZ)%Oo2H88XFtz z)e_aO0;UWQ*9i&2W|xVxMZInHM@kqtFv{n9=TvaY;DSGo{XMndLr1WP%Bdv1AL6(6 zE7#6d70Sm*e=Do)E5Wcz;mg6E^QV-EpGRs3bJpI%ME50riY1m-x=rauipcr}pDUtZ z;47bHttb?>5wGrL^1qXLJOvTKKyE84#2)ftnR_+Tbx$u?wt)(7+y^~Q)C;)g&Y2K@ z)-%tILsK~S;_oIpJobg|m!BU`dy(d0N2pZ>42+tmYR9c$HHv5HG-_%=`m{67|CHl@ zk4{AJ?^WTyX?4H+$Lah82ep9zI4$2Th5YwAYU=lB|8EO(QfOB6gZf>a^V)#yR7dBS0YU64E~3jGpGXm{=7zfI(aIF+%yACP+a zA7A@+(~fmgH}eDikgl@+?XM;0v~O7sJBfmonz+8HU)g^QgJl3~vQ)_T75eTFw0|#t zuR-@PM7NOJ?_!7>Pc#!B@n*1m@gNHkJ7OqHIUGpUf5{lV>56kdYxeJR*A? z!+Hi3YPKO9+@?iAiG7ZLWf=PX-1O-w~4!InCG@Okj5 z=1sdf-594m;nte!^p%G3yXRh5iqHJ{ljnY|{VPF^T+jpI;0j;YUG6bU(=m1{$p>pl zfG|x|l(JGvM@Ps@qq46H3G%+7>b2EE;6p9&<#H1QDcWHN*K!ymP zD}AH}n3Jwp>MxuIH#$<{xgaqsq**31IhHh^Xb_1$v}BQs4i)Q0eN{ZuC6L(HxdL~vjruQ3w1MF z9#F_ddx1iW6B7vEuJK`eyp(Y!9v-q`sqGOFj&%(U2Mz+=yiZ0)ZAs2HUs+P5LgZh8 zcVF%>7v<&Qo={{Xkkh`|+Nau=V9S)^&6I*a`VWK>5)w3mf~_x_h{^Xs+oqp#;V#VZ zl;4&gLS4M%!v;YYnY>%+D=G&LeTCEN$&ay7J5Lnoe)3Jc)x@yV`CrrO;mPNZZ{lU^ z_Tv;;P#0_(wAa{ii`aQ0OOoXUioQp})U~wOnC_*~OOk2MvL_Us)z` zUkTdi{TMEf_{^3o$5fa=Uvw`N!jjbvr4j?jaOn*kMcS?5FKjhn4LpmCoY~vUe{<$d zdEr40Kkt$OuM~a|vQO)HU8m_^m~?+yD^X?Dx7VJ?)JusSv*V8ql0dy3kG#FQ+QfmK zpYR|2O5EVbb~{@Q0l*s1jK;ywaYvG!uTx>W9O^Mrk8kEX$LJ9R*a>MjpW)!Q0?Z) z$;n+Qum#0r%cSYF#oFPdKDRqhBJ4ah7mDxYdmq1V(65zVJU3@+VfM>c*9Fy?_D{TC-rm(GJe7TXK+nYAIUOcO@S^Z{ zCvAC{-45=k(XPm^=Tsz5@640I{s}AbD-&?W;%)cEd+=Kdo3sGAcybgI=ombTIZUCW z`bYV=p%7h|_P z>q+JgL>+wSL7koH7jw2n{%G|RZ`-*LrV3ax;>8i5`Z^v5` zU)iIUdwiX!TJ~js8ZjW*c#(_Kf#W8tr2&b!u_5u`0;{TLmSCOB42_8926&802VkY+ z!eQg6V>6jCE=2I&(+En4+_uW0Q$`J+2-iES{lY#eDPh4wjVT19EpirOzKWE(5O-d= zv+z5p8m#?<^SmYNFbf%q&W|f|x}1TYgeMkmhFh6@KPw89Q}3f()}tGB1HpWaMms~i zb(M?3sd_hBP%zAwsDU^1o&uYdaPo#<6p|;cdms2pI#*#!2FHwZQa`Aa&Azw3SSt3( zADB-Uc#2YdE>RVfIBwqw^EAW9iz_^j!=Y-$Kv#Z5^Eh&a1;cK|8jYMW)_Jr2Z8g^X z*`NB5HAU8dpOcNr9G|G#3E^7xAwYXdK2KSD_#Vp8nHc5ZPL9A$)cx%&6=_%haub3}4sbu}7Z3NkW6(@x6S z{%ik(Gc95YlF5w%dis9&PdV7s>2opsH(;5b!7m(}Ew&Kbpmd@M*zk%zA(4Qc!IzSu zgU>>IA=!;{xNb4KF4Z_5lY1Y?-sm(V;8E)kBIl>IldYK}E^b_M)-a z5xz8DFxZ#%WD7A|ly<`g(wL!>nzspF&^235%vG_7xRsQ?dBiq*Z~-9$aBIuMdYj>H z4RGmutgHxB-7`?>gTQX^n!Yb>-EFHt(6K&ZD(UH2Dq^h17i6oMa@O3uObmz+XxHRcsO<_CbsJvZU!YgIo92o#*d-_P zZIB&RamMkU@jXLGG+Mu3JkL;4ez{4oX3SSR*TAHf*hq zTa9K)Y5wxe<0BEE2Hy5iD$+mRS8KW0)DwKO>xO?GOUjIE0YSJMu=<5r~J5j0Rq1c2R-H&Bg)`?x`Crpt| ztVn#s;ANM9<*Z-!i=yR7=eEktvzQJ>b!-V7r31%IE}MH687zjS&%Z1Q0B)|x2wQ#DWXWqvyEGAzxOs*w>-&kF8Zu0|df>~?Mdq81l3^6oG}nR`^~bpX^gw2v{W7}a ziPpgUoiL87TDq5^9;DzQf7Eh`?r-)h=DK8q;p2g|MPSp%HrQ|Klsq(&F(0T98TCuz z#Oa$zq=;+POxE;<@+P;v=ejyn`p>0?j(u&iquPnqxqbDN$`SJ(gXidN=9S5!hSmj_ zDjI^i2Xk6%dNv+8Z|tkV5e^hx2s=m5$=zmZ&FG7=%Xi-2Sel!!uzezW zDvRH+x9E!nJNQ>j*6);v*tu*}v|Z}CD3-7uet2r) z>$ASPi^RHNVU*`#IcFRzaemaos`id|M)i4*0M@cQPql?Pd=t(+?p$y%QP(`%TMZCk z9+No_LFj<>@pWy{Qi5VWG22(SJ^5bIQz_Ic%TN7q!6d z2Ty-LVwSbAQAo^Xo>^dRYOQf6WpaGr(aPPTgGA}6FV$xrXbh~5S{=1pDli&6me6?Y ze>1D3g3!6z+G5A60?*|e*;iR#V*tq9pmQ>;3-A>^#)QYtAnP{6Bm@0j>3c~di|3)RtZ)AI>c;Ggru_$E(}kex5IKfE(eKZhIV;Hjjl~dzbN>ilH)KTF=c7?Zo$BY?lV%Na^r7lsGQ{fSZ+Y^5U(7e&iRt^p z+-Z>;1JAnHVg}D1uc}d()u+DPFqRiL9;F2|t!`|S&s*0ktmYzJ=8cKdEymb=5kIrG zrQ3xx4`jw4pkgYA&0{pW+oKAl2Jilo(j)10nrmIei@1kOJ1nglSM9yh8xdR7{_xGI z_@r*Le|9atHU^jclNiXzDJ|U=-uP`!J9y{`P4bMLPhh^?<&-7hTk40|}3xrQFp zPIh;`va>< z_%lPET-ppLxqGOM#dy?~&KaE9y!=b7d87f4n5NvfU|;lCEySJ|Q3kC_JHKCpGw(H5 zjfO93FMZFyV(R>1$4OR90(|rB(zKw>(p0~E-K!l(3?IHQl{mXo*$N}u`t#sq@Q2$YLcV@BimIu;DI8ze zr5a%6t8CwWQX}xDc&wW&Qhcg8DNlGaox)@deiB&NR5@620s4ZT}Vr0mK; zE03GU@k!eG?XP5NM~9rnJA`+_4d1#Ncoll$E|=FB{z?H!bF!2`XkP8NIl)8>`s+w^ zS=C-W*CbPq?HL(A56h|ja!xipqph7=W4yL`>JPF*D-5ww?M|ociu-Ljy6P)$mQ@-U zcjDsI+R^IOY0wPI!Zp%$eLZ}sk#YZ-jq!$L*y;z2h~dHx=E`TIO1QkKuv+PTA&2{2 zRCBcgDv#WitF%3KA7Z9N{tb{Y1XVI62ddAs`qj7jY$!|J>&wZ^tS=|!(${C6dPd<$ zyQ?2v`8jRnGShnHm$HNQ(Q$#N+{v%|jIgqP;fhgV!>dd6@jlZa*HyiG#bZzA)+MeO zWr+qWm>^D8uLeWd=jE%!AXU)lMlZu__%Lb4W{CXkox#tHfyjOE_3O;QnS+YopM(sk z&m`9L|6a~iQ5ExcAiq`%*qJ*nMhx@VliTy8o48IO2n;G}X!br5Jvo15+;o4V$geM% z)nj;7-J`Q5@+vJq;blgHh_B`D?wb?hE zgHx+dxZ+2Pm(>sSPO2v&0QkXufMuxn7nb@)JU|}&3mbU(I`@AM3{z0tt=LYY?1;jP zx=*)n8!oY1rQA)miK=jNJDr%vx{@syKk$iC;A0=lhWOS`-p~&!KOWZ~@#Z|g{wdV) zI@{y;b!z-;*wd`6x96*y);}v;;5mOEKCYpYV#lDFgk9L}Oc+0Y^SI z;XQQ0i%b&Hz981h!|RM)dvw~h4Q8QJ7q0H{zVW;BrhOmXeRkIe8^yhL5g}ca>qSOz zqy$HNy+4!g*z8ydHhSFtKmXQZrNzGVPxA-EHa|mZ4xAP17#MP2Ks4v2r*nlpOCX*_ zEr+m_Mq>}neWl6CJ@+Ve^_+Ke8A9&mgzH|@2Z*h_p;2KapIHLjR%7NW=yb#2S!2D= z6))0ZN3yb3uRLb!>aKt40E5AkpWlf;HT}+FJ={>Jv;a^vFQ_yN8k>4Z`$^8O&zrxm z-#oydTZKZRUQIc0J3NLEH$*@K`_-i>!>7!G#03VA8Fu4;+#kC4LQekMbFm!)E;moc z+!eVmkMQy{!qJ)Cqwlf}u13Wqs(Rg-Iv2PEjkUXL@>-}e^y*Ll@p1<^KI)*2v$Zhk zop=l`MNqH^@{N}>Ce`nf*~T-tkOK7f#l>u_ow}GTv#8_l4bc7N#w(-KGC%V}UtBz{ z0liZl^yl2rBn1dJXR7Q?nSrUPaIK{RSTFt)!^7k%{Monm@|?Xdo`#1M-p|pDa~@fq zPcGi%Fq_D|8w#RbCoczHb*C-Et{YVj&@&thCDc*Md(bO?t#Z{v#26k1hT3? z)jlY((&n{`8iz%4TR=^`qi}-KDOz8@jo4cQcoqS6CZ{U*z=sdNFCMQ4LsQQFKNy^p zblSG^QR5#pya9ks%brJ3REB1pV3sq&LbdNZllg*AX+AHS?WS>imXYUjs$I~YXAyy4@Ula8NCgO1pp z8+dN@w!O16_LuuApt~Vc3RWf~KSo=WP44+&!Zkva>3mk@NPpc1+B!7gkrk294m= zn(=Ji6RuIHctIi_PxAr#7+DRfP!@_ZV=cci78qa8LJ# z{)QU;tM~nQ;~#^k&=tqOFD)JJ>(_7Z>x%(U)te=~x55oQNrzKYQ>|?d&<5RRaBvA? zStqD#E(4+B8R}P`s=A9F$6KyU#a|Evv4r=87SeRc?2$Bg4?S+}s)G2R^~9mX%Wv*Z ze=!0;Wq_i!bJ~}eNVv6O)b)Sf{?H9^lfQOo?Y} zC#E?SH~+)yWhTtk9A4m!M_D!l9|p@LXJt_8y&f-Hd6+Jhxq+*og%dXpBx6f@C1i)G zkYJ?-PgpD2ZiM~EvN6rG71}K}(dDkUYs5U*W45r2r;&Intz~HXSCk&?MAHcBu%u+S z`+JcNoAK%np90SqRRo8e9;^P&TP-(f<=8wp0v-Nv-m?z{_t)KWtyqKU>Up<{@~}2V z1SZe%L}=ILbcL(hphHL`2!=mVQ{LLk5-90qG1H#_$i|;?$YLR_cZ z^AXjcL$$>>4)>=G&F>mbXU+XNMfXp!Rr%=}>Pzg#soutIqtf!|ehkdh%a)Ow!tDl#Fx*BoTb$B(2zqWtHIdZS_ZWGn(+a4;Df-M2*|VaZ{_oQN8>QyC#M$KTiYtlX zZ(AE9Y`aGZpm4D|i4J7jYcHU-?X%xGlC#uCkTRrSn&Y63f8lSmH3rrsq_7a#$jyfQA2poIkt*QGCW6Udp{|7}U* zTHZm8U=x$g?foj^qvd0_v}@9B^HPh)Vty*Vt4~S>o73l6Or_U8FoR<#ML!ReylSj3 zHi3aHNzp4A)4T33=gJvoH&;ef&uWh{yitloF1eh3$prJa{ha0FY0l2M`TSy15>_@C z+)H6hRBsA5*sfa9cS(H7~qd$_O2|8!_16|~PQA~?m8khJ(l;tiddP_35A_oCB}|RYU#znR1k0^9VRR z_+bhUas=N?OT`pwK%m!eqhbmmbJEBKa!Wen>m0jh^4eXYG~f_b%_2{7)p1X9<-u25 zd?R!WdqUb-{Y2wN)5N+5Lawv2+01n+N~h?v#2jXrrK0f&4;q$hQ-1tIc)7MN(s zr|coiXsqgLk#D%Tt%zz_mQ%i9=o@H#|Qxi$)|!6$H_ zDFlNW)m`|icuCZxHhFK;7I#Fy!Je_?MAZ|EUV@#ONMdq==TBz;0!n2{_jy{ig2~hf zW|&Wk8;N<4&P*doyh;P{N$=ds_b?j9^)O&dK-K#{h#e6|mq18+III_LgbO>*XZBCD zoQv*lrfJFteV4~PPs51FLgkCK@E9%Prp)Xu*_Ec<&$S&jIDF2f85 zE3PG72a<*y4N52iZ6DUfQ{=wPQ%D)1@Ao@dyBpwT+);6S_FMtiT*01FmUxiN85R|V-2*ZXVQQLL9UYP@0leZ z{wqzaNrC%rg-}HSCY4QCPxPHCYvjOn)5s9#Z6?8vZd)8%ft?G-zhvRli;6 zg5C$cZ39R#V%t%W`mj%OT3F_(Z*;g{OzSFX#2389{@yRDQil&gZVsIA@eNOj$M}*F zu9NeQerkxxbKix9Rw~KmMn#1|;NLOK1^>YH{r;;5H2amo00ncYhmUCTWR& zzEjPQPDjqQL_Vz6|EjWmSjbZn;{UuCMmLCo+8f0))3~`1{#qdOIa-o22ToNr`#brz zs^oe*+8k3OpyPgHITH!4v4rpy7170J_eE-z)u-$=z!<+0leiIPzEyYXQcm$7+Xo?a z18ptS?5I;WJCqW`JhK=BHG{7KJU#n`87;`KG1iSHMDRzBMfK9z&0OyV#oMh)5VS}q z3rQ}Iy`;&})H-@z1al@-9;P_xvmZpgW34AH249#!-FFu3=S|n z`8}NU(AQs)rzTq14e15#P_1NWzvJw)EpAgi*gJ4Z(@#204#st%`+W<_D16~ra#kP_ zg4-$XiAk?KV8X4EqkW?z2qaa%{C&ASE5$9eoJe78LOwfGEhYW;_7q`Nz8FF(td8Cy zFOEr$x_(!~Wj`8>1%EY&mu#jA^2-$qr!GIoIL;#cKZ|J=@Q;T)ei=JYcMW|+!pFEx%1MN!eUJUxvR zzpcYR*2q;(OL)(0>&_>-Dgk`6rq6p}F7>bsD9a#*$vkI8Ye8$%nkX{Tdc;K?a{7PM zElMVKOK8Dbef;Y+3u$D6t3nY-@JKyeJG4;#y!=#|B+4(J)S~T-gwq#uB5~6#AMz4G z=5jtm74^?S26#%a65+6rrvu%ZkcQ?7?p`K@&eS3?;BMT(*&u?H7NEfr0xr?!nTjyc zEk+Y}HbyA$*5bic$&$@glFd@*b@-(v~dyk+{`@r{vJfEaHKN;gH(hyo`bcD@GkR+Ym05+x5 zEn!o)SRZBC+Kc}q$NyC%4Hi8J`|dH%N)8;Wm6WE+sr~#KGEW>ccUSi;W=-9{_k3RO zww$oHnop3`4_ZTcd@sk&t`T@SRXdLy>MTOQTFdO$q7jJjNm=a}!ugSr+DPQ+&vUJ@ zE#UZD$k|X8NCA%d-e-s0qF;;LQ|<|=dkX)gy3NV1X0hpo*Qw)gi)ba+A^KjTrJ z-XWK(a^Ci=oK1AG-7{3nn&=yvjSd}2uXSv*?%^3|ln}B(Qo}|-UbHh@FjR{nEK0Uy zQI0Gk5(1#z*z03jGadH={G)!}+RR=2-LSrM;|{n?Y&G8cnTVUwMlVYH}L zwnr+%r6cI2>aGx4KEeoeNCdQDS=gFJq3EtShPMyTh!F>1XwY^cbb=Q8=eIOA?0~-x zU=vKcjgR~kLM3n?Gy$&or>noKLPn~FwiHDoarI1{vfrp;Uu>0!p1+6Q?S2@0A9$f3 z76&(YaDs>r5)P^``w{dq)5m1_y;6|1iP5iXsdk_a+E~?1x$}%ma4_Y0Hun@=7Ei#a z^q+fp9j2j;=s=fzJ*kM+v2*yGx5{);q`R)rb={y-X{QotiMrgw8+#E7e=%Gj!N%2gtNeR z+^*2cvfkE{kV~yWVteGZ)=;D+KZu#pnCHtrdBfb zVfqPTo4YiYI;?vNVdDp+YzNA_YsjjU;pAk?()dQw081H>)=U_X71dP7D{~G@J2TZ0 z&8mcGN87vLj=?5UTw^m%5udm=gxCfIqJ9NbdK{)iwlt;E2p+NX9Ak_?ZzRZIf1hv` z`AGXuZ7mbAXTHd31-5p>c!bszOU_M$Q$*1AzzpAnpygVZtlb`yAP9hC^axr%t?%H; zzylOup1!)r6lo|qMZbFZK+shftbSw}Mz=q?h$!Ha0|=B~hqlZxCogzQQT%Glye^%o zEEkykP}L77=xcV>1uvSCfHfq~G-0W@V)5Y9O99}Y2h*xz&kxfbImfTx#x>%NM)k#p zF;PGwzFBBvXg{1LBD>gxRe}KN4}fB;R3YE-tR;=YlGZHr38X8lL!1qeFn?nG#4VTl zxt{M_M_UP$^;aq^SD6;$N_T-_D&1#`t++7OSNirST<_*;)KMSbHV4iy{|DxL{Rqn+ zndURX+1jvk`of}z6A1$?ivuS7mJ4H)Acv*SG1dJ5PU#u{C!3&ZTy(nKYga~{`c#)` zzmy*|85^Fi`qtBZD6}I$i-C2f`%gi10D$R4%~rf)`?*=4$RMk>ZBsE$5KaWv8OA|s zN605=fHM-%hTZ5Y2r{6E#7W)}$$zafoFVjO4yR%H5n~enq}f0v02AAoM)7qK;UDHO z$)sLnn>nM2djzdVq{YOKLI1K@`?WV%9Yf&MBBW<{tTI5%98GvDQz9AsxA8!xa!vN> zUcyR7v-<83NGF-&+&aSIm3yG|{OhUp$klAe9;h2$G6MRq1RP}S>__QwAZ6MtJw*R* z>a)f)QaX=)%c}ksymdZ+Op0@5sXKfEY{&@iY_lX;v0tJCO)2YYE^qDko~tCJKTWCn z9Wc-IL8k3iB5%>MSM{O(&hgM9PG5d&_qS$}YlZ`iQ`wrws{+tqE?Me^Kih$wtn73m z?Rz%*P+FPxu!(l4f4$yhG6M>%PGyrZPzJD)sO`My?)~Xn{8oTvvCMZKk#&dF;WcPUsOz940?cf;g+M1eke4b4u3LfC5c+zLh z12s_!Ai3qe{j;daQpj9b;~sA_+#ycbo6bkR--9v$f`;cwQ5c?e%0)i&m4`=UEdF-P z)^g-b+lr%e6aWCCtIDWza2gT=UF@@fbCc$n#B16Y@&b2Aal+iaA5enGiY^QRG@8sF zcH#PJM_?P1_)->$&p^5V<8H;mZa>{o5So!oD33qX|FK!Bs6s;rIH!3b@chZm0^!HxF$G%_XmGUL#Pzb(Xk*um*e z`cb}HRlFy@1Tfw$X;GXQhpjMKFDTz9Hb~7&ECeziA-sdE2PMnypvU#c&!?{Lb(SU< zdUYY)aM0i$C+7@@DF1xHN}tO5mkx1^o_gh}Ly*YXh$iU2YT@9>nPL-KD4=q`Fw;Mf z7}_x(y8Tr!T|MKz;IxlHX9G$vxS1_n`HXo&(T!&&tQ3TPb)1xrcVDth$Ht51QKQi_|6)4!&Bv zHXg7wt^C*NW{^=wXO=`l;J?pA*?z7*&hL68v8tQ+jzP+%#1$&tlRJ(K@6p>58J-t< zh`LBwjWTi%@Y~+h9SejkZ$>iGD6PvwKEEgQOGGRntK9H+D$LrpVMV6nli&Z~Zka$% zUWv#@Rjs#hJVIuFk2fGTw_#N-l4u8=U6bC4*_E=}MV1}X8`s?x~TuAF13`Gk53!Ksc%xJ<1(HPUk} zKJQ7ildZsIAF>71Y*wG8%ssSw4ZSsVw$~H=GS^$ViTr0fHYggGq1CTEPa|HZ4PBG3 z>0}?TK`)IwnB{Lhd**(m)D&tqg7WdQp?Mz7j_%@RIC*N{qkQnQyshB& zWA~|N81CLt-jTEJiResJ{09QHlbHl`7HThyE&NMQBZMN_mP|ZN4b!fr8d&x8eGGDc zg)RghFQ@iAO5&$CLA$SzxT<89#hcdun8xn?L$w71YWHKiR!lRL>@DHb;WWuVy||>& zgo#DPZ*?H2x9LuKGgPMlC7;V==Oajvvc%AcM7=AH{PhqMiGKdyH|Kcvd-z0hSC?(a zX8=FQ`|GD$5N|SXziG9(gqzuZQe{R!V4LYBQxn@QowZ-}9**>@uoL~h6Z76rN&8b* zXknM0`d^{BU-t9+t|bRvr5)*@^tiV%*EitTAjHWW+=8* zL$z|*dz#A&c+YY4P6CaWs&ulqzzORyiTAHv-_bri^DI3Ik1g^68*SMqIi4*Z$UYDo z{r<^F=cw9S#^tSv5oQx^oc(xx5;&IY{`$Z3T5+rNfmvBLSdXx?p8mc+M^I F{{SWx0I2`~ literal 0 HcmV?d00001 diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/misc/IntegrationTest.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/misc/IntegrationTest.java new file mode 100644 index 0000000000..2cf74438df --- /dev/null +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/misc/IntegrationTest.java @@ -0,0 +1,19 @@ +package org.openintegrationengine.tlsmanager.server.misc; + +import org.junit.jupiter.api.Tag; +import org.junit.jupiter.api.Test; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target({ + ElementType.TYPE, + ElementType.METHOD +}) +@Retention(RetentionPolicy.RUNTIME) +@Test +@Tag("integrationTest") // Used for separating tests +public @interface IntegrationTest { +} diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/misc/UnitTest.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/misc/UnitTest.java new file mode 100644 index 0000000000..8dba06846c --- /dev/null +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/misc/UnitTest.java @@ -0,0 +1,19 @@ +package org.openintegrationengine.tlsmanager.server.misc; + +import org.junit.jupiter.api.Tag; +import org.junit.jupiter.api.Test; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target({ + ElementType.TYPE, + ElementType.METHOD +}) +@Retention(RetentionPolicy.RUNTIME) +@Test +@Tag("unitTest") // Used for separating tests +public @interface UnitTest { +} From 566979643444dda91bba172985480c45577db134 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 29 Sep 2025 22:15:18 +0300 Subject: [PATCH 057/360] Some prerequisites to make classes more testable --- .../server/backend/FileTrustStoreBackend.java | 20 ++++++--- .../server/util/MockDestinationConnector.java | 44 +++++++++++++++++++ .../properties/HttpConnectorProperties.java | 2 +- 3 files changed, 58 insertions(+), 8 deletions(-) create mode 100644 server/src/test/java/org/openintegrationengine/tlsmanager/server/util/MockDestinationConnector.java diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java index 73c77e7f9e..1da486ada2 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java @@ -38,7 +38,17 @@ public class FileTrustStoreBackend implements TrustStoreBackend { private char[] storepass; public FileTrustStoreBackend(String keystorePath) { + this(keystorePath, System.getenv(TLSPluginConstants.ENV_PERSISTENCE_FS_STOREPASS)); + } + + public FileTrustStoreBackend(String keystorePath, String storePass) { this.keystorePath = Paths.get(keystorePath); + + if (storePass == null) { + throw new IllegalStateException("TrustStore password not set"); + } + + this.storepass = storePass.toCharArray(); } @Override @@ -60,13 +70,6 @@ public boolean persist(byte[] keystore) { @Override public void init() { - var envStorepass = System.getenv(TLSPluginConstants.ENV_PERSISTENCE_FS_STOREPASS); - if (envStorepass == null) { - throw new IllegalStateException("TrustStore password not set"); - } - - storepass = envStorepass.toCharArray(); - if (Files.exists(keystorePath)) { log.debug("Using existing keystore at {}", keystorePath); return; @@ -99,6 +102,9 @@ public byte[] load() { @Override public char[] loadPassword() { + if (storepass == null) { + throw new IllegalStateException("Store password not set"); + } return storepass; } } diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/util/MockDestinationConnector.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/util/MockDestinationConnector.java new file mode 100644 index 0000000000..ce92cd970e --- /dev/null +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/util/MockDestinationConnector.java @@ -0,0 +1,44 @@ +package org.openintegrationengine.tlsmanager.server.util; + +import com.mirth.connect.donkey.model.channel.ConnectorProperties; +import com.mirth.connect.donkey.model.message.ConnectorMessage; +import com.mirth.connect.donkey.model.message.Response; +import com.mirth.connect.donkey.server.ConnectorTaskException; +import com.mirth.connect.donkey.server.channel.DestinationConnector; + +public class MockDestinationConnector extends DestinationConnector { + @Override + public void replaceConnectorProperties(ConnectorProperties connectorProperties, ConnectorMessage connectorMessage) { + + } + + @Override + public Response send(ConnectorProperties connectorProperties, ConnectorMessage connectorMessage) throws InterruptedException { + return null; + } + + @Override + public void onDeploy() throws ConnectorTaskException { + + } + + @Override + public void onUndeploy() throws ConnectorTaskException { + + } + + @Override + public void onStart() throws ConnectorTaskException { + + } + + @Override + public void onStop() throws ConnectorTaskException { + + } + + @Override + public void onHalt() throws ConnectorTaskException { + + } +} diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/HttpConnectorProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/HttpConnectorProperties.java index e532d5b6b9..27418f7c45 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/HttpConnectorProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/HttpConnectorProperties.java @@ -71,7 +71,7 @@ public HttpConnectorProperties() { usedCiphers = Collections.emptySet(); isHostnameVerificationEnabled = true; - clientCertificateAlias = ""; + clientCertificateAlias = null; } public HttpConnectorProperties(HttpConnectorProperties props) { From 21d4937ed2cad115d9a81424d1512ab12ca2500e Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 29 Sep 2025 22:16:56 +0300 Subject: [PATCH 058/360] Sample tests --- server/pom.xml | 7 + .../tlsmanager/server/MiscTests.java | 154 +++++++++--------- 2 files changed, 82 insertions(+), 79 deletions(-) diff --git a/server/pom.xml b/server/pom.xml index ddeac78c48..0746fe9282 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -101,5 +101,12 @@ 2.17.2 test + + + javax.activation + javax.activation-api + 1.2.0 + test + diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java index 4099fa11eb..78790d18ae 100644 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java @@ -2,13 +2,21 @@ import com.mirth.connect.connectors.http.HttpDispatcher; import com.mirth.connect.donkey.server.channel.DestinationConnector; +import com.mirth.connect.server.controllers.ConfigurationController; import com.mirth.connect.util.MirthSSLUtil; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.MockedStatic; import org.mockito.junit.jupiter.MockitoExtension; import org.openintegrationengine.tlsmanager.server.backend.FileTrustStoreBackend; import org.openintegrationengine.tlsmanager.server.backend.SystemTrustStoreBackend; +import org.openintegrationengine.tlsmanager.server.misc.IntegrationTest; +import org.openintegrationengine.tlsmanager.server.misc.UnitTest; import org.openintegrationengine.tlsmanager.server.util.ConnectionUtils; import org.openintegrationengine.tlsmanager.server.util.MockConfigurationController; +import org.openintegrationengine.tlsmanager.server.util.MockDestinationConnector; +import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; import org.openintegrationengine.tlsmanager.shared.properties.HttpConnectorProperties; @@ -18,8 +26,10 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.cert.CertPathValidatorException; import java.security.cert.CertificateException; +import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.mockito.ArgumentMatchers.anyBoolean; import static org.mockito.ArgumentMatchers.anySet; @@ -31,37 +41,54 @@ @ExtendWith(MockitoExtension.class) public class MiscTests { - //@Test - public void asi() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException { + private ConfigurationController configurationController; + private CertificateService certificateService; - var configurationController = mock(MockConfigurationController.class); - var certificateService = mock(CertificateService.class); + private MockedStatic mirthSSLUtil; - var connector = new HttpDispatcher(); + @BeforeEach + void setup() { + // Nasty + mirthSSLUtil = mockStatic(MirthSSLUtil.class); + mirthSSLUtil + .when(MirthSSLUtil::getSupportedHttpsProtocols) + .thenReturn(protocols()); + mirthSSLUtil + .when(MirthSSLUtil::getSupportedHttpsCipherSuites) + .thenReturn(cipherSuites()); - var trustStoreBackend = new FileTrustStoreBackend("/home/kaurpalang/IdeaProjects/plugin-ssl-manager/docker/certs/truststore.p12"); - var trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); + + configurationController = mock(MockConfigurationController.class); + when(configurationController.getHttpsServerProtocols()).thenReturn(protocols()); + when(configurationController.getHttpsCipherSuites()).thenReturn(cipherSuites()); + + } + + @AfterEach + public void tearDown() { + mirthSSLUtil.close(); + } + + @IntegrationTest + public void asi() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException { + var connector = new MockDestinationConnector(); + + var trustStoreBackend = new FileTrustStoreBackend( + "/path/to/truststore.p12", // TODO Commit a known-good truststore + "changeit" + ); + var trustStore = KeyStore.getInstance(TLSPluginConstants.PKCS12); try (var bais = new ByteArrayInputStream(trustStoreBackend.load())) { trustStore.load(bais, trustStoreBackend.loadPassword()); } - when( - certificateService.getTrustStoreFromProperties(anyBoolean(), anySet(), isA(DestinationConnector.class)) - ).thenReturn( - trustStore - ); + certificateService = mock(CertificateService.class); when( - configurationController.getHttpsServerProtocols() + certificateService.getTrustStoreFromProperties(anyBoolean(), anySet(), isA(MockDestinationConnector.class)) ).thenReturn( - protocols() - ); - - when( - configurationController.getHttpsCipherSuites() - ).thenReturn( - cipherSuites() + trustStore ); var socketFactoryService = new SocketFactoryService( @@ -73,35 +100,26 @@ public void asi() throws IOException, KeyStoreException, CertificateException, N connectorProperties.setCrlMode(RevocationMode.DISABLED); connectorProperties.setOscpMode(RevocationMode.DISABLED); - try (var mirthSSlUtil = mockStatic(MirthSSLUtil.class)) { - mirthSSlUtil - .when(MirthSSLUtil::getSupportedHttpsProtocols) - .thenReturn(protocols()); - - mirthSSlUtil - .when(MirthSSLUtil::getSupportedHttpsCipherSuites) - .thenReturn(cipherSuites()); - - var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, connectorProperties); - - var exception = assertThrows(SSLHandshakeException.class, () -> { - var connectionResult = ConnectionUtils.thing( - socketFactory, - "valid.crl.caddy", - 9443, - 2_000, - null, - 0 - ); - }); - } + var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, connectorProperties); + + var exception = assertThrows(SSLHandshakeException.class, () -> ConnectionUtils.thing( + socketFactory, + "valid.crl.caddy", + 9443, + 1_000, + null, + 0 + )); + + assertEquals( + CertPathValidatorException.class, + exception.getCause().getCause().getClass() + ); } - //@Test + @UnitTest public void test_SSLHandShakeException() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException { - var configurationController = mock(MockConfigurationController.class); - var certificateService = mock(CertificateService.class); var connector = new HttpDispatcher(); var trustStoreBackend = new SystemTrustStoreBackend(); @@ -117,18 +135,6 @@ public void test_SSLHandShakeException() throws IOException, KeyStoreException, trustStore ); - when( - configurationController.getHttpsServerProtocols() - ).thenReturn( - protocols() - ); - - when( - configurationController.getHttpsCipherSuites() - ).thenReturn( - cipherSuites() - ); - var socketFactoryService = new SocketFactoryService( configurationController, certificateService @@ -136,28 +142,18 @@ public void test_SSLHandShakeException() throws IOException, KeyStoreException, var connectorProperties = new HttpConnectorProperties(); - try (var mirthSSlUtil = mockStatic(MirthSSLUtil.class)) { - mirthSSlUtil - .when(MirthSSLUtil::getSupportedHttpsProtocols) - .thenReturn(protocols()); - - mirthSSlUtil - .when(MirthSSLUtil::getSupportedHttpsCipherSuites) - .thenReturn(cipherSuites()); - - var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, connectorProperties); - - var exception = assertThrows(SSLHandshakeException.class, () -> { - var connectionResult = ConnectionUtils.thing( - socketFactory, - "valid.crl.caddy", - 9443, - 2_000, - null, - 0 - ); - }); - } + var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, connectorProperties); + + var exception = assertThrows(SSLHandshakeException.class, () -> { + var connectionResult = ConnectionUtils.thing( + socketFactory, + "valid.crl.caddy", + 9443, + 2_000, + null, + 0 + ); + }); } private static String[] protocols() { From a51ba210877618c009c7f551cdd503f157e97104 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 29 Sep 2025 22:17:41 +0300 Subject: [PATCH 059/360] Initial setup for TLS on TCP --- .../tlsmanager/server/TLSServicePlugin.java | 7 +++++++ .../server/connectorconfig/TLSTcpConfiguration.java | 6 ++++++ 2 files changed, 13 insertions(+) create mode 100644 server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java index 19e03a0797..170553412c 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java @@ -19,6 +19,7 @@ import com.kaurpalang.mirth.annotationsplugin.annotation.MirthServerClass; import lombok.Getter; import org.openintegrationengine.tlsmanager.server.connectorconfig.TLSHttpConfiguration; +import org.openintegrationengine.tlsmanager.server.connectorconfig.TLSTcpConfiguration; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import com.mirth.connect.model.ExtensionPermission; import com.mirth.connect.plugins.ServicePlugin; @@ -54,6 +55,12 @@ public void init(Properties properties) { TLSHttpConfiguration.class.getCanonicalName() ); + configurationController.saveProperty( + "TCP", + "tcpConfigurationClass", + TLSTcpConfiguration.class.getCanonicalName() + ); + SerializationController.registerSerializableClasses(); } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java new file mode 100644 index 0000000000..5e913d2beb --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java @@ -0,0 +1,6 @@ +package org.openintegrationengine.tlsmanager.server.connectorconfig; + +import com.mirth.connect.connectors.tcp.DefaultTcpConfiguration; + +public class TLSTcpConfiguration extends DefaultTcpConfiguration { +} From 4aff50b1d005ed15c3f6b210f5a1b5d9f1d0a0aa Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 29 Sep 2025 22:29:11 +0300 Subject: [PATCH 060/360] Add unit-testing steps --- README.md | 11 ++++++++--- .../intellij_unit_test_run_configuration.png | Bin 0 -> 97742 bytes 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 docs/images/intellij_unit_test_run_configuration.png diff --git a/README.md b/README.md index a6c73e1807..3c4857acc9 100644 --- a/README.md +++ b/README.md @@ -32,11 +32,16 @@ Run `./build.sh`. ## Testing -Start the `docker/compose.yaml`. -```sh -docker compose up -d +### Unit-testing + +Simply run from commandline with +```shell +mvn test -Dgroups=unitTest ``` +Or via IntelliJ +![IntellJ run configuration for unit tests](./docs/images/intellij_unit_test_run_configuration.png) + ### Integration testing Integration testing is built into the included JUnit test-suite. All integration tests are tagged with `integrationTest`. diff --git a/docs/images/intellij_unit_test_run_configuration.png b/docs/images/intellij_unit_test_run_configuration.png new file mode 100644 index 0000000000000000000000000000000000000000..c486c5e371a00f782caf372523ffe4a749320ffd GIT binary patch literal 97742 zcmbrlbySo8`v;5xDhh~5cPL7V_ z5C5Nk7}LnymANCkIY-@-M&$1bA19C<*yp*Em+NbqXWk%b&DS>G4gwlrkiCUkl>2k1x;22x@b^;^lPmh?xgiZW#E1MLu|YtdjuE#@3jxcc3ym#HA=t=kM4%lA@hU5s`00cZ8y(|9l=&S z{QD1HN$hSz*8bp5DgAL!T+B_Q8hFH4smA(Kb;k_0TqpGJQ#HR_a`T=6FH)yWn%282 z-=Qi#l&KPPx$wY>-d4`(Q@%19eG*rV+N%Q)Zx6lYY>@ICg7@VfS9tTT+8cDeg)nK_O zKE=TR=^o`%9)29$GVb#FhX=b!PSiZAuc z_Ibc;n-sHfh$>;2&GDmLV5td<0#p zY^+MSJ$Y;avG9mg8)NNJ%m2sTk8qI*Ew37!-+*72;DMP+LshU5`C)d8m`&qWo%sZ6 zz7|}yFep-GAXI-!H+POE{clZAUW-E!alV8KA~r2B`J;67xF)~sU_iuJP*mr%jm5_$ z?Ht*z9MMxn$wVW4bjPv-WxpyRQ&5k_XG3Rd0{%UrGd%SA_SHRR)0v-81Ux)Fr6M1JVXkF?&G_a8M!3+d z3wALLSL?Rb>(S>EQy-uw^CZFPr%I{q6@<=3#QFN^qjt#OPSzzORZOG&E ztfwwx;*}pO3aT{uc{1St-%2y4u{P%hIba}}e8pA@(E?5jmicUvUq zWqivQdxQgkQ~*B#n9^5BQd{$$PYi$vDA4Vnmxsb6QcSO0OVHQ`oNl-CUrorE3tDoG z?cDCdw4{9%seN?Zj^N+L1M(vyu;aQaew&M4536E^d=th-RFEOl=(oT9pe=bW_^#es zo^=t*=#>w_Vt9ZtvI=7sSn}k2I=34(waiy2+2hJT0w?Nje0s8@tnIS^!h#Mb zAmmBrN*nZe`~>ykMFj`Kgst@EVpmE^q8)qMCJ$U30Mcs8JC{cy)^<2_9=)8JA)8<; z9Z5IgepE%r>kOv_o?4mzGb4HvcwkesJ2C+22U(Q|6O=zLbv7#askZd+H9mZ)e?Qqc zpc_)A30as>Kv}p%U|#iCcDP~D2@bp%1ZVZBpUC~^J01jIE3ezhCPjzBWY*YZsZak7 zV4{Vsx?(pq#~2UmDiO^h;-a84z;ArtVjLPDAji;%>P!d-fJdl;;nVm5H@KN79zj*J zZx?PbFYxsET^r16A91k+@|DiTb5I2YkWWs*xtMC8#3!5Malib?9&Y%`)!Gg|xMH%g zW4H3lk0kVXEULGXx;u&g-B?q#0y_+C0dvc7iQrWvteQobPW|&Mh2n>&9zC<+*%ciu z$_*_^$BTmwf~ihKxLd)iN%=dv7H6FSfUVZ9BA}YUq7FW61F#^`jxB94p4AOK|I)Fs zi&$BYAPsay0f>~Tttrp`%I4KrUZ||_B%+6EO%N9Fsb75njzPZn?t{dY1W=>{6-u2vIejrRWr~&ZHEf%MgSDpA!uVP zsV6fA0nN09F)E{|mgGx1RpY^T8?G5BFbR)h0T7fRzq`Vc6Gv%0vJWClSL4w7NT6S9|!&;`kkJP zmTRT&;}q6kJV#B&cSd3%=<(8?IaVJ$55AI!szMIbcErO5V1L#E%#xqJ=~mXR@q^!= zEay-};U{M>7P)l*aIoa}8PS=#YB%_*p97YYss>a2Cfom=yFBwnZEo1W1i*fZ59P@DU#k^i{m#m{W}-FQhqu z8si2s0T+1Jd6v@&caVCUi}$txrvDe921TB|*Y1lewu1KkHHms983=j`0SR=&>btRj zsI8xK1;((*;?N^kK;9XC0S>Ne>9XLhXdPR=R@AngpjDjr)Vu7{qcXN%AUoZMUbE^CEXr9Z3A2!2Dbz8hhxRg6K+?#<0f^G>8 zflK1SF+kg5bPR`WtV;DI>oF_){s{&C6eSxFskt}ksrkJ36?k1ot`CB0(hi;dZV*=s zbF1#WdS4s-LjQ!3WSzV)k;h>bs-jc#s>aQ<=6??CSi8psIJ_{j&RGM&OtmkL22@io1<{Xq!rS z3NChfYbt&P$^%3#rn`WFHUptPQ+oezar!THi=|HEo9W$=RE@^&|M4w6TQmB|K3^7^ zeGcCQxe+2u;K7t3b2(n}D618zLJmx@O9PW2_ zimma(Pixrt2J_)a7xu}+j9dtng8ip*rn75BZ^P8Zm0TdYHER7 z&2#bl?7*=-*GfgWPlbYeH#zW{mAUFNG?-R)&BYW*tdtxLNcb~Q6oO%_@rcP`IFrNa z({5SHN_EFa;P!g6630HmAQoRO|@ZlUDWx=z{L?jt;J_oGY8=I;Wuk_ zn?paSB-+iF;~{HLXq4eTPhRM6l)rvd15N4Q*PrC37gT>yt7gxR{MO`mc4R<2@^k7u zlU-tZvbMcI-oZU(!NWTm$gtR^c$rfJnMlkWIMe7iw}Ffs@E>s%sf*JitD$iKs#}ZQ zjh=B9Q)<#r=B@@i)HrP4 zmKjL=@;?zOJ$p6wIP%+CK7A6Rt6ZVb4eg{b&TuBev_l|U(=(;J`Td$P{-Ni1SF5Um z-%@7Gu*60*V1U+P%2;Evp|GTO*K_2B(PpnWe1m!==H%!G1*z@Mz~Hr?A|oH{@&K0Z z@E!GqllJf0Z{N!ICkom(k(3q9eB^`c$YS~`YaGCGjO*P14)D<-|L4NO2}2>Fs<#ua z!w+4nckF;upqz5i>WQKhqPv`Zp3`Wi{uEkf<#_}EN|v#;H(!Z$165iKavO>HHY))^ z33~X4H3nZ~!Jr)78hi*7T)lK6Gh8}z$iM5p;bocxwS!waJRawbEc|YGdwXBul8dB} zv6#uHnwkeOZity^9lkoIH|gnYy`yFG6i$B6lTfDNp`imXtg2~yN_I+tB4uJ?;=B0v z@M451+`p`%!kT>2Lf8~7z(?>COkg|w>a)R?e|hRo;EutpJM3?KftxV3;+Cu5!R{MzE4u2xUw=SEQame6B9&ul!pv=!(1F#T(tu+$r84 zxd1^=D0DR_f6uR`mK4520O=ORaZzzTbdSPrEpng>#4$cC(D;2Wfc0aFyN2^&8hsLe zbk;02J$-0={6{pa_{FgMqkKX_L;NG7qgBIeuNDVTz_ z1g_4lfLmxy_#qjpr5TfzrZNrYEtT#w@R9h z;6{Mux|FP~K3v^8oT<{c=Nhn9S37~Pi@4r$LEu`{1|^sORi#Z~+6YWveMy8W%P}>O zlhb_jN&lU@nwp(@WwTqrh7D|x(O(Jd&cYO_mk$i`q0v5gSJlYe=Nwfk8WFb23}K}e zjUOno;`*T4FU|1?t1@14fKWq~0dm{k@Vi~hlS8|1-2^25nI=uNvNOs0APkmN3uRSD$@sP)3??cmZx2dKOZ?NE1 z#t7qjPuAeT4d(p)L(=2s#ddQ2e_C2o-l+1X-O24Lq#0AV=k$nCVqPAD zrn-)klhYK0K+TtBv&E$wQ-e=PepS`ge>nv<<(vD=L=jHNBC@lAp@+v_qQ!Zh*A$QE zO$1tYe|I?)*r0e31j`fOc=r6jYj3Lc)zdQaVc|X&C+yN{htFXe4$EEaRVWM;SEVbx zFnbb^A4r}IO%m4LSQ6#0;a8trq4lL$N_%WbGcMLUf@IYyJw)rUy0YzvD$3bN^1;bhy?yx)xDp#q!qT zNHQfdQj@TIn5AT`a!9NdEePNu==r>57FMtx>b%4QSt#LAS#mu4mZmtbYVA=3u}p%D z^#NN1;`D6c=o!D=!0vd?j`tshXo_YP;#kFvJm&;;HgYaY;fdAy>+Ux?^noBuhGpQu znFyZme(VoV0nyHZnv02Pv|+Wwqse!%vBe7<{6Edo{j&$W?%;0&nl^ntCdFn|9+W~FU+ z4Tg7vMA@6&h1|Mr+zh(F?lM|-#%iw3tUH#k3!mfG8_J}vt;A#B6`j_9v>{BMc7T(Q zmc(Cf%pA%_X$nbLR)#3f1Vm8CaqtrNHq0(=WNgN6aN)+g4(nseBzL~0;tvd_xTdC` z5y>rM!-B|eq7C+&6U@%ZDJd^sk`4}xr0h;dl=b(Mn;Z$ZvYW|!oPSl(-Oohb{b&Pc zb}WlK2bBD}z3m0c3lbGKs`yx0$@~U<0?g^{6{Ar*UNltTRO_GWGHinH?z5l#H<2x` zDa1^*Q+29$;BstM*8qW}BKV;fjkB^O%n`YhlapkMrsk-R1#Qdp#ouCZoUbZK-D)fy zZ!`J>yt*JS`n#vd; z#jj;QI6X9UU*OvsjuhF!v@}7mbmfO}D%b3kdZoR1L8Y7SO>ol&lDz-x*K@VwyDH`+83Zc@76 zQ%$Z%Vguf=Mn^NIeeWY;!r${3E;9kR6J46(Dc||ps5WR?Y7*By7tp3O`!@F5nm8G+ z$0>stV7gnZ#!%~)qv-54$_UGSoTqMv3n<%D+k~Z$Mb+AZHXUu@UFD{~dZMrX%+&Tb z%p_W+sPY;@zcE{W+qsbN>%d$6H#MP~b#!%IgfpqNcd_SVbP56<85**Dx4Ihq2xYo* zoekP#dA4ST`}@GSj4cPi^E`imQeXb^B31COzqf0pW*8;rr0Cw^SlF=SBN)4~v9Uop zn7E#IX3HZ|mzdhwdKz)WzsJ{Hv5C>aR2(-VFT4D z9X{BQJ`1xk96);424y|R-4g)p)$}TFZIO*a;mJ0UYd>8`n za22B_(A9L_*>vcTO2lq8_azRQ>Y$zDdn;O-wW}!|wZ1;qgbC3ZaZo%p850=aj8`wI zF=o4@VY|ZQ_-B5UfA6M2e!towaoGCy*50cA%P%`COdVgvI`c$B)6|F z&PtSDDKxjFqy#19(CGgh0)H~KBVz0nQYHLa?y`kReXQ*e#&E1+4Ql=%*&MfM8|yN8^z_Hq$?0as75 zWLVzZ(9NjqfMRP;$kQ!7xM2H$HtPt!{z&E=n)2OO)csu}cu>nj&+=iL{70J&E=s@O zP;N`y5&!~o^hEVU6h$L$=%(K#MDXvg`VkV-)3u>c1;Pp5^)DkK-+vngcG`~W6nvW~ zVwng;n$vKoI*X{!f@jJ56-_#{`}-2c4Y5=o6rjc*VZ592#6{JlH_o4z~;*0HX{|Ko&0f+XyNQj(2pNw4C*L!ohC%Z(I6b~ z_D+~%R9nOBAvKcnqoo>aj(_6nc1BIHt)ebs7hga&--!DK%sdNnw(vnYGBf`HCOvr9 zc;dysJENL6HtQRcRvKOJc3}Sa5a<1CO!0}ic}FR{wI_4%6VV)a>HJw9&yBZ7Ysr1Y z+kfK@fq#IS3_me8?i!mt&KM5f;bxOE`IRqAJ?UBggJDevTQPeSwP@X!5R%)ladX4< zH?6H3*RY^!c|+-aUIqpRmECsT{>*(r8jQ*z54GZAl|H68IXgS=E%d=(HMsg6R?Zge zpZTN{M=fa91XU&T64drnPta?7-WP|bgBubS7OtU{adH){_+G@JQrY6Jk%h*_n!MG>S$k@X*}Xj@=(>?iY7dhnb-II$Bpy;Y!YTaBKQLzYirZd zjL6GhYSjsbtl8b53*QbX6QR~Ff;RN;mPX;Po z{Y*B&FFwJ|sl1*)dwa?cQ?PoQ+HMW9J*unxTP+?AO+LS9Oa(0o?KNx%*0z^8WstS? znX}E+gxps(wFBa7k@8I2Q)%?}DQ%0aKE4AvakTKdW?y;H+=?W?`d5(~osm{=+=fYh z!M|EoH*W@udB62qKKtiavC_(w>|v|+jRX$W4IqMd(m%AkZibfnZV|5M&pQ(ZL$eNt zRqlVddbnDxXseyD5W$b1ETOdjE!~VPgEcfXgmK;R^K+IwZEnNsRl`&W=RjD!{B?n$ zi*i@1Detlz4G|!UFO%uMiOlSAnGw&wt~&Dk8{i+D0Yq7&@>tg8X!|pp$Kz;8(R2`x z7YmoqBxWS{su{1e5a^#2Bk&sU7jKY9tre_a8+ujxND&>H~6D;4R6&e$l)bk^gJOD_yLtR7k6= zRCXZz?S$hU6nb)TQ3;D~Vo~H~1OdoRoa?O3BhTG&xk`%ohw`={TUih)pv*-=iQzm1 z%h_nMwA&(RNcE!9_kS@j0N7+pKgU+q;vQ^X#SJF@-z-3Fix0DvhZ~!uHKv0K{cT6G ziof*4PY@>NgI0$6yfvs`xG@;e`kCCId}fsOxTbs{JhVDfMs{|-)6HVjVmL*Q_E5xE zhLoG)*ga6&JWe7{n&m3~a+S#3)Xz6C?Ylhyu+z%bs9-tMvSH)_bCxe`5zq{fcvV_@ z?G!~*5VCLPlwm{O3^grxj$g&U;oY4iFYu_p{M$=3{BECrN0Hhe2qdO}rSz-Y+=!#E zHeAJ??+X#Ls)ra)!OFO}BJAR5+3+cRQG5rrrBXeC`Jme{`Ftb!2TQaf z#y~`5qfpGj#HX1@#qB?{8P22Z4Q@tjEo}`3s4L z!e>MUnVWY^{SV*ydH_qP{Xg4^X13xFRu+YGP0+)=Q(lEO-Afe*EZwmH`+j3A78>6n z&d6&EBB>S?XVX_&yrYDyQoBUno~v~o@j&o63==GZ_|CMS1PAtsnGI2FN6KN^4xMv%VvMC7KLDYpg08r z0zNi5LH4hnYM~SSpAIfoch|T)L3T}`th?PdJDU+OJ%gDqGD+-a7D0;`)pfFb zq*Rs~MM|oX_zc)&!71l>hmZ@AViDD+CYFUAX4E3$d&s`Z)`rIQjO#v`ru_Q>ey`f@@4OU;;dc7nT`D;9{0I3M+ajB_u(4#$zd5@ubw*P#GZyxkN{K5u>Tzl_ z9LsH0G2nJs6o)2jFO|s#4^Yd)zN38-@ixs({oGF4*5=O!-($jm*eJCXwJnz3YWQ*qerovkfdh?gl-IZcz*BywNNqZZ$!3_8RS&hiU+=C$( z83@rWB_ZBOtZrZe3&L59uT1zR%S8v?75eOyqP!qz$ z4E3LkKBk6-vQ$YvWa%FKIqqoiKYd1++h)ta{iMliAS20foZ489Uf3(qtIGH~x5o13 z86MfS+SORqEG^{fpW=dA4RfjfPpa`b6>9O4oT%RzYWPwgu#B8t7v*8B4$#6(i#+=$ z76lV%`LZi4Zq-*Mpc8bbuFL;96>Hzjy$D39^+bK!g~Y$+AC?4xVOwGi1wjYK`l>r3 zz^T_33B$t&2am!gC%KlFmm@WW9;y}~+{f#MPKTdFoEAzHr=6ce+_vUtu7AUk$Hnbq zL`4OAT*X9U0^4~l!1tTL$yqoJ%Rm|%McMlw5_uneZD>&L=G|1eYzaW;Kgy;WP%^a| zQ9E8c1@v3FsVqLQP@+9DFRfy813_p@-y5U)TKBe#%V28OrjV z{8NKz@&ib=bu00Tc#JNGtn+!@^l};#ZhAb2Rm!}^rHGEyGAWmY(}66Jx8{}&Be|8M zjQlIqrXiw3a2a=74@vA@6pQH7 zrxuL&jEzg=xeFQ&{OM!pZ(9!g=Q2XvEdB1lpNt>r5>6HYy4CEJ9KTKx#i?e@z|uBdQJkGffkv`P4L}ZyeTrF z7nW~T(68AIqSB!(NHtHYpV}P9B~TH$)=%%>x8pDP)sjjD zIbhL-2C5|*I4hE&`Vy+xNA~VDf*hN6!qmIMJ|pO!Sm#f{P#XRmeJ-Z91PB3%IhBc5 zin(F-PO&TkxfBcxE>4l8uRnvor~lD>TY>~%IqAz9g&)O!YjB2kfLmiNC4Ffi<-W@Ip5p<8ug z{$rU-7t%cbvCB3tu+GwYjuqLJGj=18!eUm#vciU(0N{fxu;_6~slfMstDZm+A?~;L z1ll5#K9zj^YB!L5_r4%yPD1ExV)8WsQN;{qVV!E5{b%xQng>Y7ozF(iPNSco5*BLy z-<~F3Y~_6*1ZVkuGf4$*23PEyQJ8IWM5S0H|5m-OY1i@Ol~Ux_uaCZpiT`?Xm09N9 z{r{-HQme4f-`o>bC50$4<_6i`Mdpyn`a#Xo7tIR@N7RFCYAg{6rQ96%fDpUUl_X*% zHK|ID?U!&K8y&Z1W_B`cM1)iSq=s@zifOY`6(P408$=$z?p9&2UHmsd%GFcn+xl%M zP~JK0%t;n(7teb=ghxKO{@p6^&6=X{(Cpvb1JNVC_Iuf^;7@tceIaSJBs0S@#S6+9 zRQ2h&VB`Zidvm9;ObhSg<^)ql%>qcu0}yh@enmEk9iN6xOL1DaO*r$)^pmdpzxbZq zLm1KYX zqaQhU+UpyE+J|V}Sd!g;qxxfS&AUbH5;sdw_-X)$>1a?}aL||d{Xc*Duy0e)lW&)T zgWoa54B+Z?c`34tSSOC#j-$uaE$&yVQd5q+>({T}1?ansXKsiR_ysSi^W z3=RKVNKZ=AxBib05|n$P%|4~u@Wl%a4ckv?6T(x@k7Vsf3lxyP1#%Y}z9QF3ewq)? zoY$%0fdi14)a0H-CGEZNgiAot4pT}(?f}`L7u_+I6Z|cu*RqpQhYz!sGY(e^dkV|% zOm(}wa2TO-O=x`R{w*whV((#?xZ;}H89>L~k1MCte!$K2)d6s#8*K~-rxA!R&qvF6HM&DS9 zEw;pi6htZveu7A^^%gcthW+M}4)<3pCiY0sxkX)!HQYMrVyxYmFxkc|yxAzglg>`o zv(sHWo&!BTD12M$_TN@Ieb}oPP1!P^bZRh!D?boE25baP|GXz~CCvg;@b<_FNHuV) zDV~3Yft@;Idn^Q1+L8#$x*J=Yq0)x*)`v{$94i_6*4>wPLL z;-kA#bf-FhtEyHGnb-YbfX4#ntR^YXd^T(Uy4&6K%979@7*jnxZ*y4wC%5_(@^<>u$Gr*Lf6AuETKHTZ(E@whuYy7O z^ifZdOw6vV+G`ItI$Ng3a9nXyPu$pXUVU7UHZPR6m^Pm zra^6ZU0o*kL=vVBI1geVfY-l~)Z*Se9bO`u43axIXFIXJ7`g`?m0**fEciG`d-jZW z9M69}%g=<8E-taAQGt#cjM2*%!{fg+?X~ID3KE_Q>)Zi$;=b6vvBqtTwEwxW}HD z48QE>3aeEIbI=}(z04S6Y1c8Cxk`V|<+iDz4k}^jx7Mb=aG;`;|K3$G3$Qg-l`bXu zg(h^fwQiNkfMjm|+3i@Mg)+b(p|;_P#=6`IJBIAxIww?oC zMMXZi@K!R*bLy5_E9va9a%1`XfFEj!{8dzM8G!ejeacz!-dXDj0@v1H6J z-Py35Cs(CjYiSuq1TLIRdF?lWSd4`0DfPdYdpO(Q*O)vSz-%eymr@RdMow@e#las7 zy8{#|EiwvXL%v_R^5WUcY0b>vdY(GYP`(bjr6-N9YF)KEatO^xxpJ57lo^@U7iEN@ zuL8jWE-o&&;a^-63X6-MzDi`e=cjdpfgw&#t|o}`H&1MOdyXo@nfwCHO6T5JB=eHjxkzmWV-VbwA zE#J9&&gy$C!2yf9Unl8TmVJa=YYhdBY5krzQ`jx8@b=zrWE8pc?dtKNQAIsYJ@uXK z^{%%bJV6t1j@^lZeNt@l4vs#mP2^^H#ljFI=%bpO1Zp+_SWH<^l{$&=3)4xg$C!8U z{@L~Ln+!DD-pH+BT`kG+Xn&1LI)L{nkycsd3KLM=`cKxVUadv?Q4kOE%~j@!NZO0%h29+WhT&OFM9O7 zFo|2xcIv~?T9x61AVkvp&$+0hZKkyb5-q;Wn`F$4GK%zoo8hoa`79%YnKS{6` zeX0f*wup1c(Dpn4nQj04?|SQVOhrUohXG@KZNb*Y>Mm)f>gGCui?qYriEOP;R}>c- z4CZUw_nVhP^p$;3kk9y$fbm4-fv>u|CFc-?(#rMaFehg%8h4;GWpaG2GY>?&F*nmE z8~mvy(8GtDEc9Uy4GbLG>jqQHOK7ax>trNe)x0YzvVZpM*$>V{J-_`1I?ZcZrLvz! zKG>_6ShS9f>4n)v6XO1kZ-2&UimA_kXa#kc6Y~1_)Th6fjbggIhqNoF$+rXKR(XyA za7It){6}?4w6OYKxM=#Bx0hnSw#3F@%pbdV4o-Qlck%2Dy*Be&JDa^lUf6;eEWY2A z_4DlM{G#P?=i0}@lBgo9@xsbMgD^JIW-$IK|C#Lc%_U?ZkBaNXpyZRtxJwBylVZI=^n*6 zrhaZl`pdbCv9@+2wYfgaX3IkNmhE%7Rw2W_kM8}#tcb?2xQY~mx-4*O^It8eA3wYm z6NQ>><1gkL_^4a(n%OI;!YRkYq-<;~i1=G?%Zj?#ccN#p3Bu~oQkB_Vqo=gEjIIBj z2{1c~?WDPX(Hk@xTv7JN>0z`UeJ{t94oVf$6i=^P>&h_oJ%qeT^#vjT%1{ z_pJWvEAMv>Qc_-8++saFChY%2NZvuHp3$Koh$L*XyC$EeVh+f<+1SUzM3BJ^P@@j5 zwR1~A>R~GvW`eM)lSGkzPP%VFX$9`1nzV;V5iYPUb!r(>_BK={l$Mfs&ZFkejX zx3zxFIU78z9RD2SFtZ#GO@FkiwTX4p^03x-d74{2O}?^w?n7ad_gI|Dozj{F^-3Yl zjrwDaRni&!taO6h(45)k!*^D9B4-H*huwYBiM@1R7sZmqL%Dy?P%fAK(dc-#b#3r)q@&Y zE#wpP$$}Ul%GsiaJ6I)D_jt{lDXb!9$87Z6=4kpRzFbjZvB2n;+|{HV!_Vp9g1Ur+ zBFk0N_LbsgyHAskW!FKCj5? zQDs-{H9IsCrO|wKILxiGfl~Apcun((yeB{QST!RVQoI>dn|FDTbhyA89a&}|^h@$E zWQ^~GdKp;Hb%yS*zA%E!WY4;zBvuam+X{^Cf%XkjIZuKj`X0SXQO-J&;FqJRu{vh$ zf2XeaDbNBbpKPEu?*&o`;wan8MivC7vbRXAZex9E+S5{vxOgMdJx6~nCM*7AD*Z4F ziCfvJUF!BVKR!C^DUPq~4zNiQ_-^NOJ(6PPYHXZ!@x^Pf zffPYE&J^jz z-(9;Ky}9%uC1I|C+q68Y0SXC$Pbb0*#x4%%NnYV-zI5&!pDYZ(~-@bN3tzg)=_-&|GD}-=6qZUZUKywMH;$jD5wMmRe-p=IKs+e#_~w z?|sWXx~$uhzmS%^nLL&GF>cffxwh8(-TiXHhmw*gs!(fYzYNwFoV|DJx{aF~@5F?$ z>frO=xAo1Zz|`n{93U9wcP*t*H2${GkT6%UZ#rzYcY$yi|DhSNeMYkO`6%rf_4*Vh z>w-&ByAh@_3(Zu4RN5WTSTdUC1+gd=eB*SYX;DF_?A;>s7EGf~th8?h67)eqwNaD` zST4JzZ$9-(72o|bU+A=Z=Tnn-L8Wzi>&dkOCSU|Azcs6a&U>C!0kgF3qoO--JnVZ^ zg7RG~(W!GSO>2^|Ju`66cf_Gd7Rp^s{6c?B0&3T7*iTm8PN^H`wo!socTpDX;%-E#`B7*%g>sVyosKa&`;`H>ID8=Er|*4L~;pt3R9g({!lh(0^sE?f~#|)t}iX zzm}n-yJGeJWxu5*Wkywd7tB6;MR58VcC!w_j>!YVc{b-Ui3O~W-+7cR;MnQ=Wn;wK?K?j7kCZSGa-{YuuGT;^0!YOcL?)B6gH7j`zM8JNSw zF7^0e_a@7=68s@M7=M&;){gyp^583dE%R@-eJz_BAi$c2@KyT>5<4Ut6;QXWu?9F{ z;rl`V^V&`@{$d)~qOTG>>EUR$#pYwat?>5D{$k-T!>7}AYvGAW^ew)NySe+1`S#Df zM^r^?<3ylAr~#Ob z8bvNsHGo}vHJGWiwJ9dLUi$2}{gQ&SSIeXe_l8YN%y&3*3Jz|ot2O7;yOgFz z@l-D8>o@F&j&hgMBzE%|sbZFJvva+(D*Yjq7d(2^K0P>dxBDpe9OBVZaTfm_u-p0e z!T^#t3zjH11UV)JAOCMCBB#+ngTIP)=Vz7ecN zIxq6-0lj$vgY&SJs!9`6Lk)dU1@D@* z+K^|=4}kTc~eyereKCDE_R3ncv|NC-c66^cIib2QJ!v}pmqSb}b z%iX@}s~-bE&}$Tu@(tm5ZO?8CGs^Ro0?U9#wTz?Kn_{Ilsudl$o!6^x z_im(M=mnX>VD%bQgDpu?lr#jvHtmAt*4>lDA47Hxm#|D^>i#Hi$XmF)S0pG?lO^t=?@Qs1C4&+U)Ww zzV_9YjA`*LNWj0~Jb6%|!2Z zM04Zmw}B5lN|m|BCr7EHrJXiBvjrV{(`4I>hg#>I*|sKv?PcI%?TLBub8V84&BFNC zaGZg_i77!wvthk<%mS%V!3ZQi5x5W0GhS)VYLLAD4G}V`-eULXdw57>q$`h@STA)* zORg_N`a@S!j@9*&l9E^+ne6CjPncNr9leplGS6mCsjHWU#!H5;e(-Y(TLFJ>*4m#U ziX0HUzf?xcuPjezw#SX6iYBg;4+17^CvbJ4<7Eq?7DV?b_p&io>KXvqvVl(JG*+x} zap&BEf3fKsFkLr$iYS_@{qQqk+`CNG0$i3rZSGhYJ=p&G z`K$aOcl+oP??Td(%eAFy#a1L1VCP}l1Aur8_eNa5gO$p<_UG)Op_>7ps(x(mb5>zq zPx)`=Un!Hc*Xz3%uSDix^gZGN1-zCSIM3m?F*4<~hF%=4C{j^L>`1scoXk1bw{)_I zs~RNw9YtNiv&`ff>YY~)!}6h{BKmCyTh(5_R_fji)FK8>?DwncnT;)^_`@}dC zZW7 ztF69;MQ_Qcrq;}i1b<>P>6pT_fLkBhAYX&qGq)#HyjH~fS4^^o;Av%2g?8R0ylVyw zwAG+#E7x0kv^mpuziSmGjpL|akGS-_KQRA8qZyqVKYrH6V1VoXm%&m7>{F|S>r(Xr z8H}w<(%IJ?n*UB`cAjGwRW zfo1UDF91c|ppN;NHAOEhydbA`ep}TXDHF6;`HK=o#X?&2uvS+y}zab&y+q?p6 zQ>I?Hg^Qd>FM*VjuNZzXbaL&I&VvCyecjbZG~p*i{~=QM6Y?}})Pis5!jo6m?@C#d zQ*zcq(ZN+n(`QIv#v#9IUZi?l?vcvf?4X7EKkHAIH(ic?t)k~!A}~(eT8^(a1({Tp zQ)+P-YwXm`(a(<;=cwZ~LmNzvMF5B)f+MG0=eT_0Zgq0PY_68m)%PKo+2hozz@T{^ z<*#k;RzL9t<8uooq)0ML8@id|N5slQkI2@%2rBy!$0_{gy+*u?rx!wimbf^HJ#~b<9FGn>(eG`1Ww49 ze#oqPUu}h=vs`krfSF7JM$J@T_jB06){Xw---h^?z9(YpO1rPu0{*~Esu1|P%ZxWx z`o{L$wJx_jov_<~#@RGcL9|yvRlRoklJG`aHsuP}7umH@KBq6m-#__TlV0nnt9|G9 z!-tzXsqAME8&67zev6!PlCX%ziWAuak%KNN<|r|aE7vZbzety|uSzXd7$T12t{a10 zf9i$4`t|(5LQX+!_}P2@GfMXdUyt;j7++?SOm?k?#w;7cgy}=dKmm< z>`DHTSJbmKE5~E^863#Ej~}??aAfUePRt&UpmC#kj2UDNbVPd7VQx@Q;=Mb(j&jD9 zLAEhGR@mliH-Z;0>_6H3{c!tntJzAtN%)A~ZHlAP#^19%@QIn;zT-yv57U1k_-_E31zs@TPSx7>k|NdusRy;B`uw9cLLZiNtm+T$#9AJ z`wA|qNbF{)5N~0%l=LKnKe;tDh_O=DJ|r2SzB$7fFxhB7D2q{$?(LaH;qc&DzRqUm z#rfk?{}10;Tbr*sgMl^JxqVA-O-C`!Wf0I0KFvbWQ&=4N$8B^1=r?rRgQME6q9(_7 z2d+$p>}_bcKLBW>1dI_Q-y7aIvB>%_F4ue{ooAU9_DTZ``q(_yCb}X6dgHNQf1tlk zeY?h-+;A7FD<|(#*6%pubS}{!ipMq>WQlJW%X#97d{~+0!Eq3H{G_Angaw=B#U$Tv z@a3j1nV`mQHRz|trFGJdWcho4J4*D{_3Y#h3J651IT7oyHfpfRNd5t%^X4P-xhKzH zwv*tFGuG8O`i=K>b}AWuJ=hkF*psDYAQ0OanlAi!8&5&@0Tmv`%Cgj=|GMb;IVkMb z=SsK#EM*7NW&7SkW-LP`Ewa;Y;{teAa5v$ppdZ0<5H;SfXp>0Mubr`4#^h2qnCUoT z;GcOT@CsO0<#xV*kP~!Zh1lAk@?KZH+?FMlGIEbQ9^uvIU1#f-v{oR6D$65#C9(J4 zm7^;mo+KpZdvLl;Oo^8%tsSmAjCJ=lu;zU7!e!Uc__k^*)ErwsCTCeuGMi-Uy09=8 zmk3T({_D9jg=%_AN%T5uv6z4itbg-sPieGsfori1)lI2sIAb6sF^+Otj`3tbcCnr0 z*^YMG#<-rDWVE&X^ZZk`w6;V2v+dFsun#Q0*m^(m^Vo9 z;o+>9_Cbn*X8JAVzW*fi#cvcc*Hl@gaB@0NDUizMRn_$zvCsCh2&iyBjOA2K+ z`Cs2YIM|o+zuAsqQmLi?2~r^=)5|aZ&zpz2hNu7kzWCNe@K0{fhsI&tDI)wYtf7I7 z2-?)3A4ySiGta{=|7IV?Zxj`a2)Pf`N{ z9_)Q^nQ(`c0&ibuiMD=ho{M;gRzR#~zhV<*`=e#R@X9q`qX-3BP4W+l9yloS#_4mX zU+sj%RZ<20(}Y73q%ku}&pk>(kxOQV$deVi!xw|mHnAXO-=w#uw7gXm>N%YJ(-T$` zW`~YBf`|~rV)k{|Le^ZzFG2XM6$nJWg$KyyQc6r^gxlvmn44@j>kl-~<~-wtU$$y~ zJ#~uiJKfNFT#H9$F_HllNKkWY9KQgxvHy=}L=o+bW_XhtOu}jl~gilByEtZx6!rQSy8! zSiU)2m&&<;#w>6*Tg~&Q+xPEl&0)%8`tUJmP9wRtSa9h7Y^ttud08lMd$S2BM=dQb(^`{8G1D8}gt?}bl5J;2>$WS?o8Pod2 zA4??5#|Hjx1-iStH!en}?E5I7DzGO|#3!4XDXSqdj>C!#29kUVyv!rz#Y9g0CFFyI z&t?DTPQw7V@nvpy((q`;>}C5vh_I1Au?U$@BQ^C}%7)%Qh#2E4Oy*$UeMDUi4FOzM z>7hu1$92SXLHErHtDk8A<7NhPwBRK_lIJY8$q8f<-IqLE(eeT>g3e!3K^X+S)Idd7If#P_(@T!EWc_R8^j- zW-I+j;7h^Bq8gaH#kOzX*Y3D|I%#=$<({43OKs`>U7+eNbkFF2Ekdn*sCV9ZB=mIE zx$=3D2>PoOH6L|`6h-E5P1KJhXmE*HiCKSt1k0jjT-al@ee?7P4hnNzPj$f2Z8YAq z_IKG7c=R>F7bm$>bab@Min6J9SQmD|=o&v4$g+&g8!imfA^J!PrMJie z=$mBwiu!S@S2RkMI|_yu3;Z|&=g83CH#9SSv{#zj@&iBI9Fn6X*|Je0j9U2>MSE@@ zlH-S1TJlO!Q5I=Pizrb{)fcW}xo$hTUDj1mD}03E6$Xp=?-7iidI&Ex2EH%MM(kp% zKCydZI6Xa`XK6#SaEKRX5(9csV6e%RnXX?%Uj~Z6gn3R(QdUqhO?)Y` zHcAx}=4=wr*w_|a4BVCp~ z*T2U6*|4|AKeLjK7gaHo#K179cQA3e3!C+=;=4GpK+ewewk_g|@bZOxE z-kF8L-nD~YQnkP2&JlLw&I|(JCO(q8dTn$ywk^hHjg8^>7W%{C0wD7~++}(r;O7I1 zgfcnY-y!_ZG5C49%rVNlXI?zp*w{`SnnmEq{G(clsS-~Il>cu|cgi9hrpBGvwYyL> zdu<;=13q-s2juLh{%WuBM9tLqcF@yBE1B=!ab5Fs@lE{nCy&LO?e+J;AcuQ}KV?XG zXUs3zoeUtnRKI)g;uZYmTaZ9$*);gck$=nrCJ%%H7$H#jYhpI^6=e{=a{rL}xjV@d ztNY$*#kVAQ9ni#@wGI6%E!09yuKF)-j6ArN zv14;~O*fV;lx-A!-HxxmWH;*BuFMHLJh$cw))&j?h^PKybGs^~qoZqnqc_;9;1evwXso&sGWLG#b*T`=-$z%zL*y<8XaDiU}m8)eK+ErE*J)@7nRVN)D$OM zr7L`*60n;!QBW@*%tFsZTV%9(KG#n^TnF&p3sMCTS&Wi*cJWnE8}#ts1Za9q;C-mp z>szp^VtKXY<{a8(YD=WOzF4aDnuJw7H_1Z;x7>;OWY!>htbj8iDy%BW!n@#8QL$Hb zv6mI?1*|?@I9unB$wIGc3r{4ew@f@v!-`P}RCEraUe`ZQL=T3cAB1z46)$2~+-V?6 zN%^zo2;m`kl^n3EdS~(=a?z2(k)glhaJ7ULVe5AT8h&zTDZr0fIF6`!IBzOe8|&Nu z_FqFEjXGj$J}S<5I;fkxUa_gZ`g=}V>hb0X~dGOmYPda-5AlE!p?WHv^R)7;ZlETeUnfh=|@K^mho--+sB96zKXL z{VIx{gje;rJlVW`d(ga-L*z_=W!%xxt-zN!uMmULLmUxgO0{T2x{nZ88QgP9BB1xi z;(9r(i4ajM?tOSJi-*Rtbw}tgo5HXKRIJ>Kmn16A%QJF(N@3Lbo5p+d)8=V(C$`pV zwzyDrhtk9iD*@eU2f4V_Np|3vp{L6G@Jd{T*9g-&GGZwFcIqrPdgFi|FkG7v{vB}+{v>5w>xpMrhdl>8cASMt|zg{Alt)E_~C$+8(h&T zy!B*DjBiV5Ge);g6Sz1SE9m{w#9QqPre05lOJ~^ZsifLz>G(-$z!TgHd50>7ZDhw} z6u?Zguo{?a3MD`Jf~ql;$rG^WYOd!;du-1JJ)8Nl$v>;|;$nb(ixt3{)E#K|=8;xs zjI2%aeYxt7*Nyt|iB8`Y$)_GTc~`o>o%m~;@pPSdtKOK}dBN6R+XFeH(-n5I#jUGv zZZx20k>TNT&y6q4qH@33?O?~Bb0A+u=F1*N{OTK`(DQw-?TPHW%OdZc$(kp~LNooW zgqa@2?;&yR?q+a#Ytg9wj#j1R&;2Bu+w1z;tIS{+`f~5y?X2QKfkoE%@69zuNl8iT zFW_9H3efng?^`q}WWO4*?b!$pYAi7I5MAc+oZhy#$K(hCp&ew1dNot7`VD+P zZqoC*VDZ)NA8h&TdA!K;MarhGC=oz^d+<4L10m_AeZ&VKrD5yF0q6WdI|dSjYgY=zMR!t9lH;Em&nH24a?c<=kv8> zRYWlk`F@_|;1lB1>9r%+6Flqc=5XoO#o0rc-Ik?>ljYlQgidBKiOkO&DhF>t;~DAG zNV7~vBQ5Vg>aXhB+Fv2kS(BxSK^&Abvae4QCf7U~q;`0{B3Z%&xv>#;>TsCP}6lqch7?+Q{xPXN7uzVZ^)7_ATd; zx<2D}{Jn!M$7|QO2Dd5NRn4#Pr;`CeU^9_%(RW{h2rjGFZjr&_(jKAU?uf2dDp*RF zFJI%3spApty#3+4o)8|2mzTHsVWYL>aa&e7NWvn!yPr!}>YU!=IvL-7Yv81_-$2CT zGWlIoEaqcciOUrdb|PpbYwa1zJ{1^JylAdp%AThOrXa3D0*!loNO*ZbmP%icY# zrM^Gqfg(rIK5K#%d~!$V(|%=>(=6d6>f51PCb3tV!-h8>*XF$rp1EEZfP?DGNN=ev zL@{1*sp8Eh*X95tmw(XU8hy+5npJp>YO$4^TF!2aj{VLrF2B%&+q#yQu^BO)46r~N zOu}C0J}(E+P0q7On_E1i)Q{KHC4~lyaOYqxXEuMFsEl1_eJ8DZU)E3-iGm>T0%I55 zpEO=3kGR!TQSAFWXM)hJH&(GBd*Pr{)Wrf-WrD)?=T9kZ7ImEfS!y5zJUKtF%%1TS zfNjIo+3SipBpcl}vF$@Yh4_=7QXVu>22NBm9vAgC@f#<|yG>cQuJH69V7qqij9H`K zF&5d~C`TDDYR~(F#2~hrHvFGCCf*n5%yl^Hip(*=`1ff%5*B@xc40zRs6Af83`uR? z>um!BfxhsfEHiTbr3@Mab7+c{AtQc{Y9pY8C%)v@52$SW?bYYeKQ@Kk$%CdPh|#dD z`$o!$BgIKUD}8*`=S7OJ+f0qNR$CD~;%Q4<*TekQ=ocLuaoju+^*}ElE{kML^4TBk zW|;JH_)o8msEr?}QH?;)-b?}kkb41Eg_LdwyxjuNC6bS~YB^AbuY3+r;mAM5WmB$) zi2YLu?!Lh9l=&dP?&S16`3w9w%IRCa;llG#3y~+MPgZU|<}4o5|BhxyKDQb|AuR^0 znBQ9(^w55IXiZS~CLC0+oPthSZ?bfzW50m z9S@3c)49gwFP|3G+^+sq8|3o9OLK`^6o#NbW#cC)YiGxps_Tpkp(yx-eSC7FVjLBF>S*k7QNZWL=jt(SQbj4GBQoJ) zd|{VM?G*^6M_Kj3nKY8QJzX)2H)!n}Hldx~5HQ$7E`vsaA>~C&6rZ1GaoP<{BNXZS z3q!^SR7%z*f3OsgJg-B^Mo#Em~v-{q017= zWi?EQi5M9R>b(tMl|ZV_7@ztfDC8!FO{E1PZVkDnyE;n)ZZ#gMmf*~i0(d2h<#=mj zN|r!PB}??H!&&~|vc4@pr-(ZwN^q+FuB~$auB~jw&BvQ&uLImtu#QZxm^RGW<9sOR z6y-;UnnQS*m%3!sT=-T?;YUkWL|h#`tPz-phX$d#$`VQysT+T~aL;NF5+a#*e!wn( zlc{W~_9lq^g(wFeEj#pIpeZqE|KKeli&J6@@Oz5zrgMGP&%|J&)zXxAGG-GTK3Ej< zyyfG%R`){t-vIcPs;iOV=FC{Dq8uqXcf z8-%b!L7hF{JoS3GsLxM5*cah+YW7n9{CFG^ld86~1Y@&PkZef(?-L&04-YJN^>%$+ zZHf#Ql=HGFWLNMI-UqU-M?%KeF9AT86G2tl*q8ZD3uj-#)y-8wV+zbe%PSfgBMvMt zg!mtyaIX~)rbgL;h{|u2V*)mKXOnMH*>O2FCHV4m5-E^n-`iRaOwN4MC#oQvH)vJm zk`I^fVMsY(S1TeNA9D)Y#~CF!z}D!RG`QRjcq~5}9uc-(UfwuPsAcLf1+B=`{R)|# z07!Q94-{f*I369h!R3GkA3C~q;yEf_``Ce$UCP}6jm+rR^~I%ZS2sR#+MJdHy)oQb zXKLM$@F9==>3^$pJWaIC8A71}Dac1fnWaB8I0;;ct2=M;aA;D3OLNd-=Y-hJ@|{N9 zhDvHUPkX7rG|fsnv_?8)>!duw;+^!ars6;v=DdDZ$aente9X4XV!e!v-f*S2F{`k> z9ji{=7;kDav1f3ggFPA145ewC#w;13Hu4&lrjWUWoRq(qb%T*+gBCN>{DC?Fnmn9%`Nu z6zi^U6j@uZN$l=gXIyC@EI)b($SH0xRy@zNtFD;syv*|KvPLrmo%?0oPXNYV#x}LC z0G+kR=p|DR`|Himu5l$Qz!$voVmT3!0bM83#8d+*{YFG*=%0~QdEN_A12`kT^P*7>y&^EZcz zL|`{cK$j@Ccz9an$0nf(MdCGK1M4-{F^){{Wo>JNwUHAfB=U=Cq5UQ9Gn>wx`a;Uu zhl{<)PR|VLi#G&==C_kI&=t;S%E+mzPNzxYCbW-XXJB2M{RhF|jrm-VS!BwT68P$L z{-i-ay|no>d%oIymHHmpsVL%ZXQ=4%QuAgKeZfA|n`?_VU-m1#c}YL}c|KA1X0O`i zfja*-KB(nH{>@Qw=TD)Bh__@L+t*d`9b#s}X9Atcb67>(XSt-RfGqLFF3EPnMOlrR zEWN;f3=+IgxmR^>UD!)b?+8#VkkK6v)%#gLVneKcJnF9)bT~QkelFYoC8thq`AU6d zJvlok^o;1N{@I*Im>q+)&A1w5koy*&x@^NzAkNW6^F9ZB;Ohf-ktnu+gYS>KlPpaj z3DK!IA%XZ6kxxJXRzh}K8z=C@eWMCiZ}Ep8yTF?g@_i_nZxA>P%owHrZ=^t1E`GKx z6+%UsUqyMT>tHukE6+`Qoku?HX{I5k!(%aq7Yru`M*nX15i{V=h7!g!>qyXI z2#bkJ(6Cw)Pt#x>xL-MXqfBwNW?6Nu#%xz^wOm_xRj^CkPAZ#N-HxY_prfOaUS1A_ zh&gOuD8?H3fhK~!K_-=n(rI>2yVm|~-JUazsWnRoLu{dkZm^-_JdTf1DU!uNLVGkB zdqHFs)L3TLb9d~4s^-F^5WiLxY~t2JymF@Y(EJGycg?TtG&2}8>U9yLMM7K8yLOb~ zStVYWQHoDJP8RoTUi?=}%HU9-v`O-x4+Km2R;`Z??&QF{&$G}HhFI-tdP8lHZajuaNLQb$cJxnN& za#Lhbhme*QVtBYMHapO5wa)es2S@K_i)@d1Z^R~L=H<}AtNrzIp_~87RIsCsK*bs& zx6$Fxauafx^w_^l4=id`csxAy_ej|YO@PHgZ6hbc%v8zjb%U544@XGrtk=N2pJak4GzotWP%0%Oexq3ow}N&ftqmX<7_T5?~H(+kM2Oo_yX zgR7E{_@RykD@!?$wj^xr-r{k(iP&5xC;TYq19Y4M@V7JOZV6-C+S!&5#Z)m*f9Tr?Q?&BVf+vL2GS7RS>6-cO&?pKS| z`rwhz_}I+6SN+>-=-Sl*)yU)ve3QRB4{|3gBXew*P3LZF=enHMZ&opNm)YMgOD{!y zo)eWOSGS8Oozu&cf;pB3dPCc&6NkM07oDf)6@Zw}a}73N z>8pMb9bIAsqeoLno0@42504iWJqcUa z{5w+qwium(Qgcgr!radTs%ikAd5NSAcm&uWH-4Up#_q*JvjKgIfU z^x}m@BMXFP-~)_)9_;8>1fFl%r1&&jt;h69SGA-xGzGxlur=MZ9O#5;(s3Wy2yLe* zo^1_;-lH}#?XnrPetHVeXgO}d%GXMK>TB{JvnpOpyv~$KK0xkx0eC;VcCkkH%gVJq z1)X?WD-thhfPJ+>lRvBder}e~2f10QX33@ z5&0Qv4m#!BM=1x)cZB?^V%qN4soEP};7&PqY1wbX#pq1;_mP3QLb-AM9Ox+4zvHBx zj`B@YQ>3E~B2jv6m;6(CIU3mSY9%PV_DAIVKW$|5w~ed~kAr)?tIEy~Dg!P^OQGU} z+B%o}z4nTR3Wc`R%`3J{y#zWp2zt~t!=gXwY*g&bVl(A!Zwb_oYxXilB{%X2Hd-J1 z>}pJ&QzN2Y{An1}-|ZpJ9`POZsR(sioF1~g6T-RKipF5|xFh3itB($XeeZwmRL~nm z^~=11-qOU19XvXjd!OI|SCCJE{&069SBOzD4B;p*q@*v8>u(hdEV%HJJ+< z+Ox6B5L3OuFvaY`)I_o5)bcNBGVWM^7}5u^JK7;QtXc-w!^A%ODpqv*9H#A{a zpW|o?M;VEyMrvIV8*H;#%p0G$OfRhbV355vXBr^k>4cD+wEvyJ1YxB|=$dh`H5O0O z*L-4WTK|l`(G}z&I1y0Mo_?XHkIabg^`?k&`3S1IZDNb!>i8@1-=pU<6)$Ft$%VJy zk~~#aMd_cs1@#ZOAu4oQR5IA9JKCE7f5D${Gv4dB?wup=8@CX5RzUSNz1tL3Hd+MU z9tgCB5gB;O0PDH0BQJ_huYk|~0jm~X4fHU|xY%!=v}`Km#d%(9kMN^3>bV7-1tLte z1vCq?4&Oqtj_x&FZ z7H*7ffc{`h>RS6t-Rk(twR43P(H0dwE7&#UwAjKX^kgLG3byeZuVt>ETg$gW8-MK1 z*cY;ee%ivtosM-rgVtIau@F!TpXw>#6ZuR zez`_(^I3`Je>|Agd?@03l++N2ecM&keV-@3Y#k;0IMhG$1mF2~)X_%(e+9*VwSIxt z@+?!;zQa1Uj{kI`GRd}wr*k|4+utP6ec|q#Q7v>yvhh8*%tW9yefyQqIh~aP#XIc( z!BCA$E4*@yj8T4XylbmDkh5>TAQjO^3T5mHfeo1WWluOIxzPXRe-4>xt`x}4qis`d z&KmwFzw3j!#jYY3o^cakls}Pt75s-Oc%|iN0}?kgW`hCDdY~g8kF(MpPbx?Y zY^*;K152lhnO3Xir)h-d-X6cV9J5ko;1>vfY8r4`5kbQB?^A4I^qnE0WL$m&nwx|N zhut1jkF}(L>_ZH6J7cn}9B?7xYPcgD(}QkrZ=*96N$hYFq%}_!fF?w3TUQF5+@Ap_ zD2BlOo%*l2i=x~OT~^1&I0oFuFM`DGlGpqs{~7w>hW~FSRsy#U{-a#_L-?-*as#LY zp^^|JoD<+@@Y;_ajLg5u_HrL0?6Tj2KqVK8el9C8z8DU>=32rap552K*_xQ_^WH^l zuo24aLr2{5ELS)#RLtUr*?TDFr{`MCL=@MEIP9A5?_pfur4*m{_BvM+dhU2UaFOk=QBGAmXRc=;p3 z!(q$e0eqH0{`-`F=QxYQ?heF%&8NS29}xa$Z~xza{zCfKX8a!)1jBuHp(B9jL0IO5 z9!@|3QgW!G2BSbRMiAZQLf;2rNh4wY=i2V?IAveJXs$T0NNNFXI*;TNu{jWWSUa%H zkakF`EHCg&rtN?+CutEAHrQ?>=<|pIUm=pOViah)iV@c@jPjM+en@7!87qc?Hue~L zRIAODCo+}6WUB{SE=N^(A@mP+{dVT?HAe~1SBtTK!iqu2>vNH0t)iAX1I_Du1LffK zV>fN=&cF{um5wXRjL;Q}v7sbfwGgn@?iL;2Na#L-Ad1hyyQOa^@kxC+V& zc`+=kUYLnf_nrN#7pGl&b|#ZmFl*Cuo{|xATc;`jopkQmDJV(4_kZuu>#dtPgzQj# z6%XDV)LJ0Dhf@tNb7yjnNm_y^s^6s!?z(xB+ySMv`#djv#q`;DOyI5ODc%{r!jRb7 zHOZ$zVkccqr- zXh#s}Q27ia6)Q2-hV=X*x3V%dj457+Gt0R(T-OX{cGo?fw`l7rwpAhAj>>|E_7_9H z{lcgF`l$s%Q$x0HVQ)6U*q__1u*x-wDe6L6X7fqB82RT|+PaXc!a(ksly&8A@-1bN zL3&?ZA!tLl)6wP{sn+7-?WoN#ziH{oAb<7d(>^>uVV*Y3(4GSQwzN4Rtw2&lFpZ*K zrAs@Fnp#;C#rU#JUp9dNE($2iAez2)BDpM{rt&-K-K)$e8nxHG!m=*hCX2T0)d%v;omuU*_}X1p(hDT z(f`#-?ej8}hEx$jMEPh9xReW!7M%E4`}xj0Y*)@~x@UN|P+vZ|B56Wrd`%ghG&Z%_ zgi01moqB;*i#B7Ec>ktgf82O@#)=zpu^RpCW(s>Y9J>ASgAu!mGEWf!9d?zmI^@ST zNI5eX0G|yWC8rnS9YE49I;(k8Qi|Dd|C&+`C~vjn5R-Qo-Jj|%^onT+0DG-4Y~;m^LGGVtZV+VkEb zzWD{*VU8G5Sf`YjN#b8Q50o`|;2Qj(-fDeOh9R|29%hK3esf$e$dM`X2!G+k5C?sNULbVAB&1I$y zP$U>muZIWq9b>Ta)nv4>H@Hm^1`&DiQE^y_BFFjG&v8xR!eWb8lsVTq1kfAlkr~sQ zm}g@SpH1kxJJ2&>DI0G_Zo=Nru-;BEKF&n5Lhyr{rl$%%5PE721Bb=gx%QM2X9r>) z?mticP#`YGlr427Fs=5m9E?Amhq-DaDD|kVaL1#xa~}z8U7o`fcODx{GtbHPG8mDg zPG8ZN@cJh2=8n$?{?v&#lcjyqAl5;)CKXFhte|?9#vCI+TjA-+j#R4AyS(6j^f4yE znt((jLNHq~LU#?T>{G+oq+=%jg-4lJBk(nv>DKZ(WGcMSe~{Z8*C7>gRR!$32_oUe zR6x~OhGJlOP%>t55toF7Q2X^N_JM_=QCD}>7R(iBQ(H>LdbB$M(R#z3_mm^pOhyWh z*vuDa#K=~{&T@MZit>3+4$LEh2A23OjDJmC3R8v43nO_`9ALG9e!;jqjH8z)GuLB$yYmuo(1U!r8*9+Ixvg{x5Y zoA+)jA|veFNtD&^k$6QfY<4mrsl*^rPGxcfAf})mU&^xl}j2p3!T)9U`=9ilfmR25zf>sM7p63#y+&-pVu!uPW4wRq{{0g}d|fAVTc zgRt3?n_xKE+l$r=+Dz`Z3+PsDhKKN4+#H zVXMURwEhjl%4BqEZwJF1Lp;!uOqVr-rR?i=dBpMh>~SBiXBUx0)CwM(7AjIDli@sd7Fcn zNT2qZm`#w|U8<{*GOXQG(oc(~JPJ)FvfN)T*)S4~jWHfCDy63}-LP2Q^)T zB;UuOV&5`^>>SZg*2W8BDFxr(8r*w=SSTx=yf9Xi>NTP$WH~8|o_47PeofH4yIw(m zJp720&O(7yXm2L$m?gr3 zEZ~>`-uq;!xe`!u)R3eZHH&j5ThL(V?1Q_P=iPe6Tb{Nn6*bAW{HxT_d`bElx1q)Q z+y3+lZDMVGjuK!-jF=tVWdkbJyY9Feyg@r_rGBJ)OUVq}GBUL&IUT0Ky|sE^t2!nn zDPXYY%2ZlCYI5m?e`Y37D7(dik4WigZBAyH6`-j~HpMxCd&$VwawQpg=qGNr1>~1o zc6Zjre;j7kxA1W!@g>#ic;W^rwtr`?8Y>Wf{rb{E3@d@#zLJ{LT^>VV?!&n`s2k$<%HX*->>0bG!|g^7ecv69(~~GHQjhsJ*cf zXLow!Tn~AlSupEb6H#D6T*D)H?Tw?zY;GUMY(dfnJV|H33X^pSg*uaIxD>RRo8(@G zZ^IiE>k{;8FP6=xX1zZqu|7Q>V^kolLJ)HHHyo|r^e~o?N-tAx6efkbQ}HeH8SgM6 z_5Xu|W1v^n+4?x&M5d$Ss#Cn3e`7&JXQtif-Qn4l$x3mo>HR0g^)NJ8%EhLCeU)BDDUN2xf#p3rA(ER4kAX{?lCid#AWc5?J zZ1d?oy;kEDX~$LdhS;MX!t(X_;A5(W`9M+5j{41w@7{EZlHy8MiNS>5=!4_yB24l~ zkRci@Xhy8PIN+fLtIm|k^c%V}+g_w%LFpN0qsKisB(p^jO(q315sws2@dla#@Xa*( zaR{EJmREWx0=kZX8c%IDham>ww9JSptEE3T(z==u8dgG0i#6647Lzuw-(y-!GFZ@u zNYAt2IUF^Eb1Exg$CuxZcpWE~HqL6z&KVO!Sim`{YQEz>VtRUJp-M%LF3)91aEG_R zWTMD*>?9}yLf)m7M*A(eAVYKv*3ny1=>i@^iv0IOZo&lLq{n(N6uruldjsXeI%zKfE50dvuXML7N z4bzoJrHk7uenlF)tkizCI0238dfj8ty{}AkYkqQ=o5-Z(u=Twmfz@fcJP|6YG7A%& zcm!`ypwoG+OLh)jx2NZ1m!a5$YMc^o%Cs8OUN&Cq?`?h~y_`} z(qyD!=h)7w@6r2o>|Zb{!a6Rx6M}@1ni`*)6OCnM25LQf?DG;1WXKzQskdE~)i`$f z^wT8Avh$-;CPE;IDaAhoHH2}=6kkJCVLLCy`~&X3+BcwF5>r`W>jbB-AhbX*m!Y}4 zG!t4!p5Vt}1+Vxhhsi!_1m2``nEA!f5)bOmmkIjQ3C9Iu%e65F{}#aJka~G)&M;S% zKxB-AU_brq4Oij5koI4$NbWrrdy-46Vf`J#iMYz#;8=O9SEPQEzhl-{`*d^bY=OxVes zS0f7@aISQRV&rr!{m{GARKJP1?t}##Y+RaOqKtu*!XxGzlsVfVY*k~(U0}cO4L-41 zi|7Z&s9$Wtn(9*gc{ZkR1K_3qKPV|!?(a^kE75P6+cdc$S*Ojp^h(s~2kX znQihu%0-}7{mu71!}kaw^=37;A1>}^kq_*N|9W;aY?BK!Gv~zKGhe6NQnkq>T;0`` zh1WQO)eTn^^M7dyey%&F)2vET-GVa8aP$9fZkW&Fs}1^So=#SBvi!-oO!%scLhH#h|j z2mf_@=Y7OO01oE(E%As7ereke()(}tMQJ?A`Z*%uN2}|*Sdg3b@%fVVS2r>?W3n~;_ZSEof^#DL_3*fLv#EmFCK#J#lIMol#hS2<1dl< zqMiUPxl9p3h;`e+wDMftHQESI#YbMx`G5*7cP~?Z6Ifq=i`K+V!^B9%yeP7^`Bg^; zoJQI&ZB~SvGbrK&fTCTJmi?7e0koDOgje!FV61{D-!23ych8cmsOo>`IWK9g#GL$N z)4Ex-LVC$1Tg^qK*etPqs}bfRyByDAJHEi+ zVRZ$00D9zc$*-cH8$aNS#+g4;{O`oCC%uXQYMDlXj#|r+%MEP?a#-Rhi9Zll`^x5M z0b7i4vV+26r=qlwW>KuU?EkkVLRz37DJ=jiw_r+Sleu4y`KB+`A#fFN)$eJ+n{Bnd102 zz&aD`Civ<-7i7vP4R)9Igr*VQ6*8eAvkmLZ%PWA9(W;~{EU#ahIz!%!Q(U_~GwiV* z!>=p}>5MGkAA3$WaY(Lc{Ee@XV&5QnQY4=$L@JPoL?9AkQ=VaXcmCvuaj4nfpE*!g z$covTjg8fjK|`t#ES~eGKfC58#(5#J(Vw|C#x(errT$DD`oBQDrzn!_7NV~~YA93W zr1|Fb<|MW`a?zFlGQIErgW@r<18DCHzx>1auK$E*1rH1Ugm#H^TC^)HdygnrT7M9S z81C)#mLGB`xc+s>Gt)-;)M+DNDY^ zuNjz)^q{Q@)eD2^8x$EYCY2Pz>7XesgqE$yS8gUtr~2=YPVR*O=d<12rL;Prt0RDi z4?mz0Q6F=@E*9n;4@>Sw<=x$4JDf?1<{rM>9Lsoed>~)5rc^#i!|Kj6So6I|T5oo0 zp4<8z#X){H4u+@%|6z-mAfamO=CL+q7qRsqp#It{e^5jWCh$M(4d;F+OX-+}u0JZD zYCn)=*;ey~@e!73_}HjzgC@C=03#7emV}2PxRudqgb^~KC0HwxajGGl_hJez&1juG z{ER@J4OvHHr<95f9#tCY)IwE%*rxs!X5owB>FSqRUTW=0rIRnyuDByS(|*(~1SVxC zmV+@yPkd0X21U+WgYV!aAn-e~Z$(x9Fvdp%VD#ylChVCp^-O{P6i;$na;4S!zu4 zgacqpaU&_^HDYcSdZE8LiNfoA!FV5r>Bu@Yev@`a@R$g{i4 z;59!~$`$O=WDMN@rKtBeWymzwTi4TEP084NTW2<8eD9pG=Nmnjr4)FVU8W2%hQ8VrK<$Lk2iW)%n!XE{XCrBx3 zG_}48E{;kYWm!hQpJ87$c=_GmVOwl;r$>bkKqm{WQt$>NY&ZczY zB)1!1a-_`s?E|0P#YHac)V$#Hi(b7w-_SN?Wa*Jl?5p5>&3SlYI^s4{x^{7`r9Wey zozEeBnbf{7)p)kJktH7zo+Zp4;aQ=S3da~00@_u$LoWq-<$>7WaXd_=eG$IE0dRUM zGCDI!+SH6CE_kU?V<}NCGE&6vI9I=IvyP~%l=>K&OzzcsTuWkP#VY;;{tR@u!9tm9 zvuGw^pc)I`+4F$Jjq8*OU*yqV`{^0H32pjBA%D0O=+ZNxC`wB<($Q`$Ziy)Y*T;%w z;hXXG&~(qBD#>tQ!BY6fYIwk|Ap&?AAeZ^q>ny2QpS6C6ywAuVEyMA_oNcR-cO{?X zK;FbWJk{^Q9X+yTdA2s)i%sUR(xI@-nT1}VoGd>h47P{dqMaB@U`3w9L-7A#?yZC3 z`o29;5&{GXgy2Dg6WnRsHArxG34zeK(;XnV1$PMU?(S{@g1fszL!;B=dw)}Ne{*4aLAl+UdZIOzS7Y#D5^;-9_3I4J{)a90Z&OkUneg4n zSGAM%72%`a3*4DUe@@C-fgJ@Y**%dsv1u(jmMFWzd{<6f+ap4;(SPuxwE9{sumnD` zT&fyXw}bW}Jepi!^vCPENf?PAC^bfM+=mg)cJP~*@Llzp&z^a? zn2Ld~z(4TohY%Zx&5;P<=kV?B%`75H@%Dh>P?USzG1<~xGb^j}O;~oq-=2HkhKi#;os9ii- zwj(|cUlw^0NlonY#sip7J6ld&n_wI!6PlaQ-E9;4rb(!Y^#u-gjz-QkNcY5}uC9r_ zO{lb-dnO(p{l3+p%&X##e{7V$YH@Vb^E%OjUhG}o(aP!FvHSiao?_zdpGM9iSf%`e z^-S{h^^K#R2}*biRqSv>gcnr+3n|3XFBqdgNx|jIA`f9~{7VGxqI|XBy117X*rQ4+ z2j488k`CHyvzU-dY4OZ|`7|zZ*h(~1yu{(08Q>oCwr=vCJnBS2+~33CSYDCDSI|X| zHq1XqD{|8BlCER#{1$lQHid55M6on&8+O??{e(fZctyaY`?;Q2J(ojgMGUip}ty6Q_2Wk8| z!dN6mfg>)y$x{AWO?A|Cg&$W0tTpR2A6dx)Ujw!;1u-5OIMhr#tFj}jb6j$kPf6>U zpqnl*ihB3<>T^%8NNRrY;UxZAGQ%=)6lzOI4$`lIpF5VWN);7PA+P^LM&r+zhr9xqu`Z6)Tv~ze4vMO+RE2E*W%*jX1L`}d&<0ypJ+aehwQC%VT7>J7BZt^VgiEc zRNrDoW*L+R4huj;F(ctk5P}EhwLZnQh>CAYiD!rsvU_&FhV@$s@BZ=1L#+i?hr$iI zg{M{PSkNN-w;zW1<}c;^-@TvOZh7^=N1U}Mvo>Xg8WG0=37{({Cou#I3?}y*(CDEi z=Tih;tulC6fkwsNVcmkfJ(X|2tsm!Ipr;VEb)Iq7uy2ZoG z#z7+#^eNDg@7r^nFG^x$rOTM}e%THoUXb}z2vqe=cBU(+#yBz_=tN-9Js03B5lpc= zAa&i%BnjY=x1TsV^ne~@sSwP{(sM1^RV&I-3G%l0swLYwrMAmZ%ws-AQ-m{Z0NlQO zl(5o>v{Y*)v0PHzEIy;FnfDgC&8{L?p$bDEsQB~Lrg3+rTWt)lRSHT0U1Z%qcvtP= zLfF5(Dbkh9lmhbo{g(l})f04SaK+jUJ|ez|4qJaLn*}d$L^BZ0pT7BLhy~d7;Aouo z5(44=EE-f8H29y_xv&y(rJ50X=qv}u-m6Ztl=Ked_*uP9xP1CnHA9; z!@}pz6xus}SzD&vf6u9Cn|Z;lR~yS^v|mDi>EK;J7+^m+gSqSuH}+7P7vna))K6`q(OG z^0g(cURvnPhNNXf+eXlY?i$owrnP|mT4LPcz9&?O+CTGXHA$NEX#qET*0K=mVx1|Z9GGwXAQ=>}cpJr46{-S>B*eHIk zUfcA#0H^sENT~Gc3}rZE)f}JlU{e zKi;S#waMz7N=1&BH>-DJHMb=3`&^LXG5tzmX)aCh2z4L_K9xD)(~}fv5GzDhM&K-- z-}#Q`-B4wJLEw%LoeE&5B%uB&OrG+JWZ>thKAOfy_}=iY#0$=<8SLo!+1n#8;3q?P zgRzAnz|JQ_(@vsR+Vb|f)U%By%=$946nfk*2Z6Sy6{mJw#)$f+sGys2(>JNK(=K0HF2Jh8Vdq&wv%7 z)AvF@8rjz>hh)qItBOS9V?ONILK6w+ZpU9j5||oO?MT~N&R(s{u?=uy@$B$Nqm+f@ zG%ai7|I@oFAf?x+u5#b-#p+Jv$;IyIZJDHQ&$Z+DO3E<(DF2_gQr|ma~r=jbE z2Yv67E?%?euC#~E==X`G^JJ#34w1YHbVD7Z&% z7@r0dj25#y#QVb63lDl%^&yHj4g1A110mU}}~f9Y&OmP2`sc87%5m&PFB^HqPQ^))yD z)4Fc3$C#mXb2^cQ!DxcAo8|W`Jp`QPN3`8N(__T%ZwZPtA~9bTQHBgFM^6yz%o4)+ z-1YZ!+PRsWLJr2x?EDyRF6r5P;ChOornrP-t#KcGqg{a-B2%~54p#)zH@6x!hp$!^ zuQ&~Wt)cYPq2z85Jjw`CDVmjc=1g?tp0bj84Pne}vx9T-DZL5t@oY1kX_Jy}vpg4a z&d$68Tr;8<3315i@GdF~)s2;2wpV!fzyQ+kQ8iC%Me;lLSF7HXp32%S{qBG}H1l6H z5pL-t6!fou_N_lLk$FrIKyv?s$9}+gY}=8y!G53PJAC7P1}hbnL`+1d4evY|!A~HS_R!JQhUhuQJ^H3Dbqa=n}u+l=d&i51Q+Of)|9~ zh5HS7WKEFPFa;bg9k){yH#FohFjd}NCt1m#rn;Q zX^s*QVzYmx9U}crwpGj9mI?Vq{ z@ptd-Y3WqINc3S41Y0IGLwl`|7-7ZB!h(zrq~eXVa9J(I_SnuaQ_?6s*a=C8Ry@)< zg&Mp=%J6$q+Q2=J$sWnUrFjZ3+y;+^%&TILV+J)%^Bss+-VGJgGpu- z?f{b|5jPpl?9rt>zJF4fUEK>XY?ZW?eYW=c6h{S!9R`TvtgVb6{MHQGbYc*q2<-PQ zi4K@HM*Oxeg}@v~gVW{a2ahvzg9hy>u`_npKPogmRxFO^8z%*LQx(dCwb<_XP{0nn zT?3oZV1_(w_<*VctvBtFf}xXR;S`&}IbLOJpNNFM&wc}*{g&d(Kjp5Fr-~i2b>@p- zFyA~IjUwljPa52WxOrY}$qvFJ7q1YR-qUg0nmp>-^C@l)SFqx%4Fon^$O-DZqt_|k z5w{&dh;@9H@SV=zHZvwq|I>ahdx{peltb~1X3)wU$T}`vKXbO!HHq~~#ge`n1s7NN zPfO$OtGuCZso94SFUR!z>J}|x^;Rcok+&+p;YQIFA_|L-4k7;?tSEP zS47L|OBldz6zLqbpyc+X8R$V#!J?oUVjB;#sGHTzE^zG3NkmhpD3Hn_PMOV~-)&{s zDB7zXe$`P85ov2>%y@KJrGe}Qr)owW&W0#FR}4X8Or`!YH=5OV3)}45#vR5}H{Z#K zi3dUZac|uKvf<}?XM`S_#da@?239#2wv)Y;^K}$bO~J>z#WwuYAuGU965*KzgZXi% zKnid6*DZA}gU3CR!93lOISNVk-ubR|ZlS#U!f2~on*X3mP7D3U+j$PvT5#~){I^2V z1>ls0UAX%(p=z4HTAhRcl$sEF8z3J|CZ!hKb<%WD;9$USwy$z9tvZtFlJJI<)n{+A zjDqz;hdzSpsO9N?5i|Q!KuVHuM|^{iNtt$g<4o^tGIt1Os<5o}&(3@0mri3lI^AnB zl;di$Aemp&uYzLHGMn{juRl9Xy=2sFo0Kz7@tx>2uNDYRTBNo>8yNU}V~zu*=u66Tbsz+0JxS!AMxD}J(c7!8M_p@R!Ig*~;XH2`ZGZ<}z zL?~9{J-3YO7g1MLb$P7Y=5<~rTlTQpMk9OuLYw+FgdbP3{rsit&}EQAEK` z>r{J*_Kk^$Ud?vgR7NDqx8cehIj!32vvKsPcz#tR6gZroChL->sT6!rl^4eCQv zA59TMiDh(qX*^pLykXyk3k&}KD@mVmjMT4cOqXdCY`9uaS4&M)z(<6-^JQNlixub& ztECd~mPd9LaA27RwdFcEWLFOUTfL9yB??Zs@Pc5|ygsGSyEq`<#j>l98wBMaOTX*a zUgF+Auti*aKSK%DNcry|&-}l6xL%3Zzs70W|F*ORf*2JQb*OeVI5xJk@&xjZrPr7* z3fESMz{_h3MH$lnM=+8HM2Y%wZO>cTtcJ}PSloplK?>ckc9(sv${M`Wmq0}=D2oMX ze87+KscbQ6M@un>T7CBs`dcG_1zM+w^=YuK;)E2eB*D(zmouoF>ehvdpjY6^*#6+i z)V0u3h$V1AQ%JksSSs)0=0T`5XCoz`;jCcm=ID)erb^=^RYr=}0-H`V)8941v`k?F zf05|&k1*UVRO%u$%4DU+8r8&j#zveMH^L%}+l! zJ)VbfDJYbVn1yJZGCTJjDb8A=^VCJOiC)dg0_PNl#~pQoTTvq49jZC=vV>ntB|6R0 zXls0%AaAVqm81OTmyJu;ps#z$e^KQo+^%X7PRYN+o1ZN*A=xg6{jH&B9(EV?i1zE< z94O{O{bGtG`TQ@Qc6BO27q53xS$<>#AHGX`rwkW*p!9ckR;hOTP_^?dJKsFt`+r9} z!XdSV1t3q>Wd0(Edo5#XSKYw{awE+2&14k^YRYJx*b&8-hdnjdA{dBp0a{V=OAV^N z7mscLGT2SO=?*tTlWAFqvr}zJqLF${>OI)bD(NUoZc?-8ift;{LRK>aPIiXF z)wIfRx}O1X)$;lXa~%g@B6pfL4R29*rGNK>R9{v7$(q9e=vX~X54U=%wp6SEwjlsf z0y;``9^ct@=D8;JtmBHLA`D{0h~C*NL9IDKk8c;QNYTrEavl2;F&=%tO&0MzL!K1W zGmt;S@AB^{@VZz_bu<%LFKSzZAsIL(2P>GPfwE*&<06&{f@W*UCa%(7PIAa+)R)O^ zj8&q})HkD5bjLKp(V3BtHduolXlbp+wL+`E|8J;>n9pe)lD;&`2W%TT#~C`BlCP4b zWAeLc?ZTf0y`i`NNLHPUL7LDT0GAf@Jw#B2Wcx)?!eOOzb~+d{57L&-m;U6NTCfjxGh+woo4aTgP!KVf@0El^*?DX0CNZm%A;*DsCYuKj7Tq;rez9( ziMfz9S+n+8J06Et^IA~^%c{j{Ihh=F`k<5FiRhBpW(O`)(09GDzavXi-_b3kmMN`~6+Q*3kWXuOi1seGG+#g# zblvC7;21G*eXQJ08lG(L1@KN6z^Q|2HA7mBrh*Qwy6th94-a-nZs{J!;N+4=9?2Cb z_H~*)ZkNHGH;_21{`|J$$2NawXddoQ!r+Y?!pHuuc!Q4Fvd8wt?OYW3%dSA;o<9eD zm^Fv#i?_2+{jaH5k4tH8dj1UIbAjpLwzs((?zm4XT8K_RZH8*ovz*2-td4u68H%L& zR!4(6(t&OM^nJrSiqD`e6V?vd!e(=Bfz-n8*EE*IeD?3~GFPZy86A?Xv&EpnQ%BB* z|2u9M_&x(3|AeV23LCVj2%(SxFNehI$Cr>-zIRe*f7U1~PBf|0en+4mnx8308=9m~ z`^SgF2e4Z!8BFN86&tVw_~`_{o(e_R{-j?wjwa*sv+hyHoOzZ6@?qJ>iIe4hfrrV$ z-WLT@n7gkZtMe;&V)#;eo~_m1qcKJ59}x<>gsY=XVjh!8TZGCpjX&J)nNVCj-z$J6 zkKF19)hjJJc!%w=q*Rfb?T}wN%&4gA%hH+})nnNbn7#T40q4Fi<T|n?6{pg?()%1>$!B1WUgoq#-aANj z$WX^zmm~x6(P9{2e-S+leC*2H%OVh{#~5{6Ss)A{`iutrSa62;NbGl$x^x{ep`{Y& z=lj1pCVtESkqv@FN-Y+LPHc!|JY}dG%wJlhW3`|BaL@OSJ7dKq7IbYmM zaXACrpSZZ3UM4+c`KEY_R>C7YHm{0;&Tq#Wc1lWK=`=EFU}Z(VUmWedh50q4DCwgY zM;a(G_=ECG(*J}8b4HC(3fR5SYLeVQwmLqvWqnX=3fjyU^(m#Cy?%dS-tx()0Rg{$ zBG-0!k6qev6O&_*PO}L&>sF;xAn0*&l;WwTiIx=ST#b7ad7ks6CU}p8NT!4lc#*1-~tpVCQ+q*XN ziyg43f&NctF;E@&p+Ii#Y@D8H=yV`?)eQX=wZS+z0u)xd13 zRB9g9uY59LU0L$d&W8-YHJJ~9#=!e^*UYaq@zc3V8L@y=h0+w>H)QLdQIy=ET{-c3 z>JCufnS+jlpn?Ks`s>f?)2oTjVZkY!o>$ZFTiu7qc)d7ggl_1W>K}<(AGd7U$??&q z4wZ__S=A-28Cd<3|CmU!=eo$V&ha^%PSqiO6%~89IWECBrp?OcU4zoqEdw-wQMzz*~9e z_$F&-Ps50z%^xac-RF3fJ2W>IW$uYtEBGDdd|R(;{x>0-t-#;}P+grw<@Ql-`3Hfc zv|G?b%G-MXsQIjv!!eDi2S{^4D;!Ti^z@obvF8?EjGu83-x?52@aUuLGRQl#r>~wz7a%QAHL=vGvj&^Cx?MU21_VViQ zvNvJK5cR1Qhha(Ap8{6=nEG*N)Qj zR#}YgekGe<$Q^h9eut;e5^l4`_XiOmeKhAgTllI&dRL+hf~$2`+39@i{}K^!t|>C; z30mCqO=PK8=|(QEx;8{~ztB2`@>lwNPwdNlVkB!CMY4~reB*iFP3q>L!>!O@`kvh; ztuv4k>A2pt8S%SJZ(+`1A>1%Om-TRWs2uq+K}RE85>c3Hy8qp?xMC{uB=M+oCi7}% zjqS7fY_dC>moUs(WR)uQ-ZJm^@)Z?d+lns0+w}{EmYg8aXz8TtAB%guJBucFpJ($doQkxPFDv5w2gaDbDj;58i4 zmJ{%sN$}96ut|Vh8?<*8p!}cBqTB-mtg#D6p)^#i()u=*OK76ndf9yi$`Km@XgwVA z%bpuG@F>`YeoyCJ&2B5@jxt+B@JayX4Au;RgW0u|UbmS?AM&xh;$d${Us`7mmdQYJ zRiONbvIn}FAGKcpod@dhg$aDpexE-h!SK8-$;_t*z@#W?<=~9pWNBjWX$qd!Y1_-Y z^?jqa4xJpw3C8D8TyFT$}8;;u($u_ojSBO?~_1}UcJ3`JB%y@;Dn0zEnzbTgP=_XLBtUk>bpH&=$ZV59OiicUZI&<8+9nRy|fa?WK1jln|s3q zjs{nuDiZ1x1ui)Z=evla*rDTM=6<+-xD>5z-ZJq#TtTFjXaR#3n~4_eD|Hjfr4OeXDWnIVKq#$E-7WZg!`5PZ60O zuLuiC&bFF(l$=*qp1U)MZ}YWtu05 zE@%4H9s5^ymy3b)N9j&tZo9`L47&#SK?vhkSYMjCeuhLz$o%_BRUuK_^n2(S<&qnP z#lxitlXC*L^-T&*+D#~$LyDK>)$2;9@oUP|I|mYLi?{s-BLQH~ln7__V>fp5mf%1GtTgsn}jG*?& z-OdGSCxHjzF`utB8$X!$f(N!ml$(la3J;jr@QwQAqI=996=z&pI>FDPp1ANbVDzd4wvwgr4u*J5(Rd61C_?1_IT zCIhM6j!=k%&s53?gI>!q+aA?$|BQ(-g$1BNAlT<`*QgLr0y(Daotg!B_;oYtRcV)AAG zhPL|1YTLTydx6Ty`u=a4;x~}(&>}^$TyGa&EluGJ9I@MqJ_lVRZt~lY`hv-ulJbFNjnO>wHa%|`><-3-g&7=Mtmc!vz9&AO~8EoV0SmUQN zg-JF$NjF;ps+#bfS0swY8;&WAs^;&_uN8=qaAhkUc)hg~zt}~wBL-dGvYsV2{oZ2arCnd@u0?Rq9rc&xen=P| zAZ>;dN-f?-&=&KBz4)PCwb3>&y1lIbxMzlZ_#ht+Zetut&hL>nQ!wr9O|`2rj+9?o$pk-q|ceo zzGWEBEmt8mws+WX(Um|C-xlY-sez#l0QaPG+b!5i^vi@K2@F6!XM0)sSMKR`KU;4;Plc6)~u7DYuklJ8Pkt0R7&o z=USH1kM@4av4n?8|1+YkBjn!q$H(`C9>4#b6VBW;F1$l!|5JRSX(@*N@vl=nP}RYi zy0!0&$K@$;ioP}CMw|pzd_0qpo)*Z!{1(vpoCNed3UKeemkjO=nZrJP!D%w*HmNm< zq|jvFe!%|6HH=vxm+`M&KjPy5KRE0*V}_+Kb&YM=M@B^jb5kScO(2wUIZA`H4D;`)vbq3rr-+84}e zsy;jT-1Tan>^bjD%J;YW^4-;&W(($c^VdI{?2sEE>+rY|_9r5a5p<^4qt?7G)idxn z1G;rldTKJhMP5RPP7oE`YECQ|g;{1j(<@Oy%0t5K3=&V3*j21G?jwRC%SO7~Yt>ku zsPLW41E!r#?>$#hzeCM)R_2y-s)eDBNDwZpQD9Wgwcs!fL2TQ%69N!BI9a_n+NEtc zNqA!n7)C1=M^))3US~3XK$amrp$pDCHsf9XU7lu-_;SF^E3|nhQdyxHE_LgHzCzI9 z0L9Q(DdSM2c&$&paU-U2{%}Y#UJAc}9u{V8vM!bGS2lxRCEvO3@z}B;=Mcc^Q=CdR zRmegrord&f#nisNH#5WqS{&8#f1JO{tZGSOJHI~c`G{eZ1V<9ZN4Yw7>%Bhsgbo;_ zq^45-X<*2V_`ZyfLHEq@aL%{7TXRu$b!cTM{D>gt)!frE?VKDLSK@5pb#E=B2c6}% zN7tkk8@Dc)sV`5$Nb|+{G`M4E4BVcSImrDB6U?xq&mOCSl)Z|MTd}oJ2fgMS>PLRT zv**#1UY|E&FzEqM_TxI+ zUYcS1Ht(1#-xQ7{v@CbzFplqU!0J2RLwdR@KV!S3H&#`!6RYd-Rf_0)V#5!Kg(enb zSM8|)?*MO#h%DndaxTOq5J<&G>p-*7^}`U?&b#v?^O1Ew2EFE=IR_9mM3j2z{pEP{ zjHP0|+8kPijA1w1j=zGtOq8mfIEyrx zEL2(pn3i}|NBE4Q+RTvUaG6b^ar_Hb8YAr+mlY;QA6pF?!khC;FQqSzPYkl|u}!zu z%D^3lP`cT8k&L$UjB%zgbeKcS;_k~7JxlgT{pJK+C<*(t{_rlVNdxQ$WWB3j#`qeP z&F3)J{1tOZ-G*{(%1=-at84iVkwk-_X}Wa%4yS0q-Z?|6FJZfdJM>krzB^s2`a{@4 zX`Ah zX}D{UFoiOTN*ri4)&@c>kLX<<)wx3OY_f)syLMOM_~G#Z^(i^1+-hNtU)G`WmF1tX zCac>k%NejHIVy?^LGSg~=S7SZNN{l9GJK#ZOPRfKzKaL?voNBvo4#Wk8Qda}WS=n@ zU|`JVd2P5(&(skbOkH@}-Cn3`?i9aYd5VLp3K_fntVu*Rcu-KlY20MDm|qb}r02w! zK`O(zr~8Hm*^=0H>x4qXfsUwV+0%qt%>PZ9lM=uCu%p<7{UzZg_YxvPj_% zV2fH~G%4;88hy}DKEFSd(Ti^oIIJ$~i6Ui#}t zhIIm$p$)Wxd13-444i{vZSPDix23mm9cs+BLrYT;Ny~M_v*!|Df~A5`n|kxTuN4cDeMG^nfT=iCF2r`*%vbYa!}Hvdz* zrlvXqAUUooYoB-DRz5vVHEjalh=$GI=nwLXc|mw!faCfg`<&Lq@0xe^)#aqvbtAq; zs0>-t9=`*_X$G)<{VFfsR?axRCh`AF-)<#K=74;{-|)i)F6At={?SDjye-@cvY~n* z`ojld*aO0(uTQ8oJU!bQrmp#y8G2#NAmv*R+b(r~toX_HHRttqvcdqBnLgYq(>2J$N(}c7bi~M?Wr>8J2?;&GGctuI+rA_gKqq2d;(_+w zHF(+YY@dMNFVxla!nUv6^5X6{>4&gq2`$T`t00>3u+pg26XJSM^I|yR5l_FFN_cr1 zn3(?gOY+a(nO}OyxpciK#Owt(mr@zMK$FFpXb|k{yq)rKo;NHPT$RQq=pTGGPiBAA zSzv?{FC*pQw8yu_rvhSWsO8gVld+HIyIa!)_PC4r6sl6zi$|=-Y__vsNfPM=ppgqS zy2}rsy`RG=wuhAHb&SFbD6ksua_qYD_8qT8JZZ3BIX3Fl_2ki7gI`{dyaI!I~{8D4ul>BPhWc6kh61(CpmJD6(CIM{!)vnSk* zKJ5xU%Nctje~%Eo{iA8I1cXpHAmpAOl|rCr?{T zoZ^_t15_5410HWUyoS}m$^L_dLtQ5ULbWS}@J3Ps*KgVhrbh|XH6D2Gw|}uw+RZ<{ zX*(&+8}&MiDNroYsd|qY8TXOtBRP}cG7OWtU+*b8tLL`VlOUqUqvjc{$`E$oxaf-w zg25wMRSromhRozrDd+{3)^p7r`e@arD|X)tLCTd&tvS|(_irRIBPm2p?tV)X@!7tG zxv3ox-@XzR{KiiX=zn=|Y`)oFs zv&XWsZ7+|8!2S-?*vJa^$QD&`aZok~Y1luIA@JV~d}%@~6a+h-Y7gAVd9*GvY?S#B zt1l}b$S2BkAsO!gUgv><)vRW%Y?)aCf6d;IaEQ`2eHGr!@BeJp&L=D`GBmTYy0)<1 zPJb3>L4%Lzllx@N(9oa-*?&Lp5*YYrYSAlST%qmp*;I$M!E`>ESCEzc7$h?Q>vHCS zg$cz(_7jbPdLAyX-njd>fv*`GqAE&Knk@zTa|GcQ^uABnvT>k0oV5-fgvGfZo10aol+-lgwvwv zxX&i}U-SQ?WZ3(mX5e;IbgEfdVUAaTD)py?Zlseold|CcKGH{0xB|<)PYFCh&J{=2 zjGKnzTNwYk)7aP~84VlGzOpJX=$j{pn4B6C%0+9URaum;^uG`w(Re4kU-7UPa|bw=ezH*U5G00h<59q|!xJN2k9&P)LRrvWu=MmFWC6 z{y9UPy#QNLs01tA$S&nSh~)&gm&RIY#)^wwDA86g<;E%Q$ayKWt(lpXWfcp30C5!?XcQd^KkQUR97@=~wp4(@tt{`gt$Ng4_C{k|FnCpC z@p_i<@Yn-ELt$5`ChOXMu|b2a`qJUic_sD!JTlSx!2LtKg7hSk_cJMoe|rApC;V-A z>CWj;lLAG{M}+cwIp}o@^M%)2TgPk-mykCno{FH?r{65j3azOjd*OEnuvC(Y{hB*X zwU+W=#{2Sugten+*8XB9oM$TFED<2j(Eh5;3!DGMYd1o1XfGiNq}VGr?$owvzwjdJM&z z;+GO4oP*Fl3;d5iUL&Atv0WG~FA!B~7HPiJ)UeBkyfxfX)E4UlnkWFSCGCrd> zZ7I1fUw>63tgDAXUm{RrjJo*d7sF$d1qGT1DH6r6)$jpz>>H)^saDk48ppeDXqW=v z^CpA5z4@S;;RggEMh4-qRgxym7S1@Dkp8>aTd>Sced?>I5a`}XS+5mtmCKbza~lH| z)-Ojuy65lsA!fJlLi#wrYc<|bE8kDM2gX0p)u-hOJkp=n%Whrzl-~lM5zXHb z8Th=C|Lx(IOqj6d%KxAI9mys2R|Zv?T_AcyJ`<00a`u1C*#Ae!{&{=F|C2oU_uJN7 zn$Q203-I4v%;W*1Wg-w$d`L`;Dog-B3)33uEYXa&W`d+J>HFMp*oiR~Y(;$PZerW$ zsQDa2gyo4yYb8c3E*??~;pJ>OUjEna6OKU^G??Ib+?)4ZYO3XSg;RspO{eB;m zNe4R%QwVf)#I&^id1OM0-Z0k_QH^K@83L@H9rk8))I^6qBhs@Fk|x{;J6pewUkH)V z9zJ32BiyLLn>lqgff>k^cpzdBw-kPV^J$)>RI#YpaN$9$~W&tJt;OfY3-Jo@D zN_VCmrA=!LjDMcUZPB$MqBqjbR=i zt!6Btw;#hg%Y{TXZQ19?E$$Oj<^+;@(n~2gHZU8wLnTRGp&@!!6X|i?zHsa+G@oal#-pHr zEaP`s6$3z6UC@Cvbx_yC4a;XJ-E>}J%n+Z1`u=<+rD-ev{=7vmAx?%&X$J!~X^{9n zDt2&4h;_-P;j<&nUe$imu9I_-*X*?&l|;gsUCb!hTWCyICd2IQ!Va2E;}Lnd9k%jz zzTr~*!Jcbo$AU{scakCYl0rjJy54NEaA|}yox(J%*526I5T&U>7?Em_Oc3@a-fW0> z?}2t~7E=7v1M{WpwJb^M4w5dB!x20G+b90Xr`8|ev)J(-pveBf$AqXfn%@Ef-m8t* zZtFo2v%6Jr+*!vU-#f+74mh7=gRMN5mJuebb}}PaWcj{ot^P$qdo-yc0$Kenz~<(v z&s68bOYgUZFTN*f7GZ|F#d;;UKw5WONowcq_K=HEB)vAdQ>`+*+- z>EF&onv8~Tx^PkePe{v)UTE=;m!F8z`P)kj4s*yGQS(-ya3;j4FIeWo)+gu&JRjQi zJfko>m$oQN`5U;8+J-1q;BnCl81od_3Ju@NNfaT|yj+kQJ~C2F7>o<01g zRF7k?SRxHz=}i}D!(MUD{r%EX!Yj@DZXDekMc;&=wsixG0HLu=TL`ehvD7!8)#c*6 zr|ITO;G}%=)ezc5vG;39hAiL>LiAAjMp{uDRi6ig3itxfC9NjK2wkiAQr#O6aSqk*KtTiTV5!5V~YXW249 ze>u#%f`g;_>Hr{D=W};Z{A6*`3agWI{1nl)U0dSfVYb(zfyqD%dF2uEzDb57?n|bz zvGFI4B+X2yq{%0cr2OGKk09e0uO!~${H$%Ch(Fr0Y4ZYst(&gx>&mMUmdE-`NESUt zhZ7UWQnyB-!-)+q?)91V%ka|Ml95tsgt7vVv{-@2TOgK$>5IK}WB*V>fB5fkg212k z!yRa(6Y-8x2p8$FNGG(u-mSVTt<>Q8v*o-q!F)*|?SpW6qfgRs>t&EP8~1mSPYR?H3?-?m(YHQ| z(Ce=BbD-5ruROg$W}AAS%7w?y%z0XkB(wD3PYj1oKSaL^zqRJF(g_+dr^0{zL+Iw> z`x(}$8tch;`e}q3rV!nDr$%$a4ypd|1>7`t?$aUjq9f#$AoPGu`}{4;!-ksbGz$GT zCjHurHtUk9@j*m!%*?iEE14kZF zWdHV?g+_pVPy5%Z4O<@DSu_@gSz>e|XTs^98ECmp$coBLZgi|XMCgaLHsKDh4-JnH z38NKwlbSVA<9>*EKE)y3Oc6XJDcUo50iM?4p_6{Tf$VT0!~r8@_-Km3m#z=wOa#9^FY}6zpI#Xq0Y3=szei&*GpI5OXoCtpw4*P(-C*+Lr4E_Z zr3Gc}^DTpcFCLiX;m9=4-&}AJcSStiXfMb9A@Ba;Nxk;L^W$O1t%SH~y0U1-^?|~B!Fhh-*qXS2 zR&*~?KuwyFW@a-NoK?T)^v}lW>x^i>ZOS0d^_AZ<5Lzb)DpTuWkdu`<1$kxD{#PqI z>KgtKLuLXt$5&fsIgvdAhO4%@k=DS>#zNL&c(d+q7CWgv8&1FU+@VwTOY$C^8RgtH@Nqza9;5?1CYy>@5J>!JpK-;O#8t?BW_OqQ$ zt0|LcS?_i2wKYalaE-0Ch14pM@_i@3BMqt82U=suki1%~QQc=Nff+tTWF!#*v$H%3 zfU7&WKT}h+0wyBv7*sG2gwEYTE_kybbeitQW?|sQhHk*Q5ciOJC!}4Hu?(}oC#;&e zc5?d3_x%3yEE>YcnbWnlnNuTEzh{H0-{yB!^E2dtjclpsOZLoOz7WCt2T5%+EuG-H#EKt<_a zm6Z&Yjq+w@0GOSbotuJ#M%n8$Vc3QcS7+B(I<#vXgj$ z_d!1`;B4PBGP8OUi%-Afw_nIyvBdWKdbW(_8|GJ z{I5@y+{IzD`e*!qyExJdCUA`EjK$+lN?WF$@mt`bT5bPJn0AE=HNA}>RA_wDPPu!n zWT4d_p82)ed~^8D*KgAs3;zqfsk{i_aT?aOLM))~bE7$-6Sbx_I)e!Fqv3Al2(0^9 zB1bDJIuMyKt|X(mBytIBezez<8(xxcuGJbLXSp9BCT?xPzUwsejTMaKka>Me{`gX2(t^@Z;{z zY3eso@qK2`0zMh>8*_cOQmYFsX5qVBohR&XUzO=4#37pKR?vLQ8E8^<;;P_2k}1eIVTo3{>)z z0e96_%%n-_WJRXECnjttfXaXb;NlQtkNs@#wF;@LD zYS4A{9Tj(EV;rSa7-Pt2KMinT%2U@69bE_q_P++5Z0_!qb_rS4Q@bS{4zdx!9|o9J zNwe5{Ngb_snm|FVp0l6c#^nvM2P=qg5Ynd15@ z<_c$bfQ{Mhd~s}Lxn!drBhoo>3&xrw%l537mH-hXDIs+|fpj1?96HVl*W?r@{;lW1 zMWK5J!gsispd^4U#ExAF*rrj!R*B1B=jVEXT2{K5@}cArd8-jotOmoXNR#Ow%$cXD z=;D*BGhgUp%UPn&he;J4e>7GGO#5O|v3T6D7*zI2mgl>bC4cxHG62Og>a{ht6#1iu zgkx*XTXXm>w8l80>C=%d+sS0Wr1A|QPK=EWl29WJRKP)$DtRd<6b7FmZFQcL zvl7!RTiqXRk1}|}j@u!zEB{naIqjwXn`CgDuT-2gu*y5hMU0gHjQh(5!axf(2}eSL zT5iL`mn09DE!#XOiV~t^)>yL9yh<3AfkD@{3+ulw9_I*k#?LyfVZHkZ=h#1INEnHMtQ~XN)j~6^6 zumm1!bzf)bd5OT#k%Bqv=lCY*^R3zgm-&5zYfbD3@GrPD)oO~V^V%%2(Gc6wzCc!` zg_cQzIcWSBI>gxkmyE4T8q50b^F)z6m5w;(g=HOBmQ4`1*5#i%LhWO+*PQdHN0XyEiG1em9Wb4p9kv19fL_Aq6 zOyB+15ra2CU0Eb9$%jAbMo8_u`{LR3ca?PkJ$bpKpI{xd@dcKd3!B$ewt&5}cmn=a zx6>D7;CcJEW%+%m`E6-wDg7k&=N|;%Q2Lz#9OLFvI+^~6XCaAheyi7Gd3JvKm{*(Q@;P?H=DG8T;l&|ku;;@zN(Ry z-HQADW=HBVgyGGm^Sc4u2)9K(Bsh)@!LK^$q%vinmc^%Qc5P-^IAM$L#&;9!V~>}l zYQHte&OJY6t3p5Dkg*|LyDs`-Af9-(#0Gj6<`Rg)&NOR})VKz88SZo=DVAoJwR7g+v=68Q0%$S;k8B-&9)VG(!A6BER zrI_}OpM4~l6B?J56*{OKS<)!=3TDmlG9kVIX-z5DYfa@9n2M0zwR@b6?y(Hgpi0?0n>xLVeY?v|IwAyID|W#a4$WG3+GZt!;WfKP6LM=2OwRb zDk~CxDWoI4EPLk0)0-Sexl>9zD9;mFhme)Z$A_r)4X9C2a}YePoUPqqw!AQ#Uz**0R;F}~IZ7e&uz*V(tIJL~eB z*R950k0^tQkat-c`J)*ik3>EWpF0G>b#35 zDmBjBkuwLEQbKqIt1)YLL;%eqo8r_3FD;Cn~Eb9nYF(k557g z*iA=e(p@;i@map-G&5Dcmk~3;=P()C80Ov*Rp}SXpNB=eJp5WGMz=P;_E)>wqmB3Y zM4!nKi)%=<^-2)+OPb2&+R7{Zss+gi-|-;#imCX_C& z;tGy~c=bGb5abkM-0IGVarZ$!lq#amL4=QBhOwEoiN%Kr-Fu zK9Bh0NCxC|C_0x#Y?J4(5jbOi;Vi6YA$3P?aUbA#b8_;)<}WyZbiSZZ;@SNmaC3|o zAd3pVmi7pAk;n_BiZ@sp{p+edZ3qKR ze68JXQI&**OhkrvT{j)IQ|cGELV8vzp&w^sXqC237l{;H&j)|&M#{c)w7DKkPcxE}!C-G&Kh-$;R&O zD8#HKG8PFL3UrcYLl#iGB29k%))=r12IxC6IkuU-*heE5{sc8A=@)##|a0H7VPiIl?{SdrhOX0d&1k|2#t880~n*C%o1An(zeX z=}K8yp(!gT>KpG(m(voww40vYHiQJwxjLu+`avgk3q#8<>zkFqEIkIQQNE82+s5T76)%G$T_$Wp(3%Z!qD| zCl_UY=TO!CGbWZhg3m*PIIc~#;aFT`6r7@tw41gVL6qp`&n z$MLW^s;$Q5@Eab}LrzG40jY?EgckFI{8~b@ty=xBc^v}&&# z)xe)d*&gg7d_MFXb0J76_h$H&}BEu!d6@ngO+0-dCDn0Y;tkv%mxKLCTinBeFN zU*Yc2Ew{_(7l=N2hGuq|_ugC|r*h9@zlJlJQpob$U-r@@mcRS3Wiz)p`reAX$$lub z@1yaNDJ#3rq4E(rnM zDC0BNmQBy0yucSPc=@chMBS$~<62~R5}E6MoP`aa0OBm0mFihxgX6efcQ26Sx!h7m zPg@+f4)hnf$y1^y5V*pmDN^Z;qpYu*B|GpI)V`Z;V*lx|p!q8@ z=?Okicb95IDtdP$scz<#^~!ure+D-#j-eqh0&N7v@gk1bqchW6ZQ(5V=|rm$l3r*Y zS98Nso%o$Kb(H=9J!7Dw)T?m;?2b4O>Y0b@-aH?tx30s?`{xZPCKm>e%kemF=eK)2 zE)OD1#jh*sE(w46eh@mV{T#InDAKtQekA@nXWew79(a)JX;!@h5GQS-`_1t%Q|o3Lf1#E{uKpl;0W^$nvX&@o{_-?QA=DJn*bV&tMbg9aUcm&*@x!`f&K}70b|K|~$w!K%6!?sbbQIpDMz)+-e877BebgDG*`87L-WKKgn)i(V(7xGY z-$8Bk#_6nZ`{Simd6s5K?^y7}p_{L!57;mLsS3W$n>u-@6?a?Q)!{-@(~kc%8+Qv?N1|LhNVsl0w{UBMA@Y#^UJ_hagmDiRS*x2KsSXEb zcCUXg`F=fz$L|wGo+}|64erGFk(LDMsJ2WWQthEQUis7Ly6G?T?8)j^c;qY%8J6;d z1N=|3zQX$K1!UTz%}r+~+6zl*SUCQR69G*vg^@evzx@4ESXjb61$6cS0D?@HpRWE` zoxkH*Hp9%zveP7|a(s@Dn>6_vWP66^Hur930frJ@uIPrnw3Qxm@Q2^rRQOqqtbzh7 z$JYDi!6`Laiwm|?epKc4!FMA_okZeW?X3iiSzAk^mTdhmsA3JvTT*X5FndadiFwOt#WF*RZzF$|93@gQ+0Rsl~V)c)Y$nLFWiTv{GqU^q@bo@FFg^xUwI zusq1S=B_%9zZlM31L7;tYIh#l_8Bgb!-Tms1%4zRywJQ}n?UDG^EKrkOiGT8O^-wZ zqoSF+z4qc7k&NFlG%pvPgT$z68m=z(KOHuN={A!*5WW@+(_XI|(oO0c>&57L z-4&JIk2xb1Yh^-?P}ZJ>Va0Y7ziA zh3`;V#|ej#0Xm}Q7Mp#tg!r$O;S%%j&@9$ zOvp!>rW|7{dcj88f~bhF_jrBz!O!!^I_t32?p-;bFh*{JP*HJ2*l(<@d~%<6x34|$ z`C+}y+F?J5hCIJUAZ*BvhbnBC9J?O;lFFKi&d29!?jI9EJP$(ucEWVU`cHA4PJt_z za)O!1Jt9&7aqD_R+c4GoX*Phd;=vusp13!ZL!)k3{N}boz19jzxfb`^=Rl=% zy@XFtQ#|$Aexbt=m@OV$0ed;GZ8pQelDW7T0uSWOl;hI-a;7wYigSR1!9y|WP$qR= zqwC@#n}rLdR@v{qs)wzyo=cSutE4k*6p#{@{_=0in@Xk^1-A23s{YVsfpLDb_kW7> zSp<_yV+OM>hxWnQ1N$=I#<1Nmr2A!NZoBo!gNael9TAe>*6rN6R;9=sw-uzTSJdZ) zj=bUaVD_kiAs5+{C(cKue63qYki+d8Y-SkD!n=<)l4em!A#Bh# ztRR%0KAOS^>Q*<0B}Myw*6yD_0}EF!A?ZmAKHGv{W9|wD)_ac zW_6eR0qVcRM@L~9_$!`YK^9YW57uPf`5}aD^?rtpC&3#!ci7S11f%_QoYB?r@9Gn; zbhSP$DYva}O^C&jS$5dv0Zu)+&(4n0z0MEW8y}r-ScFPOL=V>wNgOF1pyU2To^*nW zA4T)(%yvo_Jhzl;Tkb!(nQo>@r>b93v{~+yUURdop^n-%T$e^OxEbQeUJ7Nn^%wCZ zKV~YExp<3xVyue24Wb3MJid`ff8eNFQfMdjxlI`FyWv}9P3bL2#IzfB-ZS&Err~0U zuU~;FGhS0VsKDJ5zdci4kz?UAWFcOHM$mx>Of&f-Mc1qP)N@bYG8xz(&u9r)l3}(s z1=40jG_7H#{LVM4n!(`6MWR_fBWza{jCuH>jKJGJnwETAl|F&IxI}?t1+1EzJ>3)P!g9O!`rnT0Gu&3TF+b#jM^Q$XFx`_S-&r5YA{n z@@F*yuo#83G?Px29@@4qA}LS_<>YQ2(lZRw5WUcq4%7zYTtTCmQCkkj}PwSc&{EZZ+>)AYs_1)cHC`>+#mbp6gqbdT-_W*=LlMHCS=Pp zs;mk*QZuS1)H=HiSK^h@x5X_)GSZuAg19gFzi~e~>*zcp3g51BZavjd<^Uyb?qT-k z5Y_$tGzauH_&(%Tf($s~9-&Gn*ynC-Ov@#my;9!Gx_!&|)Xu@p$0i$}pM&Rh+;`+& zRP}?Ztnt2-?`>^#w2S@FXBH;PU>de#+SEHjMsh zKSe?Y+S=PfL3g218~N5trr+o9%6^w~uyA3rftGn}yIJFT*x|T|dDE}`)}Z1#h{Nu+zLWKEeHK-4GTt}W zN$AO|{`(CfdaIWX=-M4dnZgwCtW6iQBss(zJ^9Vg|MCU@R!h(Ly6sk~YV>vy%z5zK z6pYmNwa#Yla_$IJYKCbj;F;Wgh-x}E5Cb*G1*QWJJjic8_IK6nwk`NP>`{}rQ@KX! zwztSv77su*PQNlQH$!vRr*`}}vZ_aqx9_|E-qSEY99^shFsd>(tcrnv7H!(^51V$%xXL7mEd-5AMB= zaaYgkG3VGEcV*<`EBQx~M+Xtd0!BW@lOhH+;^M-y%e(?TJ!u)5?l}qNNd5skGnkfH zWS1WLR4l1XrrVZjpugJFMyoU=n6mtdZEf=<$*WTpnGsR8DO|TScSiF9v zpi5JA%BvgX13BMp_B=A3>)Cd**MYCG_vhUizyTx)_ibU|yoQ4( zDrs`XqvFHy@y3fq=$KD++k0OW#)QoFP)|(BZNqI~n#XqkXNTmXrAkuk_}#K7hB=P} z_G>}?#uEC-%k+?7rg-0F*N_OFSw$3D{NQB(orB$crMqGs4x%8$X~)2XgggHFIso>R zk&)<3+So#3a+iPE5FUP))Eyt+srAicJ|Hb4EpPwYGg&=Wff%23-funN9kjXo6hgMy zc0jF$}NyEE=yFN8P^gbnEO= zx5luV!HJw>z!2S!&!%%GGzZf?L6{w9oT^0ck##%i#teQQ(qsoR*drCbQ726ro zR1_<^?RVb|`&BFg)mUmkQxTw2?J_3rIU^uAc3{9kK|w)MQnu4#D&!e}KUXgUDkw}y zNJ{>!tQ4r!xQrR0eU8AvYRQH%7$oFJsedlRl{VtR!cG|W@NL=o`C_kKttMb3Fy9gC z=Q}xIcaD$$gVC_~7u0vf}AF1ZU|{aJ)Q7zm3RVWlN-;amgb zslb}jeA}pDu)anWZj8wQqf}8k5I|cw{4IX5 z15ibIqr8cijKICq)T=Rz;$iUGqCuX_YVeGVe(&IufxbOkr3T;F0hF*PLeQ9R+E&=e z_;Uj0;B@p(0cMWX;U{1d6(goAK8(f?L#)_+d64Lq8z6s4)2%D&QFk2>zyflC+RwsNq6y(o#R*#J?a*Qv?FBt12bzRKKXqS3a6SiZDX8)9D9;z+FG% z<4L~fOx6t62JXE>W=0doRwq1hD;}_G;3uSk$RicaUh^*7SXwO$P2`o33?80*sXSGb zq6{|{o_%|QsZirWb~fV|%a+0*PAfhFWBXH?W;zPVnJTEMYilz<15s+J`?}BbjRfs4 zCTa5ZqBT0S*F-;Z^xcnZYqIObGp`vqd-0{N<`cw9Fx5vb{!1*Kl28#z5T;!<{ z>1lFa8n4S6SgwR^Bv&(kd5%+hCc-#qM9SHhX=9&7C!CgI}x*KvUo4)%<`?jf70ht z_3&nfT?_El;LIia5~@7=XMU^_PEA5+jZT2wlPJ_rO@WEn{b5Y_Y_~W~8yh*Z2Mz_n zbg`#`g)FMB65cc@QF-*yuXhV?wGMr2=s(a*>2F5l9R7&@9om;aZlo?CMw2!j+e4Iq zk&nM?0&6U5zwDtLIu#uSbUePxV`tk`GQv;I;A;(Xz{UuaF1Yrr#3$m7BJFpdL8TAakS)msdr zB=TQ`wkCWf;pz!3S(1|a7JTX;97Bw#ak0NG`(Z+A% zTVIK^tB?B92Ox&*^B@z;TZT^G!|3xrd?39pBX+lQiPLdxa4OmE05G=AhTj<;c0s$l zt>h9OjcEivf|w^J!VST7lXkj%=~E=R3`dChw=s3(;;QQx(;I#fWP$WY#PepP0)GwwsX`$)|!4IIENeEYrt zeiXb+n$_mnUHN7tI{HdR53|n$*0$Fr^V8BuIVAL8VyQaUr+3iiMTAp+WXXCtaRqH# zht%as-D&Tvu*n{JbS1Tu$N?39^!aE<(l^}mcIhtc;&RlZ3+<448BMM1a`l zcA_L^rVc|{fZVx<8iqxWsCewCsjo1ed*(e|z1DaEp65!9a!7 z&ffR~?ZHYUn))(xv~&kVsyo%wi=@kkBcA6O=XpR!i>P*UA)pffYo%Y2koWty3gDFU z`t|<%R=@@t=|`__1$=8KEO1vmzXMZ4>WR`38X+$gWpE-El{gj-4vxy!iJMw>8%wFo zWyLWu4a~G^2N)1|jQ`ZK@7}bYXb?B5dlDyw{(75j^L-3aU|zkpIU-^q>9%Kc=;^&* zZZv5KUI;0-KZ7%>`WLWe9r2S1KB%(wAS}=N4_cIq*GR@y-3s!*0IQDGOcS$>@b~HJ z&3247?YfnIvQwL-kF_@~>Q%AmKZ}g=)L}qs2Ox=NNP9`tz=Ll`4wF$xH_~z3=(ZX- zJ=NGauFeE=YOY43k8hE=0YwdH1TkS;F>)$m(tB8tR})i}Zt5q8=^NZBzS-lSpEea| zjH1Y_F|B_N5~Q?hSP1My@LEtJD3Dy&`t%7u-VkP)FYquz3`1J#|%S~T#_FKohj}wR* zI(02aK`iUrxmHsJOgf4(itSzJDqnRDXn-s*;5(fB@1&SXJj|OmHMrGEPzGWp$GlNk z4rN(~amUis4C5u_q~7(cqe^gWi<~t=k8n6J zJFVMH(EAGP@t6#?&FEN34wuLTq=p5y>1)EhJeqhR>MkXKZE&OfZJANyKJv8!`E1%xBdp6OyuF=Z5lfCu~${ zT5+9QMHXRq>QHoJ+ykZ#13;mTrH}wnzfohlv>>O^y0fG7d+9*O@dgwur;-e?^BLy2 z8eJU^uh>`$cldEkyw!Tn>6n!GnJ^Vn0bB0DF%@+#ld&8Wc_J3Ipx?~SS(OGBL0hqe zb%DPENX8#%N=s*3(t)35h)dPFbHb9igZ#S9glaWX^Izdpl}^l`Tsn8R8`#Hi9J;Y< zaL*dhs155_v@vRTkG^B^q^1hqh|xok0YeSHb9z0H_EbnOnlD=|ZBM)AhmIXQ9KCPV zk(%)lzyJM+M#`N~&x695RJqfXh&z3>1fZr2#)y>ollhk^E_yx9x`KM9ViLjl&iNAn zRd;T-%=6H{{Jq75V_)@0N$KFZxI~elinLuZj%t*e-fvUNN~%mNPd4sp_hy0{+Su;| zC%!USt%KUp={&Bl4pbrE7f{47wgq?sS7Xsd$2Kd2;`dA4&@9sV9g?hWjoj@U7FJ1{ z$_;!a7jK_VqCFpbg-b)vg)e*Ww`%w38xDoG0tJP0t~eHr6B@;0(s%O4QvE9SiGO9e zH;Bu~OuXFdBo2cASmlq{cgPO#CkvZl(es{KGPieiCKC2!=@c_v)ww`oeBYcxkQX74 zb>eyN2w-lUYQ;)|<-Aid_5W@tUnjO=(w}gpv3kKqVid(2^c7*8K|^t=>}ejxv&u!` zx|CZalYI|kVWj!#tAW)%<=g09AlxG{scq=@IIFVj@4+~T;h-F{{x*9oT{jcE6Lpca zV0HdmyEU4EHLY91l20tnN9d2=J~LsEjdoWdb5#u5u^$cy+dXwtnYT>jIMV7wM|Uj< z#PLgqyW*lE98W1OuAnecM`m^p{mA6P%^5Vdj^JPa)I&q)>)%SJI}~~{sMZX;FLKcC zZja**Zz5~-qf$hBIjN|k6ga=uZi5to+vD{lAV)AhOaap!$|8xcXJ9R(rSPQp9&b)a z3=pm!H#48GAoy^{*I0vGMW)J}cex{yv-pjRHd9FbWO8P5KNF)sJ-VdllSekmS{ZWC zu;fz8PQ+d^wB^7O?-&Q%i*p1%+`Q(hGp_C$#7>q}k-B;e({LtxI;^%`89MZzu+f7m z_DMzO7X7$zM;(@F!xTQD<|9=TnTO3pF-n9efm8d2mx=^_y6cF@D>Yk?>Jr zVj#m0yA|g%nP-+KZ)ZP4n@_yrr?78{M`!co51EM+#-yl~hO4lxh@AlCs;zmAP1{S) zh}xfLL`~??vHWecU{a5=quX_AMLPL-J-7Rr`^}H!`qj5rC;Ne9yOQl+`Lcb4v_4#s z{UI~zZJtr{xE~fc+dUDum}qjV5SWV+iw=BhnsIX(KDwTo82zGXtH-SVtI_(=#+%Tk z!3rF56E4Hzvya5ign{i{;(qa?Kz$mnD~NMa87(a7cq|B~VW$LV?^(?T`F{$;3l=ciNfI?s=rU{ts{pO)_}g^Ek323k}-@vBQ+Ta7WJ z0}{qiz{C#u%v}G7!JK4gyOq&hCbStRc z_DU$z{rIc!D+$2y1#m)I`^E&AFnOeM*HK(%Ri4`QXI-w-=Gdo?6z8p8%}|F zdhI5#tg(F7Ha%(Yw*1ASDyHX-Q#Th?lAjSffDkua7;#g1H~z<-y=6P56P z1emKiZpcLC`dK&oC`kY_ZU^EXiio)iZz0Ro}G8YiYV7G4O6` zNy6B;(?+P^`<^knCuNab{9N&$ivzxBKQ3V4q-bG<%PPjAWH^#ETm9huBA3yhmq5JI zXeN9ZoRj#!LeXqNm{I?vtF~hz!s!m~{r=yORT~}c#b7fSa<$|sTuDC!L($08t1(mD z_KF*M4fNzwulGv+Tym^arh*pGGhJu-P1eeo3pgw5H5+xN&!-fX@zjZAw*fEfwUtDP zF~BIVp7A9A;qjm0srCypYwI|aCBHacq&LP;HQqtj6 z;m>4mmvkGS{~;FhjO_e9{@*fh{uc3nOy1>PfX4R`^7% zEuF%~*XoDft~*7fPMT~dZ1O%f_@OFiLpuS6@GHIUaY z4wFoG3%Zn@zw%K<@sx=mP(Y3_{&oG4`g6IN?Yt&rE_1vL83vdq63(lNwM-WfMbMqd3ub*_sWhuO}w#)r>%1ah}CgA>|#=qWULb8 z0`)_w7`U)J6B@l~yqY=<-QK~PTem(J>Rm@p8;K4-etShhQQAo?tY$WG(OO6+2!d!lR)`@_P5n zIOqWr6qS@h`Cmd6`Uk64i>qT|(}Nau#Xpb9X_3Wmb;tD$jZpJ;__dV>yH9Oo|u2V8@JHV@-9>Atp6GU`$PFb%f8r;Wj?gs8dr} zLSJ1FUV876tGA}5gAV-R37GrvX&9j6}1bq^v@XH zE$cY}uy55qc`K2HfcZIbnt#4Jrbc{W1GfwBRD3>_yFa%T57Y?)M={xI!Ei(yXo@Vj|IO$@_nt)k>- zzs#PU&cEhFeap0x=g0A3ixLvKi-RiI@Z7QI$uq%cH>A%eiMq6*t)cO0m%GzQo|E(X zs?~+_`C$7Oko14g3)vgbv~FYe*H`R`!?*jYen4ygM@h`&;dx{5*0R&Xr>8wL^-3D| zE)GxDI5>)!H}AfD-~aNx`uF&!nYU7euIho~<4XtLbqw4;KlqI|t*dI#pR-sGSeU08 z2jab)9kh2b;MX}FpT2pZz*JA7Q6I5edGHcA2YZeDbQGF#X3-wM$)NE36)yWLC>XLn zXiwl<6Yy1$mc!kO!3EBf!H^bTKQx7)cB%fZhC&ZIKp;FK(l-;a3`m+4mp}9&y8dvI zS0v(^ox(?p*;YY%*O$w)RZm5@cfM{J`IX(9EMB_Qdo7&x$StZ6yk>iXbs}ec7;EUc zr95(&HZvzyZAau7of^P>Lu{GmaFP1*=|7foK%DTq0aB=7VyVyL?R4mhqU|lAz7`-d?YJCfTnAep{}VwY^qUxt#V_^ zXQ2_Nd{`1`UvKE_z%-@`RwjEYFWty5E8FijS1K-t7g+2a#}P30J=t`trfk!z$r=Me z8!~m^GSdh3b#^5WN_By;pA)xU3OJn3=EPBk)~H zXFpgYwiAG@O!tH|5C98h7yFi>dTs?61fwRpN2|RlwwM@>Ly@(Useq>Ie|T^l*_+eW3W6_X>uPJ#?BzILufG`ctk+!%<@ksTH$aA|F`FX%{J zkumVglJDIo2|0&OrfM_RCEXptQf5 zrmlBIFR87=D0?!Y&=y|Ux6HZC^f8R2&d`S=xdsyU+1Zp-`-OX1{f+CK0t}Ifp{@CT z2lyyR-H8!dJjo4N%1q19mq=u%XNyA_x?_qOg+byWeODspa)-tj$ZkvVrEee{A)I3?=^xD@nJ%_~M{mYL)>P@x88IhO0O=j@&9_$Z6h*d9&&IJA(-CKhf#vk271}B5jZyTE5|!8nai{vhU7r{uONkfCH1dOI~|tF%n$gANpsE5 zG@H|7>~;-bK5!G8*Zp9XV#1YhKYwVi?f($usu?Qb^Vi_?%7CIC^W|38A%%2*a^gJH zi(l?(Hhh0#W7G9E68pm1_+nSX!!=UYV2qvzE?n@jaEObeX1bpA44|dVW*RG{c-iCt6D`9@{Bm~LYo`^-F%70~0#@V({IMYtDwUp;EAjxm|5h-a*#W0LHQ9USM zwPUKaBQazkjIJ4Mx7}%E!e%VM$Tu-b5v=PN@;OJZ>T0Qz>OcSi7Tx6heKqvWY7jka zr=T1N+vJ6+5M9M!vMh}J0hvupNvUDS>|(WVv=?4fQxmKb)ulNRhS|RV-R6wQRJug_@uK-l<7H|nENf6Hzv3B&-`*6N1tdESJetz|%L zV)@<8zd~Ef88){zo6Xa9OrD#9XE#>}y@!-5+iOB&wpmk^++l={S~ptW%aQT}R)@ z<_3GvbxcUz*>iI~g6CiDt9NF-SwZBO{NUMPh0j#&wf#blt*^sO8Jr~R2!ZC$$e4BkMc7P}_Hy6MQf##+CcI|UMV zjA_MrKL6Axi`~X3kiTD3QpBPCpuK zN|NwVu8eh_TQ%IgvlzX+<#PKtG-Gr|pmc=9Rrd|U8es<7 z9`Tp08A2e6%dY^+oi!qQ5JLE{-y$|ef&)L=$2Q=QSfd+qu}C?Z6$ZZv&!i(}kPf~T z1~J4g6 zlcF2zeGym~E@@La^dOXrM;U|FYk53c`Dnz4S2Gj^@jprlX~s=Ach>sFf-cbM z&-R8SLWb@P5V~!#!x0IOzaM-#x9qga3pf4Fw=qDCO;osPV7^5IYkWl~>kqiu^G-5| zS(pX$I5HaBr+k2*QL3f_Q_eqVK)xT9v~4z%ccfo14Q22Nk~_q1fo)2VR@LA3tDS z)W^1Ex3TKf7)KW#f@UewqV*A0O7G|wScOi{6%yvd@_?U9&>!4!(yu~)l+uj!rX+{y zxf45>J&!iKOoJ9ue>{w&#MlsF*w8E{D#XW$Oal7*$f*v>3{0)M`}4~E$x zXf6veBJ$7l4}FOl+^|0JZoQtWjs(2eXqHH%;J44C9Yol)7%RZQ(K%emOXo2CIoYAV zKyLe*5RXT=809VkE5l>`>iS&N@{|M)ZBz+AQz(7hYS$JQ@Q^T(q8ul?sz1ON=5ETW zm%-uQvqBIk?r<`tyKx=1&`N|>yoj0fFbO2*3O3L*<|sE-%xCq#A9Lh=P)xR)-DX+a zU#C+{@KECcJNz*XvZOQxt=}zpAIV?u0&YmUWbOYDbk`Sny{@3E1DJd$cUQ`E;_ALL zY)FFO4hs+_3%d8Ptz`6vnD?&qFwu~> zk2DN13#*X_*yuQM1;{hqmMcaW9A+C-rrsKu65sk-nH&s?;rPB z{xD~r=RD7xv!8v=-utunhuN>c;D~h|bse7-Tutdg(Nbu_1K9UcH0+34S`3uZt2j!V zYZaWqY_ql_PmU8r+th=TY!Dz8_fdKW@dW3C=+|}HU)Hz0d8+MO1t?j10%`1P=~6Rw zoO+sA!bO@yo>F|hMpx3_PbvCoOmuQK+Eo`1=?csM9~HY}r6}dm(qQy{doThCL|Lud zoB3`IUMRUw51nt?N_8Ia7JI2;@GPkWq~nKqeCMuMWOf7F-!GV}Ju71bwjiD;YzQ;|?!fA&&NYr#iUXUcqMzULuc;+{5_WE05Xo3CT@=lRpF8@t97$8N)xg($ z<$#Ut*4#^`p*?uDZtPGjiubj6mWg}3>zsnjW>;@IKMXdzVE-~B(DMs=Q%ngv*ub1h zPeEy)zCp8jR>^IJ%66uR5_60F{A&U}Uf#Z40queWm?;h$=zP5X z@jsK)Bbi?-NZ)q_xwucMh@^okUW3tyWW;9k;8C8J>MAb*!z|};1H!(`#7s9EmU67+ za|xn#gbIDJiO5YdH!a&gq)y;CATI?$za;a%Z-BzZK<)c8Y+JT-S10% zQf)V-%(VDquOZ@$=yfe3956m>oqFxHKRsXUA?<3lZtdG*(4dt^s0HFoYQwlK8g;jr zvkwg;6bbq|S1Z`6I`eIqY57qPrkTqWMLy}}X-@pm^)GB;@Dq{*dNr%gOcBJz#iw$g zX-El;cRiG{3($a_;8v%5^nZ1J9XojM#NM~)I6?gNL4rgQ>nk>60pLzO03_xJi>8)n z2sAsZHT)Jb3vCnYx9&1yh|8Lh)A(qCx(snF^~4R%>1gQybj}r)!WE!eobZw4;ykkIdcJw`ovR0 zID0QMC10G8gkxKe{3{YqBk+wGz{vVw)P+HufaUrWi3@5jAF{Fkni}4ucZ{uU&tf-c z_K}s(nuH$z7AkO10m}DlpBReqWPv3B3f6>;0)Z)96UrOejmLn(cNBlwL4w+?L*3kqcfJUDkA78Oadzk2Jo{a< z2b(|JioUpPk7ikh_J8Hgur8@mp`Ck@_JXJLqw_>rS!F-m1^-iZbxdp;cWvNW)R#YH z|53S_cgrU^-qu(tp*6q(jCz>Ei~_3dxjx0121qh1p!vaE(?s*}EL3=IMlE_FyxEiY z9B?Yskn^Fe@a(79+UHzgA>X0c#C6w&v zDbKvX1vo<^x)HsZ7-Z9)egO5mwWb&%xN_H8evMCf&)#@0leCYd#6RF&#rORKe?_W zGF^KLnoXU0%WE>y^el6&rk=XCId(rJ!fm*qNGy*{ZH^@2>NHSQGP`LYp>yX6*UxSE z-yFDzm+SqgS{kH$=cbY6BPTzhE3JTiH&wUDY6R33c&%4Q+`7u&{=t*mGHKwC@<%+k zNk);a%NLpzwM(}vnl|T0Z|{aw0R43!VwOa&D3`?w+dod0zdk~m4qs|pdZ3jZpxHfD z*z?Sgl2Whg{<{n;|27W^CVT^8TyI7h<*pEqZkJ0{7u(^lk&?d+3k@M68^Fe4FE`u& zs+()KE#rt-H{~0aYCi5~44L_i+PFfmKkQm8stj5TmBGN#<$(G~cdVrjI=vPrE4KG5Lds+? zUwPe$3fm9lE1;l47mIlv9(QraB@be5)mCJ z9LaeVR@ELcGjS5I-+phS)?vluT%1uw>6mwIyWv^CpC0SUr_~+yXjzj1vBxbDh!AgT z<|$HL$To5CK?Tg@C_rM|^-{gXZ;O#B3aD7vUKe46Xi9NJs?{VbrVs1ps&41{61ZOJ zk7V0!>=!PKEH(Os0R@dP7bkhOt`fEH4pk#pmV<&hY;*$zT?`IjURNxL<%$XviL zy=z|1vegle=pcE_baC*?u@J#22Q4iVsIN&BpiD0B#E#-=Fs^?lQ83lbn9z$kPw{q9|#(MpBXX-RAJ?lT~yf57sRe^I> znLh!~X0DDE<}bt510dcs+#xG|2O%CLuzb0@$tlg|M03cgSTgA`jHF(BHTz;?H!$$1 zau;>*Xa6YwT>P4!F?&%=36k|QrHq+q&T%3m`CxS;8r0w8F7;(zf1kS{GDE<8D0$E? z7`Rgn-0%j-8<7n-@hURORz_{zJHj;;ycW#p)oew-) z4U-_5+BRF9Yn5SR5tpJ+L+0iyEQjbO&Ag=WbG=W$(YRaq`Sdj>M%BBQB#5P%?Tjx@ zjo~DbS$$L?if}+^FYSes`>^6;VKmNWd~p*18MNl#bm@i{=sL5wYRlTW@$%ZM)$Od7osDZ8VPTDK=AuPHi%iz&=FZK{8Q^#;US0=;|cg z+g5y=RqwMad^mzLTXck~+joB#_8DrtugcksPvgZ6fL$q@e_ zfCD>grPK1Bj3H0Vn8W-OCF(5BhBjX^*E5oHgu#4N&V~3*XXhN7ZL4FPjC4d3k$Guv zkP-(KKEE-ZSniFaU6NF;*8mGvSILA{rpTUHA)Z*Ec3A_xo~is9-x18X&lGa>AlPr5 zh7^7EZK0MjzONHjdohA2(hiZIXpn8o_BpWVI!UftMh*N3;4b)O1VOO|Hy@dzMKd~X zges%kMt;=PN!u)ofs^X%?%Zi7PL>#!#6TKJyo}kG1D~$;tcFV;aLgLAQj0z8qW{*% zhN!tpA1ISO=F=|V2sq6AFD!rDI@PG4mr~a{s$1ZF z$jXy03*qSTQszlV=KEkBv<1<%5xHv2nR5*N>AcdP1V}Glk4e}MZ-Sx-C`E01Mzyb` zU+eo6qX>!W$Gl@iY4 z>CgmF6wpqi_X~30bY1@CZ)11ODU!PiA*JZ?)GA-o@p*dG)~~i z{anN{D#!%CN5{ljk;v@`S^H7n+zL_?sHej=cowXg#zYlD?o>p@Oa1MYz=aJ04KFqB< zx7QHBiATZ=ld{=Wl`g{-Zcf@YfoEFs!7wd(R{^V2^l;M(W2PZ^LZPi-_4L8qh~Cj; zT9`bh5O(6ALZ5)kbXjEL;-u4NH)O70Xn55y&qA42s=F_f7}VpZR(>aIG#^DQ zhGgiQF!9l5VYD#OG)KS0f8%1Y5}6M7?u#J3cofn)?Qpkp-?k&5P*BTBy(c4j;-O|P zZ20x&x%NBJv*a%1%;|=AvY1%fV29%jYPEK+uE{g0HBK|WlB?;ISe(;AOH^3y{JtQ4 z@&r+raOnF!xre|wZ~qY`>XoF-Y0OB~HvRHQqFMHPE;iIFY5seAvw~5rq`|V)v4lK^ zLr?7F89zmbP}P?1*^fpoRvnJ#oL@YWEhHObil!Deqn6ptYhFJeftFajb|?r`6q6^i zDt$XnnD-I;81atWF+rx~?5>52Y!uWIL^|>P*S8!HsinNTT26?5nuoCV(`OGN&Ee0~ zT^2VNmV*VQy@Tb|fSlYGKB5Pdi#8#`CunV(R)C%Fo+>T$ye7zv(V-$^a@Rc1Z}I+~ zc@3#0#nOyuBXBb-nhN&9BA2HXlcJzCxjlb+EhGYSQK}1%nso@HmGdL}GK<8EkURA4 zO@0e>$m=JeCOS|k%Sb7s$ZmKgIsZ<|utc}Gq$THdVKVM7XXkB+c7D{{zOG<_f#lj7 zN&6txIGLSQzGigV8gDh8@sYM-xcBD6zpk@d(kiWZ;cu^;M(5fXbD)uqdY$%oNh!g{ zn}wcNCh1oj!#=B|Rz`vzSiZmNE+ngueab-k_WbJ9q(sZ;`FPaE7mMdyd`y6E( zYUxLxHFLqHlRqG~(^TsLk;c!htx$6frNr1A-RbUF*bOeFsTVSC+}nNanl!ioP2(+UtsnQZ%U*#YtwYt zI~JHwlqm0sHNY&@`yVbh=ijzs2qIBT>C_8SUMzy*NrxG%c{ zzzLLc_@cc`3quqB3p$6XWT@`Mcu(;ks|YA2wKt#F0!F_fE3*xl0it1yek zR(Mtz&wTXo8-8Txdd_dd^4v@%(CxG9<-nufx46xs0QX^iAtrBl)+T^d7Im0Rd88Ik zl6Bp9-QpPFx;APCUTUxNr8nNmtaWze7|pDGdCjeIvv=Z`X3}kNUDS3duX4y77E_qF>S`~J<5O0-8Bi`d=Eb0>YrZ!6P`H=&0ph69uKm&827{|V=P{$#w~F=JZx?&Z zoVj3PT`c1A=eJ~$9hY}(_1<(>$UJ4Ev2q5-=2yLY?yKCntO~0=pIjQqRN&JdNmZ{v z>bZs>+AD!R71oIIWKqBIg%QQi;aS@~jR%CXI6e?}TZug&!dX5(L)h{4$KQ+G-+1?lFm>Ua;Yh7z@HQQb8N}}{8(a9~)NI^9E4E4p8AJ?T;0T@E?z3<3z2df&nYj(2iS(32!a8TQ@-DF-(G_9mEk$p`RjKiOUL z$bK@ed@#PgHWK*}pq|le5!D{b)~IRf?O5oN-0DC3=l{6UgYQSz$NLUhU>>`7=PPvHPqMEDtc>$5;z&Oge@$2N zV%=)ozspoWMY<2l$u&4_e|afDAPReo+X7X;Fo-)iFH+qa&l6L>vYT+qNE!7G(B|m1#Tvd_>-@`<-`J)GG`wU<4!rM2tcn)s^)ing zjpSTK#EyTvkQLJl-PgmUB0mm`3o~&}^E0d7dVk$EdY3=2&-k-|DqGp>cYQlg`tL|k z#g@FOWsYaIS*dh!_#^w_Oj`ISvlPWw2KA9uA#l*?^GCN--+RDLdez1IPMqS@`L_el z*-5iVuxYD-^3>DVaRJ;U1}^-}pMqL>0dWEH4-v{wnUX#ZF#U-mdLy=pvF&=DLnNO+ z#qnoc+wge(dWf7_!`BpBM~(wptsS+vkyxfuKRap^=hoBy&}`w*6u$YMR^-JLDCXo-ex&tiasaB~NW%tK~|326r%0>9Zc_1PHvhPm4?X*>$^kL)Df}v%+v2H1~5`tIFnW3U+APrsWW-uVDPfUo}usI zOkJ=F^lm2wK!4|ThqC$cx{5$UG@RvvGo`Qeq>N8@;Ql*@D0C>$z4$#&U@I8(??LvuekRy}APFQ`FFN2)mOg%0GM4!(Eco|NWM{5J)&0O#=(u zWNV9s0P1)HzwZ%`_t&FOR_f7Wfl)EI2o;CkFDFP+2%F|e(u2Q{+OW%Y22s~_QCtuz zeN+d4TSo51sIvX~iwiUH-8-a?wev3xQ+;@)s@UPhEVcgorqG8SJy~SfrI!F(biPt2 z;ET&=31n};@fe&y3e26G&)TKb+NozosQ%1Q3tS`<_8zwBGJTliq;!ZU-S z^+Vh;hpR|p%>SH+hK-4W6S`O>j=Q@!(+F-5SZ>ChLS>~|G2z+znmR7THF#LeC=vIc z;N$=CNM#MD9xfYy1&Rv{dPr9rSI|eL$eXGvhG|c5(8g1dM&5~58LGtru_;LYJvX~< zDOohTP~gv)U~>AX_mgjXHh!*nZQ$4_Np7Qu`fz}4iYNb0B#_L#n^~^p$Qh$S8O=`F zy6}E!=_v=5W&sY_>-A!*0GIsUlh>1?4(c$)!P>V6gvoK3EZJ~PTn7yQBvS-;Rp~^! zyou@;O7n-Dxa|D6n_z6u$597ETz1&cO`n$P86W#{+^*H^W)8>=1&y8_bKFm<6Mu(8 z{dJZ6Gji5_T6`!8?=y(^2>V2(;m&>e?_8A@$v3KAUyoF9x8pJo;ARsYnch!Y*CY^& z%L4t1)%Iizjb*sII@g+#Uhen%p^hMvBMr+?DF6_?poJYY^{rW-N#)z+*~}M-3aM%v zMJgSStUx_<))R!lDPkop#^-~SDC{DlS6lG(K2jfOIlWKOz4GGN4u{{r)^)sjS}}@& zN2#P4R7vu1W!)SDZGC+l+XS`A1xl`Ix0Oyf@KboY!$%EiW&Vs&!Qx1LM>A+5JfSB? zewW=EFa?#&NE1{{=N)quG@VJ_T@d2`Sm-BH$ZOf-j%dr}p1J_6l0?$%1HPU29ZG%k z#LbG`oqqvV2mXw%0|%mM^dDRKYTr2EcEFz7HKB0vLDe*~96R z_5kyc-8%#oQhg221D++-7<hI{DwOAn0%1_jqwx{dUXDI+(8mmdZ!3>-z&1+G& zwjqN7YiZKMmJ=!}zSqa|7NnQ1F-$u!YQ|{=`IQhLG28L_K zBN*j8ldFFo9JQh*ch8!VFi-pi7KgxKe_lBp({R#7H&qAiHD@Ebj7P`p=nS4HmyauT zMqZom<}X5|4j6J}=}s_kcYBRSJNk@?%db z%3zFnFtDjYbNsQH4T%r5HOnNB`SvmCogXMZ$i-Q_>)q2OkeFagvs8hmX&`2iIG{{0 z%6pz01%_FSq*PMKGP8{AI0kOf>D3l3+*bb{(3l!Lsna5z@Ocf@4=(7v}D8LB)J^qM_R9UmF?dz&EIt7!w;tfV417-lS-VimFLgmv!5+Y zoI&4Tnwdk8nw&JG!uGR1Z@-rxq2A!}@blZOt`E5`Ha#x$d8@*5Lp1vH%gsx!o>(7t zWP9usTpvqsZ}mS15z5dUTx#H6fA@-h1pP2!<5CxAX~!64!H=((?pjR%cM{kPcz8eA zRl8lqjTSnvLfP*ibjaCNtmOdzA<3 z@o#>6q}FlL+o0(A@Zi0zh6zOcEHHQ=;yvuj=lr1n4ND+HqlJDy1negSMQC?aD&z#U z2c9myMjkcy9e+uTuQW;6Z)Wvc7zW;%;gdPLM0lK)HXQC_%Qa_{{>w4n*h3@Og1kj) zfw~Vv+Y&!DmEpDsk%O5vgqwov!*mULb4L_qLYU5~4x=6E4)>t~tD~((VsP(L>L3Ra zp~=40D(2_cdt%1Y7$Y=H3h`BO$7YqV(PLKvUUQxFm7o!Gq|)U7@TFr-q9pnof>z>WBW9?H=0Oq%A-MZW%yg6ml*} zJ7=+3W4BZkzU^<xn-wv$R=8=XVd6BD~SpS_yB}YCP8p{*w4OUHojQ&4K`t2R-^xm9TyW zJXkB7OQR-b;BYTzvbFBMl~mgS9WF;VX~pp#-8Q*K63u&WzDVDQs@Khf)+G4{UPdzC z#%DX@2OhtgO|s}rIN)PWUDL4{rC0x`0L2#2ozR_ZRE5O$je(C^;pbGG*OFu3LI11R z0FGDg=Z`C;YwzD7f|1Au$?sBbHaLg3c8+}H&S);qp4Jk?QNwr*ZfoNpF+BzE*_Xlx zs3VPI%&{2Df?%M4@6+1dEtd!lX_Q2)^6l^is194o;IeLhL&EY_eARMoe94RDCH4J+ z5MzEKMS?s3FK$u-edP-9NeGi=Hna&cWzb|LnK%p@8RIc8)Fl|O=jHF8Xp8LEI1gTx zn$;TPQHr8B&@e2l!x5P`Z1ZEZWk6So30selkANI*xZ$gzdtmrdG=JDVTXS^}=T_#e zy4LGk73iOMsiV?;%jUm)zoD#`eYw4tOj$1tHOqEy+gw~?m&2+DI&JTmiH3KF@7dM{MGSwu0 zHmT>oauJx>iyH{O@jx0ngkM(Xzxn6F>tfYjbkm|!G0^`5UuF1ixV{f*>q4M?)nKpAz1Pr-ylop)nV((h7R1335VTL0W9L@*Z?KDTCl z{I^UY6QErnDgi>NWH|C=Ir#13)-;CiBXB$%8N<^D@n2`PWM67`cL@_dctumvnjPFk zV5xq)dO6$kA-8r6yh7krsrSS=q}Qwpf1Kjs+gy@2d(*9ekk6(jNZklRqu>k^xr`&- zLOBE_|Cf>Qi(_N6krc4WDLAAlTX zza)3jd!O~_&m37^~gs3oBH0$~ZQr`y{c&~jOYZJyI^K^AFdbnPF^hsULX_C}ottyrApuxkb$IPWSi)Ed+u^91XjO)?@GO7IZ-EH$9|h zeg=yD_|Z||tY}Gw<4*5i@wk=kK1EMz-~JV6Bt&ssqrjg3Gx$~pcmuw*(&2H`$%0*j zS9_G@HEnb*b1&u#YznSdwIGMfm-Q~V4Om6P)N6SQ_v7`)CqXzM5c8X;2c^SmO=8lW z5-UU$dL)s4fKi?NkV(B_oweS1hl;?mUUJ#>E2#O&Pn?p_Y1eck1h~N<{tg@LS$3-k2)f6)9&A^ zgGHdg0q-86RRAUG=aP!Ph45LBSOfO=PC)~d+3LrSqr%U)ELj4_{`<8T!-XvER55t^ zkLJ(hkM8Rn$>*%z*9uy^j=AN~jr|h90xLhOrgH&KF@69@KMRJ zrJXJ9g(>@0Dz|?u(Hm!S4jpmQY@a=|&3r#v!eN%>o~PV2c-r0jqjt4dA4Q|yUGHRe zD2AK3zqy{u{q@2|B-TfK;-h@v3*0FJUz%BMX``qHe(%tcHT)6(%}K^E2X^w+n}bt) zdg1hm6vw^12R5--z-dfk!$-^5ttF>Xi?P4Or7LgFh5Z3Fyl`fz6p&4#>zj@uI9EI? z_lt(EDAh0^l z0>cf^^M5vuVTy*TI@2=_m-nHC8eg#HQa9!y$3N??<^|8U-mn-unmZT1LN`V4IBvM= z2ZiZK31j;{H<=OAt9@r(x}TEFHz9s>CFc`$LkB4O&(jLrX-V0h~xTouQpwTlvbgU|AhqzV9uTb#jMf%6K2h)j!)J{^mcO!4ciqKR_uxW z+zF?aEy7~cu33Lx{W!zLQTUS#j^j#}8(yz^>~k_Xu}dzG)e^cqeSkD(e+mxm=;Jpg zdr}>FexLjqRf$}6^KlGnuFFKTpgqm1waSs1cHoX#fihbn;~}wZjGE4!^Zv}Hyn~k8 z%95_SWFlbhnu87QUbkto8V2SFmHR=krT2Xbw9zJ7j_RLWvi)2Op1Y>V-oo6&qgB_$ zA~l?%{<{D0~vQ~Lt z(II}uP2a9J$u2$#XOV)bo{=u-Hr39|&g|?U3Mh14y95%O)ewe)9 zy+dY-_23@O=>5rM)fci?mE~;O-C7kA;|z#&HZs%pDb7#T?DMH?OH4;hF6V&w#B`z*2xAX>*fNa+8;62P2^6vzqqAZ=)(ca9p7F*wTs2 zw`z^8+eIgi>!bCk(Bn2F_nxqj1G<-uztU^kla3FI@<%rqX8EB|7fXmQK4UcGq&38r zUoV^G%G`EzD}B5_0J8jsXt)EL9I@PD$+?;p?aZwMYQv0DHP$_qpjcdCRoszc##8n| zj4|oHx*^TB;`4V@E=#KARRpfy*&b7LB8nHH!>`@h9ddiOPC%NGM>d6=N)c23RrdM& zA`Y_|)#!RkL&V-Sc7Gx8qnW=i_aUPEd*$Nfj*dZN{Y-{iApY82*IV?IM1)KkII5Y> zd&2iTLL)ebtd)i7MbpR`Qt?Rcb-E&NQ)S@al8m}tohTB2uG7F_I<>eHQdL>`T?*`D zzKz^pGJU)I?D{(IWbEqtpdImQl25Y~QDvE)3bz_YbUY}FUV7hpu#gz+B^Fe5!8F#i ztT=z2E8cL>M1=b)$#Suk5w)&qjO_;Zn?PqGm(c4;&GresGfo0#@xYGbdtPM|)f*5n zMQPqOYtwnbHGRvqP5_5H3q)7JZy{0|WEfT-#X+qX!eCTvp0YV5OR<*V zm7->N+I$jHK$Gb@nXd-o&g2vz*Z@K5RUg&BR!LxIzoFcyx;P62dY94TIt};0Nm6W{ zOLHDD6<~_qJ7s7*Aby`tF=1&DHE5<|BbQUU6xRxAAp>1aN}t!Wc9*m+h2cI^N0!j7 zjKD0y3w#@wV;|!UkyUqG6*nRHz)9P|VsC^lf$|{(lUW!2aFL=y-Q$mcDz*NexHd6y z1Axp)!E3LkrBYQspFr0BdXFjh*b*-rH{Rq$v9Ud2fEX6JCORpc{E$YaHnPr1y6wLw z?lc86$X>JBF0ljQ@7_cAyNZC|sA|gR5l2&ydkaIjF9=#wh(pneOqUofPiU1t{;rU^ z(GK9%!J{P1CNN6@6=}?;r50(vwS@asJ^8>};a8N!AUF34=q7Mi=$Yfn!1Q@_TL!ns zR!5=DK?ypGG9^5r!EtEJQ_ESq(dc%PTPACMq6qsS_Z5e>ysB}w?Z2aynMLd z^%RwIrM%r%3$Z2YX+3zluo*wj!Obh5gc&%0MEObhQkbhG$;xhN-ut+ewd=x|cqcc$ zY5)-00R%;C%j0R=pgVGf|Dw%&8gd~ZPK(SzcsA=($wmsdQbp>~L}wZzNVquwl1@hY zZ%ue9(S{qMHTt%-H}abox{<23at0HWkINN14)j=_O(CRNc;3VQMz)kiixdMW5bzg= z?^SK-cDPt`GEW95AE(JvZr4ROrzemf*Z$GGJUo%~?Lg1hn_njb~*k5{nNeQRLx#~!w0{;S3An6U#N7{IHB~pp3WHxic(|&zs19~ zj(-}9wqrN2phaziMkEWx5jAa7X}>?Ps!Hy%Bdg#97isDr+!P3Pc&&nH@#Hz?8b2-a z`SpPCl^(`^B<>{sp!B_i#Jll+6Q^VcNvS(@ITj4&z3i_I^{0|-zoe?0RVIe?SJ7p) zF3!Z7R-ae`Vntx*4_n-s?ri>0S8<`r;wj*t438?&*VY{c1eU=#j|000_EOw!Vdou* z=CQBE-LDMu+Sl5%Fgu0C$&GyfN(t#dI9#K&KUofpC1k|APzT3#b#F|29c+7FJ6>wL z$|IWb`J@#|oB0jga#JV*q|hC##enl$t}^ad^D+jeo_`P_jC$aHu1^T=t-^LD)3F7` zbK@Z$V{Anx+ga}q`f)6;ayGhHYHhIhtMta7%px~8%A6p}BsaLFN1MOUUeDhP$qK-g z{Fk&JPO_+nu8O{HKJJCA>V6KiO1FHu+o^V2Hg+N`DIq&m{wr&!5WrIigut|*!R*~S15ot#{jQQ!m0J}t`jSkmq?9?51-R4^Ba8oN63S*z_Y^Q zS`mDj{uBlVrLJ;yHvG02E*{7S4df3%dOlG_E=*&u&x<^UOsn_L7h`&Rg=(+`h|ee)mpGKU zw8tF8c0WmPWrl8D#CzFA`mopfbPO;oA4y=@RiFY+uEiW;t^K(0-B024%p(sN{RYl{ zO9ia6em~yzm0!FF57^m+uGP_nJj^uv*v0?m1ARMTEBMsu2olS$zk+|tEW-*%uSjSF zjcRD4>08~KNzw>MT6c@qcd5?g)!lnmI_TC;%OS~V9~R%UHTssd9%$ zQh_LFe#-9XHnTe1DV8r<9;^0Pd|clBY#vsJLO02Zn<^KV+(kK~w7 z<=OtW-*L1&@gl#O)I2v8+4NXxBN-ScIxxt0Ujs(aTxPv~M$&#;9`d5%d^s=_L6=;R zSuDI}YwKigXlBQbTTni~S{tc_c1b}%Yjb$(!sqyhGpok#fdkTrX;KG%Q-oyIOane|$Ih|9VD;3+X0N~TDfjjvAq=CM1UWXI~n*3K0< zQn7`)c6*|FWk!ey8FDynbbDlo%^fDA{NP2FV%V~Kc1#P)B&fY|;6y)bdmte;V;~wJ zmykW^@^Z|V1YGbwSzpyPEiTm!JJIEJ#+LE5yGi4tP`8&S}Hh$w|o(F8gJ7 zLW3*wB-y-NMX^xDk1M{bt9Z~(RMI>}bv~X@TSFgV#L@%SQ`hzyt_{>b=%nW~2 zbo7Vejn`*q+FuQvoSmOJI!X}{UzImkTfGWOF&Yu-)myj!`%UWc6I_dS_)G2cOL zM~{ocrz0bFulFgB-f+S`rP{u4UUPKVTudJEAC^J+gDM^8mX@i< zX)8<2o#^IKyWf+qE(_y1G_DLBCjVMH5x|%vux^d!i|3 zg#`#yR0y`V6^5dQHzj=L?mbBNc6<0R*JE86dti+FYWlY!?*2Zqi7P9Q87+!7y8HRTlWgtBx%oBLq@FtsV%3i4wvuMPGke;;kTsin zaI|ukXr<1RK8T#)%pSRceK16oErlP&PF?;~FtdE}T&s6m>lttT8<~N>+S}kK<-_VI zf9@D*I`OSh(m10pxVz=#=88y5hYrPh=BiaTH3_E;Sp_)V8x{DmWzoozmX=1pg{a-Y zjYpmGkIlJ+OtB83Vb-PM$S2KQ=}f@S-&Z9_H*1u#*cAi_xRwQ`|<ej6ZmlNOmP$j^YvDyrNch>Emx5{5m?LPVe5SEv2ZOtmfzEUz9^yC~Vhkn=qHVhbxreJJFP^{g$9Z zm96dld?PZv5Os>8=4J-mRgyOznsSXRll^aq=j@pyHgkx=umiG|6pdGxW%_Jv-$m!# zcbXPkBQ{j6ZE!t(^W@pXLAL^>q_HS zxZYPEYx{ayR;NS!9o~8r)cL+m$Q*~@i?-ex)L6gF)k4k_%a>Io`;0B)FVnDDMGmf%PrT>CXPbE>SbER0B#bry`0s;zTi5WU zL66POtYxfL2+c+ z<{sGhgePa}i-??Ltm{!}v7HKEPMdRr9vrWVV$|hN7IW^cH&aEmo}}T|YXfiT4AmWp zqllti>6HQwB9;T2&~ZfaQYk$H0EtL?pMr4(yty&Ov~ zG5EKUE1rRqNh8H*Ha-*c@K~P>Rz~krkuCGodbEhJY&Z(?0{5|)@kebBJ-txDxoVoz zQ($iLN*8a1v%AV$yB7imff^-LJnP3w-&vf6qW4@a%%i`dJuTQGzhtTlR{f0SFepe4 z?pT(0h;1%NO+>vdPk&PYeBbxxWz4YpVc1g|;L6@Sr>@SI{(dfU@?NY>pIBpIB$;5- zJ=Uw;UALXA?QKmT-yed>{kKY+;!_1wP z+>Rd3{=`&gjw=h;p9JUaYvE0SgTxY?SZo7kim}?TgIGwxh?dg(cy*x2yAX&=W2&} zeEEv}UI2&!aCzvTB*23g3c%oX9A#H6M=~dB6jAI7w$dW5dg6aeDu&_Mu(?2(bOCE!I|#FU98*FF^j9D_`m$CrjWNyYzIx4tskM0OlU&-Yr7& z&QDppqn>W5RT`q{%7SzVqMx-;MPfuC;>u$}$Fiqjq1Ej&%S8eA~sOJ`t8 zBgB@;DJzfrMK|1IyjHOPM6i9&c<*Lr;tPC5-r<^GZp3nrr}S=qOkN-+t3EFsVHva4 z>+0D&SYv(vZEiX=*)m-Xu}qFRW~`NVqLl680P6Nlp>^fkU>Mf}+tZ@lqtQ8}jbu9m z-10*&Gx%CPU|4P`7SMt;oc14*2tYaaUG4W^@?dTQuMk**y2VTUHk1xHqOl!yeerG~ z{UXgMKhAE!uWj?%=<@*(oFrv=BH6Z~gBb9iFj`eGdS~hf8Tz43^<&@V10#c)gC7lh znvRpDDFD*z@(j3kryyYc@m}!7Q+W}yUaDEbPF0fHsUylSE3i|E0u5{<`_aeES5>kElxK;IYI^x#BAXU~QK==tJ-BK5Tw-W zj3xUT&qsQmzu>t)%xn03=6=qcd+#~#^FC+pg%f3^KSZ;!u|&Q;e2QPq&E}ov_*hGQ zYr3O9w{@b%sgr!8{0nARPdY7*bvu6xak@FOJR_kN;K=<$)c9D&qoq%*0#8B&YnjiQ zJaY_u#&XC65sSu0s#X#S<2}t9ml8$ee{-^LA~P+Ao`G&B*lWHU>K0Eq_I)nHWkF5I z^LI}#Lw#ksC+V(Smt9h7p)2!_>xD?ug=;Q{pWadLp**eP3{kq!)o?3@`mi6q`LL62 zayO5~5jL4{?U6&kk*K&i7qvtPd`__Q)PhM2e@A!-`1|7-jY=qlXkMC9`oc;^a^tw? zj<#_I^pb^9h39__<@TQMCySSy0a*XuA^6DnX!h-ZU(LtdDA(TTiHjjL_8mirTK8>Y zwNbjyu0-sd$fwM*g{VF4ICSf`jK-F-dD5ZAk(l`9y)zbs83UT{r;A_sf;S3ptH@M| z3Z|uwwlm(Rh(EM^wFn=*H|aH$q%pGIiGnVbJlWCOJ+}1xB}2XJl=a6zTIKe}@NxWY zWf~}**r}M0n6FFyHGj*ciPY`<>r3M9kLaoiE?Pp+wrxyDW^d$Bs6tj~&%KHCnjO{= zn?3D%MtlrnE-bA%WpCDSBXCc8)V)b+mmZvsA)S4H{l;@FM)X4oYdlX`b_!e*=FLZa zEq;<~_hi^!f#Rqui_WUmnF+Kl5Pt$n}2YBt5xiK^poz5H;P{UQ!}coBdb2{86rg9bu`Y`DGHf8 zf_368G9!tYY%Dul`uLW6n3P38a_My56fl*CCo=kb{KJL@Vg8p;F}q4DG~I#aqJ-+ z27{G2Lk_Ww^8bnuBRzVoFBrBw?_9s|QNeb17PUjQw)*vLSxs%@-8tF}PB`-0!=1TC zCq!k9D0$D8-8E%f$Qsk4K@0B9m=2ln4PbEG)72#$lN)|^({8CCfIM|`qs&^gDfZZT z)n~8Ug`XZ7NMCk<*2;`5SRv~?h#7AgqaeAV7ZO~WsEe45lJ1FIIi|M#`W)`&UNCfZ zycGF^bF^ywiRZ@E-L2v|rE2qnf4WSDKi*&LE$F1${x?jKLc3Bt=d$}7kQXB%PQR|KQ zvaMg-L8oQ#ozKqIGnO?*LbTOw>vPY@oOl#`{iRswm56)8Z{CHi<8G`492MK`zO=i! zBoRDXbRu|kepBq7lKh6icGu%y+4mYmJ%fI~{3S=OKL7Jj(!G&qo*}cSVE=Au_9)MB z{RHUC#*G$!dGKq^oQ0Htl_F@p&H=1R2Xj-rYS(}on+v21cWp`v1MU)xU(cs9+xJ|q1ptss2s-tgnvHjG9e zZ%J}$Mo_ageY7|#IuMRo7p4CYd2Niys0pGbN+z48k*>(sSaK^QZ(rcd-|XN#iS zI|t^k^sp3osOILlnnypV$#^zg=Qrr}Fx7vj^95gA%2IhXiTK5bQ}qSA;qLS%n5X!A zqpHnkHxyBh*oyh}PA z^~xQ2-(8V(Dq}Rwu5oddWeL5_$3^W(R#aA(;~{=bLG;i|2qP6|FcmGl z-8%@b^u^rv-uNfh3<1eL8jdm^@*E5>9*NKW&&1kHA6t0(Wx@mpJH+#Dk9GwJgV(U@ z3Dmm*0!6jA|MTHTPYgg>Q51mS1K=xI!SzjBoCI`w`scp?f|;lGy}C~5i0%)$4$nXU zOg(?sIytTM5fa08KTzhi&T=Z>C5g3(_T8u%1&@CI0lS&qUV0WCjES5|j)cofZv5;2 z_*p4dUX_2X>os9`oX%0W#BX+LWj(vV{~`*dn6vOjoFT#i;f^{o;5i++uq`m^f9(&U z`b}^0URKzT=W(L^Z^-OP(?4ov!>I6WgSvm9N2c65eGNdSOf{luRZ;vXY6T8`eb`_&} zgIBnbVt7^~*Mp?4>Dd{bpr9)fSBUa}N&y}g2nkFjBON6p0p?CYvF7lvZ()@QVu65{ zQF%7Gto*)r75#RMpXak#sT?CF(TIHUUD-JQnGLok>&_qjrRPI;RQp_CSE|>mKF!1_zhJ|kmVbpy%Xd z^OIb4jpp7}aDci6TfYfA_WqqTkK#{7_XPO1iOdJ^G};MP#K#*f4Hf9I>zuZ_`^s=0 zAk?Gdd82*79sL=lJRPJ8WV6v&Lu%O|H{z#d}wu+dX~vQYp_Sc>F8mU=m|ERJ1s+%FNL`eYXY8TH1%?qz9 zFPG?LztRP#wT?czwX|6rywkjvx#kgBZa9scCeWjwfIS(YioUShA-EKu%b4|#cs`Mp z)|5J)75PM@J7{x*62ejRyUHzS{G1(d~oZWTm-m?bNnmbLG$NgYH@##R$t7wz@TRlYqGUE zo=rQ717;KauDHU#iJPe&Lf)LBK6O+eCJXD;T3HyZ4X-ME)JixGek_M^orjGP1;UqZ zRC_7`%GlRO(Tc9viX~;ll<1Zr%Cr*dMUZK9I2_BztH`4?;OkZs`l+|4*b>nI`KQEp6_$ zxN(%If@~yHzBq@b9a+xdfQLinM+4MmbAAfeQE{QHb3(-oz*6nEyu=2Rz3+o-MYRi+ z%EJjWf_KDUXBWh4PE}<@tCqQ_F64MMO@_j zF9kcop=!q+gD*VoBYwwn#P(5F!y!yp)vMEfMh6EkoWME;4c7}?2*fH)B*z6TLxAJR!UbmC@;RYr=^jkhOBYTLqp6Jf2d z+Z~@qa&vXtkXA*lPZH{rVbHk*X&&{Wg06-=^HF0wPIc6 z0_#!?XB;bhYi&jC7%LOZ`jCb#5QQwM97V-TVUSj)`-hnWkVO6`eV~7Ou-@at>PTCN zu;;*Kdabo4@v^hx=8e59>&z|=UU1I4m}^jhf1s7D-48mP0>CE zWZ5P4WeN0li@SYTzi`#)&)`%-@9x32CDjK&)wT{d$Xz%$aDJNK@aG}J)IcGB_br4^ zrv_$r>AVpAlOV!j(HZ>!_!ThFcy!kPfj~jEk7EXhu$lVH zr$EUvE{D#;EBwX3jEp?XVyYKThA;h#(E2UCVx=rOLFY4(3+Q zv~7E9zy6cj#>5ay1N!~0I**k(4LC=wYjdXVg3~i`60$d~T;75dpF(qxmfY}CEb~4C zRerRKxZ!65eKgORBmtH6I<$N%Jd1dB;A_jX;3Hb&9}gjkU)HaDfldn&0+n{rOX-*L zyBDIxA9=#Gx+B_T?+5;wsW~{e1m~Z@eU@92BFI*!BwM2dcjUq#6WcJM>A4nvq>jw^ z)=dNr2wm_-$-$%~Yp(La?n5^IC4U)I36Z}%FF2&ANn~%u&t6V$YEk8WE`8y6hzGSp zD{^)f)~+iut1G%9kzfxTTL_kwCvXWJBz;La?38z_9`9P{eVotj?_6|pu%~52f27WW#n2crb^w$m_)x! zPwmJTLJdt0MY5>NJ{r>%19}^IZzKj2yG4?irL{qc(nU%!?3gRoCC+`s9b^ZsO1H_9 z&L-Tb&jSAd%ZzS!hzKEg8-*~!g>!!xM^PEs{AX4snmjgH2ot%s;~;Fg@tQU8=B0e%N2T*b3Hd#bqsr#sN4v`@ zU7u*mE8~%&bEw|#v#sdaRS7qZSgD2R1H0TGJ>OrMh3g4P!T7E^f%z)&sUd_K7-3T> zlt0|YxSZkJIv40(nh@#MNs5eTBB=yk9yxswkUa&^5Z%J|!{=4no1_;usS8^21wtVY zub2B@`Eo(CL1_RH7~z6-|PDXTy!tf4%ba1C?91e8{`u&`@ z_Z>mNJJ_eW(=X>EYuiFkUbtGeVEziNQR8+Urp{H|Tg7c>o(#X=OkC8lkd0;tFr6*! z)Si6F!}EK`Hf%&X7%VllM6zxE5UY3SY}iD-hJXWue?y(*l$8rcCI!$0Hw-TRi3*7*a;MKm*8OG8IKQ@pHnM#$;o8%bakO^{pOgTcuQGJz7U7@~nHO$CUQ_ zLWt7Qtx(fn_ffDCxp)n8(q;Y!3D59~x5>;%)+aMloJk3)l)AIC6aUcSr?6A$e%TN( z&-#**N`b4J5nY8L=n6p`tgpPBZB;|SEdFeEBN2CWXaiJ1^<=ig=z3{x&A3&>meG+k zE|hRoyM*IxbluFv)v5-E7;NF_r{T##T!w2R(&jwAM`d9wAVSVjHcWHH=G4d0^TE8! z@?r82QQbBa0wQWLzJ@uH0qn{UME31Lq}3p${$%!nS?7+~HS7&kttNh@(ceGrRVL@B z1>2PHv(8d{-TEl2Xb6(b*E&GKACI;e1`La(1|JyD-75#}c5;I?(S%^#7EOz6M?xMS zHWiM?)xX~II2^@9_q8uB380o^l!a0llEfLjD2Gr*5WfY9cfZaDNVu|DJYYtjXlI*q z`Y_=)8yyK+^1IIh7dC}4*5qdw?bCXY7ICf~c!wAV;D@2XpFKVD%*23| z8tH%S?#Whc8T~40issi0xs`8I|Ee^r&F{5VmOQ@= zzhCT%?Tvw;b4}s6OKiZJQB3ZC*3@cN5@pZEm9pZtKPV1c7F)83bH;Gsgkd#11Q3)gtvOHw@ zJc4=f;PB7x&b}Gy5-y^Z03LwKi#2l+`t*Af#%+l{A(Xw@ET+4WD2Fq~)!nFqIE{pT(sjLW)NpWO41eIW)<6Eli4GBZi0x|e zINyV%+Hb74T!6Gw3SE(E}Mn<@-CPB(){OwYnQF%>LM9*-w?I><^M z7aKFgbag;wc8mu9nTf*0s$D;pH za}&FCRgC8Vy%vLq3IGFHZde%`;Q*GCPeZzY-?$z330#DYIp+0w78{Bs4Y*VrRRELQ z?&g%N*4 zUp0=;d{eNnCA!&eDW0nvM|m(;GY&yOen=S>iZ-h%*ASG^o0iW2AN!mTRSwlICKMX8 zi!BS;kcC^(q8uUjed6d=mcOFYq)&bkDoG0@OvO~GNHBoY+daFp#k%QpwryJ7?u7E? z>;LQC%v$>2v0BbU)s|Z4 zeP6yQ1hUMM*osv<>Qz6cEAK26Ou+LUTZ%`kzjPJm>76J<>*xK&3UI`#vz4W-Vm~;a zXuq9>cE!N#{S~I`H8B6dpwPu~v{a2_vctaFK5CI*bE!-&Rl}SkrsMF_U8Qilbp5z` zY9{rPX98L58L&%bK2jy02np)qWu+l3V*jiu7c5nj(~J1L3!nN#s6v_QV?@k#@Dpzu zz=Lfpu9D^gv*`ASw=c0o*(kU|CWLW3Iz}n3>X)fO!m64Pv<>pZ*I3VhxVm|XUfdf5 z;0ssb$Fkw$2Vj^HrTh~`9%*|XcWf%cH1+S)HWui$6R z#GSq0kZCLOa=-HLdNVSW-0HqycYURldL13BXF2 zu)Bu4lSt1-Ukrlj_CXc~3@FH6Ea?@x>nC1h2tUjL*h;s^si)Jy()xh~hp(?+cz+_9 zf3gTi`gDd&ylYFxAg)cyPtq`0Hw**jx{B;k7OH^R!~FhYcoS-77wOriJeeXoQGyoj zfD)zN){O&-@bg%2X^U9WFHVhnLczCqYkJ+DgEs&IN5o5k9xvaJ1t~&T^{eS779T!kgRW89g`hC69gYmL*%L7+cYZT&76(d25C}DGco?d(w za&RjPM;gMHv<=if?|(j}XWk{DFayn_+i(V&#tnB++CD9TA5VZiCsfK9ex5|DbU_)T zI5U#`!R(TqQUDTsQN0GhV>Mi6(|{oPQ#@jBZnI_W!mNNj!#r;@(X;{^i^Q0?LSaFt zgld8;Iv>EYVPLWKjdB8ArADNVK2tCh!galz zi|5$qU)g(gWaXA$}=6S<193Ar#8M)4t9pf!hdFw}zcwD7SOWK#?A zps>^mZXcp&EPM5oaQDyDal z!Bv`0aGOdD5FZVUPYD5WUiJ1??<;Od!`FMvbQltdN5i1KP^O`NUI2v znMudMSo~?ctl<-y0r7vja=CoM)i1&u6Oe9stt+_47C8l#A1khak=5>|*D8UWip*ew z>-AFuY@mf|qvxRC7+B8CxG0Q>+5hSX!kC9E8F~V7xmaH%Fl6{)S4_H8J{~?t0qskZ z*k3Fk7c_$NZE6|x7F;i6J4{9ZL4q?ipbvVa^&lEFuPAS$&~xaTUJt~oua6e@!pQPX zEjT76D-eyVLNN8rJC0WWha{Hz_OpRDFjnVr5-uOu`j5ofgfBr5XWno>+*pb zP_%qCZ-8}5<_f#trG6TER-w9OCI?thMRIx7jxpb!w}r&wd|L)m zRLCuSXIi{dr5?ll{?G1K8e8VNA@3t)=Cz)7Jpo(HsOizRaK5|`W1Xw}h=r96eRyYN z9?1p@!l3!yaGA{SZ&wAhnCwIy#TiSB5#C<6zxU+!)iy}S^gmDDQtB_P!4~3UO0W5f zUiJu~sT^SKv)Z(LB@dDE^6Ea|T2w0Qyd~O-oZ>E@)^8$K(uZmaiH)NwkH$Z&ZUf8= z0A5l`1{nvi)e7G4_B?_#6+MK`sKdbli+RXjTCa%spOxL~_ndu}MO|J+tD3*$F#$Bo zyz%;?ssQNUXBwvON*1>90xE_2B4CYAMLr<0{owi`S=w4~F0l$D8j; zDJD|k@kQop@!s(=40N$&u{K*)y>neUtg?I}!W)7(ueQG@643h1=IF|^!4Q0w(&@~Y z-1LbK<$QQ@?KRo;#SV2N4pm*tQ-x~##lJv{xl+7{xg?exQ$j=j7Xeo3!MWB|3v zR(*jvOPck9_w{7{h#Pmm!C4`5sj7!4{lyDsi-$Cb1D)|Ik@t*#+387iMoejdLieccd$*zqVmBv$#6-A z^)?8 Date: Mon, 29 Sep 2025 23:31:24 +0300 Subject: [PATCH 061/360] Fix Slf4j StaticLoggerBinder error --- server/pom.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/server/pom.xml b/server/pom.xml index 0746fe9282..617cdce2f7 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -108,5 +108,12 @@ 1.2.0 test + + + ch.qos.logback + logback-classic + 1.2.13 + test + From 103a2746e5b955b9456b9027a8a9ec4ad24e1fac Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Wed, 1 Oct 2025 16:19:21 +0300 Subject: [PATCH 062/360] Add CertificateDetailsDialog component for displaying detailed certificate information. Enhance ImportCertificateDialogContent with loading state and error handling. Update useCertificates hook to include refetch functionality. Integrate new components into SslManagement page for improved user experience in certificate management. --- src/components/CertificateDetailsDialog.jsx | 212 +++++++++++++ .../ImportCertificateDialogContent.jsx | 81 +++-- src/hooks/useCertificates.js | 26 +- src/pages/SslManagement.jsx | 58 +++- src/services/sslService.js | 284 +++++++++++++----- src/utils/certificateUtils.js | 207 +++++++++++++ src/utils/dateUtils.js | 51 ++++ 7 files changed, 807 insertions(+), 112 deletions(-) create mode 100644 src/components/CertificateDetailsDialog.jsx create mode 100644 src/utils/certificateUtils.js create mode 100644 src/utils/dateUtils.js diff --git a/src/components/CertificateDetailsDialog.jsx b/src/components/CertificateDetailsDialog.jsx new file mode 100644 index 0000000000..db93b837ca --- /dev/null +++ b/src/components/CertificateDetailsDialog.jsx @@ -0,0 +1,212 @@ +import React from 'react' +import { + Dialog, + DialogTitle, + DialogContent, + DialogActions, + Button, + Box, + Typography, + Divider, + Chip, + Stack, + Paper, + Grid, +} from '@mui/material' +import { formatDate } from '../utils/dateUtils.js' + +export default function CertificateDetailsDialog({ open, onClose, certificate }) { + if (!certificate) return null + + const { parsedCertificate, rawCertificate } = certificate + + const getStatusColor = (validFrom, validTo) => { + const now = new Date() + const validFromDate = new Date(validFrom) + const validToDate = new Date(validTo) + + if (now < validFromDate) return 'warning' + if (now > validToDate) return 'error' + + // Check if expiring within 30 days + const thirtyDaysFromNow = new Date(now.getTime() + 30 * 24 * 60 * 60 * 1000) + if (validToDate < thirtyDaysFromNow) return 'warning' + + return 'success' + } + + const getStatusText = (validFrom, validTo) => { + const now = new Date() + const validFromDate = new Date(validFrom) + const validToDate = new Date(validTo) + + if (now < validFromDate) return 'Not Yet Valid' + if (now > validToDate) return 'Expired' + + // Check if expiring within 30 days + const thirtyDaysFromNow = new Date(now.getTime() + 30 * 24 * 60 * 60 * 1000) + if (validToDate < thirtyDaysFromNow) return 'Expiring Soon' + + return 'Valid' + } + + const formatDN = (dn) => { + if (!dn) return 'Unknown' + return dn.toString() + } + + const formatExtensions = (extensions) => { + if (!extensions || extensions.length === 0) return [] + + return extensions.map(ext => ({ + name: ext.name, + value: ext.value || ext.critical ? 'Critical' : 'Not Critical', + critical: ext.critical || false + })) + } + + return ( + + + + Certificate Details + + + + + + + {/* Basic Information */} + + Basic Information + + + Alias + {certificate.alias} + + + Type + {certificate.type} + + + Store + + {certificate.store} + + + + Has Private Key + + {certificate.hasPrivateKey ? 'Yes' : 'No'} + + + + + + {/* Subject Information */} + + Subject + + {formatDN(parsedCertificate?.subject)} + + + + {/* Issuer Information */} + + Issuer + + {formatDN(parsedCertificate?.issuer)} + + + + {/* Validity Period */} + + Validity Period + + + Valid From + {certificate.validFrom} + + + Valid To + {certificate.validTo} + + + + + {/* Fingerprint */} + + Fingerprint + SHA-1 + + {certificate.fingerprintSha1} + + + + {/* Extensions */} + {parsedCertificate?.extensions && parsedCertificate.extensions.length > 0 && ( + + Extensions + + {formatExtensions(parsedCertificate.extensions).map((ext, index) => ( + + + + {ext.name} + + {ext.critical && ( + + )} + + + {ext.value} + + + ))} + + + )} + + {/* Channels in Use */} + {certificate.channelsInUse && certificate.channelsInUse.length > 0 && ( + + Channels in Use + + {certificate.channelsInUse.map((channel, index) => ( + + ))} + + + )} + + {/* Raw Certificate (Collapsible) */} + + Raw Certificate (Base64) + + {rawCertificate} + + + + + + + + + + ) +} diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index 193da6d6aa..dbd7d3b52e 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -1,15 +1,20 @@ import React, { useRef, useState } from 'react' -import { Box, Button, FormHelperText, Stack, TextField, Typography } from '@mui/material' +import { Box, Button, FormHelperText, Stack, TextField, Typography, Alert } from '@mui/material' +import { pemToBase64, isValidPemCertificate } from '../utils/certificateUtils.js' +import { updateCertificates } from '../services/sslService.js' export default function ImportCertificateDialogContent({ targetStore = 'trusted', onCancel, onSubmit, + onSuccess, }) { const [pemText, setPemText] = useState('') const [file, setFile] = useState(null) const [alias, setAlias] = useState('') const [errors, setErrors] = useState({}) + const [loading, setLoading] = useState(false) + const [apiError, setApiError] = useState(null) const fileInputRef = useRef(null) @@ -17,32 +22,68 @@ export default function ImportCertificateDialogContent({ const validate = () => { const nextErrors = {} - if (!pemText.trim()) nextErrors.pemText = 'PEM content is required.' - if (pemText && !/-----BEGIN [^-]+-----[\s\S]*-----END [^-]+-----/m.test(pemText)) { - nextErrors.pemText = 'Expected PEM content with BEGIN/END headers.' + if (!pemText.trim()) { + nextErrors.pemText = 'PEM content is required.' + } else if (!isValidPemCertificate(pemText)) { + nextErrors.pemText = 'Invalid PEM certificate format. Please ensure it contains valid certificate data.' } setErrors(nextErrors) + setApiError(null) // Clear API errors on validation return Object.keys(nextErrors).length === 0 } - const handleSubmit = () => { + const handleSubmit = async () => { if (!validate()) return - const payload = { - targetStore, - source: 'text', - pemText, - fileName: file ? file.name : undefined, - alias: alias || undefined, + + setLoading(true) + setApiError(null) + + try { + // Convert PEM to Base64 + const base64Certificate = pemToBase64(pemText) + + // Prepare payload based on target store + let certificates = null + let pairs = null + + if (targetStore === 'trusted') { + certificates = [{ + alias: alias || `cert-${Date.now()}`, + certificate: base64Certificate + }] + } else if (targetStore === 'private') { + // For private store, we need both certificate and private key + // For now, we'll only store the certificate (private key would need separate input) + pairs = [{ + alias: alias || `pair-${Date.now()}`, + certificate: base64Certificate, + privateKey: '' // TODO: Add private key input for private store + }] + } + + // Call the API + await updateCertificates(certificates, pairs) + + // Success - call callbacks + if (onSuccess) onSuccess() + if (onSubmit) onSubmit({ success: true, targetStore, alias }) + + } catch (error) { + console.error('Failed to import certificate:', error) + setApiError(error.message || 'Failed to import certificate') + } finally { + setLoading(false) } - // Useful debugging information - // eslint-disable-next-line no-console - console.debug('[ImportCertificate] submit', payload) - if (onSubmit) onSubmit(payload) } return ( + {apiError && ( + setApiError(null)}> + {apiError} + + )} - - + + diff --git a/src/hooks/useCertificates.js b/src/hooks/useCertificates.js index 42c9e9809c..8489254e27 100644 --- a/src/hooks/useCertificates.js +++ b/src/hooks/useCertificates.js @@ -10,19 +10,23 @@ export default function useCertificates() { const [loading, setLoading] = useState(true) const [error, setError] = useState('') + const loadCertificates = async () => { + setLoading(true) + setError('') + try { + const data = await fetchCertificates() + setAll(data) + } catch (e) { + setError('Failed to load certificates') + } finally { + setLoading(false) + } + } + useEffect(() => { let cancelled = false async function load() { - setLoading(true) - setError('') - try { - const data = await fetchCertificates() - if (!cancelled) setAll(data) - } catch (e) { - if (!cancelled) setError('Failed to load certificates') - } finally { - if (!cancelled) setLoading(false) - } + await loadCertificates() } load() return () => { cancelled = true } @@ -42,7 +46,7 @@ export default function useCertificates() { private: all.filter((c) => c.store === 'private').length, }), [all]) - return { all, loading, error, counts, filterBy } + return { all, loading, error, counts, filterBy, refetch: loadCertificates } } diff --git a/src/pages/SslManagement.jsx b/src/pages/SslManagement.jsx index 2029329fa5..3a752eaec0 100644 --- a/src/pages/SslManagement.jsx +++ b/src/pages/SslManagement.jsx @@ -11,9 +11,10 @@ import ShieldOutlinedIcon from '@mui/icons-material/ShieldOutlined' import CheckCircleOutlineIcon from '@mui/icons-material/CheckCircleOutline' import VpnKeyIcon from '@mui/icons-material/VpnKey' import ImportCertificateDialogContent from '../components/ImportCertificateDialogContent' +import CertificateDetailsDialog from '../components/CertificateDetailsDialog' export default function SslManagement() { - const { counts, filterBy, loading, error } = useCertificates() + const { counts, filterBy, loading, error, refetch } = useCertificates() const [params, setParams] = useSearchParams() const tabKeys = ['native', 'trusted', 'private'] const initialKey = params.get('tab') && tabKeys.includes(params.get('tab')) ? params.get('tab') : 'native' @@ -24,6 +25,9 @@ export default function SslManagement() { const [dialogTitle, setDialogTitle] = useState('') const [dialogType, setDialogType] = useState(null) // 'text' | 'import-certificate' | null const [dialogProps, setDialogProps] = useState({}) + + const [detailsDialogOpen, setDetailsDialogOpen] = useState(false) + const [selectedCertificate, setSelectedCertificate] = useState(null) const openDialog = ({ type, title, props = {} }) => { setDialogTitle(title) @@ -38,6 +42,27 @@ export default function SslManagement() { setDialogProps({}) } + const handleImportSuccess = () => { + // Refresh the certificate data after successful import + refetch() + closeDialog() + } + + const handleViewDetails = (certificate) => { + setSelectedCertificate(certificate) + setDetailsDialogOpen(true) + } + + const handleCloseDetails = () => { + setDetailsDialogOpen(false) + setSelectedCertificate(null) + } + + const handleExport = (certificate) => { + // TODO: Implement certificate export functionality + console.log('Export certificate:', certificate) + } + const openImportDialog = () => { const targetStore = tabKey === 'trusted' ? 'trusted' : 'private' openDialog({ type: 'import-certificate', title: 'Import Certificate (PEM)', props: { targetStore } }) @@ -96,7 +121,13 @@ export default function SslManagement() { - + @@ -104,7 +135,13 @@ export default function SslManagement() { - + @@ -112,7 +149,13 @@ export default function SslManagement() { - + @@ -124,6 +167,7 @@ export default function SslManagement() { targetStore={dialogProps.targetStore} onCancel={closeDialog} onSubmit={() => closeDialog()} + onSuccess={handleImportSuccess} /> )} {dialogType === 'text' && ( @@ -136,6 +180,12 @@ export default function SslManagement() { )} + + ) } diff --git a/src/services/sslService.js b/src/services/sslService.js index 9153082378..18f883929d 100644 --- a/src/services/sslService.js +++ b/src/services/sslService.js @@ -1,85 +1,209 @@ +/** + * SSL Service - Certificate Management + * + * Currently using internal store for development. + * + * TO SWITCH TO REAL API: + * 1. Uncomment the api import line below + * 2. In fetchCertificates(): comment out the "INTERNAL STORE" section and uncomment the "REAL API" section + * 3. In updateCertificates(): comment out the "INTERNAL STORE" section and uncomment the "REAL API" section + * 4. Remove or comment out the internal store variables and helper functions at the bottom + */ + +import { parseCertificate } from '../utils/certificateUtils.js' +// import { api } from './api.js' // Uncomment when API is ready + +// === INTERNAL STORE (remove when switching to real API) === +// Internal store to simulate API - starts empty +let internalStore = { + systemCertificates: [], + certificates: [], + pairs: [] +} + +// Load from localStorage if available +const STORAGE_KEY = 'ssl-manager-store' +try { + const stored = localStorage.getItem(STORAGE_KEY) + if (stored) { + internalStore = JSON.parse(stored) + } +} catch (e) { + console.warn('Failed to load from localStorage:', e) +} + +// Save to localStorage +function saveToStorage() { + try { + localStorage.setItem(STORAGE_KEY, JSON.stringify(internalStore)) + } catch (e) { + console.warn('Failed to save to localStorage:', e) + } +} + export async function fetchCertificates() { - // Simulate network delay - await new Promise((resolve) => setTimeout(resolve, 400)) + try { + // === INTERNAL STORE (for development) === + // Simulate API delay + await new Promise(resolve => setTimeout(resolve, 300)) + + const data = internalStore + + // === REAL API (uncomment when API is ready) === + // const response = await api.get('/api/tlsmanager/certificates') + // const data = response.data + + const certificates = [] + + // Map systemCertificates to native store + if (data.systemCertificates) { + for (const cert of data.systemCertificates) { + const parsed = await parseCertificate(cert.certificate) + certificates.push({ + alias: cert.alias, + name: parsed.subject?.CN || cert.alias, + type: parsed.type || 'Unknown', + subject: parsed.subjectStr || 'Unknown', + issuer: parsed.issuerStr || 'Unknown', + validFrom: parsed.validFrom, + validTo: parsed.validTo, + fingerprintSha1: parsed.fingerprintSha1, + hasPrivateKey: false, + store: 'native', + rawCertificate: cert.certificate, + parsedCertificate: parsed, + }) + } + } + + // Map certificates to trusted store + if (data.certificates) { + for (const cert of data.certificates) { + const parsed = await parseCertificate(cert.certificate) + certificates.push({ + alias: cert.alias, + name: parsed.subject?.CN || cert.alias, + type: parsed.type || 'Unknown', + subject: parsed.subjectStr || 'Unknown', + issuer: parsed.issuerStr || 'Unknown', + validFrom: parsed.validFrom, + validTo: parsed.validTo, + fingerprintSha1: parsed.fingerprintSha1, + hasPrivateKey: false, + store: 'trusted', + channelsInUse: cert.channelsInUse || [], + rawCertificate: cert.certificate, + parsedCertificate: parsed, + }) + } + } + + // Map pairs to private store + if (data.pairs) { + for (const pair of data.pairs) { + const parsed = await parseCertificate(pair.certificate) + certificates.push({ + alias: pair.alias, + name: parsed.subject?.CN || pair.alias, + type: parsed.type || 'Unknown', + subject: parsed.subjectStr || 'Unknown', + issuer: parsed.issuerStr || 'Unknown', + validFrom: parsed.validFrom, + validTo: parsed.validTo, + fingerprintSha1: parsed.fingerprintSha1, + hasPrivateKey: true, + store: 'private', + channelsInUse: pair.channelsInUse || [], + rawCertificate: pair.certificate, + parsedCertificate: parsed, + }) + } + } + + return certificates + } catch (error) { + console.error('Failed to fetch certificates:', error) + throw new Error('Failed to fetch certificates from server') + } +} - // Mock data spanning all stores - return [ - // Native Java Certificate Store (read-only) - { - alias: 'digicert-global-root', - name: 'DigiCert Global Root CA', - type: 'Root CA', - subject: 'CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US', - issuer: 'Self-signed', - validFrom: '2006-11-10', - validTo: '2031-11-10', - fingerprintSha1: 'A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436', - hasPrivateKey: false, - store: 'native', - }, - { - alias: 'isrg-root-x1', - name: 'ISRG Root X1', - type: 'Root CA', - subject: 'CN=ISRG Root X1, O=Internet Security Research Group, C=US', - issuer: 'Self-signed', - validFrom: '2015-06-04', - validTo: '2035-06-04', - fingerprintSha1: 'CABD2A79A1076A31F21D253635CB039D4329A5E8', - hasPrivateKey: false, - store: 'native', - }, +export async function updateCertificates(certificates, pairs) { + try { + // === INTERNAL STORE (for development) === + // Simulate API delay + await new Promise(resolve => setTimeout(resolve, 300)) + + // Update internal store + if (certificates && certificates.length > 0) { + // Add new certificates to the store + for (const cert of certificates) { + const existing = internalStore.certificates.findIndex(c => c.alias === cert.alias) + if (existing >= 0) { + internalStore.certificates[existing] = cert + } else { + internalStore.certificates.push(cert) + } + } + } + + if (pairs && pairs.length > 0) { + // Add new pairs to the store + for (const pair of pairs) { + const existing = internalStore.pairs.findIndex(p => p.alias === pair.alias) + if (existing >= 0) { + internalStore.pairs[existing] = pair + } else { + internalStore.pairs.push(pair) + } + } + } + + // Save to localStorage + saveToStorage() + + console.log('[Internal Store] Updated:', internalStore) + + return { success: true } + + // === REAL API (uncomment when API is ready) === + // const payload = {} + // + // if (certificates && certificates.length > 0) { + // payload.certificates = certificates.map(cert => ({ + // alias: cert.alias, + // certificate: cert.certificate // Base64-encoded PEM + // })) + // } + // + // if (pairs && pairs.length > 0) { + // payload.pairs = pairs.map(pair => ({ + // alias: pair.alias, + // certificate: pair.certificate, // Base64-encoded PEM + // privateKey: pair.privateKey // Base64-encoded PEM + // })) + // } + // + // const response = await api.put('/api/tlsmanager/certificates', payload) + // return response.data + } catch (error) { + console.error('Failed to update certificates:', error) + throw new Error('Failed to update certificates in internal store') + } +} - // Additional Trusted Certificates (user-imported) - { - alias: 'corp-intermediate-1', - name: 'Corp Intermediate CA 1', - type: 'Intermediate', - subject: 'CN=Corp Intermediate CA 1, O=Corp Example Ltd, C=US', - issuer: 'Corp Root CA', - validFrom: '2024-02-01', - validTo: '2027-02-01', - fingerprintSha1: '11223344556677889900AABBCCDDEEFF00112233', - hasPrivateKey: false, - store: 'trusted', - }, - { - alias: 'partner-public-cert', - name: 'Partner Public Cert', - type: 'End-entity', - subject: 'CN=api.partner.example, O=Partner Inc, C=US', - issuer: 'R3', - validFrom: '2024-10-01', - validTo: '2025-10-01', - fingerprintSha1: '223344556677889900AABBCCDDEEFF0011223344', - hasPrivateKey: false, - store: 'trusted', - }, +// === INTERNAL STORE HELPER FUNCTIONS (remove when switching to real API) === +// Helper function to clear the internal store (useful for testing) +export function clearInternalStore() { + internalStore = { + systemCertificates: [], + certificates: [], + pairs: [] + } + saveToStorage() + console.log('[Internal Store] Cleared') +} - // Private Key Store - { - alias: 'prod-web-1', - name: 'Production Web Cert', - type: 'End-entity', - subject: 'CN=www.example.com, O=Example Inc, C=US', - issuer: "Let's Encrypt Authority X3", - validFrom: '2024-01-10', - validTo: '2026-01-15', - fingerprintSha1: '3344556677889900AABBCCDDEEFF001122334455', - hasPrivateKey: true, - store: 'private', - }, - { - alias: 'staging-api', - name: 'Staging API Cert', - type: 'End-entity', - subject: 'CN=api.staging.example.com, O=Example Inc, C=US', - issuer: 'R3', - validFrom: '2024-12-01', - validTo: '2025-12-01', - fingerprintSha1: '44556677889900AABBCCDDEEFF00112233445566', - hasPrivateKey: true, - store: 'private', - }, - ] +// Helper function to get current store state (for debugging) +export function getInternalStore() { + return { ...internalStore } } diff --git a/src/utils/certificateUtils.js b/src/utils/certificateUtils.js new file mode 100644 index 0000000000..fc0717797e --- /dev/null +++ b/src/utils/certificateUtils.js @@ -0,0 +1,207 @@ +import forge from 'node-forge' + +/** + * Parse a Base64-encoded PEM certificate and extract relevant information + * @param {string} base64Pem - Base64-encoded PEM certificate + * @returns {Object} Parsed certificate information + */ +export function parseCertificate(base64Pem) { + try { + + const pemString = base64ToPem(base64Pem) + + // Parse the PEM certificate + const cert = forge.pki.certificateFromPem(pemString) + + // Extract subject information + const subject = cert.subject + const subjectStr = formatDN(subject) + + // Extract issuer information + const issuer = cert.issuer + const issuerStr = formatDN(issuer) + + // Determine certificate type + const type = determineCertificateType(cert) + + // Format validity dates + const validFrom = formatDate(cert.validity.notBefore) + const validTo = formatDate(cert.validity.notAfter) + + // Calculate SHA-1 fingerprint + const fingerprintSha1 = forge.md.sha1.create() + .update(forge.asn1.toDer(forge.pki.certificateToAsn1(cert)).getBytes()) + .digest() + .toHex() + .toUpperCase() + + return { + subject, + subjectStr, + issuer, + issuerStr, + type, + validFrom, + validTo, + fingerprintSha1, + serialNumber: cert.serialNumber, + version: cert.version, + extensions: cert.extensions, + raw: cert + } + } catch (error) { + console.error('Failed to parse certificate:', error) + return { + subject: null, + subjectStr: 'Parse Error', + issuer: null, + issuerStr: 'Parse Error', + type: 'Unknown', + validFrom: 'Unknown', + validTo: 'Unknown', + fingerprintSha1: 'Unknown', + error: error.message + } + } +} + +/** + * Format a Distinguished Name (DN) object to string + * @param {Object} dn - Distinguished Name object from node-forge + * @returns {string} Formatted DN string + */ +function formatDN(dn) { + if (!dn) return 'Unknown' + + const parts = [] + + // Common DN attributes in order of preference + const attributes = ['CN', 'OU', 'O', 'L', 'ST', 'C', 'emailAddress'] + + for (const attr of attributes) { + const field = dn.getField(attr) + if (field) { + // Extract the value from the field object + const value = field.value || field + parts.push(`${attr}=${value}`) + } + } + + // Add any remaining attributes not in our preferred list + const allAttrs = dn.attributes || [] + for (const attr of allAttrs) { + if (!attributes.includes(attr.name)) { + parts.push(`${attr.name}=${attr.value}`) + } + } + + return parts.join(', ') +} + +/** + * Determine certificate type based on extensions and usage + * @param {Object} cert - Certificate object from node-forge + * @returns {string} Certificate type + */ +function determineCertificateType(cert) { + if (!cert.extensions) return 'End-entity' + + // Check for CA certificate + const basicConstraints = cert.extensions.find(ext => ext.name === 'basicConstraints') + if (basicConstraints && basicConstraints.cA) { + return 'Root CA' + } + + // Check for intermediate CA + const keyUsage = cert.extensions.find(ext => ext.name === 'keyUsage') + if (keyUsage && keyUsage.keyCertSign) { + return 'Intermediate' + } + + // Check for server certificate + const extKeyUsage = cert.extensions.find(ext => ext.name === 'extKeyUsage') + if (extKeyUsage && extKeyUsage.serverAuth) { + return 'Server Certificate' + } + + // Check for client certificate + if (extKeyUsage && extKeyUsage.clientAuth) { + return 'Client Certificate' + } + + return 'End-entity' +} + +/** + * Format a date object to YYYY-MM-DD string + * @param {Date} date - Date object + * @returns {string} Formatted date string + */ +function formatDate(date) { + if (!date) return 'Unknown' + + const year = date.getFullYear() + const month = String(date.getMonth() + 1).padStart(2, '0') + const day = String(date.getDate()).padStart(2, '0') + + return `${year}-${month}-${day}` +} + +/** + * Validate if a string contains valid PEM certificate data + * @param {string} pemString - PEM certificate string + * @returns {boolean} True if valid PEM certificate + */ +export function isValidPemCertificate(pemString) { + try { + // Check if it contains certificate markers + if (!pemString.includes('-----BEGIN CERTIFICATE-----') || + !pemString.includes('-----END CERTIFICATE-----')) { + return false + } + + // Try to parse it + const cert= forge.pki.certificateFromPem(pemString) + console.log(cert) + return true + } catch (error) { + console.error('Failed to validate PEM certificate:', error) + return false + } +} + +/** + * Convert PEM string to Base64-encoded format + * @param {string} pemString - PEM certificate string + * @returns {string} Base64-encoded certificate + */ +export function pemToBase64(pemString) { + try { + // Remove PEM headers and footers + const base64Content = pemString + .replace(/-----BEGIN CERTIFICATE-----/g, '') + .replace(/-----END CERTIFICATE-----/g, '') + .replace(/\s/g, '') // Remove whitespace + + return base64Content + } catch (error) { + console.error('Failed to convert PEM to Base64:', error) + throw new Error('Invalid PEM format') + } +} + +/** + * Convert Base64-encoded certificate to PEM format + * @param {string} base64Cert - Base64-encoded certificate + * @returns {string} PEM certificate string + */ +export function base64ToPem(base64Cert) { + try { + // Add PEM headers + const pemString = `-----BEGIN CERTIFICATE-----\n${base64Cert}\n-----END CERTIFICATE-----` + return pemString + } catch (error) { + console.error('Failed to convert Base64 to PEM:', error) + throw new Error('Invalid Base64 format') + } +} diff --git a/src/utils/dateUtils.js b/src/utils/dateUtils.js new file mode 100644 index 0000000000..c8b01311f2 --- /dev/null +++ b/src/utils/dateUtils.js @@ -0,0 +1,51 @@ +/** + * Format a date to a readable string + * @param {Date|string} date - Date object or date string + * @returns {string} Formatted date string + */ +export function formatDate(date) { + if (!date) return 'Unknown' + + const dateObj = typeof date === 'string' ? new Date(date) : date + + if (isNaN(dateObj.getTime())) return 'Invalid Date' + + return dateObj.toLocaleDateString('en-US', { + year: 'numeric', + month: 'long', + day: 'numeric', + hour: '2-digit', + minute: '2-digit' + }) +} + +/** + * Check if a date is within a certain number of days from now + * @param {Date|string} date - Date to check + * @param {number} days - Number of days + * @returns {boolean} True if within the specified days + */ +export function isWithinDays(date, days) { + if (!date) return false + + const dateObj = typeof date === 'string' ? new Date(date) : date + const now = new Date() + const diffTime = dateObj.getTime() - now.getTime() + const diffDays = Math.ceil(diffTime / (1000 * 60 * 60 * 24)) + + return diffDays <= days && diffDays >= 0 +} + +/** + * Check if a date has passed + * @param {Date|string} date - Date to check + * @returns {boolean} True if the date has passed + */ +export function isExpired(date) { + if (!date) return false + + const dateObj = typeof date === 'string' ? new Date(date) : date + const now = new Date() + + return dateObj.getTime() < now.getTime() +} From c991b9130b88092bf31f1fba810b2d69c7aa3e22 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Wed, 1 Oct 2025 17:03:31 +0300 Subject: [PATCH 063/360] Refactor Dockerfile for multi-stage build: separate build and production stages, install only production dependencies, and add health check. Update package.json to include start scripts and remove server.js file. --- .dockerignore | 17 +++++++ DOCKER.md | 117 +++++++++++++++++++++++++++++++++++++++++++++ Dockerfile | 42 ++++++++++++++-- docker-compose.yml | 19 ++++++++ docker-scripts.sh | 59 +++++++++++++++++++++++ package.json | 4 +- server.js | 30 ------------ server.prod.js | 73 ++++++++++++++++++++++++++++ 8 files changed, 326 insertions(+), 35 deletions(-) create mode 100644 .dockerignore create mode 100644 DOCKER.md create mode 100644 docker-compose.yml create mode 100755 docker-scripts.sh delete mode 100644 server.js create mode 100644 server.prod.js diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..77ea1d5ad6 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,17 @@ +node_modules +npm-debug.log +.git +.gitignore +README.md +.env +.env.local +.env.development.local +.env.test.local +.env.production.local +.nyc_output +coverage +.vscode +.idea +*.log +.DS_Store +Thumbs.db diff --git a/DOCKER.md b/DOCKER.md new file mode 100644 index 0000000000..f575c80d3a --- /dev/null +++ b/DOCKER.md @@ -0,0 +1,117 @@ +# Docker Setup for Settings Dashboard + +This document explains how to build and run the Settings Dashboard using Docker. + +## Quick Start + +### Option 1: Using Docker Compose (Recommended) +```bash +# Build and start the application +docker-compose up --build + +# Access the application at: http://localhost:3000/dashboard +``` + +### Option 2: Using Docker Commands +```bash +# Build the image +docker build -t settings-dashboard . + +# Run the container +docker run -p 3000:3000 settings-dashboard + +# Access the application at: http://localhost:3000/dashboard +``` + +### Option 3: Using Helper Scripts +```bash +# Make the script executable (first time only) +chmod +x docker-scripts.sh + +# Build and run +./docker-scripts.sh build +./docker-scripts.sh run + +# Or use docker-compose +./docker-scripts.sh compose-up +``` + +## Configuration + +### Environment Variables + +You can customize the application behavior using environment variables: + +- `PORT`: Port to run the server on (default: 3000) +- `API_TARGET`: Backend API URL to proxy requests to (default: https://oie-test.quantis.health) + +### Example with Custom API Target +```bash +docker run -p 3000:3000 -e API_TARGET=https://your-api-server.com settings-dashboard +``` + +Or with docker-compose, modify the `docker-compose.yml`: +```yaml +environment: + - API_TARGET=https://your-api-server.com +``` + +## Architecture + +The Docker setup includes: + +1. **Multi-stage Build**: + - Builder stage: Installs all dependencies and builds the React app + - Production stage: Only includes production dependencies and built files + +2. **Express Server**: + - Serves static files from the built React app + - Proxies API requests to the backend + - Handles client-side routing + - Sets proper MIME types for JavaScript modules + +3. **Security Features**: + - Runs as non-root user + - Health checks + - Proper cookie handling for cross-origin requests + +## Troubleshooting + +### MIME Type Errors +The production server explicitly sets the correct MIME types for JavaScript modules to prevent the "Expected a JavaScript-or-Wasm module script" error. + +### API Proxy Issues +If you're having issues with API requests: +1. Check that the `API_TARGET` environment variable is set correctly +2. Verify the backend server is accessible from the container +3. Check the container logs: `docker logs ` + +### Port Conflicts +If port 3000 is already in use: +```bash +docker run -p 3001:3000 settings-dashboard +# Access at: http://localhost:3001/dashboard +``` + +## Development vs Production + +- **Development**: Use `npm run dev` for local development with Vite +- **Production**: Use Docker for production deployment + +The Docker setup is optimized for production with: +- Smaller image size (multi-stage build) +- Security best practices +- Proper static file serving +- API proxying +- Health checks + +## File Structure + +``` +├── Dockerfile # Multi-stage Docker build +├── docker-compose.yml # Docker Compose configuration +├── docker-scripts.sh # Helper scripts +├── server.prod.js # Production Express server +├── .dockerignore # Files to exclude from Docker build +└── DOCKER.md # This documentation +``` diff --git a/Dockerfile b/Dockerfile index 5e67d5c99c..e2e1c550d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,51 @@ -FROM node:20-alpine +# Multi-stage build for production +FROM node:20-alpine AS builder WORKDIR /app +# Copy package files COPY package*.json ./ -RUN npm install +# Install all dependencies (including dev dependencies for build) +RUN npm ci +# Copy source code COPY . . +# Build the React app RUN npm run build -RUN npm install -g serve +# Production stage +FROM node:20-alpine AS production +WORKDIR /app + +# Copy package files +COPY package*.json ./ + +# Install only production dependencies +RUN npm ci --only=production && npm cache clean --force + +# Copy built application from builder stage +COPY --from=builder /app/dashboard ./dashboard + +# Copy production server +COPY server.prod.js ./ + +# Create non-root user for security +RUN addgroup -g 1001 -S nodejs && \ + adduser -S nextjs -u 1001 + +# Change ownership of the app directory +RUN chown -R nextjs:nodejs /app +USER nextjs + +# Expose port EXPOSE 3000 -CMD ["serve", "-s", "dashboard", "-l", "3000"] +# Health check +HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ + CMD node -e "require('http').get('http://localhost:3000/dashboard', (res) => { process.exit(res.statusCode === 200 ? 0 : 1) })" + +# Start the production server +CMD ["npm", "start"] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000000..0c32d5085d --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,19 @@ +version: '3.8' + +services: + settings-dashboard: + build: . + ports: + - "3000:3000" + environment: + - NODE_ENV=production + - PORT=3000 + # Override the API target if needed + # - API_TARGET=https://your-api-server.com + restart: unless-stopped + healthcheck: + test: ["CMD", "node", "-e", "require('http').get('http://localhost:3000/dashboard', (res) => { process.exit(res.statusCode === 200 ? 0 : 1) })"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 40s diff --git a/docker-scripts.sh b/docker-scripts.sh new file mode 100755 index 0000000000..3525a4f60e --- /dev/null +++ b/docker-scripts.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +# Docker helper scripts for settings-dashboard + +case "$1" in + "build") + echo "🔨 Building Docker image..." + docker build -t settings-dashboard . + ;; + "run") + echo "🚀 Running Docker container..." + docker run -p 3000:3000 --name settings-dashboard-container settings-dashboard + ;; + "run-detached") + echo "🚀 Running Docker container in background..." + docker run -d -p 3000:3000 --name settings-dashboard-container settings-dashboard + ;; + "stop") + echo "🛑 Stopping Docker container..." + docker stop settings-dashboard-container + ;; + "remove") + echo "🗑️ Removing Docker container..." + docker rm settings-dashboard-container + ;; + "logs") + echo "📋 Showing Docker container logs..." + docker logs -f settings-dashboard-container + ;; + "clean") + echo "🧹 Cleaning up Docker resources..." + docker stop settings-dashboard-container 2>/dev/null || true + docker rm settings-dashboard-container 2>/dev/null || true + docker rmi settings-dashboard 2>/dev/null || true + ;; + "compose-up") + echo "🚀 Starting with docker-compose..." + docker-compose up --build + ;; + "compose-down") + echo "🛑 Stopping docker-compose..." + docker-compose down + ;; + *) + echo "Usage: $0 {build|run|run-detached|stop|remove|logs|clean|compose-up|compose-down}" + echo "" + echo "Commands:" + echo " build - Build the Docker image" + echo " run - Run the container (foreground)" + echo " run-detached - Run the container (background)" + echo " stop - Stop the running container" + echo " remove - Remove the container" + echo " logs - Show container logs" + echo " clean - Clean up all Docker resources" + echo " compose-up - Start with docker-compose" + echo " compose-down - Stop docker-compose" + exit 1 + ;; +esac diff --git a/package.json b/package.json index d9ff186801..3c9c622197 100644 --- a/package.json +++ b/package.json @@ -7,7 +7,9 @@ "dev": "vite", "build": "vite build", "lint": "eslint .", - "preview": "vite preview" + "preview": "vite preview", + "start": "node server.prod.js", + "start:dev": "node server.js" }, "dependencies": { "@emotion/react": "^11.14.0", diff --git a/server.js b/server.js deleted file mode 100644 index 66e89464b9..0000000000 --- a/server.js +++ /dev/null @@ -1,30 +0,0 @@ -import express from 'express' -import { createProxyMiddleware } from 'http-proxy-middleware' - -const target = 'https://oie-test.quantis.health' - -const app = express() - -app.use('/api', createProxyMiddleware({ - target, - changeOrigin: true, - xfwd: true, - // Strip the Domain attribute so the cookie becomes host-only for your proxy host - cookieDomainRewrite: '', - // Optional: ensure SameSite/ Secure as needed - onProxyRes(proxyRes) { - const cookies = proxyRes.headers['set-cookie'] - if (cookies) { - proxyRes.headers['set-cookie'] = cookies.map(c => { - let v = c - // Force SameSite=None for cross-site usage (only if served over HTTPS) - if (!/; *SameSite=/i.test(v)) v += '; SameSite=None' - // Add Secure if serving the proxy over HTTPS (required for SameSite=None) - if (!/; *Secure/i.test(v)) v += '; Secure' - return v - }) - } - }, -})) - -app.listen(3000, () => console.log('Proxy on http://localhost:3000')) \ No newline at end of file diff --git a/server.prod.js b/server.prod.js new file mode 100644 index 0000000000..1985818197 --- /dev/null +++ b/server.prod.js @@ -0,0 +1,73 @@ +import express from 'express' +import { createProxyMiddleware } from 'http-proxy-middleware' +import path from 'path' +import { fileURLToPath } from 'url' + +const __filename = fileURLToPath(import.meta.url) +const __dirname = path.dirname(__filename) + +const app = express() +const PORT = process.env.PORT || 3000 + +// API target - you can override this with environment variable +const API_TARGET = process.env.API_TARGET || 'https://oie-1.quantis.health/api' + +// Serve static files from the dashboard directory +app.use('/dashboard', express.static(path.join(__dirname, 'dashboard'), { + // Set proper MIME types for JavaScript modules + setHeaders: (res, filePath) => { + if (filePath.endsWith('.js')) { + res.setHeader('Content-Type', 'application/javascript') + } else if (filePath.endsWith('.mjs')) { + res.setHeader('Content-Type', 'application/javascript') + } else if (filePath.endsWith('.css')) { + res.setHeader('Content-Type', 'text/css') + } + } +})) + +// Proxy API requests to the backend +app.use('/api', createProxyMiddleware({ + target: API_TARGET, + changeOrigin: true, + secure: false, // for local https dev + logger: console, + on: { + proxyReq(proxyReq, req, res) { + console.log('➡️', req.method, req.url); + }, + proxyRes(proxyRes, req, res) { + console.log('⬅️', proxyRes.statusCode); + }, + error(err, req, res) { + console.error('❌', err.message); + res.status(500).json({ error: 'Proxy error' }); + } + } +})) + +// Redirect root to dashboard +app.get('/', (req, res) => { + res.redirect('/dashboard') +}) + +// Handle client-side routing - serve index.html for dashboard routes +app.get('/dashboard', (req, res) => { + res.sendFile(path.join(__dirname, 'dashboard', 'index.html')) +}) + +// Catch-all route for client-side routing (must be last) +app.use((req, res) => { + if (req.path.startsWith('/dashboard')) { + res.sendFile(path.join(__dirname, 'dashboard', 'index.html')) + } else { + res.status(404).send('Not Found') + } +}) + +app.listen(PORT, '0.0.0.0', () => { + console.log(`🚀 Server running on http://0.0.0.0:${PORT}`) + console.log(`📁 Serving static files from: ${path.join(__dirname, 'dashboard')}`) + console.log(`🔗 Proxying API requests to: ${API_TARGET}`) + console.log(`🌐 Access your app at: http://localhost:${PORT}/dashboard`) +}) From e0742577dfb1ce62964ef8f17a592516e1f28576 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Wed, 1 Oct 2025 17:10:41 +0300 Subject: [PATCH 064/360] Enhance UI components: Update CertificateList to add bottom padding, improve ImportCertificateDialogContent layout with fixed buttons and scrollable content, and modify DashboardLayout for better child component handling and overflow management. --- src/components/CertificateList.jsx | 2 +- .../ImportCertificateDialogContent.jsx | 50 ++++++++++++++----- src/layout/DashboardLayout.jsx | 13 ++++- 3 files changed, 49 insertions(+), 16 deletions(-) diff --git a/src/components/CertificateList.jsx b/src/components/CertificateList.jsx index 6423a1671d..0576642942 100644 --- a/src/components/CertificateList.jsx +++ b/src/components/CertificateList.jsx @@ -15,7 +15,7 @@ export default function CertificateList({ rows, loading, error, emptyText = 'No if (!rows || rows.length === 0) return {emptyText} return ( - + {rows.map((row) => ( diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index dbd7d3b52e..47c2fcd41b 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -77,8 +77,18 @@ export default function ImportCertificateDialogContent({ } return ( - - + + + {apiError && ( setApiError(null)}> {apiError} @@ -125,7 +135,8 @@ export default function ImportCertificateDialogContent({ error={Boolean(errors.pemText)} helperText={errors.pemText || 'Paste certificate or chain. Uploading a .pem fills this field.'} multiline - minRows={8} + minRows={4} + maxRows={6} fullWidth /> @@ -136,17 +147,30 @@ export default function ImportCertificateDialogContent({ helperText="Provide an alias for the entry if applicable" fullWidth /> - - - - + + + {/* Fixed buttons at bottom */} + + + ) diff --git a/src/layout/DashboardLayout.jsx b/src/layout/DashboardLayout.jsx index 3fc685fc8c..fb0cf9e9a2 100644 --- a/src/layout/DashboardLayout.jsx +++ b/src/layout/DashboardLayout.jsx @@ -19,9 +19,18 @@ export default function DashboardLayout({ children }) { - + - {children} + + {children} + ) From baf95d866bc746bf44990169ac9dc23f511352f6 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Wed, 1 Oct 2025 17:17:42 +0300 Subject: [PATCH 065/360] Enhance ImportCertificateDialogContent: Make alias field required, update validation logic, and improve UI feedback for alias input. --- src/components/ImportCertificateDialogContent.jsx | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index 47c2fcd41b..9a01d8a6fb 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -27,6 +27,9 @@ export default function ImportCertificateDialogContent({ } else if (!isValidPemCertificate(pemText)) { nextErrors.pemText = 'Invalid PEM certificate format. Please ensure it contains valid certificate data.' } + if (!alias.trim()) { + nextErrors.alias = 'Alias is required.' + } setErrors(nextErrors) setApiError(null) // Clear API errors on validation return Object.keys(nextErrors).length === 0 @@ -48,14 +51,14 @@ export default function ImportCertificateDialogContent({ if (targetStore === 'trusted') { certificates = [{ - alias: alias || `cert-${Date.now()}`, + alias: alias, certificate: base64Certificate }] } else if (targetStore === 'private') { // For private store, we need both certificate and private key // For now, we'll only store the certificate (private key would need separate input) pairs = [{ - alias: alias || `pair-${Date.now()}`, + alias: alias, certificate: base64Certificate, privateKey: '' // TODO: Add private key input for private store }] @@ -141,11 +144,13 @@ export default function ImportCertificateDialogContent({ /> setAlias(e.target.value)} - helperText="Provide an alias for the entry if applicable" + error={Boolean(errors.alias)} + helperText={errors.alias || "Provide a unique alias for this certificate"} fullWidth + required /> From 8bb2dbcea047c2debbcbb03ae1d4ff42b0d2b51c Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Wed, 1 Oct 2025 17:37:21 +0300 Subject: [PATCH 066/360] Refactor SSL to TLS: Rename SSL references to TLS across the application, including routes, services, and UI components. Update README.md to reflect the changes in the TLS Manager UI and service integration. --- README.md | 12 ++++++------ src/App.jsx | 12 ++++++------ src/components/ImportCertificateDialogContent.jsx | 2 +- src/hooks/useCertificates.js | 2 +- src/pages/Login.jsx | 2 +- src/pages/{SslManagement.jsx => TlsManagement.jsx} | 2 +- src/services/{sslService.js => tlsService.js} | 4 ++-- 7 files changed, 18 insertions(+), 18 deletions(-) rename src/pages/{SslManagement.jsx => TlsManagement.jsx} (99%) rename src/services/{sslService.js => tlsService.js} (98%) diff --git a/README.md b/README.md index 7cf58003ef..1d360b4d2a 100644 --- a/README.md +++ b/README.md @@ -37,15 +37,15 @@ Axios is configured with `withCredentials=true`, so successful login at `/users/ - BrowserRouter `basename` is `/dashboard`. - Routes: - `/login` (public) - - `/ssl` (protected) + - `/tls` (protected) - `AuthContext` provides `login()` and `logout()`; `ProtectedRoute` guards private routes. - Unauthenticated users are redirected to `/login`. ## Layout - `DashboardLayout` uses a top AppBar only (no drawer). The app content renders beneath it. -## SSL Manager UI -- Page: `src/pages/SslManagement.jsx` +## TLS Manager UI +- Page: `src/pages/TlsManagement.jsx` - Features a tabbed interface with 3 stores and count chips: 1. Native Java Certificate Store (read-only) 2. Additional Trusted Certificates @@ -71,9 +71,9 @@ Axios is configured with `withCredentials=true`, so successful login at `/users/ - Hook: `useCertificates` — fetches once, returns counts and per-store filtered lists ## Data & Services -- Mock service: `src/services/sslService.js` +- Mock service: `src/services/tlsService.js` - Returns a mixed list across stores with fields: `alias`, `name`, `type`, `subject`, `issuer`, `validFrom`, `validTo`, `fingerprintSha1`, `hasPrivateKey`, `store` (`native|trusted|private`). -- Replace with a real API by switching the implementation in `sslService.js` to use Axios. +- Replace with a real API by switching the implementation in `tlsService.js` to use Axios. ## Environment - Vite base path is `/dashboard/` (see `vite.config.js`). @@ -104,7 +104,7 @@ src/ components/ # Reusable UI components context/ # Auth context + ProtectedRoute layout/ # Dashboard layout (AppBar) - pages/ # Route pages (Login, SslManagement) + pages/ # Route pages (Login, TlsManagement) services/ # Data fetching (mock service for now) hooks/ # Custom hooks (useCertificates) ``` diff --git a/src/App.jsx b/src/App.jsx index 7d430c4d80..e28e4bf9e7 100644 --- a/src/App.jsx +++ b/src/App.jsx @@ -3,7 +3,7 @@ import ProtectedRoute from './context/ProtectedRoute' import { useAuth } from './context/AuthContext' import DashboardLayout from './layout/DashboardLayout' import Login from './pages/Login' -import SslManagement from './pages/SslManagement' +import TlsManagement from './pages/TlsManagement' export default function App() { const { isAuthenticated } = useAuth() @@ -14,26 +14,26 @@ export default function App() { : + isAuthenticated ? : } /> - + } /> } + element={} /> } + element={} /> diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index 9a01d8a6fb..e9c7d03d7f 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -1,7 +1,7 @@ import React, { useRef, useState } from 'react' import { Box, Button, FormHelperText, Stack, TextField, Typography, Alert } from '@mui/material' import { pemToBase64, isValidPemCertificate } from '../utils/certificateUtils.js' -import { updateCertificates } from '../services/sslService.js' +import { updateCertificates } from '../services/tlsService.js' export default function ImportCertificateDialogContent({ targetStore = 'trusted', diff --git a/src/hooks/useCertificates.js b/src/hooks/useCertificates.js index 8489254e27..2966f749ad 100644 --- a/src/hooks/useCertificates.js +++ b/src/hooks/useCertificates.js @@ -1,5 +1,5 @@ import { useEffect, useMemo, useState } from 'react' -import { fetchCertificates } from '../services/sslService' +import { fetchCertificates } from '../services/tlsService' function normalize(text) { return (text || '').toLowerCase() diff --git a/src/pages/Login.jsx b/src/pages/Login.jsx index 4377012b1e..d85ed4ee04 100644 --- a/src/pages/Login.jsx +++ b/src/pages/Login.jsx @@ -25,7 +25,7 @@ export default function Login() { setError('') try { await login({ username, password }) - const redirectTo = location.state?.from?.pathname || '/ssl' + const redirectTo = location.state?.from?.pathname || '/tls' navigate(redirectTo, { replace: true }) } catch (err) { const msg = err?.message || 'Login failed. Please try again.' diff --git a/src/pages/SslManagement.jsx b/src/pages/TlsManagement.jsx similarity index 99% rename from src/pages/SslManagement.jsx rename to src/pages/TlsManagement.jsx index 3a752eaec0..83bc335c32 100644 --- a/src/pages/SslManagement.jsx +++ b/src/pages/TlsManagement.jsx @@ -13,7 +13,7 @@ import VpnKeyIcon from '@mui/icons-material/VpnKey' import ImportCertificateDialogContent from '../components/ImportCertificateDialogContent' import CertificateDetailsDialog from '../components/CertificateDetailsDialog' -export default function SslManagement() { +export default function TlsManagement() { const { counts, filterBy, loading, error, refetch } = useCertificates() const [params, setParams] = useSearchParams() const tabKeys = ['native', 'trusted', 'private'] diff --git a/src/services/sslService.js b/src/services/tlsService.js similarity index 98% rename from src/services/sslService.js rename to src/services/tlsService.js index 18f883929d..c3b1edec20 100644 --- a/src/services/sslService.js +++ b/src/services/tlsService.js @@ -1,5 +1,5 @@ /** - * SSL Service - Certificate Management + * TLS Service - Certificate Management * * Currently using internal store for development. * @@ -22,7 +22,7 @@ let internalStore = { } // Load from localStorage if available -const STORAGE_KEY = 'ssl-manager-store' +const STORAGE_KEY = 'tls-manager-store' try { const stored = localStorage.getItem(STORAGE_KEY) if (stored) { From 70d4321d842a9e070f8e58f0c189338d9cc77d20 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Wed, 1 Oct 2025 17:54:06 +0300 Subject: [PATCH 067/360] Enhance ImportCertificateDialogContent: Add support for private key input, including validation and file handling. Update file acceptance criteria to include .key files and improve user feedback for private key selection. Introduce utility functions for private key validation and conversion to Base64 format. --- .../ImportCertificateDialogContent.jsx | 80 +++++++++++++++++-- src/pages/TlsManagement.jsx | 1 - src/utils/certificateUtils.js | 59 +++++++++++++- 3 files changed, 129 insertions(+), 11 deletions(-) diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index e9c7d03d7f..009593d904 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -1,6 +1,6 @@ import React, { useRef, useState } from 'react' import { Box, Button, FormHelperText, Stack, TextField, Typography, Alert } from '@mui/material' -import { pemToBase64, isValidPemCertificate } from '../utils/certificateUtils.js' +import { pemToBase64, privateKeyPemToBase64, isValidPemCertificate, isValidPemPrivateKey } from '../utils/certificateUtils.js' import { updateCertificates } from '../services/tlsService.js' export default function ImportCertificateDialogContent({ @@ -12,13 +12,16 @@ export default function ImportCertificateDialogContent({ const [pemText, setPemText] = useState('') const [file, setFile] = useState(null) const [alias, setAlias] = useState('') + const [privateKeyText, setPrivateKeyText] = useState('') + const [privateKeyFile, setPrivateKeyFile] = useState(null) const [errors, setErrors] = useState({}) const [loading, setLoading] = useState(false) const [apiError, setApiError] = useState(null) const fileInputRef = useRef(null) + const privateKeyFileInputRef = useRef(null) - const fileAccept = '.pem,text/plain,application/x-pem-file' + const fileAccept = '.pem,.key,text/plain,application/x-pem-file' const validate = () => { const nextErrors = {} @@ -30,6 +33,16 @@ export default function ImportCertificateDialogContent({ if (!alias.trim()) { nextErrors.alias = 'Alias is required.' } + + // For private store, private key is required + if (targetStore === 'private') { + if (!privateKeyText.trim()) { + nextErrors.privateKeyText = 'Private key is required for private store.' + } else if (!isValidPemPrivateKey(privateKeyText)) { + nextErrors.privateKeyText = 'Invalid private key format. Please ensure it contains valid private key data.' + } + } + setErrors(nextErrors) setApiError(null) // Clear API errors on validation return Object.keys(nextErrors).length === 0 @@ -56,11 +69,11 @@ export default function ImportCertificateDialogContent({ }] } else if (targetStore === 'private') { // For private store, we need both certificate and private key - // For now, we'll only store the certificate (private key would need separate input) + const base64PrivateKey = privateKeyPemToBase64(privateKeyText) pairs = [{ alias: alias, certificate: base64Certificate, - privateKey: '' // TODO: Add private key input for private store + privateKey: base64PrivateKey }] } @@ -108,8 +121,8 @@ export default function ImportCertificateDialogContent({ setFile(f || null) if (!f) return const name = (f.name || '').toLowerCase() - if (!(name.endsWith('.pem') || f.type === 'text/plain' || f.type === 'application/x-pem-file')) { - setErrors((prev) => ({ ...prev, file: 'Please select a .pem file.' })) + if (!(name.endsWith('.pem') || name.endsWith('.key') || f.type === 'text/plain' || f.type === 'application/x-pem-file')) { + setErrors((prev) => ({ ...prev, file: 'Please select a .pem or .key file.' })) return } const text = await f.text() @@ -122,7 +135,7 @@ export default function ImportCertificateDialogContent({ /> {file ? file.name : 'No file selected'} @@ -136,13 +149,64 @@ export default function ImportCertificateDialogContent({ value={pemText} onChange={(e) => setPemText(e.target.value)} error={Boolean(errors.pemText)} - helperText={errors.pemText || 'Paste certificate or chain. Uploading a .pem fills this field.'} + helperText={errors.pemText || 'Paste certificate or chain. Uploading a .pem or .key file fills this field.'} multiline minRows={4} maxRows={6} fullWidth /> + {targetStore === 'private' && ( + <> + { + try { + const f = e.target.files && e.target.files[0] + setPrivateKeyFile(f || null) + if (!f) return + const name = (f.name || '').toLowerCase() + if (!(name.endsWith('.pem') || name.endsWith('.key') || f.type === 'text/plain' || f.type === 'application/x-pem-file')) { + setErrors((prev) => ({ ...prev, privateKeyFile: 'Please select a .pem or .key file.' })) + return + } + const text = await f.text() + setPrivateKeyText(text) + setErrors((prev) => ({ ...prev, privateKeyFile: undefined, privateKeyText: undefined })) + } catch (err) { + setErrors((prev) => ({ ...prev, privateKeyFile: 'Failed to read file.' })) + } + }} + /> + + + + {privateKeyFile ? privateKeyFile.name : 'No private key file selected'} + + + {errors.privateKeyFile && {errors.privateKeyFile}} + + setPrivateKeyText(e.target.value)} + error={Boolean(errors.privateKeyText)} + helperText={errors.privateKeyText || 'Paste private key. Uploading a .pem or .key file fills this field.'} + multiline + minRows={4} + maxRows={6} + fullWidth + required + /> + + )} + openDialog({ type: 'text', title: 'Show Private Keys', props: { text: 'Placeholder dialog for showing private keys.' } }) }, { key: 'import-cert', label: 'Import Certificate', color: 'info', onClick: () => openImportDialog() }, { key: 'add-new', label: 'Add New', variant: 'contained', color: 'success', onClick: () => openDialog({ type: 'text', title: 'Add New Private Key', props: { text: 'Placeholder dialog for adding a new private key certificate.' } }) }, ], diff --git a/src/utils/certificateUtils.js b/src/utils/certificateUtils.js index fc0717797e..b70e38a67d 100644 --- a/src/utils/certificateUtils.js +++ b/src/utils/certificateUtils.js @@ -161,8 +161,8 @@ export function isValidPemCertificate(pemString) { } // Try to parse it - const cert= forge.pki.certificateFromPem(pemString) - console.log(cert) + const cert= forge.pki.certificateFromPem(pemString); + return true } catch (error) { console.error('Failed to validate PEM certificate:', error) @@ -170,6 +170,35 @@ export function isValidPemCertificate(pemString) { } } +/** + * Validate if a string contains valid PEM private key data + * @param {string} pemString - PEM private key string + * @returns {boolean} True if valid PEM private key + */ +export function isValidPemPrivateKey(pemString) { + try { + // Check if it contains private key markers (support multiple formats) + const hasPrivateKeyMarkers = ( + (pemString.includes('-----BEGIN PRIVATE KEY-----') && pemString.includes('-----END PRIVATE KEY-----')) || + (pemString.includes('-----BEGIN RSA PRIVATE KEY-----') && pemString.includes('-----END RSA PRIVATE KEY-----')) || + (pemString.includes('-----BEGIN EC PRIVATE KEY-----') && pemString.includes('-----END EC PRIVATE KEY-----')) || + (pemString.includes('-----BEGIN DSA PRIVATE KEY-----') && pemString.includes('-----END DSA PRIVATE KEY-----')) + ) + + if (!hasPrivateKeyMarkers) { + return false + } + + // Try to parse it as a private key + const privateKey = forge.pki.privateKeyFromPem(pemString) + + return true + } catch (error) { + console.error('Failed to validate PEM private key:', error) + return false + } +} + /** * Convert PEM string to Base64-encoded format * @param {string} pemString - PEM certificate string @@ -190,6 +219,32 @@ export function pemToBase64(pemString) { } } +/** + * Convert PEM private key string to Base64-encoded format + * @param {string} pemString - PEM private key string + * @returns {string} Base64-encoded private key + */ +export function privateKeyPemToBase64(pemString) { + try { + // Remove all possible private key headers and footers + const base64Content = pemString + .replace(/-----BEGIN PRIVATE KEY-----/g, '') + .replace(/-----END PRIVATE KEY-----/g, '') + .replace(/-----BEGIN RSA PRIVATE KEY-----/g, '') + .replace(/-----END RSA PRIVATE KEY-----/g, '') + .replace(/-----BEGIN EC PRIVATE KEY-----/g, '') + .replace(/-----END EC PRIVATE KEY-----/g, '') + .replace(/-----BEGIN DSA PRIVATE KEY-----/g, '') + .replace(/-----END DSA PRIVATE KEY-----/g, '') + .replace(/\s/g, '') // Remove whitespace + + return base64Content + } catch (error) { + console.error('Failed to convert private key PEM to Base64:', error) + throw new Error('Invalid private key PEM format') + } +} + /** * Convert Base64-encoded certificate to PEM format * @param {string} base64Cert - Base64-encoded certificate From 93f8bc205e863dbc5efc81df093f5477ada696e3 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Wed, 1 Oct 2025 17:59:20 +0300 Subject: [PATCH 068/360] Update API target configuration: Make API_TARGET a mandatory environment variable, adding error handling for missing configuration. Provide clear instructions for setting the variable to ensure proper server operation. --- server.prod.js | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/server.prod.js b/server.prod.js index 1985818197..8a78a3ee97 100644 --- a/server.prod.js +++ b/server.prod.js @@ -9,8 +9,15 @@ const __dirname = path.dirname(__filename) const app = express() const PORT = process.env.PORT || 3000 -// API target - you can override this with environment variable -const API_TARGET = process.env.API_TARGET || 'https://oie-1.quantis.health/api' +// API target - MANDATORY environment variable +const API_TARGET = process.env.API_TARGET + +if (!API_TARGET) { + console.error('❌ ERROR: API_TARGET environment variable is required but not set!') + console.error('Please set the API_TARGET environment variable to your backend API URL.') + console.error('Example: API_TARGET=https://your-api-server.com/api') + process.exit(1) +} // Serve static files from the dashboard directory app.use('/dashboard', express.static(path.join(__dirname, 'dashboard'), { From 772f7da93b3b5ba1020d7e1f08568676e1bd918c Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Fri, 3 Oct 2025 14:57:25 +0300 Subject: [PATCH 069/360] Enhance Certificate Management: Add functionality to display private keys in CertificateCard and CertificateDetailsDialog components. Introduce toggle feature for showing/hiding private keys in the TlsManagement page. Update CertificateList to pass private key visibility state. Include raw private key in the fetchCertificates service response. --- src/components/CertificateCard.jsx | 28 +++++++++++- src/components/CertificateDetailsDialog.jsx | 47 ++++++++++++++++++--- src/components/CertificateList.jsx | 4 +- src/pages/TlsManagement.jsx | 12 +++++- src/services/tlsService.js | 1 + 5 files changed, 81 insertions(+), 11 deletions(-) diff --git a/src/components/CertificateCard.jsx b/src/components/CertificateCard.jsx index 0a02c3ef94..e47cd467cb 100644 --- a/src/components/CertificateCard.jsx +++ b/src/components/CertificateCard.jsx @@ -3,7 +3,7 @@ import { Paper, Box, Typography, Stack, Button, Divider } from '@mui/material' import ShieldOutlinedIcon from '@mui/icons-material/ShieldOutlined' import StatusPill from './StatusPill' -export default function CertificateCard({ certificate, onViewDetails, onExport }) { +export default function CertificateCard({ certificate, onViewDetails, onExport, showPrivateKeys = false }) { const { name, type, @@ -12,6 +12,8 @@ export default function CertificateCard({ certificate, onViewDetails, onExport } validFrom, validTo, fingerprintSha1, + hasPrivateKey, + rawPrivateKey, } = certificate return ( @@ -56,6 +58,30 @@ export default function CertificateCard({ certificate, onViewDetails, onExport } {fingerprintSha1} + {/* Private Key Section */} + {showPrivateKeys && hasPrivateKey && rawPrivateKey && ( + <> + + + Private Key (Base64): + + {rawPrivateKey} + + + + )} + diff --git a/src/components/CertificateDetailsDialog.jsx b/src/components/CertificateDetailsDialog.jsx index db93b837ca..64ae81250a 100644 --- a/src/components/CertificateDetailsDialog.jsx +++ b/src/components/CertificateDetailsDialog.jsx @@ -1,4 +1,4 @@ -import React from 'react' +import React, { useState } from 'react' import { Dialog, DialogTitle, @@ -12,13 +12,16 @@ import { Stack, Paper, Grid, + IconButton, } from '@mui/material' +import { Visibility, VisibilityOff } from '@mui/icons-material' import { formatDate } from '../utils/dateUtils.js' export default function CertificateDetailsDialog({ open, onClose, certificate }) { if (!certificate) return null const { parsedCertificate, rawCertificate } = certificate + const [showPrivateKey, setShowPrivateKey] = useState(false) const getStatusColor = (validFrom, validTo) => { const now = new Date() @@ -50,10 +53,6 @@ export default function CertificateDetailsDialog({ open, onClose, certificate }) return 'Valid' } - const formatDN = (dn) => { - if (!dn) return 'Unknown' - return dn.toString() - } const formatExtensions = (extensions) => { if (!extensions || extensions.length === 0) return [] @@ -111,7 +110,7 @@ export default function CertificateDetailsDialog({ open, onClose, certificate }) Subject - {formatDN(parsedCertificate?.subject)} + {parsedCertificate?.subjectStr || 'Unknown'} @@ -119,7 +118,7 @@ export default function CertificateDetailsDialog({ open, onClose, certificate }) Issuer - {formatDN(parsedCertificate?.issuer)} + {parsedCertificate?.issuerStr || 'Unknown'} @@ -201,6 +200,40 @@ export default function CertificateDetailsDialog({ open, onClose, certificate }) {rawCertificate} + + {/* Private Key (if available) */} + {certificate.hasPrivateKey && certificate.rawPrivateKey && ( + + + Private Key (Base64) + setShowPrivateKey(!showPrivateKey)} + size="small" + color="primary" + title={showPrivateKey ? 'Hide private key' : 'Show private key'} + > + {showPrivateKey ? : } + + + {showPrivateKey && ( + + {certificate.rawPrivateKey} + + )} + + )} diff --git a/src/components/CertificateList.jsx b/src/components/CertificateList.jsx index 0576642942..24621dd1e7 100644 --- a/src/components/CertificateList.jsx +++ b/src/components/CertificateList.jsx @@ -2,7 +2,7 @@ import React from 'react' import { Box, CircularProgress, Typography, Alert, Grid, Stack } from '@mui/material' import CertificateCard from './CertificateCard' -export default function CertificateList({ rows, loading, error, emptyText = 'No certificates found.', onViewDetails, onExport }) { +export default function CertificateList({ rows, loading, error, emptyText = 'No certificates found.', onViewDetails, onExport, showPrivateKeys = false }) { if (loading) { return ( @@ -18,7 +18,7 @@ export default function CertificateList({ rows, loading, error, emptyText = 'No {rows.map((row) => ( - + ))} diff --git a/src/pages/TlsManagement.jsx b/src/pages/TlsManagement.jsx index 82858ef3d8..ec509a853d 100644 --- a/src/pages/TlsManagement.jsx +++ b/src/pages/TlsManagement.jsx @@ -14,7 +14,7 @@ import ImportCertificateDialogContent from '../components/ImportCertificateDialo import CertificateDetailsDialog from '../components/CertificateDetailsDialog' export default function TlsManagement() { - const { counts, filterBy, loading, error, refetch } = useCertificates() + const { all, counts, filterBy, loading, error, refetch } = useCertificates() const [params, setParams] = useSearchParams() const tabKeys = ['native', 'trusted', 'private'] const initialKey = params.get('tab') && tabKeys.includes(params.get('tab')) ? params.get('tab') : 'native' @@ -28,6 +28,7 @@ export default function TlsManagement() { const [detailsDialogOpen, setDetailsDialogOpen] = useState(false) const [selectedCertificate, setSelectedCertificate] = useState(null) + const [showPrivateKeys, setShowPrivateKeys] = useState(false) const openDialog = ({ type, title, props = {} }) => { setDialogTitle(title) @@ -58,6 +59,10 @@ export default function TlsManagement() { setSelectedCertificate(null) } + const handleTogglePrivateKeys = () => { + setShowPrivateKeys(!showPrivateKeys) + } + const handleExport = (certificate) => { // TODO: Implement certificate export functionality console.log('Export certificate:', certificate) @@ -104,6 +109,7 @@ export default function TlsManagement() { private: { title: 'Private Key Store', actions: [ + { key: 'show-private-keys', label: showPrivateKeys ? 'Hide Private Keys' : 'Show Private Keys', color: 'warning', onClick: handleTogglePrivateKeys }, { key: 'import-cert', label: 'Import Certificate', color: 'info', onClick: () => openImportDialog() }, { key: 'add-new', label: 'Add New', variant: 'contained', color: 'success', onClick: () => openDialog({ type: 'text', title: 'Add New Private Key', props: { text: 'Placeholder dialog for adding a new private key certificate.' } }) }, ], @@ -126,6 +132,7 @@ export default function TlsManagement() { error={error} onViewDetails={handleViewDetails} onExport={handleExport} + showPrivateKeys={showPrivateKeys} /> @@ -140,6 +147,7 @@ export default function TlsManagement() { error={error} onViewDetails={handleViewDetails} onExport={handleExport} + showPrivateKeys={showPrivateKeys} /> @@ -154,6 +162,7 @@ export default function TlsManagement() { error={error} onViewDetails={handleViewDetails} onExport={handleExport} + showPrivateKeys={showPrivateKeys} /> @@ -185,6 +194,7 @@ export default function TlsManagement() { onClose={handleCloseDetails} certificate={selectedCertificate} /> + ) } diff --git a/src/services/tlsService.js b/src/services/tlsService.js index c3b1edec20..e59889dc25 100644 --- a/src/services/tlsService.js +++ b/src/services/tlsService.js @@ -115,6 +115,7 @@ export async function fetchCertificates() { store: 'private', channelsInUse: pair.channelsInUse || [], rawCertificate: pair.certificate, + rawPrivateKey: pair.privateKey, // Include private key in response parsedCertificate: parsed, }) } From 64e8b7b505a85ce285ab87b4848b9e4c6226c69e Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 6 Oct 2025 11:12:34 +0300 Subject: [PATCH 070/360] Rename HttpConnectorProperties to TLSConnectorProperties --- .../HTTPSenderConnectorPropertiesPanel.java | 17 ++++++++--------- .../tlsmanager/server/SocketFactoryService.java | 4 ++-- .../connectorconfig/TLSHttpConfiguration.java | 6 +++--- .../tlsmanager/server/MiscTests.java | 6 +++--- .../shared/SerializationController.java | 4 ++-- ...perties.java => TLSConnectorProperties.java} | 10 +++++----- 6 files changed, 23 insertions(+), 24 deletions(-) rename shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/{HttpConnectorProperties.java => TLSConnectorProperties.java} (92%) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index 0d9540d6ec..b236e9a298 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -30,7 +30,7 @@ import org.openintegrationengine.tlsmanager.client.dialog.ItemPickerDialog; import org.openintegrationengine.tlsmanager.client.misc.RevocationModeComboBoxRenderer; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; -import org.openintegrationengine.tlsmanager.shared.properties.HttpConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; import org.openintegrationengine.tlsmanager.shared.servlet.TLSServletInterface; import javax.swing.ButtonGroup; @@ -84,11 +84,11 @@ public class HTTPSenderConnectorPropertiesPanel extends AbstractConnectorPropert private JButton ciphersButton; private JLabel ciphersText; - private HttpConnectorProperties properties; + private TLSConnectorProperties properties; private Set importedAliases; public HTTPSenderConnectorPropertiesPanel() { - this.properties = new HttpConnectorProperties(); + this.properties = new TLSConnectorProperties(); this.importedAliases = new HashSet<>(); initComponents(); @@ -97,22 +97,22 @@ public HTTPSenderConnectorPropertiesPanel() { } @Override - public HttpConnectorProperties getProperties() { + public TLSConnectorProperties getProperties() { return properties.clone(); } @Override public void setProperties(ConnectorProperties connectorProperties, ConnectorPluginProperties connectorPluginProperties, Connector.Mode mode, String s) { - if (connectorPluginProperties instanceof HttpConnectorProperties httpConnectorProperties) { - this.properties = httpConnectorProperties; + if (connectorPluginProperties instanceof TLSConnectorProperties TLSConnectorProperties) { + this.properties = TLSConnectorProperties; redrawState(); - handleManagerEnabledButton(httpConnectorProperties.isTlsManagerEnabled()); + handleManagerEnabledButton(TLSConnectorProperties.isTlsManagerEnabled()); } } @Override public ConnectorPluginProperties getDefaults() { - return new HttpConnectorProperties(); + return new TLSConnectorProperties(); } @Override @@ -382,7 +382,6 @@ private void redrawState() { crlModeComboBox.setSelectedItem(properties.getCrlMode()); oscpModeComboBox.setSelectedItem(properties.getOscpMode()); - var thingsToTrust = new ArrayList(); if (properties.isTrustSystemTruststore()) { thingsToTrust.add("System Truststore"); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index 845ffe177d..a0ea2f3f0b 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -6,7 +6,7 @@ import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; -import org.openintegrationengine.tlsmanager.shared.properties.HttpConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; import javax.net.ssl.CertPathTrustManagerParameters; import javax.net.ssl.SSLContext; @@ -39,7 +39,7 @@ public SocketFactoryService( this.configurationController = configurationController; } - public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector connector, HttpConnectorProperties properties) { + public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector connector, TLSConnectorProperties properties) { try { var truststore = certificateService.getTrustStoreFromProperties( properties.isTrustSystemTruststore(), diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java index 965cf7b113..069494647d 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java @@ -38,7 +38,7 @@ import org.openintegrationengine.tlsmanager.server.CertificateService; import org.openintegrationengine.tlsmanager.server.SocketFactoryService; import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; -import org.openintegrationengine.tlsmanager.shared.properties.HttpConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; @Slf4j public class TLSHttpConfiguration extends DefaultHttpConfiguration { @@ -115,7 +115,7 @@ public void configureReceiver(HttpReceiver connector) throws Exception { private void configureSocketFactory(HttpDispatcher connector) { var oTlsPluginProperties = connector.getConnectorProperties().getPluginProperties() .stream() - .filter(HttpConnectorProperties.class::isInstance) + .filter(TLSConnectorProperties.class::isInstance) .findFirst(); // TODO Fix repetition @@ -128,7 +128,7 @@ private void configureSocketFactory(HttpDispatcher connector) { return; } - var properties = (HttpConnectorProperties) oTlsPluginProperties.get(); + var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); if (!properties.isTlsManagerEnabled()) { try { super.configureSocketFactoryRegistry(null, connector.getSocketFactoryRegistry()); diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java index 78790d18ae..90b096609c 100644 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java @@ -18,7 +18,7 @@ import org.openintegrationengine.tlsmanager.server.util.MockDestinationConnector; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; -import org.openintegrationengine.tlsmanager.shared.properties.HttpConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; import javax.net.ssl.SSLHandshakeException; import java.io.ByteArrayInputStream; @@ -96,7 +96,7 @@ public void asi() throws IOException, KeyStoreException, CertificateException, N certificateService ); - var connectorProperties = new HttpConnectorProperties(); + var connectorProperties = new TLSConnectorProperties(); connectorProperties.setCrlMode(RevocationMode.DISABLED); connectorProperties.setOscpMode(RevocationMode.DISABLED); @@ -140,7 +140,7 @@ public void test_SSLHandShakeException() throws IOException, KeyStoreException, certificateService ); - var connectorProperties = new HttpConnectorProperties(); + var connectorProperties = new TLSConnectorProperties(); var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, connectorProperties); diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java index 1383505903..d9ed8b4b5e 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java @@ -17,14 +17,14 @@ package org.openintegrationengine.tlsmanager.shared; import com.mirth.connect.model.converters.ObjectXMLSerializer; -import org.openintegrationengine.tlsmanager.shared.properties.HttpConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; import java.util.List; public class SerializationController { private static final List types = List.of( - HttpConnectorProperties.class.getCanonicalName() + TLSConnectorProperties.class.getCanonicalName() ); private static final List wildcardTypes = List.of(); diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/HttpConnectorProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java similarity index 92% rename from shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/HttpConnectorProperties.java rename to shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java index 27418f7c45..155d416b08 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/HttpConnectorProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java @@ -30,7 +30,7 @@ @Getter @Setter @EqualsAndHashCode(callSuper = false) -public class HttpConnectorProperties extends ConnectorPluginProperties { +public class TLSConnectorProperties extends ConnectorPluginProperties { private boolean isTlsManagerEnabled; private boolean isServerCertificateValidationEnabled; @@ -54,7 +54,7 @@ public class HttpConnectorProperties extends ConnectorPluginProperties { private boolean isHostnameVerificationEnabled; private String clientCertificateAlias; - public HttpConnectorProperties() { + public TLSConnectorProperties() { isTlsManagerEnabled = false; isServerCertificateValidationEnabled = false; @@ -74,7 +74,7 @@ public HttpConnectorProperties() { clientCertificateAlias = null; } - public HttpConnectorProperties(HttpConnectorProperties props) { + public TLSConnectorProperties(TLSConnectorProperties props) { isTlsManagerEnabled = props.isTlsManagerEnabled(); isServerCertificateValidationEnabled = props.isServerCertificateValidationEnabled(); @@ -100,8 +100,8 @@ public String getName() { } @Override - public HttpConnectorProperties clone() { - return new HttpConnectorProperties(this); + public TLSConnectorProperties clone() { + return new TLSConnectorProperties(this); } @Override From 8845ffd0bc8af8d0385db5ae9f5d5655c1830778 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 6 Oct 2025 13:37:48 +0300 Subject: [PATCH 071/360] Fix typo --- .../HTTPSenderConnectorPropertiesPanel.java | 28 +++++++++---------- .../tlsmanager/server/MiscTests.java | 2 +- .../properties/TLSConnectorProperties.java | 6 ++-- 3 files changed, 17 insertions(+), 19 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index b236e9a298..12f03cce67 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -69,8 +69,8 @@ public class HTTPSenderConnectorPropertiesPanel extends AbstractConnectorPropert private JLabel crlModeLabel; private MirthComboBox crlModeComboBox; - private JLabel oscpModeLabel; - private MirthComboBox oscpModeComboBox; + private JLabel ocspModeLabel; + private MirthComboBox ocspModeComboBox; private JLabel clientCertLabel; private JButton clientCertButton; @@ -222,11 +222,11 @@ private void initComponents() { crlModeComboBox.setModel(new DefaultComboBoxModel<>(revocationModeModel)); crlModeComboBox.addActionListener(evt -> handleCrlModeChange()); - oscpModeLabel = new JLabel("OSCP Mode:"); - oscpModeComboBox = new MirthComboBox<>(); - oscpModeComboBox.setRenderer(comboBoxRenderer); - oscpModeComboBox.setModel(new DefaultComboBoxModel<>(revocationModeModel)); - oscpModeComboBox.addActionListener(evt -> handleOscpModeChange()); + ocspModeLabel = new JLabel("OCSP Mode:"); + ocspModeComboBox = new MirthComboBox<>(); + ocspModeComboBox.setRenderer(comboBoxRenderer); + ocspModeComboBox.setModel(new DefaultComboBoxModel<>(revocationModeModel)); + ocspModeComboBox.addActionListener(evt -> handleOcspModeChange()); clientCertLabel = new JLabel("Client Certificate:"); clientCertButton = new JButton(wrenchIcon); @@ -302,8 +302,8 @@ private void initLayout() { add(crlModeLabel, "newline, right"); add(crlModeComboBox); - add(oscpModeLabel, "newline, right"); - add(oscpModeComboBox); + add(ocspModeLabel, "newline, right"); + add(ocspModeComboBox); add(trustedServerCertsLabel, "newline, right"); add(trustedServerCertsButton, "h 22!, w 22!, split"); @@ -332,9 +332,9 @@ private void handleCrlModeChange() { } } - private void handleOscpModeChange() { - if (oscpModeComboBox.getSelectedItem() instanceof RevocationMode revocationMode) { - properties.setOscpMode(revocationMode); + private void handleOcspModeChange() { + if (ocspModeComboBox.getSelectedItem() instanceof RevocationMode revocationMode) { + properties.setOcspMode(revocationMode); } } @@ -380,7 +380,7 @@ private void redrawState() { } crlModeComboBox.setSelectedItem(properties.getCrlMode()); - oscpModeComboBox.setSelectedItem(properties.getOscpMode()); + ocspModeComboBox.setSelectedItem(properties.getOcspMode()); var thingsToTrust = new ArrayList(); if (properties.isTrustSystemTruststore()) { @@ -425,8 +425,6 @@ private void fetchData() { final var workingId = PlatformUI.MIRTH_FRAME.startWorking("Fetching imported certificates..."); var worker = new SwingWorker() { - private String errorMessage = ""; - private Set aliasSet; public Void doInBackground() { diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java index 90b096609c..4a4210517b 100644 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java @@ -98,7 +98,7 @@ public void asi() throws IOException, KeyStoreException, CertificateException, N var connectorProperties = new TLSConnectorProperties(); connectorProperties.setCrlMode(RevocationMode.DISABLED); - connectorProperties.setOscpMode(RevocationMode.DISABLED); + connectorProperties.setOcspMode(RevocationMode.DISABLED); var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, connectorProperties); diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java index 155d416b08..0926b14a9e 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java @@ -37,7 +37,7 @@ public class TLSConnectorProperties extends ConnectorPluginProperties { // Certificate revocation modes private RevocationMode crlMode; - private RevocationMode oscpMode; + private RevocationMode ocspMode; // Public certificates private boolean trustSystemTruststore; @@ -59,7 +59,7 @@ public TLSConnectorProperties() { isServerCertificateValidationEnabled = false; crlMode = RevocationMode.HARD_FAIL; - oscpMode = RevocationMode.HARD_FAIL; + ocspMode = RevocationMode.HARD_FAIL; trustSystemTruststore = true; trustedServerCertificates = Collections.emptySet(); @@ -79,7 +79,7 @@ public TLSConnectorProperties(TLSConnectorProperties props) { isServerCertificateValidationEnabled = props.isServerCertificateValidationEnabled(); crlMode = props.getCrlMode(); - oscpMode = props.getOscpMode(); + ocspMode = props.getOcspMode(); trustSystemTruststore = props.isTrustSystemTruststore(); trustedServerCertificates = props.getTrustedServerCertificates(); From e544757508a9f5f12bb33b92b854e4f407cdaca4 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 6 Oct 2025 14:09:00 +0300 Subject: [PATCH 072/360] Add the option to supply a socket to connection test function --- .../server/util/ConnectionUtils.java | 24 +++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java index 42ef981a73..e34a40ffdc 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java @@ -7,6 +7,7 @@ import javax.net.ssl.SSLSocket; import java.io.IOException; import java.net.InetSocketAddress; +import java.net.Socket; public class ConnectionUtils { @@ -17,6 +18,26 @@ public static ConnectionTestResponse thing( int timeout, String localAddr, int localPort + ) throws IOException { + return thing( + socketFactory, + null, + host, + port, + timeout, + localAddr, + localPort + ); + } + + public static ConnectionTestResponse thing( + SSLConnectionSocketFactory socketFactory, + Socket socket, + String host, + int port, + int timeout, + String localAddr, + int localPort ) throws IOException { if ( host == null @@ -45,11 +66,10 @@ public static ConnectionTestResponse thing( localAddress = new InetSocketAddress(localAddr, localPort); } - try ( var sslSocket = (SSLSocket) socketFactory.connectSocket( timeout, - null, + socket, target, remoteAddress, localAddress, From a52ee69cb95f7ad23cbabb079184861296dcfd70 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 6 Oct 2025 14:18:59 +0300 Subject: [PATCH 073/360] Move port in connection testing to the end of the hostname field --- .../tlsmanager/server/util/ConnectionUtils.java | 8 +------- .../tlsmanager/server/MiscTests.java | 6 ++---- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java index e34a40ffdc..477baa96ba 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java @@ -14,7 +14,6 @@ public class ConnectionUtils { public static ConnectionTestResponse thing( SSLConnectionSocketFactory socketFactory, String host, - int port, int timeout, String localAddr, int localPort @@ -23,7 +22,6 @@ public static ConnectionTestResponse thing( socketFactory, null, host, - port, timeout, localAddr, localPort @@ -34,7 +32,6 @@ public static ConnectionTestResponse thing( SSLConnectionSocketFactory socketFactory, Socket socket, String host, - int port, int timeout, String localAddr, int localPort @@ -42,14 +39,11 @@ public static ConnectionTestResponse thing( if ( host == null || host.isEmpty() - || port <= 0 - || port > 65535 ) { return new ConnectionTestResponse(ConnectionTestResponse.Type.FAILURE, "Invalid host or port."); } - // TODO Dynamic scheme - var target = new HttpHost(host, port, "https"); + var target = HttpHost.create(host); InetSocketAddress remoteAddress = new InetSocketAddress(target.getHostName(), target.getPort()); diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java index 4a4210517b..2d03505bef 100644 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java @@ -104,8 +104,7 @@ public void asi() throws IOException, KeyStoreException, CertificateException, N var exception = assertThrows(SSLHandshakeException.class, () -> ConnectionUtils.thing( socketFactory, - "valid.crl.caddy", - 9443, + "valid.crl.caddy:9443", 1_000, null, 0 @@ -147,8 +146,7 @@ public void test_SSLHandShakeException() throws IOException, KeyStoreException, var exception = assertThrows(SSLHandshakeException.class, () -> { var connectionResult = ConnectionUtils.thing( socketFactory, - "valid.crl.caddy", - 9443, + "valid.crl.caddy:9443", 2_000, null, 0 From a81e7df84d6dd88dcb2d48d8608f9293ea256083 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 6 Oct 2025 14:24:00 +0300 Subject: [PATCH 074/360] Implement simultaneous CRL and OCSP checking in DualCheckerTrustManager --- server/pom.xml | 12 + .../server/SocketFactoryService.java | 54 +--- .../revocation/DualCheckerTrustManager.java | 260 ++++++++++++++++++ .../tlsmanager/server/MiscTests.java | 1 - 4 files changed, 281 insertions(+), 46 deletions(-) create mode 100644 server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java diff --git a/server/pom.xml b/server/pom.xml index 617cdce2f7..a24a0cf5d1 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -33,6 +33,18 @@ + + org.bouncycastle + bcpkix-jdk18on + 1.78.1 + + + + org.bouncycastle + bcprov-jdk18on + 1.78.1 + + org.openintegrationengine shared diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index a0ea2f3f0b..376fbf9092 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -5,23 +5,14 @@ import com.mirth.connect.util.MirthSSLUtil; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; +import org.openintegrationengine.tlsmanager.server.revocation.DualCheckerTrustManager; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; -import javax.net.ssl.CertPathTrustManagerParameters; import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManagerFactory; -import java.security.InvalidAlgorithmParameterException; +import javax.net.ssl.TrustManager; import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; -import java.security.cert.CertPathBuilder; -import java.security.cert.CertStore; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.PKIXRevocationChecker; -import java.security.cert.X509CertSelector; -import java.util.EnumSet; import java.util.concurrent.ConcurrentHashMap; public class SocketFactoryService { @@ -52,43 +43,16 @@ public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector return null; } - var pkixBuilderParameters = new PKIXBuilderParameters(truststore, new X509CertSelector()); - - pkixBuilderParameters.setRevocationEnabled( - properties.getCrlMode() != RevocationMode.DISABLED - || properties.getOscpMode() != RevocationMode.DISABLED - ); - - var crlStore = CertStore.getInstance( - "Collection", - new CollectionCertStoreParameters() + var dualcheckerTrustManager = new DualCheckerTrustManager( + truststore, + properties.getOcspMode(), + properties.getCrlMode(), + null ); - pkixBuilderParameters.addCertStore(crlStore); - - if (properties.getCrlMode() != RevocationMode.DISABLED) { - // Prefer CRLs and avoid falling back to OCSP (adjust to your policy) - // TODO investigate OCSP - var revocationChecker = (PKIXRevocationChecker) CertPathBuilder.getInstance("PKIX").getRevocationChecker(); - - var revocationOptions = EnumSet.of( - PKIXRevocationChecker.Option.PREFER_CRLS, - PKIXRevocationChecker.Option.NO_FALLBACK - ); - - if (properties.getCrlMode() == RevocationMode.SOFT_FAIL) { - // This options sets from the default of HARD_FAIL to SOFT_FAIL - revocationOptions.add(PKIXRevocationChecker.Option.SOFT_FAIL); - } - - revocationChecker.setOptions(revocationOptions); - pkixBuilderParameters.addCertPathChecker(revocationChecker); - } - var trustManagerFactory = TrustManagerFactory.getInstance("PKIX"); - trustManagerFactory.init(new CertPathTrustManagerParameters(pkixBuilderParameters)); var sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, trustManagerFactory.getTrustManagers(), null); + sslContext.init(null, new TrustManager[] { dualcheckerTrustManager }, null); var protocolArray = properties.isUseServerDefaultProtocols() ? MirthSSLUtil.getEnabledHttpsProtocols(configurationController.getHttpsServerProtocols()) @@ -108,7 +72,7 @@ public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector cipherArray, hostnameVerificationStrategy ); - } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | InvalidAlgorithmParameterException e) { + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) { throw new RuntimeException(e); } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java new file mode 100644 index 0000000000..cac8257591 --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -0,0 +1,260 @@ +package org.openintegrationengine.tlsmanager.server.revocation; + +import org.bouncycastle.asn1.ASN1Primitive; +import org.bouncycastle.asn1.DEROctetString; +import org.bouncycastle.asn1.x509.AccessDescription; +import org.bouncycastle.asn1.x509.AuthorityInformationAccess; +import org.bouncycastle.asn1.x509.CRLDistPoint; +import org.bouncycastle.asn1.x509.DistributionPoint; +import org.bouncycastle.asn1.x509.DistributionPointName; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; + +import javax.net.ssl.SSLEngine; +import javax.net.ssl.X509ExtendedTrustManager; +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.net.Socket; +import java.net.URI; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.cert.CRL; +import java.security.cert.CertPath; +import java.security.cert.CertPathValidator; +import java.security.cert.CertPathValidatorException; +import java.security.cert.CertStore; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.CollectionCertStoreParameters; +import java.security.cert.PKIXParameters; +import java.security.cert.PKIXRevocationChecker; +import java.security.cert.TrustAnchor; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collection; +import java.util.EnumSet; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +public final class DualCheckerTrustManager extends X509ExtendedTrustManager { + + private final KeyStore trustStore; + private final RevocationMode ocspMode, crlMode; + private final Collection preloadedCrls; // optional (in addition to CRLDP) + + public DualCheckerTrustManager( + KeyStore trustStore, + RevocationMode ocspMode, + RevocationMode crlMode, + Collection preloadedCrls + ) { + this.trustStore = trustStore; + this.ocspMode = ocspMode; + this.crlMode = crlMode; + this.preloadedCrls = preloadedCrls == null ? List.of() : preloadedCrls; + } + + // --- JSSE delegation --- + @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { validate(chain); } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { validate(chain); } + @Override public void checkServerTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { validate(chain); } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { validate(chain); } + @Override public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine e) throws CertificateException { validate(chain); } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine e) throws CertificateException { validate(chain); } + @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } + + // --- Core: run two separate PKIX passes, each with its own PKIXRevocationChecker --- + private void validate(X509Certificate[] chain) throws CertificateException { + try { + Set anchors = anchorsFrom(trustStore); + if (anchors.isEmpty()) { + throw new CertificateException("No trust anchors found in truststore"); + } + + var certificateFactory = CertificateFactory.getInstance("X.509"); + var certPath = certificateFactory.generateCertPath(Arrays.asList(chain)); + + // Baseline chain sanity (revocation OFF) to get clean path errors early. + var base = new PKIXParameters(anchors); + base.setRevocationEnabled(false); + + CertPathValidator.getInstance("PKIX").validate(certPath, base); + + // OCSP-only pass (if requested) + if (ocspMode != RevocationMode.DISABLED) { + try { + pkixOcspOnly(certPath, anchors, ocspMode == RevocationMode.SOFT_FAIL); + } catch (CertPathValidatorException e) { + if (e.getReason() == CertPathValidatorException.BasicReason.REVOKED) { + throw new CertificateException("OCSP: certificate revoked", e); + } + + if (ocspMode == RevocationMode.HARD_FAIL) { + throw new CertificateException("OCSP hard-fail: " + e.getReason(), e); + } + // SOFT_FAIL: ignore + } + } + + // CRL-only pass (if requested) + if (crlMode != RevocationMode.DISABLED) { + try { + // Preloaded CRLs + CRLDP-fetched CRLs (HTTP) + List crls = new ArrayList<>(preloadedCrls); + crls.addAll(fetchCrlsFromCrlDP(chain)); + pkixCrlOnly(certPath, anchors, crls, crlMode == RevocationMode.SOFT_FAIL); + } catch (CertPathValidatorException e) { + if (e.getReason() == CertPathValidatorException.BasicReason.REVOKED) { + throw new CertificateException("CRL: certificate revoked", e); + } + + if (crlMode == RevocationMode.HARD_FAIL) { + throw new CertificateException("CRL hard-fail: " + e.getReason(), e); + } + // SOFT_FAIL: ignore + } + } + // If both are HARD_FAIL, reaching here means both passes succeeded. + + } catch (GeneralSecurityException e) { + if (e instanceof CertificateException exception) { + throw exception; + } + + throw new CertificateException("Validation error: " + e.getMessage(), e); + } + } + + // ---- Pass A: OCSP-only ---- + private void pkixOcspOnly(CertPath path, Set anchors, boolean softFail) throws GeneralSecurityException { + var params = new PKIXParameters(anchors); + params.setRevocationEnabled(true); + + var certPathValidator = CertPathValidator.getInstance("PKIX"); + var revocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker(); + + var opts = EnumSet.of( + PKIXRevocationChecker.Option.NO_FALLBACK // do NOT fall back to CRLs + ); + + if (softFail) opts.add(PKIXRevocationChecker.Option.SOFT_FAIL); + + // Fixed responder or AIA from leaf + var ocspUrl = firstOcspUrlFromAIA((X509Certificate) path.getCertificates().get(0)); + if (ocspUrl != null) { + revocationChecker.setOcspResponder(ocspUrl); + } + + revocationChecker.setOptions(opts); + params.addCertPathChecker(revocationChecker); + + certPathValidator.validate(path, params); + } + + // ---- Pass B: CRL-only ---- + private void pkixCrlOnly(CertPath path, Set anchors, Collection crls, boolean softFail) throws GeneralSecurityException { + var params = new PKIXParameters(anchors); + params.setRevocationEnabled(true); + + if (crls != null && !crls.isEmpty()) { + CertStore cs = CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)); + params.addCertStore(cs); + } + + var certPathValidator = CertPathValidator.getInstance("PKIX"); + var revocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker(); + + var opts = EnumSet.of( + PKIXRevocationChecker.Option.PREFER_CRLS, // CRL-first + PKIXRevocationChecker.Option.NO_FALLBACK // do NOT fall back to OCSP + ); + + if (softFail) { + opts.add(PKIXRevocationChecker.Option.SOFT_FAIL); + } + + revocationChecker.setOptions(opts); + params.addCertPathChecker(revocationChecker); + + certPathValidator.validate(path, params); + } + + // ---- Helpers: anchors, AIA->OCSP URL, CRLDP fetch (HTTP) ---- + private static Set anchorsFrom(KeyStore ks) throws KeyStoreException { + Set out = new HashSet<>(); + for (Enumeration e = ks.aliases(); e.hasMoreElements();) { + String a = e.nextElement(); + Certificate c = ks.getCertificate(a); + if (c instanceof X509Certificate certificate) { + out.add(new TrustAnchor(certificate, null)); + } + } + return out; + } + + private static URI firstOcspUrlFromAIA(X509Certificate cert) { + try { + byte[] ext = cert.getExtensionValue(Extension.authorityInfoAccess.getId()); + if (ext == null) return null; + byte[] inner = ((DEROctetString) ASN1Primitive.fromByteArray(ext)).getOctets(); + AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(ASN1Primitive.fromByteArray(inner)); + for (AccessDescription ad : aia.getAccessDescriptions()) { + if (ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { + String uri = ad.getAccessLocation().getName().toString(); + if (uri.startsWith("http://") || uri.startsWith("https://")) return URI.create(uri); + } + } + } catch (Exception ignore) {} + return null; + } + + private static Collection fetchCrlsFromCrlDP(X509Certificate[] chain) { + List out = new ArrayList<>(); + try { + var certificateFactory = CertificateFactory.getInstance("X.509"); + for (X509Certificate cert : chain) { + byte[] ext = cert.getExtensionValue(Extension.cRLDistributionPoints.getId()); + if (ext == null) continue; + + byte[] inner = ((DEROctetString) ASN1Primitive.fromByteArray(ext)).getOctets(); + + var crlDistPoint = CRLDistPoint.getInstance(ASN1Primitive.fromByteArray(inner)); + for (DistributionPoint p : crlDistPoint.getDistributionPoints()) { + var name = p.getDistributionPoint(); + if (name == null || name.getType() != DistributionPointName.FULL_NAME) continue; + + for (GeneralName gn : GeneralNames.getInstance(name.getName()).getNames()) { + if (gn.getTagNo() == GeneralName.uniformResourceIdentifier) { + String uri = gn.getName().toString(); + if (!uri.startsWith("http://")) continue; // keep simple; avoid HTTPS recursion + + try (InputStream in = URI.create(uri).toURL().openStream()) { + byte[] bytes = in.readAllBytes(); + byte[] der = maybeDecodePem(bytes, "CRL"); + out.add(certificateFactory.generateCRL(new ByteArrayInputStream(der))); + } catch (Exception ignoreOne) {} + } + } + } + } + } catch (Exception ignore) {} + return out; + } + + private static byte[] maybeDecodePem(byte[] content, String type) { + String s = new String(content); + if (!s.contains("-----BEGIN " + type)) return content; + String base64 = s.replaceAll("-----BEGIN [^-]+-----", "") + .replaceAll("-----END [^-]+-----", "") + .replaceAll("\\s", ""); + return Base64.getDecoder().decode(base64); + } +} diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java index 2d03505bef..0031dc6823 100644 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java @@ -61,7 +61,6 @@ void setup() { configurationController = mock(MockConfigurationController.class); when(configurationController.getHttpsServerProtocols()).thenReturn(protocols()); when(configurationController.getHttpsCipherSuites()).thenReturn(cipherSuites()); - } @AfterEach From c43697724b4d52bd4966ef4b35ee3c8d3193c8f4 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 6 Oct 2025 14:25:28 +0300 Subject: [PATCH 075/360] Skip running tests in build.sh --- build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.sh b/build.sh index d4dec5eeb6..7fcea422f2 100755 --- a/build.sh +++ b/build.sh @@ -14,7 +14,7 @@ function main() { echo " Building jars..." echo echo "########################################" - mvn install package + mvn install package -DskipTests PLUGIN_PATH=$(mvn exec:exec --non-recursive --quiet -Dexec.executable="echo" -Dexec.args='${mirth.plugin.path}') ARTIFACT_ID=$(mvn exec:exec --non-recursive --quiet -Dexec.executable="echo" -Dexec.args='${project.artifactId}') @@ -60,4 +60,4 @@ function main() { set -euxo pipefail STAGING_DIR=target/staging -main \ No newline at end of file +main From df38d77fb551e3093a18fb54f9ffedc77fee335f Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 6 Oct 2025 14:26:23 +0300 Subject: [PATCH 076/360] Fix some missing properties in MiscTests --- .../tlsmanager/server/MiscTests.java | 6 +++++- .../tlsmanager/server/util/Statics.java | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 server/src/test/java/org/openintegrationengine/tlsmanager/server/util/Statics.java diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java index 0031dc6823..64b5dbfc6b 100644 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java @@ -37,6 +37,8 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mockStatic; import static org.mockito.Mockito.when; +import static org.openintegrationengine.tlsmanager.server.util.Statics.cipherSuites; +import static org.openintegrationengine.tlsmanager.server.util.Statics.protocols; @ExtendWith(MockitoExtension.class) public class MiscTests { @@ -118,7 +120,7 @@ public void asi() throws IOException, KeyStoreException, CertificateException, N @UnitTest public void test_SSLHandShakeException() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException { - var connector = new HttpDispatcher(); + var connector = new MockDestinationConnector(); var trustStoreBackend = new SystemTrustStoreBackend(); var trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); @@ -127,6 +129,8 @@ public void test_SSLHandShakeException() throws IOException, KeyStoreException, trustStore.load(bais, trustStoreBackend.loadPassword()); } + certificateService = mock(CertificateService.class); + when( certificateService.getTrustStoreFromProperties(anyBoolean(), anySet(), isA(DestinationConnector.class)) ).thenReturn( diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/util/Statics.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/util/Statics.java new file mode 100644 index 0000000000..59326f3679 --- /dev/null +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/util/Statics.java @@ -0,0 +1,19 @@ +package org.openintegrationengine.tlsmanager.server.util; + +public final class Statics { + public static String[] protocols() { + return new String[] { + "TLSv1.3", "TLSv1.2", "SSLv2Hello" + }; + } + + public static String[] cipherSuites() { + return new String[] { + "TLS_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_GCM_SHA384", + "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", + "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" + }; + } +} From 32989d9fe55f3d72e35b9d2246497db10a588329 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 6 Oct 2025 16:19:12 +0300 Subject: [PATCH 077/360] Flesh out connection testing endpoint --- .../tlsmanager/server/CertificateService.java | 57 +++++++++++++------ .../server/servlets/TLSServlet.java | 8 +++ .../server/util/ConnectionUtils.java | 11 +++- .../shared/servlet/TLSServletInterface.java | 4 +- 4 files changed, 60 insertions(+), 20 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index da520d0562..8f79e4856d 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -16,20 +16,26 @@ package org.openintegrationengine.tlsmanager.server; +import com.mirth.connect.client.core.api.MirthApiException; +import com.mirth.connect.connectors.http.HttpDispatcherProperties; import com.mirth.connect.donkey.server.channel.DestinationConnector; import com.mirth.connect.server.util.TemplateValueReplacer; +import com.mirth.connect.util.ConnectionTestResponse; import lombok.Getter; import lombok.extern.slf4j.Slf4j; import org.openintegrationengine.tlsmanager.server.backend.DatabaseTrustStoreBackend; import org.openintegrationengine.tlsmanager.server.backend.FileTrustStoreBackend; import org.openintegrationengine.tlsmanager.server.backend.SystemTrustStoreBackend; import org.openintegrationengine.tlsmanager.server.backend.TrustStoreBackend; +import org.openintegrationengine.tlsmanager.server.util.ConnectionUtils; import org.openintegrationengine.tlsmanager.shared.PersistenceMode; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; +import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.net.URL; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -57,6 +63,8 @@ public final class CertificateService { private TemplateValueReplacer templateValueReplacer; + private static int TEST_CONNECTION_TIMEOUT = 5_000; + public CertificateService() { this( new TemplateValueReplacer() @@ -137,8 +145,8 @@ KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet if (!presentInSystem.isEmpty()) { log.warn( "Generating effective TrustStore for connector ({}) in channel ({}). Found and ignored aliases present in system truststore: {}", - connector.getDestinationName(), - connector.getChannel().getName(), + connector == null ? "testConnection" : connector.getDestinationName(), + connector == null ? "testConnection" : connector.getChannel().getName(), presentInSystem ); } @@ -146,8 +154,8 @@ KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet if (!unknownAliases.isEmpty()) { log.warn( "Generating effective TrustStore for connector ({}) in channel ({}). Found aliases not present in additional truststore: {}", - connector.getDestinationName(), - connector.getChannel().getName(), + connector == null ? "testConnection" : connector.getDestinationName(), + connector == null ? "testConnection" : connector.getChannel().getName(), presentInSystem ); } @@ -200,30 +208,45 @@ private PersistenceMode getPersistenceMode() { return persistenceMode; } - /* - TODO - public void testConnection( + public ConnectionTestResponse testConnection( String channelId, String channelName, - HttpConnectorProperties tlsProperties, HttpDispatcherProperties dispatcherProperties ) { + var oTlsPluginProperties = dispatcherProperties.getPluginProperties() + .stream() + .filter(TLSConnectorProperties.class::isInstance) + .findFirst(); + + + if (oTlsPluginProperties.isEmpty()) { + log.warn("No TLS plugin properties found for testConnection"); + return new ConnectionTestResponse(ConnectionTestResponse.Type.FAILURE, "No TLS plugin properties found for testConnection."); + } + + var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); + try { - var url = new URL( - templateValueReplacer.replaceValues(dispatcherProperties.getHost(), - channelId, - channelName - ) + var url = new URL(templateValueReplacer.replaceValues( + dispatcherProperties.getHost(), channelId, channelName + )); + + var socketFactoryService = TLSServicePlugin.getPluginInstance().getSocketFactoryService(); + var socketFactory = socketFactoryService.getConnectorSocketFactory(null, properties); + + var result = ConnectionUtils.thing( + socketFactory, + url.toString(), + TEST_CONNECTION_TIMEOUT, + null, + 0 ); - int port = url.getPort(); - // If no port was provided, default to port 80 or 443. - return ConnectorUtil.testConnection(url.getHost(), (port == -1) ? (StringUtils.equalsIgnoreCase(url.getProtocol(), "https") ? 443 : 80) : port, TIMEOUT); + return result; } catch (Exception e) { throw new MirthApiException(e); } } - */ /** * Perform a byte-level clone of a KeyStore object diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index 9679386855..bd669ab2b3 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -18,8 +18,11 @@ import com.kaurpalang.mirth.annotationsplugin.annotation.MirthApiProvider; import com.kaurpalang.mirth.annotationsplugin.type.ApiProviderType; +import com.mirth.connect.client.core.ClientException; +import com.mirth.connect.connectors.http.HttpDispatcherProperties; import com.mirth.connect.server.api.DontCheckAuthorized; import com.mirth.connect.server.api.MirthServlet; +import com.mirth.connect.util.ConnectionTestResponse; import lombok.extern.slf4j.Slf4j; import org.openintegrationengine.tlsmanager.server.CertificateService; import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; @@ -99,5 +102,10 @@ public String setTruststore(InputStream inputStream, String password) { certificateService.storeExtraTrustStore(trustStoreBytes, password.toCharArray()); return "timmis"; } + + @Override + public ConnectionTestResponse testConnection(String channelId, String channelName, HttpDispatcherProperties dispatcherProperties) throws ClientException { + return certificateService.testConnection(channelId, channelName, dispatcherProperties); + } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java index 477baa96ba..ed021b2fea 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java @@ -1,16 +1,22 @@ package org.openintegrationengine.tlsmanager.server.util; import com.mirth.connect.util.ConnectionTestResponse; +import lombok.extern.slf4j.Slf4j; import org.apache.http.HttpHost; +import org.apache.http.conn.SchemePortResolver; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.impl.conn.DefaultSchemePortResolver; import javax.net.ssl.SSLSocket; import java.io.IOException; import java.net.InetSocketAddress; import java.net.Socket; +@Slf4j public class ConnectionUtils { + private static SchemePortResolver defaultResolver = new DefaultSchemePortResolver(); + public static ConnectionTestResponse thing( SSLConnectionSocketFactory socketFactory, String host, @@ -45,7 +51,7 @@ public static ConnectionTestResponse thing( var target = HttpHost.create(host); - InetSocketAddress remoteAddress = new InetSocketAddress(target.getHostName(), target.getPort()); + InetSocketAddress remoteAddress = new InetSocketAddress(target.getHostName(), defaultResolver.resolve(target)); InetSocketAddress localAddress = null; if (localAddr != null) { @@ -78,6 +84,9 @@ public static ConnectionTestResponse thing( ); return new ConnectionTestResponse(ConnectionTestResponse.Type.SUCCESS, "Successfully connected to host: " + connectionInfo, connectionInfo); + } catch (Exception e) { + log.error("Error connecting to host: " + host, e); + return new ConnectionTestResponse(ConnectionTestResponse.Type.FAILURE, e.getMessage()); } } } diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java index 511e84f4f0..6066348688 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java @@ -23,6 +23,7 @@ import com.mirth.connect.client.core.api.BaseServletInterface; import com.mirth.connect.client.core.api.MirthOperation; import com.mirth.connect.client.core.api.Param; +import com.mirth.connect.connectors.http.HttpConnectorServletInterface; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Content; import io.swagger.v3.oas.annotations.media.Schema; @@ -50,7 +51,7 @@ @Consumes({ APPLICATION_XML, APPLICATION_JSON }) @Produces({ APPLICATION_XML, APPLICATION_JSON }) @MirthApiProvider(type = ApiProviderType.SERVLET_INTERFACE) -public interface TLSServletInterface extends BaseServletInterface { +public interface TLSServletInterface extends BaseServletInterface, HttpConnectorServletInterface { @GET @Path("/importedcertificates") @@ -108,5 +109,4 @@ String setTruststore( @FormDataParam("password") String password ) throws ClientException; - } From efe769fa53f83abc5076390bee5e88b4c378296a Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 7 Oct 2025 11:35:37 +0300 Subject: [PATCH 078/360] Move all initial configuration of the plugin into a separate POJO --- .../tlsmanager/server/CertificateService.java | 16 +++--- .../tlsmanager/server/TLSServicePlugin.java | 4 +- .../server/backend/FileTrustStoreBackend.java | 2 +- .../server/CertificateServiceTest.java | 24 ++++----- .../tlsmanager/shared/TLSPluginConstants.java | 6 ++- .../shared/models/TLSPluginConfiguration.java | 50 +++++++++++++++++++ 6 files changed, 74 insertions(+), 28 deletions(-) create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 8f79e4856d..a5a2f64c9b 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -30,6 +30,7 @@ import org.openintegrationengine.tlsmanager.server.util.ConnectionUtils; import org.openintegrationengine.tlsmanager.shared.PersistenceMode; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; +import org.openintegrationengine.tlsmanager.shared.models.TLSPluginConfiguration; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; import java.io.ByteArrayInputStream; @@ -66,18 +67,14 @@ public final class CertificateService { private static int TEST_CONNECTION_TIMEOUT = 5_000; public CertificateService() { - this( - new TemplateValueReplacer() - ); + this(new TemplateValueReplacer()); } - public CertificateService( - TemplateValueReplacer templateValueReplacer - ) { + public CertificateService(TemplateValueReplacer templateValueReplacer) { this.templateValueReplacer = templateValueReplacer; } - void init() { + void init(TLSPluginConfiguration pluginConfiguration) { systemTrustStoreBackend = new SystemTrustStoreBackend(); var persistenceMode = getPersistenceMode(); @@ -85,11 +82,11 @@ void init() { if (persistenceMode == PersistenceMode.DATABASE) { extraTrustStoreBackend = new DatabaseTrustStoreBackend(); } else if (persistenceMode == PersistenceMode.FILESYSTEM) { - var truststorePath = System.getenv(TLSPluginConstants.ENV_PERSISTENCE_FS_STOREPATH); + var truststorePath = System.getenv(TLSPluginConstants.ENV_PERSISTENCE_FS_TRUSTSTOREPATH); extraTrustStoreBackend = new FileTrustStoreBackend(truststorePath); } else { // Should not get here - throw new RuntimeException("Unsupported persistence mode: " + persistenceMode); + throw new RuntimeException("Unsupported persistence mode: " + pluginConfiguration.persistenceMode()); } extraTrustStoreBackend.init(); @@ -141,7 +138,6 @@ KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet } } - // TODO Connector data if (!presentInSystem.isEmpty()) { log.warn( "Generating effective TrustStore for connector ({}) in channel ({}). Found and ignored aliases present in system truststore: {}", diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java index 170553412c..fd4af7c779 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java @@ -25,6 +25,7 @@ import com.mirth.connect.plugins.ServicePlugin; import com.mirth.connect.server.controllers.ControllerFactory; import org.openintegrationengine.tlsmanager.shared.SerializationController; +import org.openintegrationengine.tlsmanager.shared.models.TLSPluginConfiguration; import java.util.HashMap; import java.util.Map; @@ -94,7 +95,8 @@ public String getPluginPointName() { @Override public void start() { - this.certificateService.init(); + var pluginConfiguration = TLSPluginConfiguration.fromEnv(); + this.certificateService.init(pluginConfiguration); } @Override diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java index 1da486ada2..2f482443c6 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java @@ -38,7 +38,7 @@ public class FileTrustStoreBackend implements TrustStoreBackend { private char[] storepass; public FileTrustStoreBackend(String keystorePath) { - this(keystorePath, System.getenv(TLSPluginConstants.ENV_PERSISTENCE_FS_STOREPASS)); + this(keystorePath, System.getenv(TLSPluginConstants.ENV_PERSISTENCE_FS_TRUSTSTOREPASS)); } public FileTrustStoreBackend(String keystorePath, String storePass) { diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/CertificateServiceTest.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/CertificateServiceTest.java index e37d42b964..14b98eb4fb 100644 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/CertificateServiceTest.java +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/CertificateServiceTest.java @@ -3,9 +3,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.junit.jupiter.MockitoExtension; import org.openintegrationengine.tlsmanager.shared.PersistenceMode; -import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; - -import static org.mockito.Mockito.mockStatic; +import org.openintegrationengine.tlsmanager.shared.models.TLSPluginConfiguration; @ExtendWith(MockitoExtension.class) public class CertificateServiceTest { @@ -19,16 +17,14 @@ public void setUp() { //@Test public void testSetTrustStore() { - try (var system = mockStatic(System.class)) { - system - .when(() -> System.getenv(TLSPluginConstants.ENV_PERSISTENCE_BACKEND)) - .thenReturn(PersistenceMode.DATABASE.toString()); - - certificateService.init(); - - System.out.println(System.getenv(TLSPluginConstants.ENV_PERSISTENCE_BACKEND)); - } - - //certificateService.storeExtraTrustStore(); + var pluginConfiguration = new TLSPluginConfiguration( + PersistenceMode.FILESYSTEM, + "/path/to", + "truststorePass", + "/path/to", + "keystorePass" + ); + + certificateService.init(pluginConfiguration); } } diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/TLSPluginConstants.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/TLSPluginConstants.java index 89c4f2bb29..7cc34d8815 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/TLSPluginConstants.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/TLSPluginConstants.java @@ -24,8 +24,10 @@ public final class TLSPluginConstants { public static final String PROPERTY_TRUST_BACKEND = "trust.backend"; public static final String ENV_PERSISTENCE_BACKEND = "OIE_TLS_PLUGIN_PERSISTENCE_BACKEND"; - public static final String ENV_PERSISTENCE_FS_STOREPASS = "OIE_TLS_PLUGIN_FS_STOREPASS"; - public static final String ENV_PERSISTENCE_FS_STOREPATH = "OIE_TLS_PLUGIN_FS_STOREPATH"; + public static final String ENV_PERSISTENCE_FS_TRUSTSTOREPATH = "OIE_TLS_PLUGIN_FS_TRUSTSTOREPATH"; + public static final String ENV_PERSISTENCE_FS_TRUSTSTOREPASS = "OIE_TLS_PLUGIN_FS_TRUSTSTOREPASS"; + public static final String ENV_PERSISTENCE_FS_KEYSTOREPASS = "OIE_TLS_PLUGIN_FS_KEYSTOREPASS"; + public static final String ENV_PERSISTENCE_FS_KEYSTOREPATH = "OIE_TLS_PLUGIN_FS_KEYSTOREPATH"; public static final String PKCS12 = "PKCS12"; diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java new file mode 100644 index 0000000000..64a8d3be9e --- /dev/null +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java @@ -0,0 +1,50 @@ +package org.openintegrationengine.tlsmanager.shared.models; + +import lombok.extern.slf4j.Slf4j; +import org.openintegrationengine.tlsmanager.shared.PersistenceMode; +import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; + +import static org.openintegrationengine.tlsmanager.shared.TLSPluginConstants.ENV_PERSISTENCE_FS_KEYSTOREPASS; +import static org.openintegrationengine.tlsmanager.shared.TLSPluginConstants.ENV_PERSISTENCE_FS_KEYSTOREPATH; +import static org.openintegrationengine.tlsmanager.shared.TLSPluginConstants.ENV_PERSISTENCE_FS_TRUSTSTOREPASS; +import static org.openintegrationengine.tlsmanager.shared.TLSPluginConstants.ENV_PERSISTENCE_FS_TRUSTSTOREPATH; + +@Slf4j +public record TLSPluginConfiguration( + PersistenceMode persistenceMode, + String truststorePath, + String truststorePassword, + String keystorePath, + String keystorePassword +) { + public static TLSPluginConfiguration fromEnv() { + var conf = new TLSPluginConfiguration( + getPersistenceMode(), + readKeyFromEnv(ENV_PERSISTENCE_FS_TRUSTSTOREPATH, false), + readKeyFromEnv(ENV_PERSISTENCE_FS_TRUSTSTOREPASS, false), + readKeyFromEnv(ENV_PERSISTENCE_FS_KEYSTOREPASS, false), + readKeyFromEnv(ENV_PERSISTENCE_FS_KEYSTOREPATH, false) + ); + + return conf; + } + + private static PersistenceMode getPersistenceMode() { + var persistenceModeFromEnv = readKeyFromEnv(TLSPluginConstants.ENV_PERSISTENCE_BACKEND, true); + + var persistenceMode = PersistenceMode.valueOf(persistenceModeFromEnv.toUpperCase()); + + log.info("Using persistence mode {}", persistenceMode); + + return persistenceMode; + } + + private static String readKeyFromEnv(String key, boolean isRequired) { + var keyFromEnv = System.getenv(key); + if (keyFromEnv == null && isRequired) { + throw new IllegalStateException("Env key (%s) is not set".formatted(keyFromEnv)); + } + + return keyFromEnv; + } +} From 43be74923fdbf3782fc3b559840da8db9e930ce8 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 7 Oct 2025 12:53:43 +0300 Subject: [PATCH 079/360] Add certificate verification functionality: Implement certificate verification in CertificateDetailsDialog and ImportCertificateDialogContent components. Introduce utility functions for parsing and validating certificate chains, and enhance user interface with detailed verification results, including chain validation and private key matching. Add .nvmrc file for Node version management. --- .nvmrc | 1 + src/components/CertificateDetailsDialog.jsx | 188 ++++- .../ImportCertificateDialogContent.jsx | 725 +++++++++++++++--- src/pages/TlsManagement.jsx | 2 +- src/utils/certificateUtils.js | 16 + src/utils/verificationUtils.js | 371 +++++++++ 6 files changed, 1206 insertions(+), 97 deletions(-) create mode 100644 .nvmrc create mode 100644 src/utils/verificationUtils.js diff --git a/.nvmrc b/.nvmrc new file mode 100644 index 0000000000..e28b3a48da --- /dev/null +++ b/.nvmrc @@ -0,0 +1 @@ +v22.7.0 \ No newline at end of file diff --git a/src/components/CertificateDetailsDialog.jsx b/src/components/CertificateDetailsDialog.jsx index 64ae81250a..c744065f80 100644 --- a/src/components/CertificateDetailsDialog.jsx +++ b/src/components/CertificateDetailsDialog.jsx @@ -13,15 +13,27 @@ import { Paper, Grid, IconButton, + Alert, + CircularProgress, + Accordion, + AccordionSummary, + AccordionDetails, + List, + ListItem, + ListItemText, } from '@mui/material' -import { Visibility, VisibilityOff } from '@mui/icons-material' +import { Visibility, VisibilityOff, ExpandMore, CheckCircle, Error, Warning } from '@mui/icons-material' import { formatDate } from '../utils/dateUtils.js' +import { verifyCertificate } from '../utils/verificationUtils.js' +import { base64ToPem, base64ToPrivateKeyPem } from '../utils/certificateUtils.js' export default function CertificateDetailsDialog({ open, onClose, certificate }) { if (!certificate) return null const { parsedCertificate, rawCertificate } = certificate const [showPrivateKey, setShowPrivateKey] = useState(false) + const [verificationResult, setVerificationResult] = useState(null) + const [isVerifying, setIsVerifying] = useState(false) const getStatusColor = (validFrom, validTo) => { const now = new Date() @@ -64,6 +76,29 @@ export default function CertificateDetailsDialog({ open, onClose, certificate }) })) } + const handleVerifyCertificate = async () => { + setIsVerifying(true) + try { + // Convert Base64 certificate to PEM format + const pemCertificate = base64ToPem(rawCertificate) + + // If private key is available, include it in verification + const privateKeyPem = certificate.hasPrivateKey && certificate.rawPrivateKey + ? base64ToPrivateKeyPem(certificate.rawPrivateKey) + : null + + const result = verifyCertificate(pemCertificate, privateKeyPem) + setVerificationResult(result) + } catch (error) { + setVerificationResult({ + success: false, + error: `Verification failed: ${error.message}` + }) + } finally { + setIsVerifying(false) + } + } + return ( @@ -234,6 +269,157 @@ export default function CertificateDetailsDialog({ open, onClose, certificate }) )} )} + + {/* Certificate Verification */} + + + Certificate Verification + + + + {verificationResult && ( + + {verificationResult.success ? ( + + Certificate verification completed successfully! + + ) : ( + + {verificationResult.error} + + )} + + {verificationResult.success && ( + + {/* Chain Validation Results */} + {verificationResult.chainValidation && ( + + }> + + {verificationResult.chainValidation.isValid ? ( + + ) : ( + + )} + + Chain Validation {verificationResult.chainValidation.isValid ? 'Passed' : 'Failed'} + + + + + {verificationResult.chainValidation.errors.length > 0 && ( + + + Errors: + + + {verificationResult.chainValidation.errors.map((error, index) => ( + + + + ))} + + + )} + {verificationResult.chainValidation.warnings.length > 0 && ( + + + Warnings: + + + {verificationResult.chainValidation.warnings.map((warning, index) => ( + + + + ))} + + + )} + {verificationResult.chainValidation.details.length > 0 && ( + + + Details: + + + {verificationResult.chainValidation.details.map((detail, index) => ( + + + + ))} + + + )} + + + )} + + {/* Private Key Validation */} + {verificationResult.keyValidation && ( + + }> + + {verificationResult.keyValidation.isValid ? ( + + ) : ( + + )} + + Private Key Validation {verificationResult.keyValidation.isValid ? 'Passed' : 'Failed'} + + + + + + {verificationResult.keyValidation.message} + + + + )} + + {/* Certificate Chain Details */} + {verificationResult.chainDetails && verificationResult.chainDetails.length > 1 && ( + + }> + + Certificate Chain ({verificationResult.chainDetails.length} certificates) + + + + + {verificationResult.chainDetails.map((cert, index) => ( + + + {cert.type} (Certificate #{cert.index}) + + + Subject: {cert.subject} + + + Issuer: {cert.issuer} + + + Valid: {cert.validFrom} - {cert.validTo} + + + ))} + + + + )} + + )} + + )} + diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index 009593d904..27e2faa402 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -1,7 +1,26 @@ import React, { useRef, useState } from 'react' -import { Box, Button, FormHelperText, Stack, TextField, Typography, Alert } from '@mui/material' -import { pemToBase64, privateKeyPemToBase64, isValidPemCertificate, isValidPemPrivateKey } from '../utils/certificateUtils.js' +import { + Box, + Button, + FormHelperText, + Stack, + TextField, + Typography, + Alert, + CircularProgress, + Accordion, + AccordionSummary, + AccordionDetails, + List, + ListItem, + ListItemText, + Chip, + Divider +} from '@mui/material' +import { ExpandMore, CheckCircle, Error, Warning, Security } from '@mui/icons-material' +import { pemToBase64, privateKeyPemToBase64, isValidPemCertificate, isValidPemPrivateKey, parseCertificate } from '../utils/certificateUtils.js' import { updateCertificates } from '../services/tlsService.js' +import { verifyCertificate } from '../utils/verificationUtils.js' export default function ImportCertificateDialogContent({ targetStore = 'trusted', @@ -17,12 +36,31 @@ export default function ImportCertificateDialogContent({ const [errors, setErrors] = useState({}) const [loading, setLoading] = useState(false) const [apiError, setApiError] = useState(null) + const [verificationResult, setVerificationResult] = useState(null) + const [isVerifying, setIsVerifying] = useState(false) + const [certificateDetails, setCertificateDetails] = useState(null) const fileInputRef = useRef(null) const privateKeyFileInputRef = useRef(null) const fileAccept = '.pem,.key,text/plain,application/x-pem-file' + // Parse certificate details when PEM text changes + const parseCertificateDetails = (pemText) => { + if (!pemText.trim() || !isValidPemCertificate(pemText)) { + setCertificateDetails(null) + return + } + + try { + const details = parseCertificate(pemToBase64(pemText)) + setCertificateDetails(details) + } catch (error) { + console.error('Failed to parse certificate details:', error) + setCertificateDetails(null) + } + } + const validate = () => { const nextErrors = {} if (!pemText.trim()) { @@ -48,6 +86,33 @@ export default function ImportCertificateDialogContent({ return Object.keys(nextErrors).length === 0 } + const handleVerifyCertificate = async () => { + if (!pemText.trim()) { + setErrors({ pemText: 'PEM content is required for verification.' }) + return + } + + setIsVerifying(true) + setVerificationResult(null) + + try { + // For private store, include private key if available + const privateKeyPem = targetStore === 'private' && privateKeyText.trim() + ? privateKeyText + : null + + const result = verifyCertificate(pemText, privateKeyPem) + setVerificationResult(result) + } catch (error) { + setVerificationResult({ + success: false, + error: `Verification failed: ${error.message}` + }) + } finally { + setIsVerifying(false) + } + } + const handleSubmit = async () => { if (!validate()) return @@ -102,121 +167,591 @@ export default function ImportCertificateDialogContent({ - - {apiError && ( - setApiError(null)}> - {apiError} - - )} - { - try { - const f = e.target.files && e.target.files[0] - setFile(f || null) - if (!f) return - const name = (f.name || '').toLowerCase() - if (!(name.endsWith('.pem') || name.endsWith('.key') || f.type === 'text/plain' || f.type === 'application/x-pem-file')) { - setErrors((prev) => ({ ...prev, file: 'Please select a .pem or .key file.' })) - return - } - const text = await f.text() - setPemText(text) - setErrors((prev) => ({ ...prev, file: undefined, pemText: undefined })) - } catch (err) { - setErrors((prev) => ({ ...prev, file: 'Failed to read file.' })) - } - }} - /> - - - - {file ? file.name : 'No file selected'} - - - {errors.file && {errors.file}} - - setPemText(e.target.value)} - error={Boolean(errors.pemText)} - helperText={errors.pemText || 'Paste certificate or chain. Uploading a .pem or .key file fills this field.'} - multiline - minRows={4} - maxRows={6} - fullWidth - /> - - {targetStore === 'private' && ( - <> + + + {/* Left Column - User Inputs */} + + + {apiError && ( + setApiError(null)}> + {apiError} + + )} + + setAlias(e.target.value)} + error={Boolean(errors.alias)} + helperText={errors.alias || "Provide a unique alias for this certificate"} + fullWidth + required + sx={{ marginTop: '10px !important' }} + /> + { try { const f = e.target.files && e.target.files[0] - setPrivateKeyFile(f || null) + setFile(f || null) if (!f) return const name = (f.name || '').toLowerCase() if (!(name.endsWith('.pem') || name.endsWith('.key') || f.type === 'text/plain' || f.type === 'application/x-pem-file')) { - setErrors((prev) => ({ ...prev, privateKeyFile: 'Please select a .pem or .key file.' })) + setErrors((prev) => ({ ...prev, file: 'Please select a .pem or .key file.' })) return } const text = await f.text() - setPrivateKeyText(text) - setErrors((prev) => ({ ...prev, privateKeyFile: undefined, privateKeyText: undefined })) + setPemText(text) + parseCertificateDetails(text) + setErrors((prev) => ({ ...prev, file: undefined, pemText: undefined })) } catch (err) { - setErrors((prev) => ({ ...prev, privateKeyFile: 'Failed to read file.' })) + setErrors((prev) => ({ ...prev, file: 'Failed to read file.' })) } }} /> - - - {privateKeyFile ? privateKeyFile.name : 'No private key file selected'} + + {file ? file.name : 'No file selected'} - {errors.privateKeyFile && {errors.privateKeyFile}} - - setPrivateKeyText(e.target.value)} - error={Boolean(errors.privateKeyText)} - helperText={errors.privateKeyText || 'Paste private key. Uploading a .pem or .key file fills this field.'} - multiline - minRows={4} - maxRows={6} - fullWidth - required - /> - - )} - - setAlias(e.target.value)} - error={Boolean(errors.alias)} - helperText={errors.alias || "Provide a unique alias for this certificate"} - fullWidth - required - /> - + {errors.file && {errors.file}} + + { + setPemText(e.target.value) + parseCertificateDetails(e.target.value) + }} + error={Boolean(errors.pemText)} + helperText={errors.pemText || 'Paste certificate or chain. Uploading a .pem or .key file fills this field.'} + multiline + minRows={4} + maxRows={6} + fullWidth + sx={{ marginTop: '10px' }} + /> + + {targetStore === 'private' && ( + <> + { + try { + const f = e.target.files && e.target.files[0] + setPrivateKeyFile(f || null) + if (!f) return + const name = (f.name || '').toLowerCase() + if (!(name.endsWith('.pem') || name.endsWith('.key') || f.type === 'text/plain' || f.type === 'application/x-pem-file')) { + setErrors((prev) => ({ ...prev, privateKeyFile: 'Please select a .pem or .key file.' })) + return + } + const text = await f.text() + setPrivateKeyText(text) + setErrors((prev) => ({ ...prev, privateKeyFile: undefined, privateKeyText: undefined })) + } catch (err) { + setErrors((prev) => ({ ...prev, privateKeyFile: 'Failed to read file.' })) + } + }} + /> + + + + {privateKeyFile ? privateKeyFile.name : 'No private key file selected'} + + + {errors.privateKeyFile && {errors.privateKeyFile}} + + setPrivateKeyText(e.target.value)} + error={Boolean(errors.privateKeyText)} + helperText={errors.privateKeyText || 'Paste private key. Uploading a .pem or .key file fills this field.'} + multiline + minRows={4} + maxRows={6} + fullWidth + required + sx={{ marginTop: '10px' }} + /> + + )} + + + {/* Right Column - Certificate Details & Verification */} + + + {/* Certificate Details Section */} + {certificateDetails && ( + + + + Certificate Details + + + + + + Subject + + {certificateDetails.subjectStr || 'Unknown'} + + + + + Issuer + + {certificateDetails.issuerStr || 'Unknown'} + + + + + Type + + + + + Serial Number + + {certificateDetails.serialNumber || 'Unknown'} + + + + + Validity Period + + From: {certificateDetails.validFrom || 'Unknown'} + + + To: {certificateDetails.validTo || 'Unknown'} + + + + + SHA-1 Fingerprint + + {certificateDetails.fingerprintSha1 || 'Unknown'} + + + + + + )} + + {/* Certificate Verification Section */} + + + + + Certificate Verification + + + + + {verificationResult && ( + + {verificationResult.success ? ( + + Certificate verification completed successfully! + + ) : ( + + {verificationResult.error} + + )} + + {verificationResult.success && ( + + {/* Chain Validation Results */} + {verificationResult.chainValidation && ( + + }> + + {verificationResult.chainValidation.isValid ? ( + + ) : ( + + )} + + Chain Validation {verificationResult.chainValidation.isValid ? 'Passed' : 'Failed'} + + + + + {verificationResult.chainValidation.errors.length > 0 && ( + + + Errors: + + + {verificationResult.chainValidation.errors.map((error, index) => ( + + + + ))} + + + )} + {verificationResult.chainValidation.warnings.length > 0 && ( + + + Warnings: + + + {verificationResult.chainValidation.warnings.map((warning, index) => ( + + + + ))} + + + )} + {verificationResult.chainValidation.details.length > 0 && ( + + + Details: + + + {verificationResult.chainValidation.details.map((detail, index) => ( + + + + ))} + + + )} + + + )} + + {/* Private Key Validation */} + {verificationResult.keyValidation && ( + + }> + + {verificationResult.keyValidation.isValid ? ( + + ) : ( + + )} + + Private Key Validation {verificationResult.keyValidation.isValid ? 'Passed' : 'Failed'} + + + + + + {verificationResult.keyValidation.message} + + + + )} + + {/* Certificate Chain Details */} + {verificationResult.chainDetails && verificationResult.chainDetails.length > 1 && ( + + }> + + Certificate Chain ({verificationResult.chainDetails.length} certificates) + + + + + {verificationResult.chainDetails.map((cert, index) => ( + + + {cert.type} (Certificate #{cert.index}) + + + Subject: {cert.subject} + + + Issuer: {cert.issuer} + + + Valid: {cert.validFrom} - {cert.validTo} + + + ))} + + + + )} + + )} + + )} + + + + + {/* Mobile Certificate Details & Verification */} + + + {/* Certificate Details Section */} + {certificateDetails && ( + + + + Certificate Details + + + + + + Subject + + {certificateDetails.subjectStr || 'Unknown'} + + + + + Issuer + + {certificateDetails.issuerStr || 'Unknown'} + + + + + Type + + + + + Serial Number + + {certificateDetails.serialNumber || 'Unknown'} + + + + + Validity Period + + From: {certificateDetails.validFrom || 'Unknown'} + + + To: {certificateDetails.validTo || 'Unknown'} + + + + + SHA-1 Fingerprint + + {certificateDetails.fingerprintSha1 || 'Unknown'} + + + + + + )} + + {/* Certificate Verification Section */} + + + + + Certificate Verification + + + + + {verificationResult && ( + + {verificationResult.success ? ( + + Certificate verification completed successfully! + + ) : ( + + {verificationResult.error} + + )} + + {verificationResult.success && ( + + {/* Chain Validation Results */} + {verificationResult.chainValidation && ( + + }> + + {verificationResult.chainValidation.isValid ? ( + + ) : ( + + )} + + Chain Validation {verificationResult.chainValidation.isValid ? 'Passed' : 'Failed'} + + + + + {verificationResult.chainValidation.errors.length > 0 && ( + + + Errors: + + + {verificationResult.chainValidation.errors.map((error, index) => ( + + + + ))} + + + )} + {verificationResult.chainValidation.warnings.length > 0 && ( + + + Warnings: + + + {verificationResult.chainValidation.warnings.map((warning, index) => ( + + + + ))} + + + )} + {verificationResult.chainValidation.details.length > 0 && ( + + + Details: + + + {verificationResult.chainValidation.details.map((detail, index) => ( + + + + ))} + + + )} + + + )} + + {/* Private Key Validation */} + {verificationResult.keyValidation && ( + + }> + + {verificationResult.keyValidation.isValid ? ( + + ) : ( + + )} + + Private Key Validation {verificationResult.keyValidation.isValid ? 'Passed' : 'Failed'} + + + + + + {verificationResult.keyValidation.message} + + + + )} + + {/* Certificate Chain Details */} + {verificationResult.chainDetails && verificationResult.chainDetails.length > 1 && ( + + }> + + Certificate Chain ({verificationResult.chainDetails.length} certificates) + + + + + {verificationResult.chainDetails.map((cert, index) => ( + + + {cert.type} (Certificate #{cert.index}) + + + Subject: {cert.subject} + + + Issuer: {cert.issuer} + + + Valid: {cert.validFrom} - {cert.validTo} + + + ))} + + + + )} + + )} + + )} + + + {/* Fixed buttons at bottom */} diff --git a/src/pages/TlsManagement.jsx b/src/pages/TlsManagement.jsx index ec509a853d..ba70a7d548 100644 --- a/src/pages/TlsManagement.jsx +++ b/src/pages/TlsManagement.jsx @@ -167,7 +167,7 @@ export default function TlsManagement() { - + {dialogTitle} {dialogType === 'import-certificate' && ( diff --git a/src/utils/certificateUtils.js b/src/utils/certificateUtils.js index b70e38a67d..b67ed71d0e 100644 --- a/src/utils/certificateUtils.js +++ b/src/utils/certificateUtils.js @@ -260,3 +260,19 @@ export function base64ToPem(base64Cert) { throw new Error('Invalid Base64 format') } } + +/** + * Convert Base64-encoded private key to PEM format + * @param {string} base64Key - Base64-encoded private key + * @returns {string} PEM private key string + */ +export function base64ToPrivateKeyPem(base64Key) { + try { + // Add PEM headers for private key + const pemString = `-----BEGIN PRIVATE KEY-----\n${base64Key}\n-----END PRIVATE KEY-----` + return pemString + } catch (error) { + console.error('Failed to convert Base64 to private key PEM:', error) + throw new Error('Invalid Base64 private key format') + } +} diff --git a/src/utils/verificationUtils.js b/src/utils/verificationUtils.js new file mode 100644 index 0000000000..cf1f0459ec --- /dev/null +++ b/src/utils/verificationUtils.js @@ -0,0 +1,371 @@ +import forge from 'node-forge' + +/** + * Parse a certificate chain from PEM text (supports multiple certificates) + * @param {string} certText - PEM certificate text (can contain multiple certificates) + * @returns {Array} Array of certificate objects with pem and cert properties + */ +export function parseCertificateChain(certText) { + const certificates = [] + const certRegex = /-----BEGIN CERTIFICATE-----[\s\S]*?-----END CERTIFICATE-----/g + const matches = certText.match(certRegex) + + if (matches) { + matches.forEach(certPem => { + try { + const cert = forge.pki.certificateFromPem(certPem) + certificates.push({ pem: certPem, cert: cert }) + } catch (e) { + console.error('Failed to parse certificate:', e) + } + }) + } + + return certificates +} + +/** + * Validate a certificate chain for proper ordering and signatures + * @param {Array} certificates - Array of certificate objects + * @returns {Object} Validation result with isValid, errors, warnings, and details + */ +export function validateCertificateChain(certificates) { + const validation = { + isValid: true, + errors: [], + warnings: [], + details: [] + } + + if (certificates.length === 1) { + validation.details.push('Single certificate provided - no chain validation needed') + return validation + } + + // Check chain order and signatures + for (let i = 0; i < certificates.length - 1; i++) { + const cert = certificates[i].cert + const issuerCert = certificates[i + 1].cert + + validation.details.push(`Checking certificate ${i + 1} against issuer certificate ${i + 2}`) + + // Check if issuer name matches + const certIssuer = getDistinguishedName(cert.issuer) + const issuerSubject = getDistinguishedName(issuerCert.subject) + + if (certIssuer !== issuerSubject) { + validation.isValid = false + validation.errors.push(`Certificate ${i + 1} issuer "${certIssuer}" does not match certificate ${i + 2} subject "${issuerSubject}"`) + } else { + validation.details.push(`✓ Issuer names match for certificates ${i + 1} and ${i + 2}`) + } + + // Verify signature + try { + const isSignatureValid = cert.verify(issuerCert) + if (isSignatureValid) { + validation.details.push(`✓ Certificate ${i + 1} signature verified by certificate ${i + 2}`) + } else { + validation.isValid = false + validation.errors.push(`Certificate ${i + 1} signature verification failed against certificate ${i + 2}`) + } + } catch (error) { + validation.isValid = false + validation.errors.push(`Error verifying certificate ${i + 1} signature: ${error.message}`) + } + + // Check validity periods + if (cert.validity.notBefore < issuerCert.validity.notBefore) { + validation.warnings.push(`Certificate ${i + 1} valid from date is before its issuer's valid from date`) + } + if (cert.validity.notAfter > issuerCert.validity.notAfter) { + validation.warnings.push(`Certificate ${i + 1} expires after its issuer certificate ${i + 2}`) + } + } + + // Check if root is self-signed + const rootCert = certificates[certificates.length - 1].cert + const rootIssuer = getDistinguishedName(rootCert.issuer) + const rootSubject = getDistinguishedName(rootCert.subject) + + if (rootIssuer === rootSubject) { + try { + const isSelfSigned = rootCert.verify(rootCert) + if (isSelfSigned) { + validation.details.push('✓ Root certificate is properly self-signed') + } else { + validation.warnings.push('Root certificate appears self-signed but signature verification failed') + } + } catch (error) { + validation.warnings.push(`Error verifying root certificate self-signature: ${error.message}`) + } + } else { + validation.warnings.push('Root certificate is not self-signed - chain may be incomplete') + } + + // Check certificate purposes and constraints + certificates.forEach((certObj, index) => { + const cert = certObj.cert + const basicConstraints = cert.getExtension('basicConstraints') + + if (index === 0) { + // End entity certificate + if (basicConstraints && basicConstraints.cA) { + validation.warnings.push('End entity certificate has CA flag set to true') + } + } else { + // CA certificates + if (!basicConstraints || !basicConstraints.cA) { + validation.warnings.push(`Certificate ${index + 1} should be a CA but basicConstraints CA flag is not set`) + } + + if (basicConstraints && typeof basicConstraints.pathLenConstraint === 'number') { + const remainingCAs = certificates.length - index - 2 // Exclude self and count remaining CAs + if (remainingCAs > basicConstraints.pathLenConstraint) { + validation.errors.push(`Certificate ${index + 1} pathLenConstraint (${basicConstraints.pathLenConstraint}) exceeded by chain depth`) + validation.isValid = false + } + } + } + }) + + return validation +} + +/** + * Validate if a private key matches a certificate + * @param {Object} certObj - Certificate object with cert property + * @param {string} keyPem - PEM private key string + * @returns {Object} Validation result with isValid and message + */ +export function validatePrivateKey(certObj, keyPem) { + try { + let privateKey + + // Try different key formats + if (keyPem.includes('BEGIN PRIVATE KEY')) { + privateKey = forge.pki.privateKeyFromPem(keyPem) + } else if (keyPem.includes('BEGIN RSA PRIVATE KEY')) { + privateKey = forge.pki.privateKeyFromPem(keyPem) + } else if (keyPem.includes('BEGIN EC PRIVATE KEY')) { + privateKey = forge.pki.privateKeyFromPem(keyPem) + } else { + throw new Error('Unsupported private key format') + } + + // Generate a test signature to verify key matches certificate + const testData = 'test-data-for-validation' + const md = forge.md.sha256.create() + md.update(testData) + + try { + const signature = privateKey.sign(md) + const publicKey = certObj.cert.publicKey + const isValid = publicKey.verify(md.digest().bytes(), signature) + + if (isValid) { + return { isValid: true, message: 'Private key matches the certificate!' } + } else { + return { isValid: false, message: 'Private key does not match the certificate' } + } + } catch (signError) { + // Alternative validation method using key fingerprints + const certKeyFingerprint = getPublicKeyFingerprint(certObj.cert.publicKey) + const privateKeyFingerprint = getPrivateKeyFingerprint(privateKey) + + if (certKeyFingerprint === privateKeyFingerprint) { + return { isValid: true, message: 'Private key matches the certificate!' } + } else { + return { isValid: false, message: 'Private key does not match the certificate' } + } + } + + } catch (error) { + return { isValid: false, message: `Error validating private key: ${error.message}` } + } +} + +/** + * Get certificate status (valid, expired, not yet valid) + * @param {Object} cert - Certificate object from node-forge + * @returns {string} Status message + */ +export function getCertStatus(cert) { + const now = new Date() + if (now < cert.validity.notBefore) { + return '⏳ Not yet valid' + } else if (now > cert.validity.notAfter) { + return '⚠️ Expired' + } else { + return '✅ Valid' + } +} + +/** + * Get certificate fingerprint + * @param {Object} cert - Certificate object from node-forge + * @param {string} algorithm - Hash algorithm ('sha1' or 'sha256') + * @returns {string} Formatted fingerprint + */ +export function getFingerprint(cert, algorithm = 'sha1') { + const der = forge.asn1.toDer(forge.pki.certificateToAsn1(cert)).getBytes() + let md + + switch (algorithm) { + case 'sha1': + md = forge.md.sha1.create() + break + case 'sha256': + md = forge.md.sha256.create() + break + default: + md = forge.md.sha1.create() + } + + md.update(der) + return md.digest().toHex().toUpperCase().replace(/(.{2})/g, '$1:').slice(0, -1) +} + +/** + * Get Subject Alternative Names from certificate + * @param {Object} cert - Certificate object from node-forge + * @returns {Array} Array of SAN strings + */ +export function getSANs(cert) { + const subjectAltName = cert.getExtension('subjectAltName') + if (subjectAltName) { + return subjectAltName.altNames.map(altName => { + switch (altName.type) { + case 2: return 'DNS: ' + altName.value + case 7: return 'IP: ' + altName.ip + case 1: return 'Email: ' + altName.value + default: return 'Other: ' + altName.value + } + }) + } + return [] +} + +/** + * Get key size from public key + * @param {Object} publicKey - Public key object from node-forge + * @returns {number|string} Key size in bits or 'Unknown' + */ +export function getKeySize(publicKey) { + if (publicKey.n) { + return publicKey.n.bitLength() + } + return 'Unknown' +} + +/** + * Get Distinguished Name as string + * @param {Object} name - Distinguished Name object from node-forge + * @returns {string} Formatted DN string + */ +function getDistinguishedName(name) { + return name.attributes.map(attr => `${attr.shortName}=${attr.value}`).join(', ') +} + +/** + * Get public key fingerprint + * @param {Object} publicKey - Public key object from node-forge + * @returns {string} SHA-256 fingerprint + */ +function getPublicKeyFingerprint(publicKey) { + const publicKeyDer = forge.asn1.toDer(forge.pki.publicKeyToAsn1(publicKey)).getBytes() + const md = forge.md.sha256.create() + md.update(publicKeyDer) + return md.digest().toHex() +} + +/** + * Get private key fingerprint + * @param {Object} privateKey - Private key object from node-forge + * @returns {string} SHA-256 fingerprint + */ +function getPrivateKeyFingerprint(privateKey) { + const publicKey = forge.pki.rsa.setPublicKey(privateKey.n, privateKey.e) + return getPublicKeyFingerprint(publicKey) +} + +/** + * Get subject field value from certificate + * @param {Object} cert - Certificate object from node-forge + * @param {string} field - Field name (CN, O, C, etc.) + * @param {string} type - 'subject' or 'issuer' + * @returns {string} Field value or 'Not specified' + */ +export function getSubjectField(cert, field, type = 'subject') { + const subject = type === 'subject' ? cert.subject : cert.issuer + const attr = subject.attributes.find(attr => attr.shortName === field) + return attr ? attr.value : 'Not specified' +} + +/** + * Comprehensive certificate verification + * @param {string} certText - PEM certificate text + * @param {string} keyText - Optional PEM private key text + * @returns {Object} Complete verification results + */ +export function verifyCertificate(certText, keyText = null) { + try { + // Parse certificates + const certificates = parseCertificateChain(certText) + + if (certificates.length === 0) { + return { + success: false, + error: 'No valid certificates found' + } + } + + // Get certificate details + const primaryCert = certificates[0].cert + const certDetails = { + subject: getSubjectField(primaryCert, 'CN'), + issuer: getSubjectField(primaryCert, 'CN', 'issuer'), + serialNumber: primaryCert.serialNumber, + validFrom: primaryCert.validity.notBefore.toISOString(), + validTo: primaryCert.validity.notAfter.toISOString(), + status: getCertStatus(primaryCert), + signatureAlgorithm: primaryCert.siginfo.algorithmOid, + publicKeyAlgorithm: primaryCert.publicKey.algorithm || 'RSA', + keySize: getKeySize(primaryCert.publicKey), + fingerprintSha1: getFingerprint(primaryCert, 'sha1'), + fingerprintSha256: getFingerprint(primaryCert, 'sha256'), + sans: getSANs(primaryCert) + } + + // Validate certificate chain + const chainValidation = validateCertificateChain(certificates) + + // Validate private key if provided + let keyValidation = null + if (keyText) { + keyValidation = validatePrivateKey(certificates[0], keyText) + } + + return { + success: true, + certificates, + certDetails, + chainValidation, + keyValidation, + chainDetails: certificates.length > 1 ? certificates.map((certObj, index) => ({ + index: index + 1, + type: index === 0 ? 'End Entity' : index === certificates.length - 1 ? 'Root CA' : 'Intermediate CA', + subject: getSubjectField(certObj.cert, 'CN'), + issuer: getSubjectField(certObj.cert, 'CN', 'issuer'), + validFrom: certObj.cert.validity.notBefore.toDateString(), + validTo: certObj.cert.validity.notAfter.toDateString() + })) : null + } + + } catch (error) { + return { + success: false, + error: `Error parsing certificate: ${error.message}` + } + } +} From d8250374c5b536f0377a05e2d3520997bc780641 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 7 Oct 2025 12:55:57 +0300 Subject: [PATCH 080/360] Enhance ImportCertificateDialogContent: Implement auto-completion for alias field based on certificate details. Introduce getSuggestedAlias function to extract potential aliases from certificate subject and SAN fields, improving user experience during certificate import. --- .../ImportCertificateDialogContent.jsx | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index 27e2faa402..28e65949aa 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -55,12 +55,51 @@ export default function ImportCertificateDialogContent({ try { const details = parseCertificate(pemToBase64(pemText)) setCertificateDetails(details) + + // Auto-complete alias if it's empty + if (!alias.trim()) { + const suggestedAlias = getSuggestedAlias(details) + if (suggestedAlias) { + setAlias(suggestedAlias) + } + } } catch (error) { console.error('Failed to parse certificate details:', error) setCertificateDetails(null) } } + // Get suggested alias from certificate details + const getSuggestedAlias = (details) => { + if (!details) return null + + // Try to get CN from subject + const subjectStr = details.subjectStr || '' + const cnMatch = subjectStr.match(/CN=([^,]+)/) + if (cnMatch && cnMatch[1]) { + return cnMatch[1].trim() + } + + // Try to get first DNS name from SAN + if (details.raw && details.raw.extensions) { + const sanExtension = details.raw.extensions.find(ext => ext.name === 'subjectAltName') + if (sanExtension && sanExtension.altNames) { + const dnsName = sanExtension.altNames.find(altName => altName.type === 2) // DNS type + if (dnsName && dnsName.value) { + return dnsName.value.trim() + } + } + } + + // Fallback to first part of subject + const firstPart = subjectStr.split(',')[0] + if (firstPart && firstPart.includes('=')) { + return firstPart.split('=')[1]?.trim() + } + + return null + } + const validate = () => { const nextErrors = {} if (!pemText.trim()) { From 280725bef9390eed260290730f9d58cffdf59c37 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 7 Oct 2025 13:07:17 +0300 Subject: [PATCH 081/360] Add external keystore capability --- .../tlsmanager/server/CertificateService.java | 40 +++++++++---------- .../backend/DatabaseTrustStoreBackend.java | 9 +++-- 2 files changed, 23 insertions(+), 26 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index a5a2f64c9b..a759827794 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -29,7 +29,6 @@ import org.openintegrationengine.tlsmanager.server.backend.TrustStoreBackend; import org.openintegrationengine.tlsmanager.server.util.ConnectionUtils; import org.openintegrationengine.tlsmanager.shared.PersistenceMode; -import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import org.openintegrationengine.tlsmanager.shared.models.TLSPluginConfiguration; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; @@ -57,10 +56,11 @@ public final class CertificateService { private KeyStore externalTrustStore; @Getter - private KeyStore keystore; + private KeyStore externalKeyStore; private TrustStoreBackend systemTrustStoreBackend; private TrustStoreBackend extraTrustStoreBackend; + private TrustStoreBackend extraKeyStoreBackend; private TemplateValueReplacer templateValueReplacer; @@ -77,26 +77,35 @@ public CertificateService(TemplateValueReplacer templateValueReplacer) { void init(TLSPluginConfiguration pluginConfiguration) { systemTrustStoreBackend = new SystemTrustStoreBackend(); - var persistenceMode = getPersistenceMode(); + if (pluginConfiguration.persistenceMode() == PersistenceMode.DATABASE) { + extraTrustStoreBackend = new DatabaseTrustStoreBackend("extraTrustStore"); + extraKeyStoreBackend = new DatabaseTrustStoreBackend("extraKeyStore"); + } else if (pluginConfiguration.persistenceMode() == PersistenceMode.FILESYSTEM) { + extraTrustStoreBackend = new FileTrustStoreBackend( + pluginConfiguration.truststorePath(), + pluginConfiguration.truststorePassword() + ); - if (persistenceMode == PersistenceMode.DATABASE) { - extraTrustStoreBackend = new DatabaseTrustStoreBackend(); - } else if (persistenceMode == PersistenceMode.FILESYSTEM) { - var truststorePath = System.getenv(TLSPluginConstants.ENV_PERSISTENCE_FS_TRUSTSTOREPATH); - extraTrustStoreBackend = new FileTrustStoreBackend(truststorePath); + extraKeyStoreBackend = new FileTrustStoreBackend( + pluginConfiguration.keystorePath(), + pluginConfiguration.keystorePassword() + ); } else { // Should not get here throw new RuntimeException("Unsupported persistence mode: " + pluginConfiguration.persistenceMode()); } extraTrustStoreBackend.init(); + extraKeyStoreBackend.init(); byte[] cacertsBytes = systemTrustStoreBackend.load(); byte[] extraTrustStoreBytes = extraTrustStoreBackend.load(); + byte[] extraKeyStoreBytes = extraKeyStoreBackend.load(); try { systemTrustStore = KeyStore.getInstance(KeyStore.getDefaultType()); externalTrustStore = KeyStore.getInstance(PKCS12); + externalKeyStore = KeyStore.getInstance(PKCS12); } catch (KeyStoreException e) { log.error("Error initializing CertificateService", e); throw new RuntimeException(e); @@ -104,6 +113,7 @@ void init(TLSPluginConfiguration pluginConfiguration) { loadKeyStore(systemTrustStore, cacertsBytes, systemTrustStoreBackend.loadPassword()); loadKeyStore(externalTrustStore, extraTrustStoreBytes, extraTrustStoreBackend.loadPassword()); + loadKeyStore(externalKeyStore, extraKeyStoreBytes, extraKeyStoreBackend.loadPassword()); } KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet, DestinationConnector connector) { @@ -190,20 +200,6 @@ public Set getLoadedAliases() { } } - private PersistenceMode getPersistenceMode() { - var persistenceModeFromEnv = System.getenv(TLSPluginConstants.ENV_PERSISTENCE_BACKEND); - - if (persistenceModeFromEnv == null) { - throw new IllegalStateException("%s is not set".formatted(TLSPluginConstants.ENV_PERSISTENCE_BACKEND)); - } - - var persistenceMode = PersistenceMode.valueOf(persistenceModeFromEnv.toUpperCase()); - - log.info("Using persistence mode {}", persistenceMode); - - return persistenceMode; - } - public ConnectionTestResponse testConnection( String channelId, String channelName, diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java index c575603e48..bb835d7738 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java @@ -26,17 +26,18 @@ public class DatabaseTrustStoreBackend implements TrustStoreBackend { private ConfigurationController configurationController; - private static final String TRUSTSTORE_KEY = "extraTrustStore"; + private final String databaseColumn; - public DatabaseTrustStoreBackend() { + public DatabaseTrustStoreBackend(String databaseColumn) { this.configurationController = ControllerFactory.getFactory().createConfigurationController(); + this.databaseColumn = databaseColumn; } @Override public boolean persist(byte[] keystore) { var encoder = Base64.getEncoder(); var b64Keystore = encoder.encodeToString(keystore); - configurationController.saveProperty(TLSPluginConstants.PLUGIN_POINTNAME, TRUSTSTORE_KEY, b64Keystore); + configurationController.saveProperty(TLSPluginConstants.PLUGIN_POINTNAME, databaseColumn, b64Keystore); return false; } @@ -48,7 +49,7 @@ public void init() { @Override public byte[] load() { var decoder = Base64.getDecoder(); - var keystoreBytes = configurationController.getProperty(TLSPluginConstants.PLUGIN_POINTNAME, TRUSTSTORE_KEY); + var keystoreBytes = configurationController.getProperty(TLSPluginConstants.PLUGIN_POINTNAME, databaseColumn); return decoder.decode(keystoreBytes); } From 9aae0a39f444e63cdb80138049f2bc240e11f05e Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 7 Oct 2025 13:17:09 +0300 Subject: [PATCH 082/360] Refactor ImportCertificateDialogContent: Modularize components into UserInputsSection, MobileCertificateSection, and enhance hooks for better state management. Streamline certificate import process with improved UI and validation handling, ensuring a more user-friendly experience. --- src/components/CertificateDetailsSection.jsx | 76 ++ .../CertificateVerificationSection.jsx | 186 ++++ .../ImportCertificateDialogContent.jsx | 844 ++---------------- src/components/MobileCertificateSection.jsx | 31 + src/components/UserInputsSection.jsx | 130 +++ src/hooks/useCertificateImport.js | 211 +++++ src/services/tlsService.js | 59 +- 7 files changed, 763 insertions(+), 774 deletions(-) create mode 100644 src/components/CertificateDetailsSection.jsx create mode 100644 src/components/CertificateVerificationSection.jsx create mode 100644 src/components/MobileCertificateSection.jsx create mode 100644 src/components/UserInputsSection.jsx create mode 100644 src/hooks/useCertificateImport.js diff --git a/src/components/CertificateDetailsSection.jsx b/src/components/CertificateDetailsSection.jsx new file mode 100644 index 0000000000..9c74068f33 --- /dev/null +++ b/src/components/CertificateDetailsSection.jsx @@ -0,0 +1,76 @@ +import React from 'react' +import { + Box, + Typography, + Stack, + Chip +} from '@mui/material' +import { Security } from '@mui/icons-material' + +const CertificateDetailsSection = ({ certificateDetails }) => { + if (!certificateDetails) return null + + return ( + + + + Certificate Details + + + + + + Subject + + {certificateDetails.subjectStr || 'Unknown'} + + + + + Issuer + + {certificateDetails.issuerStr || 'Unknown'} + + + + + Type + + + + + Serial Number + + {certificateDetails.serialNumber || 'Unknown'} + + + + + Validity Period + + From: {certificateDetails.validFrom || 'Unknown'} + + + To: {certificateDetails.validTo || 'Unknown'} + + + + + SHA-1 Fingerprint + + {certificateDetails.fingerprintSha1 || 'Unknown'} + + + + + + ) +} + +export default CertificateDetailsSection diff --git a/src/components/CertificateVerificationSection.jsx b/src/components/CertificateVerificationSection.jsx new file mode 100644 index 0000000000..16daefe023 --- /dev/null +++ b/src/components/CertificateVerificationSection.jsx @@ -0,0 +1,186 @@ +import React from 'react' +import { + Box, + Typography, + Stack, + Button, + Alert, + Accordion, + AccordionSummary, + AccordionDetails, + List, + ListItem, + ListItemText, + CircularProgress +} from '@mui/material' +import { + Security, + CheckCircle, + Error, + ExpandMore +} from '@mui/icons-material' + +const CertificateVerificationSection = ({ + verificationResult, + isVerifying, + onVerify, + pemText +}) => { + return ( + + + + + Certificate Verification + + + + + {verificationResult && ( + + {verificationResult.success ? ( + + Certificate verification completed successfully! + + ) : ( + + {verificationResult.error} + + )} + + {verificationResult.success && ( + + {/* Chain Validation Results */} + {verificationResult.chainValidation && ( + + }> + + {verificationResult.chainValidation.isValid ? ( + + ) : ( + + )} + + Chain Validation {verificationResult.chainValidation.isValid ? 'Passed' : 'Failed'} + + + + + {verificationResult.chainValidation.errors.length > 0 && ( + + + Errors: + + + {verificationResult.chainValidation.errors.map((error, index) => ( + + + + ))} + + + )} + {verificationResult.chainValidation.warnings.length > 0 && ( + + + Warnings: + + + {verificationResult.chainValidation.warnings.map((warning, index) => ( + + + + ))} + + + )} + {verificationResult.chainValidation.details.length > 0 && ( + + + Details: + + + {verificationResult.chainValidation.details.map((detail, index) => ( + + + + ))} + + + )} + + + )} + + {/* Private Key Validation */} + {verificationResult.keyValidation && ( + + }> + + {verificationResult.keyValidation.isValid ? ( + + ) : ( + + )} + + Private Key Validation {verificationResult.keyValidation.isValid ? 'Passed' : 'Failed'} + + + + + + {verificationResult.keyValidation.message} + + + + )} + + {/* Certificate Chain Details */} + {verificationResult.chainDetails && verificationResult.chainDetails.length > 1 && ( + + }> + + Certificate Chain ({verificationResult.chainDetails.length} certificates) + + + + + {verificationResult.chainDetails.map((cert, index) => ( + + + {cert.type} (Certificate #{cert.index}) + + + Subject: {cert.subject} + + + Issuer: {cert.issuer} + + + Valid: {cert.validFrom} - {cert.validTo} + + + ))} + + + + )} + + )} + + )} + + ) +} + +export default CertificateVerificationSection diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index 28e65949aa..fa5389acb2 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -1,26 +1,15 @@ -import React, { useRef, useState } from 'react' -import { - Box, - Button, - FormHelperText, - Stack, - TextField, - Typography, - Alert, - CircularProgress, - Accordion, - AccordionSummary, - AccordionDetails, - List, - ListItem, - ListItemText, - Chip, - Divider +import React from 'react' +import { + Box, + Stack, + Button } from '@mui/material' -import { ExpandMore, CheckCircle, Error, Warning, Security } from '@mui/icons-material' -import { pemToBase64, privateKeyPemToBase64, isValidPemCertificate, isValidPemPrivateKey, parseCertificate } from '../utils/certificateUtils.js' +import { useCertificateImport } from '../hooks/useCertificateImport' +import CertificateDetailsSection from './CertificateDetailsSection' +import CertificateVerificationSection from './CertificateVerificationSection' +import UserInputsSection from './UserInputsSection' +import MobileCertificateSection from './MobileCertificateSection' import { updateCertificates } from '../services/tlsService.js' -import { verifyCertificate } from '../utils/verificationUtils.js' export default function ImportCertificateDialogContent({ targetStore = 'trusted', @@ -28,168 +17,57 @@ export default function ImportCertificateDialogContent({ onSubmit, onSuccess, }) { - const [pemText, setPemText] = useState('') - const [file, setFile] = useState(null) - const [alias, setAlias] = useState('') - const [privateKeyText, setPrivateKeyText] = useState('') - const [privateKeyFile, setPrivateKeyFile] = useState(null) - const [errors, setErrors] = useState({}) - const [loading, setLoading] = useState(false) - const [apiError, setApiError] = useState(null) - const [verificationResult, setVerificationResult] = useState(null) - const [isVerifying, setIsVerifying] = useState(false) - const [certificateDetails, setCertificateDetails] = useState(null) - - const fileInputRef = useRef(null) - const privateKeyFileInputRef = useRef(null) - - const fileAccept = '.pem,.key,text/plain,application/x-pem-file' - - // Parse certificate details when PEM text changes - const parseCertificateDetails = (pemText) => { - if (!pemText.trim() || !isValidPemCertificate(pemText)) { - setCertificateDetails(null) - return - } - - try { - const details = parseCertificate(pemToBase64(pemText)) - setCertificateDetails(details) - - // Auto-complete alias if it's empty - if (!alias.trim()) { - const suggestedAlias = getSuggestedAlias(details) - if (suggestedAlias) { - setAlias(suggestedAlias) - } - } - } catch (error) { - console.error('Failed to parse certificate details:', error) - setCertificateDetails(null) - } - } - - // Get suggested alias from certificate details - const getSuggestedAlias = (details) => { - if (!details) return null + const { + // State + alias, + pemText, + privateKeyText, + file, + privateKeyFile, + loading, + apiError, + errors, + certificateDetails, + verificationResult, + isVerifying, - // Try to get CN from subject - const subjectStr = details.subjectStr || '' - const cnMatch = subjectStr.match(/CN=([^,]+)/) - if (cnMatch && cnMatch[1]) { - return cnMatch[1].trim() - } - - // Try to get first DNS name from SAN - if (details.raw && details.raw.extensions) { - const sanExtension = details.raw.extensions.find(ext => ext.name === 'subjectAltName') - if (sanExtension && sanExtension.altNames) { - const dnsName = sanExtension.altNames.find(altName => altName.type === 2) // DNS type - if (dnsName && dnsName.value) { - return dnsName.value.trim() - } - } - } + // Refs + fileInputRef, + privateKeyFileInputRef, + fileAccept, - // Fallback to first part of subject - const firstPart = subjectStr.split(',')[0] - if (firstPart && firstPart.includes('=')) { - return firstPart.split('=')[1]?.trim() - } + // Actions + setLoading, + setApiError, - return null - } - - const validate = () => { - const nextErrors = {} - if (!pemText.trim()) { - nextErrors.pemText = 'PEM content is required.' - } else if (!isValidPemCertificate(pemText)) { - nextErrors.pemText = 'Invalid PEM certificate format. Please ensure it contains valid certificate data.' - } - if (!alias.trim()) { - nextErrors.alias = 'Alias is required.' - } - - // For private store, private key is required - if (targetStore === 'private') { - if (!privateKeyText.trim()) { - nextErrors.privateKeyText = 'Private key is required for private store.' - } else if (!isValidPemPrivateKey(privateKeyText)) { - nextErrors.privateKeyText = 'Invalid private key format. Please ensure it contains valid private key data.' - } - } - - setErrors(nextErrors) - setApiError(null) // Clear API errors on validation - return Object.keys(nextErrors).length === 0 - } - - const handleVerifyCertificate = async () => { - if (!pemText.trim()) { - setErrors({ pemText: 'PEM content is required for verification.' }) - return - } - - setIsVerifying(true) - setVerificationResult(null) - - try { - // For private store, include private key if available - const privateKeyPem = targetStore === 'private' && privateKeyText.trim() - ? privateKeyText - : null - - const result = verifyCertificate(pemText, privateKeyPem) - setVerificationResult(result) - } catch (error) { - setVerificationResult({ - success: false, - error: `Verification failed: ${error.message}` - }) - } finally { - setIsVerifying(false) - } - } + // Handlers + handleVerifyCertificate, + handleFileUpload, + handlePrivateKeyFileUpload, + handlePemTextChange, + handlePrivateKeyTextChange, + handleAliasChange, + validate + } = useCertificateImport(targetStore) const handleSubmit = async () => { if (!validate()) return - + setLoading(true) setApiError(null) - try { - // Convert PEM to Base64 - const base64Certificate = pemToBase64(pemText) - - // Prepare payload based on target store - let certificates = null - let pairs = null - - if (targetStore === 'trusted') { - certificates = [{ - alias: alias, - certificate: base64Certificate - }] - } else if (targetStore === 'private') { - // For private store, we need both certificate and private key - const base64PrivateKey = privateKeyPemToBase64(privateKeyText) - pairs = [{ - alias: alias, - certificate: base64Certificate, - privateKey: base64PrivateKey - }] + const result = await updateCertificates(targetStore, { + alias, + pemText, + privateKeyText: targetStore === 'private' ? privateKeyText : undefined, + }) + if (result.success) { + onSuccess?.(result.data) + onSubmit?.() + } else { + setApiError(result.error || 'Failed to import certificate') } - - // Call the API - await updateCertificates(certificates, pairs) - - // Success - call callbacks - if (onSuccess) onSuccess() - if (onSubmit) onSubmit({ success: true, targetStore, alias }) - } catch (error) { - console.error('Failed to import certificate:', error) setApiError(error.message || 'Failed to import certificate') } finally { setLoading(false) @@ -210,135 +88,27 @@ export default function ImportCertificateDialogContent({ display: 'flex', gap: 3 }}> - - - {/* Left Column - User Inputs */} - - - {apiError && ( - setApiError(null)}> - {apiError} - - )} - - setAlias(e.target.value)} - error={Boolean(errors.alias)} - helperText={errors.alias || "Provide a unique alias for this certificate"} - fullWidth - required - sx={{ marginTop: '10px !important' }} - /> - - { - try { - const f = e.target.files && e.target.files[0] - setFile(f || null) - if (!f) return - const name = (f.name || '').toLowerCase() - if (!(name.endsWith('.pem') || name.endsWith('.key') || f.type === 'text/plain' || f.type === 'application/x-pem-file')) { - setErrors((prev) => ({ ...prev, file: 'Please select a .pem or .key file.' })) - return - } - const text = await f.text() - setPemText(text) - parseCertificateDetails(text) - setErrors((prev) => ({ ...prev, file: undefined, pemText: undefined })) - } catch (err) { - setErrors((prev) => ({ ...prev, file: 'Failed to read file.' })) - } - }} - /> - - - - {file ? file.name : 'No file selected'} - - - {errors.file && {errors.file}} - { - setPemText(e.target.value) - parseCertificateDetails(e.target.value) - }} - error={Boolean(errors.pemText)} - helperText={errors.pemText || 'Paste certificate or chain. Uploading a .pem or .key file fills this field.'} - multiline - minRows={4} - maxRows={6} - fullWidth - sx={{ marginTop: '10px' }} - /> - - {targetStore === 'private' && ( - <> - { - try { - const f = e.target.files && e.target.files[0] - setPrivateKeyFile(f || null) - if (!f) return - const name = (f.name || '').toLowerCase() - if (!(name.endsWith('.pem') || name.endsWith('.key') || f.type === 'text/plain' || f.type === 'application/x-pem-file')) { - setErrors((prev) => ({ ...prev, privateKeyFile: 'Please select a .pem or .key file.' })) - return - } - const text = await f.text() - setPrivateKeyText(text) - setErrors((prev) => ({ ...prev, privateKeyFile: undefined, privateKeyText: undefined })) - } catch (err) { - setErrors((prev) => ({ ...prev, privateKeyFile: 'Failed to read file.' })) - } - }} - /> - - - - {privateKeyFile ? privateKeyFile.name : 'No private key file selected'} - - - {errors.privateKeyFile && {errors.privateKeyFile}} - - setPrivateKeyText(e.target.value)} - error={Boolean(errors.privateKeyText)} - helperText={errors.privateKeyText || 'Paste private key. Uploading a .pem or .key file fills this field.'} - multiline - minRows={4} - maxRows={6} - fullWidth - required - sx={{ marginTop: '10px' }} - /> - - )} - - + {/* Left Column - User Inputs */} + {/* Right Column - Certificate Details & Verification */} - {/* Certificate Details Section */} - {certificateDetails && ( - - - - Certificate Details - - - - - - Subject - - {certificateDetails.subjectStr || 'Unknown'} - - - - - Issuer - - {certificateDetails.issuerStr || 'Unknown'} - - - - - Type - - - - - Serial Number - - {certificateDetails.serialNumber || 'Unknown'} - - - - - Validity Period - - From: {certificateDetails.validFrom || 'Unknown'} - - - To: {certificateDetails.validTo || 'Unknown'} - - - - - SHA-1 Fingerprint - - {certificateDetails.fingerprintSha1 || 'Unknown'} - - - - - - )} - - {/* Certificate Verification Section */} - - - - - Certificate Verification - - - - - {verificationResult && ( - - {verificationResult.success ? ( - - Certificate verification completed successfully! - - ) : ( - - {verificationResult.error} - - )} - - {verificationResult.success && ( - - {/* Chain Validation Results */} - {verificationResult.chainValidation && ( - - }> - - {verificationResult.chainValidation.isValid ? ( - - ) : ( - - )} - - Chain Validation {verificationResult.chainValidation.isValid ? 'Passed' : 'Failed'} - - - - - {verificationResult.chainValidation.errors.length > 0 && ( - - - Errors: - - - {verificationResult.chainValidation.errors.map((error, index) => ( - - - - ))} - - - )} - {verificationResult.chainValidation.warnings.length > 0 && ( - - - Warnings: - - - {verificationResult.chainValidation.warnings.map((warning, index) => ( - - - - ))} - - - )} - {verificationResult.chainValidation.details.length > 0 && ( - - - Details: - - - {verificationResult.chainValidation.details.map((detail, index) => ( - - - - ))} - - - )} - - - )} - - {/* Private Key Validation */} - {verificationResult.keyValidation && ( - - }> - - {verificationResult.keyValidation.isValid ? ( - - ) : ( - - )} - - Private Key Validation {verificationResult.keyValidation.isValid ? 'Passed' : 'Failed'} - - - - - - {verificationResult.keyValidation.message} - - - - )} - - {/* Certificate Chain Details */} - {verificationResult.chainDetails && verificationResult.chainDetails.length > 1 && ( - - }> - - Certificate Chain ({verificationResult.chainDetails.length} certificates) - - - - - {verificationResult.chainDetails.map((cert, index) => ( - - - {cert.type} (Certificate #{cert.index}) - - - Subject: {cert.subject} - - - Issuer: {cert.issuer} - - - Valid: {cert.validFrom} - {cert.validTo} - - - ))} - - - - )} - - )} - - )} - + + - {/* Mobile Certificate Details & Verification */} - - - {/* Certificate Details Section */} - {certificateDetails && ( - - - - Certificate Details - - - - - - Subject - - {certificateDetails.subjectStr || 'Unknown'} - - - - - Issuer - - {certificateDetails.issuerStr || 'Unknown'} - - - - - Type - - - - - Serial Number - - {certificateDetails.serialNumber || 'Unknown'} - - - - - Validity Period - - From: {certificateDetails.validFrom || 'Unknown'} - - - To: {certificateDetails.validTo || 'Unknown'} - - - - - SHA-1 Fingerprint - - {certificateDetails.fingerprintSha1 || 'Unknown'} - - - - - - )} - - {/* Certificate Verification Section */} - - - - - Certificate Verification - - - + - {verificationResult && ( - - {verificationResult.success ? ( - - Certificate verification completed successfully! - - ) : ( - - {verificationResult.error} - - )} - - {verificationResult.success && ( - - {/* Chain Validation Results */} - {verificationResult.chainValidation && ( - - }> - - {verificationResult.chainValidation.isValid ? ( - - ) : ( - - )} - - Chain Validation {verificationResult.chainValidation.isValid ? 'Passed' : 'Failed'} - - - - - {verificationResult.chainValidation.errors.length > 0 && ( - - - Errors: - - - {verificationResult.chainValidation.errors.map((error, index) => ( - - - - ))} - - - )} - {verificationResult.chainValidation.warnings.length > 0 && ( - - - Warnings: - - - {verificationResult.chainValidation.warnings.map((warning, index) => ( - - - - ))} - - - )} - {verificationResult.chainValidation.details.length > 0 && ( - - - Details: - - - {verificationResult.chainValidation.details.map((detail, index) => ( - - - - ))} - - - )} - - - )} - - {/* Private Key Validation */} - {verificationResult.keyValidation && ( - - }> - - {verificationResult.keyValidation.isValid ? ( - - ) : ( - - )} - - Private Key Validation {verificationResult.keyValidation.isValid ? 'Passed' : 'Failed'} - - - - - - {verificationResult.keyValidation.message} - - - - )} - - {/* Certificate Chain Details */} - {verificationResult.chainDetails && verificationResult.chainDetails.length > 1 && ( - - }> - - Certificate Chain ({verificationResult.chainDetails.length} certificates) - - - - - {verificationResult.chainDetails.map((cert, index) => ( - - - {cert.type} (Certificate #{cert.index}) - - - Subject: {cert.subject} - - - Issuer: {cert.issuer} - - - Valid: {cert.validFrom} - {cert.validTo} - - - ))} - - - - )} - - )} - - )} - - - + {/* Mobile Certificate Details & Verification */} + {/* Fixed buttons at bottom */} @@ -799,24 +144,23 @@ export default function ImportCertificateDialogContent({ spacing={1} justifyContent="flex-end" sx={{ - pt: 2, - borderTop: '1px solid', + pt: 2, + borderTop: '1px solid', borderColor: 'divider', - backgroundColor: 'background.paper', - flexShrink: 0 + mt: 'auto' }} > - + ) } - - diff --git a/src/components/MobileCertificateSection.jsx b/src/components/MobileCertificateSection.jsx new file mode 100644 index 0000000000..caf2339460 --- /dev/null +++ b/src/components/MobileCertificateSection.jsx @@ -0,0 +1,31 @@ +import React from 'react' +import { Box, Stack } from '@mui/material' +import CertificateDetailsSection from './CertificateDetailsSection' +import CertificateVerificationSection from './CertificateVerificationSection' + +const MobileCertificateSection = ({ + certificateDetails, + verificationResult, + isVerifying, + onVerify, + pemText +}) => { + return ( + + + + + + + ) +} + +export default MobileCertificateSection diff --git a/src/components/UserInputsSection.jsx b/src/components/UserInputsSection.jsx new file mode 100644 index 0000000000..c30eae2ab1 --- /dev/null +++ b/src/components/UserInputsSection.jsx @@ -0,0 +1,130 @@ +import React from 'react' +import { + Box, + Stack, + TextField, + Button, + Typography, + FormHelperText, + Alert +} from '@mui/material' + +const UserInputsSection = ({ + // State + alias, + pemText, + privateKeyText, + file, + privateKeyFile, + apiError, + errors, + targetStore, + + // Refs + fileInputRef, + privateKeyFileInputRef, + fileAccept, + + // Handlers + handleAliasChange, + handlePemTextChange, + handlePrivateKeyTextChange, + handleFileUpload, + handlePrivateKeyFileUpload, + setApiError +}) => { + return ( + + + {apiError && ( + setApiError(null)}> + {apiError} + + )} + + + + + + + + {file ? file.name : 'No file selected'} + + + {errors.file && {errors.file}} + + + + {targetStore === 'private' && ( + <> + + + + + {privateKeyFile ? privateKeyFile.name : 'No private key file selected'} + + + {errors.privateKeyFile && {errors.privateKeyFile}} + + + + )} + + + ) +} + +export default UserInputsSection diff --git a/src/hooks/useCertificateImport.js b/src/hooks/useCertificateImport.js new file mode 100644 index 0000000000..ec0f3615f1 --- /dev/null +++ b/src/hooks/useCertificateImport.js @@ -0,0 +1,211 @@ +import { useState, useRef } from 'react' +import { parseCertificate, pemToBase64, isValidPemCertificate } from '../utils/certificateUtils' +import { verifyCertificate } from '../utils/verificationUtils' + +export const useCertificateImport = (targetStore) => { + // State management + const [alias, setAlias] = useState('') + const [pemText, setPemText] = useState('') + const [privateKeyText, setPrivateKeyText] = useState('') + const [file, setFile] = useState(null) + const [privateKeyFile, setPrivateKeyFile] = useState(null) + const [loading, setLoading] = useState(false) + const [apiError, setApiError] = useState(null) + const [errors, setErrors] = useState({}) + const [certificateDetails, setCertificateDetails] = useState(null) + const [verificationResult, setVerificationResult] = useState(null) + const [isVerifying, setIsVerifying] = useState(false) + + // Refs + const fileInputRef = useRef(null) + const privateKeyFileInputRef = useRef(null) + + const fileAccept = '.pem,.key,text/plain,application/x-pem-file' + + // Get suggested alias from certificate details + const getSuggestedAlias = (details) => { + if (!details) return null + + // Try to get CN from subject + const subjectStr = details.subjectStr || '' + const cnMatch = subjectStr.match(/CN=([^,]+)/) + if (cnMatch && cnMatch[1]) { + return cnMatch[1].trim() + } + + // Try to get first DNS name from SAN + if (details.raw && details.raw.extensions) { + const sanExtension = details.raw.extensions.find(ext => ext.name === 'subjectAltName') + if (sanExtension && sanExtension.altNames) { + const dnsName = sanExtension.altNames.find(altName => altName.type === 2) // DNS type + if (dnsName && dnsName.value) { + return dnsName.value.trim() + } + } + } + + // Fallback to first part of subject + const firstPart = subjectStr.split(',')[0] + if (firstPart && firstPart.includes('=')) { + return firstPart.split('=')[1]?.trim() + } + + return null + } + + // Parse certificate details when PEM text changes + const parseCertificateDetails = (pemText) => { + if (!pemText.trim() || !isValidPemCertificate(pemText)) { + setCertificateDetails(null) + return + } + + try { + const details = parseCertificate(pemToBase64(pemText)) + setCertificateDetails(details) + + // Auto-complete alias if it's empty + if (!alias.trim()) { + const suggestedAlias = getSuggestedAlias(details) + if (suggestedAlias) { + setAlias(suggestedAlias) + } + } + } catch (error) { + console.error('Failed to parse certificate details:', error) + setCertificateDetails(null) + } + } + + // Handle certificate verification + const handleVerifyCertificate = async () => { + if (!pemText.trim()) return + + setIsVerifying(true) + try { + const result = await verifyCertificate(pemText, privateKeyText || null) + setVerificationResult(result) + } catch (error) { + setVerificationResult({ + success: false, + error: error.message || 'Verification failed' + }) + } finally { + setIsVerifying(false) + } + } + + // Validation logic + const validate = () => { + const nextErrors = {} + if (!pemText.trim()) { + nextErrors.pemText = 'PEM content is required.' + } + if (!alias.trim()) { + nextErrors.alias = 'Alias is required.' + } + if (targetStore === 'private' && !privateKeyText.trim()) { + nextErrors.privateKeyText = 'Private key is required for private store.' + } + setErrors(nextErrors) + return Object.keys(nextErrors).length === 0 + } + + // Handle file upload + const handleFileUpload = async (e) => { + try { + const f = e.target.files && e.target.files[0] + setFile(f || null) + if (!f) return + const name = (f.name || '').toLowerCase() + if (!(name.endsWith('.pem') || name.endsWith('.key') || f.type === 'text/plain' || f.type === 'application/x-pem-file')) { + setErrors((prev) => ({ ...prev, file: 'Please select a .pem or .key file.' })) + return + } + const text = await f.text() + setPemText(text) + parseCertificateDetails(text) + setErrors((prev) => ({ ...prev, file: undefined, pemText: undefined })) + } catch (err) { + setErrors((prev) => ({ ...prev, file: 'Failed to read file.' })) + } + } + + // Handle private key file upload + const handlePrivateKeyFileUpload = async (e) => { + try { + const f = e.target.files && e.target.files[0] + setPrivateKeyFile(f || null) + if (!f) return + const name = (f.name || '').toLowerCase() + if (!(name.endsWith('.pem') || name.endsWith('.key') || f.type === 'text/plain' || f.type === 'application/x-pem-file')) { + setErrors((prev) => ({ ...prev, privateKeyFile: 'Please select a .pem or .key file.' })) + return + } + const text = await f.text() + setPrivateKeyText(text) + setErrors((prev) => ({ ...prev, privateKeyFile: undefined, privateKeyText: undefined })) + } catch (err) { + setErrors((prev) => ({ ...prev, privateKeyFile: 'Failed to read file.' })) + } + } + + // Handle PEM text change + const handlePemTextChange = (e) => { + setPemText(e.target.value) + parseCertificateDetails(e.target.value) + } + + // Handle private key text change + const handlePrivateKeyTextChange = (e) => { + setPrivateKeyText(e.target.value) + } + + // Handle alias change + const handleAliasChange = (e) => { + setAlias(e.target.value) + } + + return { + // State + alias, + pemText, + privateKeyText, + file, + privateKeyFile, + loading, + apiError, + errors, + certificateDetails, + verificationResult, + isVerifying, + + // Refs + fileInputRef, + privateKeyFileInputRef, + fileAccept, + + // Actions + setAlias, + setPemText, + setPrivateKeyText, + setFile, + setPrivateKeyFile, + setLoading, + setApiError, + setErrors, + setCertificateDetails, + setVerificationResult, + setIsVerifying, + + // Handlers + handleVerifyCertificate, + handleFileUpload, + handlePrivateKeyFileUpload, + handlePemTextChange, + handlePrivateKeyTextChange, + handleAliasChange, + parseCertificateDetails, + validate + } +} diff --git a/src/services/tlsService.js b/src/services/tlsService.js index e59889dc25..289bb08197 100644 --- a/src/services/tlsService.js +++ b/src/services/tlsService.js @@ -10,7 +10,7 @@ * 4. Remove or comment out the internal store variables and helper functions at the bottom */ -import { parseCertificate } from '../utils/certificateUtils.js' +import { parseCertificate, pemToBase64, privateKeyPemToBase64 } from '../utils/certificateUtils.js' // import { api } from './api.js' // Uncomment when API is ready // === INTERNAL STORE (remove when switching to real API) === @@ -128,34 +128,45 @@ export async function fetchCertificates() { } } -export async function updateCertificates(certificates, pairs) { +export async function updateCertificates(targetStore, certificateData) { try { // === INTERNAL STORE (for development) === // Simulate API delay await new Promise(resolve => setTimeout(resolve, 300)) - // Update internal store - if (certificates && certificates.length > 0) { - // Add new certificates to the store - for (const cert of certificates) { - const existing = internalStore.certificates.findIndex(c => c.alias === cert.alias) - if (existing >= 0) { - internalStore.certificates[existing] = cert - } else { - internalStore.certificates.push(cert) - } - } - } + const { alias, pemText, privateKeyText } = certificateData + + // Convert PEM to Base64 using utility functions + const base64Certificate = pemToBase64(pemText) - if (pairs && pairs.length > 0) { - // Add new pairs to the store - for (const pair of pairs) { - const existing = internalStore.pairs.findIndex(p => p.alias === pair.alias) - if (existing >= 0) { - internalStore.pairs[existing] = pair - } else { - internalStore.pairs.push(pair) - } + if (targetStore === 'trusted') { + // Add to trusted certificates + const cert = { + alias, + certificate: base64Certificate + } + + const existing = internalStore.certificates.findIndex(c => c.alias === alias) + if (existing >= 0) { + internalStore.certificates[existing] = cert + } else { + internalStore.certificates.push(cert) + } + } else if (targetStore === 'private') { + // Add to private key pairs + const base64PrivateKey = privateKeyPemToBase64(privateKeyText) + + const pair = { + alias, + certificate: base64Certificate, + privateKey: base64PrivateKey + } + + const existing = internalStore.pairs.findIndex(p => p.alias === alias) + if (existing >= 0) { + internalStore.pairs[existing] = pair + } else { + internalStore.pairs.push(pair) } } @@ -164,7 +175,7 @@ export async function updateCertificates(certificates, pairs) { console.log('[Internal Store] Updated:', internalStore) - return { success: true } + return { success: true, data: { alias, targetStore } } // === REAL API (uncomment when API is ready) === // const payload = {} From 116cec1993ca4b0985f81b8bb6e260d63ff04ec1 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 7 Oct 2025 13:27:41 +0300 Subject: [PATCH 083/360] Enhance CertificateCard and CertificateList: Improve layout and responsiveness of CertificateCard with flexbox styling. Update CertificateList to support responsive grid layout for better display on various screen sizes. Add word break and overflow handling for subject and issuer text in CertificateCard to enhance readability. --- src/components/CertificateCard.jsx | 57 ++++++++++++-- src/components/CertificateList.jsx | 9 ++- .../ImportCertificateDialogContent.jsx | 78 +++++++++++++++++-- src/components/UserInputsSection.jsx | 10 ++- src/hooks/useCertificateImport.js | 52 ++++++++++++- 5 files changed, 187 insertions(+), 19 deletions(-) diff --git a/src/components/CertificateCard.jsx b/src/components/CertificateCard.jsx index e47cd467cb..4d37719c7b 100644 --- a/src/components/CertificateCard.jsx +++ b/src/components/CertificateCard.jsx @@ -17,8 +17,14 @@ export default function CertificateCard({ certificate, onViewDetails, onExport, } = certificate return ( - - + + @@ -34,12 +40,36 @@ export default function CertificateCard({ certificate, onViewDetails, onExport, Subject: - {subject} + + {subject} + Issuer: - {issuer} + + {issuer} + @@ -84,11 +114,24 @@ export default function CertificateCard({ certificate, onViewDetails, onExport, - - - + diff --git a/src/components/CertificateList.jsx b/src/components/CertificateList.jsx index 24621dd1e7..048d9a577f 100644 --- a/src/components/CertificateList.jsx +++ b/src/components/CertificateList.jsx @@ -17,7 +17,14 @@ export default function CertificateList({ rows, loading, error, emptyText = 'No return ( {rows.map((row) => ( - + ))} diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index fa5389acb2..fe91d34f2a 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -1,8 +1,13 @@ -import React from 'react' +import React, { useState, useEffect } from 'react' import { Box, Stack, - Button + Button, + Dialog, + DialogTitle, + DialogContent, + DialogContentText, + DialogActions } from '@mui/material' import { useCertificateImport } from '../hooks/useCertificateImport' import CertificateDetailsSection from './CertificateDetailsSection' @@ -17,6 +22,8 @@ export default function ImportCertificateDialogContent({ onSubmit, onSuccess, }) { + const [showConfirmDialog, setShowConfirmDialog] = useState(false) + const { // State alias, @@ -30,6 +37,8 @@ export default function ImportCertificateDialogContent({ certificateDetails, verificationResult, isVerifying, + existingCertificates, + aliasWarning, // Refs fileInputRef, @@ -47,12 +56,31 @@ export default function ImportCertificateDialogContent({ handlePemTextChange, handlePrivateKeyTextChange, handleAliasChange, - validate + validate, + loadExistingCertificates, + checkAliasExists } = useCertificateImport(targetStore) + // Load existing certificates on component mount + useEffect(() => { + loadExistingCertificates() + }, [loadExistingCertificates]) + const handleSubmit = async () => { if (!validate()) return + // Check if alias already exists + const aliasExists = checkAliasExists(alias) + if (aliasExists) { + setShowConfirmDialog(true) + return + } + + // Proceed with import if no conflict + await performImport() + } + + const performImport = async () => { setLoading(true) setApiError(null) try { @@ -74,6 +102,15 @@ export default function ImportCertificateDialogContent({ } } + const handleConfirmReplace = async () => { + setShowConfirmDialog(false) + await performImport() + } + + const handleCancelReplace = () => { + setShowConfirmDialog(false) + } + return ( - {/* Left Column - User Inputs */} - + + {/* Confirmation Dialog for Replacing Existing Certificate */} + + + Replace Existing Certificate + + + + A certificate with the alias "{alias}" already exists. This will replace the existing certificate. Are you sure you want to continue? + + + + + + + ) } diff --git a/src/components/UserInputsSection.jsx b/src/components/UserInputsSection.jsx index c30eae2ab1..94a1bd676b 100644 --- a/src/components/UserInputsSection.jsx +++ b/src/components/UserInputsSection.jsx @@ -19,6 +19,7 @@ const UserInputsSection = ({ apiError, errors, targetStore, + aliasWarning, // Refs fileInputRef, @@ -50,10 +51,15 @@ const UserInputsSection = ({ value={alias} onChange={handleAliasChange} error={Boolean(errors.alias)} - helperText={errors.alias || "Provide a unique alias for this certificate"} + helperText={errors.alias || aliasWarning || "Provide a unique alias for this certificate"} fullWidth required - sx={{ marginTop: '10px !important' }} + sx={{ + marginTop: '10px !important', + '& .MuiFormHelperText-root': { + color: aliasWarning ? 'warning.main' : 'inherit' + } + }} /> { // State management @@ -15,6 +16,8 @@ export const useCertificateImport = (targetStore) => { const [certificateDetails, setCertificateDetails] = useState(null) const [verificationResult, setVerificationResult] = useState(null) const [isVerifying, setIsVerifying] = useState(false) + const [existingCertificates, setExistingCertificates] = useState([]) + const [aliasWarning, setAliasWarning] = useState(null) // Refs const fileInputRef = useRef(null) @@ -22,6 +25,36 @@ export const useCertificateImport = (targetStore) => { const fileAccept = '.pem,.key,text/plain,application/x-pem-file' + // Load existing certificates to check for alias conflicts + const loadExistingCertificates = async () => { + try { + const certificates = await fetchCertificates() + setExistingCertificates(certificates) + } catch (error) { + console.error('Failed to load existing certificates:', error) + } + } + + // Check if alias already exists + const checkAliasExists = (aliasToCheck) => { + if (!aliasToCheck.trim()) { + setAliasWarning(null) + return false + } + + const exists = existingCertificates.some(cert => + cert.alias.toLowerCase() === aliasToCheck.toLowerCase() + ) + + if (exists) { + setAliasWarning('This alias is already in use') + return true + } else { + setAliasWarning(null) + return false + } + } + // Get suggested alias from certificate details const getSuggestedAlias = (details) => { if (!details) return null @@ -69,7 +102,12 @@ export const useCertificateImport = (targetStore) => { const suggestedAlias = getSuggestedAlias(details) if (suggestedAlias) { setAlias(suggestedAlias) + // Check for conflicts immediately after setting the suggested alias + checkAliasExists(suggestedAlias) } + } else { + // If alias is already set, check for conflicts + checkAliasExists(alias) } } catch (error) { console.error('Failed to parse certificate details:', error) @@ -124,7 +162,7 @@ export const useCertificateImport = (targetStore) => { } const text = await f.text() setPemText(text) - parseCertificateDetails(text) + parseCertificateDetails(text) // This will now check for alias conflicts setErrors((prev) => ({ ...prev, file: undefined, pemText: undefined })) } catch (err) { setErrors((prev) => ({ ...prev, file: 'Failed to read file.' })) @@ -153,7 +191,7 @@ export const useCertificateImport = (targetStore) => { // Handle PEM text change const handlePemTextChange = (e) => { setPemText(e.target.value) - parseCertificateDetails(e.target.value) + parseCertificateDetails(e.target.value) // This will now check for alias conflicts } // Handle private key text change @@ -163,7 +201,9 @@ export const useCertificateImport = (targetStore) => { // Handle alias change const handleAliasChange = (e) => { - setAlias(e.target.value) + const newAlias = e.target.value + setAlias(newAlias) + checkAliasExists(newAlias) } return { @@ -179,6 +219,8 @@ export const useCertificateImport = (targetStore) => { certificateDetails, verificationResult, isVerifying, + existingCertificates, + aliasWarning, // Refs fileInputRef, @@ -206,6 +248,8 @@ export const useCertificateImport = (targetStore) => { handlePrivateKeyTextChange, handleAliasChange, parseCertificateDetails, - validate + validate, + loadExistingCertificates, + checkAliasExists } } From 0d502b5a9afd70997d3d773dc12bb568b5dd853d Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 7 Oct 2025 13:34:08 +0300 Subject: [PATCH 084/360] Refactor CertificateDetailsSection and enhance certificate import functionality: Replace Security icon with Info icon in CertificateDetailsSection. Update useCertificateImport hook to support asynchronous parsing and auto-verification of certificate details, improving user experience during certificate import. --- src/components/CertificateDetailsSection.jsx | 4 +- src/hooks/useCertificateImport.js | 54 +++++++++++++++++--- 2 files changed, 49 insertions(+), 9 deletions(-) diff --git a/src/components/CertificateDetailsSection.jsx b/src/components/CertificateDetailsSection.jsx index 9c74068f33..759bb8abfb 100644 --- a/src/components/CertificateDetailsSection.jsx +++ b/src/components/CertificateDetailsSection.jsx @@ -5,7 +5,7 @@ import { Stack, Chip } from '@mui/material' -import { Security } from '@mui/icons-material' +import { Info } from '@mui/icons-material' const CertificateDetailsSection = ({ certificateDetails }) => { if (!certificateDetails) return null @@ -13,7 +13,7 @@ const CertificateDetailsSection = ({ certificateDetails }) => { return ( - + Certificate Details diff --git a/src/hooks/useCertificateImport.js b/src/hooks/useCertificateImport.js index 6505b2ee8a..85493ec3e7 100644 --- a/src/hooks/useCertificateImport.js +++ b/src/hooks/useCertificateImport.js @@ -87,9 +87,10 @@ export const useCertificateImport = (targetStore) => { } // Parse certificate details when PEM text changes - const parseCertificateDetails = (pemText) => { + const parseCertificateDetails = async (pemText) => { if (!pemText.trim() || !isValidPemCertificate(pemText)) { setCertificateDetails(null) + setVerificationResult(null) return } @@ -109,9 +110,35 @@ export const useCertificateImport = (targetStore) => { // If alias is already set, check for conflicts checkAliasExists(alias) } + + // Auto-verify certificate + await performAutoVerification(pemText) } catch (error) { console.error('Failed to parse certificate details:', error) setCertificateDetails(null) + setVerificationResult(null) + } + } + + // Perform auto-verification + const performAutoVerification = async (pemText, privateKeyPem = null) => { + if (!pemText.trim()) return + + setIsVerifying(true) + try { + // Use provided private key or current state + const keyToUse = privateKeyPem !== null ? privateKeyPem : + (targetStore === 'private' && privateKeyText.trim() ? privateKeyText : null) + + const result = await verifyCertificate(pemText, keyToUse) + setVerificationResult(result) + } catch (error) { + setVerificationResult({ + success: false, + error: `Auto-verification failed: ${error.message}` + }) + } finally { + setIsVerifying(false) } } @@ -162,7 +189,7 @@ export const useCertificateImport = (targetStore) => { } const text = await f.text() setPemText(text) - parseCertificateDetails(text) // This will now check for alias conflicts + await parseCertificateDetails(text) // This will now auto-verify and check for alias conflicts setErrors((prev) => ({ ...prev, file: undefined, pemText: undefined })) } catch (err) { setErrors((prev) => ({ ...prev, file: 'Failed to read file.' })) @@ -182,6 +209,12 @@ export const useCertificateImport = (targetStore) => { } const text = await f.text() setPrivateKeyText(text) + + // Auto-verify if certificate is already present + if (pemText.trim()) { + await performAutoVerification(pemText, text) + } + setErrors((prev) => ({ ...prev, privateKeyFile: undefined, privateKeyText: undefined })) } catch (err) { setErrors((prev) => ({ ...prev, privateKeyFile: 'Failed to read file.' })) @@ -189,14 +222,20 @@ export const useCertificateImport = (targetStore) => { } // Handle PEM text change - const handlePemTextChange = (e) => { + const handlePemTextChange = async (e) => { setPemText(e.target.value) - parseCertificateDetails(e.target.value) // This will now check for alias conflicts + await parseCertificateDetails(e.target.value) // This will now auto-verify and check for alias conflicts } // Handle private key text change - const handlePrivateKeyTextChange = (e) => { - setPrivateKeyText(e.target.value) + const handlePrivateKeyTextChange = async (e) => { + const newPrivateKeyText = e.target.value + setPrivateKeyText(newPrivateKeyText) + + // Auto-verify if certificate is already present + if (pemText.trim()) { + await performAutoVerification(pemText, newPrivateKeyText) + } } // Handle alias change @@ -250,6 +289,7 @@ export const useCertificateImport = (targetStore) => { parseCertificateDetails, validate, loadExistingCertificates, - checkAliasExists + checkAliasExists, + performAutoVerification } } From 9d9889413636622aa4a49502ea8954cffee96bec Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 7 Oct 2025 13:38:42 +0300 Subject: [PATCH 085/360] Refactor UserInputsSection: Improve styling and layout of the alias input field in the certificate import form. Enhance visual feedback for alias warnings with updated border colors and helper text styling, ensuring a more intuitive user experience. --- src/components/UserInputsSection.jsx | 47 +++++++++++++++++----------- 1 file changed, 29 insertions(+), 18 deletions(-) diff --git a/src/components/UserInputsSection.jsx b/src/components/UserInputsSection.jsx index 94a1bd676b..dbbf3b2f23 100644 --- a/src/components/UserInputsSection.jsx +++ b/src/components/UserInputsSection.jsx @@ -20,12 +20,12 @@ const UserInputsSection = ({ errors, targetStore, aliasWarning, - + // Refs fileInputRef, privateKeyFileInputRef, fileAccept, - + // Handlers handleAliasChange, handlePemTextChange, @@ -35,7 +35,7 @@ const UserInputsSection = ({ setApiError }) => { return ( - @@ -46,21 +46,32 @@ const UserInputsSection = ({ )} - + Date: Tue, 7 Oct 2025 13:53:39 +0300 Subject: [PATCH 086/360] Enhance ImportCertificateDialogContent: Implement final certificate verification before import, including error handling and user feedback through a validation error dialog. Update verifyCertificate utility to return detailed validation results, improving overall user experience during certificate import. --- .../ImportCertificateDialogContent.jsx | 69 +++++++++++++++++-- src/utils/verificationUtils.js | 12 +++- 2 files changed, 73 insertions(+), 8 deletions(-) diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index fe91d34f2a..718b08cfd4 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -15,6 +15,7 @@ import CertificateVerificationSection from './CertificateVerificationSection' import UserInputsSection from './UserInputsSection' import MobileCertificateSection from './MobileCertificateSection' import { updateCertificates } from '../services/tlsService.js' +import { verifyCertificate } from '../utils/verificationUtils.js' export default function ImportCertificateDialogContent({ targetStore = 'trusted', @@ -23,6 +24,8 @@ export default function ImportCertificateDialogContent({ onSuccess, }) { const [showConfirmDialog, setShowConfirmDialog] = useState(false) + const [showValidationDialog, setShowValidationDialog] = useState(false) + const [validationError, setValidationError] = useState(null) const { // State @@ -66,6 +69,28 @@ export default function ImportCertificateDialogContent({ loadExistingCertificates() }, [loadExistingCertificates]) + // Reusable verification function + const performFinalVerification = async () => { + try { + const privateKeyPem = targetStore === 'private' && privateKeyText.trim() + ? privateKeyText + : null + + const verificationResult = await verifyCertificate(pemText, privateKeyPem) + + if (!verificationResult.success) { + setValidationError(verificationResult.error || 'Certificate validation failed') + setShowValidationDialog(true) + return false + } + return true + } catch (error) { + setValidationError('Certificate validation failed: ' + error.message) + setShowValidationDialog(true) + return false + } + } + const handleSubmit = async () => { if (!validate()) return @@ -76,7 +101,11 @@ export default function ImportCertificateDialogContent({ return } - // Proceed with import if no conflict + // Final verification before import + const verificationPassed = await performFinalVerification() + if (!verificationPassed) return + + // Proceed with import if verification passes await performImport() } @@ -104,6 +133,12 @@ export default function ImportCertificateDialogContent({ const handleConfirmReplace = async () => { setShowConfirmDialog(false) + + // Final verification before import + const verificationPassed = await performFinalVerification() + if (!verificationPassed) return + + // Proceed with import if verification passes await performImport() } @@ -227,8 +262,30 @@ export default function ImportCertificateDialogContent({ > {loading ? 'Replacing...' : 'Replace Certificate'} - - - - ) -} + + + + {/* Validation Error Dialog */} + setShowValidationDialog(false)} + aria-labelledby="validation-dialog-title" + aria-describedby="validation-dialog-description" + > + + Certificate Validation Failed + + + + {validationError} + + + + + + + + ) + } diff --git a/src/utils/verificationUtils.js b/src/utils/verificationUtils.js index cf1f0459ec..648838f5af 100644 --- a/src/utils/verificationUtils.js +++ b/src/utils/verificationUtils.js @@ -346,8 +346,13 @@ export function verifyCertificate(certText, keyText = null) { keyValidation = validatePrivateKey(certificates[0], keyText) } + // Determine overall success based on validation results + const chainValid = chainValidation && chainValidation.isValid + const keyValid = !keyText || (keyValidation && keyValidation.isValid) + const overallSuccess = chainValid && keyValid + return { - success: true, + success: overallSuccess, certificates, certDetails, chainValidation, @@ -359,7 +364,10 @@ export function verifyCertificate(certText, keyText = null) { issuer: getSubjectField(certObj.cert, 'CN', 'issuer'), validFrom: certObj.cert.validity.notBefore.toDateString(), validTo: certObj.cert.validity.notAfter.toDateString() - })) : null + })) : null, + error: !overallSuccess ? + (!chainValid ? 'Certificate chain validation failed' : 'Private key validation failed') : + null } } catch (error) { From 1a2e782077154a3371ece27d90deb586d4928d77 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 7 Oct 2025 13:59:26 +0300 Subject: [PATCH 087/360] Add dayjs for date handling in StatusPill component: Refactor date validation and status computation to utilize dayjs for improved accuracy and readability. Update package.json and package-lock.json to include dayjs dependency. --- package-lock.json | 7 +++++++ package.json | 1 + src/components/StatusPill.jsx | 39 ++++++++++++++++++++++++++++------- 3 files changed, 40 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index b7d18dd1ee..868c590bc6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,6 +13,7 @@ "@mui/icons-material": "^7.3.2", "@mui/material": "^7.3.2", "axios": "^1.12.2", + "dayjs": "^1.11.18", "express": "^5.1.0", "http-proxy-middleware": "^3.0.5", "node-forge": "^1.3.1", @@ -2412,6 +2413,12 @@ "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.3.tgz", "integrity": "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==" }, + "node_modules/dayjs": { + "version": "1.11.18", + "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.18.tgz", + "integrity": "sha512-zFBQ7WFRvVRhKcWoUh+ZA1g2HVgUbsZm9sbddh8EC5iv93sui8DVVz1Npvz+r6meo9VKfa8NyLWBsQK1VvIKPA==", + "license": "MIT" + }, "node_modules/debug": { "version": "4.4.3", "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", diff --git a/package.json b/package.json index 3c9c622197..514eb3e2f7 100644 --- a/package.json +++ b/package.json @@ -17,6 +17,7 @@ "@mui/icons-material": "^7.3.2", "@mui/material": "^7.3.2", "axios": "^1.12.2", + "dayjs": "^1.11.18", "express": "^5.1.0", "http-proxy-middleware": "^3.0.5", "node-forge": "^1.3.1", diff --git a/src/components/StatusPill.jsx b/src/components/StatusPill.jsx index 590e86e51c..a0be1a75ef 100644 --- a/src/components/StatusPill.jsx +++ b/src/components/StatusPill.jsx @@ -1,16 +1,41 @@ import React, { useMemo } from 'react' import { Chip } from '@mui/material' +import dayjs from 'dayjs' function computeStatus(validFrom, validTo, thresholdDays = 30) { - const now = new Date() - const start = validFrom ? new Date(validFrom) : null - const end = validTo ? new Date(validTo) : null - if (end && end < now) return { label: 'Expired', color: 'error' } + const now = dayjs() + + // Parse dates with dayjs for better handling + const start = validFrom ? dayjs(validFrom) : null + const end = validTo ? dayjs(validTo) : null + + // Validate that dates are actually valid + if (start && !start.isValid()) { + return { label: 'Invalid start date', color: 'error' } + } + if (end && !end.isValid()) { + return { label: 'Invalid end date', color: 'error' } + } + + // Check if certificate is not yet valid + if (start && start.isAfter(now)) { + const daysUntilValid = start.diff(now, 'day') + return { label: `Valid in ${daysUntilValid} days`, color: 'info' } + } + + // Check if certificate is expired + if (end && end.isBefore(now)) { + return { label: 'Expired', color: 'error' } + } + + // Check if certificate is expiring soon if (end) { - const msLeft = end.getTime() - now.getTime() - const daysLeft = msLeft / (1000 * 60 * 60 * 24) - if (daysLeft <= thresholdDays) return { label: 'Expiring soon', color: 'warning' } + const daysLeft = end.diff(now, 'day') + if (daysLeft <= thresholdDays && daysLeft >= 0) { + return { label: `Expires in ${daysLeft} days`, color: 'warning' } + } } + return { label: 'Valid', color: 'success' } } From e5504fafdae61e016efc1a385507351c9d740de1 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 7 Oct 2025 14:03:24 +0300 Subject: [PATCH 088/360] Add technical specifications document for Settings Dashboard: Outline project overview, technology stack, architecture, key features, and development guidelines to provide a comprehensive reference for future development and enhancements. --- specs.md | 216 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 216 insertions(+) create mode 100644 specs.md diff --git a/specs.md b/specs.md new file mode 100644 index 0000000000..f8c4b9d66a --- /dev/null +++ b/specs.md @@ -0,0 +1,216 @@ +# Settings Dashboard - Technical Specifications + +## Project Overview + +A React-based certificate management dashboard built with Vite, Material-UI, and Tailwind CSS v4. The application provides comprehensive SSL/TLS certificate management with import, verification, and display capabilities. + +## Technology Stack + +- **Frontend**: React 18+ with functional components and hooks +- **Build Tool**: Vite with base path `/dashboard/` +- **UI Framework**: Material-UI (MUI) for components +- **Styling**: Tailwind CSS v4 for utilities +- **Routing**: React Router DOM v6 +- **Date Handling**: dayjs for robust date operations +- **Cryptography**: node-forge for certificate parsing and validation +- **State Management**: React Context and custom hooks + +## Architecture + +### Core Components + +**Layout Components:** +- `DashboardLayout.jsx` - Main layout with top bar (no sidebar) +- `ProtectedRoute.jsx` - Route protection for authenticated users +- `AuthContext.jsx` - Authentication state management + +**Certificate Management:** +- `TlsManagement.jsx` - Main certificate management page with tabbed interface +- `CertificateList.jsx` - Responsive grid layout for certificate display +- `CertificateCard.jsx` - Individual certificate card component +- `StatusPill.jsx` - Certificate validity status indicator + +**Import System:** +- `ImportCertificateDialogContent.jsx` - Main import dialog orchestrator +- `UserInputsSection.jsx` - Form inputs and file uploads +- `CertificateDetailsSection.jsx` - Live certificate details display +- `CertificateVerificationSection.jsx` - Certificate verification results +- `MobileCertificateSection.jsx` - Mobile-responsive certificate display + +**Details & Verification:** +- `CertificateDetailsDialog.jsx` - Comprehensive certificate information viewer +- `useCertificateImport.js` - Custom hook for import logic and state management + +### Data Flow + +**Certificate Storage:** +- Internal memory store with localStorage persistence +- Three certificate stores: `native`, `trusted`, `private` +- Base64-encoded PEM format for certificates and private keys + +**API Integration:** +- GET `/tlsmanager/certificates` - Fetch all certificates +- PUT `/tlsmanager/certificates` - Update certificate stores +- Simulated API delays (300ms) for realistic behavior + +## Key Features + +### Certificate Import System + +**Multi-Format Support:** +- PEM certificate import (paste or file upload) +- Private key import for private store +- Automatic certificate parsing and validation +- Real-time certificate details display + +**Import Workflow:** +1. User selects target store (trusted/private) +2. Provides certificate (paste/upload) and optional private key +3. Live certificate details appear immediately +4. Auto-verification runs automatically +5. Alias conflict detection with warnings +6. Final verification before import +7. Confirmation dialog for existing aliases + +**Validation Features:** +- Certificate chain validation +- Private key matching verification +- Certificate status checking (valid/expired/expiring) +- Fingerprint generation (SHA-1/SHA-256) +- Subject Alternative Names extraction + +### User Interface + +**Responsive Design:** +- Two-column layout for import dialog (desktop) +- Mobile-responsive stacked layout +- Responsive certificate grid (1-4 columns based on screen size) +- Consistent Material-UI theming + +**Certificate Display:** +- Card-based layout with status indicators +- Real-time validity status with dayjs +- Comprehensive certificate information +- Export and view details functionality + +**Status Management:** +- Color-coded status pills (Valid/Expiring/Expired) +- Automatic status calculation with configurable thresholds +- Date validation and error handling +- Timezone-aware date operations + +### Security & Validation + +**Certificate Verification:** +- Chain validation with signature verification +- Private key matching for certificate pairs +- Comprehensive error reporting +- Security-focused validation logic + +**Data Integrity:** +- Base64 encoding for secure storage +- PEM format validation +- Certificate fingerprint verification +- Private key format validation + +## Technical Implementation + +### Custom Hooks + +**`useCertificateImport`:** +- Centralized import logic and state management +- Auto-completion for certificate aliases +- Real-time conflict detection +- Verification orchestration + +**`useCertificates`:** +- Certificate data fetching and filtering +- Store-specific data management +- Search and filtering capabilities + +### Utility Functions + +**Certificate Processing:** +- `certificateUtils.js` - PEM conversion and parsing +- `verificationUtils.js` - Comprehensive certificate verification +- `dateUtils.js` - Date formatting and manipulation + +**Service Layer:** +- `tlsService.js` - API integration and data persistence +- `authService.js` - Authentication management +- `api.js` - HTTP client configuration + +### State Management + +**Authentication:** +- Context-based authentication state +- Protected route implementation +- Login/logout functionality + +**Certificate Management:** +- Local state for UI interactions +- Persistent storage with localStorage +- Real-time updates and synchronization + +## Development Guidelines + +### Code Organization + +**Component Structure:** +- Single responsibility principle +- Reusable component design +- Custom hooks for business logic +- Clear prop interfaces + +**Styling Approach:** +- Material-UI components with sx props +- Tailwind utilities for layout and spacing +- Consistent color scheme and theming +- Responsive design patterns + +### Best Practices + +**React Patterns:** +- Functional components with hooks +- Custom hooks for logic reuse +- Proper state management +- Performance optimization + +**Code Quality:** +- ESLint configuration +- TypeScript-ready structure +- Comprehensive error handling +- User-friendly error messages + +## Deployment Configuration + +**Build Settings:** +- Vite base path: `/dashboard/` +- Asset optimization +- Production-ready build +- Environment variable support + +**Browser Support:** +- Modern browser compatibility +- ES6+ feature support +- Responsive design +- Accessibility considerations + +## Future Enhancements + +**Planned Features:** +- Real API integration (currently using internal store) +- Advanced certificate filtering +- Bulk operations +- Certificate renewal notifications +- Advanced security features + +**Technical Improvements:** +- Performance optimization +- Enhanced error handling +- Advanced validation rules +- Improved mobile experience + +--- + +*This specification document provides a comprehensive overview of the Settings Dashboard project, covering architecture, features, implementation details, and development guidelines.* From 6c4dae736e0980a17b431233abeaf3445934c6a5 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 8 Oct 2025 16:06:33 +0300 Subject: [PATCH 089/360] Add private key capability for mTLS --- .../tlsmanager/server/CertificateService.java | 27 +++++++++++++++++++ .../server/SocketFactoryService.java | 19 +++++++++++-- 2 files changed, 44 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index a759827794..5d1da03224 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -39,6 +39,7 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.util.Collections; import java.util.HashSet; @@ -116,6 +117,32 @@ void init(TLSPluginConfiguration pluginConfiguration) { loadKeyStore(externalKeyStore, extraKeyStoreBytes, extraKeyStoreBackend.loadPassword()); } + KeyStore getKeyStore(String alias, DestinationConnector connector) { + try { + var keystore = KeyStore.getInstance(PKCS12); + keystore.load(null, new char[0]); + + if (externalKeyStore.isKeyEntry(alias)) { + var certChain = externalKeyStore.getCertificateChain(alias); + var privateKey = externalKeyStore.getKey(alias, new char[0]); + + keystore.setKeyEntry( + alias, + privateKey, + new char[0], + certChain + ); + } else { + log.warn("Alias ({}) is not a key entry", alias); + } + + return keystore; + } catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException e) { + log.error("Error creating a keystore", e); + throw new RuntimeException(e); + } + } + KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet, DestinationConnector connector) { try { KeyStore finalTrustStore; diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index 376fbf9092..1b0d94b78a 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -3,18 +3,23 @@ import com.mirth.connect.donkey.server.channel.DestinationConnector; import com.mirth.connect.server.controllers.ConfigurationController; import com.mirth.connect.util.MirthSSLUtil; +import lombok.extern.slf4j.Slf4j; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.openintegrationengine.tlsmanager.server.revocation.DualCheckerTrustManager; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; import java.util.concurrent.ConcurrentHashMap; +@Slf4j public class SocketFactoryService { private final ConfigurationController configurationController; @@ -50,9 +55,18 @@ public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector null ); + KeyManager[] keyManagers = null; + var clientAlias = properties.getClientCertificateAlias(); + if (clientAlias != null && !clientAlias.isBlank()) { + var keystore = certificateService.getKeyStore(clientAlias, connector); + + var keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + keyManagerFactory.init(keystore, new char[0]); + keyManagers = keyManagerFactory.getKeyManagers(); + } var sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, new TrustManager[] { dualcheckerTrustManager }, null); + sslContext.init(keyManagers, new TrustManager[] { dualcheckerTrustManager }, null); var protocolArray = properties.isUseServerDefaultProtocols() ? MirthSSLUtil.getEnabledHttpsProtocols(configurationController.getHttpsServerProtocols()) @@ -72,7 +86,8 @@ public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector cipherArray, hostnameVerificationStrategy ); - } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) { + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e) { + log.error("Error generating SSLConnectionSocketFactory", e); throw new RuntimeException(e); } } From d0ac61d51a22c74d3346dc65d31699c8a8d80dc1 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 8 Oct 2025 16:08:00 +0300 Subject: [PATCH 090/360] Add debug logs to connection test --- .../server/util/ConnectionUtils.java | 21 +++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java index ed021b2fea..9ba9ed44aa 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java @@ -11,11 +11,12 @@ import java.io.IOException; import java.net.InetSocketAddress; import java.net.Socket; +import java.net.SocketTimeoutException; @Slf4j public class ConnectionUtils { - private static SchemePortResolver defaultResolver = new DefaultSchemePortResolver(); + private static SchemePortResolver defaultSchemePortResolver = new DefaultSchemePortResolver(); public static ConnectionTestResponse thing( SSLConnectionSocketFactory socketFactory, @@ -51,7 +52,7 @@ public static ConnectionTestResponse thing( var target = HttpHost.create(host); - InetSocketAddress remoteAddress = new InetSocketAddress(target.getHostName(), defaultResolver.resolve(target)); + InetSocketAddress remoteAddress = new InetSocketAddress(target.getHostName(), defaultSchemePortResolver.resolve(target)); InetSocketAddress localAddress = null; if (localAddr != null) { @@ -83,10 +84,22 @@ public static ConnectionTestResponse thing( remoteAddress.getPort() ); + if (log.isDebugEnabled()) { + // Handshake is done if we got here. Inspect what happened: + var sess = sslSocket.getSession(); + log.debug("Protocol: {}", sess.getProtocol()); + log.debug("Cipher: {}", sess.getCipherSuite()); + log.debug("Peer: {}", sess.getPeerPrincipal()); + + // Did we actually present a client cert? + var localCerts = sess.getLocalCertificates(); // null => none presented + var localPrinc = sess.getLocalPrincipal(); // null => none presented + log.debug("Client cert presented? {}", localPrinc != null); + } return new ConnectionTestResponse(ConnectionTestResponse.Type.SUCCESS, "Successfully connected to host: " + connectionInfo, connectionInfo); } catch (Exception e) { - log.error("Error connecting to host: " + host, e); - return new ConnectionTestResponse(ConnectionTestResponse.Type.FAILURE, e.getMessage()); + log.error("Error connecting to host: {}", host, e); + throw e; } } } From 1d57e33c4b8800cccbaf3d445d5ba6be9756415d Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 8 Oct 2025 16:08:26 +0300 Subject: [PATCH 091/360] Add socket liveness probe to connection test --- .../server/util/ConnectionUtils.java | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java index 9ba9ed44aa..23e75bd03a 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java @@ -96,10 +96,57 @@ public static ConnectionTestResponse thing( var localPrinc = sess.getLocalPrincipal(); // null => none presented log.debug("Client cert presented? {}", localPrinc != null); } + + isSocketAlive(sslSocket); + return new ConnectionTestResponse(ConnectionTestResponse.Type.SUCCESS, "Successfully connected to host: " + connectionInfo, connectionInfo); } catch (Exception e) { log.error("Error connecting to host: {}", host, e); throw e; } } + + /** + * Performs a lightweight check to see if the given {@link Socket} appears alive. + *

+ * This method verifies local socket state and performs a short read with a timeout + * to detect EOF or I/O errors. It returns {@code true} if the connection seems open + * and responsive, or {@code false} if it is closed, reset, or reaches end-of-stream. + *

+ * Note that TCP cannot guarantee remote liveness without actual I/O, so this result + * is best-effort only. + * + * @param socket the socket to test (not {@code null}) + * @return {@code true} if the socket likely remains open; {@code false} otherwise + */ + + private static boolean isSocketAlive(Socket socket) throws IOException { + log.trace("Checking socket liveness"); + int oldTimeOut = socket.getSoTimeout(); + socket.setSoTimeout(100); // 100ms read timeout + + log.trace("Set socket timeout to 100ms"); + + var in = socket.getInputStream(); + + try { + if (in.available() > 0 || in.read() >= 0) { + // Data received (or connection still healthy) + log.debug("Socket alive (data or no EOF)"); + } else { + // read() == -1 → remote closed cleanly + log.debug("Socket dead (EOF)"); + } + } catch (SocketTimeoutException e) { + // no data within timeout → probably still open + log.debug("Socket alive (idle)"); + } catch (IOException e) { + // network error, RST, etc. + log.debug("Socket dead (idle)", e); + } finally { + socket.setSoTimeout(oldTimeOut); + } + + return true; + } } From 368a9acc1301f43bfc4b61244c788e24f1ead075 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 8 Oct 2025 16:58:49 +0300 Subject: [PATCH 092/360] Fix argument order --- .../tlsmanager/shared/models/TLSPluginConfiguration.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java index 64a8d3be9e..80bf89966f 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java @@ -22,8 +22,8 @@ public static TLSPluginConfiguration fromEnv() { getPersistenceMode(), readKeyFromEnv(ENV_PERSISTENCE_FS_TRUSTSTOREPATH, false), readKeyFromEnv(ENV_PERSISTENCE_FS_TRUSTSTOREPASS, false), - readKeyFromEnv(ENV_PERSISTENCE_FS_KEYSTOREPASS, false), - readKeyFromEnv(ENV_PERSISTENCE_FS_KEYSTOREPATH, false) + readKeyFromEnv(ENV_PERSISTENCE_FS_KEYSTOREPATH, false), + readKeyFromEnv(ENV_PERSISTENCE_FS_KEYSTOREPASS, false) ); return conf; From a0f2db1202609c22088df3e31bb32fc2b1e15b82 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 8 Oct 2025 17:55:17 +0300 Subject: [PATCH 093/360] Remove custom OCSP address lookup --- .../revocation/DualCheckerTrustManager.java | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java index cac8257591..e7b54eaa6e 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -147,12 +147,6 @@ private void pkixOcspOnly(CertPath path, Set anchors, boolean softF if (softFail) opts.add(PKIXRevocationChecker.Option.SOFT_FAIL); - // Fixed responder or AIA from leaf - var ocspUrl = firstOcspUrlFromAIA((X509Certificate) path.getCertificates().get(0)); - if (ocspUrl != null) { - revocationChecker.setOcspResponder(ocspUrl); - } - revocationChecker.setOptions(opts); params.addCertPathChecker(revocationChecker); @@ -200,22 +194,6 @@ private static Set anchorsFrom(KeyStore ks) throws KeyStoreExceptio return out; } - private static URI firstOcspUrlFromAIA(X509Certificate cert) { - try { - byte[] ext = cert.getExtensionValue(Extension.authorityInfoAccess.getId()); - if (ext == null) return null; - byte[] inner = ((DEROctetString) ASN1Primitive.fromByteArray(ext)).getOctets(); - AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(ASN1Primitive.fromByteArray(inner)); - for (AccessDescription ad : aia.getAccessDescriptions()) { - if (ad.getAccessMethod().equals(AccessDescription.id_ad_ocsp)) { - String uri = ad.getAccessLocation().getName().toString(); - if (uri.startsWith("http://") || uri.startsWith("https://")) return URI.create(uri); - } - } - } catch (Exception ignore) {} - return null; - } - private static Collection fetchCrlsFromCrlDP(X509Certificate[] chain) { List out = new ArrayList<>(); try { From 109c92e3abd8b4e5a7989af9afd4d711fa665d6b Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 8 Oct 2025 17:56:02 +0300 Subject: [PATCH 094/360] Expose actual exceptions from DualCheckerTrustManager --- .../revocation/DualCheckerTrustManager.java | 32 +++---------------- 1 file changed, 5 insertions(+), 27 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java index e7b54eaa6e..eb1503f3ab 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -90,37 +90,15 @@ private void validate(X509Certificate[] chain) throws CertificateException { // OCSP-only pass (if requested) if (ocspMode != RevocationMode.DISABLED) { - try { - pkixOcspOnly(certPath, anchors, ocspMode == RevocationMode.SOFT_FAIL); - } catch (CertPathValidatorException e) { - if (e.getReason() == CertPathValidatorException.BasicReason.REVOKED) { - throw new CertificateException("OCSP: certificate revoked", e); - } - - if (ocspMode == RevocationMode.HARD_FAIL) { - throw new CertificateException("OCSP hard-fail: " + e.getReason(), e); - } - // SOFT_FAIL: ignore - } + pkixOcspOnly(certPath, anchors, ocspMode == RevocationMode.SOFT_FAIL); } // CRL-only pass (if requested) if (crlMode != RevocationMode.DISABLED) { - try { - // Preloaded CRLs + CRLDP-fetched CRLs (HTTP) - List crls = new ArrayList<>(preloadedCrls); - crls.addAll(fetchCrlsFromCrlDP(chain)); - pkixCrlOnly(certPath, anchors, crls, crlMode == RevocationMode.SOFT_FAIL); - } catch (CertPathValidatorException e) { - if (e.getReason() == CertPathValidatorException.BasicReason.REVOKED) { - throw new CertificateException("CRL: certificate revoked", e); - } - - if (crlMode == RevocationMode.HARD_FAIL) { - throw new CertificateException("CRL hard-fail: " + e.getReason(), e); - } - // SOFT_FAIL: ignore - } + // Preloaded CRLs + CRLDP-fetched CRLs (HTTP) + List crls = new ArrayList<>(preloadedCrls); + crls.addAll(fetchCrlsFromCrlDP(chain)); + pkixCrlOnly(certPath, anchors, crls, crlMode == RevocationMode.SOFT_FAIL); } // If both are HARD_FAIL, reaching here means both passes succeeded. From 208fd97779c3d568519ca30c8f0bb04791cd3f13 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 8 Oct 2025 17:57:10 +0300 Subject: [PATCH 095/360] Import some tests from test repo --- .../tlsmanager/server/HttpSenderTest.java | 173 ++++++++++++++++++ .../properties/TLSConnectorProperties.java | 2 + 2 files changed, 175 insertions(+) create mode 100644 server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java new file mode 100644 index 0000000000..85a06297a5 --- /dev/null +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java @@ -0,0 +1,173 @@ +package org.openintegrationengine.tlsmanager.server; + +import com.mirth.connect.donkey.server.channel.DestinationConnector; +import com.mirth.connect.server.controllers.ConfigurationController; +import com.mirth.connect.util.ConnectionTestResponse; +import com.mirth.connect.util.MirthSSLUtil; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.MockedStatic; +import org.mockito.junit.jupiter.MockitoExtension; +import org.openintegrationengine.tlsmanager.server.backend.SystemTrustStoreBackend; +import org.openintegrationengine.tlsmanager.server.util.ConnectionUtils; +import org.openintegrationengine.tlsmanager.server.util.MockConfigurationController; +import org.openintegrationengine.tlsmanager.server.util.MockDestinationConnector; +import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; +import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; +import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; + +import javax.net.ssl.SSLHandshakeException; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.util.Collections; +import java.util.Set; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyBoolean; +import static org.mockito.ArgumentMatchers.anySet; +import static org.mockito.ArgumentMatchers.isA; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.mockStatic; +import static org.mockito.Mockito.when; +import static org.openintegrationengine.tlsmanager.server.util.Statics.cipherSuites; +import static org.openintegrationengine.tlsmanager.server.util.Statics.protocols; + +@ExtendWith(MockitoExtension.class) +public class HttpSenderTest { + + private ConfigurationController configurationController; + private CertificateService certificateService; + + private DestinationConnector connector; + + private MockedStatic mirthSSLUtil; + + private static KeyStore systemTruststore; + + @BeforeAll + static void beforeAll() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { + var trustStoreBackend = new SystemTrustStoreBackend(); + + systemTruststore = KeyStore.getInstance(TLSPluginConstants.PKCS12); + try (var bais = new ByteArrayInputStream(trustStoreBackend.load())) { + systemTruststore.load(bais, trustStoreBackend.loadPassword()); + } + } + + @BeforeEach + void beforeEach() { + // Nasty + mirthSSLUtil = mockStatic(MirthSSLUtil.class); + mirthSSLUtil + .when(MirthSSLUtil::getSupportedHttpsProtocols) + .thenReturn(protocols()); + mirthSSLUtil + .when(MirthSSLUtil::getSupportedHttpsCipherSuites) + .thenReturn(cipherSuites()); + mirthSSLUtil + .when(() -> MirthSSLUtil.getEnabledHttpsProtocols(any())) + .thenReturn(protocols()); + mirthSSLUtil + .when(() -> MirthSSLUtil.getEnabledHttpsCipherSuites(any())) + .thenReturn(cipherSuites()); + + configurationController = mock(MockConfigurationController.class); + connector = new MockDestinationConnector(); + + certificateService = mock(CertificateService.class); + } + + @AfterEach + public void tearDown() { + mirthSSLUtil.close(); + } + + @Test + void test_OSP_T13_untrustedConfiguredCertificate() { + var tlsProperties = new TLSConnectorProperties( + true, + false, + RevocationMode.HARD_FAIL, + RevocationMode.HARD_FAIL, + false, + Set.of("server2"), + true, + Collections.emptySet(), + true, + Collections.emptySet(), + false, + null + ); + + when( + certificateService.getTrustStoreFromProperties(anyBoolean(), anySet(), isA(MockDestinationConnector.class)) + ).thenReturn( + systemTruststore + ); + + var socketFactoryService = new SocketFactoryService(configurationController, certificateService); + var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, tlsProperties); + + var exception = assertThrows(SSLHandshakeException.class, () -> ConnectionUtils.thing( + socketFactory, + "https://valid.crl.caddy:9443", + 1_000, + null, + 0 + )); + + assertEquals( + "Validation error: Path does not chain with any of the trust anchors", + exception.getMessage() + ); + } + + @Test + void test_OSP_T14_systemTruststore() throws Exception { + var tlsProperties = new TLSConnectorProperties( + true, + false, + RevocationMode.HARD_FAIL, + RevocationMode.HARD_FAIL, + true, + Collections.emptySet(), + true, + Collections.emptySet(), + true, + Collections.emptySet(), + false, + null + ); + + when( + certificateService.getTrustStoreFromProperties(anyBoolean(), anySet(), isA(MockDestinationConnector.class)) + ).thenReturn( + systemTruststore + ); + + var socketFactoryService = new SocketFactoryService(configurationController, certificateService); + var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, tlsProperties); + + var result = ConnectionUtils.thing( + socketFactory, + "https://bbc.co.uk", + 1_000, + null, + 0 + ); + + assertEquals( + ConnectionTestResponse.Type.SUCCESS, + result.getType() + ); + } +} diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java index 0926b14a9e..eaddb60dbf 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java @@ -17,6 +17,7 @@ package org.openintegrationengine.tlsmanager.shared.properties; import com.mirth.connect.donkey.model.channel.ConnectorPluginProperties; +import lombok.AllArgsConstructor; import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.Setter; @@ -30,6 +31,7 @@ @Getter @Setter @EqualsAndHashCode(callSuper = false) +@AllArgsConstructor public class TLSConnectorProperties extends ConnectorPluginProperties { private boolean isTlsManagerEnabled; From 75cae2b355284e46212934690bbd49938ecee8df Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 8 Oct 2025 17:57:49 +0300 Subject: [PATCH 096/360] Add parameterized test capability and controllable logging --- pom.xml | 7 +++++++ server/src/test/resources/logback-test.xml | 13 +++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 server/src/test/resources/logback-test.xml diff --git a/pom.xml b/pom.xml index 472914487c..24476486d3 100644 --- a/pom.xml +++ b/pom.xml @@ -113,6 +113,13 @@ test + + org.junit.jupiter + junit-jupiter-params + ${junit.version} + test + + org.mockito mockito-core diff --git a/server/src/test/resources/logback-test.xml b/server/src/test/resources/logback-test.xml new file mode 100644 index 0000000000..1a6e593c0a --- /dev/null +++ b/server/src/test/resources/logback-test.xml @@ -0,0 +1,13 @@ + + + + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger - %msg%n + + + + + + + From cb7b2d7a35dd49db89521a3b7eeaee261cc5ba15 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 8 Oct 2025 18:02:07 +0300 Subject: [PATCH 097/360] Rename testConnection function --- .../tlsmanager/server/CertificateService.java | 2 +- .../tlsmanager/server/util/ConnectionUtils.java | 6 +++--- .../tlsmanager/server/HttpSenderTest.java | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 5d1da03224..81db7e610a 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -253,7 +253,7 @@ public ConnectionTestResponse testConnection( var socketFactoryService = TLSServicePlugin.getPluginInstance().getSocketFactoryService(); var socketFactory = socketFactoryService.getConnectorSocketFactory(null, properties); - var result = ConnectionUtils.thing( + var result = ConnectionUtils.testConnection( socketFactory, url.toString(), TEST_CONNECTION_TIMEOUT, diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java index 23e75bd03a..2008bdb6b2 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java @@ -18,14 +18,14 @@ public class ConnectionUtils { private static SchemePortResolver defaultSchemePortResolver = new DefaultSchemePortResolver(); - public static ConnectionTestResponse thing( + public static ConnectionTestResponse testConnection( SSLConnectionSocketFactory socketFactory, String host, int timeout, String localAddr, int localPort ) throws IOException { - return thing( + return testConnection( socketFactory, null, host, @@ -35,7 +35,7 @@ public static ConnectionTestResponse thing( ); } - public static ConnectionTestResponse thing( + public static ConnectionTestResponse testConnection( SSLConnectionSocketFactory socketFactory, Socket socket, String host, diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java index 85a06297a5..12cb37a840 100644 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java @@ -117,7 +117,7 @@ void test_OSP_T13_untrustedConfiguredCertificate() { var socketFactoryService = new SocketFactoryService(configurationController, certificateService); var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, tlsProperties); - var exception = assertThrows(SSLHandshakeException.class, () -> ConnectionUtils.thing( + var exception = assertThrows(SSLHandshakeException.class, () -> ConnectionUtils.testConnection( socketFactory, "https://valid.crl.caddy:9443", 1_000, @@ -157,7 +157,7 @@ void test_OSP_T14_systemTruststore() throws Exception { var socketFactoryService = new SocketFactoryService(configurationController, certificateService); var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, tlsProperties); - var result = ConnectionUtils.thing( + var result = ConnectionUtils.testConnection( socketFactory, "https://bbc.co.uk", 1_000, From 4ebf94f75687991ec7bb6a65e103ceb6cfcbfb10 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Thu, 9 Oct 2025 15:41:19 +0300 Subject: [PATCH 098/360] Rename public cert accession functions --- .../HTTPSenderConnectorPropertiesPanel.java | 18 +++++++++--------- .../tlsmanager/server/CertificateService.java | 2 +- .../tlsmanager/server/servlets/TLSServlet.java | 4 ++-- .../shared/servlet/TLSServletInterface.java | 7 +++---- 4 files changed, 15 insertions(+), 16 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index 12f03cce67..55492442b9 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -85,11 +85,11 @@ public class HTTPSenderConnectorPropertiesPanel extends AbstractConnectorPropert private JLabel ciphersText; private TLSConnectorProperties properties; - private Set importedAliases; + private Set publicCertificates; public HTTPSenderConnectorPropertiesPanel() { this.properties = new TLSConnectorProperties(); - this.importedAliases = new HashSet<>(); + this.publicCertificates = new HashSet<>(); initComponents(); initLayout(); @@ -184,7 +184,7 @@ private void initComponents() { new ItemPickerDialog( PlatformUI.MIRTH_FRAME, "Certificate Picker", - importedAliases, + publicCertificates, properties.getTrustedServerCertificates(), properties.isTrustSystemTruststore(), "[JVM Truststore]", @@ -422,27 +422,27 @@ private void redrawState() { } private void fetchData() { - final var workingId = PlatformUI.MIRTH_FRAME.startWorking("Fetching imported certificates..."); + final var workingId = PlatformUI.MIRTH_FRAME.startWorking("Fetching certificates..."); - var worker = new SwingWorker() { + var publicCertWorker = new SwingWorker() { private Set aliasSet; public Void doInBackground() { try { - aliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getImportedCertificates(); + aliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getPublicCertificates(); } catch (Exception e) { - PlatformUI.MIRTH_FRAME.alertThrowable(PlatformUI.MIRTH_FRAME, e, "Fetching imported certificates failed"); + PlatformUI.MIRTH_FRAME.alertThrowable(PlatformUI.MIRTH_FRAME, e, "Fetching imported public certificates failed"); } return null; } public void done() { - importedAliases = aliasSet; + publicCertificates = aliasSet; PlatformUI.MIRTH_FRAME.stopWorking(workingId); } }; - worker.execute(); + publicCertWorker.execute(); } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 81db7e610a..b6f03c721d 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -218,7 +218,7 @@ public void storeExtraTrustStore(byte[] keystoreBytes, char[] password) { } } - public Set getLoadedAliases() { + public Set getPublicCertificates() { try { return new HashSet<>(Collections.list(externalTrustStore.aliases())); } catch (KeyStoreException e) { diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index bd669ab2b3..a511f1a2ff 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -67,8 +67,8 @@ public TLSServlet( } @Override - public Set getImportedCertificates() { - return certificateService.getLoadedAliases(); + public Set getPublicCertificates() { + return certificateService.getPublicCertificates(); } @Override diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java index 6066348688..8a5d2088e2 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java @@ -39,7 +39,6 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; import java.io.InputStream; -import java.util.List; import java.util.Set; import static javax.ws.rs.core.MediaType.APPLICATION_JSON; @@ -58,15 +57,15 @@ public interface TLSServletInterface extends BaseServletInterface, HttpConnector @Produces({ APPLICATION_XML, APPLICATION_JSON }) @ApiResponse(responseCode = "200", description = "Found the information", content = { - @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = List.class)), - @Content(mediaType = APPLICATION_XML, schema = @Schema(implementation = List.class)) + @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = Set.class)), + @Content(mediaType = APPLICATION_XML, schema = @Schema(implementation = Set.class)) }) @MirthOperation( name = "getImportedCertificates", display = "Get list of imported certificates", type = Operation.ExecuteType.ASYNC ) - Set getImportedCertificates(); + Set getPublicCertificates(); @GET @Path("/keystore") From 1106af4bb18aa606850dda869705857f70641d38 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Thu, 9 Oct 2025 15:47:22 +0300 Subject: [PATCH 099/360] Misc prettying --- .../client/dialog/ItemPickerDialog.java | 65 ++++++++++--------- .../HTTPSenderConnectorPropertiesPanel.java | 12 ++-- .../tlsmanager/shared/Pair.java | 5 ++ 3 files changed, 46 insertions(+), 36 deletions(-) create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/Pair.java diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java index 715327fc7b..0dfb2a1885 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java @@ -25,6 +25,7 @@ import net.miginfocom.swing.MigLayout; import org.apache.commons.lang3.StringUtils; import org.jdesktop.swingx.decorator.HighlighterFactory; +import org.openintegrationengine.tlsmanager.shared.Pair; import javax.swing.BorderFactory; import javax.swing.DefaultCellEditor; @@ -52,7 +53,8 @@ import java.awt.event.MouseEvent; import java.util.Comparator; import java.util.EventObject; -import java.util.HashSet; +import java.util.LinkedHashSet; +import java.util.LinkedList; import java.util.Objects; import java.util.Set; import java.util.function.BiConsumer; @@ -74,9 +76,8 @@ public class ItemPickerDialog extends MirthDialog { private JButton okButton; private JButton cancelButton; - private static final int CERTIFICATES_SELECTED_COLUMN = 0; - private static final int CERTIFICATES_NAME_COLUMN = 1; - private static final int CERTIFICATES_ID_COLUMN = 2; + private static final int SELECTED_COLUMN = 0; + private static final int NAME_COLUMN = 1; private final Set allOptions; private Set selectedOptions; @@ -122,7 +123,7 @@ private void initComponents() { 1, 1, 1, 1, new Color(204, 204, 204) ), - "Destination TLS settings", + "TLS settings", TitledBorder.DEFAULT_JUSTIFICATION, TitledBorder.DEFAULT_POSITION, new Font("Tahoma", Font.BOLD, 11) @@ -159,9 +160,7 @@ private void filterChanged() { @Override public void mouseReleased(MouseEvent evt) { if (evt.getComponent().isEnabled()) { - for (int row = 0; row < certificateTable.getRowCount(); row++) { - certificateTable.setValueAt(MirthTriStateCheckBox.CHECKED, row, CERTIFICATES_SELECTED_COLUMN); - } + setAllSelected(true); } } }); @@ -175,9 +174,7 @@ public void mouseReleased(MouseEvent evt) { @Override public void mouseReleased(MouseEvent evt) { if (evt.getComponent().isEnabled()) { - for (int row = 0; row < certificateTable.getRowCount(); row++) { - certificateTable.setValueAt(MirthTriStateCheckBox.UNCHECKED, row, CERTIFICATES_SELECTED_COLUMN); - } + setAllSelected(false); } } }); @@ -186,7 +183,7 @@ public void mouseReleased(MouseEvent evt) { certificateTable.setModel(new RefreshTableModel(new String[] { "", "Alias" }, 0) { @Override public boolean isCellEditable(int row, int column) { - return column == CERTIFICATES_SELECTED_COLUMN; + return column == SELECTED_COLUMN; } }); certificateTable.setDragEnabled(false); @@ -225,10 +222,10 @@ public boolean include(RowFilter.Entry rowSorter.setRowFilter(rowFilter); certificateTable.setRowFilter(rowFilter); - certificateTable.getColumnExt(CERTIFICATES_SELECTED_COLUMN).setMinWidth(20); - certificateTable.getColumnExt(CERTIFICATES_SELECTED_COLUMN).setMaxWidth(20); - certificateTable.getColumn(CERTIFICATES_SELECTED_COLUMN).setCellEditor(new TagSelectionCellEditor()); - certificateTable.getColumn(CERTIFICATES_SELECTED_COLUMN).setCellRenderer(new TagSelectionCellRenderer()); + certificateTable.getColumnExt(SELECTED_COLUMN).setMinWidth(20); + certificateTable.getColumnExt(SELECTED_COLUMN).setMaxWidth(20); + certificateTable.getColumn(SELECTED_COLUMN).setCellEditor(new TagSelectionCellEditor()); + certificateTable.getColumn(SELECTED_COLUMN).setCellRenderer(new TagSelectionCellRenderer()); certificateScrollPane = new JScrollPane(certificateTable); @@ -265,32 +262,40 @@ private void initLayout() { private void setProperties() { - var data = new Object[allOptions.size() + 1][2]; + // Convert to list to get by-index accession + var linkedOptionsList = new LinkedList>(); + if (defaultValue != null) { + linkedOptionsList.add(new Pair<>(defaultValue, isDefaultSelected ? MirthTriStateCheckBox.CHECKED : MirthTriStateCheckBox.UNCHECKED)); + } + + allOptions + .stream() + .sorted() + .map(alias -> new Pair<>(alias, selectedOptions.contains(alias) ? MirthTriStateCheckBox.CHECKED : MirthTriStateCheckBox.UNCHECKED)) + .forEachOrdered(linkedOptionsList::add); - // 0 is CHECKED and 1 is UNCHECKED - data[0][CERTIFICATES_SELECTED_COLUMN] = isDefaultSelected ? 0 : 1; - data[0][CERTIFICATES_NAME_COLUMN] = defaultValue; + var data = new Object[linkedOptionsList.size()][2]; - int i = 1; - for (String item : allOptions) { - data[i][CERTIFICATES_SELECTED_COLUMN] = selectedOptions.contains(item) ? 0 : 1; - data[i][CERTIFICATES_NAME_COLUMN] = item; - i++; + for (int i = 0; i < linkedOptionsList.size(); i++) { + var option = linkedOptionsList.get(i); + data[i][SELECTED_COLUMN] = option.b(); + data[i][NAME_COLUMN] = option.a(); } + ((RefreshTableModel) certificateTable.getModel()).refreshDataVector(data); } private void processTableState() { - var localSelectedOptions = new HashSet(); + var localSelectedOptions = new LinkedHashSet(); for (int row = 0; row < certificateTable.getModel().getRowCount(); row++) { - var state = (int) certificateTable.getModel().getValueAt(row, CERTIFICATES_SELECTED_COLUMN); - var certificateAlias = (String) certificateTable.getModel().getValueAt(row, CERTIFICATES_NAME_COLUMN); + var state = (int) certificateTable.getModel().getValueAt(row, SELECTED_COLUMN); + var certificateAlias = (String) certificateTable.getModel().getValueAt(row, NAME_COLUMN); if (certificateAlias.equals(defaultValue)) { // State 0 is CHECKED - isDefaultSelected = state == 0; - } else if (state == 0) { + isDefaultSelected = state == MirthTriStateCheckBox.CHECKED; + } else if (state == MirthTriStateCheckBox.CHECKED) { localSelectedOptions.add(certificateAlias); } } diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index 55492442b9..cdba906fa9 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -146,13 +146,13 @@ private void initComponents() { managerEnabledRadioYes = new MirthRadioButton(); managerEnabledRadioYes.setText("Yes"); - managerEnabledRadioYes.setBackground(new Color(255, 255, 255)); + managerEnabledRadioYes.setBackground(Color.white); managerEnabledRadioYes.addActionListener(e -> handleManagerEnabledButton(true)); managerEnabledButtonGroup.add(managerEnabledRadioYes); managerEnabledRadioNo = new MirthRadioButton(); managerEnabledRadioNo.setText("No"); - managerEnabledRadioNo.setBackground(new Color(255, 255, 255)); + managerEnabledRadioNo.setBackground(Color.white); managerEnabledRadioNo.addActionListener(e -> handleManagerEnabledButton(false)); managerEnabledButtonGroup.add(managerEnabledRadioNo); @@ -160,13 +160,13 @@ private void initComponents() { var serverCertificateValidationButtonGroup = new ButtonGroup(); serverCertificateValidationRadioYes = new MirthRadioButton(); - serverCertificateValidationRadioYes.setBackground(new Color(255, 255, 255)); + serverCertificateValidationRadioYes.setBackground(Color.white); serverCertificateValidationRadioYes.setText("Enabled"); serverCertificateValidationRadioYes.addActionListener(e -> properties.setServerCertificateValidationEnabled(true)); serverCertificateValidationButtonGroup.add(serverCertificateValidationRadioYes); serverCertificateValidationRadioNo = new MirthRadioButton(); - serverCertificateValidationRadioNo.setBackground(new Color(255, 255, 255)); + serverCertificateValidationRadioNo.setBackground(Color.white); serverCertificateValidationRadioNo.setText("Disabled"); serverCertificateValidationRadioNo.addActionListener(e -> properties.setServerCertificateValidationEnabled(false)); serverCertificateValidationButtonGroup.add(serverCertificateValidationRadioNo); @@ -198,13 +198,13 @@ private void initComponents() { var hostnameValidationButtonGroup = new ButtonGroup(); hostnameValidationRadioYes = new MirthRadioButton(); - hostnameValidationRadioYes.setBackground(new Color(255, 255, 255)); + hostnameValidationRadioYes.setBackground(Color.white); hostnameValidationRadioYes.setText("Enabled"); hostnameValidationRadioYes.addActionListener(e -> properties.setHostnameVerificationEnabled(true)); hostnameValidationButtonGroup.add(hostnameValidationRadioYes); hostnameValidationRadioNo = new MirthRadioButton(); - hostnameValidationRadioNo.setBackground(new Color(255, 255, 255)); + hostnameValidationRadioNo.setBackground(Color.white); hostnameValidationRadioNo.setText("Disabled"); hostnameValidationRadioNo.addActionListener(e -> properties.setHostnameVerificationEnabled(false)); hostnameValidationButtonGroup.add(hostnameValidationRadioNo); diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/Pair.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/Pair.java new file mode 100644 index 0000000000..ca4838b198 --- /dev/null +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/Pair.java @@ -0,0 +1,5 @@ +package org.openintegrationengine.tlsmanager.shared; + +public record Pair ( + A a, B b +) {} From 65392dc63de9576e354808ebffae208e9eecaaac Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Thu, 9 Oct 2025 15:50:11 +0300 Subject: [PATCH 100/360] Add client certificate selection capability --- .../HTTPSenderConnectorPropertiesPanel.java | 26 +++++++++++++++++-- .../tlsmanager/server/CertificateService.java | 9 +++++++ .../server/servlets/TLSServlet.java | 5 ++++ .../shared/servlet/TLSServletInterface.java | 15 +++++++++++ 4 files changed, 53 insertions(+), 2 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index cdba906fa9..0eb4bf3572 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -86,10 +86,12 @@ public class HTTPSenderConnectorPropertiesPanel extends AbstractConnectorPropert private TLSConnectorProperties properties; private Set publicCertificates; + private Set clientCertificates; public HTTPSenderConnectorPropertiesPanel() { this.properties = new TLSConnectorProperties(); this.publicCertificates = new HashSet<>(); + this.clientCertificates = new HashSet<>(); initComponents(); initLayout(); @@ -230,8 +232,28 @@ private void initComponents() { clientCertLabel = new JLabel("Client Certificate:"); clientCertButton = new JButton(wrenchIcon); - clientCertButton.addActionListener(e -> System.out.println("client button")); - clientCertText = new JLabel("myclientcert"); + clientCertButton.addActionListener(e -> { + BiConsumer> completionConsumer = (unused, selectedCertificate) -> { + var selectedAlias = selectedCertificate.stream().findFirst().orElse(null); + properties.setClientCertificateAlias(selectedAlias); + + redrawState(); + PlatformUI.MIRTH_FRAME.setSaveEnabled(true); + }; + + Set currentCerts = properties.getClientCertificateAlias() == null ? Collections.emptySet() : Set.of(properties.getClientCertificateAlias()); + + new ItemPickerDialog( + PlatformUI.MIRTH_FRAME, + "Client Certificate Picker", + clientCertificates, + currentCerts, + false, + null, + completionConsumer + ); + }); + clientCertText = new JLabel(""); protocolsLabel = new JLabel("Enabled Protocols:"); protocolsButton = new JButton(wrenchIcon); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index b6f03c721d..06931137ac 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -227,6 +227,15 @@ public Set getPublicCertificates() { } } + public Set getClientCertificates() { + try { + return new HashSet<>(Collections.list(externalKeyStore.aliases())); + } catch (KeyStoreException e) { + log.error("Error reading alias list from loaded keystore", e); + throw new RuntimeException(e); + } + } + public ConnectionTestResponse testConnection( String channelId, String channelName, diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index a511f1a2ff..31fdbf50e0 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -71,6 +71,11 @@ public Set getPublicCertificates() { return certificateService.getPublicCertificates(); } + @Override + public Set getClientCertificates() { + return certificateService.getClientCertificates(); + } + @Override public byte[] getKeystore() { var keystore = certificateService.getExternalTrustStore(); diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java index 8a5d2088e2..f638114a2f 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java @@ -67,6 +67,21 @@ public interface TLSServletInterface extends BaseServletInterface, HttpConnector ) Set getPublicCertificates(); + @GET + @Path("/clientcertificates") + @Produces({ APPLICATION_XML, APPLICATION_JSON }) + @ApiResponse(responseCode = "200", description = "Found the information", + content = { + @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = Set.class)), + @Content(mediaType = APPLICATION_XML, schema = @Schema(implementation = Set.class)) + }) + @MirthOperation( + name = "getClientCertificates", + display = "Get list of client certificates", + type = Operation.ExecuteType.ASYNC + ) + Set getClientCertificates(); + @GET @Path("/keystore") @Produces({ APPLICATION_OCTET_STREAM }) From 8ee53af31e772ccea14231bc0d77e6ecae1aba6f Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Thu, 9 Oct 2025 15:58:56 +0300 Subject: [PATCH 101/360] Add client cert fetching worker --- .../HTTPSenderConnectorPropertiesPanel.java | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index 0eb4bf3572..7158cb05bd 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -465,6 +465,26 @@ public void done() { } }; + var clientCertWorker = new SwingWorker() { + private Set aliasSet; + + public Void doInBackground() { + try { + aliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getClientCertificates(); + } catch (Exception e) { + PlatformUI.MIRTH_FRAME.alertThrowable(PlatformUI.MIRTH_FRAME, e, "Fetching imported clint certificates failed"); + } + + return null; + } + + public void done() { + clientCertificates = aliasSet; + PlatformUI.MIRTH_FRAME.stopWorking(workingId); + } + }; + publicCertWorker.execute(); + clientCertWorker.execute(); } } From 00c6d9785cf257dea99489913104bd414699554e Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Thu, 9 Oct 2025 15:59:57 +0300 Subject: [PATCH 102/360] Committing the setAllSelected function --- .../tlsmanager/client/dialog/ItemPickerDialog.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java index 0dfb2a1885..4d14877bc9 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java @@ -360,4 +360,13 @@ public Component getTableCellRendererComponent(JTable table, Object value, boole return panel; } } + private void setAllSelected(boolean isSelected) { + for (int row = 0; row < certificateTable.getRowCount(); row++) { + certificateTable.setValueAt( + isSelected ? MirthTriStateCheckBox.CHECKED : MirthTriStateCheckBox.UNCHECKED, + row, + SELECTED_COLUMN + ); + } + } } From 18435199701722de58f5965dc73394fbf926541a Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Thu, 9 Oct 2025 16:02:43 +0300 Subject: [PATCH 103/360] Delete unnecessary test class --- .../tlsmanager/server/MiscTests.java | 175 ------------------ 1 file changed, 175 deletions(-) delete mode 100644 server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java deleted file mode 100644 index 64b5dbfc6b..0000000000 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/MiscTests.java +++ /dev/null @@ -1,175 +0,0 @@ -package org.openintegrationengine.tlsmanager.server; - -import com.mirth.connect.connectors.http.HttpDispatcher; -import com.mirth.connect.donkey.server.channel.DestinationConnector; -import com.mirth.connect.server.controllers.ConfigurationController; -import com.mirth.connect.util.MirthSSLUtil; -import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.MockedStatic; -import org.mockito.junit.jupiter.MockitoExtension; -import org.openintegrationengine.tlsmanager.server.backend.FileTrustStoreBackend; -import org.openintegrationengine.tlsmanager.server.backend.SystemTrustStoreBackend; -import org.openintegrationengine.tlsmanager.server.misc.IntegrationTest; -import org.openintegrationengine.tlsmanager.server.misc.UnitTest; -import org.openintegrationengine.tlsmanager.server.util.ConnectionUtils; -import org.openintegrationengine.tlsmanager.server.util.MockConfigurationController; -import org.openintegrationengine.tlsmanager.server.util.MockDestinationConnector; -import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; -import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; -import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; - -import javax.net.ssl.SSLHandshakeException; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertPathValidatorException; -import java.security.cert.CertificateException; - -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.mockito.ArgumentMatchers.anyBoolean; -import static org.mockito.ArgumentMatchers.anySet; -import static org.mockito.ArgumentMatchers.isA; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.mockStatic; -import static org.mockito.Mockito.when; -import static org.openintegrationengine.tlsmanager.server.util.Statics.cipherSuites; -import static org.openintegrationengine.tlsmanager.server.util.Statics.protocols; - -@ExtendWith(MockitoExtension.class) -public class MiscTests { - - private ConfigurationController configurationController; - private CertificateService certificateService; - - private MockedStatic mirthSSLUtil; - - @BeforeEach - void setup() { - // Nasty - mirthSSLUtil = mockStatic(MirthSSLUtil.class); - mirthSSLUtil - .when(MirthSSLUtil::getSupportedHttpsProtocols) - .thenReturn(protocols()); - mirthSSLUtil - .when(MirthSSLUtil::getSupportedHttpsCipherSuites) - .thenReturn(cipherSuites()); - - - configurationController = mock(MockConfigurationController.class); - when(configurationController.getHttpsServerProtocols()).thenReturn(protocols()); - when(configurationController.getHttpsCipherSuites()).thenReturn(cipherSuites()); - } - - @AfterEach - public void tearDown() { - mirthSSLUtil.close(); - } - - @IntegrationTest - public void asi() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException { - var connector = new MockDestinationConnector(); - - var trustStoreBackend = new FileTrustStoreBackend( - "/path/to/truststore.p12", // TODO Commit a known-good truststore - "changeit" - ); - var trustStore = KeyStore.getInstance(TLSPluginConstants.PKCS12); - - try (var bais = new ByteArrayInputStream(trustStoreBackend.load())) { - trustStore.load(bais, trustStoreBackend.loadPassword()); - } - - certificateService = mock(CertificateService.class); - - when( - certificateService.getTrustStoreFromProperties(anyBoolean(), anySet(), isA(MockDestinationConnector.class)) - ).thenReturn( - trustStore - ); - - var socketFactoryService = new SocketFactoryService( - configurationController, - certificateService - ); - - var connectorProperties = new TLSConnectorProperties(); - connectorProperties.setCrlMode(RevocationMode.DISABLED); - connectorProperties.setOcspMode(RevocationMode.DISABLED); - - var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, connectorProperties); - - var exception = assertThrows(SSLHandshakeException.class, () -> ConnectionUtils.thing( - socketFactory, - "valid.crl.caddy:9443", - 1_000, - null, - 0 - )); - - assertEquals( - CertPathValidatorException.class, - exception.getCause().getCause().getClass() - ); - } - - @UnitTest - public void test_SSLHandShakeException() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException { - - var connector = new MockDestinationConnector(); - - var trustStoreBackend = new SystemTrustStoreBackend(); - var trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); - - try (var bais = new ByteArrayInputStream(trustStoreBackend.load())) { - trustStore.load(bais, trustStoreBackend.loadPassword()); - } - - certificateService = mock(CertificateService.class); - - when( - certificateService.getTrustStoreFromProperties(anyBoolean(), anySet(), isA(DestinationConnector.class)) - ).thenReturn( - trustStore - ); - - var socketFactoryService = new SocketFactoryService( - configurationController, - certificateService - ); - - var connectorProperties = new TLSConnectorProperties(); - - var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, connectorProperties); - - var exception = assertThrows(SSLHandshakeException.class, () -> { - var connectionResult = ConnectionUtils.thing( - socketFactory, - "valid.crl.caddy:9443", - 2_000, - null, - 0 - ); - }); - } - - private static String[] protocols() { - return new String[] { - "TLSv1.3", "TLSv1.2", "SSLv2Hello" - }; - } - - private static String[] cipherSuites() { - return new String[] { - "TLS_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256", - "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_256_GCM_SHA384", - "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384", - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", - "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256", "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" - }; - } -} From 9897753ca0191bc2a1ccb13fcf967d879d05cfa6 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 10 Oct 2025 14:16:43 +0300 Subject: [PATCH 104/360] Add TLS settings panel to TCP Sender --- .../tlsmanager/client/TLSConnectorPropertiesPlugin.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java index 0e81cbd871..fbe42fe11a 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java @@ -24,6 +24,7 @@ import org.openintegrationengine.tlsmanager.shared.SerializationController; import java.util.List; +import java.util.Set; @MirthClientClass public class TLSConnectorPropertiesPlugin extends ConnectorPropertiesPlugin { @@ -52,7 +53,9 @@ public AbstractConnectorPropertiesPanel getConnectorPropertiesPanel() { @Override public boolean isSupported(String transportName) { - return transportName.equals("HTTP Sender"); + return Set + .of("HTTP Sender", "TCP Sender") + .contains(transportName); } @Override From 8c1347349fadeea5b028f1f127e3d53b75a1a5c2 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 10 Oct 2025 15:20:01 +0300 Subject: [PATCH 105/360] Add initial TLS to client-mode TCP Sender --- .../connectorconfig/TLSTcpConfiguration.java | 49 ++++++++++++ .../server/io/StateAwareTLSSocket.java | 74 +++++++++++++++++++ 2 files changed, 123 insertions(+) create mode 100644 server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java index 5e913d2beb..2ef13efab6 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java @@ -1,6 +1,55 @@ package org.openintegrationengine.tlsmanager.server.connectorconfig; import com.mirth.connect.connectors.tcp.DefaultTcpConfiguration; +import com.mirth.connect.connectors.tcp.StateAwareSocket; +import com.mirth.connect.connectors.tcp.TcpDispatcher; +import com.mirth.connect.donkey.server.channel.Connector; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.openintegrationengine.tlsmanager.server.SocketFactoryService; +import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; +import org.openintegrationengine.tlsmanager.server.io.StateAwareTLSSocket; +import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; + +import java.net.Socket; public class TLSTcpConfiguration extends DefaultTcpConfiguration { + + private final SocketFactoryService socketFactoryService; + + private TLSConnectorProperties tlsConnectorProperties; + + private SSLConnectionSocketFactory socketFactory; + + public TLSTcpConfiguration() { + this(TLSServicePlugin.getPluginInstance().getSocketFactoryService()); + } + + public TLSTcpConfiguration(SocketFactoryService socketFactoryService) { + this.socketFactoryService = socketFactoryService; + } + + @Override + public void configureConnectorDeploy(Connector connector) throws Exception { + var tcpDispatcher = (TcpDispatcher) connector; + + this.tlsConnectorProperties = tcpDispatcher.getConnectorProperties().getPluginProperties() + .stream() + .filter(TLSConnectorProperties.class::isInstance) + .findFirst() + .map(TLSConnectorProperties.class::cast) + .orElse(null); + + if (tlsConnectorProperties != null && tlsConnectorProperties.isTlsManagerEnabled()) { + socketFactory = socketFactoryService.getConnectorSocketFactory(tcpDispatcher, tlsConnectorProperties); + } + } + + @Override + public Socket createSocket() { + if (tlsConnectorProperties == null || !tlsConnectorProperties.isTlsManagerEnabled()) { + return new StateAwareSocket(); + } else { + return new StateAwareTLSSocket(socketFactory); + } + } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java new file mode 100644 index 0000000000..929f7ac9ff --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java @@ -0,0 +1,74 @@ +package org.openintegrationengine.tlsmanager.server.io; + +import com.mirth.connect.connectors.tcp.StateAwareSocket; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.InetSocketAddress; +import java.net.Socket; +import java.net.SocketAddress; + +public class StateAwareTLSSocket extends StateAwareSocket { + + private final SSLConnectionSocketFactory socketFactory; + + private Socket sslSocket; + + public StateAwareTLSSocket(SSLConnectionSocketFactory socketFactory) { + this.socketFactory = socketFactory; + } + + @Override + public void connect(SocketAddress endpoint) throws IOException { + this.connect(endpoint, 0); + } + + @Override + public void connect(SocketAddress endpoint, int timeout) throws IOException { + // Step 1: Perform the plain TCP connection first + super.connect(endpoint, timeout); + + // Step 2: Layer TLS on top using createLayeredSocket + if (endpoint instanceof InetSocketAddress inet) { + String host = inet.getHostString(); + int port = inet.getPort(); + + // createLayeredSocket() will internally call SSLSocketFactory.createSocket() + this.sslSocket = socketFactory.createLayeredSocket(this, host, port, null); + } else { + throw new IOException("Expected InetSocketAddress for TLS connection"); + } + } + + @Override + public InputStream getInputStream() throws IOException { + if (sslSocket != null) { + return sslSocket.getInputStream(); + } + return super.getInputStream(); + } + + @Override + public OutputStream getOutputStream() throws IOException { + if (sslSocket != null) { + return sslSocket.getOutputStream(); + } + return super.getOutputStream(); + } + + @Override + public void close() throws IOException { + if (sslSocket != null) { + sslSocket.close(); + } else { + super.close(); + } + } + + @Override + public boolean remoteSideHasClosed() throws IOException { + return super.remoteSideHasClosed(); + } +} From 0674cb2132f43327980fb501b74cdb947c8fc254 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 13 Oct 2025 15:53:34 +0300 Subject: [PATCH 106/360] Simplify socket factory configuration in TLSHttpConfiguration --- .../connectorconfig/TLSHttpConfiguration.java | 33 +++++++------------ 1 file changed, 12 insertions(+), 21 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java index 069494647d..88c7a6d584 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java @@ -113,35 +113,26 @@ public void configureReceiver(HttpReceiver connector) throws Exception { } private void configureSocketFactory(HttpDispatcher connector) { - var oTlsPluginProperties = connector.getConnectorProperties().getPluginProperties() + var tlsConnectorProperties = connector.getConnectorProperties().getPluginProperties() .stream() .filter(TLSConnectorProperties.class::isInstance) - .findFirst(); - - // TODO Fix repetition - if (oTlsPluginProperties.isEmpty()) { - try { - super.configureSocketFactoryRegistry(null, connector.getSocketFactoryRegistry()); - } catch (Exception e) { - throw new RuntimeException(e); + .findFirst() + .map(TLSConnectorProperties.class::cast) + .orElse(null); + + if (tlsConnectorProperties != null && tlsConnectorProperties.isTlsManagerEnabled()) { + var sslSocketFactory = socketFactoryService.getConnectorSocketFactory(connector, tlsConnectorProperties); + if (sslSocketFactory != null) { + // FIXME + connector.getSocketFactoryRegistry().register("https", sslSocketFactory); } - return; - } - - var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); - if (!properties.isTlsManagerEnabled()) { + } else { try { super.configureSocketFactoryRegistry(null, connector.getSocketFactoryRegistry()); } catch (Exception e) { + log.error("Error creating non-TLS socket factory", e); throw new RuntimeException(e); } - return; - } - - var sslSocketFactory = socketFactoryService.getConnectorSocketFactory(connector, properties); - if (sslSocketFactory != null) { - // FIXME - connector.getSocketFactoryRegistry().register("https", sslSocketFactory); } } } From d8c1931b51d3806b91c6afe4bb35944494f046f4 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Mon, 13 Oct 2025 15:57:47 +0300 Subject: [PATCH 107/360] Implement Edit Alias functionality: Add EditAliasDialog component for updating certificate aliases, including validation and conflict checking. Update CertificateCard and CertificateList to support alias editing, enhancing user experience in managing certificate aliases. Introduce useAliasEdit hook for alias management logic. --- src/components/CertificateCard.jsx | 13 +- src/components/CertificateList.jsx | 4 +- src/components/EditAliasDialog.jsx | 209 +++++++++++++++++++++++++++++ src/hooks/useAliasEdit.js | 93 +++++++++++++ src/hooks/useCertificateImport.js | 5 +- src/pages/TlsManagement.jsx | 30 +++++ src/services/tlsService.js | 43 ++++++ 7 files changed, 392 insertions(+), 5 deletions(-) create mode 100644 src/components/EditAliasDialog.jsx create mode 100644 src/hooks/useAliasEdit.js diff --git a/src/components/CertificateCard.jsx b/src/components/CertificateCard.jsx index 4d37719c7b..71d176734e 100644 --- a/src/components/CertificateCard.jsx +++ b/src/components/CertificateCard.jsx @@ -3,7 +3,7 @@ import { Paper, Box, Typography, Stack, Button, Divider } from '@mui/material' import ShieldOutlinedIcon from '@mui/icons-material/ShieldOutlined' import StatusPill from './StatusPill' -export default function CertificateCard({ certificate, onViewDetails, onExport, showPrivateKeys = false }) { +export default function CertificateCard({ certificate, onViewDetails, onExport, onEditAlias, showPrivateKeys = false }) { const { name, type, @@ -132,6 +132,17 @@ export default function CertificateCard({ certificate, onViewDetails, onExport, > Export + {/* Edit Alias button - only show for trusted and private stores */} + {(certificate.store === 'trusted' || certificate.store === 'private') && ( + + )} diff --git a/src/components/CertificateList.jsx b/src/components/CertificateList.jsx index 048d9a577f..d0df1a498d 100644 --- a/src/components/CertificateList.jsx +++ b/src/components/CertificateList.jsx @@ -2,7 +2,7 @@ import React from 'react' import { Box, CircularProgress, Typography, Alert, Grid, Stack } from '@mui/material' import CertificateCard from './CertificateCard' -export default function CertificateList({ rows, loading, error, emptyText = 'No certificates found.', onViewDetails, onExport, showPrivateKeys = false }) { +export default function CertificateList({ rows, loading, error, emptyText = 'No certificates found.', onViewDetails, onExport, onEditAlias, showPrivateKeys = false }) { if (loading) { return ( @@ -25,7 +25,7 @@ export default function CertificateList({ rows, loading, error, emptyText = 'No lg={4} // Large desktop: 3 columns xl={3} // Extra large: 4 columns > - + ))} diff --git a/src/components/EditAliasDialog.jsx b/src/components/EditAliasDialog.jsx new file mode 100644 index 0000000000..e2d5698ca4 --- /dev/null +++ b/src/components/EditAliasDialog.jsx @@ -0,0 +1,209 @@ +import React, { useState } from 'react' +import { + Dialog, + DialogTitle, + DialogContent, + DialogContentText, + DialogActions, + Button, + TextField, + Box, + Typography, + Paper, + Grid, + Alert, + FormHelperText +} from '@mui/material' +import { useAliasEdit } from '../hooks/useAliasEdit' +import { updateCertificateAlias } from '../services/tlsService' + +export default function EditAliasDialog({ + open, + onClose, + certificate, + onSuccess +}) { + const [showConfirmDialog, setShowConfirmDialog] = useState(false) + const [validationError, setValidationError] = useState(null) + + const { + newAlias, + aliasWarning, + loading, + apiError, + handleAliasChange, + validate, + checkAliasExists, + setLoading, + setApiError + } = useAliasEdit(certificate?.alias || '', certificate?.store) + + const handleSubmit = async () => { + if (!validate()) return + + // Check if alias already exists + const aliasExists = checkAliasExists(newAlias) + if (aliasExists) { + setShowConfirmDialog(true) + return + } + + // Proceed with alias update + await performAliasUpdate() + } + + const performAliasUpdate = async () => { + setLoading(true) + setApiError(null) + try { + const result = await updateCertificateAlias( + certificate.store, + certificate.alias, + newAlias + ) + if (result.success) { + onSuccess?.(result.data) + onClose() + } else { + setApiError(result.error || 'Failed to update alias') + } + } catch (error) { + setApiError(error.message || 'Failed to update alias') + } finally { + setLoading(false) + } + } + + const handleConfirmReplace = async () => { + setShowConfirmDialog(false) + await performAliasUpdate() + } + + const handleCancelReplace = () => { + setShowConfirmDialog(false) + } + + const handleClose = () => { + setShowConfirmDialog(false) + setValidationError(null) + setApiError(null) + onClose() + } + + if (!certificate) return null + + return ( + <> +

+ Edit Certificate Alias + + + {apiError && ( + setApiError(null)} sx={{ mb: 2 }}> + {apiError} + + )} + + {/* Certificate Info Display */} + + Certificate Information + + + Current Alias + {certificate.alias} + + + Store + + {certificate.store} + + + + Subject + + {certificate.subject} + + + + Issuer + + {certificate.issuer} + + + + + + {/* Alias Input */} + + + + + + + + + + {/* Confirmation Dialog for Replacing Existing Certificate */} + + + Replace Existing Certificate + + + + A certificate with the alias "{newAlias}" already exists. This will replace the existing certificate. Are you sure you want to continue? + + + + + + + + + ) +} diff --git a/src/hooks/useAliasEdit.js b/src/hooks/useAliasEdit.js new file mode 100644 index 0000000000..23e92ae6df --- /dev/null +++ b/src/hooks/useAliasEdit.js @@ -0,0 +1,93 @@ +import { useState, useEffect } from 'react' +import { fetchCertificates } from '../services/tlsService' + +export const useAliasEdit = (currentAlias, currentStore) => { + // State management + const [newAlias, setNewAlias] = useState('') + const [existingCertificates, setExistingCertificates] = useState([]) + const [aliasWarning, setAliasWarning] = useState(null) + const [loading, setLoading] = useState(false) + const [apiError, setApiError] = useState(null) + + // Load existing certificates to check for alias conflicts + const loadExistingCertificates = async () => { + try { + const certificates = await fetchCertificates() + setExistingCertificates(certificates) + } catch (error) { + console.error('Failed to load existing certificates:', error) + } + } + + // Check if alias already exists within the same store (excluding current certificate) + const checkAliasExists = (aliasToCheck) => { + if (!aliasToCheck.trim()) { + setAliasWarning(null) + return false + } + + // Only check certificates in the same store, excluding the current certificate + const exists = existingCertificates.some(cert => + cert.store === currentStore && + cert.alias.toLowerCase() === aliasToCheck.toLowerCase() && + cert.alias.toLowerCase() !== currentAlias.toLowerCase() + ) + + if (exists) { + setAliasWarning('This alias is already in use in this store') + return true + } else { + setAliasWarning(null) + return false + } + } + + // Handle alias change + const handleAliasChange = (e) => { + const newValue = e.target.value + setNewAlias(newValue) + checkAliasExists(newValue) + } + + // Validation logic + const validate = () => { + if (!newAlias.trim()) { + setApiError('Alias is required.') + return false + } + if (newAlias.trim() === currentAlias) { + setApiError('New alias must be different from current alias.') + return false + } + return true + } + + // Initialize with current alias + useEffect(() => { + setNewAlias(currentAlias) + }, [currentAlias]) + + // Load existing certificates on mount + useEffect(() => { + loadExistingCertificates() + }, []) + + return { + // State + newAlias, + aliasWarning, + loading, + apiError, + existingCertificates, + + // Actions + setLoading, + setApiError, + + // Handlers + handleAliasChange, + validate, + checkAliasExists, + loadExistingCertificates + } +} diff --git a/src/hooks/useCertificateImport.js b/src/hooks/useCertificateImport.js index 85493ec3e7..a5865c439f 100644 --- a/src/hooks/useCertificateImport.js +++ b/src/hooks/useCertificateImport.js @@ -35,7 +35,7 @@ export const useCertificateImport = (targetStore) => { } } - // Check if alias already exists + // Check if alias already exists within the target store const checkAliasExists = (aliasToCheck) => { if (!aliasToCheck.trim()) { setAliasWarning(null) @@ -43,11 +43,12 @@ export const useCertificateImport = (targetStore) => { } const exists = existingCertificates.some(cert => + cert.store === targetStore && cert.alias.toLowerCase() === aliasToCheck.toLowerCase() ) if (exists) { - setAliasWarning('This alias is already in use') + setAliasWarning('This alias is already in use in this store') return true } else { setAliasWarning(null) diff --git a/src/pages/TlsManagement.jsx b/src/pages/TlsManagement.jsx index ba70a7d548..c267a36c5b 100644 --- a/src/pages/TlsManagement.jsx +++ b/src/pages/TlsManagement.jsx @@ -12,6 +12,7 @@ import CheckCircleOutlineIcon from '@mui/icons-material/CheckCircleOutline' import VpnKeyIcon from '@mui/icons-material/VpnKey' import ImportCertificateDialogContent from '../components/ImportCertificateDialogContent' import CertificateDetailsDialog from '../components/CertificateDetailsDialog' +import EditAliasDialog from '../components/EditAliasDialog' export default function TlsManagement() { const { all, counts, filterBy, loading, error, refetch } = useCertificates() @@ -29,6 +30,9 @@ export default function TlsManagement() { const [detailsDialogOpen, setDetailsDialogOpen] = useState(false) const [selectedCertificate, setSelectedCertificate] = useState(null) const [showPrivateKeys, setShowPrivateKeys] = useState(false) + + const [editAliasDialogOpen, setEditAliasDialogOpen] = useState(false) + const [certificateToEdit, setCertificateToEdit] = useState(null) const openDialog = ({ type, title, props = {} }) => { setDialogTitle(title) @@ -68,6 +72,22 @@ export default function TlsManagement() { console.log('Export certificate:', certificate) } + const handleEditAlias = (certificate) => { + setCertificateToEdit(certificate) + setEditAliasDialogOpen(true) + } + + const handleCloseEditAlias = () => { + setEditAliasDialogOpen(false) + setCertificateToEdit(null) + } + + const handleAliasEditSuccess = () => { + // Refresh the certificate data after successful alias edit + refetch() + handleCloseEditAlias() + } + const openImportDialog = () => { const targetStore = tabKey === 'trusted' ? 'trusted' : 'private' openDialog({ type: 'import-certificate', title: 'Import Certificate (PEM)', props: { targetStore } }) @@ -132,6 +152,7 @@ export default function TlsManagement() { error={error} onViewDetails={handleViewDetails} onExport={handleExport} + onEditAlias={handleEditAlias} showPrivateKeys={showPrivateKeys} /> @@ -147,6 +168,7 @@ export default function TlsManagement() { error={error} onViewDetails={handleViewDetails} onExport={handleExport} + onEditAlias={handleEditAlias} showPrivateKeys={showPrivateKeys} /> @@ -162,6 +184,7 @@ export default function TlsManagement() { error={error} onViewDetails={handleViewDetails} onExport={handleExport} + onEditAlias={handleEditAlias} showPrivateKeys={showPrivateKeys} /> @@ -195,6 +218,13 @@ export default function TlsManagement() { certificate={selectedCertificate} /> + + ) } diff --git a/src/services/tlsService.js b/src/services/tlsService.js index 289bb08197..efa9f6ec04 100644 --- a/src/services/tlsService.js +++ b/src/services/tlsService.js @@ -203,6 +203,49 @@ export async function updateCertificates(targetStore, certificateData) { } } +export async function updateCertificateAlias(store, oldAlias, newAlias) { + try { + // === INTERNAL STORE (for development) === + // Simulate API delay + await new Promise(resolve => setTimeout(resolve, 300)) + + if (store === 'trusted') { + const certIndex = internalStore.certificates.findIndex(c => c.alias === oldAlias) + if (certIndex >= 0) { + internalStore.certificates[certIndex].alias = newAlias + } else { + throw new Error('Certificate not found') + } + } else if (store === 'private') { + const pairIndex = internalStore.pairs.findIndex(p => p.alias === oldAlias) + if (pairIndex >= 0) { + internalStore.pairs[pairIndex].alias = newAlias + } else { + throw new Error('Certificate not found') + } + } else { + throw new Error('Invalid store type') + } + + // Save to localStorage + saveToStorage() + + console.log('[Internal Store] Updated alias:', { store, oldAlias, newAlias }) + + return { success: true, data: { store, oldAlias, newAlias } } + + // === REAL API (uncomment when API is ready) === + // const response = await api.put(`/api/tlsmanager/certificates/${store}/alias`, { + // oldAlias, + // newAlias + // }) + // return response.data + } catch (error) { + console.error('Failed to update certificate alias:', error) + throw new Error('Failed to update certificate alias') + } +} + // === INTERNAL STORE HELPER FUNCTIONS (remove when switching to real API) === // Helper function to clear the internal store (useful for testing) export function clearInternalStore() { From 0708b90ef400283aa8f7fccaebd86ebe57d80e78 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Mon, 13 Oct 2025 16:04:17 +0300 Subject: [PATCH 108/360] Integrate Notification System and Certificate Removal: Add NotificationProvider for user feedback and implement RemoveCertificateDialog for confirming certificate deletions. Update TlsManagement, CertificateCard, and CertificateList components to support certificate removal functionality, enhancing user experience in managing certificates. --- src/App.jsx | 59 ++++---- src/components/CertificateCard.jsx | 13 +- src/components/CertificateList.jsx | 4 +- src/components/EditAliasDialog.jsx | 54 +++---- src/components/RemoveCertificateDialog.jsx | 155 +++++++++++++++++++++ src/context/NotificationContext.jsx | 69 +++++++++ src/pages/TlsManagement.jsx | 33 +++++ src/services/tlsService.js | 40 ++++++ 8 files changed, 370 insertions(+), 57 deletions(-) create mode 100644 src/components/RemoveCertificateDialog.jsx create mode 100644 src/context/NotificationContext.jsx diff --git a/src/App.jsx b/src/App.jsx index e28e4bf9e7..8af545e2fa 100644 --- a/src/App.jsx +++ b/src/App.jsx @@ -1,6 +1,7 @@ import { BrowserRouter, Routes, Route, Navigate } from 'react-router-dom' import ProtectedRoute from './context/ProtectedRoute' import { useAuth } from './context/AuthContext' +import { NotificationProvider } from './context/NotificationContext' import DashboardLayout from './layout/DashboardLayout' import Login from './pages/Login' import TlsManagement from './pages/TlsManagement' @@ -9,33 +10,35 @@ export default function App() { const { isAuthenticated } = useAuth() return ( - - - : - } - /> - - - - - - } - /> - } - /> - } - /> - - + + + + : + } + /> + + + + + + } + /> + } + /> + } + /> + + + ) } diff --git a/src/components/CertificateCard.jsx b/src/components/CertificateCard.jsx index 71d176734e..36948c2ec5 100644 --- a/src/components/CertificateCard.jsx +++ b/src/components/CertificateCard.jsx @@ -3,7 +3,7 @@ import { Paper, Box, Typography, Stack, Button, Divider } from '@mui/material' import ShieldOutlinedIcon from '@mui/icons-material/ShieldOutlined' import StatusPill from './StatusPill' -export default function CertificateCard({ certificate, onViewDetails, onExport, onEditAlias, showPrivateKeys = false }) { +export default function CertificateCard({ certificate, onViewDetails, onExport, onEditAlias, onRemove, showPrivateKeys = false }) { const { name, type, @@ -143,6 +143,17 @@ export default function CertificateCard({ certificate, onViewDetails, onExport, Edit Alias )} + {/* Remove button - only show for trusted and private stores */} + {(certificate.store === 'trusted' || certificate.store === 'private') && ( + + )} diff --git a/src/components/CertificateList.jsx b/src/components/CertificateList.jsx index d0df1a498d..1206eb7bfc 100644 --- a/src/components/CertificateList.jsx +++ b/src/components/CertificateList.jsx @@ -2,7 +2,7 @@ import React from 'react' import { Box, CircularProgress, Typography, Alert, Grid, Stack } from '@mui/material' import CertificateCard from './CertificateCard' -export default function CertificateList({ rows, loading, error, emptyText = 'No certificates found.', onViewDetails, onExport, onEditAlias, showPrivateKeys = false }) { +export default function CertificateList({ rows, loading, error, emptyText = 'No certificates found.', onViewDetails, onExport, onEditAlias, onRemove, showPrivateKeys = false }) { if (loading) { return ( @@ -25,7 +25,7 @@ export default function CertificateList({ rows, loading, error, emptyText = 'No lg={4} // Large desktop: 3 columns xl={3} // Extra large: 4 columns > - + ))} diff --git a/src/components/EditAliasDialog.jsx b/src/components/EditAliasDialog.jsx index e2d5698ca4..ff15fcf557 100644 --- a/src/components/EditAliasDialog.jsx +++ b/src/components/EditAliasDialog.jsx @@ -104,6 +104,33 @@ export default function EditAliasDialog({ )} + {/* Alias Input */} + + {/* Certificate Info Display */} Certificate Information @@ -133,32 +160,7 @@ export default function EditAliasDialog({ - {/* Alias Input */} - + diff --git a/src/components/RemoveCertificateDialog.jsx b/src/components/RemoveCertificateDialog.jsx new file mode 100644 index 0000000000..c49cebb83f --- /dev/null +++ b/src/components/RemoveCertificateDialog.jsx @@ -0,0 +1,155 @@ +import React, { useState } from 'react' +import { + Dialog, + DialogTitle, + DialogContent, + DialogContentText, + DialogActions, + Button, + Box, + Typography, + Paper, + Grid, + Alert, + Chip, + Stack +} from '@mui/material' +import { Warning } from '@mui/icons-material' +import { removeCertificate } from '../services/tlsService' + +export default function RemoveCertificateDialog({ + open, + onClose, + certificate, + onSuccess +}) { + const [loading, setLoading] = useState(false) + const [error, setError] = useState(null) + + const handleRemove = async () => { + if (!certificate) return + + setLoading(true) + setError(null) + + try { + const result = await removeCertificate(certificate.store, certificate.alias) + if (result.success) { + onSuccess?.(result.data) + onClose() + } else { + setError(result.error || 'Failed to remove certificate') + } + } catch (error) { + setError(error.message || 'Failed to remove certificate') + } finally { + setLoading(false) + } + } + + const handleClose = () => { + setError(null) + onClose() + } + + if (!certificate) return null + + // Check if certificate is in use by channels + const isInUse = certificate.channelsInUse && certificate.channelsInUse.length > 0 + const canRemove = !isInUse + + return ( + + + + + Remove Certificate + + + + + {error && ( + + {error} + + )} + + {/* Certificate Info Display */} + + Certificate Information + + + Alias + {certificate.alias} + + + Store + + {certificate.store} + + + + Subject + + {certificate.subject} + + + + Issuer + + {certificate.issuer} + + + + + + {/* Channels in Use Warning */} + {isInUse && ( + + + Cannot remove certificate. It is currently in use by the following channels: + + + {certificate.channelsInUse.map((channel, index) => ( + + ))} + + + Please remove the certificate from these channels first before deletion. + + + )} + + {/* Warning Message */} + {canRemove && ( + + + This action cannot be undone. The certificate will be permanently removed from the {certificate.store} store. + + + )} + + + {canRemove + ? 'Are you sure you want to remove this certificate?' + : 'This certificate cannot be removed because it is currently in use.' + } + + + + + + + + + ) +} diff --git a/src/context/NotificationContext.jsx b/src/context/NotificationContext.jsx new file mode 100644 index 0000000000..b07ce6fe2c --- /dev/null +++ b/src/context/NotificationContext.jsx @@ -0,0 +1,69 @@ +import React, { createContext, useContext, useState } from 'react' +import { Snackbar, Alert } from '@mui/material' + +const NotificationContext = createContext() + +export const useNotification = () => { + const context = useContext(NotificationContext) + if (!context) { + throw new Error('useNotification must be used within a NotificationProvider') + } + return context +} + +export const NotificationProvider = ({ children }) => { + const [notification, setNotification] = useState({ + open: false, + message: '', + severity: 'info' // 'success', 'error', 'warning', 'info' + }) + + const showNotification = (message, severity = 'info') => { + setNotification({ + open: true, + message, + severity + }) + } + + const hideNotification = () => { + setNotification(prev => ({ + ...prev, + open: false + })) + } + + const showSuccess = (message) => showNotification(message, 'success') + const showError = (message) => showNotification(message, 'error') + const showWarning = (message) => showNotification(message, 'warning') + const showInfo = (message) => showNotification(message, 'info') + + return ( + + {children} + + + {notification.message} + + + + ) +} diff --git a/src/pages/TlsManagement.jsx b/src/pages/TlsManagement.jsx index c267a36c5b..6341bef180 100644 --- a/src/pages/TlsManagement.jsx +++ b/src/pages/TlsManagement.jsx @@ -13,9 +13,12 @@ import VpnKeyIcon from '@mui/icons-material/VpnKey' import ImportCertificateDialogContent from '../components/ImportCertificateDialogContent' import CertificateDetailsDialog from '../components/CertificateDetailsDialog' import EditAliasDialog from '../components/EditAliasDialog' +import RemoveCertificateDialog from '../components/RemoveCertificateDialog' +import { useNotification } from '../context/NotificationContext' export default function TlsManagement() { const { all, counts, filterBy, loading, error, refetch } = useCertificates() + const { showSuccess, showError } = useNotification() const [params, setParams] = useSearchParams() const tabKeys = ['native', 'trusted', 'private'] const initialKey = params.get('tab') && tabKeys.includes(params.get('tab')) ? params.get('tab') : 'native' @@ -33,6 +36,9 @@ export default function TlsManagement() { const [editAliasDialogOpen, setEditAliasDialogOpen] = useState(false) const [certificateToEdit, setCertificateToEdit] = useState(null) + + const [removeDialogOpen, setRemoveDialogOpen] = useState(false) + const [certificateToRemove, setCertificateToRemove] = useState(null) const openDialog = ({ type, title, props = {} }) => { setDialogTitle(title) @@ -88,6 +94,23 @@ export default function TlsManagement() { handleCloseEditAlias() } + const handleRemove = (certificate) => { + setCertificateToRemove(certificate) + setRemoveDialogOpen(true) + } + + const handleCloseRemove = () => { + setRemoveDialogOpen(false) + setCertificateToRemove(null) + } + + const handleRemoveSuccess = () => { + // Refresh the certificate data after successful removal + refetch() + handleCloseRemove() + showSuccess(`Certificate "${certificateToRemove?.alias}" has been removed successfully`) + } + const openImportDialog = () => { const targetStore = tabKey === 'trusted' ? 'trusted' : 'private' openDialog({ type: 'import-certificate', title: 'Import Certificate (PEM)', props: { targetStore } }) @@ -153,6 +176,7 @@ export default function TlsManagement() { onViewDetails={handleViewDetails} onExport={handleExport} onEditAlias={handleEditAlias} + onRemove={handleRemove} showPrivateKeys={showPrivateKeys} /> @@ -169,6 +193,7 @@ export default function TlsManagement() { onViewDetails={handleViewDetails} onExport={handleExport} onEditAlias={handleEditAlias} + onRemove={handleRemove} showPrivateKeys={showPrivateKeys} /> @@ -185,6 +210,7 @@ export default function TlsManagement() { onViewDetails={handleViewDetails} onExport={handleExport} onEditAlias={handleEditAlias} + onRemove={handleRemove} showPrivateKeys={showPrivateKeys} /> @@ -225,6 +251,13 @@ export default function TlsManagement() { onSuccess={handleAliasEditSuccess} /> + + ) } diff --git a/src/services/tlsService.js b/src/services/tlsService.js index efa9f6ec04..dd0385e29a 100644 --- a/src/services/tlsService.js +++ b/src/services/tlsService.js @@ -246,6 +246,46 @@ export async function updateCertificateAlias(store, oldAlias, newAlias) { } } +export async function removeCertificate(store, alias) { + try { + // === INTERNAL STORE (for development) === + // Simulate API delay + await new Promise(resolve => setTimeout(resolve, 300)) + + if (store === 'trusted') { + const certIndex = internalStore.certificates.findIndex(c => c.alias === alias) + if (certIndex >= 0) { + internalStore.certificates.splice(certIndex, 1) + } else { + throw new Error('Certificate not found') + } + } else if (store === 'private') { + const pairIndex = internalStore.pairs.findIndex(p => p.alias === alias) + if (pairIndex >= 0) { + internalStore.pairs.splice(pairIndex, 1) + } else { + throw new Error('Certificate not found') + } + } else { + throw new Error('Invalid store type') + } + + // Save to localStorage + saveToStorage() + + console.log('[Internal Store] Removed certificate:', { store, alias }) + + return { success: true, data: { store, alias } } + + // === REAL API (uncomment when API is ready) === + // const response = await api.delete(`/api/tlsmanager/certificates/${store}/${alias}`) + // return response.data + } catch (error) { + console.error('Failed to remove certificate:', error) + throw new Error('Failed to remove certificate') + } +} + // === INTERNAL STORE HELPER FUNCTIONS (remove when switching to real API) === // Helper function to clear the internal store (useful for testing) export function clearInternalStore() { From 8765e6d021c76c14a458517972b78e04cb54b2e6 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Mon, 13 Oct 2025 16:13:16 +0300 Subject: [PATCH 109/360] Enhance CertificateCard and tlsService: Add channels in use display in CertificateCard for better visibility of channel assignments. Implement channel assignment management in tlsService, including mock channel generation and localStorage integration for persistent channel data. Update certificate fetching and updating logic to support channel assignments, improving overall certificate management experience. --- src/components/CertificateCard.jsx | 38 +++++++++++- src/services/tlsService.js | 99 +++++++++++++++++++++++++++++- 2 files changed, 132 insertions(+), 5 deletions(-) diff --git a/src/components/CertificateCard.jsx b/src/components/CertificateCard.jsx index 36948c2ec5..3982f4e83c 100644 --- a/src/components/CertificateCard.jsx +++ b/src/components/CertificateCard.jsx @@ -1,6 +1,9 @@ import React from 'react' -import { Paper, Box, Typography, Stack, Button, Divider } from '@mui/material' +import { Paper, Box, Typography, Stack, Button, Divider, Chip } from '@mui/material' import ShieldOutlinedIcon from '@mui/icons-material/ShieldOutlined' +import ImportExportOutlinedIcon from '@mui/icons-material/ImportExportOutlined' +import EditOutlinedIcon from '@mui/icons-material/EditOutlined' +import DeleteOutlinedIcon from '@mui/icons-material/DeleteOutlined' import StatusPill from './StatusPill' export default function CertificateCard({ certificate, onViewDetails, onExport, onEditAlias, onRemove, showPrivateKeys = false }) { @@ -14,6 +17,7 @@ export default function CertificateCard({ certificate, onViewDetails, onExport, fingerprintSha1, hasPrivateKey, rawPrivateKey, + channelsInUse, } = certificate return ( @@ -88,6 +92,31 @@ export default function CertificateCard({ certificate, onViewDetails, onExport, {fingerprintSha1} + {/* Channels in Use Section */} + {channelsInUse && channelsInUse.length > 0 && ( + + Used by Channels: + + {channelsInUse.map((channel, index) => ( + + ))} + + + )} + {/* Private Key Section */} {showPrivateKeys && hasPrivateKey && rawPrivateKey && ( <> @@ -116,8 +145,8 @@ export default function CertificateCard({ certificate, onViewDetails, onExport, - {/* Edit Alias button - only show for trusted and private stores */} {(certificate.store === 'trusted' || certificate.store === 'private') && ( - )} {/* Remove button - only show for trusted and private stores */} {(certificate.store === 'trusted' || certificate.store === 'private') && ( - )} - + ) } diff --git a/src/components/CertificateList.jsx b/src/components/CertificateList.jsx index 1206eb7bfc..f0b34f2c97 100644 --- a/src/components/CertificateList.jsx +++ b/src/components/CertificateList.jsx @@ -18,12 +18,15 @@ export default function CertificateList({ rows, loading, error, emptyText = 'No {rows.map((row) => ( From a038a74c12cec4de0f5015584b90080bdc806997 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 14 Oct 2025 13:29:25 +0300 Subject: [PATCH 111/360] Update TlsManagement component: Rename 'Private Key Store' to 'Local Certificates' for clarity and consistency in terminology. Adjust related titles in the toolbar to reflect this change, enhancing user understanding of certificate management sections. --- src/pages/TlsManagement.jsx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/pages/TlsManagement.jsx b/src/pages/TlsManagement.jsx index 6341bef180..1a7e84dd33 100644 --- a/src/pages/TlsManagement.jsx +++ b/src/pages/TlsManagement.jsx @@ -133,7 +133,7 @@ export default function TlsManagement() { const tabs = [ { key: 'native', label: 'Native Java Certificate Store', count: counts.native, icon: }, { key: 'trusted', label: 'Additional Trusted Certificates', count: counts.trusted, icon: }, - { key: 'private', label: 'Private Key Store', count: counts.private, icon: }, + { key: 'private', label: 'Local Certificates', count: counts.private, icon: }, ] const toolbarByTab = { @@ -150,7 +150,7 @@ export default function TlsManagement() { ], }, private: { - title: 'Private Key Store', + title: 'Local Certificates', actions: [ { key: 'show-private-keys', label: showPrivateKeys ? 'Hide Private Keys' : 'Show Private Keys', color: 'warning', onClick: handleTogglePrivateKeys }, { key: 'import-cert', label: 'Import Certificate', color: 'info', onClick: () => openImportDialog() }, From 27763a7ab493fb4bac468a3c966bb5644cf69b2f Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 15 Oct 2025 15:13:05 +0300 Subject: [PATCH 112/360] Introduce an intermediary container for easier TCP connections --- .../server/SocketFactoryService.java | 22 +++++++++++++++++-- .../revocation/DualCheckerTrustManager.java | 6 +---- .../WeirdIntermediaryContextContainer.java | 11 ++++++++++ 3 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryContextContainer.java diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index 1b0d94b78a..c0843f83c1 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -7,6 +7,7 @@ import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.openintegrationengine.tlsmanager.server.revocation.DualCheckerTrustManager; +import org.openintegrationengine.tlsmanager.shared.models.WeirdIntermediaryContextContainer; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; import javax.net.ssl.KeyManager; @@ -36,6 +37,23 @@ public SocketFactoryService( } public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector connector, TLSConnectorProperties properties) { + var contextContainer = generateSSLContext(connector, properties); + return getConnectorSocketFactory(contextContainer); + } + + public SSLConnectionSocketFactory getConnectorSocketFactory(WeirdIntermediaryContextContainer contextContainer) { + // Return null to trigger building the connection with OIE's internal logic + if (contextContainer == null) return null; + + return new SSLConnectionSocketFactory( + contextContainer.sslContext(), + contextContainer.protocols(), + contextContainer.ciphers(), + contextContainer.hostnameVerifier() + ); + } + + public WeirdIntermediaryContextContainer generateSSLContext(DestinationConnector connector, TLSConnectorProperties properties) { try { var truststore = certificateService.getTrustStoreFromProperties( properties.isTrustSystemTruststore(), @@ -80,14 +98,14 @@ public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector ? SSLConnectionSocketFactory.getDefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE; - return new SSLConnectionSocketFactory( + return new WeirdIntermediaryContextContainer( sslContext, protocolArray, cipherArray, hostnameVerificationStrategy ); } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e) { - log.error("Error generating SSLConnectionSocketFactory", e); + log.error("Error generating SSLContext", e); throw new RuntimeException(e); } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java index eb1503f3ab..7135fe2aed 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -2,8 +2,6 @@ import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.DEROctetString; -import org.bouncycastle.asn1.x509.AccessDescription; -import org.bouncycastle.asn1.x509.AuthorityInformationAccess; import org.bouncycastle.asn1.x509.CRLDistPoint; import org.bouncycastle.asn1.x509.DistributionPoint; import org.bouncycastle.asn1.x509.DistributionPointName; @@ -24,7 +22,6 @@ import java.security.cert.CRL; import java.security.cert.CertPath; import java.security.cert.CertPathValidator; -import java.security.cert.CertPathValidatorException; import java.security.cert.CertStore; import java.security.cert.Certificate; import java.security.cert.CertificateException; @@ -35,7 +32,6 @@ import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.ArrayList; -import java.util.Arrays; import java.util.Base64; import java.util.Collection; import java.util.EnumSet; @@ -80,7 +76,7 @@ private void validate(X509Certificate[] chain) throws CertificateException { } var certificateFactory = CertificateFactory.getInstance("X.509"); - var certPath = certificateFactory.generateCertPath(Arrays.asList(chain)); + var certPath = certificateFactory.generateCertPath(List.of(chain)); // Baseline chain sanity (revocation OFF) to get clean path errors early. var base = new PKIXParameters(anchors); diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryContextContainer.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryContextContainer.java new file mode 100644 index 0000000000..0ad7468175 --- /dev/null +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryContextContainer.java @@ -0,0 +1,11 @@ +package org.openintegrationengine.tlsmanager.shared.models; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; + +public record WeirdIntermediaryContextContainer ( + SSLContext sslContext, + String[] protocols, + String[] ciphers, + HostnameVerifier hostnameVerifier +) {} From 4a6715e2fe95b4e115c12543124305ec76a8a142 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 15 Oct 2025 15:16:40 +0300 Subject: [PATCH 113/360] Initial WebService Sender stuff --- .../client/TLSConnectorPropertiesPlugin.java | 2 +- server/pom.xml | 14 ++++ .../TLSWebServiceConfiguration.java | 77 +++++++++++++++++++ 3 files changed, 92 insertions(+), 1 deletion(-) create mode 100644 server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java index fbe42fe11a..446179ea75 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java @@ -54,7 +54,7 @@ public AbstractConnectorPropertiesPanel getConnectorPropertiesPanel() { @Override public boolean isSupported(String transportName) { return Set - .of("HTTP Sender", "TCP Sender") + .of("HTTP Sender", "TCP Sender", "Web Service Sender") .contains(transportName); } diff --git a/server/pom.xml b/server/pom.xml index a24a0cf5d1..87ba8b144e 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -72,6 +72,20 @@ provided + + com.mirth.connect.connectors + ws-server + ${mirth.version} + provided + + + + com.mirth.connect.connectors + ws-shared + ${mirth.version} + provided + + org.apache.httpcomponents httpclient diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java new file mode 100644 index 0000000000..e46edc7adf --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java @@ -0,0 +1,77 @@ +package org.openintegrationengine.tlsmanager.server.connectorconfig; + +import com.mirth.connect.connectors.ws.DefaultWebServiceConfiguration; +import com.mirth.connect.connectors.ws.SSLSocketFactoryWrapper; +import com.mirth.connect.connectors.ws.WebServiceDispatcher; +import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; +import com.mirth.connect.donkey.server.channel.Connector; +import lombok.extern.slf4j.Slf4j; +import org.openintegrationengine.tlsmanager.server.SocketFactoryService; +import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; +import org.openintegrationengine.tlsmanager.shared.models.WeirdIntermediaryContextContainer; +import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; + +import javax.net.ssl.SSLSocketFactory; +import java.util.Map; + +@Slf4j +public class TLSWebServiceConfiguration extends DefaultWebServiceConfiguration { + + private final SocketFactoryService socketFactoryService; + + private WeirdIntermediaryContextContainer contextContainer; + + public TLSWebServiceConfiguration() { + // This looks ugly, I know + this(TLSServicePlugin.getPluginInstance().getSocketFactoryService()); + } + + public TLSWebServiceConfiguration(SocketFactoryService socketFactoryService) { + this.socketFactoryService = socketFactoryService; + } + + @Override + public void configureConnectorDeploy(Connector connector) throws Exception { + if (connector instanceof WebServiceDispatcher webServiceDispatcher) { + configureSocketFactory(webServiceDispatcher); + } + } + + @Override + public void configureDispatcher(WebServiceDispatcher connector, WebServiceDispatcherProperties connectorProperties, Map requestContext) throws Exception { + SSLSocketFactory socketFactory = new SSLSocketFactoryWrapper( + contextContainer.sslContext().getSocketFactory(), + contextContainer.protocols(), + contextContainer.ciphers() + ); + + // Wat? + requestContext.put("com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory", socketFactory); + requestContext.put("com.sun.xml.ws.transport.https.client.SSLSocketFactory", socketFactory); // JAX-WS RI + } + + private void configureSocketFactory(WebServiceDispatcher connector) { + var tlsConnectorProperties = connector.getConnectorProperties().getPluginProperties() + .stream() + .filter(TLSConnectorProperties.class::isInstance) + .findFirst() + .map(TLSConnectorProperties.class::cast) + .orElse(null); + + if (tlsConnectorProperties != null && tlsConnectorProperties.isTlsManagerEnabled()) { + contextContainer = socketFactoryService.generateSSLContext(connector, tlsConnectorProperties); + + var socketConnectionFactory = socketFactoryService.getConnectorSocketFactory(contextContainer); + if (socketConnectionFactory != null) { + connector.getSocketFactoryRegistry().register("https", socketConnectionFactory); + } + } else { + try { + super.configureConnectorDeploy(connector); + } catch (Exception e) { + log.error("Error creating non-TLS socket factory", e); + throw new RuntimeException(e); + } + } + } +} From b034358bdfac3d8f72ea886bcf236572a34f06c9 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 15 Oct 2025 15:59:19 +0300 Subject: [PATCH 114/360] More .gitignore --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index f84bdec216..4b1c9fdf8b 100644 --- a/.gitignore +++ b/.gitignore @@ -9,5 +9,7 @@ plugin.xml docker/certs/ docker/custom-extensions docker/pgdata +docker/conf +docker/appdata tools/cert-revocation/mini-ca From 17f9e9a479809e46d3a01d812d463c367458d137 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 17 Oct 2025 11:27:42 +0300 Subject: [PATCH 115/360] Fix CRL header --- .../tlsmanager/server/revocation/DualCheckerTrustManager.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java index 7135fe2aed..f5589b588c 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -190,7 +190,7 @@ private static Collection fetchCrlsFromCrlDP(X509Certificate[] ch try (InputStream in = URI.create(uri).toURL().openStream()) { byte[] bytes = in.readAllBytes(); - byte[] der = maybeDecodePem(bytes, "CRL"); + byte[] der = maybeDecodePem(bytes, "X509 CRL"); out.add(certificateFactory.generateCRL(new ByteArrayInputStream(der))); } catch (Exception ignoreOne) {} } From e9c68ebcc178c8f22f5c7300c67a874f3135d56f Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 17 Oct 2025 16:37:06 +0300 Subject: [PATCH 116/360] Add OCSP Stapling support --- .../revocation/DualCheckerTrustManager.java | 111 +++++++++++++++--- 1 file changed, 96 insertions(+), 15 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java index f5589b588c..db55c0a9d3 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -1,5 +1,6 @@ package org.openintegrationengine.tlsmanager.server.revocation; +import lombok.extern.slf4j.Slf4j; import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.x509.CRLDistPoint; @@ -8,9 +9,16 @@ import org.bouncycastle.asn1.x509.Extension; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.cert.ocsp.BasicOCSPResp; +import org.bouncycastle.cert.ocsp.CertificateStatus; +import org.bouncycastle.cert.ocsp.OCSPResp; +import org.bouncycastle.cert.ocsp.RevokedStatus; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; +import javax.net.ssl.ExtendedSSLSession; import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocket; import javax.net.ssl.X509ExtendedTrustManager; import java.io.ByteArrayInputStream; import java.io.InputStream; @@ -23,7 +31,6 @@ import java.security.cert.CertPath; import java.security.cert.CertPathValidator; import java.security.cert.CertStore; -import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CollectionCertStoreParameters; @@ -40,6 +47,7 @@ import java.util.List; import java.util.Set; +@Slf4j public final class DualCheckerTrustManager extends X509ExtendedTrustManager { private final KeyStore trustStore; @@ -59,16 +67,31 @@ public DualCheckerTrustManager( } // --- JSSE delegation --- - @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { validate(chain); } - @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { validate(chain); } - @Override public void checkServerTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { validate(chain); } - @Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { validate(chain); } - @Override public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine e) throws CertificateException { validate(chain); } - @Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine e) throws CertificateException { validate(chain); } - @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine e) throws CertificateException { } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { + validate(chain, null); + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { + validate(chain, s); + } + + @Override + public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine e) { + throw new UnsupportedOperationException("SSLEngine not supported"); + } + + @Override + public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } + // --- Core: run two separate PKIX passes, each with its own PKIXRevocationChecker --- - private void validate(X509Certificate[] chain) throws CertificateException { + private void validate(X509Certificate[] chain, Socket socket) throws CertificateException { try { Set anchors = anchorsFrom(trustStore); if (anchors.isEmpty()) { @@ -86,7 +109,33 @@ private void validate(X509Certificate[] chain) throws CertificateException { // OCSP-only pass (if requested) if (ocspMode != RevocationMode.DISABLED) { - pkixOcspOnly(certPath, anchors, ocspMode == RevocationMode.SOFT_FAIL); + + boolean hasStapledOcsp = false; + + if (socket instanceof SSLSocket sslSocket) { + SSLSession session = sslSocket.getHandshakeSession(); + + if (session instanceof ExtendedSSLSession extendedSession) { + var statusResponses = extendedSession.getStatusResponses(); + + if (statusResponses != null && !statusResponses.isEmpty()) { + log.info("Received {} stapled OCSP response(s)", statusResponses.size()); + + for (int i = 0; i < Math.min(statusResponses.size(), chain.length); i++) { + byte[] response = statusResponses.get(i); + if (response != null && response.length > 0) { + validateStapledOcspResponse(response, chain[i]); + hasStapledOcsp = true; + } + } + } + } + } + + + if (!hasStapledOcsp) { + pkixOcspOnly(certPath, anchors, ocspMode == RevocationMode.SOFT_FAIL); + } } // CRL-only pass (if requested) @@ -116,7 +165,7 @@ private void pkixOcspOnly(CertPath path, Set anchors, boolean softF var revocationChecker = (PKIXRevocationChecker) certPathValidator.getRevocationChecker(); var opts = EnumSet.of( - PKIXRevocationChecker.Option.NO_FALLBACK // do NOT fall back to CRLs + PKIXRevocationChecker.Option.NO_FALLBACK // don't fall back to CRLs ); if (softFail) opts.add(PKIXRevocationChecker.Option.SOFT_FAIL); @@ -159,10 +208,12 @@ private void pkixCrlOnly(CertPath path, Set anchors, Collection anchorsFrom(KeyStore ks) throws KeyStoreException { Set out = new HashSet<>(); for (Enumeration e = ks.aliases(); e.hasMoreElements();) { - String a = e.nextElement(); - Certificate c = ks.getCertificate(a); - if (c instanceof X509Certificate certificate) { - out.add(new TrustAnchor(certificate, null)); + var alias = e.nextElement(); + var certificate = ks.getCertificate(alias); + if (certificate instanceof X509Certificate x509Certificate) { + out.add(new TrustAnchor(x509Certificate, null)); + } else { + log.debug("Ignoring non-X.509 certificate {} in truststore", certificate); } } return out; @@ -209,4 +260,34 @@ private static byte[] maybeDecodePem(byte[] content, String type) { .replaceAll("\\s", ""); return Base64.getDecoder().decode(base64); } + + private void validateStapledOcspResponse(byte[] responseBytes, X509Certificate cert) + throws CertificateException { + try { + var ocspResponse = new OCSPResp(responseBytes); + + if (ocspResponse.getStatus() == OCSPResp.SUCCESSFUL) { + var basicResponse = (BasicOCSPResp) ocspResponse.getResponseObject(); + + for (var singleResp : basicResponse.getResponses()) { + var status = singleResp.getCertStatus(); + + if (status == CertificateStatus.GOOD) { + log.debug("Stapled OCSP: Certificate is GOOD"); + } else if (status instanceof RevokedStatus) { + throw new CertificateException("Certificate is REVOKED (from stapled OCSP)"); + } else { + log.warn("Stapled OCSP: Certificate status is UNKNOWN"); + } + } + } else { + log.warn("Stapled OCSP response status: {}", ocspResponse.getStatus()); + } + } catch (Exception e) { + log.error("Failed to validate stapled OCSP response", e); + if (ocspMode == RevocationMode.HARD_FAIL) { + throw new CertificateException("Invalid stapled OCSP response", e); + } + } + } } From 1d2429f13d70aa3f2b2804319f10d62a5b092ca6 Mon Sep 17 00:00:00 2001 From: Paul Hristea Date: Sat, 18 Oct 2025 16:39:28 +0300 Subject: [PATCH 117/360] Implement keystore & truststore endpoints --- .../tlsmanager/server/CertificateService.java | 210 +++++++++++++++++- .../server/servlets/TLSServlet.java | 43 +++- .../shared/servlet/TLSServletInterface.java | 92 +++++++- 3 files changed, 332 insertions(+), 13 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 06931137ac..f6790061ed 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -23,6 +23,10 @@ import com.mirth.connect.util.ConnectionTestResponse; import lombok.Getter; import lombok.extern.slf4j.Slf4j; +import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; +import org.bouncycastle.openssl.PEMKeyPair; +import org.bouncycastle.openssl.PEMParser; +import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; import org.openintegrationengine.tlsmanager.server.backend.DatabaseTrustStoreBackend; import org.openintegrationengine.tlsmanager.server.backend.FileTrustStoreBackend; import org.openintegrationengine.tlsmanager.server.backend.SystemTrustStoreBackend; @@ -35,14 +39,30 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.io.StringReader; import java.net.URL; +import java.security.Key; +import java.security.KeyFactory; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; import java.security.UnrecoverableKeyException; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.util.ArrayList; +import java.util.Base64; import java.util.Collections; +import java.util.Enumeration; +import java.util.HashMap; import java.util.HashSet; +import java.util.List; +import java.util.Map; import java.util.Set; import static org.openintegrationengine.tlsmanager.shared.TLSPluginConstants.PKCS12; @@ -218,7 +238,17 @@ public void storeExtraTrustStore(byte[] keystoreBytes, char[] password) { } } - public Set getPublicCertificates() { + public void storeExtraKeyStore(byte[] keystoreBytes, char[] password) { + try (var bais = new ByteArrayInputStream(keystoreBytes)) { + externalKeyStore.load(bais, password); + extraKeyStoreBackend.persist(keystoreBytes); + } catch (CertificateException | IOException | NoSuchAlgorithmException e) { + log.error("Error overwriting keystore", e); + throw new RuntimeException(e); + } + } + + public Set getTrustedCertificateAliases() { try { return new HashSet<>(Collections.list(externalTrustStore.aliases())); } catch (KeyStoreException e) { @@ -227,7 +257,7 @@ public Set getPublicCertificates() { } } - public Set getClientCertificates() { + public Set getLocalCertificateAliases() { try { return new HashSet<>(Collections.list(externalKeyStore.aliases())); } catch (KeyStoreException e) { @@ -236,6 +266,182 @@ public Set getClientCertificates() { } } + public List> getEncodedTrustedCertificates() { + return getEncodedCertificates(externalTrustStore); + } + + public List> getEncodedLocalCertificates() { + return getEncodedCertificates(externalKeyStore); + } + + private List> getEncodedCertificates(KeyStore keyStore) { + List> certificates = new ArrayList<>(); + Map certificateMap = new HashMap<>(); + + try { + Enumeration aliases = keyStore.aliases(); + + while (aliases.hasMoreElements()) { + String alias = aliases.nextElement(); + certificateMap.put("alias", alias); + + if (keyStore.isKeyEntry(alias)) { + String certificate = encodeCertificates(keyStore.getCertificateChain(alias)); + certificateMap.put("certificate", certificate); + String key = encodeKey(keyStore.getKey(alias, "changeit".toCharArray())); + certificateMap.put("key", key); + } else if (keyStore.isCertificateEntry(alias)) { + String certificate = encodeCertificates(keyStore.getCertificate(alias)); + certificateMap.put("certificate", certificate); + } + } + certificates.add(certificateMap); + return certificates; + } catch (KeyStoreException | CertificateEncodingException | NoSuchAlgorithmException | UnrecoverableKeyException e) { + throw new RuntimeException(e); + } + } + + private String encodeCertificates(Certificate... chain) throws CertificateEncodingException { + StringBuilder pem = new StringBuilder(); + + for (Certificate cert : chain) { + String base64Cert = Base64.getMimeEncoder(64, "\n".getBytes()) + .encodeToString(cert.getEncoded()); + pem.append("-----BEGIN CERTIFICATE-----\n") + .append(base64Cert) + .append("\n-----END CERTIFICATE-----\n\n"); + } + return pem.toString(); + } + + private String encodeKey(Key key) throws CertificateEncodingException { + StringBuilder pem = new StringBuilder(); + + if (key instanceof PrivateKey) { + String base64Key = Base64.getMimeEncoder(64, "\n".getBytes()) + .encodeToString(key.getEncoded()); + pem.append("-----BEGIN PRIVATE KEY-----\n") + .append(base64Key) + .append("\n-----END PRIVATE KEY-----\n\n"); + } + return pem.toString(); + } + + public void setTrustedCertificates(List> trustedCertificates) { + try { + KeyStore ks = KeyStore.getInstance("PKCS12"); + char[] password = "changeit".toCharArray(); + ks.load(null, password); + + for (Map trustedCertificate : trustedCertificates) { + String alias = extractAlias(trustedCertificate); + String certificate = extractCertificate(trustedCertificate); + + X509Certificate cert = decodeCertificate(certificate); + ks.setCertificateEntry(alias, cert); + } + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ks.store(out, password); + byte[] keystoreBytes = out.toByteArray(); + storeExtraTrustStore(keystoreBytes, password); + } catch (CertificateException | IOException | KeyStoreException | NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + } + + private X509Certificate decodeCertificate(String certificate) throws CertificateException { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + String certContent = certificate + .replaceAll("-----BEGIN CERTIFICATE-----", "") + .replaceAll("-----END CERTIFICATE-----", "") + .replaceAll("\\s+", ""); + byte[] certBytes = Base64.getDecoder().decode(certContent); + return (X509Certificate) cf.generateCertificate( + new java.io.ByteArrayInputStream(certBytes)); + } + + private PrivateKey decodeKey(String key) throws CertificateException, NoSuchAlgorithmException, InvalidKeySpecException, IOException { + String keyContent = key + .replaceAll("-----BEGIN [A-Z0-9 ]*PRIVATE KEY-----", "") + .replaceAll("-----END [A-Z0-9 ]*PRIVATE KEY-----", "") + .replaceAll("\\s+", ""); + byte[] keyBytes = Base64.getDecoder().decode(keyContent); + PrivateKey privateKey; + try { + privateKey = KeyFactory.getInstance("RSA") + .generatePrivate(new PKCS8EncodedKeySpec(keyBytes)); + } catch (InvalidKeySpecException e) { + if (e.getMessage().equals("java.security.InvalidKeyException: IOException : algid parse error, not a sequence")) { + // Attempt to convert to PKCS#8 + return attemptPkcs8Conversion(key); + } + throw e; + } + return privateKey; + } + + private PrivateKey attemptPkcs8Conversion(String key) throws InvalidKeySpecException, IOException { + try (PEMParser parser = new PEMParser(new StringReader(key))) { + Object obj = parser.readObject(); + JcaPEMKeyConverter converter = new JcaPEMKeyConverter(); + + if (obj instanceof PEMKeyPair) { + return converter.getKeyPair((PEMKeyPair) obj).getPrivate(); + } else if (obj instanceof PrivateKeyInfo) { + return converter.getPrivateKey((PrivateKeyInfo) obj); + } else { + throw new IllegalArgumentException("Unsupported PEM object: " + obj.getClass()); + } + } + } + + public void setLocalCertificates(List> localCertificates) { + try { + KeyStore ks = KeyStore.getInstance("PKCS12"); + char[] password = "changeit".toCharArray(); + ks.load(null, password); + + for (Map trustedCertificate : localCertificates) { + String alias = extractAlias(trustedCertificate); + String certificate = extractCertificate(trustedCertificate); + String key = extractKey(trustedCertificate); + + X509Certificate cert = decodeCertificate(certificate); + PrivateKey privateKey = decodeKey(key); + ks.setKeyEntry(alias, privateKey, password, new Certificate[]{cert}); + } + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ks.store(out, password); + byte[] keystoreBytes = out.toByteArray(); + storeExtraKeyStore(keystoreBytes, password); + } catch (CertificateException | InvalidKeySpecException | IOException | KeyStoreException | + NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + } + + private String extractAlias(Map certificate) { + return extractField(certificate, "alias"); + } + + String extractField(Map certificate, String field) { + String fieldValue = certificate.get(field); + + if (fieldValue == null) { + throw new RuntimeException("Missing " + field); + } + return fieldValue; + } + + private String extractCertificate(Map certificate) { + return extractField(certificate, "certificate"); + } + + private String extractKey(Map certificate) { + return extractField(certificate, "key"); + } + public ConnectionTestResponse testConnection( String channelId, String channelName, diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index 31fdbf50e0..4bff864dfe 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -40,6 +40,8 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; +import java.util.List; +import java.util.Map; import java.util.Set; @Slf4j @@ -68,12 +70,12 @@ public TLSServlet( @Override public Set getPublicCertificates() { - return certificateService.getPublicCertificates(); + return certificateService.getTrustedCertificateAliases(); } @Override public Set getClientCertificates() { - return certificateService.getClientCertificates(); + return certificateService.getLocalCertificateAliases(); } @Override @@ -108,9 +110,44 @@ public String setTruststore(InputStream inputStream, String password) { return "timmis"; } + @Override + public List> getLocalCertificates() { + if (!isUserAuthorized(false)) { + isUserAuthorized(true); + throw new WebApplicationException(Response.Status.FORBIDDEN); + } + return certificateService.getEncodedLocalCertificates(); + } + + @Override + public void setLocalCertificates(List> localCertificates) { + if (!isUserAuthorized(false)) { + isUserAuthorized(true); + throw new WebApplicationException(Response.Status.FORBIDDEN); + } + certificateService.setLocalCertificates(localCertificates); + } + + @Override + public List> getTrustedCertificates() { + if (!isUserAuthorized(false)) { + isUserAuthorized(true); + throw new WebApplicationException(Response.Status.FORBIDDEN); + } + return certificateService.getEncodedTrustedCertificates(); + } + + @Override + public void setTrustedCertificates(List> trustedCertificates) { + if (!isUserAuthorized(false)) { + isUserAuthorized(true); + throw new WebApplicationException(Response.Status.FORBIDDEN); + } + certificateService.setTrustedCertificates(trustedCertificates); + } + @Override public ConnectionTestResponse testConnection(String channelId, String channelName, HttpDispatcherProperties dispatcherProperties) throws ClientException { return certificateService.testConnection(channelId, channelName, dispatcherProperties); } } - diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java index f638114a2f..2b4719e132 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java @@ -27,6 +27,7 @@ import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Content; import io.swagger.v3.oas.annotations.media.Schema; +import io.swagger.v3.oas.annotations.parameters.RequestBody; import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.tags.Tag; import org.glassfish.jersey.media.multipart.FormDataParam; @@ -35,26 +36,27 @@ import javax.ws.rs.Consumes; import javax.ws.rs.GET; import javax.ws.rs.POST; +import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; import java.io.InputStream; +import java.util.List; +import java.util.Map; import java.util.Set; -import static javax.ws.rs.core.MediaType.APPLICATION_JSON; -import static javax.ws.rs.core.MediaType.APPLICATION_OCTET_STREAM; -import static javax.ws.rs.core.MediaType.APPLICATION_XML; +import static javax.ws.rs.core.MediaType.*; @Path("/tlsmanager") @Tag(name = TLSPluginConstants.PLUGIN_POINTNAME) -@Consumes({ APPLICATION_XML, APPLICATION_JSON }) -@Produces({ APPLICATION_XML, APPLICATION_JSON }) +@Consumes({APPLICATION_XML, APPLICATION_JSON}) +@Produces({APPLICATION_XML, APPLICATION_JSON}) @MirthApiProvider(type = ApiProviderType.SERVLET_INTERFACE) public interface TLSServletInterface extends BaseServletInterface, HttpConnectorServletInterface { @GET @Path("/importedcertificates") - @Produces({ APPLICATION_XML, APPLICATION_JSON }) + @Produces({APPLICATION_XML, APPLICATION_JSON}) @ApiResponse(responseCode = "200", description = "Found the information", content = { @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = Set.class)), @@ -69,7 +71,7 @@ public interface TLSServletInterface extends BaseServletInterface, HttpConnector @GET @Path("/clientcertificates") - @Produces({ APPLICATION_XML, APPLICATION_JSON }) + @Produces({APPLICATION_XML, APPLICATION_JSON}) @ApiResponse(responseCode = "200", description = "Found the information", content = { @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = Set.class)), @@ -84,7 +86,7 @@ public interface TLSServletInterface extends BaseServletInterface, HttpConnector @GET @Path("/keystore") - @Produces({ APPLICATION_OCTET_STREAM }) + @Produces({APPLICATION_OCTET_STREAM}) @ApiResponse( responseCode = "200", description = "Retrieve current additional keystore as byte array", @@ -123,4 +125,78 @@ String setTruststore( @FormDataParam("password") String password ) throws ClientException; + + @GET + @Path("/localCertificates") + @Produces({APPLICATION_XML, APPLICATION_JSON}) + @ApiResponse( + responseCode = "200", + description = "Retrieve certificate/key pairs from current additional keystore", + content = { + @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = List.class)), + @Content(mediaType = APPLICATION_XML, schema = @Schema(implementation = List.class)) + }) + @MirthOperation( + name = "getLocalCertificates", + display = "Get the certificate/key pairs from the keystore", + type = Operation.ExecuteType.ASYNC + ) + List> getLocalCertificates(); + + @PUT + @Path("/localCertificates") + @Consumes({APPLICATION_XML, APPLICATION_JSON}) + @io.swagger.v3.oas.annotations.Operation( + summary = "Overwrite the local certificates within the in use keystore" + ) + @MirthOperation( + name = "setLocalCertificates", + display = "Write the keystore from the given certificate/key pair list", + type = Operation.ExecuteType.ASYNC + ) + void setLocalCertificates( + @Param("localCertificates") + @RequestBody(description = "The list of certificate/key pairs to write to the keystore.", required = true, content = { + @Content(mediaType = MediaType.APPLICATION_XML), + @Content(mediaType = MediaType.APPLICATION_JSON) + }) + List> localCertificates + ); + + @GET + @Path("/trustedCertificates") + @Produces({APPLICATION_XML, APPLICATION_JSON}) + @ApiResponse( + responseCode = "200", + description = "Retrieve certificates from current additional truststore", + content = { + @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = List.class)), + @Content(mediaType = APPLICATION_XML, schema = @Schema(implementation = List.class)) + }) + @MirthOperation( + name = "getTrustedCertificates", + display = "Get the certificates from the truststore", + type = Operation.ExecuteType.ASYNC + ) + List> getTrustedCertificates(); + + @PUT + @Path("/trustedCertificates") + @Consumes({APPLICATION_XML, APPLICATION_JSON}) + @io.swagger.v3.oas.annotations.Operation( + summary = "Overwrite the trusted certificates within the in use truststore" + ) + @MirthOperation( + name = "setTrustedCertificates", + display = "Write the additional truststore from the given certificate list", + type = Operation.ExecuteType.ASYNC + ) + void setTrustedCertificates( + @Param("trustedCertificates") + @RequestBody(description = "The list of certificates to write to the truststore.", required = true, content = { + @Content(mediaType = MediaType.APPLICATION_XML), + @Content(mediaType = MediaType.APPLICATION_JSON) + }) + List> trustedCertificates + ); } From ffd57293c047f82a8133939860b3679c229251f3 Mon Sep 17 00:00:00 2001 From: Paul Hristea Date: Mon, 20 Oct 2025 13:25:35 +0300 Subject: [PATCH 118/360] Fix iteration --- .../tlsmanager/server/CertificateService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index f6790061ed..741a7c8cf1 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -276,12 +276,12 @@ public List> getEncodedLocalCertificates() { private List> getEncodedCertificates(KeyStore keyStore) { List> certificates = new ArrayList<>(); - Map certificateMap = new HashMap<>(); try { Enumeration aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { + Map certificateMap = new HashMap<>(); String alias = aliases.nextElement(); certificateMap.put("alias", alias); @@ -294,8 +294,8 @@ private List> getEncodedCertificates(KeyStore keyStore) { String certificate = encodeCertificates(keyStore.getCertificate(alias)); certificateMap.put("certificate", certificate); } + certificates.add(certificateMap); } - certificates.add(certificateMap); return certificates; } catch (KeyStoreException | CertificateEncodingException | NoSuchAlgorithmException | UnrecoverableKeyException e) { throw new RuntimeException(e); From d4a2a13cb6f03de24f1fbcf2d70f797a182c2d56 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 20 Oct 2025 14:41:10 +0300 Subject: [PATCH 119/360] Remove unnecessary authentication checks --- .../tlsmanager/server/servlets/TLSServlet.java | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index 4bff864dfe..5df1bd79e4 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -121,28 +121,16 @@ public List> getLocalCertificates() { @Override public void setLocalCertificates(List> localCertificates) { - if (!isUserAuthorized(false)) { - isUserAuthorized(true); - throw new WebApplicationException(Response.Status.FORBIDDEN); - } certificateService.setLocalCertificates(localCertificates); } @Override public List> getTrustedCertificates() { - if (!isUserAuthorized(false)) { - isUserAuthorized(true); - throw new WebApplicationException(Response.Status.FORBIDDEN); - } return certificateService.getEncodedTrustedCertificates(); } @Override public void setTrustedCertificates(List> trustedCertificates) { - if (!isUserAuthorized(false)) { - isUserAuthorized(true); - throw new WebApplicationException(Response.Status.FORBIDDEN); - } certificateService.setTrustedCertificates(trustedCertificates); } From 5135001c3f3f0d6bd0e0f9a23c30e8fd71f2a4d6 Mon Sep 17 00:00:00 2001 From: Paul Hristea Date: Mon, 20 Oct 2025 15:34:07 +0300 Subject: [PATCH 120/360] Use actual keystore backend password --- .../tlsmanager/server/CertificateService.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 741a7c8cf1..cdc4580b93 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -267,14 +267,14 @@ public Set getLocalCertificateAliases() { } public List> getEncodedTrustedCertificates() { - return getEncodedCertificates(externalTrustStore); + return getEncodedCertificates(externalTrustStore, extraTrustStoreBackend.loadPassword()); } public List> getEncodedLocalCertificates() { - return getEncodedCertificates(externalKeyStore); + return getEncodedCertificates(externalKeyStore, extraKeyStoreBackend.loadPassword()); } - private List> getEncodedCertificates(KeyStore keyStore) { + private List> getEncodedCertificates(KeyStore keyStore, char[] password) { List> certificates = new ArrayList<>(); try { @@ -288,7 +288,7 @@ private List> getEncodedCertificates(KeyStore keyStore) { if (keyStore.isKeyEntry(alias)) { String certificate = encodeCertificates(keyStore.getCertificateChain(alias)); certificateMap.put("certificate", certificate); - String key = encodeKey(keyStore.getKey(alias, "changeit".toCharArray())); + String key = encodeKey(keyStore.getKey(alias, password)); certificateMap.put("key", key); } else if (keyStore.isCertificateEntry(alias)) { String certificate = encodeCertificates(keyStore.getCertificate(alias)); @@ -331,7 +331,7 @@ private String encodeKey(Key key) throws CertificateEncodingException { public void setTrustedCertificates(List> trustedCertificates) { try { KeyStore ks = KeyStore.getInstance("PKCS12"); - char[] password = "changeit".toCharArray(); + char[] password = extraTrustStoreBackend.loadPassword(); ks.load(null, password); for (Map trustedCertificate : trustedCertificates) { @@ -399,7 +399,7 @@ private PrivateKey attemptPkcs8Conversion(String key) throws InvalidKeySpecExcep public void setLocalCertificates(List> localCertificates) { try { KeyStore ks = KeyStore.getInstance("PKCS12"); - char[] password = "changeit".toCharArray(); + char[] password = extraKeyStoreBackend.loadPassword(); ks.load(null, password); for (Map trustedCertificate : localCertificates) { From 4e8894b71aa7289ec62b92c1db96d5ba3d2acc1d Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 20 Oct 2025 17:15:15 +0300 Subject: [PATCH 121/360] Register TLSWebServiceConfiguration class --- .../tlsmanager/server/TLSServicePlugin.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java index fd4af7c779..5ac2576e60 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java @@ -20,6 +20,7 @@ import lombok.Getter; import org.openintegrationengine.tlsmanager.server.connectorconfig.TLSHttpConfiguration; import org.openintegrationengine.tlsmanager.server.connectorconfig.TLSTcpConfiguration; +import org.openintegrationengine.tlsmanager.server.connectorconfig.TLSWebServiceConfiguration; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import com.mirth.connect.model.ExtensionPermission; import com.mirth.connect.plugins.ServicePlugin; @@ -62,6 +63,12 @@ public void init(Properties properties) { TLSTcpConfiguration.class.getCanonicalName() ); + configurationController.saveProperty( + "WS", + "wsConfigurationClass", + TLSWebServiceConfiguration.class.getCanonicalName() + ); + SerializationController.registerSerializableClasses(); } From 02eb1ee0f1baa8480050bcee4fcbc5f1f8677463 Mon Sep 17 00:00:00 2001 From: Paul Hristea Date: Mon, 20 Oct 2025 17:44:31 +0300 Subject: [PATCH 122/360] Refactor using POJO serialization --- .../tlsmanager/server/CertificateService.java | 57 +++++++++---------- .../server/servlets/TLSServlet.java | 11 ++-- shared/pom.xml | 7 +++ .../shared/SerializationController.java | 15 ++++- .../shared/models/LocalCertificate.java | 19 +++++++ .../shared/models/TrustedCertificate.java | 20 +++++++ .../shared/servlet/TLSServletInterface.java | 11 ++-- 7 files changed, 97 insertions(+), 43 deletions(-) create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/LocalCertificate.java create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TrustedCertificate.java diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index cdc4580b93..543fc1146d 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -33,7 +33,9 @@ import org.openintegrationengine.tlsmanager.server.backend.TrustStoreBackend; import org.openintegrationengine.tlsmanager.server.util.ConnectionUtils; import org.openintegrationengine.tlsmanager.shared.PersistenceMode; +import org.openintegrationengine.tlsmanager.shared.models.LocalCertificate; import org.openintegrationengine.tlsmanager.shared.models.TLSPluginConfiguration; +import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; import java.io.ByteArrayInputStream; @@ -59,7 +61,6 @@ import java.util.Base64; import java.util.Collections; import java.util.Enumeration; -import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; @@ -266,35 +267,36 @@ public Set getLocalCertificateAliases() { } } - public List> getEncodedTrustedCertificates() { + public List getEncodedTrustedCertificates() { return getEncodedCertificates(externalTrustStore, extraTrustStoreBackend.loadPassword()); } - public List> getEncodedLocalCertificates() { + public List getEncodedLocalCertificates() { return getEncodedCertificates(externalKeyStore, extraKeyStoreBackend.loadPassword()); } - private List> getEncodedCertificates(KeyStore keyStore, char[] password) { - List> certificates = new ArrayList<>(); + private List getEncodedCertificates(KeyStore keyStore, char[] password) { + List certificates = new ArrayList<>(); try { Enumeration aliases = keyStore.aliases(); while (aliases.hasMoreElements()) { - Map certificateMap = new HashMap<>(); String alias = aliases.nextElement(); - certificateMap.put("alias", alias); if (keyStore.isKeyEntry(alias)) { - String certificate = encodeCertificates(keyStore.getCertificateChain(alias)); - certificateMap.put("certificate", certificate); - String key = encodeKey(keyStore.getKey(alias, password)); - certificateMap.put("key", key); + LocalCertificate certificate = new LocalCertificate(alias); + String encodedCertificate = encodeCertificateChain(keyStore.getCertificateChain(alias)); + String encodedKey = encodeKey(keyStore.getKey(alias, password)); + certificate.setCertificate(encodedCertificate); + certificate.setKey(encodedKey); + certificates.add(certificate); } else if (keyStore.isCertificateEntry(alias)) { - String certificate = encodeCertificates(keyStore.getCertificate(alias)); - certificateMap.put("certificate", certificate); + TrustedCertificate certificate = new TrustedCertificate(alias); + String encodedCertificate = encodeCertificateChain(keyStore.getCertificate(alias)); + certificate.setCertificate(encodedCertificate); + certificates.add(certificate); } - certificates.add(certificateMap); } return certificates; } catch (KeyStoreException | CertificateEncodingException | NoSuchAlgorithmException | UnrecoverableKeyException e) { @@ -302,7 +304,7 @@ private List> getEncodedCertificates(KeyStore keyStore, char } } - private String encodeCertificates(Certificate... chain) throws CertificateEncodingException { + private String encodeCertificateChain(Certificate... chain) throws CertificateEncodingException { StringBuilder pem = new StringBuilder(); for (Certificate cert : chain) { @@ -328,18 +330,15 @@ private String encodeKey(Key key) throws CertificateEncodingException { return pem.toString(); } - public void setTrustedCertificates(List> trustedCertificates) { + public void setTrustedCertificates(List trustedCertificates) { try { KeyStore ks = KeyStore.getInstance("PKCS12"); char[] password = extraTrustStoreBackend.loadPassword(); ks.load(null, password); - for (Map trustedCertificate : trustedCertificates) { - String alias = extractAlias(trustedCertificate); - String certificate = extractCertificate(trustedCertificate); - - X509Certificate cert = decodeCertificate(certificate); - ks.setCertificateEntry(alias, cert); + for (TrustedCertificate certificate : trustedCertificates) { + X509Certificate cert = decodeCertificate(certificate.getCertificate()); + ks.setCertificateEntry(certificate.getAlias(), cert); } ByteArrayOutputStream out = new ByteArrayOutputStream(); ks.store(out, password); @@ -396,20 +395,16 @@ private PrivateKey attemptPkcs8Conversion(String key) throws InvalidKeySpecExcep } } - public void setLocalCertificates(List> localCertificates) { + public void setLocalCertificates(List localCertificates) { try { KeyStore ks = KeyStore.getInstance("PKCS12"); char[] password = extraKeyStoreBackend.loadPassword(); ks.load(null, password); - for (Map trustedCertificate : localCertificates) { - String alias = extractAlias(trustedCertificate); - String certificate = extractCertificate(trustedCertificate); - String key = extractKey(trustedCertificate); - - X509Certificate cert = decodeCertificate(certificate); - PrivateKey privateKey = decodeKey(key); - ks.setKeyEntry(alias, privateKey, password, new Certificate[]{cert}); + for (LocalCertificate certificate : localCertificates) { + X509Certificate cert = decodeCertificate(certificate.getCertificate()); + PrivateKey privateKey = decodeKey(certificate.getKey()); + ks.setKeyEntry(certificate.getAlias(), privateKey, password, new Certificate[]{cert}); } ByteArrayOutputStream out = new ByteArrayOutputStream(); ks.store(out, password); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index 5df1bd79e4..31f1193957 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -27,6 +27,8 @@ import org.openintegrationengine.tlsmanager.server.CertificateService; import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; +import org.openintegrationengine.tlsmanager.shared.models.LocalCertificate; +import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; import org.openintegrationengine.tlsmanager.shared.servlet.TLSServletInterface; import javax.servlet.http.HttpServletRequest; @@ -41,7 +43,6 @@ import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.util.List; -import java.util.Map; import java.util.Set; @Slf4j @@ -111,7 +112,7 @@ public String setTruststore(InputStream inputStream, String password) { } @Override - public List> getLocalCertificates() { + public List getLocalCertificates() { if (!isUserAuthorized(false)) { isUserAuthorized(true); throw new WebApplicationException(Response.Status.FORBIDDEN); @@ -120,17 +121,17 @@ public List> getLocalCertificates() { } @Override - public void setLocalCertificates(List> localCertificates) { + public void setLocalCertificates(List localCertificates) { certificateService.setLocalCertificates(localCertificates); } @Override - public List> getTrustedCertificates() { + public List getTrustedCertificates() { return certificateService.getEncodedTrustedCertificates(); } @Override - public void setTrustedCertificates(List> trustedCertificates) { + public void setTrustedCertificates(List trustedCertificates) { certificateService.setTrustedCertificates(trustedCertificates); } diff --git a/shared/pom.xml b/shared/pom.xml index 1a926ae258..464a0ce825 100644 --- a/shared/pom.xml +++ b/shared/pom.xml @@ -75,6 +75,13 @@ 2.22.1 provided + + + com.thoughtworks.xstream + xstream + 1.4.20 + provided + shared diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java index d9ed8b4b5e..991b8e8010 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java @@ -17,6 +17,8 @@ package org.openintegrationengine.tlsmanager.shared; import com.mirth.connect.model.converters.ObjectXMLSerializer; +import org.openintegrationengine.tlsmanager.shared.models.LocalCertificate; +import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; import java.util.List; @@ -24,16 +26,25 @@ public class SerializationController { private static final List types = List.of( - TLSConnectorProperties.class.getCanonicalName() + TLSConnectorProperties.class.getCanonicalName(), + TrustedCertificate.class.getCanonicalName(), + LocalCertificate.class.getCanonicalName() ); + private static final Class[] classes = new Class[]{ + TrustedCertificate.class, + LocalCertificate.class + }; + private static final List wildcardTypes = List.of(); private static final List typeHierarchies = List.of(); // Register our property classes with XStream to prevent ForbiddenClassException public static void registerSerializableClasses() { ObjectXMLSerializer.getInstance().allowTypes(types, wildcardTypes, typeHierarchies); + ObjectXMLSerializer.getInstance().processAnnotations(classes); } - private SerializationController() {} + private SerializationController() { + } } diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/LocalCertificate.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/LocalCertificate.java new file mode 100644 index 0000000000..d54103dcba --- /dev/null +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/LocalCertificate.java @@ -0,0 +1,19 @@ +package org.openintegrationengine.tlsmanager.shared.models; + +import com.thoughtworks.xstream.annotations.XStreamAlias; +import lombok.Getter; +import lombok.Setter; + +import java.io.Serializable; + +@Getter +@Setter +@XStreamAlias("localCertificate") +public class LocalCertificate extends TrustedCertificate implements Serializable { + + public LocalCertificate(String alias) { + super(alias); + } + + private String key; +} diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TrustedCertificate.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TrustedCertificate.java new file mode 100644 index 0000000000..c0787d233d --- /dev/null +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TrustedCertificate.java @@ -0,0 +1,20 @@ +package org.openintegrationengine.tlsmanager.shared.models; + +import com.thoughtworks.xstream.annotations.XStreamAlias; +import lombok.Getter; +import lombok.Setter; + +import java.io.Serializable; + +@Getter +@Setter +@XStreamAlias("trustedCertificate") +public class TrustedCertificate implements Serializable { + + public TrustedCertificate(String alias) { + this.alias = alias; + } + + private String alias; + private String certificate; +} diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java index 2b4719e132..1adb3e9e4c 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java @@ -32,6 +32,8 @@ import io.swagger.v3.oas.annotations.tags.Tag; import org.glassfish.jersey.media.multipart.FormDataParam; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; +import org.openintegrationengine.tlsmanager.shared.models.LocalCertificate; +import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; import javax.ws.rs.Consumes; import javax.ws.rs.GET; @@ -42,7 +44,6 @@ import javax.ws.rs.core.MediaType; import java.io.InputStream; import java.util.List; -import java.util.Map; import java.util.Set; import static javax.ws.rs.core.MediaType.*; @@ -141,7 +142,7 @@ String setTruststore( display = "Get the certificate/key pairs from the keystore", type = Operation.ExecuteType.ASYNC ) - List> getLocalCertificates(); + List getLocalCertificates(); @PUT @Path("/localCertificates") @@ -160,7 +161,7 @@ void setLocalCertificates( @Content(mediaType = MediaType.APPLICATION_XML), @Content(mediaType = MediaType.APPLICATION_JSON) }) - List> localCertificates + List localCertificates ); @GET @@ -178,7 +179,7 @@ void setLocalCertificates( display = "Get the certificates from the truststore", type = Operation.ExecuteType.ASYNC ) - List> getTrustedCertificates(); + List getTrustedCertificates(); @PUT @Path("/trustedCertificates") @@ -197,6 +198,6 @@ void setTrustedCertificates( @Content(mediaType = MediaType.APPLICATION_XML), @Content(mediaType = MediaType.APPLICATION_JSON) }) - List> trustedCertificates + List trustedCertificates ); } From 8263a413a59262f116994c1d365a0aa96b4aee6f Mon Sep 17 00:00:00 2001 From: Paul Hristea Date: Tue, 21 Oct 2025 10:31:43 +0300 Subject: [PATCH 123/360] Add Get System Certificates endpoint --- .../tlsmanager/server/CertificateService.java | 8 ++++++-- .../tlsmanager/server/servlets/TLSServlet.java | 9 +++++---- .../shared/servlet/TLSServletInterface.java | 17 +++++++++++++++++ 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 543fc1146d..1eded178ba 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -267,14 +267,18 @@ public Set getLocalCertificateAliases() { } } - public List getEncodedTrustedCertificates() { - return getEncodedCertificates(externalTrustStore, extraTrustStoreBackend.loadPassword()); + public List getEncodedSystemCertificates() { + return getEncodedCertificates(systemTrustStore, systemTrustStoreBackend.loadPassword()); } public List getEncodedLocalCertificates() { return getEncodedCertificates(externalKeyStore, extraKeyStoreBackend.loadPassword()); } + public List getEncodedTrustedCertificates() { + return getEncodedCertificates(externalTrustStore, extraTrustStoreBackend.loadPassword()); + } + private List getEncodedCertificates(KeyStore keyStore, char[] password) { List certificates = new ArrayList<>(); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index 31f1193957..054ce2b30f 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -111,12 +111,13 @@ public String setTruststore(InputStream inputStream, String password) { return "timmis"; } + @Override + public List getSystemCertificates() { + return certificateService.getEncodedSystemCertificates(); + } + @Override public List getLocalCertificates() { - if (!isUserAuthorized(false)) { - isUserAuthorized(true); - throw new WebApplicationException(Response.Status.FORBIDDEN); - } return certificateService.getEncodedLocalCertificates(); } diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java index 1adb3e9e4c..d93ff21042 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java @@ -127,6 +127,23 @@ String setTruststore( String password ) throws ClientException; + @GET + @Path("/systemCertificates") + @Produces({APPLICATION_XML, APPLICATION_JSON}) + @ApiResponse( + responseCode = "200", + description = "Retrieve certificates from system truststore", + content = { + @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = List.class)), + @Content(mediaType = APPLICATION_XML, schema = @Schema(implementation = List.class)) + }) + @MirthOperation( + name = "getSystemCertificates", + display = "Get the certificates from the system truststore", + type = Operation.ExecuteType.ASYNC + ) + List getSystemCertificates(); + @GET @Path("/localCertificates") @Produces({APPLICATION_XML, APPLICATION_JSON}) From d50e68965d3f81d6e829a7d90ba9c31250c3aa2b Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 21 Oct 2025 14:14:45 +0300 Subject: [PATCH 124/360] Make the plugin serve its Web UI over WAR --- build.sh | 1 + pom.xml | 1 + .../tlsmanager/server/TLSServicePlugin.java | 36 +++++++++++++++++++ web-ui/pom.xml | 18 ++++++++++ web-ui/src/main/webapp/WEB-INF/web.xml | 23 ++++++++++++ 5 files changed, 79 insertions(+) create mode 100644 web-ui/pom.xml create mode 100644 web-ui/src/main/webapp/WEB-INF/web.xml diff --git a/build.sh b/build.sh index 7fcea422f2..9362bc2d48 100755 --- a/build.sh +++ b/build.sh @@ -50,6 +50,7 @@ function main() { echo echo "########################################" cp {client,server,shared}/target/*.jar "$STAGING_DIR/" + cp web-ui/target/tls-manager.war "$STAGING_DIR/" pushd target mv staging "$PLUGIN_PATH" diff --git a/pom.xml b/pom.xml index 24476486d3..eec5cfd1df 100644 --- a/pom.xml +++ b/pom.xml @@ -37,6 +37,7 @@ server shared client + web-ui diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java index 5ac2576e60..f545f1ff5d 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java @@ -17,7 +17,10 @@ package org.openintegrationengine.tlsmanager.server; import com.kaurpalang.mirth.annotationsplugin.annotation.MirthServerClass; +import com.mirth.connect.server.controllers.ConfigurationController; +import com.mirth.connect.server.controllers.ExtensionController; import lombok.Getter; +import lombok.extern.slf4j.Slf4j; import org.openintegrationengine.tlsmanager.server.connectorconfig.TLSHttpConfiguration; import org.openintegrationengine.tlsmanager.server.connectorconfig.TLSTcpConfiguration; import org.openintegrationengine.tlsmanager.server.connectorconfig.TLSWebServiceConfiguration; @@ -28,11 +31,15 @@ import org.openintegrationengine.tlsmanager.shared.SerializationController; import org.openintegrationengine.tlsmanager.shared.models.TLSPluginConfiguration; +import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Path; import java.util.HashMap; import java.util.Map; import java.util.Properties; @MirthServerClass +@Slf4j public class TLSServicePlugin implements ServicePlugin { @Getter @@ -70,6 +77,8 @@ public void init(Properties properties) { ); SerializationController.registerSerializableClasses(); + + installWar(configurationController); } @Override @@ -127,4 +136,31 @@ public static TLSServicePlugin getPluginInstance() { ); } } + + private void installWar(ConfigurationController configurationController) { + var webappsPath = Path.of(configurationController.getBaseDir(), "webapps"); + var warPath = Path.of(webappsPath.toString(), "tls-manager.war"); + + var warFile = warPath.toFile(); + + if (warFile.exists()) { + log.debug("TLS Manager WAR already exists at {}. Deleting...", warPath); + if (!warFile.delete()) { + throw new IllegalStateException("Failed to delete TLS Manager WAR at " + warPath); + } + } + + var pluginDirectoryPath = Path.of(ExtensionController.getExtensionsPath(), "tls-manager", "tls-manager.war"); + + log.debug("Copying TLS Manager WAR from {} to {}", pluginDirectoryPath, warPath); + try { + Files.copy(pluginDirectoryPath, warPath); + log.debug("TLS Manager WAR copied successfully"); + } catch (IOException e) { + throw new RuntimeException( + "Failed to copy TLS Manager WAR from %s to %s".formatted(pluginDirectoryPath, warPath), + e + ); + } + } } diff --git a/web-ui/pom.xml b/web-ui/pom.xml new file mode 100644 index 0000000000..04734e82e9 --- /dev/null +++ b/web-ui/pom.xml @@ -0,0 +1,18 @@ + + 4.0.0 + + + org.openintegrationengine + tlsmanager + 1.0-SNAPSHOT + + + web-ui + war + + tls-manager + + diff --git a/web-ui/src/main/webapp/WEB-INF/web.xml b/web-ui/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 0000000000..55dc9042d3 --- /dev/null +++ b/web-ui/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,23 @@ + + + + + index.html + + + + default + / + + + + + 404 + /index.html + + + From 036dd9d1b0cf94298805ab48c88905dfed8305da Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 21 Oct 2025 14:57:21 +0300 Subject: [PATCH 125/360] Ensure webapps directory exists --- .../tlsmanager/server/TLSServicePlugin.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java index f545f1ff5d..a512ca2b43 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java @@ -141,6 +141,13 @@ private void installWar(ConfigurationController configurationController) { var webappsPath = Path.of(configurationController.getBaseDir(), "webapps"); var warPath = Path.of(webappsPath.toString(), "tls-manager.war"); + if (!webappsPath.toFile().exists()) { + log.debug("Webapps directory does not exist. Creating..."); + if (!webappsPath.toFile().mkdirs()) { + throw new IllegalStateException("Failed to create webapps directory at " + webappsPath); + } + } + var warFile = warPath.toFile(); if (warFile.exists()) { From f83c200423dee3fdcd527455e54c55325372f7ee Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 21 Oct 2025 15:48:28 +0300 Subject: [PATCH 126/360] Add Subject DN validation UI --- ... DisplayTextEnumModeComboBoxRenderer.java} | 6 +- .../HTTPSenderConnectorPropertiesPanel.java | 58 ++++++++++++++++++- .../shared/models/DisplayTextEnum.java | 5 ++ .../shared/models/RevocationMode.java | 2 +- .../models/SubjectDnValidationMode.java | 16 +++++ .../properties/TLSConnectorProperties.java | 10 ++++ 6 files changed, 91 insertions(+), 6 deletions(-) rename client/src/main/java/org/openintegrationengine/tlsmanager/client/misc/{RevocationModeComboBoxRenderer.java => DisplayTextEnumModeComboBoxRenderer.java} (69%) create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/DisplayTextEnum.java create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/SubjectDnValidationMode.java diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/misc/RevocationModeComboBoxRenderer.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/misc/DisplayTextEnumModeComboBoxRenderer.java similarity index 69% rename from client/src/main/java/org/openintegrationengine/tlsmanager/client/misc/RevocationModeComboBoxRenderer.java rename to client/src/main/java/org/openintegrationengine/tlsmanager/client/misc/DisplayTextEnumModeComboBoxRenderer.java index 6ad0b52cf0..e523e861b8 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/misc/RevocationModeComboBoxRenderer.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/misc/DisplayTextEnumModeComboBoxRenderer.java @@ -1,16 +1,16 @@ package org.openintegrationengine.tlsmanager.client.misc; -import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; +import org.openintegrationengine.tlsmanager.shared.models.DisplayTextEnum; import javax.swing.JList; import javax.swing.plaf.basic.BasicComboBoxRenderer; import java.awt.Component; -public class RevocationModeComboBoxRenderer extends BasicComboBoxRenderer { +public class DisplayTextEnumModeComboBoxRenderer extends BasicComboBoxRenderer { @Override public Component getListCellRendererComponent(JList list, Object value, int index, boolean isSelected, boolean cellHasFocus) { super.getListCellRendererComponent(list, value, index, isSelected, cellHasFocus); - if (value instanceof RevocationMode action) { + if (value instanceof DisplayTextEnum action) { setText(action.getDisplayText()); } return this; diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index 7158cb05bd..f3b50668b1 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -23,13 +23,15 @@ import com.mirth.connect.client.ui.UIConstants; import com.mirth.connect.client.ui.components.MirthComboBox; import com.mirth.connect.client.ui.components.MirthRadioButton; +import com.mirth.connect.client.ui.components.MirthTextField; import com.mirth.connect.donkey.model.channel.ConnectorPluginProperties; import com.mirth.connect.donkey.model.channel.ConnectorProperties; import com.mirth.connect.model.Connector; import net.miginfocom.swing.MigLayout; import org.openintegrationengine.tlsmanager.client.dialog.ItemPickerDialog; -import org.openintegrationengine.tlsmanager.client.misc.RevocationModeComboBoxRenderer; +import org.openintegrationengine.tlsmanager.client.misc.DisplayTextEnumModeComboBoxRenderer; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; +import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; import org.openintegrationengine.tlsmanager.shared.servlet.TLSServletInterface; @@ -41,6 +43,8 @@ import javax.swing.SwingWorker; import java.awt.Color; import java.awt.Component; +import java.awt.event.KeyAdapter; +import java.awt.event.KeyEvent; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -66,6 +70,10 @@ public class HTTPSenderConnectorPropertiesPanel extends AbstractConnectorPropert private MirthRadioButton hostnameValidationRadioYes; private MirthRadioButton hostnameValidationRadioNo; + private JLabel subjectDnValidationLabel; + private MirthComboBox subjectDnValidationModeComboBox; + private MirthTextField subjectDnValidationFilterTextField; + private JLabel crlModeLabel; private MirthComboBox crlModeComboBox; @@ -211,7 +219,29 @@ private void initComponents() { hostnameValidationRadioNo.addActionListener(e -> properties.setHostnameVerificationEnabled(false)); hostnameValidationButtonGroup.add(hostnameValidationRadioNo); - var comboBoxRenderer = new RevocationModeComboBoxRenderer(); + + var comboBoxRenderer = new DisplayTextEnumModeComboBoxRenderer(); + + var subjectDnValidationModeModel = new SubjectDnValidationMode[]{ + SubjectDnValidationMode.NONE, + SubjectDnValidationMode.PARTIAL, + SubjectDnValidationMode.EXACT, + }; + + subjectDnValidationLabel = new JLabel("Subject DN Validation Mode:"); + subjectDnValidationModeComboBox = new MirthComboBox<>(); + subjectDnValidationModeComboBox.setRenderer(comboBoxRenderer); + subjectDnValidationModeComboBox.setModel(new DefaultComboBoxModel<>(subjectDnValidationModeModel)); + subjectDnValidationModeComboBox.addActionListener(evt -> handleSubjectDnValidationModeChange()); + + subjectDnValidationFilterTextField = new MirthTextField(); + subjectDnValidationFilterTextField.addKeyListener(new KeyAdapter() { + @Override + public void keyTyped(KeyEvent e) { + properties.setSubjectDnValidationFilter(subjectDnValidationFilterTextField.getText()); + } + }); + var revocationModeModel = new RevocationMode[]{ RevocationMode.DISABLED, RevocationMode.SOFT_FAIL, @@ -321,6 +351,10 @@ private void initLayout() { add(serverCertificateValidationRadioYes, "split"); add(serverCertificateValidationRadioNo); + add(subjectDnValidationLabel, "newline, right"); + add(subjectDnValidationModeComboBox, "split"); + add(subjectDnValidationFilterTextField, "w 168!"); + add(crlModeLabel, "newline, right"); add(crlModeComboBox); @@ -348,6 +382,13 @@ private void initLayout() { add(ciphersText); } + private void handleSubjectDnValidationModeChange() { + if (subjectDnValidationModeComboBox.getSelectedItem() instanceof SubjectDnValidationMode validationMode) { + properties.setSubjectDnValidationMode(validationMode); + redrawState(); + } + } + private void handleCrlModeChange() { if (crlModeComboBox.getSelectedItem() instanceof RevocationMode revocationMode) { properties.setCrlMode(revocationMode); @@ -375,6 +416,16 @@ private void handleManagerEnabledButton(boolean managerEnabled) { hostnameValidationRadioYes.setEnabled(managerEnabled); hostnameValidationRadioNo.setEnabled(managerEnabled); + subjectDnValidationLabel.setEnabled(managerEnabled); + subjectDnValidationModeComboBox.setEnabled(managerEnabled); + subjectDnValidationFilterTextField.setEnabled(managerEnabled); + + crlModeLabel.setEnabled(managerEnabled); + crlModeComboBox.setEnabled(managerEnabled); + + ocspModeLabel.setEnabled(managerEnabled); + ocspModeComboBox.setEnabled(managerEnabled); + clientCertLabel.setEnabled(managerEnabled); clientCertButton.setEnabled(managerEnabled); clientCertText.setEnabled(managerEnabled); @@ -401,6 +452,9 @@ private void redrawState() { serverCertificateValidationRadioNo.setSelected(true); } + subjectDnValidationModeComboBox.setSelectedItem(properties.getSubjectDnValidationMode()); + subjectDnValidationFilterTextField.setEnabled(properties.getSubjectDnValidationMode() != SubjectDnValidationMode.NONE); + crlModeComboBox.setSelectedItem(properties.getCrlMode()); ocspModeComboBox.setSelectedItem(properties.getOcspMode()); diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/DisplayTextEnum.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/DisplayTextEnum.java new file mode 100644 index 0000000000..49087c66c8 --- /dev/null +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/DisplayTextEnum.java @@ -0,0 +1,5 @@ +package org.openintegrationengine.tlsmanager.shared.models; + +public interface DisplayTextEnum { + String getDisplayText(); +} diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/RevocationMode.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/RevocationMode.java index 27419e9999..7dac7dcb03 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/RevocationMode.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/RevocationMode.java @@ -2,7 +2,7 @@ import lombok.Getter; -public enum RevocationMode { +public enum RevocationMode implements DisplayTextEnum { DISABLED("Disabled"), SOFT_FAIL("Soft Fail"), HARD_FAIL("Hard Fail"); diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/SubjectDnValidationMode.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/SubjectDnValidationMode.java new file mode 100644 index 0000000000..2f2a191ba9 --- /dev/null +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/SubjectDnValidationMode.java @@ -0,0 +1,16 @@ +package org.openintegrationengine.tlsmanager.shared.models; + +import lombok.Getter; + +public enum SubjectDnValidationMode implements DisplayTextEnum { + NONE("None"), + PARTIAL("Partial"), + EXACT("Exact"); + + @Getter + private final String displayText; + + SubjectDnValidationMode(String displayText) { + this.displayText = displayText; + } +} diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java index eaddb60dbf..2b9f202175 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java @@ -23,6 +23,7 @@ import lombok.Setter; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; +import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; import java.util.Collections; import java.util.Map; @@ -37,6 +38,9 @@ public class TLSConnectorProperties extends ConnectorPluginProperties { private boolean isTlsManagerEnabled; private boolean isServerCertificateValidationEnabled; + private SubjectDnValidationMode subjectDnValidationMode; + private String subjectDnValidationFilter; + // Certificate revocation modes private RevocationMode crlMode; private RevocationMode ocspMode; @@ -60,6 +64,9 @@ public TLSConnectorProperties() { isTlsManagerEnabled = false; isServerCertificateValidationEnabled = false; + subjectDnValidationMode = SubjectDnValidationMode.NONE; + subjectDnValidationFilter = null; + crlMode = RevocationMode.HARD_FAIL; ocspMode = RevocationMode.HARD_FAIL; @@ -80,6 +87,9 @@ public TLSConnectorProperties(TLSConnectorProperties props) { isTlsManagerEnabled = props.isTlsManagerEnabled(); isServerCertificateValidationEnabled = props.isServerCertificateValidationEnabled(); + subjectDnValidationMode = props.getSubjectDnValidationMode(); + subjectDnValidationFilter = props.getSubjectDnValidationFilter(); + crlMode = props.getCrlMode(); ocspMode = props.getOcspMode(); From 5946b43d7246c774ac00e7799776d16b05f6f15b Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 21 Oct 2025 17:07:33 +0300 Subject: [PATCH 127/360] Prevent re-entry when closing SSLSocket for TCP connectors --- .../server/io/StateAwareTLSSocket.java | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java index 929f7ac9ff..e241ad522e 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java @@ -16,8 +16,11 @@ public class StateAwareTLSSocket extends StateAwareSocket { private Socket sslSocket; + private boolean isClosing; + public StateAwareTLSSocket(SSLConnectionSocketFactory socketFactory) { this.socketFactory = socketFactory; + this.isClosing = false; } @Override @@ -60,10 +63,21 @@ public OutputStream getOutputStream() throws IOException { @Override public void close() throws IOException { - if (sslSocket != null) { - sslSocket.close(); - } else { + if (isClosing) { + // Prevent re-entry when sslSocket tries to close the underlying socket super.close(); + return; + } + + isClosing = true; + try { + if (sslSocket != null) { + sslSocket.close(); + } else { + super.close(); + } + } finally { + isClosing = false; } } From 54981a6a38d82acafbc8c85f621a3fea52735dd0 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 21 Oct 2025 17:46:55 +0300 Subject: [PATCH 128/360] Fix UI missing the last character of a Subject DN filter --- .../client/panel/HTTPSenderConnectorPropertiesPanel.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index f3b50668b1..006f5004e5 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -237,7 +237,7 @@ private void initComponents() { subjectDnValidationFilterTextField = new MirthTextField(); subjectDnValidationFilterTextField.addKeyListener(new KeyAdapter() { @Override - public void keyTyped(KeyEvent e) { + public void keyReleased(KeyEvent e) { properties.setSubjectDnValidationFilter(subjectDnValidationFilterTextField.getText()); } }); @@ -454,6 +454,7 @@ private void redrawState() { subjectDnValidationModeComboBox.setSelectedItem(properties.getSubjectDnValidationMode()); subjectDnValidationFilterTextField.setEnabled(properties.getSubjectDnValidationMode() != SubjectDnValidationMode.NONE); + subjectDnValidationFilterTextField.setText(properties.getSubjectDnValidationFilter()); crlModeComboBox.setSelectedItem(properties.getCrlMode()); ocspModeComboBox.setSelectedItem(properties.getOcspMode()); From e79c2af4780715c2dd312bf151c9d5f7fab80ef8 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 21 Oct 2025 17:47:32 +0300 Subject: [PATCH 129/360] Add Subject DN matching --- .../server/SocketFactoryService.java | 2 + .../revocation/DualCheckerTrustManager.java | 87 +++++++++++++++---- 2 files changed, 70 insertions(+), 19 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index c0843f83c1..b50d315eb3 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -68,6 +68,8 @@ public WeirdIntermediaryContextContainer generateSSLContext(DestinationConnector var dualcheckerTrustManager = new DualCheckerTrustManager( truststore, + properties.getSubjectDnValidationMode(), + properties.getSubjectDnValidationFilter(), properties.getOcspMode(), properties.getCrlMode(), null diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java index db55c0a9d3..d22ded68aa 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -14,12 +14,17 @@ import org.bouncycastle.cert.ocsp.OCSPResp; import org.bouncycastle.cert.ocsp.RevokedStatus; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; +import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; +import javax.naming.InvalidNameException; +import javax.naming.ldap.LdapName; import javax.net.ssl.ExtendedSSLSession; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; +import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509ExtendedTrustManager; +import javax.security.auth.x500.X500Principal; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.net.Socket; @@ -39,6 +44,7 @@ import java.security.cert.TrustAnchor; import java.security.cert.X509Certificate; import java.util.ArrayList; +import java.util.Arrays; import java.util.Base64; import java.util.Collection; import java.util.EnumSet; @@ -51,19 +57,40 @@ public final class DualCheckerTrustManager extends X509ExtendedTrustManager { private final KeyStore trustStore; + private final SubjectDnValidationMode subjectDnValidationMode; + private final String subjectDnValidationFilter; private final RevocationMode ocspMode, crlMode; private final Collection preloadedCrls; // optional (in addition to CRLDP) + private final X509ExtendedTrustManager delegate; + public DualCheckerTrustManager( KeyStore trustStore, + SubjectDnValidationMode subjectDnValidationMode, + String getSubjectDnValidationFilter, RevocationMode ocspMode, RevocationMode crlMode, Collection preloadedCrls ) { this.trustStore = trustStore; + this.subjectDnValidationMode = subjectDnValidationMode; + this.subjectDnValidationFilter = getSubjectDnValidationFilter; this.ocspMode = ocspMode; this.crlMode = crlMode; this.preloadedCrls = preloadedCrls == null ? List.of() : preloadedCrls; + + try { + var tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(trustStore); + + delegate = Arrays.stream(tmf.getTrustManagers()) + .filter(X509ExtendedTrustManager.class::isInstance) + .map(X509ExtendedTrustManager.class::cast) + .findFirst() + .orElseThrow(() -> new IllegalStateException("No default X509ExtendedTrustManager found")); + } catch (Exception e) { + throw new RuntimeException("Failed to initialize TrustManager", e); + } } // --- JSSE delegation --- @@ -73,11 +100,13 @@ public DualCheckerTrustManager( @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { + delegate.checkServerTrusted(chain, authType); validate(chain, null); } @Override public void checkServerTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { + delegate.checkServerTrusted(chain, authType, s); validate(chain, s); } @@ -87,25 +116,46 @@ public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngi } @Override - public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } + public X509Certificate[] getAcceptedIssuers() { return delegate.getAcceptedIssuers(); } - - // --- Core: run two separate PKIX passes, each with its own PKIXRevocationChecker --- private void validate(X509Certificate[] chain, Socket socket) throws CertificateException { try { - Set anchors = anchorsFrom(trustStore); - if (anchors.isEmpty()) { - throw new CertificateException("No trust anchors found in truststore"); - } - var certificateFactory = CertificateFactory.getInstance("X.509"); var certPath = certificateFactory.generateCertPath(List.of(chain)); - // Baseline chain sanity (revocation OFF) to get clean path errors early. - var base = new PKIXParameters(anchors); - base.setRevocationEnabled(false); + if (subjectDnValidationMode != null && subjectDnValidationMode != SubjectDnValidationMode.NONE) { + if (subjectDnValidationFilter == null || subjectDnValidationFilter.isEmpty()) { + throw new IllegalStateException("Expected Subject DN cannot be empty"); + } + + var subject = chain[0].getSubjectX500Principal(); - CertPathValidator.getInstance("PKIX").validate(certPath, base); + var subjectDn = subject.getName(X500Principal.RFC2253); + var expectedDn = new X500Principal(subjectDnValidationFilter).getName(X500Principal.RFC2253); + if (subjectDnValidationMode == SubjectDnValidationMode.EXACT) { + if (!subjectDn.equals(expectedDn)) { + throw new CertificateException("Subject DN does not match filter"); + } + } else if (subjectDnValidationMode == SubjectDnValidationMode.PARTIAL) { + + LdapName subjectLdapName, expectedLdapName; + try { + subjectLdapName = new LdapName(subjectDn); + expectedLdapName = new LdapName(expectedDn); + } catch (InvalidNameException e) { + throw new IllegalArgumentException("Error converting DN to LdapName", e); + } + + var subjectRdns = subjectLdapName.getRdns(); + for (var expectedRdn : expectedLdapName.getRdns()) { + if (!subjectRdns.contains(expectedRdn)) { + throw new RuntimeException("Subject DN does not contain expected RDN"); + } + } + } else { + throw new UnsupportedOperationException("Unsupported SubjectDnValidationMode: " + subjectDnValidationMode); + } + } // OCSP-only pass (if requested) if (ocspMode != RevocationMode.DISABLED) { @@ -132,9 +182,8 @@ private void validate(X509Certificate[] chain, Socket socket) throws Certificate } } - if (!hasStapledOcsp) { - pkixOcspOnly(certPath, anchors, ocspMode == RevocationMode.SOFT_FAIL); + pkixOcspOnly(certPath, ocspMode == RevocationMode.SOFT_FAIL); } } @@ -143,7 +192,7 @@ private void validate(X509Certificate[] chain, Socket socket) throws Certificate // Preloaded CRLs + CRLDP-fetched CRLs (HTTP) List crls = new ArrayList<>(preloadedCrls); crls.addAll(fetchCrlsFromCrlDP(chain)); - pkixCrlOnly(certPath, anchors, crls, crlMode == RevocationMode.SOFT_FAIL); + pkixCrlOnly(certPath, crls, crlMode == RevocationMode.SOFT_FAIL); } // If both are HARD_FAIL, reaching here means both passes succeeded. @@ -157,8 +206,8 @@ private void validate(X509Certificate[] chain, Socket socket) throws Certificate } // ---- Pass A: OCSP-only ---- - private void pkixOcspOnly(CertPath path, Set anchors, boolean softFail) throws GeneralSecurityException { - var params = new PKIXParameters(anchors); + private void pkixOcspOnly(CertPath path, boolean softFail) throws GeneralSecurityException { + var params = new PKIXParameters(trustStore); params.setRevocationEnabled(true); var certPathValidator = CertPathValidator.getInstance("PKIX"); @@ -177,8 +226,8 @@ private void pkixOcspOnly(CertPath path, Set anchors, boolean softF } // ---- Pass B: CRL-only ---- - private void pkixCrlOnly(CertPath path, Set anchors, Collection crls, boolean softFail) throws GeneralSecurityException { - var params = new PKIXParameters(anchors); + private void pkixCrlOnly(CertPath path, Collection crls, boolean softFail) throws GeneralSecurityException { + var params = new PKIXParameters(trustStore); params.setRevocationEnabled(true); if (crls != null && !crls.isEmpty()) { From 8749607f2d6dba279672da00bc48f2cb20316fde Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 21 Oct 2025 18:48:20 +0300 Subject: [PATCH 130/360] Fix some tests --- .../tlsmanager/server/HttpSenderTest.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java index 12cb37a840..67e8cd770f 100644 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java +++ b/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java @@ -17,6 +17,7 @@ import org.openintegrationengine.tlsmanager.server.util.MockDestinationConnector; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; +import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; import javax.net.ssl.SSLHandshakeException; @@ -96,6 +97,8 @@ void test_OSP_T13_untrustedConfiguredCertificate() { var tlsProperties = new TLSConnectorProperties( true, false, + SubjectDnValidationMode.NONE, + null, RevocationMode.HARD_FAIL, RevocationMode.HARD_FAIL, false, @@ -136,6 +139,8 @@ void test_OSP_T14_systemTruststore() throws Exception { var tlsProperties = new TLSConnectorProperties( true, false, + SubjectDnValidationMode.NONE, + null, RevocationMode.HARD_FAIL, RevocationMode.HARD_FAIL, true, From 3f237034a17f0d2646391721c55ea348e017f7ad Mon Sep 17 00:00:00 2001 From: Paul Hristea Date: Fri, 24 Oct 2025 12:49:39 +0300 Subject: [PATCH 131/360] Implement Get Remote Certificates endpoint --- .../tlsmanager/server/CertificateService.java | 44 +++++++++++-------- .../server/servlets/TLSServlet.java | 6 +++ .../shared/servlet/TLSServletInterface.java | 24 ++++++++++ 3 files changed, 56 insertions(+), 18 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 1eded178ba..99a445cc78 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -38,6 +38,7 @@ import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; +import javax.net.ssl.HttpsURLConnection; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -63,7 +64,6 @@ import java.util.Enumeration; import java.util.HashSet; import java.util.List; -import java.util.Map; import java.util.Set; import static org.openintegrationengine.tlsmanager.shared.TLSPluginConstants.PKCS12; @@ -420,25 +420,33 @@ public void setLocalCertificates(List localCertificates) { } } - private String extractAlias(Map certificate) { - return extractField(certificate, "alias"); - } - - String extractField(Map certificate, String field) { - String fieldValue = certificate.get(field); + public List retrieveRemoteCertificates(String urlString) { + List result = new ArrayList<>(); + HttpsURLConnection conn = null; - if (fieldValue == null) { - throw new RuntimeException("Missing " + field); + try { + URL url = new URL(urlString); + conn = (HttpsURLConnection) url.openConnection(); + conn.setConnectTimeout(5000); + conn.setReadTimeout(5000); + conn.connect(); + Certificate[] certs = conn.getServerCertificates(); + + for (Certificate cert : certs) { + if (cert instanceof X509Certificate x509) { + TrustedCertificate certificate = new TrustedCertificate(null); + certificate.setCertificate(encodeCertificateChain(x509)); + result.add(certificate); + } + } + } catch (IOException | CertificateEncodingException e) { + throw new RuntimeException(e); + } finally { + if (conn != null) { + conn.disconnect(); + } } - return fieldValue; - } - - private String extractCertificate(Map certificate) { - return extractField(certificate, "certificate"); - } - - private String extractKey(Map certificate) { - return extractField(certificate, "key"); + return result; } public ConnectionTestResponse testConnection( diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index 054ce2b30f..fde9ab8f60 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -136,6 +136,12 @@ public void setTrustedCertificates(List trustedCertificates) certificateService.setTrustedCertificates(trustedCertificates); } + + @Override + public List getRemoteCertificates(String url) { + return certificateService.retrieveRemoteCertificates(url); + } + @Override public ConnectionTestResponse testConnection(String channelId, String channelName, HttpDispatcherProperties dispatcherProperties) throws ClientException { return certificateService.testConnection(channelId, channelName, dispatcherProperties); diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java index d93ff21042..78d6500c9a 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java @@ -41,6 +41,7 @@ import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; import javax.ws.rs.core.MediaType; import java.io.InputStream; import java.util.List; @@ -217,4 +218,27 @@ void setTrustedCertificates( }) List trustedCertificates ); + + @GET + @Path("/remoteCertificates") + @ApiResponse( + responseCode = "200", + description = "Retrieve certificates served from a URL", + content = { + @Content(mediaType = APPLICATION_JSON, schema = @Schema(implementation = List.class)), + @Content(mediaType = APPLICATION_XML, schema = @Schema(implementation = List.class)) + }) + @MirthOperation( + name = "getRemoteCertificates", + display = "Retrieve the list of certificates served at a certain URL", + type = Operation.ExecuteType.ASYNC + ) + List getRemoteCertificates( + @Param("url") + @Parameter( + description = "The URL which to query for served certificates", + schema = @Schema(type = "string") + ) + @QueryParam("url") String url + ); } From be141a8dc95350fdc9c4407c8e964c48b045ac60 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 24 Oct 2025 19:52:53 +0300 Subject: [PATCH 132/360] Add Connection Test Result panel --- THIRD_PARTY_LICENSES.md | 24 ++ client/pom.xml | 21 ++ .../client/dialog/ItemPickerDialog.java | 2 +- .../panel/ConnectionTestResultPanel.java | 264 ++++++++++++++++++ .../resources/images/tls_plugin_check.png | Bin 0 -> 2619 bytes .../resources/images/tls_plugin_error.png | Bin 0 -> 2122 bytes .../shared/SerializationController.java | 4 +- .../shared/models/ConnectionTestResult.java | 81 ++++++ 8 files changed, 394 insertions(+), 2 deletions(-) create mode 100644 THIRD_PARTY_LICENSES.md create mode 100644 client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ConnectionTestResultPanel.java create mode 100644 client/src/main/resources/images/tls_plugin_check.png create mode 100644 client/src/main/resources/images/tls_plugin_error.png create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/ConnectionTestResult.java diff --git a/THIRD_PARTY_LICENSES.md b/THIRD_PARTY_LICENSES.md new file mode 100644 index 0000000000..49c5c5df1d --- /dev/null +++ b/THIRD_PARTY_LICENSES.md @@ -0,0 +1,24 @@ +# Third-Party Licenses + +## [Phosphor Icons](https://github.com/phosphor-icons) +MIT License + +Copyright (c) 2023 Phosphor Icons + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/client/pom.xml b/client/pom.xml index c05774d2c2..2db5557465 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -54,6 +54,27 @@ provided + + com.mirth.connect.plugins + http-client + ${mirth.version} + provided + + + + com.mirth.connect.connectors + tcp-client + ${mirth.version} + provided + + + + com.mirth.connect.connectors + ws-client + ${mirth.version} + provided + + com.thoughtworks.xstream xstream diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java index 4d14877bc9..d7ca78b64d 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java @@ -126,7 +126,7 @@ private void initComponents() { "TLS settings", TitledBorder.DEFAULT_JUSTIFICATION, TitledBorder.DEFAULT_POSITION, - new Font("Tahoma", Font.BOLD, 11) + new Font(Font.SANS_SERIF, Font.BOLD, 11) ) ); diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ConnectionTestResultPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ConnectionTestResultPanel.java new file mode 100644 index 0000000000..7fc9a28117 --- /dev/null +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ConnectionTestResultPanel.java @@ -0,0 +1,264 @@ +// This file uses Phosphor Icons (https://github.com/phosphor-icons) +// Copyright (c) 2023 Phosphor Icons +// Licensed under the MIT License + +package org.openintegrationengine.tlsmanager.client.panel; + +import com.mirth.connect.client.ui.MirthDialog; +import net.miginfocom.swing.MigLayout; +import org.openintegrationengine.tlsmanager.shared.models.ConnectionTestResult; + +import javax.swing.ImageIcon; +import javax.swing.JButton; +import javax.swing.JLabel; +import javax.swing.JScrollPane; +import javax.swing.JTextArea; +import javax.swing.WindowConstants; +import javax.swing.border.TitledBorder; +import java.awt.Color; +import java.awt.Font; +import java.awt.Window; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.time.ZoneOffset; +import java.time.format.DateTimeFormatter; + +public class ConnectionTestResultPanel extends MirthDialog { + + private JLabel iconLabel; + private JLabel messageLabel; + + private JScrollPane scrollPane; + private JTextArea resultArea; + private JButton okButton; + + private final Color RED = new Color(179, 0, 0); + private final Color GREEN = new Color(76, 174, 79); + + // https://github.com/phosphor-icons/core/blob/main/raw/duotone/seal-check-duotone.svg + private final String CHECK_ICON_PATH = "images/tls_plugin_check.png"; + + // https://github.com/phosphor-icons/core/blob/main/raw/duotone/seal-warning-duotone.svg + private final String ERROR_ICON_PATH = "images/tls_plugin_error.png"; + + private static final DateTimeFormatter DATE_FORMAT = DateTimeFormatter.RFC_1123_DATE_TIME.withZone(ZoneOffset.systemDefault()); + + private final ConnectionTestResult result; + + public ConnectionTestResultPanel(Window owner, ConnectionTestResult result) { + super(owner, "Connection Test Result", true); + + this.result = result; + + setDefaultCloseOperation(WindowConstants.DISPOSE_ON_CLOSE); + + initComponents(); + initLayout(); + + if (result.getSuccess()) { + resultArea.setText(renderSuccess()); + } else { + resultArea.setText(renderFailure()); + } + + pack(); + setLocationRelativeTo(getOwner()); + setVisible(true); + } + + private void initComponents() { + + var iconPath = result.getSuccess() ? CHECK_ICON_PATH : ERROR_ICON_PATH; + var iconUrl = this.getClass().getClassLoader().getResource(iconPath); + + if (iconUrl == null) { + System.out.printf("Could not find icon at %s%n", iconPath); + } else { + var imageIcon = new ImageIcon(iconUrl); + iconLabel = new JLabel(imageIcon); + } + + messageLabel = new JLabel( + "TLS Connection Test %ssuccessful".formatted(result.getSuccess() ? "" : "un") + ); + messageLabel.setFont(new Font(Font.DIALOG, Font.BOLD, 18)); + messageLabel.setForeground(result.getSuccess() ? GREEN : RED); + + resultArea = new JTextArea(); + resultArea.setEditable(false); + resultArea.setFont(new Font(Font.MONOSPACED, Font.PLAIN, 14)); + resultArea.setBackground(Color.WHITE); + + scrollPane = new JScrollPane(resultArea); + scrollPane.setBorder(new TitledBorder("TLS Connection Results")); + + okButton = new JButton("OK"); + okButton.addActionListener(e -> dispose()); + } + + private void initLayout() { + setLayout(new MigLayout("insets 8, novisualpadding, hidemode 3, fill", "", "[grow][][]")); + + if (iconLabel != null) { + add(iconLabel, "w 64!, split"); + } + add(messageLabel); + + add(scrollPane, "newline, grow, push"); + + add(okButton, "newline, w 50!, sx, right"); + } + + private String renderHeader() { + return """ + === TLS Connection Test Results === + Host: %s + Test time: %s + """.formatted( + result.getRequestedAddress(), + DATE_FORMAT.format(result.getTimestamp()) + ); + } + + private String renderSuccess() { + var stringBuilder = new StringBuilder(); + + stringBuilder.append(renderHeader()).append("\n"); + + var sessionInfo = """ + === SSL/TLS Session Information === + Protocol: %s + Cipher Suite: %s + Session ID: %s + Peer Host: %s + Peer Port: %s + Session Valid: %s + Create Time: %s + Last Access Time: %s + """.formatted( + result.getProtocol(), + result.getCipherSuite(), + result.getSessionId(), + result.getPeerHost(), + result.getPeerPort(), + result.getSessionValid(), + DATE_FORMAT.format(result.getSessionCreationTime()), + DATE_FORMAT.format(result.getSessionLastAccessedTime()) + ); + stringBuilder.append(sessionInfo).append("\n"); + + var protocols = """ + === Supported Protocols === + %s + + === Enabled Protocols === + %s + """.formatted( + String.join("\n", result.getSupportedProtocols()), + String.join("\n", result.getEnabledProtocols()) + ); + stringBuilder.append(protocols).append("\n"); + + var certificates = """ + === Certificate Chain === + Number of certificates: %d + """.formatted( + result.getCertificates().size() + ); + stringBuilder.append(certificates).append("\n"); + + for (int i = 0; i < result.getCertificates().size(); i++) { + var certificate = result.getCertificates().get(i); + var certText = renderCertificate(certificate); + if (certText != null) { + stringBuilder.append("--- Certificate %d ---".formatted(i + 1)).append("\n"); + stringBuilder.append(certText).append("\n").append("\n"); + } + } + + var summary = """ + === Connection Summary === + ✓ TLS connection successful + ✓ Certificate chain retrieved (%d certificate(s)) + ✓ Using %s with %s + """.formatted( + result.getCertificates().size(), + result.getChosenProtocol(), + result.getChosenCipherSuite() + ); + stringBuilder.append(summary); + + return stringBuilder.toString(); + } + + private String renderFailure() { + var sb = new StringBuilder(); + + sb.append(renderHeader()).append("\n"); + + sb.append("=== Connection Failed ===").append("\n"); + + if (result.getExceptionName() != null) { + sb.append("Error: ").append(result.getExceptionName()).append("\n"); + sb.append(" ").append(result.getExceptionMessage()); + if (result.getCauseName() != null) { + sb.append("\n"); + sb.append("Cause: ").append(result.getCauseName()).append("\n"); + sb.append(" ").append(result.getCauseMessage()).append("\n"); + } + } else { + sb.append("Message: ").append(result.getMessage()); + } + + return sb.toString(); + } + + private String renderCertificate(Certificate certificate) { + if (certificate instanceof X509Certificate x509) { + var certBuilder = new StringBuilder(); + + certBuilder.append("Subject: ").append(x509.getSubjectX500Principal().toString()).append("\n"); + certBuilder.append("Issuer: ").append(x509.getIssuerX500Principal().toString()).append("\n"); + certBuilder.append("Serial Number: ").append(x509.getSerialNumber().toString(16).toUpperCase()).append("\n"); + certBuilder.append("Version: ").append(x509.getVersion()).append("\n"); + certBuilder.append("Not Before: ").append(DATE_FORMAT.format(x509.getNotBefore().toInstant())).append("\n"); + certBuilder.append("Not After: ").append(DATE_FORMAT.format(x509.getNotAfter().toInstant())).append("\n"); + certBuilder.append("Signature Algorithm: ").append(x509.getSigAlgName()).append("\n"); + certBuilder.append("Public Key Algorithm: ").append(x509.getPublicKey().getAlgorithm()).append("\n"); + certBuilder.append("Key Size: ").append(ConnectionTestResult.getKeySize(x509)).append(" bits\n"); + + try { + x509.checkValidity(); + certBuilder.append("Status: VALID").append("\n"); + } catch (Exception ex) { + certBuilder.append("Status: INVALID - ").append(ex.getMessage()).append("\n"); + } + + // Subject Alternative Names + try { + if (x509.getSubjectAlternativeNames() != null) { + certBuilder.append("Subject Alternative Names:\n"); + x509.getSubjectAlternativeNames().forEach(san -> { + certBuilder.append(" ").append(san.get(1)).append("\n"); + }); + } + } catch (Exception ex) { + // SANs might not be available + } + + certBuilder + .append("SHA-256 Fingerprint:").append("\n") + .append(" ") + .append(ConnectionTestResult.getCertificateFingerprint(x509, "SHA-256")) + .append("\n"); + + certBuilder.append("SHA-1 Fingerprint:").append("\n") + .append(" ") + .append(ConnectionTestResult.getCertificateFingerprint(x509, "SHA-1")); + + return certBuilder.toString(); + } else { + return null; + } + } +} diff --git a/client/src/main/resources/images/tls_plugin_check.png b/client/src/main/resources/images/tls_plugin_check.png new file mode 100644 index 0000000000000000000000000000000000000000..63d748bdc791d5edfc69f20aa945192d2191f06c GIT binary patch literal 2619 zcmV-B3dHq^P)%?R)Pq$cXZ=qoAVk1%oveG- z&@cVoCjHWtuB1s;eMDvkjWNk;(2$s}1VOFgVSFGc3JM4;)Pb41`vIc&F~gh-%s^N2 z`?mMpzkBxCbLX6W_t}@28Q*6}Gwr}k3BMtr2mlyp zl8D~eaDM%v0|ySM$@GVkxd?6z_*Tk{!vGh@FgY6`syyNKUrClvNee((ji;1|Y5-)! zF}(*O-!ZTMR1(}u&KltMyFEm70`Vsg02yHZu&l=8PPAV@5}p8ez_*u~{|>`?>?4`MsJ~H< z`kP;v?!%0?81ic$R2;pY2tOws0B_J+sH$)?p%6e07@6aj(g0on(2q=m5n;>n7f|es zz6Lh-G~#6Y$B5xmFBttG42<0j{a|zv(4s;L9{1I>OlBUI1F$vVTd6SrgMm#}c#5RJ zx5|SxnQJDryVQRP{>wpx)vzVM06xuZ+jqR;{i{}3mI5%gjqw=(PAh|C+B4u??M1F5 zN65Zw_!a`+2GJktw=xU>^e`*WSP6oqL}>h%7n;0G5*DQ`!rBFEQRG|?MG_w>*O7x? zKe-=GJ?HS>-izoS?uN=j`H_<-{3d`>(XoV|0B_J+7*X+!R=0fKa=5bdk)ARScF7K# zY(uJIhe8U{Y!1jYJ-cj#BN!SPg31wuBBL0Mj3T6lFc=y{OK%IV4|V7#rK+ylZMCLt zB^rc(mI$*4phxnu^gL9#c8b!c1es)H*rTTq8x|Jh-RAdnK~N>h13)MM;y)2nfmU=a zC={k98YW*D1<@_d5DowVOSSU+lyp&Q!eR7%QERO1psW1Y8VAp_NfJ0L77DXP|SZv zQyLx%LILV-aMM#XU?g zWRl@@EYj&zS*ngP*=sF1I90Uuwc)Q#uj4OGuj9(S=xP3sv-Ps2`hX6Kq`_3}lY|$S{X8aT zu_G7Wm2MD`R-FoFe_74TE242s0oZA(BlV+ zneoBZ6KLpeh-p8nj^c3J5nSrOq|?t!NynbTDmc?D)n0XAuxTL$_?*$syebmCp_N!ok)PXBbyQ+Q_4&+xC-gXnp1M|aJc=0sJ&PNdm{i#buz*4Kuk zm;J{7e?PObG1_@S%(8fSz_%I9A3~E2Dw2ZTg}a0fI68(pak%XWLXnV8Z#j;LxQxW)>m^n8Ykv1aLnsJ#mto$JEa8xgw-$t-v)$^ zt@6^BqAJRyjFZnxUy4^nD!m72-Z%-i<<`=_XXc3 z(A!$w#k&`U9do8Rv8S*K^9-fyHJPiiJ^z(yt1U+H>8;ud|2y$`Vu?^V@<*-MeZLzK zv9me=Kvrrtb{Fo#()1;;%XVyBxH0N(FGuZeJl&j!o=-fn0PM*mR! zd(5@X756fM7zhpE^>csIs_q{11%wKtR#M?!tuPW9u|Q2MM$L=zT~V%;gOP_?aW(}Y zY{)l2cp%EPaxkLXzh+YaMk0m)s0j!FL4VVbI*S6J>T?T7xG&1JayY6>+=oU6MX3qL zz0iP8W)(L?xmKP4T^CkMuTcL%Qef;cB#DGO#)RwJDx@Gm{quKn``~rF)ABA{SuSMQ z=fftaAVo@nUA93Y8R;qM)4I3kXk-Kfp+PkFHKSut|5hnUYEbmv zmb%2s{hm_*JtuTyA}mTN3aHGCUi-~QTCo7~OeE(9+Jjk&!DdPs@vk8k!EmK!C@YF=J3-io%_ z3Qx3AvaPQTfh)C>Xq2Q+Nr~*QEw8;6-&Vt#Y^$vMsJnn=+081uh>%N+`Akp%q+{$T zeSwiPwN_ca!=O6^JRnAx2?NaNB8gfgNeu?w!L}%*xJYQTv?@#0MA&P*RC5(}0Ax%a0#XzX?;jd;v=HHiLPrdTT6T;{Ux}UW>9CkDG`N zK~r9fgNMvq8LyZz9Z1?IGvhTzKjMEi(oc|l6P2;16G{7QZmh&e@WVJmF1z7Sl~Tjm;*>Q3xDz)7>Rfn_*f&7QO);B8>vS#q_)>+_{qt4GjR?YHMSn zzuz1h0-9=+`dudZWlVrhk?#S&0UFH5O6%$z8`P2jCpmHJmE zcqT2tS&0b|JV2Oal+1 z_B3!CxGr$ETB+;FT!&);x8T&I(;N&E}b?eyN(!#2Z8@0wixOtOnt*ty78*_3RfJuQ0Cn7i! zphM(>?k6uE4=YMbS+{#P#g&z~yk70|0EB}&$BQ)8~FG}-SCv)@_6tS7TO+ruDY6mqeo*z zkO)^T0i0}v%8bU^UAr8FW)?PF%IwD3!HEFR8I9chduBPP9{(f$J@Bsj2Z@fX_jvYzQ<*{;Et{dy*8;~0l=<~%Jr-h;8#|chP6P%uA==kxJ z=5kxP`;Xw#DtnyJpQI5!pq~>ec2wM?v&uEFrW62*WX>y|SbPS5A&T!wkda@v!pw=VN?g z;v6?N(SQz-Moh1?YxijHG_wXXCk2h2B8L;jEh<2V$bo1w;|Z1(6;WJSnH0%P;=7fV z_|~p9yH6y_EX5U|OJtA0X$*S>x7SN~ON-+dn{2@C_41OHn@7Q!PLY@6#n}qbEm9gy zU_N=gipxd$kt3|yupwQX(~gxdyujv`7Q_{ES$V*xT_PoRF%|*-AmWauu459IWzEeA zlNnC~3MwinYi>5XS1b7Vn26*(UzcM@Q1lVFU)*nu|l02OdVSQs`j7yoW4W9Mls7AKS zB7neGM*CJBi)xOI&^D9dmVQT40-9y}=v|(mwh{4uY^Tp39I2f;35_c7-QL0xWo1)NTUpN?Ku(g%2^RiXO5e^2qYULIZ zIJ94>3-RI>T?VU_Iw$bD(H9sSW3;CyHMSYRXipD;@o}R|sYtEx++uMF_W{*PodROk zlkwi(WH>%SI22;&!w>1LtK(0H4|A)njc_QGIB*e+oj-4Owe45x_le?kH$uNQ8Z#p! zs1yj_I(d?>&z)ob;X~%8rugS4pD_HI;H|hConklqD9Vex+7y-g5d;``uG=K=VKmQz*qG;bfHkjVroWSPW zsQu|U5g_I)p%esg<>aujsfmqEO-auY!{yN3A#B^beU%cobG_x4*>x;3KiR)s}ZjtE{*`(laM&Fw9@<@wJK>;40?@61CD<_9s zzdvo&qi`rh@cwnp?eaTzMDq60?CmqxE^kDaNUe$_TP?jTaWE@zC{Z#a9mv{GW}+qP zPf7f%k!b}77fWNM6IrVaMRSZ>F{Rv%P%t2{En624SuTxLD>ZT%ex#rt=p*vd@(s`@ zP?6luMRb=&Nb5A3l?c%5gz7=4p2`n}K3%zaUh->m;_5c6?07*qoM6N<$f-7eC AxBvhE literal 0 HcmV?d00001 diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java index 991b8e8010..1184fa1ae0 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java @@ -17,6 +17,7 @@ package org.openintegrationengine.tlsmanager.shared; import com.mirth.connect.model.converters.ObjectXMLSerializer; +import org.openintegrationengine.tlsmanager.shared.models.ConnectionTestResult; import org.openintegrationengine.tlsmanager.shared.models.LocalCertificate; import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; @@ -28,7 +29,8 @@ public class SerializationController { private static final List types = List.of( TLSConnectorProperties.class.getCanonicalName(), TrustedCertificate.class.getCanonicalName(), - LocalCertificate.class.getCanonicalName() + LocalCertificate.class.getCanonicalName(), + ConnectionTestResult.class.getCanonicalName() ); private static final Class[] classes = new Class[]{ diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/ConnectionTestResult.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/ConnectionTestResult.java new file mode 100644 index 0000000000..ab89c63f14 --- /dev/null +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/ConnectionTestResult.java @@ -0,0 +1,81 @@ +package org.openintegrationengine.tlsmanager.shared.models; + +import lombok.Builder; +import lombok.Getter; + +import java.security.MessageDigest; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.time.Instant; +import java.util.List; + +@Builder +@Getter +public final class ConnectionTestResult { + private Boolean success; + private String message; + private Instant timestamp; + private String requestedAddress; + + private String protocol; + private String cipherSuite; + private String sessionId; + private String peerHost; + private Integer peerPort; + private Boolean sessionValid; + private Instant sessionCreationTime; + private Instant sessionLastAccessedTime; + + private List supportedProtocols; + private List enabledProtocols; + private String chosenProtocol; + + private List supportedCipherSuites; + private List enabledCipherSuites; + private String chosenCipherSuite; + + private List certificates; + + private String exceptionName; + private String exceptionMessage; + private String causeName; + private String causeMessage; + + public static String bytesToHex(byte[] bytes) { + if (bytes == null || bytes.length == 0) return ""; + + var hexString = new StringBuilder(); + for (byte b : bytes) { + hexString.append(String.format("%02X", b)); + } + return hexString.toString(); + } + + public static int getKeySize(X509Certificate cert) { + try { + if (cert.getPublicKey().getAlgorithm().equals("RSA")) { + return ((java.security.interfaces.RSAPublicKey) cert.getPublicKey()).getModulus().bitLength(); + } else if (cert.getPublicKey().getAlgorithm().equals("EC")) { + return ((java.security.interfaces.ECPublicKey) cert.getPublicKey()).getParams().getOrder().bitLength(); + } + } catch (Exception e) { + // Ignore + } + return -1; + } + + public static String getCertificateFingerprint(X509Certificate cert, String algorithm) { + try { + var md = MessageDigest.getInstance(algorithm); + byte[] digest = md.digest(cert.getEncoded()); + var sb = new StringBuilder(); + for (int i = 0; i < digest.length; i++) { + if (i > 0) sb.append(":"); + sb.append(String.format("%02X", digest[i])); + } + return sb.toString(); + } catch (Exception e) { + return "Unable to calculate fingerprint"; + } + } +} From b2a1cf7e2142dca7e4994bed508cf307606eaa22 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 24 Oct 2025 19:54:53 +0300 Subject: [PATCH 133/360] Add Connection Testing from UI --- .../HTTPSenderConnectorPropertiesPanel.java | 114 +++++++++++++++++- .../tlsmanager/server/CertificateService.java | 8 +- .../server/servlets/TLSServlet.java | 5 +- .../server/util/ConnectionUtils.java | 66 +++++++--- .../shared/servlet/TLSServletInterface.java | 60 ++++++++- 5 files changed, 227 insertions(+), 26 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index 006f5004e5..2a7b273e93 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -24,12 +24,19 @@ import com.mirth.connect.client.ui.components.MirthComboBox; import com.mirth.connect.client.ui.components.MirthRadioButton; import com.mirth.connect.client.ui.components.MirthTextField; +import com.mirth.connect.client.ui.panels.connectors.ResponseHandler; +import com.mirth.connect.connectors.http.HttpDispatcherProperties; +import com.mirth.connect.connectors.http.HttpSender; +import com.mirth.connect.connectors.tcp.TcpSender; +import com.mirth.connect.connectors.ws.WebServiceSender; import com.mirth.connect.donkey.model.channel.ConnectorPluginProperties; import com.mirth.connect.donkey.model.channel.ConnectorProperties; import com.mirth.connect.model.Connector; +import lombok.extern.slf4j.Slf4j; import net.miginfocom.swing.MigLayout; import org.openintegrationengine.tlsmanager.client.dialog.ItemPickerDialog; import org.openintegrationengine.tlsmanager.client.misc.DisplayTextEnumModeComboBoxRenderer; +import org.openintegrationengine.tlsmanager.shared.models.ConnectionTestResult; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; @@ -45,13 +52,16 @@ import java.awt.Component; import java.awt.event.KeyAdapter; import java.awt.event.KeyEvent; +import java.time.Instant; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.HashSet; +import java.util.Optional; import java.util.Set; import java.util.function.BiConsumer; +@Slf4j public class HTTPSenderConnectorPropertiesPanel extends AbstractConnectorPropertiesPanel { private JLabel managerEnabledLabel; @@ -96,7 +106,12 @@ public class HTTPSenderConnectorPropertiesPanel extends AbstractConnectorPropert private Set publicCertificates; private Set clientCertificates; + private Frame parentFrame; + private enum TRANSPORT { HTTP, TCP, WS }; + public HTTPSenderConnectorPropertiesPanel() { + this.parentFrame = PlatformUI.MIRTH_FRAME; + this.properties = new TLSConnectorProperties(); this.publicCertificates = new HashSet<>(); this.clientCertificates = new HashSet<>(); @@ -106,6 +121,95 @@ public HTTPSenderConnectorPropertiesPanel() { fetchData(); } + private Optional getButtonByText(String text) { + var settingsComponents = connectorPanel + .getConnectorSettingsPanel() + .getComponents(); + + return Arrays + .stream(settingsComponents) + .filter(component -> component instanceof JButton) + .map(component -> (JButton) component) + .filter(button -> button.getText().equals(text)) + .findFirst(); + } + + private void doActionListenerOverrides() { + var settingsPanel = connectorPanel.getConnectorSettingsPanel(); + + TRANSPORT transport; + if (settingsPanel instanceof HttpSender) { + transport = TRANSPORT.HTTP; + } else if (settingsPanel instanceof TcpSender) { + transport = TRANSPORT.TCP; + } else if (settingsPanel instanceof WebServiceSender) { + transport = TRANSPORT.WS; + } else { + return; + } + + var testConnectionButton = getButtonByText("Test Connection"); + if (testConnectionButton.isPresent()) { + var button = testConnectionButton.get(); + var actionListeners = button.getActionListeners().clone(); + + // Replace the ActionListener + button.removeActionListener(actionListeners[0]); // Hope it only has a single listener + button.addActionListener(e -> testTlsConnection()); + } else { + var message = "No test connection button found in settings panel %s".formatted(settingsPanel); + log(message); + } + + if (transport == TRANSPORT.WS) { + var getOperationsButton = getButtonByText("Get Operations"); + if (getOperationsButton.isPresent()) { + var button = getOperationsButton.get(); + var actionListeners = button.getActionListeners().clone(); + + // Replace the ActionListener + button.removeActionListener(actionListeners[0]); // Hope it only has a single listener + button.addActionListener(e -> testTlsConnection()); + } else { + var message = "No Get Operations button found in settings panel %s".formatted(settingsPanel); + log(message); + } + } + } + + private void testTlsConnection() { + var testConnectionResponseHandler = new ResponseHandler() { + @Override + public void handle(Object response) { + var result = (ConnectionTestResult) response; + + if (result == null) { + parentFrame.alertError(parentFrame, "Failed to invoke service."); + } else { + new ConnectionTestResultPanel(PlatformUI.MIRTH_FRAME, result); + } + } + }; + + try { + connectorPanel + .getConnectorSettingsPanel() + .getServlet( + TLSServletInterface.class, + "Testing connection...", + "Error testing TLS connection", + testConnectionResponseHandler + ) + .testConnection( + connectorPanel.getConnectorSettingsPanel().getChannelId(), + connectorPanel.getConnectorSettingsPanel().getChannelName(), + (HttpDispatcherProperties) connectorPanel.getProperties() + ); + } catch (Exception e) { + // Should not happen? + } + } + @Override public TLSConnectorProperties getProperties() { return properties.clone(); @@ -131,7 +235,11 @@ public boolean checkProperties(ConnectorProperties connectorProperties, Connecto } @Override - public void resetInvalidProperties() {} + public void resetInvalidProperties() { + // This method seems to be called after other panels have been initialized. + // We need other panels to be initialized 'cause we'll be fiddling with one. + doActionListenerOverrides(); + } @Override public Component[][] getLayoutComponents() { @@ -542,4 +650,8 @@ public void done() { publicCertWorker.execute(); clientCertWorker.execute(); } + + private static void log(String message) { + System.out.printf("%s - %s.%n", Instant.now(), message); + } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 99a445cc78..84a8915679 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -20,7 +20,6 @@ import com.mirth.connect.connectors.http.HttpDispatcherProperties; import com.mirth.connect.donkey.server.channel.DestinationConnector; import com.mirth.connect.server.util.TemplateValueReplacer; -import com.mirth.connect.util.ConnectionTestResponse; import lombok.Getter; import lombok.extern.slf4j.Slf4j; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; @@ -33,6 +32,7 @@ import org.openintegrationengine.tlsmanager.server.backend.TrustStoreBackend; import org.openintegrationengine.tlsmanager.server.util.ConnectionUtils; import org.openintegrationengine.tlsmanager.shared.PersistenceMode; +import org.openintegrationengine.tlsmanager.shared.models.ConnectionTestResult; import org.openintegrationengine.tlsmanager.shared.models.LocalCertificate; import org.openintegrationengine.tlsmanager.shared.models.TLSPluginConfiguration; import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; @@ -449,7 +449,7 @@ public List retrieveRemoteCertificates(String urlString) { return result; } - public ConnectionTestResponse testConnection( + public ConnectionTestResult testConnection( String channelId, String channelName, HttpDispatcherProperties dispatcherProperties @@ -459,10 +459,8 @@ public ConnectionTestResponse testConnection( .filter(TLSConnectorProperties.class::isInstance) .findFirst(); - if (oTlsPluginProperties.isEmpty()) { - log.warn("No TLS plugin properties found for testConnection"); - return new ConnectionTestResponse(ConnectionTestResponse.Type.FAILURE, "No TLS plugin properties found for testConnection."); + log.debug("No TLS plugin properties found for testConnection. Doing non-TLS test"); } var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index fde9ab8f60..8df6a0641f 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -18,15 +18,14 @@ import com.kaurpalang.mirth.annotationsplugin.annotation.MirthApiProvider; import com.kaurpalang.mirth.annotationsplugin.type.ApiProviderType; -import com.mirth.connect.client.core.ClientException; import com.mirth.connect.connectors.http.HttpDispatcherProperties; import com.mirth.connect.server.api.DontCheckAuthorized; import com.mirth.connect.server.api.MirthServlet; -import com.mirth.connect.util.ConnectionTestResponse; import lombok.extern.slf4j.Slf4j; import org.openintegrationengine.tlsmanager.server.CertificateService; import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; +import org.openintegrationengine.tlsmanager.shared.models.ConnectionTestResult; import org.openintegrationengine.tlsmanager.shared.models.LocalCertificate; import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; import org.openintegrationengine.tlsmanager.shared.servlet.TLSServletInterface; @@ -143,7 +142,7 @@ public List getRemoteCertificates(String url) { } @Override - public ConnectionTestResponse testConnection(String channelId, String channelName, HttpDispatcherProperties dispatcherProperties) throws ClientException { + public ConnectionTestResult testConnection(String channelId, String channelName, HttpDispatcherProperties dispatcherProperties) { return certificateService.testConnection(channelId, channelName, dispatcherProperties); } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java index 2008bdb6b2..6a74003533 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java @@ -1,24 +1,26 @@ package org.openintegrationengine.tlsmanager.server.util; -import com.mirth.connect.util.ConnectionTestResponse; import lombok.extern.slf4j.Slf4j; import org.apache.http.HttpHost; import org.apache.http.conn.SchemePortResolver; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.conn.DefaultSchemePortResolver; +import org.openintegrationengine.tlsmanager.shared.models.ConnectionTestResult; import javax.net.ssl.SSLSocket; import java.io.IOException; import java.net.InetSocketAddress; import java.net.Socket; import java.net.SocketTimeoutException; +import java.time.Instant; +import java.util.Arrays; @Slf4j public class ConnectionUtils { private static SchemePortResolver defaultSchemePortResolver = new DefaultSchemePortResolver(); - public static ConnectionTestResponse testConnection( + public static ConnectionTestResult testConnection( SSLConnectionSocketFactory socketFactory, String host, int timeout, @@ -35,7 +37,7 @@ public static ConnectionTestResponse testConnection( ); } - public static ConnectionTestResponse testConnection( + public static ConnectionTestResult testConnection( SSLConnectionSocketFactory socketFactory, Socket socket, String host, @@ -43,11 +45,16 @@ public static ConnectionTestResponse testConnection( String localAddr, int localPort ) throws IOException { + var startTime = Instant.now(); + if ( host == null || host.isEmpty() ) { - return new ConnectionTestResponse(ConnectionTestResponse.Type.FAILURE, "Invalid host or port."); + return ConnectionTestResult.builder() + .timestamp(startTime) + .message("Invalid host or port") + .build(); } var target = HttpHost.create(host); @@ -61,7 +68,11 @@ public static ConnectionTestResponse testConnection( || localPort <= 0 || localPort > 65535 ) { - return new ConnectionTestResponse(ConnectionTestResponse.Type.FAILURE, "Invalid local host or port."); + return ConnectionTestResult.builder() + .timestamp(startTime) + .requestedAddress(host) + .message("Invalid local host or port") + .build(); } localAddress = new InetSocketAddress(localAddr, localPort); @@ -77,16 +88,10 @@ public static ConnectionTestResponse testConnection( null ) ) { - var connectionInfo = "%s:%d -> %s:%d".formatted( - sslSocket.getLocalAddress().getHostAddress(), - sslSocket.getLocalPort(), - remoteAddress.getAddress().getHostAddress(), - remoteAddress.getPort() - ); + var sess = sslSocket.getSession(); if (log.isDebugEnabled()) { // Handshake is done if we got here. Inspect what happened: - var sess = sslSocket.getSession(); log.debug("Protocol: {}", sess.getProtocol()); log.debug("Cipher: {}", sess.getCipherSuite()); log.debug("Peer: {}", sess.getPeerPrincipal()); @@ -99,10 +104,43 @@ public static ConnectionTestResponse testConnection( isSocketAlive(sslSocket); - return new ConnectionTestResponse(ConnectionTestResponse.Type.SUCCESS, "Successfully connected to host: " + connectionInfo, connectionInfo); + return ConnectionTestResult.builder() + .success(true) + .timestamp(startTime) + .requestedAddress(host) + .protocol(sess.getProtocol()) + .cipherSuite(sess.getCipherSuite()) + .sessionId(ConnectionTestResult.bytesToHex(sess.getId())) + .peerHost(sess.getPeerHost()) + .peerPort(sess.getPeerPort()) + .sessionValid(sess.isValid()) + .sessionCreationTime(Instant.ofEpochMilli(sess.getCreationTime())) + .sessionLastAccessedTime(Instant.ofEpochMilli(sess.getLastAccessedTime())) + .supportedProtocols(Arrays.asList(sslSocket.getSupportedProtocols())) + .enabledProtocols(Arrays.asList(sslSocket.getEnabledProtocols())) + .supportedCipherSuites(Arrays.asList(sslSocket.getSupportedCipherSuites())) + .enabledCipherSuites(Arrays.asList(sslSocket.getEnabledCipherSuites())) + .certificates(Arrays.asList(sess.getPeerCertificates())) + .chosenProtocol(sess.getProtocol()) + .chosenCipherSuite(sess.getCipherSuite()) + .build(); + } catch (Exception e) { log.error("Error connecting to host: {}", host, e); - throw e; + + var result = ConnectionTestResult.builder() + .success(false) + .timestamp(startTime) + .requestedAddress(host) + .exceptionName(e.getClass().getCanonicalName()) + .exceptionMessage(e.getMessage()); + + if (e.getCause() != null) { + result.causeName(e.getCause().getClass().getCanonicalName()); + result.causeMessage(e.getCause().getMessage()); + } + + return result.build(); } } diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java index 78d6500c9a..2d79554cce 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java @@ -23,15 +23,17 @@ import com.mirth.connect.client.core.api.BaseServletInterface; import com.mirth.connect.client.core.api.MirthOperation; import com.mirth.connect.client.core.api.Param; -import com.mirth.connect.connectors.http.HttpConnectorServletInterface; +import com.mirth.connect.connectors.http.HttpDispatcherProperties; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Content; +import io.swagger.v3.oas.annotations.media.ExampleObject; import io.swagger.v3.oas.annotations.media.Schema; import io.swagger.v3.oas.annotations.parameters.RequestBody; import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.tags.Tag; import org.glassfish.jersey.media.multipart.FormDataParam; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; +import org.openintegrationengine.tlsmanager.shared.models.ConnectionTestResult; import org.openintegrationengine.tlsmanager.shared.models.LocalCertificate; import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; @@ -47,14 +49,16 @@ import java.util.List; import java.util.Set; -import static javax.ws.rs.core.MediaType.*; +import static javax.ws.rs.core.MediaType.APPLICATION_JSON; +import static javax.ws.rs.core.MediaType.APPLICATION_OCTET_STREAM; +import static javax.ws.rs.core.MediaType.APPLICATION_XML; @Path("/tlsmanager") @Tag(name = TLSPluginConstants.PLUGIN_POINTNAME) @Consumes({APPLICATION_XML, APPLICATION_JSON}) @Produces({APPLICATION_XML, APPLICATION_JSON}) @MirthApiProvider(type = ApiProviderType.SERVLET_INTERFACE) -public interface TLSServletInterface extends BaseServletInterface, HttpConnectorServletInterface { +public interface TLSServletInterface extends BaseServletInterface { @GET @Path("/importedcertificates") @@ -241,4 +245,54 @@ List getRemoteCertificates( ) @QueryParam("url") String url ); + + @POST + @Path("/_testConnection") + @io.swagger.v3.oas.annotations.Operation( + summary = "Tests whether a connection can be successfully established to the destination endpoint." + ) + @ApiResponse( + content = {@Content( + mediaType = "application/xml", + examples = {@ExampleObject( + name = "connection_test_response_http", + ref = "../apiexamples/connection_test_response_http_xml" + )} + ), @Content( + mediaType = "application/json", + examples = {@ExampleObject( + name = "connection_test_response_http", + ref = "../apiexamples/connection_test_response_http_json" + )} + )} + ) + @MirthOperation( + name = "testConnection", + display = "Test TLS Connection", + type = Operation.ExecuteType.ASYNC, + auditable = false + ) + ConnectionTestResult testConnection( + @Param("channelId") + @Parameter(description = "The ID of the channel.", required = true) + @QueryParam("channelId") String channelId, + @Param("channelName") + @Parameter(description = "The name of the channel.", required = true) + @QueryParam("channelName") String channelName, + @Param("properties") + @RequestBody(description = "The HTTP Sender properties to use.", required = true, content = { + @Content( + mediaType = "application/xml", + examples = { + @ExampleObject(name = "http_dispatcher_properties", ref = "../apiexamples/http_dispatcher_properties_xml") + } + ), + @Content( + mediaType = "application/json", + examples = { + @ExampleObject(name = "http_dispatcher_properties", ref = "../apiexamples/http_dispatcher_properties_json") + } + ) + }) HttpDispatcherProperties httpDispatcherProperties + ) throws ClientException; } From f84509e771e47fa288e8de6cc2a4b2d8a87d21e9 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 24 Oct 2025 20:06:53 +0300 Subject: [PATCH 134/360] Add original Vector files --- .../images/phosphor-seal-check-duotone.svg | 49 +++++++++++++++++++ .../images/phosphor-seal-warning-duotone.svg | 49 +++++++++++++++++++ 2 files changed, 98 insertions(+) create mode 100644 client/src/main/resources/images/phosphor-seal-check-duotone.svg create mode 100644 client/src/main/resources/images/phosphor-seal-warning-duotone.svg diff --git a/client/src/main/resources/images/phosphor-seal-check-duotone.svg b/client/src/main/resources/images/phosphor-seal-check-duotone.svg new file mode 100644 index 0000000000..8d89ba815b --- /dev/null +++ b/client/src/main/resources/images/phosphor-seal-check-duotone.svg @@ -0,0 +1,49 @@ + + + + + + + + diff --git a/client/src/main/resources/images/phosphor-seal-warning-duotone.svg b/client/src/main/resources/images/phosphor-seal-warning-duotone.svg new file mode 100644 index 0000000000..70a9f1e151 --- /dev/null +++ b/client/src/main/resources/images/phosphor-seal-warning-duotone.svg @@ -0,0 +1,49 @@ + + + + + + + + From cf8e2198b2f8dd57e74fa852a90de3cc2aae4f9e Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 27 Oct 2025 18:01:14 +0200 Subject: [PATCH 135/360] Add conditional TLS connection tests When the isTlsManagerEnabled property is set to `true`, a TLS connection test is performed. If it is false, the default non-tls connection test is performed instead. --- .../panel/ConnectionTestResultPanel.java | 14 +- .../HTTPSenderConnectorPropertiesPanel.java | 151 ++++++++++++++---- .../tlsmanager/server/CertificateService.java | 73 +++++++-- .../server/servlets/TLSServlet.java | 11 +- shared/pom.xml | 12 ++ .../shared/servlet/TLSServletInterface.java | 46 +++++- 6 files changed, 244 insertions(+), 63 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ConnectionTestResultPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ConnectionTestResultPanel.java index 7fc9a28117..c0ded76eaf 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ConnectionTestResultPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ConnectionTestResultPanel.java @@ -16,6 +16,7 @@ import javax.swing.WindowConstants; import javax.swing.border.TitledBorder; import java.awt.Color; +import java.awt.Dimension; import java.awt.Font; import java.awt.Window; import java.security.cert.Certificate; @@ -32,14 +33,14 @@ public class ConnectionTestResultPanel extends MirthDialog { private JTextArea resultArea; private JButton okButton; - private final Color RED = new Color(179, 0, 0); - private final Color GREEN = new Color(76, 174, 79); + private static final Color RED = new Color(179, 0, 0); + private static final Color GREEN = new Color(76, 174, 79); // https://github.com/phosphor-icons/core/blob/main/raw/duotone/seal-check-duotone.svg - private final String CHECK_ICON_PATH = "images/tls_plugin_check.png"; + private static final String CHECK_ICON_PATH = "images/tls_plugin_check.png"; // https://github.com/phosphor-icons/core/blob/main/raw/duotone/seal-warning-duotone.svg - private final String ERROR_ICON_PATH = "images/tls_plugin_error.png"; + private static final String ERROR_ICON_PATH = "images/tls_plugin_error.png"; private static final DateTimeFormatter DATE_FORMAT = DateTimeFormatter.RFC_1123_DATE_TIME.withZone(ZoneOffset.systemDefault()); @@ -56,8 +57,10 @@ public ConnectionTestResultPanel(Window owner, ConnectionTestResult result) { initLayout(); if (result.getSuccess()) { + setPreferredSize(new Dimension(900, 1000)); resultArea.setText(renderSuccess()); } else { + setPreferredSize(new Dimension(600, 400)); resultArea.setText(renderFailure()); } @@ -67,7 +70,6 @@ public ConnectionTestResultPanel(Window owner, ConnectionTestResult result) { } private void initComponents() { - var iconPath = result.getSuccess() ? CHECK_ICON_PATH : ERROR_ICON_PATH; var iconUrl = this.getClass().getClassLoader().getResource(iconPath); @@ -97,7 +99,7 @@ private void initComponents() { } private void initLayout() { - setLayout(new MigLayout("insets 8, novisualpadding, hidemode 3, fill", "", "[grow][][]")); + setLayout(new MigLayout("insets 8, novisualpadding, hidemode 3, fillx", "[grow, fill]", "[][grow][]")); if (iconLabel != null) { add(iconLabel, "w 64!, split"); diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index 2a7b273e93..3f7a6f8ebf 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -16,6 +16,7 @@ package org.openintegrationengine.tlsmanager.client.panel; +import com.mirth.connect.client.core.ClientException; import com.mirth.connect.client.ui.AbstractConnectorPropertiesPanel; import com.mirth.connect.client.ui.ConnectorTypeDecoration; import com.mirth.connect.client.ui.Frame; @@ -28,6 +29,7 @@ import com.mirth.connect.connectors.http.HttpDispatcherProperties; import com.mirth.connect.connectors.http.HttpSender; import com.mirth.connect.connectors.tcp.TcpSender; +import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; import com.mirth.connect.connectors.ws.WebServiceSender; import com.mirth.connect.donkey.model.channel.ConnectorPluginProperties; import com.mirth.connect.donkey.model.channel.ConnectorProperties; @@ -50,6 +52,8 @@ import javax.swing.SwingWorker; import java.awt.Color; import java.awt.Component; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; import java.awt.event.KeyAdapter; import java.awt.event.KeyEvent; import java.time.Instant; @@ -57,7 +61,7 @@ import java.util.Arrays; import java.util.Collections; import java.util.HashSet; -import java.util.Optional; +import java.util.List; import java.util.Set; import java.util.function.BiConsumer; @@ -109,6 +113,8 @@ public class HTTPSenderConnectorPropertiesPanel extends AbstractConnectorPropert private Frame parentFrame; private enum TRANSPORT { HTTP, TCP, WS }; + private final ResponseHandler responseHandler; + public HTTPSenderConnectorPropertiesPanel() { this.parentFrame = PlatformUI.MIRTH_FRAME; @@ -116,12 +122,25 @@ public HTTPSenderConnectorPropertiesPanel() { this.publicCertificates = new HashSet<>(); this.clientCertificates = new HashSet<>(); + this.responseHandler = new ResponseHandler() { + @Override + public void handle(Object response) { + var result = (ConnectionTestResult) response; + + if (result == null) { + parentFrame.alertError(parentFrame, "Failed to invoke service."); + } else { + new ConnectionTestResultPanel(PlatformUI.MIRTH_FRAME, result); + } + } + }; + initComponents(); initLayout(); fetchData(); } - private Optional getButtonByText(String text) { + private List getButtonsByText(String text) { var settingsComponents = connectorPanel .getConnectorSettingsPanel() .getComponents(); @@ -131,7 +150,7 @@ private Optional getButtonByText(String text) { .filter(component -> component instanceof JButton) .map(component -> (JButton) component) .filter(button -> button.getText().equals(text)) - .findFirst(); + .toList(); } private void doActionListenerOverrides() { @@ -148,28 +167,42 @@ private void doActionListenerOverrides() { return; } - var testConnectionButton = getButtonByText("Test Connection"); - if (testConnectionButton.isPresent()) { - var button = testConnectionButton.get(); - var actionListeners = button.getActionListeners().clone(); + if (transport == TRANSPORT.HTTP || transport == TRANSPORT.TCP) { + var testConnectionButtons = getButtonsByText("Test Connection"); + if (!testConnectionButtons.isEmpty()) { + var button = testConnectionButtons.get(0); - // Replace the ActionListener - button.removeActionListener(actionListeners[0]); // Hope it only has a single listener - button.addActionListener(e -> testTlsConnection()); - } else { - var message = "No test connection button found in settings panel %s".formatted(settingsPanel); - log(message); + var actionListeners = button.getActionListeners().clone(); + + var previousActionListener = actionListeners[0]; // Hope it only has a single listener + + // Replace the ActionListener + button.removeActionListener(previousActionListener); + button.addActionListener(e -> testTlsConnection(previousActionListener, e)); + } else { + var message = "No test connection button found in settings panel %s".formatted(settingsPanel); + log(message); + } } if (transport == TRANSPORT.WS) { - var getOperationsButton = getButtonByText("Get Operations"); - if (getOperationsButton.isPresent()) { - var button = getOperationsButton.get(); - var actionListeners = button.getActionListeners().clone(); + var testConnectionButtons = getButtonsByText("Test Connection"); + if (!testConnectionButtons.isEmpty()) { + // This works on the faint hope the buttons are ordered, and the order of said buttons is not messed with during processing... + var testWsdlConnectionButton = testConnectionButtons.get(0); + var testLocationConnectionButton = testConnectionButtons.get(1); - // Replace the ActionListener - button.removeActionListener(actionListeners[0]); // Hope it only has a single listener - button.addActionListener(e -> testTlsConnection()); + var wsdlActionListeners = testWsdlConnectionButton.getActionListeners().clone(); + var locationActionListeners = testLocationConnectionButton.getActionListeners().clone(); + + var previousWsdlActionListener = wsdlActionListeners[0]; + var previousLocationActionListener = locationActionListeners[0]; + + testWsdlConnectionButton.removeActionListener(previousWsdlActionListener); + testWsdlConnectionButton.addActionListener(e -> testWsTlsConnection(previousWsdlActionListener, e, true)); + + testLocationConnectionButton.removeActionListener(previousLocationActionListener); + testLocationConnectionButton.addActionListener(e -> testWsTlsConnection(previousLocationActionListener, e, false)); } else { var message = "No Get Operations button found in settings panel %s".formatted(settingsPanel); log(message); @@ -177,19 +210,12 @@ private void doActionListenerOverrides() { } } - private void testTlsConnection() { - var testConnectionResponseHandler = new ResponseHandler() { - @Override - public void handle(Object response) { - var result = (ConnectionTestResult) response; - - if (result == null) { - parentFrame.alertError(parentFrame, "Failed to invoke service."); - } else { - new ConnectionTestResultPanel(PlatformUI.MIRTH_FRAME, result); - } - } - }; + private void testTlsConnection(ActionListener nonTlsActionListener, ActionEvent event) { + if (!properties.isTlsManagerEnabled()) { + // If TLS management is disabled, run the previous non-tls connection test + nonTlsActionListener.actionPerformed(event); + return; + } try { connectorPanel @@ -198,9 +224,9 @@ public void handle(Object response) { TLSServletInterface.class, "Testing connection...", "Error testing TLS connection", - testConnectionResponseHandler + this.responseHandler ) - .testConnection( + .testTcpConnection( connectorPanel.getConnectorSettingsPanel().getChannelId(), connectorPanel.getConnectorSettingsPanel().getChannelName(), (HttpDispatcherProperties) connectorPanel.getProperties() @@ -210,6 +236,61 @@ public void handle(Object response) { } } + private void testWsTlsConnection(ActionListener nonTlsActionListener, ActionEvent event, boolean isWsdlUrlBeingTested) { + if (!properties.isTlsManagerEnabled()) { + // If TLS management is disabled, run the previous non-tls connection test + // The isWsdlUrlBeingTested hopefully doesn't matter here as the listeners are already defined + // by the sender panel. + nonTlsActionListener.actionPerformed(event); + return; + } + + if (!canTestConnection(isWsdlUrlBeingTested)) { + return; + } + + var wsProperties = (WebServiceDispatcherProperties) connectorPanel.getProperties(); + + // Blank out the other property so that it isn't tested + if (isWsdlUrlBeingTested) { + wsProperties.setLocationURI(""); + } else { + wsProperties.setWsdlUrl(""); + } + + try { + connectorPanel + .getConnectorSettingsPanel() + .getServlet( + TLSServletInterface.class, + "Testing connection...", + "Error testing Web Service connection: ", + this.responseHandler + ).testWsConnection( + connectorPanel.getConnectorSettingsPanel().getChannelId(), + connectorPanel.getConnectorSettingsPanel().getChannelName(), + wsProperties + ); + } catch (ClientException e) { + // Should not happen + } + } + + private boolean canTestConnection(boolean isWsdlUrlBeingTested) { + var wsProperties = (WebServiceDispatcherProperties) connectorPanel.getProperties(); + + if (isWsdlUrlBeingTested) { + if (wsProperties.getWsdlUrl() == null || wsProperties.getWsdlUrl().isBlank()) { + parentFrame.alertError(parentFrame, "-WSDL URL is blank."); + } + } else if (wsProperties.getLocationURI() == null || wsProperties.getLocationURI().isBlank()) { + parentFrame.alertError(parentFrame, "-Location URI is blank."); + return false; + } + + return true; + } + @Override public TLSConnectorProperties getProperties() { return properties.clone(); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 84a8915679..72ba49134f 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -18,6 +18,7 @@ import com.mirth.connect.client.core.api.MirthApiException; import com.mirth.connect.connectors.http.HttpDispatcherProperties; +import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; import com.mirth.connect.donkey.server.channel.DestinationConnector; import com.mirth.connect.server.util.TemplateValueReplacer; import lombok.Getter; @@ -449,7 +450,29 @@ public List retrieveRemoteCertificates(String urlString) { return result; } - public ConnectionTestResult testConnection( + private ConnectionTestResult testConnection( + String channelId, + String channelName, + String host, + TLSConnectorProperties properties + ) throws IOException { + var url = new URL(templateValueReplacer.replaceValues( + host, channelId, channelName + )); + + var socketFactoryService = TLSServicePlugin.getPluginInstance().getSocketFactoryService(); + var socketFactory = socketFactoryService.getConnectorSocketFactory(null, properties); + + return ConnectionUtils.testConnection( + socketFactory, + url.toString(), + TEST_CONNECTION_TIMEOUT, + null, + 0 + ); + } + + public ConnectionTestResult testTcpConnection( String channelId, String channelName, HttpDispatcherProperties dispatcherProperties @@ -460,26 +483,44 @@ public ConnectionTestResult testConnection( .findFirst(); if (oTlsPluginProperties.isEmpty()) { - log.debug("No TLS plugin properties found for testConnection. Doing non-TLS test"); + log.debug("No TLS plugin properties found for testTcpConnection. Doing non-TLS test"); + // TODO Actually do the test + } + + var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); + try { + return testConnection(channelId, channelName, dispatcherProperties.getHost(), properties); + } catch (Exception e) { + throw new MirthApiException(e); + } + } + + public ConnectionTestResult testWsConnection( + String channelId, + String channelName, + WebServiceDispatcherProperties dispatcherProperties + ) { + var oTlsPluginProperties = dispatcherProperties.getPluginProperties() + .stream() + .filter(TLSConnectorProperties.class::isInstance) + .findFirst(); + + if (oTlsPluginProperties.isEmpty()) { + log.debug("No TLS plugin properties found for testWsConnection. Doing non-TLS test"); + // TODO Actually do the test } var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); try { - var url = new URL(templateValueReplacer.replaceValues( - dispatcherProperties.getHost(), channelId, channelName - )); - - var socketFactoryService = TLSServicePlugin.getPluginInstance().getSocketFactoryService(); - var socketFactory = socketFactoryService.getConnectorSocketFactory(null, properties); - - var result = ConnectionUtils.testConnection( - socketFactory, - url.toString(), - TEST_CONNECTION_TIMEOUT, - null, - 0 - ); + ConnectionTestResult result; + if (dispatcherProperties.getLocationURI() != null && !dispatcherProperties.getLocationURI().isBlank()) { + result = testConnection(channelId, channelName, dispatcherProperties.getLocationURI(), properties); + } else if (dispatcherProperties.getWsdlUrl() != null && !dispatcherProperties.getWsdlUrl().isBlank()) { + result = testConnection(channelId, channelName, dispatcherProperties.getWsdlUrl(), properties); + } else { + throw new Exception("Both WSDL URL and Location URI are blank. At least one must be populated in order to test connection."); + } return result; } catch (Exception e) { diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index 8df6a0641f..2cfbbb33db 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -18,7 +18,9 @@ import com.kaurpalang.mirth.annotationsplugin.annotation.MirthApiProvider; import com.kaurpalang.mirth.annotationsplugin.type.ApiProviderType; +import com.mirth.connect.client.core.ClientException; import com.mirth.connect.connectors.http.HttpDispatcherProperties; +import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; import com.mirth.connect.server.api.DontCheckAuthorized; import com.mirth.connect.server.api.MirthServlet; import lombok.extern.slf4j.Slf4j; @@ -142,7 +144,12 @@ public List getRemoteCertificates(String url) { } @Override - public ConnectionTestResult testConnection(String channelId, String channelName, HttpDispatcherProperties dispatcherProperties) { - return certificateService.testConnection(channelId, channelName, dispatcherProperties); + public ConnectionTestResult testTcpConnection(String channelId, String channelName, HttpDispatcherProperties dispatcherProperties) { + return certificateService.testTcpConnection(channelId, channelName, dispatcherProperties); + } + + @Override + public ConnectionTestResult testWsConnection(String channelId, String channelName, WebServiceDispatcherProperties wsDispatcherProperties) throws ClientException { + return certificateService.testWsConnection(channelId, channelName, wsDispatcherProperties); } } diff --git a/shared/pom.xml b/shared/pom.xml index 464a0ce825..3753f45f67 100644 --- a/shared/pom.xml +++ b/shared/pom.xml @@ -62,6 +62,18 @@ ${mirth.version} + + com.mirth.connect.connectors + tcp-shared + ${mirth.version} + + + + com.mirth.connect.connectors + ws-shared + ${mirth.version} + + com.mirth.connect donkey-model diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java index 2d79554cce..2dffd6407a 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java @@ -24,6 +24,7 @@ import com.mirth.connect.client.core.api.MirthOperation; import com.mirth.connect.client.core.api.Param; import com.mirth.connect.connectors.http.HttpDispatcherProperties; +import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Content; import io.swagger.v3.oas.annotations.media.ExampleObject; @@ -247,7 +248,7 @@ List getRemoteCertificates( ); @POST - @Path("/_testConnection") + @Path("/testTcpConnection") @io.swagger.v3.oas.annotations.Operation( summary = "Tests whether a connection can be successfully established to the destination endpoint." ) @@ -267,12 +268,12 @@ List getRemoteCertificates( )} ) @MirthOperation( - name = "testConnection", - display = "Test TLS Connection", + name = "testTcpConnection", + display = "Test TLS Connection in HTTP and TCP Senders", type = Operation.ExecuteType.ASYNC, auditable = false ) - ConnectionTestResult testConnection( + ConnectionTestResult testTcpConnection( @Param("channelId") @Parameter(description = "The ID of the channel.", required = true) @QueryParam("channelId") String channelId, @@ -295,4 +296,41 @@ ConnectionTestResult testConnection( ) }) HttpDispatcherProperties httpDispatcherProperties ) throws ClientException; + + @POST + @Path("/testWsConnection") + @io.swagger.v3.oas.annotations.Operation( + summary = "Tests whether a connection can be successfully established to the destination endpoint." + ) + @ApiResponse( + content = {@Content( + mediaType = "application/xml", + examples = {@ExampleObject( + name = "connection_test_response_http", + ref = "../apiexamples/connection_test_response_http_xml" + )} + ), @Content( + mediaType = "application/json", + examples = {@ExampleObject( + name = "connection_test_response_http", + ref = "../apiexamples/connection_test_response_http_json" + )} + )} + ) + @MirthOperation( + name = "testWsConnection", + display = "Test TLS Connection in Web Service Sender", + type = Operation.ExecuteType.ASYNC, + auditable = false + ) + ConnectionTestResult testWsConnection( + @Param("channelId") + @Parameter(description = "The ID of the channel.", required = true) + @QueryParam("channelId") String channelId, + @Param("channelName") + @Parameter(description = "The name of the channel.", required = true) + @QueryParam("channelName") String channelName, + @Param("properties") + @RequestBody(description = "The WebService Sender properties to use.", required = true) WebServiceDispatcherProperties wsDispatcherProperties + ) throws ClientException; } From a1156e5a5f27a09d91cf11cbdcb3c4d977bfa0c1 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 27 Oct 2025 18:01:40 +0200 Subject: [PATCH 136/360] Pretty --- .../tlsmanager/server/SocketFactoryService.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index b50d315eb3..eabd606e38 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -18,20 +18,17 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; -import java.util.concurrent.ConcurrentHashMap; @Slf4j public class SocketFactoryService { private final ConfigurationController configurationController; private final CertificateService certificateService; - private final ConcurrentHashMap socketFactories; public SocketFactoryService( ConfigurationController configurationController, CertificateService certificateService ) { - this.socketFactories = new ConcurrentHashMap<>(); this.certificateService = certificateService; this.configurationController = configurationController; } From b14e7f728cf3d86cc5b7a1876e80e71abc91b27d Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 28 Oct 2025 13:14:00 +0200 Subject: [PATCH 137/360] Greatly improve connection testing This change introduces separate testing functions for each connector, thus reducing the need to acoommodate different approaches. --- .../HTTPSenderConnectorPropertiesPanel.java | 34 +++-- .../tlsmanager/server/CertificateService.java | 120 ++++++++++++++---- .../server/servlets/TLSServlet.java | 8 +- .../server/util/ConnectionUtils.java | 12 +- .../shared/servlet/TLSServletInterface.java | 53 +++++++- 5 files changed, 187 insertions(+), 40 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index 3f7a6f8ebf..7ab78c440b 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -28,6 +28,7 @@ import com.mirth.connect.client.ui.panels.connectors.ResponseHandler; import com.mirth.connect.connectors.http.HttpDispatcherProperties; import com.mirth.connect.connectors.http.HttpSender; +import com.mirth.connect.connectors.tcp.TcpDispatcherProperties; import com.mirth.connect.connectors.tcp.TcpSender; import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; import com.mirth.connect.connectors.ws.WebServiceSender; @@ -111,7 +112,7 @@ public class HTTPSenderConnectorPropertiesPanel extends AbstractConnectorPropert private Set clientCertificates; private Frame parentFrame; - private enum TRANSPORT { HTTP, TCP, WS }; + private enum Transport { HTTP, TCP, WS }; private final ResponseHandler responseHandler; @@ -156,18 +157,18 @@ private List getButtonsByText(String text) { private void doActionListenerOverrides() { var settingsPanel = connectorPanel.getConnectorSettingsPanel(); - TRANSPORT transport; + Transport transport; if (settingsPanel instanceof HttpSender) { - transport = TRANSPORT.HTTP; + transport = Transport.HTTP; } else if (settingsPanel instanceof TcpSender) { - transport = TRANSPORT.TCP; + transport = Transport.TCP; } else if (settingsPanel instanceof WebServiceSender) { - transport = TRANSPORT.WS; + transport = Transport.WS; } else { return; } - if (transport == TRANSPORT.HTTP || transport == TRANSPORT.TCP) { + if (transport == Transport.HTTP || transport == Transport.TCP) { var testConnectionButtons = getButtonsByText("Test Connection"); if (!testConnectionButtons.isEmpty()) { var button = testConnectionButtons.get(0); @@ -178,14 +179,14 @@ private void doActionListenerOverrides() { // Replace the ActionListener button.removeActionListener(previousActionListener); - button.addActionListener(e -> testTlsConnection(previousActionListener, e)); + button.addActionListener(e -> testTlsConnection(previousActionListener, e, transport)); } else { var message = "No test connection button found in settings panel %s".formatted(settingsPanel); log(message); } } - if (transport == TRANSPORT.WS) { + if (transport == Transport.WS) { var testConnectionButtons = getButtonsByText("Test Connection"); if (!testConnectionButtons.isEmpty()) { // This works on the faint hope the buttons are ordered, and the order of said buttons is not messed with during processing... @@ -218,20 +219,31 @@ private void testTlsConnection(ActionListener nonTlsActionListener, ActionEvent } try { - connectorPanel + var servletInterface = connectorPanel .getConnectorSettingsPanel() .getServlet( TLSServletInterface.class, "Testing connection...", "Error testing TLS connection", this.responseHandler - ) - .testTcpConnection( + ); + + if (transport == Transport.HTTP) { + servletInterface.testHttpsConnection( connectorPanel.getConnectorSettingsPanel().getChannelId(), connectorPanel.getConnectorSettingsPanel().getChannelName(), (HttpDispatcherProperties) connectorPanel.getProperties() ); + } else if (transport == Transport.TCP) { + servletInterface.testTcpConnection( + connectorPanel.getConnectorSettingsPanel().getChannelId(), + connectorPanel.getConnectorSettingsPanel().getChannelName(), + (TcpDispatcherProperties) connectorPanel.getProperties() + ); + } + } catch (Exception e) { + e.printStackTrace(); // Should not happen? } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 72ba49134f..7610930f58 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -18,6 +18,7 @@ import com.mirth.connect.client.core.api.MirthApiException; import com.mirth.connect.connectors.http.HttpDispatcherProperties; +import com.mirth.connect.connectors.tcp.TcpDispatcherProperties; import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; import com.mirth.connect.donkey.server.channel.DestinationConnector; import com.mirth.connect.server.util.TemplateValueReplacer; @@ -85,9 +86,7 @@ public final class CertificateService { private TrustStoreBackend extraTrustStoreBackend; private TrustStoreBackend extraKeyStoreBackend; - private TemplateValueReplacer templateValueReplacer; - - private static int TEST_CONNECTION_TIMEOUT = 5_000; + private final TemplateValueReplacer templateValueReplacer; public CertificateService() { this(new TemplateValueReplacer()); @@ -450,33 +449,65 @@ public List retrieveRemoteCertificates(String urlString) { return result; } - private ConnectionTestResult testConnection( + public ConnectionTestResult testTcpConnection( String channelId, String channelName, - String host, - TLSConnectorProperties properties - ) throws IOException { - var url = new URL(templateValueReplacer.replaceValues( - host, channelId, channelName - )); + TcpDispatcherProperties dispatcherProperties + ) { + var oTlsPluginProperties = dispatcherProperties.getPluginProperties() + .stream() + .filter(TLSConnectorProperties.class::isInstance) + .findFirst(); + + if (oTlsPluginProperties.isEmpty()) { + log.debug("No TLS plugin properties found for testTcpConnection. Doing non-TLS test"); + // TODO Actually do the test + } + + var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); var socketFactoryService = TLSServicePlugin.getPluginInstance().getSocketFactoryService(); var socketFactory = socketFactoryService.getConnectorSocketFactory(null, properties); + try { - return ConnectionUtils.testConnection( - socketFactory, - url.toString(), - TEST_CONNECTION_TIMEOUT, - null, - 0 - ); + String host = templateValueReplacer.replaceValues(dispatcherProperties.getRemoteAddress(), channelId, channelName); + int port = Integer.parseInt(templateValueReplacer.replaceValues(dispatcherProperties.getRemotePort(), channelId, channelName)); + int timeout = Integer.parseInt(templateValueReplacer.replaceValues(dispatcherProperties.getResponseTimeout(), channelId, channelName)); + + if (!dispatcherProperties.isOverrideLocalBinding()) { + return ConnectionUtils.testConnection( + socketFactory, + host, + port, + timeout, + null, + 0 + ); + } else { + String localAddr = templateValueReplacer.replaceValues(dispatcherProperties.getLocalAddress(), channelId, channelName); + int localPort = Integer.parseInt(templateValueReplacer.replaceValues(dispatcherProperties.getLocalPort(), channelId, channelName)); + + return ConnectionUtils.testConnection( + socketFactory, + host, + port, + timeout, + localAddr, + localPort + ); + } + } catch (Exception e) { + throw new MirthApiException(e); + } } - public ConnectionTestResult testTcpConnection( + public ConnectionTestResult testHttpConnection( String channelId, String channelName, HttpDispatcherProperties dispatcherProperties ) { + final int TIMEOUT = 5000; + var oTlsPluginProperties = dispatcherProperties.getPluginProperties() .stream() .filter(TLSConnectorProperties.class::isInstance) @@ -488,8 +519,29 @@ public ConnectionTestResult testTcpConnection( } var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); + + var socketFactoryService = TLSServicePlugin.getPluginInstance().getSocketFactoryService(); + var socketFactory = socketFactoryService.getConnectorSocketFactory(null, properties); + try { - return testConnection(channelId, channelName, dispatcherProperties.getHost(), properties); + var url = new URL(templateValueReplacer.replaceValues(dispatcherProperties.getHost(), channelId, channelName)); + var port = url.getPort(); + + int computedPort; + if (port == -1) + // If no port was provided, default to port 80 or 443. + computedPort = "https".equalsIgnoreCase(url.getProtocol()) ? 443 : 80; + else + computedPort = port; + + return ConnectionUtils.testConnection( + socketFactory, + url.getHost(), + computedPort, + TIMEOUT, + null, + 0 + ); } catch (Exception e) { throw new MirthApiException(e); } @@ -500,6 +552,8 @@ public ConnectionTestResult testWsConnection( String channelName, WebServiceDispatcherProperties dispatcherProperties ) { + final int MAX_TIMEOUT = 300_000; // 5 minutes??? + var oTlsPluginProperties = dispatcherProperties.getPluginProperties() .stream() .filter(TLSConnectorProperties.class::isInstance) @@ -512,17 +566,37 @@ public ConnectionTestResult testWsConnection( var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); + var socketFactoryService = TLSServicePlugin.getPluginInstance().getSocketFactoryService(); + var socketFactory = socketFactoryService.getConnectorSocketFactory(null, properties); + try { - ConnectionTestResult result; + String host; if (dispatcherProperties.getLocationURI() != null && !dispatcherProperties.getLocationURI().isBlank()) { - result = testConnection(channelId, channelName, dispatcherProperties.getLocationURI(), properties); + host = dispatcherProperties.getLocationURI(); } else if (dispatcherProperties.getWsdlUrl() != null && !dispatcherProperties.getWsdlUrl().isBlank()) { - result = testConnection(channelId, channelName, dispatcherProperties.getWsdlUrl(), properties); + host = dispatcherProperties.getWsdlUrl(); } else { throw new Exception("Both WSDL URL and Location URI are blank. At least one must be populated in order to test connection."); } - return result; + var url = new URL(templateValueReplacer.replaceValues(host, channelId, channelName)); + var port = url.getPort(); + + int computedPort; + if (port == -1) + // If no port was provided, default to port 80 or 443. + computedPort = "https".equalsIgnoreCase(url.getProtocol()) ? 443 : 80; + else + computedPort = port; + + return ConnectionUtils.testConnection( + socketFactory, + url.getHost(), + computedPort, + MAX_TIMEOUT, + null, + 0 + ); } catch (Exception e) { throw new MirthApiException(e); } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index 2cfbbb33db..9864c48aa4 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -20,6 +20,7 @@ import com.kaurpalang.mirth.annotationsplugin.type.ApiProviderType; import com.mirth.connect.client.core.ClientException; import com.mirth.connect.connectors.http.HttpDispatcherProperties; +import com.mirth.connect.connectors.tcp.TcpDispatcherProperties; import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; import com.mirth.connect.server.api.DontCheckAuthorized; import com.mirth.connect.server.api.MirthServlet; @@ -144,10 +145,15 @@ public List getRemoteCertificates(String url) { } @Override - public ConnectionTestResult testTcpConnection(String channelId, String channelName, HttpDispatcherProperties dispatcherProperties) { + public ConnectionTestResult testTcpConnection(String channelId, String channelName, TcpDispatcherProperties dispatcherProperties) throws ClientException { return certificateService.testTcpConnection(channelId, channelName, dispatcherProperties); } + @Override + public ConnectionTestResult testHttpsConnection(String channelId, String channelName, HttpDispatcherProperties dispatcherProperties) throws ClientException { + return certificateService.testHttpConnection(channelId, channelName, dispatcherProperties); + } + @Override public ConnectionTestResult testWsConnection(String channelId, String channelName, WebServiceDispatcherProperties wsDispatcherProperties) throws ClientException { return certificateService.testWsConnection(channelId, channelName, wsDispatcherProperties); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java index 6a74003533..9516e1c03a 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/util/ConnectionUtils.java @@ -18,19 +18,20 @@ @Slf4j public class ConnectionUtils { - private static SchemePortResolver defaultSchemePortResolver = new DefaultSchemePortResolver(); public static ConnectionTestResult testConnection( SSLConnectionSocketFactory socketFactory, String host, + int port, int timeout, String localAddr, int localPort - ) throws IOException { + ) { return testConnection( socketFactory, null, host, + port, timeout, localAddr, localPort @@ -41,15 +42,18 @@ public static ConnectionTestResult testConnection( SSLConnectionSocketFactory socketFactory, Socket socket, String host, + int port, int timeout, String localAddr, int localPort - ) throws IOException { + ) { var startTime = Instant.now(); if ( host == null || host.isEmpty() + || (port < 0) + || (port > 65534) ) { return ConnectionTestResult.builder() .timestamp(startTime) @@ -59,7 +63,7 @@ public static ConnectionTestResult testConnection( var target = HttpHost.create(host); - InetSocketAddress remoteAddress = new InetSocketAddress(target.getHostName(), defaultSchemePortResolver.resolve(target)); + InetSocketAddress remoteAddress = new InetSocketAddress(host, port); InetSocketAddress localAddress = null; if (localAddr != null) { diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java index 2dffd6407a..4561afb513 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/servlet/TLSServletInterface.java @@ -24,6 +24,7 @@ import com.mirth.connect.client.core.api.MirthOperation; import com.mirth.connect.client.core.api.Param; import com.mirth.connect.connectors.http.HttpDispatcherProperties; +import com.mirth.connect.connectors.tcp.TcpDispatcherProperties; import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Content; @@ -269,11 +270,61 @@ List getRemoteCertificates( ) @MirthOperation( name = "testTcpConnection", - display = "Test TLS Connection in HTTP and TCP Senders", + display = "Test TLS Connection in TCP Senders", type = Operation.ExecuteType.ASYNC, auditable = false ) ConnectionTestResult testTcpConnection( + @Param("channelId") + @Parameter(description = "The ID of the channel.", required = true) + @QueryParam("channelId") String channelId, + @Param("channelName") + @Parameter(description = "The name of the channel.", required = true) + @QueryParam("channelName") String channelName, + @Param("properties") + @RequestBody(description = "The TCP Sender properties to use.", required = true, content = { + @Content( + mediaType = "application/xml", + examples = { + @ExampleObject(name = "http_dispatcher_properties", ref = "../apiexamples/http_dispatcher_properties_xml") + } + ), + @Content( + mediaType = "application/json", + examples = { + @ExampleObject(name = "http_dispatcher_properties", ref = "../apiexamples/http_dispatcher_properties_json") + } + ) + }) TcpDispatcherProperties httpDispatcherProperties + ) throws ClientException; + + @POST + @Path("/testHttpsConnection") + @io.swagger.v3.oas.annotations.Operation( + summary = "Tests whether a connection can be successfully established to the destination endpoint." + ) + @ApiResponse( + content = {@Content( + mediaType = "application/xml", + examples = {@ExampleObject( + name = "connection_test_response_http", + ref = "../apiexamples/connection_test_response_http_xml" + )} + ), @Content( + mediaType = "application/json", + examples = {@ExampleObject( + name = "connection_test_response_http", + ref = "../apiexamples/connection_test_response_http_json" + )} + )} + ) + @MirthOperation( + name = "testHttpsConnection", + display = "Test TLS Connection in HTTP Senders", + type = Operation.ExecuteType.ASYNC, + auditable = false + ) + ConnectionTestResult testHttpsConnection( @Param("channelId") @Parameter(description = "The ID of the channel.", required = true) @QueryParam("channelId") String channelId, From ae1fb50a0509d9358e3d4753d0c5002bf000da8c Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 28 Oct 2025 13:14:36 +0200 Subject: [PATCH 138/360] Delete annoying test --- .../tlsmanager/server/HttpSenderTest.java | 178 ------------------ 1 file changed, 178 deletions(-) delete mode 100644 server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java diff --git a/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java b/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java deleted file mode 100644 index 67e8cd770f..0000000000 --- a/server/src/test/java/org/openintegrationengine/tlsmanager/server/HttpSenderTest.java +++ /dev/null @@ -1,178 +0,0 @@ -package org.openintegrationengine.tlsmanager.server; - -import com.mirth.connect.donkey.server.channel.DestinationConnector; -import com.mirth.connect.server.controllers.ConfigurationController; -import com.mirth.connect.util.ConnectionTestResponse; -import com.mirth.connect.util.MirthSSLUtil; -import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.BeforeAll; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.MockedStatic; -import org.mockito.junit.jupiter.MockitoExtension; -import org.openintegrationengine.tlsmanager.server.backend.SystemTrustStoreBackend; -import org.openintegrationengine.tlsmanager.server.util.ConnectionUtils; -import org.openintegrationengine.tlsmanager.server.util.MockConfigurationController; -import org.openintegrationengine.tlsmanager.server.util.MockDestinationConnector; -import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; -import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; -import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; -import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; - -import javax.net.ssl.SSLHandshakeException; -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.util.Collections; -import java.util.Set; - -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.ArgumentMatchers.anyBoolean; -import static org.mockito.ArgumentMatchers.anySet; -import static org.mockito.ArgumentMatchers.isA; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.mockStatic; -import static org.mockito.Mockito.when; -import static org.openintegrationengine.tlsmanager.server.util.Statics.cipherSuites; -import static org.openintegrationengine.tlsmanager.server.util.Statics.protocols; - -@ExtendWith(MockitoExtension.class) -public class HttpSenderTest { - - private ConfigurationController configurationController; - private CertificateService certificateService; - - private DestinationConnector connector; - - private MockedStatic mirthSSLUtil; - - private static KeyStore systemTruststore; - - @BeforeAll - static void beforeAll() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException { - var trustStoreBackend = new SystemTrustStoreBackend(); - - systemTruststore = KeyStore.getInstance(TLSPluginConstants.PKCS12); - try (var bais = new ByteArrayInputStream(trustStoreBackend.load())) { - systemTruststore.load(bais, trustStoreBackend.loadPassword()); - } - } - - @BeforeEach - void beforeEach() { - // Nasty - mirthSSLUtil = mockStatic(MirthSSLUtil.class); - mirthSSLUtil - .when(MirthSSLUtil::getSupportedHttpsProtocols) - .thenReturn(protocols()); - mirthSSLUtil - .when(MirthSSLUtil::getSupportedHttpsCipherSuites) - .thenReturn(cipherSuites()); - mirthSSLUtil - .when(() -> MirthSSLUtil.getEnabledHttpsProtocols(any())) - .thenReturn(protocols()); - mirthSSLUtil - .when(() -> MirthSSLUtil.getEnabledHttpsCipherSuites(any())) - .thenReturn(cipherSuites()); - - configurationController = mock(MockConfigurationController.class); - connector = new MockDestinationConnector(); - - certificateService = mock(CertificateService.class); - } - - @AfterEach - public void tearDown() { - mirthSSLUtil.close(); - } - - @Test - void test_OSP_T13_untrustedConfiguredCertificate() { - var tlsProperties = new TLSConnectorProperties( - true, - false, - SubjectDnValidationMode.NONE, - null, - RevocationMode.HARD_FAIL, - RevocationMode.HARD_FAIL, - false, - Set.of("server2"), - true, - Collections.emptySet(), - true, - Collections.emptySet(), - false, - null - ); - - when( - certificateService.getTrustStoreFromProperties(anyBoolean(), anySet(), isA(MockDestinationConnector.class)) - ).thenReturn( - systemTruststore - ); - - var socketFactoryService = new SocketFactoryService(configurationController, certificateService); - var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, tlsProperties); - - var exception = assertThrows(SSLHandshakeException.class, () -> ConnectionUtils.testConnection( - socketFactory, - "https://valid.crl.caddy:9443", - 1_000, - null, - 0 - )); - - assertEquals( - "Validation error: Path does not chain with any of the trust anchors", - exception.getMessage() - ); - } - - @Test - void test_OSP_T14_systemTruststore() throws Exception { - var tlsProperties = new TLSConnectorProperties( - true, - false, - SubjectDnValidationMode.NONE, - null, - RevocationMode.HARD_FAIL, - RevocationMode.HARD_FAIL, - true, - Collections.emptySet(), - true, - Collections.emptySet(), - true, - Collections.emptySet(), - false, - null - ); - - when( - certificateService.getTrustStoreFromProperties(anyBoolean(), anySet(), isA(MockDestinationConnector.class)) - ).thenReturn( - systemTruststore - ); - - var socketFactoryService = new SocketFactoryService(configurationController, certificateService); - var socketFactory = socketFactoryService.getConnectorSocketFactory(connector, tlsProperties); - - var result = ConnectionUtils.testConnection( - socketFactory, - "https://bbc.co.uk", - 1_000, - null, - 0 - ); - - assertEquals( - ConnectionTestResponse.Type.SUCCESS, - result.getType() - ); - } -} From c923334d8d290539b6de3e0d176353766c89ea5c Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 28 Oct 2025 14:34:29 +0200 Subject: [PATCH 139/360] Display an error when TLS is not available for TCP sender --- .../tlsmanager/server/connectorconfig/TLSTcpConfiguration.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java index 2ef13efab6..8578bb7070 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java @@ -49,6 +49,9 @@ public Socket createSocket() { if (tlsConnectorProperties == null || !tlsConnectorProperties.isTlsManagerEnabled()) { return new StateAwareSocket(); } else { + if (socketFactory == null) { + throw new IllegalStateException("TLS for TCP connections is enabled, but socket factory is null. Possibly because no trust anchors were found."); + } return new StateAwareTLSSocket(socketFactory); } } From 5e2900f180cb4bab381ec28f663e684ec15430a8 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 28 Oct 2025 16:35:51 +0200 Subject: [PATCH 140/360] Add missing method argument --- .../client/panel/HTTPSenderConnectorPropertiesPanel.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java index 7ab78c440b..222d291c29 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java @@ -211,7 +211,7 @@ private void doActionListenerOverrides() { } } - private void testTlsConnection(ActionListener nonTlsActionListener, ActionEvent event) { + private void testTlsConnection(ActionListener nonTlsActionListener, ActionEvent event, Transport transport) { if (!properties.isTlsManagerEnabled()) { // If TLS management is disabled, run the previous non-tls connection test nonTlsActionListener.actionPerformed(event); From ce5dec226b85ebcc3acf8fc300660f488afb1adf Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 29 Oct 2025 09:56:50 +0200 Subject: [PATCH 141/360] Change SSL to TLS in generateTLSContext function --- .../tlsmanager/server/CertificateService.java | 10 +++++----- .../tlsmanager/server/SocketFactoryService.java | 7 ++++--- .../connectorconfig/TLSWebServiceConfiguration.java | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 7610930f58..78a2deb972 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -20,7 +20,7 @@ import com.mirth.connect.connectors.http.HttpDispatcherProperties; import com.mirth.connect.connectors.tcp.TcpDispatcherProperties; import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; -import com.mirth.connect.donkey.server.channel.DestinationConnector; +import com.mirth.connect.donkey.server.channel.Connector; import com.mirth.connect.server.util.TemplateValueReplacer; import lombok.Getter; import lombok.extern.slf4j.Slf4j; @@ -138,7 +138,7 @@ void init(TLSPluginConfiguration pluginConfiguration) { loadKeyStore(externalKeyStore, extraKeyStoreBytes, extraKeyStoreBackend.loadPassword()); } - KeyStore getKeyStore(String alias, DestinationConnector connector) { + KeyStore getKeyStore(String alias) { try { var keystore = KeyStore.getInstance(PKCS12); keystore.load(null, new char[0]); @@ -164,7 +164,7 @@ KeyStore getKeyStore(String alias, DestinationConnector connector) { } } - KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet, DestinationConnector connector) { + KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet, Connector connector) { try { KeyStore finalTrustStore; @@ -199,7 +199,7 @@ KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet if (!presentInSystem.isEmpty()) { log.warn( "Generating effective TrustStore for connector ({}) in channel ({}). Found and ignored aliases present in system truststore: {}", - connector == null ? "testConnection" : connector.getDestinationName(), + connector == null ? "testConnection" : connector.getConnectorProperties().getName(), connector == null ? "testConnection" : connector.getChannel().getName(), presentInSystem ); @@ -208,7 +208,7 @@ KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet if (!unknownAliases.isEmpty()) { log.warn( "Generating effective TrustStore for connector ({}) in channel ({}). Found aliases not present in additional truststore: {}", - connector == null ? "testConnection" : connector.getDestinationName(), + connector == null ? "testConnection" : connector.getConnectorProperties().getName(), connector == null ? "testConnection" : connector.getChannel().getName(), presentInSystem ); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index eabd606e38..a93f937cfe 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -1,5 +1,6 @@ package org.openintegrationengine.tlsmanager.server; +import com.mirth.connect.donkey.server.channel.Connector; import com.mirth.connect.donkey.server.channel.DestinationConnector; import com.mirth.connect.server.controllers.ConfigurationController; import com.mirth.connect.util.MirthSSLUtil; @@ -34,7 +35,7 @@ public SocketFactoryService( } public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector connector, TLSConnectorProperties properties) { - var contextContainer = generateSSLContext(connector, properties); + var contextContainer = generateTLSContext(connector, properties); return getConnectorSocketFactory(contextContainer); } @@ -50,7 +51,7 @@ public SSLConnectionSocketFactory getConnectorSocketFactory(WeirdIntermediaryCon ); } - public WeirdIntermediaryContextContainer generateSSLContext(DestinationConnector connector, TLSConnectorProperties properties) { + public WeirdIntermediaryContextContainer generateTLSContext(Connector connector, TLSConnectorProperties properties) { try { var truststore = certificateService.getTrustStoreFromProperties( properties.isTrustSystemTruststore(), @@ -75,7 +76,7 @@ public WeirdIntermediaryContextContainer generateSSLContext(DestinationConnector KeyManager[] keyManagers = null; var clientAlias = properties.getClientCertificateAlias(); if (clientAlias != null && !clientAlias.isBlank()) { - var keystore = certificateService.getKeyStore(clientAlias, connector); + var keystore = certificateService.getKeyStore(clientAlias); var keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keystore, new char[0]); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java index e46edc7adf..9ceb2a61f5 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java @@ -59,7 +59,7 @@ private void configureSocketFactory(WebServiceDispatcher connector) { .orElse(null); if (tlsConnectorProperties != null && tlsConnectorProperties.isTlsManagerEnabled()) { - contextContainer = socketFactoryService.generateSSLContext(connector, tlsConnectorProperties); + contextContainer = socketFactoryService.generateTLSContext(connector, tlsConnectorProperties); var socketConnectionFactory = socketFactoryService.getConnectorSocketFactory(contextContainer); if (socketConnectionFactory != null) { From 12a7b78deea65e57f8a908fc1a32c93c14367519 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 29 Oct 2025 09:58:31 +0200 Subject: [PATCH 142/360] Rename HTTPSenderConnectorPropertiesPanel to SenderConnectorPropertiesPanel --- .../tlsmanager/client/TLSConnectorPropertiesPlugin.java | 4 ++-- ...ertiesPanel.java => SenderConnectorPropertiesPanel.java} | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) rename client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/{HTTPSenderConnectorPropertiesPanel.java => SenderConnectorPropertiesPanel.java} (99%) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java index 446179ea75..32dcbfcf18 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java @@ -19,7 +19,7 @@ import com.kaurpalang.mirth.annotationsplugin.annotation.MirthClientClass; import com.mirth.connect.client.ui.AbstractConnectorPropertiesPanel; import com.mirth.connect.plugins.ConnectorPropertiesPlugin; -import org.openintegrationengine.tlsmanager.client.panel.HTTPSenderConnectorPropertiesPanel; +import org.openintegrationengine.tlsmanager.client.panel.SenderConnectorPropertiesPanel; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import org.openintegrationengine.tlsmanager.shared.SerializationController; @@ -48,7 +48,7 @@ public String getSettingsTitle() { @Override public AbstractConnectorPropertiesPanel getConnectorPropertiesPanel() { - return new HTTPSenderConnectorPropertiesPanel(); + return new SenderConnectorPropertiesPanel(); } @Override diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java similarity index 99% rename from client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java rename to client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java index 222d291c29..12ce2ab481 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/HTTPSenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java @@ -67,7 +67,7 @@ import java.util.function.BiConsumer; @Slf4j -public class HTTPSenderConnectorPropertiesPanel extends AbstractConnectorPropertiesPanel { +public class SenderConnectorPropertiesPanel extends AbstractConnectorPropertiesPanel { private JLabel managerEnabledLabel; private MirthRadioButton managerEnabledRadioYes; @@ -111,12 +111,12 @@ public class HTTPSenderConnectorPropertiesPanel extends AbstractConnectorPropert private Set publicCertificates; private Set clientCertificates; - private Frame parentFrame; + private final Frame parentFrame; private enum Transport { HTTP, TCP, WS }; private final ResponseHandler responseHandler; - public HTTPSenderConnectorPropertiesPanel() { + public SenderConnectorPropertiesPanel() { this.parentFrame = PlatformUI.MIRTH_FRAME; this.properties = new TLSConnectorProperties(); From 24fbfea45ab858196ca8debe1e1f6b2f3dd9e801 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 29 Oct 2025 10:16:58 +0200 Subject: [PATCH 143/360] Remove unnecessary connectors check --- .../client/TLSConnectorPropertiesPlugin.java | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java index 32dcbfcf18..3c4fecfa16 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java @@ -23,22 +23,14 @@ import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import org.openintegrationengine.tlsmanager.shared.SerializationController; -import java.util.List; import java.util.Set; @MirthClientClass public class TLSConnectorPropertiesPlugin extends ConnectorPropertiesPlugin { - private final List supportedConnectors; - public TLSConnectorPropertiesPlugin(String name) { super(name); - SerializationController.registerSerializableClasses(); - - supportedConnectors = List.of( - "HTTP Auth Connector Plugin Properties" - ); } @Override @@ -60,7 +52,7 @@ public boolean isSupported(String transportName) { @Override public boolean isConnectorPropertiesPluginSupported(String pluginPointName) { - return supportedConnectors.contains(pluginPointName); + return false; } @Override From b2eb6ddc87e8ac57df5b896ff8afdf00131603ec Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 29 Oct 2025 10:31:02 +0200 Subject: [PATCH 144/360] Rename TLSConnectorProperties to TLSSenderProperties --- .../panel/SenderConnectorPropertiesPanel.java | 16 ++++++++-------- .../tlsmanager/server/CertificateService.java | 14 +++++++------- .../tlsmanager/server/SocketFactoryService.java | 6 +++--- .../connectorconfig/TLSHttpConfiguration.java | 6 +++--- .../connectorconfig/TLSTcpConfiguration.java | 16 ++++++++-------- .../TLSWebServiceConfiguration.java | 6 +++--- .../shared/SerializationController.java | 4 ++-- ...rProperties.java => TLSSenderProperties.java} | 10 +++++----- 8 files changed, 39 insertions(+), 39 deletions(-) rename shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/{TLSConnectorProperties.java => TLSSenderProperties.java} (93%) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java index 12ce2ab481..a1bc0aaad9 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java @@ -42,7 +42,7 @@ import org.openintegrationengine.tlsmanager.shared.models.ConnectionTestResult; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; -import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; import org.openintegrationengine.tlsmanager.shared.servlet.TLSServletInterface; import javax.swing.ButtonGroup; @@ -107,7 +107,7 @@ public class SenderConnectorPropertiesPanel extends AbstractConnectorPropertiesP private JButton ciphersButton; private JLabel ciphersText; - private TLSConnectorProperties properties; + private TLSSenderProperties properties; private Set publicCertificates; private Set clientCertificates; @@ -119,7 +119,7 @@ private enum Transport { HTTP, TCP, WS }; public SenderConnectorPropertiesPanel() { this.parentFrame = PlatformUI.MIRTH_FRAME; - this.properties = new TLSConnectorProperties(); + this.properties = new TLSSenderProperties(); this.publicCertificates = new HashSet<>(); this.clientCertificates = new HashSet<>(); @@ -304,22 +304,22 @@ private boolean canTestConnection(boolean isWsdlUrlBeingTested) { } @Override - public TLSConnectorProperties getProperties() { + public TLSSenderProperties getProperties() { return properties.clone(); } @Override public void setProperties(ConnectorProperties connectorProperties, ConnectorPluginProperties connectorPluginProperties, Connector.Mode mode, String s) { - if (connectorPluginProperties instanceof TLSConnectorProperties TLSConnectorProperties) { - this.properties = TLSConnectorProperties; + if (connectorPluginProperties instanceof TLSSenderProperties TLSSenderProperties) { + this.properties = TLSSenderProperties; redrawState(); - handleManagerEnabledButton(TLSConnectorProperties.isTlsManagerEnabled()); + handleManagerEnabledButton(TLSSenderProperties.isTlsManagerEnabled()); } } @Override public ConnectorPluginProperties getDefaults() { - return new TLSConnectorProperties(); + return new TLSSenderProperties(); } @Override diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 78a2deb972..4361d7f31c 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -38,7 +38,7 @@ import org.openintegrationengine.tlsmanager.shared.models.LocalCertificate; import org.openintegrationengine.tlsmanager.shared.models.TLSPluginConfiguration; import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; -import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; import javax.net.ssl.HttpsURLConnection; import java.io.ByteArrayInputStream; @@ -456,7 +456,7 @@ public ConnectionTestResult testTcpConnection( ) { var oTlsPluginProperties = dispatcherProperties.getPluginProperties() .stream() - .filter(TLSConnectorProperties.class::isInstance) + .filter(TLSSenderProperties.class::isInstance) .findFirst(); if (oTlsPluginProperties.isEmpty()) { @@ -464,7 +464,7 @@ public ConnectionTestResult testTcpConnection( // TODO Actually do the test } - var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); + var properties = (TLSSenderProperties) oTlsPluginProperties.get(); var socketFactoryService = TLSServicePlugin.getPluginInstance().getSocketFactoryService(); var socketFactory = socketFactoryService.getConnectorSocketFactory(null, properties); @@ -510,7 +510,7 @@ public ConnectionTestResult testHttpConnection( var oTlsPluginProperties = dispatcherProperties.getPluginProperties() .stream() - .filter(TLSConnectorProperties.class::isInstance) + .filter(TLSSenderProperties.class::isInstance) .findFirst(); if (oTlsPluginProperties.isEmpty()) { @@ -518,7 +518,7 @@ public ConnectionTestResult testHttpConnection( // TODO Actually do the test } - var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); + var properties = (TLSSenderProperties) oTlsPluginProperties.get(); var socketFactoryService = TLSServicePlugin.getPluginInstance().getSocketFactoryService(); var socketFactory = socketFactoryService.getConnectorSocketFactory(null, properties); @@ -556,7 +556,7 @@ public ConnectionTestResult testWsConnection( var oTlsPluginProperties = dispatcherProperties.getPluginProperties() .stream() - .filter(TLSConnectorProperties.class::isInstance) + .filter(TLSSenderProperties.class::isInstance) .findFirst(); if (oTlsPluginProperties.isEmpty()) { @@ -564,7 +564,7 @@ public ConnectionTestResult testWsConnection( // TODO Actually do the test } - var properties = (TLSConnectorProperties) oTlsPluginProperties.get(); + var properties = (TLSSenderProperties) oTlsPluginProperties.get(); var socketFactoryService = TLSServicePlugin.getPluginInstance().getSocketFactoryService(); var socketFactory = socketFactoryService.getConnectorSocketFactory(null, properties); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index a93f937cfe..80b3096dae 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -9,7 +9,7 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.openintegrationengine.tlsmanager.server.revocation.DualCheckerTrustManager; import org.openintegrationengine.tlsmanager.shared.models.WeirdIntermediaryContextContainer; -import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; @@ -34,7 +34,7 @@ public SocketFactoryService( this.configurationController = configurationController; } - public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector connector, TLSConnectorProperties properties) { + public SSLConnectionSocketFactory getConnectorSocketFactory(DestinationConnector connector, TLSSenderProperties properties) { var contextContainer = generateTLSContext(connector, properties); return getConnectorSocketFactory(contextContainer); } @@ -51,7 +51,7 @@ public SSLConnectionSocketFactory getConnectorSocketFactory(WeirdIntermediaryCon ); } - public WeirdIntermediaryContextContainer generateTLSContext(Connector connector, TLSConnectorProperties properties) { + public WeirdIntermediaryContextContainer generateTLSContext(Connector connector, TLSSenderProperties properties) { try { var truststore = certificateService.getTrustStoreFromProperties( properties.isTrustSystemTruststore(), diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java index 88c7a6d584..c00410e22a 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java @@ -38,7 +38,7 @@ import org.openintegrationengine.tlsmanager.server.CertificateService; import org.openintegrationengine.tlsmanager.server.SocketFactoryService; import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; -import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; @Slf4j public class TLSHttpConfiguration extends DefaultHttpConfiguration { @@ -115,9 +115,9 @@ public void configureReceiver(HttpReceiver connector) throws Exception { private void configureSocketFactory(HttpDispatcher connector) { var tlsConnectorProperties = connector.getConnectorProperties().getPluginProperties() .stream() - .filter(TLSConnectorProperties.class::isInstance) + .filter(TLSSenderProperties.class::isInstance) .findFirst() - .map(TLSConnectorProperties.class::cast) + .map(TLSSenderProperties.class::cast) .orElse(null); if (tlsConnectorProperties != null && tlsConnectorProperties.isTlsManagerEnabled()) { diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java index 8578bb7070..07468b2807 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java @@ -8,7 +8,7 @@ import org.openintegrationengine.tlsmanager.server.SocketFactoryService; import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; import org.openintegrationengine.tlsmanager.server.io.StateAwareTLSSocket; -import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; import java.net.Socket; @@ -16,7 +16,7 @@ public class TLSTcpConfiguration extends DefaultTcpConfiguration { private final SocketFactoryService socketFactoryService; - private TLSConnectorProperties tlsConnectorProperties; + private TLSSenderProperties tlsSenderProperties; private SSLConnectionSocketFactory socketFactory; @@ -32,21 +32,21 @@ public TLSTcpConfiguration(SocketFactoryService socketFactoryService) { public void configureConnectorDeploy(Connector connector) throws Exception { var tcpDispatcher = (TcpDispatcher) connector; - this.tlsConnectorProperties = tcpDispatcher.getConnectorProperties().getPluginProperties() + this.tlsSenderProperties = tcpDispatcher.getConnectorProperties().getPluginProperties() .stream() - .filter(TLSConnectorProperties.class::isInstance) + .filter(TLSSenderProperties.class::isInstance) .findFirst() - .map(TLSConnectorProperties.class::cast) + .map(TLSSenderProperties.class::cast) .orElse(null); - if (tlsConnectorProperties != null && tlsConnectorProperties.isTlsManagerEnabled()) { - socketFactory = socketFactoryService.getConnectorSocketFactory(tcpDispatcher, tlsConnectorProperties); + if (tlsSenderProperties != null && tlsSenderProperties.isTlsManagerEnabled()) { + socketFactory = socketFactoryService.getConnectorSocketFactory(tcpDispatcher, tlsSenderProperties); } } @Override public Socket createSocket() { - if (tlsConnectorProperties == null || !tlsConnectorProperties.isTlsManagerEnabled()) { + if (tlsSenderProperties == null || !tlsSenderProperties.isTlsManagerEnabled()) { return new StateAwareSocket(); } else { if (socketFactory == null) { diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java index 9ceb2a61f5..8a272280ab 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java @@ -9,7 +9,7 @@ import org.openintegrationengine.tlsmanager.server.SocketFactoryService; import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; import org.openintegrationengine.tlsmanager.shared.models.WeirdIntermediaryContextContainer; -import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; import javax.net.ssl.SSLSocketFactory; import java.util.Map; @@ -53,9 +53,9 @@ public void configureDispatcher(WebServiceDispatcher connector, WebServiceDispat private void configureSocketFactory(WebServiceDispatcher connector) { var tlsConnectorProperties = connector.getConnectorProperties().getPluginProperties() .stream() - .filter(TLSConnectorProperties.class::isInstance) + .filter(TLSSenderProperties.class::isInstance) .findFirst() - .map(TLSConnectorProperties.class::cast) + .map(TLSSenderProperties.class::cast) .orElse(null); if (tlsConnectorProperties != null && tlsConnectorProperties.isTlsManagerEnabled()) { diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java index 1184fa1ae0..de41b343b2 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java @@ -20,14 +20,14 @@ import org.openintegrationengine.tlsmanager.shared.models.ConnectionTestResult; import org.openintegrationengine.tlsmanager.shared.models.LocalCertificate; import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; -import org.openintegrationengine.tlsmanager.shared.properties.TLSConnectorProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; import java.util.List; public class SerializationController { private static final List types = List.of( - TLSConnectorProperties.class.getCanonicalName(), + TLSSenderProperties.class.getCanonicalName(), TrustedCertificate.class.getCanonicalName(), LocalCertificate.class.getCanonicalName(), ConnectionTestResult.class.getCanonicalName() diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java similarity index 93% rename from shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java rename to shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java index 2b9f202175..bf89758787 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSConnectorProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java @@ -33,7 +33,7 @@ @Setter @EqualsAndHashCode(callSuper = false) @AllArgsConstructor -public class TLSConnectorProperties extends ConnectorPluginProperties { +public class TLSSenderProperties extends ConnectorPluginProperties { private boolean isTlsManagerEnabled; private boolean isServerCertificateValidationEnabled; @@ -60,7 +60,7 @@ public class TLSConnectorProperties extends ConnectorPluginProperties { private boolean isHostnameVerificationEnabled; private String clientCertificateAlias; - public TLSConnectorProperties() { + public TLSSenderProperties() { isTlsManagerEnabled = false; isServerCertificateValidationEnabled = false; @@ -83,7 +83,7 @@ public TLSConnectorProperties() { clientCertificateAlias = null; } - public TLSConnectorProperties(TLSConnectorProperties props) { + public TLSSenderProperties(TLSSenderProperties props) { isTlsManagerEnabled = props.isTlsManagerEnabled(); isServerCertificateValidationEnabled = props.isServerCertificateValidationEnabled(); @@ -112,8 +112,8 @@ public String getName() { } @Override - public TLSConnectorProperties clone() { - return new TLSConnectorProperties(this); + public TLSSenderProperties clone() { + return new TLSSenderProperties(this); } @Override From 097b51d2a6cb4807bab881cfe33457ee2fdb0a9e Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 29 Oct 2025 10:35:23 +0200 Subject: [PATCH 145/360] Rename TLSConnectorPropertiesPlugin to TLSSenderConnectorPropertiesPlugin --- ...iesPlugin.java => TLSSenderConnectorPropertiesPlugin.java} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename client/src/main/java/org/openintegrationengine/tlsmanager/client/{TLSConnectorPropertiesPlugin.java => TLSSenderConnectorPropertiesPlugin.java} (92%) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java similarity index 92% rename from client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java rename to client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java index 3c4fecfa16..d3609008ae 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSConnectorPropertiesPlugin.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java @@ -26,9 +26,9 @@ import java.util.Set; @MirthClientClass -public class TLSConnectorPropertiesPlugin extends ConnectorPropertiesPlugin { +public class TLSSenderConnectorPropertiesPlugin extends ConnectorPropertiesPlugin { - public TLSConnectorPropertiesPlugin(String name) { + public TLSSenderConnectorPropertiesPlugin(String name) { super(name); SerializationController.registerSerializableClasses(); } From 9ff1ee1db2091730e9f18f7f8831254dbe9a048b Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 29 Oct 2025 10:56:28 +0200 Subject: [PATCH 146/360] Initial setup for listeners --- .../TLSListenerConnectorPropertiesPlugin.java | 61 ++++++++++++ .../ListenerConnectorPropertiesPanel.java | 95 +++++++++++++++++++ .../shared/SerializationController.java | 2 + .../properties/TLSListenerProperties.java | 42 ++++++++ 4 files changed, 200 insertions(+) create mode 100644 client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSListenerConnectorPropertiesPlugin.java create mode 100644 client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSListenerConnectorPropertiesPlugin.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSListenerConnectorPropertiesPlugin.java new file mode 100644 index 0000000000..f7bc2390a4 --- /dev/null +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSListenerConnectorPropertiesPlugin.java @@ -0,0 +1,61 @@ +/* + * Copyright 2025 Kaur Palang + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.openintegrationengine.tlsmanager.client; + +import com.kaurpalang.mirth.annotationsplugin.annotation.MirthClientClass; +import com.mirth.connect.client.ui.AbstractConnectorPropertiesPanel; +import com.mirth.connect.plugins.ConnectorPropertiesPlugin; +import org.openintegrationengine.tlsmanager.client.panel.ListenerConnectorPropertiesPanel; +import org.openintegrationengine.tlsmanager.shared.SerializationController; + +import java.util.Set; + +@MirthClientClass +public class TLSListenerConnectorPropertiesPlugin extends ConnectorPropertiesPlugin { + + public TLSListenerConnectorPropertiesPlugin(String name) { + super(name); + SerializationController.registerSerializableClasses(); + } + + @Override + public String getSettingsTitle() { + return "TLS Settings"; + } + + @Override + public AbstractConnectorPropertiesPanel getConnectorPropertiesPanel() { + return new ListenerConnectorPropertiesPanel(); + } + + @Override + public boolean isSupported(String transportName) { + return Set + .of("HTTP Listener", "TCP Listener", "Web Service Listener") + .contains(transportName); + } + + @Override + public boolean isConnectorPropertiesPluginSupported(String pluginPointName) { + return false; + } + + @Override + public String getPluginPointName() { + return "TLS Listener Connector Properties Plugin"; + } +} diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java new file mode 100644 index 0000000000..d13cbc3eb5 --- /dev/null +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java @@ -0,0 +1,95 @@ +package org.openintegrationengine.tlsmanager.client.panel; + +import com.mirth.connect.client.ui.AbstractConnectorPropertiesPanel; +import com.mirth.connect.client.ui.Frame; +import com.mirth.connect.client.ui.UIConstants; +import com.mirth.connect.client.ui.components.MirthRadioButton; +import com.mirth.connect.donkey.model.channel.ConnectorPluginProperties; +import com.mirth.connect.donkey.model.channel.ConnectorProperties; +import com.mirth.connect.model.Connector; +import net.miginfocom.swing.MigLayout; +import org.openintegrationengine.tlsmanager.shared.properties.TLSListenerProperties; + +import javax.swing.ButtonGroup; +import javax.swing.ImageIcon; +import javax.swing.JLabel; +import java.awt.Color; +import java.awt.Component; + +public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertiesPanel { + + private JLabel managerEnabledLabel; + private MirthRadioButton managerEnabledRadioYes; + private MirthRadioButton managerEnabledRadioNo; + + private TLSListenerProperties properties; + + public ListenerConnectorPropertiesPanel() { + initComponents(); + initLayout(); + } + + @Override + public ConnectorPluginProperties getProperties() { + return properties.clone(); + } + + @Override + public void setProperties(ConnectorProperties connectorProperties, ConnectorPluginProperties connectorPluginProperties, Connector.Mode mode, String s) { + if (connectorPluginProperties instanceof TLSListenerProperties tlsListenerProperties) { + this.properties = tlsListenerProperties; + } + } + + @Override + public ConnectorPluginProperties getDefaults() { + return new TLSListenerProperties(); + } + + @Override + public boolean checkProperties(ConnectorProperties connectorProperties, ConnectorPluginProperties connectorPluginProperties, Connector.Mode mode, String s, boolean b) { + return true; + } + + @Override + public void resetInvalidProperties() { + + } + + @Override + public Component[][] getLayoutComponents() { + return new Component[0][]; + } + + @Override + public void setLayoutComponentsEnabled(boolean b) {} + + private void initComponents() { + setBackground(UIConstants.BACKGROUND_COLOR); + + var wrenchIcon = new ImageIcon(Frame.class.getResource("images/wrench.png")); + + managerEnabledLabel = new JLabel("Use TLS Manager:"); + var managerEnabledButtonGroup = new ButtonGroup(); + + managerEnabledRadioYes = new MirthRadioButton(); + managerEnabledRadioYes.setText("Yes"); + managerEnabledRadioYes.setBackground(Color.white); + //managerEnabledRadioYes.addActionListener(e -> handleManagerEnabledButton(true)); + managerEnabledButtonGroup.add(managerEnabledRadioYes); + + managerEnabledRadioNo = new MirthRadioButton(); + managerEnabledRadioNo.setText("No"); + managerEnabledRadioNo.setBackground(Color.white); + //managerEnabledRadioNo.addActionListener(e -> handleManagerEnabledButton(false)); + managerEnabledButtonGroup.add(managerEnabledRadioNo); + } + + private void initLayout() { + setLayout(new MigLayout("insets 0, novisualpadding, hidemode 3", "[]12[]", "")); + + add(managerEnabledLabel, "newline, right"); + add(managerEnabledRadioYes, "split"); + add(managerEnabledRadioNo); + } +} diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java index de41b343b2..6dc0dea4ed 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/SerializationController.java @@ -21,6 +21,7 @@ import org.openintegrationengine.tlsmanager.shared.models.LocalCertificate; import org.openintegrationengine.tlsmanager.shared.models.TrustedCertificate; import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; +import org.openintegrationengine.tlsmanager.shared.properties.TLSListenerProperties; import java.util.List; @@ -28,6 +29,7 @@ public class SerializationController { private static final List types = List.of( TLSSenderProperties.class.getCanonicalName(), + TLSListenerProperties.class.getCanonicalName(), TrustedCertificate.class.getCanonicalName(), LocalCertificate.class.getCanonicalName(), ConnectionTestResult.class.getCanonicalName() diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java new file mode 100644 index 0000000000..0c4d39a075 --- /dev/null +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java @@ -0,0 +1,42 @@ +package org.openintegrationengine.tlsmanager.shared.properties; + +import com.mirth.connect.donkey.model.channel.ConnectorPluginProperties; +import lombok.AllArgsConstructor; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.Setter; +import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; + +import java.util.Map; + +@Getter +@Setter +@EqualsAndHashCode(callSuper = false) +@AllArgsConstructor +public class TLSListenerProperties extends ConnectorPluginProperties { + + private boolean isTlsManagerEnabled; + + public TLSListenerProperties() { + isTlsManagerEnabled = false; + } + + public TLSListenerProperties(TLSListenerProperties properties) { + isTlsManagerEnabled = properties.isTlsManagerEnabled(); + } + + @Override + public String getName() { + return TLSPluginConstants.PLUGIN_POINTNAME; + } + + @Override + public ConnectorPluginProperties clone() { + return new TLSListenerProperties(this); + } + + @Override + public Map getPurgedProperties() { + return Map.of(); + } +} From 5d701d7d07a34f23a08c50c67155cb060cf8d8a2 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 29 Oct 2025 10:58:30 +0200 Subject: [PATCH 147/360] Delete sample plugin remnants --- .../tlsmanager/client/MySettingsPlugin.java | 58 --------- .../client/panel/MainSettingsPanel.java | 119 ------------------ 2 files changed, 177 deletions(-) delete mode 100644 client/src/main/java/org/openintegrationengine/tlsmanager/client/MySettingsPlugin.java delete mode 100644 client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/MainSettingsPanel.java diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/MySettingsPlugin.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/MySettingsPlugin.java deleted file mode 100644 index afe334005e..0000000000 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/MySettingsPlugin.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2025 Kaur Palang - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.openintegrationengine.tlsmanager.client; - -import com.kaurpalang.mirth.annotationsplugin.annotation.MirthClientClass; -import org.openintegrationengine.tlsmanager.client.panel.MainSettingsPanel; -import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; -import com.mirth.connect.client.ui.AbstractSettingsPanel; -import com.mirth.connect.plugins.SettingsPanelPlugin; - -@MirthClientClass -public class MySettingsPlugin extends SettingsPanelPlugin { - - private MainSettingsPanel mainSettingsPanel; - - public MySettingsPlugin(String name) { - super(name); - } - - @Override - public AbstractSettingsPanel getSettingsPanel() { - return this.mainSettingsPanel; - } - - @Override - public String getPluginPointName() { - return TLSPluginConstants.PLUGIN_POINTNAME; - } - - @Override - public void start() { - this.mainSettingsPanel = new MainSettingsPanel(); - } - - @Override - public void stop() { - - } - - @Override - public void reset() { - - } -} diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/MainSettingsPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/MainSettingsPanel.java deleted file mode 100644 index 2eff91a774..0000000000 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/MainSettingsPanel.java +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright 2025 Kaur Palang - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.openintegrationengine.tlsmanager.client.panel; - -import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; -import com.mirth.connect.client.ui.AbstractSettingsPanel; -import com.mirth.connect.client.ui.components.MirthCheckBox; -import com.mirth.connect.client.ui.components.MirthPasswordField; -import com.mirth.connect.client.ui.components.MirthTextField; -import net.miginfocom.swing.MigLayout; - -import javax.swing.BorderFactory; -import javax.swing.JButton; -import javax.swing.JLabel; -import javax.swing.JPanel; -import javax.swing.border.TitledBorder; -import java.awt.Color; -import java.awt.Font; - -public class MainSettingsPanel extends AbstractSettingsPanel { - - /** - * Create component variables - */ - private JLabel forcefulLabel; - private MirthCheckBox forcefulCheckbox; - - private JLabel remoteUsernameLabel; - private MirthTextField remoteUsernameTextField; - - private JLabel remotePasswordLabel; - private MirthPasswordField remotePasswordField; - - private JButton testRemoteButton; - - public MainSettingsPanel() { - // The name of our tab in the Settings menu - super(TLSPluginConstants.SETTINGS_TABNAME_MAIN); - initComponents(); - } - - private void initComponents() { - setBackground(Color.WHITE); - setBorder(BorderFactory.createEmptyBorder(0, 0, 0, 0)); - setLayout(new MigLayout("insets 12, novisualpadding, hidemode 3, fill, gap 6", "", "[][][][grow]")); - - /** - * Instantiate component variables - */ - forcefulLabel = new JLabel("Force push:"); - forcefulCheckbox = new MirthCheckBox(); - forcefulLabel.setToolTipText("This is a\nmultiline tooltip ;)"); - forcefulCheckbox.setBackground(Color.WHITE); - - remoteUsernameLabel = new JLabel("Username:"); - remoteUsernameTextField = new MirthTextField(); - - remotePasswordLabel = new JLabel("Password:"); - remotePasswordField = new MirthPasswordField(); - - testRemoteButton = new JButton("Do a thing button"); - - /* - * Create the base container for our components - */ - JPanel deetsPanel = new JPanel(); - deetsPanel.setLayout(new MigLayout("insets 12, novisualpadding, hidemode 3, fill, gap 6", "[]12[][grow]", "")); - deetsPanel.setBackground(Color.WHITE); - deetsPanel.setBorder( - BorderFactory.createTitledBorder( - BorderFactory.createMatteBorder(1, 0, 0, 0, new Color(204, 204, 204)), - "MyPlugin", - TitledBorder.DEFAULT_JUSTIFICATION, - TitledBorder.DEFAULT_POSITION, - new Font("Tahoma", 1, 11) - ) - ); - - /* - * Add our components to the base container - */ - deetsPanel.add(forcefulLabel, "right"); - deetsPanel.add(forcefulCheckbox); - deetsPanel.add(remoteUsernameLabel, "newline, right"); - deetsPanel.add(remoteUsernameTextField, "w 168!"); - deetsPanel.add(remotePasswordLabel, "newline, right"); - deetsPanel.add(remotePasswordField, "w 168!"); - deetsPanel.add(testRemoteButton, "newline"); - - /** - * Add base container to Mirth's more base-er container - */ - add(deetsPanel, "growx"); - } - - @Override - public void doRefresh() { - - } - - @Override - public boolean doSave() { - return false; - } -} From 336b38450c4c8c788c01888260f9478238215979 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 29 Oct 2025 11:22:06 +0200 Subject: [PATCH 148/360] Typo --- .../tlsmanager/client/panel/SenderConnectorPropertiesPanel.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java index a1bc0aaad9..5dcc6cbbeb 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java @@ -728,7 +728,7 @@ public Void doInBackground() { try { aliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getClientCertificates(); } catch (Exception e) { - PlatformUI.MIRTH_FRAME.alertThrowable(PlatformUI.MIRTH_FRAME, e, "Fetching imported clint certificates failed"); + PlatformUI.MIRTH_FRAME.alertThrowable(PlatformUI.MIRTH_FRAME, e, "Fetching imported client certificates failed"); } return null; From 4ca0da62a410a4bdcf44ccdcfce437266059667a Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 29 Oct 2025 16:16:55 +0200 Subject: [PATCH 149/360] More Listener UI and properties --- .../ListenerConnectorPropertiesPanel.java | 255 +++++++++++++++++- .../properties/TLSListenerProperties.java | 47 +++- 2 files changed, 298 insertions(+), 4 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java index d13cbc3eb5..afd0190c2e 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java @@ -2,19 +2,34 @@ import com.mirth.connect.client.ui.AbstractConnectorPropertiesPanel; import com.mirth.connect.client.ui.Frame; +import com.mirth.connect.client.ui.PlatformUI; import com.mirth.connect.client.ui.UIConstants; +import com.mirth.connect.client.ui.components.MirthComboBox; import com.mirth.connect.client.ui.components.MirthRadioButton; +import com.mirth.connect.client.ui.components.MirthTextField; import com.mirth.connect.donkey.model.channel.ConnectorPluginProperties; import com.mirth.connect.donkey.model.channel.ConnectorProperties; import com.mirth.connect.model.Connector; import net.miginfocom.swing.MigLayout; +import org.openintegrationengine.tlsmanager.client.dialog.ItemPickerDialog; +import org.openintegrationengine.tlsmanager.client.misc.DisplayTextEnumModeComboBoxRenderer; +import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; +import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; import org.openintegrationengine.tlsmanager.shared.properties.TLSListenerProperties; import javax.swing.ButtonGroup; +import javax.swing.DefaultComboBoxModel; import javax.swing.ImageIcon; +import javax.swing.JButton; import javax.swing.JLabel; import java.awt.Color; import java.awt.Component; +import java.awt.event.KeyAdapter; +import java.awt.event.KeyEvent; +import java.util.Arrays; +import java.util.Collections; +import java.util.Set; +import java.util.function.BiConsumer; public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertiesPanel { @@ -22,9 +37,38 @@ public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertie private MirthRadioButton managerEnabledRadioYes; private MirthRadioButton managerEnabledRadioNo; + private JLabel clientAuthLabel; + private MirthRadioButton clientAuthRadioNone; + private MirthRadioButton clientAuthRadioRequested; + private MirthRadioButton clientAuthRadioRequired; + + // Trusted client certs picker + + private JLabel subjectDnValidationLabel; + private MirthComboBox subjectDnValidationModeComboBox; + private MirthTextField subjectDnValidationFilterTextField; + + private JLabel crlModeLabel; + private MirthComboBox crlModeComboBox; + + private JLabel ocspModeLabel; + private MirthComboBox ocspModeComboBox; + + private JLabel protocolsLabel; + private JButton protocolsButton; + private JLabel protocolsText; + + private JLabel ciphersLabel; + private JButton ciphersButton; + private JLabel ciphersText; + + private final Frame parentFrame; private TLSListenerProperties properties; public ListenerConnectorPropertiesPanel() { + this.parentFrame = PlatformUI.MIRTH_FRAME; + this.properties = new TLSListenerProperties(); + initComponents(); initLayout(); } @@ -75,14 +119,126 @@ private void initComponents() { managerEnabledRadioYes = new MirthRadioButton(); managerEnabledRadioYes.setText("Yes"); managerEnabledRadioYes.setBackground(Color.white); - //managerEnabledRadioYes.addActionListener(e -> handleManagerEnabledButton(true)); + managerEnabledRadioYes.addActionListener(e -> handleManagerEnabledButton(true)); managerEnabledButtonGroup.add(managerEnabledRadioYes); managerEnabledRadioNo = new MirthRadioButton(); managerEnabledRadioNo.setText("No"); managerEnabledRadioNo.setBackground(Color.white); - //managerEnabledRadioNo.addActionListener(e -> handleManagerEnabledButton(false)); + managerEnabledRadioNo.addActionListener(e -> handleManagerEnabledButton(false)); managerEnabledButtonGroup.add(managerEnabledRadioNo); + + clientAuthLabel = new JLabel("Client Authentication Mode"); + + var clientAuthModeButtonGroup = new ButtonGroup(); + clientAuthRadioNone = new MirthRadioButton(); + clientAuthRadioNone.setText("None"); + clientAuthRadioNone.setBackground(Color.white); + clientAuthModeButtonGroup.add(clientAuthRadioNone); + + clientAuthRadioRequested = new MirthRadioButton(); + clientAuthRadioRequested.setText("Requested"); + clientAuthRadioRequested.setBackground(Color.white); + clientAuthModeButtonGroup.add(clientAuthRadioRequested); + + clientAuthRadioRequired = new MirthRadioButton(); + clientAuthRadioRequired.setText("Required"); + clientAuthRadioRequired.setBackground(Color.white); + clientAuthModeButtonGroup.add(clientAuthRadioRequired); + + var comboBoxRenderer = new DisplayTextEnumModeComboBoxRenderer(); + + var subjectDnValidationModeModel = new SubjectDnValidationMode[]{ + SubjectDnValidationMode.NONE, + SubjectDnValidationMode.PARTIAL, + SubjectDnValidationMode.EXACT, + }; + + subjectDnValidationLabel = new JLabel("Subject DN Validation Mode:"); + subjectDnValidationModeComboBox = new MirthComboBox<>(); + subjectDnValidationModeComboBox.setRenderer(comboBoxRenderer); + subjectDnValidationModeComboBox.setModel(new DefaultComboBoxModel<>(subjectDnValidationModeModel)); + subjectDnValidationModeComboBox.addActionListener(evt -> handleSubjectDnValidationModeChange()); + + subjectDnValidationFilterTextField = new MirthTextField(); + subjectDnValidationFilterTextField.addKeyListener(new KeyAdapter() { + @Override + public void keyReleased(KeyEvent e) { + properties.setSubjectDnValidationFilter(subjectDnValidationFilterTextField.getText()); + } + }); + + var revocationModeModel = new RevocationMode[]{ + RevocationMode.DISABLED, + RevocationMode.SOFT_FAIL, + RevocationMode.HARD_FAIL + }; + + crlModeLabel = new JLabel("CRL Mode:"); + crlModeComboBox = new MirthComboBox<>(); + crlModeComboBox.setRenderer(comboBoxRenderer); + crlModeComboBox.setModel(new DefaultComboBoxModel<>(revocationModeModel)); + crlModeComboBox.addActionListener(evt -> handleCrlModeChange()); + + ocspModeLabel = new JLabel("OCSP Mode:"); + ocspModeComboBox = new MirthComboBox<>(); + ocspModeComboBox.setRenderer(comboBoxRenderer); + ocspModeComboBox.setModel(new DefaultComboBoxModel<>(revocationModeModel)); + ocspModeComboBox.addActionListener(evt -> handleOcspModeChange()); + + protocolsLabel = new JLabel("Enabled Protocols:"); + protocolsButton = new JButton(wrenchIcon); + protocolsButton.addActionListener(e -> { + BiConsumer> completionConsumer = (trustDefaultProtocols, selectedProtocols) -> { + properties.setUseServerDefaultProtocols(trustDefaultProtocols); + if (trustDefaultProtocols) { + properties.setUsedProtocols(Collections.emptySet()); + } else { + properties.setUsedProtocols(selectedProtocols); + } + + redrawState(); + PlatformUI.MIRTH_FRAME.setSaveEnabled(true); + }; + + new ItemPickerDialog( + PlatformUI.MIRTH_FRAME, + "Protocols Picker", + Set.of(PlatformUI.SERVER_HTTPS_SUPPORTED_PROTOCOLS), + properties.getUsedProtocols(), + properties.isUseServerDefaultProtocols(), + "[Server default]", + completionConsumer + ); + }); + protocolsText = new JLabel("Server default: TLSv4.6"); + + ciphersLabel = new JLabel("Enabled Ciphers:"); + ciphersButton = new JButton(wrenchIcon); + ciphersButton.addActionListener(e -> { + BiConsumer> completionConsumer = (trustDefaultCiphers, selectedCiphers) -> { + properties.setUseServerDefaultCiphers(trustDefaultCiphers); + if (trustDefaultCiphers) { + properties.setUsedCiphers(Collections.emptySet()); + } else { + properties.setUsedCiphers(selectedCiphers); + } + + redrawState(); + PlatformUI.MIRTH_FRAME.setSaveEnabled(true); + }; + + new ItemPickerDialog( + PlatformUI.MIRTH_FRAME, + "Ciphers Picker", + Set.of(PlatformUI.SERVER_HTTPS_SUPPORTED_CIPHER_SUITES), + properties.getUsedCiphers(), + properties.isUseServerDefaultCiphers(), + "[Server default]", + completionConsumer + ); + }); + ciphersText = new JLabel("Server default: 22 enabled"); } private void initLayout() { @@ -91,5 +247,100 @@ private void initLayout() { add(managerEnabledLabel, "newline, right"); add(managerEnabledRadioYes, "split"); add(managerEnabledRadioNo); + + add(clientAuthLabel, "newline, right"); + add(clientAuthRadioNone, "split"); + add(clientAuthRadioRequested, "split"); + add(clientAuthRadioRequired); + + add(subjectDnValidationLabel, "newline, right"); + add(subjectDnValidationModeComboBox, "split"); + add(subjectDnValidationFilterTextField, "w 168!"); + + add(crlModeLabel, "newline, right"); + add(crlModeComboBox); + + add(ocspModeLabel, "newline, right"); + add(ocspModeComboBox); + + add(protocolsLabel, "newline, right"); + add(protocolsButton, "h 22!, w 22!, split"); + add(protocolsText); + + add(ciphersLabel, "newline, right"); + add(ciphersButton, "h 22!, w 22!, split"); + add(ciphersText); + } + + private void handleSubjectDnValidationModeChange() { + if (subjectDnValidationModeComboBox.getSelectedItem() instanceof SubjectDnValidationMode validationMode) { + properties.setSubjectDnValidationMode(validationMode); + redrawState(); + } + } + + private void handleCrlModeChange() { + if (crlModeComboBox.getSelectedItem() instanceof RevocationMode revocationMode) { + properties.setCrlMode(revocationMode); + } + } + + private void handleOcspModeChange() { + if (ocspModeComboBox.getSelectedItem() instanceof RevocationMode revocationMode) { + properties.setOcspMode(revocationMode); + } + } + + private void handleManagerEnabledButton(boolean managerEnabled) { + properties.setTlsManagerEnabled(managerEnabled); + + subjectDnValidationLabel.setEnabled(managerEnabled); + subjectDnValidationModeComboBox.setEnabled(managerEnabled); + subjectDnValidationFilterTextField.setEnabled(managerEnabled); + + crlModeLabel.setEnabled(managerEnabled); + crlModeComboBox.setEnabled(managerEnabled); + + ocspModeLabel.setEnabled(managerEnabled); + ocspModeComboBox.setEnabled(managerEnabled); + + protocolsLabel.setEnabled(managerEnabled); + protocolsButton.setEnabled(managerEnabled); + protocolsText.setEnabled(managerEnabled); + + ciphersLabel.setEnabled(managerEnabled); + ciphersButton.setEnabled(managerEnabled); + ciphersText.setEnabled(managerEnabled); + } + + private void redrawState() { + if (properties.isTlsManagerEnabled()) { + managerEnabledRadioYes.setSelected(true); + } else { + managerEnabledRadioNo.setSelected(true); + } + + subjectDnValidationModeComboBox.setSelectedItem(properties.getSubjectDnValidationMode()); + subjectDnValidationFilterTextField.setEnabled(properties.getSubjectDnValidationMode() != SubjectDnValidationMode.NONE); + subjectDnValidationFilterTextField.setText(properties.getSubjectDnValidationFilter()); + + crlModeComboBox.setSelectedItem(properties.getCrlMode()); + ocspModeComboBox.setSelectedItem(properties.getOcspMode()); + + var protocolsString = properties.isUseServerDefaultProtocols() + ? "Server default: %s".formatted(Arrays.toString(PlatformUI.HTTPS_PROTOCOLS)) + : "%d selected".formatted(properties.getUsedProtocols().size()); + + protocolsText.setText(protocolsString); + + var ciphersString = properties.isUseServerDefaultCiphers() + ? "Server default: %d selected".formatted(PlatformUI.HTTPS_CIPHER_SUITES.length) + : "%d selected".formatted(properties.getUsedCiphers().size()); + + ciphersText.setText(ciphersString); + } + + private void fetchData() { + } } diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java index 0c4d39a075..94a2668cf6 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java @@ -6,8 +6,12 @@ import lombok.Getter; import lombok.Setter; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; +import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; +import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; +import java.util.Collections; import java.util.Map; +import java.util.Set; @Getter @Setter @@ -17,12 +21,51 @@ public class TLSListenerProperties extends ConnectorPluginProperties { private boolean isTlsManagerEnabled; + private SubjectDnValidationMode subjectDnValidationMode; + private String subjectDnValidationFilter; + + // Certificate revocation modes + private RevocationMode crlMode; + private RevocationMode ocspMode; + + // Protocols + private boolean isUseServerDefaultProtocols; + private Set usedProtocols; + + // Ciphers + private boolean isUseServerDefaultCiphers; + private Set usedCiphers; + public TLSListenerProperties() { isTlsManagerEnabled = false; + + subjectDnValidationMode = SubjectDnValidationMode.NONE; + subjectDnValidationFilter = null; + + crlMode = RevocationMode.HARD_FAIL; + ocspMode = RevocationMode.HARD_FAIL; + + isUseServerDefaultProtocols = true; + usedProtocols = Collections.emptySet(); + + isUseServerDefaultCiphers = true; + usedCiphers = Collections.emptySet(); } - public TLSListenerProperties(TLSListenerProperties properties) { - isTlsManagerEnabled = properties.isTlsManagerEnabled(); + public TLSListenerProperties(TLSListenerProperties props) { + isTlsManagerEnabled = props.isTlsManagerEnabled(); + + subjectDnValidationMode = props.getSubjectDnValidationMode(); + subjectDnValidationFilter = props.getSubjectDnValidationFilter(); + + crlMode = props.getCrlMode(); + ocspMode = props.getOcspMode(); + + isUseServerDefaultProtocols = props.isUseServerDefaultProtocols(); + usedProtocols = props.getUsedProtocols(); + + isUseServerDefaultCiphers = props.isUseServerDefaultCiphers(); + usedCiphers = props.getUsedCiphers(); } @Override From c86d7120a959986d72dcb8f4bca634778b06b78a Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 29 Oct 2025 16:17:36 +0200 Subject: [PATCH 150/360] Distinct plugin point names --- .../client/TLSSenderConnectorPropertiesPlugin.java | 3 +-- .../tlsmanager/server/TLSServicePlugin.java | 13 +++++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java index d3609008ae..c0d6604c6d 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java @@ -20,7 +20,6 @@ import com.mirth.connect.client.ui.AbstractConnectorPropertiesPanel; import com.mirth.connect.plugins.ConnectorPropertiesPlugin; import org.openintegrationengine.tlsmanager.client.panel.SenderConnectorPropertiesPanel; -import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import org.openintegrationengine.tlsmanager.shared.SerializationController; import java.util.Set; @@ -57,6 +56,6 @@ public boolean isConnectorPropertiesPluginSupported(String pluginPointName) { @Override public String getPluginPointName() { - return TLSPluginConstants.PLUGIN_POINTNAME; + return "TLS Sender Connector Properties Plugin"; } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java index a512ca2b43..25fad8dcfc 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/TLSServicePlugin.java @@ -42,6 +42,8 @@ @Slf4j public class TLSServicePlugin implements ServicePlugin { + public static final String PLUGIN_POINT_NAME = "TLS Manager Service Plugin"; + @Getter private CertificateService certificateService; @@ -106,7 +108,7 @@ public Map getObjectsForSwaggerExamples() { @Override public String getPluginPointName() { - return TLSPluginConstants.PLUGIN_POINTNAME; + return PLUGIN_POINT_NAME; } @Override @@ -122,18 +124,21 @@ public static TLSServicePlugin getPluginInstance() { var servicePlugin = ControllerFactory.getFactory() .createExtensionController() .getServicePlugins() - .get(TLSPluginConstants.PLUGIN_POINTNAME); + .get(PLUGIN_POINT_NAME); if (servicePlugin instanceof TLSServicePlugin tlsServicePlugin) { return tlsServicePlugin; } else { // well we shouldn't really get here - throw new RuntimeException( + var ex = new RuntimeException( "Plugin pointname '%s' does not point to an instance of %s class".formatted( - TLSPluginConstants.PLUGIN_POINTNAME, + PLUGIN_POINT_NAME, TLSServicePlugin.class.getCanonicalName() ) ); + + log.error("Error fetching plugin instance", ex); + throw ex; } } From 533f19484bab57baf7e3d9d0e6021b6665fdf8f9 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 31 Oct 2025 17:30:20 +0200 Subject: [PATCH 151/360] Query engine for supported protocols and ciphers --- .../ListenerConnectorPropertiesPanel.java | 46 ++++++++++++++-- .../panel/SenderConnectorPropertiesPanel.java | 55 +++++++++---------- 2 files changed, 69 insertions(+), 32 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java index afd0190c2e..13f0e8494f 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java @@ -65,12 +65,19 @@ public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertie private final Frame parentFrame; private TLSListenerProperties properties; + private Set supportedProtocols; + private Set supportedCiphers; + public ListenerConnectorPropertiesPanel() { this.parentFrame = PlatformUI.MIRTH_FRAME; this.properties = new TLSListenerProperties(); + this.supportedProtocols = new HashSet<>(); + this.supportedCiphers = new HashSet<>(); + initComponents(); initLayout(); + fetchData(); } @Override @@ -204,7 +211,7 @@ public void keyReleased(KeyEvent e) { new ItemPickerDialog( PlatformUI.MIRTH_FRAME, "Protocols Picker", - Set.of(PlatformUI.SERVER_HTTPS_SUPPORTED_PROTOCOLS), + supportedProtocols, properties.getUsedProtocols(), properties.isUseServerDefaultProtocols(), "[Server default]", @@ -231,7 +238,7 @@ public void keyReleased(KeyEvent e) { new ItemPickerDialog( PlatformUI.MIRTH_FRAME, "Ciphers Picker", - Set.of(PlatformUI.SERVER_HTTPS_SUPPORTED_CIPHER_SUITES), + supportedCiphers, properties.getUsedCiphers(), properties.isUseServerDefaultCiphers(), "[Server default]", @@ -328,19 +335,50 @@ private void redrawState() { ocspModeComboBox.setSelectedItem(properties.getOcspMode()); var protocolsString = properties.isUseServerDefaultProtocols() - ? "Server default: %s".formatted(Arrays.toString(PlatformUI.HTTPS_PROTOCOLS)) + ? "Server default: %s".formatted(supportedProtocols) : "%d selected".formatted(properties.getUsedProtocols().size()); protocolsText.setText(protocolsString); var ciphersString = properties.isUseServerDefaultCiphers() - ? "Server default: %d selected".formatted(PlatformUI.HTTPS_CIPHER_SUITES.length) + ? "Server default: %d selected".formatted(supportedCiphers.size()) : "%d selected".formatted(properties.getUsedCiphers().size()); ciphersText.setText(ciphersString); } private void fetchData() { + final var workerId = PlatformUI.MIRTH_FRAME.startWorking("Fetching data..."); + + var worker = new SwingWorker() { + private Set aliasSet; + private Map cryptoMap; + + public Void doInBackground() { + try { + aliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getClientCertificates(); + cryptoMap = PlatformUI.MIRTH_FRAME.mirthClient.getProtocolsAndCipherSuites(); + } catch (Exception e) { + PlatformUI.MIRTH_FRAME.alertThrowable(PlatformUI.MIRTH_FRAME, e, "Fetching imported client certificates failed"); + } + + return null; + } + + public void done() { + serverCertificates = aliasSet; + supportedProtocols = Set.of( + cryptoMap.get(MirthSSLUtil.KEY_ENABLED_SERVER_PROTOCOLS) + ); + + supportedCiphers = Set.of( + cryptoMap.get(MirthSSLUtil.KEY_ENABLED_CIPHER_SUITES) + ); + + PlatformUI.MIRTH_FRAME.stopWorking(workerId); + } + }; + worker.execute(); } } diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java index 5dcc6cbbeb..49eb53476e 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java @@ -35,6 +35,7 @@ import com.mirth.connect.donkey.model.channel.ConnectorPluginProperties; import com.mirth.connect.donkey.model.channel.ConnectorProperties; import com.mirth.connect.model.Connector; +import com.mirth.connect.util.MirthSSLUtil; import lombok.extern.slf4j.Slf4j; import net.miginfocom.swing.MigLayout; import org.openintegrationengine.tlsmanager.client.dialog.ItemPickerDialog; @@ -63,6 +64,7 @@ import java.util.Collections; import java.util.HashSet; import java.util.List; +import java.util.Map; import java.util.Set; import java.util.function.BiConsumer; @@ -110,6 +112,8 @@ public class SenderConnectorPropertiesPanel extends AbstractConnectorPropertiesP private TLSSenderProperties properties; private Set publicCertificates; private Set clientCertificates; + private Set supportedProtocols; + private Set supportedCiphers; private final Frame parentFrame; private enum Transport { HTTP, TCP, WS }; @@ -504,14 +508,14 @@ public void keyReleased(KeyEvent e) { new ItemPickerDialog( PlatformUI.MIRTH_FRAME, "Protocols Picker", - Set.of(PlatformUI.HTTPS_PROTOCOLS), + supportedProtocols, properties.getUsedProtocols(), properties.isUseServerDefaultProtocols(), "[Server default]", completionConsumer ); }); - protocolsText = new JLabel("Server default: TLSv4.6"); + protocolsText = new JLabel(); ciphersLabel = new JLabel("Enabled Ciphers:"); ciphersButton = new JButton(wrenchIcon); @@ -531,14 +535,14 @@ public void keyReleased(KeyEvent e) { new ItemPickerDialog( PlatformUI.MIRTH_FRAME, "Ciphers Picker", - Set.of(PlatformUI.HTTPS_CIPHER_SUITES), + supportedCiphers, properties.getUsedCiphers(), properties.isUseServerDefaultCiphers(), "[Server default]", completionConsumer ); }); - ciphersText = new JLabel("Server default: 22 enabled"); + ciphersText = new JLabel(); } private void initLayout() { @@ -687,13 +691,13 @@ private void redrawState() { clientCertText.setText(properties.getClientCertificateAlias()); var protocolsString = properties.isUseServerDefaultProtocols() - ? "Server default: %s".formatted(Arrays.toString(PlatformUI.HTTPS_PROTOCOLS)) + ? "Server default: %s".formatted(supportedProtocols) : "%d selected".formatted(properties.getUsedProtocols().size()); protocolsText.setText(protocolsString); var ciphersString = properties.isUseServerDefaultCiphers() - ? "Server default: %d selected".formatted(PlatformUI.HTTPS_CIPHER_SUITES.length) + ? "Server default: %d selected".formatted(supportedCiphers.size()) : "%d selected".formatted(properties.getUsedCiphers().size()); ciphersText.setText(ciphersString); @@ -702,46 +706,41 @@ private void redrawState() { private void fetchData() { final var workingId = PlatformUI.MIRTH_FRAME.startWorking("Fetching certificates..."); - var publicCertWorker = new SwingWorker() { - private Set aliasSet; + var worker = new SwingWorker() { + private Set publicCertAliasSet; + private Set clientCertAliasSet; + private Map cryptoMap; public Void doInBackground() { try { - aliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getPublicCertificates(); + publicCertAliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getPublicCertificates(); + clientCertAliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getClientCertificates(); + cryptoMap = PlatformUI.MIRTH_FRAME.mirthClient.getProtocolsAndCipherSuites(); } catch (Exception e) { - PlatformUI.MIRTH_FRAME.alertThrowable(PlatformUI.MIRTH_FRAME, e, "Fetching imported public certificates failed"); + PlatformUI.MIRTH_FRAME.alertThrowable(PlatformUI.MIRTH_FRAME, e, "Fetching imported certificates failed"); } return null; } public void done() { - publicCertificates = aliasSet; - PlatformUI.MIRTH_FRAME.stopWorking(workingId); - } - }; + publicCertificates = publicCertAliasSet; + clientCertificates = clientCertAliasSet; - var clientCertWorker = new SwingWorker() { - private Set aliasSet; + supportedProtocols = Set.of( + cryptoMap.get(MirthSSLUtil.KEY_ENABLED_SERVER_PROTOCOLS) + ); - public Void doInBackground() { - try { - aliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getClientCertificates(); - } catch (Exception e) { - PlatformUI.MIRTH_FRAME.alertThrowable(PlatformUI.MIRTH_FRAME, e, "Fetching imported client certificates failed"); - } + supportedCiphers = Set.of( + cryptoMap.get(MirthSSLUtil.KEY_ENABLED_CIPHER_SUITES) + ); - return null; - } - public void done() { - clientCertificates = aliasSet; PlatformUI.MIRTH_FRAME.stopWorking(workingId); } }; - publicCertWorker.execute(); - clientCertWorker.execute(); + worker.execute(); } private static void log(String message) { From bab0a3ad883bfec97b4ddb27000377e263350af2 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 31 Oct 2025 17:32:11 +0200 Subject: [PATCH 152/360] PluginPoint name constants again --- .../client/TLSListenerConnectorPropertiesPlugin.java | 3 ++- .../tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java | 3 ++- .../tlsmanager/shared/TLSPluginConstants.java | 4 ++++ .../tlsmanager/shared/properties/TLSListenerProperties.java | 2 +- .../tlsmanager/shared/properties/TLSSenderProperties.java | 2 +- 5 files changed, 10 insertions(+), 4 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSListenerConnectorPropertiesPlugin.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSListenerConnectorPropertiesPlugin.java index f7bc2390a4..b32d859690 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSListenerConnectorPropertiesPlugin.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSListenerConnectorPropertiesPlugin.java @@ -21,6 +21,7 @@ import com.mirth.connect.plugins.ConnectorPropertiesPlugin; import org.openintegrationengine.tlsmanager.client.panel.ListenerConnectorPropertiesPanel; import org.openintegrationengine.tlsmanager.shared.SerializationController; +import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import java.util.Set; @@ -56,6 +57,6 @@ public boolean isConnectorPropertiesPluginSupported(String pluginPointName) { @Override public String getPluginPointName() { - return "TLS Listener Connector Properties Plugin"; + return TLSPluginConstants.TLS_LISTENER_CONNECTOR_PROPERTIES_PLUGIN_POINT_NAME; } } diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java index c0d6604c6d..bc8b5bf428 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/TLSSenderConnectorPropertiesPlugin.java @@ -21,6 +21,7 @@ import com.mirth.connect.plugins.ConnectorPropertiesPlugin; import org.openintegrationengine.tlsmanager.client.panel.SenderConnectorPropertiesPanel; import org.openintegrationengine.tlsmanager.shared.SerializationController; +import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import java.util.Set; @@ -56,6 +57,6 @@ public boolean isConnectorPropertiesPluginSupported(String pluginPointName) { @Override public String getPluginPointName() { - return "TLS Sender Connector Properties Plugin"; + return TLSPluginConstants.TLS_SENDER_CONNECTOR_PROPERTIES_PLUGIN_POINT_NAME; } } diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/TLSPluginConstants.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/TLSPluginConstants.java index 7cc34d8815..e1f21be524 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/TLSPluginConstants.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/TLSPluginConstants.java @@ -31,5 +31,9 @@ public final class TLSPluginConstants { public static final String PKCS12 = "PKCS12"; + // This ain't no joke + public static final String TLS_SENDER_CONNECTOR_PROPERTIES_PLUGIN_POINT_NAME = "TLS Sender Connector Properties Plugin"; + public static final String TLS_LISTENER_CONNECTOR_PROPERTIES_PLUGIN_POINT_NAME = "TLS Listener Connector Properties Plugin"; + private TLSPluginConstants() {} } diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java index 94a2668cf6..b9bad37fe6 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java @@ -70,7 +70,7 @@ public TLSListenerProperties(TLSListenerProperties props) { @Override public String getName() { - return TLSPluginConstants.PLUGIN_POINTNAME; + return TLSPluginConstants.TLS_LISTENER_CONNECTOR_PROPERTIES_PLUGIN_POINT_NAME; } @Override diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java index bf89758787..c62e27e4b2 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java @@ -108,7 +108,7 @@ public TLSSenderProperties(TLSSenderProperties props) { @Override public String getName() { - return TLSPluginConstants.PLUGIN_POINTNAME; + return TLSPluginConstants.TLS_SENDER_CONNECTOR_PROPERTIES_PLUGIN_POINT_NAME; } @Override From 99b135ba5c6c64172c64f7dc8675d7e330dafbfd Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 31 Oct 2025 17:34:11 +0200 Subject: [PATCH 153/360] Typo --- .../client/panel/SenderConnectorPropertiesPanel.java | 6 +++--- .../tlsmanager/server/servlets/TLSServlet.java | 1 - 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java index 49eb53476e..111340ec2d 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java @@ -314,10 +314,10 @@ public TLSSenderProperties getProperties() { @Override public void setProperties(ConnectorProperties connectorProperties, ConnectorPluginProperties connectorPluginProperties, Connector.Mode mode, String s) { - if (connectorPluginProperties instanceof TLSSenderProperties TLSSenderProperties) { - this.properties = TLSSenderProperties; + if (connectorPluginProperties instanceof TLSSenderProperties tlsSenderProperties) { + this.properties = tlsSenderProperties; redrawState(); - handleManagerEnabledButton(TLSSenderProperties.isTlsManagerEnabled()); + handleManagerEnabledButton(tlsSenderProperties.isTlsManagerEnabled()); } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java index 9864c48aa4..234507ff35 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/servlets/TLSServlet.java @@ -138,7 +138,6 @@ public void setTrustedCertificates(List trustedCertificates) certificateService.setTrustedCertificates(trustedCertificates); } - @Override public List getRemoteCertificates(String url) { return certificateService.retrieveRemoteCertificates(url); From 3b491580f37b13417c85f8ea35b0b6691e3bcda6 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 31 Oct 2025 17:39:41 +0200 Subject: [PATCH 154/360] Add more properties to sender panels --- .../ListenerConnectorPropertiesPanel.java | 76 ++++++++++++++++++- .../shared/models/ClientAuthMode.java | 16 ++++ .../properties/TLSListenerProperties.java | 17 ++++- .../properties/TLSSenderProperties.java | 2 + 4 files changed, 108 insertions(+), 3 deletions(-) create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/ClientAuthMode.java diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java index 13f0e8494f..fcb12d70c8 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java @@ -10,24 +10,30 @@ import com.mirth.connect.donkey.model.channel.ConnectorPluginProperties; import com.mirth.connect.donkey.model.channel.ConnectorProperties; import com.mirth.connect.model.Connector; +import com.mirth.connect.util.MirthSSLUtil; import net.miginfocom.swing.MigLayout; import org.openintegrationengine.tlsmanager.client.dialog.ItemPickerDialog; import org.openintegrationengine.tlsmanager.client.misc.DisplayTextEnumModeComboBoxRenderer; +import org.openintegrationengine.tlsmanager.shared.models.ClientAuthMode; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; import org.openintegrationengine.tlsmanager.shared.properties.TLSListenerProperties; +import org.openintegrationengine.tlsmanager.shared.servlet.TLSServletInterface; import javax.swing.ButtonGroup; import javax.swing.DefaultComboBoxModel; import javax.swing.ImageIcon; import javax.swing.JButton; import javax.swing.JLabel; +import javax.swing.SwingWorker; import java.awt.Color; import java.awt.Component; import java.awt.event.KeyAdapter; import java.awt.event.KeyEvent; -import java.util.Arrays; +import java.time.Instant; import java.util.Collections; +import java.util.HashSet; +import java.util.Map; import java.util.Set; import java.util.function.BiConsumer; @@ -42,6 +48,10 @@ public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertie private MirthRadioButton clientAuthRadioRequested; private MirthRadioButton clientAuthRadioRequired; + private JLabel serverCertificateLabel; + private JButton serverCertificateButton; + private JLabel serverCertificateText; + // Trusted client certs picker private JLabel subjectDnValidationLabel; @@ -65,12 +75,14 @@ public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertie private final Frame parentFrame; private TLSListenerProperties properties; + private Set serverCertificates; private Set supportedProtocols; private Set supportedCiphers; public ListenerConnectorPropertiesPanel() { this.parentFrame = PlatformUI.MIRTH_FRAME; this.properties = new TLSListenerProperties(); + this.serverCertificates = new HashSet<>(); this.supportedProtocols = new HashSet<>(); this.supportedCiphers = new HashSet<>(); @@ -81,7 +93,7 @@ public ListenerConnectorPropertiesPanel() { } @Override - public ConnectorPluginProperties getProperties() { + public TLSListenerProperties getProperties() { return properties.clone(); } @@ -89,6 +101,8 @@ public ConnectorPluginProperties getProperties() { public void setProperties(ConnectorProperties connectorProperties, ConnectorPluginProperties connectorPluginProperties, Connector.Mode mode, String s) { if (connectorPluginProperties instanceof TLSListenerProperties tlsListenerProperties) { this.properties = tlsListenerProperties; + redrawState(); + handleManagerEnabledButton(tlsListenerProperties.isTlsManagerEnabled()); } } @@ -135,22 +149,50 @@ private void initComponents() { managerEnabledRadioNo.addActionListener(e -> handleManagerEnabledButton(false)); managerEnabledButtonGroup.add(managerEnabledRadioNo); + serverCertificateLabel = new JLabel("Server Certificate:"); + serverCertificateButton = new JButton(wrenchIcon); + serverCertificateButton.addActionListener(e -> { + BiConsumer> completionConsumer = (unused, selectedCertificate) -> { + var selectedAlias = selectedCertificate.stream().findFirst().orElse(null); + properties.setServerCertificateAlias(selectedAlias); + + redrawState(); + PlatformUI.MIRTH_FRAME.setSaveEnabled(true); + }; + + Set currentCerts = properties.getServerCertificateAlias() == null ? Collections.emptySet() : Set.of(properties.getServerCertificateAlias()); + + new ItemPickerDialog( + PlatformUI.MIRTH_FRAME, + "Server Certificate Picker", + serverCertificates, + currentCerts, + false, + null, + completionConsumer + ); + }); + serverCertificateText = new JLabel(); + clientAuthLabel = new JLabel("Client Authentication Mode"); var clientAuthModeButtonGroup = new ButtonGroup(); clientAuthRadioNone = new MirthRadioButton(); clientAuthRadioNone.setText("None"); clientAuthRadioNone.setBackground(Color.white); + clientAuthRadioNone.addActionListener(e -> properties.setClientAuthMode(ClientAuthMode.NONE)); clientAuthModeButtonGroup.add(clientAuthRadioNone); clientAuthRadioRequested = new MirthRadioButton(); clientAuthRadioRequested.setText("Requested"); clientAuthRadioRequested.setBackground(Color.white); + clientAuthRadioRequested.addActionListener(e -> properties.setClientAuthMode(ClientAuthMode.REQUESTED)); clientAuthModeButtonGroup.add(clientAuthRadioRequested); clientAuthRadioRequired = new MirthRadioButton(); clientAuthRadioRequired.setText("Required"); clientAuthRadioRequired.setBackground(Color.white); + clientAuthRadioRequired.addActionListener(e -> properties.setClientAuthMode(ClientAuthMode.REQUIRED)); clientAuthModeButtonGroup.add(clientAuthRadioRequired); var comboBoxRenderer = new DisplayTextEnumModeComboBoxRenderer(); @@ -255,6 +297,10 @@ private void initLayout() { add(managerEnabledRadioYes, "split"); add(managerEnabledRadioNo); + add(serverCertificateLabel, "newline, right"); + add(serverCertificateButton, "h 22!, w 22!, split"); + add(serverCertificateText); + add(clientAuthLabel, "newline, right"); add(clientAuthRadioNone, "split"); add(clientAuthRadioRequested, "split"); @@ -301,6 +347,15 @@ private void handleOcspModeChange() { private void handleManagerEnabledButton(boolean managerEnabled) { properties.setTlsManagerEnabled(managerEnabled); + serverCertificateLabel.setEnabled(managerEnabled); + serverCertificateButton.setEnabled(managerEnabled); + serverCertificateText.setEnabled(managerEnabled); + + clientAuthLabel.setEnabled(managerEnabled); + clientAuthRadioNone.setEnabled(managerEnabled); + clientAuthRadioRequested.setEnabled(managerEnabled); + clientAuthRadioRequired.setEnabled(managerEnabled); + subjectDnValidationLabel.setEnabled(managerEnabled); subjectDnValidationModeComboBox.setEnabled(managerEnabled); subjectDnValidationFilterTextField.setEnabled(managerEnabled); @@ -327,6 +382,19 @@ private void redrawState() { managerEnabledRadioNo.setSelected(true); } + serverCertificateText.setText(properties.getServerCertificateAlias()); + + if (properties.getClientAuthMode() == ClientAuthMode.NONE) { + clientAuthRadioNone.setSelected(true); + } else if (properties.getClientAuthMode() == ClientAuthMode.REQUESTED) { + clientAuthRadioRequested.setSelected(true); + } else if (properties.getClientAuthMode() == ClientAuthMode.REQUIRED) { + clientAuthRadioRequired.setSelected(true); + } else { + clientAuthRadioNone.setSelected(true); + log("Unable to determine client auth mode: %s. Using NONE"); + } + subjectDnValidationModeComboBox.setSelectedItem(properties.getSubjectDnValidationMode()); subjectDnValidationFilterTextField.setEnabled(properties.getSubjectDnValidationMode() != SubjectDnValidationMode.NONE); subjectDnValidationFilterTextField.setText(properties.getSubjectDnValidationFilter()); @@ -381,4 +449,8 @@ public void done() { worker.execute(); } + + private static void log(String message) { + System.out.printf("%s - %s.%n", Instant.now(), message); + } } diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/ClientAuthMode.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/ClientAuthMode.java new file mode 100644 index 0000000000..d6c9e882ee --- /dev/null +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/ClientAuthMode.java @@ -0,0 +1,16 @@ +package org.openintegrationengine.tlsmanager.shared.models; + +import lombok.Getter; + +public enum ClientAuthMode implements DisplayTextEnum { + NONE("None"), + REQUESTED("Requested"), + REQUIRED("Required"); + + @Getter + private final String displayText; + + ClientAuthMode(String displayText) { + this.displayText = displayText; + } +} diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java index b9bad37fe6..74a9c7dd0d 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java @@ -5,7 +5,9 @@ import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.Setter; +import lombok.ToString; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; +import org.openintegrationengine.tlsmanager.shared.models.ClientAuthMode; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; @@ -17,13 +19,18 @@ @Setter @EqualsAndHashCode(callSuper = false) @AllArgsConstructor +@ToString(callSuper = true) public class TLSListenerProperties extends ConnectorPluginProperties { private boolean isTlsManagerEnabled; + private String serverCertificateAlias; + private SubjectDnValidationMode subjectDnValidationMode; private String subjectDnValidationFilter; + private ClientAuthMode clientAuthMode; + // Certificate revocation modes private RevocationMode crlMode; private RevocationMode ocspMode; @@ -39,9 +46,13 @@ public class TLSListenerProperties extends ConnectorPluginProperties { public TLSListenerProperties() { isTlsManagerEnabled = false; + serverCertificateAlias = null; + subjectDnValidationMode = SubjectDnValidationMode.NONE; subjectDnValidationFilter = null; + clientAuthMode = ClientAuthMode.NONE; + crlMode = RevocationMode.HARD_FAIL; ocspMode = RevocationMode.HARD_FAIL; @@ -55,6 +66,10 @@ public TLSListenerProperties() { public TLSListenerProperties(TLSListenerProperties props) { isTlsManagerEnabled = props.isTlsManagerEnabled(); + serverCertificateAlias = props.getServerCertificateAlias(); + + clientAuthMode = props.getClientAuthMode(); + subjectDnValidationMode = props.getSubjectDnValidationMode(); subjectDnValidationFilter = props.getSubjectDnValidationFilter(); @@ -74,7 +89,7 @@ public String getName() { } @Override - public ConnectorPluginProperties clone() { + public TLSListenerProperties clone() { return new TLSListenerProperties(this); } diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java index c62e27e4b2..4c15de05f7 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java @@ -21,6 +21,7 @@ import lombok.EqualsAndHashCode; import lombok.Getter; import lombok.Setter; +import lombok.ToString; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; import org.openintegrationengine.tlsmanager.shared.models.RevocationMode; import org.openintegrationengine.tlsmanager.shared.models.SubjectDnValidationMode; @@ -33,6 +34,7 @@ @Setter @EqualsAndHashCode(callSuper = false) @AllArgsConstructor +@ToString(callSuper = true) public class TLSSenderProperties extends ConnectorPluginProperties { private boolean isTlsManagerEnabled; From ce5d8c5f5d553cea1e55d8a7414ac359774340b3 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 31 Oct 2025 17:40:13 +0200 Subject: [PATCH 155/360] Add TLS configuration to HTTP Listener --- .../server/SocketFactoryService.java | 25 +++++++ .../connectorconfig/TLSHttpConfiguration.java | 75 +++++++++++-------- ...dIntermediaryListenerContextContainer.java | 11 +++ 3 files changed, 81 insertions(+), 30 deletions(-) create mode 100644 shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index 80b3096dae..870297ae69 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -9,6 +9,8 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.openintegrationengine.tlsmanager.server.revocation.DualCheckerTrustManager; import org.openintegrationengine.tlsmanager.shared.models.WeirdIntermediaryContextContainer; +import org.openintegrationengine.tlsmanager.shared.models.WeirdIntermediaryListenerContextContainer; +import org.openintegrationengine.tlsmanager.shared.properties.TLSListenerProperties; import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; import javax.net.ssl.KeyManager; @@ -109,4 +111,27 @@ public WeirdIntermediaryContextContainer generateTLSContext(Connector connector, throw new RuntimeException(e); } } + + public WeirdIntermediaryListenerContextContainer generateTLSContext(Connector connector, TLSListenerProperties properties) { + var protocolArray = properties.isUseServerDefaultProtocols() + ? MirthSSLUtil.getEnabledHttpsProtocols(configurationController.getHttpsServerProtocols()) + : MirthSSLUtil.getEnabledHttpsProtocols(properties.getUsedProtocols().toArray(new String[0])); + + var cipherArray = properties.isUseServerDefaultCiphers() + ? MirthSSLUtil.getEnabledHttpsCipherSuites(configurationController.getHttpsCipherSuites()) + : MirthSSLUtil.getEnabledHttpsCipherSuites(properties.getUsedCiphers().toArray(new String[0])); + + var hostnameVerificationStrategy = true // TODO + ? SSLConnectionSocketFactory.getDefaultHostnameVerifier() + : NoopHostnameVerifier.INSTANCE; + + var keystore = certificateService.getKeyStore(properties.getServerCertificateAlias()); + + return new WeirdIntermediaryListenerContextContainer( + protocolArray, + cipherArray, + hostnameVerificationStrategy, + keystore + ); + } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java index c00410e22a..c576353d38 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java @@ -24,22 +24,25 @@ import com.mirth.connect.donkey.server.channel.Connector; import com.mirth.connect.server.controllers.ConfigurationController; import com.mirth.connect.server.controllers.ControllerFactory; -import com.mirth.connect.util.MirthSSLUtil; import lombok.extern.slf4j.Slf4j; import org.apache.http.config.RegistryBuilder; import org.apache.http.conn.socket.ConnectionSocketFactory; import org.eclipse.jetty.http.HttpVersion; -import org.eclipse.jetty.server.DetectorConnectionFactory; import org.eclipse.jetty.server.HttpConfiguration; import org.eclipse.jetty.server.HttpConnectionFactory; +import org.eclipse.jetty.server.SecureRequestCustomizer; import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.openintegrationengine.tlsmanager.server.CertificateService; import org.openintegrationengine.tlsmanager.server.SocketFactoryService; import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; +import org.openintegrationengine.tlsmanager.shared.models.ClientAuthMode; +import org.openintegrationengine.tlsmanager.shared.properties.TLSListenerProperties; import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; +import static org.openintegrationengine.tlsmanager.shared.TLSPluginConstants.PKCS12; + @Slf4j public class TLSHttpConfiguration extends DefaultHttpConfiguration { @@ -81,44 +84,47 @@ public void configureSocketFactoryRegistry(ConnectorPluginProperties properties, @Override public void configureReceiver(HttpReceiver connector) throws Exception { - super.configureReceiver(connector); - /* - String[] enabledProtocols = MirthSSLUtil.getEnabledHttpsProtocols(configurationController.getHttpsServerProtocols()); - String[] cipherSuites = MirthSSLUtil.getEnabledHttpsProtocols(configurationController.getHttpsCipherSuites()); + var tlsConnectorProperties = getSenderProperties(TLSListenerProperties.class, connector); + + // If TLS manager is not enabled, delegate to OIE default + if (tlsConnectorProperties == null || !tlsConnectorProperties.isTlsManagerEnabled()) { + super.configureReceiver(connector); + + } else { + var tlsContext = socketFactoryService.generateTLSContext(connector, tlsConnectorProperties); - var httpConfig = new HttpConfiguration(); - httpConfig.setSendServerVersion(true); - httpConfig.setSendXPoweredBy(true); + var httpConfig = new HttpConfiguration(); + httpConfig.addCustomizer(new SecureRequestCustomizer()); + httpConfig.setSendServerVersion(false); + httpConfig.setSendXPoweredBy(false); - var ssl = new SslContextFactory.Server(); - ssl.setIncludeProtocols(enabledProtocols); - ssl.setIncludeCipherSuites(cipherSuites); + var ssl = new SslContextFactory.Server(); + ssl.setIncludeProtocols(tlsContext.protocols()); + ssl.setIncludeCipherSuites(tlsContext.ciphers()); - ssl.setKeyStore(certificateService.getTruststore()); - ssl.setKeyStorePassword("changeit"); - ssl.setKeyManagerPassword("changeit"); + ssl.setWantClientAuth(ClientAuthMode.REQUIRED == tlsConnectorProperties.getClientAuthMode()); + ssl.setNeedClientAuth(ClientAuthMode.REQUIRED == tlsConnectorProperties.getClientAuthMode()); - var http11 = new HttpConnectionFactory(httpConfig); - var tls = new SslConnectionFactory(ssl, HttpVersion.HTTP_1_1.asString()); + ssl.setKeyStore(tlsContext.keyStore()); + ssl.setKeyStoreType(PKCS12); + ssl.setCertAlias(tlsConnectorProperties.getServerCertificateAlias()); + ssl.setKeyStorePassword(""); - var detectorConnectionFactory = new DetectorConnectionFactory(tls); + var http11 = new HttpConnectionFactory(httpConfig); + var tls = new SslConnectionFactory(ssl, HttpVersion.HTTP_1_1.asString()); - var listener = new ServerConnector(connector.getServer(), detectorConnectionFactory, http11); + var listener = new ServerConnector(connector.getServer(), tls, http11); - listener.setHost(connector.getHost()); - listener.setPort(connector.getPort()); - listener.setIdleTimeout(connector.getTimeout()); - connector.getServer().addConnector(listener); - */ + listener.setHost(connector.getHost()); + listener.setPort(connector.getPort()); + listener.setIdleTimeout(connector.getTimeout()); + + connector.getServer().setConnectors(new org.eclipse.jetty.server.Connector[] { listener }); + } } private void configureSocketFactory(HttpDispatcher connector) { - var tlsConnectorProperties = connector.getConnectorProperties().getPluginProperties() - .stream() - .filter(TLSSenderProperties.class::isInstance) - .findFirst() - .map(TLSSenderProperties.class::cast) - .orElse(null); + var tlsConnectorProperties = getSenderProperties(TLSSenderProperties.class, connector); if (tlsConnectorProperties != null && tlsConnectorProperties.isTlsManagerEnabled()) { var sslSocketFactory = socketFactoryService.getConnectorSocketFactory(connector, tlsConnectorProperties); @@ -135,4 +141,13 @@ private void configureSocketFactory(HttpDispatcher connector) { } } } + + private T getSenderProperties(Class propertiesClass, Connector connector) { + return connector.getConnectorProperties().getPluginProperties() + .stream() + .filter(propertiesClass::isInstance) + .findFirst() + .map(propertiesClass::cast) + .orElse(null); + } } diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java new file mode 100644 index 0000000000..2d314e4d87 --- /dev/null +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java @@ -0,0 +1,11 @@ +package org.openintegrationengine.tlsmanager.shared.models; + +import javax.net.ssl.HostnameVerifier; +import java.security.KeyStore; + +public record WeirdIntermediaryListenerContextContainer( + String[] protocols, + String[] ciphers, + HostnameVerifier hostnameVerifier, + KeyStore keyStore +) {} From 0fd7c2b5cc0b602173d4dc613b1bfddf70016b74 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 3 Nov 2025 14:31:40 +0200 Subject: [PATCH 156/360] Initialize database store with empty keystore --- .../backend/DatabaseTrustStoreBackend.java | 30 +++++++++++++++++-- .../server/backend/FileTrustStoreBackend.java | 2 +- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java index bb835d7738..5b1890a8bd 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java @@ -18,13 +18,21 @@ import com.mirth.connect.server.controllers.ConfigurationController; import com.mirth.connect.server.controllers.ControllerFactory; +import lombok.extern.slf4j.Slf4j; import org.openintegrationengine.tlsmanager.shared.TLSPluginConstants; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; import java.util.Base64; +@Slf4j public class DatabaseTrustStoreBackend implements TrustStoreBackend { - private ConfigurationController configurationController; + private final ConfigurationController configurationController; private final String databaseColumn; @@ -43,7 +51,25 @@ public boolean persist(byte[] keystore) { @Override public void init() { - // TODO + var keystoreBytes = configurationController.getProperty(TLSPluginConstants.PLUGIN_POINTNAME, databaseColumn); + if (keystoreBytes != null) { + log.debug("Using existing keystore from config column {}", databaseColumn); + return; + } + + try { + var keystore = KeyStore.getInstance(TLSPluginConstants.PKCS12); + keystore.load(null, new char[] {}); + + try (var baos = new ByteArrayOutputStream()) { + keystore.store(baos, new char[] {}); + persist(baos.toByteArray()); + } + + } catch (IOException | KeyStoreException | CertificateException | NoSuchAlgorithmException e) { + log.error("Error initializing keystore", e); + throw new RuntimeException(e); + } } @Override diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java index 2f482443c6..4b6e1904cd 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/FileTrustStoreBackend.java @@ -35,7 +35,7 @@ public class FileTrustStoreBackend implements TrustStoreBackend { private final Path keystorePath; - private char[] storepass; + private final char[] storepass; public FileTrustStoreBackend(String keystorePath) { this(keystorePath, System.getenv(TLSPluginConstants.ENV_PERSISTENCE_FS_TRUSTSTOREPASS)); From 247dc94636b9c687134fdacf60464a1b99460d4e Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 3 Nov 2025 14:34:28 +0200 Subject: [PATCH 157/360] Delegate client trust checking to X509ExtendedTrustManager --- .../revocation/DualCheckerTrustManager.java | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java index d22ded68aa..5efcc0e996 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -94,9 +94,20 @@ public DualCheckerTrustManager( } // --- JSSE delegation --- - @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } - @Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { } - @Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine e) throws CertificateException { } + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { + delegate.checkClientTrusted(chain, authType); + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { + delegate.checkClientTrusted(chain, authType, s); + } + + @Override + public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine e) throws CertificateException { + delegate.checkClientTrusted(chain, authType, e); + } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { From 1e757514543b7ef221b7489552e522f882be047c Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 3 Nov 2025 14:56:37 +0200 Subject: [PATCH 158/360] Use zero-length char[] for keystore passwords --- .../tlsmanager/server/backend/DatabaseTrustStoreBackend.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java index 5b1890a8bd..a5fe07c7a8 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/backend/DatabaseTrustStoreBackend.java @@ -59,10 +59,10 @@ public void init() { try { var keystore = KeyStore.getInstance(TLSPluginConstants.PKCS12); - keystore.load(null, new char[] {}); + keystore.load(null, new char[0]); try (var baos = new ByteArrayOutputStream()) { - keystore.store(baos, new char[] {}); + keystore.store(baos, new char[0]); persist(baos.toByteArray()); } From 816f2f61891c2571191a18503563891dbae5ace1 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Mon, 3 Nov 2025 17:43:44 +0200 Subject: [PATCH 159/360] Update certificate fetching logic and enhance useCertificates hook: Refactor useCertificates to support lazy loading of certificates by tab (native, trusted, private) and implement separate fetching functions for each tab. Update TlsManagement to utilize the new tab-based structure, improving user experience in managing certificates. Modify vite.config.js to point to the test API endpoint. --- src/hooks/useCertificates.js | 135 +++++++++++++++---- src/pages/TlsManagement.jsx | 4 +- src/services/tlsService.js | 240 +++++++++++++++++++++++++++++++++- src/utils/certificateUtils.js | 2 +- vite.config.js | 2 +- 5 files changed, 352 insertions(+), 31 deletions(-) diff --git a/src/hooks/useCertificates.js b/src/hooks/useCertificates.js index 2966f749ad..3a7a1deebc 100644 --- a/src/hooks/useCertificates.js +++ b/src/hooks/useCertificates.js @@ -1,52 +1,135 @@ -import { useEffect, useMemo, useState } from 'react' -import { fetchCertificates } from '../services/tlsService' +import { useCallback, useEffect, useMemo, useRef, useState } from 'react' +import { fetchSystemCertificates, fetchTrustedCertificates, fetchLocalCertificates } from '../services/tlsService' function normalize(text) { return (text || '').toLowerCase() } -export default function useCertificates() { - const [all, setAll] = useState([]) - const [loading, setLoading] = useState(true) - const [error, setError] = useState('') +/** + * Hook to manage certificates with lazy loading per tab + * @param {string} tabKey - The active tab key ('native', 'trusted', or 'private') + * @returns {Object} Certificate data and utilities + */ +export default function useCertificates(tabKey = 'native') { + // Store certificates per tab + const [certificatesByTab, setCertificatesByTab] = useState({ + native: [], + trusted: [], + private: [], + }) + + // Track loading state per tab + const [loadingByTab, setLoadingByTab] = useState({ + native: false, + trusted: false, + private: false, + }) + + // Track error state per tab + const [errorByTab, setErrorByTab] = useState({ + native: '', + trusted: '', + private: '', + }) - const loadCertificates = async () => { - setLoading(true) - setError('') + // Use refs to track state without causing re-renders or dependency issues + const certificatesByTabRef = useRef(certificatesByTab) + const loadingByTabRef = useRef(loadingByTab) + + // Keep refs in sync with state + useEffect(() => { + certificatesByTabRef.current = certificatesByTab + }, [certificatesByTab]) + + useEffect(() => { + loadingByTabRef.current = loadingByTab + }, [loadingByTab]) + + // Map tab keys to fetch functions + const fetchFunctions = { + native: fetchSystemCertificates, + trusted: fetchTrustedCertificates, + private: fetchLocalCertificates, + } + + const fetchByTab = useCallback(async (key, force = false) => { + // Check current state using refs to avoid stale closures + if (!force && (loadingByTabRef.current[key] || certificatesByTabRef.current[key].length > 0)) { + return + } + + setLoadingByTab((prev) => ({ ...prev, [key]: true })) + setErrorByTab((prev) => ({ ...prev, [key]: '' })) + try { - const data = await fetchCertificates() - setAll(data) + const fetchFn = fetchFunctions[key] + if (!fetchFn) { + throw new Error(`Unknown tab key: ${key}`) + } + + const data = await fetchFn() + setCertificatesByTab((prev) => ({ ...prev, [key]: data })) } catch (e) { - setError('Failed to load certificates') + console.error(`Failed to load ${key} certificates:`, e) + setErrorByTab((prev) => ({ ...prev, [key]: `Failed to load certificates` })) } finally { - setLoading(false) + setLoadingByTab((prev) => ({ ...prev, [key]: false })) } - } + }, []) // Empty dependencies - use refs to access current state + // Fetch certificates when tab changes useEffect(() => { - let cancelled = false - async function load() { - await loadCertificates() + if (tabKey && fetchFunctions[tabKey]) { + fetchByTab(tabKey) } - load() - return () => { cancelled = true } - }, []) + }, [tabKey, fetchByTab]) + + // Get current tab's certificates + const currentTabCertificates = certificatesByTab[tabKey] || [] + const currentLoading = loadingByTab[tabKey] || false + const currentError = errorByTab[tabKey] || '' + + // Combine all certificates for counts and filtering + const all = useMemo(() => { + return [ + ...certificatesByTab.native, + ...certificatesByTab.trusted, + ...certificatesByTab.private, + ] + }, [certificatesByTab]) const filterBy = (storeKey, search) => { const q = normalize(search) - return all.filter((c) => c.store === storeKey).filter((c) => { + const tabCertificates = certificatesByTab[storeKey] || [] + return tabCertificates.filter((c) => { if (!q) return true return normalize(c.alias).includes(q) || normalize(c.name).includes(q) || normalize(c.subject).includes(q) }) } const counts = useMemo(() => ({ - native: all.filter((c) => c.store === 'native').length, - trusted: all.filter((c) => c.store === 'trusted').length, - private: all.filter((c) => c.store === 'private').length, - }), [all]) + native: certificatesByTab.native.length, + trusted: certificatesByTab.trusted.length, + private: certificatesByTab.private.length, + }), [certificatesByTab]) - return { all, loading, error, counts, filterBy, refetch: loadCertificates } + // Refetch function for current tab + const refetch = async () => { + if (tabKey && fetchFunctions[tabKey]) { + // Clear current tab's data and force reload + setCertificatesByTab((prev) => ({ ...prev, [tabKey]: [] })) + await fetchByTab(tabKey, true) + } + } + + return { + all, + loading: currentLoading, + error: currentError, + counts, + filterBy, + refetch + } } diff --git a/src/pages/TlsManagement.jsx b/src/pages/TlsManagement.jsx index 1a7e84dd33..36e7b97cf4 100644 --- a/src/pages/TlsManagement.jsx +++ b/src/pages/TlsManagement.jsx @@ -17,12 +17,12 @@ import RemoveCertificateDialog from '../components/RemoveCertificateDialog' import { useNotification } from '../context/NotificationContext' export default function TlsManagement() { - const { all, counts, filterBy, loading, error, refetch } = useCertificates() - const { showSuccess, showError } = useNotification() const [params, setParams] = useSearchParams() const tabKeys = ['native', 'trusted', 'private'] const initialKey = params.get('tab') && tabKeys.includes(params.get('tab')) ? params.get('tab') : 'native' const [tabKey, setTabKey] = useState(initialKey) + const { all, counts, filterBy, loading, error, refetch } = useCertificates(tabKey) + const { showSuccess, showError } = useNotification() const [search, setSearch] = useState('') const [dialogOpen, setDialogOpen] = useState(false) diff --git a/src/services/tlsService.js b/src/services/tlsService.js index 6ebd2d950d..365b705f78 100644 --- a/src/services/tlsService.js +++ b/src/services/tlsService.js @@ -11,7 +11,7 @@ */ import { parseCertificate, pemToBase64, privateKeyPemToBase64 } from '../utils/certificateUtils.js' -// import { api } from './api.js' // Uncomment when API is ready +import { api } from './api.js' // === INTERNAL STORE (remove when switching to real API) === // Internal store to simulate API - starts empty @@ -102,6 +102,244 @@ function getChannelsForCertificate(store, alias, assignments) { return storeAssignments[alias] || [] } +/** + * Fetch system certificates (native store) + * @returns {Promise} Array of parsed certificate objects + */ +export async function fetchSystemCertificates() { + try { + const response = await api.get('/api/tlsmanager/systemCertificates') + const data = response.data + + // Handle response structure: { list: { trustedCertificate: [{ alias, certificate }] } } or { list: { trustedCertificate: {} } } + const certificates = [] + const certList = data?.list?.trustedCertificate + + // Handle both array and object formats + let certArray = [] + if (Array.isArray(certList)) { + certArray = certList + } else if (certList && typeof certList === 'object') { + // If it's a single object, wrap it in an array + certArray = [certList] + } + + for (const cert of certArray) { + // Skip certificates with missing or empty certificate data + if (!cert.certificate || !cert.certificate.trim()) { + console.warn(`Skipping certificate with empty certificate data for alias: ${cert.alias || 'unknown'}`) + continue + } + + const parsed = await parseCertificate(cert.certificate) + + // Skip certificates that failed to parse (they have an error field) + if (parsed.error) { + console.warn(`Failed to parse certificate for alias "${cert.alias}": ${parsed.error}`) + // Still include it in the list but mark it as invalid + certificates.push({ + alias: cert.alias, + name: cert.alias, + type: 'Invalid', + subject: `Parse Error: ${parsed.error}`, + issuer: 'Unknown', + validFrom: 'Unknown', + validTo: 'Unknown', + fingerprintSha1: 'Unknown', + hasPrivateKey: false, + store: 'native', + rawCertificate: cert.certificate, + parsedCertificate: parsed, + }) + continue + } + + certificates.push({ + alias: cert.alias, + name: parsed.subject?.CN || cert.alias, + type: parsed.type || 'Unknown', + subject: parsed.subjectStr || 'Unknown', + issuer: parsed.issuerStr || 'Unknown', + validFrom: parsed.validFrom, + validTo: parsed.validTo, + fingerprintSha1: parsed.fingerprintSha1, + hasPrivateKey: false, + store: 'native', + rawCertificate: cert.certificate, + parsedCertificate: parsed, + }) + } + + return certificates + } catch (error) { + console.error('Failed to fetch system certificates:', error) + throw new Error('Failed to fetch system certificates from server') + } +} + +/** + * Fetch trusted certificates + * @returns {Promise} Array of parsed certificate objects + */ +export async function fetchTrustedCertificates() { + try { + const response = await api.get('/api/tlsmanager/trustedCertificates') + const data = response.data + + // Handle response structure: { list: { trustedCertificate: [{ alias, certificate }] } } + const certificates = [] + const certList = data?.list?.trustedCertificate || [] + + // Handle both array and object formats + let certArray = [] + if (Array.isArray(certList)) { + certArray = certList + } else if (certList && typeof certList === 'object') { + // If it's a single object, wrap it in an array + certArray = [certList] + } + + // Get channel assignments (still using mock for now) + const channelAssignments = getOrCreateChannelAssignments() + + for (const cert of certArray) { + // Skip certificates with missing or empty certificate data + if (!cert.certificate || !cert.certificate.trim()) { + console.warn(`Skipping trusted certificate with empty certificate data for alias: ${cert.alias || 'unknown'}`) + continue + } + + const parsed = await parseCertificate(cert.certificate) + const channelsInUse = getChannelsForCertificate('trusted', cert.alias, channelAssignments) + + // Handle parse errors gracefully + if (parsed.error) { + console.warn(`Failed to parse trusted certificate for alias "${cert.alias}": ${parsed.error}`) + certificates.push({ + alias: cert.alias, + name: cert.alias, + type: 'Invalid', + subject: `Parse Error: ${parsed.error}`, + issuer: 'Unknown', + validFrom: 'Unknown', + validTo: 'Unknown', + fingerprintSha1: 'Unknown', + hasPrivateKey: false, + store: 'trusted', + channelsInUse: channelsInUse, + rawCertificate: cert.certificate, + parsedCertificate: parsed, + }) + continue + } + + certificates.push({ + alias: cert.alias, + name: parsed.subject?.CN || cert.alias, + type: parsed.type || 'Unknown', + subject: parsed.subjectStr || 'Unknown', + issuer: parsed.issuerStr || 'Unknown', + validFrom: parsed.validFrom, + validTo: parsed.validTo, + fingerprintSha1: parsed.fingerprintSha1, + hasPrivateKey: false, + store: 'trusted', + channelsInUse: channelsInUse, + rawCertificate: cert.certificate, + parsedCertificate: parsed, + }) + } + + return certificates + } catch (error) { + console.error('Failed to fetch trusted certificates:', error) + throw new Error('Failed to fetch trusted certificates from server') + } +} + +/** + * Fetch local certificates (private store) + * @returns {Promise} Array of parsed certificate objects with private keys + */ +export async function fetchLocalCertificates() { + try { + const response = await api.get('/api/tlsmanager/localCertificates') + const data = response.data + + // Handle response structure: { list: { localCertificate: [{ alias, certificate, key }] } } + const certificates = [] + const certList = data?.list?.localCertificate || [] + + // Handle both array and object formats + let certArray = [] + if (Array.isArray(certList)) { + certArray = certList + } else if (certList && typeof certList === 'object') { + // If it's a single object, wrap it in an array + certArray = [certList] + } + + // Get channel assignments (still using mock for now) + const channelAssignments = getOrCreateChannelAssignments() + + for (const cert of certArray) { + // Skip certificates with missing or empty certificate data + if (!cert.certificate || !cert.certificate.trim()) { + console.warn(`Skipping local certificate with empty certificate data for alias: ${cert.alias || 'unknown'}`) + continue + } + + const parsed = await parseCertificate(cert.certificate) + const channelsInUse = getChannelsForCertificate('private', cert.alias, channelAssignments) + + // Handle parse errors gracefully + if (parsed.error) { + console.warn(`Failed to parse local certificate for alias "${cert.alias}": ${parsed.error}`) + certificates.push({ + alias: cert.alias, + name: cert.alias, + type: 'Invalid', + subject: `Parse Error: ${parsed.error}`, + issuer: 'Unknown', + validFrom: 'Unknown', + validTo: 'Unknown', + fingerprintSha1: 'Unknown', + hasPrivateKey: true, + store: 'private', + channelsInUse: channelsInUse, + rawCertificate: cert.certificate, + rawPrivateKey: cert.key, // Include private key in response + parsedCertificate: parsed, + }) + continue + } + + certificates.push({ + alias: cert.alias, + name: parsed.subject?.CN || cert.alias, + type: parsed.type || 'Unknown', + subject: parsed.subjectStr || 'Unknown', + issuer: parsed.issuerStr || 'Unknown', + validFrom: parsed.validFrom, + validTo: parsed.validTo, + fingerprintSha1: parsed.fingerprintSha1, + hasPrivateKey: true, + store: 'private', + channelsInUse: channelsInUse, + rawCertificate: cert.certificate, + rawPrivateKey: cert.key, // Include private key in response + parsedCertificate: parsed, + }) + } + + return certificates + } catch (error) { + console.error('Failed to fetch local certificates:', error) + throw new Error('Failed to fetch local certificates from server') + } +} + +// Legacy function - kept for backward compatibility, but should use tab-specific functions instead export async function fetchCertificates() { try { // === INTERNAL STORE (for development) === diff --git a/src/utils/certificateUtils.js b/src/utils/certificateUtils.js index b67ed71d0e..a446b88a4b 100644 --- a/src/utils/certificateUtils.js +++ b/src/utils/certificateUtils.js @@ -8,7 +8,7 @@ import forge from 'node-forge' export function parseCertificate(base64Pem) { try { - const pemString = base64ToPem(base64Pem) + const pemString = base64Pem // Parse the PEM certificate const cert = forge.pki.certificateFromPem(pemString) diff --git a/vite.config.js b/vite.config.js index 60fed1784b..023d874fa7 100644 --- a/vite.config.js +++ b/vite.config.js @@ -11,7 +11,7 @@ export default defineConfig({ allowedHosts: ['localhost', '127.0.0.1', '0.0.0.0', '778ded44be8d.ngrok-free.app'], proxy: { "/api": { - target: "https://oie-1.quantis.health", + target: "https://oie-test.quantis.health", changeOrigin: true, secure: true, }, From f975264ee9251ae6b7b8cd1a474e8ffb86c47f55 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 3 Nov 2025 17:45:48 +0200 Subject: [PATCH 160/360] Add default values for connector properties --- .../properties/TLSListenerProperties.java | 29 ++++++++++++++----- .../properties/TLSSenderProperties.java | 27 +++++++++++++---- 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java index 74a9c7dd0d..91ed2a9405 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java @@ -13,6 +13,7 @@ import java.util.Collections; import java.util.Map; +import java.util.Objects; import java.util.Set; @Getter @@ -64,23 +65,37 @@ public TLSListenerProperties() { } public TLSListenerProperties(TLSListenerProperties props) { + var defaults = new TLSListenerProperties(); + isTlsManagerEnabled = props.isTlsManagerEnabled(); serverCertificateAlias = props.getServerCertificateAlias(); - clientAuthMode = props.getClientAuthMode(); - - subjectDnValidationMode = props.getSubjectDnValidationMode(); + subjectDnValidationMode = Objects.requireNonNullElse( + props.getSubjectDnValidationMode(), + defaults.getSubjectDnValidationMode() + ); subjectDnValidationFilter = props.getSubjectDnValidationFilter(); - crlMode = props.getCrlMode(); - ocspMode = props.getOcspMode(); + clientAuthMode = Objects.requireNonNullElse( + props.getClientAuthMode(), + defaults.getClientAuthMode() + ); + + crlMode = Objects.requireNonNullElse(props.getCrlMode(), defaults.getCrlMode()); + ocspMode = Objects.requireNonNullElse(props.getOcspMode(), defaults.getOcspMode()); isUseServerDefaultProtocols = props.isUseServerDefaultProtocols(); - usedProtocols = props.getUsedProtocols(); + usedProtocols = Objects.requireNonNullElse( + props.getUsedProtocols(), + defaults.getUsedProtocols() + ); isUseServerDefaultCiphers = props.isUseServerDefaultCiphers(); - usedCiphers = props.getUsedCiphers(); + usedCiphers = Objects.requireNonNullElse( + props.getUsedCiphers(), + defaults.getUsedCiphers() + ); } @Override diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java index 4c15de05f7..28d1d9d8db 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSSenderProperties.java @@ -28,6 +28,7 @@ import java.util.Collections; import java.util.Map; +import java.util.Objects; import java.util.Set; @Getter @@ -86,23 +87,37 @@ public TLSSenderProperties() { } public TLSSenderProperties(TLSSenderProperties props) { + var defaults = new TLSSenderProperties(); + isTlsManagerEnabled = props.isTlsManagerEnabled(); isServerCertificateValidationEnabled = props.isServerCertificateValidationEnabled(); - subjectDnValidationMode = props.getSubjectDnValidationMode(); + subjectDnValidationMode = Objects.requireNonNullElse( + props.getSubjectDnValidationMode(), + defaults.getSubjectDnValidationMode() + ); subjectDnValidationFilter = props.getSubjectDnValidationFilter(); - crlMode = props.getCrlMode(); - ocspMode = props.getOcspMode(); + crlMode = Objects.requireNonNullElse(props.getCrlMode(), defaults.getCrlMode()); + ocspMode = Objects.requireNonNullElse(props.getOcspMode(), defaults.getOcspMode()); trustSystemTruststore = props.isTrustSystemTruststore(); - trustedServerCertificates = props.getTrustedServerCertificates(); + trustedServerCertificates = Objects.requireNonNullElse( + props.getTrustedServerCertificates(), + defaults.getTrustedServerCertificates() + ); isUseServerDefaultProtocols = props.isUseServerDefaultProtocols(); - usedProtocols = props.getUsedProtocols(); + usedProtocols = Objects.requireNonNullElse( + props.getUsedProtocols(), + defaults.getUsedProtocols() + ); isUseServerDefaultCiphers = props.isUseServerDefaultCiphers(); - usedCiphers = props.getUsedCiphers(); + usedCiphers = Objects.requireNonNullElse( + props.getUsedCiphers(), + defaults.getUsedCiphers() + ); isHostnameVerificationEnabled = props.isHostnameVerificationEnabled(); clientCertificateAlias = props.getClientCertificateAlias(); From c6fc57e7784b894d930f3cec4b4babeeb379a3e2 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 3 Nov 2025 18:03:24 +0200 Subject: [PATCH 161/360] Add stuff to make mTLS mostly work --- .../ListenerConnectorPropertiesPanel.java | 98 +++++++++++++++++-- .../panel/SenderConnectorPropertiesPanel.java | 3 +- .../server/SocketFactoryService.java | 38 +++++-- .../connectorconfig/TLSHttpConfiguration.java | 29 ++++-- .../revocation/DualCheckerTrustManager.java | 46 ++++++--- .../properties/TLSListenerProperties.java | 13 +++ 6 files changed, 185 insertions(+), 42 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java index fcb12d70c8..4e7c35ec2f 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java @@ -31,6 +31,7 @@ import java.awt.event.KeyAdapter; import java.awt.event.KeyEvent; import java.time.Instant; +import java.util.ArrayList; import java.util.Collections; import java.util.HashSet; import java.util.Map; @@ -48,12 +49,14 @@ public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertie private MirthRadioButton clientAuthRadioRequested; private MirthRadioButton clientAuthRadioRequired; + private JLabel trustedIssuersLabel; + private JButton trustedIssuersButton; + private JLabel trustedIssuersText; + private JLabel serverCertificateLabel; private JButton serverCertificateButton; private JLabel serverCertificateText; - // Trusted client certs picker - private JLabel subjectDnValidationLabel; private MirthComboBox subjectDnValidationModeComboBox; private MirthTextField subjectDnValidationFilterTextField; @@ -75,6 +78,7 @@ public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertie private final Frame parentFrame; private TLSListenerProperties properties; + private Set publicCertificates; private Set serverCertificates; private Set supportedProtocols; private Set supportedCiphers; @@ -82,8 +86,9 @@ public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertie public ListenerConnectorPropertiesPanel() { this.parentFrame = PlatformUI.MIRTH_FRAME; this.properties = new TLSListenerProperties(); - this.serverCertificates = new HashSet<>(); + this.publicCertificates = new HashSet<>(); + this.serverCertificates = new HashSet<>(); this.supportedProtocols = new HashSet<>(); this.supportedCiphers = new HashSet<>(); @@ -180,21 +185,48 @@ private void initComponents() { clientAuthRadioNone = new MirthRadioButton(); clientAuthRadioNone.setText("None"); clientAuthRadioNone.setBackground(Color.white); - clientAuthRadioNone.addActionListener(e -> properties.setClientAuthMode(ClientAuthMode.NONE)); + clientAuthRadioNone.addActionListener(e -> handleClientAuthModeChange(ClientAuthMode.NONE, true)); clientAuthModeButtonGroup.add(clientAuthRadioNone); clientAuthRadioRequested = new MirthRadioButton(); clientAuthRadioRequested.setText("Requested"); clientAuthRadioRequested.setBackground(Color.white); - clientAuthRadioRequested.addActionListener(e -> properties.setClientAuthMode(ClientAuthMode.REQUESTED)); + clientAuthRadioRequested.addActionListener(e -> handleClientAuthModeChange(ClientAuthMode.REQUESTED, true)); clientAuthModeButtonGroup.add(clientAuthRadioRequested); clientAuthRadioRequired = new MirthRadioButton(); clientAuthRadioRequired.setText("Required"); clientAuthRadioRequired.setBackground(Color.white); - clientAuthRadioRequired.addActionListener(e -> properties.setClientAuthMode(ClientAuthMode.REQUIRED)); + clientAuthRadioRequired.addActionListener(e -> handleClientAuthModeChange(ClientAuthMode.REQUIRED, true)); clientAuthModeButtonGroup.add(clientAuthRadioRequired); + trustedIssuersLabel = new JLabel("Trusted Issuers:"); + trustedIssuersButton = new JButton(wrenchIcon); + trustedIssuersButton.addActionListener(e -> { + BiConsumer> completionConsumer = (isTrustSystemTrustStoreEnabled, selectedCertificates) -> { + properties.setTrustSystemTruststore(isTrustSystemTrustStoreEnabled); + if (isTrustSystemTrustStoreEnabled) { + properties.setTrustedServerCertificates(Collections.emptySet()); + } else { + properties.setTrustedServerCertificates(selectedCertificates); + } + + redrawState(); + PlatformUI.MIRTH_FRAME.setSaveEnabled(true); + }; + + new ItemPickerDialog( + PlatformUI.MIRTH_FRAME, + "Trusted Issuers Picker", + publicCertificates, + properties.getTrustedServerCertificates(), + properties.isTrustSystemTruststore(), + "[Server default]", + completionConsumer + ); + }); + trustedIssuersText = new JLabel(); + var comboBoxRenderer = new DisplayTextEnumModeComboBoxRenderer(); var subjectDnValidationModeModel = new SubjectDnValidationMode[]{ @@ -306,6 +338,10 @@ private void initLayout() { add(clientAuthRadioRequested, "split"); add(clientAuthRadioRequired); + add(trustedIssuersLabel, "newline, right"); + add(trustedIssuersButton, "h 22!, w 22!, split"); + add(trustedIssuersText); + add(subjectDnValidationLabel, "newline, right"); add(subjectDnValidationModeComboBox, "split"); add(subjectDnValidationFilterTextField, "w 168!"); @@ -325,6 +361,17 @@ private void initLayout() { add(ciphersText); } + private void handleClientAuthModeChange(ClientAuthMode authMode, boolean persistChanges) { + if (persistChanges) { + properties.setClientAuthMode(authMode); + } + + var issuerSelectorEnabled = authMode != ClientAuthMode.NONE; + trustedIssuersLabel.setEnabled(issuerSelectorEnabled); + trustedIssuersButton.setEnabled(issuerSelectorEnabled); + trustedIssuersText.setEnabled(issuerSelectorEnabled); + } + private void handleSubjectDnValidationModeChange() { if (subjectDnValidationModeComboBox.getSelectedItem() instanceof SubjectDnValidationMode validationMode) { properties.setSubjectDnValidationMode(validationMode); @@ -356,6 +403,14 @@ private void handleManagerEnabledButton(boolean managerEnabled) { clientAuthRadioRequested.setEnabled(managerEnabled); clientAuthRadioRequired.setEnabled(managerEnabled); + if (managerEnabled) { + handleClientAuthModeChange(properties.getClientAuthMode(), false); + } else { + trustedIssuersLabel.setEnabled(false); + trustedIssuersButton.setEnabled(false); + trustedIssuersText.setEnabled(false); + } + subjectDnValidationLabel.setEnabled(managerEnabled); subjectDnValidationModeComboBox.setEnabled(managerEnabled); subjectDnValidationFilterTextField.setEnabled(managerEnabled); @@ -395,6 +450,26 @@ private void redrawState() { log("Unable to determine client auth mode: %s. Using NONE"); } + handleClientAuthModeChange(properties.getClientAuthMode(), false); + + var thingsToTrust = new ArrayList(); + if (properties.isTrustSystemTruststore()) { + thingsToTrust.add("System Truststore"); + } + + if (properties.getTrustedServerCertificates() != null && !properties.getTrustedServerCertificates().isEmpty()) { + var count = properties.getTrustedServerCertificates().size(); + var plural = (count == 1) ? "" : "s"; + thingsToTrust.add("%d certificate%s".formatted(count, plural)); + } + + var serverCertificatesText = "Trusting %s".formatted( + thingsToTrust.isEmpty() + ? "no one >:C" + : String.join(" and ", thingsToTrust) + ); + trustedIssuersText.setText(serverCertificatesText); + subjectDnValidationModeComboBox.setSelectedItem(properties.getSubjectDnValidationMode()); subjectDnValidationFilterTextField.setEnabled(properties.getSubjectDnValidationMode() != SubjectDnValidationMode.NONE); subjectDnValidationFilterTextField.setText(properties.getSubjectDnValidationFilter()); @@ -419,22 +494,25 @@ private void fetchData() { final var workerId = PlatformUI.MIRTH_FRAME.startWorking("Fetching data..."); var worker = new SwingWorker() { - private Set aliasSet; + private Set publicCertAliasSet; + private Set clientCertAliasSet; private Map cryptoMap; public Void doInBackground() { try { - aliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getClientCertificates(); + publicCertAliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getPublicCertificates(); + clientCertAliasSet = PlatformUI.MIRTH_FRAME.mirthClient.getServlet(TLSServletInterface.class).getClientCertificates(); cryptoMap = PlatformUI.MIRTH_FRAME.mirthClient.getProtocolsAndCipherSuites(); } catch (Exception e) { - PlatformUI.MIRTH_FRAME.alertThrowable(PlatformUI.MIRTH_FRAME, e, "Fetching imported client certificates failed"); + PlatformUI.MIRTH_FRAME.alertThrowable(PlatformUI.MIRTH_FRAME, e, "Fetching imported certificates failed"); } return null; } public void done() { - serverCertificates = aliasSet; + serverCertificates = clientCertAliasSet; + publicCertificates = publicCertAliasSet; supportedProtocols = Set.of( cryptoMap.get(MirthSSLUtil.KEY_ENABLED_SERVER_PROTOCOLS) ); diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java index 111340ec2d..4aa69f7058 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java @@ -669,7 +669,7 @@ private void redrawState() { thingsToTrust.add("System Truststore"); } - if (!properties.getTrustedServerCertificates().isEmpty()) { + if (properties.getTrustedServerCertificates() != null && !properties.getTrustedServerCertificates().isEmpty()) { var count = properties.getTrustedServerCertificates().size(); var plural = (count == 1) ? "" : "s"; thingsToTrust.add("%d certificate%s".formatted(count, plural)); @@ -735,7 +735,6 @@ public void done() { cryptoMap.get(MirthSSLUtil.KEY_ENABLED_CIPHER_SUITES) ); - PlatformUI.MIRTH_FRAME.stopWorking(workingId); } }; diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index 870297ae69..c7a171aa99 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -68,6 +68,7 @@ public WeirdIntermediaryContextContainer generateTLSContext(Connector connector, var dualcheckerTrustManager = new DualCheckerTrustManager( truststore, + null, properties.getSubjectDnValidationMode(), properties.getSubjectDnValidationFilter(), properties.getOcspMode(), @@ -113,6 +114,19 @@ public WeirdIntermediaryContextContainer generateTLSContext(Connector connector, } public WeirdIntermediaryListenerContextContainer generateTLSContext(Connector connector, TLSListenerProperties properties) { + var keystore = certificateService.getKeyStore(properties.getServerCertificateAlias()); + var truststore = certificateService.getTrustStoreFromProperties(properties.isTrustSystemTruststore(), properties.getTrustedServerCertificates(), connector); + + var dualcheckerTrustManager = new DualCheckerTrustManager( + truststore, + keystore, + properties.getSubjectDnValidationMode(), + properties.getSubjectDnValidationFilter(), + properties.getOcspMode(), + properties.getCrlMode(), + null + ); + var protocolArray = properties.isUseServerDefaultProtocols() ? MirthSSLUtil.getEnabledHttpsProtocols(configurationController.getHttpsServerProtocols()) : MirthSSLUtil.getEnabledHttpsProtocols(properties.getUsedProtocols().toArray(new String[0])); @@ -125,13 +139,23 @@ public WeirdIntermediaryListenerContextContainer generateTLSContext(Connector co ? SSLConnectionSocketFactory.getDefaultHostnameVerifier() : NoopHostnameVerifier.INSTANCE; - var keystore = certificateService.getKeyStore(properties.getServerCertificateAlias()); + try { + var keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + keyManagerFactory.init(keystore, new char[0]); - return new WeirdIntermediaryListenerContextContainer( - protocolArray, - cipherArray, - hostnameVerificationStrategy, - keystore - ); + var sslContext = SSLContext.getInstance("TLS"); + sslContext.init(keyManagerFactory.getKeyManagers(), new TrustManager[] { dualcheckerTrustManager }, null); + + return new WeirdIntermediaryListenerContextContainer( + protocolArray, + cipherArray, + hostnameVerificationStrategy, + keystore, + sslContext + ); + } catch (Exception e) { + log.error("Error generating SSLContext", e); + throw new RuntimeException(e); + } } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java index c576353d38..5a9fc1dfae 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java @@ -98,20 +98,29 @@ public void configureReceiver(HttpReceiver connector) throws Exception { httpConfig.setSendServerVersion(false); httpConfig.setSendXPoweredBy(false); - var ssl = new SslContextFactory.Server(); - ssl.setIncludeProtocols(tlsContext.protocols()); - ssl.setIncludeCipherSuites(tlsContext.ciphers()); + var sslContextFactory = new SslContextFactory.Server(); + sslContextFactory.setSslContext(tlsContext.sslContext()); - ssl.setWantClientAuth(ClientAuthMode.REQUIRED == tlsConnectorProperties.getClientAuthMode()); - ssl.setNeedClientAuth(ClientAuthMode.REQUIRED == tlsConnectorProperties.getClientAuthMode()); + // Clear Jetty defaults + sslContextFactory.setExcludeProtocols(); + sslContextFactory.setExcludeCipherSuites(); - ssl.setKeyStore(tlsContext.keyStore()); - ssl.setKeyStoreType(PKCS12); - ssl.setCertAlias(tlsConnectorProperties.getServerCertificateAlias()); - ssl.setKeyStorePassword(""); + sslContextFactory.setIncludeProtocols(tlsContext.protocols()); + sslContextFactory.setIncludeCipherSuites(tlsContext.ciphers()); + + if (ClientAuthMode.REQUESTED == tlsConnectorProperties.getClientAuthMode()) { + sslContextFactory.setWantClientAuth(true); + } else if (ClientAuthMode.REQUIRED == tlsConnectorProperties.getClientAuthMode()) { + sslContextFactory.setNeedClientAuth(true); + } + + sslContextFactory.setKeyStore(tlsContext.keyStore()); + sslContextFactory.setKeyStoreType(PKCS12); + sslContextFactory.setKeyStorePassword(""); + sslContextFactory.setCertAlias(tlsConnectorProperties.getServerCertificateAlias()); var http11 = new HttpConnectionFactory(httpConfig); - var tls = new SslConnectionFactory(ssl, HttpVersion.HTTP_1_1.asString()); + var tls = new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()); var listener = new ServerConnector(connector.getServer(), tls, http11); diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java index 5efcc0e996..83b19abcbe 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -19,10 +19,12 @@ import javax.naming.InvalidNameException; import javax.naming.ldap.LdapName; import javax.net.ssl.ExtendedSSLSession; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509ExtendedTrustManager; import javax.security.auth.x500.X500Principal; import java.io.ByteArrayInputStream; @@ -57,24 +59,28 @@ public final class DualCheckerTrustManager extends X509ExtendedTrustManager { private final KeyStore trustStore; + private final KeyStore keyStore; private final SubjectDnValidationMode subjectDnValidationMode; private final String subjectDnValidationFilter; private final RevocationMode ocspMode, crlMode; private final Collection preloadedCrls; // optional (in addition to CRLDP) - private final X509ExtendedTrustManager delegate; + private final X509ExtendedTrustManager trustManagerDelegate; + private final X509ExtendedKeyManager keyManagerDelegate; public DualCheckerTrustManager( KeyStore trustStore, + KeyStore keyStore, SubjectDnValidationMode subjectDnValidationMode, - String getSubjectDnValidationFilter, + String subjectDnValidationFilter, RevocationMode ocspMode, RevocationMode crlMode, Collection preloadedCrls ) { this.trustStore = trustStore; + this.keyStore = keyStore; this.subjectDnValidationMode = subjectDnValidationMode; - this.subjectDnValidationFilter = getSubjectDnValidationFilter; + this.subjectDnValidationFilter = subjectDnValidationFilter; this.ocspMode = ocspMode; this.crlMode = crlMode; this.preloadedCrls = preloadedCrls == null ? List.of() : preloadedCrls; @@ -83,11 +89,20 @@ public DualCheckerTrustManager( var tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); - delegate = Arrays.stream(tmf.getTrustManagers()) + var kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(keyStore, null); + + trustManagerDelegate = Arrays.stream(tmf.getTrustManagers()) .filter(X509ExtendedTrustManager.class::isInstance) .map(X509ExtendedTrustManager.class::cast) .findFirst() .orElseThrow(() -> new IllegalStateException("No default X509ExtendedTrustManager found")); + + keyManagerDelegate = Arrays.stream(kmf.getKeyManagers()) + .filter(X509ExtendedKeyManager.class::isInstance) + .map(X509ExtendedKeyManager.class::cast) + .findFirst() + .orElseThrow(() -> new IllegalStateException("No default X509ExtendedKeyManager found")); } catch (Exception e) { throw new RuntimeException("Failed to initialize TrustManager", e); } @@ -96,29 +111,30 @@ public DualCheckerTrustManager( // --- JSSE delegation --- @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { - delegate.checkClientTrusted(chain, authType); + trustManagerDelegate.checkClientTrusted(chain, authType); } @Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { - delegate.checkClientTrusted(chain, authType, s); + trustManagerDelegate.checkClientTrusted(chain, authType, s); } @Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine e) throws CertificateException { - delegate.checkClientTrusted(chain, authType, e); + trustManagerDelegate.checkClientTrusted(chain, authType, e); + validateClientTrusted(chain, authType, e); } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { - delegate.checkServerTrusted(chain, authType); - validate(chain, null); + trustManagerDelegate.checkServerTrusted(chain, authType); + validateServerTrusted(chain, null); } @Override public void checkServerTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { - delegate.checkServerTrusted(chain, authType, s); - validate(chain, s); + trustManagerDelegate.checkServerTrusted(chain, authType, s); + validateServerTrusted(chain, s); } @Override @@ -127,9 +143,9 @@ public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngi } @Override - public X509Certificate[] getAcceptedIssuers() { return delegate.getAcceptedIssuers(); } + public X509Certificate[] getAcceptedIssuers() { return trustManagerDelegate.getAcceptedIssuers(); } - private void validate(X509Certificate[] chain, Socket socket) throws CertificateException { + private void validateServerTrusted(X509Certificate[] chain, Socket socket) throws CertificateException { try { var certificateFactory = CertificateFactory.getInstance("X.509"); var certPath = certificateFactory.generateCertPath(List.of(chain)); @@ -216,6 +232,10 @@ private void validate(X509Certificate[] chain, Socket socket) throws Certificate } } + private void validateClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException { + + } + // ---- Pass A: OCSP-only ---- private void pkixOcspOnly(CertPath path, boolean softFail) throws GeneralSecurityException { var params = new PKIXParameters(trustStore); diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java index 91ed2a9405..1d90d8f3f8 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/properties/TLSListenerProperties.java @@ -32,6 +32,10 @@ public class TLSListenerProperties extends ConnectorPluginProperties { private ClientAuthMode clientAuthMode; + // Truststore to use for mtls client cert validation + private boolean trustSystemTruststore; + private Set trustedServerCertificates; + // Certificate revocation modes private RevocationMode crlMode; private RevocationMode ocspMode; @@ -54,6 +58,9 @@ public TLSListenerProperties() { clientAuthMode = ClientAuthMode.NONE; + trustSystemTruststore = true; + trustedServerCertificates = Collections.emptySet(); + crlMode = RevocationMode.HARD_FAIL; ocspMode = RevocationMode.HARD_FAIL; @@ -82,6 +89,12 @@ public TLSListenerProperties(TLSListenerProperties props) { defaults.getClientAuthMode() ); + trustSystemTruststore = props.isTrustSystemTruststore(); + trustedServerCertificates = Objects.requireNonNullElse( + props.getTrustedServerCertificates(), + defaults.getTrustedServerCertificates() + ); + crlMode = Objects.requireNonNullElse(props.getCrlMode(), defaults.getCrlMode()); ocspMode = Objects.requireNonNullElse(props.getOcspMode(), defaults.getOcspMode()); From 1523b9d1787eca753bff720d63470d22ef69bf58 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 3 Nov 2025 18:04:55 +0200 Subject: [PATCH 162/360] Commit leftovers, too --- .../models/WeirdIntermediaryListenerContextContainer.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java index 2d314e4d87..1f2ad4c836 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java @@ -1,11 +1,13 @@ package org.openintegrationengine.tlsmanager.shared.models; import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; import java.security.KeyStore; public record WeirdIntermediaryListenerContextContainer( String[] protocols, String[] ciphers, HostnameVerifier hostnameVerifier, - KeyStore keyStore + KeyStore keyStore, + SSLContext sslContext ) {} From 765989f5b9276bfba7b5eb1cebe4caf937829a16 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 4 Nov 2025 14:29:39 +0200 Subject: [PATCH 163/360] Enhance certificate management components: Add currentCertificates prop to EditAliasDialog, ImportCertificateDialogContent, and RemoveCertificateDialog for improved context during operations. Update related functions in tlsService to utilize currentCertificates for more efficient certificate updates and removals. Modify TlsManagement to pass current certificates based on selected store, enhancing overall user experience in managing certificates. --- src/components/EditAliasDialog.jsx | 4 +- .../ImportCertificateDialogContent.jsx | 3 +- src/components/RemoveCertificateDialog.jsx | 3 +- src/hooks/useCertificates.js | 16 +- src/pages/TlsManagement.jsx | 5 +- src/services/tlsService.js | 327 ++++++++---------- 6 files changed, 175 insertions(+), 183 deletions(-) diff --git a/src/components/EditAliasDialog.jsx b/src/components/EditAliasDialog.jsx index ff15fcf557..bd1bfe4c71 100644 --- a/src/components/EditAliasDialog.jsx +++ b/src/components/EditAliasDialog.jsx @@ -21,6 +21,7 @@ export default function EditAliasDialog({ open, onClose, certificate, + currentCertificates = null, onSuccess }) { const [showConfirmDialog, setShowConfirmDialog] = useState(false) @@ -59,7 +60,8 @@ export default function EditAliasDialog({ const result = await updateCertificateAlias( certificate.store, certificate.alias, - newAlias + newAlias, + currentCertificates ) if (result.success) { onSuccess?.(result.data) diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index 718b08cfd4..f0b85008c0 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -19,6 +19,7 @@ import { verifyCertificate } from '../utils/verificationUtils.js' export default function ImportCertificateDialogContent({ targetStore = 'trusted', + currentCertificates = null, onCancel, onSubmit, onSuccess, @@ -117,7 +118,7 @@ export default function ImportCertificateDialogContent({ alias, pemText, privateKeyText: targetStore === 'private' ? privateKeyText : undefined, - }) + }, currentCertificates) if (result.success) { onSuccess?.(result.data) onSubmit?.() diff --git a/src/components/RemoveCertificateDialog.jsx b/src/components/RemoveCertificateDialog.jsx index c49cebb83f..a6a72f1341 100644 --- a/src/components/RemoveCertificateDialog.jsx +++ b/src/components/RemoveCertificateDialog.jsx @@ -21,6 +21,7 @@ export default function RemoveCertificateDialog({ open, onClose, certificate, + currentCertificates = null, onSuccess }) { const [loading, setLoading] = useState(false) @@ -33,7 +34,7 @@ export default function RemoveCertificateDialog({ setError(null) try { - const result = await removeCertificate(certificate.store, certificate.alias) + const result = await removeCertificate(certificate.store, certificate.alias, currentCertificates) if (result.success) { onSuccess?.(result.data) onClose() diff --git a/src/hooks/useCertificates.js b/src/hooks/useCertificates.js index 3a7a1deebc..59085af5cc 100644 --- a/src/hooks/useCertificates.js +++ b/src/hooks/useCertificates.js @@ -122,13 +122,27 @@ export default function useCertificates(tabKey = 'native') { } } + // Get certificates by store name (for update operations) + const getCertificatesByStore = useCallback((store) => { + // Map store names to tab keys + const storeToTabMap = { + 'trusted': 'trusted', + 'private': 'private', + 'native': 'native' + } + const tabKey = storeToTabMap[store] + return tabKey ? certificatesByTab[tabKey] || [] : [] + }, [certificatesByTab]) + return { all, loading: currentLoading, error: currentError, counts, filterBy, - refetch + refetch, + getCertificatesByStore, + certificatesByTab // Also expose directly for convenience } } diff --git a/src/pages/TlsManagement.jsx b/src/pages/TlsManagement.jsx index 36e7b97cf4..25a0f00686 100644 --- a/src/pages/TlsManagement.jsx +++ b/src/pages/TlsManagement.jsx @@ -21,7 +21,7 @@ export default function TlsManagement() { const tabKeys = ['native', 'trusted', 'private'] const initialKey = params.get('tab') && tabKeys.includes(params.get('tab')) ? params.get('tab') : 'native' const [tabKey, setTabKey] = useState(initialKey) - const { all, counts, filterBy, loading, error, refetch } = useCertificates(tabKey) + const { all, counts, filterBy, loading, error, refetch, getCertificatesByStore } = useCertificates(tabKey) const { showSuccess, showError } = useNotification() const [search, setSearch] = useState('') @@ -222,6 +222,7 @@ export default function TlsManagement() { {dialogType === 'import-certificate' && ( closeDialog()} onSuccess={handleImportSuccess} @@ -248,6 +249,7 @@ export default function TlsManagement() { open={editAliasDialogOpen} onClose={handleCloseEditAlias} certificate={certificateToEdit} + currentCertificates={certificateToEdit ? getCertificatesByStore(certificateToEdit.store) : null} onSuccess={handleAliasEditSuccess} /> @@ -255,6 +257,7 @@ export default function TlsManagement() { open={removeDialogOpen} onClose={handleCloseRemove} certificate={certificateToRemove} + currentCertificates={certificateToRemove ? getCertificatesByStore(certificateToRemove.store) : null} onSuccess={handleRemoveSuccess} /> diff --git a/src/services/tlsService.js b/src/services/tlsService.js index 365b705f78..42e7cf939a 100644 --- a/src/services/tlsService.js +++ b/src/services/tlsService.js @@ -43,24 +43,7 @@ function saveToStorage() { } } -// === MOCK CHANNEL ASSIGNMENT HELPERS === -const CHANNEL_POOL = [ - 'Channel 1', 'Channel 2', 'Channel 3', 'Channel 4', - 'Channel 5', 'Channel 6', 'Channel 7', 'Channel 8' -] - -// Generate random channels (1-3 channels from pool) -function generateMockChannels() { - const numChannels = Math.floor(Math.random() * 3) + 1 // 1-3 channels - const shuffled = [...CHANNEL_POOL].sort(() => 0.5 - Math.random()) - return shuffled.slice(0, numChannels) -} - -// Returns true ~35% of the time -function shouldHaveChannels() { - return Math.random() < 0.35 -} - +// === CHANNEL ASSIGNMENT HELPERS === // Get or create channel assignments from localStorage function getOrCreateChannelAssignments() { try { @@ -79,26 +62,9 @@ function getOrCreateChannelAssignments() { } } -// Save channel assignments to localStorage -function saveChannelAssignments(assignments) { - try { - localStorage.setItem(CHANNEL_ASSIGNMENTS_KEY, JSON.stringify(assignments)) - } catch (e) { - console.warn('Failed to save channel assignments to localStorage:', e) - } -} - -// Get channels for a specific certificate, creating if needed +// Get channels for a specific certificate function getChannelsForCertificate(store, alias, assignments) { const storeAssignments = assignments[store] || {} - - if (!(alias in storeAssignments)) { - // Create new assignment - storeAssignments[alias] = shouldHaveChannels() ? generateMockChannels() : [] - assignments[store] = storeAssignments - saveChannelAssignments(assignments) - } - return storeAssignments[alias] || [] } @@ -432,190 +398,195 @@ export async function fetchCertificates() { } } -export async function updateCertificates(targetStore, certificateData) { +export async function updateCertificates(targetStore, certificateData, currentCertificates = null) { try { - // === INTERNAL STORE (for development) === - // Simulate API delay - await new Promise(resolve => setTimeout(resolve, 300)) - const { alias, pemText, privateKeyText } = certificateData - // Convert PEM to Base64 using utility functions - const base64Certificate = pemToBase64(pemText) + let certificates = currentCertificates - if (targetStore === 'trusted') { - // Add to trusted certificates - const cert = { + // If currentCertificates not provided, fetch from API + if (!certificates) { + if (targetStore === 'trusted') { + certificates = await fetchTrustedCertificates() + } else if (targetStore === 'private') { + certificates = await fetchLocalCertificates() + } else { + throw new Error('Invalid store type') + } + } + + // Check if certificate with same alias exists + const existingIndex = certificates.findIndex(c => c.alias === alias) + + // Update or add certificate in the array + if (existingIndex >= 0) { + // Update existing certificate - preserve other fields, update certificate data + certificates[existingIndex] = { + ...certificates[existingIndex], alias, - certificate: base64Certificate + rawCertificate: pemText, // Update with new PEM + ...(targetStore === 'private' && privateKeyText ? { rawPrivateKey: privateKeyText } : {}) } - - const existing = internalStore.certificates.findIndex(c => c.alias === alias) - if (existing >= 0) { - internalStore.certificates[existing] = cert - } else { - internalStore.certificates.push(cert) - // Initialize new certificate with no channels - const channelAssignments = getOrCreateChannelAssignments() - if (!channelAssignments.trusted) { - channelAssignments.trusted = {} + } else { + // Add new certificate + const newCert = { + alias, + rawCertificate: pemText, + ...(targetStore === 'private' && privateKeyText ? { rawPrivateKey: privateKeyText } : {}) + } + certificates.push(newCert) + } + + // Reconstruct API payload format + let payload + if (targetStore === 'trusted') { + payload = { + list: { + trustedCertificate: certificates.map(cert => ({ + alias: cert.alias, + certificate: cert.rawCertificate // Use rawCertificate (PEM format) + })) } - channelAssignments.trusted[alias] = [] - saveChannelAssignments(channelAssignments) } + const response = await api.put('/api/tlsmanager/trustedCertificates', payload) + return { success: true, data: response.data || { alias, targetStore } } } else if (targetStore === 'private') { - // Add to private key pairs - const base64PrivateKey = privateKeyPemToBase64(privateKeyText) - - const pair = { - alias, - certificate: base64Certificate, - privateKey: base64PrivateKey - } - - const existing = internalStore.pairs.findIndex(p => p.alias === alias) - if (existing >= 0) { - internalStore.pairs[existing] = pair - } else { - internalStore.pairs.push(pair) - // Initialize new certificate with no channels - const channelAssignments = getOrCreateChannelAssignments() - if (!channelAssignments.private) { - channelAssignments.private = {} + payload = { + list: { + localCertificate: certificates.map(cert => ({ + alias: cert.alias, + certificate: cert.rawCertificate, // Use rawCertificate (PEM format) + key: cert.rawPrivateKey // Use rawPrivateKey (PEM format) + })) } - channelAssignments.private[alias] = [] - saveChannelAssignments(channelAssignments) } + const response = await api.put('/api/tlsmanager/localCertificates', payload) + return { success: true, data: response.data || { alias, targetStore } } + } else { + throw new Error('Invalid store type') } - - // Save to localStorage - saveToStorage() - - console.log('[Internal Store] Updated:', internalStore) - - return { success: true, data: { alias, targetStore } } - - // === REAL API (uncomment when API is ready) === - // const payload = {} - // - // if (certificates && certificates.length > 0) { - // payload.certificates = certificates.map(cert => ({ - // alias: cert.alias, - // certificate: cert.certificate // Base64-encoded PEM - // })) - // } - // - // if (pairs && pairs.length > 0) { - // payload.pairs = pairs.map(pair => ({ - // alias: pair.alias, - // certificate: pair.certificate, // Base64-encoded PEM - // privateKey: pair.privateKey // Base64-encoded PEM - // })) - // } - // - // const response = await api.put('/api/tlsmanager/certificates', payload) - // return response.data } catch (error) { console.error('Failed to update certificates:', error) - throw new Error('Failed to update certificates in internal store') + throw new Error(error.response?.data?.message || error.message || 'Failed to update certificates') } } -export async function updateCertificateAlias(store, oldAlias, newAlias) { +export async function updateCertificateAlias(store, oldAlias, newAlias, currentCertificates = null) { try { - // === INTERNAL STORE (for development) === - // Simulate API delay - await new Promise(resolve => setTimeout(resolve, 300)) + let certificates = currentCertificates + + // If currentCertificates not provided, fetch from API + if (!certificates) { + if (store === 'trusted') { + certificates = await fetchTrustedCertificates() + } else if (store === 'private') { + certificates = await fetchLocalCertificates() + } else { + throw new Error('Invalid store type') + } + } + // Find certificate by old alias + const certIndex = certificates.findIndex(c => c.alias === oldAlias) + if (certIndex < 0) { + throw new Error('Certificate not found') + } + + // Update only the alias field + certificates[certIndex] = { + ...certificates[certIndex], + alias: newAlias + } + + // Reconstruct API payload format + let payload if (store === 'trusted') { - const certIndex = internalStore.certificates.findIndex(c => c.alias === oldAlias) - if (certIndex >= 0) { - internalStore.certificates[certIndex].alias = newAlias - } else { - throw new Error('Certificate not found') + payload = { + list: { + trustedCertificate: certificates.map(cert => ({ + alias: cert.alias, + certificate: cert.rawCertificate // Use rawCertificate (PEM format) + })) + } } + const response = await api.put('/api/tlsmanager/trustedCertificates', payload) + return { success: true, data: response.data || { store, oldAlias, newAlias } } } else if (store === 'private') { - const pairIndex = internalStore.pairs.findIndex(p => p.alias === oldAlias) - if (pairIndex >= 0) { - internalStore.pairs[pairIndex].alias = newAlias - } else { - throw new Error('Certificate not found') + payload = { + list: { + localCertificate: certificates.map(cert => ({ + alias: cert.alias, + certificate: cert.rawCertificate, // Use rawCertificate (PEM format) + key: cert.rawPrivateKey // Use rawPrivateKey (PEM format) + })) + } } + const response = await api.put('/api/tlsmanager/localCertificates', payload) + return { success: true, data: response.data || { store, oldAlias, newAlias } } } else { throw new Error('Invalid store type') } - - // Update channel assignments to use new alias - const channelAssignments = getOrCreateChannelAssignments() - if (channelAssignments[store] && channelAssignments[store][oldAlias]) { - channelAssignments[store][newAlias] = channelAssignments[store][oldAlias] - delete channelAssignments[store][oldAlias] - saveChannelAssignments(channelAssignments) - } - - // Save to localStorage - saveToStorage() - - console.log('[Internal Store] Updated alias:', { store, oldAlias, newAlias }) - - return { success: true, data: { store, oldAlias, newAlias } } - - // === REAL API (uncomment when API is ready) === - // const response = await api.put(`/api/tlsmanager/certificates/${store}/alias`, { - // oldAlias, - // newAlias - // }) - // return response.data } catch (error) { console.error('Failed to update certificate alias:', error) - throw new Error('Failed to update certificate alias') + throw new Error(error.response?.data?.message || error.message || 'Failed to update certificate alias') } } -export async function removeCertificate(store, alias) { +export async function removeCertificate(store, alias, currentCertificates = null) { try { - // === INTERNAL STORE (for development) === - // Simulate API delay - await new Promise(resolve => setTimeout(resolve, 300)) + let certificates = currentCertificates + + // If currentCertificates not provided, fetch from API + if (!certificates) { + if (store === 'trusted') { + certificates = await fetchTrustedCertificates() + } else if (store === 'private') { + certificates = await fetchLocalCertificates() + } else { + throw new Error('Invalid store type') + } + } + // Remove certificate from array by alias + const certIndex = certificates.findIndex(c => c.alias === alias) + if (certIndex < 0) { + throw new Error('Certificate not found') + } + + // Remove the certificate + certificates.splice(certIndex, 1) + + // Reconstruct API payload format + let payload if (store === 'trusted') { - const certIndex = internalStore.certificates.findIndex(c => c.alias === alias) - if (certIndex >= 0) { - internalStore.certificates.splice(certIndex, 1) - } else { - throw new Error('Certificate not found') + payload = { + list: { + trustedCertificate: certificates.map(cert => ({ + alias: cert.alias, + certificate: cert.rawCertificate // Use rawCertificate (PEM format) + })) + } } + const response = await api.put('/api/tlsmanager/trustedCertificates', payload) + return { success: true, data: response.data || { store, alias } } } else if (store === 'private') { - const pairIndex = internalStore.pairs.findIndex(p => p.alias === alias) - if (pairIndex >= 0) { - internalStore.pairs.splice(pairIndex, 1) - } else { - throw new Error('Certificate not found') + payload = { + list: { + localCertificate: certificates.map(cert => ({ + alias: cert.alias, + certificate: cert.rawCertificate, // Use rawCertificate (PEM format) + key: cert.rawPrivateKey // Use rawPrivateKey (PEM format) + })) + } } + const response = await api.put('/api/tlsmanager/localCertificates', payload) + return { success: true, data: response.data || { store, alias } } } else { throw new Error('Invalid store type') } - - // Clean up channel assignments - const channelAssignments = getOrCreateChannelAssignments() - if (channelAssignments[store] && channelAssignments[store][alias]) { - delete channelAssignments[store][alias] - saveChannelAssignments(channelAssignments) - } - - // Save to localStorage - saveToStorage() - - console.log('[Internal Store] Removed certificate:', { store, alias }) - - return { success: true, data: { store, alias } } - - // === REAL API (uncomment when API is ready) === - // const response = await api.delete(`/api/tlsmanager/certificates/${store}/${alias}`) - // return response.data } catch (error) { console.error('Failed to remove certificate:', error) - throw new Error('Failed to remove certificate') + throw new Error(error.response?.data?.message || error.message || 'Failed to remove certificate') } } From f3a2f50dcdbbfd9c3f0ee1ac26f5bd1c549c24f1 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 4 Nov 2025 15:21:53 +0200 Subject: [PATCH 164/360] Refactor certificate handling: Replace node-forge with jsrsasign for certificate parsing and validation. Update related utility functions to leverage jsrsasign's capabilities, enhancing performance and compatibility. Add new utility functions for handling X509 time conversion and Distinguished Name parsing. Update package dependencies to include jsrsasign, improving overall certificate management functionality. --- package-lock.json | 9 + package.json | 2 +- specs.md | 2 +- src/services/tlsService.js | 2 +- src/utils/certificateUtils.js | 320 ++++++++++++++++++++++++++------- src/utils/verificationUtils.js | 267 +++++++++++++++++---------- 6 files changed, 432 insertions(+), 170 deletions(-) diff --git a/package-lock.json b/package-lock.json index 868c590bc6..f815da448c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,6 +16,7 @@ "dayjs": "^1.11.18", "express": "^5.1.0", "http-proxy-middleware": "^3.0.5", + "jsrsasign": "^11.1.0", "node-forge": "^1.3.1", "react": "^19.1.1", "react-dom": "^19.1.1", @@ -3459,6 +3460,14 @@ "node": ">=6" } }, + "node_modules/jsrsasign": { + "version": "11.1.0", + "resolved": "https://registry.npmjs.org/jsrsasign/-/jsrsasign-11.1.0.tgz", + "integrity": "sha512-Ov74K9GihaK9/9WncTe1mPmvrO7Py665TUfUKvraXBpu+xcTWitrtuOwcjf4KMU9maPaYn0OuaWy0HOzy/GBXg==", + "funding": { + "url": "https://github.com/kjur/jsrsasign#donations" + } + }, "node_modules/keyv": { "version": "4.5.4", "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", diff --git a/package.json b/package.json index 514eb3e2f7..63d5badf11 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,7 @@ "dayjs": "^1.11.18", "express": "^5.1.0", "http-proxy-middleware": "^3.0.5", - "node-forge": "^1.3.1", + "jsrsasign": "^11.1.0", "react": "^19.1.1", "react-dom": "^19.1.1", "react-router-dom": "^7.9.1" diff --git a/specs.md b/specs.md index f8c4b9d66a..a48c69bf86 100644 --- a/specs.md +++ b/specs.md @@ -12,7 +12,7 @@ A React-based certificate management dashboard built with Vite, Material-UI, and - **Styling**: Tailwind CSS v4 for utilities - **Routing**: React Router DOM v6 - **Date Handling**: dayjs for robust date operations -- **Cryptography**: node-forge for certificate parsing and validation +- **Cryptography**: jsrsasign for certificate parsing and validation (supports RSA, ECDSA, DSA, Ed25519) - **State Management**: React Context and custom hooks ## Architecture diff --git a/src/services/tlsService.js b/src/services/tlsService.js index 42e7cf939a..31c9a56e70 100644 --- a/src/services/tlsService.js +++ b/src/services/tlsService.js @@ -10,7 +10,7 @@ * 4. Remove or comment out the internal store variables and helper functions at the bottom */ -import { parseCertificate, pemToBase64, privateKeyPemToBase64 } from '../utils/certificateUtils.js' +import { parseCertificate } from '../utils/certificateUtils.js' import { api } from './api.js' // === INTERNAL STORE (remove when switching to real API) === diff --git a/src/utils/certificateUtils.js b/src/utils/certificateUtils.js index a446b88a4b..ebd674b8f3 100644 --- a/src/utils/certificateUtils.js +++ b/src/utils/certificateUtils.js @@ -1,4 +1,100 @@ -import forge from 'node-forge' +import { X509, KEYUTIL, KJUR, zulutodate } from 'jsrsasign' + +/** + * Convert X509 time string to Date object using jsrsasign utility + * @param {string} timeStr - X509 time format string (YYYYMMDDHHmmssZ or YYMMDDHHmmssZ) + * @returns {Date} Date object + */ +export function convertX509TimeToDate(timeStr) { + if (!timeStr) return null + + try { + // Convert the YYMMDDhhmmssZ string to an ISO-like format + const isoString = zulutodate(timeStr) + + // The t2d output is in 'YYYY/MM/DD hh:mm:ss GMT' format, which Date() can parse + return new Date(isoString) + } catch (error) { + console.error('Error converting X509 time to Date:', error) + return null + } +} + +/** + * Parse Distinguished Name string to object + * Input: "CN=example.com, O=Org, C=US" + * Output: { CN: "example.com", O: "Org", C: "US" } + * @param {string} dnString - DN string + * @returns {Object} Parsed DN object + */ +export function parseDNString(dnString) { + const attrs = {} + if (!dnString) return attrs + + // Split by comma, but handle quoted values + const parts = [] + let current = '' + let inQuotes = false + + for (let i = 0; i < dnString.length; i++) { + const char = dnString[i] + if (char === '"') { + inQuotes = !inQuotes + current += char + } else if (char === ',' && !inQuotes) { + parts.push(current.trim()) + current = '' + } else { + current += char + } + } + if (current.trim()) { + parts.push(current.trim()) + } + + parts.forEach(part => { + const equalIndex = part.indexOf('=') + if (equalIndex > 0) { + const key = part.substring(0, equalIndex).trim() + let value = part.substring(equalIndex + 1).trim() + // Remove quotes if present + if (value.startsWith('"') && value.endsWith('"')) { + value = value.slice(1, -1) + } + attrs[key] = value + } + }) + + return attrs +} + +/** + * Format DN object to string (for compatibility) + * @param {Object} dnObj - DN object with attributes + * @returns {string} Formatted DN string + */ +export function formatDNFromObject(dnObj) { + if (!dnObj || typeof dnObj !== 'object') return 'Unknown' + + const parts = [] + const attributes = ['CN', 'OU', 'O', 'L', 'ST', 'C', 'emailAddress'] + + // Add preferred attributes in order + for (const attr of attributes) { + if (dnObj[attr]) { + parts.push(`${attr}=${dnObj[attr]}`) + } + } + + // Add any remaining attributes + Object.keys(dnObj).forEach(key => { + if (!attributes.includes(key) && dnObj[key]) { + parts.push(`${key}=${dnObj[key]}`) + } + }) + + return parts.length > 0 ? parts.join(', ') : 'Unknown' +} /** * Parse a Base64-encoded PEM certificate and extract relevant information @@ -7,46 +103,91 @@ import forge from 'node-forge' */ export function parseCertificate(base64Pem) { try { - const pemString = base64Pem // Parse the PEM certificate - const cert = forge.pki.certificateFromPem(pemString) + const cert = new X509() + cert.readCertPEM(pemString) // Extract subject information - const subject = cert.subject - const subjectStr = formatDN(subject) + const subjectStr = cert.getSubjectString() + const subject = parseDNString(subjectStr) + const subjectFormatted = formatDNFromObject(subject) // Extract issuer information - const issuer = cert.issuer - const issuerStr = formatDN(issuer) + const issuerStr = cert.getIssuerString() + const issuer = parseDNString(issuerStr) + const issuerFormatted = formatDNFromObject(issuer) // Determine certificate type const type = determineCertificateType(cert) // Format validity dates - const validFrom = formatDate(cert.validity.notBefore) - const validTo = formatDate(cert.validity.notAfter) + const notBefore = convertX509TimeToDate(cert.getNotBefore()) + const notAfter = convertX509TimeToDate(cert.getNotAfter()) + const validFrom = formatDate(notBefore) + const validTo = formatDate(notAfter) // Calculate SHA-1 fingerprint - const fingerprintSha1 = forge.md.sha1.create() - .update(forge.asn1.toDer(forge.pki.certificateToAsn1(cert)).getBytes()) - .digest() - .toHex() - .toUpperCase() + const derHex = cert.hex // DER-encoded certificate as hex string + const fingerprintSha1 = KJUR.crypto.Util.hashHex(derHex, 'sha1').toUpperCase() + + // Get serial number + const serialNumber = cert.getSerialNumberHex() || cert.getSerialNumber() + + // Get version + const version = cert.getVersion() + + // Get extensions (for compatibility, create a simplified structure) + // Wrap extension access in try-catch since some certificates may not have all extensions + const extensions = [] + + let basicConstraints = null + try { + basicConstraints = cert.getExtBasicConstraints() + if (basicConstraints) { + extensions.push({ name: 'basicConstraints', cA: basicConstraints.ca }) + } + } catch (e) { + // Extension doesn't exist or can't be read - skip + } + + let keyUsage = null + try { + keyUsage = cert.getExtKeyUsage() + if (keyUsage && keyUsage.names && Array.isArray(keyUsage.names)) { + extensions.push({ name: 'keyUsage', keyCertSign: keyUsage.names.includes('keyCertSign') }) + } + } catch (e) { + // Extension doesn't exist or can't be read - skip + } + + let extKeyUsage = null + try { + extKeyUsage = cert.getExtExtKeyUsage() + if (extKeyUsage && Array.isArray(extKeyUsage)) { + extensions.push({ + name: 'extKeyUsage', + serverAuth: extKeyUsage.includes('1.3.6.1.5.5.7.3.1'), + clientAuth: extKeyUsage.includes('1.3.6.1.5.5.7.3.2') + }) + } + } catch (e) { + // Extension doesn't exist or can't be read - skip + } return { subject, - subjectStr, + subjectStr: subjectFormatted, issuer, - issuerStr, + issuerStr: issuerFormatted, type, validFrom, validTo, fingerprintSha1, - serialNumber: cert.serialNumber, - version: cert.version, - extensions: cert.extensions, + serialNumber, + version, + extensions, raw: cert } } catch (error) { @@ -67,82 +208,122 @@ export function parseCertificate(base64Pem) { /** * Format a Distinguished Name (DN) object to string - * @param {Object} dn - Distinguished Name object from node-forge + * @param {Object} dn - Distinguished Name object (from node-forge or parsed DN object) * @returns {string} Formatted DN string */ function formatDN(dn) { if (!dn) return 'Unknown' - const parts = [] - - // Common DN attributes in order of preference - const attributes = ['CN', 'OU', 'O', 'L', 'ST', 'C', 'emailAddress'] - - for (const attr of attributes) { - const field = dn.getField(attr) - if (field) { - // Extract the value from the field object - const value = field.value || field - parts.push(`${attr}=${value}`) - } + // If it's a string, return it directly + if (typeof dn === 'string') { + return dn } - // Add any remaining attributes not in our preferred list - const allAttrs = dn.attributes || [] - for (const attr of allAttrs) { - if (!attributes.includes(attr.name)) { - parts.push(`${attr.name}=${attr.value}`) + // If it has getField method (node-forge style), use that + if (typeof dn.getField === 'function') { + const parts = [] + const attributes = ['CN', 'OU', 'O', 'L', 'ST', 'C', 'emailAddress'] + + for (const attr of attributes) { + const field = dn.getField(attr) + if (field) { + const value = field.value || field + parts.push(`${attr}=${value}`) + } + } + + const allAttrs = dn.attributes || [] + for (const attr of allAttrs) { + if (!attributes.includes(attr.name)) { + parts.push(`${attr.name}=${attr.value}`) + } } + + return parts.join(', ') } - return parts.join(', ') + // Otherwise, treat as parsed DN object + return formatDNFromObject(dn) } /** * Determine certificate type based on extensions and usage - * @param {Object} cert - Certificate object from node-forge + * @param {Object} cert - Certificate object (X509 from jsrsasign) * @returns {string} Certificate type */ function determineCertificateType(cert) { - if (!cert.extensions) return 'End-entity' - - // Check for CA certificate - const basicConstraints = cert.extensions.find(ext => ext.name === 'basicConstraints') - if (basicConstraints && basicConstraints.cA) { - return 'Root CA' - } - - // Check for intermediate CA - const keyUsage = cert.extensions.find(ext => ext.name === 'keyUsage') - if (keyUsage && keyUsage.keyCertSign) { - return 'Intermediate' - } - - // Check for server certificate - const extKeyUsage = cert.extensions.find(ext => ext.name === 'extKeyUsage') - if (extKeyUsage && extKeyUsage.serverAuth) { - return 'Server Certificate' - } - - // Check for client certificate - if (extKeyUsage && extKeyUsage.clientAuth) { - return 'Client Certificate' + try { + // Check for CA certificate + // Some certificates may not have basicConstraints extension, so wrap in try-catch + let basicConstraints = null + try { + basicConstraints = cert.getExtBasicConstraints() + } catch (e) { + // Extension doesn't exist or can't be read - continue + } + + if (basicConstraints && basicConstraints.ca) { + return 'Root CA' + } + + // Check for intermediate CA + // getExtKeyUsage() returns object with 'names' array property + let keyUsage = null + try { + keyUsage = cert.getExtKeyUsage() + } catch (e) { + // Extension doesn't exist or can't be read - continue + } + + if (keyUsage && keyUsage.names && Array.isArray(keyUsage.names) && keyUsage.names.includes('keyCertSign')) { + return 'Intermediate' + } + + // Check for server certificate + // getExtExtKeyUsage() returns array of OID strings + let extKeyUsage = null + try { + extKeyUsage = cert.getExtExtKeyUsage() + } catch (e) { + // Extension doesn't exist or can't be read - continue + } + + if (extKeyUsage && Array.isArray(extKeyUsage)) { + if (extKeyUsage.includes('1.3.6.1.5.5.7.3.1')) { // serverAuth OID + return 'Server Certificate' + } + // Check for client certificate + if (extKeyUsage.includes('1.3.6.1.5.5.7.3.2')) { // clientAuth OID + return 'Client Certificate' + } + } + } catch (error) { + // If any unexpected error occurs, log it and return default + console.warn('Error determining certificate type:', error) } return 'End-entity' } + /** * Format a date object to YYYY-MM-DD string - * @param {Date} date - Date object + * @param {Date|string} date - Date object or ASN1 time string * @returns {string} Formatted date string */ function formatDate(date) { if (!date) return 'Unknown' - const year = date.getFullYear() - const month = String(date.getMonth() + 1).padStart(2, '0') - const day = String(date.getDate()).padStart(2, '0') + // If it's a string (X509 time), convert to Date first + let dateObj = date + if (typeof date === 'string') { + dateObj = convertX509TimeToDate(date) + if (!dateObj) return 'Unknown' + } + + const year = dateObj.getFullYear() + const month = String(dateObj.getMonth() + 1).padStart(2, '0') + const day = String(dateObj.getDate()).padStart(2, '0') return `${year}-${month}-${day}` } @@ -161,7 +342,8 @@ export function isValidPemCertificate(pemString) { } // Try to parse it - const cert= forge.pki.certificateFromPem(pemString); + const cert = new X509() + cert.readCertPEM(pemString) return true } catch (error) { @@ -190,9 +372,9 @@ export function isValidPemPrivateKey(pemString) { } // Try to parse it as a private key - const privateKey = forge.pki.privateKeyFromPem(pemString) + const privateKey = KEYUTIL.getKey(pemString) - return true + return !!privateKey } catch (error) { console.error('Failed to validate PEM private key:', error) return false diff --git a/src/utils/verificationUtils.js b/src/utils/verificationUtils.js index 648838f5af..8acbf2352a 100644 --- a/src/utils/verificationUtils.js +++ b/src/utils/verificationUtils.js @@ -1,4 +1,5 @@ -import forge from 'node-forge' +import { X509, KEYUTIL, KJUR } from 'jsrsasign' +import { convertX509TimeToDate, parseDNString } from './certificateUtils.js' /** * Parse a certificate chain from PEM text (supports multiple certificates) @@ -13,7 +14,8 @@ export function parseCertificateChain(certText) { if (matches) { matches.forEach(certPem => { try { - const cert = forge.pki.certificateFromPem(certPem) + const cert = new X509() + cert.readCertPEM(certPem) certificates.push({ pem: certPem, cert: cert }) } catch (e) { console.error('Failed to parse certificate:', e) @@ -50,8 +52,8 @@ export function validateCertificateChain(certificates) { validation.details.push(`Checking certificate ${i + 1} against issuer certificate ${i + 2}`) // Check if issuer name matches - const certIssuer = getDistinguishedName(cert.issuer) - const issuerSubject = getDistinguishedName(issuerCert.subject) + const certIssuer = cert.getIssuerString() + const issuerSubject = issuerCert.getSubjectString() if (certIssuer !== issuerSubject) { validation.isValid = false @@ -62,7 +64,7 @@ export function validateCertificateChain(certificates) { // Verify signature try { - const isSignatureValid = cert.verify(issuerCert) + const isSignatureValid = cert.verifySignature(issuerCert.pem) // jsrsasign requires PEM string if (isSignatureValid) { validation.details.push(`✓ Certificate ${i + 1} signature verified by certificate ${i + 2}`) } else { @@ -75,22 +77,27 @@ export function validateCertificateChain(certificates) { } // Check validity periods - if (cert.validity.notBefore < issuerCert.validity.notBefore) { + const certNotBefore = convertX509TimeToDate(cert.getNotBefore()) + const certNotAfter = convertX509TimeToDate(cert.getNotAfter()) + const issuerNotBefore = convertX509TimeToDate(issuerCert.getNotBefore()) + const issuerNotAfter = convertX509TimeToDate(issuerCert.getNotAfter()) + + if (certNotBefore < issuerNotBefore) { validation.warnings.push(`Certificate ${i + 1} valid from date is before its issuer's valid from date`) } - if (cert.validity.notAfter > issuerCert.validity.notAfter) { + if (certNotAfter > issuerNotAfter) { validation.warnings.push(`Certificate ${i + 1} expires after its issuer certificate ${i + 2}`) } } // Check if root is self-signed const rootCert = certificates[certificates.length - 1].cert - const rootIssuer = getDistinguishedName(rootCert.issuer) - const rootSubject = getDistinguishedName(rootCert.subject) + const rootIssuer = rootCert.getIssuerString() + const rootSubject = rootCert.getSubjectString() if (rootIssuer === rootSubject) { try { - const isSelfSigned = rootCert.verify(rootCert) + const isSelfSigned = rootCert.verifySignature(rootCert.pem) if (isSelfSigned) { validation.details.push('✓ Root certificate is properly self-signed') } else { @@ -106,16 +113,21 @@ export function validateCertificateChain(certificates) { // Check certificate purposes and constraints certificates.forEach((certObj, index) => { const cert = certObj.cert - const basicConstraints = cert.getExtension('basicConstraints') + let basicConstraints = null + try { + basicConstraints = cert.getExtBasicConstraints() + } catch (e) { + // Extension doesn't exist or can't be read - continue with null + } if (index === 0) { // End entity certificate - if (basicConstraints && basicConstraints.cA) { + if (basicConstraints && basicConstraints.ca) { // lowercase 'ca' in jsrsasign validation.warnings.push('End entity certificate has CA flag set to true') } } else { // CA certificates - if (!basicConstraints || !basicConstraints.cA) { + if (!basicConstraints || !basicConstraints.ca) { // lowercase 'ca' in jsrsasign validation.warnings.push(`Certificate ${index + 1} should be a CA but basicConstraints CA flag is not set`) } @@ -134,34 +146,51 @@ export function validateCertificateChain(certificates) { /** * Validate if a private key matches a certificate - * @param {Object} certObj - Certificate object with cert property + * @param {Object} certObj - Certificate object with cert property (X509 object) * @param {string} keyPem - PEM private key string * @returns {Object} Validation result with isValid and message */ export function validatePrivateKey(certObj, keyPem) { try { - let privateKey + // Parse private key using KEYUTIL (handles all formats automatically) + const privateKey = KEYUTIL.getKey(keyPem) + if (!privateKey) { + return { isValid: false, message: 'Failed to parse private key' } + } + + // Get public key from certificate + const certPubKeyPem = certObj.cert.getPublicKeyPEM() - // Try different key formats - if (keyPem.includes('BEGIN PRIVATE KEY')) { - privateKey = forge.pki.privateKeyFromPem(keyPem) - } else if (keyPem.includes('BEGIN RSA PRIVATE KEY')) { - privateKey = forge.pki.privateKeyFromPem(keyPem) - } else if (keyPem.includes('BEGIN EC PRIVATE KEY')) { - privateKey = forge.pki.privateKeyFromPem(keyPem) - } else { - throw new Error('Unsupported private key format') + // Extract public key from private key + const pubKeyFromPrivate = KEYUTIL.getPublicKeyFromPrivateKey(privateKey) + const pubKeyPemFromPrivate = KEYUTIL.getPEMFromPublicKey(pubKeyFromPrivate) + + // Compare public keys (PEM format comparison) + if (certPubKeyPem === pubKeyPemFromPrivate) { + return { isValid: true, message: 'Private key matches the certificate!' } } - // Generate a test signature to verify key matches certificate - const testData = 'test-data-for-validation' - const md = forge.md.sha256.create() - md.update(testData) + // Alternative: Compare hex representations + const certPubKeyHex = KEYUTIL.getHexFromPublicKey(KEYUTIL.getKey(certPubKeyPem)) + const privatePubKeyHex = KEYUTIL.getHexFromPublicKey(pubKeyFromPrivate) + if (certPubKeyHex === privatePubKeyHex) { + return { isValid: true, message: 'Private key matches the certificate!' } + } + + // Last resort: Try signature verification try { - const signature = privateKey.sign(md) - const publicKey = certObj.cert.publicKey - const isValid = publicKey.verify(md.digest().bytes(), signature) + const testData = 'test-data-for-validation' + const sig = new KJUR.crypto.Signature({ alg: 'SHA256withRSA' }) + sig.init(privateKey) + sig.updateString(testData) + const signature = sig.sign() + + const certPubKey = KEYUTIL.getKey(certPubKeyPem) + const verifier = new KJUR.crypto.Signature({ alg: 'SHA256withRSA' }) + verifier.init(certPubKey) + verifier.updateString(testData) + const isValid = verifier.verify(signature) if (isValid) { return { isValid: true, message: 'Private key matches the certificate!' } @@ -169,8 +198,9 @@ export function validatePrivateKey(certObj, keyPem) { return { isValid: false, message: 'Private key does not match the certificate' } } } catch (signError) { - // Alternative validation method using key fingerprints - const certKeyFingerprint = getPublicKeyFingerprint(certObj.cert.publicKey) + // If signature verification fails (e.g., EC keys need different algorithm) + // Fall back to fingerprint comparison + const certKeyFingerprint = getPublicKeyFingerprint(KEYUTIL.getKey(certPubKeyPem)) const privateKeyFingerprint = getPrivateKeyFingerprint(privateKey) if (certKeyFingerprint === privateKeyFingerprint) { @@ -187,14 +217,17 @@ export function validatePrivateKey(certObj, keyPem) { /** * Get certificate status (valid, expired, not yet valid) - * @param {Object} cert - Certificate object from node-forge + * @param {Object} cert - Certificate object (X509 from jsrsasign) * @returns {string} Status message */ export function getCertStatus(cert) { const now = new Date() - if (now < cert.validity.notBefore) { + const notBefore = convertX509TimeToDate(cert.getNotBefore()) + const notAfter = convertX509TimeToDate(cert.getNotAfter()) + + if (now < notBefore) { return '⏳ Not yet valid' - } else if (now > cert.validity.notAfter) { + } else if (now > notAfter) { return '⚠️ Expired' } else { return '✅ Valid' @@ -203,103 +236,119 @@ export function getCertStatus(cert) { /** * Get certificate fingerprint - * @param {Object} cert - Certificate object from node-forge + * @param {Object} cert - Certificate object (X509 from jsrsasign) * @param {string} algorithm - Hash algorithm ('sha1' or 'sha256') * @returns {string} Formatted fingerprint */ export function getFingerprint(cert, algorithm = 'sha1') { - const der = forge.asn1.toDer(forge.pki.certificateToAsn1(cert)).getBytes() - let md - - switch (algorithm) { - case 'sha1': - md = forge.md.sha1.create() - break - case 'sha256': - md = forge.md.sha256.create() - break - default: - md = forge.md.sha1.create() - } - - md.update(der) - return md.digest().toHex().toUpperCase().replace(/(.{2})/g, '$1:').slice(0, -1) + const derHex = cert.hex // DER-encoded certificate as hex string + const fingerprint = KJUR.crypto.Util.hashHex(derHex, algorithm) + return fingerprint.toUpperCase().replace(/(.{2})/g, '$1:').slice(0, -1) } /** * Get Subject Alternative Names from certificate - * @param {Object} cert - Certificate object from node-forge + * @param {Object} cert - Certificate object (X509 from jsrsasign) * @returns {Array} Array of SAN strings */ export function getSANs(cert) { - const subjectAltName = cert.getExtension('subjectAltName') - if (subjectAltName) { - return subjectAltName.altNames.map(altName => { - switch (altName.type) { - case 2: return 'DNS: ' + altName.value - case 7: return 'IP: ' + altName.ip - case 1: return 'Email: ' + altName.value - default: return 'Other: ' + altName.value - } - }) + const sans = cert.getExtSubjectAltName() + if (!sans || !Array.isArray(sans)) { + return [] } - return [] + + // jsrsasign returns array of arrays: [[type, value], ...] + // type: 2=DNS, 7=IP, 1=Email + return sans.map((sanEntry) => { + const [type, value] = Array.isArray(sanEntry) ? sanEntry : [sanEntry.type, sanEntry.value] + switch (type) { + case 2: return 'DNS: ' + value + case 7: return 'IP: ' + value + case 1: return 'Email: ' + value + default: return 'Other: ' + value + } + }) } /** - * Get key size from public key - * @param {Object} publicKey - Public key object from node-forge + * Get key size from certificate + * @param {Object} cert - Certificate object (X509 from jsrsasign) * @returns {number|string} Key size in bits or 'Unknown' */ -export function getKeySize(publicKey) { - if (publicKey.n) { - return publicKey.n.bitLength() +export function getKeySize(cert) { + try { + const pubKeyPem = cert.getPublicKeyPEM() + const pubKeyObj = KEYUTIL.getKey(pubKeyPem) + + if (pubKeyObj) { + // For RSA + if (pubKeyObj.n) { + return pubKeyObj.n.bitLength() + } + // For EC + if (pubKeyObj.curve) { + // Map curve names to bit sizes + const curveMap = { + 'secp256r1': 256, + 'secp384r1': 384, + 'secp521r1': 521, + 'secp256k1': 256, + 'prime256v1': 256, + 'P-256': 256, + 'P-384': 384, + 'P-521': 521, + } + return curveMap[pubKeyObj.curve] || 'Unknown' + } + } + } catch (error) { + console.error('Error getting key size:', error) } return 'Unknown' } /** * Get Distinguished Name as string - * @param {Object} name - Distinguished Name object from node-forge + * @param {string} dnString - Distinguished Name string (from X509.getSubjectString() or getIssuerString()) * @returns {string} Formatted DN string */ -function getDistinguishedName(name) { - return name.attributes.map(attr => `${attr.shortName}=${attr.value}`).join(', ') +function getDistinguishedName(dnString) { + // Already a string from jsrsasign, just return it + return dnString || 'Unknown' } /** * Get public key fingerprint - * @param {Object} publicKey - Public key object from node-forge + * @param {Object} publicKey - Public key object (from KEYUTIL) * @returns {string} SHA-256 fingerprint */ function getPublicKeyFingerprint(publicKey) { - const publicKeyDer = forge.asn1.toDer(forge.pki.publicKeyToAsn1(publicKey)).getBytes() - const md = forge.md.sha256.create() - md.update(publicKeyDer) - return md.digest().toHex() + const pubKeyHex = KEYUTIL.getHexFromPublicKey(publicKey) + const fingerprint = KJUR.crypto.Util.hashHex(pubKeyHex, 'sha256') + return fingerprint } /** * Get private key fingerprint - * @param {Object} privateKey - Private key object from node-forge + * @param {Object} privateKey - Private key object (from KEYUTIL) * @returns {string} SHA-256 fingerprint */ function getPrivateKeyFingerprint(privateKey) { - const publicKey = forge.pki.rsa.setPublicKey(privateKey.n, privateKey.e) + const publicKey = KEYUTIL.getPublicKeyFromPrivateKey(privateKey) return getPublicKeyFingerprint(publicKey) } /** * Get subject field value from certificate - * @param {Object} cert - Certificate object from node-forge + * @param {Object} cert - Certificate object (X509 from jsrsasign) * @param {string} field - Field name (CN, O, C, etc.) * @param {string} type - 'subject' or 'issuer' * @returns {string} Field value or 'Not specified' */ export function getSubjectField(cert, field, type = 'subject') { - const subject = type === 'subject' ? cert.subject : cert.issuer - const attr = subject.attributes.find(attr => attr.shortName === field) - return attr ? attr.value : 'Not specified' + const dnString = type === 'subject' ? cert.getSubjectString() : cert.getIssuerString() + const attrs = parseDNString(dnString) + return attrs[field] || 'Not specified' } /** @@ -322,16 +371,34 @@ export function verifyCertificate(certText, keyText = null) { // Get certificate details const primaryCert = certificates[0].cert + const notBefore = convertX509TimeToDate(primaryCert.getNotBefore()) + const notAfter = convertX509TimeToDate(primaryCert.getNotAfter()) + + // Get signature algorithm + const sigAlg = primaryCert.getSignatureAlgorithmName() || 'Unknown' + + // Get public key algorithm + const pubKeyPem = primaryCert.getPublicKeyPEM() + const pubKeyObj = KEYUTIL.getKey(pubKeyPem) + let pubKeyAlg = 'RSA' + if (pubKeyObj) { + if (pubKeyObj.curve) { + pubKeyAlg = 'ECDSA' + } else if (pubKeyObj.alg && pubKeyObj.alg.includes('ECDSA')) { + pubKeyAlg = 'ECDSA' + } + } + const certDetails = { subject: getSubjectField(primaryCert, 'CN'), issuer: getSubjectField(primaryCert, 'CN', 'issuer'), - serialNumber: primaryCert.serialNumber, - validFrom: primaryCert.validity.notBefore.toISOString(), - validTo: primaryCert.validity.notAfter.toISOString(), + serialNumber: primaryCert.getSerialNumberHex() || primaryCert.getSerialNumber(), + validFrom: notBefore ? notBefore.toISOString() : 'Unknown', + validTo: notAfter ? notAfter.toISOString() : 'Unknown', status: getCertStatus(primaryCert), - signatureAlgorithm: primaryCert.siginfo.algorithmOid, - publicKeyAlgorithm: primaryCert.publicKey.algorithm || 'RSA', - keySize: getKeySize(primaryCert.publicKey), + signatureAlgorithm: sigAlg, + publicKeyAlgorithm: pubKeyAlg, + keySize: getKeySize(primaryCert), fingerprintSha1: getFingerprint(primaryCert, 'sha1'), fingerprintSha256: getFingerprint(primaryCert, 'sha256'), sans: getSANs(primaryCert) @@ -357,14 +424,18 @@ export function verifyCertificate(certText, keyText = null) { certDetails, chainValidation, keyValidation, - chainDetails: certificates.length > 1 ? certificates.map((certObj, index) => ({ - index: index + 1, - type: index === 0 ? 'End Entity' : index === certificates.length - 1 ? 'Root CA' : 'Intermediate CA', - subject: getSubjectField(certObj.cert, 'CN'), - issuer: getSubjectField(certObj.cert, 'CN', 'issuer'), - validFrom: certObj.cert.validity.notBefore.toDateString(), - validTo: certObj.cert.validity.notAfter.toDateString() - })) : null, + chainDetails: certificates.length > 1 ? certificates.map((certObj, index) => { + const certNotBefore = convertX509TimeToDate(certObj.cert.getNotBefore()) + const certNotAfter = convertX509TimeToDate(certObj.cert.getNotAfter()) + return { + index: index + 1, + type: index === 0 ? 'End Entity' : index === certificates.length - 1 ? 'Root CA' : 'Intermediate CA', + subject: getSubjectField(certObj.cert, 'CN'), + issuer: getSubjectField(certObj.cert, 'CN', 'issuer'), + validFrom: certNotBefore ? certNotBefore.toDateString() : 'Unknown', + validTo: certNotAfter ? certNotAfter.toDateString() : 'Unknown' + } + }) : null, error: !overallSuccess ? (!chainValid ? 'Certificate chain validation failed' : 'Private key validation failed') : null From f148dd48c5693e34709129bcdad5066abce5739f Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 4 Nov 2025 16:28:01 +0200 Subject: [PATCH 165/360] Implement Import from URL functionality: Add ImportFromUrlDialogContent component for fetching and selecting certificates from a specified HTTPS URL. Enhance ImportCertificateDialogContent to support pre-populated PEM text and read-only mode. Update UserInputsSection to conditionally render file upload options based on read-only state. Modify TlsManagement to integrate the new import feature, improving user experience in certificate management. --- .../ImportCertificateDialogContent.jsx | 14 + src/components/ImportFromUrlDialogContent.jsx | 277 ++++++++++++++++++ src/components/UserInputsSection.jsx | 40 +-- src/hooks/useCertificateImport.js | 35 +-- src/pages/TlsManagement.jsx | 10 + src/services/tlsService.js | 93 +++++- src/utils/certificateUtils.js | 32 ++ src/utils/verificationUtils.js | 146 +++++++-- 8 files changed, 565 insertions(+), 82 deletions(-) create mode 100644 src/components/ImportFromUrlDialogContent.jsx diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index f0b85008c0..a1e108692e 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -23,6 +23,8 @@ export default function ImportCertificateDialogContent({ onCancel, onSubmit, onSuccess, + initialPemText = null, + readOnlyPem = false, }) { const [showConfirmDialog, setShowConfirmDialog] = useState(false) const [showValidationDialog, setShowValidationDialog] = useState(false) @@ -52,6 +54,8 @@ export default function ImportCertificateDialogContent({ // Actions setLoading, setApiError, + setPemText, + parseCertificateDetails, // Handlers handleVerifyCertificate, @@ -70,6 +74,15 @@ export default function ImportCertificateDialogContent({ loadExistingCertificates() }, [loadExistingCertificates]) + // Pre-populate PEM text if initialPemText is provided + useEffect(() => { + if (initialPemText && initialPemText.trim() && !pemText.trim()) { + setPemText(initialPemText) + parseCertificateDetails(initialPemText) + } + // eslint-disable-next-line react-hooks/exhaustive-deps + }, [initialPemText]) + // Reusable verification function const performFinalVerification = async () => { try { @@ -182,6 +195,7 @@ export default function ImportCertificateDialogContent({ handleFileUpload={handleFileUpload} handlePrivateKeyFileUpload={handlePrivateKeyFileUpload} setApiError={setApiError} + readOnlyPem={readOnlyPem} /> {/* Right Column - Certificate Details & Verification */} { + if (!urlValue.trim()) { + setUrlError('URL is required') + return false + } + if (!urlValue.startsWith('https://')) { + setUrlError('URL must start with https://') + return false + } + try { + new URL(urlValue) + setUrlError('') + return true + } catch (e) { + setUrlError('Invalid URL format') + return false + } + } + + const handleUrlChange = (e) => { + const newUrl = e.target.value + setUrl(newUrl) + if (urlError) { + validateUrl(newUrl) + } + } + + const handleFetchCertificates = async () => { + if (!validateUrl(url)) { + return + } + + setLoading(true) + setFetchError(null) + setCertificates([]) + setSelectedCertificateIndex(null) + + try { + const fetchedCerts = await fetchRemoteCertificates(url) + if (fetchedCerts.length === 0) { + setFetchError('No certificates found at the specified URL') + setLoading(false) + return + } + setCertificates(fetchedCerts) + setStep('certificate-selection') + } catch (error) { + setFetchError(error.message || 'Failed to fetch certificates from URL') + } finally { + setLoading(false) + } + } + + const handleCertificateSelect = (index) => { + setSelectedCertificateIndex(index) + const selectedCert = certificates[index] + setSelectedCertificatePem(selectedCert.certificate) + } + + const handleContinue = () => { + if (selectedCertificateIndex === null || selectedCertificatePem === null) { + return + } + setStep('import') + } + + const handleBack = () => { + if (step === 'certificate-selection') { + setStep('url-input') + setCertificates([]) + setSelectedCertificateIndex(null) + setSelectedCertificatePem(null) + } else if (step === 'import') { + setStep('certificate-selection') + } + } + + // Step 1: URL Input + if (step === 'url-input') { + return ( + + validateUrl(url)} + error={!!urlError} + helperText={urlError || 'Enter a valid HTTPS URL to fetch certificates'} + fullWidth + disabled={loading} + autoFocus + /> + + {fetchError && ( + {fetchError} + )} + + + + + + + ) + } + + // Step 2: Certificate Selection + if (step === 'certificate-selection') { + return ( + + + Select a certificate to import: + + + {certificates.length === 0 ? ( + No certificates found + ) : ( + + handleCertificateSelect(parseInt(e.target.value, 10))} + > + + {certificates.map((cert, index) => ( + handleCertificateSelect(index)} + > + } + label={ + + + + + + {cert.alias} + + + {cert.type} + + + + + + + + Subject: {cert.subject} + + + Issuer: {cert.issuer} + + {cert.validFrom !== 'Unknown' && cert.validTo !== 'Unknown' && ( + + Valid: {cert.validFrom} - {cert.validTo} + + )} + + {cert.error && ( + + {cert.subject} + + )} + + + } + sx={{ margin: 0, width: '100%' }} + /> + + ))} + + + + )} + + + + + + + + ) + } + + // Step 3: Import Dialog (reuse existing component) + if (step === 'import' && selectedCertificatePem) { + return ( + + ) + } + + return null +} + diff --git a/src/components/UserInputsSection.jsx b/src/components/UserInputsSection.jsx index dbbf3b2f23..a56feda106 100644 --- a/src/components/UserInputsSection.jsx +++ b/src/components/UserInputsSection.jsx @@ -20,6 +20,7 @@ const UserInputsSection = ({ errors, targetStore, aliasWarning, + readOnlyPem = false, // Refs fileInputRef, @@ -73,22 +74,26 @@ const UserInputsSection = ({ }} /> - - - - - {file ? file.name : 'No file selected'} - - - {errors.file && {errors.file}} + {!readOnlyPem && ( + <> + + + + + {file ? file.name : 'No file selected'} + + + {errors.file && {errors.file}} + + )} diff --git a/src/hooks/useCertificateImport.js b/src/hooks/useCertificateImport.js index a5865c439f..02e50dd5e7 100644 --- a/src/hooks/useCertificateImport.js +++ b/src/hooks/useCertificateImport.js @@ -1,5 +1,5 @@ import { useState, useRef } from 'react' -import { parseCertificate, pemToBase64, isValidPemCertificate } from '../utils/certificateUtils' +import { parseCertificate, getSuggestedAlias, isValidPemCertificate } from '../utils/certificateUtils' import { verifyCertificate } from '../utils/verificationUtils' import { fetchCertificates } from '../services/tlsService' @@ -56,36 +56,7 @@ export const useCertificateImport = (targetStore) => { } } - // Get suggested alias from certificate details - const getSuggestedAlias = (details) => { - if (!details) return null - - // Try to get CN from subject - const subjectStr = details.subjectStr || '' - const cnMatch = subjectStr.match(/CN=([^,]+)/) - if (cnMatch && cnMatch[1]) { - return cnMatch[1].trim() - } - - // Try to get first DNS name from SAN - if (details.raw && details.raw.extensions) { - const sanExtension = details.raw.extensions.find(ext => ext.name === 'subjectAltName') - if (sanExtension && sanExtension.altNames) { - const dnsName = sanExtension.altNames.find(altName => altName.type === 2) // DNS type - if (dnsName && dnsName.value) { - return dnsName.value.trim() - } - } - } - - // Fallback to first part of subject - const firstPart = subjectStr.split(',')[0] - if (firstPart && firstPart.includes('=')) { - return firstPart.split('=')[1]?.trim() - } - - return null - } + // Parse certificate details when PEM text changes const parseCertificateDetails = async (pemText) => { @@ -96,7 +67,7 @@ export const useCertificateImport = (targetStore) => { } try { - const details = parseCertificate(pemToBase64(pemText)) + const details = parseCertificate(pemText) setCertificateDetails(details) // Auto-complete alias if it's empty diff --git a/src/pages/TlsManagement.jsx b/src/pages/TlsManagement.jsx index 25a0f00686..e526ecddc5 100644 --- a/src/pages/TlsManagement.jsx +++ b/src/pages/TlsManagement.jsx @@ -11,6 +11,7 @@ import ShieldOutlinedIcon from '@mui/icons-material/ShieldOutlined' import CheckCircleOutlineIcon from '@mui/icons-material/CheckCircleOutline' import VpnKeyIcon from '@mui/icons-material/VpnKey' import ImportCertificateDialogContent from '../components/ImportCertificateDialogContent' +import ImportFromUrlDialogContent from '../components/ImportFromUrlDialogContent' import CertificateDetailsDialog from '../components/CertificateDetailsDialog' import EditAliasDialog from '../components/EditAliasDialog' import RemoveCertificateDialog from '../components/RemoveCertificateDialog' @@ -146,6 +147,7 @@ export default function TlsManagement() { title: 'Additional Trusted Certificates', actions: [ { key: 'import', label: 'Import Certificate', color: 'info', onClick: () => openImportDialog() }, + { key: 'import-url', label: 'Import from URL', color: 'info', onClick: () => openDialog({ type: 'import-from-url', title: 'Import Certificate from URL', props: { targetStore: 'trusted' } }) }, { key: 'add', label: 'Add New', variant: 'contained', color: 'success', onClick: () => openDialog({ type: 'text', title: 'Add New Certificate', props: { text: 'Placeholder dialog for adding a new certificate.' } }) }, ], }, @@ -228,6 +230,14 @@ export default function TlsManagement() { onSuccess={handleImportSuccess} /> )} + {dialogType === 'import-from-url' && ( + + )} {dialogType === 'text' && ( {dialogProps.text} )} diff --git a/src/services/tlsService.js b/src/services/tlsService.js index 31c9a56e70..f5c444f128 100644 --- a/src/services/tlsService.js +++ b/src/services/tlsService.js @@ -10,7 +10,7 @@ * 4. Remove or comment out the internal store variables and helper functions at the bottom */ -import { parseCertificate } from '../utils/certificateUtils.js' +import { parseCertificate, getSuggestedAlias } from '../utils/certificateUtils.js' import { api } from './api.js' // === INTERNAL STORE (remove when switching to real API) === @@ -143,6 +143,97 @@ export async function fetchSystemCertificates() { } } +/** + * Fetch remote certificates from a URL + * @param {string} url - The URL to fetch certificates from (must be https://) + * @returns {Promise} Array of certificate objects with PEM text and parsed details + */ +export async function fetchRemoteCertificates(url) { + try { + if (!url || typeof url !== 'string' || !url.startsWith('https://')) { + throw new Error('URL must be a valid HTTPS URL') + } + + const response = await api.get('/api/tlsmanager/remoteCertificates', { + params: { url } + }) + const data = response.data + + // Handle response structure: { list: { trustedCertificate: [{ certificate: "..." }] } } + const certificates = [] + const certList = data?.list?.trustedCertificate + + // Handle both array and object formats + let certArray = [] + if (Array.isArray(certList)) { + certArray = certList + } else if (certList && typeof certList === 'object') { + // If it's a single object, wrap it in an array + certArray = [certList] + } + + for (const cert of certArray) { + // Skip certificates with missing or empty certificate data + if (!cert.certificate || !cert.certificate.trim()) { + console.warn('Skipping remote certificate with empty certificate data') + continue + } + + try { + const parsed = await parseCertificate(cert.certificate) + + // Handle parse errors gracefully + if (parsed.error) { + certificates.push({ + certificate: cert.certificate, + name: 'Invalid Certificate', + type: 'Invalid', + subject: `Parse Error: ${parsed.error}`, + issuer: 'Unknown', + validFrom: 'Unknown', + validTo: 'Unknown', + fingerprintSha1: 'Unknown', + parsedCertificate: parsed, + error: parsed.error + }) + continue + } + + certificates.push({ + alias: getSuggestedAlias(parsed), + certificate: cert.certificate, + name: parsed.subject?.CN || 'Unknown', + type: parsed.type || 'Unknown', + subject: parsed.subjectStr || 'Unknown', + issuer: parsed.issuerStr || 'Unknown', + validFrom: parsed.validFrom, + validTo: parsed.validTo, + fingerprintSha1: parsed.fingerprintSha1, + parsedCertificate: parsed + }) + } catch (parseError) { + console.warn('Failed to parse remote certificate:', parseError) + certificates.push({ + certificate: cert.certificate, + name: 'Parse Error', + type: 'Invalid', + subject: `Parse Error: ${parseError.message}`, + issuer: 'Unknown', + validFrom: 'Unknown', + validTo: 'Unknown', + fingerprintSha1: 'Unknown', + error: parseError.message + }) + } + } + + return certificates + } catch (error) { + console.error('Failed to fetch remote certificates:', error) + throw new Error(error.response?.data?.message || error.message || 'Failed to fetch remote certificates from server') + } +} + /** * Fetch trusted certificates * @returns {Promise} Array of parsed certificate objects diff --git a/src/utils/certificateUtils.js b/src/utils/certificateUtils.js index ebd674b8f3..fb85582d4a 100644 --- a/src/utils/certificateUtils.js +++ b/src/utils/certificateUtils.js @@ -458,3 +458,35 @@ export function base64ToPrivateKeyPem(base64Key) { throw new Error('Invalid Base64 private key format') } } + + +// Get suggested alias from certificate details +export function getSuggestedAlias(details) { + if (!details) return null + + // Try to get CN from subject + const subjectStr = details.subjectStr || '' + const cnMatch = subjectStr.match(/CN=([^,]+)/) + if (cnMatch && cnMatch[1]) { + return cnMatch[1].trim() + } + + // Try to get first DNS name from SAN + if (details.raw && details.raw.extensions) { + const sanExtension = details.raw.extensions.find(ext => ext.name === 'subjectAltName') + if (sanExtension && sanExtension.altNames) { + const dnsName = sanExtension.altNames.find(altName => altName.type === 2) // DNS type + if (dnsName && dnsName.value) { + return dnsName.value.trim() + } + } + } + + // Fallback to first part of subject + const firstPart = subjectStr.split(',')[0] + if (firstPart && firstPart.includes('=')) { + return firstPart.split('=')[1]?.trim() + } + + return null +} diff --git a/src/utils/verificationUtils.js b/src/utils/verificationUtils.js index 8acbf2352a..d87234b707 100644 --- a/src/utils/verificationUtils.js +++ b/src/utils/verificationUtils.js @@ -1,4 +1,4 @@ -import { X509, KEYUTIL, KJUR } from 'jsrsasign' +import { X509, KEYUTIL, KJUR, RSAKey } from 'jsrsasign' import { convertX509TimeToDate, parseDNString } from './certificateUtils.js' /** @@ -159,35 +159,61 @@ export function validatePrivateKey(certObj, keyPem) { } // Get public key from certificate - const certPubKeyPem = certObj.cert.getPublicKeyPEM() - - // Extract public key from private key - const pubKeyFromPrivate = KEYUTIL.getPublicKeyFromPrivateKey(privateKey) - const pubKeyPemFromPrivate = KEYUTIL.getPEMFromPublicKey(pubKeyFromPrivate) - - // Compare public keys (PEM format comparison) - if (certPubKeyPem === pubKeyPemFromPrivate) { - return { isValid: true, message: 'Private key matches the certificate!' } + const certPubKeyPem = certObj.cert.getPublicKey() + const certPubKey = KEYUTIL.getKey(certPubKeyPem) + if (!certPubKey) { + return { isValid: false, message: 'Failed to parse certificate public key' } } - // Alternative: Compare hex representations - const certPubKeyHex = KEYUTIL.getHexFromPublicKey(KEYUTIL.getKey(certPubKeyPem)) - const privatePubKeyHex = KEYUTIL.getHexFromPublicKey(pubKeyFromPrivate) - - if (certPubKeyHex === privatePubKeyHex) { - return { isValid: true, message: 'Private key matches the certificate!' } + // Extract public key from private key object + // For RSA: private key has n and e (public components) + // For EC: private key has x and y (public point coordinates) + let pubKeyFromPrivate = null + try { + // Try to create a public key PEM from the private key + // For RSA keys, we can construct a public key object from n and e + if (privateKey.n && privateKey.e) { + // RSA key - construct public key object + pubKeyFromPrivate = new RSAKey() + pubKeyFromPrivate.setPublic(privateKey.n, privateKey.e) + const pubKeyPemFromPrivate = KEYUTIL.getPEM(pubKeyFromPrivate) + + // Compare public keys (PEM format comparison) + if (certPubKeyPem === pubKeyPemFromPrivate) { + return { isValid: true, message: 'Private key matches the certificate!' } + } + } else if (privateKey.curve && privateKey.x && privateKey.y) { + // EC key - construct public key object + pubKeyFromPrivate = new KJUR.crypto.ECDSA({ curve: privateKey.curve, pub: { x: privateKey.x, y: privateKey.y } }) + const pubKeyPemFromPrivate = KEYUTIL.getPEM(pubKeyFromPrivate) + + // Compare public keys (PEM format comparison) + if (certPubKeyPem === pubKeyPemFromPrivate) { + return { isValid: true, message: 'Private key matches the certificate!' } + } + } + } catch (constructError) { + // If constructing public key fails, fall through to signature verification + console.debug('Could not construct public key from private key:', constructError) } - // Last resort: Try signature verification + // Primary method: Signature verification (works for both RSA and EC) try { const testData = 'test-data-for-validation' - const sig = new KJUR.crypto.Signature({ alg: 'SHA256withRSA' }) + + // Determine signature algorithm based on key type + let sigAlg = 'SHA256withRSA' + if (privateKey.curve) { + // EC key - use ECDSA + sigAlg = 'SHA256withECDSA' + } + + const sig = new KJUR.crypto.Signature({ alg: sigAlg }) sig.init(privateKey) sig.updateString(testData) const signature = sig.sign() - const certPubKey = KEYUTIL.getKey(certPubKeyPem) - const verifier = new KJUR.crypto.Signature({ alg: 'SHA256withRSA' }) + const verifier = new KJUR.crypto.Signature({ alg: sigAlg }) verifier.init(certPubKey) verifier.updateString(testData) const isValid = verifier.verify(signature) @@ -198,9 +224,8 @@ export function validatePrivateKey(certObj, keyPem) { return { isValid: false, message: 'Private key does not match the certificate' } } } catch (signError) { - // If signature verification fails (e.g., EC keys need different algorithm) - // Fall back to fingerprint comparison - const certKeyFingerprint = getPublicKeyFingerprint(KEYUTIL.getKey(certPubKeyPem)) + // If signature verification fails, try fingerprint comparison + const certKeyFingerprint = getPublicKeyFingerprint(certPubKey) const privateKeyFingerprint = getPrivateKeyFingerprint(privateKey) if (certKeyFingerprint === privateKeyFingerprint) { @@ -252,7 +277,8 @@ export function getFingerprint(cert, algorithm = 'sha1') { * @returns {Array} Array of SAN strings */ export function getSANs(cert) { - const sans = cert.getExtSubjectAltName() + try { + const sans = cert.getExtSubjectAltName() if (!sans || !Array.isArray(sans)) { return [] } @@ -268,6 +294,9 @@ export function getSANs(cert) { default: return 'Other: ' + value } }) + } catch (error) { + return [] + } } /** @@ -277,7 +306,7 @@ export function getSANs(cert) { */ export function getKeySize(cert) { try { - const pubKeyPem = cert.getPublicKeyPEM() + const pubKeyPem = cert.getPublicKey() const pubKeyObj = KEYUTIL.getKey(pubKeyPem) if (pubKeyObj) { @@ -323,19 +352,71 @@ function getDistinguishedName(dnString) { * @returns {string} SHA-256 fingerprint */ function getPublicKeyFingerprint(publicKey) { - const pubKeyHex = KEYUTIL.getHexFromPublicKey(publicKey) - const fingerprint = KJUR.crypto.Util.hashHex(pubKeyHex, 'sha256') - return fingerprint + try { + // Convert public key to PEM and then to hex for hashing + const pubKeyPem = KEYUTIL.getPEM(publicKey) + // Remove PEM headers and whitespace, then convert base64 to hex + const base64Content = pubKeyPem + .replace(/-----BEGIN PUBLIC KEY-----/g, '') + .replace(/-----END PUBLIC KEY-----/g, '') + .replace(/\s/g, '') + + // Convert base64 to hex + const hexContent = KJUR.crypto.Util.b64toHex(base64Content) + const fingerprint = KJUR.crypto.Util.hashHex(hexContent, 'sha256') + return fingerprint + } catch (error) { + // Fallback: use key object properties + try { + let keyHex = '' + if (publicKey.n && publicKey.e) { + // RSA key + keyHex = publicKey.n.toString(16) + publicKey.e.toString(16) + } else if (publicKey.x && publicKey.y) { + // EC key + keyHex = publicKey.x.toString(16) + publicKey.y.toString(16) + } + return KJUR.crypto.Util.hashHex(keyHex, 'sha256') + } catch (e) { + return '' + } + } } /** - * Get private key fingerprint + * Get private key fingerprint (by extracting public key components) * @param {Object} privateKey - Private key object (from KEYUTIL) * @returns {string} SHA-256 fingerprint */ function getPrivateKeyFingerprint(privateKey) { - const publicKey = KEYUTIL.getPublicKeyFromPrivateKey(privateKey) - return getPublicKeyFingerprint(publicKey) + try { + // Extract public key components from private key + let publicKeyComponents = null + + if (privateKey.n && privateKey.e) { + // RSA key - extract public components + publicKeyComponents = new RSAKey() + publicKeyComponents.setPublic(privateKey.n, privateKey.e) + } else if (privateKey.curve && privateKey.x && privateKey.y) { + // EC key - extract public point + publicKeyComponents = new KJUR.crypto.ECDSA({ curve: privateKey.curve, pub: { x: privateKey.x, y: privateKey.y } }) + } + + if (publicKeyComponents) { + return getPublicKeyFingerprint(publicKeyComponents) + } + + // Fallback: use private key PEM directly + const privateKeyPem = KEYUTIL.getPEM(privateKey, 'PKCS8PRV') + const base64Content = privateKeyPem + .replace(/-----BEGIN PRIVATE KEY-----/g, '') + .replace(/-----END PRIVATE KEY-----/g, '') + .replace(/\s/g, '') + const hexContent = KJUR.crypto.Util.b64toHex(base64Content) + return KJUR.crypto.Util.hashHex(hexContent, 'sha256') + } catch (error) { + return '' + } } /** @@ -378,7 +459,7 @@ export function verifyCertificate(certText, keyText = null) { const sigAlg = primaryCert.getSignatureAlgorithmName() || 'Unknown' // Get public key algorithm - const pubKeyPem = primaryCert.getPublicKeyPEM() + const pubKeyPem = primaryCert.getPublicKey() const pubKeyObj = KEYUTIL.getKey(pubKeyPem) let pubKeyAlg = 'RSA' if (pubKeyObj) { @@ -442,6 +523,7 @@ export function verifyCertificate(certText, keyText = null) { } } catch (error) { + console.error('Error parsing certificate:', error) return { success: false, error: `Error parsing certificate: ${error.message}` From b3f70a9dc42c4249a40feeaf0fa64181324d717d Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Tue, 4 Nov 2025 16:36:52 +0200 Subject: [PATCH 166/360] Refactor ImportFromUrlDialogContent: Simplify state management by removing unnecessary step tracking and enhancing certificate selection logic. Automatically select the first fetched certificate and update the displayed PEM text accordingly. Improve layout and responsiveness of the component for better user experience during certificate import. --- .../ImportCertificateDialogContent.jsx | 3 +- src/components/ImportFromUrlDialogContent.jsx | 249 +++++++++--------- 2 files changed, 122 insertions(+), 130 deletions(-) diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index a1e108692e..9775042b59 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -76,7 +76,8 @@ export default function ImportCertificateDialogContent({ // Pre-populate PEM text if initialPemText is provided useEffect(() => { - if (initialPemText && initialPemText.trim() && !pemText.trim()) { + if (initialPemText && initialPemText.trim()) { + // Always update when initialPemText changes (for URL import flow) setPemText(initialPemText) parseCertificateDetails(initialPemText) } diff --git a/src/components/ImportFromUrlDialogContent.jsx b/src/components/ImportFromUrlDialogContent.jsx index 4776b8f99f..a0ec29ace4 100644 --- a/src/components/ImportFromUrlDialogContent.jsx +++ b/src/components/ImportFromUrlDialogContent.jsx @@ -1,4 +1,4 @@ -import React, { useState } from 'react' +import React, { useState, useEffect } from 'react' import { Box, Stack, @@ -24,7 +24,6 @@ export default function ImportFromUrlDialogContent({ onCancel, onSuccess, }) { - const [step, setStep] = useState('url-input') // 'url-input' | 'certificate-selection' | 'import' const [url, setUrl] = useState('') const [urlError, setUrlError] = useState('') const [loading, setLoading] = useState(false) @@ -69,6 +68,7 @@ export default function ImportFromUrlDialogContent({ setFetchError(null) setCertificates([]) setSelectedCertificateIndex(null) + setSelectedCertificatePem(null) try { const fetchedCerts = await fetchRemoteCertificates(url) @@ -78,7 +78,11 @@ export default function ImportFromUrlDialogContent({ return } setCertificates(fetchedCerts) - setStep('certificate-selection') + // Auto-select first certificate if available + if (fetchedCerts.length > 0) { + setSelectedCertificateIndex(0) + setSelectedCertificatePem(fetchedCerts[0].certificate) + } } catch (error) { setFetchError(error.message || 'Failed to fetch certificates from URL') } finally { @@ -92,53 +96,40 @@ export default function ImportFromUrlDialogContent({ setSelectedCertificatePem(selectedCert.certificate) } - const handleContinue = () => { - if (selectedCertificateIndex === null || selectedCertificatePem === null) { - return - } - setStep('import') - } - - const handleBack = () => { - if (step === 'certificate-selection') { - setStep('url-input') - setCertificates([]) - setSelectedCertificateIndex(null) - setSelectedCertificatePem(null) - } else if (step === 'import') { - setStep('certificate-selection') + // Update selected certificate PEM when index changes + useEffect(() => { + if (selectedCertificateIndex !== null && certificates[selectedCertificateIndex]) { + setSelectedCertificatePem(certificates[selectedCertificateIndex].certificate) } - } - - // Step 1: URL Input - if (step === 'url-input') { - return ( - - validateUrl(url)} - error={!!urlError} - helperText={urlError || 'Enter a valid HTTPS URL to fetch certificates'} - fullWidth - disabled={loading} - autoFocus - /> - - {fetchError && ( - {fetchError} - )} + }, [selectedCertificateIndex, certificates]) - - + return ( + + {/* URL Input Section */} + + + validateUrl(url)} + error={!!urlError} + helperText={urlError || 'Enter a valid HTTPS URL to fetch certificates'} + fullWidth + disabled={loading} + autoFocus + /> + + {fetchError && ( + {fetchError} + )} - ) - } - // Step 2: Certificate Selection - if (step === 'certificate-selection') { - return ( - - - Select a certificate to import: - + {/* Certificate List and Import Details - Vertical Layout */} + {certificates.length > 0 && ( + + {/* Top Section - Certificate List */} + + + Select a certificate to import: + - {certificates.length === 0 ? ( - No certificates found - ) : ( - - handleCertificateSelect(parseInt(e.target.value, 10))} - > - + + handleCertificateSelect(parseInt(e.target.value, 10))} + sx={{ display: 'flex', flexDirection: 'row', flexWrap: 'wrap', gap: 2 }} + > {certificates.map((cert, index) => ( handleCertificateSelect(index)} > } label={ - - - - - {cert.alias} - - - {cert.type} - - - - - - - - Subject: {cert.subject} - - - Issuer: {cert.issuer} - - {cert.validFrom !== 'Unknown' && cert.validTo !== 'Unknown' && ( - - Valid: {cert.validFrom} - {cert.validTo} - - )} - - {cert.error && ( - - {cert.subject} - - )} - + + {cert.alias || `Certificate ${index + 1}`} + + {cert.error && ( + + {cert.subject} + + )} } sx={{ margin: 0, width: '100%' }} /> ))} - - - - )} + + + - - + {/* Bottom Section - Import Certificate Details */} + + {selectedCertificatePem ? ( + + ) : ( + + Select a certificate from the list to view details and import + + )} + + + )} + + {/* Bottom Action Buttons - Only show when certificates are loaded */} + {certificates.length > 0 && ( + - - - ) - } - - // Step 3: Import Dialog (reuse existing component) - if (step === 'import' && selectedCertificatePem) { - return ( - - ) - } - - return null + )} + + ) } From cb34a29aa901c8a4b8c5f3aef3f336e5204954d0 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 4 Nov 2025 16:37:43 +0200 Subject: [PATCH 167/360] Make manager enabled change respect Subject DN validation mode when enabling subjectDnValidationFilterTextField --- .../client/panel/ListenerConnectorPropertiesPanel.java | 4 +++- .../client/panel/SenderConnectorPropertiesPanel.java | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java index 4e7c35ec2f..6cc2986729 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java @@ -413,7 +413,9 @@ private void handleManagerEnabledButton(boolean managerEnabled) { subjectDnValidationLabel.setEnabled(managerEnabled); subjectDnValidationModeComboBox.setEnabled(managerEnabled); - subjectDnValidationFilterTextField.setEnabled(managerEnabled); + subjectDnValidationFilterTextField.setEnabled( + managerEnabled && properties.getSubjectDnValidationMode() != SubjectDnValidationMode.NONE + ); crlModeLabel.setEnabled(managerEnabled); crlModeComboBox.setEnabled(managerEnabled); diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java index 4aa69f7058..71759c6993 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java @@ -623,7 +623,9 @@ private void handleManagerEnabledButton(boolean managerEnabled) { subjectDnValidationLabel.setEnabled(managerEnabled); subjectDnValidationModeComboBox.setEnabled(managerEnabled); - subjectDnValidationFilterTextField.setEnabled(managerEnabled); + subjectDnValidationFilterTextField.setEnabled( + managerEnabled && properties.getSubjectDnValidationMode() != SubjectDnValidationMode.NONE + ); crlModeLabel.setEnabled(managerEnabled); crlModeComboBox.setEnabled(managerEnabled); From b0f00a9c0d936221338ea4f7bdc7ead867221088 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 4 Nov 2025 16:46:57 +0200 Subject: [PATCH 168/360] Add Subject DN validation to HTTP Listener --- .../revocation/DualCheckerTrustManager.java | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java index 83b19abcbe..583df6c737 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -233,7 +233,39 @@ private void validateServerTrusted(X509Certificate[] chain, Socket socket) throw } private void validateClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException { + if (subjectDnValidationMode != null && subjectDnValidationMode != SubjectDnValidationMode.NONE) { + if (subjectDnValidationFilter == null || subjectDnValidationFilter.isEmpty()) { + throw new IllegalStateException("Expected Subject DN cannot be empty"); + } + + var subject = chain[0].getSubjectX500Principal(); + + var subjectDn = subject.getName(X500Principal.RFC2253); + var expectedDn = new X500Principal(subjectDnValidationFilter).getName(X500Principal.RFC2253); + if (subjectDnValidationMode == SubjectDnValidationMode.EXACT) { + if (!subjectDn.equals(expectedDn)) { + throw new CertificateException("Subject DN does not match filter"); + } + } else if (subjectDnValidationMode == SubjectDnValidationMode.PARTIAL) { + + LdapName subjectLdapName, expectedLdapName; + try { + subjectLdapName = new LdapName(subjectDn); + expectedLdapName = new LdapName(expectedDn); + } catch (InvalidNameException e) { + throw new IllegalArgumentException("Error converting DN to LdapName", e); + } + var subjectRdns = subjectLdapName.getRdns(); + for (var expectedRdn : expectedLdapName.getRdns()) { + if (!subjectRdns.contains(expectedRdn)) { + throw new RuntimeException("Subject DN does not contain expected RDN"); + } + } + } else { + throw new UnsupportedOperationException("Unsupported SubjectDnValidationMode: " + subjectDnValidationMode); + } + } } // ---- Pass A: OCSP-only ---- From 2cf7704b46b36c19d5a975e6baa6b2204c8a19e4 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Wed, 5 Nov 2025 13:52:35 +0200 Subject: [PATCH 169/360] Refactor ImportFromUrlDialogContent: Improve layout and styling by adjusting component dimensions and overflow handling. Update radio group layout to a column format for better usability. Remove unused action buttons to streamline the interface when no certificates are loaded. --- src/components/ImportFromUrlDialogContent.jsx | 32 ++++--------------- 1 file changed, 7 insertions(+), 25 deletions(-) diff --git a/src/components/ImportFromUrlDialogContent.jsx b/src/components/ImportFromUrlDialogContent.jsx index a0ec29ace4..5fe50333ed 100644 --- a/src/components/ImportFromUrlDialogContent.jsx +++ b/src/components/ImportFromUrlDialogContent.jsx @@ -162,29 +162,29 @@ export default function ImportFromUrlDialogContent({ flex: '0 0 auto', pb: 3, borderBottom: '1px solid', - borderColor: 'divider' + borderColor: 'divider', + overflow: 'scroll', + maxHeight: '300px' }}> Select a certificate to import: - + handleCertificateSelect(parseInt(e.target.value, 10))} - sx={{ display: 'flex', flexDirection: 'row', flexWrap: 'wrap', gap: 2 }} + sx={{ display: 'flex', flexDirection: 'column', flexWrap: 'wrap', gap: 2 }} > {certificates.map((cert, index) => ( {selectedCertificatePem ? ( @@ -244,24 +244,6 @@ export default function ImportFromUrlDialogContent({ )} - {/* Bottom Action Buttons - Only show when certificates are loaded */} - {certificates.length > 0 && ( - - - - )} ) } From 129cc574111820d3b35c46396075f577484c8843 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 5 Nov 2025 14:53:06 +0200 Subject: [PATCH 170/360] Add null check for trusted certificates --- .../tlsmanager/server/CertificateService.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index 4361d7f31c..a084f8da2f 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -177,6 +177,12 @@ KeyStore getTrustStoreFromProperties(boolean isTrustSystem, Set aliasSet var presentInSystem = new HashSet(); var unknownAliases = new HashSet(); + + if (aliasSet == null) { + log.debug("No aliases provided. Using all aliases from truststore"); + return finalTrustStore; + } + for (String alias : aliasSet) { try { if (systemTrustStore.containsAlias(alias)) { From edda30a2783cd17a3bfacde0be4cb152068b2e13 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 5 Nov 2025 16:18:12 +0200 Subject: [PATCH 171/360] Add null check for alias in keystore fetch --- .../tlsmanager/server/CertificateService.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java index a084f8da2f..27db602dd4 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/CertificateService.java @@ -143,6 +143,10 @@ KeyStore getKeyStore(String alias) { var keystore = KeyStore.getInstance(PKCS12); keystore.load(null, new char[0]); + if (alias == null) { + throw new IllegalArgumentException("Alias cannot be null"); + } + if (externalKeyStore.isKeyEntry(alias)) { var certChain = externalKeyStore.getCertificateChain(alias); var privateKey = externalKeyStore.getKey(alias, new char[0]); From 698cbf2119dd2696ae7b76c9cb3119a4fc3610db Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 5 Nov 2025 16:19:09 +0200 Subject: [PATCH 172/360] Formatting --- .../tlsmanager/server/SocketFactoryService.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index c7a171aa99..cba70e89a2 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -115,7 +115,11 @@ public WeirdIntermediaryContextContainer generateTLSContext(Connector connector, public WeirdIntermediaryListenerContextContainer generateTLSContext(Connector connector, TLSListenerProperties properties) { var keystore = certificateService.getKeyStore(properties.getServerCertificateAlias()); - var truststore = certificateService.getTrustStoreFromProperties(properties.isTrustSystemTruststore(), properties.getTrustedServerCertificates(), connector); + var truststore = certificateService.getTrustStoreFromProperties( + properties.isTrustSystemTruststore(), + properties.getTrustedServerCertificates(), + connector + ); var dualcheckerTrustManager = new DualCheckerTrustManager( truststore, From 1b38089114640e53201ee15325e69df21c3b4aab Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 5 Nov 2025 16:19:56 +0200 Subject: [PATCH 173/360] Carry client authmode in the intermediary container --- .../tlsmanager/server/SocketFactoryService.java | 3 ++- .../models/WeirdIntermediaryListenerContextContainer.java | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java index cba70e89a2..afef538d15 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/SocketFactoryService.java @@ -155,7 +155,8 @@ public WeirdIntermediaryListenerContextContainer generateTLSContext(Connector co cipherArray, hostnameVerificationStrategy, keystore, - sslContext + sslContext, + properties.getClientAuthMode() ); } catch (Exception e) { log.error("Error generating SSLContext", e); diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java index 1f2ad4c836..4a73c41147 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/WeirdIntermediaryListenerContextContainer.java @@ -9,5 +9,6 @@ public record WeirdIntermediaryListenerContextContainer( String[] ciphers, HostnameVerifier hostnameVerifier, KeyStore keyStore, - SSLContext sslContext + SSLContext sslContext, + ClientAuthMode clientAuthMode ) {} From fecbdd0a47e20cc03e5d6066a3fd8a935688926e Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 5 Nov 2025 16:20:33 +0200 Subject: [PATCH 174/360] Add WebService Listener configuration --- .../TLSWebServiceConfiguration.java | 76 +++++++++++++++++-- 1 file changed, 70 insertions(+), 6 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java index 8a272280ab..f3bd990ba2 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSWebServiceConfiguration.java @@ -4,11 +4,18 @@ import com.mirth.connect.connectors.ws.SSLSocketFactoryWrapper; import com.mirth.connect.connectors.ws.WebServiceDispatcher; import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; +import com.mirth.connect.connectors.ws.WebServiceReceiver; import com.mirth.connect.donkey.server.channel.Connector; +import com.sun.net.httpserver.HttpsConfigurator; +import com.sun.net.httpserver.HttpsParameters; +import com.sun.net.httpserver.HttpsServer; import lombok.extern.slf4j.Slf4j; import org.openintegrationengine.tlsmanager.server.SocketFactoryService; import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; +import org.openintegrationengine.tlsmanager.shared.models.ClientAuthMode; import org.openintegrationengine.tlsmanager.shared.models.WeirdIntermediaryContextContainer; +import org.openintegrationengine.tlsmanager.shared.models.WeirdIntermediaryListenerContextContainer; +import org.openintegrationengine.tlsmanager.shared.properties.TLSListenerProperties; import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; import javax.net.ssl.SSLSocketFactory; @@ -19,7 +26,8 @@ public class TLSWebServiceConfiguration extends DefaultWebServiceConfiguration { private final SocketFactoryService socketFactoryService; - private WeirdIntermediaryContextContainer contextContainer; + private WeirdIntermediaryContextContainer senderContainer; + private WeirdIntermediaryListenerContextContainer listenerContainer; public TLSWebServiceConfiguration() { // This looks ugly, I know @@ -34,15 +42,51 @@ public TLSWebServiceConfiguration(SocketFactoryService socketFactoryService) { public void configureConnectorDeploy(Connector connector) throws Exception { if (connector instanceof WebServiceDispatcher webServiceDispatcher) { configureSocketFactory(webServiceDispatcher); + } else if (connector instanceof WebServiceReceiver webServiceReceiver) { + configureSocketFactory(webServiceReceiver); } } + @Override + public void configureReceiver(WebServiceReceiver connector) throws Exception { + if (listenerContainer == null) { + super.configureReceiver(connector); + return; + } + + var tlsContext = listenerContainer.sslContext(); + + var httpsServer = HttpsServer.create(); + httpsServer.setHttpsConfigurator(new HttpsConfigurator(tlsContext) { + @Override + public void configure(HttpsParameters params) { + var sslParams = tlsContext.getDefaultSSLParameters(); + + sslParams.setProtocols(listenerContainer.protocols()); + sslParams.setCipherSuites(listenerContainer.ciphers()); + + if (ClientAuthMode.REQUESTED == listenerContainer.clientAuthMode()) { + sslParams.setWantClientAuth(true); + } else if (ClientAuthMode.REQUIRED == listenerContainer.clientAuthMode()) { + sslParams.setNeedClientAuth(true); + } + + // TODO Stapling? + //sslParams.setEndpointIdentificationAlgorithm("HTTPS"); + + params.setSSLParameters(sslParams); + } + }); + + connector.setServer(httpsServer); + } + @Override public void configureDispatcher(WebServiceDispatcher connector, WebServiceDispatcherProperties connectorProperties, Map requestContext) throws Exception { SSLSocketFactory socketFactory = new SSLSocketFactoryWrapper( - contextContainer.sslContext().getSocketFactory(), - contextContainer.protocols(), - contextContainer.ciphers() + senderContainer.sslContext().getSocketFactory(), + senderContainer.protocols(), + senderContainer.ciphers() ); // Wat? @@ -50,6 +94,26 @@ public void configureDispatcher(WebServiceDispatcher connector, WebServiceDispat requestContext.put("com.sun.xml.ws.transport.https.client.SSLSocketFactory", socketFactory); // JAX-WS RI } + private void configureSocketFactory(WebServiceReceiver connector) { + var tlsConnectorProperties = connector.getConnectorProperties().getPluginProperties() + .stream() + .filter(TLSListenerProperties.class::isInstance) + .findFirst() + .map(TLSListenerProperties.class::cast) + .orElse(null); + + if (tlsConnectorProperties != null && tlsConnectorProperties.isTlsManagerEnabled()) { + listenerContainer = socketFactoryService.generateTLSContext(connector, tlsConnectorProperties); + } else { + try { + super.configureConnectorDeploy(connector); + } catch (Exception e) { + log.error("Error creating non-TLS socket factory", e); + throw new RuntimeException(e); + } + } + } + private void configureSocketFactory(WebServiceDispatcher connector) { var tlsConnectorProperties = connector.getConnectorProperties().getPluginProperties() .stream() @@ -59,9 +123,9 @@ private void configureSocketFactory(WebServiceDispatcher connector) { .orElse(null); if (tlsConnectorProperties != null && tlsConnectorProperties.isTlsManagerEnabled()) { - contextContainer = socketFactoryService.generateTLSContext(connector, tlsConnectorProperties); + senderContainer = socketFactoryService.generateTLSContext(connector, tlsConnectorProperties); - var socketConnectionFactory = socketFactoryService.getConnectorSocketFactory(contextContainer); + var socketConnectionFactory = socketFactoryService.getConnectorSocketFactory(senderContainer); if (socketConnectionFactory != null) { connector.getSocketFactoryRegistry().register("https", socketConnectionFactory); } From f77631fb6e2dd699c86ee2a05c95cf11af57ae80 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Wed, 5 Nov 2025 16:24:27 +0200 Subject: [PATCH 175/360] Add unform revocation validation to all trust check functions --- .../revocation/DualCheckerTrustManager.java | 100 +++++++----------- 1 file changed, 36 insertions(+), 64 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java index 583df6c737..c4b1df54ff 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -112,29 +112,34 @@ public DualCheckerTrustManager( @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { trustManagerDelegate.checkClientTrusted(chain, authType); + runValidations(chain, null); } @Override public void checkClientTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { trustManagerDelegate.checkClientTrusted(chain, authType, s); + runValidations(chain, s); } @Override - public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine e) throws CertificateException { - trustManagerDelegate.checkClientTrusted(chain, authType, e); - validateClientTrusted(chain, authType, e); + public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException { + trustManagerDelegate.checkClientTrusted(chain, authType, sslEngine); + SSLSession session = sslEngine.getSession(); + var has = hasStapledOcsp(chain, session); + + log.info("here"); } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { trustManagerDelegate.checkServerTrusted(chain, authType); - validateServerTrusted(chain, null); + runValidations(chain, null); } @Override public void checkServerTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { trustManagerDelegate.checkServerTrusted(chain, authType, s); - validateServerTrusted(chain, s); + runValidations(chain, s); } @Override @@ -145,7 +150,29 @@ public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngi @Override public X509Certificate[] getAcceptedIssuers() { return trustManagerDelegate.getAcceptedIssuers(); } - private void validateServerTrusted(X509Certificate[] chain, Socket socket) throws CertificateException { + private boolean hasStapledOcsp(X509Certificate[] chain, SSLSession session) throws CertificateException { + if (session instanceof ExtendedSSLSession extendedSession) { + var statusResponses = extendedSession.getStatusResponses(); + + if (statusResponses != null && !statusResponses.isEmpty()) { + log.info("Received {} stapled OCSP response(s)", statusResponses.size()); + + for (int i = 0; i < Math.min(statusResponses.size(), chain.length); i++) { + byte[] response = statusResponses.get(i); + if (response != null && response.length > 0) { + validateStapledOcspResponse(response, chain[i]); + return true; + } + } + } + } else { + log.debug("SSLSession is not an ExtendedSSLSession"); + } + + return false; + } + + private void runValidations(X509Certificate[] chain, Socket socket) throws CertificateException { try { var certificateFactory = CertificateFactory.getInstance("X.509"); var certPath = certificateFactory.generateCertPath(List.of(chain)); @@ -164,7 +191,6 @@ private void validateServerTrusted(X509Certificate[] chain, Socket socket) throw throw new CertificateException("Subject DN does not match filter"); } } else if (subjectDnValidationMode == SubjectDnValidationMode.PARTIAL) { - LdapName subjectLdapName, expectedLdapName; try { subjectLdapName = new LdapName(subjectDn); @@ -186,32 +212,14 @@ private void validateServerTrusted(X509Certificate[] chain, Socket socket) throw // OCSP-only pass (if requested) if (ocspMode != RevocationMode.DISABLED) { - - boolean hasStapledOcsp = false; - if (socket instanceof SSLSocket sslSocket) { SSLSession session = sslSocket.getHandshakeSession(); + var hasStapledOcsp = hasStapledOcsp(chain, session); - if (session instanceof ExtendedSSLSession extendedSession) { - var statusResponses = extendedSession.getStatusResponses(); - - if (statusResponses != null && !statusResponses.isEmpty()) { - log.info("Received {} stapled OCSP response(s)", statusResponses.size()); - - for (int i = 0; i < Math.min(statusResponses.size(), chain.length); i++) { - byte[] response = statusResponses.get(i); - if (response != null && response.length > 0) { - validateStapledOcspResponse(response, chain[i]); - hasStapledOcsp = true; - } - } - } + if (!hasStapledOcsp) { + pkixOcspOnly(certPath, ocspMode == RevocationMode.SOFT_FAIL); } } - - if (!hasStapledOcsp) { - pkixOcspOnly(certPath, ocspMode == RevocationMode.SOFT_FAIL); - } } // CRL-only pass (if requested) @@ -232,42 +240,6 @@ private void validateServerTrusted(X509Certificate[] chain, Socket socket) throw } } - private void validateClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException { - if (subjectDnValidationMode != null && subjectDnValidationMode != SubjectDnValidationMode.NONE) { - if (subjectDnValidationFilter == null || subjectDnValidationFilter.isEmpty()) { - throw new IllegalStateException("Expected Subject DN cannot be empty"); - } - - var subject = chain[0].getSubjectX500Principal(); - - var subjectDn = subject.getName(X500Principal.RFC2253); - var expectedDn = new X500Principal(subjectDnValidationFilter).getName(X500Principal.RFC2253); - if (subjectDnValidationMode == SubjectDnValidationMode.EXACT) { - if (!subjectDn.equals(expectedDn)) { - throw new CertificateException("Subject DN does not match filter"); - } - } else if (subjectDnValidationMode == SubjectDnValidationMode.PARTIAL) { - - LdapName subjectLdapName, expectedLdapName; - try { - subjectLdapName = new LdapName(subjectDn); - expectedLdapName = new LdapName(expectedDn); - } catch (InvalidNameException e) { - throw new IllegalArgumentException("Error converting DN to LdapName", e); - } - - var subjectRdns = subjectLdapName.getRdns(); - for (var expectedRdn : expectedLdapName.getRdns()) { - if (!subjectRdns.contains(expectedRdn)) { - throw new RuntimeException("Subject DN does not contain expected RDN"); - } - } - } else { - throw new UnsupportedOperationException("Unsupported SubjectDnValidationMode: " + subjectDnValidationMode); - } - } - } - // ---- Pass A: OCSP-only ---- private void pkixOcspOnly(CertPath path, boolean softFail) throws GeneralSecurityException { var params = new PKIXParameters(trustStore); From 8317dd5be9740d8aa2a3a03627c62aeab1181bd2 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Wed, 5 Nov 2025 17:58:42 +0200 Subject: [PATCH 176/360] Refactor ImportCertificateDialogContent and ImportFromUrlDialogContent: Enhance component functionality by converting ImportCertificateDialogContent to a forwardRef component, allowing external access to the handleSubmit method. Update ImportFromUrlDialogContent to manage loading states more effectively and conditionally render action buttons based on certificate selection. Improve layout and styling for better user experience during certificate import. --- .../ImportCertificateDialogContent.jsx | 61 +++++++++------ src/components/ImportFromUrlDialogContent.jsx | 77 +++++++++++++++---- src/utils/verificationUtils.js | 7 +- 3 files changed, 101 insertions(+), 44 deletions(-) diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportCertificateDialogContent.jsx index 9775042b59..e951a7bec9 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportCertificateDialogContent.jsx @@ -1,4 +1,4 @@ -import React, { useState, useEffect } from 'react' +import React, { useState, useEffect, forwardRef, useImperativeHandle } from 'react' import { Box, Stack, @@ -17,7 +17,7 @@ import MobileCertificateSection from './MobileCertificateSection' import { updateCertificates } from '../services/tlsService.js' import { verifyCertificate } from '../utils/verificationUtils.js' -export default function ImportCertificateDialogContent({ +const ImportCertificateDialogContent = forwardRef(function ImportCertificateDialogContent({ targetStore = 'trusted', currentCertificates = null, onCancel, @@ -25,7 +25,8 @@ export default function ImportCertificateDialogContent({ onSuccess, initialPemText = null, readOnlyPem = false, -}) { + hideButtons = false, +}, ref) { const [showConfirmDialog, setShowConfirmDialog] = useState(false) const [showValidationDialog, setShowValidationDialog] = useState(false) const [validationError, setValidationError] = useState(null) @@ -161,6 +162,12 @@ export default function ImportCertificateDialogContent({ setShowConfirmDialog(false) } + // Expose handleSubmit and loading state via ref + useImperativeHandle(ref, () => ({ + handleSubmit, + loading + })) + return ( {/* Fixed buttons at bottom */} - - - - + + + + )} {/* Confirmation Dialog for Replacing Existing Certificate */} ) - } +}) + +export default ImportCertificateDialogContent diff --git a/src/components/ImportFromUrlDialogContent.jsx b/src/components/ImportFromUrlDialogContent.jsx index 5fe50333ed..579aeba1ef 100644 --- a/src/components/ImportFromUrlDialogContent.jsx +++ b/src/components/ImportFromUrlDialogContent.jsx @@ -1,4 +1,4 @@ -import React, { useState, useEffect } from 'react' +import React, { useState, useEffect, useRef } from 'react' import { Box, Stack, @@ -31,6 +31,8 @@ export default function ImportFromUrlDialogContent({ const [certificates, setCertificates] = useState([]) const [selectedCertificateIndex, setSelectedCertificateIndex] = useState(null) const [selectedCertificatePem, setSelectedCertificatePem] = useState(null) + const [importLoading, setImportLoading] = useState(false) + const importCertificateRef = useRef(null) const validateUrl = (urlValue) => { if (!urlValue.trim()) { @@ -100,6 +102,7 @@ export default function ImportFromUrlDialogContent({ useEffect(() => { if (selectedCertificateIndex !== null && certificates[selectedCertificateIndex]) { setSelectedCertificatePem(certificates[selectedCertificateIndex].certificate) + setImportLoading(false) // Reset loading when certificate selection changes } }, [selectedCertificateIndex, certificates]) @@ -127,13 +130,14 @@ export default function ImportFromUrlDialogContent({ /> + + + )} + ) } diff --git a/src/utils/verificationUtils.js b/src/utils/verificationUtils.js index d87234b707..d913afb2ea 100644 --- a/src/utils/verificationUtils.js +++ b/src/utils/verificationUtils.js @@ -48,6 +48,8 @@ export function validateCertificateChain(certificates) { for (let i = 0; i < certificates.length - 1; i++) { const cert = certificates[i].cert const issuerCert = certificates[i + 1].cert + const certPem = certificates[i].pem + const issuerPem = certificates[i + 1].pem validation.details.push(`Checking certificate ${i + 1} against issuer certificate ${i + 2}`) @@ -64,7 +66,7 @@ export function validateCertificateChain(certificates) { // Verify signature try { - const isSignatureValid = cert.verifySignature(issuerCert.pem) // jsrsasign requires PEM string + const isSignatureValid = cert.verifySignature(issuerPem) // jsrsasign requires PEM string if (isSignatureValid) { validation.details.push(`✓ Certificate ${i + 1} signature verified by certificate ${i + 2}`) } else { @@ -92,12 +94,13 @@ export function validateCertificateChain(certificates) { // Check if root is self-signed const rootCert = certificates[certificates.length - 1].cert + const rootPem = certificates[certificates.length - 1].pem const rootIssuer = rootCert.getIssuerString() const rootSubject = rootCert.getSubjectString() if (rootIssuer === rootSubject) { try { - const isSelfSigned = rootCert.verifySignature(rootCert.pem) + const isSelfSigned = rootCert.verifySignature(rootPem) if (isSelfSigned) { validation.details.push('✓ Root certificate is properly self-signed') } else { From 858aecac939f736b13e5d20182418a9e78a82076 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 7 Nov 2025 11:36:22 +0200 Subject: [PATCH 177/360] Add null-checks for selected options in ItemPickerDialog --- .../tlsmanager/client/dialog/ItemPickerDialog.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java index d7ca78b64d..c2e3da9264 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/dialog/ItemPickerDialog.java @@ -51,6 +51,7 @@ import java.awt.Window; import java.awt.event.MouseAdapter; import java.awt.event.MouseEvent; +import java.util.Collections; import java.util.Comparator; import java.util.EventObject; import java.util.LinkedHashSet; @@ -96,8 +97,14 @@ public ItemPickerDialog( BiConsumer> onSaveConsumer ) { super(owner, windowTitle, true); + + if (allOptions == null) { + throw new IllegalArgumentException("allOptions cannot be null"); + } + this.allOptions = allOptions; - this.selectedOptions = selectedOptions; + this.selectedOptions = Objects.requireNonNullElseGet(selectedOptions, Collections::emptySet); + this.isDefaultSelected = isDefaultSelected; this.defaultValue = defaultValue; this.onSaveConsumer = onSaveConsumer; From 26616ede222010338784d02b9ee5cde85ae919f7 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 7 Nov 2025 13:20:26 +0200 Subject: [PATCH 178/360] Add SSLEngine support to manual CRL and OCSP checks --- .../revocation/DualCheckerTrustManager.java | 38 +++++++++++-------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java index c4b1df54ff..73d453733c 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/revocation/DualCheckerTrustManager.java @@ -112,39 +112,37 @@ public DualCheckerTrustManager( @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { trustManagerDelegate.checkClientTrusted(chain, authType); - runValidations(chain, null); + runValidations(chain, null, null); } @Override - public void checkClientTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { - trustManagerDelegate.checkClientTrusted(chain, authType, s); - runValidations(chain, s); + public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException { + trustManagerDelegate.checkClientTrusted(chain, authType, socket); + runValidations(chain, socket, null); } @Override public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException { trustManagerDelegate.checkClientTrusted(chain, authType, sslEngine); - SSLSession session = sslEngine.getSession(); - var has = hasStapledOcsp(chain, session); - - log.info("here"); + runValidations(chain, null, sslEngine); } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { trustManagerDelegate.checkServerTrusted(chain, authType); - runValidations(chain, null); + runValidations(chain, null, null); } @Override public void checkServerTrusted(X509Certificate[] chain, String authType, Socket s) throws CertificateException { trustManagerDelegate.checkServerTrusted(chain, authType, s); - runValidations(chain, s); + runValidations(chain, s, null); } @Override - public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine e) { - throw new UnsupportedOperationException("SSLEngine not supported"); + public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine sslEngine) throws CertificateException { + trustManagerDelegate.checkServerTrusted(chain, authType, sslEngine); + runValidations(chain, null , sslEngine); } @Override @@ -172,7 +170,7 @@ private boolean hasStapledOcsp(X509Certificate[] chain, SSLSession session) thro return false; } - private void runValidations(X509Certificate[] chain, Socket socket) throws CertificateException { + private void runValidations(X509Certificate[] chain, Socket socket, SSLEngine sslEngine) throws CertificateException { try { var certificateFactory = CertificateFactory.getInstance("X.509"); var certPath = certificateFactory.generateCertPath(List.of(chain)); @@ -212,10 +210,18 @@ private void runValidations(X509Certificate[] chain, Socket socket) throws Certi // OCSP-only pass (if requested) if (ocspMode != RevocationMode.DISABLED) { - if (socket instanceof SSLSocket sslSocket) { - SSLSession session = sslSocket.getHandshakeSession(); - var hasStapledOcsp = hasStapledOcsp(chain, session); + if (socket != null || sslEngine != null) { + SSLSession session; + + if (socket instanceof SSLSocket sslSocket) { + session = sslSocket.getHandshakeSession(); + } else if (sslEngine != null) { + session = sslEngine.getSession(); + } else { + throw new IllegalStateException("Expected either a Socket or SSLEngine"); + } + var hasStapledOcsp = hasStapledOcsp(chain, session); if (!hasStapledOcsp) { pkixOcspOnly(certPath, ocspMode == RevocationMode.SOFT_FAIL); } From f2baaa48e868f1a6fde5e74663482537ff394750 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 7 Nov 2025 15:18:03 +0200 Subject: [PATCH 179/360] Rename function to be direction-agnostic --- .../server/connectorconfig/TLSHttpConfiguration.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java index 5a9fc1dfae..5e0104eb9d 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSHttpConfiguration.java @@ -84,7 +84,7 @@ public void configureSocketFactoryRegistry(ConnectorPluginProperties properties, @Override public void configureReceiver(HttpReceiver connector) throws Exception { - var tlsConnectorProperties = getSenderProperties(TLSListenerProperties.class, connector); + var tlsConnectorProperties = getConnectorProperties(TLSListenerProperties.class, connector); // If TLS manager is not enabled, delegate to OIE default if (tlsConnectorProperties == null || !tlsConnectorProperties.isTlsManagerEnabled()) { @@ -133,7 +133,7 @@ public void configureReceiver(HttpReceiver connector) throws Exception { } private void configureSocketFactory(HttpDispatcher connector) { - var tlsConnectorProperties = getSenderProperties(TLSSenderProperties.class, connector); + var tlsConnectorProperties = getConnectorProperties(TLSSenderProperties.class, connector); if (tlsConnectorProperties != null && tlsConnectorProperties.isTlsManagerEnabled()) { var sslSocketFactory = socketFactoryService.getConnectorSocketFactory(connector, tlsConnectorProperties); @@ -151,7 +151,7 @@ private void configureSocketFactory(HttpDispatcher connector) { } } - private T getSenderProperties(Class propertiesClass, Connector connector) { + private T getConnectorProperties(Class propertiesClass, Connector connector) { return connector.getConnectorProperties().getPluginProperties() .stream() .filter(propertiesClass::isInstance) From 76c5e8d54f48683257c5e47f06de4b4f0d338dde Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 29 Sep 2025 22:58:01 +0300 Subject: [PATCH 180/360] Run tests on every push --- .github/workflows/build.yaml | 130 ++++++++++++++++++++++++++++++++++- docker/compose.yaml | 2 +- 2 files changed, 130 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index dd466e86e6..c377182607 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -11,7 +11,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v5 - name: Set up Java uses: actions/setup-java@v4 @@ -27,3 +27,131 @@ jobs: with: name: tls-manager-plugin path: target/tls-manager.zip + + inttest: + runs-on: ubuntu-latest + + needs: build + + services: + caddy: + image: caddy:2-alpine + env: + CADDY_ADMIN: 0.0.0.0:2019 # Make admin api available from outside the container + ports: + - 2019:2019 + - 9080:80 + - 9443:443 + options: >- + --network-alias orchestrator.unreachable.crl.caddy + --network-alias orchestrator.revoked.crl.caddy + --network-alias orchestrator.invalid.crl.caddy + --network-alias orchestrator.valid.crl.caddy + --network-alias orchestrator.valid.ocsp.caddy + --network-alias orchestrator.revoked.ocsp.caddy + --network-alias orchestrator.invalid.ocsp.caddy + --network-alias orchestrator.unreachable.ocsp.caddy + --network-alias orchestrator.valid.expired.ocsp.caddy + --network-alias orchestrator.revoked.expired.ocsp.caddy + --network-alias orchestrator.wrong.san.caddy + --network-alias orchestrator.wrong.cn.caddy + --network-alias orchestrator.cn.only.caddy + --network-alias tls13.chacha20.caddy + --network-alias wrong.domain.caddy + --network-alias revoked.crl.caddy + --network-alias tls12.ecdhe.caddy + --network-alias valid.crl.caddy + --network-alias mtls.caddy + + db: + image: postgres:17-alpine + env: + POSTGRES_USER: oieuser + POSTGRES_PASSWORD: oieuserpw + POSTGRES_DB: oie + options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 + + oie: + image: openintegrationengine/engine:latest + env: + DATABASE: postgres + DATABASE_URL: jdbc:postgresql://db:5432/oie + DATABASE_MAX_CONNECTIONS: 20 + DATABASE_USERNAME: oieuser + DATABASE_PASSWORD: oieuserpw + KEYSTORE_STOREPASS: docker_storepass + KEYSTORE_KEYPASS: docker_keypass + OIE_TLS_PLUGIN_PERSISTENCE_BACKEND: filesystem + OIE_TLS_PLUGIN_FS_TRUSTSTOREPATH: /opt/engine/testing_truststore.p12 + OIE_TLS_PLUGIN_FS_TRUSTSTOREPASS: changeit + OIE_TLS_PLUGIN_FS_KEYSTOREPATH: /opt/engine/testing_keystore.p12 + ports: + - 8443:8443 + - 5005:5005 + - 6001:6001 + - 8081:8081 + options: >- + --env OIE_TLS_PLUGIN_FS_KEYSTOREPASS="" + --health-cmd="curl -kfs -H 'X-Requested-With: curl' https://localhost:8443/api/server/status | grep -q '0'" + --health-interval=3s + --health-retries=10 + --health-timeout=2s + --health-start-period=3s + + steps: + - name: Run integration-tests + env: + OPENSSL_EXECUTABLE: /usr/bin/openssl + OIE_API_BASE: https://localhost:8443/api + run: docker ps + + - uses: actions/download-artifact@v5 + with: + name: tls-manager-plugin + + - name: Install plugin + run: | + oie_id=$(docker ps --format '{{.ID}} {{.Image}}' | grep 'openintegrationengine/engine' | awk '{print $1}') + docker cp tls-manager.zip $oie_id:/opt/engine/custom-extensions/ + + - name: Checkout + uses: actions/checkout@v5 + with: + token: ${{ secrets.TESTS_REPO_CLONE_PAT }} + repository: NovaMap-Health/oie-test-orchestrator + ref: local_run + + - name: Copy keystores and certificates + run: | + set -x + docker ps + oie_id=$(docker ps --format '{{.ID}} {{.Image}}' | grep 'openintegrationengine/engine' | awk '{print $1}') + caddy_id=$(docker ps --format '{{.ID}} {{.Image}}' | grep 'caddy' | awk '{print $1}') + + docker cp src/test/resources/certificates/testing_truststore.p12 "$oie_id:/opt/engine/testing_truststore.p12" + docker cp src/test/resources/certificates/testing_keystore.p12 "$oie_id:/opt/engine/testing_keystore.p12" + docker restart "$oie_id" + + docker cp src/test/resources/certificates "$caddy_id:/opt/cert" + set -x + + - name: Set up Java + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: "21" + cache: maven + + - name: Run tests + env: + OPENSSL_EXECUTABLE: /usr/bin/openssl + OIE_API_BASE: https://localhost:8443/api + run: mvn -B test + + - name: Generate reports + uses: dorny/test-reporter@v2 + if: ${{ !cancelled() }} + with: + name: Integration Tests + path: target/surefire-reports/*.xml + reporter: java-junit diff --git a/docker/compose.yaml b/docker/compose.yaml index 5be39b86f7..984d311a0e 100644 --- a/docker/compose.yaml +++ b/docker/compose.yaml @@ -2,7 +2,7 @@ name: tls-manager services: caddy: - image: caddy:latest + image: caddy:2-alpine restart: unless-stopped ports: - "9080:80/tcp" From 0a1606494eb8d524ede4112e25a41a3853c138a3 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 7 Nov 2025 15:31:28 +0200 Subject: [PATCH 181/360] Use main branch for tests --- .github/workflows/build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index c377182607..9e2107b82a 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -119,7 +119,6 @@ jobs: with: token: ${{ secrets.TESTS_REPO_CLONE_PAT }} repository: NovaMap-Health/oie-test-orchestrator - ref: local_run - name: Copy keystores and certificates run: | @@ -146,6 +145,7 @@ jobs: env: OPENSSL_EXECUTABLE: /usr/bin/openssl OIE_API_BASE: https://localhost:8443/api + INSECURE_REQUESTS: true run: mvn -B test - name: Generate reports From 8d5e647a1341c8a4a7f9546710affa6b9c6d7111 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 7 Nov 2025 16:12:34 +0200 Subject: [PATCH 182/360] Rename sslSocket to delegate --- .../server/io/StateAwareTLSSocket.java | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java index e241ad522e..817fb77136 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java @@ -14,7 +14,7 @@ public class StateAwareTLSSocket extends StateAwareSocket { private final SSLConnectionSocketFactory socketFactory; - private Socket sslSocket; + private Socket delegate; private boolean isClosing; @@ -30,16 +30,16 @@ public void connect(SocketAddress endpoint) throws IOException { @Override public void connect(SocketAddress endpoint, int timeout) throws IOException { - // Step 1: Perform the plain TCP connection first + // Perform the plain TCP connection first super.connect(endpoint, timeout); - // Step 2: Layer TLS on top using createLayeredSocket + // Layer TLS on top using createLayeredSocket if (endpoint instanceof InetSocketAddress inet) { String host = inet.getHostString(); int port = inet.getPort(); // createLayeredSocket() will internally call SSLSocketFactory.createSocket() - this.sslSocket = socketFactory.createLayeredSocket(this, host, port, null); + this.delegate = socketFactory.createLayeredSocket(this, host, port, null); } else { throw new IOException("Expected InetSocketAddress for TLS connection"); } @@ -47,16 +47,16 @@ public void connect(SocketAddress endpoint, int timeout) throws IOException { @Override public InputStream getInputStream() throws IOException { - if (sslSocket != null) { - return sslSocket.getInputStream(); + if (delegate != null) { + return delegate.getInputStream(); } return super.getInputStream(); } @Override public OutputStream getOutputStream() throws IOException { - if (sslSocket != null) { - return sslSocket.getOutputStream(); + if (delegate != null) { + return delegate.getOutputStream(); } return super.getOutputStream(); } @@ -71,8 +71,8 @@ public void close() throws IOException { isClosing = true; try { - if (sslSocket != null) { - sslSocket.close(); + if (delegate != null) { + delegate.close(); } else { super.close(); } From c1307315dca0d5d94efe5d2a7c706166b525e02a Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Fri, 7 Nov 2025 19:24:14 +0200 Subject: [PATCH 183/360] Add initial TLS support to tcp serversockets --- .../connectorconfig/TLSTcpConfiguration.java | 66 ++++++++-- .../server/io/StateAwareTLSServerSocket.java | 83 +++++++++++++ .../server/io/StateAwareTLSSocket.java | 117 +++++++++++++++++- 3 files changed, 254 insertions(+), 12 deletions(-) create mode 100644 server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSServerSocket.java diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java index 07468b2807..abd9164af1 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/connectorconfig/TLSTcpConfiguration.java @@ -1,25 +1,37 @@ package org.openintegrationengine.tlsmanager.server.connectorconfig; import com.mirth.connect.connectors.tcp.DefaultTcpConfiguration; +import com.mirth.connect.connectors.tcp.StateAwareServerSocket; import com.mirth.connect.connectors.tcp.StateAwareSocket; import com.mirth.connect.connectors.tcp.TcpDispatcher; +import com.mirth.connect.connectors.tcp.TcpReceiver; import com.mirth.connect.donkey.server.channel.Connector; +import lombok.extern.slf4j.Slf4j; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.openintegrationengine.tlsmanager.server.SocketFactoryService; import org.openintegrationengine.tlsmanager.server.TLSServicePlugin; +import org.openintegrationengine.tlsmanager.server.io.StateAwareTLSServerSocket; import org.openintegrationengine.tlsmanager.server.io.StateAwareTLSSocket; +import org.openintegrationengine.tlsmanager.shared.properties.TLSListenerProperties; import org.openintegrationengine.tlsmanager.shared.properties.TLSSenderProperties; +import java.io.IOException; +import java.net.InetAddress; +import java.net.ServerSocket; import java.net.Socket; +@Slf4j public class TLSTcpConfiguration extends DefaultTcpConfiguration { private final SocketFactoryService socketFactoryService; private TLSSenderProperties tlsSenderProperties; + private TLSListenerProperties tlsListenerProperties; private SSLConnectionSocketFactory socketFactory; + private Connector connector; + public TLSTcpConfiguration() { this(TLSServicePlugin.getPluginInstance().getSocketFactoryService()); } @@ -30,17 +42,19 @@ public TLSTcpConfiguration(SocketFactoryService socketFactoryService) { @Override public void configureConnectorDeploy(Connector connector) throws Exception { - var tcpDispatcher = (TcpDispatcher) connector; + this.connector = connector; - this.tlsSenderProperties = tcpDispatcher.getConnectorProperties().getPluginProperties() - .stream() - .filter(TLSSenderProperties.class::isInstance) - .findFirst() - .map(TLSSenderProperties.class::cast) - .orElse(null); + if (connector instanceof TcpDispatcher tcpDispatcher) { + this.tlsSenderProperties = getConnectorProperties(TLSSenderProperties.class, tcpDispatcher); - if (tlsSenderProperties != null && tlsSenderProperties.isTlsManagerEnabled()) { - socketFactory = socketFactoryService.getConnectorSocketFactory(tcpDispatcher, tlsSenderProperties); + if (tlsSenderProperties != null && tlsSenderProperties.isTlsManagerEnabled()) { + socketFactory = socketFactoryService.getConnectorSocketFactory(tcpDispatcher, tlsSenderProperties); + } + } else if (connector instanceof TcpReceiver tcpReceiver) { + this.tlsListenerProperties = getConnectorProperties(TLSListenerProperties.class, tcpReceiver); + } else { + // should not get here + throw new IllegalStateException("Unexpected connector type: %s".formatted(connector.getClass().getCanonicalName())); } } @@ -52,7 +66,41 @@ public Socket createSocket() { if (socketFactory == null) { throw new IllegalStateException("TLS for TCP connections is enabled, but socket factory is null. Possibly because no trust anchors were found."); } + return new StateAwareTLSSocket(socketFactory); } } + + @Override + public ServerSocket createServerSocket(int port, int backlog) throws IOException { + log.error("Unexpected call to createServerSocket(int, int)"); + return super.createServerSocket(port, backlog); + } + + @Override + public ServerSocket createServerSocket(int port, int backlog, InetAddress bindAddr) throws IOException { + var createTlsSocket = tlsListenerProperties != null && tlsListenerProperties.isTlsManagerEnabled(); + + log.debug( + "Creating server socket. Properties null - {}; Manager enabled - {}", + tlsListenerProperties == null, + createTlsSocket + ); + + if (createTlsSocket) { + var contextContainer = socketFactoryService.generateTLSContext(connector, tlsListenerProperties); + return new StateAwareTLSServerSocket(port, backlog, bindAddr, contextContainer); + } else { + return new StateAwareServerSocket(port, backlog, bindAddr); + } + } + + private T getConnectorProperties(Class propertiesClass, Connector connector) { + return connector.getConnectorProperties().getPluginProperties() + .stream() + .filter(propertiesClass::isInstance) + .findFirst() + .map(propertiesClass::cast) + .orElse(null); + } } diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSServerSocket.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSServerSocket.java new file mode 100644 index 0000000000..5059d48ec9 --- /dev/null +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSServerSocket.java @@ -0,0 +1,83 @@ +package org.openintegrationengine.tlsmanager.server.io; + +import org.openintegrationengine.tlsmanager.shared.models.ClientAuthMode; +import org.openintegrationengine.tlsmanager.shared.models.WeirdIntermediaryListenerContextContainer; + +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLSocket; +import java.io.IOException; +import java.net.InetAddress; +import java.net.ServerSocket; +import java.net.Socket; +import java.net.SocketException; + +public class StateAwareTLSServerSocket extends ServerSocket { + + private final WeirdIntermediaryListenerContextContainer contextContainer; + private final SSLServerSocket delegate; + + public StateAwareTLSServerSocket( + int port, + int backlog, + InetAddress bindAddr, + WeirdIntermediaryListenerContextContainer contextContainer + ) throws IOException { + super(); + this.contextContainer = contextContainer; + this.delegate = createSSLServerSocket(port, backlog, bindAddr); + } + + private SSLServerSocket createSSLServerSocket(int port, int backlog, InetAddress bindAddr) throws IOException { + var sslContext = contextContainer.sslContext(); + var socketFactory = sslContext.getServerSocketFactory(); + var sslServerSocket = (SSLServerSocket) socketFactory.createServerSocket(port, backlog, bindAddr); + + sslServerSocket.setEnabledProtocols(contextContainer.protocols()); + sslServerSocket.setEnabledCipherSuites(contextContainer.ciphers()); + + if (ClientAuthMode.REQUESTED == contextContainer.clientAuthMode()) { + sslServerSocket.setWantClientAuth(true); + } else if (ClientAuthMode.REQUIRED == contextContainer.clientAuthMode()) { + sslServerSocket.setNeedClientAuth(true); + } + + return sslServerSocket; + } + + @Override + public Socket accept() throws IOException { + if (isClosed()) { + throw new SocketException("Socket is closed"); + } + if (!isBound()) { + throw new SocketException("Socket is not bound yet"); + } + + var sslSocket = (SSLSocket) delegate.accept(); + sslSocket.startHandshake(); + return new StateAwareTLSSocket(sslSocket); + } + + @Override + public void close() throws IOException { + if (delegate != null) { + delegate.close(); + } + super.close(); + } + + @Override + public boolean isBound() { + return delegate != null && delegate.isBound(); + } + + @Override + public boolean isClosed() { + return delegate == null || delegate.isClosed(); + } + + @Override + public int getLocalPort() { + return delegate != null ? delegate.getLocalPort() : -1; + } +} diff --git a/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java b/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java index 817fb77136..1da8083b66 100644 --- a/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java +++ b/server/src/main/java/org/openintegrationengine/tlsmanager/server/io/StateAwareTLSSocket.java @@ -3,12 +3,16 @@ import com.mirth.connect.connectors.tcp.StateAwareSocket; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import javax.net.ssl.SSLSocket; +import java.io.BufferedInputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.Socket; import java.net.SocketAddress; +import java.net.SocketException; public class StateAwareTLSSocket extends StateAwareSocket { @@ -19,10 +23,18 @@ public class StateAwareTLSSocket extends StateAwareSocket { private boolean isClosing; public StateAwareTLSSocket(SSLConnectionSocketFactory socketFactory) { + super(); this.socketFactory = socketFactory; this.isClosing = false; } + public StateAwareTLSSocket(SSLSocket delegate) { + super(); + this.delegate = delegate; + this.socketFactory = null; + this.isClosing = false; + } + @Override public void connect(SocketAddress endpoint) throws IOException { this.connect(endpoint, 0); @@ -47,10 +59,12 @@ public void connect(SocketAddress endpoint, int timeout) throws IOException { @Override public InputStream getInputStream() throws IOException { - if (delegate != null) { - return delegate.getInputStream(); + if (this.bis == null) { + var inputStream = delegate != null ? delegate.getInputStream() : super.getInputStream(); + this.bis = new BufferedInputStream(inputStream); } - return super.getInputStream(); + + return this.bis; } @Override @@ -61,6 +75,64 @@ public OutputStream getOutputStream() throws IOException { return super.getOutputStream(); } + @Override + public SocketAddress getRemoteSocketAddress() { + return delegate == null ? super.getRemoteSocketAddress() : delegate.getRemoteSocketAddress(); + } + + @Override + public InetAddress getInetAddress() { + return delegate == null ? super.getInetAddress() : delegate.getInetAddress(); + } + + @Override + public InetAddress getLocalAddress() { + return delegate == null ? super.getLocalAddress() : delegate.getLocalAddress(); + } + + @Override + public int getPort() { + return delegate == null ? super.getPort() : delegate.getPort(); + } + + @Override + public boolean isInputShutdown() { + return delegate == null ? super.isInputShutdown() : delegate.isInputShutdown(); + } + + @Override + public boolean isOutputShutdown() { + return delegate == null ? super.isOutputShutdown() : delegate.isOutputShutdown(); + } + + @Override + public void shutdownOutput() throws IOException { + if (delegate != null) { + delegate.shutdownOutput(); + } else { + super.shutdownOutput(); + } + } + + @Override + public SocketAddress getLocalSocketAddress() { + return delegate == null ? super.getLocalSocketAddress() : delegate.getLocalSocketAddress(); + } + + @Override + public int getLocalPort() { + return delegate == null ? super.getLocalPort() : delegate.getLocalPort(); + } + + @Override + public void shutdownInput() throws IOException { + if (delegate != null) { + delegate.shutdownInput(); + } else { + super.shutdownInput(); + } + } + @Override public void close() throws IOException { if (isClosing) { @@ -83,6 +155,45 @@ public void close() throws IOException { @Override public boolean remoteSideHasClosed() throws IOException { + if (delegate != null) { + return remoteSideHasClosedInternal(); + } return super.remoteSideHasClosed(); } + + private boolean remoteSideHasClosedInternal() throws IOException { + if (delegate.isClosed()) { + return true; + } + + int oldTimeout; + try { + oldTimeout = delegate.getSoTimeout(); + } catch (IOException e) { + if (e.getMessage() != null && e.getMessage().contains("Socket closed")) { + return true; + } + + throw e; + } + + delegate.setSoTimeout(100); + this.getInputStream().mark(1); + + try { + return bis.read() == -1; + } catch (IOException e) { + return false; + } finally { + try { + bis.reset(); + } catch (IOException ignored) { + } + + try { + delegate.setSoTimeout(oldTimeout); + } catch (SocketException ignored) { + } + } + } } From 5bc1df8675536fbbf0997d31bfcabc8f11e865b1 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Mon, 10 Nov 2025 10:26:24 +0200 Subject: [PATCH 184/360] Add 401 Unauthorized error handling in API interceptor: Clear authentication state from localStorage and redirect to login page if unauthorized. This improves user experience by ensuring users are properly redirected when their session is invalidated. --- src/services/api.js | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/services/api.js b/src/services/api.js index 2382868ebb..fb12c9291f 100644 --- a/src/services/api.js +++ b/src/services/api.js @@ -48,6 +48,25 @@ api.interceptors.response.use( status: error?.response?.status, data: error?.response?.data, }) + + // Handle 401 Unauthorized errors - clear auth and redirect to login + if (error?.response?.status === 401) { + const STORAGE_KEY = 'auth:isAuthenticated' + + // Clear authentication state from localStorage + try { + localStorage.removeItem(STORAGE_KEY) + } catch (_) { + // Ignore localStorage errors + } + + // Redirect to login page if not already there + const currentPath = window.location.pathname + if (!currentPath.includes('/login')) { + window.location.href = '/dashboard/login' + } + } + return Promise.reject(error) } ) From f715a62bf4180c5debf873788240ad559f19e134 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Mon, 10 Nov 2025 10:30:24 +0200 Subject: [PATCH 185/360] Update useCertificates hook to preload all certificate types on mount: Modify fetching logic to load certificates for all tabs simultaneously, improving performance and user experience. Adjust fallback fetching behavior to prevent redundant requests when switching tabs. --- src/hooks/useCertificates.js | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/hooks/useCertificates.js b/src/hooks/useCertificates.js index 59085af5cc..dfbfb2ffcf 100644 --- a/src/hooks/useCertificates.js +++ b/src/hooks/useCertificates.js @@ -6,7 +6,7 @@ function normalize(text) { } /** - * Hook to manage certificates with lazy loading per tab + * Hook to manage certificates with preloading of all tabs * @param {string} tabKey - The active tab key ('native', 'trusted', or 'private') * @returns {Object} Certificate data and utilities */ @@ -77,10 +77,28 @@ export default function useCertificates(tabKey = 'native') { } }, []) // Empty dependencies - use refs to access current state - // Fetch certificates when tab changes + // Preload all certificate types on mount + useEffect(() => { + const tabKeys = ['native', 'trusted', 'private'] + + // Fetch all certificate types in parallel + Promise.allSettled( + tabKeys.map(async (key) => { + // Only fetch if not already loaded or loading + if (!loadingByTabRef.current[key] && certificatesByTabRef.current[key].length === 0) { + await fetchByTab(key) + } + }) + ) + }, [fetchByTab]) // fetchByTab is stable (useCallback with empty deps), but included for correctness + + // Fetch certificates when tab changes (fallback for manual refresh) useEffect(() => { if (tabKey && fetchFunctions[tabKey]) { - fetchByTab(tabKey) + // Only fetch if not already loaded (preload may have already loaded it) + if (!loadingByTabRef.current[tabKey] && certificatesByTabRef.current[tabKey].length === 0) { + fetchByTab(tabKey) + } } }, [tabKey, fetchByTab]) From c06b661243afbcef3e59618e4fec307dd8a84f2c Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Mon, 10 Nov 2025 11:50:45 +0200 Subject: [PATCH 186/360] Update .gitignore to include additional certificate-related file types: Add entries for .crt, .key, .csr, and .srl files to ensure they are ignored in version control, improving project cleanliness and preventing sensitive data exposure. --- .gitignore | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 3506f4df29..6d06244e28 100644 --- a/.gitignore +++ b/.gitignore @@ -27,4 +27,8 @@ dist-ssr project-setup.md scratchpad.md /dashboard -.env \ No newline at end of file +.env +*.crt +*.key +*.csr +*.srl \ No newline at end of file From 32cb9e69c365cd5a10e288bca6e5998f6c453ce8 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Mon, 10 Nov 2025 17:16:55 +0200 Subject: [PATCH 187/360] Rename "Trusted Issuer" to "Trusted Client Certificates" --- .../ListenerConnectorPropertiesPanel.java | 38 +++++++++---------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java index 6cc2986729..9b0d87293f 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/ListenerConnectorPropertiesPanel.java @@ -49,9 +49,9 @@ public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertie private MirthRadioButton clientAuthRadioRequested; private MirthRadioButton clientAuthRadioRequired; - private JLabel trustedIssuersLabel; - private JButton trustedIssuersButton; - private JLabel trustedIssuersText; + private JLabel trustedClientCertsLabel; + private JButton trustedClientCertsButton; + private JLabel trustedClientCertsText; private JLabel serverCertificateLabel; private JButton serverCertificateButton; @@ -75,7 +75,6 @@ public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertie private JButton ciphersButton; private JLabel ciphersText; - private final Frame parentFrame; private TLSListenerProperties properties; private Set publicCertificates; @@ -84,7 +83,6 @@ public class ListenerConnectorPropertiesPanel extends AbstractConnectorPropertie private Set supportedCiphers; public ListenerConnectorPropertiesPanel() { - this.parentFrame = PlatformUI.MIRTH_FRAME; this.properties = new TLSListenerProperties(); this.publicCertificates = new HashSet<>(); @@ -200,9 +198,9 @@ private void initComponents() { clientAuthRadioRequired.addActionListener(e -> handleClientAuthModeChange(ClientAuthMode.REQUIRED, true)); clientAuthModeButtonGroup.add(clientAuthRadioRequired); - trustedIssuersLabel = new JLabel("Trusted Issuers:"); - trustedIssuersButton = new JButton(wrenchIcon); - trustedIssuersButton.addActionListener(e -> { + trustedClientCertsLabel = new JLabel("Trusted Client Certificates:"); + trustedClientCertsButton = new JButton(wrenchIcon); + trustedClientCertsButton.addActionListener(e -> { BiConsumer> completionConsumer = (isTrustSystemTrustStoreEnabled, selectedCertificates) -> { properties.setTrustSystemTruststore(isTrustSystemTrustStoreEnabled); if (isTrustSystemTrustStoreEnabled) { @@ -217,7 +215,7 @@ private void initComponents() { new ItemPickerDialog( PlatformUI.MIRTH_FRAME, - "Trusted Issuers Picker", + "Trusted Client Certificates Picker", publicCertificates, properties.getTrustedServerCertificates(), properties.isTrustSystemTruststore(), @@ -225,7 +223,7 @@ private void initComponents() { completionConsumer ); }); - trustedIssuersText = new JLabel(); + trustedClientCertsText = new JLabel(); var comboBoxRenderer = new DisplayTextEnumModeComboBoxRenderer(); @@ -338,9 +336,9 @@ private void initLayout() { add(clientAuthRadioRequested, "split"); add(clientAuthRadioRequired); - add(trustedIssuersLabel, "newline, right"); - add(trustedIssuersButton, "h 22!, w 22!, split"); - add(trustedIssuersText); + add(trustedClientCertsLabel, "newline, right"); + add(trustedClientCertsButton, "h 22!, w 22!, split"); + add(trustedClientCertsText); add(subjectDnValidationLabel, "newline, right"); add(subjectDnValidationModeComboBox, "split"); @@ -367,9 +365,9 @@ private void handleClientAuthModeChange(ClientAuthMode authMode, boolean persist } var issuerSelectorEnabled = authMode != ClientAuthMode.NONE; - trustedIssuersLabel.setEnabled(issuerSelectorEnabled); - trustedIssuersButton.setEnabled(issuerSelectorEnabled); - trustedIssuersText.setEnabled(issuerSelectorEnabled); + trustedClientCertsLabel.setEnabled(issuerSelectorEnabled); + trustedClientCertsButton.setEnabled(issuerSelectorEnabled); + trustedClientCertsText.setEnabled(issuerSelectorEnabled); } private void handleSubjectDnValidationModeChange() { @@ -406,9 +404,9 @@ private void handleManagerEnabledButton(boolean managerEnabled) { if (managerEnabled) { handleClientAuthModeChange(properties.getClientAuthMode(), false); } else { - trustedIssuersLabel.setEnabled(false); - trustedIssuersButton.setEnabled(false); - trustedIssuersText.setEnabled(false); + trustedClientCertsLabel.setEnabled(false); + trustedClientCertsButton.setEnabled(false); + trustedClientCertsText.setEnabled(false); } subjectDnValidationLabel.setEnabled(managerEnabled); @@ -470,7 +468,7 @@ private void redrawState() { ? "no one >:C" : String.join(" and ", thingsToTrust) ); - trustedIssuersText.setText(serverCertificatesText); + trustedClientCertsText.setText(serverCertificatesText); subjectDnValidationModeComboBox.setSelectedItem(properties.getSubjectDnValidationMode()); subjectDnValidationFilterTextField.setEnabled(properties.getSubjectDnValidationMode() != SubjectDnValidationMode.NONE); From 5ebc0e1ea1c79b9bbf97787fb13be2a42cd0832f Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 11 Nov 2025 10:17:12 +0200 Subject: [PATCH 188/360] Fix error message when trying to read environment variables --- .../tlsmanager/shared/models/TLSPluginConfiguration.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java index 80bf89966f..0b862cc26d 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java @@ -42,7 +42,7 @@ private static PersistenceMode getPersistenceMode() { private static String readKeyFromEnv(String key, boolean isRequired) { var keyFromEnv = System.getenv(key); if (keyFromEnv == null && isRequired) { - throw new IllegalStateException("Env key (%s) is not set".formatted(keyFromEnv)); + throw new IllegalStateException("Environment variable (%s) is not set".formatted(key)); } return keyFromEnv; From 89b1629d66c6be6df44d43dccbcf0ed310b3be85 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 11 Nov 2025 10:19:39 +0200 Subject: [PATCH 189/360] Default to database persistence mode --- .../shared/models/TLSPluginConfiguration.java | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java index 0b862cc26d..a3a0dad00f 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java @@ -30,9 +30,16 @@ public static TLSPluginConfiguration fromEnv() { } private static PersistenceMode getPersistenceMode() { - var persistenceModeFromEnv = readKeyFromEnv(TLSPluginConstants.ENV_PERSISTENCE_BACKEND, true); + var persistenceModeFromEnv = readKeyFromEnv(TLSPluginConstants.ENV_PERSISTENCE_BACKEND, false); - var persistenceMode = PersistenceMode.valueOf(persistenceModeFromEnv.toUpperCase()); + + PersistenceMode persistenceMode; + if (persistenceModeFromEnv == null) { + log.debug("No persistence mode environment variable not set, defaulting to \"database\""); + persistenceMode = PersistenceMode.DATABASE; + } else { + persistenceMode = PersistenceMode.valueOf(persistenceModeFromEnv.toUpperCase()); + } log.info("Using persistence mode {}", persistenceMode); From a463615f5b00dd3681a0d652d1c2da1cd89b9083 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 11 Nov 2025 10:23:18 +0200 Subject: [PATCH 190/360] Fix plugin url --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index eec5cfd1df..bb987d3b44 100644 --- a/pom.xml +++ b/pom.xml @@ -63,7 +63,7 @@ TLS Management made easy TLS Manager tls-manager - https://openintegrationengine.com + https://openintegrationengine.org ${project.version} From 8131dc6de8fe92ed14da002c3d2847ec6b632e89 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 11 Nov 2025 10:54:20 +0200 Subject: [PATCH 191/360] Fix typo --- .../tlsmanager/shared/models/TLSPluginConfiguration.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java index a3a0dad00f..bb0c48cad6 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java @@ -35,7 +35,7 @@ private static PersistenceMode getPersistenceMode() { PersistenceMode persistenceMode; if (persistenceModeFromEnv == null) { - log.debug("No persistence mode environment variable not set, defaulting to \"database\""); + log.debug("No persistence mode environment variable set, defaulting to \"database\""); persistenceMode = PersistenceMode.DATABASE; } else { persistenceMode = PersistenceMode.valueOf(persistenceModeFromEnv.toUpperCase()); From 143a4ca62ace58bf86e7c3f5e8f5539f843b39e3 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Tue, 11 Nov 2025 11:16:27 +0200 Subject: [PATCH 192/360] Add plugin configuration debug log --- .../tlsmanager/shared/models/TLSPluginConfiguration.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java index bb0c48cad6..eea08d6635 100644 --- a/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java +++ b/shared/src/main/java/org/openintegrationengine/tlsmanager/shared/models/TLSPluginConfiguration.java @@ -26,13 +26,14 @@ public static TLSPluginConfiguration fromEnv() { readKeyFromEnv(ENV_PERSISTENCE_FS_KEYSTOREPASS, false) ); + log.debug("Using following configuration: {}", conf); + return conf; } private static PersistenceMode getPersistenceMode() { var persistenceModeFromEnv = readKeyFromEnv(TLSPluginConstants.ENV_PERSISTENCE_BACKEND, false); - PersistenceMode persistenceMode; if (persistenceModeFromEnv == null) { log.debug("No persistence mode environment variable set, defaulting to \"database\""); From 3be41c1471fd1350c37c18bd1deb8f3e1a0ab353 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Thu, 13 Nov 2025 14:10:31 +0200 Subject: [PATCH 193/360] Update normalize function in useCertificates hook: Change normalization logic to ensure input is converted to a string before transforming to lowercase, enhancing robustness in handling various input types. --- src/hooks/useCertificates.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/hooks/useCertificates.js b/src/hooks/useCertificates.js index dfbfb2ffcf..fb8f741812 100644 --- a/src/hooks/useCertificates.js +++ b/src/hooks/useCertificates.js @@ -2,7 +2,7 @@ import { useCallback, useEffect, useMemo, useRef, useState } from 'react' import { fetchSystemCertificates, fetchTrustedCertificates, fetchLocalCertificates } from '../services/tlsService' function normalize(text) { - return (text || '').toLowerCase() + return (text || '').toString().toLowerCase() } /** From 36c4d90705c94a748cf9406ecc1b0eb6ef716888 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Thu, 13 Nov 2025 14:22:40 +0200 Subject: [PATCH 194/360] Refactor certificate import components: Replace ImportCertificateDialogContent with ImportTrustedCertificateDialog and ImportPrivateCertificateDialog for better separation of trusted and private certificate handling. Update UserInputsSection to conditionally display private key fields based on context. Enhance TlsManagement to support the new import dialogs, improving user experience in certificate management. --- src/components/ImportFromUrlDialogContent.jsx | 5 +- ...jsx => ImportPrivateCertificateDialog.jsx} | 66 ++-- .../ImportTrustedCertificateDialog.jsx | 313 ++++++++++++++++++ src/components/UserInputsSection.jsx | 3 +- src/pages/TlsManagement.jsx | 18 +- 5 files changed, 362 insertions(+), 43 deletions(-) rename src/components/{ImportCertificateDialogContent.jsx => ImportPrivateCertificateDialog.jsx} (86%) create mode 100644 src/components/ImportTrustedCertificateDialog.jsx diff --git a/src/components/ImportFromUrlDialogContent.jsx b/src/components/ImportFromUrlDialogContent.jsx index 579aeba1ef..908178d610 100644 --- a/src/components/ImportFromUrlDialogContent.jsx +++ b/src/components/ImportFromUrlDialogContent.jsx @@ -15,7 +15,7 @@ import { Divider } from '@mui/material' import { fetchRemoteCertificates } from '../services/tlsService.js' -import ImportCertificateDialogContent from './ImportCertificateDialogContent' +import ImportTrustedCertificateDialog from './ImportTrustedCertificateDialog' import StatusPill from './StatusPill' export default function ImportFromUrlDialogContent({ @@ -230,10 +230,9 @@ export default function ImportFromUrlDialogContent({ overflow: 'auto' }}> {selectedCertificatePem ? ( - { diff --git a/src/components/ImportCertificateDialogContent.jsx b/src/components/ImportPrivateCertificateDialog.jsx similarity index 86% rename from src/components/ImportCertificateDialogContent.jsx rename to src/components/ImportPrivateCertificateDialog.jsx index e951a7bec9..ab2a8811b6 100644 --- a/src/components/ImportCertificateDialogContent.jsx +++ b/src/components/ImportPrivateCertificateDialog.jsx @@ -17,8 +17,7 @@ import MobileCertificateSection from './MobileCertificateSection' import { updateCertificates } from '../services/tlsService.js' import { verifyCertificate } from '../utils/verificationUtils.js' -const ImportCertificateDialogContent = forwardRef(function ImportCertificateDialogContent({ - targetStore = 'trusted', +const ImportPrivateCertificateDialog = forwardRef(function ImportPrivateCertificateDialog({ currentCertificates = null, onCancel, onSubmit, @@ -27,6 +26,7 @@ const ImportCertificateDialogContent = forwardRef(function ImportCertificateDial readOnlyPem = false, hideButtons = false, }, ref) { + const targetStore = 'private' const [showConfirmDialog, setShowConfirmDialog] = useState(false) const [showValidationDialog, setShowValidationDialog] = useState(false) const [validationError, setValidationError] = useState(null) @@ -88,9 +88,7 @@ const ImportCertificateDialogContent = forwardRef(function ImportCertificateDial // Reusable verification function const performFinalVerification = async () => { try { - const privateKeyPem = targetStore === 'private' && privateKeyText.trim() - ? privateKeyText - : null + const privateKeyPem = privateKeyText.trim() ? privateKeyText : null const verificationResult = await verifyCertificate(pemText, privateKeyPem) @@ -132,7 +130,7 @@ const ImportCertificateDialogContent = forwardRef(function ImportCertificateDial const result = await updateCertificates(targetStore, { alias, pemText, - privateKeyText: targetStore === 'private' ? privateKeyText : undefined, + privateKeyText, }, currentCertificates) if (result.success) { onSuccess?.(result.data) @@ -204,6 +202,7 @@ const ImportCertificateDialogContent = forwardRef(function ImportCertificateDial handlePrivateKeyFileUpload={handlePrivateKeyFileUpload} setApiError={setApiError} readOnlyPem={readOnlyPem} + showPrivateKeyFields={true} /> {/* Right Column - Certificate Details & Verification */} - - {/* Mobile Certificate Details & Verification */} {loading ? 'Replacing...' : 'Replace Certificate'} - - + + - {/* Validation Error Dialog */} - setShowValidationDialog(false)} - aria-labelledby="validation-dialog-title" - aria-describedby="validation-dialog-description" - > - - Certificate Validation Failed - - - - {validationError} - - - - - - - - ) + {/* Validation Error Dialog */} + setShowValidationDialog(false)} + aria-labelledby="validation-dialog-title" + aria-describedby="validation-dialog-description" + > + + Certificate Validation Failed + + + + {validationError} + + + + + + + + ) }) -export default ImportCertificateDialogContent +export default ImportPrivateCertificateDialog + diff --git a/src/components/ImportTrustedCertificateDialog.jsx b/src/components/ImportTrustedCertificateDialog.jsx new file mode 100644 index 0000000000..d198d53578 --- /dev/null +++ b/src/components/ImportTrustedCertificateDialog.jsx @@ -0,0 +1,313 @@ +import React, { useState, useEffect, forwardRef, useImperativeHandle } from 'react' +import { + Box, + Stack, + Button, + Dialog, + DialogTitle, + DialogContent, + DialogContentText, + DialogActions +} from '@mui/material' +import { useCertificateImport } from '../hooks/useCertificateImport' +import CertificateDetailsSection from './CertificateDetailsSection' +import CertificateVerificationSection from './CertificateVerificationSection' +import UserInputsSection from './UserInputsSection' +import MobileCertificateSection from './MobileCertificateSection' +import { updateCertificates } from '../services/tlsService.js' +import { verifyCertificate } from '../utils/verificationUtils.js' + +const ImportTrustedCertificateDialog = forwardRef(function ImportTrustedCertificateDialog({ + currentCertificates = null, + onCancel, + onSubmit, + onSuccess, + initialPemText = null, + readOnlyPem = false, + hideButtons = false, +}, ref) { + const targetStore = 'trusted' + const [showConfirmDialog, setShowConfirmDialog] = useState(false) + const [showValidationDialog, setShowValidationDialog] = useState(false) + const [validationError, setValidationError] = useState(null) + + const { + // State + alias, + pemText, + privateKeyText, + file, + privateKeyFile, + loading, + apiError, + errors, + certificateDetails, + verificationResult, + isVerifying, + existingCertificates, + aliasWarning, + + // Refs + fileInputRef, + privateKeyFileInputRef, + fileAccept, + + // Actions + setLoading, + setApiError, + setPemText, + parseCertificateDetails, + + // Handlers + handleVerifyCertificate, + handleFileUpload, + handlePrivateKeyFileUpload, + handlePemTextChange, + handlePrivateKeyTextChange, + handleAliasChange, + validate, + loadExistingCertificates, + checkAliasExists + } = useCertificateImport(targetStore) + + // Load existing certificates on component mount + useEffect(() => { + loadExistingCertificates() + }, [loadExistingCertificates]) + + // Pre-populate PEM text if initialPemText is provided + useEffect(() => { + if (initialPemText && initialPemText.trim()) { + // Always update when initialPemText changes (for URL import flow) + setPemText(initialPemText) + parseCertificateDetails(initialPemText) + } + // eslint-disable-next-line react-hooks/exhaustive-deps + }, [initialPemText]) + + // Reusable verification function + const performFinalVerification = async () => { + try { + const verificationResult = await verifyCertificate(pemText, null) + + if (!verificationResult.success) { + setValidationError(verificationResult.error || 'Certificate validation failed') + setShowValidationDialog(true) + return false + } + return true + } catch (error) { + setValidationError('Certificate validation failed: ' + error.message) + setShowValidationDialog(true) + return false + } + } + + const handleSubmit = async () => { + if (!validate()) return + + // Check if alias already exists + const aliasExists = checkAliasExists(alias) + if (aliasExists) { + setShowConfirmDialog(true) + return + } + + // Final verification before import + const verificationPassed = await performFinalVerification() + if (!verificationPassed) return + + // Proceed with import if verification passes + await performImport() + } + + const performImport = async () => { + setLoading(true) + setApiError(null) + try { + const result = await updateCertificates(targetStore, { + alias, + pemText, + }, currentCertificates) + if (result.success) { + onSuccess?.(result.data) + onSubmit?.() + } else { + setApiError(result.error || 'Failed to import certificate') + } + } catch (error) { + setApiError(error.message || 'Failed to import certificate') + } finally { + setLoading(false) + } + } + + const handleConfirmReplace = async () => { + setShowConfirmDialog(false) + + // Final verification before import + const verificationPassed = await performFinalVerification() + if (!verificationPassed) return + + // Proceed with import if verification passes + await performImport() + } + + const handleCancelReplace = () => { + setShowConfirmDialog(false) + } + + // Expose handleSubmit and loading state via ref + useImperativeHandle(ref, () => ({ + handleSubmit, + loading + })) + + return ( + + + + {/* Left Column - User Inputs */} + + {/* Right Column - Certificate Details & Verification */} + + + + + + + + {/* Mobile Certificate Details & Verification */} + + + + {/* Fixed buttons at bottom */} + {!hideButtons && ( + + + + + )} + + {/* Confirmation Dialog for Replacing Existing Certificate */} + + + Replace Existing Certificate + + + + A certificate with the alias "{alias}" already exists. This will replace the existing certificate. Are you sure you want to continue? + + + + + + + + + {/* Validation Error Dialog */} + setShowValidationDialog(false)} + aria-labelledby="validation-dialog-title" + aria-describedby="validation-dialog-description" + > + + Certificate Validation Failed + + + + {validationError} + + + + + + + + ) +}) + +export default ImportTrustedCertificateDialog + diff --git a/src/components/UserInputsSection.jsx b/src/components/UserInputsSection.jsx index a56feda106..a24f88222c 100644 --- a/src/components/UserInputsSection.jsx +++ b/src/components/UserInputsSection.jsx @@ -21,6 +21,7 @@ const UserInputsSection = ({ targetStore, aliasWarning, readOnlyPem = false, + showPrivateKeyFields = false, // Refs fileInputRef, @@ -110,7 +111,7 @@ const UserInputsSection = ({ sx={{ marginTop: '10px' }} /> - {targetStore === 'private' && ( + {showPrivateKeyFields && ( <> {dialogTitle} - {dialogType === 'import-certificate' && ( - closeDialog()} + onSuccess={handleImportSuccess} + /> + )} + {dialogType === 'import-certificate' && dialogProps.targetStore === 'private' && ( + closeDialog()} onSuccess={handleImportSuccess} From 17e347e1496f8e90afd38bf88bb5f1d5de097ac4 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Thu, 13 Nov 2025 14:53:27 +0200 Subject: [PATCH 195/360] Add certificate chain import functionality: Introduce CertificateChainSelector and ImportCertificateChainDialogContent components for managing certificate chain imports. Enhance TlsManagement to support the new import dialog, improving user experience in certificate management. Update utility functions for parsing certificate chains from PEM text, ensuring robust handling of multiple certificates. --- src/components/CertificateChainSelector.jsx | 85 +++++ .../ImportCertificateChainDialogContent.jsx | 355 ++++++++++++++++++ src/components/ImportFromUrlDialogContent.jsx | 239 +++++++----- .../TrustedCertificateImportForm.jsx | 141 +++++++ src/components/UserInputsSection.jsx | 3 +- src/pages/TlsManagement.jsx | 15 +- src/utils/certificateUtils.js | 79 ++++ 7 files changed, 824 insertions(+), 93 deletions(-) create mode 100644 src/components/CertificateChainSelector.jsx create mode 100644 src/components/ImportCertificateChainDialogContent.jsx create mode 100644 src/components/TrustedCertificateImportForm.jsx diff --git a/src/components/CertificateChainSelector.jsx b/src/components/CertificateChainSelector.jsx new file mode 100644 index 0000000000..166cb38cd3 --- /dev/null +++ b/src/components/CertificateChainSelector.jsx @@ -0,0 +1,85 @@ +import React from 'react' +import { + Box, + RadioGroup, + Radio, + FormControlLabel, + FormControl, + Typography, + Alert, + Paper +} from '@mui/material' + +export default function CertificateChainSelector({ + certificates = [], + selectedIndex = null, + onSelect, + loading = false +}) { + if (certificates.length === 0) { + return null + } + + return ( + + + Select a certificate to import: + + + + onSelect(parseInt(e.target.value, 10))} + sx={{ display: 'flex', flexDirection: 'column', gap: 1 }} + > + {certificates.map((cert, index) => ( + onSelect(index)} + > + } + label={ + + + {cert.alias || `Certificate ${index + 1}`} + + {cert.error && ( + + {cert.subject || cert.error} + + )} + + } + sx={{ margin: 0, width: '100%' }} + /> + + ))} + + + + ) +} + diff --git a/src/components/ImportCertificateChainDialogContent.jsx b/src/components/ImportCertificateChainDialogContent.jsx new file mode 100644 index 0000000000..4fbc5b63b6 --- /dev/null +++ b/src/components/ImportCertificateChainDialogContent.jsx @@ -0,0 +1,355 @@ +import React, { useState, useEffect, useRef } from 'react' +import { + Box, + Stack, + Button, + TextField, + Typography, + Alert, + Dialog, + DialogTitle, + DialogContent, + DialogContentText, + DialogActions +} from '@mui/material' +import { parseCertificateChainFromPem } from '../utils/certificateUtils.js' +import TrustedCertificateImportForm from './TrustedCertificateImportForm' +import CertificateChainSelector from './CertificateChainSelector' +import { updateCertificates } from '../services/tlsService.js' +import { verifyCertificate } from '../utils/verificationUtils.js' + +export default function ImportCertificateChainDialogContent({ + targetStore = 'trusted', + currentCertificates = null, + onCancel, + onSuccess, +}) { + const [pemText, setPemText] = useState('') + const [file, setFile] = useState(null) + const [parseError, setParseError] = useState(null) + const [certificates, setCertificates] = useState([]) + const [selectedCertificateIndex, setSelectedCertificateIndex] = useState(null) + const [selectedCertificatePem, setSelectedCertificatePem] = useState(null) + const [importLoading, setImportLoading] = useState(false) + const [showConfirmDialog, setShowConfirmDialog] = useState(false) + const [showValidationDialog, setShowValidationDialog] = useState(false) + const [validationError, setValidationError] = useState(null) + const formRef = useRef(null) + const fileInputRef = useRef(null) + + // Parse certificate chain when PEM text changes + useEffect(() => { + if (pemText.trim()) { + const parsed = parseCertificateChainFromPem(pemText) + if (parsed.length === 0) { + setParseError('No valid certificates found in the provided text') + setCertificates([]) + setSelectedCertificateIndex(null) + setSelectedCertificatePem(null) + } else { + setParseError(null) + setCertificates(parsed) + // Auto-select first certificate if available + if (parsed.length > 0) { + setSelectedCertificateIndex(0) + setSelectedCertificatePem(parsed[0].certificate) + } + } + } else { + setParseError(null) + setCertificates([]) + setSelectedCertificateIndex(null) + setSelectedCertificatePem(null) + } + }, [pemText]) + + // Update selected certificate PEM when index changes + useEffect(() => { + if (selectedCertificateIndex !== null && certificates[selectedCertificateIndex]) { + setSelectedCertificatePem(certificates[selectedCertificateIndex].certificate) + setImportLoading(false) // Reset loading when certificate selection changes + } + }, [selectedCertificateIndex, certificates]) + + const handleFileUpload = (e) => { + const uploadedFile = e.target.files?.[0] + if (!uploadedFile) { + return + } + + setFile(uploadedFile) + setParseError(null) + + const reader = new FileReader() + reader.onload = (event) => { + const fileContent = event.target?.result + if (fileContent) { + setPemText(fileContent) + } + } + reader.onerror = () => { + setParseError('Failed to read file') + setFile(null) + } + reader.readAsText(uploadedFile) + } + + const handleCertificateSelect = (index) => { + setSelectedCertificateIndex(index) + const selectedCert = certificates[index] + setSelectedCertificatePem(selectedCert.certificate) + } + + const fileAccept = '.pem,.crt,.cer,.cert' + + const performFinalVerification = async (pemText) => { + try { + const verificationResult = await verifyCertificate(pemText, null) + + if (!verificationResult.success) { + setValidationError(verificationResult.error || 'Certificate validation failed') + setShowValidationDialog(true) + return false + } + return true + } catch (error) { + setValidationError('Certificate validation failed: ' + error.message) + setShowValidationDialog(true) + return false + } + } + + const performImport = async (alias, pemText) => { + setImportLoading(true) + try { + const result = await updateCertificates('trusted', { + alias, + pemText, + }, currentCertificates) + if (result.success) { + setImportLoading(false) + onSuccess?.(result.data) + } else { + setImportLoading(false) + if (formRef.current) { + formRef.current.setApiError(result.error || 'Failed to import certificate') + } + } + } catch (error) { + setImportLoading(false) + if (formRef.current) { + formRef.current.setApiError(error.message || 'Failed to import certificate') + } + } + } + + const handleSubmit = async () => { + if (!formRef.current) return + + if (!formRef.current.validate()) return + + // Check if alias already exists + const aliasExists = formRef.current.checkAliasExists() + if (aliasExists) { + setShowConfirmDialog(true) + return + } + + // Final verification before import + const verificationPassed = await performFinalVerification(formRef.current.pemText) + if (!verificationPassed) return + + // Proceed with import if verification passes + await performImport(formRef.current.alias, formRef.current.pemText) + } + + const handleConfirmReplace = async () => { + setShowConfirmDialog(false) + + if (!formRef.current) return + + // Final verification before import + const verificationPassed = await performFinalVerification(formRef.current.pemText) + if (!verificationPassed) return + + // Proceed with import if verification passes + await performImport(formRef.current.alias, formRef.current.pemText) + } + + return ( + + {/* PEM Input Section */} + + + + + + {file ? file.name : 'No file selected'} + + + + setPemText(e.target.value)} + error={!!parseError} + helperText={parseError || 'Paste certificate or upload a file'} + multiline + minRows={4} + maxRows={7} + fullWidth + autoFocus + /> + + {certificates.length > 0 && ( + + Found {certificates.length} certificate{certificates.length > 1 ? 's' : ''} in the chain + + )} + + + {/* Certificate List and Import Details - Vertical Layout */} + {certificates.length > 0 && ( + + {/* Top Section - Certificate List */} + + + {/* Bottom Section - Import Certificate Details */} + + {selectedCertificatePem ? ( + + ) : ( + + Select a certificate from the list to view details and import + + )} + + + )} + + {/* Fixed buttons at bottom - only show when certificate is selected */} + {certificates.length > 0 && selectedCertificatePem && ( + + + + + )} + + {/* Confirmation Dialog for Replacing Existing Certificate */} + setShowConfirmDialog(false)} + aria-labelledby="confirm-dialog-title" + aria-describedby="confirm-dialog-description" + > + + Replace Existing Certificate + + + + {formRef.current && ( + <>A certificate with the alias "{formRef.current.alias}" already exists. This will replace the existing certificate. Are you sure you want to continue? + )} + + + + + + + + + {/* Validation Error Dialog */} + setShowValidationDialog(false)} + aria-labelledby="validation-dialog-title" + aria-describedby="validation-dialog-description" + > + + Certificate Validation Failed + + + + {validationError} + + + + + + + + + ) +} + diff --git a/src/components/ImportFromUrlDialogContent.jsx b/src/components/ImportFromUrlDialogContent.jsx index 908178d610..4a019b9b48 100644 --- a/src/components/ImportFromUrlDialogContent.jsx +++ b/src/components/ImportFromUrlDialogContent.jsx @@ -4,19 +4,19 @@ import { Stack, Button, TextField, - RadioGroup, - Radio, - FormControlLabel, - FormControl, Typography, Alert, CircularProgress, - Paper, - Divider + Dialog, + DialogTitle, + DialogContent, + DialogContentText, + DialogActions } from '@mui/material' -import { fetchRemoteCertificates } from '../services/tlsService.js' -import ImportTrustedCertificateDialog from './ImportTrustedCertificateDialog' -import StatusPill from './StatusPill' +import { fetchRemoteCertificates, updateCertificates } from '../services/tlsService.js' +import TrustedCertificateImportForm from './TrustedCertificateImportForm' +import CertificateChainSelector from './CertificateChainSelector' +import { verifyCertificate } from '../utils/verificationUtils.js' export default function ImportFromUrlDialogContent({ targetStore = 'trusted', @@ -32,7 +32,10 @@ export default function ImportFromUrlDialogContent({ const [selectedCertificateIndex, setSelectedCertificateIndex] = useState(null) const [selectedCertificatePem, setSelectedCertificatePem] = useState(null) const [importLoading, setImportLoading] = useState(false) - const importCertificateRef = useRef(null) + const [showConfirmDialog, setShowConfirmDialog] = useState(false) + const [showValidationDialog, setShowValidationDialog] = useState(false) + const [validationError, setValidationError] = useState(null) + const formRef = useRef(null) const validateUrl = (urlValue) => { if (!urlValue.trim()) { @@ -106,12 +109,87 @@ export default function ImportFromUrlDialogContent({ } }, [selectedCertificateIndex, certificates]) + const performFinalVerification = async (pemText) => { + try { + const verificationResult = await verifyCertificate(pemText, null) + + if (!verificationResult.success) { + setValidationError(verificationResult.error || 'Certificate validation failed') + setShowValidationDialog(true) + return false + } + return true + } catch (error) { + setValidationError('Certificate validation failed: ' + error.message) + setShowValidationDialog(true) + return false + } + } + + const performImport = async (alias, pemText) => { + setImportLoading(true) + try { + const result = await updateCertificates('trusted', { + alias, + pemText, + }, currentCertificates) + if (result.success) { + setImportLoading(false) + onSuccess?.(result.data) + } else { + setImportLoading(false) + if (formRef.current) { + formRef.current.setApiError(result.error || 'Failed to import certificate') + } + } + } catch (error) { + setImportLoading(false) + if (formRef.current) { + formRef.current.setApiError(error.message || 'Failed to import certificate') + } + } + } + + const handleSubmit = async () => { + if (!formRef.current) return + + if (!formRef.current.validate()) return + + // Check if alias already exists + const aliasExists = formRef.current.checkAliasExists() + if (aliasExists) { + setShowConfirmDialog(true) + return + } + + // Final verification before import + const verificationPassed = await performFinalVerification(formRef.current.pemText) + if (!verificationPassed) return + + // Proceed with import if verification passes + await performImport(formRef.current.alias, formRef.current.pemText) + } + + const handleConfirmReplace = async () => { + setShowConfirmDialog(false) + + if (!formRef.current) return + + // Final verification before import + const verificationPassed = await performFinalVerification(formRef.current.pemText) + if (!verificationPassed) return + + // Proceed with import if verification passes + await performImport(formRef.current.alias, formRef.current.pemText) + } + return ( {/* URL Input Section */} @@ -162,66 +240,12 @@ export default function ImportFromUrlDialogContent({ gap: 3 }}> {/* Top Section - Certificate List */} - - - Select a certificate to import: - - - - handleCertificateSelect(parseInt(e.target.value, 10))} - sx={{ display: 'flex', flexDirection: 'column', gap: 1 }} - > - {certificates.map((cert, index) => ( - handleCertificateSelect(index)} - > - } - label={ - - - {cert.alias || `Certificate ${index + 1}`} - - {cert.error && ( - - {cert.subject} - - )} - - } - sx={{ margin: 0, width: '100%' }} - /> - - ))} - - - + {/* Bottom Section - Import Certificate Details */} {selectedCertificatePem ? ( - { - setImportLoading(false) - onSuccess?.(data) - }} initialPemText={selectedCertificatePem} readOnlyPem={true} - hideButtons={true} /> ) : ( @@ -271,14 +289,7 @@ export default function ImportFromUrlDialogContent({ + + + + + {/* Validation Error Dialog */} + setShowValidationDialog(false)} + aria-labelledby="validation-dialog-title" + aria-describedby="validation-dialog-description" + > + + Certificate Validation Failed + + + + {validationError} + + + + + + + ) } diff --git a/src/components/TrustedCertificateImportForm.jsx b/src/components/TrustedCertificateImportForm.jsx new file mode 100644 index 0000000000..cb511d38e3 --- /dev/null +++ b/src/components/TrustedCertificateImportForm.jsx @@ -0,0 +1,141 @@ +import React, { useEffect, useImperativeHandle, forwardRef } from 'react' +import { + Box, + Stack +} from '@mui/material' +import { useCertificateImport } from '../hooks/useCertificateImport' +import CertificateDetailsSection from './CertificateDetailsSection' +import CertificateVerificationSection from './CertificateVerificationSection' +import UserInputsSection from './UserInputsSection' +import MobileCertificateSection from './MobileCertificateSection' + +const TrustedCertificateImportForm = forwardRef(function TrustedCertificateImportForm({ + currentCertificates = null, + initialPemText = null, + readOnlyPem = false +}, ref) { + const targetStore = 'trusted' + + const { + // State + alias, + pemText, + privateKeyText, + file, + privateKeyFile, + apiError, + errors, + certificateDetails, + verificationResult, + isVerifying, + existingCertificates, + aliasWarning, + + // Refs + fileInputRef, + privateKeyFileInputRef, + fileAccept, + + // Actions + setLoading, + setApiError, + setPemText, + parseCertificateDetails, + + // Handlers + handleVerifyCertificate, + handleFileUpload, + handlePrivateKeyFileUpload, + handlePemTextChange, + handlePrivateKeyTextChange, + handleAliasChange, + validate, + loadExistingCertificates, + checkAliasExists + } = useCertificateImport(targetStore) + + // Load existing certificates on component mount + useEffect(() => { + loadExistingCertificates() + }, [loadExistingCertificates]) + + // Pre-populate PEM text if initialPemText is provided + useEffect(() => { + if (initialPemText && initialPemText.trim()) { + // Always update when initialPemText changes (for URL import flow) + setPemText(initialPemText) + parseCertificateDetails(initialPemText) + } + // eslint-disable-next-line react-hooks/exhaustive-deps + }, [initialPemText]) + + // Expose form state and methods via ref + useImperativeHandle(ref, () => ({ + alias, + pemText, + validate, + checkAliasExists: () => checkAliasExists(alias), + apiError, + setApiError + })) + + return ( + + {/* Left Column - User Inputs */} + + {/* Right Column - Certificate Details & Verification */} + + + + + + + + {/* Mobile Certificate Details & Verification */} + + + ) +}) + +export default TrustedCertificateImportForm + diff --git a/src/components/UserInputsSection.jsx b/src/components/UserInputsSection.jsx index a24f88222c..78d024dfcb 100644 --- a/src/components/UserInputsSection.jsx +++ b/src/components/UserInputsSection.jsx @@ -97,12 +97,11 @@ const UserInputsSection = ({ )} { const targetStore = tabKey === 'trusted' ? 'trusted' : 'private' - openDialog({ type: 'import-certificate', title: 'Import Certificate (PEM)', props: { targetStore } }) + if (targetStore === 'trusted') { + // Use certificate chain import for trusted store + openDialog({ type: 'import-certificate-chain', title: 'Import Certificate Chain', props: { targetStore } }) + } else { + // Use regular import for private store + openDialog({ type: 'import-certificate', title: 'Import Certificate (PEM)', props: { targetStore } }) + } } const onTabChange = (_e, newIndex) => { @@ -222,11 +229,11 @@ export default function TlsManagement() { {dialogTitle} - {dialogType === 'import-certificate' && dialogProps.targetStore === 'trusted' && ( - closeDialog()} onSuccess={handleImportSuccess} /> )} diff --git a/src/utils/certificateUtils.js b/src/utils/certificateUtils.js index fb85582d4a..0716850477 100644 --- a/src/utils/certificateUtils.js +++ b/src/utils/certificateUtils.js @@ -1,4 +1,5 @@ import { X509, KEYUTIL, KJUR, zulutodate } from 'jsrsasign' +import { parseCertificateChain } from './verificationUtils.js' /** * Convert X509 time string to Date object using jsrsasign utility @@ -490,3 +491,81 @@ export function getSuggestedAlias(details) { return null } + +/** + * Parse a certificate chain from PEM text and return array of certificate objects + * @param {string} pemText - PEM certificate text (can contain multiple certificates) + * @returns {Array} Array of certificate objects with structure: { certificate: pem, alias, subject, issuer, ... } + */ +export function parseCertificateChainFromPem(pemText) { + if (!pemText || !pemText.trim()) { + return [] + } + + try { + // Parse the certificate chain using verificationUtils + const chainCertificates = parseCertificateChain(pemText) + + if (chainCertificates.length === 0) { + return [] + } + + // Parse each certificate to get details + const certificates = [] + chainCertificates.forEach((chainCert, index) => { + try { + const parsed = parseCertificate(chainCert.pem) + + // Handle parse errors gracefully + if (parsed.error) { + certificates.push({ + certificate: chainCert.pem, + alias: `Certificate ${index + 1}`, + name: 'Invalid Certificate', + type: 'Invalid', + subject: `Parse Error: ${parsed.error}`, + issuer: 'Unknown', + validFrom: 'Unknown', + validTo: 'Unknown', + fingerprintSha1: 'Unknown', + parsedCertificate: parsed, + error: parsed.error + }) + return + } + + certificates.push({ + certificate: chainCert.pem, + alias: getSuggestedAlias(parsed) || `Certificate ${index + 1}`, + name: parsed.subject?.CN || 'Unknown', + type: parsed.type || 'Unknown', + subject: parsed.subjectStr || 'Unknown', + issuer: parsed.issuerStr || 'Unknown', + validFrom: parsed.validFrom, + validTo: parsed.validTo, + fingerprintSha1: parsed.fingerprintSha1, + parsedCertificate: parsed + }) + } catch (parseError) { + console.warn('Failed to parse certificate in chain:', parseError) + certificates.push({ + certificate: chainCert.pem, + alias: `Certificate ${index + 1}`, + name: 'Parse Error', + type: 'Invalid', + subject: `Parse Error: ${parseError.message}`, + issuer: 'Unknown', + validFrom: 'Unknown', + validTo: 'Unknown', + fingerprintSha1: 'Unknown', + error: parseError.message + }) + } + }) + + return certificates + } catch (error) { + console.error('Failed to parse certificate chain:', error) + return [] + } +} From 1c75560002d9754e34bdd53ea7ee02d601b58057 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Thu, 13 Nov 2025 14:59:45 +0200 Subject: [PATCH 196/360] Remove verify button from CertificateVerificationSection and update helper text in UserInputsSection to clarify file upload options for private keys. --- src/components/CertificateVerificationSection.jsx | 9 --------- src/components/UserInputsSection.jsx | 2 +- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/src/components/CertificateVerificationSection.jsx b/src/components/CertificateVerificationSection.jsx index 16daefe023..0575359a6b 100644 --- a/src/components/CertificateVerificationSection.jsx +++ b/src/components/CertificateVerificationSection.jsx @@ -33,15 +33,6 @@ const CertificateVerificationSection = ({ Certificate Verification - {verificationResult && ( diff --git a/src/components/UserInputsSection.jsx b/src/components/UserInputsSection.jsx index 78d024dfcb..4e0b668bfe 100644 --- a/src/components/UserInputsSection.jsx +++ b/src/components/UserInputsSection.jsx @@ -135,7 +135,7 @@ const UserInputsSection = ({ value={privateKeyText} onChange={handlePrivateKeyTextChange} error={Boolean(errors.privateKeyText)} - helperText={errors.privateKeyText || 'Paste private key. Uploading a .pem or .key file fills this field.'} + helperText={errors.privateKeyText || 'Paste private key. Uploading a .key file fills this field.'} multiline minRows={4} maxRows={6} From f1a2fa58caa59a2ef8b24b5feecee0b263b457c9 Mon Sep 17 00:00:00 2001 From: Andrei Haiducu Date: Thu, 13 Nov 2025 15:37:52 +0200 Subject: [PATCH 197/360] Enhance certificate import functionality: Update useCertificateImport hook to accept currentCertificates as a parameter, allowing for preloading of existing certificates. Modify ImportPrivateCertificateDialog, ImportTrustedCertificateDialog, and TrustedCertificateImportForm components to utilize the updated hook, improving efficiency in certificate management. --- .../ImportPrivateCertificateDialog.jsx | 2 +- .../ImportTrustedCertificateDialog.jsx | 2 +- .../TrustedCertificateImportForm.jsx | 2 +- src/hooks/useCertificateImport.js | 19 ++++++++++++++++--- src/services/tlsService.js | 6 +++--- 5 files changed, 22 insertions(+), 9 deletions(-) diff --git a/src/components/ImportPrivateCertificateDialog.jsx b/src/components/ImportPrivateCertificateDialog.jsx index ab2a8811b6..4bce3f5b5f 100644 --- a/src/components/ImportPrivateCertificateDialog.jsx +++ b/src/components/ImportPrivateCertificateDialog.jsx @@ -68,7 +68,7 @@ const ImportPrivateCertificateDialog = forwardRef(function ImportPrivateCertific validate, loadExistingCertificates, checkAliasExists - } = useCertificateImport(targetStore) + } = useCertificateImport(targetStore, currentCertificates) // Load existing certificates on component mount useEffect(() => { diff --git a/src/components/ImportTrustedCertificateDialog.jsx b/src/components/ImportTrustedCertificateDialog.jsx index d198d53578..031a6438ad 100644 --- a/src/components/ImportTrustedCertificateDialog.jsx +++ b/src/components/ImportTrustedCertificateDialog.jsx @@ -68,7 +68,7 @@ const ImportTrustedCertificateDialog = forwardRef(function ImportTrustedCertific validate, loadExistingCertificates, checkAliasExists - } = useCertificateImport(targetStore) + } = useCertificateImport(targetStore, currentCertificates) // Load existing certificates on component mount useEffect(() => { diff --git a/src/components/TrustedCertificateImportForm.jsx b/src/components/TrustedCertificateImportForm.jsx index cb511d38e3..01f9838232 100644 --- a/src/components/TrustedCertificateImportForm.jsx +++ b/src/components/TrustedCertificateImportForm.jsx @@ -52,7 +52,7 @@ const TrustedCertificateImportForm = forwardRef(function TrustedCertificateImpor validate, loadExistingCertificates, checkAliasExists - } = useCertificateImport(targetStore) + } = useCertificateImport(targetStore, currentCertificates) // Load existing certificates on component mount useEffect(() => { diff --git a/src/hooks/useCertificateImport.js b/src/hooks/useCertificateImport.js index 02e50dd5e7..9418482688 100644 --- a/src/hooks/useCertificateImport.js +++ b/src/hooks/useCertificateImport.js @@ -1,9 +1,9 @@ -import { useState, useRef } from 'react' +import { useState, useRef, useEffect } from 'react' import { parseCertificate, getSuggestedAlias, isValidPemCertificate } from '../utils/certificateUtils' import { verifyCertificate } from '../utils/verificationUtils' import { fetchCertificates } from '../services/tlsService' -export const useCertificateImport = (targetStore) => { +export const useCertificateImport = (targetStore, currentCertificates = null) => { // State management const [alias, setAlias] = useState('') const [pemText, setPemText] = useState('') @@ -16,7 +16,7 @@ export const useCertificateImport = (targetStore) => { const [certificateDetails, setCertificateDetails] = useState(null) const [verificationResult, setVerificationResult] = useState(null) const [isVerifying, setIsVerifying] = useState(false) - const [existingCertificates, setExistingCertificates] = useState([]) + const [existingCertificates, setExistingCertificates] = useState(currentCertificates || []) const [aliasWarning, setAliasWarning] = useState(null) // Refs @@ -27,6 +27,12 @@ export const useCertificateImport = (targetStore) => { // Load existing certificates to check for alias conflicts const loadExistingCertificates = async () => { + // If currentCertificates were provided, use them instead of fetching + if (currentCertificates && currentCertificates.length > 0) { + setExistingCertificates(currentCertificates) + return + } + try { const certificates = await fetchCertificates() setExistingCertificates(certificates) @@ -34,6 +40,13 @@ export const useCertificateImport = (targetStore) => { console.error('Failed to load existing certificates:', error) } } + + // Update existingCertificates when currentCertificates prop changes + useEffect(() => { + if (currentCertificates && currentCertificates.length > 0) { + setExistingCertificates(currentCertificates) + } + }, [currentCertificates]) // Check if alias already exists within the target store const checkAliasExists = (aliasToCheck) => { diff --git a/src/services/tlsService.js b/src/services/tlsService.js index f5c444f128..c714cf9c67 100644 --- a/src/services/tlsService.js +++ b/src/services/tlsService.js @@ -121,7 +121,7 @@ export async function fetchSystemCertificates() { } certificates.push({ - alias: cert.alias, + alias: cert.alias.toString(), name: parsed.subject?.CN || cert.alias, type: parsed.type || 'Unknown', subject: parsed.subjectStr || 'Unknown', @@ -291,7 +291,7 @@ export async function fetchTrustedCertificates() { } certificates.push({ - alias: cert.alias, + alias: cert.alias.toString(), name: parsed.subject?.CN || cert.alias, type: parsed.type || 'Unknown', subject: parsed.subjectStr || 'Unknown', @@ -372,7 +372,7 @@ export async function fetchLocalCertificates() { } certificates.push({ - alias: cert.alias, + alias: cert.alias.toString(), name: parsed.subject?.CN || cert.alias, type: parsed.type || 'Unknown', subject: parsed.subjectStr || 'Unknown', From 1ecd55a72dbf76db6648b2d3bde88e1bc5604e83 Mon Sep 17 00:00:00 2001 From: Kaur Palang Date: Thu, 13 Nov 2025 20:12:50 +0200 Subject: [PATCH 198/360] Add support for overriding Get Operations button in WS Sender --- .gitignore | 2 +- .../panel/SenderConnectorPropertiesPanel.java | 97 +++++++ libs/runtime/server/cxf-core-4.1.3.jar | Bin 0 -> 1417169 bytes libs/runtime/server/cxf-rt-wsdl-4.1.3.jar | Bin 0 -> 181853 bytes libs/runtime/server/stax2-api-4.2.2.jar | Bin 0 -> 195922 bytes libs/runtime/server/woodstox-core-7.1.1.jar | Bin 0 -> 1612256 bytes server/pom.xml | 7 + .../tlsmanager/server/TLSServicePlugin.java | 9 + .../tlsmanager/server/WebServiceService.java | 237 ++++++++++++++++++ .../server/servlets/TLSServlet.java | 53 +++- .../shared/servlet/TLSServletInterface.java | 108 ++++++++ 11 files changed, 509 insertions(+), 4 deletions(-) create mode 100644 libs/runtime/server/cxf-core-4.1.3.jar create mode 100644 libs/runtime/server/cxf-rt-wsdl-4.1.3.jar create mode 100644 libs/runtime/server/stax2-api-4.2.2.jar create mode 100644 libs/runtime/server/woodstox-core-7.1.1.jar create mode 100644 server/src/main/java/org/openintegrationengine/tlsmanager/server/WebServiceService.java diff --git a/.gitignore b/.gitignore index 4b1c9fdf8b..ccd6eaab48 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,7 @@ target/ *.zip *.json plugin.xml -*.jar + docker/certs/ docker/custom-extensions diff --git a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java index 71759c6993..4112478d81 100644 --- a/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java +++ b/client/src/main/java/org/openintegrationengine/tlsmanager/client/panel/SenderConnectorPropertiesPanel.java @@ -30,6 +30,7 @@ import com.mirth.connect.connectors.http.HttpSender; import com.mirth.connect.connectors.tcp.TcpDispatcherProperties; import com.mirth.connect.connectors.tcp.TcpSender; +import com.mirth.connect.connectors.ws.DefinitionServiceMap; import com.mirth.connect.connectors.ws.WebServiceDispatcherProperties; import com.mirth.connect.connectors.ws.WebServiceSender; import com.mirth.connect.donkey.model.channel.ConnectorPluginProperties; @@ -212,6 +213,102 @@ private void doActionListenerOverrides() { var message = "No Get Operations button found in settings panel %s".formatted(settingsPanel); log(message); } + + var getOperationsButtons = getButtonsByText("Get Operations"); + if (!getOperationsButtons.isEmpty()) { + var button = getOperationsButtons.get(0); + + var actionListeners = button.getActionListeners().clone(); + + var previousActionListener = actionListeners[0]; // Hope it only has a single listener + + // Replace the ActionListener + button.removeActionListener(previousActionListener); + button.addActionListener(e -> getOperations(previousActionListener, e)); + } else { + var message = "No Get Operations button found in settings panel %s".formatted(settingsPanel); + log(message); + } + } + } + + private void getOperations(ActionListener nonTlsActionListener, ActionEvent event) { + if (!properties.isTlsManagerEnabled()) { + // If TLS management is disabled, run the previous non-tls connection test + // The isWsdlUrlBeingTested hopefully doesn't matter here as the listeners are already defined + // by the sender panel. + nonTlsActionListener.actionPerformed(event); + return; + } + + + var webServiceSender = (WebServiceSender) connectorPanel.getConnectorSettingsPanel(); + if (!parentFrame.alertOkCancel(parentFrame, "This will replace your current service, port, location URI, and operation list. Press OK to continue.")) { + return; + } + + var wsProperties = (WebServiceDispatcherProperties) connectorPanel.getProperties(); + + // wtf... + var cacheWsdlHandler = new ResponseHandler() { + @Override + public void handle(Object response) { + try { + var retrieveWsdlFromCacheHandler = new ResponseHandler() { + @Override + public void handle(Object response) { + if (response == null) { + return; + } + + var definitionServiceMap = (DefinitionServiceMap) response; + var currentProperties = (WebServiceDispatcherProperties) webServiceSender.getProperties(); + currentProperties.setWsdlDefinitionMap(definitionServiceMap); + + // Trigger private loadServiceMap() function + webServiceSender.setProperties(currentProperties); + + parentFrame.setSaveEnabled(true); + } + }; + + connectorPanel + .getConnectorSettingsPanel() + .getServlet( + TLSServletInterface.class, + "Retrieving cached WSDL definition map...", + "There was an error retrieving the cached WSDL definition map.\n\n", + retrieveWsdlFromCacheHandler + ) + .getDefinition( + connectorPanel.getConnectorSettingsPanel().getChannelId(), + connectorPanel.getConnectorSettingsPanel().getChannelName(), + wsProperties.getWsdlUrl(), + wsProperties.getUsername(), + wsProperties.getPassword() + ); + } catch (ClientException e) { + // Should not happen + } + } + }; + + try { + connectorPanel + .getConnectorSettingsPanel() + .getServlet( + TLSServletInterface.class, + "Getting operations...", + "Error caching WSDL. Please check the WSDL URL and authentication settings.\n\n", + cacheWsdlHandler + ) + .cacheWsdlFromUrl( + connectorPanel.getConnectorSettingsPanel().getChannelId(), + connectorPanel.getConnectorSettingsPanel().getChannelName(), + wsProperties + ); + } catch (ClientException e) { + // Should not happen } } diff --git a/libs/runtime/server/cxf-core-4.1.3.jar b/libs/runtime/server/cxf-core-4.1.3.jar new file mode 100644 index 0000000000000000000000000000000000000000..9b68c3c62650f3a05a1d6acd7911a6fd7039abcb GIT binary patch literal 1417169 zcmb5VW0;^zvMyS-ZL`a^(Pi7VZQHhO+peyvF1yRN?OSWlzGr6EIcM(O-}B_ZjQlbq zBO>2;Gg3|x7z70X0s;cS*5^|L;9ovS01yCa5hVc{aT!s%&v5_%U;sHuaEQNp0R4A2 zx&Ny$%6E_dB`hr*z_N>a@xun{3rNmw}+IBJYLPs`59 zo6@ycC3l^c1Qc#v8SgC~>D(sN1LioAssL{c3SQt_h$n1_cgJ-Y!}p{4>7T)46i4ZE z&~IgY+#b(cwS}RlgDml3pKqh7!)BFAEpAV6=qj~{DQj}xJBX5`mA^=4E}lFCFSWHM zCtP)T`Mh2~Zsv_dON5gv0G~A^D-ai|(kp`YG`98#)prliiKv$oe-(X37E{I3iTVO5 zML$z4S;#uFzA6Jmr=$qz)E-7?CA_?>3Qd(6RE|xDnh5Bg#1t1s_}tUbvU1~U4<2r( z`EnF7@5~;NAh&0D70yC$+%LCL@3%4C&$A;zhARm_A_+797?V9R%^fF9d(&=SfJgTz zN7ok1C=u*G1duM8ldMMJCZ|@WmFP2P?VCrHW#g4vDGdg(>re_xhDriG1|kp_R73#Z zb#o2g=SVF0MU2)!N06$H*V2s9#KtLngNR|5wU4OGjHaVB<1f4if><(%sClrI>^O-$ ztTe7RgE}$T1H>MryBSgwUOG+PKm%!qLp|N31y&GRX%qTn!G$YPTEY*x@3@!7Y?3*1 z*F3+yYZ=Xo@nRLD??xeUr_!dXbXpiG$8Ff8Zl^mgB83<2nlF7@z=dT6rly|~)!nnX z4Ue2uo!E#jbvCUwK*?@mCg+#mgOz%gGbN1?0UelW0;Tn+j=)9F^)dK| zm0rc38zkQHi*#T8HTXnoB!DlV3GL8`xop@G%YLioP{!OP+jUo!mz0FweZQ%uhB|H& zpO6zL?L)r*{K(y{jtPOY=JVzUC$58(I}s$!g3A8;&$yVqo|yO7CIGUS7PGknCXgB0GcYk?#kd{ZMFjvQK%_m8e=cn0g$3 z7<%2byF*>Gp+73i<|kx9{Q$vvSv^In#Axqbcy<* zuw;W4U_7m{Zq^CphL3y#!8i|8yia#ne?$GpwXS8#(3H?ZTwfxZ+3&%=6x zkoqBMW;5GgEl`f}M;^)Apoc`Ac03UN$ir)IB%jC=^eZ0IPUgKxz>@{(w6PwEy+O*e z**CD!X#4iFKPL{?-Xe(1<%L|#&rxFnv3!bE7dY(999I>aUQNr-aKjefe%cx5VA(Vj zz|+qzmd5P31~>-z0Y}057YQyE;{XpIm_FBUYAdnoCTf5&Qa9}!m`%+6E;xbQ0a17W z6FuNk-C|=Om|U{p+Ml?LM>P)WtBdqW6>Xt9m9_EFy$}gawASj&AndFF^+OF?IW&;T z;a4sj@lS5Ow55ITQo3d}6#3Fe1*X&3NRoeELD;Q-I0bqVKe=VZ)^6&obf@(P>a(c0 z{AU08lY@*FX(e@bW|zk~P6$GZX|ckGz1RP zv*&pyPPg05deh^IsCWQ4Gg;mUqL7$8e*Qx*(juU4nJg#RPg7?dd>w|G*Rv|8>Xq| zgp5g$usRT#o8zlK1ldHm97PTGmnWjqgH6ELs?|yzSfoZYEobpOh>n`1>lr-?(!dI8 zGBuQ6YmSeJ+Rl%x-D784bK0iP2_GnwJ< zBIygYm!hLeTBPsD==I@H-aJ2dRkiYm;@I_dmr2T9EOTg1rgn{Ji8ZV^GhY)krJ+eu z@Iyr?RInAla=fc_j!$j6^;lL>558;}KKV=9@w}q`iG0Sl`Shye`I0({3wo0C>Jq=J z*pDY09`VGn_Soh_**X!3NU;NK;wNdyiW?n-hJTo8lL$D)q73QDr@*$k=%KXu*}kg> zj+rR`<#s-}yR>MM?C{!3q}^c#@&ne#+tfL4aJ>tbuq@LC?d5I$*HZnvO&Q!O(TKPC z>klvoN9&oh>h^VuBjH;h82bUI;^t&F?RaxV7T0SM1aa$rkLDq{JKT?3AH0+8Q8%&& z)cGBhAdV3xJc%>yt=e&{%!kc!s1rU0xmT$oJ0p8?vMQmGWPxE$CyKt8Rs3_$en(b! z0DC%jm=<#eB!@vr!>2eqfX&^(;mohD@=@M*FvOL;(pK9Tr1mcN$hp2=>RXmro#nO@ zhh{ED-vMzt(dXVV?00;;{?oSuCl8+PPLOU+zBlZ@u+~Ct?cxte0DxplfN$*e{{l6& zzX3JWf5lqDB61=!!Xh$4;v$N}Y8#HbtO&kGwKHqU>3`s4{#d??LY(Y}SkA?@?<=nW z30sXd8~uK$y*eEn(G?dL;xGZQZ0_9Ly0mCcI3he6%=JIYABABOAl*PhiBGBvtBXVO ze?}T(L8X{{4hcdcBOOB;7YjwAK>>ws35mY#RPiJjB=PxnWsv!mq5d zJPeNz9ecWr3SGqVSS?!Ufm3z=H_M#>U*_Xp@Y;=0_$}5DW5+M&o;7v;CXvDx^s~nb z+o3`3*&7o1bE}`GHXSn6LMduu<0)DQFL?WxU{`2x(sL`FfUvEigLvf<)fuOGBSrSF zevS)6=8Xqii9teRXx!5SDg|l#^5z9Q*)!p~*U(cWqI(FesETnTPp#b|=7wsJ{-wo% zik!kJ`@0gH#|bEw2km!gZD*_T=cZATADpuwcKm`tZ6QT-$WG$0B-J=+o6{XPHN8w^ zR5+d_(aIcV!_QA|>9J7o(wC)W>fkEW%X0%NM08R02$U&jjGpVwQoAW^H4x`bTXs@~ zIdQal4w{oEP>TIq^MSPG0lskIr@hS}ybaPR7z;9XBI?4cr+G<1BCwCiB;8Ty1e;O| z30U{_tBgziE*Yroz1UlYKy~@`K}4NP@8AUJ7`7b*prht9WL>Cz^L|PK-bB#Mp{$@z z_yO=lXD9`cbqE5E&wGOGCY4$XlE=X6C+P8?a7(8y_o7kBb&YhXxC3$z}vZp*RrwsR{qMmB8(IeZ^Zoyi3=7X$_6{U_IQwEuHDe(b33Rh zllS(XBBVSN_)=)Jc^5I_*X^CL%N<{aY#*?0wuL#8U3X8zH!KT+_33kEyOnUjmRXTJ zrxE$WUOTVeN7FavMW?|DnkghZw1!Wn=)p0}B$JUY)0g?MPy8T=ofFb+~bCG z+bB0kXla+}N$DOK$6FeXZig|vY}FqgZ)!{pTd8(KwWbr?lS*ffo~m4!P|}Lq6>v*& zS;isA3fJewAo@kh#4Ekv>g~%97+x6~h`I9CBK&Jel@b>ckx>-c(9m>T8$tDX zs$Fp?Q8WiD$!0dkJ_@hj52+S17jCy9OAIBgBWMMy`$bC-@$tZu+U;Lt2UBV)M zzS?+nn|+lv41LqyD?&GsjdbN)&RMF%eYek- zliWx(e9j5A7OA=3z^MX3RQ|sJPmdkGa>EqYtL2RKh-F zW^el6nrcZ_+l?Qw3L%TM%w~et_gp%DiZ|EvXLL7^M)W*CK3vh6a{(Xf4}uHqZG+Wu zz5=WpB|{?#?29_<1t|nlkTJLqLx~G2Ub$n(_-MsOSN~B z63f&v6vR}R!gqv@2Qc-kB?q6Hg_e2kJHC*EJF=<#K{IT3d}rv({5TIualRutmu3e+ zOjGQ4Ily25RCn@Tub~bY$1S$;OB(r>Z?G6>76rI2i8sk;DA>i8*m-EJU~83G$u z48Zzc7wr2uN(+aG*(tGAjHi{cUE_OwS%NUF~T#+mEX)sD0Nb{&fuL{ukR?az%q-8_jE(` zFI^Ax8QoW6UA0&$%?hLMO5IH;lxFChqLoz^aB<)p0)t4E38dW zKE4t!M3NDJ@>_jN(tg%#HUM1QZXlZivmzOZ9=xb#!~-|T8i-v|2bZfB@yMvc#((hk zybJr%SkiXQZ*Pqkb$;)ro9Lh|zd=mYiLu1_EdgMl9|uQUQN%o=EjtVIj!bFl>Y?q6 zs*cH-mG&1K5x#Zqt}39^Q*8l%N^$}cor0mW@ly(Ds5B6vI)Jm4Egc}hvA8O!2})GN ze?q$OsqmUm#akYT(lKJB3k#T7H(}eYJ2)vFn2)Ah&&~ge4RR}IE+5qkI#Czm9+20n zotTY+OK44gL>A1IKBthQJ-BZnJ`a@>#*f#Z79|Q;v;uuhA(~!%IcE-zeRk${`PDbA zkhAU=7JD&UVgNpFg))RJCn_QaCvo&vMB;SXinv?aZ!HP@c<2xv#3soHR#1DiTPs#+ zx7K>|?5`gF@N0N+^mNsPOtKLt8C6L<9#f1U$Zu+BHw+zsBS;Zw@N5wv1#$;`W?9KI zTC0$0L-MvO5P5Gjwa?=m4V&CCZqm+8T@y5y8KDzgkti-#$#LszCnSF@05#5#XXFNQ zj+Fgs6t)VKN-*y+I*31Z%Wq1{0@r&lTx7HLfSJ#LA^so{cRI;&0L^6vp9y?J0%YS0 z_)4pfaS=XEZ^i+}pU6KT2D?CV_D-GY3Q!wdpX((r>;N>lESA+dnj1dC&jP^b#TQUM z3U`G85u988u_{iFEDJ`uj~A+QyvMd~gBh1SyDDnsK$!}=ynplE%7wj-2y(0%+rBaI z+*w9LdR1MMKX+!90@p$}=NbJH>5tw#r7j}ir(e9VitI!TdJwRE=vgIA*))l5Mb?%< zYz;)S4Q&d`E8n9aTpW}kC#Ug@riy?K>8BLI5%yE0QXNri%Sd~w5k0r4x#+&^J0>@s z2=SB60x({)ye2J>UVWa|F38WaXPiEHX}#fW+vdb9Mvfzd7}WP!Bt=jLso|1%3<^av zQSXu}cv^%Os2-Sp^lIq2I@u}=sGjslu4LJe!zO1cc*xZl zc?df>a2uxnLQ^%ob`W!7D^{Ri@;HQr{$FhMM6zopv^%l{>hT(cjABsLDwK~7)>y~k zZ9U-U9>}NX!Cm`_F$m_G3+Rh`KEUf0J7EwS91qbOgrC_sN($cWmn1!}A1`7y%?0gnQ%8070b9af$}Z5VSD$eK?ym_qegCsW2Pjmp3zYKU%*O9P6o z09d&Av}^1(X+Q;iFp`V)*R$FL)GAQ!it+J~P_u-^nS9u>1XIV3Fy+swY1oCPaRTGY zArLf5nA~I;iA+;)<#spXGLjDqW{ac&D)+s%?=y>yi<2L>7Y{HASM~&+hJRjo;v7uh z_E(by`qHI1>ZxC-kWn>cA$gNfAJQm~7t|YxD8#ewOboco5E-upjvKS^u}E=S6kn1y>BLu|h9FqIkr$E#Mvcyl^2L?fO`V^4!SBT54%~Tg`60E*v-%U- zrBSbydg_PEla04MR+A>4z)Y)@@QtAmA&vo7)d^-)=x*Xdk2B$p9B1f>>*bI#X5MgJ z^}}>aO{U(Z_x&|b*!KhRh*)ZW$(5WwuM-V%N}1f%Tm7mS@YOtby$$(;q;X7m{>O288u-c$`{xS1 z?1p9*i~Q-2u$H;H9LT=eZ7N4lsGFl-$|LbvqD!3m?WP!BSQpvtj0Oy=+VSPnW{O2k z<>l(!+_Mq;^X+L8B=D_MCGO(>iE9<&s4-R8rengz3^8Pe=_}0A3hHsKcjnE0~TkJTEzpT=dqw8~Uv`I^1x$xi}(oU^!Pwsr@ zGu$&oEKC3giPAb$b{^xGYk&Ji?q0wyrbh3Sz|6ZyUf`x6DojSp!DUsT=z{2D8PVQg zGjwhPQmQeu2x}gnP+Y_F3Y8Hn##a0$$nj&t8mg#n@~U-O_k8a3;{!wi1KLGEW5UzM z6rA#>baf#P3VA}ekkTDs39+)bLBoWV=}z+QOYixD;C#V23>BIIixw&>VqL7*61}jE zt;^%OhD>pCphWSR-+f@V09FCplpg@>rZSlKPyCbkV)d(Jn@tyXDhZ%vA@^ukg3BWN zdaeZx-`_Vt8;$|8pdu5Pt!}~HFfv)suS;xFG9v(WOrQ5jTj2r7c{sn{J~D$ZdT%1! zk%WRYS@7XnU8vD!kPYZ^xz|w4gYd@ba-RKz`3_eCo;41UE}jGTdm3m%~!Xk z#_!Us2heBeq)d{0Hi$}@l}s8_*iiw~?i4_pHa!B1$P=nw@Auom$J-fDRgXuzR(Gdn z&8Nr5{KIJv0-yF)_XlE=)_a{-Z`W74;PJ+-k8}6oGB}#f$i*%k&g0I8vhp_>!Q;cKO56Js>~oLx2d!(%bX*p9qepytlT^4(Bxq;x3v=-J0c!i zU$aZl`BV~T%NWe*XHIfS{fo$%InzY_Q!0lS9NDnQRrC6B2<>#Lnmg!Bt_=Z?8kpDO zOdYaQkPH`gb5JHVL>?hNrjx~*nVxQO2lcMCD+A`i$k?>$-bX+<(9}J4H=*Fqacg@# z#4DPC6yP5J?PHgBFCTgjnQ?G9Y$ynN(*`_19@m?-BA zAWfVV*4R65U1~Q&t5tk+nx9WzO6iHa}9tnkLy~x{o2bN+oEya zP163Y4|H0JcT1FcbHThtu!a#qY~G-9(Rj`mjmi=SASe(LuE0+)TS`>n!}C;KQ^aR8 z#+}LyLJ;KqimTTK84p_88mXty=N|r)LV@QiT2SY+g%Zv@bOcELn?k%Eu3zIWE^LwQ zyKsI-u{T6X86GMCc0g#XaCBwQ=6vL^6f)Be>-paYgs!w#;T5%(cFG=q{}*eEw_|$c`8}($ z@AgmD_V3s0u>U%5LpKw;|8%`R;r;J-^Z0)kHgI;NF?Mq@wsADKwQ;0%a&t;f=yw<( zKnR(>P<#gA_G6PiJC2HBsVc zyA($_>$Z-RFD&77UDkFCKUdis=uyTX6IqJ@oU? zI&F_bOU}j z=?MPO5AawpDK-5v^)kiA)GJY3KDSz^P|nQ*T{rACjta{UJp&A7Bk1*hBdlvGtY8+A z1TM_fufO?_0qrOGL%=S=h>#Es;udr{;Xxr9d$x=qPEG+!u_hT9ueimnbKbhzRxnp2 z1ec!0Am3x;9)M6vfNY=q*pLtjDmAEu_G;j#Ae>OD}m%C;|_6kzw(tAUtwzHq?;ef4@U8yWZJc;#e!wUm5ri5#Ei zY76Gl!zSk6pv}?(Z6!fZxeCFHM3p3V_0bvu1k6%a0no*V)UNoAIDBT(Gx?ialJSX} zbx*qJ`ep_~eXu=4+RN!TaImYz!G6^(u2uKgwB$U_Gorjjb3{!I2ksjo4qeCOntH3n z<-rJ6$_ko~nzE=dOrO)QHX;tGm@?KTjW81~O zf-;7)C}dUfk6dVaJj#%Vv{Qcwol1cUU@zF|*wX60!NJ1Ovaqy;(W7=5qcqtweZfo~ zLZU)WNB)AO8e%`4tgPHN#pHv`V0njFb?YM5a7vDM;^14~db+6h_es#rAMNj6CmQz$ zo_19WyL{a?hge%+S*yARPx{(kncdH@f1MR5XLKKWzyJUq;Q#8Qe-E4gR+aQu%>Bzp zzdbZtN#Ayj72%`nJp!Ar*^jgx6ADHrYe3xax3vj+d}9;7d3Z{=M3JaM^2gPa*jRW6 zfmnl=oz&~*hUZm`>!ZGI^1ToSRdYsz>rGm`T>4b;kCJm2o>(7K{3+QfpXdVQ0?Twr zV-Xpd#5Kr_Mee~~C0p%@=)86tr72v6*-Uj#UrBZ-Aq_~s=6nfaiurNOc5@usaazKg z0SI}>11qU=1i}}GW*se^S(OyLY{|8Jx$b0}Pz3Yx#X~OZ_^_k)duMlXg`EN@YCooe z?U71>jaNORddDJ7(0(rU(Wb{Ab1(5>7jus+`L}tQIz#-nwu51xmtKYQZc?@g05E61 zMz&uN+Y$I;=0BrR;oHT}ndG_TKr1U~NmbLqp9U_ehVH9n^VwpEGr&=cS_dh1FN6Fx zIaFm6imcbtzzgbGMI4k;v<4@QJy89vAbORH>(IbH=EZCkn}6-A zn8=kxgrEmNMYpT^Fk9&VF!!dSfjCSHk?5coK>PKxVK^(3#l!JE&5`0 zBpVk!+Bj*Dst{hDbX|tne}jc~^zmH!WB86=I8i_K=X&3i5KW0yp>udfl+SfTKPF;; zyzB+_?_u9^9%*plOC!CY6^^H3I6mzAuA(DH5<2qxv5fhry-{zEoDs!eswklemED6# zf)ih%(6V|0d6tnpU+91NV#^b_n#8v+B7WBj{`0*2yDyUe{k*hwFs0SE(>F9Trv1w; zzYz_siN2wet%JLFOh4QJJ&e$m*gNDnA3gI>IIx!h+MN6>i}GCb<<-eCs(n4_n|RAH zL|R-9j1mq^qd)0`ebC!-$Lf@ry3@v0QA4#;1ahy4E@Pew@ZJ8op1?7DWPPjpvgx8!%8LNk37RgD<`dv0z>HA}bVGDrZ^cC)067N8sN;C3 z1(0~GVdwM+U5l|B5CZCt$oB#4H^@0~MvyW;ixLhX%ZTv{Qd%*S2vgx}X+6mD<}*Ab zH~kEb2ReiPQ3{X`M1#>QU?>;F6Z@lcUFca;ZUpz7&B@={a4z;1l2D6u9e1*SM1RugQJ^s zS@)31VSjT3PT|1tsc%;b`oek>fjCWXF&xa47HS3&Uk?ovUr&!hv*>uJ-J1nofQI71 zk$VzQ&jHfKNNh@%>mpbq0^kNO#+^Tgl<}>Le4WF-4f5QZex2S8FH_x{UfnjZwVnE6 z6+}upIWRmI`Y!fj^vzSA!hQnv`#ypDo)ZFPgM|EI-2DM$msmkdq9c>N05}Z8L`_6Q zi>ruE1WnG6gTSoMe=CPbOvIfh2wMaI&a*AZUwjw~FqT|*jyn;6iD=JCTq8`cEqG(k zcJcu*Ev|O{MTdSg72gd%|BE0tHNeD-MJ4hH%eAf7ciW4L4?955j|K~>Tntbl01tY@ zZA9xr8QQQ6G9SC@W%l9op{E;V(*|8oxD1&-_8Bs}Q$u8wvKbTOFd?R%>P=@^JB9}R z&~cQK84D$?vmg2R&n1M%G`QHN0RkbM7+bnD`IgLVxJr>GY#;H!0kgtR&29u8Ecc<0 zYA`i{iCq5*-9i4TF?8xu?KPJuR&oP>Sez5~;-?Yk(&Nruyf_sFA}9^zb$X+ES*wlsgFGuH z6=gZ~tZ>L?eFFxaW73B!Wf4qRQYpOit7N&O+!_xRU%Lu|12)u~Er&*#!i{y}v@I&U z{tojbQ+8p-o8J5?`rb<&%}|xm+F?w2&0bxE3{7jKoh3+HuqIt z+UdJU+f!Sm9Zw9hDwGfUr`ZChM!gtd10Kg&Z~s8(R$8$LCFnAKAHc_-JiYMxH5a?Q z#e`(mmEG08RxOWVkI~8iu2I?4=R(elYi-CsVQUE3cr5-93jv2MdKph$rWHkffV{T7 zFAnRs1U9fa4}e{s?JXe6iq?;o0k~1*5@M@Y+sAs2>Qv);qXAo47Y!x!i&m53w_YYn z#ep4Qm1gOr-XAlp*%{4RNkUfh48z z7%9z~7)ZS~%N3W>FEs}n18|ZXe>N%`@M8?>RX2#9A~GdDV$@9m8G|Jp0NRy=3BqAF z9D3qdwo<$&8VZyz7mP$T3gW=3q15R?VAB&6kAyr&VPISB#vz!wiVhSMoJnH|4af2D zFI{jHR!1}gEuG~0Fyov^5dj!``Bqp&di>hilp4_B$iyUvh?hqNt8Q4NeI~o4KpMl< z5^?yHgDNG*(7MKgbt1S*z81g|o7S7{_|V6(uXF}H(_B+@TJ_sBpS45ydOIyxrBLce zm8A3wHDWaEjX4_Ja3ru6vcmCCW2SsG-SX|}MCLAVv)$Rif5O`<7v`7=SYeO$BOhl^!m-@tPq< zT9W;#ARn&EyfaFLuu?pOg+R%HR||l;qa% zSX#c`P-7yRYR4G$!f!GoCVr8k`Gp=%^t+6*lhUw)!=##!hqb2_{vt3$u?Q@I)ZV#X ztg43^_;kw>26Ws$fV5r^tpmeH4*e~w52Tc3^B{Y$ZcDE*He z=JL*6s0$v|cK0OtW_U*)b`M+u)MWNqj7ksnqw9Mnw+DalmK)f7+h&366ydRAbQsC> z`9=8^V{f^B8t@X%iKm|zE4frKwGs4e!qGnwX)qC=^=H;o_8fO_*8rP#&B&vw?zM8D zLz@zEZ^`E_meB=s#voal3KoCFCFCmPTG?8#p0bO8UPyJQ8RSY^OrGHW8ILAY!~VP~ zf~T1@Qd;HS!aC?s!Po&hQ=0c?@s>Q?^j=6d{v$WJ8el0qDd`-0C2mO5am`PQfGGUBf0Z6kEL9CNnWT= z`Q+4aC7+WOE$!laF|BFVL9Twr{Bh3JU5uAwj!2v7wau7?a@ooboP6Mm^5aWm#Pa58 zZ5{sUDfV%T&r>Eo!+Y%au4=$qN&@J1$LT_&3io`vVh@% zQg2mxPDZb(#C>&np~cHCOJ$FSgxhjOK?O?_^_w#{Q8*Rdh+%HXepCn>5mi`ikGTpH z=?Zbz^OH(G+iX$_`Vsn0!^j6<_o4$;(tE^msOVa5-% zvSr+OhCPxG_9_kG%l$2}g*I5hjaE+diiSB4UMiJK)e+o5LUCl>kUD(u&)%bLlnU7~T;58=w}(Z>*@RgEj5Bh71k za<`LIqR$cc@2@JTI=Q|;|ALwk&t|IdPyhhKy#ER5BmFDXbToEwF*h`J{Es;L?_l+t z(EcZ9{l7-|cf9}a2~hoC36SuU#0QkhzHc7H&=7#`Hdd){k-bqV!e>rWRoH<{hv!`O zF-Th6<#z@Y75P^N6mYg2G8`kOe!t<0U2bQYz5APP7Cdg~H|Zd4@it^*YMbrsBRVgm zXrTV05TOj!7r2u(_BhVA7FDI{OVACP8l4qVPL=o5f06O0;&}wV-_sucZvRYz{=P7b ze_NQHgSm|G&&-B!WCswXiEFb0-3W{x zs?{

B|%D-3mdnWM7W$p{JBf=7tIQJ-4L)xIUy#pe=&IAm|6Z_KUw}P~xTXSoZ?d zrGZNa_^U9q#!k>O8mF|gAeF80tS6^gX-=PI#iqiiF$JG&t1TDt({1_%jU z;61FeICx-7Z+?MJ7qxNPlxAE6Tu1x_NVA%wriAjmlVfv(4fnA?zH>A);=TYJ7md^U z!V7CUimo#sw1#;u&FUbPGt@w@aPCeF6xoVP&(@|d_6=@tz#N`OXe*>2y8j5W>F!dx ziUX<1JN2!h49Jxuy0)7P0Pi@Uc6FuS8)?Ic=iP%HMhM|9@t)Y)Yh4*PcVaIkmk-er z^sY$rG0w|FX=;iWZA~9+JW>}y1r5Gnl%d8R9ztk;!dbv%Shfu5i}x~fyP{c(_HM^ z0ok=LQsMS78OU`c5<;p)wqM>?zpID()PVDB=Pyjj`GO?Z<72Q~GnGh}JNUmmiZ$_q z_2!#95BlZ<{_keHq>N@0H83C7c2xmDcamq-&?pZt5K zd|3*p0<~y77!Pc2M5goLC^6=BAsh8ncMg&1awWzbR5frIG2KL|Da#9n?c54o#>es+ zdn70d9^bA9-li2W7H2Z2QtnR|9@+;P~CjmeYNa- zQ7>9g?tJ+~`{9{ki!x1K)bW!$3@AF^{iCd{gv0i+4<%e;C8P+g%7uZ|oW+wL%R*Wa z{iSU<(+68-kaMa!Rcuoh+RUL!(gI@$VMOQ|Wk{bpWYq4%{iQBsRIeGTz?nT(zdc~h z*a^L6&{((>6l7L0@&ifK)sQ~}t9dYcZVKw;z@{nt<&Is z1R1u`fE!n$kC(tC>8oRyK}NEf{GD!^%(+f}JO5|uc*$hGEcl&^u|A2SbmO0*U|#|& znac~QEs=FAPH(34DKa)T(;VHgU8o#!J5@RWE$AJ3b{aW z5!umCeD|D`u9$a0wJ+?8;T){o*%tJ`t-mamv#nCv`ul+^2H3w^?BD4ckZ+6qj@SP& z>i=B^`oCrVL2~_%ME@d}{`%d2i+-~#|504;Z+BCK|GT)Lvm?oOQ*_dI`sUlL^c@|8 z6|ZFH;%!qj@( z>y>}VUtcs%s*1$74Uw#6aQn|*RjT%R}!kyZEbtWNKHbkRJ&NM zLgh`U=OH~>T}a^JwQU_K;SU^Yy^u&Is z7X~QCKoc@1-0%cZw#uQRZh1a)LJT_E9C;CF-KpNta)u)QAtZ9kS5+@qXt6k8tg~Qn(KksyAw4qsZavQKtrtUWDcp3T|3& zKq`<<2=r7E;1%kSE@r#Qa-lsd5q|_0&UxcQO4aVeUAzjSr-zU`aoPK`4MB<$<%$X= z$T5>*XtUGfoL-BWDkaE0B05Jg*k2c=$!GHtkID*n@rk0Nnk3ayT!I^b#*Q`mEnJ?# z|8md@ajBJ}ZwLMQ_Q8K1DStQlzmUk^Jm%Zn|6%FTO4f?={0N(YODTf#KPXU9l_<*1 zh>xS-s-s$F(x*_IN`m3N^kW{y27`(cwGclu@ZSMHDMm|G#dH&X;M00`w!U$9rmlT_ z939aSy-ML5d>5u1w1rHqbZeO^21?^5yJ{#ZuO(JIW~MU{ zqHVNrh8r3ZNOjrF*>LjCFOPW9W|=Mu;-jkBcAGKlA*NMFfNBaeVm$CX@F~?GYYGKF zyanP?WPbA2Rb9syjREZ{Ug4T9ZiwM~`IzGcB#Qsj+I8p(RU7S8AJEetqI6#k?fn{l zr;X>ZOb*vPuMsc9C-9Hq4Ve0z2D^CcAHipJ{k<>dQAIhg#ODU zTe|FJq`ytl{@*GD^#6ZFVG%b&V>_qss*V4)&3H{ZU;&iTuhQ1yh!*>DE<*VqtZwmn z@HUW?bQM?gEPs++e!95aG;@n{KLhY4u{Y9~V-0ct&T_ov>vc?jid|*{09O+u4rvP( z1`{uWpc=Pb+0|i}Hs_LUZ7KX?eXx4DRAZXU&2h_Xm;6)gqB93O39@o{93K;1!E!dv z(~?Eeq;CO()hd)$ga7|A#;$`j4Bdzm8ZjTPq`Dhkxv@v)qKtAU#4> zv3X($za(YsW*h({dmQ{Wp>T19m@uV1X7RRI)S@Ze?C zGE?WHk59KR0K3rWDAEtwECA&Nh{<#}B>f)^;%>N;Mplr`^CXhz9Qh7*><&AKF3CAT zyYfSdm?P6qJH|F1L@g4%=L{E>PSh+Dh3g1^0!3~h^DU~xNc}G%WK^TmS;54~LSKYP z9;(A4CYJbziEtsaQI6ba>*s^sF2817cM!RM^~$%$7}HU9MeEMm-^d5BC5=2L*VD2> zX8U>~1yoWec4R^sl1$fr!Susv=@5;V4IX*<8-qj*^;;Ti>7y~GBp0&HSemOHXi-Ia zGqZy`N+MfEp*Be@a{eK;(Tkiljh^tr-uwpF;1JQ-RxxDX${+o1|BUi~SN>mhQ2%?B z|8M30L*?1(&|XTa>0i0-8)N%qguwnGY#~2?A&3f4knm$Ch^I3`#s$g6v1b2XkE2XX zcfw1Wu~{rou3W6BmRR1fXcpb50JMTArdd&0sdmw=aoKv-%B`%d=|n3$|H|@YViG5# z=JVxaJlb^Zxy!zK^PP5dKY*X^0nn>7yXgb#1Pg^D*8*z1gu;h>+uIo;{HodPj1m*= zYbH$zGj4%gu~c>S+!hT7i;Yn@23j0jAoO*k$2nnpk1zE8yjXRzWKR$;2>}_0!%Rmj zq|1snWv8L9ee64(ae5s=`hO_^cXun?-JQbS-QC@xa46i}p>TI7 z+~HDxch7Y9ovB{)z*=YVa2~Rge96vEPCd<%g5Ou5Y_pzV&VkY*03F;0MzLHL{WWCi zLgsDZegt)8&B#vD=%4IrL)>cw@<IMSrWzG7?t;z#@s4DT)*}+3~7JIjB^8jpEt}bY6>9 z>tNhXCS2lDLBa+Q^bIq2zJm$(9I>)H0dfk%Z8zE3RzY;8GUK z=ngZhDg*uaiRn_EO;-&56=%jSCb~c|J)9C7bhOCR9nS^_SzU5rF}=L1$inhi)H1`? zasqm%$LkRp_TkixdV{Ri1_~u^ubZD~J4U?8exONyyz@IYJY5`hG6Hr40JqA}pt&36 zKHjuF&ZV9KOv#sqPQ--GYjcQ++7|)b%ieZclz8dQGAm*Cx#yqFS_z+WjfD48`eor@ z`0Y-t4f4(d{Y76(Md-?Or~YwH;XZJTlBeVDnNUUwVzJ^O_>)HjUg;e8^EMGZZ-HO^ z2_bNZVm_e-qtG$i#8|xLyM`P+vkHOJ90s*iEnL9se$fCt-!Yga=8gt)6nRW`vKNaF zsKs_(PAttaqaG2gZNkhysMrlF=O zlv}nTAgfMGswR4(-Ic0KTgEW=`x(g2p)eZb``%&WttalsV9l zkRCPi6n&B!?t*b_#D>b4KFhrT0S{4`{k2Mc7GJs+ETb^$y7thCn_e!y$dZbleUiD> zVMnUa^iyi17CP0>xZ2?5B{~}Ff}yAfORsQ1M3g#4`bb4*(Nefef29UAhNADE824@$ z?wqX=h&*FQ_0#GHvhCqU^PPU_ zUULSL=BZD~?&THiqSgZVAkyIcBK4sl`Y##W&3NkoW+b^{SlAB^O4xn>o`9uaQ(W&N z!BSs2u+GQf;EE%ieulPP*`9$}a<@dMAjIAiV&aSfb%vvTHX z0cy8;K4SvaHI5+v+%8jxT*qKlD&>ERysJ|mG$ue9{oZc4bipsS^qzfR%$5v!>9lqP zUOpRyoMy8^G;6B?R3+mfq#ZOm^CPQHD9ny5gJ>XnmF*r)l4?-5v!v1>`YO0yn-tSYQp7WA@Ll(p(lNdsL(K2-&sL`*Lg4^>mFz* zCXqvGx`x(S2Z9XPoMHypS&4^E$}gjg>~Ax)E(KcaGS!_dQs2Hk)Pz}#GI}MX^=2T= zOdflHoP_5nS;dEvDlrCs&k{s#7GHxXx$e+NC@b!t?(dw&%xLjJZ$)FMCC4^0v+JdZ z5;>~b1S|(jICiRJ=bd-gHoLai4cBzG*_a=$|K`}HbUBZt#YqbVYBi{kty>#AMiq5! z=r_u~4QO$c)8-y=iG@eeNR_ZDYhVQyotA@bHEUfFo{ULX9QqEMx3f^E@LXZBWS|gE z?f=S57Lj$CWQ51Q8cOhWl8&D+Ep%|)q=ZFrnR+~}SYy3ORK_Z;lrJGDYn&NA)o`U3-nS*J}36EL*Bb%t3zrMI_eVok^Smo&~v5p#+@zj^BrL(83)(t zB!8xIA)a$(rWI1r>w*kWUIbG&;a)Szj~Y=*v4jyK5do|rjPHoNp+ID=REq0FQR;`Z zoI&+csjMF$w~Wfs`6n!+^NC84c8Stw;Uij5&}*RZa7wp;%ES@_7j&^!VH9GtQv+d)&xLr&F z-RSg=o;I9X<>bzTBEc7o$ITs(tk4I>8~}eTmdz-eVi(HG$!E#QC&?)$kyE~xh`*V0 zy(qEVGO+D76u#iVKDdKiu?Ti#p7)^7L?IU0;JQu~U8aLkixrrY&2q>L6d90VK=~Kh z=@dc0$*eJ~aMwuPj5j4Aq(2$>fliP?r$gke+zjzE=g{GsWrRnz~7B|~NJt~x3|xhr<@r%oal*B}(5L(WMB9vh!+$&}!t*JZG0!F34Ub&2YJ za24#SfUdBCIpEb>{|XNZ6!Tw-51=u4n&LfLToW)eh$~cLpz|{n#W>U@bcg&Ie$beu zbn~+rr7UTwUlID3ckl<$3y5$^D%apNoxt9zcpZvU)_rX$DF(yRXIF}C*RrPv3{yUW6TW`Q*HF%*A>nuOwKpZAcV?&UL(UMI9xLcZSkBC{ zgfzWY4-Wyluh5^Y7h*rPU8Lb8j6_iFx3dZ1j91q~-%jmnhstE}^GYT0q{WdF!iG>q zTR~iUqr4Z=o;Os~7uJI<_SUt_ejHM|YYBtsG!nGK_5Z&zPyIglUj+alC8d=Q~eDF;N9?bWY1Mo;%nDe}n~Vj_(1nCMQ7wd{yB54I}| zdFOO^&FRxPwVYNdrlOcs#%A)quY@uki*%g)q-e*DP#;u-B==jW4G`fHPJ58=vaxWA z{q+DrkNkM16|NfuYXHgGgdCE!T(cJ4_SM}WEhwV(J~(sCvMZ%!nFR-D=o^r-3+NLtN$WZM1aD9&jFqq@|5(VE1)Qe#yp8WLmMLd#tvAy>ZWB_Poj(k} z0b9T@(D*{`f{r1SdY#$BSFA03nAaiK<_43Lfz= zIZdv%@NJw_TCL=|$y<%faqp>?D7?ACb1o}flv{CJWyx@VJj+DLD#G-wZ{5NL1v6Gm zTt{rmm&G)6ITH0;oN?&%eYrxwJ9tdAL+sPl*sW0@9K{?)hP%O3s$%$IFRL(36UH|v0Df4Jri?B6dbj~fF+z+<%R^vC=M=}r-Y;L&oOFa3jt{lgK1BH zf%>q`u_+h&;(on)1$qS_8@B5v+W|};0sd8BGsrg7b@ye5=P}3)q6_)5z!M*VbVpx- zYC{eaA315KZ~QWb$=zGneUxC`k+jc~7I;#Y$7?5QM`r#JrLCW#wr(kcT`5Cx z)*1nu^KhW0B~I3IcYUY6u^HRY0QnF{+O*BVCgYZ_F0ESb(rC9{a^0M4ZH+t6Z-##T zm7`;~blT1x$M}^NH$(|JDyhgS^wrKBW54i~9BZKuRK=~DNz80+sU<&oy=JVVk0}W^ zL~~x(80SlgJayYq~gy;-zA2h?mnrhN>$mJ-!~ zD(WaI73fbYn}bFLt1<2Vrt(^&oi8EO9Y&Ek!5=tiH^&bp3beSd@FiEnBU(f>NMo)RzOy451atV!H0m=EBAqg~Vpq5Yz5{f`f-^x7X`%#r%{*qh#76x>* zAiMQCAi}5Ii$)lE8PXHM;rMoTcG}Sj&;^Ov11c-&5hJ7GioYSmYnhK!+DCv7WNz(cRhDm9{bD5`vp{uU=Ht^QPUlH zHvzEGl6KRIRF_*B@8?b)d|92+l~VQ{x--nN@j{%ZtmB6_@S!<4amZO8ltO1YE8kco zQ+{C?^Ti8+)x3LO4t+%_j6Ks&=wGFXh)?Yj{I$F5`-VBNN{Uc2cz#qhGYNHyN~cP7 zQNcQ5XL-X*J10*^M`W5(Z&gP^@u~5cwU!ZTLmP}*uATKqFG6eDq-XZ!Q@_>9ZA6oNEwPRTebH6G$y^M%MS0GkS;3dO}pUB5*m|HgIw^H&M$JLwCW+Zg?pT>NdG7k?}X%!m>s z*T$jIyx11dBA@{BslNnmM1@k3(geLy*-^07qWp^JAa{|H zkPw@)RALGcqTU#bMDgTjIhN-HX7mN#OVi>U+dQ#GsGTZ`TeYp^yCorUY**65?0uoj zdBg=R=U{JY_qY0VtEL!UDZjJMTOuTii!(N)$NmI;b+lA7YBecjP-$gvWN?otd_)hN ziWkIF%YKKTiCMrq(1Wg(?=lF@pimN}RCmUEn1B#_KfO^noXWXnV?TCU@I4?ZzY|%{ z<7$`5JM&0N3;InA4zH?tk+%_BmktftM4D(ArEZ1C&GL!QJtW=?=PtByU(Qci09h6^ zI~i@o>pNIFbsZ?+RNioq1T$rwnw(DsI`ic652R2)dY7=o(D-Db_<%z1R+1S6;haiH z*JYbz!7=tlG+b73Lvh;@2XJObM5+h6)95kM*%ClVsSiT^0{fkS%D*+D8-LQ2DWBf( zzf+aWe}+%Q#>mdr+{Q`%zclmzmo9O3#JLvz&k7YJAhB3+fa};M}EW}Ui{@jrrjo=&L)7C-k6ZYRzDeVnE@)CL@@o7 zBBo)M!_Rc(=VE+KYppMJjHI$kCwVmT*kxhyaZJGOOV|oW+~d$^6SAhZ!(+CT@@b_M z#C{FCqRn?ctH-VUcN-=W;!9jR@8>zKvW|{^S+XXXcyk4^&h+_d?o@WuR4{JFeOA(g z3OUyI5ovIoWa^BHAHe3T;vw!vH8*zHEViD0>pRK(q`(f+cxan1i2FVM=F%`p0VPcz zmc7N8iupHk^PnIHZYplW{w4eRekza=x*n)fS~2p2OiQQ-+`Uwb@?*y6{9iiRw1AX2;0WtRLF4&`2uef!gc!DV+I$+y{wtV<9*+sgYw@u*leCZ5<4<{- zw9A~$id6EV*WzuQg^H{P0=1c%4s!_@7UJM%VGHlqPfbF&Pxa*WXse3JTS|PC{QST% z`$-s@8&)YwoF=e}-h})NpmLNn2mMfoHx=acTuj-eV%g`>e7o%u3VET8P$0)W4PHb< zOU86%9PL|*J!!42mgiqxS7tUKg@_v&*zmMV3F_YO1mTdPx)oU$RoCb6QOivDKd-Qu z6=b?IALgNNCN$0O&RxMq|eHR&aM&bDLnMjymI=j3zUUa3d16!8zj!+deI=NX2 zedR?4RO6v~T&Zm~7zFO*Y>FCwacA}$Pl1^BQC?n=7@?hm_Uhqm(SBrQ$xKkUJr8n% zsXw!5x{51a!3{i@ooETPH^Lx%v&0A4^IWGbdE#jfAlzx3@V?=7WzOPhT;2)%2oZ6x z|DHL5GYE*P8@oakSns7H>?zI^LhgWlz@1DlT2o!0aXVEGAw>J~3()V_ieYLGM*1}R zZzb3Np5a*jZ1lfRWt83Rj7fw=Li`Xbw5QK;SX4Y);yJh? zqZk=wG>6GhZ5P@Pky?42^HkAa1eTMd1Xo2x|^;Z{gXa&KgkxsY>;QJNo(*}TtV%rn^DiRhQ?7r$Gs>`nz1QZ?-Vh~295Gh8z z!`cUhluE4YgGTq`LKv$9yT#ZylIB)I!pE~ra zBO6GW#Uj+>U+cHhA1$x7hoTfm8w7ERjlYK*JPeKK4wTX)7pSa_TJ+}7( z3XXvLFV#N(wIXlj$@J0n=^RG?QVjij1@j-0?>{@pZ!h_~cPLx`mL+-9c^s=oWbBFv z$P0hM0*s3I#U0X5ydJ>5#pr6TNJ~`0yzV^ol^Qb)Au4$4onp5&rA#T(-r7NKl5@&^ za&B(U`|bV;+814Ydb%g};Z?&A-@#H2rP8$>^rB5?SZLKTpqHvyaEfn(ix-9XTHK$| zf*_bfsNSlbRV*-jj6uO7pg)lY5?Ep+KS=}uL3*$nlfj7Q$FY0#a$Mdim?Bf5E!0Pn znRMbcH&)4KrcZQCpB5F#m`xJ1hasp7q_Yh`wu$(b@crDO1cD&J zSdcw8>JWU=?qLsq9}7?FcwX7SWVUT>yf_w9IO&(bIkP(JEPtU^6x$KJd=%>utnx0b zQ*sTj6p&omZG5kVVrot(p(CF|aGa8G;tfGLjtpl3ehZHP6TdIK&(}HA%P46bmirRvu4^^G%Jk$k))5}J6$4U-=ey0FcvxH z?Md;=(n-|rO)`5Nf|)sTUy9u=`|;@;AEhCa(0)S2EyJ_$0r~khVgjvme*fdVJYhqU z_v$Z#B2l$!LE4#hbbCQC3?$0=^3L;>gY7%`H(0%|MW4%&~;2NfJb%r=>K_cMQD{)?vV-}C2xbRI`12^$kzM`NeI z*R6`Hva9?knNi4Vvp{)klF&hDlot3JJ^(v_0OMn_yX6WvWkTgQx ze5?9VC^5?|!<(w2l-cW?i24FG9Om=$!UkU~O3&VSemIWd!%wl$7Twevir&Dus|-G- zGrE8=#ry5|no0e&Dub{H?8`19W7*Fq`+3jVvKnw4<7Z~r9{Pc8m0kAT>jI}M|MrwM z&XQE4EmWNkP)}(_25k_NaQ;q+aWp@6P5{(#`>#FRXl|SQs1Y6XjQh0un3unJX?+9{ zRBOZGyK#S`FE342UHFN<>mOfF(m$71Vj2?ie}_G8RkDvCA^5{u!|=51PD_AWU~IVIe62ZYH6v5 z+G(!AQBcs(>aU1x>Vkk{lwqjK?mU8stU79#Ux_OXfiuh>VFZ?Y*-pCuI%HsON`5Nx zi3{T&dku;|<05TqYWm-tjN+Iqwg5t9PYh|WuMAFTg0D3k2;CX@9wF#T91SNV6Br~% z6#My|`YxuWYjS_rAmDyxO!({=F?5^)T-9+|^-1;dx^5SJ4M2z3T%Uh;QYbHZDAS zk=R7m7%^uLz{W=XZpXu93j8^VWPbarrspNZEsI3Sj?~X&@~5POWsq5=>aZ-vHimw8 z9@$K=FBUF`HhIPYMuG>ybE#9uafV=~(v(`_S+!kRAM)^3sy&gQI+u@9T{o??wVb-M zDGK7zX{$G<)-q*1?^cr1qYrZMt1(>XsfeE`Ydm`E?tlZT;|S;j3lHt-KG3!mP7;Pj z{|PSiD$y^=$4@2k(wA8oL)`{0M_xBDvxDkC$6L zkMx9Y_W0dy41mOt5M>Mfb{Z!TQlrV=HHm5tdOqVYQVIFED7bIZbLDMfyg9ArGDZ%7 zox@2Up#`EKPMLW>M&kL>RuL0f!`Ru(UlR7- z1l9hzB2?l5mAH8BMhlLUDy*g!v@%{F$@Q@;xR%P>ja?EP5{Cn_;ay_3b7csiae#qe zgKTx0$q~5{Q?gF$lR58hysRT3liF9^Jj4-NB zmdjd((8juWu6aFTZ2QTJh3FCZB^M$~92<2i2PrAWD86ns!iuV)Zrph!CI7OxjQ~gZ zBil|I;_{4JZb3c;S0mzD{|R1@Sv9D=J_vf6`0RBhY5E77=zf4STF_1k$QUDsV0Q); z{MEj;y_P;172Ny-AOB_MJc5IjvOy%;(0y-r%jl7Qm4owil^rg2B%ue;BzxW4Us7eR zuD}O`Ph)3({{8Q*{D0`w{%&k}D}6&_Yh#au+VUxvJaks_!!Ag; zm`r7QOtn9Byy)Cts&##UZsAE|3LzzDRP7dC73lNU#~&nwNc7pK;}#gQXSvj`SuG#P z%{cTiR4I)egAn#iA#~S*xRW<$RH0EJ*`R_^#O<)61QXOC(xkvq-G%E+UL8RI@6LqX zn00<0U^1e9Qj9ws!WeYtbrAWHO`lwWTHQ8?a8RCBp$tLAZS|NDL#r>LK=C7(Awpeo+66Mw9%6Ig%6-%4yabDova?!#nY{9y$ zHk4Ub@;Ocko$D5;@EeK{)&mJliS^Khm3V6SUCsEAB@__hPajDEc|awGYJy5V#h&l} zUqNr6&`^X?X(+|*whv)M5+8E|N16f`)IDnz;>vs$pPMuIrV|IDn+#FgOT<(w3~*Q} z;yZh-J-g|)1?O0>SPP7A(slH^3^O&jm(;Qyvc%ZZpe*j|44v9&XP*qNu--`LO!}~Q z54wW0@P_BXoFUC8Y{tI3SlgHul7HP6DU+MAaJ|nskB+<~rFpeAZX0$Vs?*pp`Q;8a zrD?o)RJ(Yr#FiZP%NB_r<2Kfv<3fMAPXfM#C-cs3qYo6m0FTZ+b*pspR~LdajC>B0 zB@HhAft?*mdT=(Zy45S%(b;*wI^OV>Y?;}{RppD8B zK~&bbl2ut-9er5dZvdQi+^)gxQ}2eYk@T(3o}?^oSUV}J%(KC|7<|fNAAyB0T8}L2 zm$MJT@GVZ^&$ST>GAY`n>D4W%(@sf(N+2i^2=aE(1V=kyfUtUTdi?`3KnFy{cXEO~ zOVb`;Bsr#AXYdyI8^5yjZ#X^ujb8nS{f&VA13^}>(2SI0t-m6u#Nvv?LJBxo$gz_y zSN}v71zA<{80GA_U&z&C2N|m%>_G!Rj}L* z!*=}B=qR<})@r81^%txIM-N@L9z35Re%BVS_W&?=k>6uy11AaUknL4gHy4ckD-w@0 zjxkZqUu(XC%t|-ipJiy1Kah`KfM1lRAiEv*5^)f_mBWb?7@D|3|?ac#;qM7Nr0gCbx8qu2Hvhp4K^8DT-SW<}o8uzCPozni-$R$Qfd0b&GW#s2dAXW#;D)d9O z)5-I&eNF{W2Cjo??3*;eAnDox@pr8@MBB9%u&jO56id5WQ`c|SevMB^n$L#e(CwT) zo#$jp&Gg0n@{{jB57mQoR^PwdzOnB|^OEXL$f|4<5S+~z347~pwep`1@-Y7L_i&4N zA*`LANq;TW?Kh^^p=AYmB)b{DshYT&W3&UmLZ-^^-(d1+2vOG?BD&Dwx(@Uxt+j-F zh)ZLHORnn`1%r?6voPT4C(h1z)!lz$tjIygHh`TnxPidzBTnss}{asA;XfY%G=8EC}*v|f^7u~_u#r$(~;`8?)KF>(~-J6uIw&6eMdtkkA%x>WrOTy4`H~zW<7eZmHD4QyNCa81yzgU}eteM< zHibDQeR$sRy7buWY=3#*y!D)QO z#gpUGaT<2ilb10YW-!9RYjzuFQ0jE@7C|tQ*(2$Z+`3^v%%digMpR4=;D1z;xh0&+ zm0L`%xKzarUU|?~W|Z%C#&t)2Yw5{#7eH|ce$Q7~ch#)MZP8!fSlc+%5nL8nn`bmK zz-TVLw(Yi9<|croWjDK?&<<|h2|7#awq~J12a-j4(eHGq^CyUXEg&1T%W&z~3h};< z*Uw!}YqeRZpN9GQW`@>EBYovD)$b)8CMu2z8>~2UQjDs6%dMmx=28mnrNXy|JrQ7y z*X7&{9NzI9f>lw06=bp3Dlie{)ss3~p6Ag$paITVMe4yTG0N%91%x@E6)%`OnVkN) zY(!DYn5$Ueo6N~E`bcVeo;2Eq~ps)0~aFF3PqPg5crim8;fkZaR-Hr7r@^sn54oH9C62~xTg&30m( zJ?n-PvzTf{1yZJh3DNf9BZjwl&UWQx--qVW^$&k3|8(b0X*Xp#xH2$5BLD5nmqhP2 zwx5;h*&luR_xZ6uWyF8@@;~v~|5&$uGh_e47D7Zo0d&Ha815gAZ75Da^R>J1lh=;; zT(?!!kyt`}tNF{9d0)gZFFleuFc}+UzByjDKCInbw7*^5jJX0ts4Gkl#oBiU+u)_& z@krJ9EHB7RYH!|Jr?B6#XL}f3s&C9M4hd0%1=j{cf zxQJWkgRJOq=7)-wE-|*gU>Y~&Dp$j4SQ&Q(f!SaGySvC4%o{iK zOW97!D)M^hie@-RC?|4oj>a{3#*raz^Fi$$$E$JkYwD0=*c{!g8pAk|Fn#V`v6vjA z{cDT^D1D$)Mm@0H5B9p~78%hD1`5f+izBNf?`mE^a5pP_$ znmR=22DtF4ZW#F+fm3)0IfMi`a&k0LmX$D<{qbJ@tc19!Mx5*kOpGjp-P!^z4h}(# z|Mv(A$@V~FPGZqZB%PFCpTEiipGhS7vd>U-x9(s$^Irpq{H&|<>ifeJPloSkxt=@=ygsX>iI!(-NwNJ0`p?Gh%k~Epbp{ZJn0k6^(#~kFg>NKc zn&OZs31&Or$GQ}|&!kY}y5A=+1`ryX(x-U13^b1(d75xx%q{ylUalq1l`O`@&HXxk zj4^1bNn>pu6}F~7f6tJd%saR5u?;Bb+n#x|6uZq)6ACHmCmkN)M{7QsE0jKG3&UGO zaS~tBWoye~Yl-T2*JG8%Qc#(?_6}V3H0qp<`Tb-mW#Wd)bV5t9v|`>`0YQTT;tXyb z4|)vfOJB4CfyaeAN+tznaDOKwwyqHC&YU%%4I3X>%`Sv(Y7k?823s_X7&8tlR!+p{j3XZuFOq>GOsDeXHZY|MA~huIjJp9R`o9?YV`$BZHG~ zctwbfPc zkEId06RcdMxcawMzW{5(}u7<0T% z4~HQ4iYU5fB7asE234Rz4cci7#}19VQ#a1z-+*atMu)G`Ll8nTpt9LP3+P&`r448s zLJqR_Qj=qKs>r6Qvc+Z%`QFz;tS>x3F=&SC1L9sWS7_A!t-vsm4f9}!+~g4JTYDC- zfSK&r_mkrU+!nuIIr8@C_QCvv-=$5n^Z2}74kYu5`f8?&rH3I#<&6W4gpGtb*{gO4 zO&&$VxUGXdx$Pk}Me@8cpB?VO&J|1bG(_v>wAeL_y*dS?_cOnTjhW$6F0*zj%xIF? z?z!B2{WiB{X!>n7wZT|%HrHg4cK!If_+b<|mD3qhV{m)(zLG70<5l6!yvEF#Y=sF; z8n@x?cdPJ+LJX0DbDC9av0ka*kq@)++-mjY8KlGTuBab3@kS-b6fkpqLZgF^u5j|O zZ7R-|!&QjQqVBNpzu==xo+bDqFt5{ySw8ozB+=h;80-RjVgfPnW|#>E2POEzhpN5N z@Or2alezoPi5aRNUWk00j}zDV~;u~!jrayt25b^1uB#2(DVA*LVd z2l)Wm#ELu$|1#qEg<5%X-dmyKr7fKcj(jFluSS5vI55p(;w@yz zlYN~k(~{c9U88c3?xt-tilmQ8T1jF8&-p1Wi!Y0WAAjTsM|}*0Z3-uj@EH+!!u*Xr znovr0)@SnAqp^UayN#iYv6Gpt(ch2{iW~cU4N-zW^7v7033PUP-K0XT z&VVt{N%Tk%8P&D6EGWP!FpCSb^1WEmd41uHx!0Fd^|YiXeGWVi$N89ZbT9D%Z0yX4 zKYxk3H;fp4HY0wwGYYrNS+DR47?<-c6iXq$6E4l1p*{|sVroy3OY$Ua4tH{xnJpZM ze8pz*lEu4_U!hzrO&Dm=*o#1Z#6kvZOdT_VM6;l#9<+9R5hrq8Z!@*bge;QZ6cKkaHG%k5dV`-FRV+=$5zu9 zTEE=|+G-ebqf~BPZCgr7*tQXW3@R6m3+?8olBK3>#iNp?GDvTh2sJ`4-gg3Q%gicA z6IgjcIBXin<$kmw=)JlL`;a)MJb!Ivr6(YPUKz2iD>f z7Fl!KzrztTAq(_dJBx?`>Lag47wH2j^#Twa1ZhZu$gsOLs8Y6+SNPqiSZHrS>-QCg zx`MC|5`{``g`{b6kG-5I_qUQ#P3vbtq0^I$hlshC#0FL{`ikBNjzA{;WJ^ zbn2c)21tClLlSLYvOWoS&F9Cv8Y45FW$q-W0v5*aK43a%bioA_?6R~+3dR=YWlqMt z3)=g8Ka!sOBMT0xgXb*Bhz=oZxM$TNvtB~lKXM;bsXwntFCOvzY1ee>he_|fF$lTjO> zeTI4s89CkaX;=UX)-GlBUhsLWb&Q>{4KGt&Wttg zV;CoARFNfVA1@zIpq74@P^3?~9@bbHBC70@u8%XJxe!xA{UW$8h<#oSvGLwRz@KDi zF;^Em#gt8f*u@KJ9_c)5Zpp-W)>zOKb;xXtHmmbe?D&Ro2kAY=OC`uNE9!jM5GVQK zkXSn#X+@LZC+$4>N!pWf5od~gKz<<)F#>Jg6i;h`C|Bm%jJ3X^E1$g zJ9zXV&sRUTdCZZ?vxLLUL!Qfq!?(xt%N$)mb-{@UG|-!*6M=p=BNX@v@v9N<{@O~( z_0kk7RaytR7*fNeosl|oR>6X_dIc8JI{`nKa2NU4hf88oV#3+pszqG6zGP)n~jMdL$DO-$b~nMmsi?Y{j2mG$#Q zSTFhf_$o`wAgTSath*x;l3X)1dfatO<;aRuWyUH4)qxJ2+o0|gisARV?R5Vj`NvsYlA4cX`x;d| z#T%fJc;jN(=!bEO#bs(G689dlKzcrXhOd-Z`{mZ-@W@>^BoC%>i7D>+c5^B6ClU?*v; zM~FG4zE62N(I6!otGYXmY`ndr+RgTugPY=Jrj*`|0ZT=5@9k2f4Ce?~1Xx_+3)>l$7ql>(u0I z7JkMEkM@S6#km7dx=K;^h7~!{+?eJoY&I*^GswAd$~~f`9`6=`-@?to@bqgm{a{>+ z05-=BsiZXbb~nKx-t3zg>{{UR35s`Ju{(BemT6YoFr52&sA>KE)V&5)W~zd%?Y2WS z4-Y8(4pH7Nw%c@<3XoMVFn3~*6-b|0c-qF$KeulXMWA~S#?Qo1*7hPkoH!BdAdz-x zO}8tyajW#92JML{tH7_amWD1-D?Bm`(2OtAmZoeyk-Rx8C=FAM01cQX53EruYf{{9 z(Wg_g8TAqwSWa2ZyKv9P1d;kdO_Nk_5yU~P+}&J_mcVjmnw}xFuf8PS{cPEa_o%av zxUN^=F2BfG7tbp{mMEC<`V1`vn<7lHG4KORZh3^mj z=Inv!G2=K(Xc9pVRn{V;>7<`nSNmh_L?+6US3HD zcH>Ue)F6Y->WJF(Yfj~{(m0eTjrqISEcEy5$=RJd`1>`NX3|kLDvg(q{9dy4RO7A!@KugeH-yfPs)Rt}CO?Lt5e z)`k@0SQ2Z2C;N&@{JFygZ8+4Ha8s;AJp8N+h!4V=+0|W+k{YoFK)5ks#me7mfTc0&Cy^@81yFUdeK5y+K<%>|N}|t-34h zgmok+oJE*w7szqk18V%|orN^U2Ibd)+1sf5VreIhW_FuK9mHiRJbRVtg4nc>k+<-? z<+85D9OBraATQL;)X#t zR5v)iSc`En`rwqkU~Id!LDpM;iMmJn&ZX!-fsy!^s`}qI+_3(Kcy@C7{279DJ z!R>$AANcQY68Nu=zc<~KY@Hnp|1lI&S#dxXL*cO=!6Oz$V@svghmIh1$81Q~L)!&q z&;eP-kQR);GOHa*HbF5TkH?qThjtqY&_)GDE$_uv-cM0X8a>Xwa;psG$17Z&TYp&d zn9}}#jJ;!*WICR~fDhHR@oPk>2w@2u0dtJjH7J3hOY>!?PZPNzVM*j?6ME9;>uzKfI6 zY0K5LKE@rljeH(U*O}L3yQccR+akxztxjaj{u;@$wL~vSCB;o&(L&T86{hMty)wK9 zn1cVz8X6#3;`j@K&A0GK1{ZnUU%uqUubkAe#5_XK-RbIDex+(%ZLa}q%d>U&q*1Rb zE2fnRZG2!3hKeI&5D9n1QFcs&lismi-fn_^!Ey$ZL2}KqW9N~Yp|)!zDOsZltwGkf zm1t$*)IH@W8IZy)U*SyUwJQCodrDD7645Pavp~NQQ#OYRs7;^{-?Ma#QA2E_uX#Q{ z7t0siD!Lh)1^sL00;eZmNKnp}yWoU=1{(Wgm6~qtmj0LHl$@jdAXsotqLKCJ(=>sv z&9=)DqqO=p{>-|avYtnnMihd1S%w>&tZ*h>RyLYeKS^!2mgjpyJ4tOmiU@CwEV%bL zExO6Q!+D5m^JYap4qhd%r0-&h!53vzZ_hfYwQs_PsMEVN!nDNO?9LDpg7!= zq>Hu5N%T*!UG|p;%Nc%)aq@Onn)F12ELQP>R`1Qr>fra~STio?nQ6!Nf|JH-Qq z0wc+MOPJ?gO^rIW{))v(Q!<)*Y`c%M`wSGWHoL}jr2}@^36BCu%tJ$p!~Tf`vW$dy zH?bRYO1zCiT{_0~Wp#&QLElSP1FD<6WkjmRa^u zc$IoN`f~?%TLS1J%d%b;GfiO!XcaYfJauj)JQUVyc>jWeT3qVW0&fm zJg`xf1v2s6)G+ZBBP}pH?!ylLqg+3wgVDSh_P8Z_!fU&wo_e}p#y%!?FkPO)ekpg|wBbL4O14_UU!cX7$S`KiagDv!0? z3J?A)`1e0VeWxce(peLI;o}|-f>STHggv#Wr*C^fq(4ocb4CzBoAYrJ+g#Yc4{&^8 zey^Ae!nC}{hnMQ?9YxGfGnVqooCSz{_*hP4NRs=Xhzny`DMk1}bN-Tw=qC?|wL42( zK8qxxe;B5xmhM9*-G$(t?Grouw7K3A^l97n4*5d8F!Xv2O09DYF1q5|EQNIMG#D6% z8T~+pC=afwJMs9}7qV*E`>+SN!!Q19aS}`dk(F+>UEKSk4%ZibuyQU=Y-;Ut&v~2y z8-xMn4vFO%49USNT_KZm3f>(sFFA&Fu8l7vir~d(0tn||>M`j|Vmb8%k=VTwOPYz^ zFv7Xu^JQ%`7we~cNaw&`bvBNpLK>xvN}gc$}Ca$X*8hi2?lQBBQRL8pTA;~zAryqif;&4nkifmUPwuJ<4;>3Oh zr^iRJy)~#q@XbWi&rfwRoyXtITiHL_!50RYV=@o#_MZTZs3h-e5m;Z*zn&UB^-Zir z(4^NkOEgue?Q8>qxbsw)?++P8Ku{`>ctr^QF8-Bb7s<1mpBc7y-kiygh<>c&I5nU_ z&YD${dw4fN?L!*fll=&5p)?XIMl~s9k5B|wTNXa4GFsI!6~Sm-1SogOEIS!j*heYv z6p4qjUYoF07qC>OT%77`n?%g?Ry~!XK9#bGMrTZ_xczJh{Ljk*y{3KDn14CZ@IT)1 z|N63k{lDEd{$Go|**`wM)xW60`~PAnw&+0ls;;aEoS7waWbqQh01YC8gHB7MqO#Fq z3kO;vGeQLgB2rAqFf(UGv7nG@qrFtt_*BhPTedVv>nVo+Qvat=yO7rD(zLOw+4-`@ zpv%4sxbGh4HOt=r9b}D_A%|)Z*T$^mUVip zR*}V@(AQ%s_XL*N&e>;e*f6bqO^i``VT#EbKgt3?g>236?Bu1xGnbnB+ls8f8T%o> zL_kj!vs23`Vm^QM;KjfmB1eJ z*eSqDg<<#8G-+j)i#!5G!I&a#6Kb+#UphuZqnTP&Tj5a4u(Ql*6l+WXhzxRn$d|FoeMX$ild4Th3FtQZGRjJM_Z4HcSn>v*_aA zN6g$D*eBE>bKDp&iG2aL*JhjihfJqNispg997+08*qIE(nRV zfp@+gvFQp+x#?KWWw~RhJf6RV1cIJg1_U#(U|$$#rf?>;zvm_At-O{Umh0&{V3Rt^G-+Kq#fIdb4)5GoBd8y;g;1v?-N zZwR_}{mx#Mj?LxCwTj0nVT_9|G5RXUFwo;Pk-^$uZIEN-vGqK_%h zOwnM&6(`ySG)GM+nupwsEQQURhqNl9G{dIAGaC}ylVQ&fv9intu9xi`Rl$HT)3ml_ z>NS?8Xzxoue01pW`nL%nx^v{%H#O00vrLJdrBF@U;SAWqal0{^RbcG?;w`P>iS;Ne zSIO+_FQ_>-aTfbhnik;5lkb>Afrg_9PWcp!V(#OKFX?LHDapKo25z**0z|F2=r`Ax2}53o#*T z7Dp@$0De6^wgCb64$c=EH+gwAHL0PYvAoPtLswPP=HiQ|a;nIXy1#2P&vAi7h;q&X;D=?7 zgR07X#;k5#r)%h#E1)=+DpU0gB7<3~>=u$uKy@F3%Z0?7ub3+cafQUjM*W}*nw<^Y zqxV~e?t-50DTE#vMEZq@^o{B#Q(g||Eq?8GNZ5&2hA{EZ8pVx!+bF7CBOa)M+|w#j zE}Z|5g_(;vsHLRRYc6IsLtXfZ7m|n3SSzoP!M7&GFlcAej`#d3Vn^vh{Ye+3p5{9A z+<5+gR;H3r*JZ?7x@035nbgp*xn)I<(EK-Yj7)T;>N#9=#Y4#uZ*GF7v=?sa1@0Z_ z3-MvaI@qURzwrRiL$nuSMy9y<*#zKkJg-1z6)%&BzXduo+t032p3jsPOS=!PvS^06 zMH=}+{v|y8LAJC(;`o*og8*aZZ#KX6Y(p-=(hMztlin`-87Fin9S2wqE@U(usD%r# znD=@1@sy&ZpPR+Wwupd|9O);3eJA;XI#=&4E7Si~(CcI;w)Dt$Wv!mN!VV07c|~Kb zly@@Rp@K+u@He?7aRK%nNiU$V@A8==gumbiC^ME(LHm~i<~vkn9%a11t2@BUsO`dm z3B_2ZHUvK zoN0$&iuMH*FF}zX7Y-ZE#kDS||7BsUJk?U~P z0WENa)L9eh7)FbZ)D3KnEa(m?aD{Y!=F$-iNGS(Do-;v1Z7PqY(4>obsk~@Cj5BQB zlpV?sIt$!_utqP&+v9{~X1HqY>Zfa_bkj6|9)Bpw9Fu2ld(aXNbsLxaLlpQKllP1% zS;gTAi+HDMi!NqOUMj5FKtZ{LG`A~`uI;@qeZ%_@^$Hh->T8ylhyrqZpaS}}rR-6d zZ}ej&5Vq=5X}}!&E3UXqCeOQTe_M})UIEWKu*xj97mN)wD3J6F0SfFGdPjTq z8n&v5;AuFSdQDS zu_H=;e&YOP34v?tuNyvnuERbCQ?t&$z#VT`*XMvd9b^h%DxAJ8Pk_Kt zsD9Rz`;AMTaTeU^P7bVV?nOXZo&3S3bJS&6e4bwJ&hy9j4ZR1}z3W#h0ZA9o~8B^MWU)vpU5MtZA!7{==b#LDKu< zCl0U4gs)R-y|^!|ViZYn)7R16{e4%2=z10Jg(?_da_c2K$Zh1e%r@jqQ-81n-G`tA#Ef~sb2&%NG%T*mhj=h) z^Ol#aQL_&I_8Zd--3*pQ`K5Ks{))d#w}H|ktF=Cvdh&RxA99x>(uA7NjpX+Db?!OZ zalEnycY6ZyFuAm1COx9eTV@h?J}Z1kMD%cvd0BC=Dgv~}`ikVg{HXo0uWnU%-##NE z`wf0@$jVpeYpOro@(#;CemW-~-;)oBUq9SMT=nZUx6+2$3__RbFuuX=z0oBKP_ zb*K<+L`#^8I`9jU6kON3ls${d2)0w5)l3ANX@V2X{GaiF#kV=|pRgb9<}jJ_10P|d zCKm5!y)w==cw!TXx0G-ww&iE}?_Y=nd`jBfAJg4(I_3MAo44 z3E1^R&rBJC`SBCugi_YE$o|#1!EwSKT-M3hg|R ze(4ncTsn_gKJjMrH@QN7L&=5kL`%3Qm%mMe`(5QcESj*YGrWc2FM;Xs4MHf+(=2@E zk#6q?uVMH<4nj%SK!f@8l!~hOuU@8mdhUs2QN#Y%_5D;qIiz0aPK_^rq zC?8*A#OkDgxTf+rTH(Q<)~_@o_9y~Q9VPzlKi*8BZE@UYrKw2wpS9~zR?RX}yXJn@ zZW9UwMIpW2Kgm3CrMD0{yNYU`b1)@o(wK>jeL?_Lh&JspCPv)j341(w5YM&XfD=W~ z+$K3?rP;_*B64;Sm_vKU+jJ(s?N?n*12`?F!IO4u%Cdid;AKoszja(X3o+=#n|BfkgvASz$sA~-K zho*OKR6rS{V;q&itT_8cT;M}Gw1EZLJ0W;PP#m-0)C&3Wg1xtSZ7C5pcaGR`pXks~ z3MUC=pf3(~uG(2{HOFL{BOEkHZ{Q7jZx&h0Ud0A@-~1R2*m1*yGvJI8Eisv`G89 ziL-^d9?eiaxUi2Vv%`JlWCmTFw_Tv~08Voip7J=JWi0o$!+diPJ6fzd3wRMWt~;LD z)CNY50&4PqR?ueZbz7jEo)(2nkmb~y-4`^L|LBP+q_|+Y0c`vF((F~%ytT_~y;AFH z9hT}=+`vzQ?Zb;=(zX5V(R^kHpLE3>h@*F$bQ3sG9#rL}NOMcjQ2!k|$?yu6$5w)E zKiw)c^xE}*%MI?3+ElV@&uuoOTuTzkX3Do$af#i6K(vnVE|fDT$FmoA0rccG9gX6&fI zQMN4yb8Rplx3fbtu`HZP+>UzAP7m=R;U?Cu|HFj#s8CFsb5TyErBq2BIbRe^VWoeH z1!2`7u66;Fj@~QC0-ayl2w?5KhfEXu?Q6wQdf=``phh3&xDp4pgfO4|rAkBdQ1_RR z&61T+4hU7!m8zrzx3?XnOCKmkAIe4#%)YKL<-%KAoMWEL)g)I{tyT4+Sv041CJNJRxU3_n2b{6gs^e2NFFxxQCmt$$g8 zC4nAFA4LGoResRqEC1V{CvjWB|Xga0FIXh4G*PoS_W=WpGZ_FFRa44mGMo# zWgXu{eEFh3BUv~s1UJQFGI(6^{F{9-r{jMdt(@f>y{B8t2$IGeBr>|^B^c7U;g_o7 z7Vywu>ZYi*zIzr^b5nDVA;$Z+L!L?ERzq$$a9ou4TLktL9MD+#rS3Rq_Z03lllSj* zATHXZCM)61R;DDY9Z}>8bP67Hko-IpiTtAEOS=%&cq)(|bVDL*i+wCX28*(8!!QEi zT6^QeaH(`+(|}k2zG>4?!PDzX4qdyAdj19i5cI0eeyxV)2lEu95simtbuPBSmAt zg(Qj38|~-gaU;I9>Xg1mU!*mXG_A!$gg2OSYZpUJp%`-h#%5w*ZGtMn^d6+|mTB#F zM&g~G)@ z#=2o`eZYSIr6&Gl)0V0OVb~QUf91C;Bv8cpB$N~gOW%w20ymA-#?WUZK$l391i7#jt`YTtijNEqbn`>6s;y5GX69Bq_e>)?1S| z>bKdYXa>!0MZ>r7UX@=#-(dU*wR;x>Lz<=aOm6ZR#34{|no~)aUHU6ZP%h?ajfzkS z6HUx}1UctTi|+lDh#I*&2;V0R?~Su@#*rG=%$4RZvvk3iEpi9)`Ga^yA7d+Kxl?=KOCp&71A9qbpuc`6wu=N`%efPsFF_c6~-J$opJ#J`9s7! zE3nV^QvzNvjsDJ&^^8=1VX`SccCO8NgvWRR5JdUcLb(S|VQyw=R^DctXSQo-1;yry zpl&JMWG>z9vi*}Md$XBUc^OHq7H4T;B$~<%P&N+`-r#0fev4JGte7?9=CCAKSWYNh z^OQSt>aDrJa>QPEHjm_oo7^f9vWXwNp+G3;VjQeliP*5^?Z2V+L49$OAo_k?#Xy&6 zry0Z;4C{32>d7ce<*vp7v383zW|(l|ed1)#lCW5yz6EmBSkl(55!C&~6q%yLT-uM5 zn>tjHIz^uiAqbcQ2MiurLM4=3l{_CyqXlHsR5<9Hbo^q^eyM1cbS`{83FV!=8#kOFNFsqgxk~>&rnLw2`b- z($Qrlc;(jIRYJUT{cVgE2l>7TNa<1T>f{f1 zzl$^5BNofc6Shdieko|(t#57pI4ys26rF8$7$i@adSm~2jS)LbyAYL!kKYgY+l9Kyh?=+{kO{)OQ(zfTPX;c$LfjOt7e)S_M;3w(ybO9aP^E-l8Pk9j zeDc(qJzW!pWetMQR89R-?v2KrJGJHaiR)p_iH)UFU)nr;$tl-I*;( z?0>kcDV0YYGQOE&e4KnEr&YCBc{4J#Kby>^0$o=4i$Hb$NgMNgyFHknY}7saQmno~ z9VJe{J2g4g5ls==0Iu|YCD8t}*yHa!Fi>j=q(NJZe6y2p1?S4^xroEhUd;y)$>*zh6Yv|(euHZK_8P8f4vyO+9fbP~X*@7sOOKn9 zN@L2es^2onOFLZ?VKSHa+2E;LO)1eajjuLH{)T*)7~iAs`q}hHF9kSLPW$!_Na_6M zeOCe7-e-+_C!FAo)o3$2iQYJJhcTAy2C`wFT-yB^z&G?Dn>Ph)zFb*hq#|(;@4rMa0=$*+9Dw|s1Kp4O7W>>6{+7Q{yM{E@1C5@89(`)6cG;SOPbt1Y* z&+Ei&1aY~H7fj-Q;iT%jNdBanU-=e)Cd3yppG;&CkPwf;LDl~057hfa+rru%VFymo zp^f88lTH-Rv(yDY(_<&uX^BwwzF5WzcBAU~x(2@vyw6-#P1o9ZJgclu{yyviMtoDrF~TXHbv^9@NYm`#9ZcA)I3S`_w;sv~ zT`^;EC(0N!%1gM9iNV$Sl(v#?1sPxjaxjRw_mD~PxwtMWv6To7P|Wsi32DM(xh+nK zHr=m^dA8O2bik&s=&~ZFKXPB<)Ya`03#iE4+xp>SdmAgI3geoHcr6dbKgE!u^hB4& z%1v=j+!Kc<_^n~BXo4gF6}zcWft$34^lJ%W0o9T_BfkjPKO6lKiS*z3$+Hix;1wP) zH>U#A2Z`Yu)&0q=d#~0RZBWeccqN@+_ZXlP63_md-wJGI75gBv(~_ucD<`$8p>ylE zYmV%iO^)jOM3GGMlWJIZBKwAF**tp*K}BL6@OiGdGSS&^;6C|DnQhNf22g=Pv&!YPc#zMlF>ta7 zjiY3dO7~vwXJ>1CNFyXm71*M~aaXZdfXHVa>S>SG=LanP<&gld5KGgmgWsos!u*HU z=bWnr!OsU&UgE{&(GTwc1inUvxcihEv~J*K7k0A^VqD8V5F2U_{G=v=8wbs-cC)(f z86mCGoTbjnp8Ow<0=-DBtrq+nm&-Th8|Sc->YMr6<=V2`|0uOLDTl}^|51>c|Fwhv z*J$w zGO)8C+nsiv_O?b<4K=Z}5zL>2z4t)ok}`(j2RJOB5AL(jz^a7lhl!1`=csj9Xpg|^8)McvM%+D^m)ftxHZ{Mc zZo#j4Z7|Jsm}tv=sXIup2WvR04X~lr9kyW5zTvNoBGzEf)~;A0BCbp@mX~&qd+S7A zxlL1NsxT#hgqUtsh@olCohV zpVLq?dxjMJ_6s*dpiB@2d+#@O^Nle?bExpdu`$gtL92Fv^T}v~4G&GncGIfgQ+%Me zUzE(l-a``uN||$?B&QPHV!zJ|u8x+og_9&i8I>KY?=VT~WdZ5%;-D|T@I%{LFQg~X zA;sZQua|*GfRh-qZ1G$<&w&khT&QO6SZb|^!3inu=Gt7eB+W3(Topg6Ko&7vtHeAE z&6GPT*x_Wl?)ogTk0dcl^XeJ4Q}OK@2vlLY;4Ot=@P>}kVxp1QK835?DGomakSP^w zU-`B(3S}qr;%#E~K$!dNel$N1DXH5~+6+8_!mc5fHS>ApGm`dv+$*+*NI}W)V^OB293(ec|aq=dw-7>}Tx{(QhY&QJ% zh!tN_<5F(kbl+$!oL-Rq=)VU7elCkizV**GGBxymPDESjST<7@)Rr`WjM=Yu^Vj;Due;*~`Y|QC3!}6wr zx^oPCgN{8S)|CesHKpL7@&Rz~oG-EM-q6#}pqXuxO>vJ$)Yd8i$5orsH=K`s;oFJ| z+bUb>_yvn~B`T%r4ivR3&=9SI@VXB4Vf^sV^H2>iB>g>5sJ^xM9*m9U9mtsr79dPS zs(k&hY^$gO@Nb%CuwN{Wj?ci~G%U}(Af%&K+bq=ebFA1Xj@%5)DoM!AI> z;n=@yFdihkk^i_v`vo!Zbx(hBf+oK_KhpT#ke}%?h+NoUjKj(FC~!ge-G+7YMf6L- z3HcJcO#X-4o{R1v#rCgiSpMI(RR4FoXe$4|azd##jHl{K%lDe8`E1q%)G!nZCL$~( z<|APwHWLsu6d@H9At)lES#oY-(u8bo7U8;e%O9ndmR4;VOSBq0>nb{JDA0U6w91y6 zRqYmp5C3(WmKFZm=+keX{1hojl#?g_G_H^9p1+$mH9g;dI4@N0@H|2LdEXom@sF|Y zweJTQD0u}s>9o-j$XiuwEV=gVXCOaaOrkW+dkO1YN3}u93Rtr?mC5Snxt~s8_OKPVe0}HWkMSxQi^5Cjg)f= zoOSK+peY;2!JsOwN!__}x%klxPv>>of@<^9Y+_Ck&%&UpED9#Tof~h*7)Ba9B5O>q z!rD3SeLRIWm0AVe)qRYmq1KYRSQEmiU|N`q8gxYGdOBP5I@rF8egj~6L{}X*+BFd{ z9oQ-oSLQj}tXS%)O*hes2a*GuOPl%pjhw|9)^!QssZ0P6SVxgrOwj!$3Ts0-%3`LzFC7w}=?iLr;qA8KG ziQy`7bP-M$Wja}#P-bUVh&#>xTkeX^Rxu~|0`^3qF2;;oHkahy%(LYQb)@5xc@`%~ zA|&ef{_7^P9Dms0m`RNiSRgfUiLZ}^Z*-J8v16d{g*AYAdRA=;eZkPItFOig-U$#Cj1*!;@p%?}y`JUtMByxxR~VFd zg`r&(`+7H(%L)}1%+BPTFmH$3)!=Y?yIw|gt9=WL6$%D4?-SJ*y!3&6RV>+NN<0(4 z`N0wNkU9AUZo$24RG7lP@?k|44~wiS2Jcv8y#h1%`GsbqwU|fvwPz&WjcSCh{QU_A;&`tQI)|%`xW}O z2$B0d;a5TndG9D*TH0k<$Ctg35`1jtYneNh#&565(%Y7MI^P_``OhXUs|lu#oBH9j z9vq1bZ8T^55kK_XF%L{>uOGLan;Ytn__-v;T()dy27dE`3=cq#Fj&kN`nzM`TBYah z{6H&bh7tQJm=hMhGP`dkJME5Ux$PfH7V4l!z3l5;s_2~;I^KASOh{#S4c<*@76$G? z0js)|Sode5F87i*T*TQiqFnQRi0KLm%*lS0;q!e}6I#H;Sc>Q7V8XpgTEb$C8d;%D z37qu_7R=mX`Ewp?6$al@<^}dyXIUiv9;|0Tbu_^|nd)RngEPZ%tjkIu^^f)7gHYqH*DJgj*90vRS}bh{Fcm6Op8^6`3hBM_7`3y9!0d# z{#boF4TP+TN=#H)E@~62wM6qqwSO6FKGjLJD|n6Kh%Sq8ETyXRPZ(A?b%h2^3N4pV zN1K2>MXM=yCYxy^naZ&!MIpTU{qS2mi7l&Uz>@TmrFj-VqEbSi* z0a3Y@GF`P1%py}-AIn5&aG&Aj_=+vN6*UbYY6K1x1GI9y8a=U!mm9f@P^5q8M5&S{co;z8@p$ zITD3T<#!+mMw|P{(sb6}s@&G~*7JJ5+zia6inSk|Dhg*(Pb#TQzqI@+A4}8HbIGbu zb=|zUX-(iU-9xyGH-cs7w~9p`TFybjZh<+*P9xk1USD6D`nQH;%q#OFo!=x-|LKQ_j?N;K7^r;C|laT=Ro2d+?2Td zsWjH37qQj-BR1wqtLPDoicY5*;*@qgmD$1}8O$0hd;Z#Res~&;23!7GxBrPTMa)&n zEjxA4N&{V#Wf{-NLzV=(yUSkNqe>7J#E9>=f}`;Tgr9e&&@b;Rw;IN5r)B-!oeksi z?6j`m4onlPmcDkZXexKNB^*mgB()ZBXP-cOzLaq%__ci*kmvygjuKTZMw&BK!yMe; zlc$FyCuaT5X1%XJ0m~7+U}VO<;t!Lm%z4{I?>(epY2av_DRw-UEVmfh@3F10YtiAo z^s5GJkxL6yYByypat-n|xJ$k7B^X!@UFOebcMZfVtoJ9zX-@~ix8>N@9Q7RcJ9S{P za5wkif5nbbua7I-YTL__=a32m@pP`#vB%lm7_YvhCBAX;@nwl5{BEXf)b!GZErZy* z_@ue?cwbw&<^~VAGNsFPGV2mXUZ3I05zE5Ci|eAhS?%MI)6nN3D*aV3QdoDAUhYyY zNT(g}rXx^&=5NyQU?Mn-g3EM$`I|Yg2IVi45f~ zafi52=p7VW5KNp`HanBuWipZxDof5el}6i>3iv4TsbpMo*@NeP^Pb0T-J~v*uN1nF zy2TfIw4MK(ms=1&?j~x~F25EF6TCKxWseq9a%_%cvJqmx*7wM33fSj#_P)OYo8xec?(9G$aSYANGuSqf1>;Z)+3gj+QPPQ4C)1;z4=% z$HM;Uhn^`jC4#syjioPZxi_93Q^^RvZnjFQq~HRox+NYhJCtg;s8GP-UKi^k8!DWa z3gb;CE9>!I=dr(l@@}(8?1Zfk-}Pk(CWC<>QP&*K>!}dPPuyu2w!#SOSGDtA-6-3; zSI>w3B|iz~+!se>gKyFu3X{~F!s?uoZKIZ9A&KnODc);19j8HHq-dMv9!zfl}pcmzU@5aQ6aYV&+vd%BQ z&a}Z8{`aZl;`m#VxP-YBf%Egm=$=e{cBLM1PA>JR~p;$MP(@Ji@PsUy73P*$_U zw6rV6fJ@v=v@25$+W6)_yxt|(spT3D#biCsJY(r1WNiyY`fIISRzp1d9?K82jz_48XEI_bVP@--T$l_STycWLx_p8H9?`tT`DC(#OKF{a!oOqjVIvxC=eF3F4^R zB=~zbJb~n3X~Mwn<-QcS-GEX|+&gbRQUGDXX?swg`vYD6Tx5qw(Rv@2nzqr=s7Tw~ zf&pL)H|C5d#c-rEzLvg>Vr zxPMUlaxCc+*{~(>wgxsU+$cIm5D$*1=SOxdVHGhb&q|Fgbl{{m;4oYTWTHcv(jEOq zbX0}pq<$t;c0xRmEEsGs^(RGyy1YsHwG#c?1_y`9#|Z&KqhcUWpLajEp$-E9p8MYB z_sN|!u{9c=2is_27JXZg;$9@Q?I0Cr27M0}%)B&o4$IAFTp`Ta5wY!vnk3@4ly4ME z+X3))94ovbPhLMfuUIs}(UB)o#=+Vv>36KcL-*7}_`7I=&B(CD@SsI0;@X6!E(68B zcve_WDLjuEocjboi%6t3+S;8?uk(vFAX2ASA!J%3w)5|@&qZFdOS zS1kD(c=a`UgzEE=dOYW^z4SjR9}vjixfW*i{fH-!`r=72SUu=W`dmyMQJ0mLD!OIc zHQ@zxFnq|~)fjulQ|UJo+zAFMf2@kRA1X9&HMj(;tom8ZgVJStL%MWVpLQJYG=kUy z7|S63Tn{y0kcb?%3E)tEJqGq-CA=?X4ao?jF3q*LpWK}IasIAQ2;%0uZ_w9Qv!MMYN z9$rBS&*;P5+UIkDHN2e+w`d#2u)ev)tAJ==UWqYJe2V=u*b;^U+`dwm&v>_f8`zdQ z6TI&U$9HnQHv`z1pMmm+zIJp6BMkT>_~#=h?_rkeUj|4B`Wd|4MEu=k{z%%zg0fut zz{*rY6=}W|XFegZ$!W~m>QhdQLc*IDotiMs#@W1*ZI4gO36mnio=od`g?LPX7LFC} z0*|6Syu#%y51b;8#gCc6X|}kID)GHn?NkzbE|sY9s&>ic5-*IO-1geSYcB10(F)8LY{_!D0x3jQok)2_ z4-{etEUgIP+Z&!7RkI&(y%qAxy>x(Sj3*qAZS$lQ{6z5<7q(6S5ufDMyiERD&P7ob z*>_wbiP&li?R;GHNvdlMJ+8nWbg&G?a!#%Vhj)Sv&zU5_*q8T_C~7mp?=h4F5S=wb zC#CxnQ!*lht+6G&q4VbXgF_{VKy}OE!mX0v|It8#(4xI&ZM=8%sw1uHF&aHy)?<9D z(kI^q3s~m~I219DtIIX(DXIGMS_!AP?!#LP|LS7A6zXvFOS)dCAn;+me(_MtF$!3> zRl%FIqcpCC{-F6gHDbh$nNt;4-+=qq|;aS(MXM-P);GhW4)aM#{gLtKGCe&3Y$qfy;xG6c{Mle$c*h{*?ijY zj}DQI*VdILTW%cp#`xa{-0DO*%d$9*2`|eON@G?tZEYv2e2wV198J1CYP{-blh@Ya z1_fkJ!ij2&(T&X?)rjv>$w?R7tjXUS*2hL~SbnO{=U(KjdPx&=QstM`eviSm85B>k z7$;=<6R@joefzojE6-;q8Ms)RXVQqgvZd26jGKuDQK1MbHAA|-I7y3bMzB5RNd`?4 zj==6|w{t-G*1@+E>EWG|sn3aw*Dhk{URwSxszzKvJsqM&Ocpff}}d+4U&dEf5>uuqa4f{{6r z0P>Nl_ZPM|h%@2bsWGCrasfhz@xEh$$j|?S|01Ky@2HIa>sLI@e;1^mOot8a}Xu>sWw7hzCPNj$*#ub5vsP$bopaq&9 zsV#Jy;h2@zLQ=0UihD7$oN4_qG+yqm&zd1!h$^f#jD`cccDa5WvF}nC_Pxvw#$x2K zmPQwD3ifDiD*5zM3eE-=WvxbWh$g%hh7D=H3i`{{(v>l`A0w_(2bNH3jcTVJ+mAbu zFoD#H=CV;O{rDV9)A<@!`w>UGFL5G5$r~IBBz+L`g3nZCK!Fk7Q@j6T=f1nRWPz!) z99SW#L{c=_pwMrOE_{w{+A5(UqkB@eOg_Lw*n!WemMF-+jM*r>WO9AXngpZj@)k;u9ju!)i*$}`Q3G+1TDoqd@j2}Ta2!z19l)Tk@9P(1P=*t0 z;fCO_C@Rz7@2fQ029oHUMe5tWrcmW;2N?-16}6YR#;J>}H?fA4*;1F#%*|%Mn^<&g zy1A=wI`TtF#@Rf|ayzkeTH7c-qZ{X!{ z`k1(__!@GknXI4{_2%Ls!SX1XbK>TFF;dK&L4)KE>ff46Xc=<418Tyn?#8Vf+C0HVh`$1k)+b||~CvW3lJ2wr$(CZQHh8HM_fK=JcG4e$M2R7nwgG@>>}Z>s=!e57wncuW!0; zlIjIzS3LRFtM#Tqh>rv7Y_!oyVgTc{Ss%z&Cgj4MHDBT?t4(uG0rW}8bEKP>^SJ)9j`U>=vk zV9cQF+iAk7;*7)M`ZoxP(Kn2m^Bl<|HGIV|K%0XHUb#9*qrvUt!n@7ud$W(p){hEB z?P9t`(Wnu|e?uQq(IWCL>%)SjnUYWq5qp;lSx$xle|J!UZwKYJslLVJw66CXZE=?k zoI3za5J(h~nY)C>N$9rHD;B34(c#1`%i!jgxJTNn2XaNSPiGfrWGoP|3)c%KnZH2U z;w>%LC}P7%hzKzjw&ATYaO-3B3y~(l5gw))XC6)*pjo6a z{W1O}VQ7aCl2t2>uQWEe;AOAhkpsziA7X418{M+nq^3nJuFfxZ9sRIMq4UyIb32>5 z>0#oKc=|YI2Easv4;sFG)y%II(?K;{yNV8ZVflm@Ws{J6X%{|!Ds&clQ$uVd=*U0? zMq!)te}?F5I*s9Gn|b90=Ln*-fhK19i%MhhvYR#Bmn_6(P_0K9-PU z0jqRcVunyG0S;S6WhS5%CLQt@E-4qjv5S^)t~ROn&xgRd;wr`}Xh{KmUOYmC~yEWtVvUVBUTSqz2%QK?e$mk&Xy_I~Pcizq(68cDiF|^L>65;HCbI|Mq$|Py(Q=fa)j?k+ za?geL|KI{@Mq2Pe(E>hzsADVOuw-%paS2^ekz!cxGQ4u8@{K;rWpG!sDWOji4WoAS znF-w?zcY;?I>o4xj>nM5Z3OUc5iOjV!6>OOj^=rzHMOGi>P{4tgip!piz7qrqZ(NJ z<3o*;>*P(k70^_=N&eN{RIQgyj>>zS3Vy(lBp*fU{ZCfbh|8{R{lB81{~sZ;|EF6B z|EnneZ!M>4qxO%8<3qb{EU|`9IA^Fu6~_9*j)0Ap~VAwLsF z%qOC^ulAaw8ux;O$Lr>v?)i9zR8jn|Bt4$X%~rc(u4k^N8L98j_a`2JX+4er79b}x zkU$W4_oks<8p>?L^pWYhqsWdHqG!-t)Uo;wHUWI3*`T?Yy4Vmu81#VpI8BD3+)-;$ zy6?*pa?a>OjT1MMJ9SONWPY&7Zn~+KN$gze51e(6@h0P~1_@dIKevSsZ>|s$g7AEC zLYsJ6RPk&p55la=9-@cS6Xw~VXHbr5KEei#T*m-aJGM8q58;opOzs&!AMNE^Utj23 z*xa_c;9RS)y9V#07ptS?=qPB7p6ljh?#B;0_X+eX7X_Z`2>=N zvp)PP%vK*+kiLRPxnOs1)TyQ{1A+kdAg3sF)B$OJ<&Iw@t#1W*=adeD6?7?Pn}xpi zv&>j>XR&vAA0G>S_$+ufbPqmvJ$Y6D4acKZXcDKQbg|+i>mIZwt8VZz^a)+ob0UrFKoSYd`O# zAN-8Eh?pCS8X}_1?1Z#;E?bL`VGPgnXa-)hTZ)!#kFvfWl*MHHWb(Gmc}A@ zqVAf;zNV$FlI2dyFbspw4v;9mR`#0`E!@jaN46ENzSVm<^@fHM9AiSI!~IgfF-oA_ z(xs`a^zyfZoJ}r=FUF~tj|6;8GdvaBR1CNL5-Y&H!8V#paC@7Fi&@;TS;zYIAVAH* zo^0Zj>{yA)-V&(KTX=v}b^IRDrw>X=(>`u6uAhA+Ko4fn2qJj?RwyDtsQEPt# zwP$2;L#a{YaHQ}xDLTby{7o0lgvt0f&QquAs1m5<0y$?(TB#CL*QnlsXIFNvvY(yu zGxr1gY$Gc*{~<$|C-tt`IYR6NE#ns?Gxr15lb#!DpW4^;5dt%CbPbU-TisYkPX&wO z8|GaxSkEi-q-B*QYRr9#y5`6r<_58+GVA_oSPj!baIQBI2&y6!@}odS%m7PVMWLPg zXey5HIs(YjFYwA~h;Oh@m@R0&#q|ln4jK0-Fq9g&7M0J@%V zRVKc)6&<|C{Vdk;Axp`Mn5f?V%D>&ux|Q1UF=oC722%JWfgn}*VwER_6ufbkv?p+- zrWsdfSc#23K%Nmyo_nUW!!yt}@ZAHhn508)QtD7>)vvF=>LMvjk@mJ$+F<~{uIdAv zmrX{Tl~x?OpE)cFz(0b@V!biz<1IDBNDT@kz^!Yj9fNm?R~rC6@1}@Rq}6o{{d_PDnNPv5BOU5|F{t){{Kh* zirAVP*czD_%NST#8yVOO+1c0_*#3L7|F7>;v8tAmmJ0F@D+D$;nLnU_p%&x|Dt=r9 zGEJ*wySPn4#TKyjB`F8LIW03brMeAX72L-CFh+B=9gf+@Ng3SSM*Mv>(+{YxI3D(8 ztDGznt;J-N_RPB3b@PknrPi+I>DTk^Z6<(+!(cEWJ2Sg8a-s0vSV0#xQwj7$8AdPV zv>PW1^rRahWh&^xc#-t*z+Z`f0yrlk(;E=hcQJ^wKv@h!8_;<^ia^FlKI1QbHe+-W zhhSz38p$k+LlmptwGSpY&* z%?wDf#oz2AfjYicY_>xP|BL?o{h#}}wPOFreS2TyJH@tN9)F?WuM?yzmwd=#%nA_L z9(jdxca@7~z(tS;PhF3~^JM9zHOCLgeNG(SF3P=hwy7WCffxggJ!1lGGu^no^(F0% zi8|Rq0YYPqTKH;xUs9q~!F!X%U?KClxw1nRY}B%?e8F0hzZw*f*w3@p_r5+Z^I;jP zhO^X3nA*Fe{!zd>miJ(OPplS&jefj zOiO6e#Fqm0kmD@QP|UZ4mLu#nM>o&V?2i-C&}pT6x|=p-RkKuOL7kxu)cH#j?YS+Y zs%bD#c{c-Q|7Zsbz?gx&9Oq-iPeK)frZWSELJqgb~$z>VLeF|froZED7vstHx9_J*Ht`Mh*3 znA>8i%G0VLn)>ikwyyJ5Z*e4-(K;3`*{*L~7Zdflyl=RwzjjfF^KzY9!1=#+HZsG^5Cl6NCIJqM4vnn*W542l_`#z z;uoZ)tF-r;Eyj`64;U2qPP)t0gNA>LtHi$*l*nMi_c<;AS4v4hlr_judd)aVfid6jGfMgmc}Q`-f&%l&-!jNn0U@hJb2|~y)IDfynz0$%*f_0N z2C=kH>l3Pub#EzZLO#G#wn#gM-Cb!pl{2rDeb&q&s*cU4n)P>H64rF>$T^LNa>5Z~ zq1CF%Y#iZO)!l5?9M+$6hUisOhL7=rU#1KbeWslSC17pW>fhd^3{x9eUwRe8-S1Q0 z`*Xo&Uo^SCp>jpFb4BgoWT`u?^%st*$FO!~N9BS_XY{^?QLL0|PUVJb_i70z+qQPI za(B=`uYGlU=lI^e?0`y3>=Gx5gG=XC!DW%=hVOgxvIDAh_MFN)j4guRU8(SnY!vTq zF?~_(3*HW8U+#$rRTY(Ad~;a03}h~XeSr3+)DlE5wS+; z5Y$)gj-;oLW~<3QlPDrl*dZnZR}&6#HIiBi?<4$%(3Q(R27MNZ;UHn~)upCsH-Wi( zXf?1l{%E3KomULfLevAw*5ig`xn`|t^2VgCv;tmWTnSq#*A)qKgZW9_7pDs{<%Xiy zjXSu7`HcdpMRO1dna@8|Z6%@BC{wm}%<66$Rdo4; zv1Xc~0(DXwWxilwzy_+&5*@Q}?{g#O!0ZC$ac9OB8+`tka|eQN;9nl!PIOZXcVGMX zieE>=nhkO4>^uBzrDp6gQB^6~9#_sI55t!~!Vam?ZQb?_Vi#VuIah=3m3ibmB+_A& zKZ-!)fA%p+El5zG z{-MEYq5r2o=KrY~;6GIFf1M})g#>H=?MX~;PaHR4An2w1$-Vt}~tqq)cSI`uDzvCwGEX=(8gAI>jf?>=gA(LCWuocV|bdoD@ z-{v@4t5vJofpoS#-=5qDS4sAMOQ!v(SUb>*^f-Q889UsT3eE*gi>vBkW&8TL-wpea zmI|A$RuYD7L?~O@oh2FuM#aiX3$tQ{VY+4)cMBnEB=ER@#m(G|9ycOr5-T8oW<}ps zrl^t%-PQ`+MGccV!D0e{P)C&-b;~rFZB30X+LW>LAijo?3VUnAqWPUX7ZMuNNRc4g zB!l7UaX>f9Vv3bY7YSmtdiy>{-^`hK!2)DZ+6-+K?%U18ThkcpU|!x$>o}!d3mS9Q z>BPQB$!fUDoO}(VV<5uA0uWt-j>-y3BtKBxNe(wUPl8mYghD#_n_UMj+DU8v4R@^R zOgp#`T{fc*0#B0n7>PT zW@%~30OcCmTQ_jT2140p2#Am?V$a8nRPD-+^Q zi$vPuO@k(}mcc)$wbf)LMLSAjrCam0>}k3aFU{b`$4Ig?l6Ck~ANeE~(PoQ(`-6ve zwRv%BMLKF}i+vFMx`oIl7g1+b3n2k-t$83y>|uEUYbDRxB1UVf%%cL$zs$E_2`Z6? zL$JaD<10wf!8H5Cul>w%F{`qjJkZ1yMWV&ACV&e8_|O|zQKJ-|nTq*kP@O(z=e#{t z;R2n0w-6UL`srYfTj=I}dWv!`N=nG#hyeuhF7m6e?j+U-92-MOLT5~1}u{_5P7q^m_^%tfaS!vzs1h9iWCV&oPBIq58vkNJ`MVX4%C872xa*VJJ@ zpoV@EQjlRwFa0`#Hcz0E?xl$)aJ>lQdHsvpXmf_~_KvLL#V%maE%u{)oCV)kgKpsJ zSYYX?Mg$|=zCkfZa^nRT1V4lbn%j$*TZS^Ga83g%-5v+;>{u6heqKUS=fz`nNNp{Y zZ~;!Eh|`=3`9MPn^|?igK?Jf31`D!l!v|FsmS*cMb+ySP-wV`+zp)bkTGLi8c9F1~r2|2^PxaTbRwl z8!G!P$uS80kgM~fFdaKZSZ7H5^USm5VBPm&)4gqKI;i7E3uNa?pxzrrvvV@ii`EoC zTv}X1Oo!^BZkSOm%WJy?Vy`15C^S-v_KEFl8bO6VF}AE{sEM{H*HL)Z1bNihR{`@o zvbk($u!%kVuB0d?l^s6rZ7d6;~(3%rRp1$2zjmykDg@DN&o z_tW&MQA4uFZk3_U-*w;-(_Z66o@csib}ZHto)c_ieVT9@ zVjcKBpJzUSJ%$TFh!~{MJ;<1_L@7{y9dZ|Zg|ZuaQj=reJv`0}-qAcFpx>T|LCyQ& z&7Wrs9~pl80%a|3EQFC$+_a+3?z{{n!iJ%8xr9a9*Wil*{f(&~dnld@7}7FDjYtY; zIcJ5s7fk0^Pcm=xQ9S6amVx(sl-P}n5rp}P%m%h0o$DMsiPDcDnc_25I>Dh{Pry7h zr`{psdRg@b8EDz!++ai!yH#+(uIe_G0rjxm!;MLY#c1ho+JCB2r9V);wE);+x|m5p zS;W~l2`7847A6A#a%8ExXm$vcYSW(do_K}^)n`}I4(p5}FB{yeQhfkgEnu2e#sc{g z!1(qHbLT2SyG<7^OWEbClb!Ndc^J=1#}*SP7Dnu=N;|m_qqS@{7WoN?Dt@pfWS9}d zXB`n&O}_g%V|R+;1bVN`l%Dg|wQav9iu4w>_$zDCbgO zh+xV3ham;SWIb4!7OjuE*5BfAeyF*+N~!$+z(G%@8b|hKJn?$_ZOy-gH;FI>FIYJ0 z{G)!U!QRC$F5^3bX~mI(WOBh?t^@-C_UMPC%BDFX!t%FMoYQBkaL2vT$Bs`NVGE?k zS1WRHBwcJkyTCOnR$X4)Jk>*$vwQltNa$w1IBD^|IOOz~6rtQLtOK=JiA;wF1Q$qgxiN6z>ulmcCtC3pO>3aOf7^q%iV`Uy1M>^gCUHtf+U ziu5TA2!w{UNgwC@GiBl>FguSpy8;1vmuVV->cDe|xLgwondUV4`&O4r*@q>74R+A# zJqTzmn|olI$vi*-j;dKJO7uCZ|DxM?vif>AZ5Tde0+!4UF-XN9f{0_xC=VOS6jKFJ z!~MhQE)n(aFbfZdmKntl^$Za-J;R6MExn+8L$qxzSXJ zviz&pmct`Xy_3nd?IRmP5+u_mTJ&LS?F|0bh-6zf_t2wl_j_@kiOw?gvMJYe?31vf zg$)m|Bl2vcl&aa9=##C(Dam}r)(0Zyhn~Qhlqz& zv6nBxfK$J-#@QkP#n%0KFdi&ndY+XxNB67BicI3o-ytog-`-GrbijRhY37tLQ4Op0 z;zV3agdPF-xTD)6Jg=DEX+_7G4KtJX56e(kc3_X`Kz$`rlS-=)&}NW#w!Lb{^-eyo z1a)r);3F2%i#r2&GbZ%nm)yf+k@?IYe10lm3R$xI(~#f30sV5Sp6&;~!un$~zU&SV z3PHD8At2S=FpB5RH^CUy1Bbn)j{*bU!F_BvTha2lZ68)ahP}_%Ea;ocX)97TW5FB6 zWNs4qPwHKWjw8pH*kpVJ<$?`eUY#iU6683N?ieTHvmze;GDM$B`{d~PEjx(@*rXHI zVj)Y*mFvqEV$%JBEpGKUW^TvdxL>c)HdyJ(DJSIH<#Sqtne%Jy?%!g5HH`mKG>g8= zuP^1OZ(T^bq*pSV@skKpo6U^=4(~F(eUkqA`L5Ll$6pj+b=(riWYFN7T5h=)DYAao zkMki2WNKYY;8?);z|3MC~Ga{7x$~dUX$)_)h*B-Th{KvHtGnt=o#8 zu7npOieI3$l4!M?441wsnl7;B^-_0NW8?9R^s>FfebIgqR(vAKa#ic~kU4e?#~&W@ zJ$i!v4j=VCe2xhN2v+4-<9{Kdu8zfi!agYDKyvjlo#)E z6_=N;_vbYNvB#sTs_P*3pbZEw)vZlvHG>z)Y@2z^|~5Hmv(XkjUo*Ik+AIAJAS=Ie>kCR+v_Ix=PDQ#wh4GhQ46pQQZ@EK{&A%}A0f)H zjvhL)Ij=jzPnGQkxZM49SrDWSE8XSC(0TC$5%&a&=>-aKWj>Q~06gH}nTH=xCskj8 z2*l}7(MuB`N%Sqovw`uSQ9pArVs~tpza}Ps^%n?+3czjA7M+P zW$*(&c;{bZSQ_x515{j3$QC~XHQ<~xhN?*4hMAMWB0Y|sGZHKpJN52gZ$hB&SGgvqCt#l5^!RJLj)j=lTxN-sdQ2-lcqsN6k z@mt3qGU{O9Yw0oz{m22(wLfBJF&@!7LFcb*)!x!~f-+gA zorc+P{{lBTD4%NlV@ynAFVt*2E5St7K=&)<{5*TM4Wy)*egczUujDEFATJ%qN`0GS zgc!?8tcS!fjoE=&uNQ`2JYgl{$_n)P#jW!^>dY$(6bIfX_LJ**XSc(RaE zj+HZJTH3_91jPsemcJH^Py`Kq)1{M7JIQNZvs|vXTD$FMEf&BB&AqTwqv!6pJqNqg z+gMa6)G(;-)bTdPOpqC-Domu)T$z^9oENgSuUrqKWXy4GGj|hZ{rPJ5Dh{|-qs2}1 z$>xTi0UjmWVvzKC7#C-9Noy2t?8n>5Q_ny-Y^A_CJf-O&g}RvGRSx_C?>Z%)>nCC| zX__`LNYfUY`vx6tvE!)4mAxzZaV60Sr8?KUl}^Up*SMlt?-odM&KGmPZt$Z`{|)PP z;w7}rePs1N57O!x?TK2 zswZt#A3DHA#6>Ok@gm2f3Y-miJR|+h4s|VK!xb}K6)WuWltudI{56l=mUV7yfq>6B zGDF|&G(>)@;;Et&08)Eoa;@?vWcBqaXoHfz2TWyoQ(_t>ZRup;T@ zXW^WCyYfb?9xXwZ-#xG4uWNc7wN#Iz6Mz9lVN)4YXmy$G9C$}ZHsVNiAYr2KoNCa& z0H7o|sfZ8{;`M)qYl;|4x{~)J5)onEhf3`Ykt(mZ5;x$UQxh*=gx%>U*AI+nH6q3v zx)O+oOVKE@vDum@XR@2gXWS08nuUe=-N&&ZXKELRL@=(Xq1IsH+S2eX|G^=>M4Dyt z=@fcby7n_(7EGc=-J%)!htE81mA+dpEa?T;Fm14LcKlwmrCHCXt3h=RQ4~%pH2IjE zXV3?+kd`6XbPO}Rz}CNnyel&ATBD}OT_(vHv32;RyYS$wzj+3&{qzCAkzHtSGL%~uwh zZK)^8JR(p?PAi71>S{OFuJIa-E6I6|FG@cGni+b@c^L@|O_Hgb3DSPo8-A$Tu zsA_FbKbPM%gG*0ExOS+T-Ai4uUNeLKUsBBbkg2=RfX#0@87}p^$MCMP&Rj#=5SHt5 z?t)%aVYj6q4d}*^lE%$4XjG)CZ8#k_$lI*>pDbl}q8-sUdCpD=k8Z>@9GY9MbJSkA z1==22qI0Vj&?M%RI3?>#Qc`E+DvOCtAvp!29vQ6jOiO~Zid;Nm2p)e@o(XkC=nPKn zjBZowS6$C!KWM#!b@NBhKG*I;m&Ew;PtR38P`gEU3s=u!zIa6Wid)Z5pU6BCWfvG` z3S0Z;Yu%W?Gsx!c+*rG-mwg%9Ec44P12Vv!cO^oy>3F4BPuU}Fv~NbHQ5MP zzv5<^%%GbkX3N$MH`m&bwRWKiEVPPT=}!lmX?weQ?*OM^h|7%dWNr&_rtOPrLKc97 zhugYLoLl>Kp3i8rWj4$$jsR$J4YROg5Cs_d-q@&SU^bhe@TdS+ZVgk+M_5A+k z^|bN$c~*Z?KoNTG_a+YTB1| z(jak6U*713tnz@-6ab}IKu#Q+QED6;|1Y}MsK^|2+VRBLc(&RvZ$|kMM<`wRf*8E> zdKZ||P>6<|f+$srXpzu4#RvvYAdGO~oqB|x-mrTLAXnTm@V=+O-9K~H?n_o`Uo z4_ed*S4|7>_h|?J44EYvU#K~!U8!NroM6nt`j$*22W;?l(W9HID1ds&4BF+A*poP=T5GtXu*;sO_8$0mfCb)Aj$=>^Mc--`P*%#Vcv;w6;ogDd*z*OnB+?S23Wy}i zw`m2=2Dru{PX4m_!7axSmw#6dfWzwXDa(zy?`Q*9w&53f*aFslwv#qv+; zNnRZv7zixbWPiT|X=vcTJKjHm=&ASb0h{OfE0|(VK_TUCn!w*8%|C?%JenMSMO#|I z)i#pOf)dp(}TxGkmh@w0U2vpK9)jKV9Zd^70q$II7xQ}_V<<>CRfbAv8F zCg2tC{$iK?arW>>dV*~FP~r`E^G(`0w!??{E>S%nMR+wF6S57iKI$K}La3*m%gaqv zW)jt$_8`Xa8~A=@F+9T0bQh~u!^)c&e@d|&$jYQVBWXq;f>W7ivP2REU0z7EWD?aK zYY^25%XW+}oKl^(gnCzOvs~;Q%eTu+a5Le-AT#e7l5p97Bt|69&8Gz&!el07$^IF2 zI}_5hwa4iBP98bIEp<@$%__mTSb#okntot>n5c!t@#?`SMa-pyH6L_*^ylq?z7J|$ z5gM+BXu*`!E8>pgdSbt(RB{^lVh%WF;{Q4&&&?I%@q-WUFl6mb+OHkf|~M9pX%=`e&MXU?>Fd*&1WNE?Fa^&M9i)XXEfC8h!;(@XX^>9 z7CvEKOHH}g#>4vQR+?qZR>GT*(Vd{rJeV$YWCO zavBwTr~vU{MzGZGhzqk9Wwp1v%4i8cT2Gd;;UnX?0y=^C#o!Frt`mF1_db~=rc}d> zGa~v0W&cCU&IdZ<3!?VHGJV*3CjA2=cwnbQnI5cNq=LmfR$-&b!Fa(xH#WqUUhX2x z5TKoNm;`2&`Spjr)rKM{(OQkmTI&GkE`*!o3)symzjMy9cMVC|3}E8o^DX40K~OFK zlYUp-;0?z7Xb}?)dQUL8wJDWPE50*VRORjC4K*6Im4^cSeD>KB?hz-z90|D8D*=)^ zV3S6s7!ZZ{$TyU!H&Fi#j5BaoB|=LuR)_M+ocSOq19h3Eq*5&P(ST+c6-9-idIZ%2gQztp(?1@J zW3S!*i~UL;A-N2<87ZS8kZNs-RUinEf|usl@b788gW{H7;!d`{X`mgw8`FZYhfos! z>oRTgCMq}oFv&)#5z>oAIGI~5ahKfVwxZQjWbT5`@sItw2cLQ!?7QfQ~HCayGseFKPThoJf0e7ov z4p%X^TKL&aw2r5FObB|sbH++YP+;9;H%$h1KxWH3AhJdj&wWO=m$L#M&< zmh#G`hnl}pvm&b;Bd4MVe0tu(qsgNP95o}2A!Y0)aidKX^|&N34{5CJ*c}k1^{<;! zmCf$$&F<5s-0TkZLBWR|yxzHx@`1?@6-fsDQVI7a7oY5cH65UNHTe;0{xtP3HO4cz zOB|l2BR5v|3vYlvnsFDpN6#ePU)1z(!+<{JslD5iwZv~?Qe@Y~0lYrV?Xh}j!awH* zKkI)yO#;*8%hlt)afltA+h0H*er22>0Bo5o-PU<@Wv*0Ld2p%DDU_~J7ssmdFM`qn0uPI zQ0y#Q4*bQng6+5a<-xBTv6mjh(t}LYqlA9X5k*|?woIlZ!|{nOO!XK)^L+wOb6rT4 z3HNvlJAb3=1IF?|5b-+io%V4^(9xOt>lDU!c8D|`ih@IUh+n7uCmxrxLLVIBIH3i% zG}6ox7+%LuychSwQZR2_oMdiY;|V}zAu#S7h&)JPwOr0(g}0iwFx_Pl>4Nl`!x<`9 zzV#gcShdw?*Zbo!^5aqJ<5Bn9J@+Fb#5*vjZy%RmR4L@+Q9zECf2Z_0Y>e&jo2mv8_8ga!Wlyx7p^NAuq@(*Jug{d=J64olpPfe3yaF?I|L_dOl z7H2p-dU3r>roJ{2e7Gh(4Is9(mS;R_ljw$u8WmUusmvzx`E97Q8K#+L>o^o0chjOF zlf+2+xlt+Hx2LAu_U%ngFf_AGsKDz@j^ph2%zKaH?a#9w-ZmJ0jNTBupn7ltK>(_M zBHOc;$41lQqUkzIR+dV2r~4|yQw0B{$Rgvm6d=!dx|ppDtWls8WdWd>jTuk1+Oy!e zI2!BfLdWG_T?T5l?0Kt^vv-O@eKeR+y=6!g2AI)22=fpUn&I(;nFqjntY&9 z3mVLx?U@e;rsrmsK?HCzFh_>0p+rhV zOpkf8IBtLreKpFKg8$}fAha4jHy`K!s0_|JN5N55v3pG=}L8q$qXg?g&TFt#;XZRUBa=N>p62y({(AG}@J!cG{OSMf-6kaqcPE+K4MT zYW5L(rXI$>55y#CLm=u}5;04N*SE#qz{#;AC`<50PdQ7PafMLnCM{2Zm2=07X<0|q zSf=z<_rfE345T+y1zc-0Y{MHfDz#`iyjjd)yVyjrXFF;&U?_jINw2@W3_{p~E@QnVK; z_z3kFJ%s{kEut@m4PBJz>JmLn$^J5}G9kTRoxNYSr`AkOn>9W@IzGDl*9`hWJSbp* zH`@x=lg_E_qY|Ms8b(!l%!y4oPr5)4I#{p&xlSKGKfm&Fx%fCp-V)@6F7q|Ze3M=8 zlh8IANL(u5AC0oWP`gN08PvEl*<>+7dwNK?NqgXMD{mu7gj!_!U5zJF8e23lQmqB` z2mTF(6Mc_*F%EMnr(EBw$|u+##Z={Ok{kvjOD5!s8!hc_QDu7DQe>@iUYE!R^wm@i zR4T77;KF+MXtw04Q84c6(s6|Zg)5zbuD5AD;q-7`v6phGUzrbJGkW9o z$vX&D9JPbUS}&b%vR%g#?JJ?XwkXl(vYva*0KsJc5YStxHe4^uPOra?_He$cqyAYO z2(GSh2>P7ZZ^7fnHdLfbeJrtx61iuMh3f?c+M(&k2g>OP0W)?7(=Me|Vu+xF4f`Wt zb4)#HPde#QZMvlVCA@e3OTmJ|hjjL9t(I`Yb;!I)KlCUl0;j6r#~&|8fbOL`dOzX_ z0V%z8q#du8&Gt}oC#q|^vvwWLP_r*HwF~18>rfrF8;{um7JtF*{GK>QtND8dLi5;) zb47yNgTOudj!x;txliX0f^}!gEs8-;Oc#W2A5yrtmh!>0VJoE4k{{&yMtBu$b04Lo z%RcQ2J)rWACvdiAf)R@b?rYNJDa}vV9tU|_z~qdU+nLrDXdJPxH5ktGbXDMsWz&dv zIQ4MH!~Iy^^t8JxlG!lmy)G-BhbIT}S*i}EuZo+QHNDuu|Ec0ZeSn-2H$=rfnc@IT zg*)=6hAUXr3o9n|D;U5giei-;m-vP@2#--%Jb2fca2UTEii!5d=#^lZeJpyS8vKm ziD3|a6i=w1XhnxYf-Q_*I*3vVldNxX&6uIJtoinC z!7F;mE7iD5w$1KN^c^?&rzCZsL=e|7i1RT<{0;`E<`A_I-0p?4n!v7QTqDg_B$j-* zQUZ$*4jvUE;wm@E($QI#nf(K+Am`|05H0;~xU-FW2kV0;N1|+b^DI?R$}8%sp|;P{ z?VQL<sSuv%N_8)F>t4t5T+O;z zuMz#We%&YV^j@pWZ?|5GH&2mo2)hMKGiet^OCaJ=;Ey2ndJpPmJ~zKOcb^8qPru#V zH+Jw>3dCP&FdIyQ(@3u9n%B)oIGKnD;7o2@Qg}o*Rc;BQ68Ma3u4N*kEbSs}<*HhrRh7!@2avq?v9e^A%ZeyNhoFGnGm)9e5n z2zX9IiY9KO+~hnqLNBT=;^^tQTiB_-aPr7H64ibK!qQwQbI3~SByrBq$_Ze1$`WZ7}vIjno@sTMsvA@IJzQO9jH#7 zEJsAt8}!xDzZQ#@#GYq$vwT|7T6$}+JCN0VDvi_6X@ELq5kAE@ zLoew_Cx&2SOK@_rTvRS-Ha3EBu~o`}mTh#DJx&D8ekisjgKh9cJWEgHN8zz!n!QNe zZoI?ro<-i1UAs1;W;_&j-Z0jNutI`-gvMtc%n^ZIING)~?vbe9d~;7BmXV?nW2Ph3F&FN> z*<9rAf|JaQ0#+()b|gv2xLoXqHqvwVpOSZa=Wqc72moN||6>gL-z6{O|0sEd>};L> zg>MU6INIAeTKu;RbhS@Mr2kO7B<^YpkXZiyBt%&N5u6<#|p}xD^nO?N79?4=3`3C;08)cc$_&h9%#3(R3WX0V z=s0Qo0f$0BQ#jP>E0mWnvH`G)nMgSri9@8W`B%FOCcACNc_ zZKBDrUsOkS$qkTL6S?CPpeuP$-rCx=h^>!LG@nNqDbcKtJTlNPxRdkR!_)+sG|^W; zI!9weIy!^`4}o+7b-EEWLqY@ty`lex8#P!;XTQM2$t_z)SX&Lc{NaV*s&iCGLcNcN zN{EoXA7i|FNm@gQqFN90psg(_u3-Z>q4?Vz&q^kY ztq+h2EzUlcZ5C;=_zwLl85$(ZEtoG?R-T5-20TCr%Tx#IvqM7=L}cu&I!&BJKHTl8 zQTaP+Be_j;KrZ4XNmMPVXmgUmOTABYmS07{KoSo%s(4<7sr;7`PJ<)h6&OwLK z0S1ZyDjJ#w0;~63j0E~`X!_2q!v_4TXd=)cJFUL(Kp}g7oy~g!MpncP&s@(hx_c%z zYq{uRqOrCo$RTB#mMo%ufATqKkgXD3QIYq^GXv!?*potQq;g$(j;P-aE|BwCdoLgD!ZRcocr$ruCERKAP*H|6J}eX)J^{ga;mO#!r0Oir>Qft#g)wkeVjReN1&EcV~1USP>3b>=z|r*Y>EY(VhB&nzl1of73cH#Y!?MVQf<=v3XB-Z zX#Cw~%<4B@kC>uj?t%lO_r&4C5LHriEu=tKNZ412Njf>dkO*R6zwVj?OkHilJUT~v zd$SU6%w(L;PI4as8OIRULuU6~ezOv8e{#+2X)cep-e#*!+{;-NgrAXawQc#WGyCy1zDhXjx-*$ z-BP_G-$;cP&&Hu_jA&?bWOil}r?W%fF7BD5axC!;178!&o|N^ghA)q!pGY8f2UsHP znX{+lH<+4KBoj?C>%;7rtY80a)z8-F6WLs+4#fYoyu5USZMb-3W^m`o{1;W2@Ecc@G_>L~Gt#3+2oHQeVYi*36c5Rr4-T_A z7!9*3QyTCg-atgZIzNZ}O9nBd5ScZT_3{u2F zt(@I1A*YySu+Ep_8i*{|jXr~ZR8)*OdscLrNED%(=5@ve)^GZWR(W3Ba@4~Mt+J0^ zN>9ZtzQ=;N;M>EiHt2`Z`!(|^t=*^h$Sdk+vCjOeHG>MK$ms{j=vOF1g#!5v;rj=@ zZp$xura#BF2WZ6$ZlKUrzZXW#anfd~<*8)_6jFU#!50Olx;fNb%NOP{LyP7aq>65D ze^a=oHHTJTi|$d&ZeUT9zjBv!6LO7Z5OeF=$N%EPyXD;oS0R3p6cyx#RsoVE_X8|Y8wSu#k?6ag0`dRjl} zx&aOTf$Ib;mL7>lLbfBjC@Q$mC3Vgdm#M=zk13$BNk5OSA7kK~Od07C&(QgY89Qh% z0O#AqseIP!6*O)Ni5AVDs$3z!Hgw7&MDbi3BG})~Jk9+6rk*uOgNILKqoQ?PrZcAU$KY?p?izF z${6ol(p?cbcCdRIkk8u@J%y3V*S2;DHkeSnl{%4+-XVJsD2gj&_Gu4+u)b{x-==}KfmkD8D1tRlP(&Kl zjN+OZ{Nz zRk!C$&Lj6J$7#;j<87`Tz|_7wHbD@Iu(A`ug#AnVePDj33Xj?U#oIdvS=uhyqh0K> z%`V$kmu=g&ZSAsc8(p?-SC?(O%T>Sn&Ybzp%(*e&jks~*M(o)8jo5#_`Q&=m%FLCE za9JIOjs<-PSu8a3X{HdSb(#!LM8!X<34xOMf31>ilwt;ZSEK8kp8)n|y838Dbq|eo z7;)w)8-<|LoB@uO*0Cl+=Y`=qnfh`O9aGlxyjWovFZO)%OkKq*)FsO`X@Gg_Y*HwS5Udn{bDXVJI+EZV;>Kr81L$3U(MQe;)=aVY))ht(p^3?Oi-fujX}=-)0%E z)YxblvK!)IGx{B3MESM!B^EU+SKgl+atxq6ck*K}`MJbSdk{7fnP-@_@&&J%tsJJ{ z0`)G6$|TM6MY=R~07WoJ2E|zRAjn-~kVZc`E<~NxWn4?`spOAX#b(ma)J9 z%@KyDFPpb=vAn5&!)$H$l?-_Q=OS}`ed>5CL_}YcP%u%3rF*V{aPl1K4zB*QlrUTc zs1h%|C9o|^d%51l#${e6YsVXyDqs-~DznYHUNfj&iAG^!lVyH42A-;&xGo}IqXI4R zHkrTVWP?d0)7!p;RCa@)Fh!ntI-47p+s$a9!_U53{@75LR85#rBqbpLb2pTpkysO6 z9#?#J?=Z@!DOk0^?#*Vo2(pcsBi`pxGz3|~%yhOPhy?Vebu~hfjA2=A~{>ZMd?XB@lAn8|-G0Xd~ui4dxLSO#y z&(JHLwS5;6OeOe@kpKGFvTQY8S#fZwqm@j0n)2N$MX>H zHhSYk3bA#HazO7)9v^)p^9#pRMw?I)hQAnGfX_+2Lj11s;UCGf(u#xTefrG3!hS&v z23}hF;}w1isOo832*g7l>w2pf%&~7JN~EBt$)7ay9J&AEl(+6d9)5_HJR^LjX0eZW zS*LB0Qxl0-_op;LI6XyY92#DsCO<4FV?0d#)QynTR<90!io zf-7|s24fd*Fd@qT_;nLS%y?#r`@@A!%&H!ifne5~u9jOKWl(mc8lz*m$BTZT2_~;~ z*ozU;E5h{F6L<@;Ds~;S0lL{t%oiPRLCf*b5SAL$Kihd^70e>paj@IAS@TX8u3Wva z`0!KF}F_e zY-DWo*RS1w5yq@|{x54448Yc}3ztT;2r)$dTD|;6gg<(b-xHxN2AJ`v@6T&+*BI8+ z>$oa{sJcTHk>Pd1bl!5CYsEz{Rj{{_PHjV7lA#vE0Dv(LbVil4x1aZLJpt&u5H<2q@4o!VDcLC%MhvPRnu?~ zwW1VBLlNbO(=(9xgB*@9ZLL~EGpc5}gKvKiYezow9>ku!&mZRN;^a>cILligb)yiL zCB=0{bIV_?^KeZQO&&E9l{|Ji5X&ss&py0!6V0I#^3{sFG28b*afK$Xo-)7rYD)A*`z z9Da{&m2IS4T2NK(Np&F0P~8?iZ^(*8FdH?ym9@q|n)oS?%4YYEeB+f+*dz6Ku)o4( z`76l`0e$WG#J)!Qt&AQ1uYp|Lw2b0kvK~lL zb26b^;}3(~0I-(rRSXpfXsBYAq^RY0JI~eV)+_=hMW=D(Cu$pJ{a%ooJ$)%P#Hp;% zpbyxOTpM@#N1swR;y9;*7us19eoC~7 ze?TYqiFx*^JmR^okt*>nhmAi~(Rx&U^tY;e#jGFq7_~mE!fZKWtoQ_w2;6l~SM5-! zKtxTXE4u8ATuOt3xU9$c^i@1uUfByZbl!YF1}^kf9-*QPITu{>NYkh?glSi)?l6r( z7c-jsrVj=$hnkgS1;r93H=%Q%CsbxeOy}#@B|P47egMIPX4FlkE~MQMBs%+mA#3ov zhcR1tuBY70UMZl(<{#EFb9gYEW*x(`<=(E1%m_WPqvU@BG@RPh(@@Lt_RQ zW@fSydgo$MJfj!cf`YxfHrAn>ost`vyRZ?vC3yl0DsgE_Y6F}hho%LOfhQmJ5vw*+Oy zzTxjin-36d<7H>qUXn^UL*%hoeJRA37FpOIvZ28WKeh)dYAwpE@Rkkn`_)VmaRpme zv~Lq_W+;-`RVADjaHm|^@8K_*GBP}J#uj4{7sOX&Iy%WV!fY8D! z?Tr!3r^9M0m{e2iT!J-abx)FzNh}7V^O^N)X&PXKQ?^)7bE#t{Nce1e+vK)Fz91jX z85j(5qd^yGXC=sGbbYbH4Y3+Y4VO9J&}03a8LdZcn^AVWFNhoex(GIkGQCEzhl7>} zy=A68)ieeVcJgjS!FFg7%B2EgWXf)I4yPF4KVoJe=Ac`VFI>kNh)9%2WrnQAa^-X+ zw~n#&LNuUARjqhqaE?g6AdnY5t43W-hQvwbE$xx2fTL1aK3lfyL7@v7jLh(52gxU6 zTL8_oT#>8V))6z3dWITtet*yE(T=jtZo1fKv)d<`OL44<2nws-U8)Il5{Gef3E!YA zn_DNM3LdrW4=^hgf3X-vTu$tiZ8Tyk{f#Y0|08#*(+X~U<`_c(amdF7WWGg)DFh;t zqfk_wg^#j(o$NPJyu2u>mwGOS_M{Bu6FYc)0Siae! zpneroHCV_)O90o3weIyzoqj!Z!giP!mkvdgXA(EC6ifVfrtFLGWhza#(gr2%DfiRQc;YX!;kkjzE?$J zic?iEmK{^ecZy>D9Nc4&RGQWpMQu?X>KTtn-xi6^N;)sna6f^Hl0k zWkid$Z^pyJVbo?1>YodLtT*EJ_e1p;e98@n*H1@iUVB@#r(s2bBb_5fDl@b39GCI9 zL-bPW9ai$f$A7RCQ7u1CG@U_26}9J;{pnE~f*g&P!zGN2 zl)Je(p?A2aXr(`T=SE{vI9v~`YO?#8872nuX0I}>ei%4t7+Ww3F?*DsY^P+4jeD}R zm&KUolsgDv5l2gdm)xC@0q00A#aphaV<)^&mlZPN(R&9&D`W~)PfTZkp&mX9TA{1} zd9L~L?V-<<7^t`FLc0$91O*d{>-fX20zZvdr7N94Z z+Hh#)Tb%t5X9m~zojCqKVUF+^IAbvGo9@Y+sI|;A$YDiw!rbP2>SM^50r6G|M6iiu z2oc0*twa~6TXgzqB<9aVJBS%{@8R09~>oG5>5zaWAa^=&57n=@k@VMG4oLHNzk! zC>+#qb{v5q3BSFTMgIskMd79*^Y?|eN>#;+j>hcwm;?7@H!~^2xB&rvEKK2#pFy+0 zj$NKH!00cibz~a{i)1`dAMs?$JDfzBEfglimEv7{@>SP{Et65B?bpC#nYb0AHW^4e zb?8l_M~FJLugE%s1T(Fa=>&B}AwbK#SrJnYXJxRBB*7U5jlQW@*^J|`r_kbx8@>v8 zsz{gZEtzM7woi<}$=q(v-1WP#yH39|uU5){fEWBo;2)_VrzrIE_=s<)jvCGrlMWVD zP`IV8_K@te$e^U)ua?t{GJ2p^D}Uov}kj@q_5=Dr_!Q=vvo4AeNz3D+8Jl) zrCi}CIi1^ea|pAgL~gqxvlmR1G|S*+!kj?)NTXbJUhTTB2As?MoL0v=!wq%AI&HV0 zkA=MN=o&-1Fg{V$h;HrjP)o8xd!4KEMqWv3XKKu_rDbTx1t&yR56Zsv78*-Qd#{ocP<6j` zGL_N$Cn_d)7sF+N{HQfbr`?Tr$`j{jYnO-~)`8b#)M6QIBk5LE%bn@WrHV{z z7SnO6h`zLcqXT*-CudYAbD`yz5LcRO3C<>E$maS|EH@DKGu=+{k-5o1GN+Hz=7b4j z!W*N1n4a)L1}QO@*bk?T;+pP|d26eyDXH zV6K>?`J1Q~WVRhzGo1L> zu;L$Zifi5-o;;yI#cr{A_;* zvaVp;`L1EH8(gmxs$y!e?D;3WF599fW*{2g)9$KlcYHAWu+8OTbRQd6^z z{9Gaa=ztu`WBF}GxvJ}G8kC0YUZ{Oj@5vN2;g9-}ovg0LZS`Ff&)8?o=!OcV-|M%bor;$0^+vl0iJu!) zhrNK`Pxk8}%L~I2zo&eiQ`hof^kv;TT4A`Ye_2lbbXj4~C^$tL${yI#Gn{IDYWKUz zjoxr!AkFb;K^a`briETcnK?AiFVY5D)A{vqs;Bi{+Y@yTb2Tb1~go6pB1#VvNAUOiy!}A z(xYsth^>s_11GMAgciDPRbgGGl@86^&?E;d9IJrc?uS+wz?QtvOucc=*q#y2etLE7 z$@?d8Dv@y+^Nh{(B?ISSWiq+2h;wGb&SiS#v19tcdwOSOtNR^p8|(M3nSc<#k}%99 zaEf(F=6v)0E?@$+`RdSVde8IAkx6FWwJYOi>eO;EMMSo~CI~uMdM9i@F2;e+#S`Q$ zWW$f@A9?wx<$Ml`-M@~cHYktKezRfrzaayR-4cM~lsq`1U7X0p%H2S+fK#Gl$Y(TS z9KuS$VwI=q9n*I_o>iO*MEQS(v)K#ez7I|V%P%d*0c8Z(Zd0Jz?pOmAsX5~mqac9g z9AKiF&XVOO7gFI0vbBEow|z2{$vk@W<7wQ(y`aK;DTc8<$M(n&4eSbZljGL$*fK>i z1G#c5j387Blyf6;zjP=e?+Y7Js1jv=QDUGSL;b{Xsji`K*G|;zT7ja4$Sl8V(Qf1} zAcXHCqYsepzCSNOjw(xG#d+2A-bj4DubbZ0MoqB~rXHKSQ%9K#aVN(>XMc=u33t-& zq{dEs7WR}Kd>yGbi>_RLBngHLZy~j7%5Ln5rZ_vyFY$~DB13qDlrBsC1Ie<)NSx{< zGUz-}$6wiV(%UbCPbxTv59##VvvONp^wA2vw_+S9|jsi|#lt;m-nRlReT8F1PcJey;is%AH0m6Jl+8DG$YNMeteKjBR~&8#mv z9c(4G!PM=Fze-#9yk^NY+fL&vQI-cp%LKcyNn8Tu)&?=EXb z1OQrpm=cZ*dFbIm>sOl!Jroo(#{9s`v&Pp3_Tqj1R(ssPx_dIrUSj+yM2$q-VEky` z1?id(-$;g`K6**;n5gdIW*)ECzevSPiA!IXbam$MoNe66|l#Pi?fWOb_)^T?YQ@CN4`N`4;`LJV( zbu4kZ3+X8Fqw%!+lw*$Ll=O%D`*6;;%k2_!kC}=*Sy5hah)0}ei_moPE3tx(&w2u{ zoTK)+KT#b|2YO|-S}xR*$=>s|rZT+bp{oN|W>IW+Lhb};nxZ+v__o_uX70e0bFV*I%ApMxQ_+Lya6;?Hf?su?uEpdG}k{dT- zH62VZ;!QFvKB2H!r{*QHOzTEEYCkn2=b>FxfxGlFGquIoHn>JEcclqd@9^%)k-MigQ)3ckT(npknSrf&>*-7i+Ya zNe3e43)fpfcVE`c7pMe!VfUhIcorhh3P+<*aXL3sFG&qv&9xJ^=GCabDz{s4;2EM9 zcJC=Iz}AVgf7%9Sn+zPs!Ja&yMITu{Mbm$NI`YprHqmStOS)y>Gg~35w8bg(tt9in z@*@0hQ>4f8*?-GX2tFg60fW3OfPjGJ7SN96n3^yvYgNodUrLHhk0bsy(3?2Fz_%Qh{$oD22R^p|V>?>sxkH zP0k;0yzF}mMWXe_eq0k%IzEY z2f(vW9Iq+-Mv_97LIZ!3{&@_uUCQ+F%{Osx1>y36pX{Q+^G{~|md{aLd$*78C!`*d zB&R{?teoYKXih-DS(0?uq+~`P^+hLBYa+2~5YZ&zXA7@4XO_LSW@6z1=Sc*>xGM`! z2A*kQRC-)hAP)o9jMm@d7z+s;OOKwo`H7az`Z94+^-QxN`p<-BG)W1D#S4=qXZlPf zfq5<%1>o6CEfbVgC^QZrlZ6hf*j_cj6a2CuhroF; zn15~mBYZi5|6$8wgppcgaq46Tl+i7h^NOI~!B>bzS~^Qzu{I4Hpd`EGp1*q;4oYG? z&_h0iVUhKtcnbPNvEm5l;tGFx)0=&2qhdfm`W!Ig{{1IPEXW>~hR;^y$kesG&u%hk*2}+g@BeN<2oqk}! zJunbKZu-2Kwr0G@RZfu@m@KP!{5X{UJtKuqCgS0fCBLt-BAI!T)mSqZmmNg%I}}X@ z&o?fbZUiw4Xc65usy^7E0FEk>FVCubPssV#j(D)Pq3}I=#dEXy*01P;DD?~85#dBUZ_S}U?@T1)QcY2va&{&oyQRhQaxhH+p zQR=r=MDEc|)_pf*XwhkQnW8`u&M*J4sYGU*Acg)qh9Z9p-BSOyWBAWQm}vb~Y(p6S z)YOPht~lVIDSz@)UdzWh;MYaThy^y^>&?JI(zS_cti*FQvXu;)-iMZ!LzaH~=0m=> zZqMKIBH-A`{M8-(y0((G@qTl6=K5{=hB^WT08=P!L_bk;Qjt9f-%?LTeY9a2VJZF6 zb=_cmw^z_uuRrgqy<>LbSridX<0Dtj0CUEJnTQr@M&@66L?2M;pBW~f3ZrQIM9}=A z(e_(|Z6=(njfk11osy>v8%FS8EZUz6rpm}gsr(>zSgqxay+6W%u$^-8G%1Uk)PAui zG0a@cP)!ziBGz$g9cKJ9jz+m76dT+oy(JhEFz72vUkKt(oo~{BxjKpxB_Xn1+%35s zK*LkJv2_LY5bvs8C$-$wzkyqA#2y`Wa!o%cFIH|2L!h7dgmJdb5X28e&^F4ctMI6i=Rtf~0#7=emvq3CD=&R_=X$o!^{G9fO_Ps-+%* zKLOP|*9ye#VqXn7Nkpv1YD;O|%GN&%6+KzGhaW)lZ6Q04uF~BC+$pmm6hkl1o`TzA zDJn0TAe_eGN35H8WJ`<31Nr1YhCj^!{v?1=AZ+HEzS!<hgS9Jfno{~?u$69<iU7bLIGE0^pt9uB|C7u}P&< ziRq8Owsn|(`;L#3^DZClIxm+u_&uvQ;e4arb2_{J@$%2nFWW63>Rn?{ASZH&a)`VH z{r);CEZ*&d@|m&WE0)VPqotq|3*nEOeuo0h8W_Pu?F~jn)$dJD{1%KXy)!2&&Z1b@ zgMa)E^C5`xf0Pq~ClPc_$F!K()#rDvY?QETF#XDCYaf`2n>rVo3AO>VN97TtuWSw( z46d;ku!^YB0_|)m%9S0oUe{N%{!T8~u#RDp`T}3vupxd=)ly>c?Gcmo6E}dMvc2!H z+L-CSh)I~vFr?bXETfB;4BAd?kRFd7)M-rr%DLV^Y$q;Ym@@mvWUN_MU#?PXJx#PW z-RqT+kjfxLHY2F?^oD2ew!-8-N+bgen|TG~@D6I;J0fa7`H-@dAJh*e#LGh+CY{kn z=lWfSECmJ{s)l(qmNPLS@!iTof!eru9fnpL1N6%UCk`hOzbKohI7XE+%sLZ~Yal3}Vu;*}=ajwA#67UTN5f zH0t0k>eQA<+Wot$ct{P!_tVu`sY48!gESk-V|J`}TCl&i)aKiy7uP_8yW;R8d1@RR zgvMin7f^pc1}~~3@r)-}djpu=s z1N8@aW_*%Fo_;B&;55lzf*gU7>0W4R&kHE11@II6T>Oe`vM?5lgyY;b)-Y#{Cg=w; zIa{B9+}ipdb=9W7juOh>F1Y!(!3E=g!o`}+JRbt!b23i`Cxny+wm~i$+`+F6HaH_u zOgUE~Xe}dGOv`4SgrUX7*cRb}$sR}n2$C4jFGL^`w_;{a$IohXb%nz#8*}^r<&}~=Pn+H*373w{&%U8sIsY@%aLQrEf>)$ zRxs8Hrjl12+r}$tFG;Hv{i5-s#ag5xh5qc;;DPyJX+9Tm)^lHpMOC4xlKQZN3z<8?v_Sfu<5!JjXUl(M z=k%QF=6V%shwt)jMglL{C+v?cKsVcAhZb5HnaE=>H}GC$LQ%lv=sY2r~Nms~@Y z5LS|VuCdSz0s{p@m){qh3E+nyJsp=Ds%zOGX$Rr=O@L4T296&&{XxE$brCRQ5Ls;9 z=J+@@k>+^W>G-;Lv}F4YZ(AG&alyQF2~ilNKl2O~wrda?yN~?5i=`#eC?$v}iu?20 z=l02YtkGINHuOSlKhhX4(jhFGnfhCB=&}?Wbpd}jA39wJPwF8*U%D?fl zPWUsMwwG);3JGYFa$y0GGFytBn(>G0H?dMj2f-p3NC%}cH0%ZdSaH$q!}QzGa$#=z zZkYS8ed&wrnhON`QE^qj2*~jk0R|Qg1vjmBOdd_bT0N_g-An1=R*Xhf(w)2%gAN%q8Yau!_T4&v))D_tE3^5Ry#n9r|^tgIP z1*vN~qVI`@(*GySF~$IbprZVUIqfr!>u+m*vPaOKs}{1>Uh!u*)zc_sOJJa{{WVHE ztZw=Hm!a$w-6a@EMpi47oLV-X0s7~W-y&5>Ytr*L^clIw7f$PpRVi!~FF6q{rZl6~ z)@iFCZG(TU?28|405_|)nwCAzsQz~JB5Q9%IcU2-epE!Oad7)&!F?L;}3RRc1 z?|dO6eTT{-o@NJId!Q+4`LPdZmr3d%_u@EuQ4)RW*n_YgJM5wpvy()1capcj?j=7$ zw5V5FGm42v?NwteBb!8nMz-}N51Pwz>||Na(K;S|H1_?owt0m|APli|A`0xqz`M~SMgLSa#0byDp%1C{45La#u*nMq^?^ys=l1fq+XlGix8B@48$SsB+wfGTs@yXU5=1J82cP_t|%bg$r0>< zlY1Yh7}|#Tv`&nz?MGkM4wO1ajUR|>c*t|8lOu4$uwWD_0jMFA@TWFRGYYWzpuzAr z#;YJkC!bcITPh955a~V_^ZLha#uzy=LFg-b+x`|FB>qk0_n)z=dSZ)WjN`M3$F+9R zz?bJoC|A?x((Ig*eFM%|zg^R%Bq^ZTZL9eW%xedPSR;T~WG_x^ z7d7f8+~+#nhyErIo&Uyt3%A%)%G`Xlkc;W6fL!x9E7uN3hN*7|bO5yIk9yNl!RGkJYmy52K!5v)`DLb{NOM zZk+;n6_02|AFn1ckZV7@mGe-)i;rIlcDltc>(Db000siiMVbAZZ`o(+NPsu#8Z;hgMIi19Vwp30lt{)X`X-7kW$#ZWT z$IAug=&j1C9ny&P`^1dDf^SspTv@@BgNk9noUvz~F+N0aBI6;oI*-N>)7EU6oSp}y ztWJ0r#Snz`W|%9Gman$vpZ z#eJTyUqiFhz;rFCS&MM4GvkZMfdamZUJ1;HHLx`Ye+B|MvOxbu!eGts5bfnM0&aD` zaj)Yc8O-vHItz~#+6@V}bEpTxe8XR$BUecjZ4QKgW~o)~R^8w$+$B7TO!5Z$fe(bPN%t+=Zakg0+AEhGAGQjLWS#LajldF4R&tlY&tW zL9u6mOSW-fk@$7<6m*yVI7|T7{eD54C7NzE`eag#w0z9k&X77z$BxET)=h$J-N!DR z6}OqH4@-Q!=X)-eQq>R47;uMv1E?UeAP9xLC~h zPTq_)ytkJx{~{q%ROyh$K2@YCs(AuxMd;(eyMl=?7Bu-gl)A9B;31)cgjF{l*JMru zUv|!`lLn0m*|I={k)kT=uuhpq$^H<0bo@PW8;;Kof3lO_x8$}P;gucfK%MI9=;jzY zGYA4yH_#;53bOh)t4Q8@b}1SI62I2~9fG_kB(?xXi0=p~UwfzQXCc2_I~Q zZ!{;qY^3k)qKPw3(%rNfK1J=XU5SZ%qSL+<(Wd54+0$?SSU$u{Ii)+Mb+2HJ zPb|{?FrtE41$k4D{Law;3pUt@Lh#E&YuLs#b+-owGH4!)H?}31{i!YQ_qp?j?)GZk z6St?P3w_0=5SB|knUp&VK&@AX;o-2k3GKe1AMevE+2mUU<7aW&ryj-B?bE5v93k%z=~i>ihntCNenqc<9058?{gW7G2qADpV5V5DY}&g|CW=Deh2zhpX7bVu$05`La6cA<0?RYP-hOOb>4 zSFu1L?)?pA#t_GI9o8%bl(EkLR0PZ;z)*I#Oe@z0av=e>!Cfi0q=c1eJf}9nAng6) z8Z@AvzFzKH1uL8^xNnhdPu=rDVlLJu88jeL+nLe|9fZQ3?@ycJG7}t>R8V5#(RBxB zmmm6KEec(k5si^>;;u320eBau?hVQf2<=1j_)nJ-xc`{I2J*A{jc_tf5M{Li6hD|>Sv=%(QLHHcL4-!Q1wXQ3hlJT-YVfAmxEM@)L?`=1Lha3 ztB9WD^+d5FJH%b_?6rGD_7L`7nqh*iQe%D$%1yk_fMw z+`T+py>BkgS9O0JCCCEd^yD}%^p^D6=HkJ^STnsL#hAF+aC&%Hh!9%?0I6wA7X;wC zrLUC$5kO<~T&A^2et+^HI+986@4Q}gK4ci!NpOvsv6-Ca;sUQ^vU$Sv%x;8(Ch2MQ zxcUM}A7lNNClBJB(O4R$978iobJS4Td?U$p%tX@P7-qv7;6x-)eT?oy9fZ`3DW%rG zjLu3;qXL_zdOW;>^LWOOIuj2a_PHa@+z_ytt(a%Rq+vQAEdujqk+@kX4*XHwjCKqPH2B1&zbRtR$yp z;3b01_1EMv-;f8-PK4)s<078NLdXNYcR=i!Q~9RJ8iV?eq&{LE4}S|xJ_KWPQ}RvV zB(X}#T$$X4mzEHHWIXS96gWGbul@c?lE4q($)gjOq=5)ALx#h^h_5OzzU5}g935%E zWu%Yn7pmnW*`|+?ypabPw#(EAXB16`fd_CuTnJ|;o|3^1kT`fV619+!#9)YxXqah9 zq@zS*vD3(BBnO2LV1mSOA~Hh{*VX?CAm*~!#%7oNR!l=}b5zE?q$r&%HjwnyS(9-* zPtPAE&q1{_jqN7oU|u7{>MJfb+YHN1n+B>Cx7!OVMNw8*Qb+*;j2@bm<;sevF1K++ zWvPBzTvR=Z0HrKn+9cL53@CV%M;#{Bdj&+prOHxAY|RE%_0^nZ%kS2Sv7(LWqG z)^d?h+pFU!!$Nu{p3Xcdl(~{PZk{LQsJruN3w_H$a|uWnEd+FW`o7lnIl1_*lpXXX z0Rrp+Ra7%c@5QXXw^rKuW26$ClZFl3gs7q6e2xTJIpc+e*af?cRar(e5zr$Uz2(+T z3b#Hs(vJ$iRJLgM2kI)RCuogHRh)&X>jc`rSJ=u?X>IXPoE7DBnQv7@V4J+Z^~Eaai7&4@2n;+{9%zM4Xg zyR?MJacgc*_1Mw9-l4Plt4A{@WJo=<%m!@xwGCjNqg&oid&{z%fy?}CjowcAkvl(l zaQp0WTuR3wSn}azw?%`>5}J8k2<^TBy@ASdy2y|ZXFD(|f7%{n)mfeK=HmaJLH&Wt zDOF*{Lq`|LY_sKtnt}QrmrX~`yKfP5R{q&`)yB2xnWd!topt^K-Yw{ucq9q2K_3PC zM5ztZ^!SNYMJkiOEZ*p>FwOv~dC#0%P>5KV@|UkZviutvWHyO^&Jbs#`R2kY&&~~1YjFycT3HB4(_$; z+-K4Auy8NF7y9=w6Peiw zycS-j#Mnm)tfhrlOA9aUDBJQIYnHBxAz|02f0T%==FrJfzVw|Cl>ZL?|2j`c`~S+4 z|J56-QT43B#XmWGC=kOF}Zfw&PWSb)Jg&OlvQH^H3Kh!HtHWp%gf zDx9l@4*!kvs0MXfzS})|xLb_p)SD@xNF3{B5I)V_ajUc2b?b`u>fq7$@(pGi$m=TP zyE9Y=WpZwI-T`pVp?+XS*!A%M7!4`L>8q0>`a6tsZ?-)?*0$od>MTSOftfLqe)eH4 z1r1I{8jK@>S>~J+V)U(K{rA>wLls)&c?@ok%sd*60eoc44JjdFgM@IC26|?+i+UI; z+=I-SsB1rCjQuE^v?l(HaAUQp?UOn-l0BUZ1M{pz{3OwOBsSJX?YvGMw87^+*Dh#iO?Us8jqIf8UbsG0wu3VGQUKvQsf)$ud-?rAS39 zrO!~!fddFoMQ`ZA5=-WXs4vX3Ka8dt?wGib;mDyw81nU$1{t^o)-=9lAkh!b!*~X= z%%c67jA6)>yDkm4&n&c7I&K{_G!E_a&=-E7E_!^iXs0n-oyt+M2RAKKGKfyq_pC{l zPVz7>IDANrJbT^+mlTvIDXJK(2a+w_u6uWfjTpv86x8xBHc(JmZcB$eUH~(W%kAT4 z$oO6OkO+l~o>@k~l!g4P)^KD#TV*#YB!q=Yso=m994X>9241IBXdjoCW>ml-AJ9+^ zTINLBw~alIOp4wL!+~D5D)^f3dchFqBXFu6JAYfe&Lp!Bt7flJ$5EcKDn`qaXDo9K zDVU(W6>e{sY3lTR0o7?BQ4$H6)LyrZh!jWG$Nj@#4UDTvO%%P^u@!p=la*E=BOQ$; zL(L(zMBDT&xGO>V8o0ksU_ca_$tWpn>y$Il^~7n8qMHeC;ed1e@UC8(R#5uG&lr*t zFB|XoKqBfi>(ZVx?`BU1)Mk9+Evukv9Q8(KQ+)b(+C19#)=D-DepLx|XH;Cd5`EM5 z{N$vGA|e(l+w8nZb<~IYMykbNjBNme$gpD}&=sSclA{Q>o(3V`A|g2wVrm1UzX29l z<)|MXJpJxY9sboG2pE3(69hi;5vrt+y9MFYsOrx&(>w;{mxtlc>Cs)XEE3DL-@CP7 zImx)5$|J7AlRvF&dQD+G10qVpDZQJ3bZ7j38YBTkL?ng);2cbNGn3y8LPij=3;DGnQeZo zAVIuL&8jNsq@8Tww1J_Wb^?(!9Dpb55Xs{fpR9n>@d)0Z2gg+FNiTP+?{_IV$yA!UdU+ z^`1~S`ZW)0(pJx%$=PN-QF{>}UFg>bF0sv=zpeTT>^Cg52!2A?LBIMw?`*A2DY5e& zRNBYxz(s#^4E3k(CE8!opXIoOn7YNa{PnbMDaIDTi9^X znq#Wo(=4eB=U(#;oB})eMKDf4hL#&?j0Ibrax7Akm?$KL2G|M5i@W$O_q#%4hop)D z9?|%oa%aJvum079M4`O^r!)H1G2^92^YGyP0mJytRNU+{61#41E&5G7^qlM$KI@3e&OTZadxtOsZ zv)WUte>wy8nBX*R`B_dpBk%@Q1i&c}~6I2F|gd)fXx;uHiPDpul5xS247De5c7>lm{!Ddn14>rDkErSO5ko=8$I}Sb0k?rWzf>@ zuzT5e&9^R&lWn>}`!#S>^NnR4Wg2BpoXl0J$1zvY0u8(d!g;}HPZLl&0Ub(PriRml zM2%WnZM8xxYVjy};S5Bbph3itis_O-+6N3v8O~4U9m^)$M#K~BCF@(V&eCB`ykl}# zCbcR6kskc07aWESY}OM6+}rBSmG$<`&^~_Dnn)&~)(yM8EnSJb0$7da7eeL0y!!E# zt0P)E0>dm$57s(y&AB!sL9XLA>ckL8)?AfvGYwF~Sk&T*7U>QgylTg0BrEb6h#Or# zFpDGNA3WTtcBcbZ2aY2%!vDkBI|f)l(w{`|a(;M<8;2KP@-DSQOS$ z*1?rZVjYtQ6kM$g_WDXdTtbm)?(dXRG){G-y#-I5=KM9&SHm^tfDhW)E5REQwCcwQ|#)6@*9BRq!aRQjg|T)9AM)KCE5Ji7)l&AC+K`F1mS~{ z59r1ALwf4Zh_950EF>Fie{B*>>hvg%D{!|SYAV3_qEHD+rsXqmR*zxDz$zo^MR%m| zQSVquk2nN<3ezu*4%hg?UROV%z8eGjyc4J{h%lGMcqs3gF}V?HEbj^9iID=?E=KOD)T?;x4haX)*2 zh|*25Oz+lPGsmD~s*>9!D0V~7@s!?uHMa1BZV;t1Tb-4C0D54HIzTX4$RjqU$Qs%m zW-7gUF07U_V?I@zrwD+M<+rTj0_?)f4Mcu0mF>FV@S$qlVkWMhdF&eSCJ?OCG8Xtu zwp{+)XJZudY@A}?whwXls44DZz2lmc?y3FIKQ;5xQnsX<)U}+ioshMtu81>%SX(rm zpFdNxA8wq~*Mu`)Ae3lvfTrr@+)cEZC(m7M9E6Qdp(q$nHE3m0tfwpAZAz$fq2#eN9R_1iGuSXHf+q?7}3+GFmo0itFH3#o8{UAq=l*ffVTTUJy+m+q)-LCf5ZDfe3J!xN9Kf;>WC2FB zsV%rw{=;7qWCJI*D%tE3?~wE}a!}K~c;ThhDJRKX>v_QGyue`EEs%~fVC1=zH+Ufi z)A*WIzcepF>g!3S78U1t^H-H#NQft2FovW)`dPp4w)ZyD?$$A+gnk65qW*6v$3VM3 zywziguwlRNWa9LtmyHhe5Ux+-b^clObS9_+})J=fN# z9$G>x63}>46Gml5bCGfIXY9k-rqq#C`UuKbf?TuU7Iy#=2CyJap{Oq9Q*>Ik-&}#S3Q$4-0sbru0+l894css8B*r8?nKMi2Hw( z%vqdSwwF?mD9d|---y&%t`=fL1We`FLvpV{5|N}Ggw`{dmD{2U*0dTNdZwi`89Y|+ zCoeKXf6-|o-h5jPV9#;E-wO%qBiaha8OS@N^Qem&zO72->}z?OBi3Ez_~+a*Z$;AD318m(<9+0T(>nhy8q_|MXs!4c);vm|nc z5S5-bUPc5Qkf4Ru+~$||0<(-SZ_3WYB6b=m9My{$Cxk>Rce!zL2E`r?8%O6TK9geH z45_q5A-rXE+hOuUsJ3Be;g{jyhy9iW_70?crYw7ABOKm`?BwC(lA!dAL4Aei_NAFS zWu+1-!Rk}C{VDJAOFHHPg)S0hxHxNv?mg6_HN4IRN$~dF+yzj3NRd;@N;359S`uy$ zAs0Yik7_bRDjj9*TGN&!6Rz#rb0*Aqz)J&>j*|p>*VPsjCX~`kNVViP}I;&#So_&N=- z4Ap*>>_CuFTFzNeP&@ybz!MF|vS;A?O=^ti8mcM!^*_o*+^IGjf%Cd&-qC!+?fQUPjJKi7{YD zRu(7fuYM@l&=UL_Dg|>k5}OEM1wGO8z^ZinMqqS0G=3xvx|Vg<)K~Qa*)e?hi1EqZ zBC-6LIC0^;987WE*kx?*9#Z`Q__z~gp-Dp!@Oy_=s|WUzue(cZ_%i|b86&HpYftv) zE#+s3HA1{}oe&CL1WvVDl0V3AqGm6=b{A1p7r|r~$!Aqj@n->^9&4^Lr^J3XmB47l zz-ZxT#P??oxG%ZuyX$jdq+>Bya35@>w$Q8a;H&UCH2XyEpWBNZ8hbCw(sA zl}ISnh}RZv<;0&RR9o2rs9R-H}8UQvCQ0E1V91&X>M4{ z)8t3zoBd=5L)YiW9L5i4TBJab%^&li9@iAd?_%EN#uILhCYCJeL_^H?R6w8YrYV#8 zKdsGl*!*$%0Q?C|cm;Y)Ha3S(*W6mn4942dR5xr*tkDwVKH6oS!$$$v>M=bljKJc5Lw5O;2Em{eDr5wm)PD)6x3zP~$ zLIE_~Q2O+An=C9ij5fe?g?Y1#SjuZBGvT${Du^1V+{6_egkkb9=tKq51LP-0nKo93 zYs*b7B_Jt5ZaRGpX57k`#vx)+k>PHQl4)NJyup&_Q5F+Gx%(A?D(V7K23B@^I}|O= z+&X#EDduk9)qdfKa&wRmw(7149q2ANgk!;*i!^)E8?*cJ8mx1~js~)0{OJZZIFbmB>4m9!C1s zynL~|fw5@}x{oSCdrI;;gxID%Jy^1M^DyIZ<6zOeTIv_c+9UqDJ6Js-Cnu(%TEK8x zNoFvVANe9@BlIBdui$I*+$SEFM?G>anKTA-@DjOGxj@GT3_9mVia-){-G7Vip- zeZ<6%#^w~b55QpE4J?W0kM{$u5uo6=zt=De+#$9CsAL+wH{h9!lOz7h2xy-#v$Zvb z>3sINVs-ibL6Dn5Q2&;R_sY;Jj&;=`bVY+^EhX>-H&)CBx5>fPLMc5f{Jf33=NUqH zwO=1jPNk@}siBj!7zdbm-8vE3EMk9MSAlDFX9>xLI)o&FJK^02N*pu9SSZtNoZN@f zeB>+2xW)-mcREP!k(j(gz7syT_LIrQck>7LrD968s38lE7m{SZSaJv<%@(ZT7YytP ze1jUBK$i&SG|KgPjM-`Xn4`vPuCU0#9)3-b47-=V4}&%t4g8xi88+R(U6Xgep@)Wm zD+_h+8)#7nrw%$xESlY~VK0;glB&ry_{N_Qx59t(&n554?O{j7eOfspnk~;M8u~0*y}La(Lc?SXo&jpcyv-|$nx=2da3mI zMx=RqiM5J|q-*`@kKjvdH~Xy5;G$Oo=R}oVu7T86&=o4wj~$PQqu)QKll6#v5ZFg+ zm}XSqx6|-+)4cRZY(EX0)vd?u25kt_uPHF*gsx^C@XOY%F_N$E*-H@6I{8IGqVFZq zfPb07|0|40@gLKXoRK~g8!L;VgQ>+oXv2uaHF@#%T#8|)u496*TtlE<`Kxpd9`w(e{cY>cmWM*88s-Ai{w*8?E38N8ZlIDD(*`U$|Elq?9n~w?DYzi z`4#W|Z#rjqV2fmO_#xAU3Igwb8y5GZH8xs68K0i!2~%j=WGJ|0kQ>9!+Aempr7y{( z*)9?&Es9w!$Lv3<_1kGCHl5dFq-cvfJv==2ug?=d85hN+D26^RX3TT0$T{qiw^!`> z`k1xf;c%}rOmAy9ZNy+L6>>}>rxbX(3JkTOPkuO0iEuZxm~rsVZ^yFdjNS8W7<}l# zHZ+&+rTVbXR;HP6U2zAPfq$;vW-Al)mph4>WM<~&>^09R&{8hL+;OtJZL>x~ zWo=?GX6wuFJLV+CX&Q3t>mb{s|7`KV zZ^EI$!?vqoO&jusp5uWGLzluqlPJ`zOfbJUR?Mwd1RcwvnrNaLrS&5HK zQHVj*+r5;AeL+vysWxONQ(hkV1T@l`z<28YN_D0LoJJKx~b%KO_A+@H3x*Y0j_KXGKp#s4c!N!58uN zha>)!Sw7`Hx)6F!|32%;-!$s$zRNFMHL-+6q=388s|@; z9#>&WBIcBr35_c2Bo{R6q90?#4^_$YU1oA!Gx=V1CHLwQ1zTq1AI$P6O=)6XeG0D` zg|k=m30_Sl_wL_ciHF|D6d5L$$HU!Hp%G0DqoT#y-j+*5AMGQ%YFWkUrVy4HgnFoN z63~dmmnWLuVx{1j8zg!t9}b7v1+^32?Hj7%Rt1YLiiNk6hwU?|;-Bq%)@tn<_^lIR z91zrsDh(U82sZ``3K8-)ihT@JdO~r(5UbK z$sgeziC!WShaTa-4P@Py9Es`MjU|XB5k7!pBaRxeT_Gkh2x=#i9$veRPmez`@-~(4 z!d}#NeiLs6%;6dSA`$3wBb}bXf=mkZrLjGTDh74u@1b#?slI1A?b9kz9H?eFj|-KN z@qTT;%f<#58_>F#`}6pacGbJ7Sznw?P1f(gGCHC(=!Bu)goSq~gRPm#4Cz*Av!Smy zY!Ac2g@O8Lq2GUpw$`;RUu36)?X?QI3x~}xfO_<{k}bAId9#~+0i8*U^D}emhAz`? zG5QECbBFDY=&EFJ>Ke==eWG{DR5?`J#)Y8Wn$z!l`j7nmLvBtsZ%;l^At2<5V5TVI6op?qCoQYS%X(Se)f^>G8xQkw zmTC^4#C*Ne&;+FjhqR#|cL{Q;?TccSgN_y!1G_|se#Z4zZOiuBjq_$S)u z7Ry+eQRLGc*8QCLQq3QAkAk9Vh3hrgq{Wdfzwy|uj!~cCB=6^7?r-RS%R z?BD~!@V`2KOM(D%RAcCP=Z*%it!@)$>GUfjGY1jv{W zw1XvBB(@f!f0k_1A#~e#vU}iI0n(Oj=M0D{bR(7(8z_9|-a4-+I;I%8jAv7jVQwUf zeitx&{C*X7C|tVpY=dW4N=|tMF|B&?%sS%gx_Vpd+WKVpWB=@lN#|g4JZ}rr`s=d8 z)GAqM#z84uyd_O(6XiJdTg&w~&2)?em9suhD^tJYJr4@1{TM}{D*atqV$4>%?!HBl zj=VGd(TgF&l{C;)UAyC0(=T8bee2}T3wDUZ)&tqO+h5Q|NEQQ4VT1MRl<-OLXkd#) z`oAxUTq^l`d@K;Q6$Zxo$r7h$XkKur)hQZ})DKWByqN^DSg`B|$jwm^Q7!qKV@!%? z{O~YmY0LL$FA+rQ^&pNZ5`Wj7s7DG9{)8c^fN&G9akq$W( zZh5MIX~lqy5Ir{D&?Y(it~q;WgPoX;XnN^6g)9for)OWo06eo(o%HnD5Mlh(1tt@Y zHJV1f(0Tz#Y`fu$jI-igt}U&sZ*rJYbN+_1wp@svl0$o21hqm^-@e0yb-`4Jljir_ z3y{xF(ti7RT}&Qk!kRmt8_Q#Ru# zMwwr&N#{s<%A=4*>~;w$CKH1%kU@KlXUUEU4Or$mwV8FJNfR0|*6^i9i4(O{S$##}Co8eIv&OG!2xn_VcsLKb*@H0x-iC!ySaxFwDU0qJ;rs!o+;uS2Nf4 zHxJh6#p=CuE~-GxtGY`%sL*%RBo{V`w#KU_(h6w#Qk63nPCBNz6D2C9nx976CZXI5 zV$4|qfW$0~%}j2-xI}>>H=tq+tv$OVh)Czf47OVEI!zcshD74mNtW9 zrnxhS=mx&`w5=U14p%@$FMm+wge4v+jglkr`=^Aj-(Z_9Q_M4=G!$L`XZ zj~O-7xc$nAWp0^Ev(wb}qM19D2==R^5e;n4z&EPOCCGb<;t!Ojz46IbM;!Q zbMGYV>*{DOuN_?LN^~pm*$9L4OXfti71{fS2TL0RQo@oSWY$?|Zcw!WY<9s?x&)q`ZQ=KGmeWggIs-R_<|T-k^zHXEuA9J;Wd_ z_H-baTt z@P>oc-qPTnd9qVcTr#QFK^Ct7u%s3LnUx!k_$y8TMr>dHnbB3`Eeq_zn&FlHli?)B zlCuY4f_ZYpL?SBEQrD>6zS$na-g_WqXObhiODIMBr@Bj}oBfMr`;Ya(2dZ}K=DUi* zZpxb6ZFLff;(xt4Bo0H)EXOU2-TbJ?II%9$?x^3c!C; zcp{;q!Bn$1udq?r^wN?^?sWfGo!rvzpd*DHz1 zQ&V{d&(sUX6zCrcO@`gw#E-run_X2GsZSN&U^Hm;YcD&YbI5rsDp|^oo{1j1_l)er zN-a23ii>Klq)3zut1l4y^Y4;PjNB8iKHrVPFNFWK zQPBBIqd@rG0sO^o_P;9pKP&q`U&Cd_ta@o-F#(A=DhwdA@7e3cCb!f)^ee0LO9hXkD4GCt?|a+kr1ILT+Du^9t(s=YblgTl36N6N zWp&fidRW$EEoGDscsb5I#F2a@3o^?Q?6d{nTdRV2EMSu0NU{;~p5MJ{Z-G%g8Ze@N z)E|(PDiMJOcVvT!HPx&Qo&Gtw%&iZisoPKF4AnvKH{@b@F*R`YI}%>sO4I-QZiw#x z7^`nBaU)Y>N4sz14Qs1^1TI0QL#mG!wY^Fb0n{fk6hNpE`IpxZFJN*!JV9DSM`w5z zM`RBIkCCT`j~lRU@IF*52ZCQ2BaZ)U9`oLZ}+MvcKzpXT2W942XPbzUS!v{~UqzgA|rZjKn z7paw-T3a0MmrC!9$XSK@YZ$8l&3tv&jfj#%TAXj8-OR`6^p{hEmUSf-p~l;Ic$WFI zm_XK?uKs}t>8Wdyy?jT_^*_e--ylMNxr6`GT{_0}hyl`l?~0o?lr8w~GJrnnVe8!B ztHGkUsa$6g&!yH9i#t)inqhnVz!6(-Kr$7xABG&y`uZC7@bvch+1x|QA7z8K%Xgxd zW~_8*S!pz>euQ%Bq)Dv#uo-NpdAFNY7r)GgMD}9!>?PG3(%5JdQGF!hvJMbk z>?t2adK!sgs}%;pEv04o2af&t=@$C&J)2o%wdO@yp@;%{0_d%f{&2>D@ zr;I9Cv?+eT91|A9UDoO(Xqntij#6&T&%Y=iRiIlr=1Y$E9>qPb+KEi#IvBn3m$e`t zyRz#efGzn{j1dHVk@aT({>&qx3r>oJd8O;{#B+e?vc6Ru*r&HMWxK33MRMOp_g~zb zy~b}HKLVQs>&V!y9`**yAyI{cj9O0zV@aUeOd4YZ^JgEGPm+t87ErbF-NWJH6@Qnv z#mF_bquJNwf5Z6ub3RK9u>Bpsu78Q&UtgZS6Xt)*iH`RFPcKfy|NaPm6(K%H`+vF3 z8SxWx-;3k{(j-2^tf*dq0qqM)K8)A))fot{Nk&Qe<^`%hU}T|YR7S_46IZTlVWbFy?tZOe$OZboxx zDTY7}!@AdYkhW~4QD0f|sXinFP1xl__mKOp;lBDOx|0%LLfwPf+6(a_iv!oD_fY3; zLBIl2ppDqB$19vUDvo_ZDVk|W2dbl~HT1wzrVuMrM=2t7iD-MPS59#^ z80xI%I$1t^{2t1-)Iy?8Fhv!Vd-zTnkJ`0FhIV4Y;Ld1+=8;DuwT^O#pW?RNfMYOG z95I)N)OT77QfJLkAdr5gH?iusb$@126ZRNVbmTWjCVu<-vkG@fcJDod* zVe|w*MZFd9&IM{Lv2ULFQ!nwOgEMROh@rr40KH~8k_fT|P&^ZelMZ_A~;HSd%YTlBDcD>Tn$N?X;FCI-;_);>t`vA3}UezTnVtW=Hc= zX4Z|>NIQCR~XEBxr@dZ*P< z!Bz`U1?ls{q0m=|4McczsiI$CW6P~AcogD&c&F+l0TNX6Nl{W&zypNP`Lsnzh3ro; z^WIhl7{ad(ymW3WVmJo4UMKgd72_N!`AYR%izwWehQAx(B)Y6tV@UpEY;HKQF9G4w24L5_!x$IAZ3eNv6GH zcUzB=m24}G5+P=1Y$Ug(5F`eq3-PI{GLzJdEXE!j#_ZQ_8hKDOV|~P9sdex5WNPRL zua!J%*i_hK?i-I)z>{Pa0AU5 zQi+kSVnBFMjXy8c+0VQ$rk;Rs&5~7Qpr1Pt6$>vJ>*u?NoKe#+@ynTm)kpVs5d%WC zV`mt3V<|5gl&Z&3+765eY?0F4l25s&BL`|kG#OA_+KJ?$md6L_m&s<@D2;AJaZt@G z;ZBd-I_&t;dnm0V>jRD5-D(rJ|IW3^lx3@NqU1`Nw&#P|Ar!0+HgD=7JX z0Kf54Ocy}jW2y5$>RQ^$QaNo-P6$>a7EAq>S}sop8KgWie6HU+@yfhT(KBzjSy8S> zW^2GEmM&8Dhk@i@oU&x%6|8y==Kt3ZgFo<3|(0vLWHM~Kv4zmNpsfO+yaW8!=R|+`ZIru)S zavl~)(;<}E*)xkwrv!a-FvXovnhVDa&>V#Qjl09p`hhVU#IA4~EXrR$JCun9`L&-V zOzJ?xw|U*glGZBX#lOD}Y;9Z4m+inwfUB9-3LCBzRqrCq@uv)ATd(fz&zp)Qog$E z_tPY}?I7_$U`65yQY1i&gyCgC0rW{iVqwwOk%{9(>FLMw?fl5C7Na$pOFov_c5$_Rx#JXhsA_x0JcW6#F8RX<8LD5pAle1 zw!9FF`n5jOy(!}xoa4`v@LRl-0Xakl6u&`y6^WfQnPMAK=x5U=xy;T~=o%UrAw0Nw zW+ZvY0jO|Xp4EJ|QlAGFM72zI`Szbb%*bMou^l{y`tr~np9Y+mSn|J6PE^9(eAoz4 zL!;y*_Wlf^f6!wkiQn&L@8ilAz=}Ik_SyN!-O87L)O3rGQp=_n6)6)l}K|5ToJ@p(qA zV0a=nuP<|~CnNq|;NkEI#=ugk()IgZ=)V{*gZXZ+4>HQcnIsxA_)R};a?P&<=1QBnVXH^{Sq&j zH=9f66A+P6wl2BFXPzV5w$-~HDg(xyvlsUqe;@b^Ft>|U7s^V2Gue(VdPn2P`KOPq zgjMsjJt9d$xUUF}2dLFjjL4w$ckW)D%WytU7%}QDFOs@Bx^*fqX_5mcBY9p6(-ADt zC+4SEpZ1x{uPl_}HeBX20mk~Sv^yTgVep3bnbW}X-X}4rsM(5Ij*gm71)Fw~c+9AX z{paH?dZ;PH9FA5RWJr;4fW-(Idi(AGl3%BDldCNi=6invnp$sAKc$A`SAZj719nInO~^Rp>d1VJsJIC#KK#Vu}jXTn|uFt5N#MV4XY`a5hICMgJu+yHr~ z_L*YQ?Be_~GYaDoVnO-Ej$w>+>Dv>FVMW9mmc;m;7nyVe-oYX+!|bw;h>Au=I%gWS zdeU3Q==7RtN|O-J{^s@u(r9^wdAxQwsC+Yp-dVV(ef^;N=7)JO{>f9s@mz%|YQ9EK zz_*rWBrRRuV>$-|j8E38VC(Hdi7ryOTf0R;xUjR)O`tXQS*Kr!MpT=}z|1FS_-Vs9 zpSH?@844p}KKd960EY(I-)Cn<%^tg_d+IP^DZx8If1hFcgBj*An=z3K6DtAA0s9OP z!Sr#0Ay_n`Vv%q}3_>1eG&}vG`(3q;ge7dYqD+$sjwnQ?cFF?F5T;RnH&~Y&s5j*N zHT}~7x4DRfR+n6cID>ZJ&PENtoh_h|!MEJNOB z?=$p?1yHzs6jCebS)-z2ye<*O*#HXJ%ugsb)WiUJa$R1-#nzQf>*MtY#iZly7UR*6 zmk|xOhS5LBfjS6ox}H!NG-S9dbaP%9t4y+KOA^Kgxg290qXIw9yo71>KBu=YqY8F= zrW32fUuMJkCsC5$HcANk`Ow z%0Y3n;S4*%BFx~rY2vcOgApY@>(_9Vgg`7!xBJm=sAX&CLotXt0OQAab?&Ze>ZNoa zWYj1aeW-!iBRv-5kL+SydL7m%J zSlAru-GW&9zEW15~en|`M)%H;W z5|>R}`2s#t-WC%yW?C%%U`C)R(1EheAl-dROSkmRAjn>K|JmyfzB&ztDBbf>pZiGV zB_0A$F8@9%^0tu|LG(bzbsBwkfpf&!boBhL3Z7M=t5BCj*yrw4`voz%}8)8 zCqIp2Aki|9I0bw9J6`6?RBOgbzStF+kICq2g#Yn&5el!Bv_BE^@Q!}`Xs7Ggn6KuT zQMKKqcA3j>z?P9TAu3O5W5xCw+7rHY;v+#`g-o}Fe#TZ|l!MqJ-vPcdqgM^ADz#Tp z)wD`S;Kx$RtWzHP(p=S+-@)~qxchNW2crp2<1Vn5bw9L4ANBo_Nj*p2jMY1fuw33( zPn1LiGpw*4k}Jyojbqt2&)!K8q$C@t1m`938M`P=t2ax3_-9U>DswoRTrP~C4Pa;d zSO3q=F5BiIPK|*+$En;8+6tjODZV%eVFqpk8Fy{y2J*O7>6fA&rI`}E@rW$lb-v03 zVTk=zOR}YJTbH}*w+V_YZ*U_1_Q!}%qn@<*EW4Kyi%Ge1e4uH}0Z=-u@LA`fWT8QO zNY<@=nefnY!~QvD*pGc8vUP9pv>_wqz+Z0anSIngeJXmS<(YftisB_c501p5qP;CR{eIrxyB5m%mxO&d4vyGy<>X8wT-M+FfAv|9_pv1B$XzBl zUo}YM;mM2h>zcI$6{2X{+;&dPT|f$bgcG0H91U(vA9==V zH&;s2;9U`kB2Yu+`!A&)>%;AB#J3lH1f@daHZG68q=HtihS7nH`Ot<%{_#ogHg-! zl+~TpnC`RK3tH)z-aV9wBJAo&ujqoxyx@?)-aAnG#byF*fKi3w;_vI3nH<;e5s!3X ztM^;*Jg=Wy=zPzl2NBRARkIgNDa2Tn;8Ux_9ZTMb=)9L2Q=tZ^Y+-oBehIutEiV;K z|Cd0F9Rk~|h;ph!k`3HcCEq=?$&n#qaWtg)a+R!%9=3zSjeTarcuHHsCYSV}AP|P# z)Mf9&d(}=fqyq({FtA@;6KO!Jo2&gOQQjA{W5!=eha4wE`q<~sYp!5NvBbf>KK~AS@%TNo_y+VW}(2Z;TBl*Cq zl|TbJ1_u>ag+?{+nKaocXW)wTa;~sJWOn6==#4v_FGgaf=Ck@Q^4A?6??9k-oWzVQ}QHepwXP2jAZAo zE@L!;q~d(6rttI}{mdj(xz>uzp@h8totK0zMXLgaJ@*Zde!w%t;5!C+-+$# z;b82pKsS+KcG_M1nXW|f`saFyrNDz+d{W*Ob3&GqOS}m~2i9`?mB=|8!E@FQL)jY9 zWzEznM=h2@!PovIm(ec>t12(nB%~6EnFh4U@}nDKO7`hjc7zgXP#hggGTJBrfDm=2 z6CnQ>ZC+VMlCD)+7FiHo(E~w4S|I5kX+;OAoz3zhn=x^O|Cy z!(a+4IN+7!{s?h_E_-fRPxAnQcv-Mn+^Z8{b%CZ(fIqrZ9G_CiC7BSLALJ?HEYo5g zU#1UIEf>s=5SC~kxja5+6i|`e~QWN<4RUt!eMw`T0Ht>@Y9%6

ocCc{46RgfA+UOWAW`2N_f$}s>cE9rMsG=*GixTSX)TIsSXw! zAhntf-B)7hLFop3uB^++R)hE7C#Uk~uq1C_zHy0f>hyol6*B!_LkWLzsg8&pk=py4 z5;A@m-mjm*o*;Mt0EHw?F)GxQ@T4{Xc2~*7bc7qjmi$`gQX=-rAjv^|3LLury{G(b zt?x_9-U;tlCsW!#+Ej*fK*(TDIO&Js8zoc_ZlzuwiQX3*t|jYC>p{i3>YL}&AFLM^ zbjOsPWpx3(MdOq4ABJzN{W0T9Ql#im1avf&rI(2R8sdQlNluLTe(Y z#rPOCquC#@cpcW2h&eLQ_3UA3ibz_lfc`PHHz@=ugHKZQSPOvSq>eCO300PSrKaZo z30LJ2(Km(`EnCZNV|e?Ml9;cjq&9`bn~!fhqt*TZn~YH*riirtSGt`KI={#wUy63@ z;~Cu3?OQEu_u%e1X2Ne$#B0UNH3nIQ_bic!X;aE+!pMl_dr!}*BU3VVo0Qj=J^YuT z)Q@uYeyUrHefG6Oj|(y+8#eSEZq+596@D5Ro&bhL9#BpaG2Ko54V3zDpvX!6CXasq zN9XB(H#YZ8ApK8J>VM!!|H8lp$V_|_o2cnk3zZ+T6vrI%eut#Z4cUUyNHA?KU+8)g zU@Nt0R2OBg*8m=*bn5kq)Oygmow~$#hTPm+n*i(CI61t{!**0IledasEgo=lwXkL< z2^12C{U0!H219BGaF3uLXf!G+PHLQz#$s-KNd+trkEe@jeD*e<609q`mr5sQm7qm_ zBUP>zEu_0*t5V@k=VP2A{j?pK=fwSaskX_5HzpUCrUxux@Rf}PAyW}^wp}XGG!({RuxfmcsX5c0^)g5pJGj>u-OSTq_9z__9;nkZ z=ve>QW1=)a=zI8nV0!A@P8flM+9BmEM)tn(^*xE`fihwr~ad8L?_v>~PeP#xA12VQn++;f25yufn zQpU@}+Z)V}sp?F=p9JW!>_T*d)w^y~e$LH~xR7Vh6*G{Y{FoqouZ436H3;X_uWk$)ziD z=Ybc6*XZph(ME-bYU?X|nOGV6hV-w*sEdJzkR3m=V1g`dZH}~(jrC)U2R`>7~ zkO+)lN8A8F)(r8~*O5h*ZG(;H{=6t+nW81BF_mSd+N-i&_9*vuWOhX{mZD>}o}tYI zzJSiZTg@pTrS%4BtFipRnP@maCpr#qJ$Fj1bv=}ydnlHQ&PuGs$vA;vxerg+&_MXH zDbpe{5#0=hj(_`@=XXfSCBTBM&K(5M=p0y2bI+0aVAMy#0o&NdEoz_ys3RhXp({EC zt|b$wBc34)MCKli73mZuzlT^*Qc-#h6d*Y94d#Pq$aX&=4(4HCkcPfg+DG9>aWt37 z4d?xF7qH7R=qPgKNzEk>p2*FwrH-=&2(z_}GKs2{BHjH=<-T8tKZYZ|mVqO#$(I67 zRP04ls4ithD=%4XvpsqGJDrc}A5|Iq-_&XUdhdn)uS>~4v&rA?{r|`?Lf`Yb|3&d9 z$n;3{^1yoftQi zQEAO>(M{dbyuIIaR_3_tl$`5j_L%b=1d? zkvERaH!tnZhfDdXpRAgldww8-!0p7LviK(9B#jF}Z+#nU6|a}#?q>uw@d?L`ukzp1 zzVgcS382nJN`Y}Pmx<#&tpXm#`9or$Vu^x!G4po3vW^o%fCav(VZ9uE4}c{i^_?8p zXV@ZyTt4w11gbej^RE3_dD9VaH9 z;)pN_<^d;yNsaUJcs>d>LJ{_!!kRg{8xkQN*dZ9}0BO3UCFEu`GlvE0ubnPAX$s(& zm5*%ESIfb&QzkU}m@x8>1Q8>WwI~uR?NP=OwE4Ye0$R-!n-;amtDu_+Z1^ed&*SsX0X&I7IUEzki;SZKUF=-Zu&LR$bKJ*{n2_t2 zNVNSE#0CHWg*F^Tz)h?sM(=K=+X#N5$(F3~`X>r7HSDjUyiRH?uTdU{A~|jxhWF)A z7^uG<-!s@ zj+TnaCSHKwxEW#4d1yy!LpogvIp6fV>HQ3OfJPeXp0A*An)4CWJziiK5`$v{p|tW< zNO$4*4;2@MKUAI{kk=W$BQ2}9cp>5mSj34vr*|-A6Ne_ODHahys=es;y$4*Dm-MmD zGjO8(XZ*y}Lr4ZQqq)csa8S~fc&537c?{_a!Bt9kp@kUeWLDzB}+v%U!Vc z;X_6-pmX$+>qh&WBrB|?hj;YBC7JfXloAvhwNOu+sy)#n?9Rui40GfoHW@FNEmZ8i zUFm4T3Jf;2gJ=k!cK<8P=j^bnJqY8jX_8SiiOSP6Ik?sQNz|a1xG=muGGEQ#(hbKDj!jO{XF|0vwZx z%R8TCr8GX z8+1^XM7kbSn~qh4B;nHZ!{y%RwGT^WJAR+g$_(I0sJtfw&Z8KD99p*U-oe52 zjm(mXLv{~$U=1&f=SW9a(aA;a&;+FZnr<0&Hmgadp|LT;P^2xMnyQ=;uUg<)#%ZV* zWVHhRyX!LAXqf3(AWbQq1|V5jI>^@IVNO*}XVlRHNqp+hDn*OZHeJd0p~hy}Z+;?O z92KdfT{pf=!EkJ+Pzhg{ZvvTcKxLvbDUq&|Ny}&au6?d=P{3A2Pcs|!>Nt-mz>uGm zWiHfg0!h1AxGbm|5>OKK(9V6REGZ((0}jd0SA#71t(2D34H9ETQ;9Pizy_%Os{DMuchQI#F2bwfP zIyTcJdrWMX^TqbMWOTBYQT^qOex0;bGl-Yrnw)QSy<%*^NQgRZ8JqKukUADKGjcBX zu-;sv+qd@v3~0zjr z!d<200i!W}ovhXRM@5Ds8^HFr(dJ>HiR^9oCv3@0NhcH;bz4Xl?X&O@^K%;M^|X{T zCZJ9t3BVnPbGvhKo{Q@>m*?mDuDf4UJ9P!~Nn~Xyai**N4)fN{uDQa{MeHhRaNN?It{m+D1qtg0P|g#a}%I$V7wk-eQ(Yro9MDSd~s9WTQpCDzr=`lNKUeqaxX z0aw_`C!!SjG-ge5DC33mT1BL6Ku9tPy1|92j?Yd#K{}seF$y7+G2r~O*j~lFf3L8z z9PxTDBz(CRkUwnsS>AZq5fbE_7h7Ny4O`rgp{6s*=9m05BKOIHdh)yNwIaG$30Lbc zi27gteLz&!Ev6I}+~ckslq&WE*5Uo;srYzhc!JvC9>oXYO4p#IP0SN9S<)~Que)kC z)4qFFdnaXT$_~e`HH_1C#Mot1PKI!^JapFyS5cnxI<8ZuwNKd)6?2!qq5*M`6 zu)Ja6tBBMOzH&?;QAF(DfY+Jj?Ig)7TWLODQh!!9x2!$ME67ReUcld8xV>|4a~@xp z_L|OI^(Np8Ke$Uc9UDkf8qSRYpv`M<=mE*`u9rMjl|y$J3&&qoH>BVDCqKmdKR;U)d+B2=|M4?`G+5Kpwmlz5N10 zTm*{sO{!+JxG#lK)@&t^Oul{i|{ez>j1&>0RGoDM9m zwnIV9Xj(Ne23}w~%xY}9enCsq5qgGPo5G-WdxQ)KNsRX+4xti|4i?=Z`_|e5OP%So zt`+xtoEZH>2bSyjY&)he$hL71_8DFnO=I+zv3A?CVX3`sdC(BQRABMZuwHJ5Nw~G( z_7G5ZS+?2i!#|Ux1j61!^!Lv_GF2V~<}uB^(7G6^7rMRQvA%6zzte(~yoRBu&hcGE z-gy|%OK}D(3Ak(V^i=1NR{%3#%)nllq?fe=IS1OfC^>Q|T)RejI0M;{^d5(h`DTsu zKS9)%9lSHgx=9(g9nfPPFq$)9*NvFy!#P8MGRjX7oQ7Nbd99JCb~M9S;#0lJ$c@6> zYeP50grC;>MG-msM<28@Bg{GMPB-H9Ln(;S`i{hJ?=;Sn3sz`qobbo$y@Yu+A=RvC zD>wQZis)%u6z}K($820;8T}glZ{0+gHUwOL6(!ynczcetDROSt7?^*ma3cC_eXwlH zJTVG;2)GwipMKF6!@%umY<_4W3g`)T4=SJapW|lg4&~dqO>bA+cLutrgLDzqPdUG( z)BYhx@98>*XIqQ9&E@zlSo|B3Z|$u1?h4mBzT<>@I+*d(E4AdW;ucr z)i1~mSn7rtvpVL6zTdhg2V>@E zgGX42T4l18HJJ}_#jx1EW=nMV{hq)}s&>vnKWl+kX6$4ImN{e8uw){3{|)%31Hv3E z>=Z{R7`W~WmlyBSh3)=8#1SzlT9GHaP+JBM;S*_rs3QjW@d zAtb=IYd-wsj^=!yf1Pt1MB$a_KW(lX3ZEV2Sm7KupZmTITS4lj=jrZGWH2H{W{K-keOesKV7Pif&3;QVe zOv=K1IDfoffwRpvBh1v;;hZKTpT)U15evb(FoiAuXF4Fk!h&y+ZDn~5ls1JxP%hIJl1h?D!?~>>;A)=J z<(hcVq_8T3i5^ylf5i46VkaH~A2Sa2AB815v=TE0_?nv`+KA>x3}alAIo_dGyrY3H z=xH2$4kG-)D%!*G*c4y|`s#OgOR)fc_7z_>L#wmiq{yjP>0D58CsD1luB#(fPV>^d z9KF?eljhxfmEZ{f4AY2IZ@u7Rzr?46OB1LB6eZPYJJt7=hWs4S4tEhGWx~sM9+1Kf z-${w5rpchC)BOgk{HDRErj$A|U1!SaE!T#Y0#M5S)%71oPovANHje% zUV@VH-z4CmD3X=nI2)a(_LH0irjapHKecR_pE(_AVUH$}O44AL)WOcvGsniRO=Dw0 zNa$C13e2p<+8lym*9O6lUtLo8uGAw-JpuBT_GH+@85}Mt|M!Rc% zZczX=b1cP6uJdmjnXAsk!cJ}+I&r(J@oj*7Z|eW-@aH+@{L~%Vbk@;)`b}a~b&`icLUTTlls>A---dy+Q*!2npez;ukePHA1|@0+>HUfW~!8|k&a(ne^+2}g)2i^$bDCW9~> z-$}c(bGRa8e+Rf%WgpsgvbmQ>kT?dAu}Q1e>?p!Wm|?R+DfoDv7N$=&QLm8RAZ>nD zTR<)+r9c~VaNo6VP{*_S_X_>f$QYhsn5mDp=NVOKad-|7dY}HD+yTU~I^#e*$=t?V)-RnVNJk%|tS-)NW z?Z3q37@?Z1M86sAJ9Ph*w8-)Qx~Y_~vA6y=AtXylM-G_*nP&qYd=OEUAAwInZAB;6 zfPt4L9-&{H@h{Lp2bWe#d~V&zIKsO?znTmv65cz|cWRgTl4_IeypqfwS51NzB%DM2K4o2qWRyYU|VLX<;rbhBg=Yf zS=1Mt$Nkv0ZmEnn?pYKNP3Wf7Oo#>mlh>X<`3HWH!dmrJCR{RA<;o0CnqKwu7W(X(|vj~zRD=<8|L!i&;K zDW1yn`g@3iYqoIs?&u?PSgWom#m&#`=%0rsX>{B$#)waChthryNLf&3wHAlEBS}tZ zDj6V?DK@YPw_-J6k2B2EZTy12yDlkG7}tVzO6p7}r&6@LCn!Udi}y_xT=T?QN0xY{ zlsz`^IFp33fgX@k0WX`t=_~Ob zNSXpYuunMziU*3ek2!?umA+=a1X-li`~n%Hjbkz45Os_DP3lCIX6JVWWB zBP(}95Cu$dFbhq=b4l^SQ)qYrns8(i{c0S3WCD2tU=0Y@DJ$04qR!UuA*?H&JN?CF zCe{1jRzkP%QbQgLA_6>IN$O)HC})z<?vog|*^J*TJwqo{up4ztdypGTKsm906;r;OUh_qk)$tInrmn_m$Su%_e#Qpbe$xKTjGA9 z=#zsV+$9p(AR8c~h1SDULEnGMQA@2$@_kC|Y61F_Ryl5w-H4`6yO`kgI2aGE-Dcm!fA(0XQ!sV-0xx zeHS;PY-EWKXSJ{ki&9Ly@eQ*Mx^o6;j0&>wxA=&vB*N6pqe8OL$_rBtnY3BKlnJEI zGK+caH2@lAP>SM^qAz^r5ja3kMJMmK9!!H_MXbZ zv4ji%X51XkYV=E2_p6tgcm%=gh&D+GZ7cctsmQ>Oem85SvStX>`r zQlDM=@!|GfYR;sPe2foB&!;$&i93eF4-Q6=y9jy`r0x?zORR1*m8mUEsL zQR+CVjc`)iHH0a%p3mjAs!T)3%O@r*X$-_=cDht-%7OV#Ai$)ons;mVTz3i`%VQCZ zXyPupy=!JUv_w(alO&|5tttY zXNG}3xhfH-&NlwT7pz?-)o*P*OCqRk=u%L~W9eti=&qkU3%AF*$`AI|Sbqn5w7*O~ z^i45`j^m#d92IQ~=VQ-sOx#aTM|M-Ax^8^njDui@St@8iu_{w<&GXPQa+V5@*KAgm zXQ)`_=o}cVu#6zk9;`M?$j9b+BD3*=Zo13h)K+PyxIp!v<#nE( zYJo+f=_|5X51T?@4l}n}Qyt~xKx22*IzN1r1qy!Nnjoa(r7t`<#DL zkVVP7<#7eLmF`_sj8a)H2%Zlu(Qq5=Nen0}Oe)ONo)iIS5G!oM8slLSI4i~m1;Dg( zf5pD_^b&*{p@xYmp`?^++U`{AFG5T%l1`9!&$)?y9EIx7@GGR(_?M}u!RC)2UCY2s zt+@fwK@Vn3jga4^tC!~ImBzJ7G3rT@tZHgTs%EUJk{W6m(af027*9GioK76S9KU#} z%(CYd)ifUGd1NRlUk|(Z~v?tISamg%u308M%ohIcw7c^tLoA z`Z|sF+MdY<$^1!}&;fU`)-|<1_6}__Zl+i}tK78=@@cP#?ZDii`08(nWaPgqVQs$O zyYY&q(q-Jh*!^;rpGy>X@f96)-jZpgN#kcoVfc!OKTehutibC&VZSW*wyvchUN<2I z->LELdB;^|UtF=e6ti(gDWvv{yWrvmi+|Zdei85kfp*p0tJ;x2c4_9;edkBxEg3WG5 zm|(Lz$NF6ZsZ!uXU~Q2&zNCKdUm6*A1Fxv4IN zj*vA*sm{whE7HW{ATpCPhV2-n%#;|1LyartL^pv*W29pH^Y;i)7FXAgk`+}_;c%|V zA6jNql{HB$I>8p1vE2(VG6jr=9fL1;1>Jeu`bDP9QFCl0GZ_O%t#9#@)@Ub!_QF~G zn%GJpJ!vkt>rS|NP7QYg&?GD{r8-j|)DYba7Tc;>k110yyeeS9Oimb#je#c;s4FH9 zU}9W$Y5`Uhb8j^Kq!&X;VSzLliD1IUjBX}oNR?toondFqZ31&_#;`dudd1>hF3zyB zo_Q(6Xs3&c>x%{>imG9F zf@ud}bGtF47pmR6;fWwhnG4YmiRC{$%?3vA_O6{RJn4D(OU!acpL z0Rlyb2-4-6>Rrw*Dm*C+bEm4RH070N9m)=u3N8x|59>{UR-ch@k;`cX7}^r8qp(I> z6_<^0DOH;Nkax}rG9~Vi?YwhLN8O)Xu=EYtQ%ow4;Z1kE!~1n_XahgYbw}Q@|4yf2 zy~3&Dor<7p*coUkDbuAJ-k95Xo_X9x13)be{BuoQh!N*po91#>(eq;_U$JI+1$2ob zrVTvY(IV=N0i5noi$7|!A15{wK#wmy-@4}+^ufM1EZ11C9e4T~)ya8;?7y}s2l!+a zc%5Jr6FWMbRs_WN$vj5$5jku#&}lrk79OkFcy=hTprwMDYAitGI$J`Xc4{$v{5<*jkInd*(nGl6t=Opgx`1TM3H)|20`m!uEo z?}x*YzRi|)xo+e$LUw`fPKHW&hqlImFPJKM&?P!$((0ymR#(nuJR4xx!Eh#~JL+kX z?_+7*GuBP970Q|E(h^a;JzQ2+u`#NRmsO1$^zpWF?WqI`U=c~E{LSz3p6Jf3qMXF(G+{eKVc^>p_PecB=C6gGwlCCi^ccgc;gbJwDgR`**}*ar%fdkag_C zMEB9Kv;??ne)J(F@H3nRrOM_5a9%#Rz{s_y3pBl#o13aNNZ)hXHu09o>ooUJa|R}j z44!Cn7;n4tW|W`vpk05>=I$1uiu1EHpu(1g5%3isoIehmZsWFf8fY4I6Y^5JkWL#n z*eT}Mzn~Z=T(>z2(a2e1Px`zm z{n+4_CSR_n+M^3O?Utt-UpwRQ22aP0{?kT+@u{a&yu!Izh*VvX6zCW)I^w>zk8VlZ za;$UBUYMJP9wNlC;FXdFMkQ2(o6BMl-fZnjm-4UjUYz7V>|=n2jt>xvx4w0)1(sms zO(v=jSLvo&&Zmx#wk=$vkcY~I*r3MdvDPZv5(|ETtum(a26h038@rk!pA4IRLHR*@ zdNC?|rYT+29lj_NW(o-DT%PA65A~!kJnOA-7_|^kZ>_c^z9I}hJc^fI+|8$2XVtlT z%8XYR`<~~IzK574fKE8$9d$3ckDkfk(#?l*}wuO!agEycd8td(V$a?KW0hxRXg~kw6^9tG-2@Kj4QdzTTHxPsav=qP}5ygL( zMS%g#QhLcfbIU#Bm2K`LSI>_(<5g)cLz#XF$Qy~sOqlxIBY{v*cSIM$`f2zKBk zzXFTbof=;Yg0A=LCw6yW{4GeT_OD00?)g4)J9OP14JOI}5;;Rlb~i|~1A&YXg_Umj zyUgfW+RQIxR9xVIF@kb@3oU~)1X{%P0G8EO>1*som0)%kVRmOoM4Y9>kd4%=nFnlP zEv$xy7X(dj^}Z@2#<$ARzVyjUo>Ijwg%d;Ay{ibfehzg1ItFkScDM%RDdrCSg-@kGC?1#9}t=S07r3;1~7dOr;&(O<)E-0>D^1%pTc%?LHxGfFRf>x6IX;usk zSdI;?wjTLYy5&E%e%!-@ZLl?W5Spu=Fg!n{EGFWlU1jXi-Ntw#h?t0crX>Nb*28GI zz82QKHD#eIJE5;(jsDziHG8^a1{&3j{E3#C04Gk!J>=mNMi>bM$=VEdt9_ zvtnKvnBU8t)yvXN_cH#XBuZ7soi*X;Y%0qE?AP5^?Isw<#^B)>6zv5)9lf@ZP`)GK z{Hh)VvQwX5KlE7`z4C+wR$LGewWwur#eT72O6=I~THf@gE;&C*Bi!hiSvOLFozFBi zs{(I8W~5XSF&kD$E6%o*=&}RYK<^!z7($@jxoe!f%z0$LA@3uEidT(KOeXAYG(@d@ zEI=1CYftwq<2K{CMaNmb&JqTa@gSX$2y2uG8N(5SRfzv7870qRQYk+-rkz`$x}fL- z>AGJMn)F%yMIMa4b&c1nGf37sw})f|OJ2F-#AV||1K8nI-t}PI`8nmG#4v6?Jf%=H z#!{beY1&!T^-{Yr?Fc_mEmrArVKHfVL(Sy**Bz(Jdw%XAs}1(*O!7q9ufKqZQEe7tg$Lw zAG`INIp%FW-qAwm=nM%v6KnQ}?S>>|x0#0?1qO#JO1;CU1)j=#)o=)ICmo4)!Wb3D zi5i@Xy)C~|R@nbO{wbaPgD%IGXpVamRdjvs=3F?>@avMl`(O zAz)hv<+wNYh|h;@sQi(Qv^8vQ+s(CcHr43 z0js6+j5dG`t_FVJN0%)Gf#|mAgWCc7bX!kW4G(dRoMUuND6~GMO}rQ%>IY%o9&%g^ ze|LsE=@#fdoDUn|De)L%z=TU?a!$nibf+(8-$B;0i(5H2kd)m&rv3899*Va^VH7@A zGDAf_wawh0RGGLIx`w~hp~Xv)lZW@s=d^EI?^#5je5qfzi1g@X+JvGz;~>ak=wS)H z8qvAc@W+pGsH3gx`}<~-g7r<4;4N9++=_z9#4jy2McA<0p@5;&5KqPT_=Obq)}-)> zdYg>&xDl9`Wc3WSheGhvDE4(_jeK~ldshAwRhUxYr66 zmo{FnDtBW2u@ck3=oU8;)!(Suo#5)7Hm23&+_uXkD! z(t53d?GL@3&XI}U+CHp%hHy>Axwn?weUrxYz@NfFA8CXg5+GecO4qCtA8NNx5|bVw zh<7^5am1Fw!!15le>1v;=faYa*Y^@xY$0bCqXxN&YNo>qv%|B}xHi%-*>F%|{P~_~ zS9mH0B8p3!^jjEic|V^?wyS-)CEQ_Fx{_p_^)4VWbWZ5-Y_EC-Z)u^_z`dOOMYuoX zAZiG)$)P9bV`oVAD1}~Ai%&f-aHU~FqMxsZ677fC>KOSl^%hAIE_)~p$`T6;HnyqC z&f+PoI1!7fm%EsTr9T~Lb#>QPyqidG%2I3DBudIgOkmSu5hjYhsJea#6(Z#K4`P5i z*1(De!RF!y*UDoBt1$YjERj#*hQXDuXK+-i3=;Nem*@;)z}e}ev>@*t_?*(`m~_9~ z`f`iMDsN-Ei{k=70u|^y_s70pCA4X?Zc!3iY#yjEt*4OUIV zx~n4;wQ^=LbxX3B2j|!5uJ(gh&KQ4y%3Ybua!vMeU>otuYp?OY%S@C!;=F6Oz&?N_3q&;L4AM632hMFJZ@H zq2?ciQKJ&36>J~kw|8Txvk*g3(pEeH{CT_?Mc^b#a$ydn%Mglbiv*Swg@EAEr(DcrUBnng* z1ttuAbp|D!FhwQ7WaCcQqYw?^#|>Bc)}+!}qFnExryi)dmt0E)^h8;d;&!gVuEFFC zv13qgGqv}9om(vS+?6u`QB`LAfg+{jquf)Y){f zn8EJOWH0u|69Z`3Y54`%#_IKhkqUTzh%CsO+mDvJ*7U!zwzf98a*K%L#24u-wro@g z|9&|D5+6OYcMz^!Pln=_jd|f9-_C7&e%yIx ze6>1whCP8bx3yW!Eh)XoL$f0>OQ!BfT^Sva)1TE?~uxlBdTOb zn$BdwM!IyAIgb3Z$g+ch$p{|CpaAa|mBh>H5zYDv;J#YyifLJ5bV}^;@~lH2cer&p z-5W2C7_WPer5?^Vr1?Yk-r1pxXjN%MEW6MUH(V(gM=Y){@hVQZr|A*xddzX_FQxCa zFVc7`eTL{HqSP;LyS#~AK8>Kp5##K)>D;lu(YZdAI~soXy4jg%y48t2a2(m+)!06+ zU(j0j_V(t9qfeFfW(nO1H&+$Aq1?Ge?Mx%DH<>rRnH{UIrmFuNMP0>4>6@VDWBY5lotin2Ri#`7W)?xQaXH)u=@`a8inyMH1;y*k zw1rqIMQ443et>Vs?2n(Gh}mfWB)iXTz}7q1C;U*86I%v9Fq6!{i1Foy)0F$9)8^&J z!xi2iVETwGa$rbF$dO|qJ|Qoq4Fwb-ma@@~QPL&t;Ll9k(@Sh2dKQIb1XJ|e#M4S! za#xiiRpln4P(o6HWCmY>V2ZIy%G1Wuh2}h-4S7lzu^l-bTh3M!N|=fb=&I9bt1Cv~ zwW6PW>N`L5>ZB`d*VdhrULKRNO^rg0#03Qh>1CO;-D;qOhG)8Vb+KQ_iHSwV%_K5M zA}YKV~P<+Bj%D)npZ_?PI+f zgVIMf`n8$N5FG&daJyTsP^aQXV$JP=n=EyVnzTuOo>$978+B0YpPG z%2b_HuTe89k#w>nS3cU5foum5snxs@XIvHAbHTZzBZVW=qcFnY9&VtUc=gBC(uGMu_sg5y2ntNHWTL4YXSRJAE1$)noq8`jlt#2>pUqYc z+maIso_vnZ+~m)`Ae)^Z;F1?Nob@wQz2G)tei$|`UYA9s$rdSph-X~!(%iXY(IR>j zJH2UfWUjlEL0~}IKdjps7xp9R*S78oe}LWy8IH? zDs|=@>=#93a(QdTjff60r+a}`QJ@hxhh6%5Hkspu zU--a(!rt6fdynx77Nq5p49f(bjNVpbXcBC;$Cb$t(GIz zhl9p!Q<}u-azIDY>@Z}l@QbfT*OvPf4XMh z&8Q0c>y{E{yEEMl-etT@U>`T3U`PgVsDnL*ZnJUc^8ujO9HOcfD#lw-Bzr5SSY7#J ziUlOFuO)>lj=3%k>r9tv=o-BMBN`SpV!!OM4I4w#j|EEI5Qie>Xy#b(@MIk~KvMi@ZuOc*(M zOMWvuA9zO^1L=j0VEozJ=%c|w*RQ*IJHOP4sd|AbsGY`am;T{3SzS|*R=*%a(mXEu zZhp%>6i^f=fK%nk<~6`tn!R|lj<>%HYH)~Ao(^*{W@G(E;Orr z8h!N4jEecdiyg>LTzL?lxM4R-%c!fO6QUq@F0qvw4P;Z=rdfB9q)CF%y^EKBQ&~%}jnV{#?4j#Q zubpX(66*c_4|AHRZ5-w;4%1objoc`l$RRp~LNaNaisXrI9g6?@Y*e96Lt0x6Z7tK3 z{gtx>e3f21-#-VZ_XS)!&$n5C^1n0-@cy43P37-I_5TbyIvSYSnAkdhmq9!ITi~%! z^-T?H2;~!;7`5M@VHq8pjitYVBvxK%b`WtHN*}*jklojz+a+EEGZ4F@Rg>d)M(b6< zME;f9tlGL*CaZ+hI_m5z_7mGv<|onz-K&r+(o=?p1SFC66LR!#GqX#tr_HO)7N@V9 z9X-1r?7>#N^SPV8LxE^;z&1w}Fske}CJ8%f2X~B@kj$_}wG>Cq{2hGN(}AMQ7}sg$ z!4&q)W@LS;o8eWX_V2rrZY}DNV-eBgsERGtZrOb|w@ZOGButEFnYHKs^-vj;8c;0D zXdCk!$&JuK#k%OXxhQS0^=Zpdzk!sbObU^Bd9YBf4{jN`j+SRf5qk0L1r%GZm09(i z*TDpt4P(MOj*-nJMrDkkfyLfgni74(Whrr@0nk4gTBmLFyTUw?1#nncq1^UPv;{Dq z#WnannYt{GvKx};WwMj^?SO#wWbH@22D0| zZz#d>m>kf>&=Zcw3%Wlk^XFQO8AWc$w~T9`fbKDl*${<8r56wq(Tp{_*_jxzGQtrn z+ECMf5u$ZKW<0ZBn*A6)V)m|%SJao|__3;3+sl*a^8+69IWSCamw>Z1A?n^A3E1cp z2gMFzE3Q6dtiU1_ajlWIg#FcC`QW9R-;BdQe;^6PVywSh`Nhr;i@fm^mrwRDL{_J!l9c;Z%sh;E3^bn3BNH;OqA+ z$P8EZ6ZEV+(;>axc6}IFCZhR<2LRn37uc_3fpXoE30eKt08t8jGX1%}w(a6K6)3lt zS>kd6X?E}2_=d6pcY-VJ31%TsvP{1K3S4+SqUHT_5wH=sD(KIxEO=h=a!OmJ$iII= zFj3Ua`8&m^LFWC>=r>Iq-xO+~~-s?2oeYw4jtkh6l4XN700@r1}`K7yw8{|ft zK=7fGw8K1CxXp>~O|C$Tl53N@tXOMT=2LG$oq`|NrmQ#=o@Qb(Ri;QVjXN<=aqn+Z zH1BFLyH^eEZQmkz{bTDHa8C_j$ooaZ^n^4?nRROv} zM$LI$gDxZb)D-9)K9-L+Yp6bqo)(EUrL z*~VVR4{*`2+{*seinWZ~DfFVv_P-n!)eJiIwavJtz(6cY2X)5*oW@!&U3?-Yt&=~5-?UK>!%eA_8 z^6~BJIb&~a_8U$YwIqE6dUc@d;N)Nbd0%I(scq{Dq#x6Ejv?xeL zrZ2tyHfoYPrBdc}U2uH4Q_+Gjo$g%0r|{goL;}jgmmtWO-$;Dj+!8~*8_p2wTh&e+ zT%_H0&38{sPPkhu58KRIQEIqI`^IJleZa8_up}4cAz9a3=cIRyPTSe1YtMYzjB&t4Rc%Eo% z1OxcFNr)+F+;YM%>`$1QuV+gJ4I59K?S>be`-WRN`quay8(Tg;I4A1#%6!ey+(<(& zZNH#4u5}F*-NAKEHBp?7bWQ5;Za^2FSEi$asm!5*+XJq4>dyY@4ax1oTED8YWZdZI z4ExQSUvH5f7r}5@WFNZtXoMPI9gaK5?O6+^=oMVg+mj~ZlVwuo^mEMZmj(BPXm_uZ zwI1>c{4WcC@vgb~nJMU%6qYRiV=1?Y+~WLbj`k>5^Dx4C7}28V9~}iV-B&C*5m$X} zR%jd_AVSBu$GDvfdP<&qo^Cra>;;o`)0ND}g+gAH7Q0&?@c*2eD8 zX;BypYVOgHJgv!3xg5I)C`|TP3nZb2%V=(szt%kKI3?p_f5>2(+z#<^0Ep~G%6^TwB$y>!qS zMhbL=K$QKWm^>O6W{Y4$=!5x{ycBb0@-;R_g%c`ed{d#}uu!-G21uA-m?=1uMWj*n zQldNnlhz_IOTnEuaAt!D{|d}TgSPG)7YAZf)}j~;Bj5}#(YeaBC{j4KMj)=4a{ZLx zjpaU2$<26w-a(l)!5hc)n(N|%Mzua9a|6thq#Bt%iYVstBMb|^Y~|_F9exesPL$=? zNsUTd%}EX;S%EfwHTP1VKy$lM2b*Au2~`oSUQEJcgylGf_04*#$>Ykjx?d3&_(fT{ z*U+jTE!N2;(;@q<_VNPCeFXBzT4fwi^BI)}XRu_|9iSG)=46u!*h===eM;;-pK7g; z8$p2g%?wcSnq9d9R+5*-bl{EoEE zfr-h+b64N-Gl608NJM4~$l^lFSbwN6lO})(3BKaaxl$URyBGZaXb{$2I4wCYHCqzn zk%TAd;iq-{aP)B_MNY)v-}kV;f{S9g5A$8z!Z|KoR}VW$AJGyLbqv-lub_z^;)%I^NnJvEsiQXqy3kab=x=Iu<@7d!Q+@R?e1L)L1v)N<4=Wu4U}|zpYjoRuTH1`=z0( zN4X0x=3P@nspMwAQ^K?dno@_ztw^P2qK4d9+_U<5Q3?9{L-Yy4uz74yM|!BWy@D*f z0x&MK_AarWf7-bpU>OSpFT+H933!yO7uEV=`1Bv$aKf-g$nLW1#z0G%&>|>3tjgox z!b*7uSgq)7{Yn0Gs;}pN`M$njf56cAg_x_^>k6RdeD#0w23gn-VY$^UzrcrQ!K*bI z4>?Zh#!pGcf|a(MeNzsR*g6U{y<$mfcSvdt03VOgwVekzn#3!bpsQ2Vl1CeZx{^l# zIvi}G0#Fqq9OQvAnCUCkqHndihO(n{d#FWB|L zBNwrtc#lLGOVWAlJYAM!V?ZF^@;*b+9JN6V(7dD%6~_MVTW^fE1GUbpAfzA(Rl zhn(18{D|548CN`?)}5wavbH#$_CG)VS%SJ@9nd~c1G=m7aByJjR11;!Oe$@{QXl`K zkEvZO|73HQP(D{zWP@qd(A-ToQu(cBwVRYxiNwyt}4!?X`1ch$L1bTazQeYcw z)!Bl14w8xYx0oQ7JVPh}G|`{sCff7-Y*qI(?vCIk6k%m;+iT%6*o|}(PHnb}3_~@4 zOa%tY2hOL1tk7S%5hsN~QRA;0=e?GkO^vaVN5HAw1^yH$4Dy(sXW~lWO;F-y66{i~ z^yIN4GlzlSb@VF2Gk>=YD>(}-!PStpRUF{#81M1&#i)~r)%q&bEm0}lB6bXUUK35k zwOUQU=^->_ijbzcn7c%sf=gzksXX5{u?99$2SWY9f?-^o zPax9C$4tN|g2$p-26h16u}($;h3M>5Z;nZ^GbYwy6N3AkkGR@zx< zqtdo*+qP|^QuS5Zwr#u8HY#m>XzsG#XgV5bG*um>|&q7#iCgj8&crEN-Ux6Bl zWAEo?@8tZ*QxZ?9?7)54fznNbjygBu+lAH}5ny(MV<76g-QxE`b8cIPhfPU#-`baAR9 zSrXp-t%8L%1jibq38r*N_&J`@`ve%LZv^s%CsSYq(eBggAbt1|lx=P(eHa&Q@ksDE zBCNN04_ZTrmC@DzJkv6j$fij6Qm$72AHwSYf7OrW->aXU2Cf*IKY1rDOoSX*k#tjT zF&RUl4qVe;L$(>wS|TwKq3a@fc9G@wv%@oc&V!8MpF4zCsD!>$RZWZY(;t*E9_}Kb z;5I*wOf4R!vX1y4%`VQiKHsh}1HLOFkc1FGbWy*|Ogr|wTjSKY_^DXF^dnTwIX2PR zU#B~M>4&xD05uxNjfSkOBEim9HIBV``1j4?ouL{O(Q8#Ktx;1!F)U<2o}K*=T{oF- z5Hft-E?D;@TY?T-)fpG~c0~m>;0m@sSCzvq3zfWoLJ73p&JL>y(9hT3-1vN$Q91=< zj~=YI0-euU@uS!niv)hQxvL`yO89Z4SF4}7QwN?eY~LEIfU{;>4ZX%Fa_6N?mt1!K zP)*5<6P0uM3SNZ!ro?5r zhIC;hBhx9LOmCtrBrJ9lN~T>jqkP3{uX%xAMsgKfiOaa3^oZ4fuVPyd zu=8O3kw<^R+yv$sV-%vx*8HxT@&Gr2Kk%CC*Fc@bYj(9d3KwEzo6vDyWHww4H@v2G zU>*#6cgRHGN+MNF^Ax%>H~RuJ=U(Vata{@@edv@yqIbPKe5>6z0z&k3Ad;{knXc29t-_02(S75(s)NXZi#nTss? zboLM8xcUu8S0zSMPWlgvEZsQOGVhjhY2kfcw{Uh!*jH1)!p=CFv zq>xj(WqLiVlYFu4XPCGY!OD3XSw)YqAZ-xud?hagFxI*ElbAaCfuyQWJWLO8qBz=J-{3uyk^pp)O!>v|?`_-4+4U7~3WkLj4j zE`ws?pP8*l`m-d-;?C$7q}!4iVhAEg;7*U!v9)b&qsPS~~*5ip*VO;ew`6>Lp()-g3;Uvxt7*^q!Bb993~ z_CS1%d))Tq`KrofNjYiqzdFG9I(7^0XEeJYLzRkjTo5M!eUg;FuwOU=fMnzqD z%@o^tHh`Uufjo{q5-ezyWpH_}-k`fHbSCApmK?*$F%2MDUwc8BOk(^rIh)N^0+*>O z(#nkDu2H8p#l-B|v^$j~N^D~S8#^!>nC^WND*5K48bbQitSdB)g$=<2foRurGr!}t z(S|Y~F=;UcDzqN)S_tQkT43R9T<@XY=U&lDXi%)7yx1w*UuGthC>c9XsCbQjM)rl; zk&wx^*HE-iX@`@ToxM{N41jpEky%{WvMTiw1%BLrP^(y-m9yXFY6xkH5xzhO-{*o- zuS7Al0S;0jBJ5AXs$;wgrJ2*`@uk`jz6+^1stz*2LpLsID$skh*33SX{>cRTi5PS^%Fm8kMkFG1D=Dt-_s z&02NfIJMCR^Ot{-&XG;BT|137n=^Xc?A1pIzhA5*3cc;-n#ywAZNqa@)Q?m%Q*hj+ z5ln{i^~c)KJ-K#*!iV?42Mc1yr5cQ>cjt-&vW>WS=^cOi(MK{AMdg!L7)l#{w!<6? z^BdH%-Y!$gL|{kvzghP-3R>{iF*0KlW<=)bq+$_d$;(dCMG7!cyLhV)lJWK;MNbS2 z=bJ9*sgbDwR47-hObWmJEg|VTLdWa(4HJT3Q8`7n(#GfA|+Zt~s#9=eJ(r8Pb zf+siSs5wE9+wkhB>_PdQ(6lQNnK{adA$m1)q)DT!OVP?RV2)aL6BKNY=g8a$dQFhq zNyz;MN62t1%&k2TgaT;BBNJ_A9`6Qt_yIcI#cc!{5 z{vh4Un9tNtu0>C8o@O`vd)Sf{u2$N(dzErvp17Tz%hYLBQ65G{ zr>ihNw9fl(i8P`Eijtwn=xXS3wYUx%)jCOn^~SoojhzjgdNa~X8QGCWV^3Sh0?wDE z6`CQ<4T*Xu4>h1$klp3ympgN`Ls9c_UY_fefGkvk{)=qtTrw29?9y*jO;5{BOOXcC zqh#v6UvQ&kfv6G{%qg(JWHiI)^!j7h;2RhmcpT;tV}g9S1}pH^cpGW?TEEFk8DxgwRPx4!1bkj}u@l`$l>rG3fd^2MIe- z0o_-yqMqnu>#*7mB(3c0y*phlJlet?iRiAI;!6?)+j9CmFyI6{8B(=iV1*CReVk!O zlxpL(Pl(w^dgbe<6}tIjw#mMQvv4s;t7h-~)d1$#Jhek)_xK8905bp)_yitzwuf6Y?! zZJ_gQbZ29BCFR3y9SFWW`eeg(#}GczOJ2DJJi4Epo}B&(CIQjaZeRfJWC!!MN%Q%P zC(wAWUW=^XysbqO?vOFC=?}&DT`}>G-A6VuyrzaNF3b0A@S4d7&?e6MQ zKKo3texl2{1a|MkVtr72Zhm%z??FjQc-!z098nyKaT~+_jy0_oU*?4A= zZeH1x(t6ED96yT>(8g#w$qd*dfB2!i1`P1O34}(eg?3F6$BlqBxf)lr%4fgRIPSjZ z^^#<4Kj0=mIA|$yp!K-Q}lQ}5Q1$j{GIpk>Y z3fh#OPq$t}P5ADk1Lgkc_B!mEA2w8`J$4dr${#B{f3EO`h`0%qRQ}3c^77X2VR&lH zp}|o6c#qEky>zfS=(xG`etv-Yhk`-<4cMUgbL+0E>g<{afjwt>7pq&S$=DS4#&(45y8rw zC}cqeU;99M{rkI`-=iuhqFr4h=VeA5ybJKAM)&G-Fey z-GOv837vw>+F+EF%_b8s*DmLa_>f~4G+Iao(y#LE+;DR|6ktPEXEEmedia9#>9}_D zzBR)eqY*k29uZ0P9kgyP zUEE4RAOI@fh4!vAoO5-=Hd&+juTE*Mo?wNWQTz#B#orUn(0tTO8ldtu2tQir;x23{ z>D4OtiYvkz3Q*qkA$v%0QF3)bPkoY!zj_y(A0zZcM#f~EL@Nc9*s&2&&^b^qTX{B0 z0i4*k(Q1SBAU;4dlsGIghycBW3)}nglnE6NQR@oiTzEDy+tkcL&9d?=fCTO#UDdIg z9Sn$+66HHO%XcGpr1?RXB3@)~c9wau;{P;N(Hh{tJ8}s-UnXj&XzeF48zDo@KWG6u z3Es1Ov43+WuB0sd2fa_BzEKWjtgaOVaWf!X2yt^KpTt7_YZvgoKs_95@mo!IXGL?? zy=!A0F9sRCKoX8sIi34V_D6OpIWF9g)HR!~hNH+JCKgHODjDcl_=Wt4+cd)z#HN#s z7~~!(LbAYmdMPU0U#7BM_F~H{8{UME2PT4SC8h`-G?VHU{OqX#&88vQMbhKUVLgaP zRodDq&v&!LjKce7k|p?#{hMqkYJ&Q?A!9SfFfsHPuKRqox&s{j{n5;DvTW4~5gCvE z$ha2Q7-n%pr%#Xm?aftx3-9mn-xYi29#D|+$FPz!Dbefa(iR)YqXszDCb>44o;(8LE9X9t!$-O7l6%7PpH{SwgIQ;yx2t!FuKIX z+e|YfxmwTJIsR%DKh1(cK5Oi}rVVWiKV}~fKSwJN_<9MQs7-cip!!QzWP5o{Ii}vu zW2P)Un9*#r{^)16x9L#Kj$3dY&ne-umU*Gzh1tl;FVL)DqpD;EWV^m@E|!g@Egd&^ zS*3c}<91ZC`2i>CXQUCXt}!Nm_A-X!UPPlb{yV{EzxKX&cSg&aCp(g=qL$3=+dCUH zqZ1IiGEAhh6vd0Lzk-}t;DtvW*pa3lP+kE-wR;>W^k?CQpmGBQeJ^-6ULBa5nB_MYKZlJ>>7D zQ)q_j*)ltKpJBEm`m`5{CkWJRjJt06?s4grD>yI2&l1buV))TFgR?IP=j#LBEwh+?HNYsc7AK~VXH`$slxG{t z#oDlhiLPH2*v?OFJuU-fE-EvC{U@ufyYD|g>-KoW26{-l&|5~=(ApVAKKab4?k{3v zxz=+l{O~-i9`wZ?5Ku;pS9(+pbGJ*hT2I+_VXM3HAN8&l39+8(p(n&pJf3wjP4ZH- zEVa%CFp9M<@lNfEru+;p*$L`a1+?sfYnp?R0-*{Yi0b%=lf^Pgv;D{FIZn8()L?A< z#|+>X_z=Q#d0PlF3DFO1T&YukiiMFsF~RQJLpn>0IVUY(xSk+FjQxJd?2;4@j0(P>h9dF7bG>vHM2_hemoOv>K@ix;em3fFrKyv`|EnK?_rLoQY^}Z+sQ>yS{HKdbmiqsMibH8h$0PDO z8!ctZ4D|zwG_BVZwV@j!K~-}Nl`1m!QIhT5_bvb+f1W8auQ8vRvdUa%u!j}=uYPlW zKn~YscXS{S!O*!gCv5ONuHW(=aUHF12zG^ofO$Q2jy{0F6AcLMy@-VA@cDp-I#%R|kc#OhUd=H#-ZMCdFFMe9B%5(8$oxPB=ZX8$=O z*L;H^AJ3e;EJX+QCTKB zDAkOSS#jkCbRbNmCRl{bAuz;Udl2wH4WqOJw@B7Gh$v<&4QsH{oHrJ_z3wVYy?H{XXmJ7M)fuW}MKM z8RCWgD4NX|wIOLVb{{zS$l72V!Iv{486m49jc!7SVP-0-jjylmvhGfM8*l{CVunqV zuR4jrknW?~SF$kNG}>+LG<&c1zS&-k4!@Y!Yvk$s5SQs4oa#22lPMoxOvR$WiH|+G zJ$_)EtaECuP9Y--U)i0fo$mP%C1fE{0Mexd=Qgwlxbi-=mLFBg!q!aIE}bQ&o8`P` z%_gsN45EyxR&dYTi7p$^IbLW!EN!EZu^vUB7mBq*%g&3Kic{0io!sOC;*;x90Q!04 z%7?C(xzWGGm}J~Qof=6-U7z{J1ys!XW?&Mu#;30~UsY zmUqWgRASU3cbu?|`O4U}Pr7A*Oo_*Cs-dvOo%M=iBk|UZZPXaI30CnQMpU|QeX`mV zEryjQo5>PQQ@t&HWtF^aw1%C`E^}8Z*d6WwSS;!8z3h_O3nTQG0R$v@Hw^G+7HxxN zK2I*o2Po|aT%iQR%nPdUwC?5ayDfPFK{O$FrA$tCpwz>IA!^R7+JMjgu#fa+-_K5R zed0N<5Xou3PLf}AXquvm?KJfD5M0D5DJcTeXiJ8E~eLI!BS)!H5VY@trj(_$I z5?(R-`Z~4znhxvzQTGmNfO0#`FEf3EuGLL01AayZk@vlzHiRCge4PI`Zx!4_!5t~H zO*lM%74*zmI(Y?(!%ZNc6xT|#QYkcbA(Sw2(*P0wGH){Te)YO2jeXm!H}AAG4$+yQ z3)Rf{Sj;2-Gx#w#?JhoXJF9aDGJtSKh66Pc{9K1X4sXZ%n?U#5ZQA%nUWWC|JIdKG zYnbEjfli&c>KsxGN#TJV*cV3k>k!3XiVK3Dxnh05twI4*2JD=v$K8(jY8av60@qWd z`Jly0!$mocM?LicDPeOxT34d3JTrUnYJ7!S z(_K4@oFFWdXHD=k4 zIDNX%d<9`yalCit)Y6MR-_NU5{8^&X1ItL16sEi3`Zc>0y&dNJF!zj{7S#=GqKhfdW!h*Wo z;H#;);AV2%06w7F%(zS$$6T7qIRe`HKz6OT_~`whGtdf~ML04yz5tMJ#;JV?+y{)w zuqVZaaA3x!{qmF9?0^F_yAuMZ3iPAS3*P`jHu?F#_k?NxW&R45-S(m$G zu_ZO{-3#c@;pQIWwOD2yOaE|3w`HOJDOm|hXT{aNyb_@IE@<`aJs&u@y9XQypNRyug3$pF{C-97CQmlLT>B+1tYzIo9#By&@Dq?N0PKM z)Fo?r0X4z#4iF^AQgGO*qN9DE{cI(EhY10u7p*m!q0|C8&;+yBtECIo z`er&AS8MmBRGn=Et{4Dhx-mN@-nPWSXzv0}G|r1v8m;a1<%S0zwH|0}x0=}&k18G) zEb$eY0g)Qpd{K9vDR-W_M3ydk1|_n-f(TvRBs6?Uj^0;oxbn~js@g5nZh)Zh#y8Ld zi3tIx_fp{@Xi|BZfp?jd3!0@P_WGCfk1g6jEzakEJ9Xft_NBP_`dl*qB`PEE-?a6j zW-hK)U$w`|!Tx_oCI5XXbL_GXq*}XAE?w%#YGmG<4(JSiZAttfzM8ZJ*6@u`gl}on2Eh%E<#A85z}vmZNTlU z-#^f$Sw$8Xo#dxP@h$G@aZ`B)J#Mm6Vsu7!T(yNZz+&}pX56E#g-hLob+;~+(pbAu zvZ;{ar?4KV*AV(JDmO}aZigu@gw~9s++&h|u8f{G3Z<;RD=x>oGj-0RvUZPIx{5jGjJ7zw zNXPLi-4H~e0GH?Jy29&srfJ@DW3T!y6=^AXj5U}ln2)Y4STeMNprB1(GGDtd>;f6d zaVMJsuK{z}e=BLjS+oa{i4l5v6;P*IE}PlVVFJNNQl$s`4#z#UE#?gzsrNHz*7$35 zp@o06ux_d3jWYxx{hgV5elj5LYTw<3=zp0?QUaO1>>dZGG(13VZ8dWZ7%!*V>riV#KnDmaeLSMu6 z27%+oNWxYs=xNtR;asJ5bthq<8IwRTK;!(&`s3@8sX2+=fYYW3v*?tW&nMRG*)-XH zdcs`8ep*hxhL-L~Rcw8xE<8i`r3^PM?Uz>@s-Le@inv#t6X+0RkW8bRxYy->O5E zn1RoP{eHxGaP7|JENowLp1Gp3yP#k7+s31*or7LKA3j;)vGF4H8idOR>tE@)-&oS@ zM64u3h6VXMZup2J{>CYaHh_(7S;RBCay~gX=uFw>VgrkQE)E+EEgQApE;W}Er(x_e zEx+^e|42UV@rc-hm5K8;>1Uv*gRao{jxI;De$(|h3wPzcxXzqsv%@T0J(ZI&FF#;A zuB0q!E23ZaDrmIk?7kJUNbwjZ)t32|^Clx9T_=8Ls&XAuNgc;S$w9N$xUyejSC;?9 z>*l?u$mTwk&3hP!Tkw(mj6oCHejisGXBl^1bd__L)lNRg7E(h{9^~u4j%-AB{~ack z0fncZAcpKA9rreQla$};bwq(I&&IK)up)K)hM$Ne1N#I|u=)2Qj)J$-__40oo? zUH@Sg@~D!N$;|eG3IEp%D)d{X-8P@Z=B+QzV_VF^6`1|v3%LkpcR0thd|7KuserX5 zCVGKT<1E0EfwlHaa(q(;+fy9jM5CQ+5vEX8VAD-@c-1BV*Y=kLP+s5X^+K926yh@-*oq5d>%vZAAnUrCWcywo=kflJ}!S* za}8XP@M4PTsRUUE(7@XhIO&QBVBo;xKsUjI%iQSwECvqi*p{lkW#`as4Sx@^)q?E| zOQ`wjdWI}7?$nSC%S8A{Uf@|obm%#PTGHn5iac~p^0r)4oU>g5@&uo==(_>+Gh|vq zyUxI55DS3`NYqSV2=@km39kR1(U1trBIrvM^mF%ZcX^m|G#kr@oY<34B!(&J7Jr}d z1Ceyf!3d!B;mpX59@#A}785thH*~LS{2Zfs{DMo|2DEgCtFhhrD=@?lT_pe@&^I`8 z-*&v#{d<6$np-;V>k|cnM%7^-hYc`-G&<|A>LG5T>^an#lQ-HswVTvmkCU(SSR$@yJx^+CUtF#4$<+du!3s8Yb_ zKtzD>6j+eSJVbT!VMDmh;eTM@2;gOOFReG`@gx_t$Df;@|jh1m&WG zKd4KqaEu{BtZOKYP!Y+GOsBYnJdf>GA2*A$y6^HHA4aDZv{%#Qb9{jUK-r&C7T#K~ z`&h`gl%|%JCFaC~!yDB{JzT04V$D zLPa8s8vt~c=$ytp5F3=Z&s=3km=^cCgNrf%Gql3Jlai{mdOPjSR@d|0AlD(YK*p)L z73DU{nO$(B6loS3YBV)&@pL_*-BX7C3$3!E&4B{A^`K!xe> zY}jxCaPA5`8*SOS1cG)jH4S;$3A1(pz3Gt(VZ+*_fkfsZNHwnzKyU|ZYrKWm-+&*O zwGqbcG7Wj{iual)F%!W&XTu!4_cNQDl3R?F%>JZTJusg^27Pt+Rqnj9Z3s+Xl;ua|n4eY0p6&H_ z`@kKwUMRe{Ag-F2=`mILVFDTS|YatriaKs{uoTvUeh=Cv?L_Z zE)ceIn<0`PLBN9y%eKJfNB;+|ZhIq0Mz9njpKZ2R~(KjEyU7|FI_+D7{ z$UMA-R?+0zg@7SK=w5k*Z?N8Q>B2wBKbzNEIuCd!*Kvd#CrKNB zSR7ftJ#$-DK~@>zp^Bai?5BsmUIcLp4UGEyxOss=`eP!GnnT4@%$O2~H1a@Kpsg=Sr&4I^{a~vA$z!*}usbl$({`2!=#i#3Vso<>&d;&?1^wpTR_w{)e(m&`^1Qw%R>cOH*FpelDo+CP!; z-=DHC{sdrxJu*}seE=a#4)0#t1xS{U79JqneoAc^C_Qp4+??~dDJ&J6<8L5;1^7Ly zw!0NqsIyTmF4-7lnhSV#U4&S}YL;7U(Y*a!G{EK+Er0gf{Jo(ApR`vr^%u+o11cdS@``?+H7IA=w3G*Bs^gTtGZQxdK=9C0=nP# zbrlHco;^amgqh}G2meXdS+(QTAW)0#3^vX7>#`$z+Od=CuW(`%o)M;Mrf?k47nv7& zv`p1b-YK??3C&qs3_C~3S?^ejb40242tGpP=b30=!gDZ#+S?o2R4CP}vF~H5 zKK;pXhv%xRW@H$4hbk5E_)9@4h*~{sz#c05;0{Om$PJz2iY*K$g!JTL){1~W!Km5p z9*-b|ppI{2>mrHt-WBZoXlb4FNE+K?QY?!pS3defN1sn`2fJ2dv5j*_Kc7sti3#~~ zUFpvu*8bUBY1T@ahUEy0I>~!(!=ci&^MDKo%CgkzPJHgbMNIthmJ!D-r}Y3RRu*vQ z=Wg%Y)bEDQ|jd<$x*1;_H?a89bSDstvOsw-AM`76q zP<=AMSyYDuqx~kt+3!PfIe3yOVm#%e?PN0AvaUzvXcM)(2$t>d{7DPW`|xAC&Fd8B z=cnT`sCKcyJQGwEnnpYCy<68L=FB|w8}ov9=5ys%DVhzY#;I63+^QB}Bf)uq@H>g- zy9Xr$x*hu~a@+URPp-g-O@zZlMX@t8c%khQHsbEdg*_{g?}Jwo$nIR7hO@@J(3(6VQ^3^OOrIC5bP>VsEe1E z<=!yhtH9pCvL$Atli>s-*ba3n?7B9EdVJTgynA${i@F@@8WAJ#D3y(Z(Y6zKsQUHkcsf0?uNQm`uMkFQ>3&&s4}o`-xj|xm;ZD}`mg>YUr{Ij5^?!I*pEbg z*^gu}B6S^UM8=O-C&sJAR6X>N=QXv1Qju>QqH!@IRT!$QB}SEhJVrk+7oHTgiS~4I zTy~{tO<*)Y%v@@jm(m_?v$nDbFNa2cw9@NRzzY}ZB*9TM1$D$qJPO8G3ew#VKVr)|-b90~CO? z&@g%JT?Rw776gH?6aJaL6nJ>j))lmZsv5L`>RE!vl}MM;*-%w3wH=5d-+BRe#L~JO zg#iuSLsDt|ZKXPF#ht*^X`pM%c)eQ|cojTISi;5l_?CNaH%UFch7QGZ%RGd!F#Jg{PiS z^fh0&R!Xi=F5HbW>*;=*LY0KmYr_RkQ^>8PDZUcUzGA*fpyG5F1R@PZ_IN1TqZ_Qa`hGiPrzp#)|04(lk=VS zBQ0NjD%x+WdY{OqKY^V|{y?*O&DO_P?|qVg7GkrJ|*g%fI7R|2ZCHY1p`+iJ|fFWz=SviU=o%NGJ+j0lWJC1l9O<;W0kX z(vUD&kD#V*ZP7k`-0kV;nr4;nc;Ox98o>J7-ti00-+6VY|bc@>$dDt3rt^G zNIh>Ix=Y=880)3kvrGy;J&O;cREM!Gy<%i2BdZpx6aS&bL~D2C+^p6;6|e_{)2$?^ zFzfjXQ>m5_y(1P_YEp>cGF2+U^LPBo9?9|)OF!}|^)ywz*n^U5GeD!3DO}FUb_gR- zG)a#6Q(MA5!?TFJqg8Bi$bx5?BFM-P@3VN@X~QfK&O>mm2U0dpNm5@w;64Zptv z)QOAZa=ALIxq<0yU-&@sG15e*+Q`WfPPhvtzb!v$KC7=% z-txPO+TV@wlPmHhBd|G>sj*dT7P>&8mt#77VyL1cXYEit#9c#emj`rm<4|;6>pyC+ zLNJ`1kxJr;&CUFK#Dw@lC;fQm*V{|%M-@N?l_lBDxHlt zrWK}6x*6qU0MZ}HPFe$^YPd>Wl*w4B1g-ecSSGBAo)o0<87T)2BIEj*U~$9+HViG^DW1&=F|}*Th+OH^@JfbkUbpou(qaFpPWmuh$J| z@o3#N_CV7|C&egj5@U+|Y4>HiQ`PMFE&4xA!tW@) z&c&5TOzL@EQ{qzWkoZrQ#UirsAPHBQ|~nr z>XU;84boFW+?%-1O5y&N#cupNwr`t215=4jr(K=KGBg=93PjXQKKJG+%F7=66`ax6 zSco#7k5?BH9d!X*(Pyv1#Pt-hdb8=zd_3%e4D{OU#ld*8(VL5@pFB;Swh@JV#_;8E z=MMtD!6<#~3V4dt+^z)S@N?X>g+$&x>xiQ+fk04{E1s~<}s$jwf{rX5z=N0R|Mwk_A^E^tH?kHE_d_Bx(c z+}1h#GrGCChac;+%-^Mx&WTZIk29WPm-&3rQY9hCt$BWmsuaa#nTcDcU_GZUQ>aCe zQb(Qn1LDk|iS{X^zj8M0^=!iL-1vu1!Xz|lOk`RJ3jFd9e(?x5)`Y(Cy+Sj*N2ai4 z!jvJhEtVCxFD$ULHR;KnE2`9#mFZcZxUtNa#g^dqGGJ91B4J#^B_%2K^hjmCEz&z z!ig<{)Li)X8)w^E3atsOwOntY(;Z={(ZNyAC*ZMh%Sq%Fj)MfWh4|EwrykdXxS$nx z^cn}jjl>wDeHLpLY-8rC?dZ|Z7g-lz0Qyf-3kH5hV()9j;YIpi8=L=n|M%aKS}JDF zUmDZ@3sMV3OR^b4#LH?nS-H3K8(gERH6{97ejW&Q-v61@QsM?i?okLliQxSV-qW1k z&=W}y3Cfx<^_cE@%sk?q=6c-R`g}gd{0FIpET||fIfQFz0$f#lR29>Rimy-KI)M0{ zXQ$4>Y7tF@72zOhX%X6yP##@O12IpjN*93}9nVe!RWVdt#O1qLzYtt$p5Ot~izxa- zhLd8CmmAwYU0q6v#@gsN&95&~%b+Q#-nx|Ri`0tN@mU|UUgPysoO!Odm`-O}F}2T201{bw1Z^6O)17ad9LaVv(r|y4^`gI3`m6j!6`k zmsS<#x9;v#m!Gg%0xn=j^C7jT@e9?W&bBK|{HABBh_migpvlBGmKPXQnd1tshZTE` zv1!h!pah}ljX-H``X=W~ktwhxQP1yTFwU{Dv zkjrb5p_yn+z`vXIqCNsfkp$f0^o7~vOHtHtX1DjB(3kBsD=Rz7^ut=@KC8f1mPjXZk${(q3 zxo7Q@O5?A6$~ITGt2-pY#*VY_DKbAB_QTeSQ(bnS2#3<_(T=O5X0>kcTv^{k;V%ZY zpSbI!v!)kwEuJJEJf5(IG$>2HUDwvQ<<`p2 zSGh-6oEvCyfal`DaXXYXDP_4}L93~evX{;#H8=Ds&r%O&74=(KYmXY}kr6Dj@T--f z)0iMPh$wO4lAz<&Qm3hQfdRFpd4%6+46M9Hp?hE#bih3JFQe(SE3Ez=Q`G>2Ts`j0 z2hB6Le zcGlkc_FAwS$D)Wc4$$8P6GL6nvTa;Rpnpj4fT5;~A%b%;9MTfISZ2)fP|?DFq&PluG5cc}Hk+@gh_Hwo zb9P*WKb9qqwYq`Sg)^w+tB z%LR$3J8P7S(C72BTK-g!Q1tO*yD_xT4nm+H$AZ5j1s1sWl9`^Xc3Y@ z1994S$Y;ASV(6k@+3->BFeX2dKV>r+_%j^_e<=e=wmoAv1qLz&n|>(X&y4@3r|xSc zWqkLdt@>>hXeu|~=9Us}RVP1XiXb&7F(=jQmUy~H z68`p}wwf4&SL7H-5LWuI5oncI1EAr*AZtZMl8if~=#AJ`CcjMaeJ@M=&lG@>^EKQm zu9g;f0*@tk6t2Y#NA}4`97>kVug+hE)@#aZip%5k>8OR{n|;tY^bg8BDIpeZEbeSe zpLFe+$j$QciFTq!Yk&$C{jOyST1BaIF1hVyWAAv$C_;<-WQ_cd22GD(jm;n6aYEe3iYQ(?Skw)g-xO^DyX30^cRCCG=K{d)k8+Gly zEci`S>KI))6uDj`D?e3x6E(Mtuk+i6e;ua>O*>`@Im@;*4m<$W`2s?4;e!dQBiSbm z)$@i5^b?#j!w1$e@mkP)>1`*`0?nl~4O5@~AhR?U-*x73nMJTvW_K%?zwf?e%1@AC zrDIIu^=8YRKpN0svaGk)n8BLDP)t^;OWGvU4`tVlt}K?dQs5Mxi%iP%(u(XJb?Kjn ziQ?Y>5b+tCtyj=!iXUETQDVpI8kujeN-)}Fl$CHPZGc`Jwz^y z!Ss{usg-m9Suf_nUq=$)&H~cUDhp-s-eo6sNor%up+<5V&-_!Rnt*fk@ zfkd>RJ7?F2FvQ(as(Qe)4*QEOMNpeY*ko2-*Q^9{QFOaBO51+S-a2q&2nb?E2n=iT zV(|YAg%cXs-N_TtMck$XATo|Y|GeW`9VBrN)%@1?nJdFCNr4KyvKewiaRqEUY%`;f z&eCSZw^$peRSz+rlLt)^V*Zjdn!NSiSiB>new zPaPJCP^cSt@dwkP9?>D}>LNSf@tc)G|0?*%2Y4l`q+k&m$LNDw)77s1jBD2&Naf1hc{@ z;o+l6F|@G=UiOF3J{gCs$k>QB3Wc|SkEuPdX4-v55*Fz0ZB7w{2>e4N<2mt>-_0|& z-%?$(r54=zKUjOm=uEqAO|&W%+jdg1ZQHhO+k9f%wr$(4*sj=4PTp_t-QB0h?%n6~ z=#1xI##q1RJ=dJqx^P5}QvS?wyzHGZeqt}(Nf1N%W2(zk>wu9drHHZx#H8T(U!XjO zN}&7ZH{en5U#h}||2Lq=Kkd`p(D<9^>g1qr_+LDeW+`v~GShRw&#Z%T!wrQ{2%zaxnLW>Crmdiboa!RwSMYb4#r`-;DM#^}-~T_H2g8;mM8lp77u`z$eamTy39=muqr zM`r~wIX4<`0C@*$89;5l*DU!B$tGpZz;awgj=HOeq!mi@n-^ts4q>5yh) z`x*a)w?)PuTjMaM{w6Q|#cd-#?{N)nudGAVTCuNvh<&7~X~9!MRB*HzUApQSz)^0b zO#Jj0HmU&!hk1LIcC_fx2H{Eopg@Hul+;#KN$JWtNpWOnh{m|B=!a!FJQ0(x8(a1 z4^oXr-=GFpqmp|3SHVUC1;v0}9SwH{$sg+F{CFC1b5Eb&Vb@lqNDI|VR_1C77jU=q zkdONc_8uoWrE+rEhq1w6QI*P`c3S69sCLJAamgR zlI*}DAHd@|yN55|J?FM(+?M_AkNHr1aW*8k91{;im}E0K$5>DtHGGZ0v0O4`M4VV61PW>Y#7;?P>lW{QQ@H31)GDNrL$4F82_t zn*8_{DJViAm6($KfDoISInpA>#2AoFNT}A;ZyK`~*0w!fNgqO* zpQeb-Q&R~;1||<^w%@j%F1r|gKR+gFesI_igfJvRU5A$P{TAFbH`jtB`AvYdPmXe&OT7cpm;F2(RR?r|H3c;j0D5o+|Tbw=C zsVuM$5~V_@L!J;L?xv?6uFcOYsUu^Xs2m9KsD!Uo7^J8)0iU+thSpiamJkCVHpuR$ z`Y}WMph>s_9v$&OX5oH5F zj|{cX*0r3zhe$OlJsy`vg^ly?tmTo?%kyi1mTs8JREx=$IK#vcyWA}Rd&)*X{mUs8 zET51eM5GWeJBS41h#OXfv;iWW5W!?WUezqSl=vw{QI0;Kz+|o(Mk6_fFedkMRaqCn z5y{#-B2mf&+1!TK(NeeFC&xlBGL#g)K&dx?jjouFVXUT7k0jPlAQ>+@ps-dOMPDjkKzRWs^>~4f<&zzz z3l;5c%%W^#JiWK&Ymmgx&4E;d5R5Z0`9o`}c)6!L@*(`FCE`HAC(IA6I&;96K*L8t zEVkuW1ZLoYAh`q`Nhw0p9)e}*YxPY z7FPw8^I!BJUV;OyWbb@zcmlhE9>cLoI!P^){Orm5 z_Rw>8NC)HvF~YoGCk3Xwz8$k&0523a(Ph$~Ch{U6>Q_vgK$dHENd4A}*bg&3!642T z3u+tN_eeqJR6U`wzSbQjFRqmxelJt5wKkY%z9LA19VJ8C98pouS;*a!13BrZV?E5K zceWF&gemf8z;CXzzvuU^M!}qqkX(>xbtptPT1Hr>+Y znqyhc>ab>F9dN4=vxgl0KJK~7#?MR8t_jJzkX5e{bx2TaVx2+8zw(MGfZaeAq1b41 zMS3lJb`#Wog6cHq1m_70x$bHKegwx;LElh<`a7xknIgv)sUL zG2h^R`1BzEMPRjXb6JFQD81i}6*UenjnQ(>gH7hEYL>?k{fM<8mHf$b1R6OB>*jCc zK+ZP?XusX#okK|Eqg`r;ma;3giQ zoN<5w#Hkr@fTkX=yH`Oq#`0HBhOaX!tN_^k8nw8(BQ%>5pTcC0X09iMN>}l~nDaAS z+J||yyNLZZE9~k8wt7zkoR@9=nLg<3-;AD&>;?DAzbTJ@;Qp&CQR06y(*L(B@qeJ& z5Ua}ngGw9z<0v8ZokwJB^WSbr1xeclKKM@(`~5+BYYmA!t~UyEHn_0(CQ$avOejVW^As5?IRYh4($+K2AcB0?n0j!{JpxO$Rj1tH*!~^;vwH`08)|@zYL6sVTrn-j z4(buyGAm{}*O#E%1paZBJpg|Lmz3wg?4p8+mT%Zos|~o8Vas-7=!ut)!Z4Qe%k(R5 zKxc51>Mw50x3{?3^e9<^s^7n+D}-0F=!Ks@evEySHU2wM<9~k7VEI2NrGFc&iqs(7 zl$KCFZ5a~K;zffX)^ourB;v)v@xfux#RLfb$M7NGfhfAAbm9pT(%7KjOP$Niv@4X# z^)~q;o0@?n?0`Xj+Mk+KH9OT+eUDs}*49Z1^IzRh4A5y1sWmU%orm3yGu%(_U+R~g z?zclJKecEa>SF;;AS@^@M&QuuMOA;oKQwZS-1PS;Hn9*!QxBn@35$SE-Crb8j3BiP zz=er;eCt@zuSEn2xZ%mGLwTnc`m2~VLaZOL@u48=iyV^DZ_6vn?^0j|V5jBjgofnU zfJs0EsfRQ|j;xm=x-2syunKnfT&Q!KPV(&Rz3CR4$;w3^FdYlqy9Q`uac0*ZNDR5C z?4sWixwTwOP#@qF>9L7gjnrZiMah{MW;RW6U}u=3FpB!a<~H;S60wsdG17ATfQ?)g^Gpl8e6FT1;Q(&!X+m;2{+K=u=~ zP1-B8^W|{BMFr$vN`*^V`?4jKr1)@`t=X+NBktl=#hZoN%lLw!f`QU_pm6=ky}iF( zS5L;mfEqx<-KE>ALH-JAh=$;f3m}k)OGu-pCIg?TE6;_kwt}aWr-qwvNQ>Ft1QR*1 zLd7Tkwi;QSRYI`30taQ&b2qonk36M<8ymBhL1Uv8H}H`@)Tr4az#-IrWk>m)Dt^?4 zrb9r-;XnGRCm9j*>3Szq1Ji#NFJlUm#A%3_+%&UnAVhfp9)yodBK)I{q(^K+gaX`a{FC9H|-8DLdAd1iw z>|@p_&}CKA5p;O?8Q505x{L^e;S_&5?6#0W%)G&0g9-sarb4!Rz$!ML6RXWy=(5)_ z8i*36u#hK>6;u_|-VL6L;N(1se)ka^SkV-oy&~OUGBIIE_7hpIPy>Lz(kI12W6w*a zlhYB>$}2W8%WzZLB?VL{YXv4vVvP|BwJJk--Zvo-5zwYEGND9WL#_Y~U!Rg`{LF-b zb3&OybPUEyB2EgcR}O}&00vk{OFLAOUt;>-b|U-1^tJ&rAjKz0do-Xvh}M5U(ea0b zpY=vT^H5teRv_(!9zg}6on!$GC>{*FAExbqhB)qqB~ORh{~}JTP_FFLC~wX^7k2O{ z&-#uSDACK}vv&a8yrnzamMqsyC|w>&27A@TM+VG5P2!koVCwdaZdNQ&BPsBiv_GUK zM#*gC?ul#+rd~>`+%S6zzljHz!CYhs`4NM4m+qlj;e%1>5If{j1s~sn2?4eBTT^rg zt*3Ey5@<)9j49kZZ1paV-@BKDci6Eeq|(YQV@5H7EYpn-I*c{YRB07v8M<>=Y!=u`8h&eqm6N!E-$c@{&z!P{BZ z_U{FI__S8RTcbQxnImPzcycRRjaFl!gZQC@tU3%-KG72CTRsS(q%kN0TZ^m7 zNBcW!dkyV5%g%btQw7H)77f~K&byi7* zr{`Ypl1;I)-I{^TVimNR`JB9-wv+d(qlK#mS?MCgq{i-;dyo}t&VN?#5*ic)LMX8` zt*4xU&H3Jb53AU>NCfV&c5wQad82p(vgIzrSR%!;J`O_`xJG^YZVi;jF&eaffquW+ z3*9xxK_nZPQa5zhXzTukdSjDA)r)6f;fsmc&9~Md%SW-i+1=CN#*PGZ&NB}{NSEK5 z-(isMkNuk7R$4`X^l%3*UHT4@jmwT`veQ)S^96BGY&-^L{7lKW&2Gh z-WiRIy9gpYF8H|783ws~CokK6+{Y@Lp7)HKw$h?Fl8(Pn`Hun9--goGjtAAOAZ6;R zavHA{0@utig~#R4Tnl~N9)rZ-9_5LNq)D+Y{cM&Hv54~)vI*yjDtX6N0ebxfnfc7V zwSPyehCe?${G?0L8A7jt`x1Fej|?0AHID9^qx#4&%qF`!yeY1ZpTXc_bp2}Ct&Abt zTN}U)58|1}L>A5e$UV9i)yD}V-LuOKcG{WT3y_S9P=BW0R&vDk3E94*agMHaVv#dV z*P;!c22y2pkR^AK`|XCxjFMu2Y=Si|nhHsEczX)Rlug`+cSCBKX0VS_i^dfb$GJx_ z^^r)rV%D++3L9fu-yicv_zrTS#Tv*V1*h&V7Sg`wnb|KQ8 z`}uy6if`*Fzu2pdGD7zo=0V$T@w`7$J5_ll%HdPB4co@DxTAP>H*9yD$t^ru&p{qK z0z|?}MiY7h#IwEb_EdvkTsEw$*E}XKOsUbeps3=Qn}&I14pq<-vsuq7kBCZHcmYPg zoGsuSNHk+XL_eiqL8I1@_K)Oxb<8f5`MC-(Way$*_LMb17xPrBHmlYUw_Z-#b!H@3 zjjs%ITw7cm?nsZIrb#WDLn~_N`WAaFplHR<19iuEWpH7aMJu@E*%@sn(X$rujr@Tn zUCk#0CTE7o^f;E@cNpyc0Tg;z_gb~OJwg`mc1+}AdEfRqRJSX12mRBg_RI|XyZ}@Y ziui#4dfZPMN_FQ*-~79 z{iNAu*{+~`CyHCYlcSHS5l>Hrat=neyWTT`Do(XH&@Y!ZM5ns$s%{d5wa`mku+oOdz! z95L9nq`n7AUAXX-wb1UptfVP7?+Cx^){4NmL4pAaj-B!8>Ocn*VMyb)H1p*^=kiSF zmTxO(Kl$;dJEmg=?P=e^1DY#t9ibois3c6tmV$Y*-@-yo5Y$D%l#Vz)ZXWsi$ITD?oBw$w84n@D2ZGn<13L$*{IIH{P<-1NIr%S10hh;R+G@Npyg| zTOHP0y9WpavdTZq`>n%R5XnM*HmR?Jak)RBO4!dJya*fe~j&KR^Pk9E3ZV5N2;4K*QOBx!3VGO z>$V8%AF`D!A0T$8F9^0!K5DQ~f-df5r)zN|$^hS-+FtM%%K((oLlyjEv6^-RH*FIh z+3kZbCxM-#!LnGQ`KW$&rO$6j^odwn`PsT8FDBND6z3sWgo{UI)a@QQZBA`b&VWDLvg1_Lu7&MqDOT$;AV0#;kHO6 z%=$1`Y7R&F1m!fXW76#%Ii6B#&g+a**!;^avSb#=ZOP7>9A{H+C^t)Yk`&9C*G#A& zvMq5IE>VTpU9cS{g`svorJu4D;oaJiL5VrT^=s_AG(H7hxmJ3iIHaqQ(=#2ib zOhFrakpp6ql*wKWa7OH;I8vI(>X<)#;B!tB5FvEQC;OK+%8~QWeKLEDH z)|SNAw<3lL>%UsD1pW_Jtp5bZR<=~dR7KuIoBN54STxK;Uqx)LfsYVrz6i>UQcg}D zdgDLGGk<0mOivehSNdAB)`Y2L{^xIr&&l7Izkl0)Awo(wy!UR5u$$(1KXO0aE^qgI z!0I71!F!?0?WlgoO#tEqKapgYTII!2p5TIy=%A@j0GCws(1UwL_(0$k;AQB5@mf8N zBxGB=Dhh?QF@B5fCPinP>+st1#c1;`uOmoRWDU+Xj{=oZaGP_r&N+Bg!RzNzYs1tr zU1Z9t9mIj9mPl3{NmdFB)taQ>BE2B}aCNIWKpl>`hugYB(Drbes=8t4Vc?Hi1$~PerL}0N2G(z85*E)$2XprE*>)cM8ME&$#QNe zwk%nE6E^ISKZ-tKfRJRJnE#U9D5O06HK6!>s&W*U=k8C%BQ@tyW$BHF@bV>a7uxC1 z1RHA&FZ^1)@E1C!GG)Ea!SJ`cV=}jbeEZ5aaeRl6u>PAg%%I-x*f{P%b+G zWcne!*$ZB&!`iPGhoL_QT%Wt6c+beeOKq=>QXIH=1TT+e!U<-QA9t3Lb+JCdUSG_Q zLEIf?e77Z;#62;y#8!(1f}?(=)d!Tr;DoSuzW+-pjXRY9{*UxQAN+r8ME@TX;2ge% z(asKr#2C6u9+**utdN5$q{*46oo%l60J5$%tKSbHJ(s62i_qI6(DxJ_Ry7{k{h z(=F{cFZe$EH>)k?)1X(+K?XERb|>>CcIz zPNZJU!o!bW8D`n1GbvpD5o1zQ2C%Z_;0TT8W~y52;nVSl9zRLn+Eyob(3ps4#TnQ^ z=ABVRpf`btn0ar7O_wPWwN5pKN7TSQkET1xv!v*0Kl0ZDB3h9JYXIMtezBz?sI!p8 zJVy1ZuH;6X-xpKtL7ehh{FlZN|KE1Auv>AH0fB#j*JVkEbox-Q)Kf{VAKxzN9j60?_8zt2TwEt;PWKCBqpb zF%o(u<3-!LSSR`sFz8kbJ{8%@kO?7Q5^Y_~dIqgNf~4sHMByb1^{Lyi zxiqOI_h6637@1RwoM)3CEk@+_G+A{;f);7LZXY6-R|zqP=SdaIYLwMhHj$BVs)xDP zlF`;4TN-1{_DM@P{=JAfp&WnQ^_lB7(L3>KS;uR3TI6|yp0lFBlV4PVA)#~qNf#kC zHQW)q1pvArxxqgqGs}*KQT(!fqE;Xzu=2f1!W@vM(4k{J#v25Qmo$D;qx!YS3QX#@ z%1lWhH7I}m!m+iN_D0keJqg>f-I6$MF$B8S~i3*8L^o793sA z3-H0U5u$_(3NA1L;uQrWqabyw@3IN)yARGWBgir@N=NACgxHXI zqD{g+(P3OoF?T7Ezquk5j?hBkP#$NyG7cKRZJ?*~qQ9d%rdyRG=U$>~peEZR5Q6I+ zEdL?9;ZymY;4?%}9Awd5i1~gJwn{W9YTsXpN8gQh8u+_$kB9r(uUd^H0mY(TW5_AL z--&P|UM|kw3v2DjzV>O|4KW@YdJ0K;@>6B?zF6->Kgl|uz=3_{>e&mg(Ffdbo$XkZ zhnL&`I`$dupGgeR0g{OH_@8p+8h<2B)58b#FOvnNsH@jv?X6ykn300YJeV{K7No~+RC8k z%pQnPh-0J`*>60G8*13+&Hv20^y^eusJjvfrHT&v5b6yhQh$U0&rneC-Om(5yT(dO z^K^45{k6Wx2z4#v)K)cDYG`kAAi%-a^g0ZnY`h4&OlGG&f_(#DyLcU=RAQkTWZx?q1SS-Iu!YVxkSkKPyL8?h62r8wXw9P&Wrt(4*+yYv+~ ztuiS4`YBk&WebYrLZ6-s$Ei%KY%-R8*$SJB(2?fRD_cMHb0YGR|C`;T$_#|i#9X%0 z4PE+PB0J$7sZ+P+GSK{ZAZhH%zU&GY(Hx(-2F}IH)VQ?FU;$wEd_l$FIokf>@4`~2 z9ltWjX&+u}VvENU@E+}=!Mk!K^uAF>GlP{HZJ03mOOk_Cd-azJ`O7Rd)pXE*F z;F*h~HqW1$oeg%@1@T`z>!uUI+$f4*1p;K~tyX&1-UC8T@P@3zxANv72@n@e!=ZHh z!nb$4^3?+<_{~JB`nfGkJIFRhe&OR5?Qu1|?xEE(YQ02`EjZRoN!fve z`AD6(3O;#iBdd0*(fh!I%YH?mvR7fVgrT_?E&~^FfFVU{qrlWQt=GI2h zlMU3VP(`+F|M@Nsizr~szi;z{?{DLOeVPBCRP(=w`6Vf8%KrCiRvzk5F^^#I>qd_S z1_w3B3bS+mXS z1LWraLZxuh5ZfHb&pXgL4@0BTZ!U4!c-D!DX``|BfaS%^L|K)5%t2_E)KmP<*Bsan zB%3V|E}=pQPVc-;vn`0?f&l}!wKIj_U}3;Un~C8rLYiaU@g4NQv#tp-nE22t zPRnit{$ioQ8AI-E4iB|6y$AbzbAiCcXo^kaL|L_GY81s-ne+BdVqR5uGQZ+d{silU zoq|`2+#AD==X%mmOPy#KxidBFAz0D2BkAs*woCzKw*(MO4HT)|YibJ|cegmX;PeE{ z?lM+;87f_W?*fYi{1tkapMhjWHn6)wB;5WA)g9TEVrgKrnT7wT<*+`x*lq(q3 zUVSI0?CLZm&)`rw1_GS^F5po2CFHksJpw@sI09P)lZi8S7mXFwK_qvyFv8*V-9Zi; zGduQ~Sp7)(QG|l25yo|D=-&UP^sNE{s9Aqk^v?hFivIV2w*RQ;1t=)vI0scBp{f;B zqdpIJGQ_-_WMnyduAK#^v}AwdlC(|Xck)jlU3vuDu-BtN-tp%P7Z`db0MDdXgXwYR z)!X#s`|HO8r{7!aav*R#r~=9SiGiA2yZ#MHi))ZE-k&Os9d#W=$rk-8;4O!SQ?ZOU zg*KGK*S*=9B=q)ooYTXjFs+MNZP*6aj1zu9AKQ-1w2cMeRIEg}(z2UYhqB9bRRT(q z;w<=DDc4$lx>qR2-;v}s&Up0l_LmKNW_;DMOYnuFam0MmC!!$3cYe$eJ^&gz1HF$- z@REvMOaNPA=7}(@3VM1!z~3GTjlPf0F5X_4T-2^*Nf`gn8Fax*mB7OyY&nO&I8q9| za5@M6xLEfl&o5OB5~2+xm)xSSVUOZNeXl~w&wqR+1lCX6G$cOT2 zc#~ca$-ShGBREDSMFwYv*2Fa@sNycO9+|U-T(y$P$!aW2%9}q)UN=n6x@Scv1{B=a zzU-M**zGfu+DDIegte6pVbP?>;vEr&36`zqfz~K7C2o6j0oPw+`V9l0c34@Bxu#xQImlY z5V^u9X;~ie0=#82(P)*V>xU3A`y=#9Hc#k+XNayV2#FnzDQ)6kUIR>11wp|FSfjt@ zC~!V#g*qA<^ChJn$=)*!Ml;EL{BDp0^`8TN0$S)4u3{y8hF9d3rp1%-%7{Z5mKVpRMzLkM>tMf$JI9?_prr(kWcQTUJ8wJT`Ek%QzAHr z{EObLJ6wkv{9Wn9-wK)kyS$a$B?0%Ph zTlB2WP7P>xa)-w&3Be}nR-lxTxSO*0#MfcYm1To=iSk;OjnNwuiKHX( zk@|9oBagRCVz;ICk%yrpHQAyd`ki>6RZAx&FWd8A4RvIpJ4I^^taL3r4ZDmC5HWsT zAywZGtjp=doTz6;gnnDYoFiTYpcG8f!cTwLe&au=rGUzMSL@}tDKWQSXb_K_ItgKt ztyVkX!PvJ!Shm=%0U|`#)}--EP(sS((St>9U3uCuzr~h|F3A~vgT_OsZf*=dAAn&d z;g4R)QIg~i)k}>FNY#E~Bt$q(2SizVA(bB@Ikb75vZ;>J+jhn?CCW&)y{3JLwOPX| zr7RhfB8J6k!IWn%hQ*&vgj5YDE9r(+$uNUOU$X=|6kJu)m$hi48g<`K#}tWuJJvYs zo+KOO3Q4*L%`Gb%G%P3uO^is!(kaaKyKA6M(R9^mb>AN$?OV%ku_V8q)w^+lN^YZ!WU@27wUMD)b{=u+z%v-B|Gmhy*k!D|=_qgWX;RgJ66N08hh(^y1HAgcI~dmC zK6fkGGmpdLIpDzfcVLqxgkj=7^#Xsj+18q7tFpS|?yOQxzJpVo4?Ji0fUdx9NppRM zX>w`YtPNUk?7kGZ$r|k=9>&F;AQFkLT>OgUqIv(Zc6^)u0;1mUSZMMHOSj6LLyos| zzQ5}2Ww-K$6Ms0Gll6+RaJafnZ@*am3%Q-FA!Mp?go-3}6X-ZIbk*0ND#n+7qK7`( zcjXNc?S|HbJx)`oRgj!Y4oH~cnFny~2dI-F=`LpK&XaF-0t#oCO^iYz!yh{yxuzcp zMYeQps;vzqL}mZPJlnY0GJazN)z$0oExV%xP4MuC0ws|(O;)cjiZ<%ZSNo&1ORDu9 zY~xvuMY*K>iR6VjGoiN29!6fdr(>1Ye|*C&KN;uyZ=z%4S-o`MZ-UP2H|OjB?l;c- zAKS+E_k0Hb*^FGhC^#ObERTRv3(^IHn9YYsj3~V(pfJ#|ex`w1<2tp4>;DC*yZF3Q z5$2mfKW!Z$65d18ma*FQV$z-Eb$7TvBKsrT4=rvWG_W&5K9W8Wb|`KqFOI8TKvq?-IHf%@e{Q|eZ#tn+k6YL$yV3|8rt zS02u6N_=5?@0>cg)oiIQ_9(`HB*#t-^Zqx!PbTSRk1jb7)J_~x5!{Ry=JX($ux+Qq zfN9uj#>q81!ayZT$Nr~A4u!n)(Z|)L+jXHJ{rY0URk050GTm?$F@zdaFv1Nq4dY{e zI$Kz!{#uPU+wwEu%QclPI%PmuF+yKP`^l;Z?BxfcpU>Kh=c6(I&Q0-Oq5i`3@+)Z4 z#ZRulD1Dv`rN)&=MVwKbq)pGGe$5w*Sd%9z$bL2gJ?-?s)(bszH6!1Q*ocrc(CWDP zbQbHc5S70!R>1(N$vd_@ZaZC}xW)B6F~l^zXr;to{N_<2Cq)-|3oy5A>dC^%TY+7_ zNkcGRO?vv+Y~rsTk?f#a#_FX)e_d17v)5-Id-b|mzc3DWiJxVyiKzdEa|f!LZRZh* ztBPM-wpwz)V=v_p(KfLU`8zdN_Tv%dH<+uW=HkUC{E}-b#|Kz>L28RSlv?BCPYR>E zQUi<_t3t>et2jB_^E;e>wh1S*vVQUJ8_Dv&oW1@R(BQvs+5hQo{BN~dr2*lkwAA+H zn;?E^)EWy9O&1DpL{B+DGGB`!0MsWQ01@#Mg)||<$S6Ln;YS^6(^|Xjl7bzYuvHaG z3$QfGdb`s0nWg2$*;zi1r1#9@lIojRlLhs??>AdNjTi}2$d~wO%dz{8`pcH{I8`-< z>kiwm=r$A!*2v86@2F66FIIG;`-k=?U&k)Yx!D8DNWqqwD)Gwdkv2k%ij#A2z)xQ) z^vgQ)8|aFbsJ6G{KB$3zLVE^QaHFjrKr5TJ z^3GAwtmPov5?NLQl!G&PS+fg}WwmSjRT>sT-IrOPc_=&R!?mMx8S?fZt{3Q3VmVjj zVD^DMC~SYT>W<;iw(bQT78lvFyl2VVR`9|@iMDrfatLg3$OvP=4_o+}N{)syq0iZw zWgyhqrcscABa+$E)5%q~}DgkMi@u(_S9(@52-trayWV zkG9>K9dxC$IExKcF9rwdF4SWFROoL~U?fPzG*Z%0-#R^oFDb!JM$~ho|#vN4EthR2oY~w-vZ?Swqlx+<9G)|3MeQ1Rr6gaksG`Q9T-Da zSXDfW0a+6-%BPoEXBUCyKXz5E(IXtsXRvYKx1BJDjBr9(fX)465U#Wbc*$fWTM4C;?hfi$VZ{!@+@oI*A^3 z8$b`7U)(^6Td)M^A^M#pmdwys+9gKEL*GESwPqm{nG7n}SM3k#F<)6<+<-8`0<-RX z&ex)so&-|}-S|c%Zz60MIW&uBUe?$>M&p-+qW&6b|3N)7NxseuY{hh_Cn5nmlCKoE~3IoE6Vc3dOyFF zS4i*{YN1Uzc+Z)mdIW|Fl{}A(OcpJS2x?Hi6@t~WRd{4M5z_FrKnevs8AK$v{x1uT zuBtI1BRr%i49vEeQldZeRFw8g!M=;~gNUO!(V1}2R4;x4r+o&X1Mv(rzj`-&G3+(b zz!NXxBe#77u!U(AAv&os;#Aum84C5(;86afh0LS{G)dy^Iv4Q4f!og-V&n2_HyW0K zUfSk7dN?w=Db6khA+zvjKKGQG5p4LhdH?Z>&wq}mg8&=SI%Hpf zHgj?^;0htyz}(!27mj5@%kU&KbIKNU{BlvDnGMd=a;iiI;eHf6I(r>12T&(1RWvItKbJQzE?V#UVb$#EGQC%P zhfQvy|2*9%6RvwWm^PZ;i9OBLZ^Bba%lnyBOk*WC{3SFZn{>D~91dttZ&#*yk6e%T zH(6Y&S>LOuQB!YH7?=SmDQ3lIbCoY?NhUwDHPrhw;M@OZrrvP)lnMw(Ny%V!m;|9(kN>h08j;U-rOO-WS;}QSNsj7M zT9RWefwY4)wT_xAfpyTwJ{l{A28sHw7M@4UokG8f!JV3j!5v#u?@SI_1ujC z^Dm9UhCb#wwmRl(4)0U7NW~{Gr&UgnGX$H~#@QbsxPyR^^KCxMQCrpw^zKKSvAO>R z95}X_#{y{=m-W;6bGObJ4WlAh(fe1yw4jfdp0-cYDQ029WGYXh3{h#zAUT7|F0~nS z@b>T6quSI9p`0lY76ou2D&GvEoynXaGM{Zg>=s!>PkutnJGN_%+a;4Yg8UxQ;*>L% zcB9f|V@OKso=d7r{xnM~A*R8$kF10ls#2H}TjF^C@RAuJX_<_pt#y-V%hhlFl^RyH zhx~AL4a;

ga^s)ghEpR6lup$p@se+izI2d?3X+HvcQ5bI|NGrcz()Jo&I*KwU#T zng}9gP~C&BfhBoFti@U@iDs#OoPkE(4{=1t)`L9oO!+pkLOe=uY}6}VjSHT>r4rRy zAHPCrc=4}734=+#0yi}=u|~zjYPgwJs0B1}xP#>HsP@W)hd;Y(t|F58Ka*g>l7zmG zuG>krHdb~X^4M;tPC8a1T_;FzH%r;=Bc4k=zc?CPY*Ie1lvL;C+5B*s15J*S_=ASa zviP%xW^2w$=#Tmo!weeivmn-cT<&W#SXSL5e#Pj<{#GFrw!g~Kd*y_%^Sq4fVL8({ zc%y>Q)=q|vWB58`_66v4Dbo4Qnb86RV#T*~s;4~zVUm68P3sc4)NGEIo&0{gMZPDr zT^3^s$y?8|s%HXNTF{>a4Z;L3$4PqBd^PL=S6X}IP~BB}Bdtj51sNs!J|Kh*Fxk*U zG~W*{se=OD`Ahy&**`AlktBfcTlE;FluH>;<;gsv<%pf)HV&JQsa&FV<`Hj;^XHT= zSPLzfeGlRA65+CVY;Mzcft>6b$1_Fp^<1n6%mM6*NS%F89zcM)z`owtLd>HmHHO^{ZEDNRXNoqpY4vF8?Db;ucAy*#>a9Zs2b<>E4 z#TM+>FAP!LEQVU)Kv&-8%P05oLTA!tBhyjgL~379qb&(U@b<;njwO9v^&>N}S!G(q zOm3Tl2(yA&NmymKo)9~_F6*_!B1+A(^>=#0@2B=dp4E!6kH3qzd*MHoW>tru}p_c1O31(kTG9(HY@giG54@VBsxW^jT z$Md7^{{`~pWdL!>qFR|=P~&Ha7>5c{S6o;%7n*FP&rkPKq;nKHGQYLkGvc5k7u+Ho zW@58rkPXEo83SDfk8^xJ>}`9uk$ABgA$DFe?9KrQ+_B>@P97^Er_M-J9yn6Xq@~q| zQL^4y!eox_EGTO+sCy8^kV~+m{WVzX+cuT2m!00%^cN;Qofjq=-F{CzpnG8{ zIj(>?(iH7}7`TS9v!dHhzW3S;d|`>T-KX<{F~{j|q2}J63w)_2-G&+X#v!T$p9v?9 zI?}FWcpSsCW(Zrz3kvNW)G^u8=|D529*0of{N?t@)4F0vwWZ zxg_CX*v)GT?_vY*6p0T>ejk$j9G8|DmyS!cmejD794Aqd7!2wor169LL`GN@M_6_6 zzgRyn3_V9iz||c5wgOVnA)m&#z!0)hupd)oD{{M4OjS9z=Lt^pCbOWp6dvQB+-k*J zm|)~i<5qj-PQ3EB>E?;K74%k{KNve7suzrj`y!qcKtRPGSafC)xp9SZW&szclo7xp z4=4;vD2Mvp3J!(P=P)Q2XkE-bQK}44JgNdAulYBn(Mo#0o>_e2&q{Jx3+z#$BFBpl z1w*s~UomJ1iT+#=3IWhu?T+HX-4iLK*@G$KKri=T!Di6gp8gKY`K%P&)3f1#HvNxF z3XrFAq##dH=kCN}ZIM=5(jk<>wlJk-#6M@?PY*$FBK_WXyuqCMtM+|3l5j1Gd-YTO zgm*OgWk@@cZ?)}ZXqH|>vIc9o@A+^|(qQu2fe&3~<<#U;oGoC-ctUr>^PMi;OG!zb z+|$RXCMHyq<1^zk-Am>pkt% z+t&AeAQ*3}?^`{um)7Gn70S1&y)juiYUfB+eeYo&T+V#l#B94x4-2?#W=e6-A6wzv zwP^K|N0tIP9}OYd@9v1-6jdpaCpNRs1yxPPJ`0YoLK;{M%VygZaf3*0ulTv-R38=U zWs;Z~HqTeNJgKfUEoR%4qW&atx6G#1(J}HeZnvRvPTVpcCz-m}!|tsgYT)5oQ#_h= zxt-%@d*OC*yLseMZa0A?NFt+;7mwVW??3BoO;`+3zSWuCUa09sf3RIKJ66KgupV{| z6NG<06+_Fa7}9rbD#rM0P&YUJ9oQw2RiWLI z?>_14@Qh7ZG~{)#uKPAJWLEEveaaRP9DmeL)0p&nPPnx(sA8;RA+2kkY&5WHTflwh zW!CHd@`d|sA0ei42lWN>5R%A7EzyI^nEBal5nx)^v{AM)P6n2pg8lpKhhPs%%O31` zzxGOmw^w%5$TfBj?Vj>`=nQse@b;dKXtH6nAtQbQ?+gzs`Ldnl_>s>ZaZ zxcxDQKYR#lc1mtJbP~3AOmAs?Xnc29wy!Bec9x^5I(J8hGNQxWCg^|JavtsAXt=M~ zbNC#W_I5;Tyl>3~@p7c!WEX(=It1Nx?<2miQeoHBcRJ}MTbZ6YEzCCkBL4>DI4Pdxj9OQrd_g&ZPXuE&-tN|FCwJU6F2E zmOfY}?yiZuySuvw?(QxLWa94b?hXM2?(XjHnz$q+H0RdsQC-!2Z++=8VnqCa{l;GJ znrp84$U8sBzN+94@zAPz|(nINo=I3BUCbCT-%o|kMrY*V5 z<|fZ^q%UIb0XXFQtvspK_Y$q6MboUlFlYu>+h^=G?iF}EI$NCw`Jf4l^7I#$A@rxw z=Mw$&kw-v5i1&btQpu9csQ^eu=KH|{szvMs9m8on$zmhDxcMxk6c~gVE|kJChaUy+ z2Av$%gQmSWRU+y{;#^Yo(VOXVCL`xKy_y^B?V*j@qEST#f@IF>xHC@t{E7;_okjY} z%&h=*VTwLl)&>MVifTNaS)=ERY66gHWI~CgR42Qpxk&MdE%|Yjj|DJ8S<0FGIEK^N zP$r4_^h-p}(hP=PJ3`gWE8=KAF+;J1UGs;DXXS>(VwQ8WPd0wi3hl+DhgL3~1I=l2 z#F`4;^xPhymNb+G?MF@iit*l=YWLYIMw&=-oXn9W#*hrc&^RuQO6YuAd2s`Wcz#2X zh*^VdmvC?cv#7f&d+5b(St6+i+Ti+bBTBlt#24Wy7yP6U%Igag2(W|vF=~&riVbRy z^zsa9GZxI)0$6e978%#M?fzWfhFpU?P!06b5B0}8j-?L6WxX9@NisjMxcVJ=1z z$f$Vx`IezJvCP^ZFfLVDT^~z zR|7KahJv^l_+h)>_P{$Guo!0QER&#N;3-&iT95f)5@ovl6HLlVs_lmoMu_n>X7EMf zVxWP)$iv!jZA#8tyJ}j<2Y8wB2bul<9Jnpgpz}8{0Wthj#8`HQp6x=C0?@$a$;YF| zZQ7LMsE4%Ho3Xe0U*Yv9Z?B3q820&CdXLl zJvQ7+h%lpA@?7;@Hr1S)S(HdZ$au6Kk)?KgpfGuNSq^>EDBPQO z*wkoBFho`VRhlPgdwe@K8DCP#VA*EDi?mpkO?xJr@H?&k8`76UhSQpzsGeOG3LKqG zPJHPnUHIc0Vx;ub7*I{CrIm}9$ws}_o+t)c2R#&C6mf8V9(8js43Hw>kk~)G{JL() zC)3RHY_eRAU!X56U>1AsHjY!>lEUAb-=RIkc3_-2$|Qhbj2}n7FY|k_=f+-zP{GAD zuaQmVVX1Dfo47gXc$DOuJy#1bCZQ()G&zV3Qvw=-D_Ln134fhP`?L7{bCIS>O^HJVMcLJD;aj%Rn zzH$s7J@kn#_xi7Ce1Qsa46=-zC64kK3e`f@s%?#Xyhw;TcJnz8r>XB>Qu})eqUmSe zyl+mhFzc+n*Emyy;hntFLfW$U*z}d%CA=-Y9Vs(+`8O!QwCA?Z>c)-LJvj%OU?U&6 z1#6vDRW3JFDIdlVDHb)@tR*%qvnb;Y{DM&hx%9s@HubgY=@)^f68F2=F7%v> zKbjqMu*-?Co9w0^@T-}uJY^p{)&YU94~{!D*9V6N2bGqzZu8nrsnJS_JHAYW8&=@w z>*{a>5HqwH?75s9k5P7vSa9WfgTC}im`wq%7gwoH(D6&RFIlHJ<=TA6VPye&Zi@}@ z!?n4+klmg@WR)gbdZNKCH0&nLE zN9ZHyg=r%=mNdpS!LRfQASi;mSHVdpEIpl#<;W5xGO)vP^3MqbMH%IKX68Yoz zz7?5~`Y{7ET9PInJH&JpsZ?ZR8Rt}W&yH;ApuGdi(B(^bhwc>{hdi#sU^WJk-mxDB z#|uWE!e&ZC1e|1?vnH2@-SK+dVELtGQ&OlSQcUjIFsasj#~umDUvmonj4Vo~4Jtlw zV0ooUIi;L2d`O084PiYe$Xzw27mp;&dzV9=&%B|Itm3==o(?6z6vNH`z<)v*n~z!h zF;n^t)yikEMPjwFv_}%Y^ zWc|hPLH%AWECAo`-I|;6x+Q|0NO6a_YpBKY&p#^3tM)U=^5>*}<-ZV8{(B|)7r5d7 ztR!M)=2m~Rh8^scjGSG}oXI}tC7%XDb1RGgs31+6I*w@S*zXD%9P({KiCdQWDhI}y zGbKNRMQG+QVFy)UgA1toC^kdrr8%zbL7x4udN=C&*(j0(P=^|Bh70jHI7F^Kvp3?y zSOf;H_(ZPwLmw9mr{;+XJBEbroX1%oA6*}>A9uN%w3>n)&^w47XMu2LgdnJ-!T{oe zvYWazOp~ugju#_h0EN>8+{C%If{^cp88s2ior((wD?9fCVHNlZ!{o{N1(FJ*zj;C$ zmYSIvX?7oaDDz;!`>jKdEhXS=tke|-`+afj0@-@y&B)nFDl&=~O6vW{*@=g7_<*he zIT?8WeCeAwY=tmWwhEVZXvuVXL&OT0WK5O?MDDne9dDoo|S1aYWai+gcBGuVH6@0PlHUdiT5a(u|k#o((7rl*GF)cL-g?PpdzFa+W;I2 zJC00Zt$CPMC^&wQdJhSmd0IBFJj=-1kg2wyby<7pUDmX`J=#nJ$DBSs(Jy&2Y}`xR z-^pSk5l(ufcHg3Ci94rxZl@?FRT^3LmqQ7elU0A zK7KGa;~Ze5D+*?LhpEEym5s1+f`#Dj&Y9lThF_i&n8Dg#5`LznN(uPJ{^a**6VBx3 ze1chte5LLK@%Mf1KUu-ehWXNn}f-vZuN- z72cbev700m4p9$b2L361V|9g<1lk6MzM16lGRp2ZThjG{#DldumnYhN)L%l*GPqM@ zg$Zq{Q4~=er2_*4X=P(?-RvhzNF!uDxRiw|uT)?fO7z$WRryUyv9@@H1h~-&Cxva; zyi)mq88_2ZMv`*-HflW&2$FA@j*DJ}IoOYfO*0*~tBQ;|H%~!XaES>e;ZD>Yiyf-o zo&k{D7L6LbPc#lh-03_ST`AR_AFNG(riPqcz&vx7re?m%tfAS!W*+%tHC$3}Fvu_; zb!hVHh>hYUC?~Y*d?Ye|eT=5TQSlNwf?{gvF~8UeaSgf{DRSkejvmdB8=T9Op>9)N z$Nfbfj3ma*ZdHLysL>pC1(;p5VkJFG?oTLj&|upPOvPDqD3esmM=DWCSj$CbkLJ{J zXtpvWCdg!98oBp|eoujVFT~>6-?H00RV)773LXuH)H`LTeHE1EaOEmYt)a%n$z#Ua z^zFSf?48l_RKPn&Z<~_9(cAusN4YzgDK+2i?ZQs@)7tO_-c<&Z?W9DpdGgka+Ve}J zi0O|E!nafu=$lvcGhOJ0#_O-sMqB8ZOj$zmmawwe6Y<3i7bT^6b~T%6aOTH6wl3q* ztuYrHuaeWP_4iA+b*QSU0!~yKX)KE!WgjJFFRh zvLqPS2Rf24?oe4Iyb*EwG`!D`W@}4gBoOz*lIx7xTxc1wo>;7S<>x1sv95PumH*6r z*_{;ebV5hcMm94{zL#Q*28O+E*^?zi$!#}2PtIJUs}HBBBIeaXpV&O#M1zr~rC`P# zZaJuLin6V0L7KP1xTK;T=>)vQ7Z2>Ss8|v#)BXS^ zi^(>VX^%XS20d7&AQN$$V}#??P_zu5FypRk1FYFAxca@A<-888h5tF&&lkuR78=`Q;_iB#ZgBg^~av1kXYpONAU&dw&?ykJd~lI zQLd>9@m%PeK8s8}-)ECHu*95DroA>tD_P@$jr#H(RlRox>Y|Y2JgO~x<|sdf-9*5q zUVJkvx^0zbqonYNR8dY+@4WtmPuk>u(s{FtoYlIU^-O%ggju{3=((UcYf6gI2;(vm z(MHXA#zW{vE~xf46}JveBSp+8N_t)wype>^3Zsa3{Ny^~LuLi{qFs=iU;nV0=$k!Q z9I#)LA+Y#zOts>i)QG{+5kaR9<#o(u&u6p37kV769D;T7Ucmf_s?W?fn~BIz6#Dd! zOdF*q9=5-&GJT&d+ke_+{(F)A7Z|dCU1a}RTDATo(B_vZg#$Jrcpz9HY#B-;3v2{? zpp=M+yfnBeecs;qge;4x`PTE1yoj##xyWXVy+Al9*bN#!Ds+HZ8b26) zez5n0kfn~tH`9T3QhsXHMiL3WIJvZVPsO|vTB~&Jk&4A8&+ILNaLI!c?@76{5}{q# z)q0h@JYbcmzvj-HvPiqisF8A0`GF-2`Gt<1!+9XmJVqJKr_sj0LOL8pDY313@2o6E z4mJz022wv?23L-TyXZ313dL$Hqav3NC2~Q}Dl7Oz{T+>Ten|-iHzLI>i#=oJw^uff zwO<6J;GD{6we{@9qw3I?OV`=jrXo@11A2WhDEHB8a833AQO)vN@nww#+43}1VhIoR zLF`mYNe+eb`gF*S!%b-n$p%GxY*{(n56}eDV~uRFb%@jjVuR@bI;Qyr6NzpC5gC0b z%MKOXSc~fd-5v~>SEXZF8yC0|@st=QrXqWXNTB9yLe7yAiutOrnGj5AeC*%yL9 zn&`<(>d z+PJ#L^{g2$1vM)M1Eka|gMlSIQp=;^5AHH5mVy~h=|VXYZLPLo+|+YH=!;Gc!*+-; zTUeR6+o`+;Nlv_22?*qblY_$v7Y>(~IAbp!z8I%IClgi*|AOJrtDO-JCOSN4PTg8I zbm7!j(s}<3DUFtaQKec>h=*NMXg6t_XAnO}mWgqwYM8jtsVsya*8KGTeaL|Zr$1{+4ZxbRoc1u5!Z7NvN+#0+SUG3@J8z1nLswc* z07U46!#R62SgR*)LLGXM+P#U;PFDDWM39n&So7K!G}m$u-|@DG2YNd^udN~J+7=iK zrNLxS1lYjLR7}js-`c>Lm?=5u~3g;M&-K+9=gOMMw^$$h* z_8R%UL;S95rI4A`>X8$0OqjE!lfZ)tq&nE{h~<&9!=u3uzXs2o4ahj=ns?&##@N_j zcv2nFQ)zrE10g-JDuL1)9j@%PIKquft7u!smtM)hIt*})`^@7G&%Qz_gbm=G5VICh zmI3A>k(eJzZ`ieItPc_S#Q1Q_m9vTRy)PzMeZwqHme^^u4gdEP`#_lD;3KZ`#U!a!pyT{9I!K}`Xc+-C0ZuJ=>b_>!b-`9Mt zAmuc+_tx!69pR!OL3pAPC?tvIXX~m~OiUT6XguVq==Tj^5xr8cM^ZH3aOV;wyev8X zsphN)AS%#B7X5gDR6wv507yf)W`7&i*KBTt3WDmebn^D^R<~&Bv(3 zv6~D`?Z_JHN4SYQU5UiH{vufW!dUi9(nZF^Sn_a6Ru*UOCQ+r|uCTC|qL;;f5bh`l z*+sWJm2B;+?nm;B>yVYT-aBkfDz`9U8#VB7q*f)%xo$d@lw=nKvkF;M(#prW@v9w0vxRvCYBblfQX&u822RC8a1XLo* zKLOYwl9CotCbCV21qnWgdEj5=y$Hz76#UUv6S_z1MWe8+k;x#2s)bEbW_b)i5>og=i6p71)p3!dP3v)A(h}xVIE{|Pd%C- z(SIUKe!EyB3GfV3@o?#CzsE+YY_bHh_t{b8s zxJ_W8e}z&*fdaQsI8lqZhNi>*K~uY*K1wHY_(UJK#tUbula)oV0j+yvCv@v9_3+%u&9q#h12o2BuqZ%RzX{L0K69^SbaxZf)**6z zd1#dh?gtG!LsPgku4Kc*QNIk)^oPtl`i^TI zVf2U1nnM{%uxg5b>F-5}oFWZtHazJ0Oh0ae`49=#`8)k3I1pRbid1Wix!hVl7)WI? z9!TWk!;lmRD9E##5}r6Vp=KO|c{{Lso(v+|MA1B>nn-78`Pi3Fg2prx%Rr8fK2 zvbvR{(~9*AvyS&*y3^{yF=c%DX=?{XG&CpCa{Ae>%dT3V?qIVLRmTbC7m>|Nm%k>m zSA_E!FpiXQ|M+nt<-$w*8t#nYA_dqs-n>DA-T~Gfpc%v!CIi(%)Mxv`h@DHaebroe zoO-WI;jK`DsbanH0rs^T?OXB(Cj7n56R0V#H=w<->Ql^fmPDQoH1h$ z3Y8G0z3t11bV1{(QtnWQ$1J^O%-j1&=IHJ}Trd!P`y6zG-)_9g>%A~|9NGE35RC7~ znff%G-fM60yg4S89Bz2mhi|In_nIw&HxqK)R;#z?e?ht1_+RcX+Xl7bTh&?=6FANs z3-`|LiD!8d)Of&S>}0a3<;L;lUk;)%@I{wcKOyrSz&*jOFopayk0Q?FZog5(Rs7YD z^;fGJz56c{wceEULrBR3liME_Q8C<6Hwr;B+0hTlX`|ccFYctn4tr6TRDF{JbM#R! zI##3W*moX|TiH=(?V#U;HQlkOSL6-uQDHG%RfoSDW@keMcVe3lf7{w%Ue_*%t5{{D zQiXzwhlkMPo0WT=L#QA{)#x&g?NSsyZ%XMlQ&*NKBL%}PI501IH3^4R+b`}Nxy+|a z?giJKp0VB*hrZg_yiHDhWq8YW_lU9DWb{_8{|Tf^oPvV!fW0BsvqNkxNONv~ZgEd{9d2>3=~$wuO= zT4kq~z+PqFaC#-7Y-7Wivh^$V6v^^c-L7*nT|uyk^$)@yYK3)+RAg{S30{aym#w>; zC*P?%{i&DpT!SAFbwt}xyQ0yM-BH>LFs^AD8uf4~Iny~U3t8@~Kn5CxTn^%~qDY)e(XtF-)<&;XhO0+TC&H-ba_;_zf zB}QT@6Btu}OieBNvQsB{X~itfp$K=FLgzZmY4JKTyRznNmc=Muoy4|0eH9GRV&|s` zkv_M2ISGgq7s;W~i3@{nYz_~d!l>k{W-|`3!-dnPzcl7IZ*uZ$JR53TAnV*@h7pYs zmSmtu0ihOj(N#JB&cl1

z3}u&Y*x`nxxVy3%6jV@`YH8VhQDga)29(0vJ)@hr!N-ZeF6fa_92+51yq7C#3OMhr z&dg?UH)`oov7vz~aTd>Wxv@+li`Vi>nZSye%F_bQWu%&ZH@gtUJC)7mqN}R`Pct%a zv_C6-J~uPveUv?kn+=DM>!FEQBcJ?s(>dBj=&!`CS|dU7GY~wp4PSB`V`I+Ved1_t zG~<$%V{laNuE}mWkSmA~rjzBf zx^!bekRJJa1nyz{^bR?Ug;__GCL{;rk=q(hW-UklddwxpX8N}&;bbNX(r9=z6MtKi z*GBfzZZ7kaQ?dsQO@Hp-VO2$^S!bPW8r5p~KS^`XbQnW0Vjmq``&dI{6Me(TUiz@+vF6$R`!^qD~ zY5~!X?c`zu{V3$L>mkkOX$$0G_N2uB~ z5Y2D6qOX?LcalU#e=J9SAWd%#AGNRG-nv+wLjd1`);K=wGIZp>U9Kp6t(`YS7xweW zM{Ga!L?XT{mH?mhVYCegPiIXWw>TY99>XDI>gup=)*@@=C>=O?FkW=}Aucc{D1 z)`?z>wPWHwvd_m{l7Wa&-*?oQTO^S__g?u9?N)zEjCITAn6t#$loj8L6SNzma@1F_ zdfpY6ui-;AEBvl^O0?R>NbyzvrL#i4b27r!phLo}ge0VHle|fy+Yf&N`X3@*LHWwD zn5O~~Yu2JoNX#_X{26<|H|vdT)`F+J?LeIF!{9!%ia>t|Z{iyYU4JqTWIxE^nFw@< z_36eOGEGr@1QT>p>|tuaCtx~jb3iM$6Oqs^i+6kYt3DUy_=WtQsLw$?XLv04?d&vy zPk`cSXRgyr6ifH834}Fap?qI!+we&W)6Z$@s{If~?1jI&`j(5cR!`C)&hQ|R4F5#& zw{W9uX`OWxb9HZfT0LF<_vOO{_HPFp-2Y?o@cfLNcKLg*;o#z`P&)3!c=zTV0cvO*055>3*PKF3MW7#iYYm| z2YJuGQaSY(nzVI2cjsuAZ{>YpQeU%hMBg1}BeN1$ySKNt1&-eyrfa*w0E3*LR2dCq zWhWS4_#2Dg9&H-))ev^2w^4Y6q6SkyIfrQCEV<;bGqGS$${5UL@UqP=d8clho@4C$ zWfkhUHAhPXi5ts!S4Z)~^vl3%z4Zrog7uvm8(#PbBOOA)f)zL@l%A(Dp5MejjCiM; zgsKnEA2O^?2*p>f#kHVPam;xdZa;2;(fvJi-?_!uL)bQ)LBL_WO!ZxU)z z#!;U#&eaXX`~!Y^+kL~7v`mae=W5w$O(q7;mNIjU4Lq}Co1=y50(&N%D+kN^VGa$g zXDab*bSY8dg8lC>V_Z)34YeD>EeDg*lkgm6v$ypS{lYPc??rO_C_a-F&wok70#FFB zPt|{*TbZIyl!Jo3Lh=#I;88?9rpsv;=_8E5;b;WVqm}ip*tx@vU|KNfDnWtm@OKWw z0`f6C@#h*}QM++EYk1>x+<1#eH@)Ci<>Tt}4gUB28;DX>?oB+GMw3^lg8pJ%0A^=tBiW zM(3-tIOV+pO`X&Phwq50X3Tk8D58SOB$e@4pLiJ4KXf)-GL*)VHAt$p>D%Mb@K5g_ zj#-Kniw5xrl-{SmgY0d(_3$7~(yWD>rYZ-7DXZ#;V`d$fnTur$vtiqizNMP>P}9F?uNbj9r4ed>5_|fg=YEcTx)mZlm#@kPf@PGH6w}S9ntC65QcY<<52nkn1oZI0kyuj6WT=TVUd4%_VnX|CuQ7=a)&r$B~p z-bRi{v?H_KaiGYPQ<(6tpL9354nAPbY^nrr;UAUXSarF@tHZ!Y>0R`z`HJ6PMohBZ zLlF3&vzARg8x$}~e#(7mllda*88lra5Cl#*KUTLH^_Wpb3Or`{VR)TJ7;+C2 z;@1N>@_^6TgH11CZBcN1kd%uX9AK6}T|QP|a*G0F*ivj6O6-M6;V(nOIO2%{N<7XH zAMP12$+>A!buuo7M$Nyrqng!(vn-3H!zuX@y7snglfD*AptX4=1Mg|(XlPa_qr)(; zMvhr1r6#jQ;6$0w?Tsvxm8zRuskSBv9FAgSO)Xk|rNhY#M&6T8B^mu@+H0v}>eA)9 zhbD5d<>zb2YI2R4A-mZ{ZYsj}8zwSK^K~iTkhDE>;Oo$f>G4Y0490>Clu>iHD0{m9 zzNAV(CS(HtSN_X?7lwuZr%OuH>hC0&zZo(TMkcNf&R+kI%c}FAGO+_oda9g0bPzc_ z>eA1|^dMp71;`oX0I@{mL}bWHuJn!|eS6VY+wVZLattK`=Hf5XTvHdyo6avM0;{}Y!5fN#yCVGLfR66BGd`Lue<_r`{a9vzXDCD>lr)g2t z)Ko)W$l@lx6If9t*~r5yJVqIP_l1S4#{8Z|5UPXvtmrhMD#^dyzO)&m7<`|>u5uTU zajHPX8bgF;X9fvY8&{JrP`@z4AdKzrQk`QT(UF{?dsGn1no(JV^qsX-Up3^0YIku}i!g}AJ1L2bQh<>rtTxK&D=-Pfjdt@0B`rzi z^{vlK2U9|by7n5LF6YMQP&IQh6qrh6Q<+S2N6@IF$6|-|ayvR7tV)a6L;_SkYq7RGH}ZrG>0o;oq&|G6tQG8b**C4H?)Jl5JUrH9AEXQ)ro_L z%FeKlhw1sQu5yJOmwu*g7AiINA0==^oIj|R&u6<&ZA$p&Si zPC-(N=D^D;xPP0mlj)3+c=1x1RpdrB*6LQg;ERpZ>}}i8nmSx+Q&ok%on4I%sH#Z= zzf5P?+fnNmE;27HE35a}w?FJm@j32%edO)IOY)l`mMy}=7zNtGDm6oAA=+B2Mf);Z z)N(ZoY|9$MgPq#L>?HO^0|2ZoLo)IyQS{|A5aKfJ0S7yyU4@;!ncRf51Ah#?jyl6_ z@Om_lJ*xc+yDXlLc4q1#kiiZUMxbCH(?`vS1gsDZmk0ov0`^<6w;R^A#qfF*R{^A6+A06EZ7=u!9@f-a1+DUQaeiwtti7 zsuwdjn9{GS&vVbK3x$OQ?8k4Fc-md>6m*imoLZ5dY*s4v!T8FU$R{T%qrW9eE$Hk= zW{iWvBGu7>i2(tFmx9sl-<|!qP3=tE4UaWU)?m*#7=zp_j}yT;sJM zTEk_qazJLaUUC@gTD*X$p=21uLJ`kckD3cYO4g1g-!%+HL4nj?xIyizQu<`(j5eZc zD@dHc^DUi$>G%2}e0BAKGBER&tw-=b>KZA*?3a52Q$X3T4NvaMX^4iy?TSYYJ5bZ6 z^|^II-d?z&_g_(PXrD36eY*7P1`5@f{8}Ub*%9;W?3u8OaY%tgh<6btk?8C>o@tak zQS7i2O>p)`^^FeEkU~(y(rq!@2lDVFcYL-R*`jKEWBYhda}KM+>actN93tf8LNmpz zt#FLGJD%!$BsPfUa~1t1J7#+y3BCDs&OvZD?ZIM@JqMIHd$2g2suice|7*QZGt5_gVP`*Ze{P=A|gNHn9i> z%PmMSz3Zc0rlMpEgORz6BYG{ZUr|Z+@j4mZ0fumjE4p0~EIV?>&;H|s-ucl{FWUbs z7F)ooVL|4LcjW0^t(g$z%;?#P>766~mGcE2QS4X@(1VH&`%8Q8vOvQqD#NkQP9*Hj z*#%NCoPs`?5`!Q?-b`+S=81Nsf`sS*$!dL23D$1STHQS_k%R4KEqf#gfEq)m12fS!hf2Z+P{fb11x^4t8COrnC$1_5>)^ zE3;F2R2cBl0OaHuMLXd%I91Wy9&-G*F*($UN+Pwo5RX(|L}W~*ibpna7K=bMz5%(# z>yKg`uu4}F9J(ki&N!nV+hb~b2d|}M3cRa2K8%DM+l9XO*sckM9Ui%(~LgYQQM|&g3@8Am?y@A!=1TX?5N&2jwA7w6R)teQ(@6tf#gS%Gywm zG&miv+)O?NNdmKwhaJg;)08H>d%WY*r(qH9{sk!;o-)}dmDk*m?LG2|iVv#yHHF{Q z6*`pur%gD-T?eY0?Fdbd$e@p9Y-JureCiNJNcsw`A&aUag%tCD(p0E-wGz1F%h#E)>5SEiC+-q znqw>dyC~6{K^Op;=uD-6$Q=<@ni-Kqx|&o9PpGAt%Jui~HLQFp?jq!$C=7E00V2IMrk} zJ&BXay7b6}s1Y^E-8rZ5wijomVE1+Do;XXqG)&`&$K?}A7$|ARlaiJLNT;mDORSB# z9rLl+@{>y}e1!9DSx-N9;&~KpeCSEJbXAg?8%Wnp4n7Pw`5lUfCOQn3)e1r6ek2gg ztUzzyftU3H)JCGX>Nz^-n}khnTQ4798@8WN<_}fe&H)}Hr1fo&hb_~5SvZ6*aZl=t zb#|SJY`0up1fhdX)d)}VJ+??cRQeSJ9oizJTgsp!IC}1^=4%)h%_(l3TE&L)P`YZLvF>Xz1Ug6qug`D`9fahf1@D+p*^nsEUn95SEU zNqd_aIAZS`DQ(qAV%R-c!`5?3`!MaE)sBvzcRt5l zI(z-`A1uQXyyEtmNz~hlI5ryF%WpS2aBFgkXg9UyeiZtrPN|W z%X7){a9d2_Dt$m{bhhm`QHus1V~>bC~g~x1u&^IDPuA zV#&8%M(3C`Fi$Ex{!V0*qhmC{&D5Dd^(^yNJLL%u&s`I2J) zslM0{{X6+y{@*q?|G@h?*xH(zY8csCnf@b~5@2WhcdPTCmQxioBhydI=|6)itCRFT zqhruRwyEji+>%uU-h`l>k2r^g?iYw6g*1J99QkkJy2>pDBrQ=|BA+X z|LaH6%|yyibcUpRV+-?b?$?PdkLiEL`-Kd5O683U&56No!q@sN)_EqbH#7S++ZW7B`}&g z&3;Tf5zjC(%xvf0UF{;xVn=z7Z-DBz?NEW!)AW(`xnBG}{+L`>t6*gi@bxALHEk~a!X8td2^1sB!qQj#Z)1cL~q2w|G2TZlivmMFr4 zJ#=c>b2&DZ>bWNSQL_Mh$X2sc;cr7B;h3HO!PUxAy*xvUcVI@QaR%T2;+*eH696x> zQxdKm6%Rpkiyd-nF^B`2WFkEGuOlVzk6o%rSf4AlvalM)l+T_jsMZNld_lw*dZ{XB zA(JIzzE>}zOew6+P;&5^Bq!IovAfb}P5AvsN$xDboXW#|xiy_TWXo;!+7p|)uQV1O z7G6#zoCwc{t)I!W??uBO)$#!dco`=8gj(e4elzvv=Qt}~XjS}>G*``#tV!6fA&R4S z5CiS&Z2#TZQF^#5$EuV2Rfv+xa7!CmsS|Q)S4ylbL64_{bDJ8xMjTxR=;Bp$aKWQKS}OxC#)1&}Mw@jBsEgItIhoC%$r zsJ)z6Ctml{hLxGTYxebEx3qEYS2Dm-Q7x7q3+vY7ji`$TD0lsXIETZlFP!9t5PXyF zV~<6W3|Ah>#HtmM+@W2i($rtlR>(1kWdFQBoGpju;u%0U#SlRob=hR$N7ufhDu5i4 zwa$KvxB(V{@3KpC#o>@w@5kI*C>g_k_^_+2#lM!&)V5Q82&eHRq&@n|;pn5f=N|S2 zE&02k@}!uc`-U}1Qubi7Y@+;}8Dh(bVAWQinX6K#vUCr`L|@CvStT zw{4qR2te$|v+_?796~7ZYZ-upb|*2f{i%dQZ1E7Vzr>Acp}IVT;7qwc#tI?ii}CEt z7QmI2x5b*jEuXi|3TSOD)=1{*fI;wp+MLYU*-pia5}TQVHkP_rxgNs~(41vP5RgmU z)l`BH773POuL*etDtYEnE@aou-d7bQUdUpbo%Hl_IzOSOKen> zj!OqxVFiA&z_8j)j;6L;S%Wam#}jpCcl&){;6Nar;F1i>3WP?^ z1QgMLvBHJo!l;=&FiK^4koFzAb(3>PU(!lkw$Ah+U>g{sOl85CmksWio{j;gM1(+pf z>EVDvSefbxOY7qtl0;~7Q1D8-Ce|T{pn8i3@x=% zkOSm~u~jKET>fkUyImRPMOu|cn6wQ-m=!e`0!EaW!#f$Q~}5~TqQ8^U*>?=4M^eRJ8p zGbN6I#!Gm3a{_YXtA=~OHlJEdqeCfPOLK8|CQ)k|$|$&p?9H#hI#tSjg*MCP_E|?z zLaQ6mm5L*$+Lu6k=&uTv_80RbMliG`D(Q1cXwaK8==VQ`iSaAm3^bp_0n)H`1ozqlZ2w_2yJTf@SQ0l$k=$&FB$DjT|9F{EhZpH zN|l81QYBk}2$6NC5~q*k7d*`~)fI7h21>oda<;(GyQy?~>!AtiRhz)o)=`- zTITbX27OM6 z+lTVe6XMQBDjp4131Efo@^@gl5F0so?pv89`_45|<>LE(edb7IJj5c2{iJkH4^_K^ zAFOp1uiQwn5QlJ>SlhK$AwF*FBzt&Iu{ooST5msTjb$bzk~a!pIg7YBH|Wtezkh$K z*8Yd5*x9?3N(-SpV36nS9chs-mow@h7enpRgBb$A7CGX-uaAhfU zRc5n?aa!>#!OwNZJDV-lN%Nfs3hR`72}*t;uh9uYqhu?45)5@A&}9(5*wy|iy1m+>WR^^=}MSSD8;jU7c|QP?^(rZ#?@`kV}x7h@!CGQ=*75 z1w}5{^V6ir@HwL2!nu2UI#B39K~|*CGcY4Ls@Lc_!?%q!1!TFA-|kkWd#kH>^weCx zI@r9{;d|UhG!XUUXD6xzp>)84s+XB$u(!>>L&0tflf#-moBDi3-PU=2is{L|LURa- z01*_`f259e`YdBDX?8{A1!*g$Q--ViH%V`>1d%BIp+;Zy27UFaw%A4X>Fp!q_@b$S zXmY+*uwy&5$<=Yr4Qh@YD^q1^$7A{1*8B!6R~op$i(~ znP&$IUPm<9Gcy5}V?0+lZR4VMhyO2?SW91|?a~AAEuf#!E4s=W-&-6me-b-F>No3@ zJX0RNRIkY`xkCZR2&=Kc20%9UpQV0CpDN(#2 zd_}1+t0Pa^rg z;j@HpsA8Cst~z%fH?cgwg@cU5Trm{6yV-MRzf*Z)i zE=3uaCDL}WMb(nsu-~X_B)#yxyJ`eqyZxfl-+5-zuXsqoh~7EWZk6jw%0{D09Pg0M z!Vu`jLW+A#v`V}X`Z;Z3nP$=Y>-glDQu>v;sxR{3jGSj{+_G1z#v3Y-Yq*J2H+z5- ze%FNTkF>;z>iygC>1jaw5;`r;)l^aIo$4ba4iQw6A9{CRZTSz3t3ijATc!TZXL`v< zDi>nEVW}IHTl_b|A9;mJ@1>(SnFWT9;6R0L3tn1ULXH}+vw!t(s+Jy9TL(1-3#Bp z&#;$qab{s>`n%ixe@yg}HMd>RmNDLIfREa@s6xmAdJu?$QGP3^E9_s^xmLaegwyM; zrx|91Bm+6XwJI-U3@tN((!W`)G8NX-*X&A>e6L+gkeF1z1*HSMU|4;x?u&g-;68*X z882OBy4%~KwNSeWuk|*+Uwtm>PkCH*z8(I^^?}`C^1}^6^23M-`N9Tk3o0{MLgVJ| zj^j#hvn+}Pj}Bb*Y33r^L6S6wuoMvzR}y7q^Z!%Q6gLCs{W~CDigA)sg`C$2tBS5A z7g&9@j znLdY&CyEYa24>Wrr9z9Hzx?jVb0Io+B80H5cw~eIf`Le;kcYa$Tuh~y_S%sgzX{-~ z%jx*ll{u5tUZ}=X05OPGR}RaJ4uW05#){2^*S*Yg`I^NYb|9D07d~2fjE&67mWZ=D zy%I|F8-9%w8z&aG=KrGXotr!Hwsqgwwr$%<$F^-d9lK*Eo#Y$awr!go+qQB0xAxiR zp0%s)s&lL6AM*u_nseY8&u2n$$UfkSX1!30&p!Ds%|ynkfT)W-FG$!}I}nOApQM~P zbeg^0`L>jIzbb*j`QDfuTq6lIzKv*4vUH`y=tnzs%A3~AQ4u#jWii}3otBl!WLmti zEkoAo5pfi_^%yIA&*P(as=WmUex zPSVKpn&en@)rklk_YniG>H{&{IL8mVSyaERtH?=?0>m0iu0SJeu^H3yTk!UN1^Dkg z=3CWhnBZ~_rUdiooz&2Mk0c9lc2CavS$8e-36SFP+PYi+#{G^2~bP6jnE z_IS1unNwJlw^C+C1!MF44SAvR+vw0gPU=J_)|+bgTRi+KVau6dTqU~|9zjipP%2B2 z0=hM?*;0~#(9rER3DwHud@xMM6RC3M->;^JZf z@XtP%M=z*~;!|*8kNc~g@pSaXa5lsA4wf6T=WSY>~h02}3i!8m%7d{?jJby(r z#Ta+#^yMT=+zh98?+?kP@Kzk#Ao$>fKJc{aEQ|Mc3`ZF|vmY3`gcF??M|r)?2kYNV z9%NmRt$3!??j`{ieDkz@6;XfM(KWa&odZK8B>@+m#^84}9)JjBqMwZ}oRt@J1XU%L}HSo33>sM&GZKZ$qS(SXpT9{d{ z6BH!0f*tJVO9@~*K}Ruhza8j}wiGG|>}19>io^nc?I)suINaL&z7I5E^1>x4-w5^^ zsB3z82G0k|QhXtU%7x|dx2k53q;f)Qoop$OdH`1{@^xo(Lp>M9HEF3mHR)tSj`>19 z=RyC*w^g}0g;6y_kIacxM^3%rgSmpg@2iXIE<8pEI~169o3P26^u`inv_qIb1LA(X zb#)pwLOaZUwCqEti+87d)*WK^i;oyl_Vdl+MtTXw46yl@)9#u|^P@tn)#+}|P_@v_xPjbFy!sA9re4ig#h`Z z?|smfs+%ZAoMF?#)9Y%N5N~lnNh@W=;zVb7+VW!Nq$7f$%?~qddYolzxECMpwKh^s zJBH3AT%2^QT5%g6?=b-PEeYe$`69Ntww7NnXLk@rzdX(`yzoThK)3W7Lw>8T5cIdM zn25i~AO1#O8SlMHcAZ=g^rPB8HGnBWp&urXKYF{Nba$tHT#&2 z+UAk|Gi2NS882YRx0ENXBU%0?A>Y$cH#ws`uDn7s1*(tkH+n4Tg?l{`dbERl*FLWi zAE6E9zqbu;eZP{@yA7%zd~4?GyS?Wg3?3qgw?Sb#`jAWG-Y!&LP4~G-*S=#mzlj08 zh&Lh%Kiyw-A}yqo{lK9$pz!Tq-TBHs>dxzC<}hNE${HqCTrh7Nl*V1JIJ$?0;`A70 zmh2Arg4kaTnn9Z9?)@lo!-O7K<0V!?6J?J`sTGnyGihWztz!V6?_#(mKd2z<_rT}R zA?5|WV!1#O%2*ZltW_O1#|j`G^6HB~AG!jzT4u*M+Sfu5$6k-o`Mf9ob^hGJStcBZ zy~K~)>&01wO{lcpl9^-L10tGuV%}s>bSQ=lZXe#*6JK#J`W$GXTmjJk991Oc9h(Fn zze(2lLuaV|In|&86<@>8>42?096%l}pJhM}*Aw9<;Xj=ojWarH03;Al9n$~#@lW{v zyEza2f9&+g{goLSS(rI9IR12SH2djdW#*iv+Gn33h}QW|o1G~`(#CaGr-rZ?ik2h{ z)@mhh2@k7}?sj^mY^?VA+^t8{yiuBDO-MH|-I?YIsu5K&guX**3Vs-woC|&e3f@8r z{#BSi4;qi=Gk2e0Nx`MtQRWZ&k|K?i8S6ouhwf30q$|^W&8}}LE>F}{*jS`X3#lwk z?~i8DHyjknjw&>^2qg*+x&X;Hga#+<7X;HLsl~#Y#n#KEZ&{U$Ok*WyI_43x&{1Ie zC=`Unm2}q21Ic1S`DnpyZ7LuqJ|Z!v5IWtd5MQ|i%Ywb{kfqZ)3`%Oty=k!3+47Q% z7XS<2m0toam;<|JwHUp&R&5lFiR#Dl$}$pA5+QcME(BEPCa8K`^6SLY46>@j{rr&$ z4xug*pZNUo;wQdwx6)ac&=RZh2yQvr(PNhdit`p>fD2VQkvCxNcVFe4{lpUxI~)-{WVOX6TmeXq=4%rUCO zIuYz1)c5O-xB}^u3X+|MATv9jL=LZ2Wv;%tanWI!b_1MBMv7foEJmd95?f;CLj zix4?y)oH118Vjv@Y2#piqwKn08S+P%*a%tsN|Ano!^isuqA=r#__1GSRP*cc1HqLc z>05DQOet0Z4x0cTdWAQ)fJ8Il4+sCWUl*I9R7=Rdjtr?mR3otNNHEIA*)8-R7?px4I2C z8}3fivX`jAYa|#6D00Wu+S>Qoc{6KTV90Jm@b~`r;CLO;*NFM-cDHFCw9Ig#yIX1o zXe$ln4h#cKLcw(%kIn9sdGPip{Xf$6J|O;yeh$3s)Plb~PV@iR0e*Z;%p|jfs6w<9Mw7|CJ2I(IgtUaYIOWQCOq&$I*U41gFCwZAtD^Ps_Gf!223Ov2+s%~O; zPpHJ!%)WJu;v0kk@}TFBWD`!)b^Uu$otJbYGBmq3Ms>E+Qi=2fIhS|~WtR}*Lk_qT zHP~yD^gipKj|KtT$7K-$jW@_Ja4GAZUv_H{3t=zj};WzM4khbI#e;%g+xk=F5(w+tZFkD!$21%3i!8>NH`PPti z{Cq;{?wqZnjMv?=hifcPV8~1xK1s5JDh{*5$AiX^Q<7a5$6+ zEF%Nr0}_FVq)mB81wfKxn7St48(Pi~F2k;~5AtLykOI<*J)^f>=Ui8~H$ zsUd%J<&KP(1+;ZgHoffvox&4Z!Zv5=F0bq-=syob7FTRR+h1l##lOK`|L63J>HpWm z@LyAoq<^6a(Y``4Fp^2Mfxl_A^R#JL_L8Jvm6${mn&KA?y}0$vC(hhjrY}eYk~ulz z2O)3rqAi-irBo7lFj<|aGp~;)P5r)KUtxPO^jA^^hlM%9q-2?G#mc8#HC~O@Rq{!D z#LrkAq>!zzpgCg~IsMk4J+fk5G+OVfpyEKvaHLvr%TkTXkHY*qr+!n{;LDq&b5x1y z)M962TMOlyjBTpKsrcm%x}$uGdqJE^?0V-ls&bhBu44|f!8memjm3pas=y9~XGR0q zzVjqohixD>u;Kx-6!t`K1d-a2aTCf}_3sOyDvH-L;M9?t)`MGWM{D^H{=^8+I8aJs zZM5BoZl6N@L@No=fh!_LP>AGGO5pX)>hiNR0d}86-7?c`-B`6JYLuTs$1>;7Gx_mA zLT>^)0cWG}`&wz!ug9Kpzj3pj}fVnd68?Pb*Lmm4CX)iFYM}DtVn$eox{s6!hWKfMWS#)#Bm{-lr@p zMepQxVVf*+NzxpT)@gvRLfjwAZ0W>_(%H;&%pK}wtD-n}U;*sKB^u9jIMyiwbAKX@ zvE!NA*-6GnM_%~rqTSE?n?CHwDQUl=FqENhwiHRwvN?1#MUpO-au3fj5xX7Ypcu5F z+stLUzxK{jyu6!5`;7ktDP0q5l*HfPE8*WzA^$T-|MSYB%D=dr|1@o69sZ&;|9e~H zFDAr8^{~yaXLZ{2ClL~qlOPk6q&i9NFX;SVba_&WC_=r~l!=L^rYxuy6v&NL&8Q(AWIy&Vb=sJqfV1WE4O*=d9j@3`Mj?MGSJv;9u>Fw_y7V^zf!2Cy6WlCPaCVHiknp>5+kCU*j2h3D`*M!vo%@jHVDeA z2!GDjU%A+=z99vUvLY$39l#Fjp`S*mj*#;C+D)jbvyt8;Cs%PYi8JZXxLO$Bo-M_@ zNF*jf_lfEgTw+@o^TB|dYmjBxUrCa8tn*`k|%d;s3OMw`$Y!aZ3Qm}iZ zM=(*q!b$k|t(I742P}Z!hpvo1+SNT>0ra)HHeSt|5N@mlig)2a$tjBWWrcPf8Rsh9 zXd8@ehNTOs#hEG^ySL>g_SxE+EB#9M8|zr*Ci}I{C6YC@ zV#@V4aY!O0JCe%JFCuZNFlA4kzvoqH>Z=5j&1c7dr^L}rGAr8c*-oNQam2`KHz9CFKx8F2QpwY15B>@Opb6vOtaSk!GfE-FDc_NkC0SVSzkLcCfg~O zXItb$GzB8X>EXnQ&7YO777ZYdyLv!1ICV#mxBl9d)5;nnkSWX7Uq3qG%WL$j6>ewX z)3i3mPG-HeGC8lm61Ca*iSM||tK#3bU>*{Yq)Cpo!16NNzdMnX?Mkss#XnM(3%8M{ ztKpCj923YVua76C1wEdoq3u?_Mw{8XGDxmT38f5>_daZ|H)=u}!~spIe+!cho{fg5 zU>FeB$$+3;h&NqfoJ1a(Dp1!Pw~ktPvDN``U5}oC?_3{5Z&h|&lZ1uNsS{QB8AZ;; zC{b=V9q-$Q*Nu&gNUgr-)KBb-;--NR|c(8db^#IV~Sq?N=MxWZeRg_bhmua*3Fl zs;dr}^yr%UW~%L3tQ#CeIJ!=OdWzTR2%4#^3$4j8*Knns3IUsAOsx-m3)Je zz>4{vwyp#r_qq#kjcoCvxzMSj?p7l;CrKybHK$`&1ny0M?ZUZ))R8MuLUX*8`st|E zTpT9xgJFkt9w$sc=$xr1OEt=Gb=J<;R_qq6)}_I)8>2OWQto;RTU%|MxHuBi#JepC z*^SsZ6hw&jKDRu>;qc8e1B0S5e2OboYq0PxK9#1BONc8BSv(w|4jUg`*O&~anuzz> zAR?p*P3jDQEDgSgU>57N2tjWUgn-qaibwc3fJUQ3-6R8QM_m~H@NM*YQvF;POYcy*#%7+OYfZ$+ttUa@&UT*=q zG*CTP>&)~b1?>`Ql=gWgN7M^$lduPf0*=S{An=27lTl%AL!zACdDAom)0r!^KZ`{; ztxSOuZB{HY2AGYsbFcAtAYKyR9!UsHnC!!DZ45I_S?Jq#Sq@Qlvv-||mOyOz)7Owt z+rqUn=nTyCNs4hnP|O$uO={%U}roCo+b=_aKRDWAxnOIZE!69SD3s1L@R8~BFxp)1mUAP&~3t(Cl zCG7zzc(Oi5clOTUB{{$$;{~BR<5G-UHa8v*iH;FpsYa=9(+)npf^8oi^)FMzRS=?EHu7`q%OLahyts^z$FN&Hzp;Wf}FTK|x6uQ(+L&@x1b2hhhH7T=i$KrHG zp)t-O0Q0AwVUe5+*dr;@cHhO&Q*W*_AnnZiSL2!w^>3%pXwD)<3Mlm+l|av3EVm96 zwu8x>L;>eot}5?%>O|GbJCjoim~b8JpRC++{h_iPW|3#Bu-_uDlbf1eRx&(^do<+E z<|vlT2pClPIb=dw%cLY?iW) zU({Y6vu@UGI@0jetVOzWDXWxiGu?8h5+XFK4{vIkf3ijgdFWe2FzWLS5TrtGmakG8 zBudL4Lnle0@rH=i%Qxp!VA5!hQ-4;&JgjJH$JI!drl~K@UbCAbGfGot0mB$-+tD|2 z6KheikK=|xOVzIc?#-YtNq5gj0L0Z?4ldESPKCBAiVUVT6Maqd#99;+@NJ_2^m-N< zbO=`Bq1Q`VtF9!=8JFlAihTJ9Z9D0#N~33c4S=s(tg9=xgYHP-769TgvPzJfbpa3| z+QQbrHwv*{lpQS2z;TE&WbQ+Ij-!E=fY4Qm_s4d;s9btv*6B%33c2C8?e7V=Rm*XT z)yboT3}J*^yhs5ahx#+jW^-=IrIShzsPp`|bmPkiD8|mSZ0484t-W0%E#->Hchzk+ zKvfBBGNlgv;}=tMElvloPNk}|=>4YfQo!ChX<6#qCEObeKJ%J7dt+kE6HQXNXF*yO zh=SMF4km5v-9--IRAHqid>Fn<$jLj(i=B)4j}5+l1jPB+yrWANx9BXCJ#N8$0r7lM z3wD3TTQDA`R>@F}ownL>HyI7X)Ms%DMAPiNWNeEkaPmES`kv?pvxDm4#Ea3Z5OWp- z=gcEVC~N|mqX;Jhfj;`UqJgjhs}HuEf@qgEUUNg67USbxMzE)ovmAmFrO>D?x0&|% zpi$!CS$Mk9WA1R6evU+V8W~!d1|xiAsJ$bd=KWJU;v(Der;Aev>Evi(b6GF!xP*t+ z?|t~hfyps^-ZB}5EWu3A0(FON#ZDFtc zAI%HbxtT`z>7YVOo3_n((H#f=OT40qX=hHK#?(me;l8&_?Dfdi{ua}dZy)U{`P9seK$tg@DP>=6DaiA(H)dw+1WDs|kkL4VoUq=c$Ucm<8PodfLL zM4l&a)P{+)2LGdyDoL8P-J8rkyyf*V%xOI!uj*f28Q_G@R0!w~#elqQGTzkMr1-Q_ z%$YKRdcu-U1rT}(!OVbGbX~j{-tTSZMZkr;SXC19(j*1EO@%W6sCmL{%v8MYn*mp9 z9vqk(FM;%~k$5Kcr5(?V@1%4HsY{+IBd000%h^KE8>J#GoT$pJ# zDidf`z(_8-8pWKY%QiYOf(FK<)s+|YhI-WS#tLh3dVRYCF2-=2D6us)lcZTR62%me z1HN&cLfg70{nZYnKMods2g41uTEp2DmP5?%1B}?NNaB-j%1G)QVQm!Jc&GVjKQP0t zo$8a_FFVbz?e`lbu6M%&$pkSscf%bBb(|Ig_WA^*$6Y9wO7UPjV#&xr$xuH=37zAOX(k9B{mdvHlD*II z<|L5sI#5xml*)m!f7ejSQeVzbjcZ%q!$i_8>*X;9*pEQ91b^V7T%S(8`K_^Pf+;pf zW>*A$vjGd08)f*X?2uULAPikDY|3mziU~X2;x0vHpTw&#=g5@=DS=Sp(;SM|9>qaj zVheFj1*Q~l4qR-DOxWNF{@d{5PC+c>(t=ujh+o|O>Opu{H>$pr;{nTy!VS{EuMxqd z04sKBloX|%=a(o?{k{|pG}3CqT%yi=(}TwhYw0lVvG!YzoK3| z=3t?cy|D!k8Ec+2i2s0`Geh8>R7{*y$btSet+&}VMR}$N)KuOG_h;&hx2!=5j1vFo zv5+Fm1>3;3U`U+q~}66!ox$offT7 z-^G(KR}V=`aLVLUq21s8VIj>4S|a~L#Ea{E0Ve(C1J(~zi09m;T6^F6jpk3e3g#TO z4Qxi|Ol}+IIc^2b3);mHg^qX9I%=xMb=j>(sIQSfVZMH_?>mlJj=(owW|SM{?zAa7 zs7|SG=Jff&H5ut@h^M5JS~~QfeF{}-;h!AQ!(&KH?rUw`8D5@^myGvthjT1em5ZKAt6`~_ zT_?61;Qldj#I%a+MZ*jFZ0gh|{FA>)bT6@ZW6*(gC+41iet1oHA`Z0%5Iq4;4!hY| zws90qvKPs2jf^9IKKS9(^mFJ`YZxtvucj3r*^f?-L1ucT!CgZW>@BGC+vct+rdsV- zQ#%UY1_69{X;(O$D6=YQoNtjIY!^Aax_np828cVKi3C=1FBnb+doo2Rrjy&U)q#HUhG$iWc49bo?|hao4ws2L4i z37yfS?AAM6`7Et}cg9;l=VnT|&aZ#Ic}0ag>g?m@=8l@&1R83%-v@AhT>C=S}$1Af%ZPjgP#GiO_kIApP>`GvRw;2cUGzku`S zU7m|$eRGCvQ)Ph=-d7(^6CcC|Gfsqas45e(l3W#g6Shu(OPe?@p_yLk-0)16-)s2B z^r|;gfCAxC{OZ2=PsIIOX1!+bi+b06i;2yv${wvNM~%8)t{=n1Oc)M^=PaNj>ZqX< zT)Q2KPe0^kE^h307{MuZ!iTnPO8MFcJ9;$^GTKosR54zUmR?}}OLe_#F@J0Y2(I*8 zixYNy%}8kKRxb;vqe4N(Iy?1h=}s?wPu)U*wD7#@WN5^ zNT%E6Ufh>y4F*)E^>FTjKP}YE-ZGMe*0d?=M?3vY3BB_IJKXnyaddEt7H^B)$R{?S z8q&AmRZjX%Z_+{guS2?z6N9g0vFv6K9o;gDc3>Y*ZTsawd?3&hQ8y?#vYN9qjS4cd z+EaLeG~!O1iW|!0&aS=+bq@;;6?P-z)l!bwL*DzM_PzkrAjHoNggSeJax!o&xfWe3 z^y9mXLK7PyILP;5doJ*c>WtC6| zOrNbT`$B6?wBDAJs%sQLw}kNr%=nEj#VsOM9$`YpXL$T8v)2vkMqtjK$P0GjJLU_P zUs-`G_Z=6fREaNvJ6(b|Hh9p!MZU3 zgqKh?3K32Zq!U3Q@45eie^=#z=Xe4o|Xea z4BA85`IX)D45@tgqi)ZD9Ql*A;*zly#-H5x9XD-i8@lP6Nc0O85qXZl42-~pD=xva zM^M2}r1Pch<%V^5*Bxb$kc_ZqTrmeq?bLKfr8Hh)!h(wf)F3JA zP7A`4AUiqi5cz11{H2gjdIw%Hh1WFYVj1Z*G$YAjlpsv5i#TULQQ`;xaETv>Sx#*V z<;pyPgrLPb%E2e>V<;Frx17rsKD#Lgs?FLtRA&V9WD%!Q-*%^BsjRbA%3I2NNQ-co zl_v{AcIVN?1CA!a0 z^~_hm)M`gB6-$4BNWBXsMhK|bFtOGU7|u$4kTwkK3D>Zi`L5(P4LnEGv3s5>E!Fi} zh}Bb~{a(Ggm6PW3t(W{`k5*e;cUokMWNF;#wZ;ZV^}P&C#2-{eB2;GmNam!JB5oG! z<8idb3DrR}oY!;g7b30gDi-|b(X{|u-R!%SG449=+Tt}%6J2Uk4@l35k7ZD-&os+o0`T>cSp z{B+)~SP$xD4Xkjsq)h-2`N$sK_SL-=`+TkZ`bhB6+GgMrO{f0J_nVS&H0n+*_#6J8 z9&f_Z9(f2l5YX)3S;PPLCWiQb97O!D9+s8zpH_yS`VV;$r}ewjdF=7ztJQ{;;hwX9WJL{Amv`!Y?io zA=-doE~gz%;=vUul||`z@0;lhkE5xK)vV9Y=XFFN_c{jBz|!Ec`fl zx$Ner;9cfP`_$x9I~LI;V-?{{quaqTWV_3dolT2;dORa+;ZU$uNEwy`)lW9vsufv7 z1Zrq2@Ow?eRtsMI7{t~(TDJY%s;1EDBLuueVVr;!oc0RT%P+%OR`{#5=Aw*hO1fPp z(~bRYR2(>&H?(B-oFi~>t%K6)zZB>O>svYt)z?X`HytO=Mb@* z^YW{K=)E!?4?3rle8cY^^XSqP=CRryk2`&h1hyx{XXSRw zSgPy*o4PTi^=1R5y+(U&V~Z6B=woh&$I*m2yP)Uv4d&0!6|8$VxfCN>xQ|6%K{C`t znciBANXCI^EPVM#ABzE|KR2y&Rrh_ZNY58b(6FAm{ll+ZFUKUD7kMV(62%I{?9`QK z&PL(aP=CB_J5+P-2J_+8`LEgo*PLCoX_azcqknatOuVp4-{J6MAk!^C;#`7gRVS)T z(AClbVtb{xiM!|siEq)zk9$8Ms;EV+d_`g%pwIBtEmH`=jnHibb2kU+15LkPqVwLr z8bnz%-arnK(sD-s(DoqJ01%zV!r~xqut6ZUNFxv>_erPjONhjb(Daj}v$5|GRkp zuZdcbhK)0>7zRK67=aGKIuRxC5HwQ4FFGSyL=dj&3AepLL*Bo7WYla@D_aE;8vr)7 zlSf1E-IkuFK7vCs`3-z?I5mfw&H=3ICF1Iyf@#V^)!a%Q8gWoX<>_g+@7tEM0sr^w zcFz~QA*TQ$>95?--?9IQN$avs3*$NGSJqj2?7i&ZR)Y*ESHg%=RoufP0+bGuQl6F4}!g@g3ssOs(V$$E2&w1IkMPg zZm@x!_@X%)ZCb@gn!=$rJY5BaFF8vJ8B}ld2b|&%lHvsH%?0OA~JoFs(aKQ_{ zdWksd&=>JC3E^!1F|mKG zn@=S%kHDT{J_H5@;B6w5A>%SW=1>606GaoUl+jenQiL^_;c7^V@UhXsa{;)n8^Q1( zHqo-hFx9=6b?F%Dt0D&&wu2P#8Lk_FI^bSsqBmT~mf0MzE_G@99y*m3`takKF~jj+@Bqqmn`SgSLpe!pOPE*s6#Oy+4kqGIQ}FY<*P=3PQ9?pK+bjlv!-@IltkpTyFjJ+JgY zT9*0TZw29bX+!WAnxf>_WMjQSYj`B(-A?IPD&gNA&@*jg)mRkA5<-1Jylu>VilofQ z4_Ljmt?Mv(wP&M*@ZX&TbA#eLbtQ83*9Ba5UN)?mSD3UCQ@SuS~YSb{L-kfz*YX{^KsRH6mnJQ2X+%YRGioo zu1KkXX`FhHwU@cNx?Se_#%_wz#Y04%*s(2C^``Yv?YJ}}zF&~+e1-c)d?b!KS#E?} zRWyN>2&m&`AQi@Hpc6ORV@rZ^5r78~>&QMP6LYlgP__#F%?!wf=JV@9;W6~#22)Gz zk!aJ>u`Fr~mZ!AL3sy>(OaQ;S!UU?%DZ=F0sMIM$6A`YD{s=X9frac7_Io89lZJ6C z4-6Fy7#+v@C`vvBjBqL`Ez?pale!3p>WUC0KDW-OJ{)t#Cq{IyQwqgytc&s` z1RH&tH!>HZA;*)?DI{Ae)e`NvC@eLKmdZvjCd+!i8iLZWru1j1J#aW2I&*NE@u4Lg zU{3Ic=E?L!-ZQGSjg4{bcmZzfgNXp6W12)io6RL9JH>7rCK+#U_2wj_q`I)SnoV|@ z*UNW_LM+>&HC9t8y>%ZBZ_|0G#%N|p2|4WJXcJ#933W9{Ha&R4I^-&<1kH=&;JbG1 z>V=!M!s>i1R^jnOEL=@g5F`&cAwPl}9N5?59pYk#9)YD z1{Cs>alaJ^V|pOWc&B>vO%99t09Q>ktqm=>Gxk|O)ZyHMd==K}58{*4ISFIK`k*U( z{ECIu^hKUCS!{A<`=VFhZvKUfvb}E}Pi9&Y|0%=Nyi- zJ6i{q)T&ecI6FG$zt`N!wk*Z)%RR4RAlx`R$ z5B2#ERN-wf_lfvIPdj7ak&Yfg70YMO#y7I>PJ4pS2pJC-f(jq$W=ZMkf~fm4&y9;I z|A2Go;;8~PV|`(BeJ9SQ(M=?J5Q2bEi7|u7yhL$c7Slyh%Hmprg~r7_&OxaMqA2{- zLowD7U(Y+g$j|oCRqi3JPSfz2Rl2SIbv6~_?tvY6q*tRj)-eU%#^Q;KKZVEXN7L{^ zk=b{s_8T&-2-fyftbhGHKR(1YHZ9&`UReMVKGXm8?U-Zt{- z^iCS|QRstYu6fEFc=rkALLGv{t2&g%6&M_$Lsfb^MOB89Rpe0U!pW{2{&=c^O#w@~TJ%Ok%Cv zr+EmRQ@n14t?M>A$+x3C{rPiT4iLfq zE|Bs`!|&#Jp=2ZR)8q;F))s1Ahnmx6(*1ON`k-VTnSNzc^;S%pE`v;y(a?-}v}>fA zHQvA0NUIJeK-{5|49`*NMl{Hltm)|vQP0vn&iq9ov`O#MSm;&?sy}O)O?RVXj1I8x zbbL}e1WHtv&vg1>$L2fXOj~f#4Hb!#2x zhRJo!v0lCR5|q1lfP=)?MUAV*nDp1EG~&#DpQBOO>JE`vorP0{%u9Jsv@NRzRrz&`k=^jA=d>?m2SJ`8`*D*V;4P z6ur%B$n*6G*HCh!oLRvHw`fYcV^k<*a*@N(_)S#A$B&@?y$yIpO>YyFZqruYij2m` zZ2z1bCZl6`{$AtAQ1azoORL6z~dl3SxP8?iMElQ=xWXZ*90L=KkVD_pbwdqNA<5 zo)gVeX4N$>8J5Wqnt0q-ss!_eO>-^`>%M&g&heo{(;)=4;aT|a_b@FJL*$_A(7Y-M zD?0imn__Xdu(r*4UTFMco`!|mxurJb`T|`G*q%RKyW%l<&BUzlza0sxnHmwcIg`8r ziYAw-7HMR2e-J6bQY=Gdav{lR+qjE=Gp#rpsYD8X9E@PHyYnRVtJZ7kAjN+HI z09L*V;fSUCr1Hv*T-`A$T<~aH*v3VW16rz-nH8p!tAKKCG68h7uNOz*KF6z>-Wf=c znQyQy8XiX){a)`FQaF`R@wr<}<(o&$WI~wnR>h4@Nr%IyiB|2*`9CE7&`sC>yrSF7 zio2hGT@VESV+8(Z5#axPMgOa0>C%MuK|4hM_Ft8wSd~T5j75S&3hp&`ABcpq4va@a zk=5g1hTc_eUzP3eHRsIQ6f?fevqaa?vEh%ba;IKi!%_SxiGBiHrR}X@bD3v%X?ESw zRCGNhOOY{U4>fP_8lRPR?J@G*_58gx+3@Xoh7FVwUW8!UN72VXipvc`u2i*-c>y2V zOxrzs#jt%QT1ku*DbXYlkeOsH8uJHgMHl_jb5txFEG*h*6yyrviyx87xLi>dZ*NfH zCxt;4k{{n%&&%MLo%4(h+tFwk_tRB%{gk!Dx2dbkh#f7uVooxPS@n{rDTF1GNi3JE z`jNdfej4a9D&G3A-ms9h(h?;7T=r1CaC0^fjFj0R#i+%>U124qyh1EOY@h?JD*e`R zJT>$bq%EDBruNMCP&$=*hnv2gY?hEbB|jaMl_{z~i=_5q(#bN#F;;MDRcnf4GM*Xp z9xSpw$wTE_yGd=%t&EtQqPF*N8+il$AtcDuUylnb3i;zrlB7D+*N+{eW_rXYlh!C8 zI)n<73XfNgx^Vc++iTy~i^cwEDax!>QD~-6!7#L0q`7MZQ~ zKHkwmeDkID!BpZto!u;|f((U8Zn+DW+p= z&M3H%LqV7i+nyZ?L(1+5PXM_^@(2iv0>qMJv`o-Fag0&MY77PTRHpF)Pg1oZ2_7XW z$ehQgy>tWCOiOJ>6$rW&nXUXe?zQ$z$65rYo(@F^Jt1zLRKGd)-y$v7nj~&)ilK=& z&*}HPC!-QFRxG15ZoE@cd>nhL^e{(fR&Esafxm9VprmOenDgrkNU`WC(v2Af%}=M! zA~>}YIB-3*{4GnmVz=OT?W7kRS`1Z#Y8OlFzI6tXA%p-BfwVpt(15iYdLQ(|JCvBoE4ef}x!Mvb{W-=@6QY#|kDT#4cIMnMuh0bl)ek+#-JqUX;%RmGY$Uu*r=nO|zGe#9ER&!xkYE^M;Y%8A?wxJSnUs7-AHXX3eL2FUR`D20sZ@^R#@^fI@l(F)F(BzC2C&}^dHFh?(Ft#?Ob`O7QR-3C`tAa;VM*HEKKp~wZ`%yQH z_@u!NeTaV#&I-4 zw?eJ#FLOdoJ0WTz0TxWnMa?8F!*g*4Tck zKr8oQDrVV8lL_4MZK~}m=&4N^%a3wJFfLHb>e_h~`cBNnw(E0G3)M%X z;#89Wv^w}k`3DkQdw1@e35++(nnwj|KxF}nQ2Zn>()b1w{OR`9I>mvTUZ(fj1R=~E z()I&is0&_M1NiqvzrPm@`ezp0;*HKmg*W1v0qWk(3|P=8Lyq@vGT46?!J#Lvn5S$! zhux>@C^sCys=0y^1?*UPt8H9%;6GyfKD&C0EZj94kM~_al!kL|EXs%Cr`hFl+WGX> z;|aRr<-CCL1`W(U;Qcv~9t>8v?`X8RZ`ZwGR#iB)F)s_dD@JR?0fPA@B6Dji)L!d< zojP})a*OX8xGm!xG$KekE#_%Y8JjJ#tUv+{04Dg0(dyaypC^zQ^FPQRox!2^;}E1I zwJ4R?duE2qAal5vzq_}P;k1FjyCoAaX z7F|zkbk^8f+RVivCLEdmAjt}CTwo~{tfr1s9$ZF-gDxB~Pf!~aZgtAY*4K*1fet~< zihRA3f*mps_z;zyI}_)l34a`#412`s8J4Yf!W>n4V1xnDf;kNI{wrF&ye%hZmN48k zZM?B^V2SsP#<1WLBWKQGA-T*X!-#$rHGh;b6&)W-B{pvc16AR2qi4NMma=PEa0{j0 zAgy(o*EP=u%VePyF}mk%Do`643g3uUCD7_$R`datrt6kB$|q_1X%dX3G!m3(KX(vL zaDO^G4PrQ8`xP$fF8{?K|A+32O!f~p(nm;^-?xwgt(ETV(k?-;W7NQJgfp9Osh$ur z@Ws`2CxN?KxbJ+*Rm~XATZi`gLKGEc*h}LndA)=%vNnDZDz50V0+cK=SWWpJTFJeT z)W|58GS--^;zi_)5Qgs`#UB(Ze(`41wAhp%#&1<5yGy2D<7B&H$u}gKBt%qHAGcd* zet~Xv4QdihCaBa@Pu`ggkc#co-XKF;MgZuIAmJK2tf=}@o6JrBU!~7TonemI&LI{+ zm=S*XsY5rta`h|O&eUkVH1$Qv50%4si+v$Yjrj!nY`@P_PM>by_`U?`S9YmWLsSCw z9)&SDjQ$*|N7y3dk1~rGRwn!=*OXwetzJUeU?aT?9(Wil0fjQ{$O&F_=mQiWz9r_T z@uSGaJLKt^svgf61!578=4_(h^N~~;F)xyU%MK{8nT7M1M z2DoOL)+tO8xOsyf@1(ox$2B-%X{_yV$LUxR40?hCTRJzTC}bA z)RvK}O&C~}_@yiI{D-29v1u_S9eAhX)Ht+k3xXe~V$Pll16i4FZjiuY8)*yMQD34* z&FwgwctbPE&LCbT!55?<*6^CbUFwNw>qjsm!2mvJtBn{!$%d4wYPKjhHh<5cA4*Xt zkGuFZzhm;1$S(55I$L-g{LcQTeM^{bt3MFpGo(xM3*f#^`saOv$jOhufeac*W)D@w z_av}KVCnM9x22nw&~WJ1*rS>f(Nz&EA5a)a(xoLis^O`FM}4|}`oYN-sXyPQ1cj-Y}r`XsN0@yiz zbDX>uMjTP=n9BIC z`Rzp^KC^&_2PjDqE}mbEYO69A(>p-j^@I~vqCNP%um$gsw^QY|>C}0qetBdaJv1X; zqukn_s?U}*_;8Tnp&8*&g8n*>6#*{jhp3K>RjqOIBky%Uh)DcDBq*?tb zCG(>lQIE%Y;^`(u$+o4)6Gm8(q}nu16Xy41>-D9RT&aTSF!h-|KZj)1K0cL`N7Oz* z8zK#)tM-8Vt$tsHv8vV?Ifc^rt*ZLaQXe&RZD3iD_E9%ZK z+86q8E`_Nj=#JEbKTKHfI4it)^Qd)q&RrgS%#6sW z*o>gj(K&DUQC6GC%LM98y>a|O zVM??2s*@6R@=1Y~2dH<*T&g*8Jofh%QQa}|^S?j@Xf7P~Jn%q32qgb$Ci0y zNZ=~8)J#cYm1w)lwfsteP`?EgdJLZGfkDU4I|A)12 z4zl!1w(YX*>auMcUAAr8R+nwtw$)|ZwrzLm)%<4e%$<2N^XA68C!+p35xZi4XXXBO zX0BZ8PPB>Gfc-wuaq2y5Yx8N*N5>1h8|K*r*$LbX{H#R8pRf5W65V@qjE&H2YJA0@ z%B7j!GCj(sK#J0~!(h;r#^Qd}tUd7sn3Ir4Nv;{mIm}Q)xXgT8yU3u~Ty@G(weZTd`FWO;4FJED|{BFRd!8n&x5h+3o z`Au280cRCHWM!8jH+Yx{K(q-z;aYSF#|GWf?pXxReIt` z9;aGMKChm=fwhDW`RzQdBcK;^B%0M%2UvwFstJGPnpHa*vDO)6F=8WpjLl>6rq|8m}coWgPrpY=6i3WbPQC}UM zC6(o}giZW_img#A#fM7+@RYvdS84uk3)}&ylFUq*n9HE7PG@CFv6sG5!HFumMMy;duzyHj%VloHLC+^`Mazg!lPEE&l?-eRyM~-nyM}NWabDsb$c0S z&81#M0#fCsqVw`{nN|&V(eAsoiA3yu){#4>Bxz#eJf*Rmie{X0A2wjQu_QEC(|N<$ z0Wt#&wmnqV03f@c%c!!=D5zpzKgIRWcv@g$ed0kxRo3z)hPy$ix_nG9mdE=`97BL* z(te?__QlLTcTFfyg8N?nbkt*_>OXXA=S z^o;_Hf~0CTmDiQou%a}qD-A133lXC^I(k}vwshNLv??&Jl}}E{Z0cy)D>`rC&MLlQ ztU?;#ZV~Tm2hm5PknQsrJuorUG|<48s&X#d=RheZyX~Q@-@|e$1<&Zag?xo3B1sbGdD}GqFX1HvnYDEE)>Z<`K zttNL0BgYjaVhHNPS9Api(lm4^)?SL(_OsuzH{MmeZ;pe9h_(8$*?>aU#;DW`c}ld+ zq*z$DF;%YrS`QnyM+5{lrF32ve`;p;)!BTIenC)SVHoN;B`Esr8JK6pj_rvd(Md#j zpC!prWK@Wv-T1Z*8Gul}%e7)rm~gB;F6-EQ)JJ{DQ;VA_GX-nqE4Y8-%mq3jt3hiuqV}jA0xCxf@U=sVHU)1}rOFgmLA=1#s z@|f>U9UTntfD>X%4E3*4w1it@-7&;k9nV}#_FUo^4nYYFelyS`5&NHwO7XU4jj$PW zM%+o`i@FX+k^MT|MOGW!riWvuP`3-;bp$)P^i{?=D?^VH=YBN~YVP(*^OdeaYVsWE zmZUkyoup8(9v)hXjI%b1E+?d#U95wdJ9}AEKUT1Jd3K6*=hc=U{w8iT0dm7-u1`%E z?cz^l)c@IiQfYUVLcTO*y47NIq!efVY_?#|wo@_ zD1V*c_vM>m^l(3gd_4Z9sX-HJ?{ZZ||F-Wv@hr*QxnQ$p2Xe|V>Bv5A{!W$Wmt1&M z7HIM8V1%^6ZRH!(#n59uR`JE(Ul~o}bYLX_9Ndhn3 z`D3BC1!n_`m-B{6L^0w@r?~C?4ILEinGW=2r1N{Z9n{Su!kx0^AiR6a!(~7J2W~I6 zrnf^&X8jvD&cWIo-N=bF7ZlVMUb1r=-;jGow}j)UF;%}<#%`!|&zNiA6oC&1J~0&s zWPCsafoBw8pzzWiZPWGEau3*Z8}^#`$AJAnh#h-qC)x|L_&X?w)Lr%&USvY-FK;X4NOLM}BTufL!ZTR36xD#4lb z-elEaJvxsgW@(kFhJl77qO(RrNV|+GVyb~aO9N^2*VHa% z8FFy61^o3~1s^X?p~}#+nZ4u-rA(T#We-M?0uVXNj#Ai?Xfwc8zePxlIl1=GcgKEd zs_yh>)cDw-#13+qtwEOrC@N31Ed>bEo!4i8#<*hKU6F_iu8slZDwWMBf`%56zR}N^ z*J!0YsJDPmO(O|dLruYc5Ooe(EpN<^D%U&Jk`M!=k}Jp|8F(!NQ#3|C;<;ps{Z|OD zm}?QYJ9wJGz0rPY;!Y#=9n``&S<+JZ%-sjZw~SvTC=Hib7y+q}ex3TlV-nfj%&n*oJM4K@9m^G#cA^G{~1p3)SXxei2CbGF&S%CoBuj$$SEG~s-H zr-?uW`*);m+q7KoR%KV)dZV$LOT$rjZ{(h3FAil-Sm4=TjbGFa&$t{~WO{_%_KGp^ zB)YS*$h9BGQi}FasI}WkHIxl?x5>H5Mfdca&6InF2Q+(K6{m5(F;8J-dEIVY7BD_< z{?K@b_zf+%^d)lF{&ymGHr{`)b@S!l`pw4PgjVlM)5Fw=*1*-6R^Q3N@~cN=@TVRT zEzlPa59~`8;M=#a=F}gbf6dEd{`&skt@YK860|q^Cp0|H2b(1xP*6|}P-$mS5@FEy zw>-!9e!u?x2*vmPFsAo{+1-rshWY)`{R~B~;#vKpy!rmP@i(sQ@!h!jU-Jacps2#2 zz7_p-Ki)I?e>r-67F5jdBMO675tXdYBMXDt!Qe6(_>!nu1OX(193`U?7q=N57BDb~ z>eB1L88Uq*1R?}t1Olf6tTZsv1*%0~_9a3B0{dgps8{rnD91xW*WImc$DppUpZpIzR1{S8N4lFxRJ z>Tu70=$BguuFSV(0Zc(Y-Td}6hCWySge?kn*bZcrTh3%r7s2fIxRB6xB+q3^t-Dw99=Nx6Nflgy~N6pfyVu7M#P-Xht5 z!9^H!ByZjkz8E|_qcjMv6ja^f%Yj`q`EZ9mk&>;efsB2DnvpaymLD)2?19f4=yy=8 zFGh%(FaH4WSIhx{0SzBz;9-(Yf*_h~gZ=>$ikN68%X{!)X@HKkbH4c z^(<{n{zp;9_OF)_{PS{OE({7^!EB|cBro>&-pYw8uMXc;zH})IO^wvtRHbGuA*#gZ z2Ct-6gFwmcYPE{(EQTVDIPC;AstOxBZp>BAtFYR+AP=P61Tl0|^lqV2chE+mLnRml z^*98LpE;i?(LwJv5~;@OD(sA%l})DDpE!@akJf`f9=cwAfNT-E#B*Q}U}lJ5@kng< zi!>91s56NT%y)`X;ehqgsD>befC)CZ9WZwRGjkQ#Yb^Kb?vqK4$N^wtogMK?cXSbh zZB@6~moyj*#SW9D2)mk0_l@wZTt?6<-?V90+0(-8o!vcG@3lM@?tyo;g{Z)>vX)`{ z;MHI<0fAt0d`Ypp_T7Ey>xmb3h;4zROH;8?Tz`4w>79$NOg)a5Rz#EDut{5rm=FL( zZjLHG-WJg}p{7XpP|XjFP{feNJtIrU6$RGO+BT>)0JmKi1UVwg>@Wg$c+fF1XMCSh zGD}N{(v*jAqDke?w=Q_ez)YmJ9XTcUWqif8U1^XATP{YBtDX~c%opJ+XCRebPE;tr zMp}DMg5nxeGtWC&shpiAyH)^?~&k8@UG+tVv%bae7^@%~)d%vG$rBz>BC zYq)(N@9a4Uw@N3!Deg=a2Nm9*+?qaL>{kRmO;?^Ky@*!ugzW@m68Vd-BVbj6N&0w~ z*oXqWtB|jjb;?Bky%eCJtJ1;~v#-I#Ze2orOP(G@=#pKc*;NmR+o3y_8k}Sllabs7 z?SgBPh7&Xl5gnbhz*u^sjupw`z!9#$3G7J7D?k(`+7th15c zI>dVHj-7t?nKh;hXSy+cy?GXE+%w?jzT#V^0(&hOLA`X>&azBna2?=`T(fRje4qU|<-xAs$wUbXMNFFQ z-E3BTR$*uPsA-L5>?GRbYPC9+VuVx3L$x<*Z{T9sHShwHh7f=gqCf!jp%bnJ&OFu-|Lq*+aVqQ>C$zzcozchCoK(im z8%Dj|#14U$4B+0{I>E}KP^QOb$(M_K%zK?wMhh1sYYn!?-A62Uz4ISdWCPI?n=?zHTsY?e@aZQV1!X>O-_Ar$N+ubXJJ-|lMI9coqjucdbb61*J< z#SW>bx19xc{W_af1~-bw5zu0N(JmPLk)Xa^x(O4q2{wJmI_-@H5hil@$`aESZqVW7 zlKaVy)!F}K2MY$uRukRr4{d-K$*2lzg^y0P4lE!>+>;oJvfNM_Bm4}5b^H#6h`Xq3 zkbCLqln?63;9ZfF5mR@`rOTa2PPW9Ew0uv5=|&jQ zUC-f>MnO`U4p-c+zN;J5@B%Wm0#r5`i=bI}ZklU%?^y3XL%V?4F;^6Wls=0VUkE>K zd^LrF3#W=5ip@SIgz7z@aU>PQ7nt>;Biw6}k6|*O-nC~=5wg)O{1cA7q-$dNwEPbu)-;8oURcjA^>oP~?UUXLb0{Jy2W< z77PctV$+FG8Be)BjdaTkR|ONPMAE1=&$1kkS0M{;&kuj#)Mw%4@vEKmH}26Zo7h_1 zfGgafE8M-}1|qU|=q|jY-=BXtvJlIo-xPy>`vw8`-`}bK0jcl5-l;PD3StU>c_aSi zhVfTYpQ47s93S!r>MW?mx5AuxDDCT6RB>dRWeV*Y-NtR`1&-6}ngR<weqH-TW87;M!`(OMz0wlK#id}Ng1z=`=q#-jM@Ywl zT~S`3j|M;WwjO~YVTs`kpO<5uf^xM^jk8YC4be9QCe68{hbuvo=y0i%SQbR_LV?7G z{C#}O%0d!+1=%DMGi~Ep1zkAq6xpLO(R=9Q5*6JVREv`4u+y?)6w5Wg)SIPG(V1-_ zi!mZ9rGt1*&@|+Maa>H^b9(4fHibx(PAYtv7@+CL9t07bWEbcMW8SboYH*&bpX(?Q zhY3t{0Z9aDs~0HBCrHTQ%NB#18Qv4+WKEA)XRx-YxXGHRW)h;VPFlL@I;CXGxrq+_ zH4^0yrb5|;*j6KS@@ZbjqDWDdzmE~PmW>T?RlS9ek3@=WyXH zAEAG^C19X$_|C13owHyeugz&{Ib)YADrjA~lJCRm1j{oeWXnBupo~-|x^14vh$|9I ztBGI-x#ZI2(uw8g6>pO3O+u+XS#TI*)O}V3__mYLpTB$2hwgz-#QMpa2mCT>sy2Rm2Ad6 z9o3B@DFkk(S;!S9;>Eejc8=JV8*f9-$z~UD)6R z-PIGb8eOsH%2SjzS)gx|?*&sDWdtM4lNDCDdxkDEz*C8zv}A9SJ2Su)obHHVZ2H83;+NL$=FyCcZLM#O3`XbeElTk=_$L6*6p(wa() zc9}w^8zr8c`O{G1K%sYH+9LLxJID=2xc5So_QSL*R(t7ANTXp9PO}!*Lr>O0X{<)Q zZJZrixj&{Xn7W7V($#nQ^xO*SCCcVifE}@I-Nyc;)D5s`{)CZATcEy0(`cCKmvi@C z6j79=4_vG-WZyn7&~JpGQpQOlk=~jY-eb+_@oeP|K`eUSP^F0;b>#G*>^lxdB|AcJ*@7_y{e*w3=mCQUJy!Yc}ivYE4 zR?aq5=TFG~X>?vcqU3O4eg1et&n=6g&A2v;CJnz&$gZ3lf8OrT0=retd@%DGGZ*Kq zNygXlbIQ{%X~y@kxZ@0E7zO&yqqq&hlq-} zo&jj^(V@0*RpUat9W_-YR^RWBl$Y}A<)ldKd02i3FE=6QUVbiNC-HV1U0uhUF`K7!?~ASV zGIlTffF?4!rD1IoAc>DOm$g>97>q4C_+zf!izdq77w-Ph*4$lX=b!$n3%GwBi2wR9 z{3o>9e}k7lqa{-f$`wn+>7!bkuu`~=NTSY2<8jdWe4(n)X_w7=*p6VVuF{kkV=T#l z6hFdwXm+(6+sJq^HVssOEC5(ETmugxS^$E%fIJqPY7C*@T6_=H^cYC|XA(~ivVd7` zLm_hDeHUYW`NqPibJ|t?m$B(2`xEb{+xked_rn|1H){k0+%VaSoF78uqrm1-7Nm`~ z0ur#nufb7gavC|7B3u~FE|ADz>YykIP{0{NEJZ>h_qL92s%&K|>b*H_QNEYH(ocmd66Sqv zL^aCRI=<9YhaFJq8SMqDxm5F@(a(V1eRudJ5>eP z&7`w;7qexcD3PiJvew4Vl`XS4r4?cW3{+^>a;YXs-GkkUO^rWp`JEbA%T+^_0L7W8 zi>j`B&lD>LF?V?r2ml{qxxTp+Ry^8k($@THKGPMkaM{YbwzK;6z*D|}v@YCUaB`*u zJWWue>bGh}WaYJx*?Qf5D0d|_8^;W(aUJ8Y-e z0|Qv8b|}U-yBuWIC#tF^qlbxw%c372a8KgPoHYb#_1M%%*^&yD!g#+OVzyokL+l8m z0kWuN)ILOs+mxgFVWv{+&;M;<_JV%{i=m>0OF}HC-AIIg#aX2>`zxQ?-`=S@jHlI|UIn-A9zdghPwuJ&@)63i>G*3Ii z^^GlNoP{CFEKz$S)dBEb=m1e(j2bFR8M!$+kO0CrCx$5qBIJlN(O!5}dEH!Zc^SGE zSQo70v&;O3B7xccyhje>8xN(FZMCEbb5chFL0a6XHA2riOKLL>H`n55g^&UA3`N`Q zFgrTvBpOFxoY@hTOka?TG+HisJX37kt!N#U>z`rGyH<|Y{5I28+SW3uau|TQfpGii zbBU6Xr$r=QbK0TJd-xz%vNzuu0-2FD2Syq4)H5 zX7Lx3zUzOyGL3C)9zMB59nT;DXoQZHE3=*rO5TY!f9umizWy4^>? z;}?C%ga?F_R2j{XKm7#6u?9_YBxy38;SsiO=Dz0wqO3(6_;O9}DKK!g6Mvr(pUDW) zvBA%J?QZaLFN~YjYnCd*OKmHG*JZAwXW`Lljhi)yOXey(fV*3NZkb^=#%bR| zI2u!9D9jZ3qZcA6rFJVKJAzczO+V^(9or#36?zfDNxu-UmK0=>mZ*Cp8DX!lo~?YB z-E$IVWgNI(A*zo7=^~Cwfnrjk4%wnsm7S)hA3NW5WD5f&JNYfK1KT3U>Icjt1MPO6 zp9IB+sCC)M5s`-S`({E?4f2~E2T5x6lPkgJj{%7mDp~XI!LW`FKC5(S*Vco*;m?dG zEwl$nxodWV;m=`VyveNvlDN?tEDxTE0pp8vCd(d%{l)-y1RwGPIwSQ|yJ{Rk!vhJG zS4-yzxY~nD1)ZoMK7A}S8av&<`6gTvl7;7*6gN^RTfNO@I?D8t@y*oD(QTM(hVLJo zC|f;S#a>CJb4yd@QGw_Ld&js+Z}AoUO4>24wUj2E#k<)D5mV_qx%<~$CC>ofY|VN; z=41#aUYqK8^*RbS^4IySs5$ALu1bC{OdnF9i(OFb4YoN{ShzfI$e+2}CKMk?pNW0K zN$gq%Z%S^g1@|7-fX*V=^e(U0yw8DtpGr3puot}kPn0h&nQ5@z6n^Jyb4OY`5B#YO~lx}S_7VpXKZ*ym2gK;kNY|JgqtO>2pVvpw}iPqkgNy)TtxXPflPlWkC z+sfA~kQ^=TZ^F2Y9}Q1B7bQs(7LA1)a+N+63I{vh zs`-T?1t$NiFzVFbj#9bUOMJb|RIFOI8&wRMy&yC}-we*=__7yW?Dlp@dc~M~%p_l_>>XLP5`K zhnmyAa%H6|K;dzy-nX{5QS^7`mF+Q}Zq@twL^HR^t>iHaUc zCp`z622v6MOCcwm+q^b)PnCmW^v$@MP-hA$@yN0yduCk&*^>cyW({H5H4oVfD3B+uTXFA%HsW{Qx(NSY!;&*HEYL!wuk(bFlzHiX9n zOdI}Bw+R>M4jmUSE8nLAEfUzs^ z3q2`&)jN}oI=X_4Zc!(WjBdxm85cu{C$GdS?7hotMHlg2s77BpF)f~dp$mBT>`Q`d zT?)`|`7ZR_!S`U0iA?72VtMwM&1VRD(LJ-z%NU%nSFr63-`v;`7QkSW^+=m94?Ib) zc4#QtD>@ZIC@J0~r~POwHuFo{A5p(!4xH@a)zPZ4zCd1_AlHI$i{Z|i?I;=Ip%P(T z+;O(#i_ZTwqqI$)EEDc(s1{-Y|2V!(x%HwUqSOfm4#@>kxX&aWmc3(In_oVzHk0g> z!=X}Ca^OH7W^QdTK0KA4HO*=ltEh$XDioHzSOH1)fjW;K)@m*#XI8+>Ii@JL%V&Xk&*N z&s6A+oyF)V1~4gwxX)~-Vm@wD6aV@ciFnfdL0UJdnN}2HN+cAPG0`RxTL??~<5)pf zu%~SlicK|Q8#yX##C5oETjS-)>c=TR&MrQ|a}*US)kKYMsi5ahiVPN7IB^xferew{ z9|t_{tIy z{)(VQ=$TO1tX+I{!u&(UV+QfbfRfjx-|Dp6{Jx~uc(|M7wh+;lw7J#Fn!@=OCL11U zq6JSJ#oOfVOxDY!Oic zY(UZ5iVR+D-bMBO3t{a+6m9tPrjyL5W$J9To}L>p|SAY2AyDgB-chVIp(Ns9tVn1XF8tkZ0! zWOkrrbT^>2xq6#vvxc%CXI*r>5yOqIZxMJt2Hf5rgbpjTmmFZsrUGZ9G<+P3xCZEWrkEKuodBA5K@K;<`!5kY91&cugK!4W zLVq7X^8-b6LlNx5&yVMrae%i2Kjb!eB?}ZvBpd7P#wR<_I`3*fFHGjdsa<~OX4v;n z#ZnexWIgI1OU9tp@qO!+jZ9WU?o5ODv`+|yi9!emcP%$fm#Fe$Fi;AqSw1fHnwQ|n z-8Ledb2XYBVe`@GpHmh_XR8pY{vkli4-@oD5jkyqKX*Y9#51z^g(JI@f3UOH^G<5_ znR@ru>M-!i@Sq?@#qTV&TzQrYEfo?uajLgEMpeN3`!$(;g2sLk=+aQ3zWrqJC!L9} zhEk_Ql23G8XLeyF{$4Psogj%E9gs2`ELncm_Y*+;E)Grq$*aRN&qNNNADO(`d`D6$ zvoAnzbd)C&c9C_DN5@1nUD?(5q>8^4DBjhA+}Bg(R*xy1vRKBhwfH((*cCMDp_IM6 zdw#q5`W?i7It;8;xFuK_tDi%35|zGEl)hHaJ>L+o^Rh=~OYU?XMado+rt92ZQLWr! zMpBKCk?Hx9GR8~H+lQzzF~sI*T8SVb`ii)tM(d4FIy^W`A7Oo15vY@3;XRGIqttpfBy-8;@_mdqDGcq#!LTI5B#%& z)Ax3IrwtaXpR<7PqFsojx&drCs4=o21oGl?FdfyI#2dS-u@{O5Xm)`Tv23=$p<4m) z^-V&7;PUz-^^AL|PxpiMyxv|fklXZWB;wQ1$EYN-#w8iojF-S%=j>pcq1OsQw}cp@ z_YnTdHdv`GequmHf#j;t&d5(#n@1nDwr_XMQBw*yKjvTOt=c`@YNiA?k?8vzsp81k zkSP{79wv#?(+3&OFIYaL$VV}t>cgg}@HVlUl-wtKxyrsm2vi%-D=1hnMr4=4 zHgae4I8Qqyr@G+8Lr#Tm+}V&!8&;Ydq3ckaFZD%w|86^ENPa*_UMAY8*S3q1W`@RJ zPSoglap)MAz^A}BrU>wX?ufXy($3Y)M;_|;aAyGu`rF7FP}@d9=qcO z=4@gSBm&z@?h{twWv-QX!E&ROPY49JRDBHHyx|n@N8~lMKt>NknQHDh<_cz0ZE7v= zFb1Ua!A6mIk{hM!#E+HvdT~)qr-k9UTIm(B1aJM3?w~+wNGJ2vqUPAp2A@CB=KYo| z1o>5*qxrky+&>aAQ2z;o!p6$V#`=H6!=U(=s|czJ%Np5RnK?Lo3644Z8K;qQS`vW# z$lQBNRpo_dTgEc6tNs%AB@YCUJ#o3@56EXMC&S*uZQ?!>?(mSm0p3fFFU?hfXQ0P3 zTc6e)E;C<0Zf-%hv4SB5z$HS65QHM|x#x@9%uk(ltR92buhI3D^q{W%@HMHNh=-wD zQA(I=x%F-=F4gt9P@|{?^_Cshz146}27e|;77yJXYp{*vw0NGUC~VpV0z#a1I)~-T z&MWs@O`$k<-L5H|4%Yfc1Xv=bFYB`r&^zH5#if|DB^@lAUo_R0nUBYqF04saYII#S z&|uuI;&LmZ6EGk7G8QoD-Ia$f>|I7~GLFR0U|k>w;*ke~ z-!2zw*aHy6dDSrpb%H|%+^C$Q%xaNjiH+AjM%+_P-0+c^F~RQn%6g6}_BkYC@y(O%EMk^is%L)py1?5|!V znaUUPYr@Ff7T>Wf2Y?MseUpMn@ISyyq{P#db$45cA?!pIN*FJA@dM<9n;7bbnY_xJ zi&H(*_6&$7r!SbKLo>RK7jfqz&L(S#Lh*YL)F&fhcEh$N`%{lZ zMO3UsoIjBg;*)*f3dBee{g$U-K1=M_Sk9ou!wx&{C404*gL{M1NlIKF%cWj@2_0u> zv^G_?T!={Uq@isvmO<($#I;C6d1{^W0w?X#*V{CmOCc(E&1$3Zxf$8`7gBiMhNV_# z7n61)&co0fUQavg5z+T#$esD42iG@Cg>M6Qa|p%}J7xl|FP-;ujRvVK*w>XMpH*(- z!M+ragHZar%R_4D5Q0Z)@I0&?NWn~JedzBKH)N#kh-P+7@YoL@Zq6c-^ili6XSz-y zy)g)sZ2{tn7=oG20L>|<0p1CqpxI0Xa@ZxqI9W2VqCRW~kC_TfbS_lhDaj(ReoodI zYPqp#fPyGyhR-!cWAuHbR3n$u9D&SjhR5J($OF<4BUB+mC4Z3Qh*c#6qUqxI6wtMic2~cq1F&r%17=h=$&$vz z1YK2vFs(JXhXfVKorIrBUdMQ&K;kcW@gMk0ic;Y2BaEay2W4Rya-Lcs^L^hrYhK2< zPOMVnY6Z9S0A5x&AMDP`CGK%H8h~6_#Yl3?_I3|ifN#Z{#*uTB(kyiCZ9@SJ0?blC zqxWqmoio1X6?Z@KTIWP$!UovDpB|b=mLae{0-F8>d{B<2*lOC*Vi-x}UDidoBH>93 z6t-x=u3c>+csfucBSNoszR+^BIjoNxa}HK({t5S|gNx>h>FW1ar{K#@{=Xeu|JXX^ z_>az+zn(9$_BIAzrj>tnJ5n)I`EG>ltsO^41RburTI6K05%*0BO&o6FQfY)1T7BfkVR6EAhRQ9i{Iw|R0YeC~d zkfwb%6>>y{8i>|*+((b2OPSA8Y*y^Mph#P=dvITgP-c)jc5)7XP9s-L?AU>pV48$8 zT5vPR3v}%rEVlH;6^d%I{H1hzQf9;5N`+9f!W(mD6nL*HaVjh1c~~K;DNH+Tvr~oV zt!$ZMNtCO4Z{yHph%8h2a{JSp8>|)O~d>)B(};f#b7scM#YFO z6IC;1EZ{;5=8|cP@{m)Dw(gl5cv2H&66Jxq5ES9)WUsz2$WfR1)f;N+fWj^12r|Rijs1p@K zo~`HiHKzu#@64T%9Z6=+i&8VeEpaQ=R_TtV`=uSKH| z0sE;NUbP(&LS{D5Qx}_@us1KYPOYGhHQxZbi0{EJRpIVht2PmYi?TwpSKH7jqE8<} z6Pb|~0YrV0-q4&^DK(~y?!!WPnILrEai5+TUhc-RbNEVtJ9YTAxITv_ItQ_-MFXv9Jzt{P>M>y7-fsSl!+Z?QyqI>rZf8K zW*o($8sx%?qcVZkn*q(!{t&ooa-IF*_WgdzNd$U+6M48BkHNB8U+sQ7FNWg~HG>&v zwz$gM;Y`{v<5jR0AtSx6JWI5uRs8k^+$3weoeNDS!_V|LhKeWD z#db3|u4Tyw7PIe_tQ}zcW_i}loooZYeaM~r@8&+U<&iV`}~dO$E!dimWdA` z{Ra-FB&9`%YL?1V$`9-K+)xx#EVH=VB%K@3*xdKVtd&<#?%$@I$D@Ja9A#C`Bn)PC}ucXIe7OW>MK9L>%)LYFUKvubfvIf^k=N4wr zR#w#o2g_LUfEVhD>3uQX9-_lD*nqtHDjrG=4C>6`?W=t=*D@t$yB4mn`2e2ozn75k zZ%$5V(Gn!d)&wQv^yc@z?WGv6IdN`XZg25N?7~Y<%GBJ&M6}6{G;(~Y2Cm$0^+tW7 zoT?5uWV)hM+a*edd0ymgvS`zuQY+m^f2jtNEp6T>>O_zJ_K~aHp~nB{!GsAuQ5(xH zdG;SU7TU-Du;48BtW3B%{*1j^mVY6c!rS6bn9A|Q7^M?7Cn4q#f2m8D+SLfUmCEq< zywc`+*}OYQC!^e2+;w`(ycNs$BEGevDPvmRwQ%&3kjv9`U}6jRSQDIqpJHMb5p=LE z;Ok1#nfSgf5&a3_b zZu9y5;{ycW9KPc7yIx)N=Rm33snYXL$By=2`~ZMEL95kvZ&33YiiP68wM&x_J-tg{ zz3=}RG(ga*o+|jF5V8DQS-*cqhyQaj_unq@|KhG48Mh|h#|IzuS=m%u8C~}_P8UY1=X`T~C)>stPG<`@`&-blhAExq z8Qb=*)U(6L`xC~~gMBF>O`hm?J>*mu3x_g9BS%ZU${s-kkhc>fe6PM~=>j)Y zJG>E|`k{0{6FQ?~u&y*-%U)Z3I7lyZ#o-|ede|EhijV*?gOO`lgqA|kr(99Qr#j>n zj;_5KR}zU~X~7 zr5|@qGhv1kD6PO2G%!+rI@R?KH*O!ETIMO2sbUDNYm9EY#;eJ*fg zd_wXym-^@jjwkNMPyV=<^vZPDk$fdoF@Kj({iAU<(|>X=`6vF_MhaTdt90<5M=BND zAVf5pugj-6^5B&V3MIBtXWaPlR6SPu#Z7Zq92-7Y9JoIfks$_FRx(quWrX8rfRCTZ z6ckYzZ86s&@GE|Z`)J~75kmK>FHs;#n}f{7RGaWsoAObfU$63&meMSYVz`xHVK$+3U`CSv(Ilpa7$$Tpg16C<_;5GqKx5n5IdD4f1!TcAxaR*+2t850IOnj`_n zoB|aumN<8RYH8?gpYuI%Fv}2yZ};H(fp5q;vpQbvMs2Ah=lewmvBR<)DeaqqEt~?y zvF_f-tLtOyK=LlMIA;m9HtDy{B31TX$@S5)7=c3WPBgbvq;82VA>0hSpQZ;tc{Y`O zZTm*0CzY~M!;8!SXBc1`M$r662MAxj-yKJ(!iA73v>rD)u?XevhPCW z1K#Nz7=(YLw2jO(xr@#z>*#=t8knBe;%xgT5IrK@D*dEqxz(_1!>R~x@(kQnpT8_T z#i;U_8ENHxv&C=cPaYt`g04oz8RChf1RSbWC@>q`P5+rchTJG%1^8LMFnREI?3#Z} z^a=hYE)6X892_kF5JdR5nf^ZxeEsVi_S_?e^ zKYD|+9Ij5-kK8Wj=3e)Xmae|x=+XECw=ogH6vP;ph;~`uHm_TQ&uw}ctlE2MxEEdA z;@J{cLu_e6FDW;8mtwJ|q!=G>>|6$rZZ`Hp_bsAs?G%l5xO;djiLf$YIs$Riq1XA; zXW3XoXwVlNVNJ>1L2Cu>21W7QTMT2O^IgjRcJD*`CEV>i_Y_#{eFX+3bY`l|Y{_V< z3x0$VbSgkCE)%M?ARM8$FT0~R>D8jE3!JZr{nqZ@U@K{7C)g(xG*leZNL@puRmX9Q z4wcwGPUnWDdvqd*fz+bEO;HtF;XP-dnm3mPQdkyr25o>~jQ3TsI_-Grb#ca0nHRF^ zQH~;N+0Uzh2=X4g={I-qPuG>JG&Xe_q+3jy4A)ws z@7{t+fcbD*P&+i^=TuKO_qxgOoN04_8LllW&h^p|?DI-STCRr@u(=qhBN+Nv7U>(A z*fburV}U^iN!xd5B;6HDSBDv+MIjkD;gbm%b){j_;j_Y9lbTt8hUf-~ZITrxCBQMV z80NgjC<5{QF*#}U{Omx>WidRAhe;p)YNgGg)vSlLU6Cil zQ`^$O3O!UfKVl(qgzweM@CX$6QBrmOlz1XoM!rUW1rpTXad!WgVE-5HZl;3Om&7Q% zHw$gYA=gA<)8cRWtvso!Mlc~@smg>rRjzW?@5sDXG!}IS_9~B;ejk*9i++B*-MGY) z+JHr|A($oP`YlMMQDbl|TPRhZADL$&9oook z-raj_A+8!^E)uWWhgZZ5A>|g(b6z-#3Ml>12hE#2R}QSmq3utz7RP{dsN!@Ok}#ax z;sFqSZ{N_aYZymY==63Pd>K(kYcS4rN{%YMb`%ch+n|l=dSa><(m{uBPSMtB@~9Ves= zd2hYS^QiORWrFlcFB${f2Q&bLjDHOu@yAn^e!}?&7EqSPyL5cEMt};MsW=N{6@;}I z%aGwZ#^A~Lz`6VI^#2Y3wS-S^{a!eV7G0>!%UWfoL^`{J8|V!`z;MomB*tp~y@bBv z{S|?lP1U%>@rV6w9R|+F1&U0_9Ntw3n;YT)lhL9xI%J|%IJ$}%2^F0t-(=H+2Eg#F z;vD1XoCu+Ch{XQJ9Id!W#sMLn$pLtfLxe&$Swf$YdT|J-seY_7<=t3|0LV`ZjKL!G z37pEbOCCs!!H=-f??*A{aC%sK=R@?JON5?}Kc_Z{vd#o?k}EbTIkN4nx!e>b?Z}GQ z5*&aQ#y9(^>p-Y-qY|m=0@e(rMn~~q-+}*xM|kRPRE{BpthbEpNOTW~^zyB`q~`U2=9Nd!a1>|Wmy4{>aI zIYxX{DoDM#88;`?2$w$uRUqiKO_cB>h!hEdIJi3h$5E@YT%4T&!^BWtNYf~n^GjA@ zYO7mxZef2ewjsg)q3xZbbZe8W(Y@2QZQIVBwr$(C?VYx5+qR9Jwr!mJs_Jxi)#IdVgug~9vVfOF z3~;|VRpLtOA)#EyetzWdMO9L+^`juFX~r6B(m6V=$gg43>@mrf)uo`6RAy_4YP6~M z8%=cN+2jxgr44CFiVxFRINbI5q1j8;lPukmVj+U8vAU3{j(Sew><(zfZwn%&HtKW1 z7%xrZmba^@;FfTwU^--H6*QHUSI?QsXWTXav3ttU_JXZ)MrHmrcI}sC- zE^b7R#u$gOC*;B>l~wx@c;Yvv;`f>oOJ4kgRp5S|?dgaZ#*RRTXeS(0&5lqBYY2-L ze+wA3ey8xCrD?WXw10)s!1yn{t?#-u|DWoE|4U)S^p8DU1r3?Ml#`37wMrl>gZy24 zG0i0srJ!zriF$?e>xAM7Yrx<^zz`E~hfz6k*|TSwX>O6wkr8_0foBUNI=lNsWZbvFkO2AqlKtYWTiatJ%Nw=+=%|5z7v z;L(Fs_R<|;685{=1&QZ+jP)u71D|oCBs4IEY+6u18Ii5!HNvBzlLt#un}Y{;&?c^& zI;Hd5+!>3e<>3NzZS1I%9QiRAa4;CV?tjUsmM@gs{(jqFFUU^NaQ>hLwhnyx;G1*&PfUZB9 zgCNRK%wbMV=`2s#?w>hvA_Gx7e9nN~xt7Kt39^V{4+Y>oJcOSdK9nf(3mjr{nRnzu z{G+4MP(B2BcC-hS*rNW_%?ghDU+BWX2)s3ay==<@kqa1TP^4bcDYkcZMY&O_nsTZR zAoTNtN9*w*oj^ebFIrc>A1?^WsMMV64*pQulT>4yu1OjuAsEq5^}f~~uqPmd58tu= zEnbP1)J|%C{D5xm;Z7F%`#b2ShXCQb_X9$yB)VW+7mjL~p88ZJMB+v^pT3Fe=983iP_=4;`0@ zcL3a!#ny?`@Xgv?x_n!8^t|#kfKg8@Wl2^nGztFDb69E)A;(#`Mb^&#m^J&&BAS*` z^oD+pX2O$XyE(DVRLpjvHP)@Z?;+&JRQ+pUXj@i)`^3TQ` zA1&$RErQtxz+VAYA&#~F@(p!c{}$>b|5sO`|IfwczdR7NvHX^g`>$7-ziPUqCQXkF zSqNYup@lLlx#(R9{ctH!zl4H3@Rh6Ovo)I5&9rvvUY{Uv{oTLWBd|3uoBm{`KOt^r zZbKtf5@P_FPPu) z(~7w-TG}Gt2?~N25O8lmp@51nBkk+spl2E8Q)7-59`ZHQgFq2@9AS61oW5y)On-!T zK^EFT>XKy+7OY(u)5Tx}sY5Z2HCVwBfoUu8<-`uwymNUMuqqdZKce2R{ne5ZuV)9u z+9$H8ISdUbfnvS86l4w)0)LCI;&ejkohOWio)qqrOVudJF=hnmQp3*;2EtRQMirH# zA@5iQa!F5RVKDNC4{t%_%?d9%Xt=$j{(u61)UKK>OM$WxEzW6m2Z~W@=k9~AdonFZD4IOK;uk@$P ^VzxWqji=^(Z(*qRHD+lbTypv}{vW zKhOqg1Q6G-kOrCoGA@4j8Fg_VlUX#F)+R7Sw~55*o+(>u6o(^K!{TmHDJjLmv$oQ( z$`xXgDeG@)m#B$_JDw8H@Wni@F*0Xyuv($)Qi&4R(k=LsD9K6JT8Zg6NLK7bEQ{2u zgP|kC{rlgFzvm3yV!3auB>N}Ztbfhg;{TUI`R~|SsbKY;#o@f0sJY#-Y#KxJ@RSys z@I>J0L6{LF1q}G&mN4G+o7RzGVl?bsh@TbSfxVYPF{Ivqev<8-+r>ic1b`=>Z=9b` zaNWJ0Jw1Ipedx^!0*C>ULvo8ULS0;YS+{Sj*JU?57l5J9!D3H?<1!L`EBk_Uj-b&| z-}mafmc3J_U)j}CTiIO?p_sdln5sSl#v_a)J z8obkV5<_$9>cI&VU|GM#HKW&QjYWwHyQ^u^{jR6;kAS-S!o>-Y^HKies-;C zX9Q?~Qnh``yJ$AR7YW3mDW^>a+ef1UWe~(DPtF1@NvAlKZ?9m4xRU7oUx8Xd$Unsk}7o%)2;bv)6XCSlt;{w=y|xKFX= zLe_!uNP!>?x_4$z;*>|ghkJkb0%I$pcB1X{nO_;p3!VMMTG^z3rky6hRteb9Mu}VI zH8!gNEktGqU*;}5CulJQ1@<-HD3q9+%r{qbqiECkL-`d#IgKY!E{$FAYgn{akSPLb zmOanNkS^xu#vqdzNz4RY0B7x;n!g@=u^+;~y67-nM#F=~Ct~oHLCZb*hhroy+J|p1 zF4`8+v&EL}N8z_X(NEgAh_{iQpFerRd}Dsy(qCg`A|bT$)KQ4=O)L1mW)Jf36Z0jG z?BW3P;sA&LtxGkbDaNS!9na(cHuwL}o$P)l=w5-MBhgjiZ?Qm-vsEU^OHU0UO}K-DO3 ztgNhTGQZHSTvSi^eClG2S3@B3B*wkF-0+xY|5}}v$okxl9sW51zsEJg-vp8zjkOPf zq-knN|Bg?%almV`7i8RnFp~K#99!86u-fQkG1MDnhrz`$B!FrfF4+DqTn&HB^5OR> z_4%uym=xg=lwX(%B^)i&cwviRxzfCI4I)?{Kz(?1Jjv$R6cO%>dqkis7yvuyx+qj< z5t}(m+7H~X%X9%sY68zN+v&QjB8nL z7zc4ZdJK9>>5d|H@s6V(m(!BS&F7MCWLU0R?8|IPtx^sP44ztZ8~h{F1j2}nz?q)( zF{sLKl4~L0N2Vqw>A&wQ_4*cywMs zagIKP=~{q)812~36&prZ?s61RE-nqmGf!|F@io-V>!ab^(H_Nq@;#i2sL1T7B3+)* z=Ld_ML&vfW=?-+CX9#`#tXIj392U}*A9Pebjv&?IVCP=58dxKcbC4T3r%$w7HC`HD zXjc{CP0?HxHZf7B8)UTXM6&;G7umAsb4;XN)QH(2!uT1!(PQH#`!?uW%E?qWDsh~| z&%vlbOkf4XBLw+cX9br#S@tta`ifSglN6fGR214l%`xn3@{IGCCKY`pL|fQlEBtaF z4Lc~sMNn??gw94OkzTioQH>z<+L;P`DO6`YZh>coSL6qg*eErap*Isbocv3{)MR8j z)al*|Y9+^l;dLQ&!Fq$n!L``;iVQ4c>|h9cV%%1TjA%H4)5#Mi8`V}L*0odY!Crpy z+5g*!;@gOTVAeT*_yG%b!(8wLg5X_QGc?vrLeR_QrK0vHPRs`wi95`O?zEc+?KYdGDIzsnDIN_3&@X zp{Z;TK!-Xj9c-JXq>ie>x(?~Hn9brkic{sSox+NX32u!irMyGZ6Rt!O-<7-Q5wUFC zX4u37Z{?mxt*IUO7^rzuSPRd`Dr*g$2Baz~bP4Vs>0?_=L z9K@A$gluA{XnI{!MS3ff3V!y4aHkSsMR|_F^`$H zMKJYEJ4HCHIwTCVtXTw&=s+h$k~4}#Bmsl7qA?1c8X~)lYi#C)48ih^$2QPf&!qAVC%8-eimZcOZkbj}X?YCN z(LL>q;J1SZP+3h{F^4e+nBN4X()50$dj(HZiCbfys{yJi+ue|ET_V?Vz8IK*QSv6q zb8f_$fcLlSLXL_^g`UtnIH>taw2e_K;Ut>j3NO1Hpeox`U9nX|iG~iy%zuKdH3Pt^ z_Aannuvl%K2(A06$Gja%eSDKRew81HN^IkG6;rh$ZVk^jvDSW-)XLNVX`wl@!Ugf_?5NfM(o#GnH`B2MPQ|Q9+18%OM5!VXUq-+ z4$oODLcLMzyiD>;M`b6IU#+6v2j6CRt;7X2KAzAdFxd`n-V{XYyVbm1pFzLb2617I zu4ki}qUC@>$OelCz6ftgZUxrjfN;E=7k4(@xRL5`T^-Cvho9L2@Ln0;w1y-+#Xs`N z^ZHV}E=`}#PB> zQ!-7=q>%6nsA}Tzp2KO9Cu8mp>tT?wzEp)PcIUam=9Sfrg)JPRl}_&+Nn5oA$RtNv zXHQHufgC#Y<5jIeC!?970uCgPn={hyU{|+&u()g;T>7N+UXeq-wCD(G({7`d6(tkd zR}Iuk&^*K|kBg60#}&L&{CdPkVrV@ydnW!0!S0|%xN5xDZtC->f7gJ@HY#hY-57yr z_VRUIF92DFCF?@`7Bqv=UnCLaL8b`QaE&Dumn93|MlK9v+0n;l+hz)37z&8$nBe1y zY^DOQ#$0uSWD3_i9|U)*Q4|^COya{m@yb)Y-9STKh07Kgz|> zN;{XOdl)yvHSAi@KJ^&0&#Ll)N@7#1J-4>P)48Rl9RAk=zQ}VN#+o3oP&9y>D|2P; zXuU~BbOqrV+$~x=HIxbHfCbPEM?{C!9Lc39MYEQ4b8(}wo&DVQj&o#O)e>&l?U0~q zXCVoueUZ8gbc5UI3(HA`U6iz|QbT#wu$5XAESs18+pm5^aaPn)7g=}uF~m!YIL7!C zKFSHfDmLggHf-Qss5YCQV?vA+1D28~4zh%YdD0nS3W5@OUMGT2W%d@(%Qhu*a(tYh z;6BP1oj-kcC?v$fI6KJ+HPhqz8sVyh?yD&)?RNkYu z%0d^SgG7|<^uWnxuU*!^APqlmN47#adR@?8Bt+xE#Ka#jhjG|3y#MqH#!%r#^DC7N zVC1PvARXl?W@IBp#b3)HN70Zp4#Ziqx}n4fv#Od)gpJbArEj=V(gU)VzGXy)9pf>f zGIG4>nfA}ua4%;Ts2<>rGs?i=e#sBp>}{2un^oLi>B6SVp(?bc2`Pyg=^Z@N5-kD0 zYl~smr2;S3e7$6tB;R#RyItC4U9G_GAhh;H-TqxJ>=n}>{sZdAk13r0x;Xol74r${Dk`>Yg-QxS&@6e zQ!7jCh=MLX{xb90Y}i>5!#F>oK^=gENvMI$g!N8%2rzC$P(V|y7~a-+ zi433PEluczuC8MaM~u@o)3TkoO{RGLB22Qb!^KWokNpWdp|o-zHk_PdR{JIhU={CYMQt){#b!JkrRJN+_*osczV`JGl1%G|xxw zPwQP22|3T_&<*t1PMd3K`ZqWKPqWBN=#xq8qAecOH>70JQJ)Czpo6(n7*xd(kCy4W zVC0D%zOV}2D5C&1>Vz}azuK->68$Z6-)&dpe`>q_>&Eu~LA3m1SRN&RX1?&PQDTl*h;nL0hCk08e2114DP=lV)eUtnF2!9Aw zNnL8#H7V=T&JB5|O1Hi8S1Z2{3aj6f>UIo@DMoOtX4lz-7CYql6eGzhgVOKREEh^s zSGCff5gw&*vo;@xsRHy;*P@Xc_=t&j!4~~F=iikfLuzXmj{tD`e#iqp83^qY78;f;=MnKMSt%3AgVpjL$y28l)4(=`$5xS_QeT z1QJ72NSW`J; z3zSq1Rr5obdTntg?8ZI{5-aC#N8Xm$h{f}i6jc3=ZvCHyns3TQl}Z&vWsjd=%ece9+pWSJ`1`|uy@WaZFag%xpEpQ>JNxeb{e4z=vQMh(#Gs!40(J=Yan#}a->FvY&Wr6os zw`w$ZadGyV!)v;`hjHC6euVG?EN2qNE3T_Io+~4hujjW{+8>vLPb6t@jBqkJ=oUaM z+D%23j=lE7^RO}6NzP<7hbem;J9d7mx7(p%C>6}QBsDPLet=oLSxrS$9{fcYsS;-E zlqlS+S`eB1uMI{r>U+0XM}9rQcId*C{mOC>=Q760j?hRIc*mTowQ;as!`N3A`H7ea zrh~$M(Rs||pj^vMeRtAqy=rjk)}q%M@r|Ts{@@MdHIo1$r&wypp<&c3<~f9Z=`~Sh zXN=oeJiA3QNgK8N#6Q<2D@>xqbnqG(ej?YYA3Xv&lZ`DS7DH9IGSx!1L!XQ3(mqlL z%FJg!SeF0Fk{UDFCoWgirCN`V4TpfwbJ6ei(?DeNE$ESw05CD!PW04BdH}D`TA-fU z`rRXbF7C8ws%|BIa*n{(O;H1KUXj!PtGTDE@FD{dXh8cnMn>&{;<0NL0b6E|6&qEJ z5b&6T0J{Qqwbf{1pF;?QOm)wnMma4bb*J4bpiAYjDpMNTbhdC0sC!~tsHZxBdwL@^ z4$=VMMyCB2AqnJ@LR0$&n0VCs@$$AV;HTWJo-iP3{hTtyeUkuL6gAE<8na|i(u_$p zn#K5}Or-{@b>kl(z;Wf}u~Ypd4Bt2RAW$f-lpcW*i1WE^zQA-Iz4d#|!Qm$eV5499 z6Py>E^U{3Lh4Nl`);yx@W{hD)_~kdW=CH1z&`IKl`!{x!X)~RAJE|ixm1SVJKne zNF^VH9&nzzG@!wfV&RAzs~i!3D+4X!ur5B6)-vJs$K8%MX)xvs^{CE34j; z$5r4L<2z~>Ybnb1lFVr@smf1gTpubz&z!y2_ z9SWB}lOqLMf*!}45K|iVL%8ms1M{+=AngaYp)%D9fR*$Nje+v4s1nbn15H+BzieP7 zC#)M&sl^|M;m(fqR5CLqQU&2QA}92psyLELDmon~n&nfvWyKi-)9;}`x|Jq-Q@=(x zgO8xD1lFMo&l9=+bK`p^u7gMh2&i+X-bR57<=K91Y)&?YMGm<~cLgfdF~U&$y={MJ zdZU6U?3QXR|72YiX?Fk zt`Fam=C*c3%zRe1ASpNblMAu*B|Vfr`a^L(>*5s~ldaVahx5p8T$AY{ZMe7foXg!l zRu#u@rx*ljDb5QMdkEk~L~wS%EiOS_-o69MhTiU?0rNldU& zhwHtJ&_4Pl$i(t*6wrjUA?gP4)rBB6ZH4N%_@m=hrAY}|8D;~MfgwLrl)co>G}J=I z`V{!ow8#-fx&{^c1|i0Q4iW(nuaVP@tF~ZHv7y-3K?sWC zqxQ9h?+@SMi`qy}qCGcMvifaBLMr)y4VSC_Uimn(cM~Gttv5eCqWKIiaM$vsvVVAZ zbIqKgQ5L|0T@3s39@_XpZ?Q8z=pSK#sXb^Bn@kPoQ+747TpEoVC-=xJf;G4ZQ#S7W z5!{qbZ}0bKdsbBE6oZDs>ITAU>-Givrb`6WyQHKC+g0HXo3v|AWAyu!D5}rpQjyQU zqR4bqnq2*65Yk4ZBn)_3C}umlLfldKc+c4MV@KGtez76K=0q`Qgd<_{m$h(unDaoDDf=PM{<@?e|+H_e*^)XZp;7;xg_Gp9KnOr8ih<_RBq5$5?EE2%@Pk(%70m2 zG@E|n39Ik2T;Sla&dJlO^(Cf4WT`%^i>ZQ&>1^K6U@%AAa6aa=ZqEJ93aP5p@iG&U zA83!~C34R>2g{buN}GjnOq}a_-pWU|QA7Ajm@4!Rr?=c99oGnhkC;x*jIGjz0XLlf(*mD_GfYEW%AV9)@FPBD@Sbv;Sr8mIm z;bf--QZawCs`kO)I=mxyQcUg(P?JPglMtA1aoVOwChkA1K+L_dv9jGJ-SpoP27)q0(`p&nztZ zN9b%w{pOfqwkD}UE0DcCHDqvMSTGK`J6%#3zdvNa zq|fM8g9b$S%IN8lL-n)esD~#W4~!=Ic6lhOmqG{_&MjPa!$zg!kJk7+Q6NQ(`$Tn$ z)R)9-vRH^JJNOo?$AkaH94ygNu@fE*-ZAe4DsqN>fX##st_fWtd-xm|?4tJ8pD^BZ zX5X3ka+zgz;ohVWvBUj+_8bjk5!tEmG@=PvQ*XTt^uvOvZ<* z^2&F-RkE7`bLAc<6^7Z{mS?2}P9%S&0=*_8sC#*jR(s@FD$4as2YBb(I2aH%r?z8s z8PPU(psK8M-pBQs;m6<#UCyKcz^p>GKBJIAYXBs}#JY!8Cj1S*9yeN~8vqmfT+jz1ZowW9>0tyS8 zzSXyu0*0Qb%xISZxjfVI;`bn3FkOo0vTDioB#S?PJcq;aN1@afbiCa#@AN?kKJig( z#Kw-EQx4R(dO;Z%KhkGpZi<}3S)tYCTF=~(!5vNdocyj?yJJU&}qK|&KfnQ?D?EBS9Qsb?nCm1u_;JkDgzCx zan^KsRaj>rW8pW-^+npb_%EmniX3-W97o-VQmQJUJMg@K<5abJ#MHC(-5^89f8~kv zvuaW`wn|XStmGdzjxUs>BqOD5I$kqER_Jl#u{klh663K2LWkoQ_;=?dCgiuC|0Iie ziV@Enz^EuC>X#aR92C5Pi%EH=ABJC(y7URT`WPVQwIfL9?13%?#CO7LbEGS|eEo@! zQ^ys<=CkoL(Nuu=8qoVb*S)nFJb+Q*VD%ICuWTrOdzZob4Mbqywod;kYw@pO^xs&4 z8vLCR_qS}QWc}?8V_;!q_%CTOG4XGr_`_ckkcFr@O-NU$aJedbz{unb;b3D8d77te zJcWAHvn+aXie3->&sB^Rj2wHQ*8=QWe*)Fb)N^3P9?#jkzgFu_n!CT=pMke=Pza6% z@B($AKG1a8?u5OHDV!Ed$j_wuXEEPrL8GoX+RW&nCeDH{spx>_QpM2%z(U}{@Wasr zdK=8c+se&3HD`G`l$q*h>7a$Wc`V2@K-3zWJ=>#@&286}Ei&}#76=>8-I0aT`U!^N zgB4EZx~W)QsO~z|EARA+5crge#BL)1tLiPK_&tNeTsR ztdVsZ*{hYdY$x&6{4fz);zM?qTCG^9qi9*8ti)R>FCC#wY?I0q_of6K(#x3ArX1sf z&R)=Hz?S)j9V?;i(ly%Dt8K@N)NQ!c^mWUj1Yo85ofZ2_OCCtBLf#CZ=1=l1`HK4B z9OKc+Pe6RuEEQWD$<3#Klci#imla4DOrtqEJErrU2wj~=5j?2$7a2|9l2_7n{*rJ; zlkcjB`bb-AcOIHq9VBVv$Y! z`Bm)lW9WKU)#$p?4D|zbSbe~5L;y3otdqLDUAtcBxFq4}Dq$oTNquQ>Vsr|po#HoI zF=a(e^e1UBT58c%b*1#^&FLHMn!e7&N zK;#^e<0(b6DQ8hk47Vjhzlka0Co+aTX)bl#Me1L;pDV^f2OjMsM5&(l#7yM0blbLg9`|+~i<@m}dTxU)mwvrM+wI!$IJ& z4Z^C%_e)2}a_U#VCYsbrZY4Fl3{H@ayMh{o=+)>1R^ahx+;@!tGHD0f9LmJ;ug}U6 z^WXKCG=j{ttlB-v`NB9FX%wZd$0Ih`=t(jxYaCLPU?6s(!0WaiO9*=Y(?9UBJ2$pW`XVgHCiEi)uaw&EkWh@o~wvAN2&C@Nw-fS zE53_LdT3Yg*dgC z$l$MX_1`km{*`gY0_yeC? zzXuxUMv;Ot8XD7?2)$gL?DVrWCreOCfN*JPDQQh!>^j>)-mivZ74`yD0C)&qV`R*VU z$YDG~!Q^55gwPA--<<*XC{XD8ReW#428TimvD0=35m*4~G;Kt-sA{hTrY8S%SRv%r zki!wSh9y)VxG*Zlf{4wCH=X&-z--LVp}fc^cDWW5m41#Hf4WYBfihy<`(nNFK0UMW z1}UX#06Bv3)v>pvvLmr}QUIs9tMx{5JE;%+2+h-`DhAjb|LN4i1H2(k$f>^W+0uR0 zWq2w0m%fnyXj^jpWLfj@ql)?^zxcI*XGuF~~rXho)c`lsD7 zQ!CAQd+w&BSqsk6`MO|igAOj<(KA~qCaoV{t6z*Z0+Gu#RzY^&Fj7`0+hZS-F1R55 zvs??z93I4pHK2A2uDK6%-vc&YtMJ9OM1JNs4Kt%sbz(Nnv}HxJ$OvO%kZ-?0K8czZ zUfhYFTFV?`p^?sdAUFjDDM5XON5`1Vo7nCIOKX5C496hb=u-b}pe_p4a@E~wo9Shf zZ?~ij@v*yd3jWjcYgwNyu}}^ru$zu|lI7=ml?vB%CP5hoSOvsUUIbz_#iCv<+Eg5+ zTHjp4Ai9<8BN9>XFtrAHLlPRotD-Z4@QkcZ@}Tx_S(nH3Y3IuqbJ3FV=EFYfEqLOn z&jKD!8{_>!8knq(1Zc;4bhZu9@`zvfKEoX%4v(zr87+f+v8gSYvyTdATi~jm$Fn9} zyzVPj=*(@(s`=by{zC#kzNaA{ZpD!gX5z}ttsmkq-FZdX`j4K4Up{#2`O2AotEH=i zX%jTYt7*h$SQlS>FFWZy7|WtHr|(i-%c?qvAG94;^;pBan7c_a)*ociT43`ZmvMxw zZR3Klmy@s!WBr)r^J9bj332PnF%7ioaPF}E8*$iofZ}8B$TGhO?S><}Xv&=|&RbHC zT66cAY5GhdERkZu)@K$Mjy+1E%QBim6Ep>5qYuu4Ty^ge)Sn7iXAN3{k)JiY+zi0| z0^2LI1-SL0Q_&l~p#RF?O&GD}7T?$)0Qz6C;a@jf+5Z>VAZ;VAAkV-|_n*}Ee<+Ow z#Y#y4(!&LtSe}`Gn1B2b61}t!{jm+f!kr?()+|P}FBn`+)YlvfW`(6en1HTuj8tCLdG%(3 zTD&}@N_r=M%7>gwpQJ$Ez!d9>byx#>2lghU^ob$3BUEA{tdQo+SP9=09SxesK!{MF9xoAo~?2Q8V#IQ;y7|jr{|mf)6mwO}GXIbL+1Ua*y3ELGj&Zzxw|D zCs_aM_~yUUC;UfA^&jB+m(!k;y@8R~-=6%xVmpl*;GT+$i@YYr3^t-T5+Dc+=L7($ zM1rwGeR=qjc)um_z{|z4NC2TE8SISxeOnaa*D0DB)3=xODJ%1gW`C&jSw&R-X{`KX zd7*8A+FbS^@bY=o#cD&s7+>T0;r%(%?y#jb_3}0Cd=)wE^E^OLkYIzXaUm~BBF50=ct1S#snJef{0z+5WL#0mkLl}(JZVlXF5pnn*h`l!;Gq70G; zyGamdUl_Y&J;_pbt}i2FA(_?^tUc6>86LDgMaknErbd~@DaOa7WI&ye^So|UaOjAT zq*AL8jH9C<;!k3Shcs6L6flyq$||EBS5supxv8PGwjJQ)fR(46LSq!DYeFhX|SThv%nZp%Vq#lflKHX^bf;HlUkX%sx!}A zuKH$6!TRFbnPY<3s6*w2%w;{t3$j~>x+MyVvDB1KZNF*s=jhgOO<{X&Jt{25F7hH$ zZwox+d87)>Fr=1G5Ym1UF$^;t3?urf5_EB8s7@;~(St&iYce4sSc6#(^z;x#88d2m za{D2*Z|1O#&WL=)APJ60f1?%GSNrU#|73iHQ_<(N-P$4vj6;X;3AHP#7jdsd> zE~jI-JgFwzMlE?8eFGbY%tFs2Vl9ncFVE}>Dal*KZ)N^s8g$+fEL_M*NIgf#2usf> z>2xzl6wHtV0r~@>yS{L^6Or71BA2DIbRD-~beYG@B<1mzB}6QDrlDm<`9H1*$Ng6iMl?fJto5=umtGbfmhRX`#2Ft z_k^zCj#OpmM#~e)p`Fd;3$N9UlLudE(39V4NjZ_C`SW+X z?Ni2E3_9`CLR$tH7dDnwkBtq_Y3i8i>N{Q!cj^|i;#<#=PBcMISWzVJEeVccrkn_|G@W&+*fQcMA^VAjZJhP z->ammrKqixuN~QNbPD@`y45mesOO2fU}TpMO#;8Ny%tM<f-`3g|aa;hbp^z z#8WW4my5_>unPyjYZSX2YY7Al`k?`RYia`QjUCfW+r#S}@^W<2PMD6Dr@uRWzR+-t zGEFs{aeVRXL}C5ZNM3HF>KRTODk8aWXsXbJ!r(1Xz#xFE$7Ae@>5tFt!pguC_okac zmj)u(sl;c6Uw3jIdC$G@i^5M}?)}9-1zpwy?nvbOnSQ>Y77xKZ2%W@uHfOgXbL2_$ z+nzL9oUo%xz&v$LwLxoPD!RMeaPX4@cH6HkDY3?sBpYgP%*duy(*+Cl^!%_lcojXc zz~0yfB_k7t!E_mo^o+iA*(p}kR0~fZ3#NiGBO;`4KtVEfK}@ZtqN>%}x>LpgD{s86 zxisLE?_gEfv@U7EwT0p*^^QPql`2~;vDI{}^H=5!R&B7^x;}vLR7J;iq5-v(qv+K zQbS@Kk+)c2CchrFqB)z3l*X9Hb#f%zv1d?XJvF+JG?nOkC3d71I1uZQh4|C7qRAB> z=7l-28w@FCRoo470WV=_;)W^_hOp5!kYpF%I7ZRVx`C)Xux&5vs^XP=Ya|e;<93oD zm4gomFjN;c3`tGYZ#zXYJ_Uv`n_#p)%V*NY$Ej8Em;+$XM%&WC#j+ifU`{6jTTD>o zxDdRq>A}A_Rv~vdy4E=XC80t(R>l9oOGZMNy>)|Mw%Ew2=YV}e_DD#l1{2}{j{2mS z2POb{sJqq24y1<1d*vE0DomG)1iS;Vrmx>Oo4zccIuD!{a7~>WKiFWYK@25IL-gAo zLb*n>zY#Ce&&RT~GGpqmle5Q5y*=R2=~e0D+Pw}`ElH+CE!}BRIx1(=T|ncWidCkd zII-hZLySsU)@Foc8?nL&anv5KS;B7xp>OS@Yxiwiro60`&s>dh>g(X!i{cOov~YQZ zyYAqDdkSG8HM9(wk}J){!akmPHb+LRH;=~|6J_aG7_?20BM+%GvsBf*vbZS>5k|Gq z$4EDj9QP;Lx@`~zNnn*g3xHhC*i$1z4uGPlT69a7#eW(oC2SiF7+TJ!7%41fo*QKK zA0CwIT5{_;Oez{m$LIPmN)o2oth%G_0E{JcvO_VihsteOKC71;pLx#bKF{UZ zsHI;ZVQqc!r0gWn_)~Ou5h?Jv{YyjRQMv29@|7&a9#XI6kks*$Xz%?}x_r07isWFX zWV&vAFnj5R5y2Hi6}TgfwCkEZlb2QnxJtKy5FX5>WJ-(UDoL92o+_u(GiK^(%u|Fv z4~05cMs&sw1yA1_{z&xOh4V{NI!cXozxC`l?a8~5UDWDw26{CeEcdwAFC)JPu&Z-yk>sgn~G%8EYRCtRm|Ps}Y%lpPxGjDqEUyK(6> zf)+yIp$Qo?rGmejQE_KgX24g9u~DUC+ZAY>&d-vQ1C!4}u@eScHAJg`XF$C}d>@rJ z45ZZ|r=oV82Sr2lGKCjQXAXq3{+iCw&JD81&q^2|2ma__r?_TC22(J{w1~%u!Y)~g z%T~(s39N?CjBZE{%6A}yg24SorD#T!czfYv^f;K(H-g5z^ZZB<4o&h&DV zvph^p4!DaZ zdsDiqSE(W7HkEcNMz(s|nv*>F5#^h}WU>*&)5Q)`=MXhd2N@TK;_k17p+jsFuxB5A zLS5L3U}&sTZ8yCuDtpUvjrXx}dPOVa8D<+cq>FlvQBvutZw*}a#jX2XCt;yK%XyZc zJ8?`X%OeG*Ch$$GL(IecGx-FDy2@3U5ip{r*yqZ=jK^3rS}E()Itj^k=HX@GRV-vs zga=zCD8j;z;^K(cGXqq2ESEXr|4f1V^Z8W}+$TA#e_BE=@&F??mwnl2`C+!!?Q}n0 zgw$#;q9>G7bQ>1q8wRQMhQ3H7z8e$&vQp(LC98ip-!Nsu=fyfJ0KrYQ<`+X~!m#(7-Etl~2u;9KIx zut5ZV4idL7efYXG;@q&`A+)*ToPExf_JNW!+{H1a0r0r_ZjWfIc`OA3L-MW#vr^vx z2KSIqu*?a`gMruY@x_pn7%>9_q_n#jukvP=#)sKkQ4kMXKMV}}mLKR5r{FWBbVlQm z4cTKHw^)z-=f-}|)=R-Gz(jdIzj_G}y1_&PkR7If$x^)R){u^fhRowN-#wZy7cly` zX$5(IeGwF@Yj!@@<`p$3KOyE=HsPOjsiQpsv+s*nu%QQUk^{igj-oUS@uq4G|H2Ra z57&AiOcuR6-9G@&c#UbR5N6MZu2~&IUjPnBk-r8B|Qm8HeWsq5tKZPX?nC7ie)Q7Zb?HAW3N(GW}>qI zYpKZ|wKcndQY8tyNZBW-xg&jP@1{*92@ce2V#2PfHc>F;-iS{-EdM}`C$1C)h+*W1*%~AEqr2-T^!BGP z20v@ziH_l@g5gN~hC}EYCHO$&F~Utmr_s#YDOP%6e+~Bi7C@tmEW8&JH3yPLIDwf@+u-yCb~HOCx-J|p(#T6*6mqJ=*?xu3=365NE68tvieK@AKMDk#3sAgh|e~9|cojFwP?CO`V4pBFu zaZLvZti*c5p|AWis!u;u*BajW4^mR$veZn^nf4ZBb;VHASn>gfKd)Ye42wpbbx0N)e%x#3SQyy9cx>{gAy-pPQN4K_C2B?X&w-h6CmqHjb~im zofD{k@fO(Nk&z<~Snn(aQWlus<~P61-U{UKCNhkLLYC-DFh=+ajszcQ?goPkurhiC z>Vy<8-`Tty#7}r(=DpTfpGlu@)7XfbpP~9^@&(~uHd_TDC~0 z#dNd3Z9p?T7y+o|wnuj5c~m%gCk}t6ygq~{6dvg|ZDi(rY%M|^Jj~>fWcRvYnZ+AS z2u})qUiNtV_~sG?;DRjN_HOAY(5%g3~-ZD6pPpm%#Gj& z%;$XIG=!aSPGxbxbun4w>jcn1zK40B|26u>;7wK@DfKy?*sUbZ%$iKsMBrVs@14uH zZ3Owx82O7y`Dc3HyK3JHm7iBw1n=Ag@8tHIr{)0bMuPQ`>Rx$`#yCKeCV=j+D;2<2 zMnMXAsUxsbR-i&JurU?V^rwyPyMz@d-;NI~@IWcB4&#|r@cZGO;_adB1kdO%s@aU1 z?Y$`PZ5i#AmOsR3kC3USyO*M!NFMq@Nn6Ir>-O5rjo7Q#RP_E_QB*2#u~#WkG7`2S z_~D6Ndx$%?e3?h$fgrNV9m+@^JHVeKHysj6O>WL!uVOK`{f!_gojh#AQot-C&?B-X z_ZyBtRo)JQIbfigF-BA-aRXcvVY-jZxnEu5`&LoL5@s7tt{V1|P0);waZy{XX&H60 z@?-GK?`*N#-Guy^jZw%~Qpgt@e1|m~(bLDZ&wyxNRLqhZp1 z{+^GEwJl?+_mMzD36+#r>;%tehmNBxb4-}Ih4i`tCDz6cQ`mDJ!G54{i*!t%w9yy) zos5r_Mq%UYsaSbN6JOR@k$xNZv+fr<+*kA>{C@HN_<9BXrWEoR5ac(Tt^f` zg&Iz8;#s%@!^oBTWU7j2BvcbI*EwA*>w9heu|(1+jxBjgBPa_Zx2o;$x17?v$ex`N zvb4~AI|^45(-hkSIl!1wvscdGS@mu>&#gG+kq`>VTaWwd21H=3300!pJ-R15Ol_Ie z6-$iRNY^rnD`_SCUHvxss0Bbjc>`3@75BB?Y*e<-8YtGy`%^MSXOxBWJ|438)piLZ z>^#-;uAhbcUZw6F;#*zDiF`upF8uaW4Gi=(Ok*JS`>+Gt{JH)V_S)AiVg7VyPre{3 zRoJj~b_nX~-55v5-7ZCi_jLC+1MaZ5T^o0}D#bc59Fx>&=Nh>Qs#%W!43p2A@PIvV zCaT`D__AeMZ($~FRtKL;%6{i?R<}K4pw-p{js${GY-zWB0x0_00{2WXbf%`9G-&f^ z?c>#SvmK82WIyjqoZ=WRRV-~F=|Xm3jf&!JlhrCffv*2Xd0qSJ ztK0%Z`LW4$XVuLdY=*w5Wss|(F}oW6c2@(Ceor6kEli{D(~*9ZQAGiHa16hfZc_|gtgc}n~1Yslsw+u?0`oFswhKL`>u zLmrJVL*geLvW2!nnu}x!WJK<_!jbn|p{>YpFqD?V=tlas2adFa(e0t7jYyf(>B0Z0 z?k*ekowU~snpE3%0I11_swv`RH*ejt@igzcQCAnmIFvhiOzFEj;Y~2~_W4Xv<*?;$)*&6`=M8u1{V-3r|2TWjv$QkgKN)}cMvb20-A7!OO^8OHdzBHm6 z{oIU=FR1j2b<89>ZmTCe4%QWa8Turb`1L~(k)+YD08v~MB5om|03LwSUuFPk03vbn zEuc`{gp4C1C5BD!97f?KFAj#ZA_^2k)Nsb^%f14Tk?T}I-PHgX%SiY8# zD#u>9uasQd?uPM>_}R3teb|O`YI*LEspT5dIsr4K&SK>rXQShm!oRRZE0xF%>4x9T zhri7|cWB)?d-lu}mC)>Iwj$p-i=)=LN!274rf~xY*cHuqNkApeae=6(PUVq@8IfxA5wNc#`DdF_CJkX$;*d-JWV(j@wL`pEKr zDyw#oM&EE0@u2L~6m*Pp0{<^!V}beKqoSiKoR5MhZw%5m(3_%oow$QjnaVvbKMGe7 zYxzw?3=yIlpc|Hx4C`h3_k1YHymcs9R+G%)Jw6h`>t#@*T%4ID5eQyGlyk~htF_Uw z!gn&LKSu*gkMdLKYkef0C#bncT$rDu2BEOFbPZYXNzgIUFRR5BRB1@rHiIG?V7M-V zy(D^X^r=}H`UYu3;r1t=LYTn!OamUue9 zQOuu9ccWWEO~9lf)~7Lth@N;qEV1)G(8{|=n+!&Pm)X|XX4ukrK4Jc9esy3@xujx! z`?k&hzc;`BRjKgrhvqB{Tn+!DNa0`mXkYL1&Bor0-oV!2ON2ykNdod9FqP{#UsHxy64FS~U+u1-xSEp~g**)Mw$=Wf@(Gr?tO%gBnu^to;BO%r`(& zRohomC|A~2TbLFaVp)W--<+7r?5bR6V0)Mt6h;Xt?KW9sRl@Z)wyGc|5G1r_upEn_ zb3&pE2q3td1o|Hd@%K%&){{Pr?p0dDwEw(d90G0bqxR3`|Naib@=L2tL7WQXj|`@e z0IboTU}-VD>;SuyZWSY}aFu;{XB^|el!rHf%~Am|$zNd&dWVe+XlSppGuG9q{XU`)4xlKEVgwCpOym#7*OrJWrkSr}dPCCoP_ zgOr*(F*$jhs2Fbyu+p`HDzIc@QE)n`9Cnr5KI~~18RfBXGZ}9y45M9V?Davn>=EcD z>QF(z*tzq_c$B2ysP&RJ|1GtEwv3mSxP)G_^kvD5uahl;)xPy*$?<&vshgH2meutn z%A*CLrQAf&Egi!(W zjh}ATooO5UA*feotY-IliG1jqEDy?Dor{d8dekD^0+<(O>BB~E}I$-hJZ zjA<{mw=-&&tC>>j*$7_-YL!CmWs{zI#qAfEnvR0HM4 z7?Wb5ZvrTe-}xE9136PuLlq2) z|b=%%%-Bo!L(RqkL)t-l(hBcPj;RB3)d)J z<|1MKvR#a5DbnO-P5-$V6_n%iDZ8jNNEtZu;8tES;9Ao+il+kvLmANCdJ$-)lq7gF z45n7eu2Ivy0}0$>hCV=pmBfwXK4L@>3uo~zaz+tHC5*iZSF+DyU2r|@CLH0<(FS;) ziy~X_L&uCkuwayJXCwDAkm_E;=PIeE=*v{a-MDBuyHplUUM%L;0MwguSY%eS_1$e} z0t~uy1eel5DXF3YWr}o@_#R#w{lXE%fSfJeJ^1R(P9jXIPFRJR8*D+e{N1p`b5kAA z7`Js&iME~9HJyDw;>B79Og;ySgU4WjfDAKuA*T{LM&rj@@6P${kDGiV-WU=o)%^>BwMw^iPVZZEOwEm(@nzP_gO@AlC?kM5MRq zqI-L3l57(Tf`(vWJ;6&-3;O1yze|=ZvwF%lb>=*8wDWXC40%b^RoiBYN{r_euQ6*r z!L3BE5J*H)ZhL`YVPZxJU|MgPo~c#e7HQO(%Z=iFu|LA^=6XP5Y<(ZkZI2DvQGEy^Ltf6U*v*nkD`iav|gSPr>N!s%3r z@r?ewE;u=cXYb?(K!<$ElNPUocw)r#7VItueNzUS6dPGLHkQw;CKP>D3>VBJ2fNX6 z`&Mc*G=a;iRp2;U9OMDbF5p2s(hGauc=fH`2Iwy&04E^&75}Bca{M0}>VE}Xh5t85 zAn^qj_SOcL{{ZDm6)UB$!6R>YNf1&<Is17^RW7RIFF4msr^ak!49FIPOeEtt%8aC$rliwfJFiIZp>PKoBpQ>z3?fO< zJ}Z9oK?NT}`;2z@VmFpqq0kgBji~go^Z}sP;AvKeB7Pijml~ltBupY`FiY>H$!aV% zL2cM)qV)aPpyK9PdI0USXcnAlwH8*y>}`8&enLw-M%%17ljKU3FhP;F(5o`|A!CBT zbMZvFSdJyqY_aC?!f|QsG4~6zBkoAHAro8%N{HkXt@Ld>V?UI9b>9C<_sU-;$#sIY zwWEhu>cq*2WT~MfKgQwHE+h1D_@aTd!};Jwe)Y&}X(iwFLB7MZzk-EgQ!r( z`YYbS9F0q*$aBahaNp6!S#v_ulsR_|I8@>$_U&*}O_P8gul{L`1M02T4UXJdw&(*< z{pZH^P03gGpO+NgzUv`{4uApnT`mxx$JVP2*qWKwYeHrLrrGon{mSZE@7fkn~4fCU0N6vt(dXjA7V-TW1pfM7cp194N4&9ahZg@vh zdTP!O2~y1*R@sYgY)#HWT74|C@5ZSx0yUu|IR!{G3W}6b2B~qG%ZC1$RIL0-dAxR{||ZOzZNIs|6OtZ zqxi-(|8huN_U;<9Cy$qk1Ob8&_#s~}hK58A3KuI*07?o3H85jf55gFq%D~){qhe8B zxuROR0H)d4IA5X?Q9>vV76GlQ)d=HU-_*EJsQg)_N-MbOaA900^DP_y^Ux=uJ;P(d zrSty1^HMsC`|1h)+kV|-1S|(EhfK>B+MYIwHaZO)1aY|(dUe|nG%4uCGHqtqld5ow^I=ChXp5xY$Gh)q7T_3!gRna@5%w7-dB6@5Nl9gJO&S4<`S6x;%w#_qu#d5og0^6EM(f2(47iZ1#kPdC)q=uHScYO&{~VmL86|T9TG#LaOZQ9uqAgmu0i-vXjF6X zqibS_P+pU)wCtcp@suNZ@5>?@n96&qIXbrKuzUXs#Af&=;T=tfkKcFQxxHqzbgb8y zA_GE9qyF3QqXDB}S9z$}taf00VjS`erZB`QC9Rfl1K)dQCYo%I%aX*EeBcsF6V=jM zBqfT~s3NrNNbk^Pv@7Q>qcyCios#^1fhCFw)aq&n(3j&pqxP7%g_znfq~MCQlTClR zBeQRn|A~+vgC?s;I5OFzZ24)gQ z%L?|e9;!-rE#eh+&1R?F^@r`6ZQwDfaUPL~C<8Iv%p>-3v(YA1-6KH%B(|P?KO?Q* zf!duAq}B6T0F0CoJxbelH?e@wBk369H#5a zALb>QX4%Of;tDXQM1?**aWpK<^XR-ZDXC<3_%nPDp?+o_ep)dL)nOv^@Kw;r+BWi4 zc1dM;cq(%IY}dfLBu}$&6L141;)W9MFV5V@2(}XG4ZY9VDNmH%19M5Cs(%ax25fXU zz|8G6(irivBRa@*2k1eKR{SfWvjlqrsg#~jlr}Dl=TlAn19W|tyTrOU{ zGgNwOvHB*0yy`t{^be(U=RWQ-6K;o!{H4{GJ2ud39~;Txoca7fnH<)C_+{Q;E^Fnj zn$_xot790;Lh-#$UlbNbAGW=a@wbFb--TKF@kR}}CbjoXU*|XQ6+Ye2$Hw&zdIWmH ze>0mUFIMO3%7w8H5Kj+$rQc0qbfsKOVIYWN?V7=XMt@B#vn*i9Rn%f>@SbcBxb7A{ zM>&DHnI*C7CS9V&!V2LOarBFzp9-C(G_IV`@Uo}K565+ms$1GXDYfiuXIdTgGBx@c zgo`mrh3wYDssEnn{- z&8Z5M^~;H7rN@&=Q#6f9GDy)H8aSD*v?_)yotz9C(`p2RQx>qU1--1E?`Z&OP4fDc zWV3XdxNDL@xEp3{56mvktztW4K*S1$#WbBD0o~2p(Vt7`na=Uk!iq%!^*og2o*Hjt zpF~MENvXsJYx5#*WY)6Xu!YT*f=BY>o9kJ#Mj}d@B1!)mjcH>@<73Q3d4+TYUvOoS zl1wVq8H1Q&zf^^512I}1)sAx{9i=3U4}I#Q?Qsxy}Z3$Upf8Nvv> zG6xKv`(wsIYzc?k=*T$6ZOSG44l0^*w9T9cF8HUt9Tqb@N@WRp9^!SSMWlw5++*y8 zns8jDb!@CPQwdla1z2U`@$;=M8V1r%-iA9JVg_(gJrID@3@(2I++U=sl5Yt zCZ+gua`59-edKukcT7qXY9aDf@*G&?gB}Gv38=lMPN2Wm+M*vGQu+t-OA&Y>iVQ1r zU`$d8vriz_-W^Z-S8vRf{OiJ(uxjb57LFA-_ZoiZx;@vBS_iYF8kQ=K&ccA>$0M6zj|1jb!xu1+_FtHjrpb*mx6f%T30*P`8L;W&~l zG%y^5^G9o&l*Ot-q`gFyiyb9MZ^R2n0oGUGdB|0CpgMdA&}ok1B4oLUKuW_eLdg#3 zky#3y2J`JGC;*7%t%P%6(EzGMFCq4?37%*r(;7mD`4+u#M&aW7G3RYCUl4)vg@Ci%h zG^KK{NPmAB8<`X)UN8eBUU8&LBlW9)@b#S-vpTdW!5W%f#uCq;NifhY>;F;tUBv4} z=vB^K;{DUEp;V89ED%1*$zMbamCGqJgNL7MdkRz3cE=!PwriRPARF`PQ!gr@**+$F zxqAM&hy$(5%ap=b#^^#a!XeoO&FH{Z%Y%dh=hSH+mpoU-CiQ;7_<%@mVUIAHA%xS4 z^cIX0bS&HrEWVT0GlRZf z8Hsyie92O{Q=1F?XmQ9^dAG~z!Ie)5X+Ikp^WUe4;MGgQXIN$t9Bh+F6fj{!PBp)) zri$t2a0NzXR|O|8$+Y_eH?h+*)=I8yKJnZr9jHRdWFlP;O@`6eS!+sQOTE}i;8!Kk z)K0p+%C=d#Tn&vzIuf2J2MSu=9|@!n7o%S-aycsQZ^Y2b#b*N$x1`;67_pU81YPvneoZO-T7R6QZVk#}KnSHa>uXy=|7}{_{E7a?WKY!T~b$PEoa!51b z(lbtv)F}h8p5>y}qdL^*Zh>;*A|P^S!C_a~a68;UKCBsboke+#;`chYS#`zd1QQt? z)b6?-j3j*|=hUO5bfvsKL3?#f(=U*J|%qP8Ly{Aut9`om?7eA02#a;&@>5Db9 z12C+v&DL2p5jOh{$J(FT>TTn-NF}=nlBauN4urTs4C9bwUi>nbO(~PEZ9>-SzY4^)> z6|xhGTsQ%d0W6`T0BTt2twchigtT(>KfHy<66e=ayQY_1+Yq0Nh=MuUi83D2GYR5Kvp=xKe zAr^gF=T&cs<P07m?%Re6oq*bp&TJ}!1(b#6AaoO_ZVo6J@f)suF8H#X1IqYf#K{`eYmz{$oVmrzxqJ8VY#_O{XWm=Rz`lWX z>q4*?o@zmm?N+yoefUlCz93Z(d+5f@N=Tbm4l>2tfqmjGy`Y0G;MTOnCONbNh8=_R zX8@yj%w^pN$VF8^^Xq!MLKRCLq5e}8FGh71f3@>wl%;*a!v}CjvlQk>8hBT3*Xz30 zHL1^mQu=c>jD{c5?^m%inydD34_lq?quzoaMf~+S5PIpysDzvs)dw zH61L8r#3_07-VbwU3v- z2VR6h?}9_Fmxzt&56g+oaX%~bM)V>9<`(SzlD1Z%?69u z=aLi6gY~_7@cMO|ks<#`$oOo~6=Zp%0%VAF%3{l^^L&s+$ZPl@BgQt%uQ6}}0nm3` zY#fx8YR&Qf%@bn zcjOdf87SA`2;*K8RdVRLB?(bKGaC(|=Z#S4Z{VH#kpCg!nA?QgP?d@YFOO~CJXG-**52f+gK`B<=8Zk1 zbLU4hp{LxSH9+`-f;ie)l!#Nb`0f>>Mjc z#0i%2gf|X91dI9tYs>vBz0zf{_ovE@7XnlB)}qc3CWGeU*7RkUT*u*(@dv5NpGbt?nkT9BcJcc;=%$*WL76FTb>_Avtj8efjGi1O?K`6D<6jk98fs$Q^bYCSC zt_~9j!ic%6sOb(E@IpCLM2-_U5G4WKiWQCvx5$V|QNk6M*hB(w>fk4uWTJE7Gt1-h zQ_Pwa#0UvQ@vxU80r_(Z)g!XB_6VvwP_SI{igiCZ7&T@c;ImU|tL7Jk%C99BHVT(H zYHkm;6Zc+SHwd+9!hJT>9OUf5E0p*C?hcwFTY8u> zh$nutw2+kJ3-($0MD-7Hp@q+30It&?<0xWsk7!ZeD!bCI-$yzDgcMJR0y}7H7Wo89 z!9qZMban|ggM4Vvmvh#G?Qs2C*NeXOKLmRDoAS$YTd+Sj!aot&;qPiHh{T_C)^}73 z#hYuGQY$Y8??UOfuHD*57cbqk-w1@G;f&ET)?C8?(g2^}Tlqa#fvTl{sJf#;+zR7f_Bcw7_a>QYP5UnE?EI>N z&P`IVj1u2aG`d3PKQiJgAE6FwC0bdsuk$y=0F=8*ig^a`;CR+iO}I<+jUbjI}raMxS`<40eS zBkO8Ye;cvy`bGY0ez<>qW+})Hh+I!}g}x}Ql0)Od4ww6QWy1kkE9|Czt}6mee@M%R`G(%!JMBv!AKzzC zkRm<2-r&czoep@G7{YoLuPIwq(&Z@fT^1^aHWw-?c$T0ja5=JR`cK+C~eNNAIdD&@fB5Tn4 zcf&3Y#k6)48O$h6<_9Dix0Ide0p+nRZ|7ByI`}kra6R(A3w!T(8nRvJiPpG!zQK)c zDrXeEsc_Y@)JV(B29(U#44Y zE~D97$?SWy&&+S1V1G5r!tLE)XwkoY8~#dl|M!#e|NU9KyuFR9+dt0YttOf%0$RbR(1yQ1}b7S+5#ILfMJ#P+VKk@%V;(7i0HdDW^JuaPrZ%`37F% zK7_?j3F1*N?ca4sEY^z&PBUT73t+d8I`FhAXOGJ z84SOdwt>r?*7npTgTjyLSlGe7hxA4aN;{`i2|S27ZVvg>AY~|4E;CQyQ2WeU@(TOz z2N*mZqNU5*Ydh40H%WeTDdYLOeQ0JUHr)Kxe}MXrLV|zq%lo&^=`X#;|Fi~I{%3@! zmO8~KuJUgXuvI|~`D;NHKsqojiSqRg+d907UAvTXalr@5XAl{c0`hKs*yj+&q-D9^ z34*d)JR7l>;p`FZG%StQmef7M{SN&3_`UoDT`hO+je{lw9%Ul+F) zJ=#8R_SdZqnFM@&`Z)IFx+P1|+72MW7iWC@d!|9r<2d|76wOxPD@aC1^74A1sAAvi z4l$U1K`U&%L z5q_f?Yd~O!la<_go+S8G;>R%niH8%Cy`>^X?!sjY0)_jP#FnVJI4p^*rc1IKD=bux z#T~b15K8AJlKW!OZdk8K2lW=2(++tJirGuI1!FJCU%e(qy{L`C8&z90c z$3)#SPA(p{eq2-gl=e9i#hgww-B32t&%Z49oEz6qak)`Nw6f8!@Oenex+9lqUMZ?l znbwZLY7)+oNB;=HYbmR>>HafN-mQ8^%aHYM{+|Dy60E4KswHU`426MwFH3FiI)%_X zX$4cgmkEp(O6^Ix%ZaOU9bv>w7qxc#hGLX7?WaOwYH$-d_Upt{6D9EToKn4EMJtNo z@U{Q}aM}{2juOGlY(5^euWH+xq>vsvSvP~kjMsezg^a}xvbx0$^4%N~7hhmE%exj7 zByA9792{wUZJ4fC?Kr(JPP+hv_@{ zJLW3y0m$R~+#~czu`8l?K3)yA!cX&|T(me0@{6gNpR>}i7PFzhn8kmw+v&9jMY2VJ zox`&=v=a`m3X??NwumSyE0oQu%+Oo}QtsI%lek~k_szVQ_~jQ zOOrL7Du<6@Lmq{UWNqEUlO({1qc?Y`>>UO0tOxv4O28D6M%`DCfYXj-tZ z=X(+++Tj+)N$ik4>(p=Z@4@q?zdokJBC_c8`+GP+l%+*SdclGldDu|5DPosBK23-Q znb2a78vCRz`fFx*RE5g>b&PSzDR>DyUm3* z%9KRqMc2@Kq**hxl~am(Ze4}l;9qeC#tuHo60aZRDm1svq9Bc1qgAY!MOXc@T(6jB zaFEE?Ea>o!*wY|A#~TKgSZ%*W9eV{oWnPDF5jG2AQh4(nE#MXniTd(fx2KI^WJ`nR zf}0_eKvuf%^u^sCE9T6IVdj{JlFgTSUMzb4VCg#h@?7`)N>IH?5O$L^!d-N5`|?~* z+A;(gU)#w`j5l=)Yw-TtbNy#g{`}h)u2+3sS^s{=`>(Gm=6`H^RV zlUZ5K^4M%`KHPZxczeHw>HePNjwGZlBq)a7hDoMVZE*wM+!SQqxRH{iRoy;Qajm-S zsp;ByqqrQMooXb0ZcA>&x%L<|$sk{Ljcd&|{L30T5kcL<@s4OX2Q1cUg9EE^0{fZ7 z@y`5ckc!N*5tOD#r`pZcNY!LwRLQwfU$Cs1VR0dst{GrMsDw3#Y^C+2 z%#;nUja8Dvcw3Lzc%^un0=mvF-+CBaAheGJ$Tw`!LAQF0Z%*Oy7r~?I1`NvkXl>j(H zQTyzk9e%qD?qI{GD5<+jufD_>qz!}+SFx4f^^W9_jI&^dowKHFP*8bo_IeCRg`C>D zY6-!Bcg0IXx`szv{=4yA!W%-S7?C=O@Myx{AAi%CkT(j%)Gzs|#D4_Rf1gbGFLXxG z-rU&CM9tp7*4D)SpQ0y48M!a6mnl-<>-*$&`v-{5I!`PQ3L`4TKMYjBMymZs?YfmS z`nk>R7Q&SnW-}>bK_H?LJ@c*eLr3%M^UKE*sIL?UBZ1#mMg$=lU#%#LR?j!BwOfup zqwjauUX^N>6oZL{ZMJ8G=g>Q^$`}A)d7OB5f1Tdor(FJ`BtbwbLkuJ*5uLx?GAuSQ zjw@Y~r2Njd?yRNQGBGI|s>=GcWFV1(+@=8=nWQ-}o(c5gfw|eh$q6^AgGO^Wfd{hs zoEp5@j4!PJEQZ}voEx(L$Q-UShc$ywUQv^3d{@G_t?(r}T2pI?)>_f$;aUp980FyP zVq^_9PUACVIt*JDqITt?qCW%YR&RRg#7A023l)*8uE^CQC2i_x)3dPp-GUvZf3GLl zq@V!kFIoqf;UC?>Sn^iUqWgUxU)!c zQH0!5;_x?&1&Bh<=tz|sb8f&7`uyP#wgpBdL5|)TBX57pUoR5NjQzflt?WM{oACcx zSMv|nDr{nE;AH9ecPO;1ft87XrR85z{r}~8Rj8t6gDrycF<@k7HR!Ai7tQ0#0To~RRjD$64-(IBeE8LMC?;|o~pA; z!XXd~ILl-pq?ot#p>9=(s3a$Zbq51kM8*TOagSLa%+A5Px)f#1oT#ENa+Zr0L zSR(HBtIBi|b@Z-=pqoyxWoMn7>>m-CSkbv3!Q0ALBS_YLzZ)BgX%h(^lqfSqlMJNS zFU5U)kK+&ZiogCg3$C9f^;WN z!NTL#ErR!LaoaoFz%=mLdQ^&fqq;gL7Ryx?4=Y-AuUSj>L-CdJY8f)qjrX0Gk!3|P zlr(A|dc|SMuWdBQArd7aUU|oFP;=;P5*!9f6Cm)x3UTw_;V>`i`XEZB7rb5F+YdP) zqKof7bjnd%#EbXiWSeCDSVg+A^N__^Z11PUgO^~3(-u!P?dKOXjKLe#r(#*aRgTM9 zC)L2wFzv}piE0yg~H{ra!j z^0h)0h!=F!oCDa7HgET8XN|XTgG-V3P4ol2O+RrZU9>SGVH|r3j#qLhXPRLv(aq5X z;4>`S;Ey>)ve^B30cp?RX8}4_Iv9GOv9ov5GteKnqR)>l1^K<|dkT;>$0r4lQ4S#s zp?r+>QtI`32GaRg-$;e1pAbTC@ME|5!Nidb9PuTznEghUfg&FEz}pUo(u$RGPayU% za~oOIGBY>(loG@e^uoqH!)k|*7CDf6iaB2GBFCc!AFgm}@b8y*yFSC*3H?`Zvk{bK zi3JYmL$CBGH#Y&>UAs7+AcxN&d(YV|W1qcDJ{To>(8~}fQtG~#C3M@Qb&j-2*Gw82 zRF0_C0MtS*?Sb;UsBPA8Y2q75Oc1rBzM`Z1MuO?ZQc`!?nd~$=oxmZCDu_vyidcH7 zPL2*e@*Z{t0n~W8zmec}M2J7-3k4wlqr&dr8xZ~r;7b^rSUZ}Vnw!`wyV;uj1MxHe zNq9{7SH^n}5FLF(8SJn}gnuZ2SB?2GkBT3uYrmCKuOF>(eHr5L`)-Pf5((#T+wdoR z1qX;A8jUR!us{C3o#1_Z= z8GxCVc+)%~EI08q(D>7kVZo?TzN+-secl37YLim8l{s8Mr4FUguZJp$1J5#zMwa$j zqAY4G>KSv16DKo&Y@adC<@i>WvIDjB%p~iI^s$9*PN$?}rQzSxO?s@WO`*xaM4w8+ zz8Q@)`Ta4F={Mc`Wu=@iS;&rE{mLmi^1gYKVRgtLvap`lv8*kv*RE5qsDi`uK~l7>?TGVn z#Zvf1d*^w2v|&1+^Ko&P~~@GZbgqh)2knX7P%>>7}vxtu1vcJVMFl{cv(+w zH&dhW-dSVeJWw|zgxAJbpfS-5p02v?8EL>&M`EbNONFf|EVEcBzlE}BS~E@c2>SB{ zqv}#bgC~`8$fNF+pUD3@C*zV*lsNsOP)GlfLb3k0d#j|7jj@T$*ZrTO@j}H>S!@Bs z3bv&PTs-*6D@k80QE z$v6#VLorBGG?~aj6I)5)u&+?v1zHkM7fGaO@IUctY;X{x@I464->)ol{K#TRR5d5J z7>vQ}g@kF1qeVqFU1YyV{jN%2p(`@eULrk|eUy~Q7lyKZ`_&})?wDo@^PCir*&U#kgR*7iO&{5>ne%U3OMMkyFc^w&aJiG?u^ z!WjMA%a&B&xS5109Dg*>1|rp`m7cFk??c!06&rt;J!o&YC_x{;JsM{;NOUl!*i(@& z`jEaOU=U*fGa@5(s{~_*l#HIC|9#fn8@!%!!XV4e?=ox>rj-W`GZ|CQ2<+G8&F0@! z8i%qer|^qoIsQkE^q!}V; zJV8Ri+)%&_m+56o{G_NE#QrM9(>Ffo{!U=w;842^XxwFVd3^7H*KcWG^sSzGht9t5#r=(cp|xDR7I*S zU%TszR+X1h+D`b?sEcN`rdU%`yXdu0DG27LZfj(zzIN>`%&BKMp@F+JfA7^ahV_a& z&e4(HcHj>VfehIa?{LuTAQr*+crDybex;L z_qpTTbH_M)?1%65dstPgs#aCaIsaEiDpQ$rP!T~E5DS8DYpv8OTV95qUxe|w|_^4M$MxZIL^;v{BUR%iG%!X@D0eF}dtuB;|SQm$;fHUQv9e|Se<7(V^u-DW=PI1c9z?JlY zIJw=!VMtxG*>H-$MHPj@?rn<}6Bg3_b%{3Dg zlAoVs@oFKdac*8`{n!LC>`1UC^ylYQw$cm3W22na+dq1NOO)*f$^lnhxFgt5w_M?H zCe8@{`H8JPC02%3dxeH-y#rdIxMFAMYkIB5Rw>Z43$LjjKk9UnTG0>Vm`=HGS+Ty?bH z1-yNkusTYpRoX*&7mqHL`*|DL240fk1vt@cLbdlY{f#IEHC^4X?aX9Wi{O`j0WahY zR2&RNIMy)0L~wr$35AO4otwql#*P1ws{5(&+5WmEW1IsZ1e7ENeT~>hNBA}LkoJ+f zi=_F*$n_U=1dTJ-*RNO?Ls6?{1y`6a?d*y4dxseZbodqw%J*a3nk&RrZ4Z8BNb-fh z2WXieBL9>yR3uw()J2Ea0F|Rpl@!%!GgTN8E`56jqL z$YgA0K~!Id38mrwqP$5rn2&6Dp}qvxZDSI6G4jWsJTy70TZB6suk_D`4d`<1!N&?MoGVDqBMDcZ75!7&Z?w4*T4VdFc;K+*O&M* z(%x6m^M7xX{*R5M_@B~T{|hu5m)NZ^z>FR?V=uQ*UdA9~Vse=%3nTQ+#7bCLSt0^1 zbnuXpvQ##A)I%vhE(m(J2w5T0$f!Rgq5k1H_u~Hc`4O;-4-L=>O_7&~J>mC6p{Fj; zPAs#gTuaZu^WY13xCZ8)p3!nSQ?`WwjGK=daw+sA?b_C&`;her!&jm!Xf#7j9kspE ztwHQeYofk=4n+%Pp_1xqgu4W$=MB6+~K@UzWtNcFAM9KEQ zNk!CjKkaw?u=Cec+HKu5geKM2mwQI(F^*rx(Jzfn;eNCv9h-N(ZNCcxP|50K-4sw6 z46mJe92Pohfu?v#u73029ACq=^Ad;B+OHVV}Nj|8S1TEz;X-;LMN^ovX;VgYhO zwkvW4VD~<}|8yDueP@JO98unTv)7$AT&Uz>B&B(1p^_Z@%@}C`)T7RnikGl4UE&3vS7;_*JP0>KJpUw$+LzSJ+tz_ zzSTZEnjAMJdv}WTXvz`N-w}Az1eRhtU0xANc=X8vkl;ZNK& zvNlOR1m~%2EnQijQ;-|-@4kssJok)uROmu?;rh z;RTFu>ZS0u?EaQxuvY_d~3hZ;eH$Bjc zIg{J#ZK{wW;ABgUXwq?<4wtfp+c3>97mPv+J-o^?;wEd^MyZLzbx}n`Qx=ZL=VxVv zE?{~WnkfY!47O6)qg$OP=EGvhgs1c(ruT9v?~chCqWpY#-;QN48a0@hZ3kKr*s(5Z zDpNM_>P!$j%c^KS_aEAa51*UPpP;%mj_iJH&_hGZ{X5{oVYMSkH8#=`^TnsRqNP@%4I|}5r7x1#D&fb8m!*tg01<%nFH5{LU;ne%0$Wl!75|D95&S^DEUX))2O}>ujvsblbG8FVnib?c`i$) z&|rsC#51S|77}n)6sWJiK5|I-4qf1$$7DbUw+*>g;8)inI$B0-qKQ(d>#^38~d4&EkcAm+OhWr}%g7b1_1um(djr928#awjVWq>El5)Kt~Ov!P~0T6&>kJ&r=p zKMltpC9|O0KHF`Lz38FhadZB^)7ce3Eu9^a2eHohmsDe?x|%Pq9QglcymVH1BUhu+cPw zxu!sD=n)b#prMwEj=D;Z-EnKRwfYjgg*qc$PJ7_s2=20cEDhs5$9(I^00g)K^PV_2 zED1wV+JjY?P;pqvf|<-Qmyt=Z25L{xF5Iw9Gps6h%>&Q9oaJ=27N*!}U<7?yCz= zrL|e4)8am|h4l+9zK^xSpCbp(=~;_@(?F3nG%XR5uEoxYt<9^x3{x;e{!7U&oG85b z8bU`(*T%xM7cPl54aG_@ot@TGZcUy++h8_{;1HELi(qS&XNGUN8W-P{j5FB_r)3H9 z9^S%$)oyV<;-Soi7itbqT}NZ#cfmU$^IZSihpU32^9Kov^C?Hqi3H4h%ZX5LGPwoC z*e#iYGNbH%R|SnRWJ1P7^95vHMA;jTw`{8i`lFfclyXwHIfp7?7 zYEFjUbOd2~ej`b%6)z>%x-jJGo!-}h^dfajK)&FhinT|98Y`SBiWLtSeS13J@FC4z*Jduhp#2jyLNo`cwechSwLn30 z1J`BK*C6kSXduOX1uabSuFqaqY_|R|uMIQuNz9KO!v%ceDA~g?ZlJ+GtUv{;!;dxvp?fKUPd2u{W(t5$@Hu=KlmzBbepVpEJ+k!O;TK`ECJ!sW zds(y*MfxV+1u9BkxB?OcyPLYlA44 z=jcZ09?rdj+Ha-A@MHRe=b!cg++`VIK(^z_ptV`72h`SxouF-bjexi&Sw4ME%qq)W@gf^^%#U3=p$IJP2h(Q^n4X zSuU)gGzO`m0Wm38VxN!F)ECBUI+`=0x_`}kjn`IJYhy5SCzTH)ps_VE8OwN7B_reu zX&qSNC0p5ReU{YG*RReDe&A}AK_bvdBpx}D<~0|?2x!%N#7RSXbElix$C*A9GS7BPeX^o4rJ0VwSGmC?iRQ0 z74wkL0kWgfyrXgEz-l+z})-gENK_GV=_=x8TKQSmz~3_|wm zKEXYhZGoI+>x@wv`4yb5_9KMh$T?-Q) zl_y)J@IiDbY_HJ1ew}1I#UVIwI$$j*EW1pGnPhK2(#4N^-%+~q@z6ck>cC-lAEE#! zrbu54sF8vftr0HG>O_!bzCibupwPCI)VrkwM4q*QW6B=y^eGc2LlX)Qu$G30}J`uw}SbN8zEKpxO zimFM5@DtV^Nrq5e?{Nb0ciQlGSmgW9;$ zN@fSU3sxW34K8lkx?`%;lKB3Gs-Am8=}?VrV}RERx0{sc|&Aa}{_`9Vn!Q`KA1 z^rjeON~)w<3jI+L%P6+Q;#<&REi4z*zLe%m&N76}Ta_n`fyM3-r9qG;st3Waf+Ik8 zY`NAQ1#Y2DE%vf@TBfd~uLjr!)j;t&`7%x*W5*}QfpZdb>y75vhldibMh_cD(FYHC)ReI>kc4?$lN(cq-xIt z$Y&ymalgpem4O~B?@-7h|M=lQkM&w6h^)62zq~3Lx3UTqmkCc3f}LuH1Dry?WPgg$ zdn%-m(04c57!^^Gi0b~A@jVbJt0QenK7bFo=2ij|`YWg9JwlQhgVSt`{^{$yQ!?|Y zsEFc^J<7iUQcy8q-+|xGX*8 zyN-A&(C^sj6QC3fQaslmcko6N3;AgKBg)5X465f!q&^+4SW~(*e z!7MLvDe(>(Jh_FG8?%6Z`zx^O5@}M~xiIbzi-zFKV*E-`1h07C9M!N}V@9&y<(nnc z%&LZWZ09>UPkvM9G2cVA`NTVq@2IrAq|SA9XN$H2+R@6bIE>fAZ4$k1jPK`ljVtNf z$$sMVjX)u;o7Xg~xpR5K-f6g< z>`A&VK*_otz+4O%knd4lzd8}3tkEMJuZyaks55In(z1C;)TKrz%j{XR`RmP+dpqeA)2wS)cq78%S{YD6>w31BJrQl`9~0C$sb#t z1}tjxH7icL@|hnS3}j(caN83>RfebQ7C6m8v9T&m46|F_3$f!*6`5r^Q#P3rTpmxgEa>%b<#q!tfPHj z=ZjK<^B(vxBeRCIEVuB2hhhYEtndiG*5g%G!~d zq@@$2X(*GG)vNz5E_7!GA2K<(31eM!?CqdMma2<(lst+Kp2?fqc>Lpf_TY$K0s%Dy zG08rfgp|rAnM3_Tj80>=Z(rpTSEx+a#zW?r9(8P<(OcdvrpP3dBs|9?6dQ-5E9(7p zEc)QsKI*Fr0zN(38Om)TQ;p4Vhrlw7{+#RiBT2<=cX1P^NGAa2T}rDHw+^`4NCG#e z{MW9l+c}38PCSVw+RLIOoaY>=bFc}fn0WvqqtH1?nvDN={@M`g2LnqS<-b7px65+(kaSCKT?L%7jC zAda3w0qab$H^4`wtLFlXyi(=ey z+x^>x{ywcqkHP_%uhSr_a~w@Q#)`6=sA^Nk&D>{eqx*O~bNK~*uwxX2%y4bJ_cWfo zb4lTYq6!BnYAeEI%Uqae-$Heh)S>O?^Zw7lyUq&Xw{2-C7~fIkoX(x9?EbcNGN%~e zK0x&?^dH^BpffOZLBG61cT-GbR8vH~)9;R?WF=D@`;OpkT%AK?CVaXL1cx^F$+Ds={xP+QtF->p1G-*#)SUd@ zd8Q~0B~$2~o&*Xy(6IJU(jJ4lLulomDxFr@W$me5Kk>TutyM3NWF?x{`Y>j)_jv>f zIlz|Zte~iGyP|Z5;0ef^FWAn>D|$`nI<`EeyR4!!xFw{?P%7;l><;bS0_t@6p&aJj zZmVhhDGUxmKG${N+&X1;GdhOw_JLw=>*$VAJLKEgbFYmW>H234*2fo!<~@aq5!P!_ zKk-p>WCZ;;RE5~58MZO6nd!Feg|uTdY4?|Wg5~#!fVWh)J=0QEQmgq*o;pCpy1ak> z*`muIY1()?v*=o4A3kBd?OVemlC4|{Em4UN{1R_rYD8Ggj6J3>vY}E0{qSoU5eT== z4<0g7RP$Gz7pg;2`)sOjKwpKVbcKtxO3F+4LBv)O-IMZt_}em)598>D!4=p}tug4t z6dmR|6P>l%uL}3@EP?-fPG&&X{!Vc6zQ0B$=8v}NcvlDM{o4a?clUA`zq-Xz?rhc} zah5DFe39UNF(k;K1Gh@DK+;fb4oTr&_IlvOId1}@5Cpn9}sA&a#G)cSs zlIr!s*JSIiS(tftc9S_qv|2KNKK}~Oa{8D{C*qR6W8QQ;sOuvrefRFvC}PfmN6P}w zC6dO~%mMUli;h}ESWQ;}F*z=J{~NH4hB8X*fW&s>#1jm3M65W4NlCuxp}(>)$1nVS zTzFi+-DB^tds^T`U_L&_nh=RzsVnS}znI!8*sx)odV|7n2h{F!n>6E1|B_S`{$mQ% z9&84W|4nVU2sY(upg0cJ1S8ewVZSwqDL26zK)u#+(AJ6sm^-}Y zsgGwJjis_pSigX5W?GKwIkyfGk~_`zN5!+v$Jdh6)2-*4Lpt(j*BbuPx1>?Pbn`KX z%dpR+mdTTv-nK^HCEuyC_EAjG{7$^*lVA1%>PueWB#M5IuT4w~uVpct*tVwez?@f~_X>TFFw@MD`KFoW!U10x^5cV+wQuT?cy*!h zn)|0+V%#PE%(3n>L350P7pz1etNdO;Y%7s073_%#X2nIvbYg0L!j&MQozQ2>luI7X z$^_z^t7T`9N<-)k*Rt@<48{HOwu*6{%5V@rbg#LOa}NzuB33f<9Tr5?u!-J30NI*G zldb_h7w#RZssSz2MKY{&`SP-wf%+M2+g$fblm2n543LB208Z6_h9-+B^FeewmS=&M z7G-cA2Om>!;H@Y98jLBg|MD_eQ3R}i!;(o&(LD3~7Wkz#?YQjcZ!1+ioUUUd?nctn1_oo3%koQR9cAmJeONH;y6pOuTXf4>+?H-N z6Mp?WZJmv18zIvh_{SGL`V!%^;0`Qqy!MIS!*^-@{Iim0!{S>yw=)a_XV(<>0Qrw` zg>c?lPm5acomIL5!!nBDL`O=y%{6+?L)|&PoZr7wJ?%z+q6uou%CR3_qtaTki6K5a zh#K&zwk#)JQ}mg6BU9Ryq@P`ISkG;Mc_R%_@cccTm^XHGc7CAD*>NOzk7x@b3syt5 z_e(ma6xxXfGMlD&C*LV%NngEM4O>&>r3y(T#QrRq%XCw*bnVy2aJ0XNrVc9X?fPZ> ztG8-A+MP{y>|=%LE{S};Q@@Io4&01E^6x2gY@sQesDdR~`i%q%N(bwHjW$rO)zW#S zC$RY2TWY?U{2WqZals#QmZwm8M3#CVqs1t$!W0nuVJ~&H+`K5v$RsaH#bX3Y)Y~UR`oZkt*Cp{eYN7eib>D}l z4Q3NcWhQr~R6$)#Cd!s0sNHH2D;Pf*eK&O~No%W*o@wv7YfTa6(2oa)@0?>LLO{xlwgaf$9XmltN(wIrw zDmaG=COmoT7+>mOc&H3trEC68cEBABXtKq-;l};M-UOz$@l zA3Jn`J`e1jG-vf9^EDlLe$H4U^v)4)0$pS2PDM_|f@rlZX%<=|+I(9~ z$4X@+?ReRjHe`5VOLnhq-#WNmt8Z4q{yI{GKHCJML68!}|1#M@YB$s)=f(Vo?E8QURl#@qjJLeeij?-i)DPE_wYqMd68wOnR}Hf9Rek7#B@drHuCeOqh{3 zc`N0k;VWOZCIHXCd;HL)$l~g+9R^hb>+7o`i0`%eN2(1(6m952!^7&46_xSO`niv^ z!VxgaKoWZu>)#xcO0ORW!36m9xKH{q_{5hkX%?ES2c-LxE!`AjBhX1vfknUrxAP&C zo%*MxwrWQhlhQdz8BJ^-ue#-&I-`0n#8PUfQ)Nm4E$LA8(z0K*rZ$kil4#od6;NDF zH4(*3Y{7_nz3e<#;dna)iW;2oUc91gvcFqHv6Va_6CF>oGc+xO!q*sP;_Z8MlV#o2 zhx#CJI6GsnTNq5w<7tZcC61c7T_Pj4pCH3i`9=f65J;&hjr?o~iwpMK2}iuN!87TU z7;D(7T0S)&H~TXNcuJ<6;iN&HM}zSFUO{T>?b7z}84Oo1oN523!x>*BIcC?fv?XO^ zcUgdsbYuaY^Kn;}Ky(d-{&h}Y;y|3_432_WSCf0~^d* zgBIs?Y>-CghZ-t)y93f(Xo1^8{`u%nI&KW>-GVm0>X7-4?oh_sWP#QPu)?VN9KWYI#YM2%?!e1hybeA+sL4SPP1jE{K9NxbqXNWr) z3?eS$F_mI;_fX1;X3vj@$!(UFg#W1V{tyC5t#C%-n3d3iqkM{IyijG)942_z)W!*2 zSUT&S@2Clh(K*`JzyB%X!qPt%G9zoG-U~s_c!@_xi_tsx@h6=-E7T=Wi9m$T1h~QY zg|&dgmFaj}GxTU-=d2@tK8}A1OnGlx0oUGFuTFCrS-trP09=RMx#ix92GWj<{&Fl! z*GFNDQq^T51ofmQ%D}tMh(o!1q}32TBY>+}6^PDQej8;dzL^ z5kvCdA>A+*zL9mqK2u?jYNk~2CpI+SrUaNO2#xeRFJ905-Z4D&lihrU-aR(-D!$X} zsUxiUOx%V?-A*X+BG@g>?o~k)Df|TIzWV_tSl{Uj@#dNryGd5KtNhH8CSQ~CChlLI zL_*}z`_opR*xk-z>9HhqPyCy87MnE}f-NT4ze_YS2n zexi&ru__H2PsmXA9ODy#uRO>%N?y~G! zCmFm{2f879Z(&+QJ)@LPtQ1t$K5;JNl)G;xqM<)fQcwN~OZ-)+q^0;^qA%&Ko`C-+QV_c^(hkbX>674?m}qo@|IPZpj96_X&!RZ+P?Pl&EmTMEG_Pg9llpT5~)_`$TTXlJwS?p=A6>bNG3pg3L z8xKSB?U6RzDP7BP_H+9i?71^1^7X3{d+jd8z?Y89L9P4*C1CwT=J#G08fb8X@UZ1? zlzDXZ#h;x@%x{W{KwIwC0rVEwg%2>9Zz^28j9Fk8V@ZeAKKh&faS)I1^s4qVGJE>f zM{t$1JLga z0V9}w%grR2P%II9c!FUtP#oJC_{G52(PwJqrh&YC&CJq1#D1GVJ`)Ju7eSj3DNA%+tlxZp&dD{;g-8M4F;h1>LPdPsCN(sYlOJ{YeFoAZF> zhB!XNo}18P_jWcMZCB<26vK_O-6wMcPze9$4CfoGx<|*4^AX0j`)!)EEHBQ1zQ3Ov zOKO*&9t6ovs5q3;2u5`vYNIdS7E`4bXSs)}7b177$4|gCZ0-rav>7G189Z@oT-#4@ zIzrV1__q(oaK4fZHW_M6tN)jz#0eu-4QIV8AAUit{9MlcdcdmlO5#S>-4jzgm%iF{ z9}~M!7ZEdHN%1dLCZn$kq7tD>9=n|?c$GTxACF2AwdB@EyhS5gnq0(_8oTV3pr67` z;g^fF9+YMT!6;B_*t=yy(2=Jhk0A%&%y68xzf%|fem9DIPjval>b}H$^^0i!ao`4g zRxaTz0oo|_>Wu#z&hHhYcN-OK57R}3#CFcQ`041WF3K zkgZz3;MVIDtpnoDGi%hI;Qq6TVgW%T8k>+4&Zc~4j)|_T=a?yHb=YFgpi9JEn`TkO zS)>r=+BG+zI`wuzmVA*t-@rk{Y6v<1ScQKEJHL-dxzxAWg6S)Hnd?LIWK9 zx)D)a8Hty6Jn)c%W6m4PE+XTL;Yr4Zhsg)6JMJGzvi;qOSI!o{)^|hV7_(p45>k#oJay@7xzVH@ zZf!_EIcDJcs?M`ZxvPpfAl|lBI!l_11&uf zZ^k0^cXwbAf+CE$1SNI45e+I%Haf&ws^SkF(D56x4hpf?O5_+Ro2Mu#|Fzuko&f_q zMGz^%VQ>1F7MVG6&D^*zHOMMUjd*fPBvr<~a}D5g$i`7txG~8u;+hSL;?^+CELZU) zTBxwk66NYt85lpRD#)~-GxN2D$_A0+41d?@#zShJ@0L1WC;%x{6AITn(MeFQ@5I=` zFrlL1X9!tgy#XT-%nwI&7X1ndiAtxlL13!VUNOwvLay$)DdW8~ zLAxHfYZp|jMG?2qm+u(V#PV&xbP9TGtxaqLf#&x;AMTfCX#d6d%wvZKiR>!%9F!B1 zVp5j*AVbH|O{E>_$a|t}sHgLf!J;gNGRjAt6vK0Ww8400}$_QH!mh6^>8dPBn zc13~Xn?BjcWF#nv6mts+vo9FA8*^xG5FB%Be#h9*H}FKuAKuVU=u42_&$Wm3gy|dH z8^m;@ctg;W0QMORc!Pf&Mq&p4jDEi%o9s_;#`cdkyBcXBa|A8)g zk`n3?$)+%YcdGJzj0ttS#Qlu|<|1f4Uk)Uok3q{xO2z_=TS7GqmBpwsNnX;v`N8n| zr`e`|szt08t#IZ0sT`>n_HeMseuSDNL+&^Fa6hP&w2|QVSt$gnpUiq2f493Ysqe5w zKbR?UHHbU<;z^+q$z5Avo1xl^nsB`5HhMWXpw9L(ah97X{Bf{!0m+7_)0hT;<`^n6 zkxxb_zk0-Orv42@f1^Uo%R{429O!mOd@ZU`1C;?k6oclic_>l>OO~AC#|#i-gs&&x zZ+ODMBo|qao}+@h76z8>!8-Eb!-B;_%t{h8SpuIEUC9^tYMtHOW`c!E7iOfX9%xop z76C(E-KK1We_Wykwm!x}Hn4t1-of>KCjNO#&%6^bBjLLYNlb_+OdLOe z0Ktm(p_3TbI|)}giKa34QRy|xmI`+}iHVnj(m=(m+*{GL_7V;WG`=^!BX6F^jc1T^W2gA>e6}QFdr1eBi9ah$T8q-MJGNE|PKEp0rYiJki!c#*3!Xt>a+W7yaLkQqu=o;Ql-f zvZ}ZrMhZWGXPhEAumqydfQJkTV>3dD1dWEHvOpZi;A_#k82`eC^JmG$<^uznkn0gk zqL@kz{88&MJRHza{^lc2(nT9R_Ll&>Am(5fo`tXnbz~&72lI{rO@wDz|D2narwF3G z@|G8w!e4v}+1IpX9nx@>aRITQ=3vcy*!$jI( zC%7>2?LX>wdw}Mnj7m_ynty;Ea8KWGWG+ zy)ZWxoajMxmAWdYWNsXbXlo_Pax^T9ert54Tt)>F#>t>S>Y$}!_Vg9hJ8vwAUG`BG zDjFv3-0S^~#X+qNaz2wwNJ%FAuq^Rn5vZ$X8MZ7nUp&TE1`Q17NS+pFzUggfq4B|A z_FBI?5V0=%));1)na~t%2Pn!Q?K|w)a(_YF*1&t1=;L5XJ8N7H3O}!E)b7aRbgE-S zYuE?x3wV08d7}<2CDUf>I{O_dyrFzA*CwA@3CBt#Ece7H<7zqc!>b#D%|e%93Z_ji zLwsnBUD6vRUQ~pvs0?LShRiadctC?M>g7fZkF>$2Nk>-C2-eI6EDYj^&zYOm`jSsf z7}wnlKq-TtMC&Alt- z1!;6u8(|qxwT*dwr*wuK)1cg5jOKC-78IWV+66ge%!+yw*>_9*Y$oWOarj&5p^P_d zp%@w|9mlMci^x+98!drN8Dl{@j*Hra$O48eYm=T`hhk8zFxR=G_a)ZwASwGRyXF|> z4xFZfUfrBstkXm#;2BGIQXU!FxH$+5j~GhwXVsyn?&dfNq>$=8gUP7WDEk9t6THPf zW&<0VuJpRq`}Ee6>NiF{9iz&XLa3$igyg_M+>&cR!hlS)1_Rse?YK=^6d!F30l9&u zdi(xNm4w;^ST)n3PPNTF?%dnJk+T;9-OO(FTi#PD*HFs7v)Mjd-4lKpNk_u2mH=EE zC?`Kv^n#$fOErkeOI4ss5y*TL+FIL6e{aCOm6DytIlV!L7I1X76y0FGz#JFjD42HD zg-7Y>ZTvedohpoBkkME78_B8j*NTqzpVChRoz2d)B}VeloqxZ%%9AWRW)8NYyB~KW zma?Aa6y6T46LJzK1{Ko`x<^F(K98O0;9HBNP#v_2pRK zQxCqqIPuV=Q!t$*F+n=BXwS$=TQEWsnwP3&i1l;?qo32V0#}471TId0>FCKB zeDZQD>LF#s;O#m%leI?X80B<8dPM5(xjW-^F>&@+n6N!!{xl8n24Mc&XLja_$Naa; z?JUHIs_XR2s$b`}FnuVZ2uViQ(S94T(s@vpU@} zYcgThs`Sb-UP(ap!V(Ve6MQw>-(|Lp^r{xS6EzVhj$t!5``D_(#>NGATt0nEZ|2fI5>>Dk!IM#gn{js8stqK{OkS#=uWTZW%opHd@?%geUT;HMt|6{GNwg z`+GK7fvm;_x^$cFN%FJ80+i6X5eLE_BliGCYk!oJ8TK1w$kObdU^10cVIHt{*}8VF z^&jgS8m1ee)LUfuts2I&FI)B?a@14|^efaeFt~PQQw#U4okOtS>h=d8 zYd7KAKE(U4UK42riN}3mwD%jBb$lU4q7;qVpHfQ?*tDnxBZl_jVWI>2*7j{Xl-}4d z2Ni;yZQ^v~Y=r=n)$TR|*3O)2RfuXMV_OpE_eobb5Rj`2`U z^n94D_psTJ2VkI78a{~FMX}k418sr{0E_r{3@D|mc}Jl*Ic2Qs7&{5H$M5Q4f5v6+ zIh-fp?AL+xu`2DpwGt~H%}9)qb6cdQZWVvt(+6fSTcrRmZ?e8(RiFT)z$eV`sCQ-q zUq$5s5iMfCP;s~~c70WeG#os;JGs|`bvAEp3r04jFe_PauN;;g0Ox;%5?#&`NzrfN%gVCtHxqj}}<>!zl3&v8VF7Jp|;l|yT zjGfV4Q7uQ^9^$!mNYvFH)s=`ja;cwBbDYFMXB)JAlvO<0u4fL()ORWxLEyER3_f$? zGPpPU!Bwyg&%M5?VNhw}SE;==wW&5dT&IM`l|Mo(^}x*Fg(^>Z0QJBhm!I;tSNAuy zK`zY*M=7ksS+Lp}<-0!K6&(^eY zmJzfv%oQ8%OYKdj%M3qHOXM=nZL$AADcQ78)h4k-aG>M6jTwFbmllq$E2EZRw;y0UNf<#b?%;gu}h|1(XZvR(QPUCtf0%JQ~-sUI2X{cWk;)?a4v63ts z)iIf{zUbc6eo-|=$(_k*!i8+YrDA1?@}coj(Vyk|Tvyzl8oDlaWocfc)uvfXPv`r6 z^Dqb(rQH~Mg1BN-BdO;mdoaE?ychD}jADk*=~i%dq0sJfm46wBawt}sd`jXv@{o%=Y&7S(nv z)@JP0GhtP!TQyhLL5SuKQ>Ym9YygdO4v)IINvB)^rTUCe3e-DwkNex<5j6o}7habd z8mZ$ruBD*PI+Rwof3Cmp4I3j6ZM#00@JDmS0j{?#;RvAT6fXHVH-t|a2t#zWN;X8zzfEc=;o!2pUoQXF$KeE`YTny7(ih%qY`jKW|) zBR{ob!`Tso>1Q8ALk(nnTVuliL)u#gXAY!Ux-OUPGBYzXGcz+Y+n<@4nVA{NTxMow zW@aukGq1ZRdhg7{oxX8*75b41DWo6Ln^GQ~d`|h)?y3LQ7ET$?mXq97i56^U;&k3L z)hjsxOpc%04$Dp?kL}43nK9!i)lT^{gHK3g&5!P0A-AyiZlRXrRW)c7qMiXzWz3(& z;g4JzHVh#a&m1}vXed2jzXzOrnvv7@oFyLtpcM8b6gDUav-RRRKadX6=~ZY0 zIc}-{B=VZYjT>ZF_}>-bRi!%HrE33x8%wTH0oze%g>)HPybh`eMFaeNR}IjAwL)F!0s19NAnO2xWi zbcfI-qZ?d5Kygd$K)gy-+f{XEX&SSq?E!9BRKNO0OIAVUB9+1_f)a=hh~zz zR!?w!ZL9}>3rb?KRUM(+`4knyaisvu}O&yPLquSJ>qw|8cRXpI52X^jt3uSuwWzBi6d)1DQ!N zl=G5YK5%wE z!1Nf_%#r%8lljbpF=c(Q@wIW;!^FOo1UI)XM=|9Vmasa!|7|I0)M>W>{kZ`9P!FOe zV;x@A)}7~LW7LpH-=?);WOUDHJ78y=`~{32{6>yKT|w*H6xWv{vzRpCqyJJ_dl0pu z%ksz(>+x#eIhrP94no#YaIZ8dV#@`w%vz_?PO-D{bM;mNohUaVGWJ#l>xB3i(UR~q zVJVuuJGUCJWn%=fWH}0UNO*(Q%v`>l)hJ> zdNZnfGs}H@l}ng}%FUu7JBllPBOvg|F5A@<+06$83&_6k#&j+Ivs@fOAcG@yGQ%#J z7gG@Qrp_)a6Lw?F-a--ZoWY&|=6(t>M$prRPR`Lmn#ISspoHyfa{H+k@!Y&-Y2;3= zu0~2>*vEP^4Z9k5I|L94;glIprFgfzeZ023s9DUkwPlO^YS^1xDh+%1%=Te}d=#jD zm%i!TYJTxq$F;BF%q>{&zlg6);bcL1m6v4@lnFItVT$q8^>m@-DactwcVBe$!mnH| zG;!tuY`$8P@0r4Wv(n~oot@jlfJtxN_R4A;TgF-l7w+%(6V)}fI_UI z60|0mkRw7bNfUB&%ACJ}n3gXaJAayJ^y68$kuGIiW1O9X7Dx^hkUbD7y^0%Hu2+U; z#Ku^O&E?vD-VQgX0l#+O$I4;$ZFE<8X+M;t%ygro|uznbHF_%d}hSoGz8f!VS8b>uetoNZpfLJRku4anlnqmHz z9$E!~T+z}Hqa+gK3gCTcNWR)oy+D970c28-`zqX`mBFA>{%q-}RuWK%~D4oe$ z^)AiPDKllY%qrErJY2a6kl@GO)?wYIVf~80M;cv{ z>MFkB9hp1G(&FEso?mxusnl=Q=4ZA@EJ-mP8+<1wi>D}GKTxz9^iC3s7pjNjRX)UR ztytS%q42h@Gtt7>wX}scYxxnNQr&xt&~2h!0oH6D0T(3F66Ww4{EE>$pHEA8(UwN+ zK;*ViL@%x*i|In*9#bC1w%kMPOhcXTU0 zoQE!2zWm@nNX*D#3-60lgARE=O0-`$yQD-}%4Xy-CMwa7U$#bnUmI|VH@}%z(H?jo zj74{KE*EXncAYJu-GG;`X6Yj%O! z-a6$nZy=scz?Sw}Bwih#r$;PzNyfJ87#@#Ki;VBzgdZBn=ff9cO7PSRJaGa9MkyXZ zuL|&)<+wo%$StU4m3H|a%uSK(V1<%I&I-m=A*IcWwlpR1Qahcet{&q;GvqGFH?*5r zQir9f9>c0>1n1cG&v%i64RoO3~*0&vx za=z5NdMKvq*$mFkWtkc}5L2E!K}z#D*o=6-VLsu+u;wO#}7!0 zmEc9nPBVi>qRsZ2wbfrPv=ywcBjc#5?XT=#H8q@@tHUp19_T0IsF!i6S3hhYT-;w| z-5+3|D?2%Af5xoB4jYf1F&@IG$`|X|jwP`TcWz1g?&-44=C&-apU7>T$uS=4*jGQz zd~d%Ue{Z9{B0a4MejnnSLD4+a$(uld7wPHEt#ldY`Qg5IHYH5#Nk$A^KdBrVzF^%SqnP!%wWzXJ%{W|v}T)7{9L`S8@|^a?n#39 z#d?`6{w}+5mLmP`y+IYf;sbCOripb0*6S}NU_%NTt-<}ZmpROg} zFR8DO=+8H;k0+nHlsN*NF@lQ(0TK)QmWS=)&-T<$uFZG>`07ILOOz3NL7*ju>hW&g0eCfTP*_bGa+fdu;w``}_Nu`8p&1m#v!^|NGCT2ii(&6M5fapTI1N z)1Mx&#YcK4=`z!?CmcaJxpPdz>3bv2(2h|+(_jB2m5qA6#4x%r8xE74SbP3Y=+?#FdK|Goy3<(agUA_|ia>&qrtKy125ZilfS_Jv)bIV4jU03PKm;NHuo=W2}_R&K#**Hh;6h2HOUf)(nzs+RExOMg8z zr}PC-P|g(>J1Y<@KHw@LwTxz54*J4ysA$|3IB)lTS|Q$Z2g!-sUjIpWIBz6A9RDUf z@cdhx*8c}(?H_<=$L}Wy@DG~SzYs9lN;+~#0?0h`vDOroNx;FtkP(JjaiE~x5gj{X z(m>%Nh&R2`sRr#Wn@gLOrF=bKKPee9%)D-Uw~eD*o7TbBc;WF}{%$cjPV+onW^em; ze*j$rxf+7wqYIG7&?AQkE-tBT9>h56vjZOD*d)tznzakQ6SkYP8QEkE%C$NOvoMzj znrL97hDfUygC>7hV5aO=F@V&!Zt@Dxq6tvP_zYm&CZsD#Yy8pN=U*&KmRz(jF`I7; z+lyswcGc~oz2x?7dk8W(UK}Fu9ac%yYSVPG?w^B7_!PwcnV?mRJ!##7h#5r`OaNCF z&l=)yVz$X5oqP=SfiA!qFv~s^XCR)%L2}q;hhb7*g2+pS135`^(3S^Iik^@?hyEH7 zVq@QI0~L~7|Dx7Tbt1Y130-Oxdc8p_WY*b6XDky!(sY`fP~+-0N=)3Su-MW%ZY}i6 zi|#NU(of%Q|GA{Jcdt?Q)QGyddG4D`=v?xr+(9|WI`ZT11pUT%PN+WJa`dd9I?X1X zl~Bs|zU)NlS(}}9fyJzE)8KlWL8PiflNgiYUAFM-;Tjg@Xf^W%xNE0HYyR$1>#7X` zjA%E=W#Px?atYk75M@4w z2{z~!J4gJf#t+B1^>bp1i^J%t&w!{-z$xhr*S3;s5nZCLnx{na#V3~bB>ln|ZLLO! z-60#g3T4dGlV{8;cqxGWp)r@+Pk)O(*g>Y>Dlvl^m&e6HXCGp7$nB0XF?)eOIAj-C z1CI(G9q`d>7UVJb+i*6u;qQ}RJd8NDXFlLFEtFQVsYof9>Y@X3w@yDKv*pmSG)Hc; z_!d#jnsV@GDo=(>cT?#qmx*EKW7||5NG2&kLDyoJqGIVD;P1m@TXsHTqWB;{}J66y8(5)6yI@MQ9~*@8T^ zVNh-3WBI>aUFH~v5j-KH(+yB5*En289s^;6Ok};K!o}y*m5K`5qPZbHIBIsud2b7f z=oyfG)1NB5zD+$dxN^!tBQLZhzr%iVf|1CQrA8$lEg`yk!`O#dsf+Mom(e=s%S`7&+RLmO@KOJYm@6)*^74FbvP|mnI)M|E}9=805K9ZxsU-sq4GLmuvz_kX7b1wmjJm2XQApp_Nj!@JJAP(;waSHXDui zW+ra$e>0Qx5k14L451fZ=8OP3H&90qoP#1l2VKyq)MQI?M%#=w$f{x-!j?E$O?wBq zAZxhh3bNcv%r6FhQ!scC>Id@FDZ;Wyi~nS^V;Xt!=!t}{-i4a-Wslz#0Hs9y4SSb? zze%$Jdz(Rs0m&}&tHmkdt}%aZM4<>_qqlHu=hD1zMPlx$tdL%D%qN1^?{|s$1b!v+ zyc<6w=FG{{uYZ&ym^7Lw;rAPj;@=|7dH&DK@jr@jP{Z8|TLtHb>8zx+3HywF0KUmszfya=)t z3OpzZ9JhQ2O2;+r!j&h}DzQvPlh3=?yXjUYTlZ7@^d^~}?|}l4)W8@%H~E}=ML$$- z&wk0)U1bes0~;lfc?4@Yfn{C!CR>;$=V zV?ty&C#eA=!XQou@VrrG)THPV>%rnkh;SQMUA~QVr<9rwY8J`=od} zhaxMeU@gHc*M$|~W`T|LA_Ghb_;dSGrIqHkX0xJx!p~JxvV?e5A|&ONuN^OCP7T4=R#jKc57KIe{K zcEjX#AIJjI*(MU1Lz((5|wOi7IuhU^5v{!V3}9gv|RFTlwKN#=#~Dc0gY zg_nvGa8dwlB$LSTk`|_C>VA&oJf({$K%l6qQTfbSkMvnW%_HN2{yh~MRmqa_fg+q! z!=S)}<{8qzy@EihI*GNF#VUiK3V+F94Iol4UW?+O<=F&NJ~Qiu^fy1f1)CQ?BBU|rvOHuQ&Wa>NsCdffdmkD%!S#qdPt8R*_l1HsQ%1$oU)(zJD>=U!>%P%!hb@} zO=2d-9LCZj+^>mqW=Da6%O#wg$Td;*cgeoLSb1p6CyDkKppbSuh|SV1GUmapyyx8h zHZ)2H&2lyFx}VTx>bdH0ZlOj1pE~v}Sr*aSPSOz{bej#oyK7_>XakN+rGx^oQsNSa?Q3?OA zJf0H7ffstbHAku_?Vcj}b97{qp|yajkZfo)uYX2j+l6R6r^D^+djt}Izb~;3Z{6uW z(54tEncJzT!>mCLdtBDYQt+F`&AAoh3NGzrkLI*;+dX3-5H#+r?eEHvUJ@mp%A$=| zE-M|8nBR<~X5khaQ*OtS_!h1QI4Qu?2F=oC$hlq79G6upMCSyLI zzmf2=FfPNae0|pEjfNhtAhG1aT4rNqX=qp)1d+vJWBh2*8s=$9m9*mugsmrwua{9> z8DS9otNwTXdbI#xILhidQIT}wgX2ySw^vnES#IvG6dE!eO`iIYl5AX>y7QA0m(p*! zxp_F_bd8yNqS!$^4@PuO+7%1(;|ES|>UA4pS5@T`oi@}n2D{% z9HUkE?l>oIDmpM?f1SFgPHISXl$i}?WfzQuQXlTzjS2*o^1_xb7nhw`X*AJ$kla}O=*EVZ5B5P{+;n+!ddoA&F==a@DE1I^b)F%C zrM~8ae1q;99*S7gG-N>1Z+|f*_bRt9O2`iwu}3U{l=Peo1DUhVZAyfj5DLi@hgcsC z5pAkQbYWa2j;bMH@07*N|BT7P`k5V`(_ruf0Mz1fgwgP7x<*o^#-xIzEJ3EB?88Nq z@nyy=&dzqgs5VoG4GXV1C9MPKxer$;?jA6SGUKi;4Qe+t^=&$?yQ}=ECG6Yv_yX-*Xyp+wjV)cr9h)ek%e}_}0x`K6Rj0Pneou&e%(0clh8nHBOA2q%OlhAmBvz1+tqO_`lV@$Y`yXMIT+WY{8-&(MQ)Su1L!gGc8dGU5|fmIX4lERLVtJ}<+;iR#$Pz2gO zk_5x}e01gQE!nN@yg$;;`h!^4Y$76`Ru2?oc5Q1=N117`Ew{P7wx$snur$-1No_&f zs49&iQ)cCuJyD%$BLH1$<;A9}k=!ytmY-qVAsJ@&Ezj`pd5%v6=(IlQM-alDM6t97 z@pMi$D_nkqo_R=8A3n??o!qyj1+Cm|&-hbuQh&UG%5jA}m7y$u<%Kqe&K_>1_B8({ zK3|Vr^i}WW1{Va{o_H*p6%`IBJg`|+JZ@+_dz%aIvPpZA9$PAD;pO(YVv{D?fw0<<<90Zm zXCCK0FfCbk8?+s{^9#T1e%Tn0J0o2VO}Zg_uIg+Cl-w9_M{3>hY=q$1Gkc`V`wnHh z!Qdg`vZ|7_gx+7F%(LrE^nZ*Ixx~G~N+UB3Qk%^+1>%lm-y>oqK@D16awFUOrxkG9 z6_cYmh8Lt2qul2?jLk-=$&Y8pzTZbez9x%SDeh4#j6Qo{W(p_&5%p^(4af9>p{!QI zr7)j8)7IQ@AMkql1w`5nRvnU#nUaJn+8UAp*uWKq$eoHYl`4}W>yEL22??RWbeYPL z-?Kf)JnKV1JRWu#4i;h4C{A0Mv@>YXzUnoiU$cPi({j{PF^hHB<`HYZ`X$`6V5cb}ZA(uy(@v&PY|viKiGNgu3a znJbK$!kvSWUW)bHY1C>t+9ybFF&&B+k7Ml$))7~%6Y{4<(p$uMYH9aa|nbCJsXnOBwF)($3aM zA-n%1i%63^22n!6d&2HKI>YTw{h}wipXKIl!pnvACXIbNc;&~18*}!>jU9P_x_lkv z?jl|$yJaU|u0Fg;(#{>-&vbY=xS?s~%^iL^cooFuOE`i6Cr^VH(z)h0mL|YoJJ*+(zHu;ogXPxHBOdqTIa~iAS(A z`68OnhDN!OHHDR@+qe*k$>~;L+l8xB?#K9aN4oavju6r2SBx*zYgFuLgxR!84T290 z=BqRiz2p63aJbp1U{D7G1cZhApOtZ2pZ}_ifA9Psv>Gd0Q`7Ir0J@+5OeOg~4Cq_< z`RDTgK-Z1`+u8nSpz*)XCSd63M{JUqJf%I{y+=J2fG^uot~Qa~jq( zs>SN4&#qsS;3_PgSBF*-Zb-D$g%bpB5%3r)8j0Km)>K^7ntHMG@<0vE)`ILn74gx@ zD9izf#z;s?;-?M71g7)Mu9=1Anf2zGfruMdo$20~67_wzaA-!86PZt++fN_cU*Bu= z!x&aBC)AGQEQTDJW33x?r|j?i zI-Q5p*lTN7&QaM(B&{+RFoYiFp8`np29OgE%$tA*;sgbM{@i4nW>}4nb9Ify%UQK9 zE7*J>CTQf0v~WUym2hJ{Z)5s7$C7xv2(?BrLexxhfl_{5=3WKh!#!U84~0d&FQlmYdHgs+ZPy+uOS}BLjxi2x&tE>u{t%fXM-j*&VcnJm^E5hr4Z%L6+O~{P?dP9lXhR;> zQT$49{d#`c7lqY1i#_fTc#PC{GZvtOk!`1gYzkx zp8igKxI{!{*7>C-68o4E`VzTeFVsx=SKeamRkZi)CpCwxNvd*qt zHx2~kt3_L`F0HN=zhW~ZD0v$TkA+~#+?Vs#<$1RMpzV)PsN>oz&Fk$IX0#S*hS8KD zEfe+{kH@u?-vVLq6X1}#LLRA18m|PJ4`9w&tHf`Xd|-AsaLe|x{3KG1d`ldKQ?!7N6-7%xzR-$ zyUm_?tC)-_yZWeGVeYB%o0zm0GMm7H+?{^SxsZ+(jz>N+YscE37piM*C&={psU zaoTaXX`5AUm|hmsP1R;K_qu|f(PYa?OU3iXkyO+!0%;{v99DP^N0k!gq#$XC4dXo7 z1oFBgTy7WIXymX_6_6Hb@6?@<=0Udk%4fY-0bPXeeE^>{84G%YsLOhdfs{MA9b-TE z93Hd=m%KJ9xBf zAPA$|9S7?&+$(=xOCux^S_~U3ScMG^)z^u5py%j63VWQ8UTS^E^*ob;k+c?9*VAmw9U(|JoBdlRa3?0uDcOdrY9I4O-0#>(wxD5L7xwo~N>O^POZV|CP%CLMPrl5uc96i5Cd9m*o@r z`>-xzamgRi#Hww4Q*y>Rhmka%l9P6b@Q}V7Z3H-N#wrQ8(olzN&@Kdf3J>I-pDHaJ zsE2B6kn zqFuLrH<+{fBw)y7md@~feJJ|N&zpFD*fw?^(^Est&|D;KmAQzu#!nKc%=$uEBua{e zqK#*ipA}Xt!5%P+7WqW_Tug>=6+L>Sd&!^;xFzg18?}^75I>2POZ0|H;EmM^&CUt% zjSfsNnA?zmWuZO^CCxD!!1et8FIbN<>#?4Zf_cHoCsny#5(98~RKq!vHkr-k*0&A5 z57hDVbapLsyEIxt@Gq*uU4@i>gn?~~lw3|~<-(Z2LTGGmvmahW4WWnF6w*rtP)LWF z_&N|Oxhsw}JuHvzc8O5GI^usp^^0mUnBYo*^8{gG|#dB0RP1_tb&Pbg;ef*L&!`@H z!rg+Fui&4w7RWpzy^G||e6Cg?oYx1=fi8r+x9{AXUj0 zR1@)}_8Zy~S({}&GL8&7K%B9j<=P6N2eQbfDUEayK%OK4Nq8*p76En;i5c1l$Pi4N zelnj}&DL7qOhUU2z7?gf<~+daw}`>?AknDor>+?Gvg%Q^A}&WAw87b)7ECuh+F$o# z&>4Xv44UV*WS+*%ENL4@bFvAsZ#3lYH}I04Cz7EhQ4)RG zjR`edMP7B#u0f9z!6?o+Fve2rAXA|YF*ATlX&8(qS+SA1!b0pqBjFUU&K7>rLT<<; zGK+3_3sov~Zf_bxg>4v#TpK6HI1Y6fELOvuB<7R6=#WA-abk2=PP!MUO%-Ob5fG(8`%eTE| zZy}DTIg43o7OmPKN~LK;rRd7&a>ux)TAr?cWab&8Q@F}0rUhWNMou~+F!RUE#@`e` z^dSQ!p&%C-E>VaSlAKU|q!1lJAi7f$70gbNFCkelhj7*u%j*})DGFLA-*u5}*{4awUk=m?AV;cqry}9r7ysixOkGQIAQQ)b=`gqyrH9}e z|FLQ82A8`n^f)XZ{-!+<$#O?I*&)ePJvUL#d`F4kkfuffli^;JMkE&5`reBpH<1Xp zz_>koO9PuRWLaNu=#Yv^WK2#IV%hlIo(W7qge>0+h*C1GPJMg1`>A{bw8$gw3}-LG zJ@If0o^kz0u{AbsP`y|g(~C<8GzxpY;(^t&b5hf`e(4|0b&thtZH~{V+hXc5H1;t) zhg;#mf)371hp~Ilu|}br{)SuRL+p}`5{f4fp&O!&S-!uLFpfB-!t=mb4Lx8qH3Cpp zGyiNJlG4=hM)m}wk=1Z#_84e#NFYor?vRmRCn7&%gXXk>03VilBKaS-In?W;(G)FC z=gUe^$GNiX<|h-Wvvf^y_6J;oChb&|r%^2$OQDG5T}Esk%7zCaM`Dk7g43qcF2y-I zCGR`-WEP?=$5eOflD?ZBmrffZOr7Agt*lacSv(kzP%jyyt{X3Gre&DK=QpktizN6Q zzW*t1tTqEARzEtX86+kosb+HrKC}ahH&>EU+sE|ws(IcDH`*dKMQZ?R-%Wx2#7ZpjaJ7Yk> zy6%4+V5!sT3JqSFD~Clufv4c$_TJ(|ywXnk_@4GEG8E~r9%4}Q5x>WxWAmBRydUHT z6gha+D33C#r=BOM78I+HF#W`faN!y>iJpMzs+oYv2`oeqoDrRDQDCxJh{761{S9NR-Op{rBs=4m%uFf~c6{?M@{9j=l zkXnOHfw8!uxn>W@L7L-C0GkcloJ(k<+d+1sm#)|ff@^GiQRa(IpVnkLy7uk9KcQ>m zLoZ||W-@hfDQ6p`1}GutWT(lNvJ(xzxhNH^hB`78%?RcDg0+`>?)^h+q}@t4npQ@j zWpcZ*p=A7}I`U2kWts9^+Fg`Q28=^8n0z6g^$_WvkWa=)b)id7bFaLRtGOa07PTf7 z-^85K2Y82VCXJwbcuL7XTcbhXxELA3!_nxtXl!gA1JUr7gUM(ueqi;~znu+vjL%b! z>B3yOpiIqSP(D||x2DH`;_Nz-SL{N1s5kL)1`Gq7zZP05H44q`!+dyx()Z}^`Vgq$ z*^I*3Pc@aKSlT`g1#7aXkg%M1ko;;QDF@4z44muxEet{y$@8wwv(m)Haoh*3iJiDi zcXWuIe#QR1BF*E{F-Emugu-FGwFzu*fs7xXU*j5HA#Pq1DZELYqXON{IJ#Np;5K=c zm4wVauc$gaymupYWoX=p*4V?vt&cT`X+b;OkXQiiRn#?yfh=%tCi&9p`rnZ~9o;txz;BO}ym*sSxvV(^Ki0`~Ta4)Ie-_7mO zvNP=BU@ucV0bMtC?fYPaj#qNjpvbN&8_7PAZFx46mgCHh7yJO~Q@MSu{@q?fNu@%N>e}bj;1w zbYrhd6X?P^_b6)@?GG)`k0iECfA{eFF_>OIk5T^3`f^6b%$K3Q$xR(MdVj;SL*yMR zXu?6lbLBl;&Kl~D+Sy(cnY2Gp%N?3txjx&CnSY*qCZ)Z?ru}OO_RKM)4@&9Yh|?(T zgN86|KO~0UT#_D@b0o+qCDu7I;uUV1nyNrD)tcfM{b~yIA_pQhxHvKGvX=p~?Vd5M zQ0QAOysP;Vc(tw)aq|36r;N1|!_yEv5KuDBe^y`qyI#WZt*89I`x5`9mq-dr2|AmK ze`mNl{>vMatoV<3I(VMUOr&9XCC$quVDn5UeSbI0aPr`?V0lW=L;vRJdiHhpEwc;Z zgKGXgQrv%p;4-)nAtZqNlT4q-Os8`&<>2vkd;huycZC!uu*Nqch{P6>F`wT3dFc|o z-{pDMQnsz;zfU!t=zqlR`?@ze!?j~WN4;rEFSg{o@rKXz=;Q=_O0#AFw4Km!rlhhu>eooz%THiwpTeBKtXEUcrWTt67M zs)W;9vk>Rcj`_GQ*!|a9Z@@@__DM^7{FxWRB)b@}%1g*u(wKEozTHr7$m4>7nuf;{eF%x4%nrinPio`aK#1Y1k}$WGEdsE|%ftRIH|& z{mzGUdcTzWWuE(y_GX#P%d~G=m2dx@+FeuFg^-Xd-X5tL(HD#47Q;#(YLU3kUz0F{ zgl6sz>K_u{mt+_M*taTo@Lybw|91}=<9~QQk`-j+u)d?kNX=O{Y4IRPW>N@YvB43j z_tYif3QNV?Wr|Q8*kV@ESzQ{o@IO^O%}8M1{XYMc8U0cz^~g)%e(ZSSz7zd?IeUcd zL0}b}$V2{(y^BBz9WCWEX+#tGeC{~Mswt&FUVuSaovb>D6|&~SSk7Vf_){4}lT^-# z_pc$jk-Z}V6cZ)}jwz{3vh4noEg!br91?BS`O*)eR%@^X0|o`nN74ev^xWIKs5lQp zkm*-$HQMf972$6_$8nKY7JBaDb*eEO#Z~hUptsYPnZtpf+t)#cMrHg#?s|Cv zpwx(RNO_`J<@5O$y6;MR?Q{q-qi=}LYk;v7iYhnnpXIn({f-r$#xQgz&=M%m#n1l? z7`;K@APo4nt@`|zV6y*ygX#YN^dkRpdn?r-+>j43e7=kmS1W!7k%0e*1XW-=f>fl2 z$d9ulUWG{u(hpD#-IQQ7b}`LP7ui#2wCL2dEzjp&lUlRTs%0tM(HT_LI`_tFdbGLF zv5XYk_BC;|CFhNOBX;!qa{bu;hrl{{XM5?1-BX&+9t4a`3I2y%u$KSC#X1y~rP0aO zX}{^hqYs5#*SrwMHJRU_FrO*xH@`xx38x1*0rq!BF$2szC?$0}TN$81I2Tvu{5+hr zLU~M5Os2ef`FGRbp%j+YEf~%GZ3J-64^dHGs4VpG=nN}Y>)R!{Vr3^Pa+E)uhFFoQ zLG(WjTFW(n>+jG@kD(1%V^rzI2DOu*sIS$rdEy&kT=CmD<7aS6dL`SN02ysGzey`) znri#$A9Q&rYN$(`gbkhSo%>iSoV-P>44KbRCh*XVx6|RbfA0Hv^PviN$RD*BV#uy<(2-u_~(y^vc9b3*)m1W%mz)!`Y_q> z;v8+WgJ2hoG-+@Rh!jdzg(1e4knL>-a+(O;y3_F38iaSFkcN&FLcY>EeTA74XQH#W z>huH! zfFXVSAjdq4m14plZLQ2-@si>{=8@2$esA1lTphOtGN9g=z#1J17Xx{ToL^vRafj6O zG8Sdvdw`(gkm8F~s=1;94bmRN-RAibO7>Q@Mw!eMZ)xK-Qt|z1OyGif~(;n?951EtJR^Q|4PnbGFt40WTRq_#Y-q} zm@reCuCa+Flo8kx`2N^pl@#Zj8qsdY7AqvST-*pfQ3!)pi;=hU%!J>#U9wm3j9yb!Ow_s6`z{#$$TkhMUsaX2zT@Qv_xqp^gr- z%MgU(^AYtDr z7Q?_5H^lh?#NeLr&UoeT4?hIy;B@M9dVYI7=665Fb3Udg1&aTAz??S zLzY2NW7lpxWnk$)QwK)C?T1$qQjG4CZD!^qlw47Vsmu8?NALVOl7DYl<34`PFFH_S zvez|XRbdxz8B^|Ca;YveH&)#x5U7V{q%p5UWpS@Fkqzo1fMO%Zm`O!|L;Lp1j!L?{ zPOyJ-?eso@JMQ}NfVcP7M?0XlA}OB)&*QTZxBo7h>Wcn7e1^?c&V|?>eCkk{+UEe3 z8lhND8mnOpO86zFjO=-UVl;r_g~vA%F84GzIH+6}=TaGVH5^6j!QcoEkTcZn@Bkm) z2p@n)g&|aIgiJnbSG5?J=)BM4BexI>SEnXOvW;QgqRu|uAwMHCX>#GL@lg}b6_nj z`b7$LV`R0%nL5E~jIcH31HbUK_m!J));;FC5Ivy%3u{S-eNdfj)DTK9IZr z97mZ@x}G~@m+g&sfZVgq0~y4f{qhWVN+589=n4s7xg`-V)`JzwvqMGdHITqY;&lYy zbS11Y1viD+%}S}ky#!de`a`fb(d*aNh{Wi~huY~@Sim2>4M6c2YCZ1}Xd{+G>S;Wq z)8Y)M+*tIM1PEw95!)nSaFv?CHz#ehL6NBj+rq__mR}oetX|gNcK$A}fqsJC)lI0n zQ}NwU>coGS(0j1adngf8d9#A^u$u47g>tLnJ5cK0Q8;-g(&~HbJbHP%QCE8o?{uSV z!jp4Vxfo=+IqehRCVQcR)0aKO@9M%Ta{kdpep|$iA3s+Yia<38oX-~{!p%MI&Ih{e zSQoW#!YwF0#BtuyY^RqeQ1eXp`pK^K{WUH3V6v$lT+aRnDD2=bdpg~L50G^mk572rA>59D&>Kn; z*jUR}fdj^Impp<>|<>PuRg^ydTWQ}V)h|7*7J z+2c!=Rxi{mA=H3qOiEWQJs=RbN2>FTz{%rDWXrkOmFHCbYAK70QY7h`QW<-rNR7PH zne+rtSLBWC^Kh{NIL3qN7&DFD-}mkd2GY+QGVbyVc27H{9nryqk3cw&T=3=VpB{o= zHpBY%kU&5IDF1Fu{6Ejt``4KG+cBWxWN!7p2gK2eTDJ4_=sddfh2xA%&RDK4258Qn zW;^aibIc4sAdM6au52t6IjK52+r3kI7Ss|CZ|Fo6%KjoD6Z@)b{;l$3woY*!dw$rg~+nRV{b7I@JZ6}j-Y#TS< z7w32Gse0dY&b_~?z5nR$s$Jc?*YnYS)>^e5L#@=9-%v{W&1Wv4Zn9h*46wsw-F+s1 z;Z6?aA9&0%osu?LH}k98+zy3hS&vEEt73-prhX&&p!Z?u*b;()Uu$J3;fU?4z45iI z57t-(N+s^E#@$!g@opFwXTqF(aBiY!hIY<~`wh7X4hNfZvGL=izYU(cj(ca>kuR;k4{P%iKOE1` z>eg_WcbXqjElMtMu}OM`%LrD@TP4EvvFVF1|9E-@`Kza8VPbq8`D}Ug|7}nEzW~WU z8rolqf9L5Xe_N%~EK!qJxGK}rL}e#>G>GkIL6K2m0eRuuh*~3B!(!&PzSK3}QT4j~ z`uOSAzC;W)Q$2E?$?3Si?s&2J_pu3P1&oP2Mb4q&H^-pD8hgUca5IX)!%G>Y)S2N! z!cUh>C)^-1pEKn+HZ~|&)L52W;e2zm{vR5>dzU|?g=3&hT%r-V@JEXi{ye3G$Q9$& z>D(h4?Ls+fN>Vq;P_St7B4Sj_3r-A)(7cOm5ol0C23fE)s#v(zSFvkuo2!t=m%OO; zGU-z$R$A7_hg5pbUP;~%Bx!b_R3fR|%qctY?QKF-m8TU84?0|uIEuNuc_LHM zx(?-a*1zOtGt^?HiIec^0~)gfMA(%nbMUg7#_$A<DvKrMcQC_v;i{n_Q{g<9`# z*?wQg%A+*|A63Rl-e=>0Fq(+Z7-#=lRouuQzz0O>_{iHcRyRY%=jF*ckh?P}3U9I} zk9M8;qt=go+?@Q~(rlk9p>6K~<1ZK?pdXQ)e8R};{}zmx|K2$N6Gn62zAe(u!%+GB z1~u63`E`X%Vvsk}oC`ht;^eZ7urislq8{)esXP7n2k}x2>%vM3ROFMsvKifSu<3ZQ zuG{7N3VsO}EjTZaI33F1FA=;*#J^)d>HMwh0#9-qlZ-u4#U>(WQ+*AQ@#oPO{UGYl z$)6W@6}yx|N(qaSXR>E4lNwC;4cl|$!YLvV`h4+!;b5pT{U%o&POiXMjpHkiqsSp! zB}7UD!v(5SG=aBsSoA8U@wxA z@UXWJOL|lG5w~WTexKUEaZgM5{@Ib;J+9#7W#B_A>SZjw=fx^o7p=g-W^F5eDxwX13NO5PvvHdg88OEV<-P%6Gl8} zXqXc^nw|s4IbF}EbhmuJxPeyv!ajz?W=k_;Y^M6<^_~^-eLI9;^C<^A8n81&6>fy` z&8gCvg;Y`erj6*Wzd~CP_D)e8Kn>bk;Mpf_9!0xc4g4hm6frz^1n+yZ$C?>-K9Ih`=avxct^sPg=)bxFd+ z$Et^`C92ESLad=;JStK;}$~W?9P!svgkw-yIbX z)pn>&!!`+=t72e+WuhL^DhDZ>7}ZKNK52bN6Ms^aa80w1ZB_4l09&`R_U4^#Ny2r+ zGv#JhJF?~%JNPS*T+0EPpP~jy`RbIhom+o}p0L0crMpi+)%{yQ(fqeVyMLBBe}_|p z2CSFzLh6U_i1fLUgAgH+zXX&pIEk%JILYG|5+o=P=xE4lE@_+IZX>cu>6l`GCA#jN zLIYsFabC>)VWyxJM={SpGooV6+ETNvwd&Z#y1}NRq47j9;eD#bm5h0WB-rAK^dZah z+_m$q6C5%Nk5S1gBKsw%)6j z!2S9tZObL$lHZarzI0E9czxOC77+2Y_89Di>jW(J{9L@55AEm}CQd{u-_nr>GaUMQ zJ^@`D`FiM)rNme~GRxxD02BsJnuQViXF!1d1%zlay6v5-X26IewNg^kKwd)s9lkW1 zLL`bmR;b2%^Fl5u3|$7d;Og+*cT-%Vj{fY{&kb|Eg=v>L%JR}$)WqA(4fK`nO~S8u zlBM+U#-r379%*3?(iqb6WlG6_U!PLM*)XU@`eX|IOnDS|J(KEMEdvqiDb{*XVayD! z%2JRA*?5(@n>goC>QSUO&?{Nh6O5i#{Sq(Zf{9@k^H2`)xZn+Wm5bq9W&^|>Gk(VL z?AXPqXX>ST<{AmBy@1CI%N?GKi$`S=+z2sGuq&ucz3ufg z!!!yD=U~jEJIaVqH%=AI=I(w;7URYtw~6ZDNFRQ;N@!4 zq@Nu3a6*{6@3lnO>p1x;Gy%H1R=h0+hkLbtvr1$bce!7au|v~BiLwg6q%B{^Tl2Mu zl$`h9>~6~rs!tU5b{hk?9t7#{OMAUI<2?t_D%E6JFT<|tv~~v)n>9+Vu^}9dWS2kL zxDBN&iB#Dwll^zg^p}u^qj(A2u!R#7yR?fs)bnaBGKu*(GV4L<5Lq#jYCU5WL~>KR z`oQsl?7<318)kd%b3I&3P{8T&(#*b7X`y)iT9rqltZ6k#V7BiMMad(Qa~6Ay^KZ@E z#6gtJhhXe60(gd^t`-6EybA}?>w%s}G8HHEo7GmpT4!qZiuL8e@&u52LAUI%m#Z(H zwK2U-Z+Sh*5(1hD_4E|xx@fnr=yx#+&HnVzqfDdgW)Q?P2=oX$M0>M{hIMW4l#m?B$X2$@g*mty$xx}7#+ zJZR0g<$k&O-rU{Z`G>O0fa~|{k_wZ1pEcA5o2lLiGM(P8mBh_^toy}0jE&pz8-l;v zIv*TUsBpSy=sNbS?saIFl?Xa>9fuyq`l}A=BJO)$)iRxb`~iS^tNUJLmxj2oM{mXqURi}|YaS~S`MQ6oT~Yjw@Z z7und|l@KkgWIEnTNsCJH<_!k9aNj(;jDu$hsqd|oCYzLLX$lw%E(2}iZ@rDz)#L(tGmxPDzltea9$D#?n5hf%+$9EL98G*EL)Kb^<}&aWfBT^%4y2@I$QLG zm!YHC?WpnKfI_G z|D%(O{FGPGuqa_3sy>igKyj%sl9{AqGQndnkB+KEGu5#3x&R`;kts!Q&5Qt>$?N!P zm>6GdcN~%D9nq2z21MOzbcL!*_UQhiX8G)fq?r|St3WRA-HvB4h!(z(r8MaL*hsHN zOrtGMtg1IQ1xq!|S@ShVXY4xE7j{J~#ceutlC=v*|HU;OLmwgnWSXwJ?vZIQeD90Fl z{1_3b(TaTPHnIzr#yKI7VvTD4dp^qg0p;eFOS<-Az!ibqfxfOeUIN64;+;0VB5a8zLV3c4mR# z7s~v3qxbH!w1T#aYx!6VHL5PDr~}h{%jO2wf{!}izIs^H`0rSg_tI!A1@CHcI_$l5 zfqljS2?p=e_!I|mbh+SDjB&|r&Q((<^b_t(r23*b2&G`F-+I>jvS}A2rA<- zA#UF=m&oAUNv>L)l@(jVWg?$031NS*Ng9`AfW5UmdoDVhM$Z*d^p1; zE<_PbRqRZN4&U3`%A$UBR!Y!KN1)B!Z1*y$kHngzO2n7%@T#f+u@$KxspH}B19LEq ziWr)c;Sll}&Gw;c$(%(O9R@|00<;!NxysX)tYB*Gc2kUgA;#MCK!BU$uu%)=U$O#kOJ6`)FKigRIEP|R#*T(kH3@#&!^vGA`=Fq%*1_Vet!lU50y7})A2g(i-V8KkXUf`gRUg>h*LBKe zi)w}W+v=lV;Y_cev6&}N#`(I)ve+50x`>jum@qnjVm&d3G;-8C38^OhbV8`L|w%4?6aUEO7YnPcFZUF`>yH~{SNX& zF{!VpCp&ts(wVSqB^cjHNO$5&)=eo9?~K>C&D$rFj+m6FjFQGhaE~x^Ws@UxU6>Zz%c()4v=TJv@w`qJkqZSkl59zv zkJL_ft8fM`KJ5_r-ZO#_gZ-f)vG3%v-?#tJ$oDl={%Q|>;LWhrYw-t=k1WQ=W?U?U z??1@*QAae6E0zbYn7xZZ*W-k7R9Dj(E*`R` z=?&^$;dSniTl(s)*?{8aTO9SWQuDHc+pbr_^kf+EPJrCl99vQH2y}ux{y?H(Yy51L zQzN&vS(|F0{01FNsGp4Cf3%A9unWH7;7Ha_NF6{C>r1$Xq;EBTTSCv3IF z(9h<0#|N4lhU0e|fu0J$nV--3%UoH?9~--){v*c*_&?wF?<}&@-Orf&Dv$_E5k!MT zWL$Tga^(*vNxPUj!-|*XGn|72qCIvMf7vDpJ8P9FNbj@;PsHi0jCD|r(`*z0$?ih< zzwT$Q7Y3-GcW314m+r7Yc6tlXh2;Zll-534$W) z?EDYhh3Rh!`VbUJW6(nW8JXam+|Uj#D7#kH3!ewpFrS3J4H=hErM!eR-?mYcwL?a3 z$Fbbay{ysK)B}f^cL7|hs!Gm)uM2dT-O;zeF^^03w?|K2j`e8Ya==DRSt9{hAf{2U zdo6(+YcuSM{Vw~iQMNG}4&Q?kqCxDGwiQivTbyml`O(UY{ITQFkk4x!@3R1Z7JtzC z2^^=>bqiH?838|@!yB12ajWgj_|)`SmrxULFz2@PBk?$mSUEF#s0GNMW`Z2uy zIR2~j3$;eUs59$OjH=MV(~^)KfWW4LPkP0saFn=FyhP#|gJ!%cSKLQ}wms=~W#sk% zFH!{EpHyOqV&?q!qqIS!jx_d9YvNitJrqkKOZ)G>mPam4BvIijocSseg*53`*D2v+ zzR3-NZmErLwwV(+ODOuV+>A70``c1}@bOzCtcUrO!x(yrnNrxBhRqW%ji0{gO9i|sp446; z4)fq!rb1}Ulk8oUOfwV0uB<8b0v*0h(@P=r)T!J)E$Q)68NcBe>9&Qbo5avLLxZ*t z*+WzsTwo5ty2Vb>16|!hT&vJ(g>apy{^S*J-&tL^_|es*tuMxGi8^RaX-y9zxS&qd zrXIZ0p1L+MsjS)K*9~}#t_rKKah?wjB+QDqd)lG9Y+IZbzPJEYg02`m8>@1^M%N%? z>4o@2CTtBEyJaOlL*O6l?uIAZ(avaxsM_;-9-f5Wh!Ss1Z9YNXkFZM+*^uvO=7Tp$ zP`>O4|3S*}(y%GGnKYf=AZwcIsWc&I6*~WOsN%9T(W=2eE_=_6Ym6-MYh6NYoXnQ~ zXh+^RX<}v@^xE}^ljKEaBG7qryC?Rn*^}Xk1V9ot8AIeJQ^2a^b19j%h*u4yXLdf3OC8FJH($pCtWj zKC{q&JET)IHZ^wpoYehAl@>L(ax!)xQ8c!*`V@)${6xg<@3XrCVv@Ni5Ny%q|c+~2uoPJwBJfam_|RGNtNjph}#*KplGWhxTwfF}?iKYl~^qZRN1 zDuJs$bq9VP?bwwV~afc;nrs$58m6HaN*lY)Je3MWbx0o)1NH6s8p<_ z2k3F(>A*l3gc6QOjy}K=Gpo+_VBvJ+S)6FG@zRXd5(~80*qB;Jje4V%Am&6w_yoK_ zmgbspUai#OFoDv2$>Go!p`xRf1{koh(K!KhF@}Dm8|>f4+cAV!iyrwjL&|VKjshCT z>_ZPYM^9?q)m+O_x6Ql$HLk(vE?uAW^x-3$-C0B7xksbeXBRD>Xeg!*D zU%b)0-Q{R8^d?S|gzu~K7&3Lkb?~LiQ?S)$^Evjq4ls-KVWO|P%N&69?e4=u)?gU` z6NP2+u}E2gFgtTcql7V`PwlvZ5cr~Ny5}NPz2+)BNSjz1fM4DA#}Q~ArJA-U3TrdL z-0#3J5w=)bNJ7Rt9A5nFx?WmEIK}W*waQSeK7_m(H&F%&>zp(0#LsVJ z#~fFnOLG_Y!TNl!$VWp*O(_|_sXLsd5v$lM9Q#g;NRFH3#Y72g)-Mn-mN0bQ9}|4g z#R=V`iBK3Kr=|ND1el~zqA3k3V|}qX$NzxH6qW;VYp{B8ZBR|s72Z`v+}8z?)Wi-w zF&>I@F*jz9bV8ASggbc&N%ug#NFo!JgST#w8@2EW`!7-qJj8T_AIkl;X7hu2tA##? z>S~bxZq2g&e^|5sSf(nLN~o%sK1o4Vp<@Gj@;2zD4K0|4GZqlL2H?VA6ogR4PSBR2 zL4U1MtFw)J{#(l;W*;;D<4%H zgN)aw3)?A>jG-nz2P?5nRv<`d8#JIB2IKx`KGlWDQoLG8UF;vIy_})H+H@63zHnUrAV2ciIyt`ypkN zyko=PVu3ynd;duRY>- zWJ~}9@%a8^v3dYYEMSb#Ly18-E>=fSg9>FAot3?^Les@?95zA; zMi%G|ZL{%>04j-zrd}yJnv%cl4_L-`L}&Mv$)rCDL}J9>b#9@~WRd6GA-oTZ_*W&M zz+Lk~_Ko2rIn<(@iLxhYEDJI0U9_h|K;Xi5;F5C^lnuTlqebp8QOC~QCNvm?a8i9k zff;0&gkViyaAGot9TaMl$4!QNq^cZAQD*pglstc`ylRc*=n=K{M`yE|1$u~zag`QD z+5|ja9eU=&_&P2Y!;ysGI5Y$5!Lx=ir|>(9R`Z5EH44h_CbacI;xa=lh_-7-A~Jq*6_03$iIUi^5q-?S^Zzp`}q5J=>jMF6wdw z>dnAGrkoR0b8VcdDq8dX`qqS*{v3Uhh4Dy>!hv<<)`~=y=zz*47iqZ#mjRO7E+Wfw zJpG*TP0soyG85t=8rBxBLKD1WhsI^9l3tM3DH>i9oMze`i1o1YM7G;eu_?iVU{fK? zs9#IlgEXuv(}~mVrluomTlPQERE&4s+Y4FBmXABNM)ISmxe;DkwNksK;15PG_rrx; z?UXO?Ww6|tOBko5XL>eD_=ye~06>jN>^Wgi1_op0C06Dv1xHR9X{oV5S$r-)J6_pL zB;s}mcw!yZ{Pi|KKid6eW$SG+0|Wjp>C`^XGOk(nNvCiZTMHMYVw+Z6{{eEhy2}OZ zZrju>V@*&GOoo3g7<sg-DN*Y7>V zdOo3-49x4;r+M3LJ0nzEat<4ha6^>ADE$M?&~0Vx^zj{ z??_$9Mp>;P?hLmENEna&LCrEHfgT<65p7E+X=FBu2;cVlhAjeXA~i9 zm(Yhf$z62>vGsJ08>+8-nmmGsQjK|q0UF3U!8XYvewmKll?-14gk?Bp_p3I9T{+j$ zRag~vWd?|~eu0sTLO!XibY~(|OJWmufW-30u8C_VPnS^- zP;fzW$o5l6rNZj&;ExAzm!zJzYt3cr>rMLV!(t3YySAloOid}bO}c?*{kVI8Vr>J< zsL9B8RDg%9x~LZ zCG_OAlIi34!nFvoQ+6$&$WKK~#G)d^*}w>GVGVblMAVU)!PUS}{k(AeZ*02TmOdK^ z^}twbdQlxOur1%elE@8mfByETe6b_kze^(jJ*7g)%7n$@ufp%2+BLsapB!;i@jiG? z)TDH{!=lj!Y@!NfNU6hSW3Vl_i7E|AEzmh@aEoL-s^gZf2Q5d`E8+^*J7xu?DCAf3 zX*(!BC9!dmu~)IUoPu+hU%M|6FL4<95XV1HTqSHiTUXi$HKyULhb+FAj;f~T3Gxfy zFM9NwPc}{dj#^#mS4a>zoVSFX?;*hET5%jK9*WoKUuGtsJMWd2&}UIN&ZePXTyPV zFM4WzTAZ^iq4M+@Dec-ZRCGa=F&3mk=>;#|{A_wi1LY)n3CG#Oi1V+2;X9K}YRXHT;->{_decB{p zC>72-zj#mDTd^DCS02k2TGkZn$j0{(rw6SO{5H!{a40|ZZ zn#v~Wx#ZL@s|=0jQ?y@Nq-q{HCT@`A$_1U9#J)^H7QIN4wH_M1jiiDmx_sn6Fbd^o*f@! z%aRIr^AZ!j#z-@5g?0u#QGO^}tf(JJSn}t0xR5xs(-O2$2}9w5)HlO5nzHF%TCOaM z3`UCknN+hJr{B&W>j7MvM)*l?8KchfM<7RQ45d3zQ84u}?=dPFEY4*#)r{EO>SDjd zehktKqT?zt`U9m6gd`yyD&v@cUDtQ-oALG~XE>$R!n>An5E*VrI7TJjeWw{QSfIn& z^i*Cy*;U-v9(?dY&kh+xJ1nA3lUQrBSaV`=m7H1wt3hRobw`iadj*THO#$~%&Hgs# zA1*W8NL8E?Oavgnn;gd1?pY5&7%ygE93z<%@z<&^Ttl#2gv)D+qi;arYMBj#ER>j% zq}tCn^$AR*2ayt40a>0GfmT+|u=h&-uACg}^<#juNIqoNT;d7>UDt`iNqskNXN;j4YK4b8zW0CLjdB6Ceh$NR!TNWnnC;qd&{EN@MKwt~%gOHgqm`F-;@n^YEjK*IM3!=gn76z9jb$bK2%;PjO)Mq)FB2tXZYO#G01h zQ7zpOjiR}G#HAuJXf&~GICopTca^5d z1c_;_(S$`K?a-s}d3;hnkx+9ZnJaezl$Cxq>(yTOP=Hb0)jVC5 z!nw?~ED%2^#uiqK0N7L&KRfhk=<;}$+I+U#KI%acd|)loW{!OLgy|>7O%!wz9nP3WL)TxBJN)xf^L8 zk|BnptX>G(Bd$uAg}`p?2zWwS+vQBT$@3E#gLuweHI)&q$i(|`H*by*B@L1pRm11? zM_=A^kER<(ntgNC$9-@-J#deU!UffJrU04;iw%dm6?Gm{0(du+cxQO0?szht8L<{s zz`0kSp43ELn0su2+&aP^6kF&mQ~ek0g8kqD8oUK9F4M=bEs z$|u<7#EgH{6_SB?vjY(p4k29uKlD>rj#8Mwa2VSTopeb#v8*om1S)XL@1%Zr6|lFe z*4N-)V%BXO5BpJSO7z~nXxHMhxc9t(l3W#hQ~{A;{rgy8#3`qgN~6y?%DEAHX~VfC z7~`@402*E4ykTMN-KN#KS93?UqjjLhTlCacFius^IZEZ#!rSLlW|xv_h|U)Z)?Uo) z1~qiaaB{6ceBf@(KPhkzPG|3(4tU@bTMTLT+o~b{=qG!jKDoMZ69vC2KkN~yfluy7 z;Gu`S%H;@8?w5#q!qq`7x@zT^vf};4-tYJrn=%wVK!1sPg}jN@HK4ik&`kUu?AqT| zqn3%-#_^m5JcJ(6&^d<4qH76EEIPOX^&}#EKe`P;q)oUY?wqnwBYzJ_?&fpl+Ea1T z8GyeoO6PVF;~+(A&;7&t4m13TtlCA zqv^|T-S~RVyO*;0O^pj9 z5iST+{$20O5-)^7bEQ&ZAx%97RajEkJ%=Zj%=joQ7x1W)wO_V|$cLpXr?ICA0o_NJ zIsQ1&I^fU#<+{^p=P4Gn%$gCBe~dVu$HZsQt`|wA1Vn%vDcNZ$>m@0m&{}Nvs;0ku zo3|r3`-^@bO`_pC-1>e*6vQT@FYnY%@HV!@z~RwE995dwvbxTgT11z8yI04Xx48Tp zG5HyXG5PBAe*MK={nyhqrvLtqD*fZ1Qns};w)y)F<-W6B;)8^Q)P$6Efg}@!%zVvt zdg~A9-;Gp$+YM)V+kIVMf8}}Gnctnw9gmZI)1&xK!q3ebo$3EGR)CPYhDL#(oRMC8 zi=UF3wIwLlpPaV=yqqwnFt`vA#BjT`0t>4-;6^GUPHBV5(a+`GL55M`WuSlv864`FcIQwB zORRrWQfMeSS81}o;e0PAj-ef9#yIJpQeemWCOY4UB(>s5eh-6Mh4n8zTnrlN<&=K3 zzDEh-z=gf5;AJ_c0i3*MGegKaIEchl^3nzu-;CCuQgCyrPjV7f#3f!UK!Mcb76TyF zK9(q4K6*_ba{5*GnemQO8vUs00 za>xD}i2C5#>Os%9==`V2Ul5Kda8jnBTI!X|aJHjSI}+Hb^79+ccwy~eL7pD9sb@+N zI!~rW*l79fC3C|VQ~4wFoJqZL3JQOcuEFr67Su5$R4>$impFZNq2N5&Wfy)&E0jri z7@wKBJCGQGvkv8O&oSiE_mrVTW(C6^A|B+C34jl_#I(a@{_~~6sqU~A{g6EvXICLd zdv2ZE&>jP!dwl>*?HnW0i)8ML&1{=6=5K$^+brUA0>UFh_!C!V1Hf8KKZR$(R+~oxPac z7p&x$fnSC@23Z1(RVE-2D;{5^)aQ6;lw<~Xw)K-3$65uZZ2tHk3Z?<+P@#aammfaYU^vP`z}S8cWTRu1`CRcS#}0_3o{LQ zZk=8>b!ivid7+`Ne^<^sNY|x+X+56N;7rv!+0fN`TRN$Kz8=#`$HOV-l%vkY{)Mma z2Us^e&o82&>VVL25IClBbr%3oMyKRRWADXOW59xiM#=G3a*S;qLu15@<>WcdIt4v% z+ zDT>&i2%?WF4pVD&8cX){FtX8m38ofbxJeRw3=(N=@o1~Ohulmf^# z6`f%eipIhQU~?L4a5dKX8*A``ok-6MRpky?@UA|@sLZd@b~Edf+GeSMc(_VtEj}_5 zENL-EQoIc|w+`tAR+^icS!>8f>7QEl(nEWNn)`Q2d|xj5Fmp-sEF7AQQ5_rGu=YEw zf1p>ReS?8Ro?6?^)juwyosm89DwB&K^X|9l1jCA|%xzQMPFcb1+csMXF-xEVc0uE_(Gtfx zqbB@Jj55CgrKtqAwo< zoSKbHF^MEyl~-GDdS_Kl+(Iq&v$l{`93DIa`47yUvQ}VaJtB?s2#d34%_N?ft6h`{ z19&jvkq0)xwxNcv;4eHue;+4?+4taedO}G{uIeL?coJ%;cr?tBeVst#ha9VR(OdT7 zF7Z1}Cp=_&V-z@$deLS83`760C+OHq8>AG~P1fhF%b2t-;kWipg-x&S3^Ak%yh*QDKC)+DBkqmC8h-fQvQ#> zQNi$BK&e?iqmecAzl%sL|AQ*xZxQLg6lRHvBQ~E8<-E^G4ROe2BkPa|IrMKpQ)%q{ zzM#MmVx{^SReuQ+@-#bz2I8Bp2ZH*7ZpDC!|3DI_At#A?g=7C+$jdpvfe6}W9*mIV0N;n$@SA*^b5!@FLNAzfpB5pE*g_I zUIaar8SO&#wU%xR?nJOsOoor7)>tij>sk!?x8Xy=L)y41V5_9QZI)^o=&52sCTp(% zv`V>Ly^wt!@7IRUs^lL6nw2vYu+Nw@3peAHUBS+E0+UW)>lw{vd_)+`v~oc8 zVz>=B&!w2=5(N-OVQ!N_aZ05CIf8RL=P)U9;0`JN7;p&KL!N#uKnBAK9Q@+sg;Gb< zA;AqRoTy`P*rI}M2Y=X?J1F~rAGAz^*;DnzC`Z^+ml+!)hDB5WDP_Jpe91S#%&@rNto3E0yIWgDRPU0TkHv#j{`;2Sy0q`$ zf92k(29Dj(&)n<%Z*wo#{}k!}teXGftoHXToT;cSh4X1tSQn;VXEXn}P+C&4YJk$? zP1(78FM<~Id)BPGQ>M|7sg^*$4*5-vkD?x2;}G#MnyQ0YogD>TlEB5~{L`0*_hIt& z{RW8P7wu-+tG5i3m(<6-ZVfxs!R5L>{m|Ea1k;2u^0-Kj zz_lPU#axjGKRKKQ=sFAm1;$D~r*~({*xv?Y+4U)J!TVl(sg&h@>buX2Sr8(>$R+A@OrC4 zkhk2BZyEMV?JpcE+GpyUaMh`SoXMCcvpLrGkl{GhcH#5#enjnepazIFV0is)dj)25 z0X^o^Wx4XM_s4Tlep%s9keJGlFM0dqjQ_AdQN{N_=-}5$d2oD!P>wNq>tAJx$xP~a zoMv#x4i6%hrganYp3I#Aka+IsX;Gksm`sf)o&h;lDHYy6!?eks-j;1m^rtb^a}*`b zIeC#-!M(QKg&6R|Jw&eGYdXd*$D4aM?Vjw^x=_qQ{DF5Ts?_5CYQ8E%GUJTWEVxt9 z>2TqISLqEr`h2C9vMo5Xmct==k)7P8 z3dC;+*v3y1C>p%d+qCgH6d4p`#!Qo2kgZ35dLnR+He_}V^-&OJ7^G->Tn3+!O_;wf z^bS5or6~(qz9{HLBuCvUHjh_G&fKvcpR!E2Sa{1$Qp#r}2a3kRow?SCKY2Q}%C)`L zqZSh|x`VudWnvBp(4?jld0|OGzf&sOD^u4TbB1H+p=3XUbxD`KqyGHrhIwF4W0nYG zDS!BN-okntE)n=K4d97e)bGcvD;|-Mh@>IH!^xKR1@WxN_+cK+HI)m)OvEDrwKo++ zKS6EU>E2ck^^q4eK*(G5p)G^*?Cy0glEF zHlOaQ|EbOYr6gnfsdDGNwrro)O29%(S|CqRKw^Wf^jo|b4I1zpKQ|yDMhHP%(^NtW zyR8=Q_eUt$*B`>-xQ`&O6#b`*w|x!sT0C{O2NUfpSRYR>C+vQ-Jd=jtSYT<;cx_JAbv90cV$(VCyQJgfe#*? zrXjsYUu~R>x}Zh=TxFR(Ui=*TEs?F?>Y`DA4^g?alHg7*Ej^mwB7`4I@b;UwhnlRA z)a?B$j#!AG&Ui}703h6@4-el(B;CJZcYqaDWMrCm%Tf8z85I@<%MrBa`;1L9Z?CPv zOgAlRQ%%2oYd-RVAI$_qmf2`2{MZIdwbxVnf+4x=N2AkKL$H8GA9!LqOM-QmjJ3?7 zmfY#Rrzf%5Wd|55+1B<~8T{sJ+(3P2R@44EnZ>fq;xk%Uu5baT> z(iW2$QQ4V|RU&gq=DS*0WWyVLcoY>-Ag24uIb1?=!9=wK zFzrcnd>@SuXC94DW8ITjXuZxqr?FR22m`Dc86#{wg8)y$ipxQll(&Jz9$G2LX`=XY zaZ5@g3(D8ZaqY2^S%7?!mP=9rpE$|RYz=ohb$9B-_AJRPxw!12ID$X=(v^coXWTX< zE%cLi4XEee(HpK1|H{PT@$A`-pO9Yre>t4~*U=*Ozs|&V=KrgyqTIi|l8}|YqobIy zjj@BildZ$wUP;^P8+~pv`zu0=8(V$a5dWul{~oeC{;`ckR$L9v5)}!_3Q%86;wMmm z0Y58=76zFgpeAC?J|a43;05teIwC65{<$Rc=$71>%X{h^ zTPSpxL-t1B@jm0>n&-lOvhASC_k#b69p)C~woo8=SL7FLtW|ny)x?y-!zVRCB^qjD z3UwPM7E^cGg%;)^q$3&L+Vn;lz|_!zX#9wH=^!s%FZ;-{AE6Miy0q*bsxN6%gPUE3 zhlyIiWcjQ-$r=!049Ba)CR4dqBW%o3srD1P08N-V3$;cF4!$FH1>Q`cEJ%iFb$T*} zW!y`ek}?%E+W4CTTB#b#Z3;kfBV(v#Qf7c{oC=(mIf9gLvH^wtQ-($BSsfDb8MO!b zX5uhmn$!?Bi(K|@hQodxCM$<%fz3!^2eio~lG3IWvS3}iXf<|0DHm7M*s9NkN-S%Q zHL7Sf*?mxF`%p$=S-{-VB_EoeX*kGLXXFM1Foh*>+G_*tX>?26i&P2GJ>7p-?yS-P zo1f>AGWFFwMAR`0)Ri}fEPCGc$6yRl z2ItTNmY9Cb4WcTJjJ5IrLJvh=kp?#od59rZbFY5y>iAHb@=UVF8#DF_TgMcN%PPZw z@zfoZV~T-pl#%MYe;yo;_D_Jpt1|iE2Y;R;x63E#knUNt*pbF)D3cDS+ui&6WzIbOsk#eIulPifeXPV?Z@<-bCaRywCKs=MI zez=R;h*7ig9UMYj%BksyV@F4VFlWWS^8j5sNlb||TkbZi>slBOE?!u)yqjB|?-6=$+OEvYIa&imFekj2{!c zhsUX&l6_w<@2@VI+|K=;s8i3W{k0K7y=>ALJK5H5e+8wI5!VgId^Xv7p26z)P0~DI4dT1yPwXpw zB!cbMARH#XL7CvpXu`5*fMM2H7~=x{7O%94e_RqbIRmP zQtz%M01UM5TvnB}ByS(<|3lh4MpxP{?V_=5+qODR$F|KGTb-n1+qP|^W81dfF*@0K z*IM7%-?zqC@7ZUcAJ3Tc*BoQkQ+Hi=T~&3}5CX`4K@3V0umfn}C+Epz$h<}2&vyU0 z3AQMTnVprU?{8Pa;UB?APHuI#>VZF9C(KV?@X~_0+(bmc0wen| zdis5P({f`dI2Iq7HU0jUT<0cPyTZuArXr+I)_tvnU#)6-R%vo}&!X$tsX@Dy@0UZd zRZUg`5!g5$&aS|u*mp0bmH_&bh^h7-NwKoV@1_%ND^+)>SLDMY<&yz{5XKq&<2!Cw zEUwefaW2P4!$ONsZ#>ZCIA;(BZZ5DWDjUp`i6DFY4EuoQI|^MJyV=cKRGM)cyaD{o zUv7cVkRf|e#21tiaLA}Z=YklSTu5gymyP1uk&Yv%9Z0vdf<+`c#hPhL8)+WtZ3m%4 zPl#*e&WIjCvwi$|uJV%miGnKMur4WoBVHNiyO#90{c`D0LnjiVW4j_NYfM3TlI={Z<{8F)H_N*b|nWX3o@qQ81paj#>)#}KbH z@cF}io3;<~z##(W4>f;5nwpkX-r{r_p8gK4S3vbYRg`LHZCCz6C&B+w{Q7rIQ11Ub zT=^G*sGol|LZW?clGT#Y0eb*cN|#EBdGm`%ff6K zShGkej43n~>L_|KlXvgnW@yhXz=;5eaAM5bu`9ES0gz(`DLb)>2x+}Z67$ zy0RpM4`H^O{ouZp!;5#os$sn#b}}wgkRom2#B$%BID)l5&DN5&6w#t9JFIc#-WgJa z9yY-X2{CkEWSQH6qKrl(nCGk{V_ltC#9FZUTic zi^5Tqd7yxWVV@)>oRk;i;yh=^Fpg<-#*DxV8Fp&V{(FRZe%c~2d6z_;g8_(I_@#+6 zarKGYYe`idy!9~Njq7oTCQ|kKTPlMa4~SZ>gQ-l{0Xm{Y?B7CLU*p6Pvr;Zxc{FtZa`Zzd8t`{_fkuad9*QN{P;dr=*^U-fHRbm>e|9&Sie&2QEf zKc~d5c?1WSpwq?cdb)r|2~j^cpB7#n1<}HmGVi-wrOKEnmvbN;E*Cn8tJ-W(hWC{w zPeodECjNdpx97DjJwh*@TEOFr&%B=oF&Gs3@B!}EW@|7=Kf=5_N>Lc!{>{cv(1g+{ zdkHtmpU>yhz0?75Wa9(%hA+WsVD*8I-UHQjt#DpQVBrT}buVb!Pd9n?;N*^Z4Qw>< zFkg@|ByQ;8FQq}oMUG;!Ah2tTbr-c2JpSyv5KC$uE3+bLw(*8bQ*O1SXx_`W@NC1d z4m!f1?R3tApfT$RS@R;TL(cj!*P}~5+2Sz3*j5-~KUes`k*-tpWY?Q3TNHW zJ5UUoJ;vd?zxLk118-hHJdu5n845~cjh$n5f>@`r|3;(G)oT8z%^&>{KFXctI1^Gn zwat@)2Oobv!2^W3Q9~Yw5AKmkB5kxbmQlNSZM-6N*Zg~&GW|i9ETz|mP-(+s?9sCJ zv<~{BzHwx~<5-475yR=cT3qV--IDG;k(!J*iPX0hCeBpzYM1^@^68C1^YpjxvBk8X zi6DZX%{XJ9%eNHr2tQk2fbmSIZ@ysHe%jq`e*@=LymdnN*<5RhsWBQ> zO{d+@k--h|DlR#rZRDDASn!CZ^zov=bDu)ld}NfUjf0jYK)eDWN3qeJPQ)KE)(et< z81uk6cIja=Dk5Kc&{0Vr=b<=W+$9I>Gf$j1))w?o9i(WQ%H;_@k*|fxEckb=V3`Qs z4}?${?gEqnsMWcVDsX3I7+XQ!OvpNMG6uKqP2ZI+a1wb??;0SD0N_eE{RrRb(0Eg1 zq3Vu^urzj=KjEltvsjEk`HZ;^ty ze0BGSp!^--|XWdBN|Or>0$oF#2l05<={a4G+j7hV3Y zzRWiCtSeBy6Rm7A2u*xo_JQ!~i)o+b{-!TGVpm|&dv|eY;h_Kv zsC(Y>PzYpCpig4zPvt?HRgy^hcg7uY%P;9|{xPf@1&482RMi?L2CNufdK zY@FJ!Aym~1;o=cP25(+0ns&=A>ba5Y{z~%+2yMC7gADb?H3xB?YK)O^v34yU+h7Z@ zKv|~ql#il}`}okjCXgtYlU7-ZS6_AZ-?3*<|H{L&G@lgXzxYgzzvVN9{;xdYFXs>g zI6681i{ez){)-s@hz_gPG>%j}r?-UVZ!BxogW)f{?G@}q^8d>NIOffy>PZ`LXLAk% zpkO|HKT7w~sw}LdkT8yPxVGK8SDlWYaylS^$mxohd;a&ws&AC#lrD-)tRkeWe5y*i zxfD2KSg`UlB^51%eHi1t8`g&0Yr;-4W{X+zU8}+MAqLb zvjEIRs2&)1O#4KI^S2C>M_bsCH%K>`yDO>InYIILA5vP80(aBl3ixc6DY^)6EcP8o z56X^xo(I;`c14S@6mX&e1zh#6WWP%^aHZ57n=&kfdO^v`lii@#fwqaeKJV4Aw`2wEBK(vXln_BM4{6NQ_%qO7JwENkgTf4 zO`#!2bvru*Jx~b?EWxV?y@B)xS`^F~m*0t?F+N+@H&@fHC%oNUk3QbtCJBMA`W0vT z?3Wws9rSkAvO}#H-S*SdrZdDg7*1~4voSd?LrtRBAM2R{2l3}&{CjKmP_(eMj$K6D zFtDn{l+1lGB3zBUSVMu<(7=j(-rBZwD5(?710M!h^a)CWTuQC{4cigg0g;l@BT%|M z_^p+>%CDD3Cu_$cyxIF=9NpawjBFvjnAqFa1t-EZ)wv-{%`OtadMoPRUhP$ddj9H? z7+|!RW-1&_qq?@$>{LKXt{7lKmsB-!GYyN+JvnK6reP!-I!8m(F+SlXRb}d%Q8dOG zKk5-&NrY^Z=z3CXlo3EA#K^9Xr+6xt&lm4?D0M2@wodxA+rRCQ{?%tc9l zmdd1b-(7!D*XtLO{Y0bjEQN@C;hM2zI@GLpnwkS5p;G?wi(hWdOlw2Yw;xwe_WgMY z?f7La)<75o;;E`kB_w_x!5?PGEL7qfEE}bsxI)U&j625QIi=5N5eGdEN2+=J!BdI0p-o0U;u^TWJF$eRmG|3ZZNK)Y zL;sn|W2dT707&3eLuaam7Nx6pzm*->feyai&i%7I}!mR10b_H@lcp3ng-mQ>~?h4V_}r z+7;qNm;~K*P${RD)=3^R4!*7^dqR`WjcJV=h0b_Sha40JtO z)P}oNlehOcklb9KNOpI0szZo{FuPslg|}+5eo0N!D#5jf3?Q%~aIjEAlxrZ-%hc72 z7H+d%bVke5V}9}*s_Tjb*e356W9uiXQM~+-&-aQBb{Qd`OC0`T&gw>R#$S1}yn;B` zo{w<_i$vfz{w5yr_Bil3vR;t5pr0UrMMer`HHfCKiVHF9-$lm1sk(eo)c=h%{@4BJ zpFz$fM#nFxO4~eKp`jMPmPobSIcPUn4vvCdd`1_An|q+a zaqsN(iSaYX^ruhPPoQ6T5YUZaGIW?I_~m?(E^Cse6=OK3S;^xlUDI^k$j1ZXRaAb> zzPrFNRMKogI(CSK{=Pp31O3!A;$o;gO`W5kSD$^w;(Sl3-eh%KPh%7zb;mHBPeoj# zWWnzpb+O>s#RrQ0Qll`{6IXNMcxyRC*PJmvug{K~%|zwfBge1OTLiLMb%8-_cXUX) z^FcRPDC?|xZB)7<&VK$w?2}41cy8khGmO8GH#f@s1&XvN1wF zBJk{!5VgFd7G8S05My4L%OucBFl{s(`O2FZ6q@byji$OY}1uh zZL8xV?C42a1#E=Y3Q_TSRP6Z?GXyL0z0nf;!Pjnl^o?WFBUqs;K_$i8;2{ zNesC7gj=q%P)c}~dob6c`2Nr>jeA_M%6h15SV|zD`4p5iEA^ot&th~{PW<6YkrC&k z0=HvdnFDW5H#Lh~Qh`8`0b^0sY8(aca4yQ0X*McodYwgZ9U&wdp2}Un$gVY`&@&yi^>|@L-H<0@1Lx}_9&Q)g=hJ8MG!1`dvFxk!kr2; z>e%;N3(DVI78H%pLu~3SOz@(FWuHOSZ_HIQMZyoHJzzw|$uQ-MZPbtX0&k{SO|tfZv-ra6HmDSp!b;btujRus+f&x1qs;2F~+3 z3>b1A_^a2DLIKCRx#uHF<6AN{vFy3ZT<5XvWtRNIH>XLFR1zL5FkB*TQOk{|GO41Z z+8h->pU0)D*JQ<7HT?{KWc7=R({!Cd)kD!mD!SF12-uaOe$__42zma$2>JbtfMe{I zQ{J4Z-`U~gJ?08ZI#}y6Z{!=}{_VmBrV9KB;CTg#VO(t7S86v)q(W86Zh-N#;M7VPv({6uMS9V?>kf$DqsbRXx zkD)&fUAB!W+CC-Fds1^gMpfzKAGh;Ya2s)j^Ti?YC&2%9LifN@^cXIe?7xw3Otk&6 zsa(B-+up;e3Io19n{8+PMaZ)b>4Bi;N{6lazJnBgs-M#P!hR9*uV6)KnmDp~y-ikO zPn&)ypYW3@*9PY`p&u9N)3Z*vX}-3}NEFDTFqo%R{Z4(n48T_>>^jA=PK;0gju4wa) z#Y=Bd_PojQv=Zo|N8sSmXUxN{@fHocNtDgGl}mC?+s_BJZh7GS*>oGjWjS2xylC zdrhF{7b}Y)KLjldE`jsE>x1rk@VB#Tf2rv7x~tzH$l)Qn1pSkbzw;r_?7SyZ>ii^- z10^Th^tEC@kR+8`2QROr8*>F&mosofo$~490*f{dyrP4?hJaxhR1{v3$H1;n`iqM9 z|DxhqE*s^wqcP%0U6J=%z@ozK6U^HMju_abyr#IpxV?kyqUgCBmPH05o+Z5kk-I|oqHEkBY_Inaf zhr`?uo#FC#G0~-Dk868JWYgMisCFKH^hCM+A?Xw+$k|c$@?!)PCoO4N zJkZh%FF#{!7o7iN$KNA)s_)GIPbU69g2_MexJu2+X)h<;B%j*!0JT$)@D^L(1mMb4=Vp}8q=-JwEp zKV+4f+jZBE>o)W2vzDHmcaR;D?y!9LOBfOw*F2Hjr)pREagB7{DINVTtCMWO;X**h zR-)h!63q)?%67Exsu#gD_G=E~*j4$bR$^k?oe8s9QSif4Dzs*1Q?>Bwcad|AMXD7a zv2Km=yK}RaRWvgxb}ZdW6-W8^J>sH>p5Tv(@HM^Fu@W5XonyiM<4?3horbD#ZW)Q% zgEztc{OEsHC}%!N?t*1I=;XY@e${>d2wI9iPIu)_nc&1eLc72W<&?z4w_7S(ElQK! zEOjq77Iy%$qv4`z5g=n);$hZZ)AFHO?{D8t!`SCuC&^ae+66L2-c~{$He4e4=`FV- zs9Pe|f;~>1a!QqOydDAo5?6)WPZcaVUT`yfKpDN+Vs<t5Xoc|T=B~8E{uhH@Z5269Ml?JpuqTnT97<#xiuKR3LR9NZ` z7{_2nh6u2wWLFc#<}0d8ZDH)Y=?l}?^Ig8s;N0j5tt<9ODa$${w9wAy?91%d*Q;*E z&}T~9lk0y8lmN#;j@0oPH{9aEQwV3e`%u)UCRgpya3jNfQ;@R z^SagmTb+lNcjuYYY zPy*C7*IBlXua%2R(p{gVt1jp$`#|=EwwSS`-+s#meamjJ1+!mxJE<)G5&c7dr`Pot$YA@t$0UQMmarfLT`9*_XXhK&dBRU-FL9!kyJ{z|6#a&USkKu7(omIGajNZCwQGls z0N3bYfCGqbn(N;2?IimrOe9S8&m+1K}gYu(?jGB$ZX9N4;ox)3QzPUD8L z4&J`O!HYH9A3*aN!&2YQsHa3j%+P--KSw_U!wK!C?wvuYi??}(R~WyCaYY$pJ%RG{ zFZ$f)hoWma%pd1v{eo;AojJG=+4$|o?H_Z)JpUS~^zgD)qSGp~9&4(jA(@ce5d5B+lmlUUY;2hBkCnzgD4zbESuyN z>$rtU^%;9LgEYpToKbad&bk=?G{kxHN+ga%@Rx_Jw;z%WQykuH1{oA4b=n@jJ2Y(T z1dYyvVc5KFrg7ToSa=m!?Y#kk6%+P{O;4ZA&)s-`I@CW2aHj*h&R}KukGsI_Mp-d+ zH+;cl%z=b5AwABC?lo_z8Y@ttNkNmEl;#LIIQ+-zkvN)T9FqBO&nWuFH~N3&L>_5B z{K>vTal+r`M1p_I7X8OiEMjQy?Be(@y7=G6&no`I_?f?q_tQe>LjFMf0@`urz@8D) zZbD9Kyw*XchJun-;@H%$z7e9>B#q?KoP^Yr>g$}uq;#FWkzd(xapopS%Qr$2kSS=U zM@8D=-vGhPEcW2XDH!A>?WRXSNo6SYl87cSxTK(@psb)!Od#}TrUsyOSSx;HsGyKv zdCivw{R%Zl{@1@<{(Am%p2PQlW)Hcq&O9gkFG;Kamh1eBLsOk~{0p9NJCgTsWER-S zii%{R489pO$@(dUG)6@bFEG=a89)%EHg&E@9VF3KrQJ|oV%|4-OPaf%K;DDCvS%T< zk?#*QkCINXX`@VHy*5Y|-``gd=xm zA0YUh;b*T+%y=|@9y1nx9!@7E))DOBYhFhgh`K8c#gsy%J#PzPI31mrfdPLAV%;zM zuZY;|>{ZrE3;nFK3#HXG9#H&jN>oTnGe}8+fi3mD18<%I_3}5vwq26la2i`dtd3F0 z(;ErX4RXLA*DSH!Iyt|cF~s_3tQ;(^oc@yM$lW1m6M|t6(uWHt_2v*qT}Bxzl^mod zrOf(N4dTpt+9W8lCz;B4we^BU^10OK#C|_EMT1n2S{uchL`RK&bQ*`4>#%Z0{Az-Z za_I&IhqBPAA}}84FI5utKOBo(`ff!QaGvzYya)6#bZVP!txutl)q03gfJGPRKSw6! zSt_hjsh03ihWurmWt@1r`TaBk2>C3C?0SqcrSQ<~fOVY!?{b)3X5?FWs z7GEJGcxSGxb)s{fXd%^@>e76Q2qM0qljV81QlHEY)b*s@T_Y^YzK&de-qP;{(L{H( zQ|)K7S^tEkhUnDxJE(^;n0Jq%+95=5CIzmCfNzV538HJ@b7<({PxT$>Gb$Rw>W=o2e3vRf( zf$~>VG$E&uG#7xYA?ikWl8qL=P1ENU9BzSdvG6WUXwHF{B$)Px0?*kY2;@ zm741-qj_^H4sw>xv@-J~M7Oht&v|;`W(hnHV!&%SmE7tUjy*M6(Wa~3f<{qXw#j}H z)}aovvfZE(7@V^Ib?}+}p5>yyDD$eX@#z12@Y(R}Y`ukGD|Fqe^pya=-mZb@8pt895F{ORfMaH-ew@zfBkyuM+h#cp;LMCHC zmNq~J28DF9>w=kNsq4^Nv=^=ojvnW$Rqj$&)%3dDuBcrlt<9-Z;qo@^ zZD+>9nl|7Y$LTip?P;T7)2aK%aU07%Tq-X{wUiLNYv+$M#lZj6SjAw>7vA<2Uz)s8rIUIeZ6tcn=b~az0 zVt^c0ik_?az_yx_nts=><)vL%Q({z295~R`5#p5}5u{l3-Jun~aU^93KP0q$bA}yNgFI;0}oO12%m@1E7@OI2QJ8o`PPY7*~xr8WvUJ?48S# z0J3RS#!!Bj*bpVbyAaX8poDG1tHGisk*!c5&?#v22%%p<>FG?-?w-@v-ti6fDPWki z`msQbnWJM<#$;zQ{QW|g2@QJ1$+(Lbam$~oF7Lt9y&5R#CQaP%Yz%l|ph?q(`RxXd z>ytw>^e-=&s$9qbrra9C--X5M1dwinK(;vW6Ff}a-nE&DGjvrpNK(~b`m1<~kqUWQ zq5*+*dr5~~Mvr>8mUhcydx@r(nc2fwseZ=X6>D8qUg*7o37qvSgn&auu08ngD}DPg zKi(=h$)l9n@x-aHEf7?oKEXu#%!?q*j1ktm#|SN=A#PSanohFfF+@W%taiZOBbmlv zguGSx_Q|4WCY@?{CJfXwfF`9*t2N#tL~Grmb~iffsco$z zz}xoS5LoJ(6YbeOwY8^v;UjP5@nE2^?6)aZ7Nn!5XX)Zy9i*@ahEYQsf|J703PyTBU$nqd2jV& zd~6LhmL&u9KqE{_t)2tEl}NYh2ZQuHob|vdj*smQT&5(JfM86m6K)B^al3>q@vb%K zap-B9DLVSN6=srp8!gxiFX%C>V=$3=JD;hlzo(xc?Eb>5Xj64No%IkSn~wDk%6mN1 zp@Oc6!tzW12UM@}i7R3u-cvE1v~nvKALBkoGXKz^zrKY}kRPoBI`Q~I9{&oqk7(AXz?S_LQ8H4&WC=1yhCEJ4&1ePMjc&E_AZ#b=+(G-fqq{z$(1smWUXCJnp_S>C(VYge}eS>23IB z;Sez0=(+2c-Cg)MdaoSt=!cT|W>9L94_lddijvzSwtM>Gsmh zc)gJh0cN!`0m~icxK~R}RoPWu;#W?H$NiSbTG`nsJqRL0u@#zYYpbyY2p`H~lMcQp zc39nqrfL{B&7{=VMnCf#y8ZP)F0BT0LR-2NEh~QW9YiBp?W_tz#Vm2U$4) z5mciN5_pGnp#mO4E@KrLl0CM6_1xHP%_dX#QrO`_t~2@q?~Z-7hO;G#*!Sk$vG zGErHcvDy z1ba>1s$vAa8#14Mm3~;2n<~5Wil@jWwy~eLE?Tdo-X)mCTGJ@EbyhYn9j2AUr900wXo12KPZDLZ?0xBKW)oB1>FF+YBor2;c}QqN zU>gao?rT*l%faDl=RpN^;+A6_g&zKf8>9Roa~uqh&ri!9QYbAe{YVr5kx_q4Uyi;V zg2N``#hHItkXPBOn>T-x>cCFJL3U%Y@G#zWlhOZ7;d1A z+wfb6tb740U?`oyReizz3^!RGeV_o2XDu@G8wNKGn}t6S^_>-trE~f~2a5-DuZoER zbCP{}D<6FIOEr(HzJK!GyIB?n$DB$)aoXY%eR)+bp79JEt@fBvVHyNJr9@kDK;TUK zSUpUNT+syP?l(Dwj~M zBF|_p53GSBPnxiEAYfKN~g30W=NM)E@i=Z?PsAXh?hZ0N?H`UZKPXKRsH@; znZ)Yn!C)5@Xif30cvm~Bjk7~9*rYRRhPN{JR(&9&+v(1*GuRx82IQa6gktQ(^tceNg? zLS8x}2ro;nuOi*4X`GIZ^owDLFwF=FiIVFl7*V$DCmcr39?q|}srL7rb_|sn)8%QC zbsfI>{C52Fx|%nx=o%^}s(2l28uZ)QV8HnUr`~L*K35VR@E%32`S^)f1gUT4uU6G3 z@C)}_M}-7jp3I@(gR;4em6?S6{6#SmJCa@DC>Pz;03H7Mt+3jVwT!@=yZNg5tHaGQ z7qI@warZ2^yZF)e)}%>IBPRsOM>5XQQclRC@Jv<*2IXWSaSFq>L;L%*G}xx?kWE0 zlJcuegH0hn%7&&afS4&T{Q5BFo`*F@}9Kps^z(6cJyWan# zl1Qg|?3Kq`nqN3B4TZ5SeaOVnvHBd%CWYv_*6N}7vk(I{@xtG$ihN;h#Q+6H3a<7- zeS=ZRgki7ptrJ!@X!N$%o zUo-N}4D8VqhE>UzlG&0jJHEG3zM-U}5;1)y6#|8Kw%2f`@}Fu~8W^l%q=+a`tS{U; zI`N>j5!-Xm^Fz+6yr&2st|&PySBA29Y`y*8| zlvhKF-(>s15@HQ=4ptF5B&k`bIevr<^EatD(1`wE#-~!H;6ZyTPf%rtOXaQOM`jT0DKY_drGDxoQ_h%`ivp)~-K<`=vVoZX$O>i(vLQCcCx7WZm2!#TCqe)l z+QISrh%h_62Tm~H9xGwuGX!wKK36Mfa~Q`HNx*q`&PfO0g{g`(>_Gnjjc#mFao`E} zRhRd{IXlS8Wc7(5LJxytjX?L^%^Vjbt!Ty4%sg+)ynN9ZI`t?&Ee%UkyfAiRY}GKc)YIuSD}|pn?RTC zi@z(lIT*A4DC#~HV_ZJ3*ci%ccaz?c zqiKUot_-B9o3d@gLR`+y6x$`{JjLQA2RqBsX!>!C`6j$cx^~&<%NrZHbp6`Zz2jAE0mFK-JY$xI>op)J9cQe`uYh^@$+ev{J2t=|55$@p$~Ny=nUNm9(?Y3^Bw}R* zy1Xsc)QeNLFbRzEd31i))A18B!jsSW{`O-?vA-PeK$59)N$7zu%&3lytCZRA&_s=9 zXx3`|sDa=G&}`#lz0PBiM#a?5svo8-=Q866>5-*5<;5;%?HC)A8O%DJ?9=ZyPjj~_ zjFcshktL541nc3&0qW-z8|B1|cDxIf857s)i@ak7ftkXR+M4;ciwt;r0%F&e2jxkD_^Rl% zHAe1N4S+Z$({x3sqBgGQb1Ds#=jB% zXYy5l#N7UK#66x~vfhw>5$A3AJz*z}chIs4u3pOBZ7?qk%lCH? zy}*`(`J3iWoX^DR-fzE6-POAZu1DSWygdj%=zDw-4>)h~-U;~Q1$u{nw>*EZ+s!o^ zE*X>XD#nYNPAYpAPK#hf=j>KGyU{;nV@NgM!8K+5DA9?sOZs+`^&6;LonR1gEaF*_ zTTo%^SlA_&?C@K>Y7!cI$kUBPeHp5RvUzNEJC$@5xd>lU{i52K;<8e;C&Xb{2DN@y z`o$UFfx^=a(Srw0ez%;+q8lL9GdA;#lWikegwz_GZH^;AY!zcBt~sIfmn%zDU6$Cs z%zeW;2!-N(0zg}=r-%}3*MxOBAu@mruF2!X?H-M^V7A%gz7ZNMWd+VNc)ysW(nqYP zr1_QDh>#u5zlE2?--|pI>HHLm?oJpegM%d#u{vIigMdmVjxpmcmo)E`E^&5-8rrN0 ztT#70WRv#u_}->b9XHiUZW97bi9sEeGEZtUTTafxs8ajuPJtYxjq}X(+ts0@uenMm za73H=08e4E%H+UuL&OAo0lDhQ?>8zZN1M9DKh!E|g(5=v2z;hGULHpECpiN0K}lf} zbap14AtiDpcb?SVxm57g5(9`H1^YL7DIB-Kc9QkNX(Y6DS;tXfZg&JBMOM4{TbQEf zT~}H;$TY+T5VnG`EdsK`Bvyx%RQ3bq9ZIEZFN(*{Q2-Iro z+$WY&k%V1LM%O>%s7C8g{}kDR97tpK9qenzG-IF2i^>gtm)s*orkEY(%F02_ zo%wDuO9q!W%Hwt#N03TujDa`TdIr85T_tGywx->r} zQ>amNs}E+-!xO4ihGta9WY+RCCDdt4=Gdhmbt^K(m#I@`)DCIdg;wP_X`bd~@q+cK ziMy%Lfo#&YVQ&40;h zIQ@db6}tIzHSR-1kZ8b4qxP8G#Ru&XtvqM00xpfM zv)@1#h$yR>mKYVtbVhwl zxc`yBcX0+-|9?^-_|J`^|M)2(W!Zn~43K?&``@}SQPD!SeN0HApGY{A#JL0{ur#U< z(CwwMNSZ*fp1{VzXeN79t_nYz7(9ImV0KkPUCeJkmrtfo{^)i81nM**VItyPZ;mfl zd<`i2*pRl7r_>&wB8>D}r^B?yv5kn`>cPRlLLrDbt1MJ>Azxl6wUU>heLNRi$43pG z|6N9Ag1g?7ehi7~n($VV@{t-_x$+X^qG#}(>Z4z9WW4>z)hyBJ0%{Ke9Tf`sHP83S zm#Ywpj@lbD!J&;WZs)tx%Km;mRMM^43&_iU6XMJH%PyE~^ zw`T~H@RvC85Cw^psc2qZBf)icRvN2$=iB*HOb(FVepwLSu4rjUG#2!e3eVLO>M(o& zk&2u(?>6AE!{#)mu$nCiCW=X~G`e$yHLtl=YJ~^Yc=uTtJ_~W!e2zV^$-y60t7!`D z0{61au%JPs+~;ZkMS|l@JkXI*Z3xyR{(dDTL^wha=c|F7q;K8B;m7X*bE8ft{iyz$ zGI{M%zv(poGCQrvxm zP_#{j(2pj>2v9W`@d5#e!_@cv8Xdp8j-76cev)NVW^iBnMaq1Oj11}s93#1h#(k5L z-25$yCV4gOI@Iea;r=K<8Dt>aO~*^osrkXC;m-1Dl!_XnkQt^z%9ip0*@iwZnf)tD z?DxS7ik3+BF~+nMw~vFq`wB7)wc2+_MVlQM#$+sp`ptv7L!%78iq>R!o#Cj3I|^Io zR{!<)DMLs%rH+Un*5ewcA-WsW>+ZiEk=I#hO4V#G>Z;T)|Ir>s=ef^u`{h%97XR16fhv`M=)!&=%rMxrg}Qa>(^xBN+A&i^AqGiU2r~l` z;z#Cd;Y=OA%}>bTdN6-55Was6uI-<)X-P=Vt8uRK{g`^0ayeel>FNFix*<3xD28He z1c2p}_Zedc>PP!4aAs(M+u#lgm8q>JJ4mO$o6*IaOn+CyL1Yb-rpzbx*C-Xcx!w65 zoLsvS7C(}lIH$HEK`T7CecEri^u1j1U1bHk%s@cCD?=@V#IS8mjl*)R`j9BuTS9mR zFS(f}#^@?8&UA4$M|YxGA%q!ojWu62so4fiUBc!2MslEA0%w|w)k?UDm&Ef~3Zyzy zaZ$_mUg!^}ptsG=Y%0s8$s3_tuz8<6xe?7S2TRjYEC;F7Ti7>TYvt$3iI?|bF2ugcL7Y>z2)knMpwo<5k3NXkeA9CKz>q31 zRV{PTELR!Q5%^9;ih49ACAqIbmqy>_WIru$ zMya4XHwV1Cxw$IhG*r!yfPUbMlV|#`LgA<1&jRVf=`Jx%c;lMgti<&fBZjs!%+t}} zbbWvP>JAP}b+EzoOo!QZ+SAL$h^E6f5xa%f&eVb|cb%u3Y|`i-`eDtxf)C;8N0-1`)#ID>(HW zmv*ZXhxP`Xl7pNIktxoAfCp?1ximI8h`E{jGkn*; zmPS_e3SOdE^-GmHi%ZpQnwvgn#jmD_k0jvj#)Cq25645HWdQB9|MNtle2!(i7)Y#F z5rf4dg6|$}(Geebw;jURXA$Z{=`}ywU8i7FYHK_mdrm{%nS9XAcyiU2Gwn2D|IqS? zE!AU*A%~UziLfke>ZFZpLe(!pH7Yntg2((C3QY#EnWd3V%};ZU&5NRQREad^BqNFG z!--fStyIYRV0ugd;2{wp6BI&o$uZA+^*?zE zWCIcl zDiX@#RE1t6mkzzZ4Oof`G#GA{jI!|x3_KvjC)P_LUzVn?GL^Rf(IZX-cQXlOyNc+iw^ipAfd;FYn8(}XxR%oK>W0s2lqcMPLLj4zHxZp1$|bCrpyqecjYN^ zrr_%^@8LW4I*$JmKD@*9RXt#LW~Sr0@|&vI;6-cq=&Z?*E83IbyP?;fzC_~;)J4Bi zQG5=O^H}~(x9!00%nFBpi?eLQfOuau7suosoUP^lA(xEJU~1-y?U|JSRje|bVGU~5 zp?2r!K6m&hGV zDErF>Fx7j)t1;*zD2j8$WyB_iZ7oGD<*Jeem2LxJBi?|yHtw> zxM!rnQZ1)-xlC_3j9lZ4+qP(zZQHhO+qP}HyKLLGZM|i?x@=or?mD&hw@$>l5qGb%Z`_E?Kl$^C zC+C!BmFkaB!JL5p~<0l6imv*uIkplcp@y57oQh zd1Qy0g_g`*GCs0t7C!d$?t&^sDx_lTx5QS95n+XXEn1Duha0p{my4Zek%IUwA^r_L zJ4h2m-jh%iK{!(>zCr-%d3^LbElUC_Ml(hfVItlV3xG>Eil&@8!t^0)<&I<`tJ~N1 z^&pNo)#&@WVFrym=uG5rWa(v1{~=$ur5x5~qJYxS9n>W)-x_|8Uy6FnUn=$bGxlB5 z{4|4!Nk+;`vXXvkFCpLPzdIE=;sqVqhP@SQie7 zCoUu|oj$npBol4qOkXA^_Zzsz5kmf8(~@D!O9`AHZt!GHR$1!`S4*Y zDtEv3Sp1<3Ig=*T!@VSfd`~%0Od0(Mi(u$>IG2yQg!D7R5bOS6EYm*i9k!*J2`ixR zgfi0|GmY2y_oqM?o_E7eL}Jn8i)mqE{&=hrpmvHi`misS7vGvFXl#%iumYEsx&+4s z>#f2OI;~aE9tC^hy3Mp|(U@lGWv5Rts{g>#Ax%w(l}*WnsIB{*AdyY!O2DU#;tWz0 zG1h3(trQmP@D@^n>(x>g(S<&ry`h0BcR2+Lh>|uJ>)b{b$fj-w+ z)?rniQ2+v`>peEkS`|yO+_Hd5&k4YQG{i~q2li!4Fx6|-eo~H4VWyHd<@LGq)Qm%6 zfrs*h_u=yK%8bR^CA9qP8kr&Xk9Qu!(H)5#09J>qEwFUN!x?Iq=oZ`G$)n`W&k6H1 z<;CAo^iOQ23M@Om!OBHJx4Z$bBwDO zZqFP4`(LltA73h()Zc$#z<zDrVz^^Wfy~;?VY;#QH+ubN~3(TAGa?sqPB{FB#VayRM)L*Q2c}CR`?dCYW z3{DoRve3X(QoGXN7Eba5&5>AB%+c;Dt?oBSSitl;v1qy$;V1Vku(`u7&@)x(fCt#u zuQNZM%Ms_CjmI&@%Ll_{){YyUF7_uU8V}hEJweY8Wq-u@Kp5B)d1U4wuYYFPrZr~@ zeDdV`R(!lwkL?2}cLIJxfTolv^2Bc~FXn$JY)9^IN$VqzY(8+qhJECz~26h`yQXqy3NT5?8q*v^Z* z&q`__4$?zuiNs(9Z_(Y4nf+0AKreJN|Ges(+=~dckIU{uvMRv%`fKXL!7;=$YZHN8 zH_x8C<&<+X>E7|)J&lM*lBp0irAUTJ{F$mqAPx0%cn%FHIyMr52gk9chF@jyZ`OFjtWt~LUYTZK-{~&`R-6Dd( z$(=&}mr6?5SZl(2D)dmj^bVHxF9Rq1zCG}((!&Snm0NZ~k3diW_m#@yH95PZjQOnc zqh9i<&fJ2PSu^=r@+L>lJr&l6UaGo?plW78w45+s4)49|J;5kx7;G!$AN=h&Okc4V z&KfXkW+Zm{_TZjb{*l7dPbg>vr=yE|g!ay+7f6Q>+R2#%VErOfr&BAfLxsqX5Zb?~ zVY5oKGWK>w#79)FhgA8I8>&U<3v6hWN&OIs+hM;GuD1pxUR1@ecUiPYtuR1{z2MR- z9{c{48n4-%Yd(Ib#XkQL)BZn26y|@BEk@Pu8`%*3LsRkTD87x)X@IqhQ4bM)8PppL zEtPLYr1~%gY~xD!8hdQ6Ys0^!Q3i%Y1AYojaC+GNR5tb|us65J%dl`acmMkMe8uUv zu^ndm86H|5D>MYDHClsJNHx{TI&}a7aK(ljW!LU4iH^CSX;qawL&uRz(I*@F=sYUX z_+7PBr$fJsvw$QKn2!gQ!k!|5Nrx9nVnk`Q8Xbt7nDYZm696j5QU$oJ5&ADy4T-rlHH3fFTMYe!?uqDuK6cdg- zxPFPl%9~9>(iShP@k~co1THFgc>4|gilh{V&}Z;yCD+T+Q#75+gOZxeM%XUB^syU; zvIqyweY9;b978bXpUAvZQN5`n6YoZmG(@~?JJCeYJJM$ES2N*HUU%*cZr-%pR z&{fx0Rj~k;X@-G*lnlBMxEt+-;#QcpOQ4eSzRW>;X zmN>xS4P(EcQu86jDI>$Wb75DyS>j+3t%0zNh=#-yhLKYn0+$(uBRy7bgTI8J!DWoO z#X0Bj!UE~>rugLTpqKQWx-Z$nF0pOEN zE8uf~&F|o|8eaaZ%*4v&kURMey`cZG2Jqi2fB!$iFchSasG zGl-G!&)axNAdy^X%y>d!;Dl3CLExdEkxAoZSS%S(Nl-v^D{U>>OV(=D3cgY5qHqjg z&AoP28+I)l%bi`z?p@bi*V-5Ae*&(1GNwpbm>!=GJZ?I^A64(Y4}4!1gBu0}+`zlC zUK=s6oUEK~ro=Mw9uWamebk2tZ5lP!JwuQ~pjuHudxo|V{YuOhe(btqE4wQRAbN_( z5v>}pU7x?;i>T}ET+|2`meHUzo<;%-D$V3#XkrxGknB#+;h~xZ4fMu#7D+Hq@KBBA zm)n`ZP1p|4Fd^a$?X7Ep#Bd^CHloX0W^H0ul`uQZtI%|W-J}A;OEpAWD1yR2;%aaIn(u;UjUcqRc2|HyNpNyz*MGc=}WeFUEG`IuzlgBCtiA zv22JZ6I<0JrM888#i*yh$y-ju1h5|ZM8j^U*;6;6U6D2t*uJcM$(_Z( zgA+BF{puaaCed8Scy^7+CA4`;v?k)!eNl6l%qaclbkJ*8R}AB@Ms(%o#we@SW|8J5 zO}e%+2lAf$X59f$N?nJldkoS=Oz83*YSb1tzOvjDT9oES@-)HxUAc4t?+*2jAv)79 zRbGMG11R3{U9vhNK5D;mYftL&v!F)*;sY!)8V)H%_FT1uMg}V1Rf#}5dR~R+S`E5N zgHeB6#6wUm=0LpxO~)!D;&eFcr}$WawHnMH+9>hQjpa=l?pR8eL#jNn&Q1~|5?qzk z+n;F4O0rG|Xdjw@DsFw1X|F$!A*0+uaB?G!Kfp-rY)IrDy~5@Xh>ocjZc7bEZh!J@ zKqhe;o|g=r?80@|9N>KfJIQTbK9Qn%?NJ*p+BeH$O>=rLQ zUVP5yThDNLA_P<&V7!!oL0FUY?6Ko}NjqDUMl9S4EsWy`6BTU{XrtTRT|v3LKVR}()|-IC>Lt9#=H=Lv8G?aromM0uJkISSh`AZq+vda1 zS{ooh2DTpQ=#U0Hop<_z+Gi4pt>gV!P@rf`xXw||`(}X`(BBu&Y8t#@f@hA)ULF## zeCP1upmCW#`_we#G>$E8l`ZlMu#K^f5<{118De5<6Z@+bkbH)H`VUNAq!MU4_niW@{R0L+xq~^HET2c60J`%RrE1sc!;%fUa z$!lixYKb5@sap{#H#jI6B7AW~4tUxvImh_my+n4o2QpB*+rHl_18?!|gZ;sBYMdQBr?2{{_< z;QY2pl!A*)hib)dvi&Y|*IgC6YAGbTKhqYd9?OqeC)KN__Q*e?%JL@~U!_&_W64vB z$EgsE6cfl{6o$ZEwi*S|sb;##>0U2v4SAy1^SFK}O~cWw5k&-SHDbc2(H

$T62 zbw7@A(d(WjddFt!HYV0_r)2{)dStqN={zFh$nFBA(-5a+QgD1sW9a1?Q^EMGUBf{ZfaP3fahG&jbvr0$k}OQ~Q8bD?J!-#e@6)a^h9!{HG>d<5Bn7{e%ZAv4BlD)bG6Tb!?19-k zzs0C_wxq4j4mO_}py6Btx%sv3DiSN`rD`=}G} zAzkN=Oxu)Ey-+t5I(cyHFpI)+*b&YYB?dF6$8XiB7l7S@{b3tFaRb^G=LpZLkq@p$ zhaa$A-dzx(GwD#P7XE; zkyUy6Sy5!azYcmT$u_ZxpCMqoGgS7v9P{EyIA zBD#?Mj8U{@>2_CCE@MQweYzwtvo5~-;gymoj0$==SHI=RIbnE=j zV@37udHp(+bQfm1Ptla`dIkLSG{IbzXqA^rox7s=>Ltxg=Z_^_m5?eB8mc8rz)%cG z&6A}!*1SbHZNCC5Iwj1ukH<+wbVu5WF;BOV*EQM4Ob}&uXSfQ< zicP5K40YRed3K;_N$7H_eZCDkvHXPP%G-&9f7MUB-4ZVLqpMXhc^WNv`2dd&Det3q zGAFS(zLR;Gq1{68S|RQDso+)yEWqm2p44w`CU1?ia`!8_w z=&r4ADl%I(41s*e;*u434A7F3JJ^UJ85c)>E^6cm1cSO!OGVX!H|$JuRD~OO#l-Mz zg2v(A;RNflBJL)_ zrv46`BpPVu6Z#2i2D+*9QM=Ffrq@haugjORBQKY?JHYY1vVF&_zL7J3d91_HvK0Bl zmFku9)S(g0Yi=A~`M}XsBh5Y+8w%F~pnpucatO_ywDh86(0*xL{p^5gUW`UMp9x zXRn*0+c8z`3Id(ZqH37`$1kb~uL6`WM|}=1poZ{?0zzjFr8U3A?7jY3$z;5k;}soV}weeM^XT9P)Se@pXX;9!k(Ky?A>oV-)-rxolvLt92XD9iW^g*os|5C zh4vX4xgE0e?xn}r-{V(~CvghOUwSlexGbmM$6>bgK3E4HLJV{~p?9i|41GJlL!>@@ ziyE3g2)B{ZTk_Vu`=X!S3nFc9*qqN!fDMK(zJ*AJUVl`ng_zJ&J>!qO(;bD~(ijT- z{Y%;A+a6Wn3rmpst5);xi0SyxXDx!~~z&qhzk@_*M zQ(onqv+^10G3v3+7^;w&!0L{u=Ew!%7~iSlF=J(4<-J#jC#8b>pUwh1Avl!JE-Kgl zA9aa;LX1bB^Im6Yr*xCm(%p)+T~xcEb-~u{rzoeW9jEn@^%68n4^@Q!`~<}y^Hn{S z?fb42!K+|lxi&geI3ncuGTb{7knj7emq94baI+$GtpyScYI&y1-6Ca&jcQI3jGBY% zP~@84Uk}81M(X=!;^qzzfzR6b_67O9aOI9dcmnkmSOv&T284pVkia*(5+nlSrdD_= z$?vrTOB~wbq7lR*$>ADd_6+WNEyLF4*rux_P^3+^$uT-c>Jn)uNog*fF zVRxjidk~YZjz8&c{erv4ONE3u@|;?>m9CdqI+E@X>Xqr7t=}pv($_f@zjsmY%HJGP zDvccam4AHdv&nX zlw>>WOFu2mZ&(_yb<~_oWWYLlANEq6=R9~RH)s}TOJd;qOq5yTwI64_@G1QC8%}gi zv}oomZ753UovRX5S-ZegNo80>7#klo?Tjpi9ho7OCHh%mND(zMpvo5oeoMZ(Q+TyQ zzN{emj87FHJ^MFW@ksCb1&r@aCa~%mOOL?ut8RQx<8&bG6d=(KO^`LuxFcG2aOnQ} z3k#%d0?(O3f?wb2nt0_~xeD`Vtj0Kf2hV^7`X_>2o}AFJ6Tj>tb+G6u+cgZW2Ba-4 z$8>_vW$6n>XzID>^aMToZ_`a-zsw)32GX=a-hU`f&kjVb0z;H~$GkKrbfjq}CSY>j zOO(xCx5bZ8xJ|c}nnWwVxSh0>=RcFZUU-rb|E%mHa6%X$&wXZ4d`>hENiWEXwm@;R zNU}}Z#=yE<34sB1{IRE;N2Ri<`Xa*Kr$aef(r$WbyBZGIs_-85SBn(;XLU zh>m#vikO=Yf(jxL!A}gU@Mc1|gG4CsRQqk{r0BM#x^>QYSq4Rt{dRSyj`WQ1?{0l<0cY*G z&*40pTF>_r&+O=XDB=&RnzTutW|>iB`@>q@ptNR)eCCB=qeoDSTUd>P6Gu|97AU~i z1&0>XCoabiU=JNTzWA(pVMk;OGh|n;S`-qEjU}5?kYm8_e#s9EE`QN_4UXQ~yhOHz z_x>S8(m$1Xg(Ls?Awcz?8l3-^Vz980iy1qsn5T)EJc!qcqsZiPU@ME=T#e@m%oY zx>wbtnH3+uGhYzv0cCR$^X2NRv@+4UzHQmTlw?1GYIGvR7o*}uFGdJxwR9(b5W$BC z5Q@Vsmn^T1L-O*JEsw!Z9O6dwS*Y~TdB$foQ7bl^Q%*Sg*w~W*_9K_Q$(kEsj@Dt8 zRIUAbUoE+{kA+#Gh+JzgqATD(-YTNCLt)n2 zIA*wyH*45PSH$mt7oJIrFvAI{BaiTP%g-t6DEQ@|%aF=64Fe82t279^qrjQfPs@z^ zz%Y1%tKr^p?E1QHj^LVNJ>iSKa1Km^p|n@-TsEkp`is?j#8g^K1!RS&iN)8aW!f8I zo6$BTOTVPPglA14o#SW6DVToax=~aSEqZ80omL0?$UbjV_HanE#Xr7WgVZ{5#otUB zy8pFZ~*l{gleu zKoz0JG2lpEFa7-Xi8#o}$j8n_FDmN@{zo<$N)yd^Z#6k*4%R$+C#0awoH_6SuJ`Sp z8-1I)p4p6#yJrQSANEFUumm5-pmw$ndDumR+Y-LG8T$L^>1E8!`UBt6>9N^wMr zjiN!WFI)3D_{h34=blaCBeGT^on?c2cJXC2Y!IU{__c!aU`qLQ>y`wK0rJ^-C zf?J$<9;K=oV;RU=F#Ewwcx($Z&_lX%xA^w#ZdRb>vIYfmpL(gJ%b?RAL<*K$*Lk6o zh}RJB+K}Hg#S13hv7IdEkk^+8EMrDlJ-z-6sgi_xxqwsHeHoyGJm3Z=v)9BNqyWDA zvhC-cZj|T-*j;yRaW0a6HR#i9=TUFxU9GGUa~m6}x*4EX#k3@<#J9I>P;QNnKXo^q zr(Cc_%zEI-=4IIP3}TMru_an9_g`+8xsbK}otRO>i}?a0C%e{uL4F2}y%d}7)qlW6 zM_k~WTGi0fHx9@=+iXmF7H5IzUcl>#gFx1TQSlrry#|w8)0dLdC}8ZcKUo7~nL%LY zXwYq{>H@h)$zHK^pX1TUTT&U&)S&XV zTxohpq4H5nO0mwA+cE!U#7-uw=)2TixVEz*&`eYAH=ngZ=0LU&HjpJzQel zqKop^-dpnqO!IUnj~x#6RrOWgI_5T=9JCytOazHfmVqnX;CZJJ8pyi%4V7WJJv-e< zk_H4zK6VFfE)B5g^0Zvg0%nP(mf~JrYq4UrrhwM>f0;6yQT-seVo5)#U0@iTyF==T z0hF~Nt__Y?i1zgbSitZR0P6*I;>IRC;VTxyp$-7&GIoR@<}#0jS@_!APPd2hZUkmi z=mq&uCR|3mwmI4(kXM&TDHr;~C0K&D5(#_G3<>K*fj(GWfYE*NGv;-kWE$=RAHgoD zNOcbnBeAgKhG+H_P$02=D!GJ#wjvTRS;0emw6P;f#-<}3@JN1vo01}G;-xAzQ6Ptp z0i#I%eRep|7VRB~0ClmH5VbdY!K1e)Oh?@0aPv^(0&otoh5V>ZICiV#49B#O-$tCo zRBuDJzh{_)N*}<)O*9y>(|bE0zj8lI`Ddx0O}s^R;)pumvK`3oAKk+B038zywKbF4 zio28CV$@0=1~YIH{T=$rxP765AEKVeo-S4p-Ef|@LsE_Ufj3gR{%O6oMiEi#3li2S zVDf=Q@${z->HyE)p83G&u_4EVPL4ha%ah98I5F3!JskE^OMG+m2fktoRpp(cjbru; zNVJFIQc7IQQoY+ojC^-ICQQ$&7n#+=uBznD;WpYk8K*I+PhqG)YfMD>9RNb*Gu()! znZRbM;8?<@W|Y08yL_d**!~po zP1b{e^aTUE=lo`U82v|+?*9wR`Jce7=4|`_5}V^^r2&G7BYjp2q9!fc1%|v{O_8qc91iT_k<)?N9u1@NL<%Z9U~+x%AMTYUYmuiZ)#pacC4gUjFhzo$wv z{ZC-<`)jLx&x%;Ndi@&&RrOT9Ig)%Esiky6@eZ%bs10zbKkiG!Lev$T2SEr}CW25F z=D?*Fq*NgOqP-E~3su*7>b06`CI{KW+Jmcwh~}l$v!iUpT(-MIj4zpbVU$7UymnJETZ?J zS^VyB`#6yX3ZiHub7B5aAk5%QLyYb&5At`70f76ro7kIT6b-uF!)H_21AdXFv@9ys zYLHNU;ObiTU{S_FA_S~L;t1cV+gO6TgXkooyPRkb%gAUZUUSQ*^0aE)1k80J2W>(= zZ)@M4{Z#7Owk&B|mSE<>>y>INESnU79$;&mB%`h=#{4$_D zX}?zYDvs77zB|xG_gWfU#P(H^L%P;V#|+8^b|R(`<45SccwvlcpxLSsWV))@PYkry z=Rc>)jP+`nsBknl=wo(UJoWwZp#>qeRsOg7G*AYlw9K&3Wpx~xYmcZ<4oSbZVjf82 zjYnTs&b{S08sNJ2Pe&rh;|i*_51e8LNVgh)yfDa;^xWqc6|SLRW5vi#Q2oY$2F5J= zN|(eJf-F*`O6(z(MMOd@iR(u-a}0#Se%056QX|UI{TBVUE(FITZ?M9)IE9*@puK}N z-exczIk8gjEj+^Eu54FPNUbKa8Bq}$p$helqyin*7lop>P}{5-Ran_2@eEDwUyM3A zh^weZjNz01`oZ>KNcW0zkKpPrnQQzQ?9`c`Z-ZgQBFZe|>T+6W%-OO(;Af3bH&>P# zaSA2|B;34Dh8|%dg*xE>5T}|sfhjWL;Tq+8%&Vj?-WVzR*+7fzSRu~nO@uj2W55_` zMl@E0)=fU(vavJwpw8I)4)d?jhO0v02mhUK!vFv2tp7W-{hv22MhnJJ^(f`9y!r8V zh7n=f=#Qk}vY+FEka3tIgCfkJF{GkWz~oMF0Mo?pAm(H~ScTS5g5Xh8r(X5)L#u1v znhpV`TG6-0-bSaZrNw=_QQeA zNgfZ3VMz2-;SYE`c>>)z(2{?M622amePQ22t838&oEgsYD~n%x$QrAnhbkUzdg7O#3^|(272^^ zUr$b9{3IEXg2t#dN^~KDV-uj+C<&CF313%90BEOE0Ro!l&_i2To0!PBC~5W@>g1zS z@=P#FMzi5IWnzr;1Sll>xu&$rhZ4r>O{C~MOM|KKC|clJ(M=p(t-LDhJjdR4IgSQ& z=}L`#MP23P`dn*oOF>0%)!$IXPq!Ml>5G(;v{%I-?epc|zAgDu*fQRKC@RI6sSO0M}gqIvRQVLeUy8rC5~huUEfj(gqjRIto2v4bYH z+7f^45y8|`pH)_{!@blvqa4`PBFC&$Kq+j;v^H23d@WloYlofnWXatmiqLR$H1kdI zA@hyCcLqGX(XtIe=@AiVUKHIa#|^J&P)s5ZfyuVywPw2YmG7glpa9@Hk2{oNiK^X} z-KZpHv=HXMNqf5-qTRX9&g$M$t*=vutR&eZ_a3k0fahB!zqSXEzcfZ}l-J5RoxwKl zbW=XCG_P!79>XW#4^cpQES+{{TFRWdr&My*iwuJBajJ^-08?tUA!7SarNB}W7v(-QmBZr7TFS1h>PSpnNe*w zP_)gcaZ2Vpd?C^8GgP+k=!EjRvzR>eq}YHMNl{> z&&YJ#r5hgK#&OtLTGs5u&x(xZ!I;Ai+lcVuU%`!@Rmif2fil1Y_J$1%6-QC{c_Zpr zg5qK~x=r(~>Gdv)*kd%@Et*8U{N*8s0cWl&^+gmbWp{9RvoE)DxZ~>7E=5@Brgas{ zYnvt_p{b;(wK_fGgt#%&so61mFM>-(?wE60qdM5!kVICBGVhSW{_`a(=oMh&I_0V` zU|ulG)&oKsp|brL>?6qYPaqp@qAE4ibWr51??x;Gg@!S{h z3$3oPnuc8yua>RIy&34_g_KL$!&6RSnl5#cvZ^Bw!>gKfbx@bSr#42XfE&ieS(=y{ zOrm{dSXg+o&;BxgD%YDO5J#bD6+&*5HZ-t`2&~u*r%DULnc+>uRj%pbM{MLYw~=wh zM~beFO#Q$|4~JP!;O(T(n3~hs`&(*R%CMG0zvMU*73ZWs3fAhA4C)dpiz9O>X&<$Y z-pbwIVq29&MLqy=uV?MhoURYJM~o{yVI@!60DrS#IC_l|u-)1sz%zTdoL(NL72fmg z4mqxNgZXtGk4Ce(UmO#xuq|lLM(R$9GSjRpuvl5O#j<#e#bRU5toMSA9AP;zWj^0b zk3X=f@a?Q>qM7z}tNymL9z9Hp3pT}%uTT6t%~`eBy6^R}Elm|`(KfsvLSc*3atalN|+ zu!Mcv+Vn#lwswRK(bX9Y%cNto=L_#R@;~t}EBDIU(enR;NPe%|r;k7P@kaH+p>g)U z#q7B!)rUVfgFmF&H?z12G>zoQvlJ`%GYq1cq>?t>y*;8$aMz{V*gyBU7ewWb4Exbu zc9gF>Z!1ojcL@GPse0JN($vgu&I1GG{r!RTfAO3#n`g33s66` z2^IZ=F)^(_dp?JSN`*Qv(@>!s2rq7I-3MD3o@z_3-So!DD`POeDSgU>%8vS5wE>ik zo-1LFDZ38s!%|SGa~n;!B$Mx&LuHB5Fx>J+BMG`6mdEF7-M{C{Cvkk?Pgpi$3!x{< zBJY0fL(HSFPQ<)YIA+Y7soplwdjgwzf32qA)&6{vxXQ7gwYcL5KtvljQG~C?8PbhK z&nntq)Lih#PPsyIJf!~U+=-Hd#K_-9F2QDQegbav8MR7 z)GQNkFmiT6uowmA%aV4p!|LSG-Nw|31b#?q;3 zp^C3Mr{x2T1JO`CBBds8BG1F*e?YLnva1@2&-Qs_Hf6y^SNQxhV0T@>>4^ZVps(~~ zd%*c)WT`kY41M86+P{pOAES-N*{N$VR)_6P=Oa5iMP4>gPSs)$($C-M;$hZZvpMr` zrUTE^5;beFkY{iie}+I@<{)NzIQ@fGu8K!)#@yc^>7L1_9hXrb*W35ayFATsgwvOu z0aKr#UE5A~d@G^yUC2vB#n!r43V5WyDSa%+&j9Aoup(*^ zB=T(nGcvrwTKcv{2a@kTgd}cl@2DQxD=-z=c_ZvZrm9r~a`W^Vv1Xe28?h=A&;s%C z&8*Ipp7Gw}TTpebJXm%qO>ZEHG895RJ6(9UI_e!aj0!yMTRhRbWd?da{=kq(M_x#d zlT_v=TYf?)Y8DPZ^|I7rQveCX+&l@jtlTt5MW`P!d%WmnEtl?7rxi)lR4kP7LC!Lf zf*0V4RE}J&wv5)(oO;mV#liT%iNNJ#)kOHLn$PI2*t(=p>^|DOvq80g;+qWSPPBe> zIK(wr-`tX2?US+X+&EvZ3gCC&iuK8Bt(wQ-k8HDLclAzwBx=hyYQ&%&`|yJ|tkreF z7m$<%@hF5LDf>v=_DBkAT$9#K3+&=nhCbgL!(fFqD2Lw}_cI(Yi2`Nx|lt|szs~8$} z4ndVpkxiyC%T%4jtw?aLNb%O9w`&ykHY>SIRdbHgC3`0`4PDKd8hW5S*nm}_P-jvM zFjF7sN(WI@dqNyjTai3}-PShwX$F!=!b8Z__<$-weT%nb*)i?aLu-Prnq8MheLR2y zd#^t6Y17mzUVg>1dBVP@7wUANci?uT<_vG5r8fJ}Nv=FP&lM86DlnKEr)Y4CWM53l zlc8A?y()f89pa6eJE34?D5^ldI!Jfn{3Jre4@0d0ubQh{`@|?xrJFU)pm%K4RSkf? zZu*5zT$?Qcm5@kn$I0*d#~w67JpM62IKCYZhz|y_Z4uXEV9z~ck(O~YldEOKyWb1C z3yqUC@W8&${U`A&o3N=Cz9{W+Ez!2f93`m_TAe)%8l8Vkxn(CQwJlSRS9PcqS1@SY z@WKq!fo#Sl>VZ-^6PQ3I$aqeBH2Kz#vSvmtyW%c(qv*|_#Ap5AQvbRg2}H{wa*bGg z$Rj^(2kejst`=f=NTu^1clFPPHA)Z=#?*PKH*SN6zDKhU#H0{;rF<3M?ntEeP7+5T z5(m7n5c4kMiPxwW%`k)>sIZVN*V7H!kW&;6ErZvsX?*(6ebVg}E4moed$6 z`Vkuk^2Mo(vzMw?zyX*Q>_quWqs%D4+-y03b2&ytX8n&Suh76@+ZSDeqB-HgQS(Ks zK%%2ca`a5MS+zurYW*jLbarO%_EKQ~d!|if*ZN$)KcMykzj#&|C@n-7L6e+HliLR3 zXBmb3*b%6ccEjX+SZjoGMs!u`GX|yk_+Z(2EUua z^-}}hp_IL$h!THZ?jx&a(4-YwsEX@j0*aSc_f{nB8Z->%FJrfJyxJ}j_q~$&UlA|8 z-T2*s?0+wz4<4QB4|>P+UHzxNoy*Aq7}M%n5eFNZpiD14*A8`Xy_K;J<*grhDKb^r z*1L!OCE)b%tZZ|fb7d79004Enksdzq2i;+viGRe-**Y8k$)7j9H+;LBULWlog;|C* z144`%mnxZ)g?FC}oj;f%*3)j|J=RZ!SEdD6*cb-CFIF=Q+l%@9u){VK_U}$ys7yhE zz=V0mrL^BreeZEaj#$YjwSX_Yk{3v$j>MM6CaVSN@-_6$Vm{&RQ*QPr@3F6wZVsqk zf%FqswJZX{+YaFtMQ~_YGM~lMN!%n*T^?)C(tzKt`C@U?2N<^798xIOUa0dKj&mMB zP)@(W^Dn(eRW{HSZpfpqp~DS3(zH*}8=ySz3rQUTW^AX)rPX^B=kkxcdqU?DL?r(H zZ0B;^NzqvM!iDWkc5InTX+!5k+r9SA+KU4;unHnvEHVU3IL=qnCq`@_{DbLO9r;doA~YwFhR^#(Ivpo=(>!WJ`<9NM@`1R=IPZjMs$c>_|MYc}X%c73;HD=)ip8RXo!5R{}X52Xiq@4A26!3B(z(3B{SQ3C0<+ z3CEeT34&EgL--@K36oVyL-3=t36)igl2qqZdtmcOIdKhJEvcTpYEms@YCoRZGao)PB6(@0ItJ5dnE_Ce*kH)c}%l#-I!Jl{&y zPNNjj#y$I!u9<5KoZ2omIjtd9kzvVZtj(c+t4&;?2>3kJ?CmS9J#l;|WNH>uYZ#<}8X6iX$jVqWJ;;oUvn2nJXse^I?2*@(%}UPKftjqCCj@^Ww2xR# zLsU<$bOEvbT_nP|=E{J}ARdrRy+l(~oa7$!)}_>E7&lJQ3bAZzi4@Fv4+zjd;y zSEDZZr=6wV=Xuj-#%qRamaFUSB%tpDyZ`w%O+FZL1&L`cv^%+Mg++yZZXgz(4;!veG|@o4=wZFBJE@~*sy4!cE$7#FMIE+IHu^P+o0 zW(PsIEW-biy}%n>5IFgV^Q61bIQ;jSx9u|+CWwnvUrdQWF;%z-vnQrKu?SrLZ^ zB)GRwEol}|wP2XS1XjjhCfLMYWd4=rJc``r_R1m#BAycRGL%fkj+^~1#)O^rTvJg) z?|2|P!w<6Rt??e3iO5IQ?uBcOhLU?=AdAL@Ippfox@*WJP2g5!wrlh#s}blEbW?0m z+*;j9;QEQsS9A^r%y`bj77?789FEd+?#pv;h%=Zk{4>adovMb#Xn)NUD0__!m8|nO zN)~lCVx=bKMwc3MG!fv#4M1z7H?IU&<&>x4v>n1l#kbf6Pg9$-~VJLIe)Du7N1 z7>pgAuFxM^h-;KUt-|WYI~J~Nn6YReV>n>GFm0R0$oyfGN%0pN5@0giCst4=-AxPy zfg6I>MDI$2)oh<4<_d{cX@0oq8sC?;V0AUUeCj?+j(TkAYk;!QK(|m=w>b8sW;SRy zl}cOpqS4##v_#XGisF*?PJ`BBX|qPR^ZFBvWC0)_ERs=RgtYALn-_QMGPl^5f(2D< ztw<&FO4FXpdxy{&2YJ)O8lAFt9(^F#PF6p)D}~dmV75%(6xDe?Mu9%?7%eYf# zRpa@T3$+qiYKaV0JZjg}JT#%*TX%0MyzEPJX5Gp9&88@!Q8Dl__v0%}yAZdm!ifRn zPEQx|8jcjdgUVhw<-~K`ArVs6u)?W*@{trvXVm?h@|F99YhjL2mW9%~F3kR14z(1x znUf*hk=`=%Tlt|DyDoOz32x+D<{$0E#k_)4Z?%*;LeT<2)*)+2$P!?wPUJ$m#<>*7^mMq8)S9leUGHG4c7uq=F)tUDL+ zRTlHaf&U|HH;U5tbBd5L4B(kS#TlV-%bdzo=lBO@+=#S3rcI4)0chx{r?8LWo5`Pf z3-Wl1nbBKkJ>Hg&A(t}i?5!9dK7gE zL6?h)Sf%evNBSc)GC)c9i25*TgpbT}i?1N~uneRC0&@xJ{BE#a+|8fgldP#*6|U1t z8}a(NgRfwv3kF@StVVDhJZk~{P!dNNq>}q=RL!EIgS*xF<#73x%Iu@?!S^GowHPR_ zT)DkN0pgqyFXOk6k8WUAxyF#0N$ww*@FuX~_hg&Vx_+cO;Ks^wXiUzZc}{4h^02EN zk(9}9(}8tffYs`^Of`chX*nrv1mUj%qm}3Yir1Tv7y6WdSOZU@?b1xwyCqLQUpk7O zJ2y%#9D}n4D7FgnrQ*&Ymu!`<+F2?OWKP>&W+>IY(LX%=ccGj({^M9^>H|y2j3EXU z9HPB@OLd=&sylc| zxvuwHzHN%zNB1i%%Qp7y^t)Lajr$kp?;H%HM~ggeixfJ3|1Z+sDaf)gTNka$%u3s~ zZQHhO+qP}nwr$(CZB}O9?C!nyz2`)n?h|oW%!e84Wv+*@=J@_GKJ@8wwiggP>u{c% zU)+sCKelpXwY}ZmjG;pTM6n5jkJCoPDFRZ;`WK~{oGq*RO;q+0Tgd7T3JH_8u}=th zPYQeFur0dLhwa!SCHelX)Ox{aDIJB+H$uSK6$sAmwfMb0DYww1{8Y7dTh#`ot=L$$ z_L^l=Ae;+!3Zph%8l5_Uk2P@44#3$9n{xG17h@Cm{Hx25_EumU1Cpx!(Fv->+35_# z@pTWusf@S>7@O<&wt4n1pTet{uNbgfkMUQG{(+vuH(GPl$k(>gof04&#ttATle&TQ{VE?~;-N5@x{il`x&xi8o?mzYQ zebJAdCHEaY`+<4u;#mGd4BVF+EgoEuqa3Wf@9cK78&| zpxZp3dT#L5cpt}zvjq{@QO)zT>%{XV^C9cz@$cKmCyB3#Yo-u@*dH<^3Q-0`nKusW z=e8fOb|>i|EZV}0=nEjI;6gbwiq^hbH?+fuYB$o?HH$fgu_m5m>;l41o&k*X(-I#A$+HOR702KPd1h!C@zokl*^8@kmG!D-a2sekAVbxzk1(G6#1TUR*#1d|AtY9)47{MxU=O_`$IGfXV zZ%oZLH@*5-jg23>FoXYyaH)QBx&P05`Tsyq6ELwf)0efkadrDI$3?n-m0Hn%S+OXH zrzBS?!YcmdCtHWn<&(oX9}x&38w)4KrQu9Hb6%ykbV*;M+Rfk*LkRm>&HqT&U0q1^ z#iiC?YZ)3`uDKkJH#uHTYHoObagHo7!lTl~GSY=34#X=~4{dCkflsh)H(;)rkM*7l zX4@!f?NszA-M2_(7KO)dM4=gZJ&f}-n;Fp zi(kI=hgC-H%Cd9b8_FK=4U~*RN*Y3G($o223S4s@OL^t+ht4z5+~%V|5(Mo}vl7!8 z?S_Y$P0~)n*aG3X8gjrwYW(Ry>6s5XvVdbUDya9EYjd45+(jQSr&L~5*517)+lCjB z$5NH9j9-d2I_I|rij$2t6^U2vqJSj2<26TiL5){h%k7X})y8G!sA`wp=)6uankTmL z38A3*xqo29YdutWRS&)A?OMxXvRNINE*)XA4 zn(u>b_&yfQw>^p{Rq$Gs^RhrTp)r)rhfI4qP{kWpHr0)rovHg-=woLc6EqNU6dwLO zB<)(sn=LwTvl=9tMu7eG5ft#zaYDdwc95WQ&cZ>cu&SLF@S0)qTUux7M9)-WJ9mEl zstHCl?voI615r;g0WT?{4GxIkj2BKn`o~c$xI*;M-j3t9X|c5M6cyhNQ1t?*M1}e0 ziM~XcCxEg#r=Q$=_}$F<9dHzx|8MPm;wXl#U5!?#)1}hwo`Noi#`J+L>RS&&GnCQf z?p{(FYOjGKLhh$tWv0vZvICq|%4#ZqUWrEOc$KtaqNol? zi4Emj*qA1xKQgA%u`2uo2Q2?MC@GbR1w{T7``*7bd-)F}l>fch|5fT)${Pw8N~qsh zKM{xRi5d&&oq7{Qf$>ybvQUZ0b)e|E$;sjuSB4Iv$g73c&E7^suHvX&>9P z=XQ;(lLPgtsW6H=+RxdAiE1qm!cVHJWFR^yIfF-2k5v0u1xT4{QH2umgv!x+F4d&% z)($H6AyzuF=pvevW)h2xkLwloqsc~%Fhdwm+0|`R^PGZq_JXIf^6AVRc1&iIwQQm( zX&---RwWRAja=-p6$+?P`B8eWZr3J4vi1-R(zu)oiGV8+`2l*jy5{80P$H=8NiIU8 zfhTuQnMWXYj`)NF?8OH}glN!e-S&->QhB89WqU@!2OXm(mKum{Tzg0q75!k;HDZ#< z7lL=>L0mVh7h9bhB#OeYwejCo&87*LDOFIql?Npi#3`GZ8k_sIe z*}HzRZ>Xk(irV-$XRbJG!Oi)gh^9l?16IL*7vy(D&-(Z`X^I?{w7E&sAos*tcz-t? zQ;JL~DL?dg3_mbmIUbJYbd7RJR9j^1PNL3YXZqwaG=U0JC9upkicvk-ud=^I&W z`(Tlpp7lj}SR6L0MBU*!mK{g3`8j_#JR`DD%w;*?o{PzC2{&c56Oo2>Y0W2l+=t`6 z70A@LX>S`pigGpAJ+h9GpoizT@2Hr#Tk_D6t=7ZJeoo)l-xu`ZXMEJ>`l;^^{?0cJ zrBW3N0YQqfjQ~_>5PbB3NDtMvrFbk(uP0OsdtV}%*%#spqqj#=Dlz5;g&j>U4Vz+3$`TVmO_}hFoG(Qswjk+uG=rn&=4>Mrw~MD z-u>9mpL!sRpCd{D6c6x?`Fx1BN_yc1a%=76l%Go`GCSY5;T5)Ew^5_;TNZlwj);2S zqMf{FC^G+qJijofA1XdF?of?#kJ!j}v{a7Rq~$g){|=j*ctgtk8H}3<2yb)9q!5Fc za3|I~yOi;aQ;I{W<4?WD65>5gW<1U1C{2QA+_VhdeQG`80&PWJp`PGCcyMd*0i(&` z2hQUx`#p-jPyU;YWUum>4pBsOdK>9VJV)@18L|q)(;Lh`-kMURQH(1;@IV;+-$4Za z{{TZR^&A}j3mpg=8S6P&I{woaR>|7MUeDI{zpY`T5;Yv=c@amxCz`^@ia<-3mNA5= z*B3V;aJd)H8W|)x43b`mtnsp9Y4KdoO3E3ujXiGxU-K|!m_dK5PYA>}n0$Y5gnVD$ zf6UD2{LHap`$#({heTtczlYhpbXm`Esdc@{}|A(J?*&NL=v zLIGS-EUb+eR39Lxha4J8rmJ)bd=a*lAa>CzAqnu>K&YOg3g$0kdpokPR?ePy9cnz<^_RlzITk8dXPcaLgQGB!Uq1^-t8Qc zwp3(#mT9p1>?H@9t@((?M3o&D&}IfLR&k@nYEL{Y*V_I>J)FbQia@tjOlG*J-SN%f zaj;H04JzE(jGJGl=^n6B{xkRx1zpHCW1CFytZE_Liqut-5f`V_4&~(++M8lM;7b|5 zAU%wTWYIm+*trX3&Kxdz92h*ni~y-oq`Yh|@e~T#a^dt0XKpE>2DyS_Tm|!?&#Gfw zg~>s806q;hsr=9Y-94O;hU$+wa6~6_gy)lvVPfU|(}rQvx71!3W9W0#eu?Ziz(0z& z9sIjY>Zj#<|J#=TpUzPKZ}I+Dw^w;{K~O^c(uQXrqb;-|o%J8Z*G<A1&h3=kPb@(RIf#UJ`kIA13W+ zs%xj~#pA{6=IF-9=L4(Pp_Ql~pyF3Xpi!xQDH~NzLKhty-QE=rSCt@RFu4yS+>$zK z<@K;0$0ejj{JCI5W;{Vj;_>L)-La%PSka=Xem((l$-G#5`JYz8NAI5vGa>14TnxI0#6&{a}BgqfOV-T7?EVZ^lZ6#4pe7i4e#w~P}l)Erl@(Bs|rjl@b!Uex#0*NhkQt=lm<@p#X0>UvTmgf^@5t;B( zrX{Oq@A0;+r{Ft(h6E&}SQ+$=8CFkxIlfwu7T^Wt^wkEt#khcakqu@p8~LlS?CQYZQ7o&kLNWPv~LrreF$JX^l2}yleKXr8@aU zEAqH<-}6Pp2f**!L$eLCNqrhbjd@w_F}-6^eF|_@b@R9{H;J&kC<0tL$%ImuZdI*$ zsO!nWs>_^ipgZ=C1tPtC(t~)x!$cnO=dCHcKqEH^u!me-`K3y4DZjbPLeQG2=h4~Z z1yJE(lW8LfAeV@C#HdMmWuqw;{jb5v8!-u3iFf~i(d@GZRAjOT9}&lCXl_R;Vlirv z5Oo5jH5M?;E+JoIv7&+a;F^Xk=aQ>(QeW8}LP{{U zBn13DAK8-nKnwQ#NAvjOmVz-zB6@>$GNA{5kEt_zi%|k)dTyu={PUJHBCQc06FhU$ zNms;1gVd2;B(tJ3$xJN1wvdS}4{D+gvI;{(#6Hq`scS9}esWL*$tl!EdNYHOjhV7S z?#mi-y-`8VJPOG`?b)8|bTo&@)PY-=#~NY&a5RmZ&8T%b4XLHpqR!ARe;9yZQq~b4 z&jKyUb4x-FqNgNib6ExPnV-`l5C`0RqA>Wqt97?bvHG-qJdV@Id~^gSKG`XermS5Y zB0SGXEMpqr^y|BW#CYrKOLUS|FFemsIEqwDPTMuAY$BtLq|8WG%)$%&2BBQ!T#OJ= zsYU)(u3|qwA0ato8q*gF$`w$h@0PerEw)$ylgi1x`b4~ZXXLRX!Sak&GI{0Hie(FJ zE5+^F|FgWKTS!F?cX(5&DCJ7b4va$v5-3ww!WZdbj@ z3);e(zwqU00oJlbuim5HToqC7{YqC6+-D-7Z5?##>$A55Ejwv z?N`W|yVQ4p?%ai=Yx?o+A!c^^7=mmOil-(_GrNT$;!F%ZoMxvDg{ehu`-`HHF4)d~SSilQ`Z1Pt$5PM9w@Iqo4=Kja zh#m)PCtE2z)jRvGYaEW)5+pzia1zew*iI6NSDlh&#Z(ZBjsb~vk;nr^!{TNQK=%H& zKMKAmZG2ZF+c~}MshpF7>U&&^ z@M~HUroZQm6Z7M&MiJPTW6e7BNlcdl*$6pl5CU-xz*L)xrf~1!-#~ znX4WZ09CSf0XPI!|1iYY_jd-XTwovceF1Xnuiq}Q!_B3fKsC9 z^Nmtqgu_7mJ7O8n20pwWc@;i*S`}nlFVm_v9L!VVDm|vh+iWg5Ue9bVlUQA!H!C*3 zT5)`qW$|V+MWfy#3*oR?y!H|bx^4CK@!?*KDorO*Leb6~=WB-r^a!w76tG)mi}KV% zfLnU!4Tix6P#E?Ny8Q}9CTodgy9m%@)U^PTq%K0XZb2)FyfdP9g#R{6u0s+j%)O=p z+|U__F(f_nj_5U30d%vm1`#hLv(crB+h#GH!D!40YU-|~noUhY6}~gnrS`TL z>qhI2#&dJ5q)5BTMjW9lpOy}YSEo<3sMp1`nEj?ozs?p_PXKT_!o+ekNb+4hQ5~aBA7>s@m zx5}!5$o2+d-=TcmET-!=J+OVJxNmo0I{C;uS~A5TgA~h?L{A(r*LdWIQdLj74x}m7 zbrFK12gq!`T6n;X_Gs0{G@rSoCx{Pk9}(?riKJQyfXdiE5=ECFzRBfrehDiX;kFSC z4VA_2yz3pF;(;zYs9#JD$xk&kNCF>sYN{Bl=b^KJNJ*&ZTSZLR2I9yG+S8jqXUds> z7{AzjOf&6vo(WMuBT7E#E4WEE%OexX377b-+aH=*27ijqe=}c)!9`h|eZ8yu63c60 z`x`@}&O>zsd(7HRyR*w~LUJf76|qA`ga;UCvzXF@-I$I!3F3i(Js4JBnP@gPP1;ai zk4#G^t#X=;L1R`ryxAZpTJN%?gi&Q!k^-)Up|g2YnmpwIF#eoRKAVA{MObE64l9Jn zUCR%aA-$chA9xNQBQWoPw0~3o%#c$2>m|A3TcF4ReKIXNm-7Yn%RYkv2XDa_^F%{6q?B^D~!)frad0eyIU8xJbx+7ia4@t>7s231U5gSyC8Cd)zkVhkC1 ztelmL2XM+b3qU>}QbU5)JEdosr&=mXG>4bV8>nl@*O1mZWzq@0@9pe3FM+-|+1!$j znvJLuAkMwCTlUmWUi^MW8ZhAlV;|%F(zJC7k2J#+P>eb~f+F_}hO_$N0!M`euNnF_ zO1{3fA-o8zwUE&1YcXrvVvu@*dJ3MaKNEI=-E!wgoDNr`^?OlD0D@JYub$xCrH zbxjfg3W$JA$!VbWB2-%uhiysdwUe1`XJ@$DuD~%)lxu4ImV;#5_ExhQx`8c{0b}{F zg1w=%6?4YD3#?J@x!ZVNgSdpRz$S{gFp+xYNheZvWR^Zu z?H9-)ISt}hCF^VZV*npAnI_8VZ@KNSZr|GN601j^um<*G?U$gTR3B*A*A)<&p}*5% zIFbBU5A26Yn4pJYdxb{B3+5@8?L@F4N}G+Io;l>qAv-e!CTM@7-EuG{1U(J=lInX; z8NQPOG*pBVMy9|R`UB>`+=S(ET%ALnN&wB=tQ8;3+{(%RmLIg}>`hW)Ju6;ISVqST z)Dw_&>6p`HQAM!9=p>+GIJU@GlOVEVAx{6&iH zNoL`mzFT=1-svTOiyQt>x|bZkuo_(2EgoWFYmZUsvq*XYC)bga=pNF6squ{|#<;cG zK5K^SF39D)hrRmMDL5gn&7qmq#I&G_Xqi1+&rn*^)#V2MWU{;G`ebHW4PmR~%$ynQ z4P^nN+1DQ7wSw!~@P!|@JQ3rvDM5JV1$8E7jPaq`0tC-DbH>x^3sid)9kG5TW&9Q)UIoMPJann!r>>&`@HK_C-9BmF^02{nzoXP(g}NvQk9cZ279^2c|}dXir;5R`Cw4S_pP*n!vtfqRKW#)N(bT| z2a+OB5E?H5u$ZIoK2)4HsD@jTVOOJ-Ak_43$Rs(|fmwV|J4b{=;gy~(Pd@|Xnc6gS ze6E$xb{$W|NxkySf_U(nZ+M1kwE1w^-UvGLtqQHm%`S9j?s*9S$}PfQ#iD1E*S2&7 zSF~o#9^1p$3WAa5pmDkUA@O9eSFxq@6Xvy0D0kuWx*Ey>&74s7&nFGf zDfQ1YMpqI`t(-7S+7z+{!e0;kNQLMhZb=xt56lr}oP+@l6b4 zOq;Yd9Fpu1@N}+p8@ZPBGDw8_#yn=N#p}Hg<8ipHP+nSmA(*Gw+DW0Ca~>IL!!d{j zJX*Lh)QoSC`uy3KB!p-es9sj+t1L)j0w~ zU)tG4-r)h`ZqJkZZz_+Q)6dFyToFrxiCP?&Rb2EzF~Bu=`R}8qb~s?GUWMK6;09Rg zS9k7FH(?8<7H#2Re#!1vOshiIJ}GO>;6py)aUJgsG^(Y}nIOPL$@S0L59(U=cdIuo#nBX`O(QI?o<6oou%Z59&B>HPBzdK9eumZu(1#(Z9lqZf0|+)^SGv+A?d2*kfGX z?F)9jWn)McSGpFQO*42DBo$9a@fh!XatA?C<_wR}6l^>JqeCk$dy_k&<-{rB-Ae;V z5ia$owIEIA{40y#)e>!-=|_z|i}vpZt;+uad)ruA8X5etx^WFdsh@m~_*hs3P~<82austGIdW$h}!Fn{AH=?j5&< zx2KN}m|ripECE3A#E=kPrzWV|M<1KdKQ@*;l{erd`lmTAUM%XmqR0{%W`(iLadou6 zBKG1So2|M>vas|xKx!;Sn9=83GU6`QB<3GV{U|<38X-$oUbUsDJJ|aJ2F{j5fjHy& zq^e)1g73-tbXyTkMpc^Nx5~8C(0-`X#KBaVe9?F-TK&4$x3*fCg6cO6O$0W1zH;Z6 z7q;E1<=LD@LxXC;{X5=R@$(qh%`*kYxTwP(r|C6TO337p21DBU5*dNo@ib-*&FAm> zU2CNgxx*LOLiS2$wl)bM)#@$&!i@*PkTDe{Tw3$2>tLLl76Lih>{VRJW7-B`3Fgdd z?X^s3p-3`}fjD!0AT0RToyw7_>%Q%+%ISGEs`*`z6Au~=TPSU_Smn>1%gybR!Ir?$ ztvBTIUxR!mOUl8E?Vtr9^pTRAhNRygxu}&&J1BkeBLlL5KY4DGpWm5gs#nFK!Zo$PBsYm#pis&2;+lQNCs`3B{;d+ig(+vI-#Y{bmcEkg|XJfm3`A#(VsXY9s#bsFwHt zSNZ=JFF{#DVM7`AE82+C;E?xM2J27cp_zUL@imoII8@PZc~Pu{l4#+9V`{j_YQt4;W{^Z&-+QYtet_rT57M7aNpTTVpK&@{H*&yy% zCe3}9|Kv`W2p`;d8($T z%oKGRZ}O%|=@CZHNF#-nHjoA}5tC;>bEZk!+C@34;5+l2WX*BA5ju`G3``rw5@!!NBQ;<^gxg&9->T6IcG4Xv7x4H?7)y{)w?vL z7!|I`sBmnwKY2;)Fh~CG4gKU{h#O)${wf7{^*%aM*_2lBgGPh&`n{(dB+L#xR1x{5~rPeFN6OxTDNy1&5 zrimyMkO^-F26CqG)AetW5n*$X+855vZCkP}PW6(?Q_1BlN*V|!y{IlZ7K?M@PnQjX zeuf3JAIorm$2E3?;k#0K@__O82v^)fFsO^-A|A;Z*8=0JJIpOqY(r-aDH#ld-|02E z!HVGr3Fd4={h=q5BbkE34vxQIMT8T2OMe3${iQM5DrsyFbT9#(E(^}q8~k{Nhy5L1 zf{Qcp5%ee^w%TcM9XFv~#LWXbhpMkp39S*5H(hjYykdRlk)9fSW`Na0M6Cd5v1zv= z8Pd(mLyIWGLkBtDu4n6^rh+9xS$yaBl!n%RYHC4fRt2~ySXUtCEnI?Xoq*No!cFoC zG2bi(-lKT;tCIBv<&fu;a1WYmCJqQ2HyT~I&X49S@u`b0hJM$K+nwm%I`8G$ImRun zv8ERB_8OL%z^&?)bg81Y~{m5%G~+%nt8lA?Bm3XXF;*kW~ox)0xtrB(Ko{(Cmc26HHWLKHj&-C)`{I zWr;dl^$KT3{mN!6PrTva;bNZ#c>;i3M#@#gu7YAKPii zBJZSW?!jGD+Z$*n?&?Fk$AYg%COjAG{8ks}Gcm^XL#k+}Ik!wEpx78+>c>DvRlr3c zX$n%28KL|VR9|6n#XWFR5K)cqc=SyVbcneda2YvIw&{}AIJTcOg3g#OQ;$;bY` z^?vyewrm3bYp4Bh9*Bkt#?NL*nwU0LQhmINzoH2-NE27yw2BZvNh6N80!*<~Jw(s9 zYz&eDP4lSaw4;K?t5k-{nF`14mgW`aFBo-`w+XyGUI5j7@0v+Y*UQV*L|Vem*V~cG zFB}7kz+Z?+d{9)TNT;raJ~bo{?Oh3-9dDzIntscTMjF?NzVw({5Cu?Ip(_oHElr|_4?|j4LZFqvYqoF8_j`DT?s1>!=-hA}*cHa9@^pB#Z^yg=kx3N-;Ch%WN0VNo#LRltb$Sfb z$z-;U#gE z6&O2X{wZGT4a?D09UnsD%Iqv_lD6YL07t&xc859<2H0LDi%ji!xR8Ef4GwYDQwR75 zNQae-=YOb~&F9;S6s@NYm@~BR`?Niurr{8aB5i zOuSUzRHC6N6MS|Z-(-nv5D#05%UG8jJ|SaEfZV7;WS7@y(2qNbNE$x|w=k2Y0rrp@ z4yiNl?^6^#C)EFb!%XkqeZ)E(Uw-;0c9n>0G+H&VCag#hB{=c;^hfDf>xg)piM-j5 z_b69;a^TrUbl6q<{gVE{{%=PU$+0;uVUiPsloi=^2X8L1s8J5?6qaeAlVc6@xNSWRbnn zEdmx&wU{!Ioo157(Idm1_`8-J&F9e|oO)u(&o6-URG(_e!2*aQXq5&&m~{5nw4tBS z(9Z4xLNAP(RA?p-i%dDu99Z*wl00@Cu_(MpX&37%5%yXu=$6m>%B6?XDy)vX%PlMi z&cQ8RJZ*9(K5Jh)?bl+?m&`4G>jc;UC(4(M0N+Icn#5Q6t$9Lj);zLLL;DCoP=6tg zHR;G?z~)}DIgqeS8fHFx)bO#?;D$NiHOA#*rnq~Isv&IU6L#k${TY>D+u)?ul%Qpx zEZ@-Ag!%rPtLMJ3=1%I!KI#C^aXc%VGh8bAT0k6l{p-&^-gP6gn3T~!^o`MfOW&aQ zPq50$*38n#{(r*F6t!FsgiyVSr8<7-ZlFb;ih0RF#8J*=I-Z5fjJ}BT@}S6nx>Bu& z9rYR#8aVupOI{&3M>yD2VKiR>U-33wIme;ghwif06g4CX*-V&kI3K1NWbfsz_U4ky2OxO z^nfJES_jl|!4Fbaeu?yAff9)9F z`CQ5AGY3twWLG9t_V7Sc4!;8>rs_01pu#jt{fncMpCq>hHLeeCqmkNdhY3A! z_j|u6GK@4{PI8U0KK`g2ha%xBf!SDAca&63Ar6Nbb-3dWFCNK=zuTeqJgqO#@LC!z}!5jVFP+dF$$kQ(_$$&^47LY?x)&!wWYQ$qSAF zS_aTA2AyJXk$fTo@_xfSnG-amw)bdnuEm)Ich8nmX$y_jGj0!L@ebtbSg)`_r;8rZ zL=W?DkC)SKr?h&e9yt4@=uz$!na2xLC&`NMs}^p{jUWxztYuB9W&#=0#6TMocj=pa zcx}io-r+@}34W{5_9&V=q=7!wQs)Yl6v-DasAjLz(aG@8C8M&NxGqF^WiVGv2y_2N zZ{Si91xF<`Zor9?CqPLX`|x2>YFPKUN}+TMLKcm8Fw18XRUY&liAO9voLv=9>7B4a zh?F`YREyP02F*St^##qDcFnAiRR#CRPe=_`&X<6@9ua{CsJYZaxjBPpxK#p73ahX5bjFP=EeLH@pT!dqgXB{u;?4 zJfgAOKZ>qp{|;Q@Lz*CT46@t+T^?nsS02MI9&t1VUXcp6o@J~vZ#Dbs=}m{D4bo_} ziY433`zAni0w1%H^tngtAHI8f8}RvOa-sgk7LCsjh9Uh?2>hR!+yA%!>;H}zlmA!V z`-WyFPzrHgqnQMrEDNEgc^Uk^Uqt9UV*W8ckrKrsNTXe{VZ=d{WyvGND^m7vFucI` z-+v)`d{dhMynZREK2K-1Wu|4_z2xZ3{NnV>>ci9r-Y13^rLV+#K=3vX5pVPBB6yos z;3LJdkZ}hLJ_K_q!Pg~CrVyEe;KwP7<6q|;9wbVI%oxX6_w3J#tIb+iX)YKxI9gkf zZFiQ6BAG|(Zkm#xF1kr) zvHKGN8GH{ie?TozscD9)s;|1#);!Ubx24=w#;~5$kG1Hf^VY81HyB=RgsI$dCH&FW zT$R>ZY}KaR)TOX>)U8`|6J6fP=zvjQ)y*z3U zC=|~E)+G?hxVwi^+hCI>L(6^c^2K0(H|>ERwoBhP$fik@8o3K1E@J>U(HaiGEQ{}k zvEj-~AFLsm8F}gx3)4u@n@=^YHuo035^gAQg7HXvwLf^(7#JxY}zJ))HVXyy1G#RKfa zY#F0g$pU0LA47+DThd2HjZo@G;ql|G|OUS<5WqRy1 z17vvu*OQg8rvjy(_zpn8biRA6MDRW;+G?r@oc-eiqcm*N2CppEERK8C~G=)1^g#d$) z_6~>1O>i1o2fTDzQZYcuXsSBeRP9VIxyihNPRrg%=QJp_&nYnm>~%!C2ew>O(+)lk zL1b&nNT-4osT2VnzsZZFU3^`%#*FIZ6hX^h*2l#!3}$}TFr}IXvmit1U8#mGODdLQc%0j_|UF>8fOTw2HRuFWtGfS$f?CKnC1D#_0Cu4%9-cP?OG)qknIcywa>Xov_noqRX6dE zwlAQ5=2;nE5OH{@l~I8#W0xL=&t0Kg&z2m(jE5Q&4>v5Q43EBpb8SK! zI|oX9r?zGDvG^0(X3!p`+_5o)=i)M8tgyEp{iVoEg*)Q-Ca-geY-zeoXC?ae$9VfK z`y$&F@snX6u>!g)01WVvyf+`Y2C?v#j*4-1N$Uh@!zC%BzXbxc5w?(s465p`j63NP zeLp@?6PiQnuAT!W-M4aCPD|i@3bu};leh?0^%^p~qrH}d`5Zt_|Mq)BJrBQ2(riAd z#P9h`EykOC{>(A}LIB>YVn4AI9(M>oY;3M_c}ACg4A)5^+B{- z7jz77dcv92@BMLUKDTmxW_<)4Lcb;UGn5=Bhwzd)x(V31nfaq-zic;iUCwlFVS;$Z zcSiqJ^cBvjm`} z)FOq^E*Ux`rOn6EHI8jH>&CgzSa}JK%^ZS{H6}Z6xjtv~ z48dca-RtP>F=;Z=+*-3C=}*?sF-(%WmVz3Z(VbQITL*OJl~<9rhz9wI$l$YEHHPNU zLd`jw29nh(xcw@6Ns139WnN22b2`B>+wvB%dUVf*6bB)Y=hywUY^O%Pg$615IwfG( zINo0>h!AEGgD}HZiA8haKBMMx1Fbwq>2Q1@r{5-ov47F4Oa^52ikK4%46W98_slLA z-V_5$9?ZyM)A>xsMd6V_)6-ab4%KzwW)9WZXP8^#fA`B^4B`Fi#f?`i5n`?5#J*^# z1Tnca$?($NO}s|DsAO&p2DDwix|98`ok~`U7N;MGvI^a-m8$A1dB9BN9ORni(bNLa zFW;6Z;y2Cidw7F1tWRVyGAVLYowj%(;W|8>BoiskV$T6HipjUmq8k}-@m% ziZz4|mU5dI1e`M!K^fajoXD%xN(0!uJo1PB?}-|Q)y}A%aqtqT7;W57NFmAtd{zqj z=I8`&z#KJ@tKWyPJq_w*IJ#lV19;X9Q>&Ua6LF3pyf3j9oMIb$P6~N7ZvS!8S+2^c z)n@gBc!0{?o4|xDl3`q&tib`H*;|eO3LgK^l&nrb28S*r3Uifqm;IAaH)VbI^=~_A zj>P;R+ScTiv(D{Z2q24;W4w@o=ZTCEjn;)-h@iH*&t=zAi;HyDa6Oo;aTGMqI$l15 z1fp1{yis4WZ2Pi4JU{F0ANzMudPM_5zaF@M~=5Hj$Gl;1~PUu@r;s zE@L1gGk!gf4u0zEezJsP^oE+9^7oS%@MJ}(Dg?*v^oeexdG?p0-72n?^B3DdgMHyo z$piavXt84rR_X$^TY>{3d4I;cU%MbS4dVgEy{g-Kx6*CtKY5Ma$+izj=gs*R6p|#c z(a(ea{L@n^dD0b54TvLV8j*oXuL83j-{7RKPxoJiy(*wAg{)KMsrmLZRQ7 zKXlKK#NDktEBbPFWdI~Y2uqxX-d&Ch5joPBPR;<*@ArLM04eUV(&`zjvN=r?T>4-e zf-dn`cC2noP@ReaN4qInR3`{ncJrte#BI7mZkFD-18z=cAlo7uOjMEF5;PNvGA;Fu zhVe5BJ^{&0mf!d;J?}5@Cl!z_`c<77;sRr4(EipAM*FY+(tP>7O|bkLG|440%}kI6 zT3n^*qWa7!Hx2k#C;&$ZIaV}yUrf)XrcVc6JE(@T-CDTqqP@1w>uo&3aNRoqMs%yp z1|}$B!eD$02F+8ob9Bi{_}3LU9DO$JE2x3GSbMg1!u|EWX3u9hmc`XThE}NESk_tU z2~id~;iOi{!%AAQ@ewqfs%I{aEWJf@2KnY+sNyv~odRDszht`{%svz0mY{<=(;PIZ z_vWB|y}ISx=@~w^ws{S9*l0(ISl49m+kqYW*FRs)zZ$;06B#A_JG=F7Uk>dpE3vc{;2jvwx53uxm>f9#)`NXaZ!P{3po;b@x;VID zlIcWE^XP#W+e@gBvU8kmP|HoBgozo8UHy8!(!dP2xt0^BxCFI{4vyzNmt?S?J?Y=` zS6%#-V-e{zfmD4M_UzX!W$YO>s$uQ-N2sRZ$i{^|zDv(_X;Q8aEtBNPOZA`%GdQHk zc;X6kFV+5c^LF>BFpwYR2K^2)CaL@io;U%h2W|ay`$qDY^iq$Qmf9~#wU-S`1=X~6 zM&VIKwq~kDn+LLivkBf)YP1bR1vz6na7*}{g<{(4#Rw1LHT>?}_3yZskd$^TA{!~wJ6w1u$7AgFB&B&4Moj_xTYN+ooTCPq4;lXQ^04$qIMUtukOE4 zdLnnDSTQ%ynIYc~st$=+0N!GVrRa9Qlq2R2$F{HA5hBsP#9)64xY^k?&vU|No6UVo z0kk`(XXy(Q=UFf)_}Ygar*eOPD>8JCRRiVTO#6xhen6S zu+;MsrM(TiMoCu>iq|>zg&k;_UE4$9&OU#_zbSpD#phLN#)2Sbh-BCoSj`k!znBxT z_-jF0KSI_gBkeNEiDbCFQ3(4A)2gnT>Nn?dGCrP(G9uS@4Y0>+cZB$v18!Lk(RH=q^x)?6D9ZDl&Mh&#=we6l}w!E3VR zp~>mF_2Slu3oHq%ET_xMv{P(icUeAI^3o27-R1F3;t6bi5-Zfc>mo(JwJtCL93P~D z1}n!L$;VW{@!uL*lgDT04>da7vxT0{*UWiVR%fuD8|KqVbhWxx=FfhT#m_weZytg> zWeAgd?)kuu;CjUlUl!PT*SN$IW9E|yf{eDr7{9?J_zZZLuZj3c zI!qgcAJ5!!fFXuW6M`(s(oGeaG3NYr1pZR%Or@1x!BKiiWI09-yjiW31 zwgcx(Cq9+Wf>MjfTGr2q(+L>0xra|nkT9GR3;UbwV=|!+XDEkT@pl2&AJPW9D6J?~ zy&#{FudBmSyYR`w6cS{Y=N4z7k=8^2De)x&W5iV#LDF z75SG+s$m6roYm*)xA{hpZhZ!3?9BP(9#y?XS>Uo!999Z3$25Kgw3f7bh4eOpJu#%QK|>4K=!sLN!i)l^_UN{@nYPVeWvr&c*%~NjI1{6A0;-X%lLL zKpjFM{$J<*QWk!Bl)gjiJaBM4Nyi0!`ZG_`7KED=e`^{cq=^STOee;GZ)jns%F|sR zTvSt47wm7AE0yE!A>`1A_BSh{SQkqdxd);^QaGi!2O#|@>oB1b?kwOtnsZ=w>7-M3 z;p>*MH)v-2(Gi{rrZ*T@hy62O3u}e@bk(aZvpaPvFJ*)(h9y&{rkC)^(=_J=kEL4f zMs@ke?G!XCv6yP*V7oS-SngTn0^@UNRI$GN|A(}9ey+Uhx_-OU9ox2dY}-4wZQHhO z+qSKaZQD+|qfXx3I91Pkez=}fb!zWF;k)LVYmPBLBcju6NnfMwJMjwKd}tRwW|1b? zS>l_yYPZnq1n#!%RjF(w8u(d{_F>{lVCQL)#f|AzbkWIP(*204XRqF$m7-TNlh;EE zm52H!#zK0^0(L8Af#R?MMRRPU&g^4?3c8|f`pyY+RBg~;9ck@H-pO7tVtnD5W+!58 zvDVqAM}#eY-2(VI)w97zZVz96{QQ+u6A$FV-qP4P%}0BWOq(N+4jOA1_&F_JFjZ$i z1*vk)!Exz#*|JvtrlfngrkKjEct)_LABJ`B#zgKV)8*_kN3(ARlUAlzxPUp}Ro^Qu z8qU7&TF)zp_=OuSvRFB9LvGKi$`&5G!U;v0V+zLv&Yy)t{&Yv1?#hzQ;4q^%e`KHA zlHQVCNDEGJPZmyKV4#zptVR&>P}M11*saX{94$!>SG?P`O4VzBUMvjncNJ0w8cD9d zj6twtsCX48hWpUwV9K)V>*Vn+AQ|@I&6XKzon)kpKRK1%7N9OC9~j*d9h)e&;pS7* zQGCJAC=@++3B052TcDV8jO*&^w&jUi44K;BhOlqO_DbXBZu~v2MHstd(Psae!&O?r zk&3n!aaai?1@6~b=%a&sdn>W73G@2$6fzb|BAbv zcq0QF$33bMdXx;PbD_k~q;KlnZqM{+H07$w-!W2=!r~>VJciQ__TMpGPC9~He`Vjp@sQ?7Rf4>P|5vcF~fqwvh1am)Tp;I*`@wtV}F&b81q zPUdG4%_1sT1-#vNG-J#5D!VvnCXek9H>pPg>L)_s-&^#Zp@?`r-=KYhOlHv$G4Oss zY)YCg@OFIbvI3>(L@RAaTyKxf>DxejcTCa|rf^HnDPcRs6hFXbzki@#LthoyIY#n` zFP)RrlAwDyd&I3NR87KtQqz#`>{f%%Bj_7soGKm|G^$a~&-3%T3?*M2+%~zTo{COM z1h{vogrz`pEn4DLL!`T5DO-ZQZmyaqu!4C9o6{*S>bZlC-vh>+wLa!;7a%bjlhwf# z$BM^ZQz`63XG3{(fonwUj)0jmzCOcsi=6!ZL9LGbq>0}TL*$ln);NcXIJZ0yKIZ~C z`SRU^x<9Jxcldq@xZ%%C{qpG;KdBA)fS>b#ZTN(2y5szIiH+fjJNl~5>1Ht6l)ALx z;2@W+QWdSt(JV+cHzFXT%q;U@QM^hx+`Pnu$1~8Jsn&Mv(6wUMcU%GYFeKJ|uJ!G$ zlKQ!zST@hxcomjB&i2fOIm2}DWnfUNwZAtP{V?HG8x4(ia%5orCql-I>8iRX;$}C( zUn;Ae8rRo}?7BCL8vjAN_5%X8J`}B^nm{i&3;XV40=D{9n{H3K)|C5m0UgC_yhGTd zR|4D3Kv*h&y<@vb8rR+iE^@fNg8HfjW|zSfZj?iVNkDaz)%yEdOdE}6tda>@Lok@r`5$U{WU*$NVrdiUMw@yS~ zfO2UybR1Xi0^Uk&b5GiNTB>+mf}eU%#@n}b73w|_GKjN=usSpM*Gs+IF`{quocPbe zv_;-1(hdPRq8QykWY^8n6_kYQFG)&W8<90Vo7HLxR}JJE>Z3~Vm%mWXaQDrfip1$~ zgXjF3`m-1Lc0B??gU54|TBUYAY&@3WrMue$?g(qJsBSZc~oF zJT5RF(eu>_G)unZcfYUweRr=P7w{40#GlBxRiotNwHnZaLRoGHkyW(kH-_Y~^MilI zKcVB3J~+zfS7}hLyyZG$FJ1(~LfZ;2h zvrhe7$31wvQ}|xsfp>6lzi489Qf8{Q0g$akFob=Aw5L>&=BHtcC%dI&#-6iPRb943jP7%@JU`rS3?qJmsBSn__7KXSlboa*ql8rPKU~bw6I~PTM{FaEe=F z2%kG<+~sF_tL_E14%-FMZ^qDihXi-0aNVz&l={HZ6=2I>)0w?;>)n-tfB3}x>&w`D z$~As+r?@#zXK=|9)g4pMr+TpQq!TM{_no8;Sb6x+%&AkI9axVR)ogf) z6cv2e1ACKt@RzJ>XFPk|x=VhzPSdaH-6@$B8*>g+-8Te(8GwkQQv#`h+7SNZjpStE`0`|K~yJ)^25&H|9K-2Obc>XG&5r;9S#y($5@DQnpgKH={(B4?D(#E<5y z8WJY?%y4bk_8N7zxAc6S`h32Pu*KO!6ZR}is1SxTwY@Fh7!Im41bpnZAbIpWUvnNo z{RdXODD8j{;9J6_yBx`#3(xC92g$4?*gqFu$jl@cr5l^t*SWEUVo66k59eOg^{(d` zBIC!80_(hIlYbkFKn{GkjK{Ja@%G{Otme#Jsv%XAuxr={+?IkrEHWk8Jb? z1ioANFE$SYsFUww5##X!jZ6xUD?)3~=8=@t*#rREi;2_sj^A0rh~w-~Mi2v6{wVs< z2_a&QR$x@`|8%}%trAzDgP%3-5(?LgzmEkR;lrI54F*)jCxmf+;FgIdWL#F zNq(t4ZsK%y33Vwc=-}s)#Ply&a?B=k>G{T;8{LhyWSjV^o$r&mbmM;BD*d-csrRIE z2hO@$uo;fP>j~VxPD}Fyuy~$K)872F4t6C7_{9I0>tVqFBwYjR+czloe^N*PxBa#+ z!OFqd(eeK=Q~yV}N> zMZ$DuR50tS@X4=x0o@i6$=eG5SEBhX3kET1sToVf;n?e>^V0U_2FCaA!`pYi4G1JN z0b#L4ewYmYQKpCXbh^xIQ6K%QbZbzM^`HaJeq8@w{3ewC>>AD_Fj)bFc1sUz_a;kC ztXEyl-8rpYz+uOSr#{M)(k|dqt0l{*W3HVp@+_`vw-s1R-;4j!ShAEns$-W|fAwgXbFF}DL5q}e~bmw6sIiI zQ?4q8cI4GRUOSuWW#Cg5kWR!ziCJv3fjVUBrj5 zb`l-rS{t-WO3Jvo5L(NB-z{gW-msy`GEM~(ga2Sesl&PufD#6u^GrW`nM zt=7-_HX61bu^3j6PDlN$IEmwMD0+~?XxOhu+KlqCRbgR>MwfM;V~p5^C6Vqyy7A-e zg6uK9xB5)m2<-s38MF!eljlYtLT#iIpu`&877E&+efZ7u6oaKh^KekG)gtqqE zXoxvP>>;g0Nbv@>)1Pxts`3_bgi7DjS?P&ORdGGHi|FjC+%Nm}5iKgZx~aU@ z`EUB|(8Hfy21vUGdK#LJCd&4C2b7ItJ}5FQXN(E#hQ@F0+9h*PnCy@XdvXl+qn&y! zErg~54@%blH6}3$T_IDB8Ry11mqyh%otyhcwjBjQy=NXuL^x%CQCir?!^EpktBtkzdl}n&v?Volp1ulwS;CO z843I25PjQa^w$#LVmuvEe!Rb0h{gE~p^xCcZWsn{6Zu43n#3KLocrVX&j0HtP77(S zPte$ihQu_ME6wB|1kxPQv?pGxs>A_Uk8Pnt8tIG}>HNZIXs4de+m!TJ3=uQ#r~DHJ zG_lp`Y zH8ZV*=Ggk9oNXR2hTOue#CB~dWB4K)36LyrWcl<0}{=B&&9IMAy;tCBw!hNcvG;tO+ge?Cy(Tw zHYv#`gPCO?u(yA?!E7P^sV;K;vl~pr&B@s2 zUsX}U#>Lj~-y0<2`Zh*i{;>a=V3jr$kOjWVfR!3j%G+NuB7j6&6*__hf&fXevY$%u zzCaGyL>#r1i$W)Ki0s`Q-z*?nnfLj-Pm=Kr(szln2CuZWvmD+nZ;y`uV*dsse-eeA z&%zAN4$L|a$+n-_wVL%%;y_aAnW@)nbEz4JkturGHxbnk>*v9O4Hi5`kk#5%l1Np0 zm}xXT57~5$Y%XzaJ9iY<_77V z%y+|uLa8UM5t9zT3%SbwqzgW>n{kQ6hWq0kvTbx8F(H?({PPXwk;=6?2(lRx#z1_u z&L1&~(MjirJg$}R)}O0_3Fw$#?hTW(saChy9;NrVYbL=sLo~1RvPosf6JBdBsLKLZARPpQay% zd@9SZk`VnJYfiQC`HiE2^BAK9t2VRC+c)vN=r=|atUJFESF4rkWmXdOkT9xlGi1Bn z@6-HbEmaGFF|rg%&Cex&buco_dufIC^n+d=LZPbtv2)BPp?00E_)Kpk#A{UL3)VXs z35A{JlOHy?whzE;cY{WY@Cc%V3pbfxlAAVTi8mK2?(X~QM5a{w`^UgZDrPeCDq_8~ zVpRD;X+Ch$QF_@<35A$L2yf&wTfMXN+F8C(R(P`;{-oawW*A~wCVPYuKTek2f=2n> zGze;k!miQJWM1CI+c3PD8d;i3d--egTSNTe&2p9JwO|c%&n+6-q%Uk>$D&xPw6%~q zv5sej<^;Gq%-uxI0a8+-?$lXgZNG>E$@THhn}SO9Q!uF)B9Ka8)#uICApbVVzX}Bi zhbU`U67D_i{Hry%t!mlJ`0}!F|Kpws$3Gtd>94jx-_%&x+|=07Ny6s;mCKy{-$+X6 zVt)h*0wsj+phHclM7cgFeCrYTOrZD?+4gRFf@&LPnNA5xd%Anj^qhq^9~7gV<{J4l zyUz(*n_q#HjyKzfD>t@Z&`SYPLGZzbD-`DL0&I~QOmKYWLE2Pn$x06siH*aWO7v&w z#y;(vXytMbj+s4=c5Fg0%0HYey-gitfrM53f^36&{+`ZF7iTH`m}pCvVt*TJlAS8^ z5O(w1T)^VGm^G>C z48H{;g`j95i$v)Ln4A_PT?|WL=%;bP?=(0n7p4JFtvqN_*x+Dv?xZ#n?7C^SFNFEc zz8MKKkO6!8={;IZH$+B13T~3yY?Vi(L6OspFbK${k4qLSIl25ap==B@GFtHC1TCz{ zX>9CO`f=^&ciM&@^GCHYUGsrqlwrjEc{+^r=37UWR5xal?UbOcFrK+41QpjshSi1y zhB_2<^dvQC&Olgg(q!)^m(*k1)ZWct!=opK$`A}ECDR^F}ahR&&2KF)sFAj+mQ$uiMkPIyB1nI+I zT`zQq+v1)IqhGz%3C|cu7*Wg%SlV(kEV@V3AU}FN`BOb6{VjylAg>2@n!!e}aDRK> z65_r`o|7d**o6H_e5WWJ)3Af+oy*>TD$5BbnB<-IO|UChMK6Ph3Bs@?p5SWn@_`cR5<^iaNN~7aLewmGjjWXoskLe{~J9_`~T^TIMUiV*nSb-oXm|K zvlXRd*Xa?uAE-p_zK4fYXk6th!>dDBELtm&<~zy$A`z;~SgpBYp6I<{$M;*T2z3yE zeAw=a)n`qYHsQ}T%_*c;^Gnv7f#@;d@GibL(kwx2X+Q*R)PhQTJ9GK|7=~5UheyY< zm~iYsS#>-*G9OuS@>9iP2rHNcuP6-H7sYgs(+{~8EFd5gPaI3bW`=nfwn^dB581xH zVAqDL(hu50-c`e+Y$V|q*l%you}VN&+o#P;~{d%=QAX&%!F8u zzqoxb5m%ayA!#cckRH-IarxloR=b$D7xJ* z&}$FyPVx?S!u)Ixs^v(Z`uvKzlze9`%7MoI;9ID0F_VXlfMnXpcmV z+%S)3++5SzV1#n?+2?3SF&+d4DSQahY%WnOvar<{2z_O7C1q?}_ejBi3>KUqWyeMC z-tEO*iod4rB6#V7>t@?LLr4%)*N(n!-N~iNPVOEIPTxmtM5^l1LTAzCnKdaAVpn2u zCD;TwcR|AGd(C(R%W*KvAQD#!FkOGNF>}&lO9Y(Kkx+a@8s!G5$Grzy%9aXJ!V0S% zB>ua2M?hi`@_c=mhX2Sb=J{VfOj{!%TW1?5AzM3lSsPUcb0=c~2M2w3DRW1s|8y|b zs*<+Iswf|1tS!i~*bpvmBs6=N8<6(y$zp;)aR_!2xr`x76bfY11ejGOeQr^sIhABU z#Hy2GMFCK`n6^WI4oFk3Q4YwY?YQ_XU-xk};l_LiAwjCRJK-sd}=kzQIF2mx)CZmqFUtS%FF&Nl+-G zMtu+oWK4-RN}Skwm@z_wm&u^Fp`)0#+yr|7qKOEKBPuOwWtMiYOrO>`36-?B%H-Y^ z-Mm1J*=ck$sh-{<$+?m@L3~a-WtQz_00T_qGE;aL7paBRJEBlDKkt}kY8G6vowXop zLOf4V&`F}Xgj+X?iwa~7V2It~sG~p$OV%hz8D)c63tjvzIj9ns(W5TW(O6$V(3J7Q zjhfQGEl6!WV%{8khS zl(b-D>kaw_IEhv5Zh7yOG$y#6T)?FoZaQ5#5h$#+Y4E&0rr6I_isXjKn3y>HWP2&4 zjSw#ZWhp`qLPG?hpHptpToqw-nHAA;R=8-Ip2Md}QHY4jW^LMBh+?g{3%7aSEw0Z7N10j*MhT6t>%lvLjg$ z%Gh~uxzsloo9}kQ^-x2NNIo&6Mu!6ZMA=a^olb6^!Tiu%ET3gsTYpw#`SkGlP!jEx zpz>I~vyuvRW020$$;`yWE-j_Ft4=3X3UbRCJ>*quYqhEP&{mp~iZzYC1{k)YNIMT)kn=}i_Oi=F$u9s7Q zso`FsbA4oHhwh=7VGvA9KoyNARfd%&7%Q=|OXx>d+L6&XZ0__=Yzox(GCLNwJ{)|q z?K9bImBuz^s*SNMNN{1TO!=;#$tI9g3jS_A>MkWXki^s3hhOUu!zMoxGH}9`HAT>e zSjW%}M)?+P&S?7-m4 zB6`^G;#aD8;PyRTo0KZr}e=!5TK)WI?vR>vYNXZ;)e_;zy z&9;{MO4Nmzs5jK7PrUjpkWmea!}qP-ZN}YdJ`i<1;94@1@XB=+Lo>*)01{oINVSeW z2g=Kf3^zSphdOW!+o`rJoTh*|>iag@7n=yRDQUz9IL6-EO|u(MDW~eaXQj{F3#rFX zIn*nf06<(g(TV5}vMeM-sm%(`x#YHNmL;0_uqoj*m+W05W2m?1xsZu}F}-qrCmU(rMC>AT@HpL_X2mx3llDld6@bh9sr)`>2gJ8ztA88QnTOa_$lQHhHpalWxhMp4W&i9eA5Pe`yB# zZxCUgiCx$Kpuf*N#(CdLx@?774eP!X$a>6?TLK8rDuWO}JY^(qJz~NW{({q^SpRW^HJ40I|W5<63@c(mtM5~(XX(^+A*rd2icu1PB^A9TIStgKW zlg%cP71O6rk}SxWlrY&M3Hjf0x=WO#Pey)u+XDzR1lEL6j8R333c?DIfXNY^1#Oz> zTK2jhFFPL7-fZdA3#<4qJ#Rgp)9rt9Jg>7eS3W%NQT!}#Z?KZ`H~E8wNx4Bz@SEV& zx1*AApG4ttniN65&(t`vYOm7BZO^XiMgx?v%i`6*DC^e7qCKi5s8~!q6~#omC`}Cp z#ym=)&Z5{j(;Y&tyr@rbH~@Oj``?)`VUtPJBqyv#lj{Dt+9kXV0D#ss+p;EduNI87ccZh39cq(b&Q9Fx7U{< zRw5awRIVOkRIAO&g6kCeQKKQ(SI z=yf*Zg7zf&Jq>Y1{U{-95`;@VMDn|yfFq%nN`J)Lr&$#eQn5Oc>-b8kcc{-w)_~sN zH`wEIAks?ZJj7Je2rLp?M=?XEvJetmXD6E`KRAiPHRFN(jvhP08H1;KE2*ebkI-;8 zR-$;L3LYfP?VmQ`5osLA@!X}Vpu(z-M1~KaO5thT#mi{1WJ3W1i|LW4(0!Bnt;j(n zF{K2L0+XcRR*B7mg5d(d`Ua`Z!Uj?_$z*UE(t_7_VLP0#{lQz=m;%c}Yb-EmM zr{X?sva>dGBiFM|c&Bqveq1jd8f)sF&Zg^9wJXz7>l_(tW!ibN zz9Zu&peiiPA(1PANL-e;1iX5?fk^OsLQW*;kBZjvVQI-&t)kZc9qx!tQVe(_#9(;I zZZNUXRa!;@nqu-q%Rie{W}xFK4(HeArZqYyc!};vcmZ~MK`b_J*;eBKm?CJy#c}j1 zEB}&)a{YSKa6J|`DEzO8ts(N;D1OZ|rD8XC%u%cs$7_YbitHkodAX&{FSMzS!K#Qm zb@rMpkULUV9%%Nm#R{9=7#e8K#U!OqXKuF1H%e(5YjoQ2yTZo7Cr0rV6F90a#r|$e z${UJ)I>&}}dCFs~a> z%jm#L&Dh=~2WfX3dF*aH+gv8G>wgc&&(2DJKM!VFUuw#{OeKeMDt=T?9G~o~1*PSD zqb%5<+LJm`aG{@KP@T@cR&gmPTsUI?!b6x!|6U7bFlFx@2;5oOg?}#eXL}KSMb>T^ zem=V-G~HYVAMY*-P^s8GJPm%l-Nah>+ELS?;>xOjz#fQU;$>NDKXhiCiAPo#@cNuD zu>ujP__P3OZZ3K8^ zf>a~CuNI~3k{9l4OgU$)nDwYVXiTY^ZRfc+9+OScWVD+1C^&W=XJ@#Y_oz6g9{U~Z zOnI`1G2bj$S>VljbsuB1>{M|Sy9+yNIEpqFa+JCQ9}uU$=7Z7?xEZnLJ(3SA%)Z(W zY|Orj53S5Q)h`>*F$NwO77A1>8VZGbM;XNL1CU?Qt7ou z>SFYXg?BS`>YeJfh3s*H@d?Ed4k4I?F%DrSz}V`q&e$Ob4%1K4kK4uR z2k0jd&e(TmA8Pm8OFRax!_2eNMp9#yBMwY;_+lb@ z&?%B_!(8f-YZVy3whwuuuY%rAFBp{$9J0hnyPz)0`c@7U00+*i;v!v;Q$f{cd4kr$ zazG4+e4LuVf9td{{%Jb>y}PC{r%D#Fgq*fnj@=>msCHa9lUP z0&ZdB4~oCC&m=Af=71+t%JYZYIa^P3nZ8)nS?OTpJOhaRx6}UE@=IC8@?QU++eL_< zfkkRDKJ{Qf46vIw>T^|CDLCzZtObhJ7WJ^W;qv(jq+HwyS-2-T5()2nfrRgNz0c%30RqgbBqVVGzRu{5A}a<6+V#qnMDzXDzJj*HtvD zmw|QrITgxtEkb@O)z;O`ncCHAS2~??ofgmqk9;@Xmx(?tKKk3K_j~p5E72 ze`UX!DWQIE+g;wB+Y6S>H;SxZDwD<-`@QbSYRyo{0jev+jXA?Y*;ZMx0=6p_AL18d za9X&y;gIgupqGNHR~WF$6OKNMWj29z&^vR&PxxHKbPF|SWOaFh%tp4EMg!E-c!1>O}HC=nOsi;j8)nU5&cU5f3iqlrhF&Rhde zJgT9rXXPsCt<_BJ$qXMO3ewce4z}2njmJh>GgEjY8^4uGJY8H`RHOQ9Chb%f;zgpo z-({sUIFv^zP2SBgZted%(@nOAA zJ2rO94LRb}s1wv5sS_O8%*qqJI+v;l6}Y&oVsX%u=VUBTnXEXM2ovvDq0G|a&qwf@ zCiJ4!B5-3@9mQ&*bZa~l&ia_9QfiG3j&tB$woofQ0I9;aO4%!zRnLuYwsdn?8o8sy zNVk-4jH{C$4Q>l-W-_Q}Ai&FN5qPAXv!{ePM|3{O<4!Wa-nD%=$fs2AQZ>l>}J4@!wni4Y&EbhD983R0qGLgH%APvb>&2qPrS7ddN@ zbt`dn2&FuZ+hTi8aQj9N6RG2J?BUYbAV=YAV(Pn+QQ~_#JpxlxSL2(S$Q3ag*M4RA zXicMXIkY$7-0;;Wgv)7O$D zXENaw*eSNo$Rszrj6Hp(;2j}oC<(4gfz+p0AYrndy|bsRqce0VZejd|jX4uw_bqp5 z3d?5hj&gH+0G?|#3n;!bq&QY}w5h_BSnRk^F#;yvy&Su7I^SZwVU*8{+iBP7$AYGr zB~GCP%kPkQBx6EH|rHl^+Y%b%?-sQ2=7fzfqXDW`B z#UqcOguUlZ8nbxG5B_JY;LFZ#?EWhuA>3iit^+7YfBv7tauDYS9-dKVCgMB*l5r@Q(LGsSC{fp9sNV%;F7|_1rZG1X5t7Cy_60gN;I)_T_Iy~ z%$WuI6C)0=AX&yrZ|mX`l&vA22C9l}@99iPS5g2bZEhO-?@)<57AP~6XsXa35U#Y0 zi?WxxvO2sw2Nvz$esZ}td3K)(pi7Pd*n%>KqFdZN=YKhymMO5<93W?X-@vf$g)Ob#uuQ8TF1ZyPyoP$xJ zWt?!D$fw=OBcPrPg>w251HvgJ63r*&DY*}P_nzjKBNCe8q&1`PqS7;?uZK<_vgjoB z#`DCd`&4p~r8(Zp$;B>>tK_+tg+y$$t*1$v{n4n6IWUG4v_mdC0K}d`)2}QGP>n>$ z_h{N$cfMB|$VECLFSY62nar&m{YkRFz+h%MV!1E@GO<$8Y}N;W*_88X;VEPLv-EOe zPZxhRld+T{1&$HRBGvTv7$s`1;nIj7K-EO%VXmP-3#fdiOJVNz~Q=&w3BaM$ly&2=xuSiF# z3lQHqq8C?|0eBlvDMkq!d0Vv^8Pkq?ToL?=MXLuNod5=7Dnr6QX6T2#M7-`-#H7Bt zwx#!Dk?39d-Ey(^y94k9=nV3_hx5ZNvF7m^dhU3QE(K*HnWJ~{8Q-%gBt1l_)g@bH`;AQUlIGy()MHX_ znW)MXEbW6+LqU>lYj53Wp;Ba$EWAE8firZc({y)K8@NxLE4K-N$D&hIUk6 z4&UR0a&=qwVHgXy-i7RV;@CmXI_-D049C{Y6?pvqy$Qb53-plMg;UW9?2t^|Uqo2` zN3Cx(JGQji%*1}M+GOG<65e^HJ!;CngpYg1foXl#k$J!F%U{?gjbaNTFf93S-9{z6 z={AsFLQd{BjMlwYoOaTuXI!15#sH1p6LI_D)LZZvEfoo&#a8PsgYSZmpX^1SrG$Tl z7WvHbd&GUQld&qQdq>uZ?QnyMpvD(7)sA?g>V5?CF-@=BqL(5UctO?+t?w;2@Ipa8)$XpKzmj{kwNmV*Qy*Ex?+#*y%rvrQE=vc(Gg z)Lz2JF8S*oY=&0Vw&pc%pLD-$sw2G#C}#(9aUt(4%v87@Ic(>JmvK*B;NQjp;~v7D zCI{FAv*!HxRJ7F^^&Bd^APxrcCpsf0vPf1u6yXK14G*a)Va|yc-!$$Cy z9~^K7lYu8JPFOW6sH^!hLo5|wE9IQqs@Qhj!9i2YpAgUoH&wlvE)}=%G2B_`1AH9w z&z+kCy|Ux6E7sSC?`+i9)Cy0}=pWMDG^3g9lg(R?rfe}`s2EbX??2EpZD{ z{$3&ULY{BKvknLrLv$HRg@nppfYM^(CT78gZ!VugaEmb{dq0q+;1yceK6Gm+S#eo3 z$w}SaP{IXqa2qhp<&JDQW7hIRb# z5Sa9$;nr5LKoigte{4gSMXL0M~8Fpr8aUMMkf6NScAuv4*o!NH6(@9-`QekQc539%>ca7 zJO2Kbb53k6PQ}BN`MLa57%*`1N(hlZe+AfeDvC47e>)He#rj1jR58f5KKOUOp2o zXJipdE_~M(JjWi`l z%}7+-20}}sb|9z>BT6VJLLNYtw;LdYF`y?-FI8sd+G*?Jofqp}cH;Ibcg110v5?cV z8u|h1ZTT75Y%5E z^DZp$igIB+Jui(&Y@}tEGs-OpiMrO85FWe!tDwcZKu%XxU%*=D!<>dZhj)ey$Gpb;gPX3B{N z=vP3fmRUh?4kPz!6pf74lL2;1YCJLvqX$61p$S`EIjEyP!}54LK!x1Jtsc3PWD!;Q zRWT%GmJtc3KE7W^aGVi(l2pd=MB$$y8>N`5z!i*7P^}KB9EQiK%sVo7l6T?oplMDA)n4sW=8zwoq z^sitW$mu&L&hm0fwgJH#BlUA0v|~a1g9zDjOg0(FY9B~!pg2L^2rLaTr&DBE(7uQ; zbGBmcMRqz1nifVJ!PP_Dful~ASki1)#-zoML?oBg<-rOS^>W8|aGpaKaW#0!)%t+w zyezQqS}0(|NG>&cdiS!Ca9T)csj4}GN`YY6Z2*`Nm7D=;SQ5 zDF|e1;|2#*=m-EwS6aZd3_|k7ae+hA)7t=E%5BGO%3*~ybSf4)6s8kVvh7bt;~a&P zk~U7BG=J@?9c&$=zGkD`srj3D0F{OE#7cCPS?NmyE56JHGSa3zPrO33RfvRZ$_;_` z1iD@-A4(M~8WiJ+orfTDW?atvw2A3Rvy>ERIg$}6u4>|-g($j%&8)uEnN+2=`qT0# zCF}5#l0JP4edUwcmO3#{PEWZswI#G=ZyCmIbb|j{SLEi$CH*N-P{=(CXJS}Gm&W+I zR9+}rmt2~o`FF(2XDlsZaAc>g%}4U<8dP>?e0u_DKI*wuoZEd$P|H$V!+@(1b8;1K zje)#`rm>j)NEAEYp@p2#a8iBR8p%ngffyC6U}aeUy&MaIsw#InS1iw*6D#t{tCM^j z>=A5}YMKFGtPb{!JEZjf?a>=4kahD=-xe91R}78aAl^0$fnVPrV!P+G894ZXD<691Tzyu& z^|-31zUMp*@^As`BjMHv)2Y~Zjo>*E)xYdUlsmNnbA;Pv8BDZvO9PXbK*Tp{$4WEs zf-n`))k*M-;w~$&TKVe@dO$#gR|z48!l8};NAVCDG+!*<6M7&L`1U9GP$tp%HmFV? z-&XuhUeX4;{nK`YQ0F_`;Ar*VZ!rqz1NPg!16}}je}PB6pn23s10?UXV;>C?its5I2OA@^8>x1$mds8!-{5MMV zZU$QNIX*48cZ1K+6oYgYwy92pn|IB;SjN#2C4`N5vg{9Zrn4*wR8(knpZM*%H+v8&M! zu*;l~;FI&7hXL}f&wtiAh|yUkzgA&TR)R#wnVdSS7eF{o1X zO~s+hC?s)*a!O4?#%)&~#Z~eQlQi)xuB?qEnzWrVEm&$UE_04l1JKla7d7%I+W-dd z5Sh##GV3>`$y-AWzHV2JTk6sz+g%i^!CJ2J#zAPSRwbgTDj8Gga5vh^caa?-*p5>6 zdz@5^8dhXV@qB3k@(%WzvbG4DkQm2rn6$~lvwq0}lJLzCLIQL(_GW-ryX^eVa z!2#EMLSVrjedYC-9O*(f8*SeyzLsfzRm?MLK}NtJJI zeGKLM`8fSl(p8uSC0DNjhUaR8Fy_V+j=gNGR$r@ln5eP0X@tfokrPY6VdNgVh*H04 z4FrM^vwj*V3y>{`A+P2x!Y))w!_#@~g}N1(nS>o@6Xw;1GJ%oDmF!pU!NX7dJG2D} z+~XxN{cVa+3_7=>p^WHCBOm9D`sh=iY`kWgNSkay5ybW-0l`FGt_u=#r_5#KT#)h83j z#Jfg&>A1*62fehJ<0zonm^|l$&LXf+A29-rL7sj>|GO!*yQA)cNjqt@eJEZA#Gx*B z_9LsmeoD{v{Mcy}EWY1gDdC^F^R-9-c;W~c-mknYN`XGwozc@AG5NmlbsxAZy+#raR>`^sn41HS`&mf2d$soNOIUDf+@BaW~1;S6s{!LJ+u=hj5R)XsZIrL1XlBlS4-H%05s%FNc!&W$+l@c1x))G`@)wM?FlCaX*VI#|JmL z*iJ6HXLwCbo)2nueSg?tdlEkHsv^kE1*rJfXkXQ%&6uYk>aMLXF~#s-G?}MQNBQw_ zcFn~QtfK^dRW8(1yTOT=^hi2$&=3qxrjUYi(X=7E2YCp6C%~z~Tr{44nKtvjhQP$- z>D^?a6}REZL(7prAN4wD_vvNrLy542iFvi!GANNLgEeqh2Nf~ABJFFxSap8G4$+pv zO>tPWjbzq4fz@(@L%Z=Oh-Kx4ggWb7*<_o z;=Nmm6H_>Aql&r}_vRoafB_X>Pb;stf1^tWU><^}d#|EUXYbf@bSjI}uySc*W*ptI z<_MYyvX^*}WQ_^MTSaBpp0zU{Nhn2_Z-CVby6yn8G3(Hfh*L9+KxQX4ti5TtgE#Sz zO#Oza%{@htkId*GBf5>=<`E;zCeZJty@0M(u~+`0HVlHc#<}1iGejK}Ck#}ehI|x3 zmmyY3L}oM+3E@U*^NESjfHO6j-X;?>9dB})No2968cobe%ARw;)|gBBvoz?}Xy~wS zSgz{Li9{Z=m@_e?elRFONncBnyeQWA!Q-uaZVoI&eIoh;&60ocM6ob6Hf6{p)ECoK zX#6`(e%M?xGo+Z~i0Dt`+zJR!=ceACTZLyvBfGuV&%-K+%~;lst=q1w;aPV3pOY&& zHU1B`KZ9rx3IfivAh@4niDbZNlUgQ*qj+sQgjCq5*^Ie$QT2NU4s!>RcfLb-jdwEq zn|y2nQhch}9ba_xJIHV- z6lczTs2?;&NbZV&k46o`dj|CS3F$tQ*EJw=7uqV}biz>ZWkXd9zn#4&uWzMh$d-ce z9*9KC3~UpDG)$uZ;1l0vtF|Z{LB{04a6I!B)cs<{_{L7>Ol)>}23dm3f$$OSrh2@W zK29P$!EG>jj-Lp4Neag%?p!U0eb(4feTa3$V{J`2o~B5&3U(|#oVCQ2&;KR(^xx&A zwDz6}EuPz9u=m?Nb(F$!;B)q)|D!1OTo!=o&gkU#TOLrZ_gfAJ&ob^W_#0YLd3IA* zs*7&Ho)Ggpm^EH$yTXc}Sg7@>jV4*8_1+4+dh4s$b=>QxFx^QzmsC5L%ZG@~d}3x* z>RVobY|Ihws2u3TltZiAl-xDz(Ros4u~wjiD~0PHmLsUNYm}=G*nhpjQHrnw3BGDi z$v@Vf|7Bh8-v*q2r%L~)Z~BjBm#nO<`1K0+(P_{pq%N4dU5YRhcmPFQ*B}kk;9bNb z!ioaD8f~Di!)kD9G{5Wd9jKgs4AJCNtXss~pyFDbSO$qU1nVW5qT=x zc0-V@y+v&8g!rlmGJnJEl>*BnB(}!^;E2-?ImEa#&7WR-;w_lf>;(nVgYr1YVQbS4 zg1QUQs7(4*bfhqz&P&s&jFarYUlRd%7Soz2Ki3uB#Dyisn?_l(_``HUq8QFlz2qcU z94}{Q!)g7|3b10CWT9%>0R+dIw{Y9a_6kDqGLTIw0&zV(ZQ{{zKs(R9c=NWgUtZrz z?L~(@v0i6oJy_~Unyos_y_Znf5o2(E#o6Oh^=85B;tT+YunLe~&8mNR>iH-yI)aWd z)aZW;1d&d$oACr73Dcw|Pu8-6=AbMR zKfUWbM99hQ@|}}`0hh1wq&b518QAd~Z2=mb)xQx0+yH_E{n{Xf&4&S+%SF$-xI^_> zY&stv8wYfw;($%O2wuNnz96ng*m2FNTmzVH{I(?kpP&5GnV}K=?E}g&&BaiYBFhC4 zh->MOHA9<_n0@w;ZN%P3(QsElugf=L#eraC;sgD=#N1Pcy%WB6tSibzjeaH>sge`U zl>_Q}x+$V%=K(JvDdlCsSMW$-Z-4Yv0T+;qMJB)=b9bB2(bmrv-LLIk335DFX*`GW zYylX%cYtV0fUBUz>JU90qc43-bmj3=7~>`wX@2?}9`AKD6VFc6&*#SJ)`(iU>81V6 zH&rC;R&PlS?qDeCL6>Mm*HBqHKGY{PxMQCsHahD_im$KJmG6{wS$5;KGW>)4oPT(p zVV=jLH51u&jy(hJHC_8Wk3IWuztP$GcD?HMi+sT8{U?KFYWI7yTh^ zW6X7;q^E4DX|8?^S}LpST(w-qO*caFq#^F{2~!FN4YI5}<3p!5Rz8|nrF1V=e2{NG z3({HcP=lGkdO4b6<{4P8y> z4Q;KhZEfg(emO+Z|JST3^w+=srSqPka;}OZhUo>)fW3od5K1vOV~tG;bp$-`1!isu znggeY-LLw}N)uOAvpl?$bnYC@b2eL-|zl}~)gECWCk|C-mveXVje=7j7~!xs}>Yf~i**6+FJ zfMEucF`CgH{YT((oCC6?@h)4hFeyI`SHRZ)sg=;B=|3FmbRLFA7ZgYw}?pqr@=u2d_lvcqICaWgKf+imK!H zjpe&G8uj1V%JRNx#B4Gz7%tw@kRxhAg=u!UT1n`d!ECZ#<2mfXcO$(vC-aU7selRV zP+1k)0hGXR$e<~h!f~X~{1h-OGT0&YSagp>hZOtAlbd`?QK!K-(TtC|wbotc;U#i* zI*6i2+nZV&6_fkZecVtkcQrO!e%9&hprW)A^F31h5l$d==XPE#)IHgYl69Xp?PiF} z6?~iO6MIV5FT-8fP0^$1z^W8V^1%8&+~+&MJnUy8719J$aVWQ;5g;RJ_QPiOJ_dUK zXZ!pTa`(Ekk1_Sk_68Y(R(m9SkP|Vp7B{1sO+{a{%}Jh$ZbV~q7rne%}K;%$nV+Ne?y3H2kt z(sF4PV`{s;no^ncBS3EH3!AaQunP}B5w0Anp12VZdrG8C&7=&QlBW1a9;|Jd4^|BM zi7SBW0;{QrJBTTjyQb&C1|5c2T_=uBGSQTF$>YG`_Xmq@=as zReNsuBZcnkRKovlK+1|1xOXmRziAku&Odj_9Q*F52bNAkN$E(Q_ZNMN$ab_-|fbOQ52 zifG967P@6xTn-h_NaaaV?4kqeg=+wSN|!{57F^DWgKA{A#?)pJXK$oIJ+=mJ1riiK zx0TsXHZ7t;$vzI}^(a`m*(Rj(eEXmS775+y@z?1mTD%z@Hj~-T%PSDCo~O>g zlFK7(=*Z)j-1oQt|C7t#V)F^g)^fA*n7kNlBcd^(ZAZ$&87&z390GHM!%U(iCD_Y} zB0CTci`tE`GpP;4SC#R?;w+3_4`P5UXQ??~GV7U*#>4c(boZ zpcySyTXG)mlw0c|uxO}p3%&ZqT_?yubQCIubZRBBkr7qJU28jup9WcHhz z>ny#BWNkbIbUOaVni7A)gP8CLg??pp^k>IzK)#BpI>5pJ)l%Pe7`l?98sPv6k3wZ7 z9%0ke7n!C@$yN=56VBmrC*w`jb65DSV2XxU3%&Ka$r_sspLVy6#wry8=ZBhS0*Hii z^_^%h?r{xvFeas6I|n1gTN@;vW8qpaj|^6?3X16F>(35JUeTo3trx3WZ2cE&xtSKO z)AePGEN+D{hof8Nf&0(+Lw)tzsI)HY&lSr@xD!QE-i@~nVk``CV1F=(T-(C8NQ)k4 ze9tsVDsGfOBAz32e4f;6b`;MtWAPol!_C8to-lryfXmG`0E7H>t(Wl}z`nO4Nb^0v z!@%JZRmn8@Ju?J7C|1wra(BngfI`w=-W;+GY_QS;^())pq?F9 zWMQ-`7BjVKQR{H8AyZeRF^c%Pq)A|*yEov!(9PSR1mgO|BQyF>1jqmCbN;`&I+_3O zI}|Pda#Q5}axNH!hS>p87A{|@2(gT|C4e$#!BS)BzI%1zwh6K_b;5_cDrHfSe%nI0 z5(8XXr7fW{=*MMnJK~#8G&_2KK0m{B!MMW3%Qwi|%Zo(l3z5f6@?YB#yj>mT;h${F zQ}a(6ops9HP1}TtnN&y&({ zH<|n%k*J_q(^IE*P(nHg8H#LYG;Z&W^zz3e@9*(-@1WY&yBUW7Oom6W^onJgPP|r-$kQ9>FLd1=LghVuxvOvdTf2n+ z{u#j4?LV}$|0vA<-a}QhR7O1nc!4M4s*CkU42i(z34jdsBlbfV3jjln*ANhZ*RR++ z|Bf*Znt-QJP0O#BiQAaDL!V8qdocLbn3~%i=_3?<92+^{WbH^ZSyh>;bKe&q6)AS!lN-b})DpDovwMN_oMFp2wxKPIz-;jUsWMObfZk>k zqd=v9i=2xFqg|Sfb9z+SSYAoYW0%i6x3GzSV(wm-_ob{A+UTROIz>b%wU`Ur3H&Gg z9-3_n2ucJ{kStmu&~s9k-LA#F5MllcCij=TKtk}Js>aI0;T&S^ZJ)@FiH3(rF92)! z{g$9IKmp1^WZ{%#PL=-3Ck;^_jI^_J7lwi*G7u|K z>AUidqNhu?7` zIlgSmm6zU+OM5UiRQRVq6%ZZ*h9_@_7!*8E1<0Gtl}_~&5a*z2!_&_(9akcQK$}9v z37F{X7f~o&mSd1wngj~c!kHL^JnpY4ejLfoG)DRzV#qXrD$JOCv6JLVOlsOleKhn&~wsV3O*ICzF_)$z7W8o{x(> z0@Z=Bj+bfhrlrix=#P+(B%M^-CQgX?M7|71qmj*N`H!BBd7>P?u#w!v6^+_a6|-F(~%Joo&rUXLt@2(DS#rg=Y0XRwiQ52COoW^QbxL9HnOG+H6kt9^#rWcYSL&YNkEf zJvUxK_mLt9GL0;vNO~%s^iw zZGdeEu92$Xz6Yj>)d&_dva7r1kD@~EL|)qMf;m?d-^}U3dUXtq zRInK4V0^8$*;0%&v&GzLuUSTon``O^fFs@RNtJOa<8IT5ii@yzaH7S43MKv`>6tVY zFQ(d0LZo|=i|IZ%DC~3vp^Qh*HThxrgyX5frg;A~+a=4{J@ls0vik~u)tmyk0bENh z4w)7t;QJFVW-Jw4ca5JkKbP$86y}}g^jERev<3Hed7;+zsS7oFZ(Hmq=ZVtlsnYN! zGXkkRm^jG$v(VKB!;eiu+~w71M0-NE;B1z>w+cPv%A&6aoBixn6&4!F!|!?Y53bDi zg;F?798}5puWc>rR@bhxBs3yW%gG<};1_#9u*b|OS6H7EML zr51vq2{>i5>T{lOR`6tp-$lY9E+dCJQ!*Q@ZR4ACq0gSxex~bb@CoX)-AcoGRCv{N z4bh#|vImA^Ul>i~C3E#E$62Dwf!y+B<()8@9hf#Z`0*SF0Do>s6wJEYx&-h_G_ zUTbM9=or>^&dFt`?xQ{_V^sVQj$L}zK7)PiP=<$})VnjTb3}JEqw%nJHR}mrXd(<%t`lkuEqwchu2zU&k1oHN?8^@m%?TyR7!`vMSJ>(*P#`NBzimR#z|HTLs<^v7$?_+`iqAMMC1Wn&vP{leH*$}<&e7F!p`Am+O! z#ek6{?EVuNFU&G>W1ylT;^jm$0D`q(6*y)wwmxQ(XS}{4qk>jX+wNHAZF1NT}i)+`57f%h` z9lMd8KLT=Pv}(htC3}*Elabt zB0>tguY#%$+fdYC&Pq-izLC64dSIj>io3+gz0+C-?^qJMS!<0cws4)aKyYfS^gF2& zoRpJtj)va480E4};h?l80gtL=!FRDYi}5AQT&Q}klPcw{RHRu-#G~r7jWWZPUeTU0 zC@bsWNg@S;hU>1k=ZFXx@j%1@2RLe{GGSr8{<3&$_#&usOA^M()S&q)_B6+EE8h+{ zTCZ2v>Wz&v{{)8g_=I&Eqd0Rq>bmKO(w-eG+(m0OWAxi{HbYn3bmPRvN@2qoULx-_xyM& z%IfM!8k@Okf0IAMm_cK7)KZI&Md=EWBX}?0Gs8?9(PMeVMG1Qx* zQJmsXfUV(Ru++-h?6dseQMhb+#(@`Od_fY=lZW|;4Ih?N$q+uR8?2+TPO&P+8r%Nj zrc?{u{Gv>lF!ja-H9#(iP&9_B4J|rR$1otY>MqCPE7)bTLMzTR4gEbZo_`KJiX}+_ zWsvqAZMJS)W|pnc9Fn(5yVn`Fy~$9v+a3eTACql$co>uERVsxWQ#gGunm+&3lgl|L zi_$s`VA+FX7hcDS4{WZ_7++@U0?ne66Ww&Ju#L%(f#}?e(W7Ix?S<>IZL^RwQ;Omc zRJYO^?ciP#-!(s8&PNw$DW$GX#l(jb-ThYA6^ML9L)A7DGkNqxb3qyvVdQ`}r4wO> z6Yn6zh0OFOFzBErrIE}P*sW*Yn`ruefZPB}M|7zrRxlAC>Bk`qjF_HL$ZSCxGWREN z0EE;c{WWuxX~?3=DSW#l#fp}YqRLX7<`?Rip$1qor{ofDPBQM>2pj0l0tp&$gG(d~K~~V(O*|{Go%#|+sY22_T&7N{2>9mj~n1v0II%tP_guQ=TGvr zxMW<=uG=G-#ZfnlsYGG!n(;ls|9dYC@VZ*Sq+k(OqCl@DxO57&@#fk@cR(YZ&Mzg# zx|!{Po!u@E&08NtLy~fB`72>EZ!&5X35l(_s>OwXe62QNliKu*FYjnU0d%uYu5^fy zBWd0pJ0+rXZFZ`31;+z;c@x>0G$6}0*<@bI6eL!#FJj@z{+#NlgF~csxZ8Lh*YB*L zE0{OM-b$n1xB4!)TC#lcN1;N9WOu7GM&wB2*>DVK&nr;v0vn4xn_$g_oa<`jap#-> zCP>mg1k@sR!|G5v;tV`-PBJ;=PSW!>oG|os#$2KiArBVQRD}`I+j*+sN7n~zS>rf` z)izrm9xM%9_WvlI* z2|oI^pu58_$4%U1;$Ftm13PO%>8OCQKKP0{6OoO_9RjKYGfKkM!0|7QtnzW@N2y`5 zyxgewaso&}oVtpr53tb3O=>%I}ah2O5rdSR~u4p<-DS+?}-`nVvcTIQ( zbz54&byc{ZjAsk#=GY~U9SSO&_i-!?K7u<7?s*b36xbv@35_?wL9ZnWPRZ0ZW=X|# zdlz}%CwIX}wf!*ceNX+~UconCt`&XICU?`~UlMDcjJ;f6f0iQ+Hj(u`QyR;>hp9WG zmrm{&j$=%HOBa&5O(E+zIfW{4IO+EU?o#OK3`b1t8U=0N`Z%d|Ujkd^U%yLGOz z%R@DwAaHZNcuU)W)W#Ii9WcN>6^;ulfU`O^xa@V-`;F$T8&pj0rtSmhf(#Mli4LIy zdF>qb5!CaYO(%yA=A0ws5>Z$%7Q%xH;VB-%6*Wqsmm0JZAa-qmceU?vc*3!NY?qU@ z<4QVm%Ktqq5D%_WTU5CB(SPZV&+ioc;PvfF_Go%fcdmT+b5g6%hRH_H)KT}eK(@28 zmPZTkA*=7ceETL+J)0DnAUdYY?X3B?K*%%iYg7_SnKufDA$rArs1OuZLZ3zQ(Uv2K zC@QE-{ErCZk?Y?tNmJpwX$h?~!z`yPUf*Z);}lX4MzU`93gVa*`R~@s#g>DLMZOD> z^3GRjKEt$4!gQWqVZUjGsZ{hDyO*fw>=$VsaQ&M3sr(F>B}(ml=828{9@AAy@tBdQ z3`me}nFHMXR1Ku=&53JbS465f3qD4A$C;@njUheM%le++VWSHDFv^Zn{YQMhV8TMz zRHlhcOGchpWji%e-8z3Eu5x@7zcMBpuX68kRB6gUVADL{miJ@U-xh6U$am6hGA|V9 zrty{M1S}`Y93meO4ogZ4%owP;CRPH)^uX|gGX#XAM|1w2V?af28;I%D%a>1pcd+U#z;jsv9 zmv!Yvi|=aox$Dcim;apcgR~N{**#x!(~ib*qn$jE51JZw{VJyt_8 z&5{E^1#1Io2c&ER z3eSkgXc#`D-|x=_FO#MR$jB)mB0Q8O(yMGYZ6lu4)+BE~K49$;dK zsQrKl&zO$C!4Ue_8xa+!mxI`Bnrl_X4NvATl+vPvKLp%!yP2H#&?EQhmOEA;?3P9c zthLE?`!cXMw}xmO8M|2wT|9KNA}%(P<4NZPB%dm-3NNutH$|>$=Uao5O*`x-uP!IA zk0-BDPqhxxTl7!ZA3j5$|8O~NN5yM-|9b9VM*ojxrJ>h$B4r$Bx1I^t_+yV zte+(sDV>$NT>*Je*eg!yg!;m?-i}|`ntbWePByxH!&v$$kJ!XAJe6Pw;ETiVfM1*H ztDd$oA>Myskw;w_I%>#F#z-kmoRbTUjl1A@%y*DSEsoj~Zjn66Sv`;9=KJDImsA~jjkXT0T%0w=N?yrI(trOP>@DYz`92pS1JI8V22q6V*5o$ET%|jI(m9+6lmRrinpb# zr;T$cZ2+D4U{C^)U6&n`^eLH!5 z2Yu_m0~R|f+sl9`Qt4Jed-b#^Y?wUE~Et+)c620I^+b7aJmK_QrYN8{xqUTYZ%*MudO(NQa$8C_|N!ojInB@U9v)U~j5l zjF800nfmO!9MD6o$h|_-xQ8?dh_ege%%T0n9t1wc@RU=ELvq(o>&>9&*L-iz&5f=r zul^BOJMXJTfng~U<#~_cYLs#qeEo(mK40ABZ8CLTL0zxdJk%(kvy_>ZOkPc6ch$)W z6P{34cqBZ`LDu0vo!NZ|1`7U+eE`AQ71bpWSW9E-$LOGic}^Ry54lSj0wsOZGBS<& znb{FQFs6s@XfB#O2#n6(OCI$^w&UyD- z7P{p@eBbf^oNz#Rn1LcgjNZC=ao65PTwd7P0O9D$~k_SasYFFA@ zDa*i%NWj&e9EE(kR7PyqgV!xf5Wi&#Nf7Y9BO3OwOmZ6Je{lYe?+!sttf5ksV z%D4jP!Qek^XMyJ{828X4QRH-n)ix2&EPS$vUR!%Q1%4x!Iuy$5zk{kQoR+~5^Yl|? z(kfyv?LAUQHgMp+{U)&5<#c8eDb~lJN7u_B%=Rsl!>z>L{|5kG$K0>N|62e^|9=C( z*H}Qp$=E^P$@cH@K)I6UUk`d8g|yl&G>yJnVD-=jnsldVQ$+M6pay=Tuw)%FNkHh0 zt>aEoTl~)iA&_Ri^e;P6OqnTkh)X+u*Tx5DDUKbN+=pk+_phgnzcE}*h(X+Rx%4_Gg(pjVfFG-hOL zzanL@}WU-A^ z!JO}LeldwLg5fUD#OR*}Zu6rl0;hMbQ$;2ghticoXH?IW-2$lBiBA@@v^;=<^rIp` zpS7V5bzV=C!ANxtE-MI*QWo1SkV!M0ni00)$o7^rE9$x-RYX6bg%!UHNyKIOzTY8F z1L=mg(sge*5hTdHRIBBL+o7;WCP}nG{e!;~M#30gsHeaUF8y$|Ji|_QAXGs_N3oTP z5}@1=|Dm1-$kb)ax&3}kF|XoCY9=m5(X6 zr|uDmLme7av>8`UqTd-(4RVthx%JWUBZZ<<<2K*2TMd@Qxr*%dw=#|ngglOhs0m&N zQiW{hQk0GhclbnO}FM&4@MqZZ%b*QNB854>wijrp@5et8! zMx>kplK-jNdo|t9nfa9zL;usG_J6$*dH&bu;-A^DT;0t{c^>e&zPv$W%cS2UgqLlG zD$NwqZ3dA}5K4dr3nT#%!oaL=Pf1rzYf;}cuWoHUH_*b`fW-zUK&_#9 zo?BnB;=V6q0jGg2^%I^5de>dvlz75CIOj3H8&V7q}ES4VoJV z_*pXoSJbT)$&yxgwT%^77K$TL)Np!^3CL2xz8yxk3AIVZH5(dqH)O#fZx*sqWTdyX zAwFmq7x!A-O^s?rr-QGiAmiJ#YZ+AoamRRcUTK87lsk#QRD6tC1me0b@AH5pm>ck@ z9NcqT1XP}*C&_$5aC1x)0Q!vznn6kLVTm{7?)io_Mp?5>q)SRRanRs8K7_>1eww3D zwGMmO$oRSm%`m>s<4n0gd5;FoRIlN8-0uTUAK%;^8V2?R4zYf%F_dJ1nV+IPN5T0- zAua0}NSQzQK0ZRmRM|{UOPd%6;hs69`aRNVv#$cNc3{TRyQHkCkRs}1>ktpAIOO_) zX;80Ze39+0-+~M2=tsbZI@+K5&ZsGnlldF8Q7X@&8w=Pg*U%!JB()_kr1HIh$tIio zsg>-3M!+U8E4vuoqp!huR$LWZDVyZCYLxC8>d87qTOlyE4Zw8ek>Ve+ykn)nZUz<# zrVDOq6zrh{VIzhf=<+h&EJZl2+J_?wnv}bl(2}+te0I$3JA9O0++w}(;KgEx%^bPk z^?%awV-sUGJ8%il5UCZb`y`+eP~8i^NjX49k9yZ88Tpqf+M`vV+g;+onfsV2+?$gJ zj+j?x>(zfJ&~ysHk;R^n*57SwfS#vX$R>;X7G6P;U^n2OU1}-S=Ylnt25>o5)(X2v zwP)!wdtfI2^_Kt5ArD>()hapq&uk0@68oPfS*{rF)Ur@gB~cojn3lEtT%^U>bJyv> zWaVN26R@=ic~ta{lFD;a8Wpcuj|muiF@up}%g!AkrBP4`O3E6Ehq_2u--Hxn?n1Z? zXLSHLXCrA%|B;29gqXDwQi49!t=9^v5iHfxfD>s+sPS9yx_}BIh9TCc^@n}ktkIS9nxk!cW*$~ z4h|u|u_q?R)p~3iw_Nn&Nr8*ENWWS&`}qKw^3OH1n8lN26}EPftycRe-^!9Ej7LVS zT98rH-`l8RXDmU)_QX@^1&Od`&LSg7RfZu%hNWu`7zSCPuh+kS(^`=nG_T`pmJfhkMCpyLop7b0sZqK_s(Eg_3F3L@XlBq~vPQAeMv1OPxAcfNjlz}Q_oc*%PWEjCeK>!YjmFM<3=&S4ik@R`)u zb3C+_ISlzGqKVOM6IgfVeCv!$VaRw7+H)Xc_)hDk`w8Y9p&G-17tzGIPOl^eqImQ1 zVvh?)BS6YFbJi_HB1L1P2wNjwHVSZyINOb$-z*Euocfh}#u=fl#RiVi9u-JB4r zNjAP&xL5s<4TF$*=kc+$7MRDnv)H(^phu54-v~8Kww~aOp9PxZhYn&bc6J|L3rbxP zy5I#w^6YZvlD!1B{@jP;HOAx3kKbUD8$Sh47c|la@b`y z2H2h_shc}AU)unOE7s<|8DsNlFLQVfqR!xB(?KDq*cFW!p5zw|Z`&=f&r54~Im~Jj zL1E|8kv*!#4dLB2#QqI%cW1q~>4U!&grgnB)F#bE@74)kIc2CKSr;KL*Cq7)5OYC# zGiZkuq8}*{qa1n5ruLl^v;+Behu{?%g_jB);Q1;sDnu?ut^a-s1TM#2Y z*lf1)mEp$-ibz%upL9ftQdaC#%UT-Ni%f--LFa=m)M?xvr>q?nP(7u8Mau{(4}K;J z!PSV%p2}c#u)845UPP8Ye1ErGi92@r1Kl}m(zGF&loXx|&l)GD-rWMI(M;_RKj(3s zfhn&R;YM?3QAZGz!d=XZSzL(YbG?_X>=Y2wlIF_e(1ah-WcW$^x!mJz+tjmXEtcQP z>pdy(a~vb5n)fTxDD@$q9pX;W5Bv#H7ZOJte{c(52WWj=9NDc8#LoGv6JymSWm!bD zCR;oat0}cB?Aj%-zD`lCtdfC8yMrwk z2|bzPEhfvU!sUrGW1lH2G{ROJ{?J0aCZ|`#)R$IkmXSfhM5|Ks@E?Us?kUxmxs&VT zK}R|dz>le+2`PGH^S2}_^d*v_2}-`3Od!xo>JNy6q=&H5+Ar0bAH8(F%Xojpol(Lh zBL$$^z}&Mt_XrwbfX#!Z=eveweYy~B)}qp0L5`1s&QiuU-&vMGguQ~FAN9FLhI?!H}M zbuA87IHz4jA?;o({Je519FEP~WcI9iE`az1@+P?tX3u~8=u=qH@;(^uOwQ}9v63*t z_G}L^)wiO``#;0WzX-hlFAL;vJDXK>U{Y}(BBD@=VCx)VVLpFoqId+_A;_Dq)mS=GOk^?% zq))U7$cd-y%MZY(&o39v{O|S*DSKxZypLz^OM8Qrm7Cvq#47Lz{aJ;b=CTuWHt(Uq zHxCaY8OD08dz~I1v<4}_6Rq3ORvQ>VMt^Qh*SQ4e9QZ^S zIMoqNAhwF@6_0$d0LL5kGLqkY)so@ zXv0QyKvJE@^qEMsX%2ew5Cr*Vx4$AM5zDGdVFKw!nfW|%gx z>Z9{gKPB_B^mkYV1$qTuF!#h-hXFTA*{fE~z-ou?C!vL_OmbBP)7&ussfL{mp>}sG zQBiSN%T6|3=TRx7H03lXXlf*F`&nTzAL}S%V{11VdwXL*vQ$km?R3Epzd<7Oo~mN! zDt~7b)kXw{C#Ouw075LN8L(~3nQtAIDPwV>(KY@!>Y>}8zs)IRiG~0-dkA~Vo%xy* zFCs(K+#wrkm?Sjx-ns+0Nh6v(O4YoRX0(-PUbqDyNJ9NFTVS+aY)tQ|fplJL3v>(I zt3NF?M3TxMpRZ0vDIDjGp~runx2%8Hl0<{ZvDiOV^~a}a;q!!liQR>ivk!=}dFe6K z!~D*H9@mNcJK75g`nb1Q15>f3`J| z#fPv3NIPQJ)mOi#C={ir9w|JL)tgA#9R#LiQjgqhR6IOAJ5D~%@E4Y>-6bgRsKbgx zp--N1g9DcYzKpQ!Aa2YhiE0pDehh`7XX z%fJv@g~z~gX0|(g996l^4Q~G4fSGopSx&khZsB#fYq%@Z`IK!elsV)y&|>tkxpI#p zl8$_O!8EK6RXXWUdAHj92g!1y>r@6w3kQUjkAFNJw5=(c;eT!W(u4oI)5r9G+j{@= z^fCOi;Z9Io{cHTlo0f*MICa<49uEw(^Np2YLxV~s0GfoI0NQQaeAgBr@Q5(aCDPb5Jj$*#eBpB>DF7IoUn*bZS+RCvwqhZn{d3 zJK3jq>J80%W0M>&aHVCAX<3h=aXm9)Ho1Pvi6O`>aG8>;g%EYv5Q)O3Pfrt?m0(kG z)sxx2np5#;Umsb%C)bY|puL>G(!&|J&%=!_U}1E#;jX`@PK6ZOZK4C{HF#AgwTa59 zL4yMwz9~RocbdaEK)a;A8GBXeQi;M&$$&8>1xUs=o_xx2FJfY~GR^TwL=5>ieK<{0 z6u7S)f3_Fi$7$9H_&?ahr+&8@m452E{G-ZDpz>`rR6Jd~wdYH1%vxkXf7=YIRA6Tn5Zo<~cGGhE7Zk3KuJ$c$ZVx;)qBh$mTWKx=W5*c3K|X$k`fKJ5 zbhg;=?Q66%@ozWE|A+Wu{2O0Nf8h%?J+ANP4i`(^K72uZ^oqGkDKatwWkN1ACfD4aNpr;UJraAwiH8*C`n#xq#=<9#gr7WD z?0Z*4Tr?}os7+&vW(K9JMab2bZOu=wW_Oy#$&`T@NkKWD#FE*BAK2U_ph?dZR~~4? z*`Hc{AoH`;5>JcUlvpQ4f7?-A_cCNyrMdR2tVHQ$>Lw#)#w-V19CK$`{z6-%@gRmR*DFm~NkJiOy!-^2 zGi04+pbr2S16ElNd5n4Lm_^WD8=T1;@kZ6UDE!CRaWcCdR1%cbr%nDQcNE z*vR%DAIqkREi+8S#PSsq<0Ewfn!=FktH2m(K2BR=&e)El5F6%q0npJ@|9-xu3DG5E zwS+I^E!a&VDXhwPPBaKk-n*=c|9O+F|{vS4_b(4L;#9t8n@oypcKPzVcMqq}DrQ@t9D(~qKl0E7Tup)${ zAk-E_B!zX38zR)o_r9(q06ye114d(VgxzAlCUM=Y3;y&fMMk+!qBRaDjQH zwe@i=&wa9@;`8Zr@vErq3ggS4GVG~}7Oniw82)8nvDM^0TG9%9kh3e->_x+%<#mk1)o=+4=RWMR<0^}kRXY_F-u1iZ{MSsSTDm7C z!;DV_SqugX%UTUXb}XjqmG}UJKBClkVVfU%AOlUb>c$nxa9l>xm=&F$f)<1QbPs7b z6l?}KKtBcFc>kx*s$mQps%knoW5I5OONwzZOGKP}*RVxI+_cm~Ue7)pS~KzK59X zSo#b<{{Fd{1UG2AzwFaOZl{vB!{+zSas$unYwW2oN?-Ls$>j}uV_UB|=0#bil-FH@ zF(m2eEhfq;R?4ObuRXZwKqObbnkHIvSiPtC%qCm(F(kbpo90~@?>@UR2s6|vEl^pG(oliDmtmha{c6=*MJegU-w7)@TMLM zaOqN{{_(Ut#%$vglVY(HuGM@(*)km$DoqVd)q&jPg?U@dW?X}@K+DtX=!@$~EbIAW zwfXaBmv%I>2)|m4eGU4+8(G=?*XGi|2xi3N#r-$*OUg3b5>1cZ1d1b z(zT-Z#9HGOmUGt}S5So}PtaOaw(T&k8bVAz+JW*w3^ss@#8k#0Qu{y@14W2T}Z*u?agH2*g>$&}=+dbaEL zz~Q7i)MdS$@*gSm3Jt#Gb>OYfO3L@L=&UQSCG*2qkN?mr_zCS9;P_R%T>skw`G0nz z|HZUa`X|#;NdtW(5gq#JI}%zoZIp^fk+>jYu7rRg(*3Rzw-rQVs}VlvCmPxB5d1fw z4~pH496=;AySS8AcgG7(mx+n@``1CaZ}it~7*I|C@l^4gH2o0-oG@F*Rzezgm)V+k zli9~Ij@XKO9jlg}$oxys?8y)@*a3JKaw~Qt%wnr+T$|=K$1>8SApIXmkI6?OsX1cX zJR7L6e%4(UsN$29MfyaB*_*=XoPldlTh`WLpn#Uc0`fetzzRWo;s}8~IM@`-0Z5?- ze0?H2;XBDCIs{=)5$MJV1|<$^O)DudF|k^fHmfbFUNcRfs@?CRx=Ak9)#VemTU@Z3h;wo@uSvJkcku3DTl)5*_2pAG?Q1fM2CE*RH4#!rf+Y zjrR^#Alppy!K=Ee&kc#p4CB%K5W@^kBiVUba`&aCaS0Q$)8ZQHhOR%|CLwo`Sp_de&od+rbWyw~1o?c3I0@L6-t z(Z?9QkKBvqNr{F#c6>Qk+mXaimXAYFFI3Gdy3bGSbC6ukZNRbb(5htce4~>i>ZA6R z*x{6>a7cZ!D*#z$7V0eDX>1FV0z9)*N^o}!HPP{evB1c+D%iX;Au`u#7<%)pNq}o; z-{O|jzWG)EiD$`;>o;d$6+VTp1_hLY%Sc?R!pk0EO1YF!SShKtsREG;y$N^}n!}Z= zx6R8{hoL+qnIpLQMpUxX2U!7@70S`S@BcZIaGUYIAMkZ!q5hZN>;FIbh3!Ay=c@k) z-zlX?NnxZdNA>qx^CkajQ#(7GeQ0G7o6}g-?*s*uN%ME z>gIQz*=~HExfT@s1>zCXE?+cfMr=zOy!U%ng#5xlZ4q?2>`j=J377oVGfQv;$i zKUyRBVBtf4|J|{*OC%O~?>g_C2Nlt&Z;BWD{s#Y$iQPvm@`s2gR7gU6QrSayd|i1r zEFK_+P93^tROtbf6=#QSnz5o=)qgeYSlhD-b@`rfo#)K$Yf`Vt}X$xHB>oz?IHu_9dd^+kR_gRA%_A$kxXOm)?T^yt!(kTr~q>T5J zP>Bv;hS|(+;lC$L(d#QuEimeR`~36I9eS5@g1<>$$eaHUBG3MRBcGDOz<_=eKuT?- zLs&^lOOt@yXVH*XFDd)MMnCB0xK{p7{8GyV^1rv|Ir->8Y*@VA?Ps%CpD()K-)CnH zzUdn>Mxyhu6}g(sjWdz>ZtTk0u?HJo+T*2cZYAfSgv40;AaB&v2}^hp0Ud2pgfU?VKh+ zH95_4=cCg7c}lIp;dCk@CDI!M0?&f}C*SzAUaXD0oA`l@E=gcewq38uiSnQomh}tv zFAJ`Jzz#=umwmG_(L<3j0fx|ubCnIcY{K7wTS;m&R*j|@BimMZz!(a=@H=FVN~u*R zG{lZ!79zFkdd}t_#b{a8jxzW*=+RzX1P9psDfxZ;tGAIJL$zG6CAU|5FPF;VThi3l z+3zdCPc`nc>M%Ayb1(RoHxgIP+cG*hMg=Qwy*s5OKSiwDL+ErqNozmigiDDdjYX{H zsjcgWDnn`%NJSYRZ+(;=}@JBpk zN)J3i6D&5xkZ(t(3K2|lxjcS=8dYqb+ONEK-eP5sA1m?&Ai7cWYO&XF9^sCFSR>hZ zCpK`HY&m9(-vp=|Bu&N-glQMV@@{DT(d65tYGONRl`<1-@uMr6W^r?#+NP>AFzPy^ z%XH@%7 z*z-%TkYm1JH~1ffo#Q|C7h8qJAIN?worSu!eYd1#W0B!b?$GS>FGupIf!MOJxJXj) zxhdU8n)D27E#PR6oQ4HyFa1Qju`DxB8U8=NWj6iJ&i2glG&BG8`R5kxt0<-|fa8Yq zgo1EkoeJr=yaQu&E2fKa(?z+u4hzT}nsDD4BQOAHhV<)b&+wVnA+`&WeS{nKZ5)Jc zK6=i%rTP+zx#ICtYu6DZ?J^}PJR8`4g=>nqi$Kuon~bSdWOBUC+2>#U{1ycNd9sTw zzQN+h7&6;z!w@Efel9wcUy==!c0GshzDfe-z*Oj9n_=@tTS~`UVEoeLM!oB!ZYW0} zLlj4Fm!}E{(Sb*^6iyoMsBPv^?Xj6$R$hk)-J5_|TapX?a9T|$>Q@QSRd{MG-rn61 z@PzDEboiBMZMvM!N_0)D%zXVRaefXzTw(>qC(kCtP~^|hh3i6O?j|Y zXKEOe?{!I-!JTRD@ezyGWtE2QwQP!B8;XKZf6oG4B+qIZOoLlU$g~MgmpUC?Ad^zq z8obfOD*j7h%qfKKX8ec%!MRdSl<Cx(U?I)Hf&iMFVvzQ;P3j(O!YZuKR!z_(jo zVxf4Ce+q}I5u%bx;3;nA?q)N$>1+QX9M0F|`xk^H1hLS<fhFoDh$Sg*6?hOT?n|PB=nH`x_|yXJ;4;YR1D3aDo062T*r`(EFM0qLJHLpPP%pthZA+rDTWW7P6d$8^`b!KL6L~#qt z@s15(shMT24VM@s8pZClMvKiDxOBdDxWI&EIladsRx<|_SOeAS?7oGl`ovhK>cDVF zeu5toR?Y^xVIdrT@QG zbzJ|#D_i9s?ojA{R~*!MYOtBtWo6Vlo-{q7(2S@<7A&`>Jc2L4n$9Gd4!8D8=o_l2 zzoLll{f;cP{-m^{we6QM1KHfeLsQjrslEgu!5NHTQu+7pQlZ|g7 zTU&!oukEy33~JwVmf(x6yU{Xh>O_FvM5oSP5hUG%Tb3I~@9*#j#kM_z45{8R&Bu4d znlVKZE=BQ%*b!-jwQ!*kght$|3(iI*H3#rB$~;CKZKQV8i|^f`(9j=jc{u?AjtFQx z4P(sM60a*uwhiMX_Rg`(GEWTwf2_(;4Dz2xC-5#{#FSNE zuNR;s|6&&a4=w)iPgQxXW-40#z|9`kl=3nv)T&i3_FRfq7;SCW*^?IE(PP4}lcJsX z0TOi>r>_^%6U2teiJ_*8JO@A~l6W7UF%8D?s%Os#CCrTq)wxX2R%hv6lG2z@_^GVz zw@0<4^Y?^>SWqlkY&Gf$=4rbvTeeLqa=B6zgm%u}JPFR8nY^>9;*mldynsA*{8_jU z2CRgCQ(1I_#I7N;#Gd~NhHi;`AZaY#m|Mgfi8s_GWiJMx0dPCFAehZG=cnJ>MrG_U zKSkew+s!+tu?2iJW=jcsPaN>vsb_|=@C_Hw^`=K3V#AHo7!qvajo=EQxSpF8u4Q6# z=9eaaXOkBFtV-Co(U>PCH$q5GNK@@;S3?(ir#X&MA^`BHA|V^G34oET9~X+2nZ}S-2v0kLu7)>V#be^0edd? z(33T#=t5X0Fr3zt=y_veN0h1ZHh}em``13~l&L}hU7EQj^kfdxM$LnJbZgCpq|Bn2 zt??*&b>CC-oKNWJ8VZ9ku$pOTIU6@ysDa$Je$7sO+)%%HK*dqkPOXhD=-Q9vn3G&f zh5A!Oqbe@hRI9ap$1Q@?v20rl7w|A&x_y~ ztCuyDjgUmL1#Jp%yMgq+T2{tk)?qSU2=6oC8}?Jb5<`7ut>p8k~%bEZ%{b5Do!~ zQ5h-}s7a05lh(tiPbm^Ol|F08wXqX#QVR?YSdQb_>|Jh}=c^JeJciJVYfjEIIV}7k zoDU^NZB~X%uEdVLB3w@pQ1VkTT0E0%FAWoiP@Nr8;g?Av<~lB}I@FS1XfmYFzNk~9 zlw?=S0)RH3oGv7F@}?k(jxRQUS};>zkC_3Ta7xw{=141|URWIG*qIrViGErXKE{zn zWDTA$p^k|TM17*HkCd^myam*zrOE*WlQqi*!`}xt+Vb`%eSwr_Ml!bfm}a0DDs3ZA zvverYlI{y`XuJAedzmYIsZC3Sd14(p-=o%EO$y47=3oqXxC;+^MPre8KO=8(b(`6w zdeq8x9&?tgbSb7)&oFZXFoo`Bc=PEj=@UDoib8y^mMosgd>_h3@~mlxw~O?QZ}Ict zlt{~k=?lJ!(G(oi37=-CLy-BolXXn(zj1&7s4$lc@Z{k8F(}GT?1VIbo%s1=QMw@*e zePP7<$}O*Pg!qOM;iW+bD=%f3%*Mn}SnKcGGsW#${kidM-N~7E4ixAxzJ%aH8b3@& z{NZ2cm2%*wMXVg)dIdD?86mOd$uM2tmiS#uRURA%Iu5EwCXF&*9#)KAq-E`yv(vXF**B9E%00@8r#0}e6KiX5)S$1EehjaxwkZ5h(#cJsjy zi3u$g%nf)j9KTuuJrG197?myQNZ$Ne zj3#AT(2>m-U(`WO7!x9{s-o3}V2gT{*I@prj)y~9=Fng##)@T)<9!Q*bTveU<78Q= z6(O;-2%AG+wTYj5xBI&-6CWiKy7VsNr@3qwoXbTIcK%9P<_USLP!F!VP(t6xg`! zVfDHBY1l1gs)nL4zbhppcC<-7oCL=NdrtegC|#u12bk6H6vu8!yQ-xaRE`NBc9~^a zUP>aiapzG>ab~icSH@JoPs|-l3f9wIK!+^Nyh!F&xZeNxdE=(|1Hqn@;nm%E9tRIL z{&0x^2g^H*$>!!QMbt(R9&DFv8QZZ z&1ARU{+9Zs$LP}`E{zfQs-0+qSM94q7q9q02E4vrOerQwPK&0on?3x#XID6~*My1bw&_JEHnaq=FPFy4 z9aG!*Mg6duxY<`iV{^&Lv_Ne6h)Z^<@@G-3aj5uR~b~ zVM-pU>pdsb%@P>v)w1{JF|Waq;5`}ZGl5DW&o?fHx7t!1lh**6eg?cGr9!)j2$d#J zsZe0D@}cV4O>Y&6yFwRtDt$Tl6Z5CB$>4B9M>7*dCG_*s(&4Cw zXg|`Ga|`cK`@X56pT6jS*P!PsW$MRzz--oWVIJLw2hR_J;Cam^!hn}Wk0mlI!X=l? zGyog)jC!P#WRu0?=0+w4c)0l;j!^E;W5%{J<2RWQXlE(t!hrEhnTPq}mZv{{98 zTJ>=YS1s6~4z_|jt9IuUKKTPw`4_>P31GQgqdpAd+{^5WGDN`;>kuKu60b(#{+v4W;4^5g6$nGA;HU@UA76*KmtBl8W*nY_yOLMO-M6jt3V zet;fE>rHAWsUt&KOQ=UQefl4lvV#-qE8Zmwo1lqY%0o5<9j+>?z*yX27B7aQZx0&B zf^KuN$Gzh7nxfW>ZT&YCZ!Ll1;)Rt~pcjUYyN*IrNGp92JU73ZZcjzIqR7~e_h5X| zskwqCEtiCh`^k%PDl*Ps4hj6tqtx*O6Lqq5DciCNRQBm!Xo<}f_RChk_pRKZJNobh z3~R*9PppKpvXW?}TH{1dbjfc> z%yuZ!)1-i;0kB}_-fe_CqxX=@$x>CY0j_{P9tMo_37k4Ve=PW_!|nQ^?Z~Fm!as3} zzf8h9MDud&VtGDNlxHcI<1mjv2z4x8nJygf7}8^aj?N&5Dc z#G?ZOivKhHn`REIgPyj3QL8>_=O<`y(LMeyjx-!r^kbr?lv^RRp6fU3n4epk=9gSE zmJV-O3VEjA?|f#+EV%h1mI-s6LG5{MhJ=`L$M19#UdiDc(5g2)Lt#31~Fb^xN4qu20)i+J%P=HC+~oMZ|2R7VjiQpd@-U%KZQPK05i zYmFIwr9G(r{D_n{nl~zYmr&-kE4Ayaxe9G9y84oLztcDq(YOhgcg8OI?*6T`Bm5IA zs54la7&a@8B7jvAIxC_TJZk{GTlPrT*uqfkm(7D!F~03z;GKAz0?$f^?-sYj0!cwKPx%Ex8AG=G z0+ygeynO6Lqoc1Y{ERKv(Y^wu2aXp4;hj#WC7tF`(P~6PzVOB-jGTHD&FHvWs}XuH z;mq5lBX~48k1q(uAie?$i{IxM-bnAtn>@?&7)$Qd#W2cJ0J{FL!#GL2*3KI;{ z&`ui0cN)wv3;g1nNR_cma_8%UybY0gM>6hfGe9hF#2-SZV?U?{t2;+@GFf#w?kIP>9BC(oNe+YWy*?wq@L~8q=CfTs=Pwh?so|Mhml>!_>crY`oZ4C>bS!6x*Iq7f2avuXTQZOs6w!92%5C~V z5=O%iREos)s3ShLafvRCQxvHJp;Bb-xvW#l8thw$G~(1Oc!pC&ZPfKuS?JI4`}b0} ziFLu*U*juG`Mao+Rf~#s@@25hnaXqa%1lzf_=NuP*#HFctzhswDyWzwEZ$%lfPk5x zpyUWGZkSQA$2=^(B$7+jSFjs2MTiM%PzqH1(?VaEw_p0k^sFPW#=1sPe#Y?F2hzqi zoFnqa7c3+CzAyhAIy0F<+E@Qd&1)t9cLTJ%|9*g0#oo!q)I`Y1$|4Z4I+mzTO7E#u{6 zBu9~A>(7S!6_C+3*QRt}z?8$wP^^jR%IrMDU;DMoz4^X3n+f)TWm_t2UOE+Av=d`X4Djgj)wXVcpm9@$hQ(@; zpF;a0IJoYVe3FFDJ5|PxQx6tUG%drfv$FMyoh%4+?2J2`MBq$lH z`iD#)%ge?L_oduI{M(tF|3)VGum8D!$ppok@6LEj7=P3|pC*=%kIb`%5J>t@BVhKF zY({@B{D5cy8-s~Z>BIB9q#jF%U#4U(4oPWx&|6oQ24yHtVvAG0FOwQ0-o;`uEn)ra z?tMl&MY0WJp1Z!PQKz#+D9Nt(t^Hal$-2+J&vvf;*rT#f{dO^OJ`MdtJ>SCOM`7^e z=!0iBXXQzW_cH;vS&csJ~wOPrQC@#uwA%+EWNuUJ$Jmw zJFIHY&Uj+iYTY6fwjGAVf_B+LGtw26^mV|cR-m#p7PlLCprXpcnmD@#tMVFXDT{~! z`xcQTbUsmJcZP~OXwYZY%hVwx0;dghRVuSYLRuj`kHtrJy2Ry~lWMmlS;351gsV7B znDbh-H*O3*SC2N6u%b?8iw5mxWHUzV5S!~IH>Bq4vLg5tu!ANh(Je8=V@yS!!a>qn zK;;=250CX>b=!r-;K!{IZOd|=OmVHD7UE492STj>h65I&4j2+K2>6j_qKL_g>571A zsMXWB7Fc{4@MgFel4j=?dn@G@k^813xRul_*P*RQY7U-Gok18=b6P4LN)xdQ%tS{L z>s9XY=+4@lCnnO>8Sw>wKM=?8#eHM`A+0*lNR>OSOqn>#JcUD*NIHdr#6O91g=C1# zS>C2Kh-?=>r~I8%h`$0$BKn|2P48fTNQ3PH!$;Lg7n520ir~uH%uSU}2~%=1tnN`=YBfMGoU7oL2=zdvCl`9( zC5Dbw@7xvvj8*m4R&(iQrf0O1JM7iTQ}Nfl`D~{EQmiZmqY0nY7>KK;wkT~h$>}q| zW8Hu!H{W=1P6rR0s$X@vCiU5RoLS>Ih0d%JQ3Gjyw`*FeQ-wI8 z98VA(h+s<95jGA@dfi^^U@@HtKzd%dwOpF3uUKg*?6s`)Vq;JwI6l)eAe8un*64uQ z&KoVA3LqU~up+kzJfgSa)GLKFM0<_taO%*}?nsR5%xTauY= z%oN<25P9pG49`-#jX}TXVOT8x-m)ScPrfmrDHzoInHc1t5vNfk_=C}9@%dt5uvzEq zMzoVL2Gmm3ZiSC}EjFb1^|8cW zdgmO{Rek=>*ywF|gG%VsOvUiszvML2A|<7+NBxo!+_C!04j_A-QsdHbbHD79Qo_+IQL!_) z<+;w0>j@;Veu1WJ0*CsJ`-+y3m-C12_JDkt??OGAk%fF-a6E;W7DnuN%}{Bq=~3$^y`DT9rc%RGlRDHvfX-xz5#uygZ66bmX^1IzJk_%hl3auKVZ zHof|m8uEog0xLCX6Nit|Y)ZjX2Ex}g z4J<9edM8QJFOcb9fv@@4M>a(3T0}YyoGtehSR>d(JI{43hy_Stbx;RBoP@`v-pmp2 z4)AE0e}qUaPORUUA$j@|SN3#Z`s==z@Z39F0vFO-g1|7~@m zD@om$aBF1oXuooKIpKDaX zj{PscU8k#u1GUJZWba&K#(l?JQ>=8cT6uin@~4fo`VKDCTS1z%_+VAnw;)+4O`1D% zJL`R2n`NcmSdR=VTWyV0R%fo32Nzxp(u_Lwr(>xEgNR6HdL5X3c7LwYT*ojPu8KK$ z;s{mAwEM?@lNY-8f9-^tqEzSBTmunzBg@{FpBT|n>}FGjY>G!=09yxwetl=v`8^E3 z7Ls$_k0$4qfBeC&@NX&15OGi9CV%8ca2d!I3EG;~zE8O0GhUPs&_g*2lj4{WpkQ>T zacVuy+L{neUDzs4>X_tbWgJkn%aF4FeQ^K=7K~~XQe#YEm)Dv7V8yESTTb47^mjN@ zM<@0SNLEShY`x{542FBpR>LRc9*bbmw_v;qnADbcf_1k$DU$VaSzDNsp)52zozcL` zLCQzJu*H_HRg3@|ks!Hi)8L{xmKMi#VHt&agHFs@W`KIO#!j1%mafmdrqm`I^EO+3 zLimai0<)jO?(y@2S@pGY6= zVHsuG7R|&5v5tFO!yfrG`OWD0Jy5KR-A`O**D%VgM;fOcSo%4=U|ef z5}ptPEko#ff}AoKk%?*ulE)}IHK5uAOA9N!vP7l|S}CsTg>P_G50N)g ze!R5L{?!HFRkdv`(G5rU(DnnC@Si!VFe9^j7Y0_x3~P|w&c5wTcirQ{&IqUlk7dVO zH_7D<3){s5fd2cyTjdEzd&?C_`?4>sLMM`hLH9^IZuc*p;_Va77LIX9f^LxV< z^j*65XaugtS^>F$YqLAhnz?0;=UN~?T47#%l|Z@gK(F;&PbS-atHzxn_hjq(rr=;p zh{~Zqa_r`P1MFJ8RMhGL8>yoTp+SaU-<0nZGh>w(=x6B@(a8D|WXy1``dfNAgP(oB z*=@N&z2%(2p?0e=Wvc<|i1*60rn|wa%UYw)`-$}?r+T20tI_$Tki7>Ws5PD}Nfdu< zW=)x4u-p5O=X2Z6aOXbkw{PeFcH^4;zbRQAoGk6k{~7c0FTcSr-?4u^qLbC-G|)7# z{p@71p$ml-!3BkcL{O!gTWIstk#ESrWsn(~*T+qu3k@mdDFMIoC$Cmr)j0I#5SAFd z)}#4L|CSLdY@EzQ!NfTr>X}@1UvECQ&-!l1jvM^_c*FCz_P`N?en$^h6P+WSyOs4W zFP6zrlbt=z#p$4%V=>b%@z(ok;A4@GQ4Q+2L4&9<5o3vwif=pYVahuj#@@-NTb?r6 za)7wgG>N3!s2V{EaD%7-d~y*x)FBEeEzn|sn2x(Oh$3T0nV;D^*9;L7Ok6l%+lqzt z&Do8vXmG-Pp9Uy}lZG-vgsI|-xAx)il(=)1RFa<+dM82fOizf`n;c*BKAoNWpX7Uh zCFhHIb`oNAbJ5oITC}xWtvR^tDhYDh4f7KjJvK#;OT|rgwNu|kSEE@um(yfJ9k9G?=5<(yxZ4 z@~YkPq9&I+UvSQWK0?D{K4+t16?e?(vmfqYhT&NfXTLk-3kCo z)LZggl9M6~FgBSOnVnA8Lu&XZdtrUqZbsjcS)8XxBQ20Z&fWIJ)hnwKW^|4`AD5Np z7y-jz%!W@faSX1OoS)G^?xL)b5_D0;Re3n+L9vxG#RjWYZ8N^KY5BIWt&}tfN1ZL& zPs~16PH~|+4I^Au*8D0;;+EnV{ZMu4puc72;Q9!p!?r!cQmNZ`qrpSV*=Z!Qq96Ch z#2cIZnsKSAF=hbGEdU(JOm=ciUE?m4wf0D+X^5qzCK;1$H0it#+bva&r7i9?_i^GO ze7QhH=|(lrK5Ry7BfFteJ-;QIF_}THsF8%}VxVKH}D){*HIGTWLfd2=W}eUaCt)F___rTB3bcOA7{?!lIvlMmX{ zq;>QTAN|QM8Q}z6Iatt$4w&kQRz$QsDRMVh&Su!Q;7(U+{(Z? zv=9&72AQ`Cz%|!|G5*=}D=wx_Mx%~}*{rvy#K8F}b_99bJ`o*_ll_ar!`$VuWD(~b z;=HK6XvWGBeOH7|R!HOdsaal0cU(D4`$i;^9A43{q+5a^><)(j7}qZov!@Z>w0m*E zV0TZcT};HE3B091*I2)2V7lQ?b0E7!gwuyTSF9sn-m^%Lr|6_{0lm{>Fo-t*15zHA zGfe&M`u-3WEkE0ye&ibWs0rr@TA>ZVqVF&(CVhH+P6}pVRiTEq3Io0zME}GLI~12t zI`{P5G86;9^bHmg-7HU$=?R1uVJp9Po@FMj%Y1(*@WW9Pr?jgm@s;%m1FsB7c{S3I z+4dJr!!NMO!(P2bRdG>9XL0o<1yq8lQ#kW{y5jFYbGu6U&3f(sF*EVyqw)V(%KqO= z9Gw5JPjm-E7Yh|*Lp!_wJkz_i;XLp)T>o5ONjJvM*EHQt;PCp9JK9L4G{+={dmK?a zqHmz25NXB`;Ni0BM;Aw{^G;rkeTRjK80@TuBaaSf8x9T+lM#V-T9$_g4=0d@1Ap^R zk&v0hdn3067~k%suPs?MryK?EEAV=s%zVuXooxQia+bJDoz3M#*cC@X8UU*W%?02t z!qT%lgE{h7Qb9#~IQ`A>SimRbV7*15OOA0bee@Bi)CuyH;!k9D0&T8TPET5**tNA= zI}S7WNwCs-(%7zQ_ESNgh~p`}J^!gFopoKs%==4tV0Tu3H#=L+(-{|%wq?FMmSnVa zm|=0k@yy(|J`98=E&8FR6jt}+kkPmHD-t;!1S-V8VRXv22qd5~)0-;iNo&EyT*iJl zP+st?RK%QM4EIusCY|-cPr&|q+13XSUgmm*!56MHdQ+Rdp@uZ40Br+(3eBQUuc^=}GlvSSK}Z+T9vaRuB#=%`H$)6{52k!u zbsP1j^fXZ(98_-lYGggud-HV$8Phl-&i2?KKGW!-|c?JaUDT+U=M zCP}J9g@sB1Y73=WXzO2|q8X?(tRl6_uk3?b=l)4%@b;)>wNns+>Tu!9#2s_h`|4GO z>$vvV^S@;aG%;Klct16%`aaJ4D>14x<|7fl)S!*)hz18<2~{pZOEXEn$(%%B`x5=Z zabDkkBzYw-hN2S9iH%Th;Fky8C`Z7IMjSP0 zMP|$$$>(VmsfSJ!ybrgRM@k}=t+s^TFujqFJi&nA*}{9X%j_x6hMiTC}g zevemO$p<47kmlvs@rcx-WC4=%zO+v=k*a&3oNuPZ+-3XGFTN=l6Y53tA(7!Od(*U6 zBmAHNY?1XFd>U%EyMYL04T%%l&b5Gd6N=lj&rj6HPugujE4M6zC!=0NBs{A*fE%bH ztiN5pujj!z*%e>!1oc+rj*vLPS4#aE*3k1gU&JyA1^Y)c&r$hEuSxt2W{+vRa^JV1 z?;XY}Gl!7Gl(5J}jfw6y4nVd*At;kpT*~5Ez7Iw#K&`f@JnVJgA6S?;RXua`0M;M_ zam&=@=M%1zMc?ukOy5qVej6@AEHkU+snvJ*P)I9&t8^xZmky$ZwU*>{7!+Ii0v_Ys zdPkN(4Ne8Ns*;?e_fjGo*ly1#a&t`W(gkp=R)OGwJec_t$C;Rvo{kwAOOw18&K4Qc4qlgE}*M zWUNyTcY%})pQ!PX0Tp{aU7z2U&X*r9*E=jVcHVNPg?vy9ly9m4tX#b1xja%wH{)_e zBgf^hC_|~Ysjxky_gA&x>Z*eH>ugdRbrU2VzD>rEFxnLCK`*pDCA;SfYzou$6-v7i zr5hI~PoiEbIK~HKH+E#LYCGA-vP~n2|9Zrx8ynfCb?s0Q z=n9Q5Nz!h~Fw3mC7O0lBAsarU0}@wO$ULlJ<%QzOpPafM(0L6f*cS{tuQPnlCArd4 zsF30DB))G<=$kieg--FJA1=T_9nQXHtg+3=8gIHXyMIh3(Q0n8F(Yj-rN6i+0IDsy z*)OS{sRC=9UbiC|a=B9~n#ux;COI~FoERz-lnDTCo` z;f}{2om8~ORM>r_Jo%XEow|zzr(Kj5udGGHyk%JOo=xpQPDI+S;KSujDIVfww%b!dIsscet*mzJ*{NOrdZDat?@lA~be%wqE}n6O zeVU@#n6dRF`cdb~+^qE@>8BPQ+20A*ky>t%LXCn%nRN-)r`@dU$E-!mj-cM@wY7P`IJ?0ZPdzs`(Bh-#uQ3Et-9Ui0b)rMFC zUVlg4QSU+DyHda+9rkMbS$RC}dd4i@UP|9|=0Adqs(PXZT+WAg`2i9MeS%h~eY#ri zaZh;vIxQaH`XsVeG$Q{B>OFeixji_T+PQzT{Q&Dy_Px~Fo`&ptte*VZBfrTWxFE>5 z25%CbrqS&=06(U(iUcd>x@pCz`$3E{2MWQ|CgG5c&&-l5!i2JD)x1kHMB^m~Lf5rg zLxX`fCdZs~++k{)4?|+F7u$l+;i(SSo z?$D~%HU^OjU@i(bMK`YTZfw%3@s1sfKi8L)MuO`iLU2k-CL892&224|vR*VY9>c0z zA=`O0mXoLppAW}y=o=iSi%h{j=ft?dL?R1dkCK<_^VRoR-nZC2BnkK}k#FgzF_29c zdLJY5Xyn4jFeT}s79LEgZ zfeyXOu%voW_u(hXvM~m1zd%IxUZ!HI+I%)et=l*+kS4AZ9fC>I~!o*Te@YLf0g2ZJ=fmUcKMMA{`rJ|IEf!l0zm zL}3-#5)3M640^TK<)|B*7g!dU42wzoQW3}id!^`Lduz@d&X?~6oy_??UrQ*pEjiV3 zN@VasrkGj~0DTj-3p}Yr=gZ%fhxm*caMmm#_Gsh^Lu7sy)8&^xOs#Ouiq8%}b1`hW z98iNrbY_adTr`+k+}nQyu>`JoG_#e=m|(P>5N=py+dfj7zlpgxEL_>!WROy;qNH>y ziSD937W4yMa*mS9Pd?IBJkqjH70`Od8OEN|euI8RFAbF(ro=)Wjxi7cO1QGeYH1pT z#s1pBkH!%1M+vZm#!`SX_ihxL@ecf&(UFU1pzBLnazmwOtTJYAKpf8*7N)4Y0LJjx zOK@SvED;QX%0-80kdxZj#DfYjM5+ZW0Tt7l@7@a!z(jRu6|K{=h^xUozGvJBSa`&h zMug3You1!-B>W9(BS1=ACmImKAKbWsE*182H~w=m2dQ$f%9&zmzMAgX_d}N4O0SUC-Bua? zzC-om;gGvpo@4jikmq<;*#fcuc#*Oh>Ktl`zr$zy)Xn(k{-X{^)Kt^X%kJ!ryGzsT7C4y51y|yh_fw8@ zj`NK3Ot_~vtz4p-$*vMO@Zw3X)=5-ZZ6w(jtgH)aq6MqSMMmh}ZOBJ@|J?3dv+l9X#1B^9uuAqbAHHhQkZV+_z z8mxLWIMd_v%nwe7xFO3sOap3kS&?vY)VZ0?00*EQ5vFLBCuGYN*X;f1574??$`E^; z1VJ=IaX)hDS!v>Ao89E?soNx7Bk5NpL&1Tg8mNZ}KMX2N*-?$-fCRwfk4xLFc^Qds zU~TjuHB6I~KlG#w%84QlXnQa%QW3^*QW)p5rE^P)A{k^ygu^_gfJAX5+r{c!RhpkH=(r=js|Dtvu>1JtD|pnEr%5^ zy?+OIO|#m_^fLtfp&ZGu_Y_zATNb-VSwb%ITMiHlx!_l0o6d6pvuQp3r__pn%Q9fB zOOLcQJ7FKAx1*T%992IiS8s6&VVe2S-I#S>?GW1BDVO)2m5B_qeo>CE6TqBtyn*C*(IaVHkQJ=*>tONm7=u~;hgyco-jg= zyQ~))o-+X9JiWV+^X9yp4xP^F9+B@iF`FsmAZDmoLdK03i}&g9iGobWZk_B|QiQaB%@TbBJCz-M3#V zGxA&5L0vDxd_cnwp)RmPcK z#H#C?EfJ($7KU14fMM1!^nA_TcaRH}-B>LjIPeAj5sZKb0(ji)y6-Wr>-xPXeaQ^R--GT#PWZm(5e@p@A0f^#nwb$AFc2E%Ftx?xCf4%9Z%31n zhG2~lov+)^qwePa3xi$Bn+HFCM1{zD&%8vPn89-b~D4bF0u zrB?}qeTY|T5P3*z#oD(%CmCg|>=%E1_fNU%O3k3`ULECvjnDd>= zmih=FD-QEObTTSZ;b=!Go238}^NgNYs`X-G5tT zzGfZ&%C>a=j}p_U>20X;FO>?k&}dGM1!22Yq1kh>X>@-onr(5E-=&IpF&D zG~9Sxkm3pMB9&B?V-CY`+066Zrtk_Pt_>N^Oz-Z^jki*uv%PDV-|<0FAcxs|y`a;j zr_V8O_mz9so$v9%DQ9%%w;I_Sa7D-%NVO2mL)b|AqeXKntD-g$Ojls7adg1#m&3SE ztExw3yN381;X4i}4^2)s$<`lJ)KXwLWuh==5yRxJQy9-zf zv4dOX658Z&ZWwv3?ApDslv7O^8V8Ir_Jxy_pV|z(IVbRn)Q$wn-E;<>CVmq1+$MSU;RzA{XuK zkSaOxhsO#)Q~YzH#o16$CgmyPk^;2I0q7WnWhP;YEHV<%^`!;NE?-v6-VS4Oqq=Qt zy~KKDW}8t(Ir~U1fw?*AgWMgYLO`Fkt3DH?et>5!YK2NZT;a zGy@7@JLH?&RY&S}|OWHjp0 zhuNz0Z0DgiB(B8f>ftab=8Rt^90ukki-KxKHSVeEa!oV=kx^0b>H9pQ5J_q*TSEP~ zbBYIL-BwfeY2|~;n}#bI9FzzdiZ~y+lJRJR?)PHu-Fjr7Z-IgIqlT`T2H>!z%o zun8xf+k}S2tvsq*7h%__+n$C3=livnm{sJ}@#@|1(*q;3YUiX_&7}~8FU)uthS6cC z_FiOMkKck=Q<&T2S0?7x%@bl;!l*=AXI zp(8vudAtV55GBs-UW{^GBBCoL$NX|l#VAZJk>_!E`i!~AAA5@!7u^GKIi4NSS#auj z@D2d7qxG3JA|ySgqh7R9Vd<$JT-)Xg*W&By_WA`m6fB}E=y`VQHG2Js_{-21d^TJ{ zebT9&NrsQw_{&C=oZGeO?pzqlrGl)VXO@qOAh$~Jlw(_v#K1)^79WB&t<9;(JGcb^K2c-9N7zwFw^FF%Q#p_I}{rvEuD#w zn2bwH@wLsVnNs562sm3Bpy z8ufYyUXO@}T6hkW)}oM3pKA=aj#plcVo4tVtc1iceXG`TrQZMP5VF}KG3>W79%(!` zsO$*QcwcSQ2;7F!1}8N`%RDnuksln^1Zi5{)+Qp=E%~<4c33X%?h^{BKZT>H%Q8u_LpGF+ zm|CTV*&`CyxonVk4x;=Faul(CE3)@2F#!$Bhne?KlNy`Q)G7Z*!5xg6&_hjY(}E_k z_brLapNS;nwd`>+ICqMmBf01d0UL+#=?8rjgMG?7!d>?;*paY`?CoQpXb(P( zHBH~1{E!aH@Cv+&6a)V8(BK`vKK6+ze9}z_aXgBOyAF%|4LEF4k;D|)GjdHxGD7KZ z;vB=Xme=T`xIn7RcXl)h3xU@}*BYgy3%s57fz_pJIt7F~*}mxJ)k-PWbSW_{skF{a$NK2jd8vUv9%i@nQRJI4z?{V?Gtox?g9RWnPYV>RJDDlicVF1BboiD5usR2D5Grda` z1W}_+4OWKco}=@CjBF1?sxduf(ubsEXvcY|5ic8h+5@`K5;s)c!}6!xmuo%6?u9Hj?|u6G z;;KI2E#QRaF=JPG;#I9k{yDm9<@fA3$An@cGH6oStw3|ZqjNEILAa-WL6wW)R$p7X zGnH3J$!z(~o|nMZfWQ!`3u)Pdw?ahB-;eACA73N{74aU#qve5P^4UDM0QM~qW{8;h zpDa@u-$}b9H$w_f|3DwQ$}Ta9^y?#T!j4s+nX zQAc^vxCS3z?NAbsst70=WUy9xD=R1s#sN1ndtchIsW`O4fp7&}U7n4RsR_uv#|IQc zrlei4s1c~f!ICuo8&bBFs^++oGjH z^zsN#mRpJVexaoMl`tx(H*P~o@cY+?B%OM>+VsGQPFPoWM?(H zbj9CG7->(tuQM9Tu{e-ju)6_HW+AI@8O9cVzmN495+QXA>_cveFM|_x+n7p4Z}?7~ zs=9Ya?}**9LwR?7~w6^C7NGEjPx8i2^2sa*{JZ}w31LBAN#Ch<=+>XCl z!P*(_c`D4tpCZ+&REi-K>_OUey`tbf1pVuH4n)eje#Gmwi#3#)4?D~XvQFfQy=g6# z&TO91IW*I3HAxy zE~$;%*wE-i!m$++_R2VNgF+v6@-orx_oZ8+_ve?M-ImGCFv#5ol%tX%v?n87lM5e{ zC6H$vn2DwFG9;(#^rc-)HWJPyD z{?Td)AWVAxn%3;ToJH-!>)SdX4f5X|BphNBbwNaUw|c0Ejfw1KAo##!pW4j1`Hi$A z@Cp5pTp>1&T1=WoFEoUFq7L?mfY6WEfwn~{n7!?aneQ8HG)v@g#|43jTZ10^k?4Bo z(1xXVD>LI-74}{Jg@B1r!zL9cM%_ZBv*v507~RKED;-$yXkFilX(=vqQlfaqA#}en z_uNUiKmfn-uf)9aVZdIh^mBK->^s4a9gPj!zmlchJLJ*tP}Mu^9Sjy!9>2g7a$o8H zwZTu!TA&a48hbDNAMD%z>FC?j*~RRui(vmHVsh~m`ZoplzaSDSHa1`QME-b*W-X2Q zr6%pl2XyvT>tqt>IBlvy38Km%NdaiT72Be8>hx6>UYH{T>INFWYpCb^0p4^&8?+#X z^Nm#2r>xeeiOlTouFr4Rp!y)#rt}AR2h9C7DCIMEG4DC!ojd#fm;;^qbe&xovCDWA zX-|)8J_CsaKq&2jx{h8Z-s}9jd+!XRF2@rjAI4j=6ZS?_mWos`b9{gytL9LBKN6Pa zX7I0Zj4Cdwya7cX1fO+*1Ap_BRe>Yv3SQO(Js_bOh^Ap{=D2l9Snv$X6W^x#E+g2#-8FjA*4IV4Hm#grsMaAE0i z6P6RNV+c46N8o|?hkkmwyC1JKc?6iC^^0`M1J=Z8l_XXc2ZIkjd$6!d;M}sWm?+$j zMHb~GU44assL$jkZm~Fet1zFzz`Gbnh@Sn5RCaxl|U>Qi*nQ^q|E&x*P8 zR!?L|$7T7RjYKrfOAXyuSw+ZZs|;eC9eyQ}LbhIa$C&evgG|(gfevrQr91kZo3f73Q zh?P_-Dz%ZtXwq=>*9_^_)RQN%)H&KuFToE@rcYx|Vy?j&yBzK_vi$yp{4L4aO2roz z4p5sSX7#qXbk6p??5uyA?zaB~cR*Lzw-jmjM?`y@8J&3>&~9d_I!t7Nqg803$Ks*H zpGHxEzsNTUVi=e)BLW%=$_7UgCa|av)@gVS`8{%(ydBnEnU(c9vc5zqUf&w;Xm}8D z6xr=Q6NpsgA;5pMW*T~;aOqnK_qnH^#I9V3{pE@lxX0zP+(Sm>tcjSxeoSuBtPs*C zup6>%ieyhW&By}sCkf}3i! zeq_Y8?@e;8mkb4OK5GD<;W~Usu5a2>B4k6r8xfm^P?6^%hlK@Pkcy4fRgkHY3T7oN zQtIuY>NngBC~~|@ouvK3IH`|`;#g2?wSFbK4U^&}`YkgiLQ}=($3i8n-i=^APYiG| zFyYzN##TEg=bCWv{)jiqK~LCVo>d6)o*lqsQIi;7!l8t*li6?{pqUgl@+67eM`gfm zG2Wwz_Eu+TEgEnzP;!Y*g2+x^Ej}`WuVD%tA0sRyDeyYr!=~!mbtO z^DEchg8U4ICV(i~%ExYx!o0K+PXR#JJf@azZq{X=KC*}Fg;=)W9wM%j^hGvVLY$0rTK;3Eg5n;%1w}6 zouuJWL*|;)9Bi)x?1ja9sffZiUL@AvZ;eUFw$AUb9}Da$*+o1EGOM1{LXTP-%4W_O z=`4mA>8`#6)rLMQXION|u;r2RCTEu+u5X{u^G=!LwrYP}x)|dnpGIB$2|dYi^^r|$ zT*v(g*d4y}W3PFsAdTUkkxspvi>X@nBnanbc%bz4wtwz|7Bf^kYSDa%FjAn*8mNU_ z{;t(TMh-Nk%-OGev(X)nYI9kt3nHA6`_Sp6@iGDTTE7ivK$39k>Q=Ap=>EjPOXi^I z7<`19%!^_dnb53CcL&c7&F%XQ9CIP5$@qaXdG3vKP4>w=a%&NOI}d;Ouu|s9u-gZryjCJgui=-zWCN{&0^I$AxQW6a z1WlR`Sn=@AKL72}g<$f-C82K8d+#*e_>&>*4f65W5d?@0u!VE)01H^Y(%$655E0Vn zRg9hddtUJ!YET8*Yte%xa0ZKUws?zz2$>M-5(`772UMuPMV5@z$a2jy?bOFQTy;|8 z7c{2L0R$oba9p7gG`isYCHo!yYbx)*7a@)@{K;N zh>Ro%5YC$Y@4^y^HzDYz8SRVs&nRtv%qzN{T+`lRW+ zrlTnN+{VlXw2}Ig;;$KVwrn9mq5TRTCEV|2+e5@3mPyUs$UMlD_eW> zTS?&&a41w!3^@vz{8|JKB56=b7f@+UQ#1o}{gDw<^9;}4oi**XvPFibCgF0DfZ9r9 zU7iBP(#oYa7lX!##-_!prp9)$lOJ2MlExH%eu1rTo?ps0!7p>}d98@Vw~Wf8*WI5g zzhpvi34(6NBQM0cjL4dUHQe;f#pxlY`#e~H^vVuPOO=Z|Y9(@JO~FwOC>PBAvwtrg z*cR8*rGwupJV-js)!u@{DQwJ_91emEdYc_)E6S@{z2?c2Uvo|3f|b8AVhHal)qbaN1bvnIj>-x)8xx&Pj_Vq!>&6V(aCM;9i=l`h{-cR(+{BTZQ|ZmIUSY-n*Kn8?_^#2o}^6 zT+E9`WNj*``m95Zg&#_+c7rNXf=Bsc!=S_}T4~Z+nMo*{O*|%|a)MJsBnZbRT$mBV zuRkP~SiE6=#*Sj~=9S(f2F+N$-J0so=$n@5X|5JAJycpYJPx8UvyxWml$oS*O~fr@g5YS-!-+D@a{Ri3wgmjK7#K)YaOiKu*+PA9}s|I>nuN&UR9wU&Akk;<%Phj#30 z+!)Nxvt*pvmwbQr?gm*_bC9Hlz&HCL;)im zF)5fgk84uLRB8Xl*j@i+!QA6v=;sJh*{0w=K$14kA?aeEY2azxIM*mCwaZlO@+d~{ z1a-_LWL07mybJ70J{y6a_LZ8Okz^ttv8~41DmLM*G87(7IR!5*R#aP8hxfj@Ld4hD zqY180jl!{-7ylIuh^W3%(bp9*7ey22poJ+G>+;Kte%kZRn9>#>8mo%X;YS-dgIxXV zhtGQhvKD)BHkM^5?X6@d7>LWZQL<0rqnTUEwbaD&NyH+2==pjRZ47HKBPa0PzUAZvlH^*m1mNW|&=O<9KzaMwOXa0lF#;o%>FaTDg zW^1EpUj_7jLEj{OHAz|=L8iti<~w<%Ed&6FcG{_bev~U0Fl8~A=uSn4U0M2EGT+fL zEh|0=fi{T=qS&uz(swVqHRsUWcRw3e<18`9@+v{zM6uvq8xy-d`AX97?FzqQl^*Ig z2h~}0^2Uvyjd`4`fk7uWUbJWR-2I2zC9mS_`e-iLBiQD{iJm+AG8bZzy?mFfx^?;@M3+tnakZBqkCc zom?L+`s6wMWQwh&CF0M$R+E&$;tl&OuLEe%R0DRD`*3~-v?gl1{OtZ2PZsKSglD-j zwM?`CeH%Y34P}&?p~uOfb4B9aQIOb5Ga0w9PVNnU(6MCP+>IXocD%O)47Xk5F(VGk zCm2jOp>(h%BZl+A^IXI_iA@rnUR|Nx%br?h#eRRJo(OHQ zdE+d(`|of`8f&s8oYa;`xOj$g$|){*v8_|~a2l?>38HW{V4R*jZ={P*ib33zHT4RB zyB&)HcNmg!@Oot;b~MjSw<0>SOTn>kHCZYng#hKa!E3(3cf&$A51W0uEePmm`kO7;_EiGGr3CwQZFg^$yW)3@>#YMn2(H8EJ>XOuA{L&0nh7G?8ESZe7MB zr6N@HgI&&ODs=YdzzsFm(7TI-ZoiQ_aTntHaTXclYo5t)>`G;1ek`h7YUg`O(jxET z@DSagW%@RBvpm*zL$Vern#T%Eh3hCwbC5>2grTiY6DnH;8!UJ6X0b9qFS9ad9~|!4 za5w!`WR7G|Nx3mLeZaX7f20C+Mt$|;8Aaas%_JJ{`X*b1z$xPe#$w8J{12%63DJVc zW70A4qB!DoFr4!ZsJE9N+E;&LwY=jT<0}(NUaLGyUBH>JNS3x6$Vj2~Ty&_o*8-Pj z^Nr#7L)U%HiT`nHO^K!a#`!(qBI2>Ee$11>GuU9Su*0V@%V4pk>4J%(8i_xW8VY;i zfm>BDI2C_N?0j-9=p{s{HEUA^iDY36CoS)jh9Ten4Pk&^IJ=F(0r8}T8#WMvwsxQKgKt8TNg1}{CwAg$`*DsnS z7WjDFT?TJQDc<3Hrq|%O)2ZH3o0@fbk0t>0H0?Y+gEf{HEC@O+3dt?)C_J-1_{=WN zIK!*qP}q3L;TM1M;oSEriWClcqpiPWeG0qFl23HZV;BlVp!y{I7KmJW$i+*-8}LLq zUR|8qjEE3fgo6nq#=N-B5>4qJ+xq_HI%C9?%m*8g9Mi%`bYoSKvi13Fe9aO*vWQS{0vXj z55RTgZuT=KipT8Vu4B0bYfEwmgzL4QMw-3{`@hUU$BdKK;9_hl`<_X`yd-S#S>`B% zTg4?b8Ye8)W!9p&zC~5UQ@pyv^s#DU~(LPoA5MGe<4`R$78JB^aK@QKX_zih2b_SB`~~J(Tt>`0ppq5)3SA0%@%3(h4xqzFoXz$(kC`p_;1*KU5OyY{ z?Wu7_Rio-UI&dCLT@Cy=;ex6%x#~V|r7o{W=HVpPOj%bL?(+Y11R?@^m4Z{^>&CEb z?dv3tcTz6=pbBMbsGFh#4lwQD-cflF*B4)YddAbIJ9CTqv%?pr<DB)b(a`H<;eMvN*qJ5W?&kw_IQ*cRk<}rmc~li)Q*JPeXQ5>fjk|+!S0?whyQr zQ1|zTBveOCqlO%AA%UER=7*^Ci=3TXs>kn37LOAuy(q=Sp5RnEO}BF`yG2cy|J!h{ z>t=*TPPJK{uzpF+GDpdn_TG%2&Ry($m>6r1HZTmmXR>@n6G?EjbA5x3FyS^?CH~?H zrQ5y>#B<^BCL<>pK%-BqUp=#Zgzy1b)^}k8_n8Qr^h4bAW@g;kj56%mww%5cvQmV5 zCSOFz8CpC?cpmTfW-=?5KrmGH+u1cNj`6%U5+W*L#zx#71tp5Ib$*8A-`K zi%Jy>;N?E4_TUJyuUgmYyQ_xy5Xz1W_{$9Qpq(+X%^SL#IpBbF)1L0J+27X~!>~O~ zYz|JydC z?zp~Gy&p4sK6+ToWA3poevLrMFUvvcm{_eZD;p4dZDD`2Ax0u?pW0iN)=VAFW;WokWd9_vCYvw~jkrGA7 zt?!3ab1#Q4+M(C@5Pj1yQd6H(eW%KjdbRu=mI(6hGjHfnkRns3RWi=ce?!NMRu}iJ z(r)0{Juy_S@erOV^6%I4g$?D2{jExr;;sAyz&*Bk!>Lu5OAqSy6jf9U@ud*ae=5&k zY~#4r`TkI`E=nsrB6|Muul{Y&*iQ&Kgm2%DG5<-RLH*AH4K*j*|4p3{rQz)Z_&TGR z6Q-VT6JM9}WoGgg&nxIp z^k;Wu0uQriz_SuXu625wh@EWtkl}vYUpwu-B*i9OP8aV&aQlKT&Yw=;rr_wR-(ww0 z^MNPkCM1R0T9d%@CNYJ0)9ht!1cK(p*&d$$su?MOrxT})*|+m67vO7X&YI1BsPkPT;h4liB+$* z+F|LZYpF9(ZraW@$rPzPeSB`hdmpLMOp9Fkp+Q*lh)f&U$N9^wDi4qiV?1^XGLz^) z&uB>ebLP5M*`Wqo`co=Yy9Wp1@s&2Kk(LA{-g+&KshS7kN-jcCEN8K;BWBZmx$WO| z6PeaOv~5bS(1lucd(lGyK6-`dKAq;uT|kCYTL1zJ29;*0m<4lD&Uc0RG-k_UyrF@> zS7QhbV;D+N0Ua?M(%RQYq9o(gND2shuouS{h+DPqZYmV(=If!Aj(}9%zSp$?OYw-v zLs;tWx)h=zgKv$8kdUGQKD_koq`4e(%j$%Txw9mSTU9w~EqYnVMSmVck(+2WgBAg0 zrwyr!c5-B79LyuGuuDV~LQ~D4*#A zTYtga*!kH?LohF_(gJ~!bq$WNpUsQIrnYznbwLpPkgMFkIozZ7Hz{C}Ghs~VGM6A1 zUCP;0aOdFLOEjVdV8%^`5ZNm!`wP4@ovAnQq8-^1q->fnn&{OORIrxnB2zJAewhGQ5kTQn{6(NgiwJC7XS$@4%69S z5wX6Eb=Gb2wSHM_cj=TPDlYP7@yQ~dMOkF`(7RpW(qL+9-yXt|+vJS>e1+3_5|JLk z0K*1p-HSeqhHMp!_h8x+?eou)VCsrs`T04#jf#|)-vLMwDG=~>D{cdM=^Mp6e&dy-$*wwelI0cCPP(NeL z@S#7J`7@0frYBgmqr@l9THpG&Vjavv)VLNV?RYrob)SS3&5EydhkDmYOnY*zmYMNG zud>{jlX;Fr-6ZuwZJv8l22xeY*VWzo>~&FRZMnfssZuWVc)sG{CJQJ*1&#o((cZsT z>bN^JAndLo$j)c)6^Aj8mpAa#cpf#L zz%E7cW)v@e;j!+9iK4@stcf+VYBviU&cOQEAo@pzL0DhwaZ}jc8zD%cAB@njz*E7^ zedA3wkjaKzCYvKAk3RWy^`VUGwO~?|iH)AyZHFf4G1-pOGtyZ<`G!Po1xCe$Mh$z` z88~6JG_s<^a^#!?0hi|;Kcjbq|8i+Il}KOR-q#muhxUCOd=3ma)VWLa}= z+i)0PdX)$c?{fAl*!q~xc;Ih0XZ%p2Czsp$8nVPk#cdXYdXR=f9EVv_(q!SORn7W@ z7EGlG=A#1k{s{@luwip*(WJE+Yi3#|OZ;l785hdH)eRK(55VTVg2^(Qg~jGdFI6if z0LK=pz1Av9az${9UZeI~TX6DjLsBLt=j27JEQ|t$HWjFWaOYJY|7eiqF?)edb7PXz zdr%myuP|;AzIuNU_AwWX1RZ-RQb@IJnLVNmne7DAiqL96owoYW_9`gFVPWJC>6U}O zGFfGz)Th4FcTkXy4&fi5Aw;|JK6g7RKA&t^3|)f#Pt%d!pL7GsaNSx|FL>k{H=`U# zKklImrg>>XUIb5ma`p_5m;I)JAm@uO zfS-Ii&}>1@lpVC4asu}8f@u=IDq16iG~Rd-`NW^V?gR;wc)YmsBSO(bV0Od$)lDT| zU|9rVu&`CX(DRGm>*6ZZbqRF8+N4t@U${-$xXt)o%M#&jVO&>bzNHN!w9qgJ+2Gx4 z5fO@TZqE0T3Ix@lJI(eRWOb#!%p@M3{1fXks_2BZ?{VYFRu0RS#isb1wTic<`ll{#j^Gg>v zf?kZQKRT@zaqVRjPJ&&*ARUnaeg9~}c)@P5HK`>(*~2Vn2Y3VXJOZPlYzsS82VZji z9m(B4MA7@S39B1-L zd2;8voqOWEM!oUT{otwO6_p~_&)*J_r0VT0S8_}v(GpMSj(Y}?H?F#;08Hz&$PT%i zvE4n93CcB(pHzCF9cF#zq;cG~513V6*10`abgHT4*CZ`_A{wWS>{R4qL5gCWWjSj9 zl2l+v0A*qOqwcgIjE^taf3^zWJMWXks>jG{H$a~hUlN~ToZ2#FFW77-F1_^f6pk#% zCN)9L5LhibyUC9zLT%g;piwFYFJ-R!k??@ukDngBQ}xVzz6PlDdqU|bb`~PI;{C}X zAkgAwv>48JX?Gjs6Dcp(-^cf;e&vlwcoPuW-C~r>c`&}8pTGeB;-hoNbuyLd*Cm9t z?<}h=jP_kRVPAh?N1$o$O{$7Na!kMI0Yur8aP$sYsxyXcOW~HlVZuNf?YM^DH~YxD zbTgEYYanO!Id@-~8*WFUfT3Gelcjo>(&ehSYCotoyR|h1WSe?nWQEaWnR)?k?;Vqs z|G5>d#ej*c8WYU6J?cKsQq6=wfiA{v$&)~Y=}%>TbtW7lrWA93*zUgRI~ur0T!BwG zIG5^qabOQ4zKEIItO54`wBi}U7+_~(tKhMAF#l&Kle#mdD~(#Y9T&dA~a*9EN0 zuYb|)WfNRLoMp341y!t39 zt9Q#Gmm)MC&AM4lWo5N+|3Y6qg7w&RNarIlLpY+tkYOL;S64YF<09nZ7H7Nka|^iH zc4DU_bx}Ugip#C|V`o%4ch^pC_JNA9Sf=_&5s?f}hFi}x%(BOr!2Ip3a z`1QF)th@R??I>aiVU?6&{r0!Qmb6zf{VgWnn-fk9&w8*nU(#qc&+!XAI7PjJ=8Na{ zz#VnFOo z1;^v{E7>WC8hq5zEs(H+SAf18w~4+(E#j@~8ok31tAzuB8fEGi49}|;QzS{!_-Hxk zZ+uIwwtAPS{d>e+46!YWD^jhn1DW|_!@^W&s=`(0`(y@(eYjobja>UUE`R)u!YgPq zMZU{j0c5W*2j2`I_Q-bK^qgj-{y_eoe)UeydrA}3!fHiiw1?F#Dh>95i6A#joJwkBJj60r-3B-EA#9tD!kjU<&~i_)t6 zw?)ioYg!XQ-UTKg3L>Jz^$x>%@&~Np#~!J&|1tIwWz_f?`=vuj{zrg@^#A;&|6hyX zUkl<3uwmw81~f7IPjP~(p2EKbG9o%MXUbz5AhFuC#_g4QfNmWrcxg*IEc((g`*kx* z%r(6eVAMOnz~`D)zz_gt>BIE;Cx&HfH3?Q(^0mhKYNPcj%h?Th^pt%i_-#XMD1@P< z!$IbH2hi_Zudck{sz&Q9=3Sd-Y2Ij!BfYsqJEl@qWtQA(boO}EVV#J%@DTRV$>rUr z;Sq(4W5H#X>}q2iZbY-J)!%@$dF{EI?0|zRQdaK-IW3;K945roTqdBA7;c@AfMcMf zeLxU#*FXqz?}d^u6XF+K+dukQK6(-ioMw_8Ms)F2)jdqh6u_p`zcxV@(GMhpHwh$u zX5{a-TJ4Y~{`eWH<(!Hfvi5DTey?gu602Ve(mgc}TXRXFwhSeu!JT zwTO|Lj1`FZ_%M8r?mP*3zy2Nu@#f3`811*+q6c<%Pm!o?l0f$s$ymvJy!aMyuB@L% z(U>9`&?5&jlOtrPrr2>U8)ObK61}h`ONT7luK*g{~2=zGPQuqi>NQwkq#%qw98~ zc;AtV90p&CXOniQs^Vmiu3=}jNNw5@$+7gEYuY+U8}!|Qhmb&?M+_iu6R!KnYiZ2& ze2>AudlI9&jZ)1dp}J{@pvnL zL0d&SMxnGYBZ5=Pvxb61%}&mRVl_`T%E?_iW=3o_$ay(40@EA9^v0eVPh|*RkzUbW zH=4KRT*dQa1HprQNOYi=w@TZNNyFdzHOz5Xdin5EcEwRBqu)2xzfZgi{mB z4EJJ#cA=cF7osl|%kyG#a-_hL8rmNfWwODk-3hFkM36g!nPY+T0Qe!NpLnQ54W>KRV;28$%swCXN|YY;|PS4DIq8mW7P(nE7qzw zDQd9DSdcL5$-IR&%M1cbcjeEtrF#kdO>iSBNI&V1GYow!`}I?Qy7~7`T@Mk7>?Tsf zxkinLUaHn2xx*}o$HAzuqNW=83K{BHKz!6IcgqAB{8>JH7;e;5*Qn`^++*InC;pbK zi>^BR>ldg#Pon+~d?RmrICN1cIANa=#8b&LXqTpNO=FKuikG$t5IjwK331g4bR$9^ zf*9SmMIonFSL}P3b*j=wo)!8Zt=2t1bb~%HS&cqa`$-eb;VQ%LhB8t^ypU#8ja=bE z=)>ecEz~(jvnJ+Y&_$FF@+8aP%b~~Z8N2QJ#38&mG%=ujv3fO3Vfd(+ZnzV^ALeld zGNW6V#_6ryHz4h&C|=iuOJ$gu0VJ^`hm3Vi$k4DalWa+{GC0iP?P!X0Ue@MYNxBbT zfJ6B-Q=@&?6Q^}_1t;Y+1j$4EuR#?U6ej?qo{NxErHca7Wzp@F!l_qU_rWp zrZykJ;gmOk z^@oAelHMQ7?XBPN- z$zC`a9X#@*pFf;l9;G*D%i`CjGRj*Sk#zRJ>gd_rs#^A3qUJ%CbjHI!@ON&1X6`Lb zsZk!@>XkPX3V633E3*igokT~4;oDuvS02z z)WQZH*DGy>bNi)fT+{IN3vMZAURij0qu+8&9Xlt8?(9LYoOUDZ8U(X=;<6L=4)0PR z;tKX9A#q)N5msyi)2I7=9%lxG&U^TuG03eEL8tfEeGC|4>2B!{7MD3Z((Ji4u0D}< zl4|sNe!x{i;68k%LX_j&=ON~jyuY%%dqHKpE8!ZLIH>v9C)dmkv8+*i_^-E^z~HO3 zoMPQ-S%1JE`Hf4e08{NmqxE|t!0A)gFH`P#k0@HDt87Nn;plSfHzvMK;?c6q@1$7u z$k0x(ahZEO6>?05f`}I?VkDX;p%_{t20FvL!O`sk{bN65xJVojB)E5w%3>T{?t4(9 zN0rv;eOi|{_x^%=Q}a;I=yXQLO8tmvFMQ>YfA9jO&mzyL>KlksNCxX37P*>FTEE?% zhW?56j+6I;ayH6HKi-q}Fw+S-Kc$DX!#&f4nBRPGd0G}JmIhmm-NNRYML)L!2_GXD zNU{;7K^^ZIy~bDK0jS<}O%DMbLWkPtMI2It+DCvgneFw6$Fje%Vb%Q{l7|QZY`iJp zy+MUdT>NYV&HmT&HEY={ny=&1}D5^ zMT2M$UtaJMa2s)3%(GqTFPQ(xQ>MoWMwss=s$9FBw_mHP)*itll);{A=%(y)6o5XK zg%_-{S^1o$w)yb>={r_d@y*FQXVHy=^9gKhtIjQ|WEXU6{Q|zSF}IPXquaRH>~!@V zlG7zR#+`b9bDQIhZE{RAZTw3hUZiK{hH3evi~=DfhPq94M|=x2+smn?IHk=dHfHN2+4&9bb7tN($}K&e?K)3Q3ZL+ql!3iH8#+~besCbJy&Ya%zp{bEO6U<1MZ&f_E1{ZPP5H% z#A0qg-`f*%W#)`pXWO$7+RqQLqq=0~TmfcRfxNqi^g9;Mo>BtqcJ5Bj-8H!C2xWgE zssjv~W+bQP4R)88-Z<4K2%^_KzDaSq{r2bB`r$WzqXf*__O#|Q`FQ&`GXhM?-|g?0 zAvFx}Pe)U(f8Jkc+S#g@Sen@xeVO0wtX!K6#NTRyVR|Y5GuRMb+Dwr`W4NVF9 zAqmc)4TzEuRYO>w5V)NT(kOAHtohzVU_hsa_a~U|xiz7W+FMRzc~zHd<=>dD$5tf0 zrnih#WTsiM`lW-f(0bp;zmJFKse)Pjp0GRcT~Wk8bAlDWke1ABTL&_HRt~J$9c=C@ zrh36`Ae#%DLcxX>%c|fgX(vVH#6vZ$B>c7x!?Va1E6O0lavBFg_=6N|1GU&u@VTR@ zVJN85{O%2c!QlF{GXM$JCYF0`H-XUzzILLx)x#IlB^m%7tCo{1DYqUIOCaWRU?rxD zh5@Puj2l+dI!QHeRgDH`0#HZ?KhuWJTvvzl?t`;TQWB~eZL}3#!*Zo}MllwPgf1L| zO>|}~XHqMPxTVzSi6=RPk1L#m`kCgGg^sm4*Eh2YV5D>&Pl6A>>)F2tn5}X}!A~>< zWGa`0%>AyHc809w>0pq-1mFx3Q@bS$;2ow1o16{s#gKCKB9A(1$o_#)b`8(fALVL} zJb+;E^{brt3WMl>#YRQ9O~LJ(aMbBfWnqYsiHaVF8-$*UTdrbp@T&x&Mk%C28g>Lx z1zRtkFI}CuUXgr#KOacExqm)*UKp``eFqOBR;x`u8vHBgfp3B{wC@3CpX8e4UP=@} zPO~s?qjIih|AT!_4MFU;IW!$_9XR74v;R2!`fcAs_<1D1JZTPs^~%p~i@+Y+8aa7pQxj=)Ll9`!neZl44!!W`E*CGL!THsLe;;0wpn#jkW%GD4z4`As0NJVrCDEOSxtCsQ5}Jg@q!-nEV5SB$Qa9r6RqWaXHzh~Rz4f6DDYcz~ShIng_q6XA zrl^zyDob_ddCHf#7iI;0X^}~wxy4EInKwS5&;3zTi$7D8o1lo##j?yD6`0`O@^Cx%@CH45J??c*cPsKC$bcIsD^$j0to?ij#7p2H#?h;{5 zeKGgKI;LM}Zj!^(G#0|%+9q=Q(^dAIp(M8K40Hz3FG}hW%8>&r^dtU)ny>(0v?!Vi ze9Zz~;YoNvXqA++)mD6+4>g$BTD#bt7kCzNUa$GNeZ#AiJ2LqX-RuXZD3)|>cajGz z%&U2}63s>GmLGC`>Bu1@dL-@0=-H}7~Gvb;m_ z&piXEcm7%V z!f$wo`q#lS_$PEx{8wux`2SEP+xz|1{;Ku=brF4ivUjpzG;%QdD)5XZ9_EZD_I7sm zKt>NcTjzh*d`7T;_c;Ic$k#db-`D>;_fzug`~U9uq=0TlwpOP9^{4V*JsvR+6Eg=F zD|_I799|3KI)P|H$itr|Z$7qTMvIlBJfVnh%ylHwR*cohxl<3su`&A6Kq z4ukX8psGn!$n1>YrFy-I%$F%cGeiL=1)Hm_+wX2b`|gj|cZeQmzKYzyx)^DEg0jH% ztAQ|Rl3a;iU==I+cyhcVfyJ1m@I&ex%{s{!T1!Ny#ju%=oQeS1x_RunEA040XbY(hVu4^6dg zm_$2gDwwFQxm!5`!V%NyM^Vko^xymeb{!0HiMAEWee$25I-6wAwX!PAPU)H4)B%{` ze22-C&PY*;xG8)vhqPwAIv-Ebxaz++lAZ}ce7I{OZTJk1)nMdQxsG)D_vNPej#51y z+f=^t%qy-nod@ZI*INdad?9Q9KhEAcIed))KgzTbG)9`F8ZkFnQW6MN42Jo6$p=?;tBUdB0mEOsShN z^1@?Z)icCj^9$HL;&sg-QF4@}X!ng`{dVJgEDR)*&%SQ`^%UrWgZIz_$d85rhS}=o z2qf)j)(t$Q4BgK#iW$W-(_*g=imI+7&?;)^VV&!ZSC@ztKHUJPckJu95}~PIy^jr? zK}VHS@FRkO#PH z={`pOo-${X6EU4Y-p%G$90r}D1x0JYYLbwX4!t@@^Qq)%o?5NC%6Tdk)pZU4!l^Ov zQ1r+HX6)2D8Kbf?K8b#yiD&l8SBS222L$FUF9G&v<33P5!VfyIs zH^f-!N)R9dYhSK&`m?kNxGg7kuZ;m)my>C%Wuyq%{q~}uSjIAt$d$Q+A1HrpH$P!f*1ySgNNJ*Jw9TU|T=IW1=NPu-V6)g3cX-_^DV-X|nTM zJtK85U#KEmYE+U-pVcXW+r`Ee5=Lxk_gI3uQI2ZGZXNCLZHN9)ua?fqaxzN^$oz_n zpsuu$pZyd(ZIi07IoX^u-iBP6=zEl$ifD?~RmSkkGsX|WQYT&lrN;?!*wtxHz9&RO zE3O6WkUL)qP*shmK)q)LJAk)k!T7*6un<&Ni?3@T+WD+O|uo)tBrISl1N$_!NmGR=k{byhRi6KTd=(_ue< z(Fg#uQsICXIbV6|K0CQ^b%MUpY6*7~Qdt0Tml z-B6?ua$epD3sc?b61S(?=vezGx?~G7OIb>FsH2A@x4z{Pbg)3URi8j9mvR$YS)@b7KEt?;ip?iyoECo@z7<-tI?Ycs6D^H4=j>jWNj=0C9jH*{s-g{#&T(KGRl>V> zWaj=A)yd(q*BxgHD-b`1+1q5d1C8KPANBDW#bBW0BlYkzG)#MLA2h!Xs)p4{+!mn5 z*q?;Io#m5f(kC-R+?q)k(Cj97A+G>5Cj#hLUV1m3XN?il9!ia0Gj-t7GVako(JeXy zLb?y44)uJm%^1vX^Cm=#lpaMdK`&-vYqf3h4#38asJOS;++C`ND+Ay;K||uJpoPn*k6g)Uhmd{t^Shv{(j_j&!i{| zH!`;(jZIUYmZ53srCTEurj_;Bsw#%kY68`Hpe4r)o$(|>#-XF4q{R%NRxf8A5~Iqn zdz5kAK|rTVIT_!lKs`)&1SV zK*@QT)li+Ogl9M*E}ubhm3!#2Y3K5R(J6I${I+l^3D1tVSB=Fr@*%YqmWv5BAC6?4 z;}?(G@y+tkIGo6eH}8NS&1BWa@K?ASf+6hP2^Gel@VrZwx#p*;+LgQ92OpjXn!X zy7cavi{42dys=)le==rw?wi}>@w~zOt&)N5Qst7mb@S3P#(E?efspA+&{mLZo1SZ1S54h* zX*wy(=*QjbRJQjO*Yzhu^nO=gGe|ZfZ zYP71v)8cso$t%Oi|1>DvR8^;)~OB57Bxp4)WjqC|GVb`?qIXP5DzB}iy$ z>bq<6^BW*yBwe8aArT3b=&+Z(D*S!Tzg?Bd@okM^r6D_qBH5qUt094^!3qo)&!VBN zCdOaCs{xBwZbi@xEFTG)n-C(`urSIi=1iN~HZ?hb~CXE#x}$s?H9oMQtRAG{WqZvQ?LEo>X%S$Jc0d+mU`p zgZfD=C@Kji4_&<}VxnGrhYV=)QLLJ6SFoQwMyg#M&cJ-nsoI=S!V9>=?_25#N388C zjjV1&Rr@QHHB8%jWQexAwvqVrw;LmK(?6L@a1C16ZX~trJ1h-QetpG@HeWoXSz{Qn zWtM%6S4%9kd!eCH;Ovjmst-I2t;B|gSrM03w|o5VBrJ+=(yBsowk$}h_lvRCu+P3V zG`_p#%H>;w@U!H>`&#qETJe+Smd^X)qD#nXl`SfO54|8VsrVW4hGWCFZ{QD*M+mC2 ztf1~M+8}iFvsTtkXstnh)=FjDRvH1Jv|hC=j(m2A(H8f%8d?+AQME9lQb2u@Urd3C z(v`2~{iOWe;2hN5E2zx0_UcbJ^KQo2W44bBc0ZAywyo%xS!ebP>`f+gn+-oR zBRuZk z>6*RhylYjeOijEa8b{nTpKFg>W_X+@78L(j4b4WlLCh;->&10g@6K5_oq;3r39E+m zON_FsRzLPX+JFTT@>pt~a<7&$ePxhj5P#!6hGY_p!nCt5_|gL+xY|@h!P14gD3IZS&`X9&H)>3}#zct~@$SsvR%+wvK|qlHl%q^WQ5t#n#)0x# z%gusC4$hCPn{E|mXKmlYeQEKE_-VBFNL~HizG0$oaP|Z76R_8NE8wiG!hP`)uTK*Iqp>QJ+L=M_vxZe>Qp>JI!_=!k?x|M7Cahg){n@b(aeSFaTNtcma zh%?P(X*3XF0_p&{Ej%@7DL347bxmi<8_1ugZM8W$20Kf|JX}ICrI4*P4A^goB~cC| zoJiAu8m=}iKQZh8dR%4Fpr%H;oR=(_O4GYGl(;9=Lh*WXekR)N%alMJ5BAH5GdBH>B@&7309qIuV;?E!yGoJ8I!p1v zvXYF*C+Aa2)3ME}t|!_DZCa?7Qx8cC5y88xhKJ=+a8SxzFiGlG9@iy9IrI@B&u|Ki z2QMp80OtjHRK$K}(PQ85sY0BTi*n1UxN2CXIaCIWn~L>;!Gm=j&>V6Wfd7n#@q7}< z3iaSGy}j@@$e>nx`w1mt26~y^#*Pqv7)m<7aCNO_#v7rB*d7E5pI`qY%XBh*&+`Mc7 zWeYo;bQ7h_#b`Q(`JHIk$j^E4cv~I~Z?N#`wc!axT@ITGyI0y`ft~CP3+y|gwS?lz zQPC?^fE0g%J^%=cx{*iN&&uKy?mXMm5+&*wM;%S-x{6Zqd#5Y%G`+N+(Qx`UYFGAn zYqob8kYvlYHASDH2Hj()_ww2=w=VS4j+RV6^fdJ#CA&aA|3|DeMdzNMa0m@em;6HG zQc+}5j8|sk@l_eUDm@u3bt{+OhYISw-Sl1P>C4n)*AlpyEiRq9aDr|(iX^v*o(ofl zW19|E{lqk7#!Oi7DlRGWd|OupMJJ)EaH{K};T9T&a!l%thGXR{z zr-I&vFX`$j@P|l!7!&oAL6)CgB3msIOJ;W?(?g)gSn-a2^!Sn2v)Rr1<32WR7~(DFk`@=K)YnRZg;GqqPnwt`_&Zv9mY z7>_&`iF9H;GRlm|W@ef58#2^Yp-Xy-)97Vx`=!zx{lEFXr?Qee;OSrjA%c=9`gef(r8B+=UT$<(^x&Bg{L8 z@saIZ94LF|a*~TSbcn@)o54G$$VlC*(&qxj0yL2w*7LOp%Zz zC4GtxjZ0&CatO)X9lgol-+hDTdmt)h^{HW-!VG7j87%&Y5vvczzX#o`G{zFmD6M{c zXU16%cEopzM<4_VJ!@mML8~-a7Br1LOX*05RO-btR^aotN*FW$SZA!yL6%Ct7UcgUTeJ8=?utL)~Z#;$e+ykkyKUbIzb&rToyHsSab*J z)XaS>Fra^0*jlNxi|P;fNyS&^U8 z{wU*00?~?ADX&sQ)t;cU-mI==yiCj0Qu;c?;(;jT7b*3E(!QXa^JJz;*B84XDa~{v zS1n*<7GCN&PCA=FlKYc*@=PQJE8?52Z+YXSQVG2COF(80WJ?i3xwuws0sU7$!;+O9 zv9g464Z1@xS&qPUM#ytl(zL;z-BCvOF@yBx=n4~lokFA|)njH%LoyDR%GB&p`PuNi zD4pFRWXS{N3ckK&BHBy0hWb1+7IsSo!{V^$qRy+J9$D3lpx)B=b9K_7U(4UmZIr~` z1BL@L)4sKE&$+oLYF?j#)UHK@Of>W$w6{b!JR)BG;@_c9V#Brz+B++DI40}gl4yT@ z4bY)EXWdL`uS95vi*V2j@vcW`p8#|R?XO)yL)Zz7P`>0IhrHiaYMil{dxd#R;}0cQ z?&eyyXr+uODr#jf#W1)Q9SXI^nZ*0?#$N1IzqfgqUZ1v!b};Z0@D5*(NEs+FHs%f5 z@Eb&zZE<3SIy#l;mSni)((Ld)C*FmbEg+4);0D94Q93~v!P!jmL_{la2@O(Y;hq|} z7Te1bzuQQ>*x5utZHG1tRTj126qsmxykl}L7meO>iVZI${^W;#r5(4dz~U4{_Kv0Z z$ldTG2!1xq7DlTTj`>=98rdai)Intu1y0m1$eykIbhR8u6{P*wZv(6CJ<3$Bh6uZGmqFef_{aL# zX3n)rwT`Mwe8;gsM(CAEUM0=DD;*nADhE`0VR5Vp|3M`Q^}4A`h-#x+;*r(qol8_* zCA@keL!Mm|ZE0;t>BAZ@?P^Ar7)u86vW)ISM7KOwNyq9A>0s+%yheIyLp}0^zV8d@ z2h}qYp3fzmRNy*7;V`+_;{+^5#ERh17-VE=889Cy!B){`sGnC*KDg}Dw3*I-C!iSr zjr6!OGI>IfQ0{j6$gk&_Y<&Nd2e-@Y7LN>bPD!LNnh{aFH1EN&up7lS11=OR1aPh|Ltqqyhp z$KM;-k5>LNZ;SeSoM|U>?$8suI|yG4bM@?RBvnlc4Y(Aej}(q80ypnJzW;+BIYf@c(mZZw3_3jBEYo;LO+w=OE` zxWmZ9^oQMI1YJ>d59WN5Z&to*WC6fm2Wx?b^$+S+QcVCzv1!Bm_9 zzcyxAEt0TMm|lA|^|iDWN?xhg$a0#G?I=EMqpfwLt#PeU3GY!cR{VTEi+=%qh03vF z)Ob-B72J^sUG+_8ko=4I@9B1nK+kzwPX=30%{cyhE2l+?WA$n^B#EaUT8$5d%YGUA zJ(CgLzpun1-kE!0L@v{w8`8k|l#~>-hyaYm*%IB*jgn+sCD2Kt@4x-1%_c(IMN4l@ z+3~DP!XV@hA5~3Vp7Okx50j5*r{rDZJshShZu1u#luTfiU$v0P&+24OFNz$PGkH&_joCA!e>rtSHbPSMch8#>zJl@?r) zBVF-zE@Uwl(4JiqCcfJHK%TU5BT3;rDcrJUvP`*n6YV`(c5`!z`{UYQtEeR^X=$R{ z>q82UAkRS{hw8kXf%05%`#Ecw zm$U$xUE?mbjTli}#l!f@`>+|O@Ewu}89#}dIvK-6%(z6XwuoGD=TTgEG6aeIUTVO! zXid5s!Gbk?(MH*k@7%}()ydo0Rb>!a$U?m4Cz;oTV7@!Hh}NqWLMFY`rRcRsEc!uo zI}ljDA*}^dw7ce}oZld~y;eDa=$m--P;uw(kq&ho;{3jpolNjP(0_R) zFU_+bZ(Dr?)p4KjwdpQ>y;@`m(ZSCr==PB5JP<02#tGHs7Fdb@&M$(8 zwH|*B&l5<5wLcQKA1=}S*h{f}{K&{JFb?SgLs+FQQ+pf8Y3E|N81vT=X?O3XF-#y_*@c{jZ6Q$C)&Z zZ)K~^2?If)K2Tt&Sgpf8<2eD=+Z|Fav?-i-JZV zw6x5)S+nj>A>Jgr9!&-NSS8VJX4K)5%9|Y;LL4G^e20O!x(cGB$ImH}A&C%tNaBOn z+~%+siAE*1E~w6Uj~?;i!1mpjygt0}Sa-H8h_C<+E60@b9!Psn0m70q>^LXR5~NS` z`&&tISh>e-9Cj>PvcmA!wP*th!}>0AC_YD`g}@kr;MjTfi~hoW5Eob4zEbxLO?Wb4 z+IRTMs^Vrz8Q-Dc0rUE@NtIG7bF1L&jdH}w89hxAw9#2^_Qq=MWtC6hzr@vc7mF(V zRk(cky8dTz{m)(6|4hODm$?302i1`F7tz;>C!YrPsZ>!JUdSNvuo=pF*pwkDDM<(@ zFdZR~xW|OWZ&En?sqhRWWLLKlz4_7zy%8wsea;#k?eFA*+CT*@L=ldA%?&tZuG(ES zO`LLP#kPCJmbi>uk3AgrW~4+jlm`>!3C0`Rc#!a?O)v*_452Q zHyUT!Jag?v@f=-I%r8O|0|u<*NcjvWD8&iTGWHhwQop<`eJ9=X~& zPJ;ZTD*qtigY4qvy#gN?N}jI7@BA7Z9E^HlcU*>4In(bH7*;Adh>0K3PAsIcx-$~L z3ylS$jG^K1^AM^XHpzG;oq_q_t{wPHZnT8c$(T&tvV67yI|aC8Wg|*AET%|&G`+t> zY~~CEyAq6@qQ+Qfr+no4{2H4{I5(UDb5yuSaKEltx&}o}lO(1^8UKPC@4O+f-BWvO zIN+yO?s+vk)e`&&p%YS^FA2M4yV{7^B2>GIEaiEIYEB1a?s5)L1ip+XF z2^ej##)!(4NO6l5F(n8Ux8*Asi8JSV6kBY!)72Qa#?+_GzCMhEFyvyqRMKj@rd$#JshzeLaZigAIS)u7N)?elVNSPz%V01;>w}gaNrD!X) z^&q7rvHB+A5>i;u%5p}kwSy!yFxPem!!UxRK#1(dAt9lKiQxbzMoi*r_qe*MdAaIU zGTO;zz1)f5)|~Z?RHnCNpTEO(&T!G$_8amVk71zaJq)QGY?-p?-A9}?o4eA$GI z2#@C;d7BIZer4}lw(@3i+sn5+PkMpEx%pCGFuXFO-#G8luTmiCRJs#6+YD;YzJY2i zpuaO#e7^aY?*?=8hd`jr7!DiS+im0ieuYCrDF5C}&JtqJV+J<(pao)_$gM4W4j6wY z!9&;|_+5CI>#zzrmNT&7Yow58Fi#F|`6S6YNA;dr*rY97U^p5fQJg2YV}kvmIWlrv z{&W36kQD-eh|4kH;71GV4*CiwKq5Tf!0CslGHdcw943%}wW|QOTtXiNUEIkQ{3~y6 zP5~R8 zZ`d5vX-^&MLTY(uf4ac$LHG`Yvt}Qbe=b5=|*RiV)JccF((=h9^B`pBWabZt`ATjeTXYoKPFtsC39QWI)g#xD| zRNl%B7@k3Lh4%yTM5^^YMf@&I)9SoK#*))yU6%w1(sunE^A(%;B=Wrs>_$&L8qI;w z6~KK5=LYM&b|-l~5n%q6s49=&3ABhTJY((7dZD&vde1fT}UNk+3G!c(x_Mt@_tP|OM}7`-zfSRbu5;Vs9x{)o-1 zN6uSI1BHKIcR3b%C-5uX{d9f9wI|h!9v9y_{)1yCw6=?Nedi@1VzdNtkw{#3(oTI? zvCnkt2J77oY!2mCRD3{w7ZEFSbTO2?5!w2( zofB`xK_y{lkvp8 zT6ju2=bxSQl*3?wg?&P>6l z*yb{0HKl;f%xXS`4xRX7{1!vHJn_Zm_&Lh9%Ud{b%!PyQ?LM6RG1pcqsF6RPMqMx; zXj!`4D%=H(GNe?4n+7lQtML@fWQ}BwD@0K2+e|PNFxi0vv2?E@{GN+*ujqlc&dugH z38rmqY{+#4$}F+zj*haN=eCuA zyIG~p#II%ij^lI7_qmQa!B27p?;<*ZzJvsmkT@9X`5jfw|7u4Rr8;Wq!d1pGt;|}= zn)=qrc^=i(vt#5rxrWDqsdBG-2nH;Ko+sX$csFQ&#BXG0*u>W$?`J#ChhLp^+Snc>n)?C*aE@yh%A9JiNN+pGF5-rgF|SDCdN1*KhJsq$&1P^4B(Mxvk; zufYD`wSTTh`dymH-$+K;!X*bem(AGSe2iSzyW5!VrA9{YUb3>O)#H7cVPQIV$70mF z`K9=6Z&1EiJ(FR%u|y6eK9)IwE*p{f`}TZDZ0Oy0o&0=Nead?+regqM63g9_Eg$G7 z5LSvgk$e@|^V_*dWR1nV#(oG3>rtX>DH;?ZXS~_$+Womy zOPgg4jQ*XZhB3FO#20Zioq4}Xq89U^(NaBFhwgN~7=nB_qJMOL1#3rF0 zC`!_dp*!%n^GfD=C4A?Ryvv~+(pwGhnhW=?N5emxFH^MNnT&CW95RNI2q76CQV#W~ za)`)+Y{WbtoHE90p%IJGq*sqmN?E2#S5Uu=SZqX%r5Rli9m=9yoGmsg3!5(a;;U~h zM^)pMqn^&N9NoLXS8>$YhG{Q)q`j(i){ImUlet}TGNsDZO7%qQcGb=(lFb_2O1jCG z@W-|jaJ&p<9-+z#OBp@d9#GxaN8Xd*4})S5R14;9MsnGKd>|~QTpb&*6$~s#XT!A} z1QrY9&BD)$mXCs^Sf^#aYuF+Ub~+cMlYkeKiFmh5dH>3)0mh@}Yx_cF;dDlolZnTW zZ@@Q=W0;>?imh`r?bpVlk|`Q&Nc4j7mLhR1aUwI;v7<11o0DW9XGbS+F_6k9%Bd&P z2O;I&IGJ%-6OZRj#GRVB176ElHlU92%760g4tFWVJ;p~o&I#hz#|*^qHVAF@C&0)I ziZ?{qNwV&#H)v%%vnx^XWnbfn@@Yvn#SHi~hAI?aJxlgNZ!NmTG(tU#WLFdyDp8*@ zKxcS1DU@%Fl=jO}Rj$%a;9gd>Q&cOpPV`44PMk??g& zUW$_gJi?&xim=#48RRi(pKm6PFL(!M%rhqnMys?V|93@Ww2Dgq z8AkYd6mL+OlHl{<6LRl*TuvB_zOQ_+YHFUjw$av4|c2<_rN9xR>m%(SWD~;sr37uepEMCuyPpdt`+Q! zJ2j{@JH7&&NvExf*`_*|Z53`oSNzVTnFq!10xl!xCcTp4wG^LEcKke4-K<0Gtnw%&>Q(WFj3+V;aQ4ef=8dS=(ud*39!2oJ~K2g|Yn}yY7IzI^LXUeK>jZcWLfo(1x^J>ZUz<8AqALDUOL9C;<4X*8M*Pqf*T!6{9b!lx;Q79BDuBb}eo+)5gSxq2_} zydsz*>~+53H-E8;UOC-zIx*~={wg$|-kWHY_j-Ws;f|=Q!Zq=Gr?{t~$&m6H@bPAz z+Z{_8?uHIM@M6*}%vKvzF73_Qn_Y^~ca$usiV_*&u4H70Lpp_bECah{-j&+8*n42$ zGwJhQ3o_q-cYijVbF8ke=K8KduBh#+l@iRr6y5N`S?UyX#0ezvBE?1)rj>$R7@K|` z(E(Iah{Uk~t{!PtjX~F(Yc_m|=V&(%Fu6u{XNrSl>&((Fu9)M)&9F<1nd}GFcu^<% zUbi4yrt*@H{v!=a z!Ar~?@Q2ICpmdA!TA-P6J^yoL&$om0j|2)O(KQ(}*W~C+oN>Kc0P;WxUj92c)^uF` z8>CSRXCyUK*wh}T+kKPXrg<8*sA<)#Ez9=TqI)5|CpB%m8D}j(ofJ7jOP+m)9-j(E zeDAMk-I~5nX1=RfP{=_Lzy`A(m`tu4>e^dR^kE_dSIeO3keMhMwP7-qxu_?V-hUN) z7?_MLJ&8CE?-7u9u`E16j+{p3@A6)+BnJYB9VU6OP~S9pl$XC{?;Iyq;4OiNUCSw1 za+g3kYRYvyru~)o5cE=HN=5wkt?_GW;Xm^p{|+L+`#+_r?9439UH_hm`hP+YF#O*h zCSw1OM;qJxgB613kNpZiI5@ZtxV#%Uxj6XLTcOMQV9?+}wCejoB;2fL8QpR z;s1u1=vX9pN&0%5rmyRtoA>YIVz~a}_x&rW_iqr1n8Yz@5Fx~{Pv!}WXdQ=b4n-7K zMI_L)C>YAQs7!C3)}-ZPipj#BREoY}gdLHHr6kHi#|#m7wc8a9e~kOPm*234I4D@n zghoUeV$hcTiN{^7#GB8fzuu}$w&(< znf?LKogkJ8$&@*Lmbz>~aNG3E5M$@;lsm##Gc!>i)2E=%gA?GpwRqYz2EGtNLuuTM ztZt6kA?yp+SzQ%lK%Ym9B`i~hvARyM>*xjOwt7$f6XZD!?TlO~Cc9Re@6T%RNl_9^ zKue!lme!|3UHFO{F)|Y_rJ#xrzlOx4=^I)rp>dK2vXr9ntvf>XdOvQAgB=~ zk#G}HI5-?dDo1N=Fm7#epT6-!86$ym7w4}3EloPTCQu_7dKgNs0|^30P2@)9)z`#ymNq1_~D2P5v;t9?JJ*(jQdfW z6Q?=umd1FQRl9gTa;!F&pV>G?!leS$I}OA0^lN@9hdX0y9B<`F+-lz_YUkn;9K-VDr5)A)WN9{kg^4|sXe+0z-ca!$Ntse5^xy#HWF;b{!E;aM^l#q;#ywyl)Awi^qTHr)oM-r)%}eX- zXBfW0H{cIJ4%Di)_GN8$qJ;fXWT8D>!tE+)cPlnW?UYoF1AUB~-_x$79R8v~d&|Y4 zf3(?eRK`d(OK%B$Wb<-_6dEy>Hq~U5EVM8 zEaXjoD(u>klzY9zzP?w}kYx#I1mw~%VEzDA;~W8H(p!O< z1hodv529g>1+a3aBgy7Xg??FREQrNsbv?hw+*jx6jn@g90H986Y|yd}SxRryIli(v z;!-90Jyt3*nt9#XISj`NqhLe(>0GR-bjgz^yXm5!d~YM3fuA{HfnU=pMmu10XjaHi z+GT1CMpa3DfkiI8snaRVXlXiP>44?%TF?=&`o`kmb_a13Z0x;oe!aFiTl9Alc$|eC8 z>Lqqah^%S{a=1n)bYhu>;4VX#Xus5Ls&DAA)s9vra`?C_D|wf?2N3=;kja$N&S+oz zJ@R$^QxE^$J2L&>_FLZ7#^%3t@gIAhq9mu#FNo+16H1LPggE3emy|!3%eyN<91#K4 z2NL$$N)M1)%bdslOr=0U`1t0Z?AWO)Mo6x2=4STGn}^~4o;=F!ryD-c_f0p61o1mJG6 zZC{3mlu5~m`zG}S#DaObqtBSktsG&;>n7?kf|tjgBERF*J0p^@Xt@v`=G5=7`8*;_ z7q+*es|!_&X%#d5<5In8#*mA(M=2?sMx(AifY`ceQy*3OuqCw$D>Cj_Rhd_$0AsL# zrWUYQ`Qp8s1RCd??m`u&#;udetQWP1t;P-z=W>4nevplWrH%C5sxFY6%LJ~EMFw;- zvn$_K44Wiqt_;?kGLn(kL07)?GPA2h$aK#kN9fTtaNtc#E=s2QMv;}avNe4`{UxtC zYx`2AFIlDji{1S9P>}flCNC>zXTbkcJShAhJyFip#>G+w;HhZj?CfsuWcqb0XJq$< z82ZPNC{dqK#*skfixG!K206kL{)veaP6}$0WC$U0fw*P}0R=)l7-AFVNCG|x%f_wVQ-w)FP$s9^q$f1piik*HXB z4pE#>WTLgf{={=&`gDe)wd0g!Q9-BmP{0&&Xs-&1m9UVwvH%Htpn3nu#bk!Dt=$ga z?yS_rUb`d6`YF}qd?R<{k1Wx(&i$Lk+|3V=5nri=Xd@i1D`rtQ%alKOX)G>f0E@UR zu$8;G-}gyWNR3(paLu6bES?iLnCtTxx=lUSYh0G=r3HHFR$TxgH5dKy8ViCU?-TXg zo-ll$pR;N?-$cA)U#YHMmP-NH{0g>MsZ)$dRiuapy@{bxc3v6R$&vhFA7=@ara@U{v@^)&71n%P2* z8?!bDrCBFwuh;q^5Ax~hdV*mwLXr!@=B29)t;HPmk&D!+L<@m7B zjpkdkL5owHT%a%UCo&9cu_u^8sIT#(9t_dyREr3W+L zJs%#{9Z5LLqvE8-8igSocjK^p-V>8x;Sojqa7@3Tf#epOmdOd2ErC}^#rQX9jlirQ z9{I_J82(R0EqD^)-t?((ByHSB3l623<$xjI`?z)kh3`mL0{WXPpR6$|iLxvA7koeQEW`3YtJ+(M`--rdg;_OCJ z%OV$YJ4Mz`(y-FKMQ2$T)j6K09jxKN(uZ78?>;G-pG=a_W>=M}I(b)lQ%HJ-fulxWCHTF=#5-afe*?4@ z3H)a)DlS^hv4%gZ1f^rE@_#JX;3I2<;=qqsH zsj+<{^)91n19JT6ETu9`6u-W$NvUkWF0yHQJ z3r$^9#+F#RG3{huA(e`e-XRAj%LoeRLjMFrsG25|Zs8D?Y)Z~-_u z|2_09`KrJD#g8~(T|kTA8AW)w^}Uf_P!(|qnp&06($@H`Sud$wapVP49+t;!7W1oamR>*qSD+oJRuBu}rZ9B88VeImC$V8h=Tg^ExbxpX z>vfNRP9KC)*{(3f^2Xtec@XyvL1B28GRAcr^qW}dwBYH~GO>Q|uYhkZ5)l!Upl}IW z^0y{OzD+-u^rL2wf#7A(foF~$j+;ceUvy|^wdf9OM;7GpV*P#A9>yP*ATAg-4V&iO zpHh2hh6OHcWUx4zDL*VJX~cttY&{YXD+J2~>z!?*<=KZ)`==n48?$o~wk$aT32%i- zd+TiQ*KyFMM(bU2HXV#OnK(|Yk?w#T9?JN;qAzB!co0uA4!}WqB$;_t1iXzh1}&MH zvB(77nKXI#Fgtb9J~P!tERaa`;Z7s+jBrc~(g+R-PifOQy#qR8zV2b_*r_(&N5JeD z9x9=Y>``^O|N0!@0~8jACv&)J&6 zpjHeQU99THpi|*`M{9`sXf@aC@{s+4;TSx5rsly-U-{$k4fyRbg0c?D%v0K$-$Qy6 zlclmoRi2&=V)*MW!!1vrn?KOP=+y=@H#pSm%&FNc%s>?)e^6|v$7b9zT#J@0A17;r zCUizLPr)1~-%cdob0PslaWK&KSXL#;vp)3ZvocEQ&5A1E0i?UdS*;2jY507T2{JuV z)ov{gU}=%xf$5Ox3ai5X{s`y}#t;Wtaq11eX>8K(eNY5(>{9tk%!zMPC1#65n4Roq zlvwkAhdjECCKe&HtlsC^iAx3(@5R(lhQs{8wTSTvduX8EI${v_!RiL3oM5yuY?9R% zZ6bj28M*7~kucYM_7v(XSAtYU)8AW4K|?>M{_&us&K(L^`oyNRq`j_@vn}i1NomH z?|H|MyJOkjGhfii)W?nKXok=86DDGA4cA^4bV?!$zr3JVPjh4LN&)HSW`9utjr zn!W?=HH=f4?2&`=>h)v=yYZFLA{C%h*$)dFb6*R_#U-5DYwW9v>qv307dQAJ;fNlK zVm}RD{8|KX5F8ZWcgNC*t=-&NMgKxJRH#eXksGu1)&O4nc79~}#gYB@KXkj@M;Fit z^3;o##Ar-%r*UDOE0|p>GJ=NUCB%vXAt-0BMLg~gfw$lIh4QVENOzYi(xua(-NFu+ zJ&3VkSo939RD!@!m~3>I;7b~!$WE!aGgi;ZlI!IxW7HUItPngXa!n-;XH2oKg;`S_>T=5zd2&ycNtZ^_CjAb3 zg(#pAn`8~4;oZbgFk~Dfwa9HLw5sBru2W%KGSnjOBuYLBeW8(q6Rod@fH^;WMZ;cV zN->jfMhGLh44!|%*A|3f(=J{x)&?d6)FzDt2KGxn-5rhYC<4!ih=9mi(_G50qmQ~u z&$FjX6%|c3$(9|uv>N5cI`DF%oVyOy`?Pxguu)JhSIQv7G zag}icqUwHi_4+cU!uc$fWR3?BUsgr+y!xLFY_cCX7D@71r^eN(36zI_OrE9eRx20S zy|NCyPJxQ7Hq)KItoO+!cc>{NZR>6XRb7<;_V+S3G7L&j9&eMm2@#&+fvfy_c|Oox zijdB(V3FY921a6{L0Y+$nidfLY9#~kmeSqY`hIu*%Tm7>aFOsaqX0vmYq(QI)dWpCXm+NMoyLy$X}>&!69~YvSiF)PUrrm%*-P~^NYyj z7es~`pi(U-2g~JPody>TWwr$(CZQJI)?(LYJ?O06g{)ZbUZss}p zrE1$bZjc}IAlZ?1$b0ut(%szmlbMr>xAPZ}v zwUBIO8JnfhOw=PiPr>}CvqusyVCW2|&$B!?(P|&cfU0|tgnp-km5Tlqt@=}<^kXBb zp{Z?^9I1qo7U&Z@PyT!&Cy$66ll$m`P)`2~GdZOAIL-kJu=)hwjHARG7d^h`3N&`B(MfQt+=- zs>`BT-d=NM2Jl{Eqj%>Kd*JS@gsGnK#!K$LL8iC1dpK|HJere7dJlL|6irQlpOYKD zErmp3Om>gN zE>IkCklOQW?M`N#vq8BHhI+G2b7oJVIHdDmwT~TK>kFsF*C|P}HdtLfu-vLmn-FNY zZ$F>1`BaAE!p^K7uj}Y(PzC0);(6XZ_Jxy&AE1yK#H}$ z3K;89rph*adAm~MKYdOwZ}X(CMXrmvdEHfmGN{{6X!=x{3__MH->p&A@9p}ztW{ta?Khx0OrDvt}c7%z+D*byWFEK15TfGjAaZ~kCc6_t8 zz0o!r#toU;Rv1qlqFCLrk7+C4W?p#nAuPt6?&cxpS${dbL(D14A?LtMZ5tBJfI1SQ zR3wHUg@f9XiYkH7T3nf3YnYU065|T5NvpSq^=lf9jOrGBevQ?aeK^Y{awdu~3w?Em zO^hfz_38Z@m=SPAxhuH>J&2lpf{CM6Jeg+oH?%oqiRf)n;#G1$j`6n;BAmp)jLkV?}n>;KlV zVMD<_m$P$nXuzAOy6V?Un(?U(x*wg`S;M^;D^@p|I9*A~S0-PrFii6#K7)4op;>l` zpAL6{;Al=@0eRb}DPKmi!9bI~RD70Hhb44LpB_hv?m(%++#gsO%>x>_i-yzcMJs*S zHmm%RHJ@__t!0L^CxS~mO|z`RyUiF^?LWPL$JEPvq@*|;u>U(wjZZL0YFDDLbm@Jc z*9CWWfp-Bb7191P*A^jbJuMt_ z;rA~kkyyZ3tIYieE?uu@U5N?}GB*m4tX6`L(Dc1$O;ei{#;G%%?Rah2;3WF%Zl1(j zJBiDXQ7qX4e=9SI((^X{6`2~V6AcdK&7{_MQGh$Unr-`#+CxHyQ$v=ZA_wzu>dg#F z*R;92GtmszjBI)|UOyxR?&d%8`jBZN>Z1msMa@fmyyWDEQ6gQk0bG0QXe;W$C-H~X5P+Z zu-Ti;NI7{+pL)LO3M+|+kfTNy>m*ajuw>rmFMqxRM&m8L$3^Y$)Jx@E@5pz-s6=Rg z*3HD;jRFpaQ93f-#>k*}z9D_3jpQ!9)AQv3Hm5~NKAWm5nkx54l(W9#?5ss!_>npL zM9hC%g}4Sz4`cB7{QXCe&|^i8aSFB}Z^q2zKgYmbehZrsD}FOlw~;|)iw&2$_K`e2 zeM8?NDLA>dFSe;@a4)@w0{>_k_etX`d^CG^46F0D$8bN!DX@-mOgUy8!4`WP2QXnA zYkPl`E+`Qcyf?}29jom#?=0|^_f(P3|IoUhOm@dR>ih5Z*@Yi6@wFKFmun@}~TeO{XiryHJU@kY@Gb%PJ$l4gRe6@#3r6Dy1V>{uWD( zZQ@n-d2YU~XeQP{waqCX!s)U`eoNfQELy3hq=7}LKO|*jZ$Jdn61>Z(-7F*SE5%5u z%$NKM)jU#Xgmx^msx^Vli!^`X=+l~guzbbY#TGmRbi;*6m;M;+(?wJ;oZ$U>bBmf) zE#~-w`|j8}YC_S;Fpmz=77KF?A;uZAe*!DaCHR9a*wFi7-RoTX>4ji+HA>IK%!?$J zX+p6zaNO!;$@$}9v6ZJ~n`!K12izMBDZggBI$t2sar6cdIjT|i^OzLq+SZ*d?eY?E zN(x50rCUj?8@}a)vDYZE;zr@Up8oODF0TzQgVh!&vf(zyueyl~4Y}{!)iHzrFHH-} z!0lp>Wiz3W-8UpX6RWb|&eUCX_^>pStm_%9`@Npw>oX8> z%y{ie5wmqA*p#(F!wNoeCLDXNxik<_#(&a_j(haDmKZf0@Tz2iP*goum4h#M>MnthQw!2ZHTzhuHK7lDrWEOf7J{(!ahk zK|1S&Eul0qAJY8HtMU(LBGz_PS(ap*246w_Lz=5KUx@h{9_HFSPKK2y3a6{V#Ruaj zBXi@eKtB>LFHSS)ORD0_6E*;JT~kBl?$>-ZS=j_pp=nxN)z;;asoVL5Ir77ZU|{vW z@ZTmb-g%OpQv|k%OlJE=S)qgP@vVZH^T@048`#WI48Dhko}2aDnS%B?{0>^=^P5m? ze{-kTxxF`MfVoag$Z-KWp$ksOirR$6(x@O8hQ_|Y=C=tR1;So6d zkmXf9^1i!V1KThtSE#K78a3l@(X$xV9l$6&tE(hXY-bNbxb~%Mwc)@W?Bu*t%%0Gh zfF|x^SQiqO4f^=s=gGgG-8t_?_D64?qm3d6qj|}lJV&T_%frbB6@))vx?5CwTcwd! zL!I&PnMCn+(%)}nQ5{bLZwnX{{77)=yUr)N5tb|J(oo|v0b$z8ln=q7>d1Q%;Mo(x z1{dkJBacH>rv*z)hZ;Wh0jCm{y{RjcdM!rWP?eATxgrcXsEJ?2017$37zd-v3y5FO z+DdbRHe;DMTQR&mZgGK*kx2 zz2Yb9_b2aIRfwJOoP3Us3(z#>;^yHzk@LvP?Kj5g=FKYBmhbC;T#xI$8HyIt%jDsj zyOF)u6#z9lTCll1DIvl5DF(65;al5dm>N2PuDt<}@cY8ao`G$5=XHhZ7EPXaGE4L2 zdp}WjC;kK_*Ul$TSn|{z4m@qUDt4UGZD^ioyOJ4kZZWs+Kyo@qN+FjpzyU+Zxw z6pE(i6e)f!ml?3^{U`xkor_P*G7(Vl2|U0& z=v$6bP!hYw;BbZAkADAw2wVOnmC1xWtwd-JkqgsZB-4$b>(%8L{M>`y$rL+JVSVdg zOu=LKmR*F)GWrIPb;z2*E8Y}47lNtL4EKg{o1Pr$krMp&1G&@zaLRE)b6Y0ieKiPP ziIr%YSbbcwItQhFS2yInSfC&dx6OspmEVXf?ZTIH@9(|?ilRLo?E42BJIsdvq4dc8 z=*qk)1iRnv7J#L^~NppCpJu)Vfef1o)o`1h9Nc5jY<%n|4EBZlEmysF{gtT62 zF3ZXbZMPL4e6$s*NY5)^lA->@87@Qmz}zXbUPt9$N>|!A9oLKZCH4O0Q|p=Z4KEPO@`WHOzj#WGbvNpK0KRL-Mhz>6DaLAXy)~$3DiKzRj3UwVk0e z2TOaI1@VQZuda6k+vbVLQp$^0VAd@b=rK3JUL$d~vnzMTGiC@?%*HNK>A;zuT{8E% z9dt}l!XCnxDvZE(_kcXp}~TI zOcvGkIu}d^w_H{%GF|nX%T+3w^m8w<<1;zVD-kt_=vgvAz`&{!>0^ZuUuZ8K&;;H7 z`=ewW#fXc&KVvxBazADL26K4e8VRNfu37z`A0=pLj5Ce^SH+y+pTnfvZ_>g76l7{blcFN&Nm;@K}mac_*mS|D1zK|nn*pf6H@ zM;gw^9vC7oxZ|Z)lv=4gS{Tn&%F|5C=)Mp|`f^3_isbs*zBH8t{`Z`4GIJnh2nJJi z!z$+G(-*Z#yUz=QN*4zTq#t$}G27%Zae-xaA;pgAq9^F0ILsPV$TyWuf(Lis!NR9b zRP~a)lHpIWE(iDDEm9PP%;GS2%Aa3o5Fc1oJ&}YD5}6V`fg!!au-$>$AAXf5vEeCq zeVTF*Fy&Alx~{p}gQf_^As&=QxG%cnM!9b+fMplw9=nK5>QKz~AR zgu~Uh<9PYxTu4g$CCiqJ(XHi*QvyYIYni;_noM6!d z@9%}vw`PqKjZxpvT_>+?%&Hk&AVjTdqu&D_AzQavc8~&(HEcR@>TVcW9wTDvdioM; z_YOWg6XCFxvC`8%tU8ylz0bP&olK;i*!@em`TZ9u72RPlJ4>;D3C1z$E!K{wkeBN2 zGb=_x*8`n}Cf7*0R{SVbp+`NPx6 zh$&fKXkeWo9Mfb+L}6nXhc69STlWw)R`$d|?y@WET%?HIqo6e{26b;g()S1Ywk3ky zJdo5zIXm;D!3N}q_N7l^P_<@j;20W5u9RcBncSH(NSr(Oyj=`1hQkN<7(3;;6Cviov?#1ZFmpl62cCDYv!(B|MlWPWaF zjaNd}Ya#0nAku%QgYTA_BdZGzJu#|}&r1Vrie$UOz+Oz(hp&svUQpXpt&7!OVB6EK z3q)TA9#OXi3RN5Q_OL;$$2(QKFW_G9=UX+Ub&IuH6N2CzGY8 zL$p`U1!wM(S0m)HoD`%VBs?bK=N=az=nE!QXu#vo=;@coRg8}g4%tN}m~?%;i0fS* z%)D@-V)r8>TFYe*rqS&Iq$OFc^xrCqYL%7o_6a~v3g?J$ z_NhRa?{A2_fFqoA?bCJSA$F&fB5a-+=$6qXnH_aB>vi`E_Vyc7*I8&H5Lzs<^UBvUbur|9W7Ml^e|9qT- z8DD(WNoM0&*a^DgnIr(7fbWjV+a+W344K;joh9}c&z?Ju2l@4Wm4&}3?YeC(R49;h zhd$XwZGCYoUPFn)<(340VQ7x$7CV1&@V~X82%r|^^gv^G`uR7COi{l96WUtx;3Fzt zS~7#sOIiR+YKmo$)ZyYYt!kx^la^Lc$xeKR`;ENz3OtvXyzrBBBFsT2d*KKh(`)Us zqe*I*n&(%qEcJJ33W0t>xR?6@JOnAvfyZLww?1l@-OQEWO8YWP0qf!S(G?DHM$hd3%MI$Hz`rH6VHavJYd}YKO9E3RsftG*NCE?O#z?{xiOir# z+6rwz9I-uegmu@gf;=>M!t_)xVx1nW29)3yeOi`gEYK)C4*vH zG*HV-0!fY8Lq<4F;O7wzJT|0=Z1#L6Sr0Gjaz(Ay{q3Q6;63~OQ`zM{ME%z?>fuC+ z{IA#W7fPe`P-g9ZwCdFEm`*uU2FwpfM7G+#cdxMi4+{4kTixX?0@aWHI)lnnQgJdL z%RzPtj+Hdc)I`k^6lr#x;n=|IiuU#j&ARiD9%Dy!uu(^~R<-SAnTEtN#)A)3_i~fr zPmG4(B}>^;&uWR&UEmfBTJIm6E?Ar|Bu;ifoUEYZUlAtzFYJB4B-zQrZPiQ`p6dOI zMz^ZQIe9ZyZN~*Ke3R=vWtGc7SuB9h z`ULL7!Wo1S=A3p){z#M};WmJmYG~?3rqDA~4V$R}1yLElkdddcnP-(OZa<)Iv{Wa0 zq?^KBAI*ThyC)&JcmCImbv)S-!_YyK4ogcY#DA44hPAQYWTcFGRJ$gPdsd8nUeMp% zVNB56k6!sn4+)r>Q{Girt9c>oh%$d9@CPkrpL$}%XlSDqzYLQ0W5EQ#qpsjd5S=RqiAV1g)}U`6XkJccPeY!Q(?u|Y zw9&*E`p~ouYfSwGX+1)DOzl4R$Ksp8j1h;^y9zpq`Cf=cGAkyN^{;BG=7W;ls9GNyo9=uu_%$ICe+Bw__h0a@hS0W(vb#?X-V|*F@(h> zBBAg3ZB0?ERT`egf0Sjx;}Ky>0~^w$*5+F}uxocKlnQuxda>XL%K?^D;%2V&IVDxy z7Kt*3Y2(&COv$KA(G^1ZTzH*A!Z1xidfPPBh}PRxrttZo90KZdz5<-Z7%{~T6oZ>F z*wq->e!W^lTug9BF~kzqtffw{jzfUbYH#ze#m&s4&d>!j5K{NDa{w;qo{0 zre5<<j1SmJ$;{7}7gwzEBwVD|>v^$e>xGC8W2g}kO4MG`!cS2^>fvL^ zlydbL6lhI=DB|WNbz+Z!rYCz+5>fSfh|3|^=_pq$BI|~bmY;L)z(KLMpc$9)O)BN4 z{A_sm4mQOUpRDB_We=NEEi(Wda4Pk3LlnZG4U2j$7@~43iU0>`DbweEg@LaY;OlP^ zE_G29)k^iiO7I@`KxD4ZF8DuoFf}T5s#z^HXHC2zO#fO9IG|?j&KBsgl${KT1X!Nc zSqpEM6^Z^_n&o%vAZkd(oA;}Yw`vSy)dla#nL$s6VMqw-^dl%xC5lInXKSfAMP{oo z@EAFhAZ1XLbyKz+zs1%wFb1>7TA zLzkfs*}kkF%u*-4vnN2iKfeIo@P^JHz7SUEix2Z&nVl7Dt%+8>09shV9sma%dZ4iF z0bmi6j6ZH{NWm2B!A0`OS_*F6L{q{ZiVkEIeuV32N@67fZhOrgi*r5d6(d1Ik%b{( zZhpYd9OZRHC`2JtR7-|CaB3YY`1RY{GyD_P}o{# zXz(mD$p^J0{`Iyvh(v#+->o>11050N#m`8tQEX!H)3U1!;8U~5vZZrS+pJ{|I(Q!% z+nJR(v2p7R=#{@ubrYi<7f)P+j%ru*RZ^9DID(87zSwUE3v%sM0{22Q(8%1JxM^Pd zW$h9h_5}6o3#%#hJoYEV_-clK?7?to<30nXl#LMAGZ=}sb}0HwZDJfGP$c^tf8(QJ zo~>;P83R|*hJ|;aJjR)2Ph=nvALxQLUZj)3KD-s^iSiX45gQhG>TYvDoJj9Ey0`*S z|5-@M8}gZMilLJpHPYN%Jxz7OV-ER~BJVrL11TZKd}+w~r$v)L9tn zdW(aNd4+rRPri8Q^~cINP!Ef&>m=u_Ok;2t?HQot4rmA#4atp;t_u{CcWyK^EMS9> zb!1VkHV8U4^-uA$jyD%JS0j6PQc(B>wz2t%(U4!d(tu)YS&gxp^W)+%IYx3`Rm zN*`qMj8x00k9~Tg$n8l82B*uCQm1~NqIbW?t9*m-nQ$jIO@vTu znI1WuAAY-coPn$v(@T!iSd7)H(~EJqSQepu!$avEsBN#N0Kc>Vql!wCg1(3S5`Ai* zn}LtWnRWp4sXQ==H(NHyY|~?23o7>B1pD*)f_sCDy|&Woy}PrMvv8$GLsgj4fSpsa z&iZ*(puU(Zeh$2TZ@|Muydzcc&0?tO(3>I=)-3d-aSwv!c73(%RdT9JcIu===e~0^ zc})Gc!$mdtS3M`+XG&`7I0k8!Ff@^j=**r6()-JNolaMwXb@U!nED7_ZIfne0JhDDh zMT~~V#VIw#r7ITk%Luu5Dht32cF?IAx?MK_Rbq5mUCe}&ZJpQXZOqbBoya4Yknc2Q zk)wKNxxoh7=ESI?Ad7`L(vwWEvvU$ji(CBqYox;ED$VmR-4mnF&G7W*^uaX^E^g{3 zP1O!{V=`}rnXpo-6N@v9jV?;==8Sp|0&x&`W=V9hmmtemmW@E+) zxy>1T8wZxm;caz-@{)j^J{Uq9h4RRjh`2H0k?mTa(-MI!m;-MX6n3l#<_8ao{D z1ODjT8mKwhB&sF7rDA&yj*8f@UQv5b%p$-S`PIqRJuWQ8>%*kDb6HDmPU+y6yUCM; zsv`K+I+4b|$0_4GQN>>#7jo(^!z4|$_g}N zpm076&7ccZV{FV%>*G!SeGPnjCn}$%$#74DZ~=oak{s{&h*_a9feI&FPbwjtQ~Fh!{7ks3c*K*cB$PCx7i07WTE6;BJ}9;~n# zeo?czF>O{dHb7+|0XY1}ZA^^UC2<saOl3;!h4QD| za?Y&n{#!Q?Mg5yKGPd})2KcwxfMbHAHIF?0O>O>L#}GyHSmKdbW25L}-%J1+*1!n9 z01YPd?n#c;{zZY=L40io$dm!iSi$LZ_-okKv61J*DO=>`)r(E4nJd)F9N}{yHBD$V z!BD@%H8XT8r)HTCjWu6YVly*_pU7h9F2SXJ@7Khb?hjx?wakwIEfA@y9h6*&$3$!a7(wH#s04(qDEAJ20 zN7iYB2cTo>E!|cz_j`yREP=l)(R7BmD|*8&QLese zP<6Y5syqLvaq!x!fBmAw_TPajvw^7%4I;fYV#%RtThx60AZvX(a{F@naz7sN5R1z& znhsT^qc-S;A5Qi|2wOLQ-ZMrvmBf4%>3UzTZhr4c8BIrhsCF6i$4LGPTAAs<$;XZ5;3R-I_F39HB zXZbFNTMgw-05=(lf=_Y|2p#L0L@7NI~+%0gLj=Kz+Dv%D17 zHlp}z40?2b6U!NTr$iaTy?1>Dw)^v1>>fML7NI$(dtd7pBexZ(00`1bb2 z-V^!=Qu;_v-Z@$h(pk{>h-BVdT?|7tf%WDS;QsB4EIK5KcuX6aOd6(gqBP9_$=1a)--dolWj6#mxP9<)y#Mwn9eWePQF^Onl-80(rKq4LXYlFBx(4OY z8eu9p4&F5vxxtzZ(=_St2r#o*x>11B(zymz@mv{%cXoT`sIKuCTkZ{rY;)y7z9#2e zB$uYb(P-tEKD&_U`lY4L7}DVqQhKA`r(Ft}z#HtR*isvTb-S1vbjvfRaiWaPp5=v^ zIZM7G0-RBQUivrOx@L3;{X{iMo+z4=O67wnWIJ>wiaPHJMv-6H(^{6j4H11?nVbLt zYwAvA1=ELy(&e{H$?o2Wc^z|*xKeXwQ|+(c)$9m9UMakUsC$S|cXJ0~LFPPXj$qa& zXn5D0lA()IWET7U8~tP&q6F2)H@5i=o*LpE`l#xIYmNj>29LxBM3yMo)o;|DSOR&| zZ|yXT8#uUDzpHL~$?hj5y6F8=Wu+EnGG8P^8blrRMASAx!)x|)qnpw@j;lgFEHbmM z^LRHz0vGCpJ1yu&pGxWK%oR>LQ z%Z7ef>cliMX*^@x3}GPk;Lh4csA5D}he~!c=fRLnD0iqUdP$71ZzflljBidP>fnLy zbzJWOSqV`Rg~{mFN4ETZx{L`!G)4%<@pDlJ2o1Cl7BB@$i14zvgkh;w3z3V*=;wgd z-8ZbriDk_&m(0!j4=*_Bl0OZG?$S@84qI2u1#zFXXqbBD1 zDVUFY$T$wcvXUAluqy`Tubn;gy38noZu1~T>`2~QYUU8+v}qKsSro4a+eV=PiIv}b zZPJRyM!GS^dU&&(ekrF-%t{e#k3i1Kl?YIceh&2@P)$f5oeox^Il^)k;ZF+CJ)oc&aFByQ zduE0<_2bwmS{*V0H5>JnV^JMpN@37(NU%4_)H}Gr59m8stuW+dG~$a*R~@^p1#D}5 z#Wl{>qP02yI32@NLg-#ZwNc3h@Q~?7grAreGM=zZV9~Q%kot>LJ z*IZo7SKHe4?(&roHOX>Yf9ouw@Bqq37Vvdmsr9mQux^fqC=Qm(x8 z8Cl>*BI=j7kZo2m6bO$$aM4|4hQ0qZFRdNqCAlg4HUVpct?3#iI#%^>+R3Q1$@ zz_e9CYQ;KreTWo9$%M13_F$5X$K$$$tFvLZlP7egkKkboCLmC=tn1uOHfQwq0BR_@&{UfsG^DBj(&~>VyqNX zqU(sD={i2^_7aIa44R;G|0DJwZn*^?r5Gqs7bCbtOr!V{Pf?|fpDil8cxBs;V(sdk z#qxiF?T&H`t>-+7=-ELMpwt7#6GZWlev3;9#d?X%CK-d`;No{)K)#Li#`rA9_ETu| z%@AjBkRk()Lg++!ojj;4wRH$miTFeo(wvy;b5U^t^*pdtqzT#FU`J-?TX+XCX7pU! zw3Jn7KqLj#9dTu!3^IgWmk|`8?!lS08Rw~Xd;Y(zhn~fKDvZxXOrir5_RW1PjIBjg z!W~wiHHq40BP1?`n3iy^qim(z+H`inJJX=>=unY$_6xRhGyXV^@V5$fiG9;;!F8sJ z+16n`og1Cw9B++CO~l&F>(tmnEM#F4^HqL5YJ03*vn~(f^Nu`+^Beu$I(xvfO2_n9 za~~JW@VOr?x3|b|c_1CvjB|vhGV*FPbD;5=Cvk{wQNP{x`W^&1nN5-a(hH=xzDVKPdSGep$jj|z(8;l%4q%wGwflZ#VfJ! zoHNRo#4s+}Tn~3?ePSl&4%KtaVg(@>c4=b$<~39{$N!fM|Rt!K6?*2=0CH z9mIrF>p~a&t5)%1x}1cBT+*xbDmqaq3oH{a?iiF2Gf+eJfftOzt4ub^IHIy^c^}O^ z4h!KOdDBM=>of!vxbzfYKB7Af?pf78qW%z>WVptpYHy2&{~tL(3cS#RjyY1WfTayh;M{F##)&GEwpaVitBVxUZ8r-$vDAD z7v+f!6Zb6swUaq?Q3xW6!G9sWq$n9^>KB1-=5`zZ=t^U z9cJ-#;9!68AimJ~4Bo>@3?$OHGzY?(6z-H>a#cz^)+iQ4Wtw3dSMMC(Q+5sq=J&)Hd>DxE{<&fWh!ba>jb#9GvGB#`;iL*|hY*9`Ba)1fcJ_FHH zYySm8;UWaC)P4ijRl5`O=i8qR5<%kD!RFDPmv6;n;9SPveWQJi`rS!WPb{k4CdO_B zX}0ZoYCQS7R|~m={D$=-o5q66NDwHrR`I7$^Pqd>$Isw>KNskCpcmrN28_&I&pJA& z(JQE?<+R$1TG}{ACdL2qqR(>pJHI39-;N=qZyY% zo8X}IwJs8~kRUPA1^k9k9hB~QkYK;KGY1lOa;Zb`=j&=E&&&qP5xr2pSC2LE?5#m< z$*VZ9`ZA1Jdb+iP@L__6V+h7Xi!jWM^9)ilO95*@0o;Y_{kpJ8ftqizpd*BosIKAc zs-UJY3@gWFn{X~)THzM+rOSwWqums4-&SI`tynAa3|_S>{U8}RNBVxrviiu|7{}VP zG4G3=U6_K|`$&y~=+rAoIqwdckm@u!6nh}yjD+Hzl#8VV&Zdgev61D0i%^@Bw$Mth zNrI|l-YnKV$%d**zC+KfOi_-Yl^Anr{>ZTNDsqhI7bf4G3H`{_;Bi9Q;?TWkrR|xt zE)rz$zfIoD{RM+&2<}Bg@4g$>z-A`qq-t##k0?pWr5brLv>YHZ?=gl{bUhSi|Ax%_1B35jp0z>f zw1En2g?zVVpSltb&A!n8LqFjT9=m0Yn(5zR%^kUFC*@j_#yozAJRP7s-9sHwc12LV zOU#X?{#3rFIK$|UHoGCM?$cR5+EDbCHeiahh ztONW!k~dH-#6E0x(0_x=aHyue2n(Ip|7lmCTt%6{R}2YGG9aKBRR@Gi>5ojbd#uWk z(vD$CGL7a^kM@97XBw<@Z!szp$7(O~<5HjJ!g!>e;^#X#gkQuq^?_p;1#3g#88h(; zqqsep+ZiZ9m>Mvr#jRL38g{P8^Tr_5Q#KrxMT&EGKZis37s0X zeyH12N?$~#EHK>J9I~YOh9F0ETSuG?^1M{`t?sg+^rO!vQD&fS7-`Gu1=`b%1tz8^27BcY|#AX7Weal<3|DaRyu`bUD~1I2;0>3 z_2+FW+w=Bn_xI}uyU*DxUKDF1@l1X$97O20q^GjdWV?PTcv)r<934@q#RzN>`g*;- zm{<{dG+3UbZt^1P^!yWa6K+Agpc_gokJw&WfXxG)wlk;rf~%w6pkidF!?JCr!$yUh z=N~G5`^j602BoRs=6uss--FG0*H|9f(`@kRD*`8t7Z3$D+nz6RYm@;L1KUje+U=&M z+tdR(eSn}H)vd({V%!H57~Pn?!Q^Il8E2bt5}Hgc=qcwS&Hv)l#F^KFs!3Pzj!~8o z8>TA)5BnlJ;xgHC2WnagGK4{peObrc3$69a0e^`Mk_Px7Q*^j7(3?e>{Q5R+;0yz_ zc25N|I*uOA*=%~-6urWhLvhh^2eMlM^wcgVf0Vu(|CZBd@4N*Geta5@cs#M7+ZM}1 zf8|U}-w4tH>=eE&MC$}jPsz@o@9IF;Y@+3cEPusB_1R0YZD>vcqRx{d7$T%7O}A)x z+1#EZn5|$~81wJ`H8ClQ^!|tc@E~)MH;Gd&8N{HuOEJ9M@i>D9?Y8_KtSR~*vs2sY zExIJ!E!yOWjlhEgK?{Oj`8o7ImP-$|?b0RW;)zW{(=FIMd3j7nMS@Dv8XPha|B7E_ zhBzN?Fw<`+)?(ai8@eq$NW7b^AB7O-FsR-LKhN-Gzp@>RJlaO6ajVYx1uzH#SX$i_xcaQ8pj z<5=k0adE#r|1hqHT$TJ3gLc$AtL;MIWLd#mCb)mse=Bn#4mMx?nj0L5ufk>M_mZ%A zC$If9EK0PA*~?(qcTzC{V$AINM8QpXPdNrWWn^85ZBgh~J{FK7T-& zJ>Nkh+Rikb3VuKvS`*`ZY8U!FHD`%-$pGwbFV%17i_`Xrs38;oC9K*(6wb0rdZOFc z$)Hei-x~2`#vR0&5^LEAvLsH2xphNQXE@E=3}zB$k}mqM}1V|vB% zz!NJ$JTU0_Q^W+M!LRUV0SzpjEL#vM?v-L`>zjwZ&l3#X6z=>jvvE3YLVptR2zU`U?pY`0D6;J~~;>F%Ln=d_j;RY$gI|3{} zb(lW=4+O(ET8Gs`IG;Oq`*jJzTK?=wXwtL~%$NSz2NS_0V?JKCOCzKZ>Po(wdT-IT z*RnC2l`?1IWF(G%ju@M0u;_TcEKQ{xoyJ8-EEU|Hr`o?+y>o|Ek0D zKL)m>ft%p}1a~Obg7888819@l(}Kc<5op@5%x`X4ZdtLcwyEyE)zo?xdjFZ7x-w;359)jU z?4RO#?3sP!eZ8MK369PA`r{WovaX9h#u#ry0EXMYXXB6KA92FpR&IEFV$&be*4K!S z3_FYl(GXEu{YZ%BPTGa~rw@@jOgNJgsMq{SQ`HzJ72us@{5 zoZQD=q#HJ%5_o?^e6oU{c@8lOtdPNf899p1!ZyNgeg(C^?!e-w=KJz+UcRkd(sinp zUc42n@42!d9w&c9e<_lHoStE6fF2oAblnfb)oIUipxzCC3m%!8=B8b0mW`GIgF*HD zgvjYMJ^%w_E*roNSu_*f$bfnT;^diP(57C!&M>-{m!icHxHF|DIyA!wR*NbCZFQ7L zp`p29ZI{o6n14lk3$totEqiH*dYpQ|4GD=_dWg8cDp8Df3~Kly(B4e?alMSaR6VU? zf;lrQojbxPBN#EsA=>wNeW_ST5v#q*JcgM?p#a5aCr|-VCFY!zl6p!Wdyr|7c8u(y zF+dB*X8HwJcWS^IsZ=X1ust9FDYC0)=T_1^Yyrb2a#-n2bGs74gs?;HQ@r(2gMDzo ztN3qR;hMUk5Q zzU)G%8RM$Va>q9#)TF>W8Yz1Vgm@k@H7`Yt=YIXjKzqmd95QZa*-PPyaCUIAdNOJh zHpmePZut&o7;U&HFd9@tq|HQR-G-odgk1tb0r-2zDJRsai9U6^H7cw6+FD@6krxMV z&5Tb^UKQR<&Vj&jn>-*LA~k1mUgAkqCJi%rVvG_E9LuH)LQ@^dzU)kAHF)}(sR38U zcw96+c7(F^zVUDczZaDaXJjO(3WoW{5|x4ldxdlmDA6LBYRjKNDy`+vF7shBX@&kR zX}kbkiKhsKr1cpPpl-k|{b;9x+_S^G%PG~{t<{9)Sju?Xq^y#-l-WP2w+am>n}=Ii zH>?kMRgq${K@L%@)IOcpfl+alF+4J^M0B?zJD(m%pswHW{MiJRB*Scl?fa2xJhaWdhP*ru`L|1-FnoZ~-QLaHs_D5!Z#-kyNk{@+-8tFSn@HCZ^prGem$2X}W3?(PnaySs$o?(P!Y z-6goYySqCC$>IBEpOJn3nb{ZrZTIu^)vB(yYOS}bJ8ta3NAdF!qjp8ICH&WB1+kaA zn;)UJaAZz|rRFw>Y>;Wm!s#oTe%o$w>)Jfz9CchX3v23VQGMaKMByknXx4~RI$=cH zdGc;jBr68D6ZQ)1mDwuj_}vPqn+kGIHibR;1%U>ZW+sXXmq?=2rOszfgEop)XWY1} zpE`n)FSkWdH=C}&U*)$>8{cLcmu~pMVLO-X6vM=|z>#4-4uB*(^jJU9Z+oy7 zEq*Kn+fHRDhm;0RCB-Ct5!TLH&L}KE1D{7;5%9+=fZmdMo$0HhdBwJ^8JVmX_fGA% z{^2l-LW-^w`I6k6I?;1E{|xUz2f|px4w;8^?RP#WpnZk)F+qg66?weq* zgWR35?(}U}&1bOMxrBw6)2sVF5%ElU+WukVm~ZR31#=Z1ovxnoHd_o(VXF%jv;GRu z-ifOzgV)HR?QAf>OjgOSC@AO%|C91m75K;!A#+TSq69ZrqctV`>pE1pV1}K;7 ztie$U#Z{!nex!mOG1KxCLTUfzRC|dYl44Lj5=)b&zF93XIHc_Egv8tNN$og^Gs$g^ zEtnOuxAeDusrP{-U1F!h@r~p{{7!?>4|xyWgL*TbLfFdWvpR+3LoFt8sJfxB2J5I6 z5mS)8%s~EOGMH4*2!lz=fqt_Da@}yrbm(@NNkE!|jHvqcFolw+7L({eZNE5d_O{#9 zL_$l2uNlqI;25cAWZk6sSg4|KBBpKWf$V8JlK@#7Q)owlbm8}x_4*bN>A@YlW4Nbq z@jFX=>x;5f*gP+MCe^%xX6^7II%!fuDX*o|8K)lItV~ID-^Hb@qqMFgm%lq)ra9pP zLZyy4gQSTDla{P2wt$~AE29eeG+7Z`zfGJGnCdC1-Z76*S}i*#$C#F z6A3Cd%W0u%tSj?LOLzzRtK~}KbHfcRZ0cNGlX3SJ&4#n%m0VM6?VMB9ZyEf}A59LN zL^!m|Bm|~8HM38nMvEB z)DqCwjV$1p_1v?+tT${Yo};M3hZ#kE^tM&td?kDiAXUh9;n6zJged4wXDYnH&o@sV zX%&bP*~Oe{g@BR9;zDV%WAl>U5SDUYv<{ zLn%e4MtrAu-e4tU-V4c4Z`P$!S-(fsk`@}K?{~7Ji+pb$dhC5h(J~NcxzFVxmM3r$ zMuhVl$98sWt#0_@n%o&dqeGX^bmWk>MS!>N(s6F1Ny2F}G$z-K{AAxm%0{8@`N63c zX}V;UrbVZ7OL=J+Hg4*&K6PRKD75-)I-%o{B+7nP;clZjcCEyN@_K}CyyCHW+}xz3 zwItwE+HvKgbdwzZRQX*_&Ori`4%D4W*nN1|y%bf0QZES3^JxblvRjJIdYarAn6`Z3 z>}}1kKk66it$ckifS`*k`Vt(wpXlN)EY!Q0(j*(B?V(x@tK9gfY4o!ce&V2d#lYQ| ziCBL3!d`7Pm;BEx1DiR(oiNiDX^N_{2Sn0{7p9P|yEa!spZ|*TooHB(YxfewdAyJ& zF;9tad3wq$=^FS2WuT`fL#tXS$7$BI-4)GfQx>`~JJNd+kLk#5l9yIgb@%Yva8U+f z%X(XDrjM@Sj(kb`;sD!h3k#$!o_T%~;!SW*cWYzPc=r*u3Z$0gH|N=Qx-SUFbuUcZ zoveMlhmYq;9X>@R4imStUE<#DUAkG%vl^QODa|07{Z!|g+J)Xh;Bp?K?qg1RnZbG! z@nQJ8Prjl~4a>&hoy^Ox-yBM&);aTuUF@k8$GzViSGVYn>dq0XTQ1WgEfn3k3 z>=};sT^Com8>Birk{BykrLm99+N?-~Q714lM&Wz3ju&m)U^|E*nXww$q5h7f^P|)YC&1JH(MopdRpG9{d5ymg*6Wi}y z#1~%4fr&L#>6H{Mt25#x_~ByU6%E}_3*v@WF@q_mtOr=8DFa^c>{y8rhdO70J={dA z{+0BcdeZUav7U-$@~*l5a|#|-ao?NAiTy2noVInZ?!@=_>P1m$QX)xBaJEl?_G zP*nX`x2rARx>L-R$vc4=;wFVPG}ozxiv@ts69!{_6u?i#o^Kk+V*XDV;7GzzH|A`n z0goAR{xM>l413(|9@aUIF_Dh@ZMYf}MD7BegPvLK6q|>VB3DdmCb!>PpQNI4^76q= zXz9UEN22xBmyrP!)R%o*E=J*9c>d2lS_`4u501y5dyJP~REV+{=lfLTW)^<+X##$6 z9Yw1^8S(~!z(oy+!|eFTb_Jz-MN)jnQv!2j^kB__KT2-Ep9$>&0}$?^KWWk{llR3& zFinP|_sNZ3(D@>R4vEoHfd)O3KH;1rHz)VrVJAh}G2?+%L`a7FtjW_@!nuN12}aI6 zu3sssqTkpOh{&Sb>AtyMyEUJvoGC~H5A{b{#>p@S&f7SHf8FauL?(I`v%v27Z9lYHo`RQQQbM`1b zTLQ)#K#u5ai-F^_gP@C_D#!Qx&+TyOVkSsaF&llCSBNgV;JBFJZN}~8G576y6p=H1 zFSmCSi*A1sUsd0Ky%^ruKGQ$oFgQdCp0N!8cOxYNTzM{OGrBD!$gqlPF7gjAd%kE# z%(`X!Nhw6h<%K;mUsKWy?yCn<9~EU6+Ukn-z1UM{ z{j%nWSiQ!*_yzCvLiP~%z%B8HkLA~9L~@aIy+p2L7cJf2!G!ua?6pQe?}N33zozLqM##>=*QU?C9t(LrP?`6VZ>YI$q|t_|o+n5$%l2ts z*59-raXN49{$Sm(ZKkeGW9>WqaZh-;gt>;PbXq7W<0kCJf6LND&XB0!s4qW2^hx-} zsCk}TrVW=Bulii~8o2E{Er~6Eg4J`h*93KPpYndT^v$h?(&qyz53I@bd_NX-_na|P z+Y!}G@?JUWJ`sco`)9t+Bf9UCHS}Y)MKj+Vn566_@Mgd80d|2VH}h%lbOhW(xkntR zvO)dta~-!#lSMmP76yOp2PVg)9*YcaA6iL5uQ)_5jyuau>ytWU>yr|dBgmT5Gt9<+ zTp#HIw$5S6SmJY+Ca)JCSL|DfdAa725?yw3{BSociw2609vY0r&X->1;@z-|4c#bR zi8WiG>Pd#!9}Jpta1OfP~ zPY6ALMm(bM6tb2}3Y_Qk*GyLe7p^ZZaUahthQAelD|yUz0T?UyKo4Cn`#r=h@!lXk zW4<9kdwDwJXVYj91^RypbAv|)oRMJ$py2Mq7D$tZ{r z(*e+L0n&XFNY#RCmx5V8&4`n2SCwk8Dy7B*eWm9P(1T%7!tb#Sn6@d6djCrDLZ8Ul znPGa}Bq`T&P~hXVwb_}0*uMGwHPK<8aP7#osh3>x3#32q}l*XPpDDu=3 z&62q{*Da7nUq;dhQPV9#J3|X$F#wQ2$#FWXJSij&#VCbkak&OA;v1Pm1)k*`@;$-6 z)Xj%683#olo6+!f7?JZu(AC98XX>|kh?L3&fUG%6;==>90{}A1?@Vuo5-;6${H^g4jcRawOG=QuT^CeZNb6a2iJIs}cTo~4ZAuVd+*2~kr@z0K$tqTltlDH=0$qCQQKMAtTV52i8Nr;uvx zlNTKSQNk@3hJ{)P3P{kePf!4$)AX5EuVsZY8?m9TY-=07Xje24ab4hCl&sBcdyxVq%1~`ND)EXzLrE9)y)c#qSmr zGO$^eo>$sMJZdIw(#fujI+fD18lwr@fli7JI>($ernVH+D)Cpw1PN*WJ5?-o*-42w zwO%G~pKlm9-~D}!%|&ZdglP+$N+~nzC^Gkf^sE$Q?sXblW64}Ju_^(-ffh!z6Up}y z#GC}WhWXpXIIKX^2qsZWEMGD;4=!v&ZYO-Y>U}f$sP9@)8o=oNM%+4yStqS17p(5D zvGG)cu{sVs6O~hjBLS5e!+jL{(kUO?yaT##q_L+Fo-Mwj-CC5b(aYW;<@PUMe2$U# z5}3k=xnx|W(~TnzYY9)yIlF}Dj67Jl^0zf$OU5HjFSl4QlWv`4j2}SDvYe)P2}vWk zlJ49E8A`Un6GAf8e@Fs(I?T(*{OkCumNJ8t(~piA+J5G)T&b zyky?Um1rZe}f znx}m`$7?^wONBS?y?Ik?)y>PF{xHX@Lx^j&A(!?vruU?5^9WA%u-462Th7@h3jOu4 z2}Fz#vy zNVJ7<9no-+Bd=Br-G%oXR=SQ@MzBgHab+KtQx}#EFg>Il4CCYBc#zj3Z1i#V`SY>w zOVsqak)CW?-99#R{2|M%6@tR=6R}M%+SQ$jkxPoE$@ioX8i9^;>TPX6T`;QuD~ zUFFhtRT+)9O2YEQT_?$EJm=RDFg?C!49XDaT(PyhKnNefu~_(-q2deQ3Rr z@-8%wzwRHJ_jxxP+8LJ6Gb^18k)am8quG~PbJMD|%DIp2^Rn*%l%$Bh*!$<|FR-z; zcgrukX1A!aV{|qU6?mG3Q!M1>GDIpduw<|?_%j38^+G4MZ?KYiXF_uOvOT}M1~(Z2 zgLRLn1lngJACJV`U^#o^-e&fQE}RQO zkSa`Modmyk|4MfY?+yX0!56i6jP{fRE+u(9HTt?<(FxtZpR9~Dxx8F^w5>bfH{n~? zv!~%S_A+pPEynuI_lRPIa2cDm7kdeXHyT<1!&PJlduiEhwFRzCDB+$9(8MJ>*Jl{N zJm(u2c;IWHS#YqzmbN(D@<;6v2{IRR0%O0B#P%IcJ)w_;Vxh=i0=N#nM9_l0J3k(? zC0o0$l1nWk@-A*V704gXsYg6QI6o|m;xO7shE!r-b5!vHMh{M%ni_|59*crPxOPLZ zP0pQDiXZYp&PFTLCN66#va`_M(aYOm`1r4C^JU9ZYr2%plH}2?(qT+%fTGN$`z#(O zB*i#tVp&5n!C}uY5kseY8m7W~fDTEgO{-}Zc!h zhe1u(p31wYG zNG@JsUzcCnZ;}H!CzwQ|C-W%@>!LC4p@;UcJu@k6wq+Y`0yCk@a`qP&hUJ<91 zPX2kyVM_ObhRVMwJPaz7P~c&E&O+6~a$MMlMA^~#x{D~25;J^xb2cA}C45C2$`W{?_+ zB>x-MF>urV8goo;OHP|tlH-NbUULzpkp2(kU-y@5rWUZ#ALVa@F#j3%|9pS>FRxtu zGw%Om<>H^e`TttEkg=Wp=tD}+x4)gQnz~VltC#;uiSqtA7o7+t&q9+BWuLzvWXV=C zI~UcSJ`(~i{tBeSFiW`#SeyOcz=FVb&**H6k&erStyd+2(3EY7~ z(HQ$WT)pps7ysDeOd@?+Zmn54+sF+bO}*+YOFtZX8Yn!*7>Esz98Om+_wAMw-a*3aJ*cXK@WKfwL&Lf2Brwgq#}MQ z+Msq?91u|Fi8)AH$o|wV`VsuxooF6#--K4ky0G0I(Nhsvtn=e}FNw8~>dJyw)|~~aplgj}!JN(Tj>GV7x@{UC zfl32>%%`B9Zf1gHbZElr`{$S9*(5WW6Mal~&ALO_<^bbb0Ch7in2+Bz2yiCqSG8sF zX=7oH!t?gR^zWUEVv>j%bk&JEKe*21X%(zW5Nq*0!`HamP_N)vw_xE{UdSEd0NtoB zBar)*mJT&z-~@X7jDqSm+Dm2PAkuOX*wILMPni^U)PQHqJ%V<8N*Z>FrPbq}o#tH5 zwZ5RnCOfgZ+|Q(45p#d{m;}^oI{p8+a`Df{_TLWlKWa?W)ZEZifV}LXSlV>q8h#<- zD*8gdAkkt_G+|<5`mC9M9@TP4Cn=F3@*cjghi^q8eFb_@b%re z+}q_C$#POP|IPTu&7z~tw}(q#|4$=VZAk7zYVyDAvEi@^`yQ)IJfxveL5>Okur^%880@ag~%6WYYI(|Fow3;|7v+Eg@XT*95owSHoh zsAP49ipsh4*kTNt;5YRaF8G!y#VKM^P?dH+H;7)4Z?3 zjRfEEie<>o)DDgC7X!&kx`};tzDN8@VUR&7K0+X^(Cp7TZ;AnZNK*$uw+5h2&KE7r z`T@h!j)B=pqGRmEDhd?$lMr#hp`t+pxE){u>sW(9e5h#3F$fbuLO*SV%|Z#IVT0C& zfmnffH;rp(N9WE~=b44i13O4pU4y$zQk@6TSH#|<=!OXLHIFeG((Wc%MNSJ%$=~vd z`a;Gm&1;Vdc%L%@g6Sxcfy`^<8%#72EtNRweg!79r)It8=(l!C4LC(%#YJ=@VxgbM zs^=*<$sh&Cq~g{wr1JGxr1*05>`@b@C zSHgYNWe!o_OGg&qCKfxy7LCe5xVO?0R*6RX?c-9*esVW~^BwCWxlzGw&>5=RF5PWz zHvOzTy&#}Z00cF(T<~<{ zAJDFqTTBpb^wnT7ChyHn5&L^Dx58^4hKz#jq6=?Q$eb(%dMpYB!#S`dD@Hj1DHpj3 zGQl95i#8n$PiS$!p9pHrMRE^cZyolTECHBT7*W)uTgM*EVmRn&fN7_ENnH=zC2 zVG97!hM1QUw+8KMTDd+hkWdGuauUli-6B?sYSXV@=ogQoYqrM6u}*w#3U&eoN;4K|0jp`;G!jDjckz5_tNQ23? z05X}e3>AB^ZNa;`Yhu0FGN>~;6o;QB8SjFIf}uI^?}*fnP6kqn(XFp58>U0nnQnvt zWsdtq%#uP-PeypAz(+eCKQY+sR9{==0scbuHlb&ZK~xlB`^T}u(JXVU(n2jnUr)}g zp4kh+STYm!gqIUCr3wi;&e*-&m#hbxK}WZ&ycCT*<-PWHPb8vgj9rnaajXs9K0t9ds+Kuqlfm>(E_Drfvr+^6JS?y@`6+lGYA{r z^W4T5a&tC@yH%4%xg}4FAHVlH02%o%pYV~`WBlIBT$=sI3PffiZJsVOtE8E4R;D{lWg4lTM;5N)p z^Ywj!cgEk}5X6e_KkQ<-=Q|`-F3>k%86_{E0Q^l7NuY$X!QKPoN;n9 zo-Hdjs{LS`O*d!9xav7A(i=7UE5o#C(OKS&_05TM$DwnF9GxC9%B_9E_h@~%x1^j; z1r+&B2cM(`KgBa9{1%&aWC(#TVa?2PXRiLjd@R8X@0=op`OL%u!q+@{PW(Eo>Op5M z1leea>>}??o}`bNwDVmVgp>rL=he&-MbOQ^arS6F>y>meK;J05`PzUKzxea6nj=W+ ziuL3gZ{DZR;?)=GHMHRg{`87{VVA&4AM)-KFa!n%ta~6QRED3Kj}YzWnmIoopR;t~|0pclMfuM|;y;%v zlKpRw+#HP!ogK`b-2ca7MYDgZLi+YE|EhqqlbNl9xd-U425Na*D|18lf8*)QM6JJe zd4EhM2)5KKQhasm%H3bM_rt7IL`Ok|FsNa?VWAP?u3on`X@u!~f@ZlUcshb7OEHu7 znqnu2AbTg;O+6PJWl}dtI~&V*adnw^7|f>E`>YRk!6pQALi8m{keB64NYylgh5FnC z*6pa}m=i2ZgkySJJj6+y_cEDTKp_l^ST1B9geYz-vsrAKyGcrVSc8sN?n!GwxVI3 zKGx`(F5^+whMQ(}A+4%@Be&>RE6;m2zGdnT2?-LHPmliYi?mVLrKlwiN{Xf5ei!N| zKoY=%W(0u3;+JADo35(zYh0t&Y-&_A%r)Z3BF>YHC5Z)oWp(s`Huoqi!@56jL0_6k z2iM>%#A+|MJOzn0tmjgB%x05G<+}tb;_`Nwl&qtZPp~AJ=~x#Drt|bVB(;yDM&vmY ziIpet%*xF5g6G28cx)qy@B#jL`Y>nr0uIWm%2F_Z`BpRYStCU* zL6v|^JdU&uTb*yWb{-F(eK$09JG}+D6JcZvMdQ?rDR`UumwZz%@zhrEp(ijawl40*1T(LVs-v3?cW2 zMEvtVO2q%QApYOcFJ$cCr1a4bZv2-7{0Bng|AEl@)g)b2i(HBwbdgms9drd^3*m&m zd<(%EM!pp3uMiP~RjEy5iWP@vkawEhCrwUg;yE$_zLU|A|R z*X%j%CY0}HvYf+EUNytfj8B)sezRW0Z;I6L?N6`NXI7ufw_e`PXb6z%NBpeNnIZBbXgAU9_;8^-Y3rITyeW3`6fgVr z&K*B1rNmSB`$7-Fn94A}e(j;YQzmDWG4vtJyY0KLtHJxm`U)PHVMiXA537^J>*m3&cu;7%2$oiL^-*K>!9msM;?=`u)xHc%>=Dl!;N{q` zY}Euy(Ov%iU&J2lHat6sDRlT36`(LdaCF-k1UD?&E?Xmi%hMa%ui6J6i2y0k|Cvhv z*=H5~mr3t0FqxZ}8-kpSKcuOnlLN@y#>w$NAxrshWbw_~XlZGN=j`u%R2I<&eyH&P zPZG))^_ef;X*R(w`faOYV<=A|oliNT1AWj0-XAFzlUD3u&hQBI%x#Amm+6<>j?d4h ztFE8iAX&f}LyCTl2!h2yh{`Qt{X}%sy34Wev6lJTLZqFm2HO{2;DK!;zy+B~6TzSK zD~(($!8vvPV2zv{&H|ICI3P=*~IKUSy|zZo;H7!Q&jx=6qi7sbFYO@1oA)>}T48uz6IM zk$jW8_T8x~-zuJ=rzM~(3eb1=-mTGzte8x9+2onA;;cqw}%Q4Q$S zlPY)M6s)Y=r41!k!6je5WI`ne1LjeIWgcvfC(>}Y1W>f=7%(fq+DLy_m`K_B<|wun zZJKqr>=-qK9UaPzltyLp7!JdzXqgn0QZ_SKo^e~)J&UyEBF}Q1#)==R#BF-=;3)Ck z*s&$jv{} zjt29SY3zW*+dvdiv5)6_VzpCJFIa+o z`0jxf&HaSvK3*SM1jW!FsK1z{V@N|d^#cq||6>{E|GMq=AIxHIXJ+i6}64|nY7*oo(5<3eb6oQaZgCrM1A-iyN3bDTJgH{Cpg!%l!Bw(5T z!g{TM>XUH2YFtoYF%_I?d)SuY_%Jr{NRZw6$t}dwyzk3m%#gt+iJ(`$Z+jl$S_s}h zJL#qSW3&^Jls~fUZth&*Fk@!^EuzJH)%s{{+eGQ;U^>fYWg*MziB4^%(Mc|)lUhYg zFIHBmnN^Q!o6%_OA_*87Gow~pfHR{6kL>^;Uf-)dy^)odF#K{22vV40i0c=LVA`8N zWHy`8vgR&D9r5mtDIE^#PrO8#7bcj`n|@nKb10ZsSJ%|1u>PGCXI(?ft6>{zJX)*r zB#_@BO$@!JqW#UH>8`cj#reDDqU%bLgTqj_5ud1pfX+JJepF$P+NC00A&l7yFFETip-i!gFRE zDEV+Lj16i!ch!PMz#N6(eNsKL$XNfOkm;Lvdu|CK7+^BX(#BuSYvV4_R74qY{*^zorA_k&DD&nnLR-$EThAO8=IPGXb?b1Gm z_%v@!ww%0FZf)erI+jETWEy_`VoQV-q7!so5psn$9g}O-YS4e{g&rRWV9n#)^4)n* z7;H$NS#5Y8?s%)+t)xI7GRf~FDtK@ci_y4s9R@5EkY|Zx7Q(o2Tz~kT-ob4M_~Pf} z!9f;MlJ&}ee5Mn)=zB41E~X_}ML7Mj;O4`DW%&@wIDi(R3sGeSfuPkc{}S#hta9uA zOn;dT84J1*yVJeL#E_Ot4aVk6%%(RAyS~=B=Ii>CLuXb165Z=;6micKl1o(EZ_~+l zEiaTztxY#YpD_kUWU5dC34%($3p;TcB1T8+f>!uOn+2~b+uPQ_WA9$Haor$%F{mJX zhpC@mtAromyoCs@5qMJ%>7hU~K^w>wy-vpQ#zu|}^!fybBgmS!*V`Lmt-ad7PII=5~YK)8eOr^BC#0j*Z0rCtm*ZF!T zTgq@M*YofZV&>mwk1%^pBRypkBuEZ0ks0MGdHcM?)?hy5SNj|1-bUk>;` z-!pOj>j&J{+Q8ff^dTeu^Q>bnH!Bb1O}4QrGyauAfx55L=vziX-}6ZWMsyr3v{z)O zsM6`@QbWEa>?^e|M2Kjw>BrxEi%x&XRkzjX@4J@A49CgaHP6S>$ENI03)RSin7!@B zYDW9w3P>y(yp*G*#!2^Kmef%;sSYwqI$Ex>`!Z#kGcx@(XX~@Xv|vF$0=~9l1*|>b z_ZoDfX3}87NrlV>-neIN#(&KXCS=hV+y7>R4ou>6Eu_oC^d`I$KN5=|EXGbMVeE@9 zdChew9||&1-OHTGE#wM_-2D#YkAlBND0D}lKk8Jrcc9LwZCx~09b=_$i!E7^WDTU? zXtYtSjik2wEccCY8#xH8Rn1w+bpZ=1{(Q`}Bu`w&jR*wsbIwGmq|yB$7ngkkL5`ul zONeS-W3>myVP6=Cj31ApD1Q5Pr73TyE?da8hFtnqC9XfaQq<#d+gf7XHXmnlNk!@} zYTz!V5|L+c%F~5sRTf2(0iKya1lb`d)y%dXU{os3eNHRLY`j{Eae8@{617rl@l@fn zS}RbNiC!kS8LJbncM5vZ>8@0D&XQ|Bo>^w}I$-!6jq^EgDT*jt z86ma#rPhI)-lr7%`(fVrh%(+cY*q*9%R1;N$9f{i!&DDsEZxab~yW_gl(r@5}ATb@6H|$L}BC(=LaW$ zj^dyj(s)Pu;xI&ATJ)G6QO+wQ3~%tP6L~lUa>Cq^5*(*)Qv)&^rUtQ(2zd?{LVFnL z&CW`+R{h9Knewb`km-34L`8v#Gz>`?Aw`ibFH|9lOzsCMaai=WsjJ>h0?pDu>_o1opD@g$DDdkm%Ob;pd}4l)v3&) zl_IhUrOO1D=u?YEcQfXhpwdZQ1!$Avw$XY`A1^yE-YWwKOs7gZ_7v?MH;+@%EJpW) zx}Gyc5}d#a z`pL03FalF7;1)MvGNNd+?G*dutvoO;8(PqQ<6@y&h{g1A7t!1=DJ%WD)zOlf(kfSu zo@5j1ENH&J(b|aa(IWuw`1#FvyNN7_61wu+bS$}}q0zym^2ckTc{U*jTZRH95XR5) z=ZooE#r-j*k82#?`mhpz_pfE6Fn2X!}h)axmBtrvuW zZxnOyg73>X(j7s$v{ggsNXKyX7R|mGVQyT4+&I(UkqtB$74JzoG3^N@9f&0zWa~Ob zBGG)Ei0>nAl38Du#-v|C10w+Qma=ck4M6h zYv-!rn(Vj@)JctKj8c3eZ|tE20BwXq?mxnScQ%w~U*58VBngBiZ%JxiAMj2xVgqi( z=8c7%U2AyC*Z6fp&3m$A=sF*{`P>SS2HQ}lewUwZmHCidX-7wR=}P&LCpEI69~(Sqaom)TRq&Ctr($XMRN*2&h; z*6JT(Df9n|rPUR9NO<*AycTshCsxJ*7?jYYzGlDN{Ee)_)qi+!|F2jo5Tpb~AaQSw zxpJFMvfth=Cfk0x*j0r?7G~{Z3L)-hsPA`ewy|$3saj|XC;_6t&m>vI5^82tlG;N_ zAd~=Rh8WiD*9s?A*VfQlTiSBdqdExFJ4X|ptkzKrFD2)vsoM(o+54Cm6{3#S@q2SP zPKb<%10E9VorF9rbcK>YPg5;>t?j77ia>sr$hskO;DkQJPr&leen8qCRYl`TK)oI# zNm;G=$J&M;C=bb^o8$Gg)S+NKLodUWqWrlrj#eQ)t6a-qxDgNi9e7QzILzjXzUZoz zq?_y_bO>$#CNf&8o=0jWV*Md|V53=x_LgM|Rvz#8%WgWY_W8TxjSWM1ov@Wz&BV3J zpDJ4I7C9L~Ls(J671*xEb{AZR7D^}$Z3BN00*epQ1XX@R$5YEbMhAg%N}F5W5}MkU zlm_G8iB3Z9O38mjJT}Km$C<-TIT=)#22YJ-x_u=9cvPFy$m;=)~l@t*)fVvQVJr)&iF%%yf`|AeT}{~ zn%$$Ha_#OFk<{--Ex1PsbgGT8YOjZWAS`c@wj^?z*nz7^eS^^MZ}`M{kzVSESp@Y*uGCaX*Zn?|lnk~^uVYq=IKsl%%o2Oqk;vqR|RE~Q3`NadzaQ5*#Birh?-k{1i=0$>+IjW1GM)-S{={NHD*#Bo4*w6PuGR##L-aW!C*;4ezWKV zF}1E+yO^Ty_`f6m`9aTTmd9wZ^ONkI;^WFlQL@4hiQCj0P(8OXkj1(h@t+-gJ7T|iOPZ7>D<{tsCkc*Zn?fn(3AkEXV z!hNo?T4XnEiA6?l5ah@E>jPeM>h0%n9NKPu@xfYu^c4g(p?ZFa)pAKa87!ayaJe<( zfu}Q<*Bn5U)y=mDh%l-lfCdINlArdxOV<^!2^L1P%nD-sOe-W@ARbbdVZ*Hii+(8b z+_F_}`rcW{bIej`Bg2S>2_`mNs2yuZ{kmJt?1;P_(ABrfs`oqQgZ^cKI~E zU&w11UTBAwD8boI=@l0iGg(PF-)dtqOl5sfr8)F|!boz_oc6L&>eQz_RSs_(i;5bg zJ>SsW(Z^ddIc+RhA(7`&@_Vy`FzGl*{*nD9o?7P4CFCzF;od2!iKzMdo8Nn$q3Z93 z%AMt3*KJYQZYFh7=TjAiz!lCyOPj5a$2X_!bNyX;_E;0=a|!07D4mxc)8CMIc3t=j z$Xt_~Qk^f~rSIu_mt-{*yaXS!3G1ve6lo`|$33ZgdSN}P7}JJ3qp5J<=*e^dwX%rzAvNV7<9QUAY1S79@7eq5E(moke7XXet z+!A7>p!ODpY|UqwvdtRNheNVs%Pnrb(?AzsfZ6lOAaJ#HL0Ig^Xh30aoUv$q6PkFi z-?yBE{Yr!3D7gJjs=cO?m__yuDhfryujpBqvVp@NpRH2u{VC}Q&s64E)eH2hf}^M0 zS0O+*;J~a*yh@CmmHk$93x;WjoE$Q0OrW+>b#Y?Y=Vjy-@&30fml2-)e)j<^z5j8< z{MX4w!sdS?8_fSoHiCk+KmK;+{(G`94pd|S61a4xUb;+V*&ZBL(Qkg@8R+nBo)j0p{%xUS>%8XWpA6EXvovq;s;&Y!784`s#r#3$hx|@p#(hc%8JZwL`arrWw z1AR?HM^pv+8Y}={yvw37naXdPvMO;Ae?b>&rNUuT>!b#Xw&j>a?sipDsjWn&wqOPA zq}ft0qv6cNvr3JvHva4(AbuyMTHdeR`Tc!%#&V|e^p&F0maPI(iY2h3SZ3uwW;<3i zfTy8C`7{>aOocO{0)@h@(Fzb+B%4|K8(eQbvWy-f3HUq|D|&fK07z}JbW)$#PHOy0MKJg*ii$;w{149}ejmIV z2{i7ksg&!8&2Bc1N47;~6A07WETbWCjlBaZmw$&jhxQoNo4&pISB3}E zj~GB=5J)aibxr*F0#!36iHbSTyPThF?iMo9%7sNrWZa+`wX#5d6M02OzMY04lroMs zDoku9$YawR;ehZ3=P$CUBO;3af63;b?Ti2QdHlc2E-7Po8ITRg^uG{JX43z?1^tM$ zN+g1Wxc*L!sc~6M5e6gqORAhuH2Y)xD*w0w&7_cG3f1b$5y6cT*xBa|DGv+D?kp~-MJ_ThDcHHI^d4kap z{=4B-#{>rKnz_(Aj1p}6>`D>3UPug#i&flDbgOw6!&$R%0B$z&-gw>a%(zb7zJvi! z>u{{Nxv=;IzT6{lrG7~Jd!42U#EO~*D>*J^(;x;rZtrc(XEI~#be1DO7GIKqR$0!j z!)8dZbj(u-&h0dpY37Y`foK+dD~7Dxq{O0u6JrZZnghu?U4-BH8lKC}3uA&Z%_9Dv zDW&O^z?q9>wM3wmG$|$aRS|;nnNDhr!NA$68X2UlhWAW13}ze8VWRy}hYU>0=FpY( z=ruex>fyQGelFT3mTQD3rqGhXIxW@raU?;UGB*+lKiAVqG3%DiG}ENCNH$%y$#$fzUN^8W@#SPN zQq`Xv|B%=A{+ay@3}O#T9eS5b*d_(Dwwx=~4@ekxj6|+kxBbaNUM*5NRV&w3lH}E~ z&6MJ!G@6Ttv~+KhKE8K-yg9fa)AZ&onj@z$`KMwN8L(_bShdxxGB{~^ivBaAT70LCAg^Ypp{T7|0;VzDuHkw0sf z49v4*ui)y-S#Ogn^N%;XPinYE3~PI@C@7O)6Cwq-FcH5el+4cO&5iERNlwK64`uHd zU0JlPYsa>2+qP|U#kTFFV%uf~6;`||729UTb}GKv`YWMu`=Y6m20beuxZL z3*_09XG#%Zen$qHKa6kq%|c^XggaNoS#hD%@j^Lo zLOTz~tK)}xBnU7H4_2fBcIt=pz=88uLySWJw`hS%)j&4U#>C@0T8Q%&G=_P&b2pro zGPF8jm`6!iPbtJDVu;rmp>47LDLUYbenikuNQ0+~a_fSrNQ(;iXS%4u6e%!NbLG|7j5RN-Tst`*m~+ z`*L;s{|amVb?5l^b6j6L$G^Z6>1nG<=&CrupYsu7*<%TSO_kXnBQ$$Z-+suL{-(r; zzPWVgNh_Vtwmifj&G`$~8%$-Ci^I$@Yt3;p2X8EbzTJ;K^ZWPT!fen}=hI_JzmNCN zzUGNa<0~PMe%>ruafCfu8SA8QKCsF56S_r3Tg(T$i1i5+h|{5;gM$zu-t|sRpr^&8 zkT!^TqU0?0{F3<@)lI+L%^Y;O?d`I$>5(uu+T1g7F{5HV-r4l0;nz*z&n%=!NW05D z9BZ|WcsA$~Mo;-UtW(O*#uq%U)}~T8+N@_z@d^FXnOUXr);W)phP($^%X`(sn5wBW zevX!zWJ2jOkDJsRx**uE2^u#+FgHnF-iD4+F^*$xH8O<+5*#CWKrAlHRT%9or6_T~ zzf7j^(mGFwNj9?Do6e?~XSZcK+vNPg>e8dd%xV^CsxNCsv}IC@k{4v5`VBWMMeg?5 z=di-2Y5r>)_-L^GI5_~~MP5YSzPa5lL-JE@67B`RBX|4TpjnS3Nhcb9%id$`KT&CecdJ_-`(Uhx)(p9}|a*jAG0YnVA3Eo}Hk!fq%t8R0Ld~+aUilHSoU~?}|5*3La@4C`%)X-77nY>z7IcIJEZnN`>TWgnC2*d;huI`33;ntVhxiD>jrmR*a2>ssO7r zz$Ph6idJa8W|&7*|A>-INev2($ddBTuY)kujXTtH<$zW0hLdB)bL`U*Oc&@& zZ88>dvi*-RAS|O=!s=@=zrg<2#r&_x;=hkVDVy3_n7K=tn0@6j{u5Sg&74$Um%`}Z zzP0!xMoL9WNlIL%$Qn`tCQFkwg9C1Zc4s43Y$K1|v_kenf--yMWLRNJ(5s@oz|SrR zoPDxodFpQnAw8l52fIfWprF)Jb%NA<9)C+3 zD@tuOjhdBVHs3jf5S0jqoO5avFUp;nN6o@S?K3f^JKU1R9ZG~`Ou<6R3uehH)R{S- z3A2%m)FXkIQ#;j{c&81cFm{8lHS2kb_`cz6=zD8(!7^QEuj-aX7-mNhnA>m2>s?%S zIw%+^4`kI;mj)s-d28!k&%nSrx&l!`aCt>DxL5c%A18j%wOWVVv|@xoEXSdAFn?mT z2J{B&tZ~>6m*nhf5FN8<)6O-R2lATZ97MW+Jy96jQk{K2TMHMM#(CPX`JHO9gxVZh zu)c8z8u9`DlBS2GDF*TplWO9C~5_Xu!S_A6xXi+eORJYNd zQ!n6< zPobP@0~SE7R~kHkKgvI~+w$v(_f*j*ZQ4lSfJT61M)rL^4oD!dukI}YVA;i&Tx#MV z&qR1aa6q$`&Gm~D(UxLgacycGuS4vtHB%NatI^ml%NUxb&u3IJYG$1_{}}L--9uMl zjEpr*>T~g-jHLJuMzEhVN$_ezPVZ^+# zPW1B($_7HvIy|^ppH;^#8hf$ujv~(?mt2W?xPS14>PJgK9ZS#p%(_L^pof&Ta6&8> zl=WG1-cr01toaJ+H-6ha6ko$Jw_5^O*!{*cpIy7s9Xvo9&uh`Q?}u5oJCiejg`MDT z8Tp;Db_#5HkM^$Jsx?oP&;S4t`1U!(?*?_pz#MocIWY~{R=tXcHJ@gZmEeaQC`-OO z(&B5lN_U*jI>D}a#9n_%+(>c96>=O`qy3RN_``Bm%_n}(qPrd{@m3H76ew{v@Vz-N z@~k^A9CRazbJtj$LEB$G@;j0JpCIwKfH*63Zwhbw9uI_lO0FD|us&97yl|`ybY_#< zfiBn#lfm@wzw{(o61;BhW|vV`g(4q~YZAEHgC>ThYv1_H2mBG96G#d%Zt<^OvaTe0 z=|`Aho)!O6On8wKBj3`C1;V!t_#@w9hrYEXePR@ZKO60D!`;>-eIf`U-vx{qBi%xh zenOsyKL_qNKs{TDeaIJ?eBj-Ji+)5TZ4dfH{KX&XL*MVizV++>^`^KF9rlJS7D()B zA{6rWo#Zn$X*vw+Fe*8SdE}E}A9=?ni&*mGo#az)fehD2k&5$LhUt{gH~jA8wQ7oXam%F2C&Tyz9*OTCQ$w_i~p`UK#u?#TmO0A_yH?w#|+WjjAzc zhZ~>T9j&H3JGa{=2v;IaX`t7t<|%6Ey=YHKC5OQ1C3Vo1DnF!Ij&k`dSCBurJ#&lQ zP0*-XQ8)e&++S1eN2KlWR_N=7}`T>ZVm%#-(P^+JE@~`Bg{G);K!;j@{ML z)X7!vt#pn%>d)@H<-?%o{CsThoUZwkTDp^Da?)Od>_7GGTja!>f`3rVw`j4@@7z63 zPB&>|WBj%0X**v_mMq3y?ZoWqj5RSZl;F!Rgcw7>mxF>*~BW4BzZ2&4U%_O_lG zp~m}zVOlo22f$M3pfrnV%h+q33E=pY`_+?2(Dwbrm9TIiSihMy7AfS3fcaQb1VIS> z>v@uD<|t9X^6F6nRgylo+A$*7iC&LkFf7e}u}&mf8f@Kbjr3|TZ-7#Mso?2fSLJ)L z!Io=E#13@2;>2nPF8`>}`YQ+aL4o?8a4;BI>vyQLPcRCtQeWo1;pgA8EmJM3vXs!l z4~S!!v>`0L#Hu5P*U3-_Go9p4&Z;dWE6&$6~1@io2p0xbW%G-XI6+>(JDtDY< zxY2Sj4Do+ftf$SohQY;uWC^rIa6A8$1tePqVrR<9%Y1O%^BG*QX;>gUBe|_Bz@iV2 z#$Cdv{hWO%3=_vZAX?5X9jIM8#ZE+41>!EaUyxO8Q6&kQJAT`vk^~fz?)(-mGSg>2 z+CjwsO(eJC_iBz;zT<8#Nh#$r`zU^J&1mw?ZPYVI3L_-Fsnm^t2%p%M~?XpYxLn86E4Iukw1aoW#rsdB<*` zD&|IWLm4uwn`=V@RaI6@L+YD=upOw0 zJ-HpK2}6>gh_@rR{Y8me#ty<%ZWITD13dX{5@B1zxF7l>KDe4$xFvgVmfXael+MtX zL#+ivVhrT_*!%3nq^Td_(f72X4a%@T_FUnUJ2XzBcemv^Ec3aSlsG(vSF=2}bf9^s zaLka=;&n4|*I(P4Fc_rph@>)2k-WYd>rA_JdsqX$Et|q-fa^T}6OY-}fE!Ktn)zG* zM>6AIPl@9H_U!*}dffdd0+yw(LNJUOsmu&NZXpsZnk5rMDXjx9V^2X!i-v~9fbw0J zG+Xj_20HJ+O#e5F$S*V)mEUFW_tcEk#!Bjdvckxv0Y;RqE^~kJJcAMEw zS@r?e*6}UlPsI?~4r7!cEcDdfZ(OnQbtw!V8y?qVah0J*}2&0rty>0-QZ;lc310B5YDx=z(HY^Gf6Y!kAm+H3ry zd+)}()?2!hyCcDjxvNIoif=_WZdMI<;EaZ-W8EJ<==o>0BklCZX$?~txc}b2>5r_M z$D~{{Tm|qmX#$6aLUn&|BwT42IJHOF(?I=J9|0Kee@M@FIOJwL6`Uk4Z=V_RC*w~i zvK~i|-M)B55Ru?(F}gj(MJV%}{}QwSLvCeE!iZ7_I70<-?mjSlY&s5bKwZblKwoD` zLtl4GL0?ZuLSGk2Kwk%oLpxJn!DC!I4Gj&It++#jSF*6kLQ=7^NJ3VyG*;R=GdDtm z2WS)_gL`YhK|SuGMn!*O?i}$VSX_@?>#aXgH7;MvgIV4*PdNxc7z35dH$X3g`ESN{ z1U4{b0>RZ9kt_SPY_(}9~T zmp1Xf5gf5%TM-(!lrl>OLy>sKq7AQbwvYS0mspwBe6+WkS>*jW7L8sqEQp7+jh49Q z%vpEKDverR0HsjQsE~I-ID1em*hVhgb7G1Wv||jNT!cr|Lw^FerClWdWC%NW@K-O4 z6*dgmMkU;HVTu(v91NXGh#@tV@l$c2qdPR0Y~vIP%Mu1;8{9TYe*fas0(0nN?r~rQRMp3l$T<2)8b<(hSk`-&36(z474>WseoE2}3 zmG&JXF#AjdPkvZWX8&BUb;>Y9k;X1@pl26&P!z;ECKMMoq$e@#5_uRd#fq0rBN6U7 z5kwa^*ts8t&X>zgfGXfA6<~vVZi06H%AunN`ev#;W40k{7tzBHub24C8wZloWmAJ7Rq_Fo8 zwcCRk@sv7tXn`_pUjGnRb>Yym)u*+r2|^qiMcZGh4bZ{z!3O=rfcyIm{$9PaD0ss}S07nVF3cU1tMU!a#pdrwFZ6J)LXwlp zdJw!IMoVnJZV)ElRR>#>Dxp1Fr6I$R2rn z$vGx#1$X21E^4u!@$qi&6on0f-Obb%FVOEq_m^06U6nFdw`tC zpcI1Nwg@{jykNbDB7Bzw;V*wXO`8nE6BI;YU#Dr2Cq(oy5?cg$VfTN6{zK7{g*c~x z`J##pi2kRr`~NBM_*ct}{{rY{>e^#!;tcn>`K`~f8QRcVq}Cie6dNS{z=A7JlZ+v0 z$N25RC+HBhHMNla6LaG!U@#y^&5S}7U9~hCIR}SR==m^}iYn)?Imhg8i9N3=!b{gf ze5?IpFUM)Gsn6HXUiK%3?Y#GWc90dghGj7@x*F1IQA!O~Yk~Ud(~~+!#WLhLqNB*+ zBHLJ-Y$M{Z7>y$t#EFm`+p0wXlQlxy+LVM|;cUEY0hdx-CE_|BH??cRWp-P-=g(v} zg)4JkZ<^HIDF!d3(*&VO!OM;TYAc?wpXzV>ftz#GjS;}eVsF>in6Pk#1{Tc*QE(2n zs=K_rGfYnI!36>)LM;`CB>+(i%M5~>WeR_G-iZswMKmp+3Y*;NqRY|ATCrcmrgqA-xC5pW*;(Py+v&$B z_9TYL6dH>=k-7PobQ7<+GS&$ytT*cv*R^}XB^oMIEJidone*qt!%?@ae^#Uhppo(t z0FcXR%Kp6%V#=jNp@Ux&aHzVrM>v#H4$YICKKII?y)K0lDjyg*faop7^lm&YR|F9a!0? zX9@TY;kZj$oIE*eNx2aX3&a^(`EPTTXt>L8a(|uX>DjfP`-|O`m<&0rK4W{ApE2)_{1&cZl<%-CEAO<{-(boDus!1 z6@S@JL=~h(F1VDq|X9VU6Agce_7>{TZc@PpGnnn7W1a8l^}JU-kIr6rtgSC39+GVdbB5{Rhsr zEBp~)pXY1?x|kBBcEDLUER5e;#urve?h;9JwwMFwiN<>h&-<2O3fb4a&y#NaZCw9$ z+{Q;=e^*;IaBXawpU{Tc2XisYAPEe*mV#(_hLb;1f;aYjuYoVbbE6?NK9o`2bHz60 zhn)VFm2NJLfv&j2&=fD!Fel#A)gUQ!nx-ilj=OY0B|=zN{l(vg)fn&h_pS7<$FFAc zv~E5NG<`w($BeC(LrqplJUqaekfV8st-Lc*TF3r=z?V#dUFdgn<%<1i0>WJ44sw;^ z4#FJqb$hylI9a-bG-!Rj6aV_p_H~oE0~~Y#FrSZID_I!J@c@7z)O8FBg8e|hBV8kY z=Z!q2#_ka&j@+Nr-R2)>>kG_pP3PrB1_>nTz?J zu_)-3%)}+5i`(T97N1?UW!<8Gt`Gh-bLIrqstnC11=fey(Khm7p1Tp;Nz&+)D);Om4yaKhn}#=g>Y5_gm&t_r|ffmlJqtc!)n4Z){vq@-Jcf>_6aYg3@|lxd_i0raQ>n7ko$qTt$cA;y7U zgA|7%lCSKlG{#!&<;pZBur!vc0;qQ=K-&x;@yUUXk@_@^2Xrg(Fo)rx<>q_(vW*8O zfS)vt>pPxcb?T5^u@GJ0mu3BYnvKJ#=g}&S>1;QK6gpNoE7dfOUAshJb^4Hg@ep0u zm!=HWEqaDVI*>y+5@|9ohiQYY{JrB6PreEIx z!J~9^PflnLUdvN>%boe|##&fFmV`z4QsK83?dbLzv8Dnt(Dq2s4?;-qnxgh?uZ4;5 zom>@N7d`)Hl$Y3&hri(xkQ1^L#aybIWLpMgMxb?A_=QN{H;aDdR!I*=ep?e1UuG&= zL`aYJF~2CFwByE6>-zmxwI(RN?1*BQiP4HrVcU)&%iO=_@uq!&cHJHBE4me!vD=Q_ z^amA*8906o_Xv!gseQ&@w$lcG`={)%i>>Y*|5b_H{C~6?{8!oG->)XnaP@F=|NjA7 z{=L8~3!uC+=j=cbf{Dy1G9wc#&AB??tFM?LJzSkhbom6yq3>1Abz+L9*{s~m8VDMDde2p7nfX%C2KZ*nr3?CXbMd9B)b?2(JA7VS9 z@fb3X-Cb$Kb<-ea{9+p}0lE-ifD-g8qNIdjz!3a)`rbkGYuW@lp$OC}cP-eg=9e>u z@GyY@!f3UI!?EN*@EFU^>7SM1BNvX74zz5ITk<5Y4%mKJ|H#dOJ7=^)y-`plpp5}6 z!msR_ohKBZGx)$N1f~8YY=N+?9|XJm*U;b68XR4e?{Lh1!U<9`D~n#H)YEOu^;-GfEJKCmBi=eX!aOG8i4%3M#4BBP4v3;9`CQDw=Vp-hhQTt zrOpQOKa$>(h*(cy7p4=-d;slqz>OYY`!q!Hi&%LBY^MX%Z5xGzSCHeLb)oI`V3)Mv z&zJjvU|Go%yE*(BP%d7ChN%das)0!9&SIMkirvr9D9+d0uxp=RiaRunx_F~Z$yai_ z1Ma^b1^(6LhvNULK{~tII9mOW9zSOP;_)N(Z;mNy`VWHxGj}ly6GsUPOB+XebcfR<}Zm?6;lz z&1vYPp69;L8~(n&KZ^brVPVXuv;GgRT(qvZ`&^^qMiu2ve}_^e>;%v@S8$M9!`pxF z<;tD@Dz+{uW7Q~(8*E@$U7IsdGs=`1y6J(s%NfA*?xoqliIz%9)^WF>DS#Qy?!Gez zfTq$1o#xozs%D6;QXM3Xx+f5z+afMJKTI#0v28or1-pse0NnZ zP#7Zja2RzC{ZbZfS3Sq$UQ!};HB6ZGY-(;u9%$RuQui?e zky{r(VtA4M-Gpj;Op{)V$w;#+!A9yK%E*|CB7ucgggpCJ3=wfkUAj&||5jNat5PJ} zg0)l;Puwi~O>a3}ab;@hR5-75d0!=I2%iI37R?cDBLlUT<;oqIdP2p|7i5b~mGS31 z@}Md5`iF|0E>gazI>H#Y4IL&+{ILU>I#%0vBx!D{+!hPX(J`{r7#qA){uG3Ek)CJG z&4gcjY++O8cxgfm3(?1wxg24Zzg)XIap$Lmei!tP4j+2)YKS!}fM3W#H5ynaNy&Rs@1!R`&Y&3>u{uCkQon}NAdHLHK-zH#g&>hyk zjFYGqnYzXF)#mo|2&zC7&(7Z+m!Pknk#u4qTSFO9gd`Uibcj29K>>ubnQ|d#XuXwKwd#~K@1x@p&*e{+?DtSSM})Q!k&UwO;P!Ui0XMGJ zSZ!Se*rbTgYKn|N zvU^Hq^|K)Qw`yEMDc9m>vSEIO&eTh=g#p$40MAG1s!x3DdEsp=<=*&9))S*n`eJFbLx#F-eUe0SxzB2lo*bqxZrnWCIb@hcw2c`K` zf(%iIVv?;*Y1^Zz%-Q!AYZkkTngcN%5`#oqGowL~`*bp0iZ5`2mgTB8G67OUMO$Vv zDEF|b1!-tw-zc!!Ti`5W3b;;i*T9p92BLND4xKdzP9WOSDA<>CE06uMvwSiN*pGcu zA7O`(F7s4SV>!))Wn`(>AGKA1fvJ3IKW!BC$z9cj#~#C|2urZDBHP2cB3w)ZXnt~~ z*#9yl!<}oL%?mWONF*ih`7PmkkDA&`hm@523)C51H70U`Q8P2pxfA$w@wKZ|?`P3ype-~EEHqtQs zrW_D@v8wo0Vg94FrObRhgK@sofm@Lnl*S%bm;dz`abLX((*NEN!VULs_G$O^j-`zR zr_F8#Ag@n`YY*pu1T7APWwR4wNn^XcK|2cq%psphXTX$mc@)@)b;r%Exa=Si2iQq!&q40-qC*o(0;! zF!sMZ0Td@CCv6`%I zjh&J$wjr|rVa$<#X6@_q{9|wg-MebkM*tyRD?pvb2+7a$NL%rH8a25B(zOi4tVC{O zF+W`=;S&4HjWqzND%(<(9dSWHT-O0Q&L&|@5=ou`_j?>=3jKFEek^RvI8L9ud)Bub zox0q970Vm%RO)L93>g;Jp=s_qSskci+O(tF6{D=$YS| z8j;1CQ`=}ED}e9ju+#_`jcGy^THQX+wNG5!rj2Hvg5Y#Bq+gy^%8N%+O^h7cx{eaj zEA|F!1Km)|#&dIv6W>}=>C9wU<@zyyy(0**3abib)ir~EZ#AGg$V0OhTlvj9}(Ng#!3-6I|&+%*dLTZeM7t3NA0^kk$VcY zSgNsoNoLpo&O-$a?N8rcD5Mhu3o>l!)E$L7VtrtST@Q~Gd&90;Dk}gKRh5sR6j0lU zjiWq+qdthe*mTDjr!{TXY;$wEik5eR{=&90TL~Z;MEG{OdrgeRot8fO*4N-HqVEi7 z%@04gn79fj`A5^ZN+#4W|pb zOSC!R%-?HxJXg%8YLzT1M$|y3#lLuE@ z7~rXMO%Wfvm;&|EJ`m=0v#U1#>$qZRUP!AH_YmiT8wUJ@#2K+O7Tgc}EXb=| zSj@Of8J?xIG^g+k6STOKsrZ4{_lu*G85OLRA>KnU(4Q*v%ry{+_&^)+BXV?me>rRD zo)_N*Y0S7A7j|?`rA0Im!(s;oFP1~6)ppH*&@ACrIQxw+2p`r{-_{C5y+O#$mE3i0 zWaX9r#}j_1Syu7$#ut|M;ppVr>NR<2_7;$8={7ek48o&1w3dS(I;+E06}tz(PRys; zxg!THBxc9FH{2{6NamSVR{X&IB-mOMJgJ}Q>Fwz;kJz-hFNU(OVd4|)J1q|bTr+1= zc^-~sVIZ}p8FbWjN^O^CKM%gqrv@<+S+58R0&};s-Wo!=Ka{$Y$@iOpeHS6ywZBq^ z&F|Llzs_uZ*>6anpw(dqSW`_)92MEmNL2dbZ2{&~O9f<9kJPM9K~^=R!q0EWcE8AC zgmd4pKa?rt9*QM?=wGeRDn%}wkbXF&ZXfiq`EVeeh`6i4K?ZJ}d9AlJZ0kJ#&siljnPyjl5pM zjMtJiI#B0TaLW^NYD7A6f};*ouP@l+&=B=t!N90Ln96p!z;KbVN!YA_%CarOGsm>H z5&oSu&wY9STrc{ph*U+ILaJ?Hi(GW8?gIkO8E50z$9JC1w-t$Jl9_ixn6S1|;mqNR zSynGaR>(*PZ&|x*+mgpsu`SH3OKvxmO-Iv^=XPr50LHt*P5K92fm5|lKFQw@`E^v$ z_$gIdsQcbSBYaj=z?gaDtsUy*53&Y< z_u(oJL`4O7s z$F}}Y4&hKal`HMTX$QuiZkIhCik(>p@+vuU_E43 z!TVpngGwFE5XMqg$=-HJFJ+3}L2kKB-T}CZghWkLYTUEj#jQZIJ7o0|Ho-MvG-YKB zV#wmuSDJ%P5pe|GdXc1xS(SDc!nYCcH=MsjhaA!N?aJ>Xg7e5duTocAw$b$;Tzn3V zeongk@X`-M7er!DB!J}w1#~4NZ~oeO3VnTjsv>`3v5nCs_K3s9j7M_-&?a`U#FS1b zS?iQ4^WD*HR`#Mw{^y3i-XEI`1UytGI!aMBBj9jOEgprTG7qonke)Wy**l8G(IWSH z5Oanhx?SvYRHg)lef(9eYYr8Esa)N+!4$UIMO$NPDBnfxAB$$EF5-eFbEFRx^JPjE zWV4eb{S|{R&w1z}m&%!Kg0pK2wmwu;n!~1F4Xt0L)|ue_o@Je+K2Mt@DNTbA(URE; zeerJ1AFBlckzv&wycgWoe6OB?d0bnS1r{}O?>!pM@)WBW3S1FkWY;9n$xWyARss43 zuFHq?VN+Krp~Vor3mzX+j7vDbfz#yUv`*GZ2?$;vQ;1KaIw~R}hb`cB-fI~$0&!ro zm3%71e8z(Y{--2x_EuGD?YBt}+LEPJYU&L|kxwafc&C&gR(%-eRpc*|>c;9O)l242 z-nYqQzpO+8Wy8CI-=-w$=a6TY*Zq(v>YfWMLPMI3* z#Z8w*|Gve}z~RLwXTOejdB8ZQ-m0yfAbZ{{M`_C1Xpxv4%C}Keb6YSl*sMt#TEpLn z;3YDk#>T+HY)@q!&p+A{{Rs6O+f?F(9Gsrp@x*f!B%p-uxCb4$FS(aSW&POe`WbeuYSh?n!4!UDw4{T-CK*50)Hl5>!!gggJuL=bioU2k^bnIr@9`- zdD!i2yatIkqx0yp^f74e_Sp)41yQv04X1+M@Yw>_s5*v8Ps8&m2>lgIdSBo%z%V^& zv=y-T>Qg{XI5(UUGOfAN0yVrK23kv7xHQMGF2a46aeG7rqK^ougNm5sZ?w z+t@l|Vplw{B$mraJgIe5Q=XHYogBwV|AT!|!TTYv?v}qhllsv}v>_T28m#TeJ$4t2Uy=cv z*~JIhofo-tX9}~6h9{9Z2h$lBs-YaQ08+p`XK!2L8q@E}6m`sPBE^2GMV?jlR- z@5A|^IhWc;f2Jxm)kTJ2lQJ!mkP{K;SgR(BY{N2mKEFjG;PTlY^PC$X8!^0M^hEbe zBX%Utt%AY`tSM;=NI*&!8QR~|Nv_)fSj%FpxJ53(TeKlJvYeY=M>&A;3s|0<-+G|5 zd>Lgr3#KY^Ng8wK3GC|0!+$2A9P(lDEVqf^qAxKH-zL?P=)aws9{(=sl0sJJv-N&3 zDwO4q&2L`e{g21@W)?jq%tz4pTj<@6gvV{YGDa(v*;gotHdQZGeIgibuOKb$e&ZF6+=AMk7bckCDjpx_tk3cRTMOQfAe@WM3WsR3z0kc zk1y4pF43Jl$#Nj!y-c1ro!9)VY3!XDHlfQpiB%d6(c3_jqvimL3E!-0#P>9$1=I;| z6j}%Wlt`9<#rd@D_s7@~X|2>qCxm4Gm&Ds-oHU>D;W@d0B76DmE)o%9zV ziEhEti!t8k7h2+0lg{4qR+($4H1eg2{DLcjae`37fdZ2>&3O*ZE#bO}qo8t$(Vhmr z6Krz4=cKQVdhdict1;Hb=YdP=jiHqfx{yl(M+}8-8Onu4rQJfnh-|N4u1b5_ettLf ztk|C2vajiuQm^Skax#IDk1NpKkxr(6(jl+Qq~$gvKE}ZBt3pHE`g>wsB_b2$&!M7T zPpSn$r&aNYuH9#h`c?YlN45f!kWemQJD%K|Kal*1f&++4T<*aXiw8)aVDiP8`Ii#S z24XgC~9X-s*=u>$D8%AMp|%cJD{JvyG$=52(Lt znJ=8P;y=|7qli1^M|ovsc{Rk76b=XdggF^Zv=Mp_&zMuT!F@;2onl6b3z8-EMGtw> zZpjXe=efh$6zeP2KXK?JlopZ+5;=Y+7gP?K`(+17z$D4HUNvxJiC4E&8@pq*7kee5K(>?uZl0Wo6l(8PUj^wXfcB;SO zl6LW%chd)PCtqrRy!0eW0MU!%Mce0ari!|z$#*<2V(qxtVQsYXGdRD<2Pbe> zt(;YeszwO_fff)g6*+*g%o&4QrJ5IeoI!h3W5jRC2xtjurWxZ!Lb506gA3sWZO$5S zo-pCDWM}a5;367s!PQYkSzU#tBTv+##yDB-v?sS{EY?&MEc{t#1=XNAKQd`m<*P4A zib4@?Jp$kHGoRW+9Sym{{;?9&IYHbl!M1UdV;FRYK(FCf&LP3N!scz47yZZX>1+kj zp_D9iDF0zVRN06{UJ+KZb7cOYdI zze||_?XUBdWQ<{%I%Yw;Hh4xU6H*eqq#06Tg{VMej1R-)kxR?BFn1>9BD?|x>|5NH zguCjHO1@TvZyq>E{0LEmkpoBrCb=d*?IhGlhKwt@Oe3^o%hfo6;{5246JjNRkXI1b zK4sp$0t1bVKTV|p5Ro3x!e+3_`6gD@4cG$H@TghN)dDeK5ZEKP2CQ3xQ60XUfkwR( zzFb8z_0ZlCC9RT>7Y6Du;e#HE{7x&1Q2u7((94)aE&2jh>()uFljug*3GT%__ zdAIIxBo|C2{!FAhwHK(u2FxA|kt~rI`)UVH&FXPg?@nv7(>z6;Qjn%Fjb>Zmib+1J zWb3W5m%<+pOt)JRQ1+hOs^vBD$(EyGcSjmJWBJw61oi%%a_SN0&rj+?AoibJo?Eqx zk@|bpOitUXr6-d{p!hy0 zL^#);*VvKQnS9=ve@Tm6VS>u@iIH(=l-HlDJ-3>%Bx~C93)`JGT_M$Q_)2bda5z`(09P!JS4#yK7uP%5Ki=&Zq)wPLtEZX%e}s9Kd*RdxDBBSX`PCHJG#=f zPBJ6hIWLH{X7&oH8|WHkM%ZX}gdwlLIwB_8s(rVIEP9j-*sPR%P3yfBM`~2AJ!0uO z$64`6!f`>I0dQt_N51)!9^CNZjh@-C)xP zjAg3G{=Jvs({BY;MlgqBYSncB5}pdA3F(K3v=_tt7+O;O-l=9t`GDV3RIjxh{G?5z zom(n$$2v@qXtRNu#(PMz$QrNA6hIw$ximyqJj8dV7wP1E_1mtFIBPs;_ zJ5Cb)vTZr;+vx?a+|te)rP>SQnown z_8By1)EMNqu!QEDWdDnj-ZZj$3URTWb5FDvFYklOepl-$SC%AN#D3*2eoBIa8%6JA z@?S3Ly>)_UC-uT6MDyH?9_j7q^PZwt--}cz#S*BCR3YfO2gf#{HrxG>C6y1l|yu-A}_4lCp5u%5Eb2R$3?Wxs5l|oMBk2>cCVK=o%H|u9` zk9SuYOBz!Lqye0NSVG5;0*%7 zTI%!757wSX_jLnF(y%GLt23p>1R+XUa*Vmjc0*5K7U#fYD--6qq+aD9@L>J~TlzF_(ea-NT1D)#2)-K!0IjDTb8fY1! z*_xnrl_yX}L?NheEiFM}!DUAnKHk%0{U^^Lsd;)%W zK?gsJYD#bp6WB*z_(SgX*kTcR&r5 zW-;@Z&{2AJGs2-oIp~3M&{AP4hY#Oaf+7W@(mZyPPnMx^DchEru|-ih{_$8}+);E> z$X26MkIt0j;~tn_2H`H{sbEN2w{%&6$U()kSq8GogFOeU(-Bo z*~x!)z-+(b==5}hEp-XGY^*k;OB3B?V4-zb=l+xjTYe@#nVO%qWRQLFkIJ$Tshn>P zEemOYT_!5kw4%$cdsyQXX0kfhXyEr&*n+iCm?C|2h<(m(L7*m2a;7G*ILMoUEsWy$ zRA0YNiPKbPby%?tQ$>F1Z>wpDjBxEG*KMe5E1l_!1%H0#7b9-%Pz z=fIQ%B{qV}N>(>@Xya@h;pQqXtm_SeUDtj`euw;c{E;+Y{#^#xB60rVkBGB2-uG5LUtIZ++CI5(JHXHTA0P`6C$%q>ARl0VsY^6)Kh%>6zI~ff{YQ1l zKTFMI{y!=~{>?h!zZZlIYCw2lt6+R~PuiNsG+VTdq88Jr7dB)R9)}0nY8lJsBod{uD)VGa6QB%q#ho_>1EMBF}cAo9a^O> zJ=$ih7Ez9>a1_@%5#FE_Etv!K4r45~O@|E>&{?<^$(1g;2RMVs$5eo*XOHf!D=ZNw z7Ai7jO)Fl?QTRD;nUMzry;CZWkYEg;wQ#)zZ{_LI8Q z-U`e>#hPD98- zgrnpdvTkI(zRo2pi$$x({8$~P4KzUlJa6h}RUOTIOeLNfJZw1CLJSjzKLtyLsiJ9T zHo_Pe`%->_wu)kzs+lRypVgri;|^Uor#5tM&9Rt!cuy~&VbQzT&xUzOh@slr zKoAn^wY_1EM2=35`4}2y7FlEhjuZfQrd(HgvZ49`sf@8&L*mx~xiUB1zWmI%{X{Hd zY12_!pBbW;3^eTtM@Kr_VF z0CeH>-TgA;%LDB1WTh}f8jd~NjXpZdC-+#aOw`Bhd-tr&7_c}EhXsjNU}nPx4eu^} zM`wk5 z#%Yk!-+Gg!4O}X{0OCm-rB%qHer9j7X6)kf?i>J65N{sWvY59ZFf<+_*l-AjY|fg7 zisYSjq=T36zDOf@+HdcC0|77Sb`q~l0FuAiqH{uETf4F5bm^exTT2Rnch*7-n`ww` zy)X2Y1GlH-NS!I`%%vTmSY;oxGaXTUK*0H@EUFId!Ql)ID1ZD|o)*`FY*FyijGdP% zHVXUXYF!C-fWQkjM*N9;813o^fkTh84Z0pWLpjP&nNv#S%6xvt;YkWRX4e6%uI!N| zXle%a8YPF+lq!HD{wgpb(Yr&Y{ZY~w_9B(K+ANr z2k2Vy7bIHb%wg~ZRTvSuSc7$@J9`)U$VwiwlJ!>=!R3EWr)kX-rR!m}ii=%?1ZPrW zsm>W%Dmq(GTFp=v&+2h?7AadYXO#Fl%Ilm`S@ZbI&^VLK#+SzJ6*dO!E)@93c%e~4 z%glquKd5d8+WlZ6Lm?_>^A2GQb*4%_IyA%kIFW1@OKi#1z{Y96B`S=U4I!vLl8R{) zj?Ij`IABdG3R@5QDe5+^jKsAVvKbtRm`{ zIkb3dGR6{^3fp~_)T%(o1-jmgwy4+f|#{8*l1(*TcDapWrJceVVsb*c`Wp za74VUn^p4Kky$2f3mGF{MJ}09V%|B1Bnpe+|@54uQL{@tIgXTNGQLfQh?IxDuo3&|9h(!o~+@*Zyu5q zF`!rZ!(O6LGJi*VJXzAMSbSL$f2ciY!oE1sFW2=Og^76Y!aNhD&i7NB*dcot<0vi- z76V6U&BD#BurXea#9@t$ldNI%CDEl-r}h~{j`gDCr7`W;%>s4o)qUEeP8c5!PAS>Uu|fEVG?Nr}vNguFHpvHh=C_85Vbf>CGhd+5nA8FGQ=AO-|(W`6g$ zDJro)#^~0K^dL5GKMbnqk%!{BtEw%kvH^i}ZIUQ3p&_gPc~eGlvgmd49v9)hgK&Sc%e|29B}j$JmJQap3_~ z!eL?!uqF@U*B^OMFrG;sooW8u687s3>gz=6KckJT-E2v9T_UmO`?6`?V|*Z{HJjdn zeBiD&q}#!a0bBk_*fQmWUHwSi1Cz~ed&9hAIxV?jc-d`+Kw|f>S7PiE+tGzKy?dxE z#tOiF^Cy=D-w3-G4pNXK|3K^({6$?;JM3TBj5`fj22Uvd`8IS=z;k+GCh(qItIvAx z`6jRclm8LQmk0eP8~7u#Ti*Fc_WYF^=B+`O8SRJYNRm;WSh2gkcA1=7JNHi6nU%gNN_Rgyg++ z2HAmF<~aB+1aH^vz#KCnGLBV5FlBpkzx%Pp8T{4ua0!3Vq4$=Y#Vqa^CSa)Qslb=2it7(mNkT5T`Pf9$CL zSzG--8({xkuPx}}q-OD#a{C{yYbqIh@l=p`>^7IG5@AUFrG@>qsG~1r5t1`0Jo4EX@J(~_sHi5QXxn6E_U)NCe?jONa5up`O7zQv9*Beh< zTUG5CxvSsU=F@W}OT{6};}l)SOP5_G?=59EVoK#1#_$g@Gm^4?_tw6ch9W@Dp(iku z8)9Pwryjdk57NgiQ+mF|p2C(STUt#sdIo0oxL_nu7TX69++)eR26)Fij%4+eH(_M& zgSAP)Ub-%W(ne;ZceAn!zz4o*ps+FY!_%!*Z)%yPPUxL`6|o?OQtS(|`W1#cQ6ALc zZ-BEnV`LvR8ocF>@?qqYT+(R7Rj*VxqMS8TcTZ`-Zg#vy5Zjb$q=lO~mh^gS(LWv+ z&~7&ipO3+p-@DqxCo`W#k9+#bu~XErn9GD0&%0H=h13iZ6jses4_^J)ZqQv3R6bDj z7Li^dkG)2^s}aYVH{ARlE`c!o+mNjcv4A@Sq;IpxIy>Jz(TE%`j#KOf$OQWFC^Dpx zdbh;BJ4R20xI=}}`Wkw9su!5o5hABVsgqxz-%z~-BwvXh8GjaPBtnX*B$f9?tUZ#1 z00&NR;wF_4wVX~^h#8p|_w~n8Vl)B9LRY#9J*-lgaMS^Q@4xd%S*oR z+(Ucc43FyIn`a|)`YBu^1(VWg=$NKw z&}>HNnZ!Q++=7vt!@jeE#_HF)wWO3mT-00@>!VZH-QZlfXLgjwxzZBr8_o2^MiDDQ zml5?utQFf68QzM&F#hbDNtmo6rT15WLbHi9cmwXhiRq2sRjfxj$9PK*V(u5x5y`OD zL5SPrx8X=vIa+AN0koas@Qo=$N;9a%ba1Qa)5>~5T-4WU zHPkqnJR1FB+Q{c(IqKGlUx;*|cJ-qrSj zf*?8_5R2QXbK{*CjteJ*U>Gkt2HLMOph&@^@l68LA^ip2TSA-6BcLJw&=mCIuTANhnvUTJyt}8py(bLY;S&U;x zhVw7kKfMG@tJW7=o>M%J7Z-mst5P4-MEr}%;e3~uL*OzJ)3R&dY}&EShnze;({0$^ zq-Pvz`r8v?AZ{jh!2yP|Kb_19)XuSj7W(w5rGzRU=D&YC%E z)#f6hed8vxJQjLXu1Sf;L4&0N`uK*!cTjB>WRSho2%G}63So#*IxyO1+ZCF^a&P6R z2X#-Jsa6}i09t&HbBJYQhQTjG=S0xiKQaHsiJ-v}T%JznxRi0q=(F(;4`Bm3J+4efRecRAP zT2EBBhn9v#-(mFIQ`d;y$wd?RWHK8|qe1}}S&k+;VmIXkO_N>PIZ=AgNhxR}G>~Ad zEJ;C=>J^rhSDQuPlI5be8pkSa9nrWzVk%uNO~ZLr6wG5+J^2pkYn<7e=8ohVgCv9F zPYVp^d6yt+j*dmd1%JP4Zu5wtV@~~%IdGT#TwKm$X3^twp={Mdiw6N6tTD33C|Ioz zU`^W(U?9B_RX6=T+&8d`cpyTW)n{8`4~2ukwzFX z6prcpe0dto_vw!AYoi8fs>&RQt#5P#at@!F#eCvkG{4|Ph&itqxS=|-0U}r4VS-mW z0thFX`KEJkD0{wtGncsM1Zi#hS}EcG($(sJ_CEfv>i*xWexrsbzxHCHQn`*>m2JDtxzch|`{Jgp+C2Fy*Q0JQ2Kvq1JJ7*|$J>-!*YM@*RGJ#E_X)-~ zvoRQ4_Sk~nG9onE-rwdO?Su#sA%vSc*Zehg6qwucvj)I~Vd2&M^cYc(YSxftv*DPo zOQJ+yU;DdS5bTb>^ljILJ&nxB5F{xOj*@8AvpcBLoy4^a^0O(>K~$Q6;92xgk6Z#W zxaS!bPL38HDx zY*Ev}U7)^X|4Q{n-B|x-@d>$Tn7(G8xazRsuKWxznfcs`^sF4E&4}wuE{iUMgT!JV z%L($lv-B{uK-b*7q?D9@c%^EZGPT5rHyR1qI1+LruTX$V7~p?g1U0|3wEhmP{!0-C%H>I( zlsubVB=;T|(MM_0Inu>)&=BWODLgxo=_5kH%I-Is%>{=r1Zh*6b8ybLh2Dm_pwsy#D+x;Hc`4a>2hOP-3c)bepK3D?w2iVf87<;jrV!=M z)F#}!<`?RlDUpnlk(w_~Vk;xH`;@r1J;e;WqY4#Th992v8A|sX)kP;ly=-d(1MpkTbV(M|@Ho39v z!(0KO0$9HE7V9_QIh9&6_?qHZ4yjYLr8bA`9tVR~&E@<8ltUk%McE#jHQ-rw)0+5zb!U&j+v~ znpkDi>@S~B*!?d zh#m%dx9kZ3cU-vmDl6nSVfQ4%X|qE-Ba>`v3U20QmR(h0i?jA62#>jN87h4wc!_c+ z3L1AU_A)>}#7G_`o-#U(-JL!no?70gC$7Fqo;E@*Qc|8q3`&j3r?yky0dUov)}G0*}8x!QNPa3HG#qHBH+Z7dvOI6+cNKM4z--9 zp!jno$?>pC*w-j9JOxIRseI#9TY5d^M(?AA>F3Puv+bQ2-N;&{PL!8XkpYh$!$dEB zrPDqfn)h#|@$Suy6L-E3>VJ1K6z!nGyky}#3?!69hSaKV@=+be0hvv7kZR!|KtUm2<717n031@{eG(=pF*yZ-UGAu1`cwhfC>`X;VKK#! zJZv}gxyz2b=dV3)OI73LN~5;suP@zmV3~dnmXn1cn*p+$uf%YC6*(z#8#=%-uXE#d zQ4~JQ0Mk$W6by3~*0v|VPbz=He3GcQ=mnz}f&M9beuDQ^0M@u1+Qj@w@vofD-)g?9 zi|%~NP#LSHCl}c`vSyCwnVn)N5l8bOlx$nw6IDwMuBwGkedR;IW@5GGC}&A^lqVSs zo!Sdi+)w*n9n7;Ai!GDcwjXZA%v*mZFbpojD#|uvYi1nwb`Pdj5bD{0&e%TeFUHNy zujAyTiaq{EuSkyPp7nW{7#l?b8UhNMwXSYaF3X znu+d}I{x=2!r>USj%m5Na|~i<8f_ae{h;Q7U@Lq$!-tja)${dBeQ) z{NRXj8T!3t7HiX-9OLkqQIDt19c3~~mvvZu+Ka+reBezciC8t@ul@{f9AV)Orn!V6j^sqNn?6)ia5IiSJ|3!^36C}z_rz)PH)U_}L`YuIYgN}Gis7+= zGGp2w-bWQKE~|p9;GfHOS#&V$$JNx}*1@0j* zz#vkvDtte7H_Od4f2^FJFu)O(KA(-r!||FroF3_OmcDA^3aKBvITsJSQo|8Sy5a2a zGQqya1<+!B$=%@FYR%5>W$1b4SKjLs0-8U3pKzQUr5NEi_~qD|XZN`ef~o2B(i^}n z`M|Vdl^4Q)-pUY}8!th-1}kzF>tYX?qRi*i5ff_?Ok;1*OXfymYKYyOi|Z6@JOD)c zh$niIX)57K>2XfSuDzwa$4gWBMOkG`=ntxcfsla)GM8dW5Y&onS5{A;!||ANY^`HB zzD(azHH-}hZuq0+8A&`2Dk>pEtZ7|B16vuP9t^%G(XXx;m_}1<%XunJDRV`w*>ugt zWI0<70qTFY6c0yVa#4?NNCgSmV^|hC=U}&kd$EBR?gxWou_T?GC<0z*vp zuo-jz>dUM`2!7kv+$tpYk(irnQpN1bm%!}Xp+gB%*fL?#Td|f^p=9!n(r(g<`=L`) zK+gQo?(-O^0yC(lG&{@c51jy_8Pgwf&8X`=H?f7HDaxFZQzns z+B$7(tkB1CN+)g)V2nUQxcBb4Luqu?rtqg|Z#KbXF?y71DxNm>oWN$^kWm80yzD+` zE2+BN;c=2Ui*DR``i~stqwP)nns-bl)}p{0u`8%+MLR+ITbRLY+Gm@WPH#?xR+Kf4 zXs%FUjUs?-fJUkoz~t}HtG%F?QMdP9&if{p55{`L|MZO9WhwWbKe70PQ0*|Ytbx#d z>Or&pV28y~kH$aoNa2G6rQI=y-|PT9;zz^tTq9P)8e#ps1}AjKR`7yj=;)hmj>EqY zB_zA1W!?3*9?}bIhD$L3R!dC|pJiQ_uh4}&GK$$D=8#G*_+`bTNW;=_ac-WZSv`69 z0XGI&79dK|G%Bef0uk_3UYY!JUm-Z->!R$f{FVSm2n|}1uNLN!EbRPLF`Ib7`Q(zW z53)FtCoca7FS3<7y+4P&#fX_wKcdW($%>L@_ld;if_*gUBxbTjsS%d>{->Nn@X0V2 zW*^Z)e%CgOCB|#@3Y0^nd@=RMh^*EOan7FfKF{+F;Koup1V; zW3IRYfR%aEM4J$&l0=(feKZ$b~RW>jqlmvFg-Szl~3>}KIz zQw^@3@IjjibI$iJVfNC#PgGCHVAUG_x!$|fnZYp+dM zkwbWQn8Gx?qz#_2Ra&hm>tIQ><*bV+(6vZ_Dpf3+Q2^r3V(gi3`mStMRauaSxwTb_|6p+pShNPVYnB0@ggsTk{g3 zr^OxW+Xc3K1t4QiHpDXv&oD1Yv9DvCo;GJl`5j_WC%VW;vs5y24e_?VCi!@48ld`Y zlCg?8VAq_#QnGeQOUScz;nH23;0rWD=G&%sb-=?#e?$KG9^k8QJT9AkPN*G*B`wyy z^w#m6Eh7gttZG2{!#CLAo?6S(Jn8VLZQ2MzH&>)9MzupcFh$&iE}`7#*Z8#%;d>~n zS5o3FXIC)Z?TTGtZl6ry3KC z1TSTFO{({@r1Lu}69T*j@6__$D!IB5X2n$37vKhkoZ#gX=GG@8bLMri#Qr>=x8{Dg zf-HjZ@o=wzC%9oYhUUs6>I#;E%2MUVi~fb*`9Z2uPOv>`xAbcJg(S0VX~e$%gYHaG ztYbm|*gX#|?;TVf!9g?ZkShHp9+T zyi$eoelr+pv#94g1jPop(PqIEgJsH7yqQ6u%yGt5MyyQYemROBdHQo3e{R%4(L9!Wx#w})7iFH{AS>@igrO@Oe9+cZ7M>SI1qhf+kOp*^rW-2c|CN1+C zpnhdI9qfco>E2a8lX435C`*{Amue_GS)F737|bk)^v%dW`)!bRp?{}s=X=emY-5;A z9YrDeNY`|nXXp?A>89}y!nqC}L`J}IQ{tFyy>fE6uhj=h z*)x_k*;U^?gqP|{&dv&0RE{UZr;$p1MaiP_1zLhCq_>b`W|;y7N@PV?P?sc8M$?jon*7pxe#$lxVj}~kHS|0%Kp`0W^LMyKf4$54PF`Gl|Uiy!dgzL0=$omF_VhG0Jq^k9R33Lz$%SWAd$C zuzJ5)V?h+p4oI!eH>36YzGbUwb;#r2t&4PIN%esczkSmo|5pbL|1+28?;n~Z1=I!q zQk4BCE>DrFjvAH<@+MlmHoBk%1%7XMkqvbo{{X600x}InDaj1v_ugq2CTRn6MkF#M z8IP;c#wVB$|E?u8gVn~$uBV+C%8RtX8u;9CP}PGir-#kgOsDD21Yf=PYqDSMPqIQt z=_Ef4fDsVcyYqaMuRDG(?ZG)=1z$i0Di)ixA^n&Ps3QqO^`pfzUb_ZaW~gfP5URqA z28Eb3vOqe*oxr|Q78qTL4|dH=I06T7(}HW)Wi_@?QhINOo+b@n$5&9AEKj7g2&$lV zBBVJF%U9QNXAnf?L8{RBX|aHSDzK0kb>$(}Am0?;d{H`7Bw)~HNoH|G;kFQ4RMCFf zqCqyHY|AHUzx8(h8Px>WT%{y0X{f&O@WbQYBpY)`qDy3|Qo+k;qFF9&8LbasS59-* zO_KE4fk7|15$&zj2E`G`8CW;a?&JEAA`1l7P>FF7Kb8V>F{e+h)Scl2v2}mbO&#kE z(8h#p07#;%ImqCb9-bo-g~4`#qG+A+_*IYrl~A@RILoZZqaz=2$!F7PRcp{cykk}y zjhqf({pbwgVraiu;VaYLx>^(ke!)V!@1O_Js8t zTwYxzDycV6Te7L*Pv|9@@%`D2Xwt5m4YLHb4k)c9lC=nZzi|?%&syJMOg_4SC=cmT ztSNRg4D~!tsB>oS(?mI%0ingF0;LlualO7X#?H4AlY3-}NwM|{DG)0@SCcn=a6 z6fFcZ4{IRykHhZ-hT#?x6YT1_PYT@-Ju@M`<3_kE5wJ@)-vqPhQn?kVqQlsS#x?Nk zb+b?Gul;O5H$*T|HlKFbp9JzL=eWD^43vmMqP&*SH~8qYW)Qp`#^>MQ2;C`*xEqgW*86_k12?h0F^pZ$Px?s zBk$M-!HOuhv78tzRrXUb=N0ZHeX1drl*tC~WdU#Tq0&0?`?|p#n1m-sirw_{)a=Lm z^y&8Z4L>{)AWRlvXXd;#1I3>l{cb$tqb5ArXc=?s^s2yaUPR-Q{6E)+RJT}3Ro{9F zo{7)Dz7PIU_an&~-nb1Kp5d-Wy+Kb5AFA))=%7@uZW*6sF-XmXJd;dA2BL{*qa4xCwiK&!kPT@QsIO$49h2#oo^(yoD^dqm(HHw1 z4Y;!=lsTtx4vak+BI6O383+%P+cIibh8bpy$}NTx7)rWj?7H4#ci;$nDfEj$r&vPq zt}q5^K_A%!cfDKsDBAy^q8ocv*ywBF{KN^)9uuvtJs6egGK{#2bl8}8z(XoRj5o~_ zFUVdIz`Z;#T#Fq_3h|{0UUywEaFe4%k zm6_93@ou{%r(JU%C|=`6P`xLzw9f9g3C6RGJ;r(2uWRFf=OoQdUy(9bi*iPdsol;J z+lHV9D!9@sQ(`gsO$CV%Xo$i9jW?yzDJs-<-rKv?ORu^v*jZdKC41hpfsY$_H`{|D zs}_bR&-{P3sS^v5VkBn#X1 zTjXwKsL-pp%azBw`WZY9*tp(f78O$z|qZ&F%x5j*W+8MqsziLb6#FH+e z?GR?G9wO$s7KoggS0&Bo@PnwkbBqlTEbN~!FyeuiYUZyfB|fl?jCZ^kV=(ys6-T1b zOw3$*3xm`LzwGbObK*=`ehLu@?RA}?S>Y5XE}e&-_>J8o1H1!#e#8&lAU0VY>exX zM2AAEI7ycg1?IsTnWvT{0;A==`}^I4stqGnz*kkh{7($laqkb!uR{9ozyGaLO2)*= z>5JU#L~HM8XK&)@Y+>T$t=#K4PY>UDNaeaF&K!@4Zo3cctB0;|u^W%As4=?B_fzLU0BMPG1PdPH#XBiCR?)prg^<)7oP-yo^T z^e&FgW4tn@!`&QHfq78{G1 zwRO}GCE}47#F7V7%goThv}m~{#;VwSfJUN;h3hxoP=}e>M-Blx43SllJ-nITGpVQd z-yKtPr{q)@W1-1n?p?Q<67dGEzns0o`VM|IG;QghUVuykSaoR*44SS001*p-K>qkM z<-~1(WZmv$?wiWpgk-(R1@Iitakd|xAgEa?GYMLSDgyPK| z21xwf^3xT#>U$1^70U1QK)xA;nW@jw+vb=LSx)@-&DV?T*l%0lZAuht^shjFUF%UH z03v<(I^r+;mq+} zMPXC&hX6WHLB&CnMY;tD$!3|r>$mh3I2{S#U}vuOsMCQqs`_??m_-=@G#-996z>9& zL=XWc`fU!gE)J()4-fC3p!UCLkSGeB=&6lkO^$-b>Yo$ajSSkGiPm8P;_eU!jW9r6 znN=9C&VKhuR{748~lVM~sD7lX+nz`%d&U)cuA>AA>&lWJ-E( z*0v&suIF{r1)+I!M|!tdwy&8}lMSv;Bl_4OYW{gEDSqryq|x$d8`lyPk3uQ0Le+%_ zm-z@WBp&xKpHR!DBV0MNl2D`Q<$5(=J0jsyFT0C|wlzEa&R@e}`N?a2N-i-zRUF_* zf5Mf@vQE0eHkJ?Tr1;|faU)GZQR`3)Qf<+k)#Uvt^6o!VSuqx)zRl>E8@l1>gh(z$qsx;@}ych7MjkKuC$hK-5bVeo%QU z4F3gK9J{vWx52>9B7kc*oBs1UWx}@Y>-7%0LtshDID$E%p)Q!ct5K?r8?K_voz-DSTg-+34!l*87pPa=nQbR1I{{xr39`@V8Z6l|h4L^s%i0$K-c7<^w|Wi<4N zvjr96#dbFObCMVS68KSM=f<_tsXBu_2nDDDRkmQ{>S+6q@TfU*c`6>AA=mX=c6C1S zPaaACF_{KmrB<9>vUr2;pMl;rp7>d*h?=oAwma1QC)OIElF(6U*&GHlj~l`eID8~o zFVlG9)gm%R>UEv`7o`2w$~D5vWHPg`IJ<6vH+LT86N5l82Ujb)kxf(jcYVsH?oM8z za$X#TyGv*nnpHy7j{ZZntSN!qZQa3Z+Np89`B3FHG34~69t&ixC zHq$V|ndFue2fm_qHq78X)*)ez`$}@tWp9sL+l#X;!7M)kFXR5lYO<#soDORk=TcZX zy}a?Uy&jskWjBblGnO*g_Hk4Euqh5EnAWG;pyvl!lXUdF2G93+z)VF{1-~T271P{h z6&jqADyfqw6Lo`QYXG3`TJ;??eAx zmShqmCEHIAAMBe#O0YYNsyP*Fef1rls*o1m9}-^tEYiroVySvBaClMO{u^u%x>i|f z50o!c!Dr6!^5ZbsFC}b}BL?KA>K1i~=gJl@&%L>H(F|4QHO%2@*5AP1!MoZW;9c;= zdulOGBv`=%jkZP7qchXf5n#bBs?|D_!BrhCMxo>?g%J(y$~AeC`O57WX$@t9UO3by zp?3F*tI60FMd|m64!YWJS>A$(k5p;i(-|LcD1-y`Wn_m6QEGO)HbG%&LIdwgx8I}yKs>9aj?ru6XlVZ^P& zl1AhTCHY4Wo07SfqBRc>SAlVRgecm9fk{)#s!yKV@TS*sdf=nbLHu~zqY8n_l%-sB zqy|~1&%$mZ&lRG57D6K>#Lo?pLDIE26PS(J9J8$($3QH%`d$NOTTw$fH7iG9bE5P9|AP4Mk#nEBZnJ4QI0?qHF`?$rT1SGD(S=F;ZcVUBGt6DNswZo zkVLtPtS%B~-I^{6J6WPQrLgkkQjt4$EB86g+LZ``h$5Yi+r0azC!2h`^$-mWY*i?- zi0|gk#KmEYn*?o@k7w^vCOYoHA$<2bC2EoqUy^s#cz~k{e~X4@QL99`BC=D)wl*kzVv~ z{Aln$83M@0?SVh%UyIi9NUxn7(8sc>vhyd&7pU_Vl&?9IttV9Mac={$92o5f#h-+Z zUjSs)cuo=IXplK=o7^~~rF5^Jvkqsc`^vXzeiNL8awG<=tuCg%eS(w;{DC}ah1z%S zm#}^pNC%t~)53}O!l_cHJBtx7?RM^R^jr=(ez&^tqan|;dD0IkVYNqf0kveQLk@Aw z^#-wst{tDa0W_K)#-VF^qNO*PzCJID+oHVQ(OCM^XdI04B4N{Sj_y?srYTO6YPOAX{C16|VQOM# z%j&B=j5*1qlnV|BGbJe6hQWrDsFkOjpp{DyXY-{nsVfVmW5UY0;3*D8->|Q$8yc6u z*mYl_B2(+LeDAe8h@BycT}vct87j@MVCi4uCrEvpRO$p$^Df{ zyo)aFn_qQC?u%UT9}DWAUkF(LZzdTVI2#yR*c$&&u!4UsTg?A@sQ=3-5dIoo@bAO_ zJrgH2J-xJ5vOYgZ6E-|HxW$i*G}k~i&C{8)8j3*T5yj^dMdKToy@BR3(lYkvJQyBj z69oU{2@05?B#BX-{D{!_Ue_@fT%DL=GKeB#A_A=Ay0{6Vx`d)*PqDep@i@hl0RK?$ z`!rhOG|hAPwso1t``HVS`^KKa3kZNBf!v^!R1hs~(_XIvA=0$QZ|S;p6^F(EZp~c-ABF~$vWp(F6gHopo z%A+yJEKRmRJtM6orzy&9TFoF`MVB7}(IC_--8WIWU~{a6GiuCz+z*`y&RnmO>CXW? zX#7J#X67uOpJF@|cpVT2ej1*q4heTqRytS~n9yL~qPC@n1Xq;*GqUm7T8E%S+O8R4 zE@0MOJqFnGym?C9x1;FFlpHr|$f$SMeBgl4oM<|amLNDe#DCYFIhAy6E(xV(S@JiI zX83J($pFE8o*5{P<$69shJJ+qbLBTbBXxVEjit@SDKr`y(=^;n*;1T_N?|8@c4p=V zWAoO#coP{JsX-B}AUr6A68*UFpUkyF$bbxanzOSG7hz{lr(mPAJD0=U!5C3$1$gDz zz#{7_LO1ZF$U3oz6H=%$yRDVcLX1uJ_orHHGfMS5Lz1bn2*}qTVnIG4k`c9d(iNwa zk!i^yTwd&8laQLqm3!p<9Y3UCPvQcznFFkr-0Vz=Qdx~)Q_vtlA;wR_!!4YwPI;1( ziOCICXb%xgO;%S^!!<;eFVSI-Aq;jcqn}w(DrToFBQ4vVn>5Ain=qI3hkOF{H;IYE zDJxKL2z@JQW`do%%p<@~)s2dco<+T+2ZQ=VDWNt|;4BdQ+AsrI;eM*4B_~fbCVX4X z-6Q-0;H*)LZlwHHmoP&vP>URtS*g^I2(MZhk{<+;8VZ2fRTp8Hh&JzAWAf9Vo8VH` zj+C;7s%D8dT~b2(qg5LM)KS!O8IFAGfRYj>&0;1Gb#5s&q*Pa1n57_8Vo~fIr^k%q z4UVvp=kBkerKrYzhK92JARyN5{~aZO9^6GqMy%5dd-7xhjBBpniEVE0kKYRxQ~ z0g<~s*5#^Wm=}>_9-fjo^#~k7q9#?$N^?Z!N8r3wcG8ziaVN-kEH= z@@m!T`+j5)D7Z9k6ZdXp+#>Vx?J#)d6aF@5Tg>GU|F>_99?HmMu#n)E5`AdxdW5Jl z7s=x(Bjb~t&;~wo2>oy=BQ>(#T}YF{+AKorOdmY5Psoj77hysvs;rVZ={aL`xhsNf zos*@kE!ImU?9_|>M2JZ)xofhmI{sHO3zg=q;giKcJqS6QNNSF>@uuR1x)O_meNx#K z#Amjm{je@-i(#2Q5HPIpwb6aw?4Qy{G)RvojT~Auk|W>rdi!N?nzA(`odRr!wl_!MolC>OTkk5FWMTqZfSNK;yE}OT3J!g-J(_-0fjO7s5 z5Y;JM{_7pgr^ZkRfL{o7qi{r_BR*J3&zBzQr2hG#6n(DndOV=>MAj9i*7tbl;V7OD zbZn>z6hZ{IhCsmhBw1pLHsP2381*|-QK@Ma{T?aeAg)UCx*jvSvWx&bc*?~yLfkiG z1!W4<^wP=tIh;MUC}y-}X~MD)MnZJZpd<$5ax4?ky>A0+Qae-$F3$D~4)%umvA}P; zxH#m#;)Z}pHV1?7d%j6m#kma10O<(_YkL3-Bpb=#DY|#4DJ62g235!~q>Q6W0&m_T zvD;a4EM_y1NfE(#*>C;5h!AUlSGrlCzhnv(G=m!K6fu*`UNw6m@soF7nLyKl$M&W? zw~f%tGX^02FURI4d$fh(xxCe&tA=>g*G*DYUAgT1o;kts+;Sml6ZVAfsPF$ z_?k-weRo-k^%7E6aG!nCxPg8YYO_!mlLaeij7w_iprKvC?g(8DBP^)<_W=9n%2^te zS$;KR4p7G7B(%G({(S099gc=2lz~GWL7Rx7{bZ?XDCUr(%_3rI>QbZT08FQaWI3Ta zOCw1%T-0`{FVk=qJ^8yi&Bx@SnBsD!oHRjFIhD-FSWEZr_!px2aBFH9CT0+zW6&>x z?)OxCNy3bp%)1ir^G(QuVM49}A4hsN=HMduaPa}~O~-V8c<2K|!q)0t7Mo`xLWBbo z4H?Syb-Il>HrV9ty+#CAp3L@kiAcKlWXV82^qAt{*Wf9WV<-y6oS@W+)X10q8jb{4=DDq+`yDCf)CeoeIKBhnnePA zq16UvGgaqB6+6axi=yA}tV68h#wpa54HhYZ2lzoW(+eiWdb*&YXM$S&DfiuW30E54 zD#X88uZbXDiZ#tCrUX7rR{rG3ja5!hHltqQyiI1lULw5(Ig<4wvu1k4>n`qF6qa@& z*{KxrC&)}St)neZZNI8hr|q~zbTjr88sn8z7QMZ_hPQ{I#W_`QZuEqSn1{$kD?O4uUrK(j8kVpd1jA`jWV zf2UP87%0z*Beyt4utJ;N`Q;$jXb~qy8w0ZmrY((j8hN!$Akw-VJ+oe$0BDZ5Pa0`k zgAMvmW9EkTsIP7CGVR4Xtyhs* z@#ACAV}WlUm8HARcgO!jkK9YUOjxY`^nxYSLRuFY`?iU0%N!+_7`-mYDI;RaB)&Dh$7@js4C8l)+ocX% zgDvbz8?2#eoEM2AJ)}K(O`dQe2Q>`ATuUfpa0~#W0yOhyAg&QPR9jw9pI*lBifBFc zUN5KxKS;I7osS{>(>X1^QTO zS*MT(EE+*`G2_D?xT3iXG0)jL6Y%Qg4X=5);Jzs-F zlEZoc;_0X2vM;h3GqVrx2_x$E0=(@7pEELJ3#mPja%Zs_-eL>7ZJ^Z|1DHA1BcQ!0 zuKY@2vQlG*^TF|8$4Wiag(bg}ixMe^*)7i98sl!qs}%`a3cHg}d5d>7)N*EwRk(3W zw-qLO>diHN_lOpC_W&L__wWkS6-auj%q3oPK<*AGyKr*{)fHo+#pAi69Av<-m~Ciw zk{`cr${eyAbcX!E6t!*!4Z5Ojjl#j!t5ob2*6;#iJg?r)cj&Gn%^~G>6i8l^Nq3Zl zSln4Zpj5eRw@enq{~}L%lY}oo_((rZ10h+TKvPIl&3-dSb#A=Y<(gwW>(293Csd_6 zQsSN5XW#|-mR-(v&3_4!H*fniycvR)Eo1UA0-VD zta~AUw&Qh*xFxloE5xwdp;`mayADO zwzYgB*fBt<)CWUDaLA6}H4;QBo0wQ5o@W91l{yl*wDXuBg|&;>skN-Fk#U!UGuT8M zncKZ1>mQbscZ_dBe2Mv$8>)i+RHyUWAmPvHEgaHaIVBVjPV2o(}^Gpwp`8 zGk4)|+3jBQq>4DB9w<#|dZrGb)FVKStI~kCdbzF+G4YR8Z*?X%nRS8B7H24tHOzcL zilp?+l*N>dY|zs*Qc7&-e|7lrpc9YKEB4tSb-wXTE8I?ZlupZE(uA|YFQwD(T#k$; zS-o04EH&_8hG)d&caDhUp>5-^a&k#jgF-|$7LH!>A(aTh@6HSC8VUQ=u6w*=F6a8b=^Azq9 zENM*I<2Qr5y7a$%dqnxk$zB0JcsCUN5{|f{OXcyXy&|sK@CmJ*cQ3i&w`{l&S14mh@DpR zifrS|yiA+ijRL^7bkJ;1`}PivhcEfuzwz5lswCz_oq zRTT;gqCaX6BzYeY4iJ=bxvT(5?sbL?hY>&YQKx zjK0vkUi|6syx&RtcUEwL_Jc?U)mwX`+j}Y{{Hd3LL=G6ngm$8bznS9oTC$+_0OCx_ z_!I0$VhHIRChYWd+V73H1RyQ%!khWLd86#ETHeu{#+@tsgYM)t^);-yBz_!AK z;~9c(YcvwIyAsh(Zb?q>cUvjE7f(Jd%$ZsI87==ib-fsoI6(HV={^cx-A-=NW6XL$ zJ7YW)5dAyJm}{0RNg$76B(`OM(S9Hi zkl|W%C_ZX0TPqAw2@5Mc;w1<}GKgC(RoOh+!M2#fdLgydg2#e~S%gO(b>$*Ryz+YW z60pS+?PHUy*SX-k0N|O+bflqLyyE>VsM+&n!wiqdjm^!?q|QyZ7ho@qCU_rc56l$b z4}QO5#bYzZWERGTa_tMOAM`o_~zQtEYs zX$f_OXQ_zJBxVj@y+VCs8Q>?T+mlC?A3T&(K7Mk2_99d!3>j2lmAJUt9CS8WQV)Zv z9qo!ZP3wFGT%?Hk5?UI~sy zo%9GINcNy2Kt)ntq(O2cQnSq7otOX>*CLYOb1Xwu#au1-0IIFV6Ek<&gSgcOjS_+|2o^fi5i%RjqZ9v0*&0 zWRNDdb`+L~(O57PS4a$;IAa=?SP5|d(H@lX!hBcO)a51C0=+ZGTN`^u%oVfAeDtI3VDAH(kq3e=ze90vwK^&} z?PJ`Sr}J{Am`3FYekUIJ5n2bM!a|{gl0S#_Zh>pufnW}@R#VyXt5StyCK*W;1w-si zh66$(T=YO9y%e0da}o!wS#Q5MYlu7}_W+i&=&$2kk8r+xCbQmQ@_os~U#TDTYeZ&i ze`wD~;X=dH;tmrSZ|TM2H+^;ocW?Q)x=CqjjXO!?*+GnL)pe1rU}3Ou(DKY2qT-hA zMDXr;gtYi)EB2i!3^*9w#PyU#UxeS;1E`yp#>@#^as9u1C26u;>VGn)=wOCiMK<{u zyZZ;yXoM$WOp{DLmZr5Fb(Ab-if0ULa(?jNP>>vE7!jIhs*Qn=KfzsQH%-j!S?y;f zl~edqO@0-CJOMBDZbKId4;L!bVxKD>L3TEb070FP%UOjjwkobV5_jvS$EBw&o_hQJ zh%l`i8H7`#xRAa{S5NLUyHPjSVYfornm%<+C{%K0jz3Z`cE^jWg$Pne<>)4zRlfR$ zBij9mD58^GinLa6tE~trw6IDO#l#P+$`}o~VN~p@hHnPr&c@4Cjhp43 z)|IzwDqh`KMaL41%(~FwEuxc|D>fOF3u^F%!^HkcDJFVlNX)BNYW;3*2Hak-!<2>! zD=A_gI#+772U2|SG&-nGAP?Ya}5$y!Ej+T%YF zJx@r>=2_iky$SEj#%|boF35pz#n-*VZFCM8drdqZDTEq5e!4fB{DhvXZT2lTT>((9 zwq1&mmBa*k>j`?t9ie#CX9n*9-as2eWSdB`swVA>RQW;NRZfsFZ-N#fD}F-umh`AL zT(swq2t9MIJghT$$ShHF@bHmh_pC_x0$Ol^I_oT~Hkv9Ru`!d7BTrxHR3$+VbO&ra zMKgqIxBY;uc*BSH+oMs7q78!L$k+Y=1nG7Y%oAMandQYj<05~>_KTUzvrYdiyZ(>U zwYPMFPE_OXaDV<=%zo)R=<3_`5@R#r1RWO~wvMv6qI)NmY=(T9wcYCE_@})JASJT1 zi`U_LL}s@=5APSdoK5ue^XIRh-NHf?e{g9Ya4Ftk_cC6S)nWHGh`;!GdID|~dVqIM zV6wl3d{xu^Rnhgs)DfXs zz$_wM-9u28KO?Jb2yU)Bz&DV?>%PD>YVvGE@vvHhN;Feg*JdP6mrWfeahLa*xHw{H zUJ9*mVud|TaW4APPYBRp0s~g+WP+^mYJkV*)jqQpc`A9T*BMKja$$fOVMm9G!a%uIZP5#hMM9Qr^HhY3( zw#?%!UD-p-xE`hD$%(F-YMHzAxMk^Yfp?8@UR;ug&TF6>O6ER<9-}4yg6MI^lq5p- z_<2&G6@iB7209WmX5DIsOnddhTh?TLegyzCZc-uQ+RrU7O9BygAx7?4R4rcB^5ja8 zQW8G##NCfPV-|R?5aZ9_4H+z;D4+&x5gd!8x5aM_6oF#6mOf^VIqD+YCW6c`@E#xdG_K$lvzYom#AvvyxxFd^5LPx;SbIm~Rf}HEqA3HYLod8*nL^ z-S?c&xMzfLu*VM73jsV1+}RZ6os#k|nsjr$Tg)W^{uqD`rEWe#P}|?shDTW4LH)=> ziIRmMVCcGp%sq-UG+%$~7`Ax_vSGk}{IL8^i~r-=Rrg;8yHox9jN`wjy^7MZ8+>qC zz!DO#5Jwe>HGl~9?7M^rFj(q*0uWV!gt7f*`moakBhAa0fv;v*uRlLZ%MENS@T!#p z+f&wFo~I@^=B^iJLPUSC`A%U(g00FZo$7{r$6$S3uY=1Os0{l>3Z8_%=uCBk7yw|f zx<<$ZdOj9-2zH~;9Z?EMp9KCS|M~vwLhXUNpUUBCnU^C~Q>8bMbO7y%FV0t{p=$@j z`UL0KIO~Sh%WV~RWGjm;)d+f(DdRLl6`wh6<$3C9`k$Z8ZB9G$U~J>mj`hj5I# zbI8t_jZ;Sn*#)tD9`DpsRIPnKc?s7KT6D4;8N)$9(@xjdjU9z}!Fxt29T}Oj*wR!6}-J0TR88(C< z{UBE!1rk^WaNwVQ*^mBInCm5$qvg-%3*c>>9x>@77aKk(4AYTe5Iv zA)>DVasz&wc^gu`CmW5*`9u&kR}5?5He>u0sG)(O+lo_qzcMLQ1il{SQxDB-L~G(y zH``Ztx2sUuxKhO)>ylJYL$>WkF}~wQ8KmUSb!+#8*0+^g7M)MODeG6lv(5EY)=YL` z`(vp5>CFcM^j*=S%FJHj5P#vJIIpBNJFX1U6nZkbbdm|$G>{wl>_usnL^0CQ_q;{x zq!lWTvBPo;RP=kj!n^PVduVwkuP(zHClybsq<72_`D}YP2aQs|l51koypcPw7-p_J z&Ij@V&6wpxs}nKDin4`DVQaFHBKLRCZqN2!nD22n7sI7*e;MApFVGV+yXZ?w?16;AX9qK5czr!WK(hy@ z^~u$*|BPWsXH_v>g~q>vC0j50vnN=AlIPv;PJR ze};}8?uH2_$N+8LkB&Kf^#IC&yJY0K?qpr-T4LOHas2u$f)aNWy>ACiko{iBaW3ss zm{X+PS*?SnE?yc)X2np_ZsCp`wa9f-{YZ138y={W_|h*ypPT@baHgZ%8geI-j%wtv z#Ga>p)cR3Twb=p1%d2z95vpE0M(O52Y+4u&tcMa?&!e4O)1w1*hUR4|d40vluI+87 z^ABY4GL{O3nFJJJkX$SoV&-}yK~kx6XYlPs=U#ka?JpnZ%SI+D{n16o5tqSYs4M#b zc~$7TMP-{N7QZ_;4~^_TuL$)eOyRg~X0 zW=&4~VR|U6yGPEA`{n2WIfHIY8_YoDu}f6&)-3=FGNs0L*eFSYR;`ba`-D-QU>shU zLYD6O52jg<)88a=}7`)?}?KLn;KHsaN`HA3`3EL(7+s*yn zeHl_Ua+#QFA)Ua=?^Brz2A6rAyN|K6ck*vU_JSSq8S)+9YX6o%{0|ndhW|;1^-uC3 z_}wO;Z)x;bcJNPu)<45tzD{O<52^{0sgX+Tax(EJttGiyIGmtR5QC$0HHoH^bioAh z5#lQei1RC1;08f>pq#SZz!~?unzyX?m#Z7FFC|-eZh&puEwJ6tvHWNwEYneM8+A!D zmFa$4`Cv?A7H8YGBf+XDTlO7df&p^$Lt3h@t$wF%Y)zYn-ETs!oFdG#Q9G@X3IWNh zP5Cj0GN+!|KUw`w5$U?vMa?i8Z+KhTx>rOZr$)_W>`dBl+umy!*`%Con4f4f{wq#) z_c~K8QHCv=e=O%*30arTY8QBKoa;6hh51$kjs&?6emW+Jj&s+xI7D`s^9K6cA6!WL3dryRpj@ga?>!HHczis&y8v5t1U$D^|fH4Jt;%WLx|MQyo=M(>jrn4X=X`2i_ zxUP4V$V^FsHnuBzW!S-CigLhsRMIK%D!oXRAg%U}z*gli50kghDkX8R+MhEX58IO( zG$g1AkhwGJhGfvky2z`5{yGnl-l^*w$rgc0=7!T%atJhD&Fui~!q5`>F)A1o!cJ-N zzaq2@&iL0H0BD)?gXS?{(ey`fhs0aKbZN)^@KB3E#p7+lkK z)32mA7&K+MA<`jVB`P_boTC6VaWa>&B>2bBDSD1D}fpNv2LRZHTqVnASSOyle-$eIX zASB&ki&MK@EU#KsO#C!6WtP@LX~3}=X3C_!U}}*kaO0)T9lO(0RLtQYEw;UAh@INS zm+Btg0K)m08jgvl(}lCqg%_Qm13w78{Xgc_QVk?@RS@Q;0OewL`l& z@z4?Rb>i`Ti^B+9Yr79swX}G$gKJSULmLhGM-;HzQI;MqiylHJFioufe~g9i(6QZWzs(Q^8~8bizg)xw0fDT6V`msq#Vone^x1xr-`sNPy9IAP@eRo{N9o zh5j#e`JZttV`KRD#{Qp^{vs6(56mHS?~&xj=E~SXaVQ9JaVbkf&N~4CFxBXQeL&K; zSTPuu*>(#vE1THH^J@xc_xz%u=0_=5Aoc1t=vyx5>|?VtX5Qc&K35YL>Kc{!gk;F6 zNaOCCKhryt-fvGmpMbjrJkbTvR}ci?Lhy)ewptx|WyDqW< ze1rP}xx7h9ofjt%=5tgXN@sqSs_yE2f&ipP&%y2TG-c66%9qFs6csEk_Gv+xl*G}1 zY^AxJeu8XNwLYLGorP;GR}7btR+tsYR&9l{YQ}22wiK8IlCYh{xuUyrat&kg+RKzO zSTT5IyQTm!`>A|3qqZA!EauVj^-EYP5B9{ig?t*=UV0oE4y_b69lLE?&F=`F58Rwq zDg4lN^VmD^uAZ`M8!+tAhz!M~z`qqW9Tt6E32Wv=jYZ7j-P+X<>6-J4afYs{UiLy&Fvlr&>%3BH9Sh1taIXf3LhOY#N;Tn5I@z zQR>ko-iX?*;yf-<2H3fzNi5Y?dP9*FEj_jdsmj(eOs7D9@-M0=lVgVjM9CD?16TM3 z@JZcYc++gM3tj8wG!;&{@_J^o$Y!(3ekwg({57o4xMl|3!l3cuob;SsTDI((3FV#R z?KaCBV2z_ZNIbF7PflynJ8-QSREy!imaRyFtF_bi7`DoP`CnDY`+$FOgZB`{zAQpG z!)&$d$qA&{5-+_xWg6FY{+c8~$bguwt;~((gNIV|5fkX6N|}!#=J&H4i5O~}8P)A6P8hY9cY{QJ05mz?Yy+oA;lqI=n-muZo5*jkP5?+7 z84KkUslE-%Y-(Xh$K%6<-ZC}K8J~{xg!_y|&@I(GEDaZXM>{ox3E1(rydah_(^!PHqzQ~LsgrNyMv0fT#v9*OvIlQe$U8YPrBieu^ z>^rlw_qt;UF0_scV(IjT$#QFU);AQhwOJQdQ#BXE_@f2Bnf3e|^WWD4?xxSyt(ioun=f*tQWwMan;oi^)u zwf#HtZ&Z6KBB(1Lt-GzmJ`^T>>>RDY-$jNM9oz8cl%D2E>MhtUi9}{lXP4(O_*)Y} z8K|s{KpXZx&xL)?Et#iv8%4o>_K0r&dHKjiG9&zu%4uMKgT~hTw59%6$SM0D9jvy1 z5K#gbJ5PG_wSI$^4v(&ebFEDEO@S}5Lq`UCP+20v3^a_eZQ&bzhIU{lA`+Kr5`z}e z{OfZ>qE=MtVHP`l^gjan+M1W$kLU~tuJ#@WMlOW+HjUKHlHHcpkPbSpEW@Wsz>;l`8P#X_Iqq^8BcQ^wtJmiJ4J9rYT`>#K#@=M;5j0W@qgTr(Nps%ZRdD~c8 z)lX38Ijrr4YnBUaA$bR5Hpw>c3-DBUhh@>Ka+VEfT(e3 zmw*i2*?Ylq$s}|6?44tLiqZT7?(_WAaj4HSM~hpUh4=dY8Ug!T=VDl7 zlgtGgrp^>am9Qp=8wks>Rlh7$Fon^)Nx-+@nt}6znw!U)pl555)jhzAit(-Hh?M$^RGDe?z$IT0 zSTg{4hjeyL9)x*0oyiNSMEUhz2-(p<7%+-ewmzTTcqe!%Vy!U?Df z2#H`$(>Yp|)hG?gRn;@}G#4dl1~V?S7j-Z~?Y*AbL&-NvhK`;3PTDRwkB6(vOJ<}i ztgp!}E30TNR5@i$t6Zfk&L?(uRZq>|hZl6D56m`CkwUE;tchriQH5+|Q;=UYlf#gR zrVwWuv`z}UBw{bfX^J+LV>TO50O#=upbqd=c)>7m<~$7Qp9-}^;$)h{j;Bw|p-+#9 zW;jWl8ll+&QeMz121u#QSxX>sD~h7zK0&xrCqvN25+& zCN_pwY$ON52Y-TCw+oYL_Btnym`~Xjv`*7yX6uYkqdYuB3?&7%4N1k#h6fD=Nl~as zl_W!?t?d^qIZG7EqZ^==431Cp=An7K^;#)Ib!Z;5ClpPN^ zC|8)L-J7DlxQQh|QQjRJj9|jYYHd1RS~*S4#?z)p_<|n&ytAB?)OLq;+w$tKb=15A zLKJn-K2!1~$zn#z`D9$OJE?^3Fe)3m1v3M0U|?{aw5|GCYnV}N1w3`%AW!mQcvI=& z%s{j+EsxHOVyok7BfuwnR;>!??m^64w!z$7!L+mZB_r^7UsZw4)5M zYfNM&bG?YHSxM5L8g4V%&=tbK@*#XipqfB8B6myDlX?85gQQ_{H+zG8Zo2<_^ zdRKv_Z1vD9CbA0&mPmM=1?ry0WT1~@G1t(>g1_62=)5Dzhakt&O~0L9zZjM9C|1Qj zSa$=`eNAC2T~Lg%O6`-AOb=r1&tx5C`oT5Jrn{*6@Ei&s_^ZMOce-ykn^xZ8PWp3? zqhE5lhV~RSalr!dfDiVe%*lLvc}YfvA1MBD(I11Xk%kjfFBw~9wA^4cfC0qcTF0#5 zU8d`1GO*~sr{{QsL_`cWRxN6|(*tkGy=Fp(`a@^QqM}Hj z@v(7ETHs^xQo(=HABVlcc_x1=L6dHwav;sXApv43W4VDNwG|4{RMB{Q*F5)C9KAyv z!T=qw54v{X);vNWD_CJ>UocXxMG;a6Y;2D_G-rASZp~ksaN%Sd{{+sOr;cu|j!gBN z2O8s|Y9DOVdI*@%+F=Rd-W`1RL*?N8=_NYL5uQxoa5+=x5VeODyXP4rx`SI7 z^b}cT6-;i{1By^3NYwk?5{X>z1|aAft*lOndA>}$Sf$g8YUlt)Yw8WW$2&{9cd7G8 zl>cI^Bp^nBE!DpZC+-tgfQ*w+-WuYJ&+-FY#z_ry?>Sk*(EGvFzx& zJ4~dvGq1_a#A0lmN?$s!P>sUaib(iCzE~N7(6_<-+H++FJm*s9_5z#O-|%Z zk-JMb~xupNs&6@LnRnjZ|%?kdaT>tD7{EtyaYO;#o zShpAn;wp&1TpnJiY#q2&SP17Fft)zL5gKHEG$Cyp#^{k|Dho3I3j&e;u1{3@Lw=aC zWeAvHV_-7VsQV$y!T9a&VM67HY%QBFn7e)`#;Gvwfd5I0)b{amGhI~|b;B6ocC58x zJGG)4XE*WWldT%bh{8x*w!tZ6bCCop8Q&2Ae7N1C0bX#c9}raVW*nNtYli|Lr^S*5 zLW*?3CQM1K+Pefm5Cysg|A01zFgRLSs2EsnysKuisHI zFJUvTb-SPgt`$JGUik6YG)ti!Dp=8WHLssXt1MVBRQ*JY9%7MaeX0#x3AM|z%9F0kKs(I5G5f$slcsrf&^tN#}1|KPb*zcl``)ck}ggeo-a zTU97q645{sSRn6G2T;n@l}Dfu2SlQT8T(l*WxPKLWZJcJ^MdN-a%Q0=IZ>{qo$Ymt z`^xJncfs@B`O4rsOH7sOFn#&w>d)0i=FaEaoyiaGSAtNCMG3ILT0kc#QD_I5Ul0<` z*%NC=YV0Me3tW0*ssffHuz7Y^BjJw&Q0BEl=l3+Z#olaY7AwoDUek@~s87`ar9`uC6X zDQve$1rM-Vx~6J*EL5TPnw?RbOe@m4^3_@VuKTpXr|>Tayr4Q(x{XU!tgI=T^%$6H z=5U^;!S#5rQ*7}9L2vQaZX@W#9>S9jCz=r}CIko(`UPE6@pCyxJS0|OcIMJ5xGYA9 zv5ZYOe2uq9?WC)BQ3vt45c&&D301;=3u#NnDQKh9F-7ev37W8pJD2}x5aF>oy|>qH zz_M#or^FFL!bXS=gd30#HrN2xT~$7VCC)FX@+zN?A)XMdGlVUml9p#1wmqjgKeIJ~ zV~CFUHe#k*_$BR0iFRjR1U-OjGXv&OBEUx7PF`DR3W<6X9l;y*H;UnBrKWN`_WEFXN48)7CG6&TAGucxD}whI`Xt$b;>lwFc!MAYg7Ws_O^urxgsk>;;th>Qko33CYscvw8?Lg;F*^q z(UJ4K*g)&my8IynHw*e>XH!f0xy4M*Z48C;%<5HPMWXt4h>n7;LpfdFQ#tU+QVv;^ z2gXe)N=6LSYfLra39@2}=WV^-Y!&i`lIwCKaV^_I@>Z1J>UlstGb=PN{T4Ej+HJQI+$owD&qVie`nD#2vA65ZZJC zY7`0?9o*BiP19&=RL~UBRfm*jtVqG~v7UF6|RvX%|l>193a~YY46pubU~x zaqs4%Sax`7j?N)@|jUzJ*$PHG)B=c)Z zTf}Wfq^+jn^JeF)P#T)g5a8A`nCumGFgBofFxyGD*=R#Ij9A)EnoForz}HjQE*!9P z+;em_^qy*CvxtuTv}Eow2g`f#1FB>w`=39X`3 z&s}1fIW~U@^<+griOg+1#%FvJI0@+BF6B(ZbOgo7UAjyU0bL-EKq{ zExi&tM_d}DzpD)MD7?%;TUJR)qQGP^$RloAyMF>_QxxYyRn&EIFO?)Zjp4v!5!O%tr%@- zDWkExWJ%-k<>%1P#Ci-47ayMCl2UTDzAdJ{D*C>cT7Z(#aZq)>rSotBj*&8}@`7Y&6k zUwV4_yBt%3^w&Pz-57>x?HT)Dhl0G9)0>QpGt-mP+cP>lK0jO|qxc8mR$^!427e5+ zUo1gwA0F4yO+Hf=j1$+W$}HKN2j4VvDWcK3On}ZKcHSjg(gM{$(6;o`;l)t%wn!lz zb+buOBqT=j7os;JTAxsjn4r$y1*i44Sv6ud z=fUN~!wo-hD@d9d+NuqdMt|SyGyJTYA}{$Pp_Lj>;cCd9?AZ@DgBq=nif2x~u25G* zA7lot;y9_BtoOTTq!cYBzEB;#{!QTRG8IOB-ZpB_Jget8`w)b+$f>{Rh$Gm1h<_F* z*u8s(BzvO@vR#2qU(B*ynZu#bl3l-MsTAxcR>e|4WTJZPitt+PoD&G~JR6l~Rd}&^c8y-PUgbsePSY$E zyxxhqh}eeB7}$$aAg8(fVOEE$aan%JG`W#DFv3}~!Fsi<(G7&#}o{90PY-+}ZFV>Cv8`XxhMwgBExnYqwOcIfL6l@S~i9OSr3?yHYHh`DZ!+_NDjC>OD zjuaaH9K+`aCi6t6{Mj7-t_mBg%te$&QlmP{`vLM7l!Dyf`Q7oI{jL1l?C<}5l`#Ax z1I$vg_)EaT4XA-K4sb*c8wY`G>PAHn3icb=l!)AP5N@F5%(<}Q%DSN=_7lwKr%x}f zH$J?W6q9)*JzCW8t4-wHv}3@aF42~ui}AEqCZo&sS5v?9E_M_Iiz zug2>K8^U{mcE}|2?WUa0wi$Y^N=398NBVyGg)_KTdDT^i#f27(v(Yf|$tR!fWS~$@ z1!L6Y?GwGgj*7o3c7GF$^fu=MyZ@^!04prXb+*vl!{Zu%fAR??vEUxg&E9(G||jm5ebzJBi)&E#0l)e)fXTAbpeBB{y8IGce}SGNUrv@mTJz5t7| zDysvmRf=)`!Ogtw6FBT8U_mFa!*LI+t(VwMZaR-Cp3Xl-kkc^$SyPnZ=?5jD7UL697i$vDM`Wt z`YKP~$!i{wrkML_<|I{E480`^BBM%7ZL)-RzM#~DSD#=d0=+|9g`USK1)3Phx&!uU z^~e^Pq{wdLDo2>!rEqd)18EPRl0Lc0E0L!aOS@$7d)9Vdc1lro#bUR{RJ!fML(3++~0_t2&a zxd_Ad88&cV&T^YEQ+!}jHH49kJ4@mnD?OB}NfqWB!D)nQnp1n)0x1Q)WBb?1YfRur zjH;Qlb9q4U$<;GB6OkbZv^5JxjN2JKgyCq23U$tj6r$uiqmE2tc>iD@NuIrn%XS}a za084LyOq(nkDIJKZe*m~<(QC5z7VIYWGQbMufQ6lAUZ2x98vs@+0#vM9drn(bv9NH zmjfIMS{v5bsfIkGa;Oa81Yx`k@Q zxIka`+SochZGQcZ;N4mWHbDp@mpI$omF6_MiN_{)wB5&Ul z%my!s_Ckduzk$Dmd+zrerPp7G-V$ddqSV9+4@6$_?~I>c7H(B6?W-z)Y~Q^!w@zW0 zMT2z3>^7K@*Y_kuT15(P3~}ejzlsKf+Zlp;mFkEH@n#wA%l&^$Civ>H~ z;T1zB47 zYCe(Z#n_nW{7;?L0uor^bYzx&a2J#Y^ZaPAixILp2gYT;(s4aq|DXeqwQ|Uav(SJs z8{(;U`uU}-+Q&$ZnPN?0CH-|JWaX%?@K|sE{rF0NG=S~0Wr`gG94>{~0XWx4{J}@< zpi9sBDK~BxsVLh1(W*S+>3~*1G&DEbSnez^pT0z!b?vPqm7|9P=StJhikokI1%GLX z4gU<9(%+?5+hO9IjYE)FUdcTc_n1`n0Zs&4{FMQP#%xWa^&zgMkmCaeG*i%`q$=&0a z$@w_-C~6Ho?(r~F+o~R*q0D1z{mN>6vlRj1)LqeHRSs@LEj<67CH!s%n*H-8(QZn4 zFm3oDHk!nJHC&`JY*fK5w%i~|y`HUvs}>vvC6eI^ap;2*f8n+@n*ToII@P!(m(u96 z;=q$IANGDS-dfa@rUyLX7${#NT0P!Ngs0z&qQfy@IbLtc1DY4wYc`U|G--G5S1yb@ z!~~~s_DtNJsAXB0qgJhsp=B2A%gQOc=MptV#}?I8>6?5a%n$BcPV5CX!p2*5Q1P6e z`z|*-6Hj95EdHe2dW1z}6&X+*B_L9Q-PBbPFjQn0@OshDQPxpy&Z~qKei?P0SA{>+ zFs|OiCyumHp88xJeM1F*2YPiSttK%0TjX7mu`hp)c9bOSQYwe_gOjfqHbepJ%mYtg zXomJl%18LJ*J0f`JB}&U<#I`9&Z~hzHty{u3%+ZUfn=*IV>~kv=`&A6=$Ab&tt3VI{c)r zePmPQ&5P}Hpzz!f+;jR&qc=voCf)>e-Q%(mwQDBFhQsj-)hf)%Z<=K7peq8P7X4cJ zjqsj;jsq*It#ah77gkRCIYfP1Mb+b=!nwJaC3!Xwr4d&`eYN894ne_8b2?S0D6BU7 zcW<2b!)sc4fg4a{{Q-wZ0d^SdXmof%*mG#=V`?BXPSI9YE{Pjo5~h;kMTI!YHROXM zR@g;@tvuXFh!SMT@EYGCi%YKyJ!Ioy+~A_pUrh4H`3`+(d!V6RcGe`HKEcG%6hpw0 zhbPqV`FuO5`9LaJ%v8G)VF*nKKdpR>RkwHo*0e2dg7rJ7l28Rbz&h4QNNTzxhxMJ6 zEv;^T9n|jfdBFE%jtVq|ZUnpSi@+4F?E@O`9 z&rxz4IO%|vmB!`8rIpGu{gY%g$7u4C^E=n1;D`}w1gYt1#X);1G!+vG;<=-zm&dD( z7WbX{A?YqNI<5N6mO~wVg~kXpVaCm^>8g{ur_u(!&3b8dE9HU-?6N6XVm$HIiO?Z6 zC$kYJ1R8Lj8*6wn?#jPF;3FU~^NFzxrj8gl)}_4?Bl&MopFOLQCfvb&Je?M|xR`ww z{Y@;4)^l?NymzW$@ng}Z7PXWqMS-ecDMZDX$@i0|l z4!dv2=luNGYgU7kq`XBD1}IjVlhvBt1Kk4V6HT;>VV zHhHj-3ox~V?&ML*RBb3({!$Wp4$UUpWf`XHms)y`ayyxqNOT90gqX-v0+qt($G4jwcGes`({CVAXRzmb@Whh#*e0-IrKTI`*Q)-(`!PNF-)Y? zczDZ9y4MOxm3I5*Tx;Qs@DHQn4<`%M=HA1V9T%IEpE)YE1jvnMsE=Gd)lmhyIAKd}F+48r`h9*X+Yd66SI_X4=zp zagoo#YnAj9C|gV}B%JB>Nx-Ga+i7iar^z3!oRaUIA zsJ8Ca(x`IVF;#>Y7_r5cxJtj^k$jSvwPCaEep1Ymr7>%=VaQOqvq0L(KJ{0Avq9R5 zOzH_H*E(E;YYRx{H6xC{zj|mhxF?2>dA9rE{-pM9QvKa8Ck_)2sbPaQYW^;}$yMI$ z=2kS0yD%uRf;}!Qa&?|jp*A(|3oEQfkRzUAf3EFOsaiH_%&vfRXigFMa_~Gagciiz zVGc>d0_*+W!a)9bZO`eE7d!EIRqXddgDhtqjsy3*OPw!XoqZI2xJ2o)X40~BX_Eif z)XM{{4uK1y`J7gQ}mAC6w^B? z{B&sz3UkLHLAsvxJt0Jew0N-u6fNH)6kbHgWx;_xo4GX7mod9TQ)mJ}1up;4Ww3a| z?P%j%1si;|gKaa>KhS!2H?9I9R3y=YhP)i28c07KFONaPsH#zbq`-MQOM>_2b10M=YOu(`v!TgP7Ne(6l{~>{@8qVP|mcd@1hP|Th6$>FJf#{q= zbMyC)9d&9>ul9*oBH$foW5|@#xfuW@ZlveIJ|85=Jh8xQp=!%fHhW)1=oQJ0MiK)h zo&>CHGdM8?yeur19dTZaybx>I7AGFtd#>qFau*2@}+> z_H{weS#V#*g88L3g^nXOvwV1#vk?{|r{*d=ZcilpGXjwkd`o3XmQF|UKF$?MdI~X3 z%zc|R#qb{Rnkp<^(@N60ZD4JqiVbprTWvk!0(`=UbkOa~o!kXs?PS_$56vF>+?vN8KXc!OlZ{xI{#JnaH?qJQl} zXAUOq_j>~2tK*Sz6V=>vbbOy=P~gXS92zeBB#w~1WFHeUCLAhsf;NsUy>zMvC`Q+G z9T~34C7wo&TQ#!DL&ovoXIrZCG<@W`<ic$Ci zPmXwSk5E>ARL0&o?sTONHtZanGG$KBJy8+0%glFizJe6Qrjkr_EuMx9rgL1bSq5ik zQ3xp8hA+S<V+KqFg5422OYx3P3X$r$L7yk-r@SA7gDU>yC;S3 zW@&H1tRNC2?h+adU^hQp3dfp3`jmSP#mlQEq9{afpf<#b3CMh5HNHBT_aCoRRZIikQ6EeGK9`IzYLL~#Bd>v#wZR6rKKGG5 z?>}uUdn3|7TMR`r=Uy~Mv__37;AQjqp#Z->0bfWSY~MKbC(6gm3UQ~dn2#^uxtq_+ z7EwUS;k+&QkVYf;Rv4hw){sxo!>Q~;idKLzH|-~Z^%s9Yl{XsfROHLe13#xE2w`u_ z-G7lkW&an7JPVz;*l$T`WF#46@)mi{^5jv4$++1D-18M%^cK~uV5r8xXlC)73GCBt z4c?%DuGDhz5qo>Y9%ROQG_4y5?2ub!fPl}98}oYF?7q)P&eJF`HM(_l&OVvU+2|^$+fo zd;T-b*xTGeTu!e$sU(!w!i~rX>;t15ou8Ns@6|+`E5|MmV`_RDJ-EEuQXR=^^>OCa zjaRSWlP5bl^XGa7a<@+B_hN~=E0Oj+hL>-2E}zKi2X2!ezYJjCNeVV5TGMAPZZX8C zdJf>Qp_6`VKp$Eb<@eF7qsr;XQlh(ieDToJ)qD)_#|32Z3X-xWmx; z3;v!tJ6JF#R%3WYE?4b^mmt?dNx1$-DI4+{mx~9UeF)&s0g5=5R_Rw;C>Fchh~;?Y z#{J?~^%(S;WqO~M)~?*t@kpf5p?wQKA_p&9OPwe=nr8_EVGbb89=_FsMHu1;m@!I= zb2P>{9;3PAScsZXw$({K9!4AG84FD<0i`Rb#5GDx%1HdqqoR_@Xx4<}RW^R^SYeQm z1j`U!qv#LJ$2s=S?78lx!-f0UfmG}=; zJXk6n%-AzAttmKwx@giJs7Z#V$q+F|%5NP@205y%;*1gdv6f2yE9IABD6nzH%t9>E z-8}YJx`!QD=Uw@GLlSigXyK$$B%{K9_xVFKW2sG?eUu{cU0S4c%UOqANkm z2SBeuX2-H)mR?cJb;7>wnmyqP`f$N31m@BowI9?YILa4s{Nj#aV||(f=Q}=5_0rV7 z*1H8EDVXqK;Jce>RJG~0JnHy{b{>Y`$lwYQV zM0K&CMhV&K8P(td9(;RyY5{LDsXF&mfNX}&098rUZ)?k53sN?TwSI;Fq#VypzC zdBb^vQ-4*$&NFz&jQfYk^_4hJ3oj0_UNt7}+H*lqm24;#eoM&Ez}l~IJv9{_HAZat z+hri2Pj&}o|M3t0ms>Ro%rx4!Zo<3AgdJ>igo3=kj26lR86Ao7z$4mE&8mI6hVBn+KR z^N`}6yocS&LU;y2rQOo3rrhrj%COdyOd1S_*#i2t&j-N>z|d9bm}>!(D1l%%7uV@t zNE428H@|MUZZ_YxFL)vdykQLx^bq>L*ZjzV6}ZC;A6b%8lPY^Hb#!;nq@WG%+)A(3 z!h_vjZ};>15z9bCN%A9YPjVPjZLu;P^FZ3@r>InUGI!;fRMh3vWMJIxc-VHf&&00f zPk|{o?DV0ib3K{_d_@&(x)tW1DTXGI0p;1U4gr`Zur|&|v&HxzELrkY#oSf2IaU~6 z&_L9@)V>n4FGzrOO}3>x<(RDYSwY<+Vn1b)B6$HW4kkPQC|&?-5jJ<7S!ubh-+Ir@ zAkq?}$BMJR8Q9l1*pJZ9E)l7ZJQ#WE68F@4dpi+uYo`MXg%LAeI%q6vl?ZsFjTn@5 z+B%nZPAf0VkQLke=8FW=Fw%>s` zVY>La@%t>Q9dvF~9)P95a&d7`Rdte8bV^pWA^!|&Aw0S)fw$Z&e-lbUbwPqze0|zj zdthNsC5(wKiM7>-n|}2=`79A>>Dx*Id&ReGBLl$DCO?)!L4q?|1JzW$aeeZ2S(7o5 z^PX>@nF+3Fi?@+FczmAk;uR{d=t|)tv7biG`J8No4xVsKpdOYtr)+s;ODIv!=7YVr zs=0KFU`y>!`C+B|g))>5bY-`ipxQM26edDuVRU(BC^j->ZR^j#$OO!MnBbfoMU~@n zd#;rjyy_FI=148|W;vze;^KXkDF=|n#no03i_Icgv-d<*xlyj`^XL!e+&3AL2u=s7+?kH_xa&*4mgf04@UN9j zQO(YcC!gI!8&tSnXSg;#qeFsivkDsHZF+1M%rM8~a!_Y#Eks^REXDOT~_aYX^BVG7V z>$|G;M0MK^n3pXse7Rv;wmK49tp-vO^)VUCeUTPY?ooy(zo1czTw1D~3RsHLi#aVa z@Nv0B&%_^n0}JO#@D+dh^X*^dYv<3z7^cf9UKF|~mC=WLL!wvoz)>yRfYm{AU%?6M-eOfvc__1Z#VnzsCi^)2CuwFF@?Mh{2bkzjs+g=qlkVbRmShJ#95{-sysdDdd@X$>897Fg$3HQBO zwkjOgafsQ3fEPI7$G30SFXvBVi@X>s?a~Ej2!!9*@!Lf7iN|K4w1sS$&hrM3w?pT@ znNs8RDbd{`)BmOT?V5ffDjhclJ0&D%abo=yQk=;BQ#dG)+=HQj=qrsl%Ph*a*SVZO zOC8wmw&^Z@a*{eL94F@LWblEvnN2lL_)a(N7p$Y0rk)uh)QtbTVL!KyW)Wfj6=xeB z*;7CyV`gKY;Yq^lk9+bSpHB4i_{Sg4eIbAzsU7|ZCc6E)jS@E8^lt4bl*-r!G9`j2 z>58+2C^Z6S@ynh{+`C7nX)WD&znR!m>c+#HtsY$M+8ay*g5WW%Iwm-)p- zpG#+8iVfdRKh5Eg8N^SPLNQdtH4*DLQsETyrgx~G6Z}HYec9c3y!DC1uzVjhjWYQ7 zKi`^ah@LtAZD=Y(!`1!sOVTC&|3H-gpN6LYX^lz?%3XB{?XMkkLW-;&B%&1LDD{L% zUmvmE(al#KtN!U<_RNi>MwahfqU4QjO<&<_pOH?J`SLBd ziYl8bbi~tNI~i%RP*x)eMvk#nXFdU7}q> zrmk+AS1p$-7cz1dQ0goa4L^ zMqUBI9-xCEBehO6Zy*D4*+WmhKGclvr@oY6398{~ib&3rNdjt8y6?^yKsvp33 zn@w{@)U{NAwZ?svk?Quv;Y^q`j7;(leX+(OfYBrPb;~sXktZnm-6AdHRC??RXvg4b z>K-fn9oGhLI)|#M5dQGQMkXO+|9VXE`buTe7!NN@0;;S!6POB^I0A8&@A(q7f46Uns#+G)kKQSszYVp4H>W^Xg=|DmD z8eZ3)-ZXU)<90&_yUX(GCMQ)dFqR*vwn^p4oCDg7ihk&t4%Mo+9-!=2j-!L+4E-uHmJvClp|i)i3=w?UzOl#^1^Qc zDD5&M5cK)cOdV(orTimSZK|nC6VnXbomFk}ISiTP6iC|o?DW6RoYRA1wKS#5N^}RC z&nkY*;#^zZxy1%l1xD{`)SB`E(ucobzDJ|4X)A`HL7%I!?iy_?X9_f0+V-GBjz1&1 zKI&-e7R{iO|Y25*@f1ffNd_fUcL8X$gDA+qbQ8SH)fcMhT@(!o0%Ix+ ztzGrcyKB%3!jXl*TJ%0#4;d*8uJxw6h009Q;b79ykzWY!uuMq_Px#U8Ym-+ng(nSB zq`agozi8Mq^Jfk_WtRt2O|BqBM((A z>>l}qtem)T;ayvXP~gJ6ol4O@f1fv3#~N0)faYX#6}V za^IxVm@;=A@=e-&dS@{Iym0lD4z21-#krs?&@_;#1FMyL4?n7~@ibAWc6fy{cWqD; zEG4#|rvvWlLr&a{12-$3Q{0V<6D_Kj@x-R*Jg`{IbvO)^?n+`DkF#LNV^RZd9`D_P znh`1}x2?=X2^(K%Q?g6o=vha2cdY<_m|lS&AIe0nu1|Inky}pq2dALl1LDreX6E49 z0ju!Gc#?SbXR|Cm1laVaGL&&q&LM znfCZoFY=A{js-f?&d?L8m;MmKt%$aUk$#lJt9`M$hwfwAlsM`s&5ZHBmC#*o-mZ<` zSb*wC-3+Npkgdv^Yl=pN?VrjyP#0$IS))sS@Z+Bny<{VMQYxiOVvnZ7R_FJYH_XMD zJLxXSp1#*%S0$!k(|?UxdL`nk<`3%oZG0>*Y5nZ7c1WI53DCI)oB%q z{X5w=P93l4odAJEmo7H`>Y#(dBQTy#`ydJC8VIKf^>V)+$;2OyLboiLIDOOGpugsjjepUGb;SaEBV0*I6|xamd@V$2tMY_yMcU^iaoJwOmkO=XD4S(ya(Ye z#Fs!aHX(A@r3Nl@J<~GW>Krt4RSb~SmE4z=pat3*3AfG8m~p(4_yCgaM=sqR_=26* zUZ1HmXuOM;m-bx(*Fn?&sy^Q-wo@j0TJ(;TNSPO8PsAsRd|2U&M?b6&|BWM&oi;;d z+Z5kcfB$9l>RV7k{sv|74ftwZ!t<`Oe6I2*o|Alr-vu)v#fZtvAx~!eX7tD0qcxO> zw}zDv`V@2h#9;m4#Jscu5q3yH{3o_Q)MPRh;xkfD!Qpoh1G^uNYucQ4;@CX`$L8RG zzGa5L5gin5MlNUOX<0NE9IXf9!V+|6Yb8$ngz?a zc64-~K^@@@xAhL$jx#)Cdms*^7Y^Oh(crr|-4=96>QwCQ#{03b{V35q5 z`bbiv0NcRZB)hX6Ru?zK5zBIg7%Y1+giRIPw%92X-{@@QPihetx@C{&U*58$I~tqi zvUC{zy1UIo?Ael--d@|5*#C?Z0+B62xntr3Mio_dw+pw`THZWI+Oe{9-3Rvu+upT0 z&-qS1UmWjf~MD`u! zBZ7SKJVc>vk&9ZBu-mkBd~;Jn*y}K_^1<=)L2w3vt-_T~f zgH5gK)<+9o5Y;F=b!ph`dbopd`;4}Q?9HJuZ6_-8_Wb z3#DNVw^r}L)g9T-W3P{8zFz1uLImxQlu8(_&@69mD3r#4czN}2ANrP>pH&>u; zjy*OcU=n|tk?0DA`>#L&18Zjp4<8eF=TTeIiGQgcq%g^LetB_a@~C@#+u;7~^V`R| z!nC#X1ksj>cw#?aZ*zt^*s051(g0%mV6q_6?mj{!Rhe{P3x&!&7L}QwcP+wxIR@&|E%bBcp9N=dhtXyb{BVT`V6Plym}_}oH73JE4(rgss7u`{mt<=wSB zEYM^_H&dEkAE-k`ZF;D9hvtH$IHeK#`LjalSzPIa5n+A>uL08I26Kfx3u0w3x_b zOo2DFipxS5A{Bn9_m?LcWv`J_1Dj~0u|FRp4kZUopB$&=6!r*Pb#7q6{Jrg`JU^9z zCV~i(Gxc1_0BcsycP2z)XrkwkG5tdEKh2p$5yI&P;k$Zyq4$gh7^kVBa(}^}h48#O z>oC7(6VV#Z%5v+D&pMif+gA^_Ee1~Br3Hx%Ej%7P*mfcz@URqTkFpxLgjO<&LLnqd zXhY_aPzDfb_D2>)5Y5G#`genxz$)DI0XmS@i)3aY7$f`!6~&q{%UcEpZ*S?eu`Hvo z$E0Uj3|{`x82kvy#Hs%(i(tPTvHvH6?4O}#6#rX|K^qI3e@!;~XPN4M;THd2EQkK% zu_7)`UoA#4cW0oj(^rR48E9tV**;C)7$+@+w5+Dbu^@LB;#q0`s`OO2&j>Wc6aFOIp25Sz+Y7ulObdbQ zP?u8-Hn+Dn`}YVMT*d@N<0I%!77gT+@3%aaA#_9sv6? zt~@YAIB?$5c>5aJ5{M?3)TlatOn!B)c&9lOPk?x-S)tZoRRj}bSQRtfz9=nvu5O7S zGU|!hR~n&=WK79o{lQeW%*Gz|3v*&ci|S#82Ua3!S4RgLA1b^|tUuLq_UXJEv_b|B zyd=4qRD?<~jQ4U_u1rCcg?I>IUQrZI$abF~-cGaH;eVanio9z7rB~pTb*)8!qdJ%URN+OOTlk5a{Jayzp-M%LV zIa3l)-t0Qf10m)D}}Fi`IA zGEYLcspNH;;+c1Fn^74*0>mGxRtp`G^gXRb8^<{$9~sAA_kJ9K=-JRX;dh=&Jr^?D z>NaB)Ch(2d)HO9^B1VM%{4dr(X*Xg0fn!_f6|6gQ-u(jCUXi(EKH}K-R&fc42-pm| zDjo(d0{D=ly@mR-y|L+OCwYbNk3~`@x0_b{*To-J`9*qtU4Lkpncj; zYZKa^WKn8|Sexe==W}ld>p~BqhE;bn;%->`AxZ(FrqtAlO+Fh5TPk~C>aK?ox%BPh zn-qPmwq^JO5#yhciL05}ix0mwQ>tgx%2{eb`qEQsb?R6nNCvYBWdF8$8bRsPY&;M| z0u#bUSko}+lwmzs@ICW~2nirqaKs+bw>Uk-`RlwvTx|`lOcK~z{WnY&jK5tQWbqDw zU(3foLD@*gZ^U#HvrW0$IA=MsTL&F6St|EsvfHQy(`{y09KtB){IxW>2p7lQ>`_%B zR68E?8tLz_Cigr5z=u`@-6w4(AXN0pjUUDVu04tEy53C(t(%(+z0mXY-{f1B<;^ShT>~`QAbr zI*{%GXE40KgGy>X7=3=k%+QCC{@{bynatsF%YK>aYH<5}zG&G2@rqi}iX#^XbmJc5~`r8krnQI~*k@5K{X2QZlfVttMAgy@XgzSrv24NKKQPK(aQU6fCfd=fL@;uC)v?(wQx_w?+o+#wi|f;TCL@f zSkXxd@txr888e5mS9O#3UiEgdW&L-4uM2qIFAck*%%PIjvON~O7JESN^NJOutYY&v zOZVnBVr%-1gf%1Uwog81$w7ps{7G`TozzJXY^Y{$XD}F^n|(^g%z+C~t zZ^8R5(?D_`&hS^w8B%tjH|ZEgD|gnY2Cu*09Sp%8?mlXswI#MvdqK_UG(8t&ihCu& z-7PF-5I$Yf_}5l=(iy%l^GnArmh0~Kw4&%ohxbN-X1;r({CCDq1W#-n=4w^>3{C;; z$GlY`P_Lr7&fppR$M zyONWY;v9hidGr@PCY$p3-j?YXIsl})7>G)jRV0I-(c9G5iCmDeu}^q9Zoh}s%v)^G z9A{s>Q8#*TFpP14*BZuL(X(s!O=?Eq+Xh8u+9lZA+>1Vuk9=~EVTM#BNA0+}fJ1MK zrZK}UYSQ(wK-|7QXem9e2u)GcJwxke-#z5EaVP7~C%#DK;ZbKsn%*SiP095cp3xG; zdDtmTzF{K>84^b3;N`wMNWCH0vOq(4V{5y(BX(2H3?Lgo5I^EFqSB}$b>yjWFmi(e zS9jRGG1?5u4Q-~b4=_}4bDERC%{{_aSk@lN&F;~nMY{*q+^T-~X@~=7zIwL(G5AUL z0hTTmsQ2*?VAWZ)&w%UK(N>4}k9WpD=M;qhi=4vQ(Ea}illnE;{Fj*2e|z440Z9ca z%h?q$B6gi! zHfh=T_Fzyea?$o#-NFf5oAe3f(FjOJ*w1!R7g1F0lB0(Jc1g5np(#3>XDzB}8t;J7?mo_oCALf9uaF zwC?#sHD~Xvv^H4Ly*8brp%8=C@(;M=@idz3&O=_8<`7Gq4QAUzB}+~gL=;yq9kp9{RfKlvWfI);_GVR z`$NxsGsC)&?zpZWm6MH8~RrenosVdMxu1KOk(1a4pKfX1G5+JCdfJKtp1W;L! zGMzi~B+hNEnVJdR>l+f2^FNn{35>g&0p3fIE(f-=JWZ!FJ#RMC>~;ja!R-;;f)PdZ zK^C0*a>qn`=nT4Lvp-?xPpVY=xHV+=p+jNt4um2pa}J!wd;G*0)Y z04Sbxdh9X>7_+EpNTd~=Jt#Es1d-Iiwja}gR$r>%emld?x#k1U?3%`^u_w;9@bMC1 zn;P6GOl5_N3I=@DX7(2LWz1svP~-J}Sb8PU*O(us%pNybs5o20Al7x^}oYT~(p*y(Lu4VA8yE)`N`tBzG3lg!K{VHc;h z^CBRu7bEI2XClj-ciP&K^LhJ{(W0lt6 zi$Q}?!i}}$1iL`;KOvZZ!%07;y@cKgKk-pQTFpsciNlx%$GQt6`k6o>P|QUgQEXln z+N2I+OQudNa3wAi>tK{}BWg)1eQ{dRh`=_Bf5oeh5YzkogB*<#%9r5(m6E&u%S}<0 z|BEnJ2HM!U0{<=erEJA)O}@Mb|AQalzn5F8HYy8(h(6U-g>v7Alo6E>!J5E`x_7N$ zq-mr_l>3;oejhaPt(#{!$M@d0%wl0W4}U=m95;1n7=^+k3F0?4F8SXs`8;1<<^+ZFQ$qJ+6DwjJ|4nbx zanQ-o&<%^_&^6Q$+i0>5?v6CXzD6FfufGkuvF{q2YS(kL8K^8#0fJ!*VCz(d%37%$aJ7A=A*+ch`VI++&TS!tPWvnz19YCw8U?T{? zcJmmD6>|x}l*FzXOS|GM5eQ9gBAF%}LELN7R=3t_4&A37M%7uc$2)*U=@zEjK)Y4x&3v(E0I-50QJZ~?;=J$+N!D!60pF6DeV^^53mzzc=BFXwhPPliY7R*qVXBn{Ovw6C%#x{SF#*BWksh z-#vuTFdI89paI+RLJ*wWD(LgvLZ5iPhKmbXm4tk(NQY?@G!fsldUs`c-F;%KVTDWe6VZQKxo34Hbs6WN5`#gtFV zS%GpD5sq^1?@-Kc@*VksKAb=jufhx->Lam#01~gy)Io9a)7LwGf?C*}I)Zn=sjXX3 zyBdpjtezBdjREQJKQfQVRR1qCEL9sKaa zv)}T<`5hrWNacWQqd|wf{C~H(4+TE|zF_zQ+!IBhS+ELWQipH{`T=!xtt6Z9zvjJY z07L^iORiV;NruI(ok;^oCM=_9u@ZiH`!9I(Kl2~N@0O>n@Fjn3*h+0btk3Vo01-o@ zy{O;qx4f^IP`Q~my;c&~Bz}MlgzYTqu;W1r z*A3vXZj$X~NxJV19sDG@FFK{(bD~lE*1!L8b;-aK{7nBPH_3n3l3(39Z=^tUXvAQcaAus02K&57a`ucGh$Or!}; z3OGtKTz2*J=61LJe2+z15`ZO8IHg3xWaAmAtD82|#FhVXmS&QPt5%(?E+w#0%To>c z#$Pu2v@tR+DBO28^CZXB;0KG7I9#239F4Ps9xbO<&zBFy}&3tt8|D_VYG>{ zaNoHIXWnlCDdkCIV~=gdVHAQp&(GuQ9+Xu#sYT`}FYum?qMmu01W*rDjKRyg>3B*J z@jY~9-w(LKrbN^wD*r9hulh||;dF+Nr`$7~%Kt!mRLu~=0rB9`ZASo$mwNoyXq9); zn-y0D`BB+HdPoB*TEXQ)_36e-?O12v;*HK@XIWrlG^#!y5mtiT1d;#VpD_Re_T6^{ zxy$LIn#McJq-?t_&=WdmAt@7di|`))#Ju<YVMH8)l>$@eZwj5;B;qVg(CE0iQyb}n;S^v|8 znRG~lU4YqByu|Um{Okr`L3w{;Q_ttz6kZavGej#3Vv}CI5~{V(4fHD0dBLHmCROF% z<}JR%{+%VHLlH1;LN9!|KOhyT6Ip8txgrSwk^-o$ddsAIE5m4Q;+-Ja_;!Z)_;yA_ z{y0r8{KQ-P{KsAD!!+#J{gp1ZK>x>b<)2$z|Gz&P|4A#Ne&L29hWaU|pHXZ<1qNN^ z4+1Th69JiDjJ|OXlHR=92qs#&V3Kazu@=>l!SD6kF7)ISLLZlpAKv}YBYIck6ZsQ5 z#?5ubS!$ut{XI5oY_hAz^X6u|jpf(hk6X8IH3#CDYNhImC_;4SnCU4m)EX|fCQD^O zz&KaTb8uD>CvdECV_hf1K*btDT%qs8uuu!*<-9WsGQx5-4CPqYw_sDF=7n}VUb=E~ zW`XD-T|?0{C}WAnP}vC)DRfgv=pt9?nT(kcWHM7DTS+c1d?hHks;Uu)**`n2XQyqwTt|5YA8+N(7lCRP_Z6Z`Zu9h`YS$zDF=hk`64ROJJT;!lBjx{o$YDqtHoJ zJjfHN|cc7#6odtKEVb2xtR!A1xmQc#EhO&qEtT}Vd~ zWI=hvUC2#X5o;Y;rC}`YWvndi|O(P>((V{HA|Ae;*tG^-7nD&FLpG3ij2P{)$e z#?_#v@}i)078YR*ia?t`m92wxC;4^e*X4-=i@e}ynK8R?uuPe>OtI`vTnmuHr#YpN zXv%jw!!YT2b{p}OBXRye)Rcl2kT0p(prE4-6_i;9O^8|uE3w9?L}cb=oxGy~>F+lT z%bYUUZ5-O;i@(my69X-s47Ie^vi^t|F4)$7Ee-tf z#QaV|Ew745i%)kpn?B=A;t;Qww(F5I@e{yF1x+(j<{aQ{k#wOwY{OjMq7Wp?9`-bV zR)m=j={QQnBEz-!7~ia!D~nuQjnXzx2esN85MOl!b~LQwQXBW#g1!%A1D8fg{-a!I z`-(3u#f?nbHy9D3aI8phf;*8giXCZNnp7J6Ndq5Wec({@2T)-92;% z^o9NH^FEBOn5U&3`ML8!X4a}N9Ltl? z?@FKAT+nNvm{W%|yJ4})ig)LCLJ`+r5&t#Ecv?mbXpgN4X7*O@lUTHIMJx4Jz>HQ!FN!{d zT1X%hwZjNDd~KS@$jGL6U@f7b_m()#ktQjqYktFDwMkd~V&Ax2@5@EbaqL4G;9{7Y z+&MlZsg#PtMM=9U?C4TvoZk)o@DgIwZ%5q9PDLOx!}whcQ?W}&s%rs;l1eIQLAa0e z95E?9b(SqK>yA>zr!dR8w&F?P`HH{$ZGdjj{A5;+bzwSh8^XLMzv&~!{@HRyxAPWp z#Lx58%L|4sA!gRIspu14{$Xn%ZKOr_;v_81ww}tHUrybxW;CY8;t}p~AMi8RM*??S zSfHEY+K2EZN9sU=^cH1%n8DWCY*gZ9KeeAsSUNY%wb(*j591)~zj5|Xfwe~4w&sd$ z+qP}nwr$(CZQHhO+vbY1l9g2U-shgW_uQ&|>Qu7Uvfl8L6C(7l^)^en$)0LN2Tor zU1e=|5VJcYRVkD813@kXjl9DcjN~$*5Q8G}lmx*(V}k0Gxq(HuusJcQ^FGj@kxFek zc5DE=WyD^}=IX9vDCf87K^K7x#}{ppE`QbpuLw3b@`qjse*EOjKfwNh9=5i0qn!Sn zMlE3f-RAP&Mg06jyZSGB#J{d$HEI`X%c{uVJQxtr2=MTii;<9%g`x|qlk&)-^A-mA z&|NB6rhvkX6U-C+`dVFgAGWV2Ps??!WrGTGHF+Ne-vZxpzUEeUQjGMo_>q&?iD@6Z zI=-*FZhJm{pKkAz{$lq*cvbOa{bYtL4;Y&;PJ)R@j?Rh+g%u7Iq+1W^m1D|2f|giK z)=IIP1UstJ<%#t$O>4}hD!d-St1Vqu=nq=TIxSil50{rCul?2j{w;1$_T$Pn zu=UFz>I8;3lsH;u+ZA1{D=0|&i+4y3xLD|sDm*`a;zI-0C<;WlY|a!GRhi2+!-1lT zZ9$@jtzvG&Eg7ZUTP2#T9r{Q@N~mp}zJK=B)8L5Z4a44 z1LfHl_fTP7>7T0EX;M>g$OnD7$@d8m!0zdXfHW3qMzU3lB9R^Tph=J-Z+wEE9D*9l zt7~^%GLDSMcp~SaClgQ;AYoNP4zbE0;O1mD0#rSK+{TNNf``nJ=4lDTiHeEbAcFWY zkW>|0m0U$R#LB{p*hlx5a2!Q6T}|mhxF_Y^kkTE9O3f8PdHDp-5f@_UGbHE3jx>YQ z4;|;{nGwq{Ifr}~o18aG4l_@v(;7PfeV+~;0DK4u&&}4G6ak>E7;g&rnO9fv=9-O0 zABxoz$&3tGJPhIu?j)5g>hOTjPq!R`4~%ytl^Eh@?3LQMK0JSoiEt0VQS3!m%RsPC z$j=;Q9NH4VbgxQ4sm#^P0_Ga8H=sWQ>`0O#hFVZHs8vG zB!04o)Bqk%1v*c4{t7Bc=5jLCQ;x)NppeET<^#!5lSr$iIxzN@X81T^h#@!85mjCV zHBma*!(A|wt2Ex-MF~q7n49xbSzTr#Hq(+NG**F$B+aloA+}$dbc4x(T{X<4XWsUe zRA8=gMycve8ENhUcX6)Nl6BujEIRhnl4wJm$q;a9B#Bo7X2i)@;FIr(v^;)m;Xo`O z-9|6p5av`**@)8m^8r*dtbndS=DZ=B*=*ii(#O$u*m9bF`LJ8sVDs}z({k-Li9(kWRQX>7B8fBevPmH2gcd1R zr<>$jgOSEAlwP!mqUIfX>s@8CP86@ja1E08xB0lZ`v!kGcY^oi0@DTSHn0cCU@a}q z3Ou%HjZmkIx9*VId80<$CFH8oDf-gH2!7j=4h$l>Hj-34y+Wc%6oh0J8o^r#8AcN!FkaUA` zLyDNGI>H`9b>*FbF+?U=XALH>EJDKOWIf7x9 zKbQ+)XqIVkMi8C~fJkfLb(Hi6O4)=EmvS@K!rfSUwy@|7@PIDkBS9k}%meHW_o zi}T;@Ap?dsxyODEET|991T|GOTo22UpNl=|KJaf%_U~@&`=qMpG z#spS!v8r@_Lj7So@aX2})YZNxEbBhjNCs04PRp_H7A#i#ooP1iOZUfj&kh}Hf{F{F zqaME5+iY|iJbF**Owu#Q+-`qHTRao0;xjegR9q|)Kc|CB+z#R521Fc;N1UWeM_ki* zSgrJIpEE071ONSKhg8ud~_D-*;7d0NNv> z&WG7Zv1P&^%C`6u3+qK$8hHa)uMTF?HTSrn` zXi{IHwb<#i#X~X1Kcgo;vw4VFL=5bpvM2)BzI9QBAF1~@@HFwan?%jfL_4p(Xi^Q|4r@Ljd*T5%<#=2W}`qM#L)v~X?z z*j9{32Wo^)%)dPKjGNOa{E#{XPT{t#$L*|iO1^NgP0+*Lkxb#TQ$-dBsY9!|JJv8v1!Y-3B{z4pnhFCU zi_TB0AtL}JJIR;ZBnNxX)VAj1DzKZ=8j85(7bRT?`Ml$+gecy|ikU#hKK#%_`hkF!FgE=; zk*OKaQrE8xytu|koFc(Q%FN3W;!jK5$)DvL8g_&|dNyaeU zyOE|Z_gF%9o!yTmA|L6Q5ejT_juP&#mwt6hCf1o^uANU4O-#6!?E&@@NCNLIY#7tx z4#Q%u>;-&y%OpktPz5^rc*rH=NR(vDr)Rd8h9yJy9XQWrddL2y=qymm6K2$_urEKm zDu2%}Y7f=MQ_ALWh955%`)dLGSP(3}i~JTSVw@^P6ygER!YzrqTl8>1O1c_hwG2As z5vCX;mq;LK4&8UCpjd&_#Evw;3@@jvhv|a4O%kT z0Ikp8uz)X4+#5?C!kRmCmtQ*H<7aclffo^d7QY+NTJI*_!0cXtx06VeyX6@x(-49G zeEsu84sJ}?0`(JAxD4^{st@=7@9OhEm?j-5z#pcm==8GFWW$XI1awpA175foqXaxa zLLZzb_NpAI6RXSUt<4h=@(;k@^7B|ckW~2D{vM~hY_GZOjQ2NhA29m>9w35HsX4o? z&j>CY1FoRdo#RNh;;m%cEm&l{brwbvN!_?4lL3`IvHUyz<|B6>c=nRb9)%G|YM4g4x%QB`RiBd)|?-lUmIUE*}yyW9X7oaKVvM37z z0FgS0A5WIr@)s|dgT1R4=!(d*d)u53#jzw~VHe|mdseSWzr_>uLzWF!vh5xZL%$tq zUxC59wn>!mt!fXSJp_}AlIw3BhtKgm4xvIyKo_bfpLpG?QI`potmr8HVrZ^xS^o3J`CJZ=m z6{J;e5!NKv(JMut(i7>4B$olWh#^w2RqW~C9#}0qOGpDPw;2&1atW3s$pxnB+9*;P zi!TUd;6BKp(XVNK=A64QP(1<3l9wW}Ri5g%%}B=Q)%f;*iNyqSU^_Wr2|4Lj&j+h* zG$#|=C?^sw?-CYJGB*|V_ri7WV%e+@HBpF(*pmNP3YjM|x>0sIE>FetolUeC9szhNBgl$)#Du^{| z$+w?SWPe}n6Nsgl0ijOiqtF>uV_(@PaNvaPhFz__ffRrHs0PBtqxwRwn<$eYdM9gAmHG&di zG1+^;wi)k%)bvX}C4|9oa(q)h z_!lRMvx9R{*}cphQ<*5k0iRHqTd1?K#<@sduy5=Ty8ivNv(f1Yx><6&#$iR?GOcEe zd2%KsPhnu}VS2DYY?nRTP@thGbV??PcZ6=oIjY>(wa z*vLKdg&m?Gv`iCfCHyqK7&?OI%^}gTkB$KsO>`;-9vQoA)L&>Pih%1FToMC>xLK`vw3x8?ys!_B zM0O$gc~A!Wzaj{{QV&_IVG<3D`?*6xh`6Wjz;TQDnF?pbnHMRrCkP2cJ@={R*>O;y zdHUyc*XT^*`ztHqh=fi8&e?32!PF3 zU1NqrmxcQnkxRH{{SlN4fg}ZyzMI%=RE3MuX_jW%5yJ=~HH4T*kX6RysF>JM6r3oP zj+OjHxq`Qn{x*1SLYuxBg(ndLMGt5+iehRX_+XXc2ZyEaknZ zRvrztw;p?wRlr~bubqA~WLALeP5#YrkNpl}s%j>wX)l(ZM+^p}=fLaS5d{ndOW+oBcuRYj6Akr3W?f$F<;TVx zTkr=Em5uYPguV}&ZJ=)OM4KU0rRZ=YQ`X_x`R}j0hO6~;Yb)u3h+cL|Z4?UYl8_xQ zpx&r*#|^td*2~84NYLNra6F0HijX(Z6xhb-Lj}mO;e2BlzM}OTxxbI0JFh9qPv9Mz zq12BWJFbnwV+nL~2QL^Kee{FaLcpfRM~uX1i&%~BkC8!Xx6pGt!Z9hwO{5M&9KpS< zExbJ|dH@(tk&>t8h39Pra0V_41U7?loOib)dY&%UM8NuNHJ_IZuGu&3QE`@O{<6mb zwTp)3?=1xJ*@OEP(8V~>8F*k*{ifX|YKB;$J~Vvh<;9=Ax`*N&78{NO<2yv;C6&w? zUn6@dyO61@&Qfg+qb#G0Z z#jsqbj^n+X9 z^fZaG7BmG^?5bQm(%@OGpX?GHB|8*a@V`ZV+B6f{=7G5Pvtl7qgEtnh17x=jO-Wk; zj}P*9!U<#5ln}v8#{?HEq7>D^lF000V&{_O{m*>=*!huW!xoo*_I19W-T(i_(*G-B zi2lFt{3f=>_I4Jw&i@uI{I9(~nSb*=0){_x2nI&ZLUy*sE*8#8Ce|iK&UTK(KmR+M zxI4QTSPRy99 zUV82>%aFX9$U?I$tkl^{XwEg|y%LLDPrdTCqbH$8b1@2VeTBYENGP!0omw{d z0=&)c)-8@Bkp6Ys)#f=7o+@QaqS#(2sMZJVKq*!hq zlo4E54-s;PVtxY8$<5k|AWQ^DY8>8FE|}?1XliC}m~6ZSxG`7;lxb8SGzdc}7=^JY^}(i1?<$##qWT~< zw2O090iRlDaik?u_zn-zu|)PAZc-@vgOgRB_Ly5-jSgX+>EUSe|5#1mHJc0+KoK3f1rsl4__US4X{Kv*at#;p^3>*)fekcel zRxP9ckqGW>g8SD2K^>+7aD1h=K(!)|(1Q{3WB3`!@GnXtSrp=mNW>4vBlBbhfI^jU zN$yH=S^7N(Q$wwCZ^1uYjVP@X(~j5JY;z7D&=>RH7_Yqc($|8dK$schORC8dct+BU zJh6rpb4#Ye^Zpnbh7|-bk-aq4U;iW>CFhC2_i;%${r{n}@Sm^1|I5<-kIsSy zlsnQ|%2yq=g|SEfC^rZ?H2ZL>H82E0gf#RhI^iMM$Y?S#4UUwNmOyGSF7O}Ytwqx; zR+&GN5=)7^h^<}CQj7YB^MZ@bq&Azju3ZwZ3yV9aEjO$-oj$}S65Zc97!!@gM&mC> zLY;1>yH2w_XMEorYF}Siak+r@Ip@wpp@<-^D6s4xl(q{mmS5$lSFdg_yMcl(5@`_q(Mg1i5X4I3#L<)Z7xKJjE5DZ6V9vkhdwKhCp~wyqAkA-ON|H3mcM#)3m=c`Ra7(`275h;b z^NP*&w$g1Y@*AL;~R47pm8u(3qBLbN4OSznXEQU7OCUd2ht4EpuzNG(lS5`Kl)`xWkiH4jZ_FX-y0=Zh= zj=2U--B~Xj(CEvv(@Dq7FJ|9b-6}5PD(0$C1gyv}LbS@LtFaDFO|zXYq+G?4ZzH2# zrr#53YEAy)vH%+3Xz>#rKKkbn5M~6m^yzq4T>KSobjWi#udjO{CdOQ)USh;ldoH=- zJZG3*#m#I73mPr3lqx5B_>V_1O}l_VR-~&lICbuz$1u={?Rc@YH(K?nQ=xrT|767= zHZhto@%mN^`U#T5)_h66)`;s9Jyj$KRJmyJk|#Av#27H`l-y`)d8#CfY&^2b`LLGC z^>7Rz6Ggs!Uw`MOVV!i$QntTn1_oP|JJv2OJx%g*%agk3HiwC*bi}Gu{V`#q6y^sk z3Z^HBze5lGfVt}o!C2Uv{b5r8-UY+4Dgn*8qO8E5+iSU{xOXO9@=XJbw-HU zN~7P-E_&QZP*nL2P>~LzV^C7kkAfh1D8f z4SK0VZV$}wp{{VmM{SnJGMkhWZ#$H`L9dwy=c|dI$m&YjT5YADnHO#s(bkoAOCQdu zGx57Ud<9DpVE1Z}yL3j+00C6AI>2l)C7m2Ha<8U~p6(y5`6Vy-yv6%Nl(tFm8V)}L zu7li8ai}xsBBw-@wqs%uS;e{GmIORjr68R(6Yhd?rLSNgoX$MeNvp2XIYuJn8Jr5n z8#*yu%HGc?hc6E-2BK^GC+f|2;Z-6UU@fy4ec8m&1 z_IvFw)5&BoZ;6p~Qb3Yy%x*2Wo15D{Jy@?t03c$;Eq+2UAhJ*+U|>fKOcF8-TO86d ziD_(|4(NVWhj-DXf_q5|g%yn6FnVhDuavO|1BaKa94i^z$weFT2*9-Rie!|UXd~HR z@`MSt-q>mk#2%9=lLD{5a1|J$#VoWa#}WY5P&ZgrI3=RJVfK<`-&6Z{zVn)Npe?#3 z{K(m9wsa`p~N?ICw?FNnz>p)L<3J$s6Xai)#P^gn(7LO;PP_eB2MEjNQy`xWb z-f$0mgKEjByRwQBdODj=b=iFV@hIOCBK_jysktS2JDZA)4z@5PT*#P0ll_!`%e^&h zWC0s>lsaD=+nA>&AK#iOb5ps=9o^1Kuc9!v;iW0R)lq)Qylka-+vplS+3TWxD{YK? zOTTn0weED=|JBxiB+<>Vq#iV?{25#HURu4uQQ z*vUO(r~Ijk=qN(mLV*;6>6T?oj1o5i^d&p;z5i5St`sH%M_K`is=65{mjlur$wx_uqoG^N!N*ZL7=usepOIH6>B)E*d2eqzbnQKYQ z{H-gE!3OJ0x8~VoI^tw3rJxANoErohz)MXC;N}O#QDjt_!SfWd$@tFbr8aUhJ zhtsWLyYXaIbTUfDJ~0}(dH3F#HMDJU6lfE&77xk=MIq-_UmROjc0O4mqMu!%=FeR< zYc?fKbNQlDH*rQ)#xap9x5{-liq18%9Lp_#TO<%i?ACtRvxB$S#1v7SS)DKC*f+DB zqE=y~&)r^$(oe}j7WpoL!(a(%6wWp%qC9uCq>*BQpiQPtKdZ?blPSqLCrhra^#pfa zkUE~EK-baao=#PgoB@&aQY60iCeqBkVGB9ISC>7a7=@AYNhK`T5G5^}*w46lzF9lh zd~FHnw|(U{MdprSkh#LJ=x!Fsd%Y=jcEbAZo9&LF`y*wKMAG0Zls9YNpgNRH!J1Wr zy|Ua&^T<&bQ$)n&6*1P#Zk_qN3|g;T?c^;ULVaxR-_qsXRD1I|e{SM;mwELKD6(FOd&m`$$&`<6fAI1b7#68vtGylXE1g+n_Yvuj86Gs#1n z!);&YL#8l=S!IV6g>0tG=qqS<*|8Y{(E7z5w1-#lnvx0GHb$OB>VFO-v#fZ3|5E^bzo! zFs*?=C-q-l<>MTtX$YLQrDUe>&@-ugmt*fmiMhWz-!@>_T8&s;kKYYtXVIL7qqFJI z2RF9+Nw<_qeP=U}T{o|=0{eQtpm#+?)F7SZ&sv7sW%2c2*Td!!?U|vMw#u)uN42b- zrOf&-9Aft+mw1=#3&TvU0^Zdg* zxr1^P#p{jKVmw*#l_2Q#@zH5LuI^~Z9sO>g?Ou22k*z41F*Q<>0SS_XEkeV&Evah9 zFgAT^0s0!@F*wXYJ)D<8kN%Z$~n$%9wr=jvu8*Lvh)q^7SusDW; zyM9^k?DEbe@D8ZEA+nA`C2Swe*CQtO$S#LS=?C_|AIJ!g%(o+QKfb*FANO3|2t{v+ z0a;w)IZ*PZ!yB>^OVtZD>O`sGCBiE@=I~R(FbLg{aTx6mi-BS08$80AT)l*}N8=(i zQzMQJ9B$czEvd+(Tv3#<(#jJF!v!vf*e(Y^9o8Y;+?UQB6 zrwZ+>G}VRy=F={Rt^j@QRihPXu|{$2Z93^fLQaf4!_*(le?+%65om@XrbsD3e)= zaX2D}?{9Q-N93dyzk6^MnKE9Z@+NFsP;q2Z>B<(#tP8uRJJm=3re&(^_T66I{lafaIijKF(nx$>l-!3l_$1!r4)J&cxV#r)-WMYt zF6(%~sQqGyT5cM}sI<_*v2=22Aal#a1xht-$OI63_joT`$aEs#${)wyJi&8}POqIz zrQZU|R_IZ`!}7~@F(tqnz;x2b_5g12VA}h8e=PI(8rQGjcTGHd`;^n~=X~4=BoVLb zcMrh9h!yNFl*+HsA)41D+UOj^%f)JN!U=Sius}A-1Ia!nu9~32glr#kq#3k_EN9Vw zLIT%`8G0Wjq(8vpYV7Im|!yeY; zp3}A4KQ;VKb3lO#1*fd-~4Nm38aUN{pZ4N^+_q}g;C#n*_9 zA6zbbs?l_)We{D*1VPg&S83aRHn$_!&F-shVh@m}iBEt-Q8A~EkUp4?S!D%l?{z@w z*~6l}uGkX1ZUrlkdwPNU@sueM{;_~Qk!k&I8dW8o3iZgbfq8DYGdseC1L=wy3B^?v zV8J}2TpVxiWS({vQ`;lQym9=iT74`binZ?STjtQSNTU@Y(1dWDd4q6M7>xV-pDk02 zTL)0^A6R3W=zmt*{;Nv%|3zx}nJD|G{3iONnA!ag`;MF+sR8*P&WVl2Ni*={h=}6A zNXHEuFdDmc_?U_L6%ydY`T443T}j3UO;~QM;FKe(7B*EXT3eZ`s#aPSC{^X$guL^S zsvo|8%vXA?th8EQEGk~IGd4CRrme@r_QXtIcAdT-^SpjEhV9=SZg{@X{TYTSa315Y zgG2^^kieLU6}|P`6PSXPRz2YKxk9o(_9UuG~yH_V8!l^~9E>0*rn zE}xDdOB~wsFrosZG+qwL0rWI#x_LA!2~tl3Z@{~&yAf~qDkWQT;!=aL;1ZYGAUCi% zR8eGREJ-uO5+qo*1nu@U{MvpXqM&q}wS74muF^+}`KV2nq62C=T>-8E0L9TBtOq|r z`672aQ@0a7uIzlcBxlM!XzsE-nxy*hRHOEM1(e)Ojg0rw&IcALa(*_TI-PD6m^n)ENK$36lKoR_&d@I2G-=*k)fLh{UEd|2^-gI zZH=2U2RzL9Ieaq-cB~k{ke^r7SpG_8k5?R!YRK3Xt`zqp6}Sax0CW{GOj{^826^wC=1g6$ z6@JF=jSgyu7eaL1cjS~SZemDkngVQ*%^49lObe!R|9-frZX{8YSdW1-7uy?j&xJBd z>)E;sHm$2SRZ06P82H~U$K*4{60dyI)GYb$r7%A1lGZ%<@PsMlP> zCzijMC~`Q_%gY;V^Q5fk{KZRA@1I>ITxFtU<`P%E=pPa<*|cyeE%|hS>b)5?C;mol zi;|uSmCLAQM{U4|m%(1*^R-(F7l02z|r~q1TT_fiM;xQe9H|;Lk$Pig|?W zXIfR)AuZVF4O2nde5mMXQyM0uU2BkMU9Qak zu#>ApwLp>*zOnR@+HOtW)X3Grew*yT7aO1HoV!Kwz2wEvx&IGPZ17yi9WSpgoCJHg zP_k3Fs1diUjWjG|w%f~Lcre1MO65gkrNJ-}^+R~Dm_~7+@G4vhj<@XLHAD4KU>U9YDIzADOy+>VU__>At zRQzGoEC%It8iYN=MnM@N@0O+7*y7mQ)ZtQ!0{NYqbL|vKzY?VQU691s8MrEJr(N3j zb5X%0kdCFg=mmKxC68{+wH@&9FNkXU=~yiHLe9)qK7FMj)YLdxJL7f-PBmaz2^u3> zhvWr^5`A0cwT!f0irFc20W=fMd=bE?8%e>Vg~sVvu3VGqPG+zB86{P(#iTr*ijqnv zpL=7CaZlbyPtRxE{0UzZ=okgT>on0oc^&*q$Ja|&;8Vr&OsaQeRxP?b0kSOZHMzgm zahf=ouRAFo$qDktUS+;XQ>)7yN9`WViV~EJjlaOOa|P3yHI67ons63w*fB+mbC9P` z5(PEL24U1IjAHrfHbzy!G?pfn=7*^?GWI+a2w!0{_i)kj23aB|6MnI;k?2ue)FAGK00-PHc;U{L?d`RF-UfyBjV*SC z^}$)qVT?9yy4wz#-fYCe-f+MH++Z-CULmaJMn#`VRug{WnZNNB@0k@XeEuc+;{$4H zIo`t3J7_A7k8nSo*S5p6c|PTYcAy{=m*t2K<_K*N22qKZ|E`jZ~)3Z zK~#6K_~G8ETiU4ZFzrd}-tC977rNiI1G04iT>7Z9uWE3Ik$AjC1r`E3m|1+VD7tAb z6%ry}D}e^~rCOB-@zZ9kM~#o3ujdYMDN{4 zkmdT9Ds+T=v z8cWss4p*C{XTtWbxHjWAj+VJk@JeFxOc1c#P4qMHKpT}42%j!nB)|KQz&aH2CGeTR+>g5z4k@52n-RD+_cuvl^ORex% zklS|n@vlMGD^f?w zDs&eTLBC0L`j-(fSHg)aVOt0M!e!X_8b3Gacu8`tx(Z53Uj?*q2E98nj27(CbdY*( zK&$EC)&L&TltWpFMao38q;$RMpra5~1EQ{ix%o}A?a%{IDWDJ5E#c^gw{|+-~fVe}M@Rl7H^O+PP~DNmnMEAxzx*O(&M_wh+db?$oLYV|T`y3(v@~ z03s3$k4`9y$iO^8GkoVxKG3ovw?0GpICHspvb{wcx-gMpq6It(l|p3-QrFmAlh_U}!%ob&CszWQ`AiZ=xN@RY zhIk75Oo(_|&bWgbA=9ul8=;OX;oM^8nWHels}mruLuWZ_eQeSYM|h^t*P~cH37nYy z1bt4Pko>0)QTWLLdg6`CT>cw5Z4tim)|ELePhifnf@9yoT@}_q%KQEG+#cNRMf!xc zy*{@bz#l*tS~^7xUkH}v^p!&s>H(@{wBE>;WgUho%SApQCt(;6N{CSIIK#Qr&(2z*w|t&fy&>UCNJii{ zYLn&EbIX>t4ntfKC)P<1V*aaV^16~vN0`4$&%5I6xUxm_kl-n9&4HZ-u5=q zgCvm6Uz9qLCDVYr@ryzyexJZh4bAPprw1%BLdP9A1KFI2X@inH^7VYL{FT5LSa;`j z_v}Ls8!Bo~_s%8Nm-vFN?9-#nVpTpoT>_{s7Gec~l0BWfsvig*1+sZdivl%5IFnyu z$PlB!1U5&*;J6~}E}Op`#kDISlDk%~Ptlb|S%%u+oazGga$Hxi^LKP9T{0LCejks> zJ>J~Y{ji?*cRj1aI-`Sfp1X7wyJd#EcAmRpmisp2@0l`&kiahs-x=t+b-U3e&Sb|1 z;=;g2ecV!|ibG4rsK_zGgAv5WmH@?1k7VC1ig#C~+i1nw>z_Hvd~A=B^uQfu`^MWn zqfWoLQ_F%L2mJeiJ(^U7lF7A~sW1pK@r`DSrAYU8M&L% z{bzGn$lAih)|r^$U)|uCB%2>#0egiBz>2qV4t-8|JI(YW{v;IKgYwddk>yuPcb`ziBRQ~r=#?B=dCy5^oC zuS~E3cIOc%I@wnD)M?S`W2DS8eSs;YHJw}Xc*=`B@f{3Y)wOl0X~^$qzk5YDI;{_V%ff*FgL zwmBgr_g5PAKY-Y(2U1PJ{w}?2bJz!ZBVU$r zM}F=f(45<3;^M-~v%C96AM*DXCt$3OinvPUCx}U}cdB`wWEsuGuz9m{GP_heF(rg8}PUHsCoVySiJQrDKEx?#gt&zeB)NcpZ!9pVfoi35!ic%SF-M3Px0T z)6V+H%Sev1tUI&|O}-+@Ekao~pW(D>MvJodMUA+=qr&MGmDsh;-%H<`m(>MO=Q~Yx zSZ5wl3I0RhLGbkLEvQw)~Ur7+2QnhOZ^Bs*Ny)Lr0X6^MjY=h za*3zH&~-L^kz<5cZX-;%b2~lzdD_O*wR+uj=JyHmt8HHwa1@++y|83~m8CVq)EUoe z+OpNgwnKCGc-nDkjWmGY8gtj5J>U(ot-VWnU$B&Yn=Y+}3|~Uuw_O8}6e4@Q0H-oz z+0x=<6qZSzOGckzKSEX-z4~TTkm~6S#lX!yDFPUqC?4XiJy2723$?a&7CWp}z2ks> zAz_saT$?93%Z7#LRy8BS*xF%@RmC4UV9BSFD%a{vX3L=2fDv$v?Ky^~N7E~rF3s`} z8w+5C;a>YCq-~2MuqphOL&eEz#YF>gHmSXJ63=t`(P89NC+(?`Ql08#No8+XO0b*p zuTZT9>{h!p&86qa=8hhfavn_z)JspqU6F5=(aj#7>h$iQ>%;BKbvb)SCM476dUR@j zS}uMueZ{-UVkhGS|3_fi7n>I~@Z-PmIyGHZmZ&=-o6Gu}q7Y>ZMl)~GcMzMlO{4)~ z1xRF66A12Wwv0+zC#pznO14Y_ByoYy>#?{tXCwt5m~$tkt+HETz**%FsUkXZ`aHhg zBmrrIBCuW5c!GCfYDrP}=e2%BClec@bgtl8d$EiH-w948%XLP%nWjOQa*hkMMmha| z{lGB(J`lVtov+iKK^jiq={imCj|fBdVN-;Zt06~xJ#|LJazBe-o)yvP6UX{}<56N; zkTubqf^G$GNVCQx1F{8nh7;Fk$RhyajB12+wAc)oH<@ECLo({6Z+p!N3Jg1tRpFMtDyQ>Yn)p_>hSmId>{v0JoOvn$ z7AX(DT}h+De~A5rz>0DM0hdChjtK7-#}3I$-`4DB5d$E>2T`O49MMA^*@MasX1$qu zK;dy1*+ZVR!Ht{U``!9`qn;Y>4RL1+%>Y^&viFuTqXA|*kCWmwW`w=!&F_DJ@%EE{ zV78YRnl4Ma_D_<8IC2Dgksx!KC&6w^53RswjQ}vPv^*G$zij^6inBlA^p3{V`vN|Z z1A2gYgU$i>hGkO_!v~Xk>j`Zc+*^%heVa&`~mTjoRbhNy}> zPkFrJj^)g<8&J3Gjs|J@iMhJ09_+%BnjigjB(HFeRbO#GmLJ)!#V&WCEgJ8q!p;Bu zHvCT@bDdvZ9`C27qr&~W0|)hgTX6nYdNoINPYFp4`HNOV9X#q&6dr{#624!#ss&^i zZyzpLA1WNArjt0W9-Y;qQK7zNNfvMG!l?!BM#${XVbHAd^>W5$Lfe-_j_i#an-n+! z_|eqvj@R7#>}!tK?Z(HepWi3MJ~Hl`0&pJe3_pV;a3$(=mnpsJ=E8o;1_*{Lu;d?_ zEk{sbZ=4(@PDzkWouX!=k-&p?99goYMc2Tf-y_1(oTt{(y5d|H#ZN+EbIU`p}4V5s< z`KtVK9Hxs22mlO4r&ln{`fO(r`{N{+mD2$*84>t%uJr_K(pu1x^LOpPcF0N z%{NT-dMDLC%EIdQ!-l%FKr^O07}$9msDm#BHBu}}TZN5AJ_DMaBQHi@8FG6(CoCp= zuY zszFx9>N4&|flkJsKxC)N9ZX%c(xX5_XN7(Dv6Dd)RtuWRD(+uCAnkuN)Q2GV8~Y<}03gE^!HXaXiXFAa z1;8M~6(UC#5wnx3ZSAJ*Y}#UuHJ}en;&*QqQ+em?@Mhnks_|Wh9)8|Iw5d0nuz@ zLRn|A+e}EuPOA{!mQC0wi0y8b$CtAWu5TJPQ&bck5{;OOV97v1g55wG`MZj6x(w=! z(_Be24+kvDxob(*ny;0ykimlu81@)~YAf|blc=nzXRm?(TkZgQgl+0nq~-kf|fD*b@2aUUBJ3&9XMxJWOSWM3vV6 z#n?M`R{}-ZqE)eN+qP}nwsT@9mE^>>ZQH5XNySdZwkp<3ci;Ekxc5Wf9%KK6wddlT zQ_UsIX3Bm^OKY_ubIgL>!)jt9p>0OcNn(Fhfml6mw(=iaU4D$WNNuje88!a7!KGIP z|092?8~*rp(WpS8TG0%8b6(mHp*!wT@656k@m*Lnv_auj?w0vn^rh(*ow#R*X9Lt& zj}zyHX>HYzW+{)nH1E8uw5Y(-InBsZ7zDu}g-m_@NQ-jYmN#>Y&oNQ8?!LLx%%|La zAm>xRXtL$jYpqkY&z?=4sU3Pi9IwSn$s(hClDGlHY_Bo@yCPX)p>&zJpvub93j@x6;q_sw0sX&4b&|Br5>?4Ak;^DG zp7)Pu_vst5?PvDq`*xHxPR9Y$Yr*q&gy(-Jz5qR6j9DL5)0JJ-X;@2)DJcB;jn1di zxjr7TT~{I7L?ht1H+?|_873MRV_Er;F8Rx?Rb#Z-Z_j`6d!Gsaqu4e0qu)&OO{MVv zZ>bbC|JU3jZ4a>f{~BIZeMgjU{^kM*>?BO``ueMKi^*h|dkNyJ&|%2pDsWj0XDiGc zXy4k@&Wq)rO5sl?@C^E{h;wb%mWWbf$HL3{lSjbhLtYH zlJRG%e+lOmHRet7XpR3!xRx<*DK$IHKbebFpwLl}4;JP!XGKmb_fa|(P zrO}t5H1kThQ|p9_NZrPSdugQ|9)Iqp3{u^?A5*b=LwM@s13Uw0?1Io?UbSasrDwMk_Xd zZ*^YFpg`XTFg{iomD&|E!!^doW^Rx$UYeKhtq_Z=^7?!BM%2a^?VPcr#ch_s88kLx z8%;dLf*CxkTLaW~OypwDXpvXXd1hICWB#Bb=uSBFhrU!}v3! zoF4wQLE}EC9U=ZlK&tiBuW^4jx$*y7lly<}%m0S~$?{)4Sc=B>f5_Q?T1Yn{rQQ|& zDoiCQX8*ZvPpwXztV1HjM%=0-c3$_#LJEVU%gG~Al<+X`wqq0{3Ncrp<@g!Xi*McA zBPpJunDROP;$rIeQ`VcG$JIq1W55?^AAPb9QGu+4kT4Q)X!zxUdQI^ucoAeFhUQudNW5O zV;8|}4Q#;e)8B|+b?W3+ot`BTXCIRo>jpgz0H`xKT=fB)YWnA$v&E=>(36tQGa$d+eT(ffZZXnbS(3;BPO*Vdq?<7V~ z!UzZ@@0vg&s>IDp>rfuZ^>F89!dnZ*T7$Euo1b{J>o(G-y#Wc33O>{yCkB|7nl%a! z>O@kU?Fl-n!pC2E=wx<-w{eURC+wLZ;obc6$P8-UrNF>;{1hGQo1F)irCfk zlVK1IG_o7&V7d$5*dl&2tcVeU>@8g^+h@6v&LA>@vgm2|R4V*LR?9mdc5a*yKN2zA z`qkDla~WYAT(TH_3|pNww2bP>92gHQhvsDvVV6-}k5<(Uk<#G^mS+?X^S`R~5%i(w zU%Viqahp_Q6`UG=zX^UX*US5r4a;$5ikop2I;@80oh}x=6L>5OV36Jj4NN=LJ;O&i zCP!&s*;#8RS%j)^w2avQVeWofH|slZA-lqMN6v^sCCrl8nipFm-p)5J+2m8VqSQH2 zI@$Y06B}Eu8A=AQHC72L5iiWevCX<8+BVULh)^w0P|JFhwJ7={EkL(~`g=_;ShnuP z5oWah?slPk(&-w(X6sbNr>RF?7(~g4PyvEH?xs|~^iGGB@A(rVPV@HpBhIx=y&9DsdWcRek1ayneHCdn*EYY1tl>x3P?d&W5H{;2{QuPX97VbjdRzwk8thC z4pBcf(NwL~qA?z4f&MVccf6n^$cSJV_XNsV7tI?j4PDtai%X3!WT5Z9{N>(i+!s82g?!S6Ko2x@zK$M|3E;KYhT^UZ}cPlZ#6al z@9p4!rexOtKPhiGd<#$W+m<;cWsa~b>C_gui6&~KM~?nrL=KmdPS8nyifQ7i&2~GG z9d;ycA-e5@yb*-TMQU=dl=_vdbvJ!+k>cdmG#+@=E-RK{az)2!DO9&7S~bUanroFVwUvfHw}nv(fy`%VEXy7Yiw zztUHhk^de7%tpn)5IkrWg-tzHwTplMX1wgSA14o{fy|$7D6{w;li92qV{i@!oObg) zj#lh!_4Tgh`{+B(SyB2+qm@2=)F(imu_HII0A;+t<>=#xWv-?mFbwWd8l>c~dB)y3;X!DS>k5C~1>pQ+c zN6}1RnONYBVctNw1r}M~`h!nhh5Am%+c+6)o-o`MB?fz0Q7o}12IY0uLQw|ULo}C+ zL^#J{0&Eb}Dz!ucmPpn`uBc{CcaXHv?XJ^iLcQ3}6MR{qGidHJC`Qq1&s1kp4Df}y6nGn^T!9| zeB-QHR)@T}T~@~l_;`se<4wwZI>w*>smKar26=JtJ-O`qZ$7f6um8n2IK=Fu>D*@A1S`>;rk^so#w_?v^!3uf2=iO1(e~0(Zfm z|HxTWnukK}Sf{%`5BCAcc%3K|aC{_|ujbm0eUBHoB?CU6&Jcg(?cZXVgyUi{JHZvf zX&-XZZ5=77YE3s$rp7QUtW=pMINe-v0fk19MGePh`3WHiFG?88wR{+=n}$bGC)80$(6I zlTE>0ylLj(Em)R=%1gA-M;#i4924u#KdC%_`Ydou9u45pd6CZU2L?7#Oz-lEcFuI1 z+!7fvQQ4%lQSDJjt_J8W^w8oya*e;$Mnts_G0pAa7D_R<`yZT9)PVdcp`cXl=ud*= zlHG;bVg)P>ku}1l#f`<06-2Xnm;(&$n6tNVOK3azKQ^&S0h>b8Lu_|&nsNRKaL{u} zVNz;am4w#s0*BumdvixJFMP*TjS8)uC?=wz1s!=2<4*4lCApAD*ZKq1>Aug#F<;{?45@(Yw6xx;`O= z8gGr;Ze6G^_6Y67?$-C21Ynyr7WnO-fmlXVF~2^3H=!)ef>&pK zWk+}G&ZyN`%F{!N@fVPE<&z72NG>bQlM7Ssn+9~K?2PcyD%OE}{nNQu)q2xH8-BlB zz;f+=S)iTb9raVJyzLySN}R-dxtsP}%re8o`I1IERZ)%1`CIYicR2`-ScX@Lt599- zra6AGq_VULv^wadF>l@M)cHyrE$33`NsD#cAZEMhp`!lN!j{PS&n^Ybj%pv0{Iv=W z9($kqZA9Mo&Ls@UzFxun-;nxf9mh+0^cP?ROxZ@Ph_;7kzX@$G6vJ0BdNZHm%$pegQqcy$gT>})=KMtIh$n+thgeQcPOrKmd{=B4M!Ke z(f+%t(i&{zdiu}dVlr_Vc>6aNbpLOLGXG~i&GtWQ@Wf569RJty=)aI5M}5utyRzn| zZ{thl-#UOt2~RSLCc~X1BLh3&irN>Cr9(ZyLRo$+Z=i^_9GapU+U{3D_ssvLrnmb? z{b!n2zUNU0;f^d7O#3D&<3MesFyaEg6V5 z&>E@yC7~>6)JwQQk0Jepnvm9{7QU6rmmW3gt_5ynH4L#78Tr*(e1&G+k-$ zvIquORJEEAO}sGT44R8uWgUfK@>$bDOg}iM$%Fw*E18lsRIEN#h+GaQxKV5cLG5o@ z5k|qo=OaFXp+YfzIdyJ!lyp3_4}xt3Or z`D6`Mi8SzKkK_!se-kv)WeI_5Z8?!l<|Hw2qOcK9E3%P=yeV6hX+)KLk(lt&8Dl2h z1&s<;4Wg$}v!tW1xX$-(*-+Cv)q!d9*@Ip-S4L35%E-dXUE;0V8rYa}-H|I;?Nz&5 zi^MTl=|r%&)mWJtHO<6f(x_=@!m!#+blI6|JLssI=&N!&ZXLC9?G`3F+UpmS?ANty zOkIN=`@K&QT25r5nnZrOT$A&Nb~C>-dPn+>#*uY?6QMb%k;k5lVojIDHtr(YNt}62 z(8{(r*=b_f+S1M&Mxv3y=8A)Wjpsk{j4i#GU2 zj03K4p&P1lvTx0EVBLxbu?u0i$vLAwvj8B2TgtvRMc=c{;<@h4PlTH zA-CwuCh@HJHyX@2sYwm53LW0108gWO4SC&>uJee-MUIcmh#K4F4v9Xpi-FK(me)5M zJDD^{Xg;%zU9Z_`lg<7V3m-6hk98CeIoR#rwY5~@0LbJ-wlE2-C;6@35B<}dl~nMT zd8bZdXhTTq)JfdQ>f&6~KRFe&=d$qonc03pNyIOZI#hp_iDCHef+xSa+WvplzRwW72bb#Zy5+*(M0x>o7sFv8T5K72)rsNt+Wz$#U!)WH3-tqHI{GVcRXvzS zWqfS@Td=E6OC;l$iyeJ1LEX}|+I#()0!u2;AITZEDLpCOF2ot?R* zv7NX*z|~8|+y&t1;9@TBX=)B|{dTVWUzn3T`CZAPg?=Rs{rO`(FFVolPbA;kn^|`; z2&n*FSh+Yc5k1SAr&uBue+`u?ZWu(|q#yJ~DV#MnWj?X_CnKNb$k)qf1}p35%lRAP zj~Sy9WKq5dAT%f|5HokXK}@lErg%x<%SigE`FO3iu`-rkU;X?sTjh_FnIsqFX71~q z1_b{M{6W8$?ql+02N2uM0sPbX4Y5+l9oHUj`Hb7SGi4$8gh00Ce#Q zi&25iw}mVu`u8RIX!?lfa{~2JYzu)^Is>P&po3vhxQEs@h2s&G9yHJ|otG05y*?x# zrk675bw2j)XcvT_~j7rjWsLPJ-BJ|b01`nM(qb^qmywZSTvQmwt$Qbrq1C&qh32;SENd>eYSDY#Zi$W;}jdJTw8A2 z=XLAa_qgjgSD@o{!Mc+9x5J{uJs$7^}bRXJJMlrK9MfOV2J;;(jbe&+3rQ0AB z;4=!~KU1nBDI|u8F;2QXNc1+CiM=&@T)ZV~`?lCM_8J#h*hx*x9Lusr1aLa)GF&&& z$K{a-Jroxm-}@#Lr>0&}@DIu%oV_>%_K1nf35{mY`_W`#Wge|u&uucVqY9G_C^zS; z53|6xg%jb(C}G<)Qmo)NoM^yLHUt&Kj&U!DX0Nifc+eRMmtIjhjN;Q=E!Lw{$;=*v z@(k|BUacVvHYWbA2+H}fY*Z8JhO@lS5PGzOf?_P^!K#9g=q7e?GCLc=6>K8yGKu#X zGI?P>caPNhs1zX)ji@jV1_)Z(P9uFwx{O*A`cl27W!Y8CI~S8;9# z#6p0|2i`8iS3X`5^IyhZ(5@84@B*085;ih7u z&!H8#!;ji$k@TGX9P6?day6?zfsN%JACAQs+6dMMhv?5_Sf%8sa?Pzl6mtxS zHO<{SEUwsdDG5l67C116#V@d2h=|`K1O#cDfos9)R<0 z2o}4Gdf%(4XBpf@*f~?tXT^`!G!~hIWQu+&!ABsdl^{dAoDQ-)X|pwT9))zMRd)%^ zcrDR*UacsLYPVb1MBhB|)HeHVFII9Mva){#h-c?TEcE2UFz+K=Ou0OLJB@61nAWey zI&_p#N$*s<#Z3(f92k-h4fIp)M*6yu3i|MWKI+A+FsLB2iVX$SXo1_><;VlAI^1|{2IOK&SS=l^vXsxh#9G4-7-sQobTFAz6DVX@ASkI2YIupz(PXU5 zti}yAHk+Dyv|8s3Hp3tjLPFrpK{}TvHOs#>>}%AkmO9aQ1&@0;85voVhD)}ez5=2g zuez=oj&pq;eYPf9-`WHrevFn@jw|NQ+XZ}2;z}gYUTDNW+F(N{%v9oaylMw+9uYgqd>?2X;=gK{#at&4{=Rse^P7o^Vgr z_f}?(*D%DsLeCDT^-9y&<87O%(Z_7Ac;p#QKglf-p7{6RQeGD z<#)-@1Zvp~L86R9ilZexIa6zs7aU5%nV*i+w(*mvFzp+;9CxOhPGt<$zpglY5tvOnvlhZy!#6^w%}9|t!>UI!u1}?o`J7Fh zmqC$~eUD*R4q)41yA%1Lz-f#<3*i~jU;##gTquizLu%(${I)EnD^-$moG5~rfdr9g z_>uKKsdcpYQgk0YSE3dv_EA7Jp0!Jw=u?U{1uL5$(jci1qvGncG(|k#G0@x2Y{aTw z1wCmD&U}c%sfzH;RKu^G0;&T_e+qK!(s5-K13d7kF0lZSb{h_fVvu* z2|Z=Tnu8q>*_Hz@H>im#_}>TfL1g>yI%*H+vt9GGWylP`D7f}jpzMxHCTRzBkT6Y? zP8Ie1F>L$jA%)&gO_K8X+N*Y3R?IwwY#A^=c55|#e7Gbayd+5Uq+B~pE%UBUs)Dtf zo^9U)l-F%&3afsxE2)U|N-36X>o~)BDl})m4(M_Qfb~6^KA7x^C}Q-jjRglv+zN$W zeIqdM?@654gen~+s>83mECB6a2_Mz6<6M!-2J&tiAzx1`%t)cO7W74Yioehvw@?w4 z#m6A=(zgVt%Y(l$?pJ42RZJQ~(x9IP*&*IZGN6*yEe0SwXMY)H)+cz-Rs|R2dob=e z?yB2!>=JvXkI~n&D6Lecv9{Bc%&8f3&YnbP)Thj4m>0M>%l_Mt1LtKy<5=p1Z+iB0QqXEYGAiUb3;|5WO=)e#ZflOmZk&A$X z#MFSqkaYs!ss7KuhdL_ZZKFHX7>gh5h)22oN_5)3HVOSm3l2&1J-vM>=W%3gD*T)~C1&OeF9=?{;+|_j%^me9 zbczIO(JC=28HvDbZ^q7(8PMFz*;r z_)gsQ-st`#zZ7=Cy>Uc&giTsG2w~ij1?^$kwS88EOxA*z>a>cH+RK1A$p_G7Tn0MQ zeN)8JOkFIKRK0%Dpk{g-3l>Izkc))23KYr?k`2Wv_A|nEEyB|WLQwowu?0FamKt{k zhDH!f5mB5}6Wcp7HS={x1DstWFXaPs&|t=cGm3v@fQ4r=O%55Pe;X625gJdHqdpoM z8C|!xURoVsrAv}6eHuAX&96^c!7a|%S*ZS6T}bdGxR9+Km{QuWe18Sxq=pVBoK%ho z`Tv=UXu6Y3i=KW8J3IA|6A(?mc7#6Q9X#X&>fU`6LqwAP%(}iGgnw}g(aa@;2?Ked z4Yw;N@7O0dmNFF&kITKx2J1kw=v3d&Fi{}h^mKdz2k~6trByCAcDmvJ4 z%I(sn2$*q8l2r4{CwEnL;@}|gZ1<2o$>xknt$i)!Z|NuHe;e;hpX?wp;M<#EPyUfZ z;ZY7?LgQwxpXf8~43F<%)< z@7~Cv^DU?Wi6dCa>unVDJSY~oXxn)!0w330e<=UITPa-s}ZKFW9hi2IB@ntJ={Bgb#Yzq7x z4t|xgX1_)@tdr^ui!^=4_G?x+kcUOQY6p#k(J7f?Qj!d{(Se$s^qf+h5>!#*#?6K~ z0XMWPvmHvY=>mK-9B;kjH_1XB=pL4zWMU=;qwx{OcC8nnmbOS1eu%0(hZ49_)51<7 zf{Cp1Wb8pjaWDz%1?!#Wfv@hINJZnwULKgd-aGw=U;z(P;;feHQ@LDa&KB%ZnJE;t z1FR8VRTjCwnEHk-V|K}9p?cr?h-8#c6yi3>fy$tw3HSYn(r6`}& zeJg&`qj^}Kff1N2PZT54U6PCu^+sk6R^qVMK%oz_Gug--$=|C(vhkr8vK!}o9+&qC z{LN{+4irf@hjIg&M0D?gs{-iO_k5Zep6pFBspi~&+ER^n*qyM;JtzoBN7?a6H9h%7 zJwOKz1(TIz;@7w3B|ehh_Z_@hZfvoi-Jn`FPanoVM@EJ}JI(c9A}b=2Encu^oM8vB z`ST9L)~xv7YPxIA+g*7FogfD;zXk!m=k!Z}ZS%cNPekhZS3rsVgy6pb-kl0A*z4gp zxbE#C!yV9K?xaC;g_FOMg{CIuJrqV8)~X=zzFLK(HsBRAW-7Tqc7t#4E8WW~X)fvz zn?0RK9asQO5s15k<0IMhtmo~bMOQmld}%jA@o>>YyG@r}4*PLznHK1(^N%3;ql;x%k>T_bfNczEgcU6juYA zP#>!0`F(dksD0U68asm?sZtX6Fq-ESck1AL=ZE;)Ij=HHl`PCK!AbSZ{s=>ygeyqm zb@W9k?z2LCX4=X4a$H59rlRWVyjPJ_KX=}m=RoxiZKorRY?mgw^BcwGhI~Rp_Hy2O z#l}>G8cAgZGp66bd@`4Sx36YW3z&LQ^Z)}`Zp={)`!$nDlc4{sp)VoJ9|K5-(VW)9 zH-13$@($jVvQVnzpWA&ONz)j*SFz#q>R*hus|rmwo|Yo=UcYsPxPo)r zNdLlKaDCe*T4RahEGx^ZxBU->MjaGMGLl!JXE|meII*!J>7+8e6t)sxdJ=0PoiHpi z1m+E1A?Bf5w)4|Z^Uu_BLmwVml9Hj$hZwWM zwev>x5J@=_dsEKCg@i=(1QZ0xw4tOlsolkyip z49{U06B_b76!1sIrH^4wu5Ek<`njlKcqgPxnJIYRW9gwIeCvA5a zk9nI^K>}-SSUX+785THZMJ}&&hFsQ4m{X(GP-r%+wP`a|u52nRiC>|MIjYObSC%m_ zL)nFgvjE1QF}siKW+tQ6*dGNe-iHQ{hkYQyqo?=?hP=g+cun)H=C%1Fc>v0&pfh;`*uJpAn~Q(wDf=zk zF)}Y4_M#i7E4M_mY`IaC$*xFm$TC6jKGJlUytG|SZ$z81pgh*|9GD_w16D)eL{7}} z6O|0%{o!FK0=e)$5gXM~Uazs3ydKzOAae%lwyOcslH0@=MBJOw`meBk9nE%#9izV0 zx}oyzfOK?Iz);UJ@_ZN`2;)(_1hbXmYDq-_+#XUKmJijkjda6fkXszqcQwZor%Ouo zIJPWp5Ahh)+ePHrizEDN6S?sm$cYD2eN(r0FA&!rY$V8xWYy}nH6&5UwiVtb=fwFY zJ_V9OtP6GfGJbrJ6Yew4j{MYsnw&nAoV+x|`Za)t7!H4XZNtI5-9Q8Bq|)+q>8%LX+Z3>t$DwuD5xD-j)XW7x@y>6 z^}#@9khhM4R3ng*9B?_fa?F>_mkxR%!7NMKAvh z47Ne{eF9Cf@qMyYD>HlD>X*1GgZ+Ym^ZKxAw&V@{g4z)29(L=De@$GUk4avMoVhlA zF6*%4kRx>3TzxFh&AO^JdE7HU^ba4e7y8s+)ia1;cONgyY%g;qpH>1HwJ%Yifl58o z@V8|Z zIVH>bpmCl#skuZu)k8F*-PT^4Ia+6z6)t=9s_!AE-EBw4Y220a2_AB{wa--w*bc>% ztSw4HSi2V1nzf23rpF?go^jMi*Xwvv^pHFjtkky}48>7TEXL?*a5TtUQy4~Qdjr3$Gt*x(hqMva9M^e;lv??iMNmpGxlt6 z31z9(LfKSE8LGtV8YGSd7QwW7@X30NB{t&#o8igwC{Fi&*S#qlQa92>&txR;2fd)% zZ9qwBYZ>x|a3*@k36kFmA4k`RstI}2F$Y6;wIlz=;DEvjRMPS!<>H?Z-rZwM#>(|u zq^!sg&72Vwe3YCD78#9cQxaTbha*d?{1kWTzDg@KOL-)xVUXAM6M6*Qj+OmI88<-} zrV~Algc*rsS0JAhz(9Pc)yhNR)3U$ukmTnmoUwHG10mFPctnsmcSfoRd)>Gz6*=UE zq>r$a{i#B3Txy%^tLd-?+^fkiiJ7ztXu?>V){PFMaLL;Afv-k6f-)S1d};`+2gap% z42aiAqSy6AI<4eO>n@EvxD77Fo`+J}Mq?tX7}CxkkQ6OVB}LP}W#d9?=q^Q73f8PE zFqLd3loRoMi>51=6S5dyi)D;Pa1XUq3Hog&QLfj0!Z)n{xn@(3-Y@9MR=D}T|Mbs= z&1j4sYNK0e2mw=M%DCdY(;DDBCtkrdBv(F9VXWg*AaERuD9t9Lq@>hecW5CHaIn}& zuodmnqT4U?#k2sZ-%>SOqB~a-D>5CjX=Be6co2}9vCS)X@iK3cDw2Ug*ts+n6MxUu zQX7f2p|8EoTe7Xkv`hISMxBq{Y9qx!#ms*1pIQS$u=__wh^Utt&0?sJr5c;iad&(l zS#v^WeMw?sZ{t!^mygP6*-1bNQ(8*(`ocs<-Xof-XsZ-&q@2TCvWX_MC$Q03kEeG( z_?MESR;Mqwb6eK?X^8?r++AoUp?1FJ8L&iCe?qmg5nr++)pfgtFmRY3~9?z&lE+BnKx0-?1Z>)+6oRO49J9p1SxBF)4F%A24#1E$#_>LdR#(K`s!o8TP=9=^3CVdoi{&2G3r)_kR z>&O&!`yGtT(HNY)YKeV^_mDZZ27$_)(J3pissLub%$aW|WCz82LY`~>pU@{@w zK|zY=>~wobanvMeH%2S(mC~IF=RwPN)AgP`*@;cIC7PE>(9r3U2e>EzZDI=!I2vYXFPog2^62V?tNn z3pb2=zEq*QvV!PKam#pu_ho9NsKmsDHct?`j`;eN0rT(S3G(%rk2Ri`A!6bTDuVX` zquk4n1sM&dJswbwgW&NWt~dmo2NEp8>zri6vY4TN|2EycXx04%hG9F)Hg4>&<>807 zR-3Tgj@5YYAt-Ao2r@$RDzN1$27wzSZ^-MBdHnk!TH6LU@xmUwN$`@sTsGdcieHiP z*L-60?$#45XvjP`FX^olzKYAf=H;NysEs)9f}wD}AWib>5)8KAlht24aQQY`z)#U( zH0vy3CK2hd+wBEcCv@wN5|PdXbttfBJHsS~jMLqBg*r5+XK={$y+4_8$gnHR3cT03 zfD_n#$Bj`L5UET5*en*O{3Wvz<-<6kDfd$8`)BXy5lV~GIxd#)W{mUSTi`ep5ocE| zxm6g8Lt+5Oq3%WG`m$6IBh8l_0kQrKd1v^{^IhnB7WK9%=Tvj2mcJGRbpDh43!;F} ziLN$(naSfpq_&I2v;mv#4 zdm`(Cts1J0j<<+?7Kh3Wx)=9`Fv3G_N!; zLoc@zc)0e$n@A~_Z%sV2uhdJil>8c98CA88>~hyYks}2LAIoLwGdoQbR%RqoYS3ru zJI()%%;b)um?6`7p2Jf?ylvCBw_U8RsL93Sypi&guc@xB&d^{Ep$p2~NsJd0V8N)h zanK_)Pc_`-IX`Gm^99JpUth|g>*J7_dT1$*f&au@2+00e;HRo+wCdd`6I1b93+^kI z{VCzB3Wi*eTGhMJb(r(*ZT*j=JIB$=UN)b*9;KjuBlgnCKM^zG5X{%#12BKmZKdL& zFBBb*DHR%n^`=WN&Ip_VNyL~JR}pCNkzX`yi%uV+=yG-6;9{>gY~&y0-N#$&Fl@5` zve6T3vsL2S$onQ_Ql}ja07g;0b%kyu1w6&U`2!{syTH!Z0<;ZQf@>XM+U=GWYLF zorXMuZo6vfXUzqhPMJaZ#+hz;b z{}Lf1{z1^{GLApXDo~KL6@Dxj*r9dZ|GL2A!`QynqcN9JPxs^-Oh6 z)KA4)BMq5F;ToJ{vUXd>Hk@nYW-5jrr0*wR*Sd4An1FCUL%h!n3uWHxd%pW3Y|cq^ z=6l6ODXOyF8)nvpMu zT5ix%*ehUG7G+{1Z3ODq#m2=-x0nD&KN+PG-VI*Uw#VdI{&tPa86mi{?}9e<$!xsd zGO>b*+HFQ0Q2<4|b}HQkg}@~5&EX73?hc_=q+12j+yj-lLs0)-hCx4+k=g6cq`J!` z?kBg$q5kuKlEwEHEth@S3CsPwT`cG&bk7_r&Ls3k7JPM>mUxmz7yGjytrTx%mX_SX zRYX23wx?5een3VrdG^=%{Fx!--}PR8onF8^DNBZaWwVeh>?qPEOT~w8)D9G*K+f}^ z0topCbh{qFZ@sMJgKRSIO{?$6v!G3=rJCZV!Yg`BdUiO5Ka2C0qcNut2F&T||E z3Ft!nUciCke8@+ge+(vWapH2wVi|3rY0fP1iNyO!6cv>cRDJCcJ5D|)y7YjN%(m~i3RGFjzbH46U# zgf@Ploj1CKZ8WfI%b0v^EI*ofk(AEVk@ETRGDf<+rTdF5h;4{+G!gkWz}G6W&W4TR27WwAu9K2Yh%hU^id! z>k@HBKp0n0ow?7LAe3tnA9hxoDl#BDYuMsuobVtaco9z20zMS_($*Go?kGYf?ah_? z>Y5#`K%PHftZq+_J1$FlzBm;L<~5PY-qC7sphAP4J#f_#MK`lt-EF3Z5EPQPx2N=; zHhZdn?rGSruSgj^<#(iHSNe1ZD$NHI;Fq7zkjeUhB%2qWG6a0rnZXRTe9C93px1L0 z-RB`6XLY6X+qU-*q$#gtr3~>!pVQ2v1d)25&RMUJ14t1-JR+v8fpL^Zf&dhW4|)_47CC)qJn& zF4)Hg;_LagFd+OB-{cEJh&aXtDXz#j|2avw)4#jQ|Ho!p#}(xKhv*GcfJokrae46R zI8kSo@I#_MD=bVD0CPtpKFbv{cLFx3)^gS{3P-NQx2j@7Q}l9rGSOxX{bZ`739V*{U|b` z#se4D8D?2uk|+;S2cTp_m-WY09MM4yuGOY+^3poGYiwOqcWcKGz0T5VlGdc`KQucB z=kovC*7hp+eLO zFY=b2e^_8`qNu+Z{b;ir7DNa{emMNfI-y}lu@oijH24cjW*{QfjiwMdS$>@Y;L!s= z?#ID7_r|%@(Sls*4|Z+Cc32$Ck)YCn^ivC@A#+7;#A6dI)<$&GPoP=0@|Q{}SCKzP ztWdUL6Gr`I!!8jM!sZ6Hgt9@He>xAZ1o78QC@T;aK0kmFX-T%l^fe7#I-N9ndhUhAt(di4^Uwn zkoH-kJyFowH=G??q&K5qKRM|NeNGD!EJi&NiO{_df_XQh=s~oywVub8x<1)( z3>WNXthwH_O;=~lMN?sUP(t5~i2f+pe{afd4V=JYh6+z73;6+B#LB}QKbMAm3ce6L zt5e6!F*95@pmFQbAFt@Pq}XRx)ztOvRF_gsvMO_FRRz$4w_E!Ok)&{n*Whb+6CG|% zw0W9d^CsZ(kb_qy_&OY4_?SI?@XZcC_0yIItlv)vnV*jto~!8w({5L}>hRLmIGgI8 z5YqQ1PqMg6r~YLyKl6Fy`Jz3JBKcCF_k{ZLR;P8^|)d(r(Xzto{}74axjYTlevx0l$og zx(9d76B+8_tG!Z&?rg<0>juGZAjZ=CcmmoQY@0E%8Oh-fiOMwGokPr-j7(KQ2T=h!+XZUyczQ?;ofxqyuJt% zfbb1nJir3&NjEb>Xc7Ej-TI@ccqK$b@K>FXZ%xayvzD>y6>{s3`$nMS;3rgs%7q~V z^^sfgDp}Yg=6bUr0GB{*Sf#KY9ub)-PaLRkw^EF88lbSk7~aXef~ighpk4$`R{9T7kb-?xCLj5Ij7B2oYf z=y#|4VKs;%ZG`F2&-}=(#e(41-vK|rc6UzQ?eYE z1>-M^CZf468Ca?o`qql(N>ser=`woL*;tEeWIcP&WTG{WF^Jpp0er3L)CpzX+f@!e z1D%s4czYsV8O#gBHBY320z`>DA;?<3ljA-&SIKq>9su=cX%PI%VC#pc>#hTxAuJ^N z)xaJ0^;ZLq+~lFZzb7<`$MEtMsh2nQYIeO36=i@c;e%gZxJLQj2{ z0837`N)Pt8m30a;-|gx{yf)V0nZ4(H1Ee4kA>hWQUl63xYIaKt3ep%EFOpm-yeJ=Q zl1Z-4?yK~B_J}nlDSpo6b66mnx*GrA0E+v zq@^Wa-(W53v(JS|`2SFLjzN}gTbItPO53(=+qP}nwr$(CZQIUD+s>>+b)N6`?fCAA z?$g~7@BX(VcI>fc%oS^n^^WI=!)#Jn5F8-r;ngzsIY*}XWoeLyAIdkWPekq50fcKt z42M~9dg1iBEOB>d$*|>E38~V}N!c*=myq++fuPIofQI$>E_s!s81nF(ZX5DNC1gb8 zH@?PjfPe%}80&^1HIz*eR^D-~d4ZUl`7SU2xB+_=9t>)O&kCp(r*PoMu2Tl)mr&=% z&;-3NXpVg6Pr@QW4b}q);f+!ilohLCT-#ws7nIT4uIAnR+(;@uT1lf%@}Mh-(?~^q zD4Ed0JE1hcWtu)ptUk&mEaeKo+B(1+>3uz%J^AyiS-nJqDE|{v7q!vl9gK8U5&}mS ze8-s=f#YQu2HTc+_s3RI6M`Sq>yLy2der!KfcUpasBtznv4q!Vp!S4XVT&tpgfqYl z_pVXaalTUfOwm3MF1r~U)o#}51R5{o8%q}({`GXqpx;TW{%iy1`vCDLa$Y&mK&i)- zxbUV%aTHa=AgVEF3(S|bu0Z0{dFyCJAQ;)G<_JW?ZIHH?0FlG){HP34pfHR6gHF42 zPnQeCK+@cumax|3ZE}t$<17XqU()t3aXgcB`HX$W+$$d2!R%JOw-MjM@TSy{Fi$f&lq)aMErSuFM z>4x1Op7B3Fr>~A%h}%*HX=?nw+7M#;8h6pSFi8&D?Fe#CG^CRoGbl`%l{1inY1Avn zgBheFDzZak@f0qT`v!Lak9cK;-iU+lCBctUKl#XdH~8N`FpoxkP?Jaxz8$m>OR&*Z zxR_dEtQ|hKo_XNsdYH9Q4n5q9-Dfq>)?k_~3l`o2!c4~PEdyGE9BlM^i=6M&Q_TXC z4|Mw%YMPpR4mme$vaXEYAR2Qr1U9$$>3;Z(Xw`xGCWG7v*%K5J*8tQT2kH%M$w=AM zGpST_+6+nT;P9F=GASz;9_hftR`^}lz@RBWakREvzTd;HKf;N%1DFOmt+c92!r9jn zjQ0joQ3g3rNDT}b*WF>y%1PCtv&$Q^{{2u{og(~hJ6ap}pJ%X7&Qo zE~v7;03x+l&paE`uyovF6W=N^D%S)J;AOJ%Pvprk881H9#==<(xtLt2pXy_P-8tR^ zq15ujT+{s}7(iu+`IX>x+0?Cf-A7&2+tR?P)0X=9=pokt-FgOK+%zRw)sBuEzIR}W zA3GsDym?!G^@2e&gDgT&0#gjn9Yxu0}RYJ=clKZ;Q_Rp}M9|t3ya5<~AA>y=`Y4JrPbn;&-NI)El1E#qq$yq4?gK8?-7E-jO&T^TpSoGaRHVyu-PQS?ouSvCS0OX& z;1IOKmbV`CAzPE4LVmBOespiDKtl*$%~{+H(Xs^>HVHkkiEwTK8oc0dZJ;oN-Eu*) zgJxbJ6SwMVGD94YzCTG1Z1drLVNLgO^_hFXQg?IpuzR3jcPZ<@b%RH5nO~WE0DA{n z_nbc%yJBqzQD0%O`dq`W{)DU_9>4Uz+}VA=iSCK2#o!(geE`W0$<~AL4kq61xMBFj zM87iUkT=|F#RsNBET|OVR+GTmB6;7M7SR5pfEnNnj$Ls9iop$!e+?$<^Im%PLla|T6FQ9OHwYU;C3d1l6&yCQFH55diA>+OqZf@r zDh>NlpSA%~W{ud)9l4<+VQpK~!du$ns<`=Henne;#bWVZMz+8}A)@glqHyv=0nk0h ziB*oVgfNC8xKBKWifmC1kwDEL`KVl4sZZoLJLFqtTmjDj9^0!TP1OH78+=$12O*fk zHhI07S*)P-TYem6QmJ8>A=#>4idd6MQ9ROk3{F$I5#_qXO)WcLV{BmpB~vMA!@ViV zh*n`%R$-xOMDNbJxga6*iR(E85Ht_03#$0$+3mK z-LnoiKe*)i;V?gtV=TXeJXh7|sz36Q4djgpND@duz7ex9&{8diHtAT+gl}w{5VW0- zJ!rr>^c%>Cb{A~FxQhTs!|$Hug?g-ua&*xU9}EooZQ5+Gjqae6R|FJu)Yu4RvlOJ6 zBb~C+s8q3UxT$2RN;KtbZ+LOa(6?*Q=r5tKUG1NE%jm7DlcE{>de7hTbA837`9O%^zdPZg_NGCd8xxv# zLrp10J`QKx5EAM$fsYPPzQ|);uChSnHL35cppuS}d?~)`#~`nETxxSVIm5{Vm)UuA-ktX@laJSo!#riY4r%yx3pIHfX&bmuz+%sS<_7zl%XJXW2wCcx zt9-?cURDbpQFZ&Ld0TxNA9+l;rQ!aFvk(tc|MW$5xR1=cOD8j=N&?HvrN5K{n419> z9MxoA`gKuy7tak2Tf*gZ=N=rxSC{oZ&cbrh7jJ`LZ&z}WSXX-`wNT%=wSl)f2&`jo zGoMZ;ts(6cv7d|s07rfr6|%wTTu(1j`;C_VN~)q z{oRmDJ*Zx#n+GYTe0on5%N^B#h!rf~wg0@3tRr89`<&`jsGu-46e?t%9959~z7ZOw z41NX&G6^{E6mq1#e_7yn7>QXWU`m*X8M3rpJXpUn0n|&R$r{;Ap0sUnnwkt=RZ!_r z>>j&4O&7&X;LFh4ZGIaV4+`pF>OR7&h*pGxR!B+PkM~GQa7k6e^0t`EYRo#VtuVwP zjVzLtJ@I{0HqosB(#TxH>^5k^eV7GR*L~=H94*q71MGbt=}lBV6fNPIUlIvVI9Wdt zmnjlf)1?yaBT5h^eV2%j-SQ==R*Pwbo0wAFIyn^W`;6Ff3TG4;#WGqA%2!}Ox*%jL z8;2q8hj>Clm)R|t&(di30G(-~FP9N|a=C4UCY>vn-HWQzV#g$QZ%gp-y})4R?-j5% zRqyCAR4Q!sk^n2k=Z+uu3t_naSfW{zfcHFvKiEV<@+3>r8OuA@I2&z5#^yc@-LyoU zq$h^4m?B*P(<1-TLuPahL$z#;;GHI0;u?Uj^q&zIb&fab*-{?f7@%5tW?1f~;>#S{ zXWloT3^?j!%;L0ejbx?j)b5f`QR!p0-k&`bj%=M=&^B?0N%lV59NuY?){%olym3S% ztPii({us0n==0KxJ`lG$T&LlQVqIwIejT$&k6&Xj?0hY?QMVGt92y1d95%Jo#> z{XP#i`bl5SR_jj<=}%qlLs|}m>eta$OM8XyO1_};#L^C$jtuoM+;|9>-4CX*@hJ#I zf-p>vtB{7{1%EBGtzrr>2dSRT?y=E5dgA9{)G-_}f>|~? z&mT|NIlO&yA;X7ohl9G497E3RC&dZiH-Lmf+|&y)Bh>K)8i^Fm*Wv<1-d8Q+eGbs& z0@lA{%A(G}|MEexfuHU7-e(O;-ht2Xft`&w*)zWT(M9JRn}11qQx;WjFs0A#DjQAIO%9Nu>9iPP>+lED4aV$l-Gc3iq*? zlyiw=hb~Bg6)U4?+`<}y>Gbd$f%=XNiIQWlg<2LTOEFB1gBtr0?SrV!5p>sRYSfB6 z)oY%HklVm1Z@Q$a>d(3~Xqr0^a3JkQ4P2iEXCm#FL8T2ThBOslaL}8;FQZ8BpN-U4 zQY6W{wVE4%@r+lDiTc6T46#VLm%5$OzmIKGh0v@W%KWSygfgk-DayGC@(NY=d5N5# z7^Hdk1K#0V0&9O}9a5W$f&VNH&}V=i8Fyln!LUo1vZF2>Q5T6e z20FhI`^j$C2XKGIGdyd>rDL9(0!^6eW(E)Ff`ra?HGrQv5xjXcuffvfm@`s1MZnsF zYBXVWO6#~Qmwv(_>u@m7F?WElSa#|+4+H8Ex>44hBj*WO{sWqTM^+*n35QErjq|`B zf!~`Z%V_+Q%YBN4y`O=R!ONVU-55dqdVq^vTa%Suy%`1~#7OIpBU+2}3|g)Z8xe`A zV}gIEEw|ur_us{!H0^YB=AZti2^=#9RAabD3QJMko8_@Ix2C-srS(AQ+G6%94$)C-&eHLI)+- zf6x@{NFIr)kwWSvQUzf*pgm6@kS3nH-Ht~tK@W{Eiudn`5yQ5l=sYPJygMOqXD&%A zk?!HODJEAoZt&>ip@B%gwG@)MVSyOsserYV zl6q_ymIe?~$8^L1O;v=&XbG8OxQDuRYITYZiDv;7^_~5OOS={?%|eS1MW9ek9VVNL z5Jjd?O;qc-p3oG{xtUPgbZpPY#~jJ9OZx;pP6YJ>-`he{c%1$w*82q4#W<^kMc;E^ zY1|en3$7OqXNBtS15!c*?e2~XqrmE#|8i6tukqSfl0G}7>3bKw`>_TXsv7iK?L-)8 zD?>{-V)gk(!_+7wgyFpvf<2As^tDicAFE^zW%J^8Pw`6JJ(n)Yog>L6we0IucBYpO z#(BU142q0?f`6iPWcVhl=X%dPa*I2nBmaD4Js+V?7mm%9QTmC+?rOgT#sGwEONudZ zphdX&{R$PIQ&($ht*QV}n#Hr7TpjAW!xiGhq!wa^k1c#8MB$!AWQ)Dl z2B~g89E}n`g1zE~ZUXP|zm$J2!&`72mjM@1+myU#E?a*@%I;g9|G6@0;U+c{q+fWZs+dAP!4C z6nHq!7O?aLf3K89Av*}X5F2^gszWnE+yFBh57;F}(_eX{@KFx6@9ltYlOp|E1a-jJ zfS#Lbx@+kG+Cz!k|8ivbn!Y8DvP82N-#HBM)`mut3s-zEZcl~p9uO5l?hu?tts1^~ z7%R+|Lp&2_8hLb&W#6MkU6XJU(R}Z9=hwy8G#)ub)2_mWPm3ap!2Cx?hbAXg_4|#% zW!n` zNzg-5r$6mmd0hAW%c5Tj&`Fuf`CA1sahpqS=!&8bJrmgHLT_Oi#JGx(hce4}uH|vx zF=@%Mm6V5w=OAxI9g5!zB-bguL?d$LBHw9Rz74r_UAuIxyL8QaKi&k@PCA|B*(~7; z@_QHT`<;3Ai9U}_;`=bzUA8Ai1~SiZ(tQ5y0v{Oliny(4P4T@K1yRK_sfr6?-cX8d z8p)}VSn5`htPtP&Eew@6dqaN-mDfYKC)q0*a5l~Ad6}dj$+1IIQi*<#<-F`NrUq|{ zCd6bI-17d7aE368nwDKc4fQg?BXlA9MW?iFh+HW@CrB3tH|x`~B;(n-k#zlN#z72I z5QloFS1ms9cE!*{+$U(Jq3kljM`m4J*uo1|CS-PbUH&hg(^Bp-V~%I5%Rqjk1nAm1 zk~Bc`9lrP@jiX0Mg>6>4Kq@zCx@d{s;zTstN0 zpWjA2RD+(~a1SR;fBw@{j?;+br$wVd4sIHDH2Na_=Wh$U3iI$IYh)O z7V;aLJm>;(y3SR(634bA&rh5;%dzhpHk=PwQ1QL~0&kkBl8iGYXs}6ZNQplOulzFi zd09;ap9nXZxz}>ekH5Ka!q!3!%V}maU;dXLsAHw?h7lijH0lrJUyI()RIKv6A?IsG zoQhvt9eawaUKQ&KNQtejAGj zp2ufU*<^I3r>5C3)uVCUlkpRS`_|4wM=Y})NW%8*2V->3L&xTxsH^)}0L`OFE6h@R zv}lf3F8VhH=m(DVA&)d^zqIH;`!cWbUzHE$tb9Gv*L$2zx;F^xAIK1go^k|#U_{4Z z$EZKxjwgHv4BqI4#^^aT@wKXev`Udal#2VSDYCOT0=2kkFXhtfRE_%~D^NewkNS3$ zY+sd*3Y6SW<-O@Np9cFULIst5u}VPn!a2|;m+G4YIN+^zP#XGgHObnX$-F&zOU;5)LJJO=rbFPbSN`Gjfa zmkw^T4kb-?FCBCqQFO&8sbHr;P7pt|#mJ8%>Tuf* ztx%*--hxO<9@s8{B0xhK3Q+k6wFQ#(hgq9ew11}AqK%5^z)uUTOO=B?c4wrnf{8t8 zXDF{460`es>-=qef2r;}D&;?g&9tOdJ_XISL4~`p8t)Wk!P6S=CH)p{0+u^YZRi=x z9xH=)cE#I{(To4UaeiaVk-J=@;sNA=)QL7=E@tw+KjRUN{o|&`_N>d2`+D zchk@O@S8<>?o-N@@LDvn`jEzSC|?Av4(<{_AiN}P9rwMzaAEhF^|aW=b<5Z=vP#LV z34NTte`sLxF`s3Y?x4-?qS-#lU3sf(c25LL&Lf%MHWE`rHo}k&_BjVaD=Uc~s|*4U zs zXm`fL90<1qtFiofjv?TMn6A=`haL}Nni&2Juw2YZDxp#dy)@zBLd|_pjRu3mAZG@t zL$@ms0~0yh1M*-Ahn^VL{)EV&t%HYNW|Yy5UTCfoLYrj4SRp=yt8R4_v`;E+zA|XlL)?3%BRZ!;B5gv-nFQg zaX%Pd0b^3(!KMz}SBn95BAGqZemAFikS1u24?6nSgE{IQeuUPDAQPe$Eqk=P=+V;e z?oyqtzmAHu=a?5fTdRM_gH|vPx=hFDTm#tqmL6xBml99Exh7uIpP%6_&rL=nc{gK} z3!0Vhq>%$r>ScPLYEiiD9sn)v(cecsM+zSY_7vU$AnpnvzFMnE_!x3Fbhn~b_}D4O zg)*Y2F<=R25e%8|%I01667F*I#zNGd#pC?W{lOtDXM|(emZZw@PG_70S_Mth> z5|=#6xrMt#Xn#ao{LxMMex##HH)QVZtf@SW80wg{iiYp&9OL5LH5(N>wfAM#Gnfv7j|l(_ z4$Cab4{$YWMd2Nv!_A52Pu3o9DPnM;HQWa{d%@>dQ7$=ORc;@;bp zIVDG5GM_r#c{hK`YH80dCV&5~=;^7cwLQPk?3mp=$9~G`@zvGkom-84d@}U@OzrV0 zsm-mVWgh8fQ=$#Hq?LPBb!eCEi$13ugLCP23sSjb&incSV2in~8X@@le#_j<%Pq)l zu!<`-$OPW==jUIsrSe1Rh@*S}01vtUonm3|H*D5FfsX%$&5|-VF&1<;v@(`5cXTqg zF?RS@Qi693Je-*ki=%k`du!`*`xXmtS{@}-O7l`C`Y9j2s*gW$ z{`sK1{G&{KV6!OhS6TTxhL0eBX<-`!Vq6XY0C4mDk(2xhgaiNv1_tnVE&lJJd;d!d zX?+`g(|=1599wTQzy~K}3f>s(45Qa-Tkk8Gp*F*dx41~-5_C(gLhU-y> zB(r#Bj^oE)f@wve1#5QTN(d_$NpE*1j|Xw{Gdnk#)Sxs zA|v_57u``0idTcAihx3NZTW^30%g5O9@5zUT{IJOFk(|uQQD8h)9)AWzrS9A>|z^% zs0W(u)8kYs*dd#J5UWgA4mTn}3r#DxWZU(Qq9yIb(5MbOk%E`f)4FH|IPvRas-2|T z+T3g0soSZHM+~}#_pTuGbyY$*T?Y>SRB-fjmP=Z0^&G^_DVvx>KIe}f<;D~?XM|pF z5}1$pG`(9PF&jKfe$)v_X?&q*GbdzZpe<)+BrAR-q2~W`w_fXPGY{osPB>;|7UD{{6R@i~lGl6jRLB%IM$4 z$N6Nt$^!xdq6uQ-0zx7Jvi(uu^f?qTbQq=dc^JX;xzv>u@G;ee;C=GZm9#LGu)CDC zbeQl#5c~1XlP7QiK@kD*uNrC)`pg>Ya`OIDM3qNH7%1mq0iFRO0%8p%wbC2njKH*o%wJMLf|4IK?V4V}*q{1jgWgassSbPb)& zk01&v3(p>e=D$<`Py}x){{D{?|Dl4(|3^O(GBz=Ga4$WjcXNx)K0qP&pIiVrg5nGZk=@B;%%@kwA z6q0UQ?ibgYhb_clyIJ_8HSoWd+3=lWVYB`W&lc%i=^EV0vqZR|jciWt`?Onw(jVZBwqr+r{c@=DAzUUAa zJ;||or%8WPFg$H04%dby@Um@dUTdO-&gbl z$@1{ysr3l;IFZYz)I|6Qw$FHKsQjxaus{aLi}3r1`;Pz*M^eABB%pZXYm|NP6)Aj$ zOGFxz9k(J19R&F8;|(G#fOO(Uw13ZE&c70)KS>l#1=rb3ypa_Lh|Bv%A^i}q<4sEx zZxph?6)vt4T9L?&=RQMxEE!cMFCZ2FGu(nSjEa|>{u;7{Y9t%{3&2h~DT#FJ2le>k zB_g2iAJD%#?I07(OVfAi-45`7-bo+}SICME8uTA;`r>YSr*U`j; z`{CjxHW%O)MW-cySWh)GDpG(*H;yzFF@}P=Nh!v+492=`T<=0a3V1en;?>T}A6(d$ z@ifTn%xGp-cs_&^DhAWV$d9Cdz9ht3 zBdbokNU2dh{=y@bX#T{0;fgN$r4p}zg-?oQq(PQp*|My1v^aCOMuLOk%Wm^cv@JiBtpFD58;+|(h^l~{ zX=XLpHUDV8%sON{%nm?LJJ#K92-jVoK2T(yAko9mG%d~BpkKKIjc~p?kv9vBoLBum zeWz6nlXgxzloFzr|KK8(c z#04*QZc#HqQnbZrwELmSA^0@tQ&UeQ?!XN=_U|hjqnKg+8x*DkKH&ic&rEN2Bj0lWk&tpzpuGA`a-oM{R#H}-n zCeW=aX!zhf!x}HS6oMD0fTt0rjl8v`g?COMoF~raT$k~Sy;zU!9NdEZ7rj3-$l75s5~#(Vurtuz zFfCH$E@~M@vuoBsKcQoILRFEfhJI3AOV%UjU(sjsS^oZc--}QEAF=X(-%bB1R{r0M z{}-0vU#%ls4crS$8U0VMRl>RziF8N4IP3-qccS#dQHit!vFIYmLJ>w)D@>&kXnX zhvB?8qT@5#`7Vz=okDn-2BVB*f$B7IO4&K#KKu>biPwq*2n5`@9WQ*?Bp(GyYmlmY} ze2~Gz!O26!>jy_FwwN)iHpdYLA)E_>< z|8SlQ>V=C0%Azr#Pobk4V^$@_Ur7K(rx>5!3{7Z2x`+cUQrgN(g;I8A|2kx$!5>`? zD;s7|AR7ReofK^m7?P+mfO|ait6)zKWz)&{1__E)eg-fY;CJm*cgR z2?0R=4mU6~5)K*B!Zdo=NIHw-ksMlQ3(cpJIA%I*$}7ooo2Cr~9e0PaGzDv;X-<4E z_ZCxFqL}~_F4+DBmP$_glMU6<-Kxs4?0G8jclOo{HNlFaGGDuac;>MwSbI8Ihcb6Q zar7;U`f4%1dq#_JUnbhhG(a<}@l=@e&lLwcYl02-G>GYvS-IDGc_C63d9egrt7U9( z5qvZv-gNdjh9tK(&3Wh_E5mR(fNGvv@yeK)B@5ypyjF}8lJn8jKRkpU4JZe*too6j z6sV3TI)07uuv;`O-5i^>hMyjo1qP)wxe_4P1@2v<^Q|9W70#t5!ps1)6lOvCHir4o zbZsEy7((K_rAD+td6M0Pg`k>HkhFMrUAO>v-k|^{gn<<(QQRvqyh2Y`&?P-Dvbe5f z<1u5X4*`Vbd8lpBCYl!})JxKbm=$9tSj2UzxGPs}QRARSgn6&Yb_kUyl9z_8*_Jqt z8DXO22Q;kH#*WP+p@-;~6ABarQ6x)EboH+RQFpQH;1huVP@BNi&1hty?C5g)DYob5 zM=2a-2e~rMvRXc7JRz+r)u*iFXreM(v!O|pyicSaVR@?pXp3l1T~io0DeZC*7EKsZ zb-tvDros`ugOlpSJ^AcHmb#Dk3xD5ZtB;N~kbav{gG-x@@-!)<5NcAZN#5E`O>uA{ z-E#Si>h{1yp}f@9R#R10RCTtbJG=U7)3f!-5wurvsMC&88pxW{gQJ6$fy$}PEVIgz zd?KtR2_tgS>DQH#+7<p1MLJQvAsU6|}{q7s=FS?HmgfXw-xi#V$b9AY?GltfnnZKY%6ggL1f1{c9T*$vq6 zJu*4DOz|@d7ydrlNZAaOIEQjunw5;ZHr7i}*a226TJ&T>hJ@8h)8`UEP7&E170H#x zzFutyWjUIIB?CG3;V1~*_~e(On?@fv{Os)nFYVxV&F}$|w~_Ngu@H_78q2EbtvcXr z_$wBV?D7g{+y2Hb-iuW$iH^bbxuOoEn-Tbv#O=7aqZg z>rw)J!CmOi={B_eF!=^v9XxO~c33;>rWjM0JvHQNQI#yT9GV3_oEdjQceD z7Hbq8ilei;E$zxxu&r9@y4kQ526#Fh1E02O%65jPR}j-3SYwlBSQ*h33l1^+b`oxd z+ZNS*D}ld~v&+?4J7ZcqkdX})4r=p`w2Hv)N1LL)x0msG6G>LYuZGe3Yd6!;QwWnZ|7OPH_rndGs zoV0SaYGTuCxC>$=xzeb0XkyD|>WU+dgl*GXZ>AKm7ID@wG8-C`cfC~j*?6?c8i^-y z$lxmdd4@N`Ey~7}w*l}F`gFD@7(XZj1ULK6r-Z0?bQ#5Pkw`*w^Rc)4R zw8aXUCFmcV$_9~EQ0DaAU1`*ibw^ggeJTsd(bWaNzEg(gMUkYdco_4h6TTZ^oS2%XgZqcjs?cxx!ft5N^GG%mT5?dosI7x&RpTQ?Q{KbabI1MCLoG-8>Nu zO&`rhn-RpOxuL0tq3R0A>XNBN2jJ1;3&DU3{aZOE|6>7!rhK6FVfaAE#0jUbYz-mXIj;kC1xDU)^fe3P@t;tKjOZTL*6?tBME&+2KO0H6=xDi|5u99R;v zN&5Aw6BJ|iGL#8KWt~*LCsrzNIGP>NRgJ-e_Ye@FMiUE~NX%C>HL2Ak`M$%}R3OZ8 z0n>x+9VhJZky()`V-Zk7ixgP2?)c2K%-ph7>?*OmAtT59(W z!CzjQIISG(?G4&}xTnLpx2Bq}AOQp0ic^C$*D`*T;B#T*H4_CAoo#5o_`6tZy7fbX zlf^dFwa-iUwrVH9M&+1e%|njbICv^m%D1+YE;Y(>M5yzf-|^V^mnBQ|Ep}r4fr)J$ zel!uFn51{lKOXB!LhHRCSf4>{J+NAlc!D>7dq;aCy16>;AzfeU%CY%($^>O#klcO! zh|)iWPkOpVl}3D>3omps^UG?4e%UzI6+DB{k`>+IvlXdFV$}z>DS7P%##Z{}Vb3YQ z6T#DgsT;y6<;)WIV_N9b^&^nLmwcv=_l`DUH5B0kvv!VxkLypruXOWE(ekfA)jM8+ zK5R|Moyt?V+YCR!TKVz&bob-}Xga``9)SX^aN$1?Tv#iYE^FF4Fory`$11E3__D_W zDu+i`CatYE#5wO>-O~}}8;ku?w<*i#DbBp(9=k{lA8vEkkeZAQBX{vq$xTMw5)C+$ zgq1w6>3aNVwUbU8e7G2+n7*wiE=ek`8fii_ zY<~1*u4Fw!gRB>60fGGbFRmmrv(~UV6ac^v-2XoJ_XjQdfc&5wTkp^EQQWUFvSwmUUqVLOh4O`36ea>NgDl> zCCtozc@Kb(KC?Zv_KJ61((JiiP@*h~e!A;svWMF8d+2kqMt)Xo5-Ndu4$GfoX0w&S zZTWVg{&FZaL8Qd_jgP3I3w8FZn+zVzeJikvS2*eNa;;p?a@}P4nSIITuklb9#_zka zZxP)8V`}<$=Yr<{L8fmaf~}RyzsJVi^3pN`a&TWDkjP6x(5_{eCjdjmHDMr!KVnw_ zH=AmwDFxc0K<)Pc*^ulhzGJXE?NA<4ZF|zET-kj70Jx0^hQZ)dd_+i_UzXNYr&7_- zL=IKI9c4`wQ8Yxq!U5{1Wkl~ywITP?D%4vFoXP?SU`W@DwIFA*sqiJA4h7qj>trRr z)g;{+X5tH|Lark`SEqa({Y$jbb8n;dZ%K&0=W73FyNBif zLo@|r({K0d-v!pKFex)g2bV={tuRo@+t=*cFhpJtTSBN%Hsbn;B|pMi|T(;81z_jqXSueWZ(Om2j4P53iVYT5!QlraEG+Xj5P1Y#9|GTSFM5RUcgVeO!i4 zfit|g5CVjgz?BSY%-q!XtkOgpq5(dHU+_Ad>0bxJ@8w9~4|i2xffCB*1yM5XaQG?@ zpx~Vnp0evBzrApY?|-NELiageUBH2fmZcIt(D?;=&}^ZEvf0cHiU*dmS<0UeaHV#K zM$-NzZ;3(G#QV2+QU4+D-)9e;{~+(bt;GK+tNvdwnZFI8vg3RI(s+b7mBnAqjJ!$A zI3S!CAstRIUlI@;iN0xWTRL`$%$Z`8--2=vXGkKm~&zfkBiZ`hvFpn-`7D2L0vS8RN%U z%#(>qefC&TuQEtJ8C*{UqyG&&$C{>J5NSVOf5pJ^|PT z3GeQ6jo}8atJLTY511A&!;XFKYW9^xR;(I)Y!(w5(oc#6C=K^+g^jW5!?(pZ)arC9I5c(imwRk%#|0~vr;RmDBctwt}Vd*L7PsG<6$yd@Q zj1#g6k|Q2$F%95BCWJ?TjkVWZaFE!q`I>&D6?$U&MRe_~nYA!*VT>DDpP!pjO>uQB z$tc=a(#^sTw!V=_CSvbh?&LN(9}?Z`@8O7CY$5_AgAr0p>0C<21-S-?XxpOJSrS%P zRhSzFtkUTj2_3g7W6NWf0gtzBnOYfceg?Q50m8YCH+r!^xsPQe-^VExF_N& zGPmJm)VE;?4`PuBmk3aAtVs|A5`fo_27fp)uok1fkrY#0&n=Vzp8>zNKBkk=a+cBJ zw3E$(hCC9uZPMvu>av@^1yh1egIT+qEKV$=5zr-9ql4^jSVcbO4 zCWGZQsVpIBRu|L-r(2VUOldaiHl8r2QQcRQaFo>`(cd{of?t+QZ=)fn{s&9cp*i5f z{wKGI`S5{;yufIH1K~_eo83t?1V@ng{g~Mfoj2hD3HUrEWXU6VwJ%BHqLyQ1v|8vB z0}ELja5lm~bBVYd2{R|XwPi?gW=POec6ns|^=x?x@{NSDDDSVZ<}k8T5m?8pb8LbaygC2I&4$ap{FOkjHZ&H!oy zffIB%Fl-;}rsLqB9fU;z3gmJ0%FJ|)0RRQWviR*BT zrnLb@Y7iSGlz0c+2r9~hmlS91RVqpJYMOQKq`vnW?G8hxz2GeeAyKyghD{$X6IJ{g@no{BOVg9(o-bWfGi5yO8YATEd!1ZkSzo}_agr&%x#gbJ^YfhPsJ*~QQvmvwu4bh2W;x{DqEmDb zW>-*ljP!{k{T@xEgN9YFn#nOwST_Ss!d%O437pJ6JbEmJ8&s^M+LcY!nAmFOwLSEx zL`fSzi#R&kYt(EXnGiXMSU5E3 zgUVDi2bu^3k#_ zIRw^&#Dgmj8)-IYS*MIpiQBL@o;VG~7(E0d7Vd?$=RE-`P9*!Q6zisp83)AAR#0d+ zM^f^%YciAe*{++;Nv(D?iWDf!gp7<5&59m6trzQQHl{wRS}w^y`1|c_Sj*dd&Td1b zwaSa4Fejm$)n&ptRcD5R#AaH6ClgrQsP+RWeB`$D$7+{}XyfG!I11TYG#I}6JZjm! z_3FBW0U~=wZX9fMs*)Y<8HhM=b%~e^QX)1U@1ms>&i_vXKz&ITRClA_GU1ADQ>a% ze}R0&%`#$T?|S*&EXO;>5t!o77LYG+N7@ycqEHfcH=6m*!=uc)Q0+Mq0vCMrJ5p-Y zg^O;FyiK!BCWk==OIg1|8D}&ZF%@(RUC{?)TSe}yVQCfEfMhutFxy)SkdHgb! zzjR8{Jj2-|UzHiw8R1%X3oa}!v-HBWX3+M{86?j7qTfk4t>wmUbs(YwZy&XFh;{u$ zaL98-B-z6%ZsY7Oq!Hd~fZOl1gijR0QbUT*ZV7E07PKPRpK!NIK7HbxP2x{wi#&tq zD}m@kndzFyMy2`yswKWtjCs+5_i$x?9NVAceaQFK3Hf!%4=Vh4V&}?y-Vd>)2W(Lo zNCCd2d;28Wb^Sx4mVpxE6()PMFW>GrR)|K+v_8=?HV<8>AT{SJb%Q0&4WbH`#o6AF z|Me}rFMZYhg&!SLR(dE2f*kIpJNirZ2*m1#A%bElQ4ua2BrL2;Xzp#X=R_RLfFh4T z$11;?&R(CQ<7-@+58F2OR~YS%XZZ(X&qoWNW*@&9qDl7P=6NW0vVmq%|2X_5HIUX#t1obj!xNK z&S>#wlj!b9Alx8FZ*kY$LbDsdCQVisb<{HMbUz?^O_&tg{C46}fe5+7SYMT8-`IR6 zYyA`*E9L(1nlXSFo!TDIoVc^*zG9>P40`4M(;Lp~A>=%F0JhiblJPXWNQLD9{B}+N zOBL8gb7N}3#m9+TQTBdhte|lX7pM91KN$N4;7ZUe+}O4|?%1|%+qR94ZFcOWW7{^n z!;WotoV+`;JG(pccIUlYb(5Q_)UBH@|M`!;^PQr62L2BfzWwCK7sSmjOnJ=_h>j?VqAK7EP)1kc6z7E_fA${CQ@Jif%G&Q_^{1yaVtvBYDLjeIzq5Nl7 zJK_7T1<17i^`Hj4`d>6MSyN|c0BzBk&cVsv!PLpc($v{hxi2=80jcYdT5M&aIyq4_ zuIg8>nPgOZ2zq?AQzRZ%xN7Y;+i@|~k1k_ewuEtT!-J{Lhl3|G$A(s5uN=<^A!Bf{ zKu)4yUh3nNiPdNsBAb0eDzjEJ2i$`-?mT%FLU6B6m08Jh>SBh-PmscpRhQ6}isAS$ zg`lIzx*w#pJF;M`_N5T$O9T>lVs>&WL#)wCZ^0Q}b>%y5T-E`wTt|4Ah^osBs*ZEB zckh)R&P;^j0aCdhp9Bo|_tw6~{>r9LlDyVLNXnx=Pa>m!6wI!?itFS3sT2@KTlz84 zF@vyK#|&j@FzfLZ=uyqcKAhR{^f{GTQSMQ4?YFDIh(*+IiTDv#6Ji}=EwpK% zI}B7#x-8UjOU^jeX|C6{B@(MOu%n!8wpQ2&NQcrMaJL-#ebzcYvhLuWp_&-vqImo9 zX0-r;{MPV=;O=H5a__h|jL-7a0!}f*+uAjiXgd>CRT{bltP8buo|~x`b$hJzlEoGf zi-asU>{N!z3xy}G&D4v7jRkowKU;k)5#QyF4DfYHkGB&fhQ`tc*nXl}HitnjkLFkD zAX&+ES*gvda&R+=bJgCuX~Owmd_Y9ejO$C7xlrs}Ca~@R!)$0yK!B1sFLIMwo)`ZR z(M}Lq(id3@k|?5A#Lyam%GJS)j#jduzaX;-bUh0A$EI1jZ~aP~fUx}KZ%GJ$SHqKY zwXyl{bUtNW`vnFx-s#n%Qy5&(;o+rju0>lML5X!~Ly(vYU|Ufw#m)8ajX6r(QaX*f z;3!ZLkbXe?Fpf!~N~~4SNH43Lhd+0{&o}-3-a)Q#UPLuC9O9{o5Hk(;GyD&#XH=Ko zX1g(R3~Tiz$)+d=g!c2A!a*?b(WEtmBDN*MbkiVzo_~byK5n9C^b) zH0_jQcP{x%61w}9tpqP`cnd5a%0mLABSq3mUj+FQ=D~?$2|+7Zo*ldSpby(lRI-4D zdZ6Qpk{pWom1<6YR8HuECePl>9s z>mOr2Dn)=5rz+RQpQG1iFEiEYE9i$USZx;WTLh{KW+HQec!@K2e3~^&&LirrQY}7!H ziu2hRXHjAR$C78T(35Rrvi2HF9wnl5c`|t$H%s#Kq4Gqn=nwovd1(C7TEw{SfhYTd z^fNt_Qbw~u0_?hPy~TU49nhuGT`Y&pTfdi}f^fJiZ~-Up_D|fWzb1r#w<}h`$<)*X zP}8%tGyks#Fh*6^c|i<~m)d`{4m~TKO%}9I4$6QVSW!w_X<^m~1!@@#XP7zLjY~DT zisVEBM>5~@=;PS>E9F2dVm9CP?B<}0m%0{gTp%){)_L^>@59fAhwAsY%bFfwpODX@ z6r*LMR-;5S4pZ09?b|p9z)MrRxvqAX9kHg6&m?iT#uJD%9h+`vZzR;q`=E9Zu_N(4 zmMdzteGV-fl8=x%hA-8-;O%!-WVAa_nNIUocaanZQlg6SRE(26tU1`vy|pjT(;Lb# z&%2nGJ@QB}n6$pe?nq!M zLx)G>;ACi+&W4{g<43jeX!2R2Ds@+G!?=WIaXP#z+_Th($q#*oD-{N(5#QV(>TAW- zh@}PMNB=^Gp3A6{p+Xd~p>Pd8a0XRF8;<1-Nmk zmc9WGcbitdJx*Fus1_S_Ece`2Y%O^wb2y8C^@X@nMkIPo-a>!Nv4f_VYm^|4J|QJZ z)awR^=(GRNV-wZRb2k%()(M5^sHE7=)>AxB^3D3-z#n5HKBC`=Q;&A2XPxnL7s|q^ zliwjCTcMA2fmq?~W?SVdv`1$#1#GM9(+p;W2k0$nLf5!%S|c&04v3k57Hz`xuR!$G zBhk?Jb))*@dZlI3gKxoFOf_MqdxB~SrVit>R2xUS$ssoa)ri_LdT0hlt$`Sf!R>{|Iho8>|OGW=9>)CP@^?e7!Wl$aLwl&yVyr zuCsPL!|Cp`tV?^i( zfAJ82Ql$I(v_{o8+a6R+njcnFpktQUb|L0DBxWilWS(;n@_=)XqHg?m}j&Xx$SW%a)Oo`P6UEFPy~Z22?n5}==sjPdNLP!`g;2TI|LX8hHo#o zXH6)TlQ}kNIxuNkHeJ8Qc6!I(2BO?y0ao}XbjFh(E<8mhn};`9p7ApBoxwQ}d-T{QfFHQH+X=-I%dL)Kv7_j|I&Af`$ z%wSpYMT29V&PYU}zXo&18w(8GkpCzM(e)AGH(V5I_?B2p%Md4t4;hf+;mb{BraKCZZn&eBB7qtk7a<6`!~j2OM%sA-v8Q zDUk9P`pd`U$ERHTOCUOjEMpN4=sL#crXQ%8C;M}?HEUa)>503k#<7fsZOz)&Y>Vs% zzYM2RkjN!%R4&jfxcfOIEucN8B#k`CWOS*xftR}Wa%wF!=^Z;SJPx3cyhaQ&OLS)~E(fjfl$E}q&| z-zbN7=t3tVryW~J8Vt6BH%J~9aW0U>F}R&r+(aur4`Z3VEHJUcwl4=mn~!H3P=W>n zW(1k!6g(eXp+lQIKM%V)pETcrl=pEa6=^ai-d%HzIdw6a`Czv3(Zg>4>q(x#8>E-1 zZV?*y25nh&uTUVbb)aSa5dMkScH^EFKVuV#LIWonEM_0X({x`p#34^1Ksf}qyqAS{ z@!($6_uXyk^wR3yDnUR6Q4G$$5M!-+$ZB9N{tF8GorMZ4RJa+Ze{f`iQ$2OwP)z!U zFBk3#zmzDn7%WGkR#}f7A!r2(qN>w@2Kp{T4zjh5cCcV-ljjT5*&s?RAhij3%=p`w%Z5~LBue8d#upeCtLYlg$0h_A~C zm^&>4B>|t8E-Ty;rlcZ0;48>Q{x7LQ+l&OCikQX|kQCGXx2oaempuL3(EBeKHziTd zpbd&8c{(AG=pg$8Ih0#P$0-2vEI5o@-^K%^0x{>`x@S>pmZ0emDAQ|< zfaS&sQ_1A?X4|xup49^COjlONt*_o7BB=GiSmgi>H(>tu$UDv{Dfz*nd>sz%s`0zs&qZI4=)i4wHF z6=?Od1U9pghggF;VV72DkfkxQ0qCt7K}|4Ls#yW9Am}58%k`;!r_D5ai2b!Xb?lwl znM7JO1;D4MZA49hnghyPy_%E2_}i^}dWDfO%OV@Y@cNVC_6RuVph#7keP&|z{HT7s zc#9+(@f(Ze%zY45vZv(@dTNlup%~5u(4Gh^u*vf#D>^fgHxv;K!g1iKs>!yzGro4B zZONSCLv0-LbRx{tci36j*ak$hO0OX3e2on86y4+{?qc9)rcH|)0wEB?(t;IjAY$SW z_G`X%V(0yGv^z^oN12RULfnBcTq-t6KXKBuqkqA#Yo!H~RT6`c2XwaITZ55nwR6W9 zQ0#v?#-UYH?N{CxLT6+c9uD(eYsBH*dBC23@gYV-4kBrA3KdsNL(N{UHVBKPJMM)B z)hrGR+{+1!D)YKRjbMQAJaUc1l^BUH_^%aW2G8kd(|Vkrf(=+3@%?VnmgPXkWL4yNU=h=j6~5<8pqXUdvZ& z=;10_HEc1MMZbu-U2Um_u{e#CS_sv&jT)lQ5Kr-{GV<_>XTj!x0hDA^_UXtkM+m#Y z8ujh_6|rC578yGIF8b;y29f8Q?=?i#1jFU$DW_p;D!=eg2?)py+zo27$xbjENLZ$B zkgjSzUOGuK&fBh?-*!IVP$gfcb;0;axs!rhFO}9NynAa8%@luR%}b_E?4fU`)n7cL z&m^3!^03F~ctBoKJ;p?C?zn?6hcZW85JKJ4j9`bHYSXYmO=3@)@mqRrKY-jqVqC&u z_gP3tCvtMmL_A!Hqx<*gqK3E_0otP}z$S&{npb@9`q0DbA%$WscZ>ciub7|aA+PcH%J4|NUOEIY)DZAguj>YX(gh?x z^Y6c@xN+>9XNw7JB0ECi0-s02abtz(qCb&y#>(#05u&-lhJAT>oDL)pb70D}l{&_u z0nFi}Q5pqPiAC<5C6?)%PT*LfZcFGyo?t*GimL8^Nh{Dv$t9KoD?!L{1FL@FN9POL z$PV?)q_-#DV(si_$o+A>XK@7AVo?{vgcz^kdPA_b7X`lWU9e!+2zgwJEo`Fxv?2`H z;K^yHo-)#eTK_r4VJ9-Z-`l+TMG1vdDuu|Nk;U*5%361juH&Z!H93X(f=5FYM{Eb7 zdQTAe$H|~+G3iUAIiCfK&%5n?w?+RD%`mfl?*0HzBw5DO0Vg?OnZ@-NLU^w|C&`dL z596DtlqZ?&gC%Ny`M~x{W??V#$&Q3Wj+<(YUK1uAN3-t1G^U*ImdB|glXAaS@&`zp zzkibQ8E|Gh$!6>klOR2fn{%!HiD7+drORFR}HyC0xOcDOoKjwR+qKJRTn50 zmyZ=~v(#b<%}|x87kSiDWF8lsSL{+nj{;@sD3;J&#mwaapU&uL?5;9F)Xh55mrzwO zj0wY9zf2r(e1p#Q^M-EcvB8akHgINR+u&eE=e%JKp6st4 z8kx$2RuGF@1w5d%hKuS5%Y=gztqh8Kt)5>ANO~eN&N-sl*CNsf7s-2)(rGVi%_gYR zS8h&>nma)ePG-5U6F&*5f(q2jtABVQ?RCXWT{N(&&3d5V2< zx4xYX?fEK2VNGmW>U^$6bE6R=!Y~F)b&Q!{1g2&{r)I?eVT4D9q18U*!3cb_3FnO1 z?~~Y3{}r&diTGxcuZ_7QzJofic+4XTMcFa1No@`6mr`!o)tR{Cr=KAA=;F0@a`a~S zVqa~f9+{WiK9egN$&B^$(bR8K(j*J}YFG*5?>CIdoeIN`@Sr>IDST2p%!hP!QWD-b zoUEeZY{10*WpE(KV$1oZA#GXuoJ`xRuIYQuX4I|p`CUv8V&@?XPqf0maX3g915Ziz zMR4{7fzBCcxOB^?UYp(JlUd0Qj! z+3|;6Ry34amTNufrBavMLc<)z$JUE~>G?Q+8rwrdJ(^#OHy6SjFnO;IOhP|_sw7Ev zO^@@U>H7+HMZ;$+fcn8=BL>-Q0GZ*4-JB?O7_WC|gg8CI+X@6Z8;FV2yO!*OS@j4c zm=K1rEfQ{U+K7drjD$>}W1(co+1CMAJUgf&!~-t61GY^b0A-#?;FG9g5R3Bp#vZ5d zvX_WacXDghT*-h3Ce|n-a3v|WKr7&Z#0G(?)m8+;IGCoZ&34R=ev@?V=D4suOzDo6 zfg9dgx120qBM7Ns@N95zzmXnVi*PsZ0_!Q;%pUXGvaJ=Cxn!|~o&f|od=!(VywswX%4i^CVNHjb!y!~;Wm9oHP5P=leQz--LTpgN^rU&y@cN)dhc zK*t=xZXt+gJR~D%5WWhFn(2S)ohEO=}cj92n}Qsi+JOlKk}&;GmL)_N*xC+D}Z9}#1ssRQUQdds&(iJdHD?j@9z zfSM1VP4&XwYn(Dr&J=!pWvlSXS`yHeBrF<;yF?!1CZ-I7uZJLm1o_Rjs-TKqP3}V2 zC)gb;`{kEo?ynTD(G+((n7)rqSzb_==Y5@#rB{0N?*_+ju!UT6b7B7Jk^5kPZ);`s zN6S%PJIFF%9bn3_AQ#1EzPu88W6pJET3nE2JSgq(jq?b6dx_Wznp{Cd9`cm|dci*9 zy<+qo!rDsPRn&?5UX@+ zNdD{GEgHvT*_9P7TIW5{6_L%5cweHCACY-h@*UGgUR?2_*~KY|SDpo;%7kDp5&|{e z@Z4=-h{RCPD0ADC4F`1!ylBAPbQu>lW-LYs`eX<}UneDRBNXdTdnO_}A%HmX+|9z? z4l|E_9D^vIbT^+kO!w$@8pQ{dd1o~1-jZ17aO0y_ zhZh);NzSwFt^RUe%#c<1MvCKtpEF1V3?p_Gx4ppfeaSE5D9g60F*2p(kxR$N@O1k> zN+YbCWrecl6d(Seto?&I;w#4u zpqQd%9e$o$_5k9>wfzYio??Jr3$(@uybu7|wef zzkU`;r=S1mI^7S5XW3ZXlt^5OQtn(pM>XSLR5#=xMtX)iay1VPN0J)~;5J8diQfDz zGk@RH#mfVvnn!@=|7Jn{o#@41Aoz>uMb~d6+u+03C^7K5rp7t)rR9hegJLL{Ux#fG z(Ay|9;kCE>ZXzZr$r`zp-pdSn$!XIz=FLiiGSUCW2-pZRbf1XiQHogr(PUwM+k1|0^)57T}S9)vvh`+|`=IAjMEwC1t1bxi@Z z+hlTf4a0?GL{w9o(nZUK^7WwpQP3U9W-(q5fd;oxoTvTZQQ92%0@jP{;MSQ*Y_^GXD)GE~)XaQveVo{uZYH zmqA$?n*yrsE=~Zt_MiF4u5!}98PvqBx+_`hJy7Hp_m@@_FhMkJo?Z?<>*8$6T@5cb zOoCqFh^no58X-dHvC}sX5RE*{JVAp~Bek}9Oherq%}L6Zh-rUm>FsBAf zB07O6hSqW+$8wp;j$PHp&v3@qJ!ivK`>57X3)dyFsXAtqxG7^*S|}U#)SS6Kylgv9 zNY#hIekPZ46I7BR4A0I6YH3^mbXd!t7sN`{ps4KfUVwjtMCw%RvK9czF5vmU4UG5y zadQ3(B!50i*$T4KfSQ=EvbFLlWT1baaMYF#7-C-%A(S9vF+pe58l#=0`-B(p2nHael$D}x;`%L(lkVk z%V@EaDJ@@Gze-;Z*%4|iX1SUUmG;%!t&j_078;758&jz&!!*kDuqOAaLj%o9d9g}@ z;^Q`5$#KzXT}p4mD;pV{uQ+jz1LO3&hXI!-Y4qYR%-vpFoS>fhln*-aw8)TpLqShGzwBN>?{|)P3 zdpqoZ2dgDuB*63!`s)8RAJCLEWw#)JH1d(u>bTS1n0%wVDg;YPX&S;&;sDfyq68L} zC&9aV!L~lGDc-C+j(WvKi$@$V2zvEf#gR2Zwc9vWK4PY%B(;=O>VpW~AiQ9EIMMu%5+n)T(Y41g;d{A03cJR)vhDIC1 zAa*Ev=tOR44P%zGx+76RSJe3!lmJOSJd1v{?#B>bvwYg9s9Sj*VjDe@XoJo}HK<$L z;{6fB&6I8Pk^7bUWdxp)ORjvWUtj0K5miMzbi>t_wWF*po=l&Eug-fA_oY7KSH>^m zU$okx!VJvNp{&#DkZm}@dly_~FT~pkBi5k-^;(5$! zQmq5lWUPGsx_akzpcmVG(*2-3CN-q318PD0XY}dbne@$KW!VQxJkrW6BX*jRBH9Og z$yU@F`{5$m#v4pICef#5+ms`5oN3DTd`}23EJNwvk;-&1)MTr*oOhmHd*GS5<-6p3 zdwY061d6++h{4+7;Q$7eUCaHi&a&8av&`i8(?A`KzBchwVsIVu*QjLJ|HM- zFK;cGieH|Gn_4#uKZIpPq&*fa#!9_aLc{{biZxxW#wxJEu;PKhu2+l*!s=&;Lk2Ev z?PFL<+El_9w<|Yd#gdc;u$93--*{_&H!Y;RIH}*Y!DuIbxkoKGWR78szD-ABh@cD| zcSXR{5^uJ=!;L4ZHYjH6kAs_eiM*VXkRo2cF7GBYz+qNN_(8s$@*epNOZ8nzW!@Ip zIlVMy{#`osn6T>Hs=X|8szmGskWUlKtUH}gw;3Sm| z2N-7Hq{&QQbiDUG1ODWDcoFuAUWcmsIlGf?se~94x@OH-^Fh@B;UR(bVB4a#mWX?J z7$qF+oF4O4YL!;KtVz_|RE477=}n_);XHOIf{v!AdP-Go4$+AEGABLd%;fCY%Bz2j zv>m0F$NoH|*_zsS%nV3Q=O%D;#7He3F?H0uq%C~d3^EJ8tsZp?*IY5NU4d)7vuJY0 zpZV^qn<^k-OgAj3fuv{(cYQ|%VL)ri$NS`w#m-kgJA6;OSCAq*Lwdk&D8=_i^*ggwcWy=El?>H)YuWM#R{C0JKkCr;3xK!0?{||si3L*sx8_&n_dOIbh*;vYw)=L=K_wMhooxJbchrd2b-8065R90^5j2;m7KoV}=KfvuL44Pk(FVHP19BN6}` z(br&RF$^gaC);6ntZ&zgZ8M8eKFJ1RmYe90JP+GUsiR#@vQy@dQo{SNeILLAYa7ZIWVrg-Ar zuEoX%I<|Uy(Zw_K!grYU{`__h`Nh-*jIfuapL!d@2QG<>nV#BIly}zTey^%BTO&hp zPCE2eY2p-pf@hs76&9{L+U{r(M%dluP=Qlzue=y@&s>TVe*%0KxF;Ma?92pe?K;qC zZy(b;EW?V?qo6J;oN(Z~Xq6Vz_i{_CP_mki1La~TfxL|$tb{<&hOsN6cXL%!w9}-0 zyQR=xWOwhng)^`f1LtX4J8FFLc&!jV!`=R7D1ri?uvvrY}C5Z)VqGrYPy z@f5BrC%71fcan@=LG0Lf^IDDA{DH;*mL#0+jaVgQ z?w!JxV2WNun!a22)QxwG>?lm|@?mgw{f@Wk>j5cnH~nVApgrcbZ;NL(xSLX$z||_X zf?d6K->k}4OQuavt&%-LK}m#0YCwz7c)MOP=5Pw_gT8S1T-|WX@xn64TV~tdkXr7i^ObL>e;PaZ;nWF{K(V?8j)D<+i9)WYNz;g}GYt9Du`BQ+zCG;~pG{0^t5snF(A`X$93v@^RJ6Fg8 zQp>>^qj{#0Bs)gwGHCq((mPTf;msx?l2fp!gw1X>&BWc+H4fVKO6*q%R*fi}$$XRa zk-$Q+loQ@Yh}~Svt7B(4kE@gVSxJ!ehJ5kUu?rnRp8f)OfO$5Ao_R^*ztApT)gZ{3gI=W)2Vn}gW^WC{$(|Gdio z>Ju;l2K$$s+04|?#ns95Z#}|aITzHB?p;pXn~`*?)j;&g%zW+)=8Bo3q)_zvtpBb#Y09tM9NRNRI7Bawky2~#_8 z%~qK~)NFdvaFtMI1cEVEYdJMI=f?(;ZIAso6uKMH<>~b>wXiDB!GO2 z=>kRxomR7xV4wW z(AlLA@OBixU=9pDWOd6fzLa#iak{A*Gc<^BTY1BepG{34{z>Gy*8jk=?uG<#EoVe@PtRE@LtYd2E3P zRE9N{uLDgQq`Gl&VLc>bcI{~#fQ>`b;X~e-&+Lu7zOpd+4)qxAI1_r>8C=uYd5(d@ z%^@lg;|W1=vxh*w1is7pJTQ+81oxBH^yuaYds;Bb0eu0NZ!_p(jfjwa_%C`mC0L{USOr4UIlyjl~(IKC^m;3SIg}9||V~Q-SBPcWkPKsTv{i}OeTZf;4 z<;_B#c~WcwrKG|Z_gB6lv&jRz`xHBq3|eH99x{H76b5Axx`~QOKGP%^$S=5yW?NzH zZ`{>WuI>}{x_b6Fr=Q(IeFn-i`q4Wn-&vY%P8C>+5=TM|tfb7A+vl8UwJUNixQSBo zJ_eeVDZ57t5Z_=RRCERjg*T=BMw^uNm2q$oOps6HOv++H@sJF;)>q8V*#j zL1vYgDYPTM5N1*}u8@eaLM;gBjnxn*^L+C(w2Q<%C_|^gWy7b>mZ;}tIM|!8Y-@$^ zJPWykffV1rdt_Q!3R1&fIngJ1&px$%6%9f+Os|;S_428O^bstS2$|qAynUtv2`){@ ziQ7r3ijG~@-A~kgh^WbXR z4NFRfcdvW0j{=@Ve+EwRwXF?bqF#khez!gh7D{7v<(gp7(sb0eL+8UbsO6RP*tX98 znb(5moF){V4$}LDm#aV&jTic>ZH26PH=W6Q1#gMJ7|2m6e+V&F_1vaV;v!SYk#k13 zEs-33UX2PLgmF4oD9VU-{UC#IF1A(xh!a}PoZZ9lyG3`QwvdsKMmxCDYDKS>6kL~1AYDv$vsTSFpz83wcMzi8Gu5+>R z9u`|^9OK{>3~D2`>EjpcsE8Yj9eh8ZkgS#`&t2BU8vYOV`_MqtoN!zf@LH)}aZ(HT zT@7*QILTpDsn=vL{adiqQGYyPl@ZWY$rWmkBT3!7BXLq@v2JTL{K6wS!TD3krHa*i zFR4@J`d=jP(463+;7?<5CY7G+D}*Dm_7AVWJ5_6H*5ptX(R52`l`S9@DMZossqP>KLDN8Tmq&baGsdTZP?@~4@rm9|4WivFppH-*5fE^sHr4&ON#EmxnI2*-B??e2G zge_z%;FesV6c68|Qfv4MK2$qdL>t!sqKm>Y>modjfeuTwA^u%m1a6B;*nUGytCJ@7 zQxMh-F`*HbU}(sMuKCrqTbYyMo4~l&5lxrUcp7Vyi3Fu6zuMiS=0~9w8Nu`wY4t6f z7`KrPrfRW?OKk8XysZ~KQ_cnbL!{t0Nm^Jye35d_+x2k7fqR2Hab}8dM5XOiCd^GVoL$8=yj^+-5@rMdWlP$NoJUS)GYRW#3m&YHj5n@&A~Mh1PU3MHxzDtr4`#_*7(o4RO8FKV5;vpKmd$e=wIOS;MUb>YiRe6E?q zeG*9mcDyHGjEMJ8`WyTW`74p0{0~@8p7g>?^wwi;(Nz`@Fce~1jgD{z;xC?&86tHU zo1N#GM4KSl5zomWx_WnB$Kpn$@}737dTC8QWCcZGi{oxlgji!aqw075B|&SGattv5 z%{n96-f^l$qwTiu2AE^bChXfGKfs8TYT83jnX44rajnZWYN;_Q7l*ZcZkz3g?K(t0 zd)XXMJn13xU6zhcgb&L(OvN-*MydQt9OF`qYSI*?F&?Uv9Mr8;aw(LW+c~r;JYN>e zvZ)wsUJSK`KgBe_wH|RB7;6@^xn{F@aQFbR*~M6Mws!JMItOdfL8yl${lpeCW1sXS z3$rM)-9o{WY_t|go&|nBJ2mp58$Y3y$bnMw^YwS}T^Xv43|xTOHT=o!{+f;dmob7r z%udYE*+tUM%--4bj~JBn59j;OU{qDw8CMkPeK@hJo=47T1X1RT0D)M2#1aBq00kol zj8pO`V!@WdEuN&Yr>*DG*>nk<>MMA)4#hO5gCzPE%(w9bP&`h@U9opCG~SN-dz!VC zfnSp@4@=DY4|lKcn>F&lI$@aNki-xLc-cor98Hu2Pz}Uq^=&H4$)ZEEu2c22tP@C* zr0Q^kSmbyuHj(&>KjY0D-Pap!$kq#fD#luy)q9e;HMli5V}#`k-!Y_%bJ0DOPdDIp zaTsoqj!@n)>exByrwKh(voQCQ)VPi$QK8c5YPji;!Jv=Lwp}3MfNDpP#4bE%fx^uV zYB`AxAUeYBf`=-~x2KkA=u5lHQ7%zEN>ztP(qj%z2mW;XS>v?WEb5Xq{exm&n^u|~ zeI$y*c#AAH?HWc{KMGtpdKza7oX6~5PjBA?{tzp%@$!|i5Rq&(7*XCSV7Gv8Y-Lpv zgQf$SPQHTc?i3Fo39BP~)O>*B6>Z#!t##HM);-8L2hpD07Min{K0ljgHG2%d9Z8HX zxS9{TO4YT!rX3@4Bw+6(b1IMo9}v4;InX`iSWJ2D^4vWA0_h#LYh~Sza62DR?bvQA z8!&j0AF#3SQ6rlt-09^2Y6;5DxgmaV^`hwx=-M6zsLl_qsHc{1k9)zrMVM$o?$ z=MVBXllf&>kbB-(#3nBel@~r<)Cl6|mK&c~j0{I7nbTKc+}~F@eOf3|d+`h? z*$<**{lOaQv2ksgQP+6wU`a>EC6nCD?0En$%%s}! zCOXZuLCiZ3OYg{IFzG<)BaMsMCW+8#Z^LH>wTIcRN3iQ3b-BF{v;M47L4BJHMMLyh zPryE;II%N{9G|SFmnPt5?yg{dIbC7Sk1CShtnh{gEPKz!N+WpC%~|N1H3RF z`D7fM6Eu>3+3TA@^Ibj_TdV-G!N<1bDFW>E=Md1_A(AjoP-}$ZNd)=9w_>H+e%qaM zgh-7qF`^VF;+yd!Eu*{KCp3tZzHw0dl$vjXmG7dR@4}T<)uqCG6*{MLhmXWtAJ||p z$=O)%Zxj%%-1GvV{B5; z0!hItO8C;{RG)2AO3GZ%jqIPy9@v;isP|Gh$ed|Q0UyxL;C(RJd7I^IHl5qU?+5G= zV+D*Inh`6M>%Y@icNIkM+e6=qE!uB?vwT+39UEd9o3^-dJbJYuklYvV%oxTa>?ciS z*^FJUSFA0DTnsYqHe+~YmiI6y5d2dDy~HFmP0u>iqZBhU9P)t2!>dT~IF%vJ8l0xJ zH5L~xg&MP8fd{8lU}5S5-ln4Gcn8A{bwtP&4e9eC{wl12hMOZKbt9(SuOmAI$-0WT zQB4a;veiOEd67%nG{d@LP`;xZ2`zrz$*;!P%#|}z_U)Arpr>Qbn!(@9 zm)pH6CFxn3DQ(&c#Z@enR|nHdf8c(8Wj5E~#G)h#E1))(6n9Ua58bgAbzP(%LAY}$ zOQHV}0aZC{f6AU6q~&|t&j@qgC~C6-h7!ckyMUjyb-8Bs;r_t)!8|1`SP60qJbF%_^3J)93<;f2tqxs&KIEb6|n?8O`K$EqB`KFXfPCagl`Dxd+T1E37#d+!D$C;Vy#y?;^W!ks zZ?2Wa^*(~+WV`-1K_-{(ss1Sg5{dQvDZBK=s0q*%&8t^q-Z{A0O_%EurjT@bdkuSDByO_ z9Eza?($;KtTk0^>RPvp2Qb}fte_)F++^k==_|%f8o}HJ8Z^;q6f{&(LB|}`rJVaHz#*Z{ zzrJA^9noEzMo65aq_rYAC>>0|(TGEm=wFH1!;KHa(X?eBxtUOVUN?$n}@dD$GRk*=rlJ+q2xY1_Sm%F0_G`GNH|l}`1<^*D6d|~?f3x4 zMYL|QSJ*>iyJQUNZUT=$%>u5pSiv=W=aQ;*lD;^2)jGs4gZQ*Gt*#_`fg;;lhXY4Y`O&WsImfUtUP01A zv6w@AA?WNlnOMJ!!hD|h8?^c2#0_;j_|ZBP>KGqm0+-x&ODb!2k!YXZgj-)dUJeWYu7E{}Lu&xnSX^zqN$GYV*PfSv3 z87Y6V7P8Gvv#2glN|Sjf2(3+eMOl1P40(jpp39?%pS|afAxEROrJ%`)z@Ro-maXqw zGaKf!OKBfGpv+scq{-etTsm~lP?@qYaFLR$Hc#5dA7}mwzkqF?f9GlTJZ5`PmivsO z=3ai)`aK$K2aj9bjn-H*ewr;vM-j@<2#PE9_I3z>Z4b-O_nD0*0e$s8Cs~CH6_JstQuL+k~ z1ln&2^i(|!mO+RdJ&^bEfiO}6wy!8uyZ24I4Aa&?+SFHq!%0O3B%uQwgI^UnrhmYR zGv1fkm#1l=TJbcDsJ(|}UI4mw`j$0T9!SZd0!duE%)eK2>?+9{k}Ywkkf{g!(;Y@D@A`bGGBM zzIQD4)efN~F1TcK>kj?y4Ec-n(YYoa5b9A`%^jv|^{WJb~_y%sadnJu}qz z!1VoL9t5AZU45e6uc7$>`27Ubj1XOx?~JKO$Q$)8~;Ejk8~RZ`o~s;e|V9`-OzO7B7N#fy&u{_#U|=`n1WjcX!J=QV)hm~ z-LljXrvh2P8y$mc6()VCmWk>tv3!9s&i;YZ{=@>+?cu769!r|{HMOf>M=0hE(v_y6 zN~EoSQ@4>1aZ&V%wWbKBLvC`^=nK8UttY%5Q%~-o3{_X2q5fV~>NQJEbe2NrVX3FB z+1u~ltZ`zu%?3ckutfMfZ}wmM;D1D8fA(ho4E5D)m2p+Ecrihs4KrDa6toAMF;C6Y_r*XUNLoJr}!A7pXQi~p62lTCC-`S?XF2kDmN+Pv^niO zee33a`@rAx0d0U?vx|k4?*7xOkB7-RtX|>eNq0M&#O*0fZw;;&A+O%D7>c;oK|#qyvpwZv)zj#wGwi}*1oKIv22(#}G zbwWoZmC%Kd4{gN#gXjS7avW&+XVVJHCo5)i0}M~Q#R1uMYBJZm-d^)`ObKnhp_Fca z6s{s1A_;LEHD!ThFbEp$1U)JgM!6`#2ok>su*8l0+Xd$dwslmx=@Sx$b@}V% z1#wJJ{BK&W+?BIyda?TL%F=HkSh^=WFvUr#rTdF}CB;rDUEx{k38?i%$NDj{PQ7j$ zb}QXKk~>n(6O7Mk2>uUk?-XQdyDp1%xy!b?Y@1!SZQHhO+pg-eZQHhOyLL^iz4x4F zu0K|s6X#}(ixDxdzAxW=^35mHcR&ivOsei=8Dz|h#vDR^*-lHT3748WgCQRl@kq|2 zXuv=9OH6yfF{%RS1cAlDf?4hU_ZF;|+tI$r0vnE|-wf5sOI5)sp^$EZg?j55^xPd` za_F4HfNaOR&lwrq5G?R<$>C0P4Suxr^6z#1y&-?PA4(5$^ z3r@HGCovnK_Vgh*3Nm@O-4VF(KsB%iiB!4+K?+-v>Bz7NgpzoGq7bUb00P|W;M`ypbll9LDHXoDepcfQiE5^rHS?tLj5KJ z*n`Q!!_6g2?Fe{#VC!E*_*jd=3-+GBF&?VL#Eu)*W z7+&7D`aflvF(o=MSX5OWTzjrqA(eKY<&HFRC~qLtB~TpJeilKU13L0r?YKwiU~(*L zcHI0uK4pNoZu|0E_gws!Fob_6#q9t6=<=Ni>!M(%Yh`a_ZD;w!~|6arM{v4Wm2ZsCItxbb&5sgV486)JIf2fh$*`G_3$DrBCR`03meqv+th2JFT)p zeXvq#8->5UKNCgVGRU`IU@*M$%;dm8s17^N6)IYowrCrib7XqWO``ETJF;&?Kxi^- zzCTIER-v{*11XBp8lcMGTC`;LfH{>zSydRP7M-wT#_i28Hw(iRumUroJExEs_1f-h6>fMeNLD0*e)hKWBXk8U6Y|?8Z z#cQT!xjGaUyd-;Cn@OHgp~FtI_+O0e##T_DKF+Px7MYpqX>Od`H8R=Vg0yUZ$|H)(NH2`gv z4d|F`W5B448Z`# zSf-!&f|MKBY6ltv-Aca<;w$%gFUQvD6hMkj;xlL&h!dliO6~VS1=!h{aoQ673AP!X zVMMMU`Z3N)3akbZavjS}Qt>e5<{(Gb$NlOwDbk2r){i_ty;B@wVBTed5Ld9Pe9R;; z&U45`-+UL;EBF+(CWZ5Tlcc8v%4te;k^2mZeS{gSAMn-$y9n@HHi}EsjEIq&eG+|! z+%w$p*uZeeviNAkI6Xg_?djKrfuC-=x-}sj`oe25x$&B%fwmjh)~l&nd~vpaGGU)O@a&sbADm?%uo#umf77^HeU*uR+ao*RYv2sXI@B zf7G%47TFs=`BunEzgN!wdzIloB%%EmFZ)k``VV%NnfPHnCxkYXeFkYMp9~mSiS6!R z6Dy;Z%!lTgOIbf5l3Y-D0;m9Z5~t;#Y9DpZK<>R*0A3)O_IUSMVmhVIA!%31&=9-J z@s@S;=9+bcll}Gb6y5b>n+_|Y`-eYR)Ecd8_|g_cotK9J4tS-9atiW5^phra2f>i# zVP9~Q6SneA8kJnP&ajVebN6;{8WB~)qz-N7pCTQkL7`uQ=6g`H;JfL)DA1LZD(Z!*5%x^dE$x-7*TaTP^4R|1&8&d&pc;N-P=}K-5dJfLv_CVbvydfUq|t4VE9suc z5zU5_Nqnf(83Pq?{3%X$IX<(}J8LcK`qj%6a2;rMg0PI4hBD+T74H(ShfnQ+D*I4# zJ&X;vPKIF%VflKhpq|qtX!1-Cl*<|j?$(=-sWxc0iEAo@$~DS}_I1_$psdiZu|1+| zf8OFeGVGWf(Q~>mD zZ5F_8hgPjvgIOg|sK`dW>WJ4pSG~*SXa3l?jcSHp<_GhiRsLL{T$ei+Z0`PTg{ip&&jbqlXNM?9!RV;D9#8XYSYJxx#t_?nyFr>yK5+r zjL1|qH(t4n&u17WQ?&JHqP|7BI6OCfghV2%ym*mQm6UDZgv_*;V~5bUAx$rztm2p` zB9IjCM0BjB8=G`8v?gm?J`l20M#&-vH!~}h=M~$rT3){^k;=bd-2ug^%;)I>_t3vC z89Ia5tmytV`6GhE8_@j$9Q1e3u(iwYA7w6*J3nb*_o{!G8z8Ul9vNW^3kege#YiC! z`SKh&(|&?7KfzbVOzI?0a?PtkI27@(i3A%-Zwt?lInrfy%V$^u*I4XY6ychy85_nv z(E2tY>sy*qa+c-4T9}oe;p!??P0`mXA*i@MgD0Y4pNxcQpN2)t+J1N=SwEHyvAA*B zl{_=@-l&%2Ox3$>3lpV2R7|e&DRKKM`dCIP`eaM12xb_*9yqESBgZskc9Rd>lAF42 zTqG}HXDae3y{x;Ye%z)lsZPZA(X=zPmO^7dQ%jwzv#I+rZ_!&wyY208fTFqIKXA_UC`U z(`m1RrTiN^Q-}O3F!_riPuWh_#>UX#pSzCFI&7I8WUKQd5#g)@f%y*nz_xSY>Y@^7o1^+C+>D$K*EYNdyT0Dv zLAF6~Qbh19f9Vs169oZjcQ`-Cv>Er>{(j2r-0o2UKT>o?BE1By_%l^~ui-}TG7>|r z%+994Kj~xI=QklE;gdnmjTN>Tq3e+biUx5J5J%ditBXzns${v|jnQ|x>i{ahC3Wlj z&Nn%C%cWJR4yd#6ky}2zd~u zyG?O)-0M~L9(qpIzC<;#uDcvYSIh?WR+H%}>!?(8@+6X%*m&Q6^Q^C2;@r-WGpx4e z{F2j`IPZlt4s2}KFC&JpeQD$G`(Uadlsl~K;MxhzD7is*vsC4V=({d+BA8Qx3gwEP z9KUnzjmZ=5up3Rb8u$9~G6w7M>?_TBIdflpY^|rVa3`&lbWUkC=N8{scDfRsGNe#UadFCm*6_+!S!~P8 z#LpLLB@Y`KXnGl8qL2F&T2O(XnE|naDSGaa;VE)141SIvyehyJe z_bAnGCB&|d_lCtHPj}Do%KQnxl9pQmS0Y#$$n?g9ApNydzK>l{zqPm>*c-d|UB-hizB(RatZVFZ?V z{*-+sxC)jtNK%rkQtl&Givpw!=JHrm^$n*l55B8Ya0RKh$)ilt_|(CJp^~v^{T< z=~hO|Qft~D-K9Dq^@}U4nej}QUR zzB4bqH0yBaH>bZ>H+T>bK@yqKAtj=H8@{RGb==CjO`}2{iL&J!yFO=k8g(>OY)0g5 zScu7LonAbj_pC~`+o=vDaLLlu=BFGJ-LemG>!>tigiO3fN`3N>3yIfb4p6`$AhpA4 zuz|`q;77$SsNI;AijOfFx-1?!gecs$$)h1Ktk|0r9jbhWepB3{qn+^}lK{Ej2AB=!$a!1S_7)-5Kvl0aX=66@5%nzlQVqOm9i?%^+Gk^i zS$48s=+=Pz6Z=r=yQEVWO$>o)T`M(A19kDu{nA#4Z6nOMNJS*xMl^ zPvW#XrVpxbxZs*o8=Aeoa6hLK)1Q2isTt`xvZqLyRZegp^nT zs)5MQY+wu=-aUU^Q@*j4bBXDo>a4)yd?33D|S86@_xWA5%dPD;q*veFD@= z9`w{oLCZaU@)f0X;szVinitMc)4874l&o|%D{AmL?(vKs4SO2l(sj$Z@ET1@_@t)c zSw#+J%OJ%q?)0%aP^u~ykX}?(RI^CqXcDBc{FObNV@i0uYZ3>+vvGe43cbG@LWzH}k}eDW4J9T4Wz4c-xu=K}DCkSG!A+!g(J3C8czDk*_Trq$hZQT{}N{ zT=V|(XWFn4eu@3mLYbBZL=`7*qe*z9>RJo~kS<9!i#A$W%Zd5#nJY?Xypvgr^e6Ta z*Y;uBX6%gFWUG{@eYXM3)lv>eGn~E!tAS|mmPl*k;3zY0@}!h zqt`YoPs!>N0U=gIB@CQ*`JH8T zQbAbWdaSnsn>HT(HrF>Yt;6uFTmm3n!CIDF_xy_4MjfrHvnik(CX}|=$=2~*F!NjGo`9M9mz{qXd~V&yf;E>Qj=J0CFROQemUi-_xI z?GPijjbh9s(L@zlBdpv(I3bHK8nX!vaSjQ4qJtJ)-6WLka{&<#7>0YKH7g+yALb9x zCic@fFP8Rq3MF;924FBps2LyM6w*2F4304(W00>;7YaWFy4hT7-r(IJp2xOl_ZG1- zV0E$|x7#1TqO88_VjZ6G5}9qOlvF!>rY>$m-a|8nJ@HNy-ZwpR2YK%<=!P8`bsixo z;+HzVN2916$j{y#BmvEBnMhwyy}d2nA*y9xyI~2(MfaY2rrQj6>=4v4QOJFEUVldL z6n;oi8%W3XFTNtke5J4~ig?`!N^(8V(>X7;{RrVZ3IPN;!1=S-Z!leVmBD>M@@(pX z@nZfwIZc-Qxk$%pj)EE?L;={3F-HgRU1K@%4EY{6h^5P&Gj(+hw#VFudt>|#68QCZ z=Kz0OhkMtzivRd8D*nGGx&OtT^#3_~|3jqvw{m8^$^+MNMz2?SM>i7RBg z{bGaU`ui7h5kXv#+A?BpfUnv~woQR5r=(zA=Fu<04pKELY(@P+M{)z9wXr&sl@Y&E zA~So0LLgiHU@B0yqI8c9iKwa4Q|JwsD}vNs*tB`HuXE0BYykGv<}Xi=ufhY=cPKg4 z5-2T}ADu)hYO@lnVf3gP#9Uo0t}A=pmDzbPNr=8pPCVGwvfURlD~*Kqut$S}aVBmJQB47-o`x#w=EE zCTyUa3^naB3FDsBe-I6QS1D5a`$X=PjR7(TF8%U~Vy0_vJ!`-m^qu;p=8qb9_X{R3 zCJSXds4eP^>*tX?k67g5j`|-=iUMWE8a+3z3SJ?5=Hy0+&`{Q}0FBY|U39)8ul%Hm zg@h7F-Lx=hGRYGe2;H?edhD0q;ZpI(Ap@6ASAsNcB+`nmtBqSqjha-x?*ueBJ5zny z!7=7rnw}w^!36W`+TI}qNTJ8JTkkGcEt_?}x4?GBh&P=ftys|!s@TF3%qS_|ykNoC zhmhFR17f^yS(3lt9_bupSP9aWM%?>@!yAJ+f)os z09kT47aW1`+icQ8*9>n*lRT!u^VRuPhoO`})g^i6+#pQho~nJ`bv9Pn@2s{GTUfEb zC3%*2OcgmVjjrxskD+iX&!hJSkwJ54VA1!_F65}{Vjl8}@ly0D@NcId7Lhq{R3!%( z2E+3zB+X7vBX@+!rNcge|vg+*60pXeu|K{}PAyvr2xNWl6nNB0Zdsz$?hB*70a=p;yF z#YqsF!aroRH@n1zyevud955&CWv|b;lj4yUbxo9 znp->04Q_?h!W&H+%ml3e6fL?D##oh+94XuHhIlPW{bX|vfhPXKGCSfcHRyrK76FSR zOG7$=TEC;;mN#;R(D1@ht`Cuo?3*GA$UEf+auH1YZo*X$dVErh2Wd0dHM(qkJ@kFc znyn)_R%u06RY)y+#|iewwH=H@c&}C8R^QisRDtXi=}x3LfY~`*p)<5h#<&Or`CFv( zvLj|G^J#f0JwK&}bDqk0Li8-%Qo9#GFFzpq5o;OhY3Hb6uof;sb)$PIx}Y0|^}8Kx zvNxI-)}fsGr|jLDdRXn16IwgR7}e(v%AgXcZ8oIwnL2k~kOEpiSBbgkchK))s7h1c>3#qrm*U%BMPB<5dX((KyA-?;^&ZLS$ zy;)9y_!Vw+ZDU%>&%Dt_qKCZ~DjyFjX8{d2sO12#W70owC(TRcM~T8{tmVs0yTT6t zKIbRz+rfi=&-pq3vRVJ{uN(dUWMcZiUblaa`*D_kd&`Et)=*v@K+64g?|}5w8-y7> z^(~#fTfx12COKfcn(Wu>$c3Z9%Q$0Y?mH2 zMo23zS{kESu{RqMppfou5{nAU%F}kLknCdMAezdQWs( zg*}0R<$1^rO$Fx1a#uT>%Iu zsgyv}MySEy_dr89DzU@7LzC`xj4b6<`CzY@I+hG{6~~*qgeYKm`@4l;-En>uE5B)zDujfJ>^ZaSd;V-)ryeAUbHP+)+ikQHaS(L#R!ij+iTU>#!VpFptwIoRxg)pA|6i=xE2 z`G^QJa7!Xgxz@r11hqwayPcFmsfXk5{ceC~SptHb9F(vCej@iF#)Z+N`sze^NBi+% z!(PpN#zNxq9u-Ed0%5*~*o3UwD6wPHC@saRvYqHy1zW21vvv-3YKXFQBnuSc zGP%Q%%jOhUz8)pIx=>8SczA#2qH^Di*af>qN%S>B#;~77z4ECJ%OgTA)hrlw!p2NY ze-6xUkg}3)BK)FrWP2GX-0|^fD^(luHsYq|+ktD7@=`x%%G7#Kk+Lpjsu9}==iQs3 z*dK`;sxZ798h)jqptliO)LRxu*hFVds7D1EgCfoWPfk;^}hC| z?fKE(W%$u%CCeP8lJz%RUlfJmuTtnLn{J@(gglEp9#!PQJ?V6jCIKOkr-KN>?#4v) zL9kDg=?aI!#6Ki8$(hbow%h9w_9WBRvJg2iSHUzMnbp8r8Mc>flWO4u7li)u(ik(C zD;3yW_#0k4w}m?_*w!xu?4BB&ixF@`7ZKKe0x|7M>Qkr1{x^2XNb(k8)L z2)_I0AX0>W?}?$7{@VO{ZT$wz^>|yU4uUB?ZN8KlFh{N$s@x*5FeTvzy|@nz7Ls@| z;I!`WFnKd5z0R2(w^)pI30o#&fi&B~(T7f}x!z4>PprsScTB|Dd3oUT`4zn3CF;W`!sjuXZs97s5z^R{Y}D=;-@<=#22_{$1m?Ha8%XUS#xa$^xsJ z-XBFbrXbnyNGip|@iiXI>H0$T1tn)wVR@e!0hLTkM!uzmhyVdLL_Rdz;q;va+hflV zbxOTc0kI=!Zgfyq=`tem$2|skY!_oVZU;IB#*t{Ew`J66vkjddMhasCg2xCLc|v@W z*~<20Hy2W`<)KKHmo!{7i#Am`R9^|Hji3tVd?wm)7K?43vU?pS3i&WF%#@*le5WZy zfE%^TUFj=+(dl9=*rr^oWIt0emMm$A?yGh>iJU6vkLa@QQ)C_t)b36lp__;=OD9`C z8aopZ5Xgb2)5jWhlXQx7N^F@pkg~|@AF#`wWP^I`S?E^Ej5IlyTtye+cJ*p=kK1yZ z`O@{$wRqc>U`%;tQ9u^8+YhB#pTJgEG%-|H)&z^2t59$U5H@abMGH2{9Df<@k8~rF z!H*^pm3v4v^S(!;2N7AFtY}T7(Z(5RG93aohksY12?TdcjZO0H%D+15%h}&uF>WBX zZ)37;%5G8~CQ%%dav93^uOl->jCeFc#U`zh4r>avYqY7C;^!63)g%-;zTS|4=Z2J? z1ud9lmq$t^VO)fn-OrYWX*e*7ol|kORvuWKnioX`kKd%}#orifEh?iBy*@2y7435VawP7q zF!PTzu!JDoJrbxYaGJg1XLSBgHe;6DR;|IV8bzULFXoT%MbF)%WFWynv11TS9Io!H z+_vSVrA6*&RJ9|U0NW1E=so-t*Nn>&e8Qem_v12wHO|S&oXWnZAO8IKxv02u&$m!o zXV)9Ptkn=vb!r2kXb1$!`3&QJ6>CQ{njxU*7l#t&s3WS?}C%-w|0)$ z(syh;Cv_^pXy!zdqijPRee=KhAd^#*DeCiPrQ(u=Qd@wjX%Tx@X@yz(Jt6t$-9lS~ zO|1h^Xc)qkO%w|^2&tlXVV*t$-#&xrIJT;2m)5EQ7{+U(m4Kc>7}Nya0WRN=kEHT& zx(2OTF$UwYLR-=wMaDb!Mn~q)hez=HaFlUcG~fw>DZD&*ti6VoLCoD`-%m zkp2+dZBmV}YLDS66WGE8y&Qhs>t80IhR)32`<(}Q%d|+pZ#o?lFWi--5lb~a)Wlh& z#p*McsYr69u1QxXv3tBPAA68uEAnbro55s5yy8si=;O|9Y9&0VvTOQ+7MZ8jdwoZH z{`mq)S`JAc#b)l2PiPfu5&bS2&C2a3^hPXJHEC5gLiYIFq^^XSUzrZ2=eXc?UiH7M z*9?$Kbzb@jy~Qo@zaoc>4+s(+4hzatT-wAIm|sn{ll`%UlYdasBuT zo@5d`AT^e|#aOyaphZs>bf~1^JJOsrr#cQXQpCxG`%20~to;(3xzR@fTd(ZcScIBq zEYBV~+VW>N&(^~aF?0VDdAVM*_Tl~vwBtuyn~>|h;&g@vB3zWG1q zfeOX5Z;vO^m!?XsXlr|KnQ5XNuSBnYg=GVR+JFcIbF|p3%xiUBfOxIrh>;Tu$`>py z?)&aDnwqVH4W)xaLiFUbaOe@W=+7APy=UF4Jx;Hq^)0TW%WUtDTMnPH<||=HHA4}I z)otBlw-V2SKS4_5B_{{LoL96iMGtY88u}*Cf%e=kJMlZpHV_bfex}F@73Bxv8WUAj zrDYoSb&=WgQM+o@Ej*gxaCfyY$7bPNp_<2cM(cX&+Q6F#6UNwakSr!IaWq$)6 z$Ig`Hz4qnKL-w ztVD-JqYxyYdft03am!2TX+IJS=^{BO2$F1*y0hzDqGjeU@XFqo`r)q}Lc2f<36gm$ zH9bzH$Kl6YPF{3OWx9?M1M&Z3S@_WW-B20B*{P-6m^!3TinB}UOz6p zTHBNFj3~^(iZL0Awj>bIgeDc7_8MqUZ-h1|Jqrz1;dan3=+?|>2PHSIfhWa|=oVT` zZa%g?8YX}S2+mN2&NeYS&`F+ZC=z+5$6%9jBDyoMEor-!%3$fnl<*=Ks!qpWXDRi>@;s%? zI~AY&DGX&jhX&V$_9_a}KPP2RF|u|I6G^v975arTkr|6!J-jSG9D7r2vV|`Tx#_q; zi19o3M*jI4o&B24NR+<*Du}fb=u#{|_fiZPVdsce8`^$l0B9MYdWh+>7vyY9d9ep= zv+vtSg~0T)QFO;}7Fm`2mSMlf(&2X>k6i}y#nkm~UP=>PyYC4Z8EGN2jj7lx@}9Ww zNcOdvOq>`0n4G!H>fl)_w#0>0!vc1@d{zz#vc+2FGtg|(b?S1@f~KCS56=7DPgy6R zpL6zvhpY#*!Hg&(I7N!<2MQUafjAglgk@DBMO7n@bT8Hjy@*hI91*+jx6h#Z&q?jf z!%uWO76`M52BKXeuN=<+xZA><-AQBPfE)X?J0#$m`15u9w(#`AUXJ2tVy#FpA(xMP;>U>X??0@Mh75o2;a>{n5 z-{AL8TvJk4MpQ=ngb@JU{efo!zow^9fS2>9N$aN>o=<^P2oXH++A6=Dh!8P@Dg$Dm z_pJAJohC9>qvJzuY2gRIr)k?1;Z9sY(!xS8Te9b4)74wX%BTIA`;VpS({D&aepbNZ z#q9GjJj!qHuLFUfsH_rlq`*i{U(c&(>oqdLT$0@An4HGI(K_bgU`KjZ#0ngxRRq&Q zUZ+~aKV4mSP@-x>>quXu|5KYzE2^ZFpfQG%Q1C%M?>J<`kf%c5Oo1k43j568iK9t_ z;ZC?PnVG_vCoaeW2<0`lc*n#B086S_BBSTE3srhNKo=C%ZgT`OB|50%;u74zN3h5; zUA!F-=9OU(f;C#lQEA0W=oUOm3;&6Fc81KNlDAzkSdSDSi_nNDS-_d;)gB6fTnwjo zJfc<@3C@7ZLMco*F1KQc2DKz!0V}EJ(i6?VTBaj2z@`eW`NoD8Wl$&paz%T;IEnD* z#4%NPgPwynBE%0KIiGdP=H>T1AaY_->xfOQo@S~>IEE5;Rr*VbP+f8|o`7O|czA+^ zn64Zv%#?g0R@uSyc7LXmCE$Rc!d|kXMvr1pC%!hK?bx`Tv#c{@y`6?tYeH474MA-v z?eEPYFbHl1x*)W^P=5;p864X+LcqQoqdZh34gH@B&Z|~fc?|6q%@@r*HV$5HdS-5) zUYw5ZqCLRK50&lnqd>8aA85iFPFF~MdWeo-Lw2y%MLO!y&tZ6aPxWpf2DE*J{7beC zIfTQgO?C-sR+20O8ZFKE=MnR~(8a2%R+KjC$#3K{M<@=XgAtG3>-Y)3h>Tsic&KWC zkXzKIz)m^*eBsY*D@0A_RE<{;RvHLtTnEWhs+f8{uVrP6D(KOf^2a2#^9xZ4!*V^P zSTD;DWb8qSsm2_K`{m@CK`4$KnszF2#Z{DSq*1Pl=eyfl9qw`)h)Y*0=I@}U;`X6~ zXr2zcMpfY1$0joHGI%Fy7e@=1c@1ZOj$0%MAU+xy&XVF!LK8@ygf#5g2gS0oNRC0f zK8b{IqO_y!mLa80OZhcNJgJ1tP{hzm>JC9)vignU%Vg_7i_xeD zq8Fben&gJ(gYdqT&ybViqDJ#I{VFoe$lZwZU^Bgp;sgqh;0#1S_Y9jP!P%39JgLwM-u zXlM1?iORrp>pm8!|O@UK9F&&3mjVX_6ur2Kk6A>_pPk#fLwBL zx@7R0+0%Gt5E*J>PMGC@#Jh*)%Y2pBoEG2di&qDCR?CgPd2gc6;Aco^rPM2TpC^qa zl>qu6Dw0bSCGhJP=--?)<2X3N-rulC^Zy&{{e#f`->{eYU$6%ZswYE@ucsc4iUgQ~ zLSq@4%=aS~T1T{bq0vDkh?aJ|U<9~k!K_TL>dMphp@RFtml`-(v%_QtcwBB z3h(Dw@cucQd$#AtBlppZxAZ5d4Zu?eDNin7G^`*gib;c9s85=LzP#Em=HKWdYo{KA zi;)gF@(lF>W@kov^)y&D@@ecGakG|GL^2*)ERJt^Jf8e6YMJs!KzDVZ(PF7QQ4ZC% z%}7L~irWvmupWS!Y{Vo?3zG%)KACb8_XUZ0VIr*TF*WXzS<$AVYhu{R>gk!+6UERR zr4z)^3yZ*;>)Ru(MT%bRq?yZSecTCmCK4FYRc57-M=k~GzSE%KM;3+O711=+Lt-bP zGYk2`&QaRL?>?|htfVrGrUtX}fPv7FeOg$(<`7y>JJ47ttnYTXz+#ALTqS>OMU|Nu z*@Frb+JqS#S@X6_V25lpy1U8Pz`AUu#vZiig;?RyFblpZvkW=fmk2Vr6c z9hFevH*UDYQ=T&fH;>~1FhH%m>S($W@W=H}MKpFTI#*7l^8F0(x9MOn-!xT6AxKpt zi3VW@_b?<#qt)`6(4Y#EJJP#d2yQvrV}4*+BTEikkOXtH(fuGENA86_h#-(COYQrH z405ysk>QKMhX9b)g$Ui`ZT&|{!c}f|9E@iAqHRRqTgN&e#5uL`N4=k1S`j)L`0w_< zv7D8b*-!01TQDXYc7a)HAmDoIoOP&D5a7(2lH2n3avx=+m5*GkzY=qgT?pBi7dDRq z!*F~9u{pegZ<_5XE{ax`oA4;46fPjoiWaj|GpFTb(dmaYm&5)HR;SG#I6KYhOP>JC zIafMYIb;HxGGA)BtghNrsmSLJD64mJItzgRWS7UDoXgx_=pww0v|HHW9N63Egp9X9i%+Ro4cr8r##d^p=9I}0f3|M0^e0|IazhPUF?F$#y@!OS%GB&nOs*Xk zqToS`kBm+5!kS_;#O2MaR}1NuL?vz1HI-~PylRNp3l_d28Sb}Q00z1Qcx}`}_=WhM zcH|7d1oWAN{L_1mfb{cFnDlPR4JTJ`CN?|HLzsNR8&k`m#2#j$88oxaSOYp`5Ncay zw$_H!w5>ZAN{z;W^dvagW7Dk?6=X;zOz$@9O$dc>RFn8BS%eo4>!r z$)Ma$f}YcR=TrsnC0j`8dPP1Najky_ODdft`|-39e{>PWa$5V$wRM?*VbZE)b0;R@4CwPKOpr3RD&B2-UdG4^q2ax&Ct{;uu7o^)*bn?@9l5dK1-!NOtUW(=a;V^PbKyMU9z9fqcn0}p|@iR-a;?l z*LCtE;pKeD*?e`hs;TfwQ+#prjGookAb;9m67d_xN5v}3Kkh6p=H4T9rXbl>a&iQA zfP_g|-~4CFCA#_Yw!S)&0 z<-5N(KX3iL2fVjgqo&wI8}WRZcMXW$A2XgjvyVD5o-#i6vbDWHY|ysMOAwcjo5}jd zQ$tn9M8>DkT2vXV(f4ksIqkhHCNZ_r zAo9Q`F#Oonav-tFWwL4{tS1|wrkLtp(1#|_qz6I`iQ7*?mkm;}eFu3t%-w~7gZgU3 z50U3Y(pQk+H968TNYl~9(qG$Pqn^)7iBqZU59tp z+gUEz*~T6!!8uW)6jR1jUfNS@BVv2)bKcs690ApdYFzcXC}yJG*a? zJwq$@f%7YLDe?=eEr)c_?CrI91$wQQZqS^5)<0kCBLW7S@mDgIOt%87iHCzAAdr;j zV{!qOd1k~VyPFS@-LLt;m3Y1_O@b5~#U~kv}Lh;DJ3k9{K?^S{r{BuSA?o ztn6#KV@EF@B#z*^sEG?RHf^Kcg{sBdOwWO=TbT=L{ztB5Eo=V!*6C1cH2I>S@-$PS zBi29=3lUADNH_@ti{E|xe!MwTvKBK@umzk1t*s!FWzV#1N!Cy^XYFjClS5ydg==ku zc~2F}ob}Hhk{+OWQZwfTtLfM{1Te9*G&ZUVW|l zq=@$nBJ1PDYA_;G;>n$GGS}FhevO1CSg_83Ws%exC!WcBxeOXUBKEL7lk_i`HhBN3E!uJ5VDwt&6s>0Q1q2=oU?-R8nn)#{*a|65o6z{wXCo zC7fZ*mUiDOVxgE&o`E-!K_%Q2-bIPDsV*YNN1``Y@V4qo-fqwc-ES2u?8zdSH_xh; zR~3}kDGzdwnpe}Uq>L&vny{d^d|?U1xFnr7Yggm6SS2qD6LmB=GwJ$rLYSr}Dyg8r zlXdBID7DmXk)1=wi4GkjFsekGArBb6^Zg^KW=c^wNqkXierShq-rqMbx*#fYrpfdG zDoU`!lCb%;DE$e$HmU+eJUamCXw#dTzYne+RFkjPp={*OQYTAs6{%wPHquF(F;UAj z>R0!?s)P=w6`pjpB$#QZwmj%H({GLV2)@F|I?HOsoA!m?37rez=+Sr|aLNyjZ-==` z)wzf__LZY{x_9>jD{2)oZ+OR$CsJeIR0Lzbg&2A>rw8=U8sZA_1r*Z7Lh{O)Fau~p zhbM^WmKI!AEs3ywb6$ae^QdeGhG_kdLr-G4(=-~#NVz5CCuNg8P%Wy~XObhLNd;*G zfHE(hZ6(6`N9x6;9hP$Jl?M(7In8bYmYUxPt8yC4^caeeGawdip^~xFle@i>pFGCf z&L>*NIsnl$Y)!#^_h-a1OBbp$O29R@hI#c2rM0 zgO*M-Xj-p9Hx*!{Uwl)0)m_pr%Zo3ZucY8EfOHGer*X+4Z?^ z*igPyTFD^F_wlm?1T#}*vqJV9MU^W8Q?KF2(Jl6I1`oL%p0hm93If=fM!n_>HIG&2S;wqo!xIRL4XiK3G6qOkJpz!=Zf7T#9A+gtJ?Jtz98V24 zQ`k*Y-8l#h5*!YM60cv!w%5p>fDezM)#sKq4)hkXh`&Z#Jwg=s7G0ITTvLu_Py)y6_J)X4p)VTp+>wF#amf|1*)tJ_d$ z!3i#KvA|Ik?I7l6vso9WP~+g%xiOk7@P+uAIA?7&dm_SA2~(F9NhePKlxK~NA!DOd z)Cf9EhoH{74JNow%huS~2GBd$yW)leIsnb#80e4=m%0G;>w70++7e_k(;sl!wabF* z9UJr#C-F$L!TOU?Wjp67#Rmgk{*r}L!4xyP7s2DIIMR!YfD#!FG5)dfH3QWfI@{yT) z5WecoGyt?>b{jy=WZSW>?TCzpgK1{<4f3^h!@HYlh9^8Z|Bm%60!ld|paS0QbVnY4 z*dF>u4Wh>31_s+0eP1~#emX`6+%GYVVMf6-JEU3Q?n6VA&2TEGLNuDRmX1}_C3(1TJ<`tZ#>p^??Q*$dMS$j0B z3Wi6qS4gxg`*Di{jef+ja; z?)Ef(rfGSG?J$OkTK$(PD?ya4_y9s{17$3MB4tfvw(f`lk$9(l|FLx= zhUz1Yj#-{Lj@mOg0(>y0RaKii01F|LT-^U6?VF<{{kAMCD{b3GrEOH&wkvJhip)ye znU%I}+qP|+lfU=6d%EAe#>}i05o^UiU#$4Peb3qVoOAcaf=`0XM)~m}OBJLSEZl*S zgue^zfMewe)UZoMQ=!k-9%K6_n~c=}d;24kTq9y!s^24hbKtNDWJ7wC)bv$y>VXO9 zl4D9i*~zVl>`hK#X+4n*Wqbks55fD77d&-)%awySMx(3T{5HP7i~Km)yU-+l<-7y< zf1mUI@n{~=f1dN4^)1Z|zr?`*8|$TioHUjEA6-$%$XMUW(oylN-)yC?@^8PS?@sMByy^AEEv~j~lw&J5j07ZAkWiNu)lp$D6e_ty?)a z!t%aEG0Q`wVr)viNe?`oH~dul@=Al}V)|15;4(SzyggsM#ODP{?)MKz=s_Za(wG{V zYVSYQVro*KQDJKk>NYaXn3i52rw>Fn*ZGMp7}Z&HZ~}M;=h`>YNgyO#i-e;<;zUgs zMDH~ir8R3Cfi}uUZ3xqlw{0|rE}ww)ife5#GLI69S%hH|m89bCjH>J`31wL=IZf*^ zmMbf%@=6cEXsH1|1Igo>3MdM^g>s)BoN_ZwoKv;9Xw#<`LiU57Zwm*4kqDv0=m7;7 z@>da`wdf#d^sk@*8eSCpW7X?0@?vdOU4`jk$d&kR8XB}2nB(Y!e?go#vt=YQgi9jP z{=n#_5IjrzVU~-+Xo1>PJz&N8xM92oz~)$77?15-ErlAOm+_u*2e=Yp-%*$21(8V6 zkAXT5NzdB9OLJ&U1y=8BnFWk=#Ud%dq-?%=)Ks5yv>U!`(uedOjNz=iJ(R7?rZ5W{ z#*E#?im~-el-CfRId$kGAl=LIPFk&d*!UwhmT|$z2CVrcjRaE?&m*#_!0 zCyV@xK#Ew8qFHkBmN*Z+)zk-`;~CE09Dbd!Eq|Gw**rHyj!Wd6LKsIB#!ibkuM-hy z(GK`Z6m}quS*6H^K=BpJdisdJ)30O>(p;GU3=$k8w=4PCkb)u<+8fT7YE|q(QN(uh!I$UFkap5S&F*p?)$hKuaG9$}0m}>U`%NngwJEO@l2kl~1^3jcMFUZRgj6MXx zy&kS%#5~SyOt*0g`tZ7$6LEJ5d;)4hBH~bez?Co?qZV<-sjzjkydKjUQN8t3Vqn1! zam7VSZ?oV2L;!in(C}akgCi>vA^jpq@X@@YBd(zMn*&G_9Au=8q-%^gm~3}MFf-Bm z#V0@8S)KD3h|nzz(N=UbcS~Gs@;IEQB0`;>H`V~i*|XtDbrF1 zc2d~`QU*GGfdQgK4C9K#P#Ct~^2CsUU)lxfgQXJ?^Yl{k9QT}10TIlxK8p9x4TDyi zG`2?dGcVVO8Exm*Q5hJR$RG$^R0||!qf1?bFwY8fiGB}HJl?99>r#K$V-?4_}^2mnasK|e$b}veJs9Rg9P&t|Q zj}^O%)H9o$Nx$?(iY&8zVx>-QfL^DDzW8U6r>V|K07d=LmW{Vu43t^@aRpqCKp|gC zy0f_oaiRs4z__0Nb3&Uh%0HNY3wREL>pEo=P;={pMzfSSEo*NipFAM zTPUs<$@yEnWub{CQCd@spisKqIsHrBqIXM0LDecvaqKw?Sht6l$GhT00TLXhH;F&H z%OX&4@*5uyG$wDh&yd^kv}Sd{3+__hWg)Xh-aV^1@U(7MPH!bad!9Tt)yxx)?lNJ%e zg6_7(cYF8EEzP74v2i&AQRgB^;a;;L#HeAf$Bd(Va#4x4AqON^c#3(18T~}NMi#dFPp$QBQfkN1s zPcL3RS*w`Ayl0OI)i<*~KJAXf9O>4`KZ4H?+R@19gDFYqWjjf!o49iwwUCblfVk$c zdw5KjoSNxWo9T8r9DlWldSRY_5|HS7p4lum0xa5p=d60er>!8|zs;eefRVoW_AYx?y{IUq+ZJqqb~xNfahS;HeSh)(1hEa$LLmfbYTi5Y z?uqCg4M?h9LS010PYtfc<6cOt&R{#TZk4-bGq&3+H71O%7EE;^$oxV@1c=FN%+N5z z-_Cb3vFQfqRGd|xK`67EnS~JI1s&LtW86SPTn19Q2R6D3n82Vz&)cj-mNsoqq{0*A zp$Ug>+naF>1=Or(M^{Kl&WQvx$Vtok5h~WhS~oPs>foXDTI+Jc1d&>%-j5+*gIP0Z zeJJ>witSa9Xr=(X+Qm+Ay6eqDp}5A7=?u0ANJ7rC;mJqGm)70*x?76Fs3AX zR#9hO?C|DSX*|I6kYSOCVWcxAfY8wcc?!c`9B5F9064gu(!OUaJx&yaNiG0B)G%1D%xc<_ZQ|QW`sy+NNtC}lQ(PW8nn%1rMn&@ zg%dNG52Z2Ve0rPIc0WCJ8bNU$aR49~wAi2pF)3Ap^a zedqr{LHr+y{y(wNGd0rxqS+4rSIQeS|L1f1*UO0g?Q$eSX7)w~f9)FnzWO2*FTZSz zQFx-9PE|GxWk4{u;DwgI6)Pe-@zeY257&@dQmen|Nl@nI)fJqE_#}o4g^2W;d{XRs zML{XTET^`${>?>i!{zmMaS{JpqMY3HApQQc^!k%&vPYt|_saYuwZY(x<_n-M&Z5C4 z#qYcslAZ!bz7OL`!_L90UZpIa4`mdlSs@AsQ~>Ev3?g=qRNSbPjPV^u%Mh&PxOWXU z5-1O2Zun(&X2Cr{|HW(4iY3oZQaIEAp%F8uV7D2qSC3V7g$)jNonfs&XL*C1T|d}P zv>!qgEO+h^sp_HuUaTv7yRLkMw%4b4Dz&2v0!XY+`Y!DSLm!&e zB3vRSphopaShG8he8h$qccc)G)|*$~HHP9Z7zL3qeb%&7FNC=p*^HW#^C=iGi3W>= zRq)kBU8V-yQ0jM4$xF7eXj->|?K#*@G*80f9W3y~A?@q}ttykaETMVp7Lln3Nc7=@ zlRC<<0%W+Nt4R!W541Wd+`5v*2kFxcn!LL|f(Iak_Y|7tdc78)R65gnl}7pfbYBMp zMqAOCq_pbPhiCU;W=-gDMDxpr>$%F6i8}LD zr2hCd2AP{(M2HhP)KTe}J6uAPtACFnRunzmOr0;3WFW*XUC4;Sp7xewTx`j$E#4WZ za-Rf)2imok@do>^7*xeq#pd@#wt@bGOwB*;T#5fXZ2uk62`WCS*up67z=Uam`@z+9 zfaFA~DMP_!jnZ;h0#cxCfS%usIZvU9xJZrBa{qe%jLptq71cxf$2RztpqnR?I?|FQ z`_rJYG3(=c^JNEH+}rKtYbVgy?jXv`R3$;duWxpM^xcc&foypj`*!cQxQ#uLfY!_o zDp9~wx>?%C_ugC2`-JNi_Jt^T>UCDQCQ$(`AB9{qaqoOhKzpIhS;vl3rxNTnE6nB+ z%Q-+i8frXA<5oeRJP0HfO5x`eL9c0YXf~hjlK3x(zijNncYpz!=p&hB$+W_$k>m7A z>Z@9`HkDR$I@a9l#uR}G_fRyX!^QB*T8OWt*oBq-tEE&G+r*56kSGPMun0|dsOp|$ z2*}`3Ca8_WpaqlLn7g6DSl z4$UU&wV8QzTj+OYfCcyfFCCZj`qiHl?>OU3nKQ)qaX!ZJJ(|eoj}++cdJ` zPCL7Mamd#cyx>f2fIefHeFK_CN2!;)azIYIoa6OOKFagHKbEk^&-pu%u!LUiqJq#a*Ki=8JVKuB5c?fDW*=BIO^4_%bAuiznfc7*CdN+ z4u{HbQ5BWks)905Z_Jc;Gdm}QE#!_xlW+zfJr~)v4!vj1T#4=G6qdSNpfW=mzBE(L z_N-PaGraH|O;1V6Fq}5+HtFBo7qY%B5oxoW0s7mAOLoujaT8lK+f}z7(gg8S#yLKSCtfdQhVw_%D4gV~a}UROF_SXw$9#Z0D;M$>`LkmJ zJ(ZOe(#o7>x_!lQ0c8IGdd>S!Y`o<}3dGIkA7KxpGP6~I9cb>p4}4nv5Agm%NA zG|U7Mf*1}A8dDtm2~VhgjMTfR7LLG(hE{_?xrdmT6Br&86i-<&BN%eTUu~CyfT(p$ zzsS~CzY<`P(xPTtj!?o??8shhLmVrC@T`ZxP16YknDz46KJYlSU6tpQPjwXWDuI1_ysn3#iK)T`!|jQ?6vF;|HWk?|AT+dKbn$L z{de(2THjjVAr`JbOGrk z({A?9qXAF-1Y4|Cp7 z?(1&6e7*lS`TZYpGfUh5TW&`7&+zs4%Lsls%>BErWqFd7;+z=5AXjS_UPx$`>lX43 za@mmo(RQ_@9GYC4ld@V-OG#-d6vNLlmez!EoeY~xV6Ao0YaQ+R_AB70Y-+B!GkT`u zabGdi;k?$v&CZKrDPumL=TGEs)V&Me3<=T#G6jx;c!2>M>ON{gE&J!_Iv4E@XI;J> zv8T;`X8g|P?rh+E81&OukI*W!HSp>F?}w{Beu_4n-lcL48r?Em3z}ee@z^#vz!NH3 zlf@02mmJ>XE2X(cO*2*HFBSW(+YXjzkZ@Y*%<9vS=nM-3;D*U1^mDAK&~#L)k@|=>oa~O z8!FR?$WbqrtNbt{80oJ_m+Z@K|7vh8_3jzRI0}jRWR$6J;%Ah3=o$+jvn;}`0Zg9p z^DzBWlHwf0<04%nHa#`VL*Zaam2OKUSq3#Ni_3gEpr0FQ(bV(njQ2&_FRBR4a`X}x zrR>9FB9Sy}pwyeh4{0e&iCuRV_41(|Pb9>u)VbCk9wNhp8+mb^72->q%K1Z0z}AN1 z3K08IoNlV|nvu&2j=#~6_$s`j?M}5)rl@U_B9hZdSb{~`fWqpA9*6)>%pQaVa-1wO z@iegeNvs0V#AX$@BP00m;e~VrQ*ESE)L+zZ23y}Nqn+EY8cwpG|901yPs$lP_MZ~) znStf0Z)Rk8R~8GHX-wu%fMZ;Zd}9orydfm3ff-FK3M;^4k5pE0lsiz4pR*PwsV63% zcM;`Jk%vQNTWsflzQWglZJO%m6Z2VRY6u;IeCc1`8&ojj}ErUnLMSih zhv#^!M*7I;<@(S9;?CTi{k{R)_IU6KysL|2sQ0ZBnEHwHt_zkuD7Tve;%@CiYhv?C49SwKPd;XiR~p-bOlv>L`z}Rvf`s1`Bik}OVSe^J|6e^7bK4`RN5>9`NJ5}F6a z7?ZWKksoG$4Raj~PF8LLaf`47f%Y-?IZ+dJNAvAoHt9PQ+Tbj$J+`jFfe7YUb0n^r zgd~itlf=RtcSHwYROyFh+vWjK1f8kaKyl4rF>%$)=;O63ZLSd6zQY(#~L*sCuY`+z}SJncZ_Y`tx)gxp%ONhA&)~A35*R1j8L#%9J6`;gD9#(wQ>Y z&Xj|EIn7MN9scr}pRlMj2+OU=T^&DtcR6uhjKdiPFj%RORb(BWs*;>_5MRWMwb~vv zsh~5X&E$%_`pMQK>IY^4bP_r(?SqS9EoV42fuisX^AO_?x|YX+=r3y*rsDOp%W5r~ zr-Cd_jp`ZrH)ZpfvrL#*?+iM1l%^%ljiTBBRds>}nISIX3`xCnkp_Vjc}A-me1s8^ z7b>b8NrZ<_M|m`CC@c9yB(uT>RQrZ52MHg1&aaX{igF>NSLBNDL#4Qojs}e5csaO7 zsD@rF7t?j<7+mw15`YM;W3cXDNG-ZK-ckWLN^?#?_{}-e({tHqS{*F}W_^D)# z(2&iBdSO3K5id|TN@qu~m6VyAjzFs=8L?!;-J{MDx|63Z_$yJ44OsafQf9_Aj|T_o z4wLKae>yupzg>YjA!8cC?opQ!Ov>>d;y0b!ZPq{X;0Xg?^!pQT#&#%K0W8aTDYClc za6o0a5j!{`noDybk=bC>&=zdtvhe~d#tYXlp;w<>jk&rFk)E8(@=WliSnEitay#<#q^q$32|QE3InS)8VsF-6aOlA$)|(c9hM6u_dJr%pM%A@fOVy~ zchMLtt`5g=ZdrVpnK_w_XUB&2#-REPL#DNo%LH%4vg)aP$Uk*J4F;)32b)VaVp2)6 z8J@mMp9=I~ftPHkbIPxAHhu_TckJ_0$CEwKJ=CQL7`J$c z%(kTZsPbPiF0kCF9b!TanVc1V07PWT{q?D0B`neLUwY1N zy=BD6XBZ~on_}|$K(J}!60@?+EYjuUNDWVoprsI{iSd!HJrF6tYYF}tzz1B*kU!d~yF zSm@WXx=UtdZ-q8!R)P%Ge{+9;JtVNQj7_hUb;&kKThK#v;jWR6js)Yz{(&3baB(d( z^}@{d;T3%ZyL%v;zSJ)93O$y;*))&R?+De%0!XxmfE!{T{X!Z=o#_{>;jQK@>iC-^ z*Jn?A#rW6$N9MmQdH+w6CG)=`MDs6%d>GrDCw>RL_D83!IkJ|v{N)NP4q?uWMlbN_ z)xhN#JeMf78gUaGZj(wu#`^^PCO^Qmj>Q%x7B|7+K)d-ok#c*x_=x`vuh%Nazr-&! zf)fj-^fwfbcTa%dmA{MV2EP#b&-{(JfOfW&@RCS2~+cf zt(XxZKXo$MUOsIMPyMqkkyD+L_oxsi^9nfMgGU83_;Gn70w~0da4vpZM&H4fF;VNz z1bbJ!!d&nfy8yw1Iq2ps-;(5`R_XRt%LQrXsb#w`b=$&@+1=sIn5!KB>4CkWj%^UA z`8i{c?+NPA+5IHd2xUF9oF%mdY&~s;-V(IhBxqk8GR>+1$;mQ99LqW2*y)?0|1t|Q zG01@95V(6L_hFxMnegoN2%}0CHz+fX{H&dg(Z~Xp^cF8zdS}GVh*jPIMYk?s_;oKVOt1kvz2My6M zWp44_wNfHy@d$K9T(BVKA001oHmRS|!`w@|jEVIEGSE1!OTu~$`HJ)#d31~Xdt7Ty~A%G0>aftsnW=1JydrbGWVh}RIn z+^d1`uy)PgoEo*B%7>GpLJ!5WO)y%8MLE=El_K}jF4)~lBt<;vOU>A14Nk+bMzQD< z5n4Pi!37NtI!eJOOVU!1x{2B*t3Y9Am=j~zX5to=}$iK4JUTz=C%@?BV|4T&u6TjJiMAY9SQ@JLjr_z2s-(gzH z+VCD&EI)xC2oV<(q`o2{5c8QI34uPMlC2mSN$hxvzC)=-eS@-QeLZMvQNMy_d65;2 z0_tk0v(4tI$2wcNc73I@gB#VQPsi(cM%pmQ%)|9A+gA(rGV`+Rvvw`5vh%i2QK(Lh z2c1ZmH|&iSlp?rztLA9K)XAjIL-oETBdK2_R*EBxvxO^GGTD>K*cwhg+MWh#IbM`? zwlDLk;>6UZE}utbz2?hEdB&7Ok_&jm>%Wb?gXo=11V9`2+tMjI;p-NX6|Nr%_gx3e%M)gX4l1!2S97gh>U&qDw6dGg+pJ>la{}ta%vKkuD?ib;U2@uBvWkh>5gn{*p@Q zoi1-ywb3wBL>>1JMXokftoxDZtJ{C_AiPU(@Tc19z&Om9DMEaaR(*qX-s;Ma=UUB)Xu-d-WW!Zfk~-$-XoIwMvhmoGGng`PU6m8M zIz{#O_%Qpzf`1GFjb5q^tHYX4qL4qm5v#aTqccfPMh4GoiH3(pEV#RYa(Q*4%yRKS zfri}(QPB@UTtW>gNovl?g4<$ier8sDF%kpqCdi3d>Ngh>cxI8-+}6H`QE(8&0i&iV z#-=GuBBzly1R7G^5S1CKFqKs$S&L*c(-KI*s+J026tZoc%j2{7jPr%e`|HSd+>C1N zYL%nDqtSL^uj&fY<>}ds^?q!GZ1n(kA?dn_oO@Pner&KK0|PE1EUp8CTy~V?7an(C zs`T3WpI}AxW*Fwl_&E`E!c$j230X0$zWJ>l5rxsBg?tBz98)8#s$DO@b)?*~AULB> z@a5Xp+iXibS;(Yi!(vuDuPYXQ1(o6+q9aonD_|u|J+#9PTS+m7jjXwU!3LP0F4dFc zp^jHBZ6ci}0Ef{UU?m;6_hw!gimHyamb-D#;{f-HR96LZz>wn*4{a)r&KT93UXE=Kp zUMXMJuuh}Cp)}qD6Ob$ktas;om4ufeItCvjEQf63_ z^zC^z`QPoyWBz*S4Kr^$Na~dx{PNI+z-bq_5Gn zZ{d-T+8~GR$dq8Y>$4-XhmTA z9j<4Uk%O%-J}3Q+l?XE07I*o=b`y@mi2g*Q8%R|Aw3$kH`QPyVCBBBO>+l!+<4tH%d@o}vXyME!8Q9?io!x# z*0&(pObtI;xB!MzNYd8FVhyeR?MgJF!aq!YtB{$E!wddczC$r&mM3{gH@S(H~+-Zk-C%+=}M)M99l$jBz zi^3|5k4c~v`$Gd97?kF?>6D9)9AI(RTMf!fbALN)jqlbzXu`vRNj$}4H0bDNK9XeQ}PF;)pM=fpJGyiKjvMo&lr?$o7lN$)g?G)^YNYO z5~)+}?Hx3VieRRx!}S=z5DACUiC5;m9%-bYQ? z5$*Xaz^P}Al-1@CSLQ_rKdRp8%%lXDR!|+-iB8mNgEBu^32Vr)NmWnG*`l6i6w zd1|VUOn$|vxhb@L&p{pn?m6KJBbDZ5(8AFQfuMTFMPEA6ua2K`MrCVW3FE4_EC@(4 zTmDKCjbR_K29l&h^2jsITZZeKMd{(_YBZhkq!m_9mWox$Ti+oLS(%wzUTFmOzCR zd$ETwz*RYvoSg1y3)H)kf7JxtNscWSU46kY5D;hsJ%OiUBLwYaP4K3a{q*c8Ap{ zay1$AWCYf!G(F%26?Qa@hLK}~WXXF#oTwY;_S(@3w0NgQT_azaDM1dK1{)q;19R8%VA+V2qMus-KHeZ2 z(ye(G_Z~Smadfr=$6=aO^D6wQd6ZuDjQL^T;^RE5WE>ojP3bj%U;@e`3HXjVj5xXc z))t>bXlWud+OFI9j2+IJ1%bJ~mLwDZ3FmCC?X`MvdF4WAkm~N$$gktNglVH0{TWca z24nenzRG5?$<0%h!R7IAW}Z=766PzjPqgQ={I;pUA1UU#+G=dKgTL}d{K2pXPBvhG zg#>i8O8s%{`_oF2xHbQ_h;&lar%V`*lWo>=$p$FW8iIL(g(*=GY)$Nq84bXw1f~5y0nC& z-wzY!I;xGlsHXSY?HPm`qds-dMj{3YtINn%EcCqhF!gOf&MO0-2Dg8nl?TIc5M+)J zAB5F^%{J>`?{yM&>{M$H$yPUI?QU9qh?)~5-1IJ5c?;qZhzXt^P=|fGe0wnCO?8j` z;qlz|F6GBODDo5*|2!}*cSeIfAFG*8*WcVTByS$< zl!E6M$q@=?IX_;(46_M8>B$v~0%aB5#l2ZgzawAe+R8FvNe6;4&%b4sRUL%O<_T2S zJR#iN(=S4jFqaY0bnYbpq(x(!ZT(*Tw$bauI+TZ`Jycxi(U)(W+^xTGdL+M~M;E1yIBGn&SeQ^@afg8PuBV_oV){dKW$zP$zf{F>gF@tI zK0yzrN7p(4_*6%0EMzLJMT1Pn-Ls^r$UuHTeV^Qud67-QQ>#`&L|Hl&GNm|4Nsq#I zw~q9vo|%^Azv#B_OxM@&PSqfOts<06JC_S9)Z%#cl6koqVrfJC)i8k!2Mmi*jB{oS zR*!eGY+SQ!rmkm^i#Gbj<>*rM{n;^5p5ZL^P%2NB4H#z!XkO0ncAr5`R8zEU{wWi0 zB6K(H8Tf>n=`q1nVu*P0y0tg7%wLR}-WDK|(A{TYkapsfiSv`~w_8 zL>d(1WlZ76b>@arF#Xj#dhk$uxCa`nN-Tldeit@+hKOX1ry$v@`tZctVMxUbIuTc^ zq{M3;=RWA4D~f#Y-{VA*jUSuC=xA>*Jl`|Llem~D9lPrefPpPKf{c?On`ReJiWy6bxh zE;OyV88aR9`WA)u_orFMhuHeo)n8&dag5MM0@5u)rPKheVWlYcDXZB^3iT5RsLq2- zp6kS=5jgdvKPRqtuL@Pp$Qs)N$#?RQl02c7js?}fm6ou7{mz_d-*Ez!^l*>;ZOFZ1 z0l*-3m_rvVk>#;2_D&-&G8hUlTS%v@m`=L=HtS_~le26OvM@RxdBZEZ6#W+`mRF1@Z7+sIJl0#wEa6=%zjmYnwXEEUCWf%`n~ zRR4fNefz^}_}=9cQs#P0P)4iD6Y6`^g5qAJC56cXou4@Nl;1|wr5q^4LPP8+NE|qE zBI1&qe=8G4CQ#+rna5*AZ1&%zt(r!(b(5X$r2ty3VZ41dZat`JzO8>ds-fymaU+Sc z3;Di1_#1y(QbIfvWAs2Z?oWmMuB{4@{pjVI8DEg}oM zIK(=K!I4S2;Bm&$9bfq9-4SlR#0@LJ>z!FQp%n6oB_(uTNExVlqNg%u&m&Akt!}|R zj7)=BUb;t|FK{VHTBLc*2JDtdO`T6#8~fo=odZb zIl%r{hAIobn+)F>b*~VKMP0hv{?gjbUiuOZw6{jnjgLkHn^!z&(Cm0&(9DgmoL#^o z>Os)}pQZ3#9t24U{MrrTr3rg=^K`jHNm_ZfDnSgJ#5-(2&789V8?pgsyMi&%&o&H; zh`jiS-D(Yr$%ge+psBnjZL@au{ppSQ2-i;!zF7kdmPIkBUXIjVR|RqL$DT%hQe5>` zUy~*(%DhMt7HItOeb$U@($GYi%fz%vXGj9qT7qV{KGZAaifFm$B3>cfw%6nAizA%+ zRC#UzqMC#wj7etK!=N@QD5dJS!aRV%vPR+pa#S+SI4%f~;V)W@9SL24murnvNOLj8 z>(}}RX#CPbLT?Q0c$qc@mMljUNwAGl)Yw`^UvGYka>63f|@S{ir6 zyTcne!A{AKGN4UP;|B`!GSA5Go^>}E+Qae9*eP4CZpSA%}qBg`bvO!+weKsZb-(9JptByV!PK)hlE(T#oPjo__^>* z_tT<{IN5snXK>AYfPGOJuS-PL2goYkY0W23?CS@(gc(XG;Fi*5QD}~>X~BqX@kpFZ z>eNDWyNPK*yk~)d98I!k2mK)73aSQ!VhCk~i$YlmcF=5qEQ=5$Oc$YB%y0W`Vq(`o zQA|+d-EaHF{a8)y=6o>qn`tXy%^DGG%Jd>^x`M5G%?WxzeICxU9d{J?j{079@UBI50fB z!R*^Yf;OXYnBkz_xKbT3rVj5bfhHzh32BU=)PXB{~b) ze-ZAv4;!slKzV49qUl!tqaw=y>adX=ExafoOh2+T4QgPIxOAuLlvzCr%?XWA?&O$Y zPev{zqo~IcX&rm z(EvW>J$~+?0?`Y8Tlb)-%=^;gR+sO#li{^Hgac5*H5iB#lk(1^)<#*%pD3@9t;U`< ze62C1(RnDE0nhpw-(k;si7F)OXN~-bKX&B>1|7ENALG*5@q^{eB-tSzd+@d_0ERf+GFBy3Y7y|>P^*tDl zX_Z)7lUM>LG$Y_)FSlsh@+??*d_aW4V-5&Vn|#OsI3H62o5V^aogMq>&%b3y z^{x>|#zTjS#(uViNi+o%+*(JeJ}JdzRi5pZ+~U}_!)eJD#!M*pmUi|5nOFn?pz3wB z^<2I1*->4Rw~uNebvyYv{dsk-x)CMb^-dZ?OZo^uvP>mg`ex^09)0h1uzHhbK_UZs z11;RA<_gHY_DmHcS&!K3kEpF|@sCi7jR%G2MCymH>X)-T1V$#dj%0x!7Tp3Ke|>r} z$3A+{w{)#HcGdr?*wuO3IJ=0s$;aGI_jXqvlRF8CYX5+Sp^1&ep7g753hcymW7F5O6>RuH&4I-HJ8xqmHh)+&pdjn#JIc z5Qgw%DY>al1ilP!Gw}|A)#O!H|q*MD~N^N?Y}R5i(H6)c!d~W1)HI5f;MrAq2CaO-mLqc$hu1XvGt?M zre!RUH8r5{a%70~^gV}jg49~9MAcK|_c-2QFc=IEMrvpk_>5+lOYc77o`xRirrKLz zM(R8g*b$$iyMDh)lm!Nk{05Bo&DIMJ%_F*CrzsWRxtukYN~Gy(hCU0* z`@1;$s;sAmH5F|9ODW!AXkCGEHh|C@isRJm=`ra`&|d+O4?52?lk9qtqDQyz`AvGS z)MlFMqvF8rcW;t;5I_w7_Xi1AxdMZ4hyTZ639Ho|1X4FGPWHWj=BgdaR4R@z?_S09 z8=SCX4R2Yt#D+D?&LqpZEIoH9`Qz=J)Vhl&%T#Hj zf2p0dILDoH^37`QjF-UFVs2pTkE7BjA_5ph35arwz~RmLOPm4H5yz@JW+c^Jk1oLuSh0 zG$Q5qwgU{d@3)cZ?u4<{7dUONu%0`OMVsE>ZJ#{jUq(=kROk+-zlhP6=DUJ6v*4h*4`>E|uR+X&n;`*Izdf3wclKbF=^l=P#Z9k^yfkXKc z-dMn&M#X|!34wbD5Ep)6OcNpjrRKvj%fwIk1p9sXy?tUKyuvE!*${nf-k_}LBVVIQ zFE|zSYKq0vIK8XQ5#QvbY#(CvPBNQ11@y|M^hSQ-&GpoDj?USz2cWN+QUWIAv?=f- z6oFE6sNv~mVW5UUa-8YuguAdd@*bLQfd(&v6m*y+yrxkq0>#sqQfVkyvqGnoB5vY& zgAi6JiJ<0nw1q&17Q73qvhyFzY7a)zwv1aWU;x5cjaU zx#|WWmWWXpJ1xG)%=iwRPAAw?4Q9E(DMW^?>yGtVvjDlLhG=B_OJoIcm?M>|#L0up zW=Wg3U@MVAU>_^JGlRdZ(RF`6XEBouRkgP3U&{$H@FMBqaMd9aADVHE)M|4f z8m~ynvZQ=-N<`{d$4Y|h(?EqAj%6~ZrMJdyHc+gU0o%wCj8^IZ)CMiaXdbMQr(A<& zDU%(fK?T-ze6~d%Z@uj6 z(`-Fl>X__YI(JK2gl$p$hlCFk(7lf0t&FTJ^T78E*oJ0@Fuv3qa%3smpYb{{QB5Fv z)xcX$l+wc2(X?TOt@&e)PCSfZhG|eVe@4FB@%AI&9w6@}>~ z-r8D~w{(}ALKiLERqIWL5Q{pI>0m{$qj4J-uaXeWDD-Fd944oK4+Is8Y_4s#2p=vC zB7XO*MrqiG2$4*2q(I>u3<1}&GAkQ1g`KyG&*k+!*$Rl>hKuS^G!u+mkuH_b{sALf z%Fth2+0fe7X8qIQb!(VEfD4npC6WFv9HJlrOlC$sw@G^NfDlU_3#0$s%X3*^B#z?z zr)H@MgeXU@j)F@!9=<@Jcl^klfa@9I*3$a7v#4p~^iDOenTRRI5(d^}^H4iXSmsv6 zp!15k)rdK?U-w`xC2~K#nUr1A5_@r?KVfU`d<8x<22f;OQb;%naf;6ltp~qL!!a*^ zm$v8p2nl0qfmQhvM9K>u<&F^aD#*VV%#-5eznUp4$A;yTl4Xsw$M2_Alsj{n5VZon4kj-G5RNQ{U0%a{NFt4% zyN{8(pBJuD#599P2Cipw)$902eDqB10)zSygy@L<>Oj)e{Ev|OBZ_ubW&ticzM`%( z)0B`F;wY#oSVk#L5^!C!n5GQ#+<|$~_`F=&bTp{>FTqN{3OCk_3M_|;c1n#oZ&~U> za?A4lHCKcadDMzd{2vaK%Lwr$(C zZSz;?vTfTox@_CFYxTP6a)S>H|t)&9kBwDDDj60e}ch(F$>Jo|GuIJF7GX9T!Lv5>5dpV zUSW8XrXcVW{#dj>vwGt0K(gMh)hpp%qIPM0N7*XXTUzhJgm+`BR=-)0YXp1g(dYh4 zrO*K`E}=uAsC4bTnq7sf)@oH9m%q_OikiIOjr$UKmaX6%2DczkxQoYYhq&Vzp2F1= z{8KCagd7iP#1y@ksjNysT9-+e9QV+v*txk1CNJpetE{SpB!~P7SrNNpQRL+-;Om>I zt?%FW>XEN)dQ^d6rlRR2R#D}G5EsmY?e=5!U-$7J@$p~2c;YLGpAjeJ<4=Bb zDqA<7v(b-7f47mJA)gt)4!|Uh2;*J~Z?cfmicrX0Sqn;ZiQgj3Z{1AVAu0r{VSQQE!%{hq0zen|7Yt(6jxJg@v+2g9d zk1Wvah@@^|{n`s2V;Z=|WW{P1Tg|TK3v*8L5@3%Ox_1v7x#kZ7E~YDYKV~Plv@+$; ztxXllTJZhkAS$K06fkScjpGiLW*iXhlq~Pf%}psdJYxBCzC6N?hAUq<-gAa}_qT|% zhavkQdKOuqwEFq)z0A_Nu1C4MZ`t;1Jg%>f&o6*{ZnPzad$h1mv_(*S zqAjEBp>+0qR{0d8GWN zsR5hzk>$}2aI5 za|NQOBi>kn>N>?PFzZ~YUR#$TqE`$z#b(+~?_8Y!cY+ElG*duIfM#wV^AH_r&4u=X zFyGIb&$x$ctQ76pX21+sS%4fc2{1!ZZUiq`*p8W!c zXG2I21HSZCuI>|$lijoXcJPU^+duREb`qy}=jaE_@Arkdq3a60#(s0ar2Bvym zaCRxyre4W!N+LNQl}kQfIR7=hV>S)$Am7Y4nwL<@SBT#?SL~AiP7@2}cE5Ns8_eNp zLwb~5;EY6nPWWk_<~~4~Ev9gBn^}sO1?*E=t2U-OLTL`HwN#ukAwF9^V_oa1fw$y` ztPnRVrZqu-2XoH&hi;{`2T0#j$lp)WpRZUh-er?>w&20O@L`xf?ItzLeipjI9PzKd zn!c!~?z{hg#i=ZQA{A{>9|%{{_AO&lJJ`uets&j6hM=9)%IncY#jQt+Pnd;w>zNDx4&_ zLn(A9zbO?2gz`~nET7%{zzmS(dblO>S*>O($omhrQ;eur1wK-eZZX^L@?_3=d%HM? z4DhuH)fjL>6O7?5Lu`r3CNUzLmmxb_NhC@1BC}2CQr7aLOQu`z44Du*eTKq$`o^e7 zjAY{L!N?D*i=r5THWC_yY#t*Y|J|q*!}-uWq3S81aqSY0bgofdfK(WXZurnLA2K^p zt~tg&fvlCCIULt1EcC!XYuKNUB|TuJe{^rbhbPI6Nc>l#(q1V)e1PgiKUgrGvS#sm zhcANnJ1qMoB_tBvN;E9W9!I&u9d*Lk!9&;JmjYqdVy~H zvK+5zu3ofbAoI2v`^&3e2)DE4dkNxM1Jq`n8mrup;5&{lwE~C5^lgEY{vrd`2|#hY z4^TN?wXx=#HNxi}dyV5K4{!e+=x@J^%}Mz;>(Ku=>;FJk{y*>V|70SYwP1Wy)U&_8 z(?_$@bp}j+7Xd3lK-;E~6e&nqBF~2*O8tgPLbL!1ot%U%sI0uO({=S-96f)pQTd#1f0zgk`q(&n$@HG#eaZSc_~4&` z(|?~lYXn*zKLAeZH|?_>0ImJ)QRzBnC8aT*Us4Te*IcL>*vgs{W4-}a({aQNdfRXR z+n@mVxai1t&4q_^=m?6NGYM~bvUBks8l@5GF#5DE*^XS$U3cXko?j@<*q|noY6>Mp z`7EEzdNB%qLw1fhSa#6OXi?5QgKY%G&7Uo2?3a-4)>bxqv-{1(>S9lKx3T!iGoRpE z4m@Zolnku|Pcb`~gm+IQxCTWTZbKu^rJyxU!j@rNj9o-2rR&!H_52epu*!i`Xdh8O znrq^YtGsHxXg=bA5sI_}_)siRezPmdP{>_t*=J+;_2zj zq^!uIxBZmds^*43uz_5T+{*Gav7$E%jyx%v9<>b1o|T}eO_UIt@{(q#HEb1|Bkl4p zGYr;K2@R|$E5sx{>ky-IjJecE?mJ;t# zWT;T>PNo$v!6g}`OBHIiwA010SlpQ51uWCXOc@&?jP7B^kyu=xWY^A8ju0X5=t#Rq z2S+mx8XRdnIXkIh_<1<#*DFl2Y)sY7C|d|SwtBqB@rnJQE8}q+oju$<97Mt#wBA(gt

Y1E$*j_YYvaqF|wX^!e5s!JPA^XN8RnRsxNH`Li z7@2V{ccF{W3xYHl20{p&!n zdAikJ>5-|_=RIY~o5``}SBMW6T2IGmk?Q-ZsL3B6%*%lxTjJiF=?0CE=lY1hcAGu2 z16MLVK)1&*GdZ=8%kv3^HW#z8CrHH;RXS^<9gW6H#Mx7{lpuZiSX}dxFHf9CI;F>7 z(Yu!VHe|YVhnGw-wEkW?u1b+}<~MnjM!N6OL1?lS_aRPAez^UqXOZ}4u6Us3+pHGg zWLlMgVa4`{Ggvz`RZFpR4#=}AwVmMycR;vib;yl;+57gfqOnnuF8|8X;o*LptuOzr z#-2#BfafazLMl1WRA_YM0Yt!XD~Lj_(heo7U(oM3p~T8(vOhR+AWObwFYAUMX%3e) zH5vfn)0rGoEC%8s0e&g`nii>Cv5GDEA<;se4%ZJ5SMl;w3DsMP;cUguWniq~nJZk- zk63f64jiQ?Rjqt2zEh=Ur#MHRp;P=%x4W&CXNKCqSN%J1e8dg+S-5-u zM$l}+J$^M0h)UNw{soZrwCG@4+#0!6A$43&j@4`^)Z7u9n0SYH+ zhjG}vQ+_(p)A$UZPdJiXmhffBGL`wa`|veCSUBAr_fOo{Qs2wHVv%n(Z+1(p8#4g% zw#lg#(a&H%{FVM#xC9kXf8**@gUk5Ee5}jf#(}}FDB^EuXVDhvo7h}#Qov)#eG)`X{p}`R69Pq!`LES5`NHfuVRNWgV*RlF0Q$@*Lwts0i_{ zFwBzIA$g!E94@7*f1l$5s886SOGU^Eg)P{WPVos@MpJa=^oo_MND+4)%T$-p#BMt- z@N`;1VJcau@vQNaUt3^*Xt!$RJ@t6Jn?|LyIvyA0?9|D7)$E8=D`yCha1yjn<1#T7kqW5!^MXAfCdB>-$Oc(R;1D6WYEevWcR6{o&Vf?$a3}<+D(>Ybt zg5X{Xf5-3Dk7%nt7<@&i0U{`Or5hMo1hXET#RR*RL{zuA;27R5!r9R6;1BFZ*u<4n5ookiih z`%IZBbT}l)*M?h1I5NI+z4~$-g^=9NC+cj_83ooPg|T;*+`5CJG6ezwQnH0=>vCqzWqRf^zaN^dloGUD?+QN` zyF}i7@A8Y1@uU}4FMiBGsuS6pn#&#v(M!31G()~9VbU5(6ZL}^Ow+o}sVE-E#7F1m zd_qF#$pZ3uh~L>$FDzZ?1eNu-pt$IF1G*PQYSvtl@YD&X2leg44My|n)8sd(k5`y2gY};(8Uyu7 z*-+%lYjt70ggjC%%x)aU=7XU#AT8f?h|?tlYV(@n=}{^^PAjk>2k>iyRr^${bW-hg z4M_|$-NMRH2-@klgqedPJef!Lj9r<9TPr6`1 zHO_`WR(lwQ%6n8jpCGJV-d-bJ-besQjkFL>e1sXJ!J>qQ6AdkY{nWB_$l`s?@1vrz`-FY>@oLO`j&ROi9NJMF}sk5J8=vu=l~Zh!1L zX7d~;pq%(S$xP>R{2Vct;in0}g_d2p)mG*TymIhdCq5l$c;WJGpSxuTw5~MU?MX_t zfcr)i;B(jM@91hB1Ii9v(LPlwkSptPSCE5PLo8Tp4nDb93SnqByWuzHMz+|E5Y{CN z6IHkn2O(gM3YXncT(zeCdS&f?t0cE6*&Rv%x2mn1^3FvdmBX(ArOxYenG)aVYLKua zxe&%_t&!;JG-?K4@{8Y2qxjbfR`5jHA%Sqc@Ia-MW9@2sWx>hHkocQ-T0&azP0m4F=26ywHUJ1W=3A3$96FOt60F?sEgsK z$)l|yO<6I0srHo}=Z3W(LS}ZaPmJVg+ho z4mh3BdYrtpNuG6!Uvx*$1B?kq4>r53{UHe*cWHlEHun2w(J)!x4Ztupfn=XvPN6~bwnF$+h++b`JO$D`X{iZ^|^ z>)V30dSg0vG$YbE+ay~iTC#GIZ?guQ!!|EB?Bcf?U6}YK536-5gJTSjOVUx_3y$v2 z&(zO~b*JYWx?{Kq%ztpPvjsY|HM?@qZ!Bm1kSs7qSGUr_BpSsd=koM?A6f9#lB_ekYgokq?zjZKI4dex$?D()0>wu1@Nt}7 z=Ibs~23D_5fL8Z!$3+$@cob09>rsb}HDT?FVeiwNAm5Nrv`{dIh+iPJga)<6nLV-c zwWV|00>Ry(5Z=^-KejG2?sFRMjwjtseZDLQ9~K=Sk|)MRkAAp=pqqEV(|(BLjvxf1 z!LKypJBJVMcZxg!QS}aHZ0ZZFU<1|sPFy zwfA%`*!dkg?sN{`!}*dG&vyT~%>kEvvLjBWK2G+t4-jf~-AvE{D~J zy_1I2iwTMaq403G1~;%AVOrzJb`lNWHDI#DhZy!;4&_6A`(46hi&Mv$f@2=aHfQ=J z??r~*UZC75&Lga-8mGt~C9!eKl^-vU+|Rh|~geuq-|#G0NzwEa1%MEdE=`Vu|9p=Xr$56$^ug>y-p z-;{vTmq46oE6{pI!bBs?H0`DGzy?FmL0gj680iV1c8bECKKk>9S{^LOfFUop8-2cK z(%RD@|0kyZH{4z&C-4c1{jPS_7u(ebUe6nQ*rU56Rt_CWGw0N0YecbVT5a`Ngh5`6 z;W3?5Lh%)D?%v9qVfcxK2a2F@ zVdcQ8(w4)UUyW_CMrm&VByYcXIdZZ7fWevvX6z2^)9V&sOeeOwLS&`UG)i?3jyD@j zpnRS?OE#l0oLi6hg{!`YQB~4Ar1cq0jf@{%w`pjKqY`a$#}O!9lGGI+7ewRxvP z(FKb33$_(Y8FC=(*|U5a#Me0j3ugxZ-?wq}j)>f9v?Xf`H|B`1e0zJ&z<8^bt`}lN zPTAa%6l`{8-=gjD$DO~XZ(8rNpwSj|8yGkscx^^Z_ESOvR1DHVA^Cs85bD7*2Hnb` zX_*M{8h|p3T6RfHR1p26iF@$jE_g=x zsbvisC67u0#cLlKzy~~4wC;BYX=V2>R4M#$2Hwbrx;a8Mp~->F5kszr= zzJ#99b&_-dKVguB*Vq)m11}xSG4U%EKSPPE^MGpVbg(+{uOF&*{dAL6?%tCLjSKvA z$}@-0&FeK-XLBT_%R+*$3B3mQx|WJ!r_egSI1|eieiZ35C*<(i{8ldQRMPJ+v6pI8 zuvB4VMzH0R>nqmO4{Gi#fqpLgeD#J!0QBJn=gK)&X;DTn#g?WDRm4%YF0(ie&6^Qw zmZK0xi-RY8lsU{=?dK7=q*3Y*i+Q(?^{}lIw)aLIV4`%pYxJ$wJibNw3N*%fHuDr6 z&=g!Z4eeDO$Tbg_fm!R<&WKF6AGk3{;JKZTy1=~eU0ou2QUenw-p-{%oN}J*WJA7D zKt0AnAj3rp`G2U|?;V5@&M74aoSW3-G+hKI9+0Tr58Jx4Cg>?u&a*k~V91Jso@klq zoaM#jU=V6ilpe4&S?HqW<@UUozudUnuPOFA44~Dm9-*HD;NxB#qyjs$u;z$MiTX<% zHP^ABu8(ZDfljn?XVbQX_BxeGsR~Pwr;UV53dHOZKK)3UH{reoA5MG1K zegtN5HfJi4x&qbp83ro(+fr8q>XKLP4RC7BZr$|E!BcOwkZi8~QIjivrRJ!XwRed{ zziD}9=g=Bg`b2l>mCgio1y=5q)ZWalxSw4(`ueu^^r-9KEUmnpU3?sY4xJVGsNf&h z%Ql4(H#sZz5KT`Dr_eW0}KrasG0IV?a==}jl%yUFOYC?arhsru*84s z4E}HAT>Z@*Wd*C-cszv$VO5b~H?1gytbdHnN=O2h4L*v-#!!<7$?_-Yo03;@!aJg`zDh; zcjs*;(;k>3!2f*~Bo)#QtJ)%Q)>VwN66_%=2afD`y3A5pXd|M;`nU{CeW%8l&tvX7 zP+knu1d1C*jI9hc*+mYnB=tC$lT}{@pyV*X5{**vM-c!eO(Zy7Q9_%pG9&F#Mz0o^ z!~!Qf1Ao(@ych^Leaw>{(Y=*kHK0tAr6tHxikga$vwtu(@195{zBfn=0k|SCR-3dm zX8mPqF{liYlVw*GR=;=4AeAzz+@Bldt;B3dd^E}gv*#+sBwga!6-KyDyaTpL-JN@k z=}1aTo!zS1ESudTJP7s>5b`ePQEy-iachFY5c(k8^DG5pXQg@29pL$G=&bKTn+c2+ zyef+mg-&X7t}T2c%!EHeOmv}SQg4yd3jbNO>ZvlK$1@^_C>kci?W1uCJH8tJwK-nt zwLGOsrYLwGF?DP-<54(1G&{TPiy(c=4s$Uqh(*Xl+22}*I>;7@9F}q0ToZ;Q2^f#q zMTB8oG}4o-49a$Bi)@f^5fVcUAMdRwg~5{Yy!M4V$)P(vYcMS9z=B;#L6M>)#~uhz zvzVcL-hHR>kuX>fCT5ByqBN{DEw&ELTj1-*2F-a3LQ+Rh|GaM2PbNzlBpQl|FS!7wEh z-f#m}Hp1Uzjb~f(v#!VsFWn7C>?lZQrui|6wx3v+KP3g`sD&9YGk-_TGSRl!Cfz#C zZKHU0sXf)dhOEL12S}+LJsrdB{V8ZGaAG(Bd!ji)!{}*m(WYTrj*ApsOEz@6&RM}m7%Dfz7|5W5yO1|R1S8&ZS(&v!XSXp4v=OoN3KNwPY zS?aN3gXr(O{WWy$%;_JM6hWz!SJ)K!5aq_mJ{c5#*;jU>WBtU^o0D3bLW8{uGK%Jt zRK(c0)Qa-m@wjuHs8|}!;x1!G zg%>YTZcOmtU_=MRF@shlts`q8({mf&ICaHoBsfKqseUrjIx}wXlijqu$v%hK?9smX;_vkIP0Gev zm23-Vh~p7jf{_-cY(B~ZnevW7p{wi4VV|8BVq%$23Z;}py$!3Q_$(mIa59L@)Nmw< zz0`vQyKP2?PMf(L!IbDg%ro394_le^v-#&IDD6NRt`{ER$LUY$VQSLl zp7MSps{`CTPRc|r4S7%!`R?&)^Hj18^&VW+?OJT*D=TYAFlw%lyK&wR7Y}<~KDdA1 z*1(9Vr&S}(C=Gq4t?XwQ)PR<16>`lIQAGEJ&-(bbK@q&QxQJ4ggtpo&o&(6!(7Sy< zN*jo~KW|a?Cm37Zz1J$O8iT_5V5ZvYzbD0g?n-b*@SADV-g@tQcwg5CA7N9dvI+P0 zMa|(x!hX^e7y8l7Q(oQSXHj6q0USZ;kicQ>0{WfmG#9(<_iF_Mj)Q7lsr9J!DXxR^ zYa6#PpghpDJm=b21}e>{jbkl?j0=Q+v{#Sh?)RH-QsFv7?1P8A0WLYEFElfUX>v<8 zpI1FWud!gk*n!6+D4!T=oQbhRd(F0g2D}4mBA}ljz$e@ zps$ORFsR3!_+)pT|9nfTSh^6ksX3VZ*CcRs80dyX6#ee{h!r`gE_X+ZI^y-ZCGXgb zN#Aj)zbE*Cj{H5zL2zpwvjg58w9*~*?WMc)^0fgt!QQi2kD97hs z{RjHZz5hq*^tYlLwuB3}+kqXJBYh^dz&wFDLR`Wt@#T}U2n^;vcn1P~gR{Pwz5d8A z`U=p;``9I)pV$9(ETc2#QawNd0r~yM4$ps43?O?ab9zGu!++Ic^u``$^#4m-BPsvC z8E}*T>qfhj{XN}vZNda~2o5W005)WDAM_ho7@2SnO#%d2f@E%=gqe_dP$mmf!g^=x zYPovjx??M<(x}>23u7aXRzxsxE6TQ2t<$&0chybXw)MlWxx?Z;+xcd5O2#byJu#j8 zO zep+8a20ke_s_l8K3<=6tq{ghjhwxQ=m{H)w;^wu9kIxXl7lkbVMl_B7iF%ygRDh1k zxeyl(ge?{v?2>gbyLn6LAk>Z~D4ckajB5m(b*ov}NxT?GwTx`Ugv1shlr~g-kkyW6 z&?&G1R~#DEfdTb7E+jZA!wznxgnp~}XnJl}ga{QNVY$+-7_1doF!;Ti|9vBms3zKg8XP42N{E?gI+ zIAK@O*Tb5|tL;I9NFs@~eQlbw9E)8t%NvYmb8#yhrjp0Lmd8FffWGwf`WknD6&6}2 z6D@XV9W9$< znH-TTUgW5-FD5~cLgQ_g3$_VxR;R1m>SnsCJ~52#I0TE=JRE`n0>(!t&0Gk6Dob-L z#l3>kA%sbqAM#_3Rup#_7HI}X)3D0Wy&-Xc?|FRXHu=?$xl(u>C0>UM-nWjy6586V z?>~th*>BOI?pJBJ+<4qi)eP>l9y2L*eD_?QyEZBX-TSUy^wr<42w(@13L@DJtf=sM zw7=jGrmMGkyzHk4BICe~y*M--1_0rAl*f_5{UYkC1f@7BrY4fCV~fw0JQaJ)c0TBd zAP)`4nzcfAvUeV*1|rbQ53-(raT%M1Lp^|U-47T)0Rhy86pic?0cmiuk;>rL2d_b4 z^c{?$%2hCD3st9)r*{5EItGGLy6JDD94jQF>GZiW^iWntDgd!sDVk!E`QUd73W6GBH#rOKY3?5%M`9=B_`;8zEShFa^l#ENq@3`#5*C@i9#H`h0#BC8^vH0gt@)QQx?tP}ucbg{$;YqNK zQ0OAv^Qcb68^Fcr*vDte0OvEE*5t@k^>Q5)w+u2e`jkC`!#tU}=trp>=W46sHZ^+{ z3Rd@#B$B#7X8_5l2E)7XO_AEMN!??vS`0wt@k3{L>af? zq=Zbek8U?v_Stmsgazu!XSq@L0)1sA2QMUV3W!eb+?J#2ew2 zawYAsg@6(|dHC+Di6!2XZOL~RP|dfYi3E06rk0}1H5_&5Z0@P96+A$lq*U4^@^8lK zz+~5Ih8K694N??tBtA6uKPl&n_E%w~Ma-7NYVjUKE@OgPHfX zo8C4=X~u82n;X(sI!L?B1+ldz-z@Ih=5=>=YONN@rY#YKF=o&JwHC262N>DNVn59cd z8lWGK!%8?l&s+XieX`RZ<-*=!WWV*j-LV^v1_&lkP`4ed2xY7Bi%%Cy!l$kz)_pj> z_9xL-f1P7@;O!x89YXM|(2fqnYJ2Q;$JODa8=|P|QK=11^BGOltI}Q1?kCq$MJ@n1 z-qOn;sXt9k?*0U&T~h@pj^fyiS_?1^MGs)OIlH#uo-b00NC<$e@R86?|tQ7 zmmF~GD_tH1XqR$eE#EjXE`=CnoSs}xrYsSJLjMdORb4doJCrH?@t#=?t^n4vF=3d+ zfZ=sV@&~*DT5slCH+<_JM9iNWpfhZ8S;EVat4-gCP9ieHkYZ&a$xOKOmi)~;J9bNj zMaqGc{xb(Rt3^k#4nSD(A^fNR)SeFt3`w*lYRBP+!eBLaoSO6XEG)fU8ulZcpj=DRj>7c)nF%w69!?ocJ|Sc24PgFG%D50GsWvYf1E=!(R;A)ie0!Er-}e74s?}l z{~d4O^uj6^AcvA!&4t6gbdV8D8ukMg$=x~Iq+80ctb#0ROS!rQm!XK*Y~Ynd{QBU* z(RJi0N!g|^{<(_DQ00taae)WfN>Tpd%|ur4LQ;^L@p0YKLEA*2vMNK&pRH{s{nIhu zQzwB-q^$Jqyba`yZCV0Wu_gsthq!RetKpgmBDS#Y8U(^ee$Na>?)_Zq_<_o2vdWl7 z0hU(|(9;)O>aj@qzLV(`FcunHLwR4xnyMN}P{wnM_a-_q@PjK^5EFEm+?aZ&2wFL1)Xuwg$!E$fcppe2$myDd_l zIhabTWnlvh8R(vIAEj26;w=@s^FoWC>EbP^#trCg>A6m? zSv^R8u(qsL)51%Ket}_AUA`2a(x_e1`@Udxz4&C0npOYCxT$ndS+%!zELxVI_URm8 z%oJ-W2+7^qTiY=$_{6XG$#wY(h`cxL7(meE@{hs(3@Ls<3pY_5PGK;-FCwZJi9Y48I3zjQuOLAOQK9+;ucAcm#GqpE;~-kzF&zT^>L!Gk~Zj_ zin;WFdC-syrO?lk%hsUkf^aR;*JR0%#QXZmYOJl;TNB^2@kmi^t{6VHu2YK-U3fw{=-OZ`a(5g6IJTO zL0@TRT-Y{soYytftcYr^lpIy$Qo&cC{8UO=aoJwpVNRz?AYXV+za3WL?W9P$Iji9v zy~dQ(NJD2VSY-~dMK9J6M`MqKR%#AVp(Rm`mRK@UQkATzXe_%=Q=y#}Tx#f2p`8&= z{?w)*K9j*xVKrA$6)o_QVb5jpD3?Gogq55AG()HL7AnvcYnqI71D6_Zw#ijvTGJ1| z5P?&J(f`MopeQy*maYBDQu2Tk!Iw%C9qJs-yjAGYNDDk*%qclYW3+m&!@_%+teuBU z)57Nhh{qc9;oLx;=M0?Cq=~?2Unee`-wv_#EM8RRjw}R=L3xr@hww0$hEy4vtxmD5 z0QA^K%2hi5R0y!d2Z$lhh722_1+p_wx9jP|{q?~|rZtn)99*+Ldub?wjZPM$frXJw z(Nj|E_uGPPOx#A~nI1@6LgcCO3gTfs0%6XOlWv?V=JKtOAw$qDSOg5;L!GpF`~EN33|G5`|C5oENbwk&xw-ZW*h^ zB+6yL^~&D+?+r22m{g(vWPbakmN}}%3BWL`&6PIEz|i*C zRBIb%ONzLnK;d?%UX4^OApcvql3r20psFm7+#0&Lj8$xaM!Gcj;2K94^29WpY-7GP zWz@yjdZjmJX6~MH#k1C8Jh$>-xLVdBNjx^QU;Jf$i_o3SG(qZww&Bz*8u4Ig)foW;aefIpgaDM^>F^OZy!HE8_8VG?bW3U>$+Hi_81ME`TV z37e^wf)wF*Kk!ktD$WJrVMs89?8vMZ@pai5hAGsVC;KnlyAR~NX^VOIg1FM1-%u5- zX2m>l4uY%j71Q4!+0Ob*>uSS z!<3<_H=f1aF_={9bIm5eE zbzTrZaAc;X@pbNdg84O4%BpqzOi}Biw9&4b{DND;E5;6w{0xc)RXoij?!Li^JafR< zlD(5m7ptNrt6c{9thl@e!x}IWf3AQ03~Q>rx^OztL-R9-(c5Z5;mtqsdK>*rH91&S zx&}lgt)HyBTWOnok_FapHthrwJD$EXy^OPEzb*UghA`yCsOJ@kY6vpjjXy-{&QR#> z7s};UOjlgP^JehH@MxW$PnPAYUgJl#fuWB1W_WAbZ+ixT8upqdt}!N#?IMFa2pc*z zHR{ax0huAA?!ea-+(dW|i{ENnn)asMmssbfGYV^am91)x?dNqWxdP6vVpXbYkn2>Y zi3!ewhf~pwxJ?Se5s>5k!d+Imzn{a`41J>72nes`jjLZ_=X}twjQ-G`p42PzgaJD; zU1iVYr8h&U@)J@xhFf*hbP+aJmNiU2qeRCnN2iaB`w=Au;AluZsxX`B7>zu_?l}MQuAr0pEi0zDk?iOm?L&>bm7y-?BEA~r_ z89+J(0BeE~Dh?PT8In(&v&_?KUFo^Ks9bWyX6t3)kIFfMP;x{b07-?!7?)xsuAX(j zY=1nwjwiaSk-Kn3a_~QIrN2%1JWR9iT+J}8PpuZ=NIMpuuGZoN|F&8fxySL8Ur z>R2`0fjbIWotU#DS7S4SmX?YkAB|I?cSH_rV?dIab=exk;>oDMY??VT$gU_pP*wB$ zv0BAqpXxdj4Q#@^Q?Kvzo=04>Ch{*xV~3CFQ+k_LUXeA23Rz1-asx<9O>r7($vj!h zS%1?}rbh+7%jxtG{MO=T#%l5g;l|&22X^u^HD0yle2ZEE#a8ouFR{5RQ_0v!Uzbu` z-ci3Tr^YWb_*n_K(21*(3$~8ydLn>uhh=Aq@%}H>f)Zw%{W5%ao@ixUW4=GyC|8fm z7ok~KSXoQgjE+LT&0frLmul01$n1s#-s0NeCDP5Z3jhry>9sB1lNw-&W_wX86DltE%-F3&eS9Hj} zJ|+^PxlM%dsrEoO^0Au)SVPY%Itb&MS>&s=r(ZfTU#YAnGT!M_Cmqc(-SJejScq#s z`UH9~T$arDoUF57XkHr_7_J{z=u0HVgNS_?W&Aso^(HAYif{I*d9Bf}y!UMPsXN)` z%m2|I&Ig_;X^&K z)9@=?>KTrpgAyQXa8hz4UEL^s^Ud6}4jktvO@tuvE@1)=Kt|G1S~jY~;F;5?kb-X){XMDFI73E~b=UP;skotJ9xMAUzsu-%<; z@CDB_#6VDGsagK(?^4!m-LErdhwDO(Y#+K(`!1~2VDBUu zt2I%q9T(G-Zr$5%&A`=IdN+I|(wWEYkXBoH%syzQ#`Hv{WZ{ECK8bpaIhU@+yQ>XH zC5Ebqo3rPt{aNEiNr$mATQ|MFicL!V;Gs~e(y!deA)!R!$|UPbu|Aq~o{|frDT1t) ziOtrSpM0lmo>|W3OrTh$3E_~ z*tbn>5>95g!?<6k)OgX-QGb(tM^+0A>}_oN)+fYyE$xf?sh((HuZa=EuOKS%qeS0} zenkfBnbJe*2_k*>j{B+=`>G`@;SXMoJwqrt?WTG;CWqfSTHJ>urR|yCM(+XNX*{PB z$conSAy!&W#1n#oKghHh9!++D>=|~)>H&N>!M7+WPa2&VF7igKiMIVTq|Qq?@yrOr z?)1A8BkTyPP752;ffZg89Rr)gOmRO<0Va>5@4m9$8YDoHvPOk?o5vbu6`kK?GNfTx zy|J(_^a!b?#p>$flldC~X{#?(cweGbLjl3le z*bxib3p5ugc%}D;O-Jb3s8^I|aO3fTwz6)iPBQfc^{V;+iIF(nE%^ zJEdyU+7mC1>4f1P*bP?fUku9Kf)9HBB{2^4f_7~1!md;54*1#Bnb0cMo!+X}&A|;^ zGU(+eW!l#naj>_^@;ajWqG*(#(#S~MY%+TpGRS8Em7E~Rhe$OYAlFUk+e1@;fEOWh_ww-ZDuKzkC?S_tqf{;>0 zKl(7zgt6~}G)It1hGslF$Mv}`EK>`A=)oDqv}X07xZiT_GO$I=zd3RRVlWSH0VQT> z2t;%eohuY&-%;Mse#|>>tH0?I8k~NC+o>U-J(0JJk3kM_s#h3O5aQB@zkNZS;rVKH zRIitcuzJFsUY4HWwTzy1Y&C~I$IY6Y+m_HZ#1a&j{AP;hl|aCK2}aWXTqBm2jpndyI?Ndf-z z=s!qHY8xuJYG|JurUP;*;NvAhB#L(AI|WKQI^>$^io$`!eZqklJse|l^&ID4a;tOG zqlCK#y%kv}M6Tkmi;$n#IcFkgZ5c5@W-k1Zkd0rL{6}xoPhGy9Zx8MuIr;hhkUv85 ziTwzGV^o*Oe81+(E}JF?1*H4)uen^FWOWGhc_9C`ey8lRXZkQb5q@CHP6 zdK72nR8+H$trH9t$081+jmX#WYe~WFLiN@h9=y~>`8dCgUV~zAS6hbezE8InDdy|b zKxYVX*FNA31W)&8Cf_&+EI6Pql`^4kw9!7gp2{`I@}owtUk$mgZ$E1eP-+^tzKKsO zS>Vr<#nR9Iu_PmROku~#%&3R2NG9d`#U1@+uHK2TTDJUkJ5i%9APA_oZhkx;F?8Ws zWez)nJhY@PZ!<{3jV?v!T*(^gBEunZn$soE!rKhs*)I{z`$$}g*r&>

GY|jY(`SD*U+Bqlh^0h%Q4iuSprZ&+id}QELCTW4rnyx@rv{`Jot&cNN zhocjm3!S*CZQW?lZaG0USZLQHZuGK}tliCP7{lrmDBVKK7 z`ZEtYPLsK0zf5zqys@no%lL^|h+W(<(=aLMa|Of*?z`p}ovXJoqMpW~lCwsj(E?n~ zTY4>%-ph!I-h7PqG#}LP11}t`&=A#aNv}1Xw}4Px%V17Dv2TR!$h_41b&p7QOAc31 zuvEBtD8tddOnx^c6|uU1SIP?j^6Q+S(?DcS!LMg!j@!_`DH5DQ< z+VwB4BHBP*{2t_1z3{BKPB1zJsg83J>D6JovK|Emabe}qk5^5+VEA~%>&&&s-IfF7;t$}^aAum-M$C*!sP)^`HuYE=P5(n zrji@sERueu=K=E-T2#CBzB2CtM+NviyHy|7^nN1#Fg8feu3YN^aY+%nXR_?XNUS{D z9&j_ZZM!4?(8|I304EOXX8M%tJ58M@jyHzh2*mYqHi&;Qtj8%)5336d#?=6UEB9Bq z$~y!X-Ud53`{$frLmece++{b~zNsj8!wp7mpfEMZrvbCrW|y0;R+l$LIF6-LpQjmV zQSpYwfocxyj67dSI5NJl&?8LurXZAd2p4u21A*ZIyjXbxWCV9T0 z^L@Ut(?zZhvX&ET8JNij_JCfW4OV`bZ$NEf@0EKXl+U2k>8&w2;q$W?r2YW5aV548 zif5YU+^zHu%bq=8*BqJ_L+zt!Ss%mBz9(k;tWWplaL&2%a-=}p(K!itftzVb7mU_KjP9 zr@5uj@7Ogt_nFPJ?SdFr%W6j$NWW`l+qMdIp%cLir#}THj9AMuy7F>vJ(1V>bhGRS zsT!_DL?k*}4?A1uRI!83t?Vu;H|JC-9n4HG{Odf&@e-**)m`|J`=^GWAo&obD}0(p zMRA@;#-`jydjS*np-N)krlx1P+FnF{*w70b;;vfF8yd6~l~8kbwW}yuf^je`P2aZ& z6Gy8gbGMMm234ciIvUk9WNCX)Wve$8xq4%H@TxFw+l|&Ing=-ZAo@e6m*XSM_L2Jj zm3r+9?jJ=#8W=2e+D}m+1pn`@`Xc|~RbSr5(n!|c$k@#Fzj-f-S=n0ttA+4Sm=kR? zm=JmZ00~|QB(IV=Kv%F*-Cr5F5)Y3F9NFqJ271&qWngqb|N4^WB>xLQ$Fs&_5$aN1 z%j-%b`)%nfx~j=JJ6;cPSHArWC^g!qYy9hJ^*H18_4?We*cL;_q6Cpu&9)9A-?YHN z_)jNmc8%q-Df*Dm6!v2MrxNYYGO1A(cnLTN41E?^~Y1lt#GTg24PtPCmTe z4~A9hRv5!VqU1d00E3Lyd=f>8bYH=#yPD)7tjo&oJlu3oE^W42Yt5HBgCA>{9B z-2sS(oUGGRon>jbkIlYTtH6r{!pHbIh_z%F23zhS=3Ge#1cUNyFh?DDEuTU! z($yQ~L`YL0J4!$lyrBvPe#Tzd%+Fokf`fwL%?Ybl&NruW!|G=?863ZKSIRdNbEX?) z*p`1-tYh#_Z9bD0WnzsTCtZ(_E@!tPiow+*agQ88vBj;}@<8k?>O>ult6mR!FCz#a zyPuV&#sraj6tDM%RLx$a!I`Phc5BuSp5VeVvA_~|N|*&{P2z`p?I&U`cWyIHu)jbV zB27E^BXiP1IShxEDv5Tz7Z#KdMW%VUuvn4H&pl07;YUTJ+=L2=Zm~swbXOE7K&Z|z zzP1{dGJA_tB^OAvY`ZZRad>2&^2j&dzta|l>6$H1U?<>~KQOeeLX~e{cPEuGbAzw9 z*b&Ed>{wtl4LUzn5``gZ-f{GBKdMAxI;l6Tl~GsMw3~!oG^7m2T(f(YAqI){TCLG# zk~W7+ZYbFrO|_muN;8oVS$ab=DIZ9$ z^6E!Kve|ulhZE;i6KxU!>kAE765ov8&2V-A!oS^7SO2kZ#Md6%C4BH=aoa5cP9MCb zYSY1V1D$K5^g{I&^a>mu2Z}Xdr5-Decc=O*!Kgk*RvAD@c)U-q`bG-{_HGr~BZ!J} z>lsTUJEv0r(%rAKc8erLvAvOCVEgBL%}h`jpzfUrW}jh|E8cOqyk@rBiZ~@D2~hCb zKvV_e_ZCM$4t5Ew8+0rE1kx)PK8pWUQO}96(7t1dNV0lQ?QnsphKd+Y{*BlYZH*BO z;@wvp+C_wgdg2wP@WWGbyT9x;_Ye?+C{H+MIArWVld#Q_>5IQvI_Cv)UMhAxz0W`H z6G;E5DcJ$}5>yqq?&1L_q3n*~bcIVHD#wlD8dL+3(U-evdrR8=F(L!@*q^rB1vumI zi^lDG(c-M)b4i+jxwF{8V#7Tu^xiV*fRYjy=Mze*93ZIVfXr;b8vG>Bh=r8)CcY)J z`|7iP^o0HXJ8Lmb%e=dvxWhRBR&dA%>lA==@ILd-&M$#h-9OQf+AYr%kKiGzw_Rx- zC7+&Ll1hg)$O?K887vm~jb?I=uY%B>VZSoWbFq*6bi+b>kJBvv3)jQ1#I^2WWL5q5 z3)DIj){d(jo3@dNS09~QsmHinjtI3u0n=|4ebXo^3WGOzku0w;I8#g|JI3-CGV9cG z)BcGtDwJF2nueraVdWU9*yh<+GHwl#<5=}f9UYb9Y=_+QCBo}UsjgOOd!rAUlXrPF zozH)gSD!&}mcc(+ysOavZtoZV5BL6m?)XN0*48$T|GXDE{C_z9LRAP)q($`aZbKIn z7Y5&&m=VA}`w})aAwf}Dh~JWggkwXxyt)0xanP2|$*Zd|D`i{_!A(zd%9a)y>uESm zAPc-Xc~(?SYZC6;E*97AN@X+O>6wNst1vef_wPnelOEgeTP`2n`;!dCQCL8>fvOiG z@L|X;iY>eFs`0cQ{p#}JPp7*lx-u&v8g1x{@ydPB#Sf-yj1{@Ig0K%muAF*iNwFct z>UD~MS&PCOHC0HqO4gNU5B(Ic?^B75v)K`+k!IyIdKfI2w_8|C+6mx_S98u5MTJz0 zL(w|yO&+I5f|4>!L;9he?#jhXm)xiBRS`og1$lEt^MIH%F+7_mHSunE4_nzM33N ztSG`LxiLUa<8SF4 zmGK*=2M;3fNdS*QS>Z!d4+ue$D=Frtc|u__OFw%mo&#;$SR5qJ%Mqb`y2cX$CgB5ZN?<%htTOBA3LJ*wE-El|GT%qqhdjhTQ zrOaJDE!OYbLNUpLZmUu1WkzNZZw9#&Gfm{CS}cN7k8^Gh!*&Hhj&|VJRW?%MzC*ge zf|{rMMQIi%p1>>645>wb^Sc-G5g()z&?ufj00D#CS&W|sf}>GY9gY`|SfE}<_b?T4 zB$eMD27x>d0i2p&GdXlcG1jlaM!cE%bfOl0XT1kT@rX~Ww+A?t!Tg;Lyv(6KOl40= zQXu}1ur3DjC>boE1bKPWp=gTK&@QE#f5fPU(ngSqiR5m8p~K;7b5=ed=&d?(b^j%> z>2=B%=k7=7T&lZFgnAIeISjp@PW2v)D?z-Rp}}|~2Q!lsV{>)1?7bM;-#Iq_0+q#jvBSZ7PH9H`Yg~ zhHGiSSivt7t@EjI-Ydm>-W|ah!ctoG4-qTy{@~i`Y>lNwv~TZt{KUchnWX)E^f?;=13|YnFKFMKs@WKaKZC9p|z$ZNc%8QzkA2#yIar%Ee zlJ|f@H-QJr0KM0pf5>;+6yePzngmo4V8I{5s(%c4pfU7S1@IX#N|m^HrJ?6OxpS7u zC=$Bl{*6cGWXsh+zoz?m!Q!soAw$;bxg`ttmbS8ICsljUpt;7OPTYh&(!7=XnZyY711f`gaFJp840hRD@~<)7pB2^+G7LFOdL5m8f1AHs_Q8#Nf&)V z>8jk}Anyvljx-W}j}e|<2qJA2k!ZvqlVB!S;F#RP9}W3id<(Q1`w>&f#PVGwF+eD9 zXkUJ27^c46kbC>K6onmWWp#-iiA{BB#j(`LEc}OK4TGhYGC8Wz()lw-IAXEIxK_+W zhJj9^a_V_I5vCzxL8gdNIjqU?TYB?iB;lIZ;!oKiJJWp3^;E(58AHkC+S2!PQ%`*7 zX$zlaBW>P*a?-V;_3g;%QuqU3Q4iMXaJoL3_eK#}W4j&-jmQ)|{W#Wkrd=(F0{_oZvnDD8sh8n0Hzk#Md zuGNoKQ9~IX^*nK+4BX6U2oO-yNZb;K_yMnLf_>s@MM;inX{R`J^EAex_Cks^u}B?K z)T3kZWK2<8sTSLyRN~G7-(Iapj^GTE>5Z-|k+lU(u`8LZAMxeVTP5uTv6=?<+syn0-50Gy z691skYGudIh3y!*eWi+}lF<*SjtGy9Ycz!~J8A!7OY_IoV^4p_bX4ndJd4?$q;*wm_L}MtbCcerh4-Ct;&-3M>e$gqo=J@ZWSLv0!I!Z@u>uiX8 z#h~QY%&{I9_1@>ZyyZ^elX<~uF`uTtM$N3U4_hfm?Ju7p9o9VR{j=?`?me5P;NTmV z4*~C!KAaE4@4TgNXXxbBS3om*MVcsu%!4w<4N9bL%I;BUa@8*cV~P`YvEY^i75F)E ziY`fU9x|B)tl(?w_Rn?hGBXTea8N@%!=~ra*ZuS+ ze{M$ihUr-SWR@xTh)#AT+<~JxLj@kUdQ4|L&_te>Df(|VuZmor!aq4L|GX-J%do!g z@xL#4A4RjO#7&@h%mBtCk+EC+HNF~-1a4z|PlWzdN}=Lx3f0&_?!cG@KvpH_=rbV+ zy4)YyqW;JmVBT`ZXHXn+WwOomlYuYf&me}iL=2N(_s)=aJwMnFjkg^IzYjCpUwtD^ z=SopeLE?D_SH>Qk*D}f)o}E|1dXX;}M|NeNJB0NlnmdH>q?#)P?!q~}1Cj-g8%Z*PLXe`ty&?}uU}WF|4%LkWp4AfVeMRBN)|1Xb&>UY#Ib$&*>%ljqVqjH-ux4xxt$M=SAtjYCnAJb zWe7vYT#bq;mqfutnh<7wwlX2hiC%ebNr7$LwkXbj$dI|xW||EVecW}3cGx3a9Wb^s z$c!};Fn2}tToy@b&bzT^Dllb>+nggQ$zD8Sn!Y+mSa($H(u^wAA;Qr<+F0hnVwE&c zl~ADs8GJ}RxGYsEGmNMNwIp-F%;G|qxN=<)S#?8YLxxWTX?!L}w>1pel{Y8%rHLb6 z`kZWdB&CTrkvr9?NE1pzztV`gpg)m3tw4au!yt=x$RX*9sBKzO1|kF=!lyip zbqy_957*eRvuNS>3d%V}xoB*Y#`ZhY9JYcTIP;3xg9-DWJ^bu%=Bkzr#4uL4d>Usd0D6h;T)B_z9|! z^8E=N=Nk45acEy%M{9#|6bTsiS%k~TL6+=n;AKR18DR8~vDqai*J#y=X(omI%w!OS zP&p{aOujy$>X8pX1EL4N_n2lo;r_8;H=C~@c3VyXafiO3czqQQAUa8sIZKSMRJmTwWNR#ZDf<4Rke(tapGC72hd2npRkX7 z3ZZ8H1njw$cf}4|lTa_^ddp5x|H)cL!gOW}|WQH5@x`1P|sAz2uqvopB72aEhW;L_{yf`*3}WAwXK)SwIq|Hm~s z@0O0kbYL!(L&<$d>FdMa!4(n5_R=AO#kM>46&DG-=YBHGO=X8x(2=LaBGztZ(i!?Z z)k6MJN$f&BpT|JYUY^PUsUqa>go(z45=Xy5IjrVPW)knGd4g>fbL_OM^s7jqC8lQT z?BO)_GdYR8g*=bz5?vslGe+kUecFGEe%RoU!xB^{+VFX0QETd-OZ%)!RgIBTvQXKQ zk4;*KZY~cgX4AfUt15VR6?G!Ms$(>&M-FrN7 z-@kXqN;=ZU?+aejAIwy^)%)tuP~D`hS){ccK4k^aUL1upagLU~#1jqhXrJTXaB+j! z`c6w3O?U92X6fwkRF7(kknO_(dwXZgV3MJJL=6Zm<7+!Q`Rtg3ysYw1qIr)bo|*0b z@gA@-!{5^o#XmW#iek|UM(7SbnLU@S*0cKnP0|)1=*H;?I?6je+zF+WdN^>>u9^j#tx(ACi8S*{z6#FD$Z^iC_4|y6k&A@%^N}|1fJTD z(QKa7_3wdh8i}6zrQI9#Bx`Wev>-L1Tg>axLdWUP2M+>CUe^EycQ*_^V_if~19gYP`kQIb+Xg zqkvJORI)K19LEIP+b`R`G0-O&Tu_u)S@fIIJ1Dz-Bzw@P3#O%G58EY|^u+507SIJRPwO@51*G}L{V-8(z)YSw$qun!WWC7F5kp3M z*wiPl$_;}ZWQb9EX|M$c*6Gepe$UmyfwhHg?zb7Z4zGkk34UF!mYNfedEOUeW3Yc_ zsBob3!P{#{i|ciEXq&PbJ{`=vI6&`X$*u_tiUG-bE||qDK`vDLYXg{vTl4ktF|E;X zD@Om{@Gapc8B~p9B29<%UQ%6ST?|VjbzbXuYe)(f<3s9cw1+h<9^Yo?9hooE9ALqvGf$|Kxcipc2$xa~|ZT{th zvn>S0fp?Mofn4?hI{li9yW4zGqRujc>1qr*?Oxc!3V9=@hq%S zo66}v`Fny=EBgpqEd#fGMwF^x^M_!ymUwLM@oVF9?fhjYcP;}`sRE^rTH>@ANOogG zsZbNOVIQn{oVW+`^}VX~3F7l8lkQ-7&@EK<4fT)y+3v5EoM!M}zpN1d&r<2X2bfd+ zhZ?HEzo46cn`HjqQ&IlYB=i6M;r|Wok+rvRHZ%NRh>ug03~aCL@1gEvneap))?b(o zziR*J%i-JkoidbhR(5oWYfbh6V2L;2$BMFtr`j-VUq5?p;{GZ+c{3%QP{4%OQN;~# ztSx4>({I$&G$;EZ+E+G3>*?^%5huI!Mn|VYHdh`nt_R*s$sVFTjp#E38(^dJGX07x zYY+n`Xvvp@g@Y)=S~`bp7Za28we!#|MyM&Umn&!%2`>P|JBn}Sht?%{mr$msfmyb ztT0w6%TKdl2IMWg`v)l?Ms!WoSKMoZRl_9QK*XZB;j`?HA4D{Sg|G_(e<&&+PlXrv zZ3p|>^(bRMKNYu|+Xv(Z7!ERpPgp=%1lBF+j+J;$0kP__XO-{JkUuFbu;H z+o5HmCIJv51aBv*Mtxs2Aqo$~!q|bleD@BoL?zuU*9pcb$b?MrG?0H)AMMSY+%gYW?u3U1j6El^;2$cg7C+9$M&+4<}LH;CGR9yeUPmK%Y&z*}=jA;k_NJ(Qd$< z3VGiWXnbn<2V8mp^uC#KNwLLrHzY8_GK82wI2__SB({&>Q%AzA(c!i;XT%rWbB*Zx zxNUF}TUbNC<5pq1P^{d9RfeBe2#?Ci#PFz)Iq-uWKvFG#tRAw3*gaj{h^*!oV}nc! zqrc6JdgJv-Z9EO>?yTS2d2Lmv7wkgLMO|3Bv(G z3s|)(S+ARiQiMxMkP=Df?9WaB#5)Q#UMf<~Pf-!&{twpPDax{T%NETHI|D0h+qP}n zwyg}?W`-S+VcWKCX4t;*|GVnks(q?IDVV~q4Ht>%y)(QKgPRg)25z&1+N@YM=Iw{6i+(?;;%s{_62!`rB={Fp zewB*U^itzns11g~6UULo;dvP{R6+gvjFsE@6^nr2^E;Fowh{p=0ReUL8~YrJDz?t} zS>7Zb;;w@fJ=bSM?B{K0L;>BnGsUOcj<^=;z73ra2Lb8NVssrBpo)g>M3#BtF|E0X zbqsQA{#E=g)3Nks0oa&bL~CXBypegQAZHL2;aQk%fVah4 zr=+86AA6`L)7Zqfb5`8qFI}s??2VML5io80sbO^&sG&>A`v&*og83D}hTStsl?*nHM#uMzHK% zx|SckKQ%XB>d)wUzQfNqHpVE|uU!Wb-vHyAlCpTF)(uuQP#=xsDPGh*Qv=T1pTbA^RtS6{xsxu@#S? zEMcD8+KrwW4WleVFgs|ff#!dX_P*a)O`A}F$w8JFt9LBkADQ0Dq0uFC`+@*2)=#!qDM}(R03?t$uMJ{wHsp zQSAyu;^Tc}p>E0eR;8~b_Xyb&q3aymOfvbyurw3&i+62RIrXLP6@~PO5M%~^gs0bq zH-uJj$wF=2R97G37P8jCDTgR$rfHIc=PjeqD|EXo`ys|};lXbi&68&@=uoV7NW=L_ z?NcW9o|6p|Q!ocjviLGJFW0n1L%wv+U1?tH{8_J{>l4?Qe=stY<$K@T6$S#dt|PO4 z|N5&^NOw8a8vZI~SN^5KU;O`LrSNY!_V468OT{%20QVUf3;Yd6BE|?|SmH<0N05)WX*ykCTEVZ?v=5S^xwhJ<9)vwQP?PrZ zHqR;U#~RniU%t9s-|c=7qw_owg8)Eg2B&YOysJpY%4(9l>YpPm;RM$*ZH_0o0(enq z#USXZ(ic?}Doa*bWGy@k3vAfdXWa(qD+?wXv?X1A#4RjZ+Dk2XiRT(dYApa`>!T^> zOih_P;^>G*`i%kl?8z!>w{U&P;|A9_}X+&yURoeJoXO4U}K6hl8eg6%A)f)y$ znr)~xx)8%FKW3>gxgIl z)u8#4XEA7o!%LBVEVaMh46F&=#$)+jPoU#iG57-snwc}gvzIPO2f`J-SA8x_fn9`o zj;=&cjK&a*T;D1>cWG?IKN8{)d40$fCPhe&tx2Y!&!ibA!nR&Q1LDUCoykPWBD{#? zVU;|f*qOhFAQ_EA@&$*Mr5EP`>iVXI^3us`iR!jR2fz+jFhP){;Z6J$1q-3tNT)3sYM zkp*J0sZvlK`(s?8BgR9!MW8af=|%i%JWbyGrM60w zkXebVam#tdmj)R?ZyW^IcA$f?J_wJ^ii^e*@=L@6eR^$(^g_b5KvB#Pvl4t`3;AUf zpO0}{!vL4c9>P3}hL=8v*4EzdJ!vM`ja#r4_Rm7zo(iz6y3rzp6zhH zrh0QeKt0y(`QkHu94@85`NhV(7N>Wp{XCB3HmZx61~(@bc`GJ!>WvUun5{u&9MU1G zzVM(IOM6Gb3?xT$?eh)fG4KkMfs|b{KXZNR6!FS#d=Mq;W1WCCoI0LnxS0K z9uiqwCos7C1U_u9o}EyWUH|4`7zPAT;}y8?J+&TO#j7Yb)eFlj0tc{YW5Wuop62_< zc5g`Bx9|sZx_*BAO(#ssARv8%Bt7b?XlC<-)c2}g<=%dEPqZ*Ud19>6uj}JGN{(7#UU;xS?C2HvL^9nVBIKz`svTM(orKsbis}!gU*g8Zzd`fRtvYydfRznFeEI}d{Hdn^8sZ}{#GORUP*C& ztHGO`7(TQ8s2sg2y;Bm!WgKi~>PWh~P?#R_G$mi-2qBwQ{j_4dL>sYaS=MjsRb87F z_dZzk-8~%bo4m#r`bZ2NgV=V)80tOI6DhpxS)`XGq5z$fjXY;izeFwol@OwH#DI))m$AaTC* zaDE^zG9gBR&r6WVZ}*3rYi#wAjuToll9cr4$|Ls$mFJ#~I}fSB`}S+r4 zE0kd8_I425N-$j0j6HD2o`R+4H15!4lUCMJB*uQig=@I152o5RU>@qN!lIzw>{FU0 zDi~4|F2Nozm?c{qtqNdG0!GW)bL$Q#D%H&$?zH50a59sg%1x>D8~ec;4)b4>~=7Dl`#cu2M9qnzJ&MNc>ZV*N?O$-l6Lkl-#&TNBXJ|5=U@E=14 zrN3t0FMv9rappgIOtR8`Wgd*y6x;ZwLh z^Fxxf_8-@>zMr}JcV}^?%`j$c9yZZ=()c}R@`G$YU10Jeeia0u74-|CL~%6A$0i003o*)HBJk56xm#Qa{y~n$po7U| zo&H2!g~7soPC$`<`6ZI26SF$e?#d(jd7jI>k0UGWq=l{1r%Fp;pjiW~crWB4JZhL& zkT$zQwoGIU`Qc5GD`h6o0oTX~B_*^|t*0Kq2E^iVHaV29_e8^d2i>{_U_}t8r5lNe z3#m$9v|M+aCto*d#$BQ64%-E&?bGrx_reodqHpED;{H{P9w-@UegEPL3;fH)U;kIY zYi{z_+I3?k+kXaL=V(s2UOIT8p|{@Roo`s*FxIDqmGCHdgtxz8S|VWyAhLt?EReB% z3lU&r%GHmUL1C1=y!YYyK0b3h4X<`clB^WVQLEG>b~;`wueH2B9KSGN=9v;c%S7ZH z56z+?su6eK-C4+JTSB(%W(Em^)EX~E9&tb;rKax3KmH(BTbd43cm1MSS`+;caYuTV zj-Zxbw~TrW{yczQ>2!*g&kHtZv5Ww3mdCLZxO%LF%asD_#QWD_B^wi%{MCwn{`&p* z-dz7vQO*DAK>T$+O1A%QrSTtAl(h^yTrVH|tsM~-EHy6QboCED0F#myqL-dpa4dZ7 zj7i@$GZapDKD@XeS$B}JdgGs?vyX3dB6Ffabo4B8nYBEjvr8RNNTe!~r;*BO$Lqlt zMNC82$@lWqPehn?yHssxZ5fW~;rH@{P6Rx4;p~v}4wzvsfi8F#2}E}y`Dy4O>QiE&YTR*`J!%gFc#e6V#&w^6nD_hA1zov4gF!_u#lIrvYf^Uos_ z;;(;g9ZYHU?eq=JjA;$sOlZw*{+G0v*2zKN#?i#q!TMj0N=$tIvqK;M|MaCw|NeUM z|G1UmAN4?%%8JXJ3SeW2MShnIc=8)$AuNc$A!jN+A0F@opBWw!ngE7`=86gys3t?L zR6?WEg{E)Lxol#C#7`cl`>>FQUuIJs@y43=!H4{TM1cKa`fwDbo0J#} z52^biHH-34RbUxWyHrmnju{VNVVnumtJDo)uy<43W6=%T z@QA34^GA*0C(PoeDfZ|DV5p6Y6Vwak^kNyxn1Amp1wYt*x=7(@w?)F?XavN|$d>eL z!0tlCJd^eDNf!<#6hy_>1{xq+VGL_FMH;$=5?#o-mBKuL&1O|6`J1CeB{i64n$ z=9Czb!Vs2IaP%Eq{kb^oTf0_$Q6H?jypGahu_-q2a<^f@_h`(FY7XUxOfk|L zL=JX!6*YiJW;;z5m58J2OM0$})hb3pOSVf&M4C%S_%(AYOu3^Ip^r|8X3UnIhc4-y zuxY|t$ML(&oO$AEI(U^DAR24|6Ea=pq7`t)usOswpjs08+t$--t?x{C7oCCJ5Q-Ho zo!L7)eosVYA`Y5kUd7htdV|&2>nD0Ji8Sqbrs9p$BL&M`;IgOYAl24d$;sYxds(r$ z-_+EY+V(9qlkH3?X+-j92Z%kmD=|@X^&{G(r%XNH(yv$Ac?xD3f)6jbnvNQe-WBiW z+L-)2sDx>TRs&>di9to2_PBFY{YWVqW#ENn<+VxN3ta;UDGc)@+^C}R+W{>F=1cOC zislCqi4hv|qQRj_qi&5ku^#!$q<3EC?3^EA1mcwjDUFjB6%$^Nzr#k|Pw9n;2N4w# z?Kky^rUwr#O3|t=w81S;N0?jcV=!7fie{TA$va_TV&EV;b^WC+!?P#LY*tP;>Vh38 z$yHak>Xux>2b?-ZNgop$d9snQnQ37Ul9ja|O0*Qv)9o)jTap8Nvnl(;!N-^b^~t<) zw2pk>podR)7f`C4!>Lcgr6H3XP9j~mqQU3L<<{G21+go2$WoZVT55Y&Xh?p{br}31^Tl3^nSEGe7CJXgTbS7RiQgdJWfyyfy0G+` zWeIVUk8^DUIDPo0DooqA(dVY(kLP%y8W<{>_0l$RXU+T%(Hkn`Vn2!Dgax8B%~l20 z9QA7iE=`_Jy!}$OgrLE$r?2^0o*-gM4nF*&yE2Rp@*C+9y~8HOwn1CltE#r)-ycBe ziL{(o*RWOFAL(a|dd+Do?TdNk$EerFWDITPaKo&3*dB4HfIk;@8X9@3iur z)SPQ4x_}2g^5DCBKh48NOxdL&pN4dQ5R>{qIwQs-&N7)ow^4j8-U;rC|NI$C&vAuF zD)C1qX(g!t1>_SI&qa~wpk5E9=3L99lBQ0j0@9>?i2Vh0NXFDe+OB>n*(|E=eA`MB z-fl$&adG&B1BdhI?njzkOA$d={w1tNe*1lwz&6 zKWeQulw+uNekAKtsP@5BTrROLh}syU@5Z`FHgOhB;-l>GJ~;GL3Ww`G%Ik$!ml56I z)?TbvlEs>_dU-?QSC$Gt4>BL~5)Pf?j-l5n zpy2^^P(jHR!xtP&me}FD4#{;;thaslH2)*^HG=>>FMoztX<3#e@YM@wp0GLCfRr)MnSi*)l z!^Fj8EvIJh4rFLJI38JLP7WY;tTD0vdu53lK(^ghSib#IQ|NPR{Erc1TZWR)^Z7XI zZO3KD{u3AZ^E#W{1xn^cpBGJ9zO>GyOm zQ&5^Q02OLZV)@K5Nz^N`2dRXbtSE-HD8`AHVKiaX#^5qqil;Yu-w2cngtqbg0>@}6 zLuUMMi3}!8!^UufGL#)AP)hsOz%LUBgedbY3lb9vw#v>mU^y+x;stu@dBd$RUv_Nu z${ZZa=CjU9V9iE2m=N$6P7Tjs)<@?i*E>mweL?v!yv0$q;v58gNYW{55&xKB3ALn* z@7{!*4WTRbB%eul88mt2ARt$#0mE!=DDFr*0N&Vg;=DGU=8L2sBdZnhGKcl4+`8cL+L- zWNxsNrhLuU(IXIj1bS>y=E_3eDxuRh0vVAmpxDQW)do23kWkW2#9Ae?)HZ}|K~PpA zDUr~~T7fnm%uP=!iZL~87K2#rq!W=CYes1F($ZpVt~%W}b*96E)vElsjqv$*f!Ti~ z*~BSfNAzZurz&<;(vDl>;Je|-mc#jjeW^&_ijP9N_;iwX5FsP9MlAp)#xUX~NO=jl zBW_eijC#lM**2VejfGAq>BAXgfIr;_h%(_<9i=T^rjkxk4;C6qM$^WPw2q~Yc-KTt zdpDWTV^9Efumu$B$ft7h>Aa|xG70t%C^NI}WU(1XtvGUOp z=&SgKWFRF?K-K|QKkjVL_4-?H52><4$wLDScwQ*<1;4|wk*L6nXDHbPm260GZ~WGd zo0%=()hDRz782?0O+;aJF}Kl~2MkB>*KA9GCg4FVsGK(|t+G^|-Z3TW3bc?$xbi26 z9a;jkB9^Y3&yKAxPdoT}*&R#m;ELfc<)ynff3l9cCHS-MaX|Kb_Q4X22LxK)P}B}n zM7#$y^Y>_iBqcfDHQqyR8MiC<8rV7{?wvP_4{`$9kuD7oHEtmf>DF+#=fN|S0vP*pN#qwj0qwZ1970*4XasnOli8nW!@qIjz;NZR_`h7(^{rj{>)E0T zJ?DwqU^RIJ8DOu2h~Mx*aR)mx^X)jH8QXpyABnl1na?41$@aVpGznZU8YxH$m5NDu z3H1aR7}TWFos5eO&d*Nn_d($xP-*73G6IV%#=}3A_;I(~~8 zVIvE@w1+fxgBNEE2?{t7(9Ur*!*U-mI`$ij5WP0PW=q7)G%#W-*r&ysmIF( z^?31*_WQUzY{Ui3yxf|MTl`1DmD(Tfn>AXo0(fE^H6pk)?e7N=E zvnTD|_>dZo&*I^Xw_*`a%fd#%+(7r)9`N#|OkMq{Jq=6@*a~M6D%;dxBS$()7k!Fgus1;=#iZW|01Nc^UZ(X^ff5O8&$}WDu%zGH5(C4y; zt`#havqk|lOF11*CK2kBY#Pf*I%?PGNEk+dP86+j#m0bkQzkcPIVe`=)u_gy45!{~ zgXPi}s2LTs!vd3QJp`z!_l$jnuo7MwB7TrgQA?Oq2iZeSMGJFLQ`BgA893Hs{o2>= zEoP(XVd1H>t{?n^`SdZj_+*q)+k^)TSRw;?3>7BNllhTK2$^J1PZ0bbyXH=no`pkD%Hz zyc$U0t1%V4eHEu5hn-{rb3r9iqRV$#hV?4cK@CLWP0KVrvi_q*Wjze z*`O9eyDM1_$g$NOR6U+@^wI=7A+Ct6$!64@@E{myRx#sQhR^J6@!a0pvV+HrF>trT zI1>MZsIiiK6Lm>PV`t*&k}m-TMw2bl4DzV2PggBHesO3;SH0o!3TS+^Lz;B+w(VPW zR%~|4_f7jGYbCEAx3#84L(2}<5D+b6c7(t97XtheL!f*#Kb1a7RWH0s-GXJ$LF6_H%I(2J(suxm@TQVV)7<&_GO^e!4V~B zxPLZD?`+g(PM38@*R)qQ`OR!~%;0K`{b`Bl z@_bqw+X8;$?%&EEdkd-Y{iUfBQ4!b~4fWeJXfqZmJm*Yf8tSJ})E}Zp#`UejHlC`| zy39Mr56>qa396JvHe{VucrPs138I(@1XjgQYIabqQw@rNA5<1ExnsDy6LU1`@1gm) zsExHtmIo{vEghjrM_=Y7mo+y?Z}qWBp6x0ZIY}GB743R6HdRTeVqNN#ynDw-L60{- zmqxSd9aIr0X%Ej2gr{_T{B$`=XLmK&ckH?L4=&ow53&hVe7>w_Yd%`5t8ji-d6rsU zX12cV{wj^G;ulq|%o!}*C;>bQdg8rahHO1nM~IX*^np9vEw*}CW&wFj#@|vuWYNC8 zM|qys?-P9OF2C%%dyFIa_*i6D@=;Y=%Gc3;EwS`P(0--THh${x%wbVS9`2)*8+5#a zbxNi2;2*mL{mt`g#ZQDWQv%NEiiHpZffDSe!us0o`_A|Oc`#LLUS6MdqK6uCn zG-=6RWaoxFHe9ii($eGgf$HIOE(!G84=~M za*dn}b@{!6VEG8v>*tR!?B=PglKb{%MKF;#m1B?HHvD%F6WSEhdysNpt8Jv2N2|6z z&u9RRxLt2|G2$Qdc?Se`_ryd#8R-2Stl|SU!|whHfvrxY&AM!eK0b}il`+UkVc=VT z#&w$7ouG3LdM$=(yla}aQ&6H3@13M(SipLE-He--)0=gKQR zy}I>Iz18Pq1trwGX0EZX=TKQw4q{XGstmVNhepm<`Q>ZqZ3-#pQ-_T|@l!apG90R= z11soZ)VNAHq^Cc5>B{=3k)1(0n2?46>vyWd5tOC73iWj8C?`Z_uSZV#@6Q? zhe$17X3Ws(Pw$YXZ-hfRu0FuAXa~(2SL_VVZgu5^+e8S7GQu$OhRjk0xz&iq+1%4c zQM-s1CA=uDaV?euvg>OgmF9b;Qw$bB4Xb09qUk6NOJXF6ZE(8rj-6UcsO7e{0y6ad zDLf0Aj&IZa24{$*$S!57Wq@>@=Q`BUded>=`z;j1K=D{_Xsdak3g!7*-N;4i!Xwcl z6XSJqgnz~oF&}03zF$pva0m_CMlG)|Dvi>=qy;km%j>P` z@Yh`Uzqs5<32QP)@_^va4Y*2b#nERiGUS>pC_;+xo!D==HR9iq;9<02jbmqK&5IOw z5WGOWpb<;MP_;aE1ksmP8SnH$!%(Y#)Ga>#zQ0`1?ebj*QtLS*1A++7Eji{B%lXW| zUYVxW+$wEJN^d*kD6*%4*JvC~Zli#gGJPO)`zeMdkDMh3YGQp9V51bdn^uZSE6eVF z-h9d-GQ({bDKWrhZYmt5Fw!}kWU;{b-F~>92HD;Tx}T;!ux+}h*ZY9VUgCE+kID~S zw&b()1F{X+61061rMAqvOo|cBsu5VYact1*Eg+!h%UZ!D`32nubZTRt!QF~gFDLGLt=>QT*4%6eBC)}x0pJAHwAv9ohlu9 zsdj9EP6y&{!~T{tigq4Hz0c}v8=$1qQWd)}qbWW9bBw}KYLQf2?stp|Jb;h`{XQw}1j;TX@S|4|1%;;~j>;B_fAu$=kU0F@+r?q8J!&!za|y-9L#Bu-v-27S4Bd zB0sVWc@g%AIkQU)k2P4PJo4v>=tAh6EZ)iKf9XR^nOC3`R2?EDsvKc0=v;+lq=wBftgEbpdY6{bVj*!PH5)O_oTNrpACJwvn1 z%e(1g;69g#FpLv9K&LdA^Rp-Xt?=9qX8}uLYOjHkbFy z>X=kqmvn+NrFE4e&7!&f?1yGoG1gIGw7B$>BcfGW0#K>#Or+J^Q>Qh3&6a9b%5~mv zX^U3;dmT9V*zKaR|3<{J$sGBqeQIOy#e{s(Z$k5m*owc1FTdYWc?*Q*bT@B!w@YWxmJS3|p&#Ul`NW znzq6GviSSs{S5SH zObx2v4Be(ABqESk<3x6q&5LW~(+NS8AG|)xpS<@~kNNilrxKaZSgYEYT69iX<*Q z)AVT-IYEhBw5rn@QD$064Z8QE7g+}1Tm7DCY`q_Z{8fS^Q~>UdLI7yQGmL{~Tl^v& zCF?sg!6heN<0PZ?dWbH=l_rxS6xfLiXbiq`8MpvQ7IYX}v%nrFM&+6ft4Hyh4{9SR z)kww|tI!4U6rF~B@%9919IGvyr86EM7#_O@-+wcHae*cXT5cjN-wcv;E8=*y*$$P1 z)l8hyR-lYmYvIUul*CyZUN;W?7B>}tz|@W>R+L#N%{NX?RnhCQ-of=H&3+zx_!X7! zSB(&dgXLs5u-G#IEcVr1DoH>{=;K{i)-QaI2e%lQUv-RnW9wYRe^= zXZC!Z2%a*n&2PY?roN5K=i$r=iS>TXxZ_uAz^Dus$%(67uvTrb&T`cCvK$!W0-gwy zx&i*~VfL-ZcV4naHf&?aH0*(1u1_xK9wo~sP`95rktdZQqQ)@tNXKB;R*E;9eQ9W& zSK!d96p4wCzUi3qT6^k6ITrW1~JesswC5nODA|)cmr7Z-NU2iRAoCM-L970~L5A8ttekx@oLIqTN z+Z=21-`3={Tdqg`fuXPnEfsJnb(xPd?iZq+n=4m?f=XY}K-Qz2&|MMumfyC$Z|W z4m9yg$gl=k18-pi?g3&iZakIM{1lgyD8O0nvBUGZDq&HQU%w~m-lz@ zpWGG5vHXi7RS?kbz3Zm-)L61l)<;Cwh6_pHO;zpT%G*dcxQV}ay#*R;XXXb{SMTHH zs^&kRG3-m;9&B{4B`CuKPvHj=M$JiKZ2E&p71x>@lOPzA5C||60xR*XICmwQu}_+t zQlgQ|6vB^fXH0Klay1e@auM#h7qYLL*S5HNU>a`Gr zJ(;>6^TR_$;X!Jg8Mq?ipL%KWZ%KHm6z$f=#VA!_)+$ zT^AjD@T0msLz5c-rf+HGVX8;zy`r0%)$3H>56cLqiNUhFjOUz{bSWBHqVCa;yr=#T zXS>ut`*!VL)M@E|Nu4JB?_kUtln=n z(Ezmvb{7wHO__lG>%-MgMQo8|Wl)pdWq(=Djj}4XdHcH?SwCCugg*u|Yxesh=jU77 z=JoF_ULT-t%;l+Gtnp&}qySJgqG|^LUip=LA6b@F(h4L5HLnS8oDO2TE=7w%d_g@% z2u}v=>FBZj$&;FKV0H1Fa*z+YJRc?^Il6S0d~;5Vg?Ydl-4E=uX$Op=8NApfQsoM= zeVS(4aLVfHo@Y&{Q1knJtUL}#&Su`b_yfwTx2l*4%3HuY6 z3V5=Hy`2gL_cj9ym4WF6$5-@b8NT$9wDVxAV=$dZ+}yA*N&DM6bcD zvce+s60BNh>y`I9j%~iipN0PUW>3kOq8rvrE~_Or#?0z9GISo>Y#Z6Ub_ zu2h;Af27Btzl?X$ab%U*l)aI~?R9LBW-a~<9B^M8SI*9k5Ckw|s)Mt$1)ewUcBD3} z9}AYCT?QGVV?Rl<-SXag$#&o|m2*ce)OUU3=%9q)Xz;@^-RJ>>lG>5+SA&DR(;D=&Zk#6=1;VnwU%7n!;}n7MnC5-Hxb>P<7CwHq+PBaq!f9VzgU z?6r^?J%@7*HS4$SaxN@)Z+WkKE9MpG{2lmuAr}b!{^w&nDfb45xA8i(y2XfFM+I%+ zM^PN5u19O(T~m$r#sK5x>x&<^uM^n<8``Ry1lezfv;d6L!239*u1bMYjn|>fG(z-p zRsITyNx#dn5>A9K84=eu^YE3w=G!&Rw;=z`OJR}_YIqwvr*M#XFOK^xXt|D=_Q3a% z9EmqsMkp0nR`#kX`{tmvpJ58O9HOpvOIIAtA=V~D9cGy`P^4ZK^9?Vi`@FT!Wl z`wddP!vN-ng`d{Uadj^8)en&cjJ8^0o2+gWS616#y@DUSEIMOu1`fzdHHHkxOi$ws zqYO6Jf3u=xzx{dw`HHUV{{(mc*U|NFTB5(A>n~OFnN}tVriFq;3u+0ZxCi7NbGM|D zP~jZ`@hGsZrfCM6!dfjW*_#A0pBE6KGBM86Hy$YZHprB4ydZE-Q`4zTM-!&4PTwz; zC^-wN9=zx|F4o|CYiJ;Ath23`)?=TCqOJ!xA##+G=72(G^BRmg^A*w~f^z*K zx%qxvpMMmW==V(h`y@BQL1$VYO!D5>8NNZ^UGeQO+^19YK9$14p7ci`LrXB>{M7|m z?OnA%L99(WDWe#_j`;Z!EUGKF&nCyHC=D_t72*@7<2zRr!6Bd>9s=*d2_7dUSo_)45u1KC~|XYom0S=J{M79OP2gbx89*-8P`rhE7SoU)c! z%JXI-INFKr%?Jlu5jn6-WuF$@O|(e&1X2LtEm$CQ)(`@5BmcH~O!igJ2p$diZu`4c zSw>K*05A!8aPoqa{f2wS>eazR_CK;<4FaE3xq4Z<7y}KEa7*^Ubn+%QGBeWa4DDD= z_919#n>?dtL4q92rw-?g;l)HwGWstt!qf>248+pb9Rb!IqCGF)hF;8wo(t?KS}d-{ zb2s@wVIGgWOxj!B^c;+ps%;pIt)|mR6OGq*|6V!j?ko@m`xRyo|Nnp(HAq>(a6c%HudB-;N1-mN5g zqH}y$@jP!> zH;$#BJ3^!{RN)-?2M7aFd$GZ4{vaH;sL*n#4GIg47C?qcG)NvR9o~NOl0b~8OdEy` zG#-t0%v{Gs!VS#CG7h+GhwG~fWq$>l_=`Z|6dPuKfsOBKmM2=A!x3*kPe zMDuSKVYY=Sn;30$3fe0}Ojn38#>IE_Ao(mkK+8>Ov8Ku=i;J%7_4rz+kKWYfr35pC z2g?P5#I4j}PB@1C$U#JWmv!IE6!G-S#3?V>)SnSGZfFBxI~Olqk;>dqL-akAOW|PF z&E1$3U^2j6uPh^b#ZSAid_khv{khUFS-eHYJ>xPdSi|TiQ@&nDpK9%T{LN9N= zU~-08i?tojMlT9o+!n{QzW4htj0UCGz&A}4jy*c}@b+YJw6wgU#?8J)9z0WTp&kzU z_{jo$3ir9~((XDxOo*mu-z7I{{f+(661_g7(dB){F|x7d0oT7eb%N&!Zht8!f&OKj ziTqEKt&GKO{;4ycq--sVDGKlNV0E<31_ait2|@hjAPR#vo5G~E z84Bz-_+0~rslYa*qr2g7vXzrHY@T=a&Cf>!Dwah$?~d4lvO$5eLD^TLiz!PR)37_L zq~dn+VseseYJBpK?5Ec~S~qCLq5!{`u$m}{C>l-MrbX|lW*T$$@VdJAvJC+_$x50) zEG>wm-%#cKX1yu<2h?N50oJc-N3T)xOL{EGMXN5?)LdF;G{d4`jQO%@r+I!;v)AR9 zdBies*k4W9oXx}V=d#KaX*HldyCuosSMHw}QwMdR$xW>AZ zK>}5SMmR#q zl)o;E{>qU7I%$l-7%`lS9I|c73|&Og*$dYslVKT0lNvqg->@l9*$bKl!XayH%IMHn zA8p3>TNnxBES2C;m9=K=(G5BGM?HG8rlz;A);#OHE4$LmHA_Do3+dP zsol)M7vAKWdo5g#UQqX5dPflAOnZly(d_DJ$m*mpf^9pcC0KQ>eanf#RE4XfCPz@u?L*$`Qs+sKG{0h553>R)h7FBr_1V^Z zn~Q3?zS9LJ*d%|2k5z~)>S9Vu3Qf9|L<>4)lb(BHY6?nUo;bZ0dtwvnJ!h-D#`Dc9 zg$;dXNk7Xu7?MrTNV2n$vs#+0joLFJ3N=|8Dl6B1xKN{tEc(ot18+69q#A{a=yQE& zCyVOL>na=rI-*HwUeU;C!C3;S_h@dO>>-r|F6jOfbV*)Ft0^qnrbsA}Mc!Q?S>6dy zRMhT!j(cb)$M}p#dV%_N>-4f&KWk5n(I5&3N{}5cEjJ-R zc;pGO7=X4TEyPM>^t}L+;=4PP@-vw8Xp@u3oV&aP#FEE-brf2| z@R>&*a&ajtfeZqITcEk465r6}iJ~VKuwT;x-d@mssI3<}Sdg}XIQnc zny7{n9)M6R^_$+hKN8}oZ4;q%XgRzL4;&cotCjKuQ)hSapDUTkj#bTh``eA6F`#r# z{R_yFzf6Mu-!{cR*Jc#|LooZdQKBZKm(oJZXD4IA`p70a` z9K>djd&+i3v-w+hg7v zJD4=f3^;S4O%Rna&l;(b=SZ40vuiWEjt{cL(4?_aUw66)ioj6u z6EO4-A?}gWYt-UaDQ0NlAkAym07QNI5*iM(E zmx{?>M1u=5L+8tXP7dl(T@+DZ5Nz=(7T1|UC2$rwksaaL7~UYWGic_2`Iea{pF;$; z0?nvN8}@I3`JA~70*7~Qkl2(Jn$Mce72;#U+>XziqfD4!%&uZbf%PUohhs9PDWB+9 z$=nvCs`uEL<|ytO`N=>N1E8vlDyukMY?y#-c6<27rSI#-@&`Dma|@-inHpD_Z9Ez?p+6)r{;zodL zcvt+}0r}#^CK}(_{1OTPdX+Th|b?PfT{c$?LVC|k_9=k|M2jQzVJSQwPyJ|@Ehc|j95m{$7>);6Z3 zkLH39O;BNb-!)nc>SQVdmLj4%bK=qZ{gQZO zK~w<09qe2{{dr?&QcTlMa=MEhK*xfi8i%t=F$Zo`wo*A4#n5bI4e30@K?Kfva>v|? zZi5&Jp6BxoWT&k6!zO?oZr~#Kx203LOp~}2GMtt_*4$1EGq_9t!D5khGeLAB1L;irwHFD0iGRHF}7Q8YeqQV#9$tI_dn5BSKWZ84E z&Gllr7^va)m_u~@O0_?0`?{NpXWv#8FLF2tu|Js0TaN^Pw8aBZNxa0Vs!QlW|4iRL zPPIR+1rr;OFqpGv8Z05lFT~2u&JK7gBY+c!ARKJ){P@d-ipJ=L-8k9q3EgT(tZ}nm z+0au3Ynva|%|M!Te)+KdOCQdH#y|@|CE-`@79R(|(ML+o z>WLfYXO8Y~O0aTZOw}rYnf&vB74g-X;5}B76vCh^`S^I}zgc?gdGmN_qGY6C6tucU zsm^am-O$(J1kYt*JNTjBRg0Amm{YwxkfAmL+)v8T4U3v+-80OtGVWIF4LsVW#KjF` zDGfHgyQaIpIzSg3BiY}a9kGDzf)4);>!QtlXvGg2uQxf%i>K6va{ia zzY9hC+k15h*|us?J{84uBrF%1AZcu<*j5epT+FSHYxI>@Ow{4G5M!Q7mklJQW4+Q^ zIg1;m;(U*zV0J3y*|qm(I-T&t!tHTKhn{84f{-gLbRoyuo#s z#<4~xy=4X+!Z4_W2>DJmTc}}UTnhM|#P`F(i6O#G%!>H$KJC^JSLYV?QQC+@cBcoH z(mFnbVgkLAaSnl2gK}C%KNM)NIAQvjkK33GLeRNfB>&kv*21a43EjzuNDs7s-!A=Q zn8`xkIyFf$e)cU2ryj*(I#v9X@k2XidP1##h;?#EviOB;#cebHc6mzMtCV;4gERjn zl{A!WX+yR?b57Y{JWtUtiU-$Qn1mfa1{uC-K@J%VE0!JvPEH!x8NuOkw$l%mo^^9* zG!V@~u1;mYxUxalC3GRvO9-dyzdQ-UwM^AtUDUAP{-;YM@2%?*v=mBC#683dI4xYK z)mec&fJWKe1m zWoO6N&9_wVK-{>Jz8wTtkN9s#%^uX0@AD4v&AIo^fW7PqmncAC679LJ!;N(ew9UGw z)K3k^;@{_{ER8pkj%`*t;XM-#RW|(Lex{hI1A!C(gXB#hxCxty9fwyp&Mp?jQ^cqQ zazNvoVZLudA9ubW^6(TqCL@V}v=)P>Dwy8Rj~n4@0sDPLbF-mbV9S~7S8&h33%ff+ zbo_RJ(^8|oVyX2j8;uZf`!VC8>Dc3aDI9^zfsT^E>y0QZX)z4Jae)vvlTqyl|Fbe0@p}!%-D% zbMVXE4H>~zV55IEYmtkWc{bH_R_Kz;;8!>RnVMs|(n{4$?ub77+}3tGhPOo5cr0$b zs-Jl^Uxn<+lz>?m5qaY1DFE2^3F?Q?^l;{Upb00Fm_Qh8or_gs@8s4%Jqv#3N(&7^ zlU>J>Lj$zXF(%}Tk*a}f%$sLYZkYk%9aFZ8=UfZ2YPh3%Q^5Fm?ln&tgv!(J%i>9r zoV=QW2mr8jX%`^SZy=)1YIUMmWuc#DTrMCF?20eDNuBFk0fsqfv-ostumZu*ajL&o zR%4Jm_BT?AFFf5`ahRCDM-Z1h8v9V#EO4Qz7sW5Y!0MX$TNI|=qm1W=!<~+c$-sn5Ct@G`g+0)VABPjw3{5>jAL>G?{WGmJj+UjA#n{)%tv1HF z(1BH1D}lg8qJUn&2|q+qNYoJn>5MR*J?ZbYCFBqnp-p}Mx?#0e71FT&j-l-B;?(``#PuV)QEp zQonWobiV@&PL7+Xufccv+h(649QjE;WxzbTd{#$=-*UUMY^Zl)9}G1KVVlHv@Ij8d z8yA;_+9D_LM+cl2@X5Q3ckt2u#UJo851eoc!O!3-)z^jNp=Bdnsx{n#&F4_sOJZht z1sIOw*miW&a*m857)62Zkg9 zjpGbgNfQXFN7oq8JL_N-vQw9i4@x?P*XTM&RN5n-OKZw5QKIg6`Q8+>IX*>Rm2aoo z6zR40HirHz>ibmObPOkVsshS-dm%%8YeddpZxy^9dF>skA6^#ZwEo@dYBVedR2S^h zXi%O3oUjV1NgMe^x}dh?2xq>gyH~F9?Jd23oE}lk_%|ADAXwpV=~X;jR-_tR18Ia zj&x_)q*918csI)~;6d-sR81d^J6NgcFxcHQh@5(HZC=AGs_6p9QTe2$h)&*-<9G@h z3Ds5f6#tDy3*4sfaxDLGIAB6-20I)q3+Vd`6?GSn-AQvUJEGZ9q-7OAzWCs&GVU)a zmTeb3I5T-J2_qWrPL9)vQv7Vi$ozR<*i+? z(l#jhRWU=;Ea-AQs`4mg>KFqI033*A@aBdK59;L6;8M-Ap_);pm14_;60ZkZO9z(L zw$Y|(TJvn~yTPVK^V%XKCj#msqC^zmDO@-i zO->xb|8~v)3F?yzN%WGs)Fp5!fW`7Ne!F~b+!_1Zwn==8)(;`{-1>&4F!gIvIZRC# zc2O-IGe1QOJ%YA>`Vu;6XI=S-N7@bQjN=t8DBX?(g%$Jy@$;A8vr!L1*8nmKGhTo3b=qA>k1ppvi)ike z80HH1vXD^bO-JR#suW)}XT&D;pLw7;cN%?Wv~@=m!Y7m6%{E?R%X7m+<^r_7@5r!c zzu(_q2pjGYcHL3WJAIk8_&eVim|n@4r*z;$b^!yMO({G1G7oOXXKwNDU;a}!a&tTY z6W2so-u!Bdy>URiMYVZ(Ycjd`j5*2~IgmWlrQY#$ka?q;=E`SV{%(#8s%1@ni5L{X z+vE{-GhxV16wgSMizfu?`@~hJL77-`nA;Ljo3Rvdetg6Z0YhP3oY6U7X^uC~zz(Vr zdpRIpqVkcM0yYV=UU()Pcn>@hhIA;B%WpaO`OF`UV9SMF_57;T)6?{vT<`@A`Hy3Woe(YM~XoymvUI+8T)u^K{5z$Yh0wIOy>lAE}L5 zxTUqZzKu1Zz5%x!UKSDcHzGmKMthOd#iAwO2iu1gptH3Pb2~)N-adPJZzs`(q;ZnP zVQqemsXLZ6s>Dj&5Nx|sLuI37ZY8U&J$hG8cw>w z^6FUe^Uy3$ihW&Jmb{53H1-i4@4y#4kWri{qW9*R{YT?sM;DA~3meo%-a6k-7IUUUP&|8<~fp1Kdw+2q57yAcp8bD#s!gqi+hV8#0d= zH@%Mq^otonOWLct86n6A0}g>Zo*$tQjvi>$ILwqPM?Va6e21_R17s3S2)8HW;zZO; zo>N_x`c+F+;KJ0G%^OffN?qHU)M`OexuM%GeMq)LGOU*H{}4gN=VAnmLC}f#ux-)2@VL z%M`;m13~~J{I4c_mK8t0M7l`KEr&;WRwR@3jGDe?hC|ruGyQqDw))B>(L(+TZ0bdw zfK6EQEIfm#GI=*FLNYm!$Qi4>G0_tbm~#I3zNV4@*~IgfK>N{P8*+8*=6U7W5d)ZG zi5W)6ruj*YD_t^1M`d>LE4Lullyx$E`W zQTqAP(nHlgH3`IuoZEBOhed+u?D!~mjjrh7gZRRkZ0^z1q5IaaHnQU~F)q=>BKhB+ zX&SVz>{H%LNK=QN+G7{88$x#TUVXb@4+uUH=d`X)5XU#@xU-4Wt8G~$g2P$>neg~X zB?{R2iZKNju>=ysr_xs?>0Qw&x2{7oI7<^;r-(gC`yU`fQ&jwqk{g3+^Elotlo?j= zOufRN-ZVTjtMhUmXgrgvi*~P|p5bnbTHZ+P9f00jz_K;F6yA-1;%Hf>q$uFEH$SNy ziaBM7iS}+_)k8Wgl(AkGVT;X97xI|!UGFBuo3|MqE_ zAl*7L&Q#&-Qcd?*9#On-tvUt(rPM}AzCo(0KHhU14Xc55NHjhqSRN6}4oWm|%gUkt z;-&F&Z+QXr@Xnzgy|F%pTM?ceUsYJe?3-o0e$ZIYp_Xd_c3x3%zCEZ!nUON%xRqD7 z3D_adId`C(6Ps7x0rUA23u?w!bNPUdGx~^;^wQhF-wQxVESlQ?p0~vH>w`-ncUy$T zn{EG)O`dv7h)SWQ^``X%uqSq7-cvtnIZ+R!)+VJ4l&yhm{>#R6y!fK&IAmRY4w1 zDgY1d)}~TR)95;tyT_sMq`khwE`3rTeW4(E4nDc2R2}XRYPA21M&7YK-R%p`PagkD z64?ssjn+*9rScqGKb-s%w63e$jQ1c)fEFD}-m;SsTfpfTAo(H@)Pq+@`D^ZlA}Mav zriOL>&=46V++t#RDIXBR;uq1U+63+ayEBPj+7pHi!}mp!O?_Oi5tD>=;fOd(I0=V1 zB?%+K1lZOw?jDPLUq@kxS}ben9fOK~JM9J^FP#P{diD4$z^fU+tKI^&Z_MA@S{vx; zRunFCanaP`p=4ECCXLRWDnR3T$7^2U1l^qz9XM1`y>mWbQO{Sv<)6UXD-*v2|M-U7 zy<>&2FW8=EFXT(QIdNYE%1(MjO9t3)2a`Yst=f|E|9`*8C>7ciB}ygssn1(kz0xII$)|Jio6Z| zY%%7EJ6NVxFTA}-Br}?@tA=`Pr>uxBku8m(c;B8w`0jO~!D%y&^ONIC^asrO96FK2 zzf2n=YQ~MMWb0Qtrp;bLQLwResiWwL8FPEL!;+WJ6^oEAuJI=y%A0P#u#Xo>#^&TQ zBh;k^`=9yp!=B+0dGox-6avzjUWk;*au*E2cYt-O0#48%1TF^zQp56*(KME5w4KYx z@+*TgdkCF3XhPIp5 zBgwQ9C%!RLm1kxv+tBGX|A_z^jJ-)+AzO6E^Yh@l<{Ri-p;CIfeO!2B=>Z72r}%OF z6Be-#bgp{&oP~w=Zj81vzdf-{ApXL2elHX+Bc=kN=Zvi>s{F}C=;1t3#5G|b26wK( z#f%|VBNdHD+sF|$v@Ejv`m<<}ZpMj4Wp(IWjVQxO@c4UaA>&E% zINk4v$FfbfwE^9hW}}uj>2$^K2oelA>bpf*>YA!kjTJQVDp6^ye*)tC=~bO|bRUrHJr zqo$Q$k&kS`p4!}NJHg`b&sQVZg*s;$U6KDsJ*P&$AdsTqZbyB7=zv6Y+7b~RZ^oyhlkzaFz zA7xeI>mdnrfw#}p+qLvUUOmt3?U65`pWe>x&-lruJ_<;yM7!I+f463aL}1xO9S+8m z5;rGAcGBIMl)!P@sjAS3y@)YZ@gBVpe7o`SZI8~fVhE`Fs-1Dk2H)I_8uRC_jrMX2 z`|v2wQ429(7V4=z-`_`(0<5HsO zl`;+MR-m-bD?4z}Aiu{c^%|j=D&?QI8wLkRMS@hIGF_k;baM+ba`VP!oz$=_oHP5{ ziuZJ*#(%eGQCuIH(lAm`oabg%S>Jb%05nWz%Cy+Eg+yG7;eXM#`TZsh6SJNl^X;;| zDG}oJSh2YIODHYJA5iCTgm|n;u~)YqyNY(Jm+TR%5d5Kkby*07=|dTd_Ob-#)Ow8{ z4J^pv0TA;ifb8-9PkZinym0VsqCbcDi4z4HE_c*lA~>2nN#Zd}P2fT5kbv2IjHTb} zCg?i09?SGgKDp!q%o)`mlYMf$9DD@JKU3AobASI60yHqc>feC(>(`yozjFfo z8(`tTafkn!OY@(O0Io;7RbEg~P%TheS5Q(>(Cm)_=g*;lp~EQU&%+4j&na&oGkCJ$ z-ln3wCgQdtau$YF4hAwZ3I>kMZ2#bR0eq@@Y6U(r20EQTd=ykH?LqPWJbbepWWDUk z@d8SNq3A%>EQ5U=TaJ>EOz0SG0rygo2};|HPQOLR4qEi!j9IXVfQW#YfWYYivIi&n zMt(V>a)p6T*#92FUI3t`ajzs{tf^2-*4X9#K87n`Mf`0on!~; z;jvpS6eaVE#j!ciZtK|9vIq$XL>}aqIuB^eE17GufC+lS>2~|TZWO?41@?yk@J!uY z%~U(TUc9})>;n&gar~XmAn>Q;1G)ECHsj^VOuiqM)_7WZ1&YvVSUh3|Ec<`m)_b ze!TJw?b?aY!8ybhszKLXJDl7@)d8J2>tQ(TGQcKVVS8fxx-kr}v&RBvdjIo?S^i%2 z0RKP_X+PKhdc^;G$Q0?nahm)C*g5{oT^_8cBZnk_%;WZ6-=ss{q{t6KrD}s#^nmdQ zLcmH9Cm#@gYtq5h5_xIc$i?!a_JKx97!LRK%P)~(XMLsQ?H3%A)A3Zg*UVNspP%11 zz%B?T2D*5fxTZLP3^|xVD{aWY>3E0JYtI$PqffWPpP-xsgJJ>k${aKm*YwSf^sdxl zY(~-sRL44SDzyE=xgw!jy38;8q7BLnz%V~wBqBE#hY%qv7zTUT*%*rC!GZ<2S#aV8FQOO=7UAyK`T z?Kg>ILC%P3c+BO^oR3}~K}SA&4wIgv*E@ISld&6V=O*!d6!ro?T0yyMGJQp~)H;ty z+2Z<9Z3Nd>EYz=MVq-X391dmOT`^Kzq!qK-SRfblC~vn3f~nSIdtU5tgNuIQ%N5ItqrVDsRopRY?dzXHw<&C9lbfZzH zQAWkuKyieslIuzPUb+HtQS$riS%*SQ?lzF$!y?YfYfal?W7b zhvwRUtikfp%xN#II-=^uotf+XyLz{JX=}{4{dl{vj5`={%q12FgI8M|&r=-FJLx}2 z^#||`_9ZuUk#!M{ah%Co*x}j%!!y~y{V`q_{#}PBlP4JviLp;AK_#hxqMzW_&hViu z0LP&XGB)xaeU;x~?(5e5QK~uuQy7`xRp_lWOcL@(T2d~EL7pys6Bf_(a)23l_6`SN z_Fwr{`(XhLT8WoMas(pKC*4jpoF)5Y0wetp7@;{UcrYh`{yR z__)vyb4l@Lv{!G=L&mvxlC+h3qqVN0kT=`VHtiUT1*_wgMsdE+%&%6)kOh8+Z>8K( zspEm2Ewp;b0{Z&;ae1xs9$k|#mN3%=G&&%kBFC1Z(F{4Ct6mT*y4-1#Hj zt>{2fP3YHpc{>n12#G-pW;GicdP)vAe8fjeN#wvrybwXxQf>+10GN(LY#xnB-VTdC zm&ZsQLXj%}Jxr0%pBJ}saf27Y>at1Bz>lfw{9zUmN)>>O+?K|@EnMq&IAbKYNUOu> z31?fRi=y!x20{VO&Rm5?@`_thPr^J!@F`MKlgz}La&wbPh)p}WCQ6&?v^r;Gpwy&S z$gK7mjPvh3-cP(V&2xA2IvVCWn>d<_IZgZ&lZxSgGKjr7IuxLOSIBlfb33A5pFl=YOOYTW$Gq*_8to;^! z-hPH-(7G~jtmBX~e@0C{U-8^Po|h&%KEOB;^tkDR&=7;yEapr64*XVTv(s1?0ZDLb zo)%ZO>=jhFp`-RemkHc>`P}YVf8cp%?(IuDh~&U(ShRJE!*CWpxBQM_ewIpVy=_p? zv1(WY4)#HoJRDN;x*D_`yaN7OgE*5agfLa)^o}G3I`P;|9!+U*RC3XO`vrP^3{9ZM~<)T90s-+^UVj!Wi99(wo}n@XMcK?`RlWbcC&)6YwqF^;)kdy zhx080U-3U4uj4^fASSYQ)H7=vE>~X2o{sM~g0Rx}h>?x^Jzi;Ir{{k$GQ+a)$7ls8 zM`(NaT8o z>abaz5S7XbK#0IBN`anMo`JN!j)jL8$rtm!Jb(sPT9)VF)#Ks?M0Z3TfW>-L8~{ew zX^PQs_T?X>21^3W6#YkQ{~f9Me<)?l|DqgZ{$oCr&jGtb0wx((y#DLMEGuy zHenHE$xWdOe1}a=DMRtgv7J0g>|eKZFKFV`ln%RKH-+$xt}pCCs@Ppj?|(15T6bQ* z4$j$r$bYIdh$w(zSURa#ccM;3!f?&N*?Ask4!E8LE6Hz3ZKE@FhyC6>>K z>$gvi<%P!u*GC8`gO=}o5FBmcT}A|m!GJx>ZFCzPFjNFLmgxyp>>ePx-$c|t{Az(4 zk)YKJmL9#^*?2gU_WaqgnG{b!YtWxXPEJ3enIEr7tMqn@T9!>~z(YUimtSiV-h_O^ z{N9O>Jtf=hT!)QIa{utU9tnH+<7t#3r1(DWtbgkmsM4i{)Oi0rC5rUJ>a2bB-n7yC z)||z=l4OAdWyQ1ySJQ4OIqV8I|H1&?ZrM)rs$A!SZ}4JNoc(E?7dU@X4a}&2TBrH} z#Oz(2QhSwI7E@sF4^?x-!Nm_rDz>@K4#F`#&7`hpxT2!VG!<|QOO?e10k>+86V~Xg zczgk>deFma+h7=>kV7WgB$!)hO2b8#hlI>qc$j4%aXqDk+@wy4T4@e&z;ibOh8!JR zhM8+;w2ecE{Dvg}sUPejMBSlegypW*ogtCv6vOsZxP!S}2dkG`Kf2m~z z3E9^l2H*7q;%4u4ncB`2BJZdIO{;wkF0YiZfMz zUe4l|>cZmxetb5AnJxUCz z+yTjmV?>8+J_j+{UY5KeGV~?qDaT`4nzRXI31a$f>IEy%xWGiCZC@7#sL)2lhwKCT zv`~hILw!IfL@CKcJdunmRO+2`{~d28-txg4PuEgR_B0|EDu{D4h+q<7^XI4#S8XAy zbiBxeFC^NDJEF8o+2*p382W?|bU!B)v zo39$a;ygB)Do5PO#A0QEC$N;)jr%@p0n0fE_ss{(?esWjJ30`u0=klxW7V)E@;Kl* z*s$#L^GLK^BYo8ox@3mYi*QNqQ=W;vGlxvsYG_bCNWD~JY|dEgVV?g77R0!)APq&K z*Dg5u1wm}#R?%!!cc%IY{Im+*ENPV?U$=9>IJ}G=O4SA_tUy_#hb1soj>JpS_l@n0r&c^SE%OnM(7D4OPoJV4(e_nTkX7ZN-#@oA)@2_cc7a9OD8 z#?39JS|2ZJ8EI+m|FqUkLGbXAK(92mpHkPo{`ukg{mVWG1`5L*)EP_T5Iot+bru_e z^D1r}iDG@R7?~k8Xe%FF*jsweYTA>lc0?M>Lmjx93lp9ZXZ5$t8q87h;FY@FSoY2V z{<37mm%8~Tl!hL#8s9^+W_R__cHJxlh#YViOUI?7M}J4pSyETs=m%>eVL6!$4{k(Q z-Sy|>{cnA#C;CfLxk@+f02kaC zToDAd^AtZlFs(GD-i$0_QwF$!fQct%8OUi-g;A^%5))+QCdI!n&@bxB={$e)!x97s z5L3u7V+IasH{FA8xlzW7r}a(QxiD7h5*jATiqwZSEyXRzDOU`9|LIH!4Gb&FKSw;F zp9TCsAM=R+uZ#Det5mE7<*j^_{GFRAab@i2&y5d{Pk|&rc754}N#U zAWdp)%!tH<1fZu?saoA!y=*gVrWaA&^aB&Hww$a8F1K`OwZ?95Y-}u4yS^`JBA9&t zar=oU>-xR@_)PTtxP6~}&v*PW``W|R^Rma*3!`7JkO&2&LCTHV5KlxN>2^^C+X5z3 zy>~X3lX52B)uF1xY4seY*mofJ0MFWUY)pI zc(+`g$tMxfP6It;FW^GFie_u%R?BBh%s*W4Q8HftMWx>=z_MbASOeuLvyd9us0p7f zonaI6v1n*O{n5CsP}azPHe{^X;L*G*Sn+YpTIx@xem*u*`DaA3%OtJEn)~oba`btP zx`H1A33HKYZKUuZ)bhzawX|xX(?Rz5)68LncxVUL@&L0k_y~v6is**cAPyE+K)tY3 zS0PPW)R0ktpq4f>`ld!V!8$_tY6L@It61a+#Z%R$3qwaF1{U5%y0Oin*oG8;Xlrez->f z)Xc@7ahO|uCYKr;7}pbzi%s6CX0wX=I`~N7LBVVsoIQ2Nz?`}4DVIG#6a*=1?XoSc zK8EQ@E~InL{mZ==W8$nE1B{f+vgSHKDiD&-r2VxHeR7QJHK{?j5SJ>DOtrPT`+R-p z;gwSupg#rCmB2`$4fU+JQpADv#siU_{T^JLNKAyc7*CDO8_O*`Ok2CErrO5&0MXFM zmI*BZ6)eioB?J85a9vD3yEJ$!hS}kdsI()XhAFu6cv2y56;(GaU|fg>x{#tO(1cAp zky7TLbEX^;`@^RFQTd@TsB5~`2-0|O+0EtB5LUhEYov9INRy$}ZPG{YM?&Vk647l7 zg7948gnK;D>p`Xg)n@{Y!F8T-XcBFShX!PtGQ!l_!8%i2{xiGooHUp9<$*F;4px^j zmE;);MS>mQ;waw^P?wa8jzZFlIQ?@q!nmAq^zlt|;Z};ue@Ss*z**Uz8`siJ-c%p2 zaG|`GBRO#PT3%R!PC2#h_CcZ8_H$o!HMMQHF^{YsK&B_Iqnd{^iD=??W6alb%oRnx zgK~GiLmGBTq3~3=6R{%5EDLXi+ce^DX;5ud$}_eRFQuC(yKNioxvuo*%AH{mZ3P@e zN`^d-zXrIs!sXK1CI`rpLm|On3D84;_dzteE%QL|+pyvYR53!&nwqHC~zvkeJ# z4oq8S%xb*^Fh!5ZLcAmd({TZ2dA+(%4fw*Ck+Ympq4q?OiJRHHdij8 z6LLF)d}IXI9$+QeuEKQmSkret47&7(5$*`NFANz#$x*WxuAcYx5@-D!BsZgFHVsQDgQsdS<*k(~PTMD(H_iWG(*`x_$>- zr@8M8xH(wsx6Wh6Fe)J}KU&cle9Wx{$anc%H>fwNmhp<3na@5YZuGv8&&~`#Q+NGF z!!Uzz%rQ;yba{VA_5F>9IKORqGs5np$RPhaTuo6Vwe@_pW(x_jbyN7oE&w8R$aQ$X z)98qmFJ)9~;vHESPj|#*!spv|Z?q!uh7?DSs>;`L&+G*bwH|(y)TZ&`S#b=6@{N_m z0vil^CHd(XRd+F3*(tYA5%XhV;JgBBLTV(j-&}~jg=xJ)w_U{GHYE7ZZtGjV)~(6` ztB+Q7_#cJAr6!;^|LT|SV76P-K>P|5%ipUn_JH5j>R+*v(%p_jxwmLYe$6**UD@-e z#ng{w6Eo~pYpRu7PJn)`H?&{r{zrB`J*vQj8jw6Ujy6Dbfm-?uiawbrg%h$wGClmio$!A(?~I zwu*1Yl+&fxA1T1fgvgua#R>S0G73T!)am)JoVbhqRaetZhu$uB>g*#?u=NEkA_)*B zu~RL^F_a*KN)SK8mUB&Or%d`9gFH=m+Nrqc!3)!5MWzjT3w{o z{5b;oIf&aREamTMRT62DmU0q*_gvdu(#49dYBmV2rN-8?ObOFB3szz$vaUG9K zCQzeIoRn!FNT4DabMePTKNyp*)D$Defa_Oxsw-??=`j^I)oZA~f&_h73jqks7GO53 z3`*iCs?b0Ys^mJElsrZiupoVsxi!}5VoFJ$GDz137avNf42u3dY1yrzryxR>wv8dy z+E&?GfA>hOwJe%WNQ)bBxFT%}XKC0(etOh=oiZ8P0oE9zTHUC=%tO4Sw^y@t?CvY$)En7r5E#~=cTt%z^!rt757DrjWsPCY zQ#IAGn&78OOFO1+RC8&579}e4iY;YN*_Gnf(iFt?25ACD@=o2ZhpR76dT<_45$K4f zPU)tJp0s?%dwNgc=l_-< zJs>*=TOW)uO+1&IR30dYi|bWxbzARb z!WHs!Z4}4Wb>iS%Q^sRvK#7yt3oks3#O-XBP9q2JX|f#^NDL(FhaWO}K$A)skJ)(d zn436OR1tIo+S2DAAc{uww7cy_El+>BoK&gqJ04c4Q>_vXGPa zln;IyiwMMu!{_a9)mgokLzL!cojBi|3Q+GiyOa-c8?WTzT-YABtWJUkCRAxx*E;Uy zhs`bxXVlgbS0Pkd4e~VZ-6McaD9bc48XR$0n0WQJ@_3iKxniV${YEZEAp}tqqMbo->kSh!5CeEHl=YZwW`WB)|cQbO$X-`{O zAPHBRJ=f9l8yCN?m^+z_lvYjZ^fCB?^WQpz0?*?QPyquu7JW$(;POi0krXk{MVUJD zzUl8|CLdagis)W*?xsq*M6+Qx?d9jrzym|ta`eKz!wuQ)=@q|3qe@T$^!;3MYA2{a z>+1SQO-8j>Um*801vl`2V91FoMIi9pLSUdx{4jl=<3VwwK1qMOSb;A>BJCAje6F8VK%?{bJ{vQ#(lgy^o`^&u2 z+?Mi&#VyG6`LpLho>##o46IJQR7zE)B9(E8_BAwIMbQOP3tW%t|jtpq#cEL||#0(h2cbVwT|_5nD7`&`KilLxoN zHc%~WA&J$ue}}@b3m43kF_@$aGpOK=NMD&RE5t7{UTW%)=${IPK2=@xOqV!-Z1OAH z7YvC;n8UBntoiQQ3V7*kw>EKcjbB;>o+7~_{tH*0K98)277b&XqB$(VyU0H^i51hb_3a5{Q%L6xB4%N(gU3xb6 z!H%4NV~0WE_FP)&;-wuT#D#g}5W}w@^}C45 z+|%~M`7<}_s{Jco?QzZT_%SQ$98amDEOxc)9%)Advb(I${yQ;FtJC0(M=Z`wJodA^ zWA>OIQCEBL)opUt-DKTv%x}!^uB_-4+d|I13DYmW7mKKAhzNcBAdLupRA?PRdf#9I zL0WB5`OQnAyBO;jub=uGn56;D$%E$`9MzoVLq|PJ)dZCc^a-&~hI>;QiI!wY3tSLh zX+GfIf#&Z%C-vZC*&vL1AXan7aL{i`jTfX4WL|88&e#}muFJZd9m<|>8_4o(j7=XTO#1r#UZY;mu&T5 zxw)jyI@nx7_}mfKt!R4QK;Wx>TyNRTt5O96-4BrX|YvA?;-hi^+{#-p7OJ>~qEM{wNHs6exX8_F)wrpvzWlyDuOFAu=a zL~w9zk~btgFc0gsWkDy6dR8uXYXOwQ4NZusQA*?mpi-}~O1*oa=h!hS*GDgn=sc%m zb!Of{Bi_73{7#Ahl)V_j0cP+JdPPBWFqC_(jsx*?lK9JO5CdglJR?I6f$Sw$@EMgb z*0S%7@|oZ0Oy+#cFOU;A%TaY%yCFxwuh}1|2Vj4T7G9pOsOwKJdWVsIVVfl3Lr zI#MhK#wwZS_im=~%s+vYM^f$7B(kpm!?k1$-d#xQ*)KUq&^647(>JH>o{vXWnG zv*x{H-}*dQ5%@Tm0`A1rhVEelGQ*Yw-*-6<`O6gd`<+H^y=$#K6!vAj`@?AfKowo0sC z>vQaoG=B#gzu{K%NObt(5qSU3ewl0b_6<3z#z=t+46RqO*3#V>eK1o`wTTetL}p;w z^@Co|0rEfAzYxk-G@F|zo9*&goME194VDAof;lV04G>scoPUS9{$UU5e z^>EiuD|G)td#!}&8G_(3+1u-LIOHhq5|All!Kj=m3#;(`Q*oQ*4#?wf%SYIi-8vhS zcTDewH*w+MlsU3Va`!TLqpEO}`efulr@N#0QoH>!uQ1Alt(4bwZ;9r+pj=G+6fOF8 z!gr}kn3n;W5)HOUyXnuc)Path;wLpypgxi>Jz~_5G(cxkmH?4Pbfiv*q(GKfr#oZB zFWZlr9ufEAkPHl;DCsJq(xzL1A;okn!GZT&C)6oN+b6`RR@jyypfG~*C5qg*wtY0V zc?Wx2Db(|!vvbtFE&Pplmjk;Us?&s*l6ZkElG{C-$H;uuPG5ZoN#rK&kjw85V8`Jv zf4S6VJ#Z6Q`&bN7KAsnD-P)CHD7nEat(bSFdrj!r+n~cV?lNsZ%A)h~*blA7{=)XK zKZN@J(QA7>f`JD5;S=k`!(Qy;woO4)g%E5ph~o5;(n zk>FDofBbsp&F7d&$#E4pQJCRobn&?}8f_hEdo=I5=eX=WiP&)?csQ=;iaaS#+w81| zV>(H>G-0_U#j`Sw*>OdvO$#$sMcQFQQ?ut#yJW%tm)_orK}~i7EUOZi=}3q}#;t15 zSxDe`??dafz>V47&E(LOrt7G^lmTSD%A54ddOyg5KAZjxIpp@DNmA+^VQA>RbUZ?% zJpcM!YuzV|6O7NNCUFodZ)eWr8}i@CwWl@lRl}&j2W`?!K~05O7+c0IeX_ujF3g>K zN4_EQV1jyIxWZNTF;C`(SB%|^>)T@97tD~r>v!e8QL149k4hxUPWluxArgo zRCm~;nftY|S?74XYka*#B=Yf7L_5{jOPz#P4?bSDIS3Yx4JZ~<3E6OoDZA`rnx_hg zCj*W8(lspV-e-fu6g01a`!0V(rpmQSlT)#K?qS?&gwfgiE56U4nBcF)*`!14LFJj+ zEtQf(yg~8fg^JshG!os8+M%Vd&6v^~?AsSy-`{H5-_3bJ_)QCb2yeD%Ba+Am;`=5G zF%*t06~#dJB>u_7!OIKbktTF4lg&jv=X0d1On$a~Vuzxt3$eSl?cqsoOt|q{b$YxZ zrH8QGqqlsiT+Ov~reO4VgHhBAIv2h=rQr;y~ORL{IPrOTrBrRN=tpFdSX?Th0M6U~^F758b&l3J$#E0_Dkx z-_+nB(#TG1$IG_+$JjwDQ?@dx#B9d&USu`Yu8sF}P20Y8d&r))M#%(7c5Z8L?X1PV z@k-$H4nMpz>$tO>KbgVDdC?196`x-XGOmZJIPzs20$3-3IizzBvFs9E%v=v%-ho_Z zkOXxh4~8#vW?7+3z|_i)ktVT2v`5KKxFFuauClnT)ku&WM)5*$l*kE2xP$~TdyD31 zwGUNmL%}{(YRAH9wny9)+}}|jo7CFE6z%f&KEoMzUAz3r9niGv{r5L+!$X4+H!4;JU!)F;z1xslJlEs0FJZEc7V_?(}Uz7 zv<=BtMnkN0XfMi}kN8>wnZ5Tkp#&&nw;c5=zc(kwLuqT*f9o{%>_~3N95cfRnq>g* z4aD@wv01E#4yK(dOSi_6dT*(}ZeVIrd1ogn2WhNuhTDmCoKZUcBZwkt2ZNhWsH0fz zwRT%vWn=*|Lb)G@w%*?}Wc|YH)s7c8=PN#>H@+5>wl8{(Y=mB@{eYn%_-+)z5McH{ zSo;RxOtWq6?%3+swr$(CZJQn2wr$&XI=0<$I@X_=Ip^MU=FXY=mHOVQR3-JMvb^_t z*0a<~3$ORNw}IuiM=8xq01lWx6zC}$z456^lwD@+sxrg({qR$l2q2@j7v4}0G|P+C zxa{$4o~@E%4$i~?ok?EePNi;VC(Bm_mZM7}EwzQVAUM<1CplM}OSuGrZ|#W8TBmyR zLd*EQ1u3*?;&CRc8>h7{tZeAevTKJH$+wq-%*D))=@j+P4T&FwiyQ>WgoXMeJ|I zqb`zcg-66nk5#(JD}SzCFnX(Ny$$nPmFGW-^=^mJ^e!MUx7^YSrjwAeJn+xg9A1e+ z7ZD-TvXP8;8~j3VbDX%K0T4F5B8GLD!~}YvTg_ zrkwY4-#|LqXSLW9U)QPOjA<#``2EJ&JH8O9j8L{X)iN^=!C5kO92jfghVjyB=#)b; zt((DYlL)6{c<2@p8AH2**}iu1YDYXDRnCBMHG<9>GdYj9zEPL1EK&{=kFo%G$kZSL zuZ(k0EQijsi#L7PT zyKOTwm7l-ZIIGu#$q(8L?q?UJg9*aooz#D=@hOker4w1FrenIR^rb{_8bFXomZn%K z<_x7o5eX9|p?OoX80Sot47nQ+Go#hhAG_B}V5di3U(hcHSGd$h=vC1&im&jja5fF_ z(TfnB6nJw)4grra9~zHL*%=)jpMP{A)lF>Z>g@I;=0A+TNMy>CLI%Z{U%EkhF_l!< zy%|yERSXJ@kUJSB?%As-2Q|*UjH`>QjR(ab&3N>-o|=F~RcM$t&swObZiFTyi{**1 zV^BmJsK%aA#r<^O4;mW7ei{ih3Z^5*N@%-5r`Tpv)(_wdMlF{!ufVfl(k=UOOit@3 zQ) z6R2L4yVLeePqaHy$N+0nXZr9#9}yjcZgDw)-hiQTRlKsv1a6hlAg)SZI@FLSz1-Vp zhqQJPZ`||4?lElt0=xAH|3gpmqyQ35bkRX`u;@zT?vNjb&~cz9Y*VJ^ovpu#08IMblo!E=)v9R>9^ z0+{sacl?#Mzo-l;=9e$boPXDO{5ulkKl;Oe4_$8jOXxCD2WdTF<>m^@#4 zOk6t<>Ce_GC>Y#=d2sS)BX!~P`R`WipSj!c|GL#`W@~C>FRN!}|3{-WQprqVO&O7E z8X2BhUyNTAEQU9E9x^A+*hs8DttEwsE*E%KXaqKYKs1Vyo_20)w%Sw5BrJDQ@})BK z#O9QdOU79@M|u@D>DMO5!=}S@=fl%~@gAsD89cr)iuz;onk_eG57nb33B6Jo^;WN$*_*TCuk zTlV7^S=~m!QAZFNw?U^mkAsxwkqRd{}3wsz$4lV#s#6J_~tQGkP?p_k$ zcw^!B)W_!fvX8by0`@8}O&F=M+0FY*-KB|A*r#Rt+f8Lmt`Kr&FOW|rz6s$Ia@$7a z;;J8__G+n~mfPsu;AlZRgaiz#yNEdI&-B|XA!Q1)ybxxK=dA!b?kJ2=U!hKE6M3^C zGI+k0D=XkWZRsoK>h1po;qHe{5@~DFy0y)vRtN4b{MABbOBc&l7?4*CgxaG8*pCWt zDodoUoEf8;E}J_9wcdXuIqRl|5KEI;d&I)oCyuXD*5r58y@OnkX^L z%s_)ewY3`O`^!Odn9kRX373H|Mm4=e-o3=s1c>-_mb($D4T}buvx>P{+7*@|Lr8fz z!`F?nBh&Z1hb(Qc%jP^O^)g6-(jFNtb0_@@EZS)win28KyhKM$T3Xwly+aEtfl^5b zORlcTU&^5jBBeGXZvy9}&wQc0dDd%o+<{rWK8oU~xp}d$+prR)FwJthDQrCHvc$ zBL%9=w$jyaP8SGY{b$UY)BLK{o8I9ReHCuNP{+qt36Ga|S>G-%bca`j%wpv@kE~vr zGVBmP7WXJY6KQ_gA>((lKgRv6{$htASM_~z{;ME) zCoI>7vGNS(;u~Pv+>Z;0sp-pHJT4yFknn!>;(K&13eXmHKASRy^6h*tLirPcUzY}? zci(~-xe<`oB};{XUGC}Hf)Dkmh`^5Lyp%}FFp zPzAqrRaz=}jYWz3DlcxgSu((GNj@t9tF*>B-Ja8l2mQ{)d}<2cqXYN)s6G6KYDn6o ziw=N6h?|g6FzKy;&*1f@RMIwfE!o0`ZO>Tt9UYPnSsH6EcW!9TDKZ-i4F?WINm@{O z&{(L>?0~d)>lkNd5L;c_KwpRomR70PpUc$YM1?V0_U%32U9*S)w}0bvAn#xWK<3DG zk17a}y^ov00ug`RM>k*c_rf(M}Lq8KL$} z_RVI#>U$LNT^RN*Wa99&DkAPtg?X;>JDKy&DEOEJ<@>j+imNj+8I>QCyEx^G3i%Zw z%=oM9<=dRseT?FNtnhL5eVy(4WU@pA|JP{v=lysTe;o~NY~4PALjOu)|3_G~lIDQ; z4JDNSV?YLP+4U04mk z;L>PpJ+pGf5&5!klw`BZeA@W^?qC^6qutq(j z>VU!1$2~S&a`ruEEcl^d;geZ3jdjlmuv=+V7pQUs4HfZV;-!rH;(?+@Xz&2;RlEzv zo|xL{kv)v7sHaQ48{prv0x122YxU=U`R}7Ff0hILU&=wy$WqVE$nf`#Mt?QY^3U0e z%vdRjeqOksEh~fBq2U>aOBs$XFLD-lQ()oMY6R-4&$s|UNxX9z_8^YhAQv+h^ zuvr7tXB`Z%4C7}LM@uiD-yJNMNpmfGZEL>7=hE%UtVgTf)J!iisNE~x@rEx3)fTVyD`MCU^I}2ahr9^h#+Zqn;1}~$)$5Zx}1<9=UgB-1_ zK}9%uQLIfgOF})Slch$*Ufgyh4S0PRLCr*2ULbRxH-AK3xIRSPPz7?f58W)D6LL<0 zsL6VD>o+YyWgClff5N2X{tYJeXDx~R-)ZTeYW&wRq(b>|@%~TD<=kS?konK@u2X|t z*-}(E$6QiV!HNXu+?MPj11Yg@qXP3b_IrzgINKtjEb)(3Kz4M|9!D7t)0wG9$-^XH z+EwLa^p{=MqlT(m?8rW8iTN3@&Sh0!l^gD8m#jhFmA12=tG2l|5Y~||ZZL2mkPK17 zw7e&o!q>1WS56`NRbq@v-Vr~Pl=!0b6vqN+$FG5G)co*{!lF)|`iw}GPIV*+3TXB|q>h zxQVC={}y5_4BO2_JE_uuf2f3^jw{~xv>W@T&n zPbaRFAD3SHw21g*f4g`_s%maPATn?S5af-SIx#bhgju245=xROMzquASgxw=`k3$H zl%LBJ%1$%I%Bb5)$c=VVJ*uWNJf8mc{3_YmRK$&k; zYjinO1NyIyBYcjm^9nAV4^#!Uuzm8&s*P|L@C4eFFIPx&Omp|QbGhvpletmrvV@_A z8`;>(A5iHhZE;breO`xpm-pdAV8l3vlQYR4bCZj@b&NTA`$~3`rkiXCbk;@ zR@1qo4fvYIeKdFj4_RdhCdG-kMiC2-H3ZQZ$q}&-7SY;ky`UE#zy6%H#hyzefVo1G zXrPu+YpDK0JeKwWRc>pnUJV6u6G>5n!TFePm_DbYyE9+Hrm!hV<Zb7N-(v*^{NpuzI#sA{xy4Mt!NjAgq$K!Nj_t!___p)5RoGs@Y z@O)E46C?a~S9-nGP*9^@RssjI#$*f{x4}4;9k$sN8KeR|F%mzxG)BgsGjPbuo@1)C z2*CYgBttS8acVL-Zaoc>Hrc!el-z}Q_%;0~NyLva`>OYOpoZ;0iN3LN=&e z8c(>L1k_6996eW^_NgRfcahH^NvLoMkfnCvQuA5pP8=LEBJ0aMiwbqZ_9_fz`{ zVC=?hw&O2{Y8x$B0T9&w3d$kgQ;@p)Xz&q+6Uh$RV87_e1V}HN#%AhJtJB|9-8V2G zAh?D<$PI|9-l6ubteRCJAK|kZ(M)J12pX=jimtp99yR|}(!zBjxL>PcltvWo z_Fm8Dw6ErM$%$r7yd_K|3)}oe!7Y!Yz{LiHY5B|1CsS^r&7@jR1R9G>twDOqnoz-y zk;O+$o3ir4Dqe$N4YS5GYti_ zUKcm&)D>|K0P9W>EI>+zJ;;QE9Cnw<84C1eR2j3snUS+-Z_QN`w@o{MCYx!UuJ!mS z&14>0U>MxcEat$*r9yw{S$R|pDZmyI=!V@`4*`$MJ7m9%u2A>rR&q=*jXF@wKs-O-jK!LgJ*X_imXq;{0vTzHsKH344hY*_g~~^muJRoZ_AL3@^|~ono~{fF zSL4L*oY>erEh&jYNL7AP<`rAR|hvY{0M5C*y zKOsN|k-hb2i-?BBZ%GsbZvnqat*PbH8nG6sgQnxzEE3wlSjlb>>tUsuWX4M0VK^bR zCWgkwDJ6y}*7-U+F3^ylZjyIfTjH>6 zukcI9sj-^A!^~$T?^NSBYGT>T2jdb6?61% z;5eKubq(jz&TH$}et`&B>e?DX-(!7GWqi_&ZM4b5qsrn&PR@63%OClremiaCCwX_z z>ysAwLyMocUC_y9Yajb8(4PX=)JT}*S4%n9!07%CP@M-ax4?5dhoYp#`QSa^2B^K4 z#zlRkw?MG#l=YfYud=MfXpecUA#AV(pcoOP9sPlA3ueSj;a_YE`N5_mI55apos zo6T;q_cZ(V+JrF%MA=MgF>JPDFy<;TZaDQvMbJp?$nkk$JfRIciL+~30wAO|+3nJ@b1dLO-p1Xh|r zD__0BY&_GRZlPqdjTSkFmooC#!xKEQL9YO?ha@~t#@{h6iZVe--z;8(NZ0IWJa)I9 zyT%kp;=p%HV!fhwUFJWeiB?l_^A74=K6eOYOXT_p%-Nnn0t7KOn5FECD?}~WUg#{( z!tLL`%s>0`a71st{} zqIiUCdPDiGp4;qE@T3O)@}&&!?@pp(|Bq?f#=+>fl`;QF(n?ki-;@x&t+m@m>xgm_ z{TgTFdE+SSz`DMFEg%F&Xbw%22jHU zF?p4XI@+W(gMuGI<2lPp_n3B@y3KI7Kb-FN_5#}Gtoj*(TZU(h8$}oN3#5CnlGtUb z^7J&Q1Qg2P2y+RXnpTiuC6N$8)O-f|%&%AW>eVT{*{u_=;`uy1X-`e)$G*#eI^RX5 zQafKe#yo(|m2xgw3&krzG*+6n$kjrTuIQr6VtkW6FRxc{N7RO>nJC7xf2fab#l{Ix z-e8Pv>rW~Us$A8i&*eKFOp<8J!EaEYio7hgY04W8Kee_{taZg6ED9p@RE%=vE2)sn z67?hX7QM?nwEbi-T>0=ZB#73i19RE2FllY!>Y>nuHW9deai$Wozmh%?+m7^b!o(xm zwVyxg`|_))4a;?u?4OSWcEozU88_Dg_B_vkOz$G0p^ z!U$CKazF=_PJrIqR^KAv`XxhW^qJ|`QTy@7yO5gF$75Y7r@N*8R06EtaY}=~mP=+C zy;eOGn}>I^Hf0^BWvHXx@jO3i?suiyzJpD6<)9oE zB^A$I>ZsB|Nya*H{H2!2hDR4-D&*)_u1zw->&14rMIou9GfGrmBqy6b+fOtsmX-^K zIyK|Lzp3hYBsDS}afZrerHqiE831IHg_W z2wqbWb@oBQ-6x2UySRNDl5%DWGYQb9!=B(!5nJ?}MqUFkaDL~1ty zpD~6A^NZP#;&C#Bd)d)yu(Te0@=3-HL{-ptAq2wCSz~FwNJs?U{Yw};Z>H}l7X(Fe zecpkpLmGIyYI&pt^0ixVt=L4Wl}(ZBw1d@1x-usQVG-6K905;)@1rqH4u{Pl!_1RB zaM9L>O}4WIM;K26r#f+u!zU|46!b!hg(=0v09&z5m!)DnvSKWBQ8=MLWm1NwQwIHg zchkMNh?8XT0O|!R#693UD%G(Uc7@%2pRc4xE*P;!^#Bzn~Q`#RgAGj|c zJhq;m4j^g1Ec@2epVo-;^YX#nK~0J@#38dVGN9n3v-dGj3%s4Tm9}%BDLXw#GUEn- zfYGO1~CuUgY%6?A#L#gz;dywI`{^%Bx%h+dQw~K z75vTIo;7oQI!0E9OLPf9z>R}&UcE9$?3mDKOps3_AJ-2#hzYw=6_sJwB+PoTZQ4*b zn6SdArB>Np&9aXkONBv;B)|!ZMFuI;d*f6`uFzYikao3JyYDBGB`>IeA^2leUO(KF zolCYAQp@=iylu1k9UI=Mv2}@v7J3jKIEyBHrXwBC;5nSNA!<9Qh*k zI06&`Gu=S4spN7H_auYEK3{H^czVEc0i(jWod)VF2=K;nZcm)vXg)Oy)&@SPjk={; z-wdV+TYulNP0hU1)ro+`cxk!c{XpVYSAp zXqPVIcH}bg4l}S#pK}n*^iWPh>uqKL!I%65jtHhonIdy9GPJj%}dA-FOWBcY10?owh!%!L%J_@p-tMkX!EYJPIbv7m{Cg*o3{ zLN_SV&etPvIM790^`yduB#>Gj*u!J zCZE5*w3)DNp%oQbM?_)x1R^+J=mKchAi2P78Psb*4e-aumXPV)rg+xD^I)+7y%Jz+)KDV%Suc*bg zhG54GU8m{@;@T?aN-e1KBe}iAB4!8(BH(9Bld`Ct%g`9R)ZL?B1kJ7lLKkJ)jS6a8 zncm!F9MkyQh5E&uM?-|g3S%Z`ZHv=mgwYHK6N80qu|#9VioRY+lT@{%t$tNcvR-$w zGvje-pr~mOT~)g$X@Ci8MJO8foj8%Xlt{G|e>n2%4~jAlIsOGGu6C}myp5>{CC0iR zWY`<61Z_sTx;ZrLa88w`N%0K7;tuWUb|X>(_U~k+Tie}Fj^Rrq!3Oi0H@6BR+KGq7 zADIP?DC*@U$Qb5ozU8@f!8o|0Y-Ilw`c@q7%C+hL;J4%btQFjDD%0Qo&_1eTCR)TK z$@vS3clzN6HJ_vK&$MN?nq@W7>3lk5SL{iX4uZ?#BlC(p6IcM$oPPhuFXst2c%E=L zd5Jq;IYrljMzDhgeR?D)2WKrkavl)cJP53AUA3^fqNfyX2v0vYMQI4MZd=qo*9zBO z=3FBn)=m%zZxGsoOV!@@unmZ1&Vjj^-@O50)rPkmY^$xWhUL~T+rhYG3|q^;Fy8;l z?BBHNZPM+(R#=`vwj9(N&K3+G-a^*g4tq9+X!;hSDHx`$-Gge2y+>o+1?1*ni5>3* zN3D9$x~*N2e*{c_jo-TCVYm&sABGYtp0)?NpMs-@;T^$or9gPiK;EUJi_krQ*CF}i z2`Or4$rY@-SL_uzd-(DS%3G%Io!8W70QQ<>x{!m6c=*`hydP1BF0^x>L*?}uj9Xl~ zia-o@$Djd3^nUmnd{!FYiaS&W{y>igls}mcH&=l_IUrJM(l_cuS7Cc=8FvrfohI+S z1cf%u1KEf-a|CkdY10jp978**^Q`lkq0;9%!IGk0SrKw?j#ZjhGD4W*%cch8ql)^6 zGZHU)nP*SsX4X`aga7kwJyM7J<>VF$QK6>Tm?qJq(LsOpf4G@hp{kN`5&YY6Z!UaN6tUx;CL63$N{9 zF7HM0fnf>+MV&r$yq*0#^0GV+qlpq$HLyuZ?V<>;ePeuVwNa;frYeI-Q{D1pJ1sC7 zMcLh~c;6(^<96CCe=qn#|0BC!Y@#NdCQ1bG`Tkz}q2IDn;$3F}VRp%$6WE04NOv5t zS@Xs9StF}wts%iriB^|R2SH`Pbc)4EpL7&ue!Q!#X5Tz)^)!zJ+<*K|y7g=W)^+q* zNMOPLT`@uRpNa`16FtYzzS#d*Ng1iQCjX5Ojw^nxuTBig1r82QpzbSvNeNJ&RACRU zJSp;X1EqngR$b}j5I}c736AH1QW+3s?dzA1L7bW~iD`tAFBXY3@fTTh#V@~p9ll)B zY<-c`6%T^-2LB4o7l68|ZD!NZpjU{4TGW63#9w<>!OFbUgv!4s+-qA0RT;VtUI7s! zR<)Q1(uiOP>?Di&OvRDC7?##GI`@1p;oChdm9>PKAHySX&Hw==l~v)#kcS&4G4D&= z!i>7?0DcGMg#tOz7E)N}FosJIB#c)b+M6v}HTDT52w(<2Z<&~JiZX~#7qU*Cy_Jx` z>Zhawax8D@r`@M|W>nRpkIz6+;y`lTfuKu>XkMr4!tLXNaJNgui#wW1C2Jsz%VHwb zG&p8$OL1$;ssW8Rz51o1KdW|6%)+w>=~(5XXGRcd*f6<9X{6l*$&6jkcW^zd}Z zQgMLj$vWd{gt?4!_9pNQwrUd}CVy%O{Qy^));bV5lC~Y=+g+Y=g(F3^s*%P~!})%L z2Qw>SkRP_X0FD(dp%pH1nGi-Pp2=L8N+BZ31UhLNttFvW2Mu?G8mx^pyE-7Dc|%a z^}_1vTtmz_i$dULq%b25BV!S9jARG|O!3TH@y+{$fPM5-`6c^wAEQx=0?_Sy2~T&6 zU$WF(c;kJ3_mP~$)OSbc|VrlupPQRd>&kIwk8TcGPz)Lpm|he z@oUy4BO6S`s5r}-1BUac=;{kamhj!lO$iy4s}pA%15g00k+3J=Q|if#2P!53SYG&F z8UWSbdCNPQO$j*53TN9EX7!>og_jL|b?3gL6p|`z8(AFyKoTnjPr z0!8&0k~uI8Ozcaz(tJK&&cs(ZMxe5A@%ojYN{sqs@aU1laR7~7yJ4NGQAiNV^nDl* z@E|a1&xC!YH8(PZl-Xg#kH8%;6&Ddqz$(717#f2u$})hALPfw9NEHfp-!_GdO!8Bp z(4Tv!MpY?k6j>w~$7~sxNn3;l*RElFjTjClMJG^CBnu}LJ(j~#1#4#KS_$Sie~{JW zg}k5K1au*#BQ}&SM^FJQ=>Q`XrkPpJ?aDDE&JfVE0bAc`g%_5$kE^aK0ilXEn*G86 zr%Ig<+G8I#)02>~>$N&SzDg5cFy zd2e6#7Tpd~J3}e6KeJZ(5s3wGi|?*D{t2BHp4Y(xFQ~<4UZkjbred{t2=PV&L`_h` zK8a$FMQDHeL5quREW z7VG8kc9aSf6JX0Gldt7DmqH ziV5233Q!<$)MQNFoj-rkBEr=UR32iMoYFAltTf<<+(nY%GRr(X)aoj1-HwpvK``o~ z`BV>wQU{KUoI~RpAn>|M13Z!yNPGBT{dYcK9NeT^w>qwG(U-IaAP3Gzs;V+|w}p?m zchbtMq?y)|hO^4~dg_t=?)iM69jtyHtaRLxPV$t#WG5Gca=;IzEjX}}@_0f`X2{C2DssW8qgzh3R02LAQ$vR${CzRflNfeiyieS{Xlw>L&E7FE+rstcykXnn^B@g ztrs>+YGUjcclhkJk#N}J(bHfLa7jKCD|)6Wh+-|way@;a4(^@7QMhK^b0*RUvB6fc z1IW(314EhA-;%{;mGC)AbK@U8dW5+XHn?u-oL-Z$*XAVJ!>QTp#+0ewr5Uk=w0+Ky zzlOrO3)nMG5`YRREUSs`9ldyr{_1FwkM@|C*WPhCR=CWR9 zxOLs_{NyH2iG3zjyNL2+1VL(d(8X{URSMp4JH8~;y}G*V2Q$^lUBty0ax zlcH_?aVN@`oYIr{NnCH;d3>Te7s_ z=_lV(4dLyLIhI{WOHtr)$d^yCH;aQS7mHHK*^ehHSd3393thExYPFhRVZ72+7eoW( zB;AAyB31LP{7z|1QQgb@sr?$H8@l;?JBfo4UmeA9D2Tx)X@5G?E8uj6H}Md!`IY7EF=?VfH89~zH#3Z*&=KBnUZG4_ByR?7RDt!fT!SkuUb}0*o%t~8^kSEBf9T1bRkc2-9q+3Lp(s{($7F{p}7|%R`9o$BC zxrS}qGb8)`?@Mg*MpF7nsQ74G%C3kB1c%%+* ziEU~oDPd%EP4t4=3m91B*Z{WjU~7{@b8QrqyZxwKku>aLmpcXZJfS_V*gN&#LN-;s zB~e~5*qFUq0`FUqEOYPF(h^4q8$(%1BsMy)x_=1~b$k>JT}v&ioJsu3w^+|LE~Zr5 zHoPrQ@qiI=R@(4F$7!3f1xUOjp>56@yCax9${un$y4tQfyuE`qxuy+ymeI7evSq;x z9%kCS0&=%p;&y|wIA0-fy!Zi)t6l5-A=+Ky6gt1;st@F#|TJ7*? z`5+k+dYGo$7NW}h!A{I}i;k42c)Qd&`iOOndTpI%G+9TkWQ%aiM{3~>qhi?Rgy7O; zIb>@tc^T)Jh}%$M>j7mQ~Z~QA?HE zCrat4Bl>g>k^qyWiY7ftCH7O&PJtxY8g`T*2#@pC z%Q1$neDUogzcRk<;DnC~0a@r*AfEobkKf6j(gNr&_dhpBTOj;v>GWp=@?VoZ{p;TQ zKkg;}n#QmqRRI0D+z0VgFH z!f8r-U76GyMFw?}_ns6gvFrZ{(n7mbWULB>eQ=)YJj&qcynVfS1kwc+0t6>?G9{K5 zWk@LS(QXE9+Pi6U*rThI)*-U3SnC~dhr=o|6jggmxDoIO0c_=rBB zLjZ)0<%Gf45Sj3Oaf%*<*?EO5=-E;?w(+*Wstp50uglmMYpYl*q;DmIi-+l^rk#?x zaz=srREw3}0KZ+xgHRWHM}MMj2LBDJXXE{@{;A*p`a=2q&c@z^M(=a}$JB_%z}1+> z(#FK(^Yl#fht2%&y61tXm_bah2i4}RU%C{^U8YG+$(8dzZQB_)yiJfkVJA1Cz}09XLI(bgrEECF+L zEmZfk?!TY4%Hq^QDnCVV^!fZ}Ay9w*^gqZ_+D69qF9Z=O{|B2N0ge)o9HJtO@Hg0= z-uEx_;jw_F_A{&Qx1Xm5>o&Z&e?EUv$NuxuLVi ziHTy$f3tv~NPGX7R=$fK86x0Kr;W!6p^l`N7k(`2e&NY+UFA^z7nd=)G;W{^QAE^j z!h|pZ7J~YePxUNuLJ-}Lczg2*bhtL?qqoLlhEn2KnAdyI8+>}p#dmhYiayzvG46DO zb~h3A7&~CFSve*?%$k0(!@zMffNXoM22+=?$1X-YkBTd`{!mfXK=kR0F-d-5;J?W$(5=mHxFzjM_jg|$blsK&Rxe^08_le1Gs&{!RR&!|v-~FP?HUx(_NQa6n z7u0k|paeMNXVXLwXBo$o7?LWneQ%nr+3iI_zrO@gpx9DKr=?A7h3fC@NYM%ckc8Xl zY>+wt{raMtR7tbPzW-};w!I?i38+?K#28{FO`s_^hTr)x2LH^@?F-SeggzR%*m^MF zB))A)HyZ2n@8Qto+s^>iPb)C`HxS~Vb@vy!?_aFo4`mq&*jU-xSbu8puk(N9pYs3u zK*zwZ`Stk@1TP(0hCw!-W?UXv(w?cFz7gD*MAf8{?D&-As>|$z#5B#mk)HG{bpX8= zqQfG3`VkA$=kJP2xEMjQx|1V42kNmI>auaE*(wuLJ)u+7!dzY#ej%F*GB!PslI zVw}Wp#LUAc3e92yX+_Y{Nh-MwGsx(WcKdj#1BsMGO-AjptZEo0V$I@FM`z{i7<{c)4g`PxGtL1@J zbnf|;!vZNsMFlIBz_Usn3>2VAQKzJOK3Ptcg^{uYZ%&Gj!L4mpP>d%?!pUS6MInGY8#Q182H_`DD<0`-#a^ zFF4hg1)o;}9*n*G+Z43td^4F{;(wSq%oO_rB|ey&Z~0v|5&E7FiYq zfJQDBRAv>Hg%b`!$)Tk7HBfj1*A`4gT|iP@aGKc=p_ZcAvo_qx&zEJvB=HQZal8Hz zd%2xM&fsMr8k3ls8(Co%to(W7Y{hkxL*~8j@ zLFeK1F1R+>Cqd^C@-Djm>Ylg@o$nPD%VG+?x)6WK+m%R0bEQL*z6A=%f|NQZSzMQ{M!ioXB5F-aOnPvm;TF3 z|KYHFj*j+b`c97jKph3f{l3~ns9HnZRltpB(7;z$K)C`AvH)4G6j%`eL%E6pTDVk! z4JNO9$Pacq|2r8HVwt#L7`=m+G3V0M+RHe_cLhuL5pYZr<{Kl8GSHg^hdCQD0s`|` zyDmmzyV;Y0$3_|^PKT*e;lq*ske>B?&p2;NseK(LY%w<2e1J8tI~D)>Y*}6Mf}#n1 z7m~dQAY@pW^0zdM&0awgfI)Au(qTwmUHSq=wT+8L^0Ena`m%4w$VyHU3<*4}75hAo z@F~{uQckB;@v7xh)fpAi{Jx>-g!N%lP7@B4&}p2f(nK}N(-C|3F6;}DDbEIl02&Lq z)_`UN_Lg~9^S3Q585F}hBv_8C16QV%n3|f2K+ZvPPWDg^1846%qSJK#+Hd#tCG%qd z?fnwsp<`_VvaWSBkKb=!ksm?HuAn_o_bfB&J;T6}i9rL&Bz+)}CTeIoL?_%)-NvMe+(&Tv$}@c21W@tFGv+qRdm-9RZ(9z zCH&q<{rvT<4|9+B+{XcblQEL!Y&2lRR9{A?k( znSn&57eVAr<3`v5-x`Z~Nrq~D4E#v+L3smLsn*N8kz`bD4ZdxMY%-^{cQXJQ6$zni z$zmF0lLL277u9dyeS`1l5?v>o}*0PBlnzh&GOJsu>KKHj* z_K4B15%rT^rc}K8J9^5nIe=7N2()jRzMZem5I`j4e(f(F72R;@D-ky)_w&d&j6Il+ zJ1lOh2|FHLay^I=K80dKX090xMr_)3!*J7{j_rjpXrG1);6jv*kPh&|%o*TCd;A^o zQ(%LzsQszQ(7)9r&;Nra|B+078`}b;`yAVvUtD-r;-SVKpdocPo5JS;QzmU_oL7p; znsscGS}`7H);QC--G;pq37tc#2uA7^h#Q^gp8&jlzkUYE2?K;>^DQTZDM%ybA}rMb zv9G9rFqK>sGqT!GV2DkeWL&cmnu3auc2IzI^PLr)On^#+-uJQ*Ty;}LV%0YGVQhVZ z0ft~eA|{mWY&m0oFSn(V^$dwqoy!DoUC~Q2HrnZHl-AEgn~P6P(-xITF71&cm|Ie@ zq!xQ^wZF{$D*y?vFzYq(0Is@+&Lqy#J4IE;o8?$sSPv z{Tlb{21)@fg(j(Xrkf?sN5EIP)9*jf=LSCciZ0JR7~)f#ACgtRm@GTX!m)xIY$e7j z!tR$H<#NOcKQrPRXqicx7B1x4aVR*?M3QD9z!(E5V;{sj0-AX?ulW!fVNF2HGu*5A z-Db- z{deuLbbJ?A`qZAp-#V1w|Di+um-b}!?DedS9RIoC%PE@cw;9pEt)c8k6;)LWlGPSa zIA9D4B7SLF>mgLS^qQ*O6-v(U!3Zqy^F#V6JA0FRox``zptJ(R!6dZPl9Xg5jV7g4 z9I0_dDGH0qaf_)$>4xf666nBe=?Io1vSUe+(Pg|3yeM%Zv$ar7pvsFPTDn(-JksIQ zWU>oWf;lYc)m^JIX@bKFzRm+AMscr|R)H%kq}s$H4?jNAP2^Fbfq}@a&8td|0G>^A zz*Z@n_A34I-+nLW^HET#+CC)#`6;jeT)hhYKg;SLA*e8R`tyDZF4)JPAL%1Ei}RBk z`bYT7mjP4)R4HCCWtxm2`o%bBiLs=Sa<{9mo}_zCpx3f{z5N$cQ{D_OM7P&Z_b}T4 zFEHW(Y^p@_#GEEb zb@xg(jPTQ}C2*(XXVJ+`LxzBLLp(HGPrW%VrD%{f@V4(hr z>9}#ly2ugyYVMO@!I}In$=`G$-cAc1JFyP?F7(Nf%N*A(tg3}r$%{Z2g-v3OFnn;| zSfM%sfirveIz5)GzD0#gsMjVNBhXtjg9RY9k2!A}9_{N+3KLZvc_3ljS7_+Z(NDn< zF847z*QMtKX`Ox5`7QjwPH0Hse=3Cb-wgQAXRN=N;r-j{P2R}C#>w8`zlyhw&+$LF z!0Dj^>KVk@BA$lAS4DnXf14J8&JrNeSpG0SjnZG{D^M5s9!u)g1UKfL+h3n$t%3<- z=ED>vl1#X>88{g3tG9S;zIqM>!!h{+{)`hnlz+<+-Ov7-43!pX z*vjuql9mer_Fb@Gi;*LjLh$P9AU+V_L|9IlMf)fYmd(kvOw#BlaWoPJsNCqBns>a& zWFF1sbvR|qqfjf-{sJ)WMV>JC)S|4AI29|`uWB;?Bh^^0rhN(K{c2FpJRZIU%+=62 z7)si4teDx}K9Kq~RjLskV!oXbm!*HyZ0+cl_^D+nQEai+oPKil$&_F(uW~Hw{_+q( z^=IOcgTIbbE{#GOj51h-%ON#o5;fkmMG35-y8X%dQ`?^7ugYCLX-e&o?o2F5%c-UN zk@^Gz<%?GldTmI^{>^0Tb?$>Qjaw=apB-mH??U{XhnBJRIXwve z2js4PLtLhNWd2AMoBoiDX#b0{cM7tsTeCnbRcYI{?X0wI+jgaG+qP}nwr$(EdAk3O zd%NRwN8HyPvG&7^8EbuGd;?tN>RHo%DE_F67_{X{D&M~rZqoWOmTrQwF*oisygsiu zf%UMjQ*DJ;22h%OyZ?1F!m|K1>V9qp{r?FT{tX#vW#r)SL&E(3f(QQ&v;OlpeEL7^ zi=Kg_ioKq#t&ySBfByWR6Jw$3yEm2+^7oW=UAiSrA$TE6&Ws8_j#aX9%$%hkJrP0eNL+vr3wlKEme=;V;+GAoeIO@=B*b1Te4$&G_%*uJZ!h%+*RQG6 zTbfJ=tk-$3;kUj)e5E?R%ML&1oz1p(6VHLGhEb^-*pRoiG8{)RFS$DbraE+}jLgh^ zxLy2vBB5gKaWa}EaK^3SSHi3g8rf0Km&{a(Rcj=2Fj>`9Mg01^WKfdDI!*Kx{Lf;| zO9crA&4t7tAs%wG3p!F1O`^3+{-zB&LtOB)$T}DAzYc~?mZP|ds!bd^<{?)rJAGPi zN|$;x_uzP>a!Hfr7vF)@g-9EwL)3bhkEa(rR08VsS`l3?O4wYhDX`J)I{SK}<@~}s z+^zBRijs;q+Ewq5L$M7U4bN5*k5*Y`T zp;CJoWqO?*K&iW;F4SN6ykdb4wOS{o9-o7jp3M~-d;ua6GW*jOYRAQOCiyz%24nd6hxa5JE zH7V3iN@N0ooT-^CrE_{x(;&Ed6-a@l{fHQ}Gi}v&%@@t*EYeXVG2PmmO19bh3dh6s@g# z@t3V?V@$I;7Vwhxf5&h?@l)|kBrK3uNn1GOX!G>oB~)jTDQEcKAEFOu)|rSi&C|tsbC;DcaYQ7JnXU}e*s0#yr0rVNq)r;c)i5$lEvqf3ON59qLO}vI`YX$-Gw#C zseGuZ-hO)8>}n`vNmsO7X|BzOc2I0nTcnJcU@>f&U)~XxLA8ZFw+2JAU(1noPNPMu z(RRgjm)11uN&^m_#?37t zT`8a+Bfz=qA`py_zI!`PHtq(%4Tt{aQ|d!nKIc3;Yfd|HPOehUk(NnztTe&WZ3>Mn zb66t|Pz(1lp{q>Zz9HeH%{0fcSiF>XI?s3R`W95omnK}V1vd=9i+iNc5W6@I;KHg* zG&1*#TAq%ZOfl9vA~ybqSv@yQa-`E6TgSiFz`HlmQ%vO>hHG@vU2#_Iu-&= zh5YhT_}emi0-o5<<%HL)wAX6%O>~)I75!9iD*K1fmi%KSk#1?QU4o^kq>V>SmAY_7Ht z#!pU~o!R>n2o&|aKoo74JCB`1VlJb_*B6dC*tyu;yKOOOT}+S@oV-80P%0i-;b?~h z!t5VHZy(h=HZg|BMJQ=rQ;L~cat62lO6BwOMX)!;3$QoQrlZJnRRcc0B3K9tbb#AD>X($@M5Sd$=zuWslzf8c#-}mRg^G^v3Au|6eqr`#%;t zr2hs@{MTIJ==ifg{TC7bpR!tmz5HsTGRKJ7hSUC=cREV)A2d(iN11 z-}EMcTE%IGfbY~DHRfI}C!|US3QqYF$BZwWi>1p?z*wN)ZCCbM4?DDI zy7`g#Z&n)vN&8LMi+l%n06|x@HS@~O-aqIJ6ilbg=kZ@it@yv8wf}j(|BfsE=X`}+ z3{3T`P5ui5#7oFv(!&i8BY^?)`=ZF_P$!7AuLJTt2Dt4K<0Bu!l_s{NMy{e!KaD*R zyqI%806hpOVY_3e#Xw`lbsybgMh|m(e|^0{|JwFh(v9e8n??i~(FJ}G^+mR?;o4|!QM{}#VHwLdLIf2i!`TLIB$Q}h@*M&# zb)X%)ZQ^iOFYi0&S@BJoXmLA-+<@r-kKTVE^x{BVRO7Xc3)qa763cG#ehQ+tG$(=a-3rE{H=Hf1TWuGRjmC{K-cGv_ppH1lV=GWfP-pCEB@A>vX zWmPXy%Vkzj+j6Sz^zU}~i&ouks3(saRNdKgN|#F~@T5+b-NZ=f4QAIaRF6eiR=n?h3 zkaYqXABbQB;|^rK-|HSLk!C!H`C|c|1?omLBE9RyJi* z65&>cko;WIMkXu3XPGm^_~Qb_jG;`A^gE0Tx|kDo62%x}%J!;uFd?WOxWk`b(QkYZ z1K5!XZ{(w}kX!;#31~I7E?pS|2zydLNZrv2&om`XMj$@Q35{q>&S;xA|wNT^Gr ziI>2+1WnCA3nxud5UAYaGoVSUAfhkcVd%INp*=C-_Mr5X%BMV{>y>n;4Zq5O`8DB7 zMosfMymCbh>v_BO3VAiTeB!#<802daj;jQa<^7Uk`qmFb?7zF#zVMn2=GBcRu1tL# z@HVJyTbwhG=TuEJG3U%1;}TWga(Co${_Zom`#c-8bQPeE8ab_?^SfKUXC6MMYr#{k z(DYloy)R>?IgN{^4R{B-oE%Ia3F2>MVS)=QDEh`M3KB#V*sTg%RPDed1%L{u@#}hr z`k-D_`+ANH69(cD#0t8-K3C2}hSL%Qad}nin;c%g)~_`NpLJPofcx)A*(>=QPbEDK zT@yMu%n?%fuW=Ukw*&hePdngcQsn9Kl|YU6uJQgNHw7N{Uvt!F8OktJwRPJ3Z;6t% zI_oqZ_qH2;!bNjl*fQfCqfjiE07lF8@*@sSP?ww!8|EXBfcc=dJmJ9O7GyJ;HiC!g zcMF4%FK8yx$FnD@TyQLul1JmTS1%8#j2bXCmXjvvN7PD~5SS9{>KG9xVY~v2&Kcvw1AaOOOTV=^=GAIAGSgP7Mo%HgqYKLNLwq zMJ<9Swg?vPHY=Bv;3ve+f#}MFG8ad z8d@jh_6dF|JKu{ixM%23imdo8XiuL@T0C3R-d2h7+zfNDUph^Bd=o+D8&_JqY`p3_ zA%PC%d0>*d^9kny#;l#hqBzVAL2LRHdP|;ms&Uh!>U&KbHH>+QYm`kFV9bh654!yb z&XV>L!2QYM#ieVuVOVOFv_v{PScs4`iqag8;xy}y(6<)FErHniYugt7V2irD!%wJG zEDE=40#6CAF)@tJXUBr0gbH^x9*IQ~OB2`KI!AK2*IVvoCZEJZ}ku`S6Bmtrah4n!&l?yrP9}?+8ul0E)g-f4kBtPD- z4MSu(b5H*zF49GwwquS|kGDr~pbi0jrG-Qf1OWjlxOb8&0VcmHHgpXO{^0ROJ#yZC zp~+|{F#n@{@1A5W;G0d>5x3y`={0?4g~rzx;dwI>h_1ypsOjEwU0UxvO-HWrnKe%( zo+!4u_gv9LrXVSvzFj|*C&^0A*L^%;#bt}|l&ebZxX%fAbjIIZY=;@0P4KK&fUp_a zXz%2Ssy@k$>@~ew6hI-tKZc{;6hCB4X0l{}<~_}i14y<94l5EvJ})YQ5fRfE5kS)B zimipYH|F+b&5N04hofEtqPGzOb|plK)3@pp6l>=rcZ0)1aU4ybnHCW(@Iv?{IDCBj z?9{<`+?^Uh(E4} zE3REKoaX?86M_3T?rtw8hB?w2uOfyNhOHw|p(UaN-rFLLNSeC~F9C#utQQ zByM1_;x~4Q@@y(CxDyp9HkpcVF_?uaDTivb;e(2p%|nYmd_UmIM0L0;TXM~t_88u3 zpS~TsmIHg4EePY4xN=u{iit`+muA189raX?6I9AMIsvOLqO~}9$WuZ8TBT1+eY7RO ztTjkLYZ6$9rK#)S;9y|jYSK23vX}c*8A~%3Kvp`?CQ%rPS0|d_4qnzIT11 z_usdVxtq*U3WcdR0+1uRpfEeiZkznh=J_p7RlIA-S`*{Btki)I*g)4JqiH^38A-z1 zC&5;|QE?TLqtwHowbTUewEBdAb_H=uZFzyL!&=t(M(XK11p@lHgKQnDzZ*uxLrmXZ zh8K5#LfxC{W-bP~mEzlKDuMDv*R123B<+Dr4Lme@IybAc)q+E%mCJR*N5S`fO_eT$+WNu0Wo7dW?7+iS*Ipd!b zPh+MM{IXIz)W1WgHB*AuQ`@ytzlCy1?%mF{Y3^N}9d}LM=_WER24Of3a+ywl%{mC; z7+vf`4RezXBBBktPTM6CXUYb7Q<94MGZ!RI&EDX8dF?{9Ex^2ytIX)MF(j|2KDRS` zqw1(l6lU5!4Aq?O(h|(==so9v{5sMc0oj$p_A8`I9hilI)LV_`oxgO_s;!^@sQgA zH0+?ZLi=US3!x;*ndjPpJpuI|Bg(O_`e_<$^TBN{D)jx%Es^?%pa*>A%iFf$DPd6RH>mpE&z!X z8{CjnLAH}GYHB_^R7h;SUT_Q4S|OoUx0%Kh@<&3PKrnx|{zowVSIsp9plLL7BGX|i zBQx{s?emhT@)q zZTz`K->$s~so5F2Q)&etN&+o5wucOz6X@VVI+NqtuG|2r86745cttI|S^d-jRlVJ8 zt?}U%hQDVPH{K3+AL`3!o@Jd9%71ix!lMkqhgOi58-va^VB@>Qjq#};eqLIW+{r?7gmI{inq&O~E^cYM=8vlsW{aS~0$QrR! zS>sYWA+z|kW`JUk!70RBgkwYGVWbN}50r1w^f!SFLF^o#(o!eH zIV~?B4{Xi3XzA?yA83+0?le2N^W@n%bkU^JnNR-Gxpc6wpTEqEoe$uipQ>{tTqr6O z6nxbpf(D9Ogi&^#B1j8xb(LgLaVpO)`RB^IXd)}lt_do%ypn$?8 zVCmoe!XZt);|M(MnMxsBYfaPNEsq~jf%fUe4f79 z2&Mh{4>C(cbT%#MXT!bp-^hsnNoM^U_t1Zl5&v!Ln5YWwf;oun6+ez?VlX^*`U{*0 zKZRF0MqXUZwq3i@z_$W$wk~mKJq6({+T14VHe5>%;)3&j&p#el(2 zNW*RW*;D5s@6*JYxRRLN=a2i)_f-4QWcsu5(H5vpdwd9uE~mRGe7*wgx`-uhO}s;* z{as0RMs2x*(Xd1mXP1o(XPO3dMr+PbDaP7?+q_u2F{(+1q1}~i9YP$FsJj{Z<3kM5 zy#1Ncg7->RW4uv2N9Mv<(>3E+s#e^(YbmF#B6C#JE zMuy6LOUnDURK~g@?U{&#tQ?`;n;c2Z!J4dT%-6ma>$Ed%C|a0cnK-j}*)kIacEZd? z2y+S$F=M}^0HorPhCl_X>Cz=t{7h_Sga#%o4yB??5790c{%KsY6lI>w&2%4~!IM*l z%bomk`kzx!X?*bO(wTQqUK=4PAthQPk0&UIE~&{V7mY!J$)ujA;UPLzn-CS%#);xm zFLHPtS(|(V{gtp1Yv-72tzJ2 zDqUM?$!estW5-f7!r1ly)CKO&I&Q*rg{y!9cT5!y^f2f%&p&}ApJUKM!zhzBWRt>F z^A=^HQAmofgdF7et2H*!FXUe>%L}1yExE8`a z44WWIn%~tCMaR@CaVPv6i_umQQ>0eYzRXv34&Hzu-8}RU!cjPz9g!Nj5^US!8IrRe z2d9}SMfA3x?WLDQ9!0*w8k)qS8ft3JfpVgLO0;ff=`rbinl_y<%>wg{*3d}-3(xkg zv4oI_U10F8@9jg&mM9 zqcCRoC2l!NVjAS1zEoza=zPhGDs;qFsHPN_BIA0uqQmN9U6(QPwnz2V zpTHu~ex>3K^$6&dcxCm;h6_`B?I}}-baZCJhd3?kHJ`?rVTUE(zCQUXesUKu@-T%` zkl~sYVP)D21z4oKU$H0V19@^zQENZpltxa1@LcP%$m77&R@24}MgUgMa61}<@T*?j zEcw5S02PBU1loz+a0rcZRaMNhGy;xw=Xk8;`@z>S=bSSe%MblTnYLeZM-e(}9E>;v z1cW8-;ABS2L`PwX-!X(aqeC!O>?Urhc~%R)Y(TG4VtSN{7%qZZ>{gJO@+_y zjeu05#Na}FZ4j&$_|ovny-GZi>&Lg@!f{HyRv$+bDN+()@EEh{O%~r#cIHre*G-+S zmw~gzO*IhyO=L67%Gam0Kiy&k2c34a(xRTC$at#wQ`bwd9jJ%fM)@?Q)~=a`P+COn ztwmbygcpp~fn$*A(OZkLU88r(ceYH!KPH@KUe*q78GPZ!P6vM~LN!gp;U=(rWGrN3 zndDa_okD;0tcRT0ny0WohEdGae${MPVKEBkIvFa5L7;}69Am%BNt~jf8dNbp;34{A3wkOK*4MSM|DgcRm|6}io7?UMSeTG z^A7bRCn*`3GwLT=hP9>4O@}aPvn8`Tnn8SyNFnXB;LkPd<6W@|yyAVt!|_A6wFoW0 zOEIjD^(nMM6uG)gJ=TMl&4Uc)hmZkV|2JJ(i1aqa$Pcy!GYLj`5`zRfeGr#Nc5NhA z>W#J06*e;F5VmOCDDqU8JCn>K$0f&GOe9j=)byU(CcQIF+2(Qf=wb}73Ad7TYX_s>vIl7dOkE!%_X3&^ zx+=4%?86>iSHr2U1yR!)YyOgo)FAy4Nv2mwhR-JAN~9XqSdLub$ygQjr%ScFA`)05 za&q!5Y)E17%g`Pd7i%qSR4R*B6tr$etAezpN!;|?M6}4U^Hst!v!?8`i?$Ye1x_+F^OCp;K6WIbiL!M-8VO;o zdIw=0sqE4@I(cPuq$9FddWo8C-&QK~uXCtXzpo!Tr1k=F6ZSD_5tRqG$gg6#TJBm2 z?C#)98k|ua;g!c4M%!5q9&%|}e0qIddabY(Z-Pt_e?`2nuLnZ{bwL(e`k-PT*ufhn zTk;@Spk#v6VU=#_9i+!mbv`W^>*52%+?`VXcZO8pn{o#NpeMxSi-{%JrjX{bM_ zFR%0;fIFyzH{rfI2>rAmUanBxfG% zlS;O69y#;Ar0CggetTI!bwj^k(|<_s{2jh=>R}zYiR`%!-F*h!#_GQY{o;l4hIw3 zo5zBT@TZBv$1|WePf+(SkI)=UUXBlhM+9%FuIMhRx9S-cA@4t)QV%-CHX&c>57e{X z>0N|x*K^N!x9|LWus+_Rf6VuAfxZL0)&~9neX)P$g?fX3P`)`Ke*b=HerPB8;=aK> ziRPcqKAFz@mWcSOCYs&8$(-E|UGaMOIQAX*p;%9?8vIUB&Z2wFVU`4Sxj``rYym+@ zg>@N0Nkw!iLDvavF+c_2+5G((31bd+D!{nH{2d5x&|s#*d#que1b6JPxOf0DKuf_c z4t1#jQSD+veR}z507*cVfuHPZzKtg`XaCF?zy36oD$gCR=&AHPQJ!M8g()5cQ)xwh zIAc%FJdUui;z?|XF3(7?pnKUfbOc{-vhKjFB%dl?RZ26TUmee>h;zIBJv zldKKqX;G}<%+jDAz!-9!h}5m&t?&=P3Cb6HE0OAQ}}()vuaN6wwazyOk1 zz>};xQw%}@$^ua<+7pU#Aun5=2h$Ex262M{T&^aTwt>nRZlKP!hnv<`6s!OsBh7=3 z5(9XVSn~{i;dI<_DK?<52`@DOlqCz2)#n8Qs>l`T4_L(|TX*!}s6y2w6eI=`4D5V> zTHT|^L~g2V2W;&Nq#;4H6LCT=K_*5UtR*AK7~y2!>XCVqC*&(L$Y_eprYfti96fn1 z*1w&PUP|AW=S8e1RrYs8t3(n0RFjRO&?4WCB{-O<(?p3Y*qNWzK8MvNNV`A*KlR%c zdAN{1(``eP^l|nCS_|VG1R20lekQi7H&<5YI1XBu`0e9+|)#B13?I~X&0$28CAVsf{IcxYGGt6X2D##Id-vTwFOYh{UC#wm| z$wMw5#GR{V6HvN%N+vbroC4d`g2adtF-c>b#MN%l6upx<)z_B~yZ2FK(69DS=&kk|CDce*Au{LeJiD0yXeaPRI>R z{YW{EPg4tAjyd=wVZ=}#(i4^tZ113cmhBAV);O>fV0T#BNlC4zsh=7n7a=c5Rob)K z=S=<7pllyrkIQa5gxB1zJ*mdx2?%dyURbB2k@#s+K2Q1mL6cNxh`d&diEVq&*(|pf zPkpI(3WDOrEul0;W#2GhM?7Fa(@1Vhe({US%BIJc^`@w>pCMK}>T>HWh?!~a=0{y? z>YMaOjv|S8Lu17gw+bBL7M5Y8Imp2IC5iaskm^hz0nE~hI9;RPdssc=D0m+#?M2H< zh&8G%Fs_#m#X?_Wn*eCE5Zh)S8_|MsYjQs>wbjhduICBXT+9HM^yRf-#@itG`evy* zr~jEz`h&N%)clh>LsI}Y@p0*0`F8Ja=z!fpenf0O7JNR^sN*;J8#@Z_&OIJ7W?pzu zeT^D1r3dI%|9jC6_KQz~6^W=@gRj6>yz0%-3y~VjlDmrSm-|IB*?}!kh-&Z1%jK~5 z_N0DkQ9%zH2((>ugu+^A#u2MAJ(D_G(gev$h{_0UrBd6r{LrbDT5pLBNHvv-mXg3r#@XLtDbwdicM}$m8g@A9-se!h0rF@dQuX z*pLMmcptk*T76=A<(LEse|z~=#D+rhZK=|GfzrAj!;ij#pT9PvA<9xcI8pfq^pcTM zskxDx9EQ5yuY4au(5wicCg#730^Z&|53e{XakPgwkx;Ba8ElJ?; zfDr(JMe$apG;>XTd657U$U>6_@bnY)7-Iq_tyeZ@b}ApMM6AM9kfW95%9RvpD#OITIL-Q=qJSLFi}0vEyHw@kLF>q83En$AU#AOadF(@rO>5LrdA7%-H9aP3;B9o-G`%g;*ws5+PjXe6um@#|^P!W0UPX7NjNq@wP1_Q+igNRCUGO>-p`W#{Y*QWc+iej?G42A}sk7IC*1#M=?3orDj@ z_YN8pphsaOIq+mq-M(GG8|)()fO0TrYrP`?_-)DSyheDuszNiax5 zNjAiIeLKl?dYB!~)UvH_6r>$|yA}($U0y`|K7EoXgCz-rR1&wSn{#cHgdr`h?iOu? zU_oK>X$zJL*b7-se}oN8u<7iAr2xWGeU8*Tk!yF!K82>$^Oxygod~T2kl0DfHCTUg ziaMQeTC*1E;pE%I3-f7xUG=tv2I1wwm4V=fPVita~KBZ+Z^u zD^&X1CI)b(Y;nrzbINbb=xrLnXF=nHmt5Uw&AZOfe@|KzjQ0xqW&Q?fz(8BH&_)ir zM;4T=*_^aM{&gq_V4s1CVx%0LbDcHMX2g2l(T09LeIdCr2{VcZGvyY}%N)#Wikl}I zZg%7f30?`wKWnL=5!n=z!CATux$x*}NW60?j?$`Qd_kD1rJCX9cp4K{pfaHtw%HSm zKYV!E!6|8DiUu=S330Szs2R_iYfJHe1y&X?M{-7w^ z)R-gZT)XjpA}jJjwTiZcjt|nQN}*Cl7@~V$&{nhd0DLU)7<&?`ATkGLRdC-_ONf>e zD32fjmQR{DOwSPuxHC}yv8TT8T40U7_^ zgt=2@5QYldPG~K5tpilek+Jy~rO${{i5^wU~0co3P>;)a{3)>;FDdh)B8eC0W zuFu@+Gz**eE_`Y!(bwx7TMbSbr?3}8rXoT+W-r$K3c9!+R$oC{Xzhr|UqK@DcBCX@ z=LtUwm1?1a#O1ZjlEme=%#!V>y5ZRtiW{&{>h5Qe6N0)tmo~kXN)UfO^C?&cLyrc_Md5gyL)Xec}EN4nQ&sw zEQ-gKqvM5X_mR^bnl5Xn|Fl`5O0NYsNrD%*5xro6@6&B1!8JG?zvBuCk=&os9C-x4 zDh=DR-VaC~F|()Y^k3W4$&4CaO^r?@b91t3Ty9i7(v%Q*UuMQ6=as4Xw&#|&cQDuE zw5{x~dYwQAnr9(sOY8Bbh+6WZv*;6C7vrB9<^)F`I3*=S7*`@rs(1A2+lwe@n&(m zf)D|WFL3!7>&y#@WNU`wV zT}8X3KbV!UwB}FX=FLgGd^ChK$eyz z+}Cqlv=q;#9O4mbqJjHSBkn&j@rukc?H~X;l4Ey7>}W=vw)k0nh(8sV*8r;2D`@p= zJA&`KWm4+=jII?9JF3ZvwC9?5395J=A;gEL39pQ}TcancbQ}66&EIwzZRV`f8dp7X z@HICp!He#6TR9BzpNsN9}L_DSaL*Dm5weglGTuaz5GI9~&~ zA`ODog~D;X1Wb&I689*$Nc@Xij^QD98&1!~MWkDq zLV>Gib>Y~mbXD@>%3li$!*97Rw0CLR-13xv)4ow6s2{!_rB73|1~=1ZYIF@feyxyI*Mv`fTyF_0-PkwEHu}dNtVU$1nW5qP_FQ57fh}w5OvZtmBgmM)9B! zrusn7OX$n1LFM3jkoiMdR;~uu;lifKrfHS4GFiAAcGecF1`1ujPBps}~@Wl_jj z)U&O(;;;wgd5+(@heM@DMU2p@wp7%D`y3aTQ-_C%^ZADwH^c4PtRsDdnGj(B=akfmW17M(2}rxf^<8 zbJc1+-hNk5xuQ^b+dmuFLUu&RD`JxG73lJTVBqObC@jh1Z0Pk(QnDiSo zE0rX-M*w_2%FUn{pHQbTu;e(8`tP~Rb0tyAfZ9je-w-NOD(vIh4(0|73NPG^Knj6q zlgJ2X))DF?3ZBw(p$zhB_oEJQZ9(oZwv=%C74;vq_0JUu<*JaMeNk2Is#|yrHu7g0 zRUI_7c8wB($?raBCK8*b%{~+oXKa5skFU}}oBbq-ZSIYBu)AhD&dmXpq=l5(rEcV;xs%3s{yQ}57s0W}ye8B0a2J%m9hWhUzTjUnN$SPUx4<(meSATtVb zQ+)jg0(|sxa<2G6e+78|7Xti0oCE(LKqW^r%YU)}8r8r(etL+$yDv!USD}d1M0N24 zdD-HiN0XYc5O}L*sYU3lXwT!39VGmK|Cg@+soj13;lA!C`thDCoXgq$4x^&-I(l5 z@zUlT*sWxvtsS~R%6>bQ-^=R%fxfFMZ6)Rz4f`mFqL376^us`I1OuPQ*6-?JvYzEO zbk(5A@Id?<)j2GQ>}2mBQ}0pEk}$Cz6KztOLXEq8XGf*=qS%Y&J0#|8OOp24MpVW( zD3l_yXDXm;=im{sF)2o!d~O;VUEH3JpvP3E>J#`-VPdizwbC@zslj>`ah+ol|9W`2 z2H!*A%OP#?x2VxU-JQVf#7u%fodBL1S#^%f?ifKAsUgOb)nG_Zqih#7Rn0n zjK{<>ISFgdD)K?;&Q5V~P?ct9d$zt_L08zr51zks0o(?EAtI>}ih4C`(E*(?bN*17 zQn6xy0z$6aSybZaM2Gyr6M!p{NJg((OU9_8pU+XZ($9%vNuqyp-&884G$Az#MopNZ zjoZTbp~A_9)TYHLFm^o_o1g-Er9?MAY;uKPD_h6r>PNKKYs_eM8cg-J`%}AG=StCv z;<9dG6#1Ylq9c(Fb*zk>ybpmOZ^#bos+qD`NZkJskr#hGp$KQPb0L==8o65G%w~O1 zfmank>thX2OBI5aRhkFd33%8lIhQk&oV50M7HYtEF+c;-uA~`g0)OF}w^L#3su-bJ z9I?lSfAIG#KBY?e*773vi!FuVagw_5X*>LwVn*>oAW!s|UY@sOP>oW}frUpe29TgpA zA@)pZa)9wAOT}l$n40<;L1VcDo2wVNt0qpL9>}!9tw#s1?vo+g$Q&Pa`cV&2#8n)x z4v}w{3l^421uC#euf!cdBj3fynOn8=p*E-va#gaN3;X@~3h=ugx_0TFk~|B*_yn#W zrVCR61FUvh$WwZ$X>$68PWhe_Lo4XLiHz~esf&LY>z>p>N`HEU;~y)>dnR)R-P#8q z@)~`8&#}{0J;GcOg@(+CBz5EDislj*%B>^I)pIIxwX3_M4R*u*OTbw%67*BOd!H<$ zy4t7oPmPElwKf|m<^cRg#SS*b7CCw;j!HY4Xx_=3JkdT1mE6r$=w=TamQoA+wUQm> z7OCv$;8YagCL+QP$c-G@Lj@0>O!PS*6*`b|JAOupKE+ z&W=At)UJRf{E*|ERW=v(C|(MXmcVF16YVG-lZ>`Zcv5W#=nXvbupNKW^VHVmrdDUB zJL_K?y;!J3X*pb_TY8U-G^V*F)x^kA1jpns_y~shi)DK)<7kb2P3AFYi?Xq~x#At1 zBWU;i25X_}nu>|3EHMFEQljJ%tSxMnfrAGSX`jqP=$|4|M_WK*3l^L3aC%XZJmdzGZw|%I#rSya z&qKwjhg2Sq5f#@9Jk?7(#t`aLDGmWbG0iqd=Q*+D0``pgC9dY`f;#?!elB_WyVGP5 zFt9LTz{VBhTV%5*9P!D?zv498mHqUKZJx)VO0GI8M06%4vDHY8x3H-hURKTJ4qMQH zG)YpIm98t^#ne?Qp||2RIk`T%n6=2#aqU z9YE=Cr%0zKWs;3Jc=n#vGGjA9ejjV8NZ@MVI3soeaiqicYF0g+1I>{?Yld~*cBW{& zg&wrZ==Hml!sLoZg8V;}onw%tZMLSf(za1)+gZs<+qP}nsI+a{wr$(C&B^|{XHIud zpA$0??~fg^BleH|KCzyKdtG-Qpy4Y%#yR;as8soQQ7nBBiCP(L;?<6XR&NEdayj+P zb-D4$3uW3c;sh@5J*L0u1m@`MKFk-Tomd{(gvv?F-kU=eng@laTRE|iBKmtsMAO;0 z4uIPy$JR;<@(bzJOD4m4P?KA4Ug2&`15$-JV&;=}9))T1fgekjtRJ~=Stdh1dF#N} zA5&UI$+2rk3ywD^uC#=eQn5{I+gZ@L>~{U1^mgj4O}0vtH0ulZ-hUFQk7Ei^wMU%% zf8h@-jFFmGlbCcaY-_#p)sy33Wm<`M- zsHwg#X7RSTSyBoU>T1;nd(z4(;i3HWa!lm<2|CF_1^~kbAD#G4#b#Yc)=G(0m9u1rl>>H4t;aRUlz3LWflVw=c+PYkkv?1m&=LcI)VzEf&1lHv}zoB z_whwlB7*pJ@-hZ6CwzrwlE;oA^t-3uu)xO8Q-yl?k@VwI8#tJ_ih{x0N}+D05XPRp zY(7ioyBIOXR{RogGUCB_JI(G&BcBe6w}+KooXNXDy2c2ddDFKAF*--5vOA6upMUL` zx65USKC^fBT#0!gX=I0Ix1?gra4hq{H3?{6dmD@kknvhg(KU}~E1vCn?cvQd!U+sa>1Y>DxDZ%#>yTVfsv`vNt^yVe22fe{ZhApniY`VP@9pa)5ap6I| z00P}33@-rRS}^IrrQTrI-z-o-M(l{XNHFI?^6W!GSPTAWr-;uGRN#Gvj!@ba{wdo> zGf1Lm5gw2#RHLG2nz)m;=>{1?=&A=<3_-8!%>fzInykw; z=c2N-;RlMms&&2bnC$((7)0uhA0%9#*~g|AoG^V^Lh5we z$E|nw2?g93_nu%6|EQlw5MV2sJ}wDd#tpVp8@H&BmThe}t)I)T`oE8gB$zn!j5<;iI0i2VR(u_8mM`mS0yWoW{3?s@HI9XccMH zlEA};>kLg4!@c$S${%C(*b7bbgnk$$M4B7bXE$tFk+su;e zLEg6isXF!U#y#0%uV>6A-QN;vKDFi4m2cR}Gh6=aNmk(EHTv8ioK}4?=8(Ew$$MAMXTaLjNW)x{97tQW}+LiZ?tMS09PU=ls>Af9Z=3@>22l~Ry zt}8eBjX2hBws}_js0#$e@l#(IL2ZvT$};~ZkR>7>TpjS|PJzKxj97o<0r_qR)a?@s zqYbNP^PizFB$fXB8sw*3kSv0+tQrh;=>?YP9B;(BEa}3Pb)PDITf-6Dzja3>|}krpBnM={3t8$WmNfNj3fedb_uAIQ4=nE)Uvey*VBKUX`@+v zHfyoVP54C>HYV5-b`6TAn|B=A91#$4^Fx7_BcgPe;mHd+b54YF(2?h0VTvpvE3QKu z{;`V7r2goK88Qk@wouNp&nTTVu*Ei_8bI$QHIaRS7PD*6n#w$aA{nCF1DTfmV5wGX zB&SyN*V%f+20H`)A_4-kVr2Y{;L_Hlhx4_YujRdi>F4JJU=Eh_PN8hOIO;K0+p0*9 z`zSn5=&8u@ht)vS&iH;kDkjEd+c==%QH_eQT~m!jY#&vqS8%S9Z>f6XLSv zq3Qj9G`rmm^AL3MY;Vyik4p%P%Ln*{Wo5&_mPSlroJzj};M%YTAHs8kDh#R3S~R&> z)kZCqf>j%ZBPLn2rqFwMUIgfP7lK!`%t~TQ3bcB(9OKF}2(`ksA&$za@p9i5Z}%9_ zo^9PeG#;T~-djxcwsf2Y^yppH{IXR-&1RJFT0v-H?U;h;%80j8=)}is&WxD(^k}L) zULqewxe1E~JvT#64%==xe%ca#-K7VnY;@_>M2^se9Is6ANdlL}#?Q59cJfYKEF z3+r$Cm>5xcQBha`fHM4lu2276O#VNtNyvYrZLN$Yb#4Bkijl36>Z61Aw93f|OzcIg z_8ImAAr!5{n;{OyM|eZPh@+4s7%F*Y3GxEK4Qy_dBTo+OG3I&O=x95NntCGkfso>I z0G_1CBVLH_ph)TH7;Z7coE0Nk+%NFTUhT{5b`gS#1xZlj=AKe8;<^V8I$K*j3^d67 ztxQR2z_e1v)_WNtUWCzG= zI8IW$g7_Qs@8-pQ~8)y#zDHV2hh8|Bx zq>oMr?f>W*VZLC{I4Bv%TS~FWQbh@!H>0xi-fDtTsw4?UADV_ZXb`@K$}hlLD!RFy z;7P3dQkzsxSvXP_x+fX`;+7{=f=Jeh)F3MxqG&-(N>ETxsgemU-D{K{A>Knw^1`I z4Mo&J+-pLvZ?FU70|IZv=K2*HAz84#Z#C0*o7%N$Xq9jU$W*72dAa)v?id`X=CZ%_ zf;Lls&~auP1J)%I{*vA*`XR7Gx?!AUTgyo>BJ#Rhq{Cy81e~#p1q}H_;0H3hpNRBR zFD4%VoDIO$`i!&DR5l0l^>U+Nh z0l7GnWggg-X1Q3Onig$A8l?hJZd6iDG|G7uLSnQ_je zl4SeQjh9-{6@p)}7V=gRf_%uEI|1_h8%Pq)OD&5^#>>QTPxBa;rFT4rsOpU#4}a}* z-NjoI{P?E#L40F!{(C9K|A5F*k(BsHFYWJ<>c4Dr@M%CvK#jhAaejh+!|H`VH~t-< zKfk-%f3M&ax33yzJVY%2CRcMDF zG+=lVjYbAKQ-P|vzlVFmp*4D53Is<=tWxmIpAim^4T%$p8ORu_fq>wE(S703J$}a` z4c7sM`t`5W*EccJSpnB3qc{5yp{Xb!7R!bDVhtnu7wc{7ZiA%t4t5W9!?B11lncZE zwM4|#6#@ME9j6NaB~JZ2Jssu$R;JjP=-U7P;SibsyC31zv$k_EG!V6Nvi>_c`uf%0inan{K;=qvB$OR09i ziwwjHExzI&BS66(`9r7;s|YU~aGQY#IggsNdH;Fr1Sa|}chBeQo>yinkI5`a#_Z_v z0|ko_MWdgpCnBzsGN>0L%)4=?&B>b=?nAzo+}B%u7B==YzLPc zp>Mq~0(5Wkn9s&(m+Iyq?>89b(c8xSg2^>5Kw?K(oZ0zGvG(lc}$7&qvBB& zg=}zT+X{g5o63fUMN&4cH>~g_n^kSy_CV3A=Uk>A?LEO05Y`QVCO7S4ElmmSDK|)p zSY=NZN(hxljf-A?d0?HgC5f$kAHHAzLgY03H(~C7KxzK{0RC@~rp(`tqv*Fb_Z!e^ z<6!*{Ba;f17kgwuoLzo^N*`)+BkqiW`t7~@8M*5NCt4ivh#X?t%yX>~ohh4Fl~ zc!GT^JVNmUNFa1E5SSP(n8x{p$jMtoGejw`h>q$3C51;YZ8@hl8obQX=C`b9JAFj5gm z=pmrcW102rglbHVQ)(;BQp$B#Ik&7+M;#K^=!Z>A@s)o@*MQs3GWSTMlNg)W3pN`! zZ%~J$jvd1bAshg=5CC(L?cq}y2BS7}Ws@fkOlOKH9Xq48>AL`r5m6=808&D<8D;V2 z-nGRO+|X3AU$)@(nQ>C+Mua!0C?B{xt=786B+hd#SuSL5mZ-!531vpJQxKjF7IXYU zE;>`ECG;ig^A|J>g+q6fs(~wJ!I`60pRt^+MmIXQU!cqgg5pvuKs@Djlb8D;vHL zCEN{B&vjG}b4g5-5KI3M5+N*)&SAC)B4JVSImLC2#El08qNBiRFh zWhhVK`29xy9#33R+AtLnN_N5=veP2{YX+B8(6=MEQ@Gw>!LM@JP&U%MbgZU`d%~^F zymDP#I+8wMBh&;-$+5FcBYpd@m?6hDrcy|1W)N8(WvgSLnyVz%IYrI+@X}PED<9Lc zmC3*PW;a*hJHtP8j|wIc-TY4aLPA1Z1Af^fycVtAC^GkTWDvjXRzEc)^cl>F18 z2=dELp0B?^2;}&2~7-DX8a7F-Txjzeoca8K&TZ8vr5x-l)eo`z|0)7Sf(;9)K24d1l zF4EWB*8&vk>S3C8*N+&>+1BFA*A3mHWx&lXC$;_{f1upwXRW@*Ts11XIB7GH)EtUE zb8&HbF{F|xveH|ybchXCc*T?}fmxa+Mh?OWB%cMx&bKD7$B+1PVx+8-ejYVFD%f>p9K22|#ugy0NbmPHDPjG+PLN^F>CV3#3^&NSlpiXod+T!r#)hqek# zozn`bksft7fiHDYlnus@53Q#k33dAZR zT{m$bGn0eNw;;B2*YyIYG^_^mt9wFEM22(C|{+M|27`*)Ac)KV=aY6 zrFXMri8;H9E1rqNkqI-D%wY+jnxIJ{3cZfs2-$=g*_4EI%ncOIP37(no1ab+J(ntA zCEnX04^+y|F)*9SrI#Bn6XZm|KQCJkcfucA3cWW*O8ISpqBfdn1Zu`O0IYrK1l-^L zyNWhr0>sTZr@%m^F`Ja++07gt{*K~kbuMGX%E<0)y(O}&ka=|8fCm}uc_I>ur*X!9 zhm@&>e(N`)rIkW5)Zpb{CIxw+Uypd9E|x10MTK7PWkiaDHLM$C0RkdpUSDC( zTD0LDTANFr@$&ruY-XU4)<-u#PpZoX5K3Ks9Y3^)i70gm?_fz+COJoI%5NLqK&^LzHD3-q=#< zMxy8;BIHhkN*ivKa61M;`^eP`otjJk6_TCV8~SB>DvQGWttgYiyv!ugZpc1>kSnN; znQKLLR7aC8Jj2u;Y$9GBu=oz~XYZpDFJYOzcU4z}mLU`fGtJp2cPUzL6;PlIQq>=L zZzRihR6a!S$&pRpd(>r*A_&@T5Zp-X*uO zJ^$1cd#!eAa-ge(9}84;PFVbpCO_cpcuz;cG?N7C%Gw{}E`Zo(96YKu48}M#N`DFr zTXf&d9c2ZunZ>=ELRjXo(3I$m%NoPR%DT3;7UBKmTU5H!=Q10~5L~E31R`tP$tZhR z=?$)2HAFfoD>5o7#ZgkcUDUg`StLtywbb{8!8v4B>p`^5tYU@6g3_dZFnKJdH(*|x ziPC)ynH;-kD1MsOj1R`Rt5 z+QPri*rxGS_FsbZU~N|4e%OWqB<)TE-h}QH-lpFE>FeI(31|&s3^M5p2D}NnNplT* z?FqOAw@G~sw9V^#rz5$odtKZOa-G~QSWQ#?W0SHPq7j6~{|U+i;61w=&KDQqS@wDl zkmrZj_x@FSZPM$ysVDMmhHqfrAnUq%ol}fN zS+@gcE_;imKY8-vtd1InjqXbJK1rq+{&0V2=r+b3sF&JPi{Ah8lpPS+>n9>yE5&?? z?M&4(@Dhx`CghklK0*nv4z2bjt(+XLEET$@oxJcE_B5NB6wk-bTTKm_49mZ#`hy(D zAyv_wpjt6C6P`!(M@p_Z2u7|CEai`GutIDN>zOI|lmq%zJ3{+NP@pl^!-w#R`70&!#)2n6&ewHj7&;U@!itf=ZxAw!Z>%Oz~vrQZ04tl80Ka@E1QI^$hKx_cVq4l|r& z0LdGce-}Y$_8j*4+raXZY^{g)xsQE&wVIohex>}-R{dB#`r~I05i$D(?VzI7NgvLU z$*1dh2uaoO2j53urAu(d#`l`kk&R-se+GZoto7w#yGYku7Sq#Td!FTNeYEx8 zHy{f9Kevbey`20H)|h`UC;z$u`Au|9t@!`uLre76M-giaga7STGohqzjrCno4klUX zS$D?Bx%@2tDz?V#~;40}bcUm%?4ISg>ZTEGdP|PPF z+8&@4sVCzUXve>ie+I+LPRAI+-ykXu=EQS1o=pF>bd{d5lJ)hji_;B!ivSEi4?l|_ z1l8v&*x4V!&=fj&{+_FPjjlErNZc+Oq+`Lh6{J*e8hjkgXUt~EA?UB{nqz<&cwjEn z(62eyOf{qs0!2ye9EAMKG6_xM555L!V&RkwP>DG-1jH zPCoUN1EkSH9nJwBhT!)Ch{MUT5FGzo-XjKIWwU81)2v**@{sQROsmPPkuw!n`VDE; zJYBcVBpQEDrGiD7uIr$d$O`kA_{u_p>KTl%%VGT9HOdLSpO=G}N7k$@urP+&hcN zq>#Co8mRX4qsZtp7^7iI2#VWf9+!=mhiny9-%N&uQ`tVsg~FSxPjQB?v|JIH2FNFo z(S(bKLzej?bU?lM9Oow3q&I!wMFuX@(}7ZbS_r_HbDVXf$e#6q$xWld>&EZa0mpLE zoy*QEbd?no@D}Lirdxahn@8X)pTc;%4al#ITB^0Z%xY@Dx9P+<{GqCp`MP!TR%BBm zJ4?raoctZN9GW`kZ!u*0=#e`)b zTI}j3?FsSie@%Lpu>)JQA@jkV`2vt80v(K><_hq4RO9T9!}-wOBa0E!nJ%Jpfg91; z7~)J+Gz!9){3BJ4KY9JDHH1yD0Jh|$>`xc)SrgEC+Mg!A2c3*vC~_tm3UF$^9wE3= z^Z^bwm?*mne1GEc9nj5QNd=p*V&|J5n|T&nL&ikjU`@7Yxa9YfGLtCSgzn^{U!WVd zw1_AKXSjRB8ghba8~siwwEC&h>FeDcIVqd-5@nd8CCVbFin;DNA5vL}{xv+)Mfkj5 z+A~jBy%SEuIzfl1v6H1@Qxunm?S+Sw&0_WePU<0EI5Ay+bx%_|J=7q-@kl3dPC83B^BoGYRHVUCe ztkx}JxY?h#+h`;A;%GZhq3g|tBBi;Xx6}5zav39CE;kIxO#^~@p(8n&+}*CYz5y8- z_Lq|#Z)00L<$!EIC<9nrh+GJ-d#0vs`8$b?DQmSRGqYN9C{X>qRpyw@1A5|4Q)1zD zj#0u;sVZU>p*2?(WqXVL}SY^agr{vIX@eSicWI$iQaowtAI0V&j`OyeK zG?%Lp!1oQ6Bt|b$(O?!9Ork29AB%m?$nbN$c%!jZs+X1&Gmp`M1mb6AXCR#Og)>O> zqqoX&y$mu$7j8g|E4F>Av-~(9gxAUD%xqhPpq|xybK%7}ECD1YL*9R$#VXuHJHY6cX3;k9G;K!B3_=@7W=pbJay^!BBgj8<~$oGH1$x&iVB+P~0refGFm!gzDi@rhM!(0U9S zr~OC@T$WdAjDhG>F_TqHuX}r=BS(bjQl?p?bkNn!DhW!@xs6EAohe4eNX_d^33SKrN zX4i)Uvq5o|JADA@LMwC5tvSA~;Gm->v;F+NJzO3PKwg)VMZpny?W#>` z<#xFDQSKHa69ZtB%3O>VsCdsM7FmbLCB-w(B(7w$R?0ans$Cl zwna(4hv_;-PqZAZtEgi#SB8PB>I*E)dvLlgn@R9&EB6|p{t8Z#eh*R-+sxmz(H;B& zNA_qNEr1a#cA_9JqvB)+@qOl?wixn&UR$ki`C)0pz9Roe7~0fACx29i{&{q7jjpa{#m1`xeAfw z)LW2YV@is>y57o{C=Fg+K&tTrLiu+uO0*5|awf=abwN9AzJ_D|yO;%$8%bdNZ+UWJ z@ z24*iG>6au8HA&1B;d&Ngk$Ukd1;(!*=dt&7Ms;BS(xk zFwYcT@9{1-g~6CE8o^t%c?%}|h}n3ta`EEN)|=K= z%~=Qbdy2^YBzhrAxL_xy5cw(i`4L6uZX)C~+f24;2*2o$NTmk~Nlf%xq)sNob98M; zh!Q?Eg8oP^-HD#272U8m8I6|oO8Yn#zDrsYB_2<7nrJ=$2gC*<`>@ge9hlo!ep9w) zIAp2R*m15eG`$+35GQ50Q!4pp{yJn{r7T3C5N_?GTF)%hDrVvTvdG^lm8reu0 zCY+#*&{z+8FQDObWoT1V_?h6^!_VpuC}Uz+!zcLxuX90ZBqu&@ ztcsCF`^64(w$B8U=5vfH*G8MO-lWmU^pR}hD~L0o(~p=Wh}0%=GU!vOfpdg!`@`qE zq%U_d#op@zi$=j|#VEU3T5^`do@`i(b${CvN6)oiF=oRa7LhoDAt;}}VFDnuGJy%N zpvOcTsf6?-EIWO*RA%S~7;xB)=_Y31VRXzBW9DH6MvBZJFd{0HkJmgZv-F|w@cVA9 z75cO5e|6@_P*xWnL?%1p>unsFpk%GAzxGeFWGNf$_IFem66nE%BQ&{qL0x<^R~*`@aTc5pq{z-!h#p3G=2G>p7VFAIO4qTT2whc+eD( z7f}5y6AWgIs|p@0JkJ2!@h+wd3*FOjBO3>oPi<}M9p3GoKe|D}HIL!h(v8fI;ma$4v(9c&~7eI2UOw;Mp3%_Ynovp@Ccd&dQK+ z!J(z4{8P(k8S?O#e)?*W2~IjF+E9%?zV$FT7el2$UCru5-=-Fg>R`_oLHN$FHsY)s zRJ9SBke`wtM1(Tdwb@18x3*Y)EfBBwF&777Z&wL zk;L)v1G%GS!l=@NeT&POK4cW19Vi*!V`?3o|+^e<6X8!Vz&Qg<8V)=d@q5tAB`R_m>zW>+P@mHZq^iS{S zpNq~2`8BKW0XSD0vtw*48XuyVI$09mnm}(msQ_P$Oa$NWe3 zf{g&(k`j-Edi3W{-Yy?bNRm+0L|u9&e-nc+nPz>{wmCQ_Hq@GW?X#5|B#agY3BO`4 z)X}XDU~JG$86oJgQ`W)irIG%{X-p;Ra@`F4tU6!(ziErb9!XqrAIfIk8>(~~UVn|RKK@eTM(VHOwHKAYWBsmTK)eDJ zy~5Q4wlWHI@BBO{xwPEZ9AsddMzrzN`|F~eNKvZ!&8fGO;i*d)kgh=r7k@h$(hxd} z3S}9z2M%oIjDIh8me%bAZ=4kIw(=7N}5Ku|pC@=HjAO4I83t)T4tPWYNk8 zMo1$L!PbXoVFO?3*#?d)04=Er8fF|d0iJaC!dG;igrarzp-7}C_T%JL>?GugPO=ab zv5LZUjXoFXFBUt^T(h6zdfJ@Zcs+UX7Y5+&Mw2z!#s_u)p6Q)-ooKcq3JYpT)M&Sp z+}8+7G@WDEzyRguu0iBQkAcr+SIc3{w=||UjStu0C9=m-jw|q!MI9l2Y13)x9SMmw z=Q#1xRU>>@1WCnUVgQEf9ZtfC)Shey%$%|rq&Wk!ofK<2-aY(cyB+6C-+~u z3CZ{|R^H}#&IcFMp$3w%^2SF7 zWxQD9Ug*1?Xk*&$3m|UvY?=;w1=J2<^!-5ehvcyflyw|>ghwVmz1EZ!*3x``=)Ke_ z+rDd3AY~S*qr?s!zlu|LJta}EOP)$&Up%<5VHfP5YZ`uwx>=06bF0(0{b$%ft{OfZ z$u-xW=@@$In2K_3gh`M+u^6fi3=U&tW$2;!sZn$rC=z1ECkor9wQO=wCA=LDzfz$) zm{%IQdg?Zz%Q1T)(Lm@J_e6yw9OSZkpri@rF&j$QiVXAC;<=Dlv?ak7i}LT~lhfo> zeC`gpP4(f<1U9M#wULbn#GB&IG&HQAj3e)YO$iAr(2`IgukUs}T{InJuPaNb`i-h$ z6WyX94QzTFol>0cLyQkY?N5AgjwQOjJ3@K%bq(`H+JyS5e#f<%_(`tvO3qV>rCekw z)1Z@~weEv7b1BX#k2ZIu#?xq2;%q0mvNTYLl3R~Y3d;Vw$4n4&Afq6h}YNccPs zrS5w)*5|p_@K-bHS99l_9aS^SI9+h4((8g`KfC@kwjH-hD#4Jq1OZ5T3;uqCLAY>s zF!k0+J+CPx-B@G%>BSl;FMvpAG?RO6%*FlNJ$*yan$W4upp=VW<_*en)gDf{%8g7z zax)w9B1n&8yy$Ju8Q$%l%W15}`xYX1VWh$uz3t^`>KwIWumhf63@zP>aA~^l*Q;q~ zR@1!PbTu5Q%`6mqxnJQ47Kk@!#CJ326S|15NCcc#P$vNJkz0@yMpGIda$UgZ3(wMd zTG_p_<{I&!0^Bx3rTz^O=Vl-rZ<$M6xVIddm-JUm9DbL)VtQ2&b~Jug?gKt3&BjpY zknM}aK}QHLN|%*vs=-Ug%C?bdkO=MehJYE`swon0$_QZZ0eh$_BZ^J8Z}>qnWtm8Z&%erxD?=Ny;o zzsA48WpE-1_+_KpPfyDC0kjP^7wh10TLcxfFV%I=!A1+%Q*-AsbM#UlSLkC6@@HMA zHmxkrfI2+>W(v0Q^_H2kFGZ3>4L=N@$op6hE<%q7 zs0&4;3lZiM%+DYSN|HjysB1gWU{%ouXf+?G5LQ7JAUOb2yl8e|)bMborLMka#-m=a z{O*0#;!F}Z0=%o7^>w$s{!LB0Jkp$OxoP;q_R0*Nl(%jcjp@TH5;cvVoOkcAj;mrj zHZP~tYPRa=Vjqp?W}Ze5meRKi$7tj9*NE4RUdxwYNV(Nn6Mqp1l{JbH8gr^rA?`qWUy zI_^~lbgII4OfHTLAP}t!;-Qk5!p8m<_v6JNf+__{Rd#d0sV39ENF;Ns9O#NmD`JYf zen5HbR9l-n7MoH+4=1|#4M>uU&nU7uweTJ>NM3aIM2H+Gqd_h{_whX-#}&@H!pn4Q zDFcO0@!(_`gO(86c8bn1j~COzhZ{^Aq?*c+Pw3g1>KHPs>kt@PL666Hf__Y*-)-e2 zWU!@-N~B6dRpX}ieo9KreX1*w$OnohVCv<0i!;Tc&gl6kCMyVvr@S_%Nh*?IKP)M{ z?EFlR=_dBNz#fHGi~QJNh5^;=o-e`~<cDdjhCSgX}yBz7f1d`W4%vNV+*&CC9GuV2A~ zu0_DDOoMd$p`k+yuX3_OK`=ST0o63<3AzKyTr`m)>oXyOc1BlouUji`KQoD@_!6&> ziu@`z>>F0zBiWp4^u-Cj33n%jk}c5OIj!EtNQdp1?VO}T9dA?eJ#$U^EbR{xc@iO1 zT_{k#2?So7GSQ})i`tJ1DO-n(~Bh>_+c5)e*T$VtV=RSzv z0trv4^%+jTwGmc|R>&<(&+X7Q!0@RopsgO9AjZ@$%U8UZay6B<32mM6ze&Mo}sPbP_C`=#Cqjc-b zXFUN!O`pxC^~+dp@)uvqNPgunWjz+YP88**d4;fO=r0SoUVJX|=eBSYnZOEm!2*l{ zmuMw}YPnw{`3T?iwYR*syiN+jEc2W}@ipO66B)qFiy^AjPs_1aMy3DI@cAGh2Uy%4n}vTZ68%DS!B8A4MV+WjXLe7#eoql4 zJ=p?>V9sH)l<4Cq!Nb^HR;+!skNYI_Dk(a!(nkQTXBee60*R_N896^Ngi2Cu7`iK; z6dTRAJZJh9@q?<4eLi@+p1!ubt09c7TI{e*Vp50okiYjj@gaE|ZMH3ZwnkJQT8KJ% z4VLA+idt*u$x>yv>VZ%};cX**glmBR5`bWq{&ttj&IVN?{*9pGsxhRHZdk(2w@&hM z3Mg9?UIFQThc4!Q%mw=3etP}D~$oDow)i++wn z@)@h}w`GiJBF1TqE<)vavm3Ux0v!b;Q+ns(tcbMFUu0BxBX8=mq>6kb`IF49ndtUz z_IroF^&@=Jt#1Koz=m6aqX{|uB@jSiDg#VOYS1~>r&Gz`vgxev&F3@>ZuPVPSrPc_ ziC52|2FEYQdB=rPM^M_4oqEQS4@qfEm$XBN7jbY$C?z_5lzR~t1B_l8Mh2pE54{om z*>Q-$f3>I5GP%Hl_q8a#9X2UtTBg z)ovJJM&#A-9qtwSg4|NVFIe1X9|2?3k*nDRsA6^TAK|S@FesWKhV2GtUiAcJ9gJK- zY|dK2j+U68fFT?6b`&7j?IgJgx9eA0b>&z= z*JW0JLG-5;#F$KStfY;Dr-NzS`$*iShUwA!wH>O{*yU1#e1-Xi;`b$1*vpt7KH^Y* zSSHb#TIK7~{UCA92Tf~ntKO1zz&3fJ1`Lyf>0QmXz#!v@qiubyEZOO6eeNOSVgz38 z5gk9T=s=?wYPv_4mEce9i-Z&Ee<@GZ!?5VgBtFb*G4RN6GX)nu=W3M%LI zzv3NS82Ft1ECH+!wqA{V&l+QVw)+0w(}O3rXV$e&9Bn+a!D%p8@W8NuF)@+4T!X`S zu+}a=*Vyp@YL_mCnB&Bfm8ZWA`ZH(*?v5}63ZLVZBpqw5W(gtQ%tCUMQ2&gxZLDv9 zj^si7tS@K6?q>y|hP2oC{)Qd)B~@8^-SoD#6RMJ4WqykNor72JzV*$|w%eF+fWq~h zThk%Jxh~6FX94Qk5zDJ+LDP0+#QLIdfn8Fd$kQp$?(=r0?{MsN>tXPPz2-Xu zCwjiNfoK=_tZ?el*7=$m^5WgPM|c#LNALdCZJ7v$9Z4x6ZBl`c34J8pzZ67WjB<(p{9qXU*hSuUCI6 z6$6_%;x{nrGo?R8g0g4PC=o=|Fb8`-D~w&XGSSJ?d)6|}*&aX7PI6CMjB9Cu2>#VP z&bzNmu#iA_A!AZDx$qk?ul>xK?rnXG`|MebBSNJm>|E!7BL5n<|7u_GU>x_=i>vma z__ngs4a;1XuLohA5cgtD5Zc9f;Cv@xCYC~z^r9d4)$?U;>Fvqk&(IE3NYQ0r`nB(k z@m?~LHKJ=01)JB}n!GWMyg_mOX?aWTn}okJt&IiwW_aT*VTBZDHy|dFq(?GoPY#CU zYnniE`H92kW$1%+5PL@%eJn@DG}o}-VI}8LB>v!Ii0XR5uV-yZSKrcqA=d$K*RJI| zKct`v*^t`?aj1_2DGDmHXjqRxwNmTRAl_rA_@nz>##Mq@rcnrP#0U^ZlDCTp%IZ6h zVnK$io0^}d@%JIdjOgENC5K~EZkeasRtLKMUOaKGqumwcgqa6@XQp9BENH(hg?*FV zTQZOhg5@&{FBvT54EL+Ot(xz*B7?6u&e<$(?-beS~VE7n;qz^^iwnJ;1T=WW2Vk}}PHZLnHRV}S1&W{%I^R1Yj3Q77x()@1<3S~%hgOJ>; zcaUMPW|qhiM_QovvB~>52#&!q+@ArsLPhnUU}RYi>Nhz~!Pt$6G8=Guiw%TvlkybV zj+$Tak843zt3Z!sZS27SR$ckSxzg6WnKZB)f*vWuP~|%0!f_w+(gvkczotdGH0ijQ zzsA$#!n0YJbF^tNcUG%ag#=eO2)T}b-UytwfM^r^l5qUuanT}{aE6`K{Hd+S0{L{A zHRAjS5~g1C9U9NrB&@-z>aFm)A@n z$X-8A5eMV(q=Gv!f+_61_WW)QmK81Kk@FYQnaiV97UgdQujU)6&8j!yQ2<*fvmQrJ zCl0~hY12sY9v%Miu(p`(K}|PO%44y7=8gY4ZIvr7zyEw2Q9>j_r8#E(m*(8e7?xqa*li9pd|2SwXjO;1;|AlO5d*OL$p#s z88@o}7Bo)r3n!!GFHF>*E$X2XXlp#HvgsECh_|Vr8L9_F>mvAKLAqg%PKGv-~5Q-8wWoO8^d)ir(Lk#$Y4=7iI4ho$1!}{dR2M zv2EM7ZQHhO+qUhbV|AQ#+_9}r$2;qJ^{utv@$CIwC-=cU#yq&Ls+u)x{_9t+x@iXb zY-GzJJd283b0p7l!pfLAvEI3LWuVq$^7j`HbL2&>V$9YcyAis+h9V29+JRIAc2h)g zmLB31luiyds?RR=hVJx+-IsEz#=#-Zg(%sCY7ZLXY0g}D(daI6ZC!jA5FrxekfFIh z+N{3`!MnL+dBjAWrLT=Tt|smA$pba2fe97BZvI>#VlNC0cw#&^)~;a zAX}o|wZ5+=UuBPd#!dDv!#l!Kq`L|9&KOJUdR`pB*=J?2I@!Y8Sl3LhC2)KSpkgZG z0j$q$y1W!8!^4!SNih08p3e5!B9`_UG*AT`td-`4!Hw{F8qn{lw5k=ilO4o+U<)hO z`@_ICjhFs5m<64>eeaJz$eer zXs=wMRY;<};ft!p6v=4YN4e@1X=%grVR!?(s4w_)Ks1*hgkcH`3HA{x5Rh!?2DVH- zvZf)YzTJd*#yYn}+s(3cj@#EN#fmC7ktH)UE*hnQsz84?o(?O*qQFPAGF$5cH5xUi zR+Z6o5PkUPm7@n;p|Is}QTIK^j(==^?S(UGW?|NU?sHQ4YWLwa)CD9@^KQQFihsjv zvfacZPLMkGH!w=UjbIDhLtln_0LQf@Q(hTf?UFmc=M9qwKiurpws`UHMGDWO%kmx` zo;-ef`?=q6*)n63(AWL+_JMN_BME?`?S>I;`1-SKs0;-^|(Np;2LCth3u^FtcX|L$bgNw3REhc=cI~ZD)eNFGz&oXRP_~;BVEpQS`=ItbE`m$q5lM1L91~r zsl>#WJ+RTpGLMJ)+sv7eaf$NIbBG$>WB&_Ncn37r;h6VRt z5Fst*v8+{L|3hHQA%czDvZn>{aNBh;+?)FhtAnUN4B>zM#+rm-9<*|5T2u zu$$r7j;h$3F!U1etuD3&1-Ty~sW0EI2%;s2Jm~ZroZ{lrvjvcmP8oaksTDXV6Cf$4 z(zGj}tXioB#|mv!Hb%4AZ0JIC5=5d^@Hs67opHD)?Sv%7;TSn{R4eW1ZyI=3p&qb5c+Eg}T%*@N+}rxZZnVx}dj6GV=vv0{SqIrS?Yg z{P075K~bmLH_-Az65C~z54a6|>M+wVQe;Z@s^Htizs%#Z>|t!#&v>%}3=^}PzYN_uCHsWCR zQoi4}!w&|aj{?w9K{YzA_zKcAh=P$5Nel$9tD3&$x=F1y@9_@Dg8-!tuy6Cs^yWG_7sB zojWLSUAz~BY#S`$$sqd^g#1Q&vRL18;f`Ss>;?4t6v8xqXQO43K6xI5J z%DYeWkIHlu@g<} z?%6gWE$}1!PQSpIs0!sPDsO~v`^pOH2tq}ZThO%eZGL~!KBbMn2kmU~+Z3{kzh`(? zVH@pUb#?KFd3)izyC~pe(gfd5{?I>+MEI~J6#0NC`16edQ9fQdkX*OAV)zE5Es1Ag zL5oXmZ}Pr_hW5QpSNdL(@4^=!>jmYp0KtOc9SrYA*o4@>RPuqn;|u}mj;|>6fw8tw zz9R1fto@Dh_nSFn1^MoePq;DPD7=zSi(A?Ox?UI}t*Pr`Fu`H4=LAxTtpzQxncOp@ zAI{(IaVH`24?#bwckfmVYa*jmSuY55qxEV;hg4bFbZS9iz+Z5F`|uw{i>f5egM%-$ zPWc1jeP#^UV*p4@75G^;3T|eC;jIxrH{Un&r}9^L>us$nYA>{~$nXi)H+<_ZJ)4kx zKCMO!xQ#B#sm!!Q0<@&KCHB;t847*pPGt~x=X(VA>#EZO<{7_mf`aO>C z3;c^gBuv@yi0Xns$028C!ar*rUXWfwX!Ho3M~wImp)qh>_mfX-jma;B8L6OijPNQn zXUxd##%{e3g!}22VEZ~@-@&=~2+NJJI>grE!`HA-2g#a(V&-jGxM`3JYxLYJ3?m@ zWB`GjX^;cU*SK63DNt!Syf{o^%53p@gNt|{Jn3U6JlY*#ttnBJv5}?m{S)Lo0rgvv zu1xaz+#ZaKnNn|0aNZxxr2b?Z3$H1>VFLdei=REiTngaID9KT7_2j{vH z{d=Mp;-8nUT#G%TvfCwu&ObwmrJL@Min zgAGz1RX7tqJLis>81wAOQ6`JPiw$hd?LC)E&j1%kdLXAj)f4OPcbb!9-kV518%o)RKczC)d_4F>__?eWxvpsbx{1 zR!Lo$Y;@0D;Tg872H_*NU~E`D+Z#2Iam%g&_I#m+gY1ofMWlS9dEq|ewnI&8Pa`j! zFt;bdK6RQ0yTo6MJ;v<1CY&=LYPc}l&);}n1^pUA=~C(Z0Hv4k(5NXTs6FGf+!gF3 zj~q>2o)PHDl%YxJl47AV_plQZ;$fECm56>Z)T(wD zF){RGjCp3|zQ|~Y={OM2sk}>t5qs}Y3e0;7%r<%9mDo$MY!$~6mK!-#h1__Hcl(U) z8Mw~1D%twNKkN>#uL~Z~-mJZ)k5Rq%=Fey*u%AgUzNa_F>lF(6!1A4PJa`0=-Bhzg z>PN4T4k-%PuVhj-j9KPjtxT!7CabL8S`-{hqhVFo=ZZqtY~q+7s%EEZ;%a0fnw#37 z*F404`A;uYOVY$9X$f1we_(2OLD2NVr1`<8`2nrm;K}alFR*;50&8A5$)cv9VNbAvXjIei3DB?;ovz0@aFqX3s9#Ph=bMz5c}PPdUvuB+oy_ z9Y^vzS@MRz`3uAS2YCIXQ1cZj^FzGOGJI3@b6=ZYo1wi-BO4`-?7@bLm)C7e)V1zr@xa*iN}v?d2Y1j5Cxe3u7mfuy7mYIy_Ai z?p0Mkg;d@%HZj|L&Yv7sp?w+#%G^Avw#GLi8>ei7<&rEuB7I?a_oUS}E!$)}V|v_u zDH=t0h#Cc0CLV~;X-vj@#;0FRvf#h6Iz&j4^HjN>8PjDWY!}S&-$k$`NWR!7ViwGq zXm}y}&cyw_3wHr0YM9Y%>L=me?>AqTYmUbhh!5&*`NO*guM$rCe!L9FJOUgRymc&d z+3{2eaPZ5bUtTi5sD1wl9R@^U{FXNBL_?CfN@Esm{|NGy8y+sWV4sobfR$d-qiXgbY<+)ITpL6n{+zS zf|iAM&k_5GL2dzR1#*w*PY33}j|q+@A9l4W7&fMBByl|9QT}6ay)VzjJCk*a72~jC z?7`&Z`{5>xkBZ)&on`mZK9?Y8UQ1up#c3v6D7X`IO;$>hK|PrU$_D1qEXxME+)atQ z!bw{xny>%|3tha8w-T`4*HTL6cHL&qwj)}$wIfShXxUbTOJaCK>xoP}vw3W@dMAtr zhQnw;^<%5H$p&i&k7K*TIlnU-+?sjvCJmQRD3oPO{H&64fQ{W{%kEX6rd5S#`u+_ zEz&Pby}$(xLRiuI)>NIMsEX%TeOu^wq;L+-smAiC5gMoy@~N}h>$D=KS2OI>5bY3S zy+@T0Rn)tcwW79HPrrkA<-Ar>zac)8B5~jN!|4jwUsSihvi$f)m$ckpf&E9AMCMaT zU%hw9mP&oAP^^kuwXjP)x7e);*|k5b7EeL-OwcuPz0_)%T_xE|M7Ii0*r^Abu@Q_J zf9wS1WUV+)NxmxBs-CMVPp!VfcRkytT<=B(;Y7QD1y5Y|OwI(5=|i_%*`2VMkt2<8 z&dtrApZ>33POu+G$PoFqQEq~JIsTo zwHOfVdd_E{+(jy$4S#ao(1-3a3Qtd)l_32Ek-UyK?$vi93=CA9I`5SqTDOSmt4|t| z>_j6mt$^r|6;d*)7xqfDEpg0mY4+xNEzcEMUkfW4%w?F`@t@>pDR~dmVZgHRlWVR? zmLFpfpPi);z6(`OiA1`VoU|zRD+e<&L<^E*pQ<#!JwbN2!`AVGSSKW*2Jl5Rc%j#} z@4x=>@VTy5sdgd@Ujm^t>Q3VS-mvnyI^%>Uz4j}-4Oih570ee^XS~)ELWK;k!qe`u zT86S6cM<%Y`YL>a8rzwn#~EMdiqhCK7)DFg-nai*Z>&j2f4XwWU`LZgcy?akkteCJ zc(szgsK7gttUBGY%PaI~r&lL8f?TXPfocM`QKWC=cDxe))~>W^C0BF^KYinY4(Y0d$Sj6+#-Q!Y2f5F?Zx6Uy6T zdS=q4WM_@jLBw9cq-duihI1z*yOR-Nb45>6sV%>n=OHgA${#$b{FUA6KKafwxDq#e zBlq`!(aLs=s;9ls8y~DHJfl*W-J=eZ zELXDcU8SVLoi|?AE>@f&Y8ASx)@p>C@^Q{#xUlCblu_N{oT{O=!E69e&dln6iMlrq|{1& z6a(ATl?O7f?yMkM+M!ixJAAdG$gF~P+Ihj(5Cu%}lcrP%l@I0?Px_I%zS`;~rPV{5 zB`jycCp6gs_T~L7kWgITWG|t`Q?>2Es@|6;%=d2nPrSMQ@P})p_t%^c-YS3nrGENq zznS%0idKpc?PlPnTW`pI>YA8 zH$XlVx5$VzF43lZ7-mP$UHso@zBmVvF;2B4x)fZ^F?QshoXP`E`tP`=B^uop&<`kG zNivkmOdKRQm_YiCYbLGDh!}C?8|%th9I1wNaQMP(&VhCq)iE-ang+i&T30{x8THp< z@-CsJ?kVpFdzO&u_m|Az`^My|AKC&0K$bb(ykTso>_ksAuKb!+^=jYP|I+T}6EQ$^ zeJOJ>zx2ERquu={Uk&Yl(eB#YSQ>kNiT(dtF4W&iOfMm)zx?XsPXe7`#f#5hEJ=)+==Zcli5szDk*-`F^w}oJ2h)_vXWWj z@fa1eT>^>)r|tX3A+bXIk5ERc)-%nWb<7%<2wn{6FV5H)E9*}cUx35sbPL0PR{428 zYV*TS&w7MpORS1&3Fm%zwPUxW_XJJbJA`i-c_$^$bZ<`M-J zQ234b8ypy2(>Vai$S`CH^mta3){HFJb?FxIPXvo2c-=t!DUJa-5laUFC%P!SlrF#j z)wA~deg6^e8&yMkC?HVS*mn|m)E?~cNf!%)^ckcVN7nU7L-&G3ps<*7#WWoJ7FU}GCq(9lbA{Gt8AC|Dq1YKFIkKWueE;ErgD z&_5B63Gnw_hp`nRZprp&DMmf8)wzq8um07h0rv@cp!4laM!|H=ay|IIqWHipj5GWLdFC;_FfwQbz~E5LnWUFA>|0lMY1xLRSrqLb6u zDbn=c34#cMRYfEjP?Ov4b~X$#rVO}+&B{dhN5nr1$e<$;_^kHWG57hHK>!qyd_Owt zntyA(UNHB6_& z$w73IfS5{Hm|S=qfbUp3I$eceCZXcmeuy*VK&IUja@W4Zfw9NbMZhew0=wt{^F;}; zo?FZ1Kt4&FqmFxEe8}6^yTm)mnnIj0aW@)Xr{4z$k7z}U!01sMBnTscox&KP7!uG1 z2%~3GfoU3I*r#f^*$&lI1&S-Xr>>M1Q7yPgkJ@e$e$9(D<)ULBSquEx+-Jl3D)xQM zB!+kzalS)Xt!y2ro(>8mnW>CHwoY56j+;d0*fs3p(F#s_jR^s}4ndXF1e0k6b%^rb zk~Cof&N`mv5df#WZMWp^+CAuQ-I7G3g;js)uz`4Qz_@pXt%Bb?@>#)_8n}!>vXReB z)6VGpY_(AuDaaSwJbj)wOwB`^F&QpA_@HZ825r4cLg9GZhN*;(yLkKE^^9putF#F1 zM8tjVaJ@VIZ4N|Aqxhz_1h%nBk+pN9A=1paw#jQ*br-*BcWg@OJpIti86!B4L89;)Y*3hY8gg^FQ~siNIi!IMttbHZq>M72vXprEjA02vTb1aHG2V5Q zocxM-h5VV%0G4|c+?veSAd?S_%FE0(wGkX2H8BddD_S?;dSlDk}&Qy`x26h2Y+-jm=MpH zQv%fZAeCX@MwIDh84=#5ku=!hnULX|VHD)Su5kaT*qveK9s0layCwmtOoXpKH~FvT z#{co!f5uw+|1WQIFm$o_yRXHn=*puA0(h0%bhXhY!&QLz5mB|FX^J8`B!nbn7+T3} z4+q)}HKz>R+tzZCpUGe7&!VyLeOPb5d~ItBxHL2*y|bD5IL~_~H}n1e`k4M3ePf;= zFbEe5h-3+d82mF5JGRcx>2~k%xLOP)Y$52@35Epv3o{2eOI%ElUddZ9xn z(rzYq)0z_F(t>03PM$uyXYvL_oTdMZ!3*x-s&aC5aD&MH_^s=v;kZ6HKax`rnfJyo zzDGiB@FJOaSJ{!JB(SJ&UA4*r-Yihj3&75(q=|D*zL3hp=$)U>3j{wK%dZ z(d2du@o+b|#}4Z&$Q841`?JiJwkU^42{BX*l=8>?=K<1aV)-#UerjfXC70>o8V;cb z%T%#IDLA801retPM=I(S?ZPkQ=|zc>4_T>kQa zzjm^}W!0q`P~ODRwQT-qKIKE?=zimMc%@{Y09HI_19Eq+dPm z+npPoPrbKOpPbLY0kVJ8VF^P}mntemMGS5QZDp*dEsqSWX9I)1Mv)?1Fv@mq&>+dP zUjZUuS-OQm#s^x=X_=I(ZFXF>xj#=5@to^zIbPH@e#Vu=_Mij@IpFRopyren;YEY8 zY5X>*W~(v{d-(ZdH&9J`RvV1FxLvOh!6G!LdBgu#W#)Q;9SlwDqoC1gTVASlC*#)4 z;)2UObY&H<7^}1jiv;^j0vWc}Oot@BpsTx7qbXHdapJfZ8+Wmtn1F#V6K{It;o#-8 zFS31T6zB}1h8kFW8Ceo(o10cA&c2lf8T-^+PURj=4RQnmhTE^xrH&j_#CPNl$u9u~ zZ2>%nSpZGL5QNM9()nr_=c*plV&>xA^Y4$lZ>;50$s2VBaK$@v*lO14oLUZ$<<`WG zInnn35>*yrQU!i&DT2vi?kvNF?!yVG%_Bdk2DuS08v;iRw7^jlb<}}Aj+rqqXgZZ! zGo4{XwP?U&qH5cbM%%C@-EGZOzJ2^YvW<#EWmJ2CY(b%thydoo-PViY*r8MZ=6qoj z8T3g?S}b5eyA&Z zT!D+#kY~nTaea2@XMIVcif~d=b4BkRdINA&EI5c7jOkK=8DH(1r}f`6CpeL^UyBJq z_GPvDD6j9jD+4d>1x5(MEY2g?YTTQWEobzGF!v~~Ey{)x>SWbYRGm#vSp{|qhOy8( zTs{^a%&P(<>cv$u8Zd~`y7kmFnYmv{1nDA-VQf%6876K8x7M9tc=lf1XcnQjNOt#n4xXNsz9Zr(IameY-ugs}F>-dhfoKu)thBD-P2lz}7nCkIf zNK0G3+^b{s5g8G`C6M+f3(Je(X`v!IrJdi0xJl@t_ld!*qCnJ_z>CTMPLAp$HBx?y z8P@!xA%>O7D6^E*7jAz9P}M@x%gC*~e|}6eV5KWDa11*0s^81ip|$jg6= zu3>hgc|&XH%pF;vScm|nP~i@}+@sX>UNv8z_Bq$T+BRbM-?wKRT+BJ$CWM?T|;RA=hS3PXDpAmE-@F^d!1@y?g*@f9-%OE8+ZeK;R?-x5vAi1Zv9?t z_2RiHC6uFCgGXQP+_mM$jhyWgdH9aGZ6uWQFZT$F3j&}+cSAa?Hy1`ERWP|!=Z&iE zPWfEV*k8CccdUk*k{(iYuW%Dl)M?+3q9&9t=m_5#>^Vpc>G%;!V`Qs~v=S;CYPp+X zNC?z3pww=XHLtz#vO(>rXAjR zmB(H!jMVrjsCFu74Nj)DSYOB&nlV-<1~Xi@1y^9X`h|8>ph4R2qE432*x{y zo0U0z`pjxMg+&)L<6khlPVs7qdTV{$ulWr=XOes&HppH&K{kS@r7_+9Kx??{77T|4-;5^N|OCsxm7Kh(PZ4s2B znPX+iQ9kPa&p!GM;$fh{ClfgXR*#|o-= zJj9DVZo?7F%>XP@UnLPzg~X?b_xK8#x`KKj=?<7Pxfex<6B^H^FmbpQf#L9Zr~L+ zMtXWB

Y`p%wFau{z%&ckaM-|6)0cjssU3)rLbaFl~L|cWa>PzKH^#Y7(HrJJ1+! zsGXtTh`-aw4e(LsW|dce=4^okR0jEjt0yg;g(as&eI;g(u5X;#)Vw(e zLklbS-vEwke4wFQb}J|+zQEq(x4#{0_Bsx097V91P%5vV!!ec~zh@kYzhmc#vov>3BrnVbHxDjT0xGkua1@kqYyu@Z! z;xAfqw#!!8Uo?@f4eAKOr^X;=o=v6PoE@{2O05m)MSXtidK>eoNN%nt-n-)z<-1mK zIA32W06@Jf`(XwB?2BfTkXO5v>5Mm@gzz+S{PVppB|8N{-q7bK=27E|-RL`>+OJ+x zfX?9;bC&SR?o2|Ht( zSa8uU09c$uKmxK;kP|1xhukRVnA_&VqPK40G-!~w&7&qA;|EFzA=2>84X zyFEr_q9Lj>a?>^Q3DhWDX6hjhvIU;RjHL$Y6ut9F zyIsK8;K*x-O3#BWch7Bc?l*M-N1))K@US6(a-Ol4sM8fGVB<(kQ@iT8rv_O9yRO&> zXg~a;r9*h!_tgn-Mw+l6N3>w3lJcYj5#R}P2}_I>H7C2$+b6d;v1+`PfN+-!u_#S1 zH$(vTdp-?zA=Qevi%$j3sLWG}W|9<3%|7vk@llM}gwSq=o0R0AyKnGT81sp0SzdpV zaQB8vJ%EcL95lv|QjM0HF`Jy6WyTzH2sA2k8>v*|6(x&l8aNMVT@vlaBx5W&O7~f2 z=BA(}8gs+~MYk~Ql)t^Z7|9KdwbVE$QKu`_DOzXzc0?8j*JNcs2K540bFJ&j7zl~G z&j47sm$J9+cs1o{o;E6O2>45ljgY?IFY8SFFo%YoV&Uzp}G0&bgEAktapdb`&(TH7rItT@s z1O3D|HWVX0d0ULuykp^*tBi-(e?Ld@wt2CkLB*ZFD*8Uow_6bgUg#&}zySW`cNYc? z-fEIQ?X|DV;A1ZkEhI(lBpngLm=b<<74f&?C{uxdx6bYYxp}RObh$Eo;CXow-Q)fNc9Yp4(4SG`6eIwEl|hp28>0m>gMEddrh4F z)9VMsnSX0=C?xWB7%LBRO5Pzp%M@Dv{yPaP8Dxm$hfCQTDBHXuy{jrP)vyS$4XP0~ z%9>XY64khGpb9aUXsT7p2?ZV70NQ;hGhu*e_P29;zC1ggD{CT3&^*zm#pvlH*O$v& zVVrbMVs+uPS0P2Fj#z--Da74!|6i4^x`Tw+_b;xC{@)0aQ@$TsUkCgDe*PD#lhc3I zr~h-9ku#lxlf8qflZ&OPv#Ij7eKrH4-?hG@l%5tP@iJaBc^Vm&7O1j}_G6{f&bMj< z?>5ZXviEClYzv}T^bp@|U;ZnNUo`e<0<(eu3fikCo^+xiWbpkhv+}HrZun)^L@(o;-qFk($!8m~h z2FMkK)CLBMdwA5xJyS{^ZhJuqu9KiNB&&v_GC&iVn=f0D9ZrQ{QDf{J(!nqIjajFQ z)#pK(xY??FSY6M2BFzD2*Spbvu_p&%9$Nxi=h38DrxcGFos$N@e;xY6waFTVm-L+haMZ~I;W8*UR{Am z$I2yXjliL_zdvP=+JMnZeq`_--XP=0J7$q{gRddAX}%;JNTw~U;O#xQ4u422grgFa zin;tLjBOY43XMmdnzEW^dRzCAo3f%2A%%9LJkMK!Y<-Cpd#Rnb;4*xVprxd>ROH$n z^jkxE%O4phmvYCoEYM?fNF-R!1`Z6ny~4D!nAmQ5u=S3>e8oJD$L5$}6`iVG-ek?@ zfATlnVY`q!{A9}SK87Z(-5a(o_W#SsU|tz>V82R9m48Er{j;3=Z3MJ5#N+eklK(}-4Bd(Fk#tF6x zuORQ?AEH!`M305>wM+3;T-|O3U{r?#-OSDAGntu>A208h+yUkuDS<&D;Hu)tlwq5g z`3{SRdfPl#xoc|U302&AC~O$WrB3Xz)DqU?CmMk>2C(ma6XKg(t+MBr){E`IyQ}RN z9G&-eCix2ExvPA_PJ>&G(+T#|(MwDk!fL{DV_bKzYnTP6cLWCG90P^uA)Cz+2E{Go z3VxIvb*HNWfnTCXfzoR_5V|lH9dnBJ`qbpr4Av%|U1}=&4JV#g3!alTzwjrW zwcEKpyY$z%oBaZ;Jgz0pR@Z0DpBSqlhNbr5v%zj(#JBGXAKh5cTza2HlI9k8Ud4_W zf|S~ie+;g`_h7-N<5e*7Xbf$pbtjrQnNHA0@FjCAsk00;^a%_p-ng*_NA@Xy1fS>1 z)e2%(UnXeV>)j~A%CzV9jSV%*yEXsv?9x!*M}8N%Fx5IWx1K6Oz!B{4^niOMLg#(} z01yNEdOYAC3Xo069fN;nAK=b)3VDzIfi_d&6MmJ*3({_>Lqh9-Lv>FOOQb14ETmKd zEol|4aXDTkYmK;PyaX<7xTjQ)G9nm`5zcg?=!o`C+ULVdAm{iM%}&om#jnW1C-@pT zUA5Y8@Cfp-+T%q>szRAqjw_NdgeRF&!5}1MT|?HuRngTiy_PPy5 zcF3AHH>*3pRn@R!NT%~@v$d68hn?FgAh_wYHR$lYpGeYh4E-S3eEmsyAbj7y4%Hfe zuano3c`(i!n8T^H#*4qwoX4u2OCVKB)JyrK5>Jc@9EMMc?%@Dy1FW8sh$=`b*Ax7HAr_D7{?8H5VyGaM_-t>7IgJdRA;~<{CvuG>p^lLy1cI zScxq(6Nh(Vr4eoI6O9E*casmlO?-)?-x}sQd=kHl{5}=aQ?zXH)y#|dJcy2w-w|aP zxGky0Abm^~Nc{$sNrA0C0dz=9^>F?mj4gWP?ZbYuHH_R(xZ%6rpoaos#cmQ=T{S{{ zqJ^L7Q^-^&z0jW!rWGW4uT3i7B?rO~zsql^QQW{{*7%_*($!G|D1Qr2vpy z;0Qc}$P^5GSW9u|1G+&x>olvf*Q8+HXw7Js~ z0=&zU0Kbo7*AHbjtCtBdM3mHS_*LX_z~>%9W0dNac&3tU_}b zQk|AM@gmjLXI#gi8y{Y1so_bTtZ>yGH>*n0D&5Z8p||4Fc4LPCZZ^j9knPYfo5qPm zxni7#T{XS->ob$wU1H;<_PW%57Wd6A zgS~u*g>C+b2U(6JBYYEn9ww_gFx^^$f<5LlJPMcfK|YsI#RJOK%;Q4?i}R2drZzfM z2=1`F;_MY(6jnM5l>z_2AwZpl?>pfhCjX#glN!1;9C>A3UA34J>wi$3M0cdg1iusl z;(yy5|9Q_s_y6PD{5|;m&s<48H*hjB@YsJ$lPp@=dt3OL?)gqY0U~moQi|5d+`zyD zY4SDP@$8u7sPz1m+_aP|oq?$VT@b*)lwtjcpd?s2is^o#Hc=$U896$-meqGIw!zF~ z2X;ngR+@&A7C39q2E{0}ax@OI*;YuX=CX!0kc1e--ODP{m{Gyd%7~6Qm<(-8A>8EX z-1`VMB~2g&*wqOvxc4$G6T~Hk!i(Z0kfo84iGhiMIp7-#gMtR;YJiU$VtgRT__4_j za8sb&x9FR{u4Ew~h3-iQH@;qqg?2ynN+dSFkaDCib{IFgiD9B?6NL}K3H4> z*I*qVG|8#G56+~}~l)NSpDtl7QO>Rb7Nm%2Zb@V0eo##f1dk+j7gMF0N zVrl@2{y>pm)brY^?Hrx4MjvQYiK^N#ix0aMsBqX;XVD(jo<$j`n@UB7K6lv=W!MC& zR@oyg@0?xG9@XX2EU!NXFasXV&apM_xm)O4rgrdZ!Ky&<_V{YW?rQgetR(41hdHrG zw2aHp0md?&&!`swb-$gnW6r9tsKb8`IAv(6(m{542cteuHF5sgc)8S>1-M!jlHxr2#3{~jyVsq z!&YV*$%=!wvz&l;8MX{mhcf}XVLQtps|W4Cie>s9ZqeH~OmfrOj8h>+VfyMet(O{pcB{97&X$`Myq77CO7jAncL}`S` z6z+dmpju;vVMO`Ou{`6IcbEA#Sb__^)P6@Rf2ekoaM09PN*t3&X;lpS2;rEw5%uhf zcZ5R$C%X+Wtl7G*vW20P?n4LfI~OyG4eQ6_cy;Nd#DbMhPszhF2KxEzGn(4OB9oZX zyx-n;4SjV=VX*!^M#`3#uiCMll;sDL%r=8Tn9GE{0;kth9QjYJZdW9qy~hfH&L(^3 z_E8Y>b@K32hp9s8kvq6&T5#WFBA;}C_mz-TedQ*&=Y~q{!lGX|#nVix|A`fR7`$XJ zw~uTxlSwsUyE~N+J(Oa7mBbz$ZU^G5(D3kFFPVu3l42VL#eVQ{WWj+GW$3Um;Ph5h z9|F$Hub{#5DaB08`S^mpp?;D_-d{IRJYkdqZ+P{u?y;9Mye) zVkWQHZwtRGjCOy5&rFMOd4}IGp~gHsL^@Kp2*~IRa&IWZY>_mNvhd22D;__>$w}a? zT0_haXl2umJp?E9sNgQ>o3ME20eX~M^@j5~WF~l1RACmSeV>0>@$O($ll7Ms2mjl= z_upOcD}PN~w=wC$? z2F*C^Y5`7`V35JNr)$@_X{|APEZ}I_)O-7hmaC-A&}a#sdaZcQD)XcXAs|WO-}}<1oXb zsjWDSuu!W>N)v|i{h~lmlkkHu9uoDQONaJphJ0+=*?y^AWV-VXBLgI9*i)dAy*swl zucnN}CF}hvab+%QQv2 zVtT+_`ziU~Rhy^*y(v#AGcLO@8ixC@UWFcEmGUW3NU=1F<8;Zai6u>zRNZo!sSU8z z9Y7St5%zKH~6$+Jx4|rzJrSHY4`e)K|7FbAe>3KP-Vyw}I@bSjH}K!7z<+VCrE@{s8B0^V zDOpP6w5=vV=qXc+BBG=URb(f+_i5s&$LfBbN4$xUet?o_k>GtLyU>j1B19y}lfmwz z`<&)8G3Ng7AGavqtye`&5|$Gd6UTsu%t&}PIvqCg+PCEKZ3p%#km%a^bMSJL@L@YD zE*NRX^YGR65DPdVipr`0E&xR%3WS`3B*@P>gg=uEYCy492sTzi@vYrG}zowlz#A$vP_2`%S+HF(VJi<1QF$ zGM10@C({6aCyLXsS7#mN7)?Y_tULx9(u+n{Nm`sO@*(^La`Eoxbq~b}yQ!S&PoHh- zw#)}uit3TpFNFMZFSv9wIdMtdn=v}%7TkmC*ZT%?aM^~|c}A(dSi+5m-i5>{1LYgI zvI$D?=E2jS?cMy`tsq2Htx9mkme?p#ZmL|5f5=>dDasz)b$%Dsg;5QS;^dzEKb*Z& zoaIfHE?kwiciOhiO53(=R@$~JZQHhO+jgZY`DORpbLLEcJw4}~i~mL3ti68`D`M$c z&srIR>(4_G6yCxdihnYPI;x0X4aIcWO&PwkMw#zB5!D|NCbHX08CEOKt_;}aWem>nUSnC3+cd5!z-?rbU3Sv~tcl0y!mE`^!vt$6(5l!~v z>~Q{CcHSz0TZ4`ha4T5{rC!s;-##=+rx=;7DB_jKWWanDxQ)Jl$-rx?y+6hL>;RO3 zH$EC;tW=Y_X1YR{9smhFJs%pTT}L8dtnlag@5zLuH|q5`}wW#UX5RAae+aNz*0+h5b=OM*U!9O!la$Ei4yp zG|E*fp(=ycEE)=-$iL^7R6?~ZJT^5pxpZD$T3DW6T4=XSKV>o{h^N@Kz8`-auzmRq zZrx8E*T1jGx}HD$ioa3EXS?qTM1OA%(>j0*X9Zyev*`01c}a_I#H!E}h;61vfh0kN zcAz|}px;46vCK0fM5!`|8+cs<0@gtv85R951sp^=q~Eb~Z)W8st%r|rQE%a&zPvb4 z;mV8wt-&(huF=*4XWL-lzmY?T5NV5JA`$G2ivqnvGLA&D2GWZGsO;}^CNsz#d1>4K zc~l{1N?OL00CJqUkQ$j8Y=@7#ETu)xBp*ErH0@56`vgh?aEvBWvBD9INSgxEI78ITn3nHCcv)D(n9IyRAVF?B3nEQQD^TA9$itDChtVJe9tCNv2YPn~qa}q( zCF}gEBHn>^Ycx`IayAe>p|>c}b0jo*ND?EiY_xEg!4eD1hJtSvWH>Kz!zV))huo_JD)b%MgZ} zWStHIS`~gtwAoZ`T>6BQh~E{DI5}4dJWxtn5E_| z6{Yjx4EK=IX!YIICRji1>FR;+ibwJ%j;TVz|qLBKVrkqZ}s_k=atz27i80r0QHk3vTd_HQqMr!Vok8VTlv*K zh8PJtp68Ui@))LkMNUxh!x&PWCt(VEg&&l6 zTvDExKauK%l(3kk6W!w!u56IAdwJmG&+UaOIfXY&4XBzN=MrzPLR7z@ITM_yWWUm?`?*Q_Ytn-d*Q< zz9WMxFQ#PjggYBI4{A)2Xiq^5V!eVRX>zj*^_RKMFCLpCPm^bQEvR#dla;G0Qm=J$ zqbg+Gz#>oYabyNKlPV@-9j4@O9y?*P+6$qnuWxEDiRLjxu&agdLzC(#`5E2>of%tP z8zXNkd1MJKB&*y1Ne;8!=R?=OJy>f|%$GE8v1;*Q16;d%sOwUIw~2SvR#+tM3KYQ4$9QY_7RZni z>T)*6$8b5$oCMS)a;aFB4Jm{1Cno^x%5LSI%v*ow7wHFdw}fdqN@g91H7l)wH6|jf zG+=eBq0PCXdBOOJ0JvM9a(V*xa#l!@8RJyC+;ZnCw2`b|pYFrY2h(+ZpgU0&6@I*)7!y|WJ1!$QP;JZM2Bl=Tj?dD z(Ys3%*U{v_JJ6ql8H{&+5#|gP|)ywg!V|B&%a- zc0lB(N_$GnWXN8#YA0#F)+g8cZ)Jan9sW?a2RNFBi4p}=Dm-zZt3dzDa<>tnH!XeQiBaG-OUD;j>4L4)>3_3LNdIFjvE$UzN1f~QHtQr?2 zkx38Qmo%3LD#=mlgn8XfwLJ|#sWs^4CHZX7`(6cJ&+{$+u7H`(SEa zqwYYVa^v~Es8Ltu;-p|gLbM1JVRzpc89XfRBw|YZgvUDSRQ!YQ(+nWe%U^ zHOPXp=i>8+-vxeujfBdYONp||ha%ROP;j2l=*Z-+RJFEcG_FVD;={0S!>!gLTE=w9 zq`*srk6Lv!Zb=Eq!h}>xydF7+^-&pc7Y zLo~@;$dGb)^$5RqWicyp5>aN_*HB?^D)k)8$aX?S77ed4#wQWc|4E3@5&rGeLy%V* zRK%RDj@Yz!-t6jHs=8dcdc}BD8VF4Yp(t)d3HNDrF0a?lH9cfi)eBmJT6MWueBw2 ze1z!FU?g>>ScF2j6}<6eGi~YPDuzCPwmnG|(IOZQ;Mo?Jyqcr^x+x=gr10YI>(krF z(;(8R6Hr-3s2!k zmveMSUI-(hHLbxcv&Q-;%X%dkWM4v;9>^&TKR?z88a-Q2&#aD}B(y^kLH2wv-7fKV z_;EnERiutFhrE7_inJfThZ~`nt_d+mAnW|mkAh$GlM_p3_hkn?Vf~f^{D2Ad5!LJ# zc6Mq^^t8>~z`>ziP3D@K?jtMpJm1tN3WV$>%b?1@MJ_K)JiD}sI1O4IlCt}JIl0R& zk%r)IGH9>zAg~y7yxP6sjw$S)3Y1uP`$|Myq!gDH$cCIDPG~|^A$|^v=JrL-rM4d% z?fjL8B3rt?&=20g$!F&(R`bgdGZodv`W9&)q*8l1@e$lto`GDFE4$Fu!bz|AN#Obw zYawr)H&;swc!$^Q3cekiY9mjyNinxm4bvmThsYh2-rfpS-e~b_gXP6@st4QP+w^$V zTiu~)%$B&w)|??B8k^M3a%Hj(mq!m$lRy3YpA4=J&AL7)S3~AzJ?RLxRVII?N&o77 zQW;dO<{eD3T)-lo-SP|oah;kZYmOAit9zl3JmW`C5@a`~D^mJX1gk%!f}*4Xn`?mZ z>lHqK=z4!L(wh9?_2?|<^l5V52pMHneIsW_ko_luvNFY58H#n1V7Yo0Td1eBX1SA- zB~H5B#J0;Y7*2yJ8KoV?Q7$y}jP$~dLXJl+es}j`V|65JT0i@_Q+K|lWO_5 zr45Zz`;L;B*_u|K3lgtV(HqH4EI&`UI2^c^p?5ff6?a(W^md#cWUqX0u2TH%2C5`C zM{!7s0ZCY`{XJY$u4K#U^HnPaTH5V-7lVWkiq+njA<~!gdDVrp{>&b9xixid`}OAe zF2zxtW8wK*x1ah85xKnb54jKoi3Y%9=5?i^Gd1#d_d}v zg|;#`9)LK4l)GrR>j)~$_(HRk7hmn%Dm5$N_QI8ujIX@Z>hUbIdr!~!ZPc%D?=MA- zurL!Fl)DDJtqMjO-MY@l?t*W62{vi~Obd0^RAYebx(=^rvr2grm|bMeUQ6pMdNLNd<)J365Q2S zaqw$x-r_S>uSDrL2&(zl&l6jPreREeB7Cw`mcTXL+cehNfOvBQuqo=r}rylCESN)tW7>JJ;3|3@M zuc`64dgwlJDDVd0xJN!QJMx~Xw(pd1_7B*&L|N^lKJZ(8`-#SQg{u)i>51J|$o{O* z3A5uLKBqm~i%ktPDa2HdlenrR@7H*K6D5vDONG%f;B{B$4Y3^ycuwYywjFou!0j!U zpmM|5PFlX@aSK>xYkfl1Nicl&D-Xp?-f>cX z^FBNqw$)nRjS)I%uEM(ETIPA~v;^O>;|b+!hufuDmVX<3;QWv&_&9sP_&9n&{^+HC zoW=&WJx*~IC95?JUExe|fS+&XA1FJ}aWQdgiCEbxRt>T1vP!b{e8HZIpH{$vk0XzL zJ^W2ykm|H9KHP=HWEA50{m;M-g=sam?Ktqk1%KEVA^J!XmU2ag?j9u?SIYeZ7x}xC zn;foxx&tahE?n7NtYV5pi5AD9A5}Z|!Ewu>ew7mg{!4LpOiI;vp10;eNL3jRv_D`P zTfGijysRHQ3vxkOdxlO4Z@d0+oB|T>)!<51hDlY_SIEe17a_EDpHmD{!A~Fq#P)4) zPoEOUH}7Z;pL7Ntu)od~q~X!kPZbkC1INM04R#vU(_!A)T1tMPjd3p(GZ}+f&f^F4 z(Z+Sk6f?DVs2$meGSDrq?;aMKfO~fFT@Gu$-u_fUV~ZLZ3qu6__LAEB#t40Fde2+m zh}>Hm%~7~ddytX;0d(FleSK$yTg~4t(D56_rQs#|md9E-#NIm$;@2ffe7|I6dga^& z zx9$%rKm>SUOI-|qUHG5uR-`OVf#`t= zrwKb#J{z%mDujhe+0Pe1B`HMJ7Y2{+VEfzCrWx@MLCj}dd8Hkeb1G>Uv~W}!U^v9c zpJy}}GGad0iSJ7x(TcH%Fvdt=5^wL&rSTHiqh*hI9^L1CWGHT`!igJKu2-YF7P6|c zVYXKMQ5ICtP9KgI2Ymd>FmTPHqz#cjyQep4^H{C)z@PGTi74Or?Z8@Is$$Ea=`4m* zzbtSxC=9YI;4Z*pA`U#YtJJPUn@7f+uc=|j;rIcV^P?(+wLDY^ERYPClcJgG#dcFN zl{-raHVxoDVs69AkTRL!b78=DIN`ah(|nzvW*);ml*jCFIOvjO*iyZ<5p^2xW``|D z$K9oco=do-Yc1X=oE@^CMcF&q(oS{2Sqz13)_qhsI<*OVM^Z z#&j1WyL4qe`fbdr^n3Nw|8y%B5NJUHRS0hEz!7i+3={Zmd=T>`auC_F_J@DV4|mAz zwtJ8oU$QF`btT+|l;D!tt1QR~1K7w*eqpFUfm7wqdnCarYV2HhV+rSF43Ld}GTS3+ z31_jQ?ve5ad%CiF#bt`uL#v=~jl6wfA+0-a{M?K{L0oH>?LjbT>J3RmDgLybra#9q z*g1z)PQj#SOI$Wn>qza5W7MrGGC3@D)T>x0-a6*EmtCZqJ&rc!xM5$vyJKA}skd5~ zlv}Y$As1N*&*G}riKa;uBtbP?lLoVt7*n1Zadf94tC6|vxnWDUJ4arDLLwHzN;#;` zX7{DwBM!MFmRk5ehUX_=juDC@JkgjXSk}n!29|U9kQ}&M9ei`{+z6Gm2WtN%wk=x) zKO4_w-gs;tk?+8ynI&5v)e6n`tNm8Al?(?8ewHXJhvc^%kDzI_OcGYDR4_Y7D~4V3 z8HR*gZ@M|1>-;Sc+6Vq?%AGZxnctIkxb~I^n=2aNO}YH(K0MAoGI|GvZ+(#jq0a{XaJ#+MMyD2FP=|}{rxUk9qtDwXGVYJ)UJU?3x!>9 zdS?DB`b#!}tV0!FN^i}INy+zdzmn^W?VWr34z&o8hzBQ?+IaKYWcCo~OC;8|#=2DQ z^xgt`!9=YVs1^CJmxLlkxHfEWk|aSSRpk8r5Wzb8pK0YEdL*KyC(!rxXsP%*Q?7!e zV#Zz=-aB!o^V@?(mInCSsx`Vz+_aJ|mWy)=^9h?7ekj<}wE?+EcWpoIwV6y@Z zicb8}cGK1Pso5e`4(OqmqU|ex*@Z%=b)fx1clkLA+k^M{c;@nUAk)u3R%#Fn!3qh> z1wE&K1}mPOyM4#Z30?!jdP1l1G{fP0<*B|H!x+iVS2{9auq- z-K|x}q-`)N(_{0CN}VUN-je>5?O@C4MQp>Vvh5&IUgRb+2u+@O%QNhq>ha)s|NSJ0 zViXSczV^rXzrb&d{;4PDUqB%K*AD*6&C`zN`5W0%(DpN06e_BQ+qXu0c!UZNeh6|f ztafMh{ovTZNs+xpYHr^Uq9hWH&-EzjolM4nu!%v_9B8PU-ILYV(BS~(LUKioRYt*8sf3KN%|3;$>t@O>U9sjL@{kecpY}(Azqw`$pis;w$g2AAdx1_8=pOqm2f!fPk3rkt7 zE|`c}sp_0HWo5L4XV%`CY2AF|M%iNmZi|qBC?IZ{{@Io7xM#cF?Fo7V*7yxHxM`GB zYeI-SiMtEik!qh?(Pqk!M#-RcWOKpjtln;{z;im_y9A8o@t%Mk%^V~jH`lLPXgU2A z^&CR!sP?h5w^c@^AyUae!<7;?cj(6%W6I196E)q~r$e=av=X}C)UZ)CW5K0j1+d!K za9r;?D>h96yIM!H$Erd7+>J~a<+brd!SONlfr`f_1jorrqK$kd32Q~@`_rjh z4={H@qewdqVMSIR{w+kz`!Qq_5AiJu7vJBpcMSq;nCo8`U*q56pSb^@6iC|E=pWQn znTpo3^Li*e(`~br$<`C!8E=EooN)vOOJ=Q*AbLR*NopPAo=??jG{u+Gsz}bNk;DSc zm^~jwF|HMlamZMzBxQgk_zkZo80}$X8uurWhh@mFx3gZ_z{~r~k6swy;qwJ>00{qtuDm_Q z*Mx!KeU4qIexZlAgQBG|!u%OZO7#Pw40(nKj@tMY!R%a}#b6z%(a$3BYDK?XJ@%}3 z?z6_roY8e!S=RaVxjouQf!6>&+5H;URLvMBp__G5D3z!~E^nDNWCSh?cf-S=<~#0Y?W`NF6i zZwyD@W{y>I-ZMG494~>7f1l_Wy3HIH($f$mUzjH32d;v>GDYng18tTsq~{r(XOhkX z8Wg65eYQ=QPHzoNSeLJsW(sfL!iUe0F*U?_3yvXbM0iW(KxnX&l_&LYfR!evuaQkL zJbwD|yJ>CUppg{~M*1HC#X_n%#422Y@C3_K_P7}PcZ9JI3TfUZF8=X!p`a6mFg%=} zdo6Fse|webe%TiDeO2SD|4TLgpIH~}^1*K`@Az=qZq>|<6ji9LVqkjgr-NPcS)TH7m=>ur2n-obOEw3gcGR$qJi5BgjrRq% z8G}+t6vrJd*1?|ZF1Vc1!DsIBvY2ynLh);Oi8eV&?f7|%9^MYP>n>5Vsdb~JC+!&S zu|d*fP2}Su?(^z5OKoHz(!fpl{=7XY1hfe`V!Z|BoapNhvBCJ34-uP;na*+kYJVf6%6(6(#x! zK#xcx@>`7?-*{6{HkuhIB&u2G@uujr&*U2yrKV!O0g$r200433Sy5y@iLaVy4g|}< zuT-XXkIKg7t=IeGYP#)j8$!I%2z{7@oOx!3DUKV?{S~PyL0C&iX}k92S5Ti(yX{4n zi`dI-xM-3jS8jc^*Xx#Wg6kbMK|T@s9NM1dU93@M=G9mv+ki)R8DUn~^w;2HRI)1|o`JL)sqACMLv{nRWrSai&h$=ft9Vr%2g%b2GNxmf2RVwOXh<-n zkn_KZLkvA4`j}M9Jd^x*=4blpX9kX+>aNXpRynn1rCFC|9LWf+q16*i>3x)mUXPe^S?Luxb-@ z2j~q{L*#YHy=_a6G6;2wh_cvL>&lv=8K?@^bwN(y~M5E(yUfz2O%#c32j-Hl)ik#gVJgF0n zO@x*#F3=KqD6$4`13x&-wS{Fy$S6D}_M$-`6uMS(39r?z`KlY(MQ7OqvWwm@3QiZc zM+Cvte`FSs520vk_B^MVd5#XETpzbbAQ^PZNu#81lH>J7V?fD0~E zQ8R}{6wFWNw%_WdhjM~NEgfr@;9A$)T+V`NI5bb2A#hG3=+>W@YlXjHBN1W_WJbrF zvTPCC#ntLFmWV6FEOWw7dkXa)1kYe@Nm#C^$b|yuIHPe2~grF%yn5MCO~v*#9^fQwg>#H z>y2uarfR;3+f`+2(=l45{q=QvTKAjIzOXN9zl;eIZ4u!MsT(ujZYwhrK%AG>+BY2r ztJr|lmC~t?4=;Oc1gvGU=BzVFnc|bY==&8tHuFeg)0~il1yg^>=aeXEdZ`*_Fn-)) zLW)@MWeuA{pd)W~fmQ+?8SZFzi(R&UCSy4l?1OkRla+Gl9TZWLri3O&xe&A_dLA}4 zF?MuSiA($-;~~q(N6wsQ@xHl;Gdo#-h}|fO$N1{Glu(z*fo%}LHZeL$23;o@8iZjm zW}LnHkke`FM>o_b+Q#eHjD6Civ637c`Xep3QsQX|y@J&2HZd&-mW3yC}_ro^WL4T+5OhWj5mpika!x5U2T8BReD-Z=52jB0B1 z$ox%bVh`E$SWOC8)WC<*Qnqd5K8pP9@{S|zO0`0bmARbk&H$~VIPh0-aUKjcQcv;1* z?X3Pfg-TV;pIEAZk7yc8Y-59AnS?#oU!(>2qvB-JjzkWbD>4EoR%Fo{#nNK>)KQgT zg&4*r2Wy~XjfW~ZiISQ&hf|hn5$pvOgL|cxy+nMzpFLC&!hfbF)NrGSm(_3ZCsTP| z?=HO_|Cmf~fBe46{>~k>O?iSOwm#)ww0v){IukzrJI#_^(qwj~%w@F1ENF+;c5pdhYi%2`u>vgGgLc9krD?~r;<;fW3o;I7&u zdM@e7RrAtm$Q)dE&Yzl8s|`0EZn|jm@LnZfQb+cygbx1ItR>qV9^4b>MB2rIwRUV2 zj{#7JfxgFtt$rnhM71tg`-$Cu*ASd)mEBL7WlinjO{Vh;6-~(# z8x0gGna&0b=ewi$AQ?Tz#oC`522k1}Hge7JVAkwL7P=4pgm#X~J;o}80&|+xh`Sai z?#kTYWcaGCKgs}5Zoxp3&G}*J@`G!E22zr4t7>!2wSl!wt)R)4OgO1dMoV^DJl=Fu)lf;G^(DKhv!u4!-^*;WiMo)WX5yNGy?(Y9{c!mWSr-T@OGnFCOTQKEl%dL0&s{P(qheus zGc~Y?SJF1u$Q`^NYy(;`Kiw{XJPprk9~dL1*C71t+rEa!@un~`hw&SzAKq?el)H$9 zj-s8PFveyEn_!pu#LGt!>JlOg)n;Mu#|tow5r^VOJGoJ&)p>ad^7YJIlp36ET8+^R zFBlKnVHv9*S1q7&GsW5RMrMey1#?y6ar}p(Hpx7sR@nH*lVU}iw7luu=k_>=v$M^DD5-KH9^Mu{{w8jK%E9}Qlmb`K}FM2Jj%o4hvbS=eHhiovQ)k~Tg_ zw#7F@Z)&}=2kqy@2Sd&s{Eoq4Al3EI8OGM8!aJ2G2WXUFGIVDur3NhrY96&ZJF+`=j>`pY9$!aAcoJ^Tlq5soQGo zdn|Wj7`sV2*pKwYi~^~fHWI22Aba@D?x#hYTisx==sYx8{WvNXIU!JGox+5znNh5h zN9XK`t^9nx-0MFcE8b|pT2}{myY0_2Hy$VBAAZZPE1N-IX5Lx=~S-`f503BI+~=^+b5oqLBqm2MQ`=RUKObgeVTK4&0oU$J-T z6I%M!LG!%fLFRH#?nTwjm=Yqmu;E{jg0w=)bCk;3FbK)E-pWU0N+M5AH zub3?|?+^FmIG^pkY4i#1R$Z&NiRIXv=JR8x|cEjz4+BfQ+ zv==~t%})`D-qrWdJIMz|UOfLOlZIPs&0Jy=7Nf$7}C@AAi`LhKUK9fDZi6;IR*V+2_ z)G*-ExuLUfLh*?(Z?K;A(oApzej8USk=62#G~8&Mtw^BEHQp(}Kb+TSoxh>f?7w_Z zj(6Dq=96B2-4Ib1Zn`h8f__*CC$D20cE{PZ9(o6+I*iF|PfacMHAl1kLS~@+&Y^&^ zlwJa8`*&kk3|^o+-@$`)Pw{E<^DBn;)j9MVPi8`1n%dMV2zAQ&!$BQu-two~8y_ zp{n#~RQ1y%;#D;E*jcYTH{h(_2|8DzCRz1jWF*ZL?cg*pMdI{7gc6l& zn&`j_&K%*@7+)MDi=7y;H<#L;rxkJu(;&MRDN0$Vs$_XEa?X&oa_!d*;#E!Tkxt+iiFg zUn8|}+u^_7A~-2JFf|%7c`S`seZV>zcF^0l)egl#9qVHeMyYZb_p^*%4X}|7c{PYR zHrC0Wp&$Y^4y7`18Na>Ig0BS#d_tcZo`1OUQd6|kJy1|OSYso>6`>6VCzjvzw-8M% zD|szN$CYmm)q)UHg-ud69j_BHihG*|a3iMLu1n_YMM88Fn*$i{GjbWEStNoQ#Fh=* z#;5FUrKi=2&2^n%H^FhBf*M?Wyb+RSV`R;$@!QZTV!;pLX;O3U+hKu+9H|5c3Zyep#ggu&NSYk`Hf~_u z*5N@KWbs6KX(e`3Gq12OGGU_B8MFOAKEdd3^X8ucl}qL{_wGo7)xAi9#$weoY0qC1 zwX1KhsGPcCayg?e%?fUj{OIxl?gza~&qsTEGm#wr8}5 z{^&lbrwh6f8YvKFLLv8qO+ZZ78JPf&>csk;#fZ&UcSj0g}Ssq{ziK#XHZv&cESxmeHz2))F@ew?6fwE?fp1VT7l#L%^4{`)@WbO{2sE}XwiL`VL zHW!#ecqGlO-sdp6WwO~pE9j3UA*TR786?e`Q=fh^MJam^?C=Fm2RfbU07!#EQaD>A z4e21Y>61!)0{!hNBkS9IF#ZY%pZ^QL)j!7~|AKnxpMt`_KV>TBj^<9b|A-7TRVD2d zmC-+B(hnZ({h&ZK5<`4vifH_x)D*|c8{{s4$x+56ZRXeSlbORtr8R#bRLTko34sV* zu$$qSsIe0{+wGnN2knm~F-_5PwmA-t%~C9VcDITr0#J1qug{X#s(9Z{VFop7HmVl@yJ+Vgl7VkId1pLK~r_upSqNa{wHaj)YL| zzzM(M(o}qP9L3n?j3X}+c?HWpH4J^S1#v$7NJnIukQ2h+-m->p2^wi&2(YHZB0*4V z=8S>MtTF(D0?EK>+lGKrN|f5{YM_B{JvP74$H3?<7CdOttTvg zdT>nYoG=lQ;#TV`+Q+^b&%qZ>hBBdA`wf~Y#2v`c&wQYbq(YQ=9s)EUNLXln%xZ!e zC~Hj)|3_(I<(VgU*dSDLiCTCu2o#wD(g=gp&>r!WxS&PNGNdVo1WIC=UA~mwQ9mV+ zL^G=O61Y@({A0avP&nWQg57_~K_7^#@S_Y+5zmo*pO|?Z%Qs1&O9StgmJ7JUu28;( zS(mxqZ6X)Oy$c`z5>_M;kNFdD}(3fCC&f!RxTV#E7gbx;FP z6#Xy;7Iju~zsjNcspf;*W5pO0Z^n~qWolk*puebxe*^|A7|-mEG&3Qr7lOX zux#^%Wysy;IUAzS^7MX$qQaeLHi9f6&bYlMhX1nD&||%ox*|(=fO@ib zkC<0hlpIf77a=NP8+PZqAF<($fM5>x)X0&JK<92o!!c>**Qc0v8Une-&YrCXjfM)H zAx=iFSA0kuDq7*~qxtc^#jq7V_r%g@ecEZp!m>R}N|SNJB^4w*>(xL={HwjBzeoe# zDQ-wW-;dgRn#4)bBke-K(~rCfYPJyHNjxC)qi3$w(={pZs$bZ2xvnSe(^&k%BY$Cc ziWV;LhmIvV>h0+R*l?$rzrRNB6BN%p$9*AKZ2jA*@SIhACV9@SaoXZM?e%eMcd*^B z&EPwd$+{b;sQEbQeXzQXP%W!I{K=z%##>4qVCpb=iU3!fD)yq8KkKoNA{$rLIgxs4 z@1M1Z6VejDuk_-67_Q<_Be(bm5hp@>h9pT}-61O7)dYu>?bdqiKQ7vrl5V={^tt96 zccg~2?bdGZk7+WI+cqa+xtZx7wmix_@~z+baPfrqpoZ(=nCMe28DN!}I}>4=7lxV8 zm<_@S)glA01SK$YMQx(zv7IwD?2yt0B_ggp(Ai}+?a7a6pJJB{KGP9=ahNf$8 z{Ppp;-HYgV1hxM92hjAyTivgHf$nD$wb^gjT_+5`3Z6!Fl{ci#{|JEesLo%}C!*FH z4Yq5G$V3gC_iq^%fkCVj$TC=nXAWNxA%%apw^Oa9g1nOOr@As21X8uKYeGlIZ5IZ| zCX+qc7GDpOV3Tbza8+T+>f66ZguyQG=My6FOp$nj7&|?!6ap{X$#*(SoU)N9=EvjX zF%$Vla8D=_vke(9Gwa9(fy`!hNcwV1MDjw0-9H`p2Hp9iTYl~{r}#)#;>~MpK-cLE z9V{pzp4}`nL-M$kJ>)0F9|BDWBpEFQh*q%UTinV`Q36^yb9VNaFfgL9@gNNqh>n)c-RVPAbC>=i7JnE^a9594`dX-x{Cy$)_r>zx z7o5c6WvW>VvLxb#+s=%kSQz-v&SCYj0-m&fIoVE(p>&KtZpKkf34&TE{90^IeeV8V zKm*=w9g6r$vIism?>_rKC))od0Oc>A-9+E;%eMXBP5k2f?{j$nA&%d`@vAat==6_} zK;*Aq5ir)b`75sOt-iCs}#;2Rx=^$6}3losWKej@U!K8=mq z#g@T8^aG`w1!D$FT@y-MO9K*>^Yzkt8g3_9G&+ja&wm?~74|y;nB*vPh8|qGv02uT zH3ZO7_ICRBS%gzSv;9{ok9I)(Mo$$$pv?57@@0SujSu1Wd^=^~9PQ)%-6)Utjr{g5 zh=3$wP;F~lo{ZiA@jL10dgcwJY*vIGuw{| zK&@O0bB&ndaj-8HXTyU?4+Lh2xbRwnlu*h}6Ys*ANm9ccpzfMMIZCf*6`_+ijQ!T3 z2KP%U9}_^O=3r-@8`~3Ehb>~OWEb6&DvB__mVFW(9Ch`AOJh|au1;~@BBQq&R|4x5 zz}mu!3d?w!f2y(6cUU<7g+(7~op5?7IslWLMa*$Unpl04$$x~#Q5djSYnn0q1;A-9mamLHkp4E2d&hQtKB2H zsCdi6p?P_cs18oJ4hFauEbb{CHX%6_(}S^$yD3bp*Xx@T52w(jb977yhqgz2$C|#e zHAW2x+n};EWZJ6!p*S0q)1yAD*#N|ZWx-`}4nza%m+Z&}t^tJOw^r0MGz8{%wjTn7 zA*nrxI#ZDsJ3nIBBtOJdVL(MoFg5Hif=0M zqh~f<8E$qmE!SCcB#J0EM|Y6bimb;-Qjg4FjTJ6dqKU{)G2@#&-t69O8a7W)1TRck zi;_X6QEVdCuTaO-aQNMRt6iatH8G(c)uW!q7c*i3R1}e&xQ{IY$xnyWFszu?1(MBS zB`pF1Llyd>`Y_fL&4v##6KmbVz5SLnx9gD*mrO)J(S@b5R*0;e@|vD|K6ATGCA$_~ z4f(#HRE+2=q|pbfhrWk)Zxj&8J}MV!92T+0Ry^xX1DU~scyHx>L968n)wupL|SVLHJNC6Q*$=PeMnyCN3dB@4fAWt!sOjpwf;OX?JA> z-{S^Mli}uAT=a=YKhW-xn-)j~w_=vu6H=HkANDByi6U1{!-_uXuZa^m^{rX(=0vsM zUc@t8AT4f&O^s4#DE38WPqP6MR8Utvxh8Ew>DfpnK#k3N+2X2ka}J)y;emn?w$8)yp6FmTm|11EEK z$9I997_H-7*|%LIn<}?-`fTqE8(uQ5srOVqCb=~CPv|0tOn7*o?y*dhmKLBRB^W`a zNP$yqkzH@s){HUZTkpgRCP>}=>rrkP>Rif26#0PeJL$%eTec1v9MF$wmoDfx;7{Tt zl-=WW?gZUi1c@tIhTkdauyCY*P?0s~eRdt(Mr$8B!UTT*sUSqYhA@F@pvLVD18Qdo zi2wzPF_dpyKd!1M!Q^kn@)*`h4sVxIA1naln$!Z33;rz^_FKC3D~AJ3x7E`&3k;dD)pV-O7_QbX|v2Av2TQiy1w$ZU|+qRvF?c`>kea@|WZtdFVR^9IEuJ==a z=z8mU*INJe{GLWg$9qC>*^1ID{kQ0s_7OHCCultgr>%Zol=ei&y`1ww&r)%hB8jP zDU!JM%-q~?9+hL9W{Ry7Nbrh-3M!00DqK|t;Hs%6`SKk$>L0?`v+ zkxOVVaD`~2XD+NNxkD_N@k@gk8UG-ycGlI?v(*8^yZq;QMJB%JeVG!Px3s<`8Vsy7 zq3vzp+_oSm0z@hi(?Ti#j4pOP4juOCw$=pu54Uu{0snUomi#%(Fc#L zVHM^J1!e}|exS-^Uc|Cgl05UdrCT2AHjF~|K-ZD`Yc(e_!jHPQt=UcIm78aF5ldN=bE zNsALEhxm7~5A=!MgH;h~hK|~>nwCQMqD%*#bTJ1oxckB{(~AYs4{|c0<3md~;FNB= z6?jw2Q)?ObR`MqrJ?=o3T(%chcKO2-ukh0y!8q=~MrM9R5?00GG)hjdm3eXgAMY+U%>6 zR`I~I(n#!D7ms$GepJ70b)&QGp74gW$7I-ta(D1VWVn7uf2dV|_KxFx#mF*487sE& zi|(p2NN_23;ZaD5scfO0 zm125S-$EK@bLN4pjA+#PCll7RW({u;5`u$f8EAl1W^N20NXb|>%pdbI8lCeN3+h_V z4FPo+iQMIc2V9&=gBsEp32f;qa*tG`Aq(atLEPt%NAyJD{{?;PZW?jz1eB97FmaP$ zFMl@W0t*}vMcO-na@gWWjTkKZfPX2T52#5sOwybHO|Ox7QhWYD`p3X-Z$BFd5C833 z8Sekt$Nb*|JJJ7##>3Xu&iOyq-ktuBrbEWU=_?Av#PPonU%iN2RKb$BLW^3uniKLL79hxT=cX1-v~4Ew7~cb_pDrRkKqikPs$k`U9k2$m zeQrjueQpP^-@!6w%!ZsAskEiXqE{s!)}~s%f*LPYylj2nj@E*|MeXH7|NX9{z%cV$ z%#UCRH~Lh$l?gByX@$Ahy4S4QVc8-_=35vuTA*X}QhPFm`h$%varcXm?(J`Vai+p zN33w|(|LCdZP1{|Y1UhDbk-)S_Yv3Xfdj=QzsKgYJ)Lydae|v06zMWqHCedTiB|rb zaJ-wqO(0#8u;|z)`mjP-6Y9fF_&9=yX(h)X+1~y$=cC_#@X9=~_n) zq1~OA{F*x2jgEz&pib71$IC`zl19S3sGr`|>N=SLp(OC9q2NI*ABvZ{&Y@!M>yL-m z+xI}ssb8|YE(8{t`qtM9(fzo*XufD^6~Sat)v8p*&#}(4P5ANi+{SR|bzFz>C>`Uq zhswLqyweo1cN9yoxPD>25Mb*zMc}S{JInKO&etyq*n7dtnPE?c$5r^+k&wfCkGQW&blfqytGWchl3fXtEOCk z>NtzG=_+SD{#F#}fR4Fza__laT${i?jL*IQ)s1lvE=$&F@oe~Aqt(3}2GUnwr3iy> zs(z8f7P?bGKKfMV$;3m4aZ)C#T|%mXpxnT^$`# znP8xu5KjJKP4E{M1#Y#Jfu|gZHXR-fiK*mjJ@z$=c@zp)0vAH&JD% zdL!&00x5L?rm1|JyW{oqeobg?_SiYgk)~ca)paS=?O+4{^QTq z70(Ib6Y8(n4?3cs8Vp(@MavSclGdm^l5U{{4k@futPW|c4D=z2O1jIvWSJ-&{jzC< zf5eYU6VZO6-@6k<8T@9>-xJ-U_9?1)jQE))JjPqUz$f;BYhs)_TwD~$6^g9`F~{cF zd8%Ex19^f`yRgHzes-Q$nA2sBivEnjPsAUNXyw6tNo6BZgivw7mZNA}?Y0Q5%*mm)1AB*2%A~E-k)fHQb+A>Bh7>T|7=0H_H4;B4lw& zcADaQJUjB$*W-FQ^ZjO4EUv3yk7b`WEJ#j#Nisz)ui7@WrL|DKLt>|#62moi^cXnx zgHuXM-Ix?^1yYCH(E!C1>Q9AgmYlqDdQ+)|leFqE?)tvfjaq|yTCd+WP}S-ELvR`O z0pcweVsVbQtAHsermY;X;xDchZ|2Q;wx{t4X8^1$`Uu-}vNVN-iTF1HS{YN#&a7f4f zN78SsL(AHoAv?} zFhxnUGTr*hI4rZ#96_IKD_H*V@DXed%!9~od_=SLqh@pnw90Q zw~@M;8PRZI18Zo$SHNHqiDS z(;z2=6+g1JgxprrvqYSI+uzO8e@8lS8c2>)Grnuu+deghv-kpWB5QRM8eqPw{+&9w zGbnVd$1#Ip(i9zVLnKFTAs)(RB~zX#XvDfmr>m&1P4U(&`1bDEJE5;M^I1X91y$5z zWC)hVXZ%T@KeceW%f{O%sOb(CwYRpnjkg53rCN<22kk+~ zoaxQ7SZ0^l186HXzlflObZmFON@Z0VycAq`PxtV+IJS|3#6m0YQJeMf- zc?K9FBZ>y3m;!IwWUTu(GQh>CD8?moDM!krq4?9Wwp~#l4T1;a%!8QdS0LFnoK$1q zh@iH5J0LGuu5HeKL`Wh{rmaSAF}H>FoY6w2XY)hib1CX?TF+*EP zrc=}}w{exjWiHh2wvl%R6Euo<5k#qH6~plLc^oN35%5)Cbq991FZT0$XW!my*lNJz z%x?|!EExj?@?k^<$z7Jo?Y}W#J^6(ahRI9oH;{dgA$9#8xxukbh6;7fT;#tQ-p0F| z4=b(IoU*Ws>q|SbK@-s6KaY1U&Uq+v!RC7Yjy7+TBoclE|Mo-kI=@n!S;vkMD)_23 z^lO5%C`5`Fs*o}MXxu~={1zChzpGyE8HdQul>Mb1zH4d59MwM^{kKxwl^y;6nA5d% z0wgz-@Jo!VJ`;F%Dtf}3b6M`Tbo$?Is|&Q2Pj3IpyHc(rRU7l3Y^s ze#5a?F})!OqX)GH-~T4N`%ABQcna?vgUC2yCnS5LC)KOSP2=e%$wNR!vX;a|h4VD+ zcUR<{X}+xA?@lXawQP#^ow#$w@*Jd|9!TVCNj0N&i1%zjZDWCq=>T7Qx{%C$}(DzB-)RrV5ISNY@w0w$m!s_7t5^kuy&7~p@C#xkA zUcsySU~P_UCzcZ1n-=sZKA)40>4aBnRD=zpBdeO@h8G~qtf+s6@nb5` z&%$HmZ^3Y%W+sJFdcU6AVNRGSR=wYevj1n zd5mhg>Y%n_uqeFwxdC#BgC1Ge=EzVxxO$FTv_RRvd9vlgwCyIbFo+do_lC{)^(zI^ zz|IkKm@6iefdg_~A^n=0c?f38X_Ptl3+nhzDfPOl7z!=^$x4R3mAcNm#6mSO{?CRH zE-ff=dkoa%))$WO%DphUg1XmH*_pde=5pm=mSZb&8z64VZgpel^NCYZKXoprgCGSn zbUXp4FDj()OfF{?|m z0(0h1R|s_!w6e?Y9N0m#&je}a65ft~7K!=7?G1o=bW6WOSe@io7C1CFk7aJ+U)($& z)+gmTXFN&2qx)$gQM4qy{Bs&8NKUOP{g`@ZL;P6a>xlXMc72TFq0-p7RRCpt>foSV z1dch6lv+=N++gNpIln>9mjUWRZ7=j*EV+d|pZH#EwZ?lB;g1W#pCh2Nws^3WGJL9i z>=2(76G=W~!x}J9dmc~Dmq?_|?=w0O>(6I1>lQzdXq#v~Z#28vAIY0OXFG2-TSvt% zRrmGimY>3|-zqpd5%kQL+`%kwtLNm|jmglD`->RwYcPv+;MucdVVh*5&wP?|=8+** z(>=F9V5Le7@*FEEfDz-}!gnH-=DSd^WZXKOCMV`cM6i<==4&~7s-!Z3uceq+=sYQe z{Jvhmag2G^#PgbstX}k}eUc3y-DBVLY6WB2)LNaq$$HXsmmR?C0gC;Zz+qC`^%Dc1 z{lx9g3lS_WJ5v`h(j4r%VD@TxIvBlK$bs;(*A46ulnx9LNWC*7CRsy)Q6|p6Ou18U z;ZIPc1I7qhz+N>YSeG<{2Z&y#7Qor7he!NX85O;p-I9HQ@-ZOuSA43+1YN{X)bLsG zstf1ug@b(G>K+j6W%fwiCnMgL#YCKz^5>77ht#^iSMBiS70m9AjbyrOkrcltC28AD zHmOx}$b8}f2HA7rQcxclE0#p`T$t<`I}2jdk^+rS-BQR8m{p^u6UwNxx{51n94<6n z#^DmJN&$I6qQot)i=4Y#%Q?|0o(C!|))v&+V_;{oixSG{)Ro#SE3-$9PD%&#l0Nq| zi5`B8If5;+?G<7Oeju(eCM?_FfbLL#CL&V=21SZg%km6qf-43%XZkzao5tIo{hevJ zpVLxud5P)7GbAT>>9d)XOZPmw?!Pz3p;S^!M$y&(h~j5ODor|c)Xrks&IM);5h5ad zuu?hFrgVGx7)<-YJ%p zT0oXW$C+Y6wnM7C0Hu@X?07vgr#f^+xp9=3sMOAtelI-O z-mmkA3h|`PwRgG4b}v;hyURo&Q(~V8Q*O9!c~)P`zMZ=e3aeMFa<8Tki`Z3EkmWN9}q*3jl8NYEM{!i%KY1!Q14L3I>%xNjItFV!S%GfRJ$9zkA4 zPq4D7LwWmmxIl5~!+y;WQ|rVf!}ouKnprDQ*IXVL8m|N6ZR7yJyVT_NI$SPj<;tA_ zsCV`Q{dMSI&haZRUC`2-v zRX^5pc0Gy_nowu!2m;&2B^~C7<(P;TdJ=jt2QhVPJmL2oC&Tw)Ord4?jT-9k-%)!|^MbdxYfG$_u7>#1ZB$ zNy>{Qg|XOWauc$w8MAL|Misq~^)Xo$PK^rJy@Cc`jgIVU_;z#PY8~*`8rgsoI<9C% zQAfuN=EI_KiB}6}zU0hOJx+`ErCE~s8ajsAGK`7qc=(ds%7y}x`G-4_GR%)<6gK1@fn9!Z`%r00NNw z)~%2rBfs#f$pWOf#1iLIuR>0>NHaWAaky8ad!`dg%mc}hf)Doj$b6SUb8ml2<3nf4 zeClv2I5DaO>Wku8?tEhha0%ie?J9=40HZ9ObT%Up0i>?AKv8gK3(rso^VHQq6){Sb zKvGq(uMY~LX%N}wV;+D*QkEISP$TqiDYq^VQa_sUgV!-DKO6_eyLZ7`33OaqETp3I zrSu##>jmAGFuReHatf1fU#_TisXaco$-Tg*=~szAz3TAwva&NqVm~8zw)268WDw*7ix9J<>H?1KyD`%QPT-n*k*cDwG;8(#r6vomRbbiYmh{NjmpQBFYI z=IcKlZa2F4_?VY|JLc`?%RoRuFK;GsYO!1KpoZBj-VEnCo&KqVly%t?{HWtnPn5ux{%Q1&ciDqpT}1~AK@ z&G)YXjU=izIgW_WWuX?XuoGo^#YPsoNnyNa_Cq}ROma_)zpT}iY<)eAfiKH~c2a1U4% z3GXo{2oe`LpeY|`BWlHcdFHn`zSR}}P@wyG4YGWAcD`Z8@LQXptUAlG(?mZkn{wu4 zr6d2O;zDVVk0A|tspemJEbpM}zcPi*zvb&?CKR2R{!C$+wv3AsxX#9xCM|JaGxAv* zdBnMvK6^LH+)X1k{FXOY0LjdqRJ$L}<4P!c95#*mkiFb7^zAI11ZX*?lx?XWl?F1V zVj@|3%N_Q!H%QQ#cCAmoA$zBe2O36BZPzuGKptkrbJ^!|N0*Em@YB{!_UNP-X8L=? z6eX34J?xzg*dQ@fm{_*B+uK$s&~OFV!->1Q1#1m_E4uNZ{U|?7a#>xNnY&4my-uSX z;4NFc8SOH39#NEGQ!vPx7MwwjU{hEPMz+VHWM>@jmhlHh0-UgNqRHaWc`7llKfhuO zzTx$VLM9zuT{csePB96SA`uKo2m;6-@g8!!b(ump})aa|FzCp6ua&&h%5W=Hc z@&#gcC0BhK5{`acK(u=yeQ2zNfA0MGd)ekNM&RAu5#7)5HWpQNT)$W5FFYVWKXxZon=6I7kdT*lJs5J|8ly)t{UDqiRuBw1ubh!CyIWXOO%@)YO8 zD)n0~My^6sWzdOI=U|w@TIYZ^2Nl=r_y>Vv86G;X0bsjE8Bw9699u85C7N2jh2>Fc z;nwyDr2TaAIJe}i?+WiV1?h`41!(>z`nCb)q3ME^wNsv({Jz33V^md-@jCP8$bn3+ zTkS2zXIXkV$bUJCaL3^-#b>$9J&AA0$sPY!_Y~G8!xe~c6w);$|4`L(^t;*-lXgt_ zn5I923PIA)qPdlJ{k?nry>2oX_TsWedmsBMZ7QOP=vlC~VQPW4 zVMW-Ki;BmJDcvhmzEhc|a6i4A$itC_)pm8RmOT3e35&79Gx9!`$_q?wqCABu<_^wt z9R|&_Qh9O&^s*|IXWcK)AR|vxfGJ=QZ28a?!&EMD`G%RfjcXFOgEe!3MjEHciBub> zt~qvZ(lcms-4B%pwzx6*FQ-6`mRk}}Tk@n!&gw!W)kVfTkHY@sqBdds9ZIN#BttvXW0a@+{hJIM$wo#d3!Cp2CVZdV`HTbA;C zlVXrSZNX=N<`aw8T30oDyMN>v4f~$1PT;4hW=C+kCd%V=Yw(p{(xHj>6WjPy_prXS4;-!vRHP81vSa2=*>4R>S5f0(y6eRP?OokO zTbI&sBV+R&-3d?>Y`w7Zd|D>-AKWBzrMb}@Oby!Ke+{5|Mp3|{8*=o4Y>RaBwMUHk%uTl&5e~mHO-NyxfqCtb^eWp)7wV>WL7&Ofz@el_-I9}yPUSN zP75uDxP@a_W7PBUw0B0g6#VEmv)V^J7aTAlQuB=`9V;rx2>)Og6estYOARXIUNNd- zsVBqv)X^pI+_QE&Wy0@X6-G0>dYONFu3gQTHx+E5z-PY3k^!QBO66gcP82E7`4+`O z@6a_&xmiicy-4BAc&;o$iB~QT4rjz=*XACEUXTX zJ+L)BSh7|#{mtJ;Z+ghqyclKY5%JS`gI2zh9aD9=;SdTvR>{eMOg*s`)OWM;cczjp zVcZDw=|-(4qS z)wRK!VTfOZ{Aanp zHvM-l$|(zfxjc3Zo9Mf3wO{bp2}Cs7FQWvG?K@gyeaaQIr1S%~OWwS=7iz_`raE&F zwNGf*CC&D1xuK9|T4W|kyrVJdc4>Rkoe4H~ny)!N-eYiP#K$COU`KP<5=2iagXyOY z`QrCR(o?#rrqmh_T-=xGgXM`%5WE~Z6r-u5t!-PB0Y`Zd?R&XWr92c zoSb=cZ%;ZhYMox8IWHMTC&qX{G2N{A19v|OPwi|rtCkPXYbJQIW$CJT2Wti7>aCH= z?jh-?(u`<%1WKcxTV+T#!s^bD%fnDxFd7rC(L-k<&U$_BV6^YebS}fi&a<;lQf$$1 z0#lI`{CM)GQ>Y=@)F@i!SA@k~N$c{swd-kl@(k=Oe4xw-1gUV}0_A-e9KjJrVQyFPUenMF7Vq9qYyBK{AuLw@Z9ox^s)GxC(5QS?a5}&=jF; zSN{IS+*{}w%v}(g5}n_1Zhl$FH4t>+%pF*zUXa3-RVTW~xsXO5=vXzVR7sl3m}pgm542(B$bvyg5Y=@OVw# z7A?FiB+%1w$IUaDy(8)A4}62e+rO`xNuR;uL`1TXG^_Cxs3f!bG0YM7HF!{$wuP?+ z3Ze;#4yd?#0{|ZslnK=I(i;Rm^emEl0HaX`Q@8hW>cj+{&-3FYr;PZsG2vcy z>#rznzTYhK!f$QTE@k4|AHV*wsq{Cb3H*%U+qYJ!e|Naf|34qD|Eu*RQCAb&{{+ec zRdtn7&Cq<+Kvx1VHF}$N&1xW3NCp_d1HQAjwvw~rP8YN3?*7Rou93`HUGz0C>K%YceD+x zT+-+m@@rvc+m481QxXY!QG3=DS1cKiI$ffj_%2(9!&zQxl}cuwGQspxrXkxm2!1~? zR;ur6+-Xu~MpS%hi|855TlL4y<)yIT#tS)FDfgD6_I1Bw02LUcgUTatE8&afRPhy{ zHq0w}*%7IVV{t34elg?h(jJR4VrKW6*q3O>yUoBNjEI!1hP(QRN9emz_v~1S(-QXt z<`FJFbXnXH5m$1q?Cpg$2v-T!Pt!?>{&-E&*p3`+wYzcCmQ2vL0{bI1fFu8Vtz&ez zUdh>VX@vNZ>|_@yWA~ajpu7>leplHIl6syRS(wivX1FMkLChnz8j?16kY=i25K<)3 zmnp53`T`mZj_CBBy6bkACfyDkT)!aJep}N2 z-W(zgn?`;!;C)~J=i;i2Cb9f_Zq?4|epBpm=$=cVdEr z`FMACii3yv@NVsU`>2r2c<0G1*A6l%jw1J)!eGyhBA5ApK4Ur~e_|hH?Y#*b!Y-by z^tYTBG+l)j3540;Ap|Al7D@02liaU09^1_*&#N>?%5%wc#AVg?LgO5RJq05^2=u(= ze`;I|nay(Zn@!-;QQD=N^#?{re&)D*LXypG=k<&}={!})m|?XzNOFVQSVY0!l^+N&2Lx;GL=s$PpLXK#wf-& zLSG5esTB(WKI0e-X|>s!a&U}m6KAa$#*NXb`D`p}Q`VBG z*-BvikhFXuEo>yJAw#2FT~&;=6)m1Y+wUfxPvG+{(xt`m2n26zxcI^Ha+kkUh~oK zi5p*kU%H0(c=IFqC=kBKr1}`d9|&%ff<{WO04CBAN@(HcN>KfD?^mJ+?@UGtxmHx`U2nY2`H2xU@)8t5(o+6vcfM~V^*XjKg8m&pQyf`Vyly^Bhz1QuM(E? zspF|*8A7)udd_850$x&0uLiHlmZMGG_m4+;0kD)oIdD2?3+PjGQC#6AdV%eriOjf~ zv@LYg?rC-tE;Yu!?_m^p4!C{65RjdTf83rdI-v6zLouLXRSwpf(MeM@ zvb9ez-a~e(w#B$elZ{ca6`UqI&y1ey;xEm}H(ZG_su%8i?X9pJqsdV?&Yt3O+wNk( zjE|*mM3ReL^Fy+&FJ6P}!q>b|!E-xI5XNC;;{lpCh-T6x1`j*Ya)?J59U-GfmFuNU z-STH@yt*wP@LSO1}8Qb!JlAN?RvCSW_%MVx(GzV;lMSy&2=%A#pn?$JwxMQnag#5Y?eE9cfa z4l#puBt^|J{s+G>iPLf(MVvECmz^%JU;==6UALBzC*pdG(fVnP1f<6_L` zL+eZP{`c!&MnC*_pS0{35co^XoapTx?d(k)oh?k9BGmxVt76~ZC#$eFd?X9P8DzVF zKTDBhgvYRr)A!^`12F2k*#}Q6myU8MKRfJPBZ*}N?wnD2+gNT*H`C2*p_=@)d$(i` zYReCj%E`TA(9}qV#7o^8(Zyy(I1bb_fYP3*h4D=RRkJbl!04r*D4a(}U9Eif$N~S} zqaQUKN(3err@xh`bU)m)WW|xsRc6SROIM*lh0D%Bnp9*f*t0Eybqw27b#&1Rq|3PXynY7#d*xilZ6#+KR&)+Ed?I-J~VWjw-YoJRdcwla^tt`PD1IO|>)QAL| zT_r9n?P9CVMiCd)2rnm8J)!20LQFJ=TL;@eY!iAiI4Dri z1rH3tiUZA4#fFmRKp5*Gl^Gu0_&fQ_cGAkn)+fKuyxv2|$T`bw1W?J&;d(;PS$K+< zSv**Dj+>*COJbSLQ35@F=6mpFna+7c*rCGiVG_O$u@Y>>_RlNG`If*pfwqSYQ8!^) zWCE(KJsbZ@9a4Mn6*Y^hR-rzp4ZBhC`)}`! z0uTpJM|d@-F#9y-6j%L&{y;n(C35BGsB&k;icxim=x_akgPeP!%8(s8b-ttWgkKsn zX2&}zT;|3{*Rn2wtPt;Mf>MmjkwOXFvv||SWDaN)f>K8%lQdEom)LRj3)k!Q?=kPp zh+JB3y9bZgVK|gb>YydTnFSuofj9soC*%?fl<wN&5_rD~ekSMJ zuv7)Tkk*gkD=FlnW9mx6-J((C=7M<`=|M}?hiceFLp z0*n_5$%~YWBZ>*BR>#D81}>(*>n$>ZR$HqG#3EjX?97&-d=I*w zRJ@qay6+clKu!I%=spPQsjNS+S$CFEVzCzwvqsf9L^WmuRJFL|`u^O>5UAkf$)hnC zy<>>XKTaY(lE(GCq_LsG1Mqo2!By?mczM~uJ+S4hkFAa@y^%hpLNa%bX=##U|B(`s zv(M2H%?61^NNr%H;qrYlK8$)v9LbXRz#y?K4S(y>*OyAepY_3 zo|<~w-^aLBFdjGM$213>xykJfNV(i9n8DWAMJc_eRw`?srDtEHvMxS%xgo2jBZ82% zJz`N?O+Zaqw)ou}Xa4*p_0wVt%DYvy)l|je0wTknDhhq&Sss-(DRr7Y5BwfgyzNR zb{$K^y*WnV36K%~Ru#?iG@fzyMyaI?LMOQ(!wH4nEH!>BdXtO@Y&w0LA5ElH{@NXyV)&4htrs4|9XEyw1>-^ig=2Ajj^F zcenjYQ3Ci7(D;2Y%U5?Kl7|ZyuZvQ)%8p;p`xhSk$A8p^DRJa%J6{4?@o$MrB41K! z=V-pAs1*OVKTBEGZcgyKPdcXq$~rqj zVBtYoy{+UoKo5+NHb@B#Nd`EXBIlig4f|Su&vN29_>*V`2n=z+3)qulh$aULriw^S zJJ0RlUK7i!>#w&rS5N~eH#iC63SpKQp`;zacSJhh@c{{~-HllE5&OTe7WfXxP&-~$ zpY#0j>u&3mNuBVrUexa?#5@O^B4Y47iGTf^^s0K12=Hw=DH3VY;Gqx8U)(hzyeNpGj z4V4{3SI2LBG{{nr^oF5ANWFfiPSM1=C5tXPrW*LSR871WNEN2jsUb6+G#!5UK|;l0 z)VLaoq7!asu2Z&zi>nXHr4mEvLA#gw+V3@J^HR3j?v)RCP38`X99YKoTN!ee;5{8$*o-4Kg8>@85Cz z*~1zZ8`CGq$^$l_D&k;n{xYFn!SW`XGYDLxuNDrUI9(Xy}nE= z8BS9k|7ceP^xtl9e>*i}3Ztf>i>QdqkW4!)X|UY=0UX^2p6Ob6g3|3J*?6FWPJsD` z+n9@{|49kcRe&JJkSfsutnbA+-ibgipPbZ0KYYil+)d1OQ89T^rT9=)@=!4vR#y zUtx#z3}qbFGfZ#;iMF{QHbC2&6jG_NfN_5a{M;unW+&0{#~$uZV3GUy@2HoncE2IQ zMs)N7!&l;t;wA&$Y`!wfJx*kkq(S+>{7-Or_KVQ&VD6S^u^P|agUq;GC98~ygXsHJ z@x;0Wd2IC7(U7t5C6)qGan=V{Y76ZwfQHldB0Y-eLySa>AME!;)kDLoODqS5GY+Xy zJYWqVOCXt+;F5GzAUGvGq7cHMK0G$tML%2H7(@1`QLvDgMW;*GV9oDWirwUTVEjng z45eqUMk~ubnNj78rX5BFLJ6Vq%EH?mz-`96Ezk*f;o;aj7-^~n#6VkQEQgc_v^m>}nbBbT2@8OJuUCooaQLI(Jr$zsSFO&e&53MmG-4#fB)#piEt_8e%;!TCn4b zezg-0KDObVhul_bQOF$B2*3O-#wk-&9k881#jOHl%v=&(Iw#I?;r)l?O=UacY`<_Z~$SrM3$Pm(O+|AV#A^L7Y)DEjX{WX%r z)$Gc50J}BKxMi)V0Z{vE)&_kmf zL&l9RVow+~!EVYusHHcZ>$~#yk~W_jd{=e9tLmxS9-??%g=5{X!3dkj=m+lisK0xr zxi>_iCK=3AuMr1OGoQ1L1lOd-lKP2cc6u)q!vYgd?8$#Z$cko&aNF_NIzz!Luezo# z%e*N?C2oEC?b28>^S80^Jt1r4@?dV?8o|f=nn$Z}U=2W)IDP%2uO*9V31Z7)9`~sd zb`a{L-+pgD+899jZT7(OWrt*WMpYXBK;CKQz~<}pbBm|zh!yy*N%%MNA?}Q~-tRHX zf9tVpNJEtvO_J4#T|+g$cM1!mc+OG}>F1qMiU?HK5H!doFFXLPPvYh;Pc*VlH;kAA z3deAV|J*PN9;#W*AEx#EdAGCAXsUyut^llisMsDCEdnxXj_TpzcyG9k{-XZBh;%_^ zG$DH!{Cj`-&Z^2$vSD5MU2wCZnt5{dba0#6_`R~FQ4mM$|j z(8k+^^D?QMM}+DX)Gm5JrGF2Zxz7=49IeRa4$RR}1E^Cspd*&Z-Dvr2M5%c?K@7lk z{Il2k#Vq;C_BEP&{I~W)q5oN={}Uedm9zH+lX5ZoN0ynWyOD|gKQ8{M(TVZ8@~A>+ zL0iJo>eT4w5ZCclmSY&p?q*8cKc~U#c13eTJpqMd)w=5!aqog}ntHM3caylk;+e8m zY^fJ9h-F<(B zyuQ2GuLR;1k2l*ZC1la0LyyocE<;Xvvb~-Q?L_xLcwxX;tH%$yfF0N=_J>u!Poa7p zO?}%^lFAa;LFhzjzgDg#)k#i3BR6>Y4kY0ElNTXAU_>B7y@J$2)B{aH1%s@2?iM4G z(w>*+oIDC|$=+w}Fa~f#?f;@(mz{{lB3t~3jyk&CUsK>fSw4)!j}v*}G4|L?8A8W) z;Ix-z+(Nou2>+A+^3odh7$P@jI1rO95O-|m(y3>PgF-7XX5$9w2cXxPw*}Wti+Nc& zp7?)J_Kwk&wcECEC6%ON+qP}n&Wdf@w#|xFvF(a&+qP5Dmv`@TzH{H*?%n5{A8Y=6 zTAO3dF`j|mM@N>~GKkT`%$d_;wcsMqFZcwmQZ&qpI|*XV^Gdheza{Fu?^z>?(jbIw zrQMUP|9Y3l4~gwIfOrcNcVdk<$uEM~m^j;Kd%cmPn2gh2kv$D1aO!Q+ZWF)qK4_a8 z&aqzz>xa!^r?Dej?bs^u`%Jcw)+U zBmSTv>ny1<>N41elmfAwrU_nX9Sz_%566p19ErG87iZD^g1uTM7_&UF4P5~0(>CtW zFvxRN@<1)h7NKaA=UR{rDe&kmegB85-~P8SFvYJd!{O^A{(mbOaQzQHVDm3617jKE zFEKtNVRJ`2eW$Oi_&*kjcB*MQDyblUxHztub0jI6?Z^)V_?eqw0<{)tY1#zq#HGB7 z$j#0@@_Wd#%RrWtkVmlTU}weeOrYtUMWqOsqU$DM_#(jJ`@Ci{7pC%$2F^*;J*`^$ zT2|Utc0OM6eSUnv_sFhS37`NY3cwHqfu7Q0?uil_F876Z&5JN)A%S1jSWz`g;lo>V z5Fj7`jwlWsRY~Jr&Yd=$Ww=t0sbS$T42gI|SzA2ePcwoMOe%RDZ>{qH~TUD0qJ^TSprOn$72~)@%7m4k$DjFnubFc zR8{d48G%{rNuy~xsFUQ=&X}8m%DMW><0y?0-+--WQZ7fM8>vtYFc%AwNx?^`rx0$j zfoS=$5D{%Hm;IuFCzz}<9`zP$0l2SF--{!!m6-UZpU1ptRLF|1^y>RjVKi%Ha*KAe zq`72V0gt)Ha8M0h;}!yQOqB7+%ktrWm~|{`zH^bdm@h~30MAHX)WV)vAXrH2xi=IQ zj&o&6hnzcxLmcz}>gR=dwddD6(UJs4p!!vVjhi`WF0KvAVGo-pwObQHRHk@lT7Eqq zjc(X^xR5z}F*6;>>z^wFbRl|F@p0j%*2kby;#>suvd(PC-)EnxXGu?Y6b;>Hl~#TV zxNc-G+F_o2W*?F!Qc^tQ6FyQpMIrJ2lQIfv{0A51mBU$ls(wfXU@?b4ylJ?ZGq;l= zM41E8oh5+|9L`vh!gHy`xY2*!q`qMbvnEP=RhPP+zRB+Dlv=;Qt5mz|cn7I}wVTs3 z;+~!vzf)&F9b|Tz{9Bf`}gA_mZ!H6l7y-nuX88rI`|s)_i##y5qa=U4IS){(z0>;TL)7#QA>s>4y@Q^MEdQ zrOvyg+q?(NmMMZQ;5f|F)lx`>9y&+pnB^C5jkKHJ`4ycum|yO#6+arHTs2aD?U(%K z`+|MQJ`n1TGW*7yH2&j7U5Akk;gEgb8%|-@jY!Y&oLBf9Zg|ew`C%dNwd4f`%5*$+ zJdN#RR{-{|JwEOW&d}DR%%fhLQeBBIO1|Lry~ZxSo6QaaW2*(wr@fH0Qt2PvSviu6 z>(xSnyo_iA&KBe|$jY+}znPX)t2F7qBiEwi|)@!J%=~%zjp_ZD;NX z7rF#(VoR!0Jd!+w%dlQje?<}bFxlw3mU9uSz5(g zdtF3Mh?XOMQyd%`iNm>{id+~0;NO9o3Z3^jJ?x;opK--*i12**^m_{4u_O0U6?pr_u#MF?!+wz!#n0ydQ#-2K%#R00ckd^#kr+_jVjy*>Y0CBj>WxLX>q_72;@syY-(N+u^>iA9 z$=8lh5%~Y}I{RPj2sO8Hv9&aI_+KgPG5^1B$NxO;KX-&m{PXyKW^|nz5MIbj-XGbI zX$uzY#0|Lz^uSgHi7cT(>I6}7AmC2&s_;<12Fe%2sViJkH&DbJnQdy2hRhS%WN;43 zWF(Gvi1pY6(XnbaGE!J&=zcXspEcO*5nCs+I%~2u=52X0wI{fUg*~UG&QJ`kBmJiXdQPW^!uTL5=gE^CH6b_ul03%Y6zEB_P<@MhzCE%K*oeop$QD z$yfX?F92!l`GRth!^?&c{fOe&#n`b*_o>3U0P4nesetqgj4z(*f6J~9aGR>(v-L`z9%uD?*XN- zW<-Q{W8yTH5CvxOtbw3rM2a!a0Ps`LF$o*_$+kozEObO1_p|UMpy9}N{f|%E_lV2n zcYkXGe^kZDmlSxeebC@+Sl@2cmwUTP*^0?EqdfqK-VG~zQpyAeWT$$(S=-jAMp%x` zl0@%~5J?f}E(gJ21aM@Q$>kYvB-#vD*$oQK@N!_N7Cc#|m8kBFVg{MMmWdEEg)8e> zx)G<`=rNJlbT>D8rzY9?ial*+XGtE@aII>3@+|kBTnZa^n`e&-FY+cUU=9be`mYe( z2;KD0xE<8gMg7nW=eHb>G_gv>Jc9?Q`+dWLA|G^3I1XCRnsFM8q;;}9o~ec6QzBmk zA`NQ&;{&)sN?8i~Of*RyB!H*6RTTz2+^Caq!;-WsY*NI1u>+Om^( zy}`J2Ivb!LZ1#*J>+hVs$7tjjDKlhelWVqvvod=@6A0fqp`j6HO!|@7xgAN#xs6Ce zAo1zl>y7sOV#r|`&5EPa5M;63PfBmH=v6wKLAc=O7^2uW2oudDih75Nrc~GP#T?@2 z?a`gC6bU`(<1te(nDVt`@$V8BB5_RYXPo5L-BOeMM0$8(hCnQ!PUNoF zv1AcG_hT4BwdrDZkDNPxTs2}7aVMluxJMY?OP)g$fd# z6e8f!gOQdS@Be~A(_AdnH{C;X_JSt^aT=XPXbuRrKAeIgkK%+w8LT}gM9FARLyNq@ z=dIY&_Y&5d$-Z2?xTxe>TYGFiUtL(4DRY?psHE}a^mN~M`f+GB6NfiIXa1ZP6T62L z?9LY}q`}USkn=PVrjK`vJ5X)*tb&u%Uu}Gs672$UKH_)Glg&I^Cfhni%1qn;%PDGi zj=CcMB*u*sDMsuTNhc-HTTv}%;fAA>>a!suA?}YePV62;NQ3w&xG8iIfxkbcrqC9r z>>~<#C;rClc{f2#9zNV4)68?2pd+W=_nXW%W-otpqkw{SVFuYfHkP-Pn61I9={&1Z zFjXjq!+}bijSJ;C?Mgy5<`Lk1DbB8_YVyi43!zg1J^O_Q&$1_XyOc1<3y2GgE1QB% zV;ucb9yKlTFlO=F?()5IbfO+{kz8YswqWN8=94CjJw~D&vg`9oK<82*6!7&fht|BE z#E`MN%S64prRq&<#5Jh6=SeT=`5_0ZnVj+v1frTuveG}CA99*cxcO2i&9 z3wjK?#TMVmGpmm2czl|8AyZxP4hVmME>bf@%MNSAa$t|d4lTeb&Q!j1EQC)FK=m#5?P<{ze1a|An^ z7|~c8M1AkVF(=Q)Sd&>=Xrv7I~T!3K4KnlGUO{cl!<;f+eXoImf}w|F-NRBXmx zDwR*2{IEg59qi+}ao(aOU-pl34TZhz*V!}PCHKVd9iyozrG5-zC{=6(pKhA;^Z$6N*(TQl(tp zAK=s1QD7_fY@r#B3f#UnhKg>#LtYj~IMema6UU^+pg)<$m3h2s>YiaxQ~GNp2=k}e zLoo{DrR`BTd&ggPR#13C9HrB9%~852-`m~HRo!!4`qTJ_p~DjTNdotDsFv@zs7x0rpG`lb%XT(Qew|hOH+^s^EB=TfZ0*n?;IVAT3aC}UsOB^TIuP{ z9CoJNi)FQFli>5sv*-|PK-LKI6Tqqpf`{V3+rZ`j9FQ}3n*ihbr1lSCgoiO;!&&%5 z`#rQnptsIY4sPKGe`o3z+tXoDP{4RTh&g(m3utD+Sk+U`7!;58M zH=Fc~eNujV_yH z0PPyc;riRgPM}lm5BEPpZYX$PdgJ=pZ}gizVqwK%{n%d0d8Z&IH*a9I;?#$p6sVCT zL9LN{Py^P&@(^;q0BV$Er+5=DL29J2WTYuns{RYB&QW&f(3ZqXHajv?wK|b|BZbkF z14*k1g(_lA#8%ja1h*{yQg;hbIhG?y4zi6iaLLVL4`v1D@4RM-*e41esSfRw^4YC+ z2NM!}Tpl?0O4vn1+G5G1Wx;?KQY|SP`rFk?z7-*LPnOI&?w~5F?nVtCkK{sfq5z+z zJ9dr;=cqEdok&AB2jsB{mlcd=6x!F!{wJlVdLL6WXt`JIRQuc66|L=d8PIGwM1@#| z4!Ij%&WQGBow4gCpd2OCRio^byH`D0cF=lE2uR*zp`Q4PK}=2UCzjLr>zqW(V_nw zOC@#c6r&@$-$=_|zfh*}{63NpJyrq)(9x^-C_r>OF? z!tmrMb|X7c-sxl+ot7Kx{xq^MKC<`H&S>kJoSMG76{glLIe#Xxcp5|gqyhxj1NvOQ zXJ;dC{d6>7J33#_tao&roSYanl+onG#}p2nt<0qjehV;3MjMk*wqR06bK=C*=0!Vb zak(MBOtsCilvz1vc)K8XS=4sgr2Ec`*6JPgN2_l0=&=j;I9ew$HgGo7L54nOuL&G^=?POb5St#ZEVjyCplCmw-BI9b-_0du)avM0TPc5 zW3VPP_`_%TC73-)Sct}Da?Ak_%Bg4qdp1o)nUTzlgoeg+u*8NNgQDWXW&Q<@XC~?Z z4wi|~N7nTyWa>5>G^kM?zJSQjOu-K|7?l(e`{}ZiONFBIc!-y(`h$E>#p+-z^na`^18o6GvK(a1>|Wqm110!7I!mK1PHQ z?E5Ua!0`KV2r`vFk`qB!X##s|UR^Q9&#+2kt`LP+2;$XD#$LJ%fWF3s=}JmdjL`v6 zFh?Z4iC#k>D)OTE$yE`su_EXc@{}zI8h_4;h~|z%lB7lX40|tE zt>FB+i4Kb4sj!qjoqI+M>P-tKXgY{|Fs7x@(%wbw@#Tm;grACXKp< z)$#A)E{iF;07Xn9vb|8$Eb=NCl7x;v9yD)4m~SBhs^7CJT|pgk*5MEV)>u-Z1ubGD zt_xU-x$Ko8+R16~Q;8gW^rbzjub<90=aM;Irm74-si!M8MEaA8%j9nFgy8^0ji;X) zL_$dZr=6X^MKM?;8L-lE+Um3QI3>VXVnk;$(%OlbI@VhnN6BoHw;mJiUKhK|>YKDB z+nDahT`n=3Y+E#qjq(T0W7j!)$vY3rV>Ng?2x}-YuU- zHAP^n75cH1**#dx2MsHLl<4F^bI9B{O)sT?0V(WZ2kSy9)e;)Qw{>1=nr8DkGlVDy4& zU%N(jysXTmSoICzx=Cy3l*ULWq?%1^NsXY6VlkbAHzOn&F%D{9)T@?JA>$vUL8-jF zW$`juv4IDy27mkv3krQdDex(oPGGW)oIemKD82p|N+;XAFi#I}f6Qb6P4CJ%dW$`w zBQ`s9*}NsLeB*p-218*{ly?(QVR@sh31oJAQWG6Fd9LobufCS-4t0Nm+M&T2^~0yq z=jy>jgis7wm;LFoIk#J2UsvV1#7zTJlX>lNAJld(-Fd09c`n~cC#cn1E$$wMpE^9H zAdXMKr$P_trFREjh6LicjATt|z`;bXTbOH2389ZdfG|bz@@MXQm}`x<>N{wg!Z7hH zd2Bg4k*Tr>9gMMIbEi<-Sb%d{$PfHeQ#%IJO}vBM2S_b2e_dyJ=4F6a7`r9W(i_I+ zvb}7XbnMi(he$;yZCi&iwVkR}arD?!T@r+m&@w@<{Q3-juBytcl~k)XRE8e>&@gtC zdTk|~eJ={AzGeYc_G#$ST0o}_wb1M`FU4AS)F3WhuglTMRE}lHynq!Q6p;?Q_3e|N zbm`Z))1I?Q;f;MNWMgP;i-PV#v0K7G^+;GF8&+(T3jr5TVlBrH<#rAkqp9*#u5L{{ zTaZf*A`J8pbe$*HihPa1X$+5|C_%I#PaBlBb#xv?G}%WW88H-RX~n}d1LI`UsCAlp ztR zDK4f)N3n-6%IZT-JeZ9gsn6DOz}3<=-u(>~4eytj?@;nHUyDc3%`QS!XCyFo{*d4s z>>l^a6qr?D!{kirT0f(l?xkK3dT;`_NKxDo@VouMFsEeuz&DCD)zkr=butwxePTX| z;Up5lU(L~PLXBtrB=eO1tGifUXkxB!PZGZsdpJ=yt(nLX0+&^4q?<9ADec2}kdjF# zYPJflEwR`TmQ%UP5~Ao6pYyaAZ?>W0B*}CQZ{f7uQIamu^#T_0zE3a6{pIycz{K;( zU*NLAFCEC%X!Q>FfGG?OZ&&REnkd>> z*xMU;lyzB(IDAd5%NpU@Tr6dz2}HrFw%=y+_m!K+v2$y=s!s%aOY~}0sU$6YXfX18u$9UlX0*%j7{%!MLGpc!2FL2Ta+=>q&996l!yjwKp+7UuQy+6YUt!nRNxhZ*jpCN7?D zXwSJ$8X6@Apeh__pf1%h5on&@>ky<*c&fR@FW8MX$7X2mEKM_?$?rD?S0P>}d%t62L~LM0 zzB%vtt!JqMvAmBy4l3si?iHJJpCWrIqU`yM-T=QxOFRRqJcT8*(^t+^>$0dF-#vmi z2r6J~(t?#2DwuXwh|=h|oU?1IP}}kdXMZ&Z;uLF_f$;`L!04SPL%{g0 zo#dllrPy+p*dIGbPFy364;ZW`k4|COocJB<+puh_z>NhYv{ZxRS&@VT`ru$mHKtpz zFjiCRzLHV}78UDsgHpj=3EAW z%88Q+Qp*e(S%>SDz&{hZ%jY%Ls=Vrx}cHR5a`FBFk+HmjsVs@`Tc$ zT}F~IbX;b!J;VIvNoWalMWm!Np4j?k!0`>v^vgC5l0;96dgEwMu1+a?`d`D=H3nfncv3 z9YGc?Cm=_Qlq3i1Cx&KWvKvZN{SvF|-O6t2yp)dU;>9(`4sl(xLeP;pTX7}7l`4nf zcU_xA_UlhVh(O~CBpa8CXSB!ZN=Fwt^sQF3>VwfF!L$b7w}#)a5J9|{XG7o5^}`O~ zAs!9A`oQ;|1=+*8Li=q0vZY65! z81knKxD}$RvNCmpYHj{b{*4b%2eDKQ1pxq2zK}*cg`k4Ey`^2?yz|k(R*tuk&iWnB zf-d)3{dGQ+_w{KxdnM?bgrAQtBNNxrc;d#r^VQm=(M6t<|d4l55vBN=a(gS z{!hn6=4PU$7M@|-qn5qLvJA@=R}A3E%wqJiJ^FL$DvP_OHo=lU7YHt+b77voM?_Ac z%1dJD)V0L2L7qq($>j;V+%4kJs`lRRNAYCt*k%zN`_HqkP1Z7ihLn4ii!Ead$_d?0b@TVnW(Wg zlSAKbDqYR^dteMnon(=Rom}u5Q;1qib_+0KR>y3hUD-!) zE*J^#nzkd(-rBgfna&wx+>jqFKx+9~3E{1H)U@|I6Fl#`7zuVF!f$&APnGfsG8jcH zb&ekR*{tK1z11>tJYV)14<^4vXwSvpn9)T{feIu<_t`1-V5Sgmvuk}ULX9s$2I<6v zWOX4s%5DwRYKy%s27MVqK_~87anlq9P#e&%tOv#8j4xRr-sQ!^6+}CdJt?*eyNI+> zErdi7=zSlEC8oF6qPusi$XSHHS@sR6#d2BYag*%kd{TpOXLST?pcv@Dx^-D3DzqbY zw34seqChtFO6XEkV~xEw4~h#kNrj}`l<=W!B*atDo+LNZ0)m53Dka>wQg8(E6bUcD z&^bqEZHUM^*3bHWGJ?gE`rY1AX!j;7wZjQ9hJaeiYeM7(VaZ|I>(TLF)FE>OE;rT3^UoyH`qih?w*)_@1`_~woj*6Yb%Js%8w$Bs%-A3 z{}N)&&k#LY1mrW$lO&8hFPJ${myzE%ae}}gA+|(G7-7KL8VGeghL+&S`vvNVhQovu zV2L&>Ud836o>5ru3=HB(pQ$T3J2sga6j`*b(K?53s#f`=Y4{n)Oy^xlZ0wh=kFz&3 z0n7Z#Nc)>xeFw%44v{&I3SGct#7>d+ka3wZ#(nydof&@@S}0idfDtY|rhA4sb& zOO-b(7EK2iqs?{)OlYP+XPKsa%MZ|FrS+?tCIXlA^oC(bVo8J0hvA}9Lf*zC?Iyff$&a60c^G65;=Ffg_Ik_T_o9(<#&4x#POdk!kzT5}si}lXXfwLPWd5lmr zFg=$2D$(qr$nb(lt)#>E|#Wq|P*t5TV2g!58L_40Kk8l*` zk{j0Q;c?pK-FSeTj=nlEex?r%B!r+hGUgYT3ao?na6?j1+01E>Hbo?yzIyb$gA{VYXW*V@rVX*HfI&#+D-BcKN{ zV$Ms?a~GUCdqfs;C9bc=EiKK=m?}1LEHf@DI3sAlCnq58sf4}}l@5vD&wHU{sJghFs88{Mpx%8g)`M;3H$Ns9#CmhOVhUp?TspGLBJ&>{O->RoclV z8C;?ra zn?Y-%jIU;!duhvlD-dIJk10o0FNl^C%c>%2%~L5bv+&Y!)i_b)A|3#Po{hIE=ngP% z+rhtNu0tEX-NA@<>JxlB_Hj7mx|D84ibmA`c@3e@bYD#Hjc?*&^h)n%Ez|RlH`6$u zViG=7b7%y3@m(-QfI}vS9rqB_kU3XMtsreMNthRaMAJnrrS?$bb)G=ymjXPWW4LBg z+R$;i0X9iqY&p6n_aG`6{~^Fwbf9z9);lq?%S34uw#SwT{9k$1MrI0(>-uUdtuJ z7f!^~b1eZnlJEE=THDUp z*7xsi=50?nt3hdw+y?A4ntRZZH{I~c2Hgg`%s!_O=VDCJbTeZ2eZq-7Xl`L@%4_C9#H0d@-NaE-BU<1eUE6%e2_+XQ9&qpmKQX;V6W?fF5C~$m#coNxp*v_f z!srj~iST5r3!OrduM!NhlFrqNoW_+nMbYz|`eyddpj0Ugw;S5mtfr%bT{1ZSFftRTRSc!q=K5xkUrfLduh4skK3R%46*qUS} z*q3Lu=2n`amFmym&!OgKvNI+VUJNIlIypA3>n6wOK?EsB8vrAcC`e^WaH#`Ie}6)8i8<%WimXtCtN6N0A#NAMO zyc@6U;htY9NK7~C{!M<`ll6?N2`46w#PrGaY)o};NY9G69n~NWo4px2))?wL)ajEp zjJ1vSW2{K68!&ScCs-Jgn7isiQx(TCBsq7zan07PK@=`VQ*epsSW_EpZ@-D5k+NM1Nl=axyk`S;nH4(li13dj;A^pDY5vv>Hsu zwKq1ATihv1s;TN2-9ab%VG=H=SG%R_j7FNMSffG860>bO0Mk!zRuuTPgG$@;O^NRm z;)ZFLD>c**P`T_TgY()Ec*uORsacSJr2cp_n@Su-AC>cv)36g!JHG>!MwI_+%E=#sL}YdqTb9usRx<@ z@`s3*D6jm92NoEYNB}o8U56_9GSlS^YWdzn^dzQwgoP+P-wQH($ca~l$!1q9vj2dU zre+sx`anGRDB@jvyMU~M&L3Drmr}GchS_?rmwCY>>Uxw#;|fMUb_#emyu)P31)AeC z=*6kQBxm}tpz{jlJ_hky^OCnhf`fBp1YY;kUyQY;o^T14_XvKT0*>jbuCBL!Bk-a= z4J~>K zzG5KXzm0+agKmq`7Z=^i*y&%Rpt9v()H0sA6k6@k0vehJm;iYVJrQI)5ozLE2)x>$ zessg)vuWC-jkb1?XSIwlVVSp*aK2GDQ&$R0Dhe4+&m-Q+*4Xry_oFqqZ*VvKA|MK& zwZwnmP0?3&UbQUk>Wg`*FTppA!>ZAXcd8hLq3Sii_PONo%NTr<0Gp_@#I$wjq-B2B z({v2#v^^GN8uzwTThK z#;?o}hLG+Rq2B;6sBLLCMDdDYnt(2nBCx_MQBX4zNbW~hj?9}PjEjb@yn(uo659z` z+=l-cw0E5`osE6$JjxIM@{M+qzg!hD4}ox-x4c|FK&A z3f#r5kA9$jQAcI@XU8hM1AfXRmgYL^KCk@XdfN^?^`nLAQ5uDRP-Z>b_YmbJ0J_8H zEe@+3yBJrNT0}WwwZXjfWs{Wy##u)Fef&Z4B#+w3L=y(#uAhFsX(9#~744F1&aFw@ zFGku$orB0_edg$J8+Z=cI)B0(tS#%Bf_aV;y8DRjf^ z($nVAelw+!(+|Z|kS_)Ga+aC*-sr!a16q|tFK$Stq9>fMO!PQ zA`=$1Gh@2XUb@FW{gazX6ECAW`_-aU_~HZnS1I+cTmaJlzMbZ1=kVn=|0_xW&;R&T zrGFg$7p~xMiAl1uloFBv{0Aw7IylxQ914oOKeyij0X|58Uv6kvsJs?8%vc@XCv?R!}yV_8X1oR3VQb1S{F7L`?N&c z%C@tXja0s7vaujYo^qzdES#CiHps_04zm*~yFj53ay4#J_(qLB@r29{2 zYn8TR5+h78%LQj(45bIyvl++}*o_nQ85c80Q3oM);x2KD?x>3N67+9;6l}E}ej;)% zM@$e1nGJCkA6-W2N4(Fz#Mi(*EBv+ukva+%vcbAN*9}?k5Kz~!rXKlh(uly9uAVB+ zV0x`(5h`Z7XQe=bZ+7f2>JG+eoUndW8|X%WW+tp8n=RamXK^5Pm10y0C$&&K!aMJ6 zqiK;+m8u;qWOi{bKUH!w;_~@LA;f&<@P5ui_s3uOSO(cR4+oSP{*UGI5BIgU3Nwl( za`4Nz1~0a56Azt_$~C3DQLkwP8^>;iz`;u{+`^x{o4}L_jgn2YkI)!n@=9D2lB)OJ zmcLptdK{&vKQv$|F@Nzmkk2;5L@gp;FmPVDXYdo>piswmgxsdf0`;3;3C2C53p$&GS_c5D1=jftfru1mPRB^ zF=6O$hsKlsVoN8XaqC8#*bt!BWtwP5-0ijtmCwhJDZZJTs>tCL7z*^(bIp=}8=m42 zIP;B{WjZ5N@KSVGfM(e(Srxk+Kom+b6%nnM6$GzsHN9FWt>(~n!t=c%Wwb`jyOI{5 zDq_rAmef=ug9^>%wij6R4jgQ3pU=`C=Grb`F1KV4qo&ZeT$C`@d+yF^`}yVHKfsOm z@@T%C^qcD6=9&NM?>PT&&$PBRGPe4+ZvL;s(SPIS|2*tJc|XF&j)o5A|6p^ASQ%UY z|C?{KPXN5D@V2dF27Z@(wxDoFl`RlZ;#tA1P$N1M#-S z!aHY#Xd{+GDa+bRZ2r9OJ;3xpaLOplTjN{gg>dR`z0}UOvLdM-nioPoGFbwOY=*-* zv5MQ2n<*L|#MkU&^>6c!f3^9);UfRt=KnFH{i4)6>6?EEqW=@VlLat$ z(^A3knW9cNaY%HMm?fd1q475|N$>}znO1BohB3-R4loyJ%~~h^ULTY$AtC=Lh#~@1 zx=Ps&A6FtUQkYlQ>bDyakQ*>e${Wl3aUC0rIq;O}c{G_I(e{=$o>lKP_S(7SaCiHe z?StCW`W%S{%g$qGZdV|@J?@szR`PU~$4i8cc@9Au-JfkY3@*C2Axhk$@5-1wEmR7H zbmK!54~aEmeIwo+4^OU+6%(v<29o&zlZ88unC4s5B?bpu*c-2B$?lRo(#?SL$RZt${x>LkjIQTv;)J26Uxn1`wxz0#iBa|bD6gZtBX zm~b6u`!T)Y!}dxK~XQTo$v=EGYez*1X%26hww->!I!c;WM@0q&^Q0NQ_~bpy-EiL@)|o0 zuA-(n=8FE4ed+4>(_x3a(ykrA^7cSF;NZ6fjOmUQ(AJDD3rlmqqG*0-2u`rcYekVe z%%X=~RfseDm3YQo6{K6qiqRz^WfpIy4zqq>Nc3{QQQc+9yA-VjLP_1_;f$2d3SsFi zwVfow9~7cO=pj}Z8upx|;*3l;8@35(RHECckkkT|*;1M9fOK$AkYT8F5+r?V4BCDd zINI5o?`TY=cM(zi>cjiax4?!a_@G=ay5>QOmY6P*2w9l41496sliHqv&DPrE3UvWmA$$no{wl8qI81lD;KOhdj+df85Peyxhb32s2(v z&B7917=5jg)hSM9y_!SX;W$B{I*Q3#l!TO7^`xGiswx(#$`3O$!mtU$~VI~s=Xno3Y^YJk*XgtNzRcWoe6#@FG(pi8^!uLQQi{0VS`WT zj7~W-cJ0ze>82G?c|q}v;~EP=Q|2u~ik1B>9{jPyMb~s@ElQXg>2%x_G_waebdnw$ zL=el0{c0=8U4=Vi&yW|9XzZNr(=u?dj7;^BScnkb!%lbKIuzGBF)tHQIn~<_cE8tw za1Uc@>1M*fWZf?IVRprc9i!P=hY6doS23CZ`V1Klv+W$D8u(azuOOp_kE;fe` z2!a`F4W7sg?EK^{a`CukX7U|`{OVfBn24S9#@N|P%fS!>;9U=6SuJDR$8zB(EGDF!n22 zsueY2P+sNt>)LfdilZH{xXi9jBL+({MBC z!vq@hC64OU)?O%0|HnHtpV!QeBMhGn_gL1^GjcIDS+}M49(-5dwUhgx0w>tS5ni8` zt{yat93{|HdAZGp^?ve!@}h8~0CjJvn}7M3G{ZBm&$p6acn-Q>j~RLM$H--)QkYxK z%T{kW{h5-=Tw$8*DiDi9AgSCQDfW@Jj+kFKw+#*U3X9y;8rlO~<;g*qcS+WY5I)i% zg$9!cBG9E2%=?-7A=ev)!w0Rwsca~n1c#X~&zzr(K9YSt#rt89vM)O(~SKjDxXPc+)8Ln#>Fj4;<)W`ql<0-g7hHBNjfo)V${;NHai&FKKw17kR(IX>1ocS9W|$+0i|>@Ok1vU z%}GwTGnBVg!l`ib7rH}mIK;$~hulkDJGp%3C$j1{uxbr`&!0<$%i1qt4WQI?XrPQb zO>B&Ijc`31?3`~io~*cH+!S@C_KcD*Pn;=5XBeYc!`VO6GT91Hnzs#N{y)zCF}kvF zT>^zW>Daby+a23x$F|);$62v$+vsS;wr$%3|?lC@sv1{DcoZsq@*rw0^ESu#x@9 zkk3wX>29OHCZR#Qpm3-lO>uHYCv#_kyv*P1&?34Tk=lCCj6cy4cIvV#xuOe`Qbo1C zJfE0Hc5D~x@=X?J#Vmxs>^Ww0(M?vUV-v_4G)K%e$&2jiVo!<>=)1e%^G8Zjx$KHp zsZp=f0(q)e-;fx(GSBde<$gqh-2;v{NN9!-h%ts}K@l1c6PUMV_f%okS+?UOd5FX{ zr10;!5(6)phku4s`-qIINo+Ztp&U?Wc-ba*g(34m4fS7<>*`L@Tdc=nyECXJT?nW z?H$p)dCk8KPxsE!95uRMR~KEl$>=mtzbgd( z5ZmdwW{~qhq`ej}eEF7fV+hci;5MtPs?r=>I6ME?3j_7;GPd@%*mw z`p(Ib(0v4zlXB&(g)rM;TezgvrC}PNwm|va=5qWx25(30QIy?mY&F@~9{$1=&iUJp zG0xV+;4s?5l;yb#P-&5_XuY?~P#V8s6o}CsQ?<;#>ko1Ox#I?S&XH&v?@a$D7#b_^ z3w;*)V|KpAD#;p#@#D5tQy^1|cRcxl&?=M6jW92;cpL*k6_)b7?{~v*+>Dn@xej`_ zRa--$trE`#nP^9to2og2q8+`l*kbtOzQJ6izIS76?T_E^unX z8oV%Jx4c1Ard^fayjreVp>|fF*-K-Uj|68Cq28-~R`9Sw(^U0b+Ps?5gh6<;nKph& zfeUxPx0co6e);~%edNE+yL0j-4S(mt$T25@XMnfEKe>i7$uX{E_W40Nf2cF-1UQL- z_BezP4p`;`(U7t%2vGt(uu?LoL%M$f68oEz8HE@LkYd;&KKrttI+eH0?pJP&2SaE; z)aP1ri4Ixd(I}z=8egIifZe0_FH6<;ViUvZzqan1LUkr`Yl_KnBC$S}spA|%vBSZ~ zkNX^I7owm{Ts2knBBK!kBE%rS6=(|&&&1LGHBYrRHlxA;h#s74;(HEbVu>A@WgxSH zo6+-71&@w!;fL-x1gwKN->8A+YcX&O4|(8GJ4jkDZ>`8ri_;+?+{B4FKBNqg1Ssmb zQlu!%Geb)-b11Pk6TO6Y#^=Q(a!3;*}HI{Y{=s?RT^YbVE~Vqn=TU zUVASk;XN3`NKoQlyov<#-cNroXCKaDYAf5j68B8VlUY}=jsE`iltZ3 z)HI1OPGt6IHMS*-->~n6>1f3j!a|WZ+GnGBmKte{txSV{qD|p=0Jp7t#-*0^dymOL zBpR@%lwl&q&qRa7N-9fXG@{_uyqR4Rz>}G~BZ?2Jq~ICCfIO{^Jp&OUq^8i|vulDM zS*Ux7RKm`tm`e7Za7K1WM>j~#lRTP40OMW1Qe>#5?5n+#4686VLxl<0?GqF#NdH7KjuO;pD|yH?UVsH30G%V0fk@}Y*>xM!*l39g+`lB znd;)P)=-!UvS`Xe0}})E$(`H82VdGdAoyUrB4+~TSm>Y0Ami^q6G&et*TNiy)HIG z`VtpxL^;K<`O4sO;W5ne^AIG`6AKnilpJoy`!HPw z7kqa7=WXve#1Jq3Tw2`-Sk*)ZCpcp1$!)7N*UN}v2M@%ydWn}uFtHJ-0S4>)(Jl8{ zde~?`J%8!1u|23DCaSwo0VbQnhQH52PC112nzw{(obE492MunQx7^gzQQrbh^AfjQ z))}@S$`RsQG=U1K@18iMA1F_{-q;?vQ0%-YBN{kQa-sw78GVrI*y=jnb0C z2K5d~p#O3>@^sDiGFn>gBY60Sa=`;runoG~{SN5PbM&P0e$5}h$2WQNkhRslUo+s~ z2!@ty8$`7RVmrWLVk2hele$p=$2V~`qYEb+jGJ&`1>-kh(Eh-ct+efQZOvz$hJonV zG}y*(dZ5Exd>&RsMYR^l+_7`H)8v48)Lg1y$VibGUe#X>wRa_KNDJ}NqDBrvG}+P4Kd9n60l`ErXfSfSJ0NJNYf18O~389^RpIefr*eKfZNQD*;2<-np%h%ueR_a?uQI9kSa zT{=r#8a7cymvL$Vecp&hge7{XyikAcrH?PDyIe6kEp_VqtrQmo$oP-or6wQ9KUjCQ z*;i?6o==>my)r&aKHp&zM_Db{f5GvE9$~j%V1;6~4$?0)C8ZQ>Ig!mDixo@a&}-h* zEq0GT)RbzP?jIic1BBrPhy`|B35zXC-_TUp84j&8vv6fRk`4!@vE7Je^t~LtTHv%e zkMy9W97#m}#7a3T3oA!8<^9QDgh|Uxa7eW6{QW%Zfp3mYNY8j68!U%KepggGBCjTYTXls0v3E^_s!Qc=S9s9Q&5=lWas`($PBvyxorK0wV(&7fV#L&N z(3vfcDF;1HLC!kX5_!(PxzAfZajl$Tm~`M6b)eJ|{@U^T!kKhdEb#MIps|P;K$4RO znI69DqAZvInmypc!}}wUMk0{rok1xOG@OG=Sm=li9Ck!O* z`44`AnRX(Ixz|`B$)Dpe?;EPTwWNjcMVcY2Vp}zUzIk*%>qhzt5Sy07e;aSB*%st7 z(Z74&Ra+W_hjWOV@sVZgkI80I$VByod^DlFt`KBf4aE~x+t9KJuhz*CIZ@UjQI;7g ze}qEkNRngW;y58UY12q9$6IVo9X-@b2^Q`(>n&n_y(V3cF?~-cRgeB-Ube?DjH<|L z0IY^Z8)lI`aNtjC<4DI^x&oZZ9K}BQxaXV0@5p4lofrzNZJ)l5UucXbT6)1G93@(< z!BuC!ro?QcLtw$PVWIKcx6@>e&kGyvrd*1)iX3g@*-YSN9)p zTh6s)5=PV>$>P_d>7EL{a7S?6rr*aFmbP`BUZG98jC{6j zq^wD@FRlU4*>JWgT;GCnc|qn48Bqr!K=Ed?K5$_|DnGbklkvobJ7TiBEThfhCWAlw z^|0E`3Q&|a$aL2njq#nZ6>fa}2y?mm{)j`dE^q zx7eh)1hjEawUYPAB%$FqfMdXMrom4HHR8y@h6ek-- zy`Nzhyhcto<(df=|2$n>$G9fG$bLMH>lqp8W+EnXJ*}3-zAj(07ENqVJZQ0a1EAmg zJ^=8^3Ej7ce?58_>J}dL)idz|Cag5*SE1x=lzrc##lqUO`=tv3nT?6E`B8>!XFuT-7ZtL(*g6bB~0l zby9#sYF}K16W>MRHVX?@L1p%pmgheyHd|(X-D7vh-ZmgttRIAAY&X)OzC{!I00F0T zF88ZU-O1$oQ95{@3#5I@(A-vu?5&91Bcrp}QS=Xayw8297X#?gBi^n%PlK+; z{tA^zKGUHa7FU3q~`nwwdQ8diiQp3#4KC0Z4U z)~V1=u%>1Sj>*`Lw$p{ir)c?5!*sK`U{bL^4>Q%clS7;qh9=ATC(C0laCRAT8Wd~^ zI3hnCR6Oxg)^4(mVNa=P{jvULFki100fdDWkj8@)j&ZE+4Z!K(bIKn+fda!KvD*Qj z90GSHKG6T5OJ3VCb%S39-L5Y&>A#ib|GilJA1rDA5-Nl(?M(jJ4d80yB4uZ0|6c-y z@|rYI2#J5KqUvVRs~c9J@g^SfW(2mB2u2LNXgji2uEmwyY>b26FFBCpc^mRsY1c+u zHDb|-C}AZn)7i}I=;H4IdJh7|Y#33x=(sQ*bckG01wxJElQ!3--ar}bMq;&totl=% zq<$HJ#U+IK*CZC9u#}LxhK^0dNavMh*);6%b^z@)R+_{%j}QZ>tug6)l2T;wHG^Q} zdZdjY)@K$Fsh&oE4qs;R3c?6slKowp4yVP@Ua(eQG7pJZcq>8@Qjsn8`6Gvsr5}N6 zib*xLi_3C7Ik;<^JccAK(5X#hUpw8I7Ynx9G^_VS>b!yjLY>&b8cAIZY^&J%==M+Z za4flvIc+1EztTI)`hA;~g$ADV+^VMe!Wn1hNS&xVcHROTqb=gN2&N1Nj5d5!?8NlR z?0MD5%GA%tQPlXyQ&b27VT)uN248Nu$uK1j)MS$g z-EhQS${3D`9=tAFPN=G8%>pF zL7SV`6kn2Jnoq}flN|h6lK6PJ`Td#rCrHZ=vchx+@7CrTG!QzpTFHKPD)Z8`nR*Pd zXj&_hN`e`zcWv!Oa=WbFS|%1#2uthTS{YH@NEnD-5JM<&v*4?`ZbuK;pJ`#zbmmm} z4)=rDqqbsFQgXpwvRP&s@2v>5;Hu%R1Qlk^y+uL9v9TLUX3JlKctbdY<(O=Bhju@_ zCXfh4Ta(@NZ&-hpZ7Mu1ZHB8yRv4}la9gbijkvPb2Om1RFrHYz7%3jFon2Z)8Ba9p zmlyKcOiwM9APt(^fQ3xa1gd&9-tH}~D4P+f?H?aHQgX|s>MBRE2J7uoJl2d>i*E~l z>%ke|Hpq48YZga`m(U{E;Q3=ocwkrzQBsN&Tg*B{e7;GxA6}G78;(fV=_~7# zufrRUq)}mE@}g3h;9q29M;h|gDq}es9@NgXw6h#(=mL2r@_Pby@+8-Go11w>9xkL< zr<<}s{y?EgOJT-=s92~d-k>d74$X&viq*9 zDA@Wg2W3$+x~5nA%>)1kPzx1?$z?j6o9f z5BmgNT0wqUbBuL3lq8F)oF~QvS;9topLKyP8HG+E@h_Bi9z@>aBIR@(Wt^7sJoy!- z!r*g}^qtpa2N!#;_L{tk4qJa``&QajB-=|H>oB(m4pBr=l1vsCWC*HI{YG4>o?bX$5zfTuCEeJb1RN8LXp;t zGY?~eJy|>7EznMEd*o|%Wc$5$)nw;nCc509iA1!8RxttMZGD(+H1Sjq5@Pa<2hot6 z*cG9-YlQOhKalODJBx>#&3`NmX^A`8R_Nf=d&fN7scAx>q>q9MZiJ|52U5q1l-J5qT=We zikYo%Nfx@r2~kyxeOged#=S_w= zg<|C18nO%zr>K8S@{F-lN8g!ATtyU4tGSQ#oUGrRto!I;E(Rw?^0tQGJ5D$9wazBx z2f%PbHJRqLmV=CU#Hs~w;Ucx*a*9Xb>YPhz5#%Om#Yc^6O_I)$C^e-E$qnnRPzakO zmsf4fBU+It`?U$0HxeqSD7);}emxv=0?eUeKFNqH-i!CD>{d+1cM~&1@5rjBt1Pd# zV{Ws7dgcYLa&uE|=Wt&b5G&De>tI!!*wEy6Jz}3mCf{KoyocKPFD6`0+_!}p_*Y%I za8j-`u+j8kO{f&_;`wHmq>)K)=b5X;ngyaFz5c$P-F3ds5!0%@q{Dzbn=(4Vw!Yx< zRiD<*CD5NYV%{J~$pfK9?gLNPGbJ?yHE6t7*Ggux?zi2+m?K}C!ONrccbB`?qU(w> z;uwWA)?}7WAdu1O0bPdz$xxKmkggVO#N?J{(5|mcq&UI2AhLIf_2t+;ovC~vUwr4l zjGY28Y7IWhd>}UWWj4s^_9(G-baZ2Og$Bo9oG@6|b+}2nHZ{Lth-cWH<-4~o$-itd zTeFbs_^oItV@j$QSTnupJm3;U_j7pFM}!9kYxf9~#r($i-9Y}n5@B}IBL@bM_lWlH zde0Rt*4vIrG@ljH;s=*ka_dGbT!u_ezfql7I;fGQS~+;fX0&*0tuC$GSQsHQ$^!;w zu=Df2(O=1gpOt<+4%1g#G~ z@rCFNPP@W*pT2l>v(C7K{3YsKQ`i}N@R3jVLUz{&qab>Mq%FfkDJU`U43sl9Lq8xp z*8UUn=!^O~d=`X7)Pu%sfYYMYWnVm8oo9WrbOT>uaewZ1;xV(zAn;m@4ldvoE>1v8 zfHp!41!eKUc%%-zH`xHb=Zds(&oE6NmwsyH?Z>Oi4i zs}p z=rU?g8z&R@yJdj7n+3oL2yIQ4xZAmOPclsVZhm(kL$~L5j^&H|kGAy|qp<}mm6W%T9`+EKf!T&&xi-f*p1Oe@qeAqPviGz1 z{g`=uXZ^71WqpVL?CDl~`Da-=RjoNM@T)P*3iCgag8$&r{vV{^zsyVjh7wiv>`}fv z+Q5=+3>qqns-{(S!^n;F)sjW=wSJ30X=Px;7|U1F7aX&BPpwK!ptnqTYL|me_loX0=Y^&v1INxV{Kr{Nq(0mbiwQt%h~sbG z7> zJucALn;Q9;?1$44BA1nyd*bt@=Wz$v5y6OK)7a0LBkSW>2 zuGMMO`#MB0@?5&?b0GY^-O&&}ugJ)JAD6M)G5m?iOg)?Dbd6NJy@Oycdw z0QjPr+opOQbXLYBB;^z4bYLnoF5&t-bTZ{$rkhkQasSnWw1U4>OV9RQq z6%vwqe@6sWGmhsN@yUiNOl)AGGz|&e&jBw1Zm;Sx>4~7BL!ab(k zERw%GdzuXyoYk^&CoZ*#}bYgmFzpbbJ3?L-o_9hPL|hPHX-T z@AUuXI-LJ6xsHN^sgvP9nr#02IyY&&>EJD3`ytYegNj6vflX^VF}I(CTBGcN8`)7o zkc&pN#p)W-Fedc7|>+&Z~yJn=RQ zF?C}Nu+1)c15Tzncb&ccIpQ_{xXEGc0=q`~(2r(Gq=hOg6)NhXpk+l_n$E=W zLT6V5Uu3j!4mCu;Jsh^fnYRJ5c#jv7E3)p(ci7KtD$7c)$e(zJN9fch{?M}2=yo;y z3%ZrHPzq!LA5)t*2KP;=ra>Z@xgcQ8YB*t?t*>3u`${;AJ_aa&M}yud$KPA36@avi zv~Mstuqn4U#P`tk_g9_Z({zQHfh@#Qdr@d@#lyXl#v*-L3B-4G#D?9DY;Y18E>-K~ z+e@1=sTHI~x2i}2F*Le##){4>g-DqNit(3rxz{8IIx1DA6^2uJt&v130y)qx!eHqT zQBV}4&Pk0e-wJ`N-(ePE*V!4$;pqL<*k?*V8U8^*c;3< zsH^SprGxw)Ldgd|SeRz#HueIS%8XbEc2#F#KQIiA*-rX9)do0hC}ZGs`s^LetEh(S zhB8WAFbUMJ!y@d`3^yJ~#_d(d9#8g~6F188A!C@e6HrA>Cat7dC3ZVP0m!KJwJA_^ znzE3dDLyd;3Ile0KLo~;3KeikQQSS6hxYc2%UVa;=q65X{MuwG4KOWee=`dh{Pj>K zX_wd@CJ~*Y-N2i$u0?!9hb!m$6;x>WBV5zO+*%N+jiBSq9Q0cTAra~Zg%S7(w!1aBjciaM1~d?5QS&);GSgqW$pNLcdz(uBrHM+ z%cLVIn^%HkGnhGTPlaVDv1j{}dMNo%Jy$V|42r&?BUu``PPTd+NQ*P~QL8s-DY9fR z9)OlB&j`;(@ZrbbaE=O>m29tQI{GE_dl2p=>J5LDfrff|b%G^jZhl&L!IE9i&YsCQ z*0hK?HnNs?-x_|Db$0t{S<^$tG7qi#=D{It@ERz#@gt6(=1>=aOkx@ALHAYo?IjA~!!xakL2Hubc- zxq1Q-u}F)}j#$>KAz`ONCt&aA+&AWIAt21=PJS(R*uJW);2N-*$Ou6QY0SDQgzH%hmDyzs{LD0{-vbjsM#%>;fL z9c&79Y|uQ2W8}(OHvdh6OPf6Ldjk~*_p);!)hSdDK-*9y`Sv?29iJT6$7NGvbwzRg zncUj*o{_ZnEy9N8nN>!kGa=F|-QF8k=CbB2SuzWRHbv@qBgDj8MUm)28Mb0YfAo1r zJv{ckKj8facg*wF>XL8CQ(=>X_}UmSdd>XlIe+Vqee_&3^qF&QOPXU-R~j}cSd}t^_9ral z$5j%GoQkF=!A|M+T$Y|1RpThS_8D}QZPuWkuWgEBt}TXAK*Mp#HGh!Lnh@PpMQZO~ zmE&#NZhl^2xje0NB(9)TJboGn=ooj^X(tJl0X8>1(a)a=rI%i?NC9q;hr zFIMv&_jwQZW_!ss6T`OBJ2dZ&f_D7RO_}G(Jm{QlK8fJTAT@yB&JSPoZWGrri>bky zYwJYgKH4DOJKRa1(KL3&YGx$Ao>266^|-i@bdgW-uNKI!FQK7tkP6pE#S`)A@4_OB zN>_-Xd|UluyOk6N^kdT>?s00q@{LLw0)z$WF-i|ci3L-w+LJ3=2Wjl*QNJ)+D*HXy zB}QmlCj!!q2lQ^f>tDha5VoK!LOniXE${xmDI@)ASAFLfc;Xwp(=EOj@lm$Jdi(A< zK9*V1*{g!k@go}jjPUj(^zKy!3&ufTr_zUQ+LOQdd!hygEg~dM4YcalZ+tkVd?NCb zH+kb_KZDjuQrbjb!X`-c2BYT$sVO3@;sXPjA?&!#G+N6&t=N8I7);k{WO*UH49F9o zSoXj+D7CkO9)O-pac2&&2JZM&EUSf7*P9qlru;BAe6j94bc>6Wz{3Nj@wCW?icbhg zn!gVH#+NYQA%GipM0itF(m4QZP;TxsaTM{*=3#u!tr!>47(p=P0vL2DkuYLV-YWkj zNs*S>PwEl%xOzxb;95%y9TCgKseF5c(~p+li>8HI$`Y8$8oOcJ)b{eg*~%H@y=$s) zZXY;1Pq4q{eCf^@hCIw`jgG}vL=cYpq5IC&x{^9Z58^feeszazIE zG`Qi6xgZW9JbbQ4-A?+~;+E3%UK1A7w{QCB|Bj^pH~9Du85sXU(*L$|@!zah zejAlVhriW2A6>Q`Wwtp#9o5(ie&g#6i3W?uP)3*?X5vFoTRR9{=S8YsT5~7O0~AuO z%P*sJy)|N64)Fig{v9f8Nu8gPw}lcx+(7-ktO9Pt$a1QWJR~jVJ*-2IzD$<-ql|*o z7AVXTIp#p8>*#>40#|{G-XgY7?OAGybq@AMEYfVsA~$0+ybyxJ>`PwUb@&s96|U@; zI~cID_kLY}$bC;%RJzYsrDVFt9DjU==jD=SglWV4-gDXwS9>H^ug)PMk7>q4c5!tk zU*r*|9^YX@jqDGvk$uCX!UVtj{!!O)n2<&}I?oiVFthA}3DN0>yh^Ei=Sk$U^Rc6U z3@!E*@^xGi1aSy^BnC&TD7~p0i&}ZjXa{A~IBH)a+9ry< zUKk}DcHq(Crhs|iZ=`m?dVBc#);~m{0Q#y+^)JZG_CFHQ{`akA{J$Wxn4O7(y`|m1 z2|`I4Ix2WW=pX5Nso;nxxgFs)`58~3l~HIW*5qKqNITz}!TQAA7=V}GNR!hRCV#~m z4>>Z(XGWq*I2v(3MHXW6536xh$5-4Y)|cOA<|Ihpx=t}^(*sE!4NFSibi15ic}u)M z9=6^-zd7Kzrz?i0hO`2_*q|~UMxC_^O!ki^Z2U|)&e9J|Y3mf9ct91V zgD#RY>p7K?EO7rA(c!M-8%~*0cGjCt9TZ;J@-!ES3Bl4q7fM*are1FqM(U!j)`|e- z@jGgDh+bMFK-Uh(N0-3?6e>-B)g?o_o=%rTDZyQ|aqIXS_^gMa+BqB0M`>hO;0uDngDl;7|N5=KBjugY)kDpl(n5TC6AY;caY)Ka&fNwrMRZp^+hd$M)S3>8|I{Wf- z#$iL(6pnFHm-&vsm@85MJ}6^B5?qd~`>k-Z7ErUxS0>!O7m@WA#3pvv0L{27+qS}0!pcjtZTJ&hI5zlgoC1UYxPhUTl8MILA=`ytBU)3r-jooI2KMmIO?kcBh9D0P-r5)Id(rO1j;z0I*LNG-6P*i&b?CN9Tp&d>^($2DvG&9%`J=KwY|7W_IR?RF1uAmV2N!-+s7-Gsdvb)e zUJJc6#bsIYX8UBm(BJx+mbV#{T%Vq{<$V)*292`pT^GW$s||_zD{qrW%1Z9F>*P^3 zhxhsYk%!#Zcs3+kwjw@`QBiEu57>J*pXP;q>7!!ooPLk?xtFYm{P zRsT!FW`C{{oxEmtn#^_#oW6@27{8cn_#8=q;N4GXE6&ujb0`Rt>oD64Q?YMz3)h_4 zn=$CwAv)&@O=4})T}+H2(0S;CKe81pbCIx8lXFOB%h+Ns-_f*r?x@oV z)2#}SuLIE}V4@|Baj#-#O+srhQWHrNT7TnA%;rT!YW(e)u=v%${uer(Fjs#)AxN!p zbI(MUd$kzOO++LakX_ZYfy0%iQlB4}aCZz%XAXq(0lmi8k|C@yZl(g2>Dlp8?f7rq;W_`=XgZ*u=?4dbKVbjfoQva;yZwbvU^7W;K!c}4{id^W zC&;~)Qxp3vkyg1PA(AkZsC~t*M=7vc=h%mlx6d#68U*8t6)awz-0TMS6lSEow1>dl zO1l=4_MFCbei?A)k@e^`T`A6@_t&uf^~M%G8;%ChelL$cgR7L`Q0s*%eedELBEx8z$%8 zH&_hX&gpwK@(@hqElV4hkwiLYJrcz8!Y36(4tRQfT)Wg3v{pm{l_JjYOM6nCM z(1$FmE&BC&18y&7BZ*pjKylE&(rBMT*>BH_c~5YDok8n1(?Y{uJ2Mfm0l(t%iw{(3 zaV{&wAYSJx0hKeg&0vpB;OF-?rMe7K!$onb3`DMc;_3y#EynLYf|WH-fv=-dsfe)_ z-X{q0ASR!V%&E2r`q0k;#jQX3y$DkRP9MD!B#tG{FF0vulPais-1;A6aP*%ESBTg= zh3~|GHIpOxQOrbX4~W;ernLy&MFE1PpMpD#Rs z$z^2Pb!N8?dkME=SmcSRHDSW*LN7X3TI@Gv56|BAP`}yj%>RN5fSq!u%3ylSQsMO} zhJN*J%b)H<+SUT|cubW@fi03QPsa5ntd71-3-P+-2r3B7PHs&*jKN1Rl3dWi@ z_DusAl+BNO?ACGKSTP%-(H@3fynSO`A>Cm9uw*|%=>~snnj2sA8xXw7TlUhS7t$zz z`OL^ak8KvZeMtAq4Px;h-5~#=T;N|MMcnXzn17N~H@=cskUnj_muQQ8paMy@pq&2x zN)RO}mS!W1PQ@@{;zKfMK5FLg+}znnx~}=TThV!)8y<1fdz=vd)%888&j>DN?XkSE zvXZv-ZgzOs_4$5}-NR2;j3lBP6dw`+2CP3@fa@BXXlEJ^D&K*%-(vYaj6{@vE!0canP@g(G@w;%v+;ZQ$h2BgJ(wZZ1rqUZ{d>z}g*_AqEb$M^ zk=RP-?k@2FtX(fNez9?e66RpTQQb}pr#17`C7@==L{@s8)(X0rB3I4G`EZ0m(j+OI zi2u#VITO^M?^p5)n5DjE89yu!<~8ye?AUP8cldYEGuXb9FYP~aJkfc^BuXo`P|bY0 zv~Glh25GzYy_Q8UmT4M>-eT^I#8!vrdaTYl^3UagnOuIF3Cxrw*F*8^fNMsiiO z%U0Z{HycIBgb!SxHUgDMEpV8|B_=CO=mSvwkz{|bYTc&6B8TXx+d74Z;U%D=8}dhm z!AX;B6XRKLQ{CO4 z(Ay|}FvP!dgK@B%N{x?OvKsTNOIPcwEv#jv)!o(M<_@y_rnGd40~+z8M#z~2Y0>3Z2;#>8q} zaN*eLVc%G2Y81lAr*RIVC^Kk!mdD&AV(o>7)`Qc@`0^7+>k%`k725U!r_Xx0iST?< z6Z>D^uafEz->|Ld*b7+kFi5ONwFgz7<&)2kN2|!_e?R}g4xOGP@>Czm5>@k8e&M{F z5Q3`N2@6KRmT-(BzV%1P-mkpGATd@XS%^-KWtwIkgLfb03RuGKv)stx2$_q^KD7|A z44}-5%o925r>u`gi!uA!Yg6VuA~ zR!%zs)osKsdvuH?oLJRjC<9Z}OT-5O8haZGiN??*9XH8Q&d27Z?iYMeK>d6NTo))x z$AFBk;o6$Olk637xZU{RF_!9W8W9yKR~9zqhSqXJQ~OiG#2+@?E((3@yKT?JcIjT) z?4g-10C!_z!UrrvE;bg{q%cH8xfsBGk}^Rb5`$!Gmx{ZbohvG1Fw!8>5yv|+CVwiF324tI$2>C5AVyq2KB}Xha#0q`tqxsy zrV;EGvZ&GxGvaG*uFD?T=%lAj=>krj4akXSw{jZ7xQs^>F=hWe|ITAn#(qjVgyW07 zRtyP;`>ok_!8GJS+!vWC1?$2bJMQ8k-$S3bFW%nfW0uP zv8bIpRN0}$1p!XIEM#MT?Eoa?2A^hL5TV=+M6S?qc3Whu_TGe{A(wZKPY$jMT1RC< zYXRBvj>CH0GzjZrLk>4SnRpP^TeL)BRIMpgG!zmmf4#6dME6RbwU00*6`)_^D(V&% zuhcY90dqkC4%g)77t6UkU~CMjJW8B?S9Qwk?veGXpYdKJ`npWJ>fq3_pdwhBws}CE zSnmudj=?6`BlkSpYj(&4jC{kQo6pUflDsC|FzruZpx%|@q=?tbQ~MS(EqSKRb)Qp| zg?EZncocpNq3MD;n>oL#*by+T!Y1aOlTVN19r3;Hm zva=uz6WA8C5QHclm{R6KMCVg7=z�^Tr|gx#6;HNu4&*6dE3ufGPfi?h!IXe}P97 z{0uJcmhj8A#cTs4*bflX@8*j)hY*w9MCZlJ&TwGYtUR2|i7B`gZ8-56u!G7v^#zO^ z%p91}wm*GHRyzP0f5gf=!hZhDbiys^+|1Rn3S{98Kqhlc5Khm_y(B&uyYnHw_w*qa z&dC$?4X>e+&Q8Vw0}LKZ0oNlfGVi%8>H7{`W#iY%h%OTo_+rd({KVpQV3M`L1SlWQ zKu=v64JUL;ryMD3@l{K#v~L4AFoiN;bGOijyAK0G_}#7`uQ3NlRV?1F`@lPEB_M$< ziYK^3XHPVF;d}f;yl_*siU=)-6=4*J3|n1Wc?4Uq)Cg|6lHcH~cFZ+D(CaAkT_S|C z?mvSR-*5ie#dT}oL$vz!%{YMnPk8tLG*ADVL4r)x)8W5RZ<30w!n_cYU-ILz9=$^* zl+!Nk6+P5}n&2-mVJ3a2z!CfuB*CP1Jn}!ujr{qa(nQGlGuJDGrkQ#b*+yYYa&9cV zQ+#*lE{|s|F$UlGfGY6#aIA)^Em_7x{QJ#sk39fSm)*8?yI}iP`|f?m^LbBdE~ugM zD}W~gTzLQ-4>n8Dg+_-OM8`VDK*aVi&M-7!GHZh-F04QY0?vim!ni5=_EP<~;iYTF zIFDEC(zIzVCOFFRt6>lJt89hOekND*6_~5H`Da)MwBehBgh+P)$hztA2mCTjI()q2 z?z3E%b5E^Jvx)tyJYG#Bo@)Fs>?v&(I#|FyBTj25ar;3zrpE}5NVg|{gULeu@bP?r z5eBzmD16jURTp8aFl-FjiVc0mg`AaBiXT{BqxwB98PUE3YFWNH@*JPULslK~d3fyr z17{M2+TwYuZMN1hJzAl<{b^FIwg?Tx%tCBrdFCn{xqN{Od0gy+Eg?EZc0Jm_7qiF^I85fy0)cH;+ zv~W?mhvn1+Hv-sM1|u!~v>EOGgooa%e?Xr+zg~T#FX*%X70LMD{{R0y>is{R;Qw}o z|Hav=)V2PRM*C4+M{g|pEi{%#M+&BlnZio4!B7|j1*R-OvBy$!R(%;1&1NJ{6lUYe z_e$mtmS?WSrI?sJ?c}~q;Vhpo=X)}rA?}{&BkTe=86rruG(kp@DdB~ z6Gl*OXCasOOuA7;94^ed({u|na>hNWED2?}r}VD+X;VjNA`{jeT9%{3Nc0J|Csx6V z^u%-p5G*1#BHjAZ>$E{zT2vNrql0CY%$C@sL1c)na^m=>*r1--;J{0G&P=q_T z*H~B(@A4+xwN1xl6O)v!wH6$#(pX0$V6Alux&>Q+8{G*tIm{L5?1D!wM#RL9mPHmG zc6tZ*P_fd{<{;tAk}V=AM(f75t6WieFu*P?5OE&Kk}VODN*>cM32sJvJ$&XOImpBi zmzO@la$ah}g**t0mBd70jAt2g++L<=$y=P^X!+vFMKa%{pXdmV3dehQN_X`Gd!en8 zm$k7Te_`9*>K$3G^!%_!LNhMR(9n9~g4s#426MLPoSfB)h}x=E#Q8;P0!M|?nJm0; zJSttLB6%{0KW{5-COqu9*qO*hAYqiL4n5e!c>hFyd920D;2fFChZA19T4-R@!9rz( zz6BWugQjvlxjnu^IIA`l!f3w0C||S5I|!~NSrJjJ3g2~poUZL5P%Y+kF64AvtFcSn ztKf5M`dy91#*|%V%&R8;`+;7Wst{vyMhI8AWDzK0>N>G&mJ{y^UBrTN{*2xwfYP&A z)^?1mL|RD=PA%e|8T2M)E)@$8VQ$3s;i;3^o1!F*wlpiVGAnJ{wr$(C zZM)L8ZQHhO+qOMF@e)t*5a-`#e|+9WA>cHhQbVhhIaX5a7CwX>9+YJ$ zSY0@O?QACM7@nyuL_N6AFk|=hq<}P^ib!od_j{p@h`y-}kZ~3HOn`PuRNZVbnli`k zwvNBdADwPExqR+lqrN6cmukuGsne&tz#Q+hP+_nKn-}$*x7vk`!L-4HZ*!q>>q^bD~)s_^cw7 zZ2NvbMJ1s+h;5>G_3S*8Vz11%eMjd$wkoF`%G~tBMZeSArf@qih#w>UB5$w61ES00 zExk6tfcPMx+dc($FNreRLOhiKavDl$u=9&H?Upx6V>w+P|C$&Z7Tj05W+l=$pJXhJ zFb=w^Y4rQs==j^pZ${15;LFk%{IsN+a6Q`E0OO$b6@hSn$Zi7eg{|5U!D0BU(!N8S z@6Ym2Xtg(?3*swI%7LL*kaGVX_zbGEc1qUfW`RO+uI>twyciMsh} zw1bV>TC-_7vtzT=CZvAkuXyN07uv?9^9E+V6{ghp5I9STD3001}SN^eKd_j|%_F{2k|%c)#)1e3EO!$JIo=X+ zHMKX9W2z4?wMSISNtmd(K&a#vM#F8YG@w`^ej2aziuH%QdCR>4ooHg>;AZvN7dHkL{z;o`Wp8_ACJsERLZyz)-(uFQf3K-b4Hu1IN;DAY!gJ?knk z2%aR8S&qOxA&&F|hU1W8PaU2l zZ`#2cYuAf9RY)kq23`kB0`h&9MAvMVa|Bz+hEC8$Xm8~Ts$A(cbOB!ojIqKFi|ySc zf3meivfqXpRlZRA!5U7bO%V{<*o4W(Re0Fl`DEBK19xv(orLXVbLtvPIjRwf(gh+s zSbwqf8*8%~y9o;6)K?HDz1BpmRqvsa(4HM=3Qf)Z4dcte-EA?BcA58zM`;hPl`dlq z)Vq`JW-K+j;3ej|=KsKwvsKsK^m9pLi+p5tPqOFIEs&Z_Z5VO1qFvSs#mWRE*@H;9 z^0CC86aa)<-W}79d-w@bbFz@dn2aev1DaD2hiQTw%i+usjM#{H_bGtLRdc6Y>kOlcXB)SwG8{V zfP`L^r0wWZVko9-%M5py&0VOxOB>so00#-7vReDWbC|>LS-pFK9$RD1rP> z5U3ct);+ANpH)D7 zC>c2nLi-R$=xKq00(QfGHXeK~>{xJOdmK6RByMEPH2qLDyzn9z@F>6Sc{O7s?5hAy z3RTz9U@4E9a;iUpD^0&dEdn<74zqDcASR|{8oT92SElhFyb3c^!# zdUlMyMsLvNzNFTN3~e!m;pXk@LnAx7n{jQ;)?O~7x6v8=dLV7g* z0jr>8u_rw4JKnc@u*PZQIU>hI$LdLe5vv-UcV$)kC7V_jQ|I`wYFcBgUJiFIM&s5`2hjcIxoZ{3&0)MN5^479_@jRt=O|sbF5X9*@t9%yJm#`2oDX&9}GxhDc$v0@H zmf%TOUaEHw%wZVEClT|h=R54Ni0pVsp(|!L1(DAa=+Ur(a&mm}2O3C#-A` zf3ai1pcCUIKXcF*_P@@-|K8a7A5rFi&p`)j+y5O+6`3Gqv&IV>bo~(q*GdS_Bo|$2 zuj*%3DbLYYB&YaTv*NF|xaH)sY$v<$y`|=(`-Vk5GTy~7{XVr5K00^+cv6o{Chm`> z3jFl9hdgUerQ)e+7hSK=Jk^dOAwUATy6P{soPXTPX=0H4Y^S1F`CwI(qpTy7?=gC< zpjjjcoxTQ7MBL6&a3|>-U@C293@W-FjH3jqX~Gw{N7-P#WXn~@FTB$nOEvb=p^S6M zk&HGK5vn_X;6>4eBV2MAcoPzBDAuBKPG{m_5vAv#sgCE^i5&zb`ym~VWm_>6_SJ@O zFZai$#pDlAd9@O#D6C)E@)eYH2pVcge&Y?x&%`oboUSM3C7FkWJC#_n@An!#m$Y^M zjf?589cJj!%>!9;ub#GSItpES7v1=0e6@+d=mKtD<$*;RE+RWfe1)DOCBQZtsOx5p z9=wo|MGHpU=MTm!LHBx*txzEcpC5ok!|!5JYLI-KfxzMZu795S?zq>8ZKs(rkcoY9 z1R8wTNj3k7!3I7w03vfcuEFrNWB|yUFF?u;S(j( zSGz^Ul#49PSxE)9Ar3{Zz?un%%Y(09C7%v-t37Du#m9I(>~lDud#p?C%nEz#I(K$~ zxrGM(@#7tiu|I9n55_&uyCELG#F7dk`kLc7wMhXI_)Y27jAUQ31McbF_4Nhpnj32( zLN7gv&XVRl40$HPpC;(?71TPhmPa5VxYg!Ung50|F^z;7%WftkOXIIrd&&L^Y&dw{ z_l2UbxJA3t9EbA6-7AgUK*IMj^{zn(fw%55Xe#p+diKvU8w5!D54#`a0R4X?P5vWm zD6MB@WGLonWc4rHfGd&@ypI=B$fwMCAd$c-fRHPeUt2`qxn8f|hlFR$|y;zH{7_h8?&-U&l&e3I2b0NHSGjJTV@TzOyJb>O7s{-3BE| zfJACB!)N#br<^YY`Dzg?Nm%g`>OGaA3*u)%#mpoi0;$*JnH~9k9f8n=FMt?0;Bz2I zv3NDwP^cWAv%TL=J-RtE3+~mzMvvn)+J4{_uWe4A@9yC&pc?S++ulHMm<@VzIilSR zLvm#Kp~MqxCd5q^WbyLSPIW~nqPTo>&IW73OfjVD zqF|Z6MDF3$=n$CVQ!23&8M|!yh`15;X09a$h%-kbF zZg(WXeB-`s>{- z9*?O;A;FiC`Mw4I29l?Sfv`H}&7jGLpdeb1g|n31H-qKMde)hi4JVfB_jDu`bi++alUkO89|K(z2& zg%Jkn{8YIu=NM2afX*N z5NFO3lSom>`Kg@SQt}V4UH6wT?0`s?2SoW4pN$}XjL17Zg;@A(%9~tmnD>XvWBV3h zotllVmKdx9Q<_F>2$Az!p>1G-ztUz|sn2DYZh-+ucIVA%NR&+0e(EFrq%)N~H-cY~ zpKMx?sV7CqHyJh}6e{WYKS+nx?hGm@JYXkSkel+bAe_hJCzZ zvH-w|6Rl4!C?SWvf~rR|SfSV#w|?Pd2jXt;_uZh`-)sr9S4y}64>n~Ruz4d0a<7hf z-Zhs`mq!@wR2;REu60TJ{2O7R+T?e!{|+-> zp40vi?$3?clg#;27g4=a4zF%ZNmLfXmC&@AaEsrhN1X&>$Qe={TY841MkFn#=BfWG z8hQ(x#_8I!@ub`U_Ig7K?LmuY054M13|D`S(y)RTCbCwNJ8~zNf4p{b5k+z8D7RAF z_%S@@L|J6Qm?4LdF#20vQiXmMF_uwvBS@v|k~#63ro5eyvhHwg>{P*5#{nZY4Pn-? zktQ8gPQhOjsKc5tU)-}j4qix)+tK97bYS6#KC{Y|j;fVj%+^eC3LZ(rRM{gPR!Sbl z=^X#k9E4u{!5)8xv5`4V-t4;Osk)O$r2itRN9{tuupmo!Pc%w1qY&S|Uwt6rtW5eC zrJhMzVgO8I2uPU_tvHRGIhgF2nYcb>{)lQ=j3sQnmyP5)~37|N~??pt@MBCGK%ul0;Q4}PoNbqbDVO5&08Bq_HBw6!QdR#t$m5y4W_B848(>+UDkk*_c|sgoWTHV{=vIu*D1VK*kdxdJ@o8Zk>+zMBCwFF<{@e^4mVH= zlbD|IoX%iO+w_Z&vs^r8j0=*w*cN#X`TlhdC$7{l4vhd50d>RzEAmSr29ASOECyYr z_=a+~r0URWF-m*8=pg7vx7!YqyPF3;c5+Z`kxN8rtfy@5P+%E4JSt0VAz!yn#|=@= z0J-Q%;3Fp0Bc>fzI^10~JhH`EBQCBC>*8T+lYw4ou<2bl1y)I!)aNuZN_6XMQ0cr$ z=-NtLPNpO=rk5t#(CRM#>o7+x=?m#*vrsJCk=deay>|Z_`Su&3sJ`uCh@zWCLlO;i z-Lm8+7tA4eKQ(7aD$leYwqa7H$nvN#u#99FVT4_P_7hjS!*^@)dWjm;WMo&Inhuzl zXA>|CK-bu@$wY`refJmmDwaq!8+Z9}Moj-hXf-NJeI#xtU8i zY;$eq#Om{hrk}NeD9pF$kR9w%OSfpc)s%m&NP`|BRsS}lngs>w}`C|nou{*GS& zbga?+tyY6_Xk4W&XZ`si^AkO;wJGOOQ4O!Oj(uN-YM5P8K(jBMpQ4JQrq4(%wr5&$ zG+7jB&X}ge?U1fR*BL zvjXrI-i0-bWxXd3(>k@zr)EUX=FN`Nho3E*uyu)Rs+R0t=(nRYB zq+MsPcIN1ohh|{fncyfFZyGjXWiWWdf`pK$Z>Am;(?FyWx(HW*?mA*wv83!O*?_!lBXxjV#~Latg)b^~vz|K1@+w zWuTLb1vj+tW+!h`C#%5br(A`ZPu;?8JV}hk##T-_&;B0;2|bIJ#VvGgXH%#@BRVIm zF-*8`s}M!j;4aYbJY1pEcSj7q)03NAz8=K3I@l{C%PJ)Xo#M;Ya7fjxwludoe=sj0=lj;yYBl6{`J6xJMf(ET;gVaor+Z`O z+Dz*W^2y`p?~)gs&aqhu?=s#xJiiHVH%!q7-L{T*C4D4h4j9ZH5$|d&(;__vEGwlb z-{nra;e>e8idZ2GE*S&pfNj?fXES&AfDCoS0$!vw0d5xo_(se&CmMM|kzhL?)T!L`^wk9_dGd(fi501N#p|`pYGDA~v%wek8Rij;5_=&*-rcs)_}6ZY zDe^0k?0q(jQ)}<2qdjw>v!3&oE_`1U$%hYQd^{r~Dto#$D2&`)7_$@B2Y%H$d zUw*&ctaNQ(To|hb)w~?IId`2udv|ZYb97ygTiA4eIQ?STlrxB!?iMO;F%SBB+>H5Rm)9MVhBT@G7gDKn}5sf5V7wjrN1KJH6=FZ{+^97us zTA7MQ&rYbL3~N%JuPp2cQ8B?>q~*9sXn6HNDDl5$^-$mEn4Qixb-n%Fu`cy9>OuCl{k;S_ zWRqYkRi$R;jWLI3AMZz8QP`yiXXF*NPc&hc4b;Y`%R-?Vjr<40Y^r!=m4C?NgadA% zf4tvZhqH|R1>b)S(XxjMevC9*8Xk-0mwgct6@h-4TCbGhCaM{WB;UR?*jXZ|i>UzjL(W7vm*Y&x z=thSU|7HQKUK16SajLmP(IN087^M1=Y-brX3=9pLc9)5#R+BnJ`8FGK zu?l|3Z?vX$I{dw-9MNPkw=MRR5EzS2xJ+T`Uc3#weQDt9K`luY7XP^o6ZchlTCQnt zlRQ0eb-QT4XRzW>Lh1Ok!OjZoDmsPYC_#dQp>P;+(%N;veQx0A{eJi=eBmd>(~G#8 zwi;S{ip${JoQP;rS5O!o+ol4Pnw|4^H_O!Ik_e7K^=NWe$pAs%#WhyUc?2|lpu}hj zS3nth?LIKA`UjT+XX;|WzX9BV1oT;N1B;@vceI3=VGl zi@c<@IY;`Q$y9@IHyM61yKeUS?7$cFt&DR1LPws$y>uPC_+s%0XqC5uj-6Z8L5FoLkmrX_E^{~;~@A;Qx<)96Z*AslBO_q{Ho~N8syU@ z)yx%_KU_;Wy^d|X^P|-L8$Inj8v35^^_C3K9`T=_d*~WoqZn|D^fU#@z(mGt%^KOI zG7D8`OjS=*XGyXJBB+g3^FU}L0C@B;ieM7eClR@zzU1^un%CnSFl8Gu2wSygA47mz zT03s|rbQ=f0Fyhbr?VI2d)+P2H%%2L6I4aNXacm7kh>y1gr^knZ1_^y?Cv3uG#vx3i$V<6T7~OPj-HARiId|ah~5pJT$TvMgahO8 zy{RQNIr7@}Mg>)Em;zcANc3Gpf9;=_Q4P)adOMyJMfhl4s7N) z>SS|uA=2Av>y?vtLT~q!|J{Utmta;e^+(=Chv`o2r5ov;5hLwgC6R;6aDY!l7*R_2 zrEGgBo}h&e}#D98WB=E>1brY`b)1NLik0{_G21`wrw;%C%zNPkIUr9TDK5_RMJCxRSR( z%&^UdLFyn8g?w{kaF1N zwhii)Ya=m;GEGVpF4AVUX~-d_&_K|HA<(Hhr;*DMnJ8C|eecMDlqc{B+vgaSITQIe zR=5Yd4pOAMOe0BPl|uFlOICW2;>6LB$^mbGNAWuwX zJrLtNI7W7n{@1!~3E; zq(OFo1QY855v3d>pP8=yE>A3W&6nAm6PeIg4_+UC^=Jj9yhCtm6AM6mBC=_LmSp2u zR3SJADjkh=M1Z}+vhA2Uk6xO>dhZ<8o5yW2yK@BLyv;zeZN$?fmhMRpZ3fqOI84eT z*gg(x+^`Snp+8|5c4FlQkWSS^>AfFy5|$9Ir9Os;AjqSRje0w))NYc>ZH>BaysG*z zQczJKa3-g_`>Xo82d^=AwTmkzkX~IFN5F4SQEpcey9mqBJ@QkvrQPn=i7xc^xccZH zNfC}}GXm1mrAk_zbCJhBw;EL!4k_LP%Ikb=X^@>>Q@sM{WpwgXDILgPaqPx=-9DX=9({{d4_5cvsw2enR})giRB6S;Ul>b!>MwANz`UZ! zZaXRkaiOx6_y@CZOx|h1_GlDIu>7<|kL4)lWqNcVC`xHsY6vsrWeKrekgCWj;YG9p z!f#mKpRZqnFTp}vzhpizjK2SgPfKW?@wEJeSP3EjPhjnTRJJJ?**ly4S4n^4Kf6DW zzOIS&;wEDPLJ$jbat0@lYC*%Ife^vO8NtkHVH?hj8N`sE2d9X6HK^3r%_-C?n&$Lp z-+G$3d8KI88_frox-2ZVD;uw$--Sw_x*6*0>*H4~^D4JRj;=C2zVElcGd!kN9|Kiz zJm7om<@SSNh`_~_67H>jE#RcDC>6Qn9j zMHl3kN;0OZV$JWV;}g(U5~YP0D}yEgowXq)KrC2+!vqTmq?%G9iV@=roHC*WDHAEI zFA*;l=c8E}v14s5VJ|XxlaiM55-9@DEBzGf;nL#8Q{O9SY*$hOa~JGZRNCS|BZ%z2r!hs#24~G7~y zN)>$R3#%zvse{a(jZH2H{sDm58W+NuW?Og)TMje1c?cF})Ar>(oDeG-JUmmwz~F6) z75#yL4&YUWMKjDWfd(BFB7cS$D%VenahA$g{$d00RB8+WO+iZ@bcbpkvS#jhkp+1fSi&A6AE~^QESw}sI^mo!trfQ`9_)#^|&O3?^BSlMo^43m>EVwvx z;JVgo+XynulR#w3XN*2el7w>l)yIRYntL zzHdE-a0P%KH9CU=t|`l_Y6~MH!w4G+-H(gji>~TgP$-fF z!rTXAmp4ZE((JxSgLwY&)~U+UkkgLIxh5Hj)I*;4Aa8B09Ag)%z?K3VaRYRwTZJ5>6vRu6|0AX zZ?XEep&ehj`nb!9FPF8{mo4E>3*>W>t5*@%I7!l1#{kK$3=g-W;l<#DUOTKiXLgcd z&kY0A}yH zkdEMl;C@^1X5MlF7o$&;D>_UvV7}f^elM|e`y~0iCN6w^V18pCy86U?N9AI%L8G>C zzs{p(-?tV)&c8gnd5h;J5a^2C{1UveBjo~-r33V_R_)(~;~E3NWb<3aoIZT$fScI1 z(e<9H;fVA}4`~R2j5d4aGW{ zqItHWX>9XF-=%M*-Mh%$%C5@e7s$r$ZQzXdoMDMOL9e0)YX6`FjtAuf1>*s$c0g>O zMiN`SFHM6Vz9E?8FdYUcs9hjGcf-ON3bZMx><<50#1fm6E=uuSLCt$W6h6{?V@300 z$6Z3#Z$#>OgWjaBWv^Y@myNs<$UJu|x!&_wI&xs8kXoRBl0E@j!s(fVqa>KC^P-lw zpu;+56J1;@Fu(N*Ux2w0sQyjufKwB$yo|)U6Ya`FwA9!#wf}c~1LWd~bLY>4YP!wA znLJqEatkmj3uM=}Adbbku%7yMs2pGR%GkEo6xE8er4Q~3#4%1uMx*{~i zqUHfDVhj)3po#w);?*E8Sdj_1plu?i%mu$RFToI@uq{J=kW2|*rYw6OMIq)a`6V$~ zu>ogPTq!=jtmv;|y4we%)p>$>h&&WZ%-QmRu{e?1k%SZ4_QxL%R*F^1TK+msbuYx< zS0x)qA!GLAeroLAT;eifSfeHc{FZZ&3`74ycY}<-x#hu{b zRmN@|L%tdYyIuMfNQp_lJU53pwP;AwU<=3lWd_qOL#}r3UMDF`IUM!4PPL`}wlOljB9Hm~ zt@nWa-JnHil2zXx?PKRSqHJH9iFNAWlD9bt;gxO@^uYqH@v9P9DzR|YZ>M|mg z1Jh6`y&~*;N6Ej>0uWh02qbYz>xK2{p{8JCc9z%P<#un2Bka8(_0PPd0QKJq=40xu zuJ+ZVjs84)mZ$;ktvL^@W~W>$mt0t3rOF;me}F<1?(|-6io`}ygV$2Z6e%MQ_H!6| zBihVMj6s5S*~J!_sBD(|weYA8(W*uk{b*jw~*QkGanb>&YQK2p(=f& z{KJ}p*B#t#^n>X};r`bPyovXh`j7nLf4}~tyXxN;c&UFhqANL?S^nFfq6Vgmc!>1% zWyn%57SxaHD-`khLMBh&rvP3N2HalzF7&kn9)5xTCLAkU<>0GO^c1y&7>sB2~ zdqufHy>h8Zy`1a9tGsi;@ATQ&n5A88#JU0KC&c@E>wWus>$&rL@@B5MJsZHbg1rpX zZDe_8Zdcg1ZzS@I%3EgyXKP2J!8#uGi6VTLFEWuFl<&w!Jd6mmMl*w#!?&(SSEKQ+mZ9V(bS;TRrF ztsB%RrNDq5I-j7SZ3AcjTAAlJpVga(t=k*=_+G89t3W2ksy>W~8BaxG76#tma+FsBcR%bOON&R({2L!CRyHK{ z2$4W7xD`EWkq+iQwZb<5k+ZjDC2RmuoPm;wecG%Td)UHsruG*^XuuafxO)4xB~#NN zm31{zB!W{$fH1JiihBlFBI3`^O-qnmSp$`CXt$ zw(1+2Vo5wtX4Z~ex}K`oIj^S06E@hPUtU=AjFVMB&(oc%T&=Oe`*tr-!b1HFCA-UX z&>m(9jt(SlW=7ca@u+za2kCkFeC4lm`ee8P95vc@m93+j&s8y(8R)B2z4hM$6g`5e z1=zV+Ut1r)W(+)P-8b|PV@-0p-{;^jg*8%?HdD5hRe95@0*bpiTP7s0lg<_pa0d{^ zl2~>Sy?hQrt`-wGk?2-Xn(kU7F{f1QP5SBlxrSyAoNcKVQ)997R8OlrvhS1`mAjZ& zItgXh7+l@J`H3aC}RlDOAto~`z46%lj(pV@X$XuGabQ4&} zdLYzuw@A5hl!>Z#Jl^Ks9|K0%5ZhyyK?AT+e?1&rBLuMJN zI_1grI5kFD+%Wl#OM)yn^!6rdniamdW@ZE|Q%GWk`260r0bzIAz@4QuWE2n%hHC<} z%a2Nr^R>m+&`emf3y;z$w2ctu0Z^f|LhM|3+Q4(?zdl^g56V{zYIpQhz}0P}mXr_P z9wQ3BYi=3rjn&v(z&!U=zE9(U6T@BrR`(f{f5BW#DEP=q#T`w11Z zH8!d5!t=2C9BEv90LI6{;#}}7BHEQ0T?+1xZQ-$Q zh~1YlezNyBEtGG^kU4k#GrbmE%taO|UoyH19D95=ZG^4rPs%9Bo`+|UeuAV2)0My9 z?z%;mS71mByZ6T6pv_Y%fTNwW-AYEaziJrp+fkS1r$dnlAb;?)WmZpIvx{cJv!O42ORyI_C#C6sFx)fl8^>kQbUZkLqk9QTx}!Suz9 zxxv^J3{J)ECaQ1u^47Is>DY3mVi(L@_(P6@Qe(0yMn;(1?)jMA8*c!M`XJ)9-&Om`bwIj@|ox_}X z@ES&sY;?uQDa!BvN&HaGg0$!jq`>FvPre>a2r#%7!i;bi~pp zX{*e4gCy})6)V#2GSi5e9HNHY0-8sQtCPleoSfY{=Fpl!LCB+)k5r46Gx;Aa9ZJY4 zQ3?WbRLmY+6XF#Qo3vzDsniq^5+HSp6=NBT9%K{a@MROc&+kF}Ul_STPr4Ihz;kXiqKt3LT%A<7p&wyw?ru0l zKui8YB))K6J8FRX^x(KrB}AV``JzPuRMugn^;IQ=0-oPKFgii`^kq{$j=qHFdt(+F zRW;m!L7oeP#jZuxx_LU0OX%wBSTM|2BoWQVz#?x+U8{1gOEJG zX_>p##871McFPoOM{3rO-qp`BC)`;BcD|3?RWTlF@uj(7ldf~HKhSa4VvR}ICe_N_ zTLr5ZYd}lMuoD8{Y=g;+o@&`9zeoUrp?bi&0`h^qL7ce3$1+75Ac#~c#({SLOUG#^ za*&9nsYu{1g;JF*3B)rPwz$!dS6Be9x8D*4V(dso#s6KCJ3r+=e8HeqGM>6lq?C%9 zC+y7XB)x6x%mSi*FyCxp#VK#A`FoC};oQDc+h93r9-H4fuF7O1lv=rLLA@y~BPEOr zWUJz~skGUmESOGcL``9&huOCso*G0Xxhh{|$u^`9tRtwRk6z7Cn}(|?&{H|co)Hnr z3XCNSQ_7kG zp`{)}3(yuM4WXE0q@#UFiE5{FxD<I zvLz>t5{ocy_LMiT&yjAxT?v19{$!abk_M)gGP}Znb82tHAz?y(NQu`>OSRWscg16T zWm&JO#3f2x)Ugs|#~tAn(fXCmku$dFPHfUy=S(>jyJMdgkrSa;cr#&hi-2hcFF)%$ zrn5`mL)){i3!n^FFjppRMeIzH%#&`k)S}IGuXZ}|Ab&WDP7KmrG&!c0DHPSxhP3>c zu48V0>Sm*m(pDaj_SF!Dn`&ddtkYx1R$v^t+Bd(l>ARcCw3$+8f|?i*00-JJ1T8#D zU7S{cfE}2{Lt({eaxPM`0a6t%UzH$775+)J@kVtowC4Es@~*Vz^zRGxrE+P zxofqmUz^4MO{Z~CGBv~O zGm%9TSfY_!GflM1VC^RKU3Q2=u%?1}+>`Xk%|eqi3u4Bi^Aga5biJ_!nhE^RHB`G#{b3`uu{f`oO{%``I6?lrP@Wzf zqYeg*=F5hG1Q-sFUxoSiWHX-`{+Xoq9(Myko|GTEUn%J7$C$f(ob%>Z^KD?_QUH8R$C#?P;X}^ zHk)42H@{m~pDfdRsHTlnODS-Jj(?ODGMF6f6By!>N+l^1y5RGW@qCav&461W`c z#W+f6Lm0~Qi~UJ9^gsWHbn_#2_0A zUts^9rN-S_agK#bRdo~gJ3`4+n4n7TV_T~+;7>tdsYAH9u+BjquD9jCY3`n=z<_SV z(oH7p4qT-|_pkDgPz)*zy}Vf+MKhpM6Gb?@?c~Y4qAVRrHYqlga{2n(A5>tJ8^t`1 z0af*K>Zj`X7J?g4x-CSPZ0;w|kB|g~~=qH^K!l;mM(4 z?}K?M1R5&gN&F5F9Gn?Z;ctbyLjw~_r1}=Tk~jnmbTFJYwBl&Xf}0UfuClD4Sg-OR zB1Xt+ZMh3KGf#pk(c0uV-s(WcdFupd|kLILs@rQB#l( zl92DzZz?Mff~b>@QKaRV@tn-13*x36DVC*mA}NHq|8-~2O7yhy-`ya~3?`Dkjx z;fl?{!RPbq7NG|-3332d248Ov^$#i~Psv)x)Hp{U^>tUX0Gy}eSYOpE((amt6WqUNCNu+LRG$s( zdrYWahAt|kPy?Z+++nOP>C^13Ax8wDc9ixXZam>A(CjyBA)vv^jUq<-0l`1{kYw7W z6*oZ`bRFYW-a9z2Rh=3RR?*9XqC0)wkA6vm*dnc4iKLE|#6k1KQ#+Km%0dNh$sV`Z zU>_Z!beg!`&%FXc^{W{_yL9aST6ouaSlxpPktRJ|6qq=!%`&=NC*R>j^H{CcmD1%S zscnaOtqa_=5b9mo3>JYMO?r!8c_sgo9mFcPI=ddE=CCY03u;~PWNZf;LefG!KG!s7 zUSh9bXnGy0St~d_Au?IIp6lZ6K)A4#1`vkldf~`Ona+eoXwcd$N!1 zJqnsWccWL($hKo9gXH6V0fxm4*g7ZVt)+GNSUguh?NWX?YFuNI!UOTS^y0o8LC#~J zPny9~jh0H>TSpq>Rd!MCo2OZm(~AiSZLlTX(xN#%@(ceLXYUwfOSohWpYGGPZQHhO+dOUCwr$(CZQC|a8(-gh z=bdu-La$UiM=E0M^$A$nJaVUDk4%sJZXg2 z^k`Kx>ysYNXnlGH2w6-*;GbDA}!?0WnxPA$m^CDh8u?ZPnE4nf8jD| zy@aW3cH9~Ehv~~1-5sA_Y`xbA1fj$5jCH=k!KU7`O)u;%9{u$p*pd`HSY#tf%NNN? z04>UG&YN<6yPt}E8w8`*j8x^>gbf}_+F31~slI+iYzQRrbm;S@AKWck*G^R$7gDR? zr?l8J@*z-jTHR@U5R`U>(wlt2`Zn9%P-E3{fB7ezE+sPbnNwD1(mz1PjI`gh^rzdmuOCqA|4>*i%6PFY}ovZ9eF7CQw3&SGz1 z-nPv+f{pK`ijBpXKKS(_TB1p;bQZqLlB3ORxHkS0lY3Dq&DdnP`frMzg(Yep1iaSF zH$oo>i8&ogrq5NnW`jx4q$r4OmOxthK7l98Tu4ekYxRh4lH7o(JB^3VvdXW10;;?O zzmRGO+mTKh{o?G^u3r&VUmZk&(}2|X%&=5E(H=&-mfwN@jP2$?3G+_P?}jKV7$0r5 ze-97QHw95~6IuRY?TRwipT=M|j2kA)zd$`9PvDk>F7<>CBj?+RYjs4sI;5-RgrN-# z*zQx|1XUp65aPNkkOiI$^)nWou>Rw zi2V=A^FMHRgHOD%HJB5CPUD8dpQ)=YD{me=1WpLBh`??~af3;*~F zAgPe&%O@H@Oz|*xv)Wq~Y>Z^ng{Pw5Hq<4F$LjhI8&NF zMh>TqGEd7oL|bG&Yd2gSvRp)4U_!fG*nY1z1AYkv~1)PwqHkEIR*-p-!?-` zsglG&Mmh-=5KZ|D&D0j{h#X18GMsjbu%>k_pKf3^d73n5c-EH6hg@djrahm{eG_ zdSRx)s8#^uJkyB?w~Xy4lh#HM+QsrWY)~XZd|w|A)NLG8C>MkI>y5;fD*|cPU1mm$ zt^FZD91CAV2K|)LUR5sGM)`QE44&hmw@i5Mrr*y_E0z88ajAZ@@5u|@ze1F@mZj5k zIst%Aw#cSp5p=eoT&V@Ll zvSS^Joscs!&s%uQqdS=5g@@&`Vy~6dt#H~mfdbfNQL};U+-AiF(*keR$l!>&g&+9E z6X5e`u3!dS0cT9VjkQ)|AT&Vu)p0X(O5f)Ob8tWSH9h(TFlFxn^W+w8h+PC*`vsSb z`!WLT!0?cnI63aSDCNvo^97-p%G1v#3mJ5 zf%z~FsKZToS)%%2S3*&v@R?RyKL=dmKEe(8}KkFe9qh3~rJ`=wv)bbFc-w zN)2?0;_2L}5kgJn2J`vg=fiS41Nv2Q`;3N4bPzf7LdqNU7F*XJnF0cL$Jxb_+tPWK z&DzD8XeZn4M-8_c9Em;Z3WeU`nDHbxLQ5vC8%?AIOLRsSOe!uaZv6@_D_-u77uZ$L z|5q~pFy6K>J9G?s>6$f%##QfIAf90nB15w-i(FIQ#0}aNbI4Qrqr$2 zi)oJaNQhS(1RB*68B?q|*_mfiKppe+^f;lR%3^rjB()7i5U9Ybgj^v zf;*?Ve{f=!&BBu`TQrsYd%#FA;sh4^rb#MuwkgmWtn`k4V3zUqTJjMNj-Iz4Fe8P@ zQH}B8(~a62KhWNF?fVb1g`6-Yo2gkrJGtD>!&$?I+pz|6P9FzAP9}M+%~_b_Zq1F% zMFG$U9j2M7SQEu^fehbRR2m_ma$I(hRtqZ(NFDr-l)3DXi6#80TAXHojVXe=|ENbK z{ANu)fF^lto287NbYUGF0IY=)yfC6H&eRd9(dN;k3G#+pd;G#*NGQjUa21g=QZ*4B z*}&2(0OSr=dop93@!=6P$xyJZDg#*7lo&G;o8{RK5rs1#;goltihSrRz`jVH>=f*I z)5v!YB}apt-tt0gr!`1UzFk#}csQ6+won>BJ`taO7Eii*fsUvE%Qnp+{cTx%2;Z%% z5qZBVhsd1CRKqr{kCD@OmIbp z`aG@S}G@?4Dz?t_u zU}V!(L)X1u>ssdA36n9my$uvhP>PD4LX0r6;=~9Rm;2d)5ZEU`5)W%M*NjkB{vDVh z?H{>QwGL~UEy1yaZYouffUq>YW>=NQ1%MgJ%k}E`5KkrX=+wL>a_*5Rd3YYG$^0Im zAnTw8S6PpUZ1+C(!bUE}h>gDY*-9cen3&khQ2x;4{C51*#22ub>g$VCInZ(a zR!yPz_s+>;6p$eaUt^Q!OZF^D_@d-eyxDChahH*WQ`V=bBMO-#ablITQv_^bl){Yh zoR#@Y6wVNda|l;Un&)}L;1Fez(j_@X=6r-+w?hl+iY;U}2ZpI&%d**_UL5q(`x6Q# zyg78ug7zXDC#U6}#>#oW&VtExWupr3-FZFo8)%2lsQBH*D@t?f9*X=G6?6Ml_*%mF zh*%bpBbX7!6&N{92A#lt3!@+~Xm`=i4cHTGoO4!~_PwPvG_30S(`I?~kN?i8^-o9C z?Kx8Lybp5@K}cs+bw3!eZERUz^c1oPJ%E50Wfn{PVF0Jjnv&b0Sa3TtO=P}bZCqK( z3Nu9^!{lgi$*rP;HH>IG2c_r_;ZgED3fkA*tfDV5N&&+J4)ARM^d+(H!Kxq;83&yRWWF z1Fg7h|G`wk1?ObR|*)y^yX3f5nC+NEy(r=5l?T%3-z{rt55v=W3CjM z!2Aw2}A@Ks4p_Ma^D) zSH3<4GR5x}yTB*g%K%^;A7XBiD*EYuz!whjkk}?u@^&0`kLW)-sM)?o**zpJE^x&_Wql!q%su>p2*#M+C;8QFzU?Ne z8f3SY;Bpra4I7CFi-0Q9FfrPF6hY(L6)xXZS~)q7N%6(J2+_QADMLB(em$+7DyXhi z**8gY9btJks2e`(%Z=`$B+DAneJdmmpO z4Qan5+uOOk(&(sf2Kj)a64ZL4)^N~#{jpiGJ~Ie^0!Y&TOF@trAHYqt6655`d9kc3 zsI0gJg#&Bj4$5=$cS48W>seQ&Jy;SVju}sEltK=lLY`WsK&7(JL_WwWA7i7eTe5P% zTK>X}AA32TBSjuZ$qExZ_ zoJqzubOhpHoVlvDNKSJ)=(;7d-J?huA&A+)6yTas(=5T>G3|0<6?m$iv0CNolA@HP zM7|=|RaIRc_*O3QXXcv2tt~M1-86||BqXP2;&8V|K@XhPtjel9Nmy@fk(`UT;HpH@vFD(D$jlrah z>G_T28s3M%9GGS%_y<`+6g?|o+LfO!_?ba#Hg+olAqxsC+*Jo`)E#NJuHn$mFUN$} zBLAEm;Vq<4j3w)6xp{|Wjb0T$q%>}4ljy*QRmm^#KQi~z5;c*&fBz%aJ5Lu24E>>L z?Ee?7@&BHEa{k*`&&kn7(9*`iSpP>dMon7k{{}?<74T)HXu4`CBaeK0aGb>&$sz(C zp+t23l8I*_EE2P5U4*}{PAnT2h6JO~fvZfR@VB2MK(VSK zhY0o8_~g;`ycwi@{?rv-N1z4AoW;j`4#y0Na_QB?HB3oB&hD72L0KA@w?Eb$yPxvke!#bK3O z1()H;#MHoRyA3mDw_?>v3+snQo<_ySveFVyYX#G>M>BKFPIIx9?5@9g#~)Ry9TYWP zgOn*xhiZv|HbrmsXL#p!iG0wm!eSi@S7Qv9IE)mRKd-A(VytgJ6hlgI#8$b09~pG^i1Y{#kql#xZI?gRAUE)QybYnO1tUH_<_!w=0YmRb$}OeR0v8cVK1*tq5Q!`Z)SKEC8QO7PP2sry{i)Y>K^&j9Zk zFN=9iMg=!sphmzoNN_waxOR-t4-vv=LNcM6p?GgrH617&oSwBEi9FaatPF+5O(xrS zmOzYe-y*$Hgx<-nEr$+2Qwdo8R`(V+KozwFZP>3f=bM1B zFL*h6uG6j?AsV*h)BAfrS5DX@3MRdTjR4vdSER94es6niS29TSd}?u3x6%O1Db3;| zwNJxB3(w>2s1wzd5#Z*VQ%p3TS{!J9ZdX(1)^UmDZ23nffiHHd{X@VWyVgKA2596uN7R zt)}8W84vvEN%K(Q0XvKoO6x*N>%ym_&~bP|kOBQ_AFKoyQrlh}#n9RkPtrN{TGCAG0JNJdRDA`qY;s zg6^=Yzc|QQD+#`9#M+B;SczH+l-E$%BXiin9RPf@SHKF@jOc6dLOaVpIc9jn0cM)7Cu@5;A3oCUb(v zM68wVt<;SAt~=kgl6`i4H<)i2%!RK=!B;22v+wqDQ6L591R3A>J&+$N_P%DfX$mv0 z`$c$E=0f#&7|*Be*sfFiD{4lBG7V_?MwdhY>4^tOZs1DP-FjfQlqCOfjKP_NFzvZ;pXyn1|lyh=(V$3uH`OGxnOm+WqIZJ{2rbU zwa*g&P>FIL8pTtOR32V?E3-akr&P&DxaymtC^rfI8aX)!W?a8qM>MR2HD@zieWw<^8iVaJR-tzW~V4ZP-~CIv*9{|yzf@4_3l-{J3AxY6Y@diFCogR5Xw{_)I&<6 zR){AmzoIfwVkHgj=Gqf$v3D8v8zEB9u^^}Rp*zbqjqWJpGZkcQ<`%+g#YK8_3dI(1=%%Ah08nHeuQvYKk3BPcp;X{mIdF&~|B#MGX3E1XcZ&Vp)<`$Zh} z6F~I+Aq5!sOtNfS;^f2#ELXsr<7yehY%63^nGs4+put-dCGN!Ynm=ZTfj654BK}kz z3B}nd6-h|vWp68pQ?w#6Q@)2*PqI=J*e^A1enPHR(LT=w9(_fvbNg4U0IhmsKk;F% z_6e;9!f-Bwu%v-;77pN8{O+KHf0D<362erYhkvreelo&DLp}kgqbwpGykn`AP_SQf zx6h&@S+U&TGn3AktqT4tZOP)6I(x9z(hXm9xbB zu_l(g!p^wo&>q}_2L5PZO5!O``mrSDN4nC5wf7^%?(t`=U5zpkQy>bgn zxF>|Lm%*`@Bht?(9%yqB=z|VELp-$C;g0oXMZ}dO^pY(C*DvNuZjM50)&NHt6__9% zhbD+We?AxjOzwT%cm1h-ixBy-ifxMx_cMOxYwx58k(^+2pGsDPJbu zDa3y@M57O0F-Bs|!ty9$#p*y;#{DK-_yl9HFfsFq~*uuq!YIxBvTA}u|6*1 zZ7`uC#0MaDwBj0z{oR6wIZqjKfZQ%L9*{DBMEK7fE-Z4jwN{lyh6i^p#k7bN%PImx zi95S>C`J$VoQ&3@jHgE9)pq7si5OHV%^JEQ)*58sb%YAHR70hGm(tTg6cpt}s$d8x z4w)oZ;+%*K4INtgJRDhW-6cFx!BdeK|0;^+Jk{Kxpvk}?hPvoL#EY{S>qa4#bfPyH zWLkaFy!v*k3IL@5K497oCfN;?An-lpN6OVIgI_feP?o{?M+W=tf9He7oP?F~w1pR? z>fg92`a{89$jh5zlaV<3rF^|c`j9L z`G)wh5KcEw334YbijHG^QqQ!sl zBB#&W8*_*9be8P{ZSNDEu})}I6U}aw8mk(AY*3IGc`_c%oI=)fmndZ>cY)73PS2l2 zhWoo{A!pW7S>fv^UgDALLF0!d`ZrKaj}=x`c+UrEHLaNEDzIg?Y~DfY~3* z0@DYX1E(l!^(mvYV{qw=9;ubc(~0BdPJ~kElvDuBvrz0ABAk06x$&$PMcfgEx~6xLVK?lpZ@UtR{$9zg6fZ zl zcNpl(QFo6%S$Pvbh-;c&%!NyHwoC}qfy0qP9ajAQGw7QGP^!WC$<$My376A8J_`_v>gTK2oYdtmkclBnI83*yaPm{)`z#;TVo zx1MAq#{~SnVnII55R@{Le5wr;VlZ)fZ{Uv1amx1rj_ku8+fhF4G>Wpx7cFO>bRuzo z5Tx|`TkFeq*I^bwci0)$TS%ATDKzpr|C6+F98~x6UXQ$4NcILpz(+9y`Ej2dKBsDo zM{R}&Y+-DB9J6EBh<5%wM6J)a|3P!~cdN?8j3=f1LVdC^6a*C^MJ&Aai6nYX>FTtI?7punG_tpomv*`xi&7d5kJpq(!2Z);k8!Rx|w;dr%jMdJ?W;IPFvTpm)=(-Xa4WLY%D!MJ&U z0cgahwvp8^ynUZDfh3s)wL?BDar2{ifi~!gI8sXy#pi+?@-bC~U~Q7CMnkPe!*x;( zKq(AL3a0qy(FknHqF`56J=t{>iiX-HBAAmt3U&Jc%Ql+SYebUK)xDnWtnixi&d8f7 z#1uLOk!*lD*|BBeO07C%Q}+~2|Dubk@SxrmF$UvUuL*k!&%j@2*JS+u{wJ0%t4mp{ z`%_s&{$cX`@3rp#sf+7BYu*2&EB`-8KDejiU+nL%jKsz>N^0S9;c&1&v=R_1fhcmz z$!qEqYGp`rp3pT`MACom-E%XnIZ7NjoED@rWwwef9TervBV4W8-DI~m_gH4ELRV;9 zI@o=BzTZ!dh`q?EA##YmAKrhsUOBGc+n~RwP~E(Z`VInA1zC#0kg}^_PyK3f&R{a< z-J0Q z$Y$k2%>g0v>#lvbOF%s$`D{xm;aLCTi-dw=m{B90>Fi)yW6%*CpVh^h4~ACuHL%q! z#uJSso_nRz*otAmMh&xn2IC6f((M^QhwRh&W$G~*Um9+%&N({`g ziQutTj!dyA#>COU+Khoo8zezerDdi^|FN>DC3-A?N}5zm;uCJ8Oj{ll)0X#Cu~75% z_2pf~RpbP8q6VE1>%xVs8x1jJUfgH%V;5K1H<_IE_xOIn-tVh09O$osC+>81k7h}vrwNeX63MM7}m)hRmYa*GcLc>o^ zx6aS0Q(<6amQUr1Ws;e`fRc&GHZlV?QrlpN$y_Zc1`-J%~18!W9sgtjwb~T*8+~_ry{Vx(MQ72QSIXWRAZ;X)}hec?vV!l zp+m%nYZ%Q8MtS~?E^GN+nQ8=uANNtvQ&Y*0UKrB=M`xZ+eo!P^m#t%V`q~LpsTgnc ze0j$BEZNIswYCaoj=}`c=BvRDN`2vcC4BF^%bhn!$pSSiK60-ju$X^0wBwR)g~*$gabslWQf?E zhTj69$ZM|!i{Vw(#J?LbXogQp-!vbMg(b_I46vGtv69qM7?w|fReZ#(7vd&vfuU0z zj7$~xEut8!X#cb#sIHN(z+aBYj<;P#DEQOTpQrG8t~=-JMAW?8Dnqa6b1v0K0;dMz zD6G}`me00}g|?>&QU7rsyH6b0I2A)facjO-MeTFGr&_P$IRcW#m5d% z8)at0)*NaOWA`giKXCVm2)5bHP>M`#moZMIkQyH|X`*5Fs0iMu9heqEN|4qcu&;Nz zj*431ZQF~&JcmeD`+(`b7`Vdd4!KE?S$GpV2Y<`=TC_{%Oe#zVq#<$nvpRNUl1@c3 zPmIiTvt6`jeO(E8XdO>=b9J1-5hLQtL{a;QXCW@kDQQ;|+|?R`aohdnDjQ5woOSi) z8w`2}r!It1GljP$BUuMV9jD_Rs_E&PYVSD?f_Wy2;TNj(LYgHidvCTFQo{I{HBE=NVg>0W>e#?5!cr~$BNqs2ovgB`2q@{JOvU*!oOXv2 zIW$oz(YnN{q2MaOF-l=+Jb^>>+^Ez?@(de`?3cdB%lew-z#lk2^2Pi@_A&ZRA{sfgh4ye>cZ~s&YeA3-ea2hUl5FwkiYP$Y{Yb8_ zW6)o!q2`TGh#1Cu=;_$u1DCH2OuU=)KGEGV!}RytfIz1nI9JAq*}byn&cu5VZ&uY< zex;j`x+6?8U+{<5!6FU$(ePOHn2hlQ2pH4nWa-@g>>czmB*xeVK*$~RJ@!b<9d)iL zMDL7m*%4T8JlSAWLhvYgNF(`~-wgcUs_}HBacnaS;8O;_ct>bYS0-vqhqMUsjqk$7 zJ#v+=__a}FWcS~Xwiyof+Xl&-rzx;-J`s8di2P7(5wGYC_@@0VMK;X^rQ;$e z=GY<==I3S(dlbYT*_X{Ry~+(zMQ!HDD5It~!l$c%h><*wg_I1Z9Tna}A z=C>Ud`D|QPE5KL!OF40>B-N#F6(bW)6x0udO_>7z$b=f`c2Ydg{ z+i`_+f6bv54zT~rMI$NPARaz3AGRsg)50b++7NcwhE&pE2~VR!pfnLKilC)J>|h^< z6n3l{E5s>hCh6)V!9bHd_M{>)+#=7g?MHYz#f#g*Sy`S(`xjbrse`uCNfyrF2=8E7sBYpJlrCCPp7;OB!AtBAWLT7F{m`B_r zy<%fARx_TIFudhl2~`T?6qcCD^B`jPiL*%s_O4m@TPM2?bO*&1%y=_ozEfz*R6ZvC zaCCl7XaAJvJoi~)$CG#b_E%FWEXTfOm}F*_zQ<|UxS#_?kw?r{J7b%Fg2zMub}jAm2pf zC*=Na>-totmc$%6Tu1X|fe6u^VauHib>cbL&ION9WvA->ZqxFfS=t``)Jz-L%;Jnq zFV~IA&w%8?^c<_Vm$)9aq>z`$mr2Wk8RFSxB@jLO<&~t9WY@aVIVu|+r^B#7McqZIf>$&yV-xg}MsuTt zT;u7>*(=)F;8C({&FZ7c8DsQEi{m<0;lAQ;m9|U6`2xA`%V;>Ms zZ#4?g9?+z*N| zSR)yvq+ZMs-+{#5St&jBR6s^~ z{Cv+qXDO&DzxF_H1=XErtZDX+gE{YFHYa6VzT4kd78YLLb9lc2eFtuhIf3xd{NMuU z8qI1igLw)@sJmh#a-?^5gDdza@Ei2nMVY{c-AUGSk=F@kr*nU&f_w^dqOM4`(@!0U z5M#P%btyPYPlS=S4LP)1pxC3%6b@@;T)c{JIJQ;sTMQ@IL9>*M>JsaWX_`q&++qCf zgE{p#14^b>lL2sMWthdYR1*$K*pdLL7$wVW8lPs$s?@)Q=q&FW$8r(<%jH7noK1$J zrPHTmSeH!zc$(g;p~H-MqFPXBKG9%Cz>kL3WlDzicHt2v?;J zh*vElyDbX)s{BX;Me-KZ{%tUbc1x-Ah*o0Jgd@ESEAV`0fwz65YQS&Wu#3D-aWYQx zXOw_XA@2?_uDC_*tY}yUv_L@&p{@h-t!3!WglLesRV4%0)c|$@4NdcBmHV`dpov7+O`Hk6y0CaaY{eA7AJfk zJIIOffd@*ERJ~auD%3DqWCC3~o)#cWpI-cj%PYf*qbcnzRTvF@t5i!rA~)(^WDr&H zMw!stZOl!(*xfxqXNNW0DFeU7>bUe!S<~2JI2Et}dexS#B6t%qDuwZRnN%r8I#h8u z63P8;aRvRj5^R%N>g5;Y^R!vKL^6}xKO%}Ielf`p=GHM6=8&=~h2g>0(x=VhJ74;v zSuAzezstVAgkbhHBW#GatMkJ9B!$8e{WLKwi$$O z$af_Q|4okH+0~DjA950D8PD9_fYR{+TDih{ve%>7yLvXuh4$F+-WTko?TgIldluk} zbnnyChr^x-q{TmX)2r&#Lt;c@rkI?q*yd58+5q9zM`*)L+Po^x)I*Fe`?U)_*rUu; zZo6vL?}Y~OqB&TDNCvyRzWokr*5%bBc&PdT!3XZsffw3?i62Poi0L@s@zONB0D_72 ztIh!)nX#}gkfDE*wj2C`HFQ$21SBH$s^1%O-wN4va^dlA`~|f?0Uf>u&?YFd<@cQd z^sVjoD?2P#Op8WYXPB16)EE|{C zseGq{<3+0PHajdgKlnSF0TGaMONr)?$*mt)hI1m{E;}uoffp?nCtjq*;zPZKl^Kq6 z5V0s}9k2|z==8Zzf+Thwy9?iCkr@EL(t=eOw-eOWPkFAPR8 z@RhD?`z5CmU5xdq*J{q70lg?e;*#GCC8lu;4iGXY<(bsb(Q{ugKBWz=x-D^WQO*o#vcXb9AMdq7 z-1tYjVBTFb^=2p)e?@1$VO2jPmHE&Vd8=!8MA%{{LRx9> zP7zh6jk$1@pL?v9S|HTIr8ILVnoCqser(s8D^Z&>g{DYXK{OZ*^bDf+s=_;rpum?U z5}20|Xq6geZS}6eI}8&Fef1Y5A?0P*(f8c>t`QwpVssWXxderJ8%c3Bk|H)to?Mk} z{i@Wnlrgw0tMz`O{YR&R`KGk>!w(XMhWPK0u>Xn0^`A(Xkg=_!nXs#&v9Xb{k>bzK z|5)2Pn%h|aM?E91Lk5r^DfrtjNEt{T2}z2`**8oRjxur3mjuHAUxJtFfWc&q*n_^) zmnV!?PuM`;(9#omr_a>{f6mO3%4C}O`#YZMfUi^blxWA_hJt>dG@Vj|={jGBv6LN69Nd1P4ub38 zKnCStZ}kF@6X@6IRUo~ZmmlGW=2-S=H6KpPHFlMK>sekSvjKG(iN9cv4amkHvymr; z)y125bFHh3)|kxsqb?EcIOxW94tW#*Y;}IfQ7w)o!&H7EO^qgzqu=uo)4+`O7@$Cb7c^$|PRaIJSO`^d{TSLOubXN2fRiPC=lfD#XX1ZHH2-bK%0Hi@g7FW9$K3EAVZ#5vVHO9FqfF;B@qFIOemHiOFA`QSKM{QWW@hKKV&P4`mL%eL4z>F%Hp zz2r+=X5?;jiY1SH@Ckp-VTSwUnN#=q{0PcEUNtU5GOR#kZg654J87?J z7a6#Up_3)};qO3&z7g9epni}71P2;Nk-m_>@Uf+4M?-H9nLY3N9C=#@T4$eJd06@1 z^loiKRIKP{bBgkda3#^ zhmFV73ANIDjh~I-jPpKt1Hzk3ZP<*hhZ48i)|Dn!I-?rH%~<}q;jxWe!pSm35F%*9 z7pPn+5)R!{EeVCm_ByA@XQF6X@t#V;LITc+g%g}M$kOtANkQ$o`vk*fk^Knic8igI zL&TGT;bRB(t|%4gHV4?iH|3!Q>3L1XA zOiYZ3>f7sk=J3k4X#y4H2gSSS*6;Koz{vC^dhO&2>G&bWFse$PzHD(<5>xk9!F+Vy zNGrgh5?>Y+2x|Gq#}PqPf~vP}UvlAjH5&QclbcPtM+dmSs z6t`K%41l_Nwa>V~@&@AOyWrZmbqmV6;+k$9Je%cq?x>Y+lL0?GnU*S0x})iWw$kpXyKxFc^7L@B_wL16;^d!J2A=Fx9&>)Co0k zBP)&%)XBGmQ++i`g*~I^=K41X{Ug?xxE;jSy*ZAoGRB{QGFE1u0v#Whi0cvGd{$R| zC51`U-NHT6C0^@3|8PmSudiklKZFS*u>ad78UMGO<$oHL_FuP_|4di@#U}jMrjn#; z<%ngB>`k)f$a`-cU))Hnts$tnE zl0=K#2q7>hBu|K&WUw(PS45$Lq=fYNGH@`${w4S2`uHL^6KB}vV&YuiaT8g=>-?1U zy#2lz^K;mCyV{}cg3=@PMiv03_`C&I(hu`*Cp<62kgQ0XTlL!`)Yz1(H4>#rU~ne? z>4Am@g6Er!iREJs^k1&z!B8Aoa#e^JDiJYY7tBhhQ#jMIjA5}Rvf19*GCfV_aF$a< zOqWq>?^4^C3NJQLG&DyrNLB-Xa8^+!l#Ad1Rt67N%ym>Qz?t}H71Cqh*ieHBHaa-7 zlrd~e0!+#0@0*vOYF(y#T)Yj;b21`j2tLaU!-j8#sz9cqJv^HpUUH1#D4z3ftSIxK z7b~PlLf@K>zdVypf@9^Z|gGTVKIY%1W`8n!VRZ_uI}+Nhs@JKqDjnYn(ak4@kMyR2;$$+dR(99xv>qr` zudp5+xS~MX9^+)JSd$gZ(Xa=QcTBxZj_M#892CgiuE5{8IZ~X|2Z}+5e^IbIaUt*= z@pOjN6W}*7mm(+-%n{;v9u3K&z8^n~h!y^8aezruXO4M=n-gV?wPI}_u?yF<1~Qt- zE*`+M^OZbwk_#fB#+Q_P$D4B2mz$3g-kB}u@Xx*eZJwby6K&CM*VqZKBFPvv3TA|! zEK8DO?gDW-s=l|+O&VoBgKC9wu2&3hlCA{zGgQIJ(Mes~P-2%1l*3Ze*&HEEohV?1yM466k^D=knvO6n!E z*O0|;bChV&k;O21Ik28gsLBhKSLTKOLHDB7fkGxL z#{jW61)0fA@h~)x7{j5mn7)GbPnu9cUNpmMH(c?Za`$L=aqd(_N*k)h!Y|BsCqL6$ zsvyOc>rAmTj1BV^(0911RnA zLMiE!7wb5OCi7VJ6QE;ubwH8j`O@8RvscPSbKmKVC3$3*5(bT#!PVO0=ZXRI^)gn@ zP2cj8m#ytb^f4rL0l!xtnx`vA#tW6OW1FqN)?M-_kg=mU7uK-src*~Ee`Q$}X3cFa zYml4`#AtPnqD*FPKAuDsdNiia<6S#WYub7(xZeA?Z@Qy#Lxh;5iqd;-hK<^qcoJ2ym z6v}@58TWSa>JpFf#f99Jx=kuh$H}Ekep!cLBZq5Ri)kxsJ!;5SVGxg1#7lp0mdm4! zt9qN5*0*9e{6XWugK98w+CX^pJv&vPx7|B1aS50)@R-<6>ky&~Bb87$Fjp{ zIvPT*D?d7OR*9r_EY@}nMtznlooh{BdE%tLO7Mmy1Ev(t_TjAD~i(foMAvcYbfL^5Sgq~{6`rF8U-K1B) z$@pJNBWz5498-;~He=C2Rzbr^_O?x# zgbAv1LS;rU+Gz%O6@w{;3Nh$gO#d%x<)a%joNsREIiK8{5MC54lM2R}O2Q@2RIZs9 zx9m2lGIEKw9M0sdLT;36tLy<(XQ29g{v{<0!b%)qWJ@unurni+>gZk?ab3Uto{Hq{S|BB~GeCIyAmXuYk z893YXUN-j8HT6M~xTLP{0^jG#?TOb!y2?z4`m~u0l9#+%)xiTs(uLS0j_Xpz!m{0$ z*bOJ|n4`MSc8(t38i4yMsKc%19{h>b@>)>(86Y=@pg5iUC^vNTXIztHh4x*6jag}%r`+@#;3`t9Zfr$G7@I`izbq09VzLY9` zGM&|Svgu%A`u?!;jQi^r3dfiakR4nCW*Cn@*VQ0Pz1+f$+Ue#ta6OXGVB!v|S(>l9 znq?u@-w}asIgA@BsM^*LPS*YhgUs;TZzaTon$EbQD`pMau!Byz?> zCNn1VVuW~A{s3ZqgAm$#Qc+ji->2SxoyE?_O<%Y^OYhVm3tDzxS z{H&7;VR)PuB6blpKzn;=S4{wkc5KGbQ1wy50Vy1=nf~(aiuYC>H6G-}A}T_J_CTZ| zB|y7nRUaJy5Dk^Z%MIGZASy$LR1HB>iHF#XKr4wYz1sh)qi_NS$jyHf98uqa_5b@* zL-|h%TyaBZmv4^B*!n-YDU}K3e;ID&$Rb0b^y@?u3Kz%&Ge3($DJw&&X)0k1YW7!T zG#N5Z%1+5rI$S6mLmUr>*yT%Cx?B;oE7@}lOc+SDpRD;1e4mn|>8HHBUf{N{a#o}8 z()<%i!m-)rX^!?4$cqlHvp4Tf69^&^r&YIehfpHBeHzPbAsJ{(yy{u3(4W0#PH{Tc z{Y@=;=|ZEeCO!uA*Mz#z?GK5kfadX8<78Ct93Hm2vD1#aej{J4-R6_g!W<$Z_AUpV z8`{#@F-C{KGhMJ$T`zPpfPxEdOBX`=GcT9>UD_b@zqP^C`pK8h+)kVdA8$qj8>kII zL*C8^%&vkXU>Vr8P{`}}kXwfjk=G!F9v#pA0emK-lkM;)&i&A}9HP4$(l;ZuV}G=E zbDS$d^XOJ$0qcJ?(R?#%m&X>goap*@g2k^!%R{W)else+J{?EGc8?IXbo->gQ=OJh z9PGjdSm=>xzD;11#dB)3tfCe=D)Na;B>r>;{JoA~vy7Kn9_0IDe9SJ7Nhv2?FR-h( zXx%?bLpp^L_-JUF1%Y}e_DaNJDX48U-^|)Rrs2e=q=ExGR0CW5QYvi2M>rJv!sD0#P?e%CBIBr zyPR0NqDj4?k{|K4-v@xUHW6b;cr(azCy{bNjjEr>b}tqt&c0MO)3MXepL+L)3fD+4 zDZQTlZGi%DzKx##jdrYmv_SdC{`uSE#Qa}1;(ws>)YiVKJj^dVNE)N?P8YdXgBe<^XRWY zzsQF-`BY3yN^aPr><{|hD<|Kh2?D>bR~&z-b(jKpelTCO2S`X*wCtu5`(yFp`RMr$ zb(e?v5^M9Q)vD$lGkjWdl^Wxd_Rds0?N~vB{^_;LWI;dL7sai48EvXGGKQA9Sj{+u z8dkz^a4;gY7)5Y!tk=+(`AYZ#-+! z@Ug9C7u<^ytGmr4MfY&VRc}~L*5T(TuN0bW_bvLNGy#+C!fhftJ@+K}49N{Wr zFH*R-c1rnU^d(j`YJ{p6%1Tz|R_PLI=yXqYg9J%RA@Vil{UyelckE#oyfv|g^gtLV ziDwpw*V2=PDtNuJ?Qx!7jjbpt2foW|JiH#Q>o`P!z*%k?eXT?mJJ!!(e$n+WSZIbF zK-4WP5`W9x{EH~@nYJk3P#jhZ*2b6%y$jSf%x6aC+Qb@xAlF zKIxRI6a%%MmNX{Pwa0W9g_FF=9tj<90{fKmf~GCffsHi3A)if<@Ehcn5UE3HED{Lz zO9 z=M&XDhko-}jX@)Q0eMQ!N5z$0#+4K0DK;)UV1P@>9oHF<#LUF^VYs|vBiz6_J)?v1 z_JjM1A_?>jq1fzjwOFsd6_#}0lWeRVX-JUltkT02jsPiH5vU){g+08~Bb@nkOhw)$ zbDRR-T#A6ukrwMG&Snz^we{5|h7|a{s&XPx$<= zu?w{SRQcshot+KMO`Yi-{_CwAqaqi#%81x~M*VuMBCmxZ%G$dyyM2 z6>7j%|8vb!Q0>cWZ*-V2#aItq*v>@pnDDtCcE1>%oW zP@QrNZ5xVozwM~HyI`$_pw#)zxL|b|y~aFNy*)0Ts*l2Uu~3x~H_i`{^H+*9T0Kz* z#HHDM#1;tTF!eSPH7J;B=B*vUZh#V`K#m3>Dc&Mp8opKCehFej(aEcgsE13wcEm7# z2t47P(_gD1ol7Xj_jWBrqI~K`<{CYsf z55Tw*&#vsc)lVq;J0O8@?<|zxXR~4#coaXb_WikaHGtgr#$%^XMqavX*Zke1K}^SA z%A7t$Kgnr5C8{I_)zvNNULJlSg?ex11y~cO-0>+@1J3^ZwXK{0a+O@l0cjSzobv|w$n z^Bqb}M@LQ8Zll+4f%qa}x{j4MYH+WY`?WzXtCf72s)SD0U;#y7Sddw9yc>_RAG-{W zeivG09GkbjcBew?x~I-t8s!9^->V<5kuCbs@g+x5MJ3Y&ua`_+r9uH9c>a+{89|q6 zzznbOCyR1Q&)uci&8BmuY9UvIyQV#hb{(rpsc7ket2t(Qd^QmOLy&G={wL{ApyELr9ZC>9ROicuY)HR2gz%9Kch-xw|P!Tv@<8o$b9(mHgP zTceua;i#8hFPyJr=S_emF_N5TxZb?IuCCVJvY$TR4%dFvjARf-ZnJE2APLqBn{qE; zHNRGArs2iFUB;Q=S=Vhzkv7hCYy7dZx3h6&ZdvN&NOCxj7QPu4rQWeorlhe)901W6 zDZFv9ck$w0-m)&u&Wvo)qU@su5ketKhqgB7?e+LQO9x)2_P#$;wRI?sG!~-sAW|W&PF^bH{ zH=>^mLqavJsoURVp}66MIb?|?_=Bho}!>7g5xZy+_!bfmvHEy+&d`)_siCEJI4)Q0n zP2T2EZezQod<@@38wF3wlRy}b9lLFFklg0*bO_kE&*Xgb{>KG+${&n-@5=u7h!fir zm-%le9UGzQh>J26MxOO{cA6D?>y*|gQhr;b(lXympz@3kRe5-2Add7lB)G|L5s7YQ z<3Q|^okd8+qzJQfWkzt&0*~JQ-P^}V;4HFbbd>79avW6vUG`;#xUm$qtcdQm41Pv^ zE;X41HPo6w#8t=2fHhff@xivbS@Mv1sW6WlXk+*EzYr5cnX{|oz}hr|0l0`PNMRTF zgsfNme~(H!)YN(8T!@6o+g9UawZ_OR|G0s%!V!k!lfvC+N)pKd$!!RV{dIrT8LOf! z6uevoyOu}60?MYjM5LK`w7jw`N9Y&o4FE!cU>yBX+O(|M(aMqIv~*N>ksvN(hO*MJ z$$zx{O%2GehSbhvKI2{*MSgo{_$`mQ%4^(Lj+ds5%YN+Jp*(Htg&?E%Xjqws=vaG+ zWr=pG@4x#;K-_>W2d1*TxekxD#s|tbF4^~qkmI8lK)Bi1T2#~YrJ)j*;-xOcTJ#E- z5uEp>kyW}P_Zf2SLUHX%WAT~pS~^ZuH+@^&8V>ZUcZf2BdOdMhk--d%EkNiD>E`CI%n-p zuP*9XI*a!b1nK73X_DgY?dPvt$S8wd;l93XWvdbaJ-`?k^!l6g^LxB__wDsmFE3eb-yT^|^H`1{ zVOrjyT1wtnn7kx}y??SB?`ljKc0I|I3H^rXNyG`<3p6T};t@q4ACowrVB1Mb#NnPi;a-e}mBlTE%wUO*XQ z9|w5a&_LcTVno@BD;;r7%no%(=y>D322aJU?<)??NL_B!0LCW5Lg6Au=qYh_Un-JK zQg*D7gl3L-w`gPdG0ojvl^Jyax#yhh^-o>fomc!ziy>;OOX~H0%r&Jro%XYquEax@ z!z9k)J*!8f6pOR5?Q?^|hd<9E)vT=@C&d@Ax z2NHf#CU*50V|)m&VTUN;1;#)%ZYa5g#$)xRPsx)Crggnwt6m4R@aTddS3lr28m|2X zE6@#*zrP*x`f*0#3mPW<&}jyc*aCxgMzMl@NS=BBT&ZA=*i>_HC?Ms`l z)nxZ$bmQ8QZauuO}BF9ke`BzBUyQaAP z7lIZ)Km6^JZx1`X;g7f*J?~5wi5Ef6*v|CI&J~!;g77QTo~wnIt-(n(WUt_tryCQP zU$8R@>kw@ckv4ov>uP44wSy|!e$scSA&&T!aKSUb(rteJ1_p&q#ysA^rGSkVil7z9 zpZMwu7w_%**(JSNl|}ZFO}SuH9RWd+QvAK#(4-+9w>jTTn8~?oxqGy3>u|Aw#mYpQ zX%QK1?5l^;?@d`KrgVYf^rq&TKbf~6Cg`H{-4;Ua4O3$sB|G{Qdp~&S&o%t!>^H;~ zAU>tM^SX`aTev4mI%9he8R+o9bHebs|GO}1_82rwh3yfJ?U9b{5v+?>C=T!Zq0}-r zGP=9h1W06;uzWzZKE>jn&LfKxk$qxfe&fA!$!=tDa0xW;8TDhRZ|;^=50jdpF*#T3 z5-FBEbZ1Ud%N2j;C#vf^Z#zgrp<1O+th+ z;5ydEjg%^F4JSq)mCszm1FK*e31cwl&`1iRq4cJfulO(6)c&%mwr|+!5t|^GeT1#v z8unG*-j=X|6BtI}lp%^vD#^Ppdb0Rn(f$Zb{!C2%isbQ~%Gh$a*Llb9T|l-lENt~a zhP>X#rwcIJYpu&hHh|4yL1D6Z$MCkdVZ_N*ee}n%6a)JHY)UeQoFO?%)C`voa7DyQ2lh z>@Hih|D-v)OyTOD*>*U6)Bg!lTPx7O^bx`Pp27Pbg8Pov{EV}9yY9e5fWS?+vT8ol&;eO_U=;gyM= zw>1hZAoD|rlw2CY85~*6vCLdYD80J0Z_d3}G@GRL?3}r}58Kfhs9_XOerb=YBwsW6-pLPhXd{VMM#hJ-Tfh!SSj4rTt?+(P6$=ZqSDBljg8IrrCJ=3!F>R0I964Z?lKR|j=`cw!mC{X4iJlR7ahPv zV5#SjQW)eZ=3Y$tvmt$8$v&Wj}- zakN=S`3#f+xU$j}O1|zoNG*w3*J;cbOfB^9+Fpz@(y-GDiYufJR$1}U##AJp7m~o! z_72c8JGz8*l1-~M9p%n)>69Noat?w=qlHeJ<8q6HX}aO&y>~sOq(I`Csf&Td?H{nK zlbXEfHyOst_}ySj;{N2H8WYS-D~cRJV6lr?2lx9ULF0;r+sR<;w#lakcrunSfk<9} z+bLTWKw=p}@ipyvU3iX!h~9_S=dPIIL;0z%wz#lvFO6bngzjI}(n;*z%$Ozs)1VAMrnKm^; z^5-GqFE&=@vRRznhV%Tq-$A$8YnGIRSAzC_0jCu-Q|LkAN4b0_?LC@UV6N*ZVQ0XF zI+gNN6+~u+b;KE8V_lk9O%A~z$&(_O&$P1}v9l>vy`&}%cWr)igt>gMEisA29u>qS zOWJ-F$+A=3n&eGPoaK_FB0QtcGtaaU9+z{XG%tHV8D}1=C2?d;WrGp3A5y4S=%ASa z7mQUdvA^BJl1uU~lrxJ7r4I};ql-L=#hE9b=qLgCNT(iR{wHXbf)Dummy4wh;^yW4O)lq*aKo7?j& z_jaHMru-Dgwgn_r%3teewUxo9#8%ow(O1~-NJgHV}mYptK@Ki7QG05 zd;WRa>29p2u(U0dJ;M<87K7Vzh?F-!oa2;3uX0WOYYFWDe*`0MHmI40mw#?fveQBiq+8kr(Q3b+G#R=ogItaGu`bOlQ}Y)7R%DpWB)-EoOjRk z*nhpnEc~z=viEi%nt*BbhggBOiyrC(wyMQGT?Q`roE8+;cuVr+OoXh8v+m%pP765Y6@&Qza%GzR?WXp_y>l- zdP+rcFbo)pZ56Gp(I*Xk9?j%?xBoEF_5~P>QkAfO4xX;!&*NaC(yDr97p1x)H9|u` zz$!o&uk6ojVkUyv=s{yKu!>_0a2)!aCo*(o(B7_cLuPRe8s&g1wD*OTFwULD=DzRs z3KlTSO2@h)^Cl_WWS>ogojm@bQ7*ofnYL`0NJ5vP6aDSS$K9Ymy?t1;op2-0K1lPJYLkO zC+laFqE$yXi*FBDkm{rC_0UfnSe5AP-?>9p9o&K4qFcMJS}UB+Pr7z3Rc)uz1Uf6% zzm%C}{KYNwmzAvHWy)Z9AJK)j)YZQk0tX76_`lh>t)g%Dw%oiOd)k^rxH z7+0*1x~TDhx;2Q#63r>kL|p(A>CvV}!SQv!3WAWeLRH+@k<4@emM0tQe$#6iN2AQe zzG_lh;)dssM3o7`b|?E;HU~&6+D9+TOt1uJVkFnM>WfwDDyBt`NVQwCQdHB&n}9ec zDv{Xw91rLP_$nS_xK>7VTsjmD@W#idI9kK=i>nQfd~VP<5D+ln-p%Zi1VVuFPg8C> z2rCcW=Ar%_fkjWh_0%NzTjqMZECL*~2gJ3*jF0qprnDwWCplBq5g8RpPN~9tEFM2r zOzT_;JqhF5G62LzJwmC_g{>wIMF2zL`cXL7C)GSgc2Fol1owVuPeN9|>p45HLAJa- zp!$A?F?Y9AwBK8A8_Qz{JWHqFvsH;GBf%W3XSDU=a;a%U_TCwIW)Cc}gjAkn^=Ho# zx$pjfE+ZHIl0OUGexx~<)$T$s`3q7 zo0Yjm-L2X629m$CtB9)c3MpazG!?BC2}P-53awG6(<9}ue<~_MYQS`hu`n=8kXr-hZO?W3; z)~pCurZr@>(6GHY(0{Hp3Yk4+UWwWTb6KWx=JI)$??<}2+zpe@&kMPxL?lw{uANFU z_elx0h_SZRiCpFT*x8{jehFM=!IFaAKPEbRl|dwk?pw?$Rt51=z?4r#G}akD-%p70 z&Gk^FMu#=A8TJINOpDW+B6{9tH3#>|@3j@QA z__NCiZTZPI4eg!tsmufMS+Fb{3+6<-YZkvRFWF8+Ti6akadO32y$-~|S?lzk!qO00 zfSabgmEWtY@ZK3VA0Br3R3+RqO zNMVa%GOS@_uM_0LJ4+bjhCqL%+EcM z_Rl0u(O$H@TntIK$`eJn8;{CGGFU?u5o%J`PVyPHc^U32dy>3SqWUBYx!$3rQ3+dU zvw(>5Yn1cw#RQ=8+<0teV!Gz_t`(Psk@r}Gh(MQQ@!JY2u%WcR5mR{p5RYE`^|D-` zM0L-}$!!FHgA%aOKat9F#$rIVzLSN%VK%IcPof&TO`Zm4)QCn;Y6fPFzd5MWlxKzM z`dMOlQb%)9XA57ql~f1q2bRvhTpUpCv|_O)zqg@bL*XOHDfnl#Kn;5hFTXdg(Q@{l z&rp~{1=Wch5~|w-6i$o%T)zKUx?HNiADxq8>JW=(J2T(3x-pf!Gj(J8ldLiIE;Y54 z#ln)kxoHktBf(olW(hLTE-RBCIHDA_#al*>UtEsuMY%v`TGLQHvmdTRI0m{dY*<*u zFvAPf-P4BpjmjFLX#60wt+-)!w^otbeQd>}Jkh*rolnRk%DBt631Wzkb@L1n6~pF6 z{5$+CBAdw>H0wf?|HtJk3(5<;uL1Il$X&?jNat-xdfDt)8kd{?sn6-);Pt<%qwMrKPxlYY7CB-j`Fdvu#L_F2g zR`nP@jTCKlGfd(9h6sfytnfb{A7n%DU3_Wqn;_=GMYGPuu$#f=d?g_8TX-BYhgsm^ zb(^^AwpIcZR`38xjGIml+l2?e!LmRgvIB3KycBbbt$8`56!9HM_Z@kNezEE~5bh_& z#Dh!+dk@Qxb~adq07 z4!EhfZX&t?)8bY49Ou1EdR9KrN>eJPxJq)4N=E@YK2~pqi9;34! zr@C)WX%D-(h18Rxqo65w1oD;9xZ{x>xH@UPMkxDDpcEpY)c(xkv-=*xPxBe6-lf2B zxiuTpD>5Q*jrd6gr6p#kw!naaZs!e7X9Zr(iq{l*ov#&qS7!f$8_3Oq5s#I*i9 ziBtw(%WP7>^6l>lLOu&!lgIIWdvAHtiI!A>F0A83^z6#7#w~Yxuj$uXcl)m&*N6v{ zz!pk~sz|~#K`le>06r}SoUsaH7(MxA+zrXYpB_@zg>~k^MAGX>u+>Q&?{V-X?T4lWjK3()<6=UWtYDg`=qO3~vcFdGG zWF!hOh0z+ym|Z%Wa-;6L5+e&ia-cg@bp<&Fa!_EwDs@{X2f`uU#BP}=J=s)hI6Gna z^hl+GvdFf`(ez>VkU_jq#Te*m+6sw7<1jnqwWSFgDNm#9r+5jmKN;bDBJ=}OgG_E{b=CiN&`vJ{oHoSWrQQ6$+g8?GC3>a+W_^ zrWD1>Sjlm3gjZ+DkH<$UFikqNPqq#AJH^6*gqRA2`$q{hqSGMjU7H&=@jr z8<`cVH-S|`FKMJbMO`lL3+3s@RAUN#YZ7S-8x|1lq(FA$KWmGeVd`@T&?Mj~+A8BR zO2J{{zSxrk1At!_fi4#%tKWpc$`U~{6pqT0r{&Dho2O!SDAqiPy_+$d!o>$Pg7v7dyS; zj)|q6s>169pmtpVULU&#VAci?c(A4xVG4JTRqenSFzs?KZVSkQtdM`EG|;H0hEp1i zq5|lH*F8jkdsLcX3|7%=f%C`T8;(iu*^W2h79ON{?AT}zS((!;|Jwems2IPOFRA!N zF3RCvWxI1Ul!e&XwXMnSy6rBZGs1B%n1|R+^i6Y4tk$Sa6JU<8kI%C+`ni5i-Vv3w z8}7SG6!qsTZS)@_SS_=L@X3j^Q&YZiZ&=B_R2gLLtiF`EMDiK0=L@0bdtm3&>?7d^ z8IJ$_DcahFX32L^V?HbG1c{YsE~OIxhqZgHX%Hx#{hlT{&vGS@;lwZO%`$#+FI;#4 zMf>N|WWo^cwzNV5i6oU&;g3Tpbp$q+qMI@d#N?pl9?4zzTX&%Dhe3ObFZ_Z*y~4L$ zeoy>IFyH=28hyE^r0ffrny0Vu@?h_)y;V_0^ddTe?V3lJWX)^$b=Yl%d--4^A`L&X zxp@h>b;5#0lImkD0^&LswzNF8t;k_$md_lC)Vc)yl>WVeC9IAh7M zYss*ynD1G+cqQD=i4QnL)r|q-%JGkULmDPjD8C5E#U(bYMKJV?GJ3%4gtfr}Mz;WR z)ikw4y^tjLsV|Wht3Ziwm@CdGS1L{U4^rzO)eZSnj?ii ze}7PK5w4@i4OYL z{Deot=em+U2LVy9qwTceKI z=K@OXQZz2iW=1nP%4LW2v!JEN7NL@bF*nJY)=d=4_SX0m`c9MHQZV zj*UE#=2qP=Id+%W5X|X=(A|^di3{}eKdCll)xqOav_s4&wM`EEsWg*W=_xo77%OaN z?oG|D69J1mYUp}&iorRmt-UkF7R?R?W!X8$QpJsr(?yNV96Q`x!&xN4m9)B~E-bm1 zXTPu#v}|{blvraTmy7m1K6=2dX{&~~Loz@Of;LK1Y*rR)7)yKlU`93PbGsV3Gjot;a=iq-+uvenP^qx~&ntkfm&k={$)psPk$?;=^=1jW2W$Qt}^J?`K~yCPE`lCx@^y-;eLnvN$|0{d>~%oY=$Z^lA5G@ZKcnjs+MPLXcE(9R zxV@A^-=qygm%Ryzz|m}?r~z0*?8*`!J3f22>S#}?*V$uA8gXu+%gNSSF8M9H^yGbBZC{{VK%y=ry%BZ-Wz2`%+3 z1VfNWT18cY-k`+EZ?yBvm{WRuZ37)#0=fM+llBq6-44pGpjgAK+hy}LRYJNNEzy*6 zcwW6j9-<8HWkZsO#G^}Z$jmO#Vc5pT&wOg#52rh0=@;DLcww2^Gc)x;&?je5zdrsX zITSCBoqZ!;75kH=ZW*`F_z*+h$sC>!51tGf8pYZTj~Enp9h{adfT*FA7QBsQXI3_# zgCeDE^MrmpWB{PLyO4l<=K&KZr3Pb4YAE}TK!;jsm>C;QDsxIfP>B6kH_-OPuAj@9 z^(VW`-y4T+lBd@QqE-*5)E(Xyc!icF|(|ViVMc0gDyJmXo@!%Yfn{Zw%;2 zIqv-wg-uic{HWnrc4Xx9k{26cHlZIWmRch8CtQJg+a?}}|YE$p1G-|$|}$RDvwa}$yw{}ik?CTVBM8!KwGQzD#* z)-H0rhM3rzRpuEk%S%m_nyfZ~NkY1-KPthB_UUg2G7YD6m;=*ONljV_9wT%a#{Kly$0RK59@ zcdR&p|8w(;GRIW+iXqlIPl;w}`Y3(> zWaDMBoabjmKI^XIU-#%FdSkVwl`#_vfe!6~Q`S_;X5sqF)>38p7COr#C;4gBJ5Bh~ z{l;=DEbLM<)AHp>&LF%w|9&MpB2HbJnJ z4L4}x4P%MD7veWXa+Xiw7Tvo9dHclsNiRm0sx(I9m~DS(W$2Bh58Rc4X*$)Pc7wJh z+V~_Z7xRR6uLiKEzjo2gJUvqc0P8=H8TXi!-2kN@^jC}Z6X|nO4*Y1R#O0Qz?ML;{ z4Gv?Ha0Ep`)9?`Y&**}?)1H>0biehC{e$uHPNg^11^(jAbp_XDKRfe^&010Bw#lUF zgflD*W@}d8AL97{9g^a?lwTK6nVP!#GQi0Isi5p5BBPhjScae1ah>nEg_@xOdB?V@ z>8+gMkvl1!pv7O78j)()CBBn?xO+TXppiyd^`~-za>WVOSv$1u6JFNd(ibyl8yD9` z4+-_9nZgDUWm;}>PeHJh|I%GwR8+jd$T^vteRmmnO&4GL*+ zjurVXb);Q0W^Ck*WGZpN^oU(Ew3I87as{5{QbcqI_D2PVR*HoDMtD~ToL4%XhuMOE z2ZFtN-a*eJH9jDc3whiS8GjEV0TEd~$ zFv#AnD1A7E{-Vid99s+_dBFODzpXf zrN&g=wI{T4Zk=5G_qsmBmA1D102BsDm1b~Ych>-MX45w((0_d z!9g5Yv|4}IV=g^XSb2q!heUE}i{eoNl2?jV^c*JuGppS?_XDd-# zBA;tmZh1jZxqHYD4U>n6=>vLQps-+oP;LCQOv11xQ z^pd9%iyb^ZzBrz%b5ZKD6?Q|B+FEV;pVgHVF+-3>eqVLv16KD~958#276@)A^tZ(D z_nRE+WH+98U87j*^W|Sow^LHhsgx?7XP#x+e^q#+zV7sHAM4+6=2ev+v`M2)eac6yhHZ>c~ej?0x4eSV9&)hOO!}9jxxKDZmG02;}E1+Ns z^es~k%Tvo*y)*1#9T5zqxx5>x(+s%FEEt#Z_*-R+#2RZGC-KMKvH)UV9^5C%LGRi> zlnAV0_?PELoIhlt1*b~K{Gnr6)LWC^yo|Ezwaeox(m`o`_hf&dHzq!+YO2YDqx0cj z72)rxyN=e}s}K&(osE`(+zK=)8iHCHEk-EzMZ`yzS^AP6yAez0lz*?myS#!*R||Vu z76Unr*O*aKHQQiXq1U#bx+vh7gRtq-3EqGGTbd2o$x+}A_v42){y#Ba4FAV&?%zr1 z;+8hwQ6K;B(xIFJiV`Yctv-k;B^upUxW9z}IlEUY8(z5+4pezXP{4nuh56dCZj>fVcElnuC=#mo~Lyl{a!yVFb9G=DN)2F#04Y? zVL~6uvv~)TViVqV9@SKa_%?G58$T_=%&7~vZ#oJ)k-H-wX1~I2EM8)sTQPJAUJ=7U18Lz(viM|sG?fiQ>*DcEo-QFE*LKbnqtGlx`(nLJAhaR{#j>*rh2XRJI|PU*4DncVGF&~Fq`_b?8H55xB&wz zd965sX33}GnCT*NwJPN)xs&7xSKM=|f-L9f$!cE@Ui1qDdolW?pWPDjPc_%m2e%5H z3O>;JhDD@4)#a`#swRJ1gI2Im21>H)IZK?=mQF55u698VFdYW=eI?BT^hrafPHks8 zu@94pYz7N*!XZux4q$k+ElI|n_aDT7q4qojlf+K8OOkiFLjj?E7=rw67-u^tIihh_ zR3=>s3NN0apZYX7tqwSlN~u+W3h*!JrQeRcF<(nCd2@6Q(H?=7z&I~Yv+Pl&F!jg6 zyeKn+n+9d+5i|7UB@ieCbAHi)`+Zm4E?eKdfVnRoES{aIImIvFj&^y)H`4j&ea$}F zlo=F;LVq+_V>~g<^Z*bLG$R6M!<-38#@;Bc1yRdob<#-2Cv%$*+F|LL_p+pkd<6G! z0>ZgLNMvko)*@C|i#8h2*)0r{N!g1Ol&VFGToeiuneaT*Xg(l}6+hbMzm6{F?ru}{a_ z98{59l{opKmr4`%-YV5qz)I0s>0nz)*QnC)$F=0%#;| zHACwc2d?G5!ij0>o^>rv^`TL*r$7+M0^l%`LsmH9W8|b_2i!Yzx^bHu!pYUiIzaXF zH%Yh@Juwx{sFs-FC3Q^EG6XXW@}tj3Sg&^q&cCa06&rUiw}G_$rjwcmn3WVa?188_ z3G}aXlC;#7#frZU*^`fW6?_j4Y6c&LpPnX(&*{nmyKc;c0ZXy-i#f4x$vv(;p^5!Ah@+T3$cfcY)XXei*5yB=?$QOL83Lk0yd=gNd zb5IP=|9$E1VQt#7hM~3OA|KG!%=6=CRzJBSTVO53J4mk0hVj}Be;L;1jzk$4>@<-W z`#lgU_;B^4ERL7OyB2P47-2rQoK(J%kRYerQ{cHbAiMfL>Wkp4++lKlHh3+cx~8qt zfhS`;O86Vvo{52>_8wTEYs|ZX5&DHD`{0IZuyoxgW@{R5Zpd}`KrIVRdB>METoDFy0DBa-vBNR@<$e|aCA0SE9QQBb*h?nrUH&~{iJRUq z2rhg7u=eUmZ2W^%YHSbi8DjHcg?|AJgqY0)=^JQm|EOd6zXTfde*i5;Sx03-5R(sv zu9!@)y&P>e5^arAw6C>-0RWRaA=}Jy+aj0BE=w=l(07~XJ&VON{k)BEEy3lB!!0Ib z#)`nTm79IH(IDXG^98hxmAlUrdV|Z1-H>ij25LC6UAle>J#dPLld#{d$!%xCO66Hw zIF3FriRDhCo)!i%GLjGvJESL(Rd zgms8R@g9vs|HPxp8oy+5GnlVdY!phsu}4>4?sOBV#$RiY_UvLvkZ7Ool30 zy&oFJD#RZrf9`cS&G)oE^!a+Rfbk=) zE=LH~5ic_UG!ZsLZnL0{B-CW!Cfg$H+c4A3wFqp*V{O$Z&!#1#`fHU5{kKv>IrkHKgt@vD&0v1*m`m>VkRX1?7NhEnTizGf}` z@EIi|Z!#(W;iF>u<9!O2xHoqME(a+d|Al0e;R|~l?pD@Bh7kS@Yd1Y+Teu8tdAIu8 zwqxZ>a)IH;_fkR7vZ~6cPAr9X(yv@dc)$#qf|S!bJp!&rE?2X~ad1;m!7htt%A>%H zOza0nu2mY*MVweZw5fru_Kjp$N(!x{BAHKf?R+8TT>o!%xJm0-HGv{~iwJV#xW^a3 zvU-JKXJak(!XrfhT`t#r9#7VGOLD>QRLEaH1)^QnjWyri_OYV*W>AC{4h$)e+upO( zw)v|$z`=8J(b`R4iFWr3zWjO9PD~O_O;DOq>WqPzXcu(!NVxjZ`iCulkj1-%swJE6 zyU$W0Q>HdQjaHMgw^|V-EMMl$M-i@Np9)b?B3w(WN6scqY~&1pNet+%#q+qTWGUv6^$-FuRg{bQeG zCnwoiE6;i$vyoK5uAyO3UY~c5+)XH-5mMAFsR_aS01`-KYYnE!l%O@s)JMPj)8zD| zew=~lE+3;)o4QOK&?k*wuyN(mX*)G@dgZJ01+~r0LqiZ)5rY#N!qeB=`7qDqnY_m6 z`uG@(%e23Qvjnw-S$ptXaR@0S;Wt)@>{R>3+hQHu&7M4J4l#EiQFDxX4CgrW`u%&1 zIUG$Jwe;I|IA+kIKMl+{_(f-Y8%*>xx{B}8+H#BT-MT!Eyi_#u1wKa1;+E4NnX=j* zg&0vB!_=FBZU?WS3x=BHD4Zj;2%^TLrf&*#$CVuowe9kQ==6h!^$G8YJ#;Z<^Kp2m zU0)izQz`2j)h^BEf_=;$&!%CjTvT@)Hf$hW-;D#Wq)NkV(gHf?<`5~7)izvMrGqh- zf_U(7^8LHh2HTp>*81bB5J30v`G;zW)HV-#gcEE0$PHl?sYE3Ff*n^C z8oc*tM{0p(W!Aa8c6CDDfl9fu`JY&YCJQ# zOQxTG!>3BwA6>k#>zQ1pAXOD%)J(nJ(h4<|S{DRS!&FDDwQN+&M%rP0FrwO6r+)ns z3enXEtUZMA`ZNO}q;0BSfZ}`>+R~;I&ksnU(bQy7T4gcek%3GB^?0%15cYd(;EBZN zp@B!$?@Y6GYos984uW~$gx%+tIq5s?5}Hq?DVRTjqkWobMt&@}aEfNWrce_iEPnjo z9%ql^NL9~Pehcl0MdJpC(FMD}P4yU0!IVZ|lf{d(GQO9c5@JOg#lAZ87aa#Z#~yJw8-9~R_8dKTmmBPE$Qq*9x5 z3en)|#bHqg#z(X1KDSF?l~6KoDm(Pibq4S4LWR`PtXh#Z(#DGaZhjT&8kV#>S~_rWPT7-Ebrw?O!tUL`RP1-!M%N_tyD|Cq7)H^5 z!sKU$0J9_Pxd&5u`jvp`9%1wfkr9^hF``s-T0X(dm?Q)D3ey2ljFG@pQLF8k)6Vc} zqV5H=GZ5MX{{P+ZQZPT0!DnV5jbB@Wu6`};{x|hzWhwu-;eUuLiv?vwT|);{Tsdy z>W?B!W1VdR={Nud14conlCy=fpto{gS-=am9JERk6GPD=>wJT(DS=qD&N&zY$-nIe z0!$iku;__$=(4o3GF1qevZV!p5_^^U+_L=iqK2xjJg~Enwb?|_(NM9b#rdP+bg^|1 z9Q>p_pfb1pW#Yj4;Q>}GiVBWhb7oa*sm5aT_)=X*B3Os4Ks^o~^LepnbS=1<1lzL&R7T^=2eLQT)$aDQrOZ?x#pjLacNl#X;>4~DFtILf8h9a z;ON3cv}L)vRw-Yj~e=ZqpogPP&9s^0p zdGcbJvxp;1r$WOdA!ok9;`%Nc=>ZHtxhj>r{9AtCTlid5<*nV*%KGrE;#gxL)00p; zn-EgexY(k+P#HaORxGcXPlEyH0}e7utuoH#ve=vIp+b|&--X&@=6-Jy%!UnR6*1UViwget|<)$>|G6a245URtM zB~Tw~^Oy{=5RfFuIr%mFvTXGg=3i~A)leoIc}tZ+rsnn&$FNrjhAJmPaEk*huozqc zbbmeJ)&RWIO<4iz{K$Y~F^CjE6Ko9oN@|hd-&7Txz_Ng06#H9k@7NfRBSw%Qq?-{* z8i$pusj;kzPc5;nvC7$5pU!y~6h@^xT!MRXFo(kaW5d+O9ET-U2$Bm_MMEBrRYFy& z##tXxUAK5LUuJb|<*=a7sVovI0L(BXsMj1nLsSXDemSjE) z>5qm164ePn{STrtTNU$@cS9s&s)$Gc;W|xfLrtFBPQ*YRqRBE7a+xBnniR4z5zgO~ zB>a<~8OI+6x~Ym<>RL+bJfTXf)ifNqlLFgf&WcL93jsJ2QN6gC;SMf<4C`J_KnBcF zFaz~Fj%NSUSotETq5hb%WaN$)ay$&i_1j5$z4S^qb=E-@fT6s46rnL=QCVkae2|W6yWc!Q z^1>)r)5y#?OJn7PbUvqodSgg(*{a@U+91}r`AB6MnLU9!-kyJ?a5F17sdE%< zso|+cm^tmTo!#PUnaO-WO0O}QmQ4@ZbvgwacN-AMrxqOI?{1;&t!d{&8^}ip8cW3( zZ1h0|;{&5g{MZmw2?*uez8bJ!{^N6%58X#`Hd zDL=d_i$I~+h+^>9^D1U4(2Ol<0Y*C}--AIn)!`hE4$9kuII_(X+9vAT4i1Mk#AincQKLMcQno zoh=_y8)z%f1}jQ6*vrv|T#Yp?Ym5bJTAKNq!M6ySS1fu!t_d1d*(^sQ)c^j4QAM55 zRnj@xmWERI$0f;LllUb?L^{m~0_>mz=Y(1-FX5(@fU|DemYbJvU6U6bsWq?|0*TGT z1ZWD*oVLDVp#~gZ@|pDPDM{g%6&{x)%yLpkNJWlCj8Rjcmt~1~qig=X^HDHN*B;5H zU508y3@SxFdZ4I{C40NaBzmI{iW3)4kP)MteP8Oo7#GA)leyrr?SYwJDRDVOr7z(b zy*%5JFLxquE5n3fT3#1oecuR3DJ@Pj=a`mY%4_|2llLqk1GXrDa-=Pk z^(243S5oJuCu{cL4~CymnB4MPuF)oWeF*Svj4PH_i>5IhYh7ho7|uLnUS0+4o=ijb z{Ug#@sDG;q@PgOPIcI^;TuZ|?Saad63dD}gM^C>dO=}8IkE(&`6r&VeSm0vnB?~)8 z{|EX-mbk46{uy}3u&D7GvwY7RILp9&9<%x|MhcB~i*dtf7q@WK5r{?@% zF&kDHlm*ACJi#jZ$h-Q>Lg8Q?Ewl|_XQW?@$mGk9!+_a37!SqB2~gA|%k^&ecFKUZ*6x z+f5uk=Zs#kCOIV&F6NEHXdy?{_f+T`Oi-tS$36>oSuL4$b56*paZ0)!4uuz(KKpm? zVQVCIeI=V;GuMViN&8K|S$4K*g18lJ=hO)FSxiS0)5WO8%y<^^gAQam|Xn=+lbc4iYKvgl|Xq!=E zoN{W#tU=`RZeWax^*MNo{; za(gYngP~X?5pK3gA~VO$F!Ni1P{j)s&lrj`%ZpmLQOpg7<@KeuHEP6_-DRtr`Qrb15foU%&!ZM5P|5KWBgCDb#d3jmPBm*!J92K}5CsiVFSZqYr0Cr-^Ppb1ku4LK?19FbH{t_1 zbb(xGT2Mj{5uQ{bdR{#s#ELMaez}?c6kc&u*e#)PwCGeZ<)%51?$OQ_f#BZe*Bxnp zMAknrU!rD@pq}`yVZ`uIm7k3uKq%O<4|}2=sOZw0%04`&1kykP?5ioj+K9_a9fQ(O z%$WQ=)y(mPWoEz|Oth;-KXoJ^c{;yKe!!kQAtUrr$P{4NkEvF05_+LNXSS1O6F%JgH|CenMPvv;Md z=yac8*TPx(4Cq{0u1%dF)=07m&G?4SV)DbVEpeskoS*D%(qOCZOKf1s37wKJB!XWM z*%jmag@4Os@O?eH24j#sL&S#*l#O??lmZ6ugyVYlPhf60fTxU3=K zRIbS_L`TIHFw>wjlgQldsmT+WMOq1s?fG+aY4?L7W!~DH*aF%kTI1OE<|ogZ&Tsqj z+0*FrTLmcCtK|g6gckw6;r$i>{&;9k@LXaFPQJiXJP~s~vUvG}Su#Oe*>pR^oYqK?pBY(Qd?T@m5mvZ5&URWS7 zkvG4bmh@=cQN)qThcvx@Ns4%|h_9K6fOsKy4tD0v>jU^RK>3MlwcPrlY57Q%qT7&9 zRhTDs=S~hPhKrE~-TkKOpDW}aY{KmxL;=}zl>v|=kk>5${)FEm&fQ2i!R`IK;-R=G zPn^6|h2lmYcMj4wFR+InLiiL}!hv^x@eRK}2@s69Xl;hJ*7&8o!kmDFkoJYC zFGr^YW5L(izbj>)Nde~0)Kt|{s7%jDes}QBk%(`5gYpdRL}ECz3UK-z|5eek0Zo)Y zx=ZcODyzKKGDnK=J#vS*;(Ns7MyhwCb&hpn<6J~@HnX!7Pp)os%iIh_{?&-6J|CY* zt24C}bUoy(T|B6|%X?sgbtS`pazB^ilSaFVd-#b&yD;v1J4>q~2WTdVqe3-a8LeO~6jl&gaUE5zX z5X&{2tQb{CV^d9Zhwz==KW=~xJ2iLWVgBcOGiD~nZ*U{tfOa`#C?Z~Nrs_9DYlSM!CWLUB}`hXxIZzi%Db+BUnDIyZ`L%X5||=JH1uZRm*pMD!(ZhsM}j zeH@?JzxqRaB|1>KUWB0i^UKfI>^7F>lkp2Qmq@8^oojW)u%3;s#6la_pC47ZbifoW zDHi3WZrCo;$B)J;)s`Oidg=w8Y|HwF{zWwx>MA)OfJpV{K_v%L-1oA?jh2>PW_~mY z^z7I0KU=f<&j|v4B;UPQ*e`_F)b}>|*!->AfY`64UH)r)1#g1sX+D1w)Gxj0mfjwG=xTqHcys7 z$2@+Vp6?gKg&m3+mkZ+OA4-O{haeoG_K2iWya$Tt?uzvP4$=`PCgYG9w-E-3Q%N#g z(hHIy^_pM#o}p8CeFQri)aAFV*E}E=w*INfk>Dcakv(#a4ME%Q$DM_AVR3W=i;i z`NisHnJoyWkY5NDJq6Lq_^h`PO=q@NDF-cVtKK5ygeU-e<^p64YS;XK(Qry&5e<+} z5g1#JcrKEIH-kCWk;TJ=l59=)VrVy6loWk>+?n<>BR=|~{->PqfXNF_~^ zNHncrB`-pw3NlV17p}UPL4^S9W<^>^4*0!N>WBK}y@c8ZKNMoj z@EWJgA?i%4oUBG!wvlNXKS&$M7+OV@_m299Oi*gRwI?5WNMzuBA-TkHsrmQ0GLXc+ zmh^N0Yc-)jGuE=cwLFjCl4_t5dcio~jA?)}*{tX$bw2PTps`<-Ef3lmz30yvR!!gK zB~w|$0^g{Fm%Yj7B;w+6;F$jE@+h&VK3K>qLa~i1+>9j)QeX@BmHeNkNQxW|^(p4A+> zycB3|Sq5&U~Oz>@5*bS0GvVo&U$fGEZ4~Ed&=Kcr;`PXCsoMY z7(YziO)eRj>Obf>m)K1AnY|HzpG0mFr=7|h?DN^6NszWzZNGz&jov}ywKmO#4B~$lQAnhlY?xOpRy2 zus>Z0WKdW+srWTOd+s)GfGvLK#&<}r;iVYt{IjFZz2&6nj zt5qLBNp?%gXzV5*()`(Y{yC4y|bHkH5a*_S3=KbXO>brY!tyDH8 zHWh?gM(G2^EMnQgeF%)Q7VFA3UKfs1UV_Qtn~7IenG!;@*M+2=d3(6trnF@lU3n!= zKBC7Y>I3hhFp&{5HxoVeGZl@CgG8&(LRpqkXoqOJk+!8xU-mL9!l4M^cuhh>xF2}h z`ZrtGqhGm_my#@=fzLC@o@V$0^ZQWI-6p`4*UqVjbYj5oUB(qu2%$4VxSquTQ5dNX z1Adm>*!^Twmf=mY`jm@TnNl2qNR860h4$anTh|5+Eb$*mvc8vTjmeAa3(Cc_rHM8D z(~=2l$OZj}`Wer7zRzpV#I!~Q(wu6L2S@aj|7um`*vq*L2o=@Ic1y--deF zo6BmiN}k~%J89pxyN5eByc+u#>1F&=QsZgf>h5GXyE%E#_+8{YMY+S(LBiDodts#Q z|2;6POxhuCih3%-1NWz=XY=QbYcpne68dO41MnoRjNy!RyeyL2ggHO;v6<5NEdbO${4Nmi8wcBtGjz&y=Y z{^0442yqT9ibi6c%9=YGc*BxC8M$g^3<77(l}_%3&q?gc!kU~*J@LL>>&!>gk-a4? zWpCEeU;uzATJ=9sd^U%-mjle*dTlc5IIG@%eWv{OjcUW3UMQc#`84Wz(W#4KZ!PG6 zG56&8tjr3_k^%LG^bO&bJK7dMhiE`OW*Vg)CHkLdU(7VkZ^$~5LOu~0Gtrt*1;=uP z)WMtrx%y)88Qa$&YAnn8y{9NevHSFw#i^TAmVk`0Sg4A#^ZmPsl*-H<--b*2DN#`c zJZ?k8Ts7xk$Ap95nDqsZ6|dsbMjB>KA4-);GA&$AHdL~_H-XR&XufeiSpe#03B|#Wb+lsKNv*M&d>gxw3IGOYvfzO9g#DFU9K|flk-PnnW0_u$6k?E> zWwGKVZLb+m|8>&S#CZ393bu@X^B6L(JM z-H0Fw9Q4rZ2I|t6^41HnGj|NQh01m;bGdez;am}0bm;75()W(Vgr$));WtsCVibf2 zXON-hyJ2iA&(<~fiD@L@G*_+aCW$TE0d4X+iLL0;6~UGu2aeL@w`4MqD~*T;}OH{4hriov38v!I4+Nnpt~L9_$zCivlHN|-TFAAW#k;YZw@_5FrcZl|=A*^%hfBw$+jy_y zC9zC;*-6|Zpc@0*%URd^M|nvhO{N$|q3Xp5t#f$wkW<_0`(nf5ItqMU3GhZLN^~?? z${}ChXe5ptVAL_$D~krz(OTINWQFP0+$B~#Z!QakE2YcsGhjFPuaq+yS|orbwJR>> zNJ^4Sw(b0SRCS+U`lXCiH?f-hJx8h^9Uli{ZcHw8A&Bp1JU&#-W6S4oG#(><>9xfD zqNwl~2b1Pj<34wRHr#x0k4eG1_J>uwcxN>V3eT-@X6kV~{#ids?7I>&N$c>LupSCyvYqtVr!JW%ChrhB}HA56|kv z;PnRWPK1#*4q_8KW)y+_hWCq((>g>=UAzq+MkLBVYok;tJ4f;p&Y4emU)KG_NtyNb z+U-hz1C^+}Wrk;w6px-e#S2%8r*>UCsp?sfc6dEeRd%5=8N^opbkP1Se3dsb6t+~x zy%57fBrSz}LaV<^Sv(P=zbo-kOP-XeDA!%uSNNEDg5HRJDzWlvW>RAR|IN6#pZ0vWG=W)5(NIk=!vCd)W} z&<=GmEWA&HOR=NquhRmYD?r{*Z?R;Qk$|m;>JdMy&0{{Hl>>SodgtGKJ1uejBQA*iDu4C6_p94@8%fW@y$UQ zns)T9txBv#P&=Lv z^`_2ME9T8mA``hiSo{&}+8(CpTxaiLoELFJbRGvtg(n|cydrAmMf<^ukrU7xz_%I? zk???Eu&2jm20VKs^G?c*|GmsEBY-VuTqsh+qP<}9=0#cXJ4E>f~wy(8qj7w zT`?JW{vq2-zt~V=jL5Nk(rk0pf4M2A)haSYuhCCViN6`h>~`O)@RiQ&s`R&b@#PkL zb-D*K5U<#ZRl8v^=2NGD?}|+{*0Z3nrjyc$HY$vkhjkJQ6!T9z{Mrew!YXf^-}1(E zt(iWQOHD2*s$mTRb@Ci6IR=vTgqab=w;SL_4&LSj;0kqd{_=8 zKW0gphGr?PbD6cT=S?T)Jia7*D!LQGwZ8I0?wkxq6>HC_==>0iX}WrU3R;Q5>iIPP z4JSgx$mzs>-Fcol66nbuf>E5Psmui(zsS~jwtX6jAX{w@Z2hvW$kHYWEeXfQt0nC+`~`Iw-SXU4XaeFObR>}uFLclV8Iof7U^7pmY)dq&M?%ULaV#(6q2;L7zPr;I1Wvk>#=u(HouAO$}D)* z6xeqKavXmL4w|4G%!-|mNCzWsXyO79tkvXPa*?7Ij%9>1OvHCHErFVC$H9twY4gCq zZKtu#_F%>GRv;d)%PO_{QVvR4skN~r+(f_wt<&Fa5HS3o@274uV}v|bOW?A3 zC;MJQ=3=q3#<=73iXNVWgs_c4pXwO|l>hh^X6}v%jt*p2f5a~q@M8mue5x!@?3v8_ zA_4K~xJAo)t5JpUa%KX!N?K65e{Gm&HorKOUQk-`?4e`%mQDE$MvE33l#UDc;&{-% z0=lKG>f?AE=SGa;JWF`_DQUWQBP1ATTN zW)wC{*z)pP&E`Y1gYuhiu~wZ2a1LjAU&8t&TELp!1!YNzT?ACB}RTKQ({qaTLp~c6MsP%FE`U zeuhPC%e)7wU>CIuCN#WLSzfp$_WrQ??~!m)N%hDQ0e2(uR!_=OJq{2%!uxMyc{w6L zeL)FerM;mxH#^2K=ot+)C^DB5C^cwgI@da}-WsBaEeFqqvhYb1*_Pz#ZIm-WX{KsH zpE;eiIheSX2HzQg_CVB9Y#$+h2@WHg+oq}z^jRNd3vg%v_?Unfn=+YgFPd|43Jl}RDfqcD)0(DLX;QPh z&Z;aUBN5|c9RqK`g!&5?e#roF-dBle5*XJB#U`FE7G5WH8W*UCb!Vr8+fIQ+?V^tX zA?ydz4S8LP!-|-S738XA)Bm;}_O^EIW7q$2;l@w0`zhOwk7d6V^VCOl`4#xoM|^qJ z^M-`<^tAIaeBE&?;LA$2o3;0G9Ol{W>D%v3e=O&#@^kLveIp#?euTe)#}PC zUAtTSrs^_+b-eY^Cqv>(?i(Mi{ts$5e!ksLsP=3``!AwRxu|Aez!kaZI)A`ZBJt&x zAKG(ycXvh~gXu2@=*+-dTM(BnlZl<@vjw3WHVHRzTz|?jx&r70RFB_4x8eYJFQOZ+ z=`AP|bsh2oD^ONFW-_MYqxGPX6VCK8aI3|K!tNi}f>gBuRYFZHzY?yWc+Y3wmPa9; z?}>+lVsq)e0*v|k621bgmMcAXhLTb56%^wMVhVXIuxgd$&n&nO{beV*d5TOdk|R6f zENX8%wv8cb@^R)Qs>4}5DR-}?ugNQxy3ZK$a(T9j^r!I|8Mhf$#L2Y1Q7{529)@lO zeVr&UD=0@6mLz_6_TYVDQ@#MQeIPn^JPWqF7!ZB>6Flu|FCueDG!=G$elXjN@C&Y<8-5j-Gn0hv{`{BZX@X4X2f8h>Vn~^MIjr% zv+WUbX?jCBfyL}bRrzKkg*e8N_7EhW!+YaPsMMJOP9{lyK3xWHk_CjO@Wr3iYlm#) zH8R&Ie`Ur6z`eC?Gr$jRUa=+r&L8mbADJb{G!_|F2}!$PBk(KChxCCI=Tfe=A0FL+ zR%B6EjH|$eSFa1FsY5w*DyD)dJq^q}4^?`JEBj=KGZvRW5G^YbSNLn*Yi0H7_?*YB ztY}qcLXty;UWyf^1Q(ra;X$G-d4J?`Ubga=W1FNswq{nAqpTjccC4|ty^^5|1YjMc z4SSGLALpJSzwS=bBBxDIX}IXGien*J=rF3jceQ0pOz$Q z_?#rE-zzCB{L)Je>LYIWhh1`P9|K;(G6qh>FPsPePg3d_1PuU7@z5n+PoeH?78mE(p9`&aZp%KWK>mb;pE>x$-DKfbQjetC6qPHT@fi|mH{qz zsg?HDln02GbsALsa3SJ5Sf{zuGCjBR8HL`|E0tU9{f=2}6|5>OCo|vwM;bQ=za5CS z8R1j2@>ie#5k(Eo2uJ{H*udal8L(o-8Y70AF)SM(=E78A`oMuqZuw2!JE<|HWyyQx zLw2`zcCV2$qiOm zgvnC@MtY>QVN#Vv2akF(uTZe+R3?HO-D+7h@stmVo_IXKtX~%h zA64JK8}-d(CfZNk1M5Irmn21%PxuXC`hp%C?}@>sSpsq0i%Ynks$bl=B-|)quUZlV zmRQ^{#h)v2(NBRZ?l!J-K+8L&QjH)BmS7}f-z;DTY-N1+N^$yxk!Ef2pzIHp->LFM%p z{PI$dn>*f2N8!4OC?7CS{!fiBW!t7TK?t7M;0R;L)#9-TdO96Rh#FKXKJ#8QoQX*9~ zjyF{#363l9gOg6+KG9$HWNf`!Uxw02;9RLxW1bnLgibc5BT{#GhLUS)qk!?>Fs6mp zhL}lz(I!V%2VZUMMZzBVOCbLWlhO!R%`^bGYhdFG7Y|moP+|3!@&=b70c}4;kHq#j zWjO9^#0p(ta0c0WoLs1JCTv0-T*#GbJ@ue;Qh;rU*lW3fD>;*{rHsrlSfE~OnNnn2 z zX5ecPf9?rx_Xt%zn7SPbO$)eWajXBk2v$zdGAkLz)AI7AeFInVvwo$rPJTYFrA6YE z{ibZZ#T<6)Q(FV?urb!5^?%aifIo@$eIU|~(}!F_-w;2nxZ&6HIi9|PGJQY=Z9-wf zM`X!QI(#@thPX$!Kz&#qyL%7Il_jvfPBDJm$)^pbHw7f5GdlMxwPuQy{%q=zZT;Pnk?45BWWrvFNic1LQ0lTZW+5c$fnYp)`b|oW5Y3W7m))%4hdyT?wi1!*#4M zGbDY04c3_|!0|&UuE0>Z(D%YVvZq{h*lB=|6o@e|R9i3(=!=2=y|bfG;Z%AAJJ<+C z?gRg4WW$WIz{7}Fs#AH2Q^w9MogF2eJ)n2`qXh~aRz6)`*qPC(m|ZA>7e{do!3&3* zXm%0Mr&l1AN-JEw8`mDt(e0p+478FPWCAfJ7qQSSXno z2kk(w(g0Cw%Dva1k$HaqjtwFG+Z@NtZ&0pS>Cu{D5U((v^H$|J_Jk+{%aMH*BpH`c zZ*C2toq{ce6ZL=-M9k3*e3lt1)G|aWr81uX*8m^*>uy!7cSP7Lrp2LeZpS^Cw4v^< zfHxTP$`Tzs1;u=zs1SoBLbBgK_`-SFQeL(1a$NkM->+#1dV1;L*DB#wY$*!IbYX;{ zSR;RR{?-l9~4Os}E%*Dc2QIQ^X>3!z#FT8s5g7#-0OlPliDuyH~c>fCs8Lmr;A` z+}=r>T=YB=ztyq@VUC~a4c?IWFp;S3p%sa^-a{@saMEZF=7_U(>RIVQ;Gn*Ex}u&$ z9|M12XT#q;ERaP4RE&2q< z8=n(Y+;3OW4zkGb%T$mo+rN(i`}Kwhqq|rT{t#i{9VwL``tFXQ%Wo>YCU24t-6w~E{M%($2w z$4xp8GAvz z^mP3$Cl&NJ++Xs!KwKC42Ta^^n`~h8hdu!vK6Ggx618^< zoH1maG50X^LXHsQ?V|(4Z5TadesJg)q0}B~J1*s3A4j)) zdLaBrK7HjoP3_QCJFIrx2)(%NfXm(TZ9*Lg-(B)P;&vpLotpQ**}v%TOxzNix;@+B zHjmD>Q9AKDw~KqaUaITcS>hEy@E)k0xkex5Gr2$%T?OegYEAR%tAn7Olew@VUW_=f zSjRaFLbrKnT&vgslS)UWaKoWpLipp{x>Iwu+AnV^Qn$zA4gtLdh<-VFUl zrm0qaKb-<#k+~YDCmB}I$l5fxulJ#*5!%kgCEk!QIXN`o7r-X>y(HwUMF?>UhklQg zYz=17!0gYMIoA}A-XV==n@kU69cZu^eF7@->1Bjno9kP8rUp-3;d|d&AaRcbb$$5Y z7eqNW=(2C| z#}{FHTgCy$i{F*Ir6;UvAgn6N>h!O*ogA)|IwK^R8?LbJSaR;z7PfcdWZP#C&uCkLzjr)U zx*4cB5FwoOg9N6r9gIRBsn?a6?%8CiPMn|FoN3)n5dX4qgdY~*7npI9(?0!Mnq}o z3~7M%`5CUJeyC3c!w%o(4a3`@&pC6g5;@QOz-P2Pv-*ods*hRdB8@u?30Uhg9ys>C z|2Kont(HBHZ-_1BIf||^HaCy1c-{w^>;7`vs@5X3^plPb6V<~jD^niv+P$?|vei(n z+h=;9!zuk>vuL_<2EO+Zn=Jj}ZL1(Y-ouDa?BUnDJK{T71_`|o{U^H;oo}etC)513 zZ#UH^)#=+(j(^ur(`)t}rce0w{x7KXm$&H=e!q)%Vz($?Sh-ud9rI62o+6chzgmFD#$kEykWMQ@l^z5Fpmm)?8*sW#f=}2 zwS^z&V)Jm!4?)treyub44ckH?U;oZEt&Yhla9J4^?ll5mi;8ZCSN03}_YKAhM2Jz( zL{>yXiWw>Tq{spt+V6Yx6J8q6G-8Oen^0EwjnIyF`M}+^c|wU{Li0GyoNi`VR`bs# zw)MD6R<`IQe5j`K1!xa3)uI)>h@{&(7iVMyM)U>U0$C;`o zAI<;89Ga&veND=l&z$yW@|ff;0hdi58r%N(p%LGW zZ>)`xFYp&3H1boSwErQ7;}J79q`acHwd;gw1d{}fo4AR#= zB!eF`s4Ix5oHZJ-0VeSzbpyf;m+cJ*%hCQ;2+|l7M;KcLs!h_N4*|~xZq8-xe|aiZ=uJhStniDXy&+cX zhFLV~&fAd%@W{;HS^*;v0Oc=`_Q?3uvWF=BSbXX%*OYnj=#gZ6x-54VGrj58t7OSH zy5S92hHUwq4n-&n>^qPgf*S=kgX-^i6-rIV?Nj>Us|85M)pj8|EYlg%ZT7AL8op!T;C^eRU!HP96F1)JNPr_uuF3 zuA_CNw`)WYTM+jgALn* zq#LU=dk=xtn*NiiEs;Kq5v0FboGXAEic!$>9r&l|XeD9zp&#;|73S)zZ2tPjz_bhbv^1;nOjh!^>iuf zk)NuSAFMs!JsNs9q&?w&r0!l)3u;mLSdN6&4xO(7{`%&Wy(d4!L%oW8YO54=2`omn zHOGmXd59~$!(aL-mW2GpjpNv`eqhnJCmdyRG&?c2ZMeZ6&(ISm2lm+umbhajDQ);) z72-RrFh)1){_`6c#Ws6qE*yFk4QWIlbtr$l zisT5#H@1Vk$vwRyu9eNb9>9hxzQq#E4Pv9cN5?)npEsC%g$qcH4OxV>Su+DuJ#2|W zHKSDDZwk7H_a>bWA)jnfzi4WWSMr>3B*9YNyRM?Yv=4A{ z?1vkK1{A#Oue!*`>X5z@amZfg>E>hkO3??MCAmw{=ig?xOXT?q8L%Nv*dMpggZMfN z1lT5ONj#HD8}OfbObv&7;ihWo^`Xg{{KVH0%nhjTQ4oY;+#o~3tQr0|3HiHWkVRZD z2%q~o++fUyk#D2kkW`?{^>FS^+2y)n`A}yC)7{|k5N3s%4!~UJxgqHw(f45QUS0b? zLwHf@1bgqYnuIT{*xi7`gf*?u+`v<1`5H8B8Iy-UsU^B)XOi;i9YrFnknWOL3%r zs#7^{vHa5+zjJ4YS-%8+Wfi&r%InR1X6)zFc}H9zx?mgSA9a;mo#S9Cef}t7U#%30 z7pRzbsKfg$^grAx*%=^^7CMQA<{+z;kxpQp(yIZn!}WyKwj|r`C)Ii@cKw4KC7pN! zr@xs(CuDstk}uwi3S9=-e56WKldZSj;i=wNwBOm_4_?^7C4|cNy*xXmGKycYkXaxL zXX_h^oh<~m1G$6Q+!&n^LJisNSn@8Rtn538aG???<46<fV{DUVp21gy1=8%32 zDP@8=9PYFWIEQeq<FBi-+2vWAP(P^)e%d3*RX1Z7d~ z@q_m?&eY&2=n)0}2eUE$&6n2vEb;lzYjU+YV`@ik0_Hmy2iS-B*M@y@* z8G6fC96cifQZJ7mTJNsNpWGWQQ8BK(K4cM9$;>e_r`W5;%~W81cE+qTVroE_Uc$&PK?wrxA<^!uH2 z`gC7>RlRCft+g)J-BYv1T;mzf@2L;?!QNKDsszC1ggKE+k|z=yqQr^)N18v@7QZs# zb%qpnhlUe5@s6o5o@nXr(~hufsY1!^Thr8IIsl~5$`Npd@Z8+zwUJKGOxM|d5V zQgCAQI8>5I8Wt?kf#|&Liqir4WUwbZf*%z9I7F|;(zGRi~ z{$;5TXjmq`bY*PdPfT3h`5Z|Bqn*RCjQNkN^&JSj8E2@E=0grl_=KXC63+Salbr!qNX>^7#6`Fw0hx0&@&ZLF9(t>3%BvW!|yznQ7p9%XqK7g z4g`{2&??B6^K%nzf~<+dX_A_Y#6?Fp|VGbCtpJC$1dH173SXzw_T<*H-hzPvh?Xe+* z54N-SFklM6>mm5pZ}>zwAXCqtJr(NyD@qQSksIm|Jb@c3dy+x%5$bBe8PO>{0(Y5G zB)wbOtTT0EOi`+C6;0!OXiDya54r-Z)yRl9x%y)Y1wME z$Rs|NIQH>BnKjgzQ;6`Xedxn2pelU4Cw}Nz`vT2_fRO-Us)H zi8}#O+O7`)b}b6*2rK!AdB$GcER%gB3Bh)yf?9g}5XL)nOmh1m=#y)FBKznFJQ>C5 zzui_!B^44{}H?8EE9e(nQ#=HvC+(c>Og;mdQMeodm zJsorj)Oj6vN*@+0u91c&;01W`+hk&lP!`#mv%Hk1)Q$A2s#)tFN_^z=1 zK5Ju-7hzYP6BrgHiQxZPcWHH=*uZL4*}7?G&BcRTxRIwDxrlZ1&O{d$rqR7|gSZ4S zgDQPy8_9TfA^eNbW876}P2%H@8akUtGS0PP)+`k=&OM9i6guC=e}}3?J3X_Pt03Rc zOIRsUt}uyHZ0F22(y{5E4kXGI|K&+!q)57H%ki^#4_XA;>aFZK0u8Y?!4q~}^2bg= zY&WMy6N&#ic0v*Bi@V;7iS#EVn4JZ6s%k?9xQ^)o@=;~aSHj3SU`bpU!kRiZjv>Q<#AQD?$oSXv_TRa*0Fm87 zU|vnn6M=D4%R~OcM@Iox++`5NXMKQAJ?R%(1$Jp2M3w8)O*?odJ2V}YV+;l{*`l$} zsgL0&rXRPa-~Zt$((Y?_k?Pk?pP`E4besTnB6|ta7w48mPrB)+;}=^V>}`xfcp7NxJ{ zfiPaMJ&E*A2R3~Ifs+mg&((oEo`%#-*Dc0Y8s zQ&%fhSLvP*_Fo9{|zZ%%g-N1_Y;Rv~C0yWoU zCK=QKV2poqpQz|NclVfV%x(Xk>iO{JJ{6MjPuV8Ij=kh8D}Tu=0XaDj7mzi~rp3v( z@7gZCYe*Nt%HCT*sMQPqCKjMWt(brvrb?N9@Ps;m!#TLX5F#`mUdY0@@W>Arn3^Y= zY5^CV+GnGX9zaYtt)8BsapZy+MoSaZbZsqRiZvpJwv*1l?ahVK^n2Ko+In_w&FuWMiItW@5NGid(d7vURR|3!ET zTpQw3L#*Gl;(k}+4GMUs0NFwS>mWzE`HBf>h6TR1%=wqI8@#Ch>n7(2W#RsV;Sq#h z+5Z@JaU9C6`X-6dH|h=2UbXsmeBu0q{Y=&`&MVqp?fN!+;r)a0F#)1$eAaAr2Pij) z9dCzumjv>K=fr%a$DCmtm@nzkF<`pijH@RV?AtY9Isj*tr<5-Q7UKoqJ@DG`=cZm= z=6|wyLI-a<$Ek9-9<55^0%*>+CJj`>y?{9Yh+Ht8#udH$k{H!UcmCCLt~p1$kb<%0 z7shHG(%U&$7TsC2@dbl@LGI`REUUb?zF)KW#!tz`70o9i=tZ7i4i3>dCgJU!{mNwV zgTGaNQ_B|QZx#)}pt`BN*U)rPt;HhegaX4yD18F_uBDoXrNkb&8mKpgRn};gg*nZ`18P{JR68+g!vpAC@ z028qt>w}WIwl`x7IQxSOWg9N;pmNop(HTO+XP@dph@44LNP?|RC;H(bV{?wI%eb|YQb7qX5LNXt0#fQ4Jk z7tYj(gI-R*3-*Y%P+q-@`UsyDxg5RF>=68hu(tT@Q2jOjt#oO+}U-qt_hPua182`w7|B@mKSk2isb|3k>ZvJnX(ea z$kGMbDiKu3vjo}JA<68kftq}QiO;U2@0lgxNt(aQtWiv+X6|VzvnZ8G^8;hDGT9#> z=J87=`4Xq0N(H=8v26S;>)i+hU!(cV+Xp4Kd!m>nDzt7jbLX*3(# zce%G(tjQ#8ie4>Xik_DBDIoxkL1k=)|aeDPg0MdA--03|Xr@YVH z>21$LqxL;VRfbyfce;_dB9!P1wrXTan7$E*TnSkx%xjmLRh-^k=alPP{cI9lrnGCw zNvCuKzd4*8apLRUkj1!C!+#HiRhhGRz0Z6 zb@1?u?v^cBhLK@AOz|`c7(UMrDr_;x)0|u&%d1mSnWK*Pkgn-FFw@+P? zEwzgF;1wXgP1mP$q4cgf(%=5JoYo~({@OL_+6BMFe+3%lR0;p@Nh!W+gTJLgX2{(K z!h<7OXVgZqT;AV8_shMPF8Mj?!}VgF3`&6QobdRidw<1EM!U?qKxtWwGvOo$h7;i4 zpr{u3E(X>h$dO2foi2!TXpmvL1uT}4E_6R;+%VJ;jRmVav~g(Bq0JFq$3iE%{*bF> ztp(qXfvqol2;k6M3w_0I7iv3XdsB4F?J?AXr^kF1unh0*`^dtT2_O8}iUEC}*Zjr~ zlPQ#*TbQF1x6_l2;7JicYKGBv_|I*86Om-G`HcU?1&6Pgosr@? z(wrn%$3tpb!JDxjs$*2tOO0&bJ|Ra{xpxK$w39plgdo#(>b#H zq^g*FcH7nUs9!x__hky}=A;^Wr04{6*LWWn3ejJVFwb11t4l2FALA9M zwFXedFya9O;=w<467iBH@FMUc;`$e1O_Az>Gq4s3vTt)5`d90r3t?7fL--#5(=phF zj^Qy^E=mnz%>IYxFp*zHFnfQz#~W0@!yoW?rehMIe3H(?kNU&O7-Ksae%sYf{HfYb=!TrH|=ZRmJ z)b}B|#2TG)>Ra<@L)yrnTP2Zr5=q}5dH|J2U-^zhX^@JpV5*GyuhKv2#8#57EKo}Y zLe55Q&LRC3)`A^lQB}K*5gIwmr;x=Ll+v!BI}54@3yahng&t^KSc-=9>gA6x>Ld7W z4BuYn6a0_-Q+jp$fwxMOu|C~QYIgo$BmlmEd~KnWrSUJAu<)(`#i_gN5V$i5zNZ24 zj?uL_1m=tTj8PZ8`rz!YLB2)F<|@341=^?D$uF0(M7~DHQ921%1P!-4UTuq`8m0{H zRZ}jZ7TDh_!&LVt8e|~6?e65ZG}i`r$zn)@PL}!aRd~o`%Q=RqM9qgRZ#PcJIxy3c9*Ny6xM-bL@d1WC8BI zEL))C9t7YYpd&1NBIjo$3q%C{nENOTMBhREfazTcWA?K+dc*Qtv@8oB_zHl1-s}r| z1NL@bbr=0)1+0$oMYy#rL~}aG6%*OVtjbM*r2wQJ0VD5CQ92m+ z?Hk5?Plb@-*v{GQ=$gh%@u1({BC4xmz4m9#H1Bl{4-4jaNUQ4!0 zmUy)lB5}F#qvoK-Y&^*)83Snn6L*Q^eH%}sa9nMQ&sSY1o^YX*>SfNinWt$NV&0pY zEFgjHY{i%hAU(eRQ)Uq-7K{(~o??z1+{CYT=dfZ_TV3YLW9S-`C-J=4iegC3&-iQRd z9rq%NB}WBBxH`(YPI1c3X!`oQlc|Dxdv`af188whR*0<0V#QJ%VL*mkA>)I*V~2G2 z7Y&%eOf@@f5)hef3iH4V?ThxG=Mxu3O|#Lg?cSOW8qO`f#AWUd_*_E*F(GHqV3VKb ziPXK^xSs}kez?&3dl?+|+LJo`ee=m?3c#xX%P(hy%a}ZWmvff z|GEzNpc&rSm}Jce4^}MuxuPDnLGfxCG%t*W7OC~|fI#JhlBn0ZHRZ#sIX&2$CFL6> zKxoD=B68~xcnuGFkYl~69a0W5xE7EE1wDhuV=CsIyG^Jkhj83Qym+&)Rk^SF64Cf+ zg9QwnI7#+bW>^8<<0ouAyrwIa)HBzK{l9R*BTEYE(teA3xRL&Ijt)77=@82!PL9E; zAkCvyhH0KZC(#7=rx#iyjeK=}fficx+2i!O3y?WVB>d%K5$%`Dj7%=)c>X=M zC2%%LTrKoJ}NIlbeM6` zTeQYeC`C91k=8f1S0)CDGku`WJ(J1R;YqSi;N1&OnzbJI;n8BvLI;Fe=5n8xGl>m@ zeZY1Gdmmnjub6lKB#>$a-z=zy`AH1oh7rXhMD}gq`2z@sulK!_@0f&;e~So7x=@uv z*ANKkWw4TO6NQhO;xQ(~(acRuiF~5WfLyfosYt9|kW<3dcca^5uPU1QN3*B*^_4XK zs|S00NJyMO#LX70zK~_14zi zkWtv}C@>hMU%y1l;fmJ`(-z8^)R3}rc%Qq5;pZ&BDNwF*Hrws5H=U=iIK8h{x5>0M zH-A4SA)h9$4PGlV>3corsHwMQwXRYokOW>HX)bO)YYwhZTW_?|j<8M3WIS73HaDFj66J zY2KXXHOrefy9^9i_oF}1P)%r$^$kahO46p z5d@AEmmv06p{Ck^M{X>j=_97XkDW_eJ?2W`bkGth6ZtCAl#?D{kJh1j@vP6X6B_0c z-<*I8G%3eW|D0|w%{Zi&ky%Bv^0uzevV;&y6EIZF}GiZ51a-l-m1S5CA&lNj-0jn-@dN0unl6}F`rI_t|fDhGoQQWAdjd*N9^|s}$BCYc4cS(8Npw46D3tBPkqU)`< zt8k@i)t=`gVy&XDn|frlEc7b**rv1n0Xt5*zH({9*cjDR)Z?^M)*j6zhK6=zbdIn0 z5VJi*#NDQoq0UF;2IMsZ@7NgS&&s6T(n!)7JEAKu_d!xmZ2O=%HV(jHjgWV=woxMD{&2q9L@X5N8P@Joazay5r9D=z1@ zg#@q9&(N2LzrW8knCQ^84s`~zKe7QA83{P4s`xkxZCX{ z2X;N)x?sPXp7_{trkCStivqZKwUJm;^G45o$Xelxo^D}+qmb|eK_%S|2ojOnbCQL2 zt_k5x)24!loqUV*ut@LYId`BL?Wb`3n=(%{(P)_UM#I0E?V%yUL-QM-F94y9yzLC? zmM*I7Dwwa0{_Py|wgya?LSO9l`rL0cVgxuRW%$Wz4pwDqg@|++b4rJ`=~#gvN}?%J z;rfipB?xj{@&na*6v8c)q_DGPyFns4^2yb)bS+Q$95~*KQ0bA7zkN|iByGbJs8!q1p&2njv$U>Lca+N{P4&mB-Tb=AjBVF)Z;jabb z_^RQ#`f@@xfUvmksWt$ORCpBj!p*IXeH5H1I3MY1as+~#q?KQoxy0LaA%TAAumnbm zUD@i6URjGOa>WWNIzmf$MZ_jIq0 zIXo*XPps$_Bx1n?asIc+KK!b0>cOsauG97H(Smy%L3x;oalkDCW~R+MFWVL;zQ`_O z^)j+fBCCBJFQQHohxZJMMZ|mMhKb+jAQx2QnYpJ~nuQ|y2gYj&kN-EDj zYP@fCt5I&Y;S3sgHIf9lyVMH7T9;)XV^)z~!22g^U#%7!9eXuWfAqi!Auhkfcf1sP zL2O5bt*AM0tj7Z2l{odG=^>Vy%=z z4)b7>!FBYL`-klN$n2poJuL8vD)m^+sKgI&>I8~A3-u79??Zevl9}%wbm>HOeqfqd zrmhjF?j`O-mVT($_@{1Ir3aAp!qb~uTq#-JckKjr{G@t1$8b=vA5iRsHh&t|c<8~F$Be6_QzXj_a zJq`cFkfTkO#H9|lN)=CPEVR2U>vqdav4+$V4Snqp6`j~L)6(42 z&;~f%uQDSbP@~2;#w>uRy4mgOMPLWRTrx-4i`KIY#vWA$nsOZT_{J=+7q-6T3Ch~gOaVji@ zG=t4+(4%W(tyJdIk55{1)QoTxf{$y_=<{No+G`U2sIhW{q&nbcI-+YkL`v}!9e#6S zJHUE}^ytk(%NG247m>ff@O2P~=_g{uw~v74p!&T_%ZN5S;L{MXz1yM@tL(Duk379+ zTMOZje(s=V)5Bc=aXi46g;DAtm^JjiP#C?3OE-IW)E_dQwidZ^gu@5?cXRz}R4zcf z#U}ImDd69icxLyC@UpIz_+%!ZRp&(Pti3LGDLa#WbWQu}Cd|gs!Wt^UKRG0?2zu3WD%^$0FXS zD&6Ro(QlCYnMr&AVdK%!v@@oxxOdEFgl=qy|9@!IBIJ%1gStRKca#7BXm|_1FRdR! z$^Un8{yf<`nbR9O7#drc(i?l2(L4WuAYA_^%!&TLKoIIqmOt#W|BxW;T>f`Xi3YTX zjw;&Mb>`tDDZOnX8_|3TtZb^}oS6zC8#Jm^#+t<1T#2m(_4xRNHPfYu85gXqA~2dF z5=;cT7HUnD=^`-;8Eqy`CQeHLaX~-;ab7NkP>(N9i`o+oj~l|NihzR9bQ)KI5TwUmY~OTl@~C% z`0%=P3z`KqfITDe_=C&06R#!+8Xdn>emTWF1277>oK(@9ke3qTGfw`^PKg3nAtIAG z*Fv@=)|-GlRR*KdWu(VYg!!M-TZst?=rT|*CM>`+w9EyzsuMi;J@ z+RplVKV8Za0vYvms{>VcFwVqFGr*;q__UfNkml5bbJ|agJqM|)vY`&N{ zsN_S=Y@yr5|Pj=}<*^|AXGdUNWHdCf{U?pRoBE`lJv=oKmdS>xW=#Sxe`OW**qioW!)8 zU!XgMJ9-HTb9Tgk4KK4+cX!gla6bf}QGKX8s_EG<&Jf^WWQdQ*d^L5dJp98TmLO3U z7A9M{A|9n)H3JDpK*5DCge&j7!)CqG_g8A}qTfY6`IgO4Ko}RgFOvxZ83P-vSONiK zas}UJF@CIEr*yauBAm34X#7y0476!rrO4bEYbfdWJ)Bq_fcc7tuU)ra6n6vquF^Nc z(O0U!)RA$tM546G9Y;kMt=CJungltp1vOXkR`UlkY3eCTiRH6l`XEC*h;?~z*>FO- z8zB|_<< zrxClW4}^nvim9odyX)_+^@=2^v9%g~gd-gYPTD(!+l%T&&L+0qfzfk_aahitfsb&% zEG`^io)Kxu_(IO@juyL%^QTaD_B_|_c(e_y=QDVXS&ZuHcT&GSV}oyYX0tFmFKH<8 z_}ijv5LKUZH=G&O4qn3jJi4AwXUrgFwn{RyjdvM+o^BJB_>}xX5FeW>4&74ezhW)P?C+el|cX3ow}sywK{3oF=I#GW%l%(^>5MXN}dsu zkn;6;EaQMwy(y`>IJt(@il;Op(fBY&LJ`>=QW?WkX}jWZ-Gc_PPvA z645ed{L-ql9J%|4CyAt!AuXwAA8_{_x|WkY`DODP0^M1n8(l5R7kuCO$FweTl*wS< z2Vca_Dl&x7994KoLTm&H;;sF?{_>4DD&$9e5|zW)7a4W8JD;Ic*$Tv7x? zUTy5F{sUd8nZl1>R!i(la@+xw{b?lz^uL)>DEiBs@2xA|e+8X`UV&P8yx^A?;omc+ z`V9RlnWrZ<;PkETVaby9wzhC*)gK#aYD8WeEoz9gOAWsXa50R&{EN;L5neQb&J!bE zM52A-_XZ{T4P5oZ z4Bm%7jH31xM|qLR7{VKwJNEH~l|jo>IzOx`Gk~TvAmcnww0De*SnVfBO@_EiZ(GY9 z85hhD-lsjs;g1QcbCQr>@+e6c<+2Kc@DQYv#Y%Ne>6TUc3u@+2rvFi7TlSh=AyEWp_&z?tUy{)`fOCW_%RE9ZP#_?<;f)1sP)C`+U6U)ZgpA`i-E z2suBBJ^7lhNN4ccVzx_R$NJO&bgT^A$_dCzN+?}`zO+ln8+_G;%mvqP6tpi*^TBti z@d{VKVU@6jE{kkyddGPNTZriU5r0(Ot1!p?Zx8C!E0lK=9dTdJ0F!NbiSY7%yrMn- z0PO4jCVI&tKrKRdBg2wp1B~O+9+r7yj6vd03;QP%sswU#vZyEoxvbGpaR1kzMlX<@ zVTA-(4-CkTtZk5-S3tjpWOmw}5oQHAxVwGNC&d%kMt>gG`h_cNg{oDGJK{ftmWl;K zn*&^Ke|9=1eG(X|_po1^p=GibkKjIYB$HoM-A=G(^$%mk{SlOAOX=iEFzLBRYOAO> zs;`?EaJzkK1iA1pxaPjG^TBjFB~hK%mDC!+edx{siPZWqlufE!2UoZ88=i$*`1>nWcJqak zI!5@KM)>Um$q=T%DQVijubAt)dEp7jOt3m-i)~={I5U|2d(u7dbzexPhG8RiN(Q6nv4pv@t8WkBx}~ednLy& zhVkfRwj!6NEQVQ_HWF#2+eWC<$BSG* zqajG@b=tV926jt0XTj)UJxl$z8fs1K%JE?`G?&S=&c{QeSULIvsuKgunVs zHb1 zpldmlgVoLMx1ZbH^$k=LJq)j+06=0@6wWqO&ou1gcVbM8>qiRcNOjFtdBD4Tm!RRRRbeFQ%9C60?1EjVI@gP_&LA5bsD5@jvAiIDdb+Mw)J*T zS6C3W$+-&9MWLkIX91YHBdx%IM$cn>oFizoOVI9bI{;B`!gH(CgDFTA-b@C@Dx(&B zbH5$*c<**E%qvudM*rt8%|Xz+oMNGDo`R+Q8F0VkTA82sH<*v7s<-+5Kvw$SaH-0MBCyNyr)o-NGj8N{ z;7p0>_8ohTZC6<+YJ638rT3xb?!3sN8XM3%g#~$`atMM63#Y=#5$#HoU_@7b{)ed`&r7~%r zc%SPy{*2*)#ru)U7~t+Wf!Rs;M=Db)mzi*jf#|@_Szw?f0&Zf0ricv`;!;IhN}EUM zp=RDxv@O)|it*~tUj)AHGD3WqiNL$dr6nV+^Qp|0{Sq&=PEpn|c~!fIAq!?cE@FHH#*`1--1M4S@6 zPgk=}1c~J7;;6m_zMMXdx!2ee?P6ECN&&^rcMs`Pjx%n>I3`@2$AHI((=}TR=d6OY#A8WmNGFL)`g37 zj1AeWz*YO*+MIdPCm7IOSlF`3+=}^^g|g4+Fq@w<7hxv)KY-9RG$KTUGIUg~EPG`N zR_plf$k|CDhO&#fFyzeak7V1=%p*gcYm$GaH$I)CuGM7Vt)>s9>e`{))en!gEJTv> zSX>zvShrNcTQ^+g|6uartI#y6 zqImUd^3o1ezH0cW9f;^)c8p-HYt$IpSM++}unC#hyQ-q!%f5(VT0+n#=$_+9QQk?s zjhd`HvqK+SCWsEb{zRR`Q~lxz7-ue0nQDqPVREYB&X5Y9355S!3kXUSYXt1Tz-9_6 zeBGL`h}xe{<;;^@wjBe|+g#-xXe<#$5mzX6FB)q^F@zIX$X1whmJX$KObv0~m}Z>< z?sC~X&*y+ulXEFK7*>1cwAnms$KwCDuv>w!h zFk41e)xvu}zCa*n#K-|jv{%(|xL;5IP? zQMlsCt``Qa4gDitQXcT89atz#9#JcF)&*!woct{=LIF+Cs2&AwcgzkoISQRyL5c)q zVpziNzZLZP=0gUp&>JxEjd<`dU`LkTl!*NWHqZFUiSLjFnttnpbr07kG+74v=zeY!1~zb<6FD(R9X z*te{AYwQ{zvK-EFBZnYViwWv)9N|S>Gi7H@sNRqKU=dA%8dB|6F*Z?1^nD-WL*@5& zEAieCV^_uAx`6PJXq2HK*UCV-+I|-{S$nl*H;7=A;_scR0EvS|*K4#JF?w?#pG%9+ zJq>|^K51}eM140)YW9QKDpD@y zI-b5#>Poz?hj=P&~SY`hb;ol-p%f7UQb`Nfs_b1H-(hARmDWqO~mW0~x zuDig1(BJIf4uAX$?H+!{WHe4F60G^EOb_)RoX!p#lpc|brMnVu4S5L2 zzq>~F3)Dx};Y-m&FOH6$;S?UD-)#f(OHmhm$i}|zruoo159CMd+*;~%{7g}^{TS-A zzvU)p_x6Z7@Qa(&<9&pbee|bs(5^3!SU+p!*W|D?S^~_(NP@i7=kaA4?xnlisy}An z^iYF^D&;TYSx?QEOktzXY`+$)G+1-FF*CcZNK{|MMacSRg3e;HE}4bke1fuweiT>w=*(?0 zu_OYbh;RDfbK(L`iTs{cGf$h9$S$IY1bFniha08vH`0hux_sss=O3EMtP^(IaU#na zlh#VYc$Wfa(nOYQ?8e!ZhIVCrcCEQ0KUH+*>=3Uo$G8^s6#moL`!u5>**F(g%ZE`Z z*I-HC#*7rjspYMf3Jp%UkD%A;>5w7R5c17G3p1sTkqvU7JOcE+4mPJ=32 zqK^CV78bV5TBJKq=l2gY*|Ob_@ySB94as0@`z8}X^&wssVZBNn|YZ$YmeNl`oVG<2Uds?m*nxun{3x0e1PyIk;y365WuF9o@qnr}MZlH&@ryvvF@M0>-FozAk{ zR;(HD!lZoJF=+$pikv@`0)!tqUdqH&RKGu(5^T6yp_&G`>Pk=5#z> z*@R@xIoY}jpP*h%b&@CF!FYW&lT|0zn}{oKwRSOj6LO(0+UdY<(ur?nT?2`2oozJ2 zeP<}Mw{4SR<3x|^->~-WF4%AUF31_R4x67i)ymaV#KTy&JnE{JG&A-gWVB%V?z8mp zY-=)plb!C&;Vx}<<8)p61e-ZTRWckW_TnCKM7`!lqSU=_13iy1rd&wHlt);}EXb%m zLRX8rM@6cAUMqKrt7??s|E-%NQIvA65tofG30LxW?BF(@hbR|eL{Sev)O{hWl4ACy zYd~+^)%TdMH8LJWvPtCmNG!g6mZ*&rnILAhJj~7+i_`bob4>8Dk$Bx5qctBb@g!!z z$al73@@cQ$B|!F}r4<>SPgs5E_wsPhCeHVnXq~e@W1a)B*sD)h?^2=(ACa3XzMr$RtTwB?Ch^b~0In7W_M;7f0W!Op7Hn4hyROJwPwzf`@ zIvpR^a?sqOw5ag+DBCbbgVm{ex&&>nQ0PP*oX-H65% zL~6_k1AKgK876wPhsPka3MGJ2hmb=kUMJ&(t$XsdwM>{>%Bkn-V2o~If09!Nom0nT z;H0ytggHPs72Lz2=_?7WH=*iU4Ij}_8Kv`RF6YMiWW^IVd$@*@yMu}Qf+(ztoFSO% z;&?39cxCMlBY*r${$9UuadTk zKD)0msL_-Q^N=tvm=Pg}%OIeVwwj(hP~fqv(R2~=Y@FQj(~t&+A0YeKOSy5jXMg+C zKUS~Ed;uI)m+k^*+OZC-;0^i27=Zs1rG8>+5Ua&^)QLRDWTCVX#|FhbKI8k^jKgsN zYThTj>LJ^iXqg7?J9-LCzQ(bl@Bw^rK`Vx^dV!}y;CcE?`^nkZwXg`m)J;EZV9U&Lf6}c;G z7pTJqxJQ@tE0`54a;XJpM?}Ck)CZY(y-w*(WR`2rxGc!?JQ02m2v2hV`$rb3LhPJp z$I0^DFg@gHD?|{@f#D>NJ4NPI4Y1<;MZSR~XP+krBv5J}oX0ul)$A}TJ}Qsl++OjS zOhCD%?Uhe)Ehr|+R7W;{#iux^c(Ay+mbm#J0$T1jT>Q=QEYl2PRkCI^%!#K4UAq z?QGR}nsdtSIs>*e8}&qd_$F_bnI*ZqZUVHw)hJfXZ)}?XR+bL>!%efN;`gg_d|IU) zK@$jCK6XJPe)GIx-5E# z!Pk;d<(DwT>HQfn^KGKGKaxJ%MbDaCMi(~&aXt*yKTZZNGEL~r#;6^fg`;MUH#U+T z?&P<28@;YL))(M^J&3aag4%)a6^RWQfyNdIyF7H2r;3g-uM|mRtJEu=)yXLGcbOM? zE2@Mf4XS88vo@4gMLQ=^zbqBi163AriitG=B8pFWjV!-2VS45EslKc)ZD{L7=#o5W z^uOP~WIPlPH7-jhH294zKRLMz^nb0=BMnK5h22M5AUto;Tr)9M-kE5SHDhAAJlM@2 z(TEq z`}+NnHtDinPQ6p!ws!(C`6F)eryOw&KzbvdY7*m&=E%mo(+$o`OJ24}`4NXu4^zQL z^$jX}D<1X2bWHBN;oUTB*t8+03iYg-@%I3erL3fKNr=d)y<_Of*i`F5%T|F>>GnKi`r~EPCDw?wrzE6+qRQ8 zb~^SOJ007$ZQJVD*6nY;duQfO-TCgEs&oFFQ@iTy+IXI|*IJK9w|K?!q)c)?d43LU zW1Lc)m6TqB@sII*3lF7atoa(c6hs-=`={Wa$6b&!h@Jz!eSDrUCnGD$Qo(2}3M9QS zCx@)0*x7~FAFNg$(G#43ZA(;XR3kFuS*1;VjSKHa)oAQo5=Y7*5G6*M<-oy`Bxj3# zNLsTqKn$(8hT0CZ=H($F=*^C+yOxDpqk^=yp9KH8*adT9mIypunQWARv2I#nrA&L` z^va*-%jkJ3IV)H+3}5)cO(HC#bsZx%O{3swf8hq(bZH=wmB_BD#geJi*VKv9bkd+w zYz2M1rwIS4WM+zIRpwPvBCile7W;$6O?t>dk)>o)PIkct+25_b#CDRRzUz;uZK<1L z`xc*f?&CKGiA}?ah1okL4zfE719Oku<_-rb^fTr+Dp$Bw8vnG%AJ>+<1zb1(ZT=>W&WdP*|K z?Y72^Irgsg<@hbqscU-v_ps(IlfH5kOLly0D~0kx+R(YtB6$Xb<>hX*L-oN$~AhuT-9`M$7+8EJ(M#v8O5y7gsRm;YUrzA`tN}O zV6R8zueMR)&G~pmQx|DTX-Mka6xFNo#bV{fZOJH(AN$b*?kG%KGVoh{>(jP+o#n=O z&p}L;7@7k|3rNiM%3xPdGiLSqFsHCZslDIhU*00jhN0wyO>BvPh-hSW zz|~$Nr~C}Wl(HhL0v{>*2SpbKiD5(V{%Pr9aA_g8JI50MKf0n_wGelg8^wul;^wq& zhcs@H+NI%>Q;zwtlq(qGo}II+r5xnj!x2$6}%7y0fGi8euemQZ|#GS=f8 zjsiX6O(&=gADV&aB3cCF9oMemOQHwA5OtXz0gE3?Y1+^D;pe*oNkQpJGy%$-eY94r zsT}rWBKgsI=J3}qCnOGbC;PUr0s&W0diq)S`c)j9FTL$wcZd zpH~wSB(d4aBTY7gt~OlBY}k_cTrni#N(U?PStCFbig?pu1WB=c3d_CO2@^AuQPlL1 zM6zHZ7_#vG_y)4nx(4<^r^FdrTG!keA*z{Vvc%-VU`VO)IV0$=&a0^mj!5)dpHH)` z_Ny-EPp>JzPp`|7oR5e3Y0wry5g&)%i{Rm(Fj5d@S1?&{5c#<)BG)^A_{=!z6xPtf zMdvm_?fmA$Fib(q7Ya@Qq}Uq?G9hvg=}&SQ{O-GY0Zy2DDwriANk5%=xsc$mu?GX9lI z#WHAaCeNG9Za&YiqHUq}*R4(q#D2w-utqg42YyOU^jGbKb+0#A7Jr3k7KS>uM(6`* zd3~zq-Yg{vO8Br6sOgakv5ysDBB7mM0vJ~)H<^DqoXr3^h(0lveCjA*;6Pi|1I1@0 zs=RZ>=r@Qq1p5)4%Usm$qDmYQ53M?_0zQkm=l<>q70VD=Wuf`Y*hGwj11&$=1h3+^ zcgXY~gmX+@zP2~3{0$PQm7ou+Kgfhe6K^ZcFS24ph9^w80xj;0+5@af_Z|k}F6BeW zX+sxL%wBh7CS=U;B@LFbSHjO)lCJ^GqqV)ysZoh#z@hI1^o zm*LSDSUB~QdRKpoCc|J&VDO}{%&`*NZkz0w-812ctg(zLd|yBt_NcHdz-|7$9SH*V zi&J9hU@_RAf+;JVlq)N)qU|Elemi2l1CyCCs((VzSEuz^f!J_ph&872vu}n2ZF~sH z@{!Wzx5k_)cMKM149^G){p}8bySoWI{e7H92&;awWxhw(2?EVT(cXJ($_qMQF9<%W zcS4b#W~bss!YZdij!c)j9tDyd$*^=vViHR#G+wifm7bo?v^_rZD-*mx5Rm$la5w1hiu0)kO=*`HO z-Fo~cG(Pz4U~&Cmk>Ief&n%txOY!9f0n9JTEq*AR^C?aBv#4*t<0kBtpX9*>Ge}aa;I)`pWWH{G>I8%vo{(@Lwz}EbC^j zHVLU!me$s=)Nq25DY2N(uxKaHf~0hBnqR{4lzz55nxd$p#d^-X zta!3K-<5YfG*hXt66G`nI7f>ML-ihWgE@ z2i;yZPDU*kzo73s0|_zM3cY=odbanR;R40B+Rfdk<4SdHwXwU5`C<32N={Ze5QdfJ z!$o-0*oP77D21Hnx>jq_;xPEV@$JHQA|XFP^o=qbKL_T3_oeF-jtTHmsaTs`q+uQE z3vFFCJ2cE*bu%$?qT(6}fYU(%N2t;C`q>fn&%vJMYZs{+2$NJYYiBDM@P4&7>^=@t zr{>`ykE^aYj5w_lV@&wFxsn3U>5u$DQ+gcYr=M zP~O4LQvzQ<1WR5Szs#4c_Jdo$l0|LR%1GI@UB2{}!u6k@ewVm>c49q zG3Fn+4|z~HEbg&DtYKW&H$V|R?dApNCOTM_ukItbU9|9eDavU0^G)@u1@F<`WlQS0 z3O!yoSq97(8fPV;HVGaJj_nH+sWC|r09B?)r~*TA&3Cc=whT48G&08Xl*8c?TwnB& z3=1cnLf;w56;A>_BI(+x{(5ozgjFx(O9*0Nc{L3(9XIDVUPmuDRz0 za>1>?t?%Q9axfBldZ&MB|HZ?^pTRX;A{;|kvX~ab(ymq>+r0k$h%C`>MlBjT-)SyB zUR%#FMW-T~3`eNUmbrqDV*W2~Q&z2F3=6<0v|LP@>(QW;9pNAUS=~leuaXDPrn zo2*&X3Bn>F`J$P?cWx@Y$7gBVcZ-p!!O3q{yEK-2<{tZCtrE`>80x~2q2?<`;X$qi z9Lw%1*uL1n=S6`OCC+0&Vl9i2^C`*r^YWj=gxHQ_F=;){4bmSHQ} z0);Qv0uUyBL5pHIqz?#VrmE6&iTLxQz*Il#bOi;zP>Gz)AH-H;3AAGm-wq^Fo-DL- zw8Z@GaIfl%xkG~{Xs6NP?&n1xlp={A{b8s0RwQx^8`1CVivgEYFE*>ir|6aZE)Jsv zzHZdz89Nv$uD!z%@Qn_rbWjXJ(CHqpH;4*OL;{9#4^3x$8ZddoNe`PH^$!o$Y-O{t zXAiRIZ|l3cZ`2L9{1Q9MJ+XL35ILC1hPx<-??uXn7R8d>E;l?i4f97_tQa?KEYoK$ za6;|3TGpCNdWWjPB|!?Gek2Ai&M=E z{V%*tFh2rHY$8yu+fuF%qUDJRYnJAA#3+zfY9(WY{**>S zN0_p4J9fv?ZgZKiXJ;67-K9E6UaZOm1vL z-ZxT0?FDK#Cnz6sQJ`>vr*%xO;i^WBF)Ec}kFI#7kK4pb*ecRU3e5)rr{*(|&^B=* z{C}Wz+TqJ|D`o?%)vpVPD+Z;pw*(ZF^m?l1DO1#^jh8hYllSco+m%*3;Q8Sc zMG<%+07-}93!|-Zyh!R1E`!lfw)?$8`{I`GuGj)yEjJHFzu31XlSZynAeXYl-Pq;$ z**q~u9h*rc3tf4o22~5N1Hz*j8!LZ9Y6-b-5;VysmGvq@<;6#lhs)+=*B^|B+7Qa@ zgg8I8(GrpeL}5VX9lF%pW|8DApl_6WGzOp01+BQVBN`Q8io9gxgiuP$ax=h&nK6ZS zzRac@2@c^Bj@!hU<_TU9X?tAkx{(NMo1|>o>AG(HtT#t^yPMpSc9#s*thQaENmnU! zKggk?HJ+%8tOb<|7aWa`T$y0V>Bt-g!C1-}BKPQjbdc!iiGRCo>(-yH+dV8aSw>}3^CVlrs2HD0qdTG z41BlMfu2mUGk<;DweQGuHa%g~!9j%>kq{?#;mvFKe^^Xzsoqv;Zkz7gKj2;ECsDNe zb>zr=e%t>d8XFbIt+lVmSTP&!nvC($wmY|`@eXo}mL1W4Kv2hzyBr=3gR0ML2=q** zoC4+$xLnt5JZjqA)pf+B01|f(@zPU5278-P?*Q4}86@lUoNDGP*>GMiA)Va9)%45e zVq8zwj!&b$x0Qpu{FAA?!b#69!hgJ*#PtJwzrSGM*nWW0vKFbdd35ORFfBk(XS&^iv>UgpN9%)l);C=B)s!7se|N0gYPmhf*)8Hs#R=+M1VJNQMg1az`=X@r zsC49cM^D{FbLqZyqcB`|X>O&!b(tdhgj^hRXsOd%UooL8rY=};F68HLS9r;;fo%s7qP3Zhf)R_BLc45* z>fH6~yLSr3>J@Nl+bzufSLYg}wmr5DnuUTj;BK?gDmpte!l!X^`pLq#N&C&n!@u|I z84H}1BF9YC5QKaR!*CBVwSu57%P+k0J$9snfJIlJwy+$(eDEPXd@6)Lp~96$lN!(F zx~%EQ-**YUHdXBp9r{?h8%+=x-K1O)-C+NV^4P{S=2XtU)q5Y&wzdtgHh_~x6A{_A z%G+&)5Z6pkNF@oWwe7Zb(r~7& z@`lCR$y|ohD$6r3&PTT&y<0ny3oNebBkIbA^*Zj%iaJk?UvKbU5688IXHx&D)%vK_ ztnyBQ+bF!!0z<9f;~M8M08Q00>g!K@#&8eULs{(W!(t{YM-A9bJ=11{6nnAefGYbQ zb?vlS4n`FS1Kq((%nJ9OQo2H+^x`dFOWc*(t6lz;?S1E_AXD+xN4gRE_vJv!gPa76 z8K9r*>4<0{3D#i^fHa@lgS!vDSm#`Xjm$dQqBurJ9`8iwr?{O~Q_PQ(NbD2GRfbY` zzF#vJlV=<{Jsd~ZmEP{y)xrPvKT6V_Xa>GL3lU{nS%z0R9dJsjM^Vq9hVvWj1u9#@< zd}EP9BR)+48JKl`9JPd_IsNR6Y+q)DLzYG>0izx&*lHlCd)IS$P5>B1EX}onn?c!; zFE4|yDJs+@GfjsS1+6;*^TS16UqV8AzXH3QKEIp`^Rs)u0N57qJKDGP?zq1)ym8fBRNJ|DOS`|H{E+{{PVGpdG)CGax+pG4sr`>)`P-rXY6KE3RnwLPwQ3(tF)4;SlaNvHGBpk*?&d$g4Rpt|_yyZJZ6o_!qSfcZXXwdm1m}}hBO+UdtfIdR z4WOEBc#}7hQea$Hx%bfHR6Hu zCww@P(kyMY^1?#mi1Ez**3m5LfV)(25@odMiugs&%cM0WB9dJ%mwUtRpRkJf?8z@% z=^B-UZlyD^Jggg~``<3}4n0KzC=JP@ga*Ym_Jb#`Hn}f>FShaIcy}Fa6wb~Pmv$-i zrU2X_AJr7A0N^Cv13i*Zlut$>WeA*cjrpxx_26O&DV+f&SSYCr*CjE-1)WQ#hE(Fy(cXGvne#WC*#>(j zt;X(TPBUGJ?qvLXSLT?Tae1!FOLddAQjTK)IUHq(%Lb}1a=796=})tfj9Sc{&+{)9 zc8kJ#$Ao(sXz&TpO=sCFlYGV5gq4+wI0-E~Ng5?JGSXif%C;4`j?*KP@ooYoVa9Dq zpo>A3eO1S)P|N_!tjJueHe1_c#xJztyqaG96gV-m0~B$Q2@S>C_2p`H_~`{Ug~qFN zYgr-?$IeH>;52acSDC(gePar5(bDjG;=)^=oPbRRsH)QkUOG zQ8nxx+^3$NrCO9nRX<=?skv%zlmIGjeQqa@<-=xW=A8_+|tvp!@JKCuN zIgH(5?XBI#x3K;0pd1#t#=BI~*?b7fF-B{E#^4<`{5n__3>pwVJvDa_^P35DNoF*M zkSRT$5zKG!1Ji7nq}D_sQ9_29om0|hS2kcSmhjMWX-MnrS-F9`ZAIm~1fX6V2hAZ* z5U!tHl4oc7$^e!66RuTg7 zy%G&`{q z55MC-`W=e}bfX#pTk?w`MN&sN zw_AMv2qNAfln%&HM@SOtS3xV6TbA+EUx^X<{=~C?Jn2XhYCif>MZ%px^0oq)>6P{a zsnZ<__A&0Q{veJ_Y$=nN&QOpwiH!9IV~?sLh%Hm0i#z^^vnN-jyK?i3RW-e8QViYFCqU1V6GOjha!{2;raZ?`z4Y#uo8=rW7<-^x z>X@x#ift^5a*wQ(?Y`sZ#M9lvfr&xkrC(5zcuNZ0Pz9iywkP0l-H9Dp$}P|!mjqO~*WBAY=a zTQ)$o>IWf@LP(VTlK+E3uh0w+MYPk9hi0p;(657br(sYsAay0a z`&0Ba%y83j_(C}v1AudR5P<`YP^N+dP7y>Vy9uq0&Y$5y6u=#RFDCKN%fB6&^_?O=|!gokrV^=Av z@dY^GaZpa}{MEpKCyUk13mEut4ozT;rOi@iV2A!$Z*fj;3a^rz%Mh8~zYNGsSq#-NwpT$(_PKFNuKB$6Y{?fF5qKX`o1Zu5%f!J<2&2~X}6CIn`$Ulv46Vg1=mfvo`Ylb+*e*TE22XD^QFBrMd1ccbyOD%@?lTSt^ z>s*oM6l_`BX_p!Y1z8Sqphr{(ui(?9;Rw0A@e`#LZ`JoLjn#U8;52Bx$NnJKoIlec zFN_aby`qzz4u=i`c?V{&iyR0H$bm)i|6?{0mj_j6|NXtozxRKLgzW#zi7d&#>HvU~ zp`Ejty^}2i*uP0h{(k!n^dFDE*MBtmUt?b3ziMTNM+c!T%AtvEHQL1qC{wB;fo!Zd+-mhdb-mZJh%|F$Jg2hiFb7WSb@0ds{813W%px4SgS4=;Z06_&z!Xa1IxMrgqZ87VPr*nWY`-1ir`*= zO)P$xJxIO$qrSK(&?#6JsuDCy_w-434r3SjqJ)TTn0ar-h50@i^AQhRCl~bMwZ9zs0;~vTs|ERD@s2_%J?&Vti zU9#8KLwD0LJ?(ohfdHrE%88i8Lb}Ec=Ch zY#>|s@;^5$op-Y*eY7g-x3;`)06M-8JTa9M}@dv*XYCBc?YtI z*N7Sz9Z*Q#-wvPo5;p^?87rVeE)6Uhy`k8eOEd!Q@0__h-gTxKm*(8*j&W+z85*<} z_IY$Xme?bjZ*+UGM-776;&vvzEs@eKxVBIdj_ zxT4KAoALvyjEuo?weoHiFY;~?<3My`?eJPF^dFaQxeArHdx>w7Kf)S6xHK-6S*z&xVoRDC=j>N zHI$$aC7XKnMJrsxgMcSM&5d!VD{?c(010Yg6~#e*)B85o+aOv-^d(<1*A;8r6UNn$ z$`vJ&uY?G}I!pvwcfg83I6_O%KKF`kAwGA^xbdLhzBcfvarpfOh~^8Q@G7L8z21qAN2diq+h~IM&%j98AC`I z6m*r@{>MaR{UA^9wBJKP@iSulL&d)a{Nfoq0C;-c?1!<3L$9cn428i&7^G2XyX~BJ z_+x=Y2#-OakmH@u_Jf2O1e41J%nu=mOi>`nj;e#1wbJ7u@Jt&!4M zaIhO4Yb?onMA!VqBK>A8@so1;4@t3(mBpD);IFd=*o%eIWAiJIyW~bG)@^=X=Lr4c8U4++LBYAg@0DVL8HB(!sgWjfYjTGF)E$!(X5{~KwKT_^;j72m;;elPdH(PIpjWDKY%*&B_n>6m_&*ez{B z&2p!Be5{ng0H;T;G+MJ&t4YQ%AEaGCh%+kSQo7O16iJj^BLg6jwlZ$KYi<u%IMvTE`>xrbH0#OKfY0A6Y=rQ1_)g z!y>H8*m3^;_5KFe`!l_2y;rQ*%5w&|aiZWtacPeXr`9j$+v z>c{}&fiWm5@75|b|rF5w5LkcQ(27)*Iw5NB9-yP%_VZUHz( zcyJ}z}`o8yxk6Ej+bElesflI^773f$rd^Y zTEtE%L((!@GZnn%aWwnMHr7`I+-|K8PE z-_%t*tnl0vVtB7NoZrINIKGL`Rd?x^g)?@2Edj)%Q=7Yd&7*o-D9dKR3eoA5#MTeBj8dA2R@d&p zx!`DCvJb0@Pt=6uz&z@*=d3D7aFH2b+i@UVc*Ka^B;Ta?tA?|<%`V?#9M$Zczr!)o zwaPF@oPMoS>!HmGqx}F;;{284fCR9ZoafX9$UvK0#!QiI9-mmES$cw*j3wQJtcWXj z{Cvtx%MOXgN`#gTHl@r5#cT+p23j!l5PMa8ak0iE(m)NkUosqYBgdqv*Q@A}-f{_h z64Ay=iW4hEH>{)XTIv)j&UfdZ5@FLE3IP3L)B4;G?NPUk%dU-+dY}$q&CAS&UNx$+ zn-Co2#*3rh6E(Tzzx*MX6^Oym;&oZstAZP9qrc;#WQj=!DM9KIC9+$j#RZoK(G^5^ zc8b9*M{i~TH@Q`{$=3$0Ovtb*g=^`sUYsutyc$BneOeUa!QxswV$g4=NC^f+unXSQU$Hze0)Y~w4;)T+E8|FPUV#W>fh{hhu> zQ2%PV=l&l~VLO%ole+)Y2pwU*ng7pWH-BOH6t6_I=J&>E~N)yf;`D{XBnEA_SA25$L| zJKgNaVTqQmVz0zgJ+9g_KX{KjI9>+*ngk#X(!G;l5a-^nwXSn>43t=#@_1)(EiAq# zb5!W+;mdgGzEzqu3@1mO^jI`!wR_!x!=Y; z+h>?6f;`?g8+Wr9psGLz3?^|*BtSziGAR4)M{zc< zeKVseXdHejgKL-J9TJ?+l;9-{EOT&3IyHTiD|sQ0iY}z4n^03)jRH~EM`3h!h$3*N zQ`y((&GjKXH(NH+{c*r5LQ?*#b|9~0T#2!}#Cpq{1lW$dRFM7)8}?3thI7Vrr151O zZ=Tjb!HF5QKq9}*@hW@^6n5B{sDHk27&E(jBU#8nL6M=gYPL$VMS`&sF?|vtd~dXbQ)kE76jfSD z|7f~fF?0;=>3W*o(R|!%Oz`{<12eHU7?ym7t*vI+BFZ3k4GVA<;$Nrassb$u@o(S6 zlWc>7$%9hm*zRJH;N*b= zQ!P(NF~{CuZ11+;waM&{z<{las3QN+Q3J^k=KMK!my(5VBk|+hkC5`}R{}b?k)xE! zPgQuYu3%V)+#V~7@Ig*<^e`MBM|bKXmT_l@7a zsNBz9!brx+m+Po#Q-iALRciin<{MZMC(lTZEXZ^Xkurt~ z6l_A(^$wkv_hOj!z8i#?omV@6Bqf@v`Wn4*>E^Zhl2wm{;EYCUPn>*f;;}z!u+6)! zZR?}ng1!88n+D6MbZl-Ggd0?t+6$X+e2@dWf#E(iF6IqW`Z1118827xnJ zbb{J#fOn<8*)|O<1C4kju5})K0AoE(E^PNw-c8v~3I581so4DZuWb!?JbQ(}qMrp! zxB%=q3ld{vLwm?8SOh@0Y`-JeR>L)qszkjx5{oLzwJq$`j&9RHt$}l@40>8!(!A~; zT)WR-LtD;kOz*ROIoIZ(YGBITNEOmEtO&|b(AHjv>Gt2vzMuHjUaNcel)$mFe-A-d zeTw6J;F9PMr9R#cKYK&mpbyyXbt&8W(s-u$6kX;q9UNT+cFt+1gE8={VCQH&t2kQw zU#zY68q{y00#2M^^>?H}^_(m{ev@U^Z2GEH+g$~-Bt06|hdkiJ>eHCZOFMHv&H+mm zbX$1WkSzK!V0BIAyFu@{p{O==lRxFcz964}TNzPXy@C zSvrjVQ8U)9w~M2drmftdT}YD6b;#f1ud}ooZ8G^Src{L|sR|rg;8ZenUbuKV+agLn z7*lYwH&rG?w~zogcBD8e^PKpy*NdAsO{GqxNNv?mIVZ5;jkh0#&i7U()EftvP65J^ zkFn(j#Mpmt7@#OoL7@m*c^D*y+(JdTl1))OzkTXt>f%I?FdwntT46Az#iH4d=TIl< ztFU0jg%fdy$YQB4ijiI4NwEe1 z_@y9CZnZj+yFmGKoL?zapE@hN$ZC?jSwLIqH+qxA`0NegrtNXiwsLe{1HQuw* zc`L{S6TF7O!?aYc5)NwbrU1&TEd-gb%o;Ay>#s6ojn^* zNp$VQVS4pwY-R>d+x@a3*4okd)LQ8}Sr1<*J79O=MGvdw3>pSyPui%;3S&yxv~0Z_ zJ@XSQFcubT`DG^75zJm||2xg>993spGRfB?97CYViFW_SLb{^2%X!Z9o!OqM?mU2n zj_A|=H?=ZO-&A!6^Vviz7g6+S?&h3dpjPw+?AsprB)Ua5h77AH&i?AhL8Xj`_SVgK zyB3Gvw9IK(j)I8`z;p(Nd={eP2@OzT>pJ1-2z}L?R>=m&yA<@ zd}8<}+1b73B%uP?x7(&b%t@xZg>vB1HtlFnSplQ3NO^Kg;aZN35nPJ#CPW2C3V86T zFJqG43Wj%GL9c=#O9wnu>qK(^RROYTFeaO*>fCLw97Y}_SN(X>nFp#qC5Fq6Z_a5x z1C4eEsZMQ=^2bt&n5Jz*xU!sI_RKJ>DNJeOLckD*T$%j?iVE08q$b7OAt99WVCKRZ z4-aijK+A2Q8fJ9RH0ybSJ!vCFxCmzSS_gQVaZWwl<7mC_uBxBOl{Qx2qgm7*9w}bW zPq^ijM_l+6oEv(PCC76hD1WuQ2mQfkK9lnBD-YcrAEt22CrZ69N=_)rwog~uG>P(( z{qCJclyi>#p|j)IovpWT=zHQNM9YjfL42JrPYz-~DNFa(3qL%FFGk=Dp}=7_&ohAi z-G&^byrrN)hIDxy!NY&r(uv|;H6t{qJ}y{lwP%*pt9pa1(jV&vLBf-}Eo07W;?Lg_ zIsg;W>#8HngYbsOaxm~2Cnha}y zay0K3&~d6(p0F+PqQAZc?U!ukVg`j%{`MJ~7fNv8G~1D=A_#sdG4!77e<>Lx^KQe3 zb)Z4dLvvXP61C_z;{D~hAKluNq+@>$=&V&{=iXX5@iZ>pn0~%apPl9`&fc)(U6^(+ zSIm_zi)LWI}G?P0&x#IP#PGV8$h?NbS>pxK7qC>WSry z0w+@IQExp@OgetLj8vUoC$`kp-!ms)3G2XR*o<~NYJPo&H|YRzD`c_Hgoa@$w88c{ z8%lm>gN~EI56`J3Y5v%DSoAjv!=fWj)y7C6E&ZWRzVk(k>l*Zxt&^|g8v4cvU2)Sc zMP_HA8cC%Mj&B(%hl=}M2M<#V?eu!c68na1V@Kt6k?bRI%|MBU#;$+5X+MCp*pT-% z4l3cz5;LXIP&-&)x*HbD6zx;3;%Fcr?Zo56*4+uO==Q{tB|Y`HIrNN4PSg?K?PN)p zQZnsTRMe9u1PAmCn7}Jm>ZDg8;fMJ|%cT5zqlAz0nDo8-z=OlUp~{{Q67~2+HFjCc zu{13!{!BY`bddXLozA_yA7F1gd}SMa`>uV1KRGs<$GRHwG@pvk*7~tz2;Pi%@W}h+ z`aZd}5#lFfJqXTsH_MGX0>5gNd-3e%^kHl+Z|0ab_N+;xhq>DhpAo&wqYZGI%L7cP zQ-wSnc`lO_+;TEGL;xpY0@%>_NAGNVfRg54!{km5*tsE!F(_@KQ7HI{R)mO}ysR1) zKxu8JiN&9M!hk4qy3Z=GMTXij_^)4%W?;DqR#oz0i_}t&jFiFT(e_JN2r2;Vn9sYxk|1e+5j^y;=%5E#RyoX&M zOZIy0_)d?eNZ@g81ak*$aB>YVCE~22^&#r2P-#bEx73;}-v+6%23%O)3jIr6^xJ!) zag|MRu#cFMb24+b^`i$GC+@`5eMLej7e&b(ZJhXlBIraXJHjff#*=MBrFbvCN|?Zz zK&l+n_Wp24zA2(psc$a-RWGi9E8J!@QLAz2(JSJJ(tyf4Dsj3w;`f$g>xrW!HqmxN zkGk%l<%A2g4_J1F+FM7X&olRaG1+PE)3H}VM~t1KlqSg|ZkuGKqeEQ{1JLAswW7Sy zo;_q9s>Y+&wZiVeM9mbCb(1(KiUSYnjoQ%|-s-Hj_$<$*9M9y2tokw6ayU7Ub1+kz z6H>cynsVWe$QCjxR34^3GWQMi13J9NY8BHSdJm`9r29yY%INS*P zs=t^mESHu}U)QMP7UBMuA@Y&Z3QNbB*dsc6(AEwxdzr6=dL&b7t0k?>_P~H8gx6%( z22Y2_k9SwTQ&j1VF=t5EZNDb#4U^}vXXegTV3d~#6jz+)drasnRjR+I7y@?!(2F4Q zw!E_U1Yy9YWh*Vho}{+xQ0XX&$LR!(Zpv>7IyOF}nRp>m()uA~w#>C=1nsFJRi}!Y z^6GMsVI&mDqw$r$WauX&_Xq!^Yqancl+k~DC@?%B#C)GIWmbh8Rxo;b9Z%X-v-a%1 zsES#%q9=3u+2=gj=G`l_N^L8ECYXPmD)2QsL+G z>2#%n(NpuKdu^^vRxc7poU{tcNDSpSoDZm^uLa#NLSjtNF}|q$(#X>@1aynWzs`=k zO+&pg4la$m!h$Y#GEqfq=K!$zCS^ufAtQ+aXazlK4q9`gh7v}HdgNs0i9jobKYHYg z@E?9t4zncB_X>-1&d_qk#IS-!Y$0P{gmK=YXlEFXMO@}KN-=#QMfO_La?R{CP8=OT zjVjknINUYT4`0R7LstsR$;$Yj3=r%L9K~~-c*S#s_FsrG#A@fWw63R?9lqxz3mWZL z1xUqmckF4>##|HLp4l=O4)6py?Qb){EKv2TLOH3|z_hmxD zs1LD`6c$cq_di|InPh9IiZ_hvpYb>?CS3Yeo5N9Y*&Q;akkMpI{&Z%xi@Oumz=_T! zBRd@-i7YCK%rcowL9uF%4mw}t-zSNnQmYfl{z>YLLKX*`TI z5yc+!5`}T>V;#ZbsAYZJx{h^a!ALKh`7QQ=VQ6K|CAj$QHZ5c^`(jLP=TQd2S^aiZqBOVb&TpdMBf}u1_UmXQnG|DDt>_m0VI}D!q zMY_I_VK(9<-KdymR?09Zb3r}F^)6`|`i;3Lbd+tjFynBFxzC(2{_slQqC$&6Tx{GC zm-9ei%W2#x=2VL#vxOIJge}DKXBp0%;5ir!zqC}%sK78DKg)MrjVQJwhY4kl7j)-R z!-!?R{^dU4n%Q+4`x& z{)<2Y0<}(M-ASgTvRx(4;oz~@n(DbRTx2%Lx}L9gj#(;(e1cvL!BpN%UtTS{KQFIA z_jjBqC|3|$v7c62e|UNFGRX+)2_>r!l}hVXf7DciS1Q1*cl%csk{+$oL7kjS+tbjn z_E&b>z%xK;*~}`c<`RQ%CY659sJOL*L`POh#*BfG%^zbgvwpXU_Tk~Tq;o(CXZYgw zw5ID&HZ2%n{Ie+m1{>ink}-e7RsaF>1)20ZHu>_lgi_lv>74`El&&RcE!)Zk+w?X7F%D6j(d4TD!fQ;| zIEU$&(*9%kUlSmrV<;od#on;dA=NJ38=ZNR@gHRG!$_Q|?F1<)aK+ECLOP&ACmw#o zIzI+%u&>7D`KF!L^30sw4?72(*9tf{itNl?3i*Cj%%#HGCOcgr=HT)0ihKD)sC_VT zW|*QaaH=QfNYnSTp%#KpMB03$0?4x1cDV3WlBBHNe~!kVfNAFF$8g!iL$ruDK&09Q zEwuRA+S}mXclq%jvJ2?+lf5BR{!Cm}>EO$BW)SSa$9NU4!u=$0YQKqG_R;aimV52E zX1t$FXCfD zi9Xkg6`75C2yY2N%$<*-&lG!&RZDkNj0oPhJmv+vV)vIF7s?37r9*A6~m+phQ`o7xk#3idv?J_k!U*duyBm&pU+c%D%A_I z@yJJm^>gTf(-tV{CC@_W#SH_?YT(}y?Ihd2MX&sneU0k7}ax6jnK&oq@~UBPfK z65ZK$_aDfAi9^;e>?*efC--$!A&QAZO4*hp+cj>P>lyubOGd)R^ zcqAzXD2|2#pe{uc4j)+t0EqS%cCtfMW-RubAwjBtGDujnY6Ydy8Nl-CcU5yU#)d_* zP9mRUlZs}m#+7rqvZd;k&W1*Z7AlqZ^oMtY5dz)g^S8Zk58KY$_EpwH*3;K*d5`ax z{4dAD2&~rK=YB(cp!9%-bwbSwAZ-7V6g}sK>8YhTH9b>Pszr>d7-7J@)8l6`&8Pb5 z)$`Yhb}=%PC@==o(Efb2s=S8Ez53qg-s$sf>#9v`@Zakdv>NlZ<8sgE>L$WXIGSBV zv-SZiA#zM9JX>ZxEx-FUE8H!}I*nD{*0GH6HzKi?2vqHk?VHr#te|bc2U{tn$@&)c z#dNxtBf0qX6^exY%^-)y{e$7hyZCm=|Iq4YN^3<@MGcbiyW|xTqS+iX^o21wJ86dp zD`=;}$2g2a=ISX?fbCWFnFJGn7SgMvMX8>X8ZxIibMF56;9!Xt#eUpY0tfGHDFHFrw|$@rAl z$rqJVSI%fs;$R0e{ZugAPc?}mg*#ja{-aZf7*J61eEY0N)ZEV9Cs$iZwdE))vD-Lx zK6sM1+^;o>C?!UBxLH31X|0zcy3Wal2BAaXh5OG;R(l8ybaXm^foHGIexG{IR+>kg({wkGHvsD z?LvVcdPr5wQ^LL&m5AgxTGW-@1062`^s5pwpaJRP8r*?=pG6BH zZ02U2se3!rPUS=(nSy)A%zLxV(|O)e_ibDK*dA`(^o9^To_3|d9ZJ-!ZxvfSwtF@p zu2y6jHrL7g?=ECmOc&i{7tN=8FB+#RxajE6!}Bd=?%hUv6R!}AYKo>r{Ys5^tMHck z92Kf{xV5*+Rh>D<&)E7+E23R&bY-Y{;10KN!yb3HeiS+@+v^gE!RrGYTYt<8WOpT{ zE60d|CD5@Hf_tVrwN!Y6M(U8?WOL}0GU(koLBHIT-n<0uu4^Y5llm6Fdd&Cioqs09 zYOB0GXCrO1%Z4P5^ZozsJTN)E`jDcxx|1+6706M%G9JtvlM2KdP4cfXBEt(K(v{EW zupDO{DBqYf^+d%a@641J=H>PHU){Jfnr{3pYMb-3+el{GIAMcIiKx_Gx?QpE)z!p{ z>y?qZ%V?e|KtG@;I!n)_4a{iU2$u4!pYg%C2c(nk!wu@OvPI&B*%>yfGBxUM+QM>^ zDvaTtcaZIN^R~yL1peACzORl^OEmi{C_aHZ43gRu4Exf+A`*E4NMbMBhGyvoI5GgH{PX3Bdq|msYG~@}xTe;Mq!V3n~i73jF zO9!?n-=MaLUZp9Owc5u?h!M63R~;zZ3u4pDI)g!V5O3Wa_cq*bX+uULK@!$Ms}~{$ zKzH?1ii^)1uDRA@6PjE)r!yZ?Nzb=bjG8JMc?p&~Cbuig<`#G7 zBl*_QIVk zW_TwHR$*!oYj+<5TV1{+MvG}iRp8HXcVjWid=H4S*AVBlKOg7mB&=3ZU0H1)MODIB zSuj_%s$@3#i;3-I^UGEW*Swg*ik9}}nv)qH!<83pxQund>+Omyf#_7m0YA{o=_p5&-VSPwR?@EdPNR6BJIknS0 zOz~l2BO)J*WFc>^_0jN&tAegceDpvLOY$9s`=nG<4)73@X(2tdMmy?8W+6j$+N?v;K7=k(o>)ilx>H5_-kj& z0pO9-FS4g0K9apYY*EOwYH=diFCRq`XhzWjT-GJrp?;sRBAf7pVZga<;EBfJiNfMg zc@$Pm+<;_^b^1GvBla*uq!5>1X4(H2k6pF(jNp ztezQ1xCc)={~opm&`9^``X}VjT7f*x_u6XEXrJ5`&{T?E9H84bvcnsO3MKIhhy#0$ zak^|APZEndtczMe_{za#wP4G--=1|S+E`tXsCzh-BLilGD|LNnrp3^b{cK<02agjN zBmaJrMlH}v6_rCC1s3RP9D0d{58H>%%xN8u_pO|iZLGLn0M`Ugo=zm3Z95e z)_I-UVg59>?Na{vnn(_A`{XQ1;hLt9HAu!XJj{8mjeK>Da>#w9(?*V6i42>-Ze4OA zZ_8OPL!ni|8Z7y$jnJU*uvbT||4QyUW!rsuBv=NS0caxBHZFyX)xVgp7#J--9};~g z)WtraXc%(z8`!R}aid7Jv+MkT`<70<+3UX0YTQbLXecfVXo%+e_AtfNrR9zae=lPa z9Qq#Txm;2f{$RU5v&pK^>_{WL%x+<(v-+sj)unV2=IEJeucbksh$h>+364oIirlp?Y+yD(w=0vYbP^A@SqZepXIS|}M3}J}v1ux43 z`wb90Wj%ZYl);CyK42-&X5!+lQlftQYe(*1{?ZtaB=n6@cYEa9xy|GdssdAb>a3BD zK;k`;bO`}tH8={rKrA^fVxK0nnKny$MV3!XUGl>+-6nX;2lCH*sC}-fA?&px=hMDV z4`=z+tDu`4*=?8)*I?&Q6NW6Sm&9KkocDcJ@qnI?X9ge3iSgs9rlz9kI(E@4g?5qP zHjT!+fMg-n9j(xdDyi$$g*N9hAl1}kld((7&7Y=-aB6a1U~l4dNRfH1`;t&Y#G<~# zJ{`N4x%*Ow%P_8HS$HOGj+~;0(a~FQ2tKJ8YIAuudd}sTEb8W3z+|rbck)uy>5QYu zu~qq4ewu>9>R_xd9C4Vl*)av zPNxIuJ(RkkbD@wbN{LnX)b=Iyx~kz@w9_%tH`hr68P3$hzA64^+qH(U=#&<_3SYr#6v_LxtCX4I9KjQxiL^j0)r4|_eV?d!+w zh|RNX_oOFX#j0d(ZK=nt3Tp|nsk436T84fzj+~9}QrhmRH@Dk~-%e^(0jV`Bjd_Pa zPv1cLM>+gRY9fJbv-C#Dco@)mvW-#t3XWDW%7kL1F?yskct~R!(A+iuEDpcQT(^x8 z5uePKC@RsUGQ~#REDWFHuf;&;aKnx{DeQjvY7DRC9YyM=hCl*A&Fj`q1nz{OI)5fl z`pprXGs)Y!2An|9RbSs^^%H!SV%-4?7XeK51diDWE6=#(FF2l==~JEIdmuO99iws& zh}Z*SE`QZK>Q9)^yYBA=u$%;WHw}rqD5-weVyu~QbhjAo{)bMW&R(Sl?(&hyN!6WH z$vXsNcXgLt=G=y8GVs#xN z5}VEn=Q_lNTbM&9Hp%qYlt!JNEm`~B;v}s%3E|hE#t9#o4iz8f>6bq0CFxK;yz$j0 z%Rh8Cd^iLSN-Pq;+6Iqc>%-AE2{?KZNmwA(!g-`gBipXs8eOhN>0`geV|$U2_Rj?X{be+Hq2= zDw)~CCxYVDG~6@TRmnY*8|{%TV_NB5q|W4#JnK%pC+`Y&B1wbqR!F0nHGShH1mlo$qBASbQ%e+-~X&r#TE zKz!ofD8G?Fhb*lNb0s>lm$HRpHEPny&SGzM$80X)}&DB zSdU83DPvL?1gKHr+%ATS4;x>j4;vM6HCoE_DyUHr zc7yi5{gt6cjJHHxH&HT*-2y$PMGrubT&eYOBGc^1ZeUQ4+uo>BPghG5L+gVJCRvi6&OO=^Gcp zrzyK~QIn+P*~b<;U7(%fKCZZ9# zkT~EDVF2k&s?AVZI*duV**+MJBBBP(ztrJNHH$MPf}KHFD)qat6_J6Ftt9mubF0Z} zi3|Cz`MA^m13m9pfUc|m(bLLK#*s#(1oZBeOO%d<-9a;YL~$e9N_$FV9p`XLQj;%s zr&N@;G|*dN7>+`I{*fd{hujpmG1uju{nIyNaKH;AK0C<;mHX3S-yURmOtfq#nN6{} zf9;M4d`{{-PmWz|X#GH#p3?n(cRPzIb zE#sP?v9n+m$uOrhgwwqt`+{*>2|p=k%nH$Ik+4pB)`UYl*_#IPq08_r_GN>uEPOc& zz5+FL`y%`pr0ks13zx7B^fHHlGN;&i*Ppw5A?MnqPEL?Ms1vC2NvMU7vjkYZ1g~V)4bZ(*AU477ko0>x_|tsLXZkxF2_iX(6g~sv{fAMBlZP;c zsS-*BiJLK;<(Bl4jk=yn_0ipEcLGNvn|N2g=qd@X35U7GzpknXXh>I@7@_{gEwUzL zP*M89eTbp{$tUT>?;l!$&;xEC3o1E16$SOOCN73WKGq42tDzUOzoaba1F~@ONn#Na zM^>?Y64f8=OR7lKg1Un#*rQ;_;Ik-Y4RW}GArCnRkI+Ld8^A^%$no3B{bxuzwlT-O z81tSjv#ad^B{K>PLd^ge8g@pE77iXyQcR3XewTmG0LHj7aq7N7d{X#C_f)8we0Unm z)Ps`GyT9=)Oi5lk>kfmt6BA#d5E)U5J#vEF#iS&CnNu!NbWDz={`}kGb1h&zJskOO zLznKKI==siFZe&B_Hz0Tj(_LugP(>k|#kF{kVJ#&m*+fE=#JvUu6KeO#RQWm_tO*o2Bn7>BH6)Z#ssE*MH zV$9N^)*>2j9(*Q_5zZ3o$98ZPG!l-?p;_bc;~Di|%6PQj7Ovw@5+un(KthJ(-Fi&d zpckYKaQ4`27D|*j+kxvb{!Wd>ojOUC_Q}nT7(W=w;i)Geyc7w==!?_-bkW5qhs>JD zAS@H_egAd)-TkRukCXb##njR@Gjj`*4ryI^Mnz|MXDc48EljOpe*rg@FNWkaV?6~l zp-eHvdDdWF_`U!4@I^gw$IroG$Ga zWH8(c%vg^ahMtL<#sYyV=B+{{a|1FoE`J1ppf&`xEM|?p5rn~m%jpJOCiTvcEPfI< zUgVl4*FM(!mZV~&e200=t7Aa#ZRy83j5_$cHB;yA;S6Be=Y$->@eKe6DvlS|B}L^L z^RQ5n)t#$E%jL*b4yxTC2o*?IM!s6Oc%?LdHVLq$CazHM9+4}XFNX&g|3-%B2FBGZ zISYgMMw*CMQF-P+1dhKQ;R?OKxQJume+uD$B&7YH5SIVto9AIyBxQ@Up76jzuq4f;Qc^|0&jaU{bU6pKLNEd9YoKC)hSM2>M=#8 z;cs^sBugAMdod$xfM+RYYXT}fod1-i9;WEqPGsftsugU6;H?AAGCA!=^(w7VoF=SX zgyj4=cHW3ziZDd6-l{Vin@+8&TIc+z-bA^z#-O$KzfFAP1y6{`mmE+}-tHlcL>^F? zWryB6g*T&@v=mY1D+&PH?F`|0gmglIGCgCPyB|p6bEV4pUa%Ohn^f@EfWpJ-%?rU7 z`kpU9;S)I!7DiDwl%?`kC^!17+wUyXSF^V`luC81chl97p%hV96xfQTEG7jeF(`#( ziyl-ZlcYMz7`o5s)0sCJQ>(BthQ5fOLhqLG@)oLX=C?ZxzhF>#K^oD#re_qn7NC}G2JWBGmdn=$khl0n#y%)iJX0VKMgW1Yt{a3?ukSy%eJH4uKiLAByAi#+@|bp_491{UNVM z7};d#8Js-VgdG5y&c1zmBw{4z{JaVpt`1BL^UXH59aCTxOV=i-Il-u_?&q+Vp6v*2 zRY&D7It};Xx#=GKW$pow6LtHD04~DrVT{<0JG@9sB&qN;+sEXZ7w2prPA}eFct^t> zb|xBL#ijKH?PPX|;)Bo-7a!CtSM){=K5kmqo#^&A%zr6-L@@}hQ-70%0_2~Ph4ueV z;rlOnPua=b%JDxLv-Q_S19J%Zdql(B*c_WP2Dtz(fe%ov9vR-@my4L+AQH$(2%CKv zcv4eiv+!YZyh`6*NnGi zRNjs#%+2Lw=F9faHm|J-i~F7L%q4&w!}k?GIu-*Fh)gS51&tDG`Cd?kYp5nC?P9_2 zKudA0SWHQDtR{aK*iEw3J^9_>emfz3*+{vjgqDfbwV@DS_fB z3XnwkDLP*z+Nh+8(vF1k?b{5i35RpKg>sauedqGl{9*!a>I{?x11OIxG?=vh=;nhe zbi>t$?sM_=gY%I@~qTm-sU3$9@wuGx zhs1xk6S#e>v=KP!wP_)CIJ1|1w#iic&Hxa#QMq{1-rZ#@jc8o5y zC`6;IvRxvk!zpCM&8(t|_@W3pW?P%Vb5amVyZWeNh?G5~kn?x~D2Lb#o4I#r`B~1_ zs0Add5s2U7s9VhHTkIRZGL5s+TN2a$^aU!L z#m`mjQe{oi{qd9G)+msbEFPfLP*o>xC&^f3H76g)>Lzh_iCq6fA7nW~F79H)-VLdFJr z!bo=Kq-dL4w4j4% z6dS-sQ-o!KYOGXey%J-@pBJbpLw0&(LMiSnxxBr;1TXVN6iXI-I!MqEd5XC<a(+Exv^8h%6`^b? zY1X5hCM#KD9)XU<(+=C_kobaxVX)3ZjbEwN(ZSK@<2sD_aRaTqNtY}gTpUXHam zAaMshi@U-kJa;B^M9WeSBO}oqZ3x(@m+m3K2TgXP@jAQ9!ELMpQm zlM!<$DyLA&iU=G{HL(%_vkHY6heD>qv-6e-1BmF>kVLUQIH0UA#_p|T zJL$xP{4tm665Es1cD18IG%DLDH_OU|i3Ey2+(O|Lb0Z2^S#kT}2>LUeLW_6qoczC( zv;0{u*dW&;T*YNzk>N?u)-HC^KUB$4X(-g}xqHx*2cJ3tkE1WxgUuvN3DCDzGa_6^ zoSEad@O3za!oGLNX~+$dk>Wm`=`XebeypR^o1BO0X;euXG%O*(z35sB1==4J(;4$4 zJ4W{mvrfb)j3wBIkk@#qk91kZr{^eNYmTZz+(AzW(dVYZqlcoBIst5}veiU(1o$MG z`UZF=rfH@uuf}_f2bn1-L}SFBMi1FpERvv3NPMi1MNRIad(p4LNl!ONUU$HpM;e`y z^!3R{A#6C2h9M*Pv5r=G0f4v^U8U(1Z5s@^dYN4^)|m>MCZxEs&mFmGHdS9&2<&(0 zQ=Yte7Y zXT1puE;KCM1*A*er?U$_^>|3~p*~fKxwGy3_xL?D`DEKu2GBRbn*%Y7U(sHfvmtSz z!AJJ-EyzpYcw%H{8?t=8n~)l36DL%FUj`Ief!#5Sc3sZxz=Ub&>B*9$m_h2GVIgHH zZozPh??%d~3nx7zqDI7Dj3yhMSQ8L4=ir#>XB@@0gzK7HDTPCk5qta1#YTSJ4|uU^}q3e?PNv?`iFR-FkMI8k8uiDdQ8U_W%b>#+&Hw zgCvo%akCj}-eDi5r$^1MJHyzB_(b@yAo(V)fKTTDhF0qjY=sAaDc1WN;qT|IF(oem zz*ur(q#rc7o*;x;++=!NTUni+Pw@D>>K!v8iKa+HtEr}0v@YUiFdd;Oiu@Jq6`=Ao z!094ea(s5l?=jk|eor^gBe)FAtWW2ruk(tB1r4l0jS9rbuWI}(Pu64Qo|PM{AdawW z04#CZ>Pty!Zrs&TPL}I{>)v*2P@6UVP&zSX;MSmRn&K=ik>n$XtPsjt1l0l{)qGgh zg&Rvd>gH80bw1^%izHT3ahd_v@}q*blReGXX0TBduTTN-xp$gw(tsWi+VG+Hqj2({ zdg`8)1YhyEZ+gZy+dPTkgrB?{=X1uucW;9U*jquyGUJ9Z(BStMIl0^^@bd}}%Ce2~ z2L2;^7QuDA;QBo)yZYa$hIN;&D%w0@ktm2)6*A9lH~yEaze{Jh!zK+{X1sAr;6FC! zK>|;0?cTCscpT7YB%hK4TRnd9^c>zw2Cfnez4{TwON5_PY~CEg&e&+RY~S2vf~RDDj5;YyD{tJrzAe=_~S-ebVS|% zAQp5Vf>^qKt&|N*XbZshNN4H-{CWsy);E}%Vh>7BCY~Hmft$%v8bRHuGUk%6fg-hNCrgE0*dTPm za!We>L|Zx>89PKI*zL5LEbi@+;7=4QNC>!10_*qc6u}BM`$Fky5HQX`cwK#XUcIUM zns|{-vFG zN1F_P-h@oJ;ViOD9|*!H-~L?cr^vFzNOxDm3lH*9m;J(E(d<&kMt2aixQHGk)jg^T z166rs-=Up|@;LR{u!xg;CA*M^yPnA0pI+X+nP{iwVxq4JVN9N;%_qWF1W&Z2=$HL^lttoBn=%{aM>_}tx z9}RKtZgA3+|bPzQsLpe#NRe~-5>5&X!$u2JpJ{G(s6%)%7Cf$5+;o+*ByG_ z46z9i03XJl7ZWwzs+wiK75?KgDwJKORt$eO+tV$2}^)e9Zue(|c^jJq%BSwf6i z2+}T=SqqL-%cCf+=NKI(MQONXek*x)%wM8d7bD^*+(B~VCNy$loZ#X5an&V?^Zj{K zoJmTONWqU=!axdhkuFB*MZYQaA<8Mvx3i-vEkHfw%&e$8elggF-k@S}D)YFKjF4{4 zgwS-(#9QsAQ@9`O1ZuXH03}*6`|56eqCHiy`Om|6M4rI-<+8iPq=i>qVUR2FT$m>6 zdIP#;|2Zv0B!Vl%o;^AuhqFOfztVDT*@78>3yWu)Em^0bX#pK)J>Fw2&_R-|;I|~N z+38|Rdbk5FAS~0u0&jv3#64iEvWE@Rr%P(DU`gDj*|1};bhLpaaPQ&b8w+<=pd7~E zr))Ll+Q)PYuOB%i4@6BVp_(p;6HMqAM7SxSk}&XC2a41sy{aMGw*E!VY!RB9eWwzp z`mR>TR%Tyx0f1W&{{R~}Z1(eqPja-|+1v?|U7pev)Ys{f}VL{}yD5PWo;PD*qM8|1N@w=>Jm&XDeCDBJ#uepg^eR zjYj%Gbn6LQ^Rx2-7x@t&nL9MD3lP5hQ(Y;XN7BJ%@9B4d1anjjuv(7)E&}@HnE51xmS#)hP zK5jGRXwJbuQhRpmDY*nHgo@s7CI=M(8!AI4S&qWXU}6fL4S*B;fY~`}AG!+2S>J?b zk5w~~+IT!hJ13m043UKTQno6&0%s+a$T>Kd?6h*nSV!+y)?qJIDelm%0@OV+Pg1}3*6dR4AC^h%)S;Il(`lbBA&!8W0@=eR9-2iC z#~^i{bfbxfm&ANmPPS#_ip^^J;qGn`c`6<(SR-lNmjMH6otUj->M^Obp(;W-z=RYb z$k8%BeSlSdl$e{h)y3iIzRod{aBoqecu}!{gX4wYDWo?Gaj#j=ZSlQY=FwKgb%=wQpYmBHSmVou5vq zZ+&CwuvlM9^alkh{uw~ru~9YSxG!H;FYsfQ=bZ=E+?oh?mpjD#iv2Ml2EI2H!;5o( zYS$}EiaY4V{>Bq|BvcV=&oG7#M?dQ_ zRvc#5HDHQ+4Mje`e+qAp`gSrLb z31$U1-(&}C)F^-!0<3H4j3@Wm6IqPBzTRIjdhoEJbD=(v%(AHA(z#w zh+J^_BQ4FY#g?NJ0l4ob;rTssl^SdVbk38RxESSHYfSO`e+rP(nCjUq^(TkfqZpG6 zyjd&8+Re_0n&;qf=^R@1_6nlG zr5L!*ntmsxH#|k@*B=lx@9`hH9|m$ZN(w7u3>~!!siL{<8Ik=oM@hOw@6G*4+7bLP z!!HAtqoF`{?O4~1$7zt1LZOeq9+~{9qh5mKhd~?88b#(;CgbJ7rBk#QrKftlWYnc# zjG|bJN;=ayI*@@Wz3?OQ`11y8*o_KyUXbjvnKrn9a*Z%aF4tZHtQfAbxcA3Lt0=sO zmHXtOd(;API9}u{krWG}^Xvd)d@RwBNp*0+Yc_a*#){S4P?W zoo1YV75ZH5T{6&qP)Lf!j4QFNTnIpolg!1Qj1o<^G1_|4dZlni$hr=!V0j8qe$!%F zfv7nclxko7+N*v+OGWHAd;*;osYUoSJt;T$1G<$5?(&Gx$?vMbBB0I@X$?ng>O*@- zu`++5X**0;F%&~;!ele!ZvDrpNmL`Ay-yyRFSg&WdtiDckZJq?!U?j7*#+Jq%bwv! zRBrtf`Y^BvGB6L~U{rm1H?04P_WWn$O}~GgE&teA<@tX&TmBR4Rch{fNK5EHU0YK! z_2_UYfHYy1S(!nX$8=$sop^ZV>`8cVi}U)fVk$3T9S!1UmP_j&wa+x`ik1r+8xW@k zMHDH`>m5tmu2dV&hp->dEq$KEe5U)wK7ku%)4aDESi9JpF`mba&5 zfvS4bOT&Kf;uvS!Vk^QXyEb7gvK3eX_c zh(~k8JmDb=Ja^^VW|2-+Z!XP4^TC`lo`Ds5Xwqk_8S4QU#b)v_@lKD!5F`OLAeL`Ak0phb99Dhp~&P&FKxDBV||0|6XTdJ&no1X|z-B ziEU`nBodZCt5`oh=12{HmThcHiB%YMg@Og<;tjg~yTT@X^XS(P`6~*%lLFVPtGQl*71={E8UWgHT z!T5Zo1TG?BBLwQBB}l5&dxP}WHPb^!35|opz-XTJ`LaTAQ^?b#eIk>P02`<#S%p=p zkq^f3M&z|aDh-m{(eyQcp~e@5M)eBh>hGvgDSqqHwkugt$U{uq{TZ4$HCXAj5CKi$LF{H+B_4(#d*%3|} zu+rjW$sK$n!L4GuOrgDYg=hS2y}OkbvXbW90)Wg*sZcDiv*EGH$t+2N=)zHP%){cBFl$j*+AYZWO4gK2q% zwTwY=-m4Y7X8zU!yCy!I*|Z+ah4#3~oiIIdxKn22!nj*(affNptmutj0SlfHt{<_p`G!~YO>SIGPBcZJO3ctEj2qZ6U?N9 zs_R@~DlB4FPmu~?rifsA4rOego8$RFMPxB-M09Hl86!2MGA<>3xTPrR{0d{6verqe zyxC~}k~v|J)Y7Zr$;baVa-Kg^)s9a8$@pG{F8+MRs7i}2c}BgD$FLU)gWuAC=G6|f z!pOr%?ES#y*(!hjck02wqd}CJMS3$DG%o(O>^T#Ymy+HxFzTxv>Gk}b{iZdkZ>ady zJ|Jp}-7|8jm2ds=HjyQ*fumV`6mR)~Vr!_o|mFu*t9^7Cbuc zAU^cVc`Gc4KXECS^e^emKbj#8A zO@vi0Mty`E-1$4Y7=)wu2dO7#Vz;T=;Wwy`gSsng@3qOiJ|8}v(A=dvcCQ?U^$wb2 zFS=@!g!FA45w`hhQqK?wt`J(Y*Mb<@y@|8F2&?QN>13X^XJF~Z~F{HOsb9hO!sVMe_ zRHl-r_Twr(i`kVYwvbuOzw1?&#ZI10>dBR@sPK3BQ@{+A&!zq9GFs z%Lm_{9rp|6|3FGBe-Y>)OL$Za5+H!$X|8=AC?RU}9olb8^-V6Fvuxw3Gp=ms2%vr_0% zH9TT(GpW1MVd)|Xdf$BgZZbKpnBzX)?i%zP^ke4`w`{J62BegX=1dedzPE#> zJC>d?O+YSXr{_u*WTHPzUTdYEmOe5D>(%D~6 zsU9bXn-PCZU+q$8tIQHXl^V?R{wid1>JtihQrrwkq~$zWj%z)cVy|j2iD}+bCgzlb z@q3=T_GX`uYMR@>5Tup+guI*%ANUFxGV4GvUn`Vy=A4hdlagwyTcj4p(!iDE_*q$E zkGZz{mS30B!+B{>8M|yyw~-OM0hPe_RMU_uJ7;pdY&sGqxEX48TA!piWpM#^$x3+lldIKnOKTP}KJnDk)(&kmR9b#aH^^_+VzA9W z*^b;0qbC!)r(x zOCx%u>nMv+*T!-V?uNtvopB7^f!Q*ws6%A+8MEotxl|qV%*(<79|y%I%xb0$ORRah?y4cQ-jPP z@#W8Wbvs$#VwNV02T zCVC0b#Se@ zo+)Q+2#Fo{a%9x_q$N)8@JX?Gh~`bt(O}0fXQ1iBw8qNpL-umGEsMycOg9>OG3ABB>xGn9(cMMjp+lzF9QS)wn>^dmMCVdNuz ztoFSNq9*pGy!F*(%<%kr$zkf`V&WzW^mp^{YfAn{Xptz37DI+amqhIab|=P&8Diqf~@A0=98bRTjpbgkSGSh7d?IheykB$uy(tYTEIbUcA$VqXqp}UvoSB zg_duV%+pDcbz=t%wTuz-3o6L^tRW6QZj)TtiO2AQ?ADT)kgHyCyMYif5vD?B_= z^sG(TcfowTGTT4Qk4Q3`+p%Z^c$?9QOc3@GAq7Cot%ei1h0vjGr}0HV0z^Xm-z5|0 zC5p4dZP$F>LH$?va;SBau0W%{=_c@w6;@)5b%3_xj{`{r(h^(~RlUW@yduj6)x3#$ zmStaQ&o?k|dPy1Id1iAXvPAl?sc|{IkYX?eP<9j@pn- zG(nKU92GP;sn9$@(OjiAfVl6w-!U{8azBCCGpS2P5APaU{KRd8Ogc0UZo&7%4}u7ak(8&lG; zl=D~Ixy(GqbK%!p_Mo|j{h;TzCTG}Q^f3}&61f(eYy3;6p<6-2V4X?>3oP9ET1ckoFbdq)E`{Ab-T+XXcX6Wa7DB5w?6|;tyb&%1!4r`r&dEnJ9|1g)u-1EYYZCIbhltT8{8}q!=+0=cdi`geP)mN+ z%?xjj!0t#owmt&QYsH)7;&ALQe;zyIhk#V^PNf@is4E05Q&Ej|VFR_s#k$2DoW<_zkK z(71nZbf0LrFyw~3I<%1e(_3HK9v-#=<->Ce*O7wQ@51kENrWvz#-~ z%H6`s73lKsIb`|T4hC2<*g;X`AI-YCDPtFqp>saCwb*yVs>z0z!>fj=HP;%Ya_Fs{ z4y~a``}b~KoFN2yW^l@qHJs}5FgCQgxoTK+g$%j>R9PKpt|j5hV(MEp_f4YL z`T77SyqI~;+Q{7?TiQ8z#IxqM1Pg$10<+)PiiTPTT2eX*HK{=6@t@M-3`m?3-+$9H zly%ji19YxOB4Z?H@|8SzAhljK5I-a$OQG-&5Dy&UKdY_t%sRB0((u8Vf@*2D_^1+Z z_Je9hEoZW}^CNSsT3|2AAfRblgfc;HLnMWEQNP!m`t&r=AX~?ir9>ddE*Zz3K@QWG zN6R>#C@G7qzP*VWlXv9Cyl-HKC7PPhcffN^8?^oy){sgrmQF3CAW}C~QCqJ$G+%r! z>yv0^6REj8cJNEpX~WDS+kmNqVAt|S)6x9K-OwK!YdA{ z29PVaOqU6XFy?!N5rBws?PAyqRtgk}KV(lWAK0ZZUj!(7{tXg?;vHZ&+&d+dmeMX7 z+hx8634HZ{wug|?W8RMZjyfPv)+Db4nF%=mb}HkRy$FyH>n&ZgO?FBHXLCUO!7 zrjB~9b91#?WNI7L2832kV*uiQl9m{LjFlzpb0eT*ADIGcqp0L`cH&8`MUVJka4eVQ zi0V+vP?WE&n^ur6Sry3&DsQJpw8ejM%`uaK@l}aTVaUp<5Dc7WZ2Mlxtk5n%YpG~% zUuo}qRh+9ExNN*^kjRiP9A}3lN5I9WV}!#rK(O#_b2x#Cc29yFU*EF{GlvB+e;5v_ ziIa636Vf5`{Z}n4Wvp+PG)l%LvP3;E7nsVmS|-qlZjiC9 z#&+N#b<0{F8A0DFex_r@NMu`yZ*@#M)&5aZj#Fo*hr!J0ql`(YZCyI4IYjsAs$g8;0uF>oB$L!x;^VdJsWpCkD3! zQ4xz3Z$`)vZ^(UG%8>(>eV<1%TR~X~L}j;NnI=;-yKS3iHiA%KwB&$|NDj)5MES(H zWHEED5p;~rV(!tJI=r(o$he$=N=O0yTB=9=;HH$-S#1`7hsZ^*umkF2;U#Nl+42YV zef2rV7qA!hIV@WE8maGK?<@Hx(PW)7dm_1k`9dOzHU7bleAD1ZPA9ihztZEQ9c&no zFT#L3?aRQWz`ELW6R^-Cn?1V8;-J(R5iGmN13|3AJBD$DD znmKI1X!5=S$1O(PT|v3MC2I>#->`+=Qv+pn>551c#dYw`)ITbj^u4mxxGm9LPzc?B zcyigfks!`C61C(EAfx)uflW$iIDikK9Acnd=cW*`q0hxj!NlziAp5r72a;>NBIOLN z25RHMKXQQZ_k~~(4$0=wV!qIXlvv8cc5=k;a3`9jQ_HX`clUD_*YzPp8-~O`A(CPB z^JU*5iFhihWGbonmB%gFSk1m%z9ckoAbD_#+!e1!Y6qw#1|<2z+kONJh5Y66JMVDA z;Wk*U4N|`;%SAKUa`1kJ-{_c%&zZQmgv8YS^H!CvYd{To-zB!a)VWx)U4$H5{-JQQZ>CpP_r2N6l*a|5J+~d#G)zFX@q}8 zEoIJWaE!rfg`HqoTGOaShTv1A`r7^+>LnaL#HbXZb=l#c65-voLGZ&!d6Y;F&Xe>yl zR&l~u!`*8xiPaHvip89(m7Q9Mmf4_A+fl2jlwVKdy0Ml}z?VXYi&`zUX*4bk=ZWJD zCexg4g!->lz?JIpFIGv7aq;Z|XC?^~i$0%>aB@Xx@K@ief|J8*)9ht6PMF z{4{7)GvY{L&WK4$G>`at%Qwh5pb>~oCz&^Zf2FOwU}QJA)IE?*MY~NiVE08g^jtE< zU9mH;$d#&IL3~;{uip+z4ufq60GXiuQ->sM@=0?-=%s}g+gn3F)!ngFO3~Ck<@;*D zv{sF<6U#ZvUit(Wk{%KtZI}0LPb!HI@`&>y_fjSH7acKD$EY^l-c1zGRqaQ7v_jih z{rQy>G84lV5L^Q(hBmfBG=Ej4hGj6`^4S=NgxToPvVWfy0)>F5+~olaL+=H+(iESyDVKRKaLYPWMtx3T zY!AqV^_$6doRt6jqy~-gouW9N2w*^XMYb1?i*H^8`b5-VhqClw777lHjpkpq{B2b5 zNoUDhPO3CkmSlnrDwaFI_2h~djzzk?5LvdegHw%RoN=EUL2@vg)4ee>Ln-5}Gp^Q4 zjVAZ21Lo74v29~-Caa6FMyAO@Px&_wzR@4D?wd$B9nX)ca7E3fonN!=fYT5aMDEc zu5*IjzvzZ95T&a*^IB-iiWIrC-Epg&8lx82b5)+i9%&YtBi)0|4hcy4L3MtU#D0}K zb|s)30h0CGshW)a8`|mb^1)G4;#{KmfcyQ1eNrU@*SMY_!ccS))SXY`15zAap}ZuX zE?Z7IgYUQ@ztdABdH}u9x`_rXM~DKEneG@l7WhOsaV6CU($-&#_yzWwo09rdUgJN% zkmloI{Gf&1@^EzaER?p@D*g-8+=R9^Hz_+O>Iw+A{Q4e8+t&#UWA3oMKNaq}I6N6f zxKFMRmaJa0efW}o4+})nr7Ofz6lIs~oD-P+Qu6lEf%qo-DH7kl4SX^@cBX9)-jjD-f85^Koq$b9qUfST*5{HtaGDNk)A$l0xrB+p-%Fex zuOXMq+L9c#Zx19vd<4&E|8|9fd12MI?zO<%yNh7xdu)?}0eo|$0e)rEye%*p@I7qccjvnsq8D@7 zps|WzUE^cF=d!q9kBw6XV+*)CpElt*R?E!c^F7B}vKO1GvPoTA-CMY0utv2s4550n zRkE=%8&~{^kxceP_c3D12m`enXDIeCET6>CZD;1OueQ$LT5@8`GfyKN0lgF#jgKrb zn_9yjH$0$h#lQa3c$rLHiSu)zJDwwPELiv4!_?*Ym@^K%Wt|Z8QRde8U9$G=s;2jL>2f4dRyjK)U8An$RDaJ3 z#XV$44|yc4eiIABOM@(~Y<=S*i#ZPXSjliIH0klLF{9v8?Pt`~;)&dcuc(!3&G)rN zTb-bB`Q>HY>LmFtJOV<{2qx6yqf#KTk7T+mAk&EXGAo{9VSNfe|esD~}Sgh701MXzx(kn2N5e48Rwm+8=;MW>?%iL42=iPNHQIdNa z0m~@Smy$=kpURt?B+CD`s&Q6Q;msU0&t5%?Y6qw&sHBBDape_Dtp@30CBf^L=LE6U z?^RilvI5FFER!qvc!gK~;!w<&uK!&@(v%Cu$P6h-Tp3``sd2Eh()Bw!5c)0F-yJKd zxKK9Z&@+R?jV~hd$q2sZ+?TVWO`Ji_e4;zz^S+&d+zgU=JnOPSNF{?u2)RQ1E7m>Y zK$PFfzKjOj3)yyeZQN(7o&q|L+Yb*W>}DOK2yKmI$EJwP5sXf1 z{!u?&($u}(kT%RwHz?ws=*1%<8ZqXsZxq_Z86Yzfn1ch8zh?TK*cdRr1K!%oN>I&x<21Am^%fs2dDK9i3;@jGaehFX6vs zh~Qv9L%q^pojM!WK&kx{8RLH%=ig{|op>is{S^#3@KGHm81t>*cE!~KeJxUM8&?Pa z#^6<#oVj!>cH~Qr*^Dy!OyB&nU5>-IwVQ~T|EU1KYI2*~%K+eU7KK1+54dPP^5DSU zg+Q+So%8W+ShX{gB4Vkw%=7>7stBwpwzpY=>sxNEvIvNhc3agSOX8KI)@_~Uwu;_k zpA-9J*;|jR^LTyoGOlV4F@wS{t`IpatCQtYdIs7TNkv|1`Djl7ElEL~zcH6 z)qDC0lpc#H8Qzg&I=t=xrW{D2 zO~`FsysWS~INZDW_7L{EK!xK58B|?1A3?ELhb}D`>Ja(jxk|3r$LYMK9LnwXW!Jv1 zHx_sQs4nKILhaMuLB{q!*hHz`hCDd${0ioO$*(Z^|MQLh`wP`}(jd~p4stGJjwpj0 z>C{S=9{&iGsAS{8mSSchq{rNy|NgEVZe2UIzI7&lhWh+~@Qk<6@SX}n<~Fpk%Lncx zB5x6cQ?PElvzqjs@Bn*wUA(>?u=PT>MFo7Mw4Iu&*g?+0UoiY;dWp&VJxMd zzx3VF?$mW<#ACyq#KJ1Tug>vFJFzA<0F>KvayEz?sdro2LRId#vWD|8-|lEzPw!*w z18@RvU?q~BbK>jGvJf_&;!Cw#U<(;DyH8eNI}zaH(|y?DDJjY}+nGTe8Y-SbpPxp~ zFS6@*XAVv+q5$hIyi@twNLQXRQt3)d3qRI5$V`K5u}Kc+T#cYSIpXI!e8o!r_(|h# zEQAb(x5V&SxpTZoHawgRe6mk1dLT^5lk{#X$SQ>GmGhCN`bvTtXcvmm4SAD+YKtvF zBLrp2XcAH8<`wez3Se~pEt%dfh2@gD3b4t{O4`7k0yM7LX}<*>>ThxNS#pQCwkI#V2oM z>4`h$ucCY|6m=9u?^k}FLyzW)8zB|&+7;ojOm0%-kqzca)kukeb07IcBgn&~i*;|n zooNXBXaxZCRqI;#{3pvI6CwZi(`<2$j*=ZGsjo|=;vSFt>kuP&qjUY9b`pKA z)dZVK_-cd4!XJ`RMKm@z#OGgx``aG^^ULH{zv1LKHSQkzC|7V?gIhsZ46yB zJ$AFoUoj_*_rYZg^W)ONE5)SCKaH2;LNF6@=Gt}aq=w$oCB|MsDPZnRk1Zs zqUexH;C>pvaTVh==(_E=fi^PXa+DduAoU4I^vy0~_D5vsTP!AC9_cQnqv0xcVEe z%;VJ1j$P+Udv%Agk4K+@W#6`#{IU)Cbo|)H1yF?%KYdZ3+Tp)v`{nSv)CW%_o8I^g zQvw(UoI*e;`JB(g-J{Zk$Z1>NfP>ZSkz{RPD-M$&@oVlUMRQAFGjVYO$l=LWg|s-g zynAx$j{6c^dNTh*B#t#8ObjuguuB3E5Y0fI6&P_uev2+L6!^#T*tBA3wZt=G2zbm( zo%(ra2m>_l8bSf0x}gph-}v?T!9}`0Rq@P1(#;l;4_KU1w{jRMg)omL-U>r1OmU8s z#BF^UQY-=x(n~D|T5H+`C>S7H(|dk6PI;K70#;0wAmAr$`g4oWDBWI7*!?Dbq=qGa zq<5c=!hGCHf#pQZ2Q=7IXVHX;BZ<(oQ|`_u@sD9;7S9515gvJj>|KUzbZgv4ri?Pe zG8Jn-!#r(C{w@Dt-%6{1(r!}?9pgBe2RDy2GT3T*Bm4nZNr_(fAHUyiPJL{8^ zJ^J|t?i**jAxwKmKaU8W-CApyft*G^{uTt>4vXZZ2G=~Q$2ReZ+O*k(mB&30_YltzEe zdAv0Z@wfm^pKVx?vt!h8NNjV*5hkH*TVm1B5JqYk0**(Uft$ z9gY!0FCXgF7J7%(P2rb5nbZ=j^1(Ett3ffhfv9f2=uXM*I}UDyOz@ZHx=NGMLkt4% zk^*<~dij*6`G zbouEX8k^rEnqJev%0mZNa8+?Y4#?1`896sea#2{Go`rfHgPgPa;--^Dte9UL%&?RO zF||z%{#42IONyb*Nz-Hnhc2kjE>D1DxE@g^Y^zSR6gJli(EvhYuA}K-Ro zN(eL@$G0|5|8AEfGPLs`a%Q_Th?pw=fGq*!8Hr*Weo}g&46!3Hfo&nnbL z`+3jUBTZtb3Diy7>L?a0G=i1Dai%!IP_66^FrP- zrO;P$Xz_|(f`+GD#5pw;P+JN)9)dz1wgB+5$(9&oFv$^3u6xE;3$fhP{J;WEdom&= z3==VTi_K>EghS?Uwwb}$SH7`kMllm~+^@9Yl*^h!#Yv9U`t5{?`gU7%y`C*OpHNP5 z>T3DLnfg?YGfgKJMGelf&u^bL?t2HP>VJ$M1#9<9|1x0S8Z>7{UP>-*sbu6GhpxGp zsco7A*UeSbEd!G1;Roqe$n*X-x-Q&F&S3urTK=9IPKQ#G%-SYY0+eAhQFUyUXV4W2 zk3aR#aju*_bqJ)&UV#Bdz#)vjc;^*FhT^|W(&AkQA*1OcW<9g(M zI}5FoNXIK6Ypa9{JHE{DdS#`JZII}q-Z`H3ig{^m662W~W}NRRCPHmfNQ?Ax3hRTK zJ;J2c>Umjcd-`uEfp(%C4{L!&;`1~?g}L(#Y*C#I z;s&RLVV4h~)}+I=`tSt!`t4t9U7e6y+ygD#9J=DY#94~@R%mCg2^Q5x%KS59-Z)8d zeS>5;3Ya!s?`Md$Ii!}EtBW&>*A>PbEoh!o_Gbrw(QOG6*0Zwl<13pqa%($1WMrf+ z7F{Stlh?5=A-5tmaLeDi&K~13*r|TLXBx-Qaf-KHW!-WC(0wZok$xOV?Nn!AM7^S5 zj;&su&^z|{LSBwGtpE6muzFM49`0pjuG^}U({5XfQ!r|J--Gf5^^$e30#*ABy)@1% ze&KPSS=Xa>H;5>ML#LKaAfbw3uFDzgB^m6nS!{!VbWH7qa7pEtMxvevNwRy1sfCBA z9Nlp}=UvK)E-_ITLYqFlXFrbiZ+M&l7P!U=L;a#wF2H>(fHXcDukV~=MKqe{Yz1OW z5V+GENufK=D5KeX;7^En>V^l@mYn8;um@sPsYeA~a(7wPS9J{jbh%UI2CqaQmk@O@y>vOqE_lEIgmxobtQEZQE zW6_dibCqxn`;B7b%b?+_`=6It51-eTWSP7tVZAOODXSON%7i{gwn1;cL9c`e-W5Sa z0r>0B#XF0Sq(7X6WYzqlMVQH?$&`0U^Tddg$P;AbdWSD5Nxxe9K!4kov%JDyhs@sd zjw|C`0X(+!_WQ1DazJ1KiWJ(UcM*fvww2(y-F>t-Sx~5nIuNZ0@7tEAEH!VW$<|`J zF`k-SC+{W&AzL}Sl21BJyCOy>^E&pDL?=O)6u)+#Glcof5aVG|$g* zyoRgbiZ7dS@;e}pg<`UGskQvg_YJZ3Fm7f@>0G!{|X9SonNH+EhSwn&k^?o?%Qmx(`qiGrRIoCV-|oP2Ew$8$!pF3YsI zdX_m9rcV{@w6ZF6(Bv1GP$ny*q#J}EqNK@RV1_fL$E#%*>07i{{ze&7+=*WOVi0+- z=-Rl;zYMiP`M-P-eL8%^4+I%riJXB7FC{rTggjqBgoeWWj@`V*y& zJ9CP*o&Bv`O>iG3%}OAOqLC`lUCKs+++VdN#r}?KTG(>w>Q1vl5*F^ zOB<)U39Z9!D^=e!Ea!MgyFfGaO>PhG#v%_pfgh<&Iy4@KInC0=7V|}eeC(ks&1W-F zGWtXzbX{lRN1og!5`op&q|$9~;Qm&Za#x7gii=d$?%7l8s=KCG-ie7oH8SS4V-rV@ z6o;4c?XvAqROk+3gkSo7@R#a~l<1rN>q+uIy%JB41Vce$#~jMpD#^ZKv)Q~~z~<+N z(eOynmh7Q?th1JhM$kVsIusvh&TC9Dt4|By8(~d$&h5ffC=>23Mb3`k$u^OPJ%g~K zU!5T4f@|@!mR)5Lt^G0?_ae5O1L;%zH3DPSvB&tj0}jRu!HE30FGb6Le)j% zOzm>fOk1=?!?a?_r$5NkYn?1waz(KGat5yDJ%_c1 z%zu@HR(_HP1Mj3N83_dNm{-(!3AQV5ym&jN#*2>l5b`Ph8kW)wv+^=avCFsN$mJ77 zW-4v?gXq5)9rhkQ4CQd3$EwID6|}Z|+ix1O6J~_%s`5aj zfaA8q0;4EBPoZBNV^eQz`CV(4C1!}>gvJn>L^YCc7V$;jaFUBg>9#tl(lt90!a=;Q z*%so%IEKPdszR6PHPh)@v{0D>x;X3SsT#CqcXlq3Iwu& zI}h)PpiC?hncTYD!9JW^Pc(0zI$~oigZdGG=U}d)zMUn$)_|Sge#T(Nl*+ycmVEG< z(;#+J)k?_M6Ca<+R_a!)m{}>MR7_Y8vl{&?T}!=ITVIg|H;g^+w59*bm!nu=6nA5( z-<_{F&kryC%=-Pxp|T@Hp=)1D_WW9rz#KINpE*za^tH-LqYh8GQds|#fzj-|HpZ`1 z)}Y5_q@$5um$-nGZ7E?NnI^)$KiU=hs9rzpm)nyi5`1}t5s_IXa8VEKe4WOvpWsy)sPjH{$Ki8B&wD-sywlRt1UOzOqP|6TIDwbI@J7e<_K%oMyF@f*j+Q3)xr{5)>vslWh9Wofyz@4E{BEG+KyX%tqhQ5G=-ts9RD!mxuyk$a z0}gZA3*0kBg1K(#oA1C;FbY!XloH+^3n2<faU}h@kW2km%kAI(w|S@}^(ljcFoC!J%HR5OjgiK%}EPeGZX+L2-MfMErfg zPH4EA>*FN)J+pA2N2w2~MY=qeE;$@8%y2e(*RRhBN%iuuKtpj-vb1ZCnMWk#h<4mO zu~Q^?K0k0_!7Ns*vIkP*2BNIDbZk>7;v;Emg^@^kCeM73G&LmQb23q|lYmFG4p*;P z-m-%X{#CAoWzrPhU(~CG$wS!*k)h5X;pMv+e_$}Dq~@NYZ`m<=BfT=f2Hty21*)GA3U51^g%Kl~D?|5yDIH?we%ur+gbwsQR6OPR)sGZqKB zuyf{q|0fhEc?K3$M0%ttIO@%!5KZWG*&d76Omc3D5npzc{T-w=>$qxK%KHr2$fE*q;qYX(I1Te@ zv(0F*y(H{f7H46uW#Ix@G6Gq>B$?CM@SSxWcFwv!k)nm^;!|lIl8h{^pM12hihf|0 zXH6^`Q+;vJK;T@>kY9cRcvrn?v@Iy#@NI2VD)_;urjQg2e z2vAuha3*Ht)w|Wt?Xx=!;m&c9qiKcjPK^HUOGl~FUKU8&;>(QXzY9$LXl<*kWz(Nl zR6Z*G`)erz+F(;6#+9@9%`z;lMIS?4-nvTdn?J3@RwU^_j}J4JdtC2PAWKT_<@cX| zC5bu=zstQ0Cqxrb$;Os_PV>+{D!@4!ZBS=;uxlO-nRXD6x~9}q5-2G0tP9$M(S6}+ zEMUJ&B&6uc>;Cu7l+5k<3}5}TlzS8hRVhGww&G)3Rvo{lEsLsRWA85C=Xb0{ zKwSE=wgY%SoP@qV#s9$G|N0F78-L9Iz~2A$Fx(=>_bj?tK{4|RWLy9nTzA^Z zzg5Mm8Cu8+ewD;Of5kh-JjKG<$ud=yLent!ifN`ED~)9ckSBKN8BHdkt*cqJVRYW4 zg;;7NyNvTHx+E+Hvwm;0LP|3WEM$I4hjKv<eFkXVBVj5=5NzR?9YR+C0n+ zdl!ol*R+m}S5-y_`>fu8_QX#(-`?pGk=K*!$t&fOYoa70=veSD)hYMmq*oUQ@QHth zcYm?V(_io?E!P*Hn`U)a1V;}JnHe?HNbtt+fMPa(;0St=jWP>6DlykbAn> zMX4{IE{$`<-ydnm;HeC!#7nvfFYd=y^4l%+n!K3JaG_2>FTYhwWGIa0Yy5-y)kI(0xVKOCjxK?L z{gIb>+CN*HtuUG8%$~W|75Y|i+@ejv#Wy#szJkmx$-1eC^w)Dj#1uuNrkJUYWCg z{cJF$r5d*T9ucKxnJ;bUDfI+%?6RgBV|uOjp%w&>!CkVJYe|!@W1Id1iRBG<@u`~^ z=Av?{Sb;fo_&%}cb5Xna4x_MDyd?0C80-xrQP|mysu@LA@y`OC!WTbYGE%i1->4%p zmCJ`w?>4EOGy9-`bC#ZTNuINKJNhFioU(8Z;+e;2^57#*6*Eo&e2cbN6d{ydKhS~1 zF3}0z<|4(PK{ccr<4r4SQ5*v?RCioRYw`0xf&f=+(y-><`*ov#30?n95a9n=GyXv! za&@%w`9F$BzRrU;)*{X;nAzXbx4sgZo04L)lqc0nK?#8GD8U$?&zCZ2Zo%#(EMol@UG6Ibj}n$7ES-uZrF zFj~(I?s@z2u3AXkut!7!@Sm#>Rp1X=Wi!+n|1!Mel&;*BpX53#8&g<{!`p96OFVl3 zo%yRpOji~uM1f>?^f!1Mziqb#(HdOdtKO){P4YTHcu5Qj9r~M<-XeaqNIH*>q-nVX zoUB@_l%J{(ayY%^bx|7G;q5&q#5(Hk$lc}WrDr#4q%J(>5In_lfejDeYb7C&L~x49 z^}c9*Qk!L?M%UdFE8h98=Oc8~vYY-xgT^odI@Te*rf{gy_}G6x9*TBWQ{c4qJ-j8)Zs72D`xm+ z{>lb_UJpNDFWyQ{gz!;Lbw2Pc&WJ8F!fwYPWGV|}N-gN=?fg<8OhguHH#g)l-1u3O zS*zIBtWfnaKd;eJZ@H%`pMzv4s}QZ}z~h?B#$5xCZ8EPT;8Q_rtmn zJg3K}NeYjUaT^=c6;4Et3GbLsv1$RDQUXlLO3k|963QTO){76i=A0xzpHv9eVM+{|`H^WYM>8Q}#bOPb3(@3dvk*7W6 z&s%H=`Pf1X_9nzM-24e)bm)A=8Z1s!xW~tesMqrN2GMYiI@>!)1fjj-8LULy+ur5P$yTXAbSy|+@vc@-pLMQ+X&zBI$B zOVE$YR{y|jVG*HUFcG3A6U|mV`mD0v>-4&@uX!5WHEVB2#&dAB&X)2pB(=PsFRiPwSY}&{Q|T(|{U;2~tu>8~v*en~ zN*Q=4es$kf8dk4ql@&Mf?|bG$chvlvs}|G_uBk+e)i3NVyNwZpW8+k7KHh+u=Kp$( zyVqQKc=I zOS-~`8BrJlKH+zlRD&*$VUPiklw%ysdlcbNmV1 z8=jU&y8V1Jby3+$<@zas)HrD-)Pk5qifpJpD&+1@)7b}Q(+`u^$)1?}irdVSgve7x zIR+;o`>rr1C9{D6Z`vPh*;=|2zReCn#cvW3M_wt(-->r7K?qUp@wby4dLq5)ziqx| z%*eaQkCmIVt%kdWkLE1m z)rb!o3Iqc&<4)>^8?ZLYBVy(4NhFas`n-=+qZ>D<^3Z8+x1R2y)*dM~PQ(V%=adq$ zvq+=wlIL6vOZv#*w%$12Rv%BGo_PznGZ-n^G)tYgtUN!8-?)V~xC#Xzd_!U+R-?Mz zZJ6*m*x>NPdfLgqV;5M!xzLBm+oRkn9onC+L9U)JUZ0Y-P!3@Z_y6K7`(;#mXS4Q5 zPoNAngxF!b5$YUnxPN$q)vyP2USU0_mtgmD1c3?=Y9_y7aU_|ruSv02NpTJQ?WLw6 zlAHrR#|mJ-)AD`Lk`N^EWnLw&5Q7q41&|P6zzjgV3G-8Z$G@LMuIPw0_9&s>I-w0< zx?X8FFBkqP=1>BDNjP}7LE=UKS3Nk#|6~+YG54@?_cAkgwEAZYUZ!)Tj;(|J$_n6C zB*ZJGuWK6&g<1(T!wyG`MU5`T=P}^&c=wI!pj#7;w&r=d{qPHhTKjcSGb~e^=1oxx zOg(9ut=Y38OwJh}%V7WLZ1XbFen9&Ac(;D>A#rnsuS&I+qPzsY1$wkDC#~EpS9yYu z%TLQ1I&>M5X#r;hJs-1>;y3rMQ#Bk`n1V~K`@%IAmQCSk81FI>KFj8M>k8wa++oKT?tbxymHL8pQ!v zGbj)`pP`97z+$3ARj^3IDDT+4`V-%AssV$Ao5e->C+Xs^tUf6w{DUzxMY>D44$Mh3 zb);DK5J;$uRnbVCAHOv}x4l(yUX7y|gjj{*^x zV5-SwO8t0f_V-uTZSoPETl{7*Xc1`GZ?)arM%@0RQ52~2*mMXKT%uS%mDRWjdBClq;3(1dM9vI5aaMK=R17@P{+jc2JtTE7x0tq@$!Fub`u1~x%F10(vS zGz(~dlQFEmAzG1B-0t|(Ce6A!MwLMlMuy)l#2#y+`8e>F?B~`mWi39R6VWbu)a^B*Z&N?^XJGGh0yk?kdgjG#J9=PG|<9it}4op|~ph%%79xMMo8@7dX@I@>z;e3y>UH1tyCvB2T@E zkN*BHzfdrNe1Tp8kGi3lH0ApUFkCoE60Z!r7RSB}-)BO&vLbOC1e_uMO;_ND6z3pa3R8CEXWB6wBY;R&XB%*MVqsx>(V z;g{;Ell?|G%%LRod{GP4sgYQt0QK|_S_giw!kD^RE1MRSPQDdLZ{V)k_mG!U9MnQ0 z1UF)ap6)2OoWNJ~4p#!1l)Ybk1$RP^;uoFKgJ$v*;+Xv{wuAWYbAkiq963Db*>1&} zWy$nKrPkWftMlkGXJq(tf@B-Qj`JF$(Z>o7q^P?^B{km; zGqW_BWtNIsVs?#AvnE9_8+oOu={NJIG*L(cz)=ada#I`FrQ$10sh_tG15bN^2>u8c z7G%RP`3?K{5I0vsBa-n3JD|t((+4KOIlhD-RGV@RAReA`5iS4kqOoYomIB*Q*#-1Y z_~J#$-A|a6P6L%BSn;{ze0xX3uqoaIanKf93ZH>snFwpZ<=Wdr)l6O@&zN|$MdAQ=ytXfp%2jlLHyASCq zzQo~*y9<~0gnIL{Zk-Cx1P}*(9z0l$^SFiU>F2e5{f7#~Pv?#n{T*&nQ2!O&{5NK* z|L6Fo>2Bui@oxv1e^-C}6Lc~(jQ-7VPZ(w;b74k&nvs!_Y!DZy1EG=?FQleM;dXKg zpjz>wm&jbR7T~%3#yxEtaQTl^pVrY7x+u4Tn0rm0Vt{j z{B3{--mT4wyW@9<{AN}k1C9aj2&Oq!2(V#J(H#C4th$|$XwFtQU1#Q6)5^iBy-B{F z{IYZJft=M@%VV=$^$?1?ERl*aS1F{hM7aQ)sb^OdX}Bu7XIYsd+!5NtZj5U9()PxG z!-KeyTIkCk>w7B|qeXuHJhsdsS;S@QpE?eE5cgVb5k9B6+r*RkH2s~M!w?D`f(%_9 z^){ne@EV=6RcDo*AdE=(FaVBmoH)~3-OgI&4;L%VMOIO;1`t2hbK291CppiIMSXO_ zsn$rH>$V$J%7&?bZ#aAu_X|qrp6l7T!;123ruYTSloNZ8Pl(Xe7Am z<(VC1i#NIUqNbtJjJy9VeUZRPUNFW!v_UxQ00&#YNIm$ zAJ*Q%JJ5Cc67JY`(y`sK)3I%IY}>YN+qP}nww;dg<(zZxT+I5NHM721>wW)#2UWFe zKf9{Rd=8xZFRPDP;$I!dO*!i^;n>+~OJi)x>~Er>6vn$tZ;?OKF_EOg{1e_5 z27ms+TDpbcN@;$vmb-t;T9W=PVzT=}O8=`Zf<`03 z)7ayjjoZ85?Fc3>Yg3h>ngaW%b6TWmg-%ZB9N!+QriX(}f%z~z#VWN>n4U5LPNi(D z+9MDDWMgQXRA`&NR(kRE|IZ9A^WW{o*F%BHSE~pUdy_vO5&i;^2LI?7(Vz;UjeO+r zky+nHSOE$&)-t%>yV&6k7Y@9P7lNmbRt^u!fuFa*tEO@hx`7}Zwzo_pn*LI3H(z6i z!on=N4!?(v&x`m~BO}itiS=k{$|5<(Y~jjcfvG3a>19~2c2Nm?8qa?>_1X3K@z}NJ zc7@w<`_NJav`psqM#fhI8U;)1?yLG5!7oH+N#x3p&GkAFOnhw-Osu;|!fPXF&=iQs z>q5VPMGqP-l7$iaeFY8km|@niSpMDooIy84s9`rKa98f@3I7NGkYX~qN=Bb?LAZb` zUP>(=vli522!;|>%JH#iS_!|Q*mjgY5oD!B#^fZ7>Cy^2U@{>Y9ny@CK2?uj`S1ab z1|(A(P?}w4Hj#0a3h2@6qzIP}(%JTGax%08P0Sf#rX?6jnu`x6 zB-5AosKG3qH3P6fChmh@u*{j{EkQT1N%wrmtPC(MBslygX)=_Brw~&lWgbozKh~|W zv||W!<}jbfE8_vu4sBTq-v}MHy6$Z7nz&{TT^g~Rzk`b1q+6#wfg-L=(gt!OIA2;wVkn@VSQzNbACPFyjF3j4H@rQ&d{}bO95abcaM2ps;>xY;MBLbX7xfC zYn93V_*mgK)f1zJ;98D)?v{bn=@>jOj7Lz*JcKy6Mu0YlWDARHQf;^(XRobBybqh* zQBT^l`5+p~P{3JtY}|hr?hnmcV!0 zO_UWxQT&rp$}0Hm-xV>f^D~iDqWoHB4b0Xyp=+rpNNUbS@jPx6=p?MTVKlYQ1q~5 z5I@R`@_=8Mt`9#VjlU4M@^#sBPXa$pbLedv^w_X~y5a|pY-N;?0V?(0wk7Yzy=_(@ zC$b)(NwaXZ``3stLn31e)VaqUP3*@VPf{Lr#D~(13(Ju2`hkJH=J*ndy_jEWxXL}C zr)=%UiI@hCXTZHDH9eED#s!;$*gXp3sItxjUTnA>oyKqRc+Fk8+e$6AmG@jz-Ks~l zG9-~~rCg;7uff}SpFhPq_=%Uc_1L*1x9oY?yR<7N#j`}i^5Q76rf*m?tsyOkvKth6 zKUDlw;&4m!EDF->^5z{I-s2;s_ZZ9_N^~O2S2=%^pdM@wSe>x?kfvk{F|H=qORu;X z6s5yzm-ijna|RTpfX(O&_10TkNRw~ex?pQ{qlK7JUuaBlV5V`ju{)k$tk2AB%+9wH zj<*k=R`e>3lFOJ~b5N{y_7AoZbm3D^=b1jya~#&dn@SAsr5h!k4ViEj?NG934yCvc zpE2zDFWVQ-h^SjK9EVs-XpcnR(Ye4R1Qd-~LmD|i>-lfUh8xlw8}_`}m~8D%#=UTM zmhPCbcSfQa`@19h49Zv;(VA{~J&;9O9Xms8KyoA9Y1-vFM*gaSPUROV2jGosU922G8a>==7=3X+P4S( z%oPLjQ;Jm12onZiS!;OYI33D5ePVcHLlHe9lVcOz)IZzVztcK>;{FIVQlt)2-&I3= zjivY`DK~!~DaL>^h`SrT0sT#0!1jvr%3dfM z8(!XlSc~vPT^_KE{tkhC5*37)E-vqjv09mkC3YRv{(jB^i%vdPOenaq!}uw<=TK>F z@Sa7s^TL;=;c(I%^ZHtpzvOmHj0CxwnXq*LUpTkj#N0M==)iS z4T(+9ELO<*l85+KrLBX{jv`I$9JkYECma^oo!svNLZoyld(W-GNN%InI59(Z1#$8#-1-E_`^kYEDdSzD z%cgt3f<;%QO;-t5*knvZL`+!j+e?XUsg&VC*fG@SEN&&huoY;yRXHl{))w#Zc36+F#lr zf^=>U=|fSl;jSL)yp1r*rty;NWVew57R8yPJ!$6}jC#mQ_Gp$(9D;^3M8tuL96)t6 zE+vpAPMq=vCUYvWvF%J)6vI_%dt%0!wQ&ljl8w~>sWNPmse>Laj_`x;Brz>ONk>b? z?s(ci0^|G`j~A0~FPM;s%rjQQ-7G~(Dj4V7vM1_aVrT9pveqw?luYLGHSq1gny}|6 z6ItUqwOdcwv@@Q=UqZ}-?IEyp*1`oCEeprg<3@n|fMDVXPFRId@<4{K(%YBY2rwg@ zImbbpa|9Zp+-<{be`GAjiX@YBY|JycI_5~LKNPV^f@hT#IuJ=-!c(QB$5XKOt4ylP zBM6}O_H_Y_13aZifjroODBY^&duntSMJ23LD#y7ZY;lL^et?*kP4bma@~?TI78q?; zm2&&3Dl!@UXgUN0RAllAAZ%_0r`6rTpyH4W)NKj;nRNXC-FSer&a=a!N3%#6>`EmB zWLhnYYUhwr=R*}!Ame3f0WyF?juNJiF$6GdP>XCvHfJs4Cnu%P2Fn_X`kBs=V0+q7 zdPL`heqb>>Ia3QoCLg7v(4ZWp-Ei$_9mG)l2+Y-X)pBtpY5Pi**mZuDx@62Q}OF*?FYAX9GpcLP{Xgfo&_z|>&usM$7$+t6! z?ve9h)>x>civ1XiR~o^WTd=wcT+x)#zj@wlU3(E6yq1ua=m|8EEAn~oNVC7jmAbei ze2wi&84_gkXf=K6v5tCw9^7*RC;ZmK`2GR_ws;4en+mTsxoh}#Q&=_SP%>o#o%C+%ODvxfY+}20Dt-&5hREz5 zUH^qq>=NAX`#kZ$h4yqAX^cd>hc+Y+s~@-C>axBQ`R4uRjC3!Jbld7O0c+$9C{5Wg zO*z zNbHIo##pb>YYKD5h&(YjT`r1!cV$75s}m8p*(6i7vn*JzS(qSx9-Shk>G88fI_B5p+Iv z6#<$pdin0f`^JpxK&m%4vkl2(zwm6527xj>xh0H1FvLi;Jnsjul# zfZQN38T9?KtTU1{(Dx!zZg15mJi2Rsl`t@L7u-SA!FeT4{~tJp5?sB*Zt(~o2!oqL z=2w=xI*Yo2<%L!4rz#ln?aGVOZMsqMOQB@1+2sjmA%!~gBQW1x_Jt~^rphJ#pU z?V2HA`axj($R~`y`JRA=JsWFxJbDZdIe-5qd=aN+o**?dh%ahJJJ{?~d}b zZ|OJ%&75>&0P~pwb!=jvDyP5Apksbc6%MHcll4~aRBEL=CMuSBRA{9?{&IldHf+80 zv|a?1x_=O{M%WQ}6+!UjcT!11TvvxqR~hiMcUYUXeBrX1u^m> zmHNgsR7=j0V&_CeYf^3Q_H8Q4Z`Ed6bI(?-{4|f5~h~{x;+McX_RYjJOmK9khd(xH0)B6rKaa zMl^O>D2gdD(X@z6&7=N0{z9~XsM_d)iuE_xfNSVrL4>g7o4ccxtG&Am>~EFZ3Vg!d zEl>%3Q7<9!n^X#r#(7ToC1yrr38ILtfRRbfLW+463Yt`+46T&f_f}S#0+41@rigeR zcu_uHdFPI0dnvm8q4OI}S>d=KU+J7AH-=H3zXyO3b(760$>#+4@yV)S=1LXW1YI?X zbxK4Ngl2AUEi~um^`*SJtC4wY5eP_a>S0wT37}(b;!{tBZ()i_BhE*<*G%y<>K8_rJjctd1k(mE*6$rn>|Dv8OVoH@x2fzJ2rl`u~;1>;BiC z(*7Up=|A%Le>Qw9kkgRr`vL8!ZEoJ}xdWbk5%4{`8^~BBjsj-J#(TPzSYEW02z!rc zJpc^0I|tr!An>>!YM=PQ==F=CxWcWn`eqFq1hcIBW0qux0BHy4)*8dk$iFs)Ia136 zK?0#inBIwLG#yF>;eYjcXu9$F2ewdxn>&U6*L8Y2`2f!91jp?i6*gt%aN z%|mHPQp;~4MQi?OVd|kVcm~pjS{P$`^!U>J!?+Xn-tB{*YME4Mvij3%qIH#WR&+vs z6#Xl9fnG~ng`{l^w}aYLNyZrWfrMS@_)hc(0H~r9JS1Yx>v(>9rf=h)AHm%iv&R}T zl0m^nWr1m?DQkKn- zIm9O=HwzdeV?=iO_uK^ux3Wu|A`-M-0IV}Hy7pnhUm1~}*Lpff7Ebp^UTsEj{&^v) zm0enSSt4$W!&dhO*e|$_;1_2umXJ0*Nf?dbLs0vkik^hvK}?ik<(rJB)zo2g1pk(D$2xWg{9{`wYhwcL zzOMD-e_Z_kb|w^mck%x>?T~})gcKkhd?rC_GezzbsH+O1o|R@W7_fu{BavylQ(K=U z!kXk7h&vM;w>O+YItZa*NRVS{%H$)%-Sh7cfN#pyh&&NJDK+G1EzuaZE$DVu0gf#- znQ+rC1p&%JU@}J2slh4R@;UO{p`>IU-#DP9J}+1`NFiBxR=Tb~l@&+S6zf(A}Brm?a z2$2Td`eVVOA>PdvLv4HWx}7Lscyhc{{4j1VzYa;6v!guaWMCy>`^iaJWsH$-m8veU zwP}b`KU`5tN6!1ZAziB^8k)BFzdQ4LO*6gqIjS19f zkmQ#>A2&f#8u6o&aT3PaGYorG{q^W^N%ZFO(Kk$JSIQbxP89Z?yC4*?sqDDy&zT84 z3_+A~{x&7V=QvgEQBv0!jDmLwT1gd)j!6yH%2cmGNQ`qXuPHQrr@5(YbQeYQ%!m)b*|9Ji3BAyRhBL>=89*B$B$Fv}O#U z2;e*=g+@`1=dkZ^H944D5?B?<16VgVx?SiN^t-cR2TJDn9&L16f_NXu=mlyms3mL35x6F$E3&%LtVrZWyTi&kVHaZsq46YVIaJf=B}T+U6tlN4 zo&q^Y%Qg9uyTgYmfbS36NeHZF1RGdX*&Ao;5a%!_KO>ZUgoHSz_boeJ7{?i^=8=d2 zCmfH$ve+3C0a`M7sDGro$%_L9-96c8UdFRgCsNirDd}6~u)r59b=_xjT!m;@v* za1napQ*z4D*~hnPzMld-Dk@3fsv-%sGEFMZq>`#CM+2$iRT1~Asc{b{g8~5ygF(hf zLMi3>!v&)KJLxsI{yM!MediM95OpK=pL3eEWnbiQ4Z_hbmKGwYu$x0@6T4CG)6`qL z>LnsLHDm6JB-jQCemNJ<70e%3v%xJHwCL;N?SB3L3Vi>)6;ywBHAU?0trcxeBz3H< z{~7Kg{hF(`4|aL%?$o)Nh{ds{Ft_nEdo&_{BeByP7a_>mCAp{i-RdXv~D z$cK%+5u?dBgn&(?$W7(9?^39f(UxShI} zrG29)p`GK}`O`nBv-Bv;X5~(F%ls@aabGv>= zrNRxm0VcMC39^ZEw@l6{gdiqD`Fy9JM;=iic5#gCwq$=zfW~Mz2Dn?ZI9-5S^H0)f zfnwS9;WJC>BZ+8sGB4iNue$ns>hmgjK|$5ry>4bjl-w=e#NaT2qGKl`WM}VFWUX#) zgLzcRa)_|;`NGjv2xx!LO#L&kSA_Zt6DN>PouR?~f1 zWZRee_+MA?zrn)a7Wn;R_~(DVadG^%TH*!;1yu)?as(w20*!dfwSVvT?cWbqc;63Y ze2>lTZ{PKO%SH6qn%~{+zgPIo-<{8`ohNVvMHK?|Detcpcu((dxA*wWFQ4B>6at-m z<17{v0yTiaW!$sHm;2FI&eVsF(d>IC9u_OVL2u`+CNNz-1GLgTINUwlJ^l?aoJU<1 zW0{8v)Ddr_zZ>Asn83JL86W#)R=s~~cz^p)|4)7OKb_BiF1te6%noY-!!wfTYiu&V zIkAllB44_?gAD|EJ^-T9tk5RjRp1P?GRQx3GIAuc>SBpiDU}UL@@6huxUcRsC*3wZj{I0Yzisoj zBlyF4f&idU8>1X^R%uKlvQ3PWkjNeVt|y#k*G>+!wf2?Swh{(Y05MZo4{QK*Qg>v|IcT^K&lH);5NB;P zM7>SCAQ}v18yY^k*I|fjf}TqeL9u`JwS+1c$1oiHQI}Vkw`Rh1rQ+zLAE!tlr`8oe zUqC=KP+mtZMYWZy-NB=;cuwjNtEEiPB|C5d4po0`M{L6MLF3R3 zS*bM+)C~DqbH}_%##FN+uf};jc$b6RAdkh(Xpa!*W$LkwhDOv3F^S*B_syO&v){=r z?Q}x=vjx4T*!&g_0FAf|DJai&>L7JE%s?Ym*dXS7qINw&;EIp=ySf+Ir&T*-rfXew z%kNQ-tvix4@v$Eq1vnWK9jT~wmpO+6B$Xm25AArNySIG&So625LwTVg)>rg#`$7+~ zm?+;IozsWM&>i_Y0ZY9e?ww>%j_ z5xq5sLVVvdDbsNpZ@g{2Kxfx8EM}WJG>rC*EKBZ3o{*WcHZkqmbG~D5P1!9zz3PKiDx-SR&%|o)zR`t=N_2B$-Y~h#s3WB15c@&gM<; zQ3a7Mo{run*X#fscU2?l%ZD%N`Cf0!W{7u4F>3-;)HGEYz4xeOTNb`)M^T%MZ`e7E zb^H;`QsN?vssF`$x}ZoC2w&-!LmnvxJej0GN}{0N5+^y=tq%^WM#}2=B}L@rlF=^Y zsK*!ptC?p|A#+ks*VXC`GREDzr2Xn{50&2jQYT|DZKx*MSFDk`+?>(}wGFx|B?4q2 zHgnBdhlH2-Icu^Xf%t4}t`+$xuT#^OIzwb3G)G7T-UD74OxRde2S3IuocW|CTs}L? z@@dHZF=$FAfW5eQ2qPj!AK^|=OtS@=T#%>X#TXX{mz|l8ottTdUp{X)U$3rPdr+%S zy=dFGkfGurbX@x)PAG9UlzA;`DWk?mF>}|)xelDGJFA;(3>DudNYS$lf) zxHgnd!lRuvZT5nkI$^HBQ%P-1(yS5x^`OU_K@T~<7*3;AR-sL?Lv{6jlxb#;@s)me zu3&!lRfoRBo4$?6N}U1Aw#EQU^^pM&F|N$Y;k)R}PzSMH%V9Zcr^eVESe6rJgDbAKGjboi8D^;Vb3a_zix9H`T-n>~Iu( zq}Ny9D$Lg$1CK1K-<0oFcT=q?7tE0jcvD9#%WdF4jl4UTnSz&L$cid+-YI++3`x_@ zme;LOHfo*}%|i$H)zNAuf`00pDV}$p?|Q{eRlEriAf}uX#<|r%yw*Uy2iL^Ad1o1K z?V3A@Vs=JceX|rd?Mv=)qEp!2zl)0#aHVwwNvkAeCK+5=^+3YDb-;Ft7(%Pj%BF>f zZI7U4`N87~rXRHj_Y4mQhDvwNPu1x?voB|5!aO(#IH(Ktj_-43yU4W0OsA^tuo*Y!%$+Up~u#*CKpYD2%yr?RJC1?-9ntEWxjN#kw6<5j~>Qy<;?Q2-0pW&p3%IQxeX>&p+vJ#a+y z14Ub8IQ$Tu@Eev$q;h23KAZd>0e8uR-_NR#uEA+`7=eyuF`uC|2UXiAQIw;5)Td7d zsXoFn#3r|^&OamGy{bQ@3EskpgY4G;Ky~3V?zr5uE+u7qzXr|+B4jAo9JoCpcuJr( z+B}Zgm(HJEJwbSid3X*!YXX0URr}(AJiIO!Y;V7^=5CL#{{G}WF7{RC?#7(HsUrJ4 z-1Md@8RKouvch2Qe8Ni5HakGSR*;l=rjT$qAOTRFOr#53iQ{12>Q0fLMah9Wz&mu4 z+Q#Hoh10a}S(t64cjiglH5ew)&j(!F%gK~`;yeQLJD&rz(z9rHLO=sSy-~%bQBKDs z0Q>=`I&I#~z<63$8E-+H9}2mqArIB`n4u}z@0Z>k$IGMf=buHv zb((2V5n$iGts(q7zWHyc&G2_n`=1g2f3K)=h?x=tqJs}2U1)9m=x|;1!(oK0rU0iv zZ3M5}W-}}@5fkBaR5~kjxdw12vrz&uP>1u;3A_@&O?!-5V)@4EmjUex7|BmBCsC+oLp-tS|k!nn3+9YOILD{vbM*lnnK&DFf-nM6wBq6m0uF09D?;p`98>K8Baq& zvA5N;nh{$O&=NLGOHXvfH4YaAd&7=;fn`w7<)93`yoe)Ro3HBTgIJd)d+I@{tAEgq+?casGI_$gIeW9 z@N+awe~afHZJ1H&qX<4%!-Y9ixhNf?@A0~2>uaQ-+BIY8R4r{I7+f{m0UE{)=AzTgqPEz|PLZ%JMIX=f426<)45#;C}+l@7rI1dHjv@e*(&f z_g^Dx3U~Zy3@Sp%ffY1mAQdVj1=&!6djB0R%VA(RXIstyksIjgf5RO51}MQ(R6}1) z=bb)0*$sfKqrVLt!eIRuYHlEsWl#EA>e1K#uN>jOZRp3}o$|kAttOWG2Dbm~Se~Ky z*C6RaqrWNe)B(yw|53o;f+Ro%` zA>2PHm6QuP@vy>|>929p4_`e%R!*X_wmN~DL)P$trwj0kbFsLfMb}D9+Xu(iT9rIo z3m}5jEhilPl~|(}VajqjZd?L!YAl*>*g{7gFcV?((C|TYP&{NX2sqv#mLx0{8{7)8 zJE+La2CJcK`ll0;DFT0Z^MW9t@S_`w*oX3)NTey>L-uJ;_AMg?mK-?5T=szrp$I63 z;}1@I4T}}G^YP||{GzP8pYQu>ZuLSUd2cuJ%OjgU=4A- z`WMI%`l1>I{$8T&SJm|obMdhk(hh>UqjP$+Mx?4Sg@m}c;Y2Dsk{Oq)qEP6ba*Y`S zd1&#i^)>1fDW4>XS!i+Ox?yboOb-JYsbu^GIw5!N33#sbQ`HMRjb?ipfClH<7Co08 zbR{Mag}IP`0Vl3Niw}KDmkV6WsC-#e$ojxrp@m)F)Dd_Nz_@fGk*apu->On?8LEr> zmFlD<#ms>@%!GX^Wi$+uJmUH%Q&5_o?LB6m@^aYO&pn8DvTg+xbI)CE@i)%_cMqBJ zi%T$~miY#qb%^PeQ>lu~7D>gH$GU5k#VWB{bp&qBx~cOMk{c*a=1JUSzbge-I_T|N zU(2AOJ|~k%)+f>T?wx=8&P);@JbTZiEedvVr;}cQ#9qb;dp}s)z96aGLd8dAN~bU4 z+yZFs5>(8zqLKW7aF%N_l8!ES^#o%MBqthCH}s;xm0r~w@u>E=m-ZT{`Gzwrf65T) z?NsU#W{ZCY7WE@Xp+xaj&Arvyafrya6*$|T7*T|_S@Zlm$x`~78-Zf zu@!d_kTV$Z6Ao{bWOd1HlO$Dc#M=yL7#XU~Gklm~mEbS@4aL|t1awtH?wqf(81W^W zzO}hw=Wd{TC%dsZXzi2-9WTafk#f8>q?bS6{Gd0mKA*la@1!r``2QoTqW{a4WGH(4 zF$dt&0@GE}wg5lS_eqJ7Z*#wzKukUiUY$H2L=qa-i?yzW>SX6Pja}2pa@8)&w5+gE zDD1}$*fl>JcbgN01!9V}p>5l1`@82<-PGmB`&5<}z!R`mQFM2@PkxAevJu%U@6@h` ze4``4j9 z?ICq4hGdgsVZF`VSD`e0ass+|*h{96s$<)nnoQO`{btS?tXb2D6j!lxE4q5=sulMl zH7;}g>MHnc9-BWg+=Cv;pVpj*czXKV^m?4)T?QYxMzCqyNnz)Z&uc>n#GnoFT&2ha zt<|lseoi}3Q;?K8NA*~Hq={$UwljAs0^cm3zyQ)I;G{qs5Ki>BWJ|D#HQx)B?V(p4b5R-5as1&oE9v&P9KX(04e7L?K{z z>YJStdREfdteW1@P!w&#Ky>D*T%6&=S;Mh>6`Vc5QF-au>#)XYJP)kb9*oZ~Ll# zx`zJxh73-xK!-N36XyCj8x}IJffI-TCu%~Mo+3k^j+IoQ3~ublxPXy6GzhtuHgf(k zWRo&0az>YBKZgt4xNNK7bE~KBBIqMuWbWE{79`*xJj~T)mK%baAir>)NSy%$)4|cs z+;_r6CAn4{pn)*T;VJT%*m8kDtMLtmfMo=O(q1u5yE#&Txy;hsTga8<_#ip&6Oo%F z42$tqjEg`_u96dkQaP)a?9*r5YSlWT^9~vG34!T_Ca%U-v*-xS)luw>#n{rcE$5Qt z9ceiBTz)+?$1^x*aa34am{r~-&<=t#T*+!$o3n2KxKmgtq_k^qw)vFwR?1X~4U_k5 z?g<0!21@Knk>OVeyb$z~by}>EtJ08BzqVfdkWCpovuI;Monb-p$I-qs*czQj6rSR> zdw=P#5si>w4M|hop)m*ha0yS~INX?#J(|l5JiGN%8cd=v)^nMVycL?uvm1cUX@lV% z@l`J3k(>(g*y))0EB1{WxFh+`Kbdc(7)Pe?FMf^cKe}=K|B9ase_48j;$OYdX;hct zo8slv!k-W+3rrAe6|Z3kRQRfwqa9PH;joR;4O)oQo7z$~BK&?1Xl*BX+7#yQfe9PE zX_xICcU>#9ayvor@gbDvr~1f-L+rn0o2Xfg zS&GhaFSF!z-}W}*3K;IGtlGD8VT@Blh6_@Yrnd=JomN{?k`vKY5*ln1qXU-l53RXW zH_%X5ovOQ+vFi|VVMOzf+@u>TYEyG?hMel1iI3S+SD7s4b>E~?vfz@?;cJ^KFk4+I zU}Z6=aRrF}nx!+?rY{7c$z)B?po9jAl@t{?xrCt72h+}!1F_voaMT|>r0P{1KXzW> z!K?!RYNbOOtqtt+Jh%Pmh&z`J)?PMyQ`&7`ekl-Xmgu3Z!`7M9d*;k9JlLJqOcH%U zsUY5Jf#Gks0-1;HO3yS=NF{SFblJxdxml&u$7r<8ekj_3#0n^HG#1N;%HpsOy)O$t z47a4b@@JxMM5p`UKzWUXewjl@qL@-5?j4z$x41Fss3 zhBjjKDh|o1P*NpDOw8&kCjUzRM8#Y3eDaZHd z@J56A+ehei!35KVZkQG;hxOp=oo#Md*2;4a$-o(GEo?@;F~T@jF4160pb&z-yM+A? zY7)`~2T2qEpPKpbKgc}-fxEn8#=O8{#?U&0KB%{lng@>1E4;OCn6pv{IokaM@e+mF zUO^LoNUuBTsixN=I>TMr2@AdieNcSJ>74fB(=4L)<5yCdnOvZadq%9(KQI`2b(@Xl zwHOiILR%FG!`bYeuuPkV6w#dmx=`_irD%lJy}+<%>H*R^b9_hzdSwT98UH5T`^2u( zG#H1b=I##KFWUo6tl=X;nooSPDkK;BJgOIXeP&%mT)ehnAx(Hj7_`v6U#-%~P%;=5 zB?>)bhtMUgv<+w!o+aT9S>jmUExn7b9eSAu4Gr+WE6wrj6om%HhkT zEx%IB|3|@_@gKqapW_ZxR1g#SxE`w7?_ zZitQ#T`a>0ts9JQ!Vv*&W$PiVfB*VB{K$IDVl^_Uq`ttRuM~pRGel>2jc)x(@RlNT zo|^Iw#tfXW_lIj#noZahL=qvmWm&_ta-Y8eX0`lL{gApy~)f~A((wC-*mSa#wAppR}j+qB?iPX zH3upEpNDA-4w!7&)5shN$0j!-;ZyIv`rk479R>&Pxb~_dt+NmI1bqeuvLF<7yS2L@ zPk>q>rechjiWn!K@zvo^2-~mSHtV!34FExK7T{A~1g^d4P|0N61^ix^&^?ecambVD zY)PezCu|OGQlK(*#+qNLfo)D7(MTd-1YQtJ7I5UASu1KmQ-~~1>nGhylLy-xaHH5< zx&}x@FN~}q?1fRCO7RRhQ7ln0Og^rjS}6=SSXKh2Y|h=~hbdFhOTNVP!Pa38*fX?U z|IIuSS4_@60u2?S+vR+5zHy46A0sEL%{s@c+*}n_xUO`Az@J0O!jxml_<&7AO{R2B zVroki+BnIz76L{ekt-j+r#rIJ9?Satd^(p(ots=|#wQi06EgdusmO|=$@ESr>@q=p ziGJHrps?R!D3Zl$_9mC8b8B1-HsRQ8y<)7gPFM&XW15ER;NCce_nSl5U&NExxa1{> zbk$5?PrhXO?pIcHJ-#0F7!po;XNs5fc~tvVpZ!Rg)u&0_Bs_=XrO8%eK|cGB^ve*M zpQ-P=G>-)8_y!x9V$aSH_q-tvLloH&omki zb`~pD{YOY?f1xk}g?(laOKQ?eOUy+S`siTi+}OC(0MyS~h@qW-dmpq;psI|iC%;lF z5iQL0CZ3bdCdty>=h(W|bA^>f-&X!rbVP(9eni0hO$+n>QJl!EQ^V~F^qmi#bVJg8 zR_wPV<%0Pw-LhV~6jz@Dc+b~LV)sMdHb6m&bbM|j{=h@qTd`p?-8)$;>5{hsrIDrT~cAQ(B@MPD||f5S#(0C!EAuur?{5{dqi zsQd#l-YF)ax;LRj!GjdH~ADw0!%3UM*vpqxG6}Ujq5$}} z3O%?7nZMfSG1c2|Ieb^xkF8C6QIMvW-GhdOuWIFy82o=U6P!I9!OJFK^cVmewZsm zSE4O8z^Dsdli8EE3MK0l(w}O1ddbfJBVjWPFA@XfNO4>@5}%2J8d6WC9Ul{Vjyt5W z3`S(@;JY{jgkhr2+!#N0+( zhC9_LQ~nyIPr|C{x|Bw((lQ0I(~#`mA=nw`c%pHlARzIoJtVMPZKl+2sWz@tVxu;! zHn-4xOUU#d;d`%V6n=aYCLiiA7Qq$|1tiCWC1@)Oh^6JdMw%^-(dh3Uf#<`;BMaaA z)>mYz)Jb;;P&!O(ljseC7o~3V)M(*Kepky93f=PO7936}yH5uTm8undLh28JUf z;`;o|R{jZlE*TJYCWi@q1j>wY`08Lr30yD55r>krR#4m`_Hm|4JSKB}g>%3+?)-h+H zA~@H#icAAFv{Cb&U1R>0q~>-OEz&m&-SYjB(*zTgVE_@kp90;I5I$_=4m~@82A~zq z_g-QTtM(}|U&BREMAGnpT7~2lRqPN>;_VXS@YpN8*Ly-cVxNsZanh+8)_FF$sf)MP z|Lnp;So#~?ti`S+*l7~%yzL>(GFG~}OVsnXhXeHoZ0?%|Wnu zX?cELn|ZbSL8o%6LYcMtne_pHycYHlS&gf`%qQ-ykHel|j~w@&c}xOkxx%za-BsvN zI7WL*o4jjqI7$3N`$$888)#+v)GO4(rL}^sJv8`}GRm%{^?|`EAa0o?ksfM$L?GLrmV3gS z7*TJ3&Mj+9Tk9P7LOs}jo5%?K-w=U{a-w_&I+hYvI$yM)go&NKf#pB-EE$SxQb@AM z8b#Fci8~Yu{ZM#h9V@&F?Z_>l1fqg^X1LBj*es-jdg%EL3qd{m`@Ob#k$Cs~aJN~C zLqd|CkOn;rLjkEpf9KdeaMwMmy)w7qdUm+MZPTFgUH9M$@bE&ZVHiq?%Ri&iRzfv2 zYbardVLc?8u$f-+s4YgsRuAI*R8xgtA5KoM54Ys#g-7KttE*hoLxR4MsFOMQu?i1K zP@atq$^QuIHMjuD!uXq4haVZ6FJlpABSq(0SkDE+w#b*pK2Ed2K5%nfE2&)XBrq{i zr~^_eCkkKXP;jW;F%r{tSpcW!1P>HBy$6rKex(=#S=^Z3N_^2L=cgJR&Y1X<9pvO5 zAb%T4dQc+S*;=n5x`qCgh9Y)Hu3-S$dbKaYFMaR|yR|z*5rH!X?)_F{B?{o8G$Hmz z)UV0Qvo-ahg|dqcr2_>BD{iS|F4WYv6iX_34}rC%dXh?#TgG1>3^~EkkN%_E$BsxIUmr<3?_OJnbRtR#dVHB!7Q<*V z6KPW$9GgEfKyI-c!d3l*1-v)HW#4WKqj!I9ujM5Go+a`T&T7(^356&ESV@$VLaBjI zk1Iz+*^maTz>Yy;ovoU9FmiT0L-~Psb!0T>9&UuuGDR?>@;eS_~mfvR9tm)?= z#Y$f->uWILaX%L4i9OQ9+7^|A20pg$3fT6cK@ZiOkKha3Dfir|1HbiEOHp6!i8E?< zFP)j!%)3IToSIAE<|1@_Up}9@fSj-qlxC@Go{xG)O>m#T*1VT#BGG2#|Iy>E8Jo|E z6b)aOYz6ZU`iF*0DM_#o^UD^u|CT=dTj9=sk@9~9>k1VpXXFKx433OoS$0?FbynCPh~9R@O=vXD z2F}R(`09K;N)ADo!NoI~-K~=qY9dL|9rWK}&VD1V8ysNS#rXZg&;)UjA&MVBOp3;3guXx95y=*eSc34FL)p*sM$8eB zLc#4Gi>DlXqqGnDDL?j8h=gu~`8=JLtKOMwiOU)uxe3z!R3xLrerKy3EZfRp@a~ zALJ3%HBDMfz|3csth$pk_VEo+A<~J2SHqs|kV0EFb z&&bgZnP!$Z=FmD*dL?YF5Ce~=yoT`6#h=EsLoAVzAtxim!Vx5J0pFIuP=qY4k?5_D z7hq@$w@-~qkdOHjMN5qNJK}=hb63ly+DefY$n#PAK^=a(8y_v zH@}1|Zr+@)I<8fmtvY@b6~=-~Z19UHhe8jb;!@(4BtHrT$x1gQL$h2k%vY&A?nj2r zMl^VpwDHCc0Iy$f?JeWSaI=c<&%A`YhJ2hzO#9mVBONX^{d#e-spe3C(^I&!iE|j8 zy4BU`*dWPfg+T*I_Ue>-%)2}~)Q}%_LJ0@{4%9lRk~X1r6N~N|IE~wo7|ImQkQCxh zx!`syWhCki02{^<*t&uuyl9Mv%%&1kRCd~l+9pxHn*OTR9P=Vw;4A6Kw1dBxY*&l$ zd@aVwfw)i)0#ZWK<(lX~Y|N9Q#jPe5Bm#hP(l3&nhO_Cm^w-XFDQFRo(I(u3{6}l= z6XR`kG@b`Jk#%``q<-n$DBPFqw_ZME*bLg=^-n%|-M0xICR@-TK$EUG1{}ch9yyUa zvuyH@h1XuF+oAQK6%Ywi=^<93F}l&NWW5OJKfXhL3FbpF!v!6fzDsK6Ur3z6$v+#tU^IVUANAzNDB`Bsa}>h2 z2tjMwkpjW()6hpmYczJX3g;Mbft6T&Yg9)kCmTlj!8Co=W)l_83({sy3xywt7e@Sj z1L2GiY0@Tm`cO3R*wdYF5C{^dpOiQ~aWG4h8gU76geNa`p5;egcqVCojemgw#%Q05 z+F%j-6WyH|D4*Id&X}8%5@h)Xv^F}T(33huCCQxR?+;-S^f;NJ7Y3T=J<(`U+p-w1 z$meJg6`r$WEiDpMOqNOekqdhU?w%AMRFAvg0`^Ydgxal646M>D2JQ{&p~#Spaf0h)$#H5!Z= zYR?V|`PJzm_Kd`*h~^KlkrE^mZ`|vRm#Fkwy6cPDoBv{zrFMF=jB724syOTgm7?Ty zYCJJ5j`~pVNx86hWgs%jf9=i9N&Eng0<}~;!naX9>^5Xim9;WBR78qWi+?mql>Vs? zAykcf*k5569FAL?AjL z*N`msdF81L&8u(A;ElgM=Uu)xmrndpwSPDCd3KR;73&fs>znwrf@==uMX2$JV2?_9 z)z8anaU(S{*9yNUj&xTlln7Iz*+CW@oYzgfJU0g}O)PK`A}PE07$(g8;{DGbilhO_ z=222{b>ERF_x$|_;vkc$W=>|C(1;x*bCd3yD}w_LM!9qlo`dirlY zlT}~A-MP_79W<%L1rVmc5?sOdO>k((T+xYihVn;y5NGlyAKsy%L}~{@3ClWz6L*gC zCp&rDT5|SW$wyCILAuI@{Guu-_$FpUf|?7ti(7qADCM3qrW2mouWYOwo|y|qqj#_P za>gtqJtq&BxwCA9heR2rN|{B_DEo|{{_*2LLSHLyv&wF={|@G62+PaN9Zc31T6NYl z%L~1zN#Q$xB|3GZuz{|^K2~5>Zmk!vxQ21bvQ@v5_OH<=NFw^l|BtkH43f3$vbA?r z?Xq{-wr$(CZQHhO+qP}n+GX2Sr_S3QectFFPjr7@M*ho)m5~wap1H*7 z0F4!tsC0m{l5p9bvXA`54tv^|41AL~8y&+1I=e`O^Dq~4XRzfYqgT~(x2%pfeJ1;0 z^Ilk*t8FBXW*|w!5a5Fu$#VqcB_6o859EYKojbC@h3^(+5ys%q>*fu1f#f&v_&xCW zn!ckSsuaUb`u(Xa4elZ&_#^%wqEKK{A+%+>F_Z#ytH9N0b<5m+i4i`l+C1jn4vqrPw*vhf{LQtYq3f!LBDI#v8NC@SB>_`;g`{^C& z*w7U=3=-VfYfx_RSEzIowQ1{R4I;Zua5bZ@5gL4JA!sm+ULuvuk0!xH02@%Q4oH)4 z1JnxEKH+Ovn>Au%?o<+`ksOi^wDHi^{bFCWm{(w+y5-d$j^ z-NiJH71^wZeUK?Ju4Q^9njspO3l&BAitqxZjK=s`SO@u4EFIT) zVrqoI6IG6X3Xo_g4AZMv4jO@GY%Wo@0WfDBl zlLwr>7cSluUb0GiK4PVBAJnPSq@uMvMu!iKClJ*fHZB7d0=P>bUbbt($QW)va1{7- zB3zA14ak5(nF32zjXtd3`Gl&8c9`^Zp7ef7=gZ1DKrsd@;yXj+a>>~#4b06+qK&l3 z=?hpk{k;+uVd^$Ss-P}3IhOIhKmlv)%qA%dUCsY3fk&&Yij`!xul0<}TL z^cUm)g-O;--A(MUg-M0i>hj#?Pd5a{piBjh1t&9q}05n7xhTc`t*I zt&FQBg~d1gE_bs`m7->qBIPVMx`bq(lzpYL%OuyQcf^`xR-p^uy(JW4oVu00q)yVf z!~}G@oCF(C=$&Aa%M3-qo#fe;yMz;sWTrQuFVl}Na3AIiqXu!9{aT2HVg`50Xl1l&t3h^;eV{)K=B=6K zFKmo+$HQj1if?6gHnfq8fWv*E5aoOZ5a;9Pyf5&*J;Ei#HLYCbXlS_i+PS#!e*Zd! z^zCTf@q_C}$7hGhi|VuO^6#72q=XpQ^tKd@;qYF2EUZ(4S4!T~K31VR#nBZ)sphhfk(^CyMq zpybTSeGNWDJaR5fedO#;*oZ%*YQyL1laO-+Vcml2g6Ox8id4vn%0m%h#9Xq28bO<8 z0!R$JzW1j^rqKC89FI1hi|)bou|f`mzr_(H%y=#< zu0u|QAZN}sfD-^f6DJb_A{Fq#R|Bn1>5Nl`LW!G=U8M7u3-0#$H4j1&H&AtGS!Fy6 zeh}r6R=}7~NwqSkOH25*9<;*iQ! z7xUL0DMPQl&Mp+6NT$i1JgP^l9y-THB_g1kOrrfTS;(+HTp*J9XuymHuQ>& z-BD zVk2%4l}j(kL;TiLdK-n+FNN_r{YYC6(*`lcJDebqJq3JokSfUtwIvR}*o8dO=QkNs zAmf9%BL!`grM{~QS!O>YpaqCSs!BE*C8?35S<%kFOnz(oXyph$BHQdAMfN|sNB>J? z|JzgdA4)q(72H$P2>yGzkBP4m0fvkOe@IGX6b6WF29E?Q$SKfANT3%s(eF2nrq8QjH7(X#3`RrfSa=j9%iLl0J zg#pJTM`O$WK~=xi@JOxm5mdmSPt+01d*p^GJjqyExnaUgLDUwdt!m-;@;M|k2g2kZM+IoEER;`^Xb*uFtw5d>wrh+P!VTi|{dpQ2sEh7O3d`p*K33N&?mgsu& zL!x2hFnx3a!;+a7=?B^gv>m86mZiqrmdJYRvqjBW!39r@4}(pO1sTD%5142UbTM1- z7Ft57=?k%T4~B$h&Q5j9qLDpJ70pnPvUqv&!bs)d2@$mB8%=~G^>t-Mc~x1thzi86 z<^oV@LiFZvdO~DQ8Ok>3c1vry99xoW(dMj}{jUW&b|><`O7!ajiRh&VK*1D*I{_E6hQ@iW)>|Wng-;JGbj+~&as_LSHoibEt zY}C*!ObH^f?A0@l7Q=0q$4d_~`P5R58tHfyFlWP%gszYW)m~x)59yV2vt_v@k@|30 z*mB$TP;^V094e4q%qeD&#MW?Y7erYrLOCMXRR2oJkfYTtWs4@nO|x2A@6%^0BM?JD zK=qRT?nj58f<>5S?Gp$$6lT~6Hnf9*mCaa-fK6I1KIu zrm>yo7as<>8(ttfvGnp!Ab?j_Im4ms>4W1W*@1I2&l41IiQ@raSCNl{wP;N(j|*i={F^FqGJ{bTH0%p^5vq0;-6=Bt}-; znDvj1#2w6!JLTu3+UCpVbCP1@ z3G8CmT-3%TPX#lcDHjmG5}VSgF}xCJXvS%_p6Q*f^DJicWPk8+MyKmF5D05m}k;U z0^4ms$}#T)@fs#DQ0`)$Y^!WcRSaOeWC*KUCDyw@Kq>PL2yG^Go<#oqLefM&hJ|SG zEynPp)u+p< zW*>-`ww^AiaX{V;%&v+nUw@6!hwvmqP*FuH6pJDn!46(X>%AI6uf$7M;LgMg(AVe} z*(^MZ0@(uUI&t;!$)QH@>S@?lx7}PRl|Y@aT7M2IRlr7tQb$Hd(=Tn|FdUzwX8nll zMM0D2R2(0pj01iHb*J`E*DMBukS?XBj~CE`5u&f5L29n4NGtc0Ja#meonV(FCjx`o z%49nhe2T4-q5!MXV-r!vlJ>kNL;0-qC2DmIcqxWzVh%+Kl%D$t?Gg=>7Qr9y(Y{(m zLJ)^ihEpUOcjiqIy}sLU?V&$FP#dQ@tP6Y{z7>g$yOTG!+p;H)4b=wX@tOU{N>YVJ zc@OFjL@|67F$xE#zw)44%JWupK$~&PZKZi%-x<9M`WVtMm11eASJQKUO0QcF89VA+ zNYgp8IbOyP=Y=(9%QHogQ)`@nS8n^L^ww(1oIM7~M~gEJ=Lm=`0mG@T8ZkgL>IOh1 z1DTp^D%}^)0<)!`5i0{)oTUS{iECMe1e8>=fiQi_0c2{ASQieiy>4r>_)sqggAikh z6{9=Bc4BsNis2}+S~*HkzTtRS(m{jR>tf6%Rrh_mQ900Sp-#d^Tc|5tviUSx`J5!X ztzm~=PG;_<-i&UC7gU06O zGY9#R&Bh}r+42eV2A}7z%7J3}>nPPZT`}qGs%aLl>>u(CXoiEBpT1WE z=)}!T6_AfT;2z1k2~cYi!=;!a1g%eLr!E9mh682`;_)B#&WB~`4KW4VQJV4FI=fc$ zUJ%7FGlr`F2!49CCK7SOQ=JbONnS*QB=VLrjo7+@C(;we4w-OD23Esv#STdkt>)G) zW=CO`Yc#w7+Po&!Q+6-PcqV}-w}sfIT0I<}`aQk}SMIFzT+Qh7phWVX@FI8hqk!h~ zHRDzMZg@!s#dxzdE%?J3dM#+g{8tot2T3x|v`yaoH^8&G>63Oj$`}kA!A! zcaYIXTRLBRFk1#4GF57H109Zqnl+F_vmW@e0U5ihF+ojs#C>g;lUDEgv< zFiDJ<-6jO|^UZV@XDc@_){H&|i>lZaIaDV|g2Ea9-Q6lD2=kP$zwFeF2CN~f>^~Q`FRZgho;$eK_mjO?*$@}^lzmy*Mwrha*wBLV+|l5&t0*=HSklX{ z7Xg?}zY%V!{TAvl@bK?wA3=gj1FKS2?^MbXJ#QL5Y2pRF6K|=qOXwkRd!L%*V-0_= z^)r-aUXwRuDKR3?WSF1yfV4WN_sjvxn{=6isYc>DO>ROX9O@=-heQNaGq z<;0jKXs33DmeY_}Onc6hYKyo)gvlO$`-iw^qEZ{&8yxTX8cvk|g_QVqTW|*gyn?th z${3su90i#FdSCi?h&_XfwG4ks;0BQ<)h(F+*mW*nKR}9Kka2D!ZzyE8EEcl2-0nom zn8ap1XeIb7&Ts^*zB7*YQK8o%AEnW1u=dnGlQc5lmr?A;2JY)K-(3!ye4?8D97l!( zOKmETj6kTw6O^EwpL(=5*1?-(wb{g~fI<+18M@T54UNRr-izOX20sHIxrZ)q?wU#mP% zB{E#4L{G2{WvjA10dYtzXdJ3U^~QB6)&BX|s16K}3Wjad5^c8%ZPsnK1F5R!fS(Hz z4WE$buU}ZVY#n%n03z$~#!sF-*Y};*_t^GVe-{8pY%qi9d^{F{e@)ENkXp3~7hdV+)P(NtCFh@=3QQXTzXUHqV5J+6aF1DWX| z4jUz!EA6caTw<%vYX{|GN3+*gimVZTUPJ1NR0A&9%6%w;kE)ey0iUTr8+osoYh|gL zp=lPee8kX9cps}s>o1q>ILQ%Aq9`RDL*WX9fSHgd8HBu%1J!0D|CR=J5Z}92q98y( zJx<=DnqViqjj(a3#5hUd>K8evV6xFCl^Y%EGUQh3CE!HB%MlA)h z#gs5Ejm>@E6qJH!s#C|9+*o#uTHW<0J$hOFGp2kaWS@UdPZ-s0JaS%#~2C!*0M9 zlgpx%!8-%|D*9!R{od{Z#}bTpYF61aXcEKai8v5AFRRj67r zjUJH-sU9t!x6NtUc5@>6Ah>SalDq6BRAk~9+JnA?Bf9TG(0M5|q4NG0DfjO=qH7~= z39Y;MfR6)$gQiZh*C<;Y9WrmG=-@5~UV{&KLCzb5{%1CbT`9H^bJqy2p`9>9 z<5h@B{pl8b{!O&Mn_Gj-(O@6G%~qJOyY3$%fj~R>ea*)f4-SuonwQTiY>~=PJpoUs zVHh#AtQ@4U+=H=}9@zVmn>?>@CI?@5PakD{;tEB6hO)#Mr{KDLB<8N~W7B-TdaahSJja{t*#0ng?x0fKBP zrD$;F92b|XiTCPu^7tF@FV|g4^v*~Xknh7H;OqV`T=;Um7J6w97~klTR#7==E?y0> zpSUoe9f7WpbBK+KNr`ob_`FF&3t3}(P>G~ZCdU7;C<$IuBNhF)80jJYy=?#YiujKy zL;qQ}|5axHts?%XJwnmqUnC9zziwqWvhWvvK8z``&>V(W=oC^MJz zEiyTu1RY5z!gN%g_ku{5X2`@LVNuJ4th8;188(mW$&a_sOHf}G)$sfvJ^A)#Go`9| zY8D9`XURkLXqBXDdWm}ZxM(wuBpGfdq?; z0)$D_gm3~sv8T~QX!3YLS?n=wy%U?wiMAKMX?mPVHh|ew?td!_qXz>LE!*Knh%}?~ z2Y5-^QH5#VxS{GU+Y!>EwH0+x@hciUrpuA!Ur5hW^iKiD$`ZcnFh9c|3Y=G`m{-#lY=;+KWs1N1!=Tj&HYE5}S{eYD^LMiH zY`Ts}<@SL0z{k^^Fv~=B*cV&FYMpaQGr6?qQ5}@1Z7O4=BAE;0j$~P9*ugU_sy9(K zHi&10SjL3QunRq^j*@s%*Q`#wz0+Ft4UlsAditBe9h5!rK~BWEA{J zkxvk_fTThM59oNGrJ>#yq>pQ+e7JL$Bm_-CPzQGUwz2W;Lr+lDTXyld5EuayME_71 z$vIKZqZY@VMg+p8m+%@y%-kal%hXN+v@^*R`W++PO1^V;Ia&4=n4oducaK1$qeae6 zK6FLSM_%Rk-t&uAeE;gwn`tOyS`j=49}W#W-JsCTyjkI;*X8Vuni&ba^fs-_`!#j| zI19b9xp-MyhG|62LdO(c(hc5@l9Aqy!rXL+qF}{0MSL@flXCzZrNx->@IDoLn3``a zxlq5f;wsf(4M@9A$PlVQoQdH4-yBB7ti`MyjqDAK zZ2yZZlBHtisv&~JWia7g|A9#&zOO8n-c^P*qO{Kc$Fe01WyqOaBHD;!m8^B*dO24qmOJpbB(F9K5|v<6@iub=#r*Xx+h%Ue+*gN%ITkTjqVqYQ(? zjMmXMgG=`NjKa*XRwN%4S-e{O>`2$9K;-QCt~~?L&M-2nA`j5NH3%>OL}ejP2ccK| zOo+hJNKCfijgu71baD0Z>Z|ob?~)QS!HDsKC&G7ZUyORx51T# zdcy1J!ic4SEGfF^4!^cxCiXogS*o}jeys)xm8#UL4*h8bK0D6s$X6#9x+iEyn$>Ub ztsgG7pQ5H5um^@Fua48UqNwwoPAwDUG;pNuPgHi670CAmJBtbdoI|Kn&nbDUFFd#C6dq7#sX(s#u| zElgW0V=ln*lSYu!MRuR70^7q~=g>cCIq8m#V1!c&ytW%bS46 zYlph_vs?i$wHd;`FKh)|69K{*>f#hODx|^qsH$>^*iv?uy0%oc1c4GdB(PEl!@2C| z$mXjMZV{YDPL}ae7sWO=HP60`4{VX@+M)E2n<8=v`&8Qqi5W3W0FS===&+bzC4B*J zidw8zCm2sQRMdotV8<{7^;Dq4$15beJlF*3H@gcITt=}8Mm*F5FsqLw$iXG~HeOp9d)dgoh~-_U&Ja*Mr$y8v zZr%f8Rg#@gNw~}2R;CI0YjjXaXpw}um3pYgeFo}JB)J#FcFq0|Sfe+c;$o(ZmIT30 zAp3II9?9K$E@NlNaw|AQ(Nop9f_+jj>6FR4!=@1gXJ`b`Q*($B8+rBBXMTKmFL8T- zD0{gyMsr8beEu6^u+;NU4CzZ^xXi(vJv)seq4zVY>hj+{fGv@BhL7F@EK;~2=D z!3BtHxm(Iosnp=D~PgeA|(Z(gq|vhPX#gi0O!&RLhth1bDZ1N-QcbZH(E=Zofu@^5*{LX=x6nq=ERA1g1-|TGywwj%5T5jk{8Cy*ar5Qu> z3C$NSFCC$Ocq!)AWn-K@Q@$4~p}IrvF@dRf-_<(9-}B(G^p}o~)HFGuN5+oOD#vxb zfT#5q&={X=*k}fkpO+b0*=Fql9yK;O=uMLn&vqaoEk;xNBVEs{#kIM2A08diIL&+v>NHlX4>vPuhBR2A2j zum_BZTaM|9#}X6(R)vd<`64n#3BL~MvxanNWL;HZA5(7AOF?o?LtRz%b|aK>-=0Ox z*S#0lwX+3)5)FIQqcXhALUG6Uk&qt_GgU=5xOzTNW}`agr1m8w$sA0S+$x!kPBxIB z&HXCAA;%8r!xo8#-OuM@zewGgXu+vPkiO7o?2rS+Np^V9Wx>eB=013v4dwDYd~qZH z6ol0O4FqODV+R_>9$Ap-_Uk>g69;w=hO@u>3G-^uVfMyBa+gSQf8|2=dvfdBki;FH zm?{*)FI6>c;E4^#H-aAe1>k;cOe=!)Qy|+mb*0;vhO!a59L(lQL^5SwQ z{!V5FVxt?ievrRk#9b2S8^kghs!FW6HyYCS@S8MnOjl%5;}dL(edo}$vTm5i8k*+; zVs_%en!-(1V}c6ErjU^C@zJ0&`FBCqhmXGL-xrjRrER>`UaNr}XSc6^QNE_UhD?Nh z1{v7?F&RkZe{)=sadP~(^9rGex|yw_slAbdsg0%K&u6wyjtY+UMtWBNAtj2GEL;$j z5Vu;SIKKUdnUn(=snGZeO?fHt3gZg>iWM<%oYEx|`V5JuB@sVKUT9AI^Xro* zX1<71+OG+v+TVPe9tI{i*^alpp4N^xJ-$EQTXq08{n3PR-jIGPLg~u#He{6-vpm{Q z&5p}BGcGJAw`k4GO>DbQ(QT${)gY>CHyk2yjm%;I2Czs?Ja8j}4c6ad;PnG51;Qbt ze)Y{|NEOucIM6?A+VA|4>&!RdcJ2sB}|ou(?voCY7SU15mod0 zND{MzH9!WpIZD@(|)bL1!%vLn{F5_Zbs zHXk7ydyT@S28%3l@12V_1}_^CLP~){U?sTU6t5|UaA~MWt9n0`@|!EL6$mxp>&p+H z5Cxm;?nYNEH+Ka@f&D{a$-_LZZU0p&*5?6O0y_e=PhLfq0bJWTVOC+OVhWw`&V+=s z%YI&|LQWB^9Vc(7Z*vw~Acj?<4#skm=O3d;XqRyJP`vr0yYe&?y}T~v)O9Ic21ni; z1f*g`^Q8#+@Wbr43_!+`K$0S2HXJB2 zYCSnUw7GX*__4b{Ud0~Jn>ck~I4(UcLya}`J71`G6nhVlHz18QL*verudDAc>=LcxFB!c?^(%TFebN0N#+@SGhCo4r~&vW$J5OUxD!S8+n6zBZo>X&yf!?r$l=v23rU6Qh>kw*$dCfzghy{2f|H|jp-%L4q$1| z33CezR>_M5A?~@~_%x=_E#Q!s;O~0GL72s72It^y+H`pli2PFDVH?&^MAH}%HkZbg zc@6LqIY{(d=;D`XDdZgz-9~Qj`xa&kUO#UiHu;kD9K2sv!CgZmJV7>Xh;-&ul7DSn@W zcF=u3|1ycS^>(I6|1>{b{&7A_=>JDaQ*tm8`Ds7@XD>wIT4q5P&U?E_qeb0N+R%R& zR&b5COab0$6jpC{vOhBEXCSvIS#G{bVgvp_hll_^f9__DXWZ4MEPVQU=xY6Vhpz=~N*#HzDN{cL^WuECsx zl*8{7&6vWr>lS)Pvp^97D&L>=4^-VF`G9=UNVL#4eHreM2E=3h@TUR<;?;;s#Y~C> zr@cBK&pgz;t5sRO+&n6F&smzfFo+3JArjOsW*u7dc`6i8o2QY;&XSUb3%a?J!w4f_ zzp$ z@L=YlY9Hr-Zgod}W(^U1iWzZ%SYf>E%Q+M93SHj_!uSoEvi<8esGxlJGeXMN3S-7s z_+je#hll5pHI+o)<^2^=RLF$^N3 zodhv@@za8-8h9VH#rPjugZ-tMdI=$@oIgCgRhkzJNAeNU%|XZ1lC9zd7gF9_&{*OU zVHn!_=M;Nz@|0)|yyDp8*L)Fv#n8MP%Y6h@trOlK$~b7ea*WGKf#Y`sp>+Wq5>Hfk z36H$hQN67%#XB6oi6j&jnPc^^fC%^C3-{ZT_d}u>j4VDK#p0>zHdZ=x3qvc)x*8`~ zTx7NyrzYmxzb2xzsaL%segc(Zfd8rW$Myex_y5PPZ&HVJRa|QNTA3s?p=ZO>!|j6) z^!3Gq1@y-S_s5guC!~poBP_KOm5%otn`C9+<6V5STzackl+`$=pi-((1p?TqGOcQA zd2Vh|+Hm*Sc)#1Wz}a3GpL^Ib!ImUO*j>1OJIrX9*|w-z(LUF)!0|j-5TN6Y!BE2+r77RpUppducKhf$tcr_W+0kID;euqh zXOx_ci{R{=N4zpTg9Qc36LnL`?cv#_x!yX3PF`_dWMY996doH3e+Y`S)#+WKie-nE z?#o9s-adFZgcfGKIAu~d%Y_%$|J!T$*MfAG4!8u|KBhwR@;-0?uxcfg(ftj&?{B`F z0hRr1_JWh7QgyvYdq;))sJc{ko&mctn0+GflyK<|Mi}a1Q$;Da(9~C{xg8S4anYa5 zas}fWSd1pk^2vV5$$8u2=(SV=)mOGxaLOnt|MHotl;DOF;f0WGUbZlQAo#brn+FpE z>~N;U6H=ix-M26;Lfad~av;RL7_cKkk#sl9q%o4EMz@GLq%y@gm1+Y3WO}@G^)vHx z^olc%jO7-l8k=)VD+@anCdX#SSdh;3V>n85Bk2rKJ*% znDOWYVY3eVadNCB)v0?hlB|)DEv%XG%Q%3T8a6~Q^t{n%#Fb%* zKGhZT8^}9(GAyXw+~^73uyy7bn_km1_)3|HyL+IL=+I~YON07{->sAT^Lg^79no0i zL6sO=RpDn4SRINGGK>o=TdG@)?bUV4hjmygb4=p#SUS2V%1&f>M%F$mxf$x~c2&B` z>eZbWok8~~iOB99XoK6M(c}FS(;Bqjne+Yn)s(VKf8DWIc7>POk&~H%OElQJo(lQs zmg!C*>acYFWG?B?@_g08Lju=dtdBqP%P5)=6gRT}&2ZZEr(qCw8@;;J^7?CBii&mc z*vf5(Up#5ms`Z0Vy&BYl>P?tsXdug<&iVDOb}$jTktqb+lYfBiMEH~4A!Q}CB=wkO zv8hzCMOB5~%}y?d!N~{uq+1jG?zkBP`a6j1;vEV{fJIaL5?n;T%c@)3fKW)TtoEpbJ$ndFB9x`lS4a=;oNunxZw-`+ChB z&Y_(%4tiS@M`SN_1ZU503VQ~0OndPrQ+M93y(h^7L}$H{}q3Vv|M4y8b^Ei z7NT1u_W2JxC$TUJB9TWkHSK}hJk7HqeBEBL~q(YTj0W6z+ z5yTUg5)qb6vCn}Rrw<_S{@Abs>2p((kVtI<54VO8ER#_glIMdQ#}CEF7UuM=>t3FN zV|4Gl1FKGkvkze_!r#FG+%!mJ7)rD6oO#Mh{2yABycxr9ie@hoSUvLS#?Gx8>Fg_H zVb`ZW8Zy}U*#mzvqL5T(z&Vl*dQOV*sO2Rq*k|GPdc4lS(I%8ZWvEO;?z<%VyZ?PW zHIxL=$vMk@?EBY)_NccceuxvU8L(o0ar5@oN_;`OiNjXXafmtum#sLyh)!0Ce9Xv|1w=kVUN0vs zSvpjb5IuC^0)pEHG8Tr=kRI~WPGEySm``?^zX$PzUMN)scuC3f@El!ZE2_%L%IWfI zx)?bbo0^cVlznzaqd5!~CXKL!f=9B*Oz70?sENbPjYlBmwBN%pm<08qE+w4~!qy$+ zLkpf}syqxDwW7nQn7ZMwN1&TV`5mb-jgx{mDpBqWq69a(ytLreZ( z%Ed!VwZW=!n3{4(qXUNJ$X;q^#h$IJ@?S$dt%-S(|5_-cj zf#eCd^vYSIqMIYe=ihZ0Q@*MPxo7T<_(-A&Hsz=Eqj(jC>IqBjtwqL~VPaZtlKJL2 zXDQAj8xIL!Qf&ma2P#s0C1()j8R#3EXEfoYmihaSObnJ)y{rIaMFg(XG3WfTAEg$le~;qQr+@P)2;bIBnt^+OmM_{ z(iVdYO-Z&$4rRZEefC0$m{8spnBZ^QC7cJfvRyH~%nk|}hjLz#gN&Sd1*@`zMcF85 znotbl9zZ{^=9V^HyBtMoa?j%Vt_imvE}O<`5(0tF2Fe_q3GB*J-R32>h2@0Fe(={K(kj1We3mFsvAQ_?Z^5#&^j}!bNfCnl02B!3MRDMVyf;? z(H@NjWz}S4Hlf!($82oAzBvvTQ3~*7I-dojCj}t8?wCM5zG}|xt29$cR@M&j023x* z13M{iuyyRI>Lv(&)28vjUAkZ1q2kFLiO8|ILj`WJ_w0bBVFifGQQgh}RNGl367LX` zXU6L=x$)C}4i*MhlF}L9$)}BZ_%Lgp8IQ$DZ23(c15z^P91mxA->XG171k&iwE5m8hK#c|Br`y3qHvcWa#VrF%5lyGo5X2d zWU>Z|3D|O3S(hKvU$uY?hHLs&>^X$(L>~W>eI8*OA!u=IqH^^}Uj4=YI)a`#!kX!!Ut%oic zhcL=qS}aXH0$`EbpK@HUij3Q^1+gA++zfMTg^aL+O|M14u7AjbE3#HF2b}_vL-jv}hTKtEz+Yhwl=*_Dj5cCAq>QxtuL4?I@CTCY z2IUXNZMD7NV6g`YkkT+=VGcCH^>fl^HP_)MZOz0-55|kd5V^%GDegltw`wNc^ucB> z_^?N+Ck0r4$p#FtcGBJd%C4y;5mu|7)aw-V!lWLd?WQqwZ$a%y^Vs}H$} z5qMDxx|*l3*JPuiOw-kh&&bK(*~4?}u)lMdsm@Jx(Q*@baT*dtVYt&dwMyAaGEt)W zrVISW9=@hpr46-L(bhhM`*Or7Zm(Z-e_#s37nu^#sh&ydi+cwV>7?$sCs^3+V%)y^ zu$X+&R8h9{mZ5A;VP$nPicI|Tr!b+FiW`Su>gaCHPBbQ(cJRzqks3o9Z>pGGE;pE-I08)%gq{SP10Xlp9+R{0zWrVtDu)}A3AUHn`A8lO_S?83 zP@lTrw<;39aWtw2vyU(Dncyd2hxFYLkh5t=^VHTvdD-foRj|hwHu=Uf#&q@`=+W0H4JjH2_2_Iu=%u|QFB8qZc zZ4c+Oe4as-9ni}RX8!Yk=$n42;IL5 zlsvVc;JtrVkPLH+AYjF+t2W?aCc6YwK@nYxDFnZ4Je4vb83-*@$5t%HnkSZe$Vg6+ z8H-e0NxB2(LTbq!t~Meo-pCc)z&Ms!TC<XGQ3LAd0B4*~0? zAcTgnZU|G|baTMtHOMAvMJMn>S9z!3{v2%;MD=;Cl9c*ZY9My=pjoKJq8i+PK zL={9Gg(ZZMRx=QNN58UizdMBqS?E!NXec#;X7fDi?8%X=-}b^SVpOt0nO^FWK0QVw znq_-%X^_s0N)&iVlV(DNxGJ*yh-5OX3g&g$5zqs#C@Tp(t#oZ1 z!Tq{GCu)I}CU+xKg;>T>rjAqo5-Zq1k{ORr8E+bmQ~h-=dG%=76u{Z0fgKGvdS{v3 z37OgvF`DfpS6vzs=yvOl;Br4Ho z*Ysbnef_y}_!$8%j2J;cFB#rv{OD1Jl;ZbQM_Kxq-0}FAaW{4lqD_hBeDowk)QRT9* zN~QDbO!5duyYej=;ObRQ#w_K%W|$SfwYyHgzzTpX1f01es6jV!^O_Rdp2T% z{pAcc>}XNo1tepytIi8@r)Si_8bFxQcg!kL&&Emey5g8K;Ly1-L@Be3R>+}RY?<^| zZ2Y9rFSRT1$Oc?v3Sf*AJ=A91l}S*|)uRs6fEn%<9DT)@33;CoLY}-LSp_V~U5LQT zmoZ&fwZ~GzP-0w?Kr@F4qy0MpO)ILaORf0*@{D(m`(iET@2OqcdV41b{}*z*PEU!r zGUG#D-(2JAPI8{B{P?^;vyZ#D%d5N7Pn~QRUriAy?rm15IG}oZj)+e?#7s|LY6>?UwXEo2trMD(EVRTPU+~nSug;crXx{ zl;DsE%ozEsK5&&HOognZ*3&5>Ss@r4jd5>j9!MTk8r^1%>fdgco8AiA-LGhI0f%2? zaZ))(9G=)ra=fmye7?NCL4DCWZ~K8;e#b?ihGMb>X17sE}V zcVG}@q;p;wI!T=f0D-j`IMY&8DM?3V+B)8**67OqHSw;Y}>YN+qOEk(Q!ISXC)omPRF)w+qP~0+2`E9?mef@-BtG` zRe4ztYpn6jImh_WXI>fp>MrPH3%CR{1$?PUa7j+oSSPOly0#thIxT5 zYb4#Hf;EX~*yNE(RFGPSLpmRB=Dfg!c8bu3YLywo6vlw1Ey;Nb&{tF;{yd)L-cv9u=iSpVS>hv@+cl5&dzSF!(K{WFo8&%ab2ElTSOSZpY@xpk9=4u<4 z6!hIL^Yt(7d12K&8F|Kn1hjLU7dQoWy$Big#0%Uj zR4vO5{Nq|@-X$ss1!j0>@6{3106$?Hi)Sdq2W+US9giB%mj@;^ zfe?iF?>HuDUb{kka%+ec%5Cc#@+T)GAkvtcFj&Ey&z35Ck{TjtsokHjxfPEOoIf3s z4q+8AeT5u2-2;xz;q>50@_O|$QFsM zm|ZF@*CcL1wV-}5K8lVOUO}U10KC+`lMpM{@ukGyV zm#XN$f%)I5>HlFr^*@05|HJ9uL8<1e4(cM7F9Iz*EeItvxK(&4QB_r0kvou8n|~^O z7<6n2o0}%U^!xJi#RRg=N`WoCExlaY#yMNN<>fr4QtU$Xl2O_R)Vs_JZ-c@n3(Hwc zD=m${T@oLQdB^Fi&*5uFEy4TaI?p%$NIy@d0A(v%+2)!9EOIk%(^y0uK7XXbodYYGziGV%4{k^P<*pk zzq-w6ELXM;%0aT=Wr+#--8E$pIPL{L*eVz|MLiXrp(O%$>Ey|Fe13%Z{m;`{e$3Na zj_2htGv1tRF)0fSWzAljN zWipNd>&r8q{7p6MKF5QGHH-*u*(%-gXsuN`**8{^aC?A+Nnpu5#Cmy=-AQcS&r!(s*4)lRO!+! zCNRhqSijTQ;}!P_;VL_5_9Nk{sRXIILI^6ejCxW}vF!K*~P9cx=Z&{AfmdLg-GH%X%kJY#a_NLQ)oyd6l3;DExs*juCW@SR`G3m zufJnz<`TbJ!ct+XJA#t{>x42vy0h#Heb?!LUwr;4BLbJzrv-MXnm$-~V;n7VF(iPL z##Cssev6i9&&djulxTX8@@5w=vo;AZB&ToY)z|GRRI|V|^<#_`u@O>QXEvr!(6gJA z%4O2Bv((Y(_Lid%^+yy_mF+@Qw7r~xYJ~M|rsxWz5=E0O4e2&fu8{QwEN8jEKU5`d zT`I?{-ByvU@e2exdI;82*871&fk~ky%5JQ9BR9CPOk>EM%#35D>`g-Rb~r)F|HzPe zDhoJN^@h(XoaUkhhQ@=moCUQKk+J@0B8+;xrS1q}a7@>vHmy~c4y$nz@g@ivPo@`Gu<3@D=M9+yVwJ*ePn~m zc3GFns*;|M>$KW-S@cBTF=#=+kHU?8Hrl`#tlw?wAAtoHteof}D$iJBT|JG*G}tr; z8j*}IEf;n2+wf4tb_&*d8i~$u>3lrDfgD!5(=VvnreCWncsGtO!3@FQj=qY4?AENP zW#8&DWXvTgJC--)n6{G^l>jThsf0)dMgh*kadDQqP^6$#MCF=Ah6>GzJv#535OkT- z_idy!{h5aRWM*Mgxg##c@)S21S>x@2u^e}D>n@ZfwY~{caN*G6?@}^yqsIXadktRx zFK2f-f%H|Y&K6#`y(US7jP4YM%==?BHU)_J-(#@= zD3A|o<&Q?adX*jrxKe2R_FJv&nY<8qLzL8i=jm+_wGuwy%!Js|pclbY_17k_HGl$d znxm|c@&Hw?rkM=yYZKe|K8(-bT1!Q7@>a-c{Nl(-^X+C1_}g<4X6;7tft3Li%E6e>qk z((HlO>9!Xd!5-N~Ww46N&pzdgka>D@T^((}|6-kXaP=@Lu%U^QE|a+pwrr!V*}4O!yIL+#c>W4sVqmJcWExE@Es4YWOqn4 z3Xx$muG_Iku|ZPz@Iy4bNkW71di<8ejE>&d!F9w$=ibhSxnOtOvOv5zWsaw|e*z`^SkRU3-e9swM^ zq;d_YWoQvi7-iCEeS-(@@Wcv7lrb5mg@LG6Yb!?-kUr&m*wOvuZhRN98yCW@d+HL> zFoMH&4X85^25G!=lRFk0oGJV(ZqH(0z03EysQ z8HCZ`m&|eLD}_%cD^qyc%jQR0wk7l=YA751UM>+8e}vMVgltID{ThU92IHP!E)+k} zczmSiUp4J_oplYpd2cR}Ip`{5bwf|JZ@hJuEIT8ln1a8)Z&P|(hij`$i4xEU zvw^|!J9tT9`PF$zrX`lOwER?=rJzF_1MkS(x^=yZ^&7v~$7faH35vBXgK7}H8v+}3 zhiIntt?Qvy&SH!+l_wxmpODrHluzPd*|KO})yJttbsd4=We@M}-`4e&K0x=p-5T4s z8E`&Fisg^(!7sIqSEjyK9(G0)nWHx=HcXw#YozMdM#-{EW3mx6YHwEX<=r`r&_;2%(@aM9|h)zt=9}C^i1gmF^ zY&VZZ0iEw@+YE#4E=bp__un)%bbN6bHo8ike0IS*=nzWXv)SvT%hAZ_wfzPK&hGR6 zX=&zU9hQ;*#Z-es`@8!P|KC0@|Mgk8gu1s<}3Ziv(@1q6ml zRxB7$JpDyt?J`=obu-7=?Ic!$ihVNiz7nwHt)-hoN0wptnn+1;{*<4n6!^*()Euxv z1p;OJ^njot0UM#^x|uJPsfIo>+64dww5hr59>u_qys!B;!HE*j5MAjt-;W(ashH|`!KjK>5s~%%r{NB0Be1(jFcY9# z@!nZ|)v(-HG`S zv7~SOIj^v0_9Nz!{U25fY&yIGH_h@~G-l|cm)Tu|DWyw^xlSKhAdL5^ceV1{DMQb& zxG2JQnl#u%?~ZVa4z_d5*sR=lhQA&ZPp^mD^IwymfWLJo`wyOg|KmaN9~ygX((i`qZbQl{)eWw^v0(9T{sGp^*G!%U9v|PI0OC#!(0@CNg=fB-0E@;a)#T`Se0IhJP-jZuYuz#L1-`)&%P(PbCc2cjXpJ9<0>=SV4`(g%$)s!vYQr& zMY+E^Bc0++W&gocg%WUxk}vDZESqaoloxClmp-PEPa^M$0hcpTN7ySoU++;kkudjq zHTlbro)0iSq%E?m>h@#L)!MBTHYL@D#}Gzm_J#dA@`t%AH+EwNAM*IZT4qgu^;|#3 zM_Sc~|09>khu-A%eo&E&g7Sm^ZjI#)pB+Lcs*Sqet;M}2Bg1g zLhpdgfEP2)L>X#jOOloXM=1%X$RoQ5&kB|bD-PmP4{bp$R99yWlJ}p#zy0H_yFcFQ z#QF8pH27OCCeQx?+y9dkG)7M5D}EWUd1rm9U9MiPiF&u7?xN5yQlA|_NK35xkZEU( zqgN}FivF2M(H$tzML;IsAXepzJ7&nt(ss#Wa`W(U1HA>B2G0yzuZh5$dF4Rac6GfV z1Mntov&IPLI9TH%&g4zd{HsYL zka(eeeW^JPvFJc-VW)&&HE z7sB~yXDZHze@-_fQPQi-OIvqYs@F^o3FHSbizV5850hmpQ&dkKsS1T&N8g@6#8cL` z&1wDwF~spW`}6BWm5pS{2JW;k8$pI|9^o$#5ry_~7y8ODmi(&L|2~!Y531e&6-543 z1@m9?UA4_G{}9xVi&zsPElR~OK%#-|3gFwiFdd-`6>71VNOyqJwZtJZ{qTZG-17SO zYk}+W#*U|K7BmO~+|Bf3f$7d(ELYyg*k93zU%m;XUXN#7o6i$JCfXn8J3HUux9~Gh zrZ7EW><0G4GAE!}-n|ED&6+93*q%2-zlr=g3a#e-(M~%VgcMMb_a&b1fmLzMY2`Jy zciyDuJm^V0Y~?*KEGaM@#IVyweGeE#Os&UT%`$F6Rp8%kT^nkRUM=N_3R+sMEBZ%rVb&&T?OH!C@HxOzAaU)%acZHu=tsl}aXz~1F#l@KNVYB@l6 zJGT{z#<@1ZOKZF0%|tpF*^WcpjJE?*GsR_P{8b98VPikMOr;1{DsQI%PK%DaOt5;* zN49H*$)x+0J=-PMhh>+=LD1V@6Xj0)7E7Ziom?Y3pl6I`WoDo1__OVCV}&qGmUm7ie~i1Tx-K&vsYz?2vH>HtiWDXD zOt)=!RgSCG5*NfencrkR`dGuXWo`?d<-1$W-2p=j$mS*|_3nKzJt9SGaNeOz-#$)Z z@%^AG!iP*$B_tiuscA*}y?0-`W1&tl(V2yL=WY5Ee6l2n)FDWNGDd%Nj{f2g6?MGE zUUB|7jIqV8T|qoXNqfe+@+FApH($kT$OKrO6i zyEC$kOf^xXEIEDr;2jcPtf+7oyDKo5(^E&ux(G7BKw{YjLhGWSjxF%POd-E`!Q&cpR{T|p~DJ46fZB0e~+KT-X zy7D!azhrv2A9gC-tauibG9Y50u*n5EK&XxJ_4Vj-Fb#@-n%3nDj;DrY(^KO6eFpU$ zc|O3tu8k-zSJD9S4`pS2_>jetcKRG(8z*9)LF&Q z#C&Y|l15hCt%p5AhF?TPbK&Si$m&CyztsWl1qm|Oz#8Q9@lI~UY~!wUqj=-2%E793 z;fVzjbk5qNCF(X!7M$Ap=V&^ZiCl-!CF6*rwAubovjJWS;p{?ds$1xjt37q%1KNh# zmc{bZ%yYEW=xVJIz%%qDq4%P_FktVv!x1QxsExSzswbta_3NoBee~z|1LA_vP z-$ln_vN4Vx$zqk=VPfB(c zJspACJK!k`d+JmoqEw3)W(_cYOjEC%u%!-t@0M(4PiljvspL)vtkE^|&#Tjx6M9>8 z)1M_eq=m1Fi6Vz>N_WrO7*ZcA*Ah4V7-~ZK!6Z3LTp~d(>FrIMOdx=C%y@d-6&wEf~kf)RvBLu<(w~r{dkWYkH!BS79!Kn|4@M4A^>oIpT zP=H!n%vJR?dC{isSQV`Ua^YuqZ&OxIJ2gqIRaAfJaY^-w`EW1ws0w%>@>dK7l7}?C zDNFB*lpVwj>lr?<-8{@1gefe{l*Mz2vLq$$IEnVeR$bT*S5t^{QQ^#HW?zR(1ol#r z8KxGozF6gW;L4J;+U;TSWJ%`CvSKEj6~6$9wUruTZzdTuV(Tvee8%BmEwB2ystt$8X6$;2k}E76 zc6+N4TgpfP&T4;j>xGr(RlQ11=ss4D^l_2Vk^ahbZX|DTnKpO!qx6U=A2Rx+~@(H3|}6#*2(cD6ln zhP*+AWV|H1TD%-ywT@y|19e>a1GQv5k!OKnKdZ)^kIe;9;b_hSP^?!CuEvHM9xs&r#8Df@B42JTb zzI^C2t?J{5me&`*)qtFYBXRDXH)z77IBJE9xO)fjF(A7ms0LcRLew%rfTLg%?}RN3 z={Dw;mnFJ>B)ldg9g5(3m8L-!N-uZaXMGf6L;Rs3BFCE^5%Nq*9LkX|~cz znj(8fsh3z5PHm0N$-YOJdRWZ&;oPFYg^-UJe!`<}4$y;}% z%BMV-{AnC_oXZw!?2vcZjXeJ55QHnFh0lLnkSnkgi{8GTG5m;scR~ISj#B^Y1^NFU zHvc?d=CwV%RTo`9B3Wlp@*p6qN4^sa0$Y+2fq>&kL6Q)mlRyzc8TvOCPRFq_reaMJ zcX`E{Db#XW>b6G2kz1~DS_W|RZE^mwby#7w)#i}WX*^CXkbCrTlsfvc>E+2n!dJeR z)f1KSdcpU&cIo|??mX$!%i-(&O!MtwXxDd-$RJQb0tgz6tT2KpkKaZVa2f@l&K@Ww zWT--kEX@vcQ(E%+M%hCQ=Zn`r1;&xZK7o1tM@hi!mq?&EGit=#W3ya$i@z!*Z__3& zv-0*I7Q_ew#(+0oh9zaSb^dm6jjHJ=GR=}4(Lv^T=tM0-m0`stpcF*f-)RVcgdJ;H zu#aVfdIQGQ&f{z?%Q9Egq_NeHG=HnHIxPKZe=R-uH9T#agDEW*kf^FajSdq$=Dtf@ zCX@n5b1CcR?xvf5a%e|l2_P}^xmr_f*g>BSF`+ySl^7HbG}Fz7ldE#M4W~&EuF@aW zQIrSSp^Dw$WB{RMZc&K|VM1i5Tf=d+5e~{G#Ec}D?S^I$f=dJQIHq zks!O7518i$Er5>c)(Fs2yt}@#Nw+v*PRM41_UTo?xNd}gq=$uK--NN@!{g( z!%x4s`NrK4pCPUl6ULjXCJf>t?h8Fg_n|0)IgISPmWHe?nj7)KKs%2hn^@??bW>bH(v_Q2<%dCf8S+FpnWK9p% zLGWe$9wq$^_J&*G@R)gLpeTiPH{&h!d#h4@AX}5j_!`BM8e6ZgT&+`HhLX1HnFJ1q z*H&8`4YOm_IFAIZXx^|Wvt8c_LMjpqK6Hbu3oH6AA-pAL*{(cpj@WG~ohGUaV(bC* zWxunnBB{&KQJ<1_wo^WeVMF{Dy@Ir}D{V-N5w1uh03WZN8Y^kC0eXF4WH3&}AHaVQ z9WGD|x`GBL*0gE&6Lp(j`*4C5foy~X^>&w2o*H6FZzOQfE%7~4#j&5Ujyn;jWyuva3! zBl`Op;GT|Cc;X1sSapklGYcw$L`?-~5|;+W*~`d`ku@HNRjH4aH=6_=zpxd(001Ux zgA5fgl z>ml+bSQsw6Q5c{dA@l9IBfGgd+hi|FkxXc|Bk@LUAz|DD2?4@2&V76S=@ZSN%V3$v z-eQAE3Ez>xn$f6KY|k`Ybh|ac`UkeMd+C1ML`(cWQevIx@acb2drJjW7WZbzRAy|S zEnHzU_^@QW_cw(aEMDV0fnVCt`mIi+bgL?Z!DJW~HX5W=$oh!$s>l_2^>Mhqq5GyC zb1)&xHKRoyAN2Hvi-wPQ&Ml^7Em3^N!sIC+NLe0nclGc^KC-xZsJSU2G2hoVzx7vVTn;pNio`jNoaw z$S^jQPU2W%Eqi_QWkCuL{xb6RMfoh!hjp|DQO8HQ%wpR#Z`^2ybU1jflIlf zPq0PbA@?1|$RY=8K`q&}G&QSZ!&c{)bbxY|El%F~WkeM#mijawRN$~9I@~<|B$m{l zN;_>@91qE^;MD!y#U=j1tR0$jV!r8@{KKj}PP#jX;^Fu+>m?&A6{61nxX%15 zeo#o#R_2sLpQLuu79Y#{LaNzA;emK&X!*2IiPp+Q`;lw}eDbxvSIo?V#T4Wt)^)U} z8~5#iyK`y!EDkMn+97D|+>@OHHRW&&V#+H2C5KFUYZHYf=;YOs+fVQVeec_igSK&N zJZyBE^!G7STO`$79&`s|6Ws%3FMf8R3W`du+B9IRQT8!6|I56vaMOwEdzLWgsDmf@ z8ihFQ?gFl%iC7#yh99DOs6R#@Up(Z^`{Z=((DKJvRe>2W-yky9Yh!DIV;tz0qI1G1HaU4n?d1{Ycp*EiU4A%lSIv}CTa3EBCF2wpPHkxZA z^xx&2sX7u2(o^5hvqOi$jO?4IwUw!^qvTMzp%Mn1Cq-OKcciRE1JuQ{a(^bJD#^6I zO0Qd+7NC&ur(=`Nm#E%+>q)TX)7rm{1Y1Mb+}+pS@(A!i^@yY?nHx*oV)XH)9y_3h zpGe#G;m};C#_PX6^L(BXp7Nm4KL(P&e+4g#by~lpp`!B1-Kv3^s-2ab^!`by$I)W# zxrB*_$x2OpupEll9JT69(74aPA)J)b3v-S&*_m7Led!r%eiKEmKk&dmnmc;YGYLm0 zp?qydo+ajtQEj-dh|jpDJkZb%U)G+b;l`TjhSDBZA0 zfD%2*Ou&c5%PT|b0XR5(i12bB?R@$uMRknCPmV(gFA4^yE-Br^?tX4sodov+ifnuU zxvk121~iO}Ft8<=*(7OLi!0ANaWfr9#-s=|XwFI7k}J;_mX35buT4WrGztHBUqzOW zFI%ROEm2WHN-t7N!T993j9#x~V-Z1uxWI=_*`D+6B0Y-}rmR*tE?6sd+!BS=gY~cw zn?cD;R|gZv9c^s4-W3d!rf&iQ_NJHgsN3vi1LsTO>+#FI8{lW6Bsy|SVP;x#!%oCh!u4e_ z%qJ^Qool4l%f#$j6uSBgwR!<7W?)ddlyRMzMy<|2OMoT&rVj~-#) zz=rMNE&?Obt%ubbs>=22uaet>pc6)X8l;CwXbA=*mqF|QI0{ZF={Q53*IT+kaf7%v zhtH39X%2!K*TWmr_36T7f!Xu;1HCSL{Zxc^8idb*4OR-`8Qw%1!OwT$k>Hsc?$p!u zt?zdP+W#TlY?Ccy3LpF&U(2N`j_(}7OO9iT5~0GMixS9J8;eTin?&Qg8ZF_=W)~|{ zZR1Ai+vAvQ8yb~bX?#t?xnbaGg!`@m%$DRha~pUFvqlcf7Tl5I9+Ny>B;X3Th7G z!6CFE68-4Z{)%M>zRoRqh&u+{JPOtfW1Vm-4@3n7VNwp_R0*OCGdIKuPT_UL*y~Jc z4K}VP6vw@M;(mm9SmwfbaNA0$s3K$Ai-lujn^#A=1HjzZwH1qGpD#($DYEaOI?J>@ ztDYTnv+j>>Cq^;gM*>FbcRaV&)bfHVw4MpsBZ?rc6xJM&G?b8bWz@&^HtpaRmra?3 zP5}f6YIX0mb8@ihN@IJYTq_?q10UdD^on+|euol3Ig@jY8b}77bn=^+{yo7m%{w&Z z5n}fMdDxavi{JkZzt@siUVOvs+A(Adw5k^xm%vW@N~E_@)gecux4Jf*aosRQO5vRW#N1%hg;}BQ zfGr%{ihjo%J8EzHmsJN_#1GE#$3NGz^0&Q~Z?I`LdcdU8|1O6oXdQm|@uz!x z7yE~Jzlp{cS(*H<2I^VqNbSs1%f1Rj&Iwz5Q6;m%x!Bu*%966WqKZz^Cv``{z$JQi zPE{FW#3lxB`AiSayJ^tw(=H8G;Cb>VWBUmdz6Qaz0iCQ-zU zNxxvyDS=*%L@M3qQEaY zS0*=DQm&iCvffRuarq4mpw{-3%W%wcv^gh4$fzh+m{vy6qZsqZ>ttUX zmZ3{#xP2w2>2q8NJud6bnF%sD?qYBiJT&#Ma1l)6&ORsA0Br_@+BA8bXh1_;tl~A{ zSRefsklhuSTfP#YW}+)EuE)C>d~R}(x}k5WN};`qZKZUM5Y z$Yq?2$`?t8f}t)!XUbfTpXf(1oS}XGUG4ms^`z8GF%bx}O}#j2pP!q-(s>xS4+-)Q z9jcFAp~*bbEQw)kuE~WkcX51LT~dT$k{isCkAKVtAiVw9nh?HyYo-0W*?{QZ4x&YD zEKTkHO&{@}i7fg5lgNTP+HZ}9T95H{zwTcE$OOcy5_ZoWg{3rrz%Hz}@W_OJj))Rj z?BpSQQ0^|2KHv%@*v z*Hco0-EL#er)C6IIgSNDifq(0!s#C-;2Em&+hTdOk(cU9jj|?MD<@k?In>T6SF~Eq ztM*icwA7qYvV!J?2rW((<`Fmogn#^`37}a--^EERcW)-geDSFF3=iBkE?M%YS{)o< znuS|kiBmH?2SC&k2A!Qtjw%{SyW*JNGbwF-)rC`wL?NV#8gw7~6W7-+2_9jQJHi^u0 zdB|pn?i*psqw%!TCHatwkE$n#wo%GeANW$jysG7~ zAd8juSd-bwTy_@27UM~A7#!6cWcVZ*W0q)_-f@#Id!wI=@^w1A(lx`Qg&Qhns)Zce zZBreZCJEznhXupaC5$0xWz4Qw8LGm(`D9;$@INTKa=<16RNQ8 zQDUH#uuLv=`>YgZIw~!oI@`zofh#mE5lJ1)e*@e}BL9LRH#d3o4Jbd~YlYP52bA`%f%_ba3;yvWp0Z*x@k^*f(LDp14=c5&RwK z-aaBb@T-+P_?J1TEVIn)Ok~kaaiQ))0^6T;M{#s7e-yC0LA~p6jL>20wmOQj znM1wXpBknqG?qGMIn+V<8_;%WIs_V^8mbEWNT;=crdRk)^o$%HyLxak?#-Vz?STn5+(H zi5;sJ(TXeCmz-N!RC1MdvhGIA}Fmh?-e&|_Pvb$y;beiEFk zD}I0+w${E9RBVX(%=)edS`d zvzFX~R$aGZMQb{wS&T_?5f>SC+RmfWLN!kf`w0W~Xpa`|2Ghmi7_{P2QV+oLo`i1~ z7V_n3V(e=!rJfY7Orj|bg7`e!22}{bC)?^8Tcj0#T*m%(T=B-)GM~YBF*MzF z5JfWLsbXUuDC6K9!k8l^Fz24PF&cbqL!Stx{a@)+#q8-J{am!AiiLns{t7QnMC7+=Ai z6IuVs{g8}=AAKVtLTnFH`Zv0S5^p?FlrHKPCuL$aXi`o+Blms`t^@@|6>9p=nh)La{x?^=Sh4GU3NOGe3o{W#?KxfNme=sH)iN*clSEd8|d`D6~+&IY8 z)b1`k17nHz_<4Y*1OA|x3$_#ol!r#EqMLI<^AA-f%*Vu=YI3MU{JgN6DQr6AB%!c&KA${Haq_Y@0aV zd6^tVs@6=ndO6-EZv=LSCkmMP4zKQCj`)^nerH@##kUCQH9wrL^Cb#?w(&!7 z5rvc98PdSU7Hg7~DivGNYAG5_?UIRD%B~v#0dUSm?U1g4D~5PdN5ilnONlVph*275 zYrJrvs)ijlJFI)a3D1bJSYQ=n%TzcM$((Ft)>G2Jlq40&k!d3!n+KnpbD5QSpUXy0 zmZZV1yJrz=^|Gir4G4H;ZAE?~vE^!Kxa@>~17rzN!(?<@Lv%&K>d2%@>C7$!jN0rd zkTdx3x@VLW%{dWYb;B3!po6VVkd&6$cG|G}YA%9nI)xx?Bi5#`KwNb$CXWE zj+`n`um{DX*dN$7;VrN=Y7u*Mf+;$Ar_Rlo zBi4}dzR;RjyFbE9l7p(z~-%EM=R&KJxyDg z2i-wq&>Sqzr*3&b{RsiDKc!%*3)+zP|e1QFh z21y?oZ?9j!s@Q+g`u@A5?C3VIjN9<5(*N>IKBumr^!JgCN>2y-a8Lsxeqz?d)We55c}2!J%H!cBR?DeLe}t< z=HoT)r~7eb(gXK~+3tD$dWB5SeoVT!t~rz?T&m9RdT(&AKQ*L?i!<)lw#-2?v&a~f z(+o^u(*=IQS}8R;p@7Df42>!bVX!5a6)rFFgu^9@IZd^kfI!{;9-@*zE}~7sj{UeO zB}g0HP&uBF@}2)c0!hk-PvNhc75@to{Cmwf{uT-TTmJV|H8V?dSEql}>z`%HNPPW@ zs6iYwx3tXB{TdMtiFju>>^t)A<&>)x3CTg{Mt^j~=i};M(t9n6f6&O0V*6boTtzWY z*qtg>c!9zVUu-bnW=xJxoZT;85(ofoaoJF0!w@@$SWUq(0SB7b3Ax5;tG%yJW0kst z8hP|Gw*mW0a;wM-BHRrS

d2fQtX|SZ9%Kw@4#j!D-k>J~Ct*{vizI@AFUQmMyT?Eew)Dt1RM68|L9CV@LfZd>_ED9tFN1bi4Sw%3yVw&G< z#{xF&eBN3joB-MzxHwiX$1KH3gtw7BZ=={BqFMXpP`OJHW+c6Ml39hEQQtK4rW5qQ zw0uJmCSgr6{}1GhdLB+UeUl@3+=W`cD!1arPKJ1;+5Osc+Vc3FUr<8o6Lcu?z=o2! zl-gC%4xngky~+BchjN7wReYXV4l_R#TbzvedjS%8Ti}(r3X9&V%k0H{DvflHH7S_I zPFKY(^eU4mm26PmR4%7qo8-&2%(o}BBV-PWik7|v3iGzgz3`-n^y?LHV1zwSbXMKn zMv%eaCY3I}fZD`&aMD-29gOHVVmgBDB?Kf~bD~gbpQc+)P4;slIIQ#_^@jX={C3b; z#WZ!d3t#{PmNFb7|hBGLGaJ#P4Uqu%eB5pjg;|GD^YJVhlT(sx{yvZ~~#OW~NE1Bck zdx*c_6~WGJS^NuHr~id#_U~2-82_PFO`V+ouRaQ-|NF2-K(TH0KORw=Dk=TikfB|BvbIFE3e#ID?Wu%CWzrMdDm;5pM_-T-*UY=Mi z-O*q2miLF6sn8tIbY!H3y1L#t+1_~BUT8m=^~wJR*M;*$51>}12`MTPDi^#}vz3!c zNv)4h)oLp_=M{OWcj|C5fswt%88w^c1^OE9{|vacNEia!f3gKRc5Yy{yJc%*>D*T4lCQ_5>Y$OOBP-rpb<$Hy-MlYBdZWuynGd|5L3XSS57b z^G>dLa`9}W-W1;C)HW+8`>+Gk~U2?sFhQ}`3W?91;`uZK_cF3OM}G;6KKVJoI`NAfLrFJhj1oFxIhHcg_>I(7_FWC^B-c6KHy zRIQuJmSoV5t#p!;66zq>oNHrZLy3fAz!>KJ>_!GZ2fa0S@y?$zOVV#9MKzkNV{h4N zx_WbXP$}w6Bt-Wg19c2hJGTB7Zk~58ZboME%2cIB@aB|b%ZY_p=$DfXH+h9gY!syi zG$-nj%i1Bg+F5Fj@P}aB8ue&=wmMwnaliJ%&+2)#IiH2QI~BQ2NHJ7(??{@JS;wnj z`iQO~c_p=#&-Kt!|H$Q;ETfz-)7%c4*T%8TCJl<$j#>A<5FN7B4z(SV4w(HhbDDL_ z3@HdVJQn&mAhq0kuXax5s^kLb2KR(C+DsY$ICwq}vkBuiWI!q!Ns-+nU;oWF%^>O3 z&(mvBlbNWKG6TI0B`TCnqH+w6vPRr$H0|gD-njv>@d{z?emQsr#IJf4L%T8v%%^~hvyj@J z8~gzx9AV8h>E<5gOI@f82^%hNp}sM7LGh#l#x3 zAj@Ly&V6}YXd{`cbB3hkJ)!J4A}Xt$c=04Qrw3*Lb=NULe{q(nIAfp$~0&tPCAU7=W$l^5+6`$%;06isHJg}wP3 zQZ0!~1q2aR_x{JTIsm*wknQv5Mw7CzUV(s?@a$X{i3{oOIho6bu!tYCa?fbT69#ap z4+I`7_}Ky1iv_PgJt@}U&&x6%#t^j6w|eg**|M1o>3Fa-2^vLxglhyhDhu@|JJS7q z1bNa4Wj^7qs2|n4NFASO?T44fkHzkrAfznAAILASpIvT|#j8i@J8fLai*g8ORNGTs zmyJlnq`SS>G02hYy^$tw)7$i^FgI6FkzSum;MeJ6?@zo4Ym)N)?Fuu#D_|B!$LY1;v ziVj;$EZTTw%{O9fenR0?F3v^w_P$p0(?J-CK1m9Yf*wCd!{yP{zTvbf2fi<+PvvA8qd#q*=IZ z4R&?ewr$(CZQC}wY}-bcZP#12ZM%zIu9`aM+%ImN``x({Gx1Ht{=I)ZJ2Usnd~&Uo z&&5VX5)U+CnMo{KV^WAzo~VNI<*QD=A>fKAaeX;GIc>s%DeK>3KBlONvdhv&ETq6B z*Q-%hV+LkeNllubq}4BrU~eA~Yau{=d9yB1P#$Z26fHv~j_$dFtYL-#tupO}K-}_C zv_+_6PmtodBOtK>6d_Ezl~7R}qLsxTuS8E4Y*X5ZQ(PETcr-5vYc>f{&XlQ_8$B5d z=TbepT13Ok!Q!-kB{1TaL!TshE2-X{Pkq%*s{AaPgS97Z567-D+dusA_Waj7ihdO` z*-b&SOXkP>t_Ih)>18BSn#?WUP883~?QZp-LgW#MJ}u7tg$pVJJB_uu_PY%mwUy=( zt>Ij@H5&y^Z?a!S9`_L%@ZsnwMa_pRJ5pG8oSZ<^5h&)6ic^|fRrOnHS-|@W*iO2p z3vl*fEIRZT`x^oYP5S8Z&Q&{$9N~n~BR9n101v3zy}gs`qaU^Xe)u9`4#)sI_zT?! z47>qdkuqA4IqfiCsG<={f_AZkn#W9=j~M5gb5WVrSgVIQ-};d z@uJMdWD6+EEL3eHDhi4a7uy~i@K5=|6%H<{7&KJ(ZSSfiGVE*r+=5Fs~?dWRiYWhElIT`u=yGR-1|MVh3R~LKR??%H|{rlaD|9JPm z5DE9A{R$r#7??JgpBosN7}(W&q07f$;NW4j%Ew_O%g5b&;pM>m;=GFQ$b91a=3wIF zp+mj`fkb#tKuCfh0d+l%B0o7Jz3vV_B{ge%a85u>f*@oWqr+D8x2;<_sb569Kx%ks zDf~e8ZernNmy5L+SnPiEd}8wZ9gi3oS`5V$gBV!Nzl4M|f|7_00xcXN| zzRv*dyFvTUG0lHHrT?Zm`_JS4-%m->*1?8^@n2`vt*R@Jtcbw7g4U8OO1)_Gq7V#K zqPh%4r6dv`r=b*1F>vqdZL8kW*|vrH4)h6%tREeL6=P2p9sw_=?{mYBd2nfmX#Jxa zp3TzS&FngZv(dd&zxUTO#4glvrUL{Jq#!1&g~@2Tn&RGt4lShUR#&A>`trK3IEPS% zlTG8Kt*kETLZbC}%F3fiXu%wvWy&BYS9a~a3tKcoCP}aM-(SWvXQ;T*}XII;RTJKXNiqfZ< zN5om$g?bgnvUXC}Z#h*$^ziMIs)BQ~5G!p2w=tU0^uccg4105pCyme3$!hIiYNe=h zd0{qW7VjKNSY?@`P8C=qeE7s!vYUe_0Dtw2Q0Z42_7kQ|()-fRFmX=h z6<4F8k{d0WeYnKql()Fm1U^5{51SIpBNXVh`)p4%VUS?g5?1vW3S}|xJH>Q7+D%g< zhS2N+O7=ZfI8o4jJdZ5~aj<)UOM7HOzvvyPBc$#U7Jh<@VwjS)fwsk(m^R-B=9N5x z+%KUww*8)>H)ySjbvC&xwVgdvU%4v%d{lbG5$cCMR@J}5#who5mC>1F>{6|^TVBy*11OvrQIw*@S`71Nw%RT^kbU4|15NuJpkQ`T@47Tu|bq-QRyC?g5QKAAcROV=dBqs(03 zYQ~+xQ7mD{yvwDdR;9X&i9>{8Az-6$e-$jPv(#p8GHEjv4`B1R&7qxvw(Pb7iD^P% z6z(@62~s(hpx#I}mDS+Y8rCr;-Ln9_fzGDOl>LGlBqzYi?X(6$dK#gc1Gb+* zjn%e(?&1>CJ?oFA&|{RbgLPPEX$O3?;!-lqN~mnECdJ(R;#BFB=}d`0(bT7tEQ~^= zR_#SC5v!`MQ<3h$mOo&w^xU0l&mNCm?MruP2&g@cLaX8WK}WbMlj=alLoqFdTe8&% zJM|zTpOsKsP8i?~GeihFuQ<#Eune-0m@{u2hdpZphv6=u<+wyjc5jUxETKBU9!Ro| z6{jjo!xi_MKicv`-PVAql-%sg40Uam(@5n z4>`?~ut+b}x6&l8b;;o9#dV;Y|6PGQg-_&8uky1S9^!5=aDGQ{3?KcB6rRc(az#?p zRCC~sWq8awosPlf1HSp6s2qBBbt{^s!;pLyZ7R9-Oyj|Y~g8JXgt^Q9G2+|ImwvTpFWG*;9urAW9i9u#nPV*p3rxrqX z$FstAV|tib|5>Q>z}qdwJM=R>6>qd8m2)e;bL==TFbQO)A zxpYc;!0?o|=AO1DW0T6dk<5L|=!OVFLA9wMr$80#)UA2E8cDc;Zoj}@(`O1L1Y=)< z;#6fWghcqg@91;AW0seQ-&iBmJ&Q1Ts(N@fNDtIpC3}c7bWGUEgmz=zWvooBDR+Z- zhCw$pnYt?_lGwv?xrL|xU<$8|nP)7QfX2Pe{Y#NXxs|~_i%FLH)j_Wx6!k;N;bbm1 zUTLJ&NWxg5UlbMd%>9Wal9`1&a1open-`M2>8MS1s+uX-{0d3(i~=iF4k;flK>o%xW&m1n~dQF03&X>#bkqvszWp^j;wdGhcc zDcOfV0|9Cwpyey-lvsTQrM&wLxK4<}@QC{>+JI^q=eI-p1%Wh(k3voj zKaX<>N_0tzbcx!rX8nLz3K_Pl4b$lETGjAYMYI^97_Hdim|24GDovS%@>1N7V$q9O zaEs0v%!r7PH;7`0vCtNY-9OG^hvb&H6ueF^YYG+q3H*=IrNXBg_tvyQ{eJ>kL3PD{m|7Z|h<(et+Bph59!F_|A1hbc3j<25GRFX;{gR?3Nj=|cbN+6~);2E4QF9A%D~YIf?-dw2mDC(%u9Dbh8Tj7Q}{j#XYdhCT?Y|#%k z>RtiJREc_v4wBh-4@}#ypj;OtgRiSms4O>7Tfdfn!7D~Iavew zD>|X#vxb>;fW6mgs@j(Xlugr9{!p2gWj$b_mC&R04h_aG!06gu zDUY<&dHtenrQPUVg#(qEF}j;5t&k6F zwV-~Yg1Qqy?B~Ki@R@~!Sw8Rx45z^u=UODUQQSgLQO!MJ|079G1Ot0(zmuf!|NkWU zUm#S)T6sYLg;#q$bQz+g3k5~7vIR6^cjKpVdEulAg5h}dPO6J#5Mh+(&9gcO@ac0u z{%)L8SC$%(c8=qyjFbKJwzrd$Q{&DrpARqtFlI=R*#g1};!qAiwu?2`&as&;#_@J& zJ@pnmJ}@Fg5yrDq)LUx1*la@}T1(57jH9h*^EH%S&Pgf#*2g4@@Mf*Ho>}7R_(=&h zg>TL`{A3z*YsE$Bp6BLpwLv?LnUSIFQgj3G{WGn z>5vAnc(Fd5osRqf+~1Frcxivf41tawWoF`X;8>0f}#U7 zyCily0oso>H&?6%7-GU}NM;AxUppQbTHL9$R)tzDzS2s6wEn*DbUof5Q^Cw7RzZbc zHyniz8CdJKRr+k9S>Y6qT|v3iy6%7!S%G2dWoyftRrJMc)LX$l0jH(EO}8yz&{KIX zL8X4#F1uhSnMY8z69KQF+^2fQ?fqpUSE0_hooBQ?)0Df4xw&YlI6%Zp(h%&fRP zJM%>6h`lR|w|-17a8~sAv_5;m%4Nj(I>QO-+2t63C0B`mD(9~rq=?Cc3*`JJBmIs&cwz71oGyhV2pHNX7LyynV@V9?<}!%m$XD1wu4D{(riN zh6CN&<$q^I^Z%F?V*dwz9shy5)U4H!#WDQIMA(8=mAX`$7PS^h5Q>)d4no33i+~g< z!qd(hFq25Lw(2^8>Yt*zcQ)W{dmoH@mz|*=Mmax#K4?Fnug`H{x+mXOdf`7o9DedQ5&ENn3ZiDsj?db2zZ9!2Km3$Gcef)yu_@zF-b2lmQRnF_ z_6+3{lujE|Dpg_go<~j_hJssh3d+1*o8}R&RA<=C1;B_mV5_7;5eKt@8lqk)U=l5? zSEaJBQs;GXd`m3ECF8Tx0Jz6ykz!(~R|gQ1givP~k~(b9P)GJs(-tLq3&@)D$N=W1tD7_ooN0XP$%O3o!VEOt=(!7;>uxnyllW$!9^br&kL6u7n(368ekP{xPN$6Or2%9#cX4(`r~a$p}|*lh@?j8 zvu%^R=r++dV&6^m$N7jWDtmCyhNu%~C@o9WV-}TN1l8*Ga_y6mR0thZZQ?z$YL%{{ zLzdwMRnisb9t$XFsITnBVJ7+BaHypHp~r^{Nf7uYj_Q1Dm7!yAU>u}>Vas}lS*&#| z;io!!(0)K+pVxzc0mNZ>185ZzXWzc_C!H|MItwcHL1=&?jg2*#tX{fvlarGMmELr25du`)I;!|dP$)-t zCntVbFcBB4Ouy5#8>I1JldU%jr5$ zM1Rbh@ZOkrx+1^!A=~Uo=K8ORZRaWr(K0s&o4%czMGY&NT9x9EzgcEc=!i0*k5~i% zso4T@586p&ODIs$%bX^P`!3~h(8k2}l;Szm@Jm?p_ipFc#aKt-gVfu=sx-ZOIF)d4Z)<{A);xX1ntTntmXX{_yeGE)o~o zEao5WzE}?Dg-_j0EPUKi7mRnH?(PKSPP+wQhInjS+A2W@Xd8$Ul0+EKj}sjr)-Fh+HNl zWQV=e9E>b5Ka@)4C1zWl5zFum5G=HX%sepH#ypH50l#+VMTpwMBL<0TLi_|N5VZy` zB6d!P(Ja+*3>&Ob4B5o0mpEKGTW4oVPd&#KuX2WE)kJbL7&27N%TyZ|0-@tb*>B92?vhBTH7rr5PqhrWXw=qV*cipP+W=`5 zTdR?+;i6L3U9#)Gy3DG&TdHWk$i&Ap$iN!-pQr=Z-birC^e=&Gwf=Z75nq^}&7~Ky zJ<hjJNw?3um9}C#eJu=tG|B^%`pGdko^BkZy{o8W9VsWqGIT5t?p## z@a=x`AG14^8RrExgwJI)nh8Xb1mwh25)7okD-e(pSxaCP@g(0#0%R0Kg) za8rX2PQkZf`w4Ztd+wLq-0&sHh)(LdJ25rL4M*cG0X#6cpvXlGknBNq#!Y;bzX;$HH~N%H<=o#z56X*T%kdR zAvb#!q0j<6aCSFGGH-010%ln1qk_&xwXs?HXpqJk&8n+!H?)O|*#cfwWwr}puN_?D zC7+|!RK}%f-}4n*g(&8hk{17G^fw>F%)2~m7>OyG>s6FoY_?zz}(ci5Hk2HDwUI zca%N<`^r1D)I8!D0@e_f*H3Va4At+C2&?xixS)JR$4xbBKG(sAtv@$xdewMz0fcOH zfCbgFn!H|wT%jN%c*gaRVeB?KC=}s7j^sc`Gw-FFE(T zv+JClPtQkYf9&U$@5?WiSra4tzsO)Z^m%BehNvd%TG}$T9eTHt1i%?RxD@W16dRew zbH22h8gyy<&O(|YitO^MwNNeiy#j6NTf`D%kr0`%BCSa(ukXH^rlj z&-quYR^hYh64O{55)z?O0S(fY6RuT#_r*o?fw#8QzT7yWx~(K3$fD5eEDzwprGq|B zY9l_QgN8VSBJV=^PS+K}r(-?rCSt-k%#Jv?!4`6Rn6oz4S;l2>v? z^s31Pav2=e#P%(?q`dSL)YVI-`^4FX)m>cNr+iRUEMbai=jv5}|u6(;MJ|K(CZjWv6ISa-)xN^W* zLx3aE16O>6U5KN(o1s1fiK&(N+b0;i&3K=VjKiO6`7qLiD{Gj%bQl8nF?<%QU?(qg z)F=^o?Qe5Zruo3wAodf<32~da#3YJ|4fmQ+We4ivrjN{t@Z?|P9;XS@?NZxK_FDnu zM*BH87U-!3w{1kKn^l!hT~_9{l~^TmW@cfZd3a>+YuP_lCx|%Eq=9-SuSNHIy=rPSyQRRYfr^myW;NH8ua#9no{rbRp-yx-Tv4X zK{^M;HQJ1Z3!-)uvjIl^m4gtV)FocDtHRo6Gd%=h!^8iZ1{L zQeW4V$M*Xc#})M+qk|+R)XnUj4*VesDGj#WQ@nko{f(a0=}7J5=D?bk6h}kK6>V~# z*2Y8YNY&ZSfw7cg{Fx3rMhbJiKQQ*|zh}B)Uk`8#y`iP&l{(keV2wnQr50KeGazyi zUPlIwCpL^Dt+n$sZ04NP+*LWq`HF>ULk4Yu=EQbLD!YL=^Y+4+bm*!NA*-7c!qco z=IbaSjU$&bz&*R|?W7rol1tt6nr<9AbJLq95zCg6AK`yXp}3S$eV%Dl7LVbrn3IKq zyZ$h6>7byV@NKLhEOsw zDa)@PQA2r~;CJ&(}9f&-Rdq}RE2TYC$8fWNm9-}f_& zv2Rmjv_2Z}JA}ge-EJ2K3+6*Q07mB(yBYu%3eUV~^xf)(I9vuz83*sBK2rh?TIJld zYM%>k`6%?@InbBqZvV-FyQE4YLiq+$xc}w~^Iz-le_lGb)}n7)t=qG_uB+JNeC>VD#GC;#OaGq!wypblvgthIWuE(SxHs~H zW_I~(7J{_EK|7*$VP)PfwaI2fp@9`;yQzKRl1X~Jv#JWiVP{tZF7rOlWF>{tSlF(N=Bay^R6gj|LKjbGWf=6Z~BqQ5);Q(-x(8!%JlLd zXbl%4uIXLdC&>A2$#v6_SllF2bF6gIiO{CEjrA-aMP{87X#2zjPOxJttAN?%;DAP$ znNF17dU6QHxm{G^Bd8)R{2Zab}7} zOT1K}xHH+Yticf#-rZ-=Vp6Fg!Z~If9lnZz3JvvG=vZwK)}9wRkjfBc>sfN33e6#^ zWs^))c>#|WhKM5TzJ^I9qLn2ZEOml%>>KB5Ed(D|VDGD=`;4s_w7OPt3rg1IB?c2h z1p+C&%`!YfeFETtRiLyyIIPv0QNFZ1Jvnt13?Wg!c_sDP+Pf@0f7Ud_$^mEfU&2L@ zC00FO-f%sWm}k>WM$_2ztKn|I*o+JX-Kcr-IoIH!LJ_$kAaGcfgK4+82IU$KDo2h&zBtrF2^N=!{YjfQ8z!a) znpX=BxPbNh)j5ZY(=F^6foa-?mL64uyHpgIfk4A2aS$BWt#Eh3Z&A#VP<1~ADuZjY60QeqeUhVu`XyL4mynL;e(GOBKpkp8Ew-cB zJc@5fZ#5idf%SygHx4=1F$dY)E+}Jd{ScYZd4}^gf@5TJ2o9354EV7_+UGtITLG>| zhx{icVkadc3aqFx>5N3Ia{ec}U*9wx-=V|~Jm-Q0gaVpyC+ub%c=D_E>e%P+LcU|z&-@G&=6$CWyNA%6Kp<`q=++FKk&Jpqx;Q4^Kc z>TD|2)z&;KF-Sb7y9~Lz?H_oBB~@2 zH8`<-Vnw(2?!l``PC(y9Mxwy<1}1Q55^=<(e-{y>H2r2x$NmYk2M?-#M;!*CFCB#$ zp^`}p6d@S(VdmfL>Kd68aiNKFBT8iY@p8^iYP#vmnwtCDjxS{0$k4*5wgE58c>iu)?D&_7ZErW_&tI%Je4l2d9cTe}4%pVOqbQNZ2Y>R2eowm` z0KY5mFZM!2$@9sTw7h=p_HyyD+#tp})#sOrtTq8YPyZ%5l@wq47wst!5L|Crz|um$ zwLSye7}0cU{+;8Xeg&IIX(>}1l3#@+{Y}Ij;tVLLk;`#rIUKpQJW#W>X5 zV(DRr#X_D4E!H3r+I^@+3cC1bi+~Obp0c?i&^ZkVWGZABDukW9DHS8eeo-ABuSjSO zxldZN{r54j9J2ecyLTtn8YU-nSygEcJT#k>)e)EKU2&Evf?68PVQH&_{gSB2wcSW) z61~6LE**lT4Hg{qT1fZ`TP#6l=Psp!jTUY~DR#KP8%?-hMt>p_md|OC)7!zOiW)UK zH%Q2w2-eY5x69cMtx@mCq%|&}U?9e}UKffX;D( zr6`BEw)s*DDDI7+NNuTDDxlJui8fKustwMC0MA{Pl7gu!!;a{dmTRB`qp4 ztCT5sfBOhU=eWF+PA2gyEzMzWT@Pz$*(n75mcdeXGbXBLuqgR)Hh1IpmKu}^!=+E> zJ`XAeQNv~tLn9UU+vF6qV>Ul3{9=_5QPJV{w_ghG3QB1>k1w*3sz(7NeLhOXdRs~k3R1N4Y~)U?X^q9BDN zucRo3yUbLD5dhJSo zH4RS5TV4cT3!|btg9g(TRBx!aZ5~6Cl7B@b9CpgM@oD~+sX*s!Gxh8uQl`5lLxUqCX-pv{k@9R5+)4I(HLOa|xr^r1Gt9bTJ(4(8R zpW&@jzJ2lSb)m2^TcphWidFs$XWcQMg+EfGBgcq*Whc?y5Dk9W0^6b|EheA0x2KzQ zoeRR@yIfxxhvkSETgT~KbS+qv=9s0*%K0{_{a>0fpDp?H>!`;Wwj=jn_wwr#Pfwku(3}xDIS;bK?*a4|#&*Kh z()uV?rea}BuR*0HX4F;MBJgEeJ$+RAtMq@|%)Od)YkbVJU2sgyXFy@J^BSL(Cb7jH-E?53y3H z$7?{Km-E&x4dv_2a0hq4&FmJMB_UUkAVac_*>i+37$Q)%pt4FWjwH!C3qK3nm9z$X zlw3qL%CtL0P?=T4#>M9`;UtfD5Tq$Znk$RUz@dk1O_9`e^UmUEuAy$`ikt1P;xFW1 za4I%Ck=->>i6m3%Tr;rs74It~=BbE{(hQd`AS5pmdtg)OjnpI^XV=b?>m+>d&Lf z#+8^f1+d?7)|`}Q5&}TpcD6C^f$o)S()lgijGw{*oZPJHpumE3bZV+Po?w`<&eYnXV?Em}7Bt_48a(EU)M90>J-a+rbgz3+ zecSHOJNHv};FHoojBF)TC`)Pk1hz>*w=G$~EhLts|l>4UE;bhH|rXe} zOFePDx_}|Zt5e-0H=nOw6@yO-u3kwhsmEI4tP6Da48vnr!P# zrBg5DpwhshF7ih0-x149~ zm;;XdF8oFIDyPt%X%VM+9H)h3nO;bsiaHc2lIrq>G?-TA0NVAYfRi?lD!@h*qF!7l zcKdb^#>Qrp;}*tD9P-QUqMgj&V{3P!s2MZz`TI`A)1zCXTDDKQHXi0SdmnZ)ujXu* zH(p}$ZtTYHcFe8xlc@#T)tBhzI&AZa<@v>Bvj(vrIg@&r_Kn%B6`3KenC5jY(_$bg z;YOq#bzs`N05y<0*$9IOB#kiQKsa#_+*k-M97GomqSHE20(mC{F5Clie5SYpjE-rc zykI^{YnYe}w2K$FETi4}B6blP!-e1zu;S$GJ zOAc*T7FlWJkHvX#kt(?W4@_b`K8`}2z}0Z|I~+uf0s=e%+Jc(rAE}6T01H2ZKi&|P z7iG-V&@7icf9-Y>ycRpC8S&H&nQF|~onwrV4+^NYoG3!zK7?q6kvmZf%!Ik2T4Rs! zjd1K0%jnl(Xq#Ho&rGkh)4JN}?=$qUTia#8d6Yew5YwVq#|Eerk6}%2j+d{T@|jdm zTpeSnh>w3a(TuF+gs`xtUfFJkEkC$!S;!tAd)e8C2aUNIYy$T;mHM|QY-A}7m>eXa zXj{r|k55syFlqK&)S+3o-lZomZFo9vAf7*Xy%4s7XLTSNImfU}yxDy6JJWZxWvm2A zKc5lMSs%9!==lU>DbUxPif!oWbffEE_dmAwyCbl($Mqd`w+%U4!`nS=_Tx9?gS*4I zKkeepJXOUSl^wjPjo6eO@KqX{RTZV)MtRj$f_s}3z-&!4B(-RFqj{Tc#+cqYfLECE zqkZyuUiJsPyxjS*%c=VCopUDNQt(V!zP#O<7&~`Fk150F)~7L%zwyj?bsQ}*JM!o9 z2S+rEipSe}53c7hoEyz-7ut0lKe~AP4gaoXFZ0|snC$k5y7gO#aqmW>Rm%Bgb2+TP zs=o|*hsRf=!1Y~2wWj7+>gB- zmBrz|9pt+@<>=1;#Xb0?H-PMcEWeM-6T-j8z&E&XIAAzFj5t1Y&w|QdK-48+zOP#P z&NO9uZhpX8F-U(()FqkoOzM1xCVFd4zP$yXFdKGUvS)o+ko;f1blXM-bpyL?qo&x_y;q4M@4$mD@7^( zY*Y8iRErv?w?B?Miq{_qMK_3Kd&bQGO)8>NOFUbWB)pJ&+@Za;*6T33L0ai zhH6hMeXu4m+>uzL-*6Ep!a2dmL>q=j;op{<1v~(#30XyWOv&p+I`g;ppPh%)43RaF z_r{!XFF3YM<2WG{-m!}B&ukY$zv$yT$>*SFS<7)U-)G15x+eaLTnyQCce7Nbg~k;l z8u|0GG=z!871#TM@gxpw5|{l>i&&m0KR1nhG?Jxm&?}7s)gMKh9NrjNLy@Z%SaCXU z0Df`71rMqU5&ht1CPh2`sDi@kqjoIcW4}3Im|Et{f z{r)23Zms0Z^K8M}0@3;Nnz@adzB_E1S3sv`E4J2o=NS*_7vsI14q)mK&#DVH?QX%E zw@K;Bm0?M_VDaYLb;_zGyvrpr2YoDagU+U($NajMj~pg`fw&!PiX+%u9hI(k zc_Y^Zomza0?fUlCmkU&LC+njVElrl>WND=np7-CHUJgE70{t+22a{b7BklvLnf+Hm z#}>(uL>^vAWOOA}BA(& zr?T>MN@W#$#x5>bDrHsQQp$v;S!ur&ug|1ipm2sTKC5Oa-wElne#<(yxS-oh_)~Sg zQFwtYbc0)JJJaiK$}0MGi4ZZ0dY?IOxp4C9PFMJ(H1R%=Vsc1uXGTGJol*0;2td_XJ=*ppBnhwMmr>81{ZYLib#kjX~-C(c8x+#<)D9BwT_j zUzpKTy|@4z>ldzmubz@P^dsLh_Q?tE?2&i0qBC8zdvC`YyFdT{q*_9WO_URN{Tpm) zF^bbgJz%=kXHdeOoo`7_Uw?3?@XR*48F_SNQ1>-)^nDEi9S?yv z!C0&{pG9{pN>XFn(DO_qMUM3I%Fmne<`ns@*N{BN9qf(_^_vsXvR~myYL{_8Paxkq znX%aC^+v8Yfl|J5ja`Ihw$Id#FfBA~26jqoL zs82+5k4v`fI=44*=$1gKS>^G$Frp9GDFt^2A?98o^f)sN*pX%P{@6q^zEN$*?~;IG~q znZaL4HKkZ04jEd|`W z+vcJ}%y?xE-CdHT;@5%ZMVd-RC28V?5w3eg8}0BZX8A9)=k)9O_OMaL9)ZG5K<~qa zYSze2-DSW{ps&)P53X()lV3P?-I7JVMV1xp&o?bFr25{2*jnMBgTkSM;=nJF#<5u& zNO=zd9*R`bWyU6wBh!^`eN!Tbt8V6w7>#W&1Q6I-XdaKOKAB!Tuq(_XbPv2;FY@)ODK-Gv}XGmPVI zVMe$s8XGN%))^j!1{0^_pt~zDIdsNo&rU#xjrCb~OvsZE)0-SUVRCxRA6?h6#mkE` zDa6xA!a;QvVP{^`y?+w0Bd{^x8*cXI13u|wa$b@#ga!<^bz zMtxG<0TH-56*`%VZt9#-OMBSPgwxyt)+UYGA+;s(${w|%>AqgZdKk)yTGl5 zl$;Ka8O808pnLLcsA zp1$4K-e?5xBwBU6tokIgIpjcudf1Xo-5q=Nd$Li!9P65ipVb`WSQx%q=un?NtysvQ zVR57-noUtv|57jQWQ%y9&b7k3kX+|a1AkTagg3C{WVKl4ls>V{6DN2~BwVTVBT5rg zm0>>h#+tQQ%_X5`$)ec>@+x1+r;l8%c9qDM@=L#*Rj?wMro7@MI>S-p7rq8;ZT-6R zcLr|YZq}HISy%Zj<5ubx>He-3-ToK<9VMD(LJ{l7kCJa&!2e{){#X9{wx zLx+EuY0(>dn9={|oz;J*Wv2X}T4vHjB_~TXjjM_hV!4nEu(gRctq(OT3D7(|gZAVxK^qQFt)F>dO^RCnd z#252P;5u+~T9GY~mrAe?$nA+eoSo z2$VhGkCvm)FzuDzLj@N{b(}B>u%hXh3!$-ew_7MCqp6T9W+}1Y4a&i7$h%C=zHnur z=Νb z4A*-Ly0ym^$18b3MtXjyh=vhy;8DPo@QOPRfg-4)51)l|}bgZ!FS{SWH!ZOTIQnWUC^vwSJ z5)au$jn9nhFB{BJ9~69lK6V`<-A?o`!F|f6npKxa`Za2Bi`(toYJaFI5w1s zXJBYjs_29{m%6vR1FWj4eLmh>GC%%F4V4}1^G5w%NG|_34*Y*r%wqnZ!cE@JRN2Db zMbO#P&REpL)cBjp{vWGlDN5gj>~ELb1-msr8(UEjMFb#zEf~A-I8kF!83`*%iv^IK z(uI0m3v&!_{=2IN2xIn`uS$`@m)zFF;!-xjFZV$RrofgKkU8qtFwU7LZJ77AmdDO7l%~rp<{abUKXEY0|#W0~|Gy+gqAe+~*!|8@}u(N1|%tq$PBw4F1^`}0_9HCx(rhcDdj%&<*1I*lGEQ0toQgGLVbu2jlMwn!@EmXMEUW8Z2)mU z3G=)=_`Gv#z%y~JQJjCmEIjC}q{$Gc6++2ksn*P06Z&S<)I|5iS|s$*bU!NmjH;^> z0S7XN8Gse;X9&}gxq*=ka*Z|ovyD%9k2Bm>7uoza!1U$==T1 z)%pJ>;OMqmI;k}f75c3ZFAE#6@T2f07zoQ*>x(0LWW(xpSEu(~)NkR>qTmbRMP$FV z04NT&uD~FSVBop&$xm{j2~$k^PsZbG-6d(L!jD2c#? zpz6QO35WV@U1?AhniSdqq)thh3<=0cDH|TQ<-bn<(4!lmiC~SCmPZSK4js+Er1-wr$(CZJRT;Dw;7Wb}F`Q+qRR6?Mfy2@~*Y_IcvRboqf*tBQ4Lb z(b^oXkKV`VxNeAIJjdF*s4Mf_NE+gici&dLA?=Z3zrg8CV;e4{VLohscvy_%_RK$C zUZy6&GwZ|$#G9A%Q^+nSUu<*WxnyV4c|~@(VHX(XD7;1cWT|@{!VknjVl5R~epT8t zV#!O>Di#l_8e5Bwlg7`ZO(;7;Ik%*TPZrsI*@roww#pYRjmx8FDsM?<$|-35Vi8_K zV2Dj%bRd8fC!p?hl&oxne`Q_|eX3Dn`pO8-fKEb4=5Z0}| ze+XEvKF*kY`LwT^f3vT@H+@k4Pxhtp?+gyH7#?^KCRkC5KXpFAlvb7{KZ(8xCMpt= zf=Mb`1ie%tL*lH|D>;0D50Py8-goO^>b>=P=kpaaw^zyV7`q+gmUuBBc+73j==|k$ z>ny zqmzbYN8x@e|4GD6pXVhqzw##LDe83G{+T~WuzjVmCX~Oaz5fJC?1drDl;wJNqx&p$ z|22X&GnkRp@cBD;KmY#sRpReE!SMgI6LLlXBa8oT8BU6ulm}r#4VgZ)NA&*=e#KZ{ ziy)}G(}!ja8%}yjpQR09RMv==Ga2%Ut;Jf?`YEJ4BQ|a2eB~a0_waTDwFB}7#wKiD zf&OR0sVdmVAJxVrN5A7%S~jRX@-kg!X^h+w(F?}Ur1n5La(z`;N&?gJP<$&5tz8(9 z0!chM^wIZ04-54s*tVNA=C34v@=W2hXRCC&+p9Zur+0aXe<`$bo;~B2<(-n@DrH%K za8nHM^;noc=0Vx7RMi+{K7eyOG2FG20`!B^AQguR6g+ib4fw zau##Q6Q-Xt)aX9ZC$ei0ETfF0GwMG3C^;=oM{`*c*Uy~zu{iGM8?DYqQ&~LIHy+)j zlLfm=K^bWW?^jnJo3EYbfRDTV=`YuuK1*oUTC-FT%N z&J}K}wIcWApvT=Gt@4tN4n0=1P+oe~v^c_Mu1cDY;GNobm{m5!#iwljazY&6zNPS0 z`-vl}tE-D^3`tmFu^R#vi7LOqySLJTX6!zlL8At>{wV#4Y9k_>YX?7RpS^$oM-( z+g`I~a$__Y`=?*=@uL>3Y70>JPl@p1SsG(YZ~W3YC;A~#nwgj)S*WHYoy>jt@qg`% z=sheko-SeE@eK7_9u!MOXeL767!P@HPTl894m&{~9r)ZB>suE_-(5q>;6RR1M_|=b zHXW$&@?x{$0s@kMVCQg_OsLSLFrS~MN5B3(fg9%|Knv0*zlu^kE4lH{Ad>>5yffZ!F7pQD!Dv@Uy3va8&}IA#JD}cFhWu3@>d^_#y>)+unk83|;E5!n*K`9TY_m zoVLFGhi1oNLt*=+*YHAt^UM#ovakp0BD<2wwZK`*QOPYi4341KskcJGBdfIVx+G00$!xU6q$M1ycb3lQ?TY; z*`AY`4n|mTyFu1^4LsD%!+Vv{Bz)-2f zfdGIt3H1f%mbfn7Ku>yYT6rLK!ibGlE#b{SO0(0aTMf?Obv656JkMjTfR+0fo6Twt zeqedCS5nM`9wUL)`ipD}*&3Rx3&p9$SuN4k2aY3Gn*1yzr%``4C~n`$skTbMOA*>5 zjjD@=e!Y>m>laYg#A{c(u_EB#7ohsn5p2KzJh}UnOtKB?jzX}uBlhR~F;`?JKwt!& z|3(OTq33ZDwX9sB zGso11)H}%-fm|!r)Szf3H2z#I-Zw-uk3{MoyH&JWxgTGyZh6$mAYYScbc=9xnd(tA z{w>pV`{zo6)FVv1Z-TJ`#VUi;Ble&?>1ws)BV7bvhG{q1YBQC(Y@NW5a~{+Tsk-jC z^LA981XKHjbMJv<-W*YXvgU(VB<`41*|RqAvG0#~s0k3=gRpJHL1zuU^TEAW1-;)I zdh3IG2?}~c8+z}8dvgkUB^r8Rf_n`LdWRc&L5!|BjN$?n@(5Ot420|mUqMy7zaAC| zfUq3*nt}ca0R(}Doev)ucfCaW|6>3(r#=8>^Rp%P?SE8U{ZA0C|3d)z6kPorC33Mc z`|k*%VPlJ{fyK9Mb5*sxFTozJlE9D4A+_8-Rkc50WlTXNkK6o}Le6&BN?Dp`3vWH4 z!o7*5zOldjaP^j!t|8=>S`j8r5L$Wv%a0ud<*#Vr1Y(e+abqH?-%Gv(NQXloO-+5S ztHtoL+Zp@PD=x8mcY^V1Bi}=9gjeq^yKt3#gRK%p@xCIy?>dzeTXlZP_Qs0jisol;ZgdE$l;~b z{D@6arA@M+LwEN4MGy#%N&eB|w?$R;!iyHWIY5m!GYI%3QNswDHuzey++{jGdlGF5X?;z4f(Pl7}@^$s312wtrjim*$`qS?~zd%=o3pa9@^(ZRD;h-cj2bis&O z(l36cK-ONK9TEn$s`aX;#s9XNPfb8sN89)%I_#r;8s%oIIpszZCQ~0*dRUJ^0n4?V zZy3tLQHfsX=15=o6NBf(&RXkJWf6+J&B9LKglwF-SP$Aw23m;C?o3=>{zA!t=MkAh zWyIov6%UM^C!-@yJ9WHhY(0mYZ1KDYmJ)NoFCe)!&@5-ljCH;2uvqiiVN)L>`OdbN_`X*;$Yhgb0)$?TRB)<+YQV z*LvS5-ND=<-XA?;liC?t`EjWR?b-=ZI9w9A&nXmJk(^O$f!9d@vrk&MK2HTVM0(KD z1K)k8g2o*+4l#o`c$xOxKy7US$ zaqUU@vLgE7OVdui^1GSKGDlP22#OSFR9U^BS@#rCYK20E3YF4325Vs0xS|2S9ChRj zIIDi?)xoJd`e~ed(a1iLDnN}tT(I%JVM$$mPv+1v9HFU5w^Jh=p$f|eE=L%zZ# zc&t41)6^NkNoF@i)4BGQfbLj8)=Z zx72H7#WTErc~GvZb!Kvedm`)Dzc>enkxK0_&RwR?!S6g*G~^J2>Fl||3=Ne@39ULe1~6i7$Q1ih^feR^OM)XDv#@32;R`ONN)>psl0 zk?dYPf9ckJXSd(b@tT?Zgarm$oO48QMf%9$9D_ji&flXXa0I@t$cx<)2(;%JBKIe; z?IjD;9dLr=Hm^}Kq#+`vAAqDQv?KKcm%AA-YoN<-Ane)hEE(qag5{LF5VQGo`1qub zmju6RcZ`cNnPw3E@p0&rb_1sl0-%NA%!D!0#`Esp0J2#wUAy4?+@vGK>1Or8INd|d zXJju@dl1x?_+}m?6Vq8}&sp^EJkJ>7Klc^GQV6>{P_CRbc#eStiMiW5aywGYylO~p zHMnkwS8k8O#+}21ZT*8zb1g*l>R-^MvWa#!!31=^uBk%U^@*T{g88m+r08wwZXIQe zKP6*ThEy%0mSdX#B*_nN z@=kUb#`4Uu)fs3SK;F{+z$Fep)|26MB}d9~ztWv%I8OgeO(8+hlVs% zo`+No6@s%y+m|QS5Wzl6zZ6bitM3vC7Xz{9lgvA=v4r9Id{(lo9LsZgN=)0dFVlb& zW85s*3cMhKl~~Wez^UH-Y%J23uxXvgFWgPJLDPuv-nh%t6}z_efzs-#=CzP_Q615u z8h%wzrQhA|8EagAr}`XD`Qs|GgBder>dvJe*sOC zRQ`c7%D!mS&?!SjMcq~uvWs+~85q#CwMEUV6-J$VMi#KGwrTg+w7Gn=e9=gklw`g6 z_M9J8zwTvB^p$_(;uFrxGR@n5clPv@^W_>dc^(mz2I>Zuw1+%y)0`)&O}6P++$4i1 z;(I4?fg&1+I=z8H9~KA-Ii+e};k4F_-(Z`SWMEPt(+KIVEyPqWXF%RjGvyg`@nq@z zhp6{gv&o|AAVESeH7WyE;lT{G*7nBrL$D#f#b160kkDB&V+^{454cYga7|M5YOKBMRGYx&`&8x9}<0 zqfT1e!nu$E3q_VvMZyGW>hDL5#!bFKlv<(RR#=OxmuG1ScACSZN7Y*cTOuh8k)Q%@ zZi@9)XjD<+t3$IOo|-Y;ie8^^e=Vgk-1~W8YS;x-CR-P`f2}ZSZYi_YV>q~#ptAWU z@}YWJ!(%`Zw_*e+@g$lVI(C)+10GGE*po0@KOdR4buYZVYa{%`?^{xtC(j*z5EC@! z@va!LPY@AKAWpHQU$K;p)Z(kV#K>QzBO(@q8Kk+X#CY9QRBChYVtek_xYj~;$NGgHkM`(Hx78_4=X)zq^v!8 zE!GBk*Kl_eFI_BI2Ho8sVArUJti)mD zNaKVtU?Of3=g?b7>XG(K?xrFvr0R)rvoa*%me3e+ zQhUY_DU4%^Ovuk;v`MI?F}KYo`j#gut#vv1pmRc<Ndc8~nhR0z zTN_mPZi#cuwoPb*aEGw=+Vl32Y}O1PpY@yj>E@h9Rh&rLKM9vh^$n+E=}u~$BpP(% zOTskk#1Edve&{jiKphSBgvjg6?khLzF3|9TCe?A|HRqA4TYo7UiWZI7xsAN+iY2Fz z0dxgty~f9WSV#hI0LPm{*;qV|elvZRolq9zL7AI~Vsy;ya<92;Gg@PlDxdwI1J=3t zHg-r?asy7LB_xjEt&yDXv_E$zqvkYP{sz?byCb`Hdj` zj>nKRj^Oz+E6^;Hm~HaJo>k=HkfARdyyXSP^s)MVm$?#|RiCN-Uj2l}=$A%+y%e?y z>(Hci#HR?T6@+PIsNo=iq#vi~>6epgpl5WK)xHYh)@MIdGS-eG9t-Q-2N(w^oqWDO zI)k6cqYPynV@B);(XhxZo%Mk|5t2zFB|R=7k8QVjrfWVUlOQYy=OuygL|w4S2!=YVnGSI?#6IlB=WNaBSx#hUs=rwD!-F}Pa}8! zHzPOv8?gHShl^KJmiku{xA{lePsE@>-Lm}WvpV8BaaIHq6FN?KM4W0EDo%J#(ZvdU zQ~Ts)Vqf>1sBm7mKo5ag2Tvsodi+?Z+hwQolyByL`S)xSDj*XWG2{@Ea4JzP%_EpS zRCzB)d3#+ER^RxTa@z=^qy;rn6bmU_Nx52NHB|G9x{GlbA>ttT07(nxFc>+OQ`7uT z9*MQwsLgAR$Mj*IzI(wL^;lP4V}6+)-Pu+1QZoW~ywTi}+{rTry_ocHQi*hLd0Z4p zhzx8l-|Q(ejT$$gRaUiJ$uM>GR9m~zOsutREuJRX>{A5CPHE1Q*yq!@eY!XI)XWxJ zudiN0-OBgKib!GdznfuK(slfT!fO!CSc8H&`%Z2gmaNu~+;*l|^L&LnKD5bU#g{BY zEcFfun&>;Rib(WvRHdO=3Sh`wo{(w3q|#PS-Z*Y5pIb#Q2r5q2Lt)L$=k-T~JuM?4NSPZ(n8{syST59neUhk!cs{_gCp(QDXIx%ryNkNh zuTDARW1j|4<@opADJWFLQsNC?+H$*|?9g}SGkJZOKzhYOHSpb%kLKh#r~jd$uZrg} z3S@!sn*849;+Zu?m_@X|Nmw2BMN5#_8!Y)PU}Op@FEq@TZ6f2IfCapMV82C7y(4zm zZX-8AN#+Tnl{0HgkMb2RoWU=!1`1t1PK4hR-Pw=Cq)3so-63qi;e}&Biv_FbwL}PF z`t(dtr^H2B`aw;rv)bdgXso z8GdADl4g7wf84(r|KB}4-~aplMh)O>WdSfVm9+<0{O?ncrTUknN9F%?^k~v*U>!dL zSI|#Xqi&RK2VeqBLo91=Zf)9l0N>i{CogG3n*VVO{;HQuUoL^;)SSk;O{IP2H(sVD z{620DalY^d7t#(8W&=gxa3o+upmD{b zp;b)HZ<((3aX=3Uc_DhZVrNEZ6R^v*7%8ok6Fd2b&8LPVWphk;cfEjFjYKEWag_}Z zGCd<{z$Zeg`LQjtC$(~IBOHJETYxa36m_YMw}w3Tla{-9}~Aw~!t_!VcR zc<>JdVpiNlU%b=Sk1a@3>|@45E)Ug@&iuokO}M~UT@2U#`$33wwhISxxJ1$PM(!d_ zT=kiVjY!ga882g;uBP-jpZvW<0)nz^wwrZ3zmEuQf82iW(Yha+5ePj4`+cOBD(cR^B#oVwcR5YbQpHVZMU29h2lz0Uket6F!zKe5 zT;1p482TR%$A9Vv`M3PwXIaU`%)>=mNK;tN#me@-a)XuXb}A?usD1!sU1W@dLBpF6 z>vB8&p31xuxIm)72q;Yup$586+a@EXRWr8~Y=I~55AkmGOrfHzQWoZXmN${C6PLAY z?|LYrkf%lgO_b(j1B#?w9gavt@lzA`qX9Qgu=kkKdYCFuf zVF%NV23h++BFsn(R2Sx`6?v&oTCf2JYv=FI$Av|Y+T+iXlCthl6L0?MWD$Wpou~OK zoQRO|up4ystEJq={2Y@y_(?7F}no8xo%%%%8 z(F%8qRG+;CrYO%0&$QdOk8irxNz6nVVk*H>a^~)lz%mbPhXw{K*f1Q;m*1(>&!-J8 zrn#6q`Wb~7ajvtA$aP>w-!Im>r4BNVQw zlx)*1!W932RtfBq1rd1>2H6+kVqB*MPOA+dR@2OVN-QZRbLr=9-GEZvW{X^tMHECB zMKQW8fBj7LvEl-I-Hn!uC}sOGpy^9nqLhH9k)mySr7Owg(yO}1Q4WO0qz0e{)Jw|i z?o9ZBMEZ!7Rb`m{Y!Hi!t%nw9g|>1!cU`%AG6k6O&}ATUv!TgN5uVuUoP+Q8U2z2> zG4|{TEN-o`IDHM33;7;rOIF3>FCy1*OB_tOhRTC<1z5}kgcf$rY%v=4ol|f_#*#2`=XB00LE_TkzSbd)LrjGXGxu^P^sqP((iTmN<3t)r6%x<%YM;i@Mt(9ZxyR^5B z%v!(enx@9VFH?=raYVM-q-q);De51*q!-;hP&C_4I>yL-U9;xo{Nt>dU~z;0*w(|h z(_GEI7rYS|1A;jZ)by3RWB^Qz%VBYk4m!pI~NP&oZsfF3v&V9b7rEnynR=0>y@1!FF0Nr`gsBw8$&mEnH#+`@KejL;d;8VmwVFjOz0bf4;$C; zLk2%1Kb71dDIWdAk93Xg575m1h!JNGgV5D~CtC%QPB6L5J~2wVwN7>s|SSN!d+szptj)#KTuXHI>4 z@n=`s3-k^Yezc&7u*94ov*v!JnR7GN82$BE`;|pu&bR=h_=1nKkMx`3HmoO;Z+jU#%p*vQY zx2Ygpq9u!y8qTQ_gCUt~av4aDewoRgm%q`o>==|gGyGHda$Fv<3??F|4Rtph5{n%g z)K2>*j7SR#J8?Mm;&r8y4uvI3ER_WUY~J0KsAPi2l%Ig*#cGAw$rkE+8Zj$p&+e zPYl{uy0&KW+Pe zcjWy2>iM69g8ox<{V%)zXXi%Nr*t8T2BzN>vaY1MSb=JT+DwU*WEiA0Qv(tR>e?5& z6vfg`TlP>>$5lCZjxd7XJij^4Wg8RRislvGX1Zs$XXUr+p_t4A5LxQEEVg~Cr#%^t zu0H%;L3@Uub1{(HOu22{=y~ZLjCro@Nm08WY3)nigi2q~ClMTyITHoCRo<_`+Ns6& zrwwnbJzC4`OoQ#Eb}1ohW{RUwuh>1){YB|F>p8{I9c{l@8~W0$S-H)(;9MHy$&i`Y zab^hAj!+@s86EI(RI70$fu=EuNcG^dFISy7o~jb3>sjVn!CJvnLgUQhyfcgBF{>(Pu|~&PPMEqS8Tgl#aS;b zMp59Rp`kafuO!C|2t^#S!*WO65DU)TwoekeA$D&)IZhsR;EDGIwHs2zqd=Q%3Y05G z>Mx0E2?QI$ymZe-f)!%s)!8S8^ON0DXFh9d%C2tdsA=pvFH}W*Vx-^i3WSnnj&dcR znh|+)E>p_A5G>#tf-`1|bipU_C^3X4V1h-mrx}V&?le984tAyPSNH)xcA{tf+)`jiKpFCwN;E4p4i)?D$53X;JuF!#L&dzQO5Qz2 z4duQHxQwPbCg6y05nN5D6Q$x1+%mI9?)kjyhpmx(`0qcNL_T>vyzaW2s(RG}w|2zb zIKPW=0jv^wBqA=rNUhC-@}xK3W{$-Up~Ux!!cuYhM%NpC3W$w(d9~DINNZ~q9IqdF zWh(`HM(xo2{Io!rJchEhde{f41RU5qejn|%2d%o804rFI>AscnjA$;#jVadXln%=b z&|x*uNwP_ef-Wj|X@;Lx?Yqe6G}f(t%tF|N9kj^9KXRFMAHAXhWGTzo2FHq#!=?@! z{=^i;j1MBks*W&A&dSRsY>5NhN=O?u)J;PeuDdUVzg)0T04m({sp&@HE}FZ5QR)$o zUsoO!6j_13ao!qi8RhgjN9k%*I33sOu5TX3kF4TP?FT1RitK3^j8$`I@rQ~AO375Y zcJ^UT-}+s^m3ywS3cC0mkw7gAaga7=EfqHDWpHU4GSHXVgu~>8eq)@*H$Z1!t}qxf=p@Q=P@PoK7_AJbZ>IPo z5^`U=G(^b2s&yzx+q?>*5lDwU#i}~W^yOe8{Wc)^jXg?@ANOOxpe2DYkCuO+JQaRN z$&m7zXHJ1KdzJbZ87#QI7r(0~{~#Fl94snTG|ileZi2a^MtXm6Vs9dAESVM3`W&}g zf!y?!)U923l^2(7Le7C1A4u&hv;rk^2qn*RdS04fV##(~q5X+BJN#x&4AcsWy)Av(J72cBza(t@OdhET5-Nj!0IL z=$)hESkH03r_8JDH(uY9$;h0q4xPNEy=0aV12L>PN+b>ow(yy_R``(|IQ{)hEcgh( zSk~_;Fx4B7pv6A$x%!+6Q%K+6R}@qY*bjAVm%& z9=)!?kqZR&-S^grT?P8ASs3`0zF_0?T|VP{kr~ye+Lr@MFOO#RIR-65URR0>krNV-`>I;Gf%g zmbMOi`CTkql!oPwQFU4HMDYU|z#+mB49h(Ng%6L`%KhDb&$K0B-{+S^Y|qmN{Lc6B~f^IR?c<{f0Z|SS~Hl zmgF~=c7!)E6JSa^q-!!>gnGyy>e?am665x>vAR9qyBbHtg-iLK;L?WR_{?&9d(G2B z!A9c9(BO5q>b(;mwts;!4_2YQDm#z~5eqLmxIU`~YQ@(Rug7hl#vvN`MlBe~9ka{H z!gw~jo2|#u)C`AcvM#8wEred1Hfh4si%-&n>JZVz7*PWZi=hOVfKB*)&MzRcLn}L1}E&$oZX$sW!)#n ztUHDp21IvE!`^W4Bi3p?!{la*Dh#+&4Y*^>trh6uci=o(w=D6TE#B}Cx^Jl>2ZZX$&>{)+ME&aRfBp_cIDL*|{{0(kw>dO4 z|A!&xtVK*}RQ7i(n(_W?Ct=03OC-G5J*M{o34x|wr|<`xWq`GQJ6pyUq(on_ILT{cisGrKUfeS;m-87BrpH7lQd4$HHCa!U{oROeh+N?)<23?Mi{leXKuK zWy7Vey+GjyP70TE>DO0o{t%1Rh1ISs!0B3%+{ww1qq^QU!Ra$eCfUdHL6IYRXK2V( zN6gW+m9@;_%Lo$99}x5FU@qH~?6>X+e$mBAPt4_;j=;<4Bi0IlE+VVEl@tYsUB38& zKwi^x|Gg{+J=D^K6DS>0Z1CnY3eQN}+_0LV(qNWPV(=~pkhnH@PNeyFsp~$O_GDh{59{A_ z03Rj|4)H&#oIA1Nd*QGvyN0~hq#zSC{sG+!*BadK*#7<53@S?y-*_}l_?Sp|aj_Z+ zI!f>3$SrT2P+xiQ{9_sFTcWUsDy7`H;iCv2w7bL9CzeRm9rWd2RxJ%-(cA!>hTn*`@}n>BHrupUP(SdIaKM^Z6L` zmvj65tb52D9kgN<7*7;ncf9`{o`jK|E2{n!0a(F3M=g9xD!~zYKa7il{N$?EJ1&PTNP_O=ywdtSiVH!ZYP@tS5R;H7lF{)!n1fO$$ zR|3BH#goVhP9;}W?gcsiRQFbXO1V-dn%2zF0rU9y#N6;;u5^Tc7n8)bjWz}Cv0$Oq zjFYXVY82g~*V-!8&rNBPpp}od+(oO>3rm4_6SEEv_xz0C_UJW26}ov%r1^Q}kF)0Bb|oIl_0AAj0*{u z-6Y1PH^5*tGy`JlWboXu1PG_mE3i!w+<}#3cdett~&P zno&JOk<@}bkKeXEr#W7BITK?@67tAjI!BM z`HRtZX^Mj@Xq#8Sp+b-rXe?->S~O3f8kKm+G4lkckeq^sK=^i4!MI96rFGZop+^$; zAi$!f&N$O(pwmqVZG<*;{#e!M`x}@66 zJgDz@n7BwWxdKdJO!?Wxtxu2zzoh6|e#I#Lg95lceYAG?uUVDLbHQQU==vtw+Txl` zbHey2;Kc4`#qZu4qoc}pXaxw3B*|h9lVp!}h=R&J<{(e*d@ODKq6WNxxH|$x1%Fa3 zm{jk;vgx#(O`(@0WUcjfs@8E;JZ;^Cr8f2*f&v?s}G)`=+m}$DC zZ+y3L9U2KwrSiYuG8>p7V1NpuF&Xmub=@ol0=E97JT~0H?DM|j9-O8_8gAmm!wIu# zAFeD``>HukBlcM@1nlsU>?EkC2;>v!%|74DCR`=~FNlq_@2bt!?!jq971^5w=mchE z>5D?Fo|&EZ69uw!>`Y6&vBqBjs-^xS*HzMTcpdagIieM34=qA^humElrAM7I*v}iO zoIMG9;Hq zz4XUTL6>-7ha^jvmR{)luiAUqbcd*OeBHk~gXaWuylGN-U~Av7P||xPXGG8%MJo1f z8@;EeMj|cjK`uEZk3s5F;FzHhW_TJzmV*qU=P^+iAEC5Bt!;t)FDDV z?Vf;#Odw2LO8(ukh*7f;GF^9K*%8GRz2EZa5+kTH=$`PxmmDYdXs!dfJ(W`F@uPxc zy`ef^yWdIXfZbLhCxa?>c~C~aU&R-@aO-SpDHFK9ehn+#5pD5#IuMzzAt&D{$8II@D~yW?{Nkkq)A0r4@U2_%1v=l*&!*x{Z@PMS`6RcfX~#yqt@wv5piVOfS1eG9 zuu=-KKDqt56NBx>TaRV&j^}n2)VWtK zXuCbFRPVRM9RBcV&%A6tSTr}_Fk^70nnIJE(E-IJ>V-m;(m~ou5RGGB3%95$F?8DK z11m_U{8mqPHbj&nMlQ;$sIq$|E#}iH8!@{w3-z1##ZKwXB;B<;-!N-D#}GZOb-l+V z+U@A8XsfbaehZ!5caS>0}pYwpze zd8<)r2?V8|va|rNlC#BEJv;8O63f&~Kmy9RxbJ=m6mRGk?{;lh?utPgwXgz$ zpnhSM&q$ls!?3+M%--*?&HG1D70buR_L|zO7CFq7NyT&8p44{0;(|qH5vqPstb$Z! zd?(qJ?@Hsrg~?XwinrvlM!1%oH8mRjT?QqYWxXVS>J9n_m$BW@RZ!Xs=Pok?IE&Aj>v`q+ka+Io#_ zlj&%A2CaQKT{Q>Y^hkX3LUQwn_s|c{nC(<~eVoIKqTV&CYCCLCGKWR&JwP(Q#71Wf zoNwawIs;dSdr9cHW(9rnfD)smXKASG2ylMRk`0O>H}A*b{uBKUg6{R|6}dyzY}r!U zpgMP+gQYHrHUkz75d?N#-@><2@yJ`-M9{n=>3g9#e4gU z@jQH`Lr!UFcMiLT^72$~MjxM0CKgQ^{*=;wMYH;f<`g;hK;^$2e)$vE>ACqPiI~Cu zUfy&uxnhp|i6w_OZm?As;7VM&QA%uf>*g8S?@+%l*EY?wTd?u1I1!S)3Cn&q%T$y6 zYU11J9_!Czd?$0{l76nATS*8DgC~N%#0-={Nt?fB^Ad{}PVTxK@N-5H&S;yn$Bk8g zn6oBU3wRqfy`||A?_(65OoP0HVbARE&gM_HeGmVcbf3jN}r3&vdOGYx^$t82b{8 z{b%xC|K+3$CH70}7CpA>HfyCL?c~DUL*(WmE7z1bQ*r_C(sG4eEs0ABJUzPtoj1i9 zDm_-SH?ltmJ9p1o8YtWE8{iRsA}?FKuSF+;sI4V)QP3I=+yUkI>E&O|=n1HGqf1=a za)%lr%60uJ+$+aV*EqDP)%aGhxrnTrXhiZe3#2b@%5iTYmTWu{vdEKMqyg?dTYFIu zk+wA$19Ic~$Zv)w^LNY?2@Z5Q&UV1dwRkeOA0+CVn?j$L+i4Q_F}(t}@y!zjaHdG? z6<4VIZ#gM1)4L_h0`yyvb(pm0GW5GfT~)sD)gEssb?01*$K6g)j$IvYy6U$9mC;YI zJX_9I2|6J-IN`P^#nW{6$9A?&uUecCGh-*!nwPaR-8z?zxC3Nu8^dEIw?G+u!j#a; zZG^GV+_gmFWUVuWOXsTC5tCc6GC!!la{tnHe8HiggQ7`{|C;;%d(Rc;|E=vr3}EVD zZv}8sHZwPKG6R_WYir?umDlM#S%_|tp;1e;%bUIi%L!3oM-@Rw!2N_$wiD2cr>P)s zzqyPKNPGYO7~3#!e<6!y;ZkJ4Gf%L1(wadQTtjqA)b2jbcf>XA+0OCt{`7AD#r@hB zmJd=CF^VLZvA>7rJsHOgaDj=lUM;G`6r3Xa38w)HIyunXjCZ7_KxVYr7VZFpNP z;02{fD|5z3xoH&^wCa6kpJ}_>S`E;cL=nUCFm52HhG#?lfUPP-$(72B>~u*O3?ZoM zN|u8AG4pcKaQ95Iao#?Nm{Z_lQT>Ay&zgf3Dh5b7+lwsQ^HAqFM>rjC#LBa6+01s z>^^hXPise;oYU1lehcmhWXB{A0;qcBTi;HUel#%5p<6bYG_+bX?q6f z0c23;Y$*{q-btUxTWzu+j;H9Oq+2H~)!@Q8SfNPa{0K7y8uUew&^*GEMZLnZX1IL) z>glDUO+dO#AppB{FnNR$O1YynO*s){p)5-C)ikDIDZMlTeF87CJbi(G4a8uq(cO(Z zVQKXOS$SzqAc9))mp5$MKHjY0mh;ziA#81si};x= zOKsy$^;LAI1Qk0>WUls+aUI?C-|Hw4i&avdt&U#X&oP)U5f_k)v}?Lfw-rI+kn%8n zKDQNL5_Dj5n>%##6~)7%>}N6Bk@xHb+K!%zWoix9jYeutzWv7zQdiUKclqP=)aMKL}T%ALkveQycjaur3?Nr}&X- z1N9QbYK^Ud`(2$}rFoY(w z5AD)ty^>1J0uZ{~8oi`!V*Ku~J0uJoomZYa0t2G5jtAJ*zj7g$^rK8X~PO5-cf&Y&Co1DG88Q^S38LZzDcOvJPy zOL8=2q`Bov;;+vn+btJT=1XqB?`8zVC>NrBw`6sJp?;#|YvF%n*}Gjxon~GCK$bTY z*WT(cN`#LT`p-x#b_p+bxqX+>&MO7irhcb+t9*rn`m-hMxZr%fvSQiR-F1 z9sWIZ4fK5n#R1eb%Ma)BG<>~n+3F$j{u0_)zsKApJ(~?^boR-yyywDncIfRr{AUW@ z%>(KS*Jld;2Kry!)8A9@%KyLJ(?5%pDxZ`hJ0n>YWiw}cS0@v*zy900{WnjbQp4K^ zbrJ3Ta>CrA9t#Xa8og2+G97HMNvIrv$cjW-2Sx@0(#X7;MM{&A*1`f49;@8&pk(l% zwV$s|Q1}2v-1}YIj*XIE+pgU1V!X?y+;^E;^L2A|GfvL!Zol}=#9}&=>uBRD(;NTk zb5h10iY&why=T4o0d&OzjjT1zb5vN5KUy%P;8XBhrds9u2|DDy=FaLdIDX z>Gp6_kKA3CrgQ)z_JVSv&@!X^@K;O*#6}f7qx|(S*YsUY1#gc|6!yKF#1l>^?Hv2T z_KV;{dbah+M61CGGu9*3M&-8guqJvoJf5tGv|EAJDOsrJy(Tm0sMt%LOc)N!R7ytY z0p-#PH;>O!r?w+Ym#vlalrka;vm(VAC*n6KFl7;&h3Em^!#J(8~i* zU0WA#<ja2JI|=1slQCkhlqCaK}-@Ax7ilwz%JZ>&zXYC-19L-!-uQQeyGhtI+!C%&~bZNw#- zkz%Zr(!)6)Kk{e&GMzhTjHf8%p3^HjoVp56+XVDAu`)&?;Nyoc>5sE{0iiM}9ggFA zj7e7I@0^zNMVJpOGQ{!ZIJFF=Q)-uN>nc-st0Y^p3UHTebb)&7p|nlHtc znkD&KKyO|BCg)~jb|ebgV%SK;#TreCaY!!mEI}>#PizW}n8Lgxcd}EpvUv(!{Xv+p zH(Pq)F6>t`SCcrc4&7nsOe(u#*?zW+%1c%xHneLOSCh#R+}Kq;y(YBF6KQj5GF-a{ zSXOse3cg~E6HPikrB%`~B8TLt8w-gqcr<{>8u3t~EL9#^4H4O$5#z&58-_@@@nc36 zGsfAfToDNhWRS!Bvji;Je0>au|BtnIjPWdt(g(|3wr!hTwr$(iuWZ|{>ayKs+qP}n zUD}$NY&Mh4eZC3L__3OiPr(%aNxKnqV2P{(9K!`jl^ zTW3rmsaRQ$YE?9_#WfB7uI8_qbN+;EVpJ0v##IDcQ%Mrzf-3XZ3U;MrTF@hKN|UeH zYqoNa2k+znB-E%8(o42AYEQ5+BYr2?=e&8s_*-<=IJ%PPd>RdnnK&qS|@5_lKgS|MU(nTkTfyEF@ zq9x<1!(5V^NsVKLbz)}atQDUFGMVd)onm7G{%~Z@I@wtwhwRsgx=BlyropyvYKshM ziT5g#XTM&1i>LOC#wN3;Rg5aJ;G-bizN@$D03O%%;L55`q=q?%0V=kaZqjd=pmGkf z76K@4no}Q(c(t2lM}+I**rZxzMO_6^_Wg}I$q^0{68Zz7>aJL8SGJMjx_7`P!-;AJ z%O5{({KY#3xvxfmHZ#)1sQq#s8Aa|vnh_2D(qCC|{$`lTFUS!{ax=gf6^L?}sr&r( zX*{;#m$Q4CaEf+2C^s8V%>h(IK|wmJvTs*H{b+n%Pw@d26@D@j3vQCL$UqA?{Me9m z=v|S@_$eNGD`Czsi_<1Aje^n?#8}}XeZWAm+lBc^zhei@A3%SI9A9yD1pI`<0@d|p z^vA-`AE7QcJ5UNMUldA0iejfOm(#yWrzT22p2G_!BV7aP{mk0)y0&KLu!VGzavqDZ zSYtWCGPxTWyZDVC`ttt4H0!I)_ZXK~({x;=o;^a!lfrI2)c*<{nSBWD)4C?} zq^-D84n4@fUk~a~NLHszXdFXTCF{7vr&f##Ww8$c2If)d7F{1)ePhdKfgxR4<$DU(%WUFV;fBHvw zxc|nX-&a|fMq9hYtZI#$K9rbb<6=}DN24%9^N^y;O&1o)a?KfWT?=g(s!*`5H&5&t z0vOo0xn> zhC@ju%4khjO=s72%JlMzsp7zQOU4AB_2ik+CiN*NA)!ED1Ek1ENWJfqph$J|VotSHoW2uL{iQGlQ(vmitIKxWh-;rfj(`Xr?l5U(EPbqI^8i* zL$BL?6B-m1@x2otN*PR%H~U`x;-&&p=V<*3x73!r6HrL5@V76LWOtx^P%}HdXydJ? zXhiyh1k_lA=kY%Yyl(q{Q}Pq9e)ANBG{)Bws3x9@vxR)z`=}9=T#0m1005-B2?6o; z+_4d0LIJ+G7 z3mg)g#Xy>LvYOLk8XJ}RBIBE3N=+7BcUgo}W2cR?yK+OXN#Az`AICH{3D54Efd`A7 zvH3FXfjr06B5eLo zfe;&{F8O&GG05{k^r-;d(KM#HIO%`0yL6dv$JK2@H6t$!l55Ka7k1l^dvwg?>Y?65 zJHZb8HTTtLBTcXteAxC|w3+intbGa&kg^7-nY)mzeV;-s)`%x)a6_5>`FSZg{Jw;C zFmJAX`WSa({*#5Xq!7hL1RRn;L1h~ee9JG@dcaI8b{8YMSmzg?uV$g1c?1Xx%Ovik zhZ_MSq$R-J4UGuBO0>d3FFnu{?%(Fd_)#fSf{Xhqsr5q~S^Cqa9;J+M@K(Dc{)QWU;?eU~c1`(D2o+d(BK?nknOqD(ms$ zsJNN(IwSDLJ66jfZdostta)otXm=jzEQ_)peK zk>a1B$>)kaWJeEWI| z7}9KuY*rS(H3y(Rrck^T^YiTyj&J(B<#^<+*ScqezF#;`q~d%X$9f0Y%u z9zXF?dNGX^8h;dB^+j;q)%Ip&2=?pTOJ0^u9{Wgd$sD(N^NcCEdmdF?y~0c9*)?zk zABJ;>wQfB(^2z44->neAO-3e(d=X38Yk67aqn+o5ead+Ds&)?#z(yK9BImZqi&4Cpr| zAd!N-Ee53L0V;GLtcGov;@1|{d{ev7i0%cj>rav8}t)+!s zzx|I9L!Z!UlX#^njZN5sI~ZNhY*?>uT|>Gm{2KUYwL05v7VaZm^}`qt=~Dpk92Q_P zCfGG4Fe|V9+iLc!6Ngi^d`#_RA?c2zX~YAS-Sp!nxY=S@teL}%Q+(GPeRc}k=&PXg zM>FhcTW~dK>hHpP^D@}tcG<%?tO4XkhIes9MA74{Ts>Thk;M%&07ZJ)WvZDxD%KRs zuLx&S3l{&#< zqv_ge%8CxG*WX9dHNnZCgc7QhLYMRtaRSTx2TTM7D6HZ@hW%+oW?w~zcS}XZxY_RV zn!W~iK74;TnbuX|aWf=FU@4DOyJ#HFv#Kz}Mi=Lcu4=$3akYXbkv4Q4lXZG?fv8TI zaI>>2Tc2NTY!>p|^9;f+Ly9pl{@G1|9UmQT{8ETfh=6NUER}^|o6A5{>35!`*~;!I zY}hh~wo}<8Og*gM`m2il<3xfk>0pq*?h!=gOK(kiZsv)p$X|oPhbD2fESP>m&Clu|Tq+yDhLR@1=RK8IyTI`inH7EX^eZnK<#JqO`}oQV zh{ME2sc%Yhhxrt{oqc#2VrZG3f8qS&ur0Ca^|$Jlt)p^3~{G{%gWC%EfVCFOOcFj@(%tzt&5X()2n{*HbI)&}nzA9GBp~PVy zh%I!ad>fSj!P1{(;vg;^j4e6-#M|2unFb}96l&VjM-*CbN>JB1T|kTAuOc7GxKhf5 zxx>=>J9C*NT5D-MutTGNu;*z}V~yw}1i#PltETbW4%2^fj`WUbTZY8hsHWcGxMUDS z6bh!S-{hdl$h#XlxmCCpg-G2x$nX$w9$`EOb*9!0($HMgvq@EC6D7&7ium5<==kwD zPSuri#70Xh=VQLt^LA$K^WjTy;`pp}F@#Y|@i3Bqa!k(5 zYip{v!-;Kpa&A+s+D0G^<^I8Rif)=X1@NaxXjb3XLUd89bIK4EowwiD4_CBnQGCMb zG0S_7t-$^J^@##(#SQQ;H&Q@o^H5mH7$3UI_rrQDVa5EF$wi9)k05Bf#E*nkh#Q4x zdRF0tAEJw9g^|Y&?!o0B1CQqAPpFa_=f)PLD5uvFFmF07zIi0Sh*Vz4->RcOq>1|yMRN1}pD(=V_7 zun+srs#s+4j4bDLh*)+vbc?s`@5l(pTOnB=e-qMxrW(wEgK~RUS9a#Ji@;!To31}G z;XoiHwUtF`oqxtplkCoi9T%KaWt{Hs{V{c5KS?*%(2CAL+5g#4ULDRs#3djnGtj<- zl8(=L;KI^1&qwB<>zC@J{4wb4Lm{T`GL(nhtFBNzk(5z3@`iNt0L`!NtAS_Rh-}Xc zHE>gpni)dzVD3jfDQ9%S1twU7K`6bpLFR!|NG~l-?Q`4%$u=if7hdaDvaKMZJdaRkeo0>;arx z@E{a~F*dHWU8e^OzrMbWX9X($suCoBfP5ENO{yqOgke-$Kxmpf}+PFUNgtjW1^U1&_AAqs~Cf>j-!Qp&m-!ctv2y z=7oS(!&u}WUUc~L@MTJ;(updBx+F}xhj(p;!gM20hLAx#8-)4U&9-2b_=FAy)j!`P`ZL@cJZ^O62k;Y_0d&dyu56s zm3TQMmWh;m9(rrI3jC0gOoRDg^`t>=pSFiKYfIAt8_%uJ7|qWW zF!m>B5dX{x3HLUcGbADxeGQ~RgTvZ8421qDMqfto$H|*Y4MNB(@xrSLwBfk`x&FBR z{M!VC{%{(Jn=Bi34@HK`p zg8L?-fFP$weU4Y057~5!s7BHfthbSaMc}hn?4a5s`yiJk7n(i}oXU-$jb_QIs$q_H z^IN@cxswaH?tmVgUy22IJ{{h(&OXMPKDMfKV$P-5vaZxF%*;m-KTN~|e8N^A zzvd|W{VbQSfIfbc3;_f&3`%iOWsk4CB)A9=1FXKS?PFI}7I2CeEN`5hSXOr2XjChn z@&Pkd=tIH`KxrR;BCeCllG?Iq((uBemM<|zJ^%4`Y?Pd4;%7Pnrgyxb)$*!w>kHF}=E&!48>Nm37dI6WHmVZ=3xb^5xQ)}O&80D)$?eRW9^%e1+)%i@reA6Z zLHEw?K%&Y3HE+cp^Q)k*#7P+37dT1fbYxct52nqFhvDDY;eStPxBN?zGx4BD_r?(4 zi3A*V)){9m8OH=PFEK{}kRxXE6Y{sUE?+TK)`YY(oOLUA&4Xd`x5`ck0!Yu%eKYqr z0ve-YtAWO(d>6|pPg{X79UV0B2s03 z?5_+TiET(k%Ho<1te=O_IKZ> zAI*K=$8P?}Nmq-5$!NTW`h-Ql`ABMN7&Tn~jM?9IK=h1^UOv$~tCd`RV|Z1U>nDPF z8{CF{AQfO|`gCM;zht1^eaTDm8QoHRP;DxP>6a{Agl-mbk4b`!Nq$`v@CsoHp}>ca z5?DMvE!w77sxH~Iy%EmC<-<^T`<8WZnuyjjy{VQLsF8<+Odw{|!{=<_!(N|W%dCzg z4!|<$fK)%a>Kkac!nu-&VG~Q6u*jyqk8V3igie4VV6pltaNRN~|wJk}gV~O)l4DOh?WPrW|smAlp|HZK&#$j)uXH>e;QO33T^y z=l>$l*@UA5j}*D3!%CHnZpbU+lHd)+8&wiDN3b`TbrP@6+o~0hkf{`t$ODZ~L|!FA zaVNWyEkzvlbEP{e+i!_D$?Jk0SOXkarHw3b_K|_>77%sk&O1D@=S6?FZKp7blt4!4 zhOW|iPCki>K=Vq-i6rI`EFSaRaq4<+Bc4RT7-Wuk68VNLZgNRFj??g6G`NNNwJGQn zMMc4_({!hM-`d`CWI)HUCGd8MuMMx9n%Zl%$jz0p8F!DaVwe5F$_+y+8IfV3u4CMe2FJx3xv!~2 zH4)q%b?6mm$UEpeb3=N z@4-7&bpWBTFa+KOTA-pxiY;p|xGIWnV9}z&Mwx+mY<`_%JVZ|YGYBk5m1GEKXg>j; zXJ(y>ls|Y-3nOP_QWC{KF>p%J@!K2-n&QG$Y6#g8dRIBhV;a5$@9)vJyMd!%j*bdf z8;sx}HCW;!jNnOfr0J^9}2S znM=1bV7yDQ1mL`YK=rMFqsNS7BZ!VzswjNb!cr%rE3EjBl)$UNWH47YVY!(NIiQqa zCLg!_rlPNip$Oh?eFC0&DXgB{Rp?cA$2L1G-SZNa@;Gve%srMsCFw ze4m8*R41`2Gb>G+m+v6`GZgt?UP%`RrkLy67^VF<7MCJ&1y?r<(QTTt-8!wphW~e3 z=yn4LLSK6uMf($o?Y$Vgo!A<4OpIz`)dmVP1Hy;j#_=mGXMQCwwtgj-6>qSopDRnOys349)#njK>yd*~7UGC_nIR`B zi~$t?>4JB5I8;XUGqcDY)U{)}_;I3H$^=0ycv$C#_ngr6orx@{h8)lcK zB>StkW*0u!6!iG!r9iddX7xf-P271_bz8u?gMszOQGFf$YIR=^_wZ7vqR?(kI9V7A zCr_?e?g}@;L3n$M>~e8B1pP7i5G}84_#ULjA~>Sv@U141$2H%P#sG4LN?%p6yTm9& z8FZSzbROob`8XuVkO&P1qyA&I4qy3>wT^_eVTBjSBBtm1ucMh-2Iiaq!1c$7r@GZ`}#Af@ams zwZ!9)R8WLujP4pKEPQCjk>ZtrRWE09;K|+5zAAfq_Bo0a(XsYh_9dN0=Z2K`Es0&8U{fc~&ovpv!gn+uGwk`qGu`p&u4 zi2=VLQxXAQo_oV>yK2}T;q_Vn;=8?|JuN-^eBV-IhN1EtiQ5=u*iYs)rj=P^nSRxs zN){?cim5qsMa0c&WY;q}l3O67hp~RhtGN2#dzJq!K?Iv*7)&ljf1XbSZKUmR@>jEL zoa?L}T4~qQ@b4Fv#?Pa;Ce6Dtmppp)cFxZ2^bWpxU7Wp!F&4_e zT)tuE@jw=xLC-*MuH+*PaPy2<$j(`%R(^-x@wzbLKIDS& z`UT=tOppxgIvTiLwc9J)&fe+5&YWPY&5s~O!suolre5Gux2sWq{vC*JRXUXWijnTL zIOvp3>RHJ)R$^mLCiYC+pWL5!R!t95TLX-jFU9QMk~K`)f+$Uij3NKYo6Gj7xG`xa z@4+2Qci0qw#!zbA_Q!4?4M3qjPoyV_@L=VcSa}9slfTlMx_!v?kD=E1*t7LO41f3{ zg|bD6G>lTXlkf}7Fk2jFFbdI>OININFxRnoLA6on16*BBOJXG|ZI&TMuaNex-W^<> zT^Xo(9dyFYiHI{P{O zdl)Yyvh*yu@8m)_D9G8b5yk9LcAGs`2q` zBt$CLDk_=%EvkrFuw_4G45?NIzJr-AzNM?ROX6${;6bBm)T;so`40)(%yN~_ogLCs zF=0NmlUN!H7b=iHm~TzAf~tXX-U(1Gi)Kaj>w^0i>?Vln@3fM-G@eZv=eCgX)|BP? zxaM0ms}tKt54*zJTi1W=H+eX1*>(r;?O8zzL2{nq9j8d}G>Q!1wR{MDpSlqa^x4(H zXL&euhFlidYNR1l)$es>G@cR>vj9Mm5|!W?)A;SMcolq7HXTW+ zPW(Eb_29XqGGiX_Pk??*BYyf<(CsOLB#aa!B5(4vmrahD%%W^u9V$(>81)T_`P;7^ zyR(6}Q@W@8nMcMr1?cblEwJx-g9nBv|&wm+=hK>ObyvL`U*@eF||-RWw#807&B`DWe8fgfb+18H+) z-kiEq>b)>Jk~=50vv}TYc!#xuwmnE_pCA>%z28s)dU#FSXOBzaPfGg9V?L?e@`a%6 z7gHpqvX5CQr*6JrUn4TgokU-zP#^q=A<;WA%)YhCMCTFMSlKzj5;>d#GiLk*F>r#bp;dv>Wk z|Hs>!4R@yXgSqw?oZuEb`6h5kH%k812&AnWQR63AzAeAd#ulXQue?S6V!RI)N*98D zH~wT#|L%dX-Gv{|U|0UF354ET{G!q~qJJd(GJZ$mr*yu_+b8<-;vY0*s|~#`8&&bg zV0@J=LhJZo%q&H8MH5v5&y95Pyl8A8B#Lze5n#-oJ7&D_zhK_cx%f#82$b{T;6}IOPXpcaPS~3Hdv=i$nKOsBX6?4f!ac$dKAlw#MOI)o>@| zei8G*2GCS2T=!au?GAa$KYMjOc7ME{GIsr9L7u43y)jqx3eT4HxukX!p`ULh-CCH) z81K$IX*V@o8K+5KHN>ZP=}Z$(HF1c55r`GfFSI5oPBCfMjZ2i~1EjUW-wl$xg>Ed3 zw7JKZXdR6td%061dX`WX3iE(2Oj9#$it(QeJTe<-@{DBj^*&^5#tyDT>*?8ax80no z&1$Ysm`hOKXdf=3n?_G#UUg=8Zv8ure#@I$nm~)2mBkd*8;e`AN(Qb$0^l*~OCA&H zZ4~7^J9d#4q~S<2A8AEnnr6fiv$h>J$i7o9WK&7J2--+r z@=acPNkZIkYpDXl-B{c3di6Z}_~x5@uTKvY7;dNo{q`Pup}lo`88@STy&|8Y>(5Q7 zFG-mB*b=-+KZ1T#gMMV=e&uN29N`!vt9(gFI&^o|lR^T)L!EzmTSrKDd4$=d@4Ie+ zhJoa||L`v3w2cvHuxe^H2W~i;%KoO^&~GA$&w|lB-f6f#;O2}N?*;qLFl6i)K>uY_L@;?9If9lhRA+B5izH{K|(Fqr3=c}c){Ddtak6Q*eaCc|?0u{TWpLw1I@ zv`o<_;j}pvp${Ml1JZ+(^eBZMF_;r@Mm)J>){e#=h&`gI)P zhssN^3@I$>5;nkO=>I3wS=&~c09*H0# z4k^n#fj+i(6V7#EXkQsPJ2;d zN2V*a=IoZlu1>?*3hS0dc?fr^*tEYEJsc}DpprF{q{M2VaSs_b($hAWU5QId$CS#P zPbk@XO)EC#U}ACu*H{G*J(o<*i@NBusK^!bhs&qxKH&v0e5ra*z~FyE!6gOGj9lbf z_26JY`un#L-oI22)X37(OPNQin8hY0*r76Fk|+QBy6Kd5_Gw&sba403FW~AA|M^&A z4Or%8P&c`5tnXO|)So4eer6Xz&P^|A?yS4F5goyNIgN|0_pl2+jH= zID;u1+19}4M+0V+d|LHvnZ^{wR-)9;5nKSiV=g&A+q_jctCV;{L4&&qssNRt2fu!fkMx=&5!sa`~em? zX-`&gLcx1mB|jn%#ktjXh^mK8o(Y_+ZBsQG0g{GmTMq&*H?D#L+G^pkj%r;IB^W&dLY8C`G+bm1=xAokD-5uvnL20|dK9%O~#Zj8zzy#=R zQDdDzB=9ArMA5Ogf-`XaGJ`@*YrI)xlnwD{i~D|XVG>KjVKAooROfJ}hltIw?^l*B zNC@%}TKcXO;|KLdF9~YYQLm?sf$i`v=!mi%{0AHChYRdS%xeHq-D`lkRYO(41RY1b zDO~4p(!e*+RL)?2?T?k9FoAuzCj<=JW6a;aU6~%b}A~oh>N-5if z0!628i8;ChtISDVUWt)Xnyl`pmW8scHi#+Hoi<%Z&X6KYjq1MG80*a2)!%y<5%8+3O*pM& zJh0i=w%&Pq9Hl8fafD21t=NMZ@Hn3B8dU{AgAd2ehen682DVsW{pIa}ZEAVOD(EaG zEsrUgWk1HdLQOx`3_iXy&i=!s%4QPe2Dcfe42Oql5+#Qnz;k#28*^ZS4yH$MTgD%4 zsdi^YS+k9GAnDD5s&ZICUi(=Thf}2#ED}HeN>{0QP6jn{ zs!ey*nA8G&o8+VAVFu0h7C>cgDAb?4LW`=HJBinrSDB?qeU4?9DZ#@JvsgK7%|lpHpnUKv%iTf zE|{>vMA&&s^WZC9d;0|S{bkilLA7gD(dQkj0SpGOymBmrb{tUoU9s0}4sqVP(x_%QGOaSpXcvF1YZX7Cng*U1t7_`u@ZI@T z%%w=wi!_6$G7MqT^K?N3kc)%K_)&t8!Mk$XIRc?$Nt-s@$Odg+c?eM@Jg>`nXYE)f@8b9;{P zjk71Y&+zV7QbRFBp7kqfj?ASFV2)cBHG@Re^zKtzmNz4}ZBkneF>^OAEml|O&sZ)2 z0@TDYEUnLwZSj1RwF&4>U3$x_Ac9!@$6)4KaBVc9o4Ide<&w%ZE9b0Ih;>k0*j7Yz zr`YBkUS*HeSg|G3tX$GZkWAY-hq)$>CX=yLyC;+F(#YW+>BP>6^A>)mJp0I8@CVz% zhDp%>x{us}&M~{z^t$}>DOUShLcM(s4@P+XaV5G2az8Xe%Lnll%v+vs<)0dQZMjQPaNWr9QI(x;vIob+^QjmPk`Au_~Q}E2VSTn zFr&s4%(q&Qb3x3u>kP;}tXWW!Qg=h5D!ZDmrA)r|pN(QJ-&33HLlVzm-W~j38}1m4 zs39KPUp&4Y=(F+IAOFectIY>}wWI(7k}&-Lh0ph&f*DbFV^ar!rM=yM@%dsB*Q5r1 zEGxf_tq;0yU^EnTn8GOoCt_eImvDY2F~CNAJ|j_biQ^X78@U#Y!5gUSHfE5;5{ZhK z%!Jwe_50?7bL@TP0>|HH5|9r^g>Z)7NFtohp*V)2ij-VTz_a-pP_7dFyfhs997h16 z8Iv*>Jef03%|}Q}fAr<}N7`Cc@|ylcHw%8HFzN3~B83~xbua<6?tSfeLK{ZNYyb}c zg+1%zWf^10Xi#qG-dMK^yZGQjBjj2A6qtsDtiLmwc4ehh9E^+P5g*&uIRBs%(z^ch z?C#*g*^7v<2tig6`Jc1YM3h!BVId7hAY(EMurt^~s~v91L4AF2^|6~Z*##=JLtG{M579!p;dASuPoSWtgh8Q!hk4^ikXp;W{jQ-c@TQZv?T z=PPm1f8&`=XL0hTFGkZ)^R($WdLIy&AZnx3U?vZ|Z{)cxysje#RDau0T|RGpWGi|H=;a?}ey^_KV&%PhB-q?SFpJ8-mYuA$QG4 z27{sRD`QArKPre-si~iEPod<+3r?B!&fcbckROo5;ixjl0!K{Y*--&wibT zoj-DFvZo0cKnKb5Z#8&%b$FS7y}iuzM4W=RSz;SK_98r^U5wTv;12O^E4Swxv1J9I zgx0jwcB-|s$gtgb8Jc(~rst!^6j`!LTP9-aayD*jNlgU)t@k=zMJk+QTX8P5$An{` zU0z5wWStTn8F%a`c30bgs!J}kIdxB_oUphfjEv2pl4{vV>7ZebJ65EB(HN_abOa2T zNf%7q)~+X9cwu1|((pu9Mqkq<%kMK50{uHF-Jx9`37@0TY!_R>(jBU4#gsiVaeJ!!MGSq$l95n zv2(N`iMLv&KB`;g8(5J0oriJZ%d5dvYpk2GdU&=((?3P2wP@iLdB!SM;ArWJS#H@l zyys*+4aSJT@QQlnX^6Lb$s_X`u(};TtEX%#8@@*~&mwqJTY&v&c)wgXXeA!Q6|ari z^gVixC;l8B{2im5xMC|@Jteb8<6P=IPPp+**t_HmI9P)()U4^B&&)sbsII_9TwxuM zsmdt;hB&W4%d1a73GVvGN~j8BB`Z5Pn%|hSh+I95CP{=0oXL~D7(4g$JEg>IQQ9MB zhJqMPlRbO4+M2sF0a1XK_6)MJ?D)MN1X}GLaWZEKLvC0|mO+I^fudb~RK#zGcWpIQ zlQIo^iMakVa}JW9%Fbp=|6#_7toD952@-tj{;l3#`vcW5%+V)5xorIO`mEjE(EB-c zt2JXE_hf<$4j4*TlZ{$+sw{<7nK)@KTlj*5CY%*^fIqmHzp}tzd9()1%`uEW(W8w|GF14cFfc zb}qfc=InNy_6|DnCm#ODhv=_#LSstVER{50YT4zUUFQjv1#HXgwq5d~y5x{QhGe*=X;NF#gD7si6L+c_i|`%_CVs1wnIj zCsT7nfV~sxfBTZLH#GUbg|R6L6LKJeh*c1qA!u-le0@Ql4t%{9LNc(VdF0!zO$}GA zCK*I52L~HGx4^#1hN(Cazb=K<-P$WUl=*vhtbsUwPtOr=a@nKSYV<_R>(`$D*!V~@ z5UDJet({t$L}Luhy*2z8&9$QD77An1z6PmIN#4HJBjP~`UxgIPq*iLB8j*~QYxaM5 zw|{qCM199Y4K;YZXkAxoK~iupR2~Zpy$A~7b|5r{~q`J&*Svow6<;ir&96%<81%2O8~NWGG{P! zF#Hh_GZ?#@G5q&1>;G20|H4bv>hEqUKZ0U8$c%WML`EV50oEVx4H)@sMKvi%k_^bg zu_!qdTl4w4&bO z>zuid9mSD?dS3!;u;%35Vhk7UXW0sKUeZe`3+Y~ zT(krxsoFMJ8)@3icr#e#Ls`y9>0FDt;I$n)5H?sh1GvHaRkyrIGk;+wv?tY>sQa2q zty{8~N_)D>S^!iGOdf+~mun|`qzAUfyVbgM^6+&*UXZBML!gnVEe?5c{z#0G{5zAJ zh;}TsMEl(pP|;$&8ekXTqQXmwArtjBt40K(>GzBE(Wq3Qx-MA``m#!{j*{RVO-o@Y zKMw!=Iz#z^7n?5_0p`{AEI3kFIR3gVN0ZDYH}rj}#&sa49M_!eNf8c#Qdhgo8k|Wq zUw^<~3fwQBfnWkNHJXO*o%K>(Ydu*MjZ6p|f{FBRxd<`Fm&D62lsDQpLpYM(lz#(8 zT%w6Rg~axSrJ4i?5bT~HQEeTZsS5UtUt0whlp^YNTZ+cRm;$)(Etzv9$th$xZbIeD zADJgrc*!Z1qZg1Cl&KcZ($ny$?4Z~UP{UNmPSs2bu}heQ>s>k5wklhj279YsVl7_5 z@QwZ=(|}#fTG4l|S+MOJde4W+Te^dZOLmBqpM>D3)dS{ z(5s4<*pP?x@`fA@bw&S!xyg-qGiE-HzXFkgv*a0OCTKYIz%ram_*tZ%##UO`HAPca z@K@rc)Ek*vJH#Vt$h!?EF=Mn%Gp{D@dbYVK4Nx`pFm?Ee%#h+WeYJ*C+>%acvQxl` zipirdnzmmy6n=wn~D%9w2)yKWBA@daPS$e0c?)EsT zjSL4D3m^7bHU{05wnk+nVxZ|FFr6ZcQ)#7!NtsUJ(5|qDvdo&S$8}euf@;B z&4Y#&LCM>s8KBPESpmk5?jI9299o!^pKtggm2s5KWHO9ZaI8o|Ho_wPFrT@6lB6`p zxK=oMo|=EWZB*T0F{^k{7>m!%S5n$_gw0E@PA;&-c{3Zk5){7h7TJ6 z+7j=O6064V)mV%pxl*S!Jr`b{_F3cscw7u881`nTwydW0E873={Do!us7`p)wsl*1o#*mTmw zjqJd%eNy6V4d)+q*RZag)1=gd2IFGv&V4KTxzY|4yYUdCMS_Zymfc!vGs4ZSQTNij zGFr5ho1=Az@a_PChw-KgrT43|qO_7^@(2q}bccpgriM7qT0;HvU9~P6i<|cx&W!s( z<+Vm7Hig?EM;JG}yKx6cz2u2Tp{Gggl*p=o?ZX?~Gyt8eua0FGV?yJ=zBBqMU|rfm zHEt>ZX4MG_57_U7`I_^F`UkAhl{xo(VIzsaxT3ft*p2XkT#azN#igo7*thu$v8~{5 zf{8!v4EKsYc7}rt0z|RR;8#gQV;9h?lX9x@4-<)p|XXMoJ)~ z2zXQr3HV0tX4{ZUyX49^AfL=!O7B1ilymkH>x&y+xR&(?PKCejCepo2)0dMATqxyf zyhvvfHyI+{(Wm&sY+HLt-Y!5qvpGGp?UqL8D@A3MQFh)Wl~Q)9_E!|gZ>ZmNNqTlv zPeyWhTqQWRLF2)k@7bNN)^- z|7bG0O%A6Bsov2n+&rcB#WXa!x zyMBrHJT=2(z;#yx zu3FP(nsUJThh{eKPF_Q@lmZE)%(oP(Or@Zym1m@{AL`#b_xWm>990BX3~088JASRV z$?v|nT-^Tph#<22{?8rHBck_+>`xep4eI{{`~KJ923b>QXG3#SNfY7!z%u`ZRk)w* zSNI?xAhaRmTp`HCAg(?N0H1?_gNM;7pNEmGpZ7+egUQJSi~IYNod6$w!tC^%^Nf91 zrQYe@{!zmC6phrf+$6~4C;4$HS$ad0c(8FY^RQ!6^wg4LV3*&=f{R`yjLhLyuY{~% zX{f-mP0P_nCcDtn40KX*E)$cIrY4ADP2vbeK`{yc7j5qpWLubQjqa*lwr$(yF59+k zyK0wh+qP}nwr%@XcmMzCbI-%+xDR*DST8eT#)=g&^UKVUBggQK^-To;Li1g!W2o^} zg}V3?7wY@_r|SjP?!w2tzSMti{MY9{S8D(I`wld=|79AVsVHT$ z&jQzZt^yS|P7}ixj?;YNTYEqyry(yy&L<5*JDdMH3O zG!w?Tcx6Rw`_`Vn`w94mZh&b(-6miPT$fMAfg^ga_L70Wxbtr~_KX5<{ltr%f=QPZ z16pmRIjLi2(Lh*?X`{awb~{CJXMg9{>tloSfxYDW97R@X@LcRy%=6}IV@UX-!F*iGaq+39iH!>!RN?PVjYevLbvs))a+wHE+0BY`2Q$WfEW^sp%PV#Td zLj|qp>&lo1r~&ZfW?UiEdsGDDHV1axw~#`?v-^xqD#E&BT8jQ;F!KRJ?0qAQWo>>! zW#)~F&I32B35WDd!mwm<1gEOviQ2=X;idsNWQ(EEaFLBcA$vss*kgL?Z6+ z1_$J8bEP6H@ALJj*=8rlQj%h5#$b83^DL8bOk;P;rQ!9+QGV@kXuH+`I@M9Y-!T~4 zMH;<$>q47GZRh~RDh6Td`4XNX53G(Uyj9QcZyzYHMi>TOF+!(r%rf2>S&|Kp?8{pV z@GPJsIxYFWVy(m4mChzVjh+v{KZ4fGy9iF@_pe_|ApbpR|EJ*Ge>7E)GIG>2)N|DP zx3giQ;{WycY)TM;40}<=nIp)A$QvT4l?x#O1|%LBEdjl|&G|gi>Lq%Gi1W=5O!yvwWsy3k(&4J9g)xfm?qQ%}Iv$ZwF-mB(mB&lp8>7I%MK9^&xt zi_FM#9mflxP{|KeSHy3WCwGW9sT^jxk8Lc3w=8YY>PV!7Bmo2(02l0sYP@S3q8!H! z=!K*>78pidn$6PBN6SPz=_$39C4Q5+c!<61NR(f&wC1GSx64tAdFaS8Lyh_sg75!X zX|s5r$|*b3cKf}JD;7X0f4He3MpN*19jI4O65uS^_=a%r^Y?4+n`rjxfj4p>(Dd1k zuH)qS(?`WXs9ev&UcrS?@?k02?$*CSYrcdt>GGM#ksu-n>mb+Ft~>9?r0Nuf+BB>j>`^@gFe)hd6{Y{DbDl|F3q3WIrkH ze}y3aVe$NbJPsp&_9-z3k%zb0V3IPW_EO;Xu!#Q9wD+E80Aa~5&2elIR2o(qF8?81 znp@k#s~#{%UN^(c2}o*y%OMTSYG`OEY=FZc4Jbl=$a(hKrtYl%em^a?F*YfTr3U?m zx9IBjx}Ln4NO!AuyY-pQ0{wfw!z(rOXD7^$lO$b;k<)r~wN%cnjwrn~!y-|| zC_u^FS6Foe2vuwb2p_OAc#^OvgZ0+V^Pnd25lpjT+u8E^m#@$|2S|EO;2%!rw76oD zyE*{_UC<=1KmCD!2x`nW?!%VH?hXzNmk+9FID#@aH$4uny!fy2RfTu<3Yg7Xlj0i@ zio&n54)^}1I^o>h>0jD&0El`BvhE7Vwtz<^f3vJD?g3xCZH_;?pHxDjoO_^F-Stm zZ3+YGTzJy|PJ|Xo>R1_Gr#5@RkaP|W9mf_^tVVvCt;(UO!x zr9N}=2a-E$EZPecV0dd3G-t~Nnd0z`YCCOL8G=G#nKmR(E|xqagXU8BS?4_nUE^&~@7PSy-WcVfoQWmO+GvTz9o{zHF z4b_i2SZz2Wswp{t1EcXPs#lvVcq}Ljcu(9iH8LKiYsE}f9G2j0@xAn<0~GNCyjOV?C8#T=nS$8dgp5RtnugXYc^H>RFBCd^H;+XPZY1v=0R>PaR|x zwMB)lBd!t&W(>nw4mP-LkYl$xnmE}^(Pb*rwxvOPkwVxI`0Y~DgXRKIyB$$K8P96j z#y*kJaanxciLfD(|6@;&p&SP5F@zj~V<2_;QJeJJON&B2$XxD$IzC%Q%4QLbC z%-p+9>k(*2m38XsZ`@@G-_o$;FcKoz`o89tWwdVDco;a!vSD{yCDRr(C1 z-F<16tv4K9+TN-sAg&LgGYJHWGiUD&rBdJMu@IRVcwsq7*}QOC z!c`B+4+vN`#*hD4VmvTx2(`A!`gN~Pye6WXJd3zyrBJC^8hT7{p#)|A#*6<(4N!21 z(IpBR62)&C@kDb3S>h8c$nxM>P|NC*73us&G1n@@od{9;xOTyBs0~am^6{%X0E}U;h`L=JjdOht872#!wKbsh*cMqbml3T?aES$0^L*TAD%jR^kLNp&xl-zfRvQP|G9$d&^()7qxNuzmTWxcugSiAQiz z*n&P%dT{x?HFu)%efW1sW3rK4$r-#)^xCm`h)>F6mTf=h{kl-xelKSuJVcJ9w|q6^ z*a%e&|g+O2rT z-ue6zorxdu*Zi){`38D50ffch9=PX6U-5-I8q z_{KQ#najB&Rdn8^?cE;CWUM(MH@-9ZSoiDx8@>ic+oMxM{3?8-@`Cvlv~$h(H;BBU z*W@78VTNm?sle(Kii#K5DnprGebS6N|1pDwq0MjJSXhJIiD7L@%(%gS-dfm$U8}z& zcpgA_*#Ux4p8b*09XTKEIov^RGi8f(Cp*RQI}lV1(p#l6NMr=%BW)ErI##>mnRG|Y9!xr3E(KqR zO(3dI%^s_|o^%(>4J?Z=dN1)2oJ~f0S8u=p#>(IZR#K;DB<~IZ!PlqO^Yi&%TCpR3 zi?TaEXh`+{iiZ40I6y|<+{nODSkK^R2IlrJFr-mcLt|qJS!$1EML={IME`=m_cwl#n7}~9uUI|-V!fWuVzam+tE*FLtN5*XkE;T^^k8otowqsO znSWfv-kTyEgp(0bGj#Y|whfL`Yv-odmG#X>+28LsgukA5@_|_N91xpIR>G{HM%gdZ zl4#72B;USD*}1RjEYF!G`%ev4HkNp{fC6*d4JQj4fvI`Ri|@zhPl-7zks*?-*FkPU zCi?hC=`u5TDmB_tmxq;69)QwXCZwP)E#hd;qm*Z`CijWhOh5&W(=sCVRfiVx@=I38PdCOY?ZLM>&N@A3`cKTsix1(Qre_qD)b&mS(Bf^S6gi zT^Jgs%%aVb@(YuX!%xZksS0R~tFkch=r#xI~3}a(VnD( z7|ia*Y>)1K^;fE86^&OFh_%;^7GybhuEzHOU>&V`2H-C@4fR>ZoE?X!Syj9BuWQJ> zv-#vnBb$A(agvUoo>@gqdkG7%W=qUvSXnT>$@-X(<1d)k9a(IBZ% z6i=0%>?*KI!KfF$?tF1mym5`?G^sjLkY_8!?kcR4QeJ1N%uZjk$hfD%O+b~kL{DE3 zI1Q_hN-7liui_)4zFLkKh!#M$DbG+Z$M%+0gpGSHPA-=F0Y8_c-3ku){De(6(=VpaU@5z(h9n$EQdNSpN26h(D7k{6)FQ7xP}x@ z_Cp1)Q4sKo+hnlMBX-U6RPDfn6lVN}z#(>dms6n=nu)IW0~Cl4sqixkqUK71Fg|Sx z$?{_llJcaQt3BuL1dPXr9}w&X6rjKY21W^NJnI7F=tT4_M%IK(a$Pb*J(d8@lxMd{ zdAr&BNU)AHW0JvGmDi?>vPkN!ZD}1$Wws0=Tz%6yz;V~QPm-Phx4N`QkG~tS z9Anf_V?c`8EjWzWb@U7=n9wcGWimpu zupp{mueV54MA&ebqNKU|!~C>miCbtnlOYr?$#oBYQPT_`@5M##5ME?3alRj9CHsr9 zNX?!JN8ot`T+IB-^X<%2F68u)0)K85b2QSwE}utRMt>Y}W~!a~!i6 zd;f|;Vq=_h+#4=1OpnNzao3+_2~+EwmjicuM{D4P*s`jR{mX44CURBzaTfbLC1p-c z1FXs>$2~%zOv=uLDLHeOg?d54HRYN5tH4yN1on=uTTzG@j#{|RvS_29PI3YFd~FT+ ze3ub7pQ`Ia?6UmJu%dDNcWrYSin62E73ox)g;ND&J7(#(jP;B3nX|fX4ed#9Sw~}* zK-Gr7J}DfoLEc@u}Y-6M;JDsun@0kL5IsLid%9`>8|V7$GdYzZ9iZ z(|n?jm~`sXx4B_wnJZN>lXynm=j0hH97MZ2-uH*K^1xvXnn|ic|2@4c((3B73!-c9 zzT2-l=oNggyzv84{%iT>k*+)Sh124do&4L*lW;-?fmdnVM|I2xa2x901@T*<@xzS# zTZ{|&=oIUaQo&bi*Uop7-%kJARB? z{Ke@*lE#H9F=6bJTmI^}YlF7HULn8-9l1RozV=}!n_Bf+33j*lT`8Wc_hjr_AxpXCTR&s%eVz`t62_?EydiDI4`~Y33+%CD?XO?#uf-3k`mTirt=R~i zi!q`y1zx-=#ty3r)C=u@p2B^x_lX_T${)MYYbDleFFD`w`EK#84P9_OJEP!vhJk^2 za6`pLHk}jF0yLxHAd%e?A_bn)`cd6RM}34aY&p^P#c`Nr_dU{L!jl~pLIryB3#S1$ zY&TWS5kl44rABthbWC#Rmfddt4LTFXIqU1cu(}z@w-HH?m6zWbSyz^+o)1G&9b7tt zmAm{%Hkcc)>D2GEt)um9C-MpX^3O>JE(Bt#H|P(?5&OTRhW}Fsp6Nd!BC_^2`j$pk z|6)1*cj(Yc0YMIlCwUo95^wNgQ~tLktyx+qgWTx>lvpTzr)L`#WkoMdy$Ae<3UmCv z7)27uGBVdw#3 zG8slO5b>tcqHTx~XyaCJ7B(47us|W+g83~>ZE?8*9*DQ)w=FuqHyU^^G8%D>ZVK`k zhGc1(qS^I)l8{=fWm!@o{u|~z+2Vq`@@`u0H8!&%U_MB7nQ@YX0wr^+`L6U;1i0Fq zA3lN~nWm7MWDtVr;g{IKPU7~ZH6%eO1CAe>BpjGJh=rk5f$0_1JD~7sB9rgvX30*_jtVOQG`3Bt?U{d~+VPBr=8+=i818`*?;}%ma zi$ho2x&3OAYZTj?GidSYSDzuAlXpr`h4(>%&caTh9E#VJSzFtDMY5tpw4RvIE_C2x z*u=uX+SbEOnK87L%{DuK)*qq6Vkh+oQW|$2xE_w*s$n`zJaR-k+=h)LB=mmrZR;#S z_8?ew@aG-tt{vMFJ;Lxb+a3}G#VJ$V_%{_U*L$0T`%6s7P7;WdA&-l0d_bSm=(0!^ z33_XV*zVSxUro&}79NbxaXk|?Wb3>PJ8IxelKHW$<7MCquJ>9mSFOE-IPiG3&?}RT{P4FR@)9ZkK6U{H?1+ALRw9M$kXUT)Fax^Te(|)v zc2KUI15Nh|h=fQWyv8{U!(A0__oj3RhB$Rt0@0@@KlYhuL7X5nEKwfp|G_7BWfC1x zt&Z`EDE&|x2_VuAAZ~bs0DpoogN2(jTQT@ZIWL(IP>u2>?V{PY2cA$Vgm&9pGU%>h~mn6F-Dra>olX6f#M z_)P4LnEl8>-rJ>RQsLbQ)~Asr1MmVRh+3ipGns#2-O*97ln(L;BH|8&y`q;jX&``! zwU&tfsMDO`%>Vxc;tXv7j1)l*-~l4#WIO*{t@Z(ZLIMfLyMBRKol zS>KMNR!t4qChF}>q$r6qb;PrQ!0VrEu!J|wC}L9oM#Lu%7%aM`Q@)1)1LXswQ|MJh=o6;^_i8-}`vESNx19!qc* zR=tz4lg)n)@%F6#VcG=>z`~b^|9sD{cZ~7&7d(AiqmCXvl07l zHNDQFEXRV9;0*I9dKev%+Vt=({dYgt5lX)KAP9wJ~lQ%eZ7cJic%02Vo!utih+1G z#o#<)alyNYB&rnny5a~jy9DfqcDMHK0Yg6>o^fnBR1%kovXcADd5>wkF!X6b4{BDMX5KW8fz?=vj>Zr~?B8M#k!)@*dyzl;B z!TbN%hRPdR>Ny%YDBAoxUVbKAHkd+4-0?55Ez)~zuv^nSq8TiRX(;0HAQU-yWoCj{ zRB(I!D_LvtYwgA^nxsA<(|mblKnT2laRb>HS=JY74{nUECo&zTxjl}qzCNdMeE?d5 zJ=i7nIKmZi%nX4bM9xy6BS z!>CD4?;+f&O&rok1N+LOF&Cbdxl4?{-6F0=7n(B>U=IgffVNduM8Wp=$5)}Kf>}w3 zJXc0aRt|G99wuw8=ndD>9?1>F{dr3@e^ynZ>Q2zmGn;v+N#s(-u7GPLA%WUUI&I@& zbj@s2Uvj<{U%h^2eP2(PKAfzqT(>`;QuB(vYLWrkVmkp|a&%lAC|X*2_Qz}ZE$(Y^ z@ueuFJi0Hfu_QSYL&2WR>$s*=Y%ii~fKbC9%`rw!#DQD_vrV1v7k>?lBY$0RHo%O6 z3L~torrV^S=3Cbpa^9&TwfVSiAal_+)Im+%?J;pU9}H0RBGi!2RCkUe(Zz@Pa2Zgc>nj2 z;xWe1#}NeeJ71zmb|-vx3fpd@{bJ-(bFM##avG0>A+PjR$iJB($R+@(tygmCEJo-qg{ckZ6 z3~lv}r!Gj+h<*_=-rhxQnMlbsv0$lpkqm{A$7B&rJ_BiWCaTyuK~UDrbRpU3);E@l zqSlHd(*^-ho@<8EQK$`E6r%M{qdg(El)VyfPt!+}ea{Gv$VVncDAw2z? zXq+pb-~__A{|w5j+t6j!pLC}8|4L{7vwr0JPw7ngCx88{KPlSlSvwfp*jpLd6a90@ z#z05MM926quqabWO9oQ}iMzf@%?H@uw?Gymx3H2v!3o@K?IsqZUYb85vSxqb>^DX= zsH*<8di%Mqx13J;T}+u0COMbjnM_z-lM5=UX2^!D+TBEE>vNXFbY|-3{{|O+Zsm>oBtlaqriZwiYLhhvaX98vl^JsYbLKI$9&Leqc&Uco z3w+EhYG4Fje-D7qP$EZh3;*LEQy78mI_r}u3V&L91sGp^EFmDdpb-EY6~?075SCV{ z1DF>DYj#aD)-!P>R`W68xAw-Vueb>BpcS_#$;|bp2!No#tc&c-xr>@n`$_uBe7Zff zIC`u>uqwugXMU2bAU03a6&O|~KHJc12UJt4$%i8xVJLv+yIHcK8+?HeG5Ssg)pc3M z!c0pJ1qw?QG!zFF+5p4XkliZ};488>2dm4wlb9u#(eRiuLcvRX<+5^h;z~RBnhqt#Tbt(}0e%tG^RiyC>$Uw{@y9GK8 zmQ01}6n<^)X-*OTukMb7BpBh6l56x0Gc_h!%>|p+&$Ra`9O}xrqOSk!X! zIb`KfmGi#KzoobCsTyq-E-0Tta?&Y3`=H5`Z-nja%!o?kUKToiWumdYJm>4jA zkD}giKWi#H;1SHMl{`Js5=rJBlN%r!{*Qxr5QgibrA;E0oI8(=K)rRRbz`4-ti>BeBv|cMqsG zr3Km6h#0-89&fo1!t1`J$UPS|Ogg1}ghdDE!3YkOyi$s*G10o1T#au{p61>Gdo%0) z5tBZ-|GQr`Cm;G3myjrto{0OD!X2$V%bF$#+cSmJ_ zg4T8)4R>HTntr!zqD`?Yvc@sE#Pggyb|{V2IL95w+Jj+);DPlYdE8A9JZj+Q$cX*_ z@yKBNzek3Z0;Up@_Z5lWy)qzxdTzqsyd&V%kdj7ObFlEHpa6XOwAY=GGLT{=W+z=})!lCua3BnnLVBJ}B+h9bU#H~y2#_%2` z^(R`Fmo7Nv=W>mCwQsHK#L`c|wU1=k*smwi_th}Pe8w}TakHdrI!K5o1u6_HOit;O{8&pbsKhGY)iIRIxb@gUO3Ej^beJXEPv{qlvj$xRcO{YVPV^N+2kvXe7=_$E( zl5fDIVAv?P7PdRv%wA)iC?0-IqH*-@kTrosw zg~+kjOyo00={1&zHVFWo;3(`&SRiI|!ehQ8q_-aEGL%wqbEM4|=69AcdsNG|SUOWl zS)S1ZYp4*bI*!T<%B@T#7hR65=*m`=5(+%z>Vb`)cjib7z6A_oX>ss&b_=8oth)wR z{17)fB%a>AoZ~JWvorD2w_wv`+E|m8cyE?a;hl99)80=-uIVnx47~&i^XX%}LADj9 znI*pUFz_S$Xa{fcS7#YXspNja^)c{}z_RiM&&ATl*(txD4Mu}~MzwsaY?Qq2)!xaV zar2RRy>a^mKA0V`TYdl80+1x+qX(y;wu^F$U&7xM{*xvw*yc}8?(1fTl0Bmh)s>tQ zx4Rv4dzuaOnyLb>B|=ayu2bqWB6>5+CT$2oI~R~?SKG``3^|?c-UAOc|3xR%)rORmh9X+4~+H-T)W1&!O^R6 zdx|*GLQ&82v(6wPmv`4%EC_SHl@fgB)^a&&fSB9;Pih^dm|GyU*|7QxN z;r3&n^2xnT)nRzIg3y#hkk0)63m^a}7S10K9{}NZ%We$UKfF^+NbnUa-?f{YXiQPp z&FxS%gZKok8XK;hwp}j2%9Y#Ileb&1JBjK^Xm|HFHdinnlY}9t|G50`I?IhiFJYewYN!JGK)9C+G2bqq5B<8M-U>`E>7=S z*10@2yY=d4u@Im%b{^dXAc0ST1EnxD0bRQ1SpfN$`{>ny-v@5D*@>D^G?vLP6sAjl@{R0J)8jz#fX* zJbe6YW%2C7Pz5Plk}E1gFV5DcQ%`?{(d>lgS0N=_GCIFBI!`Z%jT&7htO6XTXG2p66A{C^xpBzp1C0OgivrA55>fr2|!Ii-r^$ugWJ^ z?WbR;a7K@`uoGs~g~99#bnj*KK*5r5^5t5w&awD2;@~ zj!S`-U4Ww&%431IO&n3Gh_7AZ=Nz@CQ*u@)G7Q252~&5m@S@J~p{--uSUU@b)@9sZ z*EnPLDZ!ED3~jkkBPLRgkmKW1_;*KNTv^SgG-AEN05Zi?y?%Sy2&iSlh6=3$OQ7tO z=4EGjCU;*E2(3pTIWWVoGXqEj>Mt)lmQpiRfTLrc1YH!t=uSdOgFdZvuZeXI;hGF;7= zH77kF>=|94wvNdl^EjZPUoCN@k{>C9nZ4o`x2Mkaf^A-90Q(00o#LtVoZ0tIntvf% z+tgCA0{bAE00eSG@>*guKJ+#7cI6x2ypzKhWl7*ADNaDU<+p>!oiu$Z$@S@^2VP+^ zF{3x^&z>DUae3hmW>_gdePfu9YX$5j`;&K)gPpf$Y3ll)=@WtSb|SJMMA zfr3e`@+Y)SEourY7tSGrxEiW2K145_y(j3!I8qL{Ck;1B_KRQCY&0JdVKEc-TS73! z_E<|>T2{?O2O?E)wsZGUHpG{KsFzi9_ZBv9|5lK-X$@ny#CN8s(|J;9w9z0EsxwKSQxTAow)w;Kqr05 zTRLeD@-zt7@H9B?5B2#wZVGbvWP=A3wc%W7+iBM;Wo28)k)ZsufdS{+Jmh46G zBT#CDd|S=7!d(#Nh^wtox#Ng@Z&Px#H|a~rCG^htg0j-HPSLTwi@^I*z~J!By=c`* zt9sC2|Fo>>Rr2D)Wb44J`3wU{~ zB>cAat>`v%C&ur~BQ^b|R{er!{uZ_|?<}KeY5T$~e>FyZ=DToz`vq2|p^GPXYFIyPQnBtm7r{ZZBCnpDp(UnkVde*P`$_p9@jWowrbYYq(7PX4-Ic z!6+qcR-i(OH}G6DE^wWB6orZ{X2(G+Doq%-M7R(ms*!&*na$ z!&|3jaUDNppX=}~NU6;b3W6D(b7pHD%Mb|j6Q%SvC4UsCcY;r&fG@RVoR7lueu7(V zn~~Wi35%a9sw*2fBC5$s5|mx>(fd9`yy%2M$!X86cOVt{3}R5_k>rlL@NhTEh%!34 zQkGoyK+^Y)4H&{GEbUJvntV~XhVg^9R^+UjEX&Oi)7huEP_3+7M*cubrQsKm#1RC8 zRi*FUgz6qN zkN~rlaQiMKI7DSxU1P`U=AMnq@~ejXnb$P+`{Ec@>Atbx8M#y3aD`%>c=Don8kS8> zZhgML(7dS}9HtYybXo)eUH5l97@H>N@Vs zLU1_|&Q2vY)iqB2m-Wq?`i7jr$sOV$k(Bh3QD+7LTT6Gc2j#F`m$MAs%9)u3Bj8!M zB?9JbwQM`|T!mOTO^~JG;l;C6Tj;9FywKdRyC?NgW}KfOq*NA*O?WEu>~-3?NK?bv zUgD(Rt(W*9^K5Y8OxdxrQ#vUcQ*86;91Rbjvk9y?pHp0m7+MDZn|8E#a7LNfUyEiS z1+i^Rs#;$5m2PYDvdlKe(WR40DQuIADhD=F#uLq~Q2I&SMQV;_(9 z?c=SB(=A>7rg|$!2TZ4Er^^MRs0eW6#BGx?wX}@NarQIN?pV7r2+ge>d5`0)NG^7n z)2{>qcnR}Ef`KJc8 z2VeM`Qg?cT8n2Q+j1_H%FQn@~h4E%5w=Z>Qe|F!V3Hp{mUzTys2)6vdQ?~t)N<~R@ zl0)#*WZaZ|c-^PnRgSkav7?sAH7jHA(q8k^Z-}h0bHCs5;?0G1W-uy(6DiGA-F(l5 zWy&zbk{?t1uDW?oQG$}tD~{dyx)O~Js8n1v)i8k5e{rGnJf3qewpMV_xhLf=j78{j zNv{!cp>GhasA%|JV`991UySctvGFI-nd2FXfkT_)9xVvJ0<5Af_cl@9x|sFeeLWHT zSDEagN}hEiq7;BaSwjtxG>%`IIFvU>Lh8AX3>$HDvM*%Xk7XSR#4N2&aqs@RBvA^n z0t;Ey?ks)?cjKGw6PMCHvaYGdG_!<$X;$~wV&0q-4n9Sf(k5IxaCq!MT3=kL^X(Zu+&Bp9D}F5<1<=`m)j znGM`fjt=`q55-Jq(SSr4R9ZR)DG09m~-BbF)&0e8ODz&pTI*ZUX z4a`-SAFAtGIA#PaYG2?D7z=$f38q&$O!2cc{Iw%2XB~sfe<0E!E&wxh+Z9B$^-6!8 za1XspUvJ7f=TfS2K>BgMSKfor}v{p56v?Q8=LC9OWBPQLI2kI2GkXE0r z+{Zv4vm+a1-c8dH76yXRzyUTtv0q9+t+kMo4u2Wj$>0da^vqt!P7LjEP;cURF&3VR zYHKyTIKme51c`=xS!%^cuEovS0lwhsR8-q(c>^JL}k zNA03obLhxu<4ZZ&!duvs!lq7e6Es^T?GJAWy}vGm(Cea{a50Q_-*|r}4*s6EH%CW9 z8Maf_HuqVwGvC_b@#x*Mpa;s}P+dK;5^k|{Xp(R>1WU; zk9y#Z3B8HjyUEp=T>LyZRs;X~(e5v3gFmN{dfcoBWj!p21KW$8GStJ1_6Dj9`E(|&-n1ZOT>d(CXrodVMmT_+>ZzA^ngXWGfvhm~&4@pti7 zVq$(LpSHV4kRvzjTT1DavfWC?)lw$Irs(>UJ1ZpMR=459^GQPCYdGPf8$ICz>s>JV zLni(1J1VVvhV(l;^p3SQ1yDvI$^`6MZR{Hh@zf0~0@apGo9HlE_HVLWmy*!H+O0D5hg$|?Uf$Ik z+qoOCvRB}p_S51C?TYWni9Adf{DeYf?K zwo?04)~n+)4NPbNuMm*TXc5xTtf?Ec^{u=X4mvo4pWW~u(Hm}0$l#E9;1cR)s&fWl z-7_LDgQ|T-7a({vrg8lQObGi%NbP~MDKxEQaa6_MqtpPlEB3tfQam2D)YZ9g`%>z0FGL^m69mPX-kf9C30QSSTo(cH}EwKMu-0 zas8?!u)}oZx{&fCe<}Nb$m#7O>rL9!aG2gRzy({PosmGEILb=IlgvKz6_-?kjauri z@|>tsAKe;wvX>}LJL8s6XU6)_&c}+3w01)pvkW+%@YmlUn+z-@&y8sb2@^etX{q*I zM^uy!;7Z5i{Us`##g#(hHW^Bz4h2aNPnfz`xR(m+R|NTz5Kb5XwWMPjCuWcXl!L|O zqetuFsiP{5sm6un1Ou_g=rV#g#pLk$VT#!zf;YwGBm*_a z=yLMCg9_c$viSwt0X2_QTlrnv1`xDN5UCmr$&`xO8mk)L%2t6%PsOtrJe#RTtwdSc z8*%nBRWh;D5DlMtI;`QSB?OTrAx~h6vZ`4Vj@!f^ni;xrsAcgbndp~g1opd9CDqd_ zO!aEAqbAz(L?uFctWFuVSFuqv8IfEwAy(Sw>3dX+uIr~4kKIU04aJn1b20E1PlR1~ zr(a-_k1nYiCJ)3YRVq-_5#Jgf*PZ)n3e{~Bu3pDqz=}SZ$8`o7RuiwDi$1Bxbw&v` z$Dcq0eG`HT;yQ>bdJ}dRx-~ZG^qMJBdMV2ZMwKQa55Chk94x1hh1n z2o`YqtVoBpmd#W!Uh3_Y9ObPEQB~fg4%5(#o~6t-Z`6ZMC1|Mi+VqRIVuRLdWQ-9P zg%Bi+(kS0}&qbabCwdRE}e5zY*BuUu({}nCJ-7Y?9k~aT;U*{Dp_|1;1m196?OD7MmcL z#hk4t&zv-M-`q+tCh!_KnZ-ItoK#-0^*8DzuV?8s-`2h8QM4ePP{gak9ywoyy}v`a z3d#Q)p+GS{o^g*1=$2@7%bYMaF86EfAaYBK-sOo0y=5$>MtYsk}fH2;2-5aXPngMLD_=9y1_-EG4< zWaX5mJu-6oX?Hnmgh+{3tmj0zOblVRFm-WT2le%@qt$jUM8=A@tj^{43vSN#d3^RJ zqHDxHnhgVin^m|VME)p0TPcjC0fQIZ>aHD69U(n5X-?b}=b-s1PSoaU$amM@7oIalw9H@dT&;1+kx@!vt#g;mtP!tUu_oL2+yM zEmZdL-r#XU$*ukrY?(RaxvVX-nOY{p!)cms6D$vEd_eXMDiCcfwHyjfe3{oE#6W&X z5o3l^B z=*C5u?#i+w_WNL%vnnO7($je2p7&*pp0jA@8T$d(Fr64;J5F=QU+iA&phXK2XTf35 z^Hr!)etMlMl?MIY5>*PtvG&5X*(v8n*HwBy;-E^4!8HEnc5DSEWIbliCOtQC|8}MU z#m+VjcXmVVv304wV&;B?LhE+?3=Er;zU;B3R<|DP{%P7jqnz}bAVTliUh`H&*nFsj z?s-?JmO4oc6$K)V!cS@UHd@x-TJ~o;hfwhCq*%i@!)fzXmMhy*i~Dcs+*_?F6zYvX zV&>Xt-VD5Z+PBCzXbjwtco7<+dn9N=aQ5kYo4KB`F&+Z1KwkLY`0#NAhVcaXY)P+B zPxNH1GA2xLI>7-@NvE`1w0#iD>=+pKq)9e?rH9-d00H`ya^$GiwuJBRxkadn2NM-;p(--GnuyIktU3xa4-%we?IrQ)yEXazGm9^V~G zISemY#rKp^rgy;0TGGBLK3I(GLBw*vq`0JM3|J30q<6Fp(WP?6a+{=g>2T@M0Y2>KQ3))20_(>2<#hAlV#z36&^=VLfkg11xcK!Aa_%nLxsVd<9CY z$t!ysqPORB&S)AQ)z8hYzvtLCh0mmsb9z$v?a#1Id&T&N0bX2c#8Fw3HY_BLI~YD} zI-W&Po@*3EKHKgTE>)(0K4K0dz6&61TL1rH@2!IC+Lm-p+hS&BW@ct)W@cta3znFf zS+dY#W@ct)w9v8`uDs8=Rj0bE_Ss!s9bGq~)_R!_E7rq|kz?e@|I0tABmMkgEo4lW zk3W0D_6U0ql|FFQTXq%LqwUSg0m+r~lj950Qb~l^fbm}yMvD#jU_};p=2vi zl)%+@hb!G68jl>u6Ar&iD$0t2??jw!m*YWnM1(8K>@`|}5WPgs9>074@>^B@B<Os9P){vKo;4OUkE{qp+3#E zyoJjInKrF-c}&cJjiThuIx_6H_qHH@^L*HFy>(GU1tg1cnEL6r3JlH~({C*pt_gQw zzhAa?)2FSAk5@VIr&fNf|B09Vw?nd0)y4_)L${~hA&HeS1kWS6E?OWZA)YX_EKA0e zl1P}HEd(TUVq{&{t{1L-)mhh>UEJCSa~U^(-F{fXTR3SMOWv+UcNm4fKd}ET+Fx)S z-Q1V+y#Zf=bjsof)u8u65{5ETr!B^fu4#J_DxW{*d6GBJ)dXo)tVIv7n6Fv6 zY^)fgkI^peqKk0@f&w7Op*`@1nY0d~03_C0Y|-;W3x;-cff zu*9c{0TvJ*RYWm4l&Dxktu~r;yQu<<01Xg|aR%!s%g5PLW4&dYx$2_x8pERAY8?+O zbC8ok4v-^~uI68&*nQl69dR(g!{IiN>D8oHw3`t-J|KA8Uxa4Ce9DD6AEv-YG&jPiQ<}L9aJHqofiI9zd|!ho*|#a|X1ys-6W+8G|LQ z4QSUE?sU)LsN&P>J*K4c1nj{|BdyfFxBq5(q0mz276Wz%iDhf05(mnM2-_@#6L)O= zFk)_6Zi1OORf{%@;j+}OwV}5)d|w)O9;Rb3*D%tXh5Q^Jjf|ENcNr)-wz>8n1vfY(k6P)g;6$ z-y9u*x3m$W0VbNcwqRy#3AjrZv7{Q7+BL+4f#n+(u49y|5p#)ZLRyMC_zs=1BUL$_ z14E?JdeE3JOr5+=JCqI%oLp7aj?$7SWX_IL%DD?NH&#Y{%G1pH7l!+Ss)QUhoq6Yb zWjK~_ELtZ~KWkPV>V*v@Vy7;`J0m#CQ^@bXIIynu(L13@8BfR@vz#G?Lf3CYk%7Xb zpTev`5nE8cwI8d|f>5Rebg18Y)yQyi3AHcZv^UF?fQA|S-5_|tiyMQvfreIO;-8V- zz?^t<1&OCQ>R@(8cnPRm@GZIp4TNyA92ux^SLBDFOjW)_FMMK;8m*ZDL%Zx5fVk*{ zYKrLaM=yG1;DioUNF^kb^9lC3)J{4Kx!@Fj?=-y{u3Uhx98_paBUoX_72Es%2Of~E zMIK4{k^Brn{bK@T=lgH%s!0CXZshtm*pTjT9#|j0{`7I2{PFpZv#Ni}>HqIP6>xTT zv@mpWHZfNC4L1HAPf|LUMG`>fnUm8jPb?!R^bNF$lP&mYBoxhum!T9UP}%!_;%W`H zwlQ%*-K%9mNHEh6c9j?DR^n2=@ad@_D~;Ypc`m4RZT)nMOan98sJQA_d^3 zaT%eV>IdtVxvi8GQ(SK2sT5SUt;wIOvn|ofg%49MhJ%s1Ub4!;R&yert=cT5(CTEYW#}WVsF}FgrV4v{$ z5YNH}HUeHI*lVzxl#E(1ukw=LE}Bk}lG8fOcM=}$q7T(T@47oF#*_x|z=%U%j>ap(}4Iw{QF- z<}f!&#&Tlc;Sma@uQutnje$D_qh6?qO@kB<9)0%34%8s(Owmc7HGly2OLjRsm{oHd z<{ylZpzd2yY^NOCF`JdE(_l^P1?d3_akw#mT1EQ30~8c5<+fe7H?r@?-2n`I^u|Wu zcNXRMr&$#HM^yZ&LC*hu)vG8<{Qds>adSWtfcI_uUXMzlBJZt+yhgYY?p?bqt{hY- zShy_yQg5^5TGL^5aR>jFM2d(g^YZ!Q;;`O`t0+#1x4Mz$bC{N9=6bnwdCB*gyU!4j zAZRbN5MCsbpo8iT_!7K)fbFcUHV?yaY*evz9Def9(jk&T8Z)*;CFDCq)2rxhd?-<7 zH%Q?wy4(&SDLSf6$$*F)^J+ZX9pB9qE!spek&YU|^QK`AqQ-G(n&g^bF6;HL*~!qqb|3V5Mr9!3Pvme>$4(sM0~CMm@GD zNVP^d%K`a7j7{_4+thb9YUzlO`SX55c7lvF{!yWuvSA5j4U7j5r$#tsGz{Xb+d1J| zSu#oeQEZ)eZH$T01(qh?C`lf%Uz@<%?1}BDa3_6PBFY&){3P9B@J3>%?`S-hZWC>m zjR5C^cw7m4h-S6u$$fngM-wB-*{*xQ;@4FEqn)@P1i0a##uFJkCh*j* zue|s$arnUzTpX_Kd%EEwbe}UGi~g0H4~{u!YC+wOV0>Tjk4yz|y^@gIv2>kDa#pD} z?j1(NpYA~*@!|6{{%z#D*I@K$X@A_QZ!3yT^FQJs^H1Y||F6b@h^?``orSIQzjST= zYwt;s>Y5^!7(7p4tTAy~1UNi?Csu~kIHEMYXplN9d_rghiM02~Kp-=qp-9KXO=Oz~ zFSh*%Xt$}5GO;|qto`r~<}pdx(-cjDx?GSQZgx`EEr)kwj;F)#^?A(h6K{7Nx+Z*h zKFe2nLg*~I2im3Z_2tFIM%~c%KKQgbn2j_uaF`ftQ3rs*Y<(k(?%^X&-obsgmEIaA z9Wu4S8t2NntgN)O%=-Lnw9$zciWoAkX^K%O;XHsHQ6W<%7Y7HrPNs(%Gq|=COIDQ| zEt&qt(5Q-dh3Uk*IBX#YI1>8#N#2jY0TQFd{UqrB74YBXtUAcgJy_SUYlh& zRgV#ow$yGCZPU=T-qnSlf{^K;;|tbhw^gL{K~~BH>&qpWWn=Q9O*oQw^asU_X^qsK zbR-PgVxf6_S|2GMF{_K#7G-$7K`N}9^IYye4AQdH2bI4@h0;K?L2lkoxrCb(9wDND z2uLtAXHmwUxiv7UAA!mElD`p#Gej|EnJzPv)XXDm-Z(P0$7l+v3|gY#+~7~KlKfDX zuays0x8=#Z@!-}bkP9VZQO$=UZS3KhnneyFG7H&yb@}@M7Ud0( zhK|_jjL4?ar-dt)`yXeShu^WHg#)IQO zcS)O^A1`bgIk`AZEUH>|A+23+FxF6If2o&*h;0@gKnzp~wXnR9;uB>+@95}O$eVWv zQ&tmSFiTY{j3G5{eB#<5J{O&4^k+x-u5vzpGIx@k(8_=6Z=1teKpR~+FPj+cEH_v2 za*trJ!dqb)_LxUp6I#LTQBD#Td#P*0p5f&FM$(X_cD@u%!E$^{+*9=^CbfiM#i6~f z`IG~LJC=q*MVIV6Vvk=vFj!>3q$a>C$H7EHH%GRmCb=~SOGiUzii!@9t-ZPR!i;=t zWK6nESAj>3s$uu(`h-wFY6nRlIjaT7GX&q;#%im-4giFaxyLA*i+fRKNfwEeNw-o~ zI`-nGY;q^g_H)x_aVE|_6lC2?tOi&Vp^#N--Dbp9Y3(lwtL!u?hQ``2DnXYwA$L^5 z+lfx~%q-~_bP+y1u&lzu7nqRIB!C^iNqilj@#ESzPbYY7d1I!dOHbmVX0?+96Y`kn$^+=0Ew@psb>m)v?4s>Z0m zS=4(9dP04XyT;&k%XouoqU!Pvua=qn^vXK9(rj#W{KrPfi2hiZ@sV3UK>uTI{eLYk z{^f+=-}8V`({e*nL4K2^Acmo!+0i7Ygk+|ehM>6z2p)?-S>#DjD9^Be&@~hZ5}9d< zi&)`o`vYz%e%)*{4L>w%lj%Ai_wlaa9*DFrn3(oCfrR3CZ^zvxAMcu`HoflBULG&) zx`3MfLkQ{(ls=ssSP!BCE=)W`l9e^6#FtQ$JtmEpwLunm@xqb5M$joI~Pq2jfZ zousr!D`_R&U?e7wTx`)HuT??!t`n{aEVRc`q{2;$9|@OQlK1MYOmGGHhiy#IZ%v3T z(pzig89d%ZJsE>y@$HP*cOo(m%d9C$Ce#&237jD>TmeCHReQf&I+PDvOYQsay0lVP zM(k%((x8{r60viVBPOriz@Kmd1Ub5i3l01EBQ6;oTGjWDDBnTsMA_j5V{-BIk9CqS zhg&J6%0*N(Nj%POnnxqFnYgYfb)mNP(ZBD(ba~W9muNNEy%hi0508SB}B_jFKK-bDa7-%?;HH8A3+nDn`y2A!|jTgzrrV~R>+ zmveE6h{ZyAJC5H;Q{%$yrFNJn!4|bEYhi;6Ax7Y=Jgp!ZK!>kPS~HSaRyH~^Mk;;y z%DW2Ep?u8n?PaGrY%;0*v53WmH(1@lOrWM*=X)ZEPGo4|)u@VeXZa}w-ILo0rQZbb z5O0w@B^58AK|MP7>6}T@(Sv_K8IdxcTmjW848}0BUNauOS427#xMO4*tun#^Kq*57 z-89*M7?4_+t5Sf|uM)8E0Lm~hO*&{bZ}|iLqu*$nHXl_OK(O6U5sC$z`O&D7K%g7} zf*>m8F*%*2$jqxlK|9SwME8vuNg~OymXqu(ynE8Pt)&qCmar(ht39MN)QOYqT}KPM zPn`L1s)8zK{IYt2jhPQH=R3iAHLTswsBr*Aw9{WGSA?jfAU1 z6phMQ>D_^{Mxp{_=9P+Le zZDh=?Wo9~ZfW$p3>}-fK*6YPdH}AEBl-zUwQZ5UwljsNrSk`qSQ?|>Xff;tqAb9G- zj_|u30%m^POmmAL&JP5hdV}n@5NZX8^UysTPsp{5D_GmP;g5Ql6EyU!Yz?Y+WcLdv zr*GNnvf)Hd`5svL3-zYmK}aZ`?O{yojR|%A4OiIK!g!A3!BMQ;fg2Lv?0DD7=#jeh z!6p7%m1*aXQ9Aw7q^^tyuZ%}G?MKLDtw)~zt*!Cz%{Q0)1EdjrlF!0bZMX$)Z)WX? z5Y+`|?DN)#ohGJD9SaOZ+2PaX9meOhdq9|N5NAQqKq&^8=tSB*;ceP_#QT)@StaWm zW$R_->%==O-p8~{cqh(D&pk>P1!e0)RgP*9e!DKMd$=Xf4t*sVgfFEj+Ur6WOE6

7$^dT3gBX~UQRtni_I+8e;nxO(mXGI-{Yj7E*A9agtf0$1D7O~j!U>fNJh>LS za!0+E(T&2T*E7o;y%JU0w+o)Zfk$yh#@6U-y{quR&06`Kz$*1`TLKhNIBwJR!Mm`n zws{0#MKsQ<0(GdIN4XqOB)A$IV%V49Iu^NSHds1V9nK8D_TY8YLl^|8>W&NEaEsUn zkNLOML%j8I6tR!Aw*NRCP9KTIn?F+I-(u;1TqF_vt7-DTq{kn2BK9VZ&K4hS+8*|Q zFP0Q3>3m!qk$L)(7n5%c6sW@S$ng`0nNJh&B?@B6Bhc~tV?KO{$${GHGSVn!{ffc> z!bo~DFA9TgRw#i4sSnjmZkHWL>s&{Z-p_9*Q2t`6RC#c^pIaE8;>^%jkiY^$1e+c` zo#a5H3A(=3J4!)sj{k5)IFhH%RUZ5_3LQ~n;S?9DuXeL-AJWyJU9TysSsuExt=sXI z>ziXYjAKygwy0ksFr7b&=@+&VCD z$?k^{46~sFYeL*WL`sJof@?8^?ijO&+CcwJka7dzBm3q9%WK9i%V z{M%~$J72m2&|{->lycMP_z#H#bWpY|@Vh19*>cWTwOIe zj6`KlD@pKLZxkHz}^TvH$kV%Ts$b!E%ei@l)v^9{4j1_7jLFm@ZIN| zm|3?S7TWlPBDsh~DdgRHrqyRFG5t#>>7+&P!-^fo%7YvT^uDBuUX@5CRme^Ml!3Aa zICAd+`Ew>vJsg7vBFNGsoZ$9ITksPYAHWyY(!2&f^Kzb5D-GK6+ow+1t*G(Vw5)Ab z4J6=Zl99}QFrYS6#cJH~^|lodYidBT6HowEJ)1^nSH@X^QYWNu;q zZ^|9n=TtN(t2d;C!s(%Hwcs_U^|gAW!7b)fi$=h(}y=SXhsYqKqsxPICU9iCS_qyg5{f` z12t(#pM((_JO-m`S+}H>lWHFcs-P4VS_FqK&+qvqL*U$E32D16am|cDs@W7zY#1Aa z@TCW6k(uMG@wKuGMyccmAZkD#oAgT7Q!BcI2nIumbuSjTF!XF zF{PmGb-4BL0_m1AvI_fWaBBRYOmiT0Eh-wN3Wtv;&#HBX7QOfpul^>~(h(Y-@Ho}V z`ju&pw~h5O_;WGm3*aNyic26wCM{L;2B+p|lgajb0c~z*wf@&BPvHvDtG|G=OId6i zWK|!cSIQiHVhnI9MN1L;AWv!=+~9!n35*PW4oFQw6=QyLQgA5NXHL3EjsfoziY#jV zd;<9u0eV)a*Me=+Ly6Jw)^MVb7GGl|KGnL(X%y+b-pfgL+u~^D01J(#yqNZyW~Iz2 zU&nf}_g&761OhAf^dj{R#}e!^KTvCpE_@1N{NAYLVR>Z;e^)1-zltEJQMAzoM-JqaXwWprS(U)E7nB>wxPX0>nXJFDui!%;gm5&$(}d~d z4x1%aOT@^HJyvCEV2Fo$cTzWwcuNg=RWe=bBkc8eUH@30hr%fA+hL1gcR_F0e0kGr z^xdozJ%SQ*F?2V1Ti`KA$e<3jqBOrw5Eu5d>>CU99*^8@?pr;us@6XJ9xkUzTWS`q9ij{Ch$iK zAK{-i{c`;EK(n{@5HS6)z4_MzBI|FJ#g9;{M3Gbg-a;8@6mJUftyxyr11ClyWQn57 zXC=PKUaBBOBWYsz6N_Jh;;Hgm_t zjuz}0ffA{N)s}6fCa_GNnV8RQw}E0BO=pf%NW;A9rK*=|YA3L66@i0QyBFm^AxNpU zDlu&^McOmhDEIay9`UeB3jxe?9OT{5U-$hrcts}wsk}-&Pr|7giVg{FEMImi zt@R?|M6easqbT(zi?@dgT&9(yZ(M5C6B(z}9%pu5Xr23GOC%3|)><~o0fE8iB+$T< zq7>J%bwFYO;;jhbFD8*5NxUS?ee=?@THRQp_yP)-w0C=en%;0YqO3_C$!z5!UC&)r z0pJb|f`;_6bOQ>`5WJ!3+7cMSunZ_-wFxw6ssex6F%|p;9DbYoh-cJqj6|w-ZqM#C zFq<>Tv?KD-fO?Xvhy^8Fdp_gE;3JK-0sSRL?EXz>!FudYC-8d&e^A=ia~Uv#A5ptO zF7I6ps?nufC|-WTS;kbx6!bx;VS$pZCYa_($~!UJt<;LtMBRhDnvP&6?TaUF-9O!)o7W@*1*Bv7`zB>51iMcz(eQA%)ZgVo@N7LoUEC+Q_ zj*!pLrg5W0QP6$MR5b+dTI@2Nx_%@y6R{e#I9e$fpioQ=)ByBBAbGVl8(+0=i$FUE zu>;%mqOntkYPf9-qx6?gGPK+V4a7~XdN*w05u$x5k}Lh44mHZ@bUM2#Cw9xp+DJH$ z`;}xEqB5ujzRqHPu#J#Swt3`rD+P7CA6_9W4l>{>B%# zmU7!R8g3G-ogS~py4OOrkx5zk#Obt#1^FBM1zS!*H=orMza}dSFtbKZdD6w7K5Iwq zua$x2wtdjD1Frj;O-d0;fCxNq^Nh}$ahg_w)h&qdrCEz zwoa1E<>H2fFx!c=#IEbP+HdDocrMMC(0~W5S)Q$5i?4uNhj`oc&#h`;ag0ky=&;jTfW^T2 z;&Bw@foQ}-_;WZa>^wBaiCzY5I3lvppelLKY~tfjvIEQ|1uQt+Q`1^$q3D%H19JKU zbi=&QK|3+S9dL{#$7xW+6AF(Y(sQ(UyAG%zni!_?ko3h4%dDm7U3q9j+84O%TksqY5gh&x#!>j7>?L zdnt&071)7l7T<~&bd(^-SObTEX%p^x)OX{kzFp!V1v;TjgEVI-7b!FKoRN=p)vYhgNh_YPzKg#m|3uU>e za+vzROj-WNRsZM8vgCt4H7gTL$eM-23{q6%e$;EsOWl}A-HG^; zN`GgQIyEgy&J{`}j>>(#b?2Ii6~ok(8|uo|+G1^$%VCtUkIw$l#!%iHqInaJzwA6-?|Rn~6oPETp+kB8?;7M3dmFw{ERRGQRrLfQDj(9(E}@**+& z@Dk^czH*ID(SEetAyYzuvtD$MoNxDW34T}jN-DkxyrNVuo8U7rpu$Lpc@+6omnjz= zN4JDU&}v?tZJ3fsnhQUR@5|UbzxNS%m=JMS`f$c=4l~40T%|kB>ryA#+_Hej0uB8)7i%FFJZ)>9B{# z*3Gf|_5@sJ$g@i)1h2KGDNNxLv$S%}k^S7b244#aU7)sU!`)v#kBc1sVF3EjJK9q4 zUnMQG)BUNm{5SWbWd1J_qf+qj)s;S9Zwxhr3z5lL8}(<9%?0BcJ2!|^jMt3WE^OgV zZ`=6zyY9h`BPWOFXE69q*!M1{uh||3uGcqA>NHq|y5UAHHk~H_##3(cy}h2GeQL@T zo(Yf#u5_p;pw4@ySTk}AD+Tc&dQLo&hS(tyQ5iRZ$g8OBIqONpqP9ri`OfUw;dO=z8hQ}27vQ83tgLNWh_gJVah<1Y7 zaif96O{X*+MS~jhJY^5PKQ>7BHFUqYN~PJBve&SMBj9AOkx+T8hsq&yD3}vW+RVh( z@s%1@TWhJO+(EndBVJHs*v_G+vRJ>vEkY~^wqXu|i<0z1S6xzY&;rW#5KNuP3Z!N-%6BE-|DR+SYi9^ha2R~+5ij2J^++LxdZF9U0!4wAIio7dLCS{{Bz_0K?FsRECggI);Ntj^T6 z>n+vNB7AhK=SDj(`R3iBIqB#VF{3LfURaM!Wy7R{ur+B|uAxjWB{h+xy&XxAGxLRQ zVYaM2WZo~N(r&?)4eB1z1VD8Z=<*1u1zP~>=Xs?2 z`5TPTB{_ON2e`YFuq7d=T?Rs3tER`frLP-ci`=)LHn?3Vme~Uo$rQ@0o{Kdeho}rN z{w75O*HoKhFccyQ53?1MWR9g$-$xz>&lML8C1OT?1MabXh}q5Nv~oaSYq;ejQ(`Vq z`Gu{g0^FC^y+Tg{osnkHf_)%8mnEIUZBFAO)@I{kL*k;=J1n6Z?W-49t|%7l=^!-a zlr{N)zH!f=Qlshs78peFbXrgn311A;9*qHHr+>$=NsQ7u&rZ3KEEyr6R;Qvl5VhZY zI~bQ(g)~(3Q%tcH7yCn-j-S<#qkB%obA*v*K+Cc2r?B5tyQEx=z7dI=P+*!abqO7 z4`uq}QG`{Gjo7irF;kS(e^`Vs?&zy<;}w1A??=1g!?h1(S}VHg+V@i&)rV9Kin!8K zfKRCQBJ4|&v4x3<(SXf2h!hV|Q9lO;B)q?Rd0hCEQ~1>78){`JA`j)^xh;nY??>>p ziw7AD8w^jqRk8P^6Hej*f!FoL9q8iMAF?&;FxjoqqSm72A%^Ez+$Ls;?)GwnnNklf z+yEIkmb1CRbhigk3Unko`uiWdY*{&2-or;xcNX@~uF`)|w`QmN_jPMEBsJtW*n9{E za8Nt)MNK;h$`648WF}O<;WLXquvG@^2s|iRg0pGBbVkRL<{EDkU+z=`Z?&pUdHIx1 zxnJ(@@08Alnd!I*V}Vfxx4mf&)7JfY-Bfmm+}p$b($=TUo_m6NeVtF01{Fh~fJqVu z4P<162`IJ0l){RhY6D?a6Qe`}9p+?M{9*gnZwDYX#HMH@1Z}nW>oXt>DRaa+DG*KT zcrkb}a1eWzRmzDfL?krg>4m06X$$elg8pMR#>e*}@$}F#*>qTn7oMkz-~_On{r2N% z>?9QV1ZXNg3bet~lQkI_px%a3qn3s}vCL!VveBEp^t(tlmyczt)Dr0gQmrC$0~U>Z zd{N)RK*BO>EE*lsv!I83W~8N7YcrFILwf_#1MzOX7d_Mnx+xrCj#A8c!MA~1WFt3W?YK$3A?qoyBz%f}( zHNxaFkf=IBmGzCJ$Jw4eh$r+WD4L-#U(SO;W8#iMWd2u)ta>NR(5$yvNFRG|(?VKW zAx)^q$t=hiQ|B@oK%XWZL)=WSf)*F5AcwBe#L_G#gkjihjVX*;Zsl}zgdXrPIyfGr zO09e(7s4=p#AY(CTuH)(H2AH7nIIXZ!1Y8M9ip?ILrKQoip8G+U^}G_A|Mb$_u;Ko zkALhO4x(^baDSVxe!6ES1vUz&kgHUIYYmSkQN9BzE{;!n$j9lqG_p3W#U0mnAk zKPx~?VV-0T#vo!!(kY;AV!mS(PMM6-hi{6m=`kN5&IJ5}9fUy&fRl!A%NSHvgWs*r zK*r!qY@(7*iFR1}DfB1ggmC;o#kWEcnZrh&6-(+-P9O1+Be_ch$=wRlxc920cmrn4 zpJHd>WKXmaomBwF%quCa5Te#l5j8Cp4A9rwh2Bu>F{Ij6#xeU@J{_7^a5p{z=gM~I zqZg(&#%76mm4jm9Q*?2|a*~~I%g{o;r8vWsMFrt}U`0R@iEBJJ$vdjIB8sfZ-kM?r zJHN*A6-m?L(4Og6ix1i^Mu2Bsd%*3E@%8}gg;Rp@5LaRNt_&rEHm0eX9y<{s zwb4)zvsH<%o%!uME(HbM8K{m@b;?B)&8<}p4A-MhcDC!y*mn-dyJfqWz&m#1n7%u9 z%NPi!A7A$P*iPOvjA5pS&9%4MK<{F4HSHtbLZlTwSBCDjZ6`_D57bkgVJG+Y!CMlD#!j=?df_Y{@+6$a=4!e9vDFy(D;{l6}!p z^M<%I%nHLRxOcB|<{r#$(W_=d)DKy*AC~ypUASV}VL5k22E$p2b+~3iJ+~}zhf}NS z9BHI7^wG=R_k7{l5f@v&4wvnSr@YVWoFojbc*AheJnA1Ee6ZcxW zbg_%u<~4tNQ5FB1ma^_2vVJKuRy6#!PNgF2UO1W~Q!)y@qUS!6brbtsZqdTLqUSjh zTqPLUXw!R`>QohcY?Wm`=f6?}#Z%@5uNam;)sCK_!@D4t<3oQ|Bi3}e;{!Wf)R<&k`s>-f`VV~S+wGec3=E3H4VSjv&jGG2v9@v zOT50&9MA_R<^3_f;dRMzKiR_c(Gu|VWgFp8@;Fe9zbevqA4Bx6|Lb<%v`y#cdcs$u zVLHmnb;Lk6rZ$~^4rD0uBnE%RK11tOZDPXZByRTg9Xpy2{y%P!(vZDb?fceuzHKZ= zG0ak+M?rK139_h-Q_^_!;0r|=KB`p*%Kgq-+dO{)z>JYuANq_85eam!5xH$yBWjgV zsNoH;`wX8)KyVQVpeE{rSc_j9Ei)y@(j1ayN3j~C7mM{V$lMN57|xJvYJR{uqARG* zYa7dpEOhPP58j<7I!70}a9Gbr1^5&l{FI$fG?jwq5E_U9La>D@n0?P?I&wu((YkpT zW3t5GO0J4KRZUCdDaG#FE=KBkOBeT4DS4OV6v>-4U1#{Jtw3S2qGvGN`)1&nVpFt`o)WX=5#c5)m=cx--F+_4ASzG6s_D!sllu>9< z7MUehgfTA;tPFA1ml6hSIly*USi*m6joUXKk6rPfYTW;c75vvBjsI3FxVJxySyrNL zL57$Ca-%5SSG9gmdDzEfL-4Z@bivRhfFVCaR1!UCNPb<}hDLh`eqbNsD&Ox07)lBX z+6W8hT$#8jNo7KwwLUt_o^mnSAR7Oye5fF|CM!1eDTJ+9iHhE52*0}#3V>-{@NuxuwP|3*T zrN{y3ks%9sWr@2jlYLKe4i_w%Xg2!NlCL=bKyh%SMBcZ-gaY-2Q_k9x<{mG!n&@5R z1o|GT;l_Ezub18hwJarPjxe8aLFu~|gG_ZH_sTDwqxg_aEleTeAKVIS>cl@!?9B;J zklCYl+!=x8LhUx{3wwZh0y}RJ@l$w#YsHSg!yPH)`S`yS-0HYTMeG}&%;o<=3}!!% zyn9(fR$u=cdlql&o215%{yM1S1)PNXs0m8@&-j z#3~kj#8)nE}{R;!QU?{(L%sJDlzGl>g@?Enb zB6wway5%9ngVKp3`V%-Y@i5~8sLzP-D~pu~0rVUAtq?V|nxQ=kDEP-z*r-}mrPEAG zu$*Hw0gVPrdjjRi&aTuknj=;7IJVT%)AVoUG+%&PHI4=W7MPX;j4j;>y%LPl^`>MJ z{rC`pzyZ${1`c0Fdc#f;6&uonV21R8MXzN=wW2rrP#FhF_WW^~v6PKuXyr*u>>6jZ ziRe}9nU!pAYANR>1MSSyZ8<-Kj}!i6Vv;6pK~X7J{7q??7Fb*L;yZQtlTb@1to)`l zR6ZyT*N4Vt5&XG`KPU~u4@!fip_pNgae6X`cIOGi?UL3QcW>$*xd5l}41#;EeBCyy z?AoSWV`q@Ik8?F@76pL9sO)u#3p(B!9;`#D?Ws$zq8F86Vg?CNJh6QYg~v5yUw{!$ zfq*uQy+D+0zMjm87jQteVs!aDBAeWA%$22-{ZO)z;q*n0Yl?QO*<7LtI@qqvH4Ew7 zu#WZ3kF%V7`O}8|Q2miSmpdBH`nsoryR3dO+StI5EFUPsWjwH>%bazkBISOLs4+wA zv<8*c6f|r&4>oeip0R%HCgbg5w88$Ig=ak_2ljMSfyA5 zQS3ylp2o~C2HzEon_}~12`(p*8R1syf}mX>6=Icm)P}!FOA~~2$`Z`T5-ei;rZl$g z6f~u3UFOVbh-gQ4c)9&UK86$hgycr7hP1-_3NHQz@;lNDV;}E8{;MdB-;wqgDUE#6 zK|>=Sf>`CydFD>`L%U1ICbb>CKbju#wqqD4&y$3(q!-}MCx7t%93N+DyMG-@ zvHNrdu38Hp=#GiVAubrs@0$XHe$HeuTRBO~hWvHDELLyWPJd?WB1cAbwo%w)5+}V;) z!EvUQ(P7C$Nei*haj^mha_6?W_DbTNCt5g(nR%q@mUFD=t{;Fio-L`eT(0H*0&EDA8uhCMHP5pa%lZmd5M$$H?vp2L+**{bQt2;V8s!cZrU;il--7rz)|d zb!kcvfbaz9VlfBrA*2EOp@uA)rZJsnfE*2AD-4}D;2sosGM6p*O+(vkhVQ5cyEVbn zNmppfN*)r9Zacl3rL-gBc!3}q^`l1;yzm8O)()1y>C=iF=MCbUnM*H8WO=Viy(0l` zRkw;ZM6$Ebu!sZ9Wc^nL_;qBomUC#))`)6C>;C|~#OhZTmL^oG#LKU zKML5|*?QR6xj6m3=l}1s`R2$fRUj$DFVU94oFTvAQM0l_8Y&Weu^{$MZ#3d+-mq~s zqj;f``8}Ht=r_c^*2-`6QhImiLfZqn3z z94@MLGx$cf>C|k_YIDLKUUr{Z+(T7tg6mAZWPsk}thI_#X`|xSaLc`5gdRZdaX_Y+ z`q8;_oK3GiQZ0}3+4wn^N(y=|qpDOzY%#Im6i|^`TokODERk9l^r*3{dG#9Ib2e)2 zh*0qp4yWL7M=`EH*)mPAjWv!uhqU#F-2E$L@v(Twvc#Kj*0|y?^-Y@7dF!N6W$QQU z`EU<-a-r)uHB}|gFBD2uZCS1LO&~74^coGA0qm=z8E}~h8>-P@i~-8PjEnKDi)tPe z39oQjLz%hV3FE_$E0_&J$gF^v0pK_eA9{3M*k{qL!2RTdRhX7C?h#rLZAjfK57%!q zxw_O|(_U}h*MY~!r)x>4R)Dm+TF`5R?&e#nf?QUQL5D|wMU z^dCq8V=@@8X}aY&ZJzyt>?jIovWpnlWzzNLY&U9_V`CJa5(h`P)I`joVvd+`U$~!T z;(w>u>O`&3DPa&an$MA$tB9o6;OBG$PJaISFo}Q|BJTT($!?nOWN)7$W{*^()R)_K zhm{-WV*4T&wPZ#s;;@t8m4qDrXI2r?$PE4?F3U}d_%K-b!A*!bTwhmSCQDbZGM}Y< zPuD#%VWu zWE|?3KR84m2V{ZVkBY(4pK^%*bl%1v0rfA-{~r-VEwzuSJa4dR+FbPxx$^MTgp0)D zpyc(VGK%Sv%p{5Y)KAXhpsB9ECvNa>`COAdoJM@7S?H}DTQ&0w;p;6q6l!`9XLg+AhYpSjUAj+@jGi|!`t?agL!=h;cSq65qn(>YB%WpZ{6 z&a=cqsaLt2r6@9VcsRZwbX@O^WmR?J2vg(%T__WcKOtp4qB+U4K21}62Nf(`sr-O} zwMS8PYFmO94`*k^F61usPM#uZS27J_q@UAHE`#|oI8jwTlG=xR#8?dsU{aXzJ@nFk zV|QO|+1)tNr}liXf!;5K7x^qJTtG+&*E# zM?c6UVaiAY6g;CK0$*0-9jvXz7Lf-vq{;@VS^E>{KsywUF~-K`B!{L`mA<<=FO!19 zjA$GoOrw0rJ+s*8G1YK<^d4fEFe030lG=6}ZC(TMOttSn74i|Jk;0|gWtP4P=Zf;9 z#4Ko=t*z7h6cG9!sTd1C_6iOCI@2g!>(pS8EH<-M7aeTG$$=s*lv4OMwEnB5Q?23l z!^rHoy>tmrm1gE7{!{++Xn;~)r_M-5V~z56Tl5P`GJe1h4-dU&6GOsG#wN*i77$w? z?HUgi>bFLTpcPo5dUM;A_3v#o30t8uq#0FC{TbS$(B~pKDR^5)4WQ=6#nvpOtg+(B z=%|y@_v67QQwq!KGo@`Nd)X9*<|VflU*+ar?Lh1j^IsF0NQld}5pY(?ntZxgi_Y5G z+D zus#~ckeu(ul9hgG>z?Q-LXMi3-#YL7!#4Df?mPM5e|O&zD9|TT2qi_yk1e}is^@A9 zT-z{pOa4dqou;#Vn9sLjZWrV0PLmx+uD&lXPdMF1%5|Xx*`kCY#EQ_5HZ?@e6cxYS zcgB)U#c8OdPB4Yq)h!Dddg)P#Jv7r^TI{*#MCc-zcQG;rXrt;lGW*E;^3UsAj>A;N zZWb@VHr-n2p~YIO2=6+rQoTj2#8`M}qSVgvshaLQ;|=B)aZZHQXtUr|Cps1{xIo0;hH`A1 zu=U8U&9qMqKYqN}QcKVac4Xm=*5VQU*Hd0m#(ctpZW+Q#uS6NuqVE3Z1G4N@fSs(4 zhU3N=Yf&A^Hza`IhAl+djKUi)xAbvz{vz)DyA>!g+iY?xgS~69I_KgV0-I!qA~$K> ze6C@btC4%VQC|0sKSnlm&TCuWip-jmrlZUwKpJ<(bRZXx~ZIC@FPSQ2jKd{6PENeGjD#T^*;2cZ;1H6dEra=#R6KY=$T;aEsmytmJ?qT5#U z!K^hFs-H8oAS1?xsJYl5N9o@BhI~Vv5-ni%v`d=|+E=u}A$QR=J{r`Zt|GQcR zRUN>Z7z*!La-<;xBOzr#A*tSSjQaP4{7|S0VFKCR7(W1edxFLoHZhTO1c}izgx9&e z`6`6zsEm(*k8+`_$qn!{7>TJ@Em*)SYmF^ z=rVA2>eI8?sA=sWU(t>E4bq@Z<5CR4gqH4<-*gh%;XrX@{f29g?dOjBXA z^dxtM28$>^#L(7$hL*l9$F+k~?*#?vRt;6X{Y^d%MiG^iO9Hw*DNwzBhA1fThBl$T zMU~2yB(Lt6Ws5osOE20di@+TV-9m#c0E_tsp;*pO8)MW6LnYHQ>7dAcOzgX%5^c8T zy^NOW5UO;lQ4lZGzNK51i47D4!)Gk6XLVoh6>4>TP{ZcIy0>$yi_T$Pv%H8pzX9KZ3WsW`@Jzz5&kFeG~q-RSD2W0cr z6Ps_f*C#wU(=G6tk^hf9!5_rh%xA*hp^xVuzR#k&7v0ead^u40-|(s@I_tWXoQ9O`m(Sn6da(&N z#nKmLOZguKI{uFxtbar0|CWmS8jk%}-*tzuoVA znPmfawddl})K%)A_}a}C9dwPD-QdgiN#3V%-ln^|r6&Au)zE<~^@22DH?SlGlG&DD zxe*J7I;kdV5AAr+IO<-MS^|oAp2xtGa;R8b@xh)D!_^otbzGL#3okAO}-h|Tt zfkron6(m!ZvN2HbO*R?I({>tdMaJhebImwOgVbUZ91uQ6aVC0zXbP9f4yTtI`=}Ir z+`bl2A2tz(%})y^?4o{JU5OqiQ|Zg*urpL$Ar;$+E#bk1v4KjhpdPE_vp)y&yX0CU z^f^V&^pv^rT4$a6QE|m-GHf^*=yGd~4!*)abSMbU`jSXl;N?~9H)d5pPyRE1COL#E{3n{rp;(+MpSO6!N>99C9OOV;`O1 z??KOF(Jq|wx;NJ~GIGa>4qWc>7e0bn-{leAur}U&`esSXcFa5h#jlSdrECR4bVj9x z1{bvC#ZF^l_cuUXH7^c%&l%n7WyRmN+`qCxkX2Ipxnu<$BIb1~85WbWC1RcTZ!1f!Xa6`|ZCCHUA9p>mcl3?|;dLX|nURF=v2n z`pD##@T;Qm7DreGcNI>X(U)=C@@S?aKqdtHkB(ht4IiO1bG9O z-nT_;%XX!~9##it!W2Ao4T?6yT<;E*q@(V;5G|lR{0ICm2;ZqQmL&Ny#H4@e75aCj zoc}vRRQXGU`+tdV|Ib!(fR-(iAj+S@bz@N&b@~VIGGH-q>wCc%iFq+(t32i0=su?2 zd6VSxNtctaPV%{bv^Th!hAW@=U-V`1Zl&IN9gU}^{_g7h_)1bX(b5pa3Ni(w%)-9V z*3dQ+uLErzTT5y&=VOnmw2s73B(`DV7*X^~=BR%6A@tj!W^9ZRBnsafHnAfLj#oEs zK6(M68|=lCvXSSzrr6HidNM(vP>S~J?AyX>VufL%`T3LLBWbboG*A;9#rz6APslmQ zN*qo*M_7-E#ROIJnJ_1f-Pi<;>aP?BXNSSz;4+KAoiToy@5LYorodc`BB6 z>7jml)Uo7VC)X3D6Rk#9zQv2q^z40O*t~_iPF0fnW&TWhuEycuC&#Iz4BXdyVXHDUYWSt;a49F4<_Zp|Ld-20F;*lbX zO5Q>#XXIPMs<5sHgU|P7F?3JgEI49mwG6AQX<%rIS$^3Y0Hf(4ZLAK_yoetUf!+#O znWy;S2VJe6fmal>e0+o91X5h_HmrL~hiAq>OYFLB1Z_i)n9iwIvlXv+t}MR&VKG9dmj}` zy?KxcR57Ze_u&pJw;^T*AT`K{=B&Q@YZBkkQS%Cw@uUe8;JG#5`P>Ohq0rVbwSxQl z0b*MqWIjec=AY9p<~qaRCOdpyTP}S>F%)DP*k#x^FGm8;?TDf+kiNSNQB;j z_JfTia0Oq}C))i#>v>y4+@1VDP%FqQiGB9(Mz;Vm`2tNUZD%=sEGo zrg}WpCHnCaC{UsaxZU2l4z1LKO6W?5^vl7@AboN6?QN@L?)3@V&{1X=N`C3hXu?+* zGMmv7+4u@WaVEEF^7{=zXTATOJ|BlV^2+?Oz=;1C#r?-iFJx|G{Pp(#)1_BF`%5F3 zZ;qN)1sWRK4FqV72p5%AF*^)Wk&;w%wm6i(aIFS+{cQSsyB&n7XHHg$aB~&I=ttf&xyI zP+lQn(+KpS(mVBQ8+)+qLxdQ>KVm|9TR<~{fq(&(Y6ayz%9ceN<$9;t)kI64eb793$_O#_ zq~>aWbYT6==ys|qSM~IHIo646kQM>m2pdX}Vzy%n=a@B#EWgw&Qep5-X8-j>{*BPf zAE+&$ND{J_VO5L-i@qaxj3F$G5oT})+Gg4lwc{DP=ZQ7mYhzz@+8tyGq0+!HtsC%t z2C{Nw94Ka7KBSZT*D_y!SL(Q==MY>l=XiQ>db2dko&j{>!$uHh^FnWKvxOeV9d4Z7 z+BZZaPX`jtbvZe~R#_5#K9rI1OX1qLyR(#dc1YrhVl=Z|?tH~1nSQdk2H-&hne#=)4D?W&e? z$2>ZGWqRcS1B|t4*ohTGjL8FPC=yIGnKHUNGPOw+jh1(fKMR#7w=H`t2Zj}M1 zg(XrFA>CI4Ew+|ovdpJhZ6xb+u;E@C@M)z3xDzZq-2va$4O6aQ+)Pf|f(#eu(*h!{ zJ1449j&xMhxzy%^EI5z~L3crdJka0Kzf?*)t&SZMm6Cp=%Qw0@FInR-r^s&GKtEj@ zSlw1;cxcgy{(ho)JEoN7?3nfB<$f8C805pT~{r%I1qxu=R_k_J@$&LBDskHR_>UO zSO0;*{wbeiU>yAOmqBel=Bam?qDqC4?!t*=qcN3sm7O$l$smIzA*WB2a8zYLjk*i(CpczJs zol4LO%43}mGqs$L5ba~YZBif^v7m>7pFD^Ux}4)xMAca*#t^qKuYnhNTqD=rw~OAO zaENHm?7$*F-i~1O3-X5)ByS7y-_cmtcO4&yT*Bi(@_&d@H>%vk6w~Hw$vOTrq{YRg zm6UsFerZ{?2i8coSpcu~`kQxkBCIO7jjpu}l+0UU z`g3YTvnX+ftJM?iF^Nt1xz`y<@D`(osWV?^)Uj9XIZZXl_IerqI)rCH;}$D)jymEK zuOGwlcUAE9$Tz)iF?wAh&r<9z%+RfVReEo~>-df5qS$BK8y$K+;b$xMKMY7;Kuzx* zc75f#=M&a{wGEXhvF$o6Z^r8$c{0auN1m=vt@d2ZJ>G(Cy6X7Q7qUV3c>G>+_5r&! zmqz%;sX=d5sxvZ3wL)KmFUy{sNOYpi7_SzIxa8086@P#WSgy?*rM@^Ne{Z?XE(+vf+BMB3Ob{meU`cBJz!e>rO<; zKGer46l?(M`tQ_0A0K$d!B?2|`(MQV|2@q5&(Ft~w%p$`UH^o#fWKAA|B~qvg@z7$ zt`yMA52ybPiXAFN@K@{jXw#QU7kZV)gA4q>xRz&vFp@WY8-iO-%fJp_K5Cxe}GfO3A3aJQ@9Ms5-+~4N=+M%;k`GMg2rf5)i zSLU$!zoK~0K}V{&?qF$#%v9zfCS!fpu^k6F%WogZ@))@dR=B`4Fo`Gv52Ho-qIe74 z_A%y15qwODZ4UaZ^6B(9lQ#P+6`n;)ZZLC$KkW#@hwqwS{=>5bCMmZ+P`2ZN&GLU? zhz;?gP^7>Ubh&XU z@rJ>X3Tc@?ctzwiz$U9a4R`HC($Zcpry7A3p*VG<{m|A zeZ;=9$?&AI6u6YBy58|yAKk->kjO8r>^kYKzF3e6{MG1YWUHl9qKj%Tm=ADjtD({( z_Y_NvU6e_E5+1%4`#|f#zz_75!vN=U;zmwe=iLvmMR^!(r^27BmWBMai(t^J8oKr| z5hs4P0=G=ewN)1av!9(jQ{#$hR98CQF06{}rA(xN>!gn09UH}=->oA<&%#gHHiu(L zOuE3nA8!anlYy0rskMYuit96;jJ0m6(It(!7Pk5KG$vx5eO8+@`N&{dWnpmh&rtpH z*E{0fF0ss>f9L{e?uQdJ*7<~jJ9 zH|bb@0}65GwsUj)_mQGJLK1j>%})ycI@bSQ?1}dOaHM~g*cup_Sew{5{nxRM$l)-e z&@gLZEDAuLfdLsxVr?rVSK93sO(%&}dvsg90kB6X{xhu_tOs1s@SqBZ52~u; zLPuH9TxRU)MONiGG;9M|!ZRWRCB#09L`nGiWJrlOg& z4&#R%OfTr_^Zq>ga|QfBocyC^bq>t?)}&3bT~xm@buAltVOE!UBB_B+VS18j!E`)%RMcnfF{(TGy;k_42-kq;8WE#j~u`R4v&)cKZys6n5b96toc{>mQ^6M9&vM zHSWI5qhofhJ;+V4KhXS&>e~P*Yz=NFzCQo#RrKQp#^4HlUO@EvZ-tb8avA&Q6(cNW zo}M0>L!QIWzuUzSTl8H#zD_myUrzPk36!t2_BTf(GZSkA$N$Ke{QEkze_Cf`Yh!Bu z!}%Xb_8)f{^ZM6GIK=<$E=F#qw1y@IHjZ>|j>Z>i(vE9v2z*P-f8e!r)5g^k;&r(y zFJO(dDhi|a84t)fg-9fF3cq1}6MorpMcJt17^LF@7IYTZx|X5j%V>#pPwA(g(?D`(PT zo-oLzN@WUP+*U!6*9GBofRl2VRmEC_EFm$9k;_)X9lpP@wjL$J8`5ry6Fa7Ledk=f=q|cAsP!2*?@}r@c)CQ;~-C zARR?OLy_Py&%v;5dI*cWjy=(3XieD7Ib>s^3B~Y*_RyS}@74$-@J^mwk zZorAJuLw${ZYuv}$jQYW6sIn*^0{yx1(XOiK_=@_#DWk(HVry8j+_V?N{sw2>;T6h zFp?mYlyu3`ptu;Eu}~tSp*l)7Ncndl8XjJR*fQxdId*&&#`tquEJSka?Wgqy7`~TO9fOy=TecciSk8{kI&B&&vU_N z%Q@C8ZaY8i{5Bj%m{n09Y21p{eN%VMiTkVoeY7P~j}COGy33^bbI-D6rJ$iJ959e( z^PLR&cYTd^#Ns|6)zPHht}6peOs=;bAfXcnySCA7Y9&%s&?hTeuOjNwHwuL802IRO z)&occzBD+AwE#jjn7nIPtttT|z}W*A*?kY+2f|0=`x|EiDgi6NC$0_Dy2!N2S{ZwO zJ|Q7NCQmRexUxGdC=0=ep1}d0@bI8zX6~lai8pz9^dVl2_HZX%ht)*7oJjh-x>C9T zS_GZPxpnD?KgsjlPquFx^@N*<4h5hgj*g)Xb+S^@VP%(y9SVf1+A^N8qFN}c zmo}!K>Z%^Mjj1c2$4?(z>o#q#=y_T95fckBsY^U5E!{3$*F2kZH?dXJFY*mr!KsLj zbH-?xfoIh049NxG9J9o_?)EHYhWw~)AH0!|)HZj4t2OnHT3@|( zR;i5c0qEq0Lk!=Y)}XP@Hqj5N_BG$|)vEeoIfsSv2*GFcwRzKo?M8|lCZ!KVTSNF& zJuc(@BCq@b%0IpvcRlykKlVR~(H-KJ3gq8SjEIf_Jclg&KM@j?}%Fyfm+L8D2n)>`Z zDbuv-`=|S>kZ2eFpF#Hj{z3ej-D_gw_@(Ik*Mpd-tYRnq@#ksc|o@V$TSbW*6wI z2%Hp=Z(@*;qGEaef}x%U*RYn*cB&YSf+lk?5it^e2a2knV)fa5|ZT7MatlGHetpCGQ{ zOep5w#+K2W+-Q6K(;J*zSpZ}4V_3KIZrcxEkP0TT#}~Ugw5HxTQ5)5St~mm?8RoH= zA^0sy=z_M$;u7#nYDlH~0tM2mx{(LoueI`M9Xpdc6U?i2JE*lKwDO1XV)E7qPGk-^ zud)z8?MZx_)IIbi3+J%i1^LeZ=8o(^6A*3UBBehU?a7mzqu9Yb%1xK8YR`_+7)B6* z(f&2v*$G;&Z)50U<9lbNjjdX`jvH>zBO0F-yV?%jy3MgAT-gLK5Px8L89=}S8Oi`) zk^IXFdPzhk=->pddBY6CNGd{<%20}|F6;+nYHmle4Xf0AAcIXp5G+|eTwt}gKP=(z zfi(Fa%&o|gob2-lejpo!=9AcU`gxf1ww|AQzcV|aJH0wXJt-YCgTLz^{0d2T;%V?Q z0k)zki4Fa3+%h?B@2C505%kLYTs!nQbE?4^73HKvR@8 zWOCUo5El#Pq09t(UXzb3<;<6Hc^m;I9qpZeEgc>Cc7YiQK~oeTdPPr5&MUsW`_|Rf z{9FMg4;2`*#!<=gkb&3Y$Nr&4`gFOGo6wW(h{zNFBu;!bx!)yniWIp4-yhF*JjYS{ z+a5ods+nhVBj^*$U)^8NDPw#un>&Z&XfQ%#T_q9Iv1-BZfnIp%3A;H4&G~iy2pL+X zG5Yp5C6bIHcdV~Lm2#B!A1NTot`y3tNWIdLx>%V)Ya5@Hq<^TEn!IBcA%8{WoBu-S z{kx6*<;eb*%k!_Ui`{>9!khmzF{X9;5`6#L{a8@xarkmSc(wFuOgyT&(N0K`qp&#h z`WF)bYNshmvoaYVB6O4-B;DV#DOpFlT!G?{SVvf_i?~D}93am-y{;~Rf4*7)_OE|Q zIZ_U85`XrBpw!4T4-alSFyj8%=WWB``LN-@`L=$I5jY4M0a_=Pl0Z|aMgjmZ2Qnlk zN~91{aAbKOqKfHN(40p7upJ!H zbl^kFVf4aq8p!-N)wE;F%4nw^tjL zkb43ObG8R%V+zNoj9>hBVkY~=qFGwB85m?t%uLG#WC!<_EwvDBXT7P-ZUI>;ql6Ho zfCPPo8-7O2H0#jSIuMWDm@W}FV zKPBJKB!%hfYskCL)CSgdAOT!sYALl;>_%5!0}iKzWWk`R=H%xD%}8(8QwQsH6QwzY zp=-PzLkR|ah5~E8)4m)05_K?n8=@}(bfaUwYp(F@urAQ{f`k6qauFR{Z@BIwx6qVB zV!xN|(sXih+twTgSO&CUHIX#X4|k>F#2umG(e%$dUUuG^id^yE@vr#2+PMpsR)*Tx z?|*t6g5mzOgWRHNTi_iU^AYyOtSDgedX$;27{t1dpCoQlOnL;j5q9OC?Bw`yIVd@_ z$?Kut$s6WP0c%>!_2>ZxA;Asy(fiSwSS^O8Uap{lx%#33HNor~x(Dx+B&KI3b=^6$TgcnSe1$6h%i6vFg@5~ZYbW||t=-YY$l1Z%$(_#4!q5buvFi|LUoN=smjq(1nt5o9?-Xx?VdA&9HcR*i8hpM7b6rqZXm;} ziVC#OEtbe3?!2to79Xj@D)V&3cMjq@+;77>HvAzGG z206WQZ+Kh0X4HMvE}AfM-bbiQRV`^- zw#&Ors+M-(domeGPI9}GkygR1T0yB&V!obF8!q{|rZH90$C!J%th}Q6cFZaSs} zSj333fKh5qO+d6z>M2dhzmz zx%jnY`EulVHRD8if>ZnHKI6T@nQPhpw&IG8GKP1>)EZ;Q&(ow((O91}>zR;-D#a2ZUc)B`KOQT>{4#k@3-+_d zW14w`;msiN{pBjfkczPQ{(c3zKGcItl;!})5l7mfxyGsGNzcjS zOl~6EV(18xW>H1_;!IaGmVMv~fo_D;Xdt%0k)-b+Y*BOZ2njf3{cHNRs)Me;uLAnv z_=3LLF%L%9=-U#FE(#-;>tE-E)5-UpCCCTQb|PS zjPf}OGn&Sh9Yb0Zd!52Icl$rG76)t(4u+dF;=s136OBuzD25kCYo^bW$%e3+s8K0a z)Iv5*`yu=UsKuVK&$VdqmYWgPt?~nz`Wca4|wxw zWZ)$UA-4#c0yd&{5z(0m5%emTL_&AUFGooB?3Zicz;r}z&u#?w;J!xvIfM#RMys?k z%T)=!_cSrN{u*^2haRSTJd=<}=NiiD20lWT>8;DpAIit|Yr&$O?BB<>X?Y4rnJuO} z*2iHNi8aM{zHdhFf*MKJetILkO%Kz_^^rthKHwoVZ=(4eoRA(0i|oVx`0i}qhH(nN zn8aPZ8l31<%DtJ975N^Hns4pU2f&@y>iZPA%4&s){**|C%mS}Fy-q+C8SvLx@!$Do ziH7u4=OQ0zoF!r=Gc5&KAbNjYAlSFt?W1Vtz%C)0OX`M6Kv*^vG?SNjTbJ_KFdo3} zf0W}0!GwFL7{85CfQipen0pn=+h%H`*TvrV99t;|gn?rYz7FolLAUG_s1ke@rWm9OX$th1O#5 zKH*2R6`EE%e_UAvn4`dp6XYnErb;wd)*i>p=nnm|Pxp$IG7@uxbwFyuA@{wd$bkmk zs#Naw8&N6V?0`?Q86u)qPUuZ&&n-kD z=rvA}x4>N1lvSr|3?xJEE3|5*pj3W6iM5zj$@~2gzInTVL>unj27OF786|zD%M9+! zBzmppt{p`oF9Htk7o4L&HAn;-W6hWtOw6#2mq-M$Zqo!}S~d{yeeIkCOo|Eh z`;fzS{Po87aiXEKZH0J|&2j=6B5zf)VdC;hUVoC3Q}LZ&C1NW4GzNxnRDKAA0lJ0s z8g8h_WeA(87ayFU6p@yY$aVzCmEwFQ56R1W$-W5FbQJrK5-p7EpbH3)1t_qnWvU4) zdKW(JA5GXwWvZx(zVUp#?|zVYI9ZIy)m>uqPn6>@k;RG-ScRAHsESoNLyl^7Rh3ty zZJnZ0w*_zA?zviB4ShrfkHqvuo#fHafkmDiTCmSi&8DXK;q>!cZy&;1q>imDTBw+4 zYjL9}-j$+7(Jp(a-q9uI+AGS%TG+Qp6|PIvS7oYv*-9tWwW16}pfJi|pwYG2Ty~3P zeox7}hox#SwW@xWrKN5d<0;6$oc~8LaoiJfkeEawW?RFA{| za>PF$A%(Bv6TDAfPbSj>ZdIP7lVSTgK;^usEKeVZxN2V=iwSA{jj?4I_$PJPj*h#@ zyK{9l6g7oEj(&}))+bVO9b52(lOg*)4Ey52pb5_I1l7qRajV`~$F)C#LL`$Y?0;W;2 zW!9?jn}Tig^t2^2)qM)KGWl>r;)V@RkjylUArdN*%l0ZnTwx#6BhL|4Wk{?b0{X6= zR~t%04<`Y)tOF^2fW$FWIfswJ;0wxx+lEmwV3w-4p9-PZT8Rv+SFE>;vy2=x8gyJ@ z(A(+`cV{=^Itzt|&&)3&1wCRC>&+VsXUK_|a7n^cuKZ4fG!t2Y?H4v0rxLmjKSY~@ zfV7J#q7Kzh(=d)h$I;9|$JMGGJRn9msY+$Q!w zr@~ts=&Z=eh`_|G22+G^QRckaG6lKhT=WOKED zl605zcYOa4xEVTm4egRo$@Gnl-*eD<+D+`+i@`6SskeUhC?Vgfrmw~+tNM?ucXKDb%G!hht ziu?{Hk6z!PA+--SIlPXLo82@M$Q`G&=+V?vE5XUayU%KFu97c%&8XeLyT_SaFDQP> zHQ;P@M7L*-DVo#m7pZW4?7bh*)+92&LX@|gaKJ2L=_r#F+hK_9#Dr3+n7mCSGhaU;|X6fZTLt_jVHnEN&iM%E3_KV-mjO8S?Ko2i;RL}Xv)i*1$H zOM$BSr~4_Xa9hwOi(Zsz7fi2o>U23?yDgCO75Sxh!&Om^fe?xu*&bu`=YA&7lYsRe zX2G~j#N$kDJ$5eADE6r(D$r2N6-8B3#WvTzntNcE*$n6ksJkeEs_uV}xTF%fdvCV= zKBoc%gj9$7`OZumx}C>|EBV0BbVfrGF&OYDp1U>lK|sJ0ECwl<-l8qR0E&ucniMRA z;HDwVxpNA2ZA$h-{+)D$S8zoo(Kb~Q!DHp&z=kp;(TCVUcMeC(AiyKn<1BwVY5 zu10A8U1p+HAH9_lWeLM$N-Y?xU>sLB;*4I2T&3597lB1QUk7JHc#b;2UVoWl9T1ux zY#ph~yl8AcL1i|b(5~4Es(e>l(>axgp-P#_2{VZbHF{v`1q%u~?U;n)N`tRfe0rxE zat3Nf9@_Hre1S|_II>ymyHKI1u(tA=Zh1d>JIB@TIYvNQ8uR|+W=E&gYl3OrL&X~% zM6oIwNEQVn%>6Emz-9-~gF$`Xq5V9ZdV?%y6MKkKi`;ZWA~dOmWG`?Nw|+VTX6OXk z+E*#A=_`d+{YvTF1`FBzy>32eO%A%|4hXr>0Kd-Mn#A%$RQf(A+u3)=IUFLaLZmC{ zV!+8zbE(gk_tu{y*W!Z?%@u7y&vG>HIH^4~pI^1U<#oxWfpvT88E9fPy%GjpP5ekZ z3#O5DSxik_)tyw^@P-|MGNi)Pw46~r`@~b~>(LMm{vyxVJCgLPF}RPsk}|HQBF!uK5Hg<>e9WStOd z&C|g?#EYE2!{bknKlhSt>?G6Di?65}SzMsrg3q)QuT{l{U@qO;(0Lv^j2 zfF2CBZa4&rsxC886=rP1aL9XeiINAPIiAXT;Wf=8hhr7>l-Q!mfKR1>aWNcE1E$C7 zgLxRnN2l)a^r=;j(Z5km>BbPsY~fDB6rV)rM|0B+|6lbgKZC3rFu!sxv=09%&_?(d zmdL^6@2sqaU&HJf};{d?jKtkRI&%L>dyAayC>YSe`VLmG!57AX?u?tCcwp;ltye>ap`(u2KyQ8Sdr0KV;P6f+W zAm&kKnm8nchZ(1?P6<=eaW*S5+U?1b_1#u?R{KCElM=mzz^mXLNh={Qv8HPdCqg8N z@@v+C5*Cc;G_aE@U4V%tL6f#tgZfVMo((~DbiWFEZQEg+bv4BKNz=Bx)dBujE zT$f1K%-toJS2$d@*x3WK=pXGEGqJ*cFE16+It05O;nT00J+p=HY?&B>8?eZ z@o|`Qv>s@tyGJ^tKd}AMS7T$kwhfxjqSJMj=ebK5i*13-;_=D2$D?gq$J$&FPw$G9 zFux}kNu&cnDr`ZhVq4%BG@$}C9dd<@leD2yg9^jPZfb!e- zGG75ME?Ev_S__iP`z9_HFp$Wk;+WXW)KT0oG}}vX$_gPyX`O=ua+0kdq)w3lf3qj> z(p`S3QRE-d?7C9mp9~`?L3lw|W0zPjp#DMp?fQLpSL14_OH49=1-m(+3Kgx2c4_vT8$kQBD_{<1bL6?XY@QK#!^eJ*Z6=27+fY+|QpM!Qlq zoUZ0W(Kwg4j#M(jvYixETa0(W()amW4t{Eo&~af641zqp;g(_tpTu{?P#pEq2o>bc zsH#lb#7!Hb*27=$zX+8g9`f;reG)z?`8Lv6mR|(>JDLf57X#@euU@|%bVoB~*TV9HE_z3|vaL}j}nd=+^VXH^lqCrDI zYfjl=JMw0gGd*KL7HN8Xti7OPCP8uNhFiWPHy$@5myl(D^*tzcbO<8*N`We`g|N;7 z8=Dgj#)~;OKh8kv41B&JLLe+(&~vV4C8dig)yam$0yBA`-P1a77b4m^2nS6 zD+0R-2j~;w9UG?)l;El;=)2*K%-z2`~MsFk~tZ952m zzr=SpGaHvXOwKxkQDL^)U`z9Xk~dD?_Aj;M3IW3|q{pYhISePd&n+AFzFoGP_uLf%lUXa0xzI=|4|qVCHf-=3E)yj&DYY{a`CD zTcMt1_wlJ*9s;Ia!lo?`lNECAIb^BB4gL_B!!wK5UOHVij2T6NV5l{T1*Uj-y1)!| zTxj5tx#HV3Yn1X>2HBxcWgdG)I*WoGGHb|7myudnJafC4;LI@K8b{$(Z=5xKU=oSs zdm}jW95H7mI+}C(;!+=%I$;)^pSsl>;#6U+u~$%Vgk@O3!~I6?T9i>TQulA{kPrRB zsIt_aAFLpj$3qHT4graF1&ihaa+pVk%TTiM}5St=Brh5atXXtkbVB1o9 zr27x#HMMnqoF{s=J@#!M*_UYF&icZH#j*=0G?rEx5qIEQnLMqJaGGj+s47!T9iSMq40Y`+dJCyqH5q+E7 znGBwR>z)uh{g6=rPy3}#+1+ShT1pn5c_vuBdd;04zEvw+voI5`G8^U z3Oi%s#2YV4;B~g&dI)2Xm-VB88}=xk*P|T2tMcZ4oV{wvzCCTJUB!@M@zUngY^_F; z^HV#_Zc=7kR%l?9H;ssbdtblusFS$=jGO;n1_t*}xcPVE zHpmy74e?h|*|#rp`|rj+$X~d~|X( z?tr6aZ=?R~aOTEp_kMMAZDZ{ogtP~Z9Hk^K!TQ4V^KGCf{2QbKiRh>l^@Bld?_ImS zo!#})6@DR5YoGnD_|Dm7w(GPg2ac!_f4kSl$I!#uNBrf}7O(s5Qt& z?tO3iuJK{y_1Pqe?2n?4KOY}nSAX2;!))JzAt3z!d=*wV=dyB{VTk0>+ulU7!_O{d z7U?25A$-3^2|jtF$Qsr2PWSNj+1s-h|6U>-G%sizW8m-_lW-D|zzfI2^gh`Jqv+_s ztflMhvrBq45;0q6_YT0Bu*;z1+Ts;taHWUMo0lF58HRZ^#fdy*0D3{n`Q6ST3c`2~ zaN^?=t$o-OX4-5M_TLOY3b}u4_pw{%=MnPXo6GZ`^EYCVoM{Wj9L3_A$Hwx=FB^a* zugyt@XwS*}(*whTk?}=p@bN2Py;^QD$-OFNP9m?t-T_1;S)wnF$sEr=F~sjMzui~+ zT$jpcPZpc_Ov}%@@kt#q$~|6vIMqh)rN|VpOBM+RyEyaqgv>2cgh{q&pa6g5un3*> z%g10q5N!zy(Hrx)y1|zU`9oT4D~^W67or*W=gs5CE(*=I90i;Ey`$^|V^XH+-y#S} zn*D;sWqc>dPHk}w_plOq-FM9V^IMQ54uB%b(gn` zAp3JcLh#vBTv$gT$IHYTJxM4y1IGe#_x$pL?G!3LlTgoRnipa-{n3vvi=jT;g_nk? zL>YRdWH!klG>EosDP(ULGz>Eoa!m)@M=qSXdlI8Sacc-n>$w-~CR36O%isF6YcEtJ z2o8^W9Kx9-8muxnK@iwWR0HC~;r4KvPcQB4mW-c^Xno-vtU$(~AU?VIEhN5WkYIEV*?nOt6z|a;W26Pzm1Ob*$0R>n@*EK{2W@^|hUURMs9K{b3c(f0mvWF&h+)mKU5Q~(O z6fTEYKq2(!S1eg{%m;!3q=+M{D6;a^6D{N%LfSt#&Ew80FG0CzH(LgYmM^p`ixMYT zH2Oandj}@bf_2-nY}>YN?6Pg!wr$(?F59+k+qSEEpL;tx`n~9PqkqH7$Q+sLn_~(` z@DK=LDV$(=LINV%=mRobjzutY(9V$LqEdN(B+nEEnL2c%2U!DJBq}$+e#A{o&Z#E7g#mMIfAt(L_5TeHJSGSm-)V1G-ru}T!AB*c_VO|R^YHIzUw$djsn#e z)#CH3Jk){f23si?-p^rx&=YHntrL)hathR6iJdh@UiA@laNrRG031li01t*xq}p9D z4+ZiLE1y!+xQi|aR2+%pZ1%?j*phz-OF;!P2^I~P8Yna)hk@3SZ%7yB6B7VK4UiyG z6!>%>1aRuxyqnI0{?{UfmYl${m{ycxR3ztYenc3@=aODcU@y#ph+&ua8ayu>$Y>&a zf5Kg=<*F9g1DQ0XNCA*7xCvTvMl+dzHd>XB4G9AtNjQigK)~T6G^sW?h?!aDyH^G+ zIqkJH0Bk*VGU%_KB`l*7SfTQ&?cMeBQ14-m(nLW> zwol@pO+fs_jK6=ch4bmwgdDH!fMSgYFuFq6p-(cbz(|pjs|seq)<>OP1MVAplB=l2 zC(7MOA@N0+@ZruSh2BY#0gr5Wf%N`^51G$fEdAP>a>oL{>_9;P1p8h*hay!(&w+BW z9e{Hoy9c#uV^*F%9w!`2bQeK*S?2CZ+ti-)^jR}@}{(N&Uag==g&NiLRmLGk!i{{NTWpC0T^1k6Xc#5HfRo)T5fxo;n@!_*6$sy zvN^39Nf(!jf>hxs!8q)l4C*42oaJ_`abYTJ`jdjEk%9L-kIm80)40|fDkskvI^J=P zpLUudU|l}7tu0AQ0Q zOfnB+$UQkw$n>NHc~sJ0njRwx$uB4sWnUbt)j63KEwZD5meSHWRnjfE2p^O}PY3P& z!B?Ti$TSZ9*;@0;#gnn>LlNM+KESsmo91F3;gOZ`EDmxQaq>FGS)!Bs`q_h9Z=Kyx z5&`f_rH4#g*?}Q?7-O9qR>@FQM>~5H2EOwhBDHLZ0xhU+4C|=J=!|z?9*+Kw_BkaF z*|&GN9tb}wr^WkTxsHxWSx=*=K3b=2vCO_x5kV!0X6!o@_frmqqs333SH7?YGB2@C9-AggYaD&YM6J)2Qo}&ewWE!6RfEN%YB${MNO2B z$#HyYYBZ$$H%IFVn+#lM*~A>6?OTi!beFIe&*th3yt{Tamdr zr8kB2F{!v&3K_DKa+J5vY-wyW>M`2W(aqa*Hzr=A9wx;%M#OdyGueps{|@(^uIfO|aezZu^Vs2|}q(rQbLq@n9_ZGwUDo$or=_CUb z&^737vV$0O5*ITs#1fjB2bgIG0`2!byR824zprfvm0wNup4aJ60q6gR^{Fmtw#6`Z1p@tGW zbY@^1>)Q;2Y<(Aw2hp1SejLFnb(PFBHHO#BGu84zjn)b=GQ_wg-Au_!yPbxOKPoPY z*40njA{nvmQzr!q$)u_I!68bCaDZT(v(YNH$;eAvAeBg+Q@h%#LPaV7YvKhOgmuwi zIH6TFr{x+mT7gN}EFC#W{ekML3#Dp&O1IFar(`^LB=1J7Akfq1cdVjmw>xdHHeoqB zx%SwkgRBqpYeDTcVJ5RTRusxuz!|y+;t!^x>uIx{B!cA!0Vn_@oDU4M)$b3-7bU+9D@TW*kscRUImBSk{f$ujCEw znB&)=C>=_~ORvYmQZ-d;h{h)B;Z?X+gW_op=(9<14fRtP2ly!1DKfZ`vqd$QivM=P zONWK>P3}2h3kwPAK~I1Ohq$A`ia+(Yh?MGQ2?$kXO`#B&2p{{9wg+Pv49VgS>gB5T zbAnx%z@hOnYAk?`1(l005We_Kou}{;Z>A3FXO!Q-acQ8L8dln=k#oZPpi*xjJ?ifN zSuhGKD&MjL({H1`EIJ6-1?{dPH>Z9I^3UbAa}2X@Y{e~kugj>nCPHXgxsc{PY*M}L z!`D8lqW+TQY*Hvub;Ub$!{|`!is&*avrEgNiELTkzH!XDz&^Sh&nsbQhS1qJ3If+u z-?kz*n+#Ds!A#A&S2vj+_?xWx{#3O(7+rPsoqVddS%fRlwPBq{tL(1JMvr6Gd@MQW zI%iQXRhh8Xli~APn_h0Y-Un)G0WJD(+>d~JLQ4gY+ALNpZG`GCxaxW~zv&T0eh!Oc zG9w&zdsk@IiRX+_I+MB&$|cAGTP8T^98KJxOR->S@Rs+W+%h=SX$`AQDmZaSpGwKp zN?QW7B^^sLDi<|LPm1&P0~#l;L8spGI`*vtI2uRUsn6?-RC#7_^-C!_+EqadJl*97 zT?fpCiweWRqa+^o4uOU8hl>S4RH<&&Ng-)=7$x+8 z+nTVbI@B1a^I3X+s38eyNr)|1pjqNUvO&vaJ67#Tj(##ww?%$1kjCJHC@bNBo^;}Kb3q02 z-upk*-dY36j4|X+O4J;0I)&Py;(phC@KrCh*e7%18~bHBS40U`$m6LoYP|ZS(12|v z5*{@zRcI)y6m*!BLpAndor&@@)fU#JMNW&MTzU7%FY_hTN;dLP-%N&zSa%hCw^H5z zf%k!Atcf5G{y=;Yu-Ui(Uc^j^78up1vb95-h&>C6sFl4kQ?^fIotB4)E=x-xtA}pd zfRs#O7WLy7Tu{H>lLlU!D~8#EgJII`OGfrwo>GchzUE!tbZ90+w2{QMajnjNu89^-N}GsE#BH3vFVE_Rbm|Cxi9 z#Kp1^l;o=>msV;MvMf@#fJAP8w%e!-X04vjJ#tWq(mcMDjPolSY^1?$q$KQrZ7@A-hV!9f{Q)ET}ZSmbFrQW3>iKD)z03n{7)FziF`}X|IL%@FqqtE_q+T@IySC z_#*o<07p1Gg?YP!%dVJSUM!aH5;cUbq-r6ddsr<%;PBogOH0tb?mfSiUkGQ3y10Rf z0>0<=QzwP-qVBaEMHVPVPjQn@_b@{Mi0=#pjGV}n8qVSOgK$A2fo8feg+6I9@8?Q~ zP#_qs{v%6T1a@qLx>I(!!aEEdMnP*z-Of#F4z2n%{n);F2NdB*{GA%|TkYTyMM4mj zfC|Q{CvL__Ui|9Gu~w_70p)dn9V>yCN>^2mf%VY%=;K)OrTI)W~(TZJn^P9D9&(s9^0*oC z5mGL`T1hylllK-3mm40XY73EdelcpbiWG!2G$RyAKZj49%AUMci;`X?kJ8W$6)OoNf5_x_46bEZe+%?d;qwszjO1*X*6_ z!CF4+tkP^<712XfFI@#m)f~Snp^=eMSM2$WUMYk|T;jc6K>rJY#gg}OPC3nwMv}00 zq!zCrtWaZ5*O%Xi43yzxqkz>2*HV}sZU_}wjZ;G&h8(X& z5STFPPld9nt02X6!G^tIeh||7))cJ1V~~hG#FQ}h6(PRR>%uJ18MTodW-_FZC*I*m z+Iw>)KEuKL{n4u9HLoLM&o_h6!wZ?^mf+J5or&CrDQ5>6mu~yU1?8}Q%hRldbNwF0IpU1cM>vxGbxGA zN3`NCl+snF-oLa2;Jp1!&7;5mhJCI`x$;czuUx zTwhCvJtV?sQJI`2@AUfb+#N8n3S_ZEK6n*6u3*UR68bdhZku0`mT`c)G&x$sKW>10 z4ZG!6*X%1`=?N7q{dy>#)o2otWtWet$A$E77*bY0*wN#WzKvKQ*{teD?zHEd-(_u!nsRvTw2Zo%&Kk<)v8Jb&)Rkk6?%FFW>? z``KsNZ&F8t(!{%kPp`>N!@yb~DkE87nPEykDqRsPU!On4YO4mWYAx)s+(ntjU6lMg z+-45US%+7Ml(Mk3NfGk;$31N;uIO~8ZMZ)9a>%l@ORR(G7*i+fbsdAIO96GL>S!E} zTts!rBajw~NSR=N9}mHuhYyG`d#>^5#O{jRPm;)D>RW0cvf>sv=XG#vU@W9Nyho=% zu+MSvaB!aBWj`9qcZ3F}P`vy!KL4@m6>`NkewU|E?g**#qk?EUB zEvJU+#zI@TI-JQ^e&7iUp94H%1z;_PaPoZ#Kgk-08m-X53gZ#W5yFo3!xM~Y+eWYj^@h`j2!o{AVZ&Y!qC8&JNKu~T45yHxRNK{mP&xdx(_`lGN`M7hg1 zCX0HWJfJ=kbIa_^5Gk%YExk8u)DF;c8z33mGje3Rj(Br;tl0bZZMfzGZ)i)xWxwQW z@?Yg^2zH@0RHZq|>#EMahve>4JU0F$e^HXHIA_zj?^BR%0I_iH)-EW{pf4q%{TcSO z7lm^~_&gU}!A)pUgtv_(GzVIsUPK51=P14c)_*D{<|}hnnJLOkjLIMUQ948e+>Fg% z)Dx;AAjOX6>VR=E)Lbf#x~-GE<9%<~qlp@%6@=9#UT!*F_4johjhty?3xuzj*dh~pbUs@*X|QYN=`$6+)w|8Z zdo02!Ci?6|m@Rcg12OKad^8CmB1|+rL2*&*cSSDA#Mukj%uoXVSd!fkZzUPrPoJ*V z==}suQl@5Wg#?I0&N>uEKZueNq)M@m5bUJB1DPhbMf3gsJw;dV@pEsDwc3dE-4<;2 zVZN%b$u;#^(fe911d}#*i>A|LjdswMVi4+J8z%I)$YNtjmb9@{OLUv*qIK-=`3Qr> z22c>tq1i?g2lh)Uf9qGf$Ct#pEAbn$=mLx1&JVQL{U}ASQx{9E!%NrkGHtD|QCEfh zt*E^S-m$h)0E?&Wgm-w$;U}!i@$QlQU3+)8SP;;&^K(Ma|@nhcW z>D2F*tJgL14wk?z5L0FFCGX<=F{Ihroyi-a4afad=+#;f+Khg@Y5K{L2B=95&RFuE zAiT9zBHvBNt<=MfV~%gWVlfjAuH+GPFZ8^c*_v5?9fs5-Ijx#a$L&Lh9FoDF#%1fX zLIz{b0G8zVGZ4kB=x>ZTMJ_!OCYNteMC-wrM!abjvd#1vWK9Jrv#YXrS&$o!XFIfb z@ogyue_lnTn|Kv-F}A^n;4L`<>Sf&C47EwI1Ct`$Lxnv=qW$r5CW?9#U8-POWIt^M z60-V(8rgGc74&&txsHLkq+_Q-%8J}JLKQ9}NeIj;px<40?~)_g@opW{?^?O8<<6nfgOW?*UBW3_(iXEB3BBIGV7&b9??~6$2i$ol*8_~xKN1!FaY2V^^ln}kUpStF5qv+Ioz8}& zn!J8q?>FD5Man`=Ho8u27Ol=4(r_O!&0(`J8u=*xP4J|<5QzdxmO)`=+| zef%94%A6ldv5s*}l7UezupHWypXblVj!zM+I#(bmI+06=?*9g>nV8lcOrzCUrROya z=}w}&QxR*?d{sV6TtH`qnpxzKY>9bCy=N%j&%LmS@Hd~7mzf%aJ~u@O-r$}U7+j!u z)d)wa-najr>h=DDdQbb=4naT`-IY-kcqyM!z0uxojs%xXYKqTOhGn^4&_ZHLUNK*< z&&XDRnRs6w3s`qqFYoU^o{olr&+6rNad7eZIyl-V_V<|alO7euduxqaYRN1@YKzc<+;Kfg@k&#$ zX#0l__RrtXk3Xh~kvmGF2GDD9sA`&H9gUMja?Y)^y=1G|F1j12*n7NP)fdXp zX{i8%(`IfqG$*B)9USU~y?+Z@df3R~uWMP|lV7c9RI&t=%fZ3z=HcVw;_&tLzPlKX z>Ywa~<`tI0Reh8u*W^c^(Ds>U%PRL-25Jj&-p=Ra@^*Q;IKJPf2KS%coLeiruatJW ztX%;;to+F2kwda2==HuoXb0|5yEZqU|AJRkva(wN-Nm=Gvc={_S<9f;Ju+M8Q8r_< z3w>{}SjVeP!e z3_Oq;5l8nRST+ZzD6s~EHYa^FNc=e0UMFx(PEPYgM^_S6)JAZnijtZVS`Po@2(1x|-RlqHC49%%}2~ zYCeop5i>xCE#WADp;zATUSKY+1zFOGB=a-zR{a~qLnP4`RjZ9tt8%znSoxqef%5zY zT>{$hA-{s1SPN=)%+Xn!_HvYSWu47lM|Up2(X;}7qq!g~-kNU$otmTg%2yp_l{|~> zdfoU36>l(Rl<~*rX0V-jKq5FR^v6B=nRlm9MkTCa+82R&3C#?N918H5@o$f=Ah89@ zr~j>eJomD)G`6c)1T8nbi7XH$PHbHSyb_67-x+}+k~db&i35<;TaQK~Q2%o^us!lT zPr=lLy;U%Cv#5SrU}{(L%_?$JKET}q9`8LM{R|7m904FvSe~eTM=kI^2yr$^HV6_2 z$%8%zjH7^jrIHCkOc$-h#Xn;$<9%2UowpiE=c}M~!6)Rqp7@`?dI-A=s z#L5CV9?w*uK_aB$?nw ze`s-VR8^V7T>wQXF7@FNry?`Yhom|oBToU%S2=Mg@I2dr9 zyY4ZH%kYcNaxo@fk^NW%UfZyZEFVVJu<6b7ptE0?!qunDp>@(UGS?m;xh9TRJ6jx6 zyTW1}OEwy{Yb>Zu<6i6N8lKFRK9%`t=#53CH=#5NOKgT|$VF&Np1Qz3facTzxm0V? zGFaX*VjSY@!|67ppx~5_HJW8~XYF5>q=7~O$bn1>l!pT^|7sUnK!va6SAa1g zLOjZ^x~VdrLFGDcFr}dB$xafB<@gjOmWLEzhv0a;5L6@=VX_zY!K0f#Q*_s+A?iQXy_Xsj%B<@yx|R&ip!ah z0KvL*4KYTODuinqyFwP(=W$U7$OcFs%Sj?@2BIgS{1ekyWAE?*?KIJop;~@P8 z+aOAy0{)IEMnf*V?trecS~Y zbrvwSTOGZ9-P@$*E8yi~PV!&){|p*o@v?Ffk^lfSi2?o(F=jc%v#J%>!HkO&v+U%Rs5=y*HYZ*+Vx zVLXMI5uGgD1yvKa?K6*PM#vSdw3wzXDxfkLqI8{^B1+4G^=c#}Vhu|ul>mk%HEC5t zhWl$Q#A%kZ&9pTSm4-aFy?fL{-Qb(hxYcqX7L^0KQCxw;8I-BMMXgv2C5Uk7HxuGH z#w=0)F7lXctOMHhtP*XjE0zQw#*F!Ba-q*Z5e%`|Xvwy1RTi?&-*3hi$n|FS&$sgz zBLm1EHmB{Jw{~zCc_mIL8obrB-&38mhbaG@c*xObaviR&hX>2k-9)oA!JMmd6|meE zL2Tp|d>+~GMgcL=_^3j=pw0mUH|vL4%oc+O4zJ#ybsUZ9_y0i=G^(iNt;f+cYzZ8| zrPeWYVQ|^er)M>#S>%hHCVa4^8x_D!?zcntS71c{r*xo*=IO{0Hdrc4vw!!w?LLL#ZAYkZcGagvMHkN-MPu<0axg%?-(u`3R?6_tc z6?5LlL!7w#=YZv$TXUMnFm5!llh!(M!rSADC$oRWbvMDX&oc5*Fmva_$p!7jH$xPh zR!8rN;lI;*nekQ<$ERMt#sg4JTk`ZUF#r^_!`|m-)r*P@TIsI=B>ou9DAzEfsv&23 zxm(%VayV5ZyRX}U#P<>~5ru8IcD!1`X$?Mc_Y&6E+0`aVG%*LA41zWc9sCaU{hu(E%Xb-@3Neer*fjsK79-N|@bebaGM6v;=| zTZH~QQCXq*dOIxHh!Zp+J_O1Ru#dwR2S~_)iU14~ps>xasW*Xsa}gMbg!DplNAfA3 z$h5RmZdVrm?!Ii(MUs61Mbhjv$E~|HCy$R4|JTD+bmq^gR#A-_>G!*y=kLq)C-c`Q zyN)|u$Yx>kW#AXhjmv#+G8rTh8HTRWR;uhfkCuqe8x241a@ zN}8aX=*=lz1WiHR#9uxw>_#z9UdP2`nySEPn&S2Zi8vfHvT04!E3lMIL;YLD!bl#} zw*;xiCDZMaX4xf2t7oG|7E6Vc#EFz*`u&V7k~xT{Rg@DZRVh^Vd<_6g5tW)Ih2Ml? zLL(?$siu@LUyo|SP12P9zSI>ah2=~(C?*vNDM(5oQ9BV$TM1MUSjT#onwUQT$SeA+ z$EX8}dv}RQ9>hvH%tWFDcEXx~NO*bvTTVDfkc6EWZsjp=hk&KGhB>87bg0op=GKLW znsHGxuOtbwNULDB9QK=qWCG=pCSXmZVFDS!js}vX2{lww#+SG2iJ;Xw*c~x}(Fuir zrfC!-5X`u^g=7tjR-lH9r&Hxs{fC+AXOMr_eo5`AIl-f@Q<-ncJ!h#Ym_zRpRUO96cxg8FiVd(d6SKVw>j z1{(NtW4!Ict7O57-skcN63`zZB#E%zjrarG%{O=v%Fao#W}v~;++FFv67YSl7fSGD z)Q?G>J6N28#_*@aZ2vTRFl2@5qGOSp{Twm*L)yWZ>#*U!&yRf~^0g(n3}H%>BeGSe zm<5w$fA%pvSav4W#)g{2aavY;*R_G|J32j@e=K%KWeo<_j^#BC@fEQJEdK;{;?bbTmH&?Qe1=3x-FZ z1A&%jX*4YBxhTc)rlQt_ro}R?xvM@Q1nk)BP{fcz8>73Zs#Z!S0V=vN9THgnZ<3K? z6u_y-P8o>uhErA8vE6#DxLFwJsT(nL9hk--i(AF8K+z8M-b31 znyNlRoSJP3t_x43LfVA+^+NwT@F{&fM$kQhI<`Tn5X!x<25=pV9|rt@ZJyPEy-^KA zV){tanl_{5P!X+U#wnvgiFQ+HbRF{st#vqzNVgv@Wk7qXA}RU@VQKgBM}wfHcHjCas7$yw}FV`x8`@#9Yxb+dR>N4 z*GPP&=m4oTyg)mWiguRUPnoFsc%?w3;&68}hCST;G)c&qUhx~*&+WnS0Yc2GY+y1G z$1Mu!UE^ROez;*>gvD*nS|!gdvq-?HLFkxm6b$Fr-i~=dwQScsk~MBfOV?XG3w7_Y zS(xzmuY0>LXNcM9F(FjzR`b6S%CC(Ni}jU@Df1h$rq6<0lwWTX!kUgYt7SniAMi=J03)Eum+hC6nCodcW_G${4cSeLF-p<72j8{f zPmFP8E1va=??Qp2NV5&cBUMkshH3e2=u=0XKgZ`U7?)8;^zVTWMDI$to(MCmDqN9C z#82+!_#2$rg*Igj<9Tk*x_<5-UaWt-?gIMmA8LuJ?TgmK5YR~hT1=i1sMq{WF~pwT zm=EX$Z8D13V#luj#mt=JE)t-e(n!V5>OwM?%PJ4gjxH~V7uSV#p?%$s;-Xdo9vhB+ z_!rH+D5}uvWqVwpzG2|0EZ*$ovei=AZ?)m&F5SgB`izxK`ET%4n1Zn@eu}wgVf;Q0 zYn^A2sx2G}5es=nn>nE$_#7x%xBx8(ngy!wx~oeeTq7Nz8IB|dg;yL>vksq3+D z+Smn0Yn^vtcn+AA!eh=?y!2&3^myAlPc{6oV7!GH;q5Fugq35q95Rk*hsfp4wCN`- zDqjDEylfGrr~fk}va^XlexB`T8r;QC|!NIf|X|+2l-DcrFoMzR8wt@1guT zB0Orx9Lo1y0WOyI6F&p+CuUXK^Hi_$AR1SKO3G_+b7yEW{S-~HfNIh$aC{AwePjpI z+tWt#Z;HvE#tG1J7j%)S7l>tSt49R{6p{T#$-lMESlQX2%+gMHyl@09f&7!W>|nqj zjp$fPI=B(Xb4ZP-C^zc+NR@%*4`5yej7AwR3f8g-ZcY~9E{b5iIsl@>+7vq^g$xg8 zwn!lgdAb9~t;3Irx@2;4N$*VF(dPHUuTk$pZ7}FgUosXQ$AE(9`rH{5p%OM7Ia z2Ne@{jvQSOzQ5@r5UfTzZ*0D!cIyG}ru05l%B@}i@+ykw$0Z@45Z#p_zf0bf zoq*A2_-3VsIpuAcV{3z2PEMn^&OUg$?(n{MkyYYQF-k|?;$s-|wkT3rSy^#MS^#1=? z_y0j(EvGDTG+$j`k=lnkW|anqL?6jv2?NM=>G6DkNOG0Wg}~G$E0EwQlkd-WS@wJ> zlF=Ds>Pv7b=e$d|nzQfGQI!EaVTB2r?yGLT-ZP&s{jT5Bbxh`TMl|T$x&oS_;K>vU z7-DUxRP;g=i(%@zCk>j(iulINTy@pDD$U41S*iL&%GFV)P$jZO57nxt1Vj@ALM6mQ zjMfHY2ef5s2-CM*Q`AG6gamP^c{4$(@`D8DwDC}sag|(gMDi>?=8EWhXJCmGaU?_) z)~T5&8gvoR4OR<4@Nya^gdyt|1GN^Bu$g6ApRI|%V-wc8m^?ARLBNS+J^>CQQ;u*N zr_%KS!uRuLqhoNGF}R{F2iPq~@PFde?&`1D^)P1lMT`IR8>rl=SGhaH-72KoLA9$R z)z1@pZHdW%qXjFLLaVMc{sw|sR!TBjgvX#6aR?S@?)A#oW$5i4g z-ZS8()|Z`QHtkB@0DKd1RQ*z@xj5ptgfv3Q$5Bad4Yj=%ZySDWlyx9MX>rwrQbWw>GQJ_v1TdKcc59m`n+Ubb|v5! zo|=EaoG}KKY0s9X0%f$8ttbGhC+ad_prDKHAzA`Ug(u?DUlfxHnFExLjD52w1qWKJ z!M`j~(u;jr)uwmPlJFWB!Kti#!LvWl>%%uzsOk-}G~+>q7NH%^66grz3cD2zlv8sS z*jtTch2!pnwzJkF!|258YWCi99IBUo+8A&Omos;-eG-$7$hE(A(4`0wW_kdA-c&E1RzVj*b3zF&K#!ej|M0)m{LO$=wc-RhO|(Yj@J$Yff&%{ z?-h)-@k{!d0FR^KHwwZl3xJ{MCrguHrJVJ~asaTmpp~?Ld%(9vBzYKKSS&om2Z2Rz zLPZ2`AFXzaZM7A){npyV4W+(nJ(N$BxzOzBFI#M+8mIedJY(uD$Pw%u5p^^-^p9Lh z<$eru(~5<7mDTRb{rz=4DpDR0o-^&;_Y55FDgpHXvp7sOtHF zHm6Y-lTEP))+oY+z$QgTRzdO5&3IN+RIAU|XKSQg9VK-D+ClNW$7(ScW@PQ0jAO6f z^%lXq0`9baL4qDnI7Y|pOdSDF>g|MiM9(ypE{*W<11eOC*g->URmE41#l__V&ZkJm z{TB~4+DQk?IK$&X_4r}>2FizgTmT8}E^jLCt!Fo%UatyGzMsvH2RB@DTdJ$h1HJ+Y zl7I>CKrlumrx0@Y2B$yc9dRK8%J&ahqpcLFb>PiS`r;Wd<*-O7LfsG ztYVZsE6!DNvFnTO?N%Ww=go3Me|@XJIqb?@3eDI*Z;(w+9z#IK9G8+zHzqbYe{vmI{w&(Cc6pY7xy7*sKp?=?CC!~UtxLTf2HZ^f4$%(OigQm^ECUhPRUv$T@^9^DG@{S(jG&=`(4lyaC1Z zTBCg7zHjMG-=@Jbu0*AY5J|STN%`p~M{~+x>ut9#n{R#hZ3Fln0{pGqTvD2`&3c+W zzw4b*lPP0+fFJoUhv!+~oPYE`q%B4NpO6;ye@EK?)I0t+#{NIr&WGfwwLKDgTz1(| zZ}*9%VdhYl=^}q-RUo94BmZ9?Ie*|q={$_$&F<~Z#b+BOw7b}UGTzjg5NT2npTw(bmVzl>=z0IS@>x%7Yp{TB$|VZ{$&M>ES(1l0!uCev`}nJ;q}xTh$n z;y*xApe4nH%1}k_jttK7&cS_-A?k$;8zB(&r10zx_P-F^y6Vm&E@6c?tn6M?`&gFc zJNjb6G?Q)DlTdqsa1*Ma`zR;U8r(~*TvWNYuw$C>hrG4g;nh**E=Yyk8$IOhJQG58 zhDWXVgDAc(K|xY(aAyBB*k!%WGri4wiMRsdz~C{!?D|QDCgN1(RF#3u37YnHS4Bb4 z^t>U`Fh!Ot9RTgvYJkkh1W!BZmirzqI-OOh7m_JnNZQl#GFm=5&O?fAiL{Cq(()HD6`aFMv@Ka3dL4)=W@I8Q`kGGZ=9-X zH(=;bAE9sm2|a}i{>{M_IQsj2T)x=SE~>hX9W!NIHz zGlQ11s>AeZYIlY5@Oq#BEa|RmdI~3yZe3^Bq&P98UD9^<53P-?x#Ak@^l8^tJDiN? z)z;O~5R%%1mpe}QDu5a#=vHn}x-+5SHClkIdsb3GGV4%{s`scM+N(N4JG^@KkPqUl;?bT{RYt{x2%f{mYet(G zq6qCTZkTwm8zO(hUlA(T$-ByI+Valp;X#yoedL!;JyvL%jjQ$$)vDaXciYFPni2fDS7~ZMTePem1*IktEU**>$s0ct6IU zUVbn(E>EaA#pX^}S<%hg*P!p(>fWnd!bLghM(=+S|y9))ACSejDHN~nWN=U96&cfbeH zZu0ob`MavK+ey9i%xnk3UzE$E-#_2)HLDkt$D3gJud28TJhMr0JU?;E*v_ZJ8BJ^S z^LfsDj=S{_zpDscCE(mzjvwUU7M(%dlbErTju)qt4qw3O%B-ZRqW!l*-JzH{75I&{ z|GDCN3p}>M{M$;rApfUx@Slp|e-$R!SlF1*8vb`t>wlaH&Hwkd64q-tsr|fPd@emg z%q=93?8X|wd&;!ZTWCqU$e*kpNgD) zKa8CBK9lklL0h^n69?X}E5G(9vR;_5y#RKV=_ItQ>X0}yGyG8ZPaA-QCT%HGM&Qc5 z3RXc!BmJ2PTHb!;b5V;{c}=U3ryw1xsK|c5S~?tJx@#@sj0W-Wt1R8g=UP`b@_DHguUw%3XZ^PV7o zzNwDn2o%7UfY%{&F7u6%x==@**NjxVXszV?oTpBvJ#iDALeMN9cnIl zN7wEz-d#Q39hS`(39LkJGQbn&?Swu8)D&?{5snF}8=vFP(_{zWA0ZqA;|Cgpox$`s zw8=E$ob<0EB%(CfCm2K)Lqt-@INmM%lV8(7ClWzD0tUY}Wpq##62V2>5!<^d;B4k;BAfB8gMZ3SyEz}w<^)3`l|nH3XG*tq{Pp`Ykfqn zkUtj)ypD^)Vr6@i5WI{W-XY+A!+{CFuF48q3lR^!0XfJR2F`$^8_0fc3PrPsZHsKY z%~ExQ{*xs-1KuR%bhmTuTC`m|6Cpct|IKqVlh%F68S>+Hvy)}n)tn?X>%}f`CaFc9 z%RX>duo!D{qm0AlFx^1*9V+^d!8r&BMrl*~)@ z0wygxALYk@n#}9>gCEK|gAYK)RMeAI`jrst3QA_}YeCX|fepCz7tngY@R>tQqPM8! zwyLW9aJ1SJBZtB3`$_NoSHF^_434X z058cY$*Ei;i=(>o4vK3&HuW&O{!Viud%~_VSk75@Cu5p zwWg*^#YX|l>~R>BSXNz%>QUuz7`zg5^nAW)j?$rvL0HaDdG={kKOL@`s50X5RwYw# z%M)NsS8*jDqv7PJPaq{tR&&jtR6UCx??*oFHtWDq*MMkE(c9ZJOMh2e4s>~x^U{V2XD|bWYkxHXrV$5 z1@+t@tv-ZGkFySz#H=@nr~(s-3WZAn>Ok`nQ~)I{F6PR*+-=rNY^bH@GvuGBl8eZ% zd4*^o!KIxAeB#1EI08=&`5`~<=tSz5VyHVw?iLcdCAN@gM3XR9{pM+^pLncBJ1Xuq zHQ3P|C%(2^&YQIBdA+B7eRt6dQD9{WqpX^P6XKYAx%Q}_a!Re$(`kW6;gvcv)S`(wB*U3_fVvx{1WlIa^npE~)M zVI7YQCgAIT^HAAvgUIGHu+kPmK#m1lp@Y&A`nH%YqN*H|WHZ%KV-$jj*PQHKr%}Kz zCL0P*BG!K6lb=0S`%V80hg3o6YI z+4a`uC+Y5LIOiX=YQPurj6DU>R)8pm8Mg$Q;z@&>eWXg5ZiXJ7^qe?-RHC!;u93Xt zuON~D)r%Ci*`75Z;AI1gLb4iikULbTc8S6pW9g1#&ok{8Kr2yZ9WyUNrb<(hQmoau z@nrlpcU68u)|E86Goz{IQm(F4DZgKIpVxPrc%tlbn&BV-(jxEAMS^vBn=~%H&7UQu6L;AxjrNnXR0xv+kPtq= zPz5_uP?12wMUzas>{_Y!Rg!iHtQku)WWRF>I#2l2#D!y+&YA(?mB@HC9aAOgWP!cG zsgq*a%vnYWG?i#HA>P1INv{f(DKKxy64Q`l2lMx>`BlIDOa6K~bgmeSSZRoTZrrA? zmIp9(K7~icqulm{4=y0~y1$5D^0ok==tQC4Ym-4E-E`-yPHDZ#$dpp~P&3iAh-m6) z1lK_D*uKz;O3xJhc|a>&y?Jc?#G=160gPnf@@$SpVxpCk2$9YFPK%;AVM;AbaF8PZ zY+;?UuH@~YvO~XHVsegi%W}%CNy{1Jvsl-U)aZl`D~=?8O&lu@78N^K*(l=pu+h+b zLU+w@o^o36%JTNt7kFmfzAJQb&KoX#IgN!IQyAt9l?@ZIl%pVHfH3l13(EaHC(Epv zFp~B7@hS42tC1Vpv@H>@NPguK9ZB4;*{F5?Yo^nhmv1i8OGidoR(Hz^64)2%oo7EZ z*ZH9mgJo+&cbV(MR<>|WucxgGGLImzKMi4HTunBf$Subf%-~C=h1A2RztD$=GKOxF z6`05bMpY=k$T7c9Uv^77sK=>J4AQ|W5xZeQrKPiROx6**MyUmN>OW$R*kgjpsYrqsn_}< zI@NJr6f6(BYr-kMXHCe!BoagZl4`{&(uRxXT__4mI=l+i!4Z2yfC+8ZuvT3Y`^tNuNsj{P<8-R$jJ zmqN7J>u?|t8;gsaF24`|1=hg59&zKs98)Da6)EC6mo$Na|pncmEMKXDPB z;>^c0jPNF*fXnE{kP<}-EL1Z55d((iKRv#_3kUo#e>mFS4IBJ-*HSEEHmy+10z!jZ z%M(*pbiQxr0A!SJTzUjyxeaS#HVi&2F5xv*)FZ)mM(Ep(2g~LV@KX^kswkhypm4K7 zUBokBu+_F5fsg|)Iy);%M7CO#8g|Gee$;{6mFozGtX~73Dam4G8(`JqbAMwgMNw#k8PtM0`k;%_HTF%Hmo!}m{JjhP2`CE ziQWiq6l0&PE^4znlyBk4{BD+Hssmbm_0A-jd4{mSdA{SAJ`VsYA*^aDe$K8i`=CIP z0lBX`k1LO-0lfkE9iv5KpqfEfgUzt{jK=6m6>e{p>AU=kfWvJ-Ur9 z;|$;d&yw`7X>;~h60q;QPsn>mRM#ME8#Q(&K1X8QP8}_s49R(9lA9C-QkcV#9Mrub z)+;nTT)`%QYl?uRKQCBoz}kc04h?Kwj5T}>)qwm%k|Kt_(*AFI+DujuYF>|aZ3S8 z^xsMV8O8fO8Co#ETlA?3Q+_d%D$oFW=Ep#pR-7a-Ny-xhQSfs`_tAk& z;$GodTP4y_YtB$D3QJ7{QbmjZ0lI}9C;a0^WJ}mYu2r4rMFWvR3{tGsyC{%?X6ax` zQ#!*Z3^eCz3k7$)TpS0`?qCFiVky;}jd$Dxx~ZcsQUu=NQ3`dcbVX_?V(iv5V@UX6 z!M$RkurZqu$CUzypxHa7pwM$rq&6mL(L&iSVs=AGcw!zhi-&={#YxOtcMOj0yD(cx zjArwpE{)t$M@rE^&H*AtfJ?Ay5>8u~-!7rpQ7J?(@EnlR3#>M)1eVCv3VtIvlCZ%s zngoCtf;IupeGEV^R3?tqq|=XB!DmU>s36 z^S2g%anJk#Dpi9bkDrAh@@FK)i~urA#zJMypwp^;!Eu^q50t}Jh{mduBZg6J{wQ)k zzXa9SPs_9lI^_Eqr@IB+S_5N9e;nAIb`vX0T+H}(qT8?naM@byHZCV7D>)3A*tWAQ zq?JnfYJ49Gm-Z=so3OnYUKgDt0Z-W-EU&38`hLK6*(&Wj=n?}0%sV0D)?%him6nCb5O@LNJ z*Wl|_^620z%*hvVf+)Y~I82K@z-Kk_>J0%6ZbHEZIc$Rzr_f6{c53w(uf# z&`B3_k8zZ)R2$g4i^C~*HIJ<>Q;YfVOhyg1ylr z=}ZC@#yI*akUxSH8h@+$&ixwy?7uVP@NTK@QyAmarAU11y$kP9dI@KsXqI3l&l^Ij zjV9WI@PYtusV&z%8?0-Vi=se8@ib687%YizIbx5L8&(6H6{f<*%9Uff@*H&N9W}N8`KRCetxn5x>EC9GezPw)#i1fqb8x@b*GTl`UQxr}X1!*83STRL zbBgTvN}OJ8A(?x-;LXpCLA0HTH1dxR#THjc@Cl{-VZc>PD2#Ay5+pw1OV`^$Bsv$b zE*plKHQ3%Ppdp;cgR`wKpcl0kK!vO3kzm(1D1IBm>P$Q_88{)c8AsI{%nC#g5`3s( zi^l|p=Zvr=O0b7LC$0I$M8EUPX|%Dt4yS9ne@VIn%UlYRnC}I?oF^iJ$fY`qzl$yte}EbZXAH zttIDkM9ZhH=X&YwAR!*&%=k-i3V|iSF#^SS_$>Cx0J#xf3fEn>E@*a-qS`f!j_&$PS3@K{gvQ&sC)e6!dQ0C`1!m`n5Hql5pC*5yK8UsgY1C822FUuGml(Mat1J_dh#!u3=YSiyc{wQh4cBl)s4{HVuO$)+{v(viw!Wh zmm;!xHXxj{wT#(J!v|3GEXsVxibw04aKS6fjO+M&app33=@%O0YzjD$GN@IC|_KDOpN1)dr_jEeZ4*8wuGNBv(?q&R^7#y70lRF?;eXsxVCAJw%6y+_bJ=@uESy0|c@p!J@JK zY~9yAM#qR&`w3bg=D9Yp4RdvT%%UwH2p=|MCNNif0h0X?Mc5Mp(!#X66egv95y$mv zXZ8}mLl{h}^VG_?vyj95`5eYxySuIANsyrAk&zxC4I0HJ-BVWFg!2DZds>bO^40B zZ!+T=7H}d_mXGT$2U`zsP3~}oj+UqtM^70Hq3bqWzvP?&qIhb69|+N#ur%~sz=6ll zd3MTO&AFUz@*^dHl3_M;NsvT}&{jHY4czE4-Scy;8|8D|t=gS&HEO_4=wFdnd<_tG zB1gJbqw*`aHBNk7&(#VQp1~h1r_VqS&dx^h)Opq&8lEB0IS*pCa0T={arU`r1-7wM zo-x(ei)(_>aff`~xySi8AVPCl=|$M(HkvJdN#5}a6V&JrACS1StQ$J7HjroVM= z3#tMzG|%W`r~-xZDniER5{@lBVB-bqvxHahl&DWJI5JR>4*o_^4^b*m%ZNuQFC5@o z5oxQ_)@&I+NGwVrt11?aWLaEU_j5<1ETLwFj0$OI1$b5oj6=_a^??C<#5ff zT{4|rS>`SnsQ-$jN;@ZHOnp#H<%c& zdxET0x}K=D&I@4Fd1{oSTqGkQ2D=01b^^SVNE}r`NY0Pz?i8-k<4ASy89isPRu5U#f6b!(m>siEG zz>#Gs9xirND9Z$hu}gZZAHO3ymuH9kZC#gYsF||I>G7lutFR(%DZPq37m?ZqaadRL zWH@Qjjr8qWo$>|T#IXU57eIq9We-2$?7L~ALgCpB1HmpIBEV;p%E&nLOtU#=g&^n5 ziu80lgS5?K;}lQ7*}}e{BTAxL)xcV29}JuJOQdjyhv`nr0|0_dBJMcYrz&u0!Q&Oi#ZWlUsm@ka zBKpy*bC4)y738u`ZnlN)#dKj!*t8sH6Wyd8q%S~qx%IJAFPPy*;%OJhI&47&rNhMJ zJ=NKh^15lRF54Br1boC9=1VonHnVRZRPvjRGh^MpacAc9(oxZzPP~|%=H#t2u`yWU zW8#Fe`4U6NU4Jl$c2$vSqk1@xXP|~uOF8)q6qanFIR2qybKs*;Ty<{erDMJSM49!w zdz2VKXdtAzF#TY?lpZD=yBmP+CXzCffxn1y-?-KWQ&-K1Zi&5=c z`grK&-&2c0R*Ky8$J1a!|4*mZPw?h{uPNF)>)9C@|5Hsg`j?A@@4TmK;w53y6?8i- zAiziqC@l_6?JY8m>eGoRQnMqG@9(~j_Yo-Wa-qIn_rxo257w^F-L|M$FvE`A(-W$Y z&=yyY&KG9D@d!KF?Q(wBqd!6D9EnRj49g&GHco5E8=zXIT88XrUer{E4AyaA87*E8 zkYz1E0j_{$!4xi3nHo7<+SRrHE0)JP0ZV0KFqSHKZ=q5UJ>3w865kE8}*(twpAz3I*CDG@L#Acnn}Qkd@%n(CBd`-9gprm;3(u zZ>GAE*~YPzY}QYbB1yLeAybwb1nF+*VXDVK`5CaOc!bWL1Itk#tTP$3M&d;-Ph7?n zcQ#o(>&VkhGQ7H8nBO}7)gun&)Ly2ZgJ-I)xIxSWqpOH{bPMn!$ynA?ej+ZhvX-DM#5r;lPBpf^5+bBCJrp07nrrYbA&9ckQj`~Z91sQ2yEq;|A85X{(%|pa)g^23n(FnHRZt?>}dB^ zR>7}=HtC@|d>j}ap8ScDji}`U9d#&;QAAUEI zB8;akeMp|WAo=g3<7-D=^6C7%Lv0wYfd=pFr`;`lW!@o>H&Ys|j{FOa1~<&V{H|l^ zfAPCKG}H1w{4OiH;+>F%5ReJudVPdqQO(O-rO2owK}7i6Z{09U@&HTLk(@g`&EB5p zTT-VAo#^F%_}yYrhr|Ekce!Q;{^fTKe)wHf8{9q41X71*9v4dun`8sWMMD=3OznW~ zu4#h+jT&B$WRD%^i%d{sI^YVWZg&Vd#krHi#(!W2^T6*J4F*u zLu%x4*>&hHK4qxMALJ&&m< zvpmI!d+6)cNeojGlZ_h4CyZc2BJ#MIoqRP7+B!EaX|ofOJqEng%hr2R){XOt6o73ZVT=#R)UV!B=MZ6@4PRv}< z5-^aOzkb=ZR?tZ|~O4x&RxL&Y=%+(~3D1 z%qU=FO_y8sHakn1qms0W7%)Esux=cH@yqCi$P*e;nw(QQ*po0B0tqaPC?zDs=u##Q zobkWYEgapv&_3}$DRBt`Hbu9A!3W%<>F!cEZh&=Uc=50;eSl#VZ#InP}Q zM9|m5_HjdxDPZ#rvX2kr|Gqmfn_!A4{>RoA6gk_3VtA!iUxGnzNhP!0YUTB}q@Q!A zm-P#XLa(K@%Qg8b7eZK-X%~;oZ`pCsB-AL#X|G$?UyZU9fAGfrE|8*A#<_2)PO5W zf7L{d$c^?n8g2BX4O$2D!u2f%HUYCY!>hjaEz;!>`%x>+Ci_mn;qE7NUhoJ{GqD;Jw6wxq4}hd|_)U5X%f&=gGWVKok#g9t@x;O;f)OIliDcingR zig8mkou$5QS#^s9D~*3>i->)_HGt9ROvPuJXwGISS&W9I*J7jiytMOWXkKK~ANdfP zEWQPSL1S4&M>&Puke`~UrydLqhwlz?shkgQ=Fzz9Qaom0KN99M!@s;<@J8Rz?vVYG zc!&zrrj4p(TLRUPV99pE2_ig1b~A6HMvhB10)Ig#9sNO{U^)#u*a?$qsFox{LFC;v z_Vz9B7V0P%le}azS?faD{~bca^W5g*Rpiu;J&~Ax#ngva^{E1v@1aY`27@4p;Z?kag^HuJm~M^mkX zwy}vHuZ&SeZ~T6u&{a{>veQw3!uW!;L#o527>!%F{gaOSo3fQEz$echvq5}#SGj0X z^v3XeA)(j+=#{jVLh*A&>18J*6#;JoFXD552 z*~NpWNttE@vZk-nN{zl{>I4d&EX>A6&v|`4+YPlcavu|%y}u!lV zx>}Et-ElrZ1oJa_NPVR%-Vs4~SyIjPEklEm&E?x&)0ZxMgU}KjX_WU6!wrlHgIAW> z6i$CyjwfO=g4)d@N5>JPx|% zFXkzwpGsz$pdA*?Br|y~Zh(+w+6OZ-$PO6qlcTZfCqG~vUsU#^a)@IFl`^D>qUOt} z`LI0dqL1$EyJOcfGpbIiQinl66Gh0UXpSWf&J`yJC)}d5R%3}q5@`ymhhZdwB@hsi z>~lYKsuZfMCA{c{;=|_U0f6ya>9BASN)e+C4I@xeDp~lYk~RE(@7hqim{*u@o$>_| z=O0eZTn9}WjdvlfzEw0MyL1UB3mjH{ucEkj+i{0pUr#_oZI_x2$OS3`vQ(ei!9Uug zfKU)-;9Uo*vPl5u&e0=avM2^ax}QiSys6d^hYBzg$Rlo~m6m4&5tBejuk`&rVSGrA zB4{efK9Rf4VcvmKggUU$oGLu24y&0ZtSQ(UUYpswf$u~5MYaBCve2j^8B%EqhujCH z_8U~$fj(;1-MhuCdC_73=B!JrazXzNV7}ZAy6lo8V9+UPkvl)PGrA|nbZ#=0;Fz(~ zuM8y%%0pomDeIt8e{y(iP0=rpXs#tS7pHJ3NU8!PJncy&-uap{*f*a(^ho&6>liw! zcr06@^`P##~-F$hPWBB^y2}en5 zc?VlyH-D&iwM3b-^f^zfHoBeOABn{CH8+F1hof1oIjKEC3L-Z@L#u1@JZii(Mj`E_ zYp7l>371l3)Em5~ym!~fcBr~;H~SaQLG#T!5LlO%gWF#iojzsGt(;+vhg{m-O%~}C zP^6zs_x+r3-1gl!!$^%VowBE^!f?7;xC7vhcVoo%4`(o>EZF0@%NS3mRlUltpDX9Y z!pVPY=7Do#aOW)0^|VFt3Qr5g1*W?=o5qG%;V%Mj|C*jqVK&R#J1dpeH5!ZH=uy*m zBF;q{= zQ@qn`;ceeq%Gd18VtCzr)rxxG6V}z)_$*4V`u|}<-G-4E2k&Ay2y%-f(L_lSbwBL; zunr(*i}i$QxB3A7XS-FDG&H675nanasr>(QjsL$z_W$Q4qfx0>VV(ZxHjJYA#|J~7 z%;vNJ1QS2i4N4q5U7={+-@+Q(m!>t&FSGkv!bwcyuQktL?6&()r=YRoV`=psCd$b| zbXVZ+YrrriW326EW`+-*-;%(Yli<+3tm=lDj`zPvAl8bb(ltkxlEO@0TqzH?s zE%DM!VXRThk-+KB$&%f#+H!wq<+>jbFl676uCpI5N~?|q!c@1=wj6e)Kn zg@Fs%8k-;8)rKLe?*!ti|7HGzHt7BK^3nx0I3D7t*@h!qJJ6Ord$yY*!URs}1AD3} z3ZPV42_ju$6~r)pom9U`J1Y{f9qUrpA&}zFO+s9#$Dmz+*4!R+J0?n5oH>_-G#Jxb zP#jh>e_Bel{;PW@?q;ay5^;Y3bi1~jd#KC>2_fbtb#5>!^WDW?=E+w3@KNs|u$SH1( zZx~UXnG-$9(=rRH#^FqYPS1AX8BV^{SV)yPWaTvrmo;h+%>`&DA%E|(rZ86mBo&J- zfv5*@T`)nM+*bbjgw+uyvp}p}8Rl2%D?YX{-qvei*4wteYdq}_PbO27lpDYF#{wI? zsZYG>wKUWStKd$|leFEDr%#X!hx_{PDV?{_&Rnuh)^i;ibmU zSluQ>uV3DSxR1GXZR{MUQp1Yv!AU0pNShM!WS2xj{HVpqy+FFe-|w_N;bLhEgGuoj zQ=?KMs1O&2>(*${a@`+o>mWCQcDwaAMUPGHi$Iue7N@~*Y?ZC<+pn#l-CKUQ<}lw%Xi%d+CdNl!@(|5CU?bb{27Sz8($EN4#dx1iK#%D<@)t{}mt4PZnk2;vDM0iaoGdzjhOLqvcM z9frxBhl=QGiEd7jf373@S5p`bm=ryr^^jEoW@D6f00(j zgE8Hc!hW;rfNg)Vwp0PTbba;;W3z%Q9o)q7cRvlTh^b~64`06ek&tfab5{$tdDrSH z&ju|bm#0ppU_xz;+42GqHqefH(9+%Ul1v5;tp@0-Y4tu^$R@M(a1;6Y@^B8J)~QR&JK5fZ4gA3fI*(}1Og&9 z-U`!lEdu0#vNVnEqI3y%oU{Px=qTd;wm?KDK4fUuH0L-lvZ@r2e&XvnjZ1UG@qIkod+;` zh8q8saW$#Q^euOt6j+gR<)n>1KHh+LsBFbpAh|H_9T|7$Cx^&dhMHh#iv6Z0U4KC) ztbjY^rEqr~;4#84t+a)DI}N#ZFyFO;?3uQdoO3tVp_7obwWtz%H^zM^NoBGaCl5}{ zg(LQ)kH5W;n{pw?q57zr`7DmYz9A#;_4q{Q`AVOi=EA$J=QqiVV^tldxptpkvPN3j zbx+=mtPBv3Iebc)=#ewU1IXulnUGZ2a%bcQ=PcVeDY<&J6~E@t@`sW|621G*QYh(f zsI>jCRVj2fR(>MNL*5goE2NP6LS zbYc#X&6)d7pHUB_pH2Y9!WM2}O%awNQJLIUri|=^0=Obo!_u5!lgd+PxQ6>$Xh~gs zteHLiB2jThv3j6J!) zu_hoi`8D*r1P3VM7Db2UEvY}3WnJJx>HdDmAZOtvUe!0H~(I=k3< zW$ANgZsV{UhD%5LSv}@6(108`QP4^8s$2)13M8Isira#KC98K>6k6}&aYJJY^Ep}~ zcGB~+zw57y{&pUDDY(AhSe`yS2rnmm%5E9)kRi^8Z&G_7LRWkQt}I)ymW#kojpl1^ z4KGd?+^gC-hCekOnxjU5CIkcugL}Q^|A9HSZcg`ptzXvcS{8Fywk&7yBCA;HKI~xm z0{ce*9sKFc?E0B;tV8#IDS+%O|1oVg)i!_FUqtWYKefZW#Hq8v@$KoSEy|n?LcM|V3RJ^J0x&Cnk&^KP-dM2TULTejOx zRa!aR2o(FzIL?UMtliGuZr2|#(Z)#FHf{Q?u@_!ddgRQKCHI`J!2hTqmfPv>-Jxgv zHF9aRGQi%+96;bCvD^VELDiAM7@>UZjeT)o2-)6H|MV*e!U8n}@kx<#P@N=Sl>FZc z!iPlCno&$ecD)Jm$PGRq%C*!AMM)T|K3R${V#V+TJY_}r1sFv05q&(|O2n^zc9mPq*h97^ zz|d)R9)MIu$AruD`N#nv6s*MaSh`S0N^_@RS0uY>MX+iTw<8K^d3QqnA_r3{8I8uI zby5`(TP69+*I4NoW`xF0?Ph|bfT#z)I$Tql4n&3#eCQ~odfP7-56D>v8A;fk*eJ1A44AP1BRiF%3#O*EiSkCxR3tAQIZN~{zLuU%4=yWah z*4PsCzYcWrxMm^Fxy>o~-x0@9EPqcaw%t3}8;eDv`(_-3QG~e)CG3#mVE#hu2vv_4 zYtqg5OTget-<-e`2a&~S07|LT5+NQRI4;1`qt%zg6xSQ~_v4TlL(gUD4X>0fMxhNr z1}WY#s1cw^&3NHJqOy9A3ooyB8`jFd3JpA;00beTf3})``r7wg_+|6w8u8Q<;}-v7 zg)BmU~#QV;Ld6%Lg4YxH-k0gi^tOQ{nIJJXS`Q;1MUMC%y8vW)~)wO z5ZH>8fiW}}55^CDa4>(U*Ve=V8kp~5Yq!`L>B0X+5!lM#-XR2x~J$^l8MySFSHQuD(|vWEA&?OI1@K{=mJ?&YFJ87^PKLtzI`JRcYi(U#$2CqLEn(=pN*uP?!4o4t z{*b;zrqA4iZGrO%kbxjj!VtkArUgm~c1Nr1DR9>Tk;Ymlx$`3j0}j>M^q5LuBr-g* zt0M>Il87S=9QbpVc?LvBvKUJcsD?<9G$2fsT3GzFW*#M=Xo8(g7$k!n_Xt}Yfj>@a zkwRxXZ%pwYfQiL{o?M8wlW0-Wq!iK_WxgWdX6$zjeuof|GHD3-28x9O;S_j4=|}Yg z6~Ez|L|tHx1En;oeVx&9n212I?Z&}@RO@S;hQOv4~@+VSH~leUO6 zckH}`O&f793qG-IB!;|fv9C;CzI3Xs)L3yy{F(9*^L&|TmVUI_<+hvzjb;;Ge%`p2 zsa~m4xyVODG50ejiS!1@@mpjl3MPWU{qbgcPid^hHFGOZ|^SW_~(s5lS z2}66V3(hOI3ka!3AXW(7L1#GKNFEP|EwB5S9Yns~@R0^$(WzC9VyWq>=OWEfYk&M4 zpXCxzIx+CWU`#-WA#O&mD}|8YZ^D9YEah?7rhVEI=$iAcM>cuq;VzI{``ifI0VB53g^0)#jPVkEjQg})!T({GCQ9kfC}QZ`Kb zje*pzEdssMj<)7Io~e3G=Yk+>^YcQR0>$oDbK{2PKDPkX6u1X_aPbp0iE<(l z#*r)((z|njUqSoqOj%I0e$|V!k@_M``PMuNY#3?R^uEF}+n3dHmODA-@*ciE zZhTp0W5X$eVtis<_SMV~*Nb@9%orYzFzhYmQjJ^gSBRuiT1<+`LBdoG-HLNjw0wPm zg|B^AVwQE$;N6k=G{3BoVIgtXgVYM04N_F2CAB(>+`$H!Uzx#`H6{IR6)`TFz9 zXpQxaT{7pv+VQCZKKDi0`;Vw3+Wn(}xb0+33ROef{xohNAt5!&mZ0jez0*CpGfJHT~~ZB$t1B2mB*P1{KF;`sv|2 zj;W}ULifml?zw^mM;+7cfF`coSZ66%jj7t zo7HTSV3Kg+US&_$RQE$1$Tm;sYA+_WhU64A6F{e z@wM_afX%hGnmvPy{>01DrRSG5onk5t(7a{uV!PETv=Pli&TwH?x zy+sDT;Pa>->V|!woHvn1pNM(Fy%w+q zmALPHe`P?y?~5rt8WyY$l7bfAJzVbS>nV4xFQYp>!u%xi)dqYQB4hZ%0*S9xie!HW zjJJbuLyC9vyCuKt1HNu$*03lm#lG;r{n`Gat1JIovC9})P)2V24f2mny< zR*+PT?~vAhgW}8!f|aD6^v| zAw!{`?4{x7JI{06z0r8-{G@*3K#0l6xcxNGv;W&yaJyxt(}BP3lbur+d-~_i-NAdi z4MG^KWn+v~OWXC3$VRl9X^lO~H|jamPo zHha@od40Y8)`N^pOe0!j)A=~Y>gsqr(%`VUx%L7=iB1-|t3q4eW*iP~nX}Ltg$-&t z1X&}E>wG_KGuwE&w@xM_LgM|H+Q-Hig+#R$mhwhQ4wyNag~;Yzzmx*FbRsg8wF+`g zFmepc`VoBvb9PPQXD*9;wV8y871nXS22Mi1i1)UY8hN6O=Q&|-Q&gE#U{$ewmY?5Xl&bu@NE31`xb+=9}KzU{Q(H;}y2;W7L-GbhLV`Z7`Y$9lm z^b!SZuoP&KbjwNa0TZ`ur|A2$!>l{b$2{!@f{5-=^c&-2Bb90yTGp9=^eN(ZkNYOW zoory>X>vqGigiSg^XBWFevM>FK}^lDk$8PPE0N;Rd-EuViYWF<$O|fFI;AE7pR|6N zGF$|s7CHe;fsk-b_HoJyC2a9^E3hfG&_K|{ONmH1tn&Oup$u<3901H8fS}Y)!8{FH zc3Ac~>iPv+B-ACfnG_b;L~5Z&UZ;ckGS$j-K%2Fn!Uu2{{Z-SeKnC$7zFh5N5h1I< z0Pa_QWC8*5PS>Q-DT3L~2${mKhNBtHIo~}AB%CFJ@RwzdM1dLl*}H1ey-vtgYSG7h zq8N!0ds}en3>fEW${vC05L>SEc!z+%pvoA+il1O-Q8$-4mtH#ZEtz|orG>}=-zwvz zZy5pETYLk!OXPQ!KnAsUW#OsEC@d5Ma)|Q?&PU}rf-PVFLNx6O-2K6r2-fuQFOxfi z_X{m{&?kJ$ zN#P~OA92dq*kDcZ`A21>+WN$6DIym{Ua2*usRk}uR<6e;yD2eZz`#cOxmpaKrNp^GD^QE<~3eN&$W|jH5&Z zZNsb>Rx>yVyStg_u;eND=m;X7i`bU8f$hf~*%0&J3RS&wluwvl-mY}WF#H(V|o4>+2yGDx8K90j3 zJs3b_aACXe_B@(C2RPg*gCKjmTZmUh$!uy`Tc8guD0bW=uh*1w_%tyNj?Si4mdVjZ ziK*yCF|6*Cl$8bsjzo^$M|7jDpNC^?N$) z9N8Cb4drEYA-^09t4k_fjAC_xd$w&6vc&0?N@WM>&+4i3UqkZou zlZYLkAFeiMx)Fm_>xYpt4QP{tTI&AB)~JmcilepR=ExaKDbu8RUOa%mkZKCP;6E!PLPso&efOT!4%1^CE_aj{ zW71jZ`yaJ^1$>l8xBlW<+?^2I-6aZv z1PfMtNj702*$tZwBxottq6J#KNU=h3cXumNtSt_u1qwxq%YDx7CfW18^U9{*egD6` zm-~JHJkOjnXU?2Cb7scNzNAw0+*xx+dlx&quJAUWbJ=G4#eI0(`QM8xHZ8utytZ*v z@m$l(UOjv5;OtJZ<6e-?e@8)0dx~P7AnOJ)MzD zg)+Q8XL>q6Z}jFa=jx4!UV5kU?28wEyu7?XztkhH?*GtlUE9q)Yt?_-C#-|1^u?|f zfB2@#rMf#KS2qrMRqg8YiKVZ`MI0af*Qq0m8Z7)LzS@?06{d}=5Y#UFpTlck`{CtF z-xgnN+0e&$5HJ z%{x6KVdTxC1y3BUGNpIVfeVK;En9Kg{T_81%_z2F#fZ@}7PsEL`}W%Vf%A$C$W*lT z*0@KFhJ<&VzWm&-N3-6IxLiB1;q;FcW}Pe3?#P0knJ169IB3YhG2=t3E}vF>M6owb z)@FDezWVy04n<%6@@=W6Ye&3o)MWmgXP<7}Zk+u>_(gMEtxo?odD;ENotbHeznPlu zeC{S&N|+8mOV!9H&BUN-=eza#n1SZ^X<=#8&(B~moOPTCPn9~4A&((r#*7B*@Q+$kbn+8m4jLbR{eN_LIeJ%zpPz*u>y_~eOKN9K=-dP{*Rz)0j=9~z~8(7 zu~c=Rx&5iZ&J_37<$*Q9lPTpku@F)-wR}~0PXRVUIdD1`a6Bk?A6mK`- z!E>u6wu(L8?hY0NE#`Sx^+RujZiCUq6dNahRdJCtYX{m=CBhsZ9p#Qe4chW5LzkAo z$cgBi_vHm|0fqo!fuT-%Qsn{s$|g4f|LRpvf?%~pRx!pH!}^-4P=g?0l?Y>)-D*p4 zZHV!mdn3AP`OxGPGe-`;4^ERnsap`txVnN2rVOE<-2HK*2S#v$K zsy=?TlUs*><*p!;PSU_6&=_lUl^B~f#$>abO|k9@q<$U$x^L&~sL4Cr1jfcF)_6uC z>2axkb203KkS3{fVokPz<}gz%6QA1lAZTHU5%{~q_+j+AecgnA&o!WAHiTSf`rmb) zVt9>)MN`dT@>i>ld&^>Mbk{{+qa{4bWRvNx!M2}5qTw40pg4ezmLz}u(QC=_IZD!p%KC}m0-a8YL~UV> z3OCuruop7fk6weqKa`L<^CkW&uyQam-FH>$b}kFW-GsEh#Fes(_X-b!zyYq399#0 zrEr;WhlCiDw|_vOPsiX6Vj=eKpS_F5e-H*N*HQc4x*3Q@4By;3qsbizP!R5gTTjO@ zz3^h>w!vlAECKQ$sD>j?Gie~l+Jh_+)>xBWjBJi9`!E2=)uEQsOzGc5sv>d3o2Vm#nSJkbl2E&vnZP)~Ld-JUs`g|X{YzKl?Zg20S^?aQTp>ogI;hP$(2V)RJ2VV|nizb}RrM1W19*K;8{eg$;GYN}Y^R z=5WVs1HDl2l>8qki;~Z8=9=#z$_R+U?WPH0Nflo%r4Wnspub^J1HhMnSiFlHj8uj1 z7;Ey0O|XQ8nCyM6;bQR5(ih5_1>l$Q<3@SzOD*u$W~&(V>av9P1ps&qzXq%ms*hF$ z?HuYK>~9T=qe0~C1=R`SV_c?jjbQkxG8qhw7|;4K9`b06UDJ;J`$$CBA1yX#MYhw(t20 z7BdGE79VHpPwHdnXg5cB`?m-&#&}n!|0k9tXi|r!ufbCpJd_+r{&M`B5*{(jk%2cX z>%meDuABF_<-F%CVvaOF6jf!i+I~*63)Y1kg`n){kv>PWc6gn*DvGcARiiKdT(O57rX(HgGtSoI3algNuEqa z!Vu5=5@$ASLC1`MLut!|F;z?v4{v~mW6oXoRGBPb4}_Gh8T)KR6Dg2V$S&4!xu17_ z(+`$X8>2RuahE{h#{Y&}%zW@wuPzkh=Ydn=Qm3u+KVq(-)Ze*V_zbKK?yuqExzugy z|F5{kQWsddE#V%GOqtXl8~%@&Ybr@?$~|$qKe%_ur0&)9f5k19`m24Jeb&Rm7UeP+ zS~4pu>ifT87V}1(&tG;XG(9elG~@{kN(rx=gLOig!o88)34LbydYrfX-gtkT-a#0#{)5g$C0j1$)$3O_aZh6;RjigRESj3Np z;h3MjSt|>~DH15AxT(o~y7egk21p4&$fpy7*~=x_B>D4G*lLxIs#)=YCvoqX+l@H-C)(3zqMnpk?b zdD!$B#8?I~0$CsIoRtEWq<#s+CYflU5NC}{Tl)uMdc1|CBww$WM5jqSavuzoWD`ol zcd1Tjro?eP;n38M(B5X)K3|fYT;m}JC2Ew^XZa_`=qcC}euy68bLF`8DWDNs^MWT= zMpL%3HP${n_b}vyUXu2vNHZo4!LA=|)DFX8md4N)WjLxaD=7H027|`7E%im={9oOp z8MrnA3T&9WeVfi{pm#vmC-r%t%@|23MFbc~&&hQqbx%dynBZZq3b~@4E?w@8vu)^^ zdn!C}D`YRI1}yoD*FfUavddD{tSG$s{Ib)b`d`t(oXUPfz0t~4HRSrCzIeB%WO#K@ zHIq@Q1kTeB+5So)m6)jS2J`2u&{N)s@VKYk@{c-^a{>)E zN0|H)!lF#7{&?<(UGu2EuU8gn#Cq(d21}F~Rx4!@=YOe>8dVrt_8FMw$t=(Jy#|xj z5*}wp^o_)m5jALTwkKBI^IH@5y+#P0CnqM$WDCc?7Nkxsa>Yr*#orW*B$OkLa|Ixp zWT$i2EL9wGeT{zNejsgTb+W{Yg7&6ZYt%rKEzz4P>oCXckr`HC_P+=NI3)WMRFV zK0lNR_+4bSY%8LUkDUeRU%xFE>@+Ij8dS7cHh0}CsfS6sr?>xocU%Yaks@w)CcqqcHJ03_pq z@_M@lrN1e{Okt7L;#@vZA*?eSC8m0rzu=oon6%=sir@i6zM&pci3tX+JpS=I)JIV( zPosq(38ZRk0T#R2o}jL(W!u8Mo4A}5UjUDvqy?XtTxn~KrFvAPke|DXLvGWj$3t@Cw7pT!W=6EV_2~V!e z>JlAAQ{>bZQb{Nz{7*u)2X}_Y2Q>-bUT&bIc zLzMIA2j0)W-p~c>@=QuT;l`!5w?4opG$TjLnmzxvNBF`3B59SSuDd+;I+g}V6=d_0 z8e0i$`zm{Zq+U|oK%kz<^fs&CW%!t#@G*QI-1bZjy+fSE6rNa;8EmDB5_umMq^B zz|-Xj#xh|Q%+qc^D1-Pp!7%qaYnVH>4^od~t_*xVr5jvzWias}yf%YkQ``8228Ft) zT#8T{!q-2{&M^!w;+4!r^h1G+Wb`DeLWD0^w~&@@|61SYEP8S;@p3NhC!IFjW zt7KaD>mnr9%Oe2eQ_Y|pp5V(3h0uq;pBaGMoS_P|!|i=waZk`&n4*M94ygmkmu!jn z*WHqG4%9PR`SDn4=gg;{@1WqUDcV|rVN~!^!a(x3t;rT`j&&YJmYqhCwyh+?eN;*b zH~G+&%tKXqQtQcE7(xf+-I_7D#@;&M68HUml8&}@GNZ;&X(G?rW9`pNFl_2zQst#= zOUvnDOJdPj0~~0xdjM+V4BtTc+!3s=>Jg8kG!zb2$mZ))2MqV1KfVjrxVjD&ji^xC z*?v*3gjC{r|lI7C(TUv!wwF52W+bK<=CA&>BbfeNWva+ zC@j-zIG0E`_)4tZYr5#gmaCSklbPtA?ovxD z!J2LEr$}Jw=R8iu<^`I`wiKG$uRogWC)=Cct^-YDBBSB=qUg?66<~8u@Z-6^F&6FS zwzjqmZI3ifa+DD(S38;C?t*6r%`SvG9_$?R;4oi|Hcev2H^`wUQ4Ay1JRjq^Cn$0B zGsgE}N~gv?Nwp`_Nm#TWoG{w!_VrW;3W&uqn#6=pkYymHPOwgNWq`z*=@|D<=B!XY z9g5(os~MA3Tiw#9i!UW;=q$GwI(-SR{?lPRc8s7PHz{ys!xT+u*G7&XU037n_@Cjf z|H#J@?p%;5^!16Ox$_qT?O(9jc8oT|xBnB`ARL>qS&V{OTk5^>wuCH|u~I#b$d9MI zmdx~sUaZu}0nLwZg;Y4%BZ05BRxdn)abltqe!0 zs9`1A%$Ey!k(1Sh>}xZJN17D3&WYvu3BRVZz>on3>(31K{SKWh*cmX!McEzE7G-{M zwS`*Vv_Y%(K@Xv^KcO-1b<^+F$ru!lLLqa6*<=$R8YjVul;5&&Db#0&a6CQK<$z9_ zmVP){7lNO{Xsdhuz{e}lS#{9x9_oEaFNI@U#T4#Po_NqL%)Rfo$zW&)LHMja|FB+` zw#KmjsK^!*Osqbv^mY);1_4ivOggHUK)D~9^!U(&Zq%UbFL+{S3CcBenK2G&#RxCL zpni_X-y$v_@KH@H!4EpA6Tgk){vZX9-aPNj?+yZ+E`X@Z2FTu1I`Knmw4~9lVo9lj zV&CM2g6@EXkBR$d^pZHPQ@}aa7&9)m68CiKi|zmPhb$*R#ZQxjozqD}9gRsaIp`5H zojiZPav0)=Yg46xan1|+nB=$=6F%DPeeWbBXbfBB%Y;+8(yCdLMmR{8)F#lh@h@oR z7#tHH2ha1UVkd2Pk)bN-K7DZhK;+mA<>6>~VAY_2D!Mb?NIog)ibNdqsAxe;qFmeD z&bR@49fh&5_ZCLObj%G*OtG_yeMcQ`=2DyFK zLXt!5D-y91lYYquf9d`lQEw2_rNezsfuWc9abJ`(WMJ3Q7qs{WQxNV28=D@3z*BEr`Xa-CvK| z9{Mk^5iCmFPPTTsu?6Wh!p6O>ms;hBbXmNx_Mbzr24RuB`Z}zru^_forLXLn3 zZaES(!J6BwaWQm$Gt3+#TJ4eLl+S)ifoJzQc-!b?pFG}~eY_w*56nb1z@>AYb{?C$av)zbMXpcBhfE@bTa z-yusFxhJh8`w*+agh0`KY2AYU%F z_$fu?Vi~`_Qoha)(BWnLn&FrHU09bQ8b4!IE{@#s&X=<))}AA;6%-Gu(G50}oB zDTSrA>Rad27Fb%C5Jz8%qdQ{n;22d&#_B*YuD8Yf{p121JrrDo< zdQO9(SV?K`mP?aP2fP~gSxc+MbO+8)Ii$tk`SYq`J9aRIR~u5U@Wda3>QL=sWrSor z|L~-UHmuUl1@&jg6+xpW0+~_*++ad+zF9@revwh;K8{emp)pYmWv5uBOO2=49oM91T-d%!S zjzkCZo~T(tFP~VF3Fo(EnSfDM0+!DchGEsUku{qAI;!A_+VBZy3rc&TRZVU17^A&! zXqeF=JY-8+srcd0v?1sPx(v5dau?uVHyWwKC*9QR%t>Mdbg=rH9e4K{Z3*5%nBZwq z*uffL!HvjDmn~5new;AuI4=)6svf{O@Mj_VfEA|93w=`0?uz6= zW<)BOHQm0!ZFB*P718(mJN33h%~nJa+MIIo<`&>zR84F7(F=)b| zGMBSNfVQGipiFeWbiZ~;|*M4c@)v>Lp%!#wu{j4zwZE#5df_5L9&6q&P zQ^eg;uYb$g!(jTkLB(s1+QZMQn17oXx@b36p?-y=$e+7I$#Yne=glvLt}s>=+O<8e zVoWDTw!iTN3i=kAb?(4BO;d-qnWJ%>cc8QSQmm5QpKYDm1-)7X-i^myKg`kqPke*Q zt^8Wdk!MNaQ6<2!3>@5gdVa5mBSA$u?OXh{pTdBdz~%$_*F{>`@d=vQf>&9`pLhkI zW&k{2E9F@35xgS~Q}UjTw}hsN$M6bAFLRdYpHjf0;7Xt0&$Re80)gw0hqJU=lL8in z?Xvq`ZKK}9tERzWIBrlY)_Kk%HmKcsitYG-9;um68Z2ePEvhQx*e$ML$&o(3S#-QT_b(c4*LBHGCz%7bBpACCg%9#FPml-Z7? zn9>=x;TXT@UT|W4cWTH#6J4y$8EXdAK&YrtO;D;fYi~lDPq3*(r2m{dTz@{q91lAW zW~3QU{3lXWUL;0z;(mSbdq@CfOjjXJX#r&G!-XQGK<*YEB7QgW!OY>`>?s!k?y zcS^1z)uYQ>3{W9TgCx1_xxae^UrpTnzaC{vmlgPQ0UFPpzr#%oy6nQ)e1&D(rk@Xe zRSNi@%kU$yRP+E}!O6vC9yTTxx_K&7{{!3>r5|4b{^^`|w@0G+xnRM3y4iK#6LZE-?S#ez7I7<_r-h`m^S8QNkV;5$E4 z@~MM6E`@N!iW=#V=%6yM+G3Y_lb3XNz*s~tg=SKu%#QexnJ~oGV3kK{NgVHl zP+^1O_QrSff2lkU`uRl`Sq;I2rq%&=x~WDbP*3+b=WSePXF#c@WaFfJLv`c?T*DTP z$PJUcJ;BG3!cm$X%O0Cjj^0?FE9>IhjXfq2ThW*kU!)5`dF6d9^tkq8{ZuJ%jNf^! z5-CZHoqMm>pwuw`Mkom@&&FAicIw#9)U=?Cnf$VU)y`i`h3aQQGdv`Z>!u3Z*<|eR zthcu(v@pi@MHWp-^J9+R+I$8a#o!`ZvZnXz=`lwlC-EcRG}%meu1Bo0G(jT=e#Aid z8p{n{>9fx0DX*Ae>=zlAO^4>j!lwALDMvq5hNKG|Fyd6#;nMBg5=?)YVw70$MsuvA z@>{m2o4)O%!&DDB5>A`1DL&VMh7}Aw)tA)%q%P3dBr?8=IzJVRi)Cx^?`_&L1cy3a zM4wI;De*n6c5N0 zyt>qEi!!rqy->j5_OgM@X1D)R{Oxo=Y{ZYx{d2XTP(kN>G6BzBh&A!W*nmwlpz>BQ zPo5{8ut=kwN#Jy(QDp?ssnSkW^K~u(nkF#QR!kjVE!Ih63U|AG%G>#Gx*16Q(w!x_ zSDo4b;)$4DxsxinG$q7hEq+_BWo%xs(1Y4Me_9{6+{mH>_ufv_qEcPOx&GE=c$URL zH`npte#MU((5>U5qSWA}cIw4C=5yRqtJ?B@v9bJqQyRw8>#UwW2)Yi(Z0*bNe$s^( zflRVzN5QSZKc-;gD|~vzG-Xqv_CX77%H;ks(7kwGua%O zArrztLC9bN-|EGKpVz^Wjx|BjZKyXJbn+>94MM-?+dXRugvkd=O4k#U&gnt#5FF~~ zxG-ExjBHFu`(Xk#Q>!y4+Q%K~rG;cu@s02#+h%U*!F;Co`0|+A~!&UmQ=G?#i zpPC~cu3IW)f7c3hFKX);$|AdCv+V@ z0++UkUQC}jytQmI4|YU6j#<=EVI(-@4 zoaUImc)Sv?Ac&rVr-3$Z_kd4yGJqZ@Z^k6cfisM%2A5<3P7h6eMhCW?H$uqmjbz%I zYeKP`V5siqCR^FvS^7zw(zcalk7N;Y#4=UlDqhIjr1}l2U98{jheB-KN3W5 zu~_8;=|M9Oh*VqzxxGivp5-eD8z_fmCHF*I{q?f6=|i{VDBeIyH0|OGePK?8T_G5P zKO3)gTk558?2YPnu{SzoK2BQ+bUn8(W6Tw-m(g(m%G4e&+FGNN0u6zglU)R*edL`H z|>W1C9yZtNjeq&sS`2r3^%QK zlkXdcS;UH#jARlk8x~A+8Oj=p@~{vl#j`Q`q)6m+jV*oDB<{d}mwp}q>tBE+Aa}a{ zQ}t2fI$h`G?#k2E>SKT1i2%uCknm~o@pOG8&L9t`Zfr_5@1)0n8>HKg+rk~Y@;r>$ zH6uklAx1mWk~ZhPdtzhn(Yj3UG>B$eS>COn!Mo?IQPl8}{lZ(&H4{IxtJBMZmH+gL<|ORp!P zR^Pb)F!R=&SUZ%LrqaJt2TGh{=t*hUQ-osWKR0?+#?x4a^BB@ClG}-Yt+}My)I-DAw=VwD)6$RP&o=2Ojx>#K|j5$v{$R(q@C;i{fZt^2~`~Z3! zI}vW*{#&XXs;wtv+m^SN@!*2NAB&%gZny@+!8@AB&bLg&O@38$+($eyWB44M!GWLt zp$V*Xevs_wXhQec$7pF;fb&WH9PSO2%oXki>C!Wf(K;UWPBvA!0K{{*vSC{e=sY!e z_%?OfhkAIF`cpcnyqMOfKT^dOJQhZiS(nn|Mw!sgL-6{%Fyo#sJdLeAQb&o>1M1ML zNX=wszWRxtCbvfUH(8^S%@9X{QR83GRe(My!{I|I%PUVf)XZm5+`@EJe>M?3e0jX> zy&jHG$J=Ud<4UxjPr@9GSe0%76c&?R8an;(DMdtLGtF}Q#@n5chaSn|i=M&hGpY>- zmnn4#2@Z8swIp|rl0<`7T*~zTRH)OFP%X@qQYt}}ASrLi+TsgWVDQmyV=x;a|7J}o zRqKvX8b=(7dC;2NSmiE9 z^&4!-Os#LZJuqKq7|8Ie11dfytIbZRK^DNu2r-CfYC^xt6Y3$x^N&sPm~ zixC1@eC&v_`^4E5@~nSN9)55jI65JH!u#b~V~=={JTapZWw0m%AnlhDtY3Eds1w~ zvKRqw>NFUB@8&T@Af9kSLdd%xZ0)n-ewMW;b1ucf8F3A^KNU-5o2DlBSa ztl0QtKFKjjoGq2189ITE=*1@!a;KR(?Le5r-1^KHZK6AO&` z8SvdY$%#+He9u@M}`gej+XfY?QemR$ES>c>`IPLtZ>Cm&c*2da67A7AF4&85tdSjX+ccI+i-^zX|o4Vu^> z2yS|k3@U3LWg@2w2v4*jZ!F?O3wDy^pKF^Iti&e3Y3#`IfW|k!ZUVXC)1tb{iUaK_ zNO%Xs=ZW;@B~+l*Hz%phqY5?rsW5<_W0Z2^yy~S4?5Y)akBa5(Cirnry2j&;2SXMt zy7(j&T3Q*tt<7YL$MqvvCu_PI8eyxZ?HQj2=93G8@Wj%X^2#hYVsA?jFW$%p4?bf5 z<{E6jIe@+Kzmvaf6_i1pg(_lYglvuLo(pk$Diq(8ONPV0vR2YU6uTE1qaW|~D6$Y3 zf8xhoxxKy?s?NEzU(j2hTReeEd zF8SNzFK39in=Euw6kFC)-ww<1vDhm7E%hz;iWve_U{Exalj_)Fc>z1 zfrmh)+AA_7zjC68O@kpgTj7n}F*%mUGMdj|b2=(w2O8-%un23c$?gJI$rKVx?RROr zriJ$Nf{6#V-Mf0gBJTj2$v&KW*5DYdVF;|5&t$v1D}y`jM2<+!&Dk?3IuvMeXmV+0 zahH2&AqrA91i9(to$XO@IFxwiRx+%YB4pz08k*TyVmMr8MCPZ5|l13K7@me>fZEn1(E?An;U5(&^Pi!@fdWA%tfEJoe9 zDwXKYno{rpTtC(D1f*nf72$Ft&U%V)#UUj1PbHbPd^b=L81t@EH_TH}Kl<(5J!CH| zJl2%<{PW&Le zMv6qbv-nEPQY~NU>%AcX;!Z;s*7>Qw(aC}vj@@XyNrR4S<-*;sK32}zQm36NR;>95 zw4y3n(UP^|&u{;0E0ng$h_~x)^90;aWtf*$%6nsW%6XloA8Ne6?pRsk2N>u&Y-H4D z^446KB3^Ol#@Yr|o&lOavP+N4Hd?NeM&Y=u)D3wtA*!uWM0Z@_;K(k>{7`8A=e2*q zfO?D;w_cVqfYwW!6Ah}?JD%q7wKgkOG(-lfL0oIoQD`>%pe_pRg5GkWR|52-O zk#iJ541%-b1*d1X{0COCB~%P+Jn9KVqdE(JCgQejDIrr=s?<7o5M6MGjIpnY?h@d& z%hWULny#x$b!DkAMtKIPw=zfz2bj0N+2(x3Tda{Z!>$g_j!w^nIJ6YgNTc0~?Q=rQ z0cr76^kmLc8v#@WD(30VdHXd0RhRPb?uDJ-1l+gy@rA_l0~)w6`!J-eL=S?fchTm9 z0^}&%>LKrR%`Ht!zgGtFLp-nGS*Y88eD>Fkj_7uJ<%=&DhaXdHn17oP z2c&2>j6k0~I`|ERV|Z;+0$T2*HmG3pjzB*h*uCa7I=nRoF>mSDr?o+A$}NdNLvqhZ zpr`%j%RqnnSsPSv$sU2;U3@4HrG#w&t-II;f4xn60|9R<01_3+f`)DC3T2SWra~v88dK zQ2~?Av$g3}uA)DNYZP!hFwACk6*1}FXC%6P6I}OhyGNnkj!U7#lm0u$)lSZEP2L66 zg6!+}jHUI839aCPTKYyQYJr@Fx+6Bk^6PfYaih6lDj9Y^ zyj3g)<_VPTbFY7^s}5LsFG*+P!fq|aX}Uf#P!we)uIprRbj-0hue7jNAM{Qj1A3tj zl(>>ls-wk$rX(8W5SoIYqXG7HbhSkrj8q@S85OD8_(V=ztYPDP?fCf9G9D*ayl~HCRZ0#d<8lql9zlF_vP2R=vGpTW=3v2Iv?O(sai2~WN$Lax&qa^_0^3Vkb{ROCqN z&@VpJK>?LHSd_;xsVm`pSid)z2dS{P7PI#$|EQ7#206>k-K?g?zp z6tg{>HYRViw}Xc^Y&1$pjy9@nuYi~*3%mjEja%70B^8Ucp=RJ2Tn24;hP?!y+>S1y z$`E96+N{nwf>e0?!Q~x2puU-y2)Q&jz4UOonU;cM>tOw*06p_K2@IGS+`a|g8Vu^- zWL0Uizie<9kb^UBx5GM z$D~c;y(%VLqo<1rC50|Jh6GIF3|N zWk{Oq-TGKA1W{zo^@m>x=%*7#1Gk?!P4!T?_Fu%{7v{da`X_q$BnEUdH`Bxn8K?(b z;zJ;nS_-}HhHqc|3{jTA)dn)Q=-`yGMN)Z`;zb0czC%HkmX<rv9ul7k% zE9An`c3_&9&3@bknmq`is<2Kx8mWgy>6#GgthvV5jn)CPE(R=5c-@Fn#cpFUbv7or zX;9vF!oPAlp(I^KM^~)yDy1jUI`ETnvu;F6DXYvK>z_d|XDEY2I$sT(j!7YvSf;SQ zZl?PThF1oIitkCh9imR;3cmC%sYroSw$G^B3!OuE74neM{-rK5H_a)`myh#Cbfbdx zDWIsv?5oabEedV)RnyBh%?yX#7dZevNd6h4g&v7>Rgo@jsmz|FrxsDh`DMwk!t?M` zZ^jv_G_L%Jrwb%WOtV{Dsm!F1F5P=4cF(Vf zV5=bq$xA$XE=(Dd*q~QWDwm@+B)S8Mc(u{OAJuvEo-HN4eRKG6u7{XX9~PCmnue=& zu((;8Sc)ZMvMiu0KVo44+|b7E)WpZMs?+JeJaBIG2#gkbCyEcq!2Nn?+~iR5WP`op zI-P>1;<1#h$p&P(gC0`IRVB@$c{75Jcn49%gp)1^ZQCkU>O6)#hK#t^k2*JJ(JcN{ zZv6umTP+#l3Z00FIj+Q83?0jQH)Y8sA>JRZef;zreDT*vsJCXkm44GFNg}V~LPNX{ zP1UzJXQ`3ehy?ff6OXe01)up8{K1TS)NRkWJ0huOF-Ds@So@ohYg3h)m@~9ZXwV2Y zNLy8W2KwWkPUbM$^Yk}a%%*Ua0i#*gdiubS3QB!-Fu5 zr$Lgt8Kdj*mp;105(iUQ9Nra8>`=M=kZ{v(A9^wnt}h0RA&f203%zV~h>lJT@au9l zJMsF!BTMSTbTY$qTQTZ%Z}d{f*!yC`5f?h(WgSbTbB{)o_k z`uK!$X|=04NZXkQEi3B_GkOAz`!SKbq{*tw?R)J(E(UJTw<1v1j}_4JWCuK@N*+H#0>8zN#s zZyByE+=?JG8UZcmeCV%}({ZRouX3faPGu%%zSjCU!(8bOwueY6^qYJB&&`0OyV`ir z6YD9oWK<~Uz=(J8q&=I1Xh2t9EP^xwm&c4qX= z+y8IqSv(|e#I)1<9%n-%#zF_&HLd9Q-x|>&Dwf_4P;&Bf20rM13>|(Ij+YZx>+-)L z7OV!T*YBQ8SWf$OpTSE6F|`lq`adBSEBaoC@a|Mu=!*!68~K=Cp3*|CxZk~lmHL-v z2D&;|w3kfc&M$fT1Z8cPydh<$Zv!l>skks^hp zTjY%_IweS=<2i1*SxPmAlh1D70#qnVr)#UscXzdJ={^)gxC2zgm+`lRf1kKa?9kU{ zitTHSVs-oSCXxkDTGjk&QBV{F1z*PR8zyREB8BU83$zduhi6P|Ceb_KM38%z)$$w! z-yv+_n>kHJiU=GB4ty-(jvWJS_*swc#_WQp3jqbs4SzF65k3?*zR?QLgqwafR(dCY zd0nRwT=*L}wX$vO^*qN<3AF3&*GwQ?(k9q&aZz^2iOi&ElD#w8Xpa41JtpS^i#DFywp4a34Qz zjy_xT;U)$NQ<~|EQ$!OZD6Q8c-63u7iAgeViT$L7VhhUgxSXV6CrVQ`g z+!L83VGgaoqg@tY9+Y90+Np^tFh;^G9F!rV05E9)@pgW>TN6`YhJ?BL)#AN{fJqlg zaLmVhH8B-RwX^;1P6cXU+}PFLglo`vI44A)P#=iRmh-#dd|w z@o2W%zHHA?E!vbrIY%9AAb2xl`09ujk=%Nz={YX;8#fb37x9z$kULt4>f<7Q@AZA5L#t%KNn=?S=9W12kx7Lh%?t`)@GC_Ph?D)Hs(29jy_}$F;$6=|(v9^-r zCDMK-2w;eVB2KOEf!Z8TvF@{71utKtOFTZnN4={UoxdT_6~ z-=1q5(ZY}TaT72XP;09b6sv(~Tqg)7v6iFWH(q)J5|n@hdknBZtLb{ZbbVNa{oF&#=mwJNeYY_3O&!$7cIy|lMW^BuJ4zX^EfY=lMSBZlP_(@gB^x~1*HSNN;yRk zN#aGZev=Ald#(K9U+V7V_?2ZHFt(a9LDG>0x#$GCDfZY9I&^*q}OBw@|sig@izV(S*5?abva#wv6VI5Oe2wq_k zOTWB9&5+-aI;@I5<8j4Ce??5iPI4@UvLB713SKi5z$cZPxUyQ39E^6Ek_*vM|AF)p zP2ckNk`DeI9yf3mke8H@p1AFal3{gpWz9|v3JnUv=J8J@r5)BgTnkmdGS^C4pyaV>AYCP!EW8YBVQ^IIDq9A zK+T=KXK2^VZ~--t6X22Iv9Hz89JQQ|1-G~3pGvm{6UU8u%?6Z3i-)0(oLgC)$@)0t zZKvToW@W(f@6el7(VHB1^S7$F2sMp1Is_@lrS>l9+P)KADLWqSk>@pjn4yNN+I8g3 zQY}4R&Et+uMyvN%6#2tLM3HCDS=i1My||yg456Ni8!7br53x z5$!+2JH6iu|9=x(+T3Z^TIdO_ym!d{7kE|6K%rVeD3Z_HL5J1Q6&Ej3--2>Ax39|) zIjA+t9F`z+E`0~htx7j;Q+XXv+|5_Ua6ln#7Zw*KRwxq_9A!EPH5%tL=-_We(?CcnXZ7|4r!o9=^WfZ?CV{EMB zh5{SKlTpIM$Rz%`iYw17hf+I0{HktE#O)iWHQ-}#wp|&V%xOcFDm%*|X0bthe$Z*! zS!HlnWny9+tY}+wsluAO-%R>|5s!NaCE6+Sn=*sricxI6b!;D`ECAJyWqDV99$oZ8 z`9$um;%_R$yJlLY6D6efh-VK!(W@sj(RMzJuiaJ#cD|EN7bYn;o6y%ct~-tHB*81DWjvD26YB@vnf^?oq9FkW~(wj7%|PEl*-Ixdj6@5uGyUg?fbm+f!_c*0PsBD z^Y$-oXys;;Qhd+O3@Q$#d_=RkrB_G6y(A#DB@V~LN--bQj$%($Df@ft!1xXQ0X_=- z$#t^&Z{6T>pG@uEKkLO@f~Im%K8RxfQGrHiO4V+TE=^F@3=N|1-bX*G3Wm~P;8x!3 zxiW*>;1OwsfJbD0T|EO++^B-?cDbe$;4nE)NB8u!z^-#MCe>@U9=^p~1or&veS05+*?|N!lY`Zk>yN=2xb{ zGRJ~fV{AM_P0hZ&zEiLlx}Xn22)+(!uM4k3aA+u&|L}iQvn%feX`6Xo>PjI&n;p09 zupvpy@cGv2`_Dta{n3-&Oz`5U7?-$cRL9YkJyl%?#^lW+(VPG9ch_n_e2E`-ZGJ_y z5Pjp!QNlOA3Ao(6@4xDgm3^_?()7luVp_n;Yx}YXuKi2*L%l{g!w1YHoTF4%0GVwR zyFXI22BWs8xwZYs1lYn@ETegN(50d-mQLnavv7qcwFK^*d}=77M_`F=waMfDJ9if> z&6*YYp2E_M_&3^Mi5W|mg}5%(_eJ@M*jSz zen%casI3@$+?pHUDscsCPP7C8msp~}uFEsp&}*q65#KZ!-!COBit7zp5X_oZruHq6 zt;PW5L4(<9*HIg0MjkY*PNUl*n8GUwErU>}DfE?0& z!Wkp9>C7njFol>9`bN zr7`~|ZLmbQ=Q^w{?uG`1>Rg~2zRTzeJ_ih)q1jw=p^E5K1aYT%X$6}P))YVTjZ!{9iAxtFJa=g!uPtk`slK}z(h=|3AyzltAk`qb|=2^5jZcjTW| zbtyg1PA>y;-!Xc=CbACSF*JJFfTw6Ry#UD*@Mjk3z}GTzvdhPn5C6On&BsAKNhImD zSd*fy3Av~NaX5*o+QTLHuMFD&7aIb9&ec?Ag*FGh`Wmi^KPs%>zQw?A3Vd!s_10+O zyW(I~g341vI-N&9w}ac^{m^KmHi2W^ZnxsfC`Uvj9|clpQwCk0{0-QmNf8@E`&Kfa zW4g1bGG+VeO>=$;$x+>yp$=$r54xL=dk)+_;||5dMWjzX94SS#)UfVM7s7|8fT%OV%2D#}HEB`1$n>-8A?R+Sl{6&Mv*X+1c(6MPP zUKNrg<<>)cE0D%V+9`Vb(=9%x>P)hwbVOF$Fch-Pt>v z3!p@>XI|;?;njEaQ6!bdD3gq=y!vq`$Wco+EmU}h)%J|!#oPGNn#`IIHRC(U> z=3@2E6Q6_}iy=eIUo_)~nyO?A6pvss! zyE?j?L3&e`U+jlEpPBLl-9uOq0U{q%C)4UD5Mz(acPSMwGzw)4fAIClqsZH&=VN3Y}~K2alUY65hW>1iGUPlOC29VOH9h*^AWRpk{W?E%yHnr-vq@a zFA?NI5J!ebH}lN`M?rLdIpzlLe51la?`tZ&&OoS}HXbbS6Z!yeu}M^OZn_$(%@|1s z4b;aUMHn{=!~~8&v%dfdj{&aDQX$ZhU-?k{j|QpX6AR~&j)g6ARgl}D_6A4jI@k0| z^1rHMVb$l^o}>M9pmv@;D7H+6g~BegF-n*9RC)MA;injGyD;&!U_EPJp+;dd+3g8! zkvy;`(YXASU!2W`-cejWQ_qhJd$Axd)HfW4TO*M&?yS2AHMfSY*ug2!6gg_A3KzMmP=y+Qg8j?lA3PBz za2R6n6h52}ifg4ylU3V|D@Q7|U5F zhb$sbiZh*!c8+C7t1Wg#EfG!U*X>82gae^OJfGi|`>4>kyFld-ln4UvTqt@91WRQE z7yLXU5Lguvoa|S-dItFM16XeHs!BtkM+EYIpux~`Mvte{a^Z>&tj{@oL|2{gN^=CY z{=(!fBc5aGkIN=qrFV{2ho@yO_OZfDipEL!FS5*XJn(i0>W6~dzLj=0e5*A))^3eg zdM%8gy?z?Kc0K?fjF#;hxO?{e?rYyM_~T)x~XkQ%t#m3Ny9i<0@p;GSpFwB zQWDEHId**~^l%^eI=*p!ca$!cph%0=W=aw%R?TFipUy148R2jorv3&@hs($5BeQf! ze0EwXGA5y}etBZ{*GSh=mWDg zR(uNe6C{iG5$uz0ZuFX)+W>+gaI?)A z$&yq0NGQsyk^FYBV(>(4i(cma{RyV!O6dz1veIbF6uw$tNnxI>;1Gb0X?dqK%2M zlqjJ`)-`QV_u6@3U6r5?BWuvEr~j`F68FsN-^UH0f~|kydU~b1Kj4ZoaUyE5u6nE8=2OsprMa z>-H5*FJp7W4zlWDvYy@TQ?G7|?g~W4hHp1TsKF#Aoe^k;$C(9(gbDlV%xib(e9cJU zhqyJ+V91q4rHP5y*#E?h-j3CscjABMi-$pRkk4WnTr6HOg-Q()L>0eouW2h}6HpuMBJW>FR16 zN`rz9LG2h~O$Y$qN@$&@e@fQW#!PyIRBkN{=%ULE5HJfg3;Cme< z>w5&Rs2sA&%|m9TUycsAjUVrT^$ql~bT(tx!&R9f?_}brbaL>z>X2e5{2R}K?`o*R zLGOKcw3(Hz;H9pub!pAF)6nt*`0>f0c@q_6SHP`2mZ;Smd(O==32V{ca!Nf-?WStj z6e+<|CaOf8BzwcD_dcNUJJ8WQbyc>x4ia^DOd2YCqEpi)Ajl5_o)aF^LWMxh4bxWm zX76?lW&-v;e%#S~5u^g^s#g@7N!DwHKfQ*T%*5=$iyHd3RKZMk>8JrS*_5KrPE!Zg zo=66WV27jc5Agt9VGXmh!tFOl3G_*d^?Dgd>8zLLu{^`N|=+U7VxqJf5Kgx45xyFg(^svK` z0T^AFwP`!S4|JFtH!cuZa(cfp;)L7<1+qAyCAD%@ywWOY8-x1W|X9)#P~YD8Jy5i;v@T8R)-`aa>d>ZbP zETKiYEuZML-wKH0&!E%&sRoU@I$TW~OZ(BW$U&mEsFT@>>ze2=4j#yGoXQa^FS}*n z)j$Yx4#SEkrndj3#+dAiz!_nVjKghPV3U(bXNCMstnk0(BqpTiB@r9x=FOC{_7NDC z-y*#7W*|Q)gLHC&$(uzTd2)Z5+jLBL5#;BK%%RT}n}s?wYF?F?qSWb_`G6@tt0I1W&1R(dv~*mdy8QO!aXUF}HG(vu`~o5iDYfr0vH}4e56C8!!$| z^7NzUB!aapk=*zBa_?G@`~Z>`%=(I_&L!P+NbXd5Z#dND)43f5rpClGmP-2jD%DfV zLa=U@vHGX`AFwJYwE3{p-ByEfb5`j~E?qPJcUG}Ewy3yvO=nn&FXkt%-ysN)CB+(= z`bDV-J-5)o7~5a5$i*=TDoppv14)Y_%;dpXi(Hp;Lal6urtAqWL-+l7k|Fj2_(ahXZ zH~yQiNL;t(CUdBj;}glpn=e0~2Q!O=F#N2?$Cg?ob{t*k6Nj62eJly$bA`lks{HW3 zMuH(03|v+3Lv%AZN{+-FlpUWsZ=UyDaC{?^;#OPT9LVX38Ayt2Rnva90SrgLz!${V zL-jLQV$G2j6RuOSL@HAquAKfI-I=!rF#>lj?>cEv!J_E>^p-wdd=+Y^NR~YN=bRe^ zS?IqL?pvr1p7Fj|k*mo#0zWHy%9>4&XcF(7BTt z5at2A9GpyPV0NrpXJaMb2y(z+ka|>Z63@swXC)P`U6kgvxhx_JqqL&CC$8_3Mi;SF-F%Bo zN)=1n_Ht{fQJ4y7p^XYnx39_?oiq+~jWye%6|Kh5#@H47_)bBAbs98|Gu_TxIOX<0 znu_Xn`)D=TLwT$R`8+&fy#_XhVdqdE4KM%9w08TiP|P=IyT6-)a3E-l27ZW7Tc5~C zn<6wc;R-2nP6O3>@2_I<0--nU zefS<-6Ws_5JUn=RMFSm?2M)JJJI9t-E97tMO)Qi^XAbv5<-CGB`gaY6BtMIqXBDQO*LJ}h+;d)wrLz4%YBU5Y#t1^0mf2PUwxa3rz`>;{m=#B=uDWOXa&eB7-K7-W`LE4h9)D}JT zm`+SluvGfs)-Z#DaJAgc<}~D1pOBnBmf{|jnaB`4XxC)mpMaUQWF53OwKjfI$ey^( zkQ`tqW*P;Tu2N5R-)gw=7<{MU-rF(W!|77M3t6RY@rj8+O4=q?>-=uzCeqpDqgc=L z;JZc!&*|kH(q&a?CgQ#<8XNgsiu>~gMqnwU&VfRU|FNEr_KlFFST{D=@^*9rxmZ)UN|s|HqyzGJTP^{ zRcj;C))hN~8%;ds)8PpEeDmgII-w(2=%brY%Mp~!7PUm|2r>ugCed~TxxJcZ6gz^d zEp*a&>a5HBckKo0wktFyb&)j=oL4q$K0pE+C7OIOPDfg+8nIxhgO%2OkhPjr< z+|Okh)kzPLjuC%rV|b7^C}zl}#@$`@P-vPE$F+~zzlGnN>NRna)0^J0U=78T@Jw2Mz%& zz3t44Q3l4S!?riYMBxepx(`SWEj2Ex68t+c(7ATpU!MJ9BHFbqzZ5RtNliF;>#9}U-fAFPN3X0QmUsJ}o|nMU>>|?CP@m^p zv*OQ(U{`@dth^|Mkhh}e@aw0i0U{el9N*1;b5#NnjdIJ%eVkV-iwxlDs3Bj|eaBzG zKXIr_*CkM~R%47B)IS$LW;+j|Uijb<8#m1u3<>u{P}nB3h9fi(HLH4?;Bs_8qhkj| zIb{&GXptZvn|}6VO+)}oAPk>yYZa0}#M8(SVN454n|?k###sRHNc1P%)0a5aJCqS0 Zjs7J;(m`?b#L8c3sv)kKP>TNU{{VB=bXNcX literal 0 HcmV?d00001 diff --git a/libs/runtime/server/cxf-rt-wsdl-4.1.3.jar b/libs/runtime/server/cxf-rt-wsdl-4.1.3.jar new file mode 100644 index 0000000000000000000000000000000000000000..19042b37f69327915f73cd4de9ec6676221d1b7d GIT binary patch literal 181853 zcmbTdW0Y=9mMxsN?L2AQwr$&a(zb2eHcr~MZQFL{$$Q@J>RZ({ZdZTxJ!9Md^Nz0{{R6$V-7k{M7>J zZ_VWYM`M&fE&i{ujDW0!sECp>t&C{0nwH!FJBm;3;y1!w9Z+~$2`*Sk7`Q%0xB@1@ z_+(Y1+_1f7pplt%Y3kRLCr)WNHqaRNkIjP{uMu9g6Fle?dFy^XWed_F=CE0F_SW%e z>3Rd=&Q$wpi&x-MCoJ(Me)a)l3B)yG^J*hr9PLQikBlM?n-6$AFxw-2q` zH0S|Ebt#cR;fmdt&kO3-;f&!vWD+TYHf?%N9FX?ogu{~qD=g~hu@W+}=g%XRT~$=e zVF=U=&NQ%1kFIAsvdycD#I>!dtJpVdc2Oc@))K;2I$X^+M{R2kd>5UbN zqmVm~;4qZB%HEwEgb0c_XmLl^L78~SZKSzq|M$?sa~BH9{5%6_w{;g5Va}nOGRyFW zW3*ehj=9wxx`#D%f!pz1)+iv((2&ajU_d#NWiU#fCp%eru2G5TenBC%`}ocBlDMTHqw2On1{HKxU7jU% zC))Sy(!ogd(GAftZ}UA+TfdVwww#V6>wyiort;IMr;-+TK<=))IC9zblqw>u8XO;8KWmwu1D=GxH^*UQK2k^G1SZr7x zoL@`{<7xNa?6-}U7@hTJ+l5RVWlu~i&b61zRCz8*Hv;~ps9nqSUPhqtSIJjDxxft! zn|K1pDa|(`3H6{@!>g6FCOhJfW}KKQN<4&&;B6|gaEPmXA9K%_iR{0-=AgTd_lw#s4U2qy{r>jjF}rL%bPMdVz=4`(0SzY-MVRv8 z)ru>*BKr9DWi$4mpT32un;RSl4jcjb>-A0$!lSxke(NzE3`vzfp#kBsG(npf=MfZY zG50U^K&1x8lK>KPy>XnZNtl^4Xyh`0Kx%m9Ti@QEk4+!>sp4MJYuHg)G|*_Jkd%#& zF=GdKVnQbo(2Bu^xTf3V&J1Y;sM&>M8=mhlAMqwyLcv8m=#ucnBJt`3E1xXF5B#@*;SX2c0=HvhpE8 zqpP#Cyu;w^FG`21kkmbir4D4UWE^0^eX&@oZ1>eA+)x%aJOvb>gFqk9?Z?%+BVnp> zAcr_5fYLSm)Gi9vii>?rPsu0{fjL{RBGBaaIz`{>b=JJ1w<8h59>?gs0@l2xa3GcL zn44=G3u4_DL|~KjTiSY$euXA*X3D+?_3}oymj;*Q%sSmXq)3lW;-?I)r5IcFHw{A7 z05DMUy}g0IKv)8q9)NnI@Ip{w(j4omu^1E2QYeP1Sa`PERX$lWXKD7WnxjF7L=UxH zpI(?2|0(mDWab7w@FinYJy%Sh+O=|%*#&K1wn*>FS1-hbh_WG-f$K7hqiYEU?wyl^ zSyJ-p?1g2^9AkfGSM$+<>{;I>BBcQbH6O?0QqkJDq2^$Ch9~WF*(O85Wtzl3slea@u z#Ye5?Yol7y8G{8Xw|!B;mXXunZR#V@#AwjWo$Ql5ptCm*+r&+oyrkNz7-js%)6;FxlBf>1ody zQ;+X|1US*xL2(W+000i`zY1`Ke++PG2_X?#C6O&nEys;vRG*jHRfiHK3$T)GW((|- z@cP4$Y9R~ZHXG8!P?EYIEnsz{v_B%go_JEb{ELiT-&JKwSR^jj8cy!BZ?cA<@7j7q z=q9p}Zk)?GOLe&)4*8Ot*PZq+-Yx_`Wn2my!S9|fR(81C%-LYRGSzCIKfbi*Ssjg9 zYO%J*yFC1%Z)$IRG$V)3B|Ez`bZBl;*(#gdTph`Ht7@U`UA;YB9iR4Sd~{}&)Fz(3 zw(djWUtu9%Eop0%tGRgm9Bh8~|73a~%YbZ2lp)e2;bQ2O05{PhGgb?qcS5a2YN|JM zsz6YET2?j+*F)Du;nlKWQ}4pO^CZYFvy)N@pAx82858UVdRva#$bOYg!{Rk}n@%#S zY~NF-Gm=B0lJTwc=)ewIa~+40heSKy`*FyA8MX9X^3|E;NEMQe17g+QgoNgz;BV3Ql~L97iGnsp*Hgt3fy13#=@G5vx6X_DfYYWXD|e+JNvBH z)Bud*7T+3`LB8i3CTaNZloTjVa3Qri$()2zCvEEt-jVhGi4qGeyOj7yH(3AH`9z=5btB$ci>2D6 zIP$67)rdl2j?O7sS!D?q2fjtdxCvGOdQg;D-3}wW0wCO+LV_AjSQ$T8Mkbl>oK&8; zvO}2kf#th=Fv5YL#JWL;HA|*lR;&Pz!g>ceWOtM<9%sDD+6d+2EBQt!6#=NQ)4MF= zXU%2Wx6Oiy644sXiLO@gX7a^(xI9u8B5ds{GtFpSFWJUaMNEbd;UQ??0pGTr} zj2P*{0;blD*mj!^PRd6XBPqA@3!||?ZspA7Bl!Ey>Twg1Iu6 zQozs04$(nuQhZ40(<8qZ9cfR*R@;3rdq{Sv8MN7&Ll+?Hxg&n;>pdMNja$xSCh^kTCJjMt=~MGK@~ zpXap?B3AZ_)2kq(Ka_3Tl$gcHae@$o`Z0V|6RaLji_i?!4bz8S4Lx5cSA_x9ogT@REEjUz=u8ComNz8~oA(`TR1t^Dr?6 z!9r^hed)jlc(Y{S&$vK`^~N-`@k5nNN}5#-jcTI zB-Wq?Ay~bU7n1}=j4zDyC6wFDoL_mtA0*MA$7>I`V!h?P;ZsH>xasdO?Exj zk|tij%&L^}O`s4VP65_5e$1-U-Nl8TX2P8~&e9Xr%OhpXe&D(qgz1%0Eyr;NLJswknu_Ux+|^~N=VwF5=PWCT$tuA! zC{#51kV0yJPGH|*$7vX~N=uHe&%x0lDT(F6gLg$K_l+Tq6shyn(*kATL6r-Lat?N8zALKGD8f^I3T z*Uu7SWp9Iq2`k%`- z#B2$y3bw7#57@pTC&Tg2Roev(7c#?vM!|*1eB&*YOHCn(pw`J{->T-q*hDrcY}}mxi8W)6qshm@OLrHy-Pf z(*-{p(00pUQ?kJw!Vf@0&=_IQXlH2o>S-Tu3$E}vdL z^d7R~;BY1Z6Ie3XAK?IPs?82u*?R})x03uG9KBCaH_HthX5!>On!S?!Ktjyg-3U&C z!Geaahm^J6KBA zFGzE7eF6%s-gWnr5IFk6B32aH3Xd#_Gd(Vm+VTnAj%5%!L3?+nuKKX4!2JX5!$7{= z5Kc@64ce>lm~|4Ce?P&F0@w!KIs~H6VBT(NQ%hDsng{!JwmuM|o>NosUdOe|Ej+#c zx?Q_y?iHNKX5a=bmN+^5m2FznyJ0Ef1|%mFPeIGI|jxyzkK*WEJ@C}0$LSGZX|>_6|bl= z%LtK+??IrXz4d>cK010KCwwG=0MYLLeC3{X+j?V7%3}~!E@CHi{xTI>VC2AD3+7J| zf_Rzfa(KsU{jl`@LQ*av(d(bh-N*Z#&4iK|y(qh5*Dn?L>0gTR`YqlAd`H?)ot#mI z5RhdKI|zeQy%B?8#}AoD?KEQh{AMAse{ub&{eb?TTwG)0euyiUbiI#-*bJGxElwMzyGz8$`L~akZ>z}# z(4Jea{^2L3J#2vJ#l)Do&oCUVr6^_0@kdqYl6 zqdjS?>h3otUVwNvoY0NV8oZMB@?P2VB=%n%BHo_ajpv_HmHm1C&LRG@5b}qA`1`nx z+)U~Il@K!N{ohp-{C_q!batdMadR@UakQ|tain!}bDE%&T#=#{m!1}1lByA3prVr< zV_;r{hIhHUlbMu~mZQ0!q#3OrA5jjj8m=fRV@`(7BwUF|SnS-N{Nz5#8r(NLDOem# z_$=@%_>36eT`c%Dd8k|^YP1Ae5Aq+9%>!}&g3h0D)cwn8{x|nn8@QO*{L6{{^D5!} z<3#_{+}6R2*1*od$lQeXe_OVH?v3()?d?yGG!9NQu8zi5|JFF!|E-?wY^`bS9Bl1O z9Gomn9Hr>S>1b}H>!<#k#||W^DaWLxq-g=i0ovL{NZOBvC^)oD%0-6K-`tx?JwiN& zwg1Bp6Y982Tz_8A{pb1ncKhcY!|-np(9POvOI^!$gB8VRrgk@q$4Q8|J+)L>Wsep1 zn5HRmRA-|!AjLdAM%a?rgbU+-$5mW1#Y?RP4p0KDZv=VMu-L)a?G+cZQTm*0nuF%9_s}EG59$2m zxEFJ<5b*^1gH+=%dxS$)sM$nj5=H}V(4L_{<1=ld`u(__EL7f%H0pv(PK2XLRbGM# za0OL~#`|jXR^cA5j9I3h*c<==Cyyn=o6=NO4l?*K=x9k1?2WJ*BTaJ%)PnKIC`3H$ zBg*<{aD4A_>9BHAKT=j`VpD4r!gnD5XYGr9sDmZTBV_C{I^&3o$y=H_j)-k{gsNcQ zLrfJYi1$KcB=v0GABz0c4C#VFm>TI3YyGPpfiKA*G439a;}x{-9kj3t&c<=J*Z|6i zN=e&41P97Ow_yqloWglw$$FyrWM@nJwzl+{F}ovYU*WoNV{1Ya_uN4A*v#qQfg*Zf z#a2?ofMj;VYM?C`{piyP;z?y576H???Sd6Rqt~K_;xOf;5)_l5%pGks3-cJw#*-8U z{2-l#rW>z*fM$4FyrJiSdltkQ3K&J}57<3bsLkajk{n$Dd13U7(0%e+5r=kaQZ)-? z8dm3MZ8rFPQ~dt?%?dP>+M^epbJ4k zh;m4nudy_n&w{v1lOBjzz7{p;krs64aV&9Ft(*YbO5)0Y>n5kD&z1$`j|po>WDg57s7>*3dYUIz-F%$oG^B z?zU#S4MaSZ2bl5*JohmB!tm(|W>4UNzfRSwg@Ddu^M~d~d)EQRrx_r1E^|p&*tze@ zPQ9`0gkD!gr!?WU5+=|R?&|?<3pEZ8pU!2>`TTTnZ2x>c5v>=+4AKL{^GpqeL4*Td zx(-|@!O}LWgT%y-!faj72hXUQGCNW$7Xc!~b0;84O9q__vy)+`S?!T`&n0^rc|eK0G%aY)#0 zrs)JxCzx}JU8x|4BxYUQxP}T&I@Ob&O-YOc!~{t+xVgh=e8xOYawZt`)nN=N^DNkm zq0p*jSY`s*%$oacZKx#K`mSecO8epD?E~%ovZa@D1 zq(cU3Wbnt4w-UOV%nrnq2_}@$id?2SUS$vMgTJ(j(TpB@ILFPid}%cnE#bsdHUgHk z>=bC)m{?V~bosEe22z!A6f6!l5^!gs`#NkKAFXWTiovbBRkSU5cR2F4drf4WCj^C+ z4VBAOR9d?GD9Eb0>w}R^I(?4KF3oSYFPaiS8?Ccr^c-7|Z9;JG^}R!u9I7gKzQFgw zLTtAt1)19POZh_Y;_K?bsla&|LC5Uj>-1TSb2OUY%XS6<7H*+JTG=~jVo!oMj=x}T zQ_74wcTTriO;fFBfpRibTL)Sh1@N-(tA~Jn+NB3V#+3YR_&a9CrgoLpp6b)6Yh&mSj%^Pk!G-!lEH4EXDHe>44e6Zc;iKmN)5e@)Tl|0LS}sUrWMeFzvj zIyo2^IjJcLOUqk1n_1Y<8d(`QIyR|TJ0h!~_}FBy(shv32`VUW4`#HupaLcb0ii_* z0*p9S0O#5?ZEa?!Ks zQG5`)%{~a4c+ZI?4FxDv&(Mrs_U%{T&YY}Ja_Sz z-;&=5gV6F`eVoFHbXIB@N5Z|IZHI{E2`KW7QGEXF6=X#>jfn0nVdxO+d{MF(W1Ce$ z03`|Xu2Axf-5bJ~g&Lf5$a>>f(nlFv=>d56Dz1&COH;?0Viygc6aHfhmrdg|7odBU z>dIapSghBZ9#_MDxLg-`3mh90tfk9k#G*3&;zVdp-Z&U=q&a&hK>|i#MKU~Jv@&39 zr}{G2wr)n1nFCO@lM*J{uvYyBcJskKyChR~7T!225Ot$B-C+Sf;_%k}H&8mOG)$}> z=4vBv)z^!BGii6GMJ~zHI;4+2dkR!ab6iV{#?2 zsV3=(JYr(zU`}webX2v>?I;h%3p(O6B=2SmnRA}a@7Sw!#>REhGaN_UA`^MUsDAKw zh+UYp`$pNFf^(RdI@LU4Hhdjrouw2fQG)6i!WJMFI*MgZlDm?UqqU<~G7ubmDiAtU zC?ttJ$t|5#)vDjP5160Q&y(W63l!X%6j?;v?qF5JCBDud?4)ekijtA0w3L1{R_ zTQrYkOvPE*8s7quy^umw5(SA0niB_!M$BRmb=E-Gn)l=F8Jip`_P;(8AN(?`g4;(D zWinu9DQvXacO17S<}$Lp?pvp#2e}<3D+|Jx1-#Mweip2M}T$;|h(lNNAfGP!hfqHEof7q{~51M);64io1 zNln8&=wGIy%>(lp-O5W0LQ?HgHJ;;^U%-Fi9%7FIQ`H}3*BI&_aqpi|fbM@l0g?YY zJPG|3`$7&T22QpP{|N-uarLr50tg}B0!JX&&{Vnn)LG!{O$73YQ3UnBFjMcie_dv5 z0bj3Cdja5$x4OatQfHrkn;qxUrC-ggu=#;&8=oS8@uE=Y8uBK|d`)Mvw{TZbIoChh zn3D_}$d`MK+DW!*k7}+)P`#d6=a&#_r<>M%VD?W;8Mkaa-#05bb~Roamoq3N=axzw zhjt*-Il{i}o`U7GQ9+X}QIhXHK{)t+yy9ma!{qZlRO&lvuMf8WexP!dsgwGVl}8~d z$0@}2M%@NCop|0<@eTdgTK(cp3z_+|5*~p6YOQ4dowbs8uyu1+GI4ORFft()GqEvo zFmN)Fbar%-uu-WTjkRrF<{SX;6baTI=9`?SZui zpw_TI{oW{yAPm{(tWQXHT>7toC0%SP+t%BhU!5~dRy74oKXLXaA>CD2z7m*)o6v=E* zTA&-!lsQ3_g<}FTdOue(N3Bm*2NdPfrYTR7PhO*5S;P-=3<^POm*^V38wtm9ZVrt< z>_xFO0+MFG5~?&ULP`Xz{Sj^>QpxwQri_I)yIrEWP(pEPa&5ng;LfAkRkUVYE{9#b zU}#`t^$jsK>*5cC-`HO_;;JM`zX4yJ(E0EK5$H~#*ya_KyQ!C^C+06B9g>;S3!a6a z_%TclT8uY&Aq~3fNqO4CV)twfQvB%x-%C%XNX)`k-NDFL?E+}x13 zdFO3W;4#J+?rI`^n^xjxNRizfXvw2%J$k!6G)J%>RzGEIW-G7;&MxNYD!!Tj71AJc zdd!2WGD*)HDLYvZT6m|1;xPvqXR<8E0S`%6p1q7D+z_0SdOhU!{Z4#5Ft}~Nw)2=p-$168Ce1P1; zLa>M-0VgXm-9y!|2AWqd$0K>iX%koSt^QYSQgHAAX8owV@H~3pLX-UX@0joCRx5Dm zn4%5ELMU>XeO@&MMgaD(?So_($FeUChtOw7O*c&~6aBVpDf;Bkv-q~ z5;%*D%D;+j@+@t2tsAFY1{id<5diO?AEvOvA42O%Vpl*&b_N8tH192y2lErIBAQGK zDLW|_~T6$jCnw|}iLcfXhk4(619T_Z;jdtYViBI~P57ba~U9xyf zRjo2+l`BPRBoV`evmgf11zTz7?a>ZAI5wI7V(Q-)VS-TGa_%5t-ZXM^;AKrei?{-3 zmKm;)nuMY#>nPV1Q$FJ1wwd20IYS$p%}jU@V^c^nZdW|z60I~DM9BAL{06?XHUOW) zHP5vm3b21am*jv0RyzYkq@b_aH%65YJq9Tjv+*j5?g|*0nmo3{gc*CFATZ0_)$U{ z$&}5XVv}HldQ4P|%^yd?9o5p`X+bhWK;ceI-w^FZLYBfE03L!z>YJmE?=Nus8B$*v z{O3aX;h%%h{|s(_kz)V*ZvR^{`@iLYI;0oM(b_j3R|iu==2#Qt2w~nPq#6LKbwKZN zfVsFJE2IOtG^^0Bx;5C2OoUs0g-(&k0Jr9O)x~uWG*~x%mBx4Pb<0ZYFU{EXiXopR zRVvG5-kV9A1d>eV{I9QPwvXwD?iTo603t?K~T1fUKuaO3{5J#k0>?UE0z zC?MaHbs*o?CKjAOnkguhWPk^A`zQn^A`en7<{|+ik*Bc7wEB!P@kvMi}T2H&k}pQ4*y67J8= zjM%*7No0{mT*jEIsAZGvC+NY`LJMoUrNmkgsxOOlPOCMbEJ4ir37lWjT76PX-&Y@{ zm6JT!O%k{36B3e6{=@i#CL+Ak;Hpxdt`bM{EZ zIdbBhQWAxl*ci7G7j-D89BAFbJtw}-op~=P+F$=ib2+tnBUZjTmZU;Sp7sDCHR&W) z1usNQ3_mjhk@As>GK_hZ4*``@PqdZtyu*78?exl-40117E1^V zQt)m&&%qf9gYjP41sQ(xX4ODBbJi(lA#0JqmKy2a3l?Uljr`7naV?5Gv!CkQ*35d@ zsnL0cBn>T-YMO2B%~lrPBGww^5snaK%9^C7Rm#DojR7UfgXeAnudd#{ZU2+P)ap8^tK{V zO#&%Bz5TsS`oM%x1z3jWWKowlc}Ip#qE$Rd6&s7gx=D#EY`NsCqu?@S<-sH#nLsg@ zSvi5uH1W5hT@2=B?6FG>Gx*Gv*%77&PtYt@eIk&dGI8CfZc{mwHehD1kxsFDE&E8I zsg|pxFnngGr0EHjx_I@Nnv+L>XA>^T9v z*#rFM_t+o>7tGqRwvNdy2%v(ZDxNe{ zS5?>L{TL@~JfBOS6l1PxnL-IjH{s8F^$+Q&OVt9D0+;cDo~To{hAZp}#br0NGKaSl zhKlhi+v9D3QBh`5&Q&?Cq@XIlRjsfqqv!DA9|&|K&o`XlqlOY0x!9wk*5NMLBQxc! zDX(p~ugQBU3mKUe89g1#M{DapATd+m%GJh#?+>>gvRnAtwhZ8(5J}@k0nAD?f{6>-~GRQNc#DT2uriI${TT z_!w4RYpAP*;|8OPu4^JJBUa!M&p?`csC2k!Uv5+U&i|>(c#C^})Z4-z4=UKmBMQ4B zpg}9p88MrSa@f+e5}w&BjE{`4cf&iOjyO0#4Tcf>dG}0W6+c|^3%!5yVBkmAaV-`v zYqqIE`VlkGD;umYI{(m5j-H4a^~^tas~lv|pDAWa9N4>)obXWd zOXnU?P-rI>8rXPUVCJFfL$$x`_l7qfYd{0Lc!;9qtL#tky`%$+EYL2cL7~1=4xB9E*SJB8_tI@bkMr;@=n^YpDDiF?=EibL?4;^-IoC3%S1>X>k~wzk-E8%HfjQ&kdA`t`Wj2u=U5%xKJ;WQt$L7 zB)-@Ze5QsjgWf+nV&$lum<;Cg7E5NUHxc2zl9a-oF%IG;4geHre*7LX^YW=YXnFgz zIq-EqZxj=NkMOQIDV+$C-AzO;_g5RJR^ryB2A*7kh%%NIHd}D${zIRubSDp}iAisO zA2Af6ub1)$;Ix!Nldakz@%owcQ=W0pHzqM5XNr(20^1v-PF}Xmqc+>Ce^6NPwrd^CPAVGks2zT?(DFN z_6+t!y}NE>gv!P^PtueQsOV zWrtb_wO~5{jGSeBF@1RhngER&I5U7i^@xbR6vaIB+B8 z{RraU4lafCWMHj9ec8IseO?MGw<@7$=NKj#yQ5a};JtIG9ig2a#EjOP-tCGSJVG8~ zd^%dhO7DiJ8&>I?NCjUWr$f@TkT55i79zbdBXz@|OWEQcR6*lQ8|tlk6?mZoZC?pq zDE9o7HjOQbzeJk!Qu5&%sJLD9JNc!mYelLjf!M;)A%QiK+&LLj_f=vN$43T;fg0zVk*B8Z-kV_=2-ceS|TRqFfo1k zOS+k|4S6->=}s3c#uz;YU&74~Ah)+XahTQ&ZNUr4c}~IsYNjxpgPA1s-qBpMWl*Cl zZZfV6dkRI5j(99(!c^ada>9g+I#sB_!5q$=k$VmJT@NlhLC6u@WNh46>RF|+yca^7Q_-eTs;7D+qB@?PYOfDAsdv;HZo? z&G*kXi__~)^RlLb%q`_MlRIB!s&?2}+xpW2sEZrvy{;{t95PRQ6`tO!eI_^Xn|x%K zIb+FSw{)#BZuWS1_!2|z5+gLzUFFHavou(`V?*GGI#e@#c(h$SYGHIC_<|&cjBF3 z7)Num>EbPQnHK|C9vD8JSW*v6urB|mN7jrpdd*V^pl0T(h9ko+YnXs$?#6Xlkx|uv zx@s)!KOY>{V}`A9&KY#TWjAlF8h0RPTEFaZZy2%fJTueQb%oJ1x7f#D329q>V5Ew> zXj2v&WF|#U6fv}Fj}M^Em$xcX4y(*NXw$IlV_ERjBy+A>Y1wBxvDBp647L<|)(dg^ zVHcU%7d|4nNZ8ujb3|>;@7Ogwg4)z?*j4htwycF7xO{+Y8qf{8ULL*HbYZ!!&kW;v zLhLly4!&HW@6&#etp4nQblte=<$3OEUHJ{*W6tOIaY?r;_S|CM^X15WDn2q0Gv_uK zADhd5T<43rry$0G=lD8%q#pbg$fu+daL!u(n*0oe1n3$tth&WYeKlKV!8`IuH9Mcb|)6xCBT7wL&eD} zAMh&Af$ytYGiY!m`x$JO*h4w9XLKavRp1rSL#211q%v$~$@)7#X5i!;21ns!AKDqP zTlwNHc|FRv!unNnE6jFrioL>ytc)vsk!!T%nnc1o?DAacP+pHr!#fq_iN5^2^w6n& z^yrZD0!QR*S|e$XJDM>YnqopjU~QVyfy;T^K7@RwEjomwWx?)5hPl5jRFuN+oF)Q3$s#W+NI>Rt=10NuojM$Qx{v zykBVF-Smt(ZuQBXZOVf;)V&U|_SyZ#luF6P=}MRl8xv^fTgrv!#(92h_v9nRc!_MB;dDKJ7{kH@`baM4x3dugJ5I<)Jw)u|@Rr!iu`1~+K(CkN4JRIkwEo#qQ zXsBk&*D#dz`7hw^0_ami$Cz!Xa9RenREG?}nO!8EVdMvvW5F+Z&IHfnU-1W+t2^t{Sr2l=PLhv&z3{>ub2?p|4&TF zUzD!Nf2ktMQ;Ns}2){`oHNp@Dqka^WL8O70sG#@);fRN8qSjZbyUk7*GZ8~)uC;RY z-IDT#=+;F9!tV-cJj<#Q@a2KScPuRM?W}AqF!A}|d4t!5G=UI?VTF+}1hEhNx>%Cl zK2+67Q}rBa+!P&1F4<|EIuV45rBa~b+;L_Oz8Gi#C}+m3r-XUHg`#6b~h`l!p*Us$G{ zjDA&%N^0nyVn(}2Lf1EkB64;|inc}~Et1xlRBMV>O<1UVT}P;)%x4Kd?aeYhUFzVI z8B|&*+PrQUvNU!52{bJf#7$?%;@6>&5V!JSHrBew8w;$Pv12ICh`j}ojx%@VKi-iP zUtB{I>Tv?_@%1s^$)EhBa|MJ8PlK2^+@UB2gk2BdGI}yo&tNsCY7@W3*J>ncH1XQJ zPAj=?-{6Z~%aBZ3jx-Dx;O5h@oOGoGaD*%eoRe$0x4lS|x2oTb>^Eh0@vgDe;b_N! zL)wg>w5~fm32_#tx7H5Prd9w4P7+CiV{m8DwN-KVW|FmCYnQ0AIBsHJ#fzWL^_<;#mu8m(0ly7m!2mc<;<^e+^3B)io#>iYj!E~iZQi` zU_vf}@aEJz!U#owQueq(96+4-KfV&sdJ*U-7lKvs%Mu-Pb^9VHr47kg%OT!$9!nVj zwve+*IWRU(DRT2baxRGc+FG8+rJm!IMoa7tbu0R*?-o_6KD0>p7gOjxozXVylq=35M-?(u@3o8pJcM&TSYZIHlX&%Y(GqU~s2*W+Wg88cQAbrB{+pmR> zfS-wF{=!0!KP)B)$R51Y-=>V8A1=Otdm$;o zki^etrHkTB*&hSDhekGWAtthSwBQqSezjM-lXr$Y6(#H$NrlJX_D{^IGZe)ZlMN_^ z7&n=k#S5s08W_To4)jqjFRg98QU2Kl!%NEaD4asP2PylyJMH!%{jjkZl1n=_Q>L@D zpLkD)T=U2)3-Lq&w64n1cRDpzc%$NUGBh}&kU|X)xl`tx515SJi0hHCkxT0pxY1g^ zSgi##g$ka&dl?F3&u7Yz?|`DQF(M3#6jh0dg;g?~4pHye>RoqGUmP`KN|OW<^)Rrg z#`S@)iW`xZRs{fqYiJ4x=gQPeLij`)Bw;Kl7)e2z%*qp1+fh_ z;VGNTBJO`RPCR)&7utyWm`lNL24UP09w>gj36n+$PB#+;Nf2udw$isyrS!d$Y+Ju-I)3A=Yx8cG!E3j{-C7gamI?t63`)>#i*gIgkf3R8Atw=>899 z?--<8w`>iTZQHhuUAAr8cGWJ|F59+k+qP}n=>6Vva zVW11FECvTfbc(U@9f(8TlIpq6KMI*dg@($GpO-gQ3QEyda@3d*N8q6Sj;^6y>)J}1 z&_T=bJ%jTuGaT8O6;*WOyUFU##Ef6{_UOX9r#rB<)G~b z<#CchK_heACrK1LW;3FS3m;`A5i;lMo4(eO53Z9RO}R8RTwKmO^c*>hww0rWYOY_g zTc$;t&neQ0_QADg7m-5=DN~wL60+tw33=)FLeESkymDZqYC(CnvD>;AuxD`^MT8`N(UwB z-oDI7_JamJ$1M_<%%Vu{JG+%rsVXVcvOk9GU4sN&>qO#wrimv##8agh9&-d4JWH@; z872C5inT3D?o%k+48bi^3ab>;7*zXi`;0rl5D7QNGP89 zB(v+M$0seT=iB2Os28*nj>tco#1r;0FULObTt!+%=}5*V`Ql}A<_mVD)8TD8$?EA> zN4JhkN~6-kwza~NWwVyXlBJNBT2lcv)ojqW{=&1_3_`tXN;VWFj6TDkM1Nogh&I|M z`K77%W}|oilBMRq95uQPt$O2ddZQXwnf6*4t6aWq{(^_w=gA{ z9To>{LTn_HQ0jUKsp?^>4VpdMpBCXWoW0R*c1Yy3=yYiJk=_nN>)K)!TI!SJdmv7C zJ2<$%nCfj*Uzmjg4rBFourWRhT zyW`w=^o00k|p+7FVRT(n@|-NNn~)sev@*Wr`P`Q)&S)?AuePAPU)=C^SZeq-Xz z0P~bt7z=~3)Eqhiob)xMt5Gv`n~Zf98N zj)bO^i&9bseqRFTHT8@-2+cEfJTvDJuO zf4qKDRo5}cdmwZAU@*#^%)?5fIm!K!yM6y;p7b7Z2$FLe@|Zh?WF5u;dgT4#{rV00 zjwp6kqE4|;C1322<=OKh5b3I@m zn4~w{yFhCAN+fBUoxp7;0`X?XfvhNfZMbJE+@E2`ew&@N1O1qa{KHLl25)?3Q3>#- z3V3|WNP}i=V4T3CPJ((u6!~FI$fgvj5N0sQG)MQD8SKU=>qjI*Z`iLyyJz~zxYszi z6KJ@~O}Yu=x6q3EE**4%sv8sHG1&7@65p>+1}OO(7xMoKe*OC-PW%5pF8nJ33~Bu> z$u52Ue3Ok>vo!!BRio1G%_Be{3irb1A^-^s^^*MV15Po9@Sn2X+_E>fs4}zS^{i-I zlC+vzRxQFpDhpcKLjnItz5%u8K`>}cQ3;|Z!8E1cx{&L z;6jNU0vR}ecb!vGfwGAUCd7~&wXYqBMl7MFkoC8Y6x$fE!D?I;{IlLYDr;RZS1LwK z6FEqM)KMM54O?>|w%bo<#@rK3ylC1T)mL?Kj*MMSE~d!=m4g7IvDI2?Yh&}3pZ;Fl zG=WyR8!05M*2$~fMzgA+5~di*%(&eTBE49um>nO$mNC!WURm8EUO@(*$>hLtG|#Ss z9lc@Wx)>or(ZGOt1SIFh(M^SMUf)D!*_9d&g}gwcyszFD=^NQB%*92tH;zV{B2Thv zDTb@Ca&{-FC~=2UN?xsKngpBp1i&kU$6#a_lB+#s>(ZE`EKxbn8sKu3_x#$N9=l}_ zdZ0Twct>Wcks8IBXuK4^gEbpvIr@ls!C#mIKW+l47wCM zaa+8#&(BG) zS|uD8-cs3Hod&|VnL9;$i>16gN^VKbQlvB(=1m7Un4u1h@rN9mUqM zPJe!PdA~g!o!Y+q4;XZmITl90_Q;%XC(&v><*I4NcE0l2bZMBw=$H0%1g5!~hI-Tj zNC8(s#^t$qD=CKF7T!*;0u3I_h|$-+u%Ib$NuotnojunyLh1#vLTIc9CR)u{@eItj z6WVe*$A%!n1z0(S3IXi%JA#S01$CM{HOd%K#xz!wR?6BPY@BL66K$ZntXx_+mpD}x z=w>%+^PeZQ^;!W2E^LB>0@YuMG$U8$$Pa(QZ%r&(k#R6r%?*&n4ZD40)#S_Ugp0*H zhlSNgYGnG%dDPpQh?U!_c{epNVM2-Tat#~r8>3^fJ5Wl(*JYtkepg=-^Fqh}4oC~! z5Q3WSR+%Ki4bwX9Hx;l|uW)kL0Gpz2t)ddKRsD9a4t}_mIKD{5<>zD#emY?glSID+4@#@iE>UD9^IQ#qmnN0u8Xtm;~&Bhv1It*;FA-5UdQF-?b zqSJaq>J=NqF@GazDZ^i#5^KOJ|?pd{_N2jg!Fq*uu z;$K`xeZ6!q_rrN-&0j&dlI3Z$^PUk?s%+e_gBE=qUl897#Z@yf`$lY)b&d@_g+3pL zh?8V1MmeMHa}6%dsM2=_V#|21^wVt)rt*lBICu6=!I*kg78fvg(?&d0-R*kOG?Pi2 zH?4qo2yQ;1S+m>)Haczqs)B4;?y+r7OP12_Pz;ulUCB1QzauWp6297yeBlbvUkjJ~ zxo%`y7*Yz`S}hOX(S>$1pogApKav6wD@5tc6W78%tEfCk!lLipS~c6pgZ^-!f6xT` z<<&5CYgMf~E3c;|XZGlVA(J4a959i^vmxxF8^ z&)iywVGsnb#14W_f&CX`Ijm#OMe>0IbWcC>p}

IHe+XxTuy2ncSWQ@{IZ`Yc{I% zn6+=Yk%WkD6+kJCig~#~1$Pg@=DB$`H){&4bbP{xnq%NzPAVv?g)d$Y<6S`T&c0i~ zc?@8Q(c2OvC9IUXZ+K?*NCevVZ~pdNNZLfpS%F9WeYr&y(bzX?lgOo{z}1d#}N}l zGE`x$C4SmZsWoGTc9HV0oyJ?V?cz4B)s&)LybMS;{NJ+4cAmHREdtr5p;|;$k5NFK zG4Rqj#y7NrNURTg&*CN%V06s~&UyN+tQa;`uGeMVok=ngE7KBS3CjBDrQ_6`VHxom z_J=SG!SVFPlz385gVY$z5O)EBbn1vv&g%-O@$d@MB)pr%ssUS1bNU&Q@Sut$LeiL) zV+@qC(3#N0ak03@Qz;vZwe_O%itM`@Nn#<)w%icJbJ6-dwk@&|&O_WCrFcT3noN?S z4K;EY+;uRQuqs3JVzn$Oi~$AXVDyD%;|j^%g2Pav#VE(^6Jf4RwPi>+DU3)kgK70) z@0jEVGHLo_!fC=(V8O+&1JB8tTdSpxkE!+2cPvU;%Ty!kiew2I4K1PUVr&j~keHUw z1H$A=#^sc#;l~!$MO;H*kWGQONhP!uTGcLf9Hpb%#p`WjE}vylssEzd;DQuP`6$Mw7gD4`*G@P=g^Hew~m*8_N0<(abW#yA3Mb(PaR1Gv~ zv`(3LO>CQz8!iua#r4h0)JaJC5DDdlUNG%KHnh+TX(_h=xM3+^M%c-q++9rQoJ0C+ zx?zeM`eTA+rpraWAWlr?H@C6_L3A$Os+c1MefH9A%A_g_iLDai9)D<9i?A zAp8Jrk{2f&Rc)|pqnlU;oUsbi3u1DpeygEL6vUe) z=zkfEHthJW**)P|feqLE&Hg4ym25{WQt1ia?L+TGUR_*uOSEM(w5iT6xJp!9Tk*`w z#m}>%`5Ra&=DbqN>5k2$0vaiW|hC!{;v56O=~iqo~-lYb1nA59eo(+3XhJ#(5+%T*y`^Yr*q`S;?6N2&J!OGa^gI zlku(TlP8Ci&ulf;$+X4RO~x6S)T!=a=YzB-5k{1P2iflc9Tu?(HOfmSa^;v9$`)4% z$=2v>C&d|kpbZUgQ@Nr=*8ARXk(B7_j(J=Y^t_8mWG7E~)vI7ibh2R@c57--V@0;I zt};?tf5>w@gJe3J3F)3hD51m))7>8c6DIO%@-pdpv zU4T3RS8`xi_t8uj$!Kh<+|w52V1q;jg7Ucyg)aG1?o6xlkaM}OQDzl;t1&zwL>Bdg z#9|+jktSp`;J`3t$)wz9IY!jV&?}yZObfbX_n{Fbt$dfDv*@KyS0!(fUG6_<3dX7L z7~BzpSVCdHL#_dSv?Hw1x@pc=wHq!0(>53}y53XmKB>=ByD`?CWi4bGd#@3ChL2T* zYh-+{_FJ}T$#YWVU`Cf5;jP(?cO`F<^N)G{j-M~+@GXG5zc6hfOMecp1TRaQChANj z;cq$w)tn5D#)@sMtz2F`XZUo17cteJ;&WVIMim<*?Uprp=r)yr&?Qx(qNJXtw2 z$GSQ_en!jpnC3NgJbCiZr0hYI=DP&uQ}U%wy(g3<#*D&VGO+KYmR!h5$R<5`R=eK3 ze^bF!X3beTyA@%LK(G8eVA2^@RiUAxG;-XK94xti^+)!b6W|JMfO)U@p(uyIxbRos zkt(xNX<*uOtCFr6ln5lhK10D~y3Sh=^X&`1SQS{3t5Z7BnfTuHrp4 zJTS6~x>coJg4gWu1@)ap#G_y@AGwHUIrpvjfD9MLFx8kn7^R9|k)F7N?scMFuUl9( za6{4uVS|jne!gS|ki74HCL-&*+O&)6g`rV39_nyrl`vpjiZsqIh4qP2$rV7MY(Fsc zP>Mqb4)2or2&H)8FzwwPUb$w=Xy;K^MmRm*wF9Z-=(#eTfRp@PfTX`_Cu!d(OX*zG z0-J9q-*7=rOnl^hu-W$*;9w*+&|0?e{7&hzXZO^}w~|!?x>(0VJ@u+-zHm;o{4>Ld z%+5pS02$qEB@C}ipzDicNxWTiRY69~=uhg&2$I0Q(pZ>UGN%o&oRGm0&JG#e$T~dd zoi9QgCZuU!#G0Gn$u0hngwF^)I!RK$`;=vHCHgYW)mX8Um&2LL*a}f%c!l}Suq4BI zDjpIrMJ1Hw!aSym>a5Qx+#`hE8QV&YemO2~V4Q_FuSRSveV)Q3-LVAwdo*lE*CnX9 zuphVv?heK{-!eLIQMU(6OBhqFp84jmknE_Rv8rNL$Q-b^wuv_A8{&UWM}V(bX2Cbb zQ$D9FUpN8c7D@%~Eyv zR|*C{^XfP`0!1-weCI+Z>RI^OzHtb8*Y`glJ`{NaKKUs< z(d(Cg@^?hKmg~gt=YP_ZSm#-E>$R-ZEjYg@xPDS|CxU!ox)C!(84*EvA|*Nbp6rm~ z%$ca@@rEz-KF?y9puP^0iwa4SYeOEeI~l-vi`XX1>7fO&69Kd)(v(wNADspB2$mbi z6~0${%OG2*VMpP8p^{*GJY_}7Aoe?1mE<8t4v{*(_~eDpAz2G=eUr5AJf@Zu-Ki!- zA=TyW_+uUPI8BUOdN}>&i5~prsJ+M3PK3Hr%U6w~ZLlA1-1k(D=7vA?mcAdP|I^pA z#x$~Z1oXuCSMSfwXfjbZlC>5;Az6m^cW0+ovFkyq)+>$LjaFq5YA`$_j8JC$X5|aL z%QE>3KCRuUj}Jwn-*``}96qUcG36Wk2;Qg{1ta5F(S^);spPifS-Xf2PED;G?en9) zBteUyUPOu8LF+HwHx$2WemPHjK|dQk(aw|wgqmEQnn4Kd;JVj z(crNQj+BT_Wx7&zzij@UoDBb{8ix$4(cvZ%GjR5IuAxuZsbNKMgZL;13ASOb}yzg%F! z50koXSyB@EdDVrd(CN=as_vUe0h!H`ONiv<=K_!13`kR6A3SGqZr{6jIhf^7>0#7; zt#)YirYrLiMTot*9XfWf6j+EE2KfuIX+Io$f^j_)nFA+V^dcs{gu=Po|Ax%yUimxt zF2s}f(C2_XUWUn>4*;I;O`Y3vO4UMtLsr%x)zeKkqYYhayJz%|(5t=@VA7$5FVL-4 zeQ?o_DJZ``{59w)heYzdpqV|^dW&v38dcF$T{uis6nG=TVP?|Z-)#dJd* z9S$SDmvFD2-QfCfK3%H`_0!Mj=ND<=WkmDhBpaV?fKm^}Z_uc6-OkzGnC|za|NSUN zCSHrq*nYOYc6W9du$;u!eqd)fm6S`d!)?lHQ4Ddr$5bB(Popzr^t8-_*%f&0Ogpz{ zAh_vs4e^FD<^%F_KzFTdb2Au9%v7lFu)#kp&e?O~=x>rGhmPy_OiL*I7Nj6lx^ z?Tn|nD{$R{|JjeJk7Db@rJpc)ZSV&5i_3Bsu^rwqX4g&Xa+kRtxo`ydNzOTt@qn|N zd*31PyD{(a^#68XY*0l1GQpta*D-4}oadF>X1-T$?sX;JVc^{OjSUl{@M|YM8XT71 z=WpBUrWFbn8nGn+GE9yF2>zM<^84t}3+u7qeZ7)V^Qb`$;~>U((_?iIztiD6vsm?i zeJEY}3B`sP3NWBv>>`m&tG$z%dssrSiBD_9#)yZ-jZla+%6P0JkJo{40hNUpP!gQX z)Y#EVag}N8cR8tMF|S2nc*8_64EK$Z)zVVSezpv;e39{xr3SN@hHvpF1gTOH-*aeB~W&!LPBK62ZQ1K&M5ssk>a?80WwaB^p^tOJ)@PLewtc5>Tibou(qau1qo zx24y$&8`RcYZI%w9Nw`#z!NF$t&^6JHRexuKx=#>3ZIe-i6PoZ81)K1+*fC0$nr&q z{WOkpL=3hflsFpBJKviar=7M!OwFuA6GbB>e2oceM zX}LH}Np|qn?>!;R*r=BE>vDwF5@m_ltUw1G|9E)-((qY)#j@w@<+VzeGv@y2XrZ6V zM7Vd8I)x==)J!5|XOlQ(%c%p-G$&!=h=@H)`wwI$<^)tV3b8TH@PxbaxbS3bfkS+v z0b@30hhM~G@0BACX4)TMriefKY&vdmaO04Ml1c6+)scw_ z#+5X&SQ->AinQ3qan}1=Xc{!=qe%0LVwTC{Ns81f5?yR#Uof|XAkOOa`FS$zWVL3G z61dSUWLOCd%9a?*F>KKW0MjYZQA|cmi$5c+>l7!Mp^wume{z2-&n*Axoe+MDWE@Hz zr+NjrW~Pd?fO$8nn=4&RttkY?v65C>s@2Xh=i_iphmVfLl*SFg!!?^+-23r7a5qYZ z`&q$mh~g|qIfP1LxK9AoU9ioJE#&PD$}3wi(7CC}p+et)m=Q3&Cc;I+#B0e&wZ&2? zu2f`Hx|hMQPM42zB^WET9Mdv%|M%^tE{MX9gw?;Z&!VP*=7GtCpNMP?sySs zLm?__Js!CfcDgaKrU|mv8N$R4Tqe0gCcRdx7CK$>RI6q)la#Cd3WL-V#C0r2J7hx& z!v{n|4nqv`vBg^P*RG_c5l%(`a+8W)q~ZFhMB^@2rNapk$Flk_FB<&{<$T&zp&N%? zZ_R{1qVH=#v+L6hS#`~kM=xxOh7bbopTq}Q}hV9DK627xKyAqMJwvIR{?(hB`!xexs6AU1ptuo z>wi|F{;#T8e|zTsZwCZrOq`qy%uJmAhl-bpl9XM>FNE$7wa82T><`r_<@B+{! z$;D#|OL#@{&?-@`;vDa7>F~c7KOj2h_%vyKcIk&fes{Ke>2Qy=XSY6{4^;zdpCF1F z<}lgp0DNZZTKm$QGQ$-iH=ZUQcYjDcr{^G{`?t8BQ#z9Ht6L;$JIvf}anZ^tAF82>_BnZW zw{v}o2oUs{GzK@G9L2tNXybe30(B(U*QjK#0}p|@7Dj0$=C!d_+!xVTWjfcYak*AG z7Dbn2#&neB^NyUA+9GCrckkh6$-qB49qIGp@ zGP1&9$*>mSNCp=-G&eKqFSWnjY@N5@uLY52Xo8f21?=2TrqdofW;>HLJN&*t?%|GL zj5LJ^Glc#mLf`6{5Z4e}M>Sd_^)?vsa*3*@F$Q_+e}_H8oT1Wi>PH!QZa?YJedewu zw(&Yoasr|Uu$%njxa4V%D4aB%3aOhsj-GKtDsfb!7P^gBE45kx@mt|m`jY@5CBBbi zn^mkDGY6pVVIsOeF{t!hF_zEGe$VjE#0jb?shd#17ZCw)KE62jn&mNA;{>l$sIj5y za60N)%|IA|i-+OxLF|Mj z#ZA3+{ty=U7fxZxyKZ6QY$7;>`d~DoM~e@5GdsYysLVeuulB z?$=5m<|ZgYce=e68HX7%FMb67r|7RoVdcQ_*D&+{e;KBll7NVm_Vs9+ zYqU@nm2Gasy>5LAM4e_cPy4J;lls{GVdHcSbN({L~VF+7Q zQ`)^^P1v5rqbt~b?rpxvJQhW~B8aGg7)ZAd_LITL7#$=`OWp1I>EWd?f&4l^2}GhQ zkp`J?MN)7sOgJid5@8=ye8a$ODM7XB8U70iBCg?R?9k7~%y@>1eTn0ICLc}RZ8BQz zSQEw|?SZJp%xlsiB6g-#W3$aUSMS1-F_1Lc`OlyCeDt||lMHen%~@Wh7Gh#z17b$9 z%c2EykhJf)NXjks%XbFN>aj;k^s{(cx*FS>ni_JKgQjL`CrFTzHOC0%X=9q8S}n4~ zYYYi84i*s^$#vR1o2>U%@3zCS%WH+%YqJl@l`7P}8{R}VJD|jd3ym)m zv`dNnU-S&VNu^8~(%$*?GEdY+CCPLBkg`3X=WrT4ap^ExNX^;aZG|V9uT-lj5M2#j zzw>jNGjr$7t8~b3AH(}NOKQ^DaD{Sj37%!LjW~xOO z52R^p8fNAWGbBwrr2_fmXpa+yJ1IBrr-Q55X^eg&MptlcOP$X~aZU>DGM`wbBPYDT zc28VD(Nk@DjMp$$2Ur=svJTEn&w<_`*rUU?hKh8TT@&&MWm+L8BisTUyDMJ1d;%ST z(9ZNvuR8=}?5UA*z|rvu$s-&W5i15LziJPM1HW;0-x9!^lb+cH%grLA$K}i(2MiA& z?u(Mxb_H&TqyR+CQ0U+hK2!Wealh)&fvMttiaHbcvocjaOn~3Px1(6crX*|~_z==N zY6HV*-OLlLU59|nA<%)7^~M6koW2>oe+NY}hE}aKJ+2;Zq{u#^iuyorG}`9J%=+{RfQCQ(Q^{Xxr2{lI);14=PzN--{j^A4uby?U2;2Ga8|rsu5(WEZ*% zgQK6j$q&hmA?pNR8ytB;OfGC!G_xJcv*h9(N;UpZJW{FOP_>Fo1USh;wJBnq}n z63aszm>vQz$kbX$!A!rUxd5)y#YzlpW^d}LYbar%Kt&wL!6rjU_)7(gjZihU{i+so z6g5*%Gcof#ISrUa0bp#*lVHd?5+)L65{94`;t`M<7&~?b?vRnu9)K}uXsj2sxb45t z31$pF>_1AusDE3y|G%S?e~v)tuduPRfvvL>$v?kTO&tG`I{t5TqGTYqAdkWu<8q-I zJ{e8`K^0c-FCRj59{Y<-be{={ns`vIC{aOCbHVkLeNm5u7%_kDb`9U8^G3lTY_3vf z`>N|^(@9QFujl9W6Smg~#iWrj@Pr3M`e#eTIOD{11c%yFlqc@{N6Hng|75eIN5Sw zDfoUozmMUqe8>WdMLRxDWiEIEMq=WLHzSWah2Acsqxd>qS4K~Fr@1PumbaCtKurX{ zdj4_ew@6L55R^UwxfZ;?L4AYpJ^AW()|ZCj4a2P-K@LaYyqxBwBW|ZF=VHh3p{_d3e)Ko4KP`? z)oDQcsdH`QS8}EoVEFRZUY5Y27iRUz+Ph+@*A1Me;fpfiF~EGgfdsZ6dbkq60kt%D zSsZ)&ck94^InI02|2P4Jr*V|?n0~xck_*S5b4DWY$*m!X_)@|;d-o3+nd4I$VHB~F zK0ib3gw|pB!Q14Qn_E9ZY>nvS?6`vYg{nS*1UpEF`EW%yI)(rtIRoFHs{atazx>S6 z37yO{QZfWr_RpBo2#1mcy%cr_RFPtdV^}Ey*ViRm$9|mb5Jgd<>>r~$JPe|rFWHj7 zF}nW_5)UDX8zpK>L;2$vv#IR z1qN^GeKF|F>DExan&R;g0yBZ_G7(W)4m>$O;mW zPFNUe$O;J|Nuo$ZqZX2j3=ju}o1Lx2#gU5KaJouLQPL)&N}lD;qG@uS=Gur#tCx6Irh z6^r>OxptpoO9$uoIgYtb#v6H+#ijGGsFA~4M50AzfJ^Jm(L}xN6CbEf8?d-(mxGq|q(4%IE@JF7yUJmSU@I89$Zu$}y;@(8zG|Em zig4DHmcp>%s3@x7fK^xNkf#&iChy6Kqkm7_-YlQ<;1IBLgJ;(-lbv|I7SyUq<-s2l7v%Y&PE-r2_VRLl~ z^z`!l?9NkX0c{|Yj#4#1*5dIx1JWGW>Pnu|Tw<+0XwK$ZV4anYYh;L}craQ9zWvb&SYs-;f z)O>-m8`6y7e<@EDF9T1muZQrQ1SLX;uv``c?Oya7@sH)=jCm8wa#X|?Ec&`h15qWK z#^6}V936*gq5Qa!R5e|>Qe=fyO7tIaq%~YbViZPKOBAz3?P_(E1%Y~pvn?)C6?Vrn zccM&~LShG@0+vqpzl**O^MScw9p~Q4_ub9a3k*bM3XY8xgzuoTo*nBz!`1Z&kVPPJ zfTgCqyDit)QaUBc6Qt;Pm*%YrP$WZ?D5D(32b>&&dR9hUG`XUtxng=+ij$x(7s`4; zlXGPCO*bmc#*ZU699@vPl3LqU)pWMzP(gU?qVBgrxkGu?UyH5;}ky%=WMB2b==lK_pe?vyW=4sWqrIEx*%w+M|J z?Tt*yZ=OhqPV`8Vb)#w?X0{-Fgt85y`B6J_PO%i;WZk#Tx>mTX5j$;)Wcjwl8k#z~ zUOM9&QvYr*W$k_j%eq#hNj!Tc;}~x)2Z!R!+ok2=&9zR1A_pfD;5fJ8puQm>3cHy- z6A(e(0ch^Lz$s6viAdzETtKYe_f`Y-l=I{Akvukn-hOKMLvn8napZ03=U>(oGx}R2 zQ#is4;`%TnZ#+u5`5AUT5@aX%WDPPCG&#wdFQa_Q7hyQFnfduOs1}}EAoQ|Ms4P|# zAMJ~E23>KypQdlL(xuj|7`lJlb3}-um7sjCNoTQ0&qMUX&V{^4ishX~cEU$n>#VBA z+uv_mSV_N8*m4w#z9a#V_-J`71+(g%UjTV4sfL-W#&(v5lzF|b4ND}dJ6dYM!l!+1 zrD05kE~EMCz^;Epv#Ou<9j$a3e)r6nsC3TlPQEG^-!ngsg$hyc4?aLRDEJo+;f;6* z^4u?mOx(!Aj|P8zF61y%W{EIfu$G(fqVwxFNR}u$0`N`?Bh%-TR2O&CM$q}QLUW)s zdzMSAN9s#sRN9qn4`!eyj(fH{W4P%aG^DknY+=^*tZI zAAvz_@+xRp)5#vCE-_9pnl5t(I2Zxw4uyoxN<-8N)MkeEewybQVLtSRYR*fej?-j_jzbjU5PVLeK1t1vPZ(JZ!^ zKs{>O%%GA}byC$6z&Rjs+1dp2WvsU*H@#cfXYnjlt}pM)x7bLg&B)!1|KtH1O+s*) zSKtEkgqI`pqgVnSEGv_<0HCyEn)hhzx6};rhjz^&dHT^Ugc`w+!YPZ=*`yn z)~U2-c2DcaUHq;0ITAHoWnfBtcP+Nq_|3tJgGiNecM*(02oU8={ID_`H+lXoDa1vy5ZPIP_dNp78HD#ChI0#e$33XRHQnaSYU2ya3AP25${6Y7Vnnup zA3W+rvz2*Y64egz&0y;|aZK;XRl~SJ_W&KKW;Z^_fAEm#?XpP6-$9RTr2ho@|D6Wk zKX~YWyOaE%+T2NTQnCXKC?YjN7Upk_z+f=y0H_f31c`_SC?G^gkvb0y)sfhoaD`e% zy+G~&kKH)G2%fHohv3<$HjUQVKHmod9vn%B=-Ysa$ZUO()P1ioqcHlY?GCw+2Ro*5M zgS9C?Q+!}?zQ}4N8Ba)wNB?YT^HpRPD%qsRcl20)GN`*^VyGhMF5>8;>I4Z5stX0_ zK5SS#^05U(PmyhV#(>%VbIvlbmf4VhY1R3Eq*niKsOEp1vz_h#9Ps}?S*GiMvCOA` z$1?xd)|i~n!T-QEt9L)=^AD9`gk0~Q-Y`e}u#GvT z3YZ9VI<3p;Ml0vVCnxRgp=+ZCkRzHuDIXvh%bP2F7rnIAa1yhx6fpw^E?S3ip!xTY zItf}GHwY9k?8&%%Bob^9*LW_pb<#d`-`k-(%c_a2cwZPQGDQZ<)wH-Z4^oCSlrk9B zJ5EP~D+$&m`~H=QJHQbZm9uibq`uTLrOq_woJK-Ays1SLXA)(GZk+?wIRfEQ}Vc2_=%ow_<5VC1=t!d(5 zLZb6{c|=0@!EI>fFz#s&j|w4K?#csnxE*z3xm0?>zcQHOfsX^Oa=jHSFPG}z0pBAy zH(0Ii%odAvgbM0QEOQy?g@Dst8grAv&lF*Xi@1pfSjy{fPa{ZdhTHTEJ%8=`Un0YX zf}B5W6<#Lo5k#N5L*to|J+kXhrnV8nZ$OqK+>*~0=jn_v;>?`0tNk8gubIX|I;-;k zjKro(-UrEEv{w`>aaKDCX<|Tz9X@3pTTkm-umw1xLNRkXl&-Pfro)xX)5;Ap6M}5M z4Cvkd<(rwEm-8zoTK7z~#4`t#Eni5qzj~jdOGOO-9kh80W5IMZJQ&uC#Zb;6sWB>b z$~oH8eXVfk3L_Dgi=>u1R;#I#$&!OuK5LsNO&lZQz7VBEfr1fZ&OuhTM%r*xa@7p| zz*NzblfFwE!5r3IZi{Q6bT9tC^xbHx^s>~8MVcjACe%MoSi$na#+@vUTV++t<`Y>6&elM<~`dSuJs>SLVaq zUUfHKXwWDKp_R6)iynz7+~jm*+MkAD^+awJS@LXVBt(xIHlJtZAf1*5JEMlH%1m$} zh({2n1o4EAcHRy+_E~|wR1rnLS3bq{)Q*vIFLA|QF*g2M*YtrpXC_-&`_E;_^cf7R zsT3(Vl{b%B2%TD^`a5G{YH4_nR=#EfO zIR{hbrsdNJB2p_Ni8ZwBOY&N~0t%&JV`tiIvgH(d%xLLh7%#Rygq%%l(~FD>=Tw!s z3?XYEf0_mh2Hsnw%>8ki0~W##%IkEhx_Qv*r)J5$u!%X9w?VqS9VM^SgkfkYNAxEk$_8t5JX-7)j zW>aK?25zFXBAzb<^Q3#6UfGHI1lRtsmyG8`)@+)WgC)gJq`#vl>E1nWO}*KVk79;S z%Z+8?y*@{0Z2crHBK|4NdajANR*fTJQDRev*?be}*->7#W1iu%=qC|+_wEvt?1)VH za|TEjUW~p{x562_7jkwqreuN&#Az&VK|g`LMj7E61Gs!u>}V!tt^MvO5ubzcenSZN z#1Shk4|Jn?eLMNX83-$F6usQ;Puv+Fx3an}Y5+I=9dFdPK-&jY5ebRQt>{+1xFUva z7NF_9P|c%KO}(^>u#J_wi2hcm2m6fvJGpsNYA0F(35k$gOg17eB9fLZ+MI^q8=o%U zs5quhTfK8uyIc43=XxosH4!GBkDLn4cOS6khdRi_wtE#u)cm#qo!2KnfZY`MhhF!D zk-H3fPtmu*R}S5kxJT40$g-xqk-kAYzBfZ3r90uSo%r~Tw0Yi z)KmylE7-%waCj^;EU|NT?bx6H$Y6bGlN|-UhL)XAY-&&8D=hGS)CHJY{X2=l2rS*cHb>D56koNyGd|5*ZgNF$+B8l)1eEdHUc ztUf6DK~{aZFnnVE)Si216xRhhPG1PR<`g(lL|)wOKVXWG+KSg| z4@EaKx|bOPYe7DhClzVvibL*=0BAHq%8~`4IDlG zg=&HoW$YGyA^2RhI_z^<*k=G0u{0LtUlF1aI5-GE(Ta;hDPp3F#N$M4wj^Zo+cWn{C)pipPPoy;AT=SDo~S0Xz1 zs_7s%h-E}^GbU*uhY6mllEoxVq+NwG-D6*m3A8!+{|aPY)~T0{<8cmiW<02Xqnzxt^kuzqRpT^R~-DCg3@ z3~qRV=@*+&l8tPiG1*it#lvhWU`cKi{+x_Mr-i5;_&MalFS^zR9BS=l)Q&mX3%S$1 zwS|O9jUcNJxKM3BmPF$t40YGsw-Hgeae5;zR^2mtX%kpZCx7^5u7j@}}*ncm;- zNh=XOiL(qQX6ZKE_ZBK$=iO-mr?5u|+XcU2Kj$blQ_xHmS7FW;@`^QqN%Odc ztD58rplTa=F^$3CmB)7U@hvhX!mU&8)IX+MB|>g;5(g~>U|j>=&tE;<{r*9wkd;P6 z|M^1ug#Xmb|DQcf@ZWPl;Ye&Lh zPSPq&P+9Dg7R>zj01_`YHyclmL{Em`9`qHDh-GezlzK_e~+Ttq?__1ElX zwZWXvEw#Z2gba4$()o@vt%(3K>s{$9i*o-IJPX#v66D{D=jg&8qthjXIiW6<@{Tv> zfYsEkDPQSXI@4c#v&6$2(+#>0+VV}#X_KoSWGLB&x@xC&f6sl-yTG4*{xxTdKes1uwPAGWdZb6Z;ISGKe#r(Z7(sulI)pnfe4bbOtKhyeV zbK8zcPNlY^v@4z_RFH-TX9Z2qQy7v@>Me>)DquJWDSA%&<&iC31^=TbOP-aRMzMJ~ z6j!}M$SN1mv7p9)t_Jl2n)TKQs!e5wT{k1aiZNf1Y&5KcS0+PU1Ve}5a`YV_Ric|F zTR7pPOhcuj`v#&)-6|)}jsa6Sq2py?O~hfR!s`XNn%G|Pw^UxH+r+;Ly=DhT_+b)1 zmjD@AN`S)w`Jh=kaw=_=S#Ms%-PURcY)DXHAIu#%UG+JzAs7Kd@Jc3sppS;@82DO(|+J_EPt?GzgjZvB&O{*wSs-x4XUc^U z?o20+#&4=H4e%bE-h)2t8z9=-|UDejf(Sa$yIr zMV(%HtG+lW4tTlMm=7~cjnm{Am|RI*y*64Pm~}CsqMhW7M2b2uC89!&qPj^x&NM=rVfUaTC<8I5(6mfRB}oZOm3AX4HW10 zK6Mx=GosfSDlBUE_~zDrmO#r<-imEkNYD~eLFsA{Vnv?r5D_ka zf|M#~wjJ$3GD*&k9W&XS&p(>flCRQdj;^=TZ>u2|JqSU$$(jPp;2{gBq5+7;^cHDR zW;S0eYM>SFOgLR~j2d)x4EN5_N2Aa*mnlkJIy?0s z^8y!ryl9p*Bu?v}`L{vs4~C0R~g3=MzvfrmhB)-qm_eK+c0Rjd`tTxF}_ zDDZZR$QSOw%)#(7EQlln6lvT#ARU_xMWfcGS#%@{%@#CITRFVxy_P4iP>rnY#gMpa z=T|r{Gl|28__@Pe`}y`HaP`ugEb8JGbWrKt}?~w^C;Zw zPv95E&&F;rNY*76pmN>`Nd<$M)YuD!i;CG31}9Xxb>t(frJF8Qa`sq>E&Z4C$rz8t=@=?xJODFEsxav`lKwK!6 zqu+INJ(iJOL?}^Fzl?Pgs#&x)LtC)Ms3WnGwZGdn@{tLCE{UkkyXOxdLGw``IyMDK zd(EDvu}OV8Md{LJ;jNGo{No?axF;JeyLL=5^Lo_aUo~3glzxMbK62wRg}y7oj^?+)9cGXu4=I923`W5 zZtg{g=0)bgp-ipNIUjnice)#zeX)2^P z*R+w}zbg9U;MX0A8!!M|qcZI(v1&ni)&y>toi=Ns1kas=_FU5_6v|m6Z#lj9&uY(J zc)8$%IU$#Gr;T0E6K;QYB19HDB1426kCQ90@|;%j?VgfkB<$Y79BO6qyLbbPJrC*C zf^K-4TZFtpf7MF+iH4bZKXz3bG4osmskt$@{R8(P_Bepyh_ptriHBOc%#%MEV{`g^ z^~nI-Z&xkHp5&~a_9-}G6yDT+WqGiiTj0Qw#klnh>?|Cp;JvcSS*rsFoxIvjz?v0# zb{QNwT@eB4n*er0XO>I{?4|y8`0k}NyuEE+lV;FY!^wqki-t@7g5Wpalk>|x9+LRC z;6rINQucuRYZ43%6*0QYJ+0Ze|Kq-5VelLsJT29#t&Qe^R2z=zS7cpGdUwt&gQULU zIV48}D@XX*ob9B zft+K~Xfl~WytsbdXiDpW-(a0}=RrJSK6cl;I`}#65EcWxcj(1)q|t0xXH?^SWy{J6 zCl@WtirNdaesf&;4eI+say7}(^zS-++sew}U}#+irrw9lAcdg*T{@ja_ji2V#-qwJHON%1}X^v-y0m&bGKxm&|WV9bi zQ^B*eI#0ndfoeTGKtxy!R6_1>&yw4lsd9zL{S#+ZT23Xw;OSPBjbSVS1;7t?5CaCs zo9HaR_m#F1Tm@5~Go~&mpP{#zQLKx8Yui2?h)Et>aY(`g-Wk{^M%#p{4oBXrW76eaEQ~^lwks=Y4JwblojB!;Zg53K zQhg@L`u20n@x$hu5 zMV=~#WZsee;`OO3rE5&bA7z?#YfNST7*l`B0p)M9hMHiOvPB#GDZp#)w)dPZ8+5$U zH2cyUH06K|mWmDsd^o#mwL*ObFxF^vhj2H+`0w8r+HM~R|9E2ed^}prNV>n#Oh3K2 zSV-6mr^SSHJ^sAL`oWehtTu4p`bb3+@Y9~u#9;z|?Fb>s>15^AqNKi`W$il_@eviy zOS&#ll*|=#&9V-#F~G_@(a_F_+64dZ3Gdgm-y(?G^YMcF2^g^#`~>=~-L5M{bnj`G z<778zn&SGK^L#>-A5`<#*SflI_WdQWdMLZlFsJqD4MyNez!ow}Kys7qPh6?;+ua63 zW6N8(-TwQJ9K?wB$x>_RZ{J2R|Jg~C?f(PQ{R=JdKVi9lX9WQNUI6YXzH2hz{Zh z(db|=_`l-m?O61wudAW;pXihSil>SHm+SQI}r` z2TK}WLZ1!s3V(k5dJW-3k{b;)l;2gsq$G zAU>=%!BQ!nn#1cVI{Wt$vSgmx$gO-MSN@#7p~OZ4Ujg4At9*6;D{-U^Yuyrz(A)r8 znp&yNgTa_dsj@Q?~K9A?eZD{|6l;Yl`*8C)oYn{`!UrF3he&n-b7O}WE z!oq_1Ekji5+>`y_t9ZpJP6?WaecxYTq)zMQJ>(hbD`~N~<3u=%xMsW>4K_j zf^b-Z%c6D|4%!glYU~B+8EeWjQV+?xU9P#KYpi`gUK*NES~H<88WQeRrM1AR?2+fo zI2tiUTVlq3i%6??lP!6WG(y2FQR&uX)4JoFCTsuZf(31_&J7-{2U4`L<(wWH@iuf9 zK18zZ$Yj!oPYn=)U{a=5lAc9>PO)u!z1Z4SwFEb3Iz}(g?xw1P>69ziE}s?uN_4jW zH*1JwAeVDLsAYx8T?`MHNc(XN^X0era%5kvi`HZr+!YbHKr3B0TaD z0bJNb>Hawf9tXUjPFhl4MGLWLg5-{n>?v+28Qz24 zIgjt|d-mp>oJd|V;~|6O+(hHj3C3q2bX;zpg?G1rpGTqo%d5R(OK*e^AY`s5!DoU6-pSJ}6rRCsgZiu4wrC(n9 zr_s7x|Cfp;V&r5d{Xdj1O>aY$L-fB{g_q041{o++NIpp+D;P2!P}bohRuMOpiOH zWv%9lA9D_lI*xg-?|F|8ZoFgop?7Sxi3~|6!iPKfwB=x3&a;KCITR{&SY4+f9<@UG zM3fZBDu*Tk^an!U1BLR$knsZ7lrW>DL}I?q>?AnP3$E#5tr$`-B=FiI=WHaxq;rS7 z5<*m(R$`HZ+<|v8e~Z@KCQ;`|^s{7Qso@FdXvWu%kkh*rf~I_!IeZTHIjv8D9JtQOLlzfhsw{O)-WLjI$3O62{1UfhgTo@pe)g+Xt@j1mkMc%<4@b zvQUfrtg<7Us-FA3#&jy;PCSrJ_0}rP>N{{iR`MzT6bBiEin-`eFcT$Fv$;+=$&=HR zY~pfla+9LL)t&J4zUAe@3CrkHM|vYMZi8lV=y6u9G%ueH4Oj(99tFcB!=$=8Z zAkLxSHl?0UNzS%zuykmZn4}+ieASOddmDjf2)1GoLKR}T9LO}3G|@y_Dix6}Rx-=t zZ7%r5@-`jVI$+H*x}gy)^Uj$SWy;tHb)&6{TI?XMX9amkCa67ozYY8mfQV9-CuDNt z5`&7>-~q0ANPT)~S@MhOkp45^&C)J;84X6tL~%}P`)<`WOWmme^dyBHg9P{ z1ZG&*K31P3*!VUlaT;6^6rD4_f2Fy^|)EzN5vv?%1=V6L2 zP9y4iwapaMV#tm-vg` z5U}cmR{b{L_X9k~xDFOsIYQf+J?Mrq%8jxSHN7n=M^u4KnnpHVIiU)6QPN*Ui;@lv zy^`dBzN)rH97pCP$blaume@#w(Si+)#Tzq}H_ZL<(%UMQ@6cfidn%cv>MKVU(V%J6 z`NP=)KH7V%G|w>b4cz%HHooEO7UXVuIVH>q{DxUh&1wL7co}yY9|D7&*F()2<yF{_5Ps0=A!`w9!fc3gWH}+;>~K1PpUJ9%{XFYP9g1v{63SY49_4 z+7Bi-*o(N82zw;H1U8;UX~`vG(K*N7qCc_h;uPdhyGj7nd#;v;)}Rac;4;_X2O=O= zaq$jw*ar;co!q{R#6D#(g$OO=d2luR@V-*@!$_Unrl-tahDZ8*D!S4@J0oqQZv?R+ ziB_Ji6fk2@ILzV}pCe9kdMETb@NHObeRq`6y8xRKMaMURP;aE+SCl{|H*C}faLJlK zFR=GM4I3vkcwjbkMAOOKG}Ml`dt7>LVWTb&U}7_}cGO%90lY>Yli*zk9^Zhn>wd=8 zQjDLmJ^gVo;^?LBC+?)XCG8YRt#7WL++I`K-k4cYx_)NoxV>`eZyoi85>zUGUr;7* ziQ6BNj2f-kI|iwdeg~=+hQH zPQ=ufJMo!FoX5vuHd#x*R9Pd}RFrH>zv~-yGffOT(9M=CM|Sb&8j z52iD_ui3s1=SjDXogQzpunRTP@EOD1OM+@!CSY(bTt67;=dT;4mBc)4g1Px7tM#`c z!JQ6_zkntGBv`)8QVLj~eLL~5w6|C}m@Vjw(Zc|C5^yW`Ib0Xn8SPs_(9R8RlXI9P1mTuM}@P63k_i&ry=p}%!Pn@S{ z9d%|NYUI)xEKb(~VV+X15j(A;`#HWbRMlv#oMCk!7ZV3t>eP^y?UEwrC9r1+E)vYX zu~NVs1itD`=Dl+F9h0miOkoyZBeK(|2=?wh%+s~V?}DE0^4VF_T2$Rt{YNndS_XGW=2VAnWc!Wp9zhe_BIdq$wWzS80y(7Q!gIDY(OyZt&DSFGrz4uVTJ zBJLUEu3=Ij|L%e19mD@<9n<3r9ZyYj85edSx$5V6ToCnu@!djkmqyX>l-(?n)?JS& zHwxn{#pLap!dbQh91{ruB%^rRe39H&m>eGBzE4!^?_fy#RCjIE!IGcdMr`GO=USNW z+9G*_X}eL{=z*11KdzuFJt0zWkBEQyBb?a{8S`M0{Ahy|z!yB`t<*^v)4;DlP#Zn2 zH3G`9bc=0&`mI=fxi*gcFxqKU;H7!)S!-f5MpWl%zm2{cbEV5uVP}Zm&0Tt2z{d|! ze=UTN(BZgE787C5!p$QK)WLh44)RH~eLR&UjB{<%402;CpwhRyW8qS6kMojK3Ww{= z`Iz$7Tu_F~|LR@%y)Sx`Xid6h9-mM6Kr74nOvKmSa!2@kV5JY~BYqdxU~ud+ipYc}HG1 zvc&=V>-THn0-qDr->5yP5J{wB&Pc^-p^C7^XuqU4`NS^ zSfS2=Q5<`}B-2EtlueZoKM=w`zyF55k6sMBlh3v(>QHo|s#Pc(oFkk+DxGA2dr8DODMHLK&+Y<} z^}A_9c>R>D+76Ouv@qcm4Xxn>3bsK3LFModP8V zv;q+ZqJz}H&|zrOJ7n}q07ImAQ2P2zY^J<1Io2QiNo!}3DT-cIVtT1>CORpAqJIM- z7WrHf$&(L{e(R@CbAs!G$!rUMqM<1tGI3QkGeJfYvxEsgiypueO?P9)v>p_^yy>?} z4lJT18kL!;3D`QZKZBPmlc|3A{R_kvxfXo*_=4B;U!D~IyFP&X{|d1cTwVTqi$Luk zISHQ#@+`#IF!FY?LO|s}-8BSF9kMbtZSAT;&hWS)ZGlX(c~hpeFjiCs`%m}}PyzQg zbu>bs!KQcl@Sm&+syI|usUgls7Y&TtEzbhS?~ixSg5P|??a?xkxGYxH!c|~`)iQ^%fw262IPLqt z%d73c8iYE_J1P{$*?D%YX_6T5jAqrwM&f!){hw7MjdXX634MXk!I}uEw(PDt?ZIZ% z8Q#gg@8`RCn?G$6U8{`L9@?KM8hqd^;#3`e40(1k#(MG&p+~H;>XjIBRrgvMbJMNL z;SaU$6Zx6SY$5eQx(g49>l%Y%O<5P53ZP=i6cG+PV5`7Xm%borfFF5f3OLd{YIyg} zCKpvTAS0*=0=S+Zu65e?Yl{DvSgfGU!LZQOr((1+J9LBpV6g(5vt`zE9--5M6e=-n zm_gIka0DfUwgg>+R6B=iF1q9af$qQQ=sCo3tx9-B6HsTqu8W*A+$1w(JmpmL@z(*V zqio)F!+)RSboE8-=WV!TU>Qd$dc zxq=b}OcL$BZmo=1wRZMW$5$;p2EguP@k@s8n#UfocF~2FEI5?g4g%MIcPMpGF+76y z5zHV0a!0$HOcQiAW$H$^^BT#_lL+GO9*D$`eD$kwbzwq7K=wmmUn*DW_m25Jb$xjI zH4q{Y0i(1B)wJW=cE5|SmHT{wy8}Nw#oVeeWP8j#m?`zIL$s#9CGe>tdu&59IsSH> zaAv=*`A(jI^#^^|*T5*wB$Aa$ynxn+zmIZEV*o{9U(T%+zZFSPky1vB{0+|$7>& za+j8+ZM+BH*zXrFmC539vt+Y@A=J30aOxZLRn?!cO8v<@&8x`mmX zzIvEOw*SMid`QRBM|JV>Z+43Gmgyaeh{!MD-cUN?bt;&lz;a?RC^F($Bq9bbX$Tf0 z7E}w0FFjdv^FmSM;u=n+x;E|7ntCmMXscmGo~DgXh1;yPUi;e8Rnw>9pRVgkxn^mK zyvyTfNYCdk_v^Of>_hMF=kDFIX96#@-nTGF#M~}YA|m$5V+enrx`GB5l8ahnV85`tP3v0E1io8~ z$A_K%-=(up1ph{I{T@!AZlapp;(@Ns%e%G@9XtLwUhd`05DguovSNfdoN>a&Kv+{ZT zr$4&vTZ&wu39%(6^+4)WnpEy~B%nzJr7m_Z#AmJHRPT`5pN%}l*Z1!VON}lb+5?BD zx)*GqB}VN;Mdp(*JVnI@&<2L*>NrDc0~M5-fDySqf8^v0!nLEzv%AJa?~hknT-@{f zwukp03a$JzM?wNqGtA??X=C0hlIcQ*>wAyhiJ(VVsS%$3cnnr1cJNvIj_%d>t?Q~a zO{16GjiOW+TV>{jEv0sENO6ZeN3bxGm^e+gQl7&=5VSHwy5d!sBTj0CBpiobI$;R4 z>b2FiAGF?y*CD4U3ApE~*+6hE$&oe)4CA<+2eJ=v6|Ny=+WKXeSyUtYU)3upNOX7t zdcRROuIwILc|h$5a%g93oy=~BAf{Aqvv=XE?sc~=p=V1F5>3LQpK-YeF`>+(EEgb} zmnxEpSn*2lFW@v@`LfLM7_g2i$+}awFNDC8&q~>9;ne)&l`t0!Hy6usi~N%yW=s6X zkWI(|pUCtW=*H<5K~7UL!q*-t2`+zBZZz)8xINL;&r6vVBY65&_md5^IQ~c|@(nAp zQYuLDFP&*x#o`bjq75o`n^tCk!i_lB-eCd zq&VJ9mn;PNrhk%mE&{xF6f!hjqWl95wWW6iw%OoTl><)cI zQO-T!xGL=3gkuRR$`y5bqF%;csxQu4Zp&P|D8$<-CooksrVmG5F%pw#_n|hw$T$|6 zZ3p3VLPq5+dj7%d4*-8o!du(BPi3+!M`4-?8poz3R^ZZ4yOJ#*DKqU`;m;t0%9k0e zV=^U*1nk*b=5l9j2-s(EcjcOJ!NGlxx@GVH>(KEr4FP5uKFGl|LALwa;aa|Vxz9}A zok6oOSxYXMzx;_;L58dzRO1ma{Bqbz`1VtBh!;48Ras!|j}5MFdhK#~@zD0}gOQIF zV^ifNFY1RxICpCVy1Yv|%3|FM1BIMv)W(SwK7=XXC*rJLuSz(>dv?0{k{W#uzmdD7 z#h2aZ4~?;E4L=8I&5y7VsE$vF$t9`V5Ul`pCrMm0zPZ_5i=RURuVbLmRM%ZzUuV5~ z1bm}~Vzv5bYHf^{eXPSg4-x3>?#lssX-_>(Am zx+vk5?ycnQT>(H1`uUSlA?3zZ$HInf1z{=qGeW)LeXyUQFDUNWS3eGf`6~*h$JL%T z>~|_&(t8zE9eAx2_p2FTNh)0Vgp^kZiHTX=b#Lj6rI`DqSka$(EO&%`0&t0Yj8)em z@BR!HKmsKOdx`OyQIzwB{D7U2-;|}9%!r&B6igcmQx^)U?nEJ?cXp}zo?2YNJI4qb zLQ1+Q|IDGEi(?9ekGSBm-*9!a^MQxJ*OHLBS&;ikv-n`IWEtHA=F=&_9L0FXhHsic zbO-Faa334Y+2%<2sfszHakSn2@>>TKz^6Y1=Y#5O_@lwkJmQKf1pmWsUh8i_j6# zKtF7cFJqP5mHs4n5)yaHZKvqkwYX7b=f{^AzW7)|&}$qIL`rOzb$WB$#cg*QSDw1H zQJ~)9b<2w+o2c>vfO2SasaTdqm`5vZyq9bizD~BiX+4zCcM|{SLsIBup-GG>ma!BC zXW=;Q(lQ&MTDPIn+SyE=T`PH~QEBv?Ak9#!S+4Mvt3`T)#)_a19K0YB_o&F|qJ~e@ z$+3nZ;rA1&xOA{wGIhHg`=Hg;P;iP0ghvN&A%cn~11r`}xTvDJu)oLB;e)9q zGn6boi^`PZ&>?s{HTQh%DoxN`aBNxo)f9#Tlitx7pB@ZcS`D1<(l0HyK;0_f)Q|os z+QGLUoc0A5Bk0G%mCv}i$#&JH>kF-A-Qk&f;c(RIfqF(oBmrerGKfJj%)Q*(P6ScLIXux?lc&!Gi4GlX|UJX-V!L9WFKJ{`m;l>q# zS(Twp;5u?LUF_(T!_g%k`tM*d+k!Rnpue5gJG~$mpc67&uSR?@&(x07s8_VJXPnb6 zu>!25yaaa(1ksO0uGw|JJE3b&9JSzMd7p_eS zkZ%d${2Mi9Ffa!-1HWEUAa9%!UbpH%0gJ^Gfrt~=DZ(e+{M5x>rETpD!Tu(A9Wt@k zv}Bn1@PPGBOAo+WDEZ{1YJ7n64LG}?%u()XpmRa1I~tmUfGSK?79{RNv4CV;nZIqB z1%12#roGus;XYGwRe)%>>&AFYhl^un@>x5E&8p?U=9B&MdWY3r%RwEFMe(Py34v0D zr=v4);8sa*3Xk^(3#pw$uS7x2(*>SOaU%bNSXhJi0NX>MSO_r)z1SqoNVgvO?m3*e zpa&T?2NMt+W^|5EV4MhyBa{Ei8N&KJFHvjM-MZ1wu=mr+X^$U?wN^IEmNmLmnfgQK1lSSh(!GAAI zLR%(~i1k;rL%+jaB(H2m2&m+-((y^^AdPT(wEWrJ1svYvqU4N4&Wrs`V#OPFfc@*J zR7Ualfc=EiXne_xK)Vo3n@5c0FDK-NiPM&!2b91S6oKrJEaJoUulazw9M{r;Z}V z5P!irA#gG1cFHwy1WcvVr&pX-CqVe;gfevzsg{UVQ(=!-qGlq{oU{C6BQPy;40Z0% z-k;ksK@<;6`7vk!u3);eBWL2KgHuvXwV=G@QD3S1px)B!L|DSlUX2F1#-j zLVp@7ssB7;se6M>Os?TPG1?OPV}9Vp^ikvETricaTFrI~)nwXQNaWrC)jI6@_lkKV zUCm-l3|_mbh0aE(_JIVDAd~f=A z8eKVxdOTh?4wW`(1+`LPE<7YRDQ0Lqk0cgeV0|JM5FvnTVG~C%jYRCJNT_Q1aTjxm z8>JHDz9?_zbEqfVu~)KXin5rUBYEl{1x5*z7qbpfIX@@Tt|sWNhAdPRlhyVnT+GEC zMuI=M4CH-Nw9kKeCcQ8^VH9A#S%u2|_=CQ#H)9nDs_V)#qLO8QbxhGVkvFk8u8+4E zAqj@;lOfvH4tqc66=h*I!dAMu?Y;Sr1btI3jto4(fVxVaHIOdSktEzV)-;d+ze$5Jlzd=+mS~nazLz&W5LF+nDLU{Z_r~0sK3bt3-`jg`WY8V;QZIpOK6LLpxVd? zmS$X~i@UhmqzG07e1)z%$n=2)YwRAn9mv~DfT4u7te5C!#E~Y*+r%e%zAF47#KwIO zp!$2>6I}M9es4^p#!crF&d*9Bsp8r2X_F!!VHRjf#ypX3DtFQZ8-)}`rG2_;uAHB3 zm=MeS;@x!5#0g6s2Hhmjs51n^$A=Yn?536#aU=%EE4Fral|xB<#E6P_U}rjnzTWT{ zqu*t+sQ{}Jb&$KU2v+fshq%9EFYCt=ZD)A?Cfdscws(ddA0kyH524G&>wAXYqu>S(HT{?OOCNCV60>O|H#UFyF!^8r=q7N15F<|MHIOVueR zclakKGj5}f0uB2ZRr=ZS*G?Y_Djvip)Aha2dl(+UJX&kMInA|y{{H&#`~6vC{O2Jd zQbI2z&m=yY))nnUGuH%t|4ff=_E3vEj5aPQH^8f8p94STouMrnwebRaBJVeO8D*?|TN>p8V~BmTf){SQ z>X|jZ_Ya~FzwJCn_Q%^e^e9&ujJd&6-KRtGu6Wccf%uZ0{wnQxFiA6WEgE5!yYab9 zE9A5$sp)xdCVB-*vYfB?%MEdLloau}5F$)CJyJ3Xdtu{*etg52)pZg$HB(Nejq%lI zLQ6%ybv_9Hpk;4F>gY*UKu!ZpPbB#ZxZ|$c(WlMC{qk&>K|bu4Ec`^as!=!#fOEHfVRsyM=N1uSY^O}eoawpw)Hq|Y?XprNR*d3) zHxRe>OMczlak)RLTf?^Lia)KD{d1ItMb511f=93m!u1l99*jVUpMCjj@0HaxoZ#-m zqlurP0Beb~*V9R`2+~78PsGdhzkD!?j#f$PE2|H_NB>~9V~L;z-AojgG~1__>(42j z%u)K)lZ)mzWcfi=&?|9wU{syX-SwJ1X!! zp;FgKFtD9!xD;=gBh}#fqb0#CEuj=?Qrq$}v1Rd$m{|dl&HSeq)Nz257?H-z&I7W+ zD#EjI#~3*{IhaRUIACRFVs9_6Z`}+eLXIOs4gpq{p_<}ki!9+5Jk9?NYC>VmrSmt) zL;FF-l(w|Dy5e_QwsR;+#{5~hG|oMM_W+m{vkr_0d&48jE;IOjs+M3(2R*1&gMwk6 zX>l^6d5b7nkh+ZEU^Pv_)9P=0lhyY$O^yVqlW?pe%(`wynFN-O_I2}N<93zn0p&SJ ze)G;CTbbj1Cr?Bcnap;oDWsG%R>h;w1cmTFZ>cI8KIH~di1p#p@pJ;lB}gTkg+D1< z9z=y$DO7Gj{um16wZ(GK^vh8X+fo-n>QW^))Cx^Ww9)mlaEF|BLE#?owHCqY)d!M) zfF$3;IwsMXy;cvFm~oHa!EBJz%8%RU31j4n>lcg9@0zyx1*tDt&0gNYCbJ~jzU>LD zU@Bz!niJ1XB&$WM$|fmhtSXz)CMjH_mC#61M9M`!X^@LYJo!FdiMag2mmb!t?u(He@vo8iw)0`o!3Y#9sD>Cvxtviws(e)woM zSI{^{1}3?zdk6R6#1a`8rK$O^_nKP(b2S^cI20D{U#pcc8)+CL+^58pHF_t&@o*q zMSK!&xeTE{{0VX|i7@{7Jc2%{RB*szT$Yhp7PPx;PNQil9YM>r%odYMZ>AU(oWsy# zic};v&vFP>JYR=dAEWmZeOr}*36fdBDKgaOoft)yk4obJE97tqa+lBWitz0@H9}f$ zjQVc5*w2r&=Wua~pl82FaMYlZzT#c&li_dR{XfQCU3}IX*fG9+6X5udbk={hSO4Ec z$p1-H`#*TCN2$uktT7>V-P1~3fRo`g^8c&inpf$no_gFb z$Y7PdsW43~jwaty4*(9Ft)TB!ni6gK+?L<}i1k%T2m94=odrvM4M`nw&&oMqwcR?w zc@(06mDu&fDneI|gDuD7PvJ0*VW3J8Q&&+fj{#GaBM1Y(sJ)%vV+ceR<#u8S@bi?F z#xOXoiuvrc)lk`SS?VA?W~1uB5X;Ye*DQO8qAn)d-)g z$gjDT4e0jSEiD${b*O2epTm_=Ah_Lnt+xQ4U*iXQ+c!*{sc?PDZ@#0JRdK9N6=(6t z*{&a1zgxHw_*|*>a-lhpXdwr0n_)t)NO`UF1m#NP=eY)1+yd!}yT(poKH!b7@$0X6 zn>!0-@(cv0s;^~9%Va%IMR>+0#@*L;G2T1LqJLMa|IzCh0rWJ zo}_`bRUwgqxoy#_Ym*m_x!u;BGW+C8oLOl+riHR1)gWuqhONB3*-&DbCh~m&Diu|M0>Rn{%nF75K8~9wT>I=?(T?AnL_-TY zo;Hk9iYv(`fou)-9fRa-X~|EdMwA4T#}FaEmNkeKjxp|X6#stz9`Fxgr82d)%+Qx* zebD#f>6s}U!Qb83)`V0oc5J3X_4jqy? zhODI|#un-n7+(%nE_Faf=nxM#+HcO;#2fccTH!N*2}2!2N%*dm%s+0`T26Og%R0aL z__)07qVV(M^A5gOwi6*2L;(Jih(>9M$&6Pk3)6##^1;PQmXnS;vyn<_ebz#``iuKu zz‍WN|39vEZD7H3kG$4(|L!A^%XS$_vzmIs(U2D(r&u{4(FrRV8z%Xm@Sp9NBS z=o`e0plksqnV~8%zAsoqK`4dj!0DMK-u1hBs-N5zBoW7=J55pGB%5M!<#S3)^Wa z1MiOQHJ(4`CSb4A&dgzzrK%EzG*BhxWbW&1XU2@Z8CgBOmpaaSt)aXC&O~Q(!nRbauy$qt^O$=^T}%SU`+aU zd;!;_?mJOCsLY&$@l6UQ&ZFVnGuN0DU!0>2tQLI!57AXW-4b6uS7QT2#$<}UfEIff4U*f*k=|E>p zw97u_pNEhq8-%0AhE<*tNV~nl5M}K!TOYVT*_MlI*&`wSU>Hik`&jW!Wg6dC@`O#^ z!mI{|U=?!x{@v&g1m8J@c=w3tS`(hQ5n6l57nhGk3Ku-$;S~88Mu0(BwNDzg_T8H1 z22`8x9hH3-bb-}J%;Fts5;w$h)6(`W(rsJg;i7=CGv;mk8A{a5N)*+I3PLXs!W1b` z2(fiU;f8S*quLfwx z*nhi!@z%--an7R2^W{@O?O8`kd{2N85rGNKB(QT?!8bH@H)my~UE%1Oevq10P2lLV z@mj_sS|j6^&)9lSLwCF!RE}hw!aq4y-`~x z2&Wd_CX>r7DS~l-vL!sy)RZcF^v0%v%QnFkV==0vNIm0g=DxwyupU3oDKbv4g50+V zvP{vW)V0cDlFn<`N~+6UZQdT;8x^EFz710VB7=R|E;7{Qfo)gdeFx^X{`aqjy<)Ah z;hTSC2AfXKBzxq!Lzn*|&5~i2&|xIWB=lrn_gL+fo3*swPWqX@SFl4s_#+CZnKs{6 zA);2Zesol;QlC6cd7ZSO>(o$u`@ZFXSL1*mOrna^xQA_EJqK;6 zN*%ZokR5hrz5s3Zz{JW=riFdEc7ntCH_A#J840@1DU*`wn7dhT(dt9wPM zWPnhrHF8!ppdAFaq3-n69)s-}kzm=R`naB-1~72Bh2H+?J=eZJbp7Y7?SjCg+-TmY z>{%aOe(p>|#RDP`Z01(J!U&!$4L`?_7U=kG6UIyRAzvZatM0;wwh5rINa?Kn1rfS*Xv`}UCr-F?3_rj8(| zs~6sRn>Tk?3qAnGm}YP0zCbWUH`o8&tQ;{v5HOX3oI?#hOQ$`CGaL#cI^-D1!pnG- z+Uu%ZOd!idJj~15?v6C}K33U6mvBB;Eo@^=oh}Hi0xTjSM>Si_EWWqnpKPeENnbHMFN9=ZV1S7Dgxn3NGb;K8n6u+v0yHFSPbpc~P#)|z-6tBZS` zK>Ih@x43WTy8e+kz;?ZS9aDxM{uO=40a&gWo#hem|4{bML7oO#mvEPDyQ{iv+ctk? z+qSFAMwe~dwr$(C(N$l~&TPcD6FU>{#*_a(85xmz^JbpB=bUi1JsDU+F;^yJ8%lX@ z7*}YC4v|64!b0V(`ps~2C@7QBmrKg6->!3FhIf(+BQBcA9&_VR@y#7bAA9BEnocSF~zw?OJYlReqCzKt|a2Vez>2SWf} zYS`s{`6-_TJHIBz9JzuHqm(nS{yJv^TA zxjAPxm)0E`4)y9UjCsEcH(!W7Q;WK$yf102=KDj6r`esoEB`-KTbJ0$TxcyDu5B`EIe5@ z5pD-eBD)UctZ1vQfGV9K+lI$o+|TrHjM>B_r`u3t%+AUO-5I%bR;hcH^M5DBlx0*h zrST0U0t;?~T0xVp zK!mg_J=d_P`XTUjGV2g>Zz$%~ZO?+m$lpY;%ubOr{%fbRI@doVL=H);>Pb{&1AvgL zXf^v{#=z~6TZj*ZUPlLy_xPS*EF;V#C`$msk39sZN?cl+bf|X#>lTP$_Gu=5cm~{M z5=)xwq^^Jo-UUzU984^Rq|PgKTBC4Yh>sQd;C(}4$#`U>MY{P}6Gj}TOpQgBgnaLI zXq8B5;SPb-)Df9+)pJ;F^sDY+pjKdF9i$yvTmVfr$xm7PtS^k0rT|obxk6G!?l2P5 z&R@F6zA17!(N;}65>VsACFhiG%`Ce?@=s(Y`4ooG9Xbp z#}fGOqm-~WdH-D^@S|iRW02vUwfGK^ifOkBO)9?u^s_jH;bU&u3{y$PJ!{1Du90_1 z6(wqHM;B)AczQr)b7Bsq6Z~`LP+gnexwi;=Kp|5IuiC^j%VRDKyYmS!J~!&?Nxoal zi-ea2a&{@S%-+O&#|cKtEB^2ug;yb@sd+jrcgXSWk8mECZ5h*msPJ%Yt;?gH?GY$_ zgpir_*)j8)2ozle)nPjbYIynQUD}Q5+)F~I9V91Y{CD$v+7HytgLS#7PB$QLH>eO{ zj%c?nY$9Nr!j9{m_6Ji0cddeE!2@@?tlsC7VhqTx>wWdB%HfC?ARqBF6~%Y5wv%as z-C<#%&eU5DRlZyRIMVJD(?>?=3s|$I{FCk*=sN0!7t|p%yq4g1#QHOUt<7nEf;39> zf|P$oLFer!&)?`A=c1EG%pAq=1&2&~>?D#xyJwfV$LYHFe6aYS2#bOFj4M;9cJE(L zzeGT+5?zIqC}MqvckgGHyb=7PGK{_>3&!NTDy$3T|9_tOcQ)&PQipLgc5pE_H2$wd z)_?EoKM8UE@4ig_DFyRi`~3Iwmgs-D@%($A|C=AH^v`jBTSSst_|AQj?PhM=N z>ZC1>2&(US%d6~LTv0ZvM$S%wOmh&rS$r_DjUb$C{E)fEnCkL*ZM}Zy`Bjxv-)|5M zT3q&@y+Fk9;^Mf7KPeFfLqQ+{V`JHGj(=`VTnwH6&EO0Ta2;m4_qk^4X1kuexc>Th zVfvv3UQEC^vk0;(umZM;e6cEjMNwCU$>LtxApj8bzoM9&$uNg%b1<~@o`Lb^nc;&3 zp(pQ+G+#6-%q=+=R$(i@({vF@wl>(D2N0>EEizQnxHnmGp*Kl&@Y!N3S1vW6iZQ`K z1#h0hcr}4KiXhFPDK5t03nr{x9ETc6D<<^^)ZjerglmmkN@lJ=N)oTAT2Te{@oi>0udr+)UnT~cx!=OJmjptpIv8@H z1rc1=KY87liW^=cJ`r1Eo4p&7RPg^h!X~(|yEIqwi5%JB+5&`Co9`j!s4sq|Cb$d1 z>{%+%!9)CRs*%ysA)et}&v<&wVw%Q@QPe&qO2Uq8OCdmKd~P-C_iX+oBW2Dk9)uhL zo_JOQjcmy|9$vVUT@Td(&47vXLPhTj)*pmbaEVU2Sfj_BHbqoxU3f%U9^7{((h!ZK zncRFxiK*Foc&Xd?9eYPSdV41Oo_B+w^x4xKo5*{{6U09IJa z<@J)E@Q4ZMDafoi)ShKF#fp(2C7rMt^O5li*!6?o zb92?gt+5K+oQ;y9h=f|VPlX4y) zGzbD{GZ;TfZ3@)rjNY_u_IB^14%8HMe1Y{He=@7F85RwJFzLSH2jaoNsp{viL+H^D z2b(>*)*51T;SG;kO_suBMd(lFDi(nYWa2~1yoA?!Y zx}mCPkcw@alwg@P@aRAYjRg3R84bhtzF=f&$f4=+Bc1daiiZ(#PAI`5?(FB_6A3$J z=?L`~)$`^XxU0E~#6#|BNF`G&hD<5SAbcqecLUj3TIJ?bZAepbJMt+N|JB%h{#C>q z5m!vIuCa|nu3rRtO*0JjKW0i?`F7I9=bd#b?kPCV@O>9Tjm;xx9)p7)_j|w9VAsU8 zZ7JJS7EfHb#jkBD<3x-dC6v?A!5vK?ydp@;H3aM?Z+gT!esx_E$zL@@l4NcDR&49~ zMK)Tj)uZe?YNg?(yJYquN38uhEq{Ii^`SAkv#bVQ_Yfb{cykWDjq-DLn$hcO(3i1` z#OoUS3%|g2rNR5Y=C3jRkMgP^U z(sOR{VO#cNbnYa(5POelD`W#pk9;k2uL8z-gB0;EFm>q{HKQhVZel%m+PS-xrb6Fa zA%T6ExCmcNv?#R?dAr-`+{wX|L4sjD#bL6Y@87VzOo@`|5Bo=~42^ae+%ohtP-FE; z6@$rkMgikg3`wUQ)k8N^tsTR5mUfX?Ualers8~bxyx1CC)|rA=SXOe7IW#c&nMnMa zXrl4ER+MX%m<^6M2@#_96l?RqX4TO7nHZr5nF-=L{Ohp&W;JyO`cAL(l(75U1dsaM z5$=6h+QQ%B5+o^3sdD;MFv;Fqboxu~hV$%C+?GltCi=9>$YhAFfbTDjMFO>~*}l7&RZna}FXoZC<1qA|yZ!(?PQ;V2mFy`VBb1 zX1dV%mAx{};6umrstm7A5r-(%Ms$YfO+S{J{ne@=7sB7e)R41CPciul^g2l8ZG9wr z-SD>ToYl=EQob@?Nk|P`Z-{r1lyV}c$GbXxA>@$dn9wxQewO<9Z02TDHd(mg7nb;qaU?h4Ad53 z3$s(~Mr}hxDx&e?pPG96(3)K&-yp!(eM#KC zz60^1V1Nt*%^UW6R9g0EBGqV%Z^-t?*oq57&?zb|0#gdff#*kbeXJOs%iEy;OXB06L51QMLQm&T_nlc3wquiA65FV-K0&j%UBY@EwC=V<_*n&XS@gTS8N2-=YoImtV5)QMk-3xya2dgsN~v z3OG-if~;;-4T81P{iMmiIpp}ooC5;ot3LNBNc=TpLgp}zf0w3y#kpE}5EobyDPY*= zDX#pi;R{FV7$--b6BKMt|C<|)_g7QNBV*`6O;2UYV~#bT;|YedjiH{^br7k=nZK$x%rOQmM@2 z-Mr%i{Erh+Li^W zjT@|+3~CRcB#O+#G61AkUbls{!PfM0%Sf()6-)LaEU>SUDG9kPAl7K-WtYDeK_bPvNll3~kUd{DqhGRQP@wndFKyEE zRm(NfS3X~19*i3Bc=dsjgp+1rfSX72+Q*0$AmT=Z3m(xs>nkdvrVbCAgGD(^DW$LE zYoXdejS2EEos0tzWdHdtNf+TbqRV(OQE?BqOA1pj0i+1dvIWQA_6n14#NrM%pFKpD zpoCDK!A&TXq~ugS^#VMiFzOlP9z2=^ulmYpL10>J)6_lhyX4(|qJ<52q{O)EyeL@b z3=I%byHq)zZ4YY3RQ~n5;Ts-kRTCWB5+)YGgqs2dR@P>8?FxI=qe#pMFFyPg5u~h% zW9*R{1|!nYAIopMCcN{d*nAC+ey}B5aLy>@tCdf%rjT+HjDdhs|8vi|x7m_}%{9XC7rLt50uyL1_?aGRjK+Se+#K))8wb~fhw0~8(9)~2);*mYFy(Ox`>br?wu@H#b1 zpr(Cj5CIe}#5^OcE{TXdb#iLQtP=0x#DQENqCyLz(I0Yb)*nSt0deFYLO>p1M_uzh z8{NM$?0!v0;9nrWM`wYr(yAjdAwe8YBEZ828U~sk^-)LL*h+_Ph^L4X8Dp)T*)b-B z!qPiXP^YyFpID;gpr5ZZo#kNdo!7)+Cg_pxT{6|``loZDHLHai>saq~x)Jb@{n>~O zeGpTOzc>gUoT4I{ujl9)@k@(0)cwyJKI1KYbU4)j z76*XeESv2XjGI!y+HV9UuM)*tcgcHpAo&J!KR^c~^fB<6;=pQg4>p~hcF&!7%|aXU zQ36G7H_(5y2P5VRYMrBoc-~!%XEUl;hC3i0dhp3ZA_1-zpQ@_jPxF>>Th{ST4^u{; zDy-My!19fA(3`J622ji?u@1LFOx@%?X&0eqi=vhmY>=&_;OA1yj$!u=Jc>P3m-U|R zE#6Sj%~h`+GY4&8BzP5#LC`kSt@no?cx5I1WtW$!?32~5+CV4x?Vm7$J>xeLEUTRC zhmccp2dBzzSaid;_u4Su{%)mhuhL(0I53Pyv>WQ?3LXm?5|eDMpa(p%;I zxn}f8SG7txM)}FGABy@*E9KU=(Y^B7jeWZi-95A*)kXui3Sk;VyJj&~kD4f7zrPx^ z+?=R*UZ0}Vd!-ETJW;A8pD1grJ(Mht8R=vWx{2XBs%myJ)rFI9-txn~lIp6MiN&M9 z-lkesib6m6NIx-rO@!C5{Y*{AE*Z>B=wpBl6is3O+MSh*ly85 zhNF8k_a38cBI%7_i(F{;>?ITS>;ch&sZ~XFcs=q}k@Oa;@K~YMX zaN=A$Q7zA{w(wOS^|c99)G8$yi%hPA{{>twB1})iO)#ZWNtPKG(ABhmCKYD@RF=Vn z$D)(6O<8JLpF@ECJo8!PoMlA~^Fl@B#!`m(07`ILCB0!}i#>f(_(KR@*Pe=_42vA} z7LkG^2u}7$bZHd_JSEy z{55K0rM~yQ%UCM)gnf&OvbxS zJ=1e`+Gxz{;L$3(K#i+AD@Snp6(QRG3&5N#tuji{Fho(hC=$co9NwgmYq{bt1NUKG*JD1WQ9dbJ-h)W zc8HJDDV?f(tGv4`W223_jv6g4%TSXf8sJl6l47Apw+8T~idFRS@!?;t{*)QmXhs?V z_HNGIN{>T%jJCc7NO{pO?T_f^clvAFO-{f^E9)xcWu~&ma@dxfqfTM#qMWrxR&dnf z)oQV_VIOr!u6fJEFA^LEku%28{NWr;MIEd=VrMs&dp}73^&`ndW|5kq9{0F`g)OhYZx-6 zBzFf8g7-(%L_FM@@mq=4vsl&5$}5J2&WgzeZ|M6W)}}J5b?pkdc$y?6%8f%Oa?jjB zCu{m86gaZu#-aUoaELn8kz!8;&D()PTczPu>NNjZGcjVcD%bM&F!@T23K-jFgUq!2 z1WoTWEGzn@;-K?V*i{nwLtK`SVBFAI7#0r$Trl`%MpT@~`t4Z-IA`Miz- zYs~JD{le&5FkCvvNV9dO?sD&J6A2`P7XHP=hZi(RhNa>m-;2wwH7hE~lh?D(gJlk}@;9#cA^RpW@B6Hd$}!08Gf2c#%! zA29~k1{ILmyVJ4~j3^8Jq66@ic_Jg}!yALSj34V!(u(*&Kt1D2b|za$68e?TmzDN- zy+VuHljh25i!O$CR@X1^!^>Et^NJFxl#MUCtZx;c?bJ;vMm2^fRX6!3`-YfYQ0W|*1j(~&|d#3p){%e4Ppn2a0IBwz!rlUy3%qF1U<;| ztT_BkxNQ$d2i>4RMURYHRQf4Y^UV!Gp7(Z<{+-fHYeT()U0(&85GQ7!att&|23DX! z@!2FKIODRZkOR=2m^_i_vSkUR!-hYW71u(6R)kT`0Zj_H#{v#HEnP!g`=42IiB9#A zO<{Y`zZj>Bs(5{!i))n7f4gV}j3B3D?V?CQsr!Brd-0<*se!s5`jIkg1Zs-E%&12cp{d6bS!9OFQCUC~-M=vq-PsQvaN+uNSry=V6)yQTN>6Kimwk@8U}M|hK< z*5yEb&1-UyiVGr7xvKw?rmJ79k0|4rqN$v*1Hu}!40+z)c{XWso~ zCB~AFcnVN2&Er&pvD2yYK$$mNdNs^V6uVMokZQ{)mS8g9ivJt4I|8kPPoaB9?Xix| z6SMq*i%+Hd!5%ICyhz zeMak?j0H;!XDnLk8P)~6KS*|y&ncH$Os!j;RrtK9 z^*T`rtJKrn`o6I;x;@48fLEO0py zrdlCySsCdwXLA3CH|Z!fwrTY3OudE^rn6G8AGUnEx!!c4X-tu6jGandl)$R4B2?G$ z9#q#LIQ8H>%iIFQt0=GBt7>CNFS{zN>B7xRgDPxH>M-DafO?)|e9ifbT=%U}D*c$! zO|&I!*iVxJYE%&}!+@D}LD{J|;xo7-qnUj&l62ZP@lb~XyG08FcCBPH!LX|>tt7GJ zxzzH)tuwSPBHAA-_^&0y#i1#y)wqLJ6T?@L;YIDFIr;07(x(JIeGD|Z0_#0<`h2kd zqOI@Ig)S%~_RzK&rY&M%H_8$lmiV^8Dp%hh)!g{!$qwBrhX!C(1zt&4qV&@*1PXk*?;Q=PEI$=BF_f1edQ#+AYbOSmV^_Z5Mum0xwpyB zxH8O9nGoCj)p{&M3c%3jc7600nq?5^5V(DdGnw)QJR5W@f~5r5m>llA9UihKnD4BG zE|gmJtm-R&)-GOgk;a!l;NfBAph1~M)cc#PZlJvMqr4~$p9q1AyDuqafhmFrZ~Q>9 z|7mS298|1BhO>a*?EC}I0fDoy;Uv)ZV;&c*l-Tfh z;V(ETG3=x!d-S5^`96nXKMe_^@H(JGxz)kG3RoW=LeE6J2xHTFb6?=qE7%c9&^i?e zBVnu3aXPrwuhl2zxycZ=gGxnJxzh3%f?+hyy7=iICobY7bK@q(t{ICoKXa5p7v%WM zq0Hcp7~24~0=6cGK3M6umsUNVZr6uAMN@JCoER8oAZ?dvfl`ZbfvWtQnc&W@*b66a zn(dJ(i5b013sLOr;8*qziA6`I{*w;AugRS;`zhTY=85m@`1X}4>YqQlXcNaJf$WRE z7!sFtZV{IWl5!@qKSCPUFK!_&w{_kzntjuU{=%c0P`{G#;HFp#0>W z>Z^8W%Nv{j;0+0L=~<{$Zbc$XF6TO^?-kS zkxN;n@i$d}gKLS?M;$|zy)+M~9&IZY+{*q8m5Ly9t7EQgyRY}D9)Y3Stp+wg#aeSA$AIP_^ zq$_buZVg$Cj8`1I{ljryi~q2TfWIF{XEfjPt!DNtwdiD}zwZVXkl|e2aK-Jvai|ml zwj}%dkYDvnZ5gEk1oRvn|3%c}QD8!eZQtvW@a>{ft@4WSc^#9KukXQ&i`Cw%^o_i! zBqshHZzY$vSLI&T<3syIH6-@n1K%0*nq>QYp_utbm4O?)WnAXqyr}q~Omk$j|HWWU zPP3#WeIbN{3#+}QTy25*u5MusFSU7$^xJ0 z(pRa>=^wGPq#!JjsB9olnN*|1hH25}ReozU6<3x&Y4N$`XB((>i5VzeuY6``UfCOvU?SVOXM*et1Zc=U-on#U1%sSjfd&cj! zA%LgWptJzW#X;nSQOH?QoxQLOv0&;HIIhoisFHoii%>Rg-(B|w@ejav5x~wKjrQZm zH1&T2d`13;fUmHziN3Ry(|>tk)`0R#KXm`%YdVli>Shl^;Yvct;EKK+7~qF=fzOD* zyufvV2QCmv;#()GGa_DtA2v^ZyYUI?~kJIW|~O#8z}uv!D#1{*2@X@4zw zuAVbHwrmy2!7}aUWe7qL`Uh*c9?FtT(1&O-8#`*M-`fN)S!bR4HJMd~_8Ko*U#6_> z02EYaE$R|iuUQ1aV2X`?a8xRJDiLBl67fra*yQa>4?b^cPs>=$DtV*4i6Q(Ll(RbZ zclI;jku9jDNpsqp7%`7{8iGVW?_^=$K`c{WKlktN4Tyq(Ac|7RlA?zzwhy7M$3`n@ zkT=f9K1KpYxgwTkBVIhHnquv<5^7^Wj(lQqA=%$GBT&kSa7RCiSdgyuauU)i-(J}z zemCUlbI)y=CF=XLcIz}W9qKtTgpAXuCRwANVI3g5He=lwZ^kjTWmxMt3h6>aa&h{| zid_>)Z~C)ESBnx=`U;Bd-914ZJbzT!CT`uKZ#MLvrlMvx5C#&a4)oNOXo7pz4A(%F z5m$dtxo=5240sO%hp1OrP}4wx)RtxYPkcQB#;RIa1QZFZil&n%{nYWQ9CK>cn&a<6 zZz7?h#jKHDua*JPdT|CRY1RbXU%>?BgQLqClikCR`~95oae5tcCCzJUF>q;ZqhOb{ z^7MI$xG&v`j3InSeI3B*R#xcK7!b<-HC++}O?G7wT%);e0L9@$)++vX_%f#>WT852 zLw`w4RRfFiDC?CfrnHEiDWL#aL9o3=4tVFh@jh9c_L_7K<4P3h)IUqn_p0!&_;L=X z121YVe~byVx18t?V4a*}#?Q4KS@g80T2uTR`zX14_KJa9TkS>%Y;(=gthy4xnF}wrUO7V#kD2W#X zF}Z4;&2rYm%BiaE!!=^KUsf>vYQwpE~8)-Uos~Si|f^>Wft9TW_m2 zL~&qrs3L%ttfiO)RjY0izqcpDZ@Pu->X{s{qh~y@Iwwh3)M;c6i3R>NWbFzacJ{G2 zj~LpMjq&HdQ{veaC~D2)wxQD?!{Q6cd>YpWhIMZ21O#I?bjx}q>#G8`I>IXSQY2y z5+k?!$-x#-N|AxcME%@hL z-?FtAi0>eL#;>tSm0sFf?-DL#_}aQg>%J?vkEkfyF#(-(Ne3`EsAAjomuNlJf%uTT zQJ>)n-|3;}+vbdJb^q~<5)_1xI!m>~73?H*K^0|`TOl02zHJI0O#`IFj-}}90Mb1A zxaH5zD1wNdpxuEiH#@tT)7xDF4t8c3sF&=u7qSoPd5O%dNqw@pU)~xvsf zA)9A zFJP{5C|0+-y6h#&cB4n`$d26&x7S3mo0WwdH09`@0h+_N04>;lHg=x1HQQZP)=#Mq z{;D60s)5b7I5=N4FUhxBmgJ+q>8L7iyK;d-*41IIk&j}EZKVr86yiM~u2)|OGE53Z zWm*YY=`kZ130M280O{p&^ub;PrqoN(p?40z`EIo!BAFo8WvlQU>MZ;?Z8WAen{xQ+ z9eJJ1K%|KsGD$MLajSH>NZdd3UPh+V^LE9BIU)I0nJ4oM(u?L{ZE%Vd-wNl>vDJx1 znDO^z8Qo7Vz{VlZf7!SH-s!c@oss9>&0qa+CSSwD34dbeK~F54&*EIbk9cyo<<9@Q zSE5k1vni4^$Do@grhV5i>eN`89&e*MXe&-ZVV!I=&-!VK)2(n~4>|*!jvg+hu^U(? zOGr~hg1)%ckZ?96-ufv&7iZDr%B5PL+RCYDQDdHJmrD3F`hY{g0*$|0G9>g=RZ}`@ z6n}Yp!_SU|pTsGPvF3zSxsWOgQRdRINI*?+l1cpx&PvBNcDY-U&()H-hoc1r!0ApO zkN0AW&oc5&QQ|*O&>@k&i_Q}<+}#p#a>V2uZ#158_WffyZluc8R6;n0?@N2Z&Ih03 zDKt1x!O`Kd`HVG??AKA!0KC5$=cp(ABT2F>p*jO#27SNH+QgfjIrAC4lfw}Da%m!< z{_CZumGGsPHf%qG`aX*}7r3^5k0*%`XN)7ItHIe(fquWP)@RhmIwvKQX7;SDQM#~( zY6An#!L&yc|J64@%|eu}e>$4Qop(>7G@{|iY_nT>9#256-9k+_5Hl{ZHkg{U5X za_B&=nRv7LQMCJ~5ymEznRc-T!3v= z1egbVbsrnzrz-41WzkM@#X9BQdbI$`p}m=^|oK$1+`s5n)@A z?p|b50UxSxe{}cxofv%E{koC(I-RF~XYC5$SMJGmuW3Obq#q*VuX>=cD8cZBsmx=` z_^Hq{5KIT1E7mBcG&S)CsZ)Ta@xW0mFneZ;4Q~07?Rdk(q`{Pl(RcF7$M)?hkwc>5 z&hIZTuGG&-Ueh$nGTN5>O4YP6&YbQTow!SkrDBNUn>Kx-qDPTQ34p1MHC5d~#;+X0 z{&b}HTJ?Ke>Cav^_$9bffqJ$eh!bSgkhDZW((gpkSog*YYR+TL&pY4shjoq=+z?)u ziS>SD+>3SAxFN`X!*6gyR|h_#YG?j_m!p4z28I`=o@RmshOXp`$}evo))o$ASr(5Q z`QzHS4D5p%!7bXbHF*4I2|d@5MY+rzJPe*>K;v6Rxj<{V0EcyzbKdZ zgtqBCd)tP#_RWm!A!NJS+-A#)+n5XQscocILW80tGG1E3rvb-+J^tUX>V%lzFth2vXG92nQJJ$McK?Xkt9U93==fYyFZpG!s7fA5L(WN&+)`W&dghfY{j(047FW81KYxP5{3{de-S) zDit7nf~$W527p-Y63~M3v7t1OUfu5#|9P53U#tlcq7(JYF{Nr!>qGTmld> zh5`pKm!BK)NRWwD##GwlDn%f_-xO?CDoj}u;6X2wAYO0d;$ih@@t;irjSkIaLB;&n zLm3bFV_#N zTt`I?UtwLb%2zx zIIjeq*Zj8pvB+GogKTHgr)iJf6jWWM@LHmwWwgR_+Al3Urzf-6uOV)z;^Wm^R=TRx zOuZwq3z2_Bt+ejjr}&ZZYsd7P-{%Pb8T98;P-ZN#WQavC>bB@KMF1ip_t;L%Ar_ut zu|eTcW36O^$tAo1B=E zlhtF&dbwUPiwA{ZTV~P+jbsT~#~p8iLv-&*b_r!Qw{spq7mRJ!slM%jHO8!Dz|du6 z)61Nf&7YMOijQ^3BjyhO=ES~v(BzLI)X#g&s4@UioCy91orv+lai3~NoWfB%@U$yf z7N6|SD;BV4tg4DxL3>zwirmbkXxsH@chZ5WTYj;XvoV)i{X-+`@^(;8A-xPlVYmF9P)le%Hda3ekNrD zJmq$m5)(9AeYAm6jZ>93Vm_GKaGQL&TI6#z@y0V9+=owE{L@BSl+gJ&Uu-Fw4ZeM5 z?u?4as^w4 zi5Yv)m^$-!+Nkhlo#c@HZ3xHoF8@b11M0Lv0TYMXDe*EIftuE)QTt-Be!7))gAmV2c&JD>!Y$V{W}hJ69 zIi+K>g2}fbrWXL~3v*Sfq2-w1cQw6~qH^#FQIZphln2AR6^vACn&tZ%>}gW_9F1$C zW-Ot0Zov#=Qk9b^6~qjWXbT#tA2rm^wx3*dizW~BNxQLf*-Guaa?g~f+)e~2p5orT zdAtP5*}4UE6oAk!X}LKi$Pc=IU{_+QTj>(WKYob)AK2Bu>n5=M53#HNn{>jrLGzj@ z;@_!iOzke>xxwV3ZAHRGh@xDu04w&Z0?DN;^`5BPw)XRV`Gl`6w)Q4M8NLT6LRjAx`I9g0o-3&1Cc=qo0;$_ z$aR3cZr!^mA|Vn4Ar>+iV$q7>p$YH=R8P095KxyYku-9kI`dQ6kYzgAMNWH_Mn+GU znd7vbb>fZE@ccw!`($|Gx3%vH*=)GB-TJ$?7qcgwShs-bUdn&RlH3SpqQ|vlOjy1kCRzQiILqPEX$inU3cLXyEE``~!k z%0Lse4o2$%g#eyE=)pQwbhR(;yG3tW0LF7pBE&u zdtXvP#?FVi9L+am>PdlFpSXx`eK>O9RAKFcA;#IEYB9Kx{vxA-qGxa#wojhsdZ2ph z7=MK|I(`L9(FOU@H@HSys9vbcX#qImUQMG+sdJi-D4(K@kELbIv!z#5Zh2(Ytu2)S zPthQ8*YApui^r}3#A(73s4;m~jU!99?7&>J?3SexJiq6X9rg#gdpS7SWRr6un-gE( z-saiJn$gL;|3a=U-*Riw_P?tikh_L`iKI)dLnk{f2x`I?ZNOz`kyw>hbyB!VfH8B9 zY-lp!;7d!+T<`9`%e-~zvOt6nkE#@7p9k+DJYu>M4TDaX5K`)dDkDd$;9I9u1TzmO z-8Xqi_k>AqG7WkBR_)AwHYx9Lep<^>g9a$?!=!v!j zd;r(~{eW%kc?jlned@H6p3Bflnwex)Z0{<_G;0ZkNOqcqLS32+MNiXhw^Zsac6A4YyzFZ=6SjmkP;t3=bkYJF`Cg-;0_M49vd>+3-U2s+w5R`@MQM|4W4ZE1I)M z4D82`*#GK^#`!&1iuizFG?Ib*;Z(>skl^{ac9JDG#SVYRW?^KW?~dy&!#JC-T;Dx{s5cyD>m z^t@_y-SYZ+d<5+=^Zl>>b$?1^x33AeXcyuQ3I>A{U_LxDPcd(b(q|sbyliu?Oc}6XE#z zTy4Up9r%WIgm=o+mmCELkiI?j9dt`sF3N;MW45m>8JJgl-~%(A3?bw_!AKqdvPf@% zS!lHGC_{3psg-4K;!wJA>+vqL5vb_2Ym1MrqbiTN3L>pqVYt)tqO1EF^@(Ehahhu0 zgD~_{mto2@wcNwuRaChe?2Y8>&lX@G_)o)z;FkGT=)+O3-!BtU-zIe-+@`?&8TrmX zuJi)S<(up9sq2X6Pu4NZ1;!l~W;nAyLP^%xWa}&_DY=R-R{b0%!2izYx{)KXzXt9K z|HMzL*fk+i)9t)LfW#yG;3bZh^(BrO#lJz7QG}Qo<_N=Nc~BVqk&OgPB*nrcOrx+* z$wOz}-Ir4Q$$@qzZiq^u!XlW(%y=+yhqX^z^1x=H)J}cn@o1x$!9{RiNzXedc|E%> zBA02nM>h=0LF&GQ@I{fE7OVqD;}sPA?lsE#fYQ5yLR5rpolThihFF4l3gw;$jm??qICGX`EaGF*tL0b6MbCnR`&!3 zo8SZJlhiPyeJKS%pW=qVRnN5T#r1qS)l8t<1?(0G!OA$IF~ad}A-WqD-6r@{xUSTP z=Q7a#GJ;VX9?hc~7VQ)jEj#d}Z$s!6sxHTXgL8V^>^8xmjo^N)` zlnp4?0%!mA9XU}n`gpFxgF;OlO)%-jHL?urWxhj;&m+sSwF_mwJJPJiR7E8$_@~aO zEp36G6pqdS9uwIPxGDLwM1@_QJMKJXD@M7feD@jG1nLE>UvoOwU!eb3uSAn6y!7Ae zHSWL4Gx7fq*Q@;Z#%}#DPMD1GKX!Ww8xz}q?ehwwvcLj}-ZbMq?9~2T7Tj(>;GeW- zVZ!W@g?|M{6q}gojZhbv@_z$rLj%HmJ+|_EgK7c9v}`<1ovPJsNdTU1K5iiPo}_4w z0p~20VcSPw~jib>pc`RK2<=Iyf^u%$(?eTICHED4w|1fEQoMaL4#uEL1I?=#)Oy{vil zK#};?UPH(uNJn9*s8M^VXa65-=hU7_6sFxyr<0Ct+qP}nwr$%^-lSvOwr$(C?a4JW z2XpexH3#2G{eh~ztM0q@vlh2n;{(_w%&8{AQ4JqUB-$$Kz%2x@Em>UiN2(tIia)s~ zL3B(Ez?!-UyzXc{ z4jpHqkT%db*g7wN1XRj+jfkR0{Lmw;&LOokV}=CH85@~V=mot+2AUN5bD2fP&@?PD zfCFd0B6Q7GZ*FS7n|_sFlYAg~Z>t7x~>%P9zT{;?^IF@DMM z+XkwdM`HjPgItza#&l*XEitNim1o}n4UKxH<`4KiFZx_G(ba-pD~K(@>L{K^ag^4S zs==C(6jfPLwW`)bTUw_)ENte;(wG+Cg8wNuFQw!x9nW13w`3O{BRMP60kNr;Sl0v% zc~aYeVeG7ol=}>dZc}`)a<&Jlw5e5ONZmFROblPJB==QR%f=J~&IY?Z?(8J#)fwLc zU}65ThY&9IIRlfQTjaCayv+tebFdgB_6QMTT#gYX5-F|`_08W;9=VigvSH1 zLNEy!Bd{1B*zfllAf6BTV}cw|PC)>O=NB{3dP#a*jK?;HNs+c>${;?pUCv>jvu(?pd(w zQVMs}Aafom6OEQx?Dc@Jizbe9G@duY>8%eIl>fN`->v-^lZMF+^H z@TFqI1GatPM5!Hcl9JjgJ1nyyTQ}zCuz+G_!uk3wnIDfdIerf?gv}}>K?5&fGfHFU1) zs`H?X;5?qrEMelP%qbibX5Li7-Y1=ajoe6-D~{LGMeO`t6-{Yu+rV(QlO<*#3>sct zSGH^KUk|Znr#XgU!R*QSDU+rx?w}xNnA17JFN^CfxEg3NRGQA3m^lJP&S?%Ui*RKh zANO=dlj9)IVPvJqCw~!6PMfxcyEsL;By#7WJKH3*?;x{t;kr7pzQtK>m(cp4ogueM zbrw1wQy*He(iikZpUcpX`6H1ZCXea10B8Yzp1VZtf=8#cv(nBq3PzO*F$rRj{_v7f zpQ~tgS=S9Ix;Prj#E5^^^sN|wa)~MyX#*UHT*q)+34w} zbT7T^CxN=liW@*4kzN;MRJCdkcU0r5(PDcN}wLLsnlO4yG$W z!4*O~PZ`L=mhUMSTy1x-JC*uE@p@q+SFc~Nga@be3mYPd&p0gWWCyNJ zZRmb-OdD{ETk(f8Skgnn}l#8J4jfw|FC!w0|Df=Ax(~KDM zHa{xjuw!i!*JUphl@KO0?NPIrhmyBKse&hPRt`?%)z zU@w}ZYnD6*dK>wYEYXItmuG5%{i227P9dE<{fFx4sotWiSs zkG`8uaP5xpa159%J$82{Cde3YvX={X{(+8s28pDWgP?m{VhI{z$I>^rP1VDKjd+;K zG5eNNIF{<{R$Nt=KhJr0XqFbVXR*0jUkUwffhW%Sq-2uTe}H@I5LzwyV8pNFHKtWN z_gn<*{`$8=D!Nf;_WweSR~omY1@6v{w6}>x41;s zXk*VcMWnhxoyi>)4X*7hz|Iwqqp@8CBr=AARe`XT5`d645e@mV90`w?D>eop*To9>WG5z$Z0EA}wd1lSQ01JX8)_QL#ULs07V$(@@s{c- zxS2ZtGE8*|q?u$^&t0Y{*8QxprNY=$<8{s%?ja5aZa*-Lwo|BD-oU|_#9PV z9oV)Z5VrA9488C4o`P5Q0OwTG0~W#y{&Y;fSM@u2)gYvm81JyOo4kKb^6sKxumvs# zvvBD#%bNOtiE9!AZKI3AaediU^Ks9b%qOp$`Kk=1DtwiLk7P{Cy#mQG&P1IFio|x` z?*x&4N7RVs+}nyw?!`yY$iqi1mF(kCTK3fn9RT-InNYhTFk>c037a}FY2vI7r$mK= z2W&@Qw66i7H$dxKQm3uF4!(sfWeeg^6I^Y^kti3WmP0*}RxvTEO&LJgeRa9R&*+Fc zh3koN+b{~<={zi_Qe1bA#jkz#&)ug1Cj}03r&{RAw%}kpb=-HRd3j~&TRi(~(BqT! z>;~6l$C>Kb3-YV{!?uXl(T(&ao&)r(<$9Qcmt*~C*6QANQsj6L`*4) z-I|3KlmZ3*rQ_}~4if=@dQ)Fv#i*Va*Gv2IO0A=?(njXG`@Hb}_ah!m_3J;2s;bpa zzQmuB3gQRI{Qr*KV*ke&qhM@eW&A(Gw#a`0o&=2bZHVaq`$JgC@+WK~aVtVd>K7ur zE5bKeXyO19bVUrw$w@&FEhz~m8LeP9Nj7mBxkA2Vf8@bO``r9}$&Yev28jmgZV-1h zxz1oe&T4l&KCZsz{lztu_{ZR62JQz zaKB#+KNLMwP&h6%#)cAeS6gE(N*Tk08pBFl7cG_eKdUO?Oe0acGJUCGwmGPN)B@47 zy&b+bl76cuKq25|LFG4MOOd|9Fj5sGmvwW`L07|LhJHn^8mv_)=UAOsLW)@wMQX1! zbhFcjNV5I`0bZaB5m(A@sKDdYGP4oJsBG0W=iM|JvD!rI?+Gon4y|B(9VHU)4x>?* zLzB)X%1%{-^j8dbOn6+Wdk>KPc z);%B7dDIdrfm4KuYmL}++zYg@fD^|z`q~4lmdQ)N?sB%>?mwXm>NkUH zI+XQSNowz+etsKCP&L%u`_sc%Yl7G2e`sdo%;2a()SFnMKUi<6YJd?Q2p7G6lY)5!>{}rKI z`MVppyih}7t0HVHzk4@2{yc7J1JN+!+3X`O=-ByJgdPoBk;%Q5o-N$a%hKzGV%m2i zqGRt>I9EQ(n9fh67N2%T?zl;QajvZoa$ipud>>iLuVSWxz_0I=vkPw$<1gpe&D=7o(H zyKpzfeRG9P8MMSocJJ5bj-@hoU!SeTL=_~g%B!FdYHY&kKH?6IK2Knvr+{kxC#84gqj>t0 z0C<=ZS)c&ukjl5iu&MGs&-5-c6C7C5=5E*>@ht=rKfpnjy$s3`VF=-t$k{-b@NRd#A~XX3T!G)NgujAyfP%gcb%MPFN>>7D z-Ab^^A6Y(B-u+d`1y3WcP=@;@kT>uICtlmX2TlDoloPVequoEP?ebf#Jixi(IVTzlL?3PjT@ zn!1HzKLKBYA*ut8CgDaD1hqdq&fkfJI)lxG?jLj4e633>pFV!bA6YTy(tvS2#6YEt zg+4yTdS1Sj&CQ%mVPdCltzP6Ht|0Gw$P{FAsGB}zyT%|(BrQp}b5z|#|Kh^Y21(&+ zRXgCu-CmZBH&*`ipmgMo-^~pFGBS89OU%3zt5IItt5nM7X)23mFjJZ*F2R>v!iPvg zXLejbTzfJ{-n@IumXMi?0&BGq(?`Yq+jnumHIX(TpMxK$Kf6jwOLfXcmh#Sm2VW?_ z%dJIG(DQL;^{!NFuyOcgWa9`6AR7`2^lEgY24u11d(6yU4JS98$ZfL10+Bb64 zNUSuAd9->&`6{UKlbg_-$XpPN{brxYb9X% zCW1TOGQIbIw)okuR(-TA=bQ;XCEenCAFh(pYHC;(Yfejebo^4p_dP(weY{AGB($!X zL8=j_psJWLdM?0@7c9^HSDY2G-9%F{3LaiCKmBV5&p)C^oRk*x`o@IEO_fnlX#^-J zPpp_WSqkIdx*@s(s^e$>d`36gz(R6n>OWhP^lL-M*dlw0?x2aIXksHA)_xU?5d%K? zdt;Scrr z?47sc4IkN3XZ`uT%{%xuuQzY;+ebHY+gsfB2h7j|igBya(W^UO*1B|p)}$I}A!v!` zM;3=mkr&FVR*O%Ccn+F>9)rFut;|@^iG(>6g4qivI3ljMf=;}Tx1&8e6EJyQ=qyZ# zmcOzEWxWiA#sA@%AiGIp955=vhhDtWWyKYdd!$0t3_L_SClyQd3z|-{)+#Ts%VaSE z(=t8%OwKglwKd{!w!KqjX>mD)31gR)as~-15ABYy$8u!tGe}y=3W1*3*8bHhrFw?! zS8Z^bJh;Rtr)(N3S-KM+VO_c&oU}EprAS>hRhFWbx)x8l+iPCLVdS_e z>NGhyZB}PSgJXa^UoBp57!(RO3V{bx{P8oTQl(DY**+CrCU#S|rr#z9(=ExFpd#c3=iuT=1V@N+K=i zA!kK6gj{f*T*)>V0CSQz38!YQ;|ea6E0|<;#?)Yl`5?7;G#*dZ z@Knmh??IXZAm_=)JPHhkGP9?44}g)c5nU;1W54qQkzCA&c&+40;Ru&zy8PJNekA?B zwbHU#_kNGmX~T4+b*ZJsh+icIEP%|hD!B^@7eMaLim`wtajEfkKC=iy8>l$p>?4x# zR6*T2QhU~>UjY`SGP;rzA-n$#TLz4Pcg+2Dhl#!Z3P}z_rbosu|8p9T2=| zI1Gg*l23ZDt|5C(1qRwHR)0O!YDHIM1~$Vs(S|nng4CZp?!_&K7cZtGxQB39ovNa7 zDkK#!m5YR$!8HV|QVe9xe0?2PJo#UqRR^;SWC;~TtQ%^&vO3=Fzo39yOp)KyK{Nc9 z@7Mvz#^Wg}lQh!)^DB-K+_E?ll5>x9NgE!efX*npW+R0=R=ZAiSP24 z{BVaK#Pj%1x+by>eSVCSvuEL3t7Ig?u%;2^IL2&B^|VOu37@EyS#5eong;l<^cam2 zStm*JkXHUg7M8Zn23 z$iemDh@I0u@)d!B`0=Y>fHhUV-;|6Mzb*D6JMwbvs#;iHvHL&mEjCm(@D(lig7OGy z_^^PU$+Gf9<&?Er3;rlqmF)>D(JSj)n%C0N@3A*?QsafVipK(9d3!atqhIjcY81O|LOHa2BTw@y>NM^UN8wX zf!f8k_BW)u?7 zM2s;0JEr7`?>Txgk3^Y0wBb>|{d_@k0I1T?hzLlYIdr8Td%iFkwHzX+P1ESAsn-?+ z$zkg3{GFpfIVp9vh22@0^RH*^_`u^)ybDC;4Lb3(%c~LnXU*qV+Lj}O-c3c@R~K0> zwzChHtW2A&DBrpv>~v7*)f5oPF0&t}+nS9S!Yeb1~AD>iB_;o|k zC3ZI$LAxty7(I*wJ*AB9WK**3_Q+9-@9N7Khs&%{sZ)Kl7=b$k%Nl{7piziB85`IZ zn8w@i9f3fQG?3<8@{sd25i8W=y6ffm?1OoR@$qW>Qd|SF>?v#+se5-AK8vWmCj5$7v2X%&B*0MyPeklT8?dXg#r7hG}^pNv#s( zUikw}pptph@sMmdS!bVME60scTn3#UW6CyuMc4Kh_VHB&;4Fl|gQHB4aP zh+}X$(IqLyn&u89PZBP6qvWObqornX0y?xVD}oCH*(3zE{Tb0 z5(DA+&T*#c*jF!Z@xF*N>opJPBaB7t`^f)uMFA8{%@BsOH5K$csPl zN_@b0zCp+2*eP`@tu$8!sX~(xJb6Ek+#R56{vk;my|%bndE5_B-9>KIxV3y~Y#{)h zjqn2M)(q;^@8oN&k{nv=35CbyP0_7>foAeD$V9HBX7d^A6u)JO4hSP~G;1dpYi%a; zp>#JbsTc)(JPpXjujm~A+oaIQy0_-wquVL4pwG< z7kcE%+sM@YMH0%dp;#5k7vNT@bq&dMrk4QudLGf8TdBw-^%10ROa2Ah>8pUMwSfk6 zU`bM+MsgRkcddYXV5$|N(z`dNFy^Cs3%l_e&n#(6_MRQ_9jSp^lh;_qV?=uLyTn+* zKNe}(a~XIavgHkLEh}G8g8VDQ3a7GA*u1p#gK>~|*=3#swZs0sW>fBeG!RH&@sFUzDwbkljk5WsWcgtc)Ao`9Lx&?iEJie7heu$Y?0W$sI7ukQ5 z;G*E}KtN;94xXyku-^EVSs(FgqY;`uN`~ni>W(VhWB<=+;AjQ$Q@W zC31Ph4&fs-PKR?&e9vGoIY%kqBAgbog+K%IeSp6;0&4eUGH)PJ_3-v8&<1kqiZ$Wo z(SD-!b~QM(F_Ij2=!+g~ihy zad07Vee`r=OI=-F!qUD4EoWkO)B}+SIei+I*=HUApHOj%UPHf2^dhjFv)sV`)QV_J zcsw3`N~fzP&jH>V3V$im8-ONj&+#K^u*q936HZ20B^b6#tubKYTG~V_#uAH9F{2^U zhFA1QE0DE?^c1Ga~6q%cv}PwBKxkxpNMreI}#L&Z@9a#l8k1G%kN2aE`vFc5FLg zOthv{VIqQEUhc>eM^g$!K{%dF#Q?@STXE;=_qT`JYW4YQm53Py; zgjyyQ%9tm3db3MxFVEi9HZ@2j?Bg&CVi?5G^MAV`Mb2L(^v=cKq&7Cl;e-ITh=sm| z5ge77aT)|s%3VSi>_81ATI4aIXoSWC>bnId=BAvo9LowN1He;xDs_tx&b9GzI0qJ2 zI}->Gyk%0!GEY*%o$w&Q5kj0LT{;G7mMpEnOvRuQ>|x-?B+mot-OvDQ`;tSE5C*Bx z5H#hEMgSX2tNdq>gLo-X4u=mYNi5GS`~?^p$SSh|r&b<|a?oA^i&l;q9htRe@yo-C z;vergs+GN=VI>AG_TLrSwbO!F0w)wk3~w<$Q%Kq`Kl6wpX5WEH^46O!JmOy znAq+@fsWqUoH_6+p~a^W@wXAl`Yry)GC27WE1^a8Wz^(M`Dv;7*^9!;qT0^WrVpUk zpYSSgQ3@X)AfYaG8VNoZlW7vH9U!C;B~wDdZEI<k9@8;i{}lMoo@q$E#A> zqp)WV%mojek48JnUhbCJz+<~vddhnHt1pB0f4U&j8M zE+1~k4FVL~0`gZ$U8}JsucM6ZwZ&F(&jsUICw#FVxY)s!!X7mjn;pIJ5naSBwk4G1 zsgI*~&*3aA`A&!UiZF(a?w?fSLzv6LuP90UYIdRd-i{J&654LDjp_lH+h27bW@E8d z)F7uh!$JM|haPu{^f>+~rbX-8J==2_W>ME?`ouW!oYF`#Qm}@Gk4XpEcv%s=l(%TL zrC&og)oSWNXQ?dU1uv3P13z2`iL1c0M(VNg6GPh6&B%z6#+w{5hJ+0hLhU7r2dAofsH5B1TWB#78119hb{5 zOzA1I1D!YUu=Tv zL_)S^cNvY&zh>HJ$1o5b2#2~c%PYJq?2GEjw#SpQFb?6DAAhI7=>FJ4i-UF zEj0+l@>bvT0Gplt>^`fWQ&{5QH4XrPDCE-cNG4pkdqudtVgA-#nuaFVk`ZVi!qx&a zOMIVmJhQO+d+2~Xo7M!fX!EUY=`?VXGhQa}{I08yZa)2^yepAu0JEU_Uvoi|11cQxUdw> zKz6}?k3l5dlWtb1HuPhUhuteyI4^maTgxqpoUcrs67e%)Sw66|7kKUN35R8KtB?<; zF#@x7jmux4ueuWGpNT`UJi#z^p4V9}h>T?BRVWJ5a9Rstj=EMkr`5?cPl2f?co;tJ z7*)0Dm@PIib*nC^FZ~Rkhp;@>9^TNn8KwGgp699p3mw2UNGv0UWE5B2gL7jowAgoo zYoJn`=grWhucCqbpBor|hW7vvpllEJtZ0>&jG5NsY4&Gm6Qq_6twprS>%6<_$bU|^ zSmKkXjfrTelATMOQzWq-jOx>MtLB{c*;X~nS6U`HTc2ootaSf?J1Wir&VkPPlxxuf z$UHU*Z<<)F_L#(r+ZKvTlS|ZOhfpO30%&Lr-zHuxNGg{BzR9<~Z@}Gc8YxIa&3%P9 z=PqqecoKmTTfxJn+oculVt$GH1gr866ppcVO={0=UjaQ-(D`t7D$goQgK{_en{@9Z zAkiVe)STZJ}QMu zhuBd$7dQS~{Bb}eG3jgrx3804A}x0;F;*yROuP8-$}K~?RSv89nS5o`WsxQp`_g?K zXh7_(MUHuh|1EvTNXKAhVQOsqk>Eg7H0sDNl`mOBg$%)!tt*2OZ@+e@=y*n4Xd|$I zP{b0Mb(B^#k7SL3tt-x=+^jpr%jp47K{c-_&biz8hcT`2V`N>k-6~+^+R$JL(-iDn zIKbGJ$Cov}Ne;eBhSLqhmLc8zO70Q!rZCO*vdPaKAuB_Wl-?yU(jKdh__>P!MwxCE z-+9q3Egcnhy8?ly$biTRe%=P)Zj~igBH_1CT0gMO7QX#A8TIYN9U@+St&;2pA0|{^ zVymq=9k~}DwAe?+K>2b_jWo!+`{iog>}H>Ct}-U~y#evp@i7U)3WwM_pIVLw8_U~} zHob9MhWGx0NrS-DHnX0GlSX;+!Qh5Ux5$$6E_?dgtb8l+UPcNukW!@;i(;~M%VGiz ze6W3+?9)9c)~0_&7d#6FK?j2N2Q54cvlmdtusIVm&f@+ey54eY zfip>$_=>KS^523HySK=@<%O5AYy&C!DD!r+J_vj5nAhamuM=%Ptq%b6 zlg|^9`E~V0=~KfBIVp5!gwRO(RD0Cy=F+Pkx_Ml-VmOJu_jck23C-sI>xiYGw|ZFsdLN(g0WF9=;64KQ6?>08+oBV zmsNRT;3*ReKrD+8)YS4h+3TB2U?(1|kN18o(yZ1laCN^xFrIEkr9;Dk84>SlS6S7( zIGN4z(=NJjX#ZU-z_Zr|+Fjd=`slLSel3Mr@{~JPRj>*JHqBy@prjXHhq^8q)pS({ zl%}ArZ73`)ZHXt=^{(^VfTyutYISjR?a`XmWS~OEqKyiETGgFrx^`Ea zLiujCUTj+zVevRKBOR+z`_1fx>pM46CGSFQuh7_MbcTi_a19vK5pKyu5K&oBxa2U# zHLRvLg@NLDe$nb0((?{jw2^Zm%oIEez2HQv&|DPD$)i(@-K-dl-%6PuYHB!*h(Gvp zG;cPWinB{57lL#iezTPBbv!BzV*x?6W8 zdzYC@RP0+TO+j9DrF_TnjI7lcNH&&nO*S3~m@l5ccu(pCkkA#(cJt)rvWoN>iyPT0 zK79^YfPyB5UnsFn`S7iBp6sRT%cE`t$GU|s_*vN^fUE0i(Bp=oa?o` z%Rb_(wCmMDwn&h;8|ur4Kwn$#v!0GwVZMglMHkEFuk-r>pZ1qrPw8Ma2@cr0ogF1L zbt}-?(tpRlLIdtEn)hvDq*wATK8F0AjF_$!Ft3T9v66^73-K1e_*QY(zL{#VrAc5I zi^uVaKsQ&uRh~qVaP!O%84kd1SHAfPz$RVH?PvS?#`@|Gjgjjk&AYPa)OaJ?(<>Zl zMGa6WcD)LQzYzGXf1~|&C!4y*`25n~4OU&(C4aZXcC&_IXo=*v?NWYn4eAKY=f0N* z%P{!<^(^*2j3(bzP%6XvUSH?B?it06fN5A3i|QOP9?oj=z_5Y(ekBJpv!&84HUaQN zo7kmiH3lp(SKTh3N$y}5O*^wSIbeyVL4qO}7@qE(1@S2yjwPD5$A#ZK*^-fJ&!*& zT967O9c3RSn38KQ%~yIC6{5mSQ}{JDe!kd7U`oQ-mf^ z4bX;@axP*IB`cmGXHdJKiIykX(0;uY7yOMVDKk8@V-*`n!lyCeHWJRbv>!)FyQ67q zQ&E#;e?(~tG-zLX(*KL;f}suaSTjvG*a0PBDB}zvqMh?liJ~|H%N6~H{+IXZI%RN3 zmHX^%u&tOlo}?%(P2szsO)10_I!{bPS?Fjqao9&(LQr|Ps4Cy1#FjL&Ph}bhxJZka zhpy~RmIu3Xc5eKV?~;EL=$+L$25XNVa(1J*=U|SYELI5({5UfU{YR-__7Hh0OZ)|& zPo`X)VVJ?p@kR1PCK{WE*7ro;6jXE;3bT~?dOpL^R!UB8*Ici{4%GH*AWKnALs@E- zIwJd|;;6H{#8rmzx$`WI+4t#}n7luL~AlzoHu?6elGLLRR={WxktyXXL% z#hVaumz~U9?Z@VzE(y#t5;2dxOy0t^T>K3AJG%#$AiF7oCpO%ceJsM9(he2U?G(mo zMxt9rK8=HTHTz%cOvm_UQ4zV-wUq!DW3=T0N1qAjx83$a@N62TDd8#H_^KJSR6{Ix z-;eD``EyXw{^5?|`A}P*qFbH349UmA3i}9whs8l5g7l>N)Q*op=pe)~vEv9KRqNko zwI)i$)sF1id3F7*8tlt#%WbCPrCL$Zac=1Aw(!lUq3w%Pk7KR)NR9eD8G9nuY^<|s zP4sMS>+4-U$j4zC$Uf-+8N*g(_Gb2GQQO2<%j1RD^V7KfngjpWH|EA3jm{};yC$bA z8449=cB)+~`KitZWYSGPnAmz`+>Kvtlf62b7hCYhlj|K6XG50P6)8^Vid&lCq_kD*E;(>E;p_P z7oj3TSU91y3sGiz990BPAWA1~`AVy*MU<)df6+{Eebv=hLQbOM&%#;WG*5iU|McLo ztBv7Hn2hCymCw@3XPTS$(dW}J@Dyo~t6+kvO0sh`iIgT03S#gaCcU1ivVdTGG`>*u z)gG7$i9IKj%Uhaz<*U4%oj`!1RUk{StBiV&OiLX{Y@E}ACBIX!>&W00>%1Jj#>=}n z)kPkcYBVLV7o-RC{8L`6lV3+?kRA2%m~CF_b}(NUZm^3!AX3^sIB;tKCs$DNj7WH& zAM*%Y&}rFYB8J6-7khtiBaNl%DPAi|Q*oq!f?*fDm7cm?7D>+FrE2jLa8p*E0{H-jhV!*I_jR3%F#~X)c8yLH{LO2tDjBA1?GDuCjp0g zkx}bcmqaD6TBrhpmnz8W-%9>!Eiza@ox&(ZYsoyUqOdmB zd_=q38exju&U^^K-Ci}i1vSF$fI(;)P=fc~c}M5ok|avjG9lw2XfhF6&jPCX0i7H9 zM-YGBn?QAVj$X>BAXgjD@j)9W+F0Nq_1H&Sbds8ewu&mXal;C>Pzi+wTKW1q>udmF zd^|GJbUwt+;_6jI<5hQ&x4)q^fF#3ETY| zEF3f*WHVc{@AcZ>9LPFSQkuiwWuv+<5A)R7egP)Lg3v8&uQp(KA4DA}Ri0JB+2kA3 z6ZycH8o4@6!8DN>W+zsf&b!F}0hgLMk-&1&E{#4Xmb|969e;W%E>GrqMDCHI%V=G**dr;Mzx2lsHUxc<_%({#p>rQ_%TB=v%K}0 zXySWe3D!}*W$XS86w=r7s3+W}hR{8l5>pPtuv4?r zXVz&a7+p5ucx}Qe3BJ1WEN2zTNm8@ zfcKgEdGnzYQh+D4+13ju6u7%73CbNiE&_^P5#D{^=x}Y@6rqM}@<*K;c5hK0<1M~- zchs!rJ-P*lFN%(@!c2g@VY|A;6~}y#H@x?TXt`_%E~y*6G4rZ=Q54X$E>L^9L|i%- zTn&G$vD}hi(oyHnuj4gI(@pCSP#1hDj~#u%MJYKYKR#1%*qOkvDBK8;BA$&H)=?qB zUv^uHw*CXpk;lxJovMZ2Hp~MA#Muew-4>2brehX1cgxz2S|z+op#6l!0uW>mZxc+8 zpY)>kHm*_6{*v+YUOwtv0%{Dc!R+Q6;13eCaR|+r$1FyZ@zg$X;R97{(~lgzLdw8t zWrM|x-oOr{Toxk8E#(2HjkZjo(d>75tB7rb4eEe6wXa$7P}b0H&}>+L9paF;7lNJ) zBS*(f(6*}haGF>DLAXr(Q6_X6#*l$29O35{_>!SXNw2D|(na%)?QU;R`**31F0-eA z$%KtIPCf~(Iqyt{I2mqm?e^0TdJ1Q@Vmtm^7$GosDbLytXJ(tr3AKaI$3kWXEj*p= zxukrXbAqRKsv|cvLYyTMquV5DwhMjKHZrr8ftPTq-yU-^2SAS=1Z68~7jRf_F5x<<|5iYpfPq0)j8of28 z$NzD@^7cRxE;=a>qy)RbNI0m2JX6d4W@KH26XJ+X=f}_qm+UuRKyhHk=;#WHO&Wuy zsTNa*Z=?6e(lt@XqN)JCgFVF_8y+VYcuPz`bc7vT`fl*W=pAyad)K{K@4RcJ&^W)m za=C4>{OeInSY1w^=@wRxF;Fo5Q>pDxDENlqJzuvC9;7tJU0p@S3|$AlU?XP5hT)ot zM91p4Ra2IX-Z_;T7NV5P%s|&)*qhOwHkRPuB%3$}k)Fb%dm&#uAbUsK+R?qvF4xG& zW5QgdKT*Pd<;E|pp>6-$RMORq>Th1gu*tQO8)th@hWkw;U~iyHm)Xk*byYxal#JLE+XGDydHpg7S- z5*Nk57S-K!qv>UWvQ_AzvZMz^0d^P)Iu3lV0ny!x5B?5mf&`Gv>B7kyxN*-vM1tprT)})strmikbq?My$-0=GG+UsJI)8 zgwnP$*A`AyF6|eYCAmZes85ko`IX{pefjsjZw5mV0MOw6!FfYRX^?z-98aoXx8MvF zeGY}SO#cF-Fgj!7gRCmauVsTAFgy5!2xh?Lh%Yg*mPp08dZfH=?YhT z7L~uV#)X*kj1Bi;IH&CFS2CG6cYu{$BVy}Z#IephU*|>+Ts4Ps4D`mM5&Y=#a=AVk zk`-E>x}gjo@sEnPBpLjl8?p$#_9<;8IPe*6*j&G|A`(cYG9e36&H|7Gl*#K4PTcm{z2{ke8nrt_1dgwzSUwKC9j19mfrp*Z?l z;PlFYkdyi@b%X=s8))BGSrGqeKY;KeX7U^%SsbfMo-X?9PK|bL=0s*U^D5L}QWe2> z(1m+b1Kym7_+fW-)JS@WIiZO7(c(KQyQLSq0aB$*_MRUUQ9gigwrZKJk?PiSwYj~d2gE0)5AiY z+o;*gLfqRS(~t6(*|F2m^4F}pj)n*7R)fbyCCAt=8(7L+uu#E2$J(V}3(W*_VADHc zo_F6HJ-C2s$jXrCQT_uwK*PU%S}2?!1dBqZDW6Voh4Wir0Q8A^ZbhgLghAowbqKSC z_KB2+4hA}Jyqut)Cq|W9kI(x>J#WD01ED~tbNCecrB9-V-*3crt4+J~F>pP%m&`95 zWPT}xQosK=s@-GpePL8P$Kmtr*k_9U)aiWcx8D%@uoyo70T5xq!IH=0)4L#nrgL7_ zHegvhKvr*ql&#>!WIs%%Z-oqvM7zE@SXoj$y(+DRW-RV~v;S5M2U~=kKn3iR2h3SzV4vr*?vf7~-SGWWp7i@=80r%)}pMZb! z5WfK)0Sm6i*?a@<-^%-8b6NJIFnALT$Zm%#vD9_x$K4M%V#5P4zj_m-W$%P)s(D*kj{Oi+ zSBouh7cIxus&?3hIagH+thVERcm#7X^%&+qK|?Ih5m>$*{*FIah4Oa53)Q*X;H5_p zBEw)lEQS*hvX%Px5%>%~hiBnz_>6IU{v4Sm{aSiWPK1&8_i@Cyzu>yy_~A)}`CnlO zJcTVi1LLvgLGU*y!ruk(9Jcuqw)#9Qg%{u`co7=#w;5iA!zae4^KQCSveX8=G+}d;y$|E7dYfE zAsxQaT?t_6@*KiX#LYjrRC^wd=;JVL9tvDza(dQ%@YZJVWU+R5hyHv(^dWT9=~y4& zC#2$^aXx#XKl~C!1L+0=p$-*{rti#~=8-5IEjl(Ks{A`^3;f4m$Cvo{4gUKc|NVqL z@7aYcpq(-NXK!aI9NM6t``lMQVI7wM)HPkXCrhT%U~lB^D#AgJKIOV zQcO+2e>wE7G;0gXw=^1OBj$dYeRp`4^KqVl>u=%u_QeTgFb4)R5A4OfFovbVWR?a8 zvwkp#^@l2!0f(^xu!;?aZS`SJn;3&F_& zYqHA7K&;6Ntps<#18Ml~13k{{?F@C&?QDM}`<(6UKn9!OX-uFlxRVu?=eD!i1s49D zr;8NWnYLT#dP?b13ksY}r=69xvqKAHrrge!P=kkIX-}rdEghhgE`4M{N@hwsTmA$b zPQNt;-c0WG3nLKd3>3)ud! zm`#O^Y#N-x4nUwD2!fp^$kc%RMF zz+Z`?`f*5gw#o|;O)r62@*??1WFo(ZL*>ON3cauqj+TFtmp}?q+L`iFWc(5t$%XPV zxe1pf3%1J5@^VD{v9Lp4A+OZb^?|#XHoPsb(u)})aovWz8l+y{>EJ;sk;oEQ!7s44 zWJQv#*6Ccyko33ebfaWPO1@TFkNp7755V#NpMdZ$JA@PL4eT}r8+_K_E^_q@cB+vS z?9{R-94XIr7xc#55RMdBC>7XgX2m1;aY`6J&NTRORy#Y_6w*kd3k{)^E_6|WCo9v_ z&Mt22_%O#Ue%W?*Iftcf;3<%89XDrD_O%5PhjSwXdT68SHw!A#w?L8*$dn`n+B%MF z>sWRVPV#iP7zyQSPzD281?p0L8CI(?;Rpoa@!-g7T%{3c8-g(lf1Z$|L%4;RZ@aMg+NJsV#2C(Wv((ssYRRo><@ z^!>s63yjvQeJU>O9vG!H7d8yV^QZvRi(F)E~_{Gj<8P)aAnU*d-y@ zIO19e$J;oRA*Z^_P+4|6+k!-vjWm`+Oe>;Aa;Zdd~chHogsiQ>* zd&%479lGc1*$vnN^&E72&fUT8ttJE`Ov~QJwo?E1yZvM5IoLUAG1PxfoYZ0U(4RFx zHfxL;KyG*dxf-Sn#l|oVaUK#$xb7Bw7ZydN)*2w(2N@cxi3@6c9GLB*v%8gKK7T8jKbu0 z_9TZ0_Zx#432X!6`$ibVj)jTrI5-4<=dcr?jGc%g=HxI$Cqh4YC#n@T4K9q4OXS_C z_(%AVE`eJ&t@_@n@oBBPp8f z@9pe`O^|_UoWm>G53tt(+SyxKVk>)R2YX+mOg6pR#y%{wX5u9Oy$khl{4s(FnUK4N zV<@E;@jt|l5Re({({}dxCa}fKwvIQ3ZvvH*CED3n?d&@o%1>q}Iqhr@jV3Fnos(LU z)y}P~EnHfzF3OmG+s?hz*DlzLuxAJFQ%zaOuD0=h+j#~jHGmJof0@+zE;t0)ARo?P zGfbs6BAk?%qC4VYlyaFV^2Q848i&pIZtHj#+u1j=i~-b0f&C7(hSO17I0Fgc_qdd2 zK_NREX0dZ%KKlc#VdtViI}f#m3*ba{5wf$3;T(1eT!}p3Ms^w8!ZyPWb_G1ju0$4g z6}-)^MPYV5e1w$xJ@VDz>?XD^YhzjL7M90u)o4+P%eDp={9cJ@ftrU`Zbga* zhpBe5Xwi=QTy8@HfWs{KRBlJzR=}euf*wH9wBRF{iyG<<#FP*snVbh*L>dd8>|bDl zWbZSinSGFbsohYC+-(nxmwbe#qcMn7VZGA22}NulM6N5f(BfIHA+ie!GI&mQJI~t; zX-H#!Jc&#b%>M#pmzfWg4Nk@rrg{i8;$M_z^q!QCRBe zcJAB3S5@b1<8=jA78zU`6^R|a($4F15IvjPd2>5&O@f{Ha>G)Ce4S!jb_}*5iVhB= zXj(M#Jx|Do|Bl}beW>A++WGG`fwbDd5>uUl&L&jiG5bvO>g;&YzB44+`MIPAX7Kad z`Gq_AMFlBYsLk< zs7Jb87g0)geH-bM8T^iRe%DUEwm_kJ$nP#l%S>zM_ie_Br(s*$Gt*FosGo03?<>AdTILn#WxzLy)hsdte^B7Z$Pm;22~*P3(Ro;q7o1dl2=|hv9nm z2;9teqUP}^Jk1`1m)Ya+Ci@HOp-;fS*^}@Udx}}?8RlhwXZ_f7Y$|)66|)yu1$&8A zvX@aEf0Z?{*HCGGoo!@qu`Ag>*sbhs_BeY7YrW6@#Xex4!*kdt zd?>Z*zUDsm4PV2)<<0CnzMg&0Ph~&wv)GUPV)iq?f^}$? zaTzkHsc6z_M#1+%-Si>Uh8532+5E741k(5rm?(G3M^UA?6|U6^LkhB_JLR9{W8mRy zV3K@X{srr}K7 zQ^am?{(1aFGPFaC$9?y-%XpT z#&Pe4G_8Hjmi%1FFB-iYH9c1FGZY&IJADsKmi#FRgMTEy6hEDx;mZDV$X3VS?CcQT zgiWu^oDk6vqj(c#mUTO7#Nzg_7BYw=GiNZIa~R77jN>*;;7(Y64~G;DL(*`v!@5zn zd`3R&8ifjk(Mk5wW&r;H9(D&-iUT84doaq?cQ!+R#OSxR@5oSnWDpJ&>EzGI@U(#WUa#J_zRW!LWd5Mh&$zYN%)+r>Bj?vGLEtBIQJc z3bpr-SQZ*m68RG$C9$Y1i&%O)|00?PhD;=WMQ)e@l8MAOxAU*#t>_gYD~WF{aJKLt zh}Ajm{O2bibqDXL-X_>1^n4#G3Hoime)}jpax;t#70@pRg)1Z441NGzkFnU8@p_}*|H9}8`K91d+fJjN%$ z(>x2l%*zM(l>Znz!#8GO@=HlV=6Hk(2VRqke)RKapiOC^2hzk4k0eM)M`V4RZ$${1Jwr zweA}1od1`9?kKu)_Dd{q?x z6nlmFC%zgU;-8UqA3+*CUxvcA8v60WU^Mr^c)kJ-;x#aj`!%eyOy^-SQX>D3B98!m_^Nx5Wyn5y8!R8H7o=_(|T1UQubs6ca{8YEC*Ij_tk=aHHC0TD` z#NAo#Vq|G7!w(DPy(9k6>|EmXVobZ(8}(m$xEoE%2++rdfu0?Lc$}1KMr2$IeR&WD zAW}}{tuULfgA%?0O8LgH6rYM1veoql*0~cJ0E@L2Wu$mNu=?)7QhcpzDWN1E5|&|P zYb)$+th;?xnsuKT*DfZMbyj+iP3%7M;xke6u> zl#`8HPE6YbL$Y!yRZx(UX=SF6KbJgjr%8sULT=aqh_JO=!ffr_0*9g2Y;70#xLp*+ zc!n2+Jj0@hJj2_?Y^t&r)p@5~%tcEl)2q#$JT%|3OrDsBd179>Sg;AwsY(S^xu`(4 zfz#G;GjYvPu2m)~-DYNy*`w|AHc&Vd2brT-)Yegz9WM)pM2|a{sxLzgEY6&Y6u&d< z=Pc6PTO1K@37r*oa-LVIwTpBbLkLkmbTIDoD*nYeg*IE>>`S(~o@Hp$T~C zjlZqqDV)3>PNap*=oT_{!PRXYAGCD@+d9g#wuocQ-de8NRjUlS`K%~Wa00S~6OkpH z1bgvQP>=c@>X)ZM5kDPS=NYhwp9x3f^GbdWoXP(HXY+I6PJSLdz%PL3_=WHuzX(3# ze?&3yC-|CQ3P146SPI|72J*|<2!16S&97ny^Q&1gzlP1@H?T&2BfEg##5VCZwu9fy z{>pD*ukhR0oBR&;HoueY;dgP1-_0ezhkN-J6d(8Uz4?8bQf`O-un3fV6{#WxieQAc zBRt48r|LW}+zCaP_Zq%E8!ncw<68-5!lh_EJcfeeU}O<*=+q7vCEt|SqE^2Lb$^rE z1dZ}7WGX4_0$4BqA>RfMYlJJ%wz!g9cYLf%mmWS$zC+vD2(tn5UHKl;;wWy(_fg{( zFoFFnKY+dn;j>(ZYR2>-wyS%P|HRShHsrss4P9RT8_N@wp9F(CU|Tn-ctfv>P9QA$$kg zI}f0W@*qs)55WQaVJPQ2;VAxRjSExE(8A1rxrRT}DOzo=Qy(J+2;_`axbFXPVO$JW z2MjUZON6cgqX^;{D1)9lP_QMuw!*IwiW6{w#mV9n#weyQN!F}1N z0Y3qrZ0mk;Hl=q#5P#0w1SHBgYgeVXkXQ&-5Er$JOER4dv6&vOXcyOHI-*@%o2}JY zs&HLgg&W-pH`Bwd;R;#V_;?3(SK0=%5Yk3W-Hj>R_4$jr+U<_giuTd?%ce>j49wOB zXrFA>F1EPsWQeW!yA78TlRGf^5G6^c7mvm>#-Y(VH4SYSj;F2TeKUv2G>2Z)!oHp; zu<`Fx1x7@nu(}Qo%n*OmVyay{w+Wd)jB$llrb9m|IBYEG$xLY%&u<1>+^)sdU$V@Q zUq*a<-Q8fc+`R{Fq39i3J@t8!hi3C8Zoa@v&ps#RPeW83I7Ki z!QX}&{th(oci~w69-NHk`x*R0)YSh4_ws+kgZyLE)IWnK`4{jv{$F?A2f5bPvjvGatD?D-dV ziSV$iL<)OAq_SN?u@^-eds*~lZ;5{FLy^ut6&c(k2Jt>(uqMarP(jItvGNo7DH7&n zREr^Ky@I>qlZ&S}gW+Rh&`DePmEdHZv_wRdJ3b`skz zrS{#zC+Xx9#ICY3y{NIfntyWMPJGuZXF#4 z2DV2%cDhxQ8sZfLMbXDAeOiD5k z9EJv!ZZdjOee|;mKTo7_WSen}B_SDGyniSwQlpDr_4H{m(rNTjD-z-QY(7*X?M(oW z$bx<%8-|D+*h}O>mdJytA|GamiBK*k!C_(w94YpPRbnbMi)nD2H~`KR2f~G7I$S4a zz`f!iXcseKhd3A>7l**#MIpQ-ir`gI3~!0K@Sd0lpNRSJrC0#Jh*IVeWh`Bkvtei| zjS~ymL~$saA}ZN|qKeHDOIW$6W>w-awpbj&mW!j9Uo2+%~fTqgc)E7Ii2Ij$wZmYuMjKJ$p?wun$Bd`$jaeJ)#*U!CIas0=&Oy<-^4~zOUH8 zbHqlTCywI>isSh#aRM(9C-H^iWPZ3fl^-pB$JdC{`SIcmezrK1pD%vTuM~ga*NJoa z4dQ%$m$-m$7Z>tJ#UJ_8;$r@?xK#6{r_d;#ik$ps@r@3|$&kBI?N5VWpjh5Q+YHbS zm%&1qi7H<+d@J|h+f;TO%yma|sOSfP?XMNZDi*&S$S>j7jk=z|cKt>+r3TuiXvBEJN%5UgsxB-wpd?CZEshixh?{-bd8IE_V&ES_J^_pm8rH{2Q#p)h8(TqT18=343e}pTgQu~ z8CwI{Gpf4Q9IT_&PvpFAS0_-)6{USL`)HSMKl~*Q++5JN4e7cMv1odr)Npb}c*q$+ z4vHDH+t-}gS3l%urlwc7qxFwdF3Ide{)S7kwpjBcu`ZbosfelC4C*+kt)u^GHf#Ik z`G`G!Dhgc?q;p=5EaM7D6W72XaV<;}*TEcdJ(P%>ph~nswYV94;uaL$x1#9212%}e z;0kd!+$`>a`@|M_MBEE+i2L9p(T-SiKkF;DBP-Z}tl%LwT|CU@h(}nZ*vYEJqe%9T zu~zXoDu6e!6UDBuojncudW3eMz5#u7yjvQ}1mUqn0Q$0VQ0k^6tkKFrAGjHw)iqL) zG#>TXsE{eR0$%qxXpeiLnvF!O_C9RS#|C>mn3Ax8fhIx^l(Na1xG2E+q;QbINg*P{ z)a#lEZFa0D1=Tu%isE{YH*9AU;ptvIsi9syD%7hChI+-6bldno)P^U`CB4%jjpD6P zuhW5aKf%7cfg{TprUPoLDWRQjzkpAQB68(InK7StqjAl*lCndae+xQrpb-K#4KmY+ zX#s$WIPpa&7S=}HwLfae#(Q}R?XBVOX!6~ZBJq@M!r|Y&!&+Fq!>Xj1g34{yqHWfa zyTdr7qn5;zh(mt`C7yyl;+ZIC>F98T&oCWK9EtGJIS3!)ZNvfWMjaQb!SeL+^mT`` z*o~y>8;)?mAyvnRZHea)d7nq*eK9I*t8Z9u?CTop9*~}X+8b~2WBGBe$~+L4iXsym z$w6DTgP&8KowLn4vRnsShzX?cMm(CCR=g8)Oq>%_Wo45W(>mHXF8`6-BbFP9*3BY2 zUc8Fndky-EH&9}~4`aoLFjM>!=8Av8LQF3aA49$PPdJu)CZxNLC>(cqo{f5=ngCnp z>2K2}V_(-vAz%nB(T*d_jocO;Fwr=DSP`KJKZjgD#_2Qi2SN&Kg;nFS?Qz&;8iMM= z9PMo>Xt!z!EV&dy24|7qCDY2VR%cO`bqqdY)YU_BHYMiqP zYU%e6*mglmsJnABQ>Y`a>F5Gd2LGr#!o($}c&H<6Fx*jUxFeJ%sPu(8YJM8qoQ=qE5z_F@7K8gN0S{R=yl*-1sU_hH%M0II ziZLsV^|$)4;Z{F3&PrzstPHl;8o-uWgV^ELV0N@MgsriLvY<7b9cztb=UJmPww{L+ z`aXC)>Bz8CkzvpEWS|X~!WOuB*fK2DEIEbsci(zp75vvTz%x(>^IaHb&KJ7)O)0`^ zu2Z)ghZ{RxJ6bKsV>O;ZI9nU0up>Q#aqbROup-Y8(vURvF9lSbo*{py!TxiIAtGB8 z-%9Z{la?d-H=1Yu2xCakBl4h(4%%QzUJ2PzUkR2tEu`uo=Q81_89ETwdWc^{KFRIY z<iXk5Q|82 zZ@nq~A9AIi$6{p+1=9rx#IpV(u$+C>(bO?B6^*}K!(IC>hdN2YOIu4|mR(@3_h|39Bb z+b@SkJSPuBKH|f87-da>eXT6Wv$A2Dl>-M`c`(PyhZ1Wd9Aiy_pfwpbSo@*+IR#F& zro!pgG&tKj04}x;giZK+g>?|@v}VHd*1_<$bqIWD6~ZUhEcnVQhHtHTu-htOwl$xn zS*2`%RmKKe@w?ccB6F! zyUjY1ZLyZK?Us){Xw|Yutd*g_EI0;+cruZpd0-AK@eD=kwxI;70Z?J;vcXVl>arU{b=jGry3B@crY?+PS7?f%Q0|>! zzOmEr4Ndz^(9c9wb>PrK#LNn`R?N=ItaCtuQ!Fvyhs8Rq^7yaRH&sxdCEM(7X( z|1*EgRW&vs!IQ|onw+&-;m>Nf?r68}rc*FwIt%rD>pm0z>&+ol-uoVUhr*P#Tleo^ zM^*yab{$|vy z=L9{Pq!xY#WbiW~3y*pHENI8ih7SB3i1KrxginVuJ_CC4nJ|c70HgRUIF4TgC-RHo z6n+U@!Y_p@`E0n2Uj}#c%V8nE!jJdGVet9f{c+BYXEdi4ngh3~6-Wg(>MEC;x#v&@ zXX{qF5NT-;oS<79S~?N>>o#h>$Jv{Kwa?8=VUza5Ns5i3+2J_;x^22h0lqmUQh;Bb zE>b|WJG6(dOZTvDmp06RZ%!2hH-X?crw=pGMJCK3k3X3X5a^u>$ZhEWf#(nH;XBe| z(LOB}&^r~21&GC84~hln5A#R7zHR_%k`!7YL*$9|P$_VQl!Rz^gTI@2gNaP!XsPmh zA%MqRz7SgSMZQ{${rGQd<&#t^U91l?u(Z-0@XR)6#8^1wLZ-=+LVed-WIfIto*aH)&5ws4pokzRamYys zg#dL#K7~avozl|IDm0CBU^6a&q_GOsq?iVSik8yWi!`8ivJBjy^X>CT|k zyz0u#I_T-0g)%onG(_Rl{J$H~$a0MEr0hHEc|5omkXI3;`xk^VeD0WOxFdPG10HY8 zBHl=0-p|y)G&=5~9KmcB%3cDMq3jr&LASQAg_02YUf5J*gznjiF?P9W*$8=Ie5bjH z=imAi$ll0*2>O|~ZGwsfFaAD}aftKrBc%mQFj~}SUn|;SWVY~RJmd*cT z1^8!Hh<{%c*tu>i{XPv>nw`TAktU3HAYcAhm-Ohip z7V@3e628k?%6D7O@IBUxe82SyueaV5U~Lx6dRJKSEk@P{ni+K@i%kdHh@VWh4aHAK z6hGN8*1FvAj|`Y%&Cs2U%lA??-n;Kv*4&7xEEsKFWds{V8*K4izFXov3eR42BM7W5 z#+7SBp0z=)Kx2qQb8D^cYM(6o`rZ_CmkxN_i8G-^U?5s8CVp#& zg6jRWxp)UN&ZI%4xG-|r4#9tgtw!Nr9?Z?kaU(sVsJ67+3q4SJ?t|$@y_vKd3irUE z{LJ?C&?I34-OAj~sb|86f6Kq~D<#-w_iidVY<@QB3&%%;e789pW%QrDwJ>CjfC-V6 z!WvN$jR}%Q8PU~3Td)!GOA^1|1jKoAvi3wJ!rF|CqVWO21>WXot2mv`lLUW;@ zwb0N}I1m*X&`ShhsK|nGA{$N?d4BL=N9e61I%=fCR9|{bH8aS}8F?M8M6TUXC15vc z8hk&m_pp5rr%vIq%I=GRHAzhvD~%_Ni2{-x>jk#842gBZWX;4xv#8;an)fyQ@wLK4 z9J~oo5&2+=rqEtAgNSGjr6L4Mpvg*$%Gq z5v%eMt8x*;{|4)BL~;hjEU@<>ts@y6ZuU?`D^cjj?z_G?9D6p}n;14J;fgcbgD6fi zWV8L(X8W(rHtIX|e51I@>v=qFq~kG%=t8vEm_8dobV~2t^SjP*yN+iFWc6n_N$+uQ zZ(LSmH_fO=$|kNR$CNKLq!AjZHlY5y)9&`$21x3%*qLP+POZN^ECSEuB zN!|Ez1xd2caxow#h7g@*k_y4%J);IeLJp08-+|Q-=vp??fEpjG^6Y|a+Q!MG{n8wi z&m@mBad6oT5}KKz9PA<-a`D809BxiV;jK9oJ&Ta##2b&P$Ti1t6-~_X`0{*noLpHD zD%b>>UOf-`6%!}dK(%=(Vz>(MS3jc)2~veJ-F+3(hMM{iHFd#hO0rbp!5u}lT$~yc z(}L^-dg}g|IJ*Y=yQkzEKO8X^=aD)mW?)}U*Nd68(3Y^9x`~p{O&x;Vd~s1l6YA;` zLm^FbW8w-tG>M683i3%cQU&>>q#&hS7g8=;Gh@WtHyqp=sG?tS{V^K>&2|Arbt*ea zfzAozu(4`v6W3GtKK($J8SlJq-<*URP>M?%L|0Iv8)S*@5E7-xYkDBtEJt2b0YgM3 z3>UrOIB^6_5`Ezm(I3tc1K9PGSyTyC8ruCUG*S6UZ|tE?-;TxD-JZ8aN*11NZ$Rvgq=Y@FYDHOJf z8$EdD89laQA7d}vwDmSV8D)dvo)SXVw?tO)xMj6F`zd`>S4Z}6T8LCcDivQ!!dc6N2H*)_*wij9`QA7cy zqJxPnoj{5Utmswhw4wyLV*J-u*+17q3FIHJN9@9V-hG%hwK-=BP;l*m(R*NMs2+l} z^K@v>lUMjyS2PYqI*;euSw`C_HbFzUHtnCPBQbk>-zX~Nh0(Q(Ay9Y^+K`2%%UHr^ zZ_HV74+O-$kSp#(b!8zGiA70y5yifgD>k!DwGTr2NPCCLi^$glDLTN+fJ1o^MaC6v zi7`H4{XAPeU?PpWZ%5~!A)#5g!88I)iT+BzdCKk{}bp5831UvCCaPbJV z5Rc+GJchc?Qm7P7(uRZ)?vOG`+Z zTU#znT5^F{jCLe1kfns)deO56@}ekX(HMHcjZ2``MQ-b&hOLX;*2N85A9PzEOtj9G zI6QxiCN^0sDSS;lgZy~~1jR~dCRRZ=u^M`cXHoxq4n~OQVWM~edGk6rU%UvHikIL9 zyyrHt$sf0FFkV;TXpyEm&mXOM-b`n~HTr1eEf%hZ%hVnmH``zB<{GYccO*N3q^%H> z!D`lo*#!BSwhk$9QSL4%*bN0Z#$F7_P*lT~qv_}tX_$so6u>cWnQ$N^H05@FX@y}X z{Fr~`s>U)TmetjNxP}dz5M3!AqEHbwi0(i|?P1q{A2hoWVktS2#FHVu%v^lBQWn-g z05vNT<1z0ZQ)Nl4c6SCgfnFt^t5j>mdZgKxD$(3a8zd5G5G11g(2!>FfDy7%UaqTu zJEYLi@ieaNkPeECWcY}eLkbD%74Je0U3irm=!y*Kn0Va>-JkXgp%AD2b!aEvfD-X{ zoborJOuP+!#AaL;@4zteE{qae(5iV4Mf3Y`lK2p&iEVJU_z1=GzhJib1g;aG!p-78 zFi(6AHDWtFFTQ{+;!70M|3xwVHT)pHfqL;R3yAMo6Y&FUE`Bs5GaaX?9jezM;~#q- z8P6~iSAkRKyVhI!TXHS+aAQu;Sx;lZ_JNO$ZOmaHyl*n61r<2+1kQDEm##LoifZ6$ zJwlH}v+_od5t(=CQTQ%%mzw3dcS|5+FR|&$Vr0PkA!;1G(~wUG_d-jg!+p?HiS;Iu zqIZ+OZBm5zI6|5|DGxBprTr<;B5S~wBA z7Vja+5E<0KC@(ibd_bWACFHxq=|k~4&}gd}ZhDekRiK~6=_H?CWrn%p&=sfQ6|_ZY z13Iq~)nbCX@)2qIoEf@xx9US#IeA`Ig6fp%!DYqWAr`Q!T~>g)VnRq%CPU(*2{8pM$CrZvRGo^T(kCVBL zyp7Anuc*n_!a}^+GSR8-$p@90t~)KSGAkU)qT5R-E}wVyU@h=r%_0ah5keE}kd43X zHKdF$qAS_vER0>cIA11EXu5~%L4@gLvlqf$pw6p!>0=ZG5ebu#zM{} zXp(|65nq6?%Jj}YKy1ttU)4Yt@?_I_y@@~LxrlOh!lXbjHlaa60cm*dkfoDHH~NH- z?Gi%3C4_7P7t%|>&`Wkfz(lDw8ZCMQ#VjxK;h;YKFjv!PMk@QjBb80%Gt5Z&z0D0E zS!_$>MfhalxMUIHC>=5PEt5rTrP#-wmxr-;WkU77vUkW!>|Js;2YFfCY=YC-C_UQb)XiXn z^%#>$w;kR#fvN$hWY_3pP_@-obGXCY7qHsFje4x9@DYY9y$T=WVT@7mvh6H11WZhz z^)39{JdtVbge~TYEV~@;Hcw<*kF$=Z=K%Yj?bXLpD2m0|m-;w(h9n!>1)gNXGcUUf z&pvQ{vv}racS(DX9;cS0WGl2k)8kFDNq74#FW98QeoaqMzkp)fti$y2WJ<*)oBJ*` z6W`_b@v9e*^&GUSM;*^;kOHQjBKNBO6J>n>G~Wj|noyJ(d!ZldUHwAEj&>_Ub zCFaMk$h^J6SLXLOD9(7fsDt+Y?-2fu-;XOke!tP8Yfz=6%{r7+1)>HVyexwIF$5k-oi z*yZQz>fa^hs>LSMfJF(3W@72>Oq)rXBVpaX*5rkl2%;7-88iutv==7gsf%^c+$1iV z#-uDp+k|FDl7o&Cnc$<6w_?e$<|H}Rx{Oi_4ho1OsANc?rDgOpT z<%2LvEo#XPrw?v3?7iBhPpb%%{cp@x!IJe4CAk0 zVSfI82r_1zK1bmNwhOXMFb%)kr|XaLO$6QSL#OLz4d^CS&~>Fk9rHl&)RK(bpo`C zIB1BqBCJ&s*3BrjV0*bP!6PmWWi;}-`V9%vUjT<8>A#7j{}z(|+erGGk@Vj|(tj68 ze+x{M?;+!SAI_IsVV3+5E|wp`W%6UVT7CjI$xl(A`VTCSpTSD`Ijoc0VT1ev-jH9y zoASS~S^f_`kl&z=^)2j_-!U$KWSR0O7Lq$yJNYx~B6p&GwTn%ayV;p?51TIcqK>tn zT`Jv5VMypnWIqvY%gH9>Y#rLR?gChe)aNdMGa<_?0L{k0Vdg$6LO9!B0JHrCFxy`M zvyC1>3*cgJ0o(*XxC_9ms+!k;*xd-RE-u-(cFDfPBYXE+CDD3@>>xXOwN1bAw%#U( zSEI5B!&$Xkk(2Y&1qh|ji zFS1HTs-yNQ*(C;x{gZ^-p_Kf}%EHx36~Z~>DuF{Jp^Z`yRvNl12l}cE7@`6&TxG(s zDko`gZnB=DPsXEyak`EA4k%asSUt5tC2`Y&ijbAqb!@K04AeOC!k!pA1+}CHWr;Tg zkD0_zfL?5P*u_1JC=IVe)7Hg3?Bb3s&B6xv+;9@^!y^gojIU9l+M@Ciy8_SkXS|<5Kd#P^_2l~Q5g~1__z+hVZ1cnSMdX`5B#B-lc1#Z8?BQ65g53cu= z%`mpwr&R6)Ph^?PlhDu`Q9`p)vR+oyz!~9ZWUozBg-jk%vQAbQ7n$rwjEb%xi*onH zSGc~f%7%?}??49L&k4k9Hd3*s>W~@{iSbQAIfzUwIXDs&=b`z!D9BE5DI*XG${|r= z6ZmHV-5Zlfo9xBssK#XyPgv?*bhA|}xqG>*w+9G8_jmXB?LAGRdc^D@?r{s39!3s2 zdjWE%6d*FONe-c=luk`2wZFHMgsS%tbjFEqi<90CXQ~LAs`e04#kdGN!eOctL{(?# zrXoIZ98f7ql3 zq75?$wy44IjT!>Ks4B+Q(acdpS&kaUnycZgNL90l8qIpEG3;n{3>%@wva#w|Hc1`F zPFLgDbT!fET6xF~o#xd9ozcBa6L_3k79Nt9HGyE9FUAdM`H&G zc69s1keiQhOx$5u2bz%Nl4JCVv<%l+pNa>`K0Ug&aXw6ZeG|fc6(nJ zZ?Dgx;KX?C|JL}{9cf`^Kc>QbR$7>M_%OeY9g^Zd5}_K0Yq}+UoB&Uk`6_~62dX$; z2Wrg-WDUo=tRXWT;w$915MPE$%NjXxLQqa#DNjn2eKIj3>RiO{Jml2pLkUhwnYsXa zs#(aTFN6W=Vw{Xi{C%Y|lt%kZ_#^F`k>De)J<=bGkx65b4I;qZr1}n~*0+^uWqFA8 z^oAwd{cwStvRa;OLF({amNY!s{_yNXl`b`$G=f;Bgp;bPP>5cAfN;`tsZ;Ps-fo#xcsnLfrEMKif+PBAx)E(bFS9y#N=W-9uqli!`$^j2CYx=U^0{gUsgY62ozo6Kj z2RUj!^0PZpRNn=Ms|6_3?uJTL~{WwIOK6Y{ZPjF zJ{;$TIL`M|g?Ak1#W>D?YdFq0(}z6Hb}wsz2j^n197d1EORXqrsYPOPn!DDh28K9! zX=8aG>dckdoiu>qRW3LoSOH(%47kz7b9Z|0h>`1t5h)eVp5p9f4HF3UZ%)_Q35 zXpB}-Bec$Q(eifu*s>Iy)*w#LAx_UDPHS-*D1~Hw5>8qdne_P9p2p8prXh|~k48B4 zNQYB#0;lP~t;^%2#qvC^J_m8?7x7fBW!2G5FwJz5!M0@5tQ$ z0mrB};Y9TooT4_v>FS>_OT7yhsrP&mu7Xznh|TdwY>wxo%7$|dwYbtgNM*so3YNJH zqAQLP)u*bqM|dmmMeK&Ayrkxte`i}vBu0>1-+{~3Y*6@lOR=K?Rj z{A0jh{hPq=Mc}FGDs3OvL#bwPxVHXe;NKRTJ>XY(!1p;6&NsIK=R2Uh)Dl{21s%19 zsCJ;M4j>wt4Orl46Wx`}0{i$V^zm~_`?xNQG%|^cU;Y>h*B&AYxrjm@qR<3U2qFpv zh(gmp8HJzzfEsYaZ>a&g1r+L*P^?=)XI+Spw?W9;{th)@=>gOLF2OH@=-~6Thcdh* z#>*<*AS>DkhCU%~!mNVwCW>P@yB6(V{BcXneybK*(CKaQos`UQgtGbMym2PfYJI{A zHs*rvfC_X+$kUymxsE_59fe-H1Z}%+a1^!=)205by<>20ZMQWT+qP}nwr$&XcI;%w zwr$(CZ9Cc7angCtIbD7FtMk6qUEjBU+;vx7RqMy9ImaB=m~vZ9WNBpWvR~X`?=V6nt~o>j1JWHBT7dAL6&6_`Yy=K}q)zP(3R@sp!h= z$MT#FPJZYS5fV&*E$|jr_7ypl`m=V7>(tYF{S>4wYGmCOd@<|b1P9#`9p770PyA9B z8oO8KNI?H*CH5Y$7ab|HPmtK5J{5Yj+%G0Np&I*XVg-uDP1%3+2x=Jzvb3O3IX6_O4jW|jB9U1s+ymmps_8q_;RX9Dhzr2tMN2s|-e=^Y zTO93|;)PqexUUnHzw7l;gA!b2mKMHL-crjwXn8|vU0(94zn_^dS%D7Y@etLQDZu^N zKkEzmfDGxpuc6EsI>673{VhRsG4>}Q>HKLQUBXJLL$0NKG~w9Gk^8zt9=T0xzgWV# z@d+mmhR9BePexqtVJuwCFo?IiPS76f_>jexiY!-RDpY$Od^4xu4s4@uE6K-Qf$wlT zN;lIxlf`=P&`JH71i_2xVGTK6IXk$)3aX}goIxiSNcpMUA%|~Te;d_;GQ&|oZ&Omg zgr41)cN_om+)O8(voM}m&MT!yNI&9`1r>ZK>0ElDpfr=wg;R%+RQA*>ws4;tP{9`p>g%EUr4R@?8$ATiV@yGnum#HL$tzUsl-R}-;g~xcDD`g-gjSDl#a?} zW)w_}wNlPK+Kx*gBWVpukfr)cI4<@0;N78QK{rXYUanF?NTtW0E{jGF_)k(tpOp$+ zwSv<(oEDY(zW}{(tz0e*ll%~i@4-0a?ElD~7~)y~X6O@60rQNEyF&3#mx;Lb7(nr@ z&h_{m^U>hRw0uwF53zF}nn%S45*B`L-5XIpIj=7)qc1M=9jo(!&k5sg=nVOX*W~n8Sj0ZW z?hQDJVKYz1|Hv5Sp3y2bcpd=15Rgv{*e4o{#PEpO3O=8XPiT`TSj>Cr0`VL?jK|d; z=U~YcHPS*}N zR>OSvc>JK0$8DjTk=t_dclO726c!^k1AZwN$sBF69q z_2~0!aTZJLB7+=LaIs>3AB6rb%dP5k?EQDfgMmrd`=YhuJL<_T0g(5c{@qb$DRKa$&oKhl_oe*Q+uJqn~yj z-|4^9d!9K4GVeX0y0Q^>7zVHfJqjW0(Suv9g*_A(KZ)<~-of`i@7VWgMLi}FcJLs6 zO8D$S2R0vPf2B5?4_jWKs217KaF5fad;H|*?C01^)-^&SQA%SM;e!{y0q|Y5r1Xiv zLcv6nN81wsAxnUm>KF;|cH1zy+eN8r6BWk+K#}{M=>&uk@+yF@Ty~}K{Uw<=>qT|L zX>YXc23zV?s8~@|I)$mq2H_ws^!pNgec{*XIUI{>axwl!GS~j@o&wLIIPI29lN+2J zi!*viXIX^<`|4T3=Z2EpySeNnQVAaX zgnNPRz&~<8gn`fgT%*rh0S!dI6PFV4t{SqfPzU`mxAzkFG4*&%vLU z%sg*Z@T)-zuU7Lq)Y!3M+fpBn-d{S0Pe+h{C~<@&Ry18QyTV1r2o*JifzW1}LVq&Y zDkRI5pOa|UE;!f3d8L@VF~-cYyQJkt(tKG*pg5=l z96De><69;aTy+HW8-MAQm42%3+M*0;^103|u;v6=q(uB}{J0~0)-^xql(B!KxthK% zT)7rreThwEs*vyw&IB-=h@)m)90IQCTUUI;yXxgWre6DkIE(F&m+3tur&@xwh{z=3rJdThPK?%n?;L zymuA&1%R|wd%vnl%3+qi*0Zfkz->wI;Uksfs>(C#)x0%KK=wSEq*@**rJy-Z*Zdn- z<>azo_jgB^4F7T3*PhthL;O07#<_20wc#rBf$r$l>G?9b$oO+pi_Ye;T!3;O`ry1o zk6bxrcIKbI0NuR5J-qh_?A`CK8G#3FA))x;pd5ZSd$`dFK;?pp&VxFJJ$S~%%a}MI;CpcX~#n2T z87mVPDH6}~llsHAs9Q^uwGBtX+@H!>FEj44xJh#hS>eD>@!gLUO+?UD+ z$!MkbFhKOmC(eE~Bv&y&wyw_6M^2H558Rd~xmyVIZ0DtCFf7`S7ewXDYeNjfh|jCW zNo}wltxB15P}2l5N$gB{zfv^^beX0DB(kh9FwH8$cUkZY;(2jJaCzmk;6tWjz;dSBA+`~L&JFL^`phT8s3u4&hqOV@BLj_F%G*wvkvw$00o+kVVn?O}dc%_4jzXSH-BjTL-?k(cgtFqIC*-$JJ(BF`$V+rTX#9?odplUo|c zL7)bh21N8l6|yFr@{e;8zxd-tt&|BSM(DNT*i;FeJw`(C*ElOoFg*DgSX%1=iGu97G>GCLIf_~V z0#BNmu;tE|dA0Ui*6s0zwLYU_sF|}hI8}SQ8ydEtUdQyWvWd}m0M4ni#f6PH*mc(a{ArBZrLcVlhtK;Mz*LIY;P|u4mf^E)mX}6VJjRfmq1Kd6hThrK$<5N(l-|tH*u~z-lU`j}L`KNa z+0;b&KM#cM?aVCAU7ZYFeza*iV;e(f=VYZ#yF~#6-peA_!!=n*+x8G?ZLKVkJ$ML$ zg*hpSP$JBb)8HWdKabmtZ@MjU%WC7PWKJJ3Z#c_$sS~J zUrr2CopBB$jUIa9ay%xKE3ejI)Fc-SvIz#vji|ofKX{$*JgD8hht@qN7H!TF{sMA` zIS|>tm`^4w9!O7zDY2@d-N=3;qsV-WYD7|y)UFF@@VK{SpFSG~2C(QZDzZ95TtVFw zkiwn>OM-AXMms29&mo)j1>*XvsH zq#_GOZPxT(Ctj)fYxyj~!^!a;Y+O&G4}tHPe#37Q9&2MCq8{(J%g089b{{2#D54O1s$Q)lHLtF$##GqkZZ`43Z5 zb+NQ@CSm+fi>p@Al}8pt;Z=r$Hl+kb?L}=e(&j@OYNZ-cfsutuL&MT5-OQ&+-?lYt z8UCVXMJj|JG51fpziGk(Je2lbYd62;b-vl+#^3e#d4<~J%#kAqK!ldWF2peQz^q6a z+}z?ti+%q)#JZ+$d#&>D6WTrBa*YU?iyNuwzjy= zic|?xt`@D%Zf6Wc8G25as!8fX(J6F&$L2{z-ZhyGr-qFl#lN@#10g&7(hA%)kJ z)jbm7K&-XFOn+A(8yc_E!xy2cQ}3`m!aBt$lZ{L)B|R5CtaDr-!|1Hu4d^}A(3sqpMV@`0fRTl0ReGM)6W5yj2^ z9cNcH(q0Cx9Y8HC+wLafg2P5z#ngq-u*kL|&}v7f)ctt}tFHCOvMFlW8T>+p+wSb$ zFb~%jVbhUIvKoVw>z=xO}CLv!R@U1xyXYR~WT@WU^iC16{0939y%6 z-Yhe)WV@vx3>Hg6=rG*EXMlJM7|^-D$>mb%e1e-lFqt8J2A|x~U1pI>xu5|Lq;<=&NUIkmUiUpM7IXfw)Gapn}-F&s@7 zcS|NQY6dFyqfo(U`_CgbC1#fca|uajib?H<-F zo=n_#hfO#hhs0#R$CzzjK8-7C;z^NqJh2HkJNm?yK;hW?FZWreQ5v=cGM6!B$$O+k z!oO)HT)h&Ykc%F}TZU$=&kZ$Jwk-ecTnV**?i^6AlrH5x$Cy=Ps0F5(GxWqf#fbD> z)@)ZBz=nZ#Bz?dTt;^a!YKkl7UC?{p3^Xj+_xR~$w~a7JZPm#ye73#0x$m2QoHr80 zv?y#FrtNxo^i-b7J&tH+F<4xshQNG8=WU~nY>ww`mPMRkyO`^dAt#)}a_NJs9V zU$Uhe9t3v{Z8Ve0!7OQ>&PQq@@JQX?icde(-iHjsHsO>`xg=7M8%4a3*5TEAhikJebRuW>yMVOj?YcuT^Wu7mi)YB^&zi?_0qz++Os~Z;E+eFrSegi6{2+XWpN|O8V8G zaB7_&K*bvm_-TFt?Wcr~Ejz*i8}#Mfv658@16Vux$-{&Z?)P{Iv1s>vp3B77%wdl# zbaNBne>%hA%a{4+m20b=u2#oJMcSOGm#Sgh#XDe94Pr^zmB&e!5=_2QLE4k0=)#67 zeQ$~qs1>uQiJA0uB?>wjS@84KzeFQ@q+P8)$yqHSTcHY2Db z>1)xUYLX!p4B-b1TK>t}D4Xp=w+dw`$r`?z!ad2^V_^ZHTF3{ZngDu~iw*jG6K-rLt! zt<{PqX_@|a?1EPNDVTOoKWmEQniMD}a^gu4M4^hHtN^4!V2ELpm=_u;UX2)c-3X(_ zG*ipmWc@-l=6oh8XN9@Nj67yatDASc5EqCPv%8ehcwLJuADX7DELxW+ssmsI3dKHJ zeH5lzmAzQ(P$gPiBCkrfHB2{2$q3kN*p@lnvKE`heXY2|C@Ej3Uj#LgL358wvf9-u z0**IfZ3peVUP~EKn!Pg-l6Rqm)MjuCalI@Payv4Sth#ztXf)gY)*a=|jK#vn8jeSa9JSa=3Bu&Y<9l{;FkN2a=L zD{FLMX;TTteu$U6Ha)F)j|x@2P{`n67y=Z9$#!7@MsJ-U+sO~M0ICsnN>MSUJ?LSa z)PV22)x~mw`1sY(v9Y?wDRIdpC-Sun5ySZ0%{P#*IYC<~>8yH9rCqOI`W*h$3|$wy zoL$ydJh~lm2q=Am9vOq*p+l*WOU*J{aA^Qp1jQ8!t+EYm>eSPd@w%P}k~o`@l<#`Uw=fTY6&cTUk7#I9>9Fmrq% zau}OATX!mIS%dmrTL-MFZVCw2$QN=YV7*0fSgeWRFR(EAnGiTejXKM37*FaRAV_4HB7n>cF z4z2-~3VnG`fLjxJmnD{I%eY!4ti_ptS4Ctcc9^;{T~_T9u9qc&t58e&b^|l;M(BF< zkAGl+?gdT%^xjRbFQwMT3fdP4QkumpquEVnMX*^R;nZ|Fi0p{EM$b}TbV!YSHpJI##Vq08Fzf!c zQ$vi>rBA@q7FAp&QFDzTqY@AqDdehWAg}k`7Ae0+ zh-Ko4#-UKpDDeni$q`t1G*NN0px&w&5;@|d>YS6;9k-VjST&S93aKW>BDQjO=Jh); z@#=LjowcEpG)v3z^x)wdvRkWxH$(*=F!*Shqy-x}|Cf+1U} zbT4d5;4E@3%y>K5pq`(I7|MMO08ZMD0d%QqI@uaYx59WiwrpdR1dAgF~nH~I=nj%df$Q}&5r;EXZc&XX{ ztjCB&M+2vnQ5W*j*`G))d#WvfBjHSGaG6kW2Ta`p;&it2DX=vS)7NMTy=8`lYkYi1 zH=;0ru+z{1q|hLV$thCNiW`!+-nSJ$~Y-JN8UILaL4u$_YfMPQ%5F7yQ8> z!`XL3#5-mNq0jYx>4F6b^6ABmb2KmTMvXgM{D4Kk@d1-pSTcV_BY8T#Bgq*^eHpnW zypawN_YmK=|Gc6Z(3G*Q;8VVQT6&xCJ>CIMQ`WtyjCdRTqS1Q*A>;0KZYbM=XT5qh zLxg;Xzx^8_jGluQhO1rVr9Ov+;3wCQn-<2c7}Z%9e!FVeTWE%=njTpG0@ZV&uyTr$ zQdzriNkyivKgwRV!QPGsJ^M(ZdPhr0HM^+Z=YFTVsxK;^C=9vXUV{#;6?>RbqPO(m zZnz}vjV9`AxSOukTdGE>KJf`Yhx9j@nsr{Fj1On5pr3KbA0o=TJ|Wc(2AoH8>!>^e z?b*mxx^0b+D>hX;$gs8%4qU!qJqUK$slFTn+l{*E(?E5ZI1Rx|6)i)@L%xs#n)jj- z>Rm|EF4Py#{Sv1|Qa^M-+%QWd6_Kzk8$>&oatapCk?y zkbH&wfpK8obs~>{ni-{G?rJ_1czdBeM{xauxn>qu7_)gC0}A&r)chE>9(j{Crp_MT z$x1gy+`D27a5$2?eiZmzaL@+_e=rN42>YxX(&5dpFvvuhW3;CmnmFc;vIkiA3oqlL zXVwU47UE(!Xl*}dJy4wTLg4`!4_QV!0+Z_B{3IXhJKh~Cvgh#^KEFPl8ZlzOaD2tM zZVwE8vxOImQ@alkep4YHVO~=w%A~~u5~W`Wc73xB_&-a;dHiOu1*ND)=^~xknA;8?KAAb&Rs7FO->Az?-e!Wn zfl7$;@?->6`gc)m)avB=`Pby{?PXN!t~hB-%=n{9QL-Soo-T^P%wKqJRX+Lear{ja zHKu2G{5h9tJ=DXA_FbiB1{0a~55MS2lL$VD2m&F#(f=W(jwce*L{I<#-Dv-glnVa; zBBdJ6CjXCOBWdek^PhyYSXEbfQw)U{8-_^?g&_n1ODR#v2u9@hUHnim3J!TbBFAv> zPnQ{eo=OXbq)*YOAWve8WNG%ewfS2nm+kBXm<%*#8ei4lo9)i$9PgW(Wqkk7H^4q( z8gd6vSS%whta*~TuZ@jnnAHj!tdOVG1vtW`L;FIWo2V9BihiIcQ{RxZmHEPXkHI0yw7Z*)E4t+Z?iVj8xy;p42$~qyrma?)k2CW7%Cw7)#`x@|X-l4WdA!^gZQRK zx_0-`Q13*NeNYQu$aO=(ml658{NcnG%NQVtRa?wPGrE0mI`NmPa{(Tcb-1ELh#pl0 zgJp}?wLNxwgpqKrV641d!T@R!>*mtqR~S(1muq!pYhF&W`Z9Q){lr`r9qv3!M$IJG zsg~exT&~_7p!zKJ1R&cI<#=iCW7qRqiVTp15_9dFis1xDU1g})8fMGlQin;x9Pw0- z-`}3AE{j?)wC|mw)}3e#wyjo<4>wTgK5pnf1kve?^j_EvrH{3%*8PZmovF9bRfSd7 zpg_L(*C;^un48tE=OXi)gqiZVqN`8NY2Aea%o9SzM4xARV*-QH0ris!<_503tdwcxgSD#6Kds^$RraQtWenEe)y;;7ahXApr2ZgbQJt!jFGN$LM zQo;M}5C?59!rBwX$eC#=(i7~ryO%mEk=`jJq0X+N94KbnVg!+ zfL;^%j3<~Lk&$|d-O5h(gkb>m24E;>FfeC4a*BUoeM zj4onN01uQOK}M`KW%84E8NW0~+L`;iX{yO1OrbuLz!|1-Zk^dDx52kO$7sw7V9dt_ z&|PNa&ukeI9+Jq2&n-o6eQ2#oc?TcEBRpyLs2h|`3mCtIgxv*&LydLFBhg1m&*QEF zPE020(>@S+!*s$SJd~SU6YZwT3ZgU)vhrH6L49IQ{C@;saEKt7$oA`>3$G!>f5(=p z|0M1sb40R_%2M1H9 ze=->|_Qr-kX^sDcrDU~tb?i~pFEB{8a8R3JGFJ&3OnxXJB8M#&$`<3Fjl{%w`{Wd{3q(%kQ{Py8@pG|Z|ui^jxx7FhlDxHXXaQNlH)S)~F7gv2T;iwM ziUVC^C2(=&K}U1k2(6T17DrB{q?|Ukb~mtcW#HyM`m9pCg07Y=7io{>&K_qa>~q)r zDseH>ktRsqbV+&EUDU%+KIwFEF^2zKfl=Q8x%0?t#le`RQ?IrO>NXIU8YNyM|DENY zeX(qj+Ey;Y%Y`?*3UZLL?|3gD2dKuzgO$}_?aF_eZcs~%0p)qnSoHu0isY6IZgiJ30r+n3|}JLh_K#2`c&x zKbpE$(A3%U9$go|hsKto(l&7#r8&x)@)quE0`kta7UyQS^Cb^4V<-o6lh*b6mzD=; z7CVZKI#0NFKF9{D7CSN49O96Hbc{N;Q-_Q{)*h47$?4@xC3fWJci3yKXPv(qf{g;R#Ms?z+X;B2u^YiWfQmH4O+$i&h^INL;#(M-`{sB(1A*CQQen@BoP?5Hxv zQkMv;s3#%E$tLY-5H3+<}zcLbSmpm zwT`{Cr~H{*`LYQs$ZS<+(_2QO8zI`;yxiZ^wWGuw&-VYOH> z#jdYm6=l*4)lPUci>hiPo7tz`E?v=z!v0*4a17+cGw@VanoME8>fpT@1kKZDX-fLn zbWyiRxZd;~HRRfrYE)>Z2&}z@gR95g>NMCBzPqk*2&pA=*KerNH~ozefKABcA=<5# zx+-JPT{26yVPv>+MWvAZWnS0Li==7K#k58fi{4uQ&T8BdOraf}I@sQu1`qMp2>I)( zElfL1TeU;7ZKq!@5%L_SUS~7uEm<|{r$yevfU2KqS}RriV10$dZTgIuixFGjo97WV z%(vLZ#gk&R4a)^Iq=jh1R*f>Qu81zjSm`q{x`vnVG>oM>48Wl_bVEF?L&!cACZef{ zC!n-}a9%B;^-9|Cq?kzWf#rH|tm0oqLW4{>&N%w#OLWq`2T9#GY#)3P{Cja&Uqy27 zxtb-@Kf4iW%_YS|A+Y;EGu*dO1KhDEQ7A*j=&{_^6L#ja4r!LHJF{lZuvK+B%h*dD z3nL&08y-sNN0B^I%i9#=E#u8D77dXWOHx~K`DJNOTaF@@N^P_|kS~HIePW$1Azk(-=HC@$#56s`uyK!%tsUJn=_CZ=8Zc z^>Bt1xs(Lp9(0F`?t!+V%qh92n;CHqbl2h<0m~5j1VAprKFAR+c}wRdbjm7m_Bo^@ z6m~%oyWAn<`X@ubz(JhSU#R}V@eSonVTC%UW9;sTi<>#X5?6ARGd26)!LL5a4H)R;uvW(jj>1yD!sf($5gfZ->?izr|#K6xt9*oTGgH^p)*v;7q& zfjr9&t)I}F=-wt+dP=;h;^@En}u0dS^b-8aj=-+S$uk`8tGoqP)5X8*z;!d|P`-QkSyflD zzAjY@9Pa=Ujvc>%oSCC3RK1k)Yzzi`oDOCevMz>!bhRK{4kU?=**pOxt<)xd0ZMLw z2({v)s~)p-aLuYqaW`)XzJN#aqV*Bu6NDf3#oG36bzrstN8^RloVJNMSig>|o&bB> z0@skOX5aZwy%=T1jP24HmUwe>7$6!RL4GJVVX7YbT9Ksso=bX&Mt&4KHq!3m?-z{V znX7N7!#^tN_jz0qvkFurN=*9ErDzYsD@p0}EyXDhqO_{h{xGK@Q=?`6;f?OCo;;C* zMOyr^_8vSkFug|jfPUSk$JGX>-2M08uzuKc0(L{fUlSdhI+@lOMdd$8fdo zJNw=<`=~eL{cy_P`w6$ll>@pTq%SNW4vYoLwGv}4Mq`fBP~V>H%6tvMqSpwO;w;?9 z&y!#!hMd6);@TvDjzPDvo~FpOU~NXzU619hH*+*HVx$~ud=$A3KE4?t!f4AOsx6?+ zIB}9-3+Y1oS0EwQ7Pa9JYXgLcb;hPqr)tfTnXP+2EhIW!Q!AWaA;sHlL$GOpe*8xe z6>1eoyuOBrCgbayZ*y6wEQB8&W3)$!uKI&m{S@ye967x$HIk_3!(8*%1K|^6&Ov8% zl!Fj~ucKVRe8t7eG;y%`EHU}vWh_i#;SLg6(Rgo7EMJFeL(b-Yd$T7g)Iq7GpEAJs z3A4zgDEHz8rW91GJDOZS3747P!Ry69R~#poJRuh+Ty*k5YmXsTP2xG>&E$@(sj&V&m z3#zG(!_MPAT445$a9?NszTIU>!j+6gVyu#D#4)B@Zk`0&KX>zRFbtfieS3~EAakmY z#cw|?m?@^KDpFh^w9IA+%$AI?c)umq(lfO4@(hBd$a%Pd@_c96QGOwL3n|n%CEH`? z5)@V+DvR4IcbnOnbe+@j<=9wk#Z`^KInQ@zwNkv&C;NwsGt`mmm7(BJ+pAIU27?Cp z!CNc1YKcyOtHV;8n+2u~7T7$K=Bz!t?;d36`q)(+$+!ZIm{e6W?N8!;g=TnHWW9^& z*>@wyBSFZZGTQ|G4OV3^r+!6U)JxhqHYu{CGhIvh_!|spK24QqY%2wy-FyhtdI9^@(4n1n~{(}%|q|P)+wr=r2!`yhd%X77#?Vo{~Y7Ilv!+CT4at}`brrv zcS;hT)b93%Ti1!j}xw|ZvttctMb?)I6OycFFL zuJi-9TOEpdF{GRm!3)710$>e}XqT7o!-f*IJzjGQg(vb8)*WkZ+)FbEzx%J9J2nxH z21wejpp|3WCi{ZJW+v|`b97u_M7~0c5ehE{v|WXTQ>;U6AMi4ENIH}uWO$<(1iuY$LPHe@fhN>)f__TXG^nKC#^9CH1cB@A1zwCNvhn20nd z!}OB)tg48lt62S-3-@V5S)ygF{w&Rl)(?xc1Ab4bg7F+7;X~N(M}b7>?}}#Xv^YqQ zP`Z;o+pS!RBzr?(|3(?nM$j9?BtIKAV=tpqjofp$U19!taX$I&J%Y8^Ub}WwwwpUiFC3XKj*gv?@^Wsu|-AduvJTkWl zh+@BIRVP*`b&dDX?nD7hqFv!G}Eszxax6W3N7!R^m(D1a=6T#wvul z^=&sjle#EQ&!tn|QR3>Yxdr)aLS(GqvCz`TS}m3h+eRDFQ|ga6GJE0IM%H3)<-{~iCQeE;9|UzGn6|7A^`oej-Ro#`B$ z?0?9-i>0Y^vD&Wvff$0{X)OjRyd;U$P0ebmO8mjE#5T|%8|U^iuKZy=1J{<-*3Q_V zf{)v5&CQQC6|0H|pwMjlp4XmqO*!w1!?$dF=GqiR0aA~? zV0*KW^sr81cAn{wY9zKk+DCM8z;U#ZI#{8AQz^hst{zZn=QNub%6f2MuDaY)Om0P5 z@Eug(#!KwsUHZRW(HZHPYFICx3Xz~(_3Q$YC8!Lgi!$mnY?|!W`2^sag_fgSdm~nL z*>N(OSE~!doAL1kjx{cqBCrGSv-@JOUlsB3K3@E|;`aMth1tV>=>shx1}zyLjQz3p z7HQl1jgj9=@uT1R6j^0PbEQR#3G@XU9$a>{aAB=7v$Z>pA~YgEDrr_wwVgF4$!nl4 zG7>6vEE+V37g4ZD(MSHK+6C?=o&7H84zpm<6B+cjKcKtm>Vwub>TYxWyyy9YmUsqN zvnN=JnGg3nMl8|E3|qLcT{UGRR+9)b_Ig5rwp1`1JpVLyE7K92c`I8jtN8sZO4_L0LoG%Yb$N@*Md*?!3%)LWmw=tseZ_d{fa!QApT^2DHVy2p zx@&+g1D4D;!4JA%C91{XXEHyO*ZyszBhh+%mq_?S%NGfTsx?Ce`VyT(8#Zpw;i_cc zJ~-)~&0Jc#8t|()>9>zn*M28ISGUminVFvJgyv;EK?3;l{SD5t7_VS~=f8emgB=$! z-4S8QGg}Njftc1-mcJBCOSt*>jt{Lj&D!wGexo&DLY0a`K&vn~kmGfa#xdXGBiLr5 zIDtz8N5z?Gv%$%AQ8?XpQCEcyIBg-ZT(dH1&f}V~rjokiCregA2%(so{z8%3KVGZ^ zX4s;XMA~4eNmAK3-`=AlI_H9^2lWGfL+EJ4baUqz&HoPf zlYb_u|6SyW?=Gsk1hvX0|4wUtKu;};9H+A#p zqCkrq9{$lh%lOMyj%|woH|xnq2ZE+p>-TVL?|+oII-AU(MS}nUK>z61|5_O${g)6Y zrz~q|_k(f&B?QH&ZT>J@oG-X`nov*{D2y%zZF+>c@FyWiB|yo3GQ^m`)E1X@n!1Lo zl1^-q_YMAno@U?uVtCh*;rSU3-wWaI0=ZJ-_iWi;0s^?9$5*#Lr`)}_?%H2oj~A@J zDqq+_!GckORYed`*S;mR=ao{-=!@)Tc$r-E3Aju)O899IE^gA*<|rHp0Fr$drDQF3 zjO3_?^9Y*YWff3aDlG&n1yT>`ikcEi=&>k$UHP8YsI@*n%Y6t-*Ea(9p+sETDd#e_ ziAXfH`T+xaIu0qTHC$k4na{Uk;=P$e;u%N(`b_`r#;D~hJ3!c=2*4QCVq{|ng>yA; zb&1i;I4v$tf(tlRCyqHURDdtvmXICBtz;3G|oh2ZLWbG?#(!KgueUxX@TFfL>y{!^T zJLhT-fcVTp<{SeSoA0Dhi@h&o7apal=q5E-UT3zI#vMjkX2Tm9z*T$#1xGA2wG$$i zSoNvOB+t*cic&Qj*;mMh6gI58n@BSbyaJXcc_$H1n8>t zs^g%TfWX9TCon~O_?astYJinZ?}8I?s< zZW|WUW6D7>352szQOye|VX160pj*q(chhuDZFxRa@U6O_9Xx`F;~dV*mfajnO+AHq zj%72SN1Em8Fq5^eq1>$;sq3{+8jiT)J^_g+B)wo#Cso`YwgKI&EMcuThvKw3p-%g4 z$7>340Tw9m?na-R#Kyzhgv^tao>#+@PR@KzoySM}gd}1J-L)^YO9;buOmD^PWRK#Frj54O9)n?76D~QxEdS z*hUq)Yb7>s+@$$k(675|T-9QXMVd;3H!yP2O5QB`DJZttB3tLau{!LWz|rVKZ_esp zP;tGu6HwK^9CI3*0)V57sd@uHyff`#DefMjUL%T+;nWu)96@npdwxlL!5x1=U%kWD zoA`Wl9gKT$=gtNty1&}M%jF7VbRWs&$2{W*@@oP#4+LRuLEn9VJ&bb?Iqu9$WNvrH z4z~BK4(3npx7^j|GHkA*^)O&aimW*D_&MR0<`O0*+565qup$zE{B&M2V_eIMtUBJK z)&N{ez*9jU%j3v>MQR9@8zIf7zOV$Rvx45S!mD<66KE_ zp?Ojp=JX3yqn|2==$`){GWpA~ITZbeOj7+@q-FS*NULD@Lm&-p{t*)toa}$M{DD(i&@6HIhQnfV$$o4ue^K$DL0&{AA#<+ z_iVfQ>x@(F>tFksZn!-w&uSpPBn%2xMX+9jAvx=~Wt94YZP`mM_l^9dzFr0#*itk| zsS7jP8WDhFFe(|90hDN^&1cqYSvS#)l+DfM5eFJ7j2+w36cM6JK&y3Dj0T#0TEU!kknzMZCSM~sO!2+q4yT{>pEgb?syw5Gg9SD31Pfq z!r1o48vN3)ENVuiLYQbaMlfU0!3Q-^F^=^OWceq{n3js^Lz(DN5W&9K5+q+-w~F4b zETUD(G@CspWMv0WJat(Fh|;Uzb7>%Too z8{Cs3yk^SR6yzYp%sS3pi$-~h3Yn#QO=`s=q*!w%2f~p7xjP!h&zLWD1ZN&L`tn7T zR!?h^SX*`-E!l%mQ~f%~j|}<-2?exh4MdmKBK`BY5UFrXhtc+bH82Poh^+ zTM?ZwTeb&yThwWcEMjna+$g{)Lqrbl1|EGwpD!qfF(r<}H!$J@<$Ul;vbTk%J8sji zjQNQV2bc%k)D8qS54V&3>D6Z>lOb!?s z6Me{N$rB}fheQs!D>TT&R@k<*m8h!5PMrBIU_%PG9~xGoV#~T&sTEdo7wKm%%Ttoc z?GsxdkvNHfJD4JaGxQ+mpoJUta;zefqBmp7+hep3hU3IVkWwK%udFV?7|4OAGe`97 z$U$wY&vd7XQ$jQLT`xmnW)U)5wOVy~r8t+13aFH&&t;#%A^PoKdN&;avZIggpI zp^KRQ1K*^(EOp~Vrq@@2Las?LJ(v&SB!N4n&wl5!Bt$W#uF(~zqT~{~!*Iv_N@gX+ zms}B!I-_@eVKhiP$}}pE$L^`P-&DF^$X9nbfD0=^+NxMYsrZmmHX)KPTw$gp6-0p=;wvjmf8U0Ue9N{3@nU~!aQq^LSdGaeZcee$`YsfWG)wIZU-lFEd(Fwb z=Wm(D()>67sxYibO*4){=(`cp;khHO0NqjA)v7LX59gr|DJ7DXl;S|6s-Cx|LVC{fC^L^a zUWUOmUxo;P#!q(^ES(m`v|ORKoRMGY)@HD-5W4sb9j?%)YnIBSe14C$MXIX{xxGc_ zP;lXB11Z7Fy;;4To!u=3h!qpAW+(zs;8v5XtIm5M-XfU`9H-tJw#|23|4BLVS=pL| zP4gprkV&fnj$&uzE#szXgUSl_BKZlvRw{GSlF_74XXeUsS{w>qqxwN$Et78@P8>Q9 z6v$+T`zRV$o(PTh`Di1mDz1!8I?S>`#XuOkJ>Hx&X`;kWVvXiabm$aV(NT(ci;s3{uw=(1>ccg3RR-gn?$KQc|x{yk*3$Gm26!-@ZzEJFB2vX9p%a8?wH{7?|`SvbDk zCeI9lTIqj+wqDY(o6YMm3mwvn9zkt_-qmr7hZdonjrfJn#Ux}}f`)dIn|XW@iI_O{ zsV(z0YezOoWO$OTpzPkKemT(T4eRck%Wq^`p{spZOoPF0{~^2Hnl!sq(w_UJ8l$9# z&+9EwWluKjxJpy0PDXVD;U-?CV&}iNu4>P$=t*~XB$8(1>CnI_ixJhmb#{9nnXUO~ z=SIK(5DxbAm+?5(Dk@-&lb@T2U zz2v(~t`0m}aX(3+#7nK*MZPs|C=3`{81aQZ6cx8_TVzxZQO$#2qw-ikPlF*pW!Q*P z%6w>Ly$rXm`p~||t4Sz&0#aBmy;V=HEvlu!k)xfwdBT;|?K{4%AF9ZxypcaULfx%k zz&Q!^DtvVeU{kkRz5OacMkACeJK(X=awOB{o1LLLYLtc==3Lukr2Ng=ujAgsqAp(G zDl`&L^=;Z7h#7CT2`A|+tcNIrlm;(dgIt8NfYu*-J5}< zrH2o8yLQHCbv^ij0eij_6-P*Oj1h1WlS>d4=6^hI0KigSQi{O3+kXVdN}upI1?c1r zJLwH4O?|I@!o2Gb`wN$5q|Oj6@A_h@cTZXiBS^574=t_dcwArWR+98YaJ;3jR2>u=a2SBpci#|{%M zMXe5{;W=9()6WNIU1PbbM;pHU3EsNEY!+8quO)MpthpRxuH3Iv$5y*qPhq|EgqW`d zR~zqO0IVK+4LqB|M7SIl-16o7xMEd!k6OZH7qUEAeQs#o&rR#ek0VAWzArMpma{x$ znDT=uPRhr&M($9bH8n-6>-A+`yk2PaT_&u$M=$qdZpH>53D-7~z-oIhBpBkK2NXq_ z&nfTZ_PG6)j`3vVk{sER1GVTn3(bvd&I+MGLn@v?T&bUSiGDWGr8ImOf0X#OSR&ps zT17#aW7TLQeT1AzdsJQ22!L@=k3(^z{*fuA=Zx3}_qnvQ;|bfCZyg9(ivnz(2(tx5 zE|XLDJmw*>8(9;Zv3$vAvO0(#pIyZ9RXly1o8}pL+I%`< z(Q`(VKcvaFN9#!zTi5iGrHytI2Xqp005hM$V_9yr;N(wSkWxi?# z?tOM zP1!hti#FT;yGiMG#^SKva09rqnjn{}l!YA>O&z24R>{|zqip8G=X62VVC=p@t`x*(7 z@W^Ds&*#lH=;xEM<}YjNm^37PQRF_2i%&m_(Y*eoY93 zD-P%t`Y5O8Ij`;*9oGD=1@Or`vSwdC2RbtwI+Kq!W60ze3wD9>mdKMUnwmdF_2=;K zl0lKX0^b&VrFm*DbkN&x^;BQQ{?87iWA$i;A5D=|^wD>WAdk5I&P4J_;rm;H{!Q|j zN95xa_YCF@=WdEQwyLzM{@0#F-)+eQ-uIK%l&kW`=!8R;@T>ka9Qno30!M`$or6F9 z0!3b8e9~>quMV!f!xT>>u`_@vyb_X=yJV|m=tQ-l+vGpE+%)D~kwfAOq5Sm8C+0?) z;~8JDfHG&Jv^vs(rEA1UQL*O5X|vQZ3{{&rpS-6P=uEgfkTz|YW0c2jK;+L~HWT_;Jgqa2zQ{k~R&i!B| zRIjvnmMdJENtf6^DQ;8s8&NrBk@%QB&3SyZ2}#i@bE4zwOsXTXGSrcIc1o*uh}?Ee z3)v;>c1P~E62tPs?i0NT>4V3YJWHuVkB&bqi~po;Z);FD%rkMr7sDxZ3#;vz zp8C-L&R^2IFH0^t!nCQgM9=pTI@a`{gU>&@7k!KOyxrK$lhO_?_bsh88rP{Y8V6n{ zqMd@%Xl<0BFEWMvrMR4$d{pkA%$k{`I`wUk)-Rn=UKN;7sTxp8#jG$rbAwF9Z@~IR zSaB9(&*~$S`xywkFJA}7Z_M}I_U~Wiqzogzz*ZHujjBBET6xqigNI(fI6W%0MpjYG zr=aoICnq?>sCs9ySJCm1wL0}mcK@)}8As5DrRf4?r!uv++}Ng8+jSz1(sc^Xi@qed zQ{MN2KCE^_-JoMwXD%ua8T~zX?-u>t4!}dR1OqtS`vlXsEi=jKp348{zq+)@XI|Po z1Rx+us{biy{_hb)B~vFmmw)H%|2uB}|1uRSS4#gOqc7l5A{n9>f1zu|EBW^bFam^o zL8Tx7lCYBYFnJ4UljEh)N}Bf)j#4}2S%A^mN$2+p{&x=VzcM$~UEBpmM%A( zFPU2%zCAx*@IWv2sRE#iV2r2^FbtcHo591{o!|4b=Og?U{2t8tXE>1)i}}^SFHemZrai2H$k<5 zf}qe4!eaNKXYfhmR(sum&Gso_%(+brq3+pO=g#vuR6NX@{iy7<(*(d-kdz@ZCJ<5` z)6q~!2!jh)Otp}4I2YnF-HNf0u9%#{US|lD31%#K&u*itSwE>BWBCK~B_}D9Mlkg> zu0R(ElrM}DET{ApWdY{Edmke>^i5K`W%B(Qu`PK@*90-#w)9noYQD{UQAfG&1jdOM zytS|T(RK#G)<{lJO%%@Kem~z1hH9zKN=PpZ*Y+(6!v+1j(d8iGSxXPBqP-E1Vt1|nhxlRj=!zSgz`bjnAcEC{T&wOE) z-lgcrPBz^_)ck(6;RlRz%F-A^+SLxSGpoC87NL`*Nc{luuOmU3^r_?nS6UI-43Wqn zJcQs-1q_>rWO=prmy~W;b#J{Nhme*+e5ldhIRunok&?`iVtbqR9(rgZZ1z%KVrM7j z_k}D;Mrryzr!TnU{5DN#}wQVw0|bt_U{n% zK^(2|RgtWsj4|uAr!C1?8{_7eR z8W$>V*GbV?z0|lJED^K5zhjD|7Ya`)DI*mhQJxiww*HWH8Q$Cp3Ci{r3VFf&o^Lt% z`LEl5dGHLV!GFLr`2PcV{(m!9)cT|185JDevkSx56eS5Y%w zaJ^7(62IzWZ3sq0=W8RF&0YU z&kkfze_KK^U>U=pq)`NOLkd~3Ov?KATUZ#|)$r?_M7)9-OHW`auPmY%(F|i^*ckzn zL5Y##3SR2^lrxnyGOG5Z*FO@1B!EUJt6V@_tsz5c5n;oLeDz5Xpy*(4qMzT2zBLY` zUtZpYK=1aUm`+fG9x!D!mjS68rTd+cnHiYHH`{C(_S7V-a=-T*`Z8d7$}g{ARVf;o zWuykQ@q~^q1^Fxf_*v-2&?5n0-nhOD{m22v{V1$71^7zGPzupdAP+Js`BDsoe7Mgy zmxS--uzRz90fRV?H!Cq#0db}DtAaU=DR2(+uw@6VQD=?|lc{Ue(4eG}!4Ow3O)sy| z3gMz;)k?(}RWgYD+r3DAg|FGk-3BbRBRlrF13MMb)V)SD%Gd2$40Vl+0rppQN{gu) z)$U0Pdl4egbx121t;-^`YLJ_j8^5N$s4|`s#R%AB*FkvwPWyuKe(<!vAq{eccc(fz6BZJM ze2}@5Acr-`GiXRgGeoi0`;U#Kf38; zJ2F{`!vlgKsIwF56Ba11akN6WS`}%x%#HZrW`%gx^cvY#H^lX1>135S9pXbaE8*IP z;5aaoDXO;3_SsCofHVH)O$S)Mx+357a;Fg((Hykyo=fLrv{**nusEP^n{qN2Tj{G@ zFp?JFEz`Vg7ofDIxcQc{f?uOg;`~AYfrmPV>$2|?>T>QAvbr0X92}6)J!skAEAX#J z9F3y&b)z{vS5U%+`+zGCRrxy-TZMD0hb&LglbWnwX=9ncGf3DOgE;UU$x2+>hO(oP z;gaap6IQb1x7Ix^=Q90U7U!S5p(!iN(3iw$S9n1DxA|3rFn9n-2FJy3vF2^puKh)E z884I>atF(%ni_G_fc--E>T^QXaj(rm@>@wX{SPl*@9)rYxv+_IAzmtnatOsxbd__C z;nOU@c5eyOHjTFzVe|o(=}-choMEhOV^@(m*iyJIzH`K1+^Pv-7yln&=^gIn4u`y(qRm0U1)upO3LTI3zIk(oAuFN-UMB1T>-P$F2* zKLuRb-YbJIx84=`(&3kEsbFcngAJnKD&Rg8r5L}oaVf!locj_FE^EKuj632R)$JgH z3f^ATKQsLPC7qZ)bg9{S(xvO0T05ips;IH&STb$hZOvtd9i$!~N2J-T%vn?a|c`Uw5Pg7ondq226EVuY%K0*5Mm~2_;T|+xV5NKxE7z=$$ zT<30PpxPm$iD~e7=Ts(CgqDf2KF0ek;{*x&RvzPRKHY>PM&uZ$bqNnA&-4diLl$=T9e(yjTKy;t%5yP%oK|g^%s;G}Ut=t1o zpFIko(J2wQRj5`jZ)8+(@GVf3TF`(5*4Y+W2A2dx_nD4Q&=-p zuC1aqIr{}@jb$j6_Qsd`T&K_>#B}&D@8PdnG%V*}pC(>sl!%a4@v`tZTcTD7@blVtr>Rbt^I%~5!E#2LD+oVaD zYFr5qfMnGsT39+widH6vHE{jZW#bd$zFIV0(Y_3AOLl7o&ozwc)?PSI+_71#Q>gcR zZ^Pi7p|P|-ZxW~7^}z%eLRmgfd&CHj>@Qb1 z-nIv!eASC2rX%YH3@A<7F`Q`@*?b~om(Tbr8cZ@r&swyB+*v^9!a+}SgwI`u{Rlfi zpqf6=@BN=t1Lkmw~|o}s!AsOXh7?)XG% zglvRGBT=lj{_k;#76VUtGC)_7xQ*tc-)rxSiHl~#eUX;(wg%*|TiwI_$U2~&*0ta4 z8;Z}I1qtbr^|r$Zu?g-L&LheCyh5pEQ6)qNeG~ZyMOjy4z0DfJUGG0*>>n78#K=)b zB`W&B?3uNTU&RXpoaf;%QTYqA@xN4wEpw69n9WVT=s-s0mY6cyH5%*8yIbmDJ-BTY zCg_r}l0kMy|~P@|JXdmpoVoEeDMsG`~E$ZvA89N zsf(Y;tf7viCZ)6~P~QPrxsS&C&|iku687GM`#Jv`E@P~W)hX443B4t- zEXAts3={kUDh8WR0&ULlUP??YKT{(et4y*YRTW?GeHKF~ZYXvWC@T~d>6E#UzP?S*(J!3jKq-xn*Q z#obZP=}L41!;D2jxD;y$qc#ppo(Gujb>0yYhP@7dvFc+ zb0g0MkQY`$psgl}Td#P+lVn)8C=K$I7L8i3Rb7BumQoql^w&pg#09Dk_8tvT_+=}U z-K3t5gI)GCwN5uK$$0`vxgk*IMTtRO_*VQOIAPA$5Ly%ZiwJYifvp(-V4~_A zD=pS2ozB($b#WOI!LK{`=%g4+!z4Q|!Y9$P6Is?8l-!<#))qBu>t-MuL}`~qi=~E| z@CX}->eh|5mJHDtD^P+|dbNa&YH(S9wQ8;3hg1{HGTxN|?>TMoq8PRTXk0#%V>+fo zIk*no(8#|s#!ZH$EWW(i`)IyAX%m@qYx5K*zN!m+UbX5dFY9L;e}uA0Job2hCHi)T z_17$R0P+Ai@m0e6%^08#-kLMQBR~K@ZwNof1b;xq<6q<+*>}i`waQYR8disu>ffbf z8-Inhy;L8NC(N?SIO>B-3NE(5!Q6yCM1I9~3%}Nzg6NQQzdKP{_yAYz|1#LOBjt8~ za^-wNk4(d!q~J&X){>*Rk8m7MnB*RA{Rd0he)Shm3SHDMJu?usA4I7TXENYygIzP= zZ0ldo=Ad5UIJa9VP_LTbyh6PopwBqJd;|aHknhUFK)aVX7XfvT{EBpwcoE%6(5~{l ze~x@P#AxD^o6OngePda(kAE?_W!g&k3moZY)=J(|?&+B0B7ZI2Lry=BkaNJx>9ptR zh`kU<>Y0@#KJrJu-#bL1H|O`e;UNqGIbpC?*=+=*&aCkI8&qv4Ojc{TDzR2@UHUAs2>+=BG^9}yh7<>(1p+2Y1 zgg=4qqa^W*dHj1Q$P|D2^vs+_-q)Q%{>M^7KBRCZ`9o)N;ZC5HLYW{FD~39G?Rd@1 zxL+2UuIFfHhq3iDTksGbhR(OJ=H5YBy}v_tMZdnF+X8hPlTqq4kN3Ai9cu*4*5t~gbXqir)p4{fYCQxq6X*#;Ed z)KP3^B##WyLtlFeM(>6EyUEs&F*sjVFOt*?RCYi0=T4kOdD`~0rUgLBEM0&y3c^%|d! za$UR>I)#b{-Z%Z=y=}#;n{7oOVExmOvu(w`5Mc~-YzKAsd-+}I@{~zCtX?uJ9s1JR z=EMuI5QgSXA$sQ&@~c$TjXj4O1>{X8vgVXcYvrircfSWGB)Sos%V&azx8}c9dqk6o z74CiL#(6Y?tXpmIDS64;r71@y8&J*@QkxUWpNeg0^7VXtG!^!N-*2UrW~%nMdU32W z{TH{`9?;+Y$q%f6eOwzdUjD!3VY!nV<4bDj<(WP4mTym>%|6yi2cGHT{-lphuP$*`V?jrFRuh8)HhAmbU@R2i~m3;e^b*|Kt)NhNT zPVr^S235;ZO_)!#!$Eoh%cTQ0+|t28CkiR0ez=R9A}0CKgyt;$f0mmY%XN?9m9F{a zV^(Mnb&6{_!iWSR&#MkwAR zcT=7l;YsQWTvPQ8Jx%|7lbT7c5Xv&Wvl0pExDgvsG$q8C72IYN$~bH6GoaxSv6*4< zr~JT?zs32Zwj2{*{bUi63qgrBV#dj|pKH`1n`nB85V zFKAXrDsE1?-Ni~|!lf6bRWnAdc;|A?&!+y}c$V|=U$|&BzH)pG3J?$!$N$uq z(ERr~=zm#%|EZ?`F{6M#|A)^{Qq@)85JTv)f^m#gMhZw!csG=ZUq2Qmjb-a&v4JX- zwSwsj3=}6sQ=pROi!YV^R?yE#5lVMj=X()`*kO`*32NI=L?loW5@y4mQm zftq*NK%-vQBbXTqc4}J3g+l8;DNfH+N z=YH}`M($MT)|0%$IJ>o2w%&s00W3bIR2*4aRI$iv!b?aG!1`(H2I{M%Ol0*yZXyW) z-z2QWds^I>;j)hgW113kn#GUqf)rhc07tytmvzIKaDEg?o3p|5v>0Bl##55tG1g-Z zD~}oq5x9vF@H3=`_?dnLGN#WYk;XDg2A?+qL_fifA8>Wo;}hx83XbykqI)-k3|DwD zLB;bX&DF>puyZIN?>ASxZUp3)zEQx2<#|D7>_2%|DuTE>I-9jz;CYqF6nhhevdLDQ zT=|t`<@b~)p$27Jd`NCvxr3Bt`utcx&TJvPPPFPznbQ20qgjce3Z>)6gmsC;=*>= zEgBWm3JL6=d81RWpT$PHV6t_aI(e*^6;b^YQQn&yIUmI{Ot(j8UzCvEyZ93)M4)C@ zt1^=mNPbzpc_8WN$Ho&LCJ&||{G&ebZ}T17tUO_=2y1X9P8H!JWSS6FCgM#ZBy*+>T64wB-oK$CoSw zQy@!lnje%yK!l&>^pw*xp4jRt=O(aS?DlGG`ytgFJlshX=l_ZqrhcJz7Q84=!BV|u;Ile zk$P3KooS2I8MDyuPrLu%<%Lu;P|N>%6RQ8QHzE7~c`yENm5C;_yUJ0TPtO>MIg?Yo zfWR(Lcqnih2@HfIrmdrLKEfgpR47*(PQ2fkOlDea?vqc?zHXmU)q1{mi*^M#aR;i+ zkZnuTmQlyXwPn@DRrRuM$Hlp2iuBG8zqwibn8^OaC7*mY=g-^E%}@8u58chn7db!2 z`@I_wO=8LCZSLUT6%opD(1B*LW^tiAiG0?^Vvh>kDTr~jL8Q7#BEhl6^e1pH|Go55 zX5@$vHL-b{3SwLz3<^qdpkhBLDO6X(fj8rD>f-Jhw#Mt}G2E;~#+A4^ z_Kjos%rZ<4)Lx@ZfI(PTkp@}mrLUPEeR7?0oD9TJp*ByH~?n$~v&=RnnkbF$0mIynD6(~7MQx?kz6miIDdoN1zOcv@nSDEE-o#2(gaTSypB&OUdStO|W(U zP__b&6PGZXFcbCsR52eB2ThU?D6_kSwxh>JwOM5(49o`)LWD zDxGB;quX<+$i#^t!7tFFVAoUx-6s1~IT~L99SGj1GK=e_8GZ}?nx5Vo|}gIa+{)_43{Y;?v=;Wk-7-!)tr_X z0PZyHX!9{b=ecv$iPI&Sz`MhNE`Q_=rnG2#ip8ZR)+(!GmZP|Z68Rjw`F){Zn=!v( zcr5k_d1NxsoiJz-W!K^&vy_YL%7B=4T*4_<=|NFIupH1`vE3I3Q|dzKXh;mgi>@Z$ zB|4pIg=^H+-owL2?o^4u!ydxx1}Tm#zJEDJlqyY4A4nq0?^(%YJ&&?w6dM!U8`3N! zGwA?lB{u_QMx=qyTucj*%=?I4O#I8}ualleYL8Ev)P+C_)H z^wVC^vW@=^Ux`>1%N7_0Xt{3>Lc7Narqyew%~ud(9;2bQ6x&);5S8}*YV;=48$WMn zi$BjGhSGn2ufzAX*|n4L5`P1{qgU0J|I}qIlo)}-LCDdY>^_1{q0Q!m?>wYTHfWN?JCW0aj)KTSF!OkTItP+yg24=g51W1bVQn0~a7`TXrE zfXDa|nSCfh6J6=+_fZIIOPE$a`G^Z+N0m{X2V472$So8&A}9OC<1d=fEKV6bC>N&^ zpj!g#914B^%$9~$rcJ@;AK?S}=`F=e5B9<7r%wcVE}i>V3z>J)Qp}`jDtO{N9K%;w z|AFXXx~qmN{kvaBoK?4ht+n{+N%jray;iEf3N5FHun0Zdq|cPv)%%x ziwyy_9ZUXuCO|oY8An78D5sR`o*#76=;GWuC+!vaJ4Ncjdi`P9fJg&4x|N-?8D=l3A`{9~7ay+@9H+#0?mL6r zM;Ta3PE;)#+&f3*_Bn}Cq)@Gl$ut$l?LCms#lf)-iP63s3lCH9Gbv8EMpu-G}15>X7pbz9u&!HnrUeprSV79Q`{^hoqH}ZL8WESn4?6c$8dD)%a&l%>l~^H zEf&%-oH9YBM|-%SL0(n4B#lW^w#-LmL$-`nwM>|2&OElSZ8MPT{Ao=0glC}%(qFVG>5QbPpWHd z@X2m>X+ojT8hR%Jw^XiVMI3W3#vpe3@H7=f#2Yd&oAc_!9NFPA5WC9IY1D!huoD_( zGHQI^Mvz{O%DS3zwX`YZoKCacf~koqG&>Aqc_veS8*X4fqB7%g=YNOI!;|qcvL;rCWfLCbw z2Rxl!mLwPkl?{o`bFdrONizvbqx-;V*yAKQfoYE@8Q#-j3^IhfIxxP#-h1S8goGE% zkhDj6Zc(%y{ag)9px60BMJxn^GO)By!r$=GR~@fzX4(#E3K>QuzPMqrWAY zFUOajgW39$+^q0x?`gG(YCm?hoeLCeaDpW$EP{St&;+@3|LoQPtY>AR!?b}-cqckD znfIa(3gX6Yv5NDdnQUV!$Oa+eeXE6urE*`pXLvpHW#PPqpac7)kV zm5&bZzNDyAVP~Q`3x8x7SEU_0owtTdJTa1V5!FP4=AYpkQB=hB7G#_YK)dWr%{^#d z6Rvy&VM|_p$C;W|O%b<|axKn()?{SWO`;!LSae;EC>k>%%aRo3Qrq}v$Chp{m$`nJ z_`3f~2wx8OMA%p6u~s+ue8{$;+V>{lphhC)yRaJbconQ86mm8$kxyz{BCneyV|#H) zF<$`FtaxOKcrTmt13PG1M}ri@&S-n`afqlT;%f}`uw0vwOOe2Wb$d0zk|wj?G-xeB za=BRVPLieeQm=HyAdF{T4tJ&z%tOd=_8=M72ghhe00jRRNu}av=GKTM#11cQ;$@ug z=HXQ@3K1tIKuR*z>EX>4%q{trldTmVX%pUffG@EJ!ngKW6b5>^D>QC~^1A-tgXnGy ze%u?OdB}rK>;d0|kQ|iByS7IZVZxXzZmyJmI)|j>X+k+-<{JF&p)-~2VCzp)QY@7- zb$ET$@K0%7fF02EmHPvAsly&etv zWxoz9m$*Gpl;HqXQ>0$zNuO;dMk7o}l4)#;mZDYo*tYSGGWq>E@{|~uuloECEJm;s z16BnCUK9tc6+*uUPF74*E6|ii1Y4zWF!*`D==&qJp}lu~<^(hLISVJZ^U39GR)cU$ zW&Bd3FlYSyXj}?Yx(RGSu8O!HGIjWQC(hEFCRN+tf2&C~Vq=PvthKAXJRsD^Ka}W< zR+OfHmixC$6odCNt4ofS=Z*9xJZGK4-CWC<_C)=Gx&QprUmFVd^G&#;X1Ez9n&R{x z+qbE1M@Y9FZbXn;Qno`sEGjkrZf+Qd^ATSC(Q?u0A_3)T%^!TSP$IQx-HCKGGO*Jr6v%OYW!Ai zcQtf1exR+}z4TIA_92B(T}wsNfF9#+@KzbF$8((bP?t#WmvRTXYn!R)4KJBBwHc?Y zj6+p5&J!Y)GEgU7I=7+RF-%9ENZ{ddwxYn@7^<5h;C zm)3yZn&;uc35KnMPD}=d0{fop*X9A|7;~H-%N(;N?^dHnjKFVeBP9Jv(Dlj1w!mCZ zO2S*FeFe~oRE7!!)B48SDY6yXR-~#{aK_Cbo7Na+&)Mje*j{akeO%{V5S?iFxc(7| z0|u@ll#QbB>KZd8nSQu5f9k^Eym|=rv9;FpF$da!Z?3TYKY$_F_`#@p5caVvukDD8 zBfuur%mLe42=|fdCaIlKNoSDf5$+~A{=Ux}GTto&-s9_SYzY*+=kV;zK`Ioh`=W9P zFW1mcKO~Pd=ejAbFL7zYlOv&c2%`{PJnY~+CB(ScT4C&RR>fg;#i7x38qbd08chlU zXo0&V-BD&vdpALf14{1jjFiZnV#`uzzxdb@E=?j@oucFy**Kb#x?!>xjZNak0L+_; z(V@9Ps(Gh%l1=%m`*}m}KpZp=PFwGQq7F#Rj8l4}v_IY?DsGop>)h;o*gsLiST8tX zEl!^^2p&k4IKn>t2sMnP5BLED**TaJ%Z1=OGYt_Gu4)b70=n6bg3CDV!VnAJI4 zkD*57bV+y=e%L21exeNNoX1^Pe9IrXHrsXZ%5_Z6IvgLj3e~r9L*@&{T^@(XoxuVw z7+~PgPN+xWY;(p?T(SK4V}p!3=gSBxF5rwDbh}+ymOGANmbp1(b1Vd~Z9G($C}63W zkryiG@hG=EFBP`k1)t%2TP&haEQakGj`?QJUx17EMb&EY@T~BYmB-gsYhYVK|4b52 zmXgqrF1cp`>s@EisgEYL+g4Ae*%w&}fk->Io_NxPd`sK5s^=X-h%qw(0=cmK0)t;O z2R!)*mD#}Si{w(e#r7{pwRHb(3pDwZxn)3FkJsQ1LOdz$P#@uG6yWa01K9?Q71F z7B@6>y=7Vs#;ejStH?^vwPGeWqY@tHfTzb2O4lM;nhL${IXvadt{2ib=g-&n{ zh`*@F5CvxjFJOWKD%tE1)VpW6?u9oa@%IEfC6PZ2_2cBJ)gDyDD7529rK_2GCakJyFkI0f}2Cdj(INQ^l^ToLAc^N`~S`-41 zEPtvu$AKP?vG_waY&dOO5;BV8xi>#;{C*h75cx(zVhq9;zHkpz2l_PgugzeqEZ1Wp z{{)wH19O!BY0uS@kNH69Ggc|G-X-fD^J6w?h6a*9SyGH z$*X+rC^HsERe@)NuuWm6FuH}+?mEuv6@B>8wfJrL)gk@EN9F0faTy1hN*7D2C#HO1J-ev*Q1rQ2fsofRGEo+T{P_+fBN^y%t5EeeI4@ zKG`xPfgx#G07epoD55Z;!tk*QLWnBPl4zkM8L?XmDAcZX*|0Z@4Mw60nwoV6Af7AS z8*5M2CuQabgP%JY`fKsB5`3j=X*f_WbUYi0Yak{b~<{OR=28E zx9I9sx@w(d8oJzG?hZvg4lc4uzJ^DIX~^l8mK9%75ZSp)7=@B%=bGt4tW87AR{nX6 zGOWsiXwLbX$!v-#bj-*U@)l6hjD*;EPR^Gs`u3u2HGR-of=pr6Q0;=d$fgpGV)Z*p z588tg>y?NfR8pe=@X-s_q8(T@iG-8K-HusUo`V?A?;&8A_UA!~4H!bC-A%@Kr+l25 zuXNTE(gqp!rzW$RZ74eEdN=hfGd9)t*1xl0{63K7(CI_$tX8v5h?>VcTsK2w$KwXv zC)S78dzdy*$)pOD|W@+SXY3%IU!Bh!zu+$VC8flR&zx($wN}_YZ z=D7)tgmoKO+^2fi;LX`f3^)4+!a z_VQDh1rd+82?Q221JwB!>{>9X>btm1A`Q3D{-Ym~y8pQ^jl>(=NM0I3knp(=*$Xe`e%laqqwHfNiP4$nfW<9LQgL>96&ZSH5 z2?P<4BQ1Y-rF=)BSqat_E>J*ovuC@>4(%R;&d1u?kA~=SCvC}fG{B! zje}{-E;vN{%IvY$aL*cO1gvQnT-lv{oA;iZXpKQ+*!N%pKc8dn`!(&GAx|hcQgk_5 zR9A=}!(A@loF?Y;P^Q&u5$On~E3m%0V|V<0g4Z}&8q+0F(ffwTbnmF8M6Q%T3 zw1?G+nC+TwnU@DrJc6dJgsig912(j0%BRgpZRnwD&E}kd(Q5c#e4RshB|w*k!;Wp+ z?$}AkwvCQ;V_P@2%?>+8$F}X{#&*Za^glD(nN`*LEb6JM^PTr)U1*tfPmgpP-qo~VP`HL5w0Ancgue>pmofIv&r#SquCXPhV%mD{8X)2KtbBFm5To*#T&*S&+SVUwwnMeV_Gw$kfS>T`#s@U-UD>=X%}nzjWO zx;W&=6yF8E>o=Z)^S{jb+4&a+O8^Q51Fp;cC{~(~n1EIs4?h`Is3~Zkc(rs_g?f`g zHiLnY$y3V<{z#|-Jp&68k(Apz{zU~*U&P_Yc`JrdvMK zF{`bT*GlT6EeIImRts|tfSaE|{k=sDj9PI&ylx;*$^l9B6Q@;$^_u6b*!Sa+BpaWS zZPod?=u>L?FuV+zmP9-Fb>f<>HEhZeTC;Vm`Qb)86q4k)+`2~K8obLYx^vP){ogLH z5|wp9ndL&)i>NL6i`qIERntu-$;%6stGcVsuMy^1zXb{wI(AHYQ7xrift8YjZi@q1T zda;wGNXn+i_xr9GY@~~pn2}*;@~E4zAs0V%<^nitN>hIk6?zIgp{*D+vO-8@dDiud zIbnto0Xpb|U>|MtwZ`b&kK61MvZS4h3#SJMK;d%;7<8A@z+w)o?+Y>`=!E4?0#dsb zlmmGFTdtw~st$L`3lK*3$-+c5AW94xhMZtEv~Wrz73;{sjwaxRu;h0GGnK{5z8CGc z1|^!Zxq@dPaN*KmF3)fT*_xHalAdt{J~)>btMo8Az9xsq-r0*z0@uEDk%!h4gOXHzhyK=|M27J%(`)bJ~(kRlx(P8^k|Qa8D6 zo~bRxT@gxpmUd|!KJS!F0&ZBohEOdjk|Op(i`^Y*n3x}Za!rX*NV9PRUbTv+Ky3-` zylNKFkUJ0s-n9z3b1XnQAEudTTnA7&eI~G4;Dj|FzOseXGy%#0oa4U%zw|H&)~sRw zwL@y0kZRo;+?arHkB`m%wPsmWYYLW3`%spE>go$(C?vTXs4yCkcM??lfj&HiE&j)n zgCyooF2D*dulfcvPTw;g7^YP{AoTv}8b;umek-|i-@%TR7iOskOlgK{DR0B{QK)OH z?5<_DsF7M;`ZFPjGsAxC8%DqzfVbIgG8b6P)_colDDCC<7S0#a=?R`^4WeqYZgMP0 zt*E2?6hGxP9Hs)gS1eBRcX_fI7T(Cx$hlK=x^6eB=tTqdP{%iD?8ftLe4A79xsYY&k06LyT&w!+rBBu3xE_9f zN(K~+8(pr-7~1kXcdqC#i|9NkwB^c)6U{Q1fj-O;FPn-)H0;%y^DU!keZf5D|JrML zRdZ|JHV`dz*iucv?;FkEnsiPNN{#06f6s`p|LH)i_RJ$BdNuWk5s|ugi7uXkkv4SY z-T~4N;4Ci29#(_Tw=gl+?RPTtx|K0pNB33SyPq`VtH&YI3YUm^Wuf!MGpbKwCb;W3 zY8LnPYYP5N=S#FxFrA{NQ0)k+Lz-xy!zrA6!S_|mUuarInn+6Bs7IbYg1sUNyC$a^ zX($9n#ws=xHrqyhFnlCE1+q%qQL!CTLFXw zEuY;0+xqd}6inE~%Ir6%#|0r|>X*Ud6JY5ug}+Ik8YUKrSF)~c65ziFodFph>bG`1 zOEppD;MPhU$kS1+Wj!VMg5)j~G2|yH+T4$^@W>Z1bufPc6;n7`lOpaj({dwG>`Q4^ zWeejVm=bHmkyqLTG*a4MZ9Efm#o@gYPRhhRxZrAEHEI#U-`##LL7kIp0rNT$N)wn; zG_s4HKBv(y&q&V0p=Y&#kmABP23zaKt)8yU8#3@+gJ4wOzBA;e(UeS>YlB3nzD0+e zP~mBA%K3353fwE&l%ASKj&e%`p@$WX3h@Cghn)joz!46mufK(PA^d|}9lOC%9k{Zo zBWjsK9S`RWo;HOnLzX+4d{X5(rl3be&1tgY*4R8n?r+pcCr{1qo^l{}9|=?k|72GL z-XhA|DK+9hM@H1-Lc4^bmj)~8o7vVm;26+veTk+OhcC<4SI^1F%44fl6OE^;KXsa$ zYwIppz1hU~wN>+_u^RyKg3Z^MrkzbST}4zeocR-&6tEyqU?!YeGR&gdWz`#)o@~r8 z!yf+v5E$&b(GdoJyd|t_Xg_soPNR-OVAlutm+_1XiPgQeJ*-W|n~)dD=rEDIWX~a1 zP7A2yi7kp9EYfNs=Sir+^q`~j_%QBQ+wC-p~0wYR_7{c9Q4Lsag%-5 z(9fr3-at!^mg_0u+@}4O0iq5CA@dQ(cS-=KK$=y=g!fTZy>E%mgb9%wCV%LzR*gK- z*r^RRhg7$c)GNJzGA`A~+F?9tm!I5{%g}4ckuxq4FjY8cku%cPPXc$sIs92;OMDXi z<+O=RzL7+-Pz^ttAd{$r$ZlD~I8=~{?);Lx(H0DZcDJcB}h~g{knJ2_`c+Mf)jf^MF?4==Sfn`>+QDyi$4&LgO#AymcVbtoWGS>}a|Db0 zHp^2F=Jez61AUZiaO|1?b zD5lC>SI%4ET@UE!)gF^X$TwB5d?$C?h5ltif9ej`N8C%cnQn@lJvAfyPX1RlLz32d z?mB7ZN0?^GYZdz2prdBVnXbKW$r)~qJ2hNXL(dv^%2btO#;MWeZ>kO|T~&JPQOp&% zO#)arMdQ}{DN#031Mgj1wXz|-_N_2r83TE?3EPQkjO8qu6l&x>ma-8B zsYk*Ztk}9MO!@C&yEPqmm4>R0SxF<((RN-c-$6AGDxcBKU)hT^E*J*Vskzq4skt)T z4Jdm#7uf~AwaK&kA1N0sFxt`wM+k3Q1g7)S-^h3)D+pK7U|o_>L5jpB=6TaPMW}M) zi7&F)qdzv%&XQM?G_>VI0M5UXhJ4Am#CDu>1#Pc7y`n9Yj`XaPGrG`Z;||2h*y%a> zX((w!kSJ+i>+>)|ef{yJ$Z{D~oMQ;(s4+bz=%{P6as=4y_W#P?RhgGMcP2%g4=xz~ zI*MJFd+Gga`8$V}CeyhgN$p_q!=NsDVu5x`f12(tOOiQ3edMNl=iCqA$`haPQ&usZ z{o?-kS?90EEkmC6h(*~@y32Q021nlWe?i!33WuLHGa3y^&3P5gLbiVo+Dm<#Gx>CE zj0z5Zc$N6@;5B{{-x6aar;Y zH%tpoG=`LiHVV)rbmo$o6xk^|r@H(qG_v+h7Yzq0zne7pPn{Xn9N@Pvw}TEr&BAns zt=HIfTRue^7kAt(UZRS51qVQ9!LV`U1sPSgPyi9f(6eilIjNH79cC93^j2MXs!LW< z`24DY2NP)~1=jNn_%K;zN7yWOKnq|cj^y=j?Y?i~WSL&nZ zBhURsqUR59Z$~zl?4(vXSv3KuQm!RWPF^p(psr52F{VEpV!6dsq$gx_47VU!|36Y= zKJB6ThueX<^V&vQDr2VWwdSjW4Sf!fq3~dll}6C+z^Oc(MY#v)PR^<*)<_S; z;A<06TAx)TU98AGfR+j`RzAP8sJzi*BTnTHuvF!KPTd8vEG|kT2vTlukF*>Q8o%R) z*25j~w0u1Ad9|_C=go{YSfD#%DY(gf#NPY9Qp>k=Lv{UQVfxg$wZZq+XLX zzk{%*0_DbzKtMF{bts07`_v+2ChJj%P&k@#vGOyGu$(p1Jt@L6xpdsNKTd@kio=UdP0*fqxe^lVh;6RkN9Y+tZ~7QW=zp$cY(pkf*v@E zHocV+nik*c&X^*MwF8>M7`reaSFL%2eJyAoy2nMXzK(*SFtcjSk?&295;_nD`48(VAOo`o~lDqXEvyT z_g~ai1yo{=!5he+mH2MvPY^9Ca*?yeW4AC+1$lr;d~1y&ZO`A55hw3C%_pt(|ot%Io80tBJYxE_dhfL}YhT4q-KA!GvN7 zx$ZW00N|9KfzjbMn^J4g>MKM`I^(3@($HhH*Wssw1u2e(&*Xl_cdaicpn3_)l#_R?hb^nEW}32dr;3$5f%#|eKXX13WS|Duze+tfZ%>4qw_8rzqGD_(=_VK# zqYz#Q+hp~yhblgth!B+NIMdFD=UjccG!`fq#(%}{7=Ay;aF3+$NBK1vvR1MqR&;oU ze$h*&4+Ct)3U*dO8cSa|FQN@f(7=huYpPnLQn%PJD6t0c{Lmy86B32H{AElH!jqe^ z^(zfyh=ASF)6|T(Lu`ur_ZTL#s4Cnf(N!@bnv~^KyuqizKUdhNgkHg=p+Jnv@>DQ( z`;hG+veylm?EhGQ)u?Y>yo|%1v+fpgs}bh0vhe#DFAHzE-W@@TQSr2UTK>9GX9NPf z*Vo6h5&~jIcv1zxA{zb(4xb)Cc~)bY?JIv8wgbYM&nYSj8AV=a+gbLVqQW&7cxXO9 zr8>G>LS{Q^SgtaLUs5(&{APMr}ls z@4=S|i9Hy6EPqIxTf}g@FGS-7Tg86cFRF}}pI9nMm*zhji$Iq2(T|2oj)svU1}FIH zDis08Ee{(14Ylx^LcGW{G9BDMROet@>==$BIN_K4Q{9+MZp&v2I{J(5A@l6|^EhQ+ z4GDNQ8!HyQD8*$ioKK&+9Y4$?vZy$wutbw*-+8`H?yKGV*hh4VS6U`VPS2@#=yd5< zR){wT{wnf?uC)`5HrL9KJ|{17128lhQfZ(u;ewN_!Slwvl`N@6C#UsMzIFu@z?itdhE$W>H3sh}I3UK&Hoy-Db`&)E zvg2Zf`P9+Zib?pZ;Etbs9hzjQ<>hxJkRS}y(e~6O7!hH7Gs1o6FASeF`w8p|p%4+( zlaY0hg`!p2fpWaX7!ne%rEIPnWMsTOI4%p{3#}?N6wVMDOI4>Rz~Kd{vo^`HQ00TSh3Pt${^dWJvUdX8goE5;#zoc} zZMh2nz6y`9N6dqKMRnbVG97qnUTD&WdsY7PIxzd>$-e2;{sv3{k>3PG0G6ds>;}*8 z^&4@J(Vog=@CX1^APD+~GOd?52V%w)PauMQ54t)82SC&rTHZg=25z`iwj?6ih-5Lk za!7Dsf`UOJl~m(xeMNJ)bFc%KFdaT}ko|B#mY0|0IMxc6a!xwp9lXb*)h(uk9ybtl zXYhjZUE%wWk-w*>g5m7J6-ak}MW$pBK9NgbkR4w>cVc%9@h4l1(zevM(ij5Najb=y zvy^O~-`M48*-WD0s{HqR2qk7p{~;e9EE?W1TU(dlq;U<;Uf40kKZe5d;;ruHO79P=Uwb5l3r zLk-t|?d%FV6W^nU6l8=BX*42DK9EZ<_NnIYaGn@hzK&il`p!hD$8kK%aO7mXN6gxC z8F)k}KPJi^Y>iHDwUt3tP(T}O07ZEvzBAu@Exq*>#C!w!G8fMZ<{zc=Ad;RObSL+c zYWN`X(roC8Gn(|3w1X;`-GPbUK&Yu*HFAHFoNj2xxQ=v;rK9M0fZww4&+>WsAk2m- z5GBanm$I2+u-ZtOiVEfM0L|$U@r23u^KJ>nvEP=A*t^^?YCIXVJ1UT+kUuxdt#5=QE z7Ouy1Re@*UUr1gc;j+y^QEtWWi5K4<7nJTSYd&M|aMlaWCpDFroPRT&pe4LA&^ixU zWGD%Zf2C$=TlJGITJ$SX|K;#v;W!Kk09P~r`a!6z*@yxa5HZj){afaz9mIX~s?DfC zc=Et*AwU;@-wIAnR`pIN&P?a0<&f;M&0hIHW-pXXu)k|I!)kY^rwFZ$F^zMu-RJ-z zZ67l$Oh>=KMOl~!D;yO{_~?##Ble81mcYHi?Ig{U6jR>IH~t(~fKoh13Fka&xCug( zc!sHr4NHnHIjbrxx0XrqC692zAFsvdU|2=5^%9r53*sEKVI8b&vW~%3AOg-IseSO% zzDoSTZc-5|aVtW)o!d5J<2EV^p@n-Xm}vqsdHK2!SD-vND~|jH(wZmO;|b(eJquz# zxN;06+&RqYqte2DX`<{AnYBG$xV2|w>)tD!f)B`3i+bNaGsEfE9_PIEU(wkG{Hhf{ zums!=UC)^^wro4_<1hG3bHW9@7o<-}$22TlGWKk)WmLe5M@xNYjD|Q|s2n=PiXYJjMTm^W0};%Ft~eO7XHE!h zxmW0f78h=N%i4x8((A{AP22~#;fRaq*+;v;O2yFZd7n&Vo#Gl~OX} zXrhtRI0u$9QxLVcg=-r^KoIlP?#5SS#8(8Gu-I`Isef7L1jK$`sCYb|bV~mmTuAkPtCNl|3eF2xJP0QwVR1|t6s>vIzH?`{O|tJKSbV&PrLzRUX7f7OPbZi0E(M# zTH1#gvVRk#u*r2xLL%WhabrgQLx$o(1wD*#{BAmg?Dxq07}!raE1S&r%nmv=Ik)UH z*@m|J9v60sXCjxo5U9AM250tx=ZT{u0xs^~n?Y|Gyjcc;$ncpJgk%i?vs-XT0%)Sy zXZWl9rUWa_|`WeHbsG7oUKroa?^300SuY0~=BZ*w}zJ7ZY{@1vk_>>-BH z$l5>xp;o#ZDHJ9pR}*9zHF|C_mP^9rtkUlx%@VlS(5y7?o-yR!y-QH)wuS6ewt~0f z5S5RZE4fe$x90GoiluE=9M0QFPVjkfI3OJ-q&&!0P`eXMo)X-)Bt!+mo?vI>_b55o z9Ofa$PQ=!^RCNS=^+f!ur6p6m{k+J7J% zOY>XzF+5?q-Pc6pW^d zL>p5f#g&upV&rPZg?~e0C5G5Be5H#HuBn$~@y-_A8&)pnjvXx-b<09t#sYt{DMk@2 z?Hh6GoJ-ezzK+i;qVu`o=UL?m{6`%-XO)Vd>ZLKRD63xOH$crk2wtVc8KiC}|2VOSf53c^4Dgm6g1%uf3uH^^FS7C6!4+@xl7@`ev!xK}TINZh_2C4Iqd8gh z#Sh`l-qo?E%`q1(T<*g6!nRC!FXo#V#|rsd+#1=fcfm@7?FvMEK=zG z>nz2KBJt}4aUH{ta4bC7t71(#x!OL=P7LDGw5~oZU$|9zLB$4t`2&f{ol`^h7we%l zUB$t@O|)HOBZ=+a!qyddq`ybm;rv1?-=Y#lZ(uV^u>YuP#NtTDPR#ohAufs ze5Q=)+j0(w3OqeIm5Kn^B|vf*=fM>Hpyi4E*?M)vsmD)GaAGd+x;54IWTNbgb!{ z9Gu^}tKyp-obR#A>$`&Vh4Ul8>|b{LOCD;|3KKWX{OKRWr+5^%QscI>D(cv6E#lus zMc$v>l>jHIh%V9J647PH&$#?s7q7>|iKj^uop+`wtYAEOBg1>OCQRH0Sg^&;;O|qll1scUrxG2ITt) zbbTc|eV~{>9dUy4hX;R0R2&IVt^MM?L^0~8dd9j$Ga9geW?7BfNf7!%V%crI`Br$G z{oGZx0QSHxiA&L}*oqHB5Mh;j#VUyxVUyc^c=o`=J>@5NZg^5YSF4!%;m`!gs2MX% z09iSw(UoPHatV?Y4OCUMkjqIYo)5yckSk;*y%TFTDIX-(lF!UX3D8I;5*SDrqGG38 z85s7JnkH>iM^)P08Ya_jPfc-44Dn?k!3L1mf6AMFgbn_|p#}w*eB0aju?e&EOu&d! zFf{BWj5|zV7E`aQtri0q_GGHYs;$#(>(?y|qkmY~gX=HC-iOuGPNC52Uq_I$+e=Au zvXRI|s_SS2$@G+CUxtrS2HWb0yg(J203hW8NgR-)H=4k%%)xQd0Ik?yJ%3hod-|6A z4E>wN%NW3d6I4n9(JN*ZGMo}_MCzqO(D%aVezbd5Sxv(Yi|1Y{xoPn)8CXl}|%Ivyv752@0QOM7^3E#0K8c?ndLbeu>{z zYj%m=8ZpE^ZSf$0!(l4bJ@_Wmv_ApVZW$kHSdkSF|3D)8^63ZFsBG76E6gHUvt2t6 zz?j_LG9}R0{I$!Cj6@*^A%wRxp6_#`-R9;NN0Kzn`!6DvN(?F?njG5(yt9eT|=8>Rz6N+y+m^8ENI$yCp-zN3J0_p&qYeJKqHxCW-7x3W zWDX2i=Q(u#^)>iR6!aqhSd8XP?P_1|wdA`4+Xfzr$ci2qg9=zz7O8aeG*?IuPz@*Y zi`oGE2g%Kk;h1wUcj890STMbmb0pYN;C0%F!KEM(EA)^(N&u=p?Hw%>-VcbG2*Dy$ zLsW^IN?iEsNK;QG#EAGI*k?mR#3@rui>QBaJlt482{>fZa~|cGfkIP(IP{2pG!SeK znJl0%BTxg=_cvxTpg1E~E3yJpU14CuDtm*hZ2#W$TQ`*jNUDfX7z=CtOo=pm2O1&P zS`v?Jn>fQ>J^}(>*Q2+77}1RSYvOy|1TA+PZVrr3td9QWpsh&*+eU_1-;E?b|H`ie zU2y-SyeD6a$puTY&9WIEtI3FA-`YSB?WzSMEB5drJcq%)^f$1ppNtJ3Hq0g0A$AO` zA6Vhp+VgHCv$eOu+oHo+AWk)3An)naEQUPM@3RF`{tKqUI56Q550Xi)Qs@%ja6gz$ zYhJp)b!0SwSkOokcE05u z!`cU{uP)W9AHH-kB?R{+3BNEHX!^D9_a<==$^&54b{n2{@PJ_Bp^ zWGI5KnNQm#m|oQ!8CTbiK-+jgeD{fbm-|h*lFwo4dmW-$nZ|4Gp8Z*&p>B zpmEKLY1tocejUH?-=8oTEARXo0+>sp2Yq3BT)1d>>nWk-tSH*0rVDX-7>@zf+2hPV zBHLj|s2lT0kh%}ZeZCT-Yd&Zgv-RPs z2yTm>U@{E`LeD=G3Xv1I*;}^ybV>?F^)~>eGrZH>2$6Y6EY<_3s3^RWETR+M)FXP> z$?xoPZN_vuc;{1&?}tYuvN4$~1?xYZRKyL}O+h+;2d%wpCu)E-D2*4u_5+IF4XwiM zV_6sYwK_VcE2*4aMw~av+aWAWGBlbzWoj?&^xT4sZn%R=n(_>eF_u(YM`BN1L#83& zWg7ytM<$I&q7nx+o%Z$zlq%a}dUYNII?4gKiYf^%S|;3n5CFahEP{d_9*pp4mpx+u zR}A{`0B$`RbreFu4}DmKL5Wat9I@gyC`Hutemv0kHgSFA>_MzL9euc`s4C;~RdN2! zrJH|7qf48Bpx;BBHx$s-Ki;vrK;Dzs+{VHH3hb!t8)E?brB$nO`)bTcq#hu%4e5L+ zw@r65EIpdZGq#Pu5lipZzaEJM?P*sHWat~)KZG*q{{AEM)(0T`NlX5m?I}{QdV1lU zfi!|Uf+r+BU~3#yzxb=DWx@ogV*gC1z7aZtI}vl3Vt+Bn=G}9@Ys0goEsExi|1jd= zrYb%s*zLHOAY59v()N?8FcIr<;a1aI&XMz(rz1yVN_)%;`susPWz_TBZawJTV%_tR zi#q)5PL|Hm%(+O0KM-m1@NE}C?VGjP28@m-Tp6BbD_7)`(8l@sLu|6GJ*@A7`%Nf0b*WltKC{spV$-^P?jV+zNzhbh=J$!#0>d2N8#Uhkx2< znYpFr)XP;sChNn*g-%vDcyngv;_(Aew@}dAO8toS**}WQ^~JAYa&HlSIBtt$x1+X< z!dltogKcq+>jh7I8>kFG+MKAE2g5Kd;Wo*zXSqlGe3IY=A5DCkN!e!{reiJRbmtQ@ zzJ@sn0b}Rp4j>Nsd<_orj7thTCQAiH5Z;ngA+n%-{T{S)gtVJRJh8pztC-#RHNtH- zZKbveQ!$8gl*C?>XnPsBk7(ctv6`gR@yj>#Ju^VKOza+l!JLJDR+NoX*r5>ME6}kH zw4{?%VrnpTRg0*t7v&1O$le93T7#dse=J7o$~Hj_c(>qwXnEDH|8sR8yHy@YIuE}% zBm0XpvPUe-Gnw)p`vKDtgQHXKbWvD3`x=d~6J;b41r}K-R0Bl8qu`5p9Hq4Dd`q`U z`U%$>J+sGr8>VObE3i2B8@zx*k-mL(kyG-_-_|zoogyN%N3~+KMS=}%A0=VfX|5lb zo%jx~)p{}1HYP+5U}hwUjc0j;;Ah75B<)brX3g$VoWr`WTVX=KAvqN1gq0SAxp6IR z^b)j#DPkH`7jBsM?e_Jh*{9jL@Ns@zef_uPmUng*7vrB=amfAu8#iG2Kj9evnKO`Z zFn4mac5sz6F>`fv_WB>N_>k&^ETkxEbzBywiYRDE$w`psp!19@Be1TZuHbm=!aTQb zIy7?)S6F(K+w%tU{nxI8rf3MtgK7Ssth1uZ)8nCij6jSFC@a(-X6(Z>`kT_!78LHs z^PL+%SH^TUS560MFJbgO&8{Jt`NEQHha3SbK(h zMN65R_dHvXx-!J%-F443x>Xzxk-^Y&ONR3DO@JDH7fT*ditk-BeW_*aZ>#;z$qu$XiemPW(L%$o!Z~;y zBKMN+Mh4oOX}C~`daq!#LnJ&}1kl`{s3jrHqR~L5IVS8ByOtK+&jPHo8rzA!8^fXn!f;2Ei`gQUisesgNt34D)eKVh zD?6*w#b;jXVPnRy_(8GY%1}ZTEvT%g^KARPsroU zj6h(mx}fL%#`=Yos|gQgbZCfZDMh2;rkFfyYv)Xks@pkk)pW0U-+?|9VJ9UXBv$ZT zR~I?lt{87+ikUisWLmkCUOOH7wuL?H`g%~faTJ_z+5C3X?46UAfYs2Vo0&VU?Dr{m zDN=m3%HOiBnYn?HuRh?m`wHA_knGT5iIl)@3|7{SM|B+U!#HMs-B5%ZL&$$b6ILlF zhcuq~X%P%MrDzH3LM(-Q0-WEDI&H3ieP5f&uD-w11;XZT>nf%jpI8d|Ni<^is()AQ z_I%2hOr;<+S?d_4ugeFHIAQ2Q8`%PC|{ZQj>kA4ltJ)mM%D{#*D7huIM=k7IF zE|{bI%v$Rm3U0_5gjbm*O*&r@&MXz^(W zOCFjiqzFFVG1W_xE~>2fNNt(7?{;2zTqC-!e-6J64^7laPl~YL8^Z4fi~P#vI1@9t z%}{-p#i**&Wqqz}BU-B;jVt?gcjsSmS8bRn+o^clJt@wx3?EK?kumMR)w7gjy{R!e zJ;H~fwd)rws{2=+#^&Qmb~}mrDV3Vhj&!Fba*8n#>iqY8Uf6ZGNJ6_KVD_p>te#Kf zU|nH#byUCqM`;B@cu6WvMCqS>Y7B6@G9y=AgE54&3$nIfU*R%g8sjr!v*I-W-T+ly zGz!!4a|7IiW-SvHe>!I>6rm+>TwLKh$4%%m^V|hlD43eV`1uFO0tB#OUvVn8B&#MO zs+3EBtwQ^S?|6n`fy*!F6sc$P>ctFPB=d8nc796~*n;3l4=mEv9v!!7} z`_%wZc0(9z2tX;$RxK@qy%A7mE~OT&0kp#r|FWV43Y($XnW#PsCTG+em^j($+a2Z> zY>7efuw_rGT2^KS6vXu@% zwZLCvqPNPHZGv@d1>@a+Lji|)waSUNhA}gH_usmWLDA1i#vNOMFRtAYTr2-0L))X={lHc@oHa)dd9?TBYP%@ss6PIiUtN)xyJX3B+$qBD^ zZSpnZyhZIEo~SQ@W#(xNIP9*qDI(?qfEktNt%}pRaG%4kEr@sEC|j2ux7DJ;oW8yK zM)Bo0EXCQuN?n=~4x>SCQOAL_8=Nf*NpIMs(^&BqvY`hWX^riNY$UF-sfjgoY^`jR zshpL`h%rQh1WiCtd5a3!OSRADlvCo?D+YZrTme393;EKE?dk^beKJc)!l~7hYfFG{ zm44P02)9JxS9dQ{OwrjZEDjEa%NGNb0%jl`0V#<&NP@L)_BUmO)5che6ciI*rAPK1 zoXJx);pE~f=0Ox4V%16flM8q$)98MC0F~-u@BOJ+M%mE--Me)C7eG>^ltW1vEydDN z8Aq3m0ryII-4!DXg#~08wJnE-N3|5*B`FK}8@9~ic+O60;8r^O^5}-ckY!(E=o}|_ zs9inX#1)5gL=bc6A0dX*&}Dc5T61x^%P6`Vg5N7k*@WI%WnPiDgeo9<2k*HHD7+hQ zN8!@TrjK<<#Fo9%RHMjg)!~l@+Y$IGg7J=m5io3&v%$D&F2Uo}5afX-r-o|a_;=6k zJw2!=>zUv)o5C?XgHXAp$``*huKKcSG0NQoziI-XfUqA(o3EFrwk*DQ${u?#BeL@I z6A8l+#8d{`UrJmH)HX1P8fuc~f6!+Q$&2pCd`0Or+s&um9OCKf`^!zGHVwMayNuUctItxaM69)9gS6BaIG3B^9b%001PK*6Uiaq;- zh_K(;;@W3L<2#`Vc{NaeF3Y}9y>7$938_N%3!*qVj*OEs!>>tZS_H_(Y~@0V(L<;9 zGs{@sRC`*8qyFr{maj^Sj5Wl?aQtW5klAZoejIu;IQRBLf z62f6udlUDBu$y<;-wcb==@j1Y>3d7Wk(CYwrIx?YBW-|(Kh&6$UhL{m5^X#!H<6f? z?0ecZv=|Y7CXz)f=#b--H}BvVvWf`O8z~DK(K~c?C_y|r1If~}=1F56k~5LXS-EuP zsPUBps12)F(=r?MHCY3~AKbmOQ%1u2iCKRR-!u6Rml606ZMwh{2CwPZ6f1Ghk`8*cJnuyg(oAC*w*SmAf=K3}uOAI-e zYKPmgmMS1IK>F-r!VVReVos8me#Mr#{z@DqsOKNhvra2Y6OkIdEU;Y|Dd6Rm4Bp-o z`mH$Y?0)bmQ&ZuMeWyHi6_l`rdA(^YrAa?iq@W=LTiZhJUG2gxSg!!ig`VtUo*J`* zE4`gQi6?&Vs`K~npvSt9Z&>Yu#>9Givd|`j=jl!7>@W4OQomJYFoKibQ&U!~wj%u$ z8GxcjKsN#17Lu{!QcGBilgts!fPHXg=J@HrF*rJdZCr$DkfM*9$Z^X{p)!v}dlY{J z_lBv2Y1)pg1C5$zF8hA@2XPUX_a;qNCgdWl!)U~OR`@|=;c#-)S8Q>m$YQ>Bcn7p_ z@rT8MhdCZbu0O9EXgXdhcpS}#^IgEEmAj#M6o5b-c<28JA1shv9sW~dzVE_yym&_0 z8mT=5e(FbHFq>Ejyk_pXnaFjvMs-=8-lAo~{5DVJ7**#V!F?ML9)8DS-Ke9M1D}8o zMsZ3)Y4U+T+9@@4_^stN8Qz<#{YnpXDzB>K^;lBI&>1U`uj@+?F)T)s)?8=0Z#cm( z7+{$kjJaxaoW*MK_jT`~S}pc_c|DV8?*!vOci7*KC_}a%Q{dCr6mtEE>H!rjGlxVU z3NH^CVEJ|tukpOqWO6#Sau)LsAD^W$XydFp5zX|6GIZFXtv?q#rYvYWnsQn3#w&kOi1FQ)X@T8)T_a=j?rk~Vsd1v~K!i<`S~uGcH<{XHT5 z?bPD0na6(6QRb`EJu|tnPZ2b`e1pBQQ=lP&$nbKF8^y1-lc!L_#hf%?T!Cdn^9F~s zca!G1k|``&Mph|w7T|tTC&2C?alH_x$-3HKUs5ZsiFjAk1V!;H2gjE%%HMn(&Z|M( z(7b_p=BEV2mpb^@WXi}PTz6OXwjtYLn*cTIxfmILQHRLmy>8I7ark=@XR}fk`@sq@ zU^?-i`(PV=TN+8Y!$fW`AzLxjenG_}jThjedF3bOS zQVT^S8-ho9b%!~!x3lvI$_b51@9j7u@2G>s6r?-+BH#q`>up z<%D62t+Fm{MBaTj%h>S7#UbvO7^y31cC|jGikO@I6`!tgJ`!~%X2l!Indy^`LG#k^ ziMpPpADJa~qFh}@)Su@1IpTzsDS<-1+_-6|;|8lGEDsj}5|9T45N}3z!44F2V$N%7 zPi<-1*fJH?lIBRXJ!Zr(uwmK%664RR%PiNcgUfyQLAd>~8pf@zxKvxld35DeQG2GnTH5#9Y#=rvWPE(j7e>F zOUpjX^=XFo#VC<>9!#gb*CO2)2h&!VIY*E8h>u?pL0I3YvATlVf}B*MDqyNeObl9I zDE|#e@^&L`u=h|W!h@vM2X)^8$L^Bt&(%R9;UgglWf=N z)&$}5aov#d%{}6ZZ2xQv%5f0qbm(XF6-N+^%Nb`AsZBG`tzMICqMZH^wFFtu5 zaCXY3nNK5gtG7BO?~al;@2(?DUsF@DF8$m!= z=t>Cf$$?dzkvCi@K^gY(Q9DHuz;kdzEZ6-HULoDt3)lvCBy)^vjU($SM1?a3DhdZ%Ey?_Ubs{F-$USGGmf6`*1J zGpXG9K=9%goj5Ye_=}02L4X|csj$0c)NQ*+?0ZwSG_T{?GONeLaX-p$CU=x*EZ=%Q z#(Sa_lkY`;CelD<AV7E3@qN=l{0)0&|Hnu>r~@$t zKq)ALZ=PFiS;xEW97qQHp75Z^HkoG`{R9DdLAAL1a}k8~ZG|NRDqyGu#HsqpBzEM{ z2H#_8dn2VeDSV3^a3pAGN&k-U(%sk5ImPOitT3o|@UE59yCeO0-8n$eIkQpnOl^3$ zcK!^bw0$^jz0DZ!aX;<_N(8EsHcEV4DO2J^#kUgmz9FYQewSvXON>NZ*na0w>+}D1 znd^+RaEJ6Ox#O_$;RRzedg8e4snSQ6amXRV=cm3i=N!^A`L=0L^hUVao!1Kl{7-lE zTA_B`bbTG>+QLm?G$nmrx^88@EprtHw|}-)^!-}H%0uGzbnvDe^sB@-?Q3!wZ~804 zf!zi52JXa9jt4mQX9Ir-doi+A{LA zCl?W5oZOATS$O!3O^vIHx1P_y+{1Np!#muaW&@`x(5}Hv4kw=2WKhVN^cR%+v17mG8XXdUvgv> z;DM!?wi?t|h!^eVC_LoT)Q_%{l7h>+(G-7OpE^SCI^5!0sLArck{GkXeaiC6S5(Hd zd4KH0O6f}Aw)Rozp)Qw93y=j}8tAMDN!SGc&`&dH0p*}al>-)FU83JZj4A`g zzVtcv30eapJ@j$y)JjRgiWw!!u9zz&$y@j#oE!7hk5wsE%on5uO$M4~;F@N(B|C2K zoMq}>R>_&l4ftabH7Qe?6=f^Mt|QF%LMIB`mdP=g3$|mg7dpN7~ z+l_p38OM-+-=A5g#(zTDI0}X^TQiGA|DK0Dch4~ueRj^fY)5Lkc549Ub}~3l9k$^s zbLnXY@y&**)h6+JvE+XOA$$n7y?9$EQ`&RUkHpsfxqk@oA}xwd@+Ua#;R%k>IU2wa z$nUrhGC2^g6i+SO!}lrlcvGMfuj1P$&OFg>Oscq_k{jMIHeU#f%}c!@nfQlphoiMK zw+ngR{*Vh{&}P2om7Ec{+B8d^zozohYg068RBN%jOmuBRGrK8Gl#XPY247NEHW%$F zI@?=xZJ_KTiMp^u8O@;vS%*&7ef|Az7Uf2fTB6y0L&7&e50VOi+l;uw{7EjGfM%CZ zVY8ZtJf`+e4tbT0aKwr^^j**V+-N{6Y8LDQ{KX4$uUN?0AjD_eVYg(aT;z#onFf`G zjc17wJ`_NCRAA?RGsrG&BaQ05X=+JvFTE}<{5xHoBk6sCoByGrAB$@ilA_Y#FqK}p zF7qU!QE(%YuU7dTF9M8_#6plpp`8hTqm~kolFgb3Z$p0kncT?2DB+PWtWl>-kdiiX z7|e72kS@;SLZN43*fI5qe`h{1?IZEdX9jgyAW7ycWt6*=rvu@5OZD~ke4LNXPq^!_ zP{K3K@fz?cFZ-wJ^mz2(DvJ`uP)p@U41RJe9sn;q?AE`O!DP(!=_KhRAM*y9 zPubz}InvglB@jf%qHG3_Tue<`qUt%B^h8Dx9EP}5vPt$Y7w#?pzEMsl7cmR&-2IQK zEKp&l2@&YtR_2Rp<#12_+zc2czp{f`152r&xP-Vlsf%V>^{jmM3{r^yz6U*`?py{w zGb7eKbR)9ZHQvWq`LlsFf#rtyyYj=m4@rl2h(y)u>JzGS)@wVj<_aM`t2kBTPm;VH zqDtD*Rd}VwutoI%Y1PEU26{F8vuOLAn$M8s{i}uUBaf|(e~82eY;I}p9JTN^8Qp9G zpTx;@(`Z=)*X*0M1AVX=wAly2f2M8^?ynrykHsSl_P^OY|1-PmKU4Sr`Cb2w-8HQP z?XJB1#DBVz=F!xJ1a(*mjC?j!f< zme=mx!F^dCxc~V^w=EK(%N*Qq5J;g})*hFhD{4I%6W99*)~^Rou+e4#nS5V}Kxy1g zbw~;!29=5eKKT^hSxilxvnrP$gavSXM(5vb`H;ng#o(9JO+GC>56fRy4%@|Gz zs1*1Y+C}Zx(p$O%e;!{TTnengh+tq2psD(&((=_I|7@*S?u#6gw6;9qL%SJap-^Pz zAV(K2{rdA!DOp^sz2Om~!=Smcjr&B>MG_-?qW9pIJ}$kV1T#l{E#_+;Yd%B_eq|R9 zRzOGx0D_lVRgnHJ_sAo|YgMfOvSpg~KNqkpTQ1-98E7s_cB({RM*f9Lsrmf5RnmkK zb;FWw(q~s^ZZ9F%rjN5eP#wBuP|`AM#(aoRy+Zg8FnV86I1UqN zIBSOS4NDhi{{zI&NTF_zq2dtC9==B$ucP;0SYHCiG@__pA~EX2SBr8q;B96oX`5%r z{&G<`(BjWJQANhj!4Pf>Pd2n{woF~CS?vD(uO_=hhK<%cP*utA-Z-|N}+!P}EqNO{z|3a{l>yni;ki_f#NWZ>+M zuMKZaPeW{hv?aQVcSJCgeZ25vO`FeLJEYu37L#!WtbAYR!1BECL!^+Pb(<&uyujXgchvX6aS926kIz>Ow+8h`h$=d?ja&@NQM$6qm@s$D0z3+fR@F!-A8pf(? zJ}@1xx{~LOcp(`)>r;T`!nI>BN*C_)AVd3y9yR5a_fV=1zA^Ya z`hZCerF69NcU$H|Auxjj3yFkM`fwV&JGgI@{?hw}(AVe1hCbe*hG!UH6bOlCsS2WN z#MCBUh>j2jmVGJH^^$<3Mm!Om^Vd7VW+Ifb#hxjz3Zd(Zi+IwY2zIsFjY9v$Y;()R$Lk>HZ+iH|vvz7B%NgmsK{=KGO>p9>*FAY5=u2@4namV6IXQ`K6>Mlv~11T()yJTNcM zV#gz3L0GN+q3>7Y=_G#`Ic7!Y`q1HAjS~1{O4Kx@1yoe8(2~J&j$s=SIF77g8fbg* zQQq6&eQ4=u!ex>2t|4|qAPfnb&f(#Sdm24)T1tkC0}S_|;aq0yLBxvnvmnFv?eWC1 zI1)YNY@+&1y(bP}&N(u9)UuI0qAhqv8lcKrm`4y$&&oY*-LaVArjFE8`kM&VZ>lu+ z4h`Z493V^|LAw{Cy|+1lw!FCantzOvI@L2_5R$lc~Halr2&69qPiqYcBeu%xVBr{ zC=W(BAx<33ZInY}+)8=_ZH}BlPa9&eN@LQQKsSfIL1+6w7SLi{4j0N2zr~VqQzSBX z;G^JZ5hze$eOy+oDbs|*1I%#L2Q-8&%cqSL+194Y9huTv8_H9$+R-L|E4RRtRw|)} zS4ItRN1NTFF^F??8`-Uy0GZzB8tuXGu>W)`EGsWTfM)OR%;7DaJI39=E@8JB_|m%C z4W^)_79?wQvPg{2R?vH4~H5?JcVmer* z+NA21LpNWv=jwNR(f)D3d$Z6EJH>5J!1R6(9x$x0o{~mFJTwJm=%YJ1SX#KCZjv>o zMc{-#7s2#E`zzPKpc`|)NiUJfY4H~^_0#^5*R^WzK6(;+( zDWr^g=linOQl2ZM85`g{+OXVdX1jtQB=;Fgh&Y0^(GK_BDIfc=x)%F7-TT8qjjNbC zF`i>zu-qAf>?B!g>8Zz8?|mmg53tCc>!2N$`ucTz^2Odl{sh1Fcfhw+?1u5P-3fX_ z71W)(98ePi={_-p^P?Xiw5m&B!+`J?=3)I4rZYZCoeyHJpEYmNqEw+qQ2B( zDK>~Z_uZVmTd&JE>uyKP>JEpiOCf1BwP<*I9hWl@XmgxNt3EX8VSx zX6oR*k@Xr^I0qXHR4KYdqh^neOhEPecQv!nU5goOQMs5JS)jWu_pDyM7C(&?+wX0V zdk+D!qwE72GD~YUbfWA%v33npU;gsD34G&0od4LSbKw_A`%*Lr||UZP?vNrF8o0solX9W(yyDb(pVp^_9@kXz6r1Gm;# zc;(FqgFS(dd@PXO9zWbC1%-$YF}14pq|^%BGS^oW(4U(8YaIHssBgAAt(|JwgPdy= zcKrTZ7aq$!CZ1Tv{O%A%kRXBZD83d!4h}BUh;1Z-&Z(f?y>?}wfKVi%#D0~Jm3K2p zs|lYcDUctm9$Mu~g-^mfG_S?xG$s#mBHaES3w1;xz;$sKs*Ff`z=n%iOP|^XCz&x$ z1+mOCIN;DZ!FpdHkXo917>QSuL9(#uXiL5>98vc7mbc`R7xNQeDkbW2!5_4LaPxX_ zj7bn)u1FZ4chb|PrY8bRs{+DsC_#fXq6*#1ZcAEe+9Q5r^U$Fj3UDR!Nk-uZW{#^o z(zLv>DZK$UwoF3NOT(1H(HKTZF}=uxIOs?afHrRn{uQ7CYJZFqDtCHkRLXW=QNvSIbgWfj#rxd+k%&@t z>u|CwnZzQ4@Z_?o4UzhjKHs4WpH!mMs3wU{L(JTwD~>u;nK(Qx!NS<&i?jpSpY5EM zX609`U#ee>86zN&QB4C#z8GeRWHSfg9%R&h4pEY+rx!Cv*uwGZ=vHtIY*#s$uNUDI zI2I0g>-;p7#Zi`^jbIVx?wi@YF}4ws3RdBd?(6={4{U$Sg@u4GT5<*Jh#YN+y7+AW zbUp=+H1;E%M#ZcY+B<_gfv^1vW~1rb|0h|tCXF5ysfKovl6sPxdy1wth60K>%reA|+7b4w#aOEAtlFzF_p+8gqto!g^= zMC{*H{)O$zzL(*P-&B}v|EN%4s$LiFXoKhH8WLioEk`6KUGcanCoA@WL242W+I^v0 zR?hbj68BnE#{hmj(p_0Yso~qSb3+pRs{>g$Sk{uwiwoCZq6F8jPTolpeAJk!OQleA zj7|&L@lFljhb>v7mTxGOqOE54DLB1cwjtenr)RUOf5%p*5SOV-Z_{6Ra9P#HNPmiG{ku&OPm+Xwy}GcQ%3WpA?gxX*ZGe_%0=rZp5A%L(m=vTl(t+Kv$F$uRsy$VVW#I!K9dG?`#5XMSQE|*eoTLm0p?#x2BB!&Vudod8Wg@Ae z)1aCMM)wi)e5^yeLuOEiot?pUwFl~GW;XS)B(A)_bO{>Yp-i-R*Ss+Hw}s1IiFJKs z9V2^3ceBc)>Zr)h<$p&l^*c2#U>P|?)eZ5l)A$MB)M}}YOt|^~O)vf4mEO||hTkTh zlPO!>50Gi&AnsWmRuBfDjvC?lo+`2hX+5T50}ZXqLXx6cbp)?@HwHm81ueIze2F>P z4UmKol`Mq^{k(zyT1>8qv|0Uq1#0IY#tU6qH{A-5SIDo7R5Lnbvm^E@-i*h$ApDCE zjAr^csQB#x|AiA8J?FP@jtEVf8l!WP%zMz{k*L)?ksEqt5yXbB&S{95*;G)AohC-AN*`NPN)Qv+QKu5P1C$+L}X6<6LgD5+QPXrsrjl)7yp)tbWTX5FLE={ z->cN#FR>nH7>$9Yiq+uavwm?7OoBohHxOZtFo z6e`84Q9q2=wjLvMtoUPQ+KEpmBU&YX^h-E*SXduS9i{v+Oe@D`%qd-4l9JDplXRA~ znBg-TbM}(*4UwOQ-8kfLmi1aQeVLCrVW_fcGuQYm#4;U0C|0gHf( zGzIok_r?{n>EI>P=?+U_PZqYJRO9eO323YkMcN*{Ifl}+yFP8#ycVyJ_>!{YK7i=X z8Ca>nGJnB@RCRPQ-WU^Zmmu7O$88C5N$FrJNqmjPr-h)CR4;q`RT0&NbKmPn9#IE> zb!oC%d_`*fak?@pfOV9@;5udt=F`?xQ0^+EY-5b;T?Q%W!Wcb&;EF0K_hvzt&yUg` ziV5wCNE`4JBj7q7EUh2}D-AqCjNwn5f@s5iK(O6wOe0q6H{k2ojDHb9IMq0XP!c>{ zk^QpIc=EL#gZ!i0d*-PyY2PTpS3M~X_g4NXv3adV6C9^$(AcWCEI6)2J%FpGfyZz( zQX@a_FZm;Q^}L62HP$H^H9c8exA(lR4x36J4=zQpxsB43E2qm?4%byDqM)-fPSCNq zEh{eH&kXl;0O@J5x4bU{^EnX6)oimHl|2yMi})}c&fuL))}JU8i!$9-xpviv+ay%N z?YWeSFjOoYrko&GYWoT=qk#98OUeZ{FeGch`XpmkwXra7dPGsqPb&Yw%gTA~lE3d5 zDGb1#405|KuzN2gC$PAojgwYH{>D~u)8&+L{%PJ(>q&JUtW zWTgovCDl~;WTKJgx>FX;LmC#;3ck)JksjN)evJp>=B$2#HAn11#b`7 zp_u2^DE?jC{%`Xq-F~e71`l50mZcJ=)KdC)pP)Fgaez!z-cW5_v;Cu}PKq)6 zdF!{Ska&Ya*7%~Oa-aH#UjE87aP{kLk3yQhb?7dat1-l|+CMw)tCKqumvR&XV>Mk` zrQ3eZI;y`B_`qu+ z#gcE5g>8UA-D}#3kOK}D-%|9q~+QNtKyRNs2p4JN?Q-dX?26lgJdT^pq6gr*4TVa`pY_ zS0;4t=9GfOk?azulV#^GZ-GUV6pXoa5jwwWIA`kQGbf8B-X=jMY=)Z(OFt%_sv<6& z4pvHhSIsL*uEe>&!Gl(pvZyXY*O+c3OXsPox9@)UmbUCN^Y11A*)XKgwj>S_-Iw&r z#GgR;zfrfBcK&se#a4s`5;&n)!^gUKvJ-!Zr z>z{bs@bnpBN+fsUOyq5w->~4)Tv!jaG)0w`_!nn90_j;-QPR8fvhU?{3ZJ~NsZzQM@%}r@-+$GVlEZ*$A4&0v+1(tuABUh{(kNk({p{t$Xsrm z`IxOU4+iOTK1+GuMCOKqT-8{rI_U1i@S6TwyAV+Ow7;T!<6vOFAhn5I!86OT>qh71 z2y7|!=Qd!~wb?cnC4Lz8Rquh^^=I~;IHK%3>f#U>KZ5jq zrUe)5>=2ev+BBi-_Y2MF*`mleiRxoR=MpyL6P*mcYpyU$d3;Fj;_Jf$;FR$z9JG$! zdJ}b&TyJZwWGvm#i8c6z;yN#|sL_RzX1E8LPyB`|E2~Q%O*3>njgSAex+tOsMApYHfY&%&fr?w`BS9cv+a3;_Sl)9TY z?j;$C+)YXKBoswh*8inATpzDDhOe$jz3S4~to$c@)}gN>;v+ooIVkAiFKn&1iL_ZJ zbVW~Z-pZ+knPw)M3KE^)O|nlCz*&}}rqMfbMi0-nl=5*3v6lGWrX!3$`WK4Q6g=o@ z%gUyp*Vm<$lCCd5QP#EeO1*93u7u<3MeD$3Ui+T5@e*3^?zUod@H0g}T zMVgPLkq}FJQ-1S43X%zald~ZHOvFM9rO8J{rKA{2DQ6=N2|`2G%bYR#$H=q^gAfv) zuh5Zg9CSFz4Oi+61dBQ(?oByaswJi=K0S#;;%KokzUH7m32s&DOwC4*J+vxw?f$9% za^q;hmB1S~8pP!)k-atzgaVk|hH|uMjnl176K|3Z$@;>d2W)KYebQ3RI>+L`{$9N) zUMrC*Ty5z@mOX2yjv1(i8|(uG0rCt?bBirMI^In@wEMDv_&RC2_?*TSz4*Yt{A0@d zqV+1MCNC$?HKr?pLB;}cik1F5ttU}JvuP_}en=8O(h z@rs+;gUjf{aAwlk|Af}Q*ix2n_D+BHhz2J;>kbpjQ#*F6499WS1k3`ZINCA?Da07A zjtg^1wt8WPlH7TO+V>qwC8pr=QM`OjexbVXayHW;Lm9XR!F@A5u_k7l@TJ8;l*P4-w3RVWja0-+99J>fEBj+P{Nj6Jt@{iNGeRGB zMupLH-x|i480CazKoWB6pfNQP%1saxXQtYu#DnF>e)Dzw)$(({#dLgDQu4lxWhiG` zkQDj}dkg;24D0ZMx&8d9YGyKxKB+deg*|$7SQQauZNR!c-O=EaJPTIT(H7^ca>UTu*+z{`NER29WRQHy0};heu8j)W8)z zFX#=)8#^bwh=#CGZWo|M=V4n!b2E~)4gv<@rB4*+3q5eXH#KG%dYo`yTp8I0^1Y*L zmpB8|E_|PBi&Fpgcf;HBxbCQ~0+juSKqtXeGTqQYqF2a0)qr|O2{&gz1@-k0J*ve; zp*knZ9!PO|0AF2Ys9MG0^jBm{r^Mb1lGO`})yrn}6ZywGJaW?YueV0;VU!#&fB?JO z*ls3u;G=|~x+wiNY>RP}OUSvL(Cqcz_!f9Uw5fVt#ykiva^^lU{l9Q2wPL4xOL|@L zVbgXChAlB0JBGqdH^Sz=?N0}O#3R8K8maYACkczqK~4#c^J4k*b-1|JJ~?n&3rimg zt1@0x&R`oL#KbLp;tIC;XnrC42TJ2UIsIQ({uXyi>7e{Uzt*6S?>GVm=+{8x`iAd{ zQ6}MVl#o0pcE{BuHYfC}y=A_1BkmNn1kxscU~8nX6xNA$6K&@7Cwo$&#`S*tv$xJj15$k>mB$ z_kS%!oVq@nK4CS2Y#a}r0jBWhb&`$*ZOn9#2V^gj+=~wpbbsV3s_vRUWstwCb1W=` zKbKug$zt8JEZ(yH52NbOC$tS`2vK#7GV~1A;F`t|{AActW(Xg$Xu;o*xrZuR@oWz= ztOIr%{(S8;t^>kW4Y04o=qn=aPR@2n>vll=~m;n(atE)5l<~V`ehJ-ZO4fO#Dxjmb{{WkykNi9wFe98D^(Cs#8`I-e>c%RZS=!UW0zhM7 zHSp&{E9zo@Bxo@GX4SM*Gxivwog^_`$7iBBKyD)bIY=Z|$1WPJRhYXnB@VF!i$)?# zMbYTCt4!EPMD>yDvjuw)DRJ!$QA(r{&f;XTLg~i@*rmk~W#oVTpbj}emGZ&71~iJ< zXc`cg=CE+={qfx9)ve<#ngvT0@QGZIiji6@FUXGiMOdFQGh^{-8@?nBn&w7tyz1Rz7cW`nhlksX=1geP&^n^onZlUl`lCI&BBegDK8~@Bzr|n?2m?9P zEFyKBlk;Ew5KGMbCR!NisQtA_jKQ zX=nsRj@cTJ`F^U*rHkf_QRREDo7lj+dzVRrMIW8eg^)x!|7`5C4Y{>FBSj?t=)^g8 z;=6WYvv_8YXfys!f@sA9@qSN=^)<-KYnFx(GiP&k=%l0)5tMiCw zN7D?k{EgsLr^nc*R)|e8WUa+;X&18|X*m$8RxRC;))-K#m-m%xp!zO;Uxz>K zJA7!jCWF(JiIit#&4M@iSLb(s}!#v?ub=x zp@|~l#5J=7$dpAA078Pmpw{RUBBSvvNJKAEICo(dLrt@g4P-4Op=aZbeZT?0QpK{W zr5jD#I9(O=C`)}YsGxCx7mPBE6$eM&opU5#-1#HqQI$CaMttlF?{OpTYGSdyQ5v6f zTwujFy#{JS>>kOvg6|G$h#S<$>NO`K!gnG9N(To;Hm?GJG(2GFG9K6knt6sr3^PHO zqvCyr;&;^Ng%*Wdb^6=={O@z63nb-xe2`$C4Q;U1jF{JBTmYUX@z*R@!!E(DF`^n1 zzV^Zx+gnS~m=7-{)9xDSimI@>R8;Y2SrX|E@M@*ExSDsSzzIAK^nZy*F2bjg&b@iz z`XC&!V;EuB<0m-?N)N>xv9t1#*pqhjfXogt9I-J6G`rHbM#zu`r1pinreq7r2gfxL z=|njbqO2(#6Rt(*6%)Yf)UD?|ExXNYy@X>@E1z1kf6L9q_A}zGo~z&U9!2RYKcYiX zQ~xWiaM3ds)dzqp`Ku-NYs(aFiPby6PyHZp*mNQJy6|TParI$$pw#xK z?csL}%b3dir7nd>PJsxDt$fA_HRP;~fH&34oz=k=WZShbM+MPB5-(f6aGa3X;6!8K z1`U?K>9zB2LN2{%0}um?4@vD?17?*qxvnT_o{ko;?8R{faJoQdSyR;U$rX9VW`Fm# zI_3IvO8oBO5f`s}CbTY~>f7{aDekWlRgIU%tUlt&l3F1~@uKYt3i!CmCS4@IX|g`x z%S7<@=SeJrP8=)ZM2N35a$7xc0R#i<%Czp0T&0bOP~IhhYD{3a?jZ~V9-9|VEG)Qr zrlXH7`1xA#6uWDEUe#g0qFaigL+`G2R<3pEUW+}lu--Y%+9;4;23v(uZdkT&lv+2Z z6=yU(bjlt&WK*tO8P&^H8wlL&!cenoo7P$`y!Q7SqfNbYMGT+2asB3_A-lPNhw9o>iHkm|Tl}+rQAYId%17-UbIf0Q zBY8G2Xy`Wfc zL7E+aBK3upAICw{XF}2Ahq}B{TKDDkfwzO&4&~V6@*yA|&^s2$^=-bAdi%@uV4x9m;w`X5GiV@_a%2#oQ`H2`eA^bUXt41`@2F|1{f@F-)FP zUVGq&g=-@6d7{ns1VB1HY8(-)aC(`oZb^N*Y1o%5rcr3B`3FaRuX${gsKZBmg zA+V zsDx+j_{;>ou(Otm16!hV75FC;n`G^biEle{OKDv4YjnN_O72levWZaNi3m8ZDTJ7o z1E{-NG3u^dJ*(Dp?ZxZvpE5%C2UqK0IBjb`W00Gc^E#a9Ebc-DKHc4VVE>$>p@I6AHw zb{DQ~vT;KOs*J`kF{c&_@Q((dGeMSGn=TU2J}N@Yw4Sv^EZYEPZz&t+Y=>C4*s)4n z3jLmL@dS7gAd}>`<>KQGdY@H68rC=riZ5)8r9~}hB&Mpz9`%#{LC~Uk_`>LZ;s(r{ z#fRo4F@FUbzA_l#`+|eNvZ5XG>qCDf9lYA*;~*+kzR?}0@AkVGqy13(+!5mXrQ88K zWIpbB2kmje{tUsvx1uQI(2&m<^Z>%GbTJsF+#WgfagI3S*7%-D5g5?}-iAQpNB^^^ zOA-Dqfxn|QhCn-HU9ag_;nRkUH>kpQ@R3{J#Ii#S!;DNKaF|BJP)q?m6j2F<>d`32 zhRy1tZlJ_UOX0K%3?mVbqOI-H((?K){Gu`zjLCcEU>uaU@f*Kw(Aq_jPk>< zK%81wY-j^EKHM`>W#gNMpUC&Q&=&*3JYZsVS6iUP4M@qI zvZvdb6-Mo1`;kH^v*-Md6vpO;!*BPel$O}Wj#Odpb1=>W4bUnm);Oo+wxG0H1a95NWFn&G(i^Fu1S4m>0N>JAWvEoh&T>H zx}lc??>)+cQD`cx;Q%h36oyb7O{kW#aLo&NDT3J`h%!LNumEp=HJ~=9FsCwba=JB~ z%}PmnI^XN$R|4ckGr)!#z6Vn|V?7&1Q7`sR{4CJ1enUZ=NCiBHVqu96(@cx#L^rWm zP#R&j9_R=FB7yT423BY$hPENX5oL^8$y%92z{9_MV%{BB5G)07X$S~{%2?n6%K9yD zh&LdJHL8H!?`PLAUO?Qsa}c=jYx=6bIod>ulUdaMpzyS@T9xiVF<9r|!L%V}5vBLA)e<>C-0qh7T?_<^=MwYPn%I&?}Qz!u5Z z9HnYcLIL_?*wS4TY)_^EV+U0Q?0FgNnHB7=C7o<$5TIDRDB*<>>8UN-q(!uXn$E7s z)(z|y`FQW~&PU01pk;{aOV0+2h8eDF7mNpwB&1?Ug2tkomRdDU%>0Azv}{uG{)486rq#?D zY=65CaL7v)?^fw++R%pC_-mhP{#=P^r-q-)a?(qE<#CieHQV9;~8*#QDYxKuw;AtJ?@ zC278-S@|F|{g(_)lsa%sw8MH1pZOjAnbEW_OZQ~O*9s+=+veY`i)h$NFSGI@Jn6Sn z^5bHpeHl5+-Q*qG=VSA~Z$h#t!`WSlzx)%9(l)6m4(zT+_wc>B-mpM6j;igpq|y(W`kCWfTc5519|@%)Pf<#?(aXg^0=cR;zvQ^_enbey$n$8 zkS_Pa@Tl~?;Kyk^eIUEw-LR24(u|@nZ>HruwW@imr1ofil8iQ~0Vp3mp|~{)zc=U* zPO;JlX_^l@{}sA$AC({Q&1WtSZW_fEPbC_znPxQO{q5f@AP5VeUKrmqg4-a`X$vag zh{^%U*h(!x8s2F)L($P*^pfcO#qk3)nf zj%0{|QR@?jA_9|1t}9sdfW2M1E7~k#b)I3TPxGFfEwatN$Q_aa)oKuo4bxB9;b)sh z;Zy4<(ry^UL4+1#^mi-eOo9+t30jOIYT5)T2u@kMWXBNQ0^LnK{(Zc(s{B3l->_q} z19W-Kx6+g(rHTnYw_K4mnC51RAbw*VX~eSrO4DA2Ox|&V zWN<=-RB%GhvtUH@DgJ4F6M~F7k~0ED9$ms(zsV-*hix{9(Sz8-lbVM&P`6>5PvxmJfZtTH>;WSe2SEP{ z&NAjDZ5M^xWr1k|+C8)|2`&%9-?_o;(I77F?vT%t`mMkYjEWy~hN97t|T7MCR1qYc3*id#gYa8&_s> zJr<{_X$cBJvhqNV?Ib!%uzx$Jq5JU{#Cihpq}N(M;}i2a_DUBe=Sh7S<1pZw{cJ*$ zEV|w01l33MjNk>6#?+0nP9{B1DzyoRxHQP+PS9nV$jU03Hf7riafUg8od%OQl0&M% z@OXN-2qB1O?GZ}c?3p?#pZ-%$@S>1!^IUZmfp=ySogn;30>uaFF2;nI2w)UK2z2Je zA|E4SRLF&5K9(O#8O#?z2vg()Q62jU4L!V#%-bhO2T2)2Xp=DSvt@w4j6>h~XBUID zMFI{4>@7|$`A}wTRL3RgT@zXrY0A7xQ#G61`ZUw4-&$0tGd$$0j0>t3 zEGLK+Qb3B$uEq$IGi`4cRU_C=JnTNABa=6IT3_#xqIrr*I%!$~QJPUCkCufp9np!<*jy!4n6^FSk$TCj ze!5B~NN*Yg&5>jfztyrP{3UWJ^)#qTGa@NQqYazcj#C$1U5HR{BVOLGdTG)a!-rk!c{>O+dKo)rR#>h`kEg`qv%3 zQ68B}r(){+c_1SsV{Xbnk&9lt9Leh3K~2pIRg0usZ#xa3td%V%MV@=7OIppX+%JG3 zG_D>&Dx|jPQmqia6|9V%?lEcnQTl<8FS6Aeu3s4MK-aazK|m5P5zm_9F=-Y|(jD!_ z3SplwA^(0u5Nnd;Y#wS^)J(KEjOjhK?iszd)1Q8 zF;Il*3FcpgX(!qsD-UQO`7hT);N;^Jw<_4Y*(|VC9pksT0_VF{ymv|a*sA2IRnAr| zpR!&&ay@wjy?06Y>=e#ZmWxX~wkdDk?CB-)CKL^9oil37~A)In!Jg05Ir7=m_2lw+#%#3rP!RFF&>N*30nT#m>D`M zYrDQPz+b$(yzQwvu%$*dO1*_T5vfA_TF|P+t)|ANqNe4!vBixprDyl*%G9k%Vvb@q zDdR2frE~Z8`(^kg*B7HNEQJCS!Pvt7VoWS{V7ju&-{Pjl zYhl5iteuM&Db9(Pl(n~pb^8cQAPlForn`h^=e)C9p`sE4>rL;?$dijn&^3_AD$l#a0 zT8TNMjyRDirFmczJz(!^A9fg)BFf5)Iy-Yd8(BG4gHvl1Fr_lqG&pDNoCPELoZEBb z&pws_g)DRX_R9h~yUqw$wt%G5T3ogW9$Umpy_}I-SiicS1zWIa67IAB3?IIPYeHTY zH|&t|3{80#lQjr=GOnyW37~+>NDQaBFjo0oQ_3)rk2Y9!$U>`##gHo(DN^CpP9r6D zmmG>nB`ueUdVKleZ5k(S#i3K+7+u`TT+fDP?D+C-tcTK<0rR*38eptemmM^<^fnFJEVghkUog}|v z3mxW)bq%~YGk?rA0}5-BjSLm+TFu0rfn*spRlPJ%xn7mkADbJ`kCg(qJm*bpEx&k) z=$yW<&0^4EUOBmmgGZ-c#TWvoK(}xKT8d^RUB1{YC~YNF6$@LRtFcT^$VP~n+%8Vt zO8U+EPNE=Y5ERHRF^-44Nr!9~yt^Ih=Hr$>>?vg|iO;rAf-Dcqe|* z=~c*0=exBh#J$Q=w*ipLczIeVZ!~O2MvhB;2gD(-`dnS*GwQS;Z7@y#0fS`0`dQTEnjR1H5Jil0EWlZ_)n;ng(@=Kp3c-fGBtpCBP*Z!fRyb{KM^XIR&JD=4!v!@5W5=`txWn+VJ|sEj0UnHzt(Z}TA$ZG+uK$5CN+$8Dh{S& zjdB-F#3r2W@ynS@+9p0U$h-7TjKMcIj~(kV^RB1~H^!X>S0*AVOnRad$j>rN3ll7Z zEch~L#}9KIO-S#);fzhUSF&)37m6Z|wvCQDYi+B!T@-Q3!?<`(aNhHleWYvPzh{U( z-J-JUy6Dk}bsmNfkf$Wl3XBLJ_asR67_D~}aLVlvaNE{$x|=@gTdKC@JW_OL4JUs4 zuy50rSMFvZW=mWz{nD&N`2#=LpKH+%;_(ANL7dtB`6iQdGC!}Q=2UU^o`!%B8@>{f|HHPKfb=nZv?{Z4lXT$i8%8c#{fmVml#4NEs!~fxS zrS?D^Y1BGT{>d@^H(tpnLVVNG2UV^sR%Fx0DfDHCu41kP<7TaM@$*u{kOz6a+`bTw z4=QaIJ{R^pbHi0R-wEZF#gBIuAoZ4c3?L6-tg@&ra+3*RDof%k@73y$8{03hSmyRn zwyM4$G_I&Ov`~A8ug=NT4tWBJf)+69!wd#p>ox2B4Bl}i-dJmN-juErMK~ir_UuT< zEe}M>SZ^3DK|rvzL)*jq7QaEXcE7uQM9_+L$3G1oX$+~%P_+v_Ou3wjkBN2^<9y#@oJ#t;#PWXVAkf5_f2UKCyEh;=;2*PUNFAEh}Br1-eR+ zde5zTGBczL-Uzyf=3TRow^Cfzt7QD3&{z^eS#!UvGCF-b&B6BS?n#OrX-k2IsldAf z-?(V4J%#02ollnVq+<`{$_1Z8RINKotmTkesM;qFT{S!MG=745lZJp$p47nUA0f+9N;S*UrVwRd|~$Sz9E% zQE*L>Z@OLNru$A4nGZkByPA2eofr}NS(LZ2Tz2wt$~yryKX2FA(D@P;y8X{Z`M_^s zVk%PWGlx!;^^Rk`#;|Mf$T-!Gw@qOJ!j4Vb2cbrU*qi8+AsCwntS^EqP$Np#)!P$?EwUB z`}5h!MrC1y6AjA|GDj_sTct}G#@@DH73Y$+E-;svbER%?&>a*0+b-TUF7fS>Wf!9} zoJ!j&LKHQe6yGRnMdMH(ll zNsjsqWJns(J;4CiyXk6aMqM8I_)eG0;}gqQRGVO*j<$a&T#e>WTUJXK?+h_8i%DEj z^FDmEzquU|K04Ig{wjPVJA$|8FxURlN=I8wTl9{PQaWcs7EWH#N1J04is>8QdMTFw zt-t#Ig3rz{AT1(c&*xBQ?g;Pk!2UX2cd1`x5@8&Rr8`D0cNCY@ ztsaU-QTpCK#y@|?tr`Dqu8VN3&_2t35+#ZL^bHsJS2Y+q{#|W4p_A~s=V{$VuA`Ps zTLN^I>5&)bEcBOKp!rFqq~7mge0u<|>bO(?+n}PMVOtK8W!=TC#}hJa)Jb+h7tsiM z@oE0bLXpmrj)43jugDYv9`6*@Ls*|u;7UoWm#RD9}7t@SE&ymZT2 zt9aM);KET8vD?UtC^OlG8w)=d`zEEw5q!fcZrNKqbRryz@=hN(@Zm^b||C6qP+cx;Gn0v;9~UycE`NYTc}xPPdvn$ zFg}}*Cr3N?)sG2SZS?ECwGDgMHT7Zc$yZCc)CuVnp7~;7PwQ%eqf9mQWzwuBB6!Cg z_kB|H*85Og*57m??7$uFrmHI9Z2`wTDl^Pfj5Db@U|%b*5qIAFNI59Bj;z0nf*|!? zTA5Y%u8qTHQO0RmE*FEb15qLm^q*H~+F^C)x+ST;{>C`D6ffy+-o^t#>sHKka#=HD z!U?jAYRvA+&h8m4>I&GG*Ps%gCBd@%zBJ_;IUR!tfSHsG2 zr2&o#RZAxnGrvNASGcvHbl(k#>P{qfPzd4Pob=7lR_s2f+F3o`IJRlL@y_tBZ(q2t zc`HP9M`p>KkcwV%V^Djtu*B)I>()17;n{sE`$*{(gI(?;@}j{jQ)@UAO7|`jq7_id zXFi)hva&a;B6JAT#)P{`=UuVLJgigR<42_iW)DkHUmNPKRO;VWN2rsvN<^+Jno^G0 zt&3E+QFy(b$2xCy`ekRb$}#ciM)3|s6py!Nqmt(SvHhtFT$hH}26JV<3R@%55FIS+ zaxI*P8&TuyQ*48^uzZM zFSwqwaX!nLfAZ+Qu(O-35pi+_E9`~V^eUkuisWyo;gsLS^SypSvmL^=$bKE>(y5o< z=SEiB=jwG+HW8Wd;>M^V>T*|6fmX4tuy5g{gL)Y619FjBwL$Jn!eGTV{=19HPn2eG zsjq+UMOD~w0sSQJ3bFR`-F3l2E$O+)gbmsKNq0rLt|s@GUV1OlxX7+FZ@c(%9@XTa zB?6Hfl3p1^MAzE$h$i$t^*L&AL#}T{&X+F-BMJ29xS-05nQLSFtq*eKc4W0FQaB>dFg^XiG&OC zwzLXju|1KN+u**qDpG&4tHS(+{L^Zc0@6!NZbHy}z4f17I1`c~A-|iM2jZ>vUVpLl ze0#l;{-ES|I3DXBWG>=b{myd>Ii#*{A}uT;+kxg^*5#X0o2QuZ?2dohQCV{>NmA=` zDP5gUE$<;3^4%M;__+G*Lwu!AtJ~dLRbOs&(}&L8Y&9L+h~=IyX3^Y#>G76pZQc2P z^9D-wPjfdm*I{S`DT#p|ahiAY^EKvq+c!-J#CSi9UFarth&Oj~aIVXyYn>!5i6Qqx z-B8+Gm&esBTnBq-d}~XSo(Fv8Y7HzElD)lB&`Iqui5!DlRNQHrsY zop4Ugd$D3`s{91Eu{7q3=*fF87q>h_FL>J8;8o!=7;+4;iA-gnCrn@2)etF5iU692th*7qD70KqMcuz zK#YJu6QA#c69TP#V8aY;qldtl8?OC&>-VXPF!<|+V20FU2mmq8b+)Fb&RSOp_Un zwwR~h`Rl9Gm~2g}E0|CUK9WomA;@t0RQDhX0vAHXktm=m7e$#GLS+V<%0Wwvy?SC15LAE5;k1q;6IUd4KC=$|_WMZi)hs6ZSRT-x)a+?fvkXl%~KXaMXBmTnFMFOvTk;Ff{p zkkF~(O4bNR!UbZfIFld>6+^NC4fa@bOH?&0MgVS8z>S7+mn#0h+@@r#ry)L&LS;?q zM=LuM1tNbRaCye&`Zcn^)jTX31+HbOOJ;Fd6D4&XxpxMH=1ibP_`Zq<&Eft`G^Im! zX8Wr#{ZcKEW90$}Vl!5Y4JrgHWwn6GJwRfHo88UekN9MgF^&LYnXDPs-ycu%w!$$4F~AXU z-oWEz*R!@pPk9QI4=A%ic0|EM;xYb@l&lG*?{rBpQc1>U2tvRJWld*I_&YQsVjHwv z75EF7#s|bx;9N|j#EUhw8ID51dgCZ;(f}jIxGDGrXadk|0IJFa31SSMHK+|Mga5j@ zYI>Z(-k17t5`bIsOea`IU`=3et@rcRF)N%GE)YlZz%iZMrV}hnl;mX;7Q(=DzV&vpcHWsEZ|C!2xJe50tE{dOQKR_8G+pn7sx1Kem5mU>xLt3 z=qlinnF7;I$q_UQ0@k2ryuO)?i^zt+2OfF&cd`eCS#zdr)R3&C2o?t&03Wz#hwl0# zJef38;CX4QkroNm@dadHS(phiyV*nkhzG27AzN@D;SXB$kzC!RH=JD%hTg5PgN$brju z3w${thz|PVGU~=(%Y-`Hwj1)ARWN#_{Ya*L9CAr#9{u-;)bs7rvsOK4ffAQn0Pvcvt+Rd z0@d0-8e}aDHRAC(brA^C0ly&7fzc3(XF+2?_Atc*3M}CdA~6!3m7UI0%jJAk z4%p!v*d~TBTdcZ2^V)tQ{@kKd#}JT*z3|>a;2^>_{~jpf=!f{BL*|zFH&EM{WUY*bL)uT{1g%^HBQwf`Zz3!-FZ*qdIGwB4+M3s z<(L*sDy059D{DzNaV~y02~2kzWMLziq$An0jFO3B4K7C@V(qX5yyy3L`Td~9PP-{8s3XUKly#uew1i3OQ}EwO4J^z|tuZA3 zAU2N=0{V@&tOQP54V)GYW8Yi!pV?WPHj*dy(kmb^7G!C7o)E44HC z0~}8poax~Yp+;)htrLZ%VhLpL8L=5zh2q&L5(k1XH?XuK)9N8;%!30T*bZ zV981VRt^T+dY2unxi#C<8zW@Leb7dn1W)=fO5oKr3{tz59V7_SR6Lfz&;odr2=*U^ zT|%;0kik_8TyFtzJ-8h=^|3>@!coXUU{_Bqdq!O|Bq))zPC5(D++5&z0-l004bK5~ z9M%?kmQ$xVMyz1HZ*r8HxZ1$tmB8XbLBcc$AX2h8D+5RV5s5$q1p2{;v3o{|EEVo` z0(DNJ0;t}Za3Saz$DA3F*{^nEbMsO`V8OZ_)7{xbh%M%i`k0~O86PDv-wqFdhJVR` z9X12>=W%l?=do5Z^G!H#`$-zk1U}^-tOF6lF_U#l}cL^1yo9UeXw zY@Z2zDm%`oZ|2{Mz_IBmv%sEF-OMkR;ap#CB0YCtxg_ZcJ#brcje~tnG00YQLg8zCS z0MI|)CHKdNkw4z?9}i3O%ZQ5zD=N`Qi)5;d*sRgPcYK=Wh37$r)Ekx5XiAC`Yy=YD zBM9BVQ%x@*WZtHBV+`v<=>m3`J(Fgz?^OL6r#phUVmTnMX%K zEF#CHP%g&yQ&<6)AW0NZIdZ6A+KNcZxg5h)>tXsK0VDC% z@@jrWh$aye0pfMx&g`I&NG|z|e=-S+-|T3AXGkc2AbnJQD4slj7?aoyXgW%~hFUyC zodu!xG&%yzE>RDoj8vRsa1jt=oFf$5BI-m>dfbhoSl=y1E;fTc8LE6FBm6fmV#L4% zWw4)Ui4GOk3_X_O;Xl3G;pDBPP+d6U=in2%=qgh9tGp6`?ebrRiuSPLCwStZb2$>GegbuaxMsc}`go%h=5byjiJ6-F> zm29qnb7_ejq9?0;E&6U3KQoYy=|RpA7nA^|HL)@rYXL37vs*7A02!|BE3~_`GG_?l z_yTVoRn#UXj|EIgbLTqms{(E-F;pMTnt>~zTm_gJ^W3|UkSeUdty4(H68L74*H8A;beN znl(IHnQ{5Fw{NHm!p3q|<1~-#l4WU}0v5q&QO9lu@2Gz?&*DV zp*}Ww3E=w0(WBPfo)$eLO91#xM9sz;=JoPB*6|kWDzRgp5@Md@$Q2%2z(W4k`D0ta z#nPs_?Y8IClSE-!b(vg?`A*wuwu|tFytEju{jJD>=lgF*Oc=G66$J(WK>Gyn@$;X& z82(=!QA%7;SVmD;I+owImkv7U@)<=%_A3bWDMF37RX3jjkUZ>ODv1r&%%J>k@04N6D$WUpLmz9tr1JF%uIoIxn*bNy}Kkp%og78<7b@-n) z=V3w+#L8&p{RL4HzF7iuEzVjRo6h}d(tSVv=@L5{;FwLN?`oZxRwq3_3<8IvF+Tz-ObNb zZKV5{m$$JbPi9{)n{R5qdJ3G`P?1Kn^^hXDit2>N*a8A`Z+h0|NZ0bY^`bR z9Bl239h}UK9VsQLDJI9K>X>I3XBl@TXh&(OucT@wXeE{;CuPMa#HgqjDW|4n$!SKa zwk4=2Mx-RAXaFh5XvE9uW~Hfy_kn&>y&W^;T;StR`IVslY#)~Ye}Al-wN<8?we30! z;?MRUlxq2WmEVY0*9uJA!dL61VOu0MfF~Q?)GGV6>681Z#od>vZ?CWspc~XC%K}hw9=*F_9(C0_7gko--_GCKu;9zp zh%BttGVNn$cO^7;In(G3qde{y93uB}97Q9kbfLFMPvT<>;@N3^?5kwX)dfVE{IxiX z+^ppQeBvwOCoZhBOlrefrLZcuqadwEsIe49tkg_=i5j9a;sarasf%4bUv`BB*0!#7 zR(034p{By{soM3Tq8}9wSBLwKZ*~T@C;KQ2IO#iBOVkJEu((L7Dz`}Hy=lP*xnfkW zEv(?!?vkwm5l&i5ZsYU)s6nS3D;bGh&?|J95z?#EuL5?MEeJ&7ndb-yhXnx4lgE(9 z;ggTj&1xzJM2yN=3JyJM&A&q{*D9p`P|W*Ujwc1&LX{6=S|ra!YKd?lU_T~y;mh2V zgP#|C)m_KF9Gf6u6=4PrQbN&>@od)xyrZf<*dW4aaQd*r89V)r;eL7*N|DJjluvkT zc^cU5q`YRCtfittIP~shhu^s=xR!SNU@2+;u>Fd!eVZFS;h8h}0 zXM)~U?0$IxFk>6sBW|X07I}j6IY0`~HB_wMd*>;F0}7uQ^bjOYD9w=mkDW_On3Gig zQ}QQa3{tb@Mq2#1DhRQ9@0!YLXa1cAk$QQsSyOqCk~d}(4qD*}$O3FXAjzLSX%wKU zLW>97@~<%>dOx#Gu^p=xsaF| zDH|Myx}l8N9BU_cze57J>c@P){QNFRBT91EWN+MJ@M%uoxKSsdjg+gh6mC5z(3wyo zJAI_mDksCm`;3fRf8PH}X6s06?)Ik6hUrqg@-u~w1BCqkzQD$aB#;rS!P+-|VXRC| z=PEcZU^t3cu#}A(?A9!DL=JB3vLaEZfMOC`IJUjZ7J~~2A#s{IQS9qjEJW2v?Bmx< zL$DD3p>3bfjP*#W7T`2w_2-YNFo@q(WDWI7SSFbF*|~%T)r~Ol;1Y1Mi`hG>!I5jz z477p$#K}xbV?@9w8W2EBvpVy+Q!ya9LotBmEpRGDy-JMNQ1q;!MkrVw0f2unAFN2I zOtx>IoQM|TT|KQSMS|^j&*4Xa8@&NgS;Mr@V0lSM*kqY2)M(0d14(;#KBwT>sLis~ zpSi2Y^CP%36tKz(!^sBLwq4Q_xdNxjL|L$PHV|^5T(eb`k$mCe8Z<4lv3J+=yH`h_Lwi{^O&!%Rb_7e770 zGyI-Y;N=WFT_@Lh*fzmrDLZknw>B0I8$f@OV6ES?)ZREI(O^sY@C|ZL?K?$Zm9aoE zi%gbXML!N>JFo0i1BLoB|I8n3!! zPXcH^vH*GLn#_q*#TqT5w zCKR?L^wd*lzJr>zV2qQkA1`zd+wC2k*)ituN=OBtFo+~OP>n>5*ahN_ z1cVI9V#5N1zxji9r*T;93wx9capj)UQXLMj+#Yi)&U`<6y-D2Wa1hoxV3(Jsp<9F? zO`V|WBC7n>J=zpU{|ul>GO26?hg5~LNkf9L`RUsLsFGA5f(=d=C#Ws|&nU9zOSNi1 zhaz8CDK|)LZ>$-$E}OQa9x!a1uF7W_8VKfHJ1lRzVJV_z7kkd6*F&~ z0iGa~fJXV8fTn&mUnGv5tO@j7OWgDVf!iUs7q!Tt=!Y@t!ucwAZ;Z7&SzF$=3gNqB z%t7wzzUTD!1ST8RvE1(t-*&1i*q^fFp-O4&6R5~@q1&iO#Mp7|r%eMg&t}h!-e?*j zDm_zroNeu`=GwR#Pn=EM!gZkySV;=2Uw3rhdP6E)&GZKDd35hM*9_<;si~$2S1wb3 zcJ;e55SqCKfT3$p(M@aWI0kWhB}Sqg4AWRuveV6lc-18N)X$YS(wWk6$x8pXYYGW1m}#kQV?yQL0>Q1X0JAiRo&`@f;wc zTH0D~QKtBqYma$9C7$vQ{7cQT81HquiZ%OuV9YONnAHnbB#>|`u%V`58VXr=GyXe=uU)yoI%HDl30@uc43SZsrB zcPasri`RMuV#v7|KF;?w+|+RgkSmc5<@&3zPJGHf@zUBekX~ePM0x~AE(&=T1L-x1 zAv0r|iGV%b9pt%nc^}%rsaz(+TaN*4i~@E+bpNUYNBXPk&2_Z)+53d6wX?aJgVi1F zQH69ehz0KFMCEtACX+--cn^{=Aw7YH1a%69sA?}SWSL**=J;)-gR2!1U;WqzxAq z3ymQj*N}GxIol(a2v7Q&OEiJY4`% z^fL5P^akij$jOruH(B8;79T}zhv#N^=C(#^eAm8a{7#%cdXL-the!(zZ`DH0U^w`k z;`PM0(9VWA#<3*9GPtidE{$gzIQe~DQLp)eX=Fc`qUQ?Uv7EA{9@JXsyajI8Yt&Vs zOaR0fCg$qJjU#e^AYgn^W;S8A=InsyYGRW$3d827do?lo;KmjyG&DC8N#CeAj2O#fN)quu?dUtWN->$`gOfz6k{MekQp^2-bUgVBGHQp(m)-^tw8 z=3gL`Ym@1tL*}L_^h1{T>?8zDHQ`@aZlxp)1nNB8YoS0YoisRXFZaX@#^W0!upU?h zgDkmNGug+pl&yRD89*zN8k#y1eK3xx6JfRA-06qOJ{L5jIXW!KWS^~bD{`xfX#dpg zKz1ZICD5~hL6QmTMgpvQ?RyBL4-m= z+;2fz;avHNWLiJ(j-Qo3x)sQu6~3ffQqK*7c4X^t_C6?A0=uJ;#_P-7KAL~49J7H= zd2e5;m!Fy)Mv4>p^0Pf25XPf{b*XXpA)f;pnmY0Hn{-z+3!hta4=jFwutiwmo?A@K zOhr2>TSawK4`Xj|f=l)!HFPK7FPIIemdKGmAO`*DiT$}WA^Y!PR+E+z{wO1z6pZza zj2#&Ma$W1#52X2!g^mVEf&)d}7R2P>F;yJCawzTKuj922bUI+O>sWR~k5|cG0e(T= zT}6aYCx4*NXIE{zy??ug#OoLL?E?@6Bnf;gti)}$zlA}I-j=r2fy{SDay(&BR052K zELOiak{(&?5Or3^JY~brkVT{Hn4wq_E+sInBgkyHYc_bqBGs}Le{;m$Qo(ME#u6@S zq~9`TN1D{RK->75rA}(qw}y(Zh55B~nW%lW^B1J#5D8|;O;B=aetG%ldPB7{iHj2 zk0k@M0t19*T|Q(7Q*8cJq)hI~T&CkMsuq8qf|YfkDmBJTH*4cY?3Phj>7l%3ff=n> zhDq!uust6^2YVn1L?}5X4HN`rOAmB3L1%JrWBL^`#zs^MCjp$vLIHu|3m@vfO)6ru zvBS(FaO8U7hSE^Lyd>-SV^FF%e3w=T+4myImQDmx4YchdY^?kx2gMcg^6qiD9xcEkCM*^FBB#{kZ^Ca)h0~}F_jq=|JBf-y4vPMr%urUNY34Mm4Q-@dV{YQ>&*w;bWS$tpULum1{#&^b^g8Ww* zj7(zPLz8p3TW(;6kE9qPrsV4Zbmd-9D!13vbU{>iF!=yUK^=$3303*pV(D4IQiYqJ z;T$b}TcU!#eQ||7oAuM?siqvwd$3Vi>Dc<^Y2^lorAQy0LqV{=i&+$Z^fXy#r$4%y z^&Cl{&M^wvbbMoC5g%335J3Uis#sD+e|RQ*R(VC6G}_9hSx4pUrSIn*$T09<$s#gy zw$(cPMQ>_yJgu(Ibm-^X(Ge}ca)<;1i9RP>)lGFm$P&mRRnw}yMpUVznxlE215ew0 z0nDnC6;Q+>n#&+`c92)!qD0^uFi;&chDdr)>)2~5nqErxY-oQ)8ui!KifBXU44_2F za-)^6jg}4OZ`G>4+(3@Wr_)(`3T-M4W^Dkr5LATg_Nz8c7B0uihtz&2a0JLNgnlC% z4k>(>}SJA;zP5B-YMj9PiQ?EJSYf$IEtm6JNgIY5rn`~bnC1h zFm))W{N<*6zrn9Qz0qU9r;3z>_iZpqhiDd(Ls|)88vBzY$SSb^}o%E_Y6K zAdp2R9AiS5Zu<@vKe#)Pp!4$qe&x}F%Gza& zI_3IFLXzYAGayn|=v{v>o8O0JZz`8J`}%Y41aV489C2j3sN}TF`5V9ucM#QHTPW%_ zr9f8?RHcaso?6fl06UOuEUGE2A$$EtqQ1q7L#y^Cto2(XS)ir0BCknZlX~2E`7Lys zpqX-9KC&+~=-;vV4?^c711lKY**ZA=XZn?Ei~dl~*n-11tw>9R^3!~M66Tf7m=rQO zf&%rD)p%xodD48(EKoe#JWxAwcu-JdSv8`JH}B^Tpzu42xh2yIW=H~4qDPLsk9yx< zRfcT(I2}iwlD`tnni?iVjUc&Bmu;QggdJ{HP#5#|5$Ceg81N)p6la}n`gAd-4Zdg!jSbV8Kldo5Ze9*X7K!&;prr34D@7AXFFLU8U_Q=T<>4UTI zke7u)p&M7&7e(lUeqNHFOR%XJkjrU&eD&kRRmBO>5ML;PPQZ-GMdeN~VtpmE8)#u_ zRs9+5WJV!($#~%5Ervo9c=1v}MG|MSEcrwL-I6U{nf};ItlSo+huxF6F{@xUgTXPM z%4NuYXG-F51@#~h97Nta7oZ0_=VTfJSv>-@QkRO=Q;1+yb42fOjb`qZaI0h=S)VmH zyrAZQ57>etd59FdRD^W zTblY|?#hoC|7T4~`M)*!KMXD}Eek{s?*%+eQ%&YgV9MMZBvOfpM3f#|Zs!ZnomR`z zY;;1>HgLAZfGfpx4gQoLsfZ}6V>atz^0FzlHU2m?gysv23HvaLca|d8?H3>jE(-e{ z#5Siv;w4T>F$uA>Z)U%S^&IAPv%yD@?QzeD#{Ws2drX-^fv_&Rx$Aa_MBd?K$d5_C zoHHfxMk~#`JZcm=cfrb9%BhVX`TIv?y_r}{lsjgOsNM_FfKeSwlOSrLC$*&AkJ#t6ReHYb?V~Tn)k=gg#j=NB))Wv@m>Mu^lmoQ1UX~-NHSXv7gy!QW zP}8QOVkE!3`+(-oY9)*-QP~|Xr#}`HLeXVa=jD%mR{F&scQejY@Mn^?4S04k>^!d3=yU|sWvh7jQ^Hq4A3N$VNxS&)RCAHX1x3`I%cURHdy`v3R z0Je}OoMUIb&pQijP>81J%@5NL29z#eXs^q2qpHt0Z)n%Y-RK$fHHrq#fb{ojsgx!n zJo@WI=-Bv{b@S+I`$A>FLJIP4XO!We^s$Nea@Q^y*#wqn?5$Bi7Yj4hvdgDU>>{hn zkob?gNC$}OowIQm*!Y(%#LbD1fCCf*rEzfIV2QFW!bnEKz zbD|=39s+#ca{UoALWgjoYxIe?l!*Z}pn&iUsu=dXDDUn<5ZC2LtEe)z1Q)xJF6>0M4dym|`m zikC3iew_r8qU>aoF?Mb(lNwp5jtbc*g&2SEL!Q{(=^wq3@HuP8bHK2D`4-MAXH)M zd70A7BpS&ksMoriR)sc+2%|B*w}y6RgnnX^3f0hgoB{%~98e&P<(`AZ<~p)BQb_rM z;%HPXlnmjOLuSIN!nSW!>}Zn{+9EbCqIYVIj@UFCmVmd5(Qj#(eKQsF9o6qy8!E`* zy+Da|8z}%3L0#t?SVEyf)lvNHw?)T_Z;WcB1Nz%d#E*ph-GUeT$PQTMS&7l|RIop` zSbt<$z8JQ#M`5El5nW5&&4`bS`xn-mYu9h!5#*t@ew!||AHe~ysjnf?GC=YEVhxYl zvLtYkQ=W+Qc|I#~6Tbc;q^8tf6VySj1Izmz{TdPQbakq13d;VNYv zC3=&pj`4MWqo6>#H+g8eb}(6xgG%{;iB?`>2j1+obt*2}Df4k5bhZTB*1f~MaDpM# zPhA6}8Qf_V{}b5T)XW3}@FPC>2%{{eV0nd6)VH8Ip@D?EX zb#+LqARJFl5mYIw@j>3M;X&inIsFwA?hC-@pydW}KvE&RF`mV<@eK9L>!wTHPN1vn z-X2BpDQqs+X#+En6;EPC1rL_-IVB2d{Ju`k=6$3K$gIeYTori+9-C}NE8~JAr{EMx zwJ!Wi8XEHHLK`U$Jm5;gG`jkY2for8wBcBuTdrG%iQ>-3>+|kZ_?RQ9_hzLB#6G4& zXit%r>G)jlLIUYbnx%{$dtPT5nN>pI$0ESOMRG^G{%ZBK)C9%@IvNz6++6`M$(epHwP;w!%K>Y7|G; zD8qa$V6ajp4cS>h%*`r9_Aq@=zozq4@6EPD2pV8>&%a61U9P5Hv-vJ1tk8Yy}Ot;WuB5#|gGf%xv@!fizK0R1}Nos>-7}kYS49OG4=(8*3 zFyI9>p7K#2=p_CHEuQiMFjqNV%+GPdi=jg=7+LS%(a@5g)_(CL8Zv*hs4&+dkFORS3eCE_?bzcp zW|ms{lCTw)S(9?lC~2+d7iXJ4MjM?STz4Cz$=M9YI>Y;+Zf75Ji;fm04y|rm$Z-`* zdq+b=mb^th=R|Q= zirtaGg-ZA+i!(`3Y)HHUpCNzA5UEov=9!OA5AnA$g#OR?$k;mlZU_q*e~cF#et-MV zc4Z9x$D{#X_}xs3i3OEqlMg{l%#xG zef-Dm7r;NTpO zUQ;@<3}a;B#iGUxr&}VCujw3(8WTWCJ{1!;R>l%Qe=CDcY3pAEWh&EHh#8*|dD^iX zv7SlZMuNa$)qX^F2Z8Gt>~US?zxuuKgRVQxUGwp2FF#&?rrjULEx%~@&(7_CfWRHy z`$3wmYCzhqRYJTOBP^=I!r*WeP@qO;{X`fj$Xe;)6|x5aY$$s3Sw8yO?0c{LqaS+@ zaCp69xy93}=w} z;Q3KMoY^aP)7re8ie^3-7)N#+@Az3dridx<`fG!h$A(>CRr-9|2vW!DXZ8n!1=*xZ znKUwIKzk6ED3R25Jn6L}y%0XLkuSrS$OkY4 ze@m7>RE+-$&VOyjR>;?UOc3C`mI?xc1#&}iNHoBxl4?SOX34v!OAVa;lUgN^M(pz+ z>QZCTp8$BE>{T%2h(QG0t~R*4+Dtn9kr~C9F;C=wY0@Xumrf@7hgl{{yBKiAh zb5RIT&bG8_jvE>eGEAbIiwYCeg)yxzWaroxw-Pz!_ZATBOqOUR=G8l_AeGkc?y$6$ zDA|NC)C8&DzXXaHB-UHd;lj_#FeM}*r;RJp*NPmOzuOKs@#^6ex4y6z(hhrZDTckt zb7G@>O8A!R5{+Z6;c#)typu1(_Es1bXt>mXJmx;g#NyOBaxE*j$K1AeZHEiD$*hWo z9cK7;hH=*~4g3AAh-PNe}*x2@>N3 zVl6V|X|Yf6#Fyw`QkRjyxeCGtgwMK_rD1j_hQ*QDxA~Le#4}~`(l2uYY@1ZsJXFgN zJ7=EHnUd@vpM#DnD8mNcZfAY@j&oJ2WS9B7wm1C0V}GHaur0dNSul7<`bB+>`e&H+ z4|qNPmim7v*FKtF)lq?2sxk;V`A8 zSmHx_9802<&?H(bc5K}luD9W?L@|mZ;CFkL3vRDpHpiWKx;A+MoN9E1eMJH{Af$sw zOVY_a2jS~EfrGCEc*TM}N=a@8qe5oauk}U5GAw%P09i+mc=gOgDNN0ZSGh?16A3SF zh?>4EN+-&^@UTtQyLBeDjGaNEpnAk>?ge(Rj!Fmyt!3VYb=lFT8VZ%^Oa^9X2=7C9 zLQfQyADzvwbTY@sV8E*Mm(g|#>2eb8C*1_F_{2DzDKiI>F=GF;^$1@4+z(n@gMQT7 z^eVV45ax0r%ST;8Zg!nWypQpGGlR8E2}&$vL-Rj31sJ7^>;wIq|7Qy*+B!QJ8vnxraZ@rMNouf*I*1~V%tt83jZQC8 zy4ixujEUZy3Gkqkin3flvQe|o@MNSv0B&0lqnJ8AIG{$_)urprdoFE!>2ZkE7xp1y zIQK$ti9aCMuIP*LB!)wUOLk8ubZ~s`8M*GJ$eiE&;}<&o!d*~**%z&{r*?R2MiqR) zu}^oyC_>Th$gR0Mx6x%lO=z|>Bz|repmC@-iMdSiMUoKpGg=-O&cLfU z(HMxDSC!-r%SE)>$AEob!V$cM+p8*WEkCqb@!JR#W(@nx>3*BjGd)r`Om-Nv*|TY8 z*pu538>(DBqagvKCK^Z3Cz98Hbq&SDY-ES9U@w*JwhBj zGLLZ+J|r+_24K=xNu6h$NgBxm8mII`?S&(o9?shjP6Je-Q2F*aU~6BkZt|pnl7ZY3 zw|44e!?U7cYPIpP|8qVl-K)vAHsUUIjc2;n<^Kt5& z+^l|1xxNk_x2}4sr-J5NMXi!fRu#<#+VK3(Y8|zK;Ddz-O212wdrqLCQE6M&>UO;e zi+XH8>$dsTb*C?W%XRU57M{e_uY7z;2W{zl3jx$crdm@lCTXMGl*(n#%zi>GE&Q*1 z6ZaW~iw~`PRT`%-qN6O=7gI@9-7HJ zpfcFEnsh3dG&|3$SDrj974cfI8j)?;a6zrz0lJLAyEqnut+*1#LP&|_QxoKd>fA|E zLapu^zn|9wY3!)2%|ex~PN7xcEaV4=2ZI83+|0VT0Hsi19`DK(ECr#m%@Ds(TkCE> za%7P>xSv?~BwDm#O&y$E@+Dq8SqY_uH|4_id<*fWYMvcV=qPWc;-t3&f`c}qGt+}m z2kv7~x}N3(OyJ7$6Ky8Y`}vMA{e!gZlOikm+Fp6?l0qX1-6DA?Su2I{1RN03mZA;Q z`4P^--A)80-EzL)#hC*W%K;7TvAl=+HCgeMV5Ym*5B35~>!S&+Df^#j3A%mi-m!15 zW=QBg0JHFHlf~#S&Bbr)#Rnks9OWue%=Nz4MA?|-(snouaCqarJO+o$JiCWaJcyUb za}axU@sWh(*u=N!C_^J&;j+FMyJKTS26z}3%8K>;G z-0{r8^9DOecfFowKKMx|WnO_looelT^KI2pF25Vb+lRk%q>Q*Hk+u}Qup!kp{19Wv zQuRJAZ}yE)%GBHBJNsXBbI>e3M=pa*X)HC)@6D0$kXh8Kv0_mE?IOePCTW zGS9Zk^q1@39mz;YEnv-$-jm1X^n7z^ znpliF%a`au4HA&AR*3aVH<@EuC6VNayXSq*nXb+GmF~h^K5iJ? z|M(#bU|M~n)|Zd%ggtVgMuUR0z{No4oN@e({&-Jh`H~Ybz+uy9IGWQR+~2QZzpHT% zrayN3sPZVBgForkq)hpo!A$zSSD&n2d&(Ur+EeB#`cWh>akXTX3J?f!P5M8lh(&#nU5U}(CJyD?`}((1-7&!*+Kuhl3wVbP|ho4t}$sNBHq{7nl1hvxgi-xPww@xWlTMZp;H!YDUx| zL8gdY&WsLARnK?=2J)>Q*aBAu{|}L7|F88nGlU>6-yBnv9z(lgq_J~^zG2*+Xo2N@ zM}4mSwn`vMT-sQo0J(t=O6*XXU^0IXoc4H_7+Ji}8RQamwlvR1=W&B^1mZJ7YClr}`t}4j* zQ=u~=;v4IK{t~&YgD2^ zD;JZCb;qfe$B#P;TU(vLY6GodRH$J3`ZN1-bn-$YeCk+|B(u$ydMo_^6ksY+sUDrC zddhfS^(QO^-FEkxZ#|XG6XA_ZpbS%5Q_54IBA<@52e|#_BMvpeqLj2{JE5Xs3*J|G zrkS2C=4!A!8!s(5SEWi?*AUgpS>7}T^o=%PHIkBRWmT9@D|O7i zlJnZlV{IwVlDg(DPZhL@nkjfhC&S>ttd+%0x^`e{t0Qt=>aGsyV}f0LO2s0L=2D?4 zf#HHrJ&v#f|IQ{Cne-6Xtt3TpfnO${P`XyD1&z!+v2G34N!a%D`cn|KWpxlXt_J#G zXb>}(feI?_URd{?vBw4j^|*lyIFE6m{XiCHi2Nb;V+O71&n`^b>N~jgXs*Q0yF^P? zkE`{8qEC_c@yn|hP3a*@(Kp9zLMH#mLF(t__SN^u9RAQL~OWcO|54sefO zH<~`7e)+%s6wbF z+}(H>K&hV0WqiiSl^>YJh+nvYlS-b7eF@Y8Kk>RS9<@d<#(_Rd>BO5E+$QfCkz<&W z+s4#Aa)z3``WiKYO1Q#wp_fj^kNo66Ks%1!zZp8(Hj=$WC}A44?q9dyhd~aT`4BN4 z*cl`@@O_sciEWK~JsML5GQt=({e)mbB9a7W27;ta{`M~l`vg{YTYOMB{r{E1|5g5+ zJFE#Ib7Ku9=YI>^D-h?!OBFb+st=w{Zlr;<78C0>mzYHzSCzLKke4Tlp=$E_wCQUK z!KgR2jqx-T!=o6oQ%=+to-jg(E7|5c#r?Qm*XD75ne79p*54T((aatEsX0F{vJHwy zzPdn9T^Oh-;Yq3UvZOf%h5dypOgT(ba@UbvR~2C>c=V1|=}TC+zcjmhjsd176mDti zfGSj@az?@>4rmO>uI!`K7<}qCuDR?};yLmPdmU7aW%@a)P|@sS$LdsA5&seau_0N+3w9RbVC{r;LKA+6j6vw@(^veYxb=nXf6C}5a~z@zlFXO@ zGiwid1oUxAD}Qa=hN{Isq8*R@cF=o?euC$sc7m^SjxT>MAWq7OPU({4LYKA32Fqv4 zCLs$VxrZa=68G}e$=9Fg!~lU`6@5fux|eSn-G(5fJw_L{5amghubh&Mq0_glU)-Kn z!2VePTrp{vH`Q?9u1f5lPTSb3XnA0z57(qjK@H6@1O)tGP71V28GGqu80Nu?a#x&( z3j635^W***F%iDb7~CZIQ*52Q2-@?}0`$Q;QBz{Yy&X-t+fTb{U`QY9k*Yk<=4y$= zb1-$FBgvmKasft|Md~rr{eqZ&F<$c(@4wTVXwA-2--pan`dCE&bBB@P@9QH4V-sVC zkNr?{eXD=Xa!K;ilE5FMc=IOhiUkWx<*Rv3%Gn?t6xuvIDpZY=)+&y+gTa)d3d%q0io^G1Tm;T|KM4LUT{RAbnKD4cp!n^G`_*Z zz|0LlsK}Hp?A)6RjWtPyz?E)Rp?L@6W>h2>!!?vzn~6ssVATde-?jq$JXI!R&d*KCSAfsLNcW|o8)aFmidra-tsiI0lUN{&*Q z0grk5Z5~5G&_HyLUg8~!McAMRHOy8Z)bJ=5LRn1hMr+G)$}98wx87J5T;j)Qs@-c0 zK)hfxGn^Ytj%ousIMPQ>M*|v=c~tB6z<5mJn}8#{=fKG%dsE4R4x4{ti|sQk=^M}X zOJ;{b^3&#B1g6zHERjN@rFW=33aVKevaVe5p=2NW;dryA+KkMO5lXLx#&h<22=T0c^n6Nc-R z%8!arUY?L>skR>xMxsVjp10z%o8gz--g$?hnEnawHEB)-;#LPAHT&LyKx_I;0a8k` znT=jZ$j%jdKWuS}MnUK)QC<6tZPQa>CF>%QuMJ3zK$E?x zOwF)hGF5mDuQr-;3_{m}$&$$YQ#}j|#SZJHgut)?l#Rp3nJw*#6*;(BIDNN&hEj{?CqJ z&_5P9-WxX1NrRJTlNF-P*@?&p6l|Mwl*HhL3i;sq&l~orPE>f59x#KNfFJ|=LE*Xu z@l7%d8nyCuj7(e~-c7q!o~E{Ry8zD&ilZ@c)zrELQE*G98D>~!=xZkQKm%yQ_Ir9l z^;=wbyvv`dkSlQ^cp}$PKz@%S2 zj)#}ioyp^}loMrYU(+7NE6ANqe}LD&e)mw>Ae_1_?^{*+*p5(HG6!?M_8<<`0dtp! zbjZgPq77&#kbMM-jgo-RhrTI7+&5tkl?OYCJ39B_vmu8M*kQSlt7=>6ny`zZkhVgl zyjvT6*?j-Ks%N3RP>1*tq9XrRPyP=y``6g?A2gF*4oCQuaBnu%5Dxaq$!b21& zQ6jHb2JYBmTXQN~t~_IgvIRwi2>XQV8zL~y0j^mhPs`QD_+#pfb?>j`khX1OAdR(*GC?&VmWo)!N?{IWC=Q&0*E=tc8Wd!MkRO6I0IAhhtlJ_eLWR5D=Ll0Ta1m5-*S6G%smCtffS3V3wpLNql1#Kk%7P5 zIQC5{wrvG(kzp8ol>G^Am>bxDetih|Wd<7VI@DruuWRxum0-;+K6?6*sq+2ocZ8El za&sX0pkDpoQtuBlzkgQaAFD|pW21j1U{w62>>MBVV7Bd2h1{pFbbJRXWO3G*=~un1 z@H%Eh^y)-_wSg&34j81GlC5Pc*@a=jLP+lb?__(AAEl=sy5q_HMd#FQ%TeXq@1~Ha z+eNdc1HM1dsg@YRo zb%J(VBxvz+)@5qm!(iHJSz$K1m|BQo-l7Gg;}OEDx~2HJD>Ab>=ry+rMtyeQ2Fz%c zARXQHc8bN5MI5%&Zk!g#!a_JE2)qaef~4F7MCL>c^0f^c-ffUaEGyK`^dsc5mp6x& z(o7nWfqO?2T}!(Gsz@6;VqVm4AETaFR^k|r)H@U0mehd8chv#l7$Y$*4V76+5S{`v z-`l}@BYeoV?h=kIsI)S$Pu(0)0u}OCdQg4dpx$8u)58V{Q--hue}Hpw`uD+HX|m=l zj@jCEUXAm2zj3|O7rDwCi^4c^X*OEuQ~*7H8&ukTfd8b$IKFg7=nc**$6@Oglg2S;kIX-Rj?{R#0|Zmw0JpR^`CacEV!l8NRdLr`D6do2cJI_LZrLzD+UJ!4IEn zQd#!rZz(H0h=t$tk^Q9qHv9eIy1+lVp{yYFUx=Y-`B$T6ske4oVN?ew+0=(V~Vp|SFNVNGDWT-_^+(ga~(s|ndaQ1HVQL&9fat+pmT^*W#DVQ?juc- ziQ=eM0VymkhNI1Kk1mZ@u#ngi^Yo*OH3wYRD2(Tlp{6eQkL^udyrkng>n!*ZBQe|SInFZGE z>IcSCCH`&D-)D32M=QnWp}xJ%hYg1-SGFoqJOK*&@R8f`Wt46W)skyonp@i_B%6ut zbOsZ7FmZJQl~}li3J3QvLcGy170}b1;*J=HiL_cubd6!+8uIrcmB$vEv?RjHnYmHW zlXK0X1a8@f=oi%&2%o zqJ%6vzHn!r*Qaqj9DlD&1Ohe-8wrOcg!q?u|K@06l z^CO)<&W=XA0S{=lR2wz9Dg@z$qV1%u5O9RDSUd26{BCwtbcR9T4tQP*hbraWf0{I0 z;JCQqlfK5DQXC&=4Yb_+Q9gaBqi++ZYoPCc)=8HW8-?hng=qqw9@gR)W=#4UG%}g+$3MfPaMHgQk$5P8~wMowTr?+3hB)%#FCLNW)mb;Cznd3T`|g zU4>uO98OXR|*|Lc%#ko5E_zd8?IqG76U1j!9d|x1$nG-Xxy;b~AJX12y7F+@*X>R^9ox2T z+qP}n=-9T=v2AN+#yKis=Ue68L3!&*LgoEt1QJ#3h`O zmU+l!q&c+CL9AoTC{n0-@;cAv1x%utVsXDOm@`hbDCdK4e}d0dDNh>V^fOjH#W;QI z^UUzb+US$vfiW#c;zPqE-w3w0L557$iQrU!?4a3o>s)v^wy|6Zq^9+dJhA_7ngL~g z{6px;kMQF>kUZ1DmgO-ISi{<)fwr1VyX@-zE~b+rbVMrz>U~54t5Xp13qi}ZLB`Jh z090Y#21J|;G4{N5ivAz3e_l8G0-Ue-H~sbd_o+O`|IGmZV`}REX@P$YQ ziGX!Wc9X4*SbmEx%_6D0qOn;A#{FC z(LbJDn(1K7GgUjh>VZ?QafIB$0KI*63jDGG8mtg3_>s0%n-Fdo0SntG)9OcBoPet{ zbauK3$L2yN|37SiHC!Ks_x1nJ|3@1L{oib$W@uw+@=tnA+1SF=*6?3&%m1`SjFPPU zz!z-__Cw?rR8gc*95jt>w*p;AK=Rpwg3!xqsezKTm~=g4MF0Muv<5!L_oPIRwTT{2 z=KHOyo^ z`jS9GeJXLx?G+^l(vc-xr^BBg^729JRPoTE;8xH@h3owa(a$ssl!w})d9^RE&YjJL zSqIE!3`s2(ZFr&-S>s!{Cc;0R-6@J%U`8F#4W;CgwQnFDONFS^gHad)F@j?&KZm1t zO&XJ~&NWsdcQa9%^+j!q%i5F5mv@n|_T0o>2}~r|V2U9I%yhNde3M9oVH{sM9Z?ec z@GugCjU*7|?00_+WYGHfYXt5hX!=hPC4fzBF4CEuF>`cW8@oNoK^BylJvNBTs-Y>Ua zf18?F$lnzRitLCK#^uB*@jyd z&VF-ii_7xlY(9n&|23VLj>cHZlb&^8?P&JevYMki8V4zU7!hy1&K+acay$Qc^5+h) zdj;@e??Fkmab?=QoGn8IDwO*0AwXjuwh@@yHI;u5l9DT0=udQ6-zivW%VqNmGfC4A zV!$qh>FsFmRpaU|>bL8M`~b~bVNwX~uj|d_x(N+nz2q_?(^=Kk*pphz9j|LeJLQZ` zcQB`DM}ZXi%Ws!$NNt-s@iz;y^ug5fH_F43P?E~^EPA;CsHoN`w=2~GV>werNRoD4 z7DR)rHKUc?4qr78$)5^OVX-bqS19Cwd=@hP6XcLtHFZbLs2}SRZ%>iti78dtDNjjj zF*p^;nvo}#g=%)XNW{FD`(SIE=#zM;mh`z8_4AaW~a|m0*PF0WSvn{C@i%v1Z5*lb%INU)UT?SC|PfW6JQ+Nn6?sJ8wegDjTT!!apj3hWU{N6za*d#|8RGoS1H!ZKAKB0Tg6NjprZLY2ywiWkB(&N45`V3ftaS$|K2CSK65_;@E z?(V4ui+wJ?e+FpNJz=TozQ!(VP)BD%^j=2U=hWzsS-ann zs_@;Zo8-tNem|kE=zUvecMyi{7I82dYPPvUcKP+pE=FL%Qd&wQTL#l+7j1AOH~CU^ zd~JK1{*pdT1$IX3{A_H@b=5SC`55k(oHU-tDwWEb8!RXKE-Mue$=hFH zo&E7qde6-R%P?uf_W5#CI)vI=Q3XWmE%a?g8#Qsxt`oL6x56PDZ;@571Cs~CdXQbx z{G`Y*_A_s(R9`qGDWY-;me#kZp6DLr`!ECea^%7FT_RH!$ILYu`|nf1cPu$a?Giq0 z+24`;2;2np-9)^R$Q|&mMX3Es{48ZcsQHEulmXXS5yCR>x<0`N*Br_$&EgWDkwxYB zD6+(7=5XmwSnxS|{%9?b6GTx_!A=ny`X#t%4D!<;yijf>=wyMa-8j|x*qC;Nxva2Q z6OZk_XU@DqH5R^6H)O&*%5fSjdt)NM_9>Ps6YP)05VUxC0b4@5Erg(rhXIuCVRF>K12So5AdUL3N%r8uZ&F%U9OLPpluv9i>M$cJ*8Eu_F~=N?&?dKAmHAlWig^vdF~#;@Wp?m;~A@1b_*d61KzV(pLS{uh&Amomy!j zPOro1ByHwyc2A6;vg^n$f!fMm&XrbaXHd<7V3v71qSMZ68P$^ZQJ?Wdi*yP7(hr-s ze5!i+M6mH|>{Z~o<^w>9exd<%w;bHs27CP0k&S_ zk`xkzfmJr&Cg&e+h(~6`b@M%=87fkUz%80(J%WKQrwCG%Uj7p0KK>{2fdv>veyJdW zr&P0~;RSK=*1<3>^A5P2eR;4iPJ^Y7cG(xE7T0EViJ^9e!9b3DPb_4Uzi|0;b2yaL zNZf%PQY}W_bUblYt>?(&>ods-@SZpCI>9I;l<)ETS8k~8dImZ#WXQFNmHU&{7x44C=&2Y z5g#uUfGVD{oZ7{C9s%#UrN1$ENN@LcZPwzo849HDbg#X7_hoiAKbl(P|G3}M{~o=A ziwnOK0>Otr^xa2rn67Iij$Z7B6xYy)Gce8N0@w`EQy_f&r0xp1ar&V@KO3O#g7n74 z--FoC?)tE!P2;9J+%$&+eYz5b&GXml$M*7UT-u9c3_knwEokZ|;b3pczWB4_ z5B`XqQmle@OKwvR%=NiC``3zkyX3@T9X3seyOIRyR6m?W1iplNrm6JMzP@}g*nUWE zTdR}oDUBl=##WmndaQBH%u~aRi@=2Go7QX?uF8zS&|ORJ-b9&%g9=3&ga}0}$s^`b zPP}X_cG}~n1gDF4po$%>baoEq+yLV+E_t3N9oG*R!@j~I(}RhD%mk*SV{=OmDqkrx zSnCjkdrWK72Zd@$vU!w5s3eO(7!})Id@W&%%@MSaU#v7(B|ojquT`=vQgJz`RmNyJfzB5Q;0c9L_X_(m|H{ zE+V8UyU~%S@@!zmQ3J70(@BxyIvkSF$ysr1AtOZ~$l~4RusU>;mDRlF z&NVqIs)|OHHRn-tx4GP+PAxBmqF)l4sd_Yv8igTD`syc zEOyc~Jmxl}qOsV&`UI_3qJX))x` z=m6sdb>0v?>WtVr;X$?by+BlsR1lt3a;Bmw{Ks73l}KIr>Qf@?+O zKy%}|klq?!lbm@?3R^>qDBVKp3CDe#qH2Y?R<%m?VSQRO^T=;xiNSeWdPTn6v^9+) zHBXRR&=MKibh+Z%F8kl9lB}s4(m%`gXY1yG zdZlt%mNncyU2zU)N4D#Z*i{OKg$$x$zbvZTCax`jPDhdBV07Hrw#p;S&TcOi8BQ%K zj4elKqRg}%>A6}zRN<#PQ=?mTf~~wa+S!T>XwUw*sU)!tyD*RvdCC7VH8rmGFJX7=rpTkZhPrO<5?`y%i!$6F8`usx_E_5Qw_*9c4$sa|quyA_g8 z(gX8rE=NrPHcFkOF>+|c86uUkM6)2*T47Z(_@WMCdoTy;58q(FvxRQ&R+p^zPbOL< zRVeu458~gHgc8SqRdNMT?eYT+c9?lOF#FdT-y!`N&@rF~qgY#^6I?`YFwTYw}cu}x%yM9kcGakYe+3d{bqw=G>rv}M@!9nCtK%DU?< zvNkvH3PD$lwVCr_(#X1z{iw406zfm|N)j zZ{@VspGN?=Az4*eF>Hd=`wh4CjOIapQwG2$ z|K+Lr&gRzXkrn>BE9bql2Spdl2>FD;rv_b`wtICqm}C8ooo-joNN50;xVJ&%g3SoT z4%v}^t&3dEm`bf&Gznw=px*zy9uBiI>*S$O=TRhS+4xZ5l7QStM`WI4O5(s%2(IBM z0x)y4(|IztCEAL=g3t%)oG%rQ*11fqBbs~mCrJ}e-V;`eD#(n1n#Wa5^s?|_@)Uh5`UL?u8>wJ&$@<)^~abG{Vp?^xwPkBE2+xze3mYY4I+%nlJ-wchncZ=Eu*(y<* z#Un32&gJcE@b)c&WqRtA+^Rp?y?5)~zFpX`?{1nemz1ZiqCB(-=!l4?%c_EKTb&Va z?<=*QO3l)S?vxjF5tD`TN>&Zfur$)C_YGJg$U(w`Dv*3TVSbyS*PA&`5fMbBQZR8G z?7GiQ!M!BA+^Y4nX9-=qgtvI@hvAnh#lMwPut7^mMiC{`w>DFp=Fuy}ot0;z+oO2H zt{GjQQ!P7GhfdKR!G^*wp&`$x6FWq<5xt%~%HIZD+qRK6%r_R-`7*~hcoVb4sZ}^J znS&~oq8Kxbb^$y32xU#89qE6uNB?dj&lnEj0ht$!+szGIT2|xDcV`^*71ja1y`rBs zGd2gwqNxodYG~D?X8VjjT1;zz5$-wdp%wHB;TQVppN~{ydZMe96yB(&wM7Stxl(Qv z7{NhA1Y74U_y_!G5|JsMa(KFq#Ur#E(^fxttlrm+J^vUwiQthPW`~bw?0?Vh3oR)p z1AcB`YUE$N0b z?RT=_JoR_#>DTcSZ*9-xmh$ws6O})FHbeEI4tvsAWQQ-NuzqyYz45z}n6c^xP~;}h z()elQrXCd_^Uskm^5ZwrFr`!uoO0G4OJThO&U_1dwWiM%GkFQCn)DxHEAQ18KC+>; z?2zL7 z`lqqH&xE;h90lQj7VU~-`CbT<$9mpQ-@QlZJeg*6?+wWx0xBCgs9`=tMcylKyk+J5 z)IJIibY}tSyCh3e`AbAFp=_{^_GEt_a}YiEDe6wH;6(!oo#)Hzs5lrH+DI`VAAi0P z_46k5EBKkj2ZJUEu2M-OV6l+*>zWkK5d0vt6X|G4r*{vVe1iH@Z0`pD5Y_@C_Gkwm zX_6L5znUUZWIXG`RXH=~P2ferwZ)h#<8pAPNt}6sF+Plp>;38#6c(-0BhVozC=G`( zOBhtT^ia}Bj9dQ@&xnOPerw>;r5qb93x}pkE`Kt58R|HL!K6v4<6F-lymbJz=K)ND zIWF`Jsv~VRhvl@-d)z>fAG&9!ys*%#n}eQfG))Vv%o2fG?7mG##FD;ZZ%8=#_~CBl zJxWziof$K}w&ijtzRwxb;&jn?8(SwMBTIwGJ1P^%uB`YGzLn@<=gpSG*zm$VXq+L# zmBk*4a#p47N>Wgc=rjUUCdSr!q*OVGeurrvP&F-+a(jKkXE5@-&*n2a2wJt_>Kq*z zIzgV~<)uZ>Q*{_dI>os@utCG|>Ay`+7#%*{fl?hHG9>X#2xpW-rm>|PA4utCCN2X2 z8#D#0U?S!@0QYiQ()|hRwRIOn74Xrp@Ys9iDFAx6I{Hk;*`=@Ry*1qfVn~7##d`d^ z8zb5RHL9!2T4|*;9yTZH+dF-h+aHg?Mo(^iW!(g$aE=wq^MId?0|G2$z{qU_ObI-$&gbzxhOI48@Y3`&_0h!7ZPp{ zi@NTB;;{(}Wd5#)RT;@EIwn(Gx?zXJzyfdzT`tbl7OD!v^sv; zsZXQ%^1JRw-9r7gE;#*)XzkKNdQTQC*fEDOHgf8C8{;~93-0Dr?8=a@8Cx=M=orZN zR~BP=QpbPQd~dXI{tm9X%<&`7p; zRAUQ$SM+}Y{|>*6XN2)Y}4C99i2=jY6I z4sU;b2G;^%`O2^g<2)|6Jm6>U!NQx0aaS6WlMq=9S(A`cZ5;Lx_}DeMw|qpN75MPj zzPB3p2O>{}WtW|JX`3f?46FV@g6hMN%J5RMxqC~bIo302Y+-^{>|x+8Mn0m{WsNMa zR%XJ;b~W`D2lE!KL&qg_2zvk2F|;18Sj?VXo()Ak?kOp0Xlq3`4>Mi1 zt2KE&Q0?#=+%7eY%w~{Q;UuM&^T839O7qFNyW6BY=sbY)VVCnEf%Ab|da1KcrGnsC zx)@=MJZnMse$>i}&z?DNoC6zh$%A=l6>WY9dfm_mS?13LC*J3ZQzH=L_NCN$?r0Iv zvVY^diqep`Pi2AQmm~vcgczs3YZv)Wk-Bf}^W+G4Ub3$TAi(rx!z#0yPKlLe2jwLd zhG*rafRBLFr4`w~5Tu^TN*1iS>WpIQ??`&c2db8rg~ZA4Kw3FWB$sI?w*aC&b;+nc zRv45}YzJ*vG-2u9c z?ct9HOxTHgWCMT5V2NL~xi(8Iclmvoix!)-?hKltS5zYbkgkn@(LiGl8F7!zg_bQM>NZ0#-SEMDZO-?swM`NdhM@&l@E zk-66wZEUhums|FE=XAc^quQy#xzroy1Qh1fTV;e{rRo$R)mUknl2+fr>8FDD;dc)V zP+5WMQ}%GKVq4@4Sc#=DMQoZaMEN%B2)^v7q25s7qE<8zYzwRZrC<(WGDSN?KKc#3 z$anaJNj$@OVTda`L{s?E%8LB%VLV@0qA5Pv^&L6I@U1nZ*Y?pF*-y7*Tce4&*Vf7j zWLd^w^M{tU{Qg~1+d%A1i9p}H3E0h#3d;z8HI1c}&J6U z?>^&RBs3dLTA~-T=3XBbTarAuTQ;}2u5mCkZA`ta+Hs6~^q}q@)EM>&SVTj>jX%3Gu6@Wa`3nyCc`$Et?c`uQ5n$N>p75R$^ zRv%Ww5)D8b2ZEK)f2;)ST9JCVSw0k`%C@>xW{Y~2|A);eb&*mfJ<|k!F)=@|>-h(* zTeR78V)>+(RIO0Vsf(N&D&9Mt@AL)N63X0PtarYTzJo5Ho8)ZA_t<-jf;ZhA>ZLq> zm5FUEKHhV@_km_uw>X7cPs}7;ZT)pjmL^{4Ptco|oKU|+u+DD#y@B)UQmAyzO!;{@ zeZ%oPmhn&KGUd{GC0_T4EeV!mc6xcfzN`MZIq+l8Hddb&twJt%G$Vt`oIq={{2 z8vj&$9{B@33d%s%mM*HA4*<-<+_`VfPF_xnxJPNd-8H1k#Gfg2X`g=Wn<-)rt2}p7uh`tc|Y?<-f6fX4T%H@Un z*`GshxQu1rl(3`QYnh_;v9FT%4n5xMj9y|v6=2yYGI{^dud^R!QRb9>{qZr;q8PTR z-g#){%tap72Mm*9_PNl3;6pAaZu zbxg(>?%TI_od3TG?0?D1{O<%dN8QpuWfAq`YMg|Al*bK%KwE{(&Fu-Zi0mHm~I^qOjl@wc**b} z3y?OMJQe`Pf)jo2CO2&n-GbTCzl7W%&3hxr1JgsUGd<=2%0nEuSx~pUmc8@`mW2Ei zKuZs@a8RS^@9zpIek2FOLcT-?nuPqQciHjBvhNdsY1uA=J#?s}V(Wdw>+%d|6sV)nLPPglAy3a<7OGUr9~G2E3}t*c zu2@O9lX5;0n>d8#7Qbjr#8X#q>!N>|_1VIcqm-Bj#f4R(Nte3CAiH*xo^f#zH;qeF zsg5*iYn@1W{-yGc*;HLzM9k0CP(BP75}KH=$kl8)pSvIBES}!=Y2!TQ0>F!0!eOzK z32Sgf$Z;R2=q`-ZU?9pqge<2k%{D#If|%1q%?J zP=n24s&la76=!XlE!a`eT4lOl+)~q-8@F8;MJ~dyZs~YR;hY2__Zo0Z#-1C5$#Yvb>EbxJ)P zX`t{_U|lfq#71%cPI(w52lG=|w_YXR z0&TP<)vTQ>o7Ij>)?BLsBZg*i6=}7zcMdEt#J~9Gm?Nt}Q29?yt2!(r!yLePiqO(N6=ZcKt&ddf)BJOE z$aExe%HLj4)Svjx_X9_&awC&&$>p>fSKDvDY`!}uQ9BK461_R!GF&_9#dZmJsatP- z8}1GCdOp15hky1!4+|VpD(`eMJrU9weu~xiM+F{Ibd*>6cz7;paZxk|((9@mR~Ocn zg=|2E2*IVTCXl41Z^S(%3<&%Mkxs)3fqqqef7K=cw|-u;kgiCd2}7a&WtR(!xhxdl zj$us*G#Xy?ZcRj0O`WWbt6G@ZQ6odkia*wg<@Q|8u_lV3)pLF z^ObuXEKJ#(6X2d@zVOof{i`QB6sMWH+V|+Qeb;E*f5O9{Dz#|fXoWm&)s7tN4=Gmo zS&6y7CnWbUs0=vhcUta*3~1#yhvwl%S)y*Bo9*L3gjKD2Rn8N*9*T)k)EJU&*5Rb* z;THGs0;M$DB1b;NV%M2QnW^TLvSD(~$(FNe1g`yj|8Mff)T?AuX=JW;=!+>i^0DLF zXy0y!cPpM_3{OAtw?ujuO^HomqQbHkKHc{S-Hy@U4#zu}I9j%nlI zKE}}+xBbQDpgFbrJcZj*ynj=b^1>LSi~mGRgcHF#<@lJ36-Ol7A&Qmav7{L=5_n2Q zNTK&_U*{B`5MaGi6o@ae+#FGUmpAQA4u0bKSx;&5CV3ZLvvlu0me-q=H-1}bGi~l2 zzTJIce|Ho!XZeO`k-in<69OCyGniP30r4g46>5k==}^p$%Q*|5a3d~T@#{a=p7RTZ z0L2OxybX9CJ_iygVr37HdUJ4!?1WKmL?ZSqFl6A{-Qauki4&u^8SKqc&LPQ)N3N88 z8xnhI#M7^gLwo*t1%%x2Vj6yE>Q(SL0j~H{L@TG`V&I+tJv6P7AIK>Ss3h&(u zU5>-(m2HgR>IFhqRon_gSMSSY?y0FP3wL#zeRWLV5LFFYYpP95-z4^yF z6zL|Q3~Qb;Qa01cCQb)z?lXSyNT#a}=!gJE%We5Zug7IF-XWgAO69yk8r=*qOwByS zT`Nwa{a{L2c|+&39(SVi&98tLmYs~|>_=Dqnr|c`pj;yQ!#Z=C7t@B{riO+%pbaO4 zvoE!>W2hA-mt|mUOsO_TOjdvfn^QNvVF6zJ!q0@E*ZT`Tsr}vv&i0~QzBUvVx1ibhRrCI3s6;RX@mu8`NGwL$%eSf>ibU3 z0kyX=ZA!NNUd^ED<=l?VUjFvu;Epj~Sj!clD`k3sKW7Yf3blrfUZC1BAU4dA4pEE< z>oKD%hB8C8K$s1?>=5o~)HdnTT{E&{C7FUD>U0-$W0=gk#M2I3;v2?TSg#hGw4Hqh z3*&&J!}$h~>IC^bwOu70;A%ZYKbr1q)3-?+FbhXatsMt9XsOvqwu9MBM2q7sti+Y_ z2XlK=HRgI^91R6NF>rZusVSRiFLY??!2bGc!@!7@1^0AG{NHmTr4i$@fZ;5A!>(IC zvMh;ohi$P0MJAu;n|e}mg7RsNT^3!fC6D3|JkLWb5@VNK^s$Rc^%=y^$RA>QVwW9p zuIIi>Rl1nX)+QZpF(%`XA7KYL2XPwf>*ewdKfd@1-w%_3yV%;F1lhnJ`uBvQ=99Dd zx%-@mg~tAfE6&%fL_7F1z$X)(#^P2^o&{{FQ_P~}b?iH-ANzxK{I8~mluZKI66CjU z>R%x5zo&dz|KFkQ|89DGNxXdFRHi2Xr|$KC!5=9q>vG77D7vMzGTboem1yym8#d#n zMS(^nWItI5DS03Wf#}ZZcm_?a6Ee*{k@h{edr=W$xBc)p>^^^xqub0%2u0f$!Z^*Z ze=TiU=gfD%{r!gqwo_Z}J{i#E1Vf%60Makxq7TK+l^`ZMwCY;MI(?Rb`gcn1il{s% z2=PnWU2|2|AEj9rUh&byc1#<>odAKi2HlqKFp$bqzxwH=d&2kfM6dz+^3+wd@M;w( zso&i8X^UdjO@-OC?aC%38MPV>ZM3-SPuTtGt@fQD_b-u+=2{aQX{>3@ro3O07M1f5 zQI!Lfq#%LI*qu5|0i6ewl^x^=vgS)Zb3s(?V3Tr88nsKN&H3VfI;|>;jnt;nVx*9}65Ngp_2wOHX_q_gnyj{N3zu_y0Yd=ygMH|H};&y1);1e)T zB6_($7;pF#jvGs6fUbdS!~5~;;xU_s%}(^~R@@)?AlE)kxI(am%#jyWxZZgml;^RUUxe9Uuf zT+-|7_ww_1beN?HLmChvlCnWcs0rq%p5P!hUX-vSzEg5Tx`0OLio71cu-EnI*=V^$ zo!bvO?urU4y}`cu`#8_Trd{nO*s#Mx&crf{u;*-1 zR!D_r*=N(*e}ijhWzr#BxPrG0pvcJEG3^NF^bDjNB{ zk<0#PiToeR7IOw3uG-{Jl?;oqpXC*ym|p~A9(M57#-?pXQ#p$C`Ikt+-9^j3+nWJK zL5`k245pTSvvrGU)iNe9k~BlLwSE2f+^=!lDwmv!YpsA&h|;Fuj)2vC9@5Bgi}y*f zVk&Ds%66G_!psoIy8f))gE`gOOYEaeQnZ&cLE1h+QTiDpd4=vPSyN`V+bkVPCF>)3o|-C3p?bW{Q5ZlG@CQE( zWZ4<__(w%m}2onkiOvvb@K$VW!Cn$pI%3x!pRCq(~gTfj1 zN?hWSNqoUsv{-~|LFe$KBT4f30z)`ssR8KCI%N;GU})<=U&aQ@2g6L#j8v%wKEaph z@1gLem`HaAB}Emwwee$sZc${Uzrji*hOab24SB!Ckxqt0kbiz@K@!r4BbiMR6}>`I zCj?`&^}bq_tE^uFvcI2O^J*?dx^ zr`vZueRA>P+jqgAdFi@$Lh<*X+8;pK-*Nm#it*cbRechq!!~cYKGLQ69S5&(NlWgO zecv;%w+8Y$Z_%HbmjA-*>p2dpK38CW#P%Kx>pPw<`*_CS=Q-}5KV!4^1oR$`U*kM` z*L;8~dnZZz9n9rD-=XP$EC<+g-{P`=)ebhF&3)qN{dULS?B1z;`-*!VdwaQWgxQmK z#O=~!J{|Uk-*0L_KTktno+FU?58ry9@9fEaj{u+hd&hF`0}=X6!{X^9>OKj9Z}7{1 zW<~v#3ARI&DIUaDo{f&BvGj2O#STuRhrs!eEd2RR4*4>jF$d$Ak%Ku3b~+Tz4Z3wg zrws%I&-Wd}xfdO*$uveE%AIkIRtl8;HWfhHEu3Q@Hdk;OJ@PYC0^KubZx$eJRL+rT zyEI+|AgM!jG_KO~oLvxnT`Z?)c0K>;FvJo@;XY_;#KoU2Q$cLT0idLLlE*P3i}Jr} z%q|#!UEb-GbEKNg<(Q?O2vs@m2nr=ty1ac#@=7 zDXM8{t|%#~X>V^{+tyfY%HA?(C5*PRg>MmE3z`KBXz?KFK;1ofm2lDJT&{+986JbQ z8;`!TDC6mAre4vb3$RY=m=GJW(M1jiqc%IE4<(wzi3=S#ub9*gm%yr@L)Dirv`Lw? zsJb=ah>ch7C9I=V*g}M;o$quy=gfDY;Dg@<7`=E&zobsVfkgfU%{e?~TVNkoQfBA_ zl+uaTEh50dw(+6BvAMa|K#FODSaSu+@Xeu}XkdkhK5N!C4K0TmLG%a$XD7g7JXF1Z zQ`3PH7_r<%2s;bQ*u?(qc(=w5vhCNP=~H@wH%BQ?uV={=Two6GY>9ylr~zmU^wW}v z6?;_Vfr~YWIxO2-5?h8zo!bxcmS$gp{a8QDO)yBSrZel21~>j{_%W%>`1g5#N^XR~5<5nL#kVI1$D# zGm)^{R&HQ0#c3A*vGpU~^k-RI@bai4ol`g%#OeDNJk4uHpzJO*#zstg68@tJQ)dUk zJn_IJB!Klgy?){^B+W348un?bm9RxKTz&k5WF_Oy6o*+G2}mRDs}KlWjd6!DlGZY2 zcrAS`T=o3+gd2p?hRoklgZ-61q#1!J@D*^bKe?1{@_PyS&=B!o=N)enWcs;Q&Dno) zNxqA6p=U}%DC<^H&!Ewy)kdT=O2C@Da4hs~Y*+kT%&&WpY1u2Mwxpz@l@rw^uJ&{~ z6&$=>ZD^0uLGrw@d)&56Xtp*MT-uH$Xb0N}X0R~|#@A@2J45($AQe=KOWIbmH@oHUZHkj>~M~Z>6$j9!b`1a=Mc4>_I z`r5M0N$!&-)b5M2@|R=3Wq$ZZA^nx;7AJ2`@-67y4HOY}ayL%IvO?S1ZeW{D#PO3; zlJ1_2S4zEvp+u(jmeKY~j+MX`+U@(3xa=rA5?~0y2^siJXt&1hCq!s@;~XkEYkg}y zoU+vp0xaCD1Rb#@10-=iqPjJ)T4BG2yLgwDI7+3Xj7Oo(3@|i_a*h?8C{~&W-pzCmyrmyp$dF z9V?aj&%*6oWZ68pJEd zYZ7B-*x?%VjpY698=9*+58o_tGyM_>g);k{%#e7-@q!$QUmt?2bUpH`RIe~i$upUv z_49j00!<)VH$Jb!)Wi(RrUFrdsS5VWA~BRB&5p4WMF?gNNN%I#{_8pHb7q1lFWP&c zikG>WzY)P$l9LQQ44joX2852c7W=%#1*~n7(d!8n^n!m^;}AuGN70SN5+2` z2GCguI7vpin$6y)(Q71JAsdXTWASvit)s>&`a>d7NNGVdjeQ0~2RkIh^J|yk#hBN9 zj2-dxS~z%v5&0cqOHbYl}kabfdH{ zpyjA7@z)b#?MlRqLTz~!b=wN!?1$Gf24t%U=&nY%6&CV%5XlG(Dm>Ddw)R<}J`!vV ztSw}Vb(FkTnh%K^*Fe{BU8v8IKjz{9?A7)XVgzFMR86b_&x+uEUSq17t##8*G+-IL z@K{8c1nspx%$NzyK>h%KrcD4&Vcz4MJ7yc=+W5!1B~rCFcqo*)mDCJM1fbdR6jgeJ zFm&zxQcU!INrPu)6x9>5J3j&noGY_)d4y)bIKYN%dLC0CJw;2F!U?WfdP{RO6-!== zomVct6N^TC3?1!!HL|_O>=!|1S(>DA+vZ$H@6rYvwIFeR6@;>KqvgduiPqE%azo~o zMRHR`oXiL7gFu_-GXu)G4tqU#=q;R;QKL)yCIQ_qI zN1aBobJ*^#N{iG0ge_iSXDMFx?9@GcSgSsA980}krsGt1)N_0*Syr=rv|PsEU0OJ% z%UhEHz>_7mtsil2twWrN3`*9)utS5Reab`M#p6_A=2=Q_EAU=U0^;W|wT}^w39`An zcx*`GuZ|?#n`qkz01>k%0opV37@?`-{p^Xz!{Cglc>ea4bMCarG_@N^FnMJ zn+~W~L2s%n@Ntz!l)5{VC#t)8UGk{ofOaY$s86LKCl57LYJe1-V&^^JMTe^@QnesO znqPUy3UOzSxtEft4jg(9N^{qo+KQsQZHzuvWxr73=4a$E*f^C zB8su4>If67EGptsz6XNn8lFzISFldVR&K;xqdJ5pNPP&%Zx$Z{za>=Fp`cTmjXAAo z)6gl1lpZpzXw%UVtnd4VM3U8}DS1o_A!_VMZz&hXj&}>Ufkl~nc6m{PW*xZIoKVKT zV{2D##Wdw+u?J8KD^o<&FjJ4TtyrO}aSH#bsuN@Vyo;r(LtRt&V^2d>233Dw(@Q`{ z-n!Nkdk{O)b8r*a#s?HMPC=Y|`UzA5Q8|^*qPAuKm{x6Qd5Hbl36xe@Svn@6I$Q6I z6kJT%kN9D3FXP1gBGn^`(mo&V9F!3a+4VFMAapxZLf|+M#$K%FWWpsU>DSsKup&L% z&MpxI)l#`fHplo5_gIEeQXi2uM9Z?OAuy*r^tH5jp!~xj3y;>bS(t_%Haf36pe?O{ z#9m>~quIH^%{~i_tbvTDVh@!=a7a@lKXP5;20hZgV#PnE;yHDtf6b9Q?aBbPJxSWV zK6hiX*jvR$XiVt{|2`j_F(W(FOtVtOk)D#ZWk*T%!sPOk4N~9&sZ+H+toew~V}o#n z2M=LeO%#6okedhkrMyrocO5Tx5d1}G?UUh8-+9~ciad-@wEq}`<&vZ&sxZ1{+A6?=?F z-uO`-y=|cb2K?Q>vZbehL$sy%nsVYBOiMKsVD0Day2Zm^dKdgv9kiE~@C7kZ96Xr;akn;!UDjiY-ekNA)+vu>~ zeC#Cx#a9|?VjWpkslTelLA4mWFwHTgyNvk!H{h*Sb-4R8LgCjtcRGY}Xe)CXf*FO< zmA;LW8(2{8!HK!^#g*29IkeB60qf?O@wD+zU(P;k9xsZ#{wxBr^IUe2S4n(WlmA87 zI|gSKz1zOAZQHi(ys^=-)3I&a$(wX+r(@e@$3}N-^W?wxz4z4paQ3NMwQAL@S+i<= zne(Y)-m7^vv1T(+ z-zD^%XWRE881-S+7k*(Zp_Rs(8Oc#)VIPs z`L#`77dUJ@gQH$9&1*fIJlY&ZHw^@TRr?*C0_$Z(=kfGM#ODnRz*5OiW`~cua2!^x zgb5E+d9mWaJGHei9u40<?V0l3t*Q5St!QneNCJDzh z_u-AR!#{yo$EV4}?5T*8Z1-lltArUp=RWFkZe+-A-Ic=)@FSsRhTcV~m@@|5xad_k z;sFHA1~$GQnfLWULe!k(KZF=2_5jr{tQYju!eSRNS{Cr;r7bW8_Qf{NaL({3Sh1e0 zilTMtP2}Zy%NEvf4nmw0%SwySEFm(GMIEs}n-XIUPYi=CjuWEl^w?6AR=-Qec9Jc> zIK#`Uj#zP~I9iZS)M3Ewm&pHtAKOft&FRa{ieShxg&dmh zjNq1iX?>~+1hIC6U+qI`9k9DraO}f*#ySTH-2fHoBV@t4oYZm#2}RBW8!i)oZ23rD_c+cHzW~)l zm4@#}L}Y=}-4m@GUwQ2pzh((!xCoPutb`{D8$~#UO9K(;!S3^i=JDGBf9nZJY}xbx zA$U6uBO_%C5+2_X3E6_7a|PU1E~}tH&aIPaT}F(;W>)MdYD|fTUCBE3z}WxYw%(Cz z(szNg>$H-e%!Bx4$B9@5?F@I(Ng`flU6wV_4fT$(kGpFU+#71dOzB=5sMnTE(Tk`U zda)Z)WkjWCisu$4bgBo0P?9-e4^dQROAryV7)VjwmhnsUxOVezMI}OZO|HY<9Lft> zZJ>3D+_?`Q;GddGdz_@ogFtpfXLV!m-vTR=Wu;0qVPQ9j%bt;^l05?vP)Ka&z}+bs z$4X|z#BdYxhipF%v`p6KhnYRC<~;qGC|+IBov3m}e-bADirc)R3}Kh11q0|jWoJQ6K@Kq(LqpqWTupkW@^TcY8G0$h?~rG7}9 zIf;3hD5qvH&8MhV7I{;o9V5=&Bfy>eiu6Fhfgv zEe798Kc~bm6c-(`!+pe_g^__bv_Jp-5YcdG*K zCjQQnS=7@l&<%y;-13VYyH*icdiR>spy81Y_Svkq#=mn`KNdfkM|P-GwwtRkd2knAMcEpo?Z=g<&5_cPrnC=0Kz z2F_Pw9Pf|5px)4oQyEb(YX_2hzRXBioMJj35+u(nXOMgdLex zoLXh9pK;C1a+*9vgYH~A^KU)oMUZ)kZ5gJ{_M6d?JHG1HWlw^)QO~I6-dygJh(Y1> z$8KRqZcndWt7*k(e{-2;sfvcIs4jE1J9P2GTyGC_j6lmHT*T}FiPCN#k)teF89Kfo zOY4FtgN7y_^1%5Kq%~x`0Z?t1!I2=aJ%UcZp={%y6Y{anF5h9jOU*IpExC^@kBh8? zQnKvLhxtjHL6XPxkbTfN#VvZ&6o&E*#n^}m9J4PAl$;S+dJwXu81GDQrZ#BVeuZ*W zS-)O3I42J>-VK6w_?P(R-HB=q*W`!r=*^5pLjOa9HpM}4y_^^;z=2>|Zx#ug?rCq|fQwc0w7<6*kuRyY$ ztTwllN0gwAKX1X6)6}-$Ih$Tr{w}E$9C|S^=BqMikJrT5c9Qz(&7UU!yNa-u^a$2p zv$^a_)Wveb4k&EgPRKY0@cV>CbLa-Nnptw{dsAb0E{sW0O_rKLE8JUn#aM;6%8}l zp&uJ!r`PWR)0#mucpdS|uKJf;61*z%|}?6K&kc46yFHBS7hv$8efJ&K5RzTj57yWessKe zZVHa_l3@uP9p>1e9mDE33-?-XY=pTA0U&Cxbw75V**S&eo+lP z{sg*-DwpgRhzksh2Tq`aHi*&)ZUyM*Be<@MvWiHcDeP~@?_pgKrGjf|Z~;ST0=o&R zH_@7tav(@05Qf(z8P>H4lus90gYtL-YfcBl#yTImoVd(V%`dF`cT;^VTlomvL_VMy zA=*V^BA<=Ut_SRg4p{^sLJTfD*_nnl?F$-NcN$=vN)zI%qS!w{%VLm?V899O;w_b*ap!5g#FW*cl1TRpQO-A*#vEp5V>j;21Q-Q(ub5KXpjUkeCy_nJF zI&C88VW54|N@lV~Od!Xi7R`CsHU(uAM<9;Xf(br%a1D!eroX*HMN3;*OIM`|ra4R5 zCOn95Cs;S^Pld{CV}7oKt_vsR!&62cZZ#V2Hy@R-6u4AwuWViKzbp%l^4lVYer36( z7neadX^NS#?e}I=gkux;n>$f)IJ5?}1RxrRz8ogc6rW2S;u zS2k(x81PlP6fI=jRa2{IJq~PX@LR@#GBL(fAyo;LP*j}Rp5CP}?hvL5cbS8RZ>PqS zfR4$UzGQ3?N9c0Ooe&Y`>iP?f*QeVf>#(*U)ir!sZ*I}_Hp*ctvb6h~V`zBwAuIvu zm8tgE{@_V18um=C$>rR(Er~_*IoA_!Yt1Jty-IXJdB4SDA^p1vwuIl9tAI5~ZY*W0 z?Vh@YnGV$v(HDZ{958-*c$JAFUR)ci3GGtyOUi#;Da$eXiPVpM+D^o==udJzf9Kzv zmLe>ZR)S8TA{G%RGntAM-N%G@mEdaVQq142Q`l%h&dEvmr_qmMCat1r4pZ067p`X{ z4OG26F<%d1n&8f8Q+|i`N9W(?49Mz@Bd3l`E~ic`g4Ygc=A7a>dzahyh8??5%?3iL zEJaRqFgtPv6_XM7adt@I%F}Dkx;$ISqsMXCu2@f%btWf|%qj>V75BR(OBZ4dHFu<+ z7xA~|QO-uXC%YVqF+qb2*;H_5M;Qqxm~PF zf_)Dci{42>e-W%0BQ`4ZL{~%$2({ip?$na{%$1SRArER1oH#pOq=ivoFkxBV4UevZGbvR7#yKT#Pm$O9$!>u}Hbj zJfd)NJw^?!>9#z$VP-GZ{j+=Z8Fv{M{4jvIvA_pT>#FqEnu&BI!>$3a4(Zn%gOhE5 zoGKg`)?}0w*fK~|CK$O?X8ah&vB`E}76DC{$&DvTl zzQVmbY;9@0REQL&I?&Hc-jKvbo#WYUtJ;4)fF9d26sdaZ=xCZVOQhcfBtq5IC zWxzk9ZBcuqnRZp#%Cse$AxsDW>(s?_RKa6X`FNytKqgbeev96SXEeZY(OdRY0tEFc z7{YB*8~4rt?3>jLoLuXtMob0_ThnAbh|EdwPf*cwOv97KzuG4`w1^yiVefi_1>7H- zC<2g#e#I3hWZ-X~VCdg=ePLdCjN3nA!$~Fqs;t4zX{m1DOp*5uoo_&`CUnHmPJ2RZ zTMaU$UAZ+@qXk+7l~0OxZComRwWf|3(;kxt6V;3YP#3(SD3UBOFBtd8Jeb$%O`EVK zd*de>nM=_106>OHc(_#fT?tCK5&%Ley%Vs?br5#~OS{~b^2EI#?MQWS0bnd(AbZ=8 z(pcVa$M&Cu$X!2c4c{5y??I}~TK;<~KU0Ym3*A?(T_b7Uw2~LdHeqU$NG;rOck_K8 zkTAcu()O@}$39?o4FR!Ud0d4fbLVT%lY(jT4miz*s77t!jUHl{dTzd+rKck(wTyid zSZ#gskH@1F`Mc~HOQ#|2+L75m;@2+oj?e8$&+Spq?V11eVR!hh7qWt6{f}R5{lyKI zUl=g^ruO*0&f+ZuZ20#uc>H2Dk!#59om;}c$zX@O0h!IiaV|ayC>4;4ekU-ai;%x> zNY1gNLj8o=W}%Q{E;T!mf>UkIU35*i^>Vx+Pw(mFcxcA;b6|T-KlKZnT>myft2l7= zZ1Uip{-RZ$&OJ&uR`Ifgq5E#zz0yo5)LyDqJ%1(*Op|^Q<)CW){8pojw%PJZ-$L&? z)5p!qbExM?arwtsMUvwFjv{?ON9xk2W>-RXT8x~+q!LUN+Te=Td}L57|7GFX%+UpY z)kMMWftYe?Rmk@jr+izGp^_R!*psy!q4h^CF<8SiGUfElRF2i)8w3rMGxXooAiHrJ|MOHW=WFGQK>$GQftpz#%=}~ zDmnLi1dS9klReAuoT&_kO0C&-)QW2sx}q~2u)fKp*F)T{T%TbFd%?b@%89R}B1A(G zu8Gp+(9~l`7(r8ej0;WKlmyi~eNnvAV3r3Z=9JL8BYwK|eNxCSZQx4Iu!>}WwfI{1MSs!ihNSr{BrmIiYtQ%=f5GJe42KAgF7C`* zhcx;%*4+O2Us!!*RtUcVG7yjqz5hu8`F{wx`+pUX|E-Ss--ekQ-T#)xSh9^%q)3Zt zinNT8$-+p0)>GQ*IGLcaL>Y<1q#RP>W>1A?!iH+vHQT$Lh0E2v^#qDl^#js6uH*;2Jc3wgg&~hXtQ^%6{`sPk~vvUZdWO&UWehhiI`UXW}OxPZ0r# zp>o1Pw;n4^Z4I7pNg~}4KJ$5hJW`a1%1OJzJHoqz!y{P z^Us_$k(F}Q!mT^xep!pd88dev zXoD2*qJucFr@w$?uIt0QTJ~u)oIGEsqRTuYAfuP>82Q1}mICFpuHv_w-T8LG(~!s! z(hD>qs%m(MX^0TUyw5vpcZRjpnZgo6JY-^&nYlW82zxS*a||psLiC<-ct9SVts8(9MtBF9!jj~af#ECkF2DRAD zV`N2n!AC4W-nvAZoE&LdMpaom`YoA8n#06%Py=Z2L;~=u+4&BySocEPj*dzR6VwwB zpsK`gp8lN5RQysv?Pg{vd}_h9FwisDGdtE1AE6l|Mkt7MXID_d)#Bb6E}DUb`^KRBfVlCa6|ls?V{6TQ zoym4=lTMI&Fj$S`GqyoK%H&!mLK>B4SgW^gZVi@t8xZp;R)z8#0F9`h3O40v^ z@NUA;4x9#OxHo2&M4jLH5>LW&yiuhi*5mmy7DLh{acqJf6ezr?fiOW-9}haht$eYB zbWe7;_rKbq*5I&&fNQyVZf|Df+RRIU@V#yz=vw^+*%Lq<0 zl3&-?&A-vtDAgdTrm^8pl3w$PH=t`>KO`DsA;%F)78@!0>>sY(B5AF(fmPH9$@#Uc zPYIB7Xh@`aZ&dpwRyrs)R0zi8&{9E!MYK4Nzlie32X}&JVv*o&E<)?i@13Q87$NQ% zlLNtP`UiKUQn`H?+T75?8$umPbRxPt`tR8VxwmlJ59tRL&ADw_fIR=~|9U^1Q z3;rHn!!3L~RMLhf4YhaD4{7wV=YpY|DhMm*)xgRG(Jfj)r>hiLHtMxFEWB;O1~$U! z$ET59ae(&kW>p24T-1#}{NYyw@Pj;edI=#o*+O7?bz1~BZ&4z0Jjt7wiThGGXAKl5 zIZw6magFHkLDdyfaNR&cYvx3ikj@h#jZ8HuiI^HU4zNXy;oc`S$!HM3^R4mhSHmYG zLrYz1np`ywBYCtdQH*4Qx@e2uvgA4O(Q>z8QT3wPnDp3iJ#}20grxL>^3)!0t)K0<>(YPJBuS}2>Y{n!WyYr)R^&c7sro!qU>82QfUEI6A-Ul zc@YjGdT~#>L}l)5Og!V?-d5F>DWt9QJ^W!-hHX3J6$QFJy4^*>*n#+XM;~+srg?|{ z6(y#>bkFSB=QB(oWYd1B)Rak^-HI%s2Pt;}9hV zI%nY|(OWqorLg1cM?~d$j1S8R_x5BGwlPq8%Cy^ebm=G-%VS!8`m*bfa|rLD7lwmG zE$Vj9fvV&F@yx{e^6OAN`0=b6=YU?baRNZzDY(h;%^2}mbi>;bmr0V#nSJBAw7K`0 zQ^DS;y7BYvr6HPo78QL#f$PvnoK;X^wm@lQ?r*eknIy&OfvI>opn7d8Q&q zEmz?Q_Y0%dv~u_-BgZUv;(Y;Y=bvf)bp`y7_sH?SLi6U2$zPjCW*6LKs5$)Oi7m3Y zdkU<(QmZ)qa}DQ?6Yi+{U>E-T14fN!d*W0}J{0@XZ7A^Qfj<-(dQln|I z3vUn=X zw=9W)8_?rX?a=hyHYMX76a;qKex7AU_JL=L#A~MBeoeuiF$&+-DY!3^;cG6D=#(>l ze)OF#&2@f;qp|A~$Dz@5udQ(mlkA!ABgy{&unsHftHH)}pBL)5PUv)M*}G=a294k!Nd=c094M~$l~IC(#+ z_KNXpoe4_qpc`YlH9v)Lr-_<$9-U(UZZtk6cXz*|6Tg|PHkpZ!<-&U;lKD2p*Z0AG z;CZN$`*PGGtdu_ztApm0L#)oRD)eg*ZGQc~jN=s#Z7@_?U|5|=%3gSIHoh_FV{~L6an=mHJm0u}#$*NmD7fPBb zc6U~Tc3aSC$|Q;7!ADhL*X2i%Tdnm1vpOf5c!1ikWYs?N2fID`Zc|k7pc*DA~r)GzWMcov`cvoE0upD5MGP5XE zExCOb?Fk}eU-7)MljL$M@z4Ng+m9oIh-Gd$i+~Y4OB#DYG92RWxJtPQKDDu6LavWF zqg1qjpHvd`(;!;2lvRiM#*$-2JcAYAWd`ie(bB0!M{sQ@9I!`J3zhmlD7UIWh_%zE zKunxjFUrII{sPlGUBe493Qr=c!{CDxTLA25!+ z&W^S2i@mw_%H45t4_v*(gBzPxUcY|DTC?~e%hlp|!?g;D}N3r-M+cT04kv1 zW}J(=IPLvM^QYX3yBHBCD&kXH%S3hdWxS;EQe6mWuZA9p6PydkkG5PBiuLFSi#ma& zS6WsXYgSuW7u{HPX~k|w<*8-7h1<}8m9}yl0_BTzzW`mm(}ZEj+EY;PIY$%Z@mJ%e z?9j%9N4e}~w!fCf?72pZzw7Z|2om#bVm@@16(*-cJrUVUVwfoQgjp;iV($1xY%NYF-fLyif!;!6?#>Nz?j0KRo!B zs{1ImVN8rxI6r?AJk=-2c?U>yMMEQ8Xo8=4^JCAOp5r-{p=ru12BFm1A0pWIG!;{2+?#zmzIW9e$QUd340yqB~76C z92*MAE_~8|C;~bmm&DfJ0R{KNjTQ+D(JFizve3`qau`njk?@Jgs{!n(sY+i=vji_P z#_nRu{F?!D0r7~f3!s-;rUM^Zc#dBRU+i3))<}-Mgy@$6i-B+8A3Lj#hK_-6TR_Jz zVIl(CtM5a8_)(}pSPqo07^Hom7V({#ZkMSg=%4OxyUeo?ydbfkhT zwT8P(Df{jwL_S`&9y=%xd|=}uh(IBTg)uQNSS}Dm{UFsw2m~9%(HJjqmNsxL`v8GQ z7_>Z`VZ{VQ6Vy=_FOZo&(4crXJ`f%~@aMfVBlIpDNNyI?E^%dt1Zf?kQkCShGW)h_cL0l;E z2}_f!l8rX^h2>Evec1+ok65QAs4U8*YIy;2|zT?+> z4h}U;NoRh_wd>yQKv;(X;E+@5s^H$*arp#IZ%BWt{Bwy>2nt*Fg^LrUFoJtABM)$i z`MRS_YZ3!o3Ch>#huK9~9iWDtfpdv=)0R26J{!8Is^Zt}*A6J$7EaID^nx>EGjmU1 z-cv;RIL77XBi@srUzRBg$Gze%%@+EjKFF0DihuB(wyJz#JouCc#J^&fe<6Jqq;g$z zEU~N1is^^HN-V*vYO>)WhTWpB-)*uGY2`VqUK1qL!A< z=9d3Ea41b<+C@zR<7=xcql=^XJ|rB?*6LY#F%^wLyM7q3h>RGjnWf4oxxR9*0#@hs za3o0!j~)LB&XnCBSH!d$JTVHhoI?|TFi=x;u!7K`t~n9d>w~U~A~h;G^Pm3REN}0Q z;M381O+p5U>i`^Suq)#GafXRVv?%!O*n$w;v`OQ;48_jQ+uqo*02AS)LT{aT?E5|4c_vtHiNoi2y)WQRL#k^m0_1vhBj zzfAjfs*u}$-CPcQ2r`{CsI~QY| z4z;G?Mhll~nzKbO)3*=MrWNVVpEla@0m;>5O(sQDNYW&Z zG;DBGwP=I4*?K|$9nU8ZLxptSxuvzZcY&hMSv&T-aqK!yN3`WY; z!%jmPpsYTAX~Ua>>mtgBI>DqsAw}Gf#fR2oO@p187o^%@{ZlO>h#ctR^kj2jRFAYX zaQZ9Is+=vC0smM%>?3a$oqL3(z;EAPd*D8bIl-98kEIF_q>V;Oz9TNq!(^( z>S7Z#E5Ii4Smam;T>Js6zcrcfA=L8ZWN{18849FBS_d++(~9$o&EIv^E#XQK}9}I&WY2M)VAX=H%E}_?ur;dm=*OV&0!-~C{lq;GG znsUnpup6tLMy(=-EN=z90oQPEj-=DNYfg?T^cY7NB{9L@ob zkXqP3X?u?@`S)LQar{Y2iO27iWcDr3hnQDG&Q@a#S;Kc6A$kuWK9xOvWIdCq`Mg~C zlblkUVZ1nwMAK6{4^@Ae8K8TVRFkoHX@l{MK=y5ok%872IgUzIv7WF?@!1t#v z9M;piCDE2=;7b8oL&QGNgc{?SF#GPO^2D%@?hvt=kXR265k{nzX_?l)o&# z_{4c&QdT72P#trx{bl5E#0z^yujpmzgHvMet<_9R@+i`W^^ct6eel=ZUU_3^lm>Q18#4@O2Dty?MsIjqD26}%4N2x{Vb)Fd!r#BXO&3gudGLym`zjTaXM z-)gUCRG4TrfQA;3!n)1Po{smEL*dfzs^@J+@ZbIPQ=TC=D8hjrgbIPR2!ynxjMN;m zf+$@u36um6)qoL>HKaIPIBxJTZ_hrqdii#a@@tkWeL$%J4H)yHA?!t8PwBcgZjmmqB?{!#t^Hy{VY?AS9d1#ocv)s z#b`0__Ni&e@bp7_J0_J;4JORC@jf<$xKLoHU`>Xfy{f@3Me@f(mkNSUgSNY-{u;Mz zzioxd(KDs^W~@d#VssT4C+TtFIe}a*rb1I(lD^!+_<6=2cm|^i z4AbQ9!R4CbG3%8I65;1nXuBo1-ZPSffFF~^ZK)%Qzlzo|F)hj>d;2l!Oo&-#P?It& zWJ$BqE$|K4+=MsNwQ7n%8Z4yvN+NZauH)Yx*~OXa3n8k4t}z<3eJUZ z2S4in=-{XPzt=ba53)jCUkzUa$6v9>T^1Y81~iCfX&FyUj!xGmOm)D5ww^S|%(@_L z0Ih|TlS011)vE4|`aGwIeTv7RntN#;_dDElz-AOTAgJg$n*swWvp>gccIC}!`=4K) zVDIPMA~VQ{GE5P1UImU8Yr%d?v@E8Fx_pI9IZ)HMT&9u*b1HP63Gr&eOB0C}GjH<6 z0LOZ2oD^M(xWSo|IRX-r7t#wdJy&r<;qO1e^arP-$qu71b0FOJ2o2zE@X}hq4n^%H3=qTZ40K^)L63tfaA<8H9`tc z?77}zwWUx7=ajEdT6<^K#9_^5p>atAu8FL!Y>*;eN%hg6Y+lp9Q?d6Kg0Q~cW$N3B z7uX3L48}T0XeZI(($B$ebH9T}@igm8_e?kEj7+tW&cH$}Iey_1=x68$oMPw&$=zCU z_jGEMN>A6f?#sEH_?nul(<7)ltu4*7ix~>ZUasmOjaF=XHNctmc6V=)^fiA;mT9iZ z{2H^q7gVkKz9))?pI5WSrQ=U4>|A@k8hcPSUaY0m8*g7?XG8Y+`*IN5D4T?wVnW<5R8`8$p@zDOaLao<1vfg1h%eDK$Vcay~h?Ym9zxArxyov z{bv?AuPmFGd!-`${fTov-i{aCm>zG^r5ysu50sv7K|_FKJRxh-EKeBhisa!8wPX=0 z3=Jr9&yhpjL8EQ5$=iJ4*N}|TJccE%VsG$jJw*v^b*y6OPYw))h9;302LqvB?q<6- z5MkIc=S6SQ_g!LE$ac(rCRe*p8T%w$j-H#CUXYY6&>Fgr-b;uQJ(4R0{aW|@&+J&Z zFx3|a7vxr^aluq;VCZl$WvJTFG3(NfsAj8^kOO0Te78WeentjvBSg*=vxGWsyf%qv z^3cAr99HR70oZ2v(;ekdm}cnC6u7EIh01Gbdt-$r@9GB+BtLM<-w}adZ`>7}Ui$=9 zg(Hfawi>K3hMoYHzA{9Ut%1&Lw_38P55fr&a~Qubu>YLWG-LxTTb5o44Ju4BZ z`OA4{;?>SQ@sN49KusO#QrLm=rfge5CE9=coXI#kf@Mp@}5kK5*J^Ivb0mC3rnXWADiL#Nh zKxiqTE1S+hahx!Nc|+{D^JQn`_^>?FUXNV68*VF;r88u2?d~!F-@tlQ0|__?)Y|(a zUu)cuHQp?6Z7FcgXRq%tn%Br?|N9{B-9LrUL2>xUHMYFHxih}USMvD9dq?=VoBXo# z4x#*|nKSm&*0dR6iVyHTdc5w%rUrbaiv3bycxTt|Kl47^H~W090}%rzf2|q~Lfbu~ zhyi>g`|xdVAlFf{*_p2yZc?8GgIbcqWg=foNs60iZ=U%vSpl%5vA=K;n$xZ)$&@VH zCXmSu>9oluO6fkMs<#b7wcRH=(}o zwQjm(F}}tS9$-57Z3S$3+xsVxFtjDts-dXT8BqNlp(`u;hRxI1G}|y|F+d+|Eg!y6 z8rM(T=ii9Lr1Kf!0)!ehoY7ja5rPFrFdBY3ooi_OP;r)o%tsd1EXP^`psFJM0?T+@ zi<#n%>I`>ugs6rrB7pjsB#j`Lgi5rc$}uE~t0@wP#1fw=%T0!_#k z0)=^n!LyY&O)0*EvC&A%T5W>|8h|0KKOJBun~4VD^D|NzT!I+4bB}9qf3-AVApv)? zA?eG?zjGKi>LAw1Vo(;`;zmYhBjfW(&q*uSR|6-GK^AU6LgG!yCyKtGPUTa07#BKP zmPX76y>#z^i6PkiR0uM)zZsSCj<8~R)T|a2D5Ae|>^Ry_P@Qq6b5Ixd4})|4isTiHoo4=)88O7Nb8pLjU}R64TGa8i<^@~RvOheoZ4tr)N}2Vr;oNBo#%{xB;^U2I z3Y+F+S(1Daj>IaADbWbySvsB`ti8g4E2R=VFMDnAET#ER>ZE+hDUi9ia&HY*rLy~F zQgaQ?N<-vb{+Xu_jHu>1p{Am^FIEFE^KxjzT~;P4+cH5X=cas{TNo0FkIF1KD&&EJ zT>=Cu>s2y2k4O!?c^SV>gq(Q_0!Me|*5oG+^=dP1d!SnvW|lRb<R_7G zpVQpK*b9rnpwu(A`=o{XTbzpFT3X;(I3qcJ(@lhIE2gQ4=5dgS<=RD|!NmwR(Z81R z$TSC~pL`mLMEz{p7Kc40LGL*oG4l=~oTN`j@us9Cdx(}UKKl+_HE4x%TlLgHiD90@ zlNjUvCAy(2X(*X1Z<}z1t`)tCF*69TiXwwB{n4;jl=|lR(f?Z&>(GR>@Ok{4ou=%u z*^_MIo-2VFg$mJIo^mBTsRPG8{&RU(zqrX~YSDa=_giO}GH8M~Ap6lrwg@8~OgQiF zyrwe$??M0GC>TSyeu`GEkQqi&*!~oyVP%zV>|f%dy>QI=)NCmlU)EAoDUll_EVU{e zAoI5PQ;E1wia9>lKh&p&Mq?7=A9n@&A-S*Nm1G`QkfJq-9@e>8AO^A|c}bO?@wdx1)FZ;Q`-cr{WNP*m~M?L)%Yb+#ufnxKCQc}Pv zicNS5v%}fO*F-VEsXOxT+KcUSUf?_uf!>HRC(Tpy{l*3Nu^-jMjEH`GT?ya7;Kwpg zYi)4mXC|MXTcez%W?H+{94=lz$M7GP)`I%)48`DxcggVSXRu+|6<^#Qi*1qv!@b1V z@#-0~V2L5@iZCvKhe=x__?}gRy4)EG^mcw!Y?jdwB}1AQ~ek z8NJ*&A;SJN?HNLt3=1}{wuF;4AHB26@+n;6p)QD91#C8bu>_wuXvwgKp1j>7Yi)Wy z8d5A3R3(O!Mw3&TKWriA@Db#?~Lwu zl-wPq>6PiN;X7cY?q!hseJ?=Z;0Mt=VaiqJ`6%OIwwXYnaAIEJxTo@n_%-g@u^Db{ zs0NH_Kz2;wt|eOm`~F=9&TK&Y0Cfy}gh5M^9&Oo=B$nVaD{kklnWT?&d!X~Um9N(VKe~Of09@E6IfnihXu6oM`o$LD=p63 zKg{te8{jP{j_c&-4DHwR%-zjJ+U+UIk)ntTcA!gR7<4j;;^XnF4Tds<5Hzng(R?fA z-zx9y3y=M6pE1{3m02%H4QDU1 zs!5}QV?f5%M${WVnwS0{k%%!(I$4xolODk$B}z=++W(^(ec zEFX5xdgN2N6*19FdV_QG{v$F} zwd6O;;$jn};c{|%?A<-E%!hZ+_v5U5vFf6lM&v2$$8s%sQ|G#?f;6h3nOC>iC&kWG z-VnkR9bmwK(6Oo1Tp$0vOlBx&q{oUZ$M_thbv(6BS}FB2$d%sSXo**BR@cXngv^(cuIbL>HO|y?}R!&^g&-o@h%-M&%DhCiS zLY?F)aVPOD&>%oV>mi{P_hBYNU@5AC9?PzQ2sZKzm;Hk{Eg%C&sV!-Zu<}I{9PNPT z2Je8+1F4v^UW3zwt=y9AB=KTIVDQFE?)+bbol|fwQJAh{+qP}ncCuqzJGPTQwryj_ z&W>%{w$0gR=Hg7%shQLDUG?hfTDQIWecq?H1;aKK-cZ^L5NaQiYVv~g5Aeriu$K{G9FfbMdx$!og%*(xu=*w5!F;!QJ0XW@Wy&+! z=}=y&6DlT%KsEU)Zjst^YqI(l-aUqT>Ezq_olc`13gHq8;f{DiSku$lL|`5`Dx+Z79oQb`B;P{}EX(n)e>cTN zu3v^6dk8tw#{|4!x#Zgo#5ZddM!y2Nu6qEGQ>KiUL2|0sE66Vws80S=u^$7sQXtn_ zrJKJgu3O0tzb)}zcKRe@J~E0i3G(_jw+00^lE1D7&0_+6L#G9Thrb14zf5l1hQEDy zjxe6df_yO#(T)+Xf`m)4E>4qoNSQXz@$gBbQg1`J0<~tvO~~ff!|JQ{v&>Z)#rLBAw~v?)FTyF*@HqI1rmy)gIt@)2Jz`1Wpr&setk zNnvdBNsiFtWZInt5toi`jCR^#j-oDV@i-xT0)JD*J4=NMM$B=Ggp$n}W79dZTrQhh z&M)VlZ-cxUZ;2iRy3aje4TM1_N)(6R5N$Di08YG0{ud76R`6QTnjMbr)b^o^sr`zJZtsSI~%#-^W zx^<=_=}6!0k$A0rLG|~=`|o=fzzD@KFWcdEAscho^4kd}TyXSVO`#aH$A*(0UaI9L&JS%32-*_XvLhj#N zd&0vp_LLEc`&DTI+_9v2MbF&Gq?0_C&sYY<+zP%kGDV27B!zpp(=tBAk+BDYuG+DK zB{(j5F`*|Qd`yduba<9yto#L+Q#O1a`7nirf(5aV=&*00V103PjE_G)8sMZ+WJD{O z$u?WW^FXL(aDix(VR&8$eFY+g6*P!?g+BcFqnHiSg-`$5$hzaFNVMs)nzL+wLJ^z2 zev_=oN9R1&F$l9bi?IL&c{I)FQ>mX&m{g4$G>&vpQWC?V&$XRu<{5DlmR9}K98W0TX{2&zk0rBp zuy}3!w8xi_hf9=_d9d_{%Zg1&>OZ1efS;N355a~cR_BCDyeUk zJ|`rKja^8c_i}p}eyFfV7KQmg9H&@3lo6L%Svq@aY}ta2&4Kvwk(i0BFs_~JO5|(} zf^d>-&#KKhY#FqJV|S^J)S7oJ0}(RIzp~^~>skJA@m1sMlRnjxuWgaon%kCL>?>ll5oLf|rd9Y>oY31`3-DdliQbze;Myxc+T{8F5SJS@9e; zPsg}%zh`B(7u15IIzGZFFquob2@o6@DRKa*)6T_Gv3jPmlOLt zL3k!Wy9?bzaAojJAT6uxstBUeV>W?QAXRS)t>tg4kL#7$k$`8nM=17cZC0-jf|`c| zTfp)pg{fz`ucW)LL|*gQPoqqE-PHv0;&3Y4aKLs$&bJI?w@;T&IZP|K-)W>r3AyCv zKY;7?vQDGZVK_Z>$@7uo)J>lRkTL9T>Y2aBtx~fObOg|260g z{=LQNhOK>wJ9!nj96;RT{eO1sb{QtQfZk&5CAfv$t0~VCnqj*fml=-&#Boef^kS+Z3RT?;&(*WM zJaoJW^sSQn$gvO@&5bp(Wk;9W&!rW7=84cVDY;8GonpuBd_e4j9USmlbtj_~d%Ya8 z5(74nWZ;nLJ`p9@YMGR1V_z^Dl>5)#E)2Ej7Yp7l_7?jKbPCji#xU%gln2J=1pg6k zyh0drzQ`poYBP=ttu)Y_c%G?oqu~3=^cagXVTE6k4e*1j5b7<16`)4vv#$Tt^M&La zEH3lND{OCmU zz6ce5xm28jUQ-c=2dHE?m4l#Me}eHa{l3Ro7!mv(QnXra`Q=BSgy)Pf z4gCJcU@vI$#c=dg|IefB1U2bkBD@*+5&v_ulBl1TGl}gMKl}q#aa*Tqb;ISP*xJ2*^orzv|vlr@Q zt})3_r9sSBq8c=)6=QAwUtQn^7xJqkn)Q*Ye4!4AVVNqUNEdp!6#D>~Gm7#=`%vvO zjq)`6V2U$0O`;m&107j!@7C2kFBym7eg{6`Q@zq%*K8@A90#7*VUT(YlP6;6{l$E z)U8)OtyzoP)hug#)I9-ezb&q(%p1x0KD)PAEv6^AEsiJs&8K}|4?eCTm8weL>rq<0 z9J4T6KN4bed|wlq++XWN*LlB2`}OoUufhno{HlBT^*1jhyC*;En*{F)M#6FgKGnQB zO}BjoE>ov-Sbi)7K6TeW0GG)3u*5xR_d)~&gS8=_+N1i!A0d2XMLo#(b@7rRpBfPV zltaqIaS@k}#66hzA)~oy*VKEt828aGdFa=O`k!-QC!gt|o%gqV-(-j2#2yli+! z%n~tD&J8gICr+q#FhvLr9D-|eM%tUU0*Zo7e)Y&Jnno}Wk5A{A6r>5EmfoU+mn=nY zztu7iBu4STU~~=atBXWCr_7Xiu3Y(qB<1^?i7;e%T4-XasH&b~o4=h*iu##BEx9FG z`Ou<%+ph|3z}9H4I4xLm(gP0@JMPIz4rwdIY@%WlPi$SyUzei2;B(fd9nFy>5fjk6=J&2A{CJGoSvgpYUI z-Aa(Gb}DcdULgxdy0)n!mU^w?!&ORwG4Y!Fcs+^qbxl{PMJl+Un5s^d{(-WChGN}2 zHKo2=Mcy8)qO}6FBYjUG){c=yP@J1c-?0tW*-adMP1P5pvtWiERbVIFrQ$ zJl=O-+C_^^Dv+|woG)^UoL`$J68fkDNO^K386vYm0MI@>tQ z4(uDY%ZDZFy^R-dsJJs<7$c`nrK(|j;If0H>HGqzfm{k&w6DoQ3 zgOBc^*b*zh0kf;IweE!m&?o_b+2zZQrhMYdbTFBvEbm()nxC}4&rQcIz@Ek6fP~rSB|eJIIFhneN21hs6)0d zm5#vb3<>zP6kv;D#3RyFl+r-7rh%vcIgJ!xb#hQu(|m2V*t9Wr5d|ct!gy`63|~n# zy{Cav)L*&F1>4AytaD$4s>=T1%BhWX1u)r>HaSMv#MkU|w9>VL2-u`AHR@1Ofs{hl#IYWn^_>kb zW;1C>&A17gi?*pafNoFPnB(N+lkIh-9_K~G5Y#E^l7Zz~D}a*G&HG1Wu93@PKMIR) zR&L~&iUP!Dfq7Zwq{TJ;1o^^vWrNtBW6xZl6uKC1fB%cyUbA(LW3 zQPyMv)uyA;&=E2)C?=2$c^@)41=E*D72^x&Y-Q()zh;vwMI;}2P7R_UHaqzD*Bwnv z!>*<#rVy5O(PP5;4R0M3lTl5WbK_Z-eDfmb&E&5qe(}ZAzEer%bs2Nlb7#vM7`kDN zN$mic)b!Zk>F``L2v*l_$`iXEmwkdE;i2;ypg_L48>dmk=gb@w;T><~bU!51H9xo* zWd{1)H>sXmc$7S-AA2ZD^B=tSb)aZz0vds$10)H2sH%->L+N+K57n+i&MA@rGx5jP zdtlk}I1Uts^a2wad(KR{M`yN;Vw4}Ta8uef-1FG3>;M~4DPG&KvvtjhBhyCsYYB}D zd(+nIkTR+=$aeKlOiyXA-HixhZx+7ES%RQg`*G3PCn8-)o`fT1%`m3kXT0i_ixX0L z*?n(#JI_@Nwd>HH=E^2p%6l)QQ`lgG-}%6z^-7&pE~RCg=tPm}ZodM!rk5IF4HG6L zg1W*?7G6&#&fC;j*N&Y`FYFJUt3)l1k`K|)AM+j5r4>@xRG*FivA)U5e3Qt(c;%H7 znl=(7-P%Yq_t^kP{8;ssgN>L6vV8nh+o8=L$X2MKhS;G-+!6)YC6-1+zw(1#D~SEfk+~n*<0P!AVvm=*%M zn}il2To;RQH)*BMYKmH^2x{sa?&_Pt^%=0Q92-^h9I0vALi)$Ue8%q$!DM>a*Ni89 z)-PI^OqQF;+6K+ABQ%=~6fNUXjjC#X^)Rww^9~~5RR(L`IxHRUe5+*?$4d4$NAf8mb014Q_0WOY-xX!!tJX_)7ol;a)y|`#mO4= z+az_n4|J<9x+_VlJ1Tv>ujqW3(*aR<_8-gD#}4=K)D{&8cV<=B42 z*+*gtkGm;H$Z!h9Sc}8agl`f0j(s4RuP-4_^6r%J2U~cTANxrg`ph2GC+r!xz2!87 zZ#AA*?2;;${O_FPrNzeb>*=~)M%w6uSbS*ym~3W#AF`TFU|l1OJ%a{W^Ohzbev zmfgWu(cM9Lzo*(Ze3d z>uIT9t^rEvPTev#7~D6G>3Hnd_6weqd>M;|+>r)rf2otk86=5Y(+rnerT5C7iLvLb zaf3ck3+hevX{(2E=*t(vc|qvpQx8)H_5Z^ zGqDEGHU7~WH&C)TYYcx_#~+yd>h{B?G^AtY8l)Q=u{AH={L-*~{9Ls3wswJ3n9c4Y z|4^mu$m4cFRa~6V{j1eO-ddObUa%Z*n;F?FIr{6IG}=Po?!=pL8+7z7-g`RvECNy! zr#Scu13v5O2lD?UXo5-kiDck_fU0r+w@;LRi$K4fEEr9Go0?e~xjHjCyBK+}F#hWn zG5u}F2>PFH-+zw){R;s8=k-4)W|{x3|Icp{Q4+u`4WJ zRqlbLR_&qQv~GQ&)%;zpQM23_30e5&ztgqW`rCj5sm_0+%Vc}feTs9(XJ?XgBG1p~ z6d4GsYKrOguR!VDM;BA_j$#_V%UR)sLa^W|=)n6klAhb#kx|EI-w5GeC;WH$7~z93 zjDI#vUj9VV<5Aq>qZ-QM13!fS`tHoDAyCiEp?~2=W5_MH*E_4;_kQrV#>dIoeGnp} zKl|&>={Jd`jbbuX`}UH`JQm9u*Zl*0$kv-^J`&M1Z-i~H7!!#oIoO6b_b zoA>;vLj1b?u{U;;Gc{S;hg>5Gukg z)DRgYBWUenmz`2MqpU-QUT38@qCO-B0FP>iCW?{9UN~1KGvO#+I0q*F$ddC5nuOlU(WF$8a~E?0&y`e95hjBkG`y({ zW&*Dga<}#FgJNDeVv0#;ECBto!b!1qMLAS-mkb576fkQDetbzq)-x6HG%YnZzOlk} zq(*t=gJ9g(1F|h{0p?%XLW&RN3N^&%O6)^Egtq9ga`m%ll$pi})EHUD5!4DSLt~{} zLuj%QEoLszb7tIn=kjwxO#Loe!f7ckTH;`A^9vOM`eX`4D-?u+D%GWB=7fys^pA_@ z2dINH<^Kpx5&;hpm)Qv%5Z?~!x&vTe!$lU2eww0+FM<1-bcznR7VOsiOV_{^Dl086D=+xV^|h~XmWLSJ-?QWs4vsk zRPog#z(O{&oMQfJdmKbn97MEwC7$?J($eGZY#6pr5lHJ3daJje+Z;cWouH+mv9U>0 zsH&vSYYoSl8MsM#IHs?up{=db)n+Y=%{|s~2uB+x;{W!3gtdsr_%X9bPk|+)?9R5# zFwmDLWQSOT7Njv3vWQP>>(BP&utp62o|ciVI#EmhwURvZr??g((!ULTw(+T3<_LV|#hE%Lzo?(#FcF*2)S>6_DDJLS7bE#b{-zr6*#hNo-~H6`8`G zaK9jGrwO1>C8sYabtonvW|AtoQJ=cnYdOxGJ$C>D>`_Hb=KTVQcb7cj+u5bq^iN%d zBUxk$5-z@NGR715A2k?wU^;EWVZ)(h;MT$WgB#?Cy z?A5@yipeMiFUQhb*@zL`8TomeEZl0Ej5(J7{ae$)93(YQm*8SpfDQRvxxmp-khXz}7kiwba_$RAb^`%IMQnYXi@jJj%?> z|7Q#gW#e9nOxG*<-GPY+I z;biiU-I-+-qM~M3n;|f0jmWcswX2D9TdB#@y@QUPrDsx!*i%6%ctMMV*DrwfN2SDN z#lC*HDilTwKwBrF+jB2oJUzT=i4|)ZvJeYvN*Vu&duhS;H*DBRL1YoRFrZw}&aGS> z1t1Vg+~FWH1d(EMp$v;V_nt3Cy7$cGx_nPQz@xIEfH%@jdo*opu(a&N6Ul+6Z6|8X zMA2h0!pjvg`c6(pUnv;q0H=*@U#p33J#Y=*s?JfAU#D#MRe5VImYrb`ZwW+clx3-I z3ciC8vO$sv;%@?`Wp59~-pob{lwc50#K~=pxfHrl^X$B#tvz6ORUS-=iuBJ?W${+A z=Y>Oo9g|>LwH~{?oZ9ltl$l;FHZ^7{mMtamM3KRTxA=z;RqhCav1?>V8TwZ){!% zZoaC>KXI{&UE=;87J-S(LCM6fO3!C1_ba}@dR*m^lurBJ+v?~Kci%abWW8Fmi-lGb zs%j1(wayAkT^_MHY|){z61KUfxR1Q2+-)$5yw>l0jNp8J9F49*$T`KJxwx=0l8uj= zL>@PGm&5kJ>K75Wx@^PtBIg{Mgcb#D`O@BT3R}_pQfH-UHH*<43Y;CQHKH|(=iJJnwd{t!!8{AWLVA7=<@3#4efZ1AAW>4NG8Eih_V8 zQPalE%MNUbo-M`bWr}4`l*+=Z6m>DRLLMdRx%#p=^6DjJZ$&cmRlXmnA5G%=M#GC()Q;1 z*eYg<*y&{KpT_l+Oc2=xw&^Hb)&RTASZgav)i5~IkB^>KLu~Z8k=@eZ9VXN#JB4-w z?v83L$n|Q^$p^NUEI3HvOxUF46$1^Q?w1j!0SkN}&ZRH=h$ObTk`vJWD6FN!xKgIu z99HDeulZhec6Q?N()*Sae6VG=Vrn=`gN0ey^c7r$Z1CmT&OT)rEi%=UI;!6`uttd3 zZ?cuu?Wv4?Q7wfv;9q2lNtr?)BkZKKC^nq5>-HGIz>ZJF;Nj}o$TeJ`PlA66+1*Uo z%Oq_S{!u|y73X+r;|;m=WWB$g2M@U5it7K`+I!-WK6pbcK%bb^W*^lY1x0hUi%H_Z{LUoj^Vi`DN^*56 z=u-$Oq%Yiex@%cP<6Yw6&7rlGCmk`hDBIoNWHGI_toG|(46 z$m^=5`9+2N4|v_6o0#S4u6TL`woXer){14g_kRM(4UthRg(>t@BV;RS#uC9-}gA+ z;;2j3<|0EZ*aq`d7oQ=EDncVjrkdqZoOMNC2FRivqwu00)ad&=ho--wsTfRA;iumA z-89}@LtN<`zU=E5w};;x+5kJ7L?sZ<=H)>Ux@uBGFa=dLq*$YcptkeKG%Ug;s>GMh zk62@PaDE#!EJgYxuco^zZH@L_sk!W3rI%V6vT_mG z-nRrxjy~sBp_PMi=At{grTB?S)mYu2e0B=O?0!CZ&2VZWzz)l+RbEq$XH=nerOm{k z4$7Mn#a_pR-k+^i67G(ThEBOs;{bi7r8rCqA?w2Otr=O?i=nxAxNr|*V(?+qiA{sQ zV?#e&F~!kKeByk$)WN&WN)Js!)|U$fnloQ%Gb*@#C2=cB?#PkPJ?ZE!90wn zyxColrRYmYwzZ&iJ@#n6dD^KUxvGX3LXr}LmnS6#UgdVt3igt-DkGEl$QsHq^3NmQ zQ9tj56+O8&18K=I#IGyOibi{FGznYa8Y1Ql%IQBX%SA=(Bb8Jog+(>+os1AfL;Yy9 zQtEWZNJ!SUrSLIIA`^%4V8$235y8@o%fm1%Br?|r2%wlUob%iBIP@dXtTONW-AS>g zcqCKX>~m@Qy2smD$AEbzpR%ovgfPO0}D{%0}h}rs{yNppM~ zBH38xPJ{a#pHNX)iSXT2=7y6yK+)L^zT6JRa;uYu0}@6L5KjGwx@F};DT_-VqAj^N2Czx4;rkB z2;xplybe9=13Hu&sh(GXX^?2l*j!M;ionrnD=lrr| zv|$=l=y?tEn3(x3;!};v+!(V6_qqS0lrv~hk2q)pWzZ!rwS4#F=f~dzR^bG@%=j(c z6kUMe74|jGxQ+gEAN4Z$;dckDvyb_ML0GuMI

c9WHZE+5%!xUMTeUh`7R7W8}B_ ztm!WVBSX|?+g8BV++ zHB}_4l96KksN=-=@$eILzfM_{4&YUeaSg_Ma5V4SuB43 ztCcp2)3X^r`2`oR_pCfSL(F&fIP=*H@KE!2_S)lz#ue=K8tKm$KYHnhk7m>7(7duc zxt`R*lJ{n|n!LQ6Kv7LuNt|Z5p412qxd{>6;nw?|_vY_)Ai;~{-4zJyH9x!f)PohL zW%eN#o8QRrFCQNOd>b1-}+{3)-V zmwAkVmcrrLo9g}S@Osu}V?{{w@ncd@895Rl!xSbBnpHaR4lL5*Vdq4y#VfUup+_GD z&TCL%ig&&9I-OR{7- zPApE6Qm|$)aMtVnYUGNZp7c$0aD-6d?Gg>Ls^x|4WRYawn=204;G$`asXFkm}P2l*fpzmxQ&+!i#4=qMp56 zP{xH#!Vlaw$$e5+D8f;E6|0pFAm#8zoy7yUEyN*c0o_T97a`KmQQY-QF>d%PFEEB_ z;G5;?&?cz*?N2`&$(`}Pv`zTm6R-wb3Hqj`_l^5L(pS2xt9D?6H*XzyXI9b@5}TgLIS_63fbD#1&km#1_2 z7=pWo?aIgcp&0_^_*X%JZGYECVp$@y{YVwaDY%*KY<#$i1!zagyIn7m2)El?aiPxC zd{Jwu0fH(juDqRmK%g(0F4hQ=YW|r|en)l}KVz&rt408o@+2T9RIDXu(IfU4Zgy%r zW&t4zyO1e+pF`)aqg4n&hZL>dEjLtCezIn-kp4+=8=;0mS%Z_Tbha;KMW~-nASoKW z89tJ4h${cmZO1aACNe9LTqs15A1!Zldg06rvz4xvVYr!(UJ>j`8$4G28x2wn5{#1V zZ5KdbQ-gXE5t6wg$wf1;z;C0#`$+zlOFc7|XeP;UYXlS{>!^^R^AU^fHf|&oJ!4k- zb^mJRes0w3azwY#9c#nFAP84}y?E%C%6D*lI&fA_&_4WSx-Rm$>B|-1O@^4{a&Yp9 z{s#Sm@10G-?Q-}hWM2%Fx^EFZ!ih1CYV|>jiTNcW32+4D)J|gJjlKhXAF^PYYt=N$ z6M&)ed(TN*BEd70g>#J1+A@7^ZjlWhv~Xb-XBSfIT2!?~n*cWgZ;{w361iR{D}Uae zTK2j=mA`s0j39T~QRDvRhX|WV6#mlVm9>U!??=4fz}zK$#H75TA?k;c+gIy3KW>D1 zVqErn$MkBf$dK3@=RtxeRWcbf!SpHRoO?VY6F*i=gm&OL|3WraXus*W+m?5sTA{3< zT2vQ@ellt7=7LE(+aqc-ZhJi&9er+TC~|<+oq^h`s5_a5U1P}b-DsMOVHC^`BY1ou zM-(L>tIu%QNRa?~SDw;c+Dxugi|0U&NH#*zRW$9!#p~1+RV_0r*T`SGmWub3(LyDyBf^=p@oIfo79f}=7u^|* zR@=d4smfNVc9Wn9r0kK)U%6xnDjURMa!eJ+S%Zn|TPcETS2OonH3kCs%tS+Q`BAe1 zZ5^2@*=pB_=Yc6WV-j|CC4Rz(4jSuWf-p)dRG4n)E;sVVD)z|_J#D;xBS2t%T%QSRKP+-Be3hF5yTU5 zyi=l`;9kG@dT2HGy2#8oCQj1yLF8p|c!5eH|B32!5qz0@_;Kv=QcWK0TVx&*p zP=9?_%IQ$o{#m_Q|2YP%04T^(3-`W!+ZtG>4x(1rd$<1Gtv&}$VTo(WT-+xjqC}9Ui*H902VOuUcNrO%K&fF5o8kr zkx*;7!N*qX)j^L{KC$TM>?MlOqV_#gJgC^xxloY)2<1_#2XSGBeiVv5J9lCFRHd); zD)5wg)T>nT$`XRhAkxhkN-mrWw*zrsAzpss^c&XUz*Yfqp4RLZAm6iZ(v652E9Rjay=z+60VXQvGteV9y>9(1(I^7|r3E?Gv?qxA zl119Om!w~#m8K=JnnVtmP-h57Id(+$&3a7QiptE5hF6}s4mYE)<-wl@R2)%+_)35n z_f>PykP@vkV~L`@l~P z*qZmke?Sg1+RfPk*J(Ba?~{PL4WD~86mK&EZxeuLD~WLJ=)g2_Y?wMFtRjM-@#DXj zAI^1Jpu{y&2N@q679XrP+D8~4EEylXHQHw~+IJ8(B-}XFcQnpJ;5v#|oHl5Q4?{8k z&NlxJH~&sI|Bg5Rj#>QVS^NZE{A3rF!#`g7KozBc=}OPxx{=~z@hSFJ=rO|NF!AhL z`~q71B3k@HTKr;C{DNBiqFVgooP33eur^(1m1{JyEJd|}v0PdH1KILO*1#c303fxA zBm{G*nP}=SD_&r-XT|wAx2-|4;+H{MGV^NbhD>k?V$^YGHiZ7fHQm)QH6-jn*%2kM zh@asGYlk>!XNbtNMc%Dr6BHGU7%SuO*^dY0AQ@drSrb$mLh1x#nDad*Ri7oYXQw9l z2j~Xp*w;0G6!i2hPcf}}ncl-?C(*^7!7M5BW>*u$FrH=YqG`k|=$;kpeo@@I^grr4 z%f4W?6L_6{D^2KaF#2AvWz_=$>0w^-ahJeH)Z9f{?md(^g3F&r_w>0_KGe&tqv<#xQS=mxK@Zv5b`dJ0L`%$h5K*d~3BZB)aKRmr7No}oF?RutdmxqGl9cZbIq)$CA_=14ylPtRN%rCR!DaW2477i0 zwgo5#7~DrVaOc5gy`io4Pwcq~z+WGtH$(+d-Qq1)vMN_`!FVI{%DT;Amq%F0$cxtV zm^UZHr*;v_T?T&bT6`yyUHaN9488c4hia?|sKJ!YIJNL!4f7#hQmyDtTTnjoP1p0s zIoHLV>13QAk#!U;E(8hBTeFj^7-hP{!thKH`Iadn_KT%?CaH4Q0@(D!GCP4J?g2`J znA}uU&P+AIQV(VM+PM?cvb&=4PM#v4$syUGI>na8=8W=A#)!&MhhtpAG~Lxf z)PJm404}+lM2JS0!6^vYlH8V(8D_-m@TXX9*%kR&m&YOYtKx1qTh%;<+K3IV6Affn zfqY$0q9!CQ;AS;hy|WJ0P!mNmi7hI>Bj415`-DudM#Ugm9C;4!o6Aow48a6JW!|(9 zB1^f`ae%xuXx{IZw!}!b0}lWNiX(pZSvP43x-72+pz*kMqwHh$idVvp)2{KkNsW^f zpU0NsbiGbyyAyh;IX`&q?O5&YVD0T_?Q7wocfTCydhjaW&>cW})|qhuwg*^FlM=zb zqcU;#lv=8ArA7Nn5*@~OXlb|?#&a6QTqlF`S@Kec=4AKp`kTK>I59W&ebgfwzkkxW zn)SiGSm(W9=R45B-*wPV?WksV3WR=325tv}{GA}4_0q|I^2Io1v<;kA1;H0;@($;Y z%VZ-I0|#qG>YUZM5!3m~7Yzs92c$>GGuH1hD&0Eo?@@B7V8luyjo1&~rGrW;DB`6N zWU9zXhhI>mJrbZjvO;P^#&G$7Lu@|atz#5?BET%Qc2D|t83Xcu z;2Yken9_SLg|Z0=<=#GsrwxqpOpJ0vUCVoXo%)BZyu2o}-%eruL0!H}MOl4hSY4XN zmdPY<8B}lGjJQ2%573{iFrFxsF9BfIPGcQL_HXXRL}lK(weQ`e+8Tv&Q7?h}HN z8mFHbh2_)Z5j%wYT5p+uP)~!CnS@FtAYD3tnn_q>j9+BL?||mU>P^5B5%Q%Q8W(ek0ToWH$_{o$uS&{VTLN zR6F};wWf2x%J&d4qK2B`X!qH{Mu z6xOIs%saL8=Kpg6-s6-=S+H~~g#F1(80Zs?BJ|1+Ir#uDKt758Q z3W6ul!Q)0x%{z$Dh%lX2#MSA{lp4Z1(g3l$i6$T7!AM2rR)?g0srFD$>Ejf)pWkKWYl z-k128q$Z4cSej?+ihJdC8KjC)!ng%J;RcDhg-BqBZ8tIcH=U~ET!dw^10ZETi$(&T z;}Er!-)B$Mv&9$zyBQj%yib;o1nf0#kEd}-*SeMvqA)HlYfjo|RB}B3N;4`iD>CHn zv=$J3h~mD7C3)w8Tz;8+lB{brVT=B)7v+B<{clU^e`^PN0F~D&u06}zzITudpL%tL zsBXKUA~zv+!m8V?5DSTi1FrveUJFy|c{D&S9M_fiJ5Y)Q5rtSRD3nfMYHU=--M!|# zrqkFCXUk4Oev_g@!U%q*br;Kr4^sXGz@)DW1HaGmn$ZTb97(&U>q!5ps|(pVD1R&I zNXy6AvX9gSzm1Y}8`}mdfacy`wy*!HvI%LhpqLREmd@bDoad2k7D1_*>k%7+;%@}l z_vDc1>K%^wwW@YUlSQs?;yk#s269KCL%(g@gZ8`8AnIi`YajIa&nxGLrqAFvt$?}r zP?>GsYxEaU_pZoin)l!@KIzLN>V4c?>h2@ZL4jP_?i0~LM4#fqqSv`%*9S{guhj){>9Em=K@+w zjz1~xZi3N<3L9bY;xFgd(P4huhJ`0OP;4QhM|)4b#&m70;YWUn z4AD4WAy|)aWh0du@(AlrwrB}JZA7ERFC_)LbF9PWHJ93OqbE5cbir&5V`$$_E$0TY zidQJ;^wz-1@c(l+pI}%{E;qQGsitDDg+?PzOxmK-E4EMz!%uI3B`x?%?5ta^PHusb zKZ*$JZJT3-=E-Sg>YY|6q17}BOZuN=l2~<^ySug4X;N{)&L>n@C%@R9)=u?}nlZpF zDFi65^O3b-&@}TT|M+MY(g&E^5m(P)^g-A$>sHVQPHCP{*kQX^6SwKhoV4MTo4fBvn;G}~Nw7~uI52E>N#Z*-*DFuWQTA#9?TXnV*Q3PearDC@|0Pjt z`J$M zemWR^{cX0~E+E{EIJ-;_tf!YJ%_^;zeZ8bkdV{LdjG#dP0pmX?JE!1GqIcaV6WhiY z+qTV#olI=owq}Aan%K5&+qP{dXZGGVr%u)R*Ev;hcU7;d?u&KN>v>VXXTmSkx^#EYr|68WC&gBu0wI@We~hfc*F$58rTrnOjqX#=t+cQwgOGAUL@Q!DA=g7C0)9lP^T0z<@(rb3ldBVKol}M0JrfnISyzgkM&nyKBQu>+qIV65r^Np zIiPeCc63dBm`9?m&o(Ij@)uGIDmY=oWEtGJ7v4CI9bGdikQaHpNxzowqVEpsNy>=M zd`)wzZ9eo+f4~V~)Y`2<7vEaLHPWa?vM0fn} zmGivTE1w_taFTUI0ia@Q-9eQ)8N=c z5l&z?F%S!7T(;B5b2ao3!!59nMbYq7QS;_HkKv^?_SA^8Xn8iQ1N4*axa_ZXL$75V z)8}UBsq0f%ADjB%rP<9t%Umqoy|s>+Ek`+^Sr+wC1N$0M@CDwSw3Z!(J$%05Uk1DxzH?5OZsicA<3sk$O~qAp zV>)iSwQ#E0_@8-z{LT+>md0tK9A8AzM#f(aPvrQOzM*c;j7io8`PR3w1ThdyQQzTz zlje4?pMVV!X-o=Q11|_q-^TW&1{7=e{&oJjCJBb9-tnE)Ma6Q+fZ=#A(z#!E|~(M4JJ8df~loP!cCamj;NC!Jpy2bd@Jk8To%M(4I;g zE+lKFZD`Yfq(4wDThGHkwW197VqJ7c1&6LgaY-R0pkf~7@w&@neGD~rmQeBn+mvkw zN+Ygh8yB9F5BK)w^|eJJMW5N!Mw2_VtrC#*`aP z?Gv;aZ$VmJS@QLr?e#8nghb-#%``pDriL3dJGveOU4zUa?!dsgZ=mUDJG&hqoOvbw z_1BrO)G}Odw>~(x7jxVyDt2jnpvb2bc6EFx%o|t9QhXRsCpzZI{w|p>&BFO%jdnJS ztry1Ms_CG|w_69GKEm;t^Dc=mp>FPSpIIlO-Hc*L#-n(RngRU3igAssAP(VdO5eN} zbk<@@zpNL3M_Kr;YbVaulFqN{E!gcd+F#jzxR_6x6Q_f)S{2t0oOdBCEBWTMJ3-Uli4})> zJ%b+_?8wG*Y*g&%n^@LLKs&$vDz^Lq2RC*nl9A|+7^xeRR}w4y-41DOZCL_O0nsVb zSa=)T2sjN*=OR%6qX6$$AEFbgrj?t+2NeODTMBtoHhqH0kX(q$zE$kmziQ|@qCZN4 zR>rolAN9+=$`$~Xdy~*b?sK?wBDBiAGFp@|XCb?8FJHXc@{K8WegK{0WNTCGKHU}4 zYBRPp>`y+Xhx^`Ydm-0uWV16Y(O5rfx>?RX>bFDWx$3a{+jWUg&Zdm)pg$cLpTyx! zf7;WF$HY<2?$}`YXC|w;)fEpxV_5&1#TDQBjg>9Yl&7PMMbmty7_`!#sfUZp*Zm>C zb@{uPM&~W7wLq4&+f?!ZCqI@K*T*t<78^Q?f3r>v#rNz*Rn%O9eH~E+V%HzuCwcPE ze{4=;?TYVT8){@sP|^>p#cf{$GxyHYu0OZDuNYl9ud zXdzVWb*|i!n>to*A~I>5sh9Eq#W)!|V5<$PwyCpL>7Nu+4mk>-_QFH}u$4Fp>()2; zrOCzr&!Kevj2}@c407jlvR8e_a4CeOL3#uWN`6IsJM(x8$^>0L z8e811U3;U<)mPNckI+ zZrL|z<(b_|fgtSisbY?rFD}oc`L4nzcZ=dToc1!-4)bUAO~DrlUv+l~@DZb-q`I&D z4ezGw3(=>l8_MA9IxqAS>!YN5I^+xV{`A|d^o^2E<2wmq_Iq67#Gvl>O`k*fJ1qHJ zurAGuGb47a6@*}foN!9v7Q15BxXvs-zVex@ww`bFLN`7+rJL|`Yg$;U-J(w)AKJvc z(}v>VSWELL6tIi`h~YZl)Pk4)7HcZgT}#)$_B_OL=gh7-J@?NOK@KzJ^-!h&>d+JK zn(>ksVSv=|mrShzKp|HU(Bs0-P0nsAhzQeQnSDJxL-M;G0GX>|T5uJNewB%PjCdc& zr*nCvMiXrYKKgj+6sxRQWsJ~MBUzfe1adMuW^Lkw+^&G|B@Sy67WHHf<&69=m6x^K zWloivW%zp!XKP$JxRKsEk2$9&d-(QuzcU)CE!2c%=~wlarY z6@pH)iD?Ex7e9mU)-#0kzuXK!PsbCxRHJ&B5%=w*7`g(G|EYVfpm@0$2T}N3@7^9( zB$OqRzBU0OpVd$YbY6L4J}qMW9ZjAHV%KT{56s~0dhj`ZO77o?HGdF)N`0c9Ztwqo z%HIxBk#aZUjVgo-;?}znl4lNUX9>(3fpw?O8Ft`om4h?09-Ix}gmGfBiG}mvAMf2S z4JT8?R_3S8={CnW@JRnvbF2#Op%CmdZS~%w3?gR1H$>d3m;*E=~OOC z^JHBR_igAMLs-9Lg1m9wwZRV<# zttmL(?NJv7kcfTW&rsp-V5}FfIW1IS{sel?g|(FbG85IRjO( zucsM*X!>vctnV!q@0>j1QF)-P7DzM5_Yy(nmUoqN}z*GjRPfLmlnhTr+eQHi;6_2KE`7@`lDC9e3Vx`{2lO3 z7<_3(RG~=1!w+o3nf@e8p6h}m|FsqI&9kWoWO~veWWfXuq#t{-+eL+eQ!|CbRp)dwxbV-+DUkQQuOGF}p$H^5XTS1A` z$usaFk`7?T<$)F+l4E|VMaqp6Bpml8R}3guwHrsRsUx0;0|ZlY1a{vjdE~)mEi`en zL>u;a4jQxf|jfiXt{w)WwiA*i=Ty-SE3?Jd|EytBnj~8(a@9rTvb@MOlm! zURb)P!97@Zh_S=bx6-%b|nj1FfWKic{aRKAZi;0v5lnDwe=0IGB?$cYBqh=vn~ zL51N#qT^D;a3t(V_1n*9Ms{_|{0yj#3RcA)I==wFQJqPAo|mC4V2J|RYqJ$F$Vp8- zltYOv)Ni{hh=s>5Op`MF)>js%rsPHJ@3RQ#Z9@hlr_ft|HrC>IKTqLtI}dKq*8FLP zS^D`b-LNl!6X;Rj*`RdcYVsrL?Ic14XpaUzGS_VS${}h+tkz=&?U}KW-yJzDCxKu> z)O^y5ElJeePc)8==s5&E!YLs#Llqz`foz5w%Ct-sBrd^B$0^Z|n-9K(XS{>IFU7UZ z1*F#Tu$)b`m+~noZ#KaLYeoe@MpE# z#Xe_9KGaxMJyMdM34n@seQh;`p9P|$*4RXFhi}v`2ru^zMABv&nk z_~H6D$WY44>+}-}?p1nnY>0WztF*6$R$|TJ=m&aX+N|onN$W&r0|bV#H&Q1bPR9`S zZxcFa5ZSop@dB=C4{8Iq8e`$1QkZxM+XG_pRpn%m44H8Nd#FW0HnqCe5#sd73xxKx zY>&Bay2p6{3^-%0jT0SbL`Xd9cKJJ4M|YKNKk8)b*{7ky%aZ)(YxU+LJU zKUVpB@{?!W*@+{w4Bahc^oh?fgNGZ6r~4X99mTj?pELX5%foT#prxtaO-g7(`SWq8 z@J03U;chEKs%Q$<$=&j0gE4BR`=0s)gtXRg)k(ga-Va8Kj1qO?1cc^*kk;^W zyZmzJO`DFFF`CRyj6fqnc8;x}A4St4lr8Te(L(m%wE9mOwU+t%V{_gQbGvDVzuEoM zuAzYAN6@to(EztE;oQs(xCXcvNUR39S8x^CJ`g2+lh6*mE00P)WWr8Md*`yi1eODJu`^;UqC*B zl|K*ZPYKVHE?#yRJgiX^a=*i~!87Ye+r`R=Z8?>+ z6<;Pwz+)k;_F*1YH_rZ>zw!>$pFFDRVws1QLKo;(Dtoo1u%vO>@!ez44VRMOlzH?Z5yM zD?T1w{|fcwZAf+R;c>?MYrln%lJ?vad(`O=?Fn#6fA0U3I=8zge#w7j;CRUWW8eh*nOdNu|D_2AI;OPexQwWWSa`#yKxMCz|nGMo8M1h75u2|`C0VO);wm( z)gd0%YASqNx{)~-}ir@`+tRlTD@(t&XU z(+!*L;@61#vD9p^zFnnMEUH7a4;7Qb9IzU{?+FOA6*R&g_7DCx7wmzieZaYz4}Y16 zxh8T4oD7eHgF+Ivjszl9uBn@WbT=LKWIM9iL}}y4q*ZJaYGL|Y)Jl+ZS}PUb5sVEM z#~!#>>V5kEae|leS0tQVgExD7&-^t^0^a;-+%2y&|^ervasX+VG_pagff<&XM{uKrH;#(-;mAN1z zo5#U)t%arV*0f}H6et{X$XkrIjr%F<{bW|gfM6yFOBQrD;f>{!X9QV%`8ma$@>s9* zxUWN|gZnw}Y2}ugyR@hr#KGqpHAP)!C-oErW)_9OIv9lWTyF3BVFuxwuD$sH0avRb za2YhM`@56JqcaOUd`#F<7T@Ge!|+1%b%`%4%t5d?-_Qx7qitppR3C7%MK-V-j&2_X zrkL*Q!7t4q!D^n)-HqXBd)Tek(lm?Wt_=70-cNR2C+p$1p@e7j&9nzy+m(@qVFSj% zrkSw5G4o~{oBR%>ofC?BR9xn+=bGTh=@tn54I!v#Xa7ZJr3XgAp;|hn@QVt{R|8mIv45PD)-G%E z_OmYovU-$4$HQKjARC?)k9+dU7R*|K5JkoZ%z(u^@ zOKvlg;L}rXdkPYclY&$Te{k&!BTkGYLOIV2UScla!eOO^S{j0JhjY%D_Yb<~r9Pak zSBJ)Dv6lIE>?aS!Ab+nE9@P_XozO0gp@^)e(LytVt|Rv~yrxnY5I6X;N1-=HUOex; zs*_d#bm^>M56_*bpfVYUQUW{LU3h^me81W;;@d z0xw9Ly4W+T7?yO*)Lnqy30KM&Yj=1on9R2{M6h7bkO+s{sD2aLHPUXTAFCbb7GUr_ z(c_zRE4%kS`{26%(sX+NQ@o=)q?SEhamD(`B@DE-6>>JAUDkT!g zWr3kKbjHTAw5u#l#x`(xF1R=Z5()OG*wqr{p`9z4$u@S*2GRk@Rlf^}VHk+XW>)HY z2WRH?gsM2CMWsb^a-}m82&Lm^fI{2v$1AI=T4dt^?rulf-``!&Ti;**u4;YX?^ZOB z8eBm@fItOfU|~y7INYa)8Ay}^iXi8WsUvk(sH{&*5@6~m+*CmKs(%P1$*>cU@xnWT zJ?XRDmx2NM+wl)T*3DS8ibLAxhCFJE9%n+2f9Zc z|6rV>OLrnA7X)!1x_fgfp7+I$(!dSEf%9s&y|d5*#_umcuy-Wo?Uuz({iQBGL(~u7 zlwJ)G$1K%})DMb34E@})5w7vVj2j@Vd(e+9Vyoe<`2N)OM;59%-ez6E$?{p~_?O0Y z4`xVN*LX5aA$!?Ce`UWm4JuMIagr;=o~3-GHE)uIgm|ho;`ZXU`)S-&?(SAED7e23 z(WXFYK?&HE@b6PcDR~+cNMWi-*J05}B}YJx26$=dJ9~&}kfZTe~7QtA-3JW|0J+B6qh%UXX| zYnr(-0;#h6%Kkr^EM;qw$YQsie>}w2<_ob*G<0>VLSJEN~5yW(JY-gh|wgDM%uhl_aEhxLHLzy+PYnW{+$IkvdvIJbhDQs z{ZP}rApp6uUUnAUX-Vl;Ew?$AmYQ7bN=jhgdSiWcowmcEIk=%Y(I&9zw>MA4=whP(Pt1wGB>9_4cYpD^aU+XS4*G zZh_KLp&#XMBB>Uc#;<{gm>KK37+a+;$eF;A>Bp5QN1>d~qut|64FnclTASb&vjU;x zGiVnsN5%3@M90hCe2~uXXShf;P?Z>axPLY9r$;znWcWo_ z!E0JVJh$Xxs~Sq;(5P>Vla5&Vi`kF7G!Ybik+Fm-UC&S0B(}}!JS!celGJL_=Objn z-I)8xcCE!e0!EcH%upa5;bbQ(PwASQJ8$*Vfr#Ek2L0SzP}kr|bgV$C+S9KHDs^vQ zMKe9cnpr%lW~h`pNs90!i|F}Mn%qdVj3mK3u^hBQywqK%l9y5WyWV^uQ$&fSuxN21 zga-SuMUz;WB9xs5n~mM82i}DsQcP8iO3VWnBHlfy9Hxv(UeDWe)Dt(5u{W@H zzC~@MaZ&d-|7-|J+f&37;Xlu&7&(&%mb_ZojuVzr7%hZ)f-`v8A#~f0Mp9G`{fHfb z>CfcI*}^aqX7coS!w!djCWEvf13n^>o3yJ{)ea1%N5Eay7^X_`ld23i(Vcwt72=$} z3_})kx(Dk=Jw*LxQ~JN~lucz>&mF#)F)l*iELtVhGmB@KKO^|lk}zlBmdePBtgWY~ zP))&`)X-*EN%d8N$sWE74zZes$Z}t}tJdUXxKF3j93b zrX42e%aQA-<`$;_P@+p{ZPMcRm8$J3yYzE-OEt1wT1hEHaJgw1V{cZ|GdAb|a3}g+ zPERs8;!Tg7-k`@J-#Zxv#8%q^eY`_OmyRG~<9}$h9QsJsyix^(IxletFGvP%B)fX^ zxA>yx5WwT6JNobv06{L}7hf#0%VHvBxb0;(8v4UwYL`jtEDmTktz%iEmyjkE?8v={ z{zQdL#_B6kVC0ga&v_j0W6aKnO9S+!sVOV0TEh{`H{Ia?eiuxVc#7l{P^{W4`L4yv zy7ZWXbGtYx@AyZyf-vn9Ai7D=$tzR9jz0W+(m19*EdmBgh5^9YV>acnms z?7v$Oazk2`qQmi$AdPfu<8{p%ddtRL%qTi#!ZK@Q!!~Qi!yVIPc-B(X+cUvOZyaAj zVsOonfhNcN^dR-*+44i$#j(6Be@ap(5sDs&aq~(M9u9uXQ<0by`xR&yRRmJD2^Vb$ zQvYK~^|)({da(1!P@9=~>_TH?^XTWpNQtY@4~5N+lwb>1$ssSB{Dq9s_PP$0HR*t? zPM!_czoRMEwi(tjZ3&HuT;6?T*$RM~6p3@&kCkUxx@*U~rNFs@I&)y%3YzhOHP>hm zYKniT&{XvEm>N@K;S-{AKnva)^Sj5^HAS5h$f=D)LRan(>ok^Os~q#d+nP$@eQ}~R zxVqcj6!<8J5qKEa40Ja6K=(^$e7-r<@7g%-pC0iL^ivOO-m$gw6bi%Jk-$NTw#XcN zA>yME#bwiOW-<8{#JJ#u4G;mr5g7d;FaayrS093B+Jep?s_AJ(%RPMXR(8L8Y*H~K zX;1b4915Iw$Es|t<8g$mV5%Y zC`Dgh$0KjWACu=Axw@b0MDKP__-0)w9C~rC(T^+f zHAWJ{QA2BopA@q$64Vzz^+&iPQDSWog;;@p*g3$N463d(xR&~I-vVDv_PBKQHdqUd z@vUr-an~f2x;z2$E6E(U5R}iB#)%!y__g$+;-&UG4pD%0W_~F(`_!=Tv0U^nc3&|% zk9uHz^Hv(cpCgABk;b%k-ghmaqD?cDxcJO@`jE9n_T|==N>1l^W9M2WwmXN;`l*v+ zLP=Axym?x+z4_+v<8z&rAJty4-Dfm6R<9Ff%-U$lhUe&;7GltC8jM%#i*O3If)^CF zp`YeZwY-JUv(|Qxwvt12j%0Y76mfqaVwD*vWeq*H_w%mtHrK}$l*4MBB9>j*;N zs2}Zv*GGZwfB3H`WPNZM!o7(l76|QF1TQV^_t2 z`|Y$RRnU1Z25?kWB)BqoSt4d`&Y zNLEZg3wz^!r~B=oy@K(Nh=;utk%;;zCTP99gXogK>B$$(26Cd|(yHOx2>fW&dI-oZ z!-|6q^YmgIXBu>%Z^cgba3IiC)C6`dI0eg&_jUmBF6kd~-{jooRz!wOo1%!?!MLY= zBFRdfVV`M|`rU2%)HM6ldM1rBS9a|Kbr4=U$vPx^0O9`%CybgN=x4>h0@1#zVZOpS zifj6}C9XpDt`J-1iMpe&qVSU-*tJi}X063un<3cR=oRzZ;rg>rVZR}JzkSRg^KtT= z7KC4@qi=lrt$ljS#8qZ?$llEBZg@FJvc(Vb8;{A_C{v^wxCl1d;c3y~K6GjM;N!7# zt3$h5Q$iF)6@CsTb1ah6;`$>JvP(4Kl6JBwB{<*UuK%jW_#=p9fV^!GB8d8nQywi2 zH}lO+l>2Ey0N>N&l}Gd{g)Uyx*pdxGUg69T)rZWW9KU3^XqNH>d{gx8g1_?SE%h*< zi3|uBag5<3*CmQPlw5?`8HYS$y7dgvX>MtCjoIL_Qz6=}e7z#x4e)u!P-0st?ShTR zQ$0VCc5)pow+)iT3gb_->6e`_Iv7OoEh+`73vtxzBb=ctat^+yt;*c()0@G|LU@@KU#Ou1o+TS8)nxo zjj*X2P?iZtPwc}!YRwcR#qTk4y5Dfw;oZzm zyNVUMsoh%!`M#pUW6pY1pJH0dzwaJ#etw~URWTiUVU2N%X=(kwGiS~532tJ9pyq7( zIYl|v7L;T^6>vxY;vMW%EUbmg2Z;w^oRMgU0$u=#r&lVjA>-1G>{5uSS4z9N4yl*A zSDMmA>x!U*x#Ur_!-qwX(u;4|N~BkgR3k;Z3)o2sYEYh$-MgX;O1e(nN)-L3eUS|Q zf;MEz=yDWiue+s%%d&_w9wpvkpbBaDNFDHA7pju6^H zn1gB{xIf#~`3@gyjk+BX-ntbyp2d0E4&25b3xPKsb1@Y=**<94=lNaeY^$B5^}j{r zz;Eke|3Lr7lITM&w-Wy4wXmMm9L4XXlurvvG*&-a4qqkf6)({N3}7yJ2|) z*MQqA-&;1NqI%3ttehzyLW3BojNLKEr8?){h+Z41Z2Z3kDXLKw)i>0&Jmpv`L*9UN z5_lvkrBXsY`k`w$m4Coq$9>*k0`0z#<@NeB#ix}tfyvj2VO zlvUcAzzF?Hv#l6n4t6B{CgEN$uz^~%BvaieLMOfPxrSV%9&w1`P6u3e!`$B$j2*#@ z)r2Sf8vmj9bHRd-l>nX)a=V{Ni2d{xjO-c$kKZ*bai?GOr}nYdEnS1`%(fG1i^b*2 zN#%W)+~pSai4XW#dD~lXQdv7vpziS{Wo&WIG4e~Rxu9MXd_xC(Am;3H`<~@~F{W3R ziYu|6`iWru4dUh#TJ!_g3)zpPtN@x*>l#%rRNTViUxg0{7KvRj8HN2br1HYmF6fYj z$G@a_5P1uacTrElLkh8oNIJ*yF0)(``5i5!W8KP%MGjm^)OrGUQO03 zWNEB<$rl%Vy5JIfJ(Ml0e?j|7>BM>yy=o_W?IV`~oz(!(RlNC!;D2F2Cw_SwF{Ayn zyXXE-^|=2#2GrEe<^Kx<%JP53fd1E)gk4;mER9@UOvT+y?Odd79c=!mw3n%2>5iv? z<5yMi$HW_-*6m;*a-V|P(PT7EhN>tw@h4|fbZPUD>_w6-iQAuFL?Bdzsc&+4lvLm(d~j$ro+tuRd}vmSDeIAksknE3cZ=Zpq)Ly|h0`sjSt+yBeQ$5?7!_~AMF@^?dkvh=*19(5#pvU0Eo-3T-4LFn>b`?Ox=|vGc?aPY91Sc6>KKCxRncGyKuwKLvYcAyo|hU7XNBo+VmaMv zToYIwt(~$2-QJzR*R#QHnme)}cHNke#~n@_vs{x^z~h#^+7!+1{B;QNglO(`e+y2I z6(f>`h%5WP$4zUO)wJ)+(FkB%IqI=wwM8ndlZHH(H$yGoErXZIp`b?K>G6W&j&?9{ zK7z51^vHG#SisT{Ru?qHiyW4Wskl=hKb8dj(ERmcyjz}C|HvdmTm0ZTuP!Vv@F!V7 zf+rmOtip%d$aRP<49gj4`*a93hnm+~+K~K{h?CoHuu|@$}EE6DZ=Bm=F zL6;QM`RfRLZTVOJJvRYaEwf9%&duAkdXLNmp=j zHnOCE0a~c4`s`##->3#MNLd}J-ohr>;p7FUXoZExFYXJ(FLyt0;UE9gMRzDEZvPjV zyqcBDFh)nwev0yk29ICta%9i$SJ$XOU?u>rE6x&s(GfoWH1&_08FPuTvhw&#EF#z^ zk6-k*w1(d_?82XHfxHKN zO~8s~6jod9$~3vLc+Asv3hFAVzRd<<-Eo7U#SeJa(MeQe=z7WuRVJI7F!CEcfmNxK zYDn$!{7HnNo-1{{K$GT&4vE@uI=YR+a0tzDDd|PpQ+ukY%Sc+KyTlb~Hq*fwQOJGN z6rk}UbXJ5V4e&evr0SnC-Hn7GT{h>1b_BPnBHh&{40qyxR_Gi<4=!KG|t- zsWY-?4bxmIy=ux+A@kqXxtB<%ooY0*^&sk zCl^Ej&=XuJXk~L_|1;o$JKzRvG9R6dH^5~yq76od?ZUbLuB0X%LnCP#+sd*b@FvVs zxy?U2Kli}TdGynaPYfqM&r9z)Be`5)3n0;bF3zbjdX2DHl_dAJIQuyka;4i&0S?J@ z66MyKM`%!Z5Xd5}D1B#`cd3-{y+@;jAK3*_8PWEqs+)L2EyNE6&q(*&IQLULVahd_ zhl>hHqPl=96Jc(cp{cb{alg_81`%l zHtY%W*HGzFiDnO%r-q z)>mIBLW@;ZTG2>Z4tsxi0lQ7sJYYqE=}VAqPws}6?oR#$nr@&r@NS`Qy5b6!0TH$0 z1nOOwxY0cFxddksjaeJ}uHJhc6}w?`TqM6^yHUTVM?IO1xNzechjz#}zN__WfOG%& zgK{U@rZ+`1fDvsJ^tUR(bh~G8mrg zz-0vS)B%MzyA=Fb28WAyIrWXf308TcPV4}L@0cIk_?^J&^48P4Vd=7(7}c8INFyF| zNd$_)kTxYw)?%;joaN)9m6fp8=RLd9a9cNC@S+=<9~bVu?~7!u@S#)rf&~draPUZP z2$8z_seMu4fT}E#!_7fauX4S5L%`cSNzu6v)ITT1zrf$#;YyFZz&;Pf-m%7DADwpY zo0I$84!Ojg>wL=;>?5-BiSYb!TI}3+Vjs-p7K?7L+9S%;0n?u`_Cx!C87gshIq?|W zll{!|H~%kG?liI0{hzAUxGsc$0|#}G3bV~fGaeptyf(oF#e^b|a$#nxHboLw7H;f= zKDxiwN4EEA=tsYQ{Fmkc^jATQL4km9A^#`MLH{3>f{3B>|0xn;)z6*L)X=|eQQIuj zn`S6if(|n&W|CoPFn^1vL^d7H&fOuqX6UAens8p&$)Nb`zV`w^vOmZS-h|EB2uvXH zU4NN8MDN7_KCilWB96B2o))98CDWH~?76vA zXQN!-a0-vN;M$KF1q?wnlo%~}i&5_T9ooj9UbXs8RuN6NU+S(bvXk@22sK@jEi?A8 zetzQb&(YWr%qn1-s(fsBdtX52(une1&)}mfUw@rT6JJ$%y`GzG&Um6?A5Cvk3INa4HAxoPDEB%ZW4Uz(ZLVr{LefkyqrSgCXo zK0!YHDW}C!j%~)8%a$8o776ZJLK3?bADXBH%QZOq641m9!@rUJeU8};m?o#lV(4l! zn;fDr$zy~oZKjnjkT?_RB5*1;U%@>}gJVBOGq>zFyI{j1CGb*N9Cxm*ydYn$Vi09U zrJ~!9E{+j3O|CUXKleL;@L2zq-6MG_a`unoAJJinZYJenhJ!_T9Ev*O{qv>1$II&zy>Rqslm!HrjsZ4vmC!{}KkSZPOn9g?W1-_gW zYuFK8ZfGM3*zT0v&4wY3Glan_$H!PN*BoKlLfQv|zyB$ibgP67a2ADf_&G#r=o6J` z=o2>muR#o0bc>zW?;9KANu1dSJ(40J5BN0Ny7kj=<}R9N+;WRoFT1kjWK^}?{4?M* zTuB%!CoY8Mm1LI7BPx!p*X2q1a%WQKGQe6UmT?Gk6rvKd+5ma0j;{#?;_(xa~lJ_J#2W;yo z$XA)%sRjO&mL$6}8+PxU!Lcrfgv8z&0&q7@3&=#zBskjxmAO z+2>y!{5Syq0)3qQAp*hH5MpT{WNa$#r!E$`Xl2EFDCa?PkAHnI}GB{IN23w%;3 zp+VOm3AxXJBbADU4*6Ec6#k7Vin%ujDcq8B7y1&9h%@Bl{nVevx1USKcUSBMs}fW@ zJR$vaQfuNJQwlxq#WQoF%jRII}yAEf8b(axO2zex4f){cQ>9r+{ z>^>U>h}ery0%lu?Y~|O#FSH8I+Y06!e28$qmFED+Z2;+Tl*`0)(qo>9f--PFH*+oZUVi_ zr7Ts0uTDS~pYI%nGZ$(KX<~A>i~mlZv9zy`?I1xw^pO73LB{$Y4>C~;LnlLH7gHza z|0Cy3)_8YTHOKMm+H`)hNf5mnXUC&TVp~P9!KJG_ATflg!Ockrfhahv;WoqKXg|Gz z0k5=ed=Symv9ZPIKu@EY8|7jFHk`!dv&KCNoN=9bl*hd#ehc|qL{C3w_FtK4A^VNE zb05ENJ$q(9dv4dizP@k2g9hmTEfwcQT<+;X;Wjy7q7JXXcY-Xk;uf?Z0*K{eA{GU6 z(EtconMjZKU0=uq$iu^}ZY}?f6HCJLX@{%(NZ1L`D)Lh_$B$mZSRULGWkK(a5@oSC zC=+qvOq&w$oGy13;jb}6FoWzY|!BEN%Aj1Gu#q%tVrll!77qUi{Bq&AgooW&E#;dSFr#3t4N7dT99@xOu;f0~ zZMxPzes6Pwv$);hvSo`YsDFw(9Tj!+ljBLT@MNuDA1glG@-E>nbrB9wzelSjvoESR z{h_DD+F9$vV+L?Fx=l)MPKe87ga??eM2?oi_dl3BNe7y8_E7#Jt7a*r9L69$w`0!n zr6JoKGa>VIJ$0hNis4be8*#Ii3GF+;^H}R){UI;C=6d1TvF&di*KU^-1?S@8rWf50G=nvDvz+={LtyH6@q#{oaD5?jW9XH|EKtxRGJK~x_0y1xb~o;N ztSC_igx+qT)`g)-GHc{nn#R|%3l?LW%nfmx?2?+%U@uk3_>dkLCuDo8+1pdUL0jAo zdmxijUyrNvYzx3qyKQyzN`7DDbWIpDe6d4l^omhaP5aZOZIbJfJJ3Rxr_>xFrT)64 zSchYn?hjL{&np`R+oV#)J2sj|QK?;ws+Y5K3HB5`uO1ft(;O!uGaPYUx>(Un=-{aN z$2Ep)hO;t9=awHUw>h5Cy_8mHl1>kO)ZVVhTzcKG^lU1BzlgT4yn1!BZhQ!vYEWgjx&Ybunb!HVGTa5+y;e4d5!X~ zNqV)&2Djp#GV2j4*nrGr38@$%`ET3z{fzLTuz!P&0gB1i^Ocs58#C0m-y%YlR zSnwSddvIK)d*pwOc$sclJWiuu5_-nIvmw#eYx@WEFIa2Q@Z|B6nzM&3S(g7ONnh4b z6u%v~iP&AY2tZ_11nI%+{~C40LoTmkiR3IO#jX{4k9|u=7y0yQMed$c3r!zSGUh4u zxmp4G*d;6|<7KL4gz~kXQCPiNmES})_HHJz*MiVG_DMVbIhZGwTr$Xuj?z5c=RH2! z3pnipr$_Aq*Run|@*D_fh`V&5mdsSJMiBwqY?`}8ZL=*7hTfLYO^nFX;nt61*OU!+ z!r0f!)_%Nc$hKAwf;!6HfZ#&X1;|P53lwBZsE8$2i}K874hQWSLM&G2JoTymlKGjh z>xy=U+h!oEZ^XCU@7&pfcRmx}j{YHxC5G}P^xqKxWl-hSI=5g&pur>1^C zqX)T!*P;WBTatV2eIv}cL99$|OaCGe)A^^wV17&JhF81@Z0wL9c249u=f{u61R+hS z6$fAEFPft_dkck}cuHO8O{?kkKQeea$q4hl=e1TVSDO{_9f+T7L9s`k7DG17 zj8(~hSZE)!Fh>6(X16Ngz94g`i_DtQ=4|L-j3IM4Qri0k*UKr#!DqXR0 zb7tUAdn0WP1l^ac5}sy>_KTa=24|h|&k)EF)@0yc6YD)IDR`GYfBJlZYy*hm-lg}1 zL(L(srB(-PwNN%yl9Z9cYD1e$bJ%CrV&x&5&Q^vhhlXLke6azyJ;mJR%8tF9G)XD5 zCtwiQw&^}pFkM=sGZaILKToJ%0U}y$oq(&gV1=VgIt6 zJ(4`~MoZInS7;nvdMu7Vt9Rm;bbL50jsxiR{W4snNcK7|c!Lq_ihn_qeg&T3r$epx z9oI0eafAbhFsjF%l$`r0rwm^03+R0?!z3EZs_uC{$Y-m>35L-Qo*di!f@~k88+NGa zhNMGo+3?O-LtGPZ{Nh3#%2uEEel5 zzs_4o=JT|n0lmY?9^uart}VlGZsn8-Je*^u;QCfek7I)=qjMT7pxxROVQqQXXH-YY zQFeZ({Q1?MruEFYuM{q}9B-H|-!>1D7X0~`f@0@x(iYFAA>cP@egFiI5 z|I+7Af7abjkF#>46Bon15_dJbnL00B^@#0}c;W$QJ8M&wAZ! z*LuJ%(0u%BRy@70C=)!xC0)2${dAR>92p`^x^1|zWo3^zM*xV_hAhBmM60Qn*#EcE2S`u(b*Ad=Zurpw0FT{ zaE9p4@5EWM7+CfjyPD$g-Ss`Q45VA)3}K-QR50{ej#5Y?o)si8Z zSye$vFRJvKX9S~2ha<1Gd1B6~8JfrUj@sTXvVQyX^69wNSddq}?aUQdE#e;9=OpM! z0TRHnH(xh(cXp4Ccl&$;@}cXXq4mG_qYXM?v&O&l^o0D8(H9;T1<|o7`UyXswW99OAaqs6e zW39H?<8slYe2?M0> zMY`e${6Sl7zzH_>$sGF55aNT|o{wql1_RvU&xoP4epQy5a+ zwxpTP5NBl7={{rYEI_8Oqw7g0p=(H3gQ>H8i9HBhh)9=TQx)yeK?w)jK0qEjnLRX@ z^0*dk-j&i^v7^b8LK@`Uwc4nGgqLthXzX=fIuDlYpab9bd=?r=;una@gsr3dRR9)U zQ0GyB>6IYezJ3uERJ(im25qvKv}XcRsFm0%RZwfJk5vs$l_`e9+zW23K{bG{o<^JG z=xM&kxKN@~Ixw5XCJc$_w6R=kz2|Vs_RKpY-4WL8$VDgLmmg-4ia3(vBL`gd(R^>! ze*WN=J!=}Mt@~6lEq})Ib`~p7!psNw_T*J*JoC``sl08GK;n0LQA$X~jXFgyKT&)Z zBxQRB8lj)c9)|}3Q=rk zac3OK2G!%r6?@*7qtg#kibR%?D)&|jzyATn#Z2^UZ(&>Slh5WJ^X{`!n`Rq8W&$acJVM9XYUO$`22MbK7Ly1gJ|E$ef;8Q z=(|lYvsa#K&N)dX;x%POft^4%-F15ipnN3NfWp`=Yy@aap2{M|NmCqeTrx9;{p*e_ z@E7HVk*x&3N3ttYs7wS_s<$;e7f%hL*zaQ#- zgBppuuq%t^q}K3)MeawK8o#0au4pN#KW_(0SaRo`lD>65&yDIg5|>PzoQW^5Djrp| zCWBW*8t>VKQu+r*S?Wm$4Sk_*tJsKP?oR9QaqGW2mva=T=OVygzk+@+-2XkZkLsT_ zKuAgGfBgRoRV{3l4u4vf&aBBR0T%q<;(;{JhO8|Z9{h;>_WTM6p+vs3>Z_J8qkf$O z^(OcaMTKiBrg=^NiDk%@xk(hYM2QTF>uE4D?|*&XsxKc>J{LWTyE$Zve>#?ggvmNX z{mF^0ZI`Xc-W8zo;U|RE+ z_+V0j(4A4dE~;gNcu(Q@VgayyGiV*?U5giYxapBcS2$At7ZJE^s69itVkS??HFuUs zn|;oBuHxN>gG_M3U`G3APcW0)O}Hs>dz9_@8v!uPn|v-0@vH2)8!u>D3pQH0q|K~p z4NgV1pX;b+-7{N?H1QutG+?sXfyjD6PtUA>p^1mcL030hCjFefPS)k9T3ec=5lDDH z@Fv2IQ9DTck@_mLr<|=>Q>=(WA%uc-Kma3w1<{QL9|SHN>(-L zgim9hN>qrq(6hK!(^f44uX2j`8-$LcBOJds!Xmv>4aiM)H8(;JdlB`;D+JCoal)Jp zQevqj+L+$I?#~4#s^ndJp?nRR5s1Qg2jRC<_=k3~e&mL;suk|6UQKZ-haQ{$M3Jx! z2wMc>If+{(<5k43hK37AiU~&a+I!N0A7C*ZQKC16QCw7L*)>(Rvap2-8S^vdCd;WJ z&{GZC%#J2K4B$V0Rg2r>`$w$M3~J}F#>y;3ClNGYY=!QGD72M%DKA$|_2zw9kGdvA z{`t<1-pZa@G5<}?LdQh6vMEY*_?PqvtoK+$PdsQXY6ro)V7C%%Ysg64w8JiYLgdC5 z$_?S#^u-P+q(-$r39P7xqOv@Z-mR0Ba3v%JXo=Qx4AQctQCGAqH${v^CD!qx5uzf~ zhH89h4-XHzU}*Ret6kqfF-Xk|aeUN9Bke=#?*t)k!yQX`#ju1nWW+HHJWFOe`bB;b zjvG$x(8Ncal`+pa6~xApk{yBgC^KX#I+S>tYQ2MKQ0y0Pw4;uW+xOrDGSvtPAhPt;34SsWJMVMbcxS zWsEaBl344#dCnWY{WSzx&7jZ-a@Rd-#hW2knO;<#s|2JOl{&0cyuN#K-jc^*Zc2 z5(dAS@)@AVjI~od6r5&jv^>mmyeNKiPAjT zCxK-b=}bclA=qb$Y#Qb_Wkcq4u*xNb4i(iZWxH7wU4yK(yx8R8%eO~zxgDigI5HE{ z=2OUfWO!C+U17a#2=V|~>#F59^|C{h{1q(>SrfS`-9)uX8wwX!MqXqKTUTQxT`({H z{FR)*)4#?wb&tr!J=&1d2f-D={E{_eK4rdD);1@G}Yr#AwvSCTC> zMa}Kl4ybwuyd%8$7K6G|MiSNZlz_Tpcj=CNk0&rhnX7oSj3-LeRJx>3Jy5qnuhK`n z-x)gQO)aiY<`ubr+n_?ST?S@8l4;g*e=Qd-X-DjV2w}NqE@m|FBEaG$6*Pgu>bWF8 z*&0s8jzMJ)BK?IYo7@${Y2Vyflbn>s`F@Oj7OLG!Ro!9hF5RP9f3lF0;(aX1 zM@`*Nr}f-Ui7s^@p>}s1^C4)1>w5)x-;5`I_;7d?vdAiq+|N+1u^9Fo!Ft83DE#+{ljxNm*I~c zP7)$-M>?pbLxDA6pP0`dJn3}5uUb_O$y8`t$QDAVpa8gDD9Am6%Z>7o9(CRhAgETR1 zAcZSW?wgMsZ?UA5Q+?lmcRR!uj2E##-A)O@zmyKsKb4NKwV{xWfz$t?<4ID~l11c4 z;-0S_RLDh2w2~2Yo~sMeI1C96~UGAWVjVY zzn-vWu_y(acQn4r@|fy;-dNS??)Cze>vzXtr^0ZhizZHlro#L~FQ+%c9TyG7f_5|> zWw3P&=rB_&&3glMoeI6Y=jWL9cE=-VJkN~)r3if*y4*RHcjNq;C!HM+QUCnIPqEn< z`8D34&Y_nr(opc%JB|@)aTlay)AMmtHKt}Im(QF65iK9hR<9f{IRw|7se@Y`%Jj$@ zghE$8R|*YJ@9tRo10N6**WRP`js_C^TxC?t!vAuMs<*|Q*61j<9cdu%o|3GB3);Q- z<99RH2&oc3Ls!ICia&dvHlU3i%1h&1Fr~L$#TFEuqS7LXE5hTtZ;*T%=Tlf+HB7LE z4EI5tl~Ep1Y))&&flc~qT)VikruYBJc)zr@e=STY4Q+r zzCnZza0OH_sQz0y^>2Oo7wXG> znz{$%+4UmXvD_@j{6_>eOtD$mkxHd5U#}uX2sicnH4UN-qsaMFbF?4;l3!lw14wpq zGT~sYOAXKk5eCKd@-pp5Oyc+*(PAgqx*YyhA~QHcDLtlXO(W81kx!4I)w&vByVnm(&xYo7h4G zDHN1Bv6Go9-UJyul^?!WER~E>b1+;4MZ*JXvWDb?Y7#Bd?sOQ%WAO}ij$JPBuQ^eP zKK!Da-+=$QN`IO>_4E7*-?jk$*XjQE4aCps7Pd6{KOF8#)prf7AJ^ScEj*-OsB3 zLZThI3($q!-+YVB{#ljjEj#>d;P|bN#oGhx^dTlwXJ;v_LeouzOMC7rJX{W-?z}Lz z2A~lS-Qe_Ui-awgT7L{>hY{)4Cm2eIH$dMM5-fKKXpa4G#&%C*Z@#^i-OC zgBq|c!8l#Js6yW_uVVGH=p3%q1m=JQguyvk11KbteYf3Hic0gJnOfnUsm}w zAKx_c+x=iB>5L}K%f|!4iIYKglDFqTx{8BS-A{lAM!lr2VHA`~w%h0}w0o0<+pF(X zrbNo0Dk5Bra&kzlG6HQ4kdv3N=w;xIZ`_wg;AGAPQmg6euqB~)t8#s<+|~g>hum)e zu&Xjii%O7w3aaC@o-GEY!{BlEx#$}u^)V$q6_T~Im0-oA$Uf0OGmKUHtD-+3(Q{8} zO1wOO_2Axy!|gtD;YKmnd94xG!Pp46bTKk1gDI_1#yVb}FdEw#Yz-O*H&uFlUQ&&h zuqJP=I6CL-1w8|0oZ_Gxdw$^i2dVLs6tjNrXM z5%98QfP=*rN{68avK{&Z>o3TYF70%YgijKR4cZGZ4dx3m&G}1`pU%ECV0SMY)S}^ z4|#u|pCuXo&&kem*@Pffd$Jr~mOEY@lQ69utsqp9n5lgwe8=AlrNCERjbHNRx+$hj z8+EYY4V6oS;}eu?VDlD6Cc1G-D#?6;ZmSzlbOJoUO`BCAW9qGc8zO*n(oOZ{XsoET zIN+7M5SPo4zupuM6-m>mv73unm8f=I4b+QbHKb_U;YX_9z{vt?73RD%rk^E{?#`{G zrEVyD%&{9yK2b`$Jj~}(O{WuCZkrxil z_ZICztDF6s$H6d+685s1<(tUHu8!FJf%dSP2}eyJ;H+j`!+^UorL;oCoHzJ{b}-D@ zLLnZSv<0}xtN1enr*-7tZO@%fv}V%-)DxE8NSqsm6tSh(pcjO5w;tg=eOCbXOlVB? zt#5TklgX^A=X{W`J#hv&c$yiFF_#c^7~!o+y0V0p`7J?1D>7EDj^Ejii^;r@-e<(i zwfC4>6TCdl6Ej|*Oyt9`a}FnQ%pce{`m;u7e~U!W_0fA~w=ur}6oM>!jssD{%FhL# z5cG>WIiBt`=Y>*yf2F4L-bUp|*-H>l%YzzL@AS$~jM9X5;1*1}2Brk1? zcG8mfIV4C|Kd9l~5v)jgn4tb@kI(2VIllk(i7OPDdQG%X?0@LZgN`2F1m@-C?FYhuXq6IdHTOW`&e+xB>F^ z<)eVf5w&(GKfI82Af4BT(;SP7t#u=M7GoLpsA7I)PJ%F13~(vsqy3hRMr7H1^9InXeOJ)S%@;Uk!HLf zNKas6X+QB8A@Uicy=P~04(QGtWRi&s{7zr+O}3vipWUjbS1)wFKOP``k#K@%Bf_Xp zdJVx8F^U9J!S^w$LRy(I`=DPt(EExpti^Aef;sgXdSfL-Bvw@>dKYY)k>MxCF5OxW z3epqeiHRj8Ab(uT(xo&KX7rI<5E$VYmVUZ=6J)6XadE%~qhd!%b zDzo-eU|7**`$-29_&F79M)PDuq8Amrf1K@X3F~~+@#qYvXKmg?m6?Xif+E$jnHb!V z!+Jg%5GR#fI0qtPC_i3DxOQWCt8ZWmRvU2A4@PN zG}rYzR0OZJsEuK&)%Q4(Od=N>Gt{cvP53j-mX>Ogs!9&L|NVs8Xw+=Ny4NJuN?e?h zMy{+lTW(S>PDswmj6*S6l%lpk#de3gQDZv0vkay!R;@E0t(2qs2@l-^UL(OGY-cl1 zRH|oAT)4T8)4d1|sWv53RCSY9UIFzpZCK^1ii(yhIa&fJPznZRF&f3UrJ1mAPcf=I z)~=#H>MV;RMQ+P?3TVw#qpP3N{id>L&>=4O5F%NZnKA^vjUu8mdZxrgXBv?tf*V6m z(u}Iy1#efMN=Kz09nD^5wB`$*sl`RcexD)z<@br%=Y9xV+aBGE1k{wdmV%RkmEEy5 z4t`=Qw-`6@3v_+G`2G>EkY}sKN}8m?0Q^GBq<(4CP{lE`M;yBxZRRE|dRiX&WZRL| zabp+|JA^KGzeY29T=4jI8VT4h84?LKoXofb2*(l~D^T7(O!d7=!JD;zF?#7N-I|YPV zT5aaWALg9uf1^?fkiKEENpZGk7X}o*iQx5C- zO)z9G?w2c0q(rA$rgK3c2HXA1VA0Ed0XQ!;pfWAGIi^B5rGjr<2XWGPvMjHEg=!kGGqfb+!QS+GSB=x@cFx@Y67 z$N!?iyF^K~gS_}cw_488FPG@jLRq+lvU$CUKZeiu!}?VJh*j@_p<1%*T$e1)IMpOhI{iqO^N{sQ&?dVH}7_52&C1CO3`DZ|yz;)gr?%4}TX zBENlgmQr$^yLEX+T6$g3HNFTt1}?vSdB$1NE$tOkZs8{i_OiTqp(A4oj*+akN6~a| zqszK|0nVixf~yatW2>TbhiMyi{@Hf7+;O*j1Ah6!9n_9S-0f*jV+Cg3JL7P`q{&0M z>N;p(GG=5VroBtLvMx4TeMW|HN9L}q7WEDKpPEeb=XVsTV1AB-!to{Thl&1r?0Dj zMebt)d$p`bIi$wZSK@z< z#mei2E|^ID9g3yqp3OPqT$AZ6V%8d7I8T3Fuxyd8oUx^TMt`2e-fX-WBI-}mQ0ce7 zrbAK$wIg0Peb4e|=p2BXT0bZ0UyWa+J8n9&D5}q`UOW-UHL0LJjUJrd>aWpgOou`w zUSFMo5>R=pBpIA_8DbvJ7pp=&@_Vg3O@;2Ky4e|gGme4)TeJ+&+X+1&?`xAYzF0wM zOy63Wp{O!oW?4&OdT1MY_f5)k>30N7V$_r^lr8L(0&?)@-Nol5C^^70*K%zV*UnRF z8?l`-cOJo~f<=#Ck3LLSG(4iHqGh2He8AtT(x|tzO7mdLXBs6?oNGophU5%xJuMt+ zLf6kC3(gKN$J|bOl%D0lkOCPDVK$m-_CWJHKkY)YM(T=HjP`^qFK0td0;cK~h1A zp4=CxWx73j&1W=$+N({Nlc--z2ZD-X9y6JsNqt!(8NUk-2pLD_!U%mHI9L;-v@H0i zjMY!f^Efdx3g&4~XiV&>g>=9?{oy`%0ZnlIrOvg&8H9hfhF0<|ajhDQ?W*Z~dLvMZ z7K#Jh>)-~{Q7qv6?SwK@8}fjE^8g4u-GzRW+VP_8Ivn023>h&?3w~JOCARAco4_bqU+kvOHMj zjHsX0$pp}Oap&PC>gshz`=4@kjph_A4)p8S0rS!NgFTe!sm*AW#U zvyelZ<$_bYJ;lL1Fi%R2I~Jw2&4Wm!iKl+?aa=YS75Rwy$dE#RUM;G}TREK>7V*AZ zwLWj$e@wBfe%+J$xZ?8hdczGEW5M=>9Q)VM5tk-LpW<~lMI%a!f#w;I1VYJ-9VSLw zf`J$ZoCwG$yu#rK@eiMpAZ5sz`_Bi~9b}vJWgbjQ8Uc%ELGQYGO4A%WdTQZx=k9yL zVcKcZ(4M^nN2dS@3`45SPO%eCbr9a%tcagSGTTf|8&763Tckj!jIks{EQs+OuiQ`N zB9+%k0#r&&P;sVJuqTs`Li&YCahR|l=2O>Lp?j1}NsN-OEmfH1=HbrK%zs512k_!Gk zID9wQkd}WCsZ28~Zqc<(WqeX(5WPOwz@0_47!O||o0pwro}g4`UFugKBur>Qf<@_M zzClsKE$J(E(t>w$VG`ls^qM#dR&d9@MOJ)bdR9;JsCalZ_sv`&dnh5f=3F)hnvHJM zs+!4IuR>!b!!{^IBb`MV4aCL1_qs#ji2#TGCEv_yaomy|fv#o_?f3>M{4QjiojX(g zNmF_2&3lP_5RWgh+cpr%;XG@9Ck*j!PmIhj3iu>v=^D#jy-)DoP^R%@_Usem()v3N z*|gf=k^-f&-rDAwi33-?RK3kkTh}y61=C#Dz2fwAw1WwsZew$%kfYa2k@PZ=ab-q0 zt(j4!$&yxh02%(zHeJ=I_+fC0j-Quc0wAR@X1j9S!5o`T)z*$sm!{OJ2ctbhV2ZMp z00c(pZUzWW-?3wdImlK|21qc`Pv{s{ z40CJ$z5$^?k#1-4-kXf6;Lo#$a}7D^*spxXwu~`C&h13?CD&4o7KU9`7*2 zHhn_}w*yF*-thstL!L1jww`l8gQcJ~TAFUhBQ%!@eW6=$v&3$Q)a8F6dimz#Z;8F#0N=%xrsy@!#TuA%TV}> z-7j*>;rWSW`lB=UBlGY~#Yo~1T3r~OgX`^03ex@wIsY{DqgIhDz=KQui}O+&R&rYA z7kYs#2AAWqo$P)@E<}hPl#|JC5wXzhn4NR5AlHuO^d=vLpq!Mep=&&}?r0~~%?qar z4iD;5k5150YSvo*9S8&>4q#|UXjAy8=Zxxn zLX=rDww;I|f3I2!5?nQ|qZivUUK=t_FVJ`yVK3Lz+FHY*D=V zf!#g5+jP}@70Ya{ zRq{F|tDhGdg%6j|Y{Y9=36LO^X21UMbnW93mJqH!!*fA+@<1g`A^F(%c5lLY(qCa$ z^>u5Vn=fzms<_Q4Q~%Q8+ABxqv#3zDR%Yd<^PU~2c(Evi2*&KeDi3gDZ^JjAD?nJ9 zB^cmJ@OtifA(*L&PJ8L zPyX6Ft*g4mW|*sQ@@sy(!?XXpaUeUqU~|pw2(-}f-bJx=$X;Wla(0A{oma}?gT)o< zS$2f&;(pDYBH0<;dcl!hkW0hZd-!=RYM(7Or^t~i^5ccie_1@gcr)An{vaf^ev=vTZbVY2coHkRnHpsEr6Ie0xu?ntyaKtrrbOYrpRp-( z+sqN?wL8j>U$k7l0|b5pgs`4Sds8bd@)-C8+6*qq^&5;$_xH=o*T0Tzl?N?R8mT6@ z!b?o-7(%Fy2Byi8i|?7TNB60w!p=IvAt`9eS_X2Pa9%!w>PK^#wbjp)Pt~>OH6gr) zE#{ot9&K-N`bUh09s1mY-y*ph&8(X=8Ns})8z)58n*@q4wbo?h)bPVIE{`+yI(A(> z^VZc5zv>##?D56;Tn6v3>0?mmcheE+7BH;3&DH`n>)U>lt7SM8U8j0-GoeRBPB2#k9>ZJ!M+vuzz{1RI{T8&d?})L>zMBg3y7T_E@RW6hIuW3yT47-Hnw+7UbFQ{xV7)5)AiBSBG2u=M`aL*jYFQE zj?cu4?jNY5In$&c4GoD{?JG$eGN@KBOSf8~WYRbYD51p&%2d7qQizK$XNmKt@U6Po4^F{HT~~wyi$xH}op0`y-_N zHDV=vSheI=*h!*cPz4Zbr|!au6QjF#=#ndN*;Ac$li8njN{>opk8%uP@!ydmIcDKWT;Om-SbOQP!ZLZS;iv*5Yiwm2>tL%~CppiSw}UJq-1Qu*Lq&88r#e9nDVtq>Lu^W;Q`rz2 zvKN+4iS(3j4r1%lPuw&#YZdbv6Q-oia|qEUlT_O&piwHOHqy@QUf9ctO(;o zh>u|fbQk4FL3vZAy+&)!{v?q-K)kOlOskL|eZulWa+DI;!MWm)aMqM1Nr)o^V8ZRkhNPuw#A}q)7}Fb$TeaYEP(NMin+h0I4C(5eEUwDG=?nzZYCO@Z#gk z844r=YzK?<0V4U?kvT*TEdwW>nPhwQ&8-1Ws*N)eW1exmo5fR)tj-x;$L@yP9uwO-BTe-|s` z$u@P|SDvsGutOWoGB(eTE))AG^#~#~3kXIY%(gkLKzsNAUK&HBCPpf*aFQ9iqa2r; z^|`q6eB-4m*(Qk=6H3%u7LX#Of5ilrd>-%@I^Z1>gz~Z13pzk{+5f#mm%U;sBzql& zVp(8%$I{ER#OW`MV}afYJ5(%c$d@!HAUi6oMaIoAI^$aFJ1H9+EUTMH+Oym<2>|R2 z5-h8#S0d>OCM+m7Zs8FkEVL^3eC?KW0}s+^eX0l~@&2Aj7=JEk8|3m#xQpo<`JQ0< zP(mKLEJD%pEs3xuAB^hBu{Z`}!Da!bbu3fFdJ8dz0m=ki=J9Ao8olcNB-U0R-XS&u zm9obopel1mrGBd8ktF7)PLD8buwGlpJ|OR3D;6yG$Yt+JKzs3nb;ZXrBXGH7c#duF zbF!h1){jHK@?nE*0cDmwAHF2ky>7yfC^&CHHtcmFkL#Ef>RnJr#X&#_(0^RlsB zF%O^FT`3QM1upJwMO?lFHle5XwZpSQ=MYR42rK7GHz7b5qCjWEK!c<}_r)!OZ;Ur3 zE$WOMGjEmyVb6p5o$NYap+_s)aEZ%b|3Oy>Ixu!tF>9aoGsP zr#`>`Q@3klnyzGii0}u*zYxp6C6=7Mje)qegQNZb#)35zF^$l?yRcS>EFqu^W<=sp zGz4HQ`KcT82-e}K)QWz9lYZy@mAw_K*hqf2&JiBd{ zv)~khwGTMELXN$*j@L(dzrUV1edU!1PKKn=v|1)Z)W99^H^O#k?%+NBJ@Ao;CPaVG z7xS?PVJ2U-nf+aR4L-9()N(R6s5k-W8&ixRz)@Oo3ydy)La zGWgU*lS=b_<0OUNvuYH9;2uziQp%+YE?F1{@fsVl3u%ZtJOW9;H+q5@5_n4YDpBUw zfn0W;XfqqeWZekA?i$6N;ocX#py%*{mDN~!<-LLgrBf%_$ccTZvZJ8dK1z}9Sn<5_ zM*Ar3)D=pjG%DA+-ihUtekjeV`E9wIlj4nNoo=YBbuthDJUpHXn^3S}9dbSF5u~I) z4e3>hufwZSvQYWcW3qZ-(O?2J5sfw1e7JLTeNW_He}`%@+hDC(DUd_gbtaj{!UjWD zQFRkAWu@{xQ_7x{#1IYyHHM~%e3oJd`bVskF}i7@zo;=r19mbZuv7F&snG|&3i26Hp$WKz0a<)Imuxez~#;|cjZh4LV<45qo8q!UXXVlCxH z_tm1VG3P-h=Od}VA`c7?BpN*MI7T~2;YKZZH66RVFipQ!Fzh!FEG(p(DIql$%b3Tv zdrJwq`h?&3TmrV}JWmeH3#xrcQHdt?IIaiXFlcA0giwBaXGnYlB#(9Y(Dg3QZPA`>z$&}eu>rR9Mw8fx%xIS4NEgtf6@-TI{rHKXeiDy(%?YJw}ah%RXX|=mqK8hJQqj~ zCF>ES(&HrYO+U2*5|{lKz$Si@x-Pv3jKmIF5kQ6aH4+XPz3uQ4?LM73Sg-d`Sv_P2 zw}VoTNX!S0Pul3k*Bf__usIMrysxt!=7a~*(&y+sVotfgX%R$JL*;2*8;r2hQ3T zz*#pKLWfXBD9{tvXq@P{r!1)My$c61KW?CpcbowpF{Y}y77^Jae0~q9<8z=x@Y=R3 zJ8^OD7R7;YX#d3A=mR>LT(%oBe+9Y+3~_K)8@ov<*E7ll@M^YQF+7&58FXnj&!H}C z*$dV)cru`=YK+H zmVYW)MMph*$N!7hwot`FRp}Vnd#lwpI4xjDPN-0M;Ex^%7CwkoucT7spB^D31$Xh` zT_llXe@2sE78(xSOyct*4!s3t?vSTtRtBnxMJWrOc@~c`4-VZXi#+e#A%Idtk}AvT zkJ+8iZqJ{q?-Si$?4U{U-Us@T_IvUW56|0k8SJdWWkc?}b>I!h2)NP*rUsI3_gb~344~5VSH=YK#i8zF^N0UgryEm5-#aq=>?kl zQgKR2z{Sq_;$%A;{cUvCiF?IHKn{-hhXNrEq&ooboyi=Ik`cUAY z3tfAOkdh1rlN|{7{F+ml$G8iZtw!JSHzErB@yp1*-sxhk)vev{<&l-t z)Kc;)ki0bQpzhE{1nsXS7JbM4KqK6ADU^8fb&ACOOUO#ABwLKUDF(Ry11`-BL&p@^ z?3}uW81FrakXk6fpx`utwI&=Y^N^*NQcaFR_&?VR_;FLDB8S0%vO4M27#*yi!|%q5 zOA81h#z<#ljcgZC6YVNLwAStNK}o*3vau1tl-rQqxvk;d>e(>?(JYISm@zXXcnMjV z)B7zlsm`NdiK5&6W>XcSw}aaZ{(PM`0zficO_N(h>KcKbEsaWsBLEXF{z>ip#c8bw_Pd|POn)G zHa7v$c#kL;Sy!Lcxfb$J4jy&*04>%)PVf9u^cAjMsAP>w$LiX9%hb7fVhaV3m+=I0)&ul~9e zkOU`Lp)cx6FmJ~`QGArwbGbwiV}A?U^=m=+=*MvnDK`x!fe| zWWhlZ%= zu<&XF>TWkvoOA&9U@z7Ek%OpuL%ae}eO&&t%**l~QCA-)yRCrm+2`;BAPf40)6}LS zkb5g*F6*fy&KJUzBD2Aap?N9I22joDkBQg$$RN>PE3l?#ziqG0yhv9#n-?EEjE*m&pflJ)>?v(kCWuu+B z`QHzYX4`A)$wHdb{ZA~)IY9h7FdU|QpAdEKDr24J?%$x z^}?V44w?DZouSeL3nhN`JN~r0u<$WbN{Z!V$`}7PFt#>Yz6ftzzqOJYPPs`|sWydNdZ`_Nb+})Q|Wwdft?41Jh$7bHx1_y?UOZVhp z>CvK?*1B0rmhjAXGa9pzqJl`%ga|H%=X*}ntUp7H-KdAlzI9GU#U#?*|*%X z6Yc?u4}<|8iBYbNJVC2#TB_%!EE*ia6?MSm3#HLCKQfTUTqZOkUoVl{XKuLAADCnglZ>fF zE*`FUtwD|VYoFnuG^4%|`M(!mNLM_C5m{^9=$rv3Kd7waT~T9V&G74$Q~M3C2F(68SsMr_iCuV(_c9aum8JPu{NA zyLhMY9+6()N?nk+Op{Wkv+j``{N;+sgiHV{;|VG)>vwW;LOOg5D*f+VFti-C%hewQ zCiu^#1kC?$@$i2hWoY~ZshhBf{AI1}lkr6zB!JHa^gB;lo!~@{ObJq@vH=*VEH@zt z&a^?=B3{7G;cTGPVE%OtL`EsIPI{qE{P%6EwCz;s$%bTBb*aNuVFqmMaF@gP4=gS! z#^vd+OYTaf(=4AD{n*oFcOwG^K&h*u&r~lO~?$FMZQPA2Sfx9Dfx|tL(`I6^{ z>lPPb=WThPkG*cxA{fjm{Pf$*`4A5l_NZq- zaE{A#M-MQ@l^!A{e8+(O1>Kv5VZC6sUq|e|MeI7+I0h=`W-rB60qJWjqWI>Vii?_* z=SPoVCF(byxQkS*QTBJvdB~(68@+T?e2E0pqP_Vj(s!<7 zE~UfY|5WfWW*v-=TPoN>gCNxqfX2q;X3VcOt<&5+%g+{7WepM>HC3#rfPG*fSb9Hz zm!_&xw4Jn8mni^M5;cfhOCBDa#WgS!n>EBSp zH5b2u$Xg=sbxnLB4uFi$bFHhxpA#FQ0G=)zIs(bxwKRorfsVdnEq15$-*65^BL_{_ z(vn+QY+|0oemcB+xB+I)Gv+pyK!3^d+h#n5`rzMvorZt;3feV+?f7b^^{o1IJ- zxBAt+T|Z&tk||~+s-exofX@5@@DVRP{~Y^i6kvYs@*v9G`gUo4-fVR*R;gh%xM4;i_1fCtAe~=x{_kVXO8GECI)G zJtP-`IfMxLwKXSSusH5{La*@x^78gI`U!NSU58_#MUp51VX8`6!a=h(FdSWhG@YCT z(jrtSNsM*2FZpULl`pxy{q$JYFxjLi_W0&hV_Q_C2V#+{R0N7x%P~T^)9HJ0=(8$2 z=vA#h(KN*Yd$TJN)tvcpO2XT5%8t~UfH;$k?_W0P{qhj&xxf!o{Ryp;QlBYERo6`3 z-vhi+Y9>cpv5RlryevJx<}mgDw>Zkl>PZAaYfUaG3NRbG2z zwL$7|E#4zJ8GY@RXD**+Pr%1glmC^`rPC#*iPv(&*9kmg%E(HJ;`C&DSBm#Zf;Md# z8GRuECPm$nCRT>-6tv*){7;^9I1Zz@=W$|~a;)a);MBzAVk70syZX*CalhfN^u|Jn9#txue@;BxV60;50FP1$ibFHn7*fnn=TtXX z+dFH$U3#|=D}&t{sPX*{vd>^wsdw$*uioF%mAw+EU#Fcus==ps1Br=PPuXGA2bE9K z@3>!#H-4E9KY5w#De0JR>N49A-{8H7R&;H4f#`nO%?zxv7xs$2MS*NSe}V;v)r9#2 zDj`~RJbvA=Nl=FL5B$~7LYELyu%mkRpv}`>YBx5)g!LpxbntLh&`UZUyM+;bP#z9y z0Zp@2TwTf3n!g*tGjUIf2FBMD?n*k0Tu;ji@K6A03*=C(SZpXBOW-Vq42TG4CT(SI z^x~M;N}(LXP(C5YyEx75uYOZ-I?aH%NrbMCo;iift~4vx-0(D5656FE z9)Ec#A&v#4NgBq)N>}K=M(FF>&f0{GP%kji)pyR(nfm2_{*jL*GG$nhU4AfA8}e2j zRA$EkwF5zu*cs9*;|Kb!9?bqLz#G!UK`Wb$7n+VzBG#wj{s?F)_O(p~nu7c{PbTdR zWV7JQA{+ZV>H7A4icP@ym7{gQ`jz7q|09AM8{opxHlQx)mM(M5g{FQ*rik^=NRAW4 zOmSbM1-mtlAT>ziE{jB>rs=kmlDVXW9mL^`$ceJz-#ky&jh%%qjYqBaUny)Ij4>bm zi3<~ni5oV&Z_GRFk z9OqsyT7qU)B+oR;sRcVKYRno&mmHo*M2O3%5&T8H>@5rA0av&c<(K3xro3JWDMoHb+R^ReH0$al|t+=kcDZqF&Yws&lPhwF(mGhP~kXFf~~Pz40b95r>Yj?mrR$FK_#+6 zl?}U};%LL{VCka2up58Dei~Qx>hP2sHRX6(krR?R>raeBvwuR_Qw%GO= z@<9|qx})Xsf8X8YrJ~pqH?NL&Eby9)G*Yi%B8J9146epW%FtfEb@^z$^QEY zr|%5}3M8XKnKzav5@^!xRlplV+XPWyVXTNGn`|uF{<7?6wF!gfly`;-)Y%1k&tfPs z?6c;`)+`s}5cqi5k(28#w)thlyL}_bs&7`^ITr7<&HnQ@rU?GNW_l&e9$_~T_XnXJ z!(a24@=XU+G~;zz!7LBEQCxctKJ0bibJ`?beA)x4v_c_2Q; z6JfnJh{yj1HKD0Z2j!lE-+#C^sEtMQ`WsC)*>0bKFETo^*sg%?e zUE6wemX@;R%J^7YYPszO4WJMn3C4$9kC2yY%vUCuYPF3r1me?4NSwi+Td;$wRGV@5 z>35q1FbT??gt4*rab@x#iNe~TG}umorFL->w{-La0}xjxq&xKFkK6%@0wDgb3N*HIxA)8ygt2M?i-X;7VmT)KI?fE*;EMm&Ug>}95qyT~*z z5queu&tQ;-AiglNd(l#1YCXu)hl7!FZGdYoFycY&FPbl~t_nbY4LoIWgoy&yDNLhB zE=(~$rFL4Vn7CTD!_y&;=;U|$TPSYJ7^dA00Z_o&VwIz?x)g{aQl%53W6>`_pXeuF67b3P6A>-)dOw92d+ln^i$gZpfRaDF7;Emqf zdvJ?zlpJIGSWqc2U&q=nucJ`fV-%1U;*%CggUOeWo_&n2lM>_ShTQ6NHQ$E9lN8al zZO}u|3eHHf3+MMxy?sJ>LpW04D?buDQ@#ztHrNiuPo>J*b21e=ax{yTtLBWOUoj_{ zI;rF^UV}QT;+?6DTk|5D*N(e;Zl-`rm3SH>Q7& ztN5*~Yz_6DY#shDrlm<0+D+-Z%DOT#`D=9h!-^kCNyslYNDoa(Kpv`ZC>RU+N1ls& z8u!St5t;WLM8KLwSrs*vbyZW9^F9+rsb_833-*K8(BN}qMKur#_dJ#pAuF$dMBpyP*=gip|V$Iu`L**oY zl9}_O_L~-cX<>RF!4R z%xhRW4MC+X#D`+lJp`jCx#JwSbQFjOp=zQm9kxSJc0?)F)0yLXKRBy2PHh-0H;osX zM_{+43>z5flUE*Q|5XbR7_kH1Zz!)n;5LkyRb5_2C2lju;c>=QX=&stU@e|C)_}ho z&QI-UqfDKG*guJIqFz8pE~#6ujSRKc5Dy`t4X;NtA=CoH2}7Ztz>1(+sw)U%w;z%} z78?VuIgLo|s+X~>;srAvHYhwdo0xBmi&Wq-Kx?N#6Q4%AwVRSHk;C{! zZx%hzb_0bkr=2$3$x)d76zI}mZi=SDelf{GKW>1IEMV0@X(M`3WjP^TY|N?P+(Rkp z9tkTtQJO^|P)6N9)Kc|;s9eK9t{WS@R-{wgaZVSM_EI}q&CyNCUnpLE z563-j6Q0JiA>HTIu`u#CI0F)Hy%}p66%XW>g+{)(E2YhSY8y0htWgazr)J@CPj! z`}{1*bt|?VKCUHDU{Ijr0zq1HH=L4HgIzGS+wLbs4I3_8WY9i2)+j7 z8^lxL^Kc0LRw|{GS}-9cQmCnn@?B&n5Wp)+%KoQ9PIqFBqlr%PYHP>5+zZNBZ20O1@=#|- zS}mM=2uEk;MpWLehs7uUaC+_?+y}krt9b9qO@8<{NjiB9$)dwJQ?rB#^tZfyhy9|% zLDumwDZ3}^EZpmP&Z%`vqa=6v=!sUnPK;JHzF_Sv+;PT-L~|-ilvN~czpe1C_NU6F zlve%uJz!wl-EH8UW+txWzC*b2qQMb%0J~v|JMKQx@csrVWoNGF3en&0GPC?*}H)psp>n-HBO&IuT@j09=e3j z?$kI*p|E&(PO{SjH6^*14*Sjpg+At}uWDIw7?Eos(d)jjJD#8H^00E zvM!raVn z)5d9Kgtz{eEK)Y}x z27p#;&THKR-63^>O4-~x2&k2fK;Z@rXjU@|>kJqcnc1CnoJ|zK2#F7+yj&vgZ!FAP z+TwEv6$VFlvXz+BlOC1E)uTO7oFX{H;Ccrnl4}h)!35Y+(m4!LL2;SwqA`2wkmA_U zm>80Jne|fv{iJXQuC+d_jP5cZEX4_I4*?~dGQxH8WxkGN~#sX@;#qsSgYru`FaFd z)uSIYEGaKM5uwA|8~0c^E8~-wBjjZxic{ePwR?PGleCpGXDGu6HuW{VkULhDSXp)f4>2 zIcs4h@s{}Y@hQ|RmCexmvQn9OsG};gQ;^uTtv<0Np7dVm z0terzp`auAKoAOD5OLn{nL{Bt8KW*HS-^yQtEAf2kNwuwO|N>nH%3FZqKaB0!n}UL zH{;rG3^U;O4l0@82G`<0&Hn>?YO<3b7xLx zsm=lz?`N(e?5Nzyuxgl(n{=WsSWYa=dAAdj?4uamO&OF{lsjUN*yX_VqBsX|`yM zbq73NZ;<8y713hTTJ<5lM2(3URN|$Lpr_9c89H-8(rgVKVT-OlT`#A)y^@5d zk-s6b?DvBpzbJ+sZJK{dH=|}vWS@WMc}>4$J5F!*e7$_g0y#dj2cfpI`IA&CT3yys-bQngNsx_!m|SGXua9A-((%UAwpm^+X>mb$ zlUhEK7kvj4EdrXy{d=#KOD+SK!Au-LyY8OAoBDYdM2~BU zI9{Ib&-bbev+;^3u(ylS)EatCOhRlu-dTO# zIFdh|i;3bamE?liFOC!5iOI|6<%#x6nimvPcNjs#C}^R@D%WgG!D z48HIBzA3 zW0zw}PO^P6d)L`P(%MbBCtn4hcUMugaUJ}xnLeH(h71w4orxVJwASmE_2f@7sY*@u z$-F6pq5ceZ)1NW^LF%2xJJwpYdUxx>Y$*)F77(g(+iteEAf|gZW5IvU*4#XLz57|b zb!B{~60+^95xrZ7%%UCg(!_D9`f~|msoo*vQ$N6mWLcQ5;~%ABC*ynwh$*&>aip8O zZeVo4@7FDbil&ArI|&$%X6A(;Fzj|YrkcW> zySf294jzFp9{3Yq9!k^AO(uB<84D0qPN@vr6^B@+6!X-f9u&dOklBc8mjUgV#8P(5 zLnXkSm07FZg^d|%ix2P1o zc5tq-8A1ZsyzB#~A06byfvIl+a?9&>bodiQ=hfFzyY(*Rc@{QnmZIQy5ohtN1P_aIY1UeyFAv}Wru|JFWo!mi z$?ErtCjg!fDv&Jf$4uN5#=aA256Ptack+EwwG*S^J_a0f#o?vFh{j|xxCqW5TZ4F; zKIzfI0Q8R(ZzC}s2Em&)K1niF8dO>=ML41|3z6hXt2(~@M|ATd2PWATcl9Q)cEbP{ zl+jFiwV$nNw3SFy5*^qLYVpMnLfclAe}}GIEX}1&Xxf8dME*`y0T(t~B$iyH?hi6S zjMr1y73&CubDR3O51eccbuynRij1m+^N=9XAx*0IW^EVOfr^!P)vL1PgO%m>jvf}{ z@G7pd#Ey(BD|Xxs!CXivR5!RvrP13kcyCTF9JnxOeyWbONt7wE(6-UomBtk(l4?9s z`&9cW^I#t=*X!?7v95V)5jzfsr^Q*}YTREf2^=MrL>I6Z6kvupmcG=D7=7VvSQ`=K@=B%(f%mIh7U*$VJQ(?LnQ{%{d6I5NGpKDOZ7pKJhffdpr{6L% zkypSZn#hF6622tn3r!A^D#Eospv{e#>qY~tnY&ZP^T-R8=CO*p&-j%RLOv*IMZ_`} z;oKj7X)o2CQZ%kNR(hW{*s*tsBBK5@>I>?Ev~h+^pwILq2U$m|lW$)YSH=_>VMY$z zti>7cU<|8gxQp*%fjF$i`c3E8K9^TNlnD7i;1FSjoai9>fKvjN9atDlAu9dssCq2r z2{5;?q=Dt#B4H!+D~xB-ZlT)JnNZsfxT?=z*PCp7uU<^8k}KWg`RmV|jk|GoWWrV$ zZU^+^To7wb*0hirg@hM4RU5@ab$Yi7`a1+&yJVt+LY{WbwTn0DH(o`r-bO-{gPSig z&k4iZrg4%>h7+@ifr_cDN!1?DOpj9F+Noy_hcVQefp0?CaK+Xh`qNFgTc=C?uJ;K> z!QqDUQcefC(pv?DsqnTSTT{Y1I%bizsG{e67V~WsV&SA{JvcDiIl`aLF;@;xTd?cO z!*lQT{qviYZU0RY!bOF4c(%raYmLT`8NCLYCqY?!V-e~81s zZJ5LV)tHX=AG>@`?smpT|G${d|2barpJ(wq8k(D{=vz4(3)>jlervD)5nXb9-;0Du z-l!e+XJjn2Mc^6;8z>}dWy?f~2FQa%;-v8q&p|{pYQsplxEO(DX}6P+2LeOU5GiSxii7Qbd>t zBn!s>NVmTTn1anpP8Nl_IsA-}vKyKVW6;=dkz_?RRWEFc@=8d=ag;EVig?jV^HXT3 zM8#b7?@HG{1J$>*Nrb_etF`q`9Y0porCYZDZm7?l8CN>6Ho!LgRb6V#!NG8wjN!*> z7SQa{QT}A0l`7 zLKr4>z;IV@G6iDiVE2hd;!bx5e8XqhdXyzyIp`w)(G_3(`m2sbjLLvIf32E1s`Ml&>t279-wK*!z58yaxW~XAr z3n|X|DW}&|o#J_>`R>N~VJY#~tRy4)X7m1Wj-#(>pRb-f%ZFFZnoY2o084(MSmn41 zKggIdQu-7DB)0HdC#sPHC!}#kT3KcXcd5Z)&}She99~LWUec6dWiOFSb;=uc^c>iH z=v5$I`X_p@8(}X>UwX-1YG5zrOWg#SZh~IyHXlKUZxT2vuordcH$TAP#Rf$vm~3t_cDm4v(E#m!NEG2-_(?374kDK)4ClbNLp`vz})m$b^co3b*ug!Vm>HP^K)gE~U&z6`Z zQdgMgz0M|SVA^b!A`yq)TKM#snCTT0U8*G0z>lPYG^TSJYz>+O#yk0O3bYCT-ld|A zgL!S@Te}e%P24M%ADfpFrgM)rz_zX4QhZ?w>UyhsoQ4SKB}0?%rHnRl^X#e8Sjnh# zCoqb2rHsGmT~4+^fIHFKddO=~uvWazbfoBd;x%)wum-f2!!u$r%Q zV@gg2Q@qeL0Y?f~())R{I}kV;aAfv7$3NTkm z*4cAz0UD2oD^E2$HJd_E?9fgH!0`>HaL-h|A@-wvTGE4uuH~=5NN(s!ZH`A#$e_|c zDya2o2=Ws{>)Ewib=th z!5W8dr~ckKsMlH(E0FJN^IbKHgE0}c__CRMJbSriJ>kwosk3qi{kwr%9%&}s#2aBr zRGY6YYg!(Svgq1lP$z-QzkaB2f4(hblWIG5{R~a!4Oy{4&UU;xY2l}l+-#SdNlq)z zWUK18-OGTcv#ajVZXqH(cHU4qcI^m}C}QXtk-TVYj7t8}@4j=r+yx3jX|eAxz_PWa zz>8T&WtKQU@{p}Il^AGNm9=Rqqk4u6GmL?oYcj6z?hXLv(rlVR)0yjKQvDb+l!F#M zNUb?4?FyLgBS=Ch_?q4cf2lA-hs1k4>G$R6%VAs+k;F702HYMI`bNzKNxBS##$i>4OxzU0>Hk(g;v5?Kgwu&^4?l)JyaL(Arhu2aW04OL zlb?Nr7*~+A$PoH5b%Yc`!vVS9g6tZ#~Tvd2IDWu|V!50=X)22tjAX*BR4O=n4-dezO0MUS@cz7sQ5 z{e3WaW4JxNkC4Jyo{fh@s|Az^JBI8samRjfaOZscV9{>0?QhhZx( zBhKGQZ)<7^=^MssYP(g{BT)$YoCj{Ge4=z5jg#z*i~36<)(#gtu>d;`ItHi}rMI_g zg@L`>hbR`0p02JN=gLI*RX>XY^=jz%6|+TguPi-3etylDb^u?98E!f+d=c&YV0^-= zwY3#A1sbPl3U=>x2uh5koGS~AG23o!Y{&}$K4EQj(OM}F<_dIbjE%nQ&* zU+))8>L(Wj5a3d{CX$C$8YU?`Q#{BI_05id{)zO8QOw48wk0kls@{FJ{-YnUzCscB zO7?D>pFH=TR-?D02M&v3JXRx5*yeX2T3rxlmz+87IJzYG$LK3U|1;zIb6R^w#1Q2T zngm;XqAYHg0)og=QwW-xZn`Uu$!g01?!-7P{HHq;7s_L_Yq zKQ~=f|G&@K?t>3^;UVU(02==dwkZQa<)=R>!_s$i7mIIf?(|i`DJbXf=o-}Vli{7_ zM|0|3Nl4ZzP_r*4LMyhRIG>U*`I-v`DKmBg3;G%~07U~1n{f2!BC~#6gCfPPfXY3L z(_(x72g%8->`bn@V8_KCR@D#9q|@nY%tV%q-9J1$(e}eXyR$l6nzT^72{wq@TKUeGjD9(RDRrwtp^xgj-%Hw~kbyZk9 zrA6$|sm`gIgrwcB{_{H>Rjm$2bP5vKW4Zrk3cXn8qJ*RxW zzTUTdK8IhXM{$pIc;WRRbZ+{i0>f?S(MZA>;Kd0PsOGr0#;h8!u+`qv4)Q`m)|Ku( z*c!yhZ_~Uy!1oFJAG`~ zSEh%cQr1t~{MoLxQ-W087kz;DuK9@3XM_y*z>uqY*qGZ|$w5O94N(%ybZe2ybukSP z2~V-y%GhO#G!P;$U{`x4D!I8h77yBt1mx=$t2xhmy`^w+e^_b7E6Xs`N;1FvW;dF$ z@3?cMQUdGAjmH@;4b|DW8D>E@YECZZ;6W4E)Hy5nyj43Ui+h;XqoD+Q%WmI->OWDw z%!%Rgb@j<^b86Waf6Y=W?xUc0l^P3)JPe|2hF;c9IIF7Jt$kD^$0EUr3s;LwnfoG( zo~EGEZ*mt?*z)`2Qf$7-zGv74_De(onCXp{xW=)>WhP?R}1S>;(&g3L+a{RtgNUly(Z}tmaIBY!5Nz~Y5 zq@w-t(5^LmOf}3&9222j-JVWFxvP=_sE)f6`cc;d9C`Tt(Y76ULB1G4dW%*$TBBXS^sbGx1v#fQSxlp432z0!$z-|RM2?23ZS^J=fk-yLJwC|x47=>w~h=pU0%;+;-TLL5Fp;G6Y1Y}J7Wv{DrDUtqVX{+TJ7F(scZSF0 zdehu~Ia> zku(SIfz3+wXG-r8)78*{gsqJ=;iveiA?;@HtLhQy>ZEr8xYgpZ7xf1_s~z4H9{1v9 zPHy3vH;OQbCj;9I1CVX+6&@dB)Su;GV6%^7n`g>!*}Om(1GzgG7)N{c?rcVigkh1XkS=X z(({SGhDWq)TjsB5#~5Y}2tQ400 zzzn@Fb$UFGjzj6fTA#v0_uk8|Hu#~><9m6NSf{&Og<);X^&in`rMPYTXlZA5>#Awt zPUDIv;)*Tas{xG~HlSBhRjcJtluy>HZDYyeJe>|YhuHDvz&RV32=K73)$t__Uzx6n zB>7KsZ#AnC9)IsCBTEcDvAiwR^pOy5Hm2oq(|k~h5X7)BeV6kk zpUg(cya74HAYCWb<2LJTOiq~TO}iViZ76Ujr4C?v@XSrKGe|eI<%ask^Iasfk89V~ zP1VbHEBtGl#~z_a5$rS9?74sm!ZeZUUA+vTo2dR=QIFuG%C-$^jQW}9v?plH^-23S zZgV=0EY(lDV7q}9#;7K_DL|S-zTV0I3aN2BGCaf`!<}Vu*A7KGJwAg^R(@ zuuv1K5#n;GD&(ECL>aFkn+S?v4CyR%sY+ms%W2fJE5m|lINeV?FfrDUN;e{|`k=nR zEU!Szk*!~zN%2WtRr-$g^9Gq}$S}Za_TC2#yTG;D+ZsP*8LKwiqJ+t(4JHq(5jCZ5Ui& zP(eOWWoJ+$FHbuWVXh{3OJrR zMriE*7GJn+hbmFLTRb}BgaTM6UihS)MegI@1W7*{jz5CmBbBHBy0G=136lQ^H5q4X z17ineCv&TR#95Q7r(NPA`tM(F7cCi^(j#OqL{=^-Bo<-<1_GfGIQ6lU02(^zSZSa- zvW!Wx7o%193~8XIZm95G*a1i=sOM0HweZNq@+#}B=&B3$`4DfZlE<8AfE3~U$wJvw z=)LRJ(*>x3NM>`|=%(is&sN(}_SRLl=apwp&y6>cMWLz`i*=rGd$V;ze3y`SKNSouBQWYI)0`eLlLi^F2RF-UT*Vg z<`!fi-!YF_Mhuh1=c(2IM$3xC(z6bVUkCSSw?zxqDq~0=PP*Xn?&cHK&>o`5so(=VrMQcVX?13j5xPNtFp32jgcGT9asEgW_Imzc-Q~z z-4X=9Pe+6!V+~1`9Fe;qF{Of$^~BhywEWVPq-ijO_!?8rFz#}cRxnP8fdwt7m;nhf zB>y8XaLibnl5}_hT145;&7hGtl73hq0rg?z{&DCvP$Or9kpR1TdE=gR(Tth+t~oG0 z^4U;)zjUmpY*H8A%^|_?W;9IB3adL(5szqqm4$-|MLZXk5IZfj_b(?#`gPfCDGW_q zX~qr>#_Cc{n&gcd*jndbBZ^LUXEQCt*y$Zq$9=0?eIiEB9|X7uf))2C(xZW#1P6+0 zyU@;!qB+wH+57Vq9()_$RVuO$XTeRZnsCWwu(L(Hi4nTU#f>;m^kbrO2bsBwum)e; zOf3#Bd~ts*LPdcE6FMX;sI>Lis2Pj35hR{|cj8|oBBZb=vf;+h=r{Jkj_4{AWUH%HCY@ zac!Mu)P_`tngr3O=VRFF;UWi&{Vs^G(Ovuqr<=oD9Oz&;M zvP0h`^@>RW0tm^YRA8>Q5lejStVsK+h+*TJNQQeu97Jntc7&PA91||M8Edomp=P!@ zDvxPFfzyPDCbW)5n|5NeouL<-xT4oRyKQz$T+Eu)!c+$4vGC`hBwKo3il6b2`Sgr+ zoZT%^QnIj}&`h;yU>t~C4-{Ncxg&!28|LXj=@iPjlT18S&x+5=y#rREnY6>_bH%zD zw8ScrQaXqRpRy8sS+J^}23#APWOaa-bg~v=+YZqxux^yOJLP_Hr9Jj-lez<)5hAVR zxXsA2@hE9*O$qLt1M~iYx&y3{ZE`0FBt$J*h-}4k*0elw&&BRCf@Un(MO5tR&G@xt zz@J98Nne#&>F3D)h1 zqLabewn6tf`BcwHsW~`th?+AXWdQ;kj4`6w#ZI>VBIPr>6I2AAc)_?p$r$;#bm8Bc zlmPW^BJ=re!zxP)c_Zl}EJft&0L}fQKUAU_y{`#k_byb0>%ar}`}rNm679Hp8=x8+ zux2j(pMOq^Axm>y=9iE8af*3Z1Z20*K3IfhcPmQtURWx#^SYd35oYwyi;125vkPqV zpE&UgTI%xt=3$%>+*sIWkP}UUXE64Orf_(sW(rlmm%$^sP<)<+iNbj?JTzq zM`4G7_Dn}{4MA~D7XQYx@&y$3@pJB#_*?zTZ4c-6cKGg*1MQdO_Il>_PH*2G<@Ubi z_R<5*&;w7_@cHQi?jV7VT%T{Bus%R3u0`dx1?9G7Q~3ShzYxD?n6s4Ebdiqw@5x-Q zUq3ZY|3uwB{+3jEy3|-!ANzemSM2`*NjdGE4AWM8Y*b~r)@vEy=`aX~-q-E+wG-Jj zPTZzf0q3DjP=LiP5K$a;v{Pa<&a|pcR8Sz|;yDrCrow1oSWO?NI-&Jk<=G;tVzliZ zS*}mtE*~Qvhn@i8a0oiMA7@JEl{?ZD9+=hrH_6W#1_N;+d-BQ=M}CWnT(2yuQ-p7GijrKkUF??Z6aB$w74#(x&76L2}+Rq@O9~D&Kx$pW)&us++p82Bq@FD9O(1u7NW#l}Zlt8i*ZdC%T#jgNvN`v*3tM zjc09*r&l(w+oxxk5c`fNR)^cFnf*Al6W>2@lnPsT7B}O=>96%u$r9a9YM~@-VBNuG zq40{7xOo+;6pOWtogu#zVI#ujG8)Uk1H|qX^r~j&sdko1!*lQKe|5pPD2mq(N^uO!l$^{xuw#dp1@+k9Kb-edgmgyNh{jBl`d?)T&gIRh$@c^F zpNQ_?N@Fhynb@LYUBl!oS%y#K&gRN$BttZ+LdFCoiriWV6aba6bJ&@r#VG0ci-MsR zi19BB%C(}$IFDv3O7JJ8ICIceVxr0!(J;0gJmtgN2_@b2y>kjuHaQ)5=vzB96r2*b zaI46oZJh;LYsj~gTF(@)8!$SpE6k;AkRt;K@&sIwsnNM31V!NISlWZx(`$-JXsF;* zzLE-BLWcQ46cOXOJ3kKNceppiUfiJ&WMz0-kp%X}>z6b0m~5kfF#*g9)XiO46S}At99m`s&=CG8H?H?jE zKm{_e-_V9buxsExW`|@V%7e#E8MWQhZ^KVc=asB-T<>Z3%pFd9=mZ<|-6?x4ek;t# zakkbJ-Tz2~Yh~x^g6Ot<8AJoS_v`hlFqrCf!m8J(Y3?sWRHhrN1iDU^__BZ zPpAIz667hf7Ds#|Pi!#$+xYiC!&Cne`HJS&c2>s!Zv#M)%9+Bt3esn^ElhN8Du^G( zTyfsQ3h>d=eLra(yo?llqw_Z$IRi!$3t7{FGz~gtu0_lghgp%6n~yO6_bc2-nt8{O zn6sfFFPyB zxQC2@s!n~C`1eh}x!U;Ts?OFdmZm~)E!FW+>!LNebwLbl0m=00Rcg4;l?^t*AA&ah zQ)Wt(Nn<>C=d<|GOIwP7h77yjGWL&cdW&Kj>;Oh(b zFaV*-)bWGE+mNxi_)01d(i691tLxC=+e$~FHd`E42oaOg@>BFTzJY4bf!FY}{+x$< z(;%P4`JS=sA4|0Sj2C`@Xspj)FeTE8e`KPtn6!yC!DZA*r7bIL zm#LqjqkpavqbYZmtFdX1t`$gRfx2kKN5f-S72SIYmPP!{r89xTj0{#+Xu!EjqCR@l z^9vYt!@U~88b)u|ius^61W91(?r)Ytbqmq#(DDKdGSfYhBpM~=jjcd7t=b)ZaPTzE zxIJ~YswUWn9x;{Yc55D2&96hXJR&TjC^KovTQAe|m*|h5xQwwR?Wx3O&O0wo$nDT3 z9iDv?I(Sq}i$PuG{rNG+a6O8$F5|dO^_B3Ws5FrL-JA*xj@uzB-cIJ#{?bs~$&=W_=g4$Hu3X4oS1C83`7^RVv z-cn^~+uOXtxb7gQxzlTFI1q;Np}joet9CH-Ut>uG_NU;1$ z#!&2OOB`<8y9u~@HUxm>t@|uCA5LPKc*Q-3g0+=NQgUn_!Apj9GWray#y$4=&iV|~ z{Y?4ZK@Qa^a7_-(B<%nO9KT0WfJHI_{iRgHT92<$A1NiWM6A=o&o)LL46|Ja%=8TZ!)nJ?VN~IGZYi~8 zd&wCg@H}0$Oa{K+ud2?_KCTT^O)%d*%j4CB(1Nh>)*uF)w6)cR8Mg5gM?5vjK?7wr$(CZQHiZ9ox2T+qQP>WXHCXo73I*R&`bX=T@Dn^^jUGtMc%T zIp&yS%z5WqMAhOzrMQGUcR~1!@gzikC0C5QkJ$gI#MF7kY_ei0CGi~D8IkWG>6C5= zET8KbW6tIx#*6=v=oEL~QrJWI!EFwV_-|a&qa46y`Sv&gK>Zyq{omVS{)0Bi!IBLBtAb}k6tJk<}dQNG7gH$3Rnk$QQZ2fhy6Bq+z}O*Tw}>$^qn=2~Wk zl8Hili88rKaVcLn67r+jeU4&@g}y1myav{|Rdr>Jv=|0C3#f`PyWzrwaMe-`27k6u z_iEuxp*^Y6(#2{)qM9^Or`iJtc(oaa{&hFW0)xvR zj}E8~;VTLBeld>f5|^`P@@`0}lm$Z*@QRFimwKA%bZ!qC%@pVRPiE(4^&_ltv@n0k zD37Jm9{mV>m(}we$y8!12-%Vh)yWF6gye?qi(9gw0SjFnnN)g&zGdq*b<(wj1{gb? zH8f(*bZa9=@)G*xO>4XC zq{m_Vt?A3l%D&PDkB3i^0SS)E6WMi>+iLN>c}aL9buZ1geUV}M1r?Pb88S%>nSJ~b zGcgit!ZJ>CP2o&AhO`kE!(`)?xy0-#jPtd0y9Z>81**^vY(`~fbpM9^nGh`LCliHW z!$KJQ!d(maq#E|DhW%j{MWbS`^!{oj=J{GQNhTsW!O|`bQz->xTns2BGcf(UVBu1^ zxhniH9Oxu}YlEI(Kr!>$jYXLb&_F450__ra^^qm z-A)jaHXp;_M$TigzE*oNlTKd8b*JH%v@w{N3>KI&1ha)S?N%5{QSed*_t#Z~b;)>8 z`8xKe*#5!pJAu08R=vSB9<=b02!A$52!MqfjG2kmqC7YS2}>BebADGIp#-=2Lv^f8 zf~0hF9ye*MHr|lD-K#s{en64ep8Jk=<#N-`roaeB?1Zo-HixGbx5htgIF49`?au*r z)iGZ{aS}1^7`SUe2T3XCpVS)MMK(h5XxqeuHWq*a1wql@A+A6vHz5Mt6kkATAnhkb zOrAx}i3-j~6q;UOB`SedCrkLKlOp zJ~A-iiIM%YD3RQ?FiG9IS_Z}ntl^ZKKc?q4$(N>944h#^wFYGIh>jEC9tm3i(T->| z&k~WYfsjUK`bSm{j3owK3Xs0v;nO|nB53iiHe$7Hs9qEx<*(xigavB)kMddUkB9M{ z?_++xAUn#4-+xT6Ge7D39VMyYWLXg-IY9!>1A56JdZ^)(KjHFhDa49%bFt#zMUORx z>UspfjRcKo8qGjQ(zG|~t++BTOUmS_J!6t#`}?xRkbkHIZ37Z+`vlf6#lV?yM_2+l z2E!qJFb1{>rn;gW4CLif-VCdWCdAa(=rQ_k_Di<_W7=`r3}JKGj_{oCv{;eya(2WH zWU=|1UV@ZPa!@0CC0!AX`5@- zP*cxzNvBUvMVh(W30irT!y_Mz154A~$y;iNt#N43XSHTt-z4tPr2Yi`3b+wQ3=<)oGs}m?z^;`6rQ)*v7PT{4(q|iay=kBVs;u5zhFY=Dzl8=J!g)O@BI_~zKEq%tZ&YrxA+UkU zOY@}*50>@(m%g12ki+!T(2}#ce9ufQtG4PZWHcCnIP#tIj4e7v3qFS*KTvx^ur229 zQn3~*0Y%qRdac0BHpeIHALBLpQ1Qa`{Pp#o95?kRo6spUe1y1qYV^nYv0EhaV(U=7 zvAean9)V0_S4A@9QQ~3td}HcyQ0TWj10@z^*|pPWAFMH!&S=}Q^eV8J^SaY}ZF}86 z^pRs+!LbvDaO}b0$jn%~%}@*WMv`ofJ{1eeHfk3d4vdZ5Df%SIYEPHP^KlgD$9W}h z3YBNccFxO?56oqp47txBz$U*lA>EPU7VP47*S^NbJjFiN4THaxL={Tw~$2QgkkOtMkRA|-u<@U0le`GNmsSvqA&A~W#X74y_MQ>Iz`0< zyrD)YZ2Kt2u!$&&u!%%p5bu3|^e`uSM0Cq0&0(9>lv0HOIz{snb{_4#qceD60=@$W zzer;3*3k9o?&B>U(^HAa0T5U+X~?RJj!M8mm>E9?Y!n6;NF9X#X5G@9%GDfFNMaSU z60Q7w&4c`hb1v3PYZg;s5Xf(2in%=chce?wBkAn3;`N_LS`_-(j_qIJ+_`mNO!BS6 zYym7ewTMor5<~rl{nSP6>qYYy+JAlyW%(9|>BjEs7J!59CF^=1$wl9z zMYN|P7*Xu0_35`aBuXrNZR2OZfdBR0PK$6D-@k3mP~S`3|8Hxv&_8)^wzgKr`ZoXl z+LC5$F_qy)dTcw-ny^XjH(I49f^qS!v2Ek6C49c@=7GYgijw5Yk>VgRJ?*hr&dj=^ z;{myUg!BjDBMgF#QCy!oEQQjLI$?kV=|FC&hD7$oTMOVwtAXc| zQibv~cN58KCsnt{=CbKf?f&o>eeo)q3*Mrrfi4sV-B1665~b*jD}dhVIr}WTx;%z3Rm;gtkACe8@S5J^E5tR6iAP&=kR) zkRu=>$;;1W5HLGssQ@x`HCmSyg)keiRV(-Nd#SA$mCT=$H^h0~?0Ays!lT)z4NqUb zy$-}ZURm!ecdZ>Nl!*0rCAP<2w!nHlBAC47H%Fge`r44!b$NDpN5CtrO6E;~ts)8< zF26LyU*N+;KiXgcq)y9zSjx8}=OPqw{zNIbSNR1l7!f2w4i8=fbUdH*12r3Hc#n^R zLVHh<*cbXOncDiU4j)Gl*|#9z7tS81Xy8u?y;P*ggm82TgJcD@e5S2psI5F0D>)Pv zXM>RT9eGxb-vNN*`!HF3q`xC%PpEiG9H0GPuZgopR0~5^B;eE0G8%RKr=OKJM0s^g zoUmI%RIe#=u9&xG_+B6z1f-4}(DZb7HV&n8&WH(!83K%zY>@$2uk5dK8$fd@~0mLSsGV+^hqR$v5} zR1n$HmP4!aLBjAv;K;9j!WG~=^g%RzuD}SCK#j|jocv%Q8P%H}NG*`3N(j@&5X~T| z6;*r=ElxXwx}2xtDRAE?0NyBJz?miJ&O3;;X5X_Le8g|)Lh~txwI?^CteUVQPJL>@ zw{^ejhHAr^+f6Qt+&^@~!1o#tknx`9i7M zCu1?B)}$0m7u$GMYDTwd2QrBh9sWIsUFzJhHM<^?n6XTP*_ZtC8e;33!|Hjz#}wiE zeph_c{yMWNr9&lm2K8K(dBM>}ag9U`>u;G^ifK_id!QOjH3GrIZwp0kg@{fi_}~ia z3@RM(cN1b67@JJoSxcjj(hVlfr%iwMb z8^E?@;=6xG1y%=EH{0EXPWawxBv#8y3QlauXY5ZOArG-ggGhF69?w?BHVE(Z&5-9_ zJbxXY{a3l@+!*`%v|o^7ph6#LV0{btY-_0Qz5pCc08u#nw7a)u?YQvV;5fFLu5f~r z^E)j}hzDyq+`qiC*G10}^RHr8Mh|%go*(glketv@Gf8KVKpUZmvq#ya3C3g!XiNhc zi=-_KOj4qeaElN4b71UJ^C}L55XeGD4%tUxjt$)K%?XtrbAAQeSHDmS9&j?mI{%73 zYRgO95IxH4{VhPX?%-9*ERw%VSe3#Y*BO?o)tlQHqu&-P-xjFehIOoc_(2w7(M7L) zD`uPRQ3JYl*Xk#=LlPq{B5xvtKOqKUGavdsZwJT@s3>5E!nC|@K-0f_nm36z)D$BR zaMwBt?qaWo7LAQ~W-X8~t&g zO$2#O(x3(sG?g3)pBD`tAzrr%G|YEi+j5A{JppSZK4*|C4k<1*Dv(SvAZ1`OZ!n)u zoONQ6&ZcOR{yAPF!}+oxQ?g+FS}-B?MPhT@raA+QkAujt81r<={j}lO{kD0P?fP(Y zg!>NAYtdQOcW(e5ZON90e-h-sZvz$aSGJ>2m~vm3IQ!m!roKNJF{U#F7kCb1&Tf3D zuh!?>5NyDlwR?A1G5@78*f!jK8zGA^-&tjVvAW?~dT>LT3F9lMW^9Szo#XtDo%olS z=2EULAZ~6-=3)n`Z=NX8)Rf%5-5d4A?su?YqlG>`PMj0)&7oZ+iNH$}5hyuZCog4h zcCCX!bB{d0b2C&Pg%D_)5TuV|f)jRZIqZiDvp(6?*i-b7<{X^M`?vQ=rM*N2jwjFZ z_|IoWGX}GBn~Wb*L*X*kf4tTaXu^nDq6BJ10{n{gdBaGxgJSgvgKs zrGcQ7Agif3Mv0V8u3D)e4C=u2VHy!3@)7pg#919;$9<%5K*xcd>u(6R)Bt4@pbq9X zM3dqfsX~^by^u&Njad4bpW;t>W}&S421d*SX!DK+5CI&6>Y`M_c3zM1HkXmvQ|O&- z=Tr+21*|kGYutl^ncT`~D5?331yAZeO1)uQwxfi1_l1h!obZ;)NnCWZ9Hg{?8OPYcG7k8`Bu;=d?~NGT97ZQG`?N%2 z(DU>tvS3g7+lcuilJu5FjiRtfXN9lzJm`)G+&gy$JglyFg>TfNQoP*IQN5lqx@m9# zc`Ew{c+Q9RF?8@Nzj$TZLiN-p=l)tEBWqcn2I8dPrT@3!8Z^41gPKC0D%KF#8RJ||VK_l%|MF%}(tdCTJ()U76d?~#icoEamZOcc;w=z>p{jx_gS`&D4Nc`*oe5!c)ozx78;8A z^IO!2L;oEN`~4mnyB6e(4FX(y99FLc+lVs+i3hSo&fN}Tyf4FUu{>e6Kf&(K5+OU| zdW$0BGb8>OGGdN>T7=6)*gK?aNVJuGmMOZZ%1>O$naroi;{w_3rO5&-+wP3Wt3`y; zZ0`{l=ve~Y=O^ip&%uPR$=$F1j~;^2kAvq9snuyhp5OZwD}&(deo0!5?X%QBnGG2m zl<_q+Tb0AAHmVK2%qL4^cOAql*QqL(+eqVs-ys6DmrhmJIJJCK;VUHdsvufG(n;vg zmP-50e08HAao^ub3tmy5zM_UUZ2NqP)}pxf1OtR9kHJ>W1S4HKgfQ#pf~gwwkq?p; zf;ACaUG+@iS-GbZHqPbDJTUo%`5q}#Ox>&>Iz+Sw8(n4i4*K{W%H2XvRcUY1e_PCS zF#7m7Ls1S*+B4l@W#eHn_qc#Nex%zek*WM_$<%Rt=Dv$I@SUORo2!wk6hgE}DCsk{3h%}? z4KVf#(tA<|wuPxqE~Cr8YZ-XVI>_ompvI^M&t2(x@}em}Fs*TOLxH&9E>D_qPX%W%ve*O(#OL{A(S+#AaAIhZ7Mm}ljlGX|3&bwd9Nb*To9as^M*UXv+J zqpHD?nkfCCRPv#sW=PeRZE7%=b)bqruC8W?Exh1w%KWu1Av;xCbbM6I7J(@MP%Yq5 zjbM^y-~x?EF|!O@BKYTpbgyN|qUOK`jR*lqefAnb`W|TP8rBKxw(=B>j0TDv29OSe z#ZKQJp>U9r8aMqETErAv`kF`x*qj*S4z zc;omg>UuIWw4;x7a(yk&68HMTJMf6;bs@p_feN9D80h0WNZeua<9h%H*C^b|{p+blAoYu; z=B|@8#fHR1+rY0-w&H7#>WvTTjnYAw5zMwGSGGt`-DZu*_H%O{!*doK8gE!tS0C3$Pr%3b1S#t&cJVqU(mFfqN0hB% zHG2?U!I<|PTO}=$&shd49mG9~%`_!c+8)>Y4%*$izYlyOcA8N7mLoK3Jssa;PZnS0`gKp_)J>@I@2iQb&I(`Ei}Zv5-g{TqB8tr^ zb4f3&6)fL?Z1$pcg;d-xAmG%jb9B+56R)PvoqV5o&@sk<-N|)kXD64Wo<%Bs9Api~ z%bG9c}}rlbY+szltI&Nh7(U_ z@zQReT9Y3RWdG+A@AUiVqbqHwE<Q07w>W2Fc1cfTNRRvYSO@T?cUdLNqymF1 zwDJIH(1N{0YunBXyN2R;Vo~!-R^Mq37)sS!lLBH*2b5tyT5G?F-;x1{L{ieWMbcoE^7m zk+P=iJ0uHtzFw^y?fPQ;MMo!WfQH>-kpRfLJBru#)+tiPTZ~nEgI$>Bv)w&bZJc4?_R9~fCl#4?_X<05ThHDTAkZFCbk#N5|w}oC!G}hX2L3mUsEuk<~Tg5Aw zOElmHP>UY_Fi`9<)e4!RYMSRHm8lzl8O%~&66Rl-aXvzHx1e3Z2T9t1<|aPz?^spH z>xVKv>nHE8%q3Wpf1bd_Z8WUIKH#c?Y$X~mCVlCNwL>r3 z)n9p*={3MfkMBz6o)`qajLitxJ2x z)(5#7T*zja|r2;4a|jwiQZEKv(FN%hf`d- z3Pnv4RgyUP z5ht;EX?J3ZKNM3qKn)d<)6RqjZSTy5!s1sMf|Nx+EIJsKlU|%?VF7xh4Hw)x*@t~! zt#LIk)8S=~$&D1g8CbpPU;HVBx=8b^D;BI9ht$%sQ^HA|I()|_v!kdGI9lfJv2QkJ z?aS}L0q@W*L$5+b$R0)Ps)rSbj7)r~r?qimAyPa*A=rZ{BW`NKF+CaU+lG$6aKbG` zs03E=iEuJ@T7G}G%k*Lws8g}v=5G>p$fz;1{TD2Wu*bLKe~U>e-)Y(ZyP*~Q$FTI@ zT2i8>6qYg4$k%puTW@`nrk;641XvYBNB?-yuUQ3hO{X&yO@4$05o{OIi8bSt$!V7R zq3*P2y#iWk4a|BTc=#$cs;0%)J!&4bnwxkx@%te+Zzd9r8CK2>iehsj{X?(q%&(W} zmoJmYj~-ebklA2(+VWY=;H-nvK^ofk3Nv3BQ#^i zAEPHcnhQKj!(W}8nUreaj&#&f+x5|w)b-@J7PacpS8T_E%m6$aA+4})^h7(l=3J*H z8!>MQ)COdJK!{CM0{zj(F&Jr1 z^WNYc%M&rW9n?NC1k2_?8ZVeNd$!q{DXr`Z?1#(0YBb%DcROM`@`OX(VYpT(d@28s za7SRWKPDmAA=H&f>Uc&^nHbvP^JFb)3 zA(Yqwworj$B>>Le$(f_*c>MH97liH#h3g7bVabm=oRhA>lR2W3f<(&`#wvzHD_EwJ zLDgR%=8~z|2loJ!oionNZLy2r8Y1_=EIGkOI^iDa_PRy8v@2NX^yS20 zH+a*sH2xh3_f)C^+%6wWv&cFYr%iK0DHdi(oXImRN7J<06|VtC=)3pG@(9O%$CnSwv`#1C^}bZ z6S-E2Qdw8T0sJ$hzwcLls5G~QSw%b0=yJi01^67330+6zvHm9;A1+-!tUNz1eSS<` z8V`Rek1~#5P?nRY&qny@~p|hHfnb`FPhg?YSnClAFy&R z*t1-!vDx2L9rIEmU^Fges!yM>S-UlyEaVxvT7T!*@ca1;Kz5qR_k}kpQzcC&+ccN+ zQO+v#*{wouEXo+JLoa7p=MWSem`vSN$QiyB9cGEL|oW8G6wzw^?3h_`mr zC9BB!$C?xkLU6tXnULmIwRs9`8K0d)9AElOfV&`-qS!7L%UWg)*JH{x06wjUKVdKO z$hi`x#RAP%s@r_*L{AbHKnz#j3LeEJ+-2ovR|w^y{zf%nEkmL;b0$!^*BybFRwgKU zoWd?arp(k>t!b+owFI#S%t7dGQYK4ci|XE7-8{%g)CA5yVK`7KS_QYXncJ_}FG=Ja zi6t49W1tVzM>Nl5y-xElN?E)}UT~3h;rf_~4V#f?u?JlMQIXylLM6G>UmL`LMXt

p7#P~qBdVz+vueJt>ihs0?!^IP*));CS#Oy(9lsP<*>{=pt zlZb5RB7QEWRuxkR%WBRznZ$Aj^?IWjAPyKn9t|zW_Xb@a;P}yl^V4E#4Hlv8fyWu) zAD-*Rk(uUfHp2qxz|L5)X;(S-;kz2@(x)DnJ3FWVya5pR{NV5!Io&6{n;@C5)G2 z;VG=@dT0f!iR~u9Ku1R8$_9*~E%#E|BaV8E&Z8T0MH^?ABw9Rzl^MbXyY==FLTxo% zEy#G*x`+ORAodN+`v8*uNTVtDzJ?#0P4am7_(!;shWAK|1heudWJ`O7&Zu#II zJCT??0UuJU>-@u%#P08oq7oB_ux+UEKD+$A_C-1SlSV6Hdh#hVjr7Zb(V+N_G?kgUb@yynm6xq>~nUqLnH$4T`($bb|wV9!S+PL#G_ zp+L6nQ;{e4U~-K<0(>Vk)7Kf}{EUWBM@Plbo?1E0D~imi(kDxSHW?0A?8v4|li)yz zDk`oZkw_zJozf-@!JD=x-}=6-CrE<}2hH}>>5CTE(QyQ|{dy#)UL-IP>1a1qtD#vYB4BBM<$AKPo8PBXc} z`})jnWF47Yi@1^%M_kj9)6t;8c&h89l?aMHdIX6qpNv5U!YBhnCIh(~{o!$$q~L2O zC!q-*oSJN+;tj@8xXdGILVa|+I8FZuVIB6gzLAOAIrd4E^t@c0}PmykMY5o}w4LV0r?$wY4U$O7S6c zzsoN`wcIoHfiCNu?0x-2-sbfldE@!|$VQuowUhVExYgs38qfg=&W1~CeS^>6l{QZd zKZw&SO>z9(H>c5UqQ2|{p2LF_r55V$$Vt=GXQ>^BJAR3_EWq+~QFII5m}UZ|znsC` z=z>&h)tgL=u;~8O8R(3-Qxvm3#~-A?Bre@uq|I`|;#`G60bU70-4ufV?a>#dL#Ldy zv5v6TLY}xJ_@sA*c(euj(Ms&5x9<3q7p;s%b^ETg^3?VCW4!Kr?WlefPVcfJrUc6O zlzjyT8g;h#r7($%FG9JD*H6W=XdUqwSP2#Q9CEN+qDT)I8@}n+Qj=E{uuy~p>s@-M z#+_#xd#x16aAOX z9lEHzw5?wF^j>lg#DaU2=~<$!yoS_#$5y^0{e_NJDaBR^4xSQotrB&r1>y}N#Fk@% zZo-KyE!Y|QK%VoFpFHjm>86_oU;LeeC^OR;6^%N>_|=Ocw(!E-Gc3bf*w=YShg&*9vmP^g@w3`xbPr;`f>7QgU(PSLicZjEG>{px0MfwYZij-*v`+{oTD?0Y zo>{4+NpF0>sMxO<6IPithZ_3Wxsz`QLw}v|4&sPk{vui?7+Xwg0);bfp1n7YTxZ&jaLnI_baS>r>>zB9 z;YLgBz-I2Q{e#uB4jDVsmhDj>J2n37W=0Q?UE5`c5JOKuG`vd3Z7IhUoh`%JXdoR}_ZC%#@$!U)$f`B2B zp|Yf`-hFQ*q+RD23A9|I2>u-_XG<+FIGir>)_ObyCYfcxbmX#%26eMW@3m8%m{QZJ z0F`Vz){N+$JU(Xk3Kok-nOQX_Z;P6%ZpGWJqI5-N*2I%iJAE04hBp=?9CT$mBNSUU zTh6xheO1RIy6gAT^FPQG19ur0u}SYUb^d}yvt^ymedZ$Lr;-`SE$AN5Jw?03{jAFn z%~R$GXBU>st$$WD{LI>=)M=U5_=mI~pHHuOhGggq{qR>nUg`Dlq6jf`RBG*d%Cj6b zF1xy9zBr9`kddIZdRv2$0V~`Vdo9se?czcZXwX|D8ESM&hOuYKAWU#NZy-n>J@l6? zY!=I?K^9#$9|mjyOC3qXWwS>&NfFosveU-LtDOVQW#hFG9u!7qPjCpWngm*8E*)B% zB?`n-s&ojes<-VZcPqPO#T*bHh+PEoak#O=qDj9-qMh*D&J0i7IxOqH^LCsvvy${8 zx(tv}=8uq5;Bq`zMK}6u%y|Sdce%{TFG%4@n=XVappk|mH?+*C8FGfsXrhBB7Mc0W z{;r$JRX=69U|1Ks)R)B*U)d(4@!?Z=5B0f03?7_eBk}Pg_Zb4e$@pX7EJr|NFSQ3w zE`lICAM%}VCC`pGAfr3!9H^1%`Imxrnyh2QAVpE(@Jq~?_tfDp1?{SE02d9#_tA_F zW7oos%mP3iR-MBz@`)g=guEzy)2|z{A5N9MHK1GhOnNP>LbW+AU+&i1|K*3kM=VV_ z_q8vfxb@6n63+994P@~RlMLK*A`-rfhhH|EhQoSJT&9djrj0@*@`R*}VH!3Xs2=ii z?nnY!Oo>N&+*SSfLQcTKeA-JjPh!rv@y13tnA#3sR+6O^()W3Zucyn&>B&o^ zC+dn)P3q7@0p~nC4JrkptV@{|!1YyU*XG7wHA0BIWOJcm$!HZq6~m|^5qTnrAG!1x zh=@^PF)^>=9~MyIM_bq$WW+pc_tWgA)BD+uzOJvUx+A^g$6;U`hq-v%8^t~&)s zX!17D`LSHVCpHc0hURILE7cq@u!67UYP3t^dl?EVUAUKZ2jDDpwkC3&P#o_MJ8hO7 zo0URdvu;^BdiavvTCrNJ${+T`>99OA$ zyO}R)IG66~V#46S$w{6e;Yj|5!4j(}Tcm-gL4JsCz*rJNXHIqn+~epFLAA>2!u12_;p9)2 zgJ(Y5c_JvpP#2}txo`#AKvMoD{M)Y3^^+BE41T}mDLpZ*i%8xOnBdlA0vgq8-8;SHd_zm zX1iGY%yRb#KM!X?gbyb(brRVha5;HQh3%8h6~q;`IhK_7mK9vfx$cS!o4uWjILe#s9b_hGhtz z6%`g8j|DazpsmOwuqDr7ponyXr^Hz;Va-MsN;$D>1nex~u^}DVPC;xsXqcICI0aR@ znrynld04AlFR`EL@K4#nOARUgjw8>`40P~jU;=lRR;+Z!N@w^%Rzw5#-T9;j()X5exNbsWfL8AfKxo}bQh5ZvYFWH){XXrw-KkKgg#dQl zT0YKL-n(%Pr7DJ|w^J}=ZbbptTj&pB@JgO3JhySGfY%7p;T2mju)QV11NHAu0gqu! zv$Vl{!`2-^b{qP!x7t(^XH2E72(s;HkgX8OXBn+N*SxIlpr%e-ZLSDut`N@F0BtVV zkPfoz&6Sy_9eJHz!_Gi@AK2`Dc&};E8|Lkhs~4a5-m3xG zcc1ru+}@gZe0P7?Ir64?9~A^QipPbog9@?v8!VgQ#n#}${d=TlFdl;Hd83GMN9buS zG3(akX&qzd*64S(d?`Ur75OEQcfZBf>|UFZ7XGNFX9!C%hyuu*eUNyj`Y`j!H$)Ue z%T@5yNv@v(Swe(P(AXGD^e=$p8}{+xS>^|Yb+h7BA@=Rw!`{j2uU~$%;8ZG~LgC~+ zguyav0Rr9jV>hqA_MgmM?@A>pSKXR^Ju(G`_0bEB3PFv82??89r4I(3TmwxbT9C;R zk7y(m9n7~ENk%L88LK&3 zvadFo(+lxQr2mej|IVcU4yDf}f`&^HnKSeQcLdHC2lN>-@ERWL4d`{?%2j8{AyPw@70;@~qLwgN*hTO{DmVUS_K zNN6cwG|?OTUv=cs&KQOfbX#~lrbN!-kwHYiVBpv2!5jTwA|-Q`=X)T_tA>^l%%b+X z6Zy^%jzQ_KfDGb~I7AGTZnXq&hTFiq;-(1Nf#Vo;CV?iKzW^7oSjTAHf)xZ#!L14) z8$vH1Sner?|20ga{YCeX{q2l|{M+!6&_An%#-_#&|5Xo*6jx=|`H;8`W%puJu?1Gh zjluJVf^3l15{rbxk=8)r5cbT)MEa`s@kaP(aZfGd)(DWpx}S2|H|R}b0_AYeS1;MW z6$w+Hj~9CYJ&*`{qHD6?6OciA!yS7pELkY7sD;-wza#rWI!nFjUM|7LPW;StBe6r? zP;ULCpdLf&)uPO^iTHb^LCN)|52}Fd>=nJ8i6nv`)+1}x?uw+Aq86HF>^1WVRfzso zxa_K>U6Lo)a|%I4u_qA}unYQB_T{9ldctyL@gvBWaMk+XtI?&(Rpqpgrc^V{?*ZEC zjQ~OTPQpm<;jVNJNwG#4#3wb1Y=WX5d%q(HH{zQPJ)1T2f1v>f>L{ARJ8z%>iUd#J zOCucUx*qThbV-JkD65sZ4L-W`;JJEt>`@3uZ?u#Vl`}ctGgZIjU)w96gB0a|(hbh+ zDg)Mp;&(M=PLx%yEiniNp6~nc)uXP-jaU-K6Iow5tQ-GS~LTe)O;~PHrdRY0-pHEE3oo zGkfJR9Q}v?U@sCykq)tAqFC(Ef%yBg0E(~(5)5Z zpyhvhG;4FeG5Uu5>RhYBYD@b{CgH~m-y>tFdWh!bcncP1JIhPhou2j%vwx)jgK5k# zu^-7g-mKS<&K+Q?^CvY|G!bh6lOWQ9K->o!o(BOmV)-gw)_g!w+s}(Gzg@CR!8SuQ zaHOcr4J8u|FwW z8`HlVQ?O#jQx}pU$BGp#+OPzvk%@pS;r#+p)W~45c$p{ODAr`nm^3Nad8T}YegA{X zdmJe@a&iy)T!1yRN@Z?wBRD~~k>dE2eZ)TF?n3JOb+_#J{*MyeEt?g zp3hJIk?SNyt79P!8<;XFd3*G3m9S%d%oX5GkLQZ>Wv7<<>5h5*V*L0tSsPa4bN9f{ z>RV7V9&z-?gkYK6yl{AtTCHaW)(A_65TS@Bb#0&GKG|-1(h84M(Qsa`TJ0WqBP#`t z!J;6TQeX1g<~dJk`xKD^akR7dDJ;)@`}UNi4K=|^R8@fT3?%m-f~Zec?+R)LI$YwDokeb^4tyZZbnCuL)yaNQ#&lK!&KcS z!d#*hySlaWNBf4u^XW7B;`DbzOrHo1WjM%(VS9#mT2Vu}-o6<}+rs&=9qUIcPj82~ zz~KV5(Qgf?tH0KZjZ@xgxr1ZT`T7bC)_K~phpthhcPPv{UQLPF+;Pa-E`0+0fg*P$ zg^;5a=PONi3)02@kcD_>X2LGX6U|z|tyltDX}1Dyl<;osX#b#+L8BR<(%$r>wiICS zk|;MSZD~`Fx;J$U9rmR4!W&!&8HPw2lD&PIQ5kG`U$=04hF0KP|J@I}Kuy`p@o44V zV6Qdh3Cwa?NE>Gh)H#TTsw1w!|K1+>_mF~Z&j5g&KJ0E!TT1TTwJgucGM)E_%>tsrs}ddfoq8WmXLJ%ZRF&^$D7FEL-LVLEYpVkAL7@gr^@ zW{>2GR3a3?83kmLfkFog&`_nz7M>J+6ottI7)UhKWl*NnNIU0FWae)(3D&onME2WE zqEVP=afvpD_^&yIVWExY_PmUz-4~c3lEgcd_8V~eE2Xv)=uV1QFad*s`wySGZGT~{ zAu7L_Ac8>@m6NEy<`f073r(R5h~aexL9yS?Wwc>+wJJh#iBuF!z$vnOb>w5!eu3jj zf$cQlTUu5^gZ5{H1vKRTa$hNr`gV#BH8lcUnOVywpynQtyLy)Ue~EKEDCcVM->q=a z-?qa4BpmS<2>o~MPxiFJ62%_r;cRg2@YErlCbs0fXtU1*Mb*8KoPPw6L3}S?kj%8~ zvnj=nck*uGv31%KIf!*zXd)o;jw z<2nu-WX4=0aFB%}aB(F{4mhF}8{w1-&n;UsC{**=roEBVo$b{4Edvf@!+}2A>5jp2~xE#ZWV=GzEFtSqq<hEja+!UC=&_q(ltcrea$X;aIWAc;x$Hj{^zH`W zytd+a%SH)S=N9=47{rS;x<+Hs4W2Py!g|g2mwaQnH1`_pM{k|zPZ*{?Y{#P4q2_k) zVE!^WHNl(Rt*HQMeanV4*#-%l?;=UQzGS>jqs@NFE?ALUP%%gMl;uJd-PR@_=b>kM z8Ks=fh(Y|D;}YS{%uTiD?HywIy@&4$^eLRR`WzmEwq0kZ5ZM-`Q6G3S7^z%zi7Tog zK5fa`Y-+|mROf1;GGheU!up5Iypcw`1yi=kPT!gz^M#dbM-6?TZT3i6mA^8gvW|hY zCnaeKzNVs)m}WTZ%ZhqXwPIRE`7lxs*DVLHEmRhYrmc0)RpZZjRE4pG1YH5K?bKMJp-g<2&=^6Fe^pz zooF6-I?P;7kirqcAMeL&l}Bh7ABo)~@h6#LAUObUDMtFp-=Ui4I>P->r7{bdN1QIo z)+99Jv*859)*`>?lKAKGF@rw~qLF8CK&;9Pl1|&eX*!<4X1XVO7fs$a9cw?9AM36* z^D@Ejzv4ZNIZp~%ai5>I238KI@fcy}b#b8sOQF#^Bc^*|lC!aM%izDb%QXE2F!O4n zG36HV&EyT1!<2}^n^6WYV5F-8f(=!15~I zi<%CZ3_>wUv)-DZyTHhbppn|0ri=O>FRt9>NUjef58F)$mauVJemfeimXB?&(Ln*( zHGY%I&d^m*z_A3o$lN#wE#jLQ*yd;H^l;uOpO^@V5kK=hEip0o`h=66sB!oBL?@hZ zrJ8gP&_5GS)@|&--a+$^yoHr4llru#e2}-?Ogn4Q{eAhtB=86}-Pj3t0j;NR{8)gxHE~TGxB-=j){0>2J4|rFN zqUJhAw*@yFFF*nd#}jwgUigK=r<;nVFlk!}r7cJI7$W{V>Qg&Tq8B_IXi0&MpJ6gE z(K5(`IPj3T27lKoh3bRHaX`=^orJt$R(=e#9IB2}-`MydK`Gc30J!0hQ7$@oK;x7r z$Eu@2_aw3w0IH{D*W@=vG*1DVUX7Kw5}qUum2`UL&;hOP2B>w^B<=t%(Aa=O+|$D1 zh^olLr!!hOoo%#DdmMg$6Cb+#PH2|($SN;nG%qHX>%`T`vt>suTDHH@oj*`iBfybWf%S)0Q4^n66aUlk5Fq_P^T`pQVbU6@Ll_YGcd z4#0W0O>YG{eBtG2O!C;my=^)L{KD21p$*q8ypk;Hy1i%ro{7suStyUMB9WfO<2adi z{=A=Q@AGCF~FJ=o987!pps#2C570I3$VXMvM&n%dhK zkVegGCx^44%8WmNq>a(Xr#~Kk-a&dI0C^sI>7P0onipD!BEc0wT3@)?9>5w{&#pM( z=^VSYxrpekQDb>a0cg0TDA1gV4B@_2|auXdu7Mb+I?a-Lt5>xiJgz7mlVINN| z;(}=L*D->bPh^oli>4Q?7+cRe%5})v=sR2lOFt21$SB8;;BFuJnxL^#Co6J=*KDqB zm-=a#euWINPRQ2n+XBNlp({g_-KRhg#QP#GW6>u~5irjAIkGFM%FPTWzoNElQr3qs1&LJz(t&E5-S9 zp`!hV;s^{~(sb6)2*DFIdk8L|x;k25)wXj~*cO46J*zV?&i@lKom11(pxj(#bWglt1ho&EG+2xf>mt z=W$wVmekCaL333-BU0ViR@H}V46~lpw@`=A!jgPfiqqk0EGl?GL$i%IkbUy#kNo*F zTZ_&EQY$&&eLnLcHZcPe&)D`}FAY_U-;S!KznVku6w(r+X4ZCA@Cg?oSGkd4qV-Tc z463lAe~g`|@E5iF$3y&y$^hefWK_3L1yAND!ryus1FpeIU(jZaR(@R!et-hw!OuVW z8Or@}Vv2`+L6{kS9{+7cDklR;3oaoZW96kT~fD5q;&o3ig0U*EB&*aV)_mOCI>ttO| zA=`rrJ-X`P@rFdUWQuIqxxEXr-wlQX}1UfF?n`NP~UyIiue(yn=Ca%TSt z!bHH0E2gRWAjK4OfF(@*j`eYv!{ytvxMd?6$QhFpg5_4q3jV9t1$L0Z?*}rcaU>J9 zx>p}`yQtM3>(W&bs+!!$j$?5JPB2OqdI`0o_u6ZA_=m5Hc}!^ z7`v`5#i5U`5%1!H_)OGL$t=~Zs1S|LHATE2JBZ*HHNrg%4q@}fSPgDa+f83{7i}EY z`TL0UkMcxpZaG0Vcl=npp&y@j+3o~_kUL|LeDHDKaAPi~j?%k+q`btakjx2hsBAGZ ze#Y##QZKhdXi$pH{b`8rCUuUtT{wJhNi>bPUhhL5_1^j}pCZE~3%#qU` zueu!1SD!s|_#Drl<*&|teP0oCv0GHc6|MTks9_y7Qq_Vq&`fy3)PNrq5w;^DB)9aG zXUJcUX+?Xx^GHcwGHBC-eE|{`7q%5&q_Q3Qy~4}VDYYQt|E z&RmB_$a~R_n~HcbdQ?{&_G0&X;r6SEcva;Zv#X^`EP)#OGP4!|(~XDzS~8j$j206EpO6i&#B8ssafNCx=t` zM3Vxn&lR=gG4OKlsDLckJ@7idiIpDM{ihD43 zT$7>3lk>w)(nA2k8J+M0DSk|0eVIWwxNoDUlE~MfS1;gBStX0&=s3=!Bkz#ob<9D$ zhlkQsiTKJH0>**zY9sV-U{C9Wqom?GQs0ctIXv02=FLh9H?0<6%hPI`hQ*wUZGd7t`cOZI6SG1B46fNy+he zU<0T`^;+MBp*31)sIg8%|67`j)BeDMT*@9W(Df9kHmGmr+x$(X_TVi4@|(ugd|F?u zR0(=`PzAI$ESjl+Er!fdKKO=HK-KDrRnJ#|eqRn}J)Gp~cPSd#3UA@eF>cf>BF6@V zw4YSFu{1c&?!U?B=lP_j$~aN8VmcJHf?4+lF$o+!b1Brd9#!}tVqvDf_JgR)O~TycP2y@fCdw;bF1(hqm|3S+??YWnfaRNqGtr6OU(7S>+W&|H8I zn~$U6D|sYiw(f0BLOXKO&Vl&-8rG$>;-Wa>?bR9;HH2bKkYWRj$CD;TYR^;faG0Tq z|Mguo4Y$}Wpv<6uVtMa!OvNwc7@JJY&QEB)-~%VgrwG&<@O+}QY>JVaN||C){e0UH zQVVSB%&L^l9ZWmhDY!(UJ>-X=OL%k?lLThOZu=nQp#koX=E(8Q$kAaWQLko25vPX( zjCVPkIuoR%{wyAl3i_)tE>J$#x}H<#7q5YKQ?vofbc^)8^#`1`j}y%L9(G_NjCsLV z3$>@5cZEEv=K56V#)w@T+g$NA5twyS`$Ho_@;(NJf^#N_K0mg(;%dS}2Z+*yMBZqw z6l}*$k*az&j4s7?LkB#+#*XKZzwLf((1;vd7wfi3|{v&hQ=T>`xe!(|CK zK?=Ib7*@L{B=Tsg)-jxpwwf6hlN$VKdOhh$9NCMeSShmm92O34CsIKqMJ_(yv~+h$ zSKyoelgpFT;r+}Ic(hr;#*_=)E7+6ClkOADYrzf4Q{au~f7& zs#ue|r!*XubMdfi}^TXMJ(^ogHpQ`4{+leK@sZXYvqeEe-x9q|+t?o4>(6!^u; ziFZt3vSquARHdC)iC8jF$5?Q5?HgN@4Z(0NRrKUGKh3N_7D^|B;qHSs26OU(XBM?m zG3F?_qW0S1;C@EVue)99%LEmo%16oPBe&8gAB7OIB(W9N&xUM1p1!Mm0friU$rof< zjoUrUDrMWl=JdXlvLOHchdPE(o{IYV>C;8KP0p@Hbvyv$c|RF?Y4fDVKG9;wlg=3c znWFQG8Em1CTpPOv_V}I5ul9=TK^4u++cyL_Ahh+qqojCH!+71>+Pz^cUYPbm!>(fR`|LaH%^U7!))_aHC4f1X_YTYZH8fR?{GEB^&91F9PeTE;j& zlOXeB08K#@a7neF7(LI*kahm`gmby4lrHKL07gc%tjt}|SScXE>6`&OV~LJl!`_}| z*B2c=-VdLklZNvS&-9&jmB(3dV}Z9PZz*5#bN6-E#F(ChP*sR#o-if zy7L&Vw)#{3NOcY>L6+sQ%vLDda)qpKioOF?AHC-Qsxw>qh}LDI_RVZM!;6lpZ9hli z$8@sJeo64n;kL-QGE%G_9&1gk|9m{T~E<=2VmnZ_3f6fG%-va-rVmq*J$8Wg#; zEJvBb5~T_*CVW)=Pia#t1LBjkNme0KR?zu}D)!Ve6;jWYjat;YYb`}YBh$$bN&wcl zy&J2#+T0$)v6LETneg6TgGm=_kL>0<>0Vs>s+$+TCUuFU7GNG&y_n8&F`5_9;V|v! zx5-kP11FtGBn_N3RyjF9tj?0#{kBpusN|%w!lIv!v&P|~zRAe_ zGCpKch?K++OB-fWnjNwh-xGW>((c0qjAtC&*AIbU{1mQ?2Go84oaFhiMoA8WhmJ{s zqQ)I7o2fE)*}@3dN%`Y~iS&@o%2OouF^54V7oYhoWz5f}ViILC9-{J1v1KZ#Qh4_5uuxkp~UKvfC~2Fq^~10|P~wGAz{sr<7a`pJ;c; zuT*FZKSExD!_s2o5~j{jY@Urx(R;vAAsP9o<>_Dct0%W)3mVC>+Hv z(kXG1Lw&;ttR0ZhMoqC3L)Z~u2|(`05yW8HNp^#*FaWnSKyw|y=t8a8_PoUN!AMrp z#}SOr>WNI8`=PTu%Sy3_EU6#p3yDkzs{T{zbHL$q=S%j45~BbM>>@W%q=1-Z#$@9; ziWR>$`syDbvDr_lbP3B&>fSY$mQRxiUuzN(`72N8ld=lxQ_4>GlO`0Gz>{(xrF z;zrw5nq`esN>5mmzDpW!6xQ1+F13`MIMaFtj&_L|s}TW~1l~jH!H0geOu#mdzH5B4 zy_DvUE#COEKXB`Tk}?Ezgjsg zb4#nf7pnQOk+g9Xj5IxhvN@?xdImZ-eEws~onL~3RI^&5>pPk^Gi6umXLi8{=!bpZ zg2Awc6^s0QX+y>qJ~lqK=d`rfi_rEp6#`iVQ4734Oy@~`1MY!@# z-TmGKj}^0^3?d2uMgZjzSMa81%L}bB3WCeby-r-swWOG?IyIz0Uz}-1=aL;Bi7)>S z%oOas%WArEvij*Xq%I;vUCI;N5r^oTqF)_jfHjmVxz^e(SFaq@7|vUd@L z3op+NlqPQj@+;;M-eX{=6WnVM^>Y-?b3lO+pyee_m^io4=P4~7iurS#60b>lZE$)LAGOu~& zmu#2HO?-u(i2-!jtT6;$Uv2SLxe0aG(maFEWBq4?&zHvb?Gq^jwcC;L_b}2>k|P$P z&oV{wbSG?C`b@+jYtA^$Ca5k^wbs2c=q^)wbyF@Opjqmau1G`X3g3Rp!N$ZDNIWOb z+!Fo~>KW8>6?{NpejkMUe~$V8B-H;6^M8fA(jWfP7;h#uweYVmq6~0%ggL~}*_BsTVT7)PyZ_WBV`5Mc+aB4(J8~ISpy;hcd zffyO$=&AKY-|rT)Y5@t#f>wt5xH3ysXVq?LoD6rGPy@1=>v3W+lUs(31CnCYpbM70 z0#wr82rO6cRYSKMy*U$cJ3`@KCpiM~rn3ROiHiV<7Kk+SU$6gp2vcLjKp_KAL;ofEl3YcL80g2``1 znb&Ncw7L^=daDpJ`1;?L@O?tOgJblxMqxC|VW#_Nokd3bw0WIaQJal#@DtxVq^bS_ z@otFB3JQv@yd0?xT)V$hA7>MdF(Uz7n`Dgh0Y2d(tKfkT{jx^>M~mIWSM4G5S&n+` z)gFS&%g+m0Wq*nZ{ptyR-hnbo*nbJLf2;NSAE@>Jv|j%eYVm(UZRowBFM{l4#pd56tcl_2F%f4vFHgZqy(U35k>`QQW7B{hV~qK`@g}4 z_Gqu}`YbW9m_5>qdG*3~9`Y|iUoC0d*!lMi2T7#lnJ>eyM(*8GsEuDzH9y! zYr84c;6_KDaq*jxD&N1fqV1l7)1%jWkx~F zMW&f$9|JFZd^ukFUNAL=mbdRNKj4SZMYJ($HCrvgk{6eHxGFBa+T%n}FOX|=I(qj} z$=zK8&HND|unRS=v_nKu@=D3cJUY*wb33>Rw@dLm7Ni0&py>sJA{%imf73+3eZCF; zc-pyZ1UD0}#;gF9j1%uG+s!*&Gi%u6@U?ZiTS;_+18yHpTNIn@o2xA@rNzYMN~ z5aQQCW9gGMeR+r$R}gkvd8?H}vLty1eGyGOvuw?LzS_hzeTQhgd`%0g=kTofG7!YC ztTVSTnygKTuV8=YS8soA&v2+aI0hqt>dQ<7r?B+t4I71XZUSjhV-9&%CA3|w<`I#> z4cJlj{`z)noEh8M4{1U1sJ92}nXpW9=0Gai9aBpLhAm)j=duzSw#82dAQmhRX|T+6 zyd0KUylh!qT}7SFp-`O&xWD=Zm>0(O3Y^l;OcrtdwuC3rN0gdGUKr4L;}_h>A>({a`t| z>U!y?f9;DjG|glE98+#J2efk+pXH`$dt%!EZJ~#0FUsb|v?FS!VIhc$s5BwvPIwwz z@-r;-=8V82G|C4LPa{$=oy2(Z3&w1@h06uz2|5pySAC33{SY^xOApKr>A=|&0{izq zXC7iOQgZi?hq==-dQZ3vfjNW}I+cms&PZ|zYp-w%%mqMdzufm8Qyk04jjulZ#lA^#=H{;gihe<0ZZ>ZSZE(EbO#&ep@^YyTuI4V$*W2GQ$JVX_g* zTx4yuDp>gyNYzmrwm;|<_9r&eWe+~d<$!qpWe@UZ#>P;oY4I=dfd9#@Dd#zYpz&<( z=n(e(_Ou~5P;v+(AZ}G5fRZ2EiwbXq&FIly-YhED(w}xf5_9Uk{(ix_1nn5JgTTOw zvy^+t+BoUfqcA9tW@R+qnR>+9R>@*JYnH$-_RdTX-v=$H8j@ za|x|R#i(f{O}KLL$|^~X&V^$4UebDNY0G4ZVL39sjEHvvUjGy4v#W9E=i2UR5VKaY zF}wT6AJ>4yi1r|6h3W;ijLcf^x_7mA(z`cmCyOwJlK-yOON{G8)73LHOM`dUw@ywu zR?FWk)2vO-$nSR)0b;D0D`Y#Li==n;ad8K(Z9+0Me(e`!qYv@-9heWPMe(4BEMBwT zs?;8|lV{vPP*UF^lSL*D+xoH4L+cJP0lqKyIn<-b20C77z$t>L5?tI z89irdVwONiB3+`k65wrQPH~z%3r3fA`1pY#ZQ1`V#wq$mM3*;MP&iRQoXs=n)d(>E zG82O&ES>cSv*u-x7CD81m^IYCP}dwE^~q0GAp=Ojg+@3CSRA)H9(n(&qgT?gk;*%KCf0TFD^2;Dmb>_x``F4c;w45q-3 z9vFI1QpaAnH?&>U?)PyZSBW*gLdVZDOuICn3)i*lX@-T8Pmu+ND4wy1Y^dUXoy zAys*La%bd7v+MFoQD_98hPY4rBfk01c$|k>K5ZQBb zCy6lsDMQi39;aj*_^401%a}usVUE;5qadk0I9d~^T1R|bFxHxbppaL4Q^0_$Go*51FL(ZgXmpmPckVsGwaZTt9>19r9BdWBnFk?wXGBD%F^*&xZYuB$S4-ZqDif9K2rHBuC%;_o z3JC2AVr@R!&DhP{&WPoXw?|4LOufCUBfMU7o|lg!>3m2TBA;jouzWYDX1tL@r9y~~ zWo7&ruGA22=4ZhPcgq1cRfeK)RK;_1hx5wLT#x0=E)=2tiK!5{ce2U1hzCBA;9T?yhL`66DwME`^as6 zBX;$wpTGD$J|?CcPhhG5hqQ@o@{2G%S|ut&BwJw9(z^v>H+Uzyc~iRCLN|U8PS|6o zm|LUO*9Az-?o2;TTf9L2fv(QG1cD0?p+16y`2T!k^lypq{{db9EyDi`#{Oq1V8-FI z#A6kWVsyp`12v~VRwq^ow#7q zrXsvBoqgY-gROzBAtx(sYD4c79B0TKJy22Ho;Cm`L>6I8fF#8T<8O3|iq09>);cl< zEa}a~G{Naru0DWD84*-T9We>LMvxq2;z2m&S#YdYTSy^bnMxToIvReI(4BPLlKF1K z9so>v z|B?HKCSXp`N{)TYF(ez7&jEl!uKD_Qa_&&zwFXDD~T zk1Su0^Xx?=aBrc%MBw&yPLb2KOv^ptNXt*$0rs=nkax&hYBNc}FnGuD_Dwa!abBFLTN86xYUb zg$iuIbQF=?dA9FB==+kNC`R{6QDs2Zhc$B4dh~00^hB?Dg+1L;hv&}WUit&#^t`CvmqTIMUVj5t z>$UA2{v;_&-@GOqD;n0gIgO@lQZogRk(FBKX9^x0>%}9NV;wwGm6J1Ctif6_Ho{#a z)`$$!w8M564O4`bpt>w92l{4Gj||5aRW=^ z)bjTN))gmYZK6OG1^DWB__of41$PWKmGv=d?1-dg`Pli==7P%R=3X|Xelib7r0*i2 zQb1Ip1hMru((B#eLf|CQpQQjlg;_uk{}e>_uAC?CqC3VG{()kyN|>$W-H? zJP|TDIC?Sn&`rW~D*@sXgkEV56!Ua)Q67O)%$&*HJuhwn6X?;HiNGOsqG|(awi`Rd zgFBawzk3Rxk!cS_Yb+!pAW7WHcDv-T zJJ8UV*`j?gi17Nm^)-%$$Y)zKDJ#)Ij5B2FpA+k{LN!o)p#j)Fe zqvLr#)ASH0qDvf-w|`N)T~kl91kx0UX&aPcIFR5DlVh^h)2<#|R!`s|1z&-YV zhz;Y=M<|%F4CWxJZw()vLRRZ1@fb|>@sf7m{@GpjFr|)#3|jwl(C7d0`u{mR^{?x% zqGgLOfg@lT>&i9Ro|sr9*Fgd)b5Z03fGch^U+yOzRuUxwxj#$DaNR90ZC6*_w&$O} zLcDx@noa5aH1p~52OU~>?x#zovx|P6Rn5t9JZw1r50>ux8RriBe5NM%Yb&Gf`yo^^*}m)DobkqYjl!5j-# zEN%nEg@2~;VN2?>GHqhKr)z6se`~Ty_;Sw>s(8`6IctJa^O!-1xNiNBQ> z`z}|!jo03E&c$a^E+cNDJIgh|clmE0<@~McoaAlKxO8pS(MPGkOFTaQrYQ00gZ4 zSKxTr zo*ZP9h(pW%m%o>R0PXJUw2o7GojxZD;O9CaD$HkgioQgxGaZt0ez;9K&NmLNw~#e& z0Qklhi`Ufs88pbn5mG3Ab4tCBsdcz5bVV~YW${%%-Ybz^&c_#d6NMr2mgx9ev)PSY zOLobm(dzQ^A735GR|biVGD14VHd)YPGpOMNDP>gR5KrG>w?B!DK3%C^d^mvBq@1!v zW-1XVACrLoOl|LlnX1$0H6kPS99`l?N1lt$8s zlv&z9;AM!oIXR~Y7YbJWbY9e{Sz7$j&%<@0uP@M)l5&e~ef`vUI;jtU7evON_XLBY zKcnqu93Lm|eGVSi*^W}qZB@ZA>?tAf+vIAQ6Ge$2c?gpGQ1PpyQNfOvt!vh=Ae-ga zZfrbl*5E77oCqNGZ|N0=0+_>wAa7QuEBzEL=$V@=X<=UJss`MJ(l7UqWmZewZZ(+T zb_HSa>>1493Qh4^UM>vO^EkJg2||2S$~`BFr{*rpBvqXEG$t%L)=W;;XxbGw2VGNM zAYE1KDQ2Z>(75tDp1G3A@^K&Kgs|)!d^ta*O%!%d=4x2bGyZyA)cf+PjX5kkq`Nn7 zY)eBT|5$#qC)ppJl|h#@CT85uywPqiR&VJ@A(LXj2)WZvJgOwuws7oI%8qV{hdO)% zi!YI!Wz(1+A%r{3=kY!}S4*xy7Cgz$TN|Fw4l?z@qhd}Ul+LWT*Zg|on~BDKUvp(H zScctno3?Sc*1aNEU?$2@P2+haBK0d4z`?Z5=DIs-yi7yfU(W30&t$SYDt0sXD#aLe z;n@7>4*zzDC50Zs9vjE*%4q6tvact`zauIZQcx5STbpL+!2qVSIJ)$M(@LR#XMEns zrRxH2xt+HtU!l~!oc5;Dm;!Tmlq90F6`C(z6CL(5EfUv&J!!d6IAXVqHtQF zc1^$>?-anB*oE?zh}q1ZDDid@$6cgX&=B&ebjkEEMq{}8$1v~yt>e-j=Yu?j``{%H zp-0aXQ``XE$v{NAyH}M_N1VvXcH5VVwL>*)Bm-nMUN%=lKWn`4wO+W_kMVxbXg?JA zV#gMK>z67rOfD?1jT@8v%VH#_J@_ zFvS)aNCg>XoCgJxLw^<{)Qvmw9zeOXE=Xkc&!g&pa(1lZZf9)tzos^A@_oV>na-Sb z_Gk`v$ru=ZD0D@8)G*?r^=4>Axhvds^}}@qP0_tQ zRx*X~ryZr%&N$>1i}e<@A$cn?BSdE~s}vItbE`Hw?n&(H8ZF8e*M*@!{zR9IBrk}l zLr?;Kfu2<$ZCHJ0@EHBFU@w%;1fEoCe)bsCLnv8x`AgU|+2#Ekulu*yda#)CXzP%% zcRqb?Jz!zKZL&vQKG8;?#CxhhBxAvfaE^3V?l`qttZt94!(y@eSjf1)nDdS&n57CB zA$y(fw^;c4fgHg29da>{nW6D&Q8LRRg*GyOjF5GH0L!%t^k|@ATy_?|aDb8@C(z^i z=a1^&l1~4f{{F6o`!DJAu^PG*NIFg7Kfoa@i~&bVs|g-fhE)XzY?DaXuKL6v9tlwY zgooAvOI`JS`T2EyIr96`a_n6u)+Eirjpfu4@vl2~S3?_ZdGxMvKDIP(pY!p~>q(op zw}V(Au#+JsJpRvC!fYl*sR`TZ7z;(I3l|94Kzp$PM?B6?Bm>v9y3?DzkwtDGA6!cU zSLFdZJlef`na=WU4#Z!xrGv+`>(gJzqVYP*wiyteXG{B5XxC?^{ak^aC3&dl6%WFF zNM5DeWQcMP>H}1GE<4JYIc1apW^NH#|)8(WVZ4VaeeY{Ac>YoMf6~^>VC9*E8mc&;%R{MfVwO&@Fo&~XcRjHUXiS$Qs zQhnhCa0J=O`jC^lcWj4Hy^1?GC*!U9NJj)y)VN{x-J#BG^ruE8Y%GK(Zs%hQ@D6Lr zlB84tPy!Gsw>)e3GX=`Jd~dv3SJ_{asYM1HSwB3L z6W2s(@@&(cB@N|tYpc4^`ali|_`d+_`;=g*5APnXQbxih2dFH6rgY2OAkccl$-4#k z`0B$aromI>S0S3JV?nm*PD-g@Nv}!hmVbS+ttM+yFPrRh)}{b>oxPO|ONLm!>)#^@u95Dc6|>icz_^M<(dL zcMij2+Io+DwAyKq%fb28b$z1w33y#(;q5Y!p$AS3l5E|(J@o1XXgcM?X9{UaaKn`t z$<1fQb2E&snrjp*jIjpJwm%>w(2or*w)dN2E?ZYce$hS za;bB-M|_v)^P2#eWLP%r;TiIi-Ej$yi*wbxjTJ@%OUm7Tat3oZv`+{&nWI$|+r_^W zDNm&hM-wDH&}2Qf{gjLqnT);=N|(<=WV3DHDJ6g z!`#=jQnvhDm6U3rFb7VAk^vwjaZbF2FVxje;!Os8Z|v0uSXmI3-69wqnd|;gt!w*f zuOwE9UnpNK^UJYpNBXyWNceCfL!N%2_3?ZNAac=#$=U1#C%w)|>(rlSjn#pwa%1c> zvgS|LCln00;F4rAymPYV1JZFI>YU}L-Z50ZGcuQb((0;+)=sGHQ3vrk@BV7-{%9a- z90v+p8Cg|+YO?`sht%>NJG+$&+SOOa-D1e2+R)-pm|>(Que$yfZp#5G>fE6~bbCE}ekf(`uxv@{ltj0DBLd}rpi0qT!p#KO$#a3|5q@bK!8vS1dA>9AH*5>p_O27p1 zXEXy{@c|Ub{(SxOXhskE-PXaB$F+^I zRl^B1uX0VT&r=jeYjOB%R2cxrNS`_IH#-V}RxgW1w0(d*JiBwwZYaYy3ZMrmC+=tT z<@h{^qv78&3C$JG(90p!IQ3{Us=m)NZ;e8)r?w^Ml^E^k-c#vfN9D=hp^oP~t~ri( zZTGKllYA{;Cw)L6&QINN#~1EP7)Hv8(G(f+R+D4<(n46Zr8@yJB`@mHoyZDfZ@5eR z$9)n@LIzfC@51|5bL=+uYJAq}=oijl8fEbZ zRCoo_B5@@gKhbXTW}%p6$(J7)*{D|!7ICkCijii)KX;l><$_!uoWwhbev69BIu)|P zoLyQ91ouBunxU7+VPnfg|4BnLx-$2WsrU_LKRUS1X`XTsBsq`L*9`2=;|1-lvp|!PbR0sNFf~W{m;7JEyW+f-^oVPi)7xRs2S*DPcyc#({XE%C*Y{gDfcf}4c zYT9LO?Zzv)R0IiQq$9qXXUq*izFAfK)>Z>b5-|6vF%Lr>)$_=yr1}G#P`hpRK5@&l zT|w1v$@Ez~hBA6rSSxoHNw5W9i=q)4h~+EI+~fIUtwxe6y+-0MxaYVtYToNz!XScUM z!;)sxaB*|j>e8Q%MoJ6s##16x6=qLZu%i-_G){2C?t*gIBLu*_AoY?a7E;**(uYce zUT!~BZvy>K?}r=+H()k19+Fj}j~-k;Z1lK}#KDakjx?BzmZMe$eRCqaZWL$EFM#MLC<)d(Siwg0u?3Q+;o_zjD|gHUTD_Oo0#S=%rFuT_6q$eR9&fmi~RE=Jr(F0M8V$cDDELjVcvwOkp5+7ee92GL3y-ti;_p9J_!LRKMWNk4miawEO#^ac=LNd(EtcmQ6Zd`&dpdL;sVj~vsuKcF+~@bAyLl)w8jR+plKfQ8eycHQdCp*{k0 zZt)`%w==Z(YQrx>WH0D1V8pp%ow0VpMHa*Im@{UhO3d{Qwg+0%4>hhE;zQ07Vc#Rf zuWlBmBhKkwP(6KdEm8UiU^zUdd+=0RSAQ3#ibXIW(OlhAN)Stnpkza6mh30HJGxr5 zYz%sgu0r3)uT{;imGQAIfa#SejB20B=Ol8Vly8rG^8VnXl=6$hne(G>w3U@$n z6TLMA_604+*h|?B-CSD=shh?$Rxt7VRLbApY)MR}wC6^&QDk8WVt5J>+su)&2O0w6 zHy@ThT~JGAjSm~dyL@+=d^TBvm4n?-{0e>t1s%0nCzVcZx$ryDmIEk1ZL9T2?Ftam zY%i_q23u?BXV<1v3$@;B8I=kB-artGH3-z@4o$RH`}%nsr(i@<+e4swMb18YC$*q+ zNHH0+Mz3tar$$DL&QgJSC|c_IcarbI&Eb&!s-nDoi>#UFLY`btq)(FMX$m;#*}gO0Fo1bnEN-Y=~iasf9xuyxSVb=VZB zKq6!`*F<*Sq2&}O4eIBvFU4b`X^il+a5fy})5bN0W8Cbac({2F@g#cU(bHA!_o&|z z)4FR~00^AlEgLM<&V>F*f)Hg)(hWfVQj@6vDhXovw{sWAzb7v$*8d-8?-*oRo2`ph z+ICjjwr$(CZC7TcZQHg{Y1_7KJ8$;az2oe2?(MJ7z7g}sS`l--E9RKPc!naPJhFEc zUPS|nLF%K0Z5VoGT5Mu!J5^ijZwU3*K=o@s%ZB;7gonZ|CH4`i$$Owz`IXk6g)q#0 zQhnpxM>tt`>qqNvD3dR-z9h|9kp(QL zs$?|Nz7)mLVREt5n=F$!BM5dKlbJXQYmb$gD@z|>a8X(W;irrgHZ&9!g`KQh+>De> zZl^O+&!v(Ixp_s(NX|k)lRD4st{jFVHbaS&4hAlItdz6{Pj_nHb7-3Q>$gi>yq@)oWmYco`B zmqkFe4AZS<0tVI61RJY`kj9ZSceE66Yb-LZtdH(3cVp^tcKM|JKpx4zBPI=}^QtLOxEjnfRmF0S?L(@<~{m-!&| z+d*z^$%j+Che0p0m8K1{Lp|!Y%W~nqmQVB&eW`I{V2x_nGiLPwmwYUEz`Q^Xle!kt z(8JXZJ8O7d--Q=3PxJw#3!)qNhG3Yr;ko(*a^uZC0upv9X#N3#)D`^#-KAN1)mM*m z8|1aQ?Vq#h=Yz(bCj^X7j%>EGOtY^WxChuU-5aW%u`X)Iy>FT8!;T0M_(%sIak+zh zP%Nxdux^YKalR8VM3@rdacq}ENd!h@{F|gR2;C%?z*m@I2a#pC2$i8LSb7`uBkz)r zRU7o+ufSu8hlLm8yCAUow~0!+zmvJYGLrvq7|F;OX-PnS^r5f(a!V8Qq(_JHc=3kq z1@L}I)FeM-IA_cyeQb4CBNvu?LuW{idw^HDnQ>$YXLHyouBj{cx4U+q_D+D~?UD$t zG@3_kEO=yEx84O}{!V8O0=rj(Uhpyi*=1`MTt@bSJ+*ibJORw;l6{iTps2Llgl#H# zhFgIR_Cod3!Y~@nEDh@A{-2m@@o`mEDdaKQeiNb2qD+(b5h9c+Go+^jOrh<*aa^Ho z#c;p}XU4;*Vc|s1_F~&jIB%V{422=3ox_O6!fzbRg(n^Gjz7~EeTR*PZCYlQ-wAit z&&#{{eRDp14uBgQr~lkU1Zs4TV7}Oo6JS0WB}}O2dGB)$4WERktNx(3Y@|LNp5vu& z_yD}E$i&jJ4o6*-n{B#P{tc4=AeucHM?Hb{VXLX|A#AZ++vt35AyH#W%F6Rsl~(T= zjX?Z6N%@c1?%#)X|M@ljcZ7$3YR5=9{_od>{7ItPJU&YW)3z`|q;YKltPk3&05%|5 zZ11WjI;g&q3G<4=WDPV!&@!~JAc70Y8eArKp<*Ilc_F25_T399q_c~bv-FCo3|cSti0%N=GVVzp zr8{F$rYcYf9)#hBRSfpDR)Vv{BXqJDnAARlx-G>mQSG_n1yOB_LaklU{k_9##WZQq zHfOD@=*!8g31@PlpI-VZFDe!|gX)MOVCFE)U&q>-fsk0p7^`2+;tHCUvhk_l(0v0* zm}JBRRhMyO=}^`zL79%{(@(2=ztz=y5tVU-MQWG5fjkS1z-aWzNvCQg)n3fIaYmUY zYO)!@&Xj}M6+Z^%9eiN~pUAefzd-+Cuz-vYr`Y~u?VRO53Xht!l%kV^vA(sio1w9t zlew+Ue_5`z@BVFg?sT@~qN<+~P#pjukk;!BG`Y0kN;J7*)kn#70O;PiSv5ZJCnD5fR8Hcrh`=|FN|wZ z*(?QlGw548r}wVwFJn1}q1!y3M2Dw^o&=KFK5pGv^gZ!})h4OFZa-$iZn9H8uiO5@ zG<9Uk5P(@a5g(Z~jOpeYi~;IvSud3n${vxOQ^!FYmYKOE-XJ!|UJBQy`*raXQP-$f zxGt@o0zdE%aATnPD)mDzy}#t`0>+TBpYd!uF)jYi(e8G9?e!Y)SIjnUCKPXUAiOty zfRE@5WM!F-)|Ei$z*c_P6Zs#4n+F}QfNGIv3o>0dKXUTassJgNQ6#uZ5h+Irv{JPy z*7>*Q6g+J|%kpFddvk_b#b7d+@m&IzUF;AhY>;QK2aMfSHh4Y28lAZBQF-%W27*Xu^3A%AWn#} zqZoj%1qxEC#JR)Uy1xHeTahMGK}N)fV z4aJ^-5?5ofy3TDF6E6`=;g3>!*b=1Win*K8%(Zgo?kV^X3bG+w%s{tN~ar>R+A!dkyu+kCkC$cs94}>?;%Eks4P7Se3C9skXs*>A*Bs zFdD0#Ty%QBst{BCP$8*iLtB>k7Fi*yd%_d@ZOwI?b9)9WjXrBU3FhqX6s=eQZ*nH8>GBW?}#`wNQ?7{&zR_jSMgW z&47~zmu@)U0t19IOMb|$a5=vL$5?FSi4B-I{bqFFT}U{p5fk>Hp7tqYLKKNDDwl*y9omf>bvp~=e2R@;le~dgjp%E4dcxnK-K#_h> zjC#sg3?RO6i})~gOD6tZ097}(0O}46{*zv4%-i+vnBW?z5MbhV{cCU>Bx4X22z8*; z7-u(uVNfn&Bcv>ZI*=&{cK})lcMwSY>K*BzcH({PcG3c93Vd8XLZhD)0bT*J;(oN) z)nGZVaR0CpOdE)N=1%`5K9xz?{ z8F&vR!DxGai>mLqQxzCOsaBg}odQ1{zT&*;lm$wkJs`CTlQFfJFISDTn3v3adOPAc zX@%Zwws9P~od3dmDT+V-r0aYRbgBW1y-EC!K2k7YmpF__fO0(09Cfe<8f3`;QU}GM za2WFvW9Uv+9pmb4DDLzl2?R~rdBX9$>6+%ye0>R$*+$67rIkdMC}E|AQR?Y}Segsr zTth`-gEGOIRE5c`T2#c#vqz#|cl~MQZ&|luMT~R~688ON`o?nj+V%Plaw0V3{ET=; z*(x#?RTh<+{Wt^L!(C^YD)pqXxs@LJ8Gp+#*vkm7cE+GA@=Z1M6}4I}QSn>o%Q3AA zTEmqFOB2o+LHWH==}e-r_d?#2 ztR4y#w^Zb)-iNm))jgUBmd+sYjz~HM-v{5Zk1jm#{m}rh2S<}@C@bMhMcwDP&XR>5 znvOR|B>)hSXGeeC4oPxvuwLm;meDPRchv(U=s^VWK41cj6d@zXB7{_5b)iGNa5321 zknuhNTy>#>AIw`5UgEe#P4%6O|7lk;RUy2vj8VRP(#yrWhzecFsYQKl z;%2D}XC-{on54zQPZE>jD4f$Wt(rDA)Ll&l4Y>K*Z~Bqo`rr7%l;IVSEn>^b^4zw4 z!EoHR0Vr_DUN^_jjZ8aJFB5d*d`u2Kuf8^)I-fePeu-vtI+6ZPG!Q{r+>I5<2)??V zd&0c_I4K!`L&q_G#_x+p_a47S3K~N99=&D^%4U4`+p!PQWq1$US%U7;ck|n6hVC+a z=KkJ}m1Xoy*q4p|Iev{6RE(Zw@=V#ch5k8t4c*6!{yB0@8|1^tHFk{~^u@q6bj=G0 z0NMj@SfXEITw+*aYNnSmI6XYwPuIae3_3$K-N0FDdY@o&N(nM~%nDiBUlTho+NeM; z&(wI67@C=UZ_5bPmb6i3Dc(`zP|5f4a-y}`E{BH`T`y*4?#s~X&#*#{c!`553UfL73+SZ)tf}w}~-v?*s zZkjR8Fhp!--}Cb%*(`|3sIw&0Tkv3FTKwgExVf?~eme6|hD{S0;t*s(m_p@zl5H*c z>8zwIM)wto%E-s~zUn8thkmh3P>20Z3Ou&RQrzTpq-4898%h;wNreCcr)72;3z6oj zakl#F!s(N#mo4zAP9YDEg?E=$sEA{*)bTPJmZDxt{wv`PS`7J$^2mVUUgL?f0i{(i zQn6%V$Zn&D%u~9*WM-Id4{o%|7z+y>h0{t^tZ9@k6&u!qL?0?toG}$SK-a2hH7o#+ zxZpGa1!uIG%7T}VH22hAg!NW#N}D(Y+kTECwg1#oz^zX6J8;M$NU*83-IAz|#NYuv zZ_82?Uspe8h=`~QkLtobcu{YQNQOWLVWaT0#Qs7ZE+ zY{e9|)Jaj^Q`D0o$Yj-@yOZ1%)zfh@<`e?vgq#L<0m(GvyM<`sgw=sOy;}ChFdRE= zz?kJL$UGA1Kx-g!Qh+~yA~%Z3H8%TBDLoO<$laR{m_nEg7RpaRja<+-foRW)KGQ1+ z?68qNb}2rTe-OKUYK8*ifUtECOERdyJS7dAWvMKkJ*(O#Zag~pa9AqZFCM?)%yo@@ z8cbljzv_&y}D9ta&&bLVFnMH0qza1 zXcJ@lI0ISr*gD%NQM1GEuo2PKJUhHN0P z2@%O7BnoO(3Bof1dVt;ArFw-z^|cImc{>2B6Iu{e#oJM<Uz2d^ZQ<+oQosV)bkwK5grSzTN!pm**P3 zrd#N>*PaDlO_WR`;3jS-dKWp|Y$h8Uo$$IMd7_jlO#jl56IS-%S zOf#jSsAG@L0>~{H$rf-zO}=Ms_qJ)9;9jFW!I){V-Lk?pr}P80pG2ONZeYdeBs*9n zjqXldb9U#fm>0H}_+Av^?7H&yb^*$(=b*e(EB02}j47%d_3UXZrr(LOWmId2#CW*6!zwhNVDEv5`ws8wpjIT?y z9%w0p7S1rAW^_H@uLP$Ims!XW@p!W;`Q9>3tm0({8z~|k$O+8kWqi~OO8P)5U1JFIeCKbsH(r+|6oXmfA|mz>1s|XW&lBW-|7l!T`?_yw@eW&Q^4>4jF}W6<#C>6;QB9^s>fDI7$NWrKxW8h(W1g6qJYQ#?~r}Qo0)<7yOpW|%8+e4 zpBphXX|)J`HGY116D>6fvlf0;*un}oOiHry`%ib#ZEk0HzHdnz_`XHi7B^B#^1>AS zf}G;QFxI>@7bcfmx$qYk19jstenW9-gRD?dVG(D5OQ^(~k&%YQ9`@=(C-wP#iUSsx z@K-i$?k7CYd44C)`8haUEmeV&Z zJSEM0dT2>`uP|D%UKIuRD~=pu!dQzTTBYVh?Hih&CXO&bj8Tcgy2 zCI9zFB~ZuALI>)qQD?k;BHb#bWHm$uK-TzzX5izdvuTglzCfoq(u7aB2F0yS1c$V> z#4%YdGx}(hHW|Vk5K~IZ1aJNf?SFD-dPu zBamwjZ*W&O)TX&+jn^%!Eg4kl-3$$4mPeSn4OAy-CdI3FlrbSjW=vI0B+J3fd!;>k z7c|&lOwB^fKWy{MO9beget!fbJNTHJh`+xQqW=MV3c}=6Wo}}eU;c#U}4`l zD-pVZKQhREF5Q&xM&|@;InN#uFuwEixri}1c%9u#GPO^h>l}SfPL!9g+|Y{uf=EZL zIAu)zP-P{rs#Rr4tK70`fqqCf!0z>(1vN(bfqG(bxUAW136w|0CM^Z%*Yu zgRK9UG4U}LmRaYu?% zu_&*sT-C5Xn_Z+?R*~oD=R>#Zv9PAJZcKNXp;=Y=V}^E-XZ>)-{?w5=-p*>vAoYBE z(EhgB@$`O_@s;sse55%F8*DnHnZh2Yvu`()A)}(3z^fT@;29_Us@^SbK#}SjOf#6u zyMK3x%DZ>h9CfPZnLIqZ_L)6gx5h1Lz>&&(WLK5Sdt#TBD$Dc+Fnp`-89RKd-Ys@O zlIpX2H=63Re|L&X$K(bwysPG!GQ6wynKN8fy?t;Om+Et5SC{H@V%Hhfw&qzD<5M%} zi@XH7(SpBHmbpO$q@Lr!EPJZ@$>PI;>o6SSR4?Clu56Nqu&gv!G9N%NoP~v)OdAs% zEW#MFeY4$!$x3P4JeMERf)hyJ+L>!UUwEmUoBx%eN%5(?C(?qc`)W}%dImRy{MuL% zmlcp-7nE-ngoQd!q_HM9hoA_|B7$Oa8q-GDWwo#rtPdGBS%8e*b6sA&@zhfzMmT%Cl*Fvl=YXbCeT%k}; z1{KC!ck$k8={;y(ogoKwkEKwB)xIuX-IBgf{%~Vr_y z0b_pn%YnVr`B%ALxMR9Kq%L|BSJ~O11%}`4vfTKz05)>PtynuL`n6*{349S2RC!O8 z8(g4&FQv43G?>5j&Sp~%Y8<&WW{b?m38J}QTFSwn6VK94>-2eTiOENdj}bg)VI|(+ z8Lyp`hSSd$h~o)LXa>_U&;~Q9BKg)Ni9Zry_ARc$a&Slji9%+u0Sm`5M1?C%6=sr* z^!1Szffl@$iRgmgYb}>51{?0sMwkh$n21d&fs9N#<4fRYBh>U`KDh1utt=^GuBay% z8kGFk0R16>kK7}G+Vrstm4#ze+2h@OHbtTa5%t@O&-kT@DY$e-q<_6GF;yocA3HzM zDU~0>1 zILo0TlwX#bRyi_XfDnH{C?mQl_I`7cCMp{~Z;tBhDW?kaSg-xMBJ*eI`bnR4E#7AK zw|Emkai3%;4~_KAab^O=L|_dem39J+5@{DS=TfXw6otKj$kU0P^l6o3DRze;cAu~? zWFrp`({lLe>9C5@NR^Si`c-j9$*goqj94ZI?E}u0M5+a)IjiI^91=t0IOx;tlocP2 z<(Or|;D@NJsKmYjr_ffv>{Ra@De8Nk70Nz(W>KFy=zYyJ_cKvJ30Ot5;;j-;ppM&a zks(SAeF3x?9jyI^Fq4gNP=&o;Hj3$WIPiC=VyXP3Q3HXp)zKIpL@Tn;Po=(g5vRJ? zBWN6*u;mxGPnP)3LaaeY#}V3?@pH&jR6iv7T|Y@q34@nSGza)@g?ru=(={xe%}e!E zTuyFEbS>eoN!W?coX@aixO@lH@a^zb$Wl^=jODhy+68k^tO3z-1@)L0!7B!c0net1 zYY>tloeaZ&hvE40;4DS|2*02zA?&Zlw+YOJ>es7TCcoBcj~-A4#O($HsTyPk#O)0R z;qi-x)CxWW;R%X{@&aUqSdWl}^n%PrZ9!><@B+<7dB(bgf9C4MyB78m-(*}3+{Rg_w8MRbT#p6=hTZ1(^=BipLx+RF5*FA-$3bO_LZZS!al;}-reZ7Pq>@jb zdfwS#+_)+)T_c<9CCC74+nDYO#`s}J(}=bQ7$x|7KSRM(i%ATR9*sn({V(Pp8hIDREIdGe4mF5Ya1uTKQe4z#Yi68s`;aE^uo%zXqf1rIYt8RLtDeY22 z?DsIiN$5Lk5Ijg+lGj|w0P0{hD!}ipLnRN)Q5z;woG+)LIir?f?wsoPK^~#7QqL7W z0J$XO0&^e(Q>o4@$FGi=q#21Bq(L!1EBgxzP_KUn4Mq`Q5w zaAr}nJ8X&<6hG!U&mKw2*3z|4UEl>(HW*sen}HDHG@-N9o1GelYt5wW{I(>vn_GYD zrfM*`6rx5x6{Eti48wXSf^_;PEh%^`7Iu>+6VcVq1NeXqPV)!tB&Q-NTsxC*ofY5< z*ENp$RmTUp8HK};kI)4~DX&19SOCUnfYhgFxwavXlSmYg`{nkfN&ZgV7@7RBB@M8t zsP|iS1yCwjC^=9sY_7WFe*Nflsgb4Y_&Al&zKG+)Bj%k$Ek}20^*xW!c9hm}D#?37 zd>i^m{0N*oy6x53e}a}n>`&4clj(~Owil5L<=4+UG9QkHBk=vyNj@GC-**#V-}V_) zu{NrL?g>aKKUsq7lgU?4ziwGnaBqK@3>xy4I!6;g#*CF0BJOMl;~UhU;Z6_s#y3=? z;j&2KQ!RCFo;Xyq%#>i^rkv_tNq{d}-v@4dAGq22TbAfLRp$B#;yn3xd&Otjw$`-_4eoNcu!_q4#PTK|D3Rv^d2Jjz zT>8~eX}m&SL`t_*t4MZGqC}zfv1)pE=FPR8mU)M@QaaB^)>yUD${T&o#phY#iFd>a z#GVDHuB(UlvE8DoxGw!XvxLKf6$ zf>^>59#c8fcwI-x`?HXVYD2f>gW!l}v=tvH`NP)dduEP+>%=!U8MUnC#LP3L#pAql z1g}2SoISUBVe5Rw3lJI$+#M!8!~03dV>3uw`4mV}iQJR+2}X$Hj>NJ^TcsQV_bEo8h-l;5g&ZRH zJ%Dwhx+xLdl>G+1Bo-F1>XjiDjYyW=Rb&$GJbLS-6AzGv;7mZV&QeNO%2ufP-J(s* zT%v)`_8NnmVZ`C3P$vnvl4hVAs}rWm4)MlLkJU5C$)s=%ibSTe7|o(BlYliDKp2zd zt|#nO>fonF*N})c=aA}O<`jp_M}$qvf-YX^sU;iX*l`*h86Vr+G`YotkUR8ttT1;I z_#2ulN`y5j(N%!IM}O%%j3Om#fO~#XRci(;;V=ZHyUDP%RBoIF|8@+0A$s<{DWbHfZG#T-Dq2 zH3|LU86IC(XT3d!ZPgX5T!DN32RrfP-T8#jWqQCo+LeHLTL zbV+g|BKJ)gMB0I+*uR^c)ZOMP0##I#UD`iwAHI1y41YALu4=2McKS8AqQp<$TD9CT zhC9FOZZ(m`l@}$=X_BkT2D_dSW}%*g93of@{ZlU=nsaznxbA10ksETG@v(0Q0~dfehQc&upJGfB{+4lqSqeLj%;j3Q554my~HA!dISeLH-pD`T%vQOHw4SZ z1b6U330D_l!(!VMks2k=uCBG)$5hQ62gv+WDtj^JC!ShlcC+*EWZqBzhTi8B&2Sg2 zRk^hrb6((UFnH@Pz=Fr9DZFcX9*`WMMi5N7=IwL{vw+GPi0q`+e0|2(o?1k)0qTg4 zxpACmjH+#6Y+KR*y(21>Wz)c4i!ASae<}j*py4gPkO7;$l$PyX*wI(8xAlouznA6c zY+iI=6($$w@cWI96wuXfswbTEyX^9YWQksPN%lkCwlm$r&TsEbKE|D8j6sRZrRw{j zBnb`mrqAfumZpbH(}V2%2u9CnT$KLQVC}(igMKrWtr+T2?h|o4ule!zjCIcQzBltw zGXi<;_oMlDaV>VG=b#%t_;e(f2lSdffCn#^y6>Rnpy1OEeU3jK=drXRy!G}n2g5Dw zp9So*dSkcMR2FrxX~^-=I0RAi-TaI`vLd`ueqIUPM6wT^1pRxET5Felt1LkF;XwB2 z7$}((7uOoxq7}Hg^FaJFcnug7060$oWv&!_D?^>`gC24-SbKchU1P@)h?NuAC&9t@ z7ks?)T}-oyx4Q0q`9GqFs>}oX+{8 z0mpA{_kWfT=ygYN@1A0BdbpxqhQF}xjNegT;qh@d=ID9JUl}&1d@yWxl5gTM zbq5s*Hi5XV9QS{z`@3qW%^Y|McMU$eY@l!xRvklj=568at+^{XDW!D#djY!Ed{kWm ziwr?1wnVDOF;0+5s)Q*`F>8VLK8$;*>y#RNZtykM;9p6bAp=)?rSfV`k!bWIrY z*YyHxya0O-Jw~@74TmAAO^{xbGJK|~0`5wh!1#>3N5=SEp2W#x?XGNYNdF%#MgOCs+rQ~q`fsQ4JAK1@7&to_3)6_d9S3x>6 zniH~@4?gJY1_d|LU0D~jogQlXhR*brN&%^q42dmD*(=Fq$ejbHqpjlV5%s64qQ^eBk3-=y z1;Tjqa?+Iu-avP(n}~7f=}&P#PCd8xhdX`+3Br_PFsliKF+~c0>_S6Bub( z5m11f8eMO3191~?93?+Wwyp*;_62H2(!^N)UgCaYDtb~zkO~4ec0y)Wd0NU^s@T{b zx-K$pUUpt$X2RMAwXPPT+Fr3P=qe@LaFHBmyvkShQ1_G9PjU6q5n|xT(CY_&)}Y8( z-&kLWkW}AJBLjUSJ$*f6y&tnyc$j39u!yGH|DXaGI1#p;LGAZ5ga0j6X#XQs{zVdf z1FL^kXA|YQW&7xm+f@aC4)V2A(AAIq3ac{F`JjdIlm$XAnB655+3k&smA!ug@&3jQ ztdWO6%(J-Gdz*BfIy!oaUSj=02yKwj&qjQ|RB@L;**eKat1Y}e7FwGsAw}V+!+t@)F&|3R7aBf8n$bE+)fJwk9)D2y3sv_i8-FrW zi5Jej!KA3LWshOO0K#QyVXcDG(2DuBQ)*(A#39`hADTtrF|8b=I+e~!nH{~ITP@*` zK@qM#kf<{g&9_Wh+w7{bSJ-Ui-g3!HESc{ZFM^EV9RJph7q82O8|kYD>)il$<}So; z{|GjU_b;|%Mbo_k{wA*LcRBsvv)#WLKL2mh_`i7WAL3~2_OH3UNQJ)|2s5d_7p<7Z zvlMELR)S=pQ9XbZ@bF_6gup}M%MYv#W)*0z{8{wSZtWTb`Ug(o;Ljxpq8zol$;*{g z_HR&~qv|W(AKUO*$vf&8j~Gg%W-@(xAsna@49hNQ8;;&R8^6aw*H|@%M-co$0~--5 z<%jsN&VSAm>x$RIb>QboZ&o>9TLkH09T0SzLbK|Bw)E$`wlP zUmScXEWg72v7C9bZ!S84zhYjDBZBcWdFOWz>eGiI)*VsGM08JZ;$Xum8Rf4;Gq|nr z-x62jUX2M%DQT+eh(J$Y*wh6xg;Vo9k&`oo7C!o6Orf3HD3R5SdNrUcs+2Q^!H7S0 zoYk7uf_|df3JmO0w^-Mv?PX%ILasNcjXgOp*R{aFgmbcQPB^>lWDR_GDS2@bp%M3T z8{qWpxd(lcHt6^l|5K5j$+SfMh2`|Ocv@Wlw<7y(IOH5`zvb3iOy9=H>c6ynVs!1d zmWK}dQnGHOcm}*|bHmH?uiurEhYvez=80oMvfPM8ggeWjaTOBgkL*{2}jU75m{gsMwB)L_44WL6Xn~`h%BBS2-BsXs*U~>V_z9B zNAE{oN1Vw%ThCLhT_Ae!v`gEt_*Lq*KJQ*;w4JR`<`>r8flvbI%}_ zBbdW#t*yQRieg8HI7%hhBS&FTiH=1T<9U^GiQL~CudxH4-8$)5V@9V|?-mX0e{+oa z14*ioa9gsUc-d@+BJC+&YIgE*?pXE895~iD*s*0wa*Co9c{UjuaJF?QLJopEqnr-S zv3nZOa~h(>ElLe0(cO_#G8&`I-dL&uZGeueZ(QMt>*D5ZGP4s~-+bbMM3=sxW;Rk@=|^omm}fX#S}dam z#lflXrKG>hf-e;v5ovweAi{~A+6+1FspnzzYsgSDl3eL5Qhwy@GAsl7$mEx|8_)8b ziLK9EgognZcUTh+DQSSNCBQ| zQ$JR)%RiOm@HEQ<0}+IR=9=KhJfBe$3)YGVTB9{wn5K8}iRO~l*!y3xVW$}%4X(Pv zWNoT3oj;~*!V9c9tHk%wpvd3cG`85jahE&`DW%p!(WK8sfeIeVt#mhdCDsz09U1J$TUnQTdMAC{oI+1C9rMz3h2IP- zckBHx3AO;v1I=26u8)?MMQ;oBMMM`~@$oF&P=03Tmf-gTZ%cY|kZlSOCYeEw@XTxh zs9YtHgX{i0{bc&*vr&1+#mLjM9SMHu)6nGY;a^m&Q!l3Q1X4L;j+-VG_)cW=sBKYp zn#a=|h#kL#>vi+a^$j?JOd70M#jSg*B3b`j=b`6MBb{JAITN0?O4S98zTGx;!p)ALkRVC{<0mdj%PIPAFk1S>^Za-Tml@_gHcAe; zooo3i{n%lm8SARPD6;hY!H1L4L>pZLyJYmmvDJ%@OZ_eDpMz?G5|UR7p@=8H68tm} z$p%5m+Tpm!ZjnDkd}lj@umJ_L65)Az!k&pNcN8%N$~}jJr$Zn(R>bJ8e%dy4NLU+o z?3t}|A#_C@K4V&_>J6r!E=||ujlfSG3Vk`JP$jOa!k=~_(mJoxXhTy<^-yMHW$!Wl zO0@oPhxMg>?mNesuOnUZET8v}Z%ZJg$_}9USxsk?=Z}qYK)Pvxvx>n(+@{hTiwW24 zvsf5-YvEa{vjK2Td|Nkq@0H57aNEMp(i3M2%r;;bf03l?vuE!XzZ;*v@Wj@TQkb@VQU;J!bsp zG1iVd0rl@yxOh!y-vgSwN87(5tiK!)Z=iOcjWM!haAiq(wl}&nf8NZq${kK&z)itq zA=SlSLceinsM@Knqh}oZWM1DhNooaQoE=32bV4d{Z?nilS5Sg#57dE2A<|w`lH4s> zRcz7ab{Q*m5#DY&mVEejL4S&Q`54%Kr8<7nTGe#bIerZ`y>cqP!}*{x(V?O4K`PWo z9?a+F%e*dR-`B@bg}0$7v(}PEC_TWC$HB_Za*cPQz;QN@_ECq~j`i`5^mU<+b&d4F z+}g$8bco}8hU*L%r~qIo@ngw@;>atbtLkScAxM>BuWjpdziIC9-?%15bl-ge{Ub=q zWig?@`Ch7S`?v8q$A9!EzNdixmmB|oOafIZTidQFA$!}zEmodYShm5o)h!g%6pFJX zS6TWx8*4ua;HSa|hWv6;qF^>qB>Jq@r|sTE&iYi)K%6Ygw4UAF z1Pk;N69-%?B4fI-BM3>vX4|LZO^(ltBxVcZovi7jMc)(K6naD!Jfhk4TxK7lXs(Th?5smIdlQptT%WR zS}Ll7uzfdT>q@wrb(fP&->5BVVYRyoZ%3Q*lcaY0b3t7Wwtd11n6%5+9>EbfT-M^0 z6-Ou#b*7Qk*!m>;2vNJljnD6)h_@pbr{vchN)P%;x0erRTj9YR&HID(ueCQK2~b0g z$wmy0KSE-IhSsk@GHXt_Tn_Z8GbS&RDl&YV^)On9li9VB)<_**5(EwP(AxDa^NDEa zH(9RPEfgq558C+br}wp|95tGnv70!ohoXaD6*0O~Ma5T(GSgC}*H}OBSe~%wuH3S^ zXG1^Zr?cXM=v1e4Ejro0aKwFIzA{*RDS_^2Ila%Df`e_UoL-eR*oD7>dY0JboJqsZ zQ9V6F4V?h_^ukzxOjH%~=jd-}ve(Rc(lE4ogvWoYYF?Pc#xwG}XCS_f#JgW+-BI;j zNwtE>y9eIr#*(Xgi#&=_)B^)#?n`<_+JvY44kbs1=m-FDF3PxpttxBw2y#h==n!+q z+{MK-WlF(x=O3Uhvj5{Weyd5Q>N%W=@(j9!NK!lQ6AcNZq^!qya|uRM;9J-b@D$Qn zVx&M9BTZ)J#%pZPZG6Km@9;jERL<&&&KW)kMzv1iv@U|<3f^92mVorc6S?wzB?Kkd z(D_ynFp)wW#GWC|rl6&0r?wJjc`>7JKAz+$7lntLW~_eXS&G%P|(7L1{==b&7x0<~yWC7E`Po z+- zjXX8Y@}R)F1d&36#sts^&|~1V)5uKX%YJ7T^|n8B$BDcpXcrOCQD~pPKTBk?9a(G` z#(L3hCzm>>hTgJRNxwdyF1dfZTkYF*f%|6f*C_RqdDGZ6QU&Yo%O&snMSEvkYDN$XjyT)g_Oz@!z`TNaYx0m}&2E{GWBFcyBs|h!exaU)-Htr$)TDE%c3Yu;(W0a04#?=dWcic&DfMA}{efKXa_XmNks6!wYwbsdZkpE%-RDOiGmOGWO*Tm-X-qh{dr(P*u?ao`adK+_X7zd|xA_~;pwpHiS zTdqwe3lpysVC2WX1=+jCr7EL>3~+$Ha8)oyYMh5B1AfvRERR#fi#&wGzUp5WKYm+) zO2fcmv3sLqR}o2U*cGdIK>j)EZ~;dgqx+U+8eCFlak^Xd=d7^;Me}h(NI`T$LK5(< z?Ew{^X?OG~k|v7oO(WJpeUfPv=3omaaW+rJ;pcewC*$Q5>^ZNf25R`3 zy*e#(y-~(oorQ%-51VDbRxi=e*gE%qtCz^#>%G(=JmD8v6D>O`I}nFM${~sEp1ZvPCJ^dTC=?q+OVp?rERs##v+p@vN&-d0 zg5E7x(AX= z8vj}QMHv}JCY^97qVtuf4ykPO9%mY+mTsP`9!FhGd3`HeFH^oigXPnFZ4tO@LJ@+* zV9s7!yeGyX$zF`|>yRP3m%vv^i6f!-Kw$|4*y4R~u_l`H9i?TgB*=O20cAWI@JZ#{ z1N=aF|Ix_&$+^5eYH~6ZzB`KAgaN@tqt4m<4{bk2LTQ%$ojaQS+ng=W|4iHelL!7c z>BxNTQio>SaUu9MtP8IBK$OStY>-6kuQI|aTv8Ml1b0luU+#tRuNVp;NrrZDF{ zy5`T8FuF6>%0P*1g?r==A8Aq55AT!!8LrVF>W7H%>_%}icv-44uO zuBUJ9QCB5bP?(*TdMGmH&sn}dI;%svR6Ed^-~9=)W^STEy?^7D9cF(^@O!<5&g?ZU z=;=*0=BIRD*V%KeuSmO94gjzGgb&#dUge1?s4oS%FU_HH$crhI?j@x= z-ZFO6Z8SIS3&x2oKBSpKsbmLftu`gIT@@9!@8uogRpG%2=xs`;y9>ryGH;B}t^$ z-UBeE)dEvWR9r&1Hej8vDr($MXlj6rNl4v41i(Q?DA^kIV=}LSDf$hl1E)4%!(1{e z5@wqC!E<#y+Ko$@#;tdn(}><_Ejx<3C`4TiCi!oCY;eD|y{)Zs_G(jS>i67k3U>V3 zkuhakpK~qgveuRL@icV><9`bBgl%a4e>yu8a45SkfKQeRX(M~do_&k#WpC_dFD1*6 z7^AUguc)s?h!7!>Erdu>q--fmBqFN#9=jC`MQ>aN6@)T6u4 zIyY!M6(u{y89O4TE|?;GE0fCoA$!c-cm)|!O~#iY6!WIsvU?ozla0It!jLpcsF3g^ z_OM`{%YJqN`fkqE8mVZ0)s3x(&BnNu&wtPF-#1K`BFt~X7=lu}e>dhs$F6}Ms#@`y zp}OAa$gSfO!%m53KV&e5s9p*Iv6Pr@JyXJm?XLaa(o`w)}&} ztDh-mo6ck%7ZvI`S1v2;e(x1yvDp5eFWa$Ou_)}t?1EgA8)dgS7XPOk`7XAtwf`Ej zrmLAhBJaJ<0DF1kM=kapx~ccesmSJwCe>22TyCGx^O9bVSX0$Lc+AtS>l8#RO+^>XrB!SBA)>nm#-jRlq*g6YX<#qKmS=(^7zhK4?Pob0N+`d%}_^`y7XJFkIb>EC*N<@TC* zhV6enqW4rq5BZ~ts~r%xh*qU$H+-p*#maeKSd6KAMWv-)?)TBe-Gl^rn2n`*rXwYJ zsvmC{AD|yE!N!}_3z*4_EA5u(D zxxFN%S7XXmr#WKZd?h8m*k9k8>?j4l<+e7Lcn`5tYNxNEROext z_|4=OtgNiASsiDJB%3BbAR&RKsx;X{lS(-=aA8<6XLP4R*SkR@&iiT7dzjs#UNpPa zXsMLGI?v2}i$T}Me`{ie_ef=^Vw&IXEu{Y0`4!Hw9;0c{}Aj$fsqabMcXjow$Df zqhuq8_nr~W&4q6(RbQG7&lY}QD$*amk$>5+iiDz7DnA;Jq{&EY2leEmkl^0hdjCZ zxK_(f)HAoV{@&so@{p0*XEJfKd=nY3$2!7xh_@*@WXFDMf5(p5*K_dYM?Lqcopav1 z?iIEM_128$`z~;GaGJ}UYqlHA)|Ym*2{a<}j$8 zIJ-}-|2Vf#n*Vq?*03SW_m=Yi_=e5-qn}-wUm!0C{hCAH&>AjDHMF5AjO5&QO@rMv zi%O3SVk%>H97V_R_qC?oQZhZUK!0S>zXFpVABrvH{=TU@si5L+luhxJo63fJ2S!GF zEwq_F#f2ANFh3%hF1xXnlP{#)$1kj5KciT~oS{;wsT(JY|FiOhs~kZb`(t(;n-Y8^ z8mdIHO)2x%McaFg` z>K3OhSCw}yUJ;-C&d>dzpGIV4LFJh1|H$Odu=h_3I(vjzeP{D~NjuM0^w#yKk(R~4 zma~z{bDa^7e(03UNEw|ivR7(9OC}{7*uvJC^L+-Hb>wwBg#eW&cQ+NIbRN6G@By8< zhe61!ZJzUc0;?jb`f7U9HxG*^PLG&*os8F0T`;ZF@6J>nr!aWOA9#i~RovrQ*8*2= z|09}-qw?=cc#g0(&9`$(Ui{j3I&q9?+jm!UCrajfxxD>5lsNofUs8&+&3$7o{g2>9 zlk~mX&-!x&5?TeHCpT3zTKtHjs58E< zB$N^=n^QSskfa#@-bj*iwyrI#&2{4pc~z!^Tvw5{Xj5jacalJImqg$g4{bu;>>Zk~ zxsoR%H=mec*pvM9^CZIS-mszV6zy$ppICWSzm39uws+CK=3M{NoxJj+*1v6mGboFD%L38PnknJ58fnwPbq53e|e3rc3%6(lx!~IS>RsZP4_+M8%s9r_7Kkb zIq{{|*S~u4y7AP4*_R#X<`cS&I?7{Y+kP^PKd<^{M2P+ArRWK+#h;U8>NN}hMl2^g>_I0$! zQMbNVSQ;J8gKugPPx+EPG@9mOOX$sS&i2?9Q`c8tni7!kQycG{jhIXI-cw&wF;}S7 z^RuAr%k;jd96W7)JB6$5O7;o&Y?`*3&voGS?e7>$5c75w>A&ld%%67u>H+zRkED+_ zsEcfjAIi_)b0&XVpH%JX>tz!?bha<=&wtc7{y1IR@qU(NzsIJrk*JFI{$1SWT&~FO z_=0@3YYy!{IvZ32Yr0Z6w>|uP_M1prMR>=RV;xZu)2DUvj;ltRjUFkToy>~1ewE?D z_mk1**uaxH(r>km-1T2Z#he;R2YY-dc_q4P^E-5TS*wGpSl)bir0gdAZBp@v`Yxl} z%6b)-d;_jINX$11E%K!@CdqGIsM5*gj{8=@q;RK^U!`K~iG;UHY+*(T1BWMz&3EbA zlNA~o&lU_X=hsMQv3-_4%{1<$ZKY|a=zjWJ7UtuymF`r{}k=f2R}&a^R= zmJfCRA@8<};+6B-RqH%tL{)#utLOMww%OJ;9gYmG%qR>?y$JTWxzn#c zj{0Ea2XN;IWungRM_q4v7gDKiG}wN7>)A3Pcw=}J+Z7j9U&k1;kLkO>1yY|~es8)H zpC(u(BItUA89DRX4p!$V9X&EDQhT+#=JELsv#<-cY5%j%8);>fATCj%!t+saB6Uye1gpxZ{@-S~vn>aU_4#Xfz#+15(v zU4z;6*UgSpCD`5GdAs--28=XlVo|bghx3zP>WuWWwQribt}i!S{81yTvSNwxb}j5O4;{%+(q`e$(i7cc z&+99nVM4i4@7lTM?sLuIeP=(J>COw|My>RHq*NMP5eNfTLOYG{oFKPqr_sMN7nqez z4=DznxFcw~K3@tr`c#AW%4K%n8|PIH8IU#VJ=d~PlCiQOLk#HCmIXu!%&w#b;ooeBb2S@4w7`=+xba(witLHj%b#;z?PH z8pzMVJNAln)>I=i@&t#QqWD-xrWI_-DL7?J!@s3IWMUU-EdFuqLzFwM_D7pn79_@! z0#(xoD99q5rAd+sjwg}@8NNz7c0cakZO4AJie-j9liQm~fx!di*Uj@X$mk4O`LA$~ z3ot&+xJ;fVe3d5%y=zMscK2C720m=GPs`hG+9eX|evMMs!2c%6VX_~`11PdA8(!_Jy0wMxLxI+A zR#H!efQS9xIn2l`BtolQBaBRLWFU@{sp%>oRtTS#V731`9{xj~{aeOEH{|ysJJn%c zsTM=-8r}jO{ejm(Ib82l!{eX(8SErazIR^ceqRdbxx>42ugr3p_Rc$xj#j>PEVk57 zu-uu%Y0gp}WS7!;`rVZE1nD+5!ya3MIFkET$$Jxv6^tD(aF`Yi#<)~jPS_SKpajHP z_Pwx>qb#zZyCq54YH{VzNN*06zQQZPh=X^yqb!CKewHYwo>d{q-;!~4Chr>49*J59 z+bF+>Oj7$V2D03B4vZq<*kza9biP`pc$9)-zu&HL}`$QEv==_}!{{ z>w{x#;fGXIG~cUe`jAh@=yQ88ZIScOoMT0A*E<~^ipoMefAK2VP%za@zd7y8LB+kS zNq&pW%-IR=g9nc7cq6S8XqA2Q^r+oPpy&Xz$Tf`vo>^rW2HNf@fwC=IElPA1f+xyO zSa(=OFpl}Cgp0UuMY^(m$!!Rf^M5I%a`Doq>nTFkj7E>ItLN5!ITySm+UL1Iw*0^@ zv!7JBex;LqJo^Wj38DZifXh4h5Suq6Xnkdj4HNP=!f(W547kf_Wta}{!RYT&QJ>6Sad<7vOi^@iZN2C==n@voEbHe+y*=p@o%r|u0?#9= zLe4o+$csKoV@BL!Z2Qd()BD9VIhu=xJ#L0b3pQ|WS^Q?De=a~->0oyjjTHM9(%J!W zey5!ZMQH{%MYd*`Jkd&=%^3_Jv)K7=apCppfDIP3o9Evj@fdpk!Js=>gu41@iV;7i z)2utLp_ksrp!gpr#k8(3p;`X&qgR{^r#5Ulk!Uo-T=L8eZN@C<(5k&#T((Z%=EbP^ zr8-gP=W&Z412B4;8%Ssow7_m){RE*1KL6ffK!E@=t&ksWRRcvqq>h@fp#eF96frZq z^Uv=`)S`9O!6Yp`6#__I{e5{L>G$`w6?Kqms`>^(+G==3k$1Y7QiHj^K=9cP5mgBQ zzeQ;wl~r~0Rq=|!DF9l*($6-Cm>pna_ir(13pbP_e!XyC|0RVBB1P}NQo!{NLcgwe z5OT+0tessj9`IxfLu9AGmA!O_grJ3!9ezp))1@&bpassy@(>CcI9u=!JFKn2zZ547 zTF42DaYA8T>`=~lZ7*qEZd(gFXAC%yN)p0+@OMlPv;$t)Y8R0~U|k^h;;!6)^;K%f zS82BWaa#v088i?XdVk7TzVQREBx!x26J?)7h< z1j4<6@VyY>_qP9`>hfcPUG*@;S_-uC(gKm>pp!uR$H0y?#cE-!mR^m3A$te&{h6;T zkGv1^$Xa0A2hOp-I@`)!DxgkM1-;p2<#4iJ5g(65vMdKPXh1|!22GL|B0h>1pLnFB zldH?hih&pr`9)jyC%OT%Yyq8_48awf!3=e1M}U zCkz&xWJv7cC8?7#qJi9OU?4%r!;dlJlfC?IK5KQH|172su%82@NRK5T>$@LH+8 zqVU;wKm`e~w;b9^PjV8LzjB%ik>>~P=XZjmhnVOp_nPuiZZ7x(s@7*_iAEq1_wouG zL|PMmX&}-NYmN-&4e}3w+zIdzg~*-e!TXdt7?-6`qk^&mmr^hNNsQBI5r(V*40iDR z&=5?*i<|-v`==j2D-di5nhUf~vGNfW4m0S0XaDU^I*6fS_}66EVeotNSiyJd z4j}Lxcxb5AyYLEAb+!WKh@w_$=;!S*#q`RK&1B_|#fp$|SaP!0(-4r~uKJNA` zB?pX^{ZW*&tHa96H+T`z!=V&9K)e>PJrofqL>!@yam8A#yheo=5lmr5dK?6r0FX~a zAf{IVLwrJ7c)FmL&hm$anX_$)<^x(B1_1$zSr8|PQ9f;fg^%&Om|b=TU}6CV8k_^c zi;4uaQL}SE!E%ZEgPzt3U@rquC_)K`rHK+?nF`g^lPL(CP6qT4gLuRmj7kXTa1>>O z!h%A=&cXqfDo^JMmAU~)1*iiBO@TcL@IbIMI%C+9zY}N^47|bv(MVL02na?e(TeoI zas%lF|B)W8Oi((kXIHIcW-A9q(gsF?hCdoL!qUN8ua35`80w-KE?qza^nYqD;ll(O zhDWtv0anLX28aV}G}i=RoNWmV&g9*M@2~)y)Pv6fh`4M5;+A6H>QWR`D{gkbk9Wr# zp_r;3T-^gmZ^1_jLKD`;|L{vRNMQ;S7w2qy!W^JNfJ2lZxO^QVxPLcgLpJHa1g~}y zGzp&9TN8{W;G&m)qzbr{N(njzv;eEdD@+yb10WwwROuNhmsPT6FB2pt2ugbfIT z&?L*MkMCiZlCdmoPM8#kGHYuiIVv|XGb7znjsKE5S6sf6T~bl z0S{9CMYqKs%mf?;$sAfhoJoNJf#I2rMMH@?z*3Q*P49=OAyiC|UX?sDiK7fa|5tLg0aXhT|LJn&^d#x&xvA) z$oAUUDyR&)il6MCPQO@5Q1)_9f#>uK9P)cLwjdB$V2T6kbdF9K5ExEhojsT!POlus zN3h1A@eiY%<-WSUIfy`fjsG($ZXY2eP(@eU7;E8#8%@FL+jXbF`@En(M1t}enn~pO zHmp^Jg0zQw@Ku~;PZ04legnOh$HyT!YrtBOO^%x`mI5=8(DIpHfsnx8^PfxU1BPqq zk4=1X1TFsrm`{b~Kt(k|Al&uLa2W!ZYzz!Ryx0ilKgA)(S;KxGcvR7_0%bHK==nQAALx;6#RX*iFb}!!-e*5Hl45 zAp>a$r_h8+E_N=St0t}BT5*EGH3$h}dp{^ypymBnEOFq#n*|Po>bCJ8LP#(SvO+pKyI|ph7!pj!+JFI-K}>?K z$1#Ku0)e3))@8jt>}$9S=>}>rU;@WuLCaagD59`+_OV6Pi)aJjFhNiaK*!I;$wXKy zgAPRpFo%e%&tRmFe%15V??GEU1pEc1VYA`U)>GcP`}uNQ0j;A7=m+i2IeA2BzlH`& zEd*BeusW-=K-zyo5k8!YrxVH=f8o5YpNWW6bhfgy1Cs!*C{;(? zA|J7`R_y)vyzL-I$%4cVC5;vnet2AJm)sAcEslcw2a)0@KtS488Tfw|bS0=)PCO?} z`aS;&K@!0w8A_yH1qs9v)YZ^=>y34UaXPMOOB5D25Fvs%#b2>o60|cCP*p>d@8?#+ z2z@&+R7b7DO{W;244nn_R}?@&L&Jp*BB-S~!1Y*eBxR5IJZN~h4Qed7&SKUaikT{!+%XqbIcO*;HB8?g3G5CINDxRY~# z!Ns_Ov$xja?E1FN(%As-0`STZ{H2Az#lthWd600+PCyO;WOWERm4pP(h;KP&uhquY z955Cx>(Dzr@Oo4Xu8{*ebbeQG(_hlzshtVVxMl@lZva+>s4cl={a~cydXyIS7n!*Y zx)v1(VTT~>>g|8UhNrS+N*~u|(5nUi)2o}oUdJ_7n84T`zo&u9C|eX39$JBJ)MN*+ zb|A1eG?3~ruOF?2akO1W8|zq{XEO#t)Djew(2(+$_3z;DluoB+9IykKLkZ+wXxonA zSwHs(ZZrZ9oN3Y*QU|~dAmKw(Bvx?UU?QpFpi#)(r=UKY1!)qhWRf@x)=FviD@87O z6<)d4Gsn#x1e%mONEXnDSue4E@N!iEk1S}MsOt;V9Rze}s;HD%KUwA9Q~?j~pU2Yt z4OpB4;Gv2?mj7EkJaVUe#6l2IyccJ7NZevOw0`oxsRACoFvMB~r#CsELt7e)@?X;7 zft^i0=J*4(+W{DwD$c8}AN(s-z+;zui(tX+ZTpTJGD1x5dibx{@UUkodxiag${&Hs z(0Kh;WBu6Q@fsfd9pg2wS)enn_=U#nO6|Xc!{g4?o6v0oT--6N(2gabw|=g^l?B)_ z29I3XLgC;8JiHrZW+*x9$X}3`#yRlFCa4moIpFA%xI6`EU$J0|8PS?x1@bF=8({2F zj_|;4eXV*Dz|bxL4h^Ctrhfs(O(Lwv;;9alh3vrENU+ucO_BGHts74yMXsI|VT9ON z%wkOzktq>s4Vzd?P)NN2(+AM;ycZ#P%PG#t0&8dCNNlTHtAgY~M$jPJL9>7^avT5~ zy4GkG%a05}I1@3;sX2OfBxnH$&;p=K51D8J3 zM4M{EaJvgYlV;GUpwpv6;LdHl7F*H=Z2nwce*fe2K)h1}tFNYqPF2-A!-m0{(OZ3I zIFz&%oP7>ct#z*mGC+Dsm*<+KrAr_2nrQWXlF$d|Ifq}|>Rk|j+#!jVwE99ID9QUG zG19VS;F4C~C;^@8=L&^Kf?hX-SEbbvYY)U1I+1IF+>Gj0q3ST#3^(N<9Z-m!p}vigX4XwKq` zfk^?!!oyoKTYcC%bS2CC7JL?1Wctq$^mx@%r|fn8?*ELU-i7A$8>R4}c=uDS{U$J&XZZayT1K+gd%@(0rT2pMG|52~fIx(UUq-Nz LiQ_pa3=sbZ(6{)_ literal 0 HcmV?d00001 diff --git a/libs/runtime/server/woodstox-core-7.1.1.jar b/libs/runtime/server/woodstox-core-7.1.1.jar new file mode 100644 index 0000000000000000000000000000000000000000..92c1631c3b2ef8044b8302e2e80b5f83921a9a9f GIT binary patch literal 1612256 zcmbrkbC4&|mMvViZQHhO+rP5ir7o+h%eHOXwr$($GG5<#GZPar?@rA9zKqB}G9&js znd_Xh*Uq)Kk}N0~8W0o|6p(UGyAIHQInaQ>faJy1gz2RfBpBs|6{ID^Rn-{eCBDXi zfU0!tRB<_xzOJ#qf6)^1FdgukECequrV$6b<_clUB}^WQN^Fib$NzL9e+}{5*?M@T zJ9BlIRYcl4U)!?Ktk4h9MQNZ$pZ}C=Gm_?WhS+v$c>s*{_jV!pwkLr90o=PAU zOVW5xW3Zrq#ghfZjtv9)iKjECj;{mnt@=q(-WOlJejd9zhf5ZtwdK zvU5KY5fy~-w~NVa?-lq5E4ouR+)JIB6#{J}KZUN~nYX>ChSMEAeZ6gYhOIpJ%dx1* z=Ni9 z4BxhOM&WDwrZse5?u23d9Gk&pBo093r*o!>ocZnOV*|Q@gqJXr<3qX#O~p9~P>9H| z2>zf5?X!mI3!Ru!8)5ff)fJ|oX=;+00{6M{o~A(r?1h;&Y%N;ZBE*kA;>1=)g9^VH z)M@aA6HkJW2qm!#jpJ?ANGlizK!U1od>qn!*9+X;xiewM!gb>gl^d}{0gpk!&sKE| zWdvVC0+abn70~icRs}-hPHXr-l2~YfD>AX#kRWuVJ3>kgHCE>hCxeO@o1b&%E~slM zDo2ndXJU+EI*z$IAEa=nm5bgix~!5I)6K;qmpS!v_=5ZSs{vvG;$#{}%3y`#F1(b$ z@JRc-$@&h%(rC!`s3JFV++6*x3sA_^7)lAGDqMZX2)8`B8mLb!yNnt2jq~g%hyFYT z86oii*naTZ@}=Bxk0%$PatW; zk}D##DiI_Td^;963E;%XVkDw=g%`yEjN0jV4XvE>hK^<(|DsV3E3Qb;w7Q}%1WGCM z@9k_1t@H&X9eMyyKdvE?zv*^~ox}5`(Sa3pkH#{+HRb)GwoAixIdcjSbwzw?XaK#t zjNoZn!pfwvoZNj8dzABA+}%7|d5IwaBlfavIrP#MzN>5qS{v89a-`2ExB76e1^fhTh9!C=P4n1kIdVd$pcqr!tf)7{F4E#uyLv6wH z^(fD(W2Y}oVIy?0m?1q zO9$`*uj^wqHEmf}kz1L()Edy-q^|dzAn8q0RI~L5(8A4g@UQKS9|io!`rY1j3WY%pNwrfU9Lv z8@y(HCaQPrl4{>N6euFxWz{j4;qb(P%kmz(RU0Nu%+Fa%NjQ5qZPULkRmWQGAeFY! z{@7c;*Q(*MG(n@{q^}~T0RJEa@*eZCw6bR;oY|`AQ0#DjsN3}wB%!;0kdt_nPur$1 z-Kgpl)?rSh$;3Y$W4L?qCh3-YX~4&hT?hGNU)3J<8`WKZD8j7CtHS=%ZVHS>+2Q=_ zCpD(*rT4}~jc`4dQrb}19ryPNSPgt-S=D7dO)n-~2ZFjVsta&gzcD(z?jB77@R?a- zs*Iz8H~t*AF^`kLP4o*b)ChN7z@M~ynSJ0ga!Mul%Hj>{zKO6AlH~I77VA=Qpj576IqGsT5i zNDRy|(4=k-4kYz;m|+;xzDKAsQ*dxXd=^2MyE_E!LiZN5>>6>flXH?WLVdW~W{W!T zKO*3;JU`+g89y72x+c(O32O)v$ndxc_j`RVvU*Vv6h<6k6d@^tTDGP&pGkgWzJ!*?9q*?H{?$WZZ8$6ey@_&dM|}`X zh;J_c_?d<^}UoBxxKLH|Ao3H1-Q2Kjf&{^y2B|J6`VT2x#?Ra`!% z&c0s=F7){)OawGpx*Gmkc{p(JX)FVN7B6KTlzZG2>G{U<{CxOQ&*$ft0EEV^)mz|V zAM&TTYOu+JZ>V%UniZtJ0jTz(I5p|tli;O^jH>f-9)@h^F0`(Jzg5BKyY4$fx((ikHDAIEU~`+1Je4vuEdu2yC)vW(-5 z^tW<#^3yX*va)mx()8t{Q**R4Gm6vP=nbTngfvT_W-<^I3VC{8eooRf+$&@GNn z*3vJq&#|3>|7{V6eQ&u4|9u^azvn++#JvAMUij}!4Do)tY;e>Ij`)F>U+7&elF)Pi zM%7iGNr_Q#c8bUBSjq5w7!H+^5)nb>18OYXe)RL}01^}mPqZ|gH!oI&)uO|Q_%v{Q zT(Cxt)1^SiynER0F&vG zp?k6v3F3YT&U_^l)O(5PBo#9uQq&B`oSitD*CoJh-J6^1{azXBkkx9<^&y~@Kk)CP z8B$Eb_ND|Whgaw2B(*~_&-HsheLH;{)h(;#+$OzsXhb58__9*u=b)1CHJc11SF6|B zAiQ;<5Kr%f9tqI$P%URma2$@yK|C>1vlb`{2qn%_+abYzopwY>yYu-tJR9w)y1YEm zy=l6+qz{2g!l=N3W&q}v5=4r(n^#hD+=uTJ&Vt%Kz~ljy#!{T;io{Y$iqQ&7WmtV# z350uCm=2Z$kEiqq00-I&S7JG7@Dv0%(;R}_Wcp(vA=UU(latN4ltUYmA?pHxqO~o$ zia+fb_?{ywL?a?RGt7Lmld&O84aR2rc^9xGx9J{>ZPrWm8k8G(GAG9LVo44&G->7U zvU1;ho=&EV>MLi(%i=&wo5*h^;9wzX5=5~BeO7f6v{uGBSln-Yu0Kr+N$f)nCJ%pb z>JStZ?l<+pf2B8#3U6UUtEqNJ)2q9?sSK7?#9Q5gV2>A(lfPcfbgQh} z4{QTt{g%9~a{nkfe}nlVFrc(cjqTBvgymt>!ttvDmMw|3IAeLyoaRx_xe<;eiHy}w zYVjRW(}(~|ndm*(Tudin5DF1ddQwZOk;pbljBl4mCm~kebFwqA?)C;RQZkhVEOKEe zSem4m8|Q}mf$Xssq%5*A)E6#D^zEkz+mG52ghi<;LFKi`D@`SbS} zpM~%Ajxb`DS(55EK2?DeU8AzHc&}JIc0^k6&K+EI5ji;_gWs`f9~*pGaki|2Z$|>x zqYT>tV~1APNJ2*FQKkpZOERbIs=Eg-4c9wY!x-Pg}uubJ4#rz62pRu*Y?Pmp<# zTOlhPaZ>=WCm(t!otQS1=*v*ULpHNMLx&KNb;Hlsvfd-Ec)MS_*4mXa(u}``uh~zM zalwu^#lQ};LU_p1QYb|aWtZYL8aX1gGyO?+HvFEChbo>^YTo?&7ijfW4Q=#V=i@;$ zVyEKCK_WwV)#7h7PZ@nNC=s;#_mTEl47l01S8W)CmHOfW*`V4e-cNCa<&1~ed(0pQ z^)H|zB7R(<7!2Y#>LGsaWfqsyFODX20YXG-HcOx#U_4;TAxA!8Y2F74`Wi$7?H>|9 z;wQ=AtG)#8Lrn?EtC(bCx(+~CQLtl%}>rIPsEUrhGRpb8MU}yytux#uy^u zPABN%+|8z@ln)Yz7L2Sd5%w(^>d&ik0k68X>Vj*?m;E75cVl`$xvVxt7>i(=$J-Yn zLd~?0Q||6F2>OnK9*j)u&(DYFLw&LMrezJ-OAES|oW&ssYJ>dFx|`CY_COK$ilr0t zp64awA0ufGw_xmBKmXD11&NNw?^x7j`^v0*Hn^+APSof|!|sczMA9J+Hw~?A!MX0T zs~psK5KBG?+bh#1u~8E%xLcz4Lx6O;e8ry@V?wmvRIu0hphsnhE`W*Wq%SiV?f0~qBVGMH^#W_KC6Mn4+*t7*tY!5;zv+ z^w~E0*DpZ@ygwZ#CV0P6=#_zQJu_LML^(dP2Gry+A<(cjM|6sXr0*JrbjsTA#$4&p z?hv1zxC_;&dOX7&7Al|u@xe6{WT5J2hl9A{VHc6^L0%a9Vi%<=>^r$N0e;;!6>*!U zer<(OpXMPwAz&`9wX>E^=))0KnQ2sJ`O?+GNDo{yrdg?cI??_`%)=-q0!U(!EOQGV zntG$sZJ?Oru@3QY&~aK;leoKr)Ys_!+ExZjZTgArUgb0s5JXxx zlF^LA0HbpWd%K7zy+13A>7mYggQL*(J(&5t*gPIjZubMC5MtgP7Fy%6I)6Ee6dC2D zJg|phpI)F0PMVj!KuW;AK#nwS1*;=P#S!Jp;2TT9f7@riOz6rW>=mTkjr^o0j!fkI zMRCb8CzGbz1KdfY-z$;(&}w5&NnsP|&w7Y8m8Tej1?g=M7n@EEwJZW4$?Gl5Zr(hK zlXbETA{)clPmU`?gO#)IBpo#0zk-?R(Jm!D&?YkGY8wtb`JDPex%a|&Xv_-E42_5( z91a((*hdG5wUr@_HG%Ba84bBHw`1BF8kd8FNC#0EF}ka}Vqjyf%othkTkgP4+V4dD z%8>k~T!Nz&;eB|6X;c-omVe+RFKMsU4r_Nj?Eat%hWvwC6(3cB1vFBws<&b=BA zUJTW$9X3wE0jnG+A>T(H9mK$7i}kc;x@yg4@&n8l6e98)hm$R`P^aL5g`69A1ba%F zXwpQU*b(=PkL^gYtRk!F;|WQh0^#ZASd;@#K+re3>ul4Vw~bW~I?M&ROedkQ_M3P% z$?_;fiVI_?x2B^Ab$%91C7s+T8U*jc1Yg0bU5WN7i0UK7ePkfv ztK;Axq3ca~FB`2{;nfu$7(#*!%cYapMXBBzbijK2*6KU3T3MAKWe(%F7@r9W>E~<< z!4q75Di@-5B9c?V{NkcSz}E2S!o*@jP}=V`8g(Bd(B@QLt9TPvh;38{$4ztBRhfp> zWA5b!E>LwTsEA_kWSMoUiE!yvAe)Z0yEpXwzWgJgKS>bRm?eZ%i8N`!?Bj8Uy|%VC zbAE}&3mP}y+5km?Ak#}YApBXIP)0A zvC~H%)ROz&8=wn8+<1DHO^jNqbQ^Q@G{nA|cAwlR#=~3CJb1^)Vk_bU!G0i2|FDG2 zp`j%dc$}exF=d~9*7U`FDxqVld*p#))oRLxAXiW@A)vpmstoM1?Q-F2a8eo8p zI4g!awvoxT$*FI?N)-3jCHGRbzOpH?XW3Y*!8&C?iFVjC#bFcsg;O^s3Y zkOBf{Lt-YXRqt1l8}O1p%w{Tg9j*`#Nr%G5RuqfHr;QhhuY0aJ^y4J)4dcLy9Rk=p`zRfoWq!Auj%X)Zb_?Gfk&%Q9?Bj@3aVh;chvUB0=oHN!^s zB9r*%(n~^D;8#TE>7UV>fJW;n4(-!Y?hf@4DAd=awfV%Wi8KsGGIT0!dp+ngEwW`Q zh2}WuxF#W>%NO>{z`*ssKdB`=GrpB<*LL!emjenCBxDO%U6!puK{yns^~r}EmTgy$ z_Mz$1{t zSlcdTCP$@Sg*AsjntQFV#}J*(Rk^X{*b7QT`)zcgF?FQY4cTa79fJ;d_c{c=WMyto zlYknlyd`|uaP%d9l}ep8XvU$sW+26s%wYp}&1XvJ;%$Cw8035%ttEVus&E&$^6Y`j!k)lBklAL-IHPSf>niaqh*tSY!22g*ciw4;|Dmo}EZB_< zHg5rYPd7$0Y%!X^!iZMm zj18DQxK&e9+l1o;R{)C%5qS!fxrx8L+6Bx99?WP?(`>A1=tcge{@oI5_BiUS_O{>f z!UOyG0_7pcLoN)yx?y+MCJS-aAcc4&$F+IpH)nzbM^E3G0Obm+r(HKs$H?8ffBg$5 zg=cNU5+(8D3|(g~3(@K;7Y}x3tnVFus5Ckg{tNI9sBk}l3j0iU_DVt)jss^&##QdX z!Z3N(i>F;dI}R=`)niNC>2$N%-7&j>@6|Fvt~my4%%YYpK_^#RijS;K1;=q+qt5}M zvYlZcoi>_hcFWWSmuce8ikYESGx>b7A;Ix4t^FqkRu};@P)+h_g1Z(%1Vcnj!&5a{ zhU2Ya^Q7R_^HEO0CGe=%MCvWqa(e5I(d4ec-f)Mgxlzjp$Bka-F#+WH)Tjwo+}ccm zo2&06hWLih@yiE0^sb=KO8lplG=ZN2y)9Ib?>p)czszrUbKNN-=C{rsI?LTHpN;9+ zYEQJ*+Pu{-L4Wdr>uq@K?Sx>H_K;>sc9X)`{b?+xS%#%;LXjz2Kj2LMnZ7aPR!r5S z?NI>+f3s123F@Z=lNP!e##o5%VE9!)m4Zx{;&~{udc%Er;pv_I;d;{tY8>Gs%;d z;dUIUX0-AXRnD^YX6qeb#>(whjZ~9YM7x+f)Z31E$yCY?VYN}-80iB|?EI$!3pIwVFmomyf zjs-+dDB3f-zGd0^21XG2Mt&Fzvv!lmh}L!D%D7Lp*ts^htXIWe`*Jqa?S)?Q?sr=V z3=W~jJbw}XLu~s6$duGU1_ELe`=2Bnl>aK>xR^P+S(%u*{7b48*k2ES1-5_5<{u*I zKWt1~P5vc2`2S+(?&A8dNqB#;_|HNA%^2Wl^)HS7R|)>_4n!U7>>TVx9qi4mEEr5| z0WL04n!1{}E9hU*WU)w~5C9Wi|F}DFq-N91Lg`)#2so{%RxIG|L1_FzqTyuo#5pJ_ z9nO?t>4k`ep9iUf@?LrJmKVCcv<4McIh`8cB0F!fezO8U*tbqB+2DvStI4M(vm0i% zch=rF-ZNj{{RF>Z{V8wL2pL+tZl$P%sYRE>Jr$x0P3f_*v)fC_;#jQ@;rPXxnt3I$eyQ=iPfA(-{u#+5;wK^;1 zp_&4+nS3OFgo{CD$}JxQ)1`qX2MF|$edhHdF-kj!WCixZm5MC`%6%2qLw>NdchIEV zg$zgbgdZpuAJAf#K`+)7`Lu4rDjH4?4dRJ=T@BuVM~=vtJa`f zcd!b|ym#$hp8hCoR-O~8%R#X%4TqhN$L~FC0(H>@RpB8f*8)8;YxsYCn3XICnwz%&jZ3!Iz=jpS_O7;1(c`JS=VGs~cvph*Q%C>}i;{ms?Po z&1IcHNC7=FE&-eLv}mc|pgd*z$+7NO1?3lyMG|aYTjXewJ$%_?E5S6_*Lzb#zh@6y zxz?B%*XJjvKPWmndh*sRNsxKhtDB|K{Ed^akEi)aY)yj%?GN+EVr{(h<;8GE z^Qz&@6pBS?1nT_6B^0KjNA-W^O{U8i1#t-hsc0pKbZ44MQxpuy);3>#l9#X;q-E^R zAaK9cI@Hb?*{z#vYqa^r_w+3oayEsSQ8()EBUyGg)nA#3tkHFSS);3&y?tV62jgP# zWD6@BQUt3{B7^5^?u*oTHSvyF`GwCN8JN6L%}Pf)UXb~}Q&l0m$i4@Op8=S@;W=yf zGtyrnqF>}=H{6FdWIZ>rH3^-kv4TWt%{=jfX!r0QFKZFmppR;ShI6BmWL@GW4DB}v zRe>Sv1i5@lZiq*+x6NDPe=JJ7ht?uv&U9oKgsL`!WE(T#%I{FPnQv{FDI#|{U+9Ul zeI*s)WFI>bt81jzj>P?aja*;DS;Y9lh?vp&ZwTFg>WY`TIM(o z5J}LB3h$u7=g1v@?!6&qc~)5Ns;X(P8Z_>!)7H}G>lw8p)L1|hJlDe)skFArFl`sL z8vXz)TXxg6X*-&h*{gQW*>$oU0H0VP30W6?=Gd#K*yDL#cC-Yqn&`LD6#d&fbM(=> zcLZPO5d&vPigcrzi%G3Zh;$`TsJ@+B=}jgSa?fC^WQRfZ)fg#=a;Sobr0i59PA;T; zciT`C;u=ZT-Ms6A$L&riIa9U&yElQ>BfOU%{j_ibCb}m79ky>MX2`28f?QHBkRv!3 zJP*gOp4(|?Uu+>clWI-u7e5$At9Dnmy?K@nrvLlD_AEqD*hAR6CIket}2Zl1qbrBlPZd=1Z zM<;DP`;WVMkhkrnHAwOYHf(<)HoswyURp>AJ1)I1>+hALVaA8)X$gI^5#Mt8wq$W( zznAMix@8);v!0jzXv}YrBZ4jU*z=kPo*hGV(k<4MOFQxJ<$ZZw3IaT5M`iGT)U80& zuT)2f#Ox||iroJY2Cv;x)O@RK==HWjA3ADR3=V-sV0u6Gi~Xv4yvhA`86-BAv;=3= z6J4_#m8I%}59vwWdfA_E$9&FPLr=*Qsn88T9!00I|BCptB!sp-Lo++sOgvaVH)f4w z!g~v{aaKAw@s!UPQFP3^s37&O&rmiZ%jalNHnWMrwrA5#JP*m|M_A{gu3n+l8U#!t zyjy=lV4&aUKJB=7h4SlGp-l9pdxbdh6|Wx=7Q%jw+%@s1B&B{wX;^lV|I@D1y0oGZ z&?lGp`wkEUb1;`rul(#MpM>Qxe&1Ec_rFzPg~fK4GXG{^wto|%e_q@BM=|n0Qndff zmc;EGT|LEZ&FswVU8Ml_rnY9zWKynnw*Qa&|2G#ZQoT?>6-N6iroVjZuX4s@gffm8 zr`c};?^DTDk`a-H{~}(vQo?wizqCj90V3>$yaj%Y$%R%%A?*Fdl1)!mSx7-P8IyLC z`8v(bx|8|(d2+%Cq^bo^>Yp2|1V?XaCRLG~S6W@(`D2qmWQC2~W^vP9TOX_6HKkR1 zE`-1R5XTEuP;_-HEqX#;ooVurF`kxO*!*<;$e~rmon3#eHiQa>GZHEv#hAG zc(zSjJ-oUqO+9pbQjfVKi59IP#MquxbKJhFYQ|#4iqtQi-UOT7-esj;6E zVY_*E@?Byqu^t1dxNvr%M6f;Ym9%s^BV=eTG(dczkGMCff#W;7JrR+bL|Zr2zZbDqV#^r zMpS&eO+*yD-=h@xxWu|yZ~~2joyrY5=59=24}%+Kijg)Q>+v_E%MT_`j0=)p{#m&T zdjArp?kxhGQzwBebougzb~Z-EnI9vLmq)W5MnGKa8TQCo`^l7M$ZK#t_|BA1)IFQf%V;%~8(2_3Z<7b2XIH;OeYy$5l&C%fD-MJPo1$l3OhZ+;=wq;w zH->#H&35OClY>x_?JCh~!&yX~%##3PF^R`2bJIUse9}7AZ`QO-O6mJYV=qPn_Py|6 zL(l0(rq!;Zql<7F-E`s1o>A<(CStcEqQ#w2$_DqiE+byToGp<1>WuxoHgNS&t+)O;q4W_`Xzb@+Ty#~A2^K%4TVIVPgV$Wn0mL*IXk)lRM^POyJh z9@^i(?0+7sY5tch@8ADVl{)^m86jmJ{pbWC13v_%%H6{$7y1>3N38nS4nge!}CXJ0;Yl znL)|TgbTeC$&2?-S)sBUt>7~6a`bI!q;&K*cyP+xJ0Y{Hm1#=@Nz#&sxMk=V@zMtl zHU-~_Elb-u)D@=Kwxst3aX31d@N1ZNgDdX4uD*4Su_v!s%V zt<#(axKPkBbfj&eN{ztQe4uV~$#vb%pUa(%MsB~uX3k-M|9-hPS8ayJv}SRc?!NKd zt~ueqdA+*H@dK`nERTkjBAZJPVPs$_d>#y7vfW#Zipt`*q6v+tNH!_kfcvfI+kuGl z7C)# zYE^%@BZiPcV22LK(XUWBY&xXX=h3aq#hQhCiY~S(KH#{Gs@@G zcpze-&k4-2rqritYG`8e(eF2;BUvK5yd7Jt*4WR^u!KbhD&RDEkrCbL$=i02iX*|N zr&>TRkI?E{MZCi$M0wal*B*@B%JMD2@oNsE$UI;)?uxgq4+vT8}& zT=FSm1^Ab45eCH8n$7fAJI}O=bt4`Y9qA>(ZLLzxQpa+RG+PMpHB}9LW54geMHqOalNlsDln(*}9mEf7>$n1b8Rp_Z(O12=DOMsBe1D%ctYN z6QrRw{<8) zendd$Zfgi`ZR)*rs%=-=GuN^V2+hHdNZG-5NEZ~gASdxI(Hrl_ER34h*@>15A_riI zB8e)-;q*F|8FSwYyZA|Z=^Bqv$QSRY_itllqmRbbQ&MGQE*J4+?4X}NeWx112!G&9 zDGt@51yy^$yp}vRsxL%u({`P6@T(?Q0bvA#Ch{l^hn;n zGq3d??JgDG5WFq8$WppXu~=F(J}VFg@k8giTXkX4lqeOlFG1`YSZ@D%rxG95>_>He zC5;!Hoi=Xf))DN*c_k&oEy#6+z4dv*h08SB1su;ahx$$xzar1CJ!(oa)r-D7F*{RY zd3r=@vY03`XZwV%SWd{z-lI8GL58yC=~H~;7lYJ+=0x{dtlx4tUPBG6Mc#42@Df@c zghntA9I=Xyvm${kD85x50kqyKp8d#IKRE*AQRW*c`tq9n`d9K0bD=IHnJ ziBz;)k*-j-&p3UD{D;g+xVgRs`!_lR{`QLg^9arJzYI7kW{$Q1lm8ZSl;vdygphnT zD59#=FPRQ!gu=!cVkd2RH^eZ?_#sE zp3S#Ar#k&QyMapqUH)+O2$dwZhgdS4oikhh7tueL+v7+8qxe)+@uH!ZZbfM$Q1=Kh z;*t5IN~nMp^xuv*`-j^{{6}x?GoVXP)t;{XKX_y3G(?|37!t3&f!T_9drdXZ2NPMC zX8O1WjtRlAEA49L3wJ~8#+Z~fb+WhJbXnRDtNdfjyr?{8593%~F)hhgXv|luzDFJe zxY5YyM7C0t@2dt{?`R3`1Vr~v4Mq*}Meup4SmjE3R70x$I7~~=Njjr~`80-?KW@%= zizD(*ZRklEcb(|QJkCleZD(0njIau7Off`g+1sLiqX9=#&nVHU8TOVRS#ZTzO_60C zjLv%^z``Fo1yGM4LoB5Z!^Li!ODAnhO!7HNxWurinrY_j^1&TBgMn)9m|o^Z%Co=@ zGR|-1w~Bo@ueSv*xxy8cL;~Pn75_2gA95#G;eY8R{Vy;7^BJf9-_7`cP_nGT027iA zs))P{HMzbckXA2*Y$<10>1eqMcYssX{`hK~iO9@wAgCkNAR4jScyWU#>x{310AY^9 z4G;wutZ6VTes+<9PIt2vy}F6n74OkyzL(0K!D|SsG7)8@M!D)dbx&f$NYdPIrSn~0 z)P>~0Si_|i^gO?o{vLvU*+p~fEaJ@X8}9~XWQe9`3Jry( zDnJJ@pnhaE#btr3sLJpQsdJEl+)<)+Ys9v^a-$jNi`)yWADBbfyGr!26+`bRQgU?m zgl~WuB9h#Kaxy2sH>^(V4*VYgj#uy!o&SX=<$vVp|EJonVg@iZbN;Vtdyx;MH>%{* zZHBfL`9=i&29~WH^VX<;0FX4)lsE)xixvlaA9AxT?P_wIsg4)%pLvEPGO|J%{@_6l zXzD|$nv`vZwns0k6oc384gD&O3+Cf5!k)|NPEWh>3{D4g$>{~Zt#2ft$wXf#APc5; z=2e4LEGxQAq-a|@TU&c-x|`F>@I)})bWnOTyYA##P+K?&ve;K1(2yoy!vw*?Ir1Pl z1V}D)sX$X?C+XTQ{?$BW*4PsW9+0?KxZy+1%aq4jY1srJ5b*%v*m0tcuKAWaDimn& zWmoZ!JsiK$g=2?jcQLG5XXs2Iv8-w#2;~w=rJtY~p9olyLnANC?=TzQ_>1#lJwt@? z3Y#qsgiZ+RL>XMakSwHaa;vBhZ^CSd;{h;-D8D159`9BBEDD!^NwErt%{0MybuP&~ zau~cDK}?KnNi3vmWvf0=NU&;p!APW*8s9~_hrN42T-C;e$m{4UbAYV+&K4vJB0RwnUngO2vCOp+MVGIM2)@tl|MkRuU zcVD&iWN)pS->&+jPr+%m){2Zn*V$u1;wGWdEvrxHn*UMk`njSbUAvO ziNn=cYv=dw4W=zu|1gG=Zj}Kq&rKJW=xABk!Mbfq)6HlrC$Yy_vWdRqlu!$hq*8)4 zfCyTbt^H~98I^&vQOe-?y9)^l1H+x2^Bo>0sm&muXt7cF>S&Lgm4<)2njO%?Q#^sL z1x$<0wb7Naz5=#U3sHbV?j{am7lKni-BK)nF-VHeCBq87@JJ~Z1R`l8fgx!GS<%W4 z!)DF(BeKye-v?#7Mu>HfWt|oj-?YWR4|c69+FqRqXe72C`&2RX zM`1o}72q3`s4sDeG`Hh#k8+_{IP$Ujfly$ zD}uAtGqTy37T5edFLy9aZb8LDB( zWj_OF`+Ah1A!7s@%k`!Jjn&1~b${9vYe2aNI}t#(mD?NTh{{m{EYIMyY@%qE#}x;? z9m&eE&1I{_vI*0|z3T>k?ayoCRz)HkXlFNy2IXc{!u@%b6(?^kSvV5OOR-;z7S@jd zeqGG5(cikfhM`8t{rm0FfMwPm;_2hQURw5dwPt|6BO&xooq$L+&T4vuv zB!JS&d4s2R6ago4dA^VfMMh+TJ( z()2)317XHkCfqto7?TJK6WkvgHZYwC4n{+>CCpr6MxKzS5sN#POAf49-91Yo%d_ri z9x2JS#QjNgvSc^Zw*qlw4B2K);t^qkz=S#nZN*Zm04x163x4h`py^`-zfoX9)>Hzx zCNz$HoVD`{7?TihTnn`7=O*xUZ&SO$hDHC*sH!hFLhO$c7;gzx3n+Q~nc?YXA(LJ- z8k8|i7;orr;h?^vQNFg>4-Ew!88k!MTX^pYq7v%Ut8+5QrW&@oZM=zd?P?dNq^C2B>d4 zK>T`hED_>z%}JM=L}EE()xGaPFS?1`1VgS(}3X$dG8Rr~7j3b~D3Tgqt z(ksk=@B@C3SA7jP(d;;eL=o9qtJad8+C2Qi{X|1YvQF&3ca2*w*AO|7No9t?l})|G zg23Iuu+?4;XOOakLypp11tS@^gjo*$0QgyU<@5uy7>b>x$()%V`kotv6f(KVz>(JHGDPlPJni)n2kc%fEIabh%d{0ESI$n9Ccxz_{p zqX+3irYNHOM&q!^0ceU~zo;&iRFam^DoGQFZ3?CtU`$3TWDr$X^}4dv`;>SUrl-Eb zS;WLwy+i1YV3|P*)S;N|$kRQ3%*&Hhq-fRk%V<&8+hAbFu#Frl;!rJ<;hVwe4l>!??%`>|IiRSN4zAsLK#gVp2} z>G6%MYbEr5h!O9NstC4FRVF3#u7m<<%$XiYUt%>c_pPHXPxGL-2W$gSiYi?in zib2LpbNYqsUedpeT+vlo+J8Z8_P4?(rHw(2s&MxQX2VDcs^p#`#Ev3dF9EJXkfQwn z&5du)3?-|Z<0S>0q>76c$}hiPfy6sqTEVtIGrv}K&1(H6HD6=%_%ym@r!~1%QF9gh zQV!MKc3@esrQ3}3x&hq{VaX|) z27VaqNM6jPqTimied_QB{v`t35%|(b-a~m1)(#EVn!eUbu~2HWl!6=QwYXy?s63lr z)+NE?6b+W4UpxA;iCQJ0X1grl8F|XGY30mTlpp6d7}qE3iy|K}#a(HREq}YJ7BUi9 z!Le{n zy*Z0=+z|aKr?tQO}^z@?o z5b)ll^k<IUH;^5)U)uug!#H>ucOF*6rg2~NEYz_qQ7`J{rF^@ zv38vpq4CBebTE#gpZ%=AxM&y_P~Lm>vdwO7b#Cd0g*vc?(ZL)!c|{9RJPP4D{raIV zz_W)2VMUAY%>&WqQ;F8m9YN6rC{>8Q^DK^@dN@1n{P=B(-!RH!u6rp{d)AUZK}_Ym zU)U+dgxEo0Kd2x8X@OAfuWCZOtM&st6K8p!;>XG1p^MWo(G6ZEG$6iiI0y5xw}jgv zKVfFX!)f1i956_yI5{94_-fp!Sb4{mt?+rG?161q2rnn{!NmLhjU-@Mpk94T-d>ew z*vrIv`G?aj1;i##txq9?{Y| zv7*GsyR1KDZrMi5!>@wYFz+@=EEyZ4y81&Zgi!qD((${3)<}KKkjBUrDqZo|Aj3InWjg5ujOu|PCj52GEAPQqNgk;!1|I8j33hg*Wke*UsDzvTKWak8kA`y)jrNp1 zIen(UY0b})!o$~w@4M)3_mGbIsE(&wVsyy|K$Lz`dRwdU!b@8PewMOC(6}cc3eg$) z03Rr-aJxbWP=zllo(O@LSOQP3*8^i$TMfZ6qe_nmtLqnRg)g>iSTI^AB7)ysuMPW4 zJV+bYzd)oO`GVT2;-pS8`$ftzo108%kcwYsvsQ(MBLS2>(brTHTeOhm^6zmUK3RqGejCwjodOHO5P9I2OzLM4grox5j2Bg z4FTm8n&A|e4ctUzS{r^BtgJz4sAyVh=al{1+SqwZhwAP>I zQLp za+%)>)(S9B+3O~7MzrD&e!46?f|x^G(X(f%gCiBIST%eEh`GXkEN4nM%pKo%#ITS& z91|qm&n+!0FyrXUDXD5?u+Et(Ij|#oQ)`=kDQ6%r#)ptHcUm~2qm-j2MTfZ?T^l;c zojgoJg)K$xO;AN(xZ{qWQB%F5Tg1nA`X?i@vKcd!TqD%Ay=|$EbeB%@!(+bl*&u$n zAjqEGwXbeUJH?PWrMC<#<$GXQ3)?Ytig)v{c~0Vo*9k?3ERuaALYNq#tk^4EVfoTk zxT?BWMxi2!j&SFMnizT}n7X`jG_b!CAiVxt!D~pZ@O%RV_#^tNsJ-F%ig!7M0Tfhd z9)rQZp9eRKTjpLT&GE70#KjV$L5+<}nm=2%$YFEz*HM>HM%`)^I^F-=JEO=qvS$cM zaMIfF5K8n%&p*#4d0O$Q9E=?#vpW03YSi~-Hj=k-C+ZbtIrpR-j(BQ#zU6XGD|;b- z833u#=+lo<9B9|~43N^hlP~C#$zea(1ZoGr?d zLY|N2Y0XUQu9pYbM2*#i(VQMJ!lFRUB!jICs8~4rDc6} zc_AjG*|HYwD0Pa6>x^zEFRW7zK4X3cG0EXC!qZm#?5HZ1+Nl&LU&Q$jy_;tOh7ncI za$od<^<%By&H6aB7lQvAvw< zbTNc;vsYM0T&Wo1J7{_vEU;G^_Vf%a{BDj^!NnLU!xTo1C7Ckwu8T~v&X8=1L=xAx zRJBzo&a=D=M!ixAX)3eOtJ!jpWz{<-*+>G8h^2(M8&S*L{b&}`l*2q?e$CdNAJTHh z=s=n^-(rbBfMS74vNHVipOw*!SO~d-stLyr*;rp1q8_SwQnkwM&-YJ{_5F5GXwmx= z!<);PG;sEp9t!${usf|R6p2OsBy>E0sFFJhA0KHCHOL?pTSHJUmQS% zXZ0Wx0>s(rAswLx7EKnRrrZ3@8$#6(l*k-y^&e3KWKcvInvJ#=Q@o0jwZF8ZR^ZR! zcUHl5ap82(2Yoy5*Zzt1d=S3ltPEX`qB3o5wcwkXT!|l<3~8<*$4;N4B=HTRs1rh_ zuy6_!ap7-8V$ck!i}P@=Q>?%+M_ixeXq+MuAT?1G8Yv!b?|}mz_`^*7CXLLEpezRUe~D~F*Ic1wrJj=q6M^Fr=tmbsw`GRxQvMBy9!P8e~6hvtRV?)+pyb&UdWQEZs{e1bA$ z?BM#V$T<9N{(UuVzcpDa{vIM4o^b1eq1?H&-H*N6AwH7iSLd|j1&^Q=^8N>wB#Hgo#6kd zEWmhhNzmt1mMlEprEz(oW>ywMS3EY($>A+EDhK=fkQEn4>ertOCZ zQ=Kwl_z3pUP~V3bP6xmHGD>q%&gsq8JpTDCNM8!T+%Yq_ChH>`%nS$0q|jVbH`abp@5fJu!zM0~r&z zqGLy2DDTYRtPsqAFR0Sb5(pe;-{;DV@VM$`1rza&s+ zA4xm#!kgdZoF@2j?f+x>#0H1*RM|@p0j*BYO5aS&pYGkXmYOI-2eM$5Ew#5ggz^H1 zBTNU*an)IV&?aceid?z=EjRiy7;wRChfaX8EDuw;rqUQEVL(-4Xt-Scf(5v@%F-T z%2Ig{x1K7YRk+X;h;Rx&$;j$TrirWOXtu`_x45}xj?KpEige#yy zOO!>Pg(Q0l&Ltoir0PJF{Ejar`fUfAFkk@;^>YMoUIhLN>>aEPQ5{-ho^-w_UEw#3 zYK)I_N)v7&U~-sgS?V;}w;kiDKV)EwTiLTPTejHa4t(@*VNo@1T6$2YxS2|#y_3*C zo{GWRlOG)ExBvZj@U%vic0sh!XfgkXjPnuk+zoH~MZm5lfUn~Ac5fl5o|@dq)REn) zcrnma8px^1R7CDH0Fy{3AXJh_lcZR$EIFn~Nh(#8NRy~oFE2Uf@Lv!A88MsVX~(1@ z2%SshVeuUdv>V66Ju1S>U@^qZWaES;mm4xZ`zCSex5R+Xor^Ad=aAZ)(yQ#lF?kGN z$War-t_h&hMUZkws5}-EV6F*9yb6BoM3miqwByo){d;R-N2!OXb`P*4(F=EJgS|Qy z>koXVXqT}N6#t*$)At|lo7W;8JxjLy@h?laFO?>72QM8)>=K@$7DHgUQ zyEyxq2i%f4%B=M^+{C`BIM}ZnC7Gn=bJ$cTv_Tn7BU#de4Om1o^b0ytT@{(}H8RSw zbo3@kmt9H`<&09IS?vs!7A*_M?ozgg4a_X}bjBY~1g(?f-gWxlus%|YkXmGVz1w0v z1N}CLcDp4(JHodNYIA-Wy27m5BG(hr8_uBB?$8+X&*|SIG97e z{}mdh*RHYXtp>B2gYL4!N&F~X_~~x&Xp3I9L#FR5QL3x{RsnfY6TVucC48~+V|53$ zeuv6%hfd#DZIrHYlLhPzy1$wK=hLV}l;|lC*4{~{r+@MdE--jj9+kl|j zWdoBhxzkb(Y+6R;kL~~VaB~V$!T_s%&&g=6;qwG1apd$NqYL6yqSIIU7T7L3tXRp9xq%p%LeG3>ub?ttIW0z78af1 z*k?Q3*by?5!(_(->4}!G#-Z5$7Yt=;2*zb-rJS3qi$GHDDI#|qRkY9>Wta5c2R1Em zEnwlS$F#l~Z0bbSq`Tm8P0%C(^*t8ReG7E4du1%hGZ6H1>m*^5%^7{W9u~_MHP-mY zOZW%PtWQ7^r(Wp?yU}k(=9zkFmokCTck(x>-p=0gHu+YhH52ovlS>zrd)b#2ncZ5E zxpf+Dl+&LHcxwByznqCKg|E)#4tw6v+;0SkuQ8wG>Y98pU^7~^JaT7d*O&4>de_B@ z{_R1-)mJ0}s*qmBfLirm0v@$J0&i%RaM8$67UH^^g&4d#MB*zNM7Ow8Jk^=D9Wx@JI zsK6o@l~3fTxf>0Qc>=Cp;l3EG{jQViR!w^q9{!`C52};zBAU=bg|QNS@{JzO+)fGW~cV451H59KwKPDr8eM7;cPUe0IOuK5zrXxLP!Y zRf#uDQQuZE%w~Da<3XKz@%6G%=X8nmh1g@3@?^UBV^j%lh@z}EU*H4UYWMt|@ci^| zpf9e#I;zmRq>d)n)v37Vl`8rl%S$y^T+wRU{FVIG^PeK^1l}`IWVfdwFHS)Ea5Wh{ z@MA$-XsaKs>EUTYS`RW{h* zQTU*JUMm6m3b$XYU|*P-6`Di`VW{czHxgaSc$X&ebs>t&JuoZJc=7clV&Inm&=WeA zP5IX)PF&-N!a5p+I4)Uyv(B$eVB*u{w|TNKs3lUo#lLZv!5>IeANw6Otvq?HDe{{W zZS_m5P?OO?31?@yL#Bd|aHbx)gI2GfX z)XA*VR8oQ(&0xmPVH+HCR8pcE(O~PXvNRLcNl8KV@zAjVl$N?#DyiQZfl%fLQ1)G> z>LzXSs;}Q3*C%6^qrT;XcAlV$*Rseu+9aJDkxJf2QIH{q>srbMf4f-UUfdIUSJRMRWQ+cWXGK zUr;9S{vP7dOxa%;Uho~q>T5Xd9N7RJ=pBc9;!}QenT86KTT>XXIq0`qW1+7)_`W~CXTZh;*E-R)4d?B>s2?_#X zZw#*NUjTT>Yz`w86Nk>bK_>Eayp+7bxJe88trbPc@9N zEt1@e4O!qE3Jb*qk*!PIKMQ@y&sL0i3bJ8QJ{q9BFJ_IYI24b1^#4HQPlCm~!$2as zjf0gGet`wz-AwRdmH7~hvEWzw`JCM2MSBwvZjD64wi`4oMZ?ZT7e5+_%^2Cn;zu1E zIBP^YX;A*E$kZj67#?+D_$Q4215Kp|6=Ml1$)6aioWO+42Elq%0x~1-jvuvt%Pfx> zY8>^eIU7DJ#}s}wZ&rp;gy?Z z^T%PsBUP}5$3C;F|WM^-kJRDtT@Qv=iLsLbaAR2H=K5eS@mH3#ja^Q1@rA1-I>2 z-|%D@d*YLBNbBj4VW+xpR!DQ{VnRcsF0fRiKF};x^%oKZ49|XD_cbG3xWL3;G8L}j zGpt?(;d!F|sV5)!-eIW7J174^FZ8IX^XMkj#MMl4TI4d^r_45z6&L(U8*zyye=Dqf zAvy$E>PAIH7Zmq|%`k1lw}xj+;S)-`2&f5M1-*C4-*Xtt$8QWAtH}D`T_m_3^6AIu z^l)0`L(Na@?^1&kw&n5y>6dnN%9(`?&1V^kOxiwvFu{WZ0=eJw2&@-Vfu zLaVAqmg&BBwBGjoo16RB*9+u97FL&YtC~Ch%})jYQn!39|H*RLS{ngX)pUUh_~>)e8IUOTe`WT4QMDUF>Me*}{<3ds zbFKNF@j)ftqK80ov0;$^p}Ek~=~WO1daYwUGS^rRkhjwEfUPcb?UT{8wwf`&OgcW= zmb98@xHA&S;ExUEjhwOZl84)fnBji$iqg>t zI_>7bZ^2LH@hQ(P-e-o*0didokQ?WBsLOo?&LBN(5$5!i3f=xDq&GQzskmvw&w;*a z!^{!8Z382$WdFkCtJ%FrnMZVZu05`bZA^g7|9NfPhp&!YkKv>N$EFDv-Gq^;Ps@>} ztL4HVIbBcuWlGDjqj}?M*+;q@Fi{1mb~Rhga%s4N?A8VFO=#Lp9t3}soCWNT8oOT2 z(!KoTOSly9BHNIFf7T>@(1g2c!Qg3)yv%c|$>ysrkvlzY@ObT~dtxf8IX%trc%{ex zvc>-t2<2a1m^pbQ?dmRGaea98*X=pkx_OJry!tf9VTStWTxTQ=+rM7Ov$++TEE5Wjg}IJ^m6z`p6a zWPC6_`F%({Wqtsksy{fNqCOxIpHf=4KDp!?dIs(mQv_Z25QQx0P+z>gDH*HWk8#kvzX7qgYxdY}g3%60wWHHxs zN*CTf{>Q1xFQ!wB*iJKNAeEO!i@%VIHZb@NPMmx>|0wkHkn|4Pxz)(!4R7C-E+AmC zYFN;6sJuRp=u+z=%?uOqjtEEYBolkEC(MLFjvfTv5qDySM?i(`s=w~Ci97q*^`S`D zdn5(#7L)y2yk63YdcU>^3S7lN$ygsj6g%kDVj)lJK2C{mh9G+dUBZGK^rNE_o#Ka^ zF|FTms*}w#%_4j14|E=J*3B~M)-i(A?OEz^vMN0pa*=We*c|S0`le+3SdMA$@{itF zU29nuKH2FzWyhGMAbg8%3bsor0@0Whlk?!2xiynD#;E#@(lNrvn|X>2f{KTIiVlwD zR7wRG)5`Z73T`@8KE`n_BT!&LC8ekmz+}Sc$T7bX{JvS|{l_M$$XWna?|Fe$2pCOF z{Vh~2RYXPwRxQ`KBC`1QkT>rpVQ>%pw~tF#D2;z89VS10bY1pQK?S$g-vwL? z`Lz&Q1X)Ioe{(}Ov4Slh`}pZ#Q_j}V3hbh@c}Zc(W!%BzSMl)D(v%4HwCoCJ?V6E! zY}j||4JDD@mnUX^y4~P$N9ja&h2~@#T_64BtE6iC3F~O|;bf0q9Ji;lJkTO);6)h2 zyLnb;k2zK7S;#xD>r?E)6`nW7c)~th=f#;LlR{pXc4y2cm)(yszM$U5lch4stkK02 zNt=RXzz33F{xxHEc?Z5siP;e40K=_HXH+sCxq9kA%B@swf;q11QrDSiosd#@c_--- z*%`4#S7W;60I@+@V-PbMb)nFf#!KE(>pTAYDS2~@FL9-=<`DT!6|o`b@CS5TB>5Qb z3l+$1na*9b}t8|CfDC3q*UT z;#JZaAuaA7kwons1 zi_qOMt0AAI*6wVy;Rq6kCy*pScLczY_b?WzZED(B!la0!ks??SOqr&Sq$UwREj}eb zIqSrX6d1^alA?#$d8|eP_lUhH;jpDp>BzOv@zAyC{_wd->IkW@>MmuT4a7hHc&9dB zb++FAo5dM5aua9$n_KrgmmiYp7W3eQAmgvZyhG2x>8Iq zs(-!L{ze+o!uCYBTJ)tqJ>9Lsuc)y09HuhSidRsuV}5E6|F<%t#zIy3*>VJYf;|zDU!Rk88ts^^3>8m65 z%b0&fpq*jc&=+2VkHYqpoqB$owcYN>Yh?SKIwO4>JISx8EU5KqHEP6nrdPgW&DDwP zZs_T47&Egw8(bUc6Ng&Z$MvaM?|SU@O9mk%uBq99>hJSn+AxitIxvGVZSj-4O4T&X zFMlj+vAw2Q2jRPSaV((poJ=zMQgk>?Z{$}Pm|x1NSKzx(aez=eE^Sl0+|}UBFSaYj z%rD)R<=F4DD&|o9E=L)CayrbDyML?GOmC!Cw3%O$Dn{Xb4${q_dK>{6eb+koQ@b(M zkft|gYGv5(ODcv?zOL?*yE)atrgk}&$uNnjmd)6S+Rz!lJI;}rPwen5pc1rAOc{n) z#h_hkOC11^OftfkuqHaZw@6t5_Vk3-_yTt%)*z zRjD=uRdZ1^gf_zuE^IJYCN?KSPVCfvT~M9+DK;Yy@Ct(xk|B-M>g zS|i@n?V02T-`vI#2JeU}WBPiP3xM>F!0B~e!D?u#&$w!XtvbXTeKCLDa8GIsvkOa0 zgD77Zt376MpawJHgr*yq<&hF&Rv)+*B6rBlKx0_d(NSfTn!e`1I>=$UPt9PxH=r}v z`Ob*pQvdwL17kmffj2uCgn_YVX86kf#L883t%CU!_)yT^ZRdkM8Rrv#=LVZUKjSd} zU*`XOhcakt#&6%oJ^v^3%6~A_{~s%}>VLQ+4V-NMFZ)H5vX=_g}E!eDXKSNtFp%>;`7+ zLk@U!dyqD2mqrl>&au=}4d*gdBJNpkGT~}-*vNS=R;*_4HrvGZ)%twDUg66#L{(C5 zwG4~4By^@ZpS9P+Chs%~C)sA|WJ_@f_u4BMl&eUMdnpSsavRBV*{~maOI87n9%e>> zQjN=gCBRW(*hd;nG7oC40CB5d#$zYcyfR2pPuW&}=a*}oW^(>NOlxws}6Fc$;oWM~($;-O^&pRDRF z)`t~JRMpr;l5Q1p3jOdTB2~mB>OUN@$E-pI1idsw>|Hj7mfRqhp~sTphGw^49>#PWfq-{ zu87?8=|g|eLswrzqZ5F8$!vieZKNCR5(u9m`-H}Wu!ifi7xWT53B5eDMJTQ(JguMH zJ>#|Y_v=3m!$7dK^R9nRu2`u5X+iwAW+XKS;J=mv|Cbp_6GmToX^GE_Y)m>HS{ik^ z77K+1KK5G#+)pNHGA5k(SczBxARbu)14CLkGa80gl0}8JNQHIP`u==*luE>p_+0zE zB|%H;t(5j_&6IYvkFC$^?&ssF40iVKUpY6&U5?kBJDh*F9cOr-r#8PH@md)^M-SB1TwDivu9z)PFT0uT!5Rj&u30-wD6tgtYNM-ZD2e1^~$` zw!(3V5}s4JpmQUO)ZD(?KY0Cc>Rozy4icia%v(7DKP5MSHdl`^~qU`G^zgphw-(KTr~CW2TA>^uu@jn$?2@_S_R7AV7FLum<& z8W{%mqDRTjC4Us6#;KQB{1(r1>5q*G&~|iF8c%_TL_urnlc&lSuu>6X$Udn=9NHML z4CIw?L)~N%tAtEKW6(@I2d6SE5wwIfZL1|sk}PdVN1$0FFsjSzQ7_fXz&_%0}%}tdE?aB2Shv!Lyr~yYJ<%pe-+Dk3nq+X<)x&(@+q7J1r!ZV z=7$uYeAEf@qjU|3*jgJWz`O|tH_wZ#8^0Oh1{JzmGt~XUvQ%^YP)NPVq)DDAmA#um zZx5mi&gx}?t^!k~gh;R>W`7SjWl*vS6CKFvGye%$b{g0!{C)Mlxufk;c-92J{z0095g{EbtG4)qam)5YXU6vpyydBM3HJ;WPl z-Z84EHqS=nlay|q%zcVej3x{#H5f1#VMmN2HyNk{uw;#);@S@(&7fuzRkWlg1|Exh z2K&8L3HB76*ET_SbPO;W*QGHvIHWrT9>ay6)Wac^*wQ5ue_#z9o!NBfM zi?HMoc@SIQ%hf_(muO*%nnqHQ&TfE_Zz-Ia0N94!%(fKRr9q!y{XP(5K= zhX5Ej7r8k!aNao{jRPkj9eV^lAssb5dC1SXP7pb~Y8$DLuar;d+Hu`EDaR&4)d+ZK zEk!SsPUQN-U@#&Z<{R`o)$-oH8%g|og?gqiy`0pvae z>_^~dxVr3k!c*nAZBhek3ZdeO0hneskNL8Xa^6VLz|rMx;L!y+x`$$p2ypl_MNlsC zbN;E7MvuQ@)-k`Ml-Fi@nV#Yy-<%+Fj(|n2r*f9MJb1Zn!q}?sDP6GU977WAF$4BP zD@Q{j-A60WRrq>T+SVohGe+jQ||Ri7F2E21+|;zZ~6Nqpqk zHg5LPN@;bP!vaAISK4$MKpgk7R5<_%%e`8bWVQyKH)V)>Gcm4AH(uSm)OlIDmXk_6juLh*aw=C}$gAGGP=%3dryJ2xL`;KV_s#UL@ly@UjGXYC&Ri#y>&9&x; zxV5_I-mNuiv~N5QcTQ`M>ftyJQE zxeVwFn=|9PwT43=+Nib$r;xNAtHKfYSsn!l@o$&a*)*%!sv+p+*-_UFR`wATACNY9 znv+X?B6`JIx!SSiz9w)Uae+Ec4aS~U>=qgrQ-5&3I2{Ue8ZW<0+27$D^4O^saaJf# zQ-R#4$HM%_0&6oQp~+p%q2OUN=m;}AlY#L;%t@4RnVpEZk?>RX6WrL2>~v;ss2;#W z{X}mi#~p{=-^?34vs*Zp0QHLRmMSwphXNAN)+3YQEjKk8I5>;CNGEQBXhZ@N*ms@C z{3TM5WVZ{gYp_Fd8-wib(tgBSiAuoyJCCiUvxt6d(;&--OGMQ`>uTn7hhfd%e0RJ^ zADK&$y~t@hMcSZKCi07F5h0C| zL5R}0b0IcVw>Z6_wYIXczFz_*zn*2Nkl`{V_AMS)S^jug$I(p3)k+ts!PiP%Kd*SE zslGq$rQjSsHeaO0_y7ST)4i$FH@v`VO6FF6alzX4FMiL+$XHMIJk#_#wt;SjZo(y; zZEma@TUni5taQ%*lUC`{+}ocXf?+USpB!SUmpi4m6Vkb;dT_rCBa6;(pe#ET!)6;* zvbJyxQ+oU(WWN!6J7jp7&FIA-;Vj#bqbhy*SmhB(=m)TQWw8+whgVlGqXeTlZCJS$ zVI)Wsx~rSaa#XBv$>`gA?bHf}xsAmwTMG+FxP_V*R|P(vvdOn29^k$2E!cv49OaI>r@j;|Vd$v^nTzP-u+1i)8`QIv%t zKH{=pijxT{(aXl~MeM^%Ldfd5qQd&L!qb(`2JMzNm(C=B*i*fTPkon=X9c9>>fB?@*_$ivZGm{TWAiMV(DaKgkLF3=aP! zJ(-Yxs1eY!$*=k5T@?Pwda{#xVx3#VG^ZBWJuIvT_u4}C>Y7`_Jhu|q-6#A-;8YXd zjq*S!{UDQT%Qm<1`)f}4`kQxT_%_U|Dq0uZgAJND?g=khJCajR_%__D3z|3d2^g9; z`ALU)dPDBl^)~s1LM^%__JbcyT`wqKLbNgKJc?c zl3#%C_8eTnBXS2N3|#!Z8!YGOJ*JX_;;(P|Nyl&gRDkQzyS(aV(*1yjz1nn)@sJKD ze>%SFehF-dPE2@2qU5bR)7oIox7mA+(w5(V-R@rAuAIBA)Ct2|#(rJ{q@*_Tt31Xl zdw26qk%PCBT5lF--Otwdj}yX_9Wk-X0?C{0asrm@-ja+6`5To3bp^k5AK0_M8WcKa z3mn;j<@N+^?tCiu;OR4PAc-6LMW=hEcY5bSjGF~F!^czXKlw7=9vD7rOC^69;@xKz z$7k;0X7BPjApGMU&;~EB(8xD~Wkh(^ zOE$PB7Jj&<%n94%!y?Wa+bBRUMCD~hR^j~d}Qp*Bj`dK7~HJtu()~d7g8|Yr88eJP)^QqTSf)w$++qDGtY!3NlfU8W zd>QBsN{UyWeokV##YFc=@UmSf&LDDF@3teS=1b3KA&;u^=U$e~BO|8u_2&pTp zDk>3n0ECuTd`#`^HtILv|MBOd16=F4Qz4gdYzSqDLc0p5wc~tv9%?|O^`^-S-VqZnsYdrk{+KU5UuC=%rA zg`gMHvvW`QV!A!Wy(o`Y6|BgGe)~|JjwkZXWpfx6eG^eSKIb&E3~iT8i2a zYl6=hf=#5Kt@rvP(J-2Jdgd@!_^nsH&YaaBtpvl5mFc`J+w6AULFc%$L#@NRT!J!9 zL5Wljh(u_}EvNq7zY}o(X`!u~3uaeEm)?yPDI6W zub`Q(hhk4t!jGbur{{UcfHzz3hi6?6VPCJ>6vVyrC#hFZnQlAX$GbGW zPPUIvcM6>}f6t=S-@+Wd%Oc}fP?YZ3zkwyGiusxACqgtMzWK-7wU|4FtT9&!Re!Q~Svc;JDKwxJ-f86c=n4;u(( zb@yyw#P2r+`fW8DBk&3oK6HF%=?bB}l(Etv)Gv6&l6a=R5DnTYLhc9-_|6ltvtRd) zNH~3chwc+&cK5~;$uGR=I|%oJ_H^qTN5_9)^3KVAkJ*{tbGQJqjJ{#VYho<1V%s*K zIB>KAc~w`%wydLX+u#~pAcXN5@m_rU6gjhL64JqDdp!02{Pr2a%H%(67=@0Bx#x?* z_s3U6Bsi3)nEzKzw~lg!2}_S=DMPH5Mox&d8jx)Bc8B^#?%f{aaeq zJb>&JT*#wHc%3MYPm!u?JvO^QihGL`@GH(W<1j14OCXH%?zd%w-udZ}s6J=LKefW!Wf4Ga^-^^E|_bCRJV4#Koj?@jygQqHiHVkI3?G z$`{fk4lK`-m%NhdEAy>Q!MfSIx`B(vRb1vZE%Vh5Rq$APXmN3{0zUeMF2I+E-XT8 z7wX2Hv3^gGbqa#Ph7r>ShJ^JSg4G6FkhL6+U8EBSd3-bcB~E62HESLx0!xYiQzQHo zsZa-^`3jQ%Qzm?sU`WV9&gC%CtZrf+ZG7GqeB-51ZWnO|)H-os2joJnV;Im)2Wn(q zV+)~mBgF5m1%8?=_#Aq3n`n1Cu8*_G4#Ka)@ki^kv7NhOtLL{C+aIk+CU$g`n_Ye# z|L%L{0h|>}d|f$GmHNIT7T)@?OXW7WFK^Hv%&w;sy#(J^g#!J&`@dBB2$KDd{tZB` z8VUJriMamt1B~`&e_vJl7aq?k)BpDu+P0TTLZ6Mh@32{01TCrf$og*zghW(#`Z2w>j{=s~FlphLx5)u7PV}Ng(H?haq#${E zRSv}L65Yehuf$enWW=9|_cV4`PY6~~GHd>(F#N`fNhbV`I%rx?D94s@>oGv5>svQ9 z4M=vduAKGsi`csIAt2Yi4anRcL9;EYOrPRI8?V@1rol1Fu}=3~h~(AEj$%F&70~&V z-zMN|ZE?)IQFrsi>*OWap8k5;#=t9YQL5bb$n|3EtnzQ^7J6Lny9)I5Ox&wlIIALr zmGf^Y>EGaT+t9yV=4@;U)^;}EmTmFa06&`8yM%Sy;3{pAZD?V;h0xW}X?TiG9!8Wm zvE)}dDA@;(GDuH8SS6J%?%@ZQqi5dxn{bMWsl9g26v+-=Jr5MNfBc*er~S)m!-gGEkpGVD>|35KvfT!ZCaYdJxDU#uIBr8c-q$6gkw%SqBYock zDej>m%DCkzyY=P4c%G;ps06X;B0fK0e|XLJ4dREmA-qY``ww2Ax7K~fAe3(Jjn(b< zNprfK&MQ*TLXfgm;qWx?snO&YxYr!g%2je%*wkTZ`Gb4+bXU*Ecgd2ZdC8#E=fw=5 zVo)+DNjq~gaTe9q;5gUOn6y`mOXC?(u_8;L8fp2vz0_5{q9Owx02p0WHrv&9AT`*#2Ne^b4 zQJ%3^ML%SR6gE46{MPvp54@W*dC(`|i>>@aABN~9J^9e5lAAU8p(jv@73}-nSp`nxzY@Z{HFH{wMK-?Y~nK)&8|_k+89Ic9Q=;or{0T z8#p-rV;{=c8k_tV7cWV^?jIKqy>lf5YF!H3bOP&RRfx|eG*sF z<+q-pput|~8-=ixQV0kL^}CMytp+)t9KCD8Z?d)cdH$whKZjv8gRZ3cB;ur)0V}7{ zCfT!G3!-n1f{wPnsD?>)i2%nqkTehX7xAHBBsUpJ1I5QG2AoNkYBhiIGLX58<_bWB zwLB})sGxSlqw=I$%t_rge12a(cf?zQJvu;CSyw|s2=YnviuAS(+|)OV$QFU zE~D!(%!|xVd@)Tk9dEiFuYY&=zo7iyZZ@#+i0yb~*{FRsQLVE}l2{Hl;F6X?^2D}y zDjfME6S9KsvHa&4IheqVa*;Ve0k*f2qXkovjvv7{%-~`KPztfU#C9*!TStsoaWUlPf392Yz8=`2i^lZZb1*_BpxL3yqO{)9 ziT=oJQr?)G5?MB1rl??Lt@$mJ(i?E=%YK`?+M5QGN~KE3qSdlA)NjRju=zcc-ZYcj z&LFgxa>mP$O-;JEy?SbsH4>G>`eJBm3|0FU%>O_W&tSH|DlN24eizkWp{lr@%3mTf zO{OCc=T&L^PkTYH3i!gw9E}HymKzK1kVI%`AGN{a1VgP!W|YOacKaEVHB3uMFDtkj zl(AMR@K(Cjkb7bMgjaOku-t&05?Bdetud zAoujwPHN2}US6utbP@&wMwz8#1~wZ6R|jYzwx7>!I~XtUt_-wtCQGcQ?kYknsk%zL z5a7(v=jGh0-2_nG+r)PLh9R%$!Ci$E3{t!Oel&+QF0X5347zAr!Y^3Ri?SQ;iIDhp zc!hl)6pIuQ%-N8sc$@W!t-J_i*X=`AXCBRC(lZR|UBCvMs*3DACM9e65k=PW-jBW1 z|3%t6Hi;Hx%c8|ywr$(CZQHiJ%eKACw(VWEZQHJT)!paahA%-62_#8h~x@lH17 zPj}H=Iz|y-W=F%)Cir@?KG^4EJX@S71*1N+^H&Ep4n>?e~$7y3VYQCl97saS(R>9UxTBELU+o7oEy} z97(B|jU~&TU390f%^3#smB;DgH1RX?5706&7>2OTkw7j$soR#leK7<#x^iVSr=pX^ zM?1fqftEuaHMzjG!ov;@ryrsoT%@f$gV*@MLKl6)QIEk+EEg#EHoZGwp=!dOMmJ?D zn#_43QXlDz-tTscNYGe49vf{jPdjA7RBA;1F2n3Xaf#^LSxF8g6Ui}k z5R0WpMSvR*9_Ipvi!>C;m1Dz( z78%*A=%N)Nm)d*z3D%lOCeayQk}(u$Oed<;F&yAMNf8H&Cx!(s{WT5JP$IqZ=;}v&nsS7^s9jqrqJ92st=qZ(53O{tx~=I0U|g z7o)-Q!HO^|#F8*HlJ1}vtZ+VojkwnEm4ug;Fr4s?uvC)n0C$-^IRrntTeGnAK|lUZ zS_izkxR+mh&4a*$e3IP4*b>~LABlrVgD)8xe;vyCa_EMI*unH%ZrOxX`{H-lJ+E1? zzq-7$o)ZDseW3ivJdt)ttoKWMr?75~vUI$wzd*&7bqDJB^!H#mKYwM@OeD-*Kuoa5 znZ3Y%Vi$u8y;eAm=I)|l4?C#d{(7U5{{H7?;XlJ)(wRSr1EWy?3G%7_r{XH-;{5-q zuK%@ZHd*Uue=G8E>>spw8mJ^kiW$eAs|5KJooXm>t-KruYou|D_d*36KvQh4{SoW; zx~K4TpB1>?P(yav(({zLO|&7t=qWwFY^Or+ue<3UfE$1nXzYN2d3pw@M0$~(7qC|a zR;2W9D^DyujUJ5C(${5qJJv&d+v>egwG)B7Pj0MI z?O{vtox&kaX6IIQE3W);PXEg`kfW?@9-!>u(~c65m<$ch1;$04bmXz$1+ANo`?&s0 z>zKMDpK(w}8962$H8AY5`iuuv9kJlr42 zERhmfuA%1dmxr3I#yrUA_5FMIs%OZttToQ6s1aqFrWiEPyai~aKzLcw|Ikcv1~mC} z)20oq{nEy_cS#Mncnt85LiVXpnR)~68bVwovqyCiylSFok(o$gi7=xTLqmhm-l|eK zsibqku4_~itxzsVyjKBgU#MdMlLqNT%HY1B2d;*1ZI(l=wRMoQ3`U_L)H#Ug?SJMh zK6ZRC>~#TBgO%^IoiQ)gjgl;oE(2_-Jp%(zk{CLA_Qce%Dd8R^d7({$+Kzh8e(nx9 zo}-VgLe z3xw^Dfq#QEN027+)%JHdPHw>+)}#AxN!;|p3-w(aX0DiScbc z`agak;^_EKOP-Un)4#5Gwg!y1mYNG6nFZ#MkHuVxH?u`%_XATPyt)CEkqH)Ffl(4*$gt)gt5tohs6N)efB(MN zSX)QItbo1$j)rY^y6U)=sMpcFxhBJTecf`J;(7M_I>vr&;QM%C0(Ga()PYkY zuZ67^Uh(d0H6El2;lY}g)uWf9?N1h?UUv*dSo-@$N(3*kl14}D7@VK8H2fe<0Hg!1 zcA6f)1Pr=s={G6P%CXDWfhn*nQbm@D(4Ihs)Fxd2=lBjm9$|?@3^7<3q z_OZ&HxCy2%LRS?*sFgRx^C}o&MTm6z_RSacmp+}~VAZP?eDk2{RUyqgyz;y&jhg~h zW>Lg0dbLUeTd!}c3lFyZ4r^=nM2h92`zX!OG1iq}Co>b)GET`6v6bt9&5VuA?4`+x z>w|H|LY3(eY*48NLxr(rTlN4XbRB}p*zj+8B!4c1W=z`4T-)}eJ039do;U~d>A6oww##eMb>iD0^20j zixKiT7+2#v$Kg%zWoAhy)5RHD43rA&>M1Juokc8*M`OZl!X(HE8A9x|+VP_(lS~tu zFtz8;cia=)Ic%rD&e)z;OO2-@G*L2@v%{QnRQ4e*wmFot#-b0i%A(IoLj<3tY%3~?X%`HIalvscqgV{ zQxx_&IIX7T>?xd+f0;%vzz*pHq}$ZHbB~tax~a@;kXp)<0BO)`b#FPGkoL zoQzXth@9Pr%ICuFxmM3gh1^wlfvov~36gsv#kJbGBW)4|>dk^u%}$hE_M-^qYO@5v zDclNrUU&w0ySc|O&USP6qfj~Zk3mX{xAJ!uP;3yGktFtpTGj*_7#PvbJ-Anb;&GP4 zsCTtD%eiV1>-dcL7$|2#PASTfw#mo}m_{(-BqIHLD&_3Uu{N4^B{s^8+-4DwCKY9_3TmJrAhi9ej z;qrgW6Y@Pny<#DodWw6!G%i_Hz3wJnB(g`ckwb9?-{DDtCy%FKYUC%S*9&)$UK#J7 z=3SB|+Q-9BrVxr&2RTBV;%%#0_X`B9lM?OZL0j)_jpH8s3Z6Vk?sA?9)LhU6T46{6x8D*q)DferAwpAh)G(* zRHoUsMA9JFfC+LHa;lv_Aiulc%5q{I-E}c;M|tBcPS{Nsb=(^(C*Oi1+TUniQ}7C! zRbTUdLhtYdeHhA`W68B`M|C5yY~& z!I;R|RBqZ>&$cnYZV%I8t!&xsVfLKAdU9nV=PTzg7uv|5Gs2rxt=EVSQ4Wjn;*+m+ zg;`jvG0&Qfzm2Aq^$7;)UCpCN<~&OdqWKjUbI+~WsD8pGpvBIO&z*wOVaw?x+Eu5C z|Ka>*1lrw8YppjKY?#CONJn^Kd!N5(w@4ATBzVs3SKON_NUx;WjCV)}56fGF*n>d7 zM#)|jesf2M@*;`;0J}J(uxCg+e!g21hTJ->6NY5H4+1v}jkS;?yi);g+NWXMi-ea5 z)lHV?u{L{2)aS^d$@HrUXHA&4$Yr|C_S2r5myfT+Bk}txT0q8rxejDoE_`BQZ zeQ)pL_SoK^!+Xv6S5do3+l5?}MQSkKcX6+qAUIuQ==G?dd`ouODsW#{^A6fcHKq%z zwd#42#)SzrxKC@6ly_`%Pb`v+$0!=gM-TFgZH3D?+GE{qe>(UFTmLHS66kpq~!# zVPeBb*d8W%n3c@a@of`{qP^O;ij0LdNA{Gcvf3=k3}r4@jl7liKx{Vnq#!)pS)g1i z*1nLb%tP`Vd#(|^>8T+_pPL4KA6kvb(!k9jFhIwEu?}K(n;}S4j8NRH%?Sl62)*aj zQ-HKu)m|w~juioff!PTLrJ2>0xQHgVAZ>(g1*YUWu zsm$REWD8WyZVg25>}`S(CNU{DzXSU~YGqnTci#HJs*BOe(?cZdYe6fuDfgT}w_+zI z=Kbj7`J6#FH15=Sgc58ET#2R{?J7siFU<^i++${FgY*(*oMUoJsFD0%or^(7{WQ)%O4E4(7?UOn%RwO=XTB;mKX>Ui*^ z7eTDY?x6S2>R;7b&pEdec|rp>aN4AdZ#YK!M}IVHyY^Vq(qllDG(g5gYGqhXCK?y@ zGT|MO>!q%Ola2s%X1lr{XfH|&^g;OZY)A1aH$%%15NpP#yRqMs!)W5??UWe&O-81Uv`f}{Q#@_-C5)$yDR%UL>>UL$*@Eu3@xMD( z!UAbN{`&MaK1OcTEIqI7TU*{25!9*hD=AxGF5f6T8Y-zx7i%SyXn?`tmEq2{n9Jq_ zHEK7!d){bDP)KLSj`T}~tFb?(UTdWKEa+yyBMfo1LX+v>cQGHdPAaX^xs3cISQ3+h zryu$zb%>rDVkn@M5s68nywju5dDWb!NH0L;+uks>psNVlT%f1|9E75W#(Kf>0Z0&1 z#7$I8y`!aQP(&@{COY(>kW!qI&`6$(chntA6@O)<&?7k%QskvRBvRz1JX|mGZb`aM zz5`bDRP_24WFH?A;oVc)cIeTUoE_1YfQFk$(y^**KBzP_+v^z*_HWunO6pE%UR7ssZk+=*e zcy7)q*$Slv?Lci}Ob!mo4y)8e41r%^zGBGNAdWQ5`N# zbsrbH9E^v(5cgJJUB*35S&WChEay&N8s{0mMAn_YDCcoUx9P+`FNG&ffd-DYycx`; zX;(l==Vqt=?Kc>m3f{vG%2@@Ed)1pK+*WD#Xkf0&_FkXXVvEO()EO7Id+J*n*tG)Q z^Um@joaYU}BM~llp6^6p$$}a83(cbv?nm_-1{`mN?^Yn6;`d-6pUU?}AYFyuW#4wG z-*MmaqTj<#<{6*YP0d-4*G=x(GxrPLqaV+U0rKoXlS1d*fH-o^oxKq_4Z8CHfX^BnTc1EHMhrh5u|C}98%*q{|EbjOaRrWDD&c!t4V{+iUg* zD3{DeFNo7S9sH_dCa5NH$*#{NKRmVnIc&oh0B%pyox}FG8azrTVoSf(EvGxU+W=NA z8g8+(AJZ0O><)oD6>hMY0@--jJs}v{7v4W;0I4v=zpiiq00MabiLoR5?_Tl$l*0Zs zN+fD+VD?{6d7XrD#h>ZAkPal`FrZyh{Cq%^YiRN-3)1Wv&WXlNCWzY8h_bkVh`xkB zv_7IAlCw2Z!W!Wc+BzKfET~L z8NjFChRHTHYZiIv>JX;JN~&tA{w$xl1s?2Ml<@3WvsNzZP(Kwd5+=zq2gheQ46TCX zPlHu`{h2+}agHec%aKX?Opg%Xcq4l#APK~&j^8JaqkxK0LdgTNL_J#CDOf+*C@Xyi zPa;E|FU3dVRKhS->|J81N#c~=Ai~HdTv$#h66%s?=vAf0p4mYuqp(J-py(ze8P1@- zIxjc~wE`v75m6R9erkZ{@AJ1sD-}az3_Zz1u`ymXBg9z&F+!PyVUV%IQoz_^ub;dQ z5yM$Dv#hovc_@5!7(^^=!mS?IfN{GB{FxXAn5rZv^}DHkQ>dh2Q#@GKU0J zzeweOJEtZII!g2W$RX2&io$iEfE0wN$X!fqUjR#!e@CUerCFuh*22^0{3)u8lpg1{ z4}0YbgdbwIoXtgMBzQV*&x)VACo`{geK?-xMD9Ii zOIIK6EU~4_Z##u50z8)&m&Y=dl|XoPV$VcpiXnN`vqzrenIp^wRCl~{}-?M&_x03%->S0=#7)0Y@KAi_V ztyC~~)ON!fV_;B4kET|5xe=jCny!^+MFI7OMM_iJnCLrSF&{6a{|WR9k@{FN z=d;zy9VZ`DUqdCOOQvvwiEQ|j{WCpkSc_~6YTI#$h+*}0OgW)Cexr)NM9@whV1M#a z7J7HJnWQRWk!L3d=?LI4Q7^nGC)HgTYhvkaFfa(a4}M%k2r>=7L2epJ_ekEF5mj6D zjoYi${m!z5eBCMK(=KQA2Ud@$_r%RRHu8S{J`?pBW{x}2sbuKD=<5N26@MrT0^WY{jSs-2^+ z>$q7qY^Tj{$e#joFhmTLBfT7AXqm?FZjo$XxKA*icH`|y3WkT5-p z(QTrHtkQCT!65mx^Txi^zTBm?+FWs&Ht04o zuZ?K$DMyg+bjM74W?}yo{Ms*Hn$~7xN=5q^E@CxJWnMFGOo@2Mj+H$jwfJ5E>pbO6 zn#_?qpjDNi5vNNSNGIohc1rg^Urjm40G z863{RGn`zFFVw9hxHNN5g#_9{YlrR$*RQlMut>dGcg(=#F>B0`j4hZ!aqx5%sEbOV zzWPYBk^fRr#Z8Gk#39a~&9qiL7D@;+VJ_us-(lx?|JEVnWD^a@a&}ac5jHMECXS$>Ob-L3(r%4bJ;cZ`8ahL`weedy2a^hL z%z#+zPz0CsF+olT+(S+Wq9N;o&{1^)=_^18yt5@V?~r$M(u0 z`$BFht^oANzmT|V?Jn=MK=uIp$-9HeiRS+L=KKC<%;0p++`aD)%mMtz)NcI$4(8Nt ztbZ`>|1j!0v+K6={P4ea(m^t8ECNpH4qElI>?L_u9R}M*WlB{=i#LbDo#8Kkg@(J-*WOvkBs%m;EWx!OrCaR5GniT>;8vkCY+~qX>iUG4!*oC1aO#mC-x2)4)Bk6UME^C$`hbJ=J;p2KY|M=#%IU zX+Umt8s<7)kM?CTK#%TaGGH6?y(cr~{qx~{fbSo$W*mNr-TVVyw0rFZx>Gw{inj9U5n*tWVz;f8<{S({3I`1o>#N5 z1v!ngX0y8Fo^-e0mRh>I25P=}zYux_ywCh$T+y&0%Xf^;qfHcd({Q1tj~|2WeR;W6 zXBt31l@+BdEPUiAt)Qp&!<_}MfA*XH||?=xfIV(EnT$!BMb7(a-U z%BsT>q$5M<0am8+Obnw?h0<|5Mq*NkvZu z#xvx^IcZNL-xpFJPf3-8W#*AL;@LHgUFMV!`A{E#5S4IV!s0`Wq?EW33?1!16`kX1 z6qPkweCU{-g?7xaE2!KDs%^ZY6P|}*NfGg?+6cSoB$UON$I}`#POGh8k5UsSBZ&rI zQ<##oWHw0P8e`@v(`VHxn|{dR!(XDJ1e(owPL5Oy4N4GGt`EszsZS+LJZ9fW80T0E z9YbJnz7{X68Huc@q%%&YkVcaUbMjdI)hgw*)J!m67t2 z-;S9{5*n6GTZo~_%7nyHVc_S>&wx#_uATWF`C-@#UASMEh?yCGS$NPWsEai+e%jC? zVnV&KDoyI4szjmOgc++h5;gC=kD=U8P5hEz&j%oNWyNVKg}v@gu*tv;UU zU^&V@R6&>ue{7(kwgUCB&Z(*AsOJ2OvV)pEjH!APUgt3E)SHe7j+{7X=u2g_(fp>I zgGFO!TI=ry(j>AY!=-aT=9FH>v92uO`{_pAYz;J+&zy~H!LKhO{~T6du}Cr<)rZOw z1e`1Vu=xwz$(Qb~K9gE~bBJnut$0L9g7Eypitfc zWH&sWfp>*KVB{LGb@F~$Y(XqoqTfU(#T^H~sx~Zz2O4)q#Fz#XAY@BOO8oT6xc|_h zpXrLmg}OLccI%^=Elz5<)bt;^1BB|Md4`!z#pc+kMz}%^?c3+WeH@eyK)g60%AoUu z=`b5WBlH<)I!MYxWA@2J_=wMhh0n?)%#n&VB<15s#CKj&9G=?u(R@92!~qrTD(S|$ z*x4{2w9P%@JIUPT20d6qhNR5uOfW7yg1<{O+U6twW>B=uQsk6#$-(DTur6`RL9%0r zlirgdy(N|C#KbT*Il$GN?5X$yyrNS66pA#(FL~Lk2T+L;$(P>HZTT4+#;2;9$MptZ zrbG$B%|pSi+nobmn5oP$^Hp3>vLanifJ6 zpLdUBR<*g6qExjD-QmKyaKzn(d3B3>C~z~YPD)zc$PLRXuIK!kQ}%K5=Z$jyHZTq^ zO=^~p44xF{icjWJ>>)*bM3TI#GTBmXp;2meoC0g7`V$5Hb&(g2sz&Lw6f0x!BLekn z!DfyKui6pHqsH4r!f?7s8|)TrXqqCtxI*c?S^@Y1v-!ODYd>oSdEOT4M1l%O)RW|UN!eJX(T8(OY4+*b-ftpIe)7AvAW0e~X z95;r(nQoc`gNFst5>THxIT3rgVYF5`5MQFcXeDsjNF|{dg9r6w;YH{S*LW{poXqNs z{K}1JBgpyk7bZLMu?RtK&Sl8NO8yI51{KvZ!gN~AprhN6yB&@aCC&pEv;^I?B7o==cijM$&E){~1T zYyHq^M{uS$c@U%u50u^ro24M|yrott&NQi+Qp!(z%f6y3?$L`^=VjF(EXoz6RH^bU zk!RU%!c_U@DFwgNolULrqI}l?_fG4!XGL7Ep&E+{-cQKh9nJMVlXnojMWzYNAFzeN zXbA)=d@&P+h&d#k=%cMh=C2kpd5-AeK$d_|M{!JiWMG^0!!K|fKcvJ?i_e$jXHIB5 zKGRt9L3HxCtYFUbh7%uRni2ehuO6L`0EoOAEg`TiVZxOB?d@PtMhI$?u&wk>EPu}_ z)ycwZ?i!tL&m^x7Kk8+OUo*%3J)0erA7pEsUSNkT%L!H{N*DITGot&`HCWXpy*FPV zLVowE%ah#Y+yksZnDxhbtKiWG8h;s|QxOdZLL@anT=Qhg)G{sj4lZ1wh#NOdewQ>; z$YVi1%{`k1x1RD`%Ug^r{{^?fV5y~__Y~_L>c<3GrL>3F2^&=h?ETt~D{cm$Me>3P zs%RZ|Rw4DcD?z>(iq|`U8}{1;yJAXor{(pZ1Z=Qs5|HE%s|5q`{}-eFwcF{xT6Rqc zZ{^4A?=L;lbmO}b1_|+g4)|bWMuS#i+qMAV#NQC1ASj`uL>O5UQBLskR$cAYiaKf) zVI3|_&3nzZXv#ogDsEbR6&0?RPwGu7=PFtiR!uZTECd^}w_H6v z``>#Fem)Nl01ZQ~Xv_y3yEE~zK>oLV=DB=n&~NWZqd#kFsSmc{;Ygxi?#zv?O2z(^ z^C82!6&u!>bFbo_Fd^3Q&xnH`EV4OECJU4iH8KF>rBS?rqs?}3Nkp8 ziJp=Rl<^xeZ|%d0c0_OSQ|`(U19O?a?GyO19je#0+X!*PM+Ot}6e9zHLJ7soJJ#{L z_*8JO@KKdEHz)Q6R9A;Qijaq{heP5dmm;PyisQ980fTXXr#`t9dwNC*&z z4Z7=B#(6Y{FTG$$kg^dYmgeBl*^bj{5yj!PU~${7RT@hB)q^zeGSMsTU!V6EjhvK; zL$ia)l$_tWogT}Kok46kJ&lUqB8~1Obg|5sI@uZ)%SV)0LM70FD2|ykU*U_LDKr*K zQ%*vpj8ShGh#HyvOe-g1_%MQh6MUL>$svWi;<+jY1Ho!2yy(HMnR_W{%;@_3BhN(EL!FU-~7V;mSkjyU5Xt={uxoYYEirhx_X8H5`-;=LV4&bfk2 zqQsN9jfHbc2n;xW*GRb3Sn1QA8YVQAWCjRr$uJw~+{L>0HAum9`;2Bi3O`#{9GwOZ z43RP8*RHY*Z5*Ss1O_XNflbc0_ELp?UQDF1J~C;+Q9cxvLtUf%?>3rL(sLc~{B;PS zVO9EGQWNilC@?~ZjB>imepsS-NF~q`6bREon84adcqoaSbr93#Ttc{mFo5L!e$F@J z4>ZQF)F-gL5GaMgtX5?)?C`|m#iMR@$CB)XQ6h^A@r=54#NBG~IK_9GGBJ1UA!*5B z*N1WK#hltvS&K<^ss!FcJlAe?E{Ala)bmy#y`SL>;!yO}B#!La;wbPSDC1IHQltYF z&g#D`#amW;vuOx&SKKTpP=>VHp*8HcZk*M_+i?B09wB`Qtb{zHx+u;xvK!>|1Px_8 zD6lo*A*CW4F?)jED!qxY6X^a|;r5wkmeLgLiw!*Rva>^MJBHyoelre{!qy`F;`N%K zVVvu{!L7+A++bzO+{UvMgUjTYmsBimLc_Kj66w)WKcH$Tj$T+$J|5lyB5KAxkR%`{ zK1hrd{9@)=#g-m5`TYL#l{`*oklqgPd|})lO-{DffxGSNWwnY8chyftVFi8eEaCb& zapOi)^(Pf}wiOsTc^x0c9HC5(Yq2F}DSz?eY!9}WKO5U|uh|vJcu4D8!h#*ihj`f6 z@bfN)$v^oOwS|oHI=wxd`Zf*F1%JiFfE5j*3Ho?(yM**f&!$Pv3X&Li+qKCS0M-V*_sGy}~4jAO-qTAr7?t5|K z4kKOo<&VWlB{r_5C?{y_Y)rEqZPU-!ZiRpAk0)xFLxe`>@V7FJ0wtkHsyEf4oEk*W_nrlbz8WaIq@BE=OV%U zEe@dgoa*wS?z#<{7j*Fl@)pSy7gIT%fgs%jTFF{2!4y^uDTMop35Rd^TN8r?UQIJw zmoI@;PC=Y zOGcJO{O#*0#+oGblQ586wOI}-|F&UTTGB;0?WXeFap3)-4sy$ktUH`D=OLqyD zl%}{0UTai)$QZMM->j4jQM~vkvjWx+qTZg^RIBqh&6Hzuv!s>~LIKZW%TQQNGF|k+ zdYU;sye?i?=z*Qp9D>?41a=5zo(e}n;P~hke8=e9?r!G24!qn!9ZGWQV5>n_xINr- zej_E6>^`J>}ODVx(jtbvq zO#dorIfStltXjQn6wrWX#wmG0mjLY17#AHeDw*D1@!}Id0Z>U})^S=Unzp%NG)l?~ zI}*9aaz%{sWbwy`!q-;Lf-?6Rb&P~s>_jBed147^Ljt;A@?j2!4CU%G(|dF>)B;7` z2BURC-J(j<4V5LKB?k=&?}zgxIdOI(9=_?EJ=jPq;>r40!&CqWhuz-Q+$WDLu>3ds z+~BEd*!<}qn3p!(zZo2v`_6qpexja{@r-`ao6uorJ-)#fNbGP$Ok?`qy%OX5S}Z?Q7U`K$P*?1#R-N6{7&&8!aUt?W<`9c3F#LwkN3_Wi=CNH9LIn z9Od?aY&&?kGIX8!a*aCXQ=v|w*E0W$VheD(nB=~-K)Di;rV;v*a0=m=@)8%hsgyjOoQi3(FwqbSx?SOdLqakn) zNr4jwkqdbN7F`?Elu+2kzWo;OdNE1Foi6(=0ME0{kPO>&TC=?8u>i8u9i;atp?ATD z6KJk(qJ4LqaiW+41zvP$osdxGHTj)S1kPe7Wx#q(ib@m}rRs`Pccp5P4Vq^(iH(HIR3=s$c}n1pR~Zl~(Li8UQ`+W@p& z|FrAxx$Lb_$J{|ROjq4?Xi}J)&lOFQx$l5YN1ou@DOT^3lh6;LH+IpMPQh(vu^SC? zva?AAu?T`jT;GkwA})AvqcejKXQpU@3Qc;UFr|${wZA1My~K>E>JbM1ght zq&vripD;6Sr5g8tnmer4FtxGCPX4Dop21tIUq4gd$Dz&6V@HS-+_1oy5ild)5fW;+PeyA{v#wLqHtyIlj$`#-Kt!$%8Iv}& zM{4LCE*We@i1(Qs^G>a8Xg4G1MAQ_ECfMa*N_59qci)i&;t;?#^~9K~7uLQUh(7z_ z4#MT!AY!tOYdiyAy>s|d1}4lZ0w|2im+u7^U>1nLkVdXmu9P(dS1`%M%L*JGd||g` zYUU16v~8XyyIiE_QOX%UrDcgMS}3_>@M0G(IC1m}OwXq9VN14#=VZDf+C$%Nz@u8& zKWOZb8(E{Z>RCRrvaDrE6SW<-r^$@x3OGy~cjsmXCo^UmrC)Y2Vo{k$MszmLW(D#) zF=)~pPbxV@q1C9>BGVbN;Fg~fzWF(*ijX(IKqAzR4idxh`Y=x8seJZ#0)9N>Lcx3& z%;0AN)U@3xMar?FtHOg%qK|uCAXLnZq|gk^r>X>pHQy25;TUn9!;Wh(F;ZwA{#AR* zbSazpj1+R;tdJ)M)%sbkW9DIsGue&}Hwbq3ld_t&;r~AF)=2XZe$buG0 ztWhYNFf}zDKg9|sV|ItKD`ENK1!pJ^gQmwJ0`rX%87g6k@~Gk=9iPAN$Cb1+so^?0 z6`|v*+9_^LKt>SY+WpDsHcqW+WS~p%Nfhk-JPiC|Y>w?02-_Lk`-WOR^r@lI`u9kU zsGY`_rN1^xS%^PPqgC{wlsZc`P{Y+JOjngksnUtMBUznh8Bb-ygu6(S=N6eqBz>rk znkZ!@ASn!feH3~w=inKt@-RYZi#&p+;4stFnT7t$7|QGNXR8Vlmo{i(spH5g$E2f_1HbN znWEV42Zq34xlk0`9w$K-qMXX6N4{DlB;ssg}m#EWx5SfDxmYWAP0_C8wqph-I zmgyKjQoTj>Jw@HH#=Ey)WFc%iz#%===oWR2$({=2J?6$98p!T>=TKMp>Ykc9;g(>7 zJC@BJjyA#8fX$xJ1uEVy?JdIoGWMS8 zS@l#oy=KhaS$R(_sL3`@`ybD6_P(`yjN*cspON`*_qI$Lyx!a$PS~m^?5_-EHy{*k z@^M(9*I}*-r<&%gm5vZMk*EwF_VuVxM5MCFUxP`_jq}%E-X(O59UUc4hJVH7Mu77P z0)x{Vxf&_#EtM3iJroL94D*iy)iOhvnEBS4Fk1ODgK=$GtLKh(L~U$U``1j4!*yJD zS4_5NT~}@PX)A1!QfP$*JY+UY+w-ZN+75F8Dk~qOOsYAQM-P=qyshVdn`d2@x?qdc zDW@qxU-}s4o+S=8a>P)E?&BV?IgTw^M|cC~(FoOvZd+2(3uuK)XhNMes=hR`PAsf3 zXlWHRYDiNjD@E{96dl-{vkX_OI$gNB$MnnKdQ<;Gc!d->Rf+l7L%Q>G=#b@t?JuG3 z;8u%BYh6&ZXA2i6g-ORP`YQ&yo*5%(r^tKonEnRSLlK*oHPftEf}3Q~gOurc z%~bPZ!s{YLZFt{~CKY0u1%C&wP*ShLTN>RmRd=Ml3gp|c2i;uQvtQ3vHNJrZnm1~YDtq)F1-yyp!z zO#yfiXfhUGcjo#!C+?M|$`hoph9Ej@gkIniOYVuC*kqJe&J#^~i7_#kV*=|A2-SpU zahX~x_zt0J!Dk}-g0W=5H;j78aunPGzr6Jq_7X?C`bU7h#nP_%L}jzW+i|@Vx>)4x zb8C`w;C~Oqu`pU$t7wg1YV>g)d733y7YnTv*Ba4u?#>n{SJ0jSs6Zax<@HD8tSZfy ztf0Yju9GNdC42n-he$%Q8&^Vx3;>|;GnV~7izNTCJe-a!1#bZV*PugLLAb&^S*I}7$a+1nOO0AQ?R9zN2kXuMPNSJRn zg4`+CV~R`WB|a9ex;9`{4HL(+-?G{J0}KCN08Yhcfv^-20D1%<kuGIY zq*r@D>~?{jnlnA)KIdw~(JPN8C(SA#mKaj&Z;B4RsdAOhG2JZu*QvL@0I&`!~ z=5S%ko;;`QGA<2z-}hp+cDWaLr3D8Gg%-M9#KK{{hzKWY8%80n*(p_slc5R#7M=bU zU+5ltIu;e%f{vX~-%)cwAmpjy!z9PC)l1~ownI%8&6p-U(W4k0?2BE}T+@!c$X>4X59GNLlQHAx@Cagsdw++3@CD zxPV@)%oM`q4=>6Ax{#H(R>wZ{t|K9tOP2nhfTB?^{^5OLGmi!*^NT2q;}|-3+tsZ7 z!%n(0bmDg@PFaOI%M~Qy5CUfYB_U`T6Dyo!as^r$v762Xh6(s}5crt1lAK923|~zK zZbgBMmx=#}vv&&8EQ;0yD{b4Aw(UyWcBO5*()p)t+qP}nwrxz_zCF>?)7>{>=HZ;T z^Kv5gT5EsngG!hqf{#th1`_VQZ2*9Jkvw z)|NrfrHimZeRld*ON9klD&xv!KY!u6IIU&TSHV*Tq*Ho1H&U3mcZ=Plq$2V1nw#Ji9@}QA%CeYCqPL{e&U+VxMDFWJCQBevzbZ%JYK%6q8xFQuh2u6Y z&3=-R2#w5bh!J*#?m7Wv8$Ycv&!)M{G=l&sua#?2w!tpzc4a(5J__wzsMXfy21wg!4{iGlgX{Z zC?=x~sPgNMMM348&MjtmM~lHfsI?AnWmK}p54wh&s#i7{cEwlufmrY!LwS(C7Dg}j zgO%}XUzP8pzpNM0AX`Edb*d`BsIbHg}sPo(zy| zU!h!N3#nX7tD<@h#@B-Wlm5;zBSb8bpDwBY_mlBYvGV`y5P zFHq>t@nl4K>dd2J@(mJUBjL`E2mcb3_NInAXv^WZ9XmvDb3^X+(O5`*kW{r2Fr-@~ zXMXY$@|03!0}6%h#y$HNOeQlR$2aB4dBOm`{Xa>02qNEE|9&%$439V z`u5*9$ZD2KTFYoUV#wm5;gx@T&>?a5#U2@oTy)Mb<^4r)*U?s@v>`d{9ck(8CKCe- z!>#9dw4Oh0-on<&=uTlXeTbM@S&a8akH3Px{HL7WKzMBCoTKRce~;dUL=CqcXL&wt zSytCS@rC$$y*)$xlHJK7plj*8F)I=3{6mpB{!n!3bY1E1-R?S;btZFA*A&~RbT6uz zr1KKujZR%*U_L2diXVSpnBsGl#Y@o=slB-|bU^9}j z2t#~iZ74a#SD1^{4w}ZKRRIJ1UPVF>Qqzr8X?AbW9Lx&|-Jrc}d)5ilWNx2mjAgz) zVGQW{+a>wy%I+Y8~u^QZV$8&FHl_;?kKa6u!g_x+-!J^mf4yBDG)#D_3!j|kCw8z!_Z^o0fQ<4Q|Xot7WdCmt@ zsUDM-E*0TTSu^4nUglNl+GE!oU&@5zQBQnn(lo`zz+7x4xr~n|FD6dG=F^z&d?I%8 zU>zhzohCvO{usXW3=Z7P9OhOnw;lLbn`8EKpyf?Zq9yK6(gXypKb6 zWTZ3KX-N)6o2Ot`8Ajb@GFq9BskZ2J8DCNEM)c%5Od30luc?aosE>?xrWA{4@Kd2m#AHq^nmDIv27c*u6y3}T~JU~g(rNERf%N@Xdx=-5Kl0_u2{128#aTqSXmxJv)Of+_2BrF+25c76#7yjPw$tr`;&+I<`+G4)%OxYB?hR#dz_1VVkF`gG~zumT7dLu&IwPN5s^B{BXycZ zZljp(6!;0x>Zm<)?ifsMM#I<^2I&gohQCV2)Y3FRzmaKhZHcbXzm|m3=&a+r8qY1K7^czU} zBSRHq2kaf4f4vV8#qiaiKx!{B>dy4^H)guXbr)tZ8OdRoTS&?*(ivZG@T%5GkC)<1l}3kuK8 z4_NB<%NwBeN)%-X43cs%R!&vTQSTMz;}c47>-vlP#_%K146wL*z{OK7Jk$;me5+LD zIO~{gc+0E;>-;Sej=_%+{aZMPZlJN_8r>1YJL0#a-o^;;17lQl+dEGse$nRK{28Fp zBjpXSfEPXCfk#g6v1E6afNDmA*h$`OYA0y&IT4oTAu5xps?VT!=cPN`-b5b0vWYS;{(u}6^v^_aL$%E>bUuNURXsQ5UryT z@Ai!Db-8x&Y6=LN<3299M9G%y2sIYulqz0>RJ8H+g89)QtM>-&pZ|)_ef)*m%zfrq z_Y(1m9&JVB^wH?rw2wXV9Rfx&&sjP5AV||jiD&+huw7olkv^e4JF^DWsL`Rx#~d$7 z4q6aPM7aOt8Ep~1lvd<5Cu>nC+JvM|GkTohVtExmv%S$eA_JI-eiDOrVwV2oeLf<# zKmGaaJURFRC~@EBITcCHtzL>Bqexd9G?ire26;&-;w}kuvnJ?h48yTfS(z+MzVr~h zHVw=|D1T?SU=h@S(bw~SrqUkK7pg9g1h>?V-YQ-WXUe$bZ?75=xVvGvW_qjuJr|oD zBz?*92-`t)f9pO5^6&8SeKthQ?0H}OCm|!Egu*=);@7WY#Q&<@|1Z8a|D)aihZm&P ze>VC=6&)oMHB28_wi>AoWoU5JI2NA}P(a?G#c$eyIZY7FeD$6sx>5gfDgV);wNzc_ z52(&l>0*oxw^`kV)G%h}Giy_>Pl!*jOc#%8W{d24jW|egF%u5c=YvnTtY`13_HO>~ zL&kq7>aaZ!B0+j$IBQ^U(1(Z0y_5wuYMI=nc}mhUiQz@OlOj3Z3sf4iqJIDg6Hb4G zLc;z<;mv^crQ_BwkE`}NZGv$n6Vl7IN#fioX+{qq6ACd5bStz;}8zd%?StRMOPy+?#n5_uSuc$G;E>#mp zKyqSHQ=61h*pXzdpJd>#I2{ZUCp04})v68iU0|G8t!3)9=%eETO;RrFfVvE_Lr6*? zLXd_E(dhED>y#lH#J&BC0*x!str;(T>=VWET#qy7AoAoUK@7Lm+VsOpJt&DX#6(}w zPYgTCl={Ki0N$rhVM>lP+==yNvTbz#P`I{+LanX~R7$xp#u_dy7&B`!I!+5zI_h=v zllFhf3dVBIbBQtzWr)_UM4*J(!jmv&4YYG@#Xog9i1??>#3uf3ILz368%w!9Pf1_{ z8nWX2k{{OaB0;3VbkVP~T0dO3sl#6~3AY0Ns-XVNoJX1+$|3l5Hj5on8`eV~ky9cgzXnd=J0s7RT zNCm6HWLq6#;o5QKY-5H0+7XR1$H=iK1r_(P}fjQ2_&2Vd#agjvUCZFBdPrc4khQJ*V6eqST zHD6^pyGF8gkRWmlH}jt?4tbN@A`<2D{7Vz(`y-E~#56ig{3Slp9kyj;vlxI!CMr@{aff=bD*jl}1IXQoua`<&40rb^;Zv&31$TJC-?W zeX@5w&oNEG`_R=x-YpyuZ9hB6-TFfi2YiF*MTbhC-_-j)RQ)UF~ zkn!D*5$!5f404iB*j5$`hTKQ==9cOys9Ws!YNIEdw_4mCjkJ%#tIM*OjV~ED#FE{P zqyt=tuLZ-#@Q;AIN{ll(Iv1mVzy~L^XLLA_snurB6*0c`iwqrfm7hfP9&nvX| zr^7Tj;vIAKW*KShG7qF0Pm=3+L4hM6dv~5m@9$cgMjL%{W{fx|p*_2cdru>w)=kN2 zI1=(p;?JSFCgEEP7k-UEWQXT$^70&;%%6kn!V{9yRTkW{Z;(!wFdZRJ1`?N_RJjHu z%C%O$Ja?6wV>OO9c8T-2=XHzI>e$@eD%d}ISbhX*-=v7(P=y)5-%t27`iWVC=ME5O6y(YB_S~vo@H$`2nZXt7y!euz+om3g z00a-Y#+{=Qj@((R6b0{T##u9lj^QNRJHmGjgrZbX3fh<;w(0z2$_AT77hJ0IHaJ>6TnI0P(>xeaFf=#2{c z1zHQi_tO}MHLn)XiSs=F38J6riM-o1NZXFGt<(E1H%wXB1@P2{=@%lSJ zYuYqR?wTK``mSNksL@m6rW)>D4^j;^{8wxuT$HJB^3hrjBPfcANunA z(e=!)Cn|*_%rNjUTz3>o;z4Wlc{X%@&t5{ZTX4xE`{;d(6l3uF9{}Nou-{$^%+#^h z^DKc18lrL|?Xxno^v#Ab-jUjeP5exZjBkh%V7NxB_OXud+>WhGuH(CPTMteXG+<+o z8xR^g-2fnjoiEm*Sh#f3nhXxy|II|khxCbFO+z9olYxX>`HL$Z~DEiSF%aA&H=BSTP+i&(n0B~AbGg&HKE!`(a ze+Y5Uz@dGF<*V|lUQ=PyoI(2Kub*38hAoo?@Nl6)=Mnaja&uo9S`J5L=i{>OgeMDC z8N&~>YsP9>Li!87drYyPle9|=+8SqQoZ8Tp#;NG&23yVda;BG&Gt%h#iorSA{0XZSf%R$>wF=TROC>K8?~3Cs#*b^llEZ@g0QL^R;!Gf>yAp@vcrt zLg=(${m)hC&@lLp7d8%CrfwxP)VQnlzpdKbt2L*%=c@u!%|;GF|8kTuvaxc!#gxO{ ztyez>YBRj0f|NZodqfM2iu69xW$TVaj(Jl&B2y)9`Nv|f35roY;zVF0^Y8tV!+SFl z&L+lQ?aS3GCFtc@#=m^V%sUa{j>?aBndk5WlY{_ne*q3(dq=#AO`a=$=lNmS9+PNp zjnMx6ZITn@OM$-~8qyXj6>%Ep$yneWL^r5BO+AnVT-6CQyOn(M9%QS@(#uxKS^)(% z2`<@fSqKo~zXpzG`={mF(?L{9x+5kS(@rubzHBGxHli!1R4h9PR`f+Q z&Qt~W1e%lifZGGYQ?N_#ngKYV&gxnU#J?TjW-|H!p@rs?G9~{W5I;i$Pu3-B4T={O zDqvj*U!lwp)aP0eJ9~K3x9gm6_Lpewq6M4t+ zBx{o=eArkc+Ppi8VJ4 z`h}Nz%{`%1tSc;|((Zl630%CE5e?S{UL;=?VLJ=@CsgL?)d>ZfSXTFI@f3Ry$MQSP z6LR<`Wak0XKV$Wg`}{*YXtk7W@(3dtM}C}`)m=WA^tG@SN8tfkeSb#n$wCxWxcKKe0V(O_nD*qWw!-Edct48R z1x?nC(rJ15U(rC;Hx{qK%<3lhY7D^HsO4~Am>4Q@s^r8-X|D@g2k-AmDpu0q_rO)Uh*Sc`A7z^*`K@Kou^u#H@7xFK9sZQ=r9@tc$;eT}eSI?TnF4}s9ktMwk$9oO9l6KV?pE#5*A*yafiIf#G$Yefs zCZQs~9EFDiE5t(`juneDXp%J??~VP5L@c(F_q4Qm4P|Wz%1$TZiFZo@GXmmfO>5ut zaLz4uk9Facm-4zy4B=KhtT(C458zfUjSR5pxzwIinx!3iA3{zx_p}6yJJ&nT`So|> zd#>p8D^-pQ`xeUdPE`V#YiJkzxL6dmI%2_>d~$5D!$4!W)})&yInV>u$q|ycwttxi zomNoZt&Zt0wxu|zWxJyF!z6^DmGoC21jI^zpU0*ct!W_X(~79Op%EiD)yD62NQq#k z4ny-*Q7|CG#@}E!t}NH$WS1kUJzoL+$Fc@?UZJk&M;to!BNF~UFKd3hJpSh_?Eko& z2#X3RIq5t7cboc3btpG&6|}EyE88TDHd*^M#W{3)GU|qyo&wN0!QZ5Ci3tM=q>k z+SoF#X{aVT)N<+Fv^APW6O0TPA?9|^je-3pzFgRPQk-Web|8r<)xC?&RJFYk)K{mM z`=o5GwTNOTZry&ww?J@?Qn;E)p~aJKZS~u*mNW53Lq^IS>Bk5S$um{r!V~Hc1gJQF z5~D0YSW6ZeiUXCg3Qt%uoyv$&!b^F7*v%;3FUa68pE0J3KebYcoSQvc&t;%$5h~KrGd*O zT;YU@c~EI<11+tb1+LNgQ}DG~|ItJi`G{b!eP;Q*GKmbX{vJs$c_9%FRG4NmgW7?i zM5s2_abFk8nSnGeCv5egdQ6C+a@I8ILbQNoy{xSO8~bA+qPj{RK-41m)DUNcqHi!F zf0Z=!7)hZv2@l6~Pl$aNcriyp`4-(9lLW;W2RC1(p^wz-F{~bOs=flA20Uw_7S}{x zQv;QG+QOlza88L~rXR&peYOuUJ<#^Oot*d9M8U8lYwbM-s8zRM9H1(bh9G_O6Jte{zAA^Ie z+Y>V*o?Wx=UqCb(GN+@+C#({s$`I|DAlbvLYuPuVqj1^dbi%X+>4*5y|0Q=!mOTg^ z8fLFv0&rsmj*azYK&nE&)6KH~ep8hzxR$~dy&990ur!v$l?Axqx#F~lF&rNRibJ0{ zZD=hpVx1Gq#xf(g7)JZOlQzP$rOi)H=6wsycDrg9j4kxI1=I=uF}8Lr4BfQ-D?Y$Q z*+h*xo}xI`58g#YtIW3O<-CU!CCUzAVCrPelQ2c1AxkY~dLK7B*6CyvG4)Y&M3&YV zQ7_b=@MN}eG4fE!7+)@EX;1{a4Z1F=MuC;M{VJp7p_2e-Hw7vPb!m15;>U@fc_7Mx zB=?gVZI|YB7_yPlyQyrF6BS!6VlK`RZ*zuO-gRF4$rO&`6t)irPviw0R)N7GoK|v8IQ|kwB4+ zen@!o!RU2i<`epKwRjrG9Cp8Hm+=U5cdA+%gnc$}yr#d40oh4&_9shY5(}*6xsIxW zP8J@{=yJ7_p)2+pyMbsVf^hld>pyWH>kij*Wf?w)7X4%?6HuDc>u2JilE09LKM(x+ z!M5w^pHCGz-H#TI$sUj5FKMxzUrVV}1U6RoIn%I=DWhmNGaEd`A#ujdz0@+QfF)a# z?A$_xS}2DA9aFW(0zCp0@1=;sr`u)#tw9^E1Drugd_H zUbbZ5Z5)P$u5Rn&5zHQcB`SBpZtzSKf|b~=3Y@E(_%4ScVPwXuWBaRrjAFCF#G2BU4PRELf`O%$JJjNbP=(~AT@E!9xf$8M0 zZSplwlb+q*LV0-MXDc;%v{k|dFW43-)wbL+&r6w!HLrcfZ|Nr>q(o)Z`S>2y^1W5`lhkuFsmMt5X2dV^TLqX*xq20K8= z?mSk3x&9@+GCI66fCP5~bVFd&6*cYXY6rZh6!W&gAlx`S{hR`tn&V5w1@Dy5n zLR};IT+5x~EdTSp4g8s2kUYTFXa9>?!*Gk8QEhk*B&DxW^^q*fur-q5wvDP?O$AN2 za-S-f)DRvB!VJ~6t<_-0AC-P(oiV~X@cMYI{6742+1S1_K@FWF611Mw!Af z(KD`&ASAR6yr8hPskNmc<%GOBngS|i<>n~svb?0;Jg8=odUIp}_ET5pCHRnY>;D*= zy955Eo&7*dOc?*w*i8I?7@Pm!oFo+;TNE)=UPEr(bt`eJIQg_c+K~E}Bq^vM*47(G zD9E@V&Y{8tF-e;eD=wXumBXZ`*(Z+g)QY9fh~gcpd*p;@_NK0usVjf*dDh;YkFuCu zhitbxz2I^}Gf{~`sX|LJ1v3aOTO$1lBl_->R_IguXcmH&*#@F)w2J7oqX~7JaHW(n z^E7S90ibcvid3=!#vI#fU2RXJxD=Bv|?{a}|U0M0YM$OwOC zsv(9cyQ}_yWp+Air@%Hqta=Z)2y4z83$`}t5$73gQ+$Uyc(?JBj2)D{p4qZd zrFEYajk#rl!J;tsW9Ls2ok?YR<`QqSz5tKQa4%IPqXb37_V=~bH|Ik{6?D8IOEh5# ztE?r0WO5E#14V#MwHEwE?>ta)-=Dh$$6%{~t2O%#8Zi9Yor|mgQWK8-Z0JrP19vCL z5)5Yrj!7ffJ~VPX_SOn7+I;jqh+^)K_JYlW0&K=2M_QP;*1q{Ugn*h_{zbd8KvzVJJ$GE0dzm^Pa5eE#pI zD9E(XTU_MaspN5!Z$b1H$bTIA5?P_yf*%tl#h+!~|M{-`zd!WK!U9fC4(0~V|Mz{l zQ4_{Z>(JeYUt^B5E-^fl0sxRnD6j675m&5H3NYl34BZD^x3`-^MtxmD8i|WN*!iP2 z25Hy{PGSAyvnaphMBVTQ05t=XCj3tGyCz?)iIqHkO8Z;KBWA zVCmI%`}2M4o7*AF_xzR|$SUUZ@Fr*CA3G$$hySaZD1wL<^6Y`x_!NkmW^F}JH)mFa z={lJ4BU}Jb3M3{4LLRVyfHe*467u+vX4R+>xmIv}Kdlak4&JI2m(O1!ODHeH&RIsj ze%^U_S)+YGl8(7037Dkc1c7q0StqZeMbXQ3eznG2}gy zBT1Jksl{lgSZioP8IoY8yge7eOxPCX!sGM(gC5~{-4WKxtq;`!D&VRRwW7CLKC0oM zy$aOjA+fQUYLstpzkj%xF9nsi%3ST~OM}P_2I_Vq-f~pDYsgY?S`hgtsY%joT&-P) z@+?RMQ6~GPM&mi$7t*BlOGZtXG@!|sC-!EFr%k~Eq}`mMjgs!n#p;|o%g6)mHC2Ds z{rdNlrs6~MIQc{2Rwx+uQY*)_JWQ+C++7hdN;2=CvjT)&ZCyLLlbT zVv!Sr=Dww7B<$+c_+u(?9v<$c_yzb64w5%Z51{m`w&CVeFx#Wa3CFF;?CNu)^o1lO z*ky7tq6;HaiZXNY*^s8%SV{r1Y7a)tnC)3_i>hcR>`V|sE+_4HP-KhhcFk7M(~SnH zHIB3Y8#`mr`*h0^5 z{0uH4i#4BaN?Tn;>J^gu#CbSzB}gh}%>;oG!!Vp_cjG%fafrzH#2*SC8S%r1N|e8O$wk+Zu6Y@~q1fI)mP;nH?XBlLgmOgwNAvW(T zE$I2dF>kv>C%;{*1pAVOa@&#D{`{!l`#l4BZ*k80dvpTx6%{b1N@^MsDB1ahaLmZ% z^1TWler<95ww_+{v>WBxH(-bU$b3`nI|yKK^&)t?H8 zz7=t{3i=L_=H&?>G8@waG)_T6T4rl%H!2_q;I}dU#mLR)S;`(Q(_;n5A*eAPi6lW2 zdN6xP88x=)S4M1EydA_`bR`oyt!YV8*v0rNQ{1EN!{GJ3&^%G(uwJ~OwmTAJZ!FNd z(gza!s7t|{U()45rlURc{)O`oO>wK}TE%o*<78c6BNu#&nO+Nt{?YB;>@9o& z5vwd?tFGSYpzs@EA7NSg4xznK@qdT1+nK5j{|N#38f4FIwtI@X>J9&KO$PYp>LT%d zCyEj2cyDUSeBc1dBD~9VjM=+h|1tVIGSEHm>4AHCG&Rk6zR5Ymh`73HxyMSD9KS*K zrDVMt?-O>uu{7J;pI|5%INQG)>fGQP+RUvyRqe-VBI} zv|wal);E26tT)>x?(hNEIL^EfI}N~B6}cW*0ixzbG|ppe^-!!eGhj%IDsQbnnZ%E% zSJP0f`@2zKw%=Q@nUBz3jp_&MDRunVBYva{?iFA5cx*!xE2-(Zr_n@Ay`baB1_Ykl z?}MPOux-cYI>U!ge_;To_Rar%%{=R;3os^!ay#FuHA4UG{oBlkoGK<%iz<#(Idwie za;S<3nmd;EIx9kBKTKjMX7OSKbgPRaHf242x0SON4i+NQv%k z!Yc)!GwhyR_i&+sG%a=VV);%K{B6@ri$pfshrEWQ8rYmYV4iPdb#gNSB=CquPlg{+ zNEX-NuE5w`3zRNoY?IH;$#_KJkb5Qbl++W^2Vdd@G!K?Kr&lhWZ>(7UM7f;?*)+v> zW;?$ZQ%^1$`rxSHDt{lA#&9(p;_Na*+i0raXvQ^A4~xgp;>NW+$*gnRl(9bAPUJEZ zrejPGP4`}@H?pM~LscyKPCH{Bbg>N3AQV5Y(Byh^pvnJb=}5EdMX0uwohCk9QE7iz zHrD5P$|G{6Gqp9>pWcQnb))xU>w?)WPYdb;u=qegZ@d3K{P>1G>fZZU2D@kH@U8#* zg??Oo?+8@3T6A!XKQ#`0q&wve=E#36+PiVUBhNrz+=aK&cPseFn(srmQ|&R;@AauY z!F<-L%s)+9DMz(JTRPvYB-U+FhfNT~!j}1OcEtoT7f{3N*6ol8ZxngKtxY`RmI!g{6tbe)qg+6p z_ig#NH8DHRS(i|Z`YEHVOxY6g;8;|X=Xyy=qr6{qM7gjUF4JjAupm=p&>niN+@oN! zNNeOtE%?G>VIP7%Z&vTnSubr-pc<}Ac09)9F+5-ZHSTbynTzV*;in0rQ>W-$!D5b< zs1@K$%JY-z5Nn)Gdx%xqFB;+&F2qx84}H7|)$fVBRrjvLZAF$%|CedlB#-sJSIM67 zT*BL3qi^16?9IUYiu%y}5zW;6O=j>xk4j?Oh3pL`{FH!BV%vx8ZF2BIiS$IoyZL;E zo%KI!09@^nIozkJ;ABWc-p7=T zR4*00COzTR>L84Tv+zztvFuDOakh1|oIq)1=?upGdMM+lE~a@+jV)+vh>TBYYmM>& zEqO9}bO)_(pqwT>8(G;$^%s?l%_@sTeZ^uJ>!>>odNh6`;-4`$hsKWZn?2Ix!aCU{ z=4X{Y@ZYv|W3Zh3)x5JN0ah6{(G4SH!|a};vXsVb%fTJwjOwUpl*?n*HPbC)sZ|a| z=-0FPuH2!fV_=$`u`p;Dw8zZw11ub7bMwN(n~~UjTg~~c6|WLwS32)BR105gl-jp3 z=d5s}pbGIfoO0;;guV5mNrvW=rj& zE#)cTkma!NE4f8{$@Nw2BuORhD@iv;mmNM_5JpU&>6x!RQL{3N<$o<>RWSZ~58fnI z?tbeu^DHSwhn$s+356C*NRAv401ZwptLbf={$ZRR5rcHMMeWx}xaGEN%OrFpvEc&y zwXg0mfY|6Boz@Yz&hPUkM%eE;SoDYD4;PIF4z$_xrb{swItOyhez9*~zs2i(<>BIC zP;UjK$_5yoqeV35=O*~So2*o{vY=qCz zy`n)%g8l{#Iv*Kvi;C#2F@QNl^frRzrjF#6Dx2RlwUZ9(L$K~8QF=tXHTZKz{|S6~ zli#&6p^w)dcdttb{YE=3yXQn9{mA(V# zSZsVg?kcAyVJ8>!ctR%pKe_~)uk|q}EgG$ZPVM{oyKt5yEG}D51$XS@9+rja@H~g5 z9*T8smwv}W9`!G96rO<%e0i;J1j0xsmILCznCQ8SXcR#{0m#-M@J&g`RyfL5Jc7OZ&<%xOSYkRO9A|<<3K&c_ zE`g^v}b!QJ=k{k8T~U$4fa z9-y8gj92SBq|viZ(0;%C0UO+cy=x_&d0YRhxz-fEGjc z!n<+i39KV@7UhGgROz$S{msa8)I0B1wphX@tMAOW;hQITu14rhhB0T06oOq2koR>l z)u%g@>x$vmsMO={0F!+o`?#Y)AEDgqbyO#wHcapMr*mfw{wZ=9$fu>W3}xQTFFr0? z%rD;lDX><`%a2?qMOT;!Q=|8m^2?_wJXx|Ew&ux&J2TbWV#a=v$8D>R4J7)!!p&l` z!C_6vtZuylBE!Xyd)r7=roOqghcSAW8y{EfQ}Z(Aka@aO-i~fN=7ddFH?QZq9_bw@ z?a)}8h@Zyoef7%2pgsL*y)g)%R}p>9mS5LRwK~mYAm+k3V#H3yzII8nPqQOx0TyhF zahmEu8|j>nl9mBD@VaBZ1)Eucr_e!RO^kf!`CAiM|FBr$k=Z9r<-2$K&*J%~UcU%cNWso$et7+}r7`_C+<(9wl$uDFzI0JS!TQw|8-rt7sR_LM6~r) zz2nUi%Q*-8e~;@|6@MW1xq#?(I2_>jTea$9QN`iY0wOLPmkAa2)F}}}*x&#C_Ua>6 z*sNMSuaw-U-9Anl|J1PzX!+1FFnI4D_KNYtu3x`}52)24-j6-VH5!5J7JB;p{Q&uy zb&-(uXf>NCyCViBZ#gc|V!6t4%8M_Cp7@wlF~Fl=QQ0WUyjfW2MAeNgJ(aG1^(R}w zZ1K~EMlTQuFXma%DL_7~Mshj9D=2T=?$HhnY@-nCCz^tW3y}#6`ijyLhYPz#h4-Q+ zWXgjlQ)x}5sNy1t&7Y%T&{1r&!7u>hEI6;1Xj2{JEEz&ckDs^L>{v0O*w@j9|m*T428KRG$P8Rl&w5p3iS}u z9ZL=QuyJ5^K@C-R+FLMoDYpKBL)7w)S=LwF`k?VgSZ`OSm!O$4=imfmkG4!vT(UhQ zi^aMk5M>EsjY%2e$3(?t`xpLRv$scZF4*rJ)!5lds99ejgY-j2Q>rDggs-UZ2IT%c zTvOAjC|g?O)L_49idn|8puzPa-E%a9?a>|1@~G)Z=gRcE9xM3WErw#k5CjD%!PoE=Fy?7*T4m};@G_9OXm-Yuu>)pnB&=U_dwh!LaT_(G|)wQ+tx(v zBqRZOFJ>Y-t~#58&FAZjI%>-p7Ji@E*IOIXWJ+ts`tOD&UGLu8oZGKcui49RdR|wz zRLJ-g%YGjDHXm#7Lf23a>eSSs7I_- zfY)N^Cg+{mh(9;q%ASN{e?Ia^U$)YnPjUj!K&9*lsch9g8hgpfDeGszA0v&MJl|jS zk*$)~O=L6qTa;svV>xp=dx;02k+8gbYBpiIMapDDt+!Ur)s$zONyFAi$8_-ks}oW? zT1hFVZmO!Vf7=rp)mFvGV>>z(JpALzlX?<)jLSPhlc}FCORvaRLzph-P!x%Y4($(u zvj-COdx`O|NVG}@t5|M&8BesK-YO%~QMnumJZ6ZR4rM@F40g>fcLy6Bm^vwXfZW45E=+@n77 z{$WdBx60XqS1vU?^nTcIy~lgfqQa zXLXkVcZeFy(lIqw*g}pbISS4=Q~m3$ZV`vw%4WUBUCmN#c&M_y$x3~`smWVtJ#D2+ zm}jZ~{TTO*GuFZ59EZpaO_QdgrWUyz)Kpf@e%&sbxrE7T7eyiNe7fMd`93aHIb)jj z5ij1YFqmRKEcgmiH&TkWVXXzW9L!m1We5UgGE=r=c~oA*8^CK+#~&;00tW|Q#LUTR z?830MZv?mDN>R>+W0@G8ID#E1QZn#(MtA9-^@hQ4UHaS6g1Gs5C3hKW9~uYmEQ|Sx zGgWwdBuTltyq|#$aw^**5`*cVlDmb$7urM|X|J9AWPjP90__=NrQKpiYOx-M}FEA5SN4GJkz2f95> zyY)kfJ%%j*bR@V35Vlb$V-8L1;_t*z^2fHQNIpcqM9+*2_RHX^)kiq@-tmD-2NJu= zpmQq{0a9gI9rOeflx1#k`%Cn>pqNLS?zEK9_Ay!gYTy_$%j)m#{E8bBx(OQj80N4t zURIW!tn@)XUf1s5x5$}Vf#XX~Ma}c0Meze~(216TDO6<1Fzb-Pwab0yvU!azcV~{z zcr)I%h%_9hT@~%Ok8QU@@m5w+hsdo+uKVdu`;!y!f{QX$+)|kY^3I?#TB=c2jhlzeUnqrM#_Q415&-vc7X75l(m6+$|gA&J?g!_^kGA zZ;@0{c%=t!g{eG)m=$9RH_9x6ijp!ptoE;O5b?6ZP_(s;^pM6*l`NV=ta<#Sndy{@ zMsvzT*ik7v$8Jl&3ly%h4U{wa4fYvvjTd_u(y&e)C{`;dr8z{v_g?~ogI<>|pQU%wqCgXeKUm}90e`Lo)+pF`<49t(i^*9;38CSd}`y5?8@~L~mxs<%T z>Mumplav@-?K1QVQN=gLINv$2g35@Kc}m}A``J!Z6O<^iG#~d8eWBHJkX>OdKA+){ zzJv3i>T*n(4ozeZpB3w8>vECXnH+f!+jY0rULnZ`yL8GJi|iRxC1u`Sru*+N?EWUv z79RGDb~4#i{Rp?jF#JuoC?5?BQ_l~V<~HL-bDGG;j-Zj9iHH41lbP*H4V70p_C=nN zckiu{zG^0kTCTTY?MqgxMxkT3QXe5f-wn6aAIUox^H32V}UG`K`>v=Rbu#d_bK5-1Z4Kj``N4_5L( zjyG#4mXfDl4oAj7#%)^)NYUl)h&qXDzuX9e>OSHl`S^ z$(&zmfM=(mRK-5;QkkWI<4zvs(WyTXPHc@U%)1j7`?cMY3pXsq7ujicl zmB%QB;^@i~KVxcJ$FiLL*R9;M_sajrz|WIqKBYvvPL6wW%uOJ~x^N>&6A^c*DhA0) z(v`ZUIY*f8f=8{Rqw@da>m7qDYrF05?%1|%+v(Uz$F^;&WAE6uZFg+jw(aE2{k*5@ zoDcu!uG)Lo`n*@IIj=d_7{6h7Bb?wWA^KrXyTyX(URkBpam0l+Jhwyhl$IWM9``nf z#Ro!6zo#tc938Xv0;%Kp+W8!zpjK*#q}b0pWo;^z(wGt;SB+A{?5S;$zN0k5o*)g7 z?ua8Y{jwHYj2pu|DAG1vOT^VS*}pPc440#vgYPZ@^K4sPlgszzR=#r?HOP{TN@s`H z|G0sA^hTyknVU~u^2&C`y8Rsl=c#-bL;E>t6Yez*&myFzi`wG-Jl^XPxO;5jS+=DA z^;@vzJM;@noucFja}2sf4i|!UMZFT!+k;`-jxT$AQ_QT-4XxpX4qb&G=zBvOQuOFN&u$8}`=)cW=F$65Gv{ z7fAP{ra@5i4wqFePu=9MAB+9fo15AdzCM%{oQAiZJE!+CqjBtppL~QZdaLFAbCgwO zDCAZdnVTbRi7UYiWt6tOn+slx`aYoP&JP<|*}u`ys5zk{l`46yHo0k{m7+7=>%+J7 zWD=TQ%ZPm4z3r8|F|Lr4tYWL~e-{m@r%x~Q7&0Z&D+Z$!@g^F0$3>dfdtBw*IMaw> z{QQxaQtJC-*R1GM2K==e5B9JbQflJey@ahBJw^9ex1V5kSpHYiwI|pTSyuY9_Q6H^ z*~jFaPqkq2%f{}<;=zsjXz`!VN^(#H;`G1{F?jnyjmla`ulRxZVP7{ zAHz8cG!{C{fxN-Oe6@8oMXvC{!L)6PB-X`1(b{)JM?vOpO*h@`Oo~DnZJOA2dx z3wzwDZqSHpx{L^J_d8cbA=jP67VPqCyb6;cM?A`7{-Ep9kF7gA|SiwSIi z9VDMcoSwFj*5dwkL%@nJ|BKh3MYkWUZV0BkKZ*B(=;+l6siPtpbq7=E4abui4@W7= z6W9wf{I!XyA3@dxdYlv+siOj+1ML$v%pZA#gM1=Ky@nwW9Z$Rn%e)E8cnO8+5>>7; zkh6duXP1+gFmbgwa{~s&YI8~fTVv1alL4BN`Gq(dfq|Gx2xuk@5z`C-8bp0C7NN+@ z%N*fRCey6pbj&Go+rm=htR9F|&mSC>tdkL5{>iT>XnXZ$gGY9Ze9IxoK# zcPO~7P?WBW;+sxBs>j#l4a<8R2I2)rNOv8=Wc%#u8_82W)+WW|vaoc@KR{$Et}&s- zY*^`d0|p|jzSyWsQfa4y(;uPq&piG=+|rb`a?rX(RNvWl-f??(+C^JLle6iyq!-20 z!9yA|9CvB}IW(yVlr(3Y6oq;hT9?~Dt5WYJAgN2c2e04E3UM1|3n=Iiz7uME#H~M< zactXBE^m;*m11^KXLmMRjY2`#(65xro7CjbIJCWRxSR2NSl2YQxTE!#1cXasHieY5 zr8uzo;Hd2&V$Gf@URQF&PWc2k`;*?P$5T+2ho>6fJ5sYfUoa1jsNdfsJ>4Bs`2q8f zMP}wQMo9Vrw8kOV<@QF!bix5*3EbCSRK*G<^s06%INs5WS8TiIl7|2$(e|(z^Xw#s z3_DZ+kLr$D05&J*s@c1mSo%JdGaZ1dP|EO!*qOA`H*>l!HK(aY_|+I%4r+|y(9^VH z*Sa}QO4ufdc8x=oZcRoBz9nJ23^@U&XV8)@_Y@=#%|%7Wg3ula(Wg4m6f?cRMW^y} z@97RDZ(VS?m!8&y2D-X&-{SLp-vnA0HL9TzN2?4zo{#Ppt98&>v^9-9q}9Q6LoABe z+y{NCw2a3Ta{o>87{P*f8}!y5-2$u6b3Q#fm&YP%$M#ad=n-6lCJ#Uj-=KySc*m1@ z^Nf(qQQ8iVEBqVJB|9&d(aXt_g$1)h2CJB<+&mI&C6Meym|D3FFuE?StTSQR?_TJ$ z66B3E6jg`K9wt=tgvoGGfSB^xvTB}JZ0qn$7VcFK4hvZoH4#lapgY7ryWv^{2ak|;1~6mBr=Vp7q& zSD;Tje*l9ZVmB>0q$ses1I3`=Gx_;b(0ozFN^fE}q`2M5gv=PQinUMMNSPnulRk}w zG#YHd)wumUu$8okqJE)a#fHyqV4*P$!dUqNQE;(bU?G(uS^UGoEV@(N!F)@BiSA@d zn%;e=BRDp~OyC|wL9BY%v6qJ1@^49)xrc3r+Rh@1>G&R>VPfwP^Ft}Xm^spv9x_<< zMhK>(2uUM+So-``v51mBe`by!+%h}-M16@ToQN-z(ys+tLGk07cWc&z#r9oz$ZY#e z4=$d=I)J-lU3b;plgHy+r5e|*f84qNor`AWWMK=yO@PFDTyB(HA65xq3pB=b&4!g1 zh&le7BploBGyoE{7p=xka9pU3+2_L)R}>t*}(Nl1F+ zhlRl_d9_nruDw)|a9fXb$CRJu&)mw!XgPbLZu<8IxwwsftcDHObIkSTN5YZY1qYF5 z3pEE7W3a=R0K;HTS%RcPkn7vCJCa|Ug1{h3VA^KALu+s{7h1GLASGeA4MEs02w9zA zbgdw1 zjNx?CB;T%6mx^JPB+^}#37}%sn z)U>Ip`3iWRtdEY4O02te>V+q4nLwVYWKO)2bAN&@5X5VX4cB~m=)_{)(-FUh@J2s- zMRQnHP@1C6`VvR;ozE4^rGIjZoPZnKBJQB0BKdZgTw}VV)7_l}8PD!L8;%DZ!Eg^zU7=Pw{cF0^x z%OIMQSHcK~LYk#4&Qnfta~6)Yg!26%?eddw=DHc|Z5N9`>dvLGS0%L9mfvN6HPAgo zR5dHLt7u^dK|5qDrKrif31*k*9J;#Yv7#Yk>mL~0W#l~D0jiQA?+GqkuGzN&Yr&2H za`o9Eo#LkC+LVSrxg%s7Zz;#iH_yv69IiH{~ z0IH%dyS?C!r+Vh8g?dKdE!Vuky)`Z#e-+>WXf?PULLEokFp?qqK4_`kdMC{;}>997KE$xRbiW&rL` zdX4is7aZ*4>f|m0P;J26bDUFvwZhs1Ev-=pcT@37rnZR*ZZQf}rIhCA$7PceP&kbM zA|Q}0NW26-RPw;jm89Ty7+9RAM=1Pda;0&ug1uBVEtC1^J^9M(%XKo<{m8fb3-}N6 zvjhs?Gb@M_2qKc1#F67jL$a)nb7!K_;222=+4nX$%WwjnSCPPJwT`x0mtcX%T#y8K8p#iV_L;1^s1 z;GG8b=S=-0iw`2eb+I5H4dy2fI8oN{BX0jo=8f%qE*AecYkj+SH^uX@Y-d_?e54kb z3vRSF6eoSe*wZ8L{6WkfKaCYGplDfiCdoG8>bq#0|BxM z&VATxhH8d2iP~XV*=HDEIx>GPd{+0JVbO5H;SUdu<1{X~c@w%YijkGrOwaZ5Qjxl* zo(h$UI@ZCg*FrOiJXjYyj`e8Z;6Koa{>J6vGSZ5(aD&(YJ+E0+;MB{EQw_s5&o_LF zXd{@@H|dF#pJ>jyu3|f4rCo!w)E>nzgHC*r3dj)p#-x1n*}vW9qbgYkCFm{zK6Xpj z{AKxKz0pZKV>tR=(m5A!e}lcz3-Fihk+Kn%+x1p3Nrx*Z$9ireN`d2Nd z*-2@GonZEGq%2XOiZT&7gas}csshjB@!+MR6Mnf?raaxhHvkYhk7|u$ zIeQM6Voi+IN6p)Typ=23Wfdw5!yktdGcbIsim(P5bM+O5^5X*g@LPZp(kwm7O7%4e zsszhqif|m5d%&K07EzGer=?ExD(t(Q2i$_ zYutzX&&IgH1!M;4)LB@O259EEmLmxkC(CLAd~RW9JoI1#Q@3%c4Td?@dR z#)WVQ(X4-DEOqiA9nV4}kf89CJP~a#^Fb#E8-b2vC@|Ef7l9R^r_4T@E5g8#jL`22=j? zb*uC;kHb$W4%0(Cm4!r2QC?!D|F z5Ax^2?Q&ddgj$smUL`^JRv=sYGc8faY1&J3wCXt+UqdY{ae)GkG6GyeW)oq*GM5Fq zYOMm~MrGDdU!miuG6G&Iam@N|B;jqWtO8VRZ@i1gnzNsAH_R+9jTvspH>|=c9|qoc zy65kdk0e~!_!K+WgBE(sXlCxXZ|w$twDo@vUk~|3Y{l;_SUx#Fhat%OYOfbNHv0qU z^XXG1xMi$=zUTG|?3$=pv33b9}Ru2#VevxKcAg^?X z2wY;98;gmuzmN+ZY(%1)W^5p2L-CGVTzVz~FL-A2`pFoXn<{pJ$kS^Pbw_IIZ%Z)8 z5r7G!2M52$nDk-qF0GH4tPT}`luG_#?iDmNO@(&t4d@vBT*Ca|I#AAYvQc2OmFKvs z>GjQh(7geD$CcZ`e_}lE} z4ZcNdiTI_joAPuQHu(!O-!NpcgqJSv5(%$0taRlPJLLq{sVit@Q!fK8dC{)B!xz8` zHJUg1WDz!LquvzsFyUHlyL6tCz@a{U4W(IqYq^j9UiD0R_DJot3yU*UJrlB}hk(r? zmP8V=7wCZVcFoH=$Hyme$O38WNth+M^}NEi<^qmeT>|=k`t_ezcCX!Q7vkS~e@(c5>&+zp)|=h`PiI!y z`iCU*NoQ3@NE80o0x?gXY6706u(8R%(cljjw74Hpp0zd`x|$4|{S#PElP%9$a@Vm` zaU*lry+A4)*M)TP)CcgZZiDZyAxhpSvTX#WwDI-x4bQ3QE3cz<$ET?;pAX!>=3dC6 zz*x>^U_cN|!smi~#?ai(OX%gL6~jfrrokbB*BL=^+b}(jfV0p$nAGKEx|ujThf;}X zdaiOFZvBIo?PVQBuNkU?Ko)k(14%CiW`6wa1w;c5g|VwpYMffKf%F_=s~k))Ap-gd zW?^0MUsM;&HTabf`Wn_Sdkk$(PS~N_;;iYigwBasn9XWPeMvRLb$fE?wCTmkw9x_)g?o2|!kDX~ zw<5J@xTz^4<605lp7_~!dthF-_??)c2v9i$1#(Ns;%!-vpdg&7s|m@V;c%m#cC(j+ z6wSr(#8LH21&cJKGdkG8C%O@F57>?%j6R>CIF=XSC9uH| zryroy!MwvF97si9KO{eLkADFf({d!}{A zPA#7o?Fasn@D=u%&^x|8HdVHAwXU4qB*N|0I|1f`XzXiz$L(K)DZBr6Vn$fa*5Xkw ztJo~w;=Jgn&-d5uU7eVCa%~exv{9Akp39P3-bSoXwy1YWdWW?vY+TTxswMJfj@$95XlE{bWM*JUC6Y{5ppM8I(#X09tsM;5Rc!|RE-!&76f!Jyfv;*3L|lU| z6bTMKGY=n5z6e3EXP2^X1&y{CY$fNelOe8jG2_1-eP?L+ja_dWttm3l4d8~UT=-Rb zDXL$-%WAPg|i!OmDJ({cR-UW4zl2Vpdp?FO96G-p&wfKwDV{C>-T#h*QJR&6x(+%t~ zVH2A{=1afOG4OIXKP7kNrH+QLucFR)n+mqb#L-N77OYAiFUrCN7k7I89BiWCXzE5} z;LZ(H{>XN^n$$-CIVy?nmHStpS1^0l`CkYsbY7_5p1N7MK-mL8IFRnH$$(R~2l>VH zlrozvCARS}EGjk(8rpFb%Stl|dR`;!?ygwFgNQ7@*by*GC41eF=GXKtyqPS?8o*|E zIo{cNY@Ucew{vQ~>HD}er0E;Kn3{vR4tK!$%^?iIw8DM@Z_hr zmGTO9OwE@oDZo?LU5T$aXRd!K%gU3KZ>;y9{M>-y`Q=#L6$XzdWEfW|ih4o;H~j_r ziiYJMhUhdS3E#M)V|3ixF5Nr>a-o$QD5J2hXeS|sK!4UhCmoPRtE$lbGsGkb#(Mw2 zK7Nbv)EKY^k$auuT7Ul>t_58At2WsZTx+LDwin+|1P*~F(|Pu~x;A7Z`bz_4(3SFD zGlGeHwLacDbV3Uwj5H`>5Wy{-sApr2EQ(v-hTbGsFC$|E<>lKM6R(-|`F_ zXY2p1^pz^sj>yU=J~r(WWcq$c=7iIF6c7?nQ50R%KW3ANW@3J6C};?87}>5Cu57fl zQ~uQb3jXSWXUM;Z9Dh#4?0!anCp>k#oM8KfMTnnqVl(N@dBij2IK{iR_4V?={^RJz z8$}31CD#l?Ae2zvvBGMi+8E!>huiX5^zn3dL4C`0!eZ|CL8T9Uhsq;=!0}~a!HLwLfru&(>+zRi%5jKZkBxe7lzud+ z)yd_z0`rfWi&p+PZ*lF&Mg~NeT%S)QQ=}S@s&8>}40LfyFuPq0p#h>rDqyGoM?&CL zORx|JP0i%eQuyXM@CK=E6V)QXjDu>C$lwC7z~M?KSr1A0#RzuitMK4lS3pf}gm^mR6j$s(7%HCWE!6zDykzU7nD{kBU|Z*uhmiJ_w6Ea|Z0tB7O#dk|XXtGl$X z(H!*S^EsklvV9_21`uzurtp0|O8B4yD_#XVP$m+1$?UjG)lRa*PUq=Wiq>|PPp~jm zk~MSoM^4eB#y?(}wmO2#)$}m7N`rDL!WZM}d#r=CLBt-8ahUPW5o3S$xEy)F_7r9 zR>A;uKkCf3dalEd*ZRy;L^54rG<0<9t#&Nem91;fLShS5Y|r0|inz)!!jYl+ZWPeD zRoD`q-;d*5)Eno%@hcYLthH@J9dJ5$tKVIykV(`a}@B*b-K!+4~7^|0Ox-h>H^rfab5psdO-79>IWwW=OR zclJWJRC%6>9VBAz>^fWexK0~9{x>rV28uZ*!i{vas5Mj01Pk_;x)##+}%^V~zvle2IK za^G);=zHLkenH~=0-|PV+q~(ex&)eijbvgl-{=!aWe%RY3A&Hkk-`ZkqRp&8G*^a{ z3-z*K0AgtdY6vTas5bH$)bW7BDO|$fwfC5}mgczxf*uKsN1ApUs)eQ?j91+FlaCk3 zPdv0=`967<18yXpE+ngY)wSW3>`KxCXe(z=5+ z-=rvusIe|e`urTN&VDr|s#B^OFy~ndKeE|7jz-512mwjg4>QslbqF%b7{EBRL%O5b zNfTBnIwxlYMSd#0KA@XoVw;X>8LQEgLLIdO+8Hy8D-=JYrhKOmaiNriz?%r}`4p5W zjBb%54%%%vcK_q@_YFP`xkNIxG>mo}6%>@n*;+J=dWzvA!`zP}^FuCg;D8*NUl6$% zQ?<$NOd|Q-NKA#uIo+aMkccK8gqoy>mu4Cft<*tfzq$n5{EI-ISp!zFHzWvyGiq~>rliiy%1Ho^21+L z6>Ef&q`<&&Fb=$ydiFyK+CJ--5`HkZ!ZzYt&^5cQbhr?h(g~xjdW4ZH(-`^f`d*mGS>-~NIXl4iVbsN2ogr1j4M1QASw?08 z>0ww%id(hN4g=?X_=8$lV!u+{nJ#k%=&m1Fr0x#^dAHu=iT5FxJMtb!DQ#FHfjf$vFc#L8yCwYzEXNbMYZ(Fq6GBKh9m# zu*`xqVk0~>(HIem{`EriC}WC2XOV7X)5J?iHBYdA?kajMHoV_ATFm2H@%Z2E(m4O+ zu1XmF|H9!YmH#0g*QFS(1j0iS{ETYQSpLD-=z}D`FJ$nOmIA`!j7+`v^svt;Kew~& z!pWl8wX+P}+O~ojm;PMZPd3xsQ^fRD>=mC&w)l#(9g<-BWFqS+f}=j!M(`|JId z`j2Z3Q6FeCc$`1ixuID{Iq!5{QPP-jHObW}WrY4WlN)mpA)vk3brPK33vU?eG?$^F z=yt_yR8j;#sX~&)x-dU~Nfg-}OxHz_nl^fWjtf}ox)})S+iGlEl@wnTyQ?t~pKe#L zGBa!p)@o7j|6#UMR!>bTHRZ7Ir!sA>^7tV&@VBM%^q>UAO01X7$Z%x3Mo~XK9L4dk z&=gZ!qY1T044Tp7UIBPGN{GE{Hg;<*1-1vRK@Bt;G9I^pTu((x{cj97b4Wz0gUXb; zVPb+#O{CXk1TjoctyPak*x_gqCLP39uc*f_QTEMU`3u6RtW3b;bK_M6MbZ4Ef!nLt;$Q_hX85sFcrT%KH}>S@D`J zI^1<-Bvm>Q@opPrz=awdUY4<;bMnq$g<;M^eo!J~XEVb%#sewCDkFDO)}=d^5Bm^H z2x@W&?Xf{55}46mbH4@nV5Mst+F^aQh0+(!KcvQvRJlc2SI4w}A-VYvCN7gZ;aZRUw% z1~YgvYoOEJe!vpyJ9I$7;Gmp>mbd-S^!W|Z~8 zHx!=_A9ZG_YGo5vg9x6lW{N16FE(i`PVcr1nbQGFjoEqktwY5$&SF&9E>}2G%N2r% zi}?1bKmj7P66daFrL*(bd6OrmdFAsY*je)tswBllH^y#bBbajq`gttRfLBvmT4!5H zY7UlW>`fd7iz$H5+FD7qNg&~;uZF9wB9bi^m@4Ino!(R$L6Dapn7Yr~v=fu4e!k98 z5arb2*gyiGjh(8oALHKz#C-j|yja~3G`{bYx*Z{v3Ko$8NuhX^uxJ+z-U7LLNElbM zC$;lGLZ@6Qr#eAmQ5C(_kCk~67aAhJVI|AWzG9WMrjOlYV6N#Sg~_}){C+4u_+$uj z%g$|Jk_=QbgrUs-iE+vs3~Ue%)Dj#;z-^963d<2*gjshs+Zf`rcU9Z?Q&E+B2l-Av z(>eWq$OZU(MA`&R4B}dvdGk+L_gDMX!62-YC5F)FFTTu1v`t6?HyYS4pxr`Fv{&|o z*b!C%Y|C+tdx{Tdql=nc+P|wFzYbXaub{yOimV&Q8Ii81qJPF9&{k3flWB(E>jwgyQ82=Va<<2v)&)O#| z4`En80;<}vdsHPB~&Ik@Nnle3nO~kr=t!2 zGZIqMxXoj}E4chFmUXhk~ykg>Q9tFmf+g zI><45vxxC;aZBGD{p`+(r0D#WJUMT)6~V8PJ0-L`Ir$?WycgWfQog)lbDxkOVHX*j z&F{05;^>(##c%A>>$Yzm@wWuL0VF7CuYuk8Rz-Uhpoq^YTu4MoSDpdA zrPE=6hJn}J(*LLa1Ml55eRuWFe?>48{MY*bzr$3b>Y5|AD&`li=Hh9ctOC1*JTAM1 z6!J@4`1Cv|cL7J8RI`0Xze}cCZsStBrRUs&WQ7Vqfv!+*^h4Hf6PqrcFCq0WgKWt7 zUrl@ryl1gdVtCxY?~}1KH8fg#m={^RNA2&EPaj=ZIA1TizR$#ekXy2Tfpf76J2??j zO`9f$b5b`rs8Z|GnufU8c)57dzyQ0JVsQb@#8+Jf7lTBe@3YNV9DB6h`PH8<;&_hI zaOKBy%W#gFEI=2wa?X`=<%{M{^A{76*~xKt2h)n|O~*{f2GUI{ClrA);U8*IUChN}hquq^BD<;;KoBXntkFj(;Y0<12I9M&rbA5O7ug`>B z572=Pak}5xToi9BTo>tr?bd=FnwTyyZe~(sqb2XQ00WA(>gq-i64l!huEo(A!`Mq@ z4HHf4()~`VEcv_Pr$`4%DBsqE*+%;1^;_dMV|UVu1!y^j2DEqr3fW;mi`g;jq$urB~>1aHuRACm#*kbF&%1!H&;Y#Op<&FqpXUQJY;YtPyH3*!^ z+B9?U7*J`xP!v%u?wFwzA%0(E;7vo|jdaA5qm(KR_4>jaCe0~B;ggzL8NEdf2;7(0 zz%`HQz`fc)F0*`nMxC@C4qOsz#j#q@7|;ruiKRO!J0eISf$lA}zR0ialq?;FA`|kW z;z5kNESH7mKvUxu-pe{|kfY_jThjD`Eq;kO8RZBmSq95GZwb$WM0QiKs&^Y{(O%`` zD)>fggok+j1cffDf|QN(>l?|HT9_>ti}R)6KZmx?S5;}}3kfwHaaUSSeah`oOIluQ^*TOSP6R6AJ|j#?F4qy&!EWula@63z z8fA3QPFj&+BR{KCzwbeALMk7cse!pNQN z_aFv#CylmCvuMX;$d#t%x}+L?ZNbT_Y$abd7+5}JF`wC8E8S`HRc3BMwQGc)C+GW- zSgfQY1C<%9bU%TBX-msNIGxSd0juWD!L|2LaWk1bvmk(TnE(t^$%VfTc&?<~Ppsze zF@d82QhUnMpCW|&#*tG*-8_IiuQT8PA@5T0vNN=P+n0@>*;9eDoV{x^@(CPV%E=;_ z-}FBxkatMdvh6={i->vQvaH|vc*66?RASl*6+0SzcPn6d_ts{2z};dQ-IqFim)rEt z(D(bw#o6W-j%F7?3AQCN3SOoEPOeu?Rsprm^Ddfdt%A$qL`60r5$Ly z&?(0bnryM~q2KgbyWV$1>ds*&DMteb=HGH2t-nBYcQxuUop@-#R(qgX#9M<>HVHie}f6CoOvEzZb5NAHdmh)I)~L@?oW{;3`o zcDPp_buO7%I;}W376A}h+&d4fGQPfobx9D>Y+HLplw-xxAg{QZy?~+JXczIxDuH^z zZ<#K1h-Kn$hg78FQ_hmw*R&Hq!0W7kjrfZ7$HLe6#%nIJnqlG1TpJR8vFx+H3-`&f z;=MK8I-ZJ#-Wh-D3|PX3V+m81Q@dkJ-E{|eL#uwy_b#9-|6p>iH7O*y;oAItCec_6 z2iQ_dv;DySr#br4geXjX+rVmJ|7|$>Z!9SZBL!oV|I;5;HWaayQNFb6jN)q`K$}p_ zNj?ySa%3#2mHiu8rqj^Opc9&MXva+atm9?YH-2gGTcCF9dfnu{Dme$EL>z|s%_&MXk*8 zDGgP|3bkx(1f>ol)eIc!90h}~7=4gOC^axiIOoKK$5*F)#JOI8Xd$X+&GK)Ii@vahtIi{bEKrZwe$Oy$T7 z%7O~;XksR$hUw&d1tw0k0;iS78qZ;lS+pT$FIj<6;#_6i6ZY3wGh{kfhadsx2apRw z;~+G5Y4+fq8!zi)uS8xT{bnw0H5ufxG&NBW^)Qr?G^dd;Ip0eYGHxxSHJeE=nGhK& zsaVviaNMKD6A$q}LNqaBz|ERsRIT42Qn2Na4I-{U42GlLbBHuyD&Qn^-GrD(YuZct zdqz@yQl)?QqYd@E&j+d+<5w?|g-CpH6A*8g@i{mO&i*p6$oYB*d9BX-O@sB$Do>3`q886kV0MefA!kQs6I8a)WXn5%5Dg)aoBJ<~{4qp+B!C>aBs z!G}Qxgi#7l=yRCm1bK#HB11`OR!YB@Y7FC*E2H(b2HioCTYe|?`Haa0o##aTM5_ir*iBwGOn_yZL?V`l?4Pg>8(d>qAjV_zVb@hOE z$f8S#-=zuZ*Ev1NO|(^!ahJlJG+NIR?Jtw4_Q<5lc8WQwbc>3L@EUhaOuwq-Gi@51 zRY=1`b@p`F7_|lx@1Y%-1_VX)2^ktFCy@jzvw#R0jZOUGd6-r!zUo}CE}Eg6D-HUx=y`4pxS4#gR_+kqTGx z3v{8p{Pbx%T{~`yqI=-W>e39}L8W_yf>?`?G=`|`#f^mnGm$E4A7D23?5?gsL}d$) zv6N)PIAoBMD;W9w6YUSGLV>=OQ_Ai3{8PiWuX|sAtlW2IjJqVliM0{E=Ik=Ap-i&p zYI?m=($Zk|^!7BnU|~=B8@Iso*HJf@Z?@1QoeTQ7t=z+NKZj*wPtm*Vo)*rzybJ2( zIPD!;P{+n9TeWkJ_ckv2_xq;u-yI$N4NuRHN}y#f?6`Vmu|`UcT7YYJw%_|^*=mS$cDBM zW%Id(U83INVxzvt72{l=qJ6|Tafrz`Ns;}Gm{;3m5|V)jyltC9;37~lywSg=kxo|C z{|*n!N)i_zb^(cACDt#K7~u%+#Z}|rdZLT$$L85^Zlclb2qD@=gq8%eoZcYvk#Xac z!k-hSQO|f09lxCXXNRg5a7+8+yP-J3{98l$Z$gFtG?f1%Axu=&w!>CM{j4JOBy~sS z1|;Ti*~~Yz)SWAV_!GL=VUNk?53=>RoG+V4EX}TNs`#E);S};Wuuxi4fX@GDlzFlz}l^LMtwxP^&nY)=uotdk$)RYogLNVhsKA>?`Bf!Mn z>d|njlz#89rqd*4<~28($i4AUKCF`;Z&BE&h^0&u8VL&8REOpBw|^mJMKQfPSuLsfvVJ?*yMJunGYHAETH}kR_>-WzHqTrq3D( zT;k5#i(kGRYz|l*KHvOM<^8$tM+Y0??6fzzYNhe=jFUa0m3s`psuGw;V%BC*FfmxD z0qvL(zVe4h^aFga;X08d0J2e;selTJ=z`aLuFFAQpb)G2m}YGci$d6?(WA+=m%_-@ z%4$j0SmntMUIPxAal^qh#3_u{#Ag=hbWP0DN?oWN@F$DV(_<0o?W$;H>TONN4I__U z3J9F2N4Anl3~v@kR6OGx-66*HA)en3JlP7h43;zD{Dp3m>0#Ve)>tdgi;pqVH^ojk zL&c!0G-4_qtE^VdaeYZ<{wW4%auDn3W9>}tDqIE}h^`BfG@4C&HifJrKZy_0nxrrO z0H${CfZnJ}WeyXxM2>_!B`gf0)jNR$xPlAr{KD^MgW+`vvRqp%_rH}i0dLMcf94V+ zN1RkNa_!q(S%iK-Mp|IZ*@M9^K5A+^gZPVTxMZ8Bwd{U*%hh?LLl=kwHN#M8I0* zf2J$o7*fT>^h&^L0l2D)#a!e?D1)WGxrD;WF|#p?`lBQ)X76e05=%I9m2sQGd=p}8 zEs4zJ5i6u~S&U|J#4@`i%$CbZUe$CS8_Hv)>HE%ezM&bMpia6Tp5bqq{;86OvnFB8 zoRm2SO=M1v5|f4w1xzm)oTjbibwY8Su$5NX)+~9|N_#1-3ORUk4apwfnv`f9jmZK8 zYX$N;C&uBb{Mdv$9W6>*q$`un3RhwkW92FSygIsb zOI?!hLnc{!xm{vRp^WdJ*e%iF$`Pxi?TnnVg*K0@NX?FgIez(xE~wjHiTZlpO$#FT`#V5T~Ui_x7Y!@!1lmCp7ljp`vofcqzXjd-%!s+b*S^e$zVtZHp&vfego7I`&M zl&f3TdxnaQ{gwCbjjQnP)yq5a%oDlbEG%)$x2iE5C^qd; zdsuPS;OypB=&?nQWM0W=9ry2^9bM5&RFyq29!m7CgRgMOH^cio*jAuT=e10cuFcdN zxo$q5W8T84x+Jis zM!``r)c7CT^8L|zmXJB-LXw2HrA=cdxt8_qsT08pwjOggv(O>f9ro`jCsF85gMNU_ z8}Mh~cl1}_41n7vyHruoI7*7E7)?LO?275aH*V_mDkNo9O;y*coF_8>JFcKTJ zN*i+vo~*V~w4TP!bu8`+cUq2>mzXfI_H%5VV=ymDJD^K#rYiI5OKR-Rkq+|pkybk# z3AI%V)OaD9(^SsH>ALC?^x~mR_YI?(4U&`EeTScn;-O<4ps9pb_Flo8$&A|q)x#W7 zF2N}xDM`{F-%C#KiWiu!A>P zZ6r=(;=8@_oHAnC1ydc`m7eiw#fWw4>D3l(vF+as@?0glP9za}p`irjhs!54Q%UwJ zIaE(}PEx=Y{T`8yDaR3(^3X$QnffBnT&=0LX{CYM(A%!mi6_@(pi2ItSE03qg-AX7 zyt_qZXRHkV)@~upup2UEaLYHjlFdw1f%6m_ae~2V1u%4ydO)V0nZdHbtR?FvKFC1F zm|>1Exz^k4=XgP)MlEP(6W-4ROkH%p47-Va*sH;D;a<#)L`P)Ra&4i-~KB<)^YUy z*{P=?%3wo-c|A^42?GgKY>5gw&GOdMmwA7K(K4aEuL49jbq z97UVU;gK7sv(Y!YbuWX9J zCr)Df!;+MvcHaEJEHzMj2i7RPQtm}wx=dHMyqXzAg_2L}j%A4$rjJfB@mtri|G|ow zfU~qtVYlDpE;n~IX{M}u`aGXxqx6DUA@Lkn=isABMOnDWvouZPY+l4bUr|K<@cr~L z8p-lFu)qp%$-n@UM-aGL&}Ao}%?=!8wv}VgkyRJ&4V<*}e=rJyll}Na2iv2EY||-f zhf+s;O<)cXk{~SzeColQ^ZucFjD^m)aUYb~KV+nB^Snz%29gwsLrYd6(Ex3WshA@A zTP-^WnNZ(b5^XADh?V~?a_ab9QG6_Q3n71DQ6!nUA;G(&ZLI(ik@6KZs6Hx(Ea;91 zcLJ&^e_IGX!joVb@8bbtxaNns9o#EHWDCkjgrIt++Mt=OCM4;YA!6JN{dFQ$Sc2@BIZI3~tO7{V|4uV2Dj_fEc(h`4EYSf*?OJZ-IEep**RF z+B$N_4eu&bfFw)oX5aRuP?+AALN9mA-??C$h~Z&)jt`VmrU#MLp<%i;)C_mprI?&E z)G~7*sE3@0giGS6Ig(z4k?-6MnQbz4$9w*0)`XHd_8kMrry757wE^~LoUNUtX~Rq| zUNQP`>=cm%5L~h?^V2C{564N!2o!V4E}2l$+-)|#K7X@eHnfi_TSb8R%!4&eM3vYz z?LkJ-l=AAuuXD@~(Gx3ZiYWv=;4h+eA*El0FuK!iL2FSadhtIvf18@rc*5roT;j%M z78$w0U-8?7$0G2#h8YEcE#!d!D5&N_t!FO-MFko3?G1j0n*{)vcI*t~YfO)0j;-%_ zu!UfzU%&n-q|b^_4UgY3be8`bL-*gzQ2$d%|IZ{7rD|!XWQyt2b$)Pe1BW08XCL&} zVJk4u`iCKDXm9Xn5(0$;GDP8l(Gv;IGH?3^FZ9m~k%7&Q?Mh{ZMo_2S!hC_$AWGTJ zsCjc-`aSxu6OLCQv9ITHTqo}?TXumsS{akcl_#$)Pxr1T@6D%-j+-r2UEmtjWTBD( zu>jQ&cptwcBQ|8Iwvpu%e{MXf)>5^pUsJM66KljGOGwwY&A4kDgfXFyo4FcJ7f$ED zHnAFqDwVQRYuh}J+Ui6n3|12_!6uw$PGw=>o8c@VAcQRjF2-Pt%)(qRoc-MkHGg2FNhbB7yuw&Wc z!VwTnH*m*0P6@w0!k%xnw^#E!NE*cbR5?=%Xat&Yr%s+|@3$zHUYg_rzg>xKNKDmC zwO}ewTY0Ce|GS&PAeUO(a1uH2s;*^P(e8X1$1~=Ei;aK^vGUE#g_8AUnH)tlPyZ`P zekSSWLS=wv11zgBBi;7@arO?unT74XcXw>td}7;9I=0iXZL?!{Y}>Z;#J0_jZGAa= z@4;86>fM7=weHaxtkGSyuIrDVn(iOl<=FsPkVu+b)R?)N=XO7S`~ACq++IGAimP5D zZZ;x|l?kvZ_HEV1d8+UhRBaQEPWdI$S#CiL%iYMCe#dBD>Id@>_7T8C z<3AbI2m-B-d9~LZhc@;>vdyi8%dh5VLq9hDhOeKf%^|1oApYYF^L6Y|z@t)`OcA%j zS9bU(gdd2NKUR8Ch;q`%W?KBlTz!541DRgn1TR?|Br|288EFt~$><+is#7FSrpjeg z#6f~vcnf4ci-mGtuz#LngYwU6wHJA^2@zfTWhZ$ei~dFr4yUh@OOKKS$yW^=f_7zV zpqF1VLXQU#r>mZ!pM+k*iF0PF2&&rTi?M#G6uhdGqdG9Mj920L$~~ncNjIzE9b>(j zNXB7JS`7PL8ePKe>zbDf6pQPmR`DQ@RVUpcT1A;IZtW^vcCG9-G#wa2OdX(_S;>%1 zKM`WF8$UkHU*@yLTZUE(c{kbzl1!Jw7WF zZOnb9A<|6tY^gcj(ftogH0LrifQ1YDT*ZV)af3f6oV>%gReUQvHWA4|m%T>0Nl(0? z>tqd$6^m(Mf|*xExC#$sn8)=(VJu zar#tz-g;1#IXPD4B}M9b%-YU6@C>k(S+T?kGdXle2}?fB6TjwZyKUmJxZqfQDMtke zgWgs4KG1UJ65rn!*V&s}uylcL@Ov;hXZGn&f9o};YLYRcl-Cqz2eC6%yPdrgQxxWg zXL1`|cteJF73WaR|ENpKE5*kN#K^0VUR995Z2P;mUQqw(#Gu``VPe?F*1=a{x zDj_ASMVS%>sd6$S=L~F>pCLTJx#Rq)nQ)w|&QxLaDwhMB+Erf2x7Z}ehjX-GN^pRV zzM#{tA@%;*=S0Ay`H6|ikl$@%v_FQTCX3w-y-{(0nWvkweXZ;ULKouqind&53j({w zj`KORgz{}dXXrsyKJGLDuHVYiT5xpE|Li;*y%iW_7r@sYQl|Tzo+oKx)sbg&0fY6k z=qP6Zhm>*HCzq*s!^-)~bmfaX3iluH1QOL%oz+TxwCRI^pGaX)bzW^w@RF7ixiu~` z>s1{-_0D;MT=KM(fODAOie5itiAujQNe<9*YyX}4BA_qjg!z2e`$`1utqvNp798>V z!}ssvzu`a~p8k|$McyDIcPuX6epYRncdSu|Oyk-cTDcuwxjh=PeK0(4Oii7`*9yuV zip-^+l0ibv=AL>DKZ?mM!@+TP;e|T$`qYBL6AVL782N^g<2pIXpRc}f(|>W(X^&a; zDEY=wp~!u3a^kG>?^j_=sC;7L)g_P7O{RA$o_V_kr}YXwXyi8{LZ`vhWGZ>iZNkBijcnq@V zl#E}Mp?#oyZWx%8->Z%D6OVUC4JKt^9s;L}pD4!t;@Qq&vSDFJH8y|G8GzYo>rsAP zWa`Zb(i5y;z=Yb)o8?w)mHHvCud_>a>j3kHNXhZY3k#x$-C0hhu`C)7;?cZnjAU%H z4x*zdiCG%oLDqoX%d?fw7_5ydBBD%F6xhcV%u|>Mv)^ryC}r%Lx(3e_we8{)8#cr0 z{oNTFWC>`GWkv5v*dX1#D1qeAwcnk{yckYJ;n=nSpYNvq%3*1;z41(sl$q%9Os#EU zkZk~ZPbknmSmm8x>G|ggyIA>egK)oJ`R`$5tz#u9zEj)ZA~bGm!1mtoGpsI9;9B`T zgU49%F^Et!v=P|q@B8*oZrmF!aaMrAFE{U$i*u)t={wo5o zJfL1c4fW%P8{+@AMg5O|A9mk7R13TR-yBz^w(f{3fy75z(-g1K3x%st8`cX(hTT9+ zj7j^e_o$d?oQUU^?x)&XTo=&=bq9^nNVK>3Co!Tz(u!&xb&bjm`paLkr0iKO|4M%X zr9=D&o%XlP%WQ(4=i?`VADM&lOhJsf!n2HFj3V`?toP-5i-hip`QYW4X77sXZD)_kwH?!0^J^W05-MF5Ef>918r%nr>BE#1mP1OC zu<|gA74T@{MOdNP8~ANU>%6hr3Wq^kwnFGwG|wNJ_Bss%d?npeo0;~t5dv1p}&3w;w53kcnJOBP6NV>U+33`<_K1T zjc{la&SnBB7N>=2uS_v`^2C+MC#gKfWEOq&sd<;%v+moE?gy0F(p%9aexj=>oU~@&M!OqZ(gMK-M8x&2f zYhNzjW!;*b3K<#EW2y+syVL-qYm>&sZ8gp+J|RaD=_#u_xenOQJ)M}3ZfxmT*a`V3 z3CHv)l@YCW=8TR(>le*ie3zCj$HM^bv7iRpeutQ$v!&-)KU^ZYwGKg%k^;TtI?0rI zRZ?oAcN&LYFOe+T>SY6_tz=M z;3?BiQUP zA@Fp*;x?(CoAc+ggD__1R`6umAiu!ZL^TnOLI*?$b3F17vd6e1l*#IrrrIcUK`FgB zNI+2y6RppX1Fl=4EuNbLR74_NJVcQSF)xTLx~cz>nm_vsTwKw4&5G=HH;^@ICM8#X zv;SWLLT#-xC*UW(IgRTN@*<~leES8EJ5)ymIJmMNXYAP` zbThqKI2TsBje@k9_k=02e=UhNkQ%is104ywqR(9P-w~B~4f%9!cRQuY7y%Ja3)t1? z0l+;N{=z=t+>F{QM(W0ZnLNra1{6s!wT++y!L)1S1 zDYIFTT$q%3Z*r@&{Y>Id+T9EyGxAn4Dy3WFsSrl+oXVit{6(l0y;N1I_cK=Iktxtu zf<49FH}EQGmBI7pe}LkMKOk}K++}2m$Eoh4je?ng&jfP^gL^acd<2v+fGyvJJwM56 z<&1kq`7OfW4t*C!W_CZ0DW#n>GY5)Lr~~r$9?xhiC0FpTH=J$?IZ)$$5MLt6xO3K^ z&ml2G3BNTfIKM;>-}nFW5PH6L%kqAE2*dxMk^#y_<|Z}<;s!>}c8(tZZ6~kNfb~LK z#P*eUO^{69#RzW|IzW)NRqllWYqS)$JVhZ1pj=p!Go={qy`19a$q0&AT++Ik^Qy{i z{>H7?G=V1}6%B6LRCRr3^EX{_v8b`{rA{&Iq8O z=m5C6NFvd*xt?!!43DH^^W?D5@q|E_i%#wW3o?XVL({KgoaVjNc3m7ACMO(n9J z0!+snWVbJA3g^2XOErJJc?7_RUyN3aU04aTRL|E+Nx)W@2(F$c<}iE4-m6{frc*6< z+Wtgm+VF1;QNy>gFX(+OU(5^LAla+$P3GcZU#>3@mPvC=h;h+i;DRVLL*}5TrMIwM zsDsV`uXef(%+6@w`&v*SPI2PfmYYN^*;lfyh_U$vMLW9wS()40jB_Tvg@?mspzRwr zQ(S~_LvoIL=#4evPxMpzUOW&r7Gxl-hm>r+%u6mC;$*!a zPi?y5`l^OrO|--?Fra8LX5N+)JuYHE9MR#?d9bfmV? z^&KX2e2yi@M!))&7|V^|_LF|+syWUlkv8Zp7WP&LH&5JrUL=)~J!H=~puoM(CE66p zPRqqD#^8g*1yx3I*K_L}Xpo;*a>X|TSIzg_cSPkS2vmCNcZy7^@6mXtr(U}dxT=4t zv??U`LTi2jz#pfzvyPe1sZB1?_$zja@k?&(qkm(H4$-+M|31&48!Y!EI^#K~wba_t zi>zj&-aTSnD5qIg$v$Fh>0!3NyLkTlH|mU(n_%#`ElqRN3pj(YuABW*^Jkq9X!M*P zGVJ0FEzkH?5kqiF>r}`g2tc~yW$W+>g&{p}0x3a-^)h4H%Hq4FbWf^RPfMnVp>W|1 zF444L4n5h-Q%*zX$g1H+D|^L|A&AqILG;1ao4r=W*8?uo$h##~tj4h%Np_fRNS0XQ zom%>zJr~E=?P>-b_Ic?0!yD;@2<|)%fb79$VH>$4n6YIh(1mWas1^iMa9l2;=vdss za_c5$c!=pXdt;9gJ>621hqTprt$d7dpBP^R2%8Q(3L~;o{2rG<%*ZC~31ukwY!#W6 zZ3a;XESGS}^jfL^w=)?s6RlgIGa$W6eP@aSuKOx>H)>~9h9y(QSsUdPl6Hewy>kLTotLY7_!Df~MrQfZ^6LTbm2?vzmkj|01 zhdDfnqOSHKy-|Qn(ln23dpJ zBbP*#NOzSOC9>;y6#OvRO$`n1+6|(rf#S6r=->jRKHOcGlusS zPja!m$B{s0^UNxsG|{?timx1IcxE4aI7V;c5Vlm-QJglb$j7jWl;GheXJHCl=i#RkroF{VREj#Ly75@UiEyrgS{kfK4?Xbe)rC_%h6Yv*5}GD94bk@ zFl#-vs2pSwo4PHg^}*U*2goS5+;1%9<7+bowj_nXM>yecDUQY)TvgAQ~~=VV!#B?y-R zp4#pdJ5A-)@o`7Xbbj)&PVMwvzPhvO3IqzbEYXWfnCV0g;F>ZnZerP4V=6{?+d}AZ zZf_D@#Bcy z%dV8f*9KJB8lQfoJFHBO-Q&I|Z@je{Y8BzwP;#3pw273?UWI9XPaU|He{pox>hKD) zTTb{-n(4ycalgM}_4@bHR$*(Nt&sIy^MjmbQ-i{95{70XySAC$C|L6aVoGK|&BD8& ze!^Qp=~qgyG44%@VeqArC>KYdT~9d6fB{l=Pwv=-w3PVV6=2PmTTrbDF)^fP@7t5~ zvHkKD5$yN=Us9#|oul8^_l#?c@xRTu|0$QD>|*F-;`~2Q4;4k_c|oMDf?(mnKj11z zVqi^TCyF~lK?XxqVrkGLGjcB8vsRwX!-bN^j(NL!CkZV4-Ks|lyFiqsyt=~QxR8R+3+Ld0mLVVYDnU9$otidr4z@|*NI(}pw)TVqzJ z;<@vsB^t{HZa3VC112mAMl)^~OX>vn--q)NI_br#wM_&l0c?3RYN879{i~CbbIIt+%L6yS$zz*@vtYMQmrj@owW%|8@;vdGMP9<;I=FPEP?(4$~1~ z0WCAWE>(J$xxY${)dq?u1xLtLPDiv72Fo!#p>vM^7i&~7279uk#9TqDge!^(zo zYLcr@GO$2>DVxLniK!~DLeN7h19O1+HhyI(U+Y5qqP}}KhTL5EHM|@GZ@vdUoB-Iy z^qfM;IvF)D|3|XX-$P;9r)L3@|B4u~1?GuHC&bfv3p(Pa1J_5^E%9duXQS`Qo#tme zBRJBakUw_R#-Ik;1z*%ezYgc0Y0y+V)XHXPlF>RlzH2*?>o|mW5qGqe;AS7V$N(P@ z>44uMCGLBg{ttK`XoWnVFs}@rkKd3g)q9pa?}$$=bAiZ;2mPj-|5o*T$22xUe*EzG zHrD;;2_7z}>-`Y`1vN_M0QQqf2rU6x zTsT+qm&}j-?|0%y$Yy}l*3;L2mzFJO{I7!N)lE(5tm}=l<^=bS!-6S)F`Bs7K%dx z^;47)CyxFkt;`6+6!jJueZ%di-_k>2j8rQ9D&;)Ur=yluCpQy@YFbj|*d@^I73n8P zcd*1n2n#i3A33|+F*+<_RtRsyCgUaLLW?r_vg=vEfW_q5^0GIlTf85CbE3Adgg)6)&Tn+NQ~Mo%UzB63jXLiM*rWd@+d8cf`0lGycRb zBLEP|>-Xp>WfzoZ*CB-*nmA2a!Qv{3iQZk zj6b{Fk1&IGMji54q4zlBa=*?@509@2-6A11Cv%uQ3lQ9~i$g%5t{W=yZ+O>3oyw;9T5Xn$ZvX8((%%;K;iv~}D z3LjgbEwPIkeQXIfF0Wh=es@F8Y3SlzkGBDW z;+3Qq#If?&iK$TXmKrhG?k5l;ZrPUl&;09Wv|YZ&<-Y9A@`k7nCIN_K6DM*g1HTO; z`SF1v+Xu>QTdhnOcNMer8^K;+`CibMx9778rA$$XXU}x+>=GM&zc|-$&tautm@sve z_#L_=ArAI^;Vj+#J+g%$cVDhfpG!0SQTTtZzccx*=&uz|b?w~d#%vE0+8=Bg!L>;7 zXQkDNgs(OZmi2B8l*WPK7pS%_! zDVw~f#Z{Oyd!uO(4hBFiZvU4n`tI|bY3`RQBc~Y0Yq#llUS( z`rdwGy%Gw_o!y7Y2?@wIJs#jSxex^k^%r4JF@}I_Az-X5IuPvP!eD`dSP~%YhlMbl zVhv(t{AHq=S-yH0G@RAQ0s{cvb@ZgAIgHjfJDY5bwD*^eE;01FYVxvAawa2;WH!Pj zSqZ0igF+Zip6jiPlwLzSMRt)O{Zn@ly`sBNEV@Q#bnU=|W#n02tm4sA%kvLB@ELaG zxyJ3am09(pDVwfG6w=O3kz)7!Vf_Ly*)kU#VDx0?B=;iSB9UX?-l9XyY0pz$>!!aW z2K~wS3FCpZ+4j4don#ar4A3cNv&_*|O7#RoXq^{Q2*NJp(r=kB6GXKA;z#uoz@^!4^L9~ap z`GyCo6#>=pg&<_8(LCj9K~4edf!AodzSf|oXlS*0mQ=<)5GtOuOzy)t>BaoGAOWm! z7N4Th$^7O>KKXVzaFr1^*uxiNBq^tlYFh0~Zex?Ye%3&mwY0FRzRxfLCais>LSM(| zW`0=Hv;hA2>+}~%)@9q$Lt36ZdJVrRY-yG|?_@C(mGzf2H)5!;H7h`xS00X5JvO@! zS=y&cxRMvXdb#8N5$HNE)+Ljn&5@69G9&N8Wo+5rgk>Y{sbHd9MRF*)DAiTBJSv@?U+pQQwWv}M4fkbZ>kGsJ_&$CC~Ea*;egc4Kw&?!6owlM_q_$4~t&?8@? zqSuZH{m9Bh0TRgq*)^RqYwYEJ)N+7?PM7`UVm0!j!$s_$w!g5-&babA-v8(!sbm^K zFl1^8=GzewU%jg7UUTaR7Ioz)VG3=zFp_DJ2*XFsb=b$%%SBJFlXH!YUh z8ZTT%I-YvGIJPeufa#EOc1I~YO1kbk=^&yQ5L zVT}LFSP7OCdZ+P=fK@&9|w̠n= zO-esZ(t5HX?Q3%RIT{42%!Xel*%G3yrstaTykW?dS*2mrKbdIkEnEC=XvgxeE1st?rh@*wtJuJ82xKlri^r31dQ zJ@*V;2SZsIgv$Qog);sMSCcya z>SW>gVd)re0(=%O*+wM@^FVrL;ZEixmj}jFjQ~L@2MXZU%oq`K#Ha{>O5O+4YzT}a5HO>%cba<_b0At! zlx2zPMC8yj?BsN&VNQuELpHAD(B}x`bi2(uH&8ApaS$E7VubnBFTSK<$}pTdg~6qi?v>+n z4Zlx(K_QH71C6AD1Eob-uza1cm^3h7!@$5|-$#3`b#iXVCYgPxe{M+QK&#`9F^;Be zjO5Dg&<$+EcZ4OR_^6!8x}r`!C#b>`j?gfI-Yl{W+Qq zfuN@VuzbN8?%g6XY2W5#g-5D!FvSPm!lN#mM&*tVl)Dot-qI?9vp?pJp+!15rW!oG|pk*SC zLQB)>m3s+E7=Bk9_Wsl=+enS2Fi*;V!PyW}r{q{NWT;ZJ#p@NARRajf-i&u{GqPpE0#!DEB(Y!LsraGD;#FYLg^)vFLJLYRy zp=$8_O*5_b7$(43V1okb^j_swB(U`tlml8^Acg%|;nFkb4d&>sNd;R>M?`OzU zktvsUYeWQkywik<(l1@1vlB~pvGeJlNyY0FdeU`dkH4qoL7uF2JD<@SGm%?G@kI6n zkNWn15S{%yvUkES+We{Q3u=`Iuh~S8z1&U~xpa6u=Lx^0t<{yR23bMPor|#6nw@0f ziH8A0)}vI57sucByc0BPMIqlTciYtYD86Aq1L&-+8J#;cfZ9bk0k=SJ9LroRtz!ma#3l z;%SI1mld{c)T=cyV#{zG1AQUx*viMVELtX>ZgOKy2laPF;n?Lv1K#^dBIC(XldLn8 zBth+LmDPw~;|1xN0(9cxN66CzF=RmMvzE{FiR_Gtcs#1`;ST5_ZjWGp)Vo^}1<&$n zGPOFBKnx{fvDSa$nm0(A#b~o9aeHcx?$N1IC@Q+(^@zBGnIsuK|6(Z#Ys(}-iOnsI z5b(Rg`m`6o;8PR)pHp!|y;y#ujd z3=#BpkmB>M=>zh{9c$>Pd{`Med_9bhCrH@U?zoFZa8{c65Y(uGae)Io=D{j08QwHO zIX1#O5QxFPho0KaF}^)Fy5$|nbLm-gOl$LR;-jE1s%ngmrVPp87p1cn%=Ui!UhS&U ztThNtyAli$52rXZezzJ;?guT&bsTec3u6Iunh1b7>gAyY&ue#7fk#k;{~YLl2u%BW zpqSi)CC@5bz*QHkSt@g?&$}j5(p4UhV*X7g?n)*eml5f<#p!SDBr%QJZ7M{@KC8$N zLAZUDP!Pr={im?DHeQ-Fu0&ZDIIa1*M*s4Xta^FPr;Dzb;SuU5%Nf%{YF$=;dhVjC zmgdu*cJhX(6S&@HX?7!v{c?e~z*)FJb^i;z6o*@Us+&{SBZJ=yIr4-|ZAQBC{!Bxj zf#tVeAN+kevl|<*^-tefAwBz*6xu98GM>hS?&heF5N~^$ZN6<&+9V!HdzAts|9npR zYC<~pugP=S$@3=RkeE!CnYOVi>>3C7kSfFv8RLLM)+`5)f}Ew9Rgi~NJ=w)gvJ+6ZVcKak zN)&K>TxexcX{|-iT~LFHwShRbW|`H`NQ%%d(vUNVyvm^b(+1Nni>8Wsafn?25no{L z>WC(7vEh1SyKJ(4UiB_eT*z61e!T=;awCf~G5JRRf4s~yTN$_)$UlAr(fx1hBijEE z3Q_T}x3D#nv$It*u(tT7Dck)|xm}ZnhjXSX`d8Nk$4kAp#k`4BNf9koqGUUqjYX~` zbfF}S(L7q(-)1WC?g?*MKoFW})+@kE8)%k|cSwX9j(%3F)ay42+w3Xv%%8TOxSF-_;kmKEl&dFB)-&QZ!8oDV z08ctq*d2#A^3OPiHW>NhNuB5>62^V<8)%Z`uG5)17%u-A)dS58e#$8_qHc!gO-_~e zV<#BQQ8P&MbQqD!HIB=1PO4rT#f1-I$PJ(I>7IM@4`GYb@0B+GYBFbk5=ahsa# zX2M%p4c6krJ%a~}gef67CDkjnYz@HGj;buB;VC=Ct;G(8S*s^ zMx$EB%3$dljkAzq%qfgt3}LJ4t;vNIk%QtD%|yX$FxF=C6lR+qPM0n($AK_+5gMl<$wSRL5ZOH9A_Zhz=hE9Cp2f=<1Ri7os3YyrQ>E>|q7GR{DS*RbZj z)As?7jDLziG*-o@68a2 z(?%Iafk_`x!zOgKIVWYQBxblZ2Ma&UD{l`p!N9X%?p=5wMql!A~BQ zE-Q}SP!@61I@w?1zypdS+az8vs1)2jXP*TX$w=bQL+34?U$1aWN+5sXl;4g>zBzMw z{TF|i&u!Nh^+}^u9n0nQ-gA}-#UTW&-+DIn3Zd3gXOAq)nHD9#+#K`CFE;#9VY6QyD!h;Ek0#@u|Yfkz&=pKAF`>(I!t8Q(l#` z3t3L7&q>JU*t`QZ+zLHuSHo}4HFUo5YWZuqWWvkksq0m18wir_dhYJcYG+li*OxQ; z2$97V+#=IliyNTJby(Cuf0LHuv^7VExui#=50yp;HU(cVXsxy+{ zvpbRH8=~sSIZ3U{Ul>;q9%I{^9?iwa)<{zyie<5u=1#rM8G%+8g~^=Kb=UzTZ8HAL zo($Q{8d_P{(oiE7hDX!-770x%yg%t`?n^1Q5e302%(+3I?9ucrgV-na;UAf545Z;| z;P0!sAvbfXAbIUMc75qdhV|8Cy-|mJVR`O&#pFV&N())>$Ze9fE}g5=tTnFEUjyfS zj*$ai4~cZRav%W*&l^-2<_%kHRwCXI7j#mO0}2}s_?GvaRG*dl4A5c^%B}PYr;AxE z!dJ*dz_MNEfmO5wn6^^m06lW?9ht{YX5Sj@cc45W-(G0sCm#dHcG0n_!Y%Re<{Ot+ zP=Vv8?nbTmAWF~f6FH4?Z=gSc4?@ndD)TD{!Q2qt5Ri4SKq7X=SR}T4Bo0$=?seR;o&nPslJX5^*yNe| zXvYdlxdf~GPmh>a+Hr1jgwLU;NlNqZn3U5ar8hpL6UFk0OEn+&p}r2`1Wq1I45haS zjq)>~J4vj{8a=u^_uL(5FrnAx4FcQZ;G8~@E&3ZfTPSzbe8m9^zH5kW-`xEEwG*wH z`xfblbz}#+(gWf+)+kAa@(#CazmwW2+?HcL3+h&2=f&bL~I*1S9DG!%^D z4NrlVUT2_&u|9KE?8uyK}UF9u7Vnstr<~hV4K~dd+lwHG=U2}(D zLxf)gKwmkA4sxQ#dhDTwuTx{T52Ge%8h4P?n5%2 z^92quyp3NRse&xf8nHS14wg52&|?`2E^t)}{7?29<4-&PqA;3M ztSNOsHS=dQ45<9syYe%_7k=MUJ*`q?D}Yw&7Z$8cy5JWJmh~-+54-uRwK?sRr1PG~ z>j0Zi$PjW$c+JKY{96};p(cAa?8g?gckb+c+7ob3DLOXKi7T~%kiexBsgbRnmUo=? zlmGM@kLA>Z`-Nofnppr_&tON_sQL?x2ih=E;k>T~=EsvhhGe%AFrBjZf1Z&(>H;$^ zX7_E^t!F%gs(r|Rcib`{_H4YvGscDriz)I#=fQY}m^TXOWDNoCTNj+&F4KPtw4kE2eeyWQ8ryK{98Wz7CB4g27C(p9(H{Al1 zu2f*)yPXpgFK72cbyT;F@UDX)4O}zSFUg2@ZZFA8Qr(SC7 zu}-Vqa6{Uqrrdoggf1af_g^v#vP~9ovLdFk(WQk8`VAi z^Q^k^`bCd+@dh$+XW9N7D5f6$oS?5fL>hOjk~D~LTwK-2pE9U})^94O zkP65LY$)j~O9#l(fwMOqtf&Moa;bovd;Aewy3@Sw6g#vtAmH1m1b95ZN@kR5Jt4^6 zm*5zK3K)@(mTP33?QBt8Yi6lyvfXY^DqPU2;)_LZXqzAO%~4v?^t=Bt z_kZ;o{HL0$|NF;R6V_ejFwM8e7+}WC6@Y}L-#X;~7cPa!Z~@Ga2pR`I0DuLKhGznB(y~bHUbdE8$OsOWl7`%CD+tIY{x^8RLVO6ufd0Ex5mjC$i z$->gc=-)KWkC=9s^>zEPefUBDwOet8=KWc-~mG^c2zW2D=9{} z1PXRTzNVY%dTN;Dp9uF|GRMq@6JzOnQzg(m8H1!%zSSW#8FZPj7WhJ?u8%kcRxItb zQOej;o&4f-L#bkZf-1S?NrIMY3IuNRGR__Gw90aSNAWI zIKDyE-zgE+%H5lN?uDz7T&Y&O*0^_!dW>iH1y7VyT+tL$V48?#*A2jc#auO4 zT`kG7PI%M@xN|{!`gu`%Y>uf=x0)?x-z8VVn$Rk2NqSm$L?cvUB;xv0I)w~jBj`p* zTRZP5T}BkITRe-B$yhBevM{&T4hgqJH)&9$GDXOnuRlVdio&frhv3Ma{ySNnTVCuw zyuBQ6U)G)NDk`WjlKnYG`n%fyv~D)?0Yn~f5*07>+o!IH;C{6gL>;EMPzDasEYhXy zK&@c^eO`p_>X?7gwIEuyH3C_Xm(#zhiiZ@cD>Yz}y?F-*geGCFfj=$b&w9#YmW3N~ z7w-zS{p7_z+b5E!uwWbZW+TWh9#<;zXh45lU(-5RH;LzxTe%t^hU=`bk(oNYsL}4P zvB<12D=m4f>Bp0_5B6$sWh0MtE^fEEgZ8PZe7TkIsOX>Pfc(IZk2o;o`qETd3iv~? z-0r|X@rUpPI@4Gdia%{te%dM($+?)uLblAc0TF7#DfcjzL{W&Nn}1QGREKl^s@AOL z;V)FW#3$8>V6kVp;Hw)}IFt}km2327C-Zkg<5k2|?Ir&2)ljtah;lid$qjJIjA zPfvkwj=^yv7%E`8Pk`U7sqLJvoK=SEXS%=t3?`E6b&;HOw)}Jt1Bm%$A#=rZn{?!h zo3l`q1gK7e1!b%9^_v;uKc{fZ_Ym#M;Q3CCm;b%=TNxsCPt0u7dl7FzFeb53ZRif8 zZQp0YjkRhn-9VPf*fX+Bp7LHBGP~9UnBI;pHs~mk9m#0DJK^Tcr>hq&ni-EaT)*(% zOQ7*FWDn?3TIZNnB9Z%W+s_QKL>ReIVnCy;>Ma!dg?;i!>cFllJ41lWvJLW??R!kx zQIIpbM6`c`yL_a8VRo0$D$`z-UNWpcGshh5##I=w4UP*7@dF+Ubm4Zz0JH1lNsBn{WC`kNx^a8P*=_Fl+eS~f)fjzx6OnixEe3Rf z^0V8=jew&${UH+kQXK8~4cM~eU0#EpdI{_hGWo>E{R+F{#vpnQ1Z5Jt{n6Cge2Hl4 z9s;jkeS#AcpFb9I-Q2|H z5)5|K*E6F)_rMlzEPm|QpVgF}ND}Dm0YK5!09J9|u^i24CGBD2;P(`cp0PK%r2oL~ zuUVM=0%&~dc2=xMyxlE7Bf@@J?Dt%68(H;0Gn?hj$7|f^0~$r{LVA8hVa=L{Z`T%4 zYZy+QPSNnJN#G3he?fy>ZL&msv{=7m^c3KuI$LD`z)TS+G*j!Jo1@*XFH2iTTUH8C zbkte1EUJ;>P^6_+1tX*xZSU_TgQ<^=(sjnH>(E}d%-ciV!|Lfh3U%ylKWz%LIcVF; zngIl|B^DX!Hf6@%twEdiQ?j(t1ZA~@$x=s+_Kqf;yf~LlgPYu$%rY6I`!;2BQA|Rp zUbM-b^eF8AgDd6P-^jfJ%6p8x$c%9uE-Qo|?g#vQ6hpg@4#-93vH9wQ1!54YS(<<+X>`|y}; zm)O2d&M8~wzpyC@&Ton_aj&z!tJQtvn=zh*IM6^S4L}LCUS^M|g^qJH}+PZ#!;%%twtRUBf2M>fuoUaS4 z6E4tmO0sT!-U&^$xQxT?2!+!Ctam1@li|shd2uBEq3~Np@?dEoDC6D%mMs!bDxP(E?jr3R`L>Efs4uR@U|Y$P;w4HD_B2d_T@_N@9*u)l6i24VTkM#Is5vO09`(vS`a3Ezq5C6>s)W_Y&XEW` zqB4g1lp<>4AyO4Oa}c2$Ob}b=H7hAmS|Bm~SX732nkv;Yd*10ThviB)%vVf2ob~3y zM9IXP9)VVabN=eK15pH|NTe2oIY{awEmwda{|>UeTz3Etfe(mZG&ixWHTF~YipHK^ zz6Xk5C&EG_boF1K&Urt{fH9YPBWKA7jKxnlm$*hHlp?h~ZSj=B`iS^soN{^Mn7I{&psLg`ZKetXo?bkxG)rUQ8SvAh*f1 z<3%Pm&vEM_;6vl}SBk;bmv;S8$?E2d4JPM|D3Y!24H403o^_c-N@i>Kv6a)ko-<0t zSJ>mC6^KX@X%*ZCq_(J9ipx0^Z8teU*>w3XGpRiP*3{{YRi55sKFk?}tZ&^o_66H_ zshGZiVc`3b!kY9l9<%Ga=~UAr<7P9mcM2G{!v|LRR&b|^mCo+t_0nmIW{mk{e{f!b zpKsV>G4-gP-WkVDko@++_j^B-x=P6P!p>&PKe4xWD;Z%^CC-1I*B? z0p{!x`0&q~zf}5^j$G)C6hWr*`c6B@6er5tUTcQlEQA22kr42H3^zOr_fB(cGjivM z`u7kP3D^z8ZA5!|M{#yR(l{_I?d`YXZjcCuft>yl_TSbUa&MTL z9j5pAf}XyT!Qkl;P4B6}1f|$%X;8bT@oR9BQzGOyxVY!aN+5At1V=1XJqpl3a^Is3 zS;Ck>_wV`*c^f3d=*M&Y`LLn~4#PO+O*wDuK19+oY6@gr92=)zkF{?~pwr$(CZQHhO+qP}nwaRwYsT~IoH@ZTZdPch5oKL20>1umLl6(@$ykVkW zVQGe3&+BjIeRoGqKL2dq2@>6MfZh@o9FML=vW6Y!!jkN~?{pA*Kk`RPJwFyC7mhMxU{`o)g50|C&>S{+0A@IC8pm z1K5Z0Nu9l-d}tpGy?c>-0IFjznlrDuRlXclHd$7SN47hbb^*}%NtA3B&O4^& zo5TUCzSlRqBFgJ)Iv)H<@JO8Vh@5+;&VNG5e}V=0;~`k5E}>SWjRwbRlf-aoY_v;* zvqg#QCSX<4B+=o{r4vu#rCD*;AvJ(`KsZLyI3k1ZR)Su}-3Mx93u|#4WLJKv$5FXQ zP6>TxMbe}RebxnhYhtRxt>dR_3E)!=^4g5Dw@M+uULKsgM3dN+6oLNwX5{Z*6#NA2 zGgLH7dRymj)b4+TmBblW#SrI(c_kyj*{{SQnE!^NA;QlXGs`iTG|6UC&c6(%4HYwJ z&3*i*L>AW)e2G*8CB@{yEI(LY^8xDjr0t14rGt2YM>5+Hg4wLEJt2+=rWMc>(=oYT^fJX~B@tm|R7O!& z!n{Jc1kgOTneh~hmEHUbZZX{a<;boxC86B?bkG|RxeE415AwoqY*Wn&BA)5UCv{R% z3PxQ*StNsP_~0y!ZN{)UzAF+``vkHQ8#iF{NvZGDAkvrvb9I5FRZy(foS04S1a6`7 zYhI!G7`T)&BQ>@loS{4}fAo=t>HY8odN9d5G0}udvJ-;x6ofRXV_lIFmaA$YxvKXN zLJ8NOJ(4ATRAK{9b4jygY$WX_gE?**ZvReqk+_?PXb44uHT z#O|!EO#3+EdOYZ-L<23xuAldVfAVUA!nqF3eNaNmGU>Nsw7_M*5Dfi-fJzC$}`M9aVBK4e8ih9 zJO}@-4qMI@5k6sfwj!!x;zZ3BqCALKmcNRwRz-Rq&amrVPD(;DA#iG3@6J970Jb|j zJ@Gc^eZ-|mdc*j&>h?xNG6D4X#`EsU+wt3v9ec)dY0%BO73_($kBjYc3V5&{xoWX3 ze6nJ4?%sR;XCw(k)d$G;JCeNo?Ogu*jrRYh+WLQmjDWtQ@&CTm-mC%Tm3-{}!+ZKn zybmOR7a#WrADEc59|*h*LPr3BC_#t_AAId#oE>-H%mHDRoqw*QqIuK8(z@Dtak*w$ zg{4%xnHF=wiGRiHDu_5uXzqe5?sV;rN&`_cqY= zrkMoXMw%E211i)fB_^1Je1HO!F^fq*3RPrujF3UP+EIwpi5^i-xG2XvXM-uL@M27! zQ;|1U@;@vWkza*)B=#ILX}Y=cfuq%wFnfEL#7KiQ8()lq9hSLVldBlZ)D#JBalO2omY@vD3 zc8bF@F)YX3&RLjZ2(nr^jWtqMI`p$h+uB3r8rK z&r3Nw`W+#QiXn`3>8O$%hsV}BQ;%(~VA|_*(?!XHRn?$J@iyw_O_UHwvoQ4{D^Hq> z)=ReSA)po+S^h-=`YB#^YstqFIQAH9H(`ieWps3#7@cVl&6V`x;{4q{bT?tA={|y% zMgH^%NfRRM;!f!)h`-Z;$S7V{C3N3LDXVD`8aL89G4N87eYZiN!d0%rz8 zow(*2ei^&4l-e4(+1Mr=wxp1Y!(1{J=B$-ubPPNBv0Q+5fS#wQrmrS?Mg8c=vRi1L z!Pq$3?lUfiqt+2Pij;YJWGTa=VQsV}AMflwIcgv1ofIsW{l7f95_(K~yO%8JbmwAE zQO1$l5%f;veL;h!?)paz`#ROk5h}>++*NA@0^NW>{bj6B? zvS@l_kLPc#ymN^O5ey=hOd>~owREtA@+8F&ptk-2e#}ri!gwabP(bQ*aqNGJ01y5n z

)_TUPt6R$Z8_NBtXEWa38PWQoI-_cJc;4@7pDJBIr%m^aGa6ec$MWR(d~^xGet zEIz0=hJ8fRSto%5jB&v)jN(TC-T8{iX~CR!rO|&W{Nb(!mkjp>g?#c~ChS;w4EAv_ zafiEul}WNA(9k^1ZYG5cS0QF3inL!`Vn+%F2SYis*6f&$hnDY!=jt_$-@Gwj%BhGI z-Bh{0{i9>|0YWH9xnI(m`=2Oxom4oc{kH@*HJG}tM{qY@gGk&sF=AgzScwzt4fA}s z%ntFrBCh3&;O7J02mB~Q-b3xz25{G34Y>%yy2OLcq*qmTnlLt_SB7yAU`1eKpc54) zeh-o*Ddl1iIL&uxJcMO2u{N$FB8u!rY4M=azIE@>2Ayo{BLGmj(}S^4{R~|Gq|{u- zhJcAfA?m7cgxoS5*uQp3#&nT#X|r6`wmR@b?ot^rb=>4Vb4=0YtVXje@_i~S#42vZ zA6d+N=-EAW>VKo^psG0nZ|Mb2%&=$Yr&eA7x5CaEQB0Dz$j?CIcl-MtZI~L)^W_F|u6@ycr+26*Jtl`2uOWKpQf#g` zQS62iE?~Q48YaFLk0CS#jLA{3z5Gpo&GdN7hL3(LA4N$ma_(bL5r}UQKZdQ~|Fk|E zSV1A#M{*{;7<)I?UZ}f{iT)$99#j~PE><@bWGL$yjD{7!KX_*A@mNNUsI`(Z@nx8d zT^IjsHM||YvH8`8aGqGJ+uL>Kp8}#$?-2B}JPPZ`Lw3^lr~yv_n#XxJUs0RGuku~h zn3b=5^$vG$1y3AGaA=WFl3uD!l|pCBR2t9U;lBq5CRu!{p4{f8T3v-0(6lr>Xb`9UjFm*muSSNi`s50`4{_+bpIAwuVroznWq=T6NA5U0| zZKX@gKhhAon&S2{Q_Y=@%WYt6J78~U&N_cvbg;GgroAGdJlY^5m70IkBj+R*BZR%r%5JD zXhVjpilDy#g=mZ8%HplvAQc6iB7UNT!_Cwr~?`oEMGBltV!!cWB{9>$65 zqi#KkxU5UBrypIH9QNU?JCyMo^P7JZ5_K(oY1ZTCl|(>=1$ym_=)RaKCSNV3;Ln*Y zEfwJ8f%$%$&nifX?$>rq+4B$HGjWi^4UG!OPJc&0M_=I0Jaz;_iVX?hK7rWrSr}L@ zjUG!Bc#fn{)nI(AO(QZX)8=A@jtag2KZ+KY(ziCjik}-7@u`b{a|^*ldr#8N z+rNct$C&GMtt%~wo_Ic z;tk6eb2m!@jsjfF2rzSL+j$m>{<=%bQbBqCr`;0@vxupIGn0zr9DV$W(hDl_y`!JwFsT-6|i4 zm*1=MHM{c7r%Sf&C++|=OtUtRMlab%A1&vuI|YF6^$71-Ae&sL4zWC^iMc$p6N!|0 zx(m~v47T0c~Hhd{U7 zB0%}VH&GIZeRT?=UwF)HSMVUz6EVgDF-93xzNV?k&e9UgdWqhnS(H<`jZ=~ng9w`{ zZRq1t$4kbU21iy%4%jcPdu~)uz-N4Gz&Gv0)N&wFAU3_b6$nI&x0qQHyNXI524R$( z)1hlr`sZN!YMZ{)Nv24MRylF_MldcwsF2;6wk&7V&V)uUtRknX3$WhE-QZmzM&Ixh za>?OJA9~3i^(XaGqF~BYBpU0ju?oM3-RpM`Y6&lKz?kLXlH%VD*!;^&f^OcurkILTm_UO z@b5vDaUP7RY*#74gkjAoYMxO(O^vx{)Ls1O{7k z7wh<8G|lkNN>>-~Y~zI(3eY7MP`vs(0|AL!CyVT>)R-k!0h-*YOCQT{lC%}&#SJx{ zB=l~$0nD*GG)m8+J?7k%NJI&K)T;*hTA{*NtKtk7gt#ea*h`GdB4Ec#HxrgcSs*{P zXFBDt#Ny#uw5Vkko$p_q8ajxTunFp6_Qkh$4eSM(&wV~`#|anFd8F*|Zc2f8`5Je_>%8DFk7%?A za0gW0=v*eY*C=1~w*&q`RJld5uqT~(K3x|vn z;V_i!Vx8)IUK`lAws*(BOrqgj2d#5D8YTt+pjx{lsB4dmap)j?_5gDo@`z&!l69QuyC`pCVpUDKH|LOqQgR@HlBvPLp06SI zZj1ufuno~4}u*UU}6#S{9yJh$Gojr^AC+bOlT{l=V2M=JOR zPIGs9Upf9**&iZSHTaQU81;5Q5~r5`o`D3M6@*)-6R>h8Y!`}3o%Wchu!5@h_n}zN z|C}=OBlLwm_4@{$JpAMtsar6cBbb=7FFHlbSzq2l;tH63syP@sWyVVj`ko3MZA8;7 z0+G`(QF)`6I4+%n<28)1-){bcHysQa1JDY@yjfKc+PBrco2+4$E-)bnMp=*4Pg^BMD33nHhF zYC3JV2lseC;zkwB?Gg7WYTgFnXUGcOj3>eu#z3%);gLQF*3h!JWHI9~cL-2%B6p;h zH#D~ncQs?0Ko$MoLdy+x*9ELbKb6KiRQ8+iltNJ2dw(J>J*y@2yzUtJBvy6Zsw?E} zo&!Z;lDNxd>BB4R^>gjako-AWzjJoP&z5FVnO&hL*e$gd!}UF7PiI$w>p(Mv)a%J@ zWHoMjkx71KXH;tBL^$fthGE2l02h(!1IvLa(5>J2HUP@ohZN7>0}U;K0!)OgP zq-g8e3pHDP5U@|n-VuhjG8dbeOo^lH3?S&36|}1QbdC_9&X~PY*#pz{dEW{EqSC<_ zz8}vB*=GzrT|)Urf-V~^g24O*U7-Io9ipR2pviE5{@ndS_y2p-@!v2Pst)E(|JNoS zt)!`_sf_e3gW!Od#dkykC=UseD95IJ7qH|3kvDHwpFcMs`FGqOCnJk)Je-b0XXL!I z(An!;ExYISfbCE!pOK^R=9_HP_A2NPz6xn#_o~i?rlq%Mb@QyQ@6R)spZOMeKUi;! zpFavPvye-5EES_|JLk#$N=^0?6L2kC&7t=4UhMGd##{soHa^f59TT)sBnab$@$^@N ztKLah7JDm4tBwO#XA!=ZSTgE;%ISK|;kDVE!ojwFo}$)Za0d0EIYJ z7Jh>6E2X-$s|5ks6I9-bd;Ww;OP1ghQ_lnUi+E}LvlpzIojf!ca#M6EUwWN_jvxH zJItWzKLcE&X=lh%Is7O>8fICuv)JOyq4ellh*C)bGX+6gm?DkDJBcbY7=6fth7i7} zCZ@+>jL4Sydi)T+hO|Qvj>Q;DT4hL07xU$f3B|=^8k6eJ3}uHSEk)3-O;}2fr0*Bl zSqGvBWSOx2x+qd@vud1etV&{n%E=}f!$vk4Osagx9#Jc8=}v>>s)4SHc>_i48Fu6R zR;{~dC4)_FZ!703Z)RyJ)t2tXhhZmAoXxd%M;YA6(zTr{uVSyvL7J;%i??io%DK%Z z#wHu(7Uox$#4ZEl8xDw*@fi3Hv2``fPax zY;n-x4eO2>R;`RIBo~boUy{GZ5y=WGI(9_5qTP&&2jP=g&bYenaPaPGNd)%}OFVL$ zg%+V*Ce5xD-Pl#&I(zQ~vM=bx!Jb@qXc_~);Mys61_yBQLv#2Z2=juEq#i(_Xi|3b zzQk*xsckWZ(Uu4RIU96=uv774T<`ULOE(5cfZpmuW;l3FRUE3tj;|fOYU{^ z?v3RSnG+NLNI*-igzlqK&?A!&d6T{JR4wW$(Zx zYgwe~27K-mxY6gqAs$EF#9kyaFlKzQt2*HlsV<}MMuXzHo1sY5D z)Z4aQ`t147x9Aw4{gcn;?@!_;MGbHGW=2N*lkaanfq@@$W^x<+g6|uC(LDb>uh{;_ zWf5Z&eP=7D|L8-08(L>$B4ryRV?!%_2V)~)8z*z8|HD4aR<>5f6h`tPS+BznN?2Gx z`6xhMB9d#t(=fMSCgCr{A0|2y`|=w!5o^7coVhL<$vvRGb>uc^#`yxUeu~6-YUCaA zFy$v066|+On9AmSIc}fbYIlEJ9mEBoGNAScFW_h*GC(sB+dh72(|2sO-rDG*lp3dV z8g!s`PsGodVG4yGt&0&tAQWSuO3N`!TVUdWGMY6TPmxE`?6REf`ki@gYSVY0v;>(u z>NZK#G##Bn)0a+Q_tWW|lU7RZI&88de+wZPijg-u)Jd3Jwk*Vu+C!G2hh#^XI+(lD z48GCv&7QHhz>DeHjlQ175oGtPW1l9ZDe=)>0$JEJMpFSTsi)6t>l? zP^Um9dsQoKktt&yk9c66h6ljD0L@1n5(Ms`)ZDgb_dU4rj~)~03?U7!*P)PmEU3Zr z_iY-iKVa9qZf+o_ECho1YO#yC(J-179}*vIJZy%XHxFU&z?A9iXwqHVZ(0O{VB%IQ zWq5Wf?`}2)C-yPv$g^geq{-qAtmsWRl$3WhicjgK=o7&;kZ|PC2G8mhQHp{bzO_p^ z0z1+%mX~GyaFn4F27Wx^SGk` z01=(UxEd#IB}Kfy8Ilq_Dp3z!+A}01A~um*hSEsZzwlnCz8BH7znw$g1i9uPYKL6T z^PiF3WcqPlf@K=W z4C{%dXk##fWPta(#~8m>E$;uQTTvWC1}G<*$jPyD!HXZxy1x{$F@C;g*!Qr zY2Z$C-x|`ypW<3Sf>=VL*~bpRA>O4&k}DdJaOw#fQMA|-ey=M< zI?yGp{|=YIr#z~OABG%n6<|@l!>@)|7?u|VI{gOyPZF5k@KO~4{rQvm>l6C#N$@|< zX#PJ*@P9a6D!c#j!+zWR`eES~_#i+wE$Wr<^;(;rM2lBi;OHN!?c=GHk*G=}e5P|&U)Pbp_2Oq3!{ zDs-I58+AAz>XiA|C@DCn8cYu)4+A1M?iO+%a2eKP>j-r; z?17jlMbnA)=)d(p7Jw)>gBApvhY{q`WR#L8Q62tet6)2k>#0O}$yV%FT(g|*Flf)W zr-<1%=GbiIF0B?p7f|}#ah~V7E+ry0oX2-^I_nO9wtTC-5LBdeI{&LUo;c(Y(kfCi zN=Q4NsYwqR{;N~JWxf*=rt(;zKM9MOTdjmWh}Fv0?Nm4?^ROjEp-PiEQ&!zcv->;B zFEC7dmkqlXhUP{SA}xFUq}Yea$c3F^&d7zB3N`m(q2mp;* Cn)bx$R_rQ|VE*@g zAf27LgUwX%EgFAn-onS2)64h(O*NP!aI9;cUMM@?gI};ybVC#I$A+(;h(22wffeEl zWe35M0LM16%Ih&^4|x!zi?R``koAX*m+&jd^{+n${0iq0`@&RX>AWK8Y-Eoq?Z5!z zGuFKD6M77D2kQ7&_sO*c;>$0>F6gEBgIGOP%p}gDK{>pwZbKAS83I2Jw0jb)i$VYhz zyohPyj#cRxjBFqGjaFn&j0ctcpU|dJgt>tL*R zmwb3Ck;~OT*3LgZ$bY14z@)(YKyc}30e)?H_skkEz~3x?wvhkC;AKHV9SxUg%KElK z?a6xDau59^ig!TR6%X*%$zoUSK#_$gQd8&ZHWg{PY<;)(%6+3Jfiz^p>2fVs3 z-X$)c6_tDqGAIQ>kX)>8!&kdMIyE|E8^9EWVvf;`I~fc^d$xMDF7jcfk?X|HpO?<> z*KDI!LHlZsP^i54#{Ey+x^G{&WBf9vr~iK$)BmHoP1xGb$^HKg#s7EMMk`v%V(=qz z4`w36!IQVN&&6#DORf;1L6Coh*)^rkXo8X$blD*e9#ilih`||lJEpkHf z^J8@2KF?&gpH8v6-h6*Q9HRPJTakz1We8CPvLQfM?6YU!Ls#R5Nlqh`xDb5i;B$0X zr+3_Xg$&gkYaCz;HmTec#S3si5C^gwp{d~Z{mp{1cmA900_(N=5F1D%xPO-Tt-flt zeKlc8)!Iq;=72s$I7^4y1TAomyTx}_(~nLe%J}N4Kt|VP<3Z8dKBx^})?w}GZBvm_ zsq^SnqoVn7^RnS-w1ljb$B{E`9b7{_fkH)3wTv@S;i}*^H1`U2*Kc3x%`rn3O=Wtk zhA|G3Kf#Gx?@fUpD4H^v$$c92Vf{6A(m*TIz!oz4$2;vYwm3I=*p(j`>yqGfNMlyP!HS<>L%Il$=mh#Uj~0xp6T+b53xU zL$gHHBO+gMCs-CG(lO#kz$LRVN(1r0HiI(HPwj-UhiW}b)m9OiD`E6Sd=I}i@lrB+ z7OXRUSKm9_TS~zamaUhd145V2tdf@zMNDd0FzU*D8d4t#dlNaJ!Wy_N@xAn#2*V>{ z`QpF;HA*i5W{u>2hZmzmO^|?tP)cd`blmN-?tea6g8UU7ye0Z7ca{v9)2cMw}Hlt@}?P#cDt!cfJp|`ow)zQ+?g?FnrfS?#Of1f(m8Hyfb3wWWls z#$zt;UaN0E_V3x4-*>Y}*tqbt-A-!|7_|+(4Ks36Q&aMj+L{urj)64|u2wJr!W%EX zKQ1tD055zlMRp?7(%ahqganijmM$1UH`7)DonSwtC$376H^Ub)Fu&WbhHosohprhd z>C=8eEfH65fKSYLuGZdW4!6qUY4z>mLLzem&>FxOZoDoGqc}ZICR%|2Q<3ntZi*AsRwLK2qk>YU9ENFj$~YDI$g>TQBQqUc}srxjPBOf&XR~N zEbBfvMwPAM9i;Eo1p0LKB%rhNcS(f;d$t!M$=pTJFWJ#~Y%nDS-A7l`vy#`WFCN-& zLy93Ejs(%plOwsm-Eji0NVpGFck#aKUyDjs$dGXb#A29_eRRScb&p1*!=f}<2m&ZX zG$V$Wwe@$&TeUw+hOUQ{@bB0zj8Q60+$r1=T2?c(At!jU;ZH7KS<27zhZ9%IuuUqr14cy%{E5 zQCXN)HDivCHu0P|eae}v)t_UjtK|5xXFSLxAt-2s;@6Q#U)26+kqlAoH--`ID5out zhW;2nH)_G;zf`pyw7hS^NS&^2Iluv!xyH7*du02>9Q3DipGd8CaGc~5LPnp??B^MI z8YDs5;8>JA@y|*=K;Nl)q2U?`YZhqfgD6z6%2dWIr034*#Jq~h5(|tO2@|Tk_rxZ3;c)~K)gUb8RoK-!wm*vO)&M)4-TGz z`b5s3u?rp12~Y081>WCV9+ZZ5g%GU$(`?NfCn?S;#N{F$Z>CKwtOe)1X`)SjTLuHw zc9;^zk+sZcqEqt-SD|DroUVf`ZStYL&r4r9KyZ(}^F=pCdmn>|JZgUYT|4>%+IFlM z4;w1H^ZtOilM{s-FjwrAI)Z0&>y9!hfVGxdD_e4hnk#-PZlsq5>{lr*;xQhz5HI~- zWe+Q5$c$TpM0B;=Iu^yhP)z-OyjHj)CNa|MO!y%w=`X%*TND;;G8{eX*)i81EEJ=S}U6s zEbAYH1+$}PBMm61l5dNAU+pQ#@p;)R~hU#@r)I2u#%xAaWRI_0`1Yy@z zP0h{i%>->&g9W(sbWgw;x4tT(e-XwIlQe_}zl{cFZ=oc_HzQU~m>n}eEj8hcp$ScA z@oo?(Px5SfGwM>^3|@_;%s_%Zq|QdzQn9E&Gf{{&Gs%hYmGwpSF-N3H%A^epr5_}G z6Rng2dGh>qDo7Tq+U5Z0O5I_)>7`B@2$JnsKa{h^r975dD-birRU*jL1IFJUFV(lG zLM0j0byKADBfKIWxym34ZOBP3WVg4X9WyeksX)XBKr^V6Bg&0UfU3nt`z(07B^cE? zx-sCsCRW4~?pN3K5@GO7v$4Q~htMn%O&^(o&%fjnVF=Ogoc;0CQ`WDnpZf@7S+<*3C|Y_g`3pI}K9Of)%Xmus{z<-35N>I5g@E#EXk7m*v)G zu`dnNr7CCtPvi1aqhEge`u!4d_$6&^kR06|hgyRCq!w3X{(So~J^i{Ko>SUoX z2&cEE+F??loPgf{@R_IYm|8tTsM8sucHT4p4Jg=(clF=PKYB^$G)x@aw-XoV7{g3A zQ#!N2yDuV+pI`ZdN|dexuLb+A5hWrsOi?oFNNudT=-NOA){+LJTo66^p%o zu`sPU9T_u)@c+{`Xix~zFmGbkB@uY>cim1@iTGc?iWYevf@d+9aF8C`-|Us)jbF zw3UQoFKL%L0a^Ov!2kFeHNd3as^#DV$sc#3f%kk8x%tBJhli}EtC6Ui@-Ik5c#IlC ztNlh{Yc!0oQ*^j38b-Mt@6q`KUV_GRi0rR4WtW<>OPDF}pPR;W^k)tJ z;Fn(7>FxQj;hnyAjqB*qZWJi`vmpfkRT;qU4h#9{9M>`V>8pX6&aa^toEHZ5M82BU z8fc}TJ0iR|O%?N0Q509m;Q!z+>DLi_nte19-z5^nm`qa;nm@t+`vLlP%IfL%jArjG z8~Vi}(o_g>=PLb-vmR}<2|tr7&qX`8wFf2s07mi=_iEGh`b9~uQW%Pxerbrl&VDZx zkJ$aTWRzP!OHC_NT^&Y2LLO26)hqo>`~lf7`M^=?6=F<4EZs}L-dYqZ?vT__vaIw` zQQ}bA-xK-F!~=b+Q3Nrtr#B5LRl?OkBcbO*w;s!&*hqx0^$Ts}O}{jKj=aL18&k-S zzom|WFGjmm1znG~u~aZ2v#^9v?hu%=9LOc=>rJ=99mFE+X=*5`GTC2P08y5#l*m44 z3*zl=Z|}b$WH!x8&vNAVua#1y@=qcD(Rrnc7`_KOvP#_2I?kAJPQ)Bq7|Ma0_hfp_ zOlhsg6WSt)Ekx_C#V$-;My-AZ!7%Cv*dNN|@_*rX6w5 zX$p_In?d+W5BDS#OhJG0v-i>n-C$Yj`sq#4(8`(83|8aYR=|!huxRPthy+M=NW7KG z8zMfVWLe&jJPeH^ng))$GED9XV(xso%(-}=mdTZjZVwCsQ|Zt!i_4RdnHytisvqNs zUM<9p2@Hfjhyil+@6)|d09%;!-#hL?m6u!8n_+^a9yuX{gA60`6x#K?DG?@CLP{uW{ zbZvyQB~bFCqfyel@X7TgYDJb+JO)rRKh=7G7)6i8+B*x@Pq&;j7W9+y&30YQ z0GQjBW~^d;b084pz1QqVo=-&T`%`y*@px)Y$7aHn0}dZvmxqJ9oWzx0DCdz`;7oaD z3w^Z0!kQ=Bgdyxi7^ErHBSAu%M42*+R~0~FOBgDkERI?1FuGIC@`llq0*&EOkkHcc z#&4-WHbBZS78xI8A~W6;+G5pNN`nQqXm=s)!vLQzOC8LC=7tIqsiEn80qp}BXg^Dt>B!%)FuU3g1(OsTm*8FKb9Alkztsv(D0c3b#DeWZ9_f;B)TtQ?+scxpc_ zzdFGjOQQVM=NQlV-kUK=Z&s8du6b4!PIAh}v1-OAE%)}#l)}M`NTO|lhoC_kXG%xg zn~6{KOfB;p3S^YQQ4aS?7P-e=>ok<~9Y;d}Bi-mBYucxX#4V@-D68+tLPbL{vhnh= zaWZ4-3et4Cx`v@0bQs7#V)RB$DIdzm`Nx-t;t zV-_@wC)lXN*In2SXv_#ivex5G>7Kw(H7z`{L5c-)j7yuuo1*@O0x+n39c^VLseZ&8 zhBumuBI1{_Aq1?cy*F->-qe&3FoNaF28sej6H{RozwsN^Hz1`d(jWMmdPI!B>7V)n zg}nLnmio(83lsl}jguuKO;wffILjXjNqnQyjEGs36Mm975d(AS-V&4ENms!%zRKoY z-YFBk0(qzP}obHJy}W`2U8(`m~<-kQNpgVQKb? zR8zv(VPXM&`^)G11)`PXk36f#r!3&|9r}wbWdtK5t}za-+%SxVM`58%rnU66=jXdi zw`mLAh4k(cLSD}g;uOMpu+LhZU76>rqGz-^sp~a{Npk&QNq#5K^s>CMeriT(db0ATi~a1hGJk{EwjxgiJ_n@FD0cauO7KcOiGGBI||T%xvR5xmXwuPxfJ801@h-q zovdJ)XTaOJxWtSyz$Y&kI{TXsx1FpUyEjieeTh@pJJMabGv5s)z&@Ug3vp*kjgL(|Z-Opik1GBk=RgoXHPp}F7V z2!CV6T1$u7sx-vj36~`ypsVKX^W(UW#IQqSzqipNI&!7e8Mf(SJSH)_V+EQZTg+!h z`lHRS5nIUS?k5N3oADBj$KYI?@WrSLvQIRui2q#Lv;7N*Wl z{)6@>M;JUe^e9p{un3z+OWb6L)KN3aBnYK)FX$epA&@dKh$6oq+gm?Y7^=XBvnmt` zL5s|bgtlk1pb789A34NJIa6GPC`luW5o%LewX3iUwt0Z2hd9-YsPGT0RB(i*N49TV z4%0(QH}Dv`WvQ;(mn?H_$G4lPT7pZ9I*Vz*4sL=d$LS|$6%N+wYS{}?fuiDTg#Yu* z9x`T7UWi`-&nLzX(Wj+275PW*(6Ts+!VEyo?+;N&q*OgygAOBh;!s#HXZ;Y;s60Q- zasWf)@=dKKs&W+L&|SlsCprYsEj7V%f zL&<(pBrX%S0fAlw;*f+9oH7jgFqCZ!Rx}G+2))30i$kp3q&~G57KmlZY|s9N{5vev2^4}-t+?``wB!`HB1`u zK$08N_#u({w#z>AVzzAm7rAa2VJj&sy5aN#Dx-#~UWD?B`Jbnq?4`_%`jyHGM3Y`H8!Hk`XPR>=s!I9XsH@=@&h~-iHb|^bTlUi3$0!-# z8uH=A6)3*11Cd4DC_)~tLbA*L<_fiFQ!+r@{8`3A=F(dcE0l{8sf1jIS7J-#g@lAn z66jIM3rf&;szgToLSb3R^>7&Ma(O&@=24|!UQ7_)k_MAv zLB?!(+IjLftiwPD{EtT}c++~~EBKlVYLM`f^n}smuy1wbIPkFr=Jiuu-0Gm2KYyh^ ze*h0$!xQru8$AN~{m%Y?$P-aI$uMN-apHoGLOc0SHo$oYevt6550`3|b4aj!rhBFVSE&Z9BxU$h8X)`{p-5pPp z2qnMCckmHI%^wbcB(8iEvf=WEhr#S~(~Lb0XrM%CSR-GCLc?G@SK!jLWv{XyCpiqV zm3CC=ytJiVudcbsA0%(U&OI}$)MuEyR zG>ET_$eKt!#=ls7&0a%XIP~`HG&3gVlvzNfke-eCid7>po3~Fm~_*@qLEtv!x$G zUSS?UJTW^Xv#C0yLCB&bGIbk~lx@t#&F$ImrS?k*kU&f^H3pxWS;j%y4-Li4j*R{q zuOIfUVD-o`DbA0FqWR}h_07{j-+^}9XG&<1X;)c{9u=gpz!+*;=JMffn~Ek&p*F z;C4~Lu~`l(AyDZcDK3@Jjg^Cs4gWzGQIj9tVmD@Rf>{mS898>Ra9sd$NMmjpY?1`sQ3TSvT-uyvj_rv`e$3Sf+QJ&Oj*j zFe7s`|0*adD;bkJStJk+&(GtPo0K?7nxRV?W^;7cv?h}*%M5wqTlotd3OybsaWQZaXMLgZnIrX>KjEOL&dpNPa)PO>R2o8Cj_g^=6(t69Vwt5sLVe7F6;xXzv{>ur zo0S$*S*5f_?f{3+s6R)==7zME0sLfn04WYY1d`KO$}54fxS#twS!! zRbgs(lBukxb_wBqi-anXKlprN6pc|l`CSzXP#78El>xfInZfUKCMTy82?C|A;Xb2`F`dg^ao?XM#$lfjMU z>}fBZa+RrUq^%Fuc4Y~h`WVX9C<39aa>_NPa;>t32w}I9%fc4$5m{viGZy3|W+~U1 z%Jnpl#6Zwzm9IliOtdIBn#xVe%?wOmU0r3+IoW+d4*?3c=7kR9P{}$RupUH&$__ye z_p`U%v1e2-P;N1mTb0`^Je@ZTw*7y^^I+6I=sZaFx0%XcrMa6QHg;%gFmce8zeQ~U zw93V9WxKLNSMD;EyOo`x+7a#3&8zSSgTCed8MF&fy{=}>y2NuEYKVhKmTS;5hxr&4w4CsLj#P30-&X#`1;kQ1IY zwY8#^t;+f%)^9&S|Ffp@obtR~E~lu#9xN-AI7A)khy_G>NO{pzUQ+(fK%k)a*r*%g z+#*Byhuk?BqCn>Q%utP}xpk_cyo!#uq#b<<;_Jsa#)?lU8MdrlrdxSUd0kiDFxm0S zn=!vC5GmOV#%GoH;!Di^cToxvryQodZ7T0j3aQ(>5s6OknacZe^I~X^Z(|#st22}j zQH-nXz~!U;Z>bn=D4(D-M6SmVx4KEo9xB07SUK8IK4XyU$qJ&^rUG10`U4+rjlgbe z0&OcW0Bt0uhw8xCO*oj zI|k<_|^s*+Z*LdN0UD&YrA!H$ikE5)b7wm zw)k6Vo5Gl?r4>aB>{zL)W){UKs>@W}q2s;?uB5F_p3*?FtEQ>Os|lDLp&AD2*Odnv z11J;&Vt9t5jzYt$CWcPW$Qj8^k#y|Jt@eRk^yhR#?T11r7j6!)UXp33{TZZXda|1Q z){%$?zt7%~<0o4<+E52FI3~0y1KAqA%;OlbpeKuThRWNSIhms;c_cv8650mVBG1aK z@CO4y&+^vh_LiWb4r1W(WQ7c(14n8eU2-y~j>efNFB)nF%15|qq_vnzCot3@rs|>6 zyo=0JQ7cuWm9N!draD|5fsT{l=Q=I6CA;TOX}{DC$R; z>UcHZ+VN_MuqBTSrerND{sThnRwt@Q>S_U+Cv{S+#ldR-swgFz^n1pO?u;6P0m+Hs z?Tj)r$3(REE??RO7%oYKiet7xaf*GT3((%IlV-;fC=|!)nV0~OG6s-P$ajKIIRT39 zR70H_y(cf~bc}iSnYZE<#-h!zx1| zU+!y=YwS*45Tk7MSW{ghqio86%PMP1=TsJzyVZq!prIZwt0r~!GD`1*OeiPIXlM8s z%!SoDQ}wI$sNfhahC9)Dro(>Uq8!c_!L2aWKyPp}OAU1;12!^_ouD?FY7^~uN<>Ai zUKwa<36=fHPPLfoDiz~Jx8Gg~p#6N~58+5-jH;xH9;>y$6F$M{sVXh-$n?J1Q%~Ps zlD@-7``e>!05(Ct>A`7INJdqppJk$McYyAEuPeeu>B!ybd;FSH1yUZUw zw7<^tyT_kL!%Np5IdmRkRA~hQgv45j#N4K3z6PJ%`}+SM2}}}Lm7$VPp>xGl*T6^W z$)@@zs-7xzYR6Dd#n|4itB_=$ZmMTQmGfw$y4;{nZ_hNL?m3FEiE4 z>D)t7uTzFp@+&H@E~SQ7nyNe?{qgO%#Q@+SEmJ4`@&XPbowE0y+G;+-;yzF8HudAW1L{s<%Gt&=a{ihkB|q`lDqB9x}c@`om|5 zJwaeRMxWXUeU?KmPSVftSCr_ZhxkZ-y^*a!evl6gowytu^Ca_utSl;Fom^qhI7l-c zpIB?S45`M7Db2IL_JKbG=);2T^=M^CnS8Y?Yz3!px5x{9YRFX|XuwHI)Qu+p8vA=y zhTlFmK%df}PpBem0?l;f-l0z9cNuV`7W+#T$)TgLp^rt$r#wK5vi_zZdLnxWI$6Gm zz6ug(Dr&TbaM#kOWbGd=`XSHLI)S4#SJBXnvrRjIktd{SWdwm(+oR<41SUh&+uua` zx6JtvP>f^hG#_c75t6^PmB`?d5UuYd(8pV*x7S-YVDst))I)a8+GCZsY>L>utO^v3^IE^-A~+$dR#BLErJ1@b7ibGo zVr0K4RfK6>y^jpw{x|M3sQzD3v`GD-*}2d|gi3|HmRtr!iMtPqw3jT1Mc4jw^|-En9LE8Uu|k-N=)r<6|{1JUGsp#A|HmW*oV`HVQD~ z0+C<1a)(ZllK3y$|8b>1Zmz^i`iyq*p&bA}SfJ1@zktcDwf7q@W zeWKFR+Ke9Oh*-zE4synHl1%!Wm(@t+GYV@P?0*HoZIN+CK*rornZg*F6b!{=v@fQl zLt&tL6{G@FH{vg@Zi0by@*nR9(g%3(nn+*kme&Bbqich_0)0ap`&}*jZN}$kNBsu+ zkhb&t8vMJiNBawVv|rt${XlCR`jDXW{95dHS=4W!&+N-~l@ZUk;NKw;zqjK1MQpM2 z`#StPJmUTJ_;(a!%6WP1`Q^eGc^xa~5A?lyy3m09yg_iU)b>(RjJBhuL82K==Qbo>Qidb4u`%SchWKx~(gZp6QCYzu52#IgD6O%fB? zR=rv6kRzMwEi9Qn4}y2M!e6L0-ra`y33+!rLQv#*ciQ8fgyU&=9f0F0xhYDDiUVeQ zy?28yIw3ARbOM23$Aiggp+BpW!%wlgI>Qfeh9BSzKS154{#6b?Kq8{ZJ3>U2h-elf z{J(e~ha-$bL^8S{$t!k3fBG}X%XUHr{TWJsM$oe?y33}!Jo+<^{*3qbowySU=*<-R zQ$&ACz4yYbg^YEHIb`or5>)|GL3f#s{g`Mm)c!Zq}&#(>f z5<3T8W#_{C>^%62oew{<3*lFG33|v&Ssc5J4P=)y54)0$Vpp-TY@?K;7K`&CIl?z!pZ8LIBNsmhdJtYymPTQ$W(XW zom;&Nhw&gZ*$R!0-3ssQR%lS%>fPAtI7sS-)4|Yz>0s(G7cVC<#^|TCi@o1)e8RjX zI-Ir_67a9C8vFeLE_J8ci8@Bg_yf+s!0Whsfh|NeAno5;pr)$cPPiczn{^auUb^1i z0SN`Vb(^X`n5x~0H0pT&8Wb+^=Nha2E<1I9TMqz$DBKG>7j{8c zC)`t@O8in)rU=4MOVzT|5!X(5C{-hd>8V;5JeJ)FPp0Z&v@Nc@1}b|4lG(d3jJ=24 z_y7)PAHqcTFDPUmIb6YEo#{+fA6K7{)0wJ1iId>+?kRgZQ`M)Xg;k+IPFuxsGUUWG zI2_GCaYdI?)PS>FaFU!p9%H+L6$p(Wk3iE>`Xu!8?t6iy$z26D{ z>N%zceYhSml|*|gVJTtiv+8s9RMul38gV2-JO2qtp$jtplZW7oikv4v&AAhwtg)Z; zpde2LoezR!o(2Or1~Pnz9F}ZUG79JO>I-sOBb`Z)RA0n!gGs95WN3!B!fn?4#8W6X z1T?|&j-BvjVcKR$#^Jx&2wDd#@b>+o6aJf)IC3kpwF~xibiYm>HB!^uG`7t(-I4}!r}Djn@!LcpCbKOzndMeIgZHrBtqh`0J`9neJ&u7xY9%M-|bymYdRO*X8_=^G&}k~vBpvd3!VLAb-GWDr!Z zeLH0<4Dl{RfJz;P1nC>Q-FDyiJ6UGOzP;XzWR~5rghFuC^$?3Hc~BIiT`f zaPu*c!1Ex5ABMTW;V_twhY>sL0jWQDwmmGBl;&R4P7d^MZL*Ra$0TDFz{iEZbnu$}xY zb|3#Udx>AdzUEi5|M081$+tS@^i3GAzNG#gX|WsDt1nA?;bzm-e*k^Z^fVZvzCwz{ zUV_2utMrzAZ96nZ8f7UUH&N5%GpT?JU=Zwu0ZcVdv7-VR16Y3(wffOY3A;^cDvJ z=fOp=73dq4@56U^{SE`%?;J6C1P()uhgROYI39olz z?70J7@=n3vUcuo}A>c`&z{^5~w*?0M!VMpZIQR~)KZ`gfL_E_(0&|JJY=}r^!$m*l z6)7xV^k+q406SU?WYr>-Ef#64Rt#~XkyTKn{!?0#N1<4KOPzHsdz0F1yC*uC84}B_pfjwm^&90_NFO*RYyBeb!yjh5m4E@4r#+{AIckSf# zYhi%ZH9|eESGJ*#z6q&N;mzq}w>_9`1v;vr=XX@(Jc;%e?{-j~1h1W2tlzu6ISb2o zvP1%XUvH??q;n_30E0cU3Bxh``FKd{cCtt8Q0waJyUUerNRE7{#&rA^s6qciSBvZ? z!eAu(OvL3VFhwP#iFq(u%!hoj5DLX2m?jp(OmQsC5ywG|I35;=T39T6aI9Dc%S0WV zApFoEmcuHs0@_6YP83aWrf7!qL@Qh(f^em1gKI=P+#=S%onk$7iIY)hPDPzL-I4b~ zNLSyIG4in(oW8BTgLkW7p875_l-T%+W29fSl1ItV>0s`KG@btDGjxQS^p85l);haI zbM2*nGSuvovB>tJB9vL1mLuJRe2^}UcJz-O|U1hC|H3xNz`Q4R{z_9F)!;3_9Z zJtelGtd50aFoO-TA|L$@h;vZ`&O;5j2&MmG7%MJ;0&yu!5tpI#Uk+8`N@T?*m@BS= zd1527;%XiIsBk+fk+M84Dq)c$+nNSr#Gjx4=P+I65R+x9~cnl+m3=Qd)RCtJkPB|S9bN^fpx#+gtIGkeVVI&h2Yp^vx$ zlElq0P;@}1xD5^$x8uzJ3e&~kphVn-Lbx4fi5*ZO?soKlmOW2W+u4pKn63UxQo#+S z>PIA2a_$MB?S&+kGN{+oIep#Pp8A6bi;P|+%_%#Si{vX_E8>1>eu}aYqZxX66J&?N z@nrT2#^5r|A0903JekdL}`5uvc&7) z6>q{3;w_jU-hoNtU9{WpJN!z=zS3c#2S}D7GR>*Tp78{5N4T?opbYtq_}Cp%Scq~} zoIavvPwygIVe`Y&>)&&F6irx6`~>5Wky}7b+h*me&pUG(MCBgwCC=$9l)4ZRv^bE#OK|jNb~T7q#q*`5n*?TW^7c^h6gq4}AD_NB1UYV&jm8Ab!D#?ZJut ziWA$54EhZjv=64Bs!vlmlq&+}Dhl`%73vk;F)NuUYBXUYaKI7Hfck}8-=V1|Vjd)? zK7g?}V-F-ov8gu1CN|$Dz#SxJg=u^%rVCM%JuICV<4xbzlPuQjB>6hdo1V=6L+N+8 z-T>od1FZw94~;m7$bydUYtq9aUkS-Ltu!=*gTbu~fn;SU3{i%`P-P^HQ$`^rGhv33 ziLR1SkqxQ((H@V#Z8&)RRwav-vh z1sFcro8HC#TYe}FBSXTZ${q>G?ElT7(i11yae1cWiIqp=EHDh0eF>#FkV>%70P1d-x4@ZISy7UJ~&NT1{?7DXS`ma z)WKH854)6lctBYWPb(|n1Em2zRT|+Nr5S!uT40~D$}#BGFkQKnDgaOcvm7pW+gyGC zitM+$U}glDM?ykeVKMs+MqmcdidiK_uJOMB&xm*i@saME{)G*j@4MtW7{H5Sa&{+I zrX+gumGq43VOE%u1A9_3AN^d4w~M>-l@w(YxU)riCpYg*QL^!xxP>&!wSlva?%nAb zTQMDUTB__$Z;H~%`)z_gmdmI^cjfSg&k>^Odb|nQ}dBRBnK4l^fwYNC&MD|-8oUzmA*o`2VBYn&`)^~vXn<4S9ui1Dv!Yt%9BXdr;w^oBUPV8 zsy+t`l;<63A89*y0lAQ6-#Hl!$a!E2#rSDbRfeaLs$`Ijl1LR3 zQW1JnnxbS}hp|OYCoiR*IVs8pg{93sU})Wa6DcLe(cPOnK-|mKg*hTc>EdPKnI1(u zXViEMaua}#-Nvgakfshm{tiT48U*9iG#IaDz$A4rhRjqC8Vcp=Fqp3nhn4C`Xi-N& zo0D1tJ$WyCeta=PgQ0E|N zYM@x13l-`jNrq$5*x>(5!^3fELj5n*grupmo{hzT)w&yukSv3ZvvLSmqy8ibR}4vZ zyMa(>L6PLj0HyCfNC9%o1G~}cE0nF^FZ^HB>K><~#kLM?wNsW^hn%uZ-2#2m61^DQ zrX^-?mFbH^v_wzX0?8ysJs#pzA7rY_;7GL=Wu_jJ;Xs7a&a$VM2}2{47A0UX1@e7a zR1!lU|FrN{3apJaoL2M_Wt}gZy!(@2?1Ja4_4JqV53erJ=rTWF4^8kooK32dozuk^ z^@=`>6eDr!b+ndvPKtp6MjwKns@%-hb+9Y&-KeeblUH=|Z_NEwU*YLih`$l=+kCsZiufmq71M!y1 z;DfWNgNZGY`ARZ0bkj)7gWZiCa1yq5a-4m;@t5a%sK<+&9(MBP4p@M{Fx4rcG1wOy zA=jz~4mr@265TZM!PIgi46uGBA{@+)ToTUL2kPCi?=TF_^iJODMFZ9@CqHG2J%@FO zI(0g!z~xOO>R;dlbt9}&x4>HUIyhOq9?nE*yimOvu0Sc?tlk1!)Z3s#y&ZO| z+u&(+2Rw)J{0buQ77FCM>Mr<9-3{NX_rR~}eGCIZ2@M zeS#gKKFKDi&#+SUSvE_3o>izXuzBiBY?=BhYf%5mTGZEBPbq=<`abJWKVWyLAF}Q0N9>Kqb_KW&6+pGS^6^ppM+aqH!jgOE;B?U}ASp5~q5f0;q^amP@=1h74ox9QN zNXQt3x-d9<5C4*VD1`LiFj}Q5>hr%rUvd$B_d*&=+6%*2(&)VyStO;WCC4RVvJ%JR z`(?Sbcr$4a)o3%KEDC+W%(f_xBMuld@!IsnVOwBMdSd1lC{N~pD$r8YO)$s~yizq8 zbDe6%Tm@S66o>e{maOy!G}b$O#99XE{YbD*vS_J?ekG3`Sf^T;kO0*^zkh+yHfW32XFh z{Dm5Q1V*gqpyiis-58KWxJaqEXazbzO^iqMWWNCf3}bw}Sc)8nij28mTnGF;B`!T= zRB>95bijw$3XSS5*!4UO72S)j_`-aX7HSkSvu2993Eg-y|FcAafbmNU;=S3EwTbYiHW|Luros1G5$w^XGo}?Y zLn~o@v{E)uo56-?Gudcu7CTZ~%%*9_vPx|UtI?LS#oF=Ar}^0lT0LvjR~^!tewTa)Xrw#Xy>w@wDY)2JD>O0F618VB0gHXj31_5&L?PB@B-~hK2^JlmuVY$ zxpp%I*y%zG$ey$vKzoMKJn~AIM;dx zU$Q0Alu*!6>lmq8bsvTvOy2FWiXwQ|4OJA{;~g0;h3+txp*@+4(MXZu(!j^LG+a6a z*|*YM8E_)|T$(T!oWeemA+5FB@&riR3%N22%KQydEW5Q2k{KDU0n^y8P=xPUP7(4a zSxXwY7c|z532*`}74gkXhgrJDtW~4uWhWWe$*mTyJ;3{*X&c4+q@aO|T2!nH)!@Wi zh`WySI2;viYdMu;Hld2`;Mb#7$WG=rb@C3{8?=MphKc=OtzyuXbrb?znM;(p)f3KPsh-s z`}!Eg)$R+atlE9HU2{Gqoh;hy{ZwIHvI^@tq$;e1Mo0H{Oe5~A%q2sOwpf)D@E_s? zC?xZwsHqB?9y6EB1%XIaQq&D9OP|}(eUCjsSRWBgPo3NWIW%Dy6)}%K);tp3_%^bX zynpbAG`(@TDHt!cV(+V@pW2+As!6swi$;vYG$0&R?G`jpw?eXZJ7j3vV5Igp@M_y( zthNKDX?MXaZ70muI^j5N7x=aN(MUZ2=V%YYMcTu#QF{ap)1%O(JqGt{kHbUSQ}BfL zG`y@m18-^1!Ux)O@VWL6_(ppLe$`%OiuO;IsJ+Hgv^SVXdy`Gl-a$k4E}Nmf$I7%1 z*=+42wn+P!wQ8TRwc4lbB<*u{hV}(JSNk`+K>LbarG3M$)xKrdY2UNkwIA4a?MK$7 z{g*we{luQuer7Lfzo3EI!`{^Pu@ALw_8F?&zjeWW&=uCLt9+2IbB}KDQM!wd)8nK8 zngu$W2H#2b7i3oc)$cV_xT@f|bX)wwvkznvL zi0LU>MlqxR`Xm|gNk$^x3Ce=udD43of4UOmj6O+m?!-~}>Sq`brSdIom7NyfYL{Oh zBe|`}LAkA@;=(~?Azw{VN#^qKf6*rSjp|l&S z^0-}|dfY2_m!^bwrn)g8dWzyXN_^13lx-oaV3i2VJ7BGCcV=$I*f5zt)5!;yXVcz} zF8r7-Byg0yjtKnb%{*UT+3XZ^1BN74*}CFj#MkD5VUsC#6AZL@7lBl(l}*Yr!u#GIp9>(|_DT zLzx^#QfZdAO|#tcV`=1;AE2M;mOJIP>0H@~?)qDI z==;nKygOaFzWeg+5k=1KvuJa6_o-H^p<5x@x?8-}UIwa zkAc+5m@b|UY5E2jrJo5?^|PQm3}44*k9l_{VLd@Z$j&^Ib!42;||duwCkD%+;8t9N`u=p-6_xY2RG)d47s78 zWMq`EzDE2ob4Zl(*EsU=p}qHIiM@%sP+s{5yZOfqcJqHTc!;YNk(;#BXooic58WwS z!RR}&0}~1Uz0|`WoyCHmERC%6=63O4dP>*rNUXm?hJFXk*Z&5`>UTy=G_-hPz+8KG zPXOk1{sH(^xz5+U`+K-V9KMEyyW$fqOJ zH}b&YZ_XhI1$biglF56{z*Ddv_0+uRBOmE;%0qtvedLP~@HGd%X2Xwy%Kv6VJqn)@ zSqyJ>4(k*~Pq?oj{;x)m&v4)x%H6hoH8hvzj@sA8=@YE>2(|VIL!Dy;Ib9-7GO~J=7U`s5K?J)8cv!y;5nghi|xH>!*Fa<5__1HLq?G}j~!-Xagt4dtehvwP|B(frc`Osrz-6AKz!3vgg!wN@+n3W zpF^hpMFc&v9GtT3O&fTp#XFKLfW=3l^rK^M^6g_%hBsNH#F+j!$n|d{&I}p7&J1z- zmw4?nL$htk49zH646um%da_8hrWHOlMkl90|2{%g)0}yvNp3O(o-F#=z-vPXk{sY^ z7PSy~#=(a9DS})P$Byh_=ov8%v8Qhc+5^t9XEWFtaEKg643%;-BKAnXMoeh1GtyxD z*db>pvXkr`{JSh$&(38Pv}Z(5ODv*TI$4aeSBjJHK5M7&db>n!2b<`iaaiQ4F-w#C z-mkDX>|->SkKM-EAo}9{5d=bXiTn=u!GTc_wetL0T4K31c45TWQ>?M4b-;a2zv8HV zTb$@mluBR3Q>Ex0hVRah$Pmn#5irXvm`8WO3a4vj6wIU35^J_Xp=Il-dsRgDIac?Y z4jAoppC8rT3@@6ad09x&b0_P(me#W9Rvb(9L*2^|PzNMdhJWQgNLzJu)`ScS>D>!( zILdq+a3ckDBNgI}L6BmkL8_4s9wP%r7=t0x@W51KD3lt*;3#7_R2d^+fiV(}HAX?L zkqIk|ELdrH;S3`i&NXu25+fI`Fvh@UBM-J3hrtcTIJnn10$wxn;T>ZFd~8gF&y6GD zTcZGeFebrI#$?vVn8MPHsceKXjb#}{EYFzE4mXNfzER35jhSq|aTGh&n9b^qD%NDo zWkF*eTWic`C*l2Rcz+h&pJOZtD*-##IiGy49l&sQww4gFl#h9-P6v1fWDgiJAZ^Hi zQ3DJmsa#j@HKT0FrA|^uayKhYLNN-SKMwut=gQ4$!+ETT4R&F^_OLoBt= zW~6trE7D0)b8Jbq6BaRTdz65N6P7qHNhYN!*(eM>j`bMzpc*S6&ImxVaRLl5RzkYb z02xLTj5C^Hnz0IwHd5rid1J2G=MGI9+x8*3qGtb;b=B)Gsh87?7Z zb4Wo=}V61U16d2dTWaAc?ZrloG#_dpTY=ecyZdhvE1Ivv2puxBwT8#%obr_nG zvs1Cj7T`Eoq4kkgJP~T`jmrIDiI#{WufR~4Bi*!$l+M?Z=zzUEI8S~}w$l3AIlBkY z85GbVZ)TTZ>2SMf0iXq@G^0-xv8Ox5)>R0b4njX4gV?@8R-owlYFc8}R+twe-SDl@ z&znQ>W0yEXzVBd(k$Vy76HK-fL36{PU~O*1?j1J?k=&b1C;G}N0rh}abJPnAmlhdCzpY{e*-kA*>yHYN#&&1}s1VB5!!cSSTMQaI8)j$&QSJ1Q zvRUuc>+CNo6hdM*)ovn`O-p5@YI(Z2U=JoUdm$ZdTf$a^$Ap9^ zMVu&(v=kBX*Xd*jzgjvXL7S`OX6?mtN06GLZiG1GGugAjO1=_R@I2Zscy^!*qRM#I zCR+JZlf~mv`>>QLv?&6$`^m{2-8WflCa4ba_}r?iUy`v&ZV498(2Ak5QMy0gJ~?e8 zjHE3|o?cGwxdhyv*e348qqRwN+JxGs+;Lk?-oXnGu>%A9FTi7MO zTv%Z2ghtxycsH!E-X(eO6?fsgujIQmsfIi}{^wMKcJq9)u)y^M5MeIw6kl6kk!ekJ zJp^AA#5v~RJ2Eq>G&4WYZCt1LFIoq(Q6?dh;k4XCuT9&2nH|phezMpb^~Rg(-XZp- znn($SAzuj@qQmO>as>>g;}1opJvA^v#+8au;3g8sNfO5qiK(URrMT#iNq_pJx_2vm zHQ0_~`x7%+A9f2o!H#CjP~DcXI=b?D-ppI^ximYh04f1oV?lL|1Ko8vxLx^>=$Z)q zT}Q%jR{@N2O@bp_g)qfc1T$UJp~_VPi(I8}tZN1w@0taER~aok_;I)e>%ZD6BZXR&Yo*iP3S>>1ac>>sY}>~+@; z_MYo5_KWLouDEt`m#dQxckSW@u6y`Q*M0mb*ZsW4^)O%TdgT8#b}jH#6zBdwdv^Dn zotY&G;e;IWCgGI_P=O#v3>6UM4FY16TB#4Ticr87d1xtG6)A#1C6q^smC&j*f+Rt( zmtqZSt?jj~*Ve18wpFX8UbQM%ko$eJdp3!+zhC`HGCMmvGrRN6H~;S$>sqhfTIfAv zE%uIEOTDM9TfJwkZC>CP{66yOe4pl=VlBSVh`9yM^91t=0l0L=p*m&R7~_@_yVT;>Sn8I!y&=VMtZ~apuJo*h zgf@@46_D1_a5QDzio&3d8B}DD{+`>1<5}QX-wnO=;T!};yTsbGGF)sh4n%$O4b1^2jQnC=Obeo7N%rDVRy_HsT!PtQ}b zPXIvUY=s`q>1>1uEY4H|=FHBACb*HE3=>`M#_=}57U|Q-rm|u!dA#fMY_vX$B-^q( zSA)Z<4l|s!KCjPGnjxXDvsl1Zl&*IfmD&5^&OKaaU&p+Y&@>4zXA({F3{5ib4mgE^ zE~mtlD1iPWIwd$$)2Iww6CX{<6z#k^Q!HvgRRQ}2mtEgF6-)h&;sqh#!wi_0^(ExmVaFD4>@@dd!pTo&C zxQ6rMM7-BKC}tBwOnI3{46mghnMWqK(@{vjs$1;ZIn<08HSt3hn(ra0=Kc)F!X6AD zj`dsOST90(FA=x;9dWByP~iO$CEjbO@?OUf@6W`s{z4qX8;?tcqf+AqnT6lUY`h_J@Q&<` z_hlYV%APnQ3q?0sEK;&W6w6Z4M^=bx*+&eM{Y0JYZ@9y5k`?OUxmC2QY+OU7YO}vK z)BdlaUFxDC+_`bQ0qqWS2N8Ejg(b=46M>|31d@h^3i3QLz#VM%@I-tVjW_!eP?F)$R*@!eRCxKfDakbfFYFg|GQ#(O=L-&*Ef$HN_ zt~rQwlK~BNBz*t(b#C5hXz7E-3sU7m-O9EmbnhjKX@gX9A|v8B^sn)XV9ZCud>4oQ(zY65K57af`eRtL0qWCBKAC^2^vE=S6~i3JLd|F!W(( zxXcop!(}eVitz4KOm~Mwc948{L5Li$O@0Vpb5)Ml<;&j|3mp)h5^zj7tX%~9VpkKV zV7Nz8w@AkeSz64ktV%hw0#nm*yVh+IRsaqOI>lP7?1zkc@mbR|Cuanz=--7#UkXg1 zeQcIL`KpnxF581ealX2bu3|&!UV^V~ z=X-PaU{wm*&Y5ZfroQ8DJYptyKi`sR?uVueR6^q`fBOW$IG#ptdPs?X_JnbD#b8L(UWS zzWP|onOSdF&1|!q(~4oP-I7u%+rZr7@I~_I{p~}++t8U&X}8!%I{bmgVFvAkn-Q1G zpyhI8$rZHyRv};Bir(@z^p~q?``v*n<(;@r-h~_F-MC492Va-#X}jHvm2v}amm6`X zybo*TCfp}CV~gB^t+D})avSmY?_rPJj(u_m_RF0(D0kxt`2c=O0J~l8#dGq9_>FuB zugZtUyH}&%i@@PMLZ*46)(!y#UJIL z#Jln@;zN1DvgO|`EkCjf9N)_wuq1%!#MLy+}dvNBg02)ds%T_Pdd}O$L))UTD`iM^rqW0LimMqb1+y9!3Z@J zY%)PsB z#Ep)x_c;+&^#>~R9b>#BGavn;_FtBZW|fMDb>iBgpi68YYEdKj%;2I+Mjz@^k^U)f z@IhIkY=Pe6+dmTpY)wnU&H*OSSE88IMg}aeUv03fWLbQ0J!GMW5A21%aa2g_lI8B`yC{CpfIfP4$+jjRx=ax5Y{}`gHilfm zAT#MT>4#=heh*iNL;oo6sqL868nS^NwDA^ze}6{5ompr315xI$l!odQ^v6aB&!A?EjfAFpw4&Zx z3jJAaBp?8XB7@k68uxE)iB17yQ0*uHci4h|cNyi(&ei88h*oz}=vg*EmaQ_sxs@1g z`bG*=EOfl;5h_2oi{c$H4h5|=#_7dZ=J!UN&I`AAS}`uZB^go33oL&#E&sA82gtsQ z4r_Bjdv1I9+`ODm+%U<>ok1(D5tN|3N!s{$rR$>-Hw+XbjpQci8xD1g zMPX6dCeIwyVU<_PXO7w4*qJ~%mN?=1E4gI&CT5&Be6J6G*jqz%=2#GF(7R4H7X z$d~%8IW5pZ7F@&?()g5*RHzC2sji?G1U5HILA)!h`$6tr(9L5Dat;r_F<5}s15YbEKHEPG+1}=FxgbL6#sRqKgldYRAcVNd zQWCjaofXfI`dTcVDaIk=np&F0<3d;t*3rV|9W%UKhqSa0Rr(lzSJ(onUIv7^o_UU9 zYDY0Qne0zR@=b)jVLcst9R2qehQl|Laks)XboyIF>l6F1)OAks6E}R((~066@N+R_ zaEn)@iX)7jC|_4lvQ5Z4-1wYICI0Z4+Ir6hdjRBW-v@hy<kjuH!4S;Fx`jW`J(Bx1QTK!q+EvEuTz4AoHD+~&Rjes3{ZQ7v%+aB+K|bdc z&_-hT-L(@%8v$ra>KwcsbXyaPy9GR^Bc#%e0 z;--1bWxGZPVUH>z36c2vg;{2?iMQKG1~}^+K3bFX_`4g-@TQ4~>p8)qHK?saTG+)+ zPTRL|cg{tmNkg+l*%J(EFJ6ksI2#^^A*Vm_l;?bdKk>^`<4VzU?t=ZI`O-<6SER&a zt)sm6c$xT^Ql^ZsslmOzsf4KTxTSM3vtVe)phq43xbQPUF#MfXKwvg(QBSy)H{jog zsM1+TxdK#!K%H>;HS-C&I77o|u+L8?Rj7Ka6ku`e)n%=Ol3zzGNO} zA;M`sLQ3b}2B9`6gpURL0A0FTWw?kd=K=ec?ZQ+GAw$-0p{h6_ zE~h1fHd{0>r+6z@Dn@a)9P?O75TbU2ZsZbm*?+#NSb{>O(eJ?&-3Hm#x7PM_Wz1MX z;7qWt@G%Zu^s9l|C&m>+&}L;L+mojG?N>`R58Ps5G*nthYE_XsQqb<)L9JOCtJiD> zVkNEolAOEl>$A8}n4p3WQ}=AtiEX~jl@^Z3A12$$<|{}#u=-htP=db_Cj?4%y{46? zw#C=t{JsD3+nXzol<8}6JVFjq`#{U~2t|Cp%Vgs7{;&aDa{|-aI7Zgq zGdB%#L{`Vsa)t^udLB_EvIzxp(6cSTJf{|t_4f8TeN;7#{EbXKWq^RX=PI~4BT$zU zwe17*_Uevy_$*YF6Eo)naqyv&x{qp5tQ#o#X`pqHVvwinSM&N=H(Ary^~GoP7gWE3 z7b)tCj_I|DZ5LLwf){}IZe~F7OYCF3W?!59(WKX>gzwPy3>IuZ1)1gwpsZx>T@z1dBjg#pcoIVv#`jW)YS&=)KoLDR`#F% zB%Nd%1vWkFd!BBiZFA?Lc~JApZwqGd#RW0EfJt9NFaErUC+`jBziEnqTcH|0Ce8|U z;n~eq^63)ze@7I=G_k#?9S4{V${c*OQl3&OxrBjoNg*M3eyT(h=k6e~Yu_}>;M^)# zO$*$ECp!tedIS139O`OrVR@I%0I9#QBDik_c7GWxzDUybeT$Itu+XPJ3q4E9Uu&hy z?`&tCV0I9s-#qSlQGQ)Xb>Fei8I#B+^n{x@P>z2tWtq&Xx6Q_Nv4Y5Ny8}GQc&e7t zJDky*h)c3(lfc=XhhxyCEPtUiH%}UgOpGAveJLf6eW+($P}$n6;DpE)ZImu%yElS& z4P;!6zOH1*L@E}Ijeky`)8s547C)}=zwYoS_uwpjffRm52~j=Ik#0w_f1zj{`KGvB zsA!$ojzoRIP~EvYhbyUJbiF7Pj3O5ghHFKjJw09{S5`v)RMo}AIi`(9dCL!a%=69> zV`gsQQ4Ac7u?@WgPt!17ZFER+s)gY8-r)v5WpGpl;7X6c7AL5O&|D9?Og0b1vB1IV zPic!QbB4o=RK6u@8>+T&xE5!Xr(3Y}VmT~xyhz0c`u=L(3BUfrU$+b)G+D%6|E%{c zVh54PPfJAOZlf!5&&#VJ0yAeIE0dbHnM^mFj0F>haO4Dc0`r27iW8Oz5X$JqytW-|Mwf{Q zF!C8uE2m3+pTb~{b^esYYQj*4&$_qZOY7WtaFg4MtC{X9B>#S;Z>0vz zO&<;_C09Hfq_2=rZWeBo8eL3oD#sPDmK`amvqd}+Q+v%bs>tzL3f{466ceitbMM_t zxYL)#qX!7NPGb<}6?`3B8;LyG^>0eFw6Z5i!S7$c%zt=`|2s*E^8Ymi{y*NLww=-u zx=;7z>sn7LT7x=FIvD~HFJuIHrL$lGzJH-jem$H-X?((#Ae+&%)h4&4!Fqo5;&$R2 zW0rYYfwBkux!plzU>%HnmD$nX7o?~XtL1whsluM_T@n|q!c&*>G` zFK6&xmrfiJKmd|PGAA^Em_vynqv;u9Q_3$bhMSWF+Qh7a>&yh)rU;qkJK)Hy>XSD> z0Ke+%Iyir@G%!(kekHvHi2F$GYzLJWFceYBfCiT}c(?CsX*bFt&*wzX!PFH2eg=kz6tP5fp zScuNmCY964uGZ@s{52e5P@Lr3#lcE?_m^#~v2a$QJ2DmovXi88?c4-4)#KLB@+_*= zZKc1jV+S(P@FT|D8ToEd8Nid|BPrQHI9KO7m`iN!1*iPBTeE3~vMpQYtt#at&0w1~ z2#WMiDcG+Zkw5@{>#4&>jM0B{=A_KC ztH>W+Yv7iyltcvOxdOHT(o6cAU7Tw!!>x82PANnOvE3&5G8p<-~>I8(Pg zjqG-8imA<(*p&WKbYHz1y5yY$u^sVG8?U^iH_USnFIwEsCE9bFHfm%#jlW-w0T5HC zDNNHut{JQHtOWTf`0-hFwNyhgxh-fhSr!R$yG9eYO^)*(#}8%P(7;hk-yFNlb*-0! zAz{V*&A%|-avvA$rpj|+A+?3cP-&!`tfIfzXgh=V6j?IQA4(KN$JZAr2j0nwYXWs7 zo@vpJQNdi<1l~FzlA#W_>Pcs8iUyg8o+8qwy{TR1Q!mCSqp$2fXs#|?la{IK=WUjg zLTH1aUH)b^Dhy{N%xH%w!61TzHByNzvIs4_vH%>xh;BcE&~4e0NnA0pi8mgRNa0-R zxBe5YSTWc^IbheUM17LUT^(stHJn&A-@xazdY}1MuCH2&XkR3%bd#Ik2lF@d#jPY4 zs2@}g2A#jjYu!Pcx=+kvmZqjT0%+vlH!i&HfV@VYtF~Wr_q*g>2#UqW3W{1)_VrP(&ybps95oTO5BylVT?a8ufeoAyGR=fdWLR70MFzR{2TyTuC zh5g()1>`8#9sb4ZV-UuuwcIGnCyM$Lt^UcW)ib(6T-KpZM!yr~IkDqfXyJK{f+|OW z)z%XD>uMkDV~jIL1as&&e(CHw$1_jt077%Z34}Xyg|R#sa<3eMK;@zac)dfVtlLOr z58>EULIu-{6q1B0`;jG`nWNC|LthSTti~vMz2iH7``LdWhP;BXjX6J~7+wn|r)Cqx zHz@|&J|FxtjF~ft#2L_+GUu{R-IJfrKF>n(}7wLAw-z00{nkj1$7 zL8ZMfWITX~uGIv&rzzKxUTxeC-bGk~O1PLGEQE7f^8&0QaS+fFtqBv+*G{-O_!eGJ z_V|JPz%N<)WCo7s@pG225zsRw9vUl~QV#@sECawqFRRZFa!HR58>5PPtZfYvQ~Mg= z&26VFQ(ZA!H!w-yvO{Zgie`n(w-@P(^v`cRzIHe2qo>@}8dK#fmeX2Fh^wxvslCbW zZaSzc3SmZ88bV031*>44#Pl<9?A;ma2p}-7j&(!B7eIM2yds-$l~AlsQ03^|l&sKIcP}=dR|Ml`xS~te*R33F@exZO+}|D;Z2{)k%S55!KtMuHW-N zBwy}(4W}`xZO|pKKLu!x22s$EN)XfL2!I*#tf~PKbBidVC2+qj6yfpxX$y;dpmz5D zg7PSGTEnY`;wXyZaw=l?-J!g&ZKm?ywItt~@8*-(WokEkGYZV#ZC6{z$ zvt%%6*(`0ax{D;(S7&LS6al`Y*StbB&OuS`l!#EL=~f@z*<`n9rnc;Au4I;_UK^YW z)e;>P5^%D^sm3R&9&-=V9pd286^)IAukxVO{t&7AZh67J(JzK8SwK|#Cj8fKDF1py zx*p`$uMnvJv=sg$c39fn#@t%}e{uzj)HIc}me9YR=;#LQ{(z?rf~A7DK}F&l63n3? z#Ix}Uf#=0i#+~aQ|4Nvg#5aWjm$$4~T4$+hwxHEn&n=smv?wCcld5>ykEp7E?W$Vh zadxh9scNRR-l^A`x6N^6o0KxpTWU&OGkyAc{`TGR-FUy<4zcY9&PDG5>kS~l?Su%I zC#a>UE-A2Q#Nke39w`84gx^Y-BwDa2x7O9HDJEeO%r(L+nN;y>4zA|9E5zX*tz%^5 zFnKyN6w$IALzNRvkk^!ynt>t?(R{;%1=Vn_bNwmi&uC?o3dQK}*35&r;~UlG@vzIU(+CF-H1) z-3|jbasFrtqIy8VuinYD*?V&_GBOu!&Fk zNzI{=(U9>R6LZp{m`^?cNh5*-cNtkES1w0sIX4#`-VZO}2h_J#G@{H{W(tIXZnK3J zJ^UERk{@k+X5j3V@KB3A!agQVtuW^SERCQ%i$(vCkX4q*Qdw+ZK|zdK0AVvM!dcYb zWbe2FCy#sCuC#lao7!q8-T^=WG61)K|$ogay(%@r-qJ|@3@?z=;Q>P%H9?{C= zkl|0=n&ndmcR6ErP@u87h;Ze}36#vD)`lQmmZqN;vUvH^C)>vY-YL}HP@*lE!C{}mSCnbHuur~Z z=XGfv`qMR1qzBs$EU}>C<{`Bla+*lV4Z-85vtFlqS`O?eZ?jRN*RzQt_I%!MUiD@# zw=3sKQXL}>YXN>X1|1D5s6hfRQ87$E1r`JfqA@VPU_l~8Tb>4F%&d-Dq9H(N!D4it z$4_0DzR6dX=prC#9V-M&d76S>+9-fWSgL+^e}LoX7Za*2X-1=f&y2KCJ|+qs zMEe~c-9nwCx;IvH!l8NGU9m4U!{))XC4KquLmc>k!JE>(RP2?V(c#Jm7`An4KwQ3= zEFl0l2VvDr6DBAly+1E<8m&;_O`K9$z+RJUF;>Q;Az9ASO|)R~%^WzVZvenY($ZEn zBx~){;i>@wCuz(!?^1%nqI?OFr)1aOD|}pS0r^ec{+IYv?q>F)OmFG(r!8MC`c{g)q6`G0Rb_=!CLl zuwABZf)1XBRZPQ^0?dwh^eRs(?o#yk#Xcm{a-$1LY`Lhyk1HvUA_u=EZOH5kYJef} zj^v2dGcgmt0m1Q!21z};Ji`5h97TZcO8AuV>R&EF%ui$}LhRbOyv?H6OkotCt(iWyp@7X9*!Nc6EEN-76F z!}}-F);Qe~r3;JbcaSRsN~`#u9Lpbw5En z${SEQ)+!bX$fp`@iAy}7vUv8D^{4t#5h&yD5@{%thKwk!T-)7oH~e@e{q-%F2Mwa= zqXoqYCy)^7-HXlbxdjCuE*<|Nw(tFlddCG}kUqY7hv#$_y{ zPVq_Itp$|4P;(;KaeA$Wm%Jj?AKgNAgQ&^siqbZXme}rQBtDH>b{4RX>FPvFmbrd1 zc`=g3ENb&94|@KdIF3?M7jT_bgGySJ4t3QSCU`PgSylLXMpC^zl5+?W|Nec(GA&$- zKmpU+B6fq>Y4ic1Y|kKAD78)(A?vSUP9WPkZ^~A2+sWRqmQY$i-z}NOh@jGXBm%}F zsvbyW6F~o&%FHiOs)c#z%#a=6h@CwGi8Ad>GwlpB{mbHxx}L1Rg}nnHTb<(Wt#&zt zk>|x537+StA+JH}$>GAa7N|yV{?0J5KuJ{!Wp72RCrK?KIEcRv7)#gvPTOl{&5KkN zy%E8tTYU1SS@^6lt*k zc7}c9*0{XJbErU1PkaEi>INo?e2o`+-B}pFMk31$0{~|8Qs5gm!#-UIxGTu{Fu2J`&AbYlo+$_1$XJ zxZOz&y*oNz3jn2xS6$W~8>r@HjrUZ7;rX+v6GZ(2k3!t-7xm^w59 zW@XW0dOG$BnYJ-sB-UHcVDd+hhzn_yURgCWUgN*rLqj_zmz$RZPE8@P0z@|`W%WP7HBOXf!+(Zq4{8-4#AIQ5Hn87&VKEr!6jmlit zauPJWtaQCsAn_%sgS>!*hMA5=f=EUoNJgQr7ClZ3VaoI&7^ko-uc_@Ip1EL8VNRyH zjiR=6(@(A8$U~z^gzOgQ_!A7BW-sFuaf%e1$)b1Ikn20)Iz7g%PPRVA2490)qnM#b z)q>9lFE&>C3;gymPg?iqSl6FV+%wPL?HIxRU(ulhUb5Gs8k+&~^sxiqG%4SASYJyI zMMFJ8cBP3hw}(kGq^#>WZd-SJIZ0NYsKPTx1(SE~EhK2oBp0M6v?3NJx1)!bi(H}? zUjqvjLW6ZeM5FQpCiHIVGyI_Fhf)92HXQGt94TpA zBV#L>pU;2UP(kw2k^_85nMZu7N=tEfFN$ySl*5l^b-u#NL!_)(5;OPXO%o~)${!5Buk-Zs|5|D?K zoadB}U@VJnl2O$i;~q?{k0Yor%r<`Mh_=DjNmsY1O#!vt7H}j+T%W-UW8^Ufnx3j* z1hnFvU7nv4o86^~J|M%iRX+s>W{q%$7TjfWf!j3R-nM-3>+KXXI9$Tu)yo>kNWlEj zK`TeoKTdrn9%6C^+>H9vu&BQ^E58x`hxJRB5jr&NBvro&NSB`s%we&Jq1ODfJvgCTwBpULU%Ys}}EYOWu{K&*AbH)zdS1}BjJ zIyL1oT*~PG7>H^=IQIYDK>SA(yR4m)xvh=9)xUq+fB&*XOW6fEw2|)+=;kB`d#&Km zKl!bYa(w*8U<^*(X?hIxKw-2Jnsuv96U*Q}q`GGLgmHtgyCDobCykSH^po`oj_zMQ zCtN8DJH9?&0JmT@L{9if{Awbs9%#eNC6#8?#hHtnio&kWM@dAC>-%aB6Sbs_cIQGkc5_o7z+5vtn3oqFVNW>70GTnl+x?Uv zdqRQR>y;s4VRZyrP(S6U*e-02wPq(Q#EqWrbab2@S8mqioq@GAnEa)y;Z1wR54LB;=)O~tu zbJ$Y{U#)J@7y zTaA$EDo1x$JiJ#3Mrmbl(oKAW(|af}l{8E|ey}j}606|K`s+yU4U#?8@bMUV6 z*LZdrtPzpUJ-s786Yp#V}x)^ezU-4{eg;Z2cgNT;H zh=M2=K%UD^y{;@~&E%QfCFtJhACxx0SW%yn*(YW}SXC}|jX{~AcJ+id1fiOQT2H)e zZ@W&t(!lnbffLTX)(1hobA+~icY#FH^bNkj?>fe&2WKG17;^qcQ!Pm3b5!$^`bppa zP92k{6NR&%w2ApK9sc*!A^9hz`yV$i|D8PXTQ&=Pa6vP}Hda^(jpk;rw(9~H#d#h0`3Y)Z?5h+;t`zC+zsmUN(uDOn@g!< z8y_Kz^Vu&5Wtj3oxHTJ9EPFPdS1O6OvU>bxMI%^|ad$}-m5^zSFaAg?MkcD;XCN7F zc14V*MBmDNXzU#w6!KKx?Tn8?!})N;fttn}Tj1+VY4^39-t}8f%a{cf)>Te@EBzDO zcu&p{E|~>ci`!Vbt1n-eVCg0#>#Fi+#0?-7O14gZkcA~e%r|Dc=5#M*HbrO-qhg`4 zxb@x}rsExTIb9#py(ytcvi+s6S{xRPOm!-YYM;>p3Q9W$2 zg4zmkQ3QJCw$rXj5zgiNCmKM(>Vjhc$A5&C|3BW$(Ed|&C>q-f+S)i7+c+uO85et^IK1~YrnGq4cQB+#I}LnI*~!9eKIlj>TH zyw{m=pT5t$&+hWRDFFVZ&4wuQ3mL+nfB2cahuhIZn$?wI%(cPxES=TTV=F!7dY5JPvc^XQZ0qrf%}*QcYA*v7m3Zm7fbI4GrR<$FIud z6Q#PR(~|XCOUCsZF^dQ%y-VyZue3IHUQsRJY-Z>>62l)9-(eF?R+@{3@r$)gfdO6~ z#?eO*f!IK@Qk@IK2AJ~&B`zM+WhL)-mQ2IJ;1ukC9E_nautAnRKre@mcZ@we=r|J< zdC%-U$Fa^#YH=_w6Fh}iV>~SqI8Fw`>8J4%^Gfsc_wk#0-YSt+jJ`OIt>|#DW1u9} z8fX?+C6vo3CUBwJS}Z(RRr>9Xw(IZlh0k#`7!_C>gJ;Z+f-84n9He`=S%NF!t{ys4 z%oUgdbpFgefV<4RM5`g78S7O2hHqunMLT})(sl&1zMkDn=d9*9>E8n$`n zPB<9^bL?hNE{N7l5re0UA%jr1burU`V^8c>StOD=(*>3!^b!fXV}?{vTNI|bSgB_X&uPm&GjIbs zeRNEvS%Bc*yk|AyY&w(a3lQz>vV zA`F2}OlfAtWH5gp4EVIZ-$x2zb>aym6943g#pav^eF^mT7$EuxMlNgKb)ZW5>-C!r zh(qB2!6?VgGQoO)xdHd9Oh6M%2H=z@aDruqNDnN156Bk%#U4{RNRBb!L>XwWP_>8q zFI`rERyyPa{`G4L{6DSQ#Q%3){x3C-Qn6G-QpNC@o@9cyE+7PhctDevIu35A04IUk zH%36LC&ZA4vs2ATL(w$#5R;9`&Dgp;&i)AW601}y|GT6_EEk4s$$QiCnTZ=q`wC3% z=sv9vq~B^KEuFJ)<6bl4$^N;s)9nki>+WTM7g!q|3Jxs|ppvIBjpQ$2(v3l76wXhd zP~qlx0Bq9}fO7RN}DFnu3<{ zQ>wfF%L6=JbBgl``e-yUS`grUMU1kC_GKE{wU0b{-B@%)-)|cPGKHcA`-YqmOp3w71WVpr`4rGCGmZAj9f0YJ<4N3=~QB1`v)}34)1e+X#RNen@STXTy7@Z=sDMmg7v+t|v{@C`!Ar_z8UnfXt3)47 z)J8Yu&c&dZ-NF&ox%HsEbxCct)6JOH!sXGIS@p8X`9Nin++De!ZbGyPJJ(-K>55Ab zaa+2DwmPyZl@w{`>ZpV3%>*?NmPD-e_PgM+Hsi^x$IDz2!;J08SL??Q-o7ULz^JyP zw)h4H_ruyPF(tpYe&IE_q&{4WLoHs0F^p=CNx_@ugK)y>qa1A%8um^p4R$$*mYFq2 z2zhLIY*#QZ_crsYs`My|aheUGj=eW!jF?2LHnSj!se^W3!H4Wgc;u}}zLnyuzE^sc zvRB}fN=n78Zj?1b1*u-FJFbzLIftb<<~DyE5B4O%4>T}*iW~du{J#pv>p=K5Ts+p@ z$YbzvCE}Lg1Z(%y4@TcDW}g~k)3BAR1D)D zNUX201;8{maRk)e($WeH$zL!Xz&?CtOk3aBPr-C|a8n6e+@F%C?tHETZcfw<-E?Aj~XrJV_rQRj;>U ziv{|WPrw`s%X7k)-$>HBc}HEbFXzuWRjb~eaPPlCK?(N|<4ZEQzWH}@myzq*8-=+z zi_v^NLJx_WiaH1+UlsuCFy`p+fua$D4QF4QO!WRF9;}9-g5Uiz#O`lk^J8L-Ovdg(D zTcYhfMWSf)Q?p2cQ0m4GHIFAku2XWHTlpbxL@Z)t^puJK-*$}y?Ykh+isDJr#{sNDuS7B;o8$eG}uqbL&ee_Gi7u@p@4 z=knX?AJ3#wO45pos%Snk*Qnt9JVX|OdZoC5Kw{G55ES91)EEXEY;-{~6U1%9nzl9! zV^IdE*r*@i9jESoi~Ec(OjJh3ofcQ?GgIJ8cc4#SS3R@J>so2?3F2%Sv|)h^CEYia>A!IZ&9RlNAo zZmR5Oi%L5SyJ;N(bI+1g2XZrCVh7#Isbt;tQWq}!uNh=I~u<|zMFon_E`ps*FM^lbps@%!fp?IsS??P(yw&mEFp84em65@YD5Es`+KnUw=eEqS z1UgSkJ-hGwr~BNDFl#!Ht0@thfgROscmYK zu72ZqD1O{2oytK-8r#QNnYahYF`h*7dr$l6PY*}mdB1MfAR9TjAv_{i$!;QVSod^u zxgU!DE)%TIv4gfk6Eei;lCBx@KJXjV!-t=Z3fBO+7lyr`vT=w@*jw5gG*prkIqVOS z@XKWw*Vi!h>G+QW5VT*jV9yA$msot zCmdFu+tpRv-p>WZ=GwLACi7;5+cSsz`R#in*U^_Tvj>3@ zYo;ulRH2^gyhv6wYqjNIM5loeo&w2|f|bl#>zu)!GJTEVibz`w`Btv(>OJaCYB~dq z>bAX(>Te=~9}Wy>40(tvP`G(WIJ(i%-)azSWRkl}!LwXVzByLPjCsukI!ejW7k-!) zAQD2HmD?wGa=(MCnn$dadO&1n@n@W42RGdUjO)z9NCVtU?t1B;p@6)>;97gqg=5J? zQ=k|;g9Ntgr%qNg2&EUMfHMXO0?B{X5a5)@m_|gdg&i<0IkLCTu`k#9n(I#f8g-sI zdU1;EigB_l_2Xt;x6Naa#U2WR)+H;IY@D~*Kov#z7*FXF_!(&Y?#%u+{b+NHZ;A`o z=E>kuP|5TSQVMErxIx#a#q*${ZdUE1+e(hdYTi+#$*?V8FFS&no0>x_Sm!*tRRA=SV%E7MH+2Avfc@&Dr5u;d=h~X!Q}Y z4A41Ktq|>8Sl1o>|zR20tONXV_V# z|J$*|8+T!N2v+mSgNGBn$x0wV4I>Q(e7)x*z=%1AQ1Fo~pdyRU2uQR8u7R*7lTI;u z*u+yknq3d?hry1K*?*<@i3IYAR6Csp=EWg~C(CnS!zl5@?&@U_kD#g;R;&X>E5kG+ z=#@!!9Z9Y@KK4>G}G3~Sl zT%@Crc=O)c){*<+Kc^v{W~leL;`{AR-=84`LNe_rCk$f|UeGq(cS@BTOpWqNd{c{^ z#Ey$fN9LIIg)%|;(*=Y!(~`{LHmaSx$`Ge3Z(}VIjdzdLgk|zVS`4-qk@Dc2L+8$T zWVopAOPIWR#e*_@<8WrkPTgcH176GpH|c`(_~`quM31MUDa!b9SoJ{vQ=HN;#kOxI>)kESDXPD?v6STb>ilz~5yqja+T7qa!8i|E658Uk^Stt^ zo>HKOYB{U*BKE{cAZfY|D~fdQS4X@~wJAQ;(6AwYW^?UQgdqzu&Z|Jr4+*u!rJ^aU z%M%2lLzXmn5Q2Q^(4x!a_xQg`dSVe{23d98c2GX9-*T1| zdsOZFsg?S$zNG^lnR6DTo-;8Y)5qwa2KGEdB`k_NS2e^q`*0m`F#?U0&Mr0}|1owX z-7F4AWZa)$V_ZeFhA2fycD#dQ?te1{v=7*X;xs$n?6;Y=zMNy%&g^*R{kO**F)4~l z@#Ary{=EPD4G8@|$*hvCrLoO_aJiF|b`&v{k-liaFG;o<%@0MXsja9beE0+@zsv&g zqRK=BHSk3S0@|%?PLro-Y-}`2WvAH+4g!4tz>Wtndfx`QKunHCcE6*(tdySE0OS>p zr>1qZJ#W5e{fKa;=l9FS%FZt-L-t4hx{0R)-8{9B$GFOL94=w{B#`zodqQ0 zf#&jHJMQ3a^ohDbDnYz#vXESYLcGd7B&J{`)Xu|dd(sOIe@+AQtPDd@?xhBs1$Zbb z+Rw~oI}myE>}RSv@#9LS5vI;RKEZO_ruQCmrH&8{w@~tmYA$clBbLh`HRFhBbiYB3 zWdxxN?=Hnh5Rd3|2Hk-NFlcrO21b1W$;7^d7iuw~0Pp&_54z);p-q{+J&$l$g-Plv z^%C_<8~7bj@1C=qvg<^8@2qkS67+u)yLSOZZ$J*v6 zVy_Emh#A`s(0srq0@8zfQVaxh#2|66+Sjf>r{>xg+%`QMc^@46SOaD9Fw^N3$f!BI z2SiPfg%2ZX3B7?gc$cG`=R3H>0crjOBC^l%U40B|M5&clD$L6zRZ#K@-e_GgS;a3^ z%1w^ncCo((jl4E2tOw^d>WW z84}f-qRmRge8BlFj)BOeaP^p})nF|^#+#pFjVt6`h3rg}zV45a;S;#MdSMja^_pq* zWMA+Xh|#n4^<7`%qzt52bx}?C0HeFl*((C7yCB`mw~zuhMkxqRQL2gz?KR^mm4GuI z1p*~REI58g2{%vbTYp{kj-G<;8TMaVpI>+L3-)JI7xo{u{vQjx|EJpgw|A>#t%#wD zOnXB;~{ml#psm8nMVuNeRn(%$${@dA+q6*c|FY1fQAWZm@HZGHt#Xf&%$ zpBW|K#d!_nUaK`f&obd?%uK?sh>C#v_#$8!rivL;%fEnWDbWR52sSmV(WLkorA}*) zQcOXGC~fwFq9x32)U)5G$FY;n>f+pt{FzzR_Qow}vn(Y1b%Al?>W)tVOL~iQ*Tt4US;` z*h({x_cev60znqlAvjMVPwK{KU4lCpKoLzZ=@aRL`znu8+uYyc&ah8oEaM@KD1xm~ z99Q;T$ROQ$)R=;`w{A{i*U-Caxahg)9KK3th-plgO_u75 zzf=xZCI}tXSuer2%xrG8NPo_z~*zW9Z_L@Tf5btnlRu0cEm4$I@db?Z+}{ z#IOjq1?yAy!>vFK=X?9b&I^;W$nFOuO7x)yR7Ef`QU!wVn}jf1$m+A2^N|P@lEj~x z!Uvsn5Nl6}_QCa4O2qg-G=_Ia=S{y;igOlNhptXCx9scuUk`Cs7*{{7OH#EZv}_^0)d{#Vfm@BavN{yzg{l#+(Sh9KgXvNQfh z9M*`~=Dem@+pB#3JO)q*Z^p20J}Ur;@jCPXX+8Ynxco@6*=|-&|82hjcw<&GLnr+} zj6Q3J_C$3;@za3$%PGeW+X;uskDFK7P3#U;*R_Wlx!gUlETbNQgUu z>1l@dfOAD7ZDciTHbN!6p#7UWCf%SCA!8(;K`PsE>%mS7*WMKEGGa;iN-YeUY7j>W zV8tW9-?bAvfES%3Z=ycCJ8rdNm24M&J`0D<@>U4b6F0%X{EwVr2BLsOl$Q7VJ9 zSZ*S23nk4Rj#ZvOkN^rJ<-Qer zMilUX<20=6$|Lk+RhLIIQsTV}JZp@LVrRu3SLaOZwZgWef4Wp*9J5YAn|L?2K=xtx zg_Gt>2Vi(>?*1RBiCMH`8JTQ6m`tXpCqR6^<#cjwXZa zHp4O0ZliXmhNIgCM&SUQOy;?Dy_Cj39HsK+{JOzF;r8jTkmN3~)e-}%2j>a~R4Xr* zZ0rvtbs+*{bJ7_k3sTAK_94SldjZ7qxsxPDJpEsC0cgUR*R;{V@X6T1bcQ<12PGg} zQjd6-<7K}q;g#xBGv)J-F0$EB^=@JAE11C6I>i%Q;%5}?W3REbu)4|}iA;~gBuK}yDQgyT9s<46oj zwm(whh%Cg=h$uIH0>2?Iu$=mdX_heNgQy-r%4qym`(8b0zl#bfBol;+omBkHe8P9W zkM4eGwj^yd_yv3w&R)CV`QzboT)&Pec2Hl(Y(8kI697H#z{sm0yH0`m8^;xp{?GPb z1xXkOP3+xS{%Ck*!V#b}U-&n#(T8{65_os-a3yxT8J*Xj-!#peHxLbl zMs>H458&NL_QF6W$>hJRd55Ip?W5csAs9#_P$LEt_~CQp7==bx5L}RR5?}~&w23$C zg*!CzS1f@q@Vn^Kx_eXVOEK!(?(oath@b9o~;+Q!y)M0bS@u8H!D+Zluo+L;h<2l1J~4h( z6!8ws#I$3vFxmIKw2~HTBPV(zW)rIr97;*dRtCT)Xu|>Oh~jezkSFt#vZ5zK6>3ei zAuf`dwRhCVXqN>UiIfEbS4*VOsM9Iq1>(qLT{Z@MaFQ;8mSNR1T5z*|*$Kr#60g03 zMi@ByaeDWx*_RJOt8p5TZSrk>wf5;@1@{9WW>7)s?+F`DLUWJPdFr5$>$@@igqyLS~IW4Rt7e-}ZD*s16* z0AvOukh9hc#nvamn8FK*rBtTp#~ZGob{sGOv&H_}b&k5Bc?fDNRjWN^Q?!F8q`t=2 zLpz}FJiEvjKWpO)<)#|DxY^GW72GeMEnkv9yPsy0iapIhvUD^L8PLy@CiT?Jor&1+ zKh#bgVhYqzwSAm}-57h-c6KWjUJ=cNO1UY)c2UEa-Ab6X3YDXVN7Z&vZOl1ehM$|d zbbHKOh7sPolpgD`-ndIk+)BYM9K7~jC}JG7+-JB7eg`H9uDd%9no$H*x}RGj1XMT* zq0OQ56qdV+Qu*p#1Tglwa6o)?zXJ8{jQMVi zaiRCjz8yN)9TDk$L$sug&s@2Cprn30pf~c)^D=G~qi9)#j>IXi)g#JFb$nSpN$9RGI(VZgY@)3j3mgar>XTHXc?U2>WRaSO3*Piu+Ud z1~yhS295?aE)I^aH2>7KtK+{*``=|#z=!x%yw%*87~v}lKoct7qNxnzRkl~8 zKVSIU3@(b>>PH1wlW5=wihn)4x#L3!3;V}3e>d5@xE%|!U^(-|@q;Cdz5jmQA@m|= z7sB!}0#HSv?n6Q(pP(i;MlSF&LtTp-j3n`AbDbnl!TJzu;+`sF=6NnPWiW?xB1;6zbORb$x#5z7> zC~2q;5d@d@&6h8_q9c?`&zEHa#dDB1z4JiQM7Vf73IJE_V%Y_U#oNAF50u$|_g1cJ z!WAh$=bb?qwPdApA_ENQpWWL%K+0`2oML|UWs|oR7l5nRlc5cJj4=$JN0qPhQL;iL zW|rEuU5vqYVc?t8zwZh{79_4VS=EnsT4x};gdPE?OciT*Fa?@)J_j9oYtzuzDg=*x z@m6f_5TLOsePOMjs|PKot(&QLR;vPoohCZPDQsQ{j&4X)*jm0fDp6JRP{@M8&C<8s zq&sRAsQsmCLh9o#vekz@nQA|azbD)901XEj%h#|O4PUvX%EsaJWucKU!ghTIo4X3i zaMDX`a~u5Yf6|T8izEBdBP{33t)hE`XfED!N^WpGqLqw3I4V2BJx5ULSoxY7;+Wk9iE4AfT`ucEU?w zUm}E`({USWqgVs%su|LSeYc63wf{YiLTgkM#l9@cQ=DE?_0a*xoHl%6JC z?chfOMWYV0*3vv?xL&py8s0v3cy#`>`Zm#e-iE-2;)Y`T4YX@bomXdTRdh^M>b0$P z9;II&hzZnyK5EiaEo8x_iX!5eSEw^=R4Ugyt3h99Efj;Bn+nQ?3`X4p#gFh;nM5!B1o3{V1yPAb3NAJ^y1O-eg z^R>YvNil%C9Psw@GoNnO?C;haWpv5K8HR-phK3_hAN83KM*x1m*id?B~pg{eH zA~>UFd2<9qf&>AJuiY(LV!Fg|X9q>~l?O^|^lCSg@&%vlm)de;WU^iXJf#3zB*SR1 zEwjIaJzY61k-~^0REV;L{d@!rslP>XTHkr3 zGSMKb5FI`8u#sfotr}p?fq2O>nrb+u&Pr2yVVuYqem2AbHFUWtc|1?nB8j|=yyiznv zYeYot<#yD!&Q&e8UY90pHW*T(6um7`S6$D4W)XZ$5(VolfqHtPoCLT%m`<%$yJyLH zzC0LOK}=xy1+$<>ASuw$3P#%86VE#qh(lBTeN54m@?or6>eRp5C@vv1B3O3K^1M&pW>QY8&@dARtM|}r$hMguj5oR` ziFXM#T(+^D!8MJUt29F<;klO2(MWXlXlJ!pyc#D*vvgW9H+Ej0O@<6{d8%)t*Itd{ z^e|5sIPN5I(YthkEOv1;QD$67aT~(%0O48=12q~bs~Cr9roP0oR&ZunU*1APgDL1t z^!(g^uha2PWW|Wxp&aG${_}Pj601U&v-0|k@cVR+HB;O~x+hRH>;$wZ_|ME-4mvdV z$nMSN;~oWf$SH6pFX#xUBRpLue#bkVHW|Amb zuCYTSM1G7;V+MB7L}T)^SJ@*3rs~L^i4`~(IDHjAbW^0Pvf7wh7(-rew7V=(d=dc2 zik;;sKrVJ1dmV0E#}Sno7Bbw7@GKW+9D1p(t?j(V#3!-Pd-cXE7Y6{YI+I;O&odg ze0>I^M=@dD+z^GQwo#cq>Hwh!Yg1Vv8ci{xSViFu`P%DupDd`r$}0ppzl#|)n3Nk- zM6uB(3TxFX=M|}4+<4|TBJn!11mcTrPAK{bKy<_>)m6T1gBFC5?%Kf<)|_FXA-nSz z5Vfc?&KTWu*~{{cisXtN8CJ)56I2zBynFY=3DuLcI6?*-_Yn~vje+YXc5g@=&p>=@ZQPONMUvV_+1HQ}OH zRK$za%~8Da=!qH1SsK>Sy3(%=mF}zkLAju!pJ!wR#o{O?E|^CcB3RYr>H>MyU;p@y zTz_egYyKE&8UO3vjsK9~{sm%W_3Ryt42Ax8DAS}gVUHn%$VC;!SkGC9^%loU97YK= zJAt+zcw1|S8;+SM8eVsZ(lKXB2`o&oBuSCn;`s}w7p7JZuAEe$4zz>vl{kFgSweZO z9-*YPU+KEr>!W+R%|+ek@56}1ua{aBp08q_NgT-vs6 zQ!r@#70nh8Ou_Euk5zY@r)OQs1s|IYk;&TT8Ne+Y*WsP>SOZq)O4n=F4!L$z)izei z+8#dg3ER=Q{j|;Ps-=tJOl3BPuWd#rsu{}8_lgTqhVaZBGtTI#YkAwLR9EJvm+9YX={K{utv!~TuV%) zSHZIt8)PxPk4A4SKXSeI*VuhmFqFspdnUa+Y*TOr@U!SPs#onuAi4mo$OzOVV z)%Ri}M#`Ann~kX?{r7(Kus6>RKCB$dwQ8la=JR9~hV$r50CX#pjay4QY*M7Js4E6S zag-@|A!v511id||9mpYvqfRp7pEt=)?M`%Zc;B-qAB0eRMN>s~KC}e(yAaes+1Qhx zw+^{sCb~Z~PXWqeH#y7X&A710zN{Q>gv^key+Xw&qP~PxbE4S{$ zFeD{ek@%CLYVk9`vN>R8s1wHCLxfjp1e3`Q zHMT?;87SwOs`?O(Uxa}d`>aW<{Zo``#D_;6jo^)ZXKmLS#CMo?Tukz^94$_f?-7dt@OW_f4}XuT9f=51Gi<5=l9};E>I&`td^>rM!PyY(Ri>jG z|AoT2L)v*I?0CJTQw@%FD5=CgXJhU$sH0i(LG^#DO_%6+&@i+KegiW-f=lpcUI zG(Pb|e@k60$Kr!2V(KtwKvY{hGjwFYZ)1L=>3Ghf6)`vq?|9yJeM^npZDzp!X&geq zvA=0M$&T51%W7cp`TKX{<`?pvst}+YP#xmFD6M8gXR>urvNvp?R#r!z_I0okOXGk* z@L>Jb`X0CdfyUdgr@r%(^~7Aj?1`~NjcYR6dbUQqO1nY(hdb4yl}k^Jom;7mjgqz- zPvzKEByJcSkU2O?to~?bU(;2y6wmGyo+paB5=|m*B(cD|I%KsB)uTLI=lm~@80OHp>5@mqladslpWgFMVDQ1M*FqT_TjyqztA=gjAm@Oy@kY@V zSFdM6o8JIe0tpK26H6!?!z|HOb6f^uxa5XwyA3ehZhX+W+VrlG0By3vW?*al{6pNF}w ziH0X&j##Ph}^5$`6(IB3b7%beC=)Ro|*2sDjTLHS5VhJTKi{0n+6KM`0E5<{(Wz&YdE;T{WA9OF&*n35Ug-OnW3czM!Fos~+C!=Vn;TTe1;& z3>{~eQcIOD$;uL%nZEc-9p=Edm0h_`*hz9$JASY#!5J_Pg_N`vWyFhpcyw3c9nE#s zq(l=@0u5K_@qvC6oQMA^9{(o?>->Mm!TyK(Z1i&gzn+7U z!jG-cQOMHB>Ie7yo3cq#F;l=)LgcbRHAO||SIswMpo?gL)vyaQhHVJdgM>}wWgIR- zQ$J;0U`V^hLuhHW3A5Pbd7V>5Rx(eDA0n4(6tDQi_=1w)x{)eD3l{Uo3HJ8d={m{k zcs`i%q5g#2b@oK&19d|0XFs3AwN@wQ67Ptvqrq zv*ae2oi*WTUZJVwW_KLSWRegj%g7Vzqi-0NrM7Z+o)#M>PM-}WhJwSIngwDmc2Fa@ zDvC0wRspvi;cVE2GOVQB13GUYFkXgNRRFk@-9MgcG~y&>Nq}!w8Ub$vGhKsoiBZWv z8qO2C6`GkQ^}Ig8oFR7`16`lX%To|RQ3k8jF89efOFPg6ZB$+Bbm2Tw16r6s0#p_< z2$xg4sn3jEDbN@&$Fd+igj&hv-87rPXuFJ|m|8hgjllp^R=kenNrYcjkFJiR%Q7>V zq*$GHq;FO%)GO#MCUSFibv2c&a%E09bLF%`V76GzH=wYFH&qgKo@Q08J%cguk)#If zpHsBN_eb4Fhi7-MmCF4HKZ7;Jf0*-sO4Ncsja=46_4CtU+$=9ZX#s0gqNvTMPiDB9 z0$mg`ARBvt7Q2`Bt5&CzJ-nW`YcVW-a8z?hlUtSxEQ(v43-Lgm)ts9^>4I}fVQ89o zIMoe-L4K7ag?h0+sAp~R$xUp&ulHuUgkP;~HIy(rz(qm&NtYkQUgLcM)9m@Blef3f zrBm#t!2ldLf9o6Vg{r@7-l!SdLO-PKmqbnz@o{*KZl@M47;iQh3OVQPN5%Bsa_)(g z4+6wYBiDGyYa1o5J%u`y8vO^=#N_>nvUa*AY<-I|z(ICoz%|fF7mF$#t%dyRgCs`P zj0TN^u*_wGq5bHb4lCvWY`LzgeJ&mSHVR=*y-Hm|IhfH&a{M}}iwt5Yo6u2 zc^vneTf5pfYp%i-O(Xm!McH@2A$|DLY~(Qor_Yt8iNV_-(oB6?8^ovHF zwh&2O~7dk{n_vxeB!mWLeUPj+Sa}sG6_LH0L>{!YNT@ zqQZuW{w-P6#Q_iR2Q_Oq9~h3T$hi^Fw

*~3ZZ&|G z_Tr>sp33;!L2E@Yn<(B<3>3sF148~Fg|yN@x0UINq$k@SyS z;%{=eBPbkU=~kn}fpptS_rgfwh0P9|1D|;A8Lga>+P5!<*?zAlOYQ-EIcwYe1kNkp z0e<)F{@BfRBFbR>aG)o74Fi8oIuAbK?Q;x0op-=eSn*5mWTYjzharC$88R304M_-` z6Lh^e-*B5_<^)K429=QqHy2b@HKRdM=k+r05+AJeJ5SQ#nOs2S!Oe=mx2Ld?S$o~A zn2gU5ZOF7(UMK8(C9A{#qMCgH!LZeS*H?5-WF?Yc2eYa)#%W=WV4u^Yyx=;iOi;)B zp^R_3y;O=YkJZP&&xeb~r1!K%&1%9DX zG$rrj-|ng_7*NrQei_f%er2-%(k1xkEXMu+mc{-(Rb|C{+s`SY4d?LY;uqmE?j}y1 z6svqg#Wgr2?52w&ry%oll+Ew+WjH`6uOz<^%Q6_Q$qj=Iqj&}Jq1tOJLdh>3OK*HS z;CpheXzrG!xNFqqoQ+xLzVmF3F zpN--Jf7WSRpJn(?H*;gB~D9bnQ5H2be$YgaS00$=C z7wf87mFW?i)-B`@RWG5#ouu!D4NxJnV z7>~aCmXeb}LyB)7D!3S2o*A8?wuJt1=?CebU-j{>T?hTg_`x!_qnE~e$_BWeBFZhf6eamq*z$DB3P&6c>RkXm^64@jqQMw{&=@98M-iep2QdSjNXo@42 z6e1~l0{Ki}*C>0E^O$kMAhwW`e>hD+r5t1Uj5V7@MM2}xgGc9OGLr!D?tA%IRDvtlj&av zr<{?4ypi3P^@ov(nTS2W#q6icf5fD^js~g*+K0R(3vn7!Sb(}tku*EmD9EN@Z1_+A zughB~L*=eeCM-O%yQU<0PiHaLh>bNaRn5umo*wl!4^6&B3VM2WPuyv6ZFLwGh+~-z z7CH7;S8K1CtUaH1d%r;#wkL@Aj$^lzb^>#Zev>|wm1C8ssbFXjSZQVS{V2<5=O3Cu z#vPS}Vse2ksjtEvul&-CDIFprb8#U7(-PJc$0UKf2}n{|$WNcLk#4?K9J3KuYLJF$ zD_LN#618tk3$U_5he2VpDMk??Ys2^JqznL~n<-#I38nDJeNfRd zYpN}FSQCZnT4vnwi_~z4C0+-S5Dhnj;l_~RNXW8mf@@6YdZ}R1A231*$t{KttPf=; zpK3Za;cD;lnr3Ruw3gLryG=J=)u7R;vOEK4^(%l2Q861hrqx~*>6){^eBtU!CzIhk z4B!gz(J$b{@;pUVSW5;RiZ-Icb-js+l~rPoUj&nt>C~&uGk`M*R*vC_f(D|V7r@tt(PJ3>YbQOjEBrHqu zH3hY3D%{8#vOPOE)0Bgx>eRtG+GTqwi9~jsBen(>sH(jU>C{e#$#>T*VG8LT9CPx? zu`jRzeuD-B%tfa`wZl-!19x$n+YMAxP`W=q^6Y1ZcHN&~q4A2M#AWNosH9~R$yzE)fk^21QBDOMDP-@8`iVP)bEtXlTO<&RtW#YS*0x~-qr4MuzE#QlZ0hRT z1c1%7bf#qxvFX_P8NwQ1L9x^P(iR7#kH&{nCC4?cL z->JT56|bs;`${O>Ej}Oq0_lR;N;nH0R!pkP&{~ae=F*59Y*`aaEs7Ee17Y zwiwq3eLz?r{k_Y!I_o|*iKn{Yqgs~UC=(17408WZVN!kVi6qZ4DK@g+7KhP5yQ+$r zy?Z``6uZ%2gr;LW>)AH2wVj)U0h4U-*W_M-8S>c)1aIMk#Tlna!G{Jl0`UR?5nO&&c>Qoqt7g{8HupZs z-IRw+LY$}Ig}O!4ar_ZhJ&ODJZ-^iUWug)F!OKt%v*0STR*T$PO1t# z0?n;Xr^wGsULS}qQcN_59oNa@pDf*S;=Ke-RZ|Y>Jk)B5?|-+kIp-5MpJ_aJ#&mMs zK)vbZ&1@aVQyuh(Zgs{WW_EMSuvVu@kZD|q_E>(as#fCzP{p8@uVN9-9g}*U8&c=* zd?Q>c!OIS9ar3De9QX$H!US+IlyWgI0(oT-2YYhh9Y$xkH$P(a>6nb?AmfE zAN7H{7h!+fA4m}ZjVPWY`=)f7wgG{xF1$LOnZ~{4-py@c{&Kgpr~!hSIz|L+1qMYU zkYV4_zM*)!%#z*9?zEvEjdE1_zJS0Xic;D(@DVm zHafQS6Uf^uoJ)!a92ea`9v_Pl%5k)Am9|HaEYDQ-KUEaX!`U_qN^w`1 zfE-~(cWqbXpYl+oD9}qGjiju{2@H(R=;QygAbFf}_%NIS2a1+5b6Rlk8l8#h{k-c0 zz$Sq$?LUG((Xj&*C`<=P%!b;$Rir?7r^uyED-W3Q%B29+0^3s@5}sP4BNwuiV?MiD zrlBeH094l}`GcJmELwh2;g;@Od$ZLDxU}@OTUllk>c?rt{@U9DQr3(1xfB9>0i^mJ zhL<)nfEiObGyGmT2rArnUuycJqz;EuJ2FfG*lwu#Kg4bh~XnX>d;ToO9!4K*Ckkt{R2#yxUod% zL_*xi#NU**FE~z9G@i?Q=>WKt5N(Qm#TeyaNG2nMz`0gDnPS4ys=G@guoHM_MRXw!$?A zX>1M0r~r7#_}!CTG<-c>MAJsfmg6~#{wICsS%{>6_tEjjbnb`ct7DL@m<*NX((34qyU_1DdgUk8e!|l2)2?6 zl;=ttHrT6P!?C*dJ2w9H8FZymxv#_)<3&+ED-?Wn62|_`T=}I!X}?>bq`Y2W%%}|d z2Tny*#PA8{1KH9w zipR(0e|31vIzkBjy+2nXK#MP=P)biY>AY*1So3&ESA)tXbk8fzqphQfkNPG;Q&=Uv zM_zhA0LiU?12RmyZr!p`p6wwUy+Bmb5LY>LW7(BplN~E^86TXMo!Z1&K4CpPj7=~2 zX7h`607=6So>3v-BJ7=Mf4qFC8wSpvyCQ(Ik$MjGo;Ae&3t!jiQDXF*=9>AJoEzW# zE)UM7T8dFx@*TEmuJ`5Xpc<1phHK3)toSXncMs41)bBGhUccY+6JTKo{kC2#EbFj) zZ|2tZ_a9FEJH+=L?F5wMnF%s7C1UE=f=c-*bKSi2R{x`?-+rL}FIErV#=B$Ir)ul) zM0C$yW|mMYsiDj+x9Bc;V%<@xPq-z?En3r$7l6j!jxck>V<>H?&G6scDiP7opa!=q z;Wp$mHz18waGE(kg=Z*B4SE-m7$}FcbGe<~snaKzPebJiDcWI~J*uwvsYk46huZYR zol^*$E@BZcMdYJVoxky#!YRS6y&=_!B4tCsTEgyNvNT$KwedG~!AHIe%q+g>zg+|Wl!H^C7=@EU^tiR*l9a5cu7Jr9%tc4lz-o_Wp0nv=6 zcpD#AN-l^cBt;*5jvkYKH6{5Am-RiXrdFj`mzTk;(pzX3OVUMPpid*Bhmyx?{?Fgm zL<3azJsw}i*kQ4L1eGngUE5riB-1eIIm+Hg6M7178kQ^TAbryE+@9dcM+Rn8niTRk zNu_O*HJ@JYvZrS9GRP;o?b_ZrNxFJJ6Hvri3JI&ep+{2mx^N3Fk^UpXeC_BEf*;y% z7i%-S1w%POvc$V3u|$rw&$yE0;zin0bkJF5>B2bN`ktH~C3+Ud#W~7|+^%(HF6)M_ z#$19OIK?Z{HF$9OG+YWfQ$A|q(q%DVWeTr$$S`~((%BUJO~wY9Ij(GKu^%wr}m&AIByMu8%+p+?Shp+EhK`si<1lJri%bGbFAG^=Jw^Drl2p0sdcn472FiEX_mOWywUf%__ z_PjTrrtWI+1VFb@INbOx|Oz)_0D8FeZA zPRHJ0wyUr>3e6)@$)THLvfaOX@ryfl>9I+{ggs6+<5dQqLZhytwJ@^-V`Y{ZvV~U* zO*UqzKQ^jnyUU0?6OZaNIchcc%+%>G6^{yU!_%5A z6|VyR)$C22W7Yeq_4Ok8)}t{JcncWLw~a3T{2tK(t^BLAW0VaZc#8;trOGdB6L*br zJ-FE>1=8^l`V2nM=imfVhOU7#NKPuzOL_v?NG^6gYL04@W=tq`!m?&_aIbfGp$_!T) zW(qSit>A01Wb(;#4XE4(#9&^=#qOpof;BOf4_5($eh&!16^qLIV zD6l&0jXNwDT$s&Ql88>LNZ|UQ_dg|LU>zSk8%tX=|7MD-O1fG8{%Rj z!zWq{E5hBae_~c2E@lAy1GH2kTjOlf8JtvxmVgdb0c}ON^Ko=DF^%Do5F)mdf9$Es z0eI2&CXVg!mRLbjO#iqWh16b9Rv*z$Nz1WEs79ob)SvYPx5X!vXgzW7t=yBry7Mq~$ zzKEL@yW;RysGE~KMg{a0N6_kKsqObhBE8-{K*Vixo>A&UYLj!MQP2l`(0e4ntOG4T z1!+1aymUfy!J!`QXJShD8oL)3;m$DOVh9|IjkbF=OO{acZ8U)U?@5`fwD2WT@s;V= zf_q{^$u7ffCmz8;+Xej7vIx-ZlEsO5y+F_^+K}@S6*Kb{JyT`a4V%r|cq$O*F_ccd z_(EwSPW#UI%?LgwG#5xufa9bo=&d?n@-x$DZQ5F6M&OU)T5h&X*jZ2#$0C6LkLZdY z&2tdcF)9p$m-mcJNN8D922d@QjlRIfrFCocAv91?h|Q|x!8RwGRcs3vjw_I2{>#V{ zJ-K5;$zyU7GsUpu*E9{2^ytmKjK@nwir@KWYA3hTic1CBBpz+MJ+&$u>A~?yp1k*9 zMDW(-7DKdID~+Wr#9uOPsT&rDLh_Hzxs}P zt?4SSf551uzdyR}HAIZCQwiB%0;wL=7I=VkXE|yn`DH--uxLoI=bSp~-hsOiQ`R5% z3uQ$$l4;QT!g4=DL3LrsBDo2aqp|gb7AV>w+Ne`wcFYl-QtC_=NV*N|DW$@0u(Vie z*lP7>s<$y#&mjVu0J}NL7h;Hwx_LMCelmlE!dBbRHb-!;{)oS0Dl7$|!w+r@1DR7R z+R+*YhUO}dmeGo`JGOro?BNG3g;alE@XYw!F_Q1uC9Nf`yv%SNNkG8 zA9GYOr$5QILJoLh1ZM5oz4n#)--78C;kwW!u;02$tr6hhQ;Ym8(LQ#P2zy>!>Zblh zvwCmKVa5Z&Nat%_oWveBXg18@&31;SjMi^3_RUyaifV>Ov}rUE+XMY`8{r51Zb6vS zLdot{<>eAO7W(Hw#c`7u^b-28^rnF~lCP1^-`gYRJE=$Yn~H1PNJ78*7NGmbHS-}<^Zo zE-(A1Jmd`Ww;^55ocPyTgTo4~eoPN-h8B?mTK2XHU2rvU040yjI;75!QeFH zZwuf`R!JqW98YoL?Fki;=qfBvljPFY47B3BP6?_+f_ z^EmRWn?OcbQ0DyZsQt#73(F}r!r|~ha`-;+3ongfL;f zd<-rq2ASQzL}Y#FRMWYhf7=ysK(ojyM#E!Zj3*}P*~zANRz!^xqtE)S%a$U)KH5Gn zOb7aqV{-UHg#~G7o{Qw0s{EKB)Hw5`IfN;+!M@hok(N!=kBC!#x@`+ZeuA7qX~2*j z>T-7EDm-c{Af|M~Y;RUKufaT1?no)jZlv`XbB0~zhXdrr)|luOMSI8b+lFSqFGH zwl~IrD^sYgC-LCjBZ@1vL=G2V0;6?2(M@!TCa_)1dF(`W*+Z>kf`yG9-UA1rxZWxgxYIx6CJEuF#-VM}HVx_dl^1y98LJ z7HoIK|LT#j?~bAD+)$Jvr5R}%jN!fIB7qONA+`>E#gyGH&{HsaIxIfkfOM##`h@1Y zW&?_z5JH~2<4mr#P0|N4d@&DM4YAPDJSpE+I{3zu$ zz`P(5e?|uW5*vUz#fh3;j+hw*BeW%1S`8f3NV-UP@N8J?yed+!Y6g-G&9~ecU4R=-s!|yW~DEYH5#9g0kmo$&% z>Ox>?7MFgn^3^Yo|Im>$^zRMxK!ES)$a;haif0G&?|L~{id6_YT<2QsOqI`yojfQu z5gQo_Wqa0zU+@0G9xiZP92m8uGim-NsffW0YCjH0^RSYCy|3h>VkT7^jSUxpmR8>m z_M!umSU6CHstZ4kFKD@w>!5}#DQ8&Zu#!D3JdY8va5_#Tk%$c_j2V4@pq;W44x4J- z&-;yhuQqk8iG;_OBI(%q90B9B3W8*jZJkb{I#qaL#YPG4 zBg!5RusuqgdM62{Q-~*$XH5%Y433_Q^M?mE`93Q1t?EHMA)@kyzy`Kavb@txSt6ew zNs*|YU|_4CJjgQXLO5p{6IzL#-G8Ztc_d5y60H}XbGq^dckbzXmTkeQo?Xe8B^q?) zxlnF#_|7R+oyZ&cJNEhXP&=rXl36D zWhz{>A-^uXNqKXaXAGjfHBjH`B;O$3+$`e$9pWFMG+o)ubN?m7Ui`JL`q$_o<-eY6 z{wtLJW3JJ7)xrCN?Sn`MXA6``CIb^gm9sX2mPKWk`W6O_DbireAOq!Jjt?|iX+5uO z5UDS0UfgWdxOn&JS&p!iQXPEZtNL*e@*$`Gn$0>;&xusAGnScl<+b&?(c}F1{}f!iCT&TM)XqG9_-~s{^8xe%VlfM~y<~24#jkQ?c*_N(#X8vb zUhn7(w#iB>`c+_(0TafB%c7g}@ICmvPUm^i9QQZ=oP&{6E05?75(j(P@=@HsMU8oG zUWbOhM3Lr=mX?3&aFP9|FH*sASRUcUkdKc~tE2gd>^2Kb7$2b*%HaJU>3Yj5xP%+xWS0Fqt(~R9+6)OJ}oe;M|{UYIBi9If<3P) z*UF{0_;oM}x}hhQY|haf^<~@>m&RAQXY$j}QEGM5VRe%E%}z-7t&k@Fwq8bpGaqyc zw~~1zvqg_*Q?1XyfBO#Q2+EWF{)Fio+TX;CxFNHMoYF*7nWTy=yeROtH3Oi)(B8~V z*vis5#&B&K%7TxyO~aQy8rfA!8gX4Rtkzd-TDtCIzd1Zi?LAN zyGO{#bl?csV`AW-GPgoINA;e{T+Peie$mad363#2>12x#%dl%^N+j_~4lu%$b_9;p zUkX0ORdz?3dQy72A!T{Zh22PJ0x+(V#>8r_OtGCE|3R}>{8s}Uq3bG<&x;iTP{lxTvDP)^G5B>{7e#R|74cpDGyycYqmXVd@H8H4zAu2wFfP_+(4bF z>!^95K+;^IA$vjFokG(kG++|KWlXTEH7 zs0N)8FWO_NBw*S}_S`jI$cdYOt^{n^e!b23Bzk%l2SP(^T9hV@$w*4dp{@H|rc44# z7AI@_S`@eLn3I6DQ7PsgBkw1TP{Q*F(?N) z-@Ioy3XH@+izJN@iluB}d>T;@Wyc32|AvZe)WHEb!Sc#q8lqA=`^xdi1N{i;SxbSl zai{pSP*rQQURE0ZxbZxyguZ3Rc)Lt56T+!)B|AswL-Z2WK!apFJif3jTp!Sfs6K{} zs^0Br;4gP@DQU##FTCb30zh&3eqA0^XQ-tc>|7$L7EoQ}RN!&2nTF`?Hg(Np?gZG} ze=bekI?q|38_v^yFWp{e#Ket6VD|TgMbT7~&28Cjj5XGQHy~IJROe}(4MCl*w^=cv zPPUGdsi^Mg;(zSGqiUSxC& z)5|B$phOB&S0~?IP}E*TM`ZrYvZDyBd(eW_`Y&HJlKk~MS@$I424_sDa3u&a!XQ5&ZfC#buelC<669l!l?-ZwbqDB%Ys)@yD-TK_GhF z{4toN2R7hS@wcws-XdDWn+29pKnVCPvYoZ@d(0%QCrJHl(jtoMdcE`omD-}^38Ph( z{-;?IUTqk+#%*%15IzSypH*%3rlL76^!iO9>pNG`BG#^Tm6|-N#!In!97M z?msj0X~1^Z20y~MX?77n`{x6uhk=Z>u>KF)1-BD!pbgg@$FMqVS)~StzS1V%JvOWW z8@iVzj2F@~ypIn0b0w&N1_ED$$@bRHlbSyz+I6tg_J}*&8{``^NHY{&Mrl%SS5Vh? z`g<1PrW!Qs{t*szw}m5m!xoHM9awBTcov#F&5-m%3GTH0nEBkEoSkITGu@FQtXJM! zjN+R5GV{fo=e1h(0-IWm37+*sXMeqTQQqWmo(fdPJ%w=hA0LrDi7u_{ue2Ig;@^X4 z3N->2KX|D>so-iUE#nf8HAk8>@*D%i>RWcIiF<$+SP{-Gt$H#1svp5b6tAjg5>gkW z?^Nz^=?=1K>Znv^YWlNOLdZXqS{!s%Xf#i2Xtu013ni{`aHNzzKOp~6$GwkCWt_i+ zdd89edmXp`C!#Ix|G$n~eGz_~Ow1fy?420Df3*ORUmQ0OkS{*bzdirDB@q8Q|0mAw zfB!2XV`mp9BNG=P7Z)chV^^0iA&>uhk)o5mo0X}V(|_Vy_G_wN_?CY9kZVh0(Fqp5 ziwUiqvUOFY9i5hC`fQb6yZWiRKH1>+8~kwaUMw+GO(@W#lO0(-_qK3qOzlT zN-j^WW7m6QWou>)j+A_WO*D;IAZJZ#2W~)a0$}N>Q*-59^>MMZzh$je9MfcUp+>)i zrdHwIYUN{%8=zsU^P>_wS}|6bFG{JDIU{{C#WZ`)f&xaA6;CtUY`SPzoTX8 z1kL6UdboQ|x>D0)>rzk?+9B0W_6SGPh%Hs(MCbl=u;%;0j;0C~6CJ{_lqn<&LJNFX z+ko9j?c|7!JN7cq0G3<=sf)__v0Mt}C-bVW!P^C5de?pPER*ZbYT`^v-f)ujKwS#V zP89tmmuH|2?ni@WF``I+&01T!(QOF8CS@(=euF}b!dgAcc#+y^?z@TbIWEG$crFnT zN5jY5sDA4iH zfr*d-s*ao>EBO|(o(HfC*O(jiwArq~UKIq&i(7x_|3V4eKv*|TkkHF)Aa_X2y;~;R zrkW*bUS_46(WjH6nrl%eLzb9p#h9nTHSm!oPpLHU3DR?6pM9IKB>v=A4kL^W{c)xI zmwr<~oOQJb`#~P$PF@hD?!F!m_iDDzuH;=(z8E_v0UV$6?f!1ni5%DD*!-7UO?PVM716yd!MnY-RGV zQ%+)x!n`2bNKXs=uy}Bt&^KgcX;gS2 z)K8F4s=W@t8_fn&5ZzhV)8*x>$CchM-;a+scth+qE@3DMKf-9Uo;F-trAbe3w%bdYtwOs=w&>DHWTkc-yaLb;Ug1`2 zb-BF$=dQVm0Ih9r7+H)92#{1-kDUqB2WBcnWK;ueJg1s$$qk%zb^ffY{n=T4IT^HB zTRk${Fo$wXaANS3`t{R)3|cfNsBi{R$5rF`9R(t2OY9?Eo3nE}H;5QH(rG@zb&oMA|k*HYk?P#);8HeMS*3$nux8b zWgDR(`=@G+XW*BCzs%65iq7~8rn>8h5^a0^ES59vy-6tAmzIWS#QK84p9=B~pMqq# zaI%QxVw|<|so*U*@pZjRCb|}x-TDO5V?!}_&I}7jb8u?PdF;Gc{bcV60=~URh*@_grt|3HzhBY* zMlxyjp5GHM-!qDC5s*B7zfoazv@VvH`CKOPb|0W(!Qsxv$$9H5S(he=yuui7N1G28KKM=|trI8V zPXgUDs;d*H#RmwtWCL2_A*JCNr3zuKkgg*bNwD#qhds_fP0mX(EJjf@V@))A++`Krn&@sEll@ z!d~O}8z4O&B=tpPKfL{$fZvFiOYPxTHCOl_)OE9e`lv+zZy%Mok*lqXh^3JgKnh^x zVrBHzGbk84e?go7S;{qSeyUjDe|AZw&li{Ij^~0M58LT5HX4oc*yh<#)1%E{Xj8FJ z(8Wr6A4g9>mB_Picy;G;MzcJpyKZUtzC70HaEYNyPB7Pyl{MknJ=EOgKF) zMk}={S8)h$olG%Riaz(zQhhJC2wREY7;0U6SHVP0qI3Gx^S#FpX ze$cAcn_(r3+J(h@MH$KQ2R9F4YIW1b+J6S3N{45uxuudU168I0-_wCt8ZEJ$N~Eo~ zoGsC?u!hn2Ibd#~6;XL=)9Az~Tn9^zW){h42C@n$<>KFky(#}pCz6AU)XaBas6s}! zvR?q21mi`czKh_WF`xQqHEWqGao04c;qS$Z9nhs3(qTr9ZB0fUFL|%TAW&$`erf7+ zGTWT`2R#fsFL9Ed+RWw3_?VKOoZUHRHtEG%Q>gxUkN}>BLy|vpfs{~gxzsQr+}swU)eMIb z3N1FYS%J&xWT9GSyB6?1*dd_oY~Z^bNbevGzNTtB!~sE_j#GGm{WlZ2U{2mjAtd}_ zIWDvg`7~xGFP=|CiT>L?d0nbF?+r3|hw6IZM%v{hQ7EKy7a+)`fU<(MeV54qGz3K; zoFC?~ycN-ZQdCZ)q$iM$S|;QA>4my0*5#@3%Q+pP9LoQkZ#GO9t(Crk+}us{WDn-P z^f>8$`Xec74-FcF?uQ9IjjbPDDC&WSSgRjJQl1g$fR~7jYu-Y3AA&WgjBRx z4>BndW#gXSbUHH5(L(6ra4JhHq5D-jeU2`Tiv^xiW5GGh;gdZx^by5gAKkcNu}290 z(!Vd7o;#+BcID;;yd>N{vP0kF3#6l`!~;^mymW_*pi}L>S0~*gb^J;%{MZy!y|YW| znM!yc=r%Ju^3)unyrK5zE3SwdjMh_)zgCWv`?G}1OfR=dcJ3nag`RQ7$Tw%OCC7Dd-+BJ^=o60u+|Qxr*Oh(=&%-_UShOk1RreArlf5o?Jy*rmPuZBGDTVt}`CESDN&F zx<%CsmvN{dmAeDYEJsiBgGFD-L3~JyI}`9sWDe<%=SCCNa{lF%WvDq6+PP;@+$3D= zAsKO6jFFDD!c*yo9^uIp9sx6~>V>&wA~R8~5-x-KJt0%#-90#7pgPrwU@DmgW*A(0 zPSmlTBmbRl&NM(CfwCIHjR@yp3BHPbaj7V6%}jK8>@CiaXdRo$wM_x9y;465XHl;v z5nz~JV^mNS6Y#17`VKwqfozh0!qX@;efL2(j{>dd-P|uzLem!(25hx-O=Zuv~QYMFJUtwaKZxauPoeT>0!s@+n? zM0k472!>4-GCcX^bz3+suyVGzgT}27=(71DYS4V9D&Y2T_09M$OyNe{J(7?+xw?gU z{-PzKV_r{%%V?@IM_$1hDY*i01mi&LFQ2hnMY}99eDGS9_)CTBu#iTu226IL+bHG^ zSX91i26B6WGVD87W1T&>*9^fdpw@>`PQ7hRy8p&F7l)PD;K17kfUI%lH109GY-6AI zMjY>>x1wVH74%3*{V~+_48BCW9Qag=>3h_$`(;@|1qFjBobM;{qU#coQD=}yO1IdH z^nh28!7NyX7^4Q^Q-}R zMfrJfJs&@@-~XnNjL_pFRoW|j!{sBUh4Au3>A?` zVQ(Fps+zbp^JxDAlp%8X*vJ-%rTAU zOzR9nf?^^Xm48HbFbSX{&W%GNf+o_85VTifyrKV%oWL<@BgDDoFt}2Qj zy1iJw+}_yeW`B`i)YKGVXIJ&-_WkOYJw-yA6vfW#%lqJ%_fyud>9#L_y9E!gXbhI(0{PnnmycZfq)+Dr!+;7kDwA zaAs*HaW)@0L*UD@r!dR}sBEpSvV(>9_$9Hh z;bnq>jHeY(ki3?xLS`?;yw5%f51R?1GFl1DVgqA5#l~L**Xv~Hb?bTljg35qg=0%* zFMRQzT2$)?5#nGb6SNGnxBKyaj3{|=7KX(@Ego}|=-k53_i;I$s7I?MpiQ44);{yOHR1(Euc<;Na%^4%2O@a<#TnUO+e72Vf`YW?&Q301 zegoV}Tbp0@2TvmIvW88U0W`#`8==;?8v+u|e|FiYHzC}J?Hv^*OI+m|e9 zWiHoVr8n0kl5H(ox6F34Y&o}ct-^$oK@E8W`xM$`nQyW`C(B>Rl33IjFWrm<}_jcuz* z8r!zh*tXeNC$??lBssBd+va5MVBK}steM&WVejwTFP>MiI2ox`y0D7TX8PKFZG<#Y zo`a2&yN>6>7fF`F#t8h+m>S!A+XA*Kc!{A)dkn*l)W9ECBqn>)kSuax57}(Rimtp} z#5D`&bSWV#Xywk-q|#%MUt2q~Q-gwDwUG6|Y|mgG3!TNqpqk3pONh*@9Mkysv6H(i z z&hI-wwl6u%EZH<)4dQR>$Ty^XxgjG?QakYRWB+>wgTbL?RU{mAn)W1UOUvNP1UJe4 zS?;bF+X9YMi{SMUfolq&zphm5gFk8lC=EOd=!hG0;$z*TjoQ%SB3a7%__(4HNCD&KU50kl+oR?e|m<8$CYImCZ|Th~}wF|00Y_ zoyx&PZZ7KZxt}#5(-D>WO@1gg(Tl>J4H6_td_}?S6Oqj{9U5IV<^S7~hS^Q>1=p9NTaL!{kt2nt zVhXQEJ?zVP$`27ZeyX>mSr5!&qwP%JP57&ctK$Y&ZSi#KC!9O)+I9u`QMGIR*3XR& zzqA=(MIV-3e5OK8^ZX`gN{hA83x@EC3UCpEpELce+~sRjg4ipPZ)eD%&DG^hni+ET z=k|-PV`h&nR}eneKp8W(PSI8&xNzLA**lJ}*50`jQ-zFn?#euAR7wG}*SMcfFZ3PZ zxZ?cPhHjx)F-l2=0*EgVIPGw5h;Xau8yNbj#D~N=mj4ho6auG-$4+mfyV>M}5v!RH z!i&*GT-X++fTyskoMiiTX61j)urcg9MI~MLi{pX_e)!YbaI26b8g2JHr7=((Giwy7 zn~>Y@-%38H`s~3N^@l(H4zx7@Z=W}|Y>G<%Gl5FmdKWo1Wm5Fz2a{2#)972)<9OzL zhc%8#{HvHNRj3Rj`Uqv_O^MFvCA}Kcl*|S`om$l3>MUDokckN7T6iI8jLYmbFGjg< zrs3mj1N?HV6t?@Ma&am8+kfY97SEM>oTvnm(EQTGbmi3uZg(C7{pk#DiKd7lk43oz z$Q@0q`)#L43ZgE}T(3by7#meH@K?fQ{;CHx(MeKk6pSuA#9;6ouuYg|w^favgn(BD zdz6~h#gi?+#C|Ua)HxxqKJ6Np8Eo-Sph*w^DYkh4IPjl-S85=aSqnK1$w9eKm3Y;# zP^H(V;xsxc4;A!O0va{a(@{s45gOMzOHx4;$fU5Gllc*)!7d5}k+mfMscS?EA1JlD3%xWj7h>!sQ5GH|W0pA%1Ri= z6#W8_B7+lDM4y+4zjxyq`0HW{DBs8~pby^shi85cQ->Q^t>_&~&0&hhUe!^{v`aT; zzC5Ta1r{)IhBclB@ANBr)(hqYRk8R?$hQF4QZN)&lcai^Qo=e>^m6kl2}Y=3!AYyo zGIYu`s$NTdLw|=pp|+Sb3=;hwb@1xbaN?7ew(7Q^?;_{Qgzn3 zgjmC@oWEINx*_S~AbPr)k3EU}Z<=WJ$A`GR)fy$aEq1FP&yBMc7Pd=zF2KLHb5>rZ z00HxdIZe`!Xwj9tInO^ug)aMHGj|NQ*nB?_Kvh8YgC*si;G{@#z2w1xbOy`lmzCzq zE9Z<+w$|_%+k0D>mpnd$erZn<)-=QNih~pJx;KD65*_BN;@%U3(qc0`Yy{QeqlW zZS@d2k~@znAt7Bfbtu*3fLj~PCy&|#`JKj8WOK3hV$w_zRTE|fVXH!D*X)k0qX)>% z!$mBiE-*0*1rED0tzDKI6Yc`nCR+A=#Uf02Ib<*{!?Yx@J*|S|p>k{uWz%9xGxq`> z$GjvEBH^(J8E*Ow%^Ws0fFqdOB^?VlJSx?ae}U{onMaXl?s4JR)j=C%*dw7Rw*!l27J_ zpZJ%xFwtQG!lFcP)W2x#C9kNVF-Z{*c=wj)9&~i9pM< zP;inMY+LpoZ=hs0ltW(yU`-z$6F#;crr7)Wi!=}4P0&$cFVWZ1y?W|k=!y=X=hCQ| z>#5LJ7G^WIJ9w6aPT>w%Z=?lGCCq9Eu%H`W@!esg=-cfgvlJWw~dQV97zJFVdm>zEi~&*%Ed z)Y$Z&`+l+yI{%VQ@EiGeCVskK!Fi+A72Mz4#Vh~OJRLKeO)~ku-rC0uYA8DtYD1*v zmxENKbs^ZRMfYw5z9`;h{NL!3mQi7?8PjAMhf&8^pMyZs(deuAoO=ll2xX zV>;C=>kgkzTRlNT1}Cf#xB`=fHirhhD%p{@+dv1}y%xgpqO8c0Yi;zA#v3ZmBuJQO zyuDe6%u@S6?a5}Yz1^hAVT841x4GeH2ef^!g^hCHu4%^5J^ucZayH349UwDgZ8!CM zamX_+ESq+TK?iyEp+N3Gn9HAXHf-aqaESLT*sH7wlT46_aH1X#opA)ZMP)Lr`uZ( z9L!8qEIi={yTC0X4;vEexqO2AE{2Dvv;B=;896s32wZm*d7>~^h>zD| ztyQ4xK^y2XS|K~)viw$c&YmHxBV!wqgS|02CApvc1AU93qYhW-Rb@?`Z!i#Tg4p`2)XF(yV zUSV8{Z3n6O?Z->nv$bvS7dFq-W{Erm!)YnDtL8}eoJyEW?3#az(@}Ac9BIlVUF~V~ zhJkG#041xgPw2*HO404Qf)1tlsgi*v4Z_`9LZ=M(L*3_ex?LN^a)L1u<(DfHliCN2 zc`@vW*Rt%v3mrREf#CI5M1x0qHM`F98XiWvh1?0T^G62nrk>)cU}olN0RqTFyF<@0c#)pJ* zbT#wOgG53F?Ih$T-bQ>n_Qw@|#9TJ^M;#m*()RfMMLhNgX1@Rz2g z;3h*^#bZuqj)JSTB(H4e2rZhb+<4Q6iZm&Ty;O3YO!`A)1I)E{v2ZTtbjyw>yT3rv zwW~d6Y@0p|w3M3Is>76qoFH+!Hu2%*0%v-C>(X`^IYzDb3(zG!>J!ZMf+*y}L9?r) zE*S<0^{fGVWFB1)McVn^uq$W<{M z_wAc?i}d%vpOmD}LPHQMz}`$`?)Zszl_xzYr5KrFLjRc+a+#_hjv{Ie-X~m_?cr`G zO_(eOo#c4s?XGM{nMV$F)~v8b47K-Dc+18~Dw|gnyUku35oB-?DIP8ylRvZ%gAstw z2g2YwIHICb5bU3xy>W(6jOiktENSSA1GC@{d`EXz%`y_COT^_8!jVOnD&&>Zfo0S@ z80ILAq)|Ym%j^=#q?OUFVRKj1C5^%8@RaugFnrP9sut|JLpVgnMxF{nI9T!LugXNx zcD?5;Img0x9{){Bd~k)|L0lT(!VHab9&=*gLuR|iImTyN=>7sHA4R8u+oR3t%jfj1 zu#5tnO`IlJ1ZAahbUt6a&E(IMW3NBYGo=v@?fRtY@QHFN;U&12QMDrEw|eoL$=2T} zo2W?3nxSA+FM>FnZHn2dizXsKhPL0$@YWz6th#i zUFqnX)yRxJ^dKGO5gEYy^!0rxDQ~MhNOt!uKaur*a!Y+MB|mQV_25BoKRzLE82h}E z*!=9UrRaFvsjeXPB{^&cy%Kcz`7%O(1QYFS!UsIc$m_|~5DtKDm|wepnOy#%=S?<8 zhygXjl;S(y5%e)F;u9oYrZ3-Oe?=j{9O1hts*y*Y=j^M$fd06R?Xo_hQBRmB|s zeAUsN5d#rk0P1d2*d|(b46e)iD;7F}A@!t0)Dne%TviX3)!Swdx}D^%4~~Vm%lZQ3 zJbs~t%}yVJ&r|)W#Vc|FewxUy)io|9_^rw5^%h|4Bei z(uC2+S9$*Q29ehaa`k(cAQfQEtu4#eYq4gI|AOk1~NZ>q&^RY}?T3g!}_ISiywKHYn57y+(z`Koyj4JX5oV!r5~!L2mB+#_@r zEw}z8lmY&RXylUM5Q3g-F)#)7TPBYJjl7e8xTwKJYHPzV2;iVXVd``%mD5sVzxsm{ z7e_HrMh|~}qMkx0h>CA7SNOe=m)V!)c&M1kd2Vhc#~|?i`0D}L!E4{S(ASXY=lm>kXw;{rwJQU`Dru8a4R1#8OcA@)x+wy1#moG6zCStISB+!N^dBBZd9WU*l zltmSP$wLRlhZNgS9jxWR8ZmZ-8gR{7Y6GVI$Q*mxNrn2+478r7>Xu1qU2Dl;L~yZo zQGcA1tL6&Jvn)dPQd#`r7A7$m+_w@^ps8CYtkWFq?^mrMBj}JRb%_pdR3B>jNnfZH zIo(#$L_eOO(`{+5+FFWsilA+p2e%&3mOxH%6(`zVPj3#0RKZeoJOM%qhX0ibMfs5e zhk0PAWWQ`{_)U$oDb?i&P8Q#Yp!YXx`g%Xdw&agMa`xTEdOlu?%R9T7OPDC7gIR5$ zY?E{hl$H=65;bt%p;ePSxcr*?hn92);dg%lih`cG1zf`%W)&uS%TrUhLTo~2CU`7e zit#wV8Sh)|Ho4w5pP6tPZ)~NT)qt0TP0fiD`{?kWgK6J}ek`g>GYR`Ik@K(*Hk;ET zM=(KD2$VLs?(im}a!0}Zuw_K~&Xi)3uCS#NE{mff&m?Rev+o^d)b39}PM$lX_wXnA zz{&=97PD2K6GtdzaiZ@HmUINe^{eVkw;>%HQ{;JvuR@Y0p}|&_|3njjyD3TJvTY5y zVY5R(ZIoh?r$61a(W8j0B65~Vz7dSa*+^nIl<1{`_?>6WY2s<4pctp?fjX6=9)GduH~WAQ z+BNBzDcQN0j&6mxapAAl)dA}WU49C9F97?jr?6_pengin5q}XkK#sgP+@X@7!K;P9 zmC`aBbIh@{mB(rKMnlk@yMrVbDZBS@zKTyf>pO3B zGSDnlF*k9pEZG^!Q*`*|j%$FTPU*~C^Ut&bkk1Mj-}R&0LXRW)ho8WK^xO&!fr#8= z#@|5-<&7~9%w?-BIh*tGoFy}ekR-RsT?WaH?z-2K@sTvtBlkC*@9%;0%slcBMpKbv z2eY`laTMqTFk*uVZH^BQp}V|qPgh_ch30Qs7XtQbWiDCH`Lf8ogK3-{X1F_Zd=!b$<#8u{ z7^P7aEhLl1%--QNbElV5W2R-ZY0Iu`reEI21Am=j50qgo6n==(p*})<2$7g z_VqIQW{mhbxN4I?V^N23T&sv^M;R`;3AJ}+ufKJ)CA*W-?-P``BS+N=nBD)5nOrSE z*2)*QO0R0hXW6;=Yp)0zT;)M6Y2jeww;+*WHCSyE$ky1{xS>nIa8s!(ZQ7}oZ zfy8WwMsmcNMHOlY!Nv7v=a880$IOLV9&VBQDNu~}99^|seCXM4O-47bV+ru?- z?BYZ$$#>;w!!$>@i5d4J7$@ zLfI-k>ygtr4+&QHy?GkaYY!LpzNKo=h>jv+u|XWMQiw`Fv)npfrDXRSRWb?=o3S(- ziB+YP*#@k;3Ep_TCB1SYlnjoV$k-4VUbx8o^)OA;YOplEUov3ODv;Ed+m_s~@qhCU}oXZFvf_nnh;z&k4G+HSl>J;!Kl$>y zx>%V@Y__^aV|y4xd<+No|7KIHj% za-?)L>J+;-qSbcWA=~CYO;wMC6AK@r$x&(gN%De9 zy@8?+<*^E=TzwKUkAq8k)UmID?r^;JXg^?DSha$y+uN9KiKd;YoGrfNJ|-}sAov^< zVfcV?9X1}tbPJGx!l_MKkTT06O`=UGHM$uK{Dq~$O*zj2QJU}=mBseHr`sHN#RGWo zg!J-w&Fu1DQ8=D${rfoQLJj`>b+>BOw?7pAGa)1(7vGuyd}7Zt?D+}E1fmfc?*sY4fVVP^%CvjNFYjPSvsjR=vUfS|HG zDOYTJ=hEUASG|$Xxg>Q~8T`8D`EvxUgAfORZVQB)FrWovg^X zh?>(TI@?!l*WqY~1vq#~;dOq87mG6rPT&E(K9Cd{mA+#iSx2fZ=Jh24y6$oB1L@+V z_@xF_2Z-W8ZYI`5S|0=xmWx z3J%ctfM?_nPkcCpAO@6JF>j!9#jx1EYG{?V6umc~EvZ1aG2?Ke6Cu>DY71GH zw*DG9wTLjFncsijGgCoM2`q)YIDN!(#1rj^CtyQ0cJmgwZO#%553QxFvB!OLMRPa> zh0W**4h>tyR@c{m^U4#+2yaUBk2di&7Qvs2dErDKIWXHh&xfJ{U8MV5tADbcY0SF8 z)Y>v?UIY_;r_)j2Ch`%rn51FooD9I#X5zrGNgVK)J}!iiISju>YAYJqg<7izMCvk{ zD1Yv?I%If7Ev$t=K64(zUvTU2_i`{is*ap{(I}=%YTT(-+Pg5gwR#gKT}f9n6@lA;_pLp#~Ri9>#l4$N;H2V-KK??@XX!n-{=rvI-EHo zPE7==HUr(B+cU$RxlnHvl|J*1gE^kYsy6ors!YG*JF!>MgOS<6f{)%bWh67Xw@{Vj`o5ZkmHSMY_ z`NJ_u409NKTbv=cJ;-WyxTn+Zj0xYe)?7VQ9QvV7o1MZpH#=Vv&+}DCnRW3v#oDJo z@8u|9^$c9AM2nfxVS<&4IidDYgY<0kk9aj(~V@2OM*d%xGthCBP+ZaQp@LN5zATq=#57PTfWx{)0i zS6$K|P5Wx%gDL9eYQ}hzTM(AOm-r!su(td;`Pm;E5<&lq!}a+7&UR7`0c3P1Q~j7{^n`xD)rf|6R!5(T7N4 z+QLLerPta4();aWy>9rDiyH1N>!zCQDtcWpk9k~pAIZ@!gL3jycUq=-S5L{!>*|}& zlI9TuZx~TCu9BO>lr1`bk5VP1zt8%KHFubq%WfhSufWkGVNdpB&Vaiuw_kT7rp$J* zpzrkew^>{K0pGWceD#Y*@+)7@nwCa!1e*2S<&#^iXK$G6r%1v(ywD}l-+Yqbo>%Fr zmxO?Rm3sS+T^jv?eeQnGt;!^Sg}WP^$kzFFe%y`wW^C{ zO}pkSE?JNK@y0g>>x``QcKdBH#_oW4LSW=;r~4E9FxEi8g6so@G%?UzfFiapF$ZIEgkvwm zsmFzvZZkfAY?UETf^a4&pep&!w98woD_=Xo7HQNqsrvTZGiY?tHuh>ff0NMU3FFAh z6^dH7FU)@kfr|M`vDp8xnwj*{B(cw|hcQTG59LSuQ+GiQ^tbKUM}gr}wgM-%&j&8K z3);{$ZwgQ=kJP@2!{IoD3;sMl<~v@YI|l!AR|Hdpb4pBu8c$q^fL)c}hYfQXl`@kzW4DGRW>B=V3=whwlV4i#f?!9Hoj4 z>hD^e%2bv`_I^b2G_m#Qe7*BT_V3ulK2e%)fYa`r+$>{~D|DGhr!w%kZsj^0@$^tz zfgHixyH%1E-f?yMSkSJ`GktI9KL z0n_;h#DII1%coFfCG%c)!3Rd-E}(tPo#k%6x5f$e^%7LUK@hg7FdpZl&w|dT*@cIn;4z+2X?u|&E1buDD%lK3%%Z-wN_HHCJSU8 zm}oI^3YvAd8uld}a>6;20Zo->2u<4(sfK>5WJ0=0uGtugtygtePFMI{2ms~%68lcz zLf!gCszsJkiIb#VR);y2J!1eE$I}tTtf8qa;KyRaN2NikMRdXmx!% zftvJ1=()e~!^0V#+nR|Bw(32QfBH9x&He%*+qKEZw%Ncs|=0K4`I*;M|y6{Gw{8Vcebd`%gPr&gk>+(h_i`>jLjjJ zK>UQCZDA!KnIm3gaUgZ40cfWX;eJz259u1F%pI6&?ia+2_vsUD z+96m38s~}twHjknLE*17Qglwwd}n#FMoj~oN!7~uddg7?ddl?PK_>docw>i9nd2^e zZ9&E9tFYriTjm1ldq1_PXT6ZTp0K} z-0z=$D1|r+NevU$R1rDQRtpNH&~9&WI_OJLQw+FG(8(HgPr_Y@qr{0rtRaakRWtT% zRVXb+A&8<7c&N@+@Yr$U+`E=bcDQ0fkAIK(K%5#{(@n1p`eD)-(E68z~)insGLZ)BdvY z5d|bFnstnl)X%Qdob{gZ69y5pK{ihLV#3ui>q{gp4wzq549GFR>fVsB76HuwDB&j0 zOdLVr*+pkq$ciPGM|O;sJsumO%ELJ#SxCLUx$Y-DVAac@*x|#aH~qWsz!6+3;>>b# zIsCMy@W*b5bv=*1`O)lj?Duqc8yHVzMkYOmzD`bc>kPeKboI4jQa(yQ*e*c=9~FC8 z+E+G2T-cd$yFcRu(CTLds5o=KeSnVWK?H;1KTigcLsa}WsnnCgaMuI3r%ITk z5)@Gg6r!MSN>a;+TzsHoKF8=IxqcxilbvIyma28(Y|Ilz8A|sv5e!`u2ULlOk=0kv z6B&H$m8gWM*r{=9SjaVVUP^4+tmSX(5Va5DkCBU6oino|iy;taAytRh+V zZ^(nr(v*6KFC^pN9mCk?u4n?zBg^4VSK9$+F1w^YDrEA-lD#g$C)tbF5O25|Q>hDt zJA%_9-%C0Mk)I9QZvJZWpu1>!uBQ&zT0YScbVpNY$eAV8N0LB!ttDero(E)xtB~@= zp3GrL$oQFbFl<|V@#wDMWefYZa&YuB!v^YB;*1MVAmT^d9%~Ie-1I*bvpRa9A%ztp z!Iw!TBM>2oT5)yvli`S zht#eEaxM-rGQphhoLDe?zYP4L&XQfS4r#3?642jtYc1$8^jO-g#Wx)rdg~8og3TTd z7_IU1XaX6!bDlJ!QfE2$LyTalO-XM0v5R2*4oeQUa4~EsGinlIqm~)4$Ps!(G!F=l zuISChD=6-+z(x9#SL?P!qFUsbusm>;VUat= zlp@ma(B|_@E4Gvid8p_b-YI*0Po5awnyn9C%oDXjtUC0ZQ8qY2z`hTn)CX04Fa={r zgoGGU7Hm^Qm8Ajiw`=UBRiHUGdS!w8-ULKj0or3{8@a z5b?!QUFdc^jcKjOsfSr4xgqT);q)SPiSuOfOOfP+=tz?*y#wtNA}*En;Qn=Y8Fktz z7-c(HWBA?}RW&q3Nh(2%*JYle$xhyR+I=ivU~CyML6i4Ur&jGMWaDzjCGmj^>jda4 z??$bKVNIEZ<2qe-=qg!FX54F>A3vmz!e%HBa&*X%MobxXyB&A$wQ78`su%?)&`+uS zQ73^cjZ0Lts>W6`g?}VLY|Q6Z(bH^su=r)}FL0m>MI zU!s3kqda^Oi3@4CkBXfw6Xvz&ytUX2rrRjdjh{4p8*`TmHLksSK?J5(J9)|@higSPzUI55+W{d21Ftu6iF+brneNl`LzL6FR6W(Jx|1c;eT|J)Fn&kwxM z-#U3rSay-SOm&Hv+J%^qkTHB9Q>MdmyZWP2BY>Q85bXr!!5|;wYCOg9$A|@|6aZiX zF8KZA8)m&MZaHbTTB>ZEI$C19EU3|s9Va6<5gO{lC=ezb_sBX;*qN8h@rBuPqV)o2C?vRFN@D0^GIb;%~Yg6~JR9O+jSwV&8k`oE-MzTHaV zbiu?qoLUHE)1YQKSE1drFl|~LWN3CNz1EG6O#YTFWm5#nWvn=BYmo8Bs4kToM{2{U z=a-|aM5WTp_LQQp3)ftAL=-nWU89NO5=WId{21+juF3l^P63J z=5&Z>i~2yWXg8*CzZN2Pe6y)sT>I|H*|%Oa;NR-fl)G6D}?}0PnH? z{WYe!9|l&|$y61t5uPQTI}qHDi&ZPz@5NhIX~(P~)d==Ci!h%Ws}RHkKbttai4^PrNJ`jQ{CM8{9% zx;yJYM3@A1ohrSGhUQ2;0~-DM7jafiunyg6_l{4}zYs$A=VcZYLV6eE02ELJ}$ z^!E@5hqOo}cN^|jOE-bK0o5*Ps{LMm$#lNl5nQ&Y%pi4HqokVxQHiF3&_-oq&eoLk zGxkh_#qk>@Gx~nTtdwSs;yRDe-Kl5sQnVLDrZ#Gle>q<{A6SEj1!^uNP;Bs zuZr%M!KbnD({L1g+&6|45hz&KI`0XLjR&&nb7ZDdL*qMD`-Ri-YrgCZaSVD(qV18D z7b9pgH@Wk!SBjQAK^TgV;0N!9ZG=BEc&(n90rKiTm~xFtSefMdd@14UEJ?(h>AnFE zAH1+v!9geT*kbcSLyj7E4g$J0Wx^UA+;f}|w1=z{@#BkG5wjCb)FW7EBWkh$(-?Sl zR-Kba-_RL6+05n6XAEN#eia|wZkFgzmA%KJE1mKYD>@IOTh3m?|_a=G1dA|5)V7eK{s_g z^mjI5=4{OSIfXMeTmyb%q|u@{#>Wk#k%(#!o-GpnxaDOfn#^(g;wWvAkPBuD|E(Pyf>L=)K_SS{-vp|$Uz4#2C>H4bigbb^oYV5f zk;WYd3+_tq6}d8u3qZvvl!s`dh|d?a7K)5I?j4T%(QCdom4M>iCr%njckR|U6=nWw zgN;H4hB7YIt4R=g1*SR^g_Q((WB!c{ zjB2htcfBgmLY<<98!mHSq?(-`RF=J&kS@*t8g0zVZz;s5BZ5%|u>im=>(SsZcF?t? z1Ikme8zuydQ&03@`jag$rLnCHhy8AyEY+x&<5tV>i~W}A=x;+$-Rs&F$Jk<$g4Gxw zWet{bOA&LPAHV|9v=6$eaw}%XVPRJ4Ko>lduSILGFmC=?ao5UOkfWPJUj1w}>b#V@ zW#z9=nAs)K4=jc(T_)X{tWK*$kC!}z1!Uzr{a%a$6%d{^WC50G&6;4X(gHb= zU=0T>Bqg{#yrv7{9i_bJW<({@7XF}y ztW6Ozt=FkleX`U>wTFI1*RI$>)uyf?3EdDk^a4Ca1 zJNMb0;aatVSnkHd>JRI&R^0_Mq7r~3$%@|_2Bri2 z9tB%5%A=LTTBWyP0?C)h5?qG~pu?1nyW=n0`H2YQ_A8y1-K-@Er&))OU+bTYy&G*> zi}otfECwlf+07ZUqY+h$w0@xHSl%k$PA?%}(u}Ax19m!swfB$p^Zrin?d>Kw9?d?2 ze!9-Le6qFqMV__Aw)T8FTBLaij8J#jfV@wh5jg|Jt4lN)B?E5gzLCe*)23q z>f6`U-=|b0mqo{-XZkQZZlSEMg})Q3J$#mqG_dq6?{Kb*5 zRb~x0m|b`3s^@qr9cY(^Q`)jHi{$zrN*aXP9HnkZ8>8pAY{vfat?JvOfMt_Wu2<6z zym)gpWDsV3q}j+te#iKs6XFRsNRQnBZ`K<1=_(}jdu z&}h3(G*dOLzqa?ke?E1F;SZOidTNN6+^V18G!9vl1T4o3KhpaDw)W9;K#gsCpPp`M z<^EfdpU3)~Azb&+mY6O$vzUyXyE1cOu6>z_zgbPu&%BQva`ER+B!VTV^TU9pPEW@g1>nSxXp;-n?>>+GdFY4Y5A#~K3++^R&!kaSs zOjyrRMn@`3u^EV3c8RQMtToGTYS!rhA5xmwgYoe@$rO9{WU;xn6@~jD)S*y4qj2%h zHsK!os?435xDsf!Kkl^>(6sX7E1}V?3R*{biqA6~C2M&Mfl(RXIvov>v{f~X%!UnPI4LT?J9GRvsDu6xf3k>Z zqey)0W4o|mlUI@_{{~$1)W^v>L8=C|i5wLY@2_>97{?$gNogVQ$s6V?^hN!Y@V53+ z-&53@Beolg7V6}=tD&c#nSKU}gRzsowlF}v+ltzmLp-2=Y( zeMD~1Bi?W2$d6ZDL2~+VyjKP&mUaxEWi_U|w@+aDFq(o)-f}D>r!r(ZD32zXh$0GIdh1{7JQPldKVN4nbsR zV^I%TY3?pHt5T5Zvaw`<{TJd6JOHFX=VDNNyifnDV$jeFLNB;aWB+SmP&)Ia;qbmC zmf0ZY;;^J=Kwbo?@)>FA_Od_lSOdv^p#eDdR~`c&EAIuP%EZ7sRjn0-TpI!TLR~v3 zt3N+wul(>5ZY7gnJmXl`RZ`Q{($Ug!BwJB^mxy&~u53wHacWkR`_0pql6(v6{kx=B zEAA;XYf&wm@OI$}R|tFRUydsucJ}to&LnBWhy#m^F8F2xDAKqfEj@XxC@~;!fAncm^pj4v*npr| z;%;)r-2cb>h4x)%>(Q&jbT=8+yVm*?mTAsqv6(?0(a#sbyiKV)ER=WT=}VHA$nX!; zE`kY4B-uL+Xt+J39vAIw4rS~kff$m;A$y<^c}jdmDnT=>jRfPf^3hn!4=62MT^`dhA&Y8Zw~$rA)cm#7U}i&Ac>B^mmCAqKi{MS;kS-kl66MbRzu8H{i-!;< zS*zmzH5Cz8_KdI=Feem(lc7~Gr7%I4I<+O;(hG{8oX-3_kzQn>am+k!OLgYsJ$$L} zcmmnBe^6VGtSp`&CF*cQ<9RgkNB?4C(;8BD*ciWvH?e@cM4Qv35hFr%!(U{>oL9xv zAPa{WQ;3bZ@rl~d?u~FH>vzKFw`Zf7VdIP~p0RRsxo&tS?6QTdWs5Gxm`ro)knSL= zc|e!L&dbmGavsxvw^N%b0>k;aY1!m-bGE5*TrKyPX@ z@%I3NgM}E2rFoC-w!9%N(^zRjV~^o4{VR3?+2WKnP6(z6&I_CHEuLdCtFraP7J&J( z|7qX{qcPDhW_as8$!<0b-%zaQJH;2&>Xd7>;VR)R+b5`x;F13^CA%;3-#B~6;LO7I z+p{~iZTpF>?sRNEv2B|j+ji2iZQHhO+sUNPd#dI?rw(T3^ZvMZUH97ewbuGgLe+fZ zCS>vct1A8<;}D$x2UYC&O|&$%GO~6Q|F63EKe9LyxTd@&g0=w);tLohCzqxolkx38 zq<{fakcv|P0W+sBiPSiDs)p1clB^^vGW#OanO=%32hUe4yU( z$>TD~uAAa#@%gwrv-v@=>w)eBr_~rg=N4;n`)8_sc_!TL62?m_N?Hy}Nz^dlMl)a< z3Md>OWE_AMG{u^};mj9o!n@@;avKnjEIj3mg<}FYc1^(KD1zGd&b1_MeQ=+Dgr!VR zAQ_yKD?Gr1qdqgph;ePLq;*o4CHe-g=O(%MMT7(AV#hx)jVlc{4%_SGCUZ=Cz(ufT zPSK74zjRG6=%sHJ>q-?2yoFQbxX_H+okeAZrQ8fSL!0GlMs}H^!VqTHSB)(ynRgG+ z4?zn^ZmJ_*@0Lc_!r4qt*x*F`E3m>um-{bxC(UQL`hmPm^)`gC2Uc%gL}&mXo-ikQ zXK`SKDZsury^dOF%;31{z+-a15;uC`yxi(4EJBp}k;N1}Z)ZMQm{{P-EQCY^E>BT9VxL}(2E%FyRW0;@*-^-V4O|SX5)*MpFrox&iP85B zZszyudp-eM+%l0xkaAz5wJakDostq}f4Egiiau5c%p~d#%+Pk>O}y=&lz!1#Kq2-Z z!@?%@e0_cPOfj*M%P>9lTZJDo-@}Zm`oK`bt7^IrF}mq;QkX0j31F(kfD%SjqBq%-~VK&Vu(OyYwvS zjo>tZzJ)o^M1vVLsPnEtb0R*M%WR+SG7;~zw6psvbuP?Zh+;G&vtX_Q`t*1~K~IB| zdIUhtt7p=jdPs)*T4_n6y_s`O;aA$y8z`y@aI-d&wwrxcX?~f7i;!`qn4Cs-E8m-^ zGZ0`%Zv3HE8n{PAk__I1G?`$7vr-V3swkykEe^7(u`>XpxMN@0nIJBKo_)5y1MbEK z9_}LJlxECqd_e4u0e81cX?a*%p8qB{OF#1hE-13@C9@-9XxJ>6xhQsJi{HA>B2-4d z;;j4JyR{(%T9JMeG6-00k@bi$cFM{7M1p_&%w;fxn}LIisT1%NrmgUV)7isK!|oh# zF~TfIfZ+mXhk!st@`k=ZU*+LOyx#oO6@9{8FYU{gGu?QCa5=k%gisEGKwxwXm`OhN z3LlvecySAXEbD^|`HEOHI{+AS*w6&0ym@8+HfECL;uYy2TqaXD#S=hvtk*-kz!Kyb zoDuZVPx+_u@l#DIenPM|%mAB3EVe;P-w#BqaGtY~`dCe$%Af9~V4F5{B(WPIcaSjv z?^eiPpp8#%weJgsFbqa|zzQ9d<|i|H^p{9V)D^*P8-LB@}!uJN!Q*@IIwzBlEkPc;>rY>wn#euKNFW1b%xK{>$9}*>_3$f1i!t z4}|~ceOsBz8Y;Lzv`>T{87M*6+?*V_)ma>RanloUTnTvM->hV;sebh|SpkA6Y2$_y z8EECL^{wv!{w52xetHI3uj^lKD=a%Ge_$+bVpxu9r(8NeF1#K`w!S_eA^)}wH|0PR zfKSkD_F@M`n4$N!kKf^vWNfJ;o&}*PYbO+#1?DNtdWvH)YsH582lfcU+8Ic5z_5+M znd}EyBStZ;OJ#xZ|LY!`)@Z70@3BJGc2sBZgu^$I1hX=O)`o#e_CusuMaux%AzZ-q z1pS!7yV!9%0l}x>E5U8e&_9MDBfO*J)!Y{$&Pc=%5DiK~d&d6bl;XJ+h+|XRJL@Lz zLsPDtA)4%Gjc&7tAN1L}L9VyfPSgv#z~Em+WH?Ty5MTqmn(?7C#|_Z#XUEunsMp#GGg4&trd~517ttBSzI$c%iGFpt{SR`Cl)=^rQgG6o5#1C1%JiDN zH;=(CbDa0h_*Wjo0}Lu{m95FZuNM%-tSzRx$dzq&6d(Q~)HNo5u62@1grl>{uJn29 znNh|29gFWu$AD|V;0?a@o=5FhtTQj^mCuhM*-9Ob;b^`4KZ1W_4rlx!Rqa2fF5c4m znE7*2f$C~Kf(pCH6WV`|2qS2Z<&fSHGbguFDZr1+K%{yq2;z1XRc5EITi&z=FfX47 z@DZM&rcaK#|HF#F)3^YNeh)Lu|Lrj2`u{h~{v+rzRWvkkm(aB!p&|PFnQChQmUwI8 zc)!61q%T_kZv2gbXBSh2!m~wT7Bj%2nnDzQ1e~Ut13C37|Mp zeD(4=anO02e-EzLS;B@!`U8q1~P-A#=u(kCiUF;Tq<-maAjK*}gUDCKn>iPaWOq8oFMk{ycTp5OC5A1zMPQ z6z9HJV-Lc%5oE?m367%yVbXBaAg9h!BuFYV$yn5;K7>{ba>FcTfKD{O$B8#}T!=cx zLp~f`{z9x@7@~4phxo8eq2(>N?K-xNfsy0jWcpX92LYXDhU&T>Lk{c5#)C9b4LSq+ zigB`|T~inz6x4Y~1`8fvk`vt6{A_5MnwRRB8Fpr!)lVk*@D7l+dh~7t+AGKD)O~V3 zV6^eM%5_W_C?{2Q*Z4w&_1bDZ0S-+&IPY95sckcBQB8>&--%;GC85G~_3yq@+bW|1 zr-}O=Bm$rvRy1_6VqgsuAT#+IP=V_7-U1ZH^#j=y@?<5cHn7DPOTKT{5{CT4I(CT9 zv2~`|%<#*L(=VFF_0PbNtx`?_9aLE?t@u*0K|VME<2mursF0KuO+^tHfwpK%EtGQu zGd`h-(t3td`JXj@PmoNQRwc(huvqrN*fEwCp46ynVQo#jTlH2f9AAU<)|yW#nR=Pw z7;lAv_+#W{k^O}Y`w~9D!0l3O>z(_R2^|7_jQiL*;Ztz$o;wpG#)zk>elAufM zC&Ws{eA}P`3}%GL(o&@QJ^qmvk=%@kvErTKhGbz}SLuip>ZuRF!JWS0z#trzmuERt zCYkluUaClpkPkL^7T$B`^(Ju0#&^UW3CXZrguB!0Q&cF~sVff@{qCr6;Tm|DTdb!g zYc~*!z#n792@$RoyCK^{<7Keb1qJdKFpa=eLgCS*C)P7#kHKM!Mx~FL6%Vi#-g_g|J;U*jbw5Rkyg^VKN|V2Yo;4;Og>|^GBralyOjSS&5%cqF z4q}oKYoi@kAkBE}X%!QB8442U#M$a#9BU6%!KBk3sOnRgXeIp-B^vo#Rr-w6Iq7ej zjMv|HhNw?2n*YI}?D9`W^Hdplx~~0w{Z&n_ zRgbp7)2!E1-6&E#fSB?yUW*lA@2>7}pMdzQmlozw>0OoJWl%zYI9{hr60i^buv7G$ z>ZbyH$LrF)XCD?Lt`gpA^?IazWtA%#D}$xsXilg9V)ecSZJNKgoKqXH_>eiGoZO7W#lNu9I=><7=o(Uuep zv4&B-4G2`R7)(FpX_Ss0KSoe+R4at74{7lX-UhSaLehr(Ku#QIUi6*FDP~BW4ey); z;<{V3z3X(+fe|o>uI{@N-(DITIqfBhn%ai4Qj1hu_ouM4QDz%>dn`5H80LQrtDc=joR_^IiS;Hy)s5@>M#Rhqxm|5+vZTEz9Iz&jHZaLEjYJv%jn2WQ`Wp_I<(-wazm_CcN49yrw7k zg?vwVw?1&g#R`tu113S+R1>1@%SE-Be(f&P2>wyjks(U?G?ClrHaUQ!+P^~c9(h6D zKj?3D$2oLG)pdkvn>&YleVIN~*Rz(Q-YbuS1%VX;~_<`(R$!Ots_&fT9Mt;Exh7>x|OYry7#$nOf2YYI!( z^_>Mb9i+&25}1`@|wU$f<3@l>T2#fj*=s6#3Z#U48dmQNLQ}Uvg4#R$fs* zr3iVdg#vz{@`NRyIQ`w+B-*vocW;@*ZWpEjqJrNySH1}1A!ktz1TRyce);FY=))Mx z(pEp&bDs^9B(J_CXW_K>iQQo>N8!A=yEVzR3>`_Tp;9*Y?{Nf+e6QqG?}YF8s^${n?ss5 zo=`q_{cZ#H@Ebj?%YI({dH-*8drAlo{*rHYRKfS=^MCzw!}h<|1A>-j-*-FzAw<|% ze-k0TSD*jU0u7$9u1X6HUp5!x`%=a-u4G_X+I~6v;;zul0^lH~tYBn6`!V50$gstY zcgMj5D%6DwI=4U?it8mbtQd~1pcLdS!lPF=wb$0vEv(KOE-orMtZcH~XWo50vg1cA z;-m;s$avd8*SYrITw|*(oB+-&Q zl)%6mfGGwqZ;aY{NRCE(Ml>)X?3Iwx*Yd`}h-!fC!GxDStd|`wBy;p@jH%QMskd;p z$RH&k_B7OzOK|t4gV=)Gpd;;3n=5p=Idnl}4Iz0vWwb zh07&{HRAl3HddFj%n_UD!iO|Sc2aZ&^d6??XdzaQcmIWdK*e#4N2Em*8cJ+G7P(th$RNq78sv-(Fh(I)%hMCpOo8pb zmyC8=(g$v|Gz_XWo^!Ko7Nuo0$&0{>%9VQilh#x2o)UlP_(Qqe51XjSmJ~`Txpc>I zWAniBqPCzZ#*Xw58QUOT&uDto*g=d|JdSkpC=Re{BolR2L(+V&w*pNddJvD}Kgz)J+(i}OAFhVX%WG_NBO8kG zi~k*pNotVA(&==%C!XE#U))U0Bti6y_nv;9)0Bom@YhvGwNMJeX)JeFn5#7<+t^r9 zM+cgr&=XL1RR<;ioY%{X47Y=38#S_M4PN?=xj18C3Av9NvC}UpTFR6}Ed^`b^Zr^i zsFSJJBYpZCnrdID?9>qnF>SavY?&JGtfEM&cYy?~8EoE;@U>2hAZrwE30J=CEa07E z<(5KC0|;4Z`d0XHeKA6cNV2xjI|KbzX#W@(qMyFc1SsP&0c`ofH@D#mk4|pbaaH^t z^wEaim@?SbWnOKF1D#>lEHwi!{C4BBPsv>4L67D4+Td4Y5NWF-nvS6;$Rpj@Dr;;j zB4u~Dad=UY@tMXYIaZAmI-!L28onK> z&pBOr1s1C&SZ;#WE9bH{OVL`*8-w`Gb2kPYs8!IE_m6k4P+IuXg;duY?t4#ABKP<; zw%Iw3!$1!vm&Hy@#AR0`L@tXu)dfnDl8`9q9z&Olh#i$&1LLMhKJGjt(Mm&K$y3qn zh8wZ$=UI!F8pLk_A~AGID9#;0&{RX1?J_M`LCR3pxBYoID~I}x0ELCL^hDOd36Xh? zRn)=ZL?UiM7OcW+77;}Bqq!2+$Q|2NWX~E@8Kz7#94)i5u?R4isrRbQw+)>Tc#S4QV@#rQJcv0&%6O|d=CH->JvcAFea_?inBKe3iy?Vw_zRJ*il%3cp4<383Vqf$F8%U+tZX-{kFUm%F^{!&NL@`gkngdl#V)O=iVR7q zpF6Yh$cE3#IZeeU1@OC{@sYnQz)oZf+gk9#?p1Jo`nFE07RsiKDA&s98~W4J9C1nx zo5XnucfRN{s&AP1iMdCAW36E54egecsnp!(xzWfav+A0Myu^#F_7ShEZzTD_oT6Fzq|D z`Yqi^lTid3R2XyFh^2D{ORRS;@ZjEG^2})uyCBE!4wj{SR*+Fh3XbS@j1${Nd^!o5 zxn|7-LPFL;KFIr_aP5G_bS2uws1~5OkJiLxhg12^UkunN7-7|rS#T36s$)C%DDj|l zfiMaJ6pfq|K4))Lv*9!PT*WZrvKkF`bvWUM)uo81VDS;71K}0Vbm)MPg5Q zY}I~`R{0)5trnG8ntFL+7_f!t2-0OAL_{WQ_EB_p$t13l)1YkbxLYnI+P5RjCH00a z09r#M7b9lh8rE2-s~kcj9w&7dQGZM{mOj9-3>)RqUH)j?omI>4(i0*+$4RAHf>@&B zC<+p`8&zo!Ny#o5@9VfkNU=yjnGyT|?2<(=^7z!bRR_4GWpt_-hxW|oXgOv~gMx*4 zCg9A_E1PxGge3qg@}?h#0?Dd@mhMR)1tmY$JE3U@#M;2+zLQXRF1 zw^<@P--W~m+2bs?n!*(SjtKclymL?gp;9S8sSJeB#CUcV*l~(s{LAr{=`; zai6H|;Yh)XZ?va9fW^SgjX6O|)S!hQ3P3j+d$#W`Xj5!vSOXevbz zb@F?-vO;4_f65DPAyNUK$Erom+HQ8~)mD<~DyGHc7f20(-VZ^_G=18qG99k~`qt&1?}hBM{L z@>WyDi?q|y)>d?jx7`AveCpbc3>pKdQWA?-1i($4dfbACcwKXuc_wV^J}LZ~IId z1WOXPbMv7}_JXVnbbQ%w+y$)m1txcz&baD%7fI1)H07$31BXN-`<5Sll0v<3HzC9hQ zmo&%e=aS|d5&=CCBV$)%aY_S|6clRy$S|*3IiCcJ#9uaJOl|^g8s)^bUQVP1fO4AB zSwV)CTX?tB1KyR&Ey`3&))p~EB2bC8R!?FOkrKIeUsW!!WHSI1zi`j|RDNeaW@3KVXOW?~vOncGX zjStKpN+&xA~ zC5wGsO$Ug#qD7AnCuk|g6h@WR8<{>^UN`&Yg*XpYZUPaNMc12#3r=doDul2jJxwFV2CCNU_-CwVd zO2Jx6vluP!f1oq^A9FZh3$RAcrWsadaO3%WXJb@?II=-yO-vI9voK49I5r^ZQ+XrR znyN5P7Aq;f-{{!xZk>3xMJYH_7IED??{{sQ!&yZGa>L~7kc?@Yk;~>GoI`uMH*&Ap z3iOk$RPn7|6+i5x85pGHc|Ro6!Cca z4ULINH>6H#a*s|03OsZ>_)xy!srhxw(OMP#?VS~e=emoAen^oyMD+m7AZDbe9cP^lHfiR<{*p}gW=bD{hIE98icb}@lMSxJ z)ym<~vrQ@6+DNZ2RzGr1ra77jD@r^`1wr&x0yyOrSfg8Vk1)QNZ1pjAF;v>veKW$V zBAXm$B|z`}QvXiTP55`V&=JU<5P~+gbbA;!whmQY0-w}Qy*2o92n=P;)Fyux94zcC z0^s!~p*Vt^&TA3j>mNHk@}7)0#3wHhPudtk*HOMJ+GalY)5}8MDU&2$B~Sc^ zA2z76z4Ik2Eo~dH`R%I3JUWK315F9Ar(X{N_+>Rsj;~pNxd5q*saT zR7z+<%?XkLj^8juOkhsh-@fx(idz{y62I5=@Fmpya1rllUD6a%Kz>Sp8%qwZU^mU= z7&qJ%F`u~fVNo_{w*)hviu6w6MNEm}ypnhL=g*3#(t1$vA!NFd^pu6r5f7%?=K6flxrw83 z6FE&qd$77t^&`R_5IzI%VbpuPp<4n1-x!YLli$KrJSkq5zKIRpD%-Txj|S?DZQUFk z38>@H?mV`W1kc$$VQHYlD<|=wT34-}lA}@E?R3YPZsU_ldT75?JX+Jl zz3jfs0DL(xK;#BPgJc?I@_9Y%G$rcMk`jk%nZy#cgwpkfm_93Z`+2+%P%~GVoZ&y- zm>5Juf2Mn(Hr1$V7`Og(D>$6wq|6Smb$kRp7(ZO;3 zYWp5d%a?D7fot`%KS9x>r#UJPlM+`2)JjHvM*VdqHv|Vrfuu(mvM2_dD8RKY$Nh^sL@{5IRk@t-?CpLfDl|0S~q z-F$PNbi40(lPt$a*HqSgn;uZweOwGMB0nAYUt|Hp@A|b5F54XL%WEv{GpP42a}h8r zL1Ca@sJF?7;Pt1U9I%i`u=4F)y#9!Htzt;WNGE7ce;*&usNhXy(yr{3_QM%;-tqN= z?fqLanau?mIZOw649|Z`!9-5iQ92FJ%cOQfvbU^cGP9sfmw}I)2X7~??en`KZ2={u zRf_gN-Ne1~lZc3HO6u;L!b;N@=)p3&lj^Xif1|x}{L8CG&zl*A3Sp|=qY}o&*pVn~ z0|R9UbeM_4(F`Q(dlNYS#z#g{+QD~@%YDIA_6Y>NE!l!{+mS}?QnXG?Jd;}^!#0hA zoySo>M`VPp?X#{E2R18?9$VMhMUVG+*;8C53%klG?-Hv;^4TLlj#79kS9X)u!e__h zFH>@C%eTNsvo!hm@~kr;?%myTX2lfUGFz8R&(*ohLVUdo@Du z&8M0pU(~>>NqG}Lw;*{;nUlT+6Z!8II&w^63J!?Vq1;=n(Uy-$EThDZru*8 zFvpHJ`^z)DSC`r@p%+oAG^Pe+y$APU3HDSkQNfr8PiI4$T4$NL)*4S=zfX|4QF)M9H?(?BU@^y&E*+Y>TmTg>t6Lw~O0Nu>J+l5n z;kKlvYNMAN=mB7@Sc(WJM857+H#bNjtVJLO#%7Z&*k|vh#4dh!$O= zn|D>Dw7QJLUKtAWwzdi0F`jmw_8)n81Abxk%a4CV_pwpfqH$fwIl=kURiL6GF{;qQ z|2-c>L-^qS#~n!x6Z64@q3)UuLr?pOR2zYbW7gSsP#ck!os;Gu=I%lL092eM#$_ck zu)8PFh{5=0`(~@_Q`$s zA)kN2JwzsA=n0-b7NrC8If#(u%!8FrD~J>;(LzIQ8Zxy9cxEV;FDl0KCk2I?gQCi^ z18iy7TIO?_*XF1$ot=ayY%iSBFj1G(RAmYFhh+?WADnw^muVRv=a_26mh>`xTOJvLW1HzYwkh;aZ}Z60`C2QRb0kuYFey8Q+X0 z9#|!l{ZFHBCU>7Q%IhSej`!-*Y7Jm{)nMDfH$kSnrRZp{Cl_$0%Geig-6vO13fwlc z?;UX{WT*9E*M30j)-I<|w@~dmwM0np>=_!jJc!t7(o|G((TsaiqvdK^$v>b~u3_W5 z)AU<%g_P4{oLY7mnIU0LMI9+~H5B8vm$tPac_|f2PRN^Wx~f(}xkX8w4dxtG_d8j{ zFob%F@JFi5J~L=rsAX2d+)ep-{&=8kB=F3taQ7)6tSeT*lgucN zysn?&fLZ2nSSXdYX!Oq>wu<1_#5kPtQQtUORZU5#7$t6>2{H#j0RgvMMJdl*KV-Um z!@G~R$@*@zWKE*5#8@8_B0NGxrMSW|uqLidU5PexU+P_Xpjm`HX_pUO#mdsQp-7s% zqpmkmvnMrmTPm1FoaVyIr1z9WO-5E4C7WDDZFUsKaL0NPsC6OX_Jk~QnAHtZI4Vqd zI;i@E<*!|lIoHQH=lkevc2X=C?730bBB*^HV{>Y5NKhOe5|G>0sJI3kQ;XuV4p zD}gDCZN2EW2%c2=3pHr5qTi|EMr{p+yP zb@p(NGKBG5i?NTkkM{g%;4)1!oLV;ZgL}WfrlVP2=NqGuJze&wU+=MG)Z0-LeC=7gVp`|s_dGgUSQ-?39Y@_n-LjUPOv=sCRlefK0@*e2RN zLB949O1UCQ<%@Q3w3RTG>^)Y!OnPYK#_Wo_&nT z&CoN>#&}1U8Wm4fYm+JuNS5AASFKBuBaa*YxBadWP`IvORWpJ^bq}N5^CV&WwhYo} z9L&|o*yRW!kCuaJpG*z&*TElmo(-?{t+8tE6lurGI2G@yowlfbMBO5J;~ic;MhOe!3>NX1o-1EahAN7!ldTAv04OtT$hn?0@x0L1v-uJL$!(>2UpJ{KcnVqV-<1qkzc+?IDH}UXV@bqrW>V z8mKIykHmW9s0a6s9kgKbEX&{w;s6-WcK`E5i1g@`%bVv&-@qR@?}e94{!emm;V*7N z6Vu5?7XNUTjXf$Og-#?6Tc_dyAFay~IM2ee$qgpFd4KZ))ZCe=V`oHAMLzNsWBa9& zOKN*j2zuSTpm~$KkXMuge^u7Bc%q7IDMKj(>GOZ^4w6a+t&s#jet3L0jQ!vH?*ES| z-~a5pzx}%ZZRIVi?_gyAz4ZRi#ye11O9K~(yaby`A$^MyiYPW-3d1 z*XPFv;txcx8iemgryF6ZH^Al zMBGKxv1>RP6AdF3PRd@rV{Im}=22TxV2EzT!iJ_hLlnV%X^4f`Z-bOK!eF;Kq@*Sw zB5&h!F;sLnR*>R}jEqwI2qOkpF|dWUR`x)BAEOG2($@k@E_U7)-yd$onG7OQvm)EQ z*B*XNKSc~Z>KS?}ZM{^^b-f@$olN6^G}ogA?3J;62f`ZSM}qIwQet_)tJ4%?9r@Z# zzks+a+N}m$UMy5p;F&_sivIO^&zi3c#q>yw48{Bimhwua1|)QZu2P@Xy52F#5?p-A z;}4$x_3$<<6+78JFbZr4dbCB$HMER473W5mCG1Mf)k%B1{1|1X0zDiSxTSyBN-Q^C znd$xAaz(C>KtrgPUEL3*#~*g|sO~C#8Rc>rD5GohL`jqbcQ^#PzQj9AVpVaOx>z<> zp%l^5mV=!1&opP_X2=nXvcjUFKmX;0wPOrH@XOz*_Mv)? z+EVTo(~PItu3KicZPKU8iKAt1in9Ql!4f1zA8BANq;Ya9Ak*PK)_N;el4x%Q5}@~) zaE3_u=c*%7sF7443puNp`#y^AlIT}TxE~SQEn#p7(X2N4i4fjkgUH#>hKzR3hgn*? z!AXYJ_o9fOa^-GHAqqGN58h6>;`4Bol2~-B=OXlu3;wZJIoXU9tFD*v?Aztuq3eYH ztB1>9FYT|ZxP!p9!OfcajFFNnYH_>z{w7m-Ae^Nh+F|^ODTdvPr*}4I^r8v0e+D($ zYCEV6n?Kv5dzZ7(*4T0lCt_5QPcfBCRC+OrX}?Mk5XTGGjR#2<+!k#NQ0CGmZWjHN zuRT+mhZj8EIMrN?aP(t(g&837fk}D4pJ^3r1IB#|iurrVY8Ll!z2wDah7Qp*)aAUU zo!_w8d$5EBxH|gTjA)*L>5hy2`uBJl?myX9mVW!dRsEhK4$_&7ZS%^kk1hp&B|cs1 zoa7+$2(syW{uIF+_<<)wX~T9c1J|X04u1Isc3{cPwf0-NH3cBU@g4PPSnhsPsBY$Z zqr?Ew14TU9kF|M+dD*J&ERUcX(FfJQ^jkqTIt0(kdU+qFqMVUD!-HUqCc|J1BR4eb zoiM-_PK%g2?h44!qpWlNjf@c*c-1|Urq5?`f@F034dNl#`+IK?P$M)8V+4f1L!^VR z<-H}Z+5fey%v3h}EO(7(Jlqe*N3Owia0HcX0ni-$vjsQwIr;kEoH~4(n2x}2=k6=i zf1O05m$87bN!#Buo6|?Tu_J5KSfZ==@=NWseF@=D03UhC1WUw;&k7C zK#n-mtsyDoSeRKd#JZqggoPE7d+patZ;8*b%dC=l%|coUuEHc_%)J)fXM9TY@qHLS zRGW_|-}OEp>=qbVH z4+Z6TWHp5ExbDZAB)AMCEhs07`3I!NNm6<&F)(7h&6${=Jn7{P9@Spgx5qh{H9)mv0^~zOB1TqzDruS8c>|;*2~CT30XN(6NC>kBi&v98(I&u z7suW4e2~Bw-$FOYA!rZEG<-IbF{z;Yvh!29JS;@^WVuN7n7MXk&c26!nErg|Cw%te z4K^Oyazo>Jz12~^9yFM7p@}HCdmO+48a@~dp>j-LjXSD_YOmzf2C0KAn!Tn}I)c4M zYBC{dEz;xWZxp0m3ftInl0{0AgN(M0=;Qu7Fx3wA15*%ettgKWbo?#X&KOD#nf^Ukepd$hd!!)s)sY=Q>d zPWg9LAVEe;Rx-@u9QPzK^)@A)Z{Nk~8h5_lAKfE&YDgyG4%S5a0JK7d;4P*jZ+Q4RA(&c4XZH=fdDgj7M1aJb12_E+bJ-3naL?9)ZFQQd zXwgSI*w>9jTgl#()qjWF8r?h<*DIc&)?45oteO}+EH_3C*|przCyTk!8FwW||Ms(x zyRoT$3ScL8!p~;=Z@K38abVA#)PqKn{o~g{-{1fnfM#76T^x>N%BVaJMO+{l6yrDT zu;=7(H8AR3hdL?ZPg=zvb?nq-({^bK_+1>_+SsY1@ra$Y#w87<_PD6CXA-V54h~;X zTnHteBguLvqY)s2(u>WpE3}Rt2wGNm4SU<6!3F8Tsl_({I=RKJIDbaLICM_I>KFrj z!NqYSr0p6vL4C;Ip?0}^ny8a}x~=kp<6I-JyNG*J4yrL_ zGIb`EXcO&tjZAVkl(sZjO_9l9ftzE6`W}!ae;T(`UuGCWh7px6g%n&q6 z*Wn!po?C)}U)SpIWgkclYY&mG1D1Xr-M@#(>-*{2Y<*YP9#a5@LpIDK(-KP;IHAiN z52E&th)kn%Er$ktZ+?SiKhCXa*ULxcNC04n?zSA35R)xXP zV-NT(k5DYvj1mIU%e~_s=*@mq?Q%gNL!|244dwevo)PA!-xII0&EAK(l3i#PNWFSw zKz8vqHQ}f5KP;eVW?ecz(jIQ4YU~D%{c6GUpSF)#QRRC|0HV3v! zkO@ceE<|!5zkDl*zsp%gasN@z3(b|;zd$>b9MsdIXy0rNXwXiBa3EiA!K|B;DFW`v z!R%5)HFsJ(Qg|QT7ohrSiE8^!1hIlp zbH^NQ3(#33sU^!V>(5Q7#P#~UZGw`>^P>HT*IEH zF_;Cwy~tVn($pHM^(@E__xZKqF!j=T^*;5)&$0Esa+CaXoeUY?$gkDap2UC08k)V?-Z?668A_uupfkmYqR+TD zj1oL6N{mk53WLr9YQyB5!%v=+9T~4SE_PYSV^0RYb$b;gHJ0mVkIdNadjfVH#GG=L zA)$G-Y99)IayNtOcVif>dA#GyIs7W?>XM-Ot=6n_=d{ zBO8Wm90P;Qy^Luj)#4=2&%kx_J9KX4(o9-vlW;Bq*)((KM1?zZ0XMrn=@w(xV+97WIGrPnb^VyI{;R$V0{01-!+&|z{h2u)2DUALfsU{vG#(7Z`tcnc& zJV8wtSerbo?HxsRK39u9axPQOzCO9NrPV(xaQwI{2ig391x>{6r`py0Tf6>wPpNuk z9dTpQmM)+88i{-5{(xdm$eHr13r0C?Dg?J zB+)(_f4o(6IiOD$?j3F2X>i8-1#Mk?s6cI0nE!;+lx>vnVK~kb#Lhe4eb%Se^6itH zGwli|>%xzyvlv#8S>SUhD3h@h9K~u(q%h&I4b98DJKpaqizqx&%_*;jSW6C~8qad8 z<|JAM0CenGIpoh}FQfR!=)W|(df)}cGX zu?V}0T?oSz9LLSnL#M@YhDt&s7z@|x&nluI45|?wg1R)+4JyGUMKM57Wty6d7qJ&p zqr^~7tLooq7VY~kes}+z_5wg*g@|gT2dKXf5~QT zr5_$lfaY;AvVXDFdcwOkx>-i0NPVE(o8geDaik?#B?0!p!Y1T~+n7K_F$pdy0zlNmiMbSUihQLJEB&^;#$d zb2k>xP8cu{3KTprs~HzCD24tFO0BhhUmT9SQIyAd;tn*OTjK`<1@vw+lm8qGx6m9D zO6O!Ce{*gG8AXWb8_e5jPu%U!`OyxNP$y2Q@3Ei4^)I^ihDiw%RC^7DPcfTthOomC zN>vlT07%AMs+88nSnoo#J+-Utdn5$3pZ%g3cCp=cW~GGSfkJKJg@ON0dM7-%uh+P< zfD5ZWzfY2!_|2S#`pgz8OrM!i&Fw501rz}N4-kA z%-FwjlulJoi=(Qxg&{gKogEZh)1X+?ZS@`}wn}4iwHjcD9NPobS`DXuyKMb9n{p}; z;+&9?&3!4ULVf0g*8%F?)#kh${S`O`FQ|v=*ii6}1dtohrbrA~ZX9ueUHtZkQ_F0t z3<JM<&H_`whH}e{P+RNHj3cPK$^r1UM8SOQ%bXf526c z-Thyry;GE}U9v6ur)}G|ZQHhOue5F3wr!g$ZQIUVnKujf?5b+F?K-X9`81y+#u#5j z?-9LUDGz1n2_mmUfEK|0_)l2ABH{Q(@MWs`VMC@c<}9R`nN9J6+|IgqVeJ^~9T`a8 zX!K`U7XE?4sikbHJehkIGki!7Wv?9iE{^F{+_$3GP8Nsww8E)Hfn+Y(0`ZX>-8lyC zK%nsVEj@4{u^-IhNAZy+!!}kFSTW{ovHL8fA1w!+o>I(x zRIwmJzk=v_mw{I6c^86a_sc;N;0q7uW>@Ezx_Ml`PU?!T{1-3?h>+KU0o7gaQ~_Z} zk^~1;15|$djSVl}W9lWtyrg5d*77eYbub-10 z2TPJr57Gm;6C6*~53|1&s6`z^o$^Ht67gQDpkm4ayfOvZp{wIS*7$SsH+W}Xm@QcG(8-qT)Q7n(#TYjWkIPOV;Q(S|CVsujs8?ynC9;s>uBnkeCtf!8qHbO#>hx|96J>5!N{;A6 zPj%A848MxKVahh2+RX9{kEev^j=!0KH4r^j<)SO8fgV2iSb#{4bY>7uHq{=xq1JK1 zLC_Ip<{a8wzE1X32P`Vi@$T;q!2G=eS$UfAoJltA?yu&3|sliI_9y*GDTIAfbiReM#o?_;`4CZhQU(K2^Y*NZ?c4Q4e9$Jx?*#c1AlCN;+7&P01^n7l>k<0-VY3i6{tb~7IeR}t z5viV)CeItFnJjMA30k7ZfhKR7P$fp^3&=*7#WaaG+yx+J((I1cv+>{+guglktgF#I zZD=-+Gp{@~HpxJ3QBD4vxB@UzcYqFW;6R3k>Gd}&+$`4ZDr9T(?KmTO;v8`3*v{oQ zGJx4=?s#^@tE_=H{{x>%u4OUi8y{O>=>~HGg?s4bmeuPqUz~?hr zzzxIawS?tW*eHjB0N$3YFHS*sD28R{oZnW{F|Kwj z!s9OO*H*N58yLi9B(kW(Uk2P!4BVhdu}0W(27r2^z;wI3*knho@WU_gM&=|Q?UH*m z>d=c#?)Lna^wTjfc~ygf4G1@hvfRW3U3#Lo01S5m;rm3wuLSLQcquRY2p+(A&E9tg z%1EP%7N%*QudI|b4gQ6r^wiaeK_gpiwL7I55+0Ys`XF^b0RjuntA36IjV$nLb)io^SNwYMniZDt1J8 zj0A+h9v1w}9hKHP+XMp337%mCFhh1kO{P21i9qzcyfJes-yz`CN_v=01H^0{23}7g zvNi|BzyA2VuTYiBSK>0g7S86C3}ejfYGG&3RAuLAaoN;*rxr4$H#0d|nO!#b?wwkj zUR`dkYj|GWaB!w-aIv+z&ggy+h@CK5ot!MsY*>9S+zZk+TK6M<@%B^OhgqcG1<4s8 z@kYyfrF=ajd!IX{4V|2k$t{ZY_ys!eh~1HRA74YG5q`pxnWo!!HYoU_+&VXb{{?NSi@5eCK8O<0m+S(*M{ISU!ug*e)o| z=REA3iBhvQK8KM(`N84fx1W)oJLDjqG8S117o|MgOpwl_s`zzeouazoX$;s)+bWg~U9mljYh%PY1MI`0F4yHK zR%3C|u;$nNRZKUYQ21KzOOe@p(2!LQ1Vct#7s~RQR>dBXKG;Hd?6rrP5*4i;Vx@uK zx^aS+VDQl{Vn(F`+YZH>I=qA2nLKzmrz~=uC^%&eXI=wyrt`six5^rLK|NDvOd?c@3!5>WYugvOQyi$i5nNM#m^q!Mb*dc0gbGvGAN z7g$~7e#y!?%6=#L%$$_C9Y^B|`T%a?;z=Izg_GAWDVOnGn=2b+io*Q z2bf@?*?79xvLeu+LaMIMph5w>&X*NZfa6SKhC~!c8PsH)p-hU`(qWw$^6F8euN{;^ zj%fQ=o?$I3dhys)M+{QaeCN~M6>F#2_yuOL7c0DUlH zuW3Ytn0BT$Nv#Qr4))mlCNrA3D9>HN?F%?tm``$*Qi2I?Z+Hfr4g{L6P-R zAKaGFVTxSAFx*QQ171*oK^u6Pa8+Htw4ND5VZxxrfbh{Oo;O2mRwss#KQr*hKu81P zGMv#o+Q%$(H>j=~l3y9NMn=U$N(%|8vCrm4@ZrQAO0^dZ%&7&w-`jd6^P@Xpz!?g&P;cSHFOvmhh+vYwCz)hzHs#l)Ey30y#g=Ed2HIN>C!yj=F z80^Pnp;EQ|O_?0MI<sat>9Qlm$%Tv=#tC!JEi43kKQqkYfJKnC;oL}VL7tWPn zh-(2X-6?uak`!cDg5ic4C(=2`+BEN1$<$6q;x>*ui>P8OO{B9(=XB|=%&rwiP+&p4a50~O(5lrkDjP#_((TH1~0#Tcn!4XX=njrI)*nS zefR=t&D~QDK)r$=f-Bxw9`zACH$5^QNYt;r(!V{*CmC{G??3W}Y~b1QK98Z4?#=gQ zre;xQZ2Lxi`SpzT?SXp4JD=BZnnXdrg21lxnC<~OZt`xtJ-8=l|Ck@1&}Y~u*q6?Q zBP3*vxYXb}`hlkd9frYSE`%xIf)Il56GgmYp1^$a!egxVJ%HWQ^A&62KB5o@U#Vq&z6$nIm&L`TIJGtlV1D`={#Qj=llUg{8DMI*$SCSU~g|G_EOvw3IaJ+kC}PtK)z!6O)bqD`C}5}tWxpV zG4X55biOhp7~MN?`10_GO0o~q7h&e=&KfHa_j7VW2!k~m#kJR3 zM|noY%0n4B61zPcy40wpjzgTBHwm0nuUNJg{4ZXgygFKP0vo|GvbjI4doSG=$FW4G ztttWQ$eWRh+Cmo|4qu@)22Kq=!rkyUN~RaN4y?$3pbTO1mLr;BUvbmjdkX`7W;Oo^ zp-9M~K-_V*|9Bg%4!Tv}EWch0$?bFt#V)`vyboSm&ZE^NkCDsza@IA>+OEs(G zAzk3P)cKSsKAhyRIF_>#e4QC6Gx_-I{YY0ewBKz#Ae7XEmP;~2{i6F@l@J1Qt-kQ1>2UF5v-dwUF8|3Ci~V0z3IC2}6aT$(kgzqi z6LB{(vHzRO{Xfcxjg3AiwamP3=r(75}QcB>Ym07 z)62ct;shnYlm-e8)n+JZol>%-;xPk!6>V}OA|&Be`8oy&gzRGlGXob!{Kde(H-x|q zDMT78+m;29Qg(oB0Q(2DP)+}2_k}QZK=r!e4aP>cUv>Y)1q^%|kHoj}Ckprg|682? z8>4REV(t9zar$R%r4I2UeSz|2$C%ER?qLlC016x+Fg9Qu1wKHW2agCYO)3s(pm1k$ zp8zdwIxrP9R9tOS-PY2wKw_y=CyAyhu+c9rQbp6`+F03~xxDVZQ(Zjw-NOcvI0Xgq zJelh8vgLW*e)9Rkcarm=%l_w);jc-N_yBBwjC%J@xr+rsoDRCBjpK{+Im8aTz)zPx z(mdB;7dtiXl&D}s1hPwcWOn7lL5khxtj-3K_$aIVqWnVIjHLsDZYqpOsMX4Wd3(oT zegOyl(iX7?ktXxbS_TX_u?;FIRw{WA(p;Rfvt*>f`ZA~k27!KIl*C=sG#=|US)Ta0 zbr-$vH)Q*ki}7=GwHQ(m+6nDS&H@s|WD*P>7#gl8`3A*)Wd8w!h(WXHm*19K@kL09 z3@XFS(rET$B2Cx8E19ZU<@M!6xEJ%9gujZLJVPSV+xYuL95|N*AZEz-qY%2#;rB1s z(hBqBhqblI>CKQmGWtnWgA1#L8}p@Ntq?mp%(bNT9iAN_czVdN7re9UReAOsGgQxp zxV4M)dm=!{QPbG5o0vfn6|Xnop{293$wkrwf+@Sm(a7;&wnMHD;d`Wuei`MlqRP=B z(fB~csKf7ONk*|O!YAz;qM)<|#nbCgQ|d%QUedN~KGa*{T6`=Lx9pb@4;53Q8ih;T zi7GYs1ryoXX@SE>D9L4rX?(0y?bQos_T2H(8_fcdPCInC(Q+6IA+5AkeMgWr z^7V+74Mgr~&435(mzFf;#jQ$t%$~!lF|BC_J06hId8V zl=3OVx$#R$)=G6L*h%|5k%B$T>ZNqzC)((!m>A|dJZHQRoK%{HGeE!;YyGcT=MfMX z8c0D(O%mWlnoUG>G5rdzfq2z+Gl=p!84)hdFv)#t%Ed?;fq1id*#wg|B8lo&E{QVl z>BtI_+JvTx#h{^Zdcu3{OZmP_dGhY_rzclYb}7lXmL;%|iO#uVL$-ZWdN^ENr4ZtU z$35~Zxr)=2(i$cP@@%<^m$K7gm(5T9K}_6}V{MCKIz%hG)DP6%#HR64m^Ov}4dpJJ z8+-z4;3pnV0fh`TTj*tw@@b=D8Auh*TUmb%7Oe^^R_5O z&z2G(fDW%vM}Ko~7Vmev<4K`-yS0)URrCeyGO~2(=^wpin>~Oop6eSN^zmSvL|`l4 z3iv||Qac&q@mB2O%y3<+eOX+<(B*7?u34zcqtD9x!dbU zQUiyJv3HQQL_TVp`j5Iog;hybg<>eKNi8Wjjj>l{HnnMxq@R+z2bpcq#|hQX%&0G+ z)u?0Qh?Br_PcSQ>ZEn`}j1+Chbm-dzB7HdUiyn@GsA}M|I2NhD866hMNxI}BmQ8Sq zP)}io7eew*TV7wP(=V^$oYVWy=#Ly2ThtK@=HfiD$XH>ia@nU<9ga<$pPy%pj1b`R zh0jvHWm(hf&&QUcV5{7Da0@Y22dQIEge^u1 z+MdJ9xSaW%d!UY@aF^~wF~)Z`iljxQjRyX*Q=ITo82)K>`cO?qZ>2fL8tBaQq^WuE zqBzK8_d!rzb}Lg{M#h@=c)fIn*^EKez_sKrmQ2#03L@ydd3c2hHYDu~;&Y$9{GzhkR?(|vYCN7O{;=Vt_!=KMM#{c%C6s0%E9mdTR6 zABb?Kuw_$sk-qL&7X_O7u`uBp;sv7mBkHy5V;zn4-k!L^q%m_++KLNI98;xz^Rc*! z{%dlcBgpR>yo*bPaFXU|D{0GoohQvygG@rlP%jLOAXx+tK&aVJ#LXsnxydSdvmVK` z;e;**1xu{PY5Veu1(f6n`SFuW#=!pNbXru?C~XIMhWKYq@F;aq`yodIo#8ygV315p&$JZ(+-@-~vnqv~S?C5&iiIotOIq6pMm7@hOM9Q+s8_;{{ zxKbG%=8DW*2j`xS#!7>!BbO0aKj;KE%$7^*lLNBPKNLHtM4>eN6fP&Y0^0_xPPdT0 z**5xJWJ|Qd6E_|aGB@vsHtMoBCm6Mw_K2ekX4$?Jx?uadeP)b!5T@5PB zaIyN~Op&e5nWLngl02+-kRlXGuMb_b{lCfXxjm|cyGHl!H>A3Ax*CwZd`$Gu31wZ} z?-kpoa&H_SjW~9)i*d~$e|xK+ICQK$7Se+GpsCrM3i*#7DR94eSzL-W!hp#$uR1l) z8^P*O+0$V|i9o&sIHx&H#t?R?z~c4O_C{84$^5PmOUC4`X&N!HXs?{5NNt`GjO7Vd zhYSa@|Im@spG9ih_D&p49_WNcS_~?KPrawKVtU>KppMH;3IB$a9y&@3Qb~)jv^}w$ z8p1?2qUkCV;#hVnJy(dt2Q=?9wdM!Msz-_zzr7M=Hlk~}r)+_N+oR-;sdPYIv2SGN zjz#U_KTCE0@P*<03S#|CX8U03+IT>uEx9|^4bmw5&XxUFyzlvt7jjVDBUqdU-0J_Wd}fG z+Zog?tDrBCSKIh%h2q3?fv0OedIAa%eFI6pNkWJmyD)EV>7s$%1eXCD{~i7dbh`Pk zMp^O!lFrgz0b`r{%9=B%7eNEKIi+Xp>+3;VP^b70p!QjPJxII+j=ZQV4~k9CF*~k^ zajjUxZ`GGkbm)c;aNLL0m|dh<(A}SQ;a)Nrk&LJP{o&QsP;u;J9I+8SIP>K}i^3pu?Vk@qi(vkP>>eMbhM+ zUT4}&d%JeMiuwbJdS1u$|Jv)+#1ADP22 z4949dY4$W!P}#or5D@;J&PR%_N8)E})|pnd1u>G-I2s;@lr$UelQ2ObQvc3j?Sm>~ zsN#J=&#!;%C5&>@I8#FZ^%vCt>a)Q6zxQksw*S!JGdHmK@ma8NwlHwEbNu)9gkm)< zH6%6UFIhx%h`?0%X7}>_YJ%`6HyQA02_RI+h#&_Uwtbor*2k3T*RZ>!B6 zDRjI`yk%!XY99ka-@@NwbS)p!qy(mbODgJCt7f_0e`dBnuzfsl7ia&H-3>vbZ3A%^ zZpur}@6D5wa#WZ(M5bW!6;WhSnrD)nr#@ZaU#EBBFp3!~?!uTJuRvW?R!X*@i)Tgl zmYv7YjIA8HG+RYSx2a=MXC&lFyiyNl1<*yfg2!lK0iUJ}A&{e5xb^xOXk3I8`e-tQ zwOTXuH#As9Ikjl2T+LKep(NC289a~*7kQ{CNav1eCS2|x-6chX?gT1iy3e9M8mEI8 z2MyL5l_)Yxf^NMsJJkU#StaDDK|5ZmD)6iazyjeWEr7~IkD;mT=I%nK*c+?s4+k1; z#nGx$={q27G2jZEr4Xzz9&}Ygqq2DgbnPKgnwBc8Fc9rp_0I-$4PTAsf$j(O9L};P zUts@UPHzYxQ~qHL@~Py_m^8;uAcULqG?M51tFKNEbMXZM2MC`FQVl*N!KQYLu@!^D zGx8zV_J#(^E+tx^_Zngk8g?{LVG_8Jsd9t}VGqQI7xOAiRBSrROPx*R8cfC(8LrPH zN=rc{a217z9J2J)Wn@E)m1;O3IdM!ZdMyiNSqGrrio%r8_0?P5n~ai0Eis*%$F0-B zYiG;C2%wdEoGp<+KERP;NOg~gh^X4jnZGR%%-pMRkgW=oqZ?t&9Ax{-!Wf3KS6R{w z)$tc8ISB#TXnVj ziu_82xueapiZhh%MMT(&%B<7S#1lIv5(zRyM-;v1vbJJ~b5QQEX&I^%A=w`@Jy$5B@P<_5aVQ}zKTu|z5NXMotjce-} zd4HX>OW|%=@N)i{Hl@vuu(UY*eK9eJ7yXi1Xpv%7mm>k1$|z@FYo3x%qI9-* zTj;K@?`2%&HJpHtvi?j0LX}D#-o8XQ*mIQcrkz%_63=)v^_!vH9FLHQ$+{(ca)e@V zPPJ+JcCyC9^RBIG>qp%}vtEd*=}9&yoofE zBpZ=qvnv$)`XXYW;Y0}rbLLD?Vv@Fpx2s$*d>>PRLzpYYCSCU$dCR%Jtszn{vb|2_P z$OIhvF0QsPiiP$wAcj|NY{i0(^Fwo>zf)ar#5APy^!lD!U#D$SX#{Ec9hI|F6Sa{%7xJ@N;X?Ph4v`Htcqtpeemk+xIiR!y?9Rd z#)J>N)frZhAN(gc(y#7Esy+N}WY9W1B6hzA_Mpi}#`J!Kfqin`qLUG~uw7Oj;_LZ9 zpBcfGfx?h=@2&tf2pZY$kQE3e0JmGvZQ@=Zuh`aGR)Y0tte@d##OIs%BDiZXba;5= zIf6W=>0I$R+-`X5CANhK&vxW5gnC9q?EOP;>7f@|{(?ukg{~)i=UlV4@an9Ih6#os zRD_HxFKw!}%L|nodaBn#zW;6P5 z^sV$0OL}bl?w9H!@+D0CRBH4z5pRC@ju*#yO#AHvk9Omd`hQ0saPmH86?Jfc;Fp-oyO=fWQ9v z$@v#Yi+{RZ1}AJu4)VhX|1?L|f2{tXAq+%{72Mb#fSt9mw zc}0Wkghc)lm_e&1d6v!A%u9vE!@p0KYgrWLOhBaKL}?xCrD0|2lSwQD7o*3>mHJQG zB%Z00OKwO}G!q8GAk)l&j?ONArcI(j5=vsSZ(L`e+I5gXrMK?^v*uHTAAimZwVZ4W zS>FJ+7)Z>$4l$9!5TN5CFe(zPR97nBZ%9e6>juh3yJjc>^+8V7gs{5s>c8&;ji0Y{ z==>m;seu1m`sn^!#qhsnZdtv0-SPsCFapgGVd@{LtN4FYN3xYlVO^+@WBO z9MnYPdFnR%r(E3G*3$*Z(jOF*&BG1Kp&4E9#^3P9T$jXx)WOWeZ_?^W7L5B2W2DZXtw zJe|?LRqu>i?Fv z|Kl$E541U0e$sM49-b%BQc;g3SDqYs%RMz<{hAV-LI=Ggw`2u9oGl^r)kfzPz(?7^ zkQx>3DtK>ZiX)4ODfFh6$B(QHmU_S_AtZtgo4Og&6$&L?yVQUCP@=*#byFaEx5j;v z(iEwpH8vU6QP6Dsm}$9|bCP{2C^W~7q^$Z*Cv^1rx0rpzf_XYfKj}|c8Gw0z?Y<~S4X8)hj`!6oN|8nMq z{#Gj!|18BhoBSh?*-AEYi}J`m6T0iu`^WIWz#{ysk&0w=5mDcr~u>XR^M{*PJnJJPK1siE9%e z18|&afX>WCVztAw>&__J;gD=y?d2SzCFEz_)m&>PSP@Nwfor4^K;a$W2^4&ixE~pB zAX^pKG27%C+$FmQ<~G~pW)pd3nCf`tc)T^ICmfPva0K<=^ZXi^omb-(Gr)!7mODx5 zi6Vf2>-IyJi^|gfJmotg)TKXjA7_Z%!{_R$i9_zvehqqr5&XUAFIM@B3%&Lj^wys2{3vEDJ1v$=;CkrK=Gl>~;Gyg* zvRur(+hgelJsMxMuCN78p-L8ODt`#F`<6^`+_5Xf4@xDUGA)zm24Yny)cf~`1|R|Q zXyoUSsR8-d55#|76^8%ohvx5B^#t@+^?f*#GF)biJ7EOIYqS7@r^B1bZhoHphAx1e{yr!^unMT6+82pOX{1zg~gy zpu-Tz+j2}62(EM)8b1o{)_;WSCqovVrYzlQ^%OF(>Ll^KWyF@8$y=vHPcmGJ0jz*q z1g%g6nhxjzJEv983RJ3do28PM&qRLQTHM|qwJQBjYQZal%Ss-tZBZbsQ*>yFkM0vV zd8POvJ>*}AJ2skP53ka(H(X=;WM8v?ngfWoz%O{ZlRm1Z&>O*;7IlJ%Hz~jinT>tr zcU;|u9`gGlco=MYg0kVMhk9zC<-@hjHtL=xoW@H|*yUB%_U9+N=WJ?*UJ~ZD^&X<+zgTN$g1F5BVIP73Zosj>U%=s4%N%FA8ia!N0c)$L z+rS(U@4|(k8}#`BXD`~UjpBs8jYM~Xn6DQ)<3uNUY}OXu|CE3I^&~y?4Ug-;-oG(c zawvz2K2@pHw*a29Y?oYoZ?x>cjO)XZslHh#W7~}raC-m39sM>L<6@ct_6{1 zA5~h!i{SoE@`3iZw>~)f4a)H60IU2IssF=c|K|bzFZ}Gky!G;qcCJ6Wtp5~h;CixK z;ROW+)dJ;p1tk>)?fxuq{xcLXbQq=l=P-i#&s0~!Qo-R;K*A@Xw;V869(gY{6G?Me zwtsNE06tYcwE`a*1D(ze9|aXldr-UpJx}ux6P$z)15sdHNC}*}iG_q|OplzYLpTc& zkeR*dFI__k3k6CdA?^@BEWG_Jqr&JKdbZ{^b_O1m9W+6$4FG~U2!6A-)RepqDdJ_zZI~BqEXqoYNM?j73K#k1s=q?|NG4Jl8<2DdxB~Zw*zJeC<$O01&?ja=@A6K75UtZx`0i09sHX*S6_2JZQNz zQj?>psLBJl4Inaq-L#6Pb%-=tzKzq`zq&Y@_9R`q$j_1Bf124AlT$+?NTKa6{UJNZz7yT z@V*i$b2u)&%Nj zop|VA&#Co#3@zj!6=?i~iJN&ZXqm|2M{uiJ?$Gbh$<)drW$Wb1HcYKISea@yh|M5K zq1_AzEC^B0sngXcn}EX+1WQE~H)$4H`vmC|@R|m~wg{p&%9-UQBv7r5)7a;*g-jJM z#U#|a1(gs4D+UVMO-cC+j-AIag|%j)5~v#+N?WvTh$*YZAY!!j;(gh6c?C}~Ej2A~ zt%nkoXcw4hoNUKyTa=eEj@HvT7SWS|Zq?CAP+APQ$gvOQO}hwdYa4SrE6b~O<(0X< znj7am|2x=FZTB!w(Pl8JySj+keT14^2%$)<@F#*o->8^Yg;l=N{fB{T!`6(chIX-G zUGAA{*o$~xj#--u32@)i{YdwK+GKIbLKdj2!-kR)>hg;t(QgtIy^)_yV9+KS?2!08 z(=bR~hPJSH^!OPgw)J@}!^0o1s0{SALD8Cvvv4QgaFkrdyC!vo?q4=WqaiZcIyk0H zHX}Py$~;6{MLu2H`N%HCUZW$FmH7-cNz-af|yU)IY2I&F$n)OvU#(k&$95Kgpl1z5r6K0 zo^sa6D7Oo-AlsR#i00LRM)|O-dNSr+(T}Ve8yX)Wt+4xCe1HU+!OpQJ=V!#I=%0XM)#@nsRbxjHrq4H4m2zEJ_mZLBzx|xTMjcsxjB{ z%ms7Gf@kb|y^06t$N3b>Q*<01^7$4)97e;xv=+qGP~ejD!t^Ydg^Cq3#^cQ&nP$Gs z)BG1KNf)h?kKubWlwrGS2nrgloAGl-W2fgMFdyr-OEHc;8H84}Db>d1P?otFtH@=? z!H1?QQX3yG*BY}Dl#3NvbPRbZ*teogb)?XRa7>J=rEN^Nn_I$l#?UnL7K%%tJO{^x zdj&Twr4&E2854yA-sx9Kl&|wAPaW&8P=tiG)H#{hL=LnoR4gEL##?2h+Mbp!3#7AN z`FXzvisR3fH3go^&6@|)=Ga`DVk(l?vV3*D4GT@003i~RDRo3D+4V9vUUihYU723y zEHw+|8zpI$CQK}WGxVMH@iE7_jaL-Q1IxjjkJ7SPGeu#=FS6xVu_I2a$Ng=2woQ0? zx~J#!P<2a(h3>buoiYCqsIq@^XH3-Pa;q!Uym7(xBQP%d6-pjw&iVZqEj=@hWBAN` zP78?-%>sX?DH*2#fqZ_RLtLDVuzzg!M%_}F;1BElqIFHrw82Am#?-WzibQR!E*S~! z9%s~xd?t#Kqsm~JY$#?=-~TKbkKE|4Ha9ji(sXNRRWnEN74l^}@xEvuF7D?0aVshX zZl@&wQ}Q@;yF-8JIySS97TQJ^|E8sE`bCk1{(RXgYs#<{_U3Prn1jmM6%x5^t8gaU z%6hy_-l?#i?dgMI6`eQ;T4-T%P!en?ua79(t9=1NWoYLs)ne0n|;0|G@i&OVYyYNl>3j)oMW zDqI-y32e#5tdJ)5;(n^+Tq~G+yn?wqukral*7I zsD=@VoS~Ehb1NY#S`Q=?C#lp4_1S9Vo2DOCp*DCh8=Hi?=<@iKXy4f~Lin*wW8*PM z@DsG>wF{r>ksi+CpwZD(V=8TY&;_^GwB1nZ?f5saZs#6|0+z29IG8UOaxdEnyd&K0 zg22`1nE_y(ADo_~+Jj{CYFQwsjDziQoiMeD?B4W)nsIy`c)Pl_WSX_Z8lv&<;q&n% z75zy|LD=sfEmFYHI6g&nn89+E;ABl}3j@e%mf-P<$)4oQn%kc>o|4y66NFAc$n!N<7>qoq1w*KX zJSb@p)KeG@0ky8Ma-w3r;XE~l(-H=LJK=Dc_l$aeu!b<5!Msci=SdEMNI+1Tl?9iU zfJ_^Z#!r;Mv}Htgf5UI6w0BBKKrjW)uy)VgXRtI>_-c+4RXRN&bF&@Y>3dFg(@sX_ zSxKuLk(EW#<*ZN(XQ0uBK;~_iK?h6{$m64iG)iSH{w$=U-mu&5bM+e%vAQvT9(!DH z?0&?6_Qp;B1NAk{H_8(1k&0#J;(PE6r#fDJnhg&REvy>;@NiZYc&L;W4Y2+Zh)I>>30a`kIii` zu)A~~^}UBI{_NQUr-zkp^~(qFy?Gw;I}gyiG$*_+Ub&d&Ym6Z@OYVUW#GJz^=bO;| z2X({~s4Q>7Vc`y6@pkewbH&IMnEeYv%Jyx(FtZoK9K9M>eK=agcc^V4X-dQQm6Z=F zy9**hljG!mO(;aybC??B75huig?dOS=E!}0s(rLg4>~WbgCa~@v@ZM? z`vy;y5#m|Hz7kSd>U$jBc=Cjdu7qepdjhqKeuz(J8;UVp74e&tS9Uza3ABOHnP^lz~)Mv1^zZ_a1qgIVoM((R`)wDzyNfji&` znJ=a(Vyr-JR;8G*I}R!^ij_lLVl+Gw7d|g-!m8wnC;ZflzjSsdd0Oy-S!N2EO#){< z!n{Ud>m;^ThexP~Y`Ldk>5_6Q>tjjR{3lHJXU)j-FX}+;az?8_%7QFYD!Zo~9Z`@g*QxhwUGk9LvWD?#`vw>V3nt!c3}(LO91)J9 zA_3VSlP6oV3olyTf6~o~*s|81Go=PHQ{6H;$Wee}m$nBgx8TkADN7MF{>csUBm`+= z9B&;|ra;a1O`_evj}+lOf~TobpoR!0^rr&)eJLgo{8A)W59o)H8iVkc-~_Z^mI&>d zR!W3_G>6bHs^ zD#;~{iV1TnnYd?BJ9rv#cjV@bv?Kk5KRh{mER|K3L}ZdfW!8{TyIh^aVkDx7De;X8 zyFrY^OyhP{ngbQ-Z40He{)gR<`1D2BNF(`cy6*!bb0ovCX4eY*QyW(~hC3BE_I_&P z52w-kgv<_a>ZE$unXF~LmNkRQ@#FB|n1CfV#ZfDUQuAWUeu36v;G1;fz(I8DEjceE{_*g!w4W?8>g@PuBSM;tcEtb4lS==CWR{QGfL4>lr)n|xsM1`JjSf< zlTtrJlqpL+P1UtYQRTU|yl38IUpP*@E}WzVFS4&C6Ka|i?f+$51rHpcc#+s~-L5;SK*nm7& zp!n-T#hRaJ5Ob@*Tjpd+Fy}eE`u2M7kTg?y2$;00SdkS+W{kCRmCzW$_B@5X0Nz%m zUIsil>fms+EwNrv@G~yrN)Q`y-d-zgUHLMO*2%U^utiBEH0h{0xT;vfJT;;%uDr=^ zn-R*ZPg3Fl7o{^UuP-qW+TrC@WOR&_oVMG116fnhsVXaoSf;mq+?yHh&z_5gETPq|HIig z23H!b>2|O?Hg{~>>Daby+fF*RZQHhO+qRQVI^9Wb&YY>aGgEcX+?v08SM93(t#7UO zUC;Yq!jbvfm`GePJIS}Tpk~~mexKrthVcj1n8hnAmtHaZH<%ljKz3f%uZbn%i=|EE ze#(LjrXvSoNLl78711z!9y)=bE7)UIpgq(&F(zdY%7Hg=0wbW_SJVCBhY)lQ()UvB zny}|aSgzz8mG^M-Tns>_sroLGIwBmi!5Nj}K#8peZ-Zt&KZ%UfX;8|cLI<*`N>P0N z$)v@ju)NZ0mc-!rT-Ba=iO|Y*Wkr^C3n$uRL7~ui|M{Vi89;}cvhEuM2py%F3eltU zfx_Ssc|<$VHh12%L3@iJrN)GuWfRd#PW{+8D!@EXMNd-LLA0JJa7=_#9GPB-te1iu z8j4$#(HefNau%J6H2tkfzbrpl%Q8fhQLlq9jJ63+-B%-AC&gC0{*HrRVDaFoAu=F_ zO(`ooS$7myCKrG4L3b~nm*;YOexgmKNIeve(5{VdLx%{I33%j@siebsjm)LPf=fI~ z9u*+a^Cq+C$TFHI1H?)V)*g`WdKROdq~vHh8CEHS+3yH&yR*f-h5G24ol_maIssVa zcxgCMvR0idM*~9WQ=R&mowH-iO{pefYzk9Y^`;;Yk3N4A)q|WU6&}lN`cyq@!>d83Ig&WiG=Vs(|GFKINBr55?LuP^2 zaapBZ^6hQ%5Qp|E7Q)cJ=B(-uCcSel2T8)8>kixIJIK51OYv||>Y?8=>@&rlWXFbF zi!vZY+){?;MThJ`g|wxFz()Y@#e}q_gUE#i@BR9O0wNY7Ko1_gH6@T7tiKjKU~{rx z$$w7`tUvpB@0{Phb{6Irnu7e(#csgrrTuUCH_^i*imtFxvcq{0Eb#3iNd^NXq1`+} zJluFowTGZN=eG<-y~T5j4DV?Py~QJo44>)5o)Qi7gLwzP?Y)}ZhgDj%f3G&Jx{GFN7#jb?8cv<$KT^QT$okd)G8P4IspCls6GZ*HNr*N zH+4x@_T(1W6=`e6Hff#^-UiBIhYdpwox^pLMNnCH=neWx%#D#wZx#$3P)2yJ@;fQK zP`24qGBn~-w8k`;(f(!>4O+SD6ztxa-;+h#&C?4$ww}L$1QW)=;vXt`$E^ANqxirg zp9m3rO(azRC2fZPUys%Pz4-iB-5AN&r)rKC{}G;?tP10VqJsKio6tbI{pBK^k7|CL zUJ|SC!9GU?AjxPlmqJ1`$h4gh%!nQjQPlg1;2lXn*MARESWp;Kz=G!OKXVqvH=sA5 z-rFgGUu2P=zP{}>%kz?T>wTK#^*HOd>IYVbc4{^VQVNT!DURKUV&r*m|2e8iV~Vq+gDNq zP%(U#xoSTGOYBOKiWkyCX+@{%G{H|i0t&IxS^aEUVT*-_agr1nCFvbU3!-!3ZVFetcTd^tOUen_gnaiTL>=JJB(@A=rr^>MYq;3o3uvzBk z{bc-i6j0LEQl%5p@&UmJ;fCD?&PfS5EoCXPcaMi=blf^o4^K55O!GO%~M;yfFi0K2Gs2Yl1` zPL!}Q@GOZdQB_csjq-44DUpZ!(p28dnX#{O49OI&jcXcp*?scjp=L@Dk5L;gCE2x zz&nBg(x0634MSFI;h-8j;7+w8B;WlqRQ}2ab6`tyRVGP~Km5fk=@xq=fRN^4MQ2!X zw3LEI%LN#b1#9q(rfGjb*^|0nwo^R)a(0Z3?l&=V_nA2J3HO;i1d=OhU+voO)S^h{AFd(&e6x z!q+?w7W-JpvhJY{f1&Gx>+m6v#uw(IkbC@oM&N7kt4Ro8$q?keh6np*Z}iH4y4}2@ zg`RQwXL3aIVIJqAl>JC7mNc2N+mrFMFpSJH@!~W$VBR6}0amCExWK?cYue>23;c#m z88B%Tr#6G$h6HfGj*L4W*u>zvhi+5%E??>QO|x?HLX3X?qpB=s{#rl#B5F*2X#oE3 ztoy%TX+-~*RplSUTOk8$YeNGgtA8>$lGQBiQA{v>d&sU!4Ez%ul^6=q5=scQ0mbrp z`TY5`$twl!ePrt;FqzwJogfjAczgZ<7-n5@#dKLQC-@HJ%`mT%D5pbA!&hzwm3Wt&upY@%0W8Llv}fBkE-^&1(< zXpb;J63Zmez%h_ExdD~6$h2y0#kerzF&2#x{ty@xWSya?ZF+a|mR=l$#au|srZ7Yz zZEAlRf^1h0t0Bn{HJhgRgg6{8t?KtHGqvM8(#NTjp*`emJ0yT?+i;1pF9sNdRBBNi-%$4Anw2QL6=Zx1bx`N&0;K|$ zz*Wx$r^6bmlhbCPSzk*}5F_@{AT=_Ec12Hqk+k)MZa@;hq94JhxDcR|OdLZXxb%iV zwfp5O(r9ttS~Nuxqh_jPunDm_Rt1rk)rS}~8J##rp4|uvTQVk>^uvD^6Q$&*^z&T} zA^xDK*%?O7_51m@kyJ1O8BRw-{t6x_U^hZ)w?a;D(_Rls4X8p^h+T$7`93cYmzp4< z5y=StILugPQ`75DZD&mJ7#wOyGpLC)-4gG^JH`S3E% zfM*ur5q6jFqwx9&YZZnA+-UzREIgJ{MKKBK-~?H6qcx%fE`+}rqtiIuRv$xnt_c0{ z-@~;q8Bh`=Bw^r$)8Vp^K~LCoFKF2ZBviE{QM;f5r3@*LJb`VG(sc3!(S`sLmyAiM z^`J{L47AApry+n;p^1q-souBt5nQJL`~r9SJJ4gfh~8*ulB!XT9V}ECTS-!)hIuLx4p1IA zPi4hT5~2OetCGYQeAs4;YcE@BB^lOqhH`!w=LPnL;eu{aN{dXSJC?zre#7D$!By2V z%0$ZnK8A3Q_%SdS;r8P5L6o}aAeHT+G@SaREi1-ob}Cq7`0Ii(jK~UU8W30eIvST~VGm z0|tFL4(w?>hw$iYjl@SCgE>3`SlR9gCn^+YBd|LPT!17fcS(N!K3|57vlH7>WN7oi zgy=$dGHe~R_cjpMtsHy5Nb60#jh^UPL@ysBcl25RO7|Wy5rHfc3c;501MuThaLL8A z`7trMI}$;FJHAsU2W51{VA`}a}X^h!MPE*FjIh8(KF`}5dI%$)6yM<+de$By)QJnRC zljR8igUccN*$IAPmb^BYQqNii<<$VWDN@aMhbHVDP5Ju0@s2iSkE?3%#k?QktS|Pd zj!X#?}C3o z{G)`jHzYmHeqGFp{-ujI+yA13{svZ)KCpSEEyETG`lCs#r+fT3XqVN-``^+0Ztv?6fq$_~5VX z6zl)-VQ%D1k?H$T;{A%;^X+}%>ghdv$D8f>d!+P@4#n)Ze2^i44vo|vrb@izkC3Kh zB4NJgU(*m zL`7oqn|zE0^j|7dsnMBS(e}eR<9AS9S}dJHJDCy}fEo1EY+@YN9Fu365HC*}^`2Dm zvnElIl|y-_I`4^;ItC=Fn(DLr?;iPK4RsQEWafhqN&?NJRZ^;%5yb$GB(}0#f{h!@ zad`+IMz88wIOv)DT2AOMr`KsZDLu*=q2d54v}H)>tYk9_?OEd{U!En?&jn?{)wH5o zs15s>p)id#HtC?oZo5o8#_}#zeNowVoA@V&q62Sj0(sf^7;mW3CqomH%cqc|Cu136 z^oVr<$n{R_t~SJ4#X7-Zkv4UGTM$v7PCOL*=AhLU7;xzD1RUugDTUfRfniB9?h~2f zggQ)M`_h}?P+5VaWVlME$r7EK13;BoMsu@vYhih-yI!cz&k=88jitg|u#w*)D9=ii zs8L`yU5yHUO7SUKy);i`*wY#@jdiAhEIsO6Gl0&`&9R$ffPiFp3c+6r z+MF`4Req=z8S*4mhG~gHPnEnt6<&Hu5dX&;ns6|J^Oh{mah&9YuS7ajOS7~y;V`Li!4(eX3s0IP&9L}__mSzT(Vr5qFd zvWUC-1siBNnNDrrKQ8)XKUx+wX;U9$_^I+!@8^U|6o(>m0XDep?@#_Cmc({HW;JanYU3ID0F~tNHGU=5-W)A$!I(l~Tr1I336ixrBJtW6Xx6 zbCq^cnf(@<^dt%#=K{=7+n-=$fOZN0r9-nz`I+p(=H}8A+L_VH(!$Ovl1_g=9^M zQ8Xz_%GJ#-<$!LDKNR!bs@BWB9a_LI#;4pRFKoS3xaYF0N>&P!0GsoA5%A+uycy(V z;BzRK-R}(igQa7CaPeHE;kj76hg9V-ULJIC#zjdMBb2{}DQk)rUrIACn<^AVBUHYo zHPv@>cz`#?w=YSt` zwX(EeUbIRBQ-bx&(w-^D>h} z7ya23F)My(7KOl)K$7h%I($k~%JpNja}#@0tF_8XcYA5eg40KN`1F{!c1Uuyz%_-Z z@*uK-iQ9BRm2S3zzWkM`XW-(HQBJw!hM(6PPEYL)4sG@@vud%+Glt~w-q`SIW+NsY{66-QwT$)4YRYk_WL^qnZQ6AGFm*s$%9&w(Vndvx)b*6n5EVIQ5fRV*3dWncUR_O|Qhd-9`flyp|5Tfp zFt%Rw*fVCC426C+MJ7#L^MVNstk=yJCy|+Efh4m#`n|#xJtQt(JB|WPzUt;er|0ky zWCLe(Zsx&M6B)F?u<4#jcbR!G>EXn1+`R)OVp^g#^%U;ND23F;)k|OsLxY`aOwvLQ z;R1oxxm~qPQS9I3Lr zht$=R8u3H4W`&A~%u0%=UqRhforllIY|y!CNzjvLK-K_FO|lkBvFy z&Y98>hJL`?W5}LWZ-?UdWpLal?%=80?-qZY1UplgI|AWmJ)plEIP;5^R`2L3Eb5~N zNGr|ho1k~DozoTVmt+Z2y%JxcsScdp9=w(ycCS|P`inL3I0AU9nx;1I7fE4QHgyV; zK;m;1u5z({RKXX{^XvyvKFV}~((d}{rNGxuvzw;D`xiVCr_ona-t_Jp`srj>6qB05 z$+6PdUto$RlV6P98q=`P-JI{9{amj#>M8m@LrOE?opq*zOxp=HXQR;mx)weruVx3$ z9=E?6WR)Q$b}ym3>DYmWH(Hs&35u<}vfJ>P$jKliRXLAv*4SU*wwwy|vE*MjL zw9-TFlSqv4hoDxI&?;5k%go-2*pa z)tR5YqxfN;+!Mcvb&G70+rB~@**fo#IWhWuK&4P=l;oXoV9>NZL8*fSVjhgt-C-Ns zpJ!hqaf=Er+r~%rX<=dlMrRpXVh==tIXX75vs>hKoi}Q{InA5oSn@td4wvlX6 zu`x)=KOMo<;$Ox2>)CmKh(3aIi`5b3fpZgM?nLVI-^WJng?Fc6-;JU5O4P?Dg^Jpj zttRZ(n{cyggdF|2nhUwth*ZCY`$7`pf2zGH{W()7vK|%WtqsM;lFE;jAqlWNqtOdI zua5@7HEtjoi$7XL&9xvC2w7|k=W720BHQz)E)ZlZ9IR`aHxQdsac9V}E4_a^*l%C8 zD{6ZnkjIeC7Uj{tlLOmLeLO*s@*348P&-=R_qH}j{)rd3`r(KJ5)3y*8X;W2Xhe5hdxb?>^^2bS$BOQjY9ZH;{OY7A zQlD@Wo={b8dhM9BAC=ScPYgMeiA1Kd=Gk;&5n@qpyT|Cko_~+!_9|odIsG`X|0KSm z-(jj=w_;tpGuM#zxY)zAE)k)M3Ng9cbi}DBP54z5cS9-+iKH(<5SrfY0u5tax=<4p z=}sJRPj9(zV8Z~0grJ{*f3)F45;VocFyFo*Vg4&5OZ{KB;r~9BS2D5v(rf%D2?xo4 z`9j3j_}^3s|4j>7t*oWAD3AC74^WhBgA4$5L@U-VEC@)7Y=R^H(%#T!8+hx(@2`n& z7A0m;eU6!V3z#fH?EY1V$&?4DS^$ntk#wG3-Mn1itS930@%aJjz;y(0g=!B^Sac6e zb@r*ce@N9(IH*Z`4eWfWEE}AVSOgUiRp)~s2cL=&E4^}@+bO}y zT(qE9QAy9+V51{bY{pGOYRc|2dXF{zH#uo(bpm3d&4}ga3-VM%us49Fm2=h16gEQc zc(dUw#iUy>IPqC=P@_BaS_yZ{MnWM**s~ zVFtxxlOMwcMpi5D9)FTpqd>l5Zl-OB+cP(&u58bte0VC^75;=O!x{z2QuSm@V*QXA z9~Ve2R+(!FI!y{^)NOfzAu7>N%74GYVSmwuQ4*aC?fmeLVjQC9Jo$nGSt{xS($D(a z5ZL?cUd6cRDd}9{NfX_&-Mnk<7fvZN&ihO`H{MQecS0Bk=R8-Un{p(n+D7Z15gyq+ z`|}`DPX^pW3Jx_w-hvwC9_LNfTf~ziy#}UVEts4!W5!`LZZtnS8Z_u1Q%2*;Yd-i$ zP>syToqFHV_`ZwY)+rbfP}WSg6{R=TqRPdGSjzClmy)vYTHh%aFO@VUH@4Gs7WJ0F z_rAR}s7KnQzY?A6AFR;iR(;yZWZqL7L6!!Q=W^n0o4ahc1ZPs%&!RY^f~mPB-^7Xf zNq&}tp#}eW^5L%(>&KEO`ynW1&H;;KdX7y9MI$c{iy)ySw?(nXC=tTxtVYnYXd7ni z{Xm>S&bP0LyJKW~h{?k>dbW9f_W84a4r7aVAiJDcxHns)q>?5S#0;Fa4QY%~8o42N z`kTWy>ZVkZOQj~mlb}IIY@FWa~KfAu7u{=;W}{-`uLrwxsU*C zE@(0@3TI9VpWr^9cFCF^5VU~z1=VDe~xPXeBW{Vc)UsbM;Q#)0V0*= zp7GRgA4WpcOimfS#c`%6pJ<)FhA;HW(_*bg9T8p?CM$67^ z)sGQI>##ghAr>4jz!0K~oL|i)Ni2v}dF!$}WP)viK*d_O%{1T6rD%5v4jQg%I z4^L9ql+1GOw3`A!bL12+%+4YwEufgf>I0;}TBET26>8xk?KbQX1EKd%;Ao)meM1yG z;}jx|J-I>p?~Hv065{Lq36~<#vRCa+5Z1veRhmr&?j(0ewY!uc1)ve8S=!lAAAtvz ze%nU+H&(}l{e(?}K}FTZa-aAVgLLGY9QakuTC{3aN0KQ9>1K^{)pqOjh8VtA?E%oi zJ{U$*x0kjXa7H*0ij(hy4?s;G{M+!27?Ed4Luhuu7Hvqe(lZxvqdUxm=zL4hysK0} z9pTmp7xK+mTcjIsgzg6X`Df80QKhf~v-EdTM@iyp9&_Mv)`{hX*j?zx1&@V(Ci z7au$xIFp|_b#)UEjA@Ab5evY@c|@p!D!Y}2uqoN2!mOcFNvjy5+!)YO@W<7Mg+g>A z6013<2V}DG%jb#qYbL~DUhKEGRcc%Dh0(2$@g~(V@b5*0Lbzej$0w@Sq=Zbv>{D6a zf!Aqd^d7lJh}dgMb)<(z-UAF?{y7&FTO|3aKv2+WAA!P7mF4gR)#`;k4z*?2Z76Cv z+xH5C2kGjr$!oZL2}zx1=jx{7^$_=8x~^OzfuK9S$@AjG6C?KZ7NmCWF~)!ZB_~V6 z99~<9j#osTi=;yzB=%D_yJ1Aim>jjU%YvMza1-}rVQNiDnqw8@jBDtC#lyAXQ&cjG ztzUDsQ23%lQ!Z-GWeeTd(phcJ+a;wW9p-?b!u=YdE_5CN^FN5)z5087&%cvue2l>a z&--ceNA7}hjyf=S2Tz^NUO^A>4&36j|8Uh4cOh|&gdyxI)sUxc@b*8sy8jXr?(iM_ zOIWk`d4O;Hz$Wx$28(mZgAcF0N8rgQz(DjjEHg~-)^=eNTi6U~b*QVDPe5et*#ML4 zH33pdKQ>9-VvUqLd*vyUiq^m|&9QVa6Be*)cTU$fBNlrP5{OmkwGjIB*C`6I76F(e zR5DB)!nYs$6$6~}>3?-OGy;jrQbNLAbEiWTFa-OsCtRLO zlUu-l@6wvl)5}OqNV+e{9-*5`wih~owN#{qNq~sQEqFsN48Ju1L&S5l0?T>bF5?xF z;6*?9lqXoXRS~gFKn3|1<{$kCccpk<=vQv84fKERM<#v#Yi0u7|JP~fL}%}4XK&)@ zY+>RQtt#WR$%fc{sdlv%y1`7B{VOe|WKdpyN|ZlF@v6N|XbS=tIH_$5BG;6p55hPDhUS(kv!Z(`miUid^6|#as0;_2tAh6ee5S+|O zHHuNM3)VhitQFArtcyp?NX4=8mRZxmR}9BoMpwCEc6+QiwzB8FX`Z>#Vvv)FI-$^@pzqZ+Z!D|J2N#5EbsO-$d z?NXTV8LmJKHPDG{66yK5DiY6Ln(e`nsob%aXg=g@n0K1E{N#MX(x`P~hu_6pvfrsf zu?t15|K$W`9D|VEai;{i2=lsEYTyZ0$>ZPcLW2~7_>hqpI3%Hp$=EA=ajgN`#yfMR^5UWyfpz@S>=Yi3$<1*mT#pfL+nhd zW$6%^ZYxib%%ZAS4c7Y=H6SWxk;34Y1M$jk#OVd859@z15xp#s4`2tyJ84|no25d^ z>e3$XIEQ`eDxQhxkXLQ@>;2<-9X)WilN+4)mo9VmA*dLJ#NQ+r1D1!pzy@`hmA?~9 z0ujJyJ(SqKomnw-*W52KnS;HA5_HzxfJS8_hGB4orI|VJ6%nEGihwzp+g0(+hOKV7 z!c!yYl)sY1yU;cvir_bn0JUd89>vTdK+5~VX2#TdrocLCF+8B6W2FykIhxauYpVdM zcpGaMbTmGoh58pcm)Z#X42G}k3$9RG$7BP*+ZY(9f+xC&srUEkIYV3e?-V(my5JoY zySF*EWd@(4#)br;NwFYb0cK1;lm!$gk^j6SfF1L|WQz#g9_t}wCAKD;qRB|I}zkPBI-ssdbM_=?gCeZ+F zdrP&+Uh}m*%L4mk$-u&}M%m5+7ngpj>?z-FykV$@F|s3ID2YKYy%2W{hW4W*BIEUr zX^@T@7Nsa|AqrMQHI>wIqOI1JG6xZunyj5~%I|($3v%3EWnA{}82O!+=4l6VG`Vk+ z8m609QbUujYE=EP~%z`w@Z}3b`B*S`DI1<^m751MdWo z>KQ%2bPT|CHG6((4jlDx?A;zJuHS1kVEuL3bDtG&tF7!AzYSh@!ZN}Nr5O1;GanDR zHMIiWkgLK&iwgygNlV?ns@s0lItW5xYz-ogqbWTzb|u9R8QRMi=SjHLpuBwx>GbNTuJFL%Nn2ojC?Mfyh9>C;Xy|*L@Z9D@6P$%5RtNFcTOIPwLN9%pX4DV$ z{UNVYx?SgIKJ7Y^@I>zhX=|Tfb>fB>e7u-{o`2_{Yaaf^pWJrdNU_Mhxj&)2KLe?W zwJF_ZHPd6&j5i-^Ni{jgaVN%n2m8ml2=JV_2*m}4 zO&o}Y=M*QcZ@dRPBRwlcLrE)XVk}+{Rp0O+u$Z2yshyRUQ*jHEUw!R8N82R28ZgL| z8HZ@aWhMH(X78_JUfe&V^RkSvdguOA5T5?={=hH|Apg&Be_Uxt2KxXDx_`6F$o#Ti zsQdc2?Eg|I&-4HDJid$ujJ{~)cK_w(%J|PmldY^Hha!N=vxwe88>y^Gn)Bv~|te^5y_e-EJ;CD}Kg*a{+;YJhVA+_sq%lkAE4jAqDV3Vi^ zd9-_9Y3tXYGDVU$hD-wRWcyr(f>ufyrQJetf#EvJvD zgbZb?6NCLL$cGIp+sOiw!IT13jvf7yA#!|qwWZH$XYDJwdV|w7EH4_=Qn@VwBp3*q zOSvD%VVzp6JvIsIX~tu&&{`JY7v}=Mo*FFUm%!xsqW*HtCi!MscF^nS1?N<)3NOiD zqL*OWIv;P1u$Vu-u(xTyh(r%`$>NQ~dbgbjjBysFp_5~XU`|)YwPbV?6hoeP_ZB^}vi7Twv^-!`62?z2ZKqNjjc%NWJp^s(YzA6;87M6Y&+CwPU?jnnuf zQeDSz9|$d-XMU9|PbQrQ3ZXVF30Q?(Btd09-edpAZeN@BAawfj(m4Fu@&9jr5!e6r z?f&<7TOCRpXBqg(rw?q9mex*$3@4!uhpOvi+aRGOQ4mBH((dCI1h+Y?lhz;jQcy5Y z8Z3J%XXdD0=dWp5HLXx-O3YPMZ>V4UnBV^Cxm_t-{@A@jYJee($Di_gJn7u|lF5Af z#G2{)o+*684w4h_?=zgdL9l|N{gD@1NbEHj4l+GIcsgkY6#*`Z(xQve_!eD;{#b|^ z5rB;5w1-ianbKUo>R>~A;Yp+^t=3xTInZqFfAAb)(S{8`R~7kXA*9JslK#FgyUI58 zF>+C(Se90~M}qdqpr>yU^VD|3q1lUPD-+#RrRUZfB@96kWH(t^LCkD#9EK%@)JF-8 zUZx%<0y=4$k3qqh<*Kw>9Sx1Ds`B!x5aI}kRH5m&0JU;_jV8{7D_xsut)>Xp{H5Sa z!I}mCo=|k-{`Fg?4P4!eBNuo8DS+&~x2gI*I&-}9Ih#(TR4zazD@GE8?|t4{A^sdX zi*b2)nsM3ztFpAJ>E&jz(6$gCO+EhrwhHx5#3-fE3;SA8o>fJUi$`!1ZZhf3QaPxo zNAN;Po?Lz(iA;wWJx0@%#bT4iUw5fc;zs^Qx9CH+=&)s$1g|E29n)@~_a8-pdrdT} zx|Ht<`>0}U2<9P_h%VBCoENl8_$#89HkIt>ZN4md3jLmF z*nQ?YzE_9q!#-S~Fibo64vCu9i6+C&(JR&2&(4oZ`K29Z@Wj_RXfkU~_oqFjZ&$Swq{DIeGU`=^+aJ!}6(nwaXhdLI zs5#_Bgngm1f0_XWp=i&~6ooS*T*vjSFJ+l(sMq4d$!GVhxyPd}l1Q>(|!1p^~aE)U_U99H6d?LU^g{ zT}p_)cW;Bkk+-n}BbUEl7Xh6ip7bjq0dP)Z5uO&<&a7r}w*tR(8Mn!hkQ!=vF}IG- zS_V~^&q$ui>fKn%07e-yDgy83q%~+uAvA@tT_H-hqoWR)0h=n`f^7CC%s}Z@c&nE2 zU}PLb4yO>ybk`X?oU8^wDG4e+F*bF}Y(Tth9lqo^+Vx1R=R*RVseQ4t`;X9gYWLtdsA;K- z#`i33p=`7>K^pQZ*}KBvX_TQV+`;rrg$EmXvR5W7H*8xVGdOC@I^?DLraxZ)lJe#B zr=ogm46EI#I3BOzH6J)kW?^}qn@Sd#8tdqhVP2YAo0dwknYuJCkG@YwVwUWrM7>=6 zk_`tmSQwfPcd%^6-JTBKbvXU99kA|6U{kpsOSZqte0W^*o0dF~#oeSJgQIHS*!TC9hG=F<;&Wshmw$i#mOG2cf5OmmvG} z3vU&}p`c#K%aOf6#j`HnPMP+)pH^~WmPteIn2uC56B%mwo)~U%!^zAz!RCYY028}i zSSrHOsO*YWWBsmY`VszSVJBw^)2Y81h`g;3v={ul%{4!4pipwnxhQHDm9h5Ngn}#w zJx^Qrm_v&O`+LkVVgu*#qm{Ro5OlvnITR{hklmKi?;p9oF@5PId@#Fv(lYV;nXl+# zlmofw_3=pwEp22h(Lt<$WZw=xu;W zD?tvTuN>`9AJ-$&!LnrhkWO~8x-cP}pO~V{^zTzGG<~}l^b_uo!0!*Nl0ceQOs@-Rt z2N1wRn7}RM=7{<7kx2Im_xw;$lf*K*KBWS35yY}=;coBU89CNONQ?md8Dw)fzzQ1P zz$JUg&FH#gLyNh=JZ6e&lz{`qT$ZbVQ(*0u8z$*-50rIz8$gP}HuGC<^_4N$sh4r6 z0!z+4&X_I!?q<#6~d0tf1~J+8h{VSB$EuJnnK-POzQ!JnrwPUY8diAa8O7+rh* z1^XPKsu#~9-*CsYDfqH3oG0z@z;VPG*gj|QNE(H;HcQJI6%J=W)vU+j!sNh(O~_sg z(77UWD}=+yOJskEbO&RvgCL^|3FL(}qNi7V?+S*yBdd?ypp7E*-*kZ52Crges>&jzv$~+F$uSQ&U+;25{^df@i1{4qoUT6$i|DJGjnQWDq(^;MQ|3FL;@Ou4b;jyRcj8cCDD|X`LPF6 zj`i!iD$L1Rjk3eU5RJ_V&|o`-j8cyP8WV}SpyS`uFEu5K=qZ8B8v(A)kY}j%c(IH) zTK;vy7HBo%wDALT=PnV6Xno(UQR^gzOsx$dJqd-G$IH&bcUNV&`s0jz#+4rz(k$&a zTMasY;u5(UVhG7a_ZiBvp;{#P=@ighh7)sUnw&wm8;?N$=2j>`XQ8gCUc>Cu4FY$L zJQGMW*tCo{G$;I{G!&YVFMoUYpugso5J)KN$w}_B^SVONPMN~gwWwK&J zTSvyiOU{v@=$v8Id8o4d`?$;xssqe7;D-2ko%Mu@2#>Ca#zt+Jy#b{a1m>IS7`d7} z+4Dd^hRV~of~`qb4#ESH5KLhvf|}?}73I}g$zV=Q>U<-j5Jo{9g}72^*&&o1Xk9{q zg39uG>Q5-7()M%#wT&NPrdjqF z0v*;&CKs+GGlp@icbvhTxYm-(r1o#f%ewTdS`5)Z5V;6<=+kb_oPRp;r&*^hIww%g z=jJm8yS8tX_u}v)%SF0>pJl322)EhczS4ET$9G$S;)y&3j1eu2AwubXIq~~v%A=1b zg~-1EdpvO#)s#vz+IXpvvMiX#U#2#K3Z({)Hjge%%PrI) zCk0MHdUMZGNfgS}+YpM!mh}mArI&cv?&^sU5?>De;aHHhC%1XU#px3zipM)h@P+Z0^X6^RkZ?&1Qp^a-UCF2ui(U8oxV4>$03Q^f4#k zwrAE3>0>~GZ%L_N3FR`sei8GuJ)CFiz_c~8O8unUAkz6@a@Beiw*z`%PJ}6!D!Meq z+Tk>mpsgLk_7Zu*U=!6ObA_ciYz;gMj|BNQP)gv6T;tacZW^D2I4i6D-j#8npf2CkD_KAHdr4A(eO5I`X z5^G#DdIR0Ui(kxp;d;E*==E!VuJFYZkaT0>+_>XpKsKWO2DxWK&T2lAOUpRxh6&H= z>YKYg4dNNKhspd+Vb#91i+N*N_4+=|*Sq*T>yn$#8Dn~%j?b(yY7*WF*TCz5D0=bG zZJwFG@laiiav=sqctRorZk}D#6yXpjoi|XSLtBnGltaO3rNAt1i-Z3&tt%FRrXZz4 zm{#M7!O9sIKVk6F9*DnhM09}zI7Gqv9sYxB{i=Jm!Yh}H#I?^4A@j?Tf9m7Qk^dgT z)REc7*Pq(CDq&GuhD)wpKR*hC1N$lU=Jd7#xMOTUMpGz)eVg`H9Q-@Nc!z(aJQ4E! z7&G^C6AMZr6+D;NUxDs!z51V?{6^<{0JyKQJlVhGu>TKkonNZre^2WC4`R%JnDX05 zfeIjwn)#e9R5dk05Jl*UBQ@doK^LHc%gj?l>Q#@rS66vCwvzu|_MC?}6B2O(m}e3pv6aea@(0>DEl=u_UoBehbXb&0xKOBy{*sSt>+FL!*Pkkp za2WBqT*AgAuH#_|juSP!AuK#6IiG-Qc87X(uGgpm8N?T77OslS!D-Y<>BV$Czs*Y@ z8NewrA5n? z>2Oa52JcS<(iy5Yya?owDcD`ULFtEww3jTs>JQNm5a7QYgQaz6hbanA2$<6snvZ1Ou-W{NedeEbw#n;)YtSGG7 zMK<;X47nCFWrfIx;M}`q9Av6!y_K?y+>sA(xa!9VVc;7=af96#_)5OOd-kH9*RW! z^Xh%=Vfol9EBLpeJM+hz4x&2Ftm;IgBp$NKPlDC_`H!ChwZ2a4U1cg0prFLoMt_YQ z|GwdoaZEU|EC{~gk}(EvnSm}+h5}pG-R$52J*#V(X4`@=0d-+Sk``YijtA_2tlSNn zsh0NF%EkW6mHQuPF<*Pn%hj5Fp;o8^N08#g7&=sr zl0M0S-2a`BUmYXi8yMR!OIC3!Rj!8{Xt0)hf1}aqeUcdiWZ_pzF!_0PT1p;^H5>FguKq1D{P0p zfvwAh7jV8r_xph;A{iAa8RY%sM5`AACLgSlv&=9{e*_C=J|d~5Cinp_*-PV3QCv2A zS`xkb77HHlMFaydGwZ9%)BtK=yM>I87!BGPqh-c5clNr`5H_5BVVI}pAJv>5*+62! zA>0%F8h{6v)E}xecCc=JuvT^a2Pf!OIc=X5F#KovwtmM{YfQJb}55a&f4K7TPcJ-AplKNzi+52K?78YnJG0KnVfB^fg zNU|oXJ#*wK8QH9voiY!tJZfuojwLz@Y*wV05h^&Uz-+D-gU&u9ubF$#W%cklqCu(4 zOBKx{c(`hcCGeZ<}YbbxsGKpxW z;u0~!?EZ-?TU@YbrhLkIMCLeVjf61{zTlZTvJe_!OcUMO7zEpVk9zA9o%HF%YA+0xTE?Zn!to3_7 z@SoLI@aG)!TOx%kR%HCmx&?<5iVqGHY6 zMMf2x9o}D)R5Ge1pv0_R)AS{=DiP2Bo)#qy?Z6Ss$fqm7;-k~dif*B?MgbExtH@*J zGVLdF@rB59JH-tO6*G6oC8g#W2ICFuQJsBN=_`qq7`sN)lWq`p>gvRtzvATR$58dc z41p{%s~mVy!{n~sfqKu!)C0$Bcp0aD(*7>A*72jIn2r{k4uCk6WQRQn29!GUR6DMx zmWO2jh6PWHWUPFEHGzXG%+p4UIZTQ%$Z7$tH_&iS;x3$`j1F+8&|VaD!`j9L+B%viX~jjG))Pw8gu`)!!s{Nv>U;EBM+TY=Y$w4mfci5Udl9334@Zo(*MkkS-o@O zj_1Cb$z_d4RtgXvBzgr$J<~JJaa*A9LFlTuf6IdRuzaE(ez}zCX;Qo+#ILRB-(%XxQuc3zaUu>oByb4a zs7U!{Rkikh;yK6n*GD4Jh-+m|a+C4ll&P73u8uJ3c> z+I=mZPGWT?`$i`FN`r`h`8{@8`%EPBp$4wyisw#l>QxkJCKh)rjV1FSl+=Sw_wX?% zYy@X=Ua$mUY~!*e^okyZ z%IKD|n!JJfFNK^49Q@Mo(KuyU@zpboOsMx)iZjF6qhL2R%U`MynKsSJ8M#};o@QN^ zheUQygZgU)_sGpRt%N6g*FQ!XMk547oAx?y^2On+7=Ov6z!el_B($(-$v1qg|nc;CLn{&9Q zkrM}he^}VyT+1!X#a=XDjau}uq8gPtZ2l-6kG`T${o999z^WGGlq;gAlrGNh^`32( zOuYWDMc-)!{;-**{ZKOk>Pxa<&z57!w5Q4#%Wi;Pv;~rEmEP_ z4efrr@Z0((tPDPQ5Etj=0_vEpKVfOm2+|<7paX2JNV)?qg#@auB{+yeR)YttK4=u} z`nu|5-W*Z_Z9Cg&%(-r?pgYoO)4Yii8RvX`3Y!>_*s|Hig~d&azs$l>q|RLXZte(| z$2?k&ilQ!DVZuo4_iV{qTJg-f_ViELI7Ixh_Nf8ixBM_m4KL4<2Sd1?>a7JZXRw=I z2>mz77OL5wrUw!-o}dH4VRCAZYzeGAstLV*9o0!HzH_!zZPH2)^meRE>+pN1@?^5z zDx48#L8oN~Q)taA^4$*unyEtHL@J*L`8;b3>4$pZ3j9G-Mc&}!Sc8ZT*!_#bTV-W9 zgKL7fRcK2c-&Kz-T@NU1H=MyD%@<6T>&H&{f@A9^kEB@1O^U zs7#81Yq#ECek#L@6nr5B_&UBX44(J)FwD!AxqBeCJ~*Nm0qvY;ZqzHn9&3yePTcj# z?E296w53-exvQGyWraaC{o2}*P*tVa7xnSB+e22=wb|w*dWpmB;H&xQ(-4KAZnu{~ z=A+i`i`*xVB5ya-U4RdTAW1=FFJ3aS+_j%B)L*XD1& zrl{=r8=57!v}fFUT*)ulk?F+9+wo3U^PHO}s`J4fE;O@p#z<-z;cw#(ZywKur2-%I zi1n28yER=iur1&nScEZft0QyQOTr)zgm7{NiF#cs(KVUN^*oIXwjrLf+&V3$E7EvU z-rRR>L8JKC^qqTF@o`l~xY#_DMTMh$>|dwybG4CTx0*VI+9tFvKLN%_=>44X@xL=n zo{q+Z8$Lpg@L8C{dT%V2e9>a<=83im^71)r>M_X06elZ&I*+r$ULuxhlHqFg2nto= z5s>f%Uw+O5Wrtr{4t-3mfmF5taW=-Lx0HqnZIya0lSUTJ=8j>wv#|ZlqQ~_6D<4B}ufY=v%s#8=EAw$@@2ueGq_Sl}AOA_- zzfxtclSHUK{?okARB0A_m8^l@jo}Z#?cmKv4S6!R;>9Ce$G)8Ekio#A4#g;MRiKwf zx43%oOFhtySu=0nhBx`(13_<3WTo4ok2^fxu-6@kn*711dq(pM4cZ%{1RWztN`0BDULY4yTLo=lO`%D5_+3z{#*^+JDL(xK>ik`2rTQ&!@2L(r4< zB!f0Rw*o;YPFVBq)d@E0$D6%gQA37Gc~DaAejC7yC2RQzEYDNYSYi#`{@5~epM`f}$3{@0MSTf@jxsau2?%kWsxO_G z)+@XIqgGqrM(UMoU+6{_L|L+)@CE3!@h2S51${@&oT=OqW6AV95D)xg1S)W7*#cFaL zz-d#`#s*5yui9NDt+HT`86yXiWe7Tru%R!lz15Ep-`TjS+9y2Wpx(HR<09+?(FjXj zxIjY6%BS~kG)?#91~^T3@wo$EI7KPWXmgJEudEp6E6rJ?l3o!E{z$Nht%-RYG>^?hp-1DH@Cnac>Due z?y^$1$Qr@94Yl1f#_u7I2dPMAbt+stp^!3(-qeuYin;3LEDi_&YO6A%)zf%+1K7@< zV4A9Nvr%aEwu1rfbxJUY;b<@oIxp0LJn@L)Q0nN8Z&lBBs-hA4L@#nJiBzR`UFvQX zgEb~sa+52$iM8ycdTvT1c9XIrJ>XeUu9`lfssa%6b$gfJksiJNikBTj9V-u-O~&(} z+Jf4``CAD%%F@*ViHDVT_mt({P_yuwPNh(q0Z$f~!fmqyO?8hNFJWmb0{bbxiho;c zz^g6^FFiwDcxl`!B~xl5iD+K5FH^ma`P%Wn{+Cm(Dv_KY>LGf=Lk?mF3o{&-EUx#9$ivDnL_Us-cJ}>35C}Hr zb*~%F)12B}&X*m%ul5I8e_L;LID9E(3ak$b6Z6(=i){()am*TW^qPy3V+Zo_#hmN2 z!mV`nMDMoV9A& z>6vi5g6%SkvZ1_hWxCQV!cN!n^!n-plIIR$d4cAjaGAkeFjP-m79)+p*PiRizk8zW z-%I-js83iwp_{@_tVTO?N<$0cWVLri;^XH`w2PMp6p-xXRCE5~$~+bOj4Vtne{pa_ zSf;ysSlu!PraSG=e*I7!Mfs3~fEMuI!Gr>?PR>l5s&Nz36fC3cquUw*gB%4!Rr#2R zfWc1SpoQc@hOG6K3(cw!)mCSc2vt;Z*0VgMZ9Nf6;q>zub?+(lq&OX!_o z>Pi-wKTj!C!9l0#?-fZbyEXfmIA&!<*Tk51u-n3$hwT{}sJJApjdOk4T&R7J&f!E? zrnjNs?@q<8ii3?DqQ0HjlN8E4jfP$@r7DjWXQP;wLxuq-mL;oAB{Ei?lXGNFJiPS6 z>6m?a5l&bK7*tmwvIj}sMT4-hwI;Q0=q4H>0{+Ye`#d?sPk%r6SWwk+5vJKH_K9-L z%49drhXsxHJG^%47q{+Yet^yhOG;bOVGLnov-&jIYby`iEoWX-WEd}FVq+fWVrb1@ zklJWZcR(IkF}t%#@k{#=fS;EL)?dFdr7>%$Mc7@FNERTO!;2y)VYOM5m&y2oEIUeZ zM%9%C%a(QNtR?rOD6`r}{^0Kj5vX-j!aCKJ)j_0tdppMkL*r~%_C~M>Pjej#jWk4! zqwK$H{3hz`Ec&94+0C`M(#QKEht9?|B9 z8N>faKi?=D=D6^r$;2Hqv?-YbQ>x>_UPA_Eo+#dqhF9_UFzHQr7+!2(d1ub{*jPnm zu~oqB*ZNEm52DTQrlqpNocJtUriHgN;6hh`;W_(ofx{+8ER;&p0v~mHgASJhppD%~ z3ALBLGuM$nS(9IT0?>Y$-7NaC;cwy~o`U68zVEX{1;dtfVR>i#+q~!{6z3d~P~1~~ z9(nR7AI&{PEYx(6<=w(MtcfN-v_Sd~akX?=7)UayvZ(5xf6ZHm3#~~s{&cXhJx_}A zz)Wf2M^p4~tHqCe8MI^c>-zix@hRU?-oUJp1j1RSsI-p;flX1L8a%pzgqq4G^8>e# ze~(TcW3X+<4=ez1q-7t$Eu9>U3Od!*c}fV5LcDxUrt^~s$_*Ts#0rAwkp}px(ICkt z+F?6E{ahdOH}P$-wC}h`xL@>h!k2fOW!;fOAoC+?_L6b2BB^%=Oi?Z~%cxTjawdPu z%Og!0wF2|L@t)@#dCpR;;;WI;tErPr@`CElNW44F{@jRh%N2y$_F~8xfONNsFe8^z z7Jjw`Ft>#_wu!ROiDUe5X`%AxXzx(Mc@nqG+Yr46K)!<%UwvsJ`Jwlo(5dxdYLwsC zuSm7~E)Bauvv*(`sv;{77@)V@J4I4?R>=GZv|X|s+XS8v#oq}`y->LkWf5GcjLEk{ zyXK1VW$-EAAyf;GF(S`8UE+m8Tt7Y5lAHo~5Z5xQAfI3ViNs4-8|0AxM+o1KefhuE z?*E?$GSmMOfvZ(){$n8f+9EZ?S%)YFFIY;E8m|4KUK_DgY?6%>MJ|I?>|dQcNw9|O zbkI|D9!c$;*V~KQO+(yx&!1Vd`}*Yy)j);N8YLX@Sy!8WupYpu4o6UYc#pdSx zYKxfthajXbC?X190E4+%e%3V;T`?D(ExX;svyV~mcRfZINp6s3s9?FSHMr58BQeV; z%u{7iwnqvgBvHVaG*%bYCyX)6;#PB^&cbz+dYheBh>E!g`o%ryvd3)2IfKP}6fvdL zX?BMV_ES^8X46&Ho?1ZZXQy<6@%gQpoQXEL`~h%QRXG z^)tp!!@H2ILEL*1`z3hagj~%e#)<03{Q{6!ZwXW5Al-)4{=-mmK%`65RU=w>jJgj> zaLGt=*ANJaT1zmT=TeI`Xrbo*W}0)b8%SH4Bl`NS=;o*sFcSCrQl~4!80D@aetR!d znPIx6$~nv!j)}@uW>^@r)`C6cNVF_?>Y9pTCO2%Q=)R0tluZqEp!hyX#pIr?>|C4@ zztq7K&wg7HSQUX&lfW114?aPytlOi$V~kOP8qyM0b@VSKqSYZf?~+eY?_8io`dxUe zvW@UO6gRiwd&QM&+oy3`<$~F}<=ZO0D&fPUQ|5F-kAb%S$j%PJOf4w%!q=f~`J8wz#l54k}`VHdD!Y$um-yH)e=|yzt zPI86OuASlybvkO~r0alvd*fc{HrcA2eh$TuREvD31_P=70X{nyF?wPNJ8hw9XNd|W zRIOzyY8A6KSGXe;-w1h;K(f|x28TK3p^fPJd9YV%@a1-c&O5=9=p>R{&xnp%8%E&? zuZWtqvA%#V)h~?>I3Q_U-a6+)1(CEb;xB*N`z? zdHzql?%~J9@?19y_{Ak;=HSG9Kq@Ce8pPukp`)H5hMobCp3)I}+HmXGK_@YZleh#N zG0z?OJEG#z4O?0uckd#ZR~?f1_it5TFLe9~r4cN?fzkjo*xdMNL_-P=(2xH#VQ;w7 z0t5ZP_}38s-K^pIe_a0l508K8guRUVtuy|-Y?SSvfMG`wjtpK$vq=?>tj!4$C5#nh z10%-r{N!;?ClAv*Y#G<74J9=SlqA>&EAon?XGBP~CD<$%2%wLTPgommg7f zuBtVyj|dO3xxV>Aw9-iwnlLhlxQGx6Bj9hJ5^!RR5oN_;4jvQEv|@9Yk>-#|ukG2) zZvZXsAbGNq6jv#R(mCVkLUj4pkvk4j1}B@uS{OD)i;6?;vb9$F!UFNm7((ts*1wZw z3qv8hYuxdDEbyYH&OHAY3K9^<0he#HL876 z?}+^Bo!UXk-cuuL zor3Grwc)zj2z5ONa}A+z-{eZSZA4*iTVw-A?!n<0%kb5qqTUp4>EC;swI<@*brLb7 zaU$g6QbIpD4W6~)yN&{umi<21kLlO&DMhK^pyIQ|DvN)hQ;Nesk&qn)Gxk$lEJS2> z2@Tkv8G{Fu?tb9z{pW|^v6AiPFNCD zz{fS@=D$|xNLIiP&BuP?xJh#OcVZ$@Q}Jmtz?d+J*JHOp6-l-UD~E!Bk!(c@dd{Mc z&1`M_|E=gZRAqE7!R)uYKasq1DzuZRcG2kKS24Va< zcV1tBk@WTLK|nQ5q=Q|&mDt~cg*_Rl_62ba_A;=ekLohH0+-M*S3*Ncqafv5)v?Zv ztboN_1$-*KoE0+x09+~#P-*UpHD;JhZlHsVL&S=3>d6`tRl*x{ z4Jr4AKkTqEqaVp0%}Q{TAz8?Sh3-PHw+}GYmD5~YHt9~Jog65D&DHTgNNVxegNc7g zjRgfnDNezX1FsEJV2)-OMb#d#IBL z*lNB<{AwxYJ5Y=^aw0@epS@F@WwA72ApOeRw#z?A(KsG)UpS)i%oOB)Om>pbPK{|* z+HDsI;laFg(pX!Z6Jm*c+^f_Gi7*i3SASbc3 zOvL6MGPO(K*{d~Xev9WX1w+f^XFKuj6~Q<)toH0Ddhdl{x)&2ZoeFGTqLoRX%-P1~ z4qPd(`XVY_0b4k#(VF;UJ`=C(CbO`Va5trEUF^})hhy~}ty%bgpB7#ML$_&#Wz57< zJI8}}U@9?I%*jRpnyLN+?H$L(sXOl)`)bvJ-I<-gH#3!){oZ{|d}sI!!{1NOGH{n3 zmoGJgn3@#W#jGnnWlj4X$mbb-CjNjVz`%o^s#nj}d_I9dkq?bb0nOttfVyv5rexs- z06(=CW?V;^7j(prFT@#`r)>IJu=ymAoD(a2um*hN7^#~CUs@<{1ik=CJ)CH`3B~lU1Ff6DHMZ*+si*60YS;S#S zw1tpGPnzeR$&5$qNVl;rF0FTm#lYN1J)+#5Bh=)PBgYdn`2lB|e34s|n0CY9=iRul zOv;KHW1!i`jG5>T@fx`QQ=3Z-r#svmLV`0foaEq{r(|d3BokMXZsSKzEkwpVk7Y_d z6pacd5J$g@qw#6;cP~j7YkzCN(HojSgkH;zPq{k_rlH-xo5Yk%L1TRTEvN0z-W`aX z+U?_sNRm3|5B*BILpHfPa;l|36_hf6-8CJufUDO&`E+x$79ZC)V{`IO?<%pZD3yj_wEwOfd6Z%l{% z!34kItIa0ibAaDI_bZ*~AXvgJZ&w6^#w~o8m?vu-uHW$GD<7x|``ZQhE8(y-{mx+Q ztq~Wez|U1;iulolBA8PZNpfk{1L@nZ zOmbj;)FJK=gZvC*H1ivje~R($*JvWX5j1aY!qrnqoQK^$dU4j+qE_0-in3uxSRx_R zIlr(Jsi`#m&7AInZ5 zx+n*sAt(CCUCq#9`Ou;jT8<=Xjz;6HHPzi!M#!mB_^BFgRZ?WNt&0aTyJFg3l5#JI z=^*1v#s*i=_`8Uj!`JA@u(ZziIkX{~cLHdi^8ul0b zfAA{3hfX~k;JcAG*1w$xS8>A%ypqAo6(~K%>S0`6?maoK|uK?eY9HpupqkrS@Uu7+BZ2QH8An>8t z<5$_Id@nnvJ4c`VwYxxV;5vfXgDRVp=3P@y1#^!V@|x{qI{Cawvj`iQ1191!*ef~R z)B_MdSxSoY;S7V$i<#2gHK+F54~U8>yqg9PbQmf7v`pG~^8BY>+RW`LbB;Mi z>LDWDIsp?5Bznrtmg7qhVz&t`@sg(>+eZBl1Lp&vj}&cX2gD*6VAvcc*-A>Q^$8`2 z@5pBI)|RIF>lwZ!w~Ehgb3=P3j2VOCJ!pUs(I(Ed_A#~pCaBmxgy;fZRy(`ut+ zAGtr{-tqJ_Wbv(aSIq#h7Z#KmW)QZ9a$a;DR$$XonWVpzg}SyL zJg%5ZH_(C_DgUBP=pLXhK_9^&EBZx_`7W2@RDHI_|A4C$Cr_DRfyz9G(SfVb@G=w+ zRv^n#hc`kyMb%bq2=}1e4F(Ms(vWjZN_aE+Q-~@A>!LPX`WltrI^`ch4La3WjK@EBN{rFkli7zA++cGnJ6^ejGs_Y*HN%c2 zfQRHMaRcGALuJp)J(sNOA6z7sC`sRK0jZbqA!yExe6d_kV*LlY!}*8e(Q;by%^?pQ zbP1RCGc|Fa5rm&`Sqd4Ln81Ug7v}QsRA#|yO%Jy62qd$mYk%q}QCo%?9BI-w^lPX~ z$vRLAEV$`0d^sswI}BhS1N21QNNhGclN}Ss?N^4I(T`1oj@Hi!vG`%*k4n;+dEz1V zxdC)+iKRI*E2iNY4K(|&(`4G9n?O zh4T+=x(D@#q`F7(VhhF&Na6|EWA|ej44Oo;){}6mBZcG^SMyO!%u+`U$!HQ%5)>#f zjsraukV#{5^GJt7Aa#`64i*-R0+cou=P3(KD2E~+FVh9{G>#iL*yr1BH|?i6PyDAn zH(hrh(7#+Kx3OpfUFO&FxEYWj;4uI0t@(QyQy{Q!>0I=p76(qmoAW53%MV5M)xjRm zv8cN!_mP!Rw>7_Egah{nj}Kr=V$|m`CWMWE9LwfQP}GapZJcxCxijp+ffEJ&%@Lvb zNgu7^(+`Rv#Y(wQ2OI}(;QY<^P~Aetco0KlpoboQ@%jj?meZRVF(Af+hr#;$eAHO~ zUI*5x--u)|#mk1{O5W^*Z~5|+R%lB+XE#Ju4^_!pHSd7C0>wr*qpFY1f<&t@fg%af zVph3^1UGaTy{y5UJsN}EFJc6$qFZXjTZ5kT%Js5{D_JlvLU9Er4i0XC)fy{Lykb5q zR&!e3!|6-J!esckx><+GZoXDvRCzzMVHgEc44fa9Z_ueQ$MTgs5R(Q6g{pWZ}tSe`|($FnGZrjq1#{;Ase={z9{ z3Mcd&)3~PnT~nh{$;gtKz%ae@4HnAvs9)+gXq)&O zZ_#1f{lEK~zjA(N(xtVv(~DiRi`#{SH0n(BB3}AK0EhxCF=rls^&Z;LsM|2a$WASw zI}s{l=^&iMg>$VwifqetH`t;Lg zs~d%Zx8%^lJ5E9T2%_vk66UOxZq6{)9c z-_6Ba6g12!-e2}X4zq~|V#Mni{nsqP{P-`QX zTF;eZYG(kUJLK-l?LV%bAbx}`@9CTsWQD%gyvAlvZj3ry+Ngu$e6O5cViAh%wK)7dR)*El= zI`VgNOz+4f4L7i9RVa+DR*I4fl>-nR_7Bi!`KpD>Kd^he$&Sh`=wi=N5y(mzJd0DR zSSwUrWZYS8zWS#qUVg^>^`G*H>9nf|a`pVYgdf?5O4fH_#6xZ!w;Nix0rgipLy~P^ z7p~6ByV9TKN}7N4Twkc)Wa`4if0@hFr_RjMn2*JROq;e2cpA$37>x*~%-zgvh^#-s zb(e2*xqJcNNY?5}8M018?qicLzp(9=F;OjZ?n{$;zqCfb_fDgz2GaD^0vg`PY7u(X z_5T(zg#QuH;H>2QJQk|3U&DY2&I}SPkU(3$tnzqMuJ4~WFce4I#(5yvW!f1Fn$Pp7 z<3}h|I$;m1Ys}f5L%ha>g=@wR&o}o&Q-HK%)gUwj5jV;o8h=ZRXQEscSsbQ971heC zvSmYE;u5{v-pTE`TSo1ULAwC3mXpZM(zk*h2v?|~X3`jZOej7GIrx_^B4b5?AklCF z%?^B6QypxIYQ^(LU)gCDd;+B0ewr=BLSr!*d!=B1aJu|KaG?4)PkGrCGJueB>(@qK zTC`#pbvi!vS~NT;(We2iQ@9^;E__+*t;A$J8l2F_!@c~I{X_QT2W+^wN(Hpd$uIGF zEi@}t293Hkzeee)Yi*0aOC5STbV%j4oZB=?VFrPh>NF}Jt=gUTiQWX;QfOp)d$|42 zqVA@ZRj{SY+upQJ3vm+x8Y7dI|JKlpmo;)W)qkEGoU(BCB~^)y!dRh+Lnh13*HerZ zOT3%Z2-|wyDNc7uBJUNlQW%~C$;Sp!1QJ~`w)%Gpei>RWr1colS3yoS=S`fUdSGU` zZWywbG8$lXqe=Vk{Cb{Rrs&9t9wPPRa; ztx{t)q}7ib)QU|jxGw1OlSpPXmde840gB@1qElQ_*X(lpCk{N98T~eg?iV;%UTR5( zSe@7tZD!Y;TgzIPT#?=9(TnES1pTWMSQD2x$4a+5C7cr_bGE&wjcaY1|449Rn8ZEC zEp4E-!52}Go%qxGQULc(97|qspiY9X-dL*tK9MP$ zl8PyDi&Ghd@&SrM*=hauz^n8Jb%j%WTtT5&6P)guSbwhN`lMm@Qw}hN@O7b64uxI-7UHuB4(V(xjK# ztM@VnOaP$xa8c>GCOlr9B8;_yQtH>NQ-+h`aW+_Hy2mISl4cJ=klIY|68325W)9$K zIf4{L?BVG5{JUuQQ>ml2sF}?8@LSesq|d$-nbm6-UJ!ut&=8 z#Azq(Clq5BQ*_)179z-}k3KM06rZ^q#<)s8D6LbU9C=wLx&_(B#AZYp=rWC&Cn&5! zw*VlQp-=H^Vth?n$JIq+H`{iJ0G2O&_jbv#h@`jU^v7hL4N0z@1nf@A zV$-*@1mW@5S77CuL+7f#rPWd6<6)wM>E02{0d-BDlICoC+zQAJtX zR6YGoU086o83W`A)-xD*-Y#JwzWRs<6H_6~&$XQr7m10eyK8DWqqh@0DQ55Ma#_!p-TI^M;gtWs-k`n&li! z%pnDnMT*WLF4f?PI32$M&9R4*-{axb-us(6MRNl{bz|7fz}O|-%EogU9GTh>Zt@<$ z*&d(Am?vo0l&xxyY%iO5S)2;dY{Y#HW|`FOkTjV$RV00DF@CL3NB|e7a;rmKsZ^g7 zXpg9d0pP*%*K|cZVbSf@j`vWPbq$czNm-R}I%J9mhREc`FP!dikhknu%;yfisALjq z*o;&!UAeO1jnkR+Hl@qo)c$8ITiozpq|2YG)l1y}PUZR^Tv`8dO8z*r{!5u_Q}0LS z`XUS0fQU>DYx<*LOVo~7omvr2k*YpVLM13-Q7PR(5;<<$(HYRx+`M}FuJ>xKC3;cY zEYI_3cTxL1MY5HE@ZP}8?R4^=?W&v)FTK6rkb6wN_kF)hK~kf9?3uF|r>xZ}sm`;o zr-l=a{myayB*$ZG{;%>xD4np@-5F4M;Q8o+(GNNKs3* zuco9;49=@-R3|9Xu)8O_XzmzrsIsia>m?N^LKO@b0a31y|2WrxVe$b`BWPz)2`wQ7 zxD2r@0;ieBFgOYO!v=tqD$7{f1;hrvt4fJfYg&A{a#xW7M8G*2Nc1{eHM;UPSw@Qn z-d4TBXfF88z7M1hQ^(!!!2sGQWRKwn3=*MaWhg4)QLwUWx~6>aQ4*Zg`A9y%Gj17X zmK2%N;lJt-QdS#rZ+Ok|m*1E{9D=UV3E4>2dhGX@asjP7X#DnyBMkfmwP{$K3h^m> zW@pFu$M)@U@M;HWInqPaTsM&GY#@jU3`E3HN-(3AV>D$c#m39_1x!rtV-Ju)Weel+ z$eTI{OCsJ+a?Smr@FqWYct8*kAtIkeku+%j5a(6qG0~}s_mJo_?TNJNOi*MS2_X@2 z#3aloYa7jkw_F*iO^j3_0rl5Ab1FBIl;pE{@?GDkCG!hxbUqcP% zfh7LnXaN+DM<%>NX;Upk`N|XpBBw)A-bA(Vbq}d{O+%ivk#H;v(?S3j3|lT#KZ_nMXQ??vG; zbuYPnQ+6xAyqM~Y%K!-jeQK1!*BKHrlbHrt>`yN>vYVt5G5H7SrLe=C@> z`D4wmp1icw=1=@Wf_7rm&a?*=I;=keQqNw%^$g7?rO30vgo+G6#LK2#4pCwbo9foI z=9?|*TP@>f+o<6((8o&ZrgIR8YA!YUF13XF0($qPL00FHwFfQ0-g63XthC+XXQ?+$!T$;eURy(zYB-A_h`+0%M%vfn@(XZUaRQFB4m?ryK42RsnO840`@6oe8!4tnGZgL+OWv`-}ufE*m+ zkBE+Rl8T6rjFMh^g}Bu$*Z>%0Wy>;#Ii|5?@w5gJkHeCOur!BczG6bRY*N-UO8&4Y zlxrVgA6Z8@MW;wKYsNm9I?k3FB9H52y|Zmo$bbOwOPxz$ z6Ig#ao&&ZLo&_Zd7Eq?LrwDA!#KKZO7<2tY&w~OUJQM)FmydAhKcrcNcYyhwKKo$B zLSHLC`^&YC#UJIJ$zJ=BczRFL<@he_AMO5IwlqCN^q-!vC}rL4+ZhY%id@C|sW`T3 z0rXag>Zc)9$1y{KpsYw9ZNPMH)8jMN2F2e@=;1;Mmhf0ZC3dM>?2As^;DB|LG>vkd z2QAxxTGZraCqQ8`o~(=C#Coc1KZ7>3kOR^#OEA}AG#h0h>-obor&>U_Usy~wlyH0N z^RQzGAt_|m$0meu4V_U1AB=Ts`L28t%}*eoP%o_uf-WxfV!||x=@-Ubuc`KwL5_h4 zG_v@vncfB4y=_e+xlkr?Ic$&?tZ@GGrnXgnz0755v8-`OppHQ1eCjB{FyTanD{pl} z%h#`#mbMm3jEj99P|JD4)ybg{=dHP|5AIC)hz^+S5d#{m~R35 z0bB(REa73&alge18Ns3fCJ-zP7y>9Z(z(p=7`P|%8bq$UsYMnGw9y(HC7CuGB@wg| zHkKJh8$P=WKD#e$I#rVYwqJIlfSF-Vz`Oqa<$l?6nthvbo5`N#{|uM^-KN__Nr9wp zI~4l4k%opf|CxVB_`MdEGWXeenV=2Y4E~B?z-RZkI|*BtjZZI-ivA)^c6=n% zhwM1XsrZw619$S&!j%{(8ijh9AtDbDG~I=5xMg^-KT{QX&_)^EAB{#nH!F6kdXaub z)YM~c)fUKZNgMBz6CgTT99yh|U?6%ohGlUW{^1eDaot4+6ZL>eRPFo&sVbB<#}&9j zPojL-%P+c1$=t;~w4ltP1R$%%Zj&5yt!Kgxc$_8SaT_RANagW!hwoSOB|Fin-qy-R zCIfjM!;Ch~JR+L{R`S?h)nP7e(mx~7!1Zy6C3+xitIlXG&YL(p+O-8}d;!DC;?Oi| zO^7IBA7KJ}NXs*PV=$~Id{0zZd+6#(bBX2k*0InmYqpuF5l!QbrQ2&^m8jN=^_Z&= z%Cij&{e7hg@#X`;eYTuLF~ZszOJ;BCc}_9a4|#kyf{o4T03GV;4NEX%(u zQQ1cx-4ph;Q|U9EeqV?&Yoat&K;+5hnWh8@kDQeuK1k#LTkNo5PZdG(xl7`UWVdd< zd}*JjBVHw}v(#OZShvzSYkIb;d$!yAf@SK16$Wd}FfJWVd@>+TO3*$OL)eCLEpNl* z1*(J=US(@{1k`505?5F;2GBkb@vkQTTe)${m+z~uHxS0Gn5#8}e`eAQHF5VUuC8t= z2U0r@7v-x-cGxa87)W9g`nbk^LMkkGxn7*r2}lU zlUoazSFy0<;Fl0fG93C^2DzrkK`J-t%Yq8bc=yE1qw^!E=ano<6a$bGF&_h+B&XpJ z3JwW28o@mqEvhV4*okQe?9kXqb-lB)w*D2``l!wRcTbJa3a@~^ zXPmZUPHk72cd>&JgX>=|S_mHT5$K1cRpQ}Qo=tS<_-`=rmwF`!$L=92;0>0hlVNE2 z;-54lph7HO0pXEq;QRYZ#rnZdor}PhG z5`We1;JOlRNhM74t!!iBpz;6Q*>;WEYK{nRX+O(VIw>UYu+ti+484@Q_ZnlU5v(oH z))(yoGcPPo^fK{;!Bf80Ma1qA1|&a}q5YAqGSh6oXrGqs%tsk@5b6((NPJDx8UA1d z3#2-n;=!y^SC0(Us&ZRNJ=pfK3DRP=PNcPluHTU}l+#(bJN{ySH}0qv);Hgu{0Z~iKUzzN&i zO01v#`isws&75Qt1}#WtJMrqT7ZzDrm7JFyp5^_-?bhMC!^Zb?jT%k<%Q?hbzE|mUTP~a;>W5;Dx!k zK*2{nk}X8&Q8Z-~B$Iz@7nUT8wp=>GsIw zlV~DI35VCk;0Iq9-(g^H5?~smyJbc#bn^v)Ub6PmZQtrcfye_u6xr$nvZ2+bz+H1f zU=wucHf`g)r7z35uwmkFzl=;$1li&kj+{wq8C_`ZCy=$-e3grSU%j}%v9h*V-$8?D z%Aud@uHJ*5qLDPeHR>oUQ?iHKGIdaJ>C)I2TGPVQoB*j4T}$6ahrAG6HV5Y2sZdhe zS%ySB=TC>9aQ#%o!iAi#@G(<+aZjthI-N{wM(L+w;0Fx^Kviq$?BHki;hUw*J48SU!F8KH`XTZl`n&H)8234_B)c@v=-F zKHaDFxNpWDRFV{SQ-bGSaL3ql0nm*hkLP+sO8`&al|HdpuCLffi_Xn^4@NbysZ$y_ zw)8uKsdn?6eovY|%seSBeqLT3ty0i`RBS)J7SK9fU9qV&&=K2p&|(zA%~K-#Dk_k6 zxMo1Qo(MO8ukV>1rUl5-QX(z452-ul5MxU@21PFG^2&uYdP}xMOzd?|A}D)UsD#m3 zQrU5^kkpkdFv1rP-{}?~Yg6XrNciSvnpRjErESVs+Pg%YgHsPin~#&ZGZPjN!C5qs zpfBv3qdtZZXJ$mDxnhbn0(7-BleJ8sP0-$}kyB%lJrCo);d&i{>+y$1DG*6>(f7+` zAA`s2AKn>Hmg=zEd|ah&i(#SuhP|V)P@QIViP>>6sv2Pm-P2ZBB^{@zdkLY^oBoUD zIBHPQb`MY6E3eeYv7}9c9vf27d*vM0wl>=%yXm=Y?WwFF z@&cJ^?opc^885PW-4d#sT{&+& ziZwDb8M6|Fkl&yEVc`l2+&3aEiN8ygHOkJcI4ivsF3%d40Vls1x9V($qBwbkyumbq z{PgSdWsgvP`%*Yq=sk?+{_R~*qM9V+i1TZ}P zM8JM?LImRs^7Dj#+E?>rzZ!JG5{lu$-zlaIK_HQJfM?<+x#&jN?Fg^Oz#Y0q97tlk zK^+cnA+3r)L4Z~YPF@LjszZ^G^?m3a@*_aQufrtE)}p5#LXI$S3XZ|z(x#>lzTjey zGV7PYrAJ{iZqw{bszJ0FI@|+rdIkNBpozFPu1kz!H|ksXrBW*^loDi}7MxnC;wUTB zVN>-U^bsSF{~cAy4S(E=m7NAtUuX#KX5A4%#SAHr#y4;H^7-cn>lNm&N4Z_OoNfun z4ijXDN4#T;i2-~77z1&ELA01B70bEV(P^qS^*qI{H=j; zn~t#=_Oq6ik_S4qkg7#!UVL4TD&+YT!xB29yeVvXiB8`Gy?Kz&jW+fjH}FFp_`z=5 zi-Y;ZkqPlzo5vj1wo&g=DCY8vyFSykc7U}VR1Bjw(Z1^&!{+$)xnqjmUk$tW_lOw} zXxF*v=QVeHnBRE=-kE=egnZStf-h#2o43Y6rRg(zB`9uhu^KRPy5#2}Nc}o9RG-n2 zw{)gpg$UlCZQxA2v8oA@5bkeoOtz~ybo1*K|c14k(UD3KSu3#BNqW|lTmR>0l?r5 z7$S@S+dL`?iNDeZ5y&)T_ez~1+wlB8Y?4&aO=&VG=G*u8ICJU=xbI(ZChx+aO14*K zwpV8aR%QfNXL?p5NJ( z#36UdgDXu|6fz4dINMPkpO(ot#Evv=%@0wG`SJ-xKFO45Ow-R_)WxV|9Q?#2#NXu=P zi?o1=v>U4riyvGw2f6(L3VSKJ<0_tKq|pogOpIia3VXLG=HPT3USh(x*2yR@6HahO z?I{k+3GbC_T}rxk{2UQezTD6+JcDfNZ;^D1b(pc^Of1b9OgzmQtnB}fKNrLQd8UxDi>tGdiK~#CtEGdpmG?ghlm8(vZPJL) zKz+vh`(e1Uiy2ZW4T>)$ri(sm-B^OeMl7t`uoIXFk!hj{fw{S<@u$fe16C!Y|M#e>LNph#srz0efYcEY7S{E|h zhO44qTQjhuN(xw#K?AGI$6cFYDD(SLLC_9C;ao^dN8HxKFOs&MRRO9cEaDv*+~#;p z)cN_^L&R1pF@ioy(^e$9&<)99!gT|0Oniy6Dkcg36e9QB01ZnGaK9co5yU8P^z(=i zw@wzbVtLZ4O21Kd=H?%mm4nKQWvzMxc)u_-Sw>QejMm@Mkxn1|5xC5QY}rhJE{ZcZ z>o$l5NP$!NEB)Dcbh!~)(%~0!JS8dfD0o5;RvExUO(I2UCr}UI9kfJ4Su1JGgT=yW zh?OZfwG#!lTIGB#w$1mTP+{=$N?DJ7cKBF}%6(8AVHkkzSg`%|jSn}|j$B{|r zVN5wkzCErA~i zX+WsoFpJ3SSW|w{-W#$qf79el(i^B-R*BAc?cs3hq<#uNqhv?=06;nOWM13YaWZ04 zg{b@+fIc_kf$OsCI@@V=xXM_QNoe^vP7ZUkfmNU~avcqtf=vIGMyoLtyn!(-J(uyh$5>^Y;VUNNUvwnHMi3rDU6nC z>%#trhX#|4W-kRRg?k`yOsA&>tLvcURvr`!)6iuN3IqCODuwdxPW?+198Wf!Km6^} z>6zz}H;`7Iy!Saxej85wyub`&h20SX#aox@g7Z>^wy}-26gB=ZJ5=2vVnh|e-ii(b zw`UNx#AQj3lU8V~(fQe(PASz_P}!msBordl7B*^GNOFu#15??u)OtKQf9 zE0PIrpRu%xh8C(o&h-6(^pFm^2^Gi>6-a`OEU7H1EMSb--Fn4q$-R%e8k_5k`S-|J zN~M()uZgwDESIX#d_2A^e$Fu1NW-=TIb&ze8P~)Geqs}Pm0NzaF&h2!dkSYn%P-Fg zV9W01u*-PN=DN;Pcl?kG*vw={s~SmwpGiu7^(>?($I|fvBlP6CwGDLK`XSpg&Qy5 zKwTGUYJ0LIUXi=R1p!R6l;JC^j4uNxuMV#|?*ho2x|Kr6r{Q+3mpE>cdB{Djfu4dwF11!5Uvr8O0k+>GPPPaL+j~rURc*^UN6LKEH+FRErwjBn$R{OKX3m`=n)H<6HRg}~QA{v%I)5Bx)RXol?r zlmSqg+c)C_E^16Kd@w6f)<4d;r#AMnD)V}Ko52g-p{IITl5U1KRuZ-Gd2Etg=4F$W zJ09w#1Muj0xjH#+n^%gW2p_LGSUOzB_Wxni)H)oxt+x045*#ToPV!`iE*toLhU9wj zG6Q%t_E&(F|5Y(T#RY_8;?{z{S@i117#RvGfch=R(X!m@&piTPE?U{~ z;S(g93aHv)3pFb21HRZo2wx(z==7q#FU)pHM3XO1_K?TPsI&A7eYZs0vF=Z4{Q>bW zttiuGbb=!7IG*yjG8(nL(O!dKYKzWuSCgi+ODEZTNRLyFQ0E-&5cx??SZ!L6iVw%$ zj=}BNYj_q(g&K_*;NtQ>3Ub)tixj^dvJD_CS^B&`6QGytf~(FQRh-Ol!%-giO(J zc3DhyV80rkpcR;!GLC_4QPSF{92UqY{1@tqvL$!;&ak=46)++LwYi`4OFuzHGSLId zGteup(K-j$Pmu9e-k!>)iXp2%OolP)a5BI^pDFlL`qu}(FdvOGoPk^p=D~tPctaSM z4{4Y;MXK_vioG-Jp)S^VK7Yu>VEZ7R9#H}QnYR5k@$+;Wnn8EuXE#7?s7wP%*=b(v z1MNzo?a@(r=?1nQRFTiJxwfCq!;C?}+>h>kg?CiX99mqYb-@kDCpL~9XZvs^H zg7Oqs8E%pNgSQi(6keii8hZ_HJw8w#|Ne7w9tjUd6y^&gSAhDj!@7SDlav1+hF~iH z66c9Hdn~X%>4ai z(4?&THfTc7130{WBfmB?A4Ap#BMV!A%+ViPidg<|NZQf)7z$P^6@?1BuK9foHh9U8z1Fo$w6WaD+P4%JVT8WpDP|*8FgXTF zFsUXsp4vN(!8vk2L%BQV;w;>F!x*3*5EHc&+SAfQI@Q=^Kouy2InUnDqeKtA3JTaU zAIBtw%z9$MI4N&Lw^B+NN@+k=K$9Xi3Q758SH|D!wQi#_6!p{xi~={$sj3E02Z%`B zUmNYH%=mFSq{u9iENk{-_Ky_RAHD z;p_!j9`S(ggM#;=Dwe_SqP$JxwhB4_reTvaLIqp?98)+I2VWa)miGEXd9_Dwnj&$T z#|e0WY2tkl#3U>;895{w9?oPcyE0)urp+jPPA&KKNM`Zx4>A5wy7G;r!>O;9Qxs;l zsv|O-Gv$cRdq(wu^f)`WtYe~zv(eUAm~=w@!^rLUMeCRqUE)L+YM7dnQ6pu-Gp(Aj zZ`aUpDyFh9rAxUJ+|`DeR(Cl_%WN4XqI=>fU~)&SllA7?E1+`~FOfhS?&^JD@2tD^ zjLcn$78P46K04$Cjz^BP7Z`Z1RZjGQo7ua~ne&(0dO9+-ri;OK3x`L36k%>}oxN*M z7%)bK>Y2;T)m=Q{h(XA>drd!d6lk>YF15O0N_UlEl=6WtCamT^|4o^1<%qn z;Y4?|PHV@hU}ttDA8*|5sy9+ag1_w>4CM-cEMo+-#Ab(PyHL}b+_iyu_B&?f=6E+C zwZwQqKJ?Bc)tR>qZw*%ozQH`(1=m0-jiT7V6}>YD??n!_XXu*sLtn4t8i1=A_r;e3 z5~*J=GhsXH{vLd0&&^e=Eq@ReRJazLc0#8)yfClSw##nQOO+eUTH2bT7N1hKTDv3b z`1uSj-`uVs(u^6xcM^3(#xruZ+01AORpQ;>T#SrN76+N1f+tw zZTCy7g?i#4O@ld<>}}e37Qp=#em>agnPWrT?uz6q^9% zvZBTW&IDN|+upgq3|tSKU&nB?i$1NmIcPR985UDwjlZOt6sZKpgXt_R2;S+&UQY+mrLvQo?B2G zLevX>w}OMbQEGz+VsSU$3z7d|m&a@jflCvZ0CeXf{!a~&XRwQ<+3in(GppsrNqBi@ z@xp!Kf&83~wKAZdcKWo373KIdld!idWACL|V8G5EHhmfD#!VlUadfEjJZAe{4GSLP4)@p7HsibP->`K0^cw zum1_6DcJn{yZ(g(h(P$)*Q&+8Q%hw3hu5l_i-l(ZJunh>IEbM_{Lqk6b@c??%JpXFNQ1OnY0cwDj$gn9kRB0 zo0Nf8=?>W)GEWX?@y&ol?Qq*$hM%=YU=FN_t*ypiWthi)d4c65#rE*t=xZjHGyCcr zc3_k1c(eu1M)_)wz?zrcm5{U|XIQ%{q(>UjY?VL2DGC|EpVfG&p+$eAA3~I$z-4O< zSg0SWu;!x4w#%hUFn3hR>};ICn^=b&ucg*p418>0`mkV9xja~4{6=?ws`?47*NI6h z@~eF9#+sJCiK4JoYhy3vr(i;KrLwb4YDx=rh$EP{lnC2cg75PTEY2D_DJ$9b}=_Wq@t zY@?DYQPxUE(Z6=m8nq6%xj$C{eeZ5RyfFCqjx8Js#JUix@a$pJk42a~n z6AV$G@C;Oo{sZw3L2`cl0^#&aJ-q$eX8%__{P$bz|AqDRf5k(Se}I2Q&FrnrOvOA+ z%p6^<9PIyPZZTnoUPK6WxToxMm%3^`QhOCGLQ6`rOj1VJ-d6f~VO@!2c_TA}rs)p! zDR)5Hco&2>ne+Lq0GcL?<=FRi`Z_!N^~3w`H^*=_1guHacsk-R-hsC&Pefi+@6itC z@EGSfihaS@>@Ul-PeH3gZP+ECfSIfKsgX;AMlbDvzbQ~RTGWxmi?RDin#T%R*t9i= z@YM-X(uPNwhAVw9t%_ATgwKk0Ny7pU!hO1SHn!1CxFZ+JB*TZ>`r>M{hnK~4eNK=$ z*|+#m%y&8MNcllTnc5!}Q35gMEF#^FW1N}wPk_Tp5eg=iZN1ImGdO0aJu1qXD%t&6 z0JD1{yX{ZGFv!tRF3*Q)l@y@_=2TzsAu(m`BC_s}-%mIzHfK~y56W&a*>1^H6@OZ5 zLjdvS6Pi+5OO2&ZaQ|2+NJTGh-mf;JyRYwmzEDE{-LvpZ-8Hj!wK6gK#|r(sr7BM7 zk_Qz+4V@XyBMvVhBt&=r5uu|=ObWp^hlrCrY^^DQ8Ps6v{(FaH<&9jO6rKOaj7i1q zw6GAXIy%cU#j&r4^YNeaM>s*SV$xJZDZ)%)SSMf(QNYf0ct!UDlKszOFW#J1W80!q z%smNZsRh$;)pEUa-R5RApl)%OA**(|f7hCvVM_khY4^a$1|HN%&IXqbzn30!o=)KvNV9NQC^*QU8&-UDJcT0Cc(@4w z%IZ)%VQoBzbnkT`xz*dvkik=6FWs9j!WPZUTK?USanp`M-)O0s`rHB)sow|x&XeSB z{E9Fh$YzY-UiM7{nyQGZTB#`n7SCKD{0i<2SJ@QRq={-phH`A4j|Br!3@IzQ*qqpw z2t)X^;^+rCRTaDbdLHp@k|Oz`z2xYOs!Pz+-3ojdhOolzKVcgi+n0j>z@$k18`#Fb z-*$rk&D9h&GdFUxb^Ukw;{To(J~u#J#`2%O>hEO^ulz0+j$Bgor>LpO{TuUgU(+-K* z3Y_{l-Ygl+oY;<@{tIN#ks}+@|7p)MryD}OQEe0vTm0)NC|WBp2$6{`{Fk8D@S6KO z9~$j|Gu#*UXpkC2p&7~qhjlLp;9lYsr>j(0h^`N!A=*VRbDEp_VGid83S-eH@0>3b zM&Oaik^hpa`6YGH<*2bW1kvN&?AqhmI3nng2yrlTnb|lib|tU&*^#tyJ$DT_9?*W)VhUbD$tV1e^2X zpTV*CRA=(l3%Twg;qk4Eb%qeX7Y<}=rI9fBxD-)ifDo8zmqKl#OT|h`qrk%XKz%Mo zHZ!eyauUhBG2zASLnrdhHi;SDHkLz6Kte!83iNhhnfwU=0D<~=LJ!5Qxm1={91-m{ zE3TArx^^A>%C$9f7F>x9Z4q30(*euxF6m<&53m%$=Gu4gN}yac)u$!1I+;Q0v&9YaWIyk@^?Nb2D4iqp&Wp9!cEoY?=WpwE$D$i)HiAl2 zZ^-b%ib0=ikyzeRAXY`YEBDo?^pNY#I+R_${2k#OPF|?H$!n=S92YbR&(opjGv<2N zx>4!Q8f@C!-S^OU!sV8MsJ3w8j2nhNi$D|ZtwD|z;9DV6MOXD?${=pnIUNXtiDj*^ zr6M6KES7j@J_oiOYjnw-@#_2yU0^#FQz?s-gGfSURZlGsDS3!mjJ|17Pd z9?SFA%;%nU%#)Ik)DP54*>U~%a5a@&K~~EU5A3>l-)4h$<#p9)c|up(t% zpGIRXJ)7q(&fSI<8!@Gxmvz@8ewc*(Vt_rk*v&?t7bTRyIo9oN3clM(%9sT!EGw!W zt7;kIu<=dQsZS|Eu#~Z5G#^+lSBVH846ZvEs`MF)cEPP6zn7cHmS3FWg_@?jVjNl7 zE$9--csP~j(waqvU59k@@L-h^cYv1)p>|Pe6DlXN0Cj;&>&X$4?X)OIrv~ex7hP*}Ai+A6p$r4%C#fQ{*SQUoZ%krHC z=O_Rz9@qn*&Cp5KZ4PmQHWS8@i+3j@9`l;h z-!a|B+c|aa@wx~{Vetce3kFetH|vKx{E+@OS8}d;l>E(EVAS$sr@bK4OfA0cS1)?W zhIXWrFM%S7l`tikKrI}vJlJ$2h(V6sPx`Pxxz6UfUUPm2C5ZB>;sw|bM1g|6WU4S` zw|Vx*AiMH$<`m}r4v!Hv&UtuIVw~QCEa0+Oclr zX^-c|<0R%L7k2-wOhoew?c{~@HCzzZi11Ft-oR22-8e5fgFc!-Tpj4<^BHqeBPo*5 z93w{;Q;znK3EZY_2BkS}gtS7B(4pST9m=IthDzsEM>QD2lKnQ3 zYgGsxu`Mo!2olL%^^cIl1x?Z`R%fsJ`76bu36h)|@1oZuNSpVmgnbC7GL}A=<@*+s%oPx(sgI=7 z$9LL8nM3CRp~|mvL&*N7Yn5&NONlune&cQJ$sP~>U8PH}{A=X3#bau_&N&hip%Wt< zvG*t4k$Q4oXkIz{zwDfI`nFg+?|5bFLri2;z%gJAj74ENk9fyco@I)#xj28uCrU4{ z#~CSw$`Bpjs<&3}owlQT?46=6c5N^UVpn;dmKjVGM}9IhJcDBl3%`)Cm&v#5lGzgA3$} zgEXcK?r%`)|!Hxp79Oyag-+lP$j`iKoXYdBlP|O63XS)0vTE2Ly zJ7vyY^#hp!r|srAI`Da9?UwP*6HG9DKE_>P<9|iSYqUGGf+qRa0tB@OBWv70UT=CZ z<-2q+H7osfL19lt?NHxEBM3vMTbPz+H&ewS&@iS4dQ9>3NFC*DwJ{Zf}FEX?%ItXuLObzYpXOU%F_FP5Ti@CO1~n|X>k*DYw)n6Z0k zN@tC+gXYvn$y4#t$NP`U_;c%97~NyNH;s_aSF&k1W3VJi>sP1J%LRBI1+y(1&o|7C zE$Gg~C&EpnBPvF6%m=YVKV$8;aa7gR1YgeMIf!EWU!pR99M<1#_`p$K#Zs zX7+YC0r<$BKCu})xT>c7U@4p98TZoQ$al0$!Z`a|EWKQFlRw_nTl4yi#IL@d*_(IsRop}S z`_F8V&=tW{>Wd5vhW=kAA#(riu+`Sg;wu5MxA;f1$^T79{(~aZrT#CL!Jb-)w5Y_z zXjWN4#aaL%&bv}NwVDSc7-0DDuyD;Bd@RN&rsP#$sN zn2s96_7n?y;hH%yPFV-=!-8QB%fr~5sk+L==D<+ml& zCx(`WXm(=nI5{i6g(;5UoVD&L)XBDTCk6moT{Au4hU@pO!5u3}zn$h_u~6Ga=U zqED#_V?|-~w??-{eosUd8!Mbg$TB)GH3tZNv3&wd_V9E~T0J{KMXv9p?b*`C=y&19%=W>7}5S%U1F{CUT*(x|w>O zaRn)`YPS0@afBJOR4MSpIT5w`b-MPN(KThU8VN%pkzt}{z|R#TG|9b(wKHFPvW{H+siRb1eyVEN9J#cw zIixJMuYp32NOTVy_Nj>&QQ4+UyXhAsH%>QYvyEZ`@c1%YfEOd24DHf5PQU&kPDwmh z&B+F><9fV}!OB%C?6~n0C+y!6HN+qAHAu{qhnt|$xgpt^h5IcK#r}l9jvKQ>NIZ!y z1BYju%R6@YKCWAfX^-`)1H`!=VxGDBt2`S2_+wgeL4u#H7I!@_t^C!7pYKpc_FZuC zzc<~cL&kd9H`f?3a4RKdNv>J6{Oc#ejKw2nCMRjR$VK7`0|o-Shg2PC)TgtVFRU==Hw?=ldkuXq;s5U^l+|d(Ipx;at+cah~KuiPg*gq-NP5cK5Q;ViMJ$0d$|{I z$0}_@w5^@m2+HbCktl%^g%V;k%Fhr3w}|Fz;@o`JXK{yrGvzPlvt|`dmblK@lKz74 zXTsx2^TWW&%j&};B%psZNu%{{!qXYD?px7_`^^4NiSh4zY!3@fj=8oHPQm?o51kZe z?$4bgwLnm>lwE&8AF!gOIE34f_?q|pWikb+J0z)o!vLakL-BlEM&D=!NvR zoJ^c9I3A+Kt}Y1Cdeh!vy@=!5G9nXMm{xw_C>Ee;*vgZhcEceWma zJ9Q~a41#Rx5}I!W>j_*0#||LyTxN+T&wf_67%CR@WYpu>okOI|Vv2!2D#2$pF{_qf zMO+Jy26>ClHQK;CBIiSEz-g69;XTNPKwnXqWczKiFesue!7OPC-Oafq4KI30>9xU>vWdw|&> z2TW2LOzP-ni>u-W5C0^0b4ebVC(lVTkqC0qsCDktTwKt_VVIelwFAFqbcNB8SyQI3 zNU@RY;KFBE9%o%v*;orj;Vj!pj$GgzaJ011gdiyPq*btDv`h1-hbUOG%F}I?5Q?DY zoT$~n$MK>wN0)Z*FMFp1qIH%Ue?P|b)@_bb4Iq{l(~962j8x7cmCNerG~_&2)N<&{ zZ&3SIKn#kZ8f_fiNu%zy+%ne@GabR-KImwza@B;>WV;>~)k;i#=m#`(^eL~?q-9+X zuTVvRpBSAi1jWD~REstV>Jxc&QVN)AR5!0?dD#SC3%BYg!seGX79WC}RPG@k`)Qw^ z929)MmpE7TJwS2KTp1OQiDdph0;lkvrKMWM5ESP;FF#{NB}CRoeJ1tSFWx@HjGNd) zl}4)w9P&KML-ba*LI%^e-cgFji%NSe<7-^+%V;6f>QT@EzoyU$krcx%8sY{xQ<@?VPR#7VrZz{q)0c zZ+qPqx0der_hcSs9f7TZ^^sB~qL#u2r(EfU~HMibD!yW*m;jE_xBelg365hv3 zn<4^CY5~kt*RJRb)oq_Sn}?)FK(*x5g$d=AUHh%@zP-l@@&d3?WvMlb8loS5$9G*1&oNn4gtAJ0}Ua>)A=~ zi6*Z)k=@YERY7(zooLNVAr0R%gHI106o`poXF}gK7;oS@C;kNXrE%(q88C73-{8Ex zfr(7}TN2*^e24}1Hl4Ul8JxDj5^w1LMn|6kqG=)mtN%w9cpMxYDNo(wMumu1S${{k0ROug-MA{`irl~ z_*_R4*EO<9-+xoQEcVSG;4hveM_8c!g78YOI=g(6 zb_h_Jd8 zT)YpUyA$u1|5q#0miurK*Hg|4U`A zQazVP5kmchpkALxYYg(Z1+JlY&^+3MS6LR92oXb&{4H6}hpq0Ix~fzn7~o)1iq3rb z#-DsUXNEqHe-uwY4SdRgmmNMP9nEY~{+a@dS`7&PoosgO7e3O{<` zLs7t$yXpy4D`b`=tDqI6!e~x?*!t8^!^gw~6gy7=z{-7<6Pc#oyaoE@6DDotz=t(7 zFdxk7KUVF)?Nt3P3%p@Uh=rArcqd(aAb#jbbSLo-@RR z+Yfhg?Klxwvpr)n-AYYto1FVu>$mQD?t_z2cn>S={B{ zNcGc?sB`6ctWJPZsWL%V$!6?0U2lr!f`RFD&L|hDmBOkcRsZ7JY%vfqFctFY!a>77 z;)8UFbP%5~tH>Zqb}(w&<>rzM$qc09qSEc|BEa&*&=?qq61gvTz}64j66w7v^}GV9 zCN%&J1ib@AbEay9o*j^SCw8qe)&6nz^5_Fyt`P1tBJ{*7NuRE)M0dcWwPO;j?0It_ zSvzUaxBE80y1Ae6_uct}45`PV&D_Gd|EC9)dwlEsbpQpRY!Y)mhu|m1CwkI%2XWW! zx}4rqO%0pB97e6TBWDjI$VWGc1asBoO&cgZ$+Pp|f@wO4`I*lmW;^@?lLB3UV6A6f zq`@Ak*{X%CnUJK}&DdS!7_fF5B^caUgNP&492Ll-Tfk-Yh`(U-3rJ-;%NEH!yL-2E zAp}SXRZ+A}BQuHypk0VX1e~LT(P5ND%;l9uJkP&(D^!`jC9qEUY6k*7E%G{kwU>!6 zZ>9HOQQ`ngn!pHdM~Y$nJ1lk$v0R%tMZsU*1t_2wp_$JQtl^YgU172Ym7mCYxlH zK0Uqj2!dphZJbB+ucvLmSI$i9h~I9e-Tw?Jj}fh+D89S`8vo0RtH^&dr2J1e=>OW6 z#Yx)=U%d z3u@=rlAM+^{9YF?Tn}Fqd>L)9?XLX384K4%BI# zs&y$m!n_M3(K5By(}>O;#RI$7G)#vJwT4jrP<4BOoE+ z9%_5_K1D!CCi@>6p9Vjc)ifBrZ8GQ~dqgGs^(7aroXp0uC6zEdq;e18nY1H|i`VXW zxwx==LXH5CVUx8vUcW$CnbtT+*P6t%er9IV1q{(+5pS;;R;?dO@6b=DxTh`$-9rg+ zC$#f$#wj-;@{!m>iO;O&3tME_=wcTeeBbU83&ap$6AwGxI^T)c2z^z8Tu1c zgDEVu^2imUm2yPYDs*zb@GL~#(SC$_TA$v~s5AYrOl66EuMd7GuL~X2Lx{iW7?B#OdCH)>%w*|Cj za_efdirCq+=BsWcf$%5le_B%5-X?FZv1f_^;M2+Lpj=7j$XDcad8kD)4iU$Q|kaWRfEM_~| z!zgEjJ}~f46^pAzNJorS_qbbOp_^5!BTlB2rs zoAUNHKBs9XqAti@(A_KuX2{&Y>;6JoYZts6S23%JTL^Is>H2vot=#+05t6Fcvf3xN zR{7jRtnBF_059seh9p>E?Zmo_om=dahT@x%4k{$5g@CaI6HOWooxcr#e@#TV1IxMq z<}>jY9!FL|lcJI8IZ(W_d>Vco&@w)yl(7pX=9;ng>gJ(3P2~(F$hXQ$*VWnjvHaAB5X7>=_R%I5FWU@hVkVp5TUq%mWw_m-_A}ii;h_(|H}Vr zGzk&+x;A@^H?@YNdIh^QfC3mMucjg zo@4pTn0IZC9dJmVpBPgX`4?_y4axh7ZF5gU*2S-B;sFc;tKJU8{RD`tw^1$;I0NGz z8hwL;X4W}Lad3%AAJOfTW|%TV`#yye5aW)*$8sQ0QoI#JC|~g+mh?i$aB#52Mc{F>`Go{w$Q|?c4vA3G?{Zl3VE+ZdcBl-(`SG>WD*nsMf&c%*PWzX5P1DO4Wx46I zn$9Ph7ZK4A(HtpjA5Qlt^dbbZkt1VWOmIX5ksNdC@Y8p#!f8ne{k7-$qW5l&SwE=- zHZrSTBKxdHhS25CCpVbQ#N{Wp&8=<*yQC*S4|CFq{RE~zw_&U-9#?$F9TunXIKhW7pRj%pLGvVCb3+rB89t2v-i=N(sz!;PuQ zsrdG%6WZe5tyTE~uxiwqG_^#Cy1uj1+SRRU^ZwiqsbqkEkbTR8Dleco`ZPziGUC(zSqUjA7RFt9)L8YgEdt^E3 z2;!#h)2LM@?%y}6j`N}`WSycEnoq0OY8&PkvZk>q(>YDd%e!K^vqxk8mgcEOp{#K@ zNn<`!)s68EEQSVPEh0-iTc4Urw|LXJOiG@ir%YXECX)>{Qdy$5IwSw4G)PdljHU9EMVs}zeNkOhlm3{MV3AmBxOR%%ytTc@3mD2#7n`*W%K5Yp; zQsToKHm^(p@vMrhVtzwk@qX$>C6L1D78R>--R>;Af-&K7r(7x9<8I4;{bV$RI$@Zw zqUr!RiTeuECzqo&!c=BtZ)QlJ4ro)`!ySu1y1LIewNVVnY8b@{UQSu@q>ZJkt1Ao_ zeQFj!_0m%!@93lDFe{eR=}lkEI+s4`rVdV!6j5TBGcyU zp=FlqC%d=a=<_a=Hk+G_x{BAkn%mN270%``lgUz=qp?@}LwuYoN3`aBv>woRO%( zap$I%7>3NwcUzQ(G@S?Ytg_%(XbfO{9Yuq@Z`saznOSGLaVMr%rfLU8GO3Q%VMeQ3 zd17d|D3)1r-z1w2K{27_fB{PQ*@!3UZ_MUQO|Vg1Oz9KD^X9TyZ)=hW8NYw|1jsg+ zFo!7vb74(n(F4<97Qw~Dq|sB*OB+4mlX*T|&;p32SmStX^NRejsA^Q55U$LQiaXgv zAny4&4|I30va=5j3qh{?E6B`x#CIM+%xDx94W{9KOu$@dnIsn9(Ra!ZotqJrIhKqj zaFlzZY|$c?VDUnMR-6TMWQ|Z>KC7cS46Iv`GDt4S3tpD@@P3f>U*}M7g?cnNwnpzv z2m}tK*(^Z_(HKkOC>oIvfC$u~QjIe1qSB2oU{S*6ybRP++H9*afu+oLJ(F3>;` z?lna44;gZEFNV=ZoI?3avaA+X#g;v>t%5+|Uc(D+o3$!W`9h3ol!&-{h=;qnjD=ku z--J^YZ`(Z zFXX=3hbF&Il+}S{%Ax$b{LQ#p+_klrsPi26irxocchX;Pf|}R5aEb1V@o&CC9`;72 z*f}PNsE_(EpWbfzzpmh6#iAgydlObHZh|)}x3*~CQQxvR+2mhP-%@>dmxOvzQE8|8 z+%2hpMl8uE*BhBqNkU+VJSOlU_j`AHzN)yIn_ULq-`F|WpRrmxpL?>RrZj+$j#le+ zBo5Ku#y=1<*VjGvHVb}YJ%()6$B!tbI|f~@Hn_|Aol6z?*QNbn8q>whTgt{o&$(J> z`GVpK@ZD5d$Z~Y*p92q>b?K7*`&%W-Bh*TV`SC`rYp6EBNK8dPHQ5e2%fk6i3Z|xRE-Sq6EG>vNhWV zsC%3u;=5=WlNe@muPe(~(@8XgAkI7(_-_PcUWY4Bh(g?r2TRX#7#npWm=KD~IgQg- z`k{{%Obki%QlaET9E`7gWGoj-pkC&MtIin1hVJc2$ng&usqixGw})^Fy+R%Lt|AwX zM~;_8sK9OZYpC4fSC$Tp5}k-17*8i0PBH}gee(`ZxxH0|bN31rc_!L%_l?Gf``kd% z8&+~5W(7Wav)aQkDU8Nb?#qqCe?L%wF3@3H=$nw0a3EkZ%7ym(dny7b-8nBLTKt5rmIXUtjbjWb16E1LXMQeO>@-eh+g2HZ z*46*%q|#r&35K&m9G+ zvU~plcMo|%xN&~t2egtJ#IqCKAr7x6GXN%gHF0Tai6P=-V7P@oVG}{g?w>X^gD!Zu z9X13p06J8A1ii$q8MB@xb%(oy1Qv-#(;%BZI4zd!2an+4- z>Di2_Q48iVyZfucj?eX%n@Go8mS5MTz~(5My|R%3BHtU!x)|4cn4uDip;8#VO45h$ z@u<07mM`R9woe;g*&O->b)A~fmT_K2*w`oU)ZWjA;a$bXi1-^m4leJ9hbPC5wuIR_ zV(xzEPw*}Xa2#AeV(?wxINCn4@?EbW|3%k1ql&0D;MMfwm~-I%Y8#-Iu8Dg|(Zfm)NYUx6}S`efoeV(~F@4K0X+vN$iP z>H*5~B9(H4!LSk_%{*43;BO@KSw}fmCoxjyWSBT=vz=8DeIvGJ5XA}d^5QNM+#K;~+obdyG21>cM z0u{jHN2!Fi>f>B1>-x5cPaLb4QT<*2gAx*A;*NYcO;DlxtuDsGPl*(+*|NuG9@j>V zaAid@yMQ!1g)b)@qwaF=wt!HFZ;J!}e1s)@sBnUxisI~Y4??-uhb-L^0V5a{y+4hU z-J=B*X>toWJE7tdy|2WDIkngL(V5G%u;PhgV^*1yG-N8o=!kO78vLB#kC;ya9~wk# zYtCD@@Qyne49oSmMf0u4;Dyn&EckY(-<1_(Zzf;UwqJ}gQ9K`?+^RA}+4f^RI1f3R zL$r%LmUBSrs-NQ)XX6^(IfN2+Ln_UaX#Wmp=(3aXq8u%(nqa=mx8h5<%9X-;aD8OR z=J>-!HvvK0_t}2QtAj(zEPH1j=!KL!6zrBP1HXgh23@nqyZa+tx9#)Sy+B z(r{xVtWrNzRUAuT1ust@9h)VLJ(!xjg`3hm6$d$?O|4=_HH6(cBvC(ce<>WKS=(__ zya5-5uC05*?#5oRi8I;=vg_94VzY4P3$-Tj8?xy;30jM|yTjx5mHR9P;XI8xhd(2$ zCmtyFe*dNXs%R$p=F#`=sLSEyoPI`Tn{9J4#?Z)+yL!-t3#zK%@~=q9HS{)T*lR>+ zqH6>Lv1)ynD){uPDyecf(?Vwy+H#na^wk3LliYEROTPl2+F>Q6Qow+_+%dqW1U`bP zE1(PVm>cTWr5M+)l@AQTgUE5MDd03LHDG~b6dbOQy=FvpbLP6t5#Swsu>M&N5>OWRQ&ke!f+Y&nUKJ*$IZ*_ zWfq{)YB@#_rRerg$4Bg{S8Is2IGC`4F5_C?>kr0^Iw{2cKFDok=*PM2U{`Mh_&}LHH0v$@w>Q)n(nK@ zcARgPsh@7h_zR1%Vt-@nSFZ%0{LdzWy)j5IChV_YD+K?i;4|*^Uu|kw{=;ji)DIJ) zXJX_)ZEJ61Yh>?eX5?TbKW@EF`@7?v0_BMaK$Go~P6##(x8%0~y=1Ge3@BBl(I14- zI7OuVk#3h#5zCx5a6%Vn6Jrzlv8f2&y+ZR;2a<$< z_L#~m-zZaFv5T8A-og@Ug*kM)3T&+eEt#D_z6x1(%wGbQ@55pklgYLSM%#F(O+X02 z!YvF+5KxiyHnw@%oYR5XQxd=9sLPThz?f8RLvGgB;#JUnUU)d5D#<^nQ{L+9&ilza^;vB`k z#@9OR7oJdG7srP1RqJ}Orc-;nl;HD62UZ`pg7?WgGZL%HMtW`Uq4B$sdKO#M$eZU~ z2PBeUYz=F;^qAUZ!*;{i;c93!7Pm$}C>wS4FDS>0F(}ptad*T%F_OQn3u?eN?B|puwDWx2$iZpj6%` zI`Yp@zpqt2tZJd2Zwb_5qEb#{2N$LUGPXX^bkztOhzz74&KXsIqH(}XM6nX5eN|0s3Sd}=+&_-A3#rG{HM@pwZKAyCkaJ?$Dw3MAb zY-qq4kO17R%{^Ed8M!$*{py0c%@WLOCh2Hz3(@}l7`TnagS{-2J!BecLDq;G2_cxKq~)&)uyf=CVZ2F@2!&wm!6&U+;xrjD znQReLfwgS2iPTfH@~-jc1sFurLn<^wXe)*7E_wm-L>aAZZGZ)`2>AjRR6wH>*WjY6 zj*WawuBOT)+zwZ;o>*z^bmMb;ZP9BY=7~RstPZIX< zxY+T$fjQAGizglvW0_LG8#R*KV+k(?C{#oq%$5P*IT6v+B6H*7eyBnKDp>`0Xr-S- z8PsGU$6Bq3DP@2DUh+`6jPtj>a2b~MHt{{uZ_w|1^C~hJgf=Og_&w3J3utpF*cZqu zsEf@7O%NM|yt~@N-4CNvUQFYQ0b93#mub}N$f8IZ+_@?>v)2HnR-P7t(nZ0ro$w)NDHT?7TGyLfo>D9p9-B+GE`#wpr z(%n@n%t-5-gHLqDiRbUPFkjyBIv9W-fK7tyPtCzzdpHB{QTNR+6cpGyZcSjfR!^{P zRWGnzP^_I+(&BX_{_YuB(C1F>^fl8EsH8#f=w5)9>G{t&g6miOkyqW}*t1XVE9fxq zS9x?8PuoJSOu@ssH_h?qj_?WA!kiJAtbVlP86>s~qvs**#%$F`_S%z&9cklkOsMy9 zTo9qzS=;^3r-RUgO2V=2p6ed2GV7n|uK8BezPY9z03KBYH4){P-+cE@3r*kY9xogV zfLZE8SdmoAw~UcgnO!x}KpfnDf0E$iHUZV4T%FOq>{EeQWE{k&vsfL2*9{o$hv~NsX<^<( zMImo(F?rEU>iTH#!ZRfIWiK}~?yplbbT`^98n(tZpd9q!3EZkacWO+|8S zC!g#9o3!*B*H##2IB7)Ug#h@RIJs2d3Cw2yL-zesfcqNX$G^MR1<_<3^8<_>$g04Y z$L%chCJ1O0ut9pzhzhGDyyG09W6YtB0Zn_DDOx9jf(6Hlv#@zuvW z`2398>`Mk07T$#JVbP4bga@$MnP<`g2CGOl5`Dweym{T$teUUtly|g)FiWRTpiaF@ z)bS;YYp}d%y$fP@Ar(Kw2W+>C^sqd7a^WB9M$K=nV@JyQGIlqyZ=M+)gg17iL?#i# zz;h6+sSy>yUR)45o!llri%3X!WR&oa^iP=&62iqrE>9sikX~fVz`7|haU<(Mk!1}W zeQrRXq7E&pffezi&jGJv4`ln6gP#00*g-3(jWYJuTKhZs#8JMFK(v;4u#9w|6_w*x zur60H?7B`*FcP3B;WNKc2%XLHQ3xL`LN~DEZ5RFV!)CVRX>IDIK81DhbDhi?pZ9-; zG_;!`YV7|+N#FneceRDke^~DRqqg|BRYjqSg#zXek{M-9alph}*W=ql22mRctjZ+q z2_OmWx5Bz7Kfa?o#~!XafRU@DLV>xFzTPHQZMH^ih2`$FJ_GkE-=4%Vx?sg)RK!CT zPv$js<_GUbKM!!4@k3*FG#|5}e!lbIa)H{S_`vpnGy_IM(s%;Wq$-n_88sgG;Yd+W zi$q3LYKU=Jq$@KPliVliRSOO`5P9*BA6lm^X-Y~In=~Hmflx6dFHr&LWXIB7c>6M3 z-kz_)P^B%=mzwr9MM##pu*BUc{_9XnMbGZ6BC!H+@o+7RioI5ni}nKi z`l%-9p(XHI7V{P?W#Jte>kE4dX$$h?AO%*-EDeL|=)sgY1C4#(Ku9|88h8s*HtvMw z8ag_EOC=%Y8BK28D1pd81-L9EU5!xyn)V(ma{5n0k+N;#IMkU}$W7cN_?dvTIWuZS zD*Uo?)$Y|p7O{0yunJcOd0H{H~OE;SV6Cn!2E-<`U+(2=JNB#mSkAs!KNKbaa1 zPAeQ{VBa68R;5ZSD+?{Dq%&tvD1&ewlw>$)uOEkN)}URG30nHOt$j?SP2D@jeYd6sFxm}vkr6-_TZFOq*;9i4Bl zRjUrgNUAGSzeo53j`A)2RQ%QL?S1;ZWO^x5r0~9_)A%h{-d-N`hE2LqG{68|nXcqu z3*o%NdL{9Qu<@4Sjga*k_9$cO=wZFueBC2tRsZ;%BkhFbFGSIi2O6k{OJ|pbKaIEw zfKG;LwMcca)nzF|O1}PxK%oPPw-QPPqPEM^3j_B||2V$QqGlq`p8UkdvdVoYmlkCJ zEl=;wgb}FJb9R?=$x@VJ2Q*u&n2<(i_Owgbp(K7U^Lv$x_Hv%K;d|$8u?rIp1cjX= z=uCIS?&c;A#rZ`*BC7cka9Fndc_khV)~w|f0)R_+x-66P2v!>*t5G_zGth{Zp{+WQ zD;$0)ZKVhK4xT6PqEJP#og6^gKsebzUM5FXoL5GOgo(IATg7Bx_^B6G6x7+L*%yc+ z6ou>WlQ?~vX$xrPwkd2KRgyJRBAx~&*f7>mNyH6a3)ME;Dkh6Ep~eks6w-`F?8HuL zQK3=H@VgwpN@u{P&eK58Xepp&y$SQ^VzgXr&UPg_E(ZA z;*ecLT+oaE(!QYMD<6uXSS_0&+yzWdl_WWhRqY%D2D>yW_pVdQ88O%cebjYG!7#AX zYp3dcCW{yIjX#M%0xVY~bflPPKu*Zg(`xVk-pNRZ0>Nmyz+so3Ldh1CN=I*sqpGJ= z3}1kJF;pYM@fvkJB|{Zu<@hoZpf=z1wH_|u;v6Sfhx0`y^_;k=I#Q??+A@@WSGw5W zSYC0_i!;c&!1CEd_wmQ&KFRQ|Szu6dTlD-Asqlr3dexb_# z(_`m;HPpOnL3Osv(E`NU=|0?jAqGc1TvctzGFcmJMS2G=Ua*h9AbKot5$(t|;0uE* zr3ui%JBcbcd~s$631+)?i%M2i{Q{-*5h(s;D06gB^w93=kKm5dY$m3z<&@2}aQlL@ zb;-KGg>p)sb4u-L(X#nS)36~Vu*@@y@Jg`&2wSNa+qcwinqSj6Jb$q}@FkNI!USyC z{P!5rRHr|NasHM2ja%4}-SvZ8+VufM5q zCLX%5YFxN$@cGtoi9&@p$``asSLk)EC50=-_AuPf(f@_-EoejC5sbS}Rcu+Fm{+w& z;+lT=PWFDh`wdNfi_Q<}jiN5X&;h9lxdo3!F_3L_&W^1Vx@x0jd#~WiGsxz>uN7=W z{o$wQaZukq5E^e;=#l*14+-Q6n};ZkAT_uuZc9z#*m|V88uSuEamMNr-h%Z4{Izp{ z@jCc*;-!gx?(R9a&wXn3!0djtyI3V`;}Tu%KjVl{+-2rcPb1eO87(hZxr%D}o&$aZ zIu(lJQ$II*L9?@lJRQsxHXu)ir_|GjO;f93aPa}}$HtA}XiVa8Vw}q7iqsJV${pX= zBFw5o;)vm5D9>$;b&2#%IYo1yihtkPgY3274d=4j9>x{mkf-%Q zk!n{+-7M~8_SbitjbryYp-fs+{u}3!D946R&aJk&az1OiH^Q}%?8RSqa(R^M+ZaDz z4vpDo;4AiA}fb!Nq8djpS=UG)$BA`oen0bmozTlDh|D z)%y@2$P-qc&qsd^u_HC*33MF+&Q|COZ5OG1i!BIteg*z2(^;IywxsS!=O2neQ0p3# z!Oy84_HQR)|5I2^=0~~ur&)%WwXw~AF-QL2Cd&U)Gssjq*Fajv_J(Vxt$`L-#s`S6 zQDz(mw6@IyUQryCQDZjJ@xP9BcsTvpC zS@(MzIRsWGtxdtB;ndWLaqAm5$U1P=YER8ks4kr$;=12@h%sjoUYS0aGbHDyF5biM zU8sx5XwAi=#)49{)q|K)Hdy?s>x|5RKWH< z02z3V+Zq}_=L`9pg0SM7244O1BPdcurlLder&8X2etUcqVyY{)gj|y8af7oEy=FhS z(iMMc-=?wzKysm|6|+gsVr0{=Dc91*eQG_Ecf+j-+es|#6y>*EaNsjbFzESwD zM}8e3VY;H7iZBOOnwuBmfVYk*d5CQ3NEiko7DOVl6wm#Z5?%g5LTv=syfks&klm3& zW-2Q$dTk~BWkmvNUkH1(CEa6;w#Y^dBNcD8L6RFtGyAm)>FWZfXQKYh-7!0+aU<1d zB{&N=_(%Z-I;wdR&%qkU)ogllM@@LshdLrI0eAgv#O)d6<+eo(_g$*c5y7ZdN@qf}V()wOj!#O7@MwY_1oJ1LPjJ_Ja~h@-2hNJ$ zF`d+by