From 31e47706b99d7e217943c96e543ba827c2399fcd Mon Sep 17 00:00:00 2001 From: Hao Liu <44379968+TheRealHaoLiu@users.noreply.github.com> Date: Wed, 2 Oct 2024 14:28:17 -0400 Subject: [PATCH] 3rd party auth removal cleanup - Sequentiallize auth config removal migrations - Remove references to third party auth - update license files - lint fix - Remove unneeded docs - Remove unreferenced file - Remove social auth references from docs - Remove rest of sso dir - Remove references to third part auth in docs - Removed screenshots of UI listing removed settings - Remove AuthView references - Remove unused imports ... Co-Authored-By: jessicamack <21223244+jessicamack@users.noreply.github.com> --- awx/api/conf.py | 19 +- awx/api/generics.py | 1 - awx/api/urls/urls.py | 2 - awx/api/views/__init__.py | 28 +- ..._conf.py => 0012_remove_oidc_auth_conf.py} | 2 +- ...onf.py => 0013_remove_radius_auth_conf.py} | 3 +- ..._conf.py => 0014_remove_saml_auth_conf.py} | 3 +- ...nf.py => 0015_remove_social_oauth_conf.py} | 3 +- ...y => 0016_remove_tacacs_plus_auth_conf.py} | 3 +- awx/conf/tests/unit/test_fields.py | 1 - awx/main/conf.py | 5 +- ...notification_notification_type_and_more.py | 1 - ...4_alter_inventorysource_source_and_more.py | 1 - awx/main/migrations/0195_EE_permissions.py | 1 - awx/main/migrations/0196_delete_profile.py | 1 - .../migrations/0197_remove_sso_app_content.py | 1 - awx/settings/defaults.py | 1 - .../0004_alter_userenterpriseauth_provider.py | 18 - docs/auth/README.md | 12 - docs/auth/oauth.md | 403 ------------------ docs/auth/session.md | 91 ---- docs/credentials/extract_credentials.md | 2 +- .../docsite/rst/administration/awx-manage.rst | 2 +- .../rst/administration/configure_awx.rst | 16 +- .../configure_awx_authentication.rst | 7 - docs/docsite/rst/administration/ent_auth.rst | 19 - docs/docsite/rst/administration/index.rst | 3 - .../rst/administration/kerberos_auth.rst | 117 ----- .../rst/administration/oauth2_token_auth.rst | 5 - .../security_best_practices.rst | 6 - .../rst/administration/social_auth.rst | 118 ----- ...ug-settings-menu-screen-authentication.png | Bin 95663 -> 0 bytes .../common/images/ug-settings-menu-screen.png | Bin 83534 -> 0 bytes docs/docsite/rst/common/settings-menu.rst | 5 +- .../rst/quickstart/examine_dashboard.rst | 3 - .../rst/release_notes/known_issues.rst | 8 - docs/docsite/rst/userguide/glossary.rst | 2 +- docs/docsite/rst/userguide/projects.rst | 2 +- docs/tower_configuration.md | 20 - licenses/async-timeout.txt | 201 --------- ...-openid.txt => awx-plugins.interfaces.txt} | 2 +- licenses/ecdsa.txt | 24 -- licenses/netaddr.txt | 43 -- licenses/tomli.txt | 21 - requirements/README.md | 12 - requirements/requirements.txt | 60 ++- requirements/updater.sh | 2 +- tools/docker-compose/README.md | 2 +- 48 files changed, 44 insertions(+), 1258 deletions(-) rename awx/conf/migrations/{0011_remove_oidc_auth_conf.py => 0012_remove_oidc_auth_conf.py} (91%) rename awx/conf/migrations/{0011_remove_radius_auth_conf.py => 0013_remove_radius_auth_conf.py} (90%) rename awx/conf/migrations/{0011_remove_saml_auth_conf.py => 0014_remove_saml_auth_conf.py} (95%) rename awx/conf/migrations/{0011_remove_social_oauth_conf.py => 0015_remove_social_oauth_conf.py} (98%) rename awx/conf/migrations/{0011_remove_tacacs_plus_auth_conf.py => 0016_remove_tacacs_plus_auth_conf.py} (91%) delete mode 100644 awx/sso/migrations/0004_alter_userenterpriseauth_provider.py delete mode 100644 docs/auth/README.md delete mode 100644 docs/auth/oauth.md delete mode 100644 docs/auth/session.md delete mode 100644 docs/docsite/rst/administration/configure_awx_authentication.rst delete mode 100644 docs/docsite/rst/administration/ent_auth.rst delete mode 100644 docs/docsite/rst/administration/kerberos_auth.rst delete mode 100644 docs/docsite/rst/administration/social_auth.rst delete mode 100644 docs/docsite/rst/common/images/ug-settings-menu-screen-authentication.png delete mode 100644 docs/docsite/rst/common/images/ug-settings-menu-screen.png delete mode 100644 licenses/async-timeout.txt rename licenses/{python3-openid.txt => awx-plugins.interfaces.txt} (99%) delete mode 100644 licenses/ecdsa.txt delete mode 100644 licenses/netaddr.txt delete mode 100644 licenses/tomli.txt diff --git a/awx/api/conf.py b/awx/api/conf.py index 2e262c316b42..a1ed832ff662 100644 --- a/awx/api/conf.py +++ b/awx/api/conf.py @@ -34,10 +34,7 @@ 'DISABLE_LOCAL_AUTH', field_class=fields.BooleanField, label=_('Disable the built-in authentication system'), - help_text=_( - "Controls whether users are prevented from using the built-in authentication system. " - "You probably want to do this if you are using an LDAP integration." - ), + help_text=_("Controls whether users are prevented from using the built-in authentication system. "), category=_('Authentication'), category_slug='authentication', ) @@ -70,20 +67,6 @@ category_slug='authentication', unit=_('seconds'), ) -register( - 'ALLOW_OAUTH2_FOR_EXTERNAL_USERS', - field_class=fields.BooleanField, - default=False, - label=_('Allow External Users to Create OAuth2 Tokens'), - help_text=_( - 'For security reasons, users from external auth providers (LDAP, SSO, ' - ' and others) are not allowed to create OAuth2 tokens. ' - 'To change this behavior, enable this setting. Existing tokens will ' - 'not be deleted when this setting is toggled off.' - ), - category=_('Authentication'), - category_slug='authentication', -) register( 'LOGIN_REDIRECT_OVERRIDE', field_class=fields.CharField, diff --git a/awx/api/generics.py b/awx/api/generics.py index c71919b7beff..dfe60f52188d 100644 --- a/awx/api/generics.py +++ b/awx/api/generics.py @@ -130,7 +130,6 @@ def post(self, request, *args, **kwargs): class LoggedLogoutView(auth_views.LogoutView): - success_url_allowed_hosts = set(settings.LOGOUT_ALLOWED_HOSTS.split(",")) if settings.LOGOUT_ALLOWED_HOSTS else set() def dispatch(self, request, *args, **kwargs): diff --git a/awx/api/urls/urls.py b/awx/api/urls/urls.py index c2218e5ed865..3f257da9560b 100644 --- a/awx/api/urls/urls.py +++ b/awx/api/urls/urls.py @@ -15,7 +15,6 @@ ApiV2AttachView, ) from awx.api.views import ( - AuthView, UserMeList, DashboardView, DashboardJobsGraphView, @@ -106,7 +105,6 @@ re_path(r'^config/$', ApiV2ConfigView.as_view(), name='api_v2_config_view'), re_path(r'^config/subscriptions/$', ApiV2SubscriptionView.as_view(), name='api_v2_subscription_view'), re_path(r'^config/attach/$', ApiV2AttachView.as_view(), name='api_v2_attach_view'), - re_path(r'^auth/$', AuthView.as_view()), re_path(r'^me/$', UserMeList.as_view(), name='user_me_list'), re_path(r'^dashboard/$', DashboardView.as_view(), name='dashboard_view'), re_path(r'^dashboard/graphs/jobs/$', DashboardJobsGraphView.as_view(), name='dashboard_jobs_graph_view'), diff --git a/awx/api/views/__init__.py b/awx/api/views/__init__.py index 5ae17d07e0cc..bbe79bd2a453 100644 --- a/awx/api/views/__init__.py +++ b/awx/api/views/__init__.py @@ -36,7 +36,7 @@ # Django REST Framework from rest_framework.exceptions import APIException, PermissionDenied, ParseError, NotFound from rest_framework.parsers import FormParser -from rest_framework.permissions import AllowAny, IsAuthenticated +from rest_framework.permissions import IsAuthenticated from rest_framework.renderers import JSONRenderer, StaticHTMLRenderer from rest_framework.response import Response from rest_framework.settings import api_settings @@ -126,9 +126,6 @@ from awx.api.pagination import UnifiedJobEventPagination from awx.main.utils import set_environ -if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []): - from ansible_base.authentication.models.authenticator import Authenticator as AnsibleBaseAuthenticator - logger = logging.getLogger('awx.api.views') @@ -676,29 +673,6 @@ class ScheduleUnifiedJobsList(SubListAPIView): name = _('Schedule Jobs List') -class AuthView(APIView): - '''List enabled single-sign-on endpoints''' - - authentication_classes = [] - permission_classes = (AllowAny,) - swagger_topic = 'System Configuration' - - def get(self, request): - data = OrderedDict() - if 'ansible_base.authentication' in getattr(settings, "INSTALLED_APPS", []): - # app is using ansible_base authentication - # add ansible_base authenticators - authenticators = AnsibleBaseAuthenticator.objects.filter(enabled=True, category="sso") - for authenticator in authenticators: - login_url = authenticator.get_login_url() - data[authenticator.name] = { - 'login_url': login_url, - 'name': authenticator.name, - } - - return Response(data) - - def immutablesharedfields(cls): ''' Class decorator to prevent modifying shared resources when ALLOW_LOCAL_RESOURCE_MANAGEMENT setting is set to False. diff --git a/awx/conf/migrations/0011_remove_oidc_auth_conf.py b/awx/conf/migrations/0012_remove_oidc_auth_conf.py similarity index 91% rename from awx/conf/migrations/0011_remove_oidc_auth_conf.py rename to awx/conf/migrations/0012_remove_oidc_auth_conf.py index f3393f3f44ef..be80ef7a989b 100644 --- a/awx/conf/migrations/0011_remove_oidc_auth_conf.py +++ b/awx/conf/migrations/0012_remove_oidc_auth_conf.py @@ -12,7 +12,7 @@ def remove_oidc_auth_conf(apps, scheme_editor): class Migration(migrations.Migration): dependencies = [ - ('conf', '0010_change_to_JSONField'), + ('conf', '0011_remove_ldap_auth_conf'), ] operations = [ diff --git a/awx/conf/migrations/0011_remove_radius_auth_conf.py b/awx/conf/migrations/0013_remove_radius_auth_conf.py similarity index 90% rename from awx/conf/migrations/0011_remove_radius_auth_conf.py rename to awx/conf/migrations/0013_remove_radius_auth_conf.py index 6c0c619e5e3e..ac8dd5aafd6a 100644 --- a/awx/conf/migrations/0011_remove_radius_auth_conf.py +++ b/awx/conf/migrations/0013_remove_radius_auth_conf.py @@ -13,9 +13,8 @@ def remove_radius_auth_conf(apps, scheme_editor): class Migration(migrations.Migration): - dependencies = [ - ('conf', '0010_change_to_JSONField'), + ('conf', '0012_remove_oidc_auth_conf'), ] operations = [ diff --git a/awx/conf/migrations/0011_remove_saml_auth_conf.py b/awx/conf/migrations/0014_remove_saml_auth_conf.py similarity index 95% rename from awx/conf/migrations/0011_remove_saml_auth_conf.py rename to awx/conf/migrations/0014_remove_saml_auth_conf.py index 83c4fd3c469b..a63ac02804eb 100644 --- a/awx/conf/migrations/0011_remove_saml_auth_conf.py +++ b/awx/conf/migrations/0014_remove_saml_auth_conf.py @@ -30,9 +30,8 @@ def remove_saml_auth_conf(apps, scheme_editor): class Migration(migrations.Migration): - dependencies = [ - ('conf', '0010_change_to_JSONField'), + ('conf', '0013_remove_radius_auth_conf'), ] operations = [ diff --git a/awx/conf/migrations/0011_remove_social_oauth_conf.py b/awx/conf/migrations/0015_remove_social_oauth_conf.py similarity index 98% rename from awx/conf/migrations/0011_remove_social_oauth_conf.py rename to awx/conf/migrations/0015_remove_social_oauth_conf.py index b72db9398b61..ce8ceb716306 100644 --- a/awx/conf/migrations/0011_remove_social_oauth_conf.py +++ b/awx/conf/migrations/0015_remove_social_oauth_conf.py @@ -72,9 +72,8 @@ def remove_social_oauth_conf(apps, scheme_editor): class Migration(migrations.Migration): - dependencies = [ - ('conf', '0010_change_to_JSONField'), + ('conf', '0014_remove_saml_auth_conf'), ] operations = [ diff --git a/awx/conf/migrations/0011_remove_tacacs_plus_auth_conf.py b/awx/conf/migrations/0016_remove_tacacs_plus_auth_conf.py similarity index 91% rename from awx/conf/migrations/0011_remove_tacacs_plus_auth_conf.py rename to awx/conf/migrations/0016_remove_tacacs_plus_auth_conf.py index 229c40bcc138..ae7b8d181906 100644 --- a/awx/conf/migrations/0011_remove_tacacs_plus_auth_conf.py +++ b/awx/conf/migrations/0016_remove_tacacs_plus_auth_conf.py @@ -16,9 +16,8 @@ def remove_tacacs_plus_auth_conf(apps, scheme_editor): class Migration(migrations.Migration): - dependencies = [ - ('conf', '0010_change_to_JSONField'), + ('conf', '0015_remove_social_oauth_conf'), ] operations = [ diff --git a/awx/conf/tests/unit/test_fields.py b/awx/conf/tests/unit/test_fields.py index 28c54dc6177a..86f241a1085f 100644 --- a/awx/conf/tests/unit/test_fields.py +++ b/awx/conf/tests/unit/test_fields.py @@ -111,7 +111,6 @@ class TestURLField: @pytest.mark.parametrize( "url,schemes,regex, allow_numbers_in_top_level_domain, expect_no_error", [ - ("ldap://www.example.org42", "ldap", None, True, True), ("https://www.example.org42", "https", None, False, False), ("https://www.example.org", None, regex, None, True), ("https://www.example3.org", None, regex, None, False), diff --git a/awx/main/conf.py b/awx/main/conf.py index e2fde4bde13b..3f601b6d095a 100644 --- a/awx/main/conf.py +++ b/awx/main/conf.py @@ -46,10 +46,7 @@ 'MANAGE_ORGANIZATION_AUTH', field_class=fields.BooleanField, label=_('Organization Admins Can Manage Users and Teams'), - help_text=_( - 'Controls whether any Organization Admin has the privileges to create and manage users and teams. ' - 'You may want to disable this ability if you are using an LDAP integration.' - ), + help_text=_('Controls whether any Organization Admin has the privileges to create and manage users and teams.'), category=_('System'), category_slug='system', ) diff --git a/awx/main/migrations/0193_alter_notification_notification_type_and_more.py b/awx/main/migrations/0193_alter_notification_notification_type_and_more.py index 59fde544c8e9..8c76527f8de2 100644 --- a/awx/main/migrations/0193_alter_notification_notification_type_and_more.py +++ b/awx/main/migrations/0193_alter_notification_notification_type_and_more.py @@ -4,7 +4,6 @@ class Migration(migrations.Migration): - dependencies = [ ('main', '0192_custom_roles'), ] diff --git a/awx/main/migrations/0194_alter_inventorysource_source_and_more.py b/awx/main/migrations/0194_alter_inventorysource_source_and_more.py index d6f399d71c5a..41841e093eb3 100644 --- a/awx/main/migrations/0194_alter_inventorysource_source_and_more.py +++ b/awx/main/migrations/0194_alter_inventorysource_source_and_more.py @@ -4,7 +4,6 @@ class Migration(migrations.Migration): - dependencies = [ ('main', '0193_alter_notification_notification_type_and_more'), ] diff --git a/awx/main/migrations/0195_EE_permissions.py b/awx/main/migrations/0195_EE_permissions.py index 8216d474f30f..39a0aed1f934 100644 --- a/awx/main/migrations/0195_EE_permissions.py +++ b/awx/main/migrations/0195_EE_permissions.py @@ -12,7 +12,6 @@ def delete_execution_environment_read_role(apps, schema_editor): class Migration(migrations.Migration): - dependencies = [ ('main', '0194_alter_inventorysource_source_and_more'), ] diff --git a/awx/main/migrations/0196_delete_profile.py b/awx/main/migrations/0196_delete_profile.py index bdfdf90b480e..726cc05d1cd1 100644 --- a/awx/main/migrations/0196_delete_profile.py +++ b/awx/main/migrations/0196_delete_profile.py @@ -4,7 +4,6 @@ class Migration(migrations.Migration): - dependencies = [ ('main', '0195_EE_permissions'), ] diff --git a/awx/main/migrations/0197_remove_sso_app_content.py b/awx/main/migrations/0197_remove_sso_app_content.py index 71bbb33f19a1..80b301f517d4 100644 --- a/awx/main/migrations/0197_remove_sso_app_content.py +++ b/awx/main/migrations/0197_remove_sso_app_content.py @@ -4,7 +4,6 @@ class Migration(migrations.Migration): - dependencies = [ ('main', '0196_delete_profile'), ] diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py index 82fffdf7f8e4..1edcc11edbbb 100644 --- a/awx/settings/defaults.py +++ b/awx/settings/defaults.py @@ -397,7 +397,6 @@ OAUTH2_PROVIDER_ID_TOKEN_MODEL = "oauth2_provider.IDToken" OAUTH2_PROVIDER = {'ACCESS_TOKEN_EXPIRE_SECONDS': 31536000000, 'AUTHORIZATION_CODE_EXPIRE_SECONDS': 600, 'REFRESH_TOKEN_EXPIRE_SECONDS': 2628000} -ALLOW_OAUTH2_FOR_EXTERNAL_USERS = False # Enable / Disable HTTP Basic Authentication used in the API browser diff --git a/awx/sso/migrations/0004_alter_userenterpriseauth_provider.py b/awx/sso/migrations/0004_alter_userenterpriseauth_provider.py deleted file mode 100644 index 8479a9c749b0..000000000000 --- a/awx/sso/migrations/0004_alter_userenterpriseauth_provider.py +++ /dev/null @@ -1,18 +0,0 @@ -# Generated by Django 4.2.10 on 2024-10-02 12:44 - -from django.db import migrations, models - - -class Migration(migrations.Migration): - - dependencies = [ - ('sso', '0003_convert_saml_string_to_list'), - ] - - operations = [ - migrations.AlterField( - model_name='userenterpriseauth', - name='provider', - field=models.CharField(choices=[('radius', 'RADIUS'), ('tacacs+', 'TACACS+')], max_length=32), - ), - ] diff --git a/docs/auth/README.md b/docs/auth/README.md deleted file mode 100644 index fde844e6e6fa..000000000000 --- a/docs/auth/README.md +++ /dev/null @@ -1,12 +0,0 @@ -This folder describes third-party authentications supported by AWX. These authentications can be configured and enabled inside AWX. - -When a user wants to log into AWX, she can explicitly choose some of the supported authentications to log in instead of AWX's own authentication using username and password. Here is a list of such authentications: -* OIDC (OpenID Connect) - -On the other hand, the other authentication methods use the same types of login info (username and password), but authenticate using external auth systems rather than AWX's own database. If some of these methods are enabled, AWX will try authenticating using the enabled methods *before AWX's own authentication method*. - -## Notes: - * Enterprise users can only be created via the first successful login attempt from remote authentication backend. - * Enterprise users cannot be created/authenticated if non-enterprise users with the same name has already been created in AWX. - * AWX passwords of Enterprise users should always be empty and cannot be set by any user if there are enterprise backends enabled. - * If enterprise backends are disabled, an Enterprise user can be converted to a normal AWX user by setting password field. But this operation is irreversible (the converted AWX user can no longer be treated as Enterprise user). diff --git a/docs/auth/oauth.md b/docs/auth/oauth.md deleted file mode 100644 index 6496adc81d15..000000000000 --- a/docs/auth/oauth.md +++ /dev/null @@ -1,403 +0,0 @@ -## Introduction -OAuth2 is the AWX means of token-based authentication. Users -will be able to manage OAuth2 tokens as well as applications, a server-side representation of API -clients used to generate tokens. With OAuth2, a user can authenticate by passing a token as part of -the HTTP authentication header. The token can be scoped to have more restrictive permissions on top of -the base RBAC permissions of the user. Refer to [RFC 6749](https://tools.ietf.org/html/rfc6749) for -more details of OAuth2 specification. - -## Basic Usage - -To get started using OAuth2 tokens for accessing the browsable API using OAuth2, this document will walk through the steps of acquiring a token and using it. - -1. Make an application with `authorization_grant_type` set to 'password'. HTTP POST the following to the `/api/v2/applications/` endpoint (supplying your own `organization-id`): -``` -{ - "name": "Admin Internal Application", - "description": "For use by secure services & clients. ", - "client_type": "confidential", - "redirect_uris": "", - "authorization_grant_type": "password", - "skip_authorization": false, - "organization": -} -``` -2. Make a token with a POST to the `/api/v2/tokens/` endpoint: -``` -{ - "description": "My Access Token", - "application": , - "scope": "write" -} -``` -This will return a `` that you can use to authenticate with for future requests (this will not be shown again) - -3. Use token to access a resource. We will use `curl` to demonstrate this: -``` -curl -H "Authorization: Bearer " -X GET https:///api/v2/users/ -``` -> The `-k` flag may be needed if you have not set up a CA yet and are using SSL. - -This token can be revoked by making a DELETE on the detail page for that token. All you need is that token's id. For example: -``` -curl -ku : -X DELETE https:///api/v2/tokens// -``` - -Similarly, using a token: -``` -curl -H "Authorization: Bearer " -X DELETE https:///api/v2/tokens// -k -``` - - -## More Information - -#### Managing OAuth2 Applications and Tokens - -Applications and tokens can be managed as a top-level resource at `/api/v2/applications` and -`/api/v2/tokens`. These resources can also be accessed respective to the user at -`/api/v2/users/N/`. Applications can be created by making a POST to either `api/v2/applications` -or `/api/v2/users/N/applications`. - -Each OAuth2 application represents a specific API client on the server side. For an API client to use the API via an application token, -it must first have an application and issue an access token. - -Individual applications will be accessible via their primary keys: -`/api/v2/applications//`. Here is a typical application: -``` -{ - "id": 1, - "type": "o_auth2_application", - "url": "/api/v2/applications/1/", - "related": { - "user": "/api/v2/users/1/", - "tokens": "/api/v2/applications/1/tokens/", - "activity_stream": "/api/v2/applications/1/activity_stream/" - }, - "summary_fields": { - "user": { - "id": 1, - "username": "root", - "first_name": "", - "last_name": "" - }, - "tokens": { - "count": 1, - "results": [ - { - "scope": "read", - "token": "*************", - "id": 2 - } - ] - } - }, - "created": "2018-02-20T23:06:43.215315Z", - "modified": "2018-02-20T23:06:43.215375Z", - "name": "Default application for root", - "user": 1, - "client_id": "BIyE720WAjr14nNxGXrBbsRsG0FkjgeL8cxNmIWP", - "client_secret": "OdO6TMNAYxUVv4HLitLOnRdAvtClEV8l99zlb8EJEZjlzVNaVVlWiKXicznLDeANwu5qRgeQRvD3AnuisQGCPXXRCx79W1ARQ5cSmc9mrU1JbqW7nX3IZYhLIFgsDH8u", - "client_type": "confidential", - "redirect_uris": "", - "authorization_grant_type": "password", - "skip_authorization": false -}, -``` -In the above example, `user` is the primary key of the user associated to this application and `name` is - a human-readable identifier for the application. The other fields, like `client_id` and -`redirect_uris`, are mainly used for OAuth2 authorization, which will be covered later in the 'Using -OAuth2 Token System' section. - -Fields `client_id` and `client_secret` are immutable identifiers of applications, and will be -generated during creation; Fields `user` and `authorization_grant_type`, on the other hand, are -*immutable on update*, meaning they are required fields on creation, but will become read-only after -that. - -**On RBAC side:** -- System admins will be able to see and manipulate all applications in the system; -- Organization admins will be able to see and manipulate all applications belonging to Organization - members; -- Other normal users will only be able to see, update and delete their own applications, but - cannot create any new applications. - -Tokens, on the other hand, are resources used to actually authenticate incoming requests and mask the -permissions of the underlying user. Tokens can be created by POSTing to `/api/v2/tokens/` -endpoint by providing `application` and `scope` fields to point to related application and specify -token scope; or POSTing to `/api/v2/applications//tokens/` by providing only `scope`, while -the parent application will be automatically linked. - -Individual tokens will be accessible via their primary keys at -`/api/v2/tokens//`. Here is a typical token: -``` -{ - "id": 4, - "type": "o_auth2_access_token", - "url": "/api/v2/tokens/4/", - "related": { - "user": "/api/v2/users/1/", - "application": "/api/v2/applications/1/", - "activity_stream": "/api/v2/tokens/4/activity_stream/" - }, - "summary_fields": { - "application": { - "id": 1, - "name": "Default application for root", - "client_id": "mcU5J5uGQcEQMgAZyr5JUnM3BqBJpgbgL9fLOVch" - }, - "user": { - "id": 1, - "username": "root", - "first_name": "", - "last_name": "" - } - }, - "created": "2018-02-23T14:39:32.618932Z", - "modified": "2018-02-23T14:39:32.643626Z", - "description": "App Token Test", - "user": 1, - "token": "*************", - "refresh_token": "*************", - "application": 1, - "expires": "2018-02-24T00:39:32.618279Z", - "scope": "read" -}, -``` -For an OAuth2 token, the only fully mutable fields are `scope` and `description`. The `application` -field is *immutable on update*, and all other fields are totally immutable, and will be auto-populated -during creation. -* `user` - this field corresponds to the user the token is created for -* `expires` will be generated according to the configuration setting `OAUTH2_PROVIDER` -* `token` and `refresh_token` will be auto-generated to be non-clashing random strings. - -Both application tokens and personal access tokens will be shown at the `/api/v2/tokens/` -endpoint. Personal access tokens can be identified by the `application` field being `null`. - -**On RBAC side:** -- A user will be able to create a token if they are able to see the related application; -- The System Administrator is able to see and manipulate every token in the system; -- Organization admins will be able to see and manipulate all tokens belonging to Organization - members; - System Auditors can see all tokens and applications -- Other normal users will only be able to see and manipulate their own tokens. -> Note: Users can only see the token or refresh-token _value_ at the time of creation ONLY. - -#### Using OAuth2 Token System for Personal Access Tokens (PAT) -The most common usage of OAuth2 is authenticating users. The `token` field of a token is used -as part of the HTTP authentication header, in the format `Authorization: Bearer `. This _Bearer_ -token can be obtained by doing a curl to the `/api/o/token/` endpoint. For example: -``` -curl -ku : -H "Content-Type: application/json" -X POST \ --d '{"description":"Tower CLI", "application":null, "scope":"write"}' \ -https:///api/v2/users/1/personal_tokens/ | python -m json.tool -``` -Here is an example of using that PAT to access an API endpoint using `curl`: -``` -curl -H "Authorization: Bearer kqHqxfpHGRRBXLNCOXxT5Zt3tpJogn" http:///api/v2/credentials/ -``` - -According to OAuth2 specification, users should be able to acquire, revoke and refresh an access -token. In AWX the equivalent, and easiest, way of doing that is creating a token, deleting -a token, and deleting a token quickly followed by creating a new one. - -The specification also provides standard ways of doing this. RFC 6749 elaborates -on those topics, but in summary, an OAuth2 token is officially acquired via authorization using -authorization information provided by applications (special application fields mentioned above). -There are dedicated endpoints for authorization and acquiring tokens. The `token` endpoint -is also responsible for token refresh, and token revoke can be done by the dedicated token revoke endpoint. - -In AWX, our OAuth2 system is built on top of -[Django Oauth Toolkit](https://django-oauth-toolkit.readthedocs.io/en/latest/), which provides full -support on standard authorization, token revoke and refresh. AWX implements them and puts related -endpoints under `/api/o/` endpoint. Detailed examples on the most typical usage of those endpoints -are available as description text of `/api/o/`. See below for information on Application Access Token usage. -> Note: The `/api/o/` endpoints can only be used for application tokens, and are not valid for personal access tokens. - - -#### Token Scope Mask Over RBAC System - -The scope of an OAuth2 token is a space-separated string composed of keywords like 'read' and 'write'. -These keywords are configurable and used to specify permission level of the authenticated API client. -For the initial OAuth2 implementation, we use the most simple scope configuration, where the only -valid scope keywords are 'read' and 'write'. - -Read and write scopes provide a mask layer over the RBAC permission system of AWX. In specific, a -'write' scope gives the authenticated user the full permissions the RBAC system provides, while 'read' -scope gives the authenticated user only read permissions the RBAC system provides. - -For example, if a user has admin permission to a job template, he/she can both see and modify, launch -and delete the job template if authenticated via session or basic auth. On the other hand, if the user -is authenticated using OAuth2 token, and the related token scope is 'read', the user can only see but -not manipulate or launch the job template, despite being an admin. If the token scope is -'write' or 'read write', she can take full advantage of the job template as its admin. Note that 'write' -implies 'read' as well. - - -## Application Functions - -This page lists OAuth2 utility endpoints used for authorization, token refresh and revoke. -Note endpoints other than `/api/o/authorize/` are not meant to be used in browsers and do not -support HTTP GET. The endpoints here strictly follow -[RFC specs for OAuth2](https://tools.ietf.org/html/rfc6749), so please use that for detailed -reference. Below are some examples to demonstrate the typical usage of these endpoints in -AWX context (note that the AWX net location defaults to `http://localhost:8013` in these examples). - - -#### Application Using `authorization code` Grant Type - -This application grant type is intended to be used when the application is executing on the server. To create -an application named `AuthCodeApp` with the `authorization-code` grant type, -make a POST to the `/api/v2/applications/` endpoint: -```text -{ - "name": "AuthCodeApp", - "user": 1, - "client_type": "confidential", - "redirect_uris": "http:///api/v2", - "authorization_grant_type": "authorization-code", - "skip_authorization": false -} -``` -You can test the authorization flow out with this new application by copying the `client_id` and URI link into the -homepage [here](http://django-oauth-toolkit.herokuapp.com/consumer/) and click submit. This is just a simple test -application `Django-oauth-toolkit` provides. - -From the client app, the user makes a GET to the Authorize endpoint with the `response_type`, -`client_id`, `redirect_uris`, and `scope`. AWX will respond with the authorization `code` and `state` -to the `redirect_uri` specified in the application. The client application will then make a POST to the -`api/o/token/` endpoint on AWX with the `code`, `client_id`, `client_secret`, `grant_type`, and `redirect_uri`. -AWX will respond with the `access_token`, `token_type`, `refresh_token`, and `expires_in`. For more -information on testing this flow, refer to [django-oauth-toolkit](http://django-oauth-toolkit.readthedocs.io/en/latest/tutorial/tutorial_01.html#test-your-authorization-server). - - -#### Application Using `password` Grant Type - -This is also called the `resource owner credentials grant`. This is for use by users who have -native access to the web app. This should be used when the client is the Resource owner. Suppose -we have an application `Default Application` with grant type `password`: -```text -{ - "id": 6, - "type": "application", - ... - "name": "Default Application", - "user": 1, - "client_id": "gwSPoasWSdNkMDtBN3Hu2WYQpPWCO9SwUEsKK22l", - "client_secret": "fI6ZpfocHYBGfm1tP92r0yIgCyfRdDQt0Tos9L8a4fNsJjQQMwp9569eIaUBsaVDgt2eiwOGe0bg5m5vCSstClZmtdy359RVx2rQK5YlIWyPlrolpt2LEpVeKXWaiybo", - "client_type": "confidential", - "redirect_uris": "", - "authorization_grant_type": "password", - "skip_authorization": false -} -``` - -Login is not required for `password` grant type, so we can simply use `curl` to acquire a personal access token -via `/api/o/token/`: -```bash -curl -X POST \ - -d "grant_type=password&username=&password=&scope=read" \ - -u "gwSPoasWSdNkMDtBN3Hu2WYQpPWCO9SwUEsKK22l:fI6ZpfocHYBGfm1tP92r0yIgCyfRdDQt0Tos9L8a4fNsJjQQMwp9569e -IaUBsaVDgt2eiwOGe0bg5m5vCSstClZmtdy359RVx2rQK5YlIWyPlrolpt2LEpVeKXWaiybo" \ - http:///api/o/token/ -i -``` -In the above POST request, parameters `username` and `password` are the username and password of the related -AWX user of the underlying application, and the authentication information is of format -`:`, where `client_id` and `client_secret` are the corresponding fields of -underlying application. - -Upon success, the access token, refresh token and other information are given in the response body in JSON -format: -```text -HTTP/1.1 200 OK -Server: nginx/1.12.2 -Date: Tue, 05 Dec 2017 16:48:09 GMT -Content-Type: application/json -Content-Length: 163 -Connection: keep-alive -Content-Language: en -Vary: Accept-Language, Cookie -Pragma: no-cache -Cache-Control: no-store -Strict-Transport-Security: max-age=15768000 - -{"access_token": "9epHOqHhnXUcgYK8QanOmUQPSgX92g", "token_type": "Bearer", "expires_in": 315360000000, "refresh_token": "jMRX6QvzOTf046KHee3TU5mT3nyXsz", "scope": "read"} -``` - - -## Token Functions - -#### Refresh an Existing Access Token - -Suppose we have an existing access token with refresh token provided: -```text -{ - "id": 35, - "type": "access_token", - ... - "user": 1, - "token": "omMFLk7UKpB36WN2Qma9H3gbwEBSOc", - "refresh_token": "AL0NK9TTpv0qp54dGbC4VUZtsZ9r8z", - "application": 6, - "expires": "2017-12-06T03:46:17.087022Z", - "scope": "read write" -} -``` -The `/api/o/token/` endpoint is used for refreshing the access token: -```bash -curl -X POST \ - -d "grant_type=refresh_token&refresh_token=AL0NK9TTpv0qp54dGbC4VUZtsZ9r8z" \ - -u "gwSPoasWSdNkMDtBN3Hu2WYQpPWCO9SwUEsKK22l:fI6ZpfocHYBGfm1tP92r0yIgCyfRdDQt0Tos9L8a4fNsJjQQMwp9569eIaUBsaVDgt2eiwOGe0bg5m5vCSstClZmtdy359RVx2rQK5YlIWyPlrolpt2LEpVeKXWaiybo" \ - http:///api/o/token/ -i -``` -In the above POST request, `refresh_token` is provided by `refresh_token` field of the access token -above. The authentication information is of format `:`, where `client_id` -and `client_secret` are the corresponding fields of underlying related application of the access token. - -Upon success, the new (refreshed) access token with the same scope information as the previous one is -given in the response body in JSON format: -```text -HTTP/1.1 200 OK -Server: nginx/1.12.2 -Date: Tue, 05 Dec 2017 17:54:06 GMT -Content-Type: application/json -Content-Length: 169 -Connection: keep-alive -Content-Language: en -Vary: Accept-Language, Cookie -Pragma: no-cache -Cache-Control: no-store -Strict-Transport-Security: max-age=15768000 - -{"access_token": "NDInWxGJI4iZgqpsreujjbvzCfJqgR", "token_type": "Bearer", "expires_in": 315360000000, "refresh_token": "DqOrmz8bx3srlHkZNKmDpqA86bnQkT", "scope": "read write"} -``` -Internally, the refresh operation deletes the existing token and a new token is created immediately -after, with information like scope and related application identical to the original one. We can -verify by checking the new token is present and the old token is deleted at the `/api/v2/tokens/` endpoint. - - -#### Revoke an Access Token - -##### Alternatively Revoke Using the /api/o/revoke-token/ Endpoint - -Revoking an access token by this method is the same as deleting the token resource object, but it allows you to delete a token by providing its token value, and the associated `client_id` (and `client_secret` if the application is `confidential`). For example: -```bash -curl -X POST -d "token=rQONsve372fQwuc2pn76k3IHDCYpi7" \ - -u "gwSPoasWSdNkMDtBN3Hu2WYQpPWCO9SwUEsKK22l:fI6ZpfocHYBGfm1tP92r0yIgCyfRdDQt0Tos9L8a4fNsJjQQMwp9569eIaUBsaVDgt2eiwOGe0bg5m5vCSstClZmtdy359RVx2rQK5YlIWyPlrolpt2LEpVeKXWaiybo" \ - http:///api/o/revoke_token/ -i -``` -`200 OK` means a successful delete. - -We can verify the effect by checking if the token is no longer present -at `/api/v2/tokens/`. - - -## Acceptance Criteria - -* All CRUD operations for OAuth2 applications and tokens should function as described. -* RBAC rules applied to OAuth2 applications and tokens should behave as described. -* A default application should be auto-created for each new user. -* Incoming requests using unexpired OAuth2 token correctly in authentication header should be able - to successfully authenticate themselves. -* Token scope mask over RBAC should work as described. -* AWX configuration setting `OAUTH2_PROVIDER` should be configurable and function as described. -* `/api/o/` endpoint should work as expected. In specific, all examples given in the description - help text should be working (a user following the steps should get expected result). diff --git a/docs/auth/session.md b/docs/auth/session.md deleted file mode 100644 index 1f0f68914a56..000000000000 --- a/docs/auth/session.md +++ /dev/null @@ -1,91 +0,0 @@ -## Introduction - -Session-based authentication is the main authentication method, and auth tokens have been replaced by OAuth 2 tokens. - -Session authentication is a safer way of utilizing HTTP(S) cookies. Theoretically, the user can provide authentication information, like username and password, as part of the -`Cookie` header, but this method is vulnerable to cookie hijacks, where crackers can see and steal user -information from the cookie payload. - -Session authentication, on the other hand, sets a single `awx_sessionid` cookie. The `awx_sessionid` -is _a random string which will be mapped to user authentication information by the server_. Crackers who -hijack cookies will only get the `awx_sessionid` itself, which does not imply any critical user info, is valid only for -a limited time, and can be revoked at any time. - -> Note: The CSRF token will by default allow HTTP. To increase security, the `CSRF_COOKIE_SECURE` setting should -> be set to True. - -## Usage - -In session authentication, users log in using the `/api/login/` endpoint. A GET to `/api/login/` displays the -login page of API browser: - -![Example session log in page](../img/auth_session_1.png?raw=true) - -Users should enter correct username and password before clicking on the 'LOG IN' button, which fires a POST -to `/api/login/` to actually log the user in. The return code of a successful login is 302, meaning upon -successful login, the browser will be redirected; the redirected destination is determined by the `next` form -item described below. - -It should be noted that the POST body of `/api/login/` is _not_ in JSON, but in HTTP form format. Four items should -be provided in the form: - -- `username`: The username of the user trying to log in. -- `password`: The password of the user trying to log in. -- `next`: The path of the redirect destination, in API browser `"/api/"` is used. -- `csrfmiddlewaretoken`: The CSRF token, usually populated by using Django template `{% csrf_token %}`. - -The `awx_session_id` is provided as a return `Set-Cookie` header. Here is a typical one: - -``` -Set-Cookie: awx_sessionid=lwan8l5ynhrqvps280rg5upp7n3yp6ds; expires=Tue, 21-Nov-2017 16:33:13 GMT; httponly; Max-Age=1209600; Path=/ -``` - -In addition, when the `awx_sessionid` a header called `X-API-Session-Cookie-Name` this header will only be displayed once on a successful logging and denotes the name of the session cookie name. By default this is `awx_sessionid` but can be changed (see below). - -Any client should follow the standard rules of [cookie protocol](https://tools.ietf.org/html/rfc6265) to -parse that header to obtain information about the session, such as session cookie name (`awx_sessionid`), -session cookie value, expiration date, duration, etc. - -The name of the cookie is configurable by Tower Configuration setting `SESSION_COOKIE_NAME` under the category `authentication`. It is a string. The default session cookie name is `awx_sessionid`. - -The duration of the cookie is configurable by Tower Configuration setting `SESSION_COOKIE_AGE` under -category `authentication`. It is an integer denoting the number of seconds the session cookie should -live. The default session cookie age is two weeks. - -After a valid session is acquired, a client should provide the `awx_sessionid` as a cookie for subsequent requests -in order to be authenticated. For example: - -``` -Cookie: awx_sessionid=lwan8l5ynhrqvps280rg5upp7n3yp6ds; ... -``` - -User should use the `/api/logout/` endpoint to log out. In the API browser, a logged-in user can do that by -simply clicking logout button on the nav bar. Under the hood, the click issues a GET to `/api/logout/`. -Upon success, the server will invalidate the current session and the response header will indicate for the client -to delete the session cookie. The user should no longer try using this invalid session. - -The duration of a session is constant. However, a user can extend the expiration date of a valid session -by performing session acquire with the session provided. - -A Tower configuration setting, `SESSIONS_PER_USER` under category `authentication`, is used to set the -maximum number of valid sessions a user can have at the same time. For example, if `SESSIONS_PER_USER` -is set to three and the same user is logged in from five different places, the earliest two sessions created will be invalidated. Tower will try -broadcasting, via websocket, to all available clients. The websocket message body will contain a list of -invalidated sessions. If a client finds its session in that list, it should try logging out. - -Unlike tokens, sessions are meant to be short-lived and UI-only; therefore, whenever a user's password -is updated, all sessions she owned will be invalidated and deleted. - -## Acceptance Criteria - -- Users should be able to log in via the `/api/login/` endpoint by correctly providing all necessary fields. -- Logged-in users should be able to authenticate themselves by providing correct session auth info. -- Logged-in users should be able to log out via `/api/logout/`. -- The duration of a session cookie should be configurable by `SESSION_COOKIE_AGE`. -- The maximum number of concurrent login for one user should be configurable by `SESSIONS_PER_USER`, - and over-limit user sessions should be warned by websocket. -- When a user's password is changed, all her sessions should be invalidated and deleted. -- User should not be able to authenticate by HTTPS(S) request nor websocket connection using invalid - sessions. -- No existing behavior, like job runs, inventory updates or callback receiver, should be affected - by session auth. diff --git a/docs/credentials/extract_credentials.md b/docs/credentials/extract_credentials.md index 12fe0fea5cd3..e8394198a5a5 100644 --- a/docs/credentials/extract_credentials.md +++ b/docs/credentials/extract_credentials.md @@ -15,7 +15,7 @@ If necessary, credentials and encrypted settings can be extracted using the AWX $ awx-manage shell_plus >>> from awx.main.utils import decrypt_field >>> print(decrypt_field(Credential.objects.get(name="my private key"), "ssh_key_data")) # Example for a credential ->>> print(decrypt_field(Setting.objects.get(key='SOCIAL_AUTH_OIDC_SECRET'), 'value')) # Example for a setting +>>> print(decrypt_field(Setting.objects.get(key='setting'), 'value')) # Example for a setting ``` If you are running a kubernetes based deployment, you can execute awx-manage like this: diff --git a/docs/docsite/rst/administration/awx-manage.rst b/docs/docsite/rst/administration/awx-manage.rst index a468a4633d65..3de9e6cb819a 100644 --- a/docs/docsite/rst/administration/awx-manage.rst +++ b/docs/docsite/rst/administration/awx-manage.rst @@ -146,7 +146,7 @@ Use this command to clear tokens which have already been revoked. Refer to `Djan ``expire_sessions`` ^^^^^^^^^^^^^^^^^^^^^^^^ -Use this command to terminate all sessions or all sessions for a specific user. Consider using this command when a user changes role in an organization, is removed from assorted groups in LDAP/AD, or the administrator wants to ensure the user can no longer execute jobs due to membership in these groups. +Use this command to terminate all sessions or all sessions for a specific user. Consider using this command when a user changes role in an organization, is removed from assorted groups in AD, or the administrator wants to ensure the user can no longer execute jobs due to membership in these groups. :: diff --git a/docs/docsite/rst/administration/configure_awx.rst b/docs/docsite/rst/administration/configure_awx.rst index 3087ab31c066..3c7c8fecf50e 100644 --- a/docs/docsite/rst/administration/configure_awx.rst +++ b/docs/docsite/rst/administration/configure_awx.rst @@ -10,24 +10,10 @@ AWX Configuration You can configure various AWX settings within the Settings screen in the following tabs: -.. image:: ../common/images/ug-settings-menu-screen.png - :alt: Screenshot of the AWX settings menu screen. - Each tab contains fields with a **Reset** button, allowing you to revert any value entered back to the default value. **Reset All** allows you to revert all the values to their factory default values. **Save** applies changes you make, but it does not exit the edit dialog. To return to the Settings screen, click **Settings** from the left navigation bar or use the breadcrumbs at the top of the current view. - -Authentication -================= -.. index:: - single: social authentication - single: authentication - pair: configuration; authentication - -.. include:: ./configure_awx_authentication.rst - - .. _configure_awx_jobs: Jobs @@ -66,7 +52,7 @@ The System tab allows you to define the base URL for the AWX host, configure ale 2. The right side of the Settings window is a set of configurable System settings. Select from the following options: - **Miscellaneous System settings**: enable activity streams, specify the default execution environment, define the base URL for the AWX host, enable AWX administration alerts, set user visibility, define analytics, specify usernames and passwords, and configure proxies. - - **Miscellaneous Authentication settings**: configure options associated with authentication methods (built-in or SSO), sessions (timeout, number of sessions logged in, tokens), and social authentication mapping. + - **Miscellaneous Authentication settings**: configure options associated with authentication methods and sessions (timeout, number of sessions logged in, tokens). - **Logging settings**: configure logging options based on the type you choose: .. image:: ../common/images/configure-awx-system-logging-types.png diff --git a/docs/docsite/rst/administration/configure_awx_authentication.rst b/docs/docsite/rst/administration/configure_awx_authentication.rst deleted file mode 100644 index fdcf35d4783c..000000000000 --- a/docs/docsite/rst/administration/configure_awx_authentication.rst +++ /dev/null @@ -1,7 +0,0 @@ -1. From the left navigation bar, click **Settings**. - -2. The left side of the Settings window is a set of configurable Authentication settings. Select from the following options: - -Different authentication types require you to enter different information. Be sure to include all the information as required. - -3. Click **Save** to apply the settings or **Cancel** to abandon the changes. \ No newline at end of file diff --git a/docs/docsite/rst/administration/ent_auth.rst b/docs/docsite/rst/administration/ent_auth.rst deleted file mode 100644 index aaec518c5816..000000000000 --- a/docs/docsite/rst/administration/ent_auth.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. _ag_ent_auth: - -Setting up Enterprise Authentication -================================================== - - -.. index:: - single: enterprise authentication - single: authentication - -This section describes setting up authentication for the following enterprise systems: - -.. contents:: - :local: - -- Enterprise users can only be created via the first successful login attempt from remote authentication backend. -- Enterprise users cannot be created/authenticated if non-enterprise users with the same name has already been created in AWX. -- AWX passwords of enterprise users should always be empty and cannot be set by any user if there are enterprise backend-enabled. -- If enterprise backends are disabled, an enterprise user can be converted to a normal AWX user by setting the password field. However, this operation is irreversible, as the converted AWX user can no longer be treated as enterprise user. diff --git a/docs/docsite/rst/administration/index.rst b/docs/docsite/rst/administration/index.rst index 247bc6db4abb..7a4ac043da7b 100644 --- a/docs/docsite/rst/administration/index.rst +++ b/docs/docsite/rst/administration/index.rst @@ -39,10 +39,7 @@ Need help or want to discuss AWX including the documentation? See the :ref:`Comm configure_awx isolation_variables oauth2_token_auth - social_auth - ent_auth authentication_timeout - kerberos_auth session_limits custom_rebranding troubleshooting diff --git a/docs/docsite/rst/administration/kerberos_auth.rst b/docs/docsite/rst/administration/kerberos_auth.rst deleted file mode 100644 index 96f5855b7418..000000000000 --- a/docs/docsite/rst/administration/kerberos_auth.rst +++ /dev/null @@ -1,117 +0,0 @@ -User Authentication with Kerberos -================================== - -.. index:: - pair: user authentication; Kerberos - pair: Kerberos; Active Directory (AD) - -User authentication via Active Directory (AD), also referred to as authentication through Kerberos, is supported through AWX. - -To get started, first set up the Kerberos packages in AWX so that you can successfully generate a Kerberos ticket. To install the packages, use the following steps: - -:: - - yum install krb5-workstation - yum install krb5-devel - yum install krb5-libs - -Once installed, edit the ``/etc/krb5.conf`` file, as follows, to provide the address of the AD, the domain, etc.: - -:: - - [logging] - default = FILE:/var/log/krb5libs.log - kdc = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmind.log - - [libdefaults] - default_realm = WEBSITE.COM - dns_lookup_realm = false - dns_lookup_kdc = false - ticket_lifetime = 24h - renew_lifetime = 7d - forwardable = true - - [realms] - WEBSITE.COM = { - kdc = WIN-SA2TXZOTVMV.website.com - admin_server = WIN-SA2TXZOTVMV.website.com - } - - [domain_realm] - .website.com = WEBSITE.COM - website.com = WEBSITE.COM - -After the configuration file has been updated, you should be able to successfully authenticate and get a valid token. -The following steps show how to authenticate and get a token: - -:: - - [root@ip-172-31-26-180 ~]# kinit username - Password for username@WEBSITE.COM: - [root@ip-172-31-26-180 ~]# - - Check if we got a valid ticket. - - [root@ip-172-31-26-180 ~]# klist - Ticket cache: FILE:/tmp/krb5cc_0 - Default principal: username@WEBSITE.COM - - Valid starting Expires Service principal - 01/25/16 11:42:56 01/25/16 21:42:53 krbtgt/WEBSITE.COM@WEBSITE.COM - renew until 02/01/16 11:42:56 - [root@ip-172-31-26-180 ~]# - -Once you have a valid ticket, you can check to ensure that everything is working as expected from command line. To test this, make sure that your inventory looks like the following: - -:: - - [windows] - win01.WEBSITE.COM - - [windows:vars] - ansible_user = username@WEBSITE.COM - ansible_connection = winrm - ansible_port = 5986 - -You should also: - -- Ensure that the hostname is the proper client hostname matching the entry in AD and is not the IP address. - -- In the username declaration, ensure that the domain name (the text after ``@``) is properly entered with regard to upper- and lower-case letters, as Kerberos is case sensitive. For AWX, you should also ensure that the inventory looks the same. - - -.. note:: - - If you encounter a ``Server not found in Kerberos database`` error message, and your inventory is configured using FQDNs (**not IP addresses**), ensure that the service principal name is not missing or mis-configured. - - -Now, running a playbook should run as expected. You can test this by running the playbook as the ``awx`` user. - -Once you have verified that playbooks work properly, integration with AWX is easy. Generate the Kerberos ticket as the ``awx`` user and AWX should automatically pick up the generated ticket for authentication. - -.. note:: - - The python ``kerberos`` package must be installed. Ansible is designed to check if ``kerberos`` package is installed and, if so, it uses kerberos authentication. - - -AD and Kerberos Credentials ------------------------------- - -Active Directory only: - -- If you are only planning to run playbooks against Windows machines with AD usernames and passwords as machine credentials, you can use "user@" format for the username and an associated password. - -With Kerberos: - -- If Kerberos is installed, you can create a machine credential with the username and password, using the "user@" format for the username. - - -Working with Kerberos Tickets -------------------------------- - -Ansible defaults to automatically managing Kerberos tickets when both the username and password are specified in the machine credential for a host that is configured for kerberos. A new ticket is created in a temporary credential cache for each host, before each task executes (to minimize the chance of ticket expiration). The temporary credential caches are deleted after each task, and will not interfere with the default credential cache. - -To disable automatic ticket management (e.g., to use an existing SSO ticket or call ``kinit`` manually to populate the default credential cache), set ``ansible_winrm_kinit_mode=manual`` via the inventory. - -Automatic ticket management requires a standard kinit binary on the control host system path. To specify a different location or binary name, set the ``ansible_winrm_kinit_cmd`` inventory variable to the fully-qualified path to an MIT krbv5 kinit-compatible binary. diff --git a/docs/docsite/rst/administration/oauth2_token_auth.rst b/docs/docsite/rst/administration/oauth2_token_auth.rst index 7ab83a16e6df..d99604cf6fe2 100644 --- a/docs/docsite/rst/administration/oauth2_token_auth.rst +++ b/docs/docsite/rst/administration/oauth2_token_auth.rst @@ -449,11 +449,6 @@ Revoking an access token by this method is the same as deleting the token resour The special OAuth 2 endpoints only support using the ``x-www-form-urlencoded`` **Content-type**, so as a result, none of the ``api/o/*`` endpoints accept ``application/json``. -.. note:: - - The **Allow External Users to Create Oauth2 Tokens** (``ALLOW_OAUTH2_FOR_EXTERNAL_USERS`` in the API) setting is disabled by default. External users refer to users authenticated externally with services like SSO services. This setting ensures external users cannot *create* their own tokens. If you enable then disable it, any tokens created by external users in the meantime will still exist, and are not automatically revoked. - - Alternatively, you can use the ``manage`` utility, :ref:`ag_manage_utility_revoke_tokens`, to revoke tokens as described in the :ref:`ag_token_utility` section. diff --git a/docs/docsite/rst/administration/security_best_practices.rst b/docs/docsite/rst/administration/security_best_practices.rst index e5d739559325..14d62cb98957 100644 --- a/docs/docsite/rst/administration/security_best_practices.rst +++ b/docs/docsite/rst/administration/security_best_practices.rst @@ -79,12 +79,6 @@ Existing security functionality Do not disable SELinux, and do not disable AWX’s existing multi-tenant containment. Use AWX’s role-based access control (RBAC) to delegate the minimum level of privileges required to run automation. Use Teams in AWX to assign permissions to groups of users rather than to users individually. See :ref:`rbac-ug` in the |atu|. -External account stores -^^^^^^^^^^^^^^^^^^^^^^^^^ - -Maintaining a full set of users just in AWX can be a time-consuming task in a large organization, prone to error. AWX supports connecting to external account sources via certain :ref:`OAuth providers `. Using this eliminates a source of error when working with permissions. - - .. _ag_security_django_password: Django password policies diff --git a/docs/docsite/rst/administration/social_auth.rst b/docs/docsite/rst/administration/social_auth.rst deleted file mode 100644 index 603bf5ee1b9c..000000000000 --- a/docs/docsite/rst/administration/social_auth.rst +++ /dev/null @@ -1,118 +0,0 @@ -.. _ag_social_auth: - -Setting up Social Authentication -================================== - -.. index:: - single: social authentication - single: authentication - -Authentication methods help simplify logins for end users--offering single sign-ons using existing login information to sign into a third party website rather than creating a new login account specifically for that website. - -Account authentication can be configured in the AWX User Interface and saved to the PostgreSQL database. For instructions, refer to the :ref:`ag_configure_awx` section. - -.. _ag_org_team_maps: - -Organization and Team Mapping ---------------------------------- - -.. index:: - single: organization mapping - pair: authentication; organization mapping - pair: authentication; team mapping - single: team mapping - -Organization mapping -~~~~~~~~~~~~~~~~~~~~~ - -You will need to control which users are placed into which organizations based on their username and email address (mapping out your organization admins/users from social or enterprise-level authentication accounts). - -Dictionary keys are organization names. Organizations will be created, if not already present and if the license allows for multiple organizations. Otherwise, the single default organization is used regardless of the key. - -Values are dictionaries defining the options for each organization's membership. For each organization, it is possible to specify which users are automatically users of the organization and also which users can administer the organization. - -**admins**: None, True/False, string or list/tuple of strings. - - - If **None**, organization admins will not be updated. - - If **True**, all users using account authentication will automatically be added as admins of the organization. - - If **False**, no account authentication users will be automatically added as admins of the organization. - - If a string or list of strings, specifies the usernames and emails for users who will be added to the organization. Strings beginning and ending with ``/`` will be compiled into regular expressions; modifiers ``i`` (case-insensitive) and ``m`` (multi-line) may be specified after the ending ``/``. - -**remove_admins**: True/False. Defaults to **True**. - - - When **True**, a user who does not match is removed from the organization's administrative list. - -**users**: None, True/False, string or list/tuple of strings. Same rules apply as for **admins**. - -**remove_users**: True/False. Defaults to **True**. Same rules apply as for **remove_admins**. - - -:: - - { - "Default": { - "users": true - }, - "Test Org": { - "admins": ["admin@example.com"], - "users": true - }, - "Test Org 2": { - "admins": ["admin@example.com", "/^awx-[^@]+?@.*$/i"], - "users": "/^[^@].*?@example\\.com$/" - } - } - -Organization mappings may be specified separately for each account authentication backend. If defined, these configurations will take precedence over the global configuration above. - -:: - -Team mapping -~~~~~~~~~~~~~~ - -Team mapping is the mapping of team members (users) from social auth accounts. Keys are team names (will be created if not present). Values are dictionaries of options for each team's membership, where each can contain the following parameters: - -**organization**: string. The name of the organization to which the team -belongs. The team will be created if the combination of organization and -team name does not exist. The organization will first be created if it -does not exist. If the license does not allow for multiple organizations, -the team will always be assigned to the single default organization. - -**users**: None, True/False, string or list/tuple of strings. - - - If **None**, team members will not be updated. - - If **True**/**False**, all social auth users will be added/removed as team members. - - If a string or list of strings, specifies expressions used to match users. User will be added as a team member if the username or email matches. Strings beginning and ending with ``/`` will be compiled into regular expressions; modifiers ``i`` (case-insensitive) and ``m`` (multi-line) may be specified after the ending ``/``. - -**remove**: True/False. Defaults to **True**. When **True**, a user who does not match the rules above is removed from the team. - -:: - - { - "My Team": { - "organization": "Test Org", - "users": ["/^[^@]+?@test\\.example\\.com$/"], - "remove": true - }, - "Other Team": { - "organization": "Test Org 2", - "users": ["/^[^@]+?@test\\.example\\.com$/"], - "remove": false - } - } - - -Team mappings may be specified separately for each account authentication backend, based on which of these you setup. When defined, these configurations take precedence over the global configuration above. - -:: - - SOCIAL_AUTH_GITHUB_TEAM_MAP = {} - SOCIAL_AUTH_GITHUB_ORG_TEAM_MAP = {} - SOCIAL_AUTH_GITHUB_TEAM_TEAM_MAP = {} - -Uncomment the line below (i.e. set ``SOCIAL_AUTH_USER_FIELDS`` to an empty list) to prevent new user accounts from being created. Only users who have previously logged in to AWX using social or enterprise-level authentication or have a user account with a matching email address will be able to login. - -:: - - SOCIAL_AUTH_USER_FIELDS = [] - diff --git a/docs/docsite/rst/common/images/ug-settings-menu-screen-authentication.png b/docs/docsite/rst/common/images/ug-settings-menu-screen-authentication.png deleted file mode 100644 index ab98c73d5d537d0a69d498e4da1ea590f77abd1d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 95663 zcmeFZXE>a1*Efo2ktm5Ex)20G^gbkr=ymiidhbRTLi8vT-4MO^(TRxOdl|j=-bZ;S z|NDNP{qE;xAN$Kbj{V{FftmBVuCx5sI?uJ%Z>>wPf}8|476}#-5)!uLCov@?B(yXn zq({=2=!ll;WBv*xB&>3CQBeg+QBf)d2U`KKcf46A3vc4JU7B(G(>(Tq5n4bn=f^zf>;aIH|#Rs?zG8L`S0(=$uXXAtDGTA z$4?2>dz_^@9(%8^d7syxd+ZCW<05HvKgS$4Ktp1`Ff^zs!C>ZQNe%SCdWVGaSs$5G z-73oW83_p{UXu6iEMQLD;aR;go8tET-Cap`=VHhtl1Mrxy@S}!(||~txjsV7Hl(!j zsG3`cGW{>-uL|Fak%(Pfpwi3RpQF;t9cFYTciPDZNFe=+(RgdXj+ANpDfvg2+{dl& zT+g6Oj&7a-^lSFUIiiuu#CXY?eqBF(WKEoXn$`dshqS!`~yFzhN zO%yf7e#u1Syk&_E=y8{Oe${Exi+5wpLZSSFRWA4>rmr(`Gn^>|eEMtA9n`aQ{YE1~ zWam`@>nB|Bs^f^4vAv>6fK}1U%Sn^*!0vu}@G2#LpD*&H?~?#ubWcC*QZ$!e^1V8* zQqATZ^YpX6$0bu|vwerPX0csb_3&|$GFkE?;k(*z0h^n7Kpj-TYZ;k_C%%_Zq+fg- zW#X1dyoNZwSe*DAytuwf1V}j~Q_l_7RGtbQ`Xh@`MLOl;R7Tl$q1Ntl|Dxc1_@tQDur*UJE2_m*bB74mGC1%msjxZU+Hc)!e z;(}@h1rk)!;;PSZjYT1j{Niy|$gsFZ+Qu7s6--77aKQ7Q<7rq5w7C{4`1#~xU+ca` z|J2QBN-HyCObmpI2xQz0Dw=V-6T4&AVd?}HOH`+^{jS3%)`=M92x`q+ z?zLyB!6SP@-@dx+vW&CTzi6`*Xa_lb-GDQPzV9E|aeP>N@%$S3TH{*w+VT43dq4e8 zcGLlQyaC_<<^Ylp0*m|x-`;&xc};?^^DXL+iXl!}?4($On5UShJayE`r-;mV&m$`% zRHXQ2w&<|GH+=_pntYZ&`cNLwkf1HGM>S91oTKpO;|o_QL2;QW8S^ylG{JPw9~s>m z-E6D84wkFktC}k|-HlQ7ouu6yD?~k}U2&b1G0iM@nto~enG1Qpl+-g6itUur^$b*^ z^394~{)|so&vX+x3|V?Yn;ab#UHx2wLEgN17%l5PV@SUIX=Zueb{^NL^yn+&!tye9 zWj4KUlHZi{d%Bi|L++&`Sy7T=aqWv)6> zm{bAC>r-`9Th1rQN?%K(ayVn}AQXtT1fe9tEKWVFh{Du?xlOitW4n;dSRNb{5>d zXzQAj+;JM+lsA2{&bj`mpLLCNV7`IsTb%@u|9NLvj!i6VdoJB2pn@pznc4wnAAcw4qpP z@J_gf3pL=KC^SeAhYLrC(4FxqDItj}#o5~#enEi-rY|IAua`vrbbN~JWRAkkkooyq zF=gmz=t&0YPvJJVwig|rjMm$WBN_>Fo^^y;hIX_`bWF5IvK;7^I<^dcsQ-HTWS@my zx6*J3+(r^QLIlyEZVsqgQAeSBMYkyOn@1J1AdxGvQ>O3}nSn>SYnh(?44(jRt2U7h z+c_v&TFHJm^mE+GZdWUV4FfGh2`IIJeGaD5JlZ`fZ~n^M*?f7EZL^Q~A}k;*#*@~Y z)f|_4qBMP){{otxV0?WZPu@Gj5?tVX@|;B1!F$T2&wGx#@K0rtK}q zZ+zx_&1;&ggzMhwlod@v@=Ufma|`J6*x{EBm%p!X!~02@d_LU$f#}JmJ<$&g6rX6kBv7}CK*Z@o8b*lfJ7x}$nKUJsjrju9~tniAmJ;7-q#`$IGI zJAzWAU33`|)RbyNYoyDiHA&Q`p)mdP@!9!qrS830k60cxGgYhni^`yi^)=n|Mp>{X z_$yfN{P1kH;HbzVk2{}bDsmQ5d#54mBs;-+qDNxEW%0zadE#(8^K|i)h?Iq6C_Wmq zLQnUPsPR};b1iMHdC9w&l->SadO3~Me1Rg5y6dp+1ZLA<)8qaKNDn{H^s5awFTmxs z{(5wO5RoD4Ow&u3vU8l~djx<~4%8RzyYTzy$C?vv$KO`Pr4k>IY=B4(PZp^>4#xI>&NpMP3S|f~fr^hC z7Qgm|jtGMD4Ha$or^IafZ^=kIS10Ly18QIR!-huY^m8B9^8eULL zG?JSd1`;g}(iS$-w?A}@{db`M{`uEDjor-uuaRsV z|Gg~40$KlFVP#`^$9msmPUa>LJofj>zaIN%UH=+R@NZ}QKu2Q-QCn+kV;iUc?Hb~a ze-{7V>VLHU*99x{zo7728Q7Q#QM)mJHa0PEwsN8dC>uE#8{0UV**Xcb{#~V&`Tywk zpVt3-w}SsH>w%dF{+&C&yn{Jnf(C!V1F#9Q{zu!tLHyU4{~OZ(65~H(BIF3b5@h{v zod94l9Y6k!gd~C_DfV8)4S8o4+i7&HasLkY`>Tjgn2+(^J(HldKzWL3mYL0Hp>X(3 z$dDjXJ&XW0o!Yuv*0Vf6zWwvG=55ibyL-WT2-hiLq**wD=D{mfg)exh0aTAkVxQr2 zVLp3g5FmEFf0Go{`#MH~ZpH6hm+4Yyx6#L=*&Dz9Dy8pyVt=8^GNiTNTq#gz^-JP1Fs8Q{@_ zQ`4aqL8_Bh-+XbOVE(rGB5^_4Z&ahu@H$PZt+1-d@d~iZSl4KSNpSJ`ocW@7jopKLnNE9s#cjvRVBwXsX<}oCzYJl`Wf;oxox00_EF%5WN_6T~2ZYYGwX>bCHghcdllkNlBWj#J(LXp<9qPeV|HYPTnw{&w=*SX;+yt?u*rD&Jp_zFAev_!Ze zYxdN`qOCP(yHzxF1{bpPJB0}l3Q*q7DqWs0}?TM0! z`u!$SfCDgpjl6totlDkkro)CkzP||aHnVOi&Hn{BhVys?xf)b+nbE$d` z2Ln>lS+A}(P$T1F8R}(nR##-YeLjBFMxi8qm}KwVh-S6CZDeI;9t)!M&fVIwST_y=fk5S;9Gaej zlBWEMetzkk)aeWBS-(dZD%#qGkMZfuMspPxx45{t%3F?lSevzPu1-hxX6viWN3su2 zvjvE>?flSjDGF_yEQCUJSJKDTyd22HOj5D(^tTOljT$A~xv9$4 z*#m8fY;3i)_z_Jq>!~xW-C6k8k54Jbw}&Gej8w~;6&v~!V0F>5{I*8{@yC@DXGv~r zNo}-r^e0p)Myj>0;+xS(C(~7y0-WQvK5&@aO^Sf)R^^DCvW-pgExh@zUdQXg6ENjl zjs2R3`7F}3BZ7Q!gd4BH=k7K)&3+~HskQz^SqH_4FY+U&wFFcCmUYCTW3k*Gp2+8z z%~H4V(@yW~y2T$O<7&Fes~-Oyl&QI->1xYv_I%z)Z+pDxNy#46&ze;I%uTSr@i&3L zfO57>FqTM8W+tyuaG|N*j#-iSfj^~KstM&i2tGrBcx%pX@dC`3-3!76+z%D<_G;@z zrmBV0_%!w+pe|c*Rpz1Yo2l;RX;|KwP*Id@z2e1^^rElT%Ei_;>52nw{0{n%pSe~? zDwFnAbkkkqR3i&{N9s4=IgyNznki(e<_(v_?b(xP*Pb~?xfJs+qi2(A3b*5z%G3p? zoi~v#K*l3!|HsP}nq)bRstsq>>vh&K>`ve0$jR@}O6+k(D51d(JhnFWhO(@a;3nM? zHRx=NJRr|wzfo;H*)c-bZ4qsXpm&$y%)1O_kUqsJ+WRO55>W59nH84|?u=UhK(vdo zdDub8J&X zvp~adJ}dw;%8oFzEh|W|)(ozm=LVVdM(<;ja=&@?>b-J~ zoV6{H`+nmup69zZco{#j4fkj3)g0IRu`wXlRrtMHEVj)zF6+rU&SZ?-XderaDrF&u z2q3q=gIXYnH895{H^pJ2mMECs(~Gr zBNk%)6`QvQ26_E5J3T~2lHzT0wK5ImIdRsj`#qG}gGtfRg_b3?!@>1XP8-sgDrYMl zEh{aUM1%Cqs?|YNV-{k^Es7i`a#<#u6sVPqS2vw9PgRm}`#5@hnc}vy@}F>Nb2JU@ zgL|G$nM$nM;G7yOJ4}ky_Q9>xC}0aEI>^=|ph-?Lm#WIy>Sf-$>*FeiRVn%)CskGb zU=JV=%mGpGIh>xhp8_fWr`h#OrF*ygJMYSFy*M6}W-ZgIyKj{@Tc#8W(a8!Cs*)qx zJL&4a8zM8t!8%db0~Sh9GR2nkQ`CbUgVkJi9dlJ04!)(%`XrWb@#MQ{rQr_HUe-+#U~QPV3O;( zeceTp&cd?db!>BWD<98Vmw6%#W{2PsliCI#)CGt6)#jV@a{ap5G@E6hVO8Eb$AbpyPj(3 zMr`9I34C9uQ9Nhfs;#qClZlqqyD9XvU1@Y3mN>xW3Vt{-N4v(?l*GjR_jCr;vLgl~ z_LE3XZ$6PTp#@>9;F9qUZcdO+Ci4Idj|o=gp>4FQv2CTTKZ2|BQov27 zuZ$q?sB(Ii?-Qud?VGV9wXDR!3K=9#es#5iVKuck<}$@cC4DMcyGGXO6!M2=x5kG9 z88D3k^<7P=#>2j-GgGe8n`v)%QKaeYgi_>V1<;{wN#|`P(CR9D7P3Fq#A>PKWniFn zLsqcO%_Wta9L>g9xox#8wWkm~Q@u{T{qgKszE34=aDH~^4Buv-r}pEt)=vJCLRri5 zpv7GEoIBGs`|mUKGy#YCK_QxIJ?~573ZffvUEIdP!D2UP8;fGKIoAhdGg3Ri&B;iL zB{x!|aSx&CJo@-7oo$F$l>Ug}qrr4THLvOyzECfT+Zc5C^HyBI#V-)D;Raeny7%Ng z(a|i!fyU|jRnHS2wcXoCa#vq`nywsT@=r?f3&|1%|7d_OuSjkAYE5I%A({KSaCwph z?gmlOGi^{1MGgDtp8`IhG2^6Cy5?%`+9@@@r;GWxmn-9h3E@jfk;km}&DJG5S3n{! zOlJ1-*b_gSo0ds(HHlL3G+yJXZAPS_TVN@T8&D&YMLFIr0Ej*1Yk3S1=-d6denPBy zuq?Pfn6#?c2ZgI>>KH|&=%ySC9jdJmp+qffnI7@m&O&vBFBh4kav5A>w)I$ zRaV&P^WU8wKfvI;@^U5NtD#84CbuDCq~?2$EE~L1`_wz{J@LyMJwDfJCV3*(%L2J~ zhq39RLGdpK;;tB%8a22-S#RI1U{uHZ(C#(RmFi>^moSV-`)Fk;>1AmI&*;xFoBeF@ zM`>A{z8TAolrcshp60*FlIe|tp{9|B=Iu)i5{8mJ>Q8? z2U<*s)5rU4%vrZU+qZwsz&8|yJww-vqvWn{YqM0t6NOt zy2x*DBT^a-Pb*RuN=ILKT}|1T7ISgIIW1Pc<$`#y1%p_o>(UM3-&}*?(wMsz^JlS$ zkghWi>V4yWvxw_srz^`ZGnDaQ_l{#^Ybvwn6EUO$1 z+Ry0z!BXW8a185^gc&r8mF4leixP8{v-Jg%yL$Yif77t0B6ozd1rzMF2II@|zDIbG z_W4tBxYHuLw%*62^hln4ToW7c`Mah$Z@4x6AiwjL%2XTy6gcfTKYmqunLY1yu46jp zQ0T5zZ8P@$mFQ!E$bN| z|?KZSE|GW@%SX}(aTWr zXR27ezv05LVtZm~o>fr;SjE_*w$)6*8q8L>#*|EII2r;Vn9bh38Y=SWj?xk2v;RG5 z(#m%?Rx~8Y+R2f8f%E7^rGDxmH_!yf#pN)SG_ZSiAvVI?j}V5wV6}aJ5r{koDe>a?|%eTTF}$;b`H|j}D(;CZ; ztQf3L*EmI8vbmDP=FQ|0GqN}v4k}3%?uYJM2kunBQp`` zoPEn21Y5Zde+zZ7w4T|cI~ARka2Xao9}sqphJqXS8_3u>|9IcPzq({VWd~rRq);z; z)?5EuIc)pkKlXAV`t|I0-J3+N`H_2Ov1UtQcTR0t?rW@PxT4eLRlT4lH9b&XbW*0y zRQ0~}&2H92<@U1tZ_&o?N?92zih`$V8!K`rdXn@4!HBeAJ|a|-3q@Y87yxLs24ctD z;7S*!m1Ao+Uu_j2*sbC7rgI^B5ljDC?o;uNuRc-d6>#gK?>3svS<8|!bPTk#;)vLG z{-l#8l6TC?0=r~_DT(9{`alw4{Sv(Kd`|hzo#RFwHXf{Ya$6QQMMN=8byTcV|6wcx zI-XNx_~;~3=q!Hc3270}ePO(f-|Y?mdE~CZD9ca=pRiso=~l11DgKlLE&9)^Rx-FPWASAG8)A;uHp{0w+e90S?V=Uy<2&$-fj2`1Xt+G7p*Hv#O`AsJ zUbvR3D$PRYztBlcz1F2}%ny&{O2;Bj{Beat_!c^kxeNTPCkXty<9UQbVzAfH0?x$0 ztjnh6-aeYXwW{l#VIP**j17wc8t4Md^z?bxo(?F6EllzV-Bb?ooBrl)tXS1qU#kZc z4;#t99sjnNw;1<)+H0k``1)%5r)TXE}CCOI*w&5A6W2v;)4M9prxMfr+eI1ybWDHrhYD{&QL)W~! z?tN0XC&1yfwQ=H-Gh7OadJ@<48Rb}SdyTYYmtn;GoY$)6d^cRH@~E$Bk(Ef(!m3#z z-eplGMF8}nLcEf>YIEa~<*^9t{bVJ97Szg|o1*?`q8Jlekbq0}trKs)&}1RN%OKtB z+2YmdHc(A%qVNaeYaj7_-Zx?y$nb$ni1%5EA`=sgB&v_ba|HXYa408vMip4>8ubg| zWEks>SA%-E$#VrJcUaE8`g5;W$kq>$ssbeB^sT$-8gJVZJC%2*t3eRkn>pc{50A!MssN$Yu7NzdNl}>5<`TcUFN-xQ|-(Q~?AM?8c z`Su%*otDFST!7~%q5o-ts0QC7!#}j(y6!m)6IG6lqF?R^!zmNS1yo0&T#z~M+3e4` zS1TN*Tuv#E#c=UiXt{ITNqys+y_5twNB8oS^qLnU{QBek&$tL|ApHb38+oo@DNK6V*JaQ*a+?OpVcLN=pzvzZ!u5SI2jha!3}5Ni1UITYXRDve(94ra~dtuwZa)fQV=;+oA~$w~-3ou+vZpLc%! z;^8!OZ0yzn*=sTpyd#IR*h$db^u_H6o=mg{1mi0bNx-{>bb_!okroc8r>Fc5D@hq! z%j(?4bBc`f$X(?2%FWMXx!ANMj|vPOzh08R4eFa);51HMjjER{kJ&m>0@e#1xoZzu zf3Qv|GKZLLea;e3!KNh32TuJ6KLYNn`4hJ;a7NOF^{IBJ*xP*9 z-rgt5TSy3RaS11#5UVECrB`+h&P!Sy#nvtY4&mdPi`zYQNH~CA{%-m4K`kO-!is~n zSyiZ3j8v8qcid6lXDEaoOQm7J$!V)K zk+4DaP}A>+)q%t;&5{05(HilO+pf_rcD*+%NvtnW+MpgzpghL~huXduGL!{s`R{}z zTyNo4S!n)!t1Y)WSrwHB(3x+=G^wsJd>>T|iSEan9)Y(RQ@KyG#&gf)SkwylajsW- zPi)y+hC6F&u|H6-PxR8kP_5SEeT$e~(2gqTUe+C6O336^vHeQYSA9`mm^!^C%Qv$uM$a`v?rZqhm6+hUDuKV*=_06NT^Shj1`JD2Twl)rUnS@YDWO~`o69&~jSM}+=mpq0+@_AZ`AelXh*{8);W zdC0$6ex&s{hwp~IMxIlvd8?Wrztpqb#F(pi!^S>BPTKokJ3PpPX84syKyakRUw(Kn zU6lWH*#$DV2zPdUL>lNEGWO&KRi1C#Lljxdk)Rn+R(feLIM! zKL#^ED22DA5$||2eyq_)*JS*H&iqX1xV6PpONc>8D}f<9k_JFfG{=;+zDbn6P%)wx zo!!@{RZHi#qjeR{xXY)!^F!M`RF}``#Z2JOin29|d`(~`ZIWzV zXmG`8Xl;0lsmD~rhyWd}N`)xw6TGreP)D%+=~|B_{+ab#W7|TdMkeKv>}-qu>7NIJ zDJ1We)iC)SSi*Hs&$p@^KxI?sX18|}FFm0|9IX8lf+NkItmekfrSAS?QqIHR7fIlw zSMv)%?t6_1nJdboo35#8Dz{;cO}(*;X;P9C`svj!P2~AcPBL~@8O{Q2YpSX27&9}w zBa-?r1s+DCnPzLwy4IfED~8ah;X$nBNid9eTdhcER=_3DVTW-=-B_!LdX8K|LyGh*Aay6A-f+I)Ga&`Jc(X=*f%Ttr0&l|YU zZCRQl6GPt~hdecMyux14M-S$U1l6g2$|5xK&Ci$WFI^il#XmLZujHz4=_{FpM65ZwxOpF#Q-0xS=E4~Qq z*AXvXcMTP30glvS&Dt#K8g%uT=C7UuUk)T|nFfr2Mr~N42Lduo<#{sX`&H&jKM*7U zdwFD%pFPX8slCf(at0p}f4XZDq1er}Jo~llvbP=5V0V#*o-?3w8*4~l^=7a<`D-E{ zT{#N;eoYZZks$ZI?S1=9N2^@%u_BW)3|C#tEiM~;)yo1{yd!?zmgTS;oT68Wo16Br$4y{}JEx7Ej>IxF0bk zK)YmO-mTyfv%Ak&z~@N8%~TxO%%7e?c@VrR>Kak<07m-MY&JSGt@0kzepKCJqPiE; zb#eoo=_`i2McjT%hkgDzP2|Az{Jv^)P~9qwRG^Dhey|h|I1$N7E=^H3IHYe>+do>RF+&@C)`L==;G| zWcMo4wG*>ifj!p8qj(S0pdPCGCW`(Ajcq!2&b?vTMktDG>o+g^h(kzBK{!j&Ysq3} zy>#KJI28A6hJr^--bV9nMLTctRjODoVbdQjIEH9SY9nng%hyY7^pzJ=P@>Y82zL9)&U`-DD*tqB%;BTd^~9#6CAB zlwpca&bYSC>9$o$f3b&IC|06g)%~_tZmdC%W$+7}aKjJYceef{`Nc~QwGySBcMg{R zPc-2nmA}`PzA@4fbX73*B|KdX;~Jp(Xm8p#yc4`O7E$m7*wBI63cH&5v*E9N?=Cno z@yjl2!x>l=i&0+c?#byg9wuwm1I?%OQa@>hd)BFUnCKfIrd3!FTIo9cePPy4-{tv9RYyyDd`Q86daf_ zdhQZmwPQ>ed4wbEKFe4poXfwCug7DanV z7XR3NGu~Zv`^|~G3~uEE*MaT=9J+(ShMZoA@tYA!c=XB=mm^jN?9+{kE zJ5kpc8Q(CP%^7YWq5AorDi{$YKfs&8+FX0oKcxl?{P125>V7BB^D&=7Zcv&4!P?G6 zUqpFZFgN%EFc=HM5WLYmfk zBxfzft@l%P$G4Z7M`C_b{fmnp@#JzD*_WhSW)-S)Mb-D)YDGO%5+ScQQ1J>rY)T7jUwj#v-_`{lo-e zRalvLD!Ca$Af=eX=^e3$upr_CFD$#3vs!euyHit3Kx*9C#O8qhr+o zH1cfYIpdhbu;0CWmWd54F&O;pIzh?>m)hDb*Hepf&%;mskAY@|p?X{l!n)YH_F0Vk z;{u#Uo-~;w&`kk8xJRsyWyBr_UzHBqa9F^8E6%+EmX|`>{7v(1iEV_5E(1eXqH9k$ z-KVKqbr(dQ_iFxbUH)n0ET~rDlXdxxVdtT z6i+rdkH>mlw<>3K6H%=2t~%Vk=-k0ct<}gZBZ-215?iYS=cJmAi{;)R({ARm*z2#n zdu#mx_nt|AOLOZK5D_-f(lFP(Xkb#=2|mH|1*Ad%j`w67{)xu_PY?eR+XDRFTV8HdDV4@hM&?k~X;2Vrp(eSqMp`^%j0EIC@< zqh)_bPGd#Lb+1Q0uJ+!z0Kr+zzCrLiq=&T+X$E2r2!?1ir)TDWk~04;`S!EfbY>2i~u=b>ei{^c=g0M#EK z!0D=7KWi5kuNJ7NXx1VI5F{wuyL!*U&-~jYKjLw)f5HL_~kud;0F|naPTr zkNb^xemj?TLdx^did}{WSLr26Wy6$a&9bg6kt4tuGjNzlHt>jx-MR+-=}SD?)3wCs zQ{Z9K6j0#pYT!OEQ(8x)5G>CK2J;479AxBjlRd;fVx9o}YS7X~>^}T_hyk9Rgp-NgzV^Qp6yef@iz?SrQS#WwObP< zda;9Y^Bq!>lBx)0`@PE`2?aGA~q^2J&J~uL%VW1*Pm#a&=*=}QY|o4d-FIrSh2+v{=4Nj zky`H3BS;{ww7ss#%WiCI|52!S(V4(*(w{;B-jw2!+gtelHlp%p5K&Pco0vHLw!?WM z(pTUiyd_xmm!Tf#dt-KD)DAUuQYm)*sRGm z^gMZ?Lg?}`l?2?RRqRL?_GF@~`OHAlpe~Fo>v|YxWyq9ipSc!x~hLDp72v97#M=Df3`+&-5{WNB!Bt`ZN8?0=NvGL^dR!+?Wy6g@-m&q3U*$)^gfN~R021_va&RX$2+P$7zhra2Umzm? z2a5j|FanC#CzDa+L643nE-LMn6D+Q=9dP9o-LuuEHYF9G-{!Lu*iNTUU%7X!s(u{* zyc#AMny*}2r2^DTQVz=MWzfwM^XyyDK9)``)6K$WcSd9gPHq^@)9TA2TeE+EdkYeh z%;!31Dw(!zUykBox&qv8VOh^;E{5^EYAG6h8p%G;t0HBXRxsE&+<(#?Gc)OBTuVIf z-HZ;gSc@~+gE>8Y^gNc6S~RutTPq!S+PHFe1|tEDwuT zi7G+k0X@Q?<0PqDOQ{#R#E)6Ia|2_gPQ7fHtFf2uo%j%`)&vZ#`t1L>zmCqb-JKQw7i;el5dz01s&|0DiHrVIC@(s#>2^f@Is+o9vp=$w z^JDV6V~k<@X(>H#@vp3q!T6-nr(|`p!Y=6zbQijZ)6_zB4TX|LV9hg`e3P3U;n<`- zrPFL<&GPAf4rNzi&!Aze-8v zZwnRDd96yTI4u4tu}1y_N>h$eEvD7%9VSd;#rja=fsaBb@Sne$E_ZQKc;Ho}KXPm6 zJQ)y`h*WMYua*QbD}M4b@O90=vQAq3jvp7}KO(@O4NzMvzHYsFhA0MQ7fd*M`UF)* z*^w^kz%nhM{aKS*%<4vgwergGj67W#mtV-RJ*`MTT1Z$x5onOGFUE(c_C>Tcdg}i zR1LRY6^26Ut<`-*lcX+9<-Hu3eei21Psh?lb=(JZM=qnVm^Cz?y)0%@KHjSr zosvVEDk<+1aMrA=b^4R@v#RBLW}ahEUJP+z#ZnYpWrd?Br65E_1)L+OC7gc&y!agD z;PZpX8G89X`pBnBWKRDo%w(dEIa#SuiFFr~V)Ag#sGU@%L{U#UFY!-1Cqdtp*>M1I zYop84G0h_gZvN*;jSH(`=h5!W-fw0}j&L6f7uAtcN29O31?$_31-oSl@Gl;S1Xv*| zcKMwnCbPeoE+_Cs+cC+$xk@wd0v1Lwck12m~x*J#<4D zWf;HP<&`KT1dFU^$FEn>9E2%Vl>hv)B&ob^-g4^4`uz7UHQ+YJwpq=we1_3$&zqo- ztDtDRd$k~@LP|gzLVm9ma7Vmhsezo50^UT06h&fxfEj6Bo$r_QvgI%sn~8nVU+=a* zDS&<)YuR)!Ny2{$fZ^L1%lG0G(#-))P}2OOy=Hgx52h&Uxr|(N-%Vw8-m)wiM1(dgSrwwYs=Qk7Rlr#fsM6tg*Z%PB2RIFgBi+zu(W%cVDPQDpgJhk7=K zaH1Vuhq?-WUQJ#F+Vw!bBVo%U=A^MoTC}fqCX3jLOpX}>`M?&|z48R6&-1qNj&PKU zZr&Go)`c261W)5|j~MA^M`z1q&V`!fO|Z0Nad2E5?0NJIf3SD@b6goGB~q5mR5DD z@xImbYOn6nQNg70wStK*P0~ziYG$Uj@~4}Cn3~ofPeJl!%%mBYr%hn@m1?Gx0u!Bz zE{zn*s-N{Mn{c4bIA~(p+q#UETjuG`5$XLW-dntLfogp0;Oy0ZW4%e=em51SeW z`ge&};hGKkGpHe2q}q*-0kG4)(<2_#alUF*n6Bl!7VYN8f)jfc$SNZ?^DPTln^4X6 zroBi^K#s0M&|b~k3{czqydyWk?oaZ-vu|tfkJhj?0m}Qf9;w6{Q-1moVP@1UVZJpGgD6NXUCN(~KwDCQu^v*YTNtU0G%XNNi1I&9JpA=Xj+KS166T?H2L$G+JhXZlJuR;vTSodxLGQN%mB2SzMy~;Y7Sa-z-v+_ z7Zzsp>)Cf^To_Kdx}mW5=H2i7E6)$C3%*nP&(MJbS>vT>$P(oS*g( zs)7?Vr9Ezwp! z(D?SLp#7c2o29^=dkeYj!cdne)~;%f@CjJFBy9=fHW072GRtLn!f~d+gV0G}wQaG6 zk2ZQ5cnxUs&QR;DH-qsEZP-HL*_7u)^;yJ=WgZ%%1GSzmdn?nc=h4;9Y42 zO{tLR50}|AbxwrJNz2nmT#QAJXJFMPU#0w855i8xMxpgAS&-E+=1V^y%sXaoc?j4N zOZklJd?Ma4==x}43NpU-V(5(pkL+BTA9&=n$yoD5Q$v5uMJMaWjdz*VB#h9OH_kDz zT+lD*MWXWfg_AN(U#8gOhN?jV%Uti*=#1?&e;j#p!UW$d zZ}psP7^ORr%Q8CL8*PcO;v*E(OyF*Je^+5ybA6Ip&*!Ep)%^;DP5C2#`UXx=>%i|4 z+T_kHTTy(RzmuTE(bCB1xdI>v%-K@9y?Fv=e7KMWu>LewK$fgxaU?=~Jy|;|2YgyWb0|64;-QC?CLU4Dt;O_38 z1PksS+})kv?(PeBckaqQ=e+OE-aF^}{@yX}55|~-)pK@tbyZi@Q(e`pCK6FlY>5JH z+DT}%4aMT25afv#UGvF&Q^iQ!3{wIbibFNX86T?ACA@b!tqgAo{*}EYa>bdDkVPBlA@fReV_Bw7#&A z`{1f2UG@>T>BG0I>K)Rr?F~L{_I(_O5ke*-v!zG-_YY(DZt~B0Mn*xq0IV(8{C=@Z z_wHRIMW>p3L_Wq%9lw?FYO!Y5h`ii)6%rW_)l?DfVJst-9De_>1&%j^KdihSzCMuQ zDRK}p%Gdk6lEE?vZj+~LWIsQ`*EBEvJS<{WKRi1Jt9y7({;H{q%QbycSE}6dILfWj zyu4u{EG*o#`IVY$xr`XrG8sY>2}ueo%$U9!`bx>>08B?RQE$?S<;w{~5l;2miJnIkm`cjm@m?|2MRdouX|A4&)chMR|GQS+s|2-b zV=C>7Nc}Aw^8U)y4|u*^*HtjWy5$9n6kgoi=>mu-UD4;Im&*RrS^PhG+tUOEW==J0 z(P^KRIyg0%)Kpb7Y0eDtaVzF0x!1K>iT?ggZcw`s5G(bA!^7I9hL4z-IZ7(4iO5`5 zJ+{(k#%7Xc>UY8cMu1a`D@yX>std(@?KOQPvfok!I10_l%~~7wm{v=TGM;>6Q&;n% zbl?g5(Q7Z=S@Qwic-G<}$bS@Ipkesa@wi37p^a)$J@sabP8|f8 zMBJUHuz(Ns8)V0~y%N97x!NP247xejYO>Z)$9RR%W% z%6fbfOc0i0fqy~OARv7BE3e`l@ne~fCPVN4?4@Kj|17JN;MwD)>vb$0XT4MgG$w^p zjq2H<=jjohecD9nQA-tox$I^SM(EB1j&(L`Wy#4{z$|f*!oor<20ej<<$QMMhwC|A zi__KC#Y%$^Su1s_kU)2Of^a_zA3Ym#l*g!$!L#(y2=4oQ@}8R@e=q z^bzM&_1@F*m3&=|C*UN5l=#mZl;6ou^mIhFBX30y;K0rwNY~ct)po<#*F0Z??F^`f zC6LoVtKgd*aR1SK2D3;$$ZVQ1b*>RQCVI<%U*-w1!p|-8%Yo<>S|CJ~lHogYFSY*& zs(qenHENRL957ku`|mN`gkHcb+BosdZUbj5+ghA1cnduD^Jh61aDjGIf5XLSmkG@A zi(l!ba;_aQ%TLc143G(Px^Lj@gMJqoDY}9>ws2$i8bM(Ntwx?MxFn;k9$+#a*VNi> z^K&U-nh!7?UxzV%sfpoOFObj@$N&rp0;_}oD~B{H>FSpAzqFf-40W`JJp z0U8YuLFu$lDSXSAuReJAZG_yvmHa-fOi5rchxbtmm?BgV@_LI5bgM+;hnZz!mc0D& z?z{1854Who@jaZkjc$G`TMxbhTB-sj=^GPfWXHXfnB*yOW3XJVEI)bu?*oHSmx1G%(qgvBlXx6_=+?zwr+QE(AM(^R*y)%4c52TPYZ zwXmzyTz%{Pj@8@k!)y=7k^bg-RiCsq7y`i)!7>@x?=Nz#Q=@V7jW=mcX7JY2l<)?o z8UEPacl_#>n(Vxv_&j#Hcb!w(*XZu+l}gvz$aPEWU#%RQ0blba$GJOQ`)b$HVFu=Z zk-M??J@jwVSU7Mz>$u2MzZJxY=5j8nX#nF{E-HK(j+2=MLjz>rq|GEdit*Q+qGTRQ zl-gf>Yyzou<6eowCGP~w zA5_crMRa2>zAPJP96+ZX6>GLbp)co5o?q6iFIt*J$63VhP3%ghc9`hR7AD(0wo}qm z-_?5*DBZ4UXZDt7exGKXavZW^j?;f7{OI%r@BSI-{@{Z#o%G{5=m?HM8#o7^q*SCw z+}Y-z_PPJss=eMEAVheR7*1Epfn zE2dQnqh0XD?oQ#pPgJT0YN7`%%Po_S@Xcv4hg-1Qs9X4Ra(mX}3Egyw?x@1XD~;SR zIoHIpOI`AFshL~^b7UI*a=CCZ_AAs%cT4i+mZuSU%2LlAHf$~Q6Y6ZidVae?+`ZIu z*D!aHQiAyea;S10`5Ab0>kb~X5VUt{v5_>)a9qbObr)ArxsI*e%@wak$-)k%M~(>g zGtNjZ@r=g#HW8|o1xo_8<|Te=egM4)KlIYXwkEpisH^JX*lQ>F1=(!zc93YTVeJ?j zbnF!m?^!jbef>R-5bR%yQLIoSd~NyRg(4mxtMD>1S3h44E3n42+f1vo`(X$)U9#H9 z;62v<1h~79g}*ZLuz7JJ{B*kPd?~9KC-r;QV zGZbD=jf1Ros?U*!HK#tjr^`dQc(V_zy=Eg5OZvr02h!j2+lq-$$r zg%zJDJy-E3tve)N_{5h>UE&8Ed{t1+h|N2azjWFKzvg1pFOTPG5Nk3|H;$B@5xl&c zltQQ&ep+!KZcHIha`46$;F;ho7mD^WzUEdbtg+TmvaQ>WL)sm{QQB(Pu#>qO)P=38 zj!-`Uy)1TRth34thrKf~UtOt=Ta>eTV44k>9Oj&|8E0FYS2 zqO}wyE{{reb1K<}N;S`;evgdZJyU0MeQW-*vg4MrYuNtY)vx`px3#IOXFoIx2iJeF9K8s$IhGk4Q~V%M_Gx1|1(@Fj*cwgBEYQO1%^i zU-hWnAvSi^ib>nuApo*t=cDzzloUz=4nctUwryeQSw5UCBkqrts zq@st`f_aHBt9axsg^Zwf+eATbDV$0kPnB*~BzAA;DA|!_b8vIHkI^vq2dle#kuPL* zdM(M&P0W&{A05Y6U8wFI0E>^V9-RYdN?v~*OXq%(Sm#HX(J=NOJ1M+RwgJ8Hi_SA+ zf9~2AyDyCA)%;HF!`BV@aUm|!EI*%O08BSp;llAamWcLZ3C(-vB&Mo-KvAR$Hl`8K z%7L>A<>;pMZ2hCVp&8kv_S#BjfHZsw*R9kr zt8N3BL~!*Yi#R3O;GQhEG^N?eI+a%YJxj{W-hPqdh~MCv8`qbS7)3Z0UKN5W8?F>eJ(hzJNl0h}JH#p=yUyk(d4!}FJa2Zqz#65- z<)K{Gquom#S38rYTnt(gcDf)(&M_H-CG25Gcp>8#RVdx}T9WNRA9u9W{Mk1Jw3s75vS;IY!YO?1Ab*=kYg7Ay8RIWvy_>j&W{@L zE1*!m5OTRm3ae;VvK8w)i))sgG4tgzFTuD;>% zq%?qxC@rt1|8?f|b)gymuAqq7=Lw(iEiR-VnO@IF90EZkLjh2*cs;>zC@SmlnF>9` z`aA7HY7H%Y+9x%gESgD$(9#CdQa?1w10>Dtr|=*OebNsUVWfh{`aNJ`gv1bCEK;A_ zcbAj6UzxiM+yvXbHHCPa=9u`ks#eF3mM#WNjP9kiWnyG;c)cs3f~_inA>csdps4=&jra2e z!jo$%6G+S5aMxaIT=xNFs#ToW?7q6m7Kyh$(85>e!8?S}5;{Bchmu?M*ey zn2x`r0a{hPvAC_IyMc^YpJF7LMeF18KzUXY884Bdp&A5cy1rtWW4CN?^;T*yBGb$1 zQ!)v@p`%9)2fWS6X6rVB`z^Dov*5X#K`@ad@FOkiJECFGgd zZa&S)v5(ZWw}>W;xDXt&UwFT&M}aj-i#>KKiZPmBjf-st6JZl7Dr zGKJl?cA{(5vPr1L&KGk@NNIIhNgLxBT?7qbJ(8zQm@frtdCQ)bxyyUfty%!}jTFhK zxO34GSEKlNs{08yF>fVzrM83ssm2l?D?=Ex{&A$a9Yd7RUfyANUa+kV%N~9f>4!)U zvZ)>xnwa)MB+OOAv@rH3cQ73{!kHL?j#O=(S!2k=QOvCRSk>$yr}u|R1+duP9^1eb zVO3Cu)}cZT?}CbiboM{Esd&K7Wofi(wURx8&sfYCT%)Tpg)bGsL~E5Bl*4R$W%XW! zCo|x}!lp#ml~TEKo}ahy zUv0;VjYfE19}dek>#8kiuES$S_Rv+{9g03iz4|>p1H5oz^f}sC&s4&YLN9BXyd5%Z znr+?}ocFtqO-8})8V&EQldWYjc0F$`bQ;FW*TH}_}^2KO2$HRbH(-CDhmn=92Md&UBdGdtqm zBcrUF`Yh(1VgaX`Q>7?r-@XRPO6V15FY`JEdl-cp;~)vd5UQNWLck5dzdgL|;2=}R zwiXOss-q~ENmjESMk(1;aKx!y`mSu@i~5gcDv1b$Tamj17DJx}g(t^J=_CL0rMbGp7^biFgA?QV?8_v`HO%TTzpvLLpuFEd^*LiegsH`EndS5u3Dr=A z9i-)5j?`qcs=LVR;q!sUiMblIKdiuGTvlh21I7a!W+>xU->2*cNrij%)YUP%j>aa2 zK%e4`rk(h0oEi!G?f1)%%TmkyeDeOp^`ABkF&#AgyGJlt66)Jt)-yuwbh`TMS6)f* zqEm=gDR|5JmanyGp7Pb!@$=8U1v7Og>jUZ_` zOwU*BjsWIWK)&-aElB3V#pPSscMD=um7$N@WFz^(e|x#J-&1%GO2_yty2 z#(IfGbzOvc?9#SV>Ai9nnN_B21eb~L9E(%@a#12OV1Bw(uy!xh&Gx}! zO{Ym^dM++NSBz5&P*~#zo^+^%os>r?eV~1&QD<{DPe0amYgmA)NR^jpSh8n&9~$=Y z;@J%8tfs$$29AWE2Nxm)9Fu?H^X8yAhxzfvOMGQMb?PI`&UJ1AmlB?G8qO}DmFP6- zV$l9xhWM1b9UqOTPdeeonSk7Y^Cnj5YpBqwi9NWWc%zE63*N!y_>7EmJ5MSe?9$qe z9mow%U6-?t`@+z!RcE}`LQGBgBT+EfBEQl%b(vpmmCPaNf=eQqECSnZ7lb*{6H({y z^Yt~PK0&P4Dv7~j@Kb9qkoWAl#H1T4%fQTE2AVDQ*JJu6toE!78*6*Yx~uG)3{Uq` z&`R+wK$qv7l1;a&aK_$P3ts5?;cGK0^y#-)CvUe0Kt7v-9fFJOezr?R?rlJWOATbs zNrU9!N@?!Bf_43Ts-N?H12uhnhN|a{-&@z?()2qY_=pZGd&M71FXG37b&pjzn#`|Y z#Wy7zK0ZrL(A@_36N?`X=@uEp6Erth;F;|=wP<`{k}5f&C0!1c!@Fwm>4b^~VlLbv zqbxOJ{H)4IdJ{?Zg9`msbD2)6uXc_N$IQmq>xR!np8T9 z-=vW7_mA9)g>Qo%U))E92_Jn1r$XiKhgg}?PZV5mH&0Uo+>n)xQmU1aa@A6zHdbdj zo$Xr=i{7s=U`2`(xb0&v^cRcG2D94PWE#VSBP_;(RW!BbE*`t#`(QAb=KX3Fk_Fj`vXQ|Q;R}2 znWn?qocIf`)o_i6DnzQchbcq`B}0sIV+Kh!c-10%ki3yE$GS$eA5KniWYZ@@_^%5a z85$#O!fV^P`HlyY9sXnv|9s?A*QtT5EJu;gj7>8L6eZB@bY;&Wj;bcag2V z$JU`=kLD|LMsy?j01Esl9D|k46XqDk^xezyhV=(1!Ql&9}c?A=F5o z4l}T}1g^n@hg+V9qt}P1rT`YO;LY$uy6N~=`{$Q<+Zo4{2Qo)mS|pYZcv6_)1vTlT ziK5tD6bX40^Vy`( zRGbbLp8%RY_;UWomH2~pe!g7vV$#x9Q_*`XE{imZsGfC0^JC^s3c9E1@H?C#>*Mo_ z>+RJQ=G}HRf-1PFLA4}urw4Vk)0l_k98-1b&VI{B{W@1jP_=Y5WW(XNuzbZ(SRP&h ze9pYENGw*u>rK%85G5Zhcu4k4_V#h`x%ASt=4%8LcWSH_WoEIqpT}Hm-;lY<*7d=E zfN*QAGZNqy7-;% z6~2gO^t7EQjfsRzT+x1caMrLV>A!yEUlR{35=eQMDTL||$a@3s2@c~$3{X)`{kM1Z z7tW#>clTq17SL__-WvdZ(s~HTF)a|pw8BDw1$Xfrh+-~F1B956GByhOku zUngiQGiOfK#>dqLSgMBQYICLm`Gp|k6QD2xF1FAxvN%weXZkQ7Tx_{(=1!E))N9Ls z5&)QY=G)&dhJuE+39Mwy{dU5;gDNvyD>l+zLC1=>5;hsl2%F{Dp|l)un6sq|qM8Hj zBmVDwSaCr(imH++-TI8JxDf2*VW0a13CpoNY$uLqEk>u?7oP{uRA3kFI(UF(T=N2J z9;vMVz?<;Wd`?Su$am<16ycU!a9Blji+ zEr#VP@?NI@b$*;+K+549XM$5MG0QE87Y%%>3Gh7#TEc7fSjsBUW|OQF>|>{0%G_GY zWKQrcj~rd*qQU<46Eol(V4|uv`m>S$#Q%R7{sQkH8Q!c2o-Nb<^6I}JhJUe}Um0D; z8^{0mnZGzne+bV1m9z=01$dK3;0H|9NBVY-UsxWNPjAiVXXuOScx$44ag+ZAX8O;T z^B-=h;Zax?6MVcm4mg!c_B|}KAQ40ejUjP;7T-7F(0?ZSJT3L%m%Zv&vZbkKj)0CM zwszO9UnUJ!7nGOV$n9FMG;Q?my>O@+bpwVXAP#5zLD*M)`4AC7=IjW6%azn2V+l}m(>F0S((CINg-giqbfURwG)DyreGqlfD&8_07;(wXeduX6m;R>Wx zbNprZ`u7{-WS~EVdLV}Ud`49lyhWi!+PO=LLcq^LLLi)BB3~9C2Dp>Gg@AdV)WrM- zmr44Ezrx=;Lx2JWUg8okV%!b9m<$mW6&#gi^COT_>nTtL`jNnLy0%YucE^3C`rW}^ zQ#9p+H&0+KRKv@V|1keKf8T@q68|xSz6jyhmuF1RHZ-g>r|%ugNOJtfg=47K_t|_V z)4S3XQZND`AE+zCep$qSYrjBWEN7u>Pvi34Z>Dr;(V&EsnS8p_yI~J4kU?KS_T)@S zq*ZTNjdkTc*b)@SGV$tI?HCHno+y$1(@$P~(oQxo~8h5OeoMo58x=5J&iMfvAV z?TGi0q^?bgdzCR2v0Gaq4Df`iozHru!nkGX9wAVCIG?C}JgfawR3VsB<;t&rN zKBuIxj6y_Q7&nYpYoIBFkcbJ2k#T~-wGM_y)gS<1i&(qm$rfroYCtr54akbivLlL0hUnV52m!UFwUNQ2?eX9q|o*LKK@8X;Ag>$;%#M%Rd1fIUzfuy!iDS5`)K(ADS9j03+eupnT7|nl05}s zV{qufj*tpiLM2&G=FIZ2fTlNV?69U~GuJap2XMI{sL9{xiu4H8{;_L2>hsa+Y*M|l zH@cnSDdH6tAEI4Un_K$*)%&)F_Z+(ZlMQ=8ds$x^7?;^`Gl0uH_lLDnt`#L~lhoCv zacj2F>fxg0vf?y;+31`S$eRC`MfWSC)$6Ncm5efpBPd#n}1SzX~Cn%k+em*S5q zIkgP3I)^T9o$RrLl0P7s~anN4U zGR12h{kGPq?kh!CSvk&O+g8inuouh+iGl}D*3|P=s%^_b(Lv}!*hZ?`b>;GPhmY+P z1KC(JtZ+RMlJ@U1DI2h9~a&-dC*+&m>uHm=jB0 zR9{^pQYui7zem9`JOltT~Dhmhdf)5itfna1mOm{!u#e0KCaw-n_Q3 z<$MuyGddq9ByOK(obuK*KcB`1utxr5S0{=_bSSyZDX6`S`?UsN;1PXR@8@282E%ay z44Cu){R&Lo!ty?#jdmWnxTwdj&-D*VAVsD$)V&TUKyc zhh7YG(vz+gr9h)QnIPaZo-?gLtBo#Y9uE%ul~m7@a=ED)F6n}+op#o+sGdwOQ{qau zaf5~bXGn+2qlu5St&jYWfi`nMPH-LeGQ&fvUG4YnR)NzTQ!|-#r@r7*VvQ1?9MR;0 zKc}iF1?_j2z4*$rt^A#cRfN_>2GPJUgBe+$J2gBEw#aj)0;fD)UwYWpQUPW5r1Zme zrxpr7Qe;(qZeL^agS6n{`%@61)X=5F*HBXK%Bj`2)fsLG*xt1uk8O#59yZP=rANoY zuEyGoB)#;C99_Ai8+OcRm#^*!buP?j!(|_zHfC5{I)H+~>AJnpedlHkvFWY_yo8Cr z>qip*$Ge+^sK&M6{t(?>e5G%9#h+U03=voFm0%MA9g8G% zKGlG%P$hI2Q264?Jtv#QIa5E^*rw0Td-AwN2I)Q~viSCPbGY2TLjMtQ`S3v8b88P% z?ZSYy!JflCb>v61?r{KZSqPdfpIZ@FLi-u8a_U7~XhYbTT+Zeo(rK$H{}*XVbWrxS z(A`&JMBX;qY*m?00|xwEAX{oY?MH}#sz)NdO{A_6^ad+iqj=eIo1O_sx?%2c+M}^<`T4p~O8lw;q(SbYoeA~h5Ye2oW zjU_rXq4r`+Q1Ht=+5HwP?+I<;}ONsk4dLT{crlrBnq%0R|h&5 zU5@Mi#kbX9smM>KzH{s%ha1QHiYJ9q*CE)ITA%imcY%?Ja}3;FDwld!9_L8NVi$EI z-Lk!EGpxM&3Z3-U+D|9c`|2(D4K51-Nc3=`i;6iF4l87-PjgWi6!mjZ?BP8hW0=>{ z_|=J+bIytrPMqk*H}?dusM_2h*i1&9--V7nk-mLrXoJ~4)}dCqbRpK_dGZFWjgp^6 z?9Jk12>5OU-KX8dsvo?VVoLQ-$(-o(DPPi5Ad^#)7kqAqzMXN7DlKmNobpYMrrz^| zmnnmw>XlV_K_2cdvXWUtOwm?qGu@R?xz?WSAM|ej9eY?`MEl%vg|4DEnr3|KIy7Sh zuGUI2#kn06F_n!`4pM1%&T#E;bEd4m-IC=FQEy$uBbN!gmQ`04PtXX^Yn*LV=cQjJ zmtR4X6-hMoG*OhI`4rLzab%=Lz9qLrdZtCYrB-}iaJ)<3I9PsLSr(ujN&2qVr&;xk z6Y5fBRH$Umxl(Zo;gpSy==fZzy!M#i!~WE`VEoAMmQ8=^lzjttNZidC;}l0pl6PuA z8`IV3)M(h%s1l}hLw)rqRZV!6ahCi_)9nCy;fRR|?-l)N$OT|C>qz6Nd2B<@r#SKH zRot6Hjvb@L)ASvikxg_K2b=|^{VMNfM%Bh89&hG@X$ZEa!d~!#EhKnTcE|JW>X+44 zUjE?%x7w0onIn)DWzG2O?7td9GBkRD_nn*#lV`aB)g-P_$9?$d%^t44YJI+pze|@`|lfv7a2I=jI zk`<+!w+fArOFzaGqBmf6_JSWuYYEi7gVV#I3}OTS+le_B5F4sRGxGWceFNJ3nTpV{ zyC%e^{#xd|jF6R4h+=pqB4uEi$~H#L+Na0GMRGx2+@Xm4tcbx_)Xsp$t`2)*z8Kvz zMAjLKa`5aUmDtp>o9XsWbsw7HZdeLlD&DY2V}q?W(_w`zp6Nw-Z>`|@&oTm@^+NML zqe(%GWQbqhcC8o0$W`PZ#pfVVB-lC%e!<;`OkbT%$Aw6DP+D3qaLF81<~N`x&K`ke zu%w&?9ctts`*;N{+pji{nb}z9HrMEBym z1!J0%R%zL-0so&!{W|YOvXZJ}-_Dy9hK;niPh9eaBCuobq_>4mSI34-RY?1f zQ7LKGxP?EtO(vSq2b^Ddt76Q34oOcBHFT+HMzYAzExZoqt0@-)9j8o(O-ZW8AL$H* zzIwo7G`WXLBvxdwkix5iljvy4!$=y^xf;rqfgZ%pb+KOD8mMTIr#LK*s;7JF=1nPm zJ9crrUpmXJ#IWXDx4PRk?HFon5)=nR?u2uejOg z$9+D_MfZ>9w7gqm0~iypjELy%9FQpo8!NmxZ*3xa1TNLqr5nvQmfkUVY>qVC)w`VK zun&=R3dDtbT;MAktiNSOsJA9Wc1`Jg_mmiW4h- zx*Jy5HiSrPW&^?YBx5Z?0Z@)Po<_vsB%+_EPLOwIKu=PjV;%8!%VJBfy$O5;dU&v4 z)6(zCf4cn^S#j#3f3=7ASU@Mv#XoZp8PIrKH?dwxeq2PZ)|(7o`rMlu2HyWX;(kOK zvq5+@fZ+GtteU~XzNL-iEa$r<4nJ%pZz_(fmm!l14I|OvwWZo=c&t1k1+NxtpFDKQHD%d_dmTJ9)u3%_8^|zog1%1JRnMxz9-f1Srr9^f z(k1f)C{fqh4}HzQey!1Tn%)yU*v3MoiX@ zVT4V2WkKH{Hd(*-fLo7qlB}>v(?I{?aT=9^aT5KlT6Js(oA~Kq#(=~-J;^WZRm(pC zohzWn{IGINOkl~R=`-)bqi+;{Pd^_Y^|m<2$#ZAGe1#*qM4N(q)?@6mQOCJvVDpYdm=iW6TdUt@&bo%9*v&o*$yzKm>x}{ zw*>5;n0{`ckTs$uRlI!NS8ESksCdvqe;4BePzcO->e9h)x(yo+R~7xIq)T1MEmz`5 zD-8cr3m}XtKo@^u)@T|+6Y~**Jb_X{vDh`c@OCaETXY_cfNH5j*C?K6Fg%9S2{KM|AV;w zJNkjcVf)5pEZvBJi$o(l=(~XF`+|<@2QB#w`U3|MuhqaVlz77k_#peLe?kc5fXE&2 zR`=kkeA%tbG5(MrpY##_{heL(e}RAyuvjQeohG?hDu$HDPfevX`sU{5)b-oOe>3EP zG|9XMEi(C3a3y2uMcYUU^vV2oe#R#*MWh7(PO<;d3Z)2oZ<_i~ zZp3+iTEo9S`l-AJ#yOx^tp6K0Jpv7E(}Jk@D`fr4Tm-0rVHs<1EcX8v<=X)Uy{uP1 zQ~qg)e|-dcpfCdUpy4V1t*=X98+Mx>lwU^hKa~07zvECq094bjSNg9V{0V^0bOW|Y zVgK}ZeCdC`Wg7J6?Rcrc7TJI6s|DC*1e+23Z~pZEc2@Jj7kC{|rXBKskuOsnV4I!r zMF0P?q#A?>vtO;SRt%RD{g!`!h__t^-9qG?OMRu znU1U8;>vu*xlh1o0OUVN_zm^Z4<#W4Z zd^Ea-u0bcrv!0y4< zoD#_V`@WijJCq>>ihZl^>-6s)7aYWzyaF{NI!)NYO@1#7j+}lKH)Zlyu+NNaW+dLt zgxF3_PKo#PE{I-2{4Qg=Db_6@sQJ`O%^1TOzj9MYEvcMtxa_M&L?~Qg9U;tHh&6wZ zwG&F&1G|U4d=9Uy)qVMQA7NYYly!sjuRg0qPN)Jn9FZ`15jd0-jy1f&_pYtPU1C)6 zRuG&NeU_ORpwMN!gLB9&Cc5_y4z~;Xi~{xV8nX7hl$-e7zK(JJAwcgLLGbE7lyv&j zTQ|SUY<4*%TXX6H$`;%T86t*{7s8H}Y zy}RT9u#!B8jaK&oNCleczK9R6-tx4=;RAngV`eEhop#lhzyu-=^)rmFmvVSIulsuM z9`-jDcd$)}ltp)!;YiTA2;XNI6{{DVEt|*>k>zxojUyQw_v*;!D;ph;3*@#GZS*2O z&<#(K?#s^Is64kJig(XdYRi+|;#c*w_* z3XPU}02mQze+$Ejq^J9&-%$SOmWy)7t<7mDo)g3}6WpHHaes9lifL_!Ngsb-rx03d z;S;wxy{>Q4y z@3Nm_J%)GrTJKSNnkNQ`58+aHdJxl~8|LQ7)Ugv$^@a_&BqMGd1j)U~!_{dP<=T8mds2*X zjQPy4^+i;%<))<6_IX#JGsQw4>k?r{ip{O`Y$ZWMKa7RY?ZU7}w8;Vxx5{i$k49u- z0rFLLh+Vn+8iVB%QQqq%%Exzml!)UJRa9eRB7D6D@v=!R@#IQG4i1Rpii1QEi`W8E z2TESy3Tv2T+b!uKf|0|5_BHvIXXmkii(;*fQ7sf4D&bnsEVghN;l+S~&u5E0F0+1< zUT*#TuI~Z6xC~ccKQ5o0C$i00U@!FbzApGDhV1Bn9T+NV!&&efB;mGILeYD6#?IsC zZ1sy-&9jdupzPKQ`~2Yvc(j$=RaHubwN6(R9H&lU+iI*YtIA%UiGYa=ZtFBX*f0h$ z$fi`Z(Tr=d*X^RFB__z<9C>H-${klyXQVFNoVn0q^t4{cgS2R_sFGc3lf@{uL{SkL zZ4?almH%ECyo!ByFj99^wNAoL#~*vw=;?mbAXm(1TM&4bD{muM3#hqSs1eSp)gD{6 z?S}B_Gvi3iZ>lTbMrZ;at14TW5FPN@nv3P{<>{*6wYr4(#YE?$I@T~13{HHD=Dw*1rYgF;#78}_Z{+jz?9C;6&}A~dsJPLg>LxB9}J%eR0K*f^6P zUhBi=V`N0YSIYbsGjcp?E@F^9?Ap_A{-+nP<;~GDJjv{Bk6lrdN`~Ba8r~rOxHp*m zU*C?V{;;a=BYu{bHScFx%Lc?93&DL>M^_?n-R@mo9(9-5al*oJ zeWB6Ku`C^|=z!RDJdql_jc69mZA*R=RtQc(st*-|C8wp}xqRruAh{wd94;@3pxi0# zQ^MRv;FG_G=X?>k_OXd%rHKVv{EH7ZAagI(GI!N&kcrb)!sNP_T$9iqUPFH&`rR6c zQp>GT-~<6+r5VYi4mZ)sEsTR=N^Ra1= z-7}d~4_aisiF00)o@Q>9rZ1%Dt>|{Qg|C_`?OA-X&*%w1QB_!wv_JdQtFet68%>@V zg@7IaEeajwB39c}bKUs~CDv63@{|rYiRKw{a23 zKzUH`>*Wu1TfV5bTprwI9=Bl50I1$K7**p%8&tgT3gJR;ySA9YTRtP#A{#&7ZSpBJ zwK4bffAQYmu!TiV8#%l6(zzBN)|6$E__qDAJLGOEgRkdwmFx3V zLbLu;tgYn;KcSGZSovN~1~I%BV^(`Alk;J4yO-yON$0IroGR=aY>Y z!E6x4_Zc>3PBBo*{hY;IF0J2{M>mf4ruS~|XVYyszdf#D_AhAq_j520pEFi8j;ZqO zethYpS!upI2K2kqz6(+z&=15suM|PS9}WPdUM^QOIv{(sre}OyTG^dg+;_AJGR_>e znch~gCBIEShvOq(#tK=eZVLgw%=qwdo0lW|(dIa0F?_+sqEF`Zm_yc&j=W<_CBZ^L znQ&J&+DfjL*oV3kO!YJtXfB5DxN2^eb~yQp)A``DIf@17-eRp(gqGXJ9{Dlz913`Q zGb-T8IL7;3=Di)|L#xExiw;1(lwCgfRd@NvIJBTEC z(^~lcu{2UYd4QmkkCW#{qL=5Mb@uwLRlrjVI?C>Dv2Cf;k9oyUqVE0^|A)P|42$aR z+J}`!1Qe7I2|>D)ZZH4^0qO2$V1}+?KtMo5Kw9bU?i#wJYZz(>>CR#3c}IWu{XGBw zeLT*SXdL3pS&ITsbSXO8qUhS&rpe114?KveiP&iWeDc z4lH{z*IbqiBykI}>Xv%}$K_5g&$MnBW}vEBS{y<5QDo)Um&cnHgDDuoDi_U2D<-KR zT8c9CQsrgMu#9!OghVRd2QL9)!ZG%D-&`p;A1YQ@wQBm3ygS-L=1ghrUu9jJaj$GE z{Rr%iOiZB>IA4sA^eVk`Gv@OMuCP!DfvtKc;BmwhmWlhvPoEff3e_-yXB64yJqRLx zc{8Mk-t?;w(Nx`g-pMwo+eo$EQrc|2eN{fNMm+8`uPK$(oXh8tz;u*>`;LA&U@WFk z9!lJtaKY=b7AN6CH@=cASZnV|s7oeMH~gY=RgZqOgLm=r();=%#ZZs8(Q%78y(djO zq1dqA^C7my?gjO+ED%BC_vtd~Lk@U-(Q2R}?)LTJz&90k8Gk&ia9@g(`p3t;+$Ft< zKBIPNHMLk4#dFwi=3Tj5XgiTEAy+8%h6`qs$h zU~ge(|KeI_HgFc^EXem%K1~W5<-PITAYL(&RR3$uL73B<51W*am(G93(OYA7hSGQ6 zczlK%c9|=Bh-p8c4s_65drginnQQZ&;qK1wcrrAr9Dz;qx71k66QuW~5aYrk_+l1R3j;8M~>9rnT_ zd57vKU%tA)oPr~V^2(^;vex)s{Ef&EgiaVx3jk|dXRHq^MbpQ*B;d4a_bqu1f7lMI zaDBx>hLv;lhEUam0)eHwD7+nz3%a>-qJ~5ts(${ zE3^1KJ0esDw%`+sKVScZ#xI^2T=sm>Vf8J~lGWwwGUI6`Ik6Dmd0s4C@`He}E^v}6$#+J}SjFz1A7tf)60yMVHWrd89ueH9(i zGjf3=(dEvq6xl+H{IVTT&AzJ_hn#J~2MnpdW&-kDnjeNb9l!C{n1>dJ-q;zB=P19g zN<-qLVegHzd1bT5g_>)95JeyO16z&2IZ} z4qgP>{^(6;gJL@9Kt98%qu8NqXz9;>Pa!P5} z;#cYRU}51EO6Ly}ez%+@_?ScLl`T!ad7fCX^Z%)h1JXG(86Tm!GA=lgIh~L2Ht0`y|{^jsj-=#9kSBv^DTVYlWeksWJql4tss_>M|YmPneeSY znz6wA`L12>xQpv-q{UX-~E4CE)oX z-5&E?xlh^S;N{c>Cx3Oky2*^_hSu->o?f$-@S`tUWxQqdjEMt#$*1;Hd1bA)Pw00! zCsQNn!Qw#0r}vOQ*B~{)3T56jju?an1W37<>MbY5xv*6>$^NNZ zkGsXeZ@F}S`Ta2i!anbL`n-85^<$?o zn%`t{EDjFy#YkU&6QMuMPk8lJiIda{lmW|AZTzC~!7^ zMTLs=n`HC=q`LER3kqm1wm_;)g-^lE`6pCv_rqJ-slNlcRCw}aHt!wQKW=n@d;XGq z_^W5aQAwOA)~{SXAW7~6H5021g!tWdTv%pG5ZNbX0y z_502iu1^QM!sI8Pjf?Wc=^}P{)KrS&2b3r(r^I<1;_jw1u?)sNV=^#iKw2E@lvlkY zqGJ7389yHoRaJEV&@<9LkY+%}Dm_hpfyE0xCvyJ4_RZVD978o2de?#`3v`UhUN+=?V zhNqun#Ut8ce&zKejcjwhZ^p9}lA1YDNgAd4MR5Ze)HG2K4!rLQRxK*R)Q*i_D*1Y; zm2oCl*}1*VQMyuPDpy;+)7JA&pOrGg$Sg#;ZsQF;XR;Uce3T=0H@@Gq&(#(^}IXc92lq_vYc zeO>jz&^F%ho#Yh8Nsp7&JS_pL{*TX&d3>i2XW-SNQVMge(;t`5%%hoel3qF&JxT<8&!^e#50Ts0>uqy_u6k@_k8(jS#4s-&F+?sPT9V zC~Lk6sdn6^EC80Th!?z^)KJ+RQHj4g_0=lC%0VF#M=-MMX(CG$11LA{$DA;9wesJ2(r8|Z%hWq5VD(tK}Nu;E_PJ9MJvSv=W;~Mop&u7VtX-je#7Oq;=?+CA& z4(-S_A9o1o&KxH9HDEVQ`M8&5ppyq6Xwd%r^QD*5!eQyDw!QUgi`mv3BX%1+cIR!| zM0~&|fEubqwf7?i{D}Soe*Ci1j2rhOIjDTRyZhKB_OVT;UA9C60cSioR!+!XfG#okp{=Tw_}9s`H%97iwoyV;v2aEzd=>^NmWQ@{QtT=gfz~^vC%oxRo z85G^;d)Ysqp5XX<^Z86)fC068m)~rwKGHV=#*=lgN5SDh#BR*{xA$?O+?Z)urI(g~ zRGzU}ex6Nv12!(r^B-5s%pd%gA7?WQ9OKIH5GuxVW_?`?{t)MFBo$dY@XIW>kC;l^ zWG0$fhb7X5MYi2ngfu7B#ktIs-G}cx>v8yW!W^qViuB=;RZMYFwDDEaBIsHK#?#$5 zLs`Fisoe4H;g|0;d_2)fIJ2bIO#H1!r|s3@nGwq0X-E`Cf*PuF?#ow2aSJz|{!Ba{ zd#z&K$V>t4>_q0xu5de_sKa8G)~7Kg!8lSBMnW->2}TS*M$9nS`FVW~6lXPN+T^VU zujm4=LWpXQtIU;Aqv%b3weY?DInaV#}pEa<8gtQOH31;xx7+mr}^r2 zeutM^Zmr1D%YiT1W5+jW8^N1Sf}sd!>NKP^QR+&+BU+yg7~+iyOg zPGvI5(W?Rg|9I4w3Nh|Vh~^KP#rMm@lC#9yx#3@eReig^#Y&r3Q&03#sn&=a%L%fz zH5zJdiAp@FI8%Ex;Q4E~Rc(6G1PJ~8(g-U#p190x&XgLU>V02#O?weW^W2eBGL^iU z=V!?T=sufdOlo8A=WSB{DD8{{C6aNz)Rl}%wOGs<_mV!8Gpe=eUJs$VX+&&#R;=J_ zZvpwp?-l8mCz2OI-d5#lT!A&22FKBD$H6eqEy04kc|*@(#N7a&+=3rg(NZwbI~i^7 zo7rrV+J3dwmNPPE=KK_aIj@sUs}hTYqhDm@u8-c|)V13c$<+*fb!gQsA^si3_j19o z1terHzW`8-a?z2iZI-4zB2j75xP-jaY+s)IS)j%u>Sf$afy=z+yzyHhHbM7exr*_qH$VVqwd9oJSaZJvxKe!D$|*YZ7-hW{jN*(abvi;=|4} zVN7%B39F3zcGs|Q_El|_Pc<=M@jE=I+Rw+~z>)Ogu1EWg^mJQIs%haf%0J$G2?A$Kr|!$Yhyt{OdWF!CE}6w|pw5Cx$<>#?is0 zgHgH5=6Q2VFiT~2pyKZHjc^3=MhMcvj2c%pm(iD8+$f3jP2tKOxHnQ4Yeh6%XIIh( z0VmC)at(%49N2hgnBM$}wq@^ea|5pQa!p81tno-V!`Au}vL}=(lJkCDD9f_nTWg+L zM?B0Y9#%SqzcY{Arpk+O8&cZ-Q4o>xH*ofIqRd3p&yPh)`Ehl%I^M(s#M^XHPO&%r zz!q`MV2kfb59xMui2d(0JOb=JQTe3Jtm3T}97^@f+z48JCjzY-)=UiezR}NW=2@8h zLfHi+r1eTXOPgU>0O|C6Z=kIf+3@3fWvfyvhfV$r05BBImwm5O+wao(1_n;o8P7rN z`OWCysO5D7gqgTXl+;pkS1C6nbx!yR#fpAC2wDwUXM|Lu-G^aziv=gz48Kd<`r@6M zxcGnxE?-}7tMi)Z1tdG-nQAh$Z&%j~aQ(PjjCh`4_@2~k<9ULGWCP9wHpvPD@(fJL z7FwR$$U51d5Y4xd&~3(E<{|BTvTON+zrRknx?O;nb6ws90doFc1r&5P$WasK-qkPg zR(@{w73D~82gM0hU-@KkalArh?p!;(U|&2_1maq;lWMrXRa!}zZ>l+8^o?(S`d&eN zVW?&cSDAZR=nH1^RGiZR58edJp+1Co5KUb*Am-K8c9gO7Z zh>hVjog3kcD)*){gPJw=FwFJ9jg4ree*|JRT!UBA6f1N}$u)NduyqEHnr!npcG{B6 zzu)$`T7cr8*{|aNfY8&8-cE`M7A&2Z+mhOCB`cmwV@1p$OLpDOKJfsE%T4QuCGEx(r}xHjv~hMzhs* ze;U~;_KaQ{SUtig^@l?7AXX;nX&qU`VUVjuOKNzrAO#9Yj>%%sK-$xkRy6YA;Gnx@ zL%*QZB^%44^yqR*%8Ep5P@w5#(|bcdbNr2TVtr8ot?cZ+&rb9dz$en6ph!hdbmJ!) zq;8-ByQL8wi7V3F;7yC%T`YdnZgp@{z&4ojz1R>^TzeK<)l;; zlX4EzJcZn)?sLhK+Cd%IAvG0gyi=15&Dy;A%Od~s(x$AfwL5=Ynk8Ry8psI5xqNG)bN%3( z(i1|rDx<%S{#kt!Ox)t%%m9e`OO;v-3#~W{$2-_@NmqEs>b%F_TC!;Pk>}Ka1p$n= z2=ih6zwPS6@9{}voYGM0a||2Gl>+0$_R;%o=O=Wz+Z>pdPriNd;Yrzzo1<#|UmjNY zz0bQIUI$NVmQk0=Zu8OUN5c1>dSo6ve}lJ(h3v&F=jk%qWQUD1Eu5NRZvSu0n+OUF z6DUjn)75{*r2RMFVN~`{NO~smfZd-6#{Zd_fMKHIrHeP>*8BbMG!{b*42y+lw!E0) zf2G6t|9>hDLvh#?=W3zb<*BXD?ZrlZX{j6p0_lrO!^Pw`z^prGQDPPN^ZN;FO$VRNQ4(Wnea&I?jt)k{zSN9 zx_K0Lk~C&}^#YUpdIGDZGnjZn+pRB43^-#iwD;rjIvhf2jCN`nb~{iBmeqprVs@!-jyP)>?&9p--;GKU-eEYCXbT#!aBcpCon&CWEVN#{P-`StbPi2vf?!@|71m0 z7K`96UfI+Z8)QG>k8ax#x*jYTid*HI%gZYjvYsgkBPLawHhlk*G#EbPOkTwQ(>{Sy zO@2OxH}<7ykGx2+W3oQ=-}x%q3G&T@#oS#dvw7aDcLM)lSbs<`I7|PmI_T4h|kJ>lpeiDPLZb&50YGD+)7HRJUv`eNw^98=75&mNpjzjnU)nwO- zmi#Z5);|xuR+m8r>|?&vrm$l2uknnkV$nicV5&&q!42OX#6rh^@@D=Kiyu#dr_clnqgg8wn4w z9n%Bgc3gf$LNDoGWjw`bw#4x5i4;MqBzDb)@{;2WyG9Z6WhoMoBC7H93g<3p*dnwHzZ|ZD$6CPT(WA@m_YF{@EbHHBHa9j=-LQ6FOL&Z? zwr?h^qOlg=EF`=;{}mLenJ;41Zk;!rK>>YfQB56qg*RduEL)wiR9GRTD6}m-9o3_@f}9J%xE6kK0nL56DOl=sz}O-p#N(c}siXLWpxWn8 zVUZhyy@BA|-=k&wCtizJ&$SMEvwA=Jmfn*rqyPMQ4!e~XX5D?{0*!jXbqHQ$Rr$Ms z|6$fH&64F8yj}KZ)G*3_^P@u8Oexg4>n)OwgZ@>xYevdej}cU0EFsFLjgX`avAgE%g)t5eB7deL&d z`iz#6U>A}9XFAz@gyrz$lUDmi?>Jo-H+D+<#&{+9wBOQ$%+=vukL>46&2Z!o5!3sa zV6(kPaiqUq=TE-D!3BA z39Z8K@kz8(uoEPXKd_)o+Kmnex!K3WyyEI;sI%hvV=I&-61VDDlPHm?oX&hX?Nh{S)Tl%TwXK=H2l7u4a!&5NsAdmQor98VNV zf03pxRbH?ZVAX_hU;;zs%M}jm(}E3qFV7{ zZ20FHLd@2gTA^0|q}+K($eNWZ@Deq(#257IpI@q>EThLSrJ!ZUMufl0SJhR^ry8ah|Z!{F=4=r+^Y>U>% zUF7L>r5mLkfESY;A}>8)qQFDB12f%DhZfRj%BsFf=*cCbkZ3q3w%59ABdL^bdD$rB zBXI>su(hY?2riJf9T`!misJE>HINptk1Oip_A=*R0SLFHP^Gx?Xh^Y7g;nNQ(&t7r=SR-T+7v4q;HWjTJ5~lOIWdM^?$!GW+6il>NWk28 zs57^jhNIV^&D#tDW(v*+lx3E>hGtHN4Z8QjV9zAWQ~bBc=@a@cb-sDT$tn(_|HTkZ z`ItTgeEma&YXNbh8-C$)Ik;G}RAsb5M9E`UWekV!gq=?-_*bPpZM%e>y!4r*x=0Gr zX8u&9v_Z18^Ps}o%qceW$uqRPalW^lPH51fgvBRnCSz}}? znj&@TYmv#dld*h(hXrcp`sdJb(QDRj%niO#ad^P5l8PQ)cetg&2XoDHcHZg!~rP)jnvi* zls@$)jaH=EC9e3CG+g1qiFDmk1T&clid3qoxC_|Ry3=l5lg>&;elSS~B&)P_r#6nA`1u- z3{GNBA`xKAYf|esN9%jO^$V9i5hH1;6bGANTt5glcD@&4h6{>YXlXDC%UITJAB|Rg zNAQp^;ZtnbGX{dY?;n1w{)j8cp;v*$K~cRh8Yr1JI-9xYpVoT24EHYBkl}UKD>4aE z&@4~?%}nv2^Wm!6lb|oJzPxKA2z~Hb;CUNbx9Z@RGQs!nL}|-$yE6c*DZLY;D)Qsq znzWxK5(mUl*zU?1mxiq`fbr^JkA5=@x@CfFv0}I3^WC}fdf~L}Zp=G~3fkJY{^ZweL=>JQ z%u^5&XBKkgTD)^}(E?8)01m9y<=Bo16LWd?pJH9ORcrnr=Tx08dYyVR#JN;=v z2F0JpNw+bvrqX2`^rR>|v`$z@DdLx@`ETF#dA~gA^Ib7}c9F)WG|{2?n9<5TL*XfM z!Rdv1v;V3(_8P03L(FDm78y(F<4$Atdy=^(ayE6zc)VeNPs1dHG)+K|%EukXeD)4L zd4)Hp7ZG1PZHr#pE)Yl>Q8#H{Yb)N_bvr{D8AJL>u^ajSdA!Sj)!U zbvWJKpx3^_x7vhhvj8@>y%I%`z-|vub(DU@qIh07ynpLN;KnbP4O#42BM!gKQfnC; zH=njJFEKc;hamEQ`lXifFwY@F2-V#>J377nRy>*YK3xXCkK74qO)N<}`!JbGi=ON+ z;fA!EC&BjPo8Op@WkPhl*(N&NVmbrr#`>{XeY4+sCB*|uY5DD9rN8U1&v|+tP+00C znC0~f!Mp?d28bUY7kc~4Ie3VwAKvOX%h2#IoT>r8Z9huPpq=fO3Xq<|YR{tQMU7pL z(k%m+uk35j04K#Z&5hMZ4xtB5CAp|_H=<uc zS60oHixBl0F!zAV#zNz6biefqaKXMnY_@^H)n?|r$JKW8KGLH~u#jp(Vh;3skWA7F z{+ga>7-Cm7b7CJ~Q>WwT*rpUSX!X^|ca3r9fFu0s2yywQ-QJ;b#H#cv;Y)3?ea=u{ z>UncBV3UvLclZHN6|BAXFv%8J^%0#;BM81#-2ROf?(ty^HnOUl_#NE*bCy}FcC*5| zx)0!zc~-x3-MdfKWJH&kqs>}3(bGMF9Hoscij?McI)8aWIaudwwY{IFq;Yol>g^{8 zSH*RuHPRk&2pX9NSk>mD!r_V5`&0ErwP3FZas4Id%RQ*z-o-0#_gMm>17US>aF*E+ zC}d~f+IwyX&;o7Q6?Ey*pSl|3+?2OAnVqjbMg=*-T?Ppu^T!5My2V#>8h6lziQ8NH>QPrfB z6&yvylLZN6U9e(pYk}!XE(g;6irU46m*|#9NZzAF-bnvpDy&|v(3wrt!mGbVl5ZMF zYypUCoE~7Rh(79bQKKK3sCFk8M6V@0O0!OLE|=csvtRg*D){u~W?l{Mj#35juN|UoSV4_E^t}GKY9Ga}8w8o@bGL z*>x~^sg$G8=p8FZF+7p%Mx)`XNYAYIHL@6@*8hF-uuw<-Zwa(?qkCOb8fBOoZabRD zg+kH*OiA^4^WV^wHLOvkM1ipibG0e?ee>5`tlUe#FY898?ERL?z;*12EuIy(l{GRb z<4MIp-b#z!_?2q3tos`=qK^$Zkl0F@&GVVZ69Ut?tT07>F&KTS}1Df_6)cv8>%$S1$ zTsQ66*?z*6fFwk}d3^MWI1jUY+lOExB$@y$+Q0NA5DVA&zwTtFkjqb}C$TQiHj60e(ccz;Si7r~xq4E1hj$yr37GL#jsIfmFEvAJv(ZW6pqqw8 zE6>FPm0!_`>qJ@yx;N3d(O^#3J-3Mu1Ha}_h3~ytd#!5ld%ZKYbdvT;E+>KHZX4!d zHS7M?f;U3OFB+~SW4L4_RB5E^XhiUOea!OH+)2vp5`g7PTeaZbb+6l#BgtJDBau{| za%x#x#90bpJB!y=sb}a+Zs0D$mLw27<7V5?k3ZK~x2q4pj5*^vb@;J!^c-M)jSNX^ zj-;=gIU0Mq+jf?)m^G7dRrtMe>&SM%wNsJ4s0(ZK$en3eL%6#;Ub1KptJ-p%%=p3W zC)DwAi`UxnBBR2D^;?{_u&I{KiKLMa zO&~8%ggM1qF-=l@F8DGb_ya>UbP9$A)#BcmxVv?E1=Wx( zKI`}NoZGX?ZItKqwYJ*#iUfKiGc+4bk9gv)<n+JFf}Rgl^u?HAq~FqE@{ z+zi|)O6M3qlOR$~pwQ13n~hHIqM&FyL%XF$TfJJV*m}G6o8gqZ=tw*2pcm^E^ zFR5rd@!XlP;^pog^)<}YeD|-Cl1PR09<0&IrAmD={o0SW3E*aAt%F{X+m6;k<5exQ zb&>lXi4UH%&R{>`J%e~MQO?Srk`9Z5sGrBtGGcd7(n+~3U$f#aYVWIplT>L9qQPG5 zT=Pn^zncuR(@1K{SNfhQ&`PRGLoeirNmkWru{#1s_IXUGDOREOvt8xXpU3)l+g6vo zui_Hy-A_y*mm`*m5|Bc?>nUmdip~cP&R#!nZl*E}DKzK`LVAWLmXKN==@Qe+ZC`PN z^NfpFrD|y|pc|yom%?tXW?zRMrP-+FLWQs|nU#{ft9&Ppm2M7?-*v{FC8Djq z_ua6q)$mEH;ff8-j(St55Oux$Z~|4fF5D&KkQ0?V-O_dc;lBwykjAp__?MdbYnn za4{SdHC*}?TS(my3OXC=Cz+f9e$Sl)vr;FWU1El|`uSK`CtSr}mf<7>3d;S|k7o(?~?fPLc&BSh7`2p^YC0+9M) z67Fuu&76IX_A%aj$JS%cv*1ZfxZLp9#Uv26RaJH##4q{)IbABl2~9e9tg}rDhER>x z7F+h0tKitrws8dRuT6n7Iw=|pYrPTlW42Fe=lz6 zcXeoI$W$2d=Hi41Y~(B9lVtym3;N-_W=n~l6iQ59Y??H5OfT#b2Yp{PpR`4biHsx$ z@8L@^KVVyZ`0vuG1O#2K<;g>>8r}<5C7!Hr284Ow>NNauQd{UPF<#0l-1xoqPaaB* z%7m6c1UE%2kGn95!9Lh-#IVq&=H21(>nkEozs-4h_A}{=-Q=fh-e~oz>Zd6V9#^LZ z(L=FDt+sh$t4(MOb2g;E$du?G(?!ZMNIZ8@fH?cF(QV{x_M5)h3l4PR5cSb{)9U8* zHiiAy#x@P@>`s`E@ux=P#f2xMXe?;;rW-9s?Yn!5HxJ97c6!_bQ%cdEB@~kUsvi0z z2H~luRf>=*#!hj)N=Qlq&u?Ay&>cjrjpf2ir4`tW)o5e)P@$12I_k+8h}U)woAScS zJ_P^gNToz?Ox{-Lpye#!ZrA2r8%m#A-Cslwa(nt!u}>({PM=gz=OUUK81mPAYfLPx ziN_ITB@;IZA!;l(2OLU9Y&WMP+HVQ9TXV$w&R)RyV-Pu?@G|gw18JpNw zoGr@?b6T(GG{U|5)eLoBxL$hLQ#e-pFe*VF9$PJV$^r&5V`_00uL*W^EsKo8TRJ)B za$Yy^zBS0GfBni5ma9TnCXVk~DN_hLy#d>Mr$31LcP@ZyZfZGag`gEE7P{tQ;)>-$ zO;cw%1%)tYwS_wi!(TtbPZE^0`jK;&+B=et#xL^H)uuqjxJfsr?z6Cyj0+mE@VtUy z(|oNg%lYUkf8*if<$H*W^qi0isfHoc;)b_%8E%ou3VknNULE7+3!#JG!1WK$`X~@4 z?7|%hljSPH^~auI1YUeJ_L)`0+Gn7(>LRx6Z5#5aG|Em?hi1)}DM*jFnr`i--rSn| z+*!|uB*NC|fd;x;7A42^TlBdU^T+)csf_lO&&dk*!)2Ahj!EyjA~ zDiy0A!nGvT)ffW@jShF1ksf_)h%RS_(8gfUi(!U7dE=?=O5MS&ID+?zTg76zQvUg zy?d7u$U)y1s2m|~#nMp5~M|(vaGZ86;69FFf02yeFNnw=>@((wV|W~p`U#~w|(n^i1$>c4kg;U?43Hys*D zP`@Cf+r@HW+2*||=Ujy6*c9}X?5y5lLhp)hGpbHK2*kY?PNOTec7m79UULoTcLwlQ zFI6eZo^;BTi!Um9k#NO_&E9_fWdywVv6pzS`q2XLO0frU#_WFsi4>1?3D@X-rI#yd zJTsEj#$0Z$7?dVY@rLw_y%Il8`UE$Po3~}ihwkwi;a!inQAvdRJ*@p7Zu$Wh|C$X6 zlE<(d!2L=-!_I!K8a1);va6rmg?T2gc4`j84V0clkvXldw{k}X{S=hoO2gE8IU9@a z*3|>8VYeP&AzGOC#-;QwkG&gOqsPZflqvqH9RB2!%m*c;6X;b&YU)XVkY93ES<5W1 zM^$^I5NIq7UHQ?^%c;WXc212})cHBpXLtS#N}k%to;l*Z*}2}C-f-HS&!5)?VJUKk zk)T`8Q}u6k44Fi$78byY$f*OQRk|D}(NhRYLow^SpNy<{NNpb!L}@8)&e}x_}#Sl2CBa_R8CAh9@lG^5lLbY0@jIl0g#vi{7oot6*3| zr?&OkHl-Ufazj^nhX%^vxzKcSN(0YTBrm#g#O3&;GC!2D=z16&t%(RY+gE<{IfY$$ITSJ=-5o4C06W9QIgvI;GvjK2Hv; zJ@5-Bz`H261O3t$ngH;che#qS6ef1pBLGqhz*79(+;95Tn+fUyaG~(ZM|WVlT2i8Y z+eszOGKsOy__AFUBilLR2T`fzN%K&v4Rs3;3D;%L8ms#Sl$*6~paNqnl{6QKDL7WJ zKSrP&3B|CTfmR1|YC5(Ovk$0Zqhi^EMnF#~E`W0+#YNosyaN50pQ~KlFlJ+xhT@8Z zZ6u(VRJWfrClWPo^VWgW>q{`ZjNb507AScvhKU7P=8gJG|lemny z&xWi5BX42hdKc3}-oI;V768nkD+*}s;n31~{q-`zC+Syg59s ziDcJpS?ZZdZ&RwAiw(RW!9h1SoQCVWJ^VBgZe{oTHRo|&ixY_Po0olDPIJ9(3aP%h zdr9LC3r4ls%q(>0f-{K_?Q z)4yRg7un1Pm$wj<_*dz9e}1iW9csVC950Xs2j|?l>8h3Oue8+3OEpE`sM)p88e~`D zQ;tb@qpr@lhCG1-P#(Ngep{B<_)P zi+;@HlN;By{$_OlRJqQFWAP;Gm@6)8U!C?x3ujH$AtwxY2_)B>;JAUKX&ZZL`~!x& zSW|m*HLx0O!%}S{2Hx=?n|_LXf^{p@L>wx3v-Pt@H#vj^oZ}?~Zm`*zy~j_G z71w}G#_e}NE}cZBm4^#rl`f@USjTcu<4-cZ48g=f(*$_op6v~XSnb^E8_*f+cg(sy z6ItBV8lbW7wKzXJgwz=f)9hOL?6p=HlFH7Hme=`Sat_2ijYoUw=iOQ{RVGRovOMKrWt-0S zdyIabl#}L~en3!NUC?X(o!{2u#G8Is(3InQU;kG7iX8bPTxRSLWkZv)b}t@Ql;T>z zc3k8ZojBY!CKtc3{CZ#oxy#iwmd&~4RH7wem>EjWV*3Mqst!uacpQWHhQQV%uPN~i z_a1kKNJ}Zj^x|EDguM(Z6$(n4Y`68R;zVpS4Z*kfFlf|;`yMVZd27f;5>9!C)U6+Q zsaDE1KErqrzs)FU{WX~QgkI1)5jo*^qoaC$i;({?F(5x{J2)AdxU-0W-aR?q-M67NDazn+li9TS-IOB6TT zd@Ctr-b{Cl{xMi}r?ze|IbSg_A%2a|*nG=k@Mh*$kt-?^Qf8T;ew7!`w;K8r-v@+q z5up*3hOg9QdntYbyG2J#Ak4Xl!~7cjrpWZe;B|h$_G$6lo#3FBqZYrO`v{QeC^j5m zws_=yp^Y!lV^rhM{XtrRuO*@vu%=!|NA1yidN=fso6^UP-^7lTvV~_^4ZgKW(lvR5Bq@j>NKzpFNv0T`T@) zv-mL*H*wH&SGZT%8f}njL-`pvI~n%L4t52o@!pf>I+yrRq*Yd>8|2?MTY%bL#-|rS zDsb#?BSb)$MzS_3I{v(>9`s(<9cjZBQ9hGo^DTuMul3AnS2I*OS%TMf0^~Vd^lO z4u_MV0>-e;z{-dEg-2bu%^g5Ht>rHqwP}u{bMyv9r`H?;bXq38ayV%SmNF^wBREYh z>PUMpnOtREBw+%sTYI8^;N}ZHILR7zgh=dK$q`QJSFI%cOu}fBhGo#a!$@ zFt8{SE^w_rx%U{1gncv=bdT2fr$n>N9%0v{5iAb=l;Cy32%+J{L;C_Jee^BlG z5iGYGloq5`G_K_#QsOc6iHOk4m#VU|t0g6O6$<~zJWOyGCEj_npI?-tS)|3m#+F~S zZcF(`2h;rtF=c4_|NN^Pao$oqi113m{i~e*D@66JZrjJGsUz_83lzg0!`_vt8h|$B zsGD+uYg26h-q2q}f70bH3fO#=vh3?I35!lnE_Rr!Jpvb%;(c<*tla*1&zG#En-;0} zJ>(6!-@kv4!QQnE1y!2ytVGh12~~u+?`WGC)o8cCgq<-ll$K3FV-|0 zOz__IE8~-{$uF2X-2$F>QS{GH;vF}oj;;Lj2N8{W26LF#!7z>1SdY;8f?zP2Q63C# zf|rL4I7t_h2)WQ*12A87Pr0+#=x{yyj_s!rMP zcA-!)WY)fE*hL1u{!1{n5sca|K{R>nV3>jCTDotj1ujD|QY6dWO%R{RL5LhQpKN#g z1$X#?EG;b`ewGS{V<|nuoV1BwwcRW@(;M$kmFTCS7o1zA@k!~5OZ4l!{cVIflbF>Q zn3$LcCr^%_L9g+PcpyUe`)4_>*$|f%3*izZccQ3VEPYR`1hY}KUrn& zTn^H>3{(9Z<@&!Hcp$=!g_EvA#2@}wr2pY!or-w{KWI?Y{C`mIKaDO`6Fm4N#XTqx z@PE}>|L>+SpMjG;()@Dc+dq4~|BwKqMH7q|DXU*h5c~_y{_ki1`Q^Ayh8w#2`xKz0r_=Wu((ng#{>zd6e@#W0u@d3Ov9rK) zwL73|be?{|T;q`Sd3`9*7@-y|h}mct=vG--2eVlJv4Z~`fxigTgGc#M)T5NATaSy& zufGyW84DaH2@!eAUntGCw!XtBeXPxv_rEAAW-3}HntXRhj7O+cA=GrSWa-0mSA+iiUqO3{$@3iTHJWez%Q+Kr~g?n+80;d6|3b(9^L_y`|0nO;RpYv!4ICM$IoB5&YFwB3X*Q&U|L2|m>J1s_0};J! zmD>t+;{-j>Z!=g0Sli8>9HbIqhssr{zG_o779PmXUait7m)63*46^(*-KtKr>+XeZ zue=|;%ZO&Djnb>GxDgA2JzQ=d>DO3_ynB;1gPOCr7C*jnB@JbnT?{q&h zN87&j%8$EKJ+OC;ab{L~DMs8QLdn|3GyXBU!N-o$Ou|+UT2t~f9Bk+Pf$tRTR&t(i zr%lQ8NIv{GobunpIH~UcoA>m5AZ;s}C}z?g4Nts2&bu5tf7Vz~cDf(1H#=HYgC~$c zg5JsJ5!v{{g0@UZMaxpUIjoDPMN;_X{}NL<=-M4y?e6wo>Yz~ji5simvlZZL9J2j| zdrUm6uBZg}C;j$OoYahJVQ16X)(Gx6EoH4%Ri%gKpWN&8}CoKIZp)%%nQf!(hH z%$F+$;?g?#{||fL8P#OBt&0fK1XKi+sv;m=rB^`|1f+LD6QuWELy@K+pwc@?FQKMD zLJ<&AkX|Bz0E*NQdJP0_+GLn_`&Na(3=QHPe#p`2Nfk_XK z78$lRpO56gE>k;AOwOJfRD3_w9W8fs4&uZ+9BRtoWJlzQ@}>nWtZ!nfKepC0~XjsthyAUCt7)WTe-3t;hm zDCk1EN`~|diS*2*4%po{8Xn)I79kypDU0F&Yz=GRTm29*9F`M57v}{LwkcAwm@>$K zx~3^_n7AYJIWPfZ{?zIe@lIVHn`X2as@`Vnmbog>Lt(==qjNavG2wygmSef`Jg`y&1go;W&v@=c;KbxR7Ci(+in3)RJ zrIPzm7!wVJ4VwjW0y0nL*oGN{yxXH>MfXw%r$2Pv?La=Q@8ofx zE7M15+{DjGIYObqhzK>~TbmKse2o+Ax78v5`Gm4yY+WdxYTVbL+A#Gkhx@4+lqRrN z;C&1pcig-goJzU-<=1Wx`XGAzx>AC|M7vH(>OrgNsF0I&s+e1kXIi1aQ&g=(1gQc? z;v0UUkv(eP?_W%XmQ0$tm3uAn3YAX=WSque*B2s@4mJ!d;Gb2&Jf?-57|#@lgyP}V zpeR^Mexw9uJxFbLbcZK!CBE-!Q1qjTre6;D;BjKm>2oFtelx`*pTULw)TJS^JUxRb zm7Np-eF#(m1H--Sz$D(=2e6_tu*M5)J6MMf9ghN1-@aeHTRxG}X^ua4l)@%H|dmJ(*K|3U9Yv!-U{qcKrKA zqejuG{x2SATN~RWC1eX!5t*NChqO#Ji)iZl$!N|wr(=8cWA`qr4ph3|EC!mK+C)|L zJgSMg>QOjmqGvl5v#4vw(^*}Ue4#T%?yh=Q*27(}nIhGr%R3Whc4LyXHRZFgk5juS z=Q+g7%@s>yOU_e#anDq8Vbz%A`&4~`E?WD3CH=iW?|3*#wflSYW)Ed^Epf^bdoNjD zo9u5Zbm)MD`pJHf=&zNZvGMV{#3OO3%{(xnGhOP3hx9B^<6aBwC?YFi1-Ir>Rrnw_ zQD7|ZbgR`oU>=A+?D9bYC6v-GKLXU${BY$Fb~e~48AvV|hl5+9Y_N2L?7&9!9$ucx z+_d=Z7~&N-z-R+P!_Ge#J+}94`S<5p{>9GX)QZCItxSVf+DVzl39Qm3gyNUl)2C$K zi&*hWb&LVGsfXp>4h8!Ua+-U6=7JXfP(3~a=kY;pV6Yv1-p9=(uBd+Z87BPHtCuQ< zZw)iEHl4#|Ph|+LttXJJd5W~@3JTc4iU95t@t{x@a%BqOlhbDz50S4kxjcSxKOsK- z(6~S+w0(h|&$Mwowa+Bitg5d3eS=Ep(SGIN55Vt`qXPdfO;s>^*1vnzA^G&HLqRnQb0!zZe|CMKDCTGKCTxt?z!AwJ7+T^I2jk{ zEk9Ixj1Th4>4fn+S?lpo$K{~yWXV+zYDggO+i+%#1;5t95#fjKbP;De?Q|o(WJ<|S z+YqCigNxd8X0ZjYiz_zYZ0DJddwC@%iK)n5+$DKSEII-3rt@5;wohfzy8TtPMyvWkMcB*LTZ5;>91TG`w&I~!;4|E6 zYM&3Zcvb?zKOS{+bgSc~*~XSF(0hba&;>Aa`Q`2F@z%tIGC}@I zP)}&fVx=?`VxG5FA}2n@c_mP4UfAC*phOP6m+@uFI|l{jNfXXzf*@|D3JC_P3z7r5 z1T%Uc7LQ*{k-Mi&x(*ubFC%}NxsM^`b$y^k=el&$Cy|%R40ZAJ!-2X5{Pi)A;jQ#f zn^J>j!~D+*%S`r)EeqJ#1{Jf4#91qa9Yly{8e@82Fzgrq(l1T1vQNGmc{j-AjuPIg zHEGNVsp~D5Tz1*B9mMri+R;0=45wIGkeJyFkz1juy(}lP@o(y3&SUE*8`&oki$dle18ivGERH>DhWfu} zV?IKb4e#2ZpEji1mr^rj&d_>fWuchisFfVjv~0)wh-pYuMbMURM1P-4tw!jm z)O_Y@VI8C2W?rXu&P+?va7+`BZ23d0;M16~7t7{(xGr+gu?IJmJ-c2(jpykD>h;@q zoPFxiGqszFz*^VB>b5;fPC)-6o!Qjta#u|YNN8(6d#NDa`ZOYS#IMrE?#72|jMC)> zub!b;%Zl(po`qH%nDnIR{pnBQH11ZTy~SAtX(VV<$G_;u^^h4W?S_beR4?Q(Q?R|m zwN*auM>i;`*%l3AADO<8O^!}z)Igf${>oEdf$G)$SX~&x&*>$nuu|6I{AOHTcwO_O zm72VDj*3y{F~932{MAH3$3c0c5pkl6b~T0xySp{G##&XRCpj5g)GF?{;W0fU zIej3})0pfnd%vWVbf3{Nyw9>`O(zra#A}?saxtDRnPEDSi7D+DtFiezS$usmrJ1V4 zjAtsqq3$#%B1xJyPM&)Ye7yJu)f61H&*V;R1NvIaIIBgi4jrOBEilj7_7v{A*dp*< z2kP|EW!8uO$86B$DfdCy$p+Y9FDY6^&b&}yu>l}=Br_01m;u>8Qyq4nd?L*%E_#9Y z?mi*Lhd{E-mjN`4h{TFXL!-bxs%jOTFQ*{|Z;QM{ZpnB=rhOd6t|d?iOk+1up}NAl zYCcC^FX*H$KByn8-VG7B{$3`k+Vw<2nb0&X@4#4;>n^ZXxahj)J!`$pZK}W_VY%2d zZ$9X9aEnR=nlSQ-Veje*Y}`J$ZD(+Tp3r8~>&v@5nM&E-#i8l$u}rColm+peg6XMj z;m7?B;wEP8{1>W&OBwnzFj-@c(s#|J6m;=C(j8g7!A>oV_u1^bq1Z>J6mg3`oQF+| zn?$ba^9#1Q6vtt-k~ymt8TtAsUCUGT-PZ?I=>=kZw`u~etqY8fRL*_pX|@=Oh|OY@ zEtwCR6WRJXbXE9O%SzP?O&Lc=HiUzj@+99u#2i0!rfB9vn~3!r;+OC)42@~fLZhb^ zCixB4_eaZzK~$og>3;CIwam?Y#=+|TgJhFI1oj;TQ>#^M>ZwOU^y&V^f?JNH@8uO* z7y3;EA%il%SYAW%9b$eoAO%D_`}ex2=Z z-u5-r%#U=wJUs1o>cMvE{;hUXW=Fgk9?+r!pX?;F@JvJ_pDeiwp_CwhN;hU*-wF}4olPS)40GO7YYZEq{4FAU#h27 z*I&AP5rfpcHe10bF=1RCYuLEG>upl`rQMK>CXhf7bTK64akp4?4i&^ozuHgLD`c~9 zu$&c~OmsAiZ!n7k&%)I792+9pZ;T0pHT9irUU;Za4#XAuvJoIkF)t>nRA6IVS)7Kd z2J`NzDj8<8J2B}ZYU_&7fERTQa);gc7OHL4G^P9wmAo?T5YD$}#!1-4CDlDDt~wYV zCttj0l%2=CS0!ce0ucjBB`wv8p*N^^B=Dfe#b09P#m9&E@yG3?^a)=BJ)#$yE%FQY z@gF~kU*gSnF=FjPHBIJTifNBBK-jMW3k4Qjg_CA_4RP_y3L_G|hNh-0nIINFS2!2m zGN0acTsK^gX^f2>Y4A$v#Ini&kh@&EYWo_-^;w0i18(Rlis>rlpMw<>@uUTIqUE;_ zknT-Aya7z3l!*_?_5{AA9eJ?)-s;gjmT6wz0g*Y`$3?XUV=jvQ00^1!=lOi>TcdSr zgfG%p(y&S`Rng>#?gXl3eJ}~wkmM>Lqnq|9Z%HCWciE zXIR9PmluSHVtnchPI~r_aWTqExWSTI$R6%}@hZ7RMuXOgE|1U@O)aMSL`z0UaPS`+zOZ+CS{SylkKg)8?G z!F2WEo*rDbQ{!}R=3H#K?9^vFsgad`eLX%`fC{Yff#0Qy|i zW!$xuR1?jAaPXvf=YCCL41ZbP@|YHOb5qpbjr>PEcZ~&zn~)L)7%)iRt1XzaUeloh zGa9eN$M6*qm9I4>S3X!7X*9oxT`{p1|J6G@>)~+q=yzM*a*Lc!zX$T!y({ZjJ@hvD z_>Iy6!(F|FUjexI;#(>=UIsv106)k~Dgs)X9yIJc6o0bNNh7A~+67eo+_K5gYAW{I zYJIt49~sSlL{vb6!w`?l7R~$O$u*LpJ+;5? z7W?qfn6dk^E-<84NX_Zg^>18*nJ>g`cJGYZBgEp6eM4^-A0At$*NE206)Q6?{)iV^ zuXtI~)W=%$OQr|5kn7jzot~pzM@jR=;Xwa=yDO{(wMfq*?58)Tb_$kT8EXg{lb$eu zB~GUOlPvl#+=2ZP@%s@yX554b_$194YTT)l_aIfd$#iCx`_7i7%2L-(kg`xnUu)8=Q zw9~Gy1bE5_=X2(QBOmwp;N~^2?RHO4iQ1)R4PgNv_}jKMTk{Cxk7yIu_g7eiCp`S9 zO$sGz2F4cLH1+ci1T!~&cbed;T0AVV)wEI>mI#rYUBbN%-7QOM7jrh)=tKg48QG}A zu5-L#euezr9y}iyzDq1{jIa92K~{vRnltTe_3(fkR@ZM}1`UmW2b8`|FH(6!wWFLR zD%U&xoMJV}cb5b$ddHhue_!U9-k)Y+-5B@vA^PwSxV zqY{n%t+mIkt*m}~$_beqE8Snm*M#7YUdx(oOkn5sY|da3nBekBHxuz($==|CJoToN zN5``l=T$YZ4oXVV)h&A{-O3`dL_wZZG@$=uX=?55Rx##^E_h<9Nv`$!-Q>XzMzGAp zcq}dM)n^KZTUA18<-6a+pD@_Vr5so_CiS9&d40whv+v={60L6(XK|Z)kFGf*9ym4B z%k>y2v>Q%u3NALN4gIv0qYIXMp+oa`E{W-i|8}4FA0qyuXjH}P^eZ=bZ9xi@pT%cC zc@fEQttDR^2(MVtos}FcZKO*VV3y!ov8I-K3Tn%}KHmMHih_yJl8w+~y*;PsY9d-S4yR%?Q0-Xh#5{W*00rG6gKa5#+ z-NN&888hBLjG5=ijWc&ZP9Tc@kaAvMGKHU>!^mh<{-F+g)UD5Y1j64wWpMnV4sSa3 zU;i)W|DO_<01?-fLPVJ=^(^<-(5O1=n7#FxnnLA712{YLU(2`udh+jduiw1Ut~3B8 z6R2cDElcbM5rG=DER#Dqu%>5VSUKJvKu*}@fe4qZj76C1qoW4oj-C^4>aPmqhMrC2 z$j6g6s#KDalA@q4S>kUXe(TesI&Ln8k0}#S400NH*M$ZuIa(G8Eddj-{gw8`x$J9M zXG=9dnsn;&(jIma^D$0v>(?8>>K|7ahzEUSR0XloS%=S2@ltH$nP;+8`4`9=<-G|~ zXz^~P&PUuKu<3;alR|)*&ump7h*#c+SJG^%fQm&$857h;|aF<90hrWO43YTyB%=C#}YXfuHl9P_g{I zQ1OpP+cgU#@&>XOj7+pC2K1QbmSdx0fFL%>j~v_+Cusn2f92MlL`~5mm$DChr80$l z=#h`q@RpgrKpX5LL)h9?RJiEht@n>D*ozQD*uoOx<<*dcSm2PQag!7rhhi-aNssln4zX_n18S=IyyZv^G$L^Ki zjZr@7UI#EE%PbhT9_2k0qyJkS@Q=&U(j;{RUhJ9Ya$Bil z@{n<5A;v%l@n(#JfRf;E`s|3Ap?NE6>?&4dKzef0ljqss?

?`X)3*IY%+%-GcqgE zjw2;0s~cvF`D>;wNnsFOHjJM+f!}?ET))zp=%6jb%EY8E5ie zP>%W&!GQ>9ASNdTl};a^+vJ7fcIYsh8L>FQ#kNlAUMV27G1OEyt<=AMn429E9+_*n zw3jP7x>kTU7y_WyJ>_AEI(8~=`s;rA09unTT?tFL^W^H8VUOB8U&%|JTg1)vmij2a z;JA)^q}Aku2LwiDzc11!aV@~o>|1zV~?b5|D!E(?SG!AW9i|c-roj>5WHcXg5*tj0l`O`<> z%FI54O$}RqB6Mx^MDeNPSXZB40+JLaQ#fO0QnVm|!o0e0F?kAF9i)16w)58l5Q{Q| z(GXsn!0IEMCG9JrtenV3eJStar0IRQOV;@G-bTi-YtUgJarefL4H6Td)q>l5^sRSk zZ%%ltL(l8oQHVGN8b>@gw%^t?Xz93eEufYs1Xrvwq21P z+$!h&wRb;w)#x|Z{?vT9?_{sg&}Rm9x;AJuLDB|CE-$8N`M}AUej@sGlXIma&$BtTr;6-hv zLw}~85>8M48Q}w8U!4=82rW@e*9k3o5$SqS|Nh;-pv^1SZV|E8Tb}8d|2XUXOQhuT z$Xi_c=N?)l3Aua>ztO*1{r~RZ%M>mU4~o84(LY<;2>ZEB_`q$d@&7M|{}E!)2qKay z2=FTQmK7hpc>bX>6@PM|mA4p#rMb2)2X=kV-Ya3AC-T%eM@!^^^ktBH?p9W65La|X zN5KA4?#C%sX&*xGmybkgPNsNbO)V|yIbSApTUz8B5DyA&9OFH#y*pp?aYX+5WtBph zEd;^^kbG@EJJd{m7A#THr}NIl(!H# zPjw2_b8$XhN8`+14PMoeInQA*waUj|%I}OA_yZM>_OOXpqy~oFRwn@YA1_)2%?BX1 zcRS)jImlTHKGU7&2R+FD_(A`6yY8{VAj2&Dv2i4e!V)=6?wL4^U}Et~`AWotb})%v zHNwb-3f)t}2qGB82_ZE4zCo=FoU#bsAb-paalsbP*`vS?2e#wqx>2Tl`FN6iH5&H4 zVVAoiiH6Kn50wG^4HE;LoG}n#H$QNnBU13&mST5#{wyD>Y@o=B-1Rdt&L2-C!V=Cz zA)l6->d@XxxU6B`yVYjLZxn=Sq9+M7I$3mSlKyxpt!<(vkw5{ey7ZqsiL(d=5N^7x zbeH*W4qNTd!>%Q(sj2Z%KNfcyfBtRJceqr0*zHQNs}bYnmNP*H!QWQ!X;~BcwJmRv zw;aU@ao9da+#FKR{A@%dwRI_yB(GBX`D)BLj#NY@oQYZiUF_q10Qhnp=RFK{z^_zui`_0IXKktpx%k{wI+_;kLj&3H_`d1U}Iu77%b5Aj%c z;N-AID!4H@dw~Asz5mRf|Lea9x&4T@+nH%QN}^%qrMbTOr=j{xopQfKKI%`iWN%B7S6HrfUIjwL zHGJe+nCnzzHtRX-gvpB#y#J8iy>sJ-gbm>XrO%(8f8Ilc2&AlAaQVVH<}#a1h+%mT zZ=apT{87Uvbc86V9`*2?1&G3R8Ez2)dm{DzeE3XxTu~=PViEeDbKQrAaTw7K51r11 za~AlYBZynRmL>!C^U3EThFk8c#C4bkPmS_dxM26dz(C*{8}PjIXMzy%NHFbgczT{K z_%L}ip{u)EI>_YgG?0L?Ap}&ZB-@f&r>XNe`3hP zi*S{s8)gLDWx@#^ec<#3gsAV&kt%bU95?T5>3^h&{eXIS`JAUG013VPRKm?f-fJUj zgyO`{x~5$&^&$<{wgL|21b>^w{nhG)&CU4al#zc=YyDLcWhvKL1iv05PBSY1;3f-K zbc#TbUy6CauDT|0tvL;R!fyQbJU1IA&p}_7a&u5UOKePbhP|=~>LMdXkV7jT6sNzC zcL6xr$1(P?%lLn@gPVih{F~c^L&PE5PUeA4K88@Y(D!=`*8^7$E!M``BVx`QbRpza zO1xTX7nTZ5njGUvv)Z;=r*L)F%Ddmju|2r^lZB=Yd+fO2#cHLV9*1+!VN{heAwB(u z`boR20{Rn+N6l z;ok^GLoeUJRzAk>&cv|G)Im;V#8W|1vcLDs{ww^-&oL5Ad8cGmQ_sM_KtZ4&VB2!y zXJ;{vkaxE)x)%T5cmage-23>J`&?b72IMPU96UW(RQ9wuufR@F#CI1nod|L~d*As6 z1n_~Rl|__+ku!s*LZq#Mc4je5VTb_G{(8}f`=`q>&mPJ z&n8%A-!iy2V~DX`x}0c_x)0#YTJfxAWyF8$WI5 z$_9abu_i*fOTS{NU%YW4&v9M_uA&hz-}Pyb<|Dk`(f)cGBAuz@Lsr)06}SrfnW(~k zgZK{xi5LO_#6^>58x*;T%rpgM{f0z}s7iBdhp5lix3X@+EMHl7gd*}Bod}QSCxD0B ziEO|#876`ruhbFnNuZ2`_jxrR`>%iC#n#f0-`RVR&u62`PR+WKJJW!;WR_l11O@Gm zwc-i2NO1?Zd$g zMF^#?xoc%(*I86lT)Ynl+qJs{oBYG1d{(dcFh`whJAbnNi-SC3Ba&QPfpqGb&j=%G z%&oWV&IKS>^lt@vORQ9LoByaXHccVxVz&!QA#3>e-CqATynjhQ-<)dHkth(kCR8bN zXolFXoa$FPM`%Rh(R^B!7nTNmSM~bGvD!XzGfip$Pv}#$((QAfxs#CqHoQkl)W=!? z^(XHkD$HUbMFd+3H2DKyl(S$glNt0H_yyY2oG#m@+Y_S4GtEL zCtQc;v%EuHgR4rc--Q{@e4vu+U6WgK)$s2vTmRum2W%>p-#*2~5>mkG_-ZZgbGOGz zF{(<0Ba9G6wA=Za6Z$m+Er$9x35*p};PTVJqjkPQmy&a{vixw$KVi_#`jS9*}_~s3|^T)RAp{+rqy%sl=o4vcJ`lp@VkKgFBb;|0J%UNyKMixZ>)Yg z@gC&nx=``}Tx@E@q9>7LWP zmY~F%3aO2@Q_kOyzotY2h?3k@?uL`7ybHVaii!TFgMe@>{x;~uTX1h#Z?e^7(xE#o zQNsyXl2a!9yPP^4D%rgu6cokCgu!wNd5s!ON4F;_mOr zY_F|}RvNp!7NkiKXkTutd!K)Ny7nmb$Q z`uETpN|*yB#02C2{#gIi(7_nu76$qKpXrSv=jhjiOB-#&D+Og_YrPJ;~4?fW9 z8$ViFg}_rQ%yU2Gvwk<~UTvHdlZTvZlm3XzWg|@4rB1H~I+d~^{aYB_A1Aiymv)y# ztEh8nC6EvQ2BV;2#F*V_02#gYc0pH;WdT zIK%d`Z4v>z13IZmF#8&wzgz z)ho0a>*l93GdK?M!z?D8xlN7?2C;C%rMPWr2Bv}sZ^|=e`OFFuFh0lK%P8SM{C=q3 z*f-s3;`lG62l8*`d?u%iGatxy`XsRa-Rpm1CVAEQ5wg>|T%X~&m*wOWI;~A7pXmKk z!vY|sOHr*MhKZ@0H>ul=Y?Tg5mkfO3w)Q^vaDilbi9$U$v#4tyl9KxUt$h+ew*Fp8{64kfs7P~ff&ojlBZ(&who^ztp#_OEH253*vX9}vJhagqSl zgRt9=WGIP_!-tvp^FL9C`;sjPm&4mNS2X#Z)xHtI$ApJK5m4SnIt?M$bbadb^!ccK25_luBwp z)1zC@=;%3yK z8rAi*htFf$2FcSf5|{@E?5hGF%u!vY)>Bt$oi;zLZ#@;_Go5*`UpWcf-;lg}*NBSo zC5D|n$S6@3t~XMOp1pSxvZmxRof+z(FL#Eo2J&gm6!lyZb~=37BsYbwBAts)KOwny zw^qC6#5HL;*el5#Xr0B&L@Z)$-Z=i7O+?K$-FOJ0mQrZn$6{+W5k`bX1q>#mE9l*v z_4*e$svqdH4#uNX4&5- zFuE#K481IRS6i)hGd>k~v{){HJ6XHaH4T5V?E9sXf)B8`2~BZ8BM$tRz8~!_0R^z* z&Y~A~*0;e;zeCVDH(uI4%_0)vS4)(wZ%n#5fXx#6-UsmjO;AEyHFFqB!Fh`-Ap!z| zL%jnn`LEje4K=>B@dQ0Ng6dh6%{1F6v8PsZ=K-GylrHi}&$-}7s3Ze{^9-`5&r&OO zN)4b-EG@h7er)XTiXfNtpR#Ul z#ou$OMkukuMfz#I%A-7!Nl$b#3CQoeYc<5{LPk86w|e$4LH%$bWVxv+k1W?d)jJ~;X@|dZ*y>~h%8~>ZS>Ux zl>zbKT7}qty*=Ym`=wa&35pu$>QyO4!GkaI=d0Jh|ep?Hn}Jot_Ncn1HfbBYAx_tkyO> zeFRF;W>Y2%(zhHu=k_ zgJbCVPq&HZ9f1qA&{ZD2pBfE%kpc9q2oVXe4aRpNlTEc@aR!8NQxRe9)mOkgWY`Oi z$;v=CFGb%PyS_Tq1!5CH>S>kOCboiYRZU_g{SACMsk+CXR*nxF?%FmiSO;zCy~NqD zQdX%beB;EsI!%2yv9Pw)P|o61M$!0M*C<6zey?Zm$I!ETjkSF6NjjvuXVr1JPfWpU zEvSSx0i@Iv%A@^@b%JTcx7W-?%I_bJ(E~gQ?}wmkP};Ni`t6piS?%mYp!| zwr8&#*UZhz?8HP~Zr{d-AG1085MBl!0mebl_WpY;Voy(Vhs($;JhBFtzkhYU%|0PW zr+N65{5U^r9)rxt7u4G>iNAl__T9ry13ot_gMdn}E3?^{l)zEGX`T3^l7JE;KXJs= z<2mR&uAhdvCetUnFHHhZRU&|_xU}crWYBV)mCDKdJp5}$;tCn4m#5LftrI1qY?(k!eN8DNn7DDIuGk*MrytUejmbfG6L+4os6 zShZK2>?Zeqh-4>jPoMJifDUvd^NcFbbadI15$j}%bLj0srnm_?ud9zb9 zji<~3Kbt5Nnj}SjYmZR$nfcf@9CqR2&K`<(XE^~~?X`MF+Goyr{yVdhO@NW-a`gXr>%ygWUrSW>yXF?yD|p1=e|4O#`;68=MyK zxHN>jnBz1iA*B(x5}N|>fT6jN*BxOIIjc+*HYeCb@MoYIW`P)Z3g8ng*WUQj5E!6a zYUb=@S<-To*{=O zhl-s62&qUqK0sE1^MlRU7N7l9r86F*yIwvR6ArV_GBC-8dWAd8sE*dmkIic1C)Dwp+QUnFoEebR?U0Rn zbN@muO~imZjjtH$Flb0wvLw-ZXONa%|KnUt?yWJ_K(zsUU|hfw8gC*|0I8nTxxDwx zY|{}W_@MVK|FgE2sqT(SB|Ae>AhF&AeibL?2oUV>qV$oZ_JbF;uI`Lg&N*Muq_zR? zy#RFo-Z)3P6)atgr3Yoy(5pF*elb;qc(aPOl(kQ2iVY&X2Jd~?7@odiaQw~ z4TObp-O`_+dj(#BJu>{6p=2W`GYMWg@bn(6KPspm!>U@WCbASPdqLboFc(G8LS925 z?(Vf*T#1H1r|%$d9&NNsHq?99?hJBX@J1EwwVgEa)(SU>37VVFb%+xE=#`?5^+-juoY zK4-P`E2C8xax6@L8y)@di2neEyau2oN~UOe>7~3{hpq3>JK&fcY()~EApjXAIQW!6 zzgl^9l@Vu5uR4I#1mB}cfZcr(G5zC;utbj(5A5B3B>Ii5#%@jCaIY=v9ItS6h4oVt z{I7io{6}QDg|YJ;x9!?aKI4psD#l#jUB3&@g#tMBMJvjAhbD#aqjj&lSB+Jw)%KiA zH6(@PY&sU1iUp0TioQUPJii~OyElR6o;4~xm8R6!b6&3mPVAN-T(QmO<2i(jK@2kC zDw$ae47t)&rVIEjAH*~x(r@)4(lZy1AJ3u}{>*O;~K2wc4`Y*I2n2DHJ*A8 z8OxZKu|M9&f4I4`?LsR97Jf&i-t-h^A=4?UGvUY0vo5gh-hq2gI?>KzUdnhf7TNDh z6{|na$Ts$?i4o}}=~9z}k7wuEinnm+%1qO*{SqK!FcEs>g3ht(=oU0`x&LDKBSjox z^0LULZD5FM(u^r{e}lGfbu})9H3#t$&BAxpKf^{r&!R}6D*^HG@rVV?W;W#{rF8e* zgFI`T_#OM-P0fUhfw$uBUQod(n$XBuL?Y{SO zoXtR!^GB}Lb0@5r-}Tjt4J!<3u%0Ox^*1d*gwh2EH{vzJG6F# z{j7>ru(IW+hDV2oq%+H|`+>OMFgA>N6kl@xw{Jscgx8uz=>YxVtr|YQu`ZTnj}>vX z?6OVXUWF?rmkI`Jdy7iV8kNu)sqZ92stRYDsHnAmXOd^j0!lTveC^$aLi7!h_dfFv zJowL|iqkNe;91nut(K!TL{ESJ-aS&`eAynt9okU`?i;H`ROBlj8>`N-vlBc&(d!Xp zF)OKAb`s{(Xx+fG2>L;@3*%vH)i>tPEX4mQ>B8^I6QMb|D9=DL|19=+8-@|V5mw3P z)zq&neIUBvotA#@pSMt+;a&)vAYNLF)n@xUj{Rp*IbV&KjW(Z*hNbL-_G zXS5^XCCB}V&1V_OKLY+ixO_f$_d7{ZbuU{RhmBb+eHPj3KiHY|(Pltt+KnvtoHe+0 zwN>+n19@cZLd7T}X_#BRn zo+>L>)Nd78r*3}=zmV__)zb0qwsw6@5_ct|R%QH=m$jwNpxSesVYQ(uZNs98l%R?4TC1c5hW+{J?_(*I|J!7*vQb z?XIkJ0&i)$RTk~MyVm!Rr60RgM~8nHJdN&>65e=b@8}#R;Dv;40Jgh2J=mOm1lhJGsdXNnv5#7cXAO zU6l*+JO-cBw`<5yE1Vxg&0NCl);#o{8)Z7gD3dCBLMmq*xwo7lb^J@P0R5g_ozMrlu4XF6A!ea_V2@2L*4tj3`;h>>gwD&3rri zgKa0MLlF&c&q%rm$~r*x<5u8Qqeng8^@9!_7B-6f(h^Ob$H(^Fn1sni3ENFnMxSV@ zlMtWG%V*%Z_6V`JZ1*k0Dpx=M-b|PnslFJ}Y>f=wOR*6@J`lSva;9j5m2QcN84&0_ zxgm>0{`LpnOYeLmATR38YztR@m-}`Low%>)#jmb9>~Bn@-V_sA`1LX5Xre!OFG@5I zzjx{W{j*nn{;B`fUJ5SwhF-`S!w85x^~@ zm{po;7xCy=g+uwWp|^JtFQ2BAt%`{&n_8N_~q1mEhIdSlZ+R z61JS?W_h1Y*Ot?7u4C!O8}FC>mep={>g`NBy2yBFypJeMmT@TI(tO<<%#nRgUt}Kr z#xo+|G)Z@m9G`FVojV=7ezd3TQITN&UJu2gwupRLh#IkLvs)Jmn-I!)G~*r?#z?`@ky0 zRkwv%FL)cD0C4yjL>KrSEOkdec4$tf*{Rl!P)mjDB!yc-4WBD4cm=o z*Mq#Lp7Hbt6ybxC1FpPS`Fxjt6*Y1~l2;A-G|`Ewb&a4g5Cxkek89mec!S)VC1$j@ zL*>vl#;ya&%~o19xe?yq^c$hEy?2kyy z)Fa=3(5W8>f@#H;>*S*;SntSzpM`VuHg;uMJBP!{Pka|qevbY|cJlyRSxvRKD^*0@ zXUC*Z-J~*X^0e_jS!*cj>>ug3(f8Dcrmv8*0V7i%bjt4}i|GH{X@Ge-^yiKU9Sj}^(x^ksPiG%PJY zKkHKdv9}U9W&g~yx1MP?r|PGN^E#JTymX3K^lo0zTlI@)#tr}SFl9S=adC0X=S6)( z(NXJe4bwkMW`qSKyaWQ{#i|e4mAj*reOc~zYvwui*Nm|nE>@y6J}ew2(FmRVl~nx) zxAZBGM21Nokd7rq)b!XL^>P+VO#DtD)vT zItbr&pV6k@cgcb^ZY`_TI2}zX2A)FJmjRk5&k+p#Bfk?;1FBI)ZY}rFdyvqPM>FEO zoz~HZQ%1}8&yI(t=AY&+fLlx_3OW;z^Fn>b>-0B%pdjI%Yd%di@82`ANvhBWcajVW z2@HvCU+MUkBxn|0xSBMEau^Rg*~p?w8ReVl5Zq6Hb*A)h4XP1832h<4#P#Jq0vhG9 zRtB(sPT@0N4dfYq|A7&e`iSxH#&4#IwkS#+M#tX}9s{4sres*Dh0AXj_~NhJRZ017qF|yiu<9JbK6UU{&ey&h#bVR>%^LR$)_Au zwPx?V2GC7UG)ZyBz8Sr!ZO&4{_)=~0kF(wAr!-RXeBj|)K;wFW3T&nQF0E)F6eR*S z7!zFp70%~iFrri0sJ#gfo(Lk8;)=*wd0SYRAq9!QzT48<8S>Ai13qu(-Adw-Ws#eK zzZ1I_yjrG1>gTu19MpDNCAU6(r%3QT4nG5)5!}cL_ovJDr-)MX2Or<5>^lrBT*mSW z8tzUoJ&mv1&QTOOY&{(h?XMcjuYHl3{l4JfM$M97&Y8MP6mEXyR@fS;UZ(Ta*Rfgo z#tZYUU3TB~gQJhG?ww=s7Nkb6IxW`u=g#Y!!x<4EXrdcY+L=cE2af265uyGEtZ?hT zukQ#ZaayTkk!(8YWJL*PWv~7bzfY%+8MK4y$aZwBtTl-VI7wL)!uhTHMOnn1_Y&S1f{5SWeW%b zDm}Ca3ev0eA{zlA0i;6&0xGgm2`ZgXLhnK8Er113dXIE4(!2D8@-6n>W8ZU*$vI=( z`{#~t9Daplt-0o!^PTf;&-2bUcgru0qVLx`hew53@no=qyurbYw0`oznBrpG6rb9_ z=qPN^OR?x9t6J?R+r@WeAGsTO{7A!@n~!+{>jut1cm%I_KJBrZ%9r!iu~TjF&JwgI zyF&y(0R6oQ7q78xAQgOtD*c z#Xcq1RRu5mB6^Rj1Fz+6M`PLyC`r4wOprzaDtR^tZZJjvw-4uWXn`E-)#24vBtxo8 z;K*t6letRocQrUj$v49lC8r4tYq5FLv#ts*67lFi>?{z)#5q7Lu?1`5L+8l03ZgXT z1)U`6RQ)k(a1}r~NgFvalY5!q3*75NsdJqM)ZopWjPo0Enuzyhl0Q7Xt7CBlL9M3r5}+H@C?MC}5sx zpiNH9Ek-rZr_`3Ro;|yy`~vyBzwknzgo|^{;l2-2Q5ZZ4ZaGax{(^}t>a=yE+ z;4<{$+j*IRLA zHRc%22z?qdQwV8N9j*Str%YFd=Ge+DGM>w^y{&ev6ZkPsK%$TxNDjOVvVC5OO(g+BRj3;!L5W1$4I&@8Rx zhMhir{u%@q5pJlb*L_(;N=j-$&p%Yuvg+X%+0%b(^?#L_-Fisz$!;@godFk5NALX2 zKe2@q^Zq*IZ^0bj^7{2uz6{*50f8^le9B$5N?$TNM0T^;H*B<{@G|{+Pg`A6-_I{z zQz)qYK`06@-IcNeo*4~)NfW1lXj%453Nx~Jq$=mL(vu+WXw~wSyrr*A5lP)`vtJ+= z6MrpRC6q%v+skkC*&yFDMi*aKm~veZF-&@dYh#v?f`Xz1YG2A$p)_INOwuwAo~24e zq3k_x+kBNDZ0r0myK>1dKY7Kvvba_4_U(j(iSj^if6NQgCW0cro|)MdlrZ7L%sbHV zxs!_#fiEK?arJ@3fSGgjZW5Wg|2pD-jO*q(3OV9lW5|h;>U1#}Rd--O+_!JvSeThJ z>gwc6x3?~|cyI=eUKWic{ZwoIdrxMW1$5@3bQRsdhfA4khIZINA;b^&u;r1!_eQsG zhaQ)$TUc-&5{nXpUA}y|zFV6>l0F{{Bv2$%mrFQ+>U1&1PrKO0>?k%74J99D-F~w< z-5BH)F#n=2&e)QJv;q!L0j73yUv9=5{O!o!Gh(GK5P6C3l94B&Y_Pu48sWM6Sf{OF zf0!dV1y4oRnsB25+yrh`>GZxc$5riGkO)j)xue%MEO}|REoQas;=d8cm&ZjSe_0KI}-$Tn{ zs|+y?Zi$Dl93pDeH3dYM+g!c&hN-#%-U2Vlg%Nk|>z|om3EK};P0h{DlZ_#9#odve zDM|=yAS*2-D(dre16b~xyK^qP`-f?a^5Yn3$p=roXU_*-eCj}Z+AUXLVGslo1gqb= zX++rWK1XW4Q(0v^zW>e_kaFGb*)v8So!x+*_+ik{#}3s%(q)gKyyMrNJIQV&45gsHpiyk}k~Y zW!Q+>llPkIb{$+uZCd{E>)?xyBf!HwIN}ypCeh~*DDOQUna@kJn42SJ-SX&nP~&>* z=b&NSD(?ZgfOH*DEn`^I?UylfA{zkIX8gZzVQ!XkDUh2Vo6xv_j*@AbUJ(#QSkA2cYSGJ#pySwW@Lai(? zT9nfuWl?Z6O&nhHx3Icm#Hc{z%R0q2N7TjiesfGUhQ|~A5hJ=iIL831zDp-784B}E z8!UGUrOLUhU0RQFvOa#?v_7;Rrr0`|Bqtylf^0X4sdBWtQdJM>}XpQ-r48=qsj;G&9!PoxE>e zi@JK+2C)5mca2X8@wsSO6c@C`*zntb(%gIGY#x~!_u*N*N5<$djownOt;X+>1M?*Z z!&b({lih=~YY`pJdT4%aUE^D|vg;i}9V0nwW#P{mTwQ9a4TwHCAz6{MB1SGQ&tysb zh-JPxg9N@b0=3?sZ1OPRF@KAi27^HKk!_v^6vfIdtyS56UU)XkQv2)mnr1e1)nZEp z`_Rnje!Ch@MyD3%4lk=pR=j7)cQ#tS9X!%ux+7%A~I@A^K89lt) zsk-@wCC76s5$iQKQmxYC2l4#I28PK8eXtz5%_UECUnAjif~%!M1lEjC?6IXF;Wh&h#x9$M-Kf3Ju4*+;DM9lI=4synD(= zQ1ElM4FlNSIS{IT6trOqI_N+I^xGLI5%)YI%cr*(2L2=8Y)>NvI{1BRc58PPIai+3 zBA6zbHMTXVqkvh5i%mY|Mil5oYD*&cBoZJ)`{_4iiz=bJ8E*z~I6VhS6?NlToWEt6XQt(olag<8i*5@t_R(VnL9sZMfULUQ;>a#5oeguc6 zYU(M5=`07>7W_AOl}@UZssrbcbOerZRb9%qqEF0xivJGAg-&1j8Oyg^&v#*3RaP0& zajQ7ZcaCL;BZd}_%nFhwmixZ*yfjf=6!T-SKehFF#@5`8a;}$w7%lD;pYmBEqQ>}>WOBySVAYruS0m*mEoQZ&A$`}a*Iecglu+IN zTaF^0S#BIs8ep43U!=xHOTsXNT3Jo|$-x6CAP!vM2d@CC5JQ1#wuaB4VlhhT7o1+_j~V3m@dvwBTR5Ebm~65^A(7=3Y}d4gY$^g> zj6Zjl=Qr5Zu-Ujda^r+&tGP7HuN8S;odIM`0zcrp`LR-Cs~5Y1e`VLah225=O4Rhf zBnnK7q)A4dEo*p7POc_pXI|srtR}@V00ybV)s~WY< zPhKN(q>ivLp})V1Ws#S;cIS+1Ux{5`w)dB=B1xa0Ew~V2`lKuRX$kj}yrB-W_FXK3 zIiEfW>WcKn>oH59uEEuxi=$nQ^hU2L_&B0d_O?7+;(9)T3^# zUTLMoCDFUcgwINz@zoLh*T(E)Ujr4*@Xu%TcY(e^PeOxlPIJ zVa0V>VRNFQ+|>Ehjd(oPN=a>gybM${Lfobkf8SVupf=ZUReII-bqz%6d4mf(~3^VzcpMvd2JyW0JbZpl5P z6e@e!oTY+l**7w>GUpv)H*HHfTM{ZBM>ym~#FvFdE0pOM9NNY3?RuqZe7&!nl^MOw zyglq(c|T*Cr>MK+TpV<-xP7s5v3-ls|C@k>$Wn{z|H6l0Q81Td@CtVWHvn7J-XwQ)8O)d7-u(r{K+_zYP%bc z*kJlc&RH$%bxG?e6E5d7C@CR;%_9^x42w+jj@crL1GVfqmBRN zW1)2ZhZ1m>T-?9|-y-(unOGFxG<+dk9+%*aYK;jZp2s=XdhX!Zpdb5$%L4E)`>@0d zl|{huJm*cTX3^1u?wy8?AC@-55Sd}UV8-_&R-YM_U_yihDb@rg|D})S4`N5--|V8< zP+2m_cs<}S$?JZZwAmfssF5O9Z@=h(b+I=4VremPNQw79wknd{*lL$fm@ z6gpJs8cNn1%onyYloZ$?Vit$aO22JP>UCWGZqEEm!%n+aa%aZ?7S#c>?+bWqR+2ux zuk$8w)=1mO;_#-!O{Cg4dZ5k@mw{O@8)9fLPP5ei-Z(%)b1}wmxjuTJtFvM zW5&~DmE_Wd`l^T?XSpIX&GvYV62sV@<$vzXJS~oxT9QrgeP&cS4FO|@wlZF8TobQ* zfgFJTkeU4mvRB57&)B|LN9tiWDi-c~q0Ky3A|!8XHFC0LFD+eJUXYNGOuQ`fW~(=D zL|!Oj71PLM&v}heQKBNMBjd~jvCw$O+AYy3fp={0vMh;Q$YurPE6q^#mpu;pGMTI= z>M572TjiMZLnn5h8Mr9I_`k)}?L0Ov{G#8n%$QL2(d9*FuN}SAVvcZ}dd4EldB?6$ zXPC#U3fM?`KGC4qHNr76E8I13t9MNM6rxC5@+SPUUG}pCwCoqme1K1+F_%zuf}yj6 zy1-nBd!K}eJJNW`(oOjgXJiT}cYR-{cz3YJ*Q-rEHRZL^olg$FkJ;HIl=X*m^I0^w zzi1i$5%CQ66~^Y5iptJ{Rsu}482E3hZMc%O&i0cP6lKXQu-KuuBj4rhwst+3>za}M zj25_SK1tWo3hba#p%!h!UC05QXWBgtIdvJQY_9YZ)GQEF9{c%&23cdNj?cHEZZKOO z`C&K_(g{%)8vN9Xg92_T)%C=}lG9+t_+e4-j8CA+Yah9(n(1ubv4()C8$s7hXlGJ6 zC6WaD8I>ON_ZBA}CCH7i3vErcx)8$m+O`?5%%la+Tzs1EwodP}*>b-8npIidoruB0 zqCUn3MVq0bj@0p21=NV^;+pSbfChdgY+^cZ#h=Eot917DxU}ArM0C8Wu#rY&f6+*x(jzqGVA)K8aC-xNQ=E_R(5#vgZ|J>?^)~pX+@T4x zi1PpR__lfZy!~{n#Bd9=e55&E4-CZ{4ttnBhcWn<)R*ZMq?lzn9!`5J5I!qkzI`e$ z{~KE9Nwbi5*`C^Tc4({Jsk`D}V{c^c7x|YDZ)riRta5&wXpv|x6b>Bxu6Hx-9s3!) zjd+$DYF}HMj_Q11=Mr+2fEyBjB5J}-{dHNy>Z2jE`gbVu6<^@+S^SFSb>ov!B_7D&7xAra+3I% zwP~OR=A~Mpc(<5Xc8rqnAnNFa!8fa^QiUlREW!k{I?e)(J(1V*coo}cu6Rc*&~YiN zCFo)88!_`1{!iC?hAb<+U!V}BhXiwnufADHRCP&c|4bIdA81MV~Sv@)^soX*(+gkzri2#7Y`K&G8jf5Fn(!0 z!eJ9P)~(fIOg$sw*nXASR%xHeD8@)I!Yqe+hriE%F?Znk{cCvYVj?Ma;TX&L>x=q< zD#DuuF$G(r6$6-Iv&elL)>SD+!Tpg77&~P0TQ7Umq>Lk;+dc=Cn>jXgN92$gD&*%{ zPW!^bt}%WHPT=S*wl>e2?kX3-pOM?p&l;CDzRBNp#jMm)x5!QOf)<&nR2vpUQ9c++Lv1uYXe7(u^DKPKjN`+ z#%qM8><`+R2=x|i$jZvrEMjVF?uLD^VtRlvd9tT2BD0hZ5Mk~rSY@WYFT}bWf*DS` z(zhxEG7SHmnmc0g+Zpp!NaPww&J$;zq-169RW#m?w$5;B_|i`IOF8t`&P|qYPGXBc zVv>sC!2&n)-aTQpHiqxBwcZ-6x568G&bDrYd*)hR-W>^%f!;GVMO{h6XYp)10x zy)q?kSTi7F&S?)s>wZ8H-Mj$2R&3&^Npv8GY&D=@UwQxzb()UO06>3PvAaVcBN>v* z?T#FZjC9N9W1?2U%0C+~K$O^0g#zUZgeBV)c50r*?c`}DDx zAJ4%xNf#ztGYHYoP`v^aZ9_@B4X)!`xNa82`IPI{*gtVxEU|B63p2E|Oll!shxTi8 zyY*RcY{tBU!%mh}j?)lGvQ-+(&&JERrvsr|ueHgWE)(@*@Ax;%Ybq*jS}+kVabs`A zQy=jKRN!sE?s-pa@vkEfeE7?f_h26#XHBsO^~{h*M6PrMsUcUqeDCAHIGt%AU3w%K z`ozqJ){*%8T%vXCWf{yB>2p7?tv>^Sgh&ADb5xCcN$zNys%#)wkBdgVAeYfNI7Yb~ zjY3t)L3Jz*0VEEzwWEnlf-dCn80&*rktCb$z~q4_HYKNLek1kbz;}?NW5kovPU344 z0kA*r!2#h{LZXK!Y4Q?K+5hMm?34Pa;|`hi6aoc+uYuat)np3r@pdBs$P=*(>ySyN zlZ}!6e!gQv1YQ$n-EVDV6fGnyjLlW^B3E{GuKKTgB0x19>2}R8_1)dC zm!fNJRmmJtvE~Y-8HZ+4q>eT>eL4UW)t!&!4EN0Zp-tbmDv~qrqRO)eZLuQYpnaK} zo00>wWTtmgoq|JtB&lyES!$)QEKLOnY{wO1C*MCAt`DpQlB|K*t6t>9{2|?+X-HaHTI^ZHk;P375EmC$ z)_j7Y#AT7&Cr+L2Ur``#4kk7{cmR9pD$&9daPKve>uB`Mt<_O1ZdTcns0ne~XP>NF zCreN~|SMON|C22SDsAvW2;AAWAXY(vmW0GSzSA3 zOke7uZ;_Je4f0?^X^O~V3I&hdYt*Ms9-Mt1;Qiw(_ME@ZBOIPfUH<&2?Nv z&3Ae7h(jRlhZjem`sKmR3xMUfeb=+b*gutRu8*shRs7fCcM>h176o$C()4rkp)67| z{X47|$ky#{ynKxD6suRhf2(SyqguUkRNjz+KUpy--2fo=IRgd+(q6{3J>J8el~nnl zKbH`sNca6~eF7C#_4b*7Y5_lLwf3QgW*Yy1bGX5x2shW%dHFL$y0ghCiOV)6qFk z>^BC7B;Kc7;1JJwu$lXsP*{hBe$B*JhFjDxcmMapDgxKCFc>{E;~-utdkX-maxKcMsoe&fr-;k7ty|YM z+-i7)*9Dt;d|sFRP{^F@{_(zc@(nYyKJhZ>jx`qRliZoAG||DWPr|YJ(|BpLpn|hN zy6Wdu)pqOpsG1S}ZdicjSKI8pVu?LI-5!7#J?J?%1O3`<%5ZHF;x<~R&7nA+pPgOt zaBp+oJaD(i0RTVei;2`}&PN$?GG6gI*^f~jB9D)_5W-E}{r={AWJtDlVs7{se7Wb2 zBLS!*XXg~LZpX~2>GD#1wcNq%G>6Qolc$e?f6=xMV1#q*$Y)|1q};L7`P&vVr+rJj zy{t}3p-79As> zy!qy4Rg>LO16xSk!oPtS)>6YIP7uC^cf~L%5lZ+txulh)yIMU&8r-Wt;9D-om-GS1 z??UF7yK%y;vSj-%c5Y4|bZ}V1kdMLiv=?f%BzCRXaVa=IbaW=IQ9@`Irfek^Qv#&dgVG2~MW9>md|fhu>$qax#Yop-mOfFAmw>T>1)?Q~|N)*QYe^^9rmC-Jc&T}8z zl39>Q2Z&tpP=9}B(MW|bf+z|s0CgY!4U9r+Iekj9eOGb;E{sD8+E$?}DZ*!^lAgi2 zC4WI)uDD5#WNQ1^WSF4!`!(3dXX0c}>i6Ytf#E6n{`p#lbm@S7^_*E*GPEcf-pLV4 ziu$oYI2mXRa6u8E#mC`}bLYrBdJ+#@pcr&wUXk1d|65u(AsWB@t@F5U!8x8EU%G~d zh7^a~z~qWx?j9GqIG7S8tL+-;ft);cExY?N85wWn0Zg#}wg3UffwH)X_rr$|(J?Vu z6emvR=H;pL1no|hS6#*Z?9cu+n#a{jQ4|XIKQl3K%YVIImV4BItsM%#ME?=APce2! zj3!)^%1Mfn_W9!)?`62_{q3ms&L*uJrODOQqQTH>7^ZZNv(XTmUq78k{H`P+Xob(C zO?GWQul=08mME(pYIrwi@nOm^R(8)BcJ*0UScZ9#YLW4a*RNmi!`a2bV1kn9L_ZY` z6E7qfL_zsaA0Ap$&X%00u`X`e-w#MiO8V57qiYusP=`NCO-_zb%{XIHY~A5|O9{Ry z2%xLM%`z8%ZUguxWQ9#I;FQ;JPtu23Bi9UryiZ$;IQ+M!7hD=qQBl_w6p|y=YtvUp ztD|=0PRf#L1H&dL9~`u^VpRvj|NZE3Xt85^y*iex?Hj z9KZLP@d7*h^U%;xzXO7Io!|N;1HGa%B!&(W4B4S)VTW|Jx9{hSdk(MHm6rCsah5{8 z!(zwi(0vh`uRnMJAkC>4wK*0_gXCWNj9?vA%TSCod&C`ksbP!Z>7>VVr6Pe=I68Y_bxWk1{A~oB`U8Z9( ze{5%G$Jgt=_hY&$km#d1Jy>Mne*qaMW;2r|ot>R+zSFBl&m-@L-uBeI751+Z^G9c} z7xf;10yPYZjCE`GCd`Z2JUu9L9<`Bal_o zW@KE`1PSE#im)RwA=Wn zC;{C|1CJCH6+1u9mf9sTla?np+UT>8oDxnVk%+zQC`ob@dDrfSd{9!}9T*z@^&bV} z?}ZKU{{Vlxqo6|XpO^Yy7e@>828-fGU?dx#bY$RM$&gvP#)1O zF*=-KbRsQ4ppeJZ+^0`FoM@v~>c^AZi6Oy_KPHPC_Uoc=`=nC;J)8ghK~R~ut%Rte zqM{iS5)#sNuynYJ*vAfWehy;)y^84nIQ$a-`Y$A>ooS9EWE1<|=!bu`LEhD@r9GbF XRBvvt)aP{|;7|Rw&Ml1cy~qCp;41_n diff --git a/docs/docsite/rst/common/images/ug-settings-menu-screen.png b/docs/docsite/rst/common/images/ug-settings-menu-screen.png deleted file mode 100644 index 081d0db8b00487edde2ca99fa67c816621954787..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 83534 zcmeFZc{r4B|354xMN%O}wv;uLELp}{cG=0EkbPv&*rJdmvZTnqZ(|?(Oc6qiv1c3m zFbr7+V=TYRec$!*xxZhZKcC}yj_2n%Ff-S=T-W=2pYP@MdY==f`B0IHf`NjBgoH|2 z>Ap4z$!Sp%5>l-*r-4t-n#?+okeqmICoiw5EHBTh>FWH{&e58LgzLRWl)5UZ1#K|$ zqs1#tS<1A_<?Db2sub6L~mAtmxaE*Urwd1W`1BtyyN0cD9i<6)HM#GbHC)6xX%NhzB z3Z@`YXW$;ywbU1?$C0bXoM}bxFhag{-f6Fb{WJ(GyP6U4LOM71QXl62C?R1}`HZf- zf&oq0y_CDi;xfP_g(l3q*#OT=dr3kJk8K;jh`8%MMg`vxJEv#+&9E=+3G>CNE9reM z`-^C4_lB0MCEa8SM$nvYYUp|Hxr{}!$iT3Z6JY$&TEudEFG*Rgc9wg$V|I=kQ8^cw+& z8nn}W%UXIC46J7QvD0=ESP1O@qk7JP2rV0Vk>d|)^Be-H9|ocq>pmacZs-0hsf ztcT-TJaP7L2VK8@IMJVoN$f|Xl z8CzH5`QJxJD||UcTS|FK;x*OlWQNJK3AJ(lyiaoC)CHMi{?wCv zrSd;>{2;7R`lP2sd$2C=4UZq>0&DeG=VK=L*UUXCFD4X>K>UK?$K31TL!1)braJav zSYOB(oxL!sRM7h1>BZw7=7LPByZ@y^yw>kBn+TTeCy>o-8~u{nk%j|26fCO=i;yL{__Ps$dH5#ubxF)#E_DdJMh znxy0LE0UUf_AT?>0oVxaLH0;b?OTKk*w_uBPW-kKzmTfFeRF+e-^Aqk&c?z(wmM_t zU7LrE8I}8cTj;HT&}*)*$2gg38a}F?;60 zhe~tGD)hxf(D(P4iI&nBWR4gor-SeBIIz6B5ESyF=eAyP z!=};gHhfN3<@41i#&w=fJ#K0VLTwmX2`=f?g<*%{%Gr*1;|K=frRwQ-;piV;$E)0% zU>OA&OOsoj!jE<-VMzQ z>~wqeAe76&Zi4oqrXv&Q_1IM1yyFB>BkxUDPxwrE(_NSU>&w8?-nXOdMhVjnWZ z*PFA(lR~2*d8ZcwKi<|vv5-6^BtP_<0It%n5RZHH#0o9<9RUL`Yq^5mKj z@W$4pF`td&HQ01Bf6F8>fLJn!Jf*%?6u(yKFxVwX4BvcI1Vj?mb(xcg}D^3wrU@SsGuG*+KJwN(wrjZ8t6j_ubXj5nx%bNaO^u~pax^gT0V4vvUFH6oe zgUn(LiiYUBFAbr{xxjTe5edRfOp$6l|Gvfuqmb=H)xxg1?`p7qvv%ltrrol+-h22y zoxQbQ4QZ!@lQ%e(PrOG;AB>u-wst0iMyLhw>qzOupz|wmA`}@9TQFiPNt-tF!|U}v zGhwqcr?SaX?#@tNf6s*jHpC{b3cbV3V^K$XPXmOH#V?OZ6i(3`Yv2QY>A%~pP~w-m zzfCbD+q<1p*ApxzRlMf%isfBCV8j@cR0P%#yKAa-a|sTG-s^J%Pv`-JGPIzSIPnd7(3zvvNr=zQ$~HF2L6iHvkbsbeHvINJN|~%xl_ZwWpHn741q`H zQ2mLHVj3V(IexDp3v#sE$w?k@+2XKU90E*!s^18 zlhhj^8Nhknm3I69$^EX=V6r)68L1ZYu9cynJli#_bm9; z5AG|e%#+RFB!wu^m8624PgPjX#P-M-kqsT!zgSY>j&t8{}}-? zaiRC#9~0%*pT7leN#Wf!J7B$$UEDv(k6&G1n%66(7ejL2n5Q_?|7ZyVcAjR*WO_LN z8jVMaYdg2HfI+Rh-3TBxr-?6t{w!pY*!}{Wgl8rKtHQVXDFy1IHntn#X<8Wyr9R%c z%0ac5SMhwtA|pScnrT5v&!@un1+Ha24w>TtHl)VxFVlo?CLuSDcd`^J!1`?fjwvjf zlre2EB&2ZIgj>T>(r)=}E3?m!hakMJ&NIueL1brFEWbywm3~nuGOFCYF@_Cv`EjRp zdrx>_J0nsm;nxu0YdI%(E=Yb9veRzF85!p5<_*E@db689toz8i*|{(DG^cC=n||YK z#Qe8~;Z$!ise|412>v2(i75;N>LFk~VI2YpN!UU9gYYLEw~ja6nioj7HnEE@>Bnl# zC#2}UZ+{_|sE~5(^`ILXGLhF_*a6HoARelurkr?l|DWRl2Y!ovc`-P^N@mw^D!jd7 z!4j}r>IYaj#!bP4DQREti9qtDB(HH`U-8%fk|P3stjK3;Ss#dAq{)NlQl0}Y90xpQ zS<`umTi52K>29DT>2?sNtIb!6D~ zeM_0#YEr!)xC^+={kYSak>(=?glg)9-RVf_T@!}Y6CVzZ1WDu^&BAC+`C-Iq1an-# zTqZ2!r0hO3W0MfP$#z`)&#Dr%fI2y=I zZBIu=cJf^s;M|FghooHd-=36`iLp&7Sq8*e<%R@_`p*7?l_sS-vu;0sJ)`yQ`UxsN z=dN*vT7M;Ph7T&7s9(xh?^KJdT2CC7lbo89It6=k74QLI+M#Yw^&8MH&CT@Y^{7$` z`%%BGF_EV~KB@&$F?j*Y%jr954mA;T+EfOqj{9wyIsg&HqgiSBs7$p_f}aK!Rnt9C zNkXUe$|``UF)<{oc7JElscOtK9G5Nj;Lxen;RlQ@7b{Z7`G(C;(2?m+^#TTR8Z*jT za#5h^SfdyiMBDwDadKt20J5E`U~$%Q9=<;6#(pswq6W;{OnoAYEnA!H)Kp}Ogco$B z8CC6K+52tUFw45*!_S$vm_6af8?&pewo~hdq>&Gh1i!Y}GNza05ZA{gl zK~o?2{<2!=$%1=@%$?EF{&JI3Hf74Oy@CDM?ic93_r97!(UdyE9)Bfe`I2i`o}F^V zR9-!Au*D|D?kr3|F39Pf7b%AR&INbBkWQB{#{o;Jb9wJYS{WPBos(T+I({oe7?Xx0H9V%2wfRQUKdcDypr z*qvCIt|}h88mZ4IE{t*|Ba`YBj%~y0M0N(8iOXQ0K3=G_8o(_#uh+N@9^WRjh~#TT zg`d0Cwd3976t~Q?jOS8b%M8c2sQ^~uJuLFw+v9arQxdpkS|p~+^!PSWutWG`6ZPKZ z_~m+&1KjcyVYJ5K_%=QIz)B2Di3`3vUNKf_0p*bdHvT^-&oHnON+XJjEypXy|5cv< zhm=P};898H^Kr3%ST7P%J8l_dM1`-T)j#O!6tD#|wxxWQ|3T*~0Off9Au>YkcwN=> zJ=ABk4KnHYHc=lA^?9xIz1{J;`lk3$pNUH~ZpXLj(FXL{NJ>QTA9Qu~&=~rrfV}=e z=Zy~axuaDf`yccferOC=$}wHXw^33(G=_ws??T5Lx@LnzW9YXzDt3GuV6~pH^RX~~ zI^NKwZXX&$I5Jt{c!SBxcW4Y}E!lgIH*~b-hsJR0ryJ(@Hknz6#_<1R$|JK-Kf1Gn zUtD*+*LpP0kYS*R<tfC%oO~^$Dii~Y0i@TMh*p8|m*M-37 zo2o|Jyss%=iHArj9~GG92ASNRT#A@-4Fxziy%ccP1*UbL524NQzqLAb>M1hWDN8ke zQ}*3%JrnjSA+N3G2-2s-5;)p-$MrHr*dwlLS-B%_E^vxdGs+_{NYZQ7M|>;@C1_YVFD(_ z8Ndd79YIIqb=n6f$OLsyqn{=^70Lxu07wiIuVGmx4o+N#e?{i&6|CW5{m-$7q=JFD zpRhTyqwUCcmtn1uNjnS9C2u-JO*^`KNI4^8e3jmysOGBlfpsnjKlGV4883nHhMw*;!T@q_c)%fCWb0RQKr{Yr(m?e@K(Vw2?Y;gIkWD4>@U zO7fojG*Ii|-~%k(lY$(Ll;uIYy;V+QT-3IkRr*H%3G!=E+~(rT2@cRwU;zeFoY8(;mEA9`XWQd8=MtTV z0dB*Fib1FZAO;Bb>1qx}O6ROna@OCA^j$HKh04Zz<6r zV&)pULD=VHZWSwy!IXa8th(RQTR*$BTs>rPi~-g(y}+`AVuDNQ;yFu3ky~7vy@iH% z57a?cLYUV)DiqLLX7%^{y$*>azhI~BUz5r{kona2?23@yh=*S&{_LN?>wKvSf(adR zRN%F{vj!k}*;7;(vjpJ`H}ja&YPRGWO9w)M zJy1T3Y2;9D@&a3Nw3$N=#SMi3eq4%)&b@wdm6 z#DD_AWp|}8QflYBZW=}0H8S~%Wq>)x)3KA0(mo2)pwPFK#=q0lP8Obt1?Y((W7Db1 z<9GWu z0~S*pW?82x_gMr$!`lpZ9W{_|3cft02HU>Qz3`>`#z_9DzFe)QzG3BsFwW%fsB*3F z0-(RN=MVn6r6+*(UgxW9R7o(^xFv!S6PiIW)=n+4blW@-wR@Q@Ds}ua zgDcMsJzF8GxXlRo_MqQG(^SLbgb5+DSrq9EaqH%Kc&3vNyAY9jfXcIoJrs! zNoS2P`ff-1ZF#J&^_@YpD&~B{Bdgq%9i4(&TkQ+8RcQb90w6H95gl`n$xDQj@~|~; zsc6v?0eBT@ZjRAq06{7aW?24c?}<|sF)ttv=dKFg82H6Gqu%hP|B6yz1mN6uNJ3zF z^q~wSd3U0*oGSK@bpa;gk+UO}OP1j3($8{rSqi7#k|G{Phiaai_zweH4O`cZ|TA^&_i_)06+j-9(i2|nhHC^3K)&sVn z^cGhX3LrTSf~0hL`tp^VSm<*0p`pyr`apV(jr&pBo5=k>_8Xb2)2*S+YAIMO zb97hSSf&~Cq`z>0qEIj^5+E%6f)(R#ld0))Q#1&r6K!k^n{n-VF-9-bi>ES=}6~ydi`qCdzrsxUJ5P%X3U+Qy3nuaD# z_k)w$uw+GRp3QIQEF1EKbCTwU@6CO*^p!89H}}0W>lAtQE(gpM1OhhyiOX5tLtHQ& zD_J*ZuDthvc43O@k;+2pGGaNTNQ~}WZNsdmIN(0waj8RP9Vx4v*GibM-1$*fL2#vn2U=fPE za;p-#afV6>IX5;`3`?H`7x&p21N?m>|BLqj ztZx1L(XT{H!LlB5zs@jIn+x}gMvyl%lod}n-5!z zB91^2f!TDzh(Ll$EZ4=o_P_DJGn$XfH%GfWygdr^d+rbBpSyq1$7j5dmy;~m@SIwn z-|k8Q5TSHYQ`6xHlU|+&u>i4jYp3mmM;B0`@NFQ=NRyYZQ$8(oK%W7uvhJ8WJK#Cu zgo&TVlqh+?ZLJj>H2Z=j#S7!!@fns`71D>0Ua2+5&u#x|qArpTJ?}4e?nKtWQ;H3f zXJ5$xmK7PnZwmMIMm*&EDx_Qkr9(S`Adv~?@}_hBj1MenLeI7czq))>P2Fj_FO(m0 z?gzcst^ocpi$%pAz5tN7v&$Wd>iamqg$}3!YGt~FVhg)+ zGF{g*m1A~Y&zQWua;K4+rNGHzn;Vx}BTdU%v%A)z9+4-c)(=#TOh(Qg-JTb|Cw+NJ z1(pOT%TkkqL{DFF;!^n@kKTEy?TM2T3z;!b>TLJP^{)3t^GMnK7`bg%#c@IR7c0tt zwRNE`=pvRoJyW@^|E5V%z7VR0hs~l)79lUPAJ%n{M)A(*ogWaFGcx6cA?3v}pWSvZ zXw@e3Xiz+P)dr_Kr)_3c3M@y6{F4-M1?8vx`FiULZkVnJr$M<5X1Y`F<66ki)6^A^ zB?O5dCHQ*OWvG0ND(z>>i_$Xs9w~w1g(FQrS}uPjXQ}9ZtSlR9+cQdUah{4ySO}3E z@~&SDC~#Ww@v#jM7PlX-uaVvW3Uk&|7?xG6aWJQmgb-J~NQW%W6yF|XT~6%_h@HdQ zGpg_he@mZ7DIH-GAsk=M3-lsETPD4u^sCC#KSMS~-H@N=LeI$G4aTFy*lE9=SpXQO zwmu^se{EcedAbIf5v}f-6Tu~sLFXy*XKvViHp72AGfl(}**d>_#;>lBJAT!oi?Yao z`cma`PbLOP`tdX$3I>BY6m?hP?#n;r{^hce72g6$nU_p>At@E?bB<2hX%OGXB>k4< z8vdw4-3gkg4 z@zX$A&RWE4p{+5XoC3?JWoJ$%BXmk%DGi))_Pa2l`W>~hH5i{fVDhp}n+w5vMec9% z_(pnj4w-_GTFstu=x4Aetj+rW7@qN=8@+65K0T#hYzDGOWrbLK1;8=EkUKLRc8@sm zLEYcRy_x8}1_}+~bRS8X^LhXuu&b%t1|54yxL0Li3Idu*C&jDcY!so0G}iH+*h8>RBB%w$i!Ph#YIJ)uyxn13-A5)}Xtr|`+x&0g2^H1n9Gm-r(Cu|`Rg z*5p}sBgF!i#3+vhRcA8azku)`hDxQ^wy^!-Uli0{k{$Jz2mml^Jb3$^?P#Z&av2~8 z-n;f9fm(hYJ8Sh0?%PF?BYza+F*$Q#^g9_t=-)D22&L_QM0uAuZ-aBt=n+g+^DUXm zGfX}@Kr|GM(m+d!d1a^XA6Fi;gn;eFoiL&G5{2smRm&kH_B9<3ydY@pcO z`9aYwc-UDt4>2rd*w1Y~4o?fd{|J=UIk1y?^!aLB;AUe-@zWh2;uy8-o-P=U<0k?p zm4-RR-njAPrNYl*4j({-AM4re5B)RKnnFejPNFw*AnUj-$3B(-!Ym!H!EmMMsD1oK z^{_(ZRU4F(Sk3a-79RG~ZNJT3X(Qp2h}C*H&$URY{fbWW64pdTtEJ86iDKMtxX&Xr zIZGSLCD8|iL~OU84#2D5Vg$1Ha(Z+BPW>VyI%Co8MQ7ZWR=_tnG6B>owX?0mxYPTr z7iQbztcX}Go!);3?b@0RnCq&PSXr1wN;rN)N=Xx3-j4!h2h}2&KS_HTd#a#Eu4Vn^ zjp13z%dRZoy?#_+Qbt>!o2yNIQu`)i9zM4#PL4n3LgDPPswBlh;q zC#EwZrOS&Egf0eA`zs>|*30_PM|N&EZiIq|qJVh8dpF&@(8GHV{YrAbdPdS5btjJI?J~@gYJsE+0J(ma#^BUG~P$$pQn)SI6FEn-OJEmcR zX@aPOy*+9$-TUrVPe46ow_X*uPR>MEULaS$lUcps?_-Hd$*I2|Jj#fv_si;G!jcuFL$+C zJ;i&Z_Lfu^r6;r&2Z?4n-h6sS6}ImyM_tGfsus71Z(Trj{V(#|7v!{(R3CiGa5@wl zIih{?0eABtUxo#tVX3xOsN!s+SVX^Mi^9 zsE*;BWI_s`NkunmV8?X_U z<2042tZ&`HzKn-wT0=?RMe0rN^c4JC;QZlkLp8ro#!*v=tq88@9&cB*G_Y) zl>n8NLuXr=EODFYLFfJwo!VA}DVc21IFD0laOH?I%LsbU)TJNqxu`xUo=7)Pw?YD> z#n8P~jIBdY_4_2;XM07`yEL5YF!&yeCtZn$=U!*k2#ha*NDP?FGQcT{-ha^pCoWm% zeD+N*PF+Z_HhF-v86>6wnrq1QcyT=0cgMT#AbG@(^-0m9tXoz`s4sSKWH>r$Wvatx z*v|_Mj^oka7_6O$<}E~@+}f6rKL};^KsJOpG>Z-}`{Wh}xU6^$|3U&b(i&4^Q~7vO z&S$HE`pH+Sv6nm#^KVlh5a>sIib1}rU*01k%RrtEi$6H3(Ti#Ow|tgM6Ycz1Y=9Fr zqP6Z)DC}S{eZyPxWGTz+04M}LYeLy1e|~uaS*&l;0NE1V`>^j`bb(IkeJNxkbNF(@ z3;zzC9QE?v+T^8!gZi~$#?4MI>1|V^%28BplK-1M{NNSo`@?0{9fb-JSWj2XbkXcX ziJeK*)6Qfk4M{>FrJR0+RKxN+&;ei7XpfNNVB$(WW}mun10hCskgs1f6|mJ568Q_^ zQ@Jxz+1a&!5XCbYw(s1Zrz4SI{o%KZ4)mqFx1D;@>6a*aI8xrfY!kPsVU(>e=7mCp zJMM0WWwRCS)VfZ`8K5UR;E1=oW6^QWx&qIagX8^7Q)3I_uX)T^z?UyIgf**v*k*(3 zO6hxVrM|tO%kq>NDt68X`A1=AM}3Voz^grJ`>WhR`qD zkrPA?qJ2l=g$E1GrXeb#p7=B!Q!($i1>|rrL(77;XvGRjk!jgyG}m!#Hj`%eCb{3* zCqC2KAN}6q1jxgRE)@7+@6tf&B~W?ByL-2K`EImFVn3`IyeUT7oBEm-+z*Q$NH@Ie z^d?J@Ilw*xG8y_(YSkl0M51bwh+jB}V(Lq4=y#9E*Y5A=bKAvNjhD_s!Nv$Pka^1X z()w3uviP?Yo1u~vTsw38$G5tidJQ^F>;>Swv~Riy3Ct3Bz%el!em;812-^U~aBT7M zI$M~UFgauN`7F1-k^T!pilbYHtSZl0uZ&S_m#rw1w`l`u{`4& zcdnjO@!9M2Qj_Odn6=HxcvqsxyoBRrq~TDjFgJa`p6LX$dqQ331X(DyOqVCMOL-8! zUrD|rWoxP-^_7{adoV#1-9mSYg(8%QjDu?KHmVj^tNic)r$}X!I?nR(jtmPssLRuF za|dAO#t}%r{n=kM&|kGl1&<|{HVtmij8RLi5%WmIwo<%3^&(YG7x(H+WuB-m&O%vI zK2*1N<@XmXHLlmz(eEgZFxRa-rQU2nlgTGM8p^hW;Jv#66m@CcUnQPq?Am2&g15rH z2jP7dk3*#7P%9(1Of(NS3&ZKcfEA)&WNiHCHLkQeI5eYv6Mg^|jqRI-b^k0jio0{Q znu5Tv?+{V&t<(HA`klm_?Mi0+@Cy9EB3qSbB8|wUm!CO?3zCaBd7fMRN`Ik@L?J3N3pMhfKRw9R5s3?tVUNnmF+oqvMs0Q&B zq9(KQUF|tR&lH(las!~`Ff@Aa^bWxRupA%+2kW_MHHT}aWKSXJfOx9;!49%5EKv(7 z^lBht(A+u_G>UxpEb!Ao!*;%ObA#6y_N6{1*)6-+%E9{iKB6YI)4{oZHhH0j|FL^Y z!53XmL~H1ti)*r&8_d*Ak9u+1Uw+zznx1fjh?u3G`jgnFl8||hTKEjg*p?yW$^GS#XWsH=&S76pc520C3qF&5eN7*+Dp+Zv}C6xekXl z*DVn4fcva0@KT~;_LnKp)++HX0*N+1TT}cejoS*WYt58Gb%6p-(ObHFKJ%rVYDJc` zBxm>znxu9{T|#lb!8Va&BRlb164etSM)ph-5b50Dhe~`#LhB&mjWvMGsNIgoQkr^g zedefqr)}0>X6`)*ioIpnUZvafYQVlfVE!wUI>DgBAK#+%!QHQ6bOk#qj0iPaSeb=f z%@t0BW;o@f^fc$|=S>-}g<6D7Ar11L+&l;}k)8VPu^>Z zyXoPW9;-LTA%Uk8rqy;1{k1h7qF^)$X@jPvBH742-0{)KJ!p#WX3e57`l~31s=m!x z%n$6{I2&PuoSqx2JUIph`oe?qTEXIq`Dpoco69L%x&&q26e@hlQeWj%aU9mC4D!ie z$DS(-9jhQQgv2KpJm%5sxoa??M1|3{(L{1aFkHY2wn4Md8wJG;3s~Bf9X21vYRIKO zNF*0mpxnh#O&R$HnvEQKXj`;dpTi?AGC?q6-Av~N0Pxz2G&Q`^_|P897jx&tV=MB8 zlKvD+u(i)Z;h|9<5CH*v~`kvyyKuG}i^4o3t)5o8VB*QjOb8 z-2L{d%~Pe!e{AP%+mFQ>i;r^q{dA^rx2TAj#C9-6!_{J#zpS%6vym**-9P@!CAa zx}HfS(;m}2sc8Nc+qD*;_qM(TL%vLdNUUzDHmlOt5+_sE>o>?`%)D_PXyOCY8lu$p z>*8O*xJjM3?-)~6PBI@MDOsVR%bRCYAYF^s8?+iBe%Zs>xH4_tvhB=CY9X~p(+X6M zFh(gp31x(r;VW8yfyo2eN5vX@A_LCbdvh}f`Wx47{mF!C=rn)Ye?ua6YJ{}o^4wha zZ3zk(T^aURRHT=LV4n4mI-g?F3zjDm#QL$JCa@YtGFL-q^v{&0t zc^0$#OMNcStjECItDILuU`=2#2l?@0Csv`ukgB)fr1q@n&%2cL?aKagex6AMRoua4 zZubm4rRAM>bcu?K*0sqYN?ppX&Az7v?C&^3lg* zA`xY3_^0}8O)pjRl&C92kzqV1&A}tRhHcYbUX)xlh`euhmvPWF9~Tmjw4hf% zpUXdsymzKW9YZncslFw4fuB}0=kB9Ep z8YY?3wJ1a|5GJcO$K8;RWO(`seR9e%fxLN7J|=AxB}U2(YEj;-)bBw9$8#o)d8u5A z)?$Tn!i@MU$MA@@TD)=ZuM>PG2EI3`$omU40;G{4{y94h`8MxcS|X@PY`^n%BGb%d z5?*GmT{hl!n`cp96LlN774Rb}C4_*fk73kjD{%4;tqu_4{LTor&98C85cnvD=C3Xu z#LZQ_&w{e3W8-3S1&fINyH|U&k-x^K(GU!%K&K8?{8lkCk{`2mP&8lj*V;^x_1%83 zUN8nBg8auR@b}d9vfoKd)uFxItmXRUb*nUyk1IVRohzmM8}A2*Q|S!v754fOR0$)! zaR(dG{;7$oQ@`Y?H;K6(2egAq3Lum)+K6mW^S(7SO33S#wkK9(@}pG>wzA+f@1zDg zgS%h2Z$fRhwQhM4x9nqsW|x%qjq$ecap`Qxadk*EH5%b(oJ-d9*L$kRo)u+OJsB!Y zpD~cP#H4WI%t(_>{w{~l)5#%S!dc?CfP83{LrCoh?76g7&t3Q`T6kuVTKYVmroF%y zx?`?y7YQ2P5mOOj35nj9&V}aQD8Ic_W?nj(!Zdae^Xab5j`sy?QTL%|(rU#DJW6pw z&QBVOsy0CngjU{?n*X62Qd3Wrp?@G!T_?JHfE0I|EvfNlU;1pCKlOHT!Xv%}l}Bes zTB)2f&Z7Dt%0-F;)!w%^8t-Kam=xq-_P3%LecUS<8!?Xu%k~lRNO8DIKi}SVN+f8% z0<^&KMMoUg`yLwCA7J`aIFJCGM8$Nim$8tlG--QC;Aj)21N^Js9*lAY+*Gw1W`^g6 zdm|m3H@=?sSiyNW-?Y%lMsBY^5Djrkm@i6k*puEaDE4!H|3Lyb(NgKrWL87E_JIDg zrG_N_bK*A6TQsj`@x(;*qHeU%f=R-;hw``cFrgt_6f|%<;{Z_?;)7*^?s)o|0$;e* zC$8YIvFWNj8&#!*zLhjZ<}FinCA5-~+3pDPYKe&b``g+!Zdo4q#^!%4z8fe$Ke_YD{}HWdC_?_MnWf2YRy739$kTWDah@Qf{T<~oywWy>_zP6B3K&qB+W&32sw&(6(_o;kGGYE&buB7ak>1XRxlkYX>SXrYr!JxJ{F&3XGySk-z2j9o?5w6hs-Aia&uFno#p94lm15TPu zXHx9XZhQipiNq0OH-{~~2CK30k6yA=Rs_t|(EFXdBzztf?n@<6kU1$;Tr+uDXF9us zAI@q$#xa9rncwGrp9#MNYYo7{%k!n}hWb)MB1)P@ch9liT&EhL@l#l&Y?E}T2`k@1 zJ3H6aV=AGt>T}{M>;_Oi4CLJB0MzV2o3NTTyiW<&!)!puJw<&%1n+*=}?I9;oa~4D!kwYSdqpYjVLqwdwVU&h3N|PfD^=H?xRSQ|gauC7; zpn0(7hf!9t2a0_Zs&Vh4HcTI4jhIttQ+1lfQ6iPe#*>hON)SW8m|bWtehaV}-PZ-Jomc5*xGztW|7 zZ|zymTJv33UxJjsPuWV1*h8~g>3(9mvb8V%RF9@@ShQq}lWIjk+2W1ic#q%Yj?7_6 zZ-(Z^=o!(dUZgHv$o=5a`xt{XQ9bRO*WuUS+aDCdvfADBTU(qX;Utmh550>wTs7mL zMC{d-GbX6YbJ&4nVBnsmT{W@JoDdMhMjK{ex`&eHDSJPm2RQMZ*p72k_gD!lxwOZk z6)d3jORiP%CF?3i$2t1*DG_&H{{!?JBn|ox+O>2hlgGyzv%T%7+p^=VP_|uk6`c`C zMb*3Wfl*Lbo-D~tzbfLql735gGW)gITs0Qh?4ZrV;`at)2mSf-Pq65E$K&sjXRw-x$#gnMs=N5)I&RVU;ns@3v}~aTh(@B!>NWt_kpYA_y5H zYSl^t;rod{y+}x#HCRPWTgo#k#6q&#AHs+Jb^@0||FBN$N4W>R4X@i+VDeHl2*VI%kO_xt~CyhPxDMN4+yoYDVw z@jsvazwm|vd%VS(fRlP_|FihN58$kiFa8I6-KG_ zsmWTY^`DO%kO`FIj7k(g-K0%d+p6@pK1X=n!y#DX00vc8-0@FpdUX7Mw*|%m7}Rdi zCBY*Vo&RG2^G*SbZjZ%3oj#-$2UH|@`TgI|FZ|&X|2?zPP2iA8-1(9Jc^|)t7@5>= z;LC2f+#_F|JHD#_g$xfcS)TjQ@#hgqNP`~&hhEZrZdjf9GxmRp2Y9P}_{}<5O(I7& z(tqC@mpgC>hhmJKP5z(s@$hSYc#^KyJ1w+(z#cCoT=xwfWjL}C3GABP))<27z|fa8 zH@~NY#iBlb^Yzya^$#%Ue%RBZI@ult(#2~XZ^;TojF3mlIA=)hfEwueLExBeAIs7b z=fOjN(L}rOpi}L}FI7XGV_(Jxd|a%utJ~-KEcVS4K@j!9x4v!fP#~XaqR@Lc)mx^w z=s1h@DD7|EV8X3mH2(Srcn0=h^L^G>6w>FZZ=(c!DoYu@wEtt!ZFe(>U*h04xHM_? zkpjqOHo;@S`^%NYN?VV{`mB-m%H^WHh+>UWh4_dPBl`2@f;PLh#^#cvr+vkH^)Yw4 z-{+3&T=Ba!tHXc5Z_d~OM$6tU9KYG*G+7q0=vtce=r5J{ej`fcYs7xaj|v9kSlEHz zmPU5`#;4_{cm2FK6UFqio^U6M1jOwL`L`+5aG7Uks?U$K98lFld`5DbKMc%HmO@GI zf;0TqYp0-IIX@>G_DAQ1^t!Ivvvcr86d^E~A)DJjN4~+!j~E*n7aGl9*Y}&(qv;&> z!hxjQ>~w6B+d;?kjc~&OV#d{hgAESY%mN6vBIUGHCXY=ZRVtoI`x=im74ACV-nu$+ zUy-B3hFG_Mn@mU!Tf3#dIqKb6Xy4ppLHEZ2kdPXl$$aq466R33v9Lmkdzm~!9P#e- z=?2(4NL_nbDNH*iVOBi=2P=N!r{UzdvN6;}ZV%tK)Jh+7 zYXJ8rd=tII^K|l?Q=+2<`LgECznvEkd~#E>%HGgHv*9!77ivRot7y%)v)#JTA756A zk4>_q6*H?QjxBhiWIdKXnid#mx!!b2G@8XFWMF?vM=n3jSuwubilHQ*sT@?iry(1_ z(ShL^l;=#?@R77c7@_q3f*;OUu|-|}8o_xQ2@4T!|C!v$V;tWADSvpc@KX4(HQi^wxAA=_OT$-evp z_U>>C(s0sC=fd0v(Hx_Gx6mEv8gBWTbqof&F#<#E(AVwZ@f4Rkhx&g$ICk%pHcOZR-3dtfU?Fod!*J_o)R9)`V_7TIUVe z^tSgHD;`&B(1`7e@JEjXY!Oi9^Q%)gbizfCRyzk9PC&b;Ocx2CO4r~F6l3e-?sa>w zPV1N54|_C_VU5wX_J|AA3pgy$6u^0RIB#}@jQ5Ha*}MujU&mVM5KQDp!6WPRKJ(=V zSh;-U=k9>FOoT7y`w%DaH9MACS05!qQ=O*kd0nZH$Tgp#y?~ZEzwXjJtajeDMm+v! znd}2|^Vck3?hVa*^@HY~KPhQ4LZ8d`hen%b5Ot=D#!NGI@3dQ9VZNtls*Ke4$W0vo zI3?|YEMpRO`jp3S*-7t7(*2D?^2DI z@M%fudFdqU+0^y+lT{Xq=fBfRQsbV%CvRmFY>Mm6el5LHYkCxsR5`kdu#81Uh7fu- zC!&7vjZ**F7&2NHmBJ@l+2GIr59=9hrR^}nr%AFPB40wIfF;r;0<=1 z61F*S$ItlG$h@Yg%71*{xcQbR+D4%LW3D>Qu-$UFys=*8RqD!0rbWFH`DJ3Se`0N) z6dXeCgP*!AVml)zu^9H2RVF*RW=oTG!Ucf}K@T4M?{;cl_1I}uEC-*?Bhq?c+jqJ_oBECJ)vd7|zfBkTA zl5AuX3^qW;`*Vogvoy5J*1oky(#~*!&P&<|Y*ts_>9+3r!)2?uVo1+^#xPq~8LhsX zZMjGc+IQCZK)|6RO&t}hDPkbmz5#Bkb%deQo2c((9MV}CJ_oa-1;go_TP2au;jgoP zMRELibL;MvZ_-B`53OKe%;so2tWdL^*-f64+pgNs;06rr!Z-hKRU^CFH@(}y3oAEY zws$IG)GMPmv1HHsJaBhcb~z;*n$u()?`*TqJTeBAa&@SiA%vBZylS6zuBBhJVbbhq z0d=={=9{C)CFF{6g;4Kb4FN-<(6ruij7YhcDblrJ2;D?x)i=UgP^-%m8s+6T?jk48 zDB)J4C$YuJLaX^pk*ZM$^Qz~4oo>0JR0>_e3fGzR$;OAC5yR1@(}B>4r3lq3d~1RK z-Q9Ns{$hHjc1huyw~Sx|{z>(H{sR7@eho{v9rD}vQ)BK?wueo?x*5s z5j_9HI2C#_HWmIcT-Csm-=u%4CrWdi%3U@#s8D$4g)8l~*>@!Dr;ry63!xv25_Kb& zh70_hqNn%pvn`H%uM}E2rSw71*2kH2cFqeRd)dt9SpJnWi^P;Eq0?{k? zy}c9illYumxK0O4Ib@G`oJ{PRS2o-iU^~R?ltOR>x~g%qTA$%|Mz?f<2{*=KP2>PsF8PCQxr7d^)*Ugul2)c*cc?(N^4|Uhm(cM6)qTB@miT zaBx!RXlo2Pi}J`*n(tc7SfBA5#yF_im}mgk_k5ud?3n%?70ND}08K6RLn;Zqstg4u z=N@!?0}dv%32s!7&RkvWd)ZfrQtR?GL|iF@mR8sswu9M}PMKH8l7YMOAuk%uO*BU#0 zR&k#Ke&-|fLl8!zC6r?9$!RY_TJux`nX#fMRPeURRPeh`8i4LZP#!k;{hl zHkf0eVRK-~x6*0QG?$^QsD>6Wcyqq2G0Vf`B@s}DSu(16;F2d)C8?j-;r-H$*1E(( z=Pt9^ZiPL03!jX!{xbr@zN#T)s@3J^K7&=%Alc!1V&&YNS1vj`6s$#t-@;VutBU%y zYDr8`(wBWGwLo6Bb+t-~dW3Dh3aK*8?UsK6UCrm-@_9eaG{tf1`r+G)UV~fX?W9)Q zWta2Q8rj4%ev=O9SsK*$&H%*aS$O6m?rVdv!lTE6CO*r4N#}QGzcSB5?>edszTQ2w zkEn;Bj0c|MyApd}2B^HR8EnWnhkh3*Qkt%L@#;QK9Fv61KWxLMph^ zyz1jWTlkc4K!4o?k$Dq_=!@ zHe$Fg%8MV0wLJA*b*br*?=WIg^PhML2F<@rV#~KG-4%;2%$t&m(2fdGISLiCl+nps zSZ>sq^hJ&nA=QLJ;f*bsA`OVkJVTCsLxJ%gW}f_IQP%X@EYa`&!@go`Y)*dwZHkV1 z!rKH$Wf7$1I zId-M2Vh)f?$amdpuiu8RY9(PE%~Dq)S`WVR64xf9tHQuiSd)RnYYw3NL?ANu&CE5> z%k;nD7NE(FohL~_sLzjeQ}_55XK+z`?Lt`;O}WGpSGzY+iv54-Fz=GZN^Boil;5yQ zc)f6G5y`m=CU@rJG&XwC<2pGPd&uynm& z(9CoNVZ^)A{YQ|pF-!A}*Wm#S%Uxgmvaf3eFx`qz*G?EY14__L(&%$!gIDS|NlRd( z_cj|#WKgPrfmgyzdN2ux9c-zcyim^kBH%?pL|+-Ccs0|3IXWoU`ACI{u)i|B=IXK> z(K`4_2VAT}b%PqEnr+IS^8Mfz{XNZ7JZvM~84?xA6^qXUh1W6}v_Y$(q&M=R;R`|o z{VEbB_$b#44Ts~Byt*LHG(iV?q6EiPZhF(;J}VmiwjH^462=Wv9liGy^JS2JU2@ixW;OR ztb9iyA5*1=z@yg8_Rn%A7>`B#@~X+=I2->SuyIjMZlsojV55orW-gQrx0nlx?tJ9& zdeOaf$Y40HS#FyMg-meyx}2%DY{ecvU8(Y zAR9;iZsG-2Y+t98Lzkd)L0^MayetuF7xDGb!$WQ7(JyH9m_MXgyU^$bIc=FvF){Sy zzWbSFoxaDqdiu%!P28gTo|ol67fuZe3L(P%ByWkE9qwNa>_erLuovk+z}^C9{x#kk zPm^K3b*_zxOHx8S@5A#`rh*ZB?K~sGUTVTDQN7Y}fJ~fA@x=25>VY5K0E@x4#z=%t za5S}+UFO4m9oEKih+0D(x;(Q;jb75HdR{}?|6`Bh)A{aqP8-_(pS)G)=_Vt8g@t6j zIXhSIy2{-i_GU^Y$d;8I$jxa?`ULOX8(-#;eZN>!a|x2p5z7GOmMU(&&b$5jD4Z8m zDop2^+G#wtJ4+CbA>#JI5;o$`Tjg(49m^X_V-ccbjnx51>P)_MFQ!+_c_vehpGDY$ zd&*E}|I$r=Zp9VFC4_qnzG5#G3f3rCj5a}ybH&)Pf4T~=g;UBn`Q!asa zK0cIojSL@w7J9Nuw5r}xJ05U!^0Wu{dV6EXD89I5wd|C`crp&rwQBzg>29r@RLkC+ z_9KD{V%QW79(Ux1VU~#D+g#o(Q+NJL?P!!kECqRVs{)`?$5ZQ&vb;&wvGZ(4pGK$x3yai0JD;TRcfy?vRbvFdA4(}iQy@}Jk7ivWP~ zp~l>`fBtan!j)eESnMR=!1r%JdH)6gf~9H1&iqSb|Bpiy-`lMSWUq`%Y8RtBPI?D5 zvVe#f(iBJ3Rno5Rug6}Y0MP|Ptbjb(RX`LZo%rcL(Kjjg9WZK`1bzY=O)@_}cdVy0 z;zvPVR}xG5CFTG8&#{w^M&kdE%m1HnIaB?=P5x|PK58y8pS$|!lKunFhv<;l(@(u` zHc#L+uH*Y5*|YCcS8fWE`cZ#qvcJ1RyEC5|wYe4lR2(7h(=C`r@yl852tsd~ng18o zA4+e83-+2-cal-1qg%>-tZ|5lUhaN0?O2S{$IGrLaYNbBCh~(_-8Zpp>0736_|h2v zJJUpBWQfbD#(O>zmY`<)4bB$DZ~@t8;jCC<8Gnw#~gouGfZqYFC4{T+i+H#3o2b z8?T^l2II8LO@N3#>MK??bmhIV+Vmx!PQh6IX|OjRhPT;8zaLy3TISg?qby5o_Q0_| z)}dET`mnf@Ax8Dzz78s9^`8;l{@DC=o^|Ej4BZ4e$;I&qCCMXUHR(;kyy%_18E@j5 zA*-MKps^`F$vl@8{{+wQiI#J1qtZ1=t|tHlKsBrIcd5L!qF^k$c3#7;pPv z#Pxz_@{d8g(_Kf>hiyNF2PrM*Cu z0HdT;le1=Xyrh_~cM0gSi?U9Ga-)@0InNhy{X;lS=L`b0rdHGLk8g^z5uXdpRjDEQ zZ|`1}$z%sJ2IV^n=L;lhAPfJ!;rC5RP1)7; z9+G!zT_;n6x`oU>8@DechYx8r>@DaMoWexE%@5#3adQX-HCxR)X;prt zR&1aMM~q*p0*D6C&KwX4>LqW9`Q`QjJSPq%5{Ek@KK zoXzqVG}+94!~wYi38#rnAJHZ^q8=GC-QpUo=c>4q5mVKdhycz zQrJ(xthP}v9<*x4Jl?dZ#kA22F7u>A8+;5lE5Ql+NSFAF*BK-4wrmgWs3fgStrb%x z_%3oxyUOi;+zpJkgsu&{%Cy9-)Jm4lNpp^C^!5uqMzRrzyBMaxl4misXYSnaC`fw9t zhM%mP&<1?{pG1gb3uG}gbpF2-Uxf}YSi6s=PFp6#`5xO zE9?QU2%-)=CAV4@H1d}4bB6zqgeE&IA)Y(s4)d3z#yw~F*A?;|eXN~K7~*K*!!con zXEwPuAW7KDoz!6cF?LarhL$x~M`v_W)eVfP%>4U^&Qy$RGYUC4?Y+xk_S(<_WcK*F zZF|Lq*-ZHn?FnSbjiUI%5oXeM5-IV*_KqFTrxzGD{sdpDxQNZ2muz|;>@G?a z%UPF#il2k+O-6-mvy-YKe zOP-7WyW%`$dg@oxF5W&H4~RC|D_p!$C<lTX_N7GpM!&)q)o z?<+#PUh})AJCri=*o(e>IqXJB4D@jz9#t?pj?_sTZ+Zm^e5h4f4D%IIMi!+esy6eg zn@;r`4J)1Jwf*}A2MA6fl8;(Jrp7aZ=>3Latc;m!|IDf>;arQ)%lo4Si0&>LgfVtz zrn!M>v^tbp=>AMym87@qDMnG-bi7z#3}sV6F;jn88q-igPPdw?`C4NH!SC7i3X^$^ zSbP=6l2QsSOFbif4K7q0Y5HbRZi{S033_IqGB8lO(P_PGXFt>N-SoHMtqB_fVQ$Ym zVPz}Tcr4ADF|feL?#$iWmSPW$K_IR4iQ;O`Fu9ZOl#zRpC-}AmfL5r$Wb~Ij>+zBs?tBcc=7K7V zS!~n5H0XH=NBfV5qRrv2_^S0j^mnME$@07q7f0Ky1)en6oq#n!MZ0UE)33+lJQ67` zamcY&r!|-f?}~I8NsNQn@+h8KgFbvGV;z1`LN=Vb$X7YStLtls7EtiEu{UHNSe3vR z*dI>m5WTg_4sfujMNEaNXnrj^h9CKSsX&Fkk>+oe8IW>!ghIMaM&;HTY!4bb6J*_D z(Bhn?kzn|J3ye6x}+r8EV?R)apQ(XNk!!{1&r5c#Bi=`$j(cE!RYpq2Ds6(SX6TzJP{S zt&EkqFe*Rund)8X0lgj}{?b5*=dQS4GUw9;2I9{IuKuuKQsZqmBytU1Xjfk_zHwn_zw}KYJ+O1ut z{Iph8>YgOxB@-Y z^o))rp1DTbM-4F`rYRr)`cd-Zfmawb5rr5%vk_0452=YimorVp@wbjFBNXy2kl~TB zqiC=HYDobkHIH}n6J&JK1)G!DC1dp_ibX6atfPzu(|tQzN4 zXdyV&BRuq?0H@5X+J*I|c_|}spP+j*5*+#{> zPz~959k1OSap^7+@)r6S#7@~nA>X^}1SiP#S(^@MPqVQI5?!*?64`B*h6<)eWhn7e zp+sBZc6uc||49~|aE14iQu3V%UDXwoe!(PYt#4;*cm}QHldaza`erX9Ls^fg z-kl-z z-@dZw+0Ccw>O13ofW`GZ!_Wg9?jUj7IzoCqvqFzwK+@BGwx922#g96F>!(XM0%4P% z_t1C-muphikO)y;JN=>@=gWqx+TAVg&Vzv+A-i~V!=U7-n@=noHEj&9Z%^q^`3^W2 zA2@!|U*C)0w0x`kr`R6tlr;I~5@Gf2%aapzCRSWu6p}d^%pRP4Qyu# z_DgS9di0ns5pRpw!eJK3X7ySXvDo_s1;LTZ-MSx{h8CTOqNV;2gGF(Pqj%~xbf?t- zegceP-k}0C3GZF0?0U{S7vdkMng`9<{48JEw9BG&ZTOegE^Pm4WW znmQm@KVnJ^(kIWb=lPn&5mq>xZgr@S&FWtq7WejjNT*ZD_se1E+38n2#`Qe2+;_*_ z6qS{0hKF@ZjYa(s^5aD}5v4qCt`!{l!j0d1OK!sLb0|>eZkV#sSQCgSq_)N2QSvQo zWxDRom`m{094U`>*Y_XM!^UFda}Qw}plZK&)GkG-kgO%%#20+dCd*%;_j*({Q|F2p z89;+E@{ zKKMb*2ppJyvPVLQ!?C@vY|~XB&}VYm`->Vg?3SyMdimeG^a&D}F^i}u^SHgIEV;{* zMPCEJ8K$0sgTrGsRZw+yh{HD<6PLhLy|UliL^b7HkboHr(9(o*DJ70$&pCafu{!Rh4m8^Onw-N*G5IFS#V^16p?K{hQe30H zCkdkjdH2qL?uo|oq<|>-#@EIEV<`7ajEu{4Nmp;sm#HtWFQJd`#f#_W7MNN6YzzD| zC>8#VMf<-5ptj`PLys%JJO9rk8oDFz=6My*w158cyUCRs0A=5KbNQ>q@9+M3q+tNS zahgQI9{1z<;s1pCl@S2;ACptN74d&_e;Es)*o&q?uh8dThSGmF^{kcori_~vwOHIW zvcCn?W4!;rZN7K}I4)a=4P85Kd;CWq|KA2EDj__;68*w5w4e=7vLnGP(E03Rj0e=`hyy3FC$7Sq%%IsuI_{>h}B!E0P^ zQv;Xq_)3Ln5pyo>F@?6(yC8p*RD)z)CYzsN3!K(ifvh<&izr?*m{>(gq3N+P@os7b z^g^F~DW6d)3Xe&j#FNmlu;oonLf)TMOSr zerSujp>xuGQDFow?GFEl_>A!ACBFT3)UHbXr6hvIXK8^py0U0ynI*9&;j~TbyC$SM zgY`~zy2bX{^$U5cj%hv!`ho**J=lVJsXyKhh6{_of3A~b>5}2i#q@){hii0A%)bJT zfO+;MrnP@2$)L%F)w5<ap*q0;fdq3 zX1(2`&^T@o@!&k8)YG~ck5v;Qs(I(rBg)n0Sgn=)>vRtxP`R14>mr{?eL8K6tcGia z_2yBUR~N9-g&C5;PiN0>?fr^#Jld_#F8TTUB+%7eUhQy+S*=W@_13?fgK79k%gXz7 zVd8xE&5H3Y$4NnUp&b24U+CkolaX$y|-FLrB|9FTb<&R$i~#_ae6`4?MeYO}nE3zZhA%f?{=e z(vZS~m~0f=qMR?_5KT^JNbITR(>t~?WM!Sb)rekkiMTxvTac&NduUp-h^SwbP+|D} zE_t&^vM=74O|h&WWcox7V$VSC^gL>1rq*On-}CNiH1X@T%&N*^uurW|`ruBE|7>uJ zGupb&Bq4C4&qLcsLomsylCJI&(#)P4wP`$!n&xS5-nKrR0z+VB#fkUZtr;7ib*C4O z)Mb1g{#Kh&EfSx+F$pSv5E5gae~Itqx(Pzw`SYl5s#a zZ%Cn49s@XIWsvR2R<{)1zX==USfJ|L7^o2gTL1RM(GXS(@|6*G1f!)3Ao<&)BhUC3 z#&Z`%D~%EcPq8+%NObRiYuJqJSSgrwG+evv7=b!_yDR=%T7Pbp+QcaL<+4i$I!Q)| zX7Qfkf}f9~_E^4H(Th}ejwtWD3qXRbp@H}Oip{(U1YOmT%hnaOZiYOUL82fo)TQrp zR0%v)534lvty1)>yzVMLt$v5ZS-k2o_|RqwD~ZJ7eP72U*Nu+Cy!I=IAd7O4Tj^Rd zU;hZ?ZH4me`}=##*BJLk0*n_rm+y6w#t(OLQz=)MQmG4o``9F`3zpJAUgqG2Kx9!1 zzuApr+8K?~Nl>YGpnJ&?%Suq_W;;5Eec4n*eNKwmh1U0dI{&f}c7(&w(7 z@tN*JY-wVtBl3u@z-x8BIp>&nZt)5F&%w*f6}58u^aubFAVBxO5Qv62GV7J@yWCEL zhdL7Vs*n8lK9CWDZk0m4s4tlQ1g&*KgP&UMS;7`ZmYY*pnfLly=7dnqBHjnBk;#y8 zGkEo~nj;KT=i+M>4qx7B83Y%X;$kAwH-7B%)8-pVOOQpBkg8s2(|b z3YEn{@soP@nfRe=hW|Qb5CKjf?vp%h-hV!^^I5VS-_uIiB{&YzmG_N$NUlp+w4T0x z{%VlEBY;Y|o3GSNonZmf;bQF@%o_Q^IJVRDZ|)wsx?FYQ63?n^2^pq{6lI!nf4)^MX|q2kNE6F+ivQv>hF zjx)VGQ@bmwfM7OkS2z1k!pubuEGdc7Vm^w6-XYW&uWO$GHaS)I={K;eu=5YU>*pg) z8Vb=L9gaY{j|MyAu7*UZSzR8fs}HAnu4j=`LW951mZ&2`x7_@HG4LT}^aL)R!teaO zmS*@Glv#V=!$9EVfjwynT~ll9D-s!?z`-z-SqoWke#yMtQk?~RN{@V&`mdD(eJvE)sL?xp4+cZ9Y9s#C~# z$>jlq9=G)o-#(Mj*<-jECfo%T%Q6&`=!6G~tmlyJ^uA;x+}3Ez@PMRNX`NeMEuWh( zs`7F#MNRu@58Qn?nVEQG6j~-L3!&h#58lLE94hg8BujXf1FSb7F^c4Rmx`vhg2r5K zG!mS407IrdWbfeu$a-f~v1k9s+5v&rf^^x5Rj>~~+<+ElQT4bM3*&-U&rs`VA zc6;qXRS=(9WD7@)5n_f5s)ndFJ@LxBhdF;aakBo*t}G{Jp3gcFJzwa#Tgu=}|Ls_8 zC(ApTW=vv9Ab#8BO^~~lWZF_ELSx|61}(qW#*iPn_%8yDJh5a^=W<64qcP4;LD2MT zbU9mX1i^mp0~Z7NPgx|abCl^3gp}!R{cs@IApfH+W~itPISbVroYeArdEF4ehPFjZ z_ogJ{`vwh~_xmhv^`CWBhWVcZpM;f z((mS|+_`ODskUAW$=C6igugY-&>HAg2fV{au`X&Dv%_A`eRZ{opy{9ylSHhM#C}yI z!Ot`#o!+G3V{}uJa)8LMu_aHISzuq?KPw|jLGEBO+v#<$L^tC6)oTt5r`i|xblky` zd07$Dd_dCt*vjR)1!SHi5u1%x*1)q{2j3qGj3Pva9Ep0<;zk5=+$k)je zv`quqkUj(JHzw$VshDdpIiwS4ne6h~5?K#q5n6umEe4d`+WB@-9OoPgoj$ONOebzX zF6YM{RwAUq-~KJboK=m_5SN}MLSu>7OD+MJr^eZqt^&KvW z$=-FZ-mnfdzS{L^G*h5$gf^-3?tsCq<4dUe(inkDOV1HgFkjIWfktJNM0UT~>yoV1 zV`%K`Ujh(tU-*@uP)RLwxp`==V+!;I!vXHn(7kJ-&0<5g=ZYu_R(KF6CRvekc;lJm z`Omfer-HD7jO8W)<_Gua7Mq@hO&4gjz!>(7@U!xC@Qr-YqG|7wQr(acH?G+ir{qN1etJ$9D)M}PtATc?oQdBID4{U=soQ;2LHe}ds8Ex;9a1%pN z2gw#k@l$#ca?t`xlU#7K#XB4fcLGWnyX6e&CnA(cMb#geBZtmgmLfoS+nf+g~+FgJ-_&VE1Y@1ptqypIH^X(^&@ z6LJp2yR8*15Wzp;&7V~@Lr^sYys*E&6T8tW0`4B0hC~f3XJ%TOH9BKMwK8{YA`%y$ z+++uLz@~e8@lhngUj;|^&^Ffbr4L~?>Sk}TEx@w`eV3Yp(v6O>PN*v)ta<-NOGh@v z74jzmp&7_>?;n1CU!*(o#!J zNo%uuGc`t#)C608$0zXV_sjg%*mdJm;Suztv^vB1c(M*D^jF2v!{A`t(;i2*2}Ou8 z4`m6HA(iJiWXEGC%p1fYk#Iz4gWQGlVTPm)pj-{1~}ON1iww zXh#*${sMiBjm&1BaCEc)S{mNit+)b%Mo=HjjwG!wYgkX-rg@`zVnuv+6aiSGM8W3@ zsuV)sE|I7*tzDaK;X*&cpIWSkJI#oJ3~y% zh=Ulvd>=XgP)1`pe!XHlr+d88yTyv53-!T=V02u0y)8*8!F8%`H5p_22eKwyzJfjV2R+^i%)x`Ryr4g^d)jv6={{m z05NbssoSe!Z~%!oznbB4?b`2nP5>c&y2MfKG+ynzHuuShZR@bMR!CV@wGIld!8CJj zjY^2vhA8Xn?aKYY&&ZD!RozQ0o2Fr);Vwv^K9sb|#WH7=ed0c;=iJ5em2dcmrP2Wz)AHJPI44?{$pbjHSOpl_ z#!L-G$mvKqi76FZg`%G=u~yfd7}46UDa(8RfugO6WTEF@4NhB88Zei&{{~$$ULo=E zG|DO}wU!+@W)bo;T<9j)mK3WVnyv}$4RTdL2PsXS-lgO}tn7DT0HWJlhS}tFyOjF7 z#kwwNW<5b!F_pPvr(&d&-a(Iqd|0sN!Yjy3X`=EMw`&8Calx`T9Z9~l7qZ6wYRFg()FKoMlt&Oo%(PBG&txn$Z6 zrCQmKv*i^HZ{s&A1(nKL!%@@8xUVJU39Qfoax*j0&?*K?yD{oHqP-s}LSoz~j};rWJjanLVWgQ<+I2;5XIBU@QX=pc#*{*1qzn2~ z5~Tx5;xceU;5Z9Z)}~I2cxdZ?_)8-7YvP!okOw*^cZSjSri63s?oXq%62sp*vBnot z05!An_aXFl>w`6ulmfA*3Z5MY@dWM#t$!m0b(LV*n z^{WVrpL)rtov&D1+K$rZAKXvZeKVO+ct_`V`PIsH5>kk936qp1*D)pkL z-rn!8!+-=SFvDLVpGRkTtFVafUV-fD|FZD^FF-xZqTzPLbkjT^DgR!#|3e&G0rL0V z_W#%4|Nf5jD1}6bI7sLZFXn$-=&Z{+e$eJNg`2HR1|YTP?3s?d#}8o zWvc$em_XwMEbI9DV$X6OMHy}U>?j9Pg4Vmw%1=VUjzFqMrDKZ82%D zs-%vy_PI!az~_oKe3|%i*^=wna01wQNlJ!o@0-i1b1qNxUty0AB}*S^C}YZZ!9Jfa zRL8&1k|CcfyIe~0^rg`MT~ZnF__zhoYX8CUIfLVWKH}lOpCZR;0Q{1-DK1<%J{o_X zGxiRc*DH#)@2q}nzrU~WpQEe`fUSb#G<&k#F)P`hmyt172j){1d%EiDV`9S}cLPWf z4_JVSdm-%!)vpo;|7;5IUQz@?9WuN`#ORK9<~%G%V;Ed#s<6E~j}n%5Jf%ajFmXT|~F#GxdS>gxPg)&{`}Ej-4v6Ivp(oCXc< zQMBBadV{O_^TVInC%$!{odItQZ!aIGUmhy|vjkh2Z@k&~>L(?c$7|fs>6}b*0T6l? z5y^E=!YGwZT^1!J$D6O!Op%!(h1%;Y2-RP>;`wYm6P;@{heiz+JFNwI^g-{)YInCr zo663OxZ_|oygkA{VjKlV6D-=V1r0RA0NJU&xhgoEm)qp-U=U`gYsb~7w{I<2P0~0a zCDDTESgg-K?@r@ADfvS;RtfeZi#n|!;XvkzoKPJ1S`9OwR1uV^%IAd!t$Kj)4B)AS zkh%sR&N#FQ8h-W&&c!B&7OhCI+tPEYEo?Tt07mw|5=$G)vr~+(7PAa048I!2uPI_d zcYOW)+4Kt~^VoAP4>Rht#r5i0jdg2r5k2QfMdejM&NWFcmC95lHp1L&WBGmRb&D{O zdI7dsYDujo6|dWD@l)%a=lwnREP)peH$X3~s5A9vs9X)(>Km1tA6S6BmnV@%?Q`~*W6$%t>2$$Vk?FDSm%7U@pB zg0}mY`U~O$yByH?QI#Vwuj`JqIKr1`e;Z`_G*YkVuF9W7aC`#4IYY9MiCS!<^07`} z_bGZ3++%WiVxA?b*!?}leI4#hbK4c|j=t*$xS#!-<_`>M4~%Q1dZyjmUPMTxqQlO% zZGP7VnQ&I#{W&cn;;O+8GbfhR+s)r@*~_4|nY1$NtzqYPc@jJ|G;u~^2exQtw)U6* zEMjdQk-7qHWk5ERr(-5^?Gyg?-%<@=nYy9|bSpNzliav1a6@{uzjBdz=w_ElHa zAof>jYVQFMaFZ{O?Ed`={^r!P==Hb$5i7wIrz2>ow<~=iILpcV z@l$#rD;|2!d1UV@qe#9FF;Aug#+r1X0^|)$8_cfe{O;aip_pwn>N;V`#<$P94LTLO zd#}VMeC4HicGTUyw?C_8QP5`(_(fkn)nMKa$Uu7ffuyfAEx?~TYnLJf$D0`&KE8G| z{#uf#yk0t5W^i-tlTy;-Ob8~F|HqabcjGyxA-L@@wq_V2YsO!R2sVCls@K&VFQv9I z&RXHhX!~$BGCHk(f{@V!)D|kUyJ);Xrh~Y`Y(ytE{dh0v{jY4d$F}DG>}M=36F)dtm?B*{LAbj|pXT%=4?&m6|3mERxO|tE444Fc`}{Y76V=!^{>&(QsaB=q}mX zDYXGKxQVZ^s@sOltBmng^n9*P09H#0y@fYPGU%E<`zn-9mQMbTtAe!gsG=8c`e*4? zY0(h?lSGFx83dOQN@$~nUC_8z$Ah7b+e$S2KcVRkOGG*-rU()o z7!LM#Pr+}=7+=5NI2$kSjaHoe-2PG@(Q7bTE6<4=1j~UNy01j)QF+e>9gb9#=Qo{{ z6$<)%mpTSmtUpdc6eeH)%N{?+9zt?=p)-^=^-$(J!}$i z!G(1lu|wHU$9Wk{0_JLky#fC+C&H^3kuKF1g5$yanAO=cKZ=e?mRia=ArBZ90+|ljs~&2ieHX6~;VNHqMvwe`8X3*gk9ATe z=+an8l+7PYo`&Hh<;A!mttUWHX0c|^$G_cxb``{&AIh4UCDWr&#U}BXvMDF&Uir5a zLJuXRmGxXV+hW!sl|tW}swG2ZKYPyRiX?cqMGu`(+m?;V^5+}L=c|3ol}BxtkqR9r z`z4M5ZfbdXc?Oo2Iken~aEys(PMvjBxB2u=(z{gy`d_C3A`W?h3{a<=cMk|Hqp{AOE(zn+d&f+xZ`4oI43B+yTEoW1Hvf)p;QVn>XN;DFf}XGTXGau{MZtSl!HpHB zMQSc-y+#jSz5%>l?!+kOV44mxK{HhDry{kFZ7LjRNyuF^j(s7M<#r^20wQaCT6y}r z6hogRilWKVBWqzWEMRfv!tbtzFwyiIFm_F69e)+c{J7K~D5LgyItrPo^`m;$?*En} zWwM?f35hK1uWbHJ7l58|#*-?#q1M;sbQg75Hh zPSwA(B;yt~^N$7h$443tK*A#5(q8C^i+g$%43IFktJRXo#Nx)D$p8s3o zIZHEhF?4Qjj%hs2`FN+ZPLS(Vn8Hugr`$f~7xSz&<5s0yTg+=F35+7$wLhu{K9K`_ z*Vq^xtNvJAEN^^Byp$7s>W8EM=-}}ueS+jEAe*yNYZPDl-{Jh#=glMcm+5gW!GGz@ z+>va4UnXDaUqTA5EW ztIw8;m>A4gu9=9QKh~KQJ)ncIgv|6m9$YWoShaOjg}`34ZVNMN4Rz`C?P>?(Comwe z*+SB9yYhxyxPg(8(cDj_0|HQ}ehjD@9moWf$}YkmpeyuRg78cw?_!Si=8NM=XnvQY z1?oS}xBr=VK(5b9`=Q(1dS&lvc~fe3ztXsA>M5Gikt)!bC_a9?4!bHH6kz8gI^`xe zEaHe?xz-J_3ofcUCW6v9grtG&=^ePJn2*neorfWu+64x{ZK#0c6Zp-hseqEwKppwT z!?DY48xB0=V4wVX|JAxABv2R^a07yxSAl@yy`%Nc#^{mKr1Yl?$$B{t&q)yWX63rA zR8LQWfKs^Ln_t;+Cqj4JfihW>DZ-A2QaTmYBB6uXa%Wm9_*)JK`;6dzbyy5?vO#&$ zp{1+&?5k=?orr}Qpdhhcu@>7*b7nAMysu?3!#`BFJP@}NG`+n%vu5pAkbs|b- zVo*{*(OTz;TKjCQa5i{^ke7F>R3kf7n(8SjTj|ap#*k++YNr7o!$>;x?|B6H!7#Jk z2_^(wAMQW3mvsn~i7$}0zUQ?zjm&tuaFuwK2LYv)+RF;u>Ji<+t+g0`eaq$y6fza@ zUNIojmlb}0sK++pT@u`%C0pPwB18t%2IrS8ctLj3tT~_wh(Z5)=1M4-X1jj|w$|)u zn+{F{>IdH%u4iG%0oP@IfrhOad5`Go8&+1B<9Db1``*5LhxfMbim#F;9uA57V6Lr9 z1P2`~7Z$YWn?CITDv}TLOeR@a9oOvMr~)gY`dk8XWY~G_V?wHvsMkztcBHY1!~*Zk zdkf~{#ZzTia-UVxZ?m+hrHj`)jSCppIV1$Gx1Eu)`hhB~*pa0my{ALNaYZViu@BY1 z+d??#J|iW>WaM;u1L`!aby8NT2CXM;NZ)G5`Zt8&=z6W61G>!G2K-KG7AVgBM z7LPCsUR`7Y4{LhwB7JbJ@=YG|hrZXuGpt^Vbyk!*Q8O9)iUGBS5AQDBtGzxFxLSue z(A9}(MpwAccJ8#EqTV}y$vTANOSTg&t+fMCL-@MX-sSVr5NF)Zs-wdsXJMLU41@6I zDd=KtV9=T0QHw0kWJFGH1}?}06u_DAYL$99ik{oj)~DF=$Rv#u=1ux>A*llClu*H7 z4dzO!jAxgyHW1m~W%F(mTn?MFmo0vtGYWOFhix<(d1Hcf<bE;W%!8F zxTz@7nV#982Xntp%`V+M=gW(hN$Q3*=ZLy8b59V<4-B=|N;;rR_8e@VB>bhIrh)oi zyXtd}Jt+*}GoF22@CIks=<=kyBhv@ZavcLT zESVHeW0g0wDOk^3bnVXyF$2n3i4krDC-H$)kWxpxSI|n-IwnEw{>DRNporpH(DJiW zRO_-Nqz{H^bv0=2FU_XjgP67jnYKqc1taOZckc?RgVo>PxzWD+Jqk52 z^DSA>d1qz3Ik2s288=+4Etkx6itKzPcg2T6SHHP9g@Y^=pfpnTNHgo}dpF0}emR5# zFR3TSSu*#rdgj@a7K((d+kIxPKv)=Jr)AeHb;DP|QG*wsV@hF$w~o{00DW8FnY7C- zD6i^`>9%>MA!Bve4#=p6$|7TxbMxNQL+@6*f%wh!5mmvmR3ty2?8l^1vt%1>dPqZs zUqh`LW%t-EL@#@DhAsQ~_vV6UylW418yW;*Ug+N?+3FjU| z79y})eKRd3y1e>nt@31S$CermS%||($$q;|k|Md=>5vmW=Yz-0>Kt@4;aTTjy0+j) zr-N|L#6ql5y_0=K3*rCc>#L)pTHCiRL_tIaK|sQw1(cLV5fSOm0hErRXJ`-+LFtz6 zX6T%O0YthxhoO7u9^%`a?|qMW-gSO|u+}Wrz~1}WPh9tPU-xyxrK33|bX+TELnJ@9 zbQ^X1D?WcRY`-DMlfa@;asyoExIN!(H~XcCkGNJ&{<)|-P{cKhVRK;2yh}Cgqs6m@ zfQLIRCV4-r3ecs*`NpXtA;(Dt{A^TQp%?*E*ZGSC{FaM&#NHqVniH39-Bihc?_?#C z5Jw(f_+B-jh)qjwdi06emw^3m`SY3yip!(kDUqY0==O4+yq1Rra@=3P3lReB{YiMa zB6Wf>DYX&`7x#7eobE>tpf0KyfVe~DB_&s*(~Lq(vQ$U4k;&f(UejCzY8gnNIC?P#3_zR&mFp(eK9lV#AK()W*&S zFFt-b?-9;zG5!*Jyxryc_U8%E*8n)~9SY#<{8=f?;rz*6i5c!XnC% z>|~U%xr|Cqqn7pn;6oBRT|U3& z7*4@sS^8ZypaiJhqB$5Mv+ zWe;0lS%v_2PdbandgLbI1?YAtJ$Wz_NXR9j_xctY`!7zCh7KOIdHq*{?Y7%|i!?df z)o==C%N&$F+EoQ^XCnOW02o}uK*7BqI^r`5nb@qv%$00>){0t-imB^;o~{r@$c#VF zb>HnB4gu^NJy+v`?cJ5382BfJsF&8s)DJ*le&8r}?G^q ztn@gFpObHeP9hoyyLIPU2ZMCVEl|g%jswU<0+-*XF)<+Bh*Svj{_6Be7`n$-a>7YlP`f%01{x<)!k^nm5#0Q+la$g-sPI}A0W8K;04qEQ5 z7B{IAtALim6Ei@+``swksaLe%+`?B|*{(^AFMd}x$Qc7{@_ZvuZ)Qb!&~zv)c#u%; z5=y%dHZzb+BaDY#u0m5*_Ol8kMpL&t7q7sV!fuDVCO+afQc)+R;BIhJ%RhSTOHsow zTDi6HRP#v7hzBZ8G=_#q?{5DJhX%EMk>h@&&sZic*kBONfK62$PMmM0=@};DNswy; z)M^IjOt5{@?y5ch$pM*i8|}ezKSoKx>zX2oZ@Of~B}s#!lkoJmFh4g9Tu^UwpuEjz zib<_k33WB;`(4;*{IXnhNdsX(UR~Ef>0m8B#n))i_=^k+sbVkI;iR>y_^OJe(#%rV zJ3qU>U%=5cK$y>2TguM;IWOb0VU{l~!537vGPAHG;ViKEJ0*BLcRN0i(-pl;Fp!ko z1t8c?AQ+jcS)s<^KH6E*BcQOTvAE6R$01+kaD+7=k9kD;Y5icjrQHe>P z)YT|&Qpl6ESFOd0$)#xkJ`yrcwx~>(O|TI4zFi97X~S$8&<94nCyRJe%*{(9MhT_( zY*khnC2V~%QNLf$r%yzGW%zxXcGM9JIDA}O1IvTb)Kz>dEH*V?;qTx;LKceZSt9LS z?vzj`#7`J$5*}9VI9CJ0Yq(MCZ`6sIUWt7CS&xBLI^PjK$4rO5iY&VWt|wa??wzit zMbh@DXa4Yf|Mk&qw=VsdQwQ%IYu+RO;ttl3bG36lPhkRGE+@hC2^ug~Fu?SZMd0WF zk`^Pd1-9utadF!MDd;JxP6*I=OSmGcy6J$W!`{z1f0W3qfvdd|kZ#!V_?}4R%H%7$ zax0-~^mf%cTI%Ze^_A;n!g=7d?oZR?S7&qS=?`a=Ctsr^{Ow6z$xTbZj?e zJ@bE2Ja{A(qMNY%aiv1MaSUME9ElFyxS(G4f~ATE&PX%8oV6nTzw29p&I7XNbz+24 zpj@@1wzvF}H2G^BgD}kngk*31p)ui>=U%>A;ZO8JCL&v{DIL-;L-3;-(fSz&KiB1O z3&{-I;5Oc{Hpn)X+y3$;&K{Phry`dQh%BZMZJgDn15B1FtC7aE`J<#@oeSze2DS6L ztLBlF*N3$;KqhOrmn%kk5Cf~&1g#hLX^=2zz+ieeB+ka|DG#Q)7%tvgV_u+iWKw+O%I7H4hSi|EHw0TdcOU2bY8 z3Z$AFJ3@n;j6Lw`mmO>tDjYqxjWs%PEs1Myo)Ql?=OmxdcWJE@^CV+LJuBRu6!9(j z*Xp3$ojBm@fP#Zdtz_a*%=M2QBi^W7AakxK2phmi);7s|H zx9PQC=b10b=cvHq$cN>sZCaQLl6Hx$zTF@0-l{T9SWf@VSP%<&Tp=BoE32LJrW?Vm zcXC4rxD59+gddcBrU(|h>RU70n0uq>Wthhcy-laH{bGu-*CRyB+{>}9IirVIRezut zQ_bA3Q6UlQtrQ~gbd{1O5?V}MfQ68bFV0+Hxyh>d#xp7br~=_%uG{2pC0KkJ}DjuOLuz}V?SR!3)k?Q zc`Pg37Szu{Gy2DKSBUvkFv9e6$yaj@2e@u~7fEwI$6mGA*i0NhdG(#qA;qKHtm2b= zbj}39{;La{{2#2+9TDAf0M1=*cw(?71PiD>?t7hJy*YCbKG<#`y9%PW9g;(7-AV0o zF2;n`L>vNhV&j}LM)LU=_W%)$GvLlZc7=jGRg?Ch|I!>eS`;Kux_DBqlb)Bq#s|v- zm}xQ3ud=|q3=NHau`vz<>x7`0}js>J?ck308rl3|i=nlp6oD|HBZ9LLB)Bo=r%gWayvU0IwS&V2A3VV$MQNAH zT%1GqzvvCSaZ3Fzdn4vNXJRpaJr~Qz?lddt4(5*R?IEa#CG&5UA8+v8Cg_E=PH2Ff))dGz=J*C1mmPJNcQInCz`?vyBza zwQ&q|{Fl6EI4`rqo8V2kAOO2Tb4Ofvk$-(8{pgm=Wy!aD*v zei9aq)v+R%Lp;q&Q{@QE_tMV+lCR2u#-U}99IO$2Bo02wuv6sS68bRd819i{9DEMS z*3Or26JC^VA99q2ll_ON4B7`6RyWes%NJR`JHwDG!lyeqyQ|jzrK1Qh^imQowej{m zTR}8eNRj!kR0%~XOM6nbc!VacU2>bv%nMgJWegSNTM)7)jh%3=YH0z}{k@h*9) z!e6=2aC|?8T9PnVKFAHa!|{eI4d3q=WGgZ1Xu_hoUYE-Jc-c}daR!H}RsLKafSCqp)=g*Php-QLkU}G-0;`S4Nw}1{ zxQH5uvFg2}n7tvio_T1SxoMx1*(P^JQzGy zvITM3ub181q)!<6NP+T;_7< zGaeYaPPXRQFu`pvO_P4W6md4ci&peEzb0NE-SqT70rcvXbBg~`6zJl1S(`^xF)o-% zy?W)k>i*)~=R4uKSu4@Y*Yx`m z>W4GGlOZ9hy{O$vjJpcbg_q)>-*#^emwL==Ar9X2!%nhp?{?v`q@8jIW4Ncl>zdbFmB)olrt6<)uJgLmh!P^OGhRKNBW zI8!sDOz>#qYD5`t$C|s9h_O!G{?hCf!6wabU#>YrHe!&VNG%8Le%sWwYT}^b0_zkM zrqSfUsJ%vrfmkVh#=*E&>mv z(j2bH?Nf32F4dW@1SxAXcSxVhH3nT_AQZGp$d}ct&DD%t&Ok$UrR_aZk@n~hCKjI# zUv;jfd`N(!drj72^UHoIeB-V?;RbR;mac0{M%eYS1}5d~A6cMa4l3)KO|^xm(b%`7 zd( z^3&`>I(j6C2VLZGm8!^w^%95S>PzN@Q~v(~XOUB)<^w*-Q!{FoKkLP9o+k1XtXFPx zJ5NQ?=Qfq9YIuF0JDL22k9vT2cFHqh@bu~MxFi0!$P8Mu41K}wo0J^k9!n{A~_tu z`iNYwRyV=w`#KHM%+K!ojd9TFr$ZUAVuaiE2nb%jcps2m z*}Q7!epcV5(u5=Vcu1K<_QVO|S|ASk$~X+!@W47N8u&egF4n2E8qhp+?Vl3L(L4U~ zEf{gbH4uXQhcI$&GfThM7rORSw`R0Qg; zU7@-ZnAlvkU^irPWz(39Tbou{*ESn+nLX%hj2r#t`zqUBB#44qmwz_M^LSmP?kif{ zkJA8FVm8*;4+$&sm=1RU``h~kLzZhya0GYJ-bI;o@OEY#?i|&83t7Sa&#tF)LjWYi z?x0EjE6m(V05Y`4_ACEMWYfUu6ja7O%c;z~MSy)%g(n|~T9aHK7MvlGh!o>p%Mo~k@G#-1Z6naM z_k}oRu!*uiA{YhDVa|i)X;**9=UE#tSd!*OEW`1aUB^JIZH8%t@7v>e*wn(7 z6g~W~M}mu2A1Y@nZRzE_$xF3Oedg0V{f?!sl&k9LVywmX%>-(xCO)0Qy}Rb5D~h|c zPt7ewzumj}0@DwS&wfoVFw*y8BaPQK%M`DB7IF8d_3w~zxZ3NP4d(ifhONdDfio?J zzu&hFd^-Lp3)E2WCMwT-JBBPDwi)mu_q$Z+(K_958M@m3=BjLYL zs{o4w&D6{WlKd$5YbAdKEzqn_6Q-T{VwN6f>k&fGy{L?lM;7C_g1?k`-Z)X{yt-QL zaXPwUS;1<;jVOH1caRsoGpR{9>sbWFz%xN>xuEhvh(t-P=~LQ~W?^xxpO*@Y=J04K z8TA%)BEz%#U`sa#+8Ko$qlI8nbH5oIBm__%k4-mGK~j}7clm-9g>n?0AfvbVn|Mu->7}P7OB^nH-tYudG}0f{kG-u} z@XoSKoVhhSQ=zhG{p*Sp=?{65Cd>M>f}HwB=5J+j0wp!}=(FxlUhJ*?PtG|V@q$f( zm4!|nrf9LyMyeh+t~C$14IWz^Z}bY>EPJ8Tx>DzIfj1uUVwOq+qrL=juJ6?RlTOownArgZMt~-I(6}0vHrl4ai`j zs56>C83iwuCR`OhowZ#F^S|6=>nt;yw|&3DECEO}?5%Bf8U!&Wp*t_La=b&m>xkm- zGGOQ0Yq~!%rv~kmc>0!pVWZVd)CKB)B}CmI^Ou=fm7d?YWyw08m7mOMn^7PGh2)Gq zgKl3sN4r5thr?WWJ zVRIf4WN_Wa*t^MbI$f(#Cc*2?{u=qrj-v}(c=ygfzq<20+N{FaKEsc*oFpcjFBhtWtWA+YZU=wPu`nF!fVL&%lz|; zPf)sZaiRkaqcRvN2JP`PZ99v+sr1_{a<%PZb{`dWi_tWv zkB*JbwUi@BHOQMXj=@8pJu4xbv5oc3PF0J&VANg?L2L5MtqoDGD1&cMnSO#HLgCX@ z+;tTYUYOl-H>)V9r>qZe3ZqqF6^sEQvHse(vv4w|z-_T8qA8G8gF06UgNA0YtzQz} zM=6F$QnDT2LZ;&XsC#sIZU$8r#!QZ|TsWd}lxcV@l?@iu?4k2-frA1C0a_mz)C4{- zXoB;MGu|N9zihzq^lUe<;|Fh>>EOGq8Min1cdYzy)IXK||Jf$D@t3EPRmx>xD0ysxC&h?~@I{NQPaB?W3g+FC{) zUAXHTG{`si+W+eX@CSc&WA)sWi?T;g^CE5b4`OL}4xm+_yuAGX5Q1I&ng=CdlvVh| z$^8E+h(c%qg(a-?M&AF&BNRM2zu23=KXiD19M=H#8i`N*W3sWaLlZm_-GO+>P_t^) zlPz7w2sU#wxsADaUw;rQ0B3u17CYIvuBb955hzo@9vN7`q#9WCMe?+O2v@3L({{+< zwOJ3=lG$czz07JZ{ZowQ?vH<`{6szwF~lbjs*R8X_DB=wn)h=9B2!hS4=o%+qb!yk zCG~4(T_i%qvYCfx>AA(t1V|)ft z9F5o*DKjveFnYiEGGG|-8RhDP>PCu7YwCg4sLV9c!@`{F9cD436Oi}bNRA74R~ye1 z6#MWbEmd&WftU5dB)~(Q*M`|j1?78EtOsiRWiRa;$ph$*C{d3(+QxjG$A-5`$q<=N z(<_HU@2m;p6DAvDN)m?oy1M4Qx)amjuWIbMT7rMyNcwQQ=lkOg7)q57o z8)1h@NU{LRS$GHI?RRskfHZ-bQ=d*!9vmvRuj$rwQ5*G7Zdm3{^M0K_;JRZ2Qj{*p zwx}ZTFYW0P9H!=>pK+kD3{?Br;7d{%%BQpkQav{fkGG3@7@VdZ9&#>?lD^gIB*fQz427vD2yr)kB&|A} z>`EKl4O-?l5WzK@gXbs|=xvu>Zo<07ezbQD`dEa;o|dJXlNe;=LiL;(0J(Z=aU@rn zG8?3jp4Gw_U&UevJNZYKpFh_z-sf}s@EaRAL$m`$3;bhG7I-#B?suIP)M}uQWEn(~ zApNuhS#eA;>@SHgRqRYIpH7`EgX=EAh=_66iMxMr3Jm??_&M3KULV=%*Y}r3z_U%|V5w-dll`i&pU#phU{9sB z0x@S9$)A!R-|+EaU=kC1C4cum4h0kR4ux{zXSHrwrPc3= zpZ%GVJa$E?ya?M`6@~7z9k#b!fLnI0ITQF8KY|df zKI9xBBVX)(;b0nF&AyZuz16N7+`E9;<<8tPU1ze%X(3O#2;Ki&C_$vxs`!AThfe$P zK6RuDm#Bi;V9p)$NZnoyQp?V9u;;ZEaV|+~DYQM$a9WlE&{>71!?C6YcNAh5CHAba?TPUQ99E++qzqNyFjsd7@!W;|OBAMAn!i3^QAKEwDG z6VBB5`jm-PnnmIlm9k7EP}1&080^0mlaQkCK%^opCDju|3C$HMeY7l=<*LltS$oY8 z(s90Ex{B%3UO(S{jJhKFbyJ#GRa;bA>b=l6cu@lhc8m zS68o;>u3y?b~)MxGcx6gA<#$Q@+`)?Yv$0C(_;@lg-%$!SK!+x3Z;=qH0zO#W%PaP z>6F1Wpl8drru3dCQS72=s1g z&D926pSopAgjrIlxHoiSrtVUaGbl<)2Z)4(|*xGzgb9p!p8lukM&a2q^r2Nbc#``X_G zqZxo&RcKs({0Ig;aMSXCX7}H-p&7?RfM~oKCq}?oqT^1FRPc)Qhwb5tHzu0-6)yZ0 zd123fVmga?!aXjg9{*U(71ta_G0DxsmgZ%RpEM4QUbkQS*O_;j=W^G|(@M(Pe?V7{ z<44aePactN)X|ag=&1t9j4XBYz<@5*?GNm~2ZszugEkNQJh}KZG}Je59XS+h9UtQb za+q?PN8O5p56mEA$JLx_Uprc=D5WF(gkpo1^!oU$>{oB{1Ny9cPhZkly4)8aPk7qY z5rW8yK{RcF#c5r-A0M(l=G*DW-z55GL<;WFm43wWHD&Xg zg23?p>UG=rE}4zz`v+gbs7{eysqSM{cXN5WT(th%mg-LP5P;0Lb}-X?fb zIiI-WZ11^a0n*SuG4bZjD7uBwc+v5p>Hq^(FWdEb$kE2up=K>Y?u9#M3)hlUIFcP_ zpgyT?il^vx_XvAl_pN!8rMDU>bj-$Yl_bzp8sc~S0ih*V>61I=Dz!(&_lW#iw_BdM znikSAGf&|3P~~tVU$AIl@@5u@^&QoslFZt=+=RBQ=VLv$5yt%Eg8H?5mGlC?Mfs6V zNl)%BcS;je`_-`Fly5eUsE=DcpEMNG>?X;!V|T>Es?3jufeo4|5-+SNFN*=#w2cBa zt7kID_d2hC8#XUe^xNzk@^15tYi$eTb)K7OiCKMt(b1rFqx)32;nmpdx=OBI%+YBv zS`tLROjYa_2zsh#(#f%HFu1X{sfI? z*yes1!v5&A7v`9GT=8@iz8p&(U8F9=H5ACT!2JT6znAwI(~QSEgDmyLNyc|zs3yM?ODhOUvMpCEM71=YkSI4_47rGrB$nqc9gM4GKD zJgUKY(vqzZy}@SqP)zi*pjpnKoxBA7_-?b>56L%~+TDthl(;YB5|~zPV=agnMwo5m z!3<(oLaBFD*)-LV+^+(h?th-8Aj<5~eZNnVmioHolH*(x<<^esn0~VQRu%+y=g`r_ zPwD^?Ic_J<=r|Sgj_6>Rmgq=@=T-1ex*H|R8p7qT%L2?;qa~(F{G9_vgxo1dMKlJV zG1cUMFZH;E%D`k?Mg%@OsBwS!0xkf%X2H&eJoFbQUw>QV$|!L5cTwgrNDvEpQl2}+XK#tuPBYyoZ@i0cp{YP9Filr>hap@RaJwoiW8-_5Ve_K zT0+!8r0IMU#<%O<_BcHqrHc^>yv{uzW9u7ZZ5(9KmF2p3$?Z4ZbMU{!#Zxt}^8C)l z9pa_V6^Ur4$t2p!fxJB~GP0ie%T=elXJYeHaG}{D?Tq`+$_Uvt7;R+#?O+*y z$>w1pWrO8oS8nWU#DJ71<5e?>0d|i(zsrP?w&3OQ)Kt5gf-ph1WAK2vaIs2Lv=o6b zBe)2^#H8AG0{^wv)&fIeT43P47Du5B*?McvCC0G0xB=<9*WQ zywo!JEF7NnhAL@Hs@|A!Q630UPl&Yzrs#eJnN&y@8rKbG}-M;my;@1njC-I zh~hVZV8zov&PQoId>Hxrh&m6rY%~(19CcxBoF_%cpFmqJOFAp8#%30KW{CFwU^RiN zZyhhY`N-kKVTNk`xA2Rw88Nh3CHegwSvP~7oMl`)7mvuFH%npb1UB4P%28#5U#`E| zsX7W|Da|l7^ft_r0u^)_x>xKktU9;qTcoN={^DJ@P4ujHD0oH!n)Qsp#yAciwwW|E zY#335$63=Qo@20v!gZ%JvRo`xEWcFqIys8t=sSCxJOOZ0!@81o1&n{6MiaDF^ELBT zW-fle3ysgwNwd61fdBj9XnbG;r6Dir9wpOA`H+|uljJ^tPM3KRS{?M%KKi7soRUlO zJ}sMf>gBsEj!8H*rQJLKA4xAU2&zO1_Ug7&8pC75xI6f|S3_dqZepQz$(ZKN*;~OZ z&Vexo6*5NJ0uIWKWJb%TRWEEKVaiD(gr>=2<)tLwST)nO2NRpoW`xmKCNhd&nm5gR zliZ~SFiK2MlBD!fh(a{iUEPQuaF{fiv)cO26@6ICbhp!k(SI1G=_*JF>jZDhY#*Y`Wv;^^5b+e z**$vE!r$~TdmjHX`+kr4gBuQISf~8ssp6&Gq z^RjHk3BK2knhRE#BoIdpm<6)HAyQWc^jezoUh#FBiDk`tNZz1#bLL^iNmi8NN?ji> z0W;26qU1?a#IW~?b*QGq+o2&hDXDqCbPw_jlfiG-8Ce}{qF^cVo&9s&b0x8&Ut>le zh)b7w8L}-(a!}f-vl48apU2m^N-jB`M{nEIt4b5sg=7W<$|HMh2QdMm1s-RkdOt<4 z8hp>fNsb~nXqUwQg64FC^}E`A6GY}QnopFfXDYoA>n7$+_x9zigLofW&DSZBm`KOszT%e!*FdP0lYKS9lO!Ooz5);Zhz%YDN0sEtW9 z!=iL%;8}dv8vhCUi?dGE@3PNkkjLwuo}PH-r8JJbU%%db^Ysng*x0ZO_(=Nqq64t* zthh&W^ShgPc=vR4x*+&P{0rj;@kt{OG;V16s%G2|>Yn?ylT?wBu8t2MSI9~>+O^k< zhYRVAAw}s|>mBx;?($l@!b+1MoV`q)Fft-1Ff1z=z9a-IzH7KwiOZ!xoiXI|qG2R% zdNFH%1$jxBx`#$#Ih~B0ud9Dy&F@?JE^m?M*qdS@&Y0P1b@{CgBhA_FUlDndD?*gT zhSA->r$%SB2o$Loi*@%%z&hIg-Rk-;uur3Tg}nO)k63=6nF$W}&chC=4JE{*>eC_w z+iv|yEF5WQn+hm~&5TLDWYm5wmgNv)H+3SAow4tfTt6ajw=ejry5ay@$>_~-pzjB;?!OSnA{b5alfHMa4nVgX9QEz!bn z|J}Pt#N)hi@1zAU(VrXm#Yd&FJP&im_5*wVHRPg^n>;V~uh8uLa-pvIPwMSX^Vk&} z*1tHGfJXYcW>8yZeki?I@<&;p)4h4m zh$=oj+wOg^v~}ce(==yb&XPvd%i7*=`CtnMOEZxMM>;7*6zgRP#_td|C$QNje)p&Axky1b2YY$t9$nPfhj4Y|Y-gOyk7goe!ut$|ikU`(Op`zYPoCV(I+ zKT@&BxwP}CeUEF>)4%A^@{i*!HCGdPm`^SWBGuS2Y~o3$*~lHqly(&~GzMnpf9-o9 z@hRaO_pBAgCJK7^!Mdc~9cleN-WOdea{6#kjy3Q8$MV2cb@khgw74G>9ya4%cuAeb zB1x~ko<4p&Eua(L_Io`5E6f7#ivbAmSLO;wEb2TrQuPz{@kU$yxyaZbjWiLtR?)~9jcI83jDkd-4!+k9akJr=Cc)gud$DhrLpA( z1>*LH3}##*Si^Sixw?E_*e$qsPtn3s9%J`>(LBH9@WM*fSFLSo5dQXBCVzG_`Jo-RoD?O&AkOjOL`+c%i3XMT@{^)|Dr{>*obPmZk4Jcak0z4!a=aJa|4QF(6G`+-{%s|-Dp5;@V2dJzy4GRvZu zv6F8Nu}t7A^j;k{vNbTjaAv8qQ}}6LRs>(cl)3DB`E|+bG7}8KKR$gkOt3Rodi@ry zp==t)@=RhLF|n;9KAIc!->5VAW|*Ox*)d*cP6QcIgm(1QR;O%u^#3sJQS%0$SDc za}eA8>^}XInM#u}eZND2x@QT>2(1r9O2bUB1kFd9OGlPldQO8$W1X)ud9v-D&XC|rNn3Cu0uVd8*vHSs9!Iz(PLPd zZ7tDrD~zU{4xxMF{zP|;qaiJuMc z{fhcIGRhhHIEC98lIvRQp28@X=gM`Puq+Cf$PL8;k5y7Rf{*DxU-UfFiD+u>g^9PX zU#08&kfCMznZjKVCFj!KVH45Zi+fh*f!r&0j_~Ht77pFGLz-Y5*={PwsMZ+scu~d~ zlM%P2wQsfbp)nWJ=TVxv<$0IRZ1z(}?~NBD_qz>XmGA(DAn6W(XPF zH2)0~|8cO2&;T}*Kx-38P6AGk%bZKw{BDXOX%OB4GT4Y?%B*mP(Z`JQsfbv-2 z`|9s?HnsZXE;TPTkd#_OBxLqSqhv&E_o>yM3P+_y!lT{T`&2_1za%x87252RXtxrJ zy-+7-?%?98nBqi1nN}J{!lugyFC9)zIYDCr_TewgW+9=4n?RBUDkKZZc`Aya8>)Y2 z4K%b%yi7s4ek=5wjWsz=H^jo%n|9JCsYjCyTc9^3Ft$RcCV9tYUvRJ0 zqQc=|e^__&Ote7|A0h=Hd=Oz_BqT!-QOJ_o%Ih?IRaF`!76RtQ%q7jxE}p>=Aq8B) zQ|Hnw7F`Q_r-RMal6U+TEVH1_XKdldDx)@^A8Cxe#{cfVvrpw5S2ILa(x$_U3cIlv zP9Wd3%C0Fc%hHpEwadF3L)c~=>XjtcQrv47m96SN{%HLesd@XM^qmfY!*!)88;oqR zafBs56I>u1cz!{v#+dLGtN+7N$mHhiNIL<{OCF&WWK8+JALc&xoNRB7JI22UMNEbk zD60gGW(~!xnBNfz9C|z@ET|xx$Bk2!^MmicMv5qPbB4vf{WGJhL>hJoCHb0L*xv1- zKvTMt4$)IdZM6^7Yb)H83$aGz5@JNpTi*B0Sh_k_n~g`m+RDu;P6EFPY=t_XeWL(B zf^=j%6ev0>y1d}M)Z0gVNcABChPPBB!pF_@h=VHMvWsH8vg#JQSL<%6%PbBwCX0H_ zbW~OY6Rxdn{$U%pz49E2k*csUC5g$L84(jtKIur%Hk4%p&cph=oTnJ6I(zbehq}D9 zatwTYe7^1owvZn`7_6+N^Sbu|?aH^}!AU&Vb(1e-byK&jC zkrHDfEk;wkFSrMBWDeb{_~*e5JFS3$#Nw8QLA%iY=Q#~d(27ym?ai*if}QB-@FdrW zDkG07b5qY-#yXt?s$tf*nd7UGptz0Sn@TM+&f_OfXc-vZxwyJk+qm4qyNCz2YHF8+ zE4$8YOF5oJdJ>Lv^r@H-%#Dq+;~ zB&9y9R{a=A_ucSY1HPZ>bRt&u zV{12N{=J6tl7}764U5#adYKDn^FMC+&Ib2+3q zLMia2D~D1vOib?qsB9keq*yU!{;gr!%fFL7=WnI6^3!#m3-lUb!Ce3(6a|6sweHCB z%gAp}2%5>#D;j2^#sBl|9cK|0v-P{<3~Fco&;OCAyEqZIs(|+?;Eo^lzw_$vSC1ok zeqlJe{SOc8Ki-yy02>fDccEX?{V|4ryeyHrbKC8LHJ;*&`p%0t12|E4oyX1Fj)cTx^H=#h3jD8*rz2`#fcK%%cBqD;oGm#LqkgNXLio60wQTgjP+n zo(l_Jh~MjU0@@t}O1k`PDPE(mzFpM-2EeGzzNLpJMrxu)v57m%5p zLlW||MB?wY6%w_0_;1l((bw;4J?H6d!FcB)2hBaI(A|`11IJsq0d&oRq1-J)zI&2C zv%F6Tm~h%~?FYingV^1nZGQ;egP^B6!b+-~&+h<<@*yEt#q!rdJI3l7@yNW8gF}+{ zg|evglzKXg07j)!DbWuBi`E(v;A|)~!ajPjlxkd%p%!HMJujJ%{+)48-&vHhR z6;-)Xi<*KB)-M0t0)7u7O)*fq!DqDRx9t*p{j%w8^=C*Sui3U&klAUCM@1_lRW982 z3FkrDn}+xxAQ|TnFCOl~OOW@_PqKZhlxr+ybn?c{+Z*BQ-u>Z#G(>*|IkWYXC%AWO zWR4wE$JcxEQ^919e`fPYAxG=Oh~*XBvs^(2St%4Au8a_|V{_=&>*i|??w(o$sj19z!SHpfP*-`F z)Q9c&RG!ygoBp`eZQJ*FZeT)rbt+&i{Y3|8ggDJ_tU_oYHKt|MSP`MNY|*uB>+&;7 z(#sLh`&B1)s1tk&{nyEj=l4lO^ z5W^vPC6vfs!#9h(qmdTWhbK@(iK1N1A+&{Vzuk9$Kj6J@M&y{SB%vC^jNz&cXsyAr zToT~FQ|sGu8p^x0)T`!v1kNC-9aPr0kH7}G{f_$I1a%?M znf)+daPK7iiE2v!!!Hcg@Ui_6}C7gfZ7SQH;);>$U!MzPT~D{vlbW`cs9YDa4VA*zeBJ`q$M$s z2k~`$DSUuk@9;7i#8&yxOzp`CID)26*Y~;)_ZlzV3B5&FId&k(lSp%v?=eD8Q3Js@ zP4I79un6+r#AKs2Ir6(^?#O($yU7<6so%W(&9{W6+e^R0t&%s6QR3eq9 znzT#F6jQT!2A;cI`BR_S*tuRnKi~AqgCqFL_veR;>w;Sw1NY4nMfYXdajLm;lHzY_ zKO2L-(LS;E-a$O8GA^>IFhblf zy9sgkJ>A{g5yFjImhE_0zLPhV#RfCG2mUM&-H|NT5%+W6@+>0uZg7M@i9O--S3z<_ zKYI2@zh66g=cE2Mx4`|;5V!2mLqohIGu<~aqb7Te)_NrXn@FI0viIhyW}E1~*`3)w zUgurdK>|~J-em#;2NRE-Sk@2=wqJz*iiYxuHkSV%Z*LtJ)zDx!dtD5#Xu z-6@TPw9?((p&%h4!q6R(Lw6}6-7(ZKbPYqp00YDCaG%$`zKIgY1k_iz1e3gU&Y+T+^i_y+-ExU-;8DI>29(0r1b9QC4^)} zvbwjJ0twuZDD7DbdoKvb^-v1X@3C-mr`GXZ$2e-F>Yv2T^7}tc?F%QolsDMoaEL2# zrj{}*n3Om?i>*;+6ftgUwJFADkIa#fmlO+ktg7p>+;?)5G>T8tUM3jUtA|NrQUe4G zT5v)^Q1_TY_E~7yfX}x|7kgbuJSt5V)W0+A@RAX?l6O}nbI;Yi0XNm8Au^Hv+s10G z#YLLoUk6aTC*Y}%E~CdRWbXh$IFD z0~1KFai|U^#VT7*dH>Dh$vQWaJ^C`o900i~-ys5L6j_RHxfXd6T?sKrV zr(LJU^%=P0CtcoucEHW6`^ohVVHDHvx{RIX?8NG1gd)Cu%e?Pm@~un~>Q1aEKwD zP4GNs<_OcI)5xcGL^T^cS>ZKHn42F0wT{ITNmr4VKt>Cq!h3e4vx2k9oF^=nz!hxe zKWd2h@F@sCfc^%;}qX|7W9<>&wEZw5}k-EH*r*r+|Z#;D>-O zE@!>DZ}~@Hy=$R4{2-%C75DH%R8QxCPb4-g>yL~s{mYZKMdS+tThKIfg-(=*|D*Y<6eLCqt~k5s@IOfxp37MbOEzUb?->r zr#g!%>G{h++t(khCQpR0dXJy=v3ylJQ91iU9*yu~V1*)~xaqCMK+01`hQU^ir4PZ! zuI=?UjeiP0Sb+H?0P(aS&QQQ=mXGwgy!-BD-zkuep)zb96xW(ifoCqPI-6z z1r)5#4tHvk8f*40baXLEm3iY^G#vNZjs7BkojP-?JDyE?qRKjD_EVh`;uXyM%rl@Z z331)JemekA&J*p7VW3k~R5W!0jn5CRH@Ad|g%EXoexzf9w3w<^%u^FMZBrn}>no9^ zl}n816FAcXVl7%g%@xdQHr#%|2Pnn5&VGLM?AbF>*8W+z`;v3k6Ve-Gm)6exuk@}} zIGTk6c9GugPKxlCK!ov8waNe`?-~MyMye{M-UAdyez#2dc;(?*P;&iXGjm02&*qdQ zBEvsFu7{Rmyv#)n%Y+Y7p(`U?*F3rQxmc`vD;!Qfw#q|D0GNMs&w|yQy3-&}`L$Rp z6zb@;HcNQjd6S7{bN+!`{I&4*%F{MWn$CcMo=oxa1;c!Y+YDq;$CqriH(b!bAoB(m z*5YByY9f$cCcdAE)8PbnGY8*a+w+@e{IwqD}%+s?5?HyCrb0@S3tN|Dvr4$ zZkxoSb}pE1z1aI`@zLs3P1)YcfJnAnQhapoCAdqF|51Cd^IdS?l%!{0XV!K<^pq3# zmBA7x(tZjCqPKIRH^su90?(ow0R#^jzP#Y6$~#Ev?ZzHos5H=`Rmvlvy<`UPlhTPv zYlowW@F6k}X^Ybo;zxu(%qO1EisbwqZV4t6nv4~vc^r%z7nQ(8_5d~8UN0xu#wvaV zAiquX8He`l-q(E0-K9(^ET#oCglB_icMR3t{hXz3rJTh*QN#g|?(Oi!yqW2;J=dE} z*i<&58yt0X5gr2R&r(pl!c1(ejn%DZaZHf_6etZ}R&56oPu~^FhDQP7TkqF28`*!( zL|@*g3TeVvtI)bC_(*{|3#1)dRb@IP9?xOT2*`;>0$P5ZVvn>9$`o~67azLUqZiK= zn}G;i#>2y7T?sJ7y{LTf;h~FrQSuoe0$5#X&i=(}s1Z7u%;#>f(x0Z3BS$uw6J`hq zwQK|?Zu7r<*)jUV1Sq1#En3+OdO(}aX?1$M&+Kt%@}2aoD(u(>#FC}`v2oYmtfeiRFc2WKD|iNZisV!H?K+-=s^wMzUFiM( z#UI%+aZf?oPH|eE`y)ixD z^>|u=y3xAqym38diz8j`i>JHTL@0fHKzC%4dDVfc!RH)Mhp0WoB!s^m61W|2o7$z$MNA1O zf0haPuFK4$QJWxL?^BgzZ?r2aRTtH7p4F?=j~L39wFej%hk(9Ny9hpCW}U&w;Wqo$ z)^dvXge{=YBPGKi#^th=$|oPLx3tT%301BW*KEDBF z@aHfuRN<6O3$9a27_tF5-L+>+@}<9o$8z|GBD?fLNgKI6yX(m*pg}nPkUSk+o5yoovh+a$xfnak~^U6Sm zWrPrNm04bn=I2<6{vx0`TbyGOxdW(Ujw1z5w)}ZdwptE6jl2QOY}Dx4$~GXXon>N4 zfJYrm6&DxwQ+c&g+$FtviH4D_4DHUY_aP8U$Nr)yYtzlM}*Wz>2gdXEw%PhLL z18BB~VBajq@A=)o9>!)qI<^bEd+$)1pzn4V#89AnqO{}c7;As(^{8%gwXC-fCsWWS z6Xm((mXo7iqkePA@gy)nNZm;-@~N1`XsFj%xoMPn=&`za&W{B4Q$+HJ9>>l_COgdwc?1nj4SyLV`NE#oGd2*c`djnAPTLuDIy{whWTWIwPoHS;hnQE%C;$c2>jr~ zz)YZ#_KLJWRquUeKsth`#}3#E{Q1N{)g*wFH||{^o%iL-t(<%oFY{)hNnjgz#?C&9 z{eG_un{_H7sv*tO@PHG!TejN>Na_|1l}`tjDaRP)aQfmxuGe26pfCCXMC#5S!g%N6 zg}p^N!>CZC#RX~mjPs~=+MFS*#(sICFFtN2nK(`Tp}M7913q9-sX0~}teOdoU$fL7 zzBJrJyF0erj__16r2BCM;~dtCxU{2*b!|FJ#j2;UIi-oF?=*EZ8a(2 zP5ETrIJb8({5!uDs7D^0m z$f^E7!=m11_Loz~3#_56L{^kAT*qU7M2#Gm4O0YZx@}%aJUiUi?_VM5yf)hC>0T!V z&Xs24a%A1B1(bBFrd;N~vfHGx3HkZ^F9IzDVko>%6di&XEag7@@{(K*3=a?2rjf=U zaP>Hx4Xm6&#=g-P1;GYKfz|{a>$Ywlf`UHiQcIvKiBn?oS}w!JD=`@Q{#gx(@jJ0`0)#kDUAe1+^jBs;1C%a1>7+Wn|k}@-ec9hk9F)l zzxvm)3p>&rsRqs5im+dmF9p0a776hW{QNn|HW>SL;?pIPvHsm)A_g;mdXhs5zW_oBdCz%Jo5?Kt z|7_?$mzGc;{`Y-mL&rpbrbFrH`XqZtDH`oH)6VZNduf2a1I7l;KG%!-++-#zEwxji zu$4wY1+~9Iibb@X@&Gt)W+s-=gu9wX`>@# zdnC1GbI0w2AAx1`ASb6vXV)*h=>0*B}($g&t#NF%xGpbbvjncjZq_d22;M>*EI_F9E zRIxv&CnpQuXQ-4ZkKLYwv4?c33KmltB&2`uqQ3Ri5lNemy1 zbg46;qVNwZN^)_g8Why|vi_LKF-3NpIif-L)4^qy@o&oX2V1hT$wr`qS#5$^}yC>qiT;44i@58(k__2QcRaV&C&^qGav9`mtR+ z_Q&!F?n@5)hdTy5)oI>*g!k?#z8;BXyM(@Ay{F8e_rs8B8Se9Ku7K#!m6Vi}nhZQ0 zud&Z*5C-(giH=R(Ja{3!-E%VYUfvyQRu}Tw-U2_ z(7sXpGNYRqaSW=SF`xy98wEZ@Y}Sw>GLlR8Ro^ImIMrXakMou2-raLD%k133WqjyJ zP0*jTmx6l{rq0ZA$;b)XaWKa3SaIr_?SU)hfUWG&Qpe-Jm*#vmC~w}_tMg%BcE)p% zdUWXr0XkI-*7$7eNNRs^g0DPcA)#ccSWzzqJ7V4GOfg0r%I4_kF(dP&ruaRul9r-bsrklPTGK z-`f#91``~xu1=LRS6-Sbc5-fq_sOnazty$TaO);e({gtd5Fxpupi=kA9z-po6Zr>u zY&RP{nLQTFSIOocqUyK#-LdZa|AV^h1OboYVMiT@eaTF2efj=EM~gqQVH7-8D9N{P?PPahUs{=WIr^@r z3_o(%q~7OWF4NKPOK#|u03UfS@iuJoyW7=L^1{J@c6jX6FI#YuVJu&$7Q$o1#a)< z8ReFIbjrUBLABTaJ;T1;K&rg^jnuWcU^oBN52YAVNV(pCv5PgARX| z`TomZeMz0gM7RDZNj#3ls6gK1Od#|X zBtnx?wF(D!_B6OjM*YD>G{THdsbF4b8BYYrnQ%#m?e~|_;w;?!Ckrg@jo|QbhlcDj zht;VL@^pYi#ba9v^uADh3wrhZ^PM9}L_8aUzhT2(9-nRe6|7_GXctlGeWp#1kMAXz zr;O*U{j`DKfu9@Pqgg4rt=GC3*667<9~vGGg0zKJd8IuUS?u+yl7ezq7{Dtfk7ior z7mkdR%OMKjmuD#9WY?WHK=YgkdH#e~_R9`kckg#IhFqGw%d1^2b5O%;FNkK?dTgEl&h+o2Su zy*T$X$~%Z^x_GC&QC|mkh988ttLb{1gTZx%|dYt>NZZvmV2_1ht!r@etrwG0a`bZ&V_4>(?KGiy&3NIwKQPgD4te7PRbn+|lqm z=+guC;;qrcfx(U7E*SxRgwh9%O%Zq?r>p?Q8~uTU&+0@L&|}=4^0+oQIFx|mK>?TD zLU-slh)jQ`Oxz%|)o?!h)^_ggFcX5e3Ht?F>NJn#aVtHz5Ss2OygfrTecVQ5un{%K z2xpqm=mWL#=tywbx0b+gNx$3VVr`<*NO(~N5-b`tw*$o&7&kXn$kl}8BMxqEkbc0_ zcDgC>_X~ObM!m4lOn}-H_SLhV>v?Jyv-aqc-az*)%ch=q2C}01UyaUZC3+)f5B9b| zzzfyI#Nu70{-`b^eO=@@`w{CsT!WRCLlU+;DFvH|+sx}RhFxlJhj2*hoT;zVXwFyP zruR5S;8!ZR2F*P;n5;w;>F*s1f4L0_g-Z>$x&`h5U3ixkHtm4wGU>a0KN`1zavB=&J8nKt29*&&B^vWKFSi9j*{v~s_v8a zm#7r14U{{@JZX&!41_vGg>}L9W~WbjT#~qIt(ml{i{Tm^$oh_6E=o!TproNxJFNTk z{qzN!W8s|BGPS?Fc6s}-!MpM5I}Z66_XJ^lQUo1`0QBVojQ_9ciR$v8b~OvU<-p zv14WmHPkBoyx}rDtbX4DQM=!}XptRYRAnNI%h%_bVy_^jU*ss)c)B5>nL#}`W~Pw) zIX8Tcm9|W8H>Pk0)L~*eke&;T9_4k^0+8Qttsg3 zWd5>#cjK8Wj1U*%x-I2^RF7CPE0YkgKDAaH)0JG9*4H>iHrjKTO#;l zGXX?5DfkX#kKid>>C$vZC{zw7w8o0%LE_PD&Z^xerpUqomA}&PT`4d=G-o&dv@OL+ zDo-32o-je#5l31pI&ye>v$N3?Wm#+-VLROXsS;3<)6wy=488G?kzS+jx2YQiO+AZZ z0PjI21EJ37@W>0D`q;9`eNAw_Sflr;XUwzsyU|wKb(t>~3P1l6I5~VbP)h;$1?B2& zZgy*~YwQhu+(o{~Jy2DTr`+4O<o=iq-(NB0?B=MyO%89=DBf4OhO{%E%`y%^*47eIiCbCVlgy4G|tupczI9iF->e&pNjceT86Ic z@G@@1x|-;6O6S1sq@99ZJs^|PFp-}*qdCAnX^(s@2O{CN z`xeeCulu&*{b8)_gY_M4lHc*$@Xeh=YW$>R$vo#(XwqISw5C7p z4fZK9mw!rtT*3uATlE@@wL<@;iU0@~ocqdd`_%(R!X}X$_n3GY*vyst2JhB6Y&_H0 zOSmj&(WSI~wdtnIXF)4Q>BWcF?qXa-l)f0RB9aVq+oxWno|U||yu5^$H*28cDG%7S z>fM$fb6ob_uf{Z3$}U^1OMOb;T>h>*MLtC8*_U17YZx^zBM>vTpKcH+SYyGSI-QW8us=YpjsCZGnqcyyc2%KmUIFu~%r+f5f_wL7 zEA;h0TzTAG3?PK=vCFx^Q7ZH2O0QQNMl2vt;l)^&V|{r|x0r#l#CH1dFNV4Q{)>xL z$zN9y2>_yH_b$c!;^4Zv*uX%5VE2}lL0ssAzaR0!uKu~ACb6+%*6j!ung2G0r$vy7Ja?4yI&oXIuSrSHDs2%YPwfO=Q~9R+>>yuMf$HnT>e-} z56}y{3@+hE|C$}(W6ew89*+GQ_RBVQbvU;S)B!4EOb6#b5)J>4f!VzS?y*|4zx=)c zieMPD^1&W8ADYf9?l>W#2kyKbEq}a6$-e^y0&ZjW8|(-!7h$<)@wb(AZ`Keq z|2>e1`SYbq{El}yx^LFRBC_Us`q?TeVJW}U{~j0r-u!K;!TGNhr920p+8S9VHn*SQ zlWux=XLM_j!9U9PS_bncG7Dzt;Cq&GEi*=7@;#?X`tENVWW4wN(I2lrspA)O5|Qnr z8}Gie5(ebN)l2j~D;H_0=cyLPOBnwwzC4H-ty`>k_%Vg^@pZLU`|EdV_P;UPdAHd) zY5GujpDq59+Bcg0({j$*v$N}LE#gbTD|ikh@$2~ATM{ml?piwN^qp~IIWArX;yW&g zrYW39IMA-;X0+nIs{pgN>R-sUi-76hd2?zvW!b$*z5w0=@lMoI$uHgsK zZKMcyJiFd6ciTn7D-ZQKD^u=>63iUT5yzaXsY48OE!ZXg$4DqGuY+-|I7Q^%a_>@P z_wsvPeNDI+w&toPvyh)02WJ;Y<|d7cR+Ln0y9dte%u~H~TLBrP!K0CpQWlzN$5kSE zCQ#op!rl{YZJhXNPnUAzXJk-W#xp=&#vKhX(4-d7^F{LjmdbTr{CMA)skqCyf~--g zazmP56>iUK665=d??W0w0t{~?99bi?Juk1Q1H*ruiMGv_hc2Z;$bgE$$tp%@)@iq< zcYE@*_nf#Xk6xB1cz4j%WT-?IZ659kws+g})*P%yr|AdTP4d7CLwXUBeU)R#eCI@U zT7#k*tAt0YV@GhUoATpN1AC4p%AKUn3p2RZPOEoMaqU?7J4jZ?h+^+X%^H#a#i_I7 z|HHo;{vvmOOOHoKJJ0+VxDN6D=mK%I*|<^9UmZC*EWg&YW_q!f=Q|4?&N`b|DVu_= z%KZJ(-5#RBRJ{lX57+3EiltOQNhRBZqq=DQwJ)xAdPm2tFTr2s6_;m4e@Q`FT#Q}L zthnii$P4IFa0@K^tdED8xxD7O1(w{bCfJDq*@e)i!rE^4qDb6`axbgT4KdjF`IE}j z0Q%;8r^W$ctD5Tab=&;K?foXyV$}5tgS2t*^++KKYbVB(*(W+DG)e&p&ArsxuO{Gt z{MfTc0!_l_Tr@CDORSMZx$U50V?VoerIqI3v%pvF0%c^ntgqA6IVQ?e79%AVKy7PX=aMX| zU3l$eo0bvhVjTMCiXC_BOA|f4L)7iowZgSMS$%e#nn>(y^rVTMHQ89IhJ2ZLOfF*< z)q=@)tN<_P?L~?@6QBa@49N?)ipFu-XFIHqDF#2Jqbby^iUHcjYTv&v_ozv;$*bWm z1-}+>lvst=0Ca(cBgply@r4roORhJtVvUbXwCP028*BZ(Gu@*kO%EHl@R65Q zNLPao+U;XKU(AtM>o{0(0d!nsvKgiu$^x{MGk#1BmwrFtF85vMXsv1b`h|b~1mZRE zvZYq#8~IW-4j?pEXkG%ae@`lRd=8V3v2)ZZfT~kNo8>!BGIF#)VTu7zAcKhp%DhUJ zO|BV^9Apsp&Ms0ojd9^4G!!*P?nW}nzRvirUTVJA$CD*mobnw{N~cs>_LmX^EIJNu zPSkFU9Equ${46!!`IG(DTq5YW3M@|*#7;~SZ<%iN00kk?7PiQW3&alMuc?XwXjh`# zao2|b7G04{*T(@EdHqkl4yGU8-s4)K%a*bAOa@f=SEMnifR?}c>(Dv~Hro{H z7@%{A>IMY`*}*)KHNA_MQS4hlqQ*0JvwWYXI!zrDH2QMM;+xI8DiIbehw&V%9C%dS zf$^SrUm>yT`_YZJM{O#{ug_v{i?5Wvjc=GOFKs22bk(ZT=7qzKDB3r^S=U8yyfGMf#&2fA6o)C*dSWevhmMy z#NnxQDtXVq4F~ZzZro@GIv~@s7!kPcS|`amBZ9gU~90Ucs#fDXA^ z!CWl2uJ}iIzH5eer2TFah+1&1-+5}1`t$T-tCQXy0SeUgU26FK;F^V zi?F=lt=Kjir}h+!Tm0cLo{QeJ{+`8@gl1e=O+4RtN3Qi+=i`mZ+|CJ)qr;P2rg@$e zK91I&SMC=wH#PYqCXOhrZ8g~5qG5k9Ctvm?mQgHg{s(c)lj1l)l+erwgJ(Iz&}jYN zL_goOh+mD%`d_sE$x6S7z;M-5&pU5IMEPkt4FF*}fj66>!5vw7{q}Ov=~fGVuOZHjq63f)^@=>+hfgAOJ+?n97ix?&0x6=pyH7Y3Xk_CJFv%a#$Pno2qPIEq3$O6-vXrhojF!m8#AKsg|3s>5g%jLDjr9(b3!JLNaTT~=j=|udcKX)rTk^|xa zC9P0na9BlK-VjrEOyE#(LIEiQ26)+oD74a^%L&))FP>llP*+fL9k-$CiasI`GcLF- z1&sb2D>DuU3VVLCb*-!n!F!KUs4k%WjTWlbVRg=pf`sH1K*=gqCk9v*c9zJ!rKJSx zN@8+=pcM^pL!<)n$SiCYcKZY#d72JgYX{Qn7NCNi;hU2euK|#3^1jW6G zoN@%HBl0_aEqDF+nNJxc5Wg!!JrD@g313U?5;Kjo>G7#<8;+KQ&OM0A9848ENUKX0 zK#q&EH_!6=aP)0kk`82)dcFXQ<)IquejXq{#Z+c~n(j(d(3kzmmiEzHPLv9~W2FCnqb{Tk#Cw&DTA%vZHfP zM6p3(lSw&VoRB8l6OGj!x1DcFo)h0~1)jB{DCZ|mRt=pJMtk}-p7wrIW$A8M`Ag*S zPGdWe!pj6F5Izg@ z*!>E0QWZPz+S!K&C^%U_hWX$Wcxy6&4jWEEx#v6w9iWBHE`+z^EFMBBmcsA3ZhJhR zmtRyWM1Y_L1a_<-+)vJFH3eEVgDSBn00jjEkZ&d&$*%|}QfB>4(Q_HKm-FnCV`xL5 z4f*@epJ0HtP-xtjTp3Yi^ueU?ZjQFg>}P^3#Vvbr8V{@feCAP94$yyCv8Zl?o0MPxq5mf|l1e0?J(0_P zkNN_NIgbZ9MJO|F9up%VsS@ICoR3EIyB;E)`LhoZ2BDc_u^srt+Ax?w^11Mgv;lIq zf$<@mBbt986c<;<7^TXj=|F z8M{CLA{qsYi~vwzzO;+ceq>0JPq}B!Wv7D{Vbn9ze@vV_AaOzpUkSUs{ZkvcOuKLFfB6L%Wi(Gp7&sCYcBq8CshgU8E^y8wdN!kqvU_O|{s5x{38kM!|bXzH}} zBh^q7DHCL!6bT<{ZqEldnt@6tO7sIg1zdLw)RqEuJhopiV+`Xc@dp>rL?X9VI zorO0zl-#y%{}c0E^Ywdr&Pu2upR%zE^NJi03><~_e-L#;0PG9)7m7t%HG6nvUGlBJ ze~)$FrCo_U{&Y@@IHrmpnT01bu<5@;b{JneZFkB5=^+<`KmLG{#&^z(65eaRC$xY4 zj)r~9DUrzss*Dex?d!1x6X)i8+2xzqQty$FteJw$HG}Ry7uCH2(EKaDZYRY^&Id1k zEn#_k>31)0uIC2#!snd4Gb3x<`S&h471%MM>n|8>)O2oK~EePtIBORbka{VhsrdP(6dJRBK zUife%y}TNmUVg|35Z1}g&I~cn-`K(VI2V|FfwYyBsHiA9p0MmPq6L)E{`&Q65V~n< zT!hVmN6!7M3C*r)RgIn?)DH=rVkBj^`bIaQ6Qk!YP7wos|MH%6j8xO4RmX|~cl+6J=&K>EQ3w4e8*j-?(zc_W;3kdKjvhov-br-><3CrM+lUVVrVYV4pB?ElX5 zeTiLkfkuP4+w?HhvCjz2ExiWGrv?}&({Rzxchifw7>0w&WNuIJ(!Ah6t~gOzirhWS4G+N^DAa{Q*3PP-Q}}Z zHCQ{AEQu75zGLA%u)uqKG-2ZEutn*vU!DS0bYEyo$(BCjv69~y^-$}g(;e%5?9ToA zc!np#D7@q6W?pU~OKoG$>6My_mJA-RN(#13(d6D}awK_2I*Z z!oOtbnnX<6M&WM( zqJbkEBK>}xx%9Y+ZLnHVBtbpv41d*oQiR-1FxlgntFA%(s~NM~RDzxPX0lR=@KHCO z|NK8Y2;GcF$w1RoC!P0=--Q=+K*4LiWe@r{uTLbx;t)M>ptFKpqQ$#G2pDEU{);?n z^vrrwZpI-GaxF|ipPj|OB>eSbrGw{;BM8-r=&V|`EG5v3Xu|vHlZ{j;rSF4o(2$TK z%~$CWmTO9%zJxwEATY9M@l0;wvfivOiyf#35jT0KxWZVBk5cR#mk&MScN3S-R$g;D zL&vB2lq&*@HtPkXh|FRn3=BRg=P4^b-N&agmyV(7gq^(+Q&Lho&&O}z?gBZ-w=lH4 zDR!$9F$Y>UC@d_7%3sIEIeO2^KhY#m=dS@^-%?dT`nG!Kk(F@{sH0!v@9oqL(BrwxGye(4}4u^6*vz(?U zvucuE=Peu;apUPzh3L|8l-G~;XrfxUJs+Sgj|?G2XnOs&@dMK5m7)a> z$L2SYHj|~S0pTS1*oJ#2qn(JViYO_wRqu5txyr)*k4q38`>gW%1GAEkx#C}mY5N3r zIpUCu80xk3ikQ?W2ecE}+uTUfqE0>n$h_NHP~)1bf(|ja5*W&5Ws>>HOl6V0qT=SN zFQm#%m<`y(ItX~jYaKOd;Hb?y3H}5=wQQM$G-NMTPk-)eh)XE{$`5}uwW zyJ$GAk5RGZsey{LxmUMtXHAKmRZY9XYJg0S%tXF+2KK%uDq(As$BnNS6vAXdv-^ng z+qnHwXB6h~+jyh8y_FF)?52~%I*Fd8ly})(zr;eODy2bQ3=M9)3)z;Bf4qEWY)~t| zt}*EZqd#NUbcXq6%D>Oj*H&TjmHfneRF2e@090EkkiffJsp- zOMO*6w_EI#&8efF$mV8N5>^WA|w$m%MJK@KWzoHjlbYf5;7@jl}=WsHn+0jE#p{hQ7DO!?O{7)d_84o9DoJL3Pc z)HRhDGJrLn7M&^M-msjkgktFh-1QKm7p!m?hgiiGy32s`5p=H3rBfdIq!17mWwtlx zP~ig?PX@kKAH3)VSZQhH1Rc=pHad{JS}g$AOZ_b&Q_(W}gm+n#TuMQ>a)TB7!WbP> zQ>t&;eP+o`Ds!SSlYCz~d)JkpMM~mrAqUpLV?Eo3TTc~WkxUgg4+8}&h7F^!FYjso z`pUFCJ~dS0k6m445Ba$fm!~oZbrKT}25ij2w@O=XqsV^`A4ip8;F!uONjmyfE>hUf zMQi2{ z#=R`*=oolWO(*g2pxz)mb_rWo`}=a2TqE!a6qnQhE49q52T*<`tz7XF$6fpu!t@6L5z!Q;a-E4yDkjdDQSdl;I`NPpr56 z*mXGxUJz_f)YAHh4Y|MBq$lGLS{D#AU~3rCWl&)h^1f^J_}H3))3UXIAyzrZiJ|0l z+7`vIGnD-d6irZFbhe4E5SAMaOad92y??z_gon_6-G1lWB-^Q9Y1*7;|?OG6C0 zr<7AQ5A?8o>TrmLp&$CoP=sE0yRa*COP8Z=wO}Kv+0lL;9nC$?rdw=NB9rjuU9ib9 z$T0tX+1!j1MG?x@|Cw2~bq0Z*6fbM>GI+Ew-!ET()yFF~LUKsOH$3?XI$vgYL z{(zmGUMRE7dYX&XM5yg{99!EESX&P6A{3BVWbHIL=~0(G zJ3HH`LSH=JgEX4hk`7@r|JkHI>dWDvVs*S#iHpN$>j`jL8LMCuy@qRm)7@##y%&f3 zbqPi<@+&|Dbr{u`S%jxzM10TbNf+Cfk!nTEGZlL_1eBJmFfj>5k85_Sh$&YR|Jgu* z-BMi$&X)QSaT32=`ytR!G@3#4PfwX(hT++J@nEde0(I=c4?P%W-qJj)kQ|T)EBpcI z=Pc3A6@2efcyL2#rW~7NUG@}*gyXx^S>l}8!?D*~DIVNyxFbVA3v17uI=6lN4d49@ zs5|Ss4*{cAChIZkM!tr4&uBNDx*$cTKdX9(3R^$0(OE#H(JqnJjk052h}p`DV@LQG z+B%gW3%k_^70Cv&TQ>}>6Ge54eW?P{8sJ-o>R+>V*l?-3OUfl~KDNHkKL5W`-0f<<1@AC+ z93OEx8?|QWk_reVyW2)+4op{Xx>?iedR|X3ZGld~3Ip@6_osSkn|i}_r)m-V3`ddr zI#J2td>a8~rN+WJ<70kJXbG%sD8(|Yjw~{ne$$s};3R=GQDHPwiPB(;E zZ2&=?1@{k^oMh)X41Vs0x;>zA2hAWVJcVhWPxc1=HE3t)x3i;3DvbHufy&(%7B^FP z+Bq__;(|4|5lx@<>0WQg(<5(Iv-i42-u&_;W)a9OA>Zx zB79lSeH%rj-XaOJg`}JaRk^cUQ%fui2Gi^KvMdJGV|i-j)yiiKc;DsRnAB%lk@BcSk3Z?@H`>N7jdkO()kMG)eO8hE%^wl*R@u8Q>})Z9Eox8S;-j!hmN z1k|0ieAG0G!&ALG6|i{QLUp%!dJL&+H2&nxn}N9F?aGQ>{`5A}eLf6Lr%8=U|B;H~ z`Q7-2AYB=MM&C9#L*K?^==x*wmFb~}r3V;XmH7GBzp23Oyq(oTp)tmW29ufDtcv&ZRCW!2jBOiL zgg5WD_qLCAN!vW#8rv#L=eieZ!GYsYoIXa2WAWa2 zT$@MJsgxfBleF?H)cNS)STTCN5#OQe=zqauGZqhTA%=4L-nsI*y0bt_Z|Ujl@79`5 zLm)R>Rp#lIA0M{6=U|zKn5pEoqcKs2%e}f&{ZihIxw4hM$;~WfRcOl>RA=3h&5pgp zFoxHL70d-oUmmVB!h0v5HQFt*?Au(l8JsD&ceoGHh2n^hH+VRV3fiP!I%FtqCT{e` ze$16ixW;qYD1CWvzou77u6}<(x&T57Kgx&_KSu&5!AliGm%r>kIGdo?Iax?v_V{X_ z(!Uq>FMIb*1xQD?xZm*n3p2d@(f8z>ER+(z_xZmO!G9c5A)poKJqJCfzahT=9uAOiI&dEYvW`kF>=KmSVe}4IfHgHdW(D?QL z;XeNb@#P4PZLZS4d9#hQ=&igwVufp1oggONYvJ)CS61WKv#mNmQlRerr3_Ib&gHLO z5C$~sUOqA}xpVnnDG7M52V~tzX5jnZ=%bGy0Zd04_>6>|9eeu2mw<^ps;%X|5_%XOpe;6a_@hG zv)3?$2mq6~pBHIOtGZ*FkYH}y(O1FQkDt6UsCVxu=dR`jl+Bs7;cpKh@9kU5>t5BruGoU z6?42|F`wm9n~kgvb%VUU%QW+lhZ@2gS}z{fF+@R@t&qC(0-JpF3^$9uZPhi|bxC-Y z_EeoLH%KfjeawfJ{s;@nL_~~~dbJ6`?5yW-5oJc;2dLtYCF0)4WmS@@mQs<~@&z_1 zrb)-3yO6Zvf`+;eIfR?_W3swOzut13o{lQ#o{n+sbT@r7*gihBnkLg94aVZJ(4MT4 z1=Ty3)N|^W{pKrHUa#Kp-jz6FW9!*Bq%ilEiHYb<&!r!EY)PT7SQu zh#0%`7JAPa!{grzc=5my{(`=JQ?X4;YNn^1NITfWhne;vJIt;fjDW(vThJ}Kr_S0+ zy-CMaQZEPhH`aFM3RM<+n4Bb$RUFleNbP&H`0%|(|2BiJ_Uz*%nihfSB|jXr5s}SG zfv49*RS~N|RcyCTjoN*Vb?5wbejDZZyYHzANkHGWk;4(61=gb^rlFM2(}fpDak@IA z9rd*Z7yYf4rFKbLGqtvD;y6;1>-T1f;xbM>_TF2*B+(HKGZocq+JIq@vNv!%??D)E z58)bQVaubLJ-#NAswul^>na{(K8X%EjgdY*G>Mzei1{rZ*x~tL)SO`X3l9xX8^o}-2rV@trc{N` z|Dnl(hWEHjW8NN}Ua>2}mJ$AKW=s!r5X45ihd9)i*NaMsRxd6}f9m3T?w!D>!>a60 zLe=Pcv+M;YzY-?%NT*nB3M0du!5oN3%ckYP6yE1rUqm?MRe)Q^BBYTG*}5g$*CsXL zC^=_N1R`gkt93m5uN~%}JuLP0EyC)LxdmZ|VY=ax4humdx@Cyeso`>m0P~Mc*2C8% zoC>wem`k~iiZw09pJeI%TJXEx^}M`AxJD}QM=APLGnzS)(Pg`;LrQ6F`Z?o+mQt#M z!s(bb3|w}DXk0ZzfuRRc&&%6`e7<-KG#S^1Vapzv2L!Q^PIQ(E);EiPXhJZ(qOH=^ zlABl|&=hl&q~obFT#cjgh3{O+J6*M4EZLdR-l>(-pW;1voHQA%{y)vxzegD|4CfLe zj7Iv?;*AQ&s81(V4^(ZN)MWa;ZT0LW9GV=Fm&n{PC#pUyRd;pXq<2Hk8paMv+-)WRs{y)rm`2Ve0ZAXm~aYO;Kp1^<5^``KfzL zK=~bu7$H647YF*pFWK*^EpNjYo0wSdYDL5T_ks1o1|u#dG({+~f zcjry;Dl=Q>Dl;9ywAF8t+z}LMm3CpU;^490pi+fJCaOWA%ULiP*qKO&_H zZ#;|IOWKR#nWh=hTR6RGejIbToA$pv2SFjCTT*gza(&O+PfatkvZTz+@_x4&-^EyH z46Fy6suRaB+>6pNr!KzPRXCjo9QJFAb{rBBXc8g4B zr`(zI_R{OWy_?>DeYVdxXQu4tROAbO1WxETE?J_|+0`}aLcl+J)jPrw^T2`Si<#{UsYG2S-f&aNt49|9@)?D$9VQ9^Zs-Xw7>vgZcXR zy7@nz@@-7;J>9l6WiMZTYNP_N()}#9JD>24w9x*F6N)5u}EY2T}#lOA>A+;Jn9 zV`pz_+1|UW@ziAUlE1F0OXFt?JLigS3VvFGt`SkTolpo!Xj^)!;L0DAP4mlr8-P6s zXv%^0jkCeW4)hgdy6+-D6l0-LA>{HSFUN(0BC5p>Y-0zGkd-1|Bh zfNj_v?6|$<06bL&I9VSsy}KFtR2g^?4sFUdN#9{cu^TlZ1}p%&Rb<8KqX*I2bu-w^ z1sNEaG(24#Lr{EjkoO(B9mq{+jR4Tfh$~MYCEzaa92DM!a5_0TsQ^0@A?E4UDEb#L z0ndVG{c^%G2Sr$iX}QQ9ji4nRz&$*kFE1^9`r+Z>BH#%}haMfQM0THp8Pm6>U>BE` z-_ZyDsi7>fVPIPB{a{LyblC>6I~~BZ4ZLluNqYI~R~zGzZ2H&FBzEURT*)u{chh2# z7w9lB&1CV@-0|>lU~+yg@N$lmQzVhXRV0cLXyL5yu^IkTgi&U7jibPJy4{mEzV}_S zcAAU~?uG@2h!i8+DP5E4lZ27iP@snQgEzpgLSb1<`Z?Tvjz%YCU@E;3689}KC3 z)418W;lZ(+g>x